[ /report/498 // public // by @Unknown ]

travel & tour operations industry threat landscape

Generated 2026-05-16 · 4 TTPs · 117 IOCs · 0 actors

report_id: #498

// 01Executive summary

The travel and tour operations industry is currently facing a surge in targeted cyber attacks, including DDoS disruptions, data breaches via misconfigured cloud storage, and sophisticated phishing campaigns exploiting employee credentials. Immediate attention is required for supply chain compromises through third-party vendors, often leveraging insecure applications. Organizations should prioritize blocking identified IOCs and implementing continuous threat intelligence and attack surface monitoring to detect early indicators of compromise and proactively mitigate these evolving threats.

// 02Key metrics

// ttps
4
ATT&CK techniques
// iocs
117
indicators
// actors
0
threat groups
// kwords
10
keywords

// 03MITRE ATT&CK

// 04Threat actors

// no actors matched

// 05Indicators of compromise

// ips23

  • 5.39.222.67
  • 5.255.99.59
  • 51.77.102.106
  • 108.62.118.136
  • 108.62.141.161
  • 146.70.104.249
  • 156.96.62.58
  • 157.154.194.6
  • 185.215.229.44
  • 185.215.229.45
  • 185.215.229.46
  • 185.215.229.47
  • 185.215.229.48
  • 5.199.168.24
  • 91.92.254.193
  • 5.199.168.233
  • 92.223.89.55
  • 185.195.59.218
  • 51.159.103.112
  • 45.32.141.168
  • 45.77.0.92
  • 99.25.84.9
  • 144.76.136.153

// domains16

  • pstools.chm
  • lockbit.info
  • lockbit.com
  • lockbit.org
  • inc-readme.html
  • encryptor.pdb
  • hacktool.win32.procterminator
  • hacktool.ps1.veeamcreds
  • sipzeoduruz3xwqd.onion
  • resources.docusong.com
  • fisa99.screenconnect.com
  • pcrendal.com
  • screenconnect.com
  • lynxblog.net
  • linkedinsso.com
  • mgmresorts-okta.com

// urls8

  • https://temp.sh/AErDa/LockBit_6341D6E5844C8289.exe
  • https://blog.netwrix.com/mgm-cyber-attack
  • https://apnews.com/article/japan-jal-cyberattack-flights-travel-04fbd4848f3015a77057339a5
  • https://apnews.com/article/seattle-airport-cyberattack-ransomware-rhysida-95cd980a9f451
  • https://www.voyageursdumonde.fr/voyage-sur-mesure/Img/institutionnel/info-fi/data/2023/P
  • https://www.skynews.com.au/australia-news/australian-travel-agency-hit-by-data-breach-le
  • https://icsstrive.com/incident/aerticket-suffers-cyberattack-causing-technical-failures/
  • https://cyberint.com

// sha2562

  • 292c2717ed5863497f34ad0715455191e4a567f24ff78870b517c2922dcd58e9
  • f3a1576837ed56bcf79ff486aadf36e78d624853e9409ec1823a6f46fd0143ea

