#1243063: DarkHydrus is launching attacks to targets in Middle East -Additional IOCs

Description: References:
https://twitter.com/360TIC/status/1083289987339042817
https://twitter.com/_jsoo_/status/1083383035435700225

First Aid: IOCs: domain 0ffice365.agency 2 domain 0ffice365.life 2 domain 0ffice365.services 2 domain 0nedrive.agency 1 FileHash-SHA256 513813af1590bc9edeb91845b454d42bbce6a5e2d43a9b0afa7692e4e500b4c8 0 FileHash-SHA1 524f2c9f62703027b1ebbf1fc16a4a7506d6ff20 0 FileHash-MD5 5c3f96ade0ea67eef9d25161c64e6f3e 0 domain akamaiedge.live 1 domain akamaized.live 1 domain akdns.live 1 domain corewindows.agency 1 domain edgekey.live 1 URL http://akamaiedge.live 0 URL http://akamaized.live 0 URL http://akdns.live 0 URL http://edgekey.live 0 URL http://trafficmanager.live 0 domain microsoftonline.agency 1 domain onedrive.agency 0 domain sharepoint.agency 0 domain skydrive.agency 0 domain skydrive.services 0 domain trafficmanager.live
More info: https://otx.alienvault.com/pulse/5c371c31f470c76091f7577f

Date added Jan. 10, 2019, 11:18 p.m.
Source AlienVault
Subjects
  • All New Malware Alerts - New Reports / IOCs in
  • . APTs - Advanced Persistent Threats - New Reports in
  • . APTs - Iran - New Reports in
  • Iran - DarkHydrus / CopyKittens / Copy kittens Attack Group / Operation Wilted Tulip / Also Rocket Kittens