Russia/Ukraine Update - September 2022
Tags
cmtmf-attack-pattern: Active Scanning Command And Scripting Interpreter Compromise Accounts Compromise Infrastructure Masquerading Network Denial Of Service Process Injection Scheduled Task/Job Trusted Relationship
country: Belarus China Estonia Germany Finland India Italy Kazakhstan Sweden Latvia Lithuania Poland Romania Russia Ukraine United States Of America
maec-delivery-vectors: Watering Hole
attack-pattern: Data Account Access Removal - T1640 Account Access Removal - T1531 Active Scanning - T1595 Software Discovery - T1418 Botnet - T1583.005 Botnet - T1584.005 Command And Scripting Interpreter - T1623 Compromise Accounts - T1586 Compromise Infrastructure - T1584 Credentials - T1589.001 Data Destruction - T1662 Data Destruction - T1485 Data Encrypted For Impact - T1471 Data Encrypted For Impact - T1486 Default Accounts - T1078.001 Digital Certificates - T1596.003 Digital Certificates - T1587.003 Digital Certificates - T1588.004 Direct Network Flood - T1498.001 Disable Or Modify Tools - T1562.001 Disable Or Modify Tools - T1629.003 Disable Windows Event Logging - T1562.002 Domain Accounts - T1078.002 Dynamic-Link Library Injection - T1055.001 Email Addresses - T1589.002 Escape To Host - T1611 Exfiltration Over C2 Channel - T1646 Exploitation Of Remote Services - T1428 Exploitation For Privilege Escalation - T1404 Exploitation For Client Execution - T1658 File And Directory Discovery - T1420 Impair Defenses - T1562 Impair Defenses - T1629 Impersonation - T1656 Ip Addresses - T1590.005 Network Denial Of Service - T1464 Lateral Tool Transfer - T1570 Malicious File - T1204.002 Malicious Link - T1204.001 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Mshta - T1218.005 Multi-Factor Authentication - T1556.006 Network Denial Of Service - T1498 Password Guessing - T1110.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Process Injection - T1631 Scheduled Task/Job - T1603 Search Open Websites/Domains - T1593 Server - T1583.004 Server - T1584.004 Service Stop - T1489 Sharepoint - T1213.002 Social Media - T1593.001 Software - T1592.002 Software Discovery - T1518 Trusted Developer Utilities Proxy Execution - T1127 Virtualization/Sandbox Evasion - T1497 Vulnerabilities - T1588.006 Vulnerability Scanning - T1595.002 Virtualization/Sandbox Evasion - T1633 Account Manipulation - T1098 Brute Force - T1110 Command-Line Interface - T1059 Connection Proxy - T1090 Credential Dumping - T1003 Data From Information Repositories - T1213 Email Collection - T1114 Exfiltration Over Command And Control Channel - T1041 Exploit Public-Facing Application - T1190 Exploitation For Client Execution - T1203 Exploitation For Credential Access - T1212 Exploitation For Privilege Escalation - T1068 Exploitation Of Remote Services - T1210 External Remote Services - T1133 File And Directory Discovery - T1083 Masquerading - T1036 Mshta - T1170 Network Share Discovery - T1135 Peripheral Device Discovery - T1120 Powershell - T1086 Process Injection - T1055 Scheduled Task - T1053 Third-Party Software - T1072 Valid Accounts - T1078 Trusted Relationship - T1199 User Execution - T1204 Data Destruction Data From Information Repositories Exploitation Of Remote Services External Remote Services Masquerading Service Stop Valid Accounts User Execution
Show in Graph
Common Information
Type Value
UUID f8560493-0318-482d-986d-08841ca6d18f
Fingerprint a614a9911201f480
Analysis status IN_PROGRESS
Considered CTI value 2
Text language
Published Sept. 29, 2022, midnight
Added to db Nov. 6, 2023, 7:34 p.m.
Last updated Nov. 17, 2024, 6:56 p.m.
