Bahamut Possibly Responsible for Multi-Stage Infection Chain Campaign
Tags
cmtmf-attack-pattern: Application Layer Protocol Command And Scripting Interpreter Masquerading Obtain Capabilities
country: Egypt United Arab Emirates India Iran Pakistan Qatar Tunisia
maec-delivery-vectors: Watering Hole
attack-pattern: Data Direct Application Layer Protocol - T1437 Command And Scripting Interpreter - T1623 Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Ip Addresses - T1590.005 Local Data Staging - T1074.001 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 System Information Discovery - T1426 Obtain Capabilities - T1588 Phishing - T1660 Phishing - T1566 Server - T1583.004 Server - T1584.004 Spearphishing Attachment - T1566.001 Spearphishing Attachment - T1598.002 Visual Basic - T1059.005 Template Injection - T1221 Vulnerabilities - T1588.006 Standard Application Layer Protocol - T1071 Command-Line Interface - T1059 Data Staged - T1074 Deobfuscate/Decode Files Or Information - T1140 Masquerading - T1036 Spearphishing Attachment - T1193 System Information Discovery - T1082 User Execution - T1204 Masquerading Spearphishing Attachment User Execution
Show in Graph
Common Information
Type Value
UUID e7ede5ae-3861-4b64-b56f-eaa3075d44c9
Fingerprint f49111dba6b44b29
Analysis status DONE
Considered CTI value 2
Text language
Published March 31, 2021, midnight
Added to db Sept. 26, 2022, 9:34 a.m.
Last updated Nov. 17, 2024, 6:56 p.m.
Headline Bahamut Possibly Responsible for Multi-Stage Infection Chain Campaign
Title Bahamut Possibly Responsible for Multi-Stage Infection Chain Campaign
Detected Hints/Tags/Attributes 97/4/78
Source URLs
Redirection Url
Details Source https://www.anomali.com/blog/bahamut-possibly-responsible-for-multi-stage-infection-chain-campaign
URL Provider
Details Provider Source level domain
Details anomali.com www.anomali.com
Attributes
Details Type #Events CTI Value
Details CVE 63 
cve-2017-8570
Details Domain 1 
lobertica.info
Details Domain 1 
template.dot
Details Domain 1 
memoadvicr.com
Details Domain 5 
www.dawn.com
Details Domain 5 
www.bellingcat.com
Details Domain 261 
blog.talosintelligence.com
Details Domain 4 
www.thaicert.or.th
Details Domain 7 
gsec.hitb.org
Details Domain 1 
igtxpres.zip
Details Domain 1 
zovwelle.com
Details Domain 1 
fastfiterzone.com
Details File 1 
list1.docx
Details File 1 
lobertica.inf
Details File 3 
template.dot
Details File 1 
website.docx
Details File 1 
approval.docx
Details File 18 
report.doc
Details File 17 
websettings.xml
Details File 1 
eisghfgh321.tmp
Details File 3 
d.tmp
Details File 2 
dwmm.exe
Details File 323 
winword.exe
Details File 1 
dxmm.exe
Details File 2 
report-spark-bahamut.pdf
Details File 1 
pakistan-needs-legislation-to-meet-three-outstanding-fatf-benchmarks-report-101614669450193.html
Details File 2 
mobile-malware-campaign-uses-malicious-mdm-part2.html
Details File 2 
a_threat_actor_encyclopedia.pdf
Details File 2 
karim.pdf
Details File 1 
igtxpres.zip
Details File 1 
ijkbfumnbvc.php
Details File 1 
gfdbvgfgggh.php
Details md5 1 
3df18ecd55f8e267be39f6f757bcd5f0
Details md5 1 
9dc1cdba6d5838f7984de89521f18ae8
Details md5 1 
04e05054e9e4f1c6cba9292fcad9e06f
Details md5 1 
61639f301c4cdadfd6c4a696375bdc99
Details md5 1 
68d0e326e18bd7ec50db011f9c119e25
Details md5 1 
de1f5c8223505f7e8c64a4b852614b14
Details md5 1 
d3e989f44fe3065ec501fe7f0fc33c3e
Details md5 1 
11eb560d256383859b8135cfbbf98e30
Details IPv4 1 
185.175.158.227
Details IPv4 1 
185.183.161.125
Details IPv4 1 
208.91.197.54
Details IPv4 1 
194.120.24.116
Details IPv4 5 
93.184.220.29
Details IPv4 1 
194.67.93.17
Details MITRE ATT&CK Techniques 444 
T1071
Details MITRE ATT&CK Techniques 137 
T1059.005
Details MITRE ATT&CK Techniques 49 
T1074.001
Details MITRE ATT&CK Techniques 504 
T1140
Details MITRE ATT&CK Techniques 348 
T1036
Details MITRE ATT&CK Techniques 110 
T1588.006
Details MITRE ATT&CK Techniques 409 
T1566
Details MITRE ATT&CK Techniques 310 
T1566.001
Details MITRE ATT&CK Techniques 1006 
T1082
Details MITRE ATT&CK Techniques 40 
T1221
Details MITRE ATT&CK Techniques 420 
T1204
Details MITRE ATT&CK Techniques 365 
T1204.002
Details Url 1 
https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf
Details Url 1 
https://www.dawn.com/news/1565473
Details Url 1 
https://www.hindustantimes.com/world-news/pakistan-needs-legislation-to-meet-three-outstanding-fatf-benchmarks-report-101614669450193.html
Details Url 1 
https://www.thenationalnews.com/lifestyle/travel/coronavirus-more-repatriation-flights-from-uae-to-pakistan-announced-1.1030914
Details Url 1 
https://www.reuters.com/article/us-health-coronavirus-emirates-pakistan/uae-suspends-receiving-passengers-from-pakistan-as-of-june-29-over-covid-fears-iduskbn23z0rm.
Details Url 1 
https://www.bellingcat.com/news/mena/2017/06/12/bahamut-pursuing-cyber-espionage-actor-middle-east
Details Url 2 
https://blog.talosintelligence.com/2018/07/mobile-malware-campaign-uses-malicious-mdm-part2.html
Details Url 1 
https://www.thaicert.or.th/downloads/files/a_threat_actor_encyclopedia.pdf
Details Url 2 
https://gsec.hitb.org/materials/sg2018/d1
Details Url 1 
http://lobertica.info
Details Url 1 
http://lobertica.info/fefus
Details Url 1 
http://lobertica.info/fefus/report.doc
Details Url 1 
http://lobertica.info/fefus/template.dot
Details Url 1 
http://lobertica.info/msoll/igtxpres.zip
Details Url 1 
http://zovwelle.com
Details Url 1 
http://zovwelle.com/opregftyro/ijkbfumnbvc.php
Details Url 1 
http://memoadvicr.com
Details Url 1 
http://memoadvicr.com/kodec/report.doc
Details Url 1 
http://memoadvicr.com/dvsec/report.doc
Details Url 1 
http://fastfiterzone.com/sdjfbjsgdlfvfd/gfdbvgfgggh.php