ioc[.]one - OSINT Cyber Threat Intelligence Database

Keep Calm and (Don’t) Enable Macros: A New Threat Actor Targets UAE Dissidents - The Citizen Lab

Tags

country:	Egypt Argentina United Arab Emirates Bahrain China Iran Laos Libya Qatar
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Direct Domains - T1583.001 Domains - T1584.001 Email Account - T1087.003 Exploits - T1587.004 Exploits - T1588.005 Financial Theft - T1657 Ip Addresses - T1590.005 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Vulnerabilities - T1588.006 Whois - T1596.002 Connection Proxy - T1090 Powershell - T1086 Remote Access Tools - T1219 Scheduled Task - T1053 Windows Management Instrumentation - T1047

Show in Graph

Common Information

Type	Value
UUID	7572266a-1200-4b48-b743-aa3dc1d3f9a1
Fingerprint	b48bd0db28a187c7
Analysis status	DONE
Considered CTI value	2
Text language
Published	May 29, 2016, midnight
Added to db	Sept. 26, 2022, 9:33 a.m.
Last updated	Nov. 17, 2024, 9:42 p.m.
Headline	Keep Calm and (Don’t) Enable Macros A New Threat Actor Targets UAE Dissidents
Title	Keep Calm and (Don’t) Enable Macros: A New Threat Actor Targets UAE Dissidents - The Citizen Lab
Detected Hints/Tags/Attributes	175/3/229

Source URLs

	Redirection	Url
Details	Source	https://citizenlab.ca/2016/05/stealth-falcon/
Details	Source	https://citizenlab.org/2016/05/stealth-falcon/

URL Provider

Details	Provider	Source level domain
Details	citizenlab.ca	citizenlab.ca
Details	citizenlab.org	citizenlab.org

