2010-04-23 MA-228.042010 MyCERT Advisory - Phishing Attempts Targeting Public Bank Malaysia Users

📃Title: MA-228.042010: MyCERT Advisory - Phishing Attempts Targeting Public Bank Malaysia Users
📅Date: 2010-04-23
🔗References:

• https://www.mycert.org.my/portal/advisory?id=MA-228.042010

🔖Rectifyq Taxonomies:

• relevancy: 🔴 Highly Relevant
• category: ⚔Threat
• sub-category: intrusion-analysis
• target: targeted
• MY-relevancy: relevant

🔖MISP Galaxies:

• target-information=“Malaysia”
• sector=“Finance”
• f3b46834-6ce9-44ef-852d-d7ac61a12920=“9a3d582c-4d26-4567-8330-9493d20f12bd”
• producer 4a61b42d-e3f0-4964-9d88-4aa96e24c31d
• mitre-attack-pattern=[‘T1192’, ‘T1566.002’, ‘T1583’, ‘T1583.001’, ‘T1584.001’]

MISP event uuid: 5bd7530a-8cdf-4972-ae74-2e25e508ef73

Indicator of Compromise (IoCs)

type,value,comment
url, http://ww2-restore-public.com/online/2, 'URL Listed as phishing'
url, http://202.160.121.70/pbm/, 'URL Listed as phishing'
url, http://www2-public-restore.com/public/, 'URL Listed as phishing'
url, http://adsl-67-124-130-3.dsl.sktn01.pacbell.net/, 'URL Listed as phishing'
url, http://84.12.39.139/www2.publicbank.com.my/?main.html/, 'URL Listed as phishing'
url, http://78.146.159.50/ww2.publicbank.com.my/?main.html/, 'URL Listed as phishing'
url, http://pbebankingonline.com/hxxp://update-info-pbebnk-no233.com/, 'URL Listed as phishing'
url, 9hxxp://ww2-public-online.com/online/, 'URL Listed as phishing'
url, http://pbebnk-akaun-anda-telah-dikunci-no23.com/, 'URL Listed as phishing'
url, http://www.publicbanksecurity.com/, 'URL Listed as phishing'
url, http://www.public-contact.net/contact/, 'URL Listed as phishing'
url, http://www.secret-public.com/online/14, 'URL Listed as phishing'
url, http://publicbunki.com/index.html, 'URL Listed as phishing'
url, http://publicbunkmy.com/index.html, 'URL Listed as phishing'
url, http://publicbnksetupalert.com/index.html, 'URL Listed as phishing'
url, http://www.epublic-online.com/public/, 'URL Listed as phishing'
url, http://vps-115-146-23-18.secure.ne.jp/oublic-bank/securityLogin/, 'URL Listed as phishing'
url, http://pbebnk-alert-message-no435.com/index.html, 'URL Listed as phishing'
url, http://www.notification-public.com/Pub.html, 'URL Listed as phishing'
url, http://mpal.gotadsi.co.uk/public.html, 'URL Listed as phishing'
url, http://adsi-70-254-61-113.dsi.lgvwtx.sbcglobal.net/, 'URL Listed as phishing'
url, http://public-bank.ath.cx/public-bank/securityLogin/25, 'URL Listed as phishing'
url, http://0x545ce1f4/ww2.publicbank.com.my/?main.html/, 'URL Listed as phishing'
url, http://84.92.225.244/ww2.publicbank.com.my/?main.html, 'URL Listed as phishing'
url, http://0x43320b92/www2.publicbank.com.my/?main.html/, 'URL Listed as phishing'
url, http://host-208-68-236-112.biznesshosting.net, 'URL Listed as phishing'
url, http://adsl-68-21-83-141.dsi.ipitin.ameritech.net/public/, 'URL Listed as phishing'
url, http://dsi-65-202.utaonline.at/ww2/pbe/, 'URL Listed as phishing'
url, http://dsl-65-202.utaonline.at/ww2/obe/, 'URL Listed as phishing'
url, http://www.public-pbe.org/, 'URL Listed as phishing'
url, http://www.public-pbe.com/, 'URL Listed as phishing'
url, http://www.kioru90.com/pbe/, 'URL Listed as phishing'
url, http://c-68-63-109-23.hsd1.pa.comcast.net/www2/publicbank-my/, 'URL Listed as phishing'
url, http://modemcable062.85-70-69.static.videotron.ca/ww2/pbe/, 'URL Listed as phishing'
url, http://craigist-alert-message-no2311.com/, 'URL Listed as phishing'
url, http://202-176-88-112.static.asianet.co.th/online/pbe-bnk.com.my/main/, 'URL Listed as phishing'
url, http://mercury.delhitel.net/brandon/publicbank/index.html, 'URL Listed as phishing'
url, http://128.121.116.118/admin/ww2.publicbank.com.my/, 'URL Listed as phishing'
url, http://www.mpmteh.ro/www2/, 'URL Listed as phishing'
url, http://c-68-58-157-227.hsd1.il.comcast.net/online/pbe/main.html/, 'URL Listed as phishing'
url, http://c-68-60-231-80.hsd1.il.comcast.net/public/pbeonline/, 'URL Listed as phishing'
url, http://70-90-37-253-michigan.hfc.comcastbusiness.net/publicberhad/main/, 'URL Listed as phishing'
url, http://c-68-50-100-49.hsd1.md.comcast.net/secure/pbe/online/, 'URL Listed as phishing'
url, http://c-68-46-158-232.hsd1.nj.comcast.net/secure/online/pbebank/, 'URL Listed as phishing'
url, http://c-68-46-39-161.hsd1.nj.comcast.net/publicbank.my/pbe/secure/, 'URL Listed as phishing'
url, http://98.189.183.73/ww2.publicbank.com.my/?main.html/, 'URL Listed as phishing'
url, http://adsl-068-016-098-216.sip.asm.bellsouth.net/www2/pbe/, 'URL Listed as phishing'
url, http://83.104.77.162/ww2.publicbank.com.my/?main.html, 'URL Listed as phishing'
url, http://0x53684da2/ww2.publicbank.com.my/?main.html, 'URL Listed as phishing'
url, http://host-70-45-103-216.onelinkpr.net/, 'URL Listed as phishing'
url, http://www.fortunella.ru/manager/media/browser/mcpuk/images/icons/32/main.ht, 'URL Listed as phishing'
url, http://5882flower.com/sec/log/login.htm, 'URL Listed as phishing'
url, http://adsl-68-21-83-141.dsl.ipltin.ameritech.net/public/, ''

Full IOCs available in Rectifyq's MISP```