Pulse Detail — Threat Intelligence

PULSE NAME

Cobalt Strike targeting Ukranian Telecoms

WHITE AlienVault 2018-10-23 Modified: 2019-07-19

232

IOCs

HIGH VOLUME

↓ CSV ↓ JSON

A large set of infrastructure

ukraine

Indicators of Compromise (232)

All URL hostname FileHash-SHA256 domain

TYPE	INDICATOR	DESCRIPTION	CREATED
URL	http://ads1-msn.net/	—	2018-10-23
URL	http://ads1-msn.net/rss.php	—	2018-10-23
URL	http://24tv.agency/	—	2018-10-23
URL	http://a-msedge.org/	—	2018-10-23
URL	http://ads1-msn.com/	—	2018-10-23
URL	https://apostrophe-news.biz/	—	2018-10-23
URL	http://appex-bing.org/	—	2018-10-23
URL	https://appex-bing.org/	—	2018-10-23
URL	http://bigmir.email/	—	2018-10-23
URL	http://censornews.org/	—	2018-10-23
URL	http://cdn-onenote.net/	—	2018-10-23
URL	http://cdn-onenote.net/doc/microsoft.php2	—	2018-10-23
URL	https://compatexchange-cloudapp.com/	—	2018-10-23
URL	https://corpext-datamart.net/	—	2018-10-23
URL	http://diagnostics-support-microsoft.net/	—	2018-10-23
URL	https://diagnostics-support-microsoft.net/	—	2018-10-23
URL	http://cnn-metanews.biz/	—	2018-10-23
URL	http://eizvestia-news.org/	—	2018-10-23
URL	http://espreso.today/	—	2018-10-23
URL	https://feedback-google.org/	—	2018-10-23
URL	http://feedback-google.net/	—	2018-10-23
URL	https://feedback-google.net/	—	2018-10-23
URL	http://feedback-windows.com/	—	2018-10-23
URL	https://feedback-windows.com/	—	2018-10-23
URL	http://foxnewsmeta.biz/	—	2018-10-23
URL	http://feedback-windows.org	—	2018-10-23
URL	http://fwdcdn.org/	—	2018-10-23
URL	http://gateway-telemetry.org/	—	2018-10-23
URL	https://gateway-telemetry.org/	—	2018-10-23
URL	https://gazetaua-news.org/	—	2018-10-23
URL	http://gismeteo.city/	—	2018-10-23
URL	http://interfax-globalnews.com/	—	2018-10-23
URL	http://ipv4-microsoft.org/	—	2018-10-23
URL	https://ipv4-microsoft.org/	—	2018-10-23
hostname	win10.ipv6-microsoft.org	—	2018-10-23
URL	http://win10.ipv6-microsoft.org/	—	2018-10-23
URL	https://ipv6-microsoft.org/	—	2018-10-23
URL	http://ipv6-google.net/	—	2018-10-23
URL	https://kyivstar-ip.com/	—	2018-10-23
URL	http://ipv6-google.org/	—	2018-10-23
URL	https://ipv6-google.org/	—	2018-10-23
URL	http://microsoft-com-nsatc.org/	—	2018-10-23
URL	https://microsoft-nsatc.org/	—	2018-10-23
URL	http://ms-akadns.com/	—	2018-10-23
URL	https://ms-akadns.com/	—	2018-10-23
URL	http://ms-akadns.org/	—	2018-10-23
URL	https://ms-akadns.org/	—	2018-10-23
URL	http://news-liga.net/	—	2018-10-23
URL	http://newska-uanews.biz/	—	2018-10-23
URL	http://ns0-ukrpack.net/	—	2018-10-23
URL	http://nod-update.org/	—	2018-10-23
URL	http://ns0-volia.net/	—	2018-10-23
URL	https://ns0-volia.net/	—	2018-10-23
URL	http://ns1-datagroup.com/	—	2018-10-23