Attributes

Details	Type	#Events	Value
Details	Domain	2	aax.me
Details	Domain	2	adhostingcache.com
Details	Domain	2	adhostingcaches.com
Details	Domain	2	incapsulawebcache.com
Details	Domain	1	cloud.openmailbox.org
Details	Domain	80	goo.gl
Details	Domain	768	www.youtube.com
Details	Domain	1	mohaamoon.com
Details	Domain	1	r7aluae2.wordpress.com
Details	Domain	1	www.a7rarelemarat.com
Details	Domain	707	google.com
Details	Domain	2	a7rarelemarat.com
Details	Domain	2	simpleadbanners.com
Details	Domain	2	clickstatistic.com
Details	Domain	2	bestairlinepricetags.com
Details	Domain	2	fasttravelclearance.com
Details	Domain	2	airlineadverts.com
Details	Domain	2	ministrynewschannel.com
Details	Domain	2	ministrynewsinfo.com
Details	Domain	2	yeastarr.com
Details	Domain	2	amnkeysvc.com
Details	Domain	2	amnkeysvcs.com
Details	Domain	2	optimizedimghosting.com
Details	Domain	2	edgecacheimagehosting.com
Details	Domain	2	al7ruae2014.com
Details	Domain	2	velocityfiles.com
Details	Domain	2	call4uaefreedom.com
Details	Domain	2	uaefreedom.com
Details	Domain	2	anonymousbitcoindomains.com
Details	Domain	1	www.youthdiplomaticservice.com
Details	Domain	2	www.middleeasteye.net
Details	Domain	1	www.echr.org.uk
Details	Domain	5	freedomhouse.org
Details	Domain	18	www.hrw.org
Details	Domain	11	www.amnesty.org
Details	Domain	113	www.usenix.org
Details	Domain	67	citizenlab.ca
Details	Domain	35	wikileaks.org
Details	Domain	2	ht.transparencytoolkit.org
Details	Domain	1	owncloud.org
Details	Domain	370	www.proofpoint.com
Details	Domain	1	righttofightexhibit.org
Details	Domain	2	www.powershellempire.com
Details	Domain	1	www.andlabs.org
Details	Domain	2	yourls.org
Details	Domain	4127	github.com
Details	Domain	6	trac.torproject.org
Details	Domain	9	blog.torproject.org
Details	Domain	622	en.wikipedia.org
Details	Domain	4	esupport.trendmicro.com
Details	Domain	16	support.kaspersky.com
Details	Domain	1	ssj100.fullsubject.com
Details	Domain	1	community.mcafee.com
Details	Domain	79	code.google.com
Details	Domain	3	www.huffingtonpost.co.uk
Details	Domain	5	en.rsf.org
Details	Domain	1	newday.blogs.cnn.com
Details	Domain	1	www.gc4hr.org
Details	Domain	1	www.buid.ac.ae
Details	Domain	1	www.wam.ae
Details	Domain	1	emarati.katib.org
Details	Domain	35	www.cnn.com
Details	Domain	151	www.bbc.com
Details	Domain	1	www.alittihad.ae
Details	Domain	1	www.thenational.ae
Details	Domain	1	dohanews.co
Details	Domain	165	www.instagram.com
Details	Domain	1373	twitter.com
Details	Domain	5	www.passivetotal.org
Details	Domain	1	wordsecure.com
Details	Domain	105	web.archive.org
Details	Domain	1	templates.entheosweb.com
Details	Domain	8	metrics.torproject.org
Details	Domain	3	targetedthreats.net
Details	Domain	11	www.latimes.com
Details	File	1	adcache.txt
Details	File	1	iewebcache.vbs
Details	File	1205	index.php
Details	File	17	redirect.php
Details	File	1	redirect.js
Details	File	1	17.htm
Details	File	32	showthread.php
Details	File	4	forumdisplay.php
Details	File	1	ggrr.txt
Details	File	1	oraclejavaupdater.ps1
Details	File	98	download.php
Details	File	2	sec14-paper-marczak.pdf
Details	File	1	british-pm-middle-east-human-rights-151103070038231.html
Details	File	1	jsrecon.html
Details	File	1	blackhat-ad-2010-kuppan-attacking-with-html5-slides.pdf
Details	File	1	defcon-17-gregory_fleischer-attacking_tor.pdf
Details	File	1	1057722.aspx
Details	File	1	uae-94-verdict_b_3549671.html
Details	File	1	45013.html
Details	File	1	uae-twitter-imprisoned-not-guilty-activist-cyber-crime.html
Details	File	3	resources.php
Details	File	1	1395239973989.html
Details	File	7	details.php
Details	File	21	www.pas
Details	File	1	internetexplorer.cs
Details	File	207	login.php
Details	File	26	register.php
Details	File	1	live_demo.asp
Details	File	1	la-na-associated-press-lawsuit-20150827-story.html
Details	Github username	1	yourls
Details	Github username	7	quasar
Details	md5	1	a81abdd8a0c0cd1d5d3b6baadcc9eb18
Details	md5	1	e6f6a65cf14f462597b64ac058dbe1d0
Details	IPv4	2	95.215.44.37
Details	IPv4	1441	127.0.0.1
Details	Threat Actor Identifier - APT	783	APT28
Details	Url	1	http://aax.me/d0dde
Details	Url	1	http://aax.me/a6faa
Details	Url	1	http://adhostingcache.com/ehhe/eh4g4/adcache.txt
Details	Url	1	https://incapsulawebcache.com/cache/cache.nfo
