ioc[.]one - OSINT Cyber Threat Intelligence Database

Dear Joohn: The Sofacy Group’s Global Campaign

Tags

country:	Australia Czechia Israel Russia
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Model Email Account - T1087.003 Email Accounts - T1585.002 Email Accounts - T1586.002 Email Addresses - T1589.002 Ip Addresses - T1590.005 Web Services - T1583.006 Web Services - T1584.006 Tool - T1588.002 Scripting - T1064 Scripting

Show in Graph

Common Information

Type	Value
UUID	e1779dd5-6c6f-4a5b-b674-f4a23fc88b7f
Fingerprint	78d5891b4737c403
Analysis status	DONE
Considered CTI value	2
Text language
Published	Dec. 12, 2018, 4 a.m.
Added to db	Sept. 26, 2022, 9:32 a.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	Dear Joohn: The Sofacy Group’s Global Campaign
Title	Dear Joohn: The Sofacy Group’s Global Campaign
Detected Hints/Tags/Attributes	89/3/100

Source URLs

	Redirection	Url
Details	Source	https://unit42.paloaltonetworks.com/dear-joohn-sofacy-groups-global-campaign/

URL Provider

Details	Provider	Source level domain
Details	paloaltonetworks.com	unit42.paloaltonetworks.com

Attributes

Details	Type	#Events	Value
Details	Domain	56	vb.net
Details	Domain	10	post.cz
Details	Domain	2	ambcomission.com
Details	Email	2	sahro.bella7@post.cz
Details	Email	2	sym777.g@post.cz
Details	Email	1	heatlth500@ambcomission.com
Details	Email	1	trash023@ambcomission.com
Details	Email	1	trasler22@ambcomission.com
Details	Email	2	rishit333@ambcomission.com
Details	Email	2	tomasso25@ambcomission.com
Details	Email	2	kevin30@ambcomission.com
Details	Email	2	kae.mezhnosh@post.cz
Details	Email	1	vebek.morozh30@post.cz
Details	Email	1	g0r7tsa45s@post.cz
Details	Email	1	marvel.polezha@post.cz
Details	Email	2	trala.cosh2@post.cz
Details	Email	2	bishtr.cam47@post.cz
Details	Email	2	lobrek.chizh@post.cz
Details	Email	2	cervot.woprov@post.cz
Details	File	1	1500029.docx
Details	File	1	passport.docx
Details	File	2	invitation.docx
Details	File	1	2018_10_13_17_15_21.docx
Details	File	1	заявление.docx
Details	File	2	israel.docx
Details	File	1	201811131257.docx
Details	File	3	2018.docx
Details	File	1	attacks.docx
Details	File	1	xxx.tab
Details	File	2	office.dot
Details	File	1	note_template.dot
Details	File	1	release.dot
Details	File	1	message_template.dot
Details	File	1	documents.dot
Details	File	2	templates.dot
Details	File	2	attachedtemplate.dot
Details	File	2	instruction.docx
Details	File	1	бурханов.docx
Details	File	2	auddevc.txt
Details	File	1	wmssl.exe
Details	File	1	wmssl.txt
Details	File	1	ta.bin
Details	File	1	cube.php
Details	File	16	check.php
Details	File	2	filters.php
Details	File	1	drivers-i7-x86.php
Details	sha256	2	2cfc4b3686511f959f14889d26d3d9a0d06e27ee2bb54c9afb1ada6b8205c55f
Details	sha256	1	c20e5d56b35992fe74e92aebb09c40a9ec4f3d9b3c2a01efbe761fa7921dd97f
Details	sha256	1	abfc14f7f708f662046bfcad81a719c71a35a8dc5aa111407c2c93496e52db74
Details	sha256	1	40318f3593bca859673827b88d65c5d2f0d80a76948be936a60bda67dff27be9
Details	sha256	1	5749eb9d7b8afa278be24a4db66f122aeb323eaa73a9c9e52d77ac3952da5e7d
Details	sha256	2	af77e845f1b0a3ae32cb5cfa53ff22cc9dae883f05200e18ad8e10d7a8106392
Details	sha256	1	34bdb5b364358a07f598da4d26b30bac37e139a7dc2b9914debb3a16311f3ded
Details	sha256	1	79bd5f34867229176869572a027bd601bd8c0bc3f56d37443d403a6d1819a7e5
Details	sha256	1	77ff53211bd994293400cb3f93e3d3df6754d8d477cb76f52221704adebad83a
