← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Cmstar Downloader: Lurid and Enfal's New Cousin
WHITE AlienVault 2015-05-18 Modified: 2017-07-24
85
IOCs
HIGH VOLUME
In recent weeks, Unit 42 has been analyzing delivery documents used in spear-phishing attacks that drop a custom downloader used in cyber espionage attacks. This specific downloader, Cmstar, is associated with the Lurid downloader also known as ‘Enfal’. Cmstar was named for the log message ‘CM**’ used by the downloader.
cmstartrojanaptMNKitTran Duy Linhluridenfalpaloalto
Indicators of Compromise (15 / 85 total)
All FileHash-SHA256 domain URL hostname FileHash-MD5 CVE email Mutex YARA FileHash-SHA1
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 9da10a36daf845367e0fc2f3e7e54336 2015-05-18
FileHash-MD5 94499ff857451ab7ef8823bf067189e7 2015-05-18
FileHash-MD5 46bf922d9ae07a9bc3667a374605bdbb 2015-05-18
FileHash-MD5 c5ae7bd6aec1e01aa53edcf41962ac04 2015-05-18
FileHash-MD5 3fff0bf6847d0d056636caef9c3056c3 2015-05-18
FileHash-MD5 e0417547ba54b58bb2c8f795bca0345c 2015-05-18
FileHash-MD5 783a423f5e285269126d0d98f53c795b 2015-05-18
FileHash-MD5 510b3272342765743a202373261c08da 2015-05-18
FileHash-MD5 f7d47e1de4f5f4ad530bca0fc080ea53 2015-05-18
FileHash-MD5 d05f012c9c1a7fb669a07070be821072 2015-05-18
FileHash-MD5 76ffb9c2d8d0ae46e8ea792ffacc8018 2015-05-18
FileHash-MD5 3d41e3c902502c8b0ea30f5947307d56 2015-05-18
FileHash-MD5 5aeb8a5aa8f6e2408016cbd13b3dfaf0 2015-05-18
FileHash-MD5 6fdeadacfe1dafd2293ce5c4e178b668 2015-05-18
FileHash-MD5 30a6c3c7723fe14c4b6960fa3e4e57ba 2015-05-18
References (1)
↗ http://researchcenter.paloaltonetworks.com/2015/05/cmstar-downloader-lurid-and-enfals-new-cousin/