ioc[.]one - OSINT Cyber Threat Intelligence Database

Keep Calm and (Don’t) Enable Macros: Appendices - The Citizen Lab

Tags

country:	Russia
attack-pattern:	Data Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Email Accounts - T1585.002 Email Accounts - T1586.002 Ip Addresses - T1590.005 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Social Media - T1593.001 Social Media Accounts - T1585.001 Social Media Accounts - T1586.001 Powershell - T1086

Show in Graph

Common Information

Type	Value
UUID	ae208298-a01f-4a23-bf67-9ea80821e3ab
Fingerprint	8a08c6d16a9594c5
Analysis status	DONE
Considered CTI value	1
Text language
Published	May 29, 2016, midnight
Added to db	Jan. 18, 2023, 9:16 p.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	Keep Calm and (Don’t) Enable Macros Appendices
Title	Keep Calm and (Don’t) Enable Macros: Appendices - The Citizen Lab
Detected Hints/Tags/Attributes	52/2/270

Source URLs

	Redirection	Url
Details	Source	https://citizenlab.ca/2016/05/stealth-falcon-appendices/
Details	Source	https://citizenlab.org/2016/05/stealth-falcon-appendices/

URL Provider

Details	Provider	Source level domain
Details	citizenlab.ca	citizenlab.ca
Details	citizenlab.org	citizenlab.org

