← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Thamar Reservoir – An Iranian cyber-attack campaign
WHITE Rocket Kitten AlienVault 2015-06-03 Modified: 2017-03-07
18
IOCs
MEDIUM VOLUME
This report reviews an ongoing cyber-attack campaign dating back to mid-2014. Additional sources indicate this it may have origins as far back as 2011. We call this campaign Thamar Reservoir, named for one of the targets, Thamar E. Gindin, which exposed new information about the attack and is currently assisting with the investigation.
iranspearphishingphishingisraelGholeeRocket KittenWOOLEN GOLDFISHAjax Security TeamNewscasterCWoolgerMiddle East
Indicators of Compromise (3 / 18 total)
All FileHash-SHA256 domain hostname FileHash-MD5 FileHash-SHA1 email
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 b67572a18282e79974dc61fffb8ca3d0f4fca1b0 2015-06-03
FileHash-SHA1 476489f75fed479f19bac02c79ce1befc62a6633 2015-06-03
FileHash-SHA1 d5b2b30fe2d4759c199e3659d561a50f88a7fb2e 2015-06-03
References (1)
↗ http://www.clearskysec.com/wp-content/uploads/2015/06/Thamar-Reservoir-public.pdf