Targeted attack on industrial enterprises and public institutions

Event ID1520
UUID28219fd4-56f3-470c-90ae-bdaeb006502e 
Creator orgICS-CSIRT.io
Owner orgLUNCHBOX
Creator useradmin@admin.test
Protected Event (experimental)  Event is in unprotected mode.
Tagstlp:whitex dhs-ciip-sectors:DHS-critical-sectors=”government-facilities”x   
Date2022-08-12
Threat LevelHigh
AnalysisCompleted
DistributionAll communities   
PublishedYes 2022-08-17 17:21:11
#Attributes190 (0 Objects)
First recorded change2022-08-12 22:46:15
Last change2022-08-12 23:27:40
Modification map
Sightings0 (0) – restricted to own organisation only.  

Order by dateOrder by count

Related Events

CUDESOMore LodaRAT infrastructure targeting Bangladesh uncovered
2021-02-151
laskowski-tech.comLokibot Equation Editor Sample
2020-03-211
OSINT – new sample of operation lagtime TA428
2020-03-161
Information stealer malware via fake malicious document as “University of Luxembourg”
2019-06-241
OSINT – Familiar Feeling A Malware Campaign Targeting the Tibetan Diaspora Resurfaces
2018-08-081
Synovus FinancialTalos Blog: Multiple Cobalt Personality Disorder
2018-08-011
OSINT – RTF files for Hancitor utilize exploit for CVE-2017-11882
2018-01-251
CUDESONew Targeted Attack in the Middle East by APT34, a Suspected Iranian Threat Group, Using CVE-2017-11882 Exploit
2017-12-071
OSINT – Gaffe Reveals Full List of Targets in Spear Phishing Attack Using Cobalt Strike Against Financial Institutions
2017-12-041

PivotsGalaxyEvent graphEvent timelineCorrelation graphATT&CK matrixEvent reportsAttributesDiscussion

1520: Targeted attack on industrial enterprises and public institutions

Galaxies

Attack Pattern 

  •  Spearphishing Attachment – T1566.001   
  •  Remote Desktop Protocol – T1021.001   