URL	https://ns1-datagroup.com/	—	2018-10-23
URL	http://ns1-volia.net/	—	2018-10-23
URL	https://ns1-volia.net/	—	2018-10-23
URL	http://ns2-datagroup.com/	—	2018-10-23
URL	https://ns2-datagroup.com/	—	2018-10-23
URL	http://ns2-ukrtel.com/	—	2018-10-23
URL	https://ns2-ukrtel.com/	—	2018-10-23
URL	http://obozrevatel-news.com/	—	2018-10-23
URL	http://paypal-com1.com/	—	2018-10-23
URL	https://paypal-com1.com/	—	2018-10-23
URL	http://officeclient-microsoft.com/	—	2018-10-23
URL	http://paypal-com2.com/	—	2018-10-23
URL	https://paypal-com2.com/	—	2018-10-23
URL	http://pppoe-kyivstar.com/	—	2018-10-23
URL	https://pppoe-kyivstar.com/	—	2018-10-23
URL	http://pppoe-ukrtel.com/	—	2018-10-23
URL	https://pppoe-ukrtel.com/	—	2018-10-23
URL	http://preview-msn.org/	—	2018-10-23
URL	http://redir-metaservices.org/	—	2018-10-23
URL	http://reports-telemetry-microsoft.com/	—	2018-10-23
URL	http://reports-telemetry-microsoft.com/rss.	—	2018-10-23
URL	http://reports-telemetry-microsoft.com/rss.php	—	2018-10-23
URL	http://rian-ua.org/	—	2018-10-23
URL	http://sandbox-cloudapp.com/	—	2018-10-23
URL	http://search-msn.net/	—	2018-10-23
URL	https://search-msn.org/	—	2018-10-23
URL	http://secure-telemetry.net/	—	2018-10-23
URL	http://secure-telemetry.org/	—	2018-10-23
URL	https://secure-telemetry.org/	—	2018-10-23
URL	http://sandbox-cloudapp.org/	—	2018-10-23
URL	https://sandbox-cloudapp.org/	—	2018-10-23
URL	http://segodnya-news.org/	—	2018-10-23
URL	https://services-glbdns2.com/	—	2018-10-23
URL	http://services-glbdns2.org/	—	2018-10-23
URL	https://services-glbdns2.org/	—	2018-10-23
URL	https://services-google.org/	—	2018-10-23
URL	http://serving-sys-windows.net/	—	2018-10-23
URL	https://serving-sys-windows.net/	—	2018-10-23
URL	https://social-msn.net/	—	2018-10-23
URL	http://ssw-live.org/	—	2018-10-23
FileHash-SHA256	5c258a7c7169cd4c70b328e0bc82a90cc97f6f3bc9b3a5a7b737ac863644904a	—	2018-10-23
URL	http://support-cloudapp.net/	—	2018-10-23
URL	http://support-microsoft.biz/	—	2018-10-23
URL	http://survey-microsoft.net/	—	2018-10-23
URL	https://survey-microsoft.net/	—	2018-10-23
FileHash-SHA256	25533fa5717c4558e1706baa035fbe33e1295c07c47e0efb4701c3461cadbb13	—	2018-10-23
URL	http://telecommand-microsoft.net/	—	2018-10-23
URL	http://telecommand-microsoft.net/o86ofnnsskopnaic8thcfgkroqid8sdlnz4rtoha3uga91ednridpgqgmob_fbu1mcz5xs3_un6bcxoquj1s3fuogh5znq4fmgqryeb3obz4pbh2xirb34zu3/	—	2018-10-23
URL	https://telecommand-microsoft.net/	—	2018-10-23
URL	http://uatimes-meta.biz/	—	2018-10-23
URL	http://ubr-news.org/	—	2018-10-23
URL	https://ui-skype.net/	—	2018-10-23
URL	http://unian-search.com/	—	2018-10-23
URL	http://win-msecnd.com/	—	2018-10-23
URL	http://win-msecnd.org/	—	2018-10-23
