Operation ‘Dream Job
Common Information
| Type | Value |
|---|---|
| UUID | cddc84e4-3741-42fc-a89f-ba4e8494bc9b |
| Fingerprint | 6d7e260ab64115eeabfa429ff13ad01b385fe094115d05e16b0b4afbe54aba20 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Aug. 23, 2020, 10:39 a.m. |
| Added to db | March 10, 2024, 3:27 a.m. |
| Last updated | Aug. 31, 2024, 8:05 a.m. |
| Headline | Operation ‘Dream Job |
| Title | Operation ‘Dream Job |
| Detected Hints/Tags/Attributes | 244/4/202 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 1 | cve-2018-2025010 |
|
| Details | CVE | 31 | cve-2018-20250 |
|
| Details | Domain | 57 | www.clearskysec.com |
|
| Details | Domain | 360 | attack.mitre.org |
|
| Details | Domain | 622 | en.wikipedia.org |
|
| Details | Domain | 3 | 38north.org |
|
| Details | Domain | 18 | zdnet.com |
|
| Details | Domain | 403 | securelist.com |
|
| Details | Domain | 49 | home.treasury.gov |
|
| Details | Domain | 154 | us-cert.cisa.gov |
|
| Details | Domain | 641 | nvd.nist.gov |
|
| Details | Domain | 42 | mcafee.com |
|
| Details | Domain | 54 | welivesecurity.com |
|
| Details | Domain | 35 | fireeye.com |
|
| Details | Domain | 27 | responder.py |
|
| Details | Domain | 675 | www.linkedin.com |
|
| Details | Domain | 911 | any.run |
|
| Details | Domain | 2 | operationblockbuster.com |
|
| Details | Domain | 1 | sumatrapdfreader.org |
|
| Details | Domain | 3 | www.geeks-board.com |
|
| Details | Domain | 3 | www.fabianiarte.com |
|
| Details | Domain | 3 | www.paghera.com |
|
| Details | Domain | 4127 | github.com |
|
| Details | Domain | 4 | nirsoft.net |
|
| Details | Domain | 1 | oreans.com |
|
| Details | Domain | 10 | global.ahnlab.com |
|
| Details | Domain | 30 | fortinet.com |
|
| Details | Domain | 16 | justice.gov |
|
| Details | Domain | 261 | blog.talosintelligence.com |
|
| Details | Domain | 1 | colasprint.com |
|
| Details | Domain | 1 | speed-stream.com |
|
| Details | Domain | 1 | kyungrok.com |
|
| Details | Domain | 4 | roit.co.kr |
|
| Details | Domain | 4 | warevalley.com |
|
| Details | Domain | 1 | ktri.or.kr |
|
| Details | Domain | 1 | ilhak.co.kr |
|
| Details | Domain | 3 | polyboatowners.com |
|
| Details | Domain | 1 | kbcwainwrightchallenge.org.uk |
|
| Details | Domain | 1 | djasw.or.kr |
|
| Details | Domain | 3 | americanhotboats.com |
|
| Details | Domain | 3 | shinwonbook.co.kr |
|
| Details | Domain | 1 | server2.urgentfury.net |
|
| Details | Domain | 1 | s17643226.onlinehome-server.info |
|
| Details | Domain | 1 | jikyung.co.kr |
|
| Details | Domain | 1 | hansung-cc.co.kr |
|
| Details | Domain | 1 | au-pair.org |
|
| Details | Domain | 2 | fabianiarte.com |
|
| Details | Domain | 2 | scimpex.com |
|
| Details | Domain | 3 | automercado.co.cr |
|
| Details | Domain | 1 | ns3145204.ip-51-68-119.eu |
|
| Details | Domain | 1 | reverse-31-186-8-221.turkicaret.net |
|
| Details | Domain | 1 | kmdia.or.kr |
|
| Details | File | 3 | rp-operation-sharpshooter.pdf |
|
| Details | File | 4 | apt33-insights-into-iranian-cyber-espionage.html |
|
| Details | File | 25 | responder.py |
|
| Details | File | 9 | operation-blockbuster-report.pdf |
|
| Details | File | 1 | free-pdf-reader.html |
|
| Details | File | 6 | desktop.dat |
|
| Details | File | 1 | boeing_gs_logo.jpg |
|
| Details | File | 1 | boeing_gs.png |
|
| Details | File | 1 | disney_dds_log.jpg |
|
| Details | File | 5 | wsuser.db |
|
| Details | File | 5 | wsdts.db |
|
| Details | File | 196 | desktop.ini |
|
| Details | File | 2 | pcaudit.sys |
|
