ioc[.]one - OSINT Cyber Threat Intelligence Database

Spear Phishing Campaign with New Techniques Aimed at Aviation Companies

Tags

cmtmf-attack-pattern:	Acquire Infrastructure Command And Scripting Interpreter Process Injection
country:	Argentina Canada Djibouti Fiji
maec-delivery-vectors:	Watering Hole
attack-pattern:	Acquire Infrastructure Data Acquire Infrastructure - T1583 Botnet - T1583.005 Botnet - T1584.005 Command And Scripting Interpreter - T1623 Component Object Model - T1559.001 Credentials - T1589.001 Exfiltration Over C2 Channel - T1646 Hooking - T1617 Input Capture - T1417 Keylogging - T1056.001 Keylogging - T1417.001 Malicious Link - T1204.001 Malware - T1587.001 Malware - T1588.001 Msbuild - T1127.001 Native Api - T1575 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Process Hollowing - T1055.012 Process Injection - T1631 Registry Run Keys / Startup Folder - T1547.001 Regsvcs/Regasm - T1218.009 Scheduled Task - T1053.005 Security Software Discovery - T1418.001 Security Software Discovery - T1518.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Spearphishing Link - T1566.002 Spearphishing Link - T1598.003 At - T1053.002 Visual Basic - T1059.005 Trusted Developer Utilities Proxy Execution - T1127 Virtualization/Sandbox Evasion - T1497 Web Services - T1583.006 Web Services - T1584.006 Tool - T1588.002 Virtualization/Sandbox Evasion - T1633 Command-Line Interface - T1059 Execution Through Api - T1106 Exfiltration Over Command And Control Channel - T1041 Hooking - T1179 Input Capture - T1056 Obfuscated Files Or Information - T1027 Powershell - T1086 Process Hollowing - T1093 Process Injection - T1055 Registry Run Keys / Start Folder - T1060 Scheduled Task - T1053 Security Software Discovery - T1063 Signed Binary Proxy Execution - T1218 Spearphishing Link - T1192 Hooking

Show in Graph

Common Information

Type	Value
UUID	e326089b-fde1-45ed-9006-b1fca0f23ede
Fingerprint	78bba991312d07c5
Analysis status	DONE
Considered CTI value	2
Text language
Published	June 27, 2021, midnight
Added to db	Sept. 11, 2022, 12:38 p.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Spear Phishing Campaign with New Techniques Aimed at Aviation Companies
Title	Spear Phishing Campaign with New Techniques Aimed at Aviation Companies
Detected Hints/Tags/Attributes	111/4/47

Source URLs

	Redirection	Url
Details	Source	https://www.fortinet.com/blog/threat-research/spear-phishing-campaign-with-new-techniques-aimed-at-aviation-companies

URL Provider

Details	Provider	Source level domain
Details	fortinet.com	www.fortinet.com

Attributes

Details	Type	#Events	Value
Details	Domain	2	www.motobit.com
Details	Domain	5	projfud.pa
Details	Domain	3	franco.ddns.net
Details	File	72	regsvcs.exe
Details	File	1	31st.vbs
Details	File	1	good.xml
Details	File	2	server.url
Details	File	149	msbuild.exe
Details	File	1	startups32.vbs
Details	File	1	projfud.dll
Details	File	240	wmic.exe
Details	sha256	1	34646a93538a34c871e04a368c97637d1b7d1d4507bf210afd9349a61b25b35e
Details	sha256	1	ef4b52c8f2c844b76534f583171d03a87cc195b0c3ae32754df0c01177792432
Details	sha256	1	04e93767d16a3e6ca68e45fea23434a9c9ed363c3f0d28b9653f74bbf405ef65
Details	sha256	2	adf94da54bc49abc6fdb2a36523eb726f26dacd5598a0fdc64e61b8d500edad8
Details	sha256	1	34914c4af84888552bd7ef74d9a691918013766719881a042723001ef96f554c
Details	sha256	1	c16e5de09a78886dc972d26aeb0e9fe760b855eb157c7df308fad2116b860ef7
Details	sha256	1	65d3ff89602db4294fa2f585c472e566a3d72d2065e6bc4f493b02a3b08393ba
Details	sha256	1	4c6f832a85fbcf17308ab923b066577de859571a2743e99bf249398e19a00fb8
Details	sha256	1	0b56c16a28482cc0af81b93aff36d02610e30a8d65d7ea1ccd73f8242effbada
Details	sha256	1	9dd8a6725b9c881311501b79770e4f1c9aee2c3b42f59f7694d48b67939eede5
Details	sha256	2	59aafb3dd9c6cdb95ff662299e1faf3efb01d5ef8479dbbb8032b4b9cb3c3d91
Details	sha256	2	a54f4ee320b21c1cfde3358a25131476127b9fb1fd5cad9fd03fa2be1f4fd0e2
Details	sha256	1	9297b0db717beea397aacf15e7ef081faf3b9e430002a1c1b4e150e56fb940f9
Details	sha256	1	e7d60a25bf1d80c144919f5f112594793a12a8176f2000bd890e331234a26814
Details	sha256	1	8938838db8d16708692e80d170e0d8dc1522531e5a5ab5ae878a27a147780f44
Details	sha256	1	b45470aa79cc7acab448a65252c3c7ee840ce6d0e78c40ad2c6bc261a912d393
Details	sha256	1	f9bc8699f18b93cdb4b076dbf6f4baf2befd8c72eb26cefc28086f02a607f2f6
Details	sha256	1	b0dc46b5fc849da9cc7a3fc4d8aa5ea8745d7e50869ac689bb956aab3079eeb9
Details	sha256	1	814f21f8c2befba504e592e3396be7454f93013939325cc7fbad5c38f022b395
Details	sha256	1	5344e8b1ef4939a3c9f84921b284dd6e0b98b2cf524d678116bef6e58dc4a6c3
Details	IPv4	1	192.145.239.18
Details	IPv4	1	79.134.225.18
Details	MITRE ATT&CK Techniques	183	T1566.002
Details	MITRE ATT&CK Techniques	137	T1059.005
Details	MITRE ATT&CK Techniques	627	T1027
Details	MITRE ATT&CK Techniques	10	T1127.001
Details	MITRE ATT&CK Techniques	5	T1218.009
Details	MITRE ATT&CK Techniques	86	T1055.012
Details	MITRE ATT&CK Techniques	380	T1547.001
Details	MITRE ATT&CK Techniques	118	T1056.001
Details	MITRE ATT&CK Techniques	12	T1053.002
Details	MITRE ATT&CK Techniques	422	T1041
Details	MITRE ATT&CK Techniques	141	T1518.001
Details	MITRE ATT&CK Techniques	238	T1497
Details	Pdb	1	projfud.pdb
Details	Url	1	http://www.motobit.com