ioc[.]one - OSINT Cyber Threat Intelligence Database

Tracking Subaat: Targeted Phishing Attack Leads to Threat Actor's Repository

Tags

country:	Germany Pakistan
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Python - T1059.006 Server - T1583.004 Server - T1584.004 Whois - T1596.002

Show in Graph

Common Information

Type	Value
UUID	a48090c8-7242-4a7d-a52c-78785d8ebddf
Fingerprint	d158d19913423cf
Analysis status	DONE
Considered CTI value	2
Text language
Published	Oct. 27, 2017, 2 a.m.
Added to db	Sept. 26, 2022, 9:33 a.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	Tracking Subaat: Targeted Phishing Attack Leads to Threat Actor's Repository
Title	Tracking Subaat: Targeted Phishing Attack Leads to Threat Actor's Repository
Detected Hints/Tags/Attributes	51/3/99

Source URLs

	Redirection	Url
Details	Source	https://researchcenter.paloaltonetworks.com/2017/10/unit42-tracking-subaat-targeted-phishing-attacks-point-leader-threat-actors-repository/
Details	Source	https://unit42.paloaltonetworks.com/unit42-tracking-subaat-targeted-phishing-attacks-point-leader-threat-actors-repository/

URL Provider

Details	Provider	Source level domain
Details	paloaltonetworks.com	unit42.paloaltonetworks.com
Details	paloaltonetworks.com	researchcenter.paloaltonetworks.com

