ioc[.]one - OSINT Cyber Threat Intelligence Database

MeteorExpress | Mysterious Wiper Paralyzes Iranian Trains with Epic Troll - SentinelLabs

Tags

country:	Iran Israel
attack-pattern:	Data Direct Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Powershell - T1086 Scheduled Task - T1053

Show in Graph

Common Information

Type	Value
UUID	ec9d4cdb-ec11-4ee7-8358-a3cece8aa9e7
Fingerprint	b4499592e531450a
Analysis status	DONE
Considered CTI value	2
Text language
Published	July 29, 2021, midnight
Added to db	Sept. 11, 2022, 12:45 p.m.
Last updated	Nov. 17, 2024, 5:57 p.m.
Headline	MeteorExpress \| Mysterious Wiper Paralyzes Iranian Trains with Epic Troll
Title	MeteorExpress \| Mysterious Wiper Paralyzes Iranian Trains with Epic Troll - SentinelLabs
Detected Hints/Tags/Attributes	81/2/39

Source URLs

	Redirection	Url
Details	Source	https://labs.sentinelone.com/meteorexpress-mysterious-wiper-paralyzes-iranian-trains-with-epic-troll/

URL Provider

Details	Provider	Source level domain
Details	sentinelone.com	labs.sentinelone.com

Attributes

Details	Type	#Events	Value
Details	Domain	1373	twitter.com
Details	Domain	3	threats.amnpardaz.com
Details	Domain	21	www.malwaretech.com
Details	File	96	rar.exe
Details	File	1	nti.exe
Details	File	2	mssetup.exe
Details	File	11	setup.bat
Details	File	24	update.bat
Details	File	3	env.exe
Details	File	2	envxp.bat
Details	File	2	msapp.exe
Details	File	1	windowstemp__lock6423900.dat
Details	File	1	programs.rar
Details	File	1	bcd.rar
Details	File	1	ms.rar
Details	File	3	cache.bat
Details	File	4	bcd.bat
Details	File	120	boot.ini
Details	File	2	msrun.bat
Details	File	2	mscap.bmp
Details	File	2	mscap.jpg
Details	File	1	mssetup.reg
Details	File	1	msuser.reg
Details	File	1	tempmscap.bmp
Details	File	2	petya-ransomware-attack-whats-known.html
Details	md5	1	04633656756847a79c7a2a02d62e5522
Details	md5	1	9a49102f53291a644bd14c8202d8fbe3
Details	sha1	2	86e4f73c384d84b6ecd5ad9d7658c1cc575b54df
Details	sha1	2	e55cee8b49f80e957b52976b2da6379e329466a3
Details	sha256	4	2aa6e42cb33ec3c132ffce425a92dfdb5e29d8ac112631aec068c8a78314d49b
Details	sha256	2	68e95a3ccde3ea22b8eb8adcf0ad53c7993b2ea5316948e31d9eadd11b5151d7
Details	sha256	2	074bcc51b77d8e35b96ed444dc479b2878bf61bf7b07e4d7bd4cf136cc3c0dce
Details	Url	1	https://www.timesofisrael.com/hack-causes-chaos-on-iran-trains-posts-supreme-leaders-number-for-complaints
Details	Url	1	https://www.voanews.com/middle-east/voa-news-iran/hackers-disrupt-irans-rail-service-fake-delay-messages
Details	Url	1	https://www.reuters.com/world/middle-east/hackers-breach-iran-rail-network-disrupt-service-2021-07-09
Details	Url	1	https://twitter.com/cherepanov74/status/1416643609131114497?s=20
Details	Url	1	https://threats.amnpardaz.com/malware/trojan-win32-breakwin
Details	Url	2	https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
Details	Url	1	https://www.reuters.com/article/us-emirates-tech-israel/uae-target-of-cyber-attacks-after-israel-deal-official-says-iduskbn28g0bw