Rectifyq📃Title: Meta’s Quarterly Adversarial Threat Report
📅Date: 2022-08-09
🔗References:
Description
Meta’s quarterly report on cyber threats.
🔖Rectifyq Taxonomies:
- relevancy: 🟡 Somewhat Relevant
- category: ⚔Threat
- sub-category: report
- target: targeted
- MY-relevancy: somewhat-relevant
🔖MISP Galaxies:
- target-information=“United Kingdom”
- target-information=“New Zealand”
- target-information=“Pakistan”
- target-information=“India”
- target-information=“Ukraine”
- target-information=“Malaysia”
- threat-actor HAZY-TIGER
- threat-actor Operation-C-Major
- malpedia=“XploitSPY”
- malpedia=“Dracarys”
- mitre-attack-pattern=[‘T1123’, ‘T1433’, ‘T1589’, ‘T1592’]
MISP event uuid: ce9b6cf8-d850-4441-bfe8-02b66a095190
Indicator of Compromise (IoCs)
type,value,comment
domain, signalpro.org, 'Hosting Dracarys Malware'
domain, signal-premium.org, 'Hosting Dracarys Malware'
domain, signalpremium.com, 'Hosting Dracarys Malware'
domain, telegram-pro.org, 'Hosting Dracarys Malware'
domain, signal-premium-app.org, 'Dracarys Malware C2'
domain, youtubepremiumapp.com, 'Dracarys Malware C2'
hostname, pflix.camdvr.org, 'Dracarys Malware C2'
ip-dst, 94.140.114.22, 'Dracarys Malware C2'
hostname, weather.play-protect.com, 'Assessed to be attacker controlled infrastructure'
hostname, gallery.play-protect.com, 'Assessed to be attacker controlled infrastructure'
domain, sikhsiyasatapp.net, 'Assessed to be attacker controlled infrastructure'
domain, telegramapppro.org, 'Assessed to be attacker controlled infrastructure'
domain, play-protect.com, 'Assessed to be attacker controlled infrastructure'
hostname, www.sikhsiyasatapp.net, 'Assessed to be attacker controlled infrastructure'
domain, briarapppro.org, 'Assessed to be attacker controlled infrastructure'
domain, islam-360-plus.com, 'Assessed to be attacker controlled infrastructure'
domain, converse-app.org, 'Assessed to be attacker controlled infrastructure'
domain, telegram-app.tech, 'Assessed to be attacker controlled infrastructure'
domain, appprotonvpn.com, 'Assessed to be attacker controlled infrastructure'
domain, linphone-app.com, 'Assessed to be attacker controlled infrastructure'
domain, appbriar.com, 'Assessed to be attacker controlled infrastructure'
domain, gosignal.org, 'Assessed to be attacker controlled infrastructure'
hostname, app2.appvlc.com, 'Assessed to be attacker controlled infrastructure'
domain, 1drivestorage.com, 'Assessed to be actor-controlled domain hosting malware'
domain, appsupdate.net, 'Assessed to be actor-controlled domain hosting malware'
domain, archiverst.com, 'Assessed to be actor-controlled domain used to redirect to other actor-controlled domains'
domain, filestudios.net, 'Assessed to be actor-controlled domain hosting malware'
domain, hatvax.com, 'C2 for malware'
domain, medizz.co, 'C2 for malware'
hostname, play.google.com.whatsapp.playapps.ga, 'Assessed to be actor-controlled domain hosting malware'
hostname, ratapi11223344786.azurewebsites.net, 'C2 for malware'
hostname, rdeskapi719543132892786.azurewebsites.net, 'C2 for malware'
hostname, rkarsin453287786.azurewebsites.net, 'C2 for malware'
hostname, secureapplication.azurewebsites.net, 'C2 for malware'
hostname, securechat.azurewebsites.net, 'C2 for malware'
domain, shareflx.com, 'Assessed to be actor-controlled domain hosting malware'
hostname, shareflx.createasocialcard.top, 'Social card preview site that redirects to actor-controlled domain'
hostname, shareflx.social-card-share.top, 'Social card preview site that redirects to actor-controlled domain'
hostname, shareflx.socialpreviews.top, 'Social card preview site that redirects to actor-controlled domain'
domain, storeupdates.net, 'Assessed to be actor-controlled domain hosting malware'
hostname, testandroidopen.azurewebsites.net, 'C2 for malware'
domain, theambix.org, 'C2 for malware'
domain, yoursdrive.com, 'Assessed to be actor-controlled domain hosting malware'
Full IOCs available in Rectifyq's MISP```