ioc[.]one - OSINT Cyber Threat Intelligence Database

menuPass Returns with New Malware and New Attacks Against Japanese Academics and Organizations

Tags

country:	China Italy Japan
attack-pattern:	Data Digital Certificates - T1596.003 Digital Certificates - T1587.003 Digital Certificates - T1588.004 Domains - T1583.001 Domains - T1584.001 Email Addresses - T1589.002 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Tool - T1588.002

Show in Graph

Common Information

Type	Value
UUID	9841cc1c-e0ae-4c38-b40c-dcefd80fa99c
Fingerprint	d51099d3482a84c3
Analysis status	DONE
Considered CTI value	2
Text language
Published	Feb. 16, 2017, 9 a.m.
Added to db	Sept. 26, 2022, 9:33 a.m.
Last updated	Nov. 14, 2024, 10:56 p.m.
Headline	menuPass Returns with New Malware and New Attacks Against Japanese Academics and Organizations
Title	menuPass Returns with New Malware and New Attacks Against Japanese Academics and Organizations
Detected Hints/Tags/Attributes	79/2/72

Source URLs

	Redirection	Url
Details	Source	http://researchcenter.paloaltonetworks.com/2017/02/unit42-menupass-returns-new-malware-new-attacks-japanese-academics-organizations/
Details	Source	https://unit42.paloaltonetworks.com/unit42-menupass-returns-new-malware-new-attacks-japanese-academics-organizations/

URL Provider

Details	Provider	Source level domain
Details	paloaltonetworks.com	unit42.paloaltonetworks.com
Details	paloaltonetworks.com	researchcenter.paloaltonetworks.com

