#1254714: Iranian APT MuddyWater Attack Infrastructure Targeting Kurdish Political Groups and Organizations in Turkey - Additional IOCs

Description: In ClearSkys ongoing investigations of Iranian APTs, they recently detected additional documents related to previously attack infrastructures used by the Iranian APT – “MuddyWater”, which we reported on in late November 2018.

Reference:
https://www.clearskysec.com/muddywater-targets-kurdish-groups-turkish-orgs/
First Aid: IOCs:

FileHash-SHA256 062a8728e7fcf2ff453efc56da60631c738d9cd6853d8701818f18a4e77f8717 0
FileHash-MD5 0638adf8fb4095d60fbef190a759aa9e 0
FileHash-MD5 09aabd2613d339d90ddbd4b7c09195a9 4
FileHash-SHA256 0d3e0c26f7f53dff444a37758b414720286f92da55e33ca0e69edc3c7f040ce2 1
FileHash-MD5 21aebece73549b3c4355a6060df410e9 1
FileHash-MD5 2b938a9b20e7abcadd28a0f461a4e5d8 0
FileHash-SHA1 34bfdae99838f048d9950614d338ec06653eacee 0
FileHash-SHA256 4dd641df0f47cb7655032113343d53c0e7180d42e3549d08eb7cb83296b22f60 0
FileHash-MD5 5c1af7d3dbb9bc455b793f1e3e0b2554 1
FileHash-MD5 5c6148619abb10bb3789dcfb32f759a6 1
FileHash-SHA1 6d0050f16c61cf1584bdfd6ab891d5b9d4d6bbf3 0
FileHash-SHA256 6f882cc0cddd03bc123c8544c4b1c8b9267f4143936964a128aa63762e582aad 0
FileHash-MD5 76f6c0bf075f9ae02a9a9e08cce1297d 1
FileHash-SHA1 78c1279f80c76d12debf9e875d14b4788bd88a39 0
FileHash-SHA256 7b4da8f9ffa435c689923b7245133ee032f99fcd841516f2e2275fb4b76d28f9 0
FileHash-MD5 8a004e93d7ee3b26d94156768bc0839d 0
FileHash-MD5 8a7b2167c14a0158b3e9a43453a3e8f3 1
FileHash-SHA1 9732cf8c9e84e992d8856537dc5988371bb73f7c 1
FileHash-MD5 a066f5b93f4ac85e9adfe5ff3b10bc28 0
FileHash-SHA256 a3bb6b3872dd7f0812231a480881d4d818d2dea7d2c8baed858b20cb318da981 1
FileHash-SHA1 b604dd6517dfd0df72e52ebc3f92da699c1396cd 1
FileHash-SHA256 bef9051bb6e85d94c4cfc4e03359b31584be027e87758483e3b1e65d389483e6 1
FileHash-SHA256 c25eeac6044dbc87c37063a9c6ed80c73966e41d50fc96065c2793fbf841ef3c 0
FileHash-MD5 c8b271efec98e83a343933a32eff30d5 0
FileHash-SHA1 cc183b583d24147766533876d9b9b54b6f1f4aaf 0
FileHash-MD5 cfa845995b851aacdf40b8e6a5b87ba7 1
FileHash-MD5 d4de6b8ffcd878359315594515dd33c0 0
FileHash-SHA1 dbab599d65a65976e68764b421320ab5af60236f 1
FileHash-MD5 eed599981c097944fa143e7d7f7e17b1 1
FileHash-MD5 f12bab5541a7d8ef4bbca81f6fc835a3 1
URL http://46.105.84.146:443/WordOffice.jpg
More info: https://otx.alienvault.com/pulse/5cb4b3944f62ba0873339ee1?utm_medium=InProduct&utm_source=OTX&utm_content=Email&utm_campaign=new_pulse_from_subscribed

Date added April 15, 2019, 9:15 p.m.
Source AlienVault
Subjects
  • All New Malware or Attack Alerts - New Reports / IOCs in
  • . APTs - Advanced Persistent Threats - New Reports in
  • . APTs - Iran - New Reports in
  • Iran - MuddyWater / MuddyWaters / Muddy Waters / PowerStats APT / TEMP.Zagros / PRB-Backdoor / Seedworm / BlackWater / sewage / T-APT-14
  • News Turkey