Gaza cybergang, where’s your IR team?
Tags
| country: | Egypt Argentina United Arab Emirates Saudi Arabia Yemen |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Domains - T1583.001 Domains - T1584.001 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 |
Common Information
| Type | Value |
|---|---|
| UUID | 67480d81-8d0e-409c-9680-91e7a067f82a |
| Fingerprint | 4c99cdd90cf1be91 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Sept. 28, 2015, 8 a.m. |
| Added to db | Jan. 18, 2023, 10:24 p.m. |
| Last updated | Nov. 17, 2024, 11:40 p.m. |
| Headline | Gaza cybergang, where’s your IR team? |
| Title | Gaza cybergang, where’s your IR team? |
| Detected Hints/Tags/Attributes | 41/3/215 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 4 | gov.uae.kim |
|
| Details | Domain | 1 | majed-abaas.zip |
|
| Details | Domain | 707 | google.com |
|
| Details | Domain | 1175 | gmail.com |
|
| Details | Domain | 179 | hotmail.com |
|
| Details | Domain | 3 | uae.kim |
|
| Details | Domain | 3 | natco1.no-ip.net |
|
| Details | Domain | 3 | natco3.no-ip.net |
|
| Details | Domain | 2 | up.uae.kim |
|
| Details | Domain | 3 | natco5.no-ip.net |
|
| Details | Domain | 2 | uptime.uae.kim |
|
| Details | Domain | 2 | nazer.zapto.org |
|
| Details | Domain | 3 | google.com.r3irv2ykn0qnd7vr7sqv7kg2qho3ab5tngl5avxi5iimz1jxw9pa9.uae.kim |
|
| Details | Domain | 2 | noredirecto.redirectme.net |
|
| Details | Domain | 2 | ajaxo.zapto.org |
|
| Details | Domain | 2 | nrehcnthrtfmyi.strangled.net |
|
| Details | Domain | 2 | backjadwer.bounceme.net |
|
| Details | Domain | 2 | ns2.negociosdesucesso.info |
|
| Details | Domain | 2 | backop.mooo.com |
|
| Details | Domain | 2 | offeline.webhop.net |
|
| Details | Domain | 2 | bandao.publicvm.com |
|
| Details | Domain | 2 | orango.redirectme.net |
|
| Details | Domain | 2 | bypasstesting.servehalflife.com |
|
| Details | Domain | 2 | redirectlnk.redirectme.net |
|
| Details | Domain | 2 | cbbnews.tk |
|
| Details | Domain | 2 | removalmalware.servecounterstrike.com |
|
| Details | Domain | 2 | cccam.serveblog.net |
|
| Details | Domain | 2 | mailchat.zapto.org |
|
| Details | Domain | 2 | chromeupdt.tk |
|
| Details | Domain | 2 | mp4.servemp3.com |
|
| Details | Domain | 3 | cnaci8gyolttkgmguzog.ignorelist.com |
|
| Details | Domain | 2 | rgoyfuadvkebxhjm.ddns.net |
|
| Details | Domain | 2 | cyber18.no-ip.net |
|
| Details | Domain | 2 | rotter2.publicvm.com |
|
| Details | Domain | 2 | deapka.sytes.net |
|
| Details | Domain | 2 | rotter2.sytes.net |
|
| Details | Domain | 2 | depka.sytes.net |
|
| Details | Domain | 2 | safar.selfip.com |
|
| Details | Domain | 3 | dnsfor.dnsfor.me |
|
| Details | Domain | 2 | safara.sytes.net |
|
| Details | Domain | 2 | download.likescandy.com |
|
| Details | Domain | 2 | safari.linkpc.net |
|
| Details | Domain | 2 | downloadlog.linkpc.net |
|
| Details | Domain | 2 | spreng.vizvaz.com |
|
| Details | Domain | 2 | downloadmyhost.zapto.org |
