New Iranian APT data extraction tool
Tags
| country: | Iran |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Credentials - T1589.001 Malware - T1587.001 Malware - T1588.001 Tool - T1588.002 |
Common Information
| Type | Value |
|---|---|
| UUID | b2bb82d9-1ba9-4749-bf83-f7e89b2608e7 |
| Fingerprint | fc336ca2fb732c1 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Aug. 23, 2022, midnight |
| Added to db | Nov. 6, 2023, 5:34 p.m. |
| Last updated | Nov. 17, 2024, 11:40 p.m. |
| Headline | New Iranian APT data extraction tool |
| Title | New Iranian APT data extraction tool |
| Detected Hints/Tags/Attributes | 43/3/19 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 35 | ✔ | Threat Analysis Group (TAG) | https://blog.google/threat-analysis-group/rss/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | pipecommunication.read |
|
| Details | Domain | 1 | jsoninfo.data |
|
| Details | File | 1206 | index.php |
|
| Details | File | 1 | geckowebbrowser.doc |
|
| Details | File | 1 | jsoninfo.dat |
|
| Details | sha256 | 1 | 03d0e7ad4c12273a42e4c95d854408b98b0cf5ecf5f8c5ce05b24729b6f4e369 |
|
| Details | sha256 | 1 | 35a485972282b7e0e8e3a7a9cbf86ad93856378fd96cc8e230be5099c4b89208 |
|
| Details | sha256 | 1 | 5afc59cd2b39f988733eba427c8cf6e48bd2e9dc3d48a4db550655efe0dca798 |
|
| Details | sha256 | 1 | 6dc0600de00ba6574488472d5c48aa2a7b23a74ff1378d8aee6a93ea0ee7364f |
|
| Details | sha256 | 1 | 767bd025c8e7d36f64dbd636ce0f29e873d1e3ca415d5ad49053a68918fe89f4 |
|
| Details | sha256 | 1 | 977f0053690684eb509da27d5eec2a560311c084a4a133191ef387e110e8b85f |
|
| Details | sha256 | 1 | ac8e59e8abeacf0885b451833726be3e8e2d9c88d21f27b16ebe00f00c1409e6 |
|
| Details | sha256 | 3 | cd2ba296828660ecd07a36e8931b851dda0802069ed926b3161745aae9aa6daa |
|
| Details | sha256 | 1 | 1a831a79a932edd0398f46336712eff90ebb5164a189ef38c4dacc64ba84fe23 |
|
| Details | IPv4 | 4 | 136.243.108.14 |
|
| Details | IPv4 | 4 | 173.209.51.54 |
|
| Details | Pdb | 1 | e:\working\projects\emaildownloader\emaildownloadercookiemode\emaildownloader\obj\debug\emaildownloader.pdb |
|
| Details | Pdb | 1 | e:\working\projects\emaildownloader\emaildownloadercookiemode\mahdi\livelib\obj\release\livelib.pdb |
|
| Details | Threat Actor Identifier - APT | 194 | APT35 |