ioc[.]one - OSINT Cyber Threat Intelligence Database

PHOREAL Malware Targets the Southeast Asian Financial Sector — Elastic Security Labs

Tags

country:	Canada Hong Kong Vietnam U.S. Virgin Islands
attack-pattern:	Data Model Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Connection Proxy - T1090 Control Panel Items - T1196

Show in Graph

Common Information

Type	Value
UUID	d2817f42-3489-4897-842d-c5b91b63677d
Fingerprint	753e84f73ef4a690
Analysis status	DONE
Considered CTI value	2
Text language
Published	March 2, 2023, midnight
Added to db	Nov. 20, 2023, 1:02 a.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	PHOREAL Malware Targets the Southeast Asian Financial Sector
Title	PHOREAL Malware Targets the Southeast Asian Financial Sector — Elastic Security Labs
Detected Hints/Tags/Attributes	75/2/35

Source URLs

	Redirection	Url
Details	Source	https://www.elastic.co/security-labs/phoreal-malware-targets-the-southeast-asian-financial-sector

URL Provider

Details	Provider	Source level domain
Details	elastic.co	www.elastic.co

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	306	✔	Elastic Security Labs	https://www.elastic.co/security-labs/rss/feed.xml	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Autonomous System Number	1	AS133752
Details	Domain	1	thelivemusicgroup.com
Details	Domain	3	oneprovider.com
Details	Domain	123	ipinfo.io
Details	Domain	6	leaseweb.com
Details	Domain	1	cdn-api-cn-1.com
Details	Domain	182	www.mandiant.com
Details	Domain	98	www.secureworks.com
Details	Domain	360	attack.mitre.org
Details	Email	1	info@oneprovider.com
Details	File	55	control.exe
Details	File	1	c:\\windows\\syswow64\\tscon32.dll
Details	File	1	tscon32.dll
Details	File	59	netapi32.dll
Details	File	1	c:\\windows\\syswow64\\control.exe
Details	File	18	mobsync.exe
Details	File	1	c:\windows\syswow64\tscon32.dll
Details	File	3	spyratsofoceanlotusmalwarewhitepaper.pdf
Details	Github username	3	cybermonitor
Details	md5	1	2b6da20e4fc1af2c5dd5c6f6191936d1
Details	sha1	1	007970b7a42852b55379ef4cffa4475865c69d48
Details	sha256	1	ec5d5e18804e5d8118c459f5b6f3ca96047d629a50d1a0571dee0ac8d5a4ce33
Details	sha256	1	8bff558bece8e6430000e8db43000050e8bb43000085c0751fff7508e8c94300
Details	sha256	1	8bff558bec56e83f3e0000e8343e000050e8143e000085c0752a8b750856e821
Details	sha256	1	88f073552b30462a00d1d612b1638b0508e4ef02c15cf46203998091f0aef4de
Details	IPv4	1	103.75.117.250
Details	IPv4	1	103.75.117.0
Details	Threat Actor Identifier - APT-C	44	APT-C-00
Details	Threat Actor Identifier - APT	132	APT32
Details	Url	9	https://ipinfo.io
Details	Url	1	https://github.com/cybermonitor/apt_cybercriminal_campagin_collections/blob/master/2018/2018.10.17.oceanlotus_spyrats/spyratsofoceanlotusmalwarewhitepaper.pdf
Details	Url	2	https://www.mandiant.com/resources/cyber-espionage-apt32
Details	Url	1	https://www.secureworks.com/research/threat-profiles/tin-woodlawn
Details	Url	1	https://attack.mitre.org/software/s0158
Details	Url	5	https://attack.mitre.org/groups/g0050