ioc[.]one - OSINT Cyber Threat Intelligence Database

Sophisticated Espionage Group Turns Attention to Telecom Providers in South Asia

Tags

country:	Iran Saudi Arabia
attack-pattern:	Data Credentials - T1589.001 Ip Addresses - T1590.005 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Connection Proxy - T1090 Powershell - T1086

Show in Graph

Common Information

Type	Value
UUID	bddb1640-86d0-47b4-b398-c57732aee75a
Fingerprint	ce210dd103259fe1
Analysis status	DONE
Considered CTI value	2
Text language
Published	May 19, 2020, midnight
Added to db	Sept. 11, 2022, 12:44 p.m.
Last updated	Nov. 17, 2024, 10:40 p.m.
Headline	Sophisticated Espionage Group Turns Attention to Telecom Providers in South Asia
Title	Sophisticated Espionage Group Turns Attention to Telecom Providers in South Asia
Detected Hints/Tags/Attributes	102/2/70

Source URLs

	Redirection	Url
Details	Source	https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/greenbug-espionage-telco-south-asia

URL Provider

Details	Provider	Source level domain
Details	security.com	symantec-enterprise-blogs.security.com

Attributes

Details	Type	#Events	Value
Details	Domain	285	microsoft.net
Details	Domain	34	system.data
Details	Domain	3	conn.open
Details	Domain	1	java.ee
Details	Domain	2	apps.vvvnews.com
Details	Domain	339	system.net
Details	Domain	1	vsiegru.com
Details	Domain	2	kopilkaorukov.com
Details	File	1	proposal_pakistan110.chm
Details	File	12	error.html
Details	File	1208	powershell.exe
Details	File	1	a8f4.exe
Details	File	1	revshell.exe
Details	File	1	printers.exe
Details	File	3	msf.exe
Details	File	1	msf.ps1
Details	File	128	w3wp.exe
Details	File	70	web.config
Details	File	2	aspnet_regiis.exe
Details	File	1	pls.exe
Details	File	2126	cmd.exe
Details	File	7	ncat.exe
Details	File	51	system.dat
Details	File	24	a.sql
Details	File	4	client.sql
Details	File	15	a.dat
Details	File	4	ds.tab
Details	File	11	local.exe
Details	File	9	adobe.exe
Details	File	1	comms.exe
Details	File	1	yft.dat
Details	File	2	c:\programdata\vmware\vmware.exe
Details	File	2	yf.dat
Details	File	2	c:\programdata\nt.dat
Details	sha256	1	2a3f36c849d9fbfe510c00ac4aca1750452cd8f6d8b1bc234d22bc0c40ea1613
Details	sha256	1	9809aeb6fd388db9ba60843d5a8489fea268ba30e3935cb142ed914d49c79ac5
Details	sha256	1	3c6bc3294a0b4b6e95f747ec847660ce22c5c4eee2681d02cc63f2a88d2d0b86
Details	sha256	3	450ebd66ba67bb46bf18d122823ff07ef4a7b11afe63b6f269aec9236a1790cd
Details	sha256	2	ee32bde60d1175709fde6869daf9c63cd3227155e37f06d45a27a2f45818a3dc
Details	sha256	1	071e20a982ea6b8f9d482685010be7aaf036401ea45e2977aca867cedcdb0217
Details	sha256	1	ece23612029589623e0ae27da942440a9b0a9cd4f9681ec866613e64a247969d
Details	sha256	1	b8797931ad99b983239980359ef0ae132615ebedbf6fcb0c0e9979404b4a02a8
Details	sha256	1	9de28b94aa3f1a849221cf74224554b41a77473c694cadf3f2526ab06480eb85
Details	sha256	1	b51eca570abad9341a08ae4d153d2c64827db876ee0491eb941d7e9a48d43554
Details	sha256	1	16e1e886576d0c70af0f96e3ccedfd2e72b8b7640f817c08a82b95ff5d4b1218
Details	sha256	1	abb3ddc945d147a4ed435b71490764bc4a2860f4ad264052f407357911bd6746
Details	sha256	1	6cb51c7011f27418c772124d4433350a534061f5732c1331f5483d62b42402f7
Details	sha256	1	9bf8121e0f3461412dde107c4d1ceb2ed18ec0741f458956830e038fd1be6d44
Details	sha256	1	75cee6136011516dfe7bd9e45b25c2cf5d9af149a81fff0b8b3ab157a8cbf321
Details	sha256	1	e974237c32f5d28019c5328bd022469236da87eecee19487902133aea89432a0
Details	sha256	1	f577fc8f22b6eec782dbcbe54f5a8f3b00e8e6d8dc7aa94b2fffcc2b7ce09c6a
Details	sha256	1	53bbc9ebe40725bd74ebf29616f48a8aed0a544dd0e4f40801ac1b522f2cf32f
Details	sha256	1	fd95ffb7c70f828ef021e7dbdaf852f54f385095e7f58607f093096b68f40a32
Details	sha256	1	4c7813a1f3eb5d5d8b8a1e53af074c96cfc6ddb14b21188fd84970f001bfc0ff
Details	sha256	1	471dadfe16cf2cf82566d404d2b7d1baf66b72c385ae272dcc743a285113e280
Details	sha256	1	069a29a0642ea5e2034250f5465cb2230edf1b49ad42d16ff4cddfee1f693314
Details	sha256	1	faba07425c1fa65a9a68a17b99e83663a2a32fbb2a7c3df347b7a7411a7058bc
Details	sha256	1	0644b3ffc856eb54b53338ab8ecd22dd005ee5aacfe321f4e61b763a93f82aea
Details	sha256	1	fc002268620fa67ffe260ea9f3a6bbad8637f9bef8ae85b8d6061cec0390b9e2
Details	IPv4	1	95.179.177.157
Details	IPv4	1	185.205.210.46
Details	IPv4	1	185.243.115.69
Details	IPv4	1	185.243.114.247
Details	Url	1	http://95.179.177.157:445/0zu5wpwn
Details	Url	1	http://95.179.177.157:8081/asdfd
Details	Url	1	http://185.205.210.46:1003/io0rbyy3o
Details	Url	1	http://185.205.210.46:1131/t8dawgy9j13
Details	Url	1	http://apps.vvvnews.com:8080/yft.dat
Details	Url	1	http://apps.vvvnews.com:8080/yf.dat
Details	Url	1	http://apps.vvvnews.com:8080/default.htt