#1250783: Attacker Tracking Users Seeking Pakistani Passport - Additional IOCs

Description: A few days ago we encountered a breach on a Pakistani government site which was compromised to deliver a dangerous payload- the Scanbox Framework. This compromise is exactly the kind of attack we were concerned about when discussing the danger in a previous compromise that we uncovered just a few weeks ago against another government site, at that time the Bangladesh Embassy in Cairo.
Reference:
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/attacker-tracking-users-seeking-pakistani-passport/
First Aid: IOCs:

IPv4 185.236.76.35 6
URL http://185.236.76.35/ 0
URL http://185.236.76.35/i 0
URL http://185.236.76.35/i/?1 0
URL http://185.236.76.35/i/recv.php
More info: https://otx.alienvault.com/pulse/5c8a84f95dfe8837293bc33a

Date added March 14, 2019, 9:58 p.m.
Source AlienVault
Subjects
  • All New Malware Alerts - New Reports / IOCs in
  • . APTs - Advanced Persistent Threats - New Reports in
  • . APTs - China - New Reports in
  • China - ScanBox reconnaissance framework - Possibly Related to APT10 -Stone Panda / Lucky Mouse