ioc[.]one - OSINT Cyber Threat Intelligence Database

STOLEN PENCIL Campaign Targets Academia | NETSCOUT

Tags

cmtmf-attack-pattern:	Network Sniffing
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Javascript - T1059.007 Phishing - T1660 Phishing - T1566 Remote Desktop Protocol - T1021.001 Software - T1592.002 Tool - T1588.002 Whois - T1596.002 Browser Extensions - T1176 Connection Proxy - T1090 Network Sniffing - T1040 Remote Desktop Protocol - T1076 Network Sniffing

Show in Graph

Common Information

Type	Value
UUID	84fa195b-53fc-4527-9321-fe7dc260c92c
Fingerprint	a5959c9b023a0469
Analysis status	DONE
Considered CTI value	2
Text language
Published	Dec. 5, 2018, midnight
Added to db	Sept. 26, 2022, 9:30 a.m.
Last updated	Nov. 18, 2024, 5:37 p.m.
Headline	STOLEN PENCIL Campaign Targets Academia
Title	STOLEN PENCIL Campaign Targets Academia \| NETSCOUT
Detected Hints/Tags/Attributes	77/3/79

Source URLs

	Redirection	Url
Details	Source	https://asert.arbornetworks.com/stolen-pencil-campaign-targets-academia/
Details	Source	https://www.netscout.com/blog/asert/stolen-pencil-campaign-targets-academia

URL Provider

Details	Provider	Source level domain
Details	arbornetworks.com	asert.arbornetworks.com
Details	netscout.com	www.netscout.com

Attributes

Details	Type	#Events	Value
Details	Domain	1	client-message.com
Details	Domain	1	world-paper.net
Details	Domain	1	docsdriver.com
Details	Domain	1	grsvps.com
Details	Domain	1	coreytrevathan.com
Details	Domain	1	gworldtech.com
Details	Domain	1	aswewd.docsdriver.com
Details	Domain	1	facebook.docsdriver.com
Details	Domain	1	falken.docsdriver.com
Details	Domain	1	finder.docsdriver.com
Details	Domain	1	government.docsdriver.com
Details	Domain	1	keishancowan.docsdriver.com
Details	Domain	1	korean-summit.docsdriver.com
Details	Domain	1	mofa.docsdriver.com
Details	Domain	1	northkorea.docsdriver.com
Details	Domain	1	o365.docsdriver.com
Details	Domain	1	observatoireplurilinguisnorthkorea.docsdriver.com
Details	Domain	1	oodwd.docsdriver.com
Details	Domain	1	twitter.docsdriver.com
Details	Domain	1	whois.docsdriver.com
Details	Domain	1	www.docsdriver.com
Details	Domain	1	bizsonet.ayar.biz
Details	Domain	1	bizsonet.com
Details	Domain	1	client-screenfonts.com
Details	Domain	1	itservicedesk.org
Details	Domain	1	pqexport.com
Details	Domain	1	scaurri.com
Details	Domain	1	secozco.com
Details	Domain	1	sharedriver.pw
Details	Domain	1	sharedriver.us
Details	Domain	1	tempdomain8899.com
Details	Domain	1	zwfaxi.com
Details	File	1	aswewd.doc
Details	File	1	facebook.doc
Details	File	1	falken.doc
Details	File	1	finder.doc
Details	File	2	government.doc
Details	File	1	keishancowan.doc
Details	File	1	korean-summit.doc
Details	File	1	mofa.doc
Details	File	1	northkorea.doc
Details	File	1	o365.doc
Details	File	1	observatoireplurilinguisnorthkorea.doc
Details	File	1	oodwd.doc
Details	File	1	twitter.doc
Details	File	1	whois.doc
Details	File	41	www.doc
Details	File	86	manifest.json
Details	File	41	jquery.js
Details	md5	1	9d1e11bb4ec34e82e09b4401cd37cf71
Details	md5	1	8b8a2b271ded23c40918f0a2c410571d
Details	md5	1	2ec54216e79120ba9d6ed2640948ce43
Details	md5	1	6a127b94417e224a237c25d0155e95d6
Details	md5	1	fd14c377bf19ed5603b761754c388d72
Details	md5	1	1d6ce0778cabecea9ac6b985435b268b
Details	md5	1	ab4a0b24f706e736af6052da540351d8
Details	md5	1	f082f689394ac71764bca90558b52c4e
Details	md5	1	ecda8838823680a0dfc9295bdc2e31fa
Details	md5	1	1cdb3f1da5c45ac94257dbf306b53157
Details	md5	1	2d8c16c1b00e565f3b99ff808287983e
Details	md5	1	5b32288e93c344ad5509e76967ce2b18
Details	md5	1	4e0696d83fa1b0804f95b94fc7c5ec0b
Details	md5	1	af84eb2462e0b47d9595c21cf0e623a5
Details	md5	1	75dd30fd0c5cf23d4275576b43bbab2c
Details	md5	1	98de4176903c07b13dfa4849ec88686a
Details	md5	1	09fabdc9aca558bb4ecf2219bb440d98
Details	md5	1	1bd173ee743b49cee0d5f89991fc7b91
Details	md5	1	e5e8f74011167da1bf3247dae16ee605
Details	md5	1	0569606a0a57457872b54895cf642143
Details	md5	1	52dbd041692e57790a4f976377adeade
Details	IPv4	1	104.148.109.48
Details	IPv4	1	107.175.130.191
Details	IPv4	1	132.148.240.198
Details	IPv4	1	134.73.90.114
Details	IPv4	1	172.81.132.211
Details	IPv4	3	173.248.170.149
Details	IPv4	1	5.196.169.223
Details	IPv4	1	74.208.247.127
Details	IPv4	1	92.222.212.0