{
	"id": "a3fc32b6-8784-4b8f-b3d6-6535d774bf82",
	"created_at": "2026-04-06T00:19:12.331438Z",
	"updated_at": "2026-04-10T03:33:07.474141Z",
	"deleted_at": null,
	"sha1_hash": "6f83136e59a0b3fbc0da0312e0e51e190cae5a73",
	"title": "Origin DNS error | blog.yoroi.company",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 32484,
	"plain_text": "Origin DNS error | blog.yoroi.company\r\nArchived: 2026-04-05 19:47:16 UTC\r\nPlease enable cookies.\r\nError 1016\r\nRay ID: 9e7b1040bdef5868 • 2026-04-05 19:47:14 UTC\r\nWhat can I do?\r\nIf you are a visitor of this website:\r\nPlease try again in a few minutes.\r\nIf you are the owner of this website:\r\nCheck your DNS settings. If you are using a CNAME origin record, make sure it is valid and resolvable.\r\nAdditional troubleshooting information here.\r\nWas this page helpful?\r\nThank you for your feedback!\r\nCloudflare Ray ID: 9e7b1040bdef5868 • Your IP: 89.47.190.8 • Performance \u0026 security by Cloudflare\r\nSource: https://blog.yoroi.company/research/karkoff-2020-a-new-apt34-espionage-operation-involves-lebanon-government/\r\nhttps://blog.yoroi.company/research/karkoff-2020-a-new-apt34-espionage-operation-involves-lebanon-government/\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA",
		"Malpedia"
	],
	"references": [
		"https://blog.yoroi.company/research/karkoff-2020-a-new-apt34-espionage-operation-involves-lebanon-government/"
	],
	"report_names": [
		"karkoff-2020-a-new-apt34-espionage-operation-involves-lebanon-government"
	],
	"threat_actors": [
		{
			"id": "ce10c1bd-4467-45f9-af83-28fc88e35ca4",
			"created_at": "2022-10-25T15:50:23.458833Z",
			"updated_at": "2026-04-10T02:00:05.419537Z",
			"deleted_at": null,
			"main_name": "APT34",
			"aliases": null,
			"source_name": "MITRE:APT34",
			"tools": [
				"netstat",
				"Systeminfo",
				"PsExec",
				"SEASHARPEE",
				"Tasklist",
				"Mimikatz",
				"POWRUNER",
				"certutil"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "cffb3c01-038f-4527-9cfd-57ad5a035c22",
			"created_at": "2022-10-25T15:50:23.38055Z",
			"updated_at": "2026-04-10T02:00:05.258283Z",
			"deleted_at": null,
			"main_name": "OilRig",
			"aliases": [
				"COBALT GYPSY",
				"IRN2",
				"APT34",
				"Helix Kitten",
				"Evasive Serpens",
				"Hazel Sandstorm",
				"EUROPIUM",
				"ITG13",
				"Earth Simnavaz",
				"Crambus",
				"TA452"
			],
			"source_name": "MITRE:OilRig",
			"tools": [
				"ISMInjector",
				"ODAgent",
				"RDAT",
				"Systeminfo",
				"QUADAGENT",
				"OopsIE",
				"ngrok",
				"Tasklist",
				"certutil",
				"ZeroCleare",
				"POWRUNER",
				"netstat",
				"Solar",
				"ipconfig",
				"LaZagne",
				"BONDUPDATER",
				"SideTwist",
				"OilBooster",
				"SampleCheck5000",
				"PsExec",
				"SEASHARPEE",
				"Mimikatz",
				"PowerExchange",
				"OilCheck",
				"RGDoor",
				"ftp"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "67b2c161-5a04-4e3d-8ce7-cce457a4a17b",
			"created_at": "2025-08-07T02:03:24.722093Z",
			"updated_at": "2026-04-10T02:00:03.681914Z",
			"deleted_at": null,
			"main_name": "COBALT EDGEWATER",
			"aliases": [
				"APT34 ",
				"Cold River ",
				"DNSpionage "
			],
			"source_name": "Secureworks:COBALT EDGEWATER",
			"tools": [
				"AgentDrable",
				"DNSpionage",
				"Karkoff",
				"MailDropper",
				"SideTwist",
				"TWOTONE"
			],
			"source_id": "Secureworks",
			"reports": null
		},
		{
			"id": "c786e025-c267-40bd-9491-328da70811a5",
			"created_at": "2025-08-07T02:03:24.736817Z",
			"updated_at": "2026-04-10T02:00:03.752071Z",
			"deleted_at": null,
			"main_name": "COBALT GYPSY",
			"aliases": [
				"APT34 ",
				"CHRYSENE ",
				"Crambus ",
				"EUROPIUM ",
				"Hazel Sandstorm ",
				"Helix Kitten ",
				"ITG13 ",
				"OilRig ",
				"Yellow Maero "
			],
			"source_name": "Secureworks:COBALT GYPSY",
			"tools": [
				"Glimpse",
				"Helminth",
				"Jason",
				"MacDownloader",
				"PoisonFrog",
				"RGDoor",
				"ThreeDollars",
				"TinyZbot",
				"Toxocara",
				"Trichuris",
				"TwoFace"
			],
			"source_id": "Secureworks",
			"reports": null
		},
		{
			"id": "67709937-2186-4a32-b64c-a5693d40ac77",
			"created_at": "2023-01-06T13:46:38.495593Z",
			"updated_at": "2026-04-10T02:00:02.999196Z",
			"deleted_at": null,
			"main_name": "OilRig",
			"aliases": [
				"Crambus",
				"Helix Kitten",
				"APT34",
				"IRN2",
				"ATK40",
				"G0049",
				"EUROPIUM",
				"TA452",
				"Twisted Kitten",
				"Cobalt Gypsy",
				"APT 34",
				"Evasive Serpens",
				"Hazel Sandstorm",
				"Earth Simnavaz"
			],
			"source_name": "MISPGALAXY:OilRig",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434752,
	"ts_updated_at": 1775791987,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/6f83136e59a0b3fbc0da0312e0e51e190cae5a73.pdf",
		"text": "https://archive.orkl.eu/6f83136e59a0b3fbc0da0312e0e51e190cae5a73.txt",
		"img": "https://archive.orkl.eu/6f83136e59a0b3fbc0da0312e0e51e190cae5a73.jpg"
	}
}