Operation Cobalt Kitty: A large-scale APT in Asia carried out by the OceanLotus Group
Tags
attack-pattern: Data Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Dns Server - T1583.002 Dns Server - T1584.002 Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Software - T1592.002 Visual Basic - T1059.005 Tool - T1588.002 Credential Dumping - T1003 Powershell - T1086 Scheduled Task - T1053
Show in Graph
Common Information
Type Value
UUID d10541c9-88bc-4baa-bc25-50c6248906e1
Fingerprint a4013dd8c930fca9
Analysis status DONE
Considered CTI value 2
Text language
Published May 24, 2017, midnight
Added to db Sept. 26, 2022, 9:33 a.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline Operation Cobalt Kitty: A large-scale APT in Asia carried out by the OceanLotus Group
Title Operation Cobalt Kitty: A large-scale APT in Asia carried out by the OceanLotus Group
Detected Hints/Tags/Attributes 82/1/13
Source URLs
Redirection Url
Details Source https://www.cybereason.com/labs-operation-cobalt-kitty-a-large-scale-apt-in-asia-carried-out-by-the-oceanlotus-group/
Details Source https://www.cybereason.com/blog/operation-cobalt-kitty-apt
URL Provider
Details Provider Source level domain
Details cybereason.com www.cybereason.com
Attributes
Details Type #Events CTI Value
Details File 27 
searchindexer.exe
Details File 1 
searchprotoclhost.exe
Details File 12 
msfte.dll
Details File 28 
goopdate.dll
Details File 1 
product_info.dll
Details sha1 1 
638b7b0536217c8923e856f4138d9caff7eb309d
Details sha1 1 
d30e8c7543adbc801d675068530b57d75cabb13f
Details sha1 1 
973b1ca8661be6651114edf29b10b31db4e218f7
Details sha1 1 
691686839681adb345728806889925dc4eddb74e
Details sha1 1 
3cf4b44c9470fb5bd0c16996c4b2a338502a7517
Details IPv4 295 
8.8.8.8
Details Threat Actor Identifier - APT-C 44 
APT-C-00
Details Threat Actor Identifier - APT 132 
APT32