← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Operation Ghoul: targeted attacks on industrial organizations
WHITE AlienVault 2016-08-17 Modified: 2017-07-18
52
IOCs
HIGH VOLUME
Kaspersky Lab has observed new waves of attacks that started on the 8th and the 27th of June 2016. These have been highly active in the Middle East region and unveiled ongoing targeted attacks in multiple regions. The attackers try to lure targets through spear phishing emails that include compressed executables. The malware collects all data such as passwords, keystrokes and screenshots, then sends it to the attackers.
spearphishngmalwarekeyloggerspainpakistanUAEindiaegyptindustrialengineeringshippingpharmaceuticalmanufacturingTradingkaspersky
Indicators of Compromise (52)
All domain URL hostname FileHash-MD5
TYPEINDICATORDESCRIPTIONCREATED
domain katynew.pw 2016-08-17
domain brokelimiteds.in 2016-08-17
domain f444c4f547116bfd052461b0b3ab1bc2b445a.com 2016-08-17
domain mercadojs.com 2016-08-17
domain glazeautocaree.com 2016-08-17
domain copylines.biz 2016-08-17
domain studiousb.com 2016-08-17
domain apple-recovery.us 2016-08-17
URL http://customer.comcast.com.aboranian.com/login 2016-08-17
URL http://brokelimiteds.in/cdn/images/obe.exe 2016-08-17
URL http://192.169.82.86/~gurgenle/verify/webmail/ 2016-08-17
URL http://brokelimiteds.in/wp-admin/css/upload/orders.exe 2016-08-17
URL http://brokelimiteds.in/cdn/images/onowu.exe 2016-08-17
URL http://www.deluxepharmacy.net 2016-08-17
URL http://studiousb.com/mercadolivrestudio/f.zip 2016-08-17
URL http://papercuts.info/SocialMedia/java.exe 2016-08-17
URL http://468213579.com/emailreferentie.appleid.apple.nl/emailverificatie-40985443/home/login.php 2016-08-17
URL http://free.meedlifespeed.com/ComCast/ 2016-08-17
URL http://apple.security-block.com/Apple%20-%20My%20Apple%20ID.html 2016-08-17
URL http://brokelimiteds.in/cdn/images/bro.exe 2016-08-17
URL http://glazeautocaree.com/proforma-invoice.exe 2016-08-17
URL http://brokelimiteds.in/wp-admin/css/upload/order.exe 2016-08-17
URL http://copylines.biz/lasagna/gate.php?request=true 2016-08-17
URL http://emailreferentie.appleid.apple.nl.468213579.com/ 2016-08-17
hostname emailreferentie.appleid.apple.nl.468213579.com 2016-08-17
hostname verificatie.appleid.apple.nl.referentie.357912468.com 2016-08-17
hostname cgi.ebay.com-wn.in 2016-08-17
hostname apple.security-block.com 2016-08-17
hostname free.meedlifespeed.com 2016-08-17
hostname customer.comcast.com.aboranian.com 2016-08-17
FileHash-MD5 cc6926cde42c6e29e96474f740d12a78 2016-08-17
FileHash-MD5 c3cf7b29426b9749ece1465a4ab4259e 2016-08-17
FileHash-MD5 5a97d62dc84ede64846ea4f3ad4d2f93 2016-08-17
FileHash-MD5 b8f6e6a0cb1bcf1f100b8d8ee5cccc4c 2016-08-17
FileHash-MD5 fc8da575077ae3db4f9b5991ae67dab1 2016-08-17
FileHash-MD5 36a9ae8c6d32599f21c9d1725485f1a3 2016-08-17
FileHash-MD5 8d46ee2d141176e9543dea9bf1c079c8 2016-08-17
FileHash-MD5 6e959ccb692668e70780ff92757d2335 2016-08-17
FileHash-MD5 3664d7150ac98571e7b5652fd7e44085 2016-08-17
FileHash-MD5 21ea64157c84ef6b0451513d0d11d02e 2016-08-17
FileHash-MD5 dabc47df7ae7d921f18faf685c367889 2016-08-17
FileHash-MD5 aaee8ba81bee3deb1c95bd3aaa6b13d7 2016-08-17
FileHash-MD5 55358155f96b67879938fe1a14a00dd6 2016-08-17
FileHash-MD5 5a68f149c193715d13a361732f5adaa1 2016-08-17
FileHash-MD5 d87d26309ef01b162882ee5069dc0bde 2016-08-17
FileHash-MD5 ae2a78473d4544ed2acd46af2e09633d 2016-08-17
FileHash-MD5 08c18d38809910667bbed747b2746201 2016-08-17
FileHash-MD5 f9ef50c53a10db09fc78c123a95e8eec 2016-08-17
FileHash-MD5 460e18f5ae3e3eb38f8cae911d447590 2016-08-17
FileHash-MD5 07b105f15010b8c99d7d727ff3a9e70f 2016-08-17
URL http://192.169.82.86/~loftyco/okilo/login.php 2016-08-17
URL http://192.169.82.86/~loftyco/skool/login.php 2016-08-17
References (1)
↗ https://securelist.com/blog/research/75718/operation-ghoul-targeted-attacks-on-industrial-and-engineering-organizations/