New TTPs observed in Mint Sandstorm campaign targeting high-profile individuals at universities and research orgs [Thursday, January 18, 2024]

Since November 2023, Microsoft has observed a distinct subset of Mint Sandstorm (PHOSPHORUS) targeting high-profile individuals working on Middle E...
New TTPs observed in Mint Sandstorm campaign targeting high-profile individuals at universities and research orgs [Thursday, January 18, 2024]
New TTPs observed in Mint Sandstorm campaign targeting high-profile individuals at universities and research orgs
Report

New TTPs observed in Mint Sandstorm campaign targeting high-profile individuals at universities and research orgs

Description :
Since November 2023, Microsoft has observed a distinct subset of Mint Sandstorm (PHOSPHORUS) targeting high-profile individuals working on Middle Eastern affairs at universities and research organizations in Belgium, France, Gaza, Israel, the United Kingdom, and the United States. In this campaign, Mint Sandstorm used bespoke phishing lures in an attempt to socially engineer targets into downloading malicious files. In a handful of cases, Microsoft observed new post-intrusion tradecraft including the use of a new, custom backdoor called MediaPl.

Published Created Modified
2024-01-18 12:43:01 2024-01-18 12:43:01 2024-01-18 12:58:09

Tags

Indicators

Domains :
  • coral-polydactyl-dragonfruit.glitch.me
  • epibvgvoszemkwjnplyc.supabase.co
  • east-healthy-dress.glitch.me
  • ndrrftqrlblfecpupppp.supabase.co
  • kwhfibejjyxregxmnpcs.supabase.co
  • cloud-document-edit.onrender.com
Malwares :
  • MischiefTut
  • MediaPl
Hashes :
  • f2dec56acef275a0e987844e98afcc44bf8b83b4661e83f89c6a2a72c5811d5f
Intrusion set :
  • Mint Sandstorm
Location :
  • Belgium
  • France
  • Israel
  • United Kingdom of Great Britain and Northern Ireland
  • United States of America
MITRE ATT&CK Techniques :

External References

You can download the txt file containing the indicators by clicking on the button below:

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.