// md563

  • 078163d5c16f64caa5a14784323fd514
  • 51b8c831c73396b967b4e35e6879937b
  • a48ac157609888471bf8578fb8b2aef6
  • b0068f7e0742fccf2e0e288b0b2cfdfb
  • 951b1b5fd5cb13cde159cebc7c604655
  • 87e2061363d1d8847ab78b6c4fba7501
  • fdadb6e15c52c41a31e3c22659dd490d
  • 5b616e017d1b1aa6070008ce09ed27ea
  • d689cb1dbd2e4c06cd15e51a6871c406
  • c595790ddcdcd7dc8d0401c7183720ef
  • 554f523914cdbaed8b17527170502199
  • c185bd69a41c81102c50dbb0e5e5a78d
  • 7ba47558c99e18c2c6449be804b5e765
  • c48d3a70ceaa04c1e0fae67ff1d7178d
  • d3247f03dcd7b9335344ebba76a0b923
  • 70f32f1cb0e480c734da52db2bd8df60
  • ed05f5d462767b3986583188000143f0
  • eb24f7d89605523a28950e72e6b9039a
  • 5e55b4caf47a248a10abd009617684e9
  • 69dbe5c448d087ee8178262aaab68636
  • dcdb9bd39b6014434190a9949dedf633
  • 726fdb470e95cc47cdaa47c1964b969f
  • 355b4a82313074999bd8fa1332b1ed00
  • 034e63bd2a0d0367e2622f35d75cf140
  • 4226738489c2a67852d51dbf96574f33
  • e44e509bc265b950d495da79bb457400
  • 95a922e178075fb771066db4ab1bd70c
  • 7016f794709d514ab1c7f11500f016cd
  • a9ca77dfe03ce15004157727bb43ba66
  • f00ceb215362c9b3d199f000edaa8d61
  • 2813b6c07d17d25670163e0f66453b42
  • d2f157bf2e42007806ebc6bb9d114acc
  • 8e43d1ddbd5c129055528a93f1e3fab0
  • ecdf73a8a7ba9713dc4c3e216d7e5db4
  • 18a352d33c8c01b6a196adce176c5a96
  • 9661c01af31a41caef2ccd3b6be06e60
  • 3c9e550d41f3de930e678776a6e018ed
  • b354eaf3061b4099aecac523eb5466a3
  • 944153fb9692634d6c70899b83676575
  • 341d43d4d5c2e526cadd88ae8da70c1c
  • 34aac5719824e5f13b80d6fe23cbfa07
  • eea9ab1f36394769d65909f6ae81834b
  • 379bf8c60b091974f856f08475a03b04
  • ebca4398e949286cb7f7f6c68c28e838
  • c04c386b945ccc04627d1a885b500edf
  • 824d0e31fd08220a25c06baee1044818
  • 61804a029e9b1753d58a6bf0274c25a6
  • 83deea3b61b6a734e7e4a566dbb6bffa
  • 8738b8637a20fa65c6e64d84d1cfe570
  • c64300cf8bacc4e42e74715edf3f8c32
  • 87a780c9c0a38b0d9675d01e7e231f16
  • 3670dd4663adca40f168f3450fa9e7e8
  • 4bc1a612d78830004020b73bd40fcd71
  • bbfe7289de6ab1f374d0bcbeecf31cad
  • 2333b0928ea883ca13b9e733b58e27b1
  • 5d1df950b238825a36fa6204d1a2935a
  • 5fbcfe2a5991a7fc69c74f476df67905
  • bd9edc3bf3d45e3cdf5236e8f8cd57a9
  • 5ca3b41f61e4cd5c6c0404a83519058e
  • 3dd0f674526f30729bced4271e6b7eb0
  • d6d442e8b3b0aef856ac86391e4a57bc
  • 430bd437162d4c60227288fa6a82cde8
  • 1376ac8b5a126bb163423948bd1c7f86

// emails3

  • rhysidaeverywhere@onionmail.org
  • rhysidaofficial@onionmail.org
  • support@lockbit.pro

// cves0

none

// 06Geographic coverage

// 07YARA rule

// Failed to generate YARA rule

// 08Keywords

{'keyword': 'threat', 'score': 23.9243} {'keyword': 'travel', 'score': 22.8069} {'keyword': 'file', 'score': 22.5957} {'keyword': 'data', 'score': 22.0616} {'keyword': 'exe', 'score': 19.0082} {'keyword': 'lockbit', 'score': 17.6902} {'keyword': 'ip', 'score': 17.0361} {'keyword': 'address', 'score': 16.9532} {'keyword': 'operations', 'score': 16.2619} {'keyword': 'hash', 'score': 16.0312}

// 09Attack chain

// 10Technical mitigations

// 12Export

// format: // sign in to export ./sign_in