Malware Attacks Targeting Syrian ISIS Critics
Tags
| cmtmf-attack-pattern: | Location Tracking |
| country: | Argentina Canada Iraq Syria |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Dynamic Dns - T1311 Dynamic Dns - T1333 Hooking - T1617 Location Tracking - T1430 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Social Media - T1593.001 Hooking - T1179 Hooking |
Common Information
| Type | Value |
|---|---|
| UUID | a02fbc47-dabc-4b7c-be18-eff3419fc1db |
| Fingerprint | bd841e1b8b3b8689 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Dec. 18, 2014, midnight |
| Added to db | Jan. 18, 2023, 9:15 p.m. |
| Last updated | Nov. 17, 2024, 5:57 p.m. |
| Headline | Malware Attack Targeting Syrian ISIS Critics |
| Title | Malware Attacks Targeting Syrian ISIS Critics |
| Detected Hints/Tags/Attributes | 100/4/66 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | tempsend.com |
|
| Details | Domain | 1 | slideshow.zip |
|
| Details | Domain | 18 | windowsupdate.microsoft.com |
|
| Details | Domain | 48 | myexternalip.com |
|
| Details | Domain | 7 | inbox.com |
|
| Details | Domain | 1 | www.hate-speech.org |
|
| Details | Domain | 5 | www.ibtimes.com |
|
| Details | Domain | 1373 | twitter.com |
|
| Details | Domain | 1 | www.raqqah-sl.com |
|
| Details | Domain | 113 | www.usenix.org |
|
| Details | Domain | 403 | securelist.com |
|
| Details | Domain | 67 | citizenlab.ca |
|
| Details | Domain | 1 | www.birminghammail.co.uk |
|
| Details | Domain | 3 | targetedthreats.net |
|
| Details | File | 1 | slideshow.zip |
|
| Details | File | 1 | slideshow.exe |
|
| Details | File | 1 | adober1.exe |
|
| Details | File | 4 | pictures.exe |
|
| Details | File | 1 | vgadmysadm.tmp |
|
| Details | File | 1 | rundl132.exe |
|
| Details | File | 1 | win32.tmp |
|
| Details | File | 1 | adobeins.exe |
|
| Details | File | 12 | ixp000.tmp |
|
| Details | File | 1 | z0xapp8t.tmp |
|
| Details | File | 1 | adbrrader.exe |
|
| Details | File | 1 | googleupate.exe |
|
| Details | File | 1 | googlupd.exe |
|
| Details | File | 1 | nvidrv.exe |
|
| Details | File | 1 | nvisdvr.exe |
|
| Details | File | 3 | svhosts.exe |
|
| Details | File | 1 | v2cgplst.tmp |
|
| Details | File | 1 | vg2sxoysinf.tmp |
|
| Details | File | 1 | vgosysaext.tmp |
|
| Details | File | 1 | drv.sys |
|
| Details | File | 1 | syrian-activist-tell-of-brutal-torture-by-assad-regime-and-isil.html |
|
| Details | File | 1 | sec14-paper-hardy.pdf |
|
| Details | File | 2 | kl_report_syrian_malware.pdf |
|
| Details | File | 2 | connecting-the-dots-syrian-malware-team-uses-blackworm-for-attacks.html |
|
| Details | File | 1 | junaid-hussain-team-poison-hacker-18-published-tony-blairs-address-book-online-faces-jail.html |
|
| Details | md5 | 1 | b72e6678e79cc57d33e684528b5721bd |
|
| Details | md5 | 1 | f8bfb82aa92ea6a8e4e0b378781b3859 |
|
| Details | md5 | 1 | aa6bcba23cd39c2827d72d33f5104856 |
|
| Details | md5 | 1 | eda83c8e4ba7d088593f22d56cf39d9f |
|
| Details | md5 | 1 | 9d36e8e3e557239d7006d0bb5c2df298 |
|
| Details | md5 | 1 | 1d5d8c5ce3854de61b28de7ca73093f1 |
|
| Details | md5 | 1 | 55039dd6ce3274dbce569473ad37918b |
|
| Details | md5 | 1 | efdd9b96ae0f43f7d738ead2e1d5430c |
|
| Details | md5 | 1 | 0e3eb8de93297f12b56de9fc33657066 |
|
| Details | md5 | 1 | 3eb6f95c321ace0e3b101fd7e2cdd489 |
|
| Details | md5 | 1 | 84bbd592a212f5a84923e82621e9177d |
|
| Details | md5 | 1 | 13caa1c95e6610f2d5134174e1fb4fd0 |
|
| Details | sha256 | 1 | d9da10e6381cb5c97a966bab0e3bdb3966a61e3e49147cd112dc3beabe22a2c3 |
|
| Details | Url | 1 | https://www.hate-speech.org/intense-hunt-for-americas-spies |
|
| Details | Url | 1 | http://www.ibtimes.com/isis-militants-target-high-speed-internet-cafes-raqqah-stronghold-1745382 |
|
| Details | Url | 1 | http://www.telegraph.co.uk/news/worldnews/islamic-state/11291510/syrian-activist-tell-of-brutal-torture-by-assad-regime-and-isil.html |
|
| Details | Url | 1 | https://twitter.com/raqqah_sl |
|
| Details | Url | 1 | http://www.raqqah-sl.com |
|
| Details | Url | 1 | https://www.virustotal.com/en/file/d9da10e6381cb5c97a966bab0e3bdb3966a61e3e49147cd112dc3beabe22a2c3/analysis |
|
| Details | Url | 1 | https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-hardy.pdf |
|
| Details | Url | 1 | https://securelist.com/files/2014/08/kl_report_syrian_malware.pdf |
|
| Details | Url | 2 | https://www.fireeye.com/blog/threat-research/2014/08/connecting-the-dots-syrian-malware-team-uses-blackworm-for-attacks.html |
|
| Details | Url | 1 | https://citizenlab.ca/2014/03/maliciously-repackaged-psiphon |
|
| Details | Url | 2 | https://www.eff.org/document/quantum-surveillance-familiar-actors-and-possible-false-flags-syrian-malware-campaigns |
|
| Details | Url | 1 | http://www.birminghammail.co.uk/news/midlands-news/birmingham-hacker-junaid-hussain-syria-7291864 |
|
| Details | Url | 1 | http://www.dailymail.co.uk/news/article-2166850/junaid-hussain-team-poison-hacker-18-published-tony-blairs-address-book-online-faces-jail.html |
|
| Details | Url | 3 | https://targetedthreats.net |