← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
OVERRULED: Containing a Potentially Destructive Adversary
WHITE APT33 AlienVault 2018-12-21 Modified: 2019-01-17
47
IOCs
MEDIUM VOLUME
FireEye assesses APT33 may be behind a series of intrusions and attempted intrusions within the engineering industry. Public reporting indicates this activity may be related to recent destructive attacks. FireEye's Managed Defense has responded to and contained numerous intrusions that we assess are related. The actor is leveraging publicly available tools in early phases of the intrusion; however, we have observed them transition to custom implants in later stage activity in an attempt to circumvent our detection.
poshc2outlookapt33powertonpowershellofficeoffice365energymimikatzaerospacefireeye
Indicators of Compromise (47)
All YARA domain URL FileHash-MD5 CVE
TYPEINDICATORDESCRIPTIONCREATED
YARA 00f84bb02d712a7b97fefa5be42eedaeb52f3df6 2018-12-21
domain basepack.org 2018-12-21
domain staffmusic.org 2018-12-21
URL http://103.236.149.124/delivered.dat 2018-12-21
URL http://5.79.66.241/index.html 2018-12-21
URL http://89.45.35.235/index.html 2018-12-21
URL http://91.235.116.212/index.html 2018-12-21
URL https://103.236.149.100/api/info 2018-12-21
URL https://185.161.209.172/api/default 2018-12-21
URL https://185.161.209.172/api/info 2018-12-21
URL https://51.254.71.223/images/static/content/ 2018-12-21
URL https://85.206.161.216:8080/HomePage.htm 2018-12-21
URL https://staffmusic.org/transfer/view 2018-12-21
FileHash-MD5 0564706ec38d15e981f71eaf474d0ab8 2018-12-21
FileHash-MD5 129c296c363b6d9da0102aa03878ca7f 2018-12-21
FileHash-MD5 17587668ac577fce0b278420b8eb72ac 2018-12-21
FileHash-MD5 2cd286711151efb61a15e2e11736d7d2 2018-12-21
FileHash-MD5 3871aac486ba79215f2155f32d581dc2 2018-12-21
FileHash-MD5 4047e238bbcec147f8b97d849ef40ce5 2018-12-21
FileHash-MD5 46038aa5b21b940099b0db413fa62687 2018-12-21
FileHash-MD5 48d1ed9870ed40c224e50a11bf3523f8 2018-12-21
FileHash-MD5 4aca006b9afe85b1f11314b39ee270f7 2018-12-21
FileHash-MD5 4b19bccc25750f49c2c1bb462509f84e 2018-12-21
FileHash-MD5 506fe019d48ff23fac8ae3b6dd754f6e 2018-12-21
FileHash-MD5 53ae59ed03fa5df3bf738bc0775a91d9 2018-12-21
FileHash-MD5 56f5891f065494fdbb2693cfc9bce9ae 2018-12-21
FileHash-MD5 5832f708fd860c88cbdc088acecec4ea 2018-12-21
FileHash-MD5 5a66480e100d4f14e12fceb60e91371d 2018-12-21
FileHash-MD5 75e680d5fddbdb989812c7ba83e7c425 2018-12-21
FileHash-MD5 7f4f7e307a11f121d8659ca98bc8ba56 2018-12-21
FileHash-MD5 8a99624d224ab3378598b9895660c890 2018-12-21
FileHash-MD5 8be06571e915ae3f76901d52068e3498 2018-12-21
FileHash-MD5 8d3fe1973183e1d3b0dbec31be8ee9dd 2018-12-21
FileHash-MD5 94cd86a0a4d747472c2b3f1bc3279d77 2018-12-21
FileHash-MD5 95f3bea43338addc1ad951cd2d42eb6f 2018-12-21
FileHash-MD5 974b999186ff434bee3ab6d61411731f 2018-12-21
FileHash-MD5 99649d58c0d502b2dfada02124b1504c 2018-12-21
FileHash-MD5 bd80fcf5e70a0677ba94b3f7c011440e 2018-12-21
FileHash-MD5 c326f156657d1c41a9c387415bf779d4 2018-12-21
FileHash-MD5 c38069d0bc79acdc28af3820c1123e53 2018-12-21
FileHash-MD5 e2d60bb6e3e67591e13b6a8178d89736 2018-12-21
FileHash-MD5 f0fe6e9dde998907af76d91ba8f68a05 2018-12-21
FileHash-MD5 f5ac89d406e698e169ba34fea59a780e 2018-12-21
FileHash-MD5 fa7790abe9ee40556fb3c5524388de0b 2018-12-21
FileHash-MD5 fca0ad319bf8e63431eb468603d50eff 2018-12-21
CVE CVE-2017-11774 2018-12-21
CVE CVE-2017-0213 2018-12-21
References (1)
↗ https://www.fireeye.com/blog/threat-research/2018/12/overruled-containing-a-potentially-destructive-adversary.html