Rectifyq📃Title: “Red October” Diplomatic Cyber Attacks Investigation
📅Date: 2013-01-14
🔗References:
🔖Rectifyq Taxonomies:
- relevancy: 🔴 Highly Relevant
- category: ⚔Threat
- sub-category: TA-profile
- target: targeted
- MY-relevancy: relevant
🔖MISP Galaxies:
- region=“143 - Central Asia”
- region=“151 - Eastern Europe”
- producer Kaspersky
- mitre-attack-pattern=[‘T1203’, ‘T1547.001’]
MISP event uuid: e5762a9d-4604-4bff-ba53-14cc0931dc8a
Indicator of Compromise (IoCs)
type,value,comment
domain, shellupdate.com, 'registered and sinkholed by Kaspersky Lab'
domain, msgenuine.net, 'registered and sinkholed by Kaspersky Lab'
domain, microsoft-msdn.com, 'registered and sinkholed by Kaspersky Lab'
domain, windowsonlineupdate.com, 'registered and sinkholed by Kaspersky Lab'
domain, dll-host-update.com, 'registered and sinkholed by Kaspersky Lab'
domain, windows-genuine.com, 'registered and sinkholed by Kaspersky Lab'
domain, nt-windows-online.com, ''
email-src, ustuygov_d@mail.ru, ''
domain, genuine-check.com, ''
domain, genuineupdate.com, ''
email-src, shaven@mail.ru, ''
domain, nt-windows-update.com, ''
domain, nt-windows-check.com, ''
domain, genuineservicecheck.com, ''
email-src, zorin_24@mail.ru, ''
domain, svchost-check.com, ''
email-src, dkajan@list.ru, ''
domain, svchost-online.com, ''
domain, microsoftosupdate.com, ''
email-src, simmutijjk@rambler.ru, ''
domain, microsoftcheck.com, ''
domain, msinfoonline.org, ''
email-src, stijk@yandex.ru, ''
email-src, kleyton107@rambler.ru, ''
domain, win-check-update.com, ''
domain, mobile-update.com, ''
domain, ms-software-check.com, ''
email-src, gartovanov@bk.ru, ''
domain, ms-software-update.com, ''
email-src, nevelskij@bk.ru, ''
domain, ms-software-genuine.com, ''
email-src, kaliniserg@rambler.ru, ''
domain, windowscheckupdate.com, ''
email-src, pyshkareva_76@mail.ru, ''
email-src, kolkys@yandex.ru, ''
domain, csrss-check-new.com, ''
domain, csrss-update-new.com, ''
email-src, kluev.leonid@rambler.ru, ''
domain, csrss-upgrade-new.com, ''
email-src, aleksandriavrov@lenta.ru, ''
domain, dil-host-update.com, ''
domain, dil-host-check.com, ''
domain, dll-host.com, ''
email-src, volinsergej@yandex.ru, ''
email-src, ortov.orloffsergej@yandex.ru, ''
domain, win-driver-upgrade.com, ''
domain, update-genuine.com, ''
domain, svchost-update.com, ''
domain, os-microsoft-check.com, ''
domain, xponlineupdate.com, ''
email-src, eherik-kirsti@rambler.ru, ''
email-src, lykashvadim@rambler.ru, ''
email-src, valdas-palajtis@yandex.ru, ''
email-src, dumkovski@rambler.ru, ''
domain, dil-host-udate.com, ''
domain, new-driver-upgrade.com, ''
email-src, deriven@mail.ru, ''
domain, dllupdate.info, ''
domain, os-microsoft-update.com, ''
email-src, den-syhar@rambler.ru, ''
domain, wingenuine.com, ''
domain, drivers-update-online.com, ''
email-src, lystenko@inbox.ru, ''
domain, wins-update.com, ''
email-src, praskyren@mail.ru, ''
domain, wins-driver-update.com, ''
domain, msonlineupdate.com, ''
email-src, denis-dumkov@rambler.ru, ''
domain, wins-driver-check.com, ''
email-src, zinin-ant@bk.ru, ''
domain, drivers-check.com, ''
email-src, stypin_86@mail.ru, ''
domain, drivers-get.com, ''
email-src, sidorenko_81@list.ru, ''
domain, osgenuine.com, ''
email-src, vidmans-semenov@yandex.ru, ''
email-src, bulanov24@yahoo.com, ''
email-src, botov_denis@mail.ru, ''
domain, msonlinecheck.com, ''
email-src, denis_demidkov@mail.ru, ''
domain, msonlineget.com, ''
Full IOCs available in Rectifyq's MISP```