ioc[.]one - OSINT Cyber Threat Intelligence Database

Russian Bank Offices Hit with Broad Phishing Wave

Tags

country:	Russia Syria
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Server - T1583.004 Server - T1584.004 Virtual Private Server - T1583.003 Virtual Private Server - T1584.003

Show in Graph

Common Information

Type	Value
UUID	9bee2436-94c7-4ad5-9d70-a8a8a719d8b6
Fingerprint	be10a8fbc286c785
Analysis status	DONE
Considered CTI value	2
Text language
Published	Aug. 18, 2017, 1:29 p.m.
Added to db	Jan. 18, 2023, 9:23 p.m.
Last updated	Nov. 17, 2024, 6:53 p.m.
Headline	NetWitness Community
Title	Russian Bank Offices Hit with Broad Phishing Wave
Detected Hints/Tags/Attributes	71/3/57

Source URLs

	Redirection	Url
Details	Source	https://community.rsa.com/community/products/netwitness/blog/2017/08/18/russian-bank-offices-hit-with-broad-phishing-wave

URL Provider

Details	Provider	Source level domain
Details	rsa.com	community.rsa.com

Attributes

Details	Type	#Events	Value
Details	CVE	30	cve-2015-2545
Details	CVE	13	cve-2017-0261
Details	CVE	14	cve-2017-0262
Details	Domain	136	mail.com
Details	Domain	1	www.thecaliforniacourier.com
Details	Domain	36	schemas.openxmlformats.org
Details	Domain	10	rsa.com
Details	Email	2	kevin.douglas2@rsa.com
Details	File	2	счету.docx
Details	File	1	карте.docx
Details	File	2	данные.docx
Details	File	1	клиента.docx
Details	File	1	выписка.docx
Details	File	5	image1.ep
Details	File	58	document.xml
Details	File	16	app.xml
Details	File	17	core.xml
Details	File	12	fonttable.xml
Details	File	66	settings.xml
Details	File	21	styles.xml
Details	File	17	websettings.xml
Details	File	14	theme1.xml
Details	File	66	normal.dot
Details	File	748	kernel32.dll
Details	File	533	ntdll.dll
Details	File	67	get.php
Details	md5	1	0c718531890dc54ad68ee33ed349b839
Details	md5	3	9c7e70f0369215004403b1b289111099
Details	md5	1	e589ae71722ac452a7b6dd657f31c060
Details	md5	3	68e190efe7a5c6f1b88f866fc1dc5b88
Details	md5	1	630db8d3e0cb939508910bd5c93e09fe
Details	md5	3	c43f1716d6dbb243f0b8cd92944a04bd
Details	md5	1	df0f8fb172ee663f6f190b0b01acb7bf
Details	md5	3	ed74331131da5ac4e8b8a1c818373031
Details	md5	1	e8ea2ce5050b5c038e3de727e266705c
Details	md5	3	5df8067a6fcb6c45c3b5c14adb944806
Details	md5	3	104913aa3bd6d06677c622dfd45b6c6d
Details	md5	3	00b470090cc3cdb30128c9460d9441f8
Details	md5	1	f8ce877622f7675c12cda38389511f57
Details	md5	1	7c80fb8ba6cf094e709b2d9010f972ba
Details	md5	3	cfc0b41a7cde01333f10d48e9997d293
Details	md5	1	69de4a5060671ce36d4b6cdb7ca750ce
Details	md5	1	18c29bc2bd0c8baa9ea7399c5822e9f2
Details	md5	3	3be61ecba597022dc2dbec4efeb57608
Details	md5	1	b57dff91eeb527d9b858fcec2fa5c27c
Details	md5	1	1bb8eec542cfafcb131cda4ace4b7584
Details	md5	3	4c1bc95dd648d9b4d1363da2bad0e172
Details	md5	1	d9a5834bde6e65065dc82b36ead45ca5
Details	md5	1	7743e239c6e4b3912c5ccba04b7a287c
Details	md5	3	57f51443a8d6b8882b0c6afbd368e40e
Details	sha256	1	2c86a55cefd05352793c603421b2d815f0e1ddf08e598e7a3f0f6b1d3928aca8
Details	IPv4	4	137.74.224.142
Details	IPv4	4	158.69.218.119
Details	Threat Actor Identifier - APT	297	APT27
Details	Url	1	http://schemas.openxmlformats.org/officedocument/2006/extended-properties
Details	Url	1	http://schemas.openxmlformats.org/officedocument/2006/docpropsvtypes"><template>normal.dotm
Details	Url	1	https://community.rsa.com/community/products/netwitness/blog/2017/08/04/targeted-malspam-delivers-chthonic-and-dimnie-8-2-2017.