ZINC weaponizing open-source software
Contents
Microsoft threat intelligence presented at CyberWarCon 2022
At CyberWarCon 2022, Microsoft and LinkedIn analysts presented several sessions detailing analysis across multiple sets of actors and related activity.
April 2023 update – Microsoft Threat Intelligence has shifted to a new threat actor naming taxonomy aligned around the theme of weather. Zinc is now tracked as Diamond Sleet.
To learn about how the new taxonomy represents the origin, unique traits, and impact of threat actors, and to get a complete mapping of threat actor names, read this blog: Microsoft shifts to a new threat actor naming taxonomy.
In recent months, Microsoft has detected a wide range of social engineering campaigns using weaponized legitimate open-source software by an actor we track as ZINC. Microsoft Threat Intelligence Center (MSTIC) observed activity targeting employees in organizations across multiple industries including media, defense and aerospace, and IT services in the US, UK, India, and Russia. Based on the observed tradecraft, …
At CyberWarCon 2022, Microsoft and LinkedIn analysts presented several sessions detailing analysis across multiple sets of actors and related activity.
April 2023 update – Microsoft Threat Intelligence has shifted to a new threat actor naming taxonomy aligned around the theme of weather. Zinc is now tracked as Diamond Sleet.
To learn about how the new taxonomy represents the origin, unique traits, and impact of threat actors, and to get a complete mapping of threat actor names, read this blog: Microsoft shifts to a new threat actor naming taxonomy.
In recent months, Microsoft has detected a wide range of social engineering campaigns using weaponized legitimate open-source software by an actor we track as ZINC. Microsoft Threat Intelligence Center (MSTIC) observed activity targeting employees in organizations across multiple industries including media, defense and aerospace, and IT services in the US, UK, India, and Russia. Based on the observed tradecraft, …
IoC
0CE1241A44557AA438F27BC6D4ACA246
137.184.15.189
1492fa04475b89484b5b0a02e6ba3e52544c264c294b57210404b96b65e63266
14f736b7df6a35c29eaed82a47fc0a248684960aa8f2222b5ab8cdad28ead745
172.93.201.253
37e30dc2faaabaf93f0539ffbde032461ab63a2c242fbe6e1f60a22344c8a334
44.238.74.84
63cddab76e9d63e3cbea421b607342735d924e462c40f3917b1b5fbdf8d4a20d
71beb4252e93291c7b14dfcb4cbb5d58144a76181fbe4aab3592121a3dbd9c55
C3A9B30B6A313F289297C9A36730DB6D
aaad412aeb0f98c2c27bb817682f08673902a48b65213091534f96fe6f5494d9
c5a470cdf6f57125a8671f6b8843149cc78ccbc1a7bc615f34b23d9f241312bf
e1ecf0f7bd90553baaa83dcdc177e1d2b20d6ee5520f5d9b44cdf59389432b10
http://137.184.15.189
http://172.93.201.253
http://44.238.74.84
http://cats.runtimerec.com/db/dbconn.php
http://ec2-aet-tech.w-ada.amazonaws
http://elite4print.com/support/support.asp
http://hurricanepub.com/include/include.php
http://olidhealth.com/wp-includes/php-compat/compat.php
http://recruitment.raystechserv.com/lib/artichow/BarPlotDashboard.object.php
http://turnscor.com/wp-includes/contacts.php
137.184.15.189
1492fa04475b89484b5b0a02e6ba3e52544c264c294b57210404b96b65e63266
14f736b7df6a35c29eaed82a47fc0a248684960aa8f2222b5ab8cdad28ead745
172.93.201.253
37e30dc2faaabaf93f0539ffbde032461ab63a2c242fbe6e1f60a22344c8a334
44.238.74.84
63cddab76e9d63e3cbea421b607342735d924e462c40f3917b1b5fbdf8d4a20d
71beb4252e93291c7b14dfcb4cbb5d58144a76181fbe4aab3592121a3dbd9c55
C3A9B30B6A313F289297C9A36730DB6D
aaad412aeb0f98c2c27bb817682f08673902a48b65213091534f96fe6f5494d9
c5a470cdf6f57125a8671f6b8843149cc78ccbc1a7bc615f34b23d9f241312bf
e1ecf0f7bd90553baaa83dcdc177e1d2b20d6ee5520f5d9b44cdf59389432b10
http://137.184.15.189
http://172.93.201.253
http://44.238.74.84
http://cats.runtimerec.com/db/dbconn.php
http://ec2-aet-tech.w-ada.amazonaws
http://elite4print.com/support/support.asp
http://hurricanepub.com/include/include.php
http://olidhealth.com/wp-includes/php-compat/compat.php
http://recruitment.raystechserv.com/lib/artichow/BarPlotDashboard.object.php
http://turnscor.com/wp-includes/contacts.php