Attributes

Details	Type	#Events	Value
Details	CVE	176	cve-2012-0158
Details	CVE	269	cve-2017-0199
Details	Domain	2	subaat.com
Details	Domain	1	pkwebhost.net
Details	Domain	1	hassanusauae786.hopto.org
Details	File	5	sp.exe
Details	File	1122	svchost.exe
Details	sha256	1	0ade053b355eca7ae1fccea01fe14ff8d56a9d1703d01b3c00f7a09419357301
Details	sha256	1	9a57f96a3fd92b049494807b6f99ffcd6bb9eb81f4f5b352d4b525ad32fac42d
Details	sha256	1	e3243674aa3661319903a8c0e1edde211f1ffdeed53b305359d3390808007621
Details	sha256	1	c4c478c5486a09ac06e657ace2c1edb00cc690a2ff3558598e07687aa149df71
Details	sha256	1	6b6ff0bef244732e90e7a8c200bcd1d8db6f58fe4da68889eb847eb1b6458742
Details	sha256	1	07cb90288ae53643a4da291863df6c9be92bfd56b953073e30b7c28c777274fc
Details	sha256	1	66ef8f3660902cba0ca9bebd701d322aff1d5a13de0cf63cf3f1b8841e08efc6
Details	sha256	1	20c949ca25fed25918e524dde67ffe44efb1c974a5ed68d519b77354303c4916
Details	sha256	1	007e4b308a69d6c3dba5a01f754a63231b996f1a68ff43ec9b5906f583f0fc6b
Details	sha256	1	f7d2f547d5ab07abf59f97fb069288d682a20bc9614642777d11c7db76b36f39
Details	sha256	1	20e368b0d0288b968fed7193c965a7c7ecf3e731eb93a4cbd4420242fad7ce8c
Details	sha256	1	9ddc4ba7a8025598b6a8344c5537af3e2ae6e6db8356dcbfc9ad86b84dee87af
Details	sha256	1	95c00b3de53c0b5742c182f9221a3086bf046ad8da57c915e8c0b6dc5180fd7f
Details	sha256	1	0804202f46dc94768820cb0915b8d2b36602575ac78e526ea7f518e584069242
Details	sha256	1	914b6f21297ebb81621b6da00edcda59b4c1fdd06329ed7a587c9a9b09915583
Details	sha256	1	2a73231d0480f7481737256a8dca6b2549db982cc10f1761c2a267eb85dcaca4
Details	sha256	1	67d4ab365f1630e750aee300f14fbfc940ea235647014030bd56c4127933834b
Details	sha256	1	41efb2f1cb81160539058d8fc2ca8c037692803dcb8b332c660233bffe5bf874
Details	sha256	1	e51b8bf7cc72b47c8ee59056fabd2af1795152d8df33967949d2d2a0996cc51b
Details	sha256	1	4c6f7aafc2e4d8b0b7e7f21cbb102e02dc314eeb2f8e754f59ea471f58cabda0
Details	sha256	1	3a664210955a82d961480adcc914456931325268ccf26c09d0275ca1d2ff35f1
Details	sha256	1	5cc14c2bc185121391a7c43e3e65ced4697274e93fe42f28f20c067dde7e9f1d
Details	sha256	1	f19480d36453da029247fbd066c7f0c1b28912bbefafd052b1d4ee9a64eb9e31
Details	sha256	1	6bbb87f05d9d987a3df3bb585de3f2fad5d5cd3f11a0e3c4587255c55a9fe2a5
Details	sha256	1	75da69e466183b0d004719d32f779cd5b7849a6dac0b6303e11db543c0ddec32
Details	sha256	1	a0a2edcd19a581aeba3de5bbca21065425fbf34fd1a798269ff99bd8af8bf847
Details	sha256	1	2c34565535a0f90b469f0e100d9027190d3cd812bd824aa6af73b4884690a395
Details	sha256	1	50c4f3d3335daf84d507ed2663a411d2ce39e9def172ddbaf7ade0f2ce0f2736
Details	sha256	1	a8445387cb7e4bc79da34d371eedf50f265e145ce8f48c64aeff2690ed7f8b10
Details	sha256	1	7218bc4e9b8817eff678422a9125a852c3f66ecf275aa691433dd8cd4910f66d
Details	sha256	1	106938bff25de67513acc809c4c77b2aa9e9974ec8bf4d20bad154015abc77be
Details	sha256	1	85116c4f9695bf15fe3fdcb20cff8634971e39c2b97b1a159446fa6cdf05e913
Details	sha256	1	253bb91003a8c295a70240206605542147d7b9fdc2d26ac999772b3b78db3a80
Details	sha256	1	2d5abd4cc322d5802617d6a1cd3fc22403052e2711bf6bd76976ab7d1cea45cf
Details	sha256	1	e0d6e8584f2d3d6d807ad2fe9d2fccc792635e8e3ab0132f3b5dedc0394019c9
Details	sha256	1	625f30d4abd89b94c1f732463202c51cd9424a1bcbf2e72a9779773c0f82f93c
Details	sha256	1	6807c25ead1c377c975c84a214da8a68482623658369a02ce56b531d6f38a5b6
Details	sha256	1	dfb984ea975ca992e1a0f9a6d30a41057edd36b170704b7831f609f44f80ad8d
Details	sha256	1	ed9fb1d8c36fb60c808006ae63908980a259cb73ed44adf19856ea6c239d1eab
Details	sha256	1	1f286fff72a562cd327985a1b57316364710f2cbfeedc46d12dc8d21b4611ecb
Details	sha256	1	4da2fd94b4f21a346ebfa5d8793dd60a1d4200dfe6b91517a70aed4c0b59a4d4
Details	sha256	1	983bc61d569839558e2a2ef2a53174efe45be4e65da991268ce1926beb4e3505
Details	sha256	1	7b1ab4513788ef4b6628911ba6ed6362eb357b66d18f6988fb4ceffb20ee1d91
Details	sha256	1	8c93d054d4ef93f695da9693f6de538e269b39320c934428f27cc22ef6b2d89e
Details	sha256	1	cd873eaded83861c4f59bfb5c902b43bfd7f5ecb13eccc385498ad9564085e97
Details	sha256	1	e63f0ab5413b0013d79c57f8132c21c0c9397c88caa01edbb4fbe6c2db4932a0
Details	sha256	1	24bc5f9aa78d91d6c8641b90cac6d3c3e7ddf4b30a992a9129d73c5edb04f80f
Details	sha256	1	89ac4eeaecd38fcb2eb8e0bacd156b6133a6093f44622f7d82e22493a69cafb7
Details	sha256	1	07abc1eb421baffe4f894406c1435b3daf8d1dcfba53d8e4e8f584cf72d08110
Details	sha256	1	2941360679ea485798e324e3538c358cf6cba65959ebf28df9fd4a5492bf2888
Details	sha256	1	dbac3abbaaea59c8287d3ed47cac07aeca952a3620eda4559c2bf0f3f611d52e
Details	sha256	1	efca910066b59ca833c7291d07f18922cf5e3e2301c5fd95b7acd50f195fc580
Details	sha256	1	a331276b9810ebc131daf883887a0ba8ab0fb5e6ea4671b12249c1be1755fce8
Details	sha256	1	31d94441009e7ea50d880e1dcc9e09890f1139bce9edc847b05f2c5ac355695e
Details	sha256	1	c3eeb0677dcbfe4edb6cca9c5bac34ae80a5906b76676548ef0e5110f3ddd4c3
Details	sha256	1	e68ea3c3c9bb0d5b0d4f940b0cbbfb6913a47bb6f345b54f487241fc4eec4b31
Details	sha256	1	83810647cd0c398ad05dec63c41756bf5fbfd1b0658379753c157e7b1f45aed3
Details	sha256	1	dfb4f62c609be0295ef1c4fcd59c5897fbd0ad40a82d00a93e7f3bdadcc1d320
Details	sha256	1	23180df75c5b9293f3743ea27c09ce471f1f5541cd668ac22c16e41f1ff7b4da
Details	sha256	1	ef09065b95d0ea2e02384828e5616fc6f9ededadb2b4719078904c50d2ed4307
Details	sha256	1	923818d36ff1fd94829424847ac20ab7d77432b133cdb5cb1a1be87ec0e1b617
Details	sha256	1	4cbc47fe5d82145265e8dbc9e81ab6afa9a0a4f3c6dd8c15ce2af09584278517
Details	sha256	1	670e45f3e2fbb635df00790d90a5cf8bc950440a935b38c2bb71f0c463c24b3b
Details	sha256	1	2551d883d3e66a3e7bcabc052be2e503808df570c03d816ddfb83bf6e686a5f6
Details	sha256	1	712a8fa4308de2ba1a83545e96539092215c75bfa8b63b33ee1a739cc6522873
Details	sha256	1	7e09b6d96d7034f1ac5947355dba360cc49f53d4c0c89aab05c1ef6cc2d0a213
Details	sha256	1	801bb690dd2ecd3877b014030dfca40f3b7d964fdb8e1ab1252352212e24f777
Details	sha256	1	fae9b4a92277e227f6122794ef366dba49c045add9569e9a0d8fc66196c5c787
Details	sha256	1	2bfbd56ee421b8aab3dd3d1f9e9a2d512556a4e0440c8f04e94d6ad5b584e43c
Details	sha256	1	35bc123df7bfc8f9239af3fa14350091c513e7b1d42b93a8dca39e131c48c052
Details	sha256	1	87d122b7b99735689713ff51650b6a331d9c4d7f7617fc15b7e07b0225b60c2a
Details	sha256	1	0b2a6225d209783672900d1b8e0b19957cb924f0111d0be347dead9520ad745a
Details	sha256	1	5f3845a1e3d2f3d09c3ffff4a71e04f61d995aae54311d4c9ab88ff65803d131
Details	sha256	1	5c361d57ac83936d08c4a93208142b7397d6074bbf6e24cb6cee0e3e3e5351b3
Details	sha256	1	ea35cf979b358c1661b4b1b9465a700925bdf4ba227989b47127270e32345f29
Details	sha256	1	44963748c947e0f5d21d353e6e5ceb3b6a64fd0b4ad28540ab47bdf2422e9523
Details	sha256	1	1d4f20832e641a1cedd598e187614b78ba3d5930c6dcd71e367b254664cb9b2e
Details	sha256	1	050123edd0d9ea5acf32314aa500467211d8f204f57627abc42937fe11f04382
Details	sha256	1	4c806d18ba1cac5d83be7c05f43697d5124b910d2de8264cdff1d8f186a0a7dd
Details	sha256	1	aec031e3747b00be2b0cc3a1d910ae18ada65452f3e70425cae86fe24d2996d4
Details	sha256	1	5ac984bb11b989ef745c35dd2418eb5bd26a6bba291cf2ba7235bf46d3400260
Details	sha256	1	7bad7cbc32e83b8dfc4f6c95824ea45dcee2330de44d84c9bc551f99e6ca6faa
Details	sha256	1	341403284158723f1f94897d257521a73fcfc8049b786f5004f60a063fb074f2
Details	sha256	1	f68a169670bb3dc3bd0a2dc83120d34f59d7f4dacfdc98dbbd86931cdd4f7392
Details	sha256	1	579c669bd8ec8dd393a836c6c27c86e40e8048fa5efbcfc03e027e69298f0e6a
Details	sha256	1	19df2d2460be2f22f73ea7992470c5369599fba290c0f3dbc613ad35dc3ba18a
Details	sha256	1	692997349c017c627c8779816bc41840dd7867b0c4d3bec99638bfba159675bc
Details	sha256	1	c0658b5aa4e9bc2433557e65ad20ded6f91b3441dac72cb8c2ea7e1f2e43e05e
Details	IPv4	1	5.189.157.215
Details	IPv4	1	115.186.136.237
Details	IPv4	1	23.92.211.186
Details	Url	1	http://subaat.com/files/sp.exe