← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Russian bank employees got fake job offers in targeted attack
WHITE AlienVault 2016-02-22 Modified: 2016-02-22
11
IOCs
MEDIUM VOLUME
Employees at six Russian banks were sent spoofed emails delivering Trojan.Ratopak in a narrow, targeted attack.
russiaRatopaktrojan.Ratopakmalwaretrojanspearphishingsymantec
Indicators of Compromise (11)
All domain hostname FileHash-MD5
TYPEINDICATORDESCRIPTIONCREATED
domain microsoft775.com 2016-02-22
domain buhnews.com 2016-02-22
domain newsbuh1c.net 2016-02-22
domain google997.com 2016-02-22
hostname icq.chatovod.info 2016-02-22
hostname rss.sport-express.biz 2016-02-22
hostname forum.ru-tracker.net 2016-02-22
hostname buh.klerk.us 2016-02-22
hostname football.championat.biz 2016-02-22
FileHash-MD5 bbac2e213bb8bafae6c6587a5bf477d3 2016-02-22
FileHash-MD5 f4ae5579930f20ccc41d1f8b1e417e87 2016-02-22
References (1)
↗ http://www.symantec.com/connect/blogs/russian-bank-employees-received-fake-job-offers-targeted-email-attack