This closely matches previous reporting by Proofpoint and NTT Security on TA428 activity. Insikt Group identified multiple Royal Road, Poison Ivy, and PlugX samples communicating with the newly identified TA428-linked infrastructure. Likely spoofing Mongolian news-themed domain Likely spoofing Mongolian news agency Olloo Likely spoofing Mongolia news agency GoGo News References the Govi-Altai region of Mongolia Likely spoofing New Ulaanbaatar International Airport (NUBIA) Tsag agaar (цаг агаар) is a Mongolian word for “weather”
These unreported domains include the following: aircraft.tsagagaarcom The subdomains in this campaign used familiar terms to lure victims into trusting these sites. However, we have no other indication that this campaign targeted US companies. Insikt Group also identified two subdomains in this campaign with the term “Bloomberg”, a US-based news agency. The subdomains appear to spoof familiar news-themed names and words, both in English and in Mongolian languages.
According to passive DNS data, this IP address also hosted the Mongolian-themed domains at the same time, further strengthening the overlaps between these unreported suspected TA428 domains and Operation LagTime IT activity. At the time of the Proofpoint blog publication in July 2019, the vzglagtimenet domain was hosted on 8 through the hosting provider Vultr.
One of the domains, f1news.vzglagtimenet, previously appeared in the aforementioned Proofpoint Operation LagTime IT blog. On January 21, 2021, Insikt Group detected the PlugX C2 server 103.125.219222 (Hosting provider: VPSServercom) hosting multiple domains spoofing various Mongolian news entities. Based on the infrastructure, tactics, and victim organization identified, we assess that TA428 likely continues to engage in intrusion activity targeting organizations in Russia and Mongolia. The identified activity overlaps with a TA428 campaign previously reported by Proofpoint as “Operation LagTime IT”, which targeted Russian and East Asian government information technology agencies in 2019. Live broadcasting.Recorded Future’s Insikt Group recently identified renewed activity attributed to the suspected Chinese threat activity group TA428.
#POTPLAYER MALWARE TV#
A comprehensive video and audio player, that also supports TV channels, subtitles and skins. Distinctive features of the player is a high quality playback, support for all modern video and audio formats and a built DXVA video codecs. It''s been described on the Internet as The KMPlayer redux, and it pretty much is. Other key features include WebCam/Analog/Digital TV devices support, gapless video Playback, DXVA, live broadcasting.
#POTPLAYER MALWARE INSTALL#
PotPlayer contains internal codecs and there is no need to install codecs manually. Supports almost every available video formats out there. It feels like the KMPlayer, but is in active development. PotPlayer is a freeware Multimedia player.
0 kommentar(er)