| Details | File | 1 | c:\programdata\thumbnail\thumbnail.db |
|
| Details | File | 1 | c:\programdata\desktop.ini |
|
| Details | File | 1018 | rundll32.exe |
|
| Details | File | 127 | c:\windows\system32\rundll32.exe |
|
| Details | File | 1 | mar-10135536-b_white.pdf |
|
| Details | File | 56 | iexplorer.exe |
|
| Details | File | 8 | flash.exe |
|
| Details | File | 1 | c:\users\joe-user\desktop\3zvq751hqf.exe |
|
| Details | File | 3 | wake_on_lan.html |
|
| Details | File | 1 | chromepass.html |
|
| Details | File | 4 | themida.php |
|
| Details | File | 143 | thumbs.db |
|
| Details | File | 1 | fake-korean-job-posting.html |
|
| Details | File | 1 | boeing_gs.pdf |
|
| Details | File | 1 | bds_seti_se.pdf |
|
| Details | File | 1 | internalviewer.exe |
|
| Details | File | 1 | internalviewer2.exe |
|
| Details | File | 1 | bae_hpc_se.iso |
|
| Details | File | 1 | bae_hpc_se.pdf |
|
| Details | File | 1 | bae_2020_jd_sse.pdf |
|
| Details | File | 4 | description.doc |
|
| Details | File | 1 | bgs_srms.docx |
|
| Details | File | 1 | boeing_leader_ssi.docx |
|
| Details | File | 1 | boeing_gs.docx |
|
| Details | File | 1 | bgs_srms-1.docx |
|
| Details | File | 5 | boeing_pms.docx |
|
| Details | File | 1 | bea_defense_lead.docx |
|
| Details | File | 1 | bae_ecs_epm.docx |
|
| Details | File | 5 | boeing_dss_se.docx |
|
| Details | File | 4 | boeing_aero_gs.docx |
|
| Details | File | 1 | boeing_russia_aa.docx |
|
| Details | File | 1 | tete.docx |
|
| Details | File | 1 | beoing_gs.png |
|
| Details | File | 6 | 17.dot |
|
| Details | File | 1 | c47a.dot |
|
| Details | File | 1 | b_r_205699.jpg |
|
| Details | File | 2 | 21it-23792.jpg |
|
| Details | File | 3 | 1.dot |
|
| Details | File | 101 | iconcache.db |
|
| Details | File | 3 | thumbnail.db |
|
| Details | File | 2 | zlibwapi.dll |
|
| Details | File | 1 | thumbnaul.db |
|
| Details | File | 263 | iexplore.exe |
|
| Details | File | 4 | netsvc.exe |
|
| Details | Github username | 10 | spiderlabs |
|
| Details | md5 | 1 | 48405332ee067cdf29077b317dc7c555 |
|
| Details | md5 | 1 | 8e9c5eca1726511e8710c9692127ca11 |
|
| Details | md5 | 1 | 38032A4D12D9E3029F00B120200E8E68 |
|
| Details | md5 | 1 | 8b78558ff2731e8f0904f660a02813c0 |
|
| Details | md5 | 1 | f7de7d878835793ae439c5e551597b1e |
|
| Details | md5 | 1 | 09350e100a4bda4a276fca6a968eb9ea |
|
| Details | md5 | 1 | 4E1B36182482644F5A377F3351F19118 |
|
| Details | md5 | 1 | D4B4BA4615C5FF58C766B509C552EC9D |
|
| Details | md5 | 1 | f31ce3215945b7f5978404eca30bdfc8 |
|
| Details | md5 | 1 | 50e33e4d9229286e7d49c5b468fef285 |
|
| Details | md5 | 1 | 35b07d0eddc357d7c388e819239595b2 |
|
| Details | md5 | 1 | Ab7e59391ecf059f4394a22faabbbcb0 |
|
| Details | md5 | 1 | f01624ec3f19b171cee5250eec53ffc2 |
|
| Details | md5 | 1 | 3f051bb43a168e83c5ad222b324ebf68 |
|
| Details | md5 | 1 | 0be6e64e2310e9a4f5782b9e98cdaf72 |
|
| Details | md5 | 3 | 183ad96b931733ad37bb627a958837db |
|
| Details | md5 | 1 | De991e1dc8de2510127dcf9919f58f8a |
|
| Details | md5 | 1 | de991e1dc8de2510127dcf9919f58d8a |
|
| Details | md5 | 1 | 306310e0d2c0a497d968be1120b05143 |
|
| Details | md5 | 2 | 9ea365c1714eb500e5f4a749a3ed0fe7 |
|
| Details | md5 | 4 | e7aa0237fc3db67a96ebd877806a2c88 |
|
| Details | md5 | 1 | e7fc03267e47814e23e004e5f3a1205b |
|
| Details | md5 | 1 | 66ad3ce8d5a3ba4f1d3ce39e7c4d7387 |
|
| Details | md5 | 1 | e77e72c8fae55aa60ff145a16a2f3b31 |
|
| Details | md5 | 1 | a5b8233855259c2b592b1ffc6b90f92f |
|
| Details | md5 | 2 | 0071b20d27a24ae1e474145b8efc9718 |
|
