otx.alienvault.com
Open in
urlscan Pro
13.32.121.8
Public Scan
URL:
https://otx.alienvault.com/pulse/624f0d6039be61f29b5f463c?scan=1&utm_userid=swimlanecyou&utm_medium=inproduct&utm_source=ot...
Submission: On April 07 via api from US — Scanned from DE
Submission: On April 07 via api from US — Scanned from DE
Form analysis 1 forms found in the DOM
<form _ngcontent-byx-c132="" novalidate="" class="login ng-untouched ng-pristine ng-invalid" id="welcomeLoginForm-pulse-detail" __bizdiag="-695151727" __biza="WJ__">
<div _ngcontent-byx-c132="" class="form-group"><label _ngcontent-byx-c132="" for="id_login">Username</label><input _ngcontent-byx-c132="" container="body" formcontrolname="login" id="id_login" name="login" placement="right" type="text"
class="form-control input-alienvault ng-untouched ng-pristine ng-invalid"><!----></div>
<div _ngcontent-byx-c132="" class="form-group"><label _ngcontent-byx-c132="" for="id_password">Password</label><input _ngcontent-byx-c132="" container="body" formcontrolname="password" id="id_password" name="password" placement="right"
type="password" class="form-control input-alienvault ng-untouched ng-pristine ng-invalid"><!----></div><button _ngcontent-byx-c132="" id="loginBtn" type="submit" class="btn btn-att disabled" disabled=""> Log in
<i _ngcontent-byx-c132="" aria-hidden="true" class="fa fa-chevron-right smaller"></i></button>
<div _ngcontent-byx-c132="" class="remember-checkbox"><label _ngcontent-byx-c132=""><input _ngcontent-byx-c132="" id="id_remember" name="remember" type="checkbox"> REMEMBER ME</label></div>
</form>Text Content
× * Browse * Scan Endpoints * Create Pulse * Submit Sample * API Integration * Login | Sign Up All * Login | Sign Up * Share Actions Subscribers (182376) Suggest Edit Clone Embed Download Report Spam ADVERSARIAL THREAT REPORT - APRIL 2022 * Created 29 minutes ago by AlienVault * Public * TLP: White Cyber espionage actors typically target people across the internet to collect intelligence, manipulate them into revealing information, and compromise their devices and accounts. Researchers identified a group of hackers from Iran, known in the security industry as UNC788, that targeted people in the Middle East, including Saudi military, dissidents and human rights activists from Israel and Iran, politicians in the US, and Iran-focused academics, activists and journalists around the world. Reference: https://about.fb.com/wp-content/uploads/2022/04/Meta-Quarterly-Adversarial-Threat-Report_Q1-2022.pdf Tags: HilalRAT, Meta, Facebook, NGOs, Geopolitical conflict, UNC788, VMware Adversary: UNC788 Industries: Energy, Finance, Government, NGO Targeted Countries: United States of America , Canada , Germany , United Arab Emirates , Norway , Iceland , Israel , India , Azerbaijan , Saudi Arabia , Brazil , Ukraine , Nigeria , Cameroon , Gambia , Zimbabwe , Congo Malware Family: HilalRAT Att&ck IDs: T1102 - Web Service , T1017 - Application Deployment Software , T1498 - Network Denial of Service , T1499 - Endpoint Denial of Service , T1192 - Spearphishing Link , T1566 - Phishing , T1021 - Remote Services , T1081 - Credentials in Files , T1119 - Automated Collection Endpoint Security Scan your endpoints for IOCs from this Pulse! Learn more * Indicators of Compromise (79) * Related Pulses (6) * Comments (0) * History (0) FileHash-MD5 (7)Hostname (10)FileHash-SHA1 (1)Domain (57)FileHash-SHA256 (1)URL (3) TYPES OF INDICATORS Show 10 25 50 100 entries Search: type indicator Role title Added Active related Pulses hostnamevote2021.w3spaces.comApr 7, 2022, 4:12:17 PM1 hostnameupdatedns.ddns.netApr 7, 2022, 4:12:17 PM1 hostnameupdateddns.ddns.netApr 7, 2022, 4:12:17 PM1 hostnamesignin.dedyn.ioApr 7, 2022, 4:12:17 PM4 hostnamemarket.vinam.meApr 7, 2022, 4:12:17 PM1 hostnamemarket.dedyn.ioApr 7, 2022, 4:12:17 PM1 hostnamegetadobe.ddns.netApr 7, 2022, 4:12:17 PM1 hostnameenerflex.ddns.netApr 7, 2022, 4:12:17 PM1 hostnamedefenderupdate.ddns.netApr 7, 2022, 4:12:17 PM1 hostnamearchery.dedyn.ioApr 7, 2022, 4:12:17 PM1 SHOWING 1 TO 10 OF 79 ENTRIES 1 2 3 4 5 ... 8 Next COMMENTS You must be logged in to leave a comment. Refresh Comments * © Copyright 2022 AlienVault, Inc. * Legal * Status Login to Initiate Scan × * Sign Up * Log In or Username Password Log in REMEMBER ME Recover Your Password | Resend Verification Email