ioc[.]one - OSINT Cyber Threat Intelligence Database

The Madi Campaign – Part I

Tags

country:	Afghanistan Iran Israel
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Keylogging - T1056.001 Keylogging - T1417.001 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002

Show in Graph

Common Information

Type	Value
UUID	1b8a9a14-d55f-4b4d-8e35-25dee2e32602
Fingerprint	94089a1aacf3cef9
Analysis status	DONE
Considered CTI value	2
Text language
Published	July 17, 2012, 5 p.m.
Added to db	Sept. 26, 2022, 9:33 a.m.
Last updated	Nov. 2, 2024, 11:59 a.m.
Headline	The Madi Campaign – Part I
Title	The Madi Campaign – Part I
Detected Hints/Tags/Attributes	64/3/67

Source URLs

	Redirection	Url
Details	Source	https://securelist.com/the-madi-campaign-part-i-5/33693/

URL Provider

Details	Provider	Source level domain
Details	securelist.com	securelist.com

Attributes

Details	Type	#Events	Value
Details	Domain	8	blog.seculert.com
Details	Domain	1	www.maja.in
Details	Domain	3	www.angusj.com
Details	Domain	3	threats.kaspersky.com
Details	File	2	mahdi-cyberwar-savior.html
Details	File	1	magic_machine1123.pps
Details	File	1	moses_pic1.pps
Details	File	2	updateoffice.exe
Details	File	1	officedesktop.exe
Details	File	1	fie.dll
Details	File	1	xdat.dll
Details	File	1	bie.dll
Details	File	1	shk.dll
Details	File	2	nam.dll
Details	File	1	sik.dll
Details	File	2	motahare.txt
Details	File	1	mahdi.txt
Details	File	263	iexplore.exe
Details	File	2	ssss.htm
Details	File	1	rrrr.htm
Details	md5	1	7b7abab9bc4c49743d001cf99737e383
Details	md5	1	a9774d6496e1b09ccb1aeaba3353db7b
Details	md5	1	885fcebf0549bf0c59a697a7cfff39ad
Details	md5	1	4be969b977f9793b040c57276a618322
Details	md5	1	ea90ed663c402d34962e7e455b57443d
Details	md5	1	aa6f0456a4c2303f15484bff1f1109a0
Details	md5	1	caf851d9f56e5ee7105350c96fcc04b5
Details	md5	1	1fe27986d9d06c10e96cee1effc54c68
Details	md5	1	07740e170fc9cac3dcd692cc9f713dc2
Details	md5	1	755f19aa99a0ccba7d210e7f79182b09
Details	md5	1	35b2dfd71f565cfc1b67983439c09f72
Details	md5	1	d9a425eac54d6ca4a46b6a34650d3bf1
Details	md5	1	67c6fabbb0534090a079ddd487d2ab4b
Details	md5	1	e4eca131cde3fc18ee05c64bcdd90299
Details	md5	1	c71121c007a65fac1c8157e5930d656c
Details	md5	1	a86ce04694a53a30544ca7bb7c3b86cd
Details	md5	1	7b22fa2f81e9cd14f1912589e0a8d309
Details	md5	1	061c8eeb7d0d6c3ee751b05484f830b1
Details	md5	1	3ab9c5962ab673f62823d8b5670f0c07
Details	md5	1	1c968a80fa2616a4a2822d7589d9a5b4
Details	md5	1	1593fbb5e69bb516ae32bec6994f1e5d
Details	md5	1	133f2735e5123d848830423bf77e8c20
Details	md5	1	01dc62abf112f53a97234f6a1d54bc6f
Details	md5	1	18002ca6b19c3c841597e611cc9c02d9
Details	md5	1	046bcf4ea8297cdf8007824a6e061b63
Details	md5	1	89057fc8fedc7da1f300dd7b2cf53583
Details	md5	1	461ba43daa62b96b313ff897aa983454
Details	md5	1	d0dd88d60329c1b2d88555113e1ed66d
Details	md5	1	9c072edfb9afa88aa7a379d73b65f82d
Details	md5	1	b86409e2933cade5bb1d21e4e784a633
Details	md5	1	3fc8788fd0652e4f930d530262c3d3f3
Details	md5	1	15416f0033042c7e349246c01d6a43a3
Details	md5	1	f782d10eab3a7ca3c4a73a2f86128aad
Details	md5	1	cfd85a908554e0921b670ac9e3088631
Details	md5	1	abb49a9d81ec2cf8a1fb4d82fb7f1915
Details	md5	1	b2b4d7b5ce7c134df5cb40f4c4d5aa6a
Details	md5	1	8b01fc1e64316717a6ac94b272a798d4
Details	md5	1	81b2889bab87ab25a1e1663f10cf7e9e
Details	md5	1	3702360d1192736020b2a38c5e69263a
Details	md5	1	8139be1a7c6c643ae64dfe08fa8769ee
Details	md5	1	331f75a64b80173dc1d4abf0d15458cc
Details	md5	1	398168f0381ab36791f41fa1444633cc
Details	md5	1	d6f343e2bd295b69c2ce31f6fe369af9
Details	md5	1	f45963376918ed7dc2b96b16af976966
Details	Url	2	http://blog.seculert.com/2012/07/mahdi-cyberwar-savior.html
Details	Url	2	http://www.angusj.com/resourcehacker
Details	Url	1	https://threats.kaspersky.com/en/threat/virus.win32.parite.b