Source |
AlienVault Lab Blog |
Identifiant |
761751 |
Date de publication |
2018-08-01 13:00:00 (vue: 2018-08-01 15:02:38) |
Titre |
Off-the-shelf RATs Targeting Pakistan |
Texte |
Introduction
We’ve identified a number of spear phishing campaigns with Pakistani themed documents, likely targeting the region. These spear phishing emails use a mix of different openly available malware and document exploits for delivery. These are served from the compromised domains www.serrurier-secours[.]be and careers.fwo.com[.]pk (a part of the Pakistani army). There are some clear trends in the themes of the decoy documents the attackers chose to include with file names such as:
China-Pakistan-Internet-Security-LAW_2017.doc
Strategic Thinking on Ensuring Ideological.docx
Fazaia_Housing_Scheme_Notice_Inviting_Tenders.doc
PAFs first multinational air exercise ACES Meet 2017 concludes in Pakistan.doc
IDUF-01.doc
Pakistan Air Force Jet Crashes During Routine Operation
Sales_Tax.doc
Hajj Policy and Plan 2017.doc
|
Envoyé |
Oui |
Condensat |
$s1 $s2 $s3 $s4 $s5 $s6 condition: meta: strings: /china /fazaia /hajj /paf /pakistan /pan> /sales 027e4c6c51e315f0e49f3644af08479303a747ed55ecba5aa0ae75c27cd6efeb 0x0 0x5a4d 20& 2017 2018/07/10 202017 20aces 20air 20and 20concludes 20crashes 20during 20exercise 20first 20force 20in 20jet 20meet 20multinational 20operation 20pakistan 20plan 20policy 20routine 20tax 99s ascii atomic author be/ com comission commission copy date description dll doc docx domains donorthread dropped edu end energy escalateprivilegesold escalateprivilegeswow escalatethread exe exploittagmenustate filesize fullword fwo hash housing http://careers http://sandipuniversity http://www https://www ignorelist in/list/87 internet inviting jose law martin notice off pakistan pakistani pk/css/microsoftdm pk/css/printer rats rule scheme secours security serrurier shelf spearphishing start targeting tenders uint16 yara |
Tags |
|
Stories |
APT 28
|
Notes |
|
Move |
|