hostname	aaae.91.4035.l.reports.urs-microsoft.net	—	2018-10-23
hostname	reports.urs-microsoft.net	—	2018-10-23
hostname	t.4fhd23svjigogr2lm6e4nhsvs72pcwhnuj3ou6kfjzinvssogxhrlrk55urnlk.ri7odejku2d7kz4mz2mhfdcjijlff77xeu5zq6f3j2amoqonzcsi6johaujmrq.wszrcu6g75n57hkwg2f63gvtbrslfc5567t2taz7o3e.29.2546.y.reports.urs-microsoft.net	—	2018-10-23
hostname	toor.reports.urs-microsoft.net	—	2018-10-23
URL	http://aaae.91.4035.l.reports.urs-microsoft.net/	—	2018-10-23
URL	http://reports.urs-microsoft.net/	—	2018-10-23
URL	http://toor.reports.urs-microsoft.net/	—	2018-10-23
URL	http://urs-microsoft.net/	—	2018-10-23
URL	https://toor.reports.urs-microsoft.net/	—	2018-10-23
URL	http://win10-telemetry.net/	—	2018-10-23
URL	http://statototalitario.com/stub/index.php	—	2018-10-23
URL	http://t.4fhd23svjigogr2lm6e4nhsvs72pcwhnuj3ou6kfjzinvssogxhrlrk55urnlk.ri7odejku2d7kz4mz2mhfdcjijlff77xeu5zq6f3j2amoqonzcsi6johaujmrq.wszrcu6g75n57hkwg2f63gvtbrslfc5567t2taz7o3e.29.2546.y.reports.urs-microsoft.net/	—	2018-10-23
domain	24tv.agency	—	2018-10-23
domain	2mdns.org	—	2018-10-23
domain	a-msedge.org	—	2018-10-23
domain	ads1-msn.com	—	2018-10-23
domain	ads1-msn.net	—	2018-10-23
domain	akadns-ms.net	—	2018-10-23
domain	api-p001-1drv.com	—	2018-10-23
domain	apostrophe-news.biz	—	2018-10-23
domain	appex-bing.net	—	2018-10-23
domain	appex-bing.org	—	2018-10-23
domain	bigmir.email	—	2018-10-23
domain	blob-weather.com	—	2018-10-23
domain	cdn-onenote.net	—	2018-10-23
domain	censornews.org	—	2018-10-23
domain	client-googledns.com	—	2018-10-23
domain	cnn-metanews.biz	—	2018-10-23
domain	compatexchange-cloudapp.com	—	2018-10-23
domain	corpext-datamart.net	—	2018-10-23
domain	delometaua.biz	—	2018-10-23
domain	diagnostics-support-microsoft.net	—	2018-10-23
domain	diagnostics-support.com	—	2018-10-23
domain	dns-msftncsi.com	—	2018-10-23
domain	eizvestia-news.org	—	2018-10-23
domain	espreso.today	—	2018-10-23
domain	feedback-google.net	—	2018-10-23
domain	feedback-google.org	—	2018-10-23
domain	feedback-windows.com	—	2018-10-23
domain	feedback-windows.org	—	2018-10-23
domain	foxnewsmeta.biz	—	2018-10-23
domain	fwdcdn.org	—	2018-10-23
domain	gateway-telemetry.net	—	2018-10-23
domain	gateway-telemetry.org	—	2018-10-23
domain	gazetaua-news.org	—	2018-10-23
domain	gismeteo.city	—	2018-10-23
domain	img-s-msn-com-akamaized.net	—	2018-10-23
domain	interfax-globalnews.com	—	2018-10-23
domain	ipv4-microsoft.net	—	2018-10-23
domain	ipv4-microsoft.org	—	2018-10-23
domain	ipv6-google.net	—	2018-10-23
domain	ipv6-google.org	—	2018-10-23
domain	ipv6-microsoft.org	—	2018-10-23
domain	kyivstar-ip.com	—	2018-10-23
domain	ls2web-redmond-corp.com	—	2018-10-23
domain	microsoft-com-nsatc.org	—	2018-10-23
domain	microsoft-metaservices.com	—	2018-10-23
