ioc[.]one - OSINT Cyber Threat Intelligence Database

Tags

country:	Vietnam U.S. Virgin Islands
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Steganography - T1001.002 Steganography - T1406.001 Steganography - T1027.003

Show in Graph

Common Information

Type	Value
UUID	578c906f-6280-415f-8377-4697c2662d4d
Fingerprint	2a46b87304e386b1
Analysis status	DONE
Considered CTI value	2
Text language
Published	April 19, 2019, midnight
Added to db	Sept. 11, 2022, 12:34 p.m.
Last updated	Nov. 20, 2024, 6:41 a.m.
Headline	"Funky malware format" found in Ocean Lotus sample
Title
Detected Hints/Tags/Attributes	46/3/17

Source URLs

	Redirection	Url
Details	Source	https://blog.malwarebytes.com/threat-analysis/2019/04/funky-malware-format-found-in-ocean-lotus-sample/

URL Provider

Details	Provider	Source level domain
Details	malwarebytes.com	blog.malwarebytes.com

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	1		png.eirahrlichmann.com
Details	Domain	1		engine.lanaurmi.com
Details	Domain	1		movies.onaldest.com
Details	Domain	1		images.andychroeder.com
Details	Domain	4140		github.com
Details	File	1		sporder.exe
Details	File	1		sporder.dll
Details	File	1		hp6000.dll
Details	File	30		c:\windows\system32\wscript.exe
Details	File	1		c:\users\tester\desktop\mod\sporder.vbs
Details	Github username	35		hasherezade
Details	md5	1		2e68afae82c1c299e886ab0b6b185658
Details	md5	1		b3f9a8adf0929b2a37db7b396d231110
Details	md5	1		67b8d21e79018f1ab1b31e1aba16d201
Details	sha1	1		49a2505d54c83a65bb4d716a27438ed8f065c709
Details	Threat Actor Identifier - APT	132		APT32
Details	Url	1		https://github.com/hasherezade/funky_malware_formats/tree/master/lotus_parser