ioc[.]one - OSINT Cyber Threat Intelligence Database

Winter Vivern: A Look At Re-Crafted Government MalDocs - DomainTools | Start Here. Know Now.

Tags

country:	Azerbaijan Cyprus Estonia India Italy Sweden Lithuania Ukraine
attack-pattern:	Data Domains - T1583.001 Domains - T1584.001 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Powershell - T1086 Scheduled Task - T1053

Show in Graph

Common Information

Type	Value
UUID	f7e67896-1120-4886-82f4-7e0ba3e27d45
Fingerprint	b2d020d30dd2c3c2
Analysis status	DONE
Considered CTI value	2
Text language
Published	April 27, 2021, midnight
Added to db	Sept. 26, 2022, 9:33 a.m.
Last updated	Sept. 3, 2024, 9:03 a.m.
Headline	Winter Vivern: A Look At Re-Crafted Government MalDocs Targeting Multiple Languages
Title	Winter Vivern: A Look At Re-Crafted Government MalDocs - DomainTools \| Start Here. Know Now.
Detected Hints/Tags/Attributes	48/2/30

Source URLs

	Redirection	Url
Details	Source	https://www.domaintools.com/resources/blog/winter-vivern-a-look-at-re-crafted-government-maldocs
Details	Source	https://www.domaintools.com/resources/blog/winter-vivern-a-look-at-re-crafted-government-maldocs/

URL Provider

Details	Provider	Source level domain
Details	domaintools.com	www.domaintools.com

Attributes

Details	Type	#Events	Value
Details	Domain	6	secure-daddy.com
Details	Domain	3	securemanag.com
Details	Domain	4	mail.gov.in
Details	Domain	1	www.sdsofficium.va
Details	Domain	3	hostinger.com
Details	Domain	2	centr-security.com
Details	Domain	4	mil.gov.ua
Details	Domain	1	securemanage.com
Details	File	2	vtas_kontaktai_2021_04_20.xls
Details	File	1	application-for-visas.xls
Details	File	1	comunicazione.xls
Details	File	1	κατάλογος.xls
Details	File	1	databases.xls
Details	File	1	statistics-donbas-07042021.xls
Details	File	2	κατάλογος_ns.xls
Details	File	1	application-for-visa.xls
Details	sha256	2	94f45ba55420961451afd1b70657375ec64b7697a515a37842478a5009694cfa
Details	sha256	2	2a176721b35543d7f4d9e3d24a7c50e0ea57d7eaa251c6b24985d5266a6a977a
Details	sha256	2	f84044bddbd3e05fac1319c988919492971553bb65dbf7b7988d66a8cd677eb8
Details	sha256	2	bd1efa4cf3f02cd8723c48deb5f69a432c22f359b93cab4f1d2a9f037a236eaa
Details	sha256	2	00f6291012646213a5aab81153490bb121bbf9c64bb62eb4ce582c3af88bccfd
Details	sha256	2	638bedcc00c1b1b8a25026b34c29cecc76c050aef56fa55f6e8878e6b951e473
Details	sha256	2	c34e98a31246f0903d4742dcf0a9890d5328ba8a1897fcf9cd803e104591ed5f
Details	IPv4	2	37.252.9.123
Details	IPv4	2	37.252.5.133
Details	Url	3	https://secure-daddy.com/wintervivern/server/serverhttprequest(run).txt
Details	Url	1	https://securemanag.com/data/public/uploads/2017/08/vtas_kontaktai_2021_04_20.xls
Details	Url	1	https://secure-daddy.com/mail.gov.in/iwc_static/c11n/alldomain/documents/mealib/list
Details	Url	1	https://secure-daddy.com/www.sdsofficium.va/portale/portalesdsext.nsf
Details	Url	1	https://centr-security.com/mil.gov.ua/documents/stat/statistics-donbas-07042021.xls