ioc[.]one - OSINT Cyber Threat Intelligence Database

Espionage Campaign Spear Phishes Turkish Defense Contractors | RiskIQ

Tags

country:	Turkey
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Direct Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Server - T1583.004 Server - T1584.004 Visual Basic - T1059.005 Tool - T1588.002 Connection Proxy - T1090

Show in Graph

Common Information

Type	Value
UUID	c5cc3522-f77b-465c-814f-f6b8b184cab6
Fingerprint	f0c408d30c3bb7a0
Analysis status	DONE
Considered CTI value	2
Text language
Published	Jan. 23, 2018, midnight
Added to db	Sept. 26, 2022, 9:31 a.m.
Last updated	Nov. 17, 2024, 5:57 p.m.
Headline	UNKNOWN
Title	Espionage Campaign Spear Phishes Turkish Defense Contractors \| RiskIQ
Detected Hints/Tags/Attributes	54/3/45

Source URLs

	Redirection	Url
Details	Source	https://www.riskiq.com/blog/labs/spear-phishing-turkish-defense-contractors/

URL Provider

Details	Provider	Source level domain
Details	riskiq.com	www.riskiq.com

Attributes

Details	Type	#Events	Value
Details	Autonomous System Number	2	AS12978
Details	Domain	1	gerlirler.gov.tr
Details	Domain	1	gelirler.gov.tr
Details	Domain	1	lnx1.hostingfabrika.com
Details	Domain	23	community.riskiq.com
Details	Domain	229	match.com
Details	Domain	2	unifscon.com
Details	Domain	96	malpedia.caad.fkie.fraunhofer.de
Details	Domain	3	civita2.no-ip.biz
Details	Domain	1	civita1.no-ip.biz
Details	Domain	6	no-ip.biz
Details	Domain	1	punkdns.pw
Details	Domain	1	komot1.punkdns.pw
Details	Domain	1	komot2.punkdns.pw
Details	Email	1	posta2@gelirler.gov.tr
Details	File	1	%appdata%rqco.exe
Details	File	1	r9_sys.exe
Details	File	1	favos.exe
Details	File	1	nwconn.exe
Details	File	1	r9_sys7.exe
Details	sha256	1	70b1a96ca6a9cf93a9945bec1f0c2ff793c2f34f5c9aa9f975f5386a6467bb8c
Details	sha256	1	fa606bfc64fb2940a423610ebd41ff79eac67c74059a4120d1583e88550b13b7
Details	sha256	1	8483e94c60b90898dd9677b080ec664d63c43d0978c0bb871c6f2b04cb6c9a12
Details	sha256	1	9aa8dd5141166ee252ab61d3e518e5730ffe8fd2acfd8cd820f990d20bc468a2
Details	sha256	1	fa27d7833b743d1960fdd51a5a250f6869835bb7560a4eb9d61f32d590c2ab60
Details	sha256	1	07fdd507deff1680361b7106298575d0128983173d3670e5b830d8566190c39a
Details	sha256	1	ac3a2db520592abe8497abf2db14bb3a2468e11768b4585cc1ffc057971aac3d
Details	sha256	1	eb367f22531f2346898c1f9bca69b8f03742bee5aa4fec51f29f5fd9520a446f
Details	sha256	1	0ca47d69249b42f2a7b2a60e4fbd2058a70b6d43eee549ab5ea31523289da09a
Details	IPv4	1	185.85.204.180
Details	IPv4	1	212.133.164.130
Details	IPv4	1	176.239.143.116
Details	IPv4	1	178.162.197.211
Details	IPv4	1	31.200.14.84
Details	IPv4	1	213.183.40.59
Details	IPv4	1	31.200.11.249
Details	IPv4	1	31.200.17.0
Details	IPv4	1	31.200.13.36
Details	IPv4	1	31.200.12.44
Details	IPv4	1	212.7.208.121
Details	IPv4	1	136.0.3.219
Details	Url	1	https://community.riskiq.com/projects/d731e758-cc96-b68e-4286-fe8b8f2308f1?guest=true:
Details	Url	1	http://unifscon.com/r9_sys.exe
Details	Url	5	https://malpedia.caad.fkie.fraunhofer.de/details/win.remcos
Details	Url	1	https://community.riskiq.com/projects/d731e758-cc96-b68e-4286-fe8b8f2308f1?guest=true