New Python-Based Payload MechaFlounder Used by Chafer
Tags
country: Turkey
maec-delivery-vectors: Watering Hole
attack-pattern: Data Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Tool - T1588.002
Show in Graph
Common Information
Type Value
UUID c8554957-ff09-417d-a8a7-2d6da05c6ea6
Fingerprint f0810fd9613fa595
Analysis status DONE
Considered CTI value 2
Text language
Published March 4, 2019, 2 p.m.
Added to db Sept. 26, 2022, 9:32 a.m.
Last updated Nov. 17, 2024, 6:55 p.m.
Headline New Python-Based Payload MechaFlounder Used by Chafer
Title New Python-Based Payload MechaFlounder Used by Chafer
Detected Hints/Tags/Attributes 63/3/19
Source URLs
Redirection Url
Details Source https://unit42.paloaltonetworks.com/new-python-based-payload-mechaflounder-used-by-chafer/
URL Provider
Details Provider Source level domain
Details paloaltonetworks.com unit42.paloaltonetworks.com
Attributes
Details Type #Events CTI Value
Details Domain 1 
win10-update.com
Details Domain 1 
turkiyeburslari.tk
Details Domain 1 
turkiyeburslari.gov.tr
Details Domain 1 
autofocus.paloaltonetworks.com
Details Domain 8 
cyberthreatalliance.org
Details Domain 2 
win7-update.com
Details Domain 1 
xn--mgbfv9eh74d.com
Details Domain 1 
ytb.services
Details Domain 1 
eseses.tk
Details File 478 
lsass.exe
Details File 56 
update.php
Details File 1 
-sample.html
Details File 1 
rob--rob-virtual-machine-service.html
Details sha256 1 
0282b7705f13f9d9811b722f8d7ef8fef907bee2ef00bf8ec89df5e7d96d81ff
Details sha256 3 
1b2fee00d28782076178a63e669d2306c37ba0c417708d4dc1f751765c3f94e1
Details sha256 1 
332fab21cb0f2f50774fccf94fc7ae905a21b37fe66010dcef6b71c140bb7fa1
Details IPv4 1 
185.177.59.70
Details IPv4 1 
134.119.217.87
Details Url 1 
https://autofocus.paloaltonetworks.com/#/tag/unit42.mechaflounder