otx.alienvault.com
Open in
urlscan Pro
99.86.4.45
Public Scan
URL:
https://otx.alienvault.com/pulse/63ee459cb11bc9b9cf1ba239
Submission: On February 16 via api from US — Scanned from DE
Submission: On February 16 via api from US — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
× * Browse * Scan Endpoints * Create Pulse * Submit Sample * API Integration * Login | Sign Up All * Login | Sign Up * Share Actions Subscribers (219175) Suggest Edit Clone Embed Download Report Spam THREAT ACTORS ABUSE CLOUD INFRASTRUCTURE IN TARGETED TELCO ATTACKS * Created 50 minutes ago by AlienVault * Public * TLP: White The threat actor behind WIP26 has been targeting telecommunication providers in the Middle East. WIP26 is characterized by the abuse of public Cloud infrastructure – Microsoft 365 Mail, Microsoft Azure, Google Firebase, and Dropbox – for malware delivery, data exfiltration, and C2 purposes. Reference: https://www.sentinelone.com/labs/wip26-espionage-threat-actors-abuse-cloud-infrastructure-in-targeted-telco-attacks/ Tags: wip26, cmd365, cobalt strike, google firebase, microsoft azure, dropbox, middle east, cmdember Industries: Critical Industries, Telecommunication Malware Families: Cobalt Strike , CMD365 , WIP26 Att&ck IDs: T1102 - Web Service , T1036 - Masquerading , T1106 - Native API , T1199 - Trusted Relationship , T1053 - Scheduled Task/Job , T1547 - Boot or Logon Autostart Execution , T1566 - Phishing , T1059 - Command and Scripting Interpreter , T1189 - Drive-by Compromise Endpoint Security Scan your endpoints for IOCs from this Pulse! Learn more * Indicators of Compromise (8) * Related Pulses (2) * Comments (0) * History (0) FileHash-MD5 (1)IPv4 (1)FileHash-SHA1 (5)FileHash-SHA256 (1) TYPES OF INDICATORS Germany (1) THREAT INFRASTRUCTURE Show 10 25 50 100 entries Search: type indicator Role title Added Active related Pulses IPv4193.29.56.122Feb 16, 2023, 3:02:53 PM6 FileHash-SHA25604e60a1a5033ef1531a1bbd6d73542f209a353a62e8e42df2c2256a8ea8a572bFeb 16, 2023, 3:02:53 PM2 FileHash-SHA1b8313a185528f7d4f62853a44b64c29621627ae7Feb 16, 2023, 3:02:53 PM2 FileHash-SHA1a7bd58c86cf6e7436cece692da8f78ceb7ba56a0Feb 16, 2023, 3:02:53 PM2 FileHash-SHA18b95902b2c444bcdccb8a481159612777f82bad1Feb 16, 2023, 3:02:53 PM2 FileHash-SHA16b5f7659ce48ff48f6f276dc532cd458bf15164cFeb 16, 2023, 3:02:53 PM2 FileHash-SHA13e10a3a2be17dcf8e79e658f7443f6c3c51f8803Feb 16, 2023, 3:02:53 PM2 FileHash-MD52b46959ebb92a866beda61e08796224eFeb 16, 2023, 3:02:53 PM2 SHOWING 1 TO 8 OF 8 ENTRIES COMMENTS You must be logged in to leave a comment. Refresh Comments * © Copyright 2023 AlienVault, Inc. * Legal * Status