← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Spearphising attempt on Central Bank of Armenia employees
Bluecoat: As a part of the daily work process, I keep an eye on the latest incoming samples to ensure detection in our Malware Appliance. During this process, an interesting decoy caught my attention.
Sample name - Բանկերի և բանկային գործունեության մասին ՀՀ օրենք 27.07.2015.doc. Using google translate, I found that the language is Armenian and translates to "The Law on Banks and Banking 27.07.2015.doc" VirusTotal intelligence spotted the decoy in the wild as an email attachment with the subject name "Law changes" which gave me a suspicion that the attempt was made to specifically target the employees of Central bank of Armenia.
Indicators of Compromise (15)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| domain | adobe-dns-3-adobe.com | — | 2017-08-24 | |
| FileHash-MD5 | f2e407846e0937ab9184c0a9bb77aa95 | — | 2017-08-24 | |
| FileHash-MD5 | f5db00b0fd7a9593ed6a773a5f63b105 | — | 2017-08-24 | |
| FileHash-MD5 | 2d2840b305c944c882ce5e37cd74cfbc | — | 2017-08-24 | |
| FileHash-MD5 | 95e200169e95b73c885c032796246cfb | — | 2017-08-24 | |
| FileHash-MD5 | a680ffb948da8d801eeb4f1a2a275665 | — | 2017-08-24 | |
| FileHash-MD5 | 554c74582f38dfe21640b3ce125238c4 | — | 2017-08-24 | |
| FileHash-MD5 | 5322b34cb2db39d19f870b3dd17b796b | — | 2017-08-24 | |
| FileHash-MD5 | 63a5aea388e454f6186fabab8cd96ff7 | — | 2017-08-24 | |
| FileHash-MD5 | 7f31e18efad384ed1b6f14be1860dc33 | — | 2017-08-24 | |
| FileHash-MD5 | c9b105ec2412ac0e2ace20bfa71e1450 | — | 2017-08-24 | |
| FileHash-MD5 | 8c1922960c1dd9290931079e1f56f08b | — | 2017-08-24 | |
| FileHash-MD5 | c16f6825fd1dc4795761c211adf4616a | — | 2017-08-24 | |
| FileHash-MD5 | 339b61c3ca3596ab6da4c2a605247fbb | — | 2017-08-24 | |
| CVE | CVE-2012-0158 | — | 2017-08-24 |