ioc[.]one - OSINT Cyber Threat Intelligence Database

Trouble in Asia and the Middle East. Tracking the TransparentTribe threat actor.

Tags

country:	Afghanistan China Germany India Iran Pakistan Saudi Arabia
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Direct Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Python - T1059.006 Server - T1583.004 Server - T1584.004 Software - T1592.002 Visual Basic - T1059.005

Show in Graph

Common Information

Type	Value
UUID	1ca3aa4d-05fe-4b7d-933d-4770bd404029
Fingerprint	94319d198be3e429
Analysis status	DONE
Considered CTI value	2
Text language
Published	Oct. 13, 2021, 6:54 a.m.
Added to db	Sept. 26, 2022, 9:30 a.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	Anchored Narratives on Threat Intelligence and Geopolitics
Title	Trouble in Asia and the Middle East. Tracking the TransparentTribe threat actor.
Detected Hints/Tags/Attributes	94/3/87

Source URLs

	Redirection	Url
Details	Source	https://anchorednarratives.substack.com/p/trouble-in-asia-and-the-middle-east

URL Provider

Details	Provider	Source level domain
Details	substack.com	anchorednarratives.substack.com

Attributes

Details	Type	#Events	Value
Details	Domain	1174	gmail.com
Details	Domain	5	www.tasnimnews.com
Details	Domain	2	secure256.net
Details	Domain	1	myabcxyz1.ddns.net
Details	Domain	1	speedytech.work
Details	Domain	1	tasnimnewstehran.club
Details	Email	1	kingsmanfisher@gmail.com
Details	File	1	iran.doc
Details	File	1	kumar.doc
Details	File	66	normal.dot
Details	File	323	winword.exe
Details	File	6	doc.doc
Details	File	1	ravidhtirad.exe
Details	File	1	2021.xlam
Details	File	1	jaykrishna.xls
Details	File	1	csd_applaunch.exe
Details	File	3	ver4.mp3
Details	File	1	intelwifi.exe
Details	File	1	prog.doc
Details	File	5	wechat.exe
Details	File	28	program.exe
Details	File	2	i.docm
Details	File	2	point.ppt
Details	File	2	trbgertrnion.exe
Details	File	1	railthnsrqn.exe
Details	File	1	whatsapplite.apk
Details	File	1	singh.exe
Details	File	1	adwc.exe
Details	File	1	ultimate-file.docm
Details	md5	1	c7a3276763a5c1b13f93028aab5a6e73
Details	md5	1	938770e6e69e6feadb1b9f63af9969f4
Details	md5	1	1F1082F170381D1CBA07EAE5F750FE7B
Details	md5	1	7f1f7c5c4b6b486e5ba9340944036285
Details	md5	1	77c29d464efcae961424ae050453ef11
Details	md5	1	3c2b45a6d878cc9f30a5dc10abf400a1
Details	md5	1	66558073be686a57514dbc72e56fd41c
Details	md5	1	039c162d7fcd8640b337173e323f94d8
Details	md5	1	54a86a284932a893a80fb760f9231283
Details	md5	1	1DEFE1EAC1D87D6A7808E4471080388B
Details	md5	1	571E6B675E7E9AA3E5A1EF3A19C25909
Details	md5	1	c2a38018cf336685e3c760c614bbf4c3
Details	md5	1	f0b43a3f4821a4cf4b514144b496e4d7
Details	md5	1	cf937b817a81db6521a64229625fbc1b
Details	md5	1	e98510e1252e7dd99012b23a400bb00b
Details	md5	2	4a7ff92e0ea13b41a5e3410c3becfb2e
Details	md5	2	54d5743efcc5511368c6c04bf6840a59
Details	md5	2	6d88dcb578cef59d3d0244d1e93b0f57
Details	md5	1	7d5eea5905af0b091f3ed37b20b7d847
Details	md5	1	8057dacaf42319cde2b979b5cdfff034
Details	md5	1	3a64279863fa16be74abdc8c20ceecb0
Details	md5	1	0fd1530fa9d78a579af960d57151a431
Details	md5	2	5cbcc3485f4286098b3a111ceec8ce54
Details	md5	2	c08e1509f379755df710d5a8fd4ff175
Details	md5	1	66870a4045126c2744d86d92d564e1a4
Details	md5	1	54328bd36c14bd82ddaa0c04b25ed9ad
Details	md5	1	2f71caebb2842f4afd6c262f742d3b2b
Details	md5	1	6917d9ca4f9604ee09d08d5c33e93955
Details	md5	1	643b11c3f6a6ccc41cfd37544b71c0dc
Details	md5	1	467e17b8d44626b7456716680e3d043d
Details	md5	1	0061d17ff54d214c5ea6867cb815caea
Details	md5	1	cb27d0bd9a97e053f3fbfcf4bba8b8fc
Details	md5	1	28dc287cc78e195386dc33564dfe449a
Details	sha256	1	59ed41388826fed419cc3b18d28707491a4fa51309935c4fa016e53c6f2f94bc
Details	sha256	1	afd21ef5712ffcbe4e338a5eb347f742d3c786f985ba003434568146adedb290
Details	IPv4	4	151.106.14.125
Details	IPv4	3	23.254.119.118
Details	IPv4	1	167.86.105.43
Details	IPv4	3	45.147.228.195
Details	IPv4	2	64.188.25.143
Details	IPv4	2	178.132.3.230
Details	IPv4	2	5.189.134.216
Details	IPv4	2	185.117.73.222
Details	IPv4	2	198.23.210.211
Details	IPv4	2	167.160.166.80
Details	IPv4	3	167.160.166.177
Details	IPv4	1	109.236.85.16
Details	IPv4	3	5.189.170.84
Details	IPv4	1	167.86.118.69
Details	IPv4	2	64.188.13.46
Details	IPv4	3	66.154.103.106
Details	IPv4	2	134.119.181.142
Details	Pdb	1	thnaviwa.pdb
Details	Pdb	2	e:\\core-projects\\adii\\trbgertrnion\\trbgertrnion\\obj\\debug\\trbgertrnion.pdb
Details	Threat Actor Identifier - APT-C	14	APT-C-56
Details	Url	1	https://www.tasnimnews.com
Details	Url	2	https://secure256.net/ver4.mp3
Details	Url	1	http://64.188.13.46/deliveryyyyyyyyy/adwc.exe