← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
DragonOK Backdoor Malware Deployed Against Japanese Targets
WHITE AlienVault 2015-04-20 Modified: 2017-08-24
21
IOCs
MEDIUM VOLUME
This campaign involved five separate phishing attacks, each carrying a different variant of Sysget malware, also known as HelloBridge. The malware was included as an attachment intended to trick the user into opening the malware. This included altering the icon of the executable to appear as other file types as well as decoy documents to trick users into thinking they had opened a legitimate file.
sysgetpoisonivyratpythonDragonOKFormerFirstRATmicrosoft wordjapanNFlognewctHelloBridgeplugx
Indicators of Compromise (21)
All FileHash-SHA256 domain URL hostname FileHash-MD5
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 227de988efdcf886bc0be7dc3df9f51a727664593de47352df31757853e42968 2017-08-24
FileHash-SHA256 64cbcb1f5b8a9d98b3543e3bf342e8c799e0f74f582a5eb0dc383abac7692f63 2017-08-24
FileHash-SHA256 287e29ca7b2177fdaa561a96284726ada636dbbdaadfdbeadf88164e625ed88e 2017-08-24
FileHash-SHA256 e68b70eaaf45fa43e726a29ce956f0e6ea26ece51165a1989e22597aebba244f 2017-08-24
FileHash-SHA256 35784ec1968d322092cb6826f7795f65eeb0b8365ac8c7d8756851c92acf31ae 2017-08-24
FileHash-SHA256 70ac649d31db748c4396a9a3f7a9c619c8d09e6400492ab3447520fb726083c4 2017-08-24
FileHash-SHA256 0b97ced3fabb14dbffa641d9bd1cc9dd8c97eab9cb6160d43202ee078e017989 2017-08-24
FileHash-SHA256 6e95215a52e1cbf4a58cb24c91750151170ea3d59fa9dbfe566e33a2ffc04f4c 2017-08-24
domain biosnews.info 2017-08-24
URL http://bbs.reweblink.com/index.html 2017-08-24
URL http://https.reweblink.com:443 2017-08-24
hostname bbs.reweblink.com 2017-08-24
hostname new.hotpmsn.com 2017-08-24
hostname bbs.jpaols.com 2017-08-24
hostname https.reweblink.com 2017-08-24
hostname http.tourecord.com 2017-08-24
FileHash-MD5 fc1a8359e0f4cb8d60920dc066b8b21c 2017-08-24
FileHash-MD5 01234567890123456789012345678901 2017-08-24
FileHash-MD5 aa8ac5ed26b9bf4f8d3bd1b2dcaa82f6 2017-08-24
FileHash-MD5 07660815420f6d5b2dcc0f63434a6c60 2017-08-24
FileHash-MD5 4890c2d546fa48a536b75b48b17de023 2017-08-24