Pulse Detail — Threat Intelligence

PULSE NAME

Operation Ghoul: targeted attacks on industrial organizations

WHITE AlienVault 2016-08-17 Modified: 2017-07-18

IOCs

HIGH VOLUME

Kaspersky Lab has observed new waves of attacks that started on the 8th and the 27th of June 2016. These have been highly active in the Middle East region and unveiled ongoing targeted attacks in multiple regions. The attackers try to lure targets through spear phishing emails that include compressed executables. The malware collects all data such as passwords, keystrokes and screenshots, then sends it to the attackers.

Indicators of Compromise (20 / 52 total)

All domain URL hostname FileHash-MD5

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	cc6926cde42c6e29e96474f740d12a78	—	2016-08-17
FileHash-MD5	c3cf7b29426b9749ece1465a4ab4259e	—	2016-08-17
FileHash-MD5	5a97d62dc84ede64846ea4f3ad4d2f93	—	2016-08-17
FileHash-MD5	b8f6e6a0cb1bcf1f100b8d8ee5cccc4c	—	2016-08-17
FileHash-MD5	fc8da575077ae3db4f9b5991ae67dab1	—	2016-08-17
FileHash-MD5	36a9ae8c6d32599f21c9d1725485f1a3	—	2016-08-17
FileHash-MD5	8d46ee2d141176e9543dea9bf1c079c8	—	2016-08-17
FileHash-MD5	6e959ccb692668e70780ff92757d2335	—	2016-08-17
FileHash-MD5	3664d7150ac98571e7b5652fd7e44085	—	2016-08-17
FileHash-MD5	21ea64157c84ef6b0451513d0d11d02e	—	2016-08-17
FileHash-MD5	dabc47df7ae7d921f18faf685c367889	—	2016-08-17
FileHash-MD5	aaee8ba81bee3deb1c95bd3aaa6b13d7	—	2016-08-17
FileHash-MD5	55358155f96b67879938fe1a14a00dd6	—	2016-08-17
FileHash-MD5	5a68f149c193715d13a361732f5adaa1	—	2016-08-17
FileHash-MD5	d87d26309ef01b162882ee5069dc0bde	—	2016-08-17
FileHash-MD5	ae2a78473d4544ed2acd46af2e09633d	—	2016-08-17
FileHash-MD5	08c18d38809910667bbed747b2746201	—	2016-08-17
FileHash-MD5	f9ef50c53a10db09fc78c123a95e8eec	—	2016-08-17
FileHash-MD5	460e18f5ae3e3eb38f8cae911d447590	—	2016-08-17
FileHash-MD5	07b105f15010b8c99d7d727ff3a9e70f	—	2016-08-17

References (1)

↗ https://securelist.com/blog/research/75718/operation-ghoul-targeted-attacks-on-industrial-and-engineering-organizations/