|
| Details | Domain | 2 | store-legal.biz |
|
| Details | Domain | 2 | downloadskype.cf |
|
| Details | Domain | 2 | su.noip.us |
|
| Details | Domain | 2 | duntat.zapto.org |
|
| Details | Domain | 2 | tango.zapto.org |
|
| Details | Domain | 2 | fastbingcom.sytes.net |
|
| Details | Domain | 5 | test.cable-modem.org |
|
| Details | Domain | 2 | fatihah.zapto.org |
|
| Details | Domain | 2 | test.ns01.info |
|
| Details | Domain | 2 | gaonsmom.redirectme.net |
|
| Details | Domain | 2 | testcom.strangled.net |
|
| Details | Domain | 2 | goodday.zapto.org |
|
| Details | Domain | 2 | thenewupdate.chickenkiller.com |
|
| Details | Domain | 3 | googlecombq6xx.ddns.net |
|
| Details | Domain | 2 | thenewupdatee.redirectme.net |
|
| Details | Domain | 2 | gq4bp1baxfiblzqk.mrbasic.com |
|
| Details | Domain | 3 | tvnew.otzo.com |
|
| Details | Domain | 2 | haartezenglish.redirectme.net |
|
| Details | Domain | 4 | update.ciscofreak.com |
|
| Details | Domain | 2 | haartezenglish.strangled.net |
|
| Details | Domain | 2 | updatee.hopto.org |
|
| Details | Domain | 2 | help2014.linkpc.net |
|
| Details | Domain | 2 | updatee.serveblog.net |
|
| Details | Domain | 2 | httpo.sytes.net |
|
| Details | Domain | 2 | updato.ns01.info |
|
| Details | Domain | 2 | internetdownloadr.publicvm.com |
|
| Details | Domain | 2 | use.mooo.com |
|
| Details | Domain | 2 | justded.justdied.com |
|
| Details | Domain | 2 | wallanews.publicvm.com |
|
| Details | Domain | 2 | kaliob.selfip.org |
|
| Details | Domain | 2 | wallanews.sytes.net |
|
| Details | Domain | 2 | kaswer12.strangled.net |
|
| Details | Domain | 2 | wcf6f0nqvjtup4un.mooo.com |
|
| Details | Domain | 2 | kolabdown.sytes.net |
|
| Details | Domain | 2 | webfile.myq-see.com |
|
| Details | Domain | 3 | ksm5sksm5sksm5s.zzux.com |
|
| Details | Domain | 2 | lastmoon.mooo.com |
|
| Details | Domain | 2 | ynet.ignorelist.com |
|
| Details | Domain | 2 | lilian.redirectme.net |
|
| Details | Domain | 2 | ynet.sytes.net |
|
| Details | Domain | 2 | live.isasecret.com |
|
| Details | 1 | google.com.*****/new/index.php?email=fl1-08-2015@gmail.com |
||
| Details | 1 | google.com.*****/new/g.htm?email=sharq-2014-12-31@gmail.com |
||
| Details | 1 | google.com.*****/new/index.php?email=2014-12-04@gmail.com |
||
| Details | 1 | googlecom*****/new/index.php?email=yemen-22-01-2015@hotmail.com |
||
| Details | File | 1 | والسعودية.exe |
|
| Details | File | 1 | uae.exe |
|
| Details | File | 1 | المصريين.exe |
|
| Details | File | 1 | majed-abaas.zip |
|
| Details | File | 1 | فرج.exe |
|
| Details | File | 1 | faraj.exe |
|
| Details | File | 2 | صبحي.exe |
|
| Details | File | 1 | sobhi.exe |
|
| Details | File | 1 | tasreb.rar |
|
| Details | File | 1 | vcsexpress.exe |
|
| Details | File | 1 | hex.exe |
|
| Details | File | 7 | log.exe |
|
| Details | File | 1 | imp.exe |
|
| Details | File | 25 | win.exe |
|
| Details | File | 1 | corss.exe |
|
| Details | File | 47 | winrar.exe |