Details	sha256	2	f1e2bceae81ccd54777f7862c616f22b581b47e0dda5cb02d0a722168ef194a5
Details	sha256	1	86bb3b00bcd4878b081e4e4f126bba321b81a17e544d54377a0f590f95209e46
Details	sha256	1	2da5a388b891e42df4ed62cffbc167db2021e2441e6075d651ecc1d0ffd32ec8
Details	sha256	1	0d7b945b9c912d205974f44e3742c696b5038c2120ed4775710ed6d51fbc58ef
Details	sha256	2	fc69fb278e12fc7f9c49a020eff9f84c58b71e680a9e18f78d4e6540693f557d
Details	sha256	1	ed8f52cdfc5f4c4be95a6b2e935661e00b50324bee5fe8974599743ccfd8daba
Details	sha256	1	b9f3af84a69cd39e2e10a86207f8612dd2839873c5839af533ffbc45fc56f809
Details	sha256	1	5173721f3054b92e6c0ff2a6a80e4741aa3639bc1906d8b615c3b014a7a1a8d7
Details	sha256	2	61a1f3b4fb4dbd2877c91e81db4b1af8395547eab199bf920e9dd11a1127221e
Details	sha256	2	6ad3eb8b5622145a70bec67b3d14868a1c13864864afd651fe70689c95b1399a
Details	sha256	1	9a0f00469d67bdb60f542fabb42e8d3a90c214b82f021ac6719c7f30e69ff0b9
Details	sha256	1	b41480d685a961ed033b932d9c363c2a08ad60af1d2b46d4f78b5469dc5d58e3
Details	sha256	1	c91843a69dcf3fdad0dac1b2f0139d1bb072787a1cfcf7b6e34a96bc3c081d65
Details	sha256	1	e5aece694d740ebcb107921e890cccc5d7e8f42471f1c4ce108ecb5170ea1e92
Details	sha256	1	861b6bc1f9869017c48930af5848930dd037fb70fc506d8a7e43e1a0dbd1e8cb
Details	sha256	1	4405cfbf28e0dfafa9ea292e494f385592383d2476a9c49d12596b8d22a63c47
Details	sha256	1	174effcdeec0b84c67d7dc23351418f6fa4825550d595344214cc746f1a01c1a
Details	sha256	1	a23261e2b693750a7009569df96ec4cf61e57acc9424c98d6fe1087ff8c659ce
Details	sha256	1	651d5aab82e53711563ce074c047cbaa0703931673fa3ad20933d6a63c5c3b12
Details	sha256	1	68df0f924ce79765573156eabffee3a7bb0fa972d2b67d12dd91dea3ec255d24
Details	sha256	1	5a02d4e5f6d6a89ad41554295114506540f0876e7288464e4a70c9ba51d24f12
Details	sha256	1	d06be83a408f4796616b1c446e3637009d7691c131d121eb165c55bdd5ba50b4
Details	sha256	1	78adc8e5e4e86146317420fa3b2274c9805f6942c9973963467479cb1bbd4ead
Details	sha256	1	054c5aa73d6b6d293170785a82453446429c0efc742df75979b760682ac3026b
Details	sha256	1	cac630c11c4bf6363c067fbf7741eae0ec70238d9c5e60d41f3ed8f65b56c1d1
Details	sha256	1	ecc5805898e037c2ef9bc52ea6c6e59b537984f84c3d680c8436c6a38bdecdf4
Details	sha256	1	215f7c08c2e3ef5835c7ebc9a329b04b8d5215773b7ebfc9fd755d93451ce1ae
Details	IPv4	1	185.203.118.198
Details	IPv4	1	145.249.105.165
Details	IPv4	2	188.241.58.170
Details	IPv4	2	109.248.148.42
Details	Threat Actor Identifier - APT	783	APT28
Details	Url	1	http://109.248.148.42/agr-enum/progress-inform/cube.php?res=[serial
Details	Url	1	http://145.249.105.165/resource-store/stockroom-center-service/check.php?fm=[serial
Details	Url	2	http://188.241.58.170/live/owa/office.dotm
Details	Url	1	http://185.203.118.198/documents/note_template.dotm
Details	Url	1	http://145.249.105.165/doc/temp/release.dotm
Details	Url	1	http://145.249.105.165/messages/content/message_template.dotm
Details	Url	1	http://188.241.58.170/version/in/documents.dotm
Details	Url	2	http://109.248.148.42/officedocument/2006/relationships/templates.dotm
Details	Url	2	http://109.248.148.42/office/thememl/2012/main/attachedtemplate.dotm
Details	Url	2	http://188.241.58.170/local/s3/filters.php
Details	Url	1	http://185.203.118.198/en_action_device/center_correct_customer/drivers-i7-x86.php
Details	Url	1	http://145.249.105.165/resource-store/stockroom-center-service/check.php
Details	Url	1	http://109.248.148.42/agr-enum/progress-inform/cube.php