Attributes

Details	Type	#Events	Value
Details	Domain	1	apple.cmdnetview.com
Details	Domain	2	fbi.sexxxy.biz
Details	Domain	1	cvnx.zyns.com
Details	Domain	1	cia.toh.info
Details	Domain	1	2014.zzux.com
Details	Domain	1	iphone.vizvaz.com
Details	Domain	1	wchildress.com
Details	Domain	1	lion.wchildress.com
Details	Domain	4	kawasaki.unhamj.com
Details	Domain	3	sakai.unhamj.com
Details	Domain	3	kawasaki.cloud-maste.com
Details	Domain	2	fukuoka.cloud-maste.com
Details	Domain	1	yahoo.incloud-go.com
Details	Domain	1	msn.incloud-go.com
Details	Domain	1	www.mseupdate.ourhobby.com
Details	Domain	1	contractus.qpoe.com
Details	Domain	4	dick.ccfchrist.com
Details	Domain	4	trout.belowto.com
Details	Domain	4	zebra.wthelpdesk.com
Details	Domain	4	area.wthelpdesk.com
Details	Domain	4	scorpion.poulsenv.com
Details	Domain	2	nttdata.otzo.com
Details	Domain	1	app.lehigtapp.com
Details	Domain	1	jimin.jimindaddy.com
Details	Domain	1	jepsen.r3u8.com
Details	Domain	1	inspgon.re26.com
Details	Domain	1	nunluck.re26.com
Details	File	50	hashlib.md5
Details	md5	1	bb269704ba8647da97377440d403ae4d
Details	md5	1	c0c8dcc9dad39da8278bf8956e30a3fc
Details	md5	1	7fc27808b331106210b6364c326569fd
Details	sha1	1	009b639441ad5c1260f55afde2d5d21fc5b4f96c
Details	sha256	1	6605b27e95f5c3c8012e4a75d1861786fb749b9a712a5f4871adbad81addb59e
Details	sha256	2	5961861d2b9f50d05055814e6bfd1c6291b30719f8a4d02d4cf80c2e87753fa1
Details	sha256	2	e90064884190b14a6621c18d1f9719a37b9e5f98506e28ff0636438e3282098b
Details	sha256	2	ae6b45a92384f6e43672e617c53a44225e2944d66c1ffb074694526386074145
Details	sha256	1	fd6a956a7708708cddff78c8505c7db73d7c4e961da8a3c00cc5a51171a92b7b
Details	sha256	2	2c71eb5c781daa43047fa6e3d85d51a061aa1dfa41feb338e0d4139a6dfd6910
Details	sha256	2	316e89d866d5c710530c2103f183d86c31e9a90d55e2ebc2dda94f112f3bdb6d
Details	sha256	2	efa0b414a831cbf724d1c67808b7483dec22a981ae670947793d114048f88057
Details	sha256	1	fadf362a52dcf884f0d41ce3df9eaa9bb30227afda50c0e0657c096baff501f0
Details	sha256	2	2965c1b6ab9d1601752cb4aa26d64a444b0a535b1a190a70d5ce935be3f91699
Details	sha256	2	e88f5bf4be37e0dc90ba1a06a2d47faaeea9047fec07c17c2a76f9f7ab98acf0
Details	sha256	2	d26dae0d8e5c23ec35e8b9cf126cded45b8096fc07560ad1c06585357921eeed
Details	sha256	2	e6ecb146f469d243945ad8a5451ba1129c5b190f7d50c64580dbad4b8246f88e
Details	sha256	1	4521a74337a8b454f9b80c7d9e57b4c9580567f84e513d9a3ce763275c55e691
Details	sha256	2	bc2f07066c624663b0a6f71cb965009d4d9b480213de51809cdc454ca55f1a91
Details	sha256	1	c21eaadf9ffc62ca4673e27e06c16447f103c0cf7acd8db6ac5c8bd17805e39d
Details	sha256	1	f251485a62e104dfd8629dc4d2dfd572ebd0ab554602d682a28682876a47e773
Details	sha256	1	b20ce00a6864225f05de6407fac80ddb83cd0aec00ada438c1e354cdd0d7d5df
Details	sha256	1	c6b8ed157eed54958da73716f8db253ba5124a0e4b649f08de060c4aa6531afc
Details	sha256	2	9a6692690c03ec33c758cb5648be1ed886ff039e6b72f1c43b23fbd9c342ce8c
Details	sha256	2	cb0c8681a407a76f8c0fd2512197aafad8120aa62e5c871c29d1fd2a102bc628
Details	sha256	1	4cc0adf4baa1e3932d74282affb1a137b30820934ad4f80daceec712ba2bbe14
Details	sha256	2	312dc69dd6ea16842d6e58cd7fd98ba4d28eefeb4fd4c4d198fac4eee76f93c3
Details	sha256	2	45d804f35266b26bf63e3d616715fc593931e33aa07feba5ad6875609692efa2
Details	sha256	2	19aa5019f3c00211182b2a80dd9675721dac7cfb31d174436d3b8ec9f97d898b
Details	sha256	1	f1ca9998ca9078c27a6dab286dfe25fcdfb1ad734cc2af390bdcb97da1214563
Details	sha256	1	6392e0701a77ea25354b1f40f5b867a35c0142abde785a66b83c9c8d2c14c0c3
Details	sha256	1	6c7e85e426999579dd6a540fcd827b644a79cda0ad50211d585a0be513571586
Details	sha256	1	9f01dd2b19a1032e848619428dd46bfeb6772be2e78b33723d2fa076f1320c57
Details	sha256	1	76721d08b83aae945aa00fe69319f896b92c456def4df5b203357cf443074c03
Details	sha256	1	dcff19fc193f1ba63c5dc6f91f00070e6912dcec3868e889fed37102698b554b
Details	sha256	1	7eeaa97d346bc3f8090e5b742f42e8900127703420295279ac7e04d06ebe0a04
Details	sha256	1	a6b6c66735e5e26002202b9d263bf8c97e278f6969c141853857000c8d242d24
Details	sha256	1	5412cddde0a2f2d78ec9de0f9a02ac2b22882543c9f15724ebe14b3a0bf8cbda
Details	sha256	1	92dbbe0eff3fe0082c3485b99e6a949d9c3747afa493a0a1e336829a7c1faafb
Details	sha256	1	f0002b912135bcee83f901715002514fdc89b5b8ed7585e07e482331e4a56c06
Details	sha256	1	412120355d9ac8c37b5623eea86d82925ca837c4f8be4aa24475415838ecb356
Details	sha256	1	44a7bea8a08f4c2feb74c6a00ff1114ba251f3dc6922ea5ffab9e749c98cbdce
Details	sha256	1	9edf191c6ca1e4eddc40c33e2a2edf104ce8dfff37b2a8b57b8224312ff008fe
Details	Threat Actor Identifier - APT	278	APT10