ioc[.]one - OSINT Cyber Threat Intelligence Database

Operation Spalax: Targeted malware attacks in Colombia | WeLiveSecurity

Tags

cmtmf-attack-pattern:	Command And Scripting Interpreter Masquerading Obfuscated Files Or Information Process Injection Scheduled Task/Job System Network Connections Discovery
country:	Colombia Spain
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Abuse Elevation Control Mechanism - T1626 Abuse Elevation Control Mechanism - T1548 Software Discovery - T1418 Audio Capture - T1429 Boot Or Logon Initialization Scripts - T1398 Bypass User Account Control - T1548.002 Clipboard Data - T1414 Command And Scripting Interpreter - T1623 Credentials From Password Stores - T1555 Credentials From Web Browsers - T1555.003 Credentials From Web Browsers - T1503 Data From Local System - T1533 Disable Or Modify Tools - T1562.001 Disable Or Modify Tools - T1629.003 Dns - T1071.004 Dns - T1590.002 Dynamic Dns - T1311 Dynamic Dns - T1333 Encrypted Channel - T1521 Encrypted Channel - T1573 Exfiltration Over C2 Channel - T1646 Replication Through Removable Media - T1458 File And Directory Discovery - T1420 File Deletion - T1070.004 File Deletion - T1630.002 Impair Defenses - T1562 Impair Defenses - T1629 Indicator Removal On Host - T1630 Input Capture - T1417 Ip Addresses - T1590.005 Keylogging - T1056.001 Keylogging - T1417.001 System Network Configuration Discovery - T1422 System Network Connections Discovery - T1421 Malicious File - T1204.002 Malicious Link - T1204.001 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Obfuscated Files Or Information - T1406 Process Discovery - T1424 System Information Discovery - T1426 Msbuild - T1127.001 Native Api - T1575 Non-Standard Port - T1509 Non-Standard Port - T1571 Phishing - T1660 Phishing - T1566 Portable Executable Injection - T1055.002 Process Injection - T1631 Registry Run Keys / Startup Folder - T1547.001 Remote Desktop Protocol - T1021.001 Rundll32 - T1218.011 Scheduled Task - T1053.005 Scheduled Task/Job - T1603 Screen Capture - T1513 Security Software Discovery - T1418.001 Security Software Discovery - T1518.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Software Discovery - T1518 Software Packing - T1027.002 Software Packing - T1406.002 Spearphishing Attachment - T1566.001 Spearphishing Attachment - T1598.002 Spearphishing Link - T1566.002 Spearphishing Link - T1598.003 Standard Encoding - T1132.001 Steganography - T1001.002 Steganography - T1406.001 Steganography - T1027.003 Symmetric Cryptography - T1521.001 Symmetric Cryptography - T1573.001 System Checks - T1633.001 System Checks - T1497.001 Windows Command Shell - T1059.003 Visual Basic - T1059.005 Virtualization/Sandbox Evasion - T1497 Video Capture - T1512 Tool - T1588.002 Virtualization/Sandbox Evasion - T1633 Application Window Discovery - T1010 Audio Capture - T1123 Logon Scripts - T1037 Clipboard Data - T1115 Command-Line Interface - T1059 Data Encoding - T1132 Data From Local System - T1005 Deobfuscate/Decode Files Or Information - T1140 Execution Through Api - T1106 Exfiltration Over Command And Control Channel - T1041 File And Directory Discovery - T1083 File Deletion - T1107 Indicator Removal On Host - T1070 Input Capture - T1056 Masquerading - T1036 Modify Registry - T1112 Standard Non-Application Layer Protocol - T1095 Obfuscated Files Or Information - T1027 Peripheral Device Discovery - T1120 Process Discovery - T1057 Process Injection - T1055 Query Registry - T1012 Registry Run Keys / Start Folder - T1060 Remote Desktop Protocol - T1076 Remote Services - T1021 Remote System Discovery - T1018 Replication Through Removable Media - T1091 Rundll32 - T1085 Scheduled Task - T1053 Screen Capture - T1113 Security Software Discovery - T1063 Software Packing - T1045 Spearphishing Attachment - T1193 Spearphishing Link - T1192 System Information Discovery - T1082 System Network Configuration Discovery - T1016 System Network Connections Discovery - T1049 System Owner/User Discovery - T1033 System Service Discovery - T1007 Video Capture - T1125 User Execution - T1204 Indicator Removal On Host Masquerading Remote System Discovery Replication Through Removable Media Screen Capture Spearphishing Attachment User Execution

Show in Graph

Common Information

Type	Value
UUID	f3868be6-48d1-4508-a6b4-1565921ac640
Fingerprint	ac2009d9a50186c8
Analysis status	DONE
Considered CTI value	2
Text language
Published	Jan. 12, 2021, 11:30 a.m.
Added to db	Sept. 11, 2022, 12:44 p.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Operation Spalax: Targeted malware attacks in Colombia
Title	Operation Spalax: Targeted malware attacks in Colombia \| WeLiveSecurity
Detected Hints/Tags/Attributes	198/4/70

Source URLs

	Redirection	Url
Details	Source	https://www.welivesecurity.com/2021/01/12/operation-spalax-targeted-malware-attacks-colombia/

URL Provider

Details	Provider	Source level domain
Details	welivesecurity.com	www.welivesecurity.com

Attributes

Details	Type	#Events	Value
Details	Domain	6	linkpc.net
Details	Domain	4	publicvm.com
Details	Domain	1	simit.org.co
Details	Domain	1	julian.linkpc.net
Details	Domain	1	bogota.gov.co
Details	Domain	1	marzoorganigrama20202020.duckdns.org
Details	Domain	1	ruthy.qdp6fj1uji.xyz
Details	Domain	1	dominoduck2098.duckdns.org
Details	Domain	114	eset.com
Details	Email	1	notificacionesmultas@simit.org.co
Details	Email	69	threatintel@eset.com
Details	File	1	simitcomparendoenlineasimitnumeroreferenciacomparendo2475569.uue
Details	File	2	shooncataclysm.dll
Details	File	1018	rundll32.exe
Details	File	1	aadauthhelper.exe
Details	File	103	regasm.exe
Details	File	149	msbuild.exe
Details	sha1	1	6e81343018136b271d1f95db536ca6b2fd1dfcd6
Details	sha1	1	7edb738018e0e91c257a6fc94bdba50daf899f90
Details	sha1	1	812a407516f9712c80b70a14d6cdf282c88938c1
Details	sha1	1	3ac39b5944019244e7e33999a2816304558fb1e8
Details	sha1	1	6758741212f7aa2b77c42b2a2de377d97154f860
Details	IPv4	1	128.90.108.177
Details	MITRE ATT&CK Techniques	310	T1566.001
Details	MITRE ATT&CK Techniques	183	T1566.002
Details	MITRE ATT&CK Techniques	137	T1059.005
Details	MITRE ATT&CK Techniques	333	T1059.003
Details	MITRE ATT&CK Techniques	239	T1106
Details	MITRE ATT&CK Techniques	106	T1204.001
Details	MITRE ATT&CK Techniques	365	T1204.002
Details	MITRE ATT&CK Techniques	380	T1547.001
Details	MITRE ATT&CK Techniques	275	T1053.005
Details	MITRE ATT&CK Techniques	86	T1548.002
Details	MITRE ATT&CK Techniques	504	T1140
Details	MITRE ATT&CK Techniques	298	T1562.001
Details	MITRE ATT&CK Techniques	297	T1070.004
Details	MITRE ATT&CK Techniques	550	T1112
Details	MITRE ATT&CK Techniques	160	T1027.002
Details	MITRE ATT&CK Techniques	26	T1027.003
Details	MITRE ATT&CK Techniques	40	T1055.002
Details	MITRE ATT&CK Techniques	97	T1497.001
Details	MITRE ATT&CK Techniques	125	T1555.003
Details	MITRE ATT&CK Techniques	75	T1010
Details	MITRE ATT&CK Techniques	585	T1083
Details	MITRE ATT&CK Techniques	188	T1120
Details	MITRE ATT&CK Techniques	433	T1057
Details	MITRE ATT&CK Techniques	501	T1012
Details	MITRE ATT&CK Techniques	243	T1018
Details	MITRE ATT&CK Techniques	141	T1518.001
Details	MITRE ATT&CK Techniques	1006	T1082
Details	MITRE ATT&CK Techniques	245	T1016
Details	MITRE ATT&CK Techniques	119	T1049
Details	MITRE ATT&CK Techniques	230	T1033
Details	MITRE ATT&CK Techniques	100	T1007
Details	MITRE ATT&CK Techniques	160	T1021.001
Details	MITRE ATT&CK Techniques	55	T1091
Details	MITRE ATT&CK Techniques	23	T1123
Details	MITRE ATT&CK Techniques	82	T1115
Details	MITRE ATT&CK Techniques	534	T1005
Details	MITRE ATT&CK Techniques	118	T1056.001
Details	MITRE ATT&CK Techniques	219	T1113
Details	MITRE ATT&CK Techniques	32	T1125
Details	MITRE ATT&CK Techniques	99	T1132.001
Details	MITRE ATT&CK Techniques	130	T1573.001
Details	MITRE ATT&CK Techniques	159	T1095
Details	MITRE ATT&CK Techniques	115	T1571
Details	MITRE ATT&CK Techniques	422	T1041
Details	Threat Actor Identifier - APT-C	83	APT-C-36
Details	Url	1	http://www.mediafire.com/file/wbqg7dt604uwgza/simitcomparendoenlineasimitnumeroreferenciacomparendo2475569.uue/file.
Details	Url	1	https://bogota.gov.co