Details	Url	1	https://cloud.openmailbox.org/index.php/s/ujdnwmmg8pdg3al/authenticate
Details	Url	1	http://aax.me/redirect.php
Details	Url	1	http://aax.me/redirect.js
Details	Url	1	http://goo.gl/60haqj
Details	Url	1	http://aax.me/0b152
Details	Url	1	http://www.youtube.com/watch?v=f6nu4pc378k
Details	Url	1	http://mohaamoon.com/uae/17.htm
Details	Url	1	https://r7aluae2.wordpress.com/2012/01/09/اتحاد-المنظمات-الإسلامية-في-أوروبا-يس
Details	Url	1	https://www.a7rarelemarat.com/vb
Details	Url	25	http://google.com
Details	Url	1	https://www.a7rarelemarat.com/vb/showthread.php?p=3423#post3423
Details	Url	1	http://www.youtube.com/watch?v=xcc9tdc_hxg&feature=player_embedded#
Details	Url	1	http://www.youtube.com/watch?v=izesn9am6us&list=uu2wwg6r1j_grgxumgi9m8fq&index=1&feature=plcp
Details	Url	1	https://www.youtube.com/watch?feature=player_embedded&v=q3aqpfyxsrg
Details	Url	1	https://www.a7rarelemarat.com/vb/forumdisplay.php?f=3
Details	Url	1	http://aax.me/d910a.
Details	Url	1	http://optimizedimghosting.com/wddf/hrrw/ggrr.txt
Details	Url	1	https://edgecacheimagehosting.com/images/image.nfo
Details	Url	1	http://aax.me/4b708
Details	Url	1	http://velocityfiles.com/download.php?id=a81abdd8a0c0cd1d5d3b6baadcc9eb18
Details	Url	1	https://call4uaefreedom.com/vb.
Details	Url	1	http://www.youthdiplomaticservice.com/zzold-business-blog/category/business
Details	Url	1	http://www.middleeasteye.net/news/leaks-show-uae-shipped-weapons-libya-violated-un-resolution-1712843977
Details	Url	1	http://www.middleeasteye.net/news/uae-paid-pr-firm-millions-brief-uk-journalists-qatar-muslim-brotherhood-attacks-1058875159
Details	Url	1	http://www.middleeasteye.net/news/exclusive-emirati-plan-ruling-egypt-2084590756
Details	Url	1	http://www.middleeasteye.net/users/rori-donaghy
Details	Url	1	http://www.middleeasteye.net/about-middle-east-eye-1798743352
Details	Url	1	http://www.echr.org.uk
Details	Url	1	http://www.echr.org.uk/?page_id=25
Details	Url	1	https://freedomhouse.org/report/freedom-world/2015/united-arab-emirates
Details	Url	1	https://www.hrw.org/world-report/2016/country-chapters/united-arab-emirates
Details	Url	1	https://www.amnesty.org/en/countries/middle-east-and-north-africa/united-arab-emirates
Details	Url	2	https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-marczak.pdf
Details	Url	2	https://citizenlab.ca/2012/10/backdoors-are-forever-hacking-team-and-the-targeting-of-dissent
Details	Url	1	https://wikileaks.org/hackingteam/emails/emailid/585453
Details	Url	1	http://www.uae-embassy.org/news-media/sheikh-mohamed-bin-zayed-al-nahyan-meets-congressional-leaders-and-senior-us-government
Details	Url	1	https://ht.transparencytoolkit.org/rcs-dev\share/home/cristian/9.4
Details	Url	1	https://owncloud.org
Details	Url	1	https://www.proofpoint.com/us/office365
Details	Url	1	http://righttofightexhibit.org/home
Details	Url	1	http://www.powershellempire.com
Details	Url	1	http://www.aljazeera.com/indepth/opinion/2015/11/british-pm-middle-east-human-rights-151103070038231.html
Details	Url	1	http://www.andlabs.org/tools/jsrecon.html
Details	Url	1	https://media.blackhat.com/bh-ad-10/kuppan/blackhat-ad-2010-kuppan-attacking-with-html5-slides.pdf
Details	Url	1	https://yourls.org
Details	Url	1	https://github.com/yourls/yourls
Details	Url	1	https://trac.torproject.org/projects/tor/ticket/5922
Details	Url	1	https://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-gregory_fleischer-attacking_tor.pdf
Details	Url	1	https://blog.torproject.org/blog/new-tor-browser-bundles-windows
Details	Url	1	https://blog.torproject.org/blog/tor-browser-36-released
Details	Url	1	https://msdn.microsoft.com/en-us/library/2yfce773(v=vs.94).aspx#s
Details	Url	1	https://en.wikipedia.org/wiki/cross-origin_resource_sharing
Details	Url	1	https://esupport.trendmicro.com/en-us/home/pages/technical-support/1057722.aspx
Details	Url	1	http://support.kaspersky.com/us/11255
Details	Url	1	http://ssj100.fullsubject.com/t446-avira-antivir-premium-allows-all-outbound
Details	Url	1	http://www.wilderssecurity.com/threads/port-80-is-redirected-to-30606-and-no-webpage-is-opened.212599
Details	Url	1	https://community.mcafee.com/thread/21790?tstart=0
Details	Url	1	http://www.andlabs.org/tools/jsrecon/jsrecon.html
