Suspected Iran-Nexus TAG-56 Uses UAE Forum Lure for Credential Theft Against US Think Tank
Common Information
| Type | Value |
|---|---|
| UUID | 4e43fbc7-a908-47c4-be86-b156d8e2fcbd |
| Fingerprint | 0445d4665bf5fb8e76a5d96c892f95edf2642fb6ba56e652d09ab56fb4e21013 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Nov. 29, 2022, 3:15 p.m. |
| Added to db | March 10, 2024, 1:13 a.m. |
| Last updated | Aug. 31, 2024, 3 a.m. |
| Headline | Suspected Iran-Nexus TAG-56 Uses UAE Forum Lure for Credential Theft Against US Think Tank |
| Title | Suspected Iran-Nexus TAG-56 Uses UAE Forum Lure for Credential Theft Against US Think Tank |
| Detected Hints/Tags/Attributes | 78/3/40 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://go.recordedfuture.com/hubfs/reports/cta-2022-1129.pdf |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 5 | mailer-daemon.net |
|
| Details | Domain | 546 | www.recordedfuture.com |
|
| Details | Domain | 2 | web-hosting.com |
|
| Details | Domain | 6 | mailer-daemon.org |
|
| Details | Domain | 4 | mailerdaemon.me |
|
| Details | Domain | 5 | mailer-daemon-message.co |
|
| Details | Domain | 4 | mailer-daemon.online |
|
| Details | Domain | 4 | mailer-daemon.me |
|
| Details | Domain | 4 | mailer-daemon.live |
|
| Details | Domain | 4 | tinyurl.ink |
|
| Details | Domain | 75 | tinyurl.com |
|
| Details | Domain | 75 | tria.ge |
|
| Details | Domain | 6 | litby.us |
|
| Details | Domain | 6 | de-ma.online |
|
| Details | Domain | 7 | continuetogo.me |
|
| Details | Domain | 4 | file.id |
|
| Details | Domain | 2 | check.id |
|
| Details | File | 2 | nuke.docx |
|
| Details | File | 1 | iran%20nuke.docx |
|
| Details | File | 2 | continue-to-settings.php |
|
| Details | File | 9 | check.html |
|
| Details | File | 1206 | index.php |
|
| Details | md5 | 1 | 69eb4fca412201039105d862d5f2bf12 |
|
| Details | md5 | 1 | 085d41cb18a93398afef0be8dfb9c229 |
|
| Details | sha256 | 2 | 69eb4fca412201039105d862d5f2bf12085d41cb18a93398afef0be8dfb9c229 |
|
| Details | IPv4 | 2 | 162.0.232.252 |
|
| Details | IPv4 | 2 | 198.54.115.217 |
|
| Details | IPv4 | 2 | 92.205.13.202 |
|
| Details | IPv4 | 2 | 199.188.200.217 |
|
| Details | IPv4 | 2 | 198.54.116.118 |
|
| Details | Mandiant Uncategorized Groups | 18 | UNC788 |
|
| Details | Threat Actor Identifier - APT | 121 | APT42 |
|
| Details | Threat Actor Identifier - APT | 194 | APT35 |
|
| Details | Threat Actor Identifier by Recorded Future | 6 | TAG-56 |
|
| Details | Url | 1 | https://tinyurl.ink/8tio9 |
|
| Details | Url | 2 | https://continuetogo.me/sec=tab=settings/id=xxxxx=xxxxx/continue-to-settings.php |
|
| Details | Url | 2 | https://mailer-daemon.net/file=sharing=system/file.id.x=xxxxxx/continue-to-settings.php |
|
| Details | Url | 2 | https://mailer-daemon.net/file=sharing=system/file.id.x=xxxxxx/first.check.html |
|
| Details | Url | 2 | https://mailer-daemon.live/sec=file=sharing/check.id=xxxxxxxx=xxxxxx/index.php |
|
| Details | Url | 1 | https://tinyurl.ink/8tio97cy/iran%20nuke.docx |