ioc[.]one - OSINT Cyber Threat Intelligence Database

Studying How Cybercriminals Prey on the COVID-19 Pandemic

Tags

country:	China Germany France India
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Direct Model Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 File Deletion - T1070.004 File Deletion - T1630.002 Ip Addresses - T1590.005 Javascript - T1059.007 Malvertising - T1583.008 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Web Service - T1481 Web Services - T1583.006 Web Services - T1584.006 Whois - T1596.002 File Deletion - T1107 Web Service - T1102

Show in Graph

Common Information

Type	Value
UUID	c91cb997-c4d7-4fcf-8d5b-3f6f70369543
Fingerprint	a08109d169363765
Analysis status	DONE
Considered CTI value	2
Text language
Published	April 22, 2020, 1 p.m.
Added to db	Jan. 18, 2023, 10:41 p.m.
Last updated	Nov. 17, 2024, 11:40 p.m.
Headline	Studying How Cybercriminals Prey on the COVID-19 Pandemic
Title	Studying How Cybercriminals Prey on the COVID-19 Pandemic
Detected Hints/Tags/Attributes	132/3/88

Source URLs

	Redirection	Url
Details	Source	https://unit42.paloaltonetworks.com/how-cybercriminals-prey-on-the-covid-19-pandemic/

URL Provider

Details	Provider	Source level domain
Details	paloaltonetworks.com	unit42.paloaltonetworks.com

Attributes

Details	Type	#Events	Value
Details	Domain	1	corona-masr21.com
Details	Domain	1	corona-masr3.com
Details	Domain	1	corona-virusus.com
Details	Domain	1	coronavirus-meds.com
Details	Domain	1	corona-masr4.com
Details	Domain	20	test.zip
Details	Domain	1	owaowaowa.zip
Details	Domain	1	covid-19-gov.com
Details	Domain	12	tempuri.org
Details	Domain	1	corona-map-data.com
Details	Domain	1	corona-virusapps.com
Details	Domain	1	coronaviruscovid19-information.com
Details	Domain	1	covidpreventandcure.com
Details	Domain	1	covidwhereandhow.xyz
Details	Domain	3	coronavirusstatus.space
Details	Domain	1	allsurgicalfacemask.com
Details	Domain	1	surgicalfacemaskpharmacyonline.com
Details	Domain	1	selectsanitizer.com
Details	Domain	1	www.sunrisepromos.com
Details	Domain	1	coronavirussecrets.com
Details	Domain	1	pandemic-survival-coronavirus.com
Details	Domain	1	buygoods.com
Details	Domain	2	coronavirusaware.xyz
Details	Domain	1	covid19center.online
Details	Domain	1	whatsapp.version.gratis
Details	Domain	1	whatsapp.cc0.co
Details	Domain	1	internet-covid19.xyz
Details	Domain	1	covid19-remedy.com
Details	Domain	1	rxcovid.com
Details	Domain	1	anticovid19-pharmacy.com
Details	Domain	1	coronavirus-latest-update.info
Details	Domain	1	sharkroulette.com
Details	Domain	1	coronavirus-com.info
Details	Domain	1	cdn.dsultra.com
Details	Domain	1	hashtag.sslproviders.net
Details	Domain	1	parent.top
Details	Domain	1	coronavirus-game.ru
Details	Domain	47	iplogger.org
Details	Domain	1	coronamasksupply.com
Details	Domain	1	coronavirusinrealtime.com
Details	Domain	1	coronashirts.store
Details	Domain	707	google.com
Details	Domain	9	g00gle.com
Details	Domain	3	survivecoronavirus.org
Details	Domain	1	facemasksus.com
Details	Domain	1	coronavirus2day.com
Details	Domain	1	coronavirus123.org
Details	Domain	1	covide19cleanse.com
Details	Domain	4128	github.com
Details	File	207	login.php
Details	File	19	test.zip
Details	File	1	owaowaowa.zip
Details	File	1	covid-locator.exe
Details	File	2126	cmd.exe
Details	File	1	regsrtjser346.exe
Details	File	1	coronavirus-apps.apk
Details	File	1	corona.apk
Details	File	6	fakeurl.htm
Details	File	1	personalized-hand-sanitizer.html
Details	File	1206	index.php
Details	File	1	registrar.js
Details	File	3	ccard.js
Details	Github username	13	pan-unit42
Details	sha256	1	07bc3abcb6f3a7f7ec38f088068f5cefc953111e066b4dddc35cf43e836b215e
Details	sha256	1	c77c5df13430db98d0eaac6e593fc28e90df3f1ef6c48f81cc5681c67f91b4a8
Details	sha256	1	3d30b7df52672307b20beb1deb7b3b18e06edca63a6583d92125cba8329da107
Details	sha256	1	1de6e6c140ff1b301b7df12d4b6388a21a6fbf0f141347dd2f9289740438a6d8
Details	sha256	1	a754c35dd09677b0b96d8a0dad5c9c5fdd28abd8cf2d8d38a9bd945ca8362e02
Details	sha256	1	bca52647ce9f4900b754fcc0d8ef6329fb0229401e833534905969d10a82d839
Details	sha256	1	c3096b341d6807a5a7d353f97554017a6242349b081837de60908081bcada1d0
Details	sha256	1	c50c4cff782e1bb7171ffb04cb7c1ff69af47371e059bf300fed68949c77514c
Details	sha256	1	f3b0aa7d9664258c9e1783289c4fc56e05b23e3eb9a3557f55733806564deb73
Details	sha256	1	44c7ef261a066790a4ce332afc634fb5f89f3273c0c908ec02ab666088b27757
Details	sha256	1	1a08a65d4199f08d60644f2aee1182d87f29b36d38257239e5c80965ed65e0d1
Details	sha256	2	2b35aa9c70ef66197abfb9bc409952897f9f70818633ab43da85b3825b256307
Details	sha256	1	f6a46b22d26523d4db3dd78fa77c56d4e755aed942321751eda0f48955861ab9
Details	sha256	1	e43bdc87269d0b9da7742049dd533db93579cf3126df433f08e8265edd09243e
Details	IPv4	1	45.142.212.126
Details	IPv4	1	5.181.156.14
Details	IPv4	1	202.195.34.6
Details	Url	1	http://corona-masr21.com/boa/bankofamerica/login.php
Details	Url	1	http://corona-masr21.com/apple-online
Details	Url	1	https://corona-masr3.com/cazanova
Details	Url	1	http://45.142.212.126:6677/iremotepanel
Details	Url	1	http://tempuri.org/iremotepanel/sendclientinfo
Details	Url	1	http://5.181.156.14/fakeurl.htm
Details	Url	1	http://cdn.dsultra.com/js/registrar.js
Details	Url	1	https://github.com/pan-unit42/iocs/blob/master/covid-19