ioc[.]one - OSINT Cyber Threat Intelligence Database

Common TTPs of attacks against industrial organizations. Implants for uploading data | Kaspersky ICS CERT

Tags

cmtmf-attack-pattern:	Application Layer Protocol Command And Scripting Interpreter Process Injection Scheduled Task/Job
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Direct Application Layer Protocol - T1437 Cached Domain Credentials - T1003.005 Command And Scripting Interpreter - T1623 Create Or Modify System Process - T1543 Credentials - T1589.001 Data From Local System - T1533 Dll Side-Loading - T1574.002 Email Account - T1087.003 Encrypted Channel - T1521 Encrypted Channel - T1573 Exfiltration Over C2 Channel - T1646 File And Directory Discovery - T1420 Hijack Execution Flow - T1625 Hijack Execution Flow - T1574 Ip Addresses - T1590.005 System Network Configuration Discovery - T1422 Lsa Secrets - T1003.004 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Process Discovery - T1424 Msiexec - T1218.007 Native Api - T1575 Phishing - T1660 Phishing - T1566 Portable Executable Injection - T1055.002 Process Injection - T1631 Registry Run Keys / Startup Folder - T1547.001 Scheduled Task - T1053.005 Scheduled Task/Job - T1603 Server - T1583.004 Server - T1584.004 Software - T1592.002 Spearphishing Attachment - T1566.001 Spearphishing Attachment - T1598.002 Symmetric Cryptography - T1521.001 Symmetric Cryptography - T1573.001 System Checks - T1633.001 System Checks - T1497.001 Windows Command Shell - T1059.003 Web Protocols - T1071.001 Web Protocols - T1437.001 Time Based Evasion - T1497.003 Windows Service - T1543.003 Tool - T1588.002 Standard Application Layer Protocol - T1071 Command-Line Interface - T1059 Connection Proxy - T1090 Credential Dumping - T1003 Data From Local System - T1005 Deobfuscate/Decode Files Or Information - T1140 Dll Side-Loading - T1073 Execution Through Api - T1106 Exfiltration Over Command And Control Channel - T1041 File And Directory Discovery - T1083 Process Discovery - T1057 Process Injection - T1055 Registry Run Keys / Start Folder - T1060 Scheduled Task - T1053 Spearphishing Attachment - T1193 System Network Configuration Discovery - T1016 System Owner/User Discovery - T1033 User Execution - T1204 Spearphishing Attachment User Execution

Show in Graph

Common Information

Type	Value
UUID	f7160016-7a72-42f6-aef8-6b9e5d4bc9b3
Fingerprint	b4b83c592fed8fc1
Analysis status	DONE
Considered CTI value	2
Text language
Published	Aug. 10, 2023, 8 a.m.
Added to db	Oct. 24, 2023, 1:15 p.m.
Last updated	Nov. 17, 2024, 10:40 p.m.
Headline	Common TTPs of attacks against industrial organizations. Implants for uploading data
Title	Common TTPs of attacks against industrial organizations. Implants for uploading data \| Kaspersky ICS CERT
Detected Hints/Tags/Attributes	122/3/92

Source URLs

	Redirection	Url
Details	Source	https://ics-cert.kaspersky.com/publications/reports/2023/08/10/common-ttps-of-attacks-against-industrial-organizations-implants-for-uploading-data/

URL Provider

Details	Provider	Source level domain
Details	kaspersky.com	ics-cert.kaspersky.com

