ioc[.]one - OSINT Cyber Threat Intelligence Database

Gone Phishing: Hunting for Malicious Industrial-Themed Emails to Prevent Operational Technology Compromises | Mandiant

Tags

maec-delivery-vectors:

Watering Hole

attack-pattern:

Data Models Audio Capture - T1429 Clipboard Data - T1414 Credentials - T1589.001 Credentials From Web Browsers - T1555.003 Credentials From Web Browsers - T1503 Domains - T1583.001 Domains - T1584.001 Hardware - T1592.001 Html Smuggling - T1027.006 Keylogging - T1056.001 Keylogging - T1417.001 Malware - T1587.001 Malware - T1588.001 Password Managers - T1555.005 Phishing - T1660 Phishing - T1566 Server - T1583.004 Server - T1584.004 Software - T1592.002 Vnc - T1021.005 Video Capture - T1512 Windows Credential Manager - T1555.004 Web Services - T1583.006 Web Services - T1584.006 Vulnerabilities - T1588.006 Audio Capture - T1123 Clipboard Data - T1115 Connection Proxy - T1090 Credential Dumping - T1003 Video Capture - T1125

Show in Graph

Common Information

Type	Value
UUID	b3e1a12f-059c-4240-8932-a1c3b40cfa55
Fingerprint	a4340c1b2f3fb781
Analysis status	DONE
Considered CTI value	2
Text language
Published	Jan. 17, 2023, midnight
Added to db	Nov. 6, 2023, 6:52 p.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	Gone Phishing: Hunting for Malicious Industrial-Themed Emails to Prevent Operational Technology Compromises
Title	Gone Phishing: Hunting for Malicious Industrial-Themed Emails to Prevent Operational Technology Compromises \| Mandiant
Detected Hints/Tags/Attributes	152/2/12

Source URLs

	Redirection	Url
Details	Source	https://www.mandiant.com/resources/blog/phishing-hunting-industrial-emails

URL Provider

Details	Provider	Source level domain
Details	mandiant.com	www.mandiant.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	330	✔	Threat Intelligence	https://www.mandiant.com/resources/blog/rss.xml	2024-08-30 22:08

Attributes

Details	Type	#Events	CTI	Value
Details	File	14		temp.iso
Details	File	3		snowcone.gzip
Details	Mandiant Temporary Group Assumption	14		TEMP.ISOTOPE
Details	Mandiant Uncategorized Groups	2		UNC631
Details	Mandiant Uncategorized Groups	65		UNC1151
Details	Mandiant Uncategorized Groups	6		UNC2420
Details	Mandiant Uncategorized Groups	1		UNC2603
Details	Mandiant Uncategorized Groups	5		UNC2633
Details	Threat Actor Identifier - APT	115		APT1
Details	Threat Actor Identifier - APT	78		APT3
Details	Threat Actor Identifier - APT	278		APT10
Details	Threat Actor Identifier - APT	66		APT17