Multi-Stage Spear Phishing Attack Traced to Iran: TEMP.Zagros in Action
- Actor Motivations: Espionage
- Attack Vectors: Backdoor,Malicious Macro,Spear Phishing
- Attack Complexity: Medium
- Threat Risk: High Impact/High Probability
Threat Overview
The Iran-affiliated threat actor, TEMP.Zagros, orchestrated a spear-phishing campaign from January to March 2018, primarily targeting individuals across Turkey, Pakistan, Tajikistan, and India. This actor leveraged malicious macro-based documents with geopolitical themes to install the POWERSTATS backdoor on victims' systems. The campaign exhibited evolving tactics over time, employing both VBS files and INF/SCT files to indirectly execute PowerShell commands. The installed malware demonstrated a range of functionalities, from system data extraction and screenshot capture to checks for security tools and remote command execution.
Detected Targets
| Type | Description | Confidence |
|---|---|---|
| Case | Institute for Development and Research in Banking Technology The Institute for Development & Research in Banking Technology is an engineering training institution exclusively focused on banking technology. Established by the Reserve Bank of India in 1996, the institution works at the intersection of banking and technology. It is located in Hyderabad, India. Institute for Development and Research in Banking Technology has been targeted by TEMP.Zagros with abusive purposes. | High |
| Case | National Assembly of Pakistan The National Assembly of Pakistan is the lower legislative house of the bicameral Parliament of Pakistan, which also comprises the Senate of Pakistan. The National Assembly and the Senate both convene at Parliament House in Islamabad, the capital of Pakistan. National Assembly of Pakistan has been targeted by TEMP.Zagros with abusive purposes. | High |
| Case | Tajikistan Ministry of Internal Affairs The Ministry of Internal Affairs, also called the Ministry of the Interior, abbreviated VKD, is the interior ministry of the government of Tajikistan. It oversees the Presidential National Guard and the Internal Troops. Tajikistan Ministry of Internal Affairs has been targeted by TEMP.Zagros with abusive purposes. | High |
| Case | Turkish Armed Forces The Turkish Armed Forces are the military forces of the Republic of Turkey. The Turkish Armed Forces consist of the General Staff, the Land Forces, the Naval Forces and the Air Forces. The current Chief of the General Staff is General Yaşar Güler. The Chief of the General Staff is the Commander of the Armed Forces. Turkish Armed Forces has been targeted by TEMP.Zagros with abusive purposes. | High |
| Sector | Defense | Verified |
| Sector | Government Agencies and Services | High |
| Region | India | Verified |
| Region | Pakistan | Verified |
| Region | Tajikistan | Verified |
| Region | Turkey | Verified |
Extracted IOCs
- abrahamseed.co[.]za
- absfinancialplanning.co[.]za
- advocatetn[.]com
- agapeencounter[.]org
- agencereferencement[.]be
- agencijazemil[.]com
- agiledepot[.]com
- agricolavicuna[.]cl
- agropecuariavilarica.com[.]br
- aguasdecastilla[.]com
- agylub[.]com
- ahc.me[.]uk
- ahelicoptermom[.]com
- ahero-resource-center[.]org
- ahmadhasanat[.]com
- aianalytics[.]ie
- aiko[.]pro
- aileeshop[.]com
- aiofotoevideo[.]com
- aipa[.]ca
- airesis[.]blog
- airfanhydro[.]net
- airminumtiro[.]com
- al3abflash[.]biz
- alainsaffel[.]com
- alanrori[.]com
- alaskamaterials[.]com
- alaskanharvestseafood[.]com
- alayhamtechnologies[.]com
- albertaedmonton[.]com
- albousala[.]com
- alcafricandatalab[.]com
- alcafricanos[.]com
- alcatrazmoon[.]com
- alceharfield[.]com
- alcfm[.]net
- alchamel[.]info
- alchamelup[.]org
- alchemistasonida[.]com
- alchimiegrafiche[.]net
- alecattic[.]com
- aleenasgiftbox[.]com
- aleksicdunja[.]com
- alemaohost[.]com
- aleoestudio[.]com
- alephit2[.]biz
- alessandroalessandrini[.]it
- alessandrofoglino[.]com
- alexanderbecker[.]net
- alexcelts[.]com
- alexelgy[.]com
- alex-frost[.]com
- alexrocchi[.]com
- alfatek-intelligence[.]com
- alfredocifuentes[.]com
- algarvesup[.]com
- algihad[.]com
- alhidayahfoundation.co[.]uk
- aliart[.]nl
- alisabyfinna[.]com
- alisimple[.]si
- alissanicolai[.]com
- aljaadi[.]com
- alkousy[.]com
- all2wedding[.]com
- allaboutblockchain[.]net
- allday[.]gr
- alldomains-crm[.]com
- allegiancesecurity[.]org
- allianz.com[.]pe
- allisonplumbing[.]com
- allmantravel[.]com
- all-reseller[.]com
- allsporthealthandfitness[.]com
- allthat[.]social
- allusdoctors[.]com
- almatours[.]gr
- almeriahotelja[.]com
- almokan[.]net
- al-mostakbl[.]com
- alnahdatraining[.]com
- alnuzha[.]org
- aloefly[.]net
- alorabrownies[.]com
- alphabee[.]fund
- alphainvestors.com[.]au
- alphaobring[.]com
- alphasalesrecruitment[.]com
- alphawaves[.]org
- alsharhanstore[.]com
- altcoinaddict[.]com
- alterwebhost[.]com
- althurayaa[.]com
- altosdefontana[.]com
- altrablog[.]com
- alwahahweb[.]com
- alwake3press[.]com
- always-beauty[.]ch
- alxcorp[.]com
- amari[.]ro
- amatikulutours[.]com
- amazethings[.]com
- amazingashwini[.]com
- amazingenergysavings[.]net
- ambiances-toiles[.]fr
- ambulatorioveterinariocalusco[.]com
- ambyenta[.]hr
- americabr.com[.]br
- americanbrasil.com[.]br
- americanlegacies[.]org
- americanwestmedia[.]com
- amesoulcoaching[.]com
- amiehepperlin[.]com
- amiici[.]vision
- aminearserver[.]es
- amirmenahem[.]com
- amishcountryfurnishings[.]com
- amofoundation[.]org
- amooy[.]com
- amor-clubhotels[.]com
- amordegato[.]es
- ampli5yd[.]com
- ampvita[.]com
- amruthavana[.]com
- anahera[.]biz
- analternatif[.]com
- analystcnwang[.]com
- analyticalfootball[.]com
- anastasovsworkshop[.]com
- anbinni[.]ba
- ancient-wisdoms[.]com
