ioc[.]one - OSINT Cyber Threat Intelligence Database

Evilgrab Delivered by Watering Hole Attack on President of Myanmar’s Website

Tags

country:	Myanmar
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Audio Capture - T1429 Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Javascript - T1059.007 Keylogging - T1056.001 Keylogging - T1417.001 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Video Capture - T1512 Tool - T1588.002 Audio Capture - T1123 Connection Proxy - T1090 Video Capture - T1125

Show in Graph

Common Information

Type	Value
UUID	9ae75221-8f4c-4442-9daa-d52682d11cb4
Fingerprint	b48c8cd9e0270599
Analysis status	DONE
Considered CTI value	2
Text language
Published	June 11, 2015, 4 p.m.
Added to db	Sept. 26, 2022, 9:33 a.m.
Last updated	Nov. 17, 2024, 8:43 p.m.
Headline	Evilgrab Delivered by Watering Hole Attack on President of Myanmar’s Website
Title	Evilgrab Delivered by Watering Hole Attack on President of Myanmar’s Website
Detected Hints/Tags/Attributes	95/3/45

Source URLs

	Redirection	Url
Details	Source	http://researchcenter.paloaltonetworks.com/2015/06/evilgrab-delivered-by-watering-hole-attack-on-president-of-myanmars-website/

URL Provider

Details	Provider	Source level domain
Details	paloaltonetworks.com	researchcenter.paloaltonetworks.com

Attributes

Details	Type	#Events	Value
Details	CVE	55	cve-2014-6332
Details	CVE	176	cve-2012-0158
Details	Domain	2	www.president-office.gov
Details	Domain	1	www.myanmarpresidentoffice.info
Details	Domain	2	president-office.gov
Details	Domain	2	mmslsh.tiger1234.com
Details	Domain	1	dns.websecexp.com
Details	Domain	1	ns.websecexp.com
Details	Domain	1	appeur.gnway.cc
Details	Domain	21	update.microsoft.com
Details	Domain	1	websecexp.com
Details	Domain	1	usafi.websecexp.com
Details	Domain	1	usacia.websecexp.com
Details	Domain	1	webhttps.websecexp.com
Details	Domain	1	usagovdns.websecexp.com
Details	Domain	1	ceshi.mailpseonfz.com
Details	Domain	1	dns.mailpseonfz.com
Details	Domain	9	pwc.blogs.com
Details	Domain	36	contagiodump.blogspot.com
Details	Domain	1	usafbi.websecexp.com
Details	File	1	myanmarpresidentoffice.inf
Details	File	62	script.js
Details	File	1	list_view.php
Details	File	1	newdata.exe
Details	File	212	winlogon.exe
Details	File	3	'winlogon.exe
Details	File	82	default.aspx
Details	File	2	%userprofile%\users.bin
Details	File	1	cto-tib-20150223-01a.pdf
Details	File	1	sandbox-miming-cve-2012-0158-in-mhtml.html
Details	md5	1	2e78e6d02aaed4f057f4dfa631ea5519
Details	sha256	1	b69106e06dc008e4fa1e4a0b0b58fcb1dc6d2016422a35cb3111168fd3fae577
Details	sha256	1	10d9611e5b4ff41fc79e8907e3eb522630131b1bdc1010a0564c8780ba55c87c
Details	sha256	1	91f7d6612c79cc0b266891c447359853614546837b003836ab342b091ee1a6cc
Details	sha256	1	b8c37a1db36d702932b5db97ec150269a323b5dc76059062beff7e330f2d136d
Details	IPv4	1	211.169.202.2
Details	IPv4	1	192.168.180.47
Details	IPv4	1	59.188.16.130
Details	Url	1	http://www.president-office.gov.mm/welcome.html
Details	Url	1	http://www.president-office.gov.mm/sites/all/modules/browscap/list_view.php
Details	Url	1	https://www.virustotal.com/en/url/91f7d6612c79cc0b266891c447359853614546837b003836ab342b091ee1a6cc/analysis
Details	Url	1	https://www.virustotal.com/en/file/b8c37a1db36d702932b5db97ec150269a323b5dc76059062beff7e330f2d136d/analysis
Details	Url	2	http://blog.trendmicro.com/trendlabs-security-intelligence/evilgrab-malware-family-used-in-targeted-attacks-in-asia
Details	Url	1	http://pwc.blogs.com/files/cto-tib-20150223-01a.pdf
Details	Url	1	http://contagiodump.blogspot.com/2013/09/sandbox-miming-cve-2012-0158-in-mhtml.html