ioc[.]one - OSINT Cyber Threat Intelligence Database

Analysis of cyberattack on U.S. think tanks, non-profits, public sector by unidentified attackers - Microsoft Security Blog

Tags

country:	Canada Hong Kong India United States Of America
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Domains - T1583.001 Domains - T1584.001 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Rundll32 - T1218.011 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Powershell - T1086 Rundll32 - T1085

Show in Graph

Common Information

Type	Value
UUID	f7a48f7b-4c5d-4d88-a8f5-674714f2c9be
Fingerprint	4522818e78ec61b
Analysis status	DONE
Considered CTI value	2
Text language
Published	Dec. 3, 2018, 8 a.m.
Added to db	Sept. 26, 2022, 9:32 a.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	Analysis of cyberattack on U.S. think tanks, non-profits, public sector by unidentified attackers
Title	Analysis of cyberattack on U.S. think tanks, non-profits, public sector by unidentified attackers - Microsoft Security Blog
Detected Hints/Tags/Attributes	73/3/17

Source URLs

	Redirection	Url
Details	Source	https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/analysis-of-cyberattack-on-u-s-think-tanks-non-profits-public-sector-by-unidentified-attackers/
Details	Source	https://www.microsoft.com/security/blog/2018/12/03/analysis-of-cyberattack-on-u-s-think-tanks-non-profits-public-sector-by-unidentified-attackers/

URL Provider

Details	Provider	Source level domain
Details	microsoft.com	www.microsoft.com
Details	microsoft.com	cloudblogs.microsoft.com

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	2		www.jmj.com
Details	Domain	2		ds7002.zip
Details	Domain	3		pandorasong.com
Details	File	3		ds7002.pdf
Details	File	2		ds7002.zip
Details	File	1		cyzfc.dat
Details	File	2		%appdata%\local\cyzfc.dat
Details	File	1018		rundll32.exe
Details	sha1	2		9858d5cb2a6614be3c48e33911bf9f7978b441bf
Details	sha1	1		cd92f19d3ad4ec50f6d19652af010fe07dca55e1
Details	sha1	1		e431261c63f94a174a1308defccc674dabbe3609
Details	sha1	1		8e928c550e5d44fb31ef8b6f3df2e914acd66873
Details	IPv4	2		95.216.59.92
Details	Threat Actor Identifier - APT	665		APT29
Details	Url	1		https://www.jmj.com/personal/nauerthn_state_gov/tuje7qjl
Details	Url	1		https://www.jmj.com/personal/nauerthn_state_gov/vfvkrtdrsm
Details	Url	2		https://www.jmj.com/personal/nauerthn_state_gov