otx.alienvault.com
Open in
urlscan Pro
99.86.4.57
Public Scan
URL:
https://otx.alienvault.com/pulse/6308c120cac2d8874c250093
Submission: On August 28 via api from DE — Scanned from DE
Submission: On August 28 via api from DE — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
× * Browse * Scan Endpoints * Create Pulse * Submit Sample * API Integration * Login | Sign Up All * Login | Sign Up * Share Actions Subscribers (199214) Suggest Edit Clone Embed Download Report Spam MERCURY LEVERAGING LOG4J 2 VULNERABILITIES IN UNPATCHED SYSTEMS TO TARGET ISRAELI ORGANIZATIONS * Created 2 days ago by AlienVault * Public * TLP: White Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Research Team detected Iran-based threat actor MERCURY leveraging exploitation of Log4j 2 vulnerabilities in SysAid applications against organizations all located in Israel. MSTIC assesses with high confidence that MERCURY’s observed activity was affiliated with Iran’s Ministry of Intelligence and Security (MOIS). Reference: https://www.microsoft.com/security/blog/2022/08/25/mercury-leveraging-log4j-2-vulnerabilities-in-unpatched-systems-to-target-israeli-organizations/ Tags: MERCURY, Iran, Log4j, SysAid Adversary: MERCURY Malware Family: MERCURY Att&ck IDs: T1059 - Command and Scripting Interpreter , T1547 - Boot or Logon Autostart Execution , T1114 - Email Collection Endpoint Security Scan your endpoints for IOCs from this Pulse! Learn more * Indicators of Compromise (20) * Related Pulses (70) * Comments (0) * History (0) IPv4 (2)URL (1)CVE (2)FileHash-SHA256 (11)FileHash-MD5 (2)FileHash-SHA1 (2) TYPES OF INDICATORS France (2) THREAT INFRASTRUCTURE Show 10 25 50 100 entries Search: type indicator Role title Added Active related Pulses URLhttp://sygateway.comAug 26, 2022, 12:48:33 PM2 IPv491.121.240.104Aug 26, 2022, 12:48:33 PM2 FileHash-SHA256e81a8f8ad804c4d83869d7806a303ff04f31cce376c5df8aada2e9db2c1eeb98HackTool:Win32/Mikatz!dhaAug 26, 2022, 12:48:33 PM15 FileHash-SHA256e4ca146095414dbe44d9ba2d702fd30d27214af5a0378351109d5f91bb69cdb6Aug 26, 2022, 12:48:33 PM2 FileHash-SHA256d2e2a0033157ff02d3668ef5cc56cb68c5540b97a359818c67bd3e37691b38c6Aug 26, 2022, 12:48:33 PM2 FileHash-SHA256bbfee9ef90814bf41e499d9608647a29d7451183e7fe25f472c56db9133f7e40Aug 26, 2022, 12:48:33 PM2 FileHash-SHA256b8206d45050df5f886afefa25f384bd517d5869ca37e08eba3500cda03bddfefAug 26, 2022, 12:48:33 PM2 FileHash-SHA25687f317bbba0f50d033543e6ebab31665a74c206780798cef277781dfdd4c3f2fAug 26, 2022, 12:48:33 PM2 FileHash-SHA256416e937fb467b7092b9f038c1f1ea5ca831dd19ed478cca444a656b5d9440bb4Aug 26, 2022, 12:48:33 PM2 FileHash-SHA2563ca1778cd4c215f0f3bcfdd91186da116495f2d9c30ec22078eb4061ae4b5b1bAug 26, 2022, 12:48:33 PM2 SHOWING 1 TO 10 OF 20 ENTRIES 1 2 Next COMMENTS You must be logged in to leave a comment. Refresh Comments * © Copyright 2022 AlienVault, Inc. * Legal * Status