Details	Url	1	https://code.google.com/p/google-security-research/issues/detail?id=679
Details	Url	1	http://www.huffingtonpost.co.uk/rori-donaghy/uae-94-verdict_b_3549671.html
Details	Url	1	http://en.rsf.org/emirats-arabes-unis-journalist-held-incommunicado-02-08-2013,45013.html
Details	Url	1	https://www.indexoncensorship.org/2015/03/united-arab-emirates-stop-the-charade-and-release-activists-convicted-at-the-mass-uae-94-trial
Details	Url	1	http://blogs.voanews.com/repressed/2014/01/14/update-shez-cassim-back-home-after-months-in-uae-jail
Details	Url	1	http://www.al-monitor.com/pulse/originals/2014/07/uae-twitter-imprisoned-not-guilty-activist-cyber-crime.html
Details	Url	1	http://newday.blogs.cnn.com/2013/12/11/u-s-man-in-jail-in-dubai-over-parody-video
Details	Url	1	https://www.youtube.com/watch?v=iuk5cb9kaby
Details	Url	1	http://www.nydailynews.com/news/national/shezanne-cassim-sentenced-year-united-arab-emirates-parody-video-article-1.1556327
Details	Url	1	https://www.article19.org/resources.php/resource/37279/en/united-arab-emirates
Details	Url	1	https://www.amnesty.org/en/documents/mde25/015/2014/en
Details	Url	1	http://www.gc4hr.org/report/view/33
Details	Url	1	http://www.buid.ac.ae/vc
Details	Url	1	http://www.wam.ae/ar/news/emirates/1395239973989.html
Details	Url	1	http://emarati.katib.org/2011/03/09/إماراتيون-يرفعون-رسالة-لحكام-الإمارا
Details	Url	1	http://www.cnn.com/2011/world/meast/03/09/uae.petition
Details	Url	1	http://www.bbc.com/news/world-middle-east-13043270
Details	Url	1	http://www.alittihad.ae/details.php?id=8416&y=2005
Details	Url	1	http://www.thenational.ae/uae/courts/defendant-denies-insulting-leaders-of-uae-on-social-media
Details	Url	1	http://dohanews.co/uae-court-convicts-qataris-for-insulting-royals-on-social-media
Details	Url	1	http://www.thenational.ae/uae/foreign-agent-ordered-to-spread-false-information-about-uae
Details	Url	1	https://www.instagram.com/9ip
Details	Url	1	https://twitter.com/bu_saeed2/status/158267593269063680
Details	Url	1	http://www.gc4hr.org/news/view/198
Details	Url	1	http://www.echr.org.uk/?page_id=207
Details	Url	2	https://twitter.com/islam_way_2030/status/232392466760863744
Details	Url	1	https://twitter.com/a7rarelemarat/status/259883131807621120
Details	Url	1	http://www.bbc.com/news/world-middle-east-20768205
Details	Url	2	https://twitter.com/islam_way_2030/status/232393358243401728
Details	Url	1	http://www.echr.org.uk/?p=1104
Details	Url	1	https://twitter.com/dwight389/status/327033672979079168
Details	Url	1	https://twitter.com/dwight389/status/398413653315031041
Details	Url	1	http://www.thenational.ae/uae/courts/20150518/five-qataris-found-guilty-of-insulting-uae-royals
Details	Url	2	https://twitter.com/miriamkhaled/status/156625204280434688
Details	Url	1	https://twitter.com/bu_saeed2/status/156781983983349760
Details	Url	1	https://twitter.com/kh_oz/status/351828658371039233
Details	Url	1	https://twitter.com/dwight389/status/332452681325088768
Details	Url	2	https://twitter.com/r7aluae2/status/156418043424157696
Details	Url	1	https://twitter.com/bu_saeed2/status/156406670866653184
Details	Url	1	https://github.com/yourls/yourls/wiki/spam
Details	Url	2	https://www.passivetotal.org
Details	Url	1	https://wordsecure.com
Details	Url	1	https://github.com/quasar/quasarrat/blob/master/client/core/recovery/browsers/internetexplorer.cs
Details	Url	1	https://web.archive.org/web/20131207060523/https://velocityfiles.com/login.php
Details	Url	1	https://web.archive.org/web/20131207054158/https://velocityfiles.com/register.php
Details	Url	1	http://templates.entheosweb.com/template_number/live_demo.asp?templateid=54257
Details	Url	1	http://aax.me/1a732
Details	Url	1	https://en.wikipedia.org/wiki/emirates_discussion_forum
Details	Url	1	https://twitter.com/ahmed_mansoor/status/256142870896054273
Details	Url	1	https://twitter.com/ahmed_mansoor/status/256144504116109312
Details	Url	3	https://metrics.torproject.org
Details	Url	3	https://citizenlab.ca/2012/07/from-bahrain-with-love-finfishers-spy-kit-exposed
Details	Url	2	https://citizenlab.ca/2015/12/packrat-report
Details	Url	2	https://citizenlab.ca/2015/08/iran_two_factor_phishing
Details	Url	3	https://targetedthreats.net
Details	Url	1	http://www.latimes.com/nation/la-na-associated-press-lawsuit-20150827-story.html