domain	microsoft-nsatc.org	—	2018-10-23
domain	ms-akadns.com	—	2018-10-23
domain	ms-akadns.org	—	2018-10-23
domain	news-liga.net	—	2018-10-23
domain	newska-uanews.biz	—	2018-10-23
domain	nod-update.org	—	2018-10-23
domain	ns0-ukrpack.net	—	2018-10-23
domain	ns0-volia.net	—	2018-10-23
domain	ns1-datagroup.com	—	2018-10-23
domain	ns1-datagroup.org	—	2018-10-23
domain	ns1-volia.net	—	2018-10-23
domain	ns2-datagroup.com	—	2018-10-23
domain	ns2-datagroup.org	—	2018-10-23
domain	ns2-ukrtel.com	—	2018-10-23
domain	ns3-datagroup.org	—	2018-10-23
domain	ns4-datagroup.org	—	2018-10-23
domain	obozrevatel-news.com	—	2018-10-23
domain	officeclient-microsoft.com	—	2018-10-23
domain	paypal-com1.com	—	2018-10-23
domain	paypal-com2.com	—	2018-10-23
domain	pppoe-infocom.com	—	2018-10-23
domain	pppoe-kyivstar.com	—	2018-10-23
domain	pppoe-ukrtel.com	—	2018-10-23
domain	preview-msn.org	—	2018-10-23
domain	redir-metaservices.com	—	2018-10-23
domain	redir-metaservices.org	—	2018-10-23
domain	reports-telemetry-microsoft.com	—	2018-10-23
domain	rian-ua.org	—	2018-10-23
domain	sandbox-cloudapp.com	—	2018-10-23
domain	sandbox-cloudapp.org	—	2018-10-23
domain	search-msn.net	—	2018-10-23
domain	search-msn.org	—	2018-10-23
domain	secure-telemetry.net	—	2018-10-23
domain	secure-telemetry.org	—	2018-10-23
domain	securenod32.com	—	2018-10-23
domain	segodnya-news.org	—	2018-10-23
domain	services-glbdns2.com	—	2018-10-23
domain	services-glbdns2.org	—	2018-10-23
domain	services-google.org	—	2018-10-23
domain	serving-sys-windows.net	—	2018-10-23
domain	serving-windows.net	—	2018-10-23
domain	social-msn.net	—	2018-10-23
domain	social-msn.org	—	2018-10-23
domain	ssw-live.org	—	2018-10-23
domain	statototalitario.com	—	2018-10-23
domain	support-cloudapp.net	—	2018-10-23
domain	support-microsoft.biz	—	2018-10-23
domain	survey-microsoft.net	—	2018-10-23
domain	telecommand-microsoft.net	—	2018-10-23
domain	telecommand-microsoft.org	—	2018-10-23
domain	telegraf-news.biz	—	2018-10-23
domain	telemetry-akadns.org	—	2018-10-23
domain	uatimes-meta.biz	—	2018-10-23
domain	ubr-news.org	—	2018-10-23
domain	ui-skype.net	—	2018-10-23
domain	ukrfreshnews.com	—	2018-10-23
domain	unian-search.com	—	2018-10-23
domain	urs-microsoft.net	—	2018-10-23
domain	watson-microsoft.org	—	2018-10-23
domain	win-msecnd.com	—	2018-10-23
domain	win-msecnd.org	—	2018-10-23
domain	win10-telemetry.net	—	2018-10-23
domain	cache-windows.org	—	2019-07-10
URL	http://cache-windows.org/rss.php	—	2019-07-10
FileHash-SHA256	b3cc3c26c1c0fb758145c2816e2f09ebae5d33d74693ef443660643d66e9f748	—	2019-07-10
domain	microscopic.tk	—	2019-07-19

References (1)

↗ https://docs.google.com/document/d/1oYX3uN6KxIX_StzTH0s0yFNNoHDnV8VgmVqU5WoeErc/edit#