ioc[.]one - OSINT Cyber Threat Intelligence Database

The TopHat Campaign: Attacks Within The Middle East Region Using Popular Third-Party Services

Tags

country:	Argentina United Arab Emirates Saudi Arabia
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Python - T1059.006 Tool - T1588.002 Powershell - T1086 Scripting - T1064 Scripting

Show in Graph

Common Information

Type	Value
UUID	a6c597c9-3184-436d-b7fe-528caa431e87
Fingerprint	a50011538ab3c283
Analysis status	DONE
Considered CTI value	2
Text language
Published	Jan. 26, 2018, 3 a.m.
Added to db	Sept. 26, 2022, 9:31 a.m.
Last updated	Nov. 17, 2024, 10:40 p.m.
Headline	The TopHat Campaign: Attacks Within The Middle East Region Using Popular Third-Party Services
Title	The TopHat Campaign: Attacks Within The Middle East Region Using Popular Third-Party Services
Detected Hints/Tags/Attributes	78/3/76

Source URLs

	Redirection	Url
Details	Source	https://researchcenter.paloaltonetworks.com/2018/01/unit42-the-tophat-campaign-attacks-within-the-middle-east-region-using-popular-third-party-services/

URL Provider

Details	Provider	Source level domain
Details	paloaltonetworks.com	researchcenter.paloaltonetworks.com

Attributes

Details	Type	#Events	Value
Details	CVE	269	cve-2017-0199
Details	Domain	317	bit.ly
Details	Domain	2	storgemydata.website
Details	Domain	372	wscript.shell
Details	Domain	1	vfwhetgt.run
Details	Domain	339	system.net
Details	Domain	1	fulltext.yourtrap.com
Details	Domain	3	checktest.www1.biz
Details	Domain	358	pastebin.com
Details	Domain	19	plus.google.com
Details	File	1	السلطة.rar
Details	File	1	power.rar
Details	File	1	اليوم.doc
Details	File	8	meeting.doc
Details	File	5	v.dat
Details	File	1	office-update.rtf
Details	File	4	window.mov
Details	File	1208	powershell.exe
Details	File	1	12330718701ac441736a55e3ee3cx996.exe
Details	File	19	x.exe
Details	File	1	abbas.rtf
Details	File	2126	cmd.exe
Details	File	1	test1.rtf
Details	File	1	xx.rtf
Details	File	1	xx2.rtf
Details	File	1	لفلسطين.docx
Details	File	1	palestine.docx
Details	File	10	e.exe
Details	File	533	ntdll.dll
Details	File	2	decrypted_data.bin
Details	File	1122	svchost.exe
Details	File	1	embeddedshellcode.bin
Details	File	1260	explorer.exe
Details	File	271	chrome.exe
Details	File	199	firefox.exe
Details	File	56	iexplorer.exe
Details	File	73	opera.exe
Details	sha256	2	862a9836450a0988bc0f5bd5042392d12d983197f40654c44617a03ff5f2e1d5
Details	sha256	1	cb6cf34853351ba62d4dd2c609d6a41c618881670d5652ffa7ddf5496e4693f0
Details	sha256	2	8a158271521861e6362ee39710ac833c937ecf2d5cbf4065cb44f3232224cf64
Details	sha256	2	d302f794d45c2a6eaaf58ade70a9044e28bc9ec43c9f7a1088a606684b1364b5
Details	sha256	2	1cd49a82243eacdd08eee6727375c1ab83e8ecca0e5ab7954c681038e8dd65a1
Details	sha256	2	d409d26cffe6ce5298956bd65fd604edf9cfa14bc3373a7bdeb47091729f09e9
Details	sha256	2	aa18b8175f68e8eefa12cd2033368bc1b73ff7caf05b405f6ff1e09ef812803c
Details	sha256	2	202d1d51254eb13c64d143c387a87c5e7ce97ba3dcfd12dd202a640439a9ea3b
Details	sha256	1	d18e09debde4748163efa25817b197f3ff0414d2255f401b625067669e8e571e
Details	sha256	1	3e4d0ffdde0b5db2a0a526730ff63908cefc9634f07ec027c478c123912554bb
Details	sha256	1	d3ead67228b3d7968ac767648b46a8e906affa0ebb5cc69f7acbed475a97204c
Details	sha256	1	03e2b932c013252fa2eb5e35390f9e21d0ff87e5b1c01683ebce0e8ce9b8d6df
Details	sha256	1	4df9488fbdfaf5d05fda65175a6b6e5331c58c967adbe972aa46c64b4fd0b1bb
Details	sha256	1	0dde9940f7896c2e4fb881dd185c3c3db280a9fd2ac2cb81988f43f5b0f6fcf7
Details	sha256	1	613da5f745c281acbffa4375e96394f8c912f58f92afe347e8a1f10fad3489bb
Details	sha256	1	d0f2d2d7d82c91fe64a64552e0e6200a096230fb6a64a1307928ae33ab2a5bf8
Details	sha256	1	7b6347093b27174e27228c2fde7d39e02d57315b354461aaf1dee3f0800fdfc3
Details	sha256	2	bdc633fe3145d87036ad759be855771d5bb3ca592cecca9ef7f41454d7cf9f05
Details	sha256	1	ed9c62f77055a2498aec681b5653240be534595b97a9d11e92371639b0ca9a48
Details	sha256	2	7a1fa34ca804492415579c3ed4f505a7f09fcd7bc834590cff86e2ce77c4fc73
Details	sha256	1	3540c2f0765773fa0a822fcf5fed5ed2a363ad11291a66ab1b488c9a4aa857f9
Details	sha256	1	ddc13c8d3d55562df873d4cf17181164922cb71d0c94edeb8fa143033c1214e0
Details	sha256	1	d4cb6b76dd352c928ca7184f583d14d800c090ba650dd26d8fa4febe901d1205
Details	sha256	1	5c0b253966befd57f4d22548f01116ffa367d027f162514c1b043a747bead596
Details	sha256	1	1f9bca1d5ce5d14d478d32f105b3ab5d15e1c520bde5dfca22324262e84d4eaf
Details	sha256	1	c9ba9e11a19120b58af1f6ccf3beb25744580592c680718a6fc205d662f2a20e
Details	sha256	2	3627ed71588c7b55b35592c3b277910041f3d5ff917de721c53684ee18fcda40
Details	sha256	1	109996d28700fa0e8594d6ecca422418fa43e1b7cf5f9f4442a69264bf5fcea4
Details	sha256	1	c2815c72c9ea70db073775269ef04b1d061e93580f0f5fd3f3de25601641576a
Details	sha256	1	9580d15a06cd59c01c59bca81fa0ca8229f410b264a38538453f7d97bfb315e7
Details	IPv4	2	5.175.214.9
Details	Url	1	http://bit.ly/2y3xl3p
Details	Url	2	http://storgemydata.website/v.dat
Details	Url	2	http://storgemydata.website/x.exe
Details	Url	1	http://pastebin.com/raw/2clsuxj6
Details	Url	1	http://pastebin.com/raw/trzzjtga
Details	Url	1	https://plus.google.com/104518099222750189969
Details	Url	1	https://plus.google.com/110228699051788231047
Details	Url	1	https://plus.google.com/106456556287604120942