Attributes

Details	Type	#Events	Value
Details	Domain	1373	twitter.com
Details	Domain	2	aax.me
Details	Domain	2	adhostingcache.com
Details	Domain	2	adhostingcaches.com
Details	Domain	2	incapsulawebcache.com
Details	Domain	1	adlinkmetric.com
Details	Domain	1	adlinkmetrics.com
Details	Domain	2	bestairlinepricetags.com
Details	Domain	2	clickstatistic.com
Details	Domain	2	fasttravelclearance.com
Details	Domain	2	optimizedimghosting.com
Details	Domain	1	rapidlinkhit.com
Details	Domain	1	safeadspace.com
Details	Domain	2	simpleadbanners.com
Details	Domain	1	tinyimagehosting.com
Details	Domain	1	windowshealthcheck.com
Details	Domain	1	adobereaderupdater.com
Details	Domain	2	airlineadverts.com
Details	Domain	1	akamai-host-network.com
Details	Domain	1	akamai-hosting-network.com
Details	Domain	1	akamaicachecdn.com
Details	Domain	1	akamaicloud.net
Details	Domain	1	akamaicss.com
Details	Domain	1	akamaihostcdn.net
Details	Domain	1	akamaiwebcache.com
Details	Domain	1	appleimagecache.com
Details	Domain	1	burst-media.com
Details	Domain	1	cachecontent.com
Details	Domain	1	cdn-logichosting.com
Details	Domain	1	cdnimagescache.com
Details	Domain	1	chromeupdater.com
Details	Domain	1	cloudburstcdn.net
Details	Domain	1	cloudburstercdn.net
Details	Domain	1	cloudimagecdn.com
Details	Domain	1	cloudimagehosters.com
Details	Domain	1	contenthosts.com
Details	Domain	1	contenthosts.net
Details	Domain	1	dnsclienthelper.com
Details	Domain	1	dnsclientresolver.com
Details	Domain	1	domainimagehost.com
Details	Domain	1	dotnetupdatechecker.com
Details	Domain	1	dotnetupdates.com
Details	Domain	1	dropboxsyncservice.com
Details	Domain	2	edgecacheimagehosting.com
Details	Domain	1	flashplayersupdates.com
Details	Domain	1	flashplayerupdater.com
Details	Domain	1	iesafebrowsingcache.com
Details	Domain	1	iesaferbrowsingcache.com
Details	Domain	1	javaupdatecache.com
Details	Domain	1	javaupdatersvc.com
Details	Domain	1	javaupdatescache.com
Details	Domain	1	javaupdatesvc.com
Details	Domain	1	limelightimagecache.com
Details	Domain	1	livewebcache.com
Details	Domain	1	media-providers.net
Details	Domain	1	mediacachecdn.com
Details	Domain	1	mediacachecdn.net
Details	Domain	1	mediacloudsolution.com
Details	Domain	1	mediacloudsolutions.net
Details	Domain	1	mediaimagecache.com
Details	Domain	1	mediaproviders.net
Details	Domain	2	ministrynewschannel.com
Details	Domain	2	ministrynewsinfo.com
Details	Domain	1	msofficesso.com
Details	Domain	1	msofficeupdates.com
Details	Domain	1	mswindowsupdater.com
Details	Domain	1	netassistcache.com
Details	Domain	1	netcloudcdn.com
Details	Domain	1	optimizercache.com
Details	Domain	1	oraclejavaupdate.com
Details	Domain	1	oraclejavaupdater.com
Details	Domain	1	printspoolerservices.com
Details	Domain	1	safeadvertimgs.com
Details	Domain	1	webanalyticstats.com
Details	Domain	1	wincertificateupdater.com
Details	Domain	1	winconnectors.com
Details	Domain	1	windefenderupdater.com
Details	Domain	1	windowsconnector.com
Details	Domain	1	windowsdefenderupdater.com
Details	Domain	2	windowsearchcache.com
Details	Domain	1	windowspatchmanager.com
Details	Domain	1	windowssearchcache.com
Details	Domain	1	windowsupdatecache.com
Details	Domain	1	windowsupdatescache.com
Details	Domain	2	amnkeysvc.com
Details	Domain	2	amnkeysvcs.com
Details	Domain	1	scheduledupdater.com
Details	Domain	2	yeastarr.com
Details	Domain	2	velocityfiles.com
Details	Domain	2	call4uaefreedom.com
Details	Domain	2	uaefreedom.com
Details	Domain	2	a7rarelemarat.com
Details	Domain	2	al7ruae2014.com
Details	Domain	14	openmailbox.org
Details	Domain	272	outlook.com
Details	Domain	2	anonymousbitcoindomains.com