- andihaas[.]at
- andrasadam[.]com
- andrespazsoldan[.]com
- andrewfinnburhoe[.]com
- andrewsbisom[.]com
- andrew-snyder[.]net
- androidphonetips[.]com
- anet-international-group[.]com
- angar68[.]com
- angel-blanco[.]net
- angel-seeds.com[.]ua
- angelsongroup[.]com
- anglero[.]com
- angloglot[.]com
- aniljoseph[.]com
- animationpulse[.]net
- animationshowreel.co[.]il
- animeok.co[.]il
- aniroleplay[.]net
- annabelle[.]nl
- annaplebanek[.]com
- anngrigphoto[.]com
- annodle[.]com
- anotherdayinparadise[.]ca
- anotherpartofme[.]com
- anthaigroup[.]vn
- antjetaubert[.]de
- antonhirvonen[.]com
- antrismode[.]com
- antucomp[.]com
- anubandh[.]in
- anuragcreatives[.]com
- anxiousandunstoppable[.]com
- anyeva[.]com
- anythinglah[.]info
- apalawyers[.]pt
- aperta-armis[.]org
- apiiination[.]com
- apironco[.]com
- apobiomedix[.]ca
- apollonweb[.]com
- apppriori[.]com
- appsvoice[.]info
- aqarco[.]com
- aquabsafe[.]com
- aquaneeka.co[.]uk
- aquo[.]in
- arabellajo[.]com
- arabsdeals[.]com
- arbeidsrechtcentrum[.]nl
- arbruisseau[.]com
- arbulario[.]com
- archiotronic[.]com
- architectsinc[.]net
- archwaycarpetscrm.co[.]uk
- arc-sec[.]net
- arctistrade[.]de
- arestihome[.]com
- arhiepiscopiabucurestilor[.]ro
- ar-rihla[.]com
- asgen[.]org
- bakron.co[.]za
- balaateen.co[.]za
- bc-u.co[.]uk
- beehiveholdingszar.co[.]za
- beesrenovations.co[.]za
- benonicoc.co[.]za
- berped.co[.]za
- best-digital-slr-cameras[.]com
- bestencouragementwords[.]com
- bios-chip.co[.]za
- blackthorn.co[.]za
- boardaffairs[.]com
- breastfeedingbra.co[.]za
- broken-arrow.co[.]za
- buboobioinnovations.co[.]za
- burgercoetzeeattorneys.co[.]za
- cafawelding.co[.]za
- capetownway.co[.]za
- capewindstrading.co[.]za
- capitalradiopetition.co[.]za
- capriflower.co[.]za
- carlagrobler.co[.]za
- cashforyousa.co[.]za
- cazochem.co[.]za
- cdxtrading.co[.]za
- centuriongsd.co[.]za
- centuryacademy.co[.]za
- ceramica.co[.]za
- charispaarl.co[.]za
- charliewestsecurity.co[.]za
- chinamall.co[.]za
- chrisdejager-attorneys.co[.]za
- chrishanicdc[.]org
- clandecor.co[.]za
- clientcare.co[.]ls
- cloudhostdesign[.]com
- cloudhub.co[.]ls
- cmhts.co[.]za
- colenesphotography.co[.]za
- comfortex.co[.]za
- comsip.org[.]mw
- courtesydriving.co[.]za
- crystaltidings.co[.]za
- cupboardcure.co[.]za
- debnoch[.]com
- deepgraphics.co[.]za
- delcom.co[.]za
- delectronics.com[.]pk
- desirablehair.co[.]za
- dianakleyn.co[.]za
- diegemmerkat.co[.]za
- digitalblue.co[.]za
- digital-cameras-south-africa.co[.]za
- dnsarabia[.]com
- domesticguardians.co[.]za
- dpscdgkhan.edu[.]pk
- eastrandmotorlab.co[.]za
- ecs-consult[.]com
- edgeforensic.co[.]za
- edgesecurity.co[.]za
- ednpk[.]com
- embali.co[.]za
- emware.co[.]za
- entracorntrading.co[.]za
- erniecommunications.co[.]za
- evansmokaba[.]com
- experttutors.co[.]za
- fbrvolume.co[.]za
- fccorp.co[.]za
- fickstarelectrical.co[.]za
- findinfo-more[.]com
- firstchoiceproperties.co[.]za
- fragranceoil.co[.]za
- fsproperties.co[.]za
- funeralbusinesssolution[.]com
- funisalodge.co[.]za
- ganitis[.]gr
- geetransfers.co[.]za
- genesisbs.co[.]za
- getabletravel.co[.]za
- get-paid-for-online-survey[.]com
- gideonitesprojects[.]com
- glenbridge.co[.]za
- glgroup.co[.]za
- globalelectricalandconstruction.co[.]za
- goldeninstitute.co[.]za
- greenacrestf.co[.]za
- gsnconsulting.co[.]za
- gvs.com[.]pk
- habibtextiles[.]pk
- hartenboswaterpark.co[.]za
- havilahglo.co[.]za
- h-dubepromotions.co[.]za
- heritagetravelmw[.]com
- hesterwebber.co[.]za
- highschoolsuperstar.co[.]za
- hisandherskennels.co[.]za
- hjb-racing.co[.]za
- hmholdings360.co[.]za
- host4unix[.]net
- h-u-i.co[.]za
- hybridauto.co[.]za
- iggleconsulting[.]com
- iiee.edu[.]pk
- iinvest4u.co[.]za
- immaculatepainters.co[.]za
- in2accounting.co[.]za
- incoso.co[.]za
- indiba-africa.co[.]za
- indlovusecurity.co[.]za
- indocraft.co[.]za
- insta-art.co[.]za
- intelligentprotection.co[.]za
- interafricaconsulting[.]com
- investaholdings.co[.]za
- iqra.co[.]za
- irshadfoundation.co[.]za
- isibaniedu.co[.]za
- isound.co[.]za
- itengineering.co[.]za
- jakobieducation.co[.]za
- jdcorporate.co[.]za
- jeanetteproperties.co[.]za
- jhphotoedits.co[.]za
- juniorad.co[.]za
- jvpsfunerals.co[.]za
- jwseshowe.co[.]za
- ladiescircle.co[.]za
- ldams.org[.]ls
- lensofafrica.co[.]za
- lppaportal.org[.]ls
- luxconprojects.co[.]za
- menaboracks.co[.]za
- mgamule.co[.]za
- mmetl.co[.]za
- mokorotlocorporate[.]com
- molepetravel.co[.]ls
- muallematsela[.]com
- oftheearthphotography[.]com
- passright.co[.]za
- printernet.co[.]za
- proeventsports.co[.]za
- promechtransport.co[.]za
- rma-law.co[.]za
- ryanchristiefurniture.co[.]za
- sefikengfarm.co[.]ls
- seismicfactory.co[.]za
- servicebox.co[.]za
- signsoftime.co[.]za
- skhaleni.co[.]za
- sullivanprimary.co[.]za
- tcpbereka.co[.]za
- thecompasssolutions.co[.]za
- themotoringcalendar.co[.]za
- verifiedseller.co[.]za
- visionclinic.co[.]ls
- vumavaluations.co[.]za
- willpowerpos.co[.]za
- winagainstebola[.]com
- africanpixels.zar[.]cc
- am1int.fcomet[.]com
- www.acer-parts.co[.]za
- www.agencesylvieleclerc[.]com
- www.agenceuhd[.]com
- www.agirlgonewine[.]com
- www.aircafe24[.]com
- www.air-mag[.]ro
- www.airporttaxi-uk.co[.]uk
- www.alakml[.]com
- www.albertamechanical[.]ca
- www.albertaprimebeef[.]com
- www.alcalumni[.]com
- www.alessioborzuola[.]com
- www.alestilorachel[.]com
- www.alexanderhomestead[.]com
- www.alexandrasternin[.]com
- www.alexjeffersonconsulting[.]com
- www.alexponcet[.]com
- www.alfransia[.]com
- www.alfredoposada[.]com
- www.algom-law[.]com
- www.aliandconsulting[.]com
- www.alinn-u-yin[.]com
- www.allbuyer.co[.]uk
- www.allcopytoners[.]com
- www.allin-chain[.]com
- www.allstylus.com[.]br
- www.allwestdental[.]com
- www.almaarefut[.]com
- www.alpacal[.]com
- www.alphapixa[.]com
- www.altaica[.]ca
- www.alteaparadise[.]com
- www.alvarezarquitectos[.]com
- www.amateurastronomy[.]org
- www.amazingbuyrd[.]com
- www.ambientproperty[.]com
- www.amerindgen[.]com
- www.amexcars[.]info
- www.amighini[.]it
- www.amika[.]hr
- www.amjobs.co[.]uk
- www.amphibiblechurch[.]com
- www.anatapackaging[.]com
- www.ancamamara[.]com
- www.andreabelfi[.]com
- www.androidwikihow[.]com
- www.angelesrevista[.]com
- www.animationinisrael[.]org
- www.antc[.]ch
- www.antigonisworld[.]com
- www.antirughenaturale[.]com
- www.antoanetapalikarska[.]com
- www.antojoentucocina[.]com
- www.apliety.co[.]il
- www.apmequestrian[.]com
- www.appster[.]it
- www.aprendiendoencasa[.]com
- www.aptibet[.]org
- www.arabgamenetwork[.]com
- www.arabiccasinochoice[.]com
- www.ariehandomri[.]com
- www.bashancorp.co[.]za
- www.bestdecorativemirrors[.]com
- www.bitp.co[.]za
- www.britishasia-equip.co[.]uk
- www.buhlebayoacademy[.]com
- www.buraqlubricant[.]com
- www.cartridgecave.co[.]za
- www.centreforgovernance[.]uk
- www.crissamconsulting.co[.]za
- www.daleth.co[.]za
- www.digitalmedia.co[.]za
- www.dingaanassociates.co[.]za
- www.dopetroleum[.]com
- www.duotonedigital.co[.]za
- www.dws-gov.co[.]za
- www.easy-home-sales.co[.]za
- www.edesignz.co[.]za
- www.eloquent.co[.]za
- www.engeltjieakademie.co[.]za
- www.fun4kidz.co[.]za
- www.galwayprimary.co[.]za
- www.generictoners.co[.]za
- www.getcord.co[.]za
- www.gilforsenate[.]com
- www.gsmmid[.]com
- www.harmonyguesthouse.co[.]za
- www.hfhl.org[.]ls
- www.humorcarbons[.]com
- www.iancullen.co[.]za
- www.icsswaziland[.]com
- www.ihlosiqs-pm.co[.]za
- www.infratechconsulting[.]com
- www.khotsonglodge.co[.]ls
- www.loansonhomes.co[.]za
- www.m-3.co[.]za
- www.malboer.co[.]za
- www.mikimaths[.]com
- www.rejoicetheatre[.]com
- www.tanati.co[.]za
- www.tonaro.co[.]za
- 009cc0f34f60467552ef79c3892c501043c972be55fe936efb30584975d45ec0
- 153117aa54492ca955b540ac0a8c21c1be98e9f7dd8636a36d73581ec1ddcf58
- 18479a93fc2d5acd7d71d596f27a5834b2b236b44219bb08f6ca06cf760b74f6
- 18cf5795c2208d330bd297c18445a9e25238dd7f28a1a6ef55e2a9239f5748cd
- 1ee9649a2f9b2c8e0df318519e2f8b4641fd790a118445d7a0c0b3c02b1ba942
- 2cea0b740f338c513a6390e7951ff3371f44c7c928abf14675b49358a03a5d13
- 3b1d8dcbc8072b1ec10f5300c3ea9bb20db71bd8fa443d97332790b74584a115
- 3d96811de7419a8c090a671d001a85f2b1875243e5b38e6f927d9877d0ff9b0c
- 3da24cd3af9a383b731ce178b03c68a813ab30f4c7c8dfbc823a32816b9406fb
- 5550615affe077ddf66954edf132824e4f1fe16b3228e087942b0cad0721a6af
- 6edc067fc2301d7a972a654b3a07398d9c8cbe7bb38d1165b80ba4a13805e5ac
- 76e9988dad0278998861717c774227bf94112db548946ef617bfaa262cb5e338
- 9038ba1b7991ff38b802f28c0e006d12d466a8e374d2f2a83a039aabcbe76f5c
- 93745a6605a77f149471b41bd9027390c91373558f62058a7333eb72a26faf84
- aa60c1fae6a0ef3b9863f710e46f0a7407cf0feffa240b9a4661a4e8884ac627
- af5f102f0597db9f5e98068724e31d68b8f7c23baeea536790c50db587421102
- c87799cce6d65158da97aa31a5160a0a6b6dd5a89dea312604cc66ed5e976cc9
- cee801b7a901eb69cd166325ed3770daffcd9edd8113a961a94c8b9ddf318c88
- d07d4e71927cab4f251bcc216f560674c5fb783add9c9f956d3fc457153be025
- eff78c23790ee834f773569b52cddb01dc3c4dd9660f5a476af044ef6fe73894
- hxxp://abrahamseed.co[.]za//db_template.php
- hxxp://absfinancialplanning.co[.]za/images/db_template.php
- hxxp://advocatetn[.]com/font-awesome/fonts/db_template.php
- hxxp://africanpixels.zar[.]cc//db_template.php
- hxxp://agencereferencement[.]be/wp-admin/db_template.php
- hxxp://agencijazemil[.]com//db_template.php
- hxxp://agricolavicuna[.]cl//db_template.php
- hxxp://agropecuariavilarica.com[.]br//db_template.php
- hxxp://aguasdecastilla[.]com/uploads/db_template.php
- hxxp://agylub[.]com//db_template.php
- hxxp://ahc.me[.]uk//db_template.php
- hxxp://ahero-resource-center[.]org/administrator/db_template.php
- hxxp://ahmadhasanat[.]com//db_template.php
- hxxp://aianalytics[.]ie//db_template.php
- hxxp://aiko[.]pro//db_template.php
- hxxp://aiofotoevideo[.]com//db_template.php
- hxxp://aipa[.]ca//db_template.php
- hxxp://airesis[.]blog/wp-admin/db_template.php
- hxxp://airfanhydro[.]net//db_template.php
- hxxp://airminumtiro[.]com//db_template.php
- hxxp://al3abflash[.]biz//db_template.php
- hxxp://alainsaffel[.]com//db_template.php
- hxxp://alanrori[.]com//db_template.php
- hxxp://alaqaba[.]com/dnsarabia.com/db_template.php
- hxxp://alaskamaterials[.]com//db_template.php
- hxxp://alayhamtechnologies[.]com//db_template.php
- hxxp://albertaedmonton[.]com/widgetstyles/db_template.php
- hxxp://alcafricandatalab[.]com//db_template.php
- hxxp://alcafricanos[.]com/slsmonographs/db_template.php
- hxxp://alcatrazmoon[.]com/images/db_template.php
- hxxp://alcfm[.]net/wp-admin/db_template.php
- hxxp://alchamel[.]info//db_template.php
- hxxp://alchamelup[.]org/htdocs/db_template.php
- hxxp://alchemistasonida[.]com//db_template.php
- hxxp://alchimiegrafiche[.]net/bbdelteatro/db_template.php
- hxxp://alecattic[.]com/wp-includes/db_template.php
- hxxp://aleenasgiftbox[.]com/admin/db_template.php
- hxxp://aleksicdunja[.]com//db_template.php
- hxxp://alemaohost[.]com/lotosorg.com/db_template.php
- hxxp://alephit2[.]biz/kitzz/db_template.php
- hxxp://alessandroalessandrini[.]it//db_template.php
- hxxp://alessandrofoglino[.]com//db_template.php
- hxxp://alexanderbecker[.]net/services/db_template.php
- hxxp://alexcelts[.]com/wp/db_template.php
- hxxp://alexelgy[.]com/allaccess/db_template.php
- hxxp://alex-frost[.]com/assets/db_template.php
- hxxp://alexrocchi[.]com//db_template.php
- hxxp://alfatek-intelligence[.]com//db_template.php
- hxxp://alfredocifuentes[.]com//db_template.php
