Campaigns

OceanLotus’ new Downloader, KerrDown

OceanLotus’ new Downloader, KerrDown OceanLotus, also commonly referred to as APT32 is one of the most sophisticated threat actors originating out of south east Asia. PaloAlto Networks’ Unit42 have been tracking its use of a new downloader. Unit42 says: “While OceanLotus’ targets are global, their operations are mostly active within the APAC region which encompasses targeting private sectors …

OceanLotus’ new Downloader, KerrDown Read More »

Kuwait Oil Themed Malware Targeting Industry

A weaponized excel spreadsheet named “Kuwait oil Company Business Profile.xlsx” using “CVE-2016-7262” vulnerability has been identified by MalCrawler. Identified indicators are shown below: FileHash-MD5           7734b4f3fab4cb3c9edf5e185bebeacd 2FileHash-SHA256     b3e260db478ed2512ee7012054da262bc50df68f96f0e8156826bb87c354c12b 2FileHash-SHA1         bd9321fbf0e2e4e327b2a1d36566de96c6d0fa35 3CVE                            CVE-2016-7262 3FileHash-MD5          f1a3483db13c90412590765829441aa5 3FileHash-SHA256   fc0eb025d2c4ad4eb9a67cd43d82729d413f2b03234c301a9e0ae1cabad725da 3URL                           hxxp://199.192.22.207/~kockw/uploads/file1.xn--ps1\-jb7a 1URL                           hxxp://199.192.22.207/~kockw/uploads/mcafee1.exe 1domain                    kockw.us 1hostname               pdpaso.omnirat.cf Read the full article here.