Details	Domain	1	defencereview.net
Details	Domain	2	intelnetservice.com
Details	Domain	2	intelsupport.net
Details	Domain	2	microsoftdriver.com
Details	Domain	1	nato-int.com
Details	Domain	1	osce-military.org
Details	Domain	2	windowsappstore.net
Details	Domain	2	dailyforeignnews.com
Details	Domain	2	diplomatnews.org
Details	Domain	2	worldpoliticsnews.org
Details	Domain	1	uz-news.org
Details	Domain	1	bagacamesmo.biz
Details	Domain	1	policeoracle.org
Details	Domain	39	www.wsj.com
Details	Domain	10	labsblog.f-secure.com
Details	Domain	1	www.nsec.io
Details	Domain	105	web.archive.org
Details	Domain	1	www.microsoftdriver.com
Details	Domain	4	fraudwatchinternational.com
Details	Email	1	the_right_to_fight@openmailbox.org
Details	Email	1	andrew.dwight389@outlook.com
Details	File	4	apt28-a-window-into-russias-cyber-espionage-operations.html
Details	File	1	northsec_sednit_joan.pdf
Details	sha256	1	e1259372d15bb5001be18f03dddbdc117710d7a64829dad3a95829413783f0d7
Details	IPv4	1	83.125.20.162
Details	IPv4	1	87.120.37.83
Details	IPv4	2	95.215.44.37
Details	IPv4	1	103.208.86.23
Details	IPv4	1	131.72.136.224
Details	IPv4	1	185.62.188.163
Details	IPv4	1	185.86.148.245
Details	IPv4	1	193.105.134.244
Details	IPv4	1	37.59.138.119
Details	IPv4	1	45.125.244.196
Details	IPv4	1	46.183.221.240
Details	IPv4	1	87.121.52.96
Details	IPv4	1	91.219.237.142
Details	IPv4	1	94.242.202.168
Details	IPv4	1	95.183.50.230
Details	IPv4	1	95.183.51.164
Details	IPv4	1	95.183.51.32
Details	IPv4	1	103.193.4.112
Details	IPv4	1	107.181.128.99
Details	IPv4	1	151.80.141.155
Details	IPv4	1	151.80.158.81
Details	IPv4	1	151.80.95.42
Details	IPv4	1	158.69.3.165
Details	IPv4	1	178.17.170.106
Details	IPv4	1	178.17.170.183
Details	IPv4	1	178.17.171.104
Details	IPv4	1	178.17.171.234
Details	IPv4	1	178.17.174.21
Details	IPv4	1	185.112.82.4
Details	IPv4	1	185.117.73.169
Details	IPv4	1	185.141.25.225
Details	IPv4	1	185.24.233.110
Details	IPv4	1	185.24.233.202
Details	IPv4	1	185.24.234.15
Details	IPv4	1	185.61.148.176
Details	IPv4	1	185.61.148.85
Details	IPv4	1	185.61.149.2
Details	IPv4	1	185.62.190.127
Details	IPv4	2	185.77.129.103
Details	IPv4	1	185.86.148.46
Details	IPv4	1	185.86.148.55
Details	IPv4	2	185.86.149.116
Details	IPv4	1	185.99.132.210
Details	IPv4	1	188.0.236.83
Details	IPv4	1	188.165.80.78
Details	IPv4	1	190.10.10.189
Details	IPv4	1	190.123.45.141
Details	IPv4	1	190.123.45.147
Details	IPv4	1	193.105.134.10
Details	IPv4	1	193.105.134.13
Details	IPv4	1	198.50.177.201
Details	IPv4	1	199.201.121.148
Details	IPv4	1	200.122.181.117
Details	IPv4	1	212.56.214.42
Details	IPv4	1	37.59.122.150
Details	IPv4	1	37.59.138.117
Details	IPv4	1	46.183.219.81
Details	IPv4	1	46.183.221.187
Details	IPv4	1	46.183.221.230
Details	IPv4	1	46.183.221.244
Details	IPv4	1	5.149.252.143
Details	IPv4	1	5.154.190.120
Details	IPv4	1	5.154.190.159
Details	IPv4	1	5.9.173.181
Details	IPv4	1	78.46.254.161
Details	IPv4	1	84.200.16.63
Details	IPv4	1	87.121.52.95
Details	IPv4	1	91.216.245.56
Details	IPv4	1	91.236.116.210
Details	IPv4	1	91.236.116.44
Details	IPv4	1	92.222.66.2
Details	IPv4	1	93.174.88.206
Details	IPv4	1	94.102.56.140
Details	IPv4	1	94.102.56.141
Details	IPv4	1	94.23.183.9
Details	IPv4	1	94.242.232.13
Details	IPv4	1	95.183.50.53
Details	IPv4	1	95.183.51.133
Details	IPv4	1	95.183.51.21
Details	IPv4	1	95.183.53.191
Details	IPv4	1	95.215.44.165
Details	IPv4	1	95.215.44.2
Details	IPv4	1	95.215.44.207
Details	IPv4	1	119.18.57.236
Details	IPv4	1	119.18.58.26
Details	IPv4	1	124.217.246.199
Details	IPv4	1	136.243.250.168
Details	IPv4	1	178.17.170.102
Details	IPv4	1	178.17.171.173
