HT ZeroDays #168
Comments
|
i'm going to wait on this one. Will add it after a few more weeks. |
|
Yeah good call - there are at least 5 distinct articles on different groups using these already |
|
Another HT related article: |
ghost
added
the
|
@kbandla also add this one in, closing out the origin ticket: http://blog.shadowserver.org/2015/08/10/the-italian-connection-an-analysis-of-exploit-supply-chains-and-digital-quartermasters/ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
http://researchcenter.paloaltonetworks.com/2015/07/apt-group-ups-targets-us-government-with-hacking-team-flash-exploit/
http://blog.trendmicro.com/trendlabs-security-intelligence/an-in-depth-look-at-how-pawn-storms-java-zero-day-was-used/
Indicators
UPS
a2fe113cc13acac2bb79a375f692b8ba5cc2fa880272adc7ab0d01f839e877ff
Domains
rpt.perrydale[.]com
report.perrydale[.]com
IPs
194.44.130[.]179
URLs
rpt.perrydale[.]com /en/show.swf
report.perrydale[.]com /ema/show.swf
rpt.perrydale[.]com /en/b.gif
report.perrydale[.]com /ema/b,gif
PawnStorm
192[.]111[.]146[.]185 (direct to IP call)
www[.]acledit[.]com
www[.]biocpl[.]org
The text was updated successfully, but these errors were encountered: