ioc[.]one - OSINT Cyber Threat Intelligence Database

Attack on French Diplomat Linked to Operation Lotus Blossom

Tags

country:	France Taiwan
attack-pattern:	Data Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Rundll32 - T1218.011 Software - T1592.002 Rundll32 - T1085 Scripting - T1064 Scripting

Show in Graph

Common Information

Type	Value
UUID	4af69620-caeb-4d75-8129-325bf32e416e
Fingerprint	14d39d598837b5bb
Analysis status	DONE
Considered CTI value	2
Text language
Published	Dec. 18, 2015, 7:10 a.m.
Added to db	Sept. 26, 2022, 9:33 a.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	Attack on French Diplomat Linked to Operation Lotus Blossom
Title	Attack on French Diplomat Linked to Operation Lotus Blossom
Detected Hints/Tags/Attributes	75/2/45

Source URLs

	Redirection	Url
Details	Source	http://researchcenter.paloaltonetworks.com/2015/12/attack-on-french-diplomat-linked-to-operation-lotus-blossom/
Details	Source	https://unit42.paloaltonetworks.com/attack-on-french-diplomat-linked-to-operation-lotus-blossom/

URL Provider

Details	Provider	Source level domain
Details	paloaltonetworks.com	unit42.paloaltonetworks.com
Details	paloaltonetworks.com	researchcenter.paloaltonetworks.com

Attributes

Details	Type	#Events	Value
Details	CVE	55	cve-2014-6332
Details	Domain	372	wscript.shell
Details	Domain	12	shell.run
Details	Domain	74	adodb.stream
Details	Domain	1	bstream.open
Details	Domain	2	ustar5.passas.us
Details	Domain	2	dnt5b.myfw.us
Details	Domain	4	showip.net
Details	Domain	2	appletree.onthenetas.com
Details	File	1	蔡英文柯建銘全國科技後援會邀請函.doc
Details	File	1	invitations.doc
Details	File	1	書面報名表格.doc
Details	File	10	form.doc
Details	File	380	notepad.exe
Details	File	2	ss.vbs
Details	File	1	objshell.reg
Details	File	2	mm.dll
Details	File	2	t.doc
Details	File	323	winword.exe
Details	File	2125	cmd.exe
Details	File	2	%appdata%\localdata\ishelp.dll
Details	File	2	%appdata%\localdata\a08e81b411.dat
Details	File	2	%appdata%\localdata\75bd50ec.dat
Details	File	2	%temp%\000a758c8feae5f.tmp
Details	File	1	ishelp.dll
Details	File	21	loader.dll
Details	File	1	a08e81b411.dat
Details	File	2	75bd50ec.dat
Details	File	2	ustar5.pas
Details	File	82	default.aspx
Details	File	1	-書面報名表格.doc
Details	File	1	-蔡英文柯建銘全國科技後援會邀請函.doc
Details	md5	1	06f1d2be5e981dee056c231d184db908
Details	md5	1	6278fc8c7bf14514353797b229d562e8
Details	md5	1	e9f51a4e835929e513c3f30299567abc
Details	md5	1	748feae269d561d80563eae551ef7bfd
Details	md5	1	9fd6f702763a9840bd1b3a898eb9c62d
Details	IPv4	2	203.124.14.229
Details	IPv4	1441	127.0.0.1
Details	Pdb	1	d:\lstudio\projects\worldclient\emissary\release\emissary\i386\emissary.pdb
Details	Pdb	1	d:\lstudio\projects\lotus\elise\release\elisedll\i386\elisedll.pdb
Details	Url	2	http://ustar5.passas.us/default.aspx
Details	Url	2	http://203.124.14.229/default.aspx
Details	Url	2	http://dnt5b.myfw.us/default.aspx
Details	Windows Registry Key	3	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell