Fake Tsunami Alert Brings Malware to Japan
Tags
| cmtmf-attack-pattern: | Code Injection |
| country: | Japan Russia |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Code Injection - T1540 Domains - T1583.001 Domains - T1584.001 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Regsvr32 - T1218.010 Server - T1583.004 Server - T1584.004 Software - T1592.002 Vulnerabilities - T1588.006 Whois - T1596.002 Regsvr32 - T1117 |
Common Information
| Type | Value |
|---|---|
| UUID | ee8ca895-2928-4893-bb45-508ffb3ae37e |
| Fingerprint | e40408938c1927fc |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Dec. 19, 2018, midnight |
| Added to db | Jan. 18, 2023, 11:18 p.m. |
| Last updated | Nov. 17, 2024, 11:40 p.m. |
| Headline | Fake Tsunami Alert Brings Malware to Japan |
| Title | Fake Tsunami Alert Brings Malware to Japan |
| Detected Hints/Tags/Attributes | 63/4/69 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | www.jma.go.jp |
|
| Details | Domain | 1373 | twitter.com |
|
| Details | Domain | 1 | www.jma-go.jp |
|
| Details | Domain | 1 | jma-go.jp |
|
| Details | Domain | 101 | cert.pl |
|
| Details | Domain | 1 | thunderbolt-price.com |
|
| Details | Domain | 1 | bite-me.wz.cz |
|
| Details | Domain | 1175 | gmail.com |
|
| Details | Domain | 1 | www.montepaschi-decreto-gdpr.net |
|
| Details | Domain | 1 | www.posteweb-sicurezza.com |
|
| Details | Domain | 1 | www.3djks92lsd.biz |
|
| Details | Domain | 1 | www.38djkf92lsd.biz |
|
| Details | Domain | 1 | www.38djks92lsd.biz |
|
| Details | Domain | 1 | www.348djks92lsd.biz |
|
| Details | Domain | 1 | www.38djks921lsd.biz |
|
| Details | Domain | 1 | writingspiders.xyz |
|
| Details | Domain | 1 | catsamusement.xyz |
|
| Details | Domain | 1 | oatmealtheory.xyz |
|
| Details | Domain | 1 | canvasporter.pw |
|
| Details | Domain | 1 | craigslist.business |
|
| Details | Domain | 1 | craiglist.news |
|
| Details | Domain | 1 | montepaschi-decreto-gdpr.net |
|
| Details | Domain | 1 | certificazione.portalemps.com |
|
| Details | 1 | lixiaomraz@gmail.com |
||
| Details | File | 1 | warnmail_20181108.pdf |
|
| Details | File | 156 | 1.exe |
|
| Details | File | 1 | jma.php |
|
| Details | File | 1206 | index.php |
|
| Details | File | 99 | cert.pl |
|
| Details | File | 1260 | explorer.exe |
|
| Details | File | 1 | genkryptik.cs |
|
| Details | File | 1 | conferma_dati.html |
|
| Details | md5 | 1 | 1f662cf64a83651238b92d62e23144fd |
|
| Details | sha256 | 1 | 748c94bfdb94b322c876114fcf55a6043f1cd612766e8af1635218a747f45fb9 |
|
| Details | sha256 | 1 | 70900b5777ea48f4c635f78b597605e9bdbbee469b3052f1bd0088a1d18f85d3 |
|
| Details | sha256 | 1 | 27aa9cdf60f1fbff84ede0d77bd49677ec346af050ffd90a43b8dcd528c9633b |
|
| Details | sha256 | 1 | 42fdaffdbacfdf85945bd0e8bfaadb765dde622a0a7268f8aa70cd18c91a0e85 |
|
| Details | sha256 | 1 | fb3def9c23ba81f85aae0f563f4156ba9453c2e928728283de4abdfb5b5f426f |
|
| Details | sha256 | 1 | a1ce72ec2f2fe6139eb6bb35b8a4fb40aca2d90bc19872d6517a6ebb66b6b139 |
|
| Details | sha256 | 1 | 7337143e5fb7ecbdf1911e248d73c930a81100206e8813ad3a90d4dd69ee53c7 |
|
| Details | Url | 1 | https://www.jma.go.jp/jma/press/1811/08c/warnmail_20181108.pdf |
|
| Details | Url | 1 | https://twitter.com/jma_kishou/status/1063345647653281794 |
|
| Details | Url | 1 | http://www.jma-go.jp/jma/tsunami/tsunami_regions.scr |
|
| Details | Url | 1 | https://www.jma.go.jp |
|
| Details | Url | 1 | http://jma-go.jp/jma/tsunami/1.exe |
|
| Details | Url | 1 | http://jma-go.jp/js/metrology/jma.php |
|
| Details | Url | 1 | http://www.jma-go.jp/java/java9356/index.php |
|
| Details | Url | 1 | http://thunderbolt-price.com/art-and-jakes/coupon.scr |
|
| Details | Url | 1 | http://bite-me.wz.cz/1.exe |
|
| Details | Url | 1 | http://www.montepaschi-decreto-gdpr.net |
|
| Details | Url | 1 | http://www.posteweb-sicurezza.com |
|
| Details | Url | 1 | http://www.3djks92lsd.biz |
|
| Details | Url | 1 | http://www.38djkf92lsd.biz |
|
| Details | Url | 1 | http://www.38djks92lsd.biz |
|
| Details | Url | 1 | http://www.348djks92lsd.biz |
|
| Details | Url | 1 | http://www.38djks921lsd.biz |
|
| Details | Url | 1 | http://writingspiders.xyz |
|
| Details | Url | 1 | http://catsamusement.xyz |
|
| Details | Url | 1 | http://oatmealtheory.xyz |
|
| Details | Url | 1 | http://canvasporter.pw |
|
| Details | Url | 1 | http://craigslist.business |
|
| Details | Url | 1 | http://craiglist.news |
|
| Details | Url | 1 | http://montepaschi-decreto-gdpr.net |
|
| Details | Url | 1 | http://montepaschi-decreto-gdpr.net/procedura-per-sblocco-temporaneo-decreto/conferma_dati.html |
|
| Details | Url | 1 | http://certificazione.portalemps.com |
|
| Details | Url | 1 | http://certificazione.portalemps.com/verifica-conto |
|
| Details | Windows Registry Key | 3 | HKLM\System\CurrentControlSet\Services\Disk\Enum |
|
| Details | Windows Registry Key | 1 | HKLM\System\ControlControlSet\Enum\IDE |
|
| Details | Windows Registry Key | 1 | HKLM\System\ControlControlSet\Enum\SCSI |