|
| Details | File | 1 | avr.exe |
|
| Details | File | 10 | ccleaner.exe |
|
| Details | File | 2 | codeblocks.exe |
|
| Details | File | 11 | helppane.exe |
|
| Details | File | 1 | hex_workshop_hex_editor-o.exe |
|
| Details | File | 16 | help.exe |
|
| Details | File | 2 | decoded.exe |
|
| Details | File | 4 | vmplayer.exe |
|
| Details | File | 4 | decrypted.exe |
|
| Details | File | 64 | procexp.exe |
|
| Details | File | 6 | crashreporter.exe |
|
| Details | File | 5 | re.exe |
|
| Details | File | 26 | windowsupdate.exe |
|
| Details | File | 6 | pe.exe |
|
| Details | File | 119 | avp.exe |
|
| Details | File | 1 | pe-explorr.exe |
|
| Details | File | 1 | kaspersky.exe |
|
| Details | File | 1 | hworks32.exe |
|
| Details | File | 13 | manager.exe |
|
| Details | File | 5 | abc.exe |
|
| Details | File | 6 | news.exe |
|
| Details | File | 1 | sky.exe |
|
| Details | File | 1 | skyc.exe |
|
| Details | File | 87 | skype.exe |
|
| Details | File | 1 | skypo.exe |
|
| Details | File | 1 | والمغفرة.exe |
|
| Details | File | 1 | secret_report.exe |
|
| Details | File | 1 | more.exe |
|
| Details | File | 1206 | index.php |
|
| Details | File | 1 | g.htm |
|
| Details | File | 2 | negociosdesucesso.inf |
|
| Details | File | 2 | bandao.pub |
|
| Details | File | 2 | rotter2.pub |
|
| Details | File | 6 | test.cab |
|
| Details | File | 5 | ns01.inf |
|
| Details | File | 2 | internetdownloadr.pub |
|
| Details | File | 2 | wallanews.pub |
|
| Details | File | 4 | cyberattack_against_israeli_and_palestinian_targets.pdf |
|
| Details | File | 2 | operation-molerats-middle-east-cyber-attacks-using-poison-ivy.html |
|
| Details | File | 2 | attacks-against-israeli-palestinian-interests.html |
|
| Details | Github username | 6 | kbandla |
|
| Details | md5 | 2 | 302565aec2cd47bb6b62fa398144e0ad |
|
| Details | md5 | 2 | f94385be79ed56ef77c961aa6d9eafbf |
|
| Details | md5 | 3 | f6e8e1b239b66632fd77ac5edef7598d |
|
| Details | md5 | 2 | a347d25ed2ee07cbfe4baaabc6ff768b |
|
| Details | md5 | 2 | 8921bf7c4ff825cb89099ddaa22c8cfd |
|
| Details | md5 | 2 | 674dec356cd9d8f24ef0f2ec73aaec88 |
|
| Details | md5 | 2 | 3bb319214d83dfb8dc1f3c944fb06e3b |
|
| Details | md5 | 2 | e20b5b300424fb1ea3c07a31f1279bde |
|
| Details | md5 | 2 | 826ab586b412d174b6abb78faa1f3737 |
|
| Details | md5 | 2 | 42fca7968f6de3904225445312e4e985 |
|
| Details | md5 | 2 | 5e255a512dd38ffc86a2a4f95c62c13f |
|
| Details | md5 | 2 | 3dcb43a83a53a965b40de316c1593bca |
|
| Details | md5 | 2 | 058368ede8f3b487768e1beb0070a4b8 |
|
| Details | md5 | 3 | e540076f48d7069bacb6d607f2d389d9 |
|
| Details | md5 | 2 | 62b1e795a10bcd4412483a176df6bc77 |
|
| Details | md5 | 2 | 699067ce203ab9893943905e5b76f106 |
|
| Details | md5 | 2 | 39758da17265a07f2370cd04057ea749 |
|
| Details | md5 | 2 | 11a00d29d583b66bedd8dfe728144850 |
|
| Details | md5 | 2 | f54c8a235c5cce30884f07b4a8351ebf |
|
| Details | md5 | 2 | d5b63862b8328fb45c3dabdcdf070d0d |
|