| Details | md5 | 1 | fb5c30397d1586a435326472b90d32da |
|
| Details | md5 | 1 | 34f83ff7b0a1d05aaf8f81c9803a3a02 |
|
| Details | md5 | 1 | a213f5b68c1f00cf781a4a968cdf4850 |
|
| Details | md5 | 1 | 9c703b1f9337fc960dd6029d2c3e156d |
|
| Details | md5 | 1 | 6d05be441fdfc9a3b7ee7a6c2d416f49 |
|
| Details | md5 | 1 | 980d6c8bdcd52b3dfa9573e3d4dd21e5 |
|
| Details | md5 | 1 | 250ef467e32b6a169e93464237bb6b28 |
|
| Details | md5 | 1 | 6a20ddf3962fa0e25fd858918eb408d8 |
|
| Details | md5 | 1 | 86a56df0f2aecabbeebeab8f519d4a4a |
|
| Details | md5 | 1 | 9f8e210b43a329903c08b8673add61aa |
|
| Details | md5 | 1 | 08F35BC3BCFCC1DC5F026A6954BA0FF2 |
|
| Details | md5 | 1 | 1203374a0266396e5a33f898af3f6dff |
|
| Details | md5 | 1 | CA6658852480C70118FEBA12EB1BE880 |
|
| Details | md5 | 1 | 1e5ca25dab653acfb4f356f0aca42f66 |
|
| Details | md5 | 1 | 42738d1824e5158a114a50bc07e12e8c |
|
| Details | md5 | 1 | a3de22b6a8f4f9c7f77fc3901c9763d2 |
|
| Details | IPv4 | 2 | 50.192.28.29 |
|
| Details | IPv4 | 1 | 118.217.183.180 |
|
| Details | IPv4 | 1 | 110.45.138.98 |
|
| Details | IPv4 | 1 | 112.175.226.221 |
|
| Details | IPv4 | 1 | 110.10.189.166 |
|
| Details | IPv4 | 1 | 1.251.44.118 |
|
| Details | IPv4 | 1 | 101.0.115.80 |
|
| Details | IPv4 | 1 | 217.69.41.33 |
|
| Details | IPv4 | 1 | 114.207.112.202 |
|
| Details | IPv4 | 1 | 54.39.64.114 |
|
| Details | IPv4 | 1 | 211.115.65.71 |
|
| Details | IPv4 | 1 | 51.79.44.111 |
|
| Details | IPv4 | 1 | 212.227.91.36 |
|
| Details | IPv4 | 1 | 211.202.2.195 |
|
| Details | IPv4 | 1 | 115.23.252.233 |
|
| Details | IPv4 | 1 | 51.68.119.230 |
|
| Details | IPv4 | 1 | 103.227.176.20 |
|
| Details | IPv4 | 3 | 54.241.91.49 |
|
| Details | IPv4 | 1 | 31.186.8.221 |
|
| Details | IPv4 | 1 | 210.217.137.70 |
|
| Details | MITRE ATT&CK Techniques | 1 | T1341 |
|
| Details | MITRE ATT&CK Techniques | 3 | T1268 |
|
| Details | MITRE ATT&CK Techniques | 365 | T1204.002 |
|
| Details | MITRE ATT&CK Techniques | 310 | T1566.001 |
|
| Details | MITRE ATT&CK Techniques | 1 | T1308 |
|
| Details | MITRE ATT&CK Techniques | 627 | T1027 |
|
| Details | MITRE ATT&CK Techniques | 24 | T1002 |
|
| Details | MITRE ATT&CK Techniques | 238 | T1497 |
|
| Details | MITRE ATT&CK Techniques | 422 | T1041 |
|
| Details | MITRE ATT&CK Techniques | 40 | T1221 |
|
| Details | MITRE ATT&CK Techniques | 80 | T1064 |
|
| Details | MITRE ATT&CK Techniques | 149 | T1102 |
|
| Details | MITRE ATT&CK Techniques | 245 | T1203 |
|
| Details | MITRE ATT&CK Techniques | 70 | T1574.001 |
|
| Details | MITRE ATT&CK Techniques | 107 | T1564 |
|
| Details | MITRE ATT&CK Techniques | 30 | T1547.009 |
|
| Details | MITRE ATT&CK Techniques | 141 | T1219 |
|
| Details | MITRE ATT&CK Techniques | 125 | T1555.003 |
|
| Details | MITRE ATT&CK Techniques | 442 | T1071.001 |
|
| Details | MITRE ATT&CK Techniques | 11 | T1560.003 |
|
| Details | MITRE ATT&CK Techniques | 180 | T1543.003 |
|
| Details | MITRE ATT&CK Techniques | 94 | T1564.001 |
|
| Details | MITRE ATT&CK Techniques | 59 | T1055.001 |
|
| Details | Threat Actor Identifier - APT | 144 | APT38 |
|
| Details | Threat Actor Identifier - APT | 181 | APT33 |
|
| Details | Url | 1 | https://www.linkedin.com/in/danakurek |
|
| Details | Url | 1 | https://www.linkedin.com/in/dana-lopp-4132121b0 |
|
| Details | Url | 1 | https://www.geeks-board.com/images/themes/logo/boeing_gs_logo.jpg |
|
| Details | Url | 1 | https://www.fabianiarte.com/uploads/png/boeing_gs.png |
|
| Details | Url | 1 | https://www.paghera.com/img-head/thumb/lib/disney_dds_log.jpg |