ioc[.]one - OSINT Cyber Threat Intelligence Database

Identifying Network Infrastructure Related to a WHO Spoofiing Campaign - DomainTools | Start Here. Know Now.

Tags

cmtmf-attack-pattern:	Masquerading
country:	Lithuania
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Phishing - T1660 Phishing - T1566 Server - T1583.004 Server - T1584.004 Masquerading - T1036 Masquerading

Show in Graph

Common Information

Type	Value
UUID	85c55ca5-72c2-4672-bd21-e26e0f070d34
Fingerprint	a48009b35f3bce89
Analysis status	DONE
Considered CTI value	2
Text language
Published	Dec. 2, 2020, midnight
Added to db	Sept. 26, 2022, 9:30 a.m.
Last updated	Oct. 1, 2024, 2:51 p.m.
Headline	Identifying Network Infrastructure Related to a World Health Organization Spoofing Campaign
Title	Identifying Network Infrastructure Related to a WHO Spoofiing Campaign - DomainTools \| Start Here. Know Now.
Detected Hints/Tags/Attributes	61/4/26

Source URLs

	Redirection	Url
Details	Source	https://www.domaintools.com/resources/blog/identifying-network-infrastructure-related-to-a-who-spoofing-campaign

URL Provider

Details	Provider	Source level domain
Details	domaintools.com	www.domaintools.com

Attributes

Details	Type	#Events	Value
Details	Domain	1	european-who.com
Details	Domain	1	health-world-org.com
Details	Domain	3	euro.who.int
Details	Domain	4	who.int
Details	Domain	1	office-pulgin.com
Details	Domain	11	ipify.org
Details	Domain	1	adverting-cdn.com
Details	Domain	24	publicdomainregistry.com
Details	Domain	1	bacloud.com
Details	Domain	2	who-international.com
Details	File	1	who_report.jar
Details	File	13	office.exe
Details	File	1	programdatakaosdma.png
Details	File	1	kaosdma.png
Details	File	1	who_month_report.doc
Details	md5	1	2dc6f3972a95bd3091db90d9c24606b3
Details	md5	1	738d16d1feadd8eb8e88149201179cb6
Details	sha1	1	8fe66769399c11f32d2c18b99e4bdad6dbfe4d5d
Details	sha1	1	0b32961bedc84134dabeceab4c3d248afa6d5ba9
Details	sha256	1	98beba8a22b5f579b89cac0a1a35a254ae81488fb549481506f20983e720c5b1
Details	sha256	1	05d3a35cacf882e34b8433037ad7a9b292fcb2b08439823e4724add4ceacb665
Details	sha256	1	77641bee068b0da858ff58be753653a1cd3263115ab9d7d248e7bbcdcc65548f
Details	IPv4	1	88.119.170.2
Details	IPv4	1	213.252.246.23
Details	IPv4	1	91.216.163.179
Details	IPv4	1	89.41.26.78