APTnotes icon indicating copy to clipboard operation
APTnotes copied to clipboard
verified publisher icon kbandla

HT ZeroDays

Open chrisddom opened this issue 10 years ago • 4 comments

http://researchcenter.paloaltonetworks.com/2015/07/apt-group-ups-targets-us-government-with-hacking-team-flash-exploit/ http://blog.trendmicro.com/trendlabs-security-intelligence/an-in-depth-look-at-how-pawn-storms-java-zero-day-was-used/

Indicators

UPS a2fe113cc13acac2bb79a375f692b8ba5cc2fa880272adc7ab0d01f839e877ff Domains rpt.perrydale[.]com report.perrydale[.]com IPs 194.44.130[.]179 URLs rpt.perrydale[.]com /en/show.swf report.perrydale[.]com /ema/show.swf rpt.perrydale[.]com /en/b.gif report.perrydale[.]com /ema/b,gif

PawnStorm 192[.]111[.]146[.]185 (direct to IP call) www[.]acledit[.]com www[.]biocpl[.]org

chrisddom avatar Jul 16 '15 09:07 chrisddom

i'm going to wait on this one. Will add it after a few more weeks.

kbandla avatar Jul 22 '15 21:07 kbandla

Yeah good call - there are at least 5 distinct articles on different groups using these already

chrisddom avatar Jul 23 '15 08:07 chrisddom

Another HT related article: https://www.fireeye.com/blog/threat-research/2015/07/demonstrating_hustle.html

kbandla avatar Jul 29 '15 15:07 kbandla

@kbandla also add this one in, closing out the origin ticket: http://blog.shadowserver.org/2015/08/10/the-italian-connection-an-analysis-of-exploit-supply-chains-and-digital-quartermasters/

ghost avatar Apr 11 '16 04:04 ghost