ioc[.]one - OSINT Cyber Threat Intelligence Database

xHunt Campaign: Attacks on Kuwait Shipping and Transportation Organizations

Tags

country:

attack-pattern:

Data Direct Control Panel - T1218.002 Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Dns Server - T1583.002 Dns Server - T1584.002 Domains - T1583.001 Domains - T1584.001 Encrypted Channel - T1521 Encrypted Channel - T1573 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Remote Desktop Protocol - T1021.001 Rundll32 - T1218.011 Server - T1583.004 Server - T1584.004 Software - T1592.002 Web Services - T1583.006 Web Services - T1584.006 Tool - T1588.002 Graphical User Interface - T1061 Powershell - T1086 Remote Desktop Protocol - T1076 Rundll32 - T1085 Graphical User Interface

Show in Graph

Common Information

Type	Value
UUID	0e27375e-90d8-4acd-a4e1-fa6d8651ea2f
Fingerprint	a4959f9323328785
Analysis status	DONE
Considered CTI value	1
Text language
Published	Sept. 23, 2019, 1 p.m.
Added to db	Sept. 26, 2022, 9:30 a.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	xHunt Campaign: Attacks on Kuwait Shipping and Transportation Organizations
Title	xHunt Campaign: Attacks on Kuwait Shipping and Transportation Organizations
Detected Hints/Tags/Attributes	114/2/105

Source URLs

	Redirection	Url
Details	Source	https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/

URL Provider

Details	Provider	Source level domain
Details	paloaltonetworks.com	unit42.paloaltonetworks.com

Attributes

Details	Type	#Events	Value
Details	Domain	1	mail.contoso.com
Details	Domain	21	contoso.com
Details	Domain	4	pasta58.com
Details	Domain	4	firewallsupports.com
Details	Domain	2	winx64-microsoft.com
Details	Domain	1	6google.com
Details	Domain	2	alforatsystem.com
Details	Domain	2	windows64x.com
Details	Domain	2	windows-updates.com
Details	Domain	1	microsoft-check.com
Details	Domain	1	check-updates.com
Details	Domain	287	yahoo.com
Details	Domain	1	traveleasy-kw.com
Details	Domain	1	sakabota.com
Details	Domain	68	keemail.me
Details	Domain	25	www.cyberthreatalliance.org
Details	Domain	2	microsofte-update.com
Details	Domain	1	google-update.com
Details	Domain	1	learn-service.com
Details	Domain	12	server.com
Details	Domain	1	evcmmi.learn-service.com
Details	Domain	11	host.com
Details	Domain	1	ns1.cloudservername.com
Details	Domain	4	microsoft-publisher.com
Details	Domain	2	ns1.ressume.site
Details	Domain	1	ns2.pasta58.com
Details	Domain	1	dns.cloudipnameserver.com
Details	Domain	1	ns1.firewallsupports.com
Details	Domain	2	googie.email
Details	Domain	1	whatzapps.net
Details	Domain	1	ns1.windows-updates.com
Details	Domain	1	ns1.6google.com
Details	Domain	1	ns1.windows64x.com
Details	Domain	1	ns1.microsofte-update.com
Details	Domain	1	www.opendns-server.com
Details	Domain	2	dns.msnconnection.com
Details	Domain	3	outl00k.net
Details	Domain	1	ns1.pasta58.com
Details	Domain	1	www.microsofte-update.com
Details	Domain	2	ns1.alforatsystem.com
Details	Email	1	locas.l@yahoo.com
Details	Email	1	sofiiiweber@keemail.me
Details	File	1	inetinfo.sys
Details	File	1	gon.sys
Details	File	1	eye.exe
Details	File	1	netiso.sys
Details	File	1	otc.dll
Details	File	1	c:\\windows\\temp\\test.txt
Details	File	4	c:\windows\temp\test.txt
Details	File	103	test.txt
Details	File	1	scan_result.txt
Details	File	1	c:\\users\\bob\\desktop\\hisoka\\hisoka\\obj\\debug\\inetinfo.sys
Details	File	226	certutil.exe
Details	File	1	msdtd.txt
Details	File	1	msdtd.sys
Details	File	17	exchange.asmx
Details	File	3	ds.exe
Details	File	1	computer_ds.txt
Details	File	1	users_ds.txt
Details	File	1	group_ds.txt
Details	File	10	path.txt
Details	File	1	my_path.txt
Details	File	2	thumb.dll
Details	File	10	www.url
Details	File	6	p.txt
Details	File	6	n.txt
Details	File	2	ns2.pas
Details	File	2	ns1.pas
Details	sha256	1	892d5e8e763073648dfebcfd4c89526989d909d6189826a974f17e2311de8bc4
Details	IPv4	2	0.2.0.0
Details	IPv4	1	172.16.107.140
Details	IPv4	1	245.10.10.11
Details	IPv4	1	244.10.10.10
Details	IPv4	1	66.92.110.4
Details	IPv4	1	69.67.1.81
Details	IPv4	1	73.43.3.79
Details	IPv4	1	55.80.2.68
Details	IPv4	1	103.61.4.61
Details	IPv4	295	8.8.8.8
Details	IPv4	1	82.102.14.226
Details	IPv4	3	82.102.14.222
Details	IPv4	1	82.102.14.227
Details	IPv4	4	185.15.247.140
Details	IPv4	1	213.202.217.4
Details	IPv4	2	213.202.217.9
Details	IPv4	2	217.79.176.97
Details	IPv4	1	217.79.176.104
Details	IPv4	1	217.79.183.50
Details	IPv4	1	217.79.183.53
Details	IPv4	1	217.79.183.58
Details	IPv4	1	217.79.185.85
Details	IPv4	1	217.79.185.90
Details	IPv4	2	217.79.185.65
Details	IPv4	1	217.79.185.75
Details	IPv4	1	74.91.19.118
Details	IPv4	1	74.91.19.113
Details	IPv4	1	74.91.19.119
Details	IPv4	1	91.132.139.183
Details	IPv4	1	91.132.139.254
Details	Pdb	1	z:\tools\sakabota_tools\utility\micosoft_visual_studio_2010_experss\prjt\sync\sakabota\eye\eye\obj\release\eye.pdb
Details	Pdb	1	c:\users\sakabota\desktop\gon\gon\obj\debug\gon.pdb
Details	Pdb	1	sys.pdb
Details	Url	1	https://cas/ews/exchange.asmx
Details	Url	1	http://www.url
Details	Windows Registry Key	37	HKCU\Control