Operation Ghoul: targeted attacks on industrial and engineering organizations
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 846e8494-6fff-4fce-898e-fa912f47adf0 |
| Fingerprint | c0a10c5b0b238671 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Aug. 17, 2016, 8:56 a.m. |
| Added to db | Sept. 26, 2022, 9:31 a.m. |
| Last updated | Nov. 17, 2024, 12:58 p.m. |
| Headline | Operation Ghoul: targeted attacks on industrial and engineering organizations |
| Title | Operation Ghoul: targeted attacks on industrial and engineering organizations |
| Detected Hints/Tags/Attributes | 105/3/105 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | mail.ozlercelikkapi.com |
|
| Details | Domain | 1 | ozlercelikkapi.com |
|
| Details | Domain | 1 | mail.eminenture.com |
|
| Details | Domain | 1 | eminenture.com |
|
| Details | Domain | 3 | indyproject.org |
|
| Details | Domain | 1 | studiousb.com |
|
| Details | Domain | 1 | copylines.biz |
|
| Details | Domain | 1 | glazeautocaree.com |
|
| Details | Domain | 2 | brokelimiteds.in |
|
| Details | Domain | 1 | meedlifespeed.com |
|
| Details | Domain | 1 | 468213579.com |
|
| Details | Domain | 1 | 357912468.com |
|
| Details | Domain | 1 | aboranian.com |
|
| Details | Domain | 1 | apple-recovery.us |
|
| Details | Domain | 1 | security-block.com |
|
| Details | Domain | 1 | com-wn.in |
|
| Details | Domain | 1 | f444c4f547116bfd052461b0b3ab1bc2b445a.com |
|
| Details | Domain | 1 | deluxepharmacy.net |
|
| Details | Domain | 1 | katynew.pw |
|
| Details | Domain | 1 | mercadojs.com |
|
| Details | Domain | 1 | free.meedlifespeed.com |
|
| Details | Domain | 1 | emailreferentie.appleid.apple.nl.468213579.com |
|
| Details | Domain | 1 | emailreferentie.appleid.apple.nl |
|
| Details | Domain | 1 | verificatie.appleid.apple.nl.referentie.357912468.com |
|
| Details | Domain | 1 | customer.comcast.com.aboranian.com |
|
| Details | Domain | 1 | apple.security-block.com |
|
| Details | Domain | 1 | cgi.ebay.com-wn.in |
|
| Details | Domain | 1 | www.deluxepharmacy.net |
|
| Details | Domain | 1 | papercuts.info |
|
| Details | 1 | info@ozlercelikkapi.com |
||
| Details | 1 | eminfo@eminenture.com |
||
| Details | File | 1 | emiratesnbd_advice.exe |
|
| Details | File | 207 | login.php |
|
| Details | File | 73 | trojan.msi |
|
| Details | File | 1 | %username%\appdata\local\microsoft\windows\bthserv.exe |
|
| Details | File | 1 | %username%\appdata\local\microsoft\windows\bsbhvscan.exe |
|
| Details | File | 1 | %username%\appdata\local\client\winhttpautoproxysync.exe |
|
| Details | File | 1 | %username%\appdata\local\client\wdiservicehost.exe |
|
| Details | File | 1 | %username%\appdata\local\temp\af7b1841c6a70c858e3201422e2d0bea.dat |
|
| Details | File | 1 | %username%\appdata\roaming\helper\browser.txt |
|
| Details | File | 1 | %username%\appdata\roaming\helper\mail.txt |
|
| Details | File | 1 | %username%\appdata\roaming\helper\mess.txt |
|
| Details | File | 1 | %username%\appdata\roaming\helper\os.txt |
|
| Details | File | 1 | c:\programdata\mails.txt |
|
| Details | File | 1 | c:\programdata\browsers.txt |
|
| Details | File | 1 | id.html |
|
| Details | File | 1 | idmswebauth.log |
|
| Details | File | 3 | in.html |
|
| Details | File | 42 | login.html |
|
| Details | File | 1 | proforma-invoice.exe |
|
| Details | File | 2 | bro.exe |
|
| Details | File | 1 | onowu.exe |