Headline Russia/Ukraine Update - September 2022
Title Russia/Ukraine Update - September 2022
Detected Hints/Tags/Attributes 262/4/68
Source URLs
Redirection Url
Details Source https://www.optiv.com/insights/discover/blog/russiaukraine-update-september-2022
URL Provider
Details Provider Source level domain
Details optiv.com www.optiv.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 346 Optiv Blog https://www.optiv.com/resources/blog/feed 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 5 
cert.lv
Details Domain 83 
cert.gov.ua
Details Domain 182 
www.mandiant.com
Details Domain 12 
yle.fi
Details Domain 1 
www.pravda.com.ua
Details Domain 1373 
twitter.com
Details Domain 78 
securityaffairs.co
Details Domain 255 
www.optiv.com
Details File 456 
mshta.exe
Details File 1 
anonyomus-hacked-yandex-taxi.html
Details File 263 
www.opt
Details MITRE ATT&CK Techniques 17 
T1593
Details MITRE ATT&CK Techniques 56 
T1595.002
Details MITRE ATT&CK Techniques 26 
T1587.003
Details MITRE ATT&CK Techniques 36 
T1586
Details MITRE ATT&CK Techniques 17 
T1584.005
Details MITRE ATT&CK Techniques 191 
T1133
Details MITRE ATT&CK Techniques 542 
T1190
Details MITRE ATT&CK Techniques 409 
T1566
Details MITRE ATT&CK Techniques 306 
T1078
Details MITRE ATT&CK Techniques 52 
T1199
Details MITRE ATT&CK Techniques 50 
T1072
Details MITRE ATT&CK Techniques 695 
T1059
Details MITRE ATT&CK Techniques 245 
T1203
Details MITRE ATT&CK Techniques 420 
T1204
Details MITRE ATT&CK Techniques 106 
T1204.001
Details MITRE ATT&CK Techniques 365 
T1204.002
Details MITRE ATT&CK Techniques 480 
T1053
Details MITRE ATT&CK Techniques 112 
T1098
Details MITRE ATT&CK Techniques 12 
T1611
Details MITRE ATT&CK Techniques 41 
T1078.001
Details MITRE ATT&CK Techniques 71 
T1078.002
Details MITRE ATT&CK Techniques 23 
T1127
Details MITRE ATT&CK Techniques 238 
T1497
Details MITRE ATT&CK Techniques 298 
T1562.001
Details MITRE ATT&CK Techniques 20 
T1562.002
Details MITRE ATT&CK Techniques 59 
T1055.001
Details MITRE ATT&CK Techniques 44 
T1212
Details MITRE ATT&CK Techniques 289 
T1003
Details MITRE ATT&CK Techniques 125 
T1110
Details MITRE ATT&CK Techniques 188 
T1120
Details MITRE ATT&CK Techniques 585 
T1083
Details MITRE ATT&CK Techniques 176 
T1135
Details MITRE ATT&CK Techniques 185 
T1518
Details MITRE ATT&CK Techniques 109 
T1210
Details MITRE ATT&CK Techniques 118 
T1570
Details MITRE ATT&CK Techniques 56 
T1213
Details MITRE ATT&CK Techniques 422 
T1041
Details MITRE ATT&CK Techniques 93 
T1485
Details MITRE ATT&CK Techniques 472 
T1486
Details MITRE ATT&CK Techniques 197 
T1489
Details MITRE ATT&CK Techniques 3 
T1489.001
Details MITRE ATT&CK Techniques 26 
T1531
Details Threat Actor Identifier - APT 665 
APT29
Details Threat Actor Identifier - APT 783 
APT28
Details Url 2 
https://jsis.washington.edu/news/cyberattack-critical-infrastructure-russia-ukrainian-power-grid-attacks
Details Url 1 
https://cert.gov.ua/article/971405
Details Url 2 
https://www.microsoft.com/security/blog/2022/08/15/disrupting-seaborgiums-ongoing-phishing-operations
Details Url 2 
https://www.mandiant.com/resources/blog/apt29-continues-targeting-microsoft
Details Url 1 
https://therecord.media/pro-kremlin-hackers-target-latvias-parliament-after-declaring-russia-a-sponsor-of-terrorism
Details Url 1 
https://yle.fi/uutiset/3-12569629
Details Url 1 
https://www.pravda.com.ua/eng/news/2022/08/20/7364150
Details Url 1 
https://twitter.com/youranontv/status/1567210769413971970
Details Url 1 
https://securityaffairs.co/wordpress/135280/hacktivism/anonyomus-hacked-yandex-taxi.html
Details Url 1 
https://therecord.media/leading-russian-streaming-platform-suffers-data-leak-allegedly-impacting-44-million-users
Details Url 1 
https://www.bleepingcomputer.com/news/security/ransomware-gangs-cobalt-strike-servers-ddosed-with-anti-russia-messages
Details Url 1 
https://www.bleepingcomputer.com/news/security/ukraine-dismantles-more-bot-farms-spreading-russian-disinformation
Details Url 1 
https://twitter.com/defencehq/status/1569188296680415232