OceanLotus: New watering hole attack in Southeast Asia | WeLiveSecurity
Tags
| country: | Cambodia Vietnam U.S. Virgin Islands |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Domains - T1583.001 Domains - T1584.001 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 |
Common Information
| Type | Value |
|---|---|
| UUID | adbb11d9-28cd-4cd6-ad5b-a20dae9e04dc |
| Fingerprint | a6258091080953e4 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Nov. 20, 2018, 2:56 p.m. |
| Added to db | Sept. 11, 2022, 12:45 p.m. |
| Last updated | Nov. 17, 2024, 6:54 p.m. |
| Headline | OceanLotus: New watering hole attack in Southeast Asia |
| Title | OceanLotus: New watering hole attack in Southeast Asia | WeLiveSecurity |
| Detected Hints/Tags/Attributes | 67/3/151 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | baotgm.net |
|
| Details | Domain | 1 | cnrp7.org |
|
| Details | Domain | 1 | conggiaovietnam.net |
|
| Details | Domain | 1 | daichungvienvinhthanh.com |
|
| Details | Domain | 1 | danchimviet.info |
|
| Details | Domain | 1 | danviet.vn |
|
| Details | Domain | 1 | danviethouston.com |
|
| Details | Domain | 1 | fvpoc.org |
|
| Details | Domain | 1 | gardencityclub.com |
|
| Details | Domain | 1 | lienketqnhn.org |
|
| Details | Domain | 2 | mfaic.gov |
|
| Details | Domain | 4 | mod.gov |
|
| Details | Domain | 1 | mtgvinh.net |
|
| Details | Domain | 1 | nguoitieudung.com.vn |
|
| Details | Domain | 1 | phnompenhpost.com |
|
| Details | Domain | 1 | raovatcalitoday.com |
|
| Details | Domain | 1 | thongtinchongphandong.com |
|
| Details | Domain | 2 | tinkhongle.com |
|
| Details | Domain | 1 | toithichdoc.blogspot.com |
|
| Details | Domain | 1 | trieudaiviet.com |
|
| Details | Domain | 1 | triviet.news |
|
| Details | Domain | 2 | www.mfaic.gov |
|
| Details | Domain | 2 | weblink.selfip.info |
|
| Details | Domain | 4 | window.firebug.chrome |
|
| Details | Domain | 1 | tcog.thruhere.net |
|
| Details | Domain | 1 | cdn-ampproject.com |
|
| Details | Domain | 1 | cdn.ampproject.com |
|
| Details | Domain | 2 | getbootstrap.com |
|
| Details | Domain | 1 | sskimresources.com |
|
| Details | Domain | 2 | skimresources.com |
|
| Details | Domain | 1 | widgets-wp.com |
|
| Details | Domain | 1 | widgets.wp.com |
|
| Details | Domain | 114 | eset.com |
|
| Details | Domain | 262 | www.welivesecurity.com |
|
| Details | Domain | 184 | www.fireeye.com |
|
| Details | Domain | 20 | blogs.360.cn |
|
| Details | Domain | 1 | arabica.podzone.net |
|
| Details | Domain | 1 | 10cm.mypets.ws |
|
| Details | Domain | 1 | utagscript.com |
|
| Details | Domain | 1 | optnmstri.com |
|
| Details | Domain | 1 | lcontacts.servebbs.net |
|
| Details | Domain | 1 | imgincapsula.com |
|
| Details | Domain | 1 | secure-imrworldwide.com |
|
| Details | Domain | 1 | wfpscripts.homeunix.com |
|
| Details | Domain | 1 | cdnscr.thruhere.net |
|
| Details | Domain | 1 | io.blogsite.org |
|
| Details | Domain | 1 | your-ip.getmyip.com |
|
| Details | Domain | 1 | gui.dnsdojo.net |
|
| Details | Domain | 1 | cdnazure.com |
|
| Details | Domain | 1 | figbc.knowsitall.info |
|
| Details | Domain | 1 | ichefbcci.is-a-chef.com |
|
| Details | Domain | 1 | tips-renew.webhop.info |
|
| Details | Domain | 1 | cyhire.cechire.com |
|
| Details | Domain | 1 | s0-2mdn.net |
|
| Details | Domain | 1 | p-typekit.com |
|
| Details | Domain | 1 | static.tagscdn.com |
|
| Details | Domain | 1 | pagefairjs.com |
|
| Details | Domain | 1 | metacachecdn.com |
|
| Details | Domain | 1 | bootstraplink.com |
|
| Details | Domain | 1 | s-adroll.com |
|
| Details | Domain | 1 | player-cnevids.com |
|
| Details | Domain | 1 | tiwimg.com |
|
| Details | Domain | 1 | tiqqcdn.com |
|
| Details | Domain | 1 | cdn-tynt.com |
|
| Details | Domain | 1 | lb-web-stat.com |
|
| Details | Domain | 1 | benchtag2.com |
|
| Details | Domain | 1 | cdn1.shacknet.us |
|
| Details | Domain | 1 | scdn-cxense.com |
|
| Details | Domain | 1 | assets-cdn.blogdns.net |
|
| Details | Domain | 1 | cart.gotdns.com |
|
| Details | Domain | 1 | html5.endofinternet.net |