Threat Actor 

  •  TA428   

Malpedia 

  •  Cotx RAT   
  •  nccTrojan   

Tool 

  •  NBTscan – S0590   

Sector 

  •  Defense   
  •  Government, Administration   

Scope toggle  Deleted Decay score SightingDB Context Related Tags Filtering tool

DateOrgCategoryTypeValueTagsGalaxiesCommentCorrelateRelated EventsFeed hitsIDSDistributionSightingsActivityActions
2022-08-12Payload deliveryfilename78936077.tmp    Inherit   (0/0/0)         
2022-08-12Network activityhostnamefax.internnetionfax.com     Inherit   (0/0/0)         
2022-08-12Network activityhostnamewww1.nppnavigator.net     Inherit   (0/0/0)         
2022-08-12Network activityhostnamewww3.vpkimplus.com     Inherit   (0/0/0)         
2022-08-12Network activityip-dst45.151.180.178     Inherit   (0/0/0)         
2022-08-12Network activityhostnamecustom.songuulcomiss.com     Inherit   (0/0/0)         
2022-08-12Network activityhostnamevideo.nicblainfo.net     Inherit   (0/0/0)         
2022-08-12Network activityip-dst160.202.162.122     Inherit   (0/0/0)         
2022-08-12Network activityhostnamedoc.redstrpela.net     Inherit   (0/0/0)         
2022-08-12Network activityhostnametech.songuulcomiss.com     Inherit   (0/0/0)         
2022-08-12Network activityhostnamewww2.defensysminck.net     Inherit   (0/0/0)         
2022-08-12Network activityhostnameserver.dotomater.club     Inherit   (0/0/0)         
2022-08-12Network activityhostnamewww1.dotomater.club     Inherit   (0/0/0)         
2022-08-12Network activityip-dst192.248.182.121     Inherit   (0/0/0)         
2022-08-12Network activityhostnamewww2.sdelanasnou.com     Inherit   (0/0/0)         
2022-08-12Network activityhostnameinfo.ntcprotek.com     Inherit   (0/0/0)         
2022-08-12Network activityip-dst54.36.189.105     Inherit   (0/0/0)         
2022-08-12Network activityip-dst5.180.174.10     Inherit   (0/0/0)         
2022-08-12Network activityip-dst45.63.27.162     Inherit   (0/0/0)         
2022-08-12Payload deliveryfilename%AppData%\Roaming\Microsoft\Windows\Start    Inherit   (0/0/0)         
2022-08-12Payload deliveryfilename%ALLUSERSPROFILE%\sh.exe    Inherit   (0/0/0)         
2022-08-12Payload deliveryfilename%WINDIR%\Temp\McUtil.dll    Inherit   (0/0/0)         
2022-08-12Payload deliveryfilename%WINDIR%\Temp\McoemcpyRun.log    Inherit   (0/0/0)         
2022-08-12Payload deliveryfilename%WINDIR%\Temp\mcoemcpy.exe    Inherit   (0/0/0)         
2022-08-12Payload deliveryfilename%WINDIR%\Temp\conhost.exe    Inherit   (0/0/0)         
2022-08-12Payload deliveryfilename%WINDIR%\Temp\conhost.dll    Inherit   (0/0/0)         
2022-08-12Payload deliveryfilename%WINDIR%\SysWOW64\wus.dll    Inherit   (0/0/0)         
2022-08-12Payload deliveryfilename%WINDIR%\System32\wus.dll    Inherit   (0/0/0)         
2022-08-12Payload deliveryfilename%WINDIR%\System32\wam.dll    Inherit   (0/0/0)         
2022-08-12Payload deliveryfilename%APPDATA%\winset\safestore64.dll    Inherit   (0/0/0)         
2022-08-12Payload deliveryfilename%APPDATA%\winset\LiveUpdate.exe    Inherit   (0/0/0)         
2022-08-12Payload deliveryfilename%ALLUSERSPROFILE%\Microsoft\DRM\mcinsupd.cfg    Inherit   (0/0/0)         
2022-08-12Payload deliveryfilename%ALLUSERSPROFILE%\Oracle\ace.exe    Inherit   (0/0/0)         
2022-08-12Payload deliveryfilename%ALLUSERSPROFILE%\Microsoft\uconhost.exe    Inherit   (0/0/0)         
2022-08-12Payload deliveryfilename%ALLUSERSPROFILE%\Microsoft\MF\wus.dll    Inherit   (0/0/0)         
2022-08-12Payload deliveryfilename%ALLUSERSPROFILE%\Microsoft\MF\Pending.GRL    Inherit   (0/0/0)         
2022-08-12Payload deliveryfilename%ALLUSERSPROFILE%\Microsoft\MF\Instsrv.exe    Inherit   (0/0/0)         
2022-08-12Payload deliveryfilename%ALLUSERSPROFILE%\Microsoft\MF\Active.GRL    Inherit   (0/0/0)         
2022-08-12Payload deliveryfilename%ALLUSERSPROFILE%\Microsoft\DRM\safestore64.dll    Inherit   (0/0/0)         
2022-08-12Payload deliveryfilename%ALLUSERSPROFILE%\Microsoft\DRM\mytilus3.dll    Inherit   (0/0/0)         
2022-08-12Payload deliveryfilename%ALLUSERSPROFILE%\Microsoft\DRM\mcinsupd.exe    Inherit   (0/0/0)         
2022-08-12Payload deliveryfilename%WINDIR%\Temp\smcw.dll    Inherit   (0/0/0)         
2022-08-12Payload deliveryfilename%ALLUSERSPROFILE%\Microsoft\DRM\LiveUpdate.exe    Inherit   (0/0/0)         
2022-08-12Payload deliveryfilename%WINDIR%\Temp\net.log    Inherit   (0/0/0)         
2022-08-12Payload deliveryfilename%WINDIR%\Temp\McUtil.dll.cab    Inherit   (0/0/0)         
2022-08-12Payload deliveryfilename%WINDIR%\Web\1.bat    Inherit   (0/0/0)         
2022-08-12Payload deliveryfilenameMenu\Programs\Startup\MSCAL.OCX    Inherit   (0/0/0)         
2022-08-12Payload deliveryfilename%WINDIR%\Web\1\hccutils.dll    Inherit   (0/0/0)         
2022-08-12Payload deliveryfilename%ALLUSERSPROFILE%\Adobe\Setup\mcinsupd.exe    Inherit   (0/0/0)         
2022-08-12Payload deliveryfilename%WINDIR%\Temp\Client.cfg    Inherit   (0/0/0)         
2022-08-12Payload deliveryfilename%ALLUSERSPROFILE%\ABBYY\FineReader\Update.exe    Inherit   (0/0/0)         
2022-08-12Payload deliveryfilename%ALLUSERSPROFILE%\ABBYY\FineReader\OEMPRINT.CAT    Inherit   (0/0/0)         
2022-08-12Payload deliveryfilename%ALLUSERSPROFILE%\ABBYY\FineReader\debug.log    Inherit   (0/0/0)         
2022-08-12Payload deliveryfilename%ALLUSERSPROFILE%\ABBYY\FineReader\Client.cfg    Inherit   (0/0/0)         
2022-08-12Payload deliveryfilename%ALLUSERSPROFILE%\temp\wmic.dll    Inherit   (0/0/0)         
2022-08-12Payload deliveryfilename%ALLUSERSPROFILE%\temp\wcrypt32.dll    Inherit   (0/0/0)         
2022-08-12Payload deliveryfilename%AppData%\Roaming\Microsoft\MsMpEng.exe    Inherit   (0/0/0)         
2022-08-12Payload deliveryfilename%ALLUSERSPROFILE%\Adobe\Setup\mcinsupd.cfg    Inherit   (0/0/0)         
2022-08-12Payload deliveryfilenameMenu\Programs\Startup\MsMpEng.exe    Inherit   (0/0/0)         
2022-08-12Payload deliveryfilename%ALLUSERSPROFILE%\my_capture.exe    Inherit   (0/0/0)         

Leave a Comment