ioc[.]one - OSINT Cyber Threat Intelligence Database

Fighting Ursa Luring Targets With Car for Sale

Tags

country:	Israel Japan Romania Russia Ukraine
maec-delivery-vectors:	Watering Hole
attack-pattern:	Models Double File Extension - T1036.007 Javascript - T1059.007 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Web Services - T1583.006 Web Services - T1584.006

Show in Graph

Common Information

Type	Value
UUID	80bd4ce5-39f5-4984-9046-3f5198d314d2
Fingerprint	843489518339c03e
Analysis status	DONE
Considered CTI value	2
Text language
Published	Aug. 2, 2024, 10 a.m.
Added to db	Aug. 31, 2024, 6:40 a.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	Fighting Ursa Luring Targets With Car for Sale
Title	Fighting Ursa Luring Targets With Car for Sale
Detected Hints/Tags/Attributes	68/3/22

Source URLs

	Redirection	Url
Details	Source	https://unit42.paloaltonetworks.com/fighting-ursa-car-for-sale-phishing-lure/

URL Provider

Details	Provider	Source level domain
Details	paloaltonetworks.com	unit42.paloaltonetworks.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	120	✔	Unit 42	https://feeds.feedburner.com/Unit42	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	50	webhook.site
Details	Domain	1	img-387470302099.zip
Details	Domain	14	ibb.co
Details	File	1	img-387470302099.zip
Details	File	2	img-387470302099.jpg
Details	File	23	windowscodecs.dll
Details	File	2	zqtxmo.bat
Details	File	9	jpg.exe
Details	File	312	calc.exe
Details	File	1	img387470302099.jpg
Details	File	2	car-for-sale.jpg
Details	sha256	2	cda936ecae566ab871e5c0303d8ff98796b1e3661885afd9d4690fc1e945640e
Details	sha256	1	7c85ff89b535a39d47756dfce4597c239ee16df88badefe8f76051b836a7cbfb
Details	sha256	1	dad1a8869c950c2d1d322c8aed3757d3988ef4f06ba230b329c8d510d8d9a027
Details	sha256	3	c6a91cba00bf87cdb064c49adaac82255cbec6fdd48fd21f9b3b96abf019916b
Details	sha256	2	6b96b991e33240e5c2091d092079a440fa1bef9b5aecbf3039bf7c47223bdf96
Details	sha256	2	a06d74322a8761ec8e6f28d134f2a89c7ba611d920d080a3ccbfac7c3b61e2e7
Details	IBM X-Force - Threat Group Enumeration	12	ITG05
Details	Threat Actor Identifier - APT	783	APT28
Details	Url	1	https://webhook.site/66d5b9f9-a5eb-48e6-9476-9b6142b0c3ae
Details	Url	1	https://webhook.site/d290377c-82b5-4765-acb8-454edf6425dd
Details	Url	2	https://i.ibb.co/vvscr2z/car-for-sale.jpg