- hxxp://algarvesup[.]com//db_template.php
- hxxp://algihad[.]com/assets/db_template.php
- hxxp://alhidayahfoundation.co[.]uk/category/db_template.php
- hxxp://alisabyfinna[.]com//db_template.php
- hxxp://alisimple[.]si/wp-includes/db_template.php
- hxxp://alissanicolai[.]com/assets/db_template.php
- hxxp://aljaadi[.]com//db_template.php
- hxxp://alkousy[.]com//db_template.php
- hxxp://all2wedding[.]com/wp-includes/db_template.php
- hxxp://allaboutblockchain[.]net//db_template.php
- hxxp://alldomains-crm[.]com/bubblegumpopcorn.com/wp-admin/db_template.php
- hxxp://allegiancesecurity[.]org//db_template.php
- hxxp://allianz.com[.]pe/wp-admin/db_template.php
- hxxp://allisonplumbing[.]com/wp-includes/db_template.php
- hxxp://all-reseller[.]com/zzz_backup/db_template.php
- hxxp://allsporthealthandfitness[.]com//db_template.php
- hxxp://allthat[.]social//db_template.php
- hxxp://almatours[.]gr//db_template.php
- hxxp://almeriahotelja[.]com/dk/db_template.php
- hxxp://alnuzha[.]org/en/db_template.php
- hxxp://alorabrownies[.]com/wp-admin/db_template.php
- hxxp://alphabee[.]fund/phpmailer_5.2.0/db_template.php
- hxxp://alphaobring[.]com//db_template.php
- hxxp://alphasalesrecruitment[.]com//db_template.php
- hxxp://alsharhanstore[.]com//db_template.php
- hxxp://altcoinaddict[.]com//db_template.php
- hxxp://altosdefontana[.]com//db_template.php
- hxxp://altrablog[.]com//db_template.php
- hxxp://alwahahweb[.]com//db_template.php
- hxxp://alwake3press[.]com/wp-includes/db_template.php
- hxxp://always-beauty[.]ch//db_template.php
- hxxp://alxcorp[.]com//db_template.php
- hxxp://am1int.fcomet[.]com/wp1/db_template.php
- hxxp://amari[.]ro/components/db_template.php
- hxxp://amatikulutours[.]com/tmp/db_template.php
- hxxp://amazethings[.]com//db_template.php
- hxxp://amazingashwini[.]com//db_template.php
- hxxp://amazingenergysavings[.]net//db_template.php
- hxxp://ambiances-toiles[.]fr//db_template.php
- hxxp://ambulatorioveterinariocalusco[.]com/img/common/db_template.php
- hxxp://americabr.com[.]br//db_template.php
- hxxp://americanlegacies[.]org/webthed_ftw/db_template.php
- hxxp://americanwestmedia[.]com//db_template.php
- hxxp://amesoulcoaching[.]com//db_template.php
- hxxp://amiehepperlin[.]com//db_template.php
- hxxp://aminearserver[.]es//db_template.php
- hxxp://amirmenahem[.]com//db_template.php
- hxxp://amofoundation[.]org/wp-includes/db_template.php
- hxxp://amor-clubhotels[.]com//db_template.php
- hxxp://amordegato[.]es/storefront/db_template.php
- hxxp://ampli5yd[.]com//db_template.php
- hxxp://ampvita[.]com//db_template.php
- hxxp://amruthavana[.]com/blog/db_template.php
- hxxp://anahera[.]biz/admin/db_template.php
- hxxp://analternatif[.]com/includes/db_template.php
- hxxp://analystcnwang[.]com//db_template.php
- hxxp://analyticalfootball[.]com//db_template.php
- hxxp://anastasovsworkshop[.]com/wp-includes/db_template.php
- hxxp://andrasadam[.]com/tothildiko/wp-includes/db_template.php
- hxxp://andrespazsoldan[.]com//db_template.php
- hxxp://andrewfinnburhoe[.]com//db_template.php
- hxxp://andrewsbisom[.]com//db_template.php
- hxxp://andrew-snyder[.]net/bootstrap/db_template.php
- hxxp://androidphonetips[.]com/wp-includes/db_template.php
- hxxp://anet-international-group[.]com/shop/db_template.php
- hxxp://angar68[.]com//db_template.php
- hxxp://angel-seeds.com[.]ua/catalog/db_template.php
- hxxp://angelsongroup[.]com/wp-includes/db_template.php
- hxxp://anglero[.]com//db_template.php
- hxxp://angloglot[.]com//db_template.php
- hxxp://aniljoseph[.]com/servermon/db_template.php
- hxxp://animationpulse[.]net//db_template.php
- hxxp://animationshowreel.co[.]il//db_template.php
- hxxp://aniroleplay[.]net//db_template.php
- hxxp://annabelle[.]nl/next/db_template.php
- hxxp://annaplebanek[.]com//db_template.php
- hxxp://anngrigphoto[.]com//db_template.php
- hxxp://anotherpartofme[.]com/wp-includes/db_template.php
- hxxp://anthaigroup[.]vn//db_template.php
- hxxp://antjetaubert[.]de//db_template.php
- hxxp://antonhirvonen[.]com/pengalandet.se/wp-includes/db_template.php
- hxxp://antrismode[.]com/wp-includes/db_template.php
- hxxp://antucomp[.]com//db_template.php
- hxxp://anubandh[.]in//db_template.php
- hxxp://anuragcreatives[.]com//db_template.php
- hxxp://anxiousandunstoppable[.]com//db_template.php
- hxxp://anyeva[.]com/wp-includes/db_template.php
- hxxp://anythinglah[.]info//db_template.php
- hxxp://apalawyers[.]pt//db_template.php
- hxxp://aperta-armis[.]org//db_template.php
- hxxp://apiiination[.]com/leadership/db_template.php
- hxxp://apironco[.]com/wp-includes/db_template.php
- hxxp://apobiomedix[.]ca//db_template.php
- hxxp://apollonweb[.]com//db_template.php
- hxxp://apppriori[.]com//db_template.php
- hxxp://appsvoice[.]info//db_template.php
- hxxp://aqarco[.]com/wp-admin/db_template.php
- hxxp://aquaneeka.co[.]uk/wp-includes/db_template.php
- hxxp://arabellajo[.]com/wp/wp-includes/db_template.php
- hxxp://arabsdeals[.]com//db_template.php
- hxxp://arbruisseau[.]com/profiles/db_template.php
- hxxp://architectsinc[.]net//db_template.php
- hxxp://archwaycarpetscrm.co[.]uk//db_template.php
- hxxp://arctistrade[.]de/wp/db_template.php
- hxxp://arestihome[.]com//db_template.php
- hxxp://ar-rihla[.]com//db_template.php
- hxxp://asgen[.]org//db_template.php
- hxxp://bakron.co[.]za//db_template.php
- hxxp://balaateen.co[.]za/less/db_template.php
- hxxp://bc-u.co[.]uk//db_template.php
- hxxp://beehiveholdingszar.co[.]za//db_template.php
- hxxp://beesrenovations.co[.]za/images/db_template.php
- hxxp://benonicoc.co[.]za/resources/db_template.php
- hxxp://berped.co[.]za//db_template.php
- hxxp://best-digital-slr-cameras[.]com//db_template.php
