ioc[.]one - OSINT Cyber Threat Intelligence Database

NetTraveler Spear-Phishing Email Targets Diplomat of Uzbekistan

Tags

country:	Brazil China India South Africa Uzbekistan Russia
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Direct Dll Side-Loading - T1574.002 Dns - T1071.004 Dns - T1590.002 Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Tool - T1588.002 Connection Proxy - T1090 Dll Side-Loading - T1073

Show in Graph

Common Information

Type	Value
UUID	95d61621-06fb-464d-bc06-32363fb3fe1b
Fingerprint	ecc51fdba5b620c1
Analysis status	DONE
Considered CTI value	2
Text language
Published	Jan. 21, 2016, 6:45 a.m.
Added to db	Sept. 26, 2022, 9:33 a.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	NetTraveler Spear-Phishing Email Targets Diplomat of Uzbekistan
Title	NetTraveler Spear-Phishing Email Targets Diplomat of Uzbekistan
Detected Hints/Tags/Attributes	71/3/43

Source URLs

	Redirection	Url
Details	Source	https://unit42.paloaltonetworks.com/nettraveler-spear-phishing-email-targets-diplomat-of-uzbekistan/

URL Provider

Details	Provider	Source level domain
Details	paloaltonetworks.com	unit42.paloaltonetworks.com

Attributes

Details	Type	#Events	Value
Details	CVE	176	cve-2012-0158
Details	Domain	1	www.voennovosti.com
Details	Domain	1	voennovosti.com
Details	Domain	622	en.wikipedia.org
Details	Domain	1	ufa2015.com
Details	File	1	уфе.doc
Details	File	1	ufe.doc
Details	File	11	dw20.exe
Details	File	8	rastls.exe
Details	File	20	rastls.dll
Details	File	1	sycmentec.config
Details	File	20	config.dat
Details	File	1122	svchost.exe
Details	File	1	ve.dll
Details	File	1	c:\windows\system\certapl.dll
Details	File	1	downloader.asp
Details	File	1	certapl.dll
Details	File	35	index.asp
Details	File	1	%appdata%\cert2013.dat
Details	File	1	%temp%\temp.bmp
Details	File	1	%temp%\tmp.bmp
Details	File	1	dll-side-loading-another-blind-spot-for-anti-virus.html
Details	md5	1	3e3df4fe831d87d7f52f14933e464fc3
Details	md5	1	85ce31f87f06b02fec915d33d82958e8
Details	sha1	1	cce65a0b67674a313091a947506ceb91d30605ad
Details	sha256	1	3b4e4d7a0b1185a45968d90ffe6346f4621116d14dbf88b5138040acc022c757
Details	sha256	1	3f4fcde99775b83bc88d30ca99f5c70c1dd8b96d970dbfd5a846b46c6ea3e534
Details	sha256	1	001fff6c09497f56532e83e998aaa80690a668883b6655129d408dd098bd1b4b
Details	sha256	1	74db11900499aa74be9e62d51889e7611eb8161cd141b9379e05eeca9d7175c9
Details	sha256	1	8f6af103bf7e3201045ce6c2af41f7a17ef671f33f297d36d2aab8640d00b0f0
Details	sha256	1	495bb9c680f114b255f92448e784563e4fd34ad19cf616cc537bec6245931b7e
Details	sha256	1	41650cb6b4ae9f06c92628208d024845026c19af1ab3916c99c80c6457bd4fa9
Details	IPv4	1	192.168.3.201
Details	IPv4	1	98.126.38.107
Details	Mandiant Temporary Group Assumption	1	TEMP.BMP
Details	Url	1	http://192.168.3.201/downloader2013/asp/downloader.asp
Details	Url	1	http://www.voennovosti.com/optdet/index.asp
Details	Url	1	https://securelist.com/blog/research/35936/nettraveler-is-running-red-star-apt-attacks-compromise-high-profile-victims
Details	Url	1	https://www.fireeye.com/blog/threat-research/2014/04/dll-side-loading-another-blind-spot-for-anti-virus.html
Details	Url	1	https://blog.paloaltonetworks.com/2015/05/plugx-uses-legitimate-samsung-application-for-dll-side-loading
Details	Url	1	http://indianexpress.com/article/business/business-others/10-years-on-sco-decides-to-induct-india-as-full-member
Details	Url	1	https://en.wikipedia.org/wiki/shanghai_cooperation_organisation
Details	Url	1	http://ufa2015.com