Holy water: ongoing targeted water-holing attack in Asia
Tags
Common Information
| Type | Value |
|---|---|
| UUID | f3ade705-cefd-4008-a176-4ae534f182b3 |
| Fingerprint | b5ed9481a0a1ec05 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | March 31, 2020, 10 a.m. |
| Added to db | Sept. 26, 2022, 9:30 a.m. |
| Last updated | Nov. 17, 2024, 7:44 p.m. |
| Headline | Holy water: ongoing targeted water-holing attack in Asia |
| Title | Holy water: ongoing targeted water-holing attack in Asia |
| Detected Hints/Tags/Attributes | 73/2/86 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | corps.org |
|
| Details | Domain | 1 | ct.org |
|
| Details | Domain | 1 | policy.net |
|
| Details | Domain | 1 | che.com |
|
| Details | Domain | 1 | parliament.org |
|
| Details | Domain | 1 | ialwork.org |
|
| Details | Domain | 1 | nature.net |
|
| Details | Domain | 1 | airtrade.com |
|
| Details | Domain | 1 | loginwebmailnic.dynssl.com |
|
| Details | Domain | 1 | root20system20macosxdriver.serveusers.com |
|
| Details | Domain | 4127 | github.com |
|
| Details | Domain | 5 | ddns.info |
|
| Details | Domain | 6 | dynamic-dns.net |
|
| Details | Domain | 1 | ubntrooters.serveuser.com |
|
| Details | Domain | 338 | kaspersky.com |
|
| Details | Domain | 1 | airjaldinet.ml |
|
| Details | 147 | intelreports@kaspersky.com |
||
| Details | File | 1 | -css.js |
|
| Details | File | 13 | content.php |
|
| Details | File | 1 | contentmc.php |
|
| Details | File | 1 | -file.js |
|
| Details | File | 1 | flashplayer32ppi_xa_install.exe |
|
| Details | File | 3 | flashupdate.exe |
|
| Details | File | 1 | intelsyc.exe |
|
| Details | File | 5 | sys.txt |
|
| Details | File | 1 | c:\programdata\adobe\flashdriver.exe |
|
| Details | File | 1 | flashdriver.exe |
|
| Details | File | 1 | -lk.txt |
|
| Details | File | 1 | -cs.txt |
|
| Details | File | 1 | -rf.txt |
|
| Details | File | 1 | flashplayer32_xa_pp_install.exe |
|
| Details | File | 1 | flashplayer32pp_xa_install.exe |
|
| Details | File | 1 | c:\programdata\package\adobeservice.exe |
|
| Details | File | 1 | yw6joyqm16rj.html |
|
| Details | File | 1 | itv6e1ukyioo.html |
|
| Details | File | 1 | wuservice.exe |
|
| Details | File | 2 | upgrade.exe |
|
| Details | File | 1 | flashplayer_update.exe |
|
| Details | md5 | 1 | 9A819F2CE060058745FF5374221ADA7C |
|
| Details | md5 | 1 | D59B35489CB88619415D175953CA5400 |
|
| Details | md5 | 1 | 6DC5F8282DF76F4045F75FEA3277DF41 |
|
| Details | md5 | 1 | BEC4482890A89F0184B463C727709D53 |
|
| Details | md5 | 1 | EC993FF561CBC175953502452BFA554A |
|
| Details | md5 | 1 | 0C6025A2C68E1C702A3022F1A6AE9169 |
|
| Details | md5 | 1 | 1076A0EE924F198A7BD58A2DE1F060A0 |
|
| Details | md5 | 1 | 10B4D3A667E06DC4B06AA542173D052C |
|
| Details | md5 | 1 | 11294E27491B496E36CA7DB9F363ADCD |
|
| Details | md5 | 1 | 11A16E109DBAF2FD080D8490328DE5A1 |
|
| Details | md5 | 1 | 2E1862BC23085402EE11C88E540533C0 |
|
| Details | md5 | 1 | 3989AC9EFB6A725918BD1810765D30B3 |
|
| Details | md5 | 1 | 481DD1A37C86FDA68BCED0ECB2F47597 |
|
| Details | md5 | 1 | 5287045D15FF60618F426AFC03BBB331 |
|
| Details | md5 | 1 | 53CB974CAF909EEDCD86D2F80E75AD0A |
|
| Details | md5 | 1 | 5F19BB1688CA836B9207248F9096B9D2 |
|
| Details | md5 | 1 | 6DF39D2CE9FCA27B78CC5CA0BED89703 |
|
| Details | md5 | 1 | 7EB0C103AE21189AD9AD4A9804293B22 |
|
| Details | md5 | 1 | 8623FA35226AC92CF6F02447AC80AFB0 |
|
| Details | md5 | 1 | 9E69DDE252038B4A38EF0BFF6CE7FCD7 |
|
| Details | md5 | 1 | AD7A4333BC364DF3D4FA00B13CBBBEB4 |
|
| Details | md5 | 1 | B02ABA86409BE2AB263B1A476C1A1417 |
|
| Details | md5 | 1 | B21AF331B1752A70360B5D8DC9013F3F |
|
| Details | md5 | 1 | B21BD93F15916A9A4AC76350D8FDBE10 |
|
| Details | md5 | 1 | BE3E563E95DEDCA0CEC9792194FFF2AC |
|
| Details | md5 | 1 | DE2D8AF2EFED0C145690B2F13CD063B3 |
|
| Details | md5 | 1 | ED081A869D30BB90B76552C83BD784C8 |
|
| Details | IPv4 | 1 | 45.32.154.111 |
|
| Details | IPv4 | 1 | 207.148.117.159 |
|
| Details | IPv4 | 1 | 45.76.43.153 |
|
| Details | IPv4 | 1 | 95.179.171.173 |
|
| Details | IPv4 | 1 | 45.63.114.152 |
|
| Details | IPv4 | 1 | 108.61.178.125 |
|
| Details | MITRE ATT&CK Techniques | 480 | T1053 |
|
| Details | MITRE ATT&CK Techniques | 279 | T1060 |
|
| Details | Url | 1 | https://loginwebmailnic.dynssl.com/all/content.php?jsoncallback= |
|
| Details | Url | 1 | https://loginwebmailnic.dynssl.com/part/mac/contentmc.php |
|
| Details | Url | 1 | https://loginwebmailnic.dynssl.com/all/content.php |
|
| Details | Url | 1 | https://loginwebmailnic.dynssl.com/lh/content.php |
|
| Details | Url | 1 | https://root20system20macosxdriver.serveusers.com/yw6joyqm16rj.html |
|
| Details | Url | 1 | https://root20system20macosxdriver.serveusers.com/itv6e1ukyioo.html |
|
| Details | Url | 1 | http://ubntrooters.serveuser.com/wuservice.exe |
|
| Details | Url | 1 | http://ubntrooters.serveuser.com/upgrade.exe |
|
| Details | Url | 1 | http://ubntrooters.serveuser.com/flashplayer_update.exe |
|
| Details | Url | 1 | http://adobeflash31_install.ddns.info/flash/sys.txt |
|
| Details | Url | 1 | https://github.com/adobeflash32/flashupdate |
|
| Details | Url | 1 | https://airjaldinet.ml |
|
| Details | Windows Registry Key | 41 | HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run |