俄罗斯APT组织OST工具技战术情报 | CTF导航
Tags
country: Israel Russia Ukraine
maec-delivery-vectors: Watering Hole
attack-pattern: Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Web Shell - T1505.003 Tool - T1588.002 Rootkit - T1014 Web Shell - T1100 Rootkit
Show in Graph
Common Information
Type Value
UUID f83acc6d-915e-4627-a6a3-7c6fa9c6fda1
Fingerprint dacf0bcad2953ac0
Analysis status DONE
Considered CTI value -2
Text language
Published Nov. 5, 2024, midnight
Added to db Nov. 5, 2024, 10:49 a.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline 俄罗斯APT组织OST工具技战术情报
Title 俄罗斯APT组织OST工具技战术情报 | CTF导航
Detected Hints/Tags/Attributes 112/3/66
Source URLs
Redirection Url
Details Source https://www.ctfiot.com/213741.html
URL Provider
Details Provider Source level domain
Details ctfiot.com www.ctfiot.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 476 APT – CTF导航 https://www.ctfiot.com/apt/feed 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CERT Ukraine 6 
UAC-0020
Details CERT Ukraine 40 
UAC-0050
Details Domain 469 
www.cisa.gov
Details Domain 65 
www.cert.ssi.gouv.fr
Details Domain 83 
cert.gov.ua
Details Domain 604 
www.trendmicro.com
Details Domain 11 
services.google.com
Details Domain 261 
blog.talosintelligence.com
Details Domain 47 
go.recordedfuture.com
Details Domain 50 
cloud.google.com
Details Domain 172 
www.crowdstrike.com
Details Domain 14 
ssu.gov.ua
Details Domain 262 
www.welivesecurity.com
Details Domain 5 
web-assets.esetstatic.com
Details Domain 98 
www.secureworks.com
Details Domain 224 
unit42.paloaltonetworks.com
Details Domain 403 
securelist.com
Details Domain 72 
symantec-enterprise-blogs.security.com
Details File 141 
www.cer
Details File 6 
router-roulette.html
Details File 2 
apt44-unearthing-sandworm.pdf
Details File 3 
cta-2023-0127.pdf
Details File 2 
armagedon.pdf
Details File 2 
csa_gru_global_brute_force_campaign_uoo158036-21.pdf
Details File 5 
eset_turla_comrat.pdf
Details File 3 
eset-turla-outlook-backdoor.pdf
Details File 3 
apt28-targets-hospitality-sector.html
Details IBM X-Force - Threat Group Enumeration 12 
ITG05
Details Mandiant Uncategorized Groups 20 
UNC3524
Details Threat Actor Identifier - APT 20 
APT44
Details Threat Actor Identifier - APT 783 
APT28
Details Url 2 
https://www.welivesecurity.com/en/eset-research/cyberespionage-gamaredon-way-analysis-toolset-used-spy-ukraine-2022-2023
Details Url 4 
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-249a
Details Url 2 
https://citizenlab.ca/2024/08/sophisticated-phishing-targets-russias-perceived-enemies-around-the-globe
Details Url 1 
https://www.cert.ssi.gouv.fr/cti/certfr-2024-cti-006
Details Url 1 
https://cert.gov.ua/article/6279600
Details Url 5 
https://www.trendmicro.com/en_us/research/24/e/router-roulette.html
Details Url 2 
https://cert.gov.ua/article/6278706
Details Url 2 
https://services.google.com/fh/files/misc/apt44-unearthing-sandworm.pdf
Details Url 4 
https://blog.talosintelligence.com/tinyturla-full-kill-chain
Details Url 1 
https://cert.gov.ua/article/6277285
Details Url 5 
https://cert.gov.ua/article/6276894
Details Url 4 
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-347a
Details Url 1 
https://securityintelligence.com/x-force/itg05-ops-leverage-israel-hamas-conflict-lures-to-deliver-headlace-malware
Details Url 3 
https://go.recordedfuture.com/hubfs/reports/cta-2023-0127.pdf
Details Url 1 
https://cloud.google.com/blog/topics/threat-intelligence/unc3524-eye-spy-email
Details Url 2 
https://www.crowdstrike.com/blog/observations-from-the-stellarparticle-campaign
Details Url 2 
https://ssu.gov.ua/uploads/files/dkib/technical
Details Url 1 
https://www.microsoft.com/en-us/security/blog/2021/10/25/nobelium-targeting-delegated-administrative-privileges-to-facilitate-broader-attacks
Details Url 1 
https://media.defense.gov/2021/jul/01/2002753896/-1/-1/1/csa_gru_global_brute_force_campaign_uoo158036-21.pdf
Details Url 2 
https://www.microsoft.com/en-us/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium
Details Url 1 
https://www.microsoft.com/en-us/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect
Details Url 2 
https://www.welivesecurity.com/2020/12/02/turla-crutch-keeping-back-door-open
Details Url 1 
https://www.microsoft.com/en-us/security/blog/2020/09/10/strontium-detecting-new-patters-credential-harvesting
Details Url 1 
https://web-assets.esetstatic.com/wls/2020/05/eset_turla_comrat.pdf
Details Url 3 
https://www.secureworks.com/research/resurgent-iron-liberty-targeting-energy-sector
Details Url 1 
https://symantec-enterprise-blogs.security.com/threat-intelligence/waterbug-espionage-governments
Details Url 1 
https://web-assets.esetstatic.com/wls/2018/08/eset-turla-outlook-backdoor.pdf
Details Url 1 
https://unit42.paloaltonetworks.com/unit42-sofacy-groups-parallel-attacks
Details Url 3 
https://www.welivesecurity.com/2018/05/22/turla-mosquito-shift-towards-generic-tools
Details Url 4 
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-108
Details Url 1 
https://www.cisa.gov/news-events/alerts/2018/03/15/russian-government-cyber-activity-targeting-energy-and-other-critical-infrastructure-sectors
Details Url 1 
https://symantec-enterprise-blogs.security.com/threat-intelligence/dragonfly-energy-sector-cyber-attacks
Details Url 1 
https://web.archive.org/web/20170811181009/https://www.fireeye.com/blog/threat-research/2017/08/apt28-targets-hospitality-sector.html
Details Url 1 
https://securelist.com/sofacy-apt-hits-high-profile-targets-with-updated-toolset/72924
Details Url 1 
https://cloud.google.com/blog/topics/threat-intelligence/probable-apt28-useo