|
| Details | Domain | 1 | effecto-azureedge.net |
|
| Details | Domain | 1 | ds-aksb-a.likescandy.com |
|
| Details | Domain | 1 | labs-apnic.net |
|
| Details | Domain | 1 | pixel1.dnsalias.net |
|
| Details | Domain | 1 | ad-appier.com |
|
| Details | Domain | 1 | trc.webhop.net |
|
| Details | Domain | 1 | static-addtoany.com |
|
| Details | Domain | 1 | nav.neat-url.com |
|
| Details | Domain | 1 | straits-times.is-an-actor.com |
|
| Details | 69 | threatintel@eset.com |
||
| Details | File | 218 | min.js |
|
| Details | File | 11 | cdn.js |
|
| Details | File | 1 | visitoridentification.js |
|
| Details | File | 4 | eset_oceanlotus.pdf |
|
| Details | File | 6 | cyber-espionage-apt32.html |
|
| Details | File | 1 | oceanlotus-apt.html |
|
| Details | md5 | 1 | a612cdb028e1571dcab18e4aa316da26 |
|
| Details | sha1 | 1 | 2194271c7991d60ae82436129d7f25c0a689050a |
|
| Details | sha1 | 1 | 996d0ac930d2cdb16ef96edc27d9d1afc2d89ca8 |
|
| Details | sha256 | 1 | 1eda0de280713470878c399d3fb6c331ba0fadd0bd9802ed98ae06218a17f3f7 |
|
| Details | sha256 | 1 | 8b824be52de7a8723124bad5a45664c574d6e905f300c35719f1e6988887bd62 |
|
| Details | IPv4 | 1 | 178.128.103.24 |
|
| Details | IPv4 | 1 | 178.128.100.189 |
|
| Details | IPv4 | 1 | 206.189.88.50 |
|
| Details | IPv4 | 1 | 159.65.134.146 |
|
| Details | IPv4 | 1 | 178.128.219.207 |
|
| Details | IPv4 | 1 | 209.97.164.158 |
|
| Details | IPv4 | 1 | 178.128.90.102 |
|
| Details | IPv4 | 1 | 178.128.90.109 |
|
| Details | IPv4 | 1 | 178.128.223.102 |
|
| Details | IPv4 | 1 | 178.128.24.201 |
|
| Details | IPv4 | 1 | 178.128.98.139 |
|
| Details | IPv4 | 1 | 178.128.98.89 |
|
| Details | IPv4 | 1 | 178.128.103.74 |
|
| Details | IPv4 | 1 | 178.128.28.93 |
|
| Details | IPv4 | 1 | 209.97.164.96 |
|
| Details | IPv4 | 1 | 178.128.103.207 |
|
| Details | IPv4 | 1 | 206.189.85.162 |
|
| Details | IPv4 | 1 | 159.65.7.45 |
|
| Details | IPv4 | 1 | 178.128.103.79 |
|
| Details | IPv4 | 1 | 178.128.103.202 |
|
| Details | IPv4 | 1 | 178.128.107.83 |
|
| Details | IPv4 | 1 | 104.248.144.178 |
|
| Details | IPv4 | 1 | 104.248.144.136 |
|
| Details | IPv4 | 1 | 206.189.95.214 |
|
| Details | IPv4 | 1 | 159.65.137.109 |
|
| Details | IPv4 | 1 | 178.128.209.153 |
|
| Details | IPv4 | 1 | 159.65.129.241 |
|
| Details | IPv4 | 1 | 128.199.159.127 |
|
| Details | IPv4 | 1 | 128.199.159.60 |
|
| Details | IPv4 | 1 | 206.189.89.121 |
|
| Details | IPv4 | 1 | 206.189.47.116 |
|
| Details | IPv4 | 1 | 178.128.90.107 |
|
| Details | IPv4 | 1 | 142.93.75.192 |
|
| Details | IPv4 | 1 | 159.65.128.57 |
|
| Details | IPv4 | 1 | 178.128.90.108 |
|
| Details | IPv4 | 1 | 142.93.127.120 |
|
| Details | IPv4 | 1 | 142.93.75.161 |
|
| Details | IPv4 | 1 | 178.128.28.89 |
|
| Details | IPv4 | 1 | 206.189.145.242 |
|
| Details | IPv4 | 1 | 178.128.90.182 |
|
| Details | IPv4 | 1 | 142.93.71.92 |
|
| Details | IPv4 | 1 | 159.65.137.144 |
|
| Details | IPv4 | 1 | 178.128.90.138 |
|
| Details | IPv4 | 1 | 142.93.116.157 |
|
| Details | IPv4 | 1 | 178.128.90.66 |
|
| Details | IPv4 | 1 | 178.128.90.223 |
|
| Details | IPv4 | 1 | 142.93.75.172 |
|
| Details | IPv4 | 1 | 178.128.103.205 |
|
| Details | IPv4 | 1 | 178.128.107.24 |
|
| Details | Threat Actor Identifier - APT-C | 44 | APT-C-00 |
|
| Details | Threat Actor Identifier - APT | 132 | APT32 |
|
| Details | Url | 1 | https://www.mfaic.gov.kh/wp-content/themes/ministry-of-foreign-affair/slick/slick.min.js |
|
| Details | Url | 1 | https://weblink.selfip.info/images/cdn.js?from=maxcdn |
|
| Details | Url | 1 | https://www.mfaic.gov.kh |
|
| Details | Url | 1 | https://www.mfaic.gov.kh/foreign-ngos |
|
| Details | Url | 2 | https://www.welivesecurity.com/wp-content/uploads/2018/03/eset_oceanlotus.pdf |
|
| Details | Url | 6 | https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html |
|
| Details | Url | 1 | http://blogs.360.cn/post/oceanlotus-apt.html |
|
| Details | Url | 1 | https://www.volexity.com/blog/2017/11/06/oceanlotus-blossoms-mass-digital-surveillance-and-exploitation-of-asean-nations-the-media-human-rights-and-civil-society/. |