Pulse Detail — Threat Intelligence

PULSE NAME

Hacking stemming from malicious DGA Insurance domains under Cisco Umbrella

WHITE scoreblue 2023-10-29 Modified: 2023-11-27

13527

IOCs

HIGH VOLUME

Extremely strange & disturbing report. A disruption at root of Cisco hack may be linked to a matrix of DGA insurance domains. AIG.com. Unclear validity. Spoof Domain, a tool AIG uses? Targets Tsara Brashears. Tulach unlikely a person more likely a profile accessed by entities. Rogue attornoes, etc. Large smear campaign wild cover up including death threats. Reports assert target's been harassed & harmed for years. Is this a cybercrime? Example of malicious tools deployed against innocents. Missing STSH Verdict: Concerning potential for physical harm to Target or associates Why: Avoid lawsuit and press / reputation Who: ? IP: 167.230.100.44 Host: am1mxi05.aig.com Registrar: CSC CORPORATE DOMAINS, INC. Creation date: 28 years ago

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1566 T1027 T1059.007 T1071 T1071.001 T1071.004 T1071.003 T1071.002 T1041 T1001.003 T1068 TA0004 T1105 T1114 T1497 T1497.002 TA0011 T1491 T1001 T1449 TA0001 T1523 T1445 T1453 T1548 T1046 T1035 T1563 T1415 T1184 T1134.001 T1056.001 T1583.005 T1584.005 T1114.002 T1210 T1410 T1140

MALWARE FAMILIES

Chinese Looquer Inmortal Domains WebToolbar Maltiverse Mimikatz HiddenTear Neurovt Ransomexx TrojanSpy TrojanX Emotet Nymaim Mirai Tofsee Sibot AZORult Trojan:Win32/InstallCore Yixun GoldFinder GoldMax - S0588 DUCKTAIL Artemis GandCrab Ransomware BlackNET Raccoon Stealer Skynet OpenCandy FireHOL HackTool.BruteForce HackTool.CheatEngine HackTool NanoCore Immortal Stealer WebToolBar

Indicators of Compromise (6 / 13527 total)

All URL FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain hostname CVE email CIDR

TYPE	INDICATOR	DESCRIPTION	CREATED
CVE	CVE-2016-7255	—	2023-10-29
CVE	CVE-2017-11882	—	2023-10-29
CVE	CVE-2017-8570	—	2023-10-29
CVE	CVE-2018-0802	—	2023-10-29
CVE	CVE-2017-17215	—	2023-10-29
CVE	CVE-2017-0147	—	2023-10-29