#1243063: DarkHydrus is launching attacks to targets in Middle East -Additional IOCs

Description: References:
https://twitter.com/360TIC/status/1083289987339042817
https://twitter.com/_jsoo_/status/1083383035435700225

First Aid: IOCs:

domain 0ffice365.agency 2
domain 0ffice365.life 2
domain 0ffice365.services 2
domain 0nedrive.agency 1
FileHash-SHA256 513813af1590bc9edeb91845b454d42bbce6a5e2d43a9b0afa7692e4e500b4c8 0
FileHash-SHA1 524f2c9f62703027b1ebbf1fc16a4a7506d6ff20 0
FileHash-MD5 5c3f96ade0ea67eef9d25161c64e6f3e 0
domain akamaiedge.live 1
domain akamaized.live 1
domain akdns.live 1
domain corewindows.agency 1
domain edgekey.live 1
URL http://akamaiedge.live 0
URL http://akamaized.live 0
URL http://akdns.live 0
URL http://edgekey.live 0
URL http://trafficmanager.live 0
domain microsoftonline.agency 1
domain onedrive.agency 0
domain sharepoint.agency 0
domain skydrive.agency 0
domain skydrive.services 0
domain trafficmanager.live
More info: https://otx.alienvault.com/pulse/5c371c31f470c76091f7577f

Date added Jan. 10, 2019, 11:18 p.m.
Source AlienVault
Subjects
  • All New Malware Alerts - New Reports / IOCs in
  • . APTs - Advanced Persistent Threats - New Reports in
  • . APTs - Iran - New Reports in
  • Iran - DarkHydrus / CopyKittens / Copy kittens Attack Group / Operation Wilted Tulip / Also Rocket Kittens