Details	IPv4	1	185.45.192.136
Details	IPv4	1	185.62.188.138
Details	IPv4	1	185.62.189.16
Details	IPv4	1	190.10.9.219
Details	IPv4	1	192.71.218.164
Details	IPv4	1	198.105.120.51
Details	IPv4	1	198.105.122.70
Details	IPv4	1	198.105.125.32
Details	IPv4	1	199.127.226.243
Details	IPv4	1	199.201.121.144
Details	IPv4	1	31.220.43.237
Details	IPv4	1	46.19.141.188
Details	IPv4	1	46.19.143.233
Details	IPv4	1	46.28.202.130
Details	IPv4	1	46.28.202.93
Details	IPv4	1	5.1.88.170
Details	IPv4	1	5.196.140.50
Details	IPv4	1	5.199.171.40
Details	IPv4	1	5.199.171.61
Details	IPv4	1	87.117.255.177
Details	IPv4	1	87.121.52.170
Details	IPv4	1	93.174.88.198
Details	IPv4	1	95.183.49.134
Details	IPv4	1	95.215.44.251
Details	IPv4	1	109.71.51.58
Details	Threat Actor Identifier - APT	783	APT28
Details	Url	1	https://docs.google.com/a/citizenlab.ca/document/d/106eqw_szpplxbkm-ba2f3ntzuq_z7lx8ecligp9ugxe/edit?usp=sharing
Details	Url	1	http://twitter.com/bu_saeed2/status/156781983983349760
Details	Url	1	http://twitter.com/bu_saeed2/status/158272650995695616
Details	Url	1	http://twitter.com/bu_saeed2/status/156785619744473088
Details	Url	1	http://twitter.com/bu_saeed2/status/156406670866653184
Details	Url	1	http://twitter.com/bu_saeed2/status/158267593269063680
Details	Url	1	https://twitter.com/bu_saeed2/status/158269006451707904
Details	Url	1	http://twitter.com/islam_way_2030/status/212563401761755137
Details	Url	2	https://twitter.com/islam_way_2030/status/232392466760863744
Details	Url	1	https://twitter.com/islam_way_2030/status/232392808336588800
Details	Url	2	https://twitter.com/islam_way_2030/status/232393358243401728
Details	Url	1	https://twitter.com/islam_way_2030/status/232394930285318144
Details	Url	1	https://twitter.com/islam_way_2030/status/232395293449146368
Details	Url	1	http://twitter.com/um_zainab123/status/255210220907802624
Details	Url	1	http://twitter.com/um_zainab123/status/255230862914899969
Details	Url	1	http://twitter.com/1a1_ahmed/status/367590431762051072
Details	Url	1	http://twitter.com/miriamkhaled/status/156804441436205056
Details	Url	1	http://twitter.com/miriamkhaled/status/156795446910664704
Details	Url	1	http://twitter.com/miriamkhaled/status/156756400108867584
Details	Url	1	http://twitter.com/miriamkhaled/status/156803937482190848
Details	Url	2	https://twitter.com/miriamkhaled/status/156625204280434688
Details	Url	1	https://twitter.com/jjory22/status/159144594574020608
Details	Url	1	https://twitter.com/pooruae/status/156766408137646080
Details	Url	1	https://twitter.com/pooruae/status/156766841702854657
Details	Url	2	https://twitter.com/r7aluae2/status/156418043424157696
Details	Url	1	https://www.fireeye.com/blog/threat-research/2014/10/apt28-a-window-into-russias-cyber-espionage-operations.html
Details	Url	1	http://www.wsj.com/articles/hacking-trail-leads-to-russia-experts-say-1414468869
Details	Url	1	https://securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-with-updated-toolset
Details	Url	1	https://www.virustotal.com/en/file/e1259372d15bb5001be18f03dddbdc117710d7a64829dad3a95829413783f0d7/analysis
Details	Url	2	https://labsblog.f-secure.com/2015/09/08/sofacy-recycles-carberp-and-metasploit-code
Details	Url	1	https://www.nsec.io/wp-content/uploads/2015/05/northsec_sednit_joan.pdf
Details	Url	1	https://web.archive.org/web/20150714171710/http://www.microsoftdriver.com
Details	Url	1	https://web.archive.org/web/20140928075555/http://bagacamesmo.biz
Details	Url	1	http://fraudwatchinternational.com/services/site-take-down
Details	Url	1	https://web.archive.org/web/20150801004320/http://bagacamesmo.biz