- hxxp://bestencouragementwords[.]com//db_template.php
- hxxp://bios-chip.co[.]za//db_template.php
- hxxp://blackthorn.co[.]za//db_template.php
- hxxp://boardaffairs[.]com//db_template.php
- hxxp://breastfeedingbra.co[.]za//db_template.php
- hxxp://broken-arrow.co[.]za//db_template.php
- hxxp://buboobioinnovations.co[.]za/wpimages/db_template.php
- hxxp://burgercoetzeeattorneys.co[.]za//db_template.php
- hxxp://cafawelding.co[.]za/font-awesome/db_template.php
- hxxp://capetownway.co[.]za//db_template.php
- hxxp://capewindstrading.co[.]za//db_template.php
- hxxp://capitalradiopetition.co[.]za//db_template.php
- hxxp://capriflower.co[.]za//db_template.php
- hxxp://carlagrobler.co[.]za/components/db_template.php
- hxxp://cashforyousa.co[.]za//db_template.php
- hxxp://cazochem.co[.]za/cazochem/db_template.php
- hxxp://cdxtrading.co[.]za//db_template.php
- hxxp://centuriongsd.co[.]za//db_template.php
- hxxp://centuryacademy.co[.]za/css/db_template.php
- hxxp://ceramica.co[.]za//db_template.php
- hxxp://charispaarl.co[.]za//db_template.php
- hxxp://charliewestsecurity.co[.]za//db_template.php
- hxxp://chinamall.co[.]za//db_template.php
- hxxp://chrisdejager-attorneys.co[.]za//db_template.php
- hxxp://chrishanicdc[.]org/wpimages/db_template.php
- hxxp://clandecor.co[.]za/rvsutf8backup/db_template.php
- hxxp://clientcare.co[.]ls//db_template.php
- hxxp://cloudhostdesign[.]com//db_template.php
- hxxp://cloudhub.co[.]ls/modules/db_template.php
- hxxp://cmhts.co[.]za/resources/db_template.php
- hxxp://colenesphotography.co[.]za/modules/db_template.php
- hxxp://comfortex.co[.]za/php/db_template.php
- hxxp://comsip.org[.]mw//db_template.php
- hxxp://courtesydriving.co[.]za/js/db_template.php
- hxxp://crystaltidings.co[.]za//db_template.php
- hxxp://cupboardcure.co[.]za/vendor/db_template.php
- hxxp://debnoch[.]com/image/db_template.php
- hxxp://deepgraphics.co[.]za//db_template.php
- hxxp://delcom.co[.]za//db_template.php
- hxxp://delectronics.com[.]pk//db_template.php
- hxxp://desirablehair.co[.]za//db_template.php
- hxxp://dianakleyn.co[.]za/layouts/db_template.php
- hxxp://diegemmerkat.co[.]za//db_template.php
- hxxp://digitalblue.co[.]za//db_template.php
- hxxp://digital-cameras-south-africa.co[.]za/script/db_template.php
- hxxp://domesticguardians.co[.]za/banner/db_template.php
- hxxp://dpscdgkhan.edu[.]pk/shopping/db_template.php
- hxxp://eastrandmotorlab.co[.]za/fleet/db_template.php
- hxxp://ecs-consult[.]com//db_template.php
- hxxp://edgeforensic.co[.]za//db_template.php
- hxxp://edgesecurity.co[.]za/js/db_template.php
- hxxp://ednpk[.]com//db_template.php
- hxxp://embali.co[.]za//db_template.php
- hxxp://emware.co[.]za//db_template.php
- hxxp://entracorntrading.co[.]za//db_template.php
- hxxp://erniecommunications.co[.]za/js/db_template.php
- hxxp://evansmokaba[.]com/evansmokaba.com/thabiso/db_template.php
- hxxp://experttutors.co[.]za//db_template.php
- hxxp://fbrvolume.co[.]za//db_template.php
- hxxp://fccorp.co[.]za/php/db_template.php
- hxxp://fickstarelectrical.co[.]za//db_template.php
- hxxp://findinfo-more[.]com//db_template.php
- hxxp://firstchoiceproperties.co[.]za//db_template.php
- hxxp://fragranceoil.co[.]za//db_template.php
- hxxp://fsproperties.co[.]za/engine1/db_template.php
- hxxp://funeralbusinesssolution[.]com/email_template/db_template.php
- hxxp://funisalodge.co[.]za/data1/db_template.php
- hxxp://ganitis[.]gr//db_template.php
- hxxp://geetransfers.co[.]za/font-awesome/db_template.php
- hxxp://genesisbs.co[.]za//db_template.php
- hxxp://getabletravel.co[.]za/wpscripts/db_template.php
- hxxp://get-paid-for-online-survey[.]com//db_template.php
- hxxp://gideonitesprojects[.]com//db_template.php
- hxxp://glenbridge.co[.]za//db_template.php
- hxxp://glgroup.co[.]za/images/db_template.php
- hxxp://globalelectricalandconstruction.co[.]za/wpscripts/db_template.php
- hxxp://goldeninstitute.co[.]za/contents/db_template.php
- hxxp://greenacrestf.co[.]za/video/db_template.php
- hxxp://gsnconsulting.co[.]za//db_template.php
- hxxp://gvs.com[.]pk/font-awesome/db_template.php
- hxxp://habibtextiles[.]pk//db_template.php
- hxxp://hartenboswaterpark.co[.]za/templates/db_template.php
- hxxp://havilahglo.co[.]za/wpscripts/db_template.php
- hxxp://h-dubepromotions.co[.]za//db_template.php
- hxxp://heritagetravelmw[.]com//db_template.php
- hxxp://hesterwebber.co[.]za//db_template.php
- hxxp://highschoolsuperstar.co[.]za/files/db_template.php
- hxxp://hisandherskennels.co[.]za/php/db_template.php
- hxxp://hjb-racing.co[.]za/htdocs/db_template.php
- hxxp://hmholdings360.co[.]za//db_template.php
- hxxp://host4unix[.]net/host24new/db_template.php
- hxxp://h-u-i.co[.]za/heiren/db_template.php
- hxxp://hybridauto.co[.]za/photography/db_template.php
- hxxp://iggleconsulting[.]com//db_template.php
- hxxp://iiee.edu[.]pk//db_template.php
- hxxp://iinvest4u.co[.]za//db_template.php
- hxxp://immaculatepainters.co[.]za//db_template.php
- hxxp://in2accounting.co[.]za//db_template.php
- hxxp://incoso.co[.]za/images/db_template.php
- hxxp://indiba-africa.co[.]za//db_template.php
- hxxp://indlovusecurity.co[.]za//db_template.php
- hxxp://indocraft.co[.]za/test/db_template.php
- hxxp://insta-art.co[.]za//db_template.php
- hxxp://intelligentprotection.co[.]za//db_template.php
- hxxp://interafricaconsulting[.]com/wpimages/db_template.php
- hxxp://investaholdings.co[.]za/htc/db_template.php
- hxxp://iqra.co[.]za/pub/db_template.php
- hxxp://irshadfoundation.co[.]za//db_template.php
- hxxp://isibaniedu.co[.]za/admin/db_template.php
- hxxp://isound.co[.]za//db_template.php
- hxxp://itengineering.co[.]za/gatewaydiamond/db_template.php
- hxxp://jakobieducation.co[.]za//db_template.php