|
| Details | File | 1 | obe.exe |
|
| Details | File | 47 | order.exe |
|
| Details | File | 4 | orders.exe |
|
| Details | File | 87 | java.exe |
|
| Details | File | 3 | f.zip |
|
| Details | File | 101 | gate.php |
|
| Details | md5 | 1 | fc8da575077ae3db4f9b5991ae67dab1 |
|
| Details | md5 | 1 | b8f6e6a0cb1bcf1f100b8d8ee5cccc4c |
|
| Details | md5 | 1 | 08c18d38809910667bbed747b2746201 |
|
| Details | md5 | 1 | 55358155f96b67879938fe1a14a00dd6 |
|
| Details | md5 | 1 | 5f684750129e83b9b47dc53c96770e09 |
|
| Details | md5 | 1 | 460e18f5ae3e3eb38f8cae911d447590 |
|
| Details | md5 | 1 | AF7B1841C6A70C858E3201422E2D0BEA |
|
| Details | md5 | 1 | f9ef50c53a10db09fc78c123a95e8eec |
|
| Details | md5 | 1 | 07b105f15010b8c99d7d727ff3a9e70f |
|
| Details | md5 | 1 | ae2a78473d4544ed2acd46af2e09633d |
|
| Details | md5 | 1 | 21ea64157c84ef6b0451513d0d11d02e |
|
| Details | md5 | 1 | 8d46ee2d141176e9543dea9bf1c079c8 |
|
| Details | md5 | 1 | 36a9ae8c6d32599f21c9d1725485f1a3 |
|
| Details | md5 | 1 | cc6926cde42c6e29e96474f740d12a78 |
|
| Details | md5 | 1 | 6e959ccb692668e70780ff92757d2335 |
|
| Details | md5 | 1 | 3664d7150ac98571e7b5652fd7e44085 |
|
| Details | md5 | 1 | d87d26309ef01b162882ee5069dc0bde |
|
| Details | md5 | 1 | 5a97d62dc84ede64846ea4f3ad4d2f93 |
|
| Details | md5 | 1 | 5a68f149c193715d13a361732f5adaa1 |
|
| Details | md5 | 1 | dabc47df7ae7d921f18faf685c367889 |
|
| Details | md5 | 1 | aaee8ba81bee3deb1c95bd3aaa6b13d7 |
|
| Details | md5 | 1 | c3cf7b29426b9749ece1465a4ab4259e |
|
| Details | IPv4 | 1 | 192.169.82.86 |
|
| Details | IPv4 | 1 | 37.230.110.53 |
|
| Details | IPv4 | 1 | 192.185.140.232 |
|
| Details | Url | 1 | http://192.169.82.86 |
|
| Details | Url | 1 | http://192.169.82.86/~loftyco/skool/login.php |
|
| Details | Url | 1 | http://192.169.82.86/~loftyco/okilo/login.php |
|
| Details | Url | 1 | http://free.meedlifespeed.com/comcast |
|
| Details | Url | 1 | http://emailreferentie.appleid.apple.nl.468213579.com |
|
| Details | Url | 1 | http://468213579.com/emailreferentie.appleid.apple.nl/emailverificatie-40985443/home/login.php |
|
| Details | Url | 1 | http://verificatie.appleid.apple.nl.referentie.357912468.com/emailverificatie-40985443/home/lo |
|
| Details | Url | 1 | http://customer.comcast.com.aboranian.com/login |
|
| Details | Url | 1 | http://apple-recovery.us |
|
| Details | Url | 1 | http://apple.security-block.com/apple |
|
| Details | Url | 1 | http://cgi.ebay.com-wn.in/itm/2000-jeep-wrangler-sport-4 |
|
| Details | Url | 1 | http://https.portal.apple.com.idmswebauth.login.html.appidkey.05c7e09b5896b0334b3af1139274f266b2hxxp://2b68.f444c4f547116bfd052461b0b3ab1bc2b445a.com/login.html |
|
| Details | Url | 1 | http://www.deluxepharmacy.net |
|
| Details | Url | 1 | http://glazeautocaree.com/proforma-invoice.exe |
|
| Details | Url | 1 | http://brokelimiteds.in/cdn/images/bro.exe |
|
| Details | Url | 1 | http://brokelimiteds.in/cdn/images/onowu.exe |
|
| Details | Url | 1 | http://brokelimiteds.in/cdn/images/obe.exe |
|
| Details | Url | 2 | http://brokelimiteds.in/wp-admin/css/upload/order.exe |
|
| Details | Url | 1 | http://brokelimiteds.in/wp-admin/css/upload/orders.exe |
|
| Details | Url | 1 | http://papercuts.info/socialmedia/java.exe |
|
| Details | Url | 1 | http://studiousb.com/mercadolivrestudio/f.zip |
|
| Details | Url | 1 | http://copylines.biz/lasagna/gate.php?request=true |