← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Book of Eli: African targeted attacks
WHITE Eli AlienVault 2016-09-25 Modified: 2017-06-14
44
IOCs
MEDIUM VOLUME
This blog post describes details that we discovered during our analysis of malware that focuses on a specific country — Libya. The malware has existed since at least 2012, with threat actors using it for mass-spreading malware campaigns and for ongoing targeted attacks. Despite the lack of sophistication of the technical details of the malware and its mechanisms for spreading, the threat actors have demonstrated ability to compromise governmental websites successfully. This, combined with its focus on a specific region, makes this threat interesting from the malware researchers’ perspective.
libyatrojanspearphishingmiddle eastapteset
Indicators of Compromise (39 / 44 total)
All domain URL hostname FileHash-SHA1
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 e4e86a2f3542591cfbf1fd340b78710370085163 2016-09-25
FileHash-SHA1 1f8105d947203d405a7dd76ba32b20fcd8e20bf4 2016-09-25
FileHash-SHA1 11507252ac4bf28b57a538bfa85f9f7574256e6c 2016-09-25
FileHash-SHA1 554958eecdff4e9ac2325169ef8e3f23d4ad851f 2016-09-25
FileHash-SHA1 970ea2af3f6cb49b5d964107887ee48a24fc7912 2016-09-25
FileHash-SHA1 666766b1745232fe9b76aab3f7abfa222dd2aa0f 2016-09-25
FileHash-SHA1 2f1618b710856af3d0ac6c899393aceed8b9942d 2016-09-25
FileHash-SHA1 6357da647e21478af836e9051f5e54e0357a9a87 2016-09-25
FileHash-SHA1 5af6cf0d8bbec98818e12880ce9b98f184ed7c66 2016-09-25
FileHash-SHA1 1595c89c561f90adff6ed2e6f0402d14a31f2dfa 2016-09-25
FileHash-SHA1 447ad86417769aa19c8b07afb2b113039316814f 2016-09-25
FileHash-SHA1 3888dce3d1ca295b76248dba3609955d7375d749 2016-09-25
FileHash-SHA1 39ac510c9e2bb8f0ae4c9f2f653e66b58c975868 2016-09-25
FileHash-SHA1 95d38e48c5427e10707747585a3b852f1f7de08d 2016-09-25
FileHash-SHA1 309a9fb5fbdd30142f42994f95e7453f8834bdc1 2016-09-25
FileHash-SHA1 7af0ec7b2f0b6f298cda5bd22deab704d1db2009 2016-09-25
FileHash-SHA1 437a5ed4f2c2e55f4cfa2c55c32adf084ff634b4 2016-09-25
FileHash-SHA1 9b235ef9f2722ee26892e4287af28fd98f4a6e4c 2016-09-25
FileHash-SHA1 aef20ab97d1b4b3c12b4b1f866916722c68ed138 2016-09-25
FileHash-SHA1 6ba47f0d09bb202b4cc3fb5fec54022c3f2319b4 2016-09-25
FileHash-SHA1 924a1e1b355bea6575231b22bbff2d5f749bd7d3 2016-09-25
FileHash-SHA1 9846604f0dd2dd97646b348f2f0a2dd0d40e4b8a 2016-09-25
FileHash-SHA1 19f34b7a444998836a1c99cda3c9853502cf5212 2016-09-25
FileHash-SHA1 efd07af61b16c6fd55f64fcb785522c049a935cd 2016-09-25
FileHash-SHA1 e855f9428813e59d52bfb79e6f779452a77cbcbe 2016-09-25
FileHash-SHA1 999d51f3455b86e673586f77a19e5871bbaa1236 2016-09-25
FileHash-SHA1 3e512302ff688fb89d4973d60beb93ff642cd83c 2016-09-25
FileHash-SHA1 e1d1b3ad6a2987affca57fdc170bf9ddb54a1d2f 2016-09-25
FileHash-SHA1 9016597de1917d78441a3ff72db5a3848fa7a771 2016-09-25
FileHash-SHA1 59092a314a87370baf0a06f679771e7d8477104a 2016-09-25
FileHash-SHA1 e93f6bb3a56a5384f79beba1f4642e1b1c1c21a2 2016-09-25
FileHash-SHA1 4a0dc693e87613d869332eb890e0f533af404d25 2016-09-25
FileHash-SHA1 685e7408bea30f73840542474f96f48ad0dd1efc 2016-09-25
FileHash-SHA1 9cb3dc18e0033a381691fdbe798516fb2b857b01 2016-09-25
FileHash-SHA1 9e595794c8c413c83ef075b7895d0f0efb72a39f 2016-09-25
FileHash-SHA1 87b458153445bd93482f15c28ca2ed2194fb92bf 2016-09-25
FileHash-SHA1 51c784b037dc69a4465a26573d23aebc274969bc 2016-09-25
FileHash-SHA1 d62bf2d5e6683046396e94479b0321e319577f69 2016-09-25
FileHash-SHA1 ddb9d2219876d59dfd3a207e54db8956d6864a52 2016-09-25
References (1)
↗ http://www.welivesecurity.com/2016/09/22/libya-malware-analysis/