← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Thamar Reservoir – An Iranian cyber-attack campaign
WHITE Rocket Kitten AlienVault 2015-06-03 Modified: 2017-03-07
18
IOCs
MEDIUM VOLUME
This report reviews an ongoing cyber-attack campaign dating back to mid-2014. Additional sources indicate this it may have origins as far back as 2011. We call this campaign Thamar Reservoir, named for one of the targets, Thamar E. Gindin, which exposed new information about the attack and is currently assisting with the investigation.
iranspearphishingphishingisraelGholeeRocket KittenWOOLEN GOLDFISHAjax Security TeamNewscasterCWoolgerMiddle East
Indicators of Compromise (18)
All FileHash-SHA256 domain hostname FileHash-MD5 FileHash-SHA1 email
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 072a43123e755ad1bdd159488a85a353227ec51f273c4f79c26ff7e4656c0ef4 2015-06-03
FileHash-SHA256 1c9e519dca0468a87322bebe2a06741136de7969a4eb3efda0ab8db83f0807b4 2015-06-03
FileHash-SHA256 69e48eb82ce7387d65cc1a82c5a6a170dc6121d479736b1dd33358d09c483617 2015-06-03
domain drives-google.co 2015-06-03
domain login-users.com 2015-06-03
domain google-setting.com 2015-06-03
domain gfimail.us 2015-06-03
domain google-verify.com 2015-06-03
domain drive-google.co 2015-06-03
domain mail-verify.com 2015-06-03
hostname video.qooqle.co 2015-06-03
FileHash-MD5 55ff220e38556ff902528ac984fc72dc 2015-06-03
FileHash-MD5 b4790618672197cab31681994bbc10a4 2015-06-03
FileHash-MD5 60f5bc820cf38e78b51e1e20fed290b5 2015-06-03
FileHash-SHA1 b67572a18282e79974dc61fffb8ca3d0f4fca1b0 2015-06-03
FileHash-SHA1 476489f75fed479f19bac02c79ce1befc62a6633 2015-06-03
FileHash-SHA1 d5b2b30fe2d4759c199e3659d561a50f88a7fb2e 2015-06-03
email saeed.kn2003@gmail.com 2015-06-03
References (1)
↗ http://www.clearskysec.com/wp-content/uploads/2015/06/Thamar-Reservoir-public.pdf