← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Cmstar Downloader: Lurid and Enfal's New Cousin
WHITE AlienVault 2015-05-18 Modified: 2017-07-24
85
IOCs
HIGH VOLUME
In recent weeks, Unit 42 has been analyzing delivery documents used in spear-phishing attacks that drop a custom downloader used in cyber espionage attacks. This specific downloader, Cmstar, is associated with the Lurid downloader also known as ‘Enfal’. Cmstar was named for the log message ‘CM**’ used by the downloader.
cmstartrojanaptMNKitTran Duy Linhluridenfalpaloalto
Indicators of Compromise (1 / 85 total)
All FileHash-SHA256 domain URL hostname FileHash-MD5 CVE email Mutex YARA FileHash-SHA1
TYPEINDICATORDESCRIPTIONCREATED
Mutex {53A4988C-F91F-4054-9076-220AC5EC03F3} 2015-05-18
References (1)
↗ http://researchcenter.paloaltonetworks.com/2015/05/cmstar-downloader-lurid-and-enfals-new-cousin/