Posts

Showing posts from November, 2018

Operation JOKAA(RR)

Image
Operation JOKAA(RR) Follow Up to Operation Desert Eagle OSI Actor: Mole Rats / Gaza Cybergang EXECUTIVE SUMMARY Operation JOKAA(RR) Operation JOKAA(RR) looks into the continued activities of the Mole Rats/Gaza Cybergang Threat Actor and their new TTPS. This report builds on their previous activities as found in: Operation Desert Eagle (Malware_Party) http://mymalwareparty.blogspot.com/2017/07/operation-desert-eagle.html Gaza Cybergang (Kaspersky SecureList) https://securelist.com/gaza-cybergang-updated-2017-activity/82765/ Operation Dusty Sky (ClearSky Security) https://www.clearskysec.com/dustysky/ Author @MalwareParty Targeting File Names  The list of file names (Palestine/Hamas) observed gives us an indication into the targeting/region of this threat actor. File Name Translated (Google) محضر اجتماع الرئيس عباس مع وفد المخابرات المصرية .exe  Minutes of the meeting