Attributes

Details	Type	#Events	Value
Details	Domain	338	kaspersky.com
Details	Domain	2	img.onl
Details	Domain	2	litterbox.catbox.moe
Details	Domain	3	imgbb.com
Details	Domain	71	transfer.sh
Details	Domain	2	share.schollz.com
Details	Domain	2	0x0.st
Details	Domain	2	tinyimg.io
Details	Domain	2	gifyu.com
Details	Domain	2	imgshare.io
Details	Domain	2	imgpile.com
Details	Domain	2	zippyimage.com
Details	Domain	2	extraimage.info
Details	Domain	2	upload.picpaste.me
Details	Domain	2	imgurupload.org
Details	Domain	2	sm.ms
Details	Domain	2	easycaptures.com
Details	Domain	5	smtp.yandex.ru
Details	Email	68	ics-cert@kaspersky.com
Details	File	269	msiexec.exe
Details	File	1	c:\windows\debug\out.txt
Details	File	27	out.txt
Details	File	1	libvlc.exe
Details	File	4	auditsvc.exe
Details	File	5	mylog.ini
Details	File	6	transfer.exe
Details	File	97	upload.php
Details	File	47	api.php
Details	File	2	upload_file_new.php
Details	File	4	111.log
Details	File	35	libcurl.dll
Details	File	3	c:\users\public\downloads\111.log
Details	File	3	crashreport.dll
Details	File	50	a.exe
Details	File	24	cl.exe
Details	File	2	cu.exe
Details	File	137	conhost.exe
Details	File	1	rar2.exe
Details	File	1	rar3.exe
Details	File	1	rar4.exe
Details	File	6	qclite.dll
Details	File	2126	cmd.exe
Details	File	1122	svchost.exe
Details	File	6	libssl.dll
Details	md5	1	1A1B8EFE8D72984C4744662D2D233C02
Details	md5	2	03C74722A8E6E5E7EA0A5ED0C9F23696
Details	md5	1	19BC4620FB5DA10192676F01C3DC71B3
Details	md5	1	EE8AFC6F3BB68F86A64FC6389F2EDC3F
Details	md5	2	F8553382DE7E1E349D8E91EDB7C57953
Details	md5	1	5137C61734E2096018CEE99149DAC009
Details	md5	1	5660CB556D856D081A3DCD497549F47A
Details	md5	1	976B59F170136B9C3C88BD9A8FC4CE4E
Details	md5	1	D6CC6A4AF4720DAF8EEE0835D6E5D374
Details	md5	2	5C3A88073824A1BCE4359A7B69ED0A8D
Details	md5	1	8BA9EE9FD6BD4B9304F7FB868CE975D8
Details	md5	1	971B0687C8281778B28721239801084E
Details	MITRE ATT&CK Techniques	310	T1566.001
Details	MITRE ATT&CK Techniques	365	T1204.002
Details	MITRE ATT&CK Techniques	333	T1059.003
Details	MITRE ATT&CK Techniques	239	T1106
Details	MITRE ATT&CK Techniques	275	T1053.005
Details	MITRE ATT&CK Techniques	380	T1547.001
Details	MITRE ATT&CK Techniques	180	T1543.003
Details	MITRE ATT&CK Techniques	40	T1055.002
Details	MITRE ATT&CK Techniques	97	T1497.001
Details	MITRE ATT&CK Techniques	57	T1497.003
Details	MITRE ATT&CK Techniques	227	T1574.002
Details	MITRE ATT&CK Techniques	585	T1083
Details	MITRE ATT&CK Techniques	245	T1016
Details	MITRE ATT&CK Techniques	230	T1033
Details	MITRE ATT&CK Techniques	433	T1057
Details	MITRE ATT&CK Techniques	442	T1071.001
Details	MITRE ATT&CK Techniques	130	T1573.001
Details	MITRE ATT&CK Techniques	16	T1003.004
Details	MITRE ATT&CK Techniques	534	T1005
Details	MITRE ATT&CK Techniques	422	T1041
Details	Url	2	https://img.onl/api/upload.php
Details	Url	1	https://litterbox.catbox.moe/resources/internals/api.php
Details	Url	2	https://imgbb.com
Details	Url	5	https://transfer.sh
Details	Url	2	https://share.schollz.com
Details	Url	2	https://0x0.st
Details	Url	2	https://tinyimg.io/upload
Details	Url	2	https://gifyu.com
Details	Url	2	https://imgshare.io
Details	Url	2	https://imgpile.com
Details	Url	2	https://zippyimage.com
Details	Url	2	https://extraimage.info
Details	Url	2	https://upload.picpaste.me
Details	Url	2	https://imgurupload.org
Details	Url	2	https://sm.ms/api/v2/upload
Details	Url	2	https://easycaptures.com/upload_file_new.php