- hxxp://jdcorporate.co[.]za/catalog/db_template.php
- hxxp://jeanetteproperties.co[.]za//db_template.php
- hxxp://jhphotoedits.co[.]za//db_template.php
- hxxp://juniorad.co[.]za/vendor/db_template.php
- hxxp://jvpsfunerals.co[.]za//db_template.php
- hxxp://jwseshowe.co[.]za/assets/db_template.php
- hxxp://ladiescircle.co[.]za//db_template.php
- hxxp://ldams.org[.]ls/supplies/db_template.php
- hxxp://lensofafrica.co[.]za//db_template.php
- hxxp://lppaportal.org[.]ls//db_template.php
- hxxp://luxconprojects.co[.]za//db_template.php
- hxxp://menaboracks.co[.]za/tmp/db_template.php
- hxxp://mgamule.co[.]za/oldweb/db_template.php
- hxxp://mmetl.co[.]za//db_template.php
- hxxp://mokorotlocorporate[.]com//db_template.php
- hxxp://molepetravel.co[.]ls//db_template.php
- hxxp://muallematsela[.]com//db_template.php
- hxxp://oftheearthphotography[.]com/www/db_template.php
- hxxp://passright.co[.]za//db_template.php
- hxxp://printernet.co[.]za//db_template.php
- hxxp://proeventsports.co[.]za//db_template.php
- hxxp://promechtransport.co[.]za/scripts/db_template.php
- hxxp://rma-law.co[.]za//db_template.php
- hxxp://ryanchristiefurniture.co[.]za//db_template.php
- hxxps://agapeencounter[.]org//db_template.php
- hxxps://agiledepot[.]com//db_template.php
- hxxps://ahelicoptermom[.]com/wp-includes/db_template.php
- hxxps://aileeshop[.]com//db_template.php
- hxxps://alaskanharvestseafood[.]com/backup/db_template.php
- hxxps://albousala[.]com//db_template.php
- hxxps://alceharfield[.]com//db_template.php
- hxxps://aleoestudio[.]com/gallonature/db_template.php
- hxxps://aliart[.]nl//db_template.php
- hxxps://allday[.]gr//db_template.php
- hxxps://allmantravel[.]com/thumbs/db_template.php
- hxxps://allusdoctors[.]com/themes/db_template.php
- hxxps://almokan[.]net/wp-includes/db_template.php
- hxxps://al-mostakbl[.]com//db_template.php
- hxxps://alnahdatraining[.]com//db_template.php
- hxxps://aloefly[.]net//db_template.php
- hxxps://alphainvestors.com[.]au//db_template.php
- hxxps://alphawaves[.]org/wp-admin/db_template.php
- hxxps://alterwebhost[.]com//db_template.php
- hxxps://althurayaa[.]com//db_template.php
- hxxps://ambyenta[.]hr//db_template.php
- hxxps://americanbrasil.com[.]br//db_template.php
- hxxps://amiici[.]vision//db_template.php
- hxxps://amishcountryfurnishings[.]com//db_template.php
- hxxps://amooy[.]com/webservice/db_template.php
- hxxps://anbinni[.]ba/wp-admin/db_template.php
- hxxps://ancient-wisdoms[.]com//db_template.php
- hxxps://andihaas[.]at/wp-includes/db_template.php
- hxxps://angel-blanco[.]net/wp-includes/db_template.php
- hxxps://animeok.co[.]il//db_template.php
- hxxps://annodle[.]com//db_template.php
- hxxps://anotherdayinparadise[.]ca//db_template.php
- hxxps://aquabsafe[.]com//db_template.php
- hxxps://aquo[.]in//db_template.php
- hxxps://arbeidsrechtcentrum[.]nl//db_template.php
- hxxps://arbulario[.]com//db_template.php
- hxxps://archiotronic[.]com/wp-includes/db_template.php
- hxxps://arc-sec[.]net//db_template.php
- hxxps://arhiepiscopiabucurestilor[.]ro/templates/db_template.php
- hxxp://sefikengfarm.co[.]ls//db_template.php
- hxxp://seismicfactory.co[.]za//db_template.php
- hxxp://servicebox.co[.]za//db_template.php
- hxxp://signsoftime.co[.]za//db_template.php
- hxxp://skhaleni.co[.]za//db_template.php
- hxxp://sullivanprimary.co[.]za//db_template.php
- hxxps://www.aircafe24[.]com//db_template.php
- hxxps://www.air-mag[.]ro//db_template.php
- hxxps://www.airporttaxi-uk.co[.]uk/wp-includes/db_template.php
- hxxps://www.alakml[.]com/wp-admin/db_template.php
- hxxps://www.alexponcet[.]com/wp-includes/db_template.php
- hxxps://www.alfransia[.]com/wp-admin/db_template.php
- hxxps://www.allin-chain[.]com//db_template.php
- hxxps://www.alphapixa[.]com//db_template.php
- hxxps://www.alteaparadise[.]com/wp-includes/db_template.php
- hxxps://www.alvarezarquitectos[.]com//db_template.php
- hxxps://www.amateurastronomy[.]org//db_template.php
- hxxps://www.amazingbuyrd[.]com/admin/db_template.php
- hxxps://www.amighini[.]it/webservice/db_template.php
- hxxps://www.anatapackaging[.]com/vendors/db_template.php
- hxxps://www.ancamamara[.]com/wp-admin/db_template.php
- hxxps://www.angelesrevista[.]com//db_template.php
- hxxps://www.antojoentucocina[.]com//db_template.php
- hxxps://www.apliety.co[.]il/wp-includes/db_template.php
- hxxps://www.appster[.]it/wp-includes/db_template.php
- hxxps://www.buraqlubricant[.]com//db_template.php
- hxxps://www.cartridgecave.co[.]za//db_template.php
- hxxps://www.dopetroleum[.]com//db_template.php
- hxxps://www.engeltjieakademie.co[.]za//db_template.php
- hxxp://tcpbereka.co[.]za/js/db_template.php
- hxxp://thecompasssolutions.co[.]za//db_template.php
- hxxp://themotoringcalendar.co[.]za//db_template.php
- hxxp://verifiedseller.co[.]za/js/db_template.php
- hxxp://visionclinic.co[.]ls/visionclinic/db_template.php
- hxxp://vumavaluations.co[.]za//db_template.php
- hxxp://willpowerpos.co[.]za//db_template.php
- hxxp://winagainstebola[.]com//db_template.php
- hxxp://www.acer-parts.co[.]za//db_template.php
- hxxp://www.agencesylvieleclerc[.]com//db_template.php
- hxxp://www.agenceuhd[.]com//db_template.php
- hxxp://www.agirlgonewine[.]com/store/db_template.php
- hxxp://www.albertamechanical[.]ca//db_template.php
- hxxp://www.albertaprimebeef[.]com//db_template.php
- hxxp://www.alcalumni[.]com/wp-includes/db_template.php
- hxxp://www.alessioborzuola[.]com/downloads/db_template.php
- hxxp://www.alestilorachel[.]com//db_template.php
- hxxp://www.alexanderhomestead[.]com//db_template.php
- hxxp://www.alexandrasternin[.]com/illustration/db_template.php
- hxxp://www.alexjeffersonconsulting[.]com/wp-includes/db_template.php
