ioc[.]one - OSINT Cyber Threat Intelligence Database

New Malware with Ties to SunOrcal Discovered

Tags

country:	Bolivia Hong Kong Taiwan
attack-pattern:	Data Control Panel - T1218.002 Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Mmc - T1218.014 Python - T1059.006 Server - T1583.004 Server - T1584.004 Software - T1592.002 Modify Registry - T1112

Show in Graph

Common Information

Type	Value
UUID	39a1bd83-8a0b-4144-a264-2d2659bad8a3
Fingerprint	ad212b0ba9ff879b
Analysis status	DONE
Considered CTI value	2
Text language
Published	Nov. 10, 2017, 11 a.m.
Added to db	Sept. 26, 2022, 9:31 a.m.
Last updated	Nov. 18, 2024, 1:38 a.m.
Headline	New Malware with Ties to SunOrcal Discovered
Title	New Malware with Ties to SunOrcal Discovered
Detected Hints/Tags/Attributes	52/2/34

Source URLs

	Redirection	Url
Details	Source	https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-ties-to-sunorcal-discovered/
Details	Source	https://unit42.paloaltonetworks.com/unit42-new-malware-with-ties-to-sunorcal-discovered/

URL Provider

Details	Provider	Source level domain
Details	paloaltonetworks.com	unit42.paloaltonetworks.com
Details	paloaltonetworks.com	researchcenter.paloaltonetworks.com

Attributes

Details	Type	#Events	Value
Details	Domain	1	www.tashdqdxp.co
Details	Domain	2	www.fyoutside.com
Details	Domain	2	www.tashdqdxp.com
Details	Domain	2	www.weryhstui.com
Details	Domain	2	www.olinaodi.com
Details	File	55	control.exe
Details	File	1	%temp%\winhelp.dat
Details	File	86	ole32.dll
Details	File	69	shlwapi.dll
Details	File	146	wininet.dll
Details	File	2127	cmd.exe
Details	File	1	%sctr.dll
Details	File	1	uc.dat
Details	File	1	fjiow.tmp
Details	sha256	2	d560f44188fb56d3abb11d9508e1167329470de19b811163eb1167534722e666
Details	sha256	2	98eb5465c6330b9b49df2e7c9ad0b1164aa5b35423d9e80495a178eb510cdc1c
Details	sha256	2	05ddbd0506ec95fb460b3994e5b21cdb0418ba4aa406374ca1b91249349b7640
Details	sha256	2	18ac3b14300ecfeed4b64a844c16dccb06b0e3513d0954d6c6182f2ea14e4c92
Details	sha256	2	c0f8bb77284b96e07cab1c3fab8800b1bbd030720c74628c4ee5666694ef903d
Details	sha256	2	9213f70bce491991c4cbbbd7dc3e67d3a3d535b965d7064973b35c50f265e59b
Details	sha256	2	26c234c73e2c3448589c7d4a0cf17f615ad3666541a4e611e2d8b77637205bcf
Details	sha256	2	ae9f158e4886cfdbfb4f1b3b25707d05f6fd873d0be9d8e7334a2c28741228ee
Details	sha256	2	1fcda755e8fa23d27329e4bc0443a82e1c1e9a6c1691639db256a187365e4db1
Details	sha256	2	c906250e0a4c457663e37119ebe1efa1e4b97eef1d975f383ac3243f9f09908c
Details	sha256	2	1813f10bcf74beb582c824c64fff63cb150d178bef93af81d875ca84214307a1
Details	sha256	2	799139b5278dc2ac24279cc6c3db44f4ef0ea78ee7b721b0ace38fd8018c51ac
Details	sha256	2	81d887fefdbb0219647991c2b7bddf45c2fede4dc6fc18408f1706e0279615b2
Details	sha256	2	58312fb742ce881e040e1b5b8555f00a402b8dd4fc886acaae2f862040b3bfc5
Details	sha256	2	38ea33dab0ba2edd16ecd98cba161c550d1036b253c8666c4110d198948329fb
Details	sha256	2	cb7c0cf1750baaa11783e93369230ee666b9f3da7298e4d1bb9a07af6a439f2f
Details	IPv4	2	98.126.156.210
Details	IPv4	2	104.148.70.217
Details	Windows Registry Key	3	HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell
Details	Windows Registry Key	3	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell