ioc[.]one - OSINT Cyber Threat Intelligence Database

Espionage Campaign Targets Telecoms Organizations across Middle East and Asia

Tags

country:	United Arab Emirates Kuwait Jordan Iran Pakistan Israel Saudi Arabia Thailand Laos
attack-pattern:	Data Credentials - T1589.001 Hidden Window - T1564.003 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Web Shell - T1505.003 Web Services - T1583.006 Web Services - T1584.006 Tool - T1588.002 Connection Proxy - T1090 Credential Dumping - T1003 Hidden Window - T1143 Powershell - T1086 Web Shell - T1100

Show in Graph

Common Information

Type	Value
UUID	cad80e7f-133d-4d64-9a2e-8e7797d8aa03
Fingerprint	27109dd2a13184ef
Analysis status	DONE
Considered CTI value	2
Text language
Published	Dec. 14, 2021, midnight
Added to db	Sept. 26, 2022, 9:34 a.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	Espionage Campaign Targets Telecoms Organizations across Middle East and Asia
Title	Espionage Campaign Targets Telecoms Organizations across Middle East and Asia
Detected Hints/Tags/Attributes	78/2/22

Source URLs

	Redirection	Url
Details	Source	https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/espionage-campaign-telecoms-asia-middle-east

URL Provider

Details	Provider	Source level domain
Details	security.com	symantec-enterprise-blogs.security.com

Attributes

Details	Type	#Events	Value
Details	Domain	3	program.zip
Details	File	3	program.zip
Details	File	226	certutil.exe
Details	File	128	w3wp.exe
Details	sha256	1	ae5d0ad47328b85e4876706c95d785a3c1387a11f9336844c39e75c7504ba365
Details	sha256	1	e0873e15c7fb848c1be8dc742481b40f9887f8152469908c9d65930e0641aa6b
Details	sha256	1	22e7528e56dffaa26cfe722994655686c90824b13eb51184abfe44d4e95d473f
Details	sha256	1	b0b97c630c153bde90ffeefc4ab79e76aaf2f4fd73b8a242db56cc27920c5a27
Details	sha256	1	b15dcb62dee1a8499b8ac63064a282a06abf0f7d0302c5e356cdb0c7b78415a9
Details	sha256	2	61f83466b512eb12fc82441259a5205f076254546a7726a2e3e983011898e4e2
Details	sha256	2	ccdddd1ebf3c5de2e68b4dcb8fbc7d4ed32e8f39f6fdf71ac022a7b4d0aa4131
Details	sha256	1	facb00c8dc1b7ed209507d7c56d18b2c542c4e0b2986b9bfaf1764d8e252576b
Details	sha256	1	1a107c3ece1880cbbdc0a6c0817624b0dd033b02ebaf7fa366306aaca22c103d
Details	sha256	1	916cc8d6bf2282ae0d2db587f4f96780af59e685a1f1a511e0b2b276669dc802
Details	sha256	1	e2a7a9a803c6a4d2d503bb78a73cd9951e901beb5fb450a2821eaf740fc48496
Details	sha256	1	f6600e5d5c91ed30d8203ef2bd173ed0bc431453a31c03bc363b89f77e50d4c5
Details	sha256	1	6d73c0bcdf1274aeb13e5ba85ab83ec00345d3b7f3bb861d1585be1f6ccda0c5
Details	sha256	4	912018ab3c6b16b39ee84f17745ff0c80a33cee241013ec35d0281e40c0658d9
Details	sha256	1	96632f716df30af567da00d3624e245d162d0a05ac4b4e7cbadf63f04ca8d3da
Details	sha256	1	bee3d0ac0967389571ea8e3a8c0502306b3dbf009e8155f00a2829417ac079fc
Details	sha256	1	d9770865ea739a8f1702a2651538f4f4de2d92888d188d8ace2c79936f9c2688
Details	Url	1	https://webmail.[redacted].com/ews