← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Popping Eagle: How Global Analytics Uncovered a Stealthy Threat Actor
WHITE AlienVault 2022-06-03 Modified: 2022-07-03
8
IOCs
LOW VOLUME
Palo Alto Networks has developed a suite of analytics detectors that can detect and identify malware that is targeting high-value targets, such as Microsoft, Microsoft and other companies, in order to protect against supply-chain attacks.
popping eaglegoing eaglepsexec
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Popping Eagle Going Eagle
Indicators of Compromise (8)
All YARA FileHash-SHA256 domain
TYPEINDICATORDESCRIPTIONCREATED
YARA 55e6afcaef860e085f9cba6f3288647c5261cdc4 Detects DLL files with an export function named 'popo' 2022-06-03
FileHash-SHA256 0dc8f17b053d9bfab45aed21340a1f85325f79e0925caf21b9eaf9fbdc34a47a 2022-06-03
FileHash-SHA256 59d12f26cbc3e49e28be13f0306f5a9b1a9fd62909df706e58768d2f0ccca189 2022-06-03
FileHash-SHA256 95676c8eeaab93396597e05bb4df3ff8cc5780ad166e4ee54484387b97f381df 2022-06-03
FileHash-SHA256 e5e89d8db12c7dacddff5c2a76b1f3b52c955c2e86af8f0b3e36c8a5d954b5e8 2022-06-03
YARA 4c9f59bafba49c8dda245fb992418c66a9427691 potentially unwanted GO application with proxy communication capabilities 2022-06-03
domain dnszonetransfer.com 2022-06-03
domain reporterror.net 2022-06-03
References (1)
↗ https://unit42.paloaltonetworks.com/popping-eagle-malware/