- hxxp://www.alfredoposada[.]com//db_template.php
- hxxp://www.algom-law[.]com//db_template.php
- hxxp://www.aliandconsulting[.]com//db_template.php
- hxxp://www.alinn-u-yin[.]com//db_template.php
- hxxp://www.allbuyer.co[.]uk//db_template.php
- hxxp://www.allcopytoners[.]com//db_template.php
- hxxp://www.allstylus.com[.]br//db_template.php
- hxxp://www.allwestdental[.]com/wp-includes/db_template.php
- hxxp://www.almaarefut[.]com/admin/db_template.php
- hxxp://www.alpacal[.]com//db_template.php
- hxxp://www.altaica[.]ca/wordpress/db_template.php
- hxxp://www.ambientproperty[.]com//db_template.php
- hxxp://www.amerindgen[.]com/author/admin1/db_template.php
- hxxp://www.amexcars[.]info/tpl/db_template.php
- hxxp://www.amika[.]hr//db_template.php
- hxxp://www.amjobs.co[.]uk//db_template.php
- hxxp://www.amphibiblechurch[.]com//db_template.php
- hxxp://www.andreabelfi[.]com//db_template.php
- hxxp://www.androidwikihow[.]com//db_template.php
- hxxp://www.animationinisrael[.]org/tmp_images/db_template.php
- hxxp://www.antc[.]ch/wp-includes/db_template.php
- hxxp://www.antigonisworld[.]com/wp-includes/db_template.php
- hxxp://www.antirughenaturale[.]com/wp-admin/db_template.php
- hxxp://www.antoanetapalikarska[.]com//db_template.php
- hxxp://www.apmequestrian[.]com//db_template.php
- hxxp://www.aprendiendoencasa[.]com/wp-includes/db_template.php
- hxxp://www.aptibet[.]org//db_template.php
- hxxp://www.arabgamenetwork[.]com//db_template.php
- hxxp://www.arabiccasinochoice[.]com//db_template.php
- hxxp://www.ariehandomri[.]com//db_template.php
- hxxp://www.bashancorp.co[.]za//db_template.php
- hxxp://www.bestdecorativemirrors[.]com/more-mirrors/db_template.php
- hxxp://www.bitp.co[.]za//db_template.php
- hxxp://www.britishasia-equip.co[.]uk//db_template.php
- hxxp://www.buhlebayoacademy[.]com//db_template.php
- hxxp://www.centreforgovernance[.]uk//db_template.php
- hxxp://www.crissamconsulting.co[.]za//db_template.php
- hxxp://www.daleth.co[.]za//db_template.php
- hxxp://www.digitalmedia.co[.]za//db_template.php
- hxxp://www.dingaanassociates.co[.]za//db_template.php
- hxxp://www.duotonedigital.co[.]za//db_template.php
- hxxp://www.dws-gov.co[.]za//db_template.php
- hxxp://www.easy-home-sales.co[.]za//db_template.php
- hxxp://www.edesignz.co[.]za//db_template.php
- hxxp://www.eloquent.co[.]za/nweb2/db_template.php
- hxxp://www.fun4kidz.co[.]za//db_template.php
- hxxp://www.galwayprimary.co[.]za//db_template.php
- hxxp://www.generictoners.co[.]za//db_template.php
- hxxp://www.getcord.co[.]za//db_template.php
- hxxp://www.gilforsenate[.]com//db_template.php
- hxxp://www.gsmmid[.]com//db_template.php
- hxxp://www.harmonyguesthouse.co[.]za//db_template.php
- hxxp://www.hfhl.org[.]ls/habitat/db_template.php
- hxxp://www.humorcarbons[.]com//db_template.php
- hxxp://www.iancullen.co[.]za//db_template.php
- hxxp://www.icsswaziland[.]com//db_template.php
- hxxp://www.ihlosiqs-pm.co[.]za//db_template.php
- hxxp://www.infratechconsulting[.]com//db_template.php
- hxxp://www.khotsonglodge.co[.]ls//db_template.php
- hxxp://www.loansonhomes.co[.]za//db_template.php
- hxxp://www.m-3.co[.]za//db_template.php
- hxxp://www.malboer.co[.]za/trendy1/db_template.php
- hxxp://www.mikimaths[.]com//db_template.php
- hxxp://www.rejoicetheatre[.]com//db_template.php
- hxxp://www.tanati.co[.]za//db_template.php
- hxxp://www.tonaro.co[.]za//db_template.php
Tip: 928 related IOCs (0 IP, 454 domain, 454 URL, 0 email, 20 file hash) to this threat have been found.
Overlaps
MuddyWaterMuddyWater Espionage Campaign: A Deep Dive into Malware and Tactics
Source: Picussecurity - March 2022
Detection (nine cases): 009cc0f34f60467552ef79c3892c501043c972be55fe936efb30584975d45ec0, 18cf5795c2208d330bd297c18445a9e25238dd7f28a1a6ef55e2a9239f5748cd, 3d96811de7419a8c090a671d001a85f2b1875243e5b38e6f927d9877d0ff9b0c, 3da24cd3af9a383b731ce178b03c68a813ab30f4c7c8dfbc823a32816b9406fb, 6edc067fc2301d7a972a654b3a07398d9c8cbe7bb38d1165b80ba4a13805e5ac, 76e9988dad0278998861717c774227bf94112db548946ef617bfaa262cb5e338, af5f102f0597db9f5e98068724e31d68b8f7c23baeea536790c50db587421102, c87799cce6d65158da97aa31a5160a0a6b6dd5a89dea312604cc66ed5e976cc9, d07d4e71927cab4f251bcc216f560674c5fb783add9c9f956d3fc457153be025
MuddyWaterMuddyWater APT's Spear Phishing Campaigns Target Middle East's Sectors
Source: NetWitness - October 2018
Detection (three cases): ambiances-toiles[.]fr, hmholdings360.co[.]za, themotoringcalendar.co[.]za
MuddyWaterCyber Espionage Evolution: MuddyWater’s Obfuscation Techniques and Anti-Analysis Measures
Source: Security 0wnage - May 2018
Detection (228 cases): 18cf5795c2208d330bd297c18445a9e25238dd7f28a1a6ef55e2a9239f5748cd, 76e9988dad0278998861717c774227bf94112db548946ef617bfaa262cb5e338, abrahamseed.co[.]za, absfinancialplanning.co[.]za, africanpixels.zar[.]cc, agricolavicuna[.]cl, ahmadhasanat[.]com, alceharfield[.]com, alchimiegrafiche[.]net, alessandrofoglino[.]com, alfredocifuentes[.]com, aliart[.]nl, all2wedding[.]com, allianz.com[.]pe, allisonplumbing[.]com, allsporthealthandfitness[.]com, alphaobring[.]com, alterwebhost[.]com, amatikulutours[.]com, ambiances-toiles[.]fr, amesoulcoaching[.]com, amishcountryfurnishings[.]com, angar68[.]com, annodle[.]com, anotherdayinparadise[.]ca, anubandh[.]in, apalawyers[.]pt, apollonweb[.]com, aqarco[.]com, aquabsafe[.]com, arabsdeals[.]com, architectsinc[.]net, arhiepiscopiabucurestilor[.]ro, bakron.co[.]za, balaateen.co[.]za, beehiveholdingszar.co[.]za, beesrenovations.co[.]za, berped.co[.]za, best-digital-slr-cameras[.]com, bestencouragementwords[.]com, bios-chip.co[.]za, blackthorn.co[.]za, boardaffairs[.]com, breastfeedingbra.co[.]za, broken-arrow.co[.]za, buboobioinnovations.co[.]za, burgercoetzeeattorneys.co[.]za, cafawelding.co[.]za, capetownway.co[.]za, capewindstrading.co[.]za, capitalradiopetition.co[.]za, capriflower.co[.]za, carlagrobler.co[.]za, cashforyousa.co[.]za, cazochem.co[.]za, cdxtrading.co[.]za, centuriongsd.co[.]za, centuryacademy.co[.]za, ceramica.co[.]za, charispaarl.co[.]za, charliewestsecurity.co[.]za, chinamall.co[.]za, chrisdejager-attorneys.co[.]za, chrishanicdc[.]org, clandecor.co[.]za, cloudhub.co[.]ls, cmhts.co[.]za, colenesphotography.co[.]za, comfortex.co[.]za, comsip.org[.]mw, courtesydriving.co[.]za, crystaltidings.co[.]za, cupboardcure.co[.]za, debnoch[.]com, deepgraphics.co[.]za, delcom.co[.]za, delectronics.com[.]pk, desirablehair.co[.]za, dianakleyn.co[.]za, diegemmerkat.co[.]za, digital-cameras-south-africa.co[.]za, domesticguardians.co[.]za, dpscdgkhan.edu[.]pk, eastrandmotorlab.co[.]za, ecs-consult[.]com, edgeforensic.co[.]za, ednpk[.]com, embali.co[.]za, emware.co[.]za, entracorntrading.co[.]za, erniecommunications.co[.]za, evansmokaba[.]com, experttutors.co[.]za, fbrvolume.co[.]za, fccorp.co[.]za, fickstarelectrical.co[.]za, findinfo-more[.]com, firstchoiceproperties.co[.]za, fragranceoil.co[.]za, fsproperties.co[.]za, funeralbusinesssolution[.]com, funisalodge.co[.]za, geetransfers.co[.]za, genesisbs.co[.]za, get-paid-for-online-survey[.]com, getabletravel.co[.]za, gideonitesprojects[.]com, glenbridge.co[.]za, glgroup.co[.]za, globalelectricalandconstruction.co[.]za, goldeninstitute.co[.]za, greenacrestf.co[.]za, gsnconsulting.co[.]za, gvs.com[.]pk, h-dubepromotions.co[.]za, h-u-i.co[.]za, habibtextiles[.]pk, hartenboswaterpark.co[.]za, havilahglo.co[.]za, heritagetravelmw[.]com, hesterwebber.co[.]za, highschoolsuperstar.co[.]za, hisandherskennels.co[.]za, hjb-racing.co[.]za, hmholdings360.co[.]za, host4unix[.]net, hybridauto.co[.]za, iggleconsulting[.]com, iiee.edu[.]pk, iinvest4u.co[.]za, immaculatepainters.co[.]za, in2accounting.co[.]za, incoso.co[.]za, indiba-africa.co[.]za, indlovusecurity.co[.]za, indocraft.co[.]za, insta-art.co[.]za, intelligentprotection.co[.]za, investaholdings.co[.]za, iqra.co[.]za, irshadfoundation.co[.]za, isibaniedu.co[.]za, isound.co[.]za, itengineering.co[.]za, jakobieducation.co[.]za, jdcorporate.co[.]za, jeanetteproperties.co[.]za, jhphotoedits.co[.]za, juniorad.co[.]za, jvpsfunerals.co[.]za, jwseshowe.co[.]za, ladiescircle.co[.]za, ldams.org[.]ls, lensofafrica.co[.]za, lppaportal.org[.]ls, luxconprojects.co[.]za, menaboracks.co[.]za, mgamule.co[.]za, mokorotlocorporate[.]com, molepetravel.co[.]ls, muallematsela[.]com, oftheearthphotography[.]com, passright.co[.]za, printernet.co[.]za, proeventsports.co[.]za, promechtransport.co[.]za, ryanchristiefurniture.co[.]za, sefikengfarm.co[.]ls, seismicfactory.co[.]za, servicebox.co[.]za, signsoftime.co[.]za, sullivanprimary.co[.]za, tcpbereka.co[.]za, thecompasssolutions.co[.]za, themotoringcalendar.co[.]za, verifiedseller.co[.]za, visionclinic.co[.]ls, vumavaluations.co[.]za, willpowerpos.co[.]za, winagainstebola[.]com, www.acer-parts.co[.]za, www.alessioborzuola[.]com, www.alfredoposada[.]com, www.algom-law[.]com, www.alvarezarquitectos[.]com, www.amateurastronomy[.]org, www.amighini[.]it, www.amphibiblechurch[.]com, www.andreabelfi[.]com, www.androidwikihow[.]com, www.animationinisrael[.]org, www.antojoentucocina[.]com, www.ariehandomri[.]com, www.bashancorp.co[.]za, www.bestdecorativemirrors[.]com, www.britishasia-equip.co[.]uk, www.buhlebayoacademy[.]com, www.cartridgecave.co[.]za, www.centreforgovernance[.]uk, www.crissamconsulting.co[.]za, www.daleth.co[.]za, www.dingaanassociates.co[.]za, www.duotonedigital.co[.]za, www.dws-gov.co[.]za, www.easy-home-sales.co[.]za, www.edesignz.co[.]za, www.engeltjieakademie.co[.]za, www.fun4kidz.co[.]za, www.galwayprimary.co[.]za, www.generictoners.co[.]za, www.getcord.co[.]za, www.gilforsenate[.]com, www.gsmmid[.]com, www.harmonyguesthouse.co[.]za, www.hfhl.org[.]ls, www.humorcarbons[.]com, www.iancullen.co[.]za, www.icsswaziland[.]com, www.ihlosiqs-pm.co[.]za, www.infratechconsulting[.]com, www.khotsonglodge.co[.]ls, www.loansonhomes.co[.]za, www.m-3.co[.]za, www.malboer.co[.]za, www.mikimaths[.]com, www.rejoicetheatre[.]com, www.tanati.co[.]za, www.tonaro.co[.]za
MuddyWaterMuddyWater Resurfaces: Cyber Attacks Target Turkey, Pakistan, and Tajikistan
Source: Trend Micro - March 2018
Detection (18 cases): 009cc0f34f60467552ef79c3892c501043c972be55fe936efb30584975d45ec0, 153117aa54492ca955b540ac0a8c21c1be98e9f7dd8636a36d73581ec1ddcf58, 18479a93fc2d5acd7d71d596f27a5834b2b236b44219bb08f6ca06cf760b74f6, 18cf5795c2208d330bd297c18445a9e25238dd7f28a1a6ef55e2a9239f5748cd, 1ee9649a2f9b2c8e0df318519e2f8b4641fd790a118445d7a0c0b3c02b1ba942, 2cea0b740f338c513a6390e7951ff3371f44c7c928abf14675b49358a03a5d13, 3b1d8dcbc8072b1ec10f5300c3ea9bb20db71bd8fa443d97332790b74584a115, 3d96811de7419a8c090a671d001a85f2b1875243e5b38e6f927d9877d0ff9b0c, 3da24cd3af9a383b731ce178b03c68a813ab30f4c7c8dfbc823a32816b9406fb, 6edc067fc2301d7a972a654b3a07398d9c8cbe7bb38d1165b80ba4a13805e5ac, 76e9988dad0278998861717c774227bf94112db548946ef617bfaa262cb5e338, 9038ba1b7991ff38b802f28c0e006d12d466a8e374d2f2a83a039aabcbe76f5c, 93745a6605a77f149471b41bd9027390c91373558f62058a7333eb72a26faf84, aa60c1fae6a0ef3b9863f710e46f0a7407cf0feffa240b9a4661a4e8884ac627, af5f102f0597db9f5e98068724e31d68b8f7c23baeea536790c50db587421102, cee801b7a901eb69cd166325ed3770daffcd9edd8113a961a94c8b9ddf318c88, d07d4e71927cab4f251bcc216f560674c5fb783add9c9f956d3fc457153be025, eff78c23790ee834f773569b52cddb01dc3c4dd9660f5a476af044ef6fe73894
Hint: Overlaps are extracted automatically by examining the IOCs associated with all indexed threats and actors.