| Details | md5 | 2 | 9ea2f8acddcd5ac32cfb45d5708b1e1e |
|
| Details | md5 | 2 | bc42a09888de8b311f2e9ab0fc966c8c |
|
| Details | md5 | 2 | 948d32f3f12b8c7e47a6102ab968f705 |
|
| Details | md5 | 2 | c48cba5e50a58dcec3c57c5f7cc3332d |
|
| Details | md5 | 2 | 868781bcb4a4dcb1ed493cd353c9e9ab |
|
| Details | md5 | 2 | 658f47b30d545498e3895c5aa333ecb1 |
|
| Details | md5 | 2 | 3c73f34e9119de7789f2c2b9d0ed0440 |
|
| Details | md5 | 2 | 2b473f1f7c2b2b97f928c1fc497c0650 |
|
| Details | md5 | 2 | 9dccb01facfbbb69429ef0faf4bc1bda |
|
| Details | md5 | 2 | 46cf06848e4d97fb3caa47c17cdd7a9e |
|
| Details | md5 | 2 | 4e8cbe3f2cf11d35827194fd016dbd7b |
|
| Details | md5 | 2 | 6eb17961e6b06f2472e4518589f66ab9 |
|
| Details | md5 | 2 | b4c8ff21441e99f8199b3a8d7e0a61b9 |
|
| Details | md5 | 2 | b0f49c2c29d3966125dd322a504799c6 |
|
| Details | md5 | 2 | 4d0cbb45b47eb95a9d00aba9b0f7daad |
|
| Details | md5 | 2 | ca78b173218ad8be863c7e00fec61f2f |
|
| Details | md5 | 2 | 18259503e5dfdf9f5c3fc98cdfac6b78 |
|
| Details | md5 | 2 | 23108c347282ff101a2104bcf54204a8 |
|
| Details | md5 | 2 | 0b074367862e1b0ae461900c8f8b81b6 |
|
| Details | md5 | 2 | 76f9443edc9b71b2f2494cff6d4a26a8 |
|
| Details | md5 | 2 | 89f2213a9a839af098e664aaa671111b |
|
| Details | md5 | 1 | 1d18df7ac9184fea0afe26981e57c6a7 |
|
| Details | md5 | 2 | 57ab5f60198d311226cdc246598729ea |
|
| Details | IPv4 | 2 | 192.52.166.115 |
|
| Details | IPv4 | 3 | 131.72.136.28 |
|
| Details | IPv4 | 2 | 109.200.23.207 |
|
| Details | IPv4 | 2 | 131.72.136.124 |
|
| Details | IPv4 | 2 | 66.155.23.36 |
|
| Details | IPv4 | 3 | 172.227.95.162 |
|
| Details | IPv4 | 4 | 162.220.246.117 |
|
| Details | IPv4 | 2 | 192.253.246.169 |
|
| Details | IPv4 | 2 | 192.99.111.228 |
|
| Details | IPv4 | 3 | 192.52.167.125 |
|
| Details | IPv4 | 2 | 185.33.168.150 |
|
| Details | IPv4 | 2 | 198.105.117.37 |
|
| Details | IPv4 | 2 | 185.45.193.4 |
|
| Details | IPv4 | 2 | 198.105.122.96 |
|
| Details | IPv4 | 2 | 131.72.136.11 |
|
| Details | IPv4 | 2 | 131.72.136.171 |
|
| Details | IPv4 | 2 | 84.200.17.147 |
|
| Details | Url | 1 | http://google.com.*****/new/index.php?email=fl1-08-2015@gmail.com |
|
| Details | Url | 1 | http://google.com.*****/new/g.htm?email=sharq-2014-12-31@gmail.com |
|
| Details | Url | 1 | http://google.com.*****/new/index.php?email=2014-12-04@gmail.com |
|
| Details | Url | 1 | http://googlecom*****/new/index.php?email=yemen-22-01-2015@hotmail.com |
|
| Details | Url | 2 | http://cyber-peace.org/wp-content/uploads/2014/01/cyberattack_against_israeli_and_palestinian_targets.pdf |
|
| Details | Url | 1 | https://www.fireeye.com/blog/threat-research/2013/08/operation-molerats-middle-east-cyber-attacks-using-poison-ivy.html |
|
| Details | Url | 2 | https://github.com/kbandla/aptnotes/blob/master/2012/cyberattack_against_israeli_and_palestinian_targets.pdf |
|
| Details | Url | 2 | http://pwc.blogs.com/cyber_security_updates/2015/04/attacks-against-israeli-palestinian-interests.html |