Pulse Detail — Threat Intelligence

PULSE NAME

DLL Hijacking in the Asian Gambling Sector

WHITE BRONZE STARLIGHT AlienVault 2023-08-17 Modified: 2024-02-28

IOCs

MEDIUM VOLUME

Chinese hackers are targeting the gambling sector within Southeast Asia, according to SentinelLabs and ESET, who have identified suspected-Chinese malware and infrastructure linked to a series of attacks reported in March 2023.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1036 T1574 T1574.001

MALWARE FAMILIES

HUI Loader Cobalt Strike

Indicators of Compromise (31)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain hostname URL

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	0e3e037c57a5447295669a3db1a28b8a	—	2023-08-17
FileHash-MD5	f050c9fa2cab55097a1e037c7df0c10f	MD5 of 6e9592920cdce90a7c03155ef8b113911c20bb3a	2023-08-17
FileHash-MD5	f9322ead69300501356b13d751165daa	MD5 of 32b545353f4e968dc140c14bc436ce2a91aacd82	2023-08-17
FileHash-SHA1	09f82b963129bbcc6d784308f0d39d8c6b09b293	—	2023-08-17
FileHash-SHA1	1a11aa4bd3f2317993cfe6d652fbe5ab652db151	—	2023-08-17
FileHash-SHA1	32b545353f4e968dc140c14bc436ce2a91aacd82	—	2023-08-17
FileHash-SHA1	57bbc5fcfd97d25edb9cce7e3dc9180ee0df7111	—	2023-08-17
FileHash-SHA1	62e990cc0a26d58e1a150617357010ee53186707	—	2023-08-17
FileHash-SHA1	6e9592920cdce90a7c03155ef8b113911c20bb3a	—	2023-08-17
FileHash-SHA1	76bf5ab6676a1e01727a069cc00f228f0558f842	—	2023-08-17
FileHash-SHA1	88c353e12bd23437681c79f31310177fd476a846	—	2023-08-17
FileHash-SHA1	957e313abaf540398af47af367a267202a900007	—	2023-08-17
FileHash-SHA256	07bbd8a80b5377723b13dbb40a01ca44cbc203369f5e5652a25b448e27ca108c	SHA256 of 32b545353f4e968dc140c14bc436ce2a91aacd82	2023-08-17
FileHash-SHA256	43fb2d2e7596bed395bba6e012d0ee13ed61856cd63db47bf94160881d3e3ac7	SHA256 of 6e9592920cdce90a7c03155ef8b113911c20bb3a	2023-08-17
domain	100helpchat.com	—	2023-08-17
domain	duckducklive.top	—	2023-08-17
domain	live100heip.com	—	2023-08-17
domain	microsoftlab.top	—	2023-08-17
domain	microsofts.com	—	2023-08-17
domain	microsofts.info	—	2023-08-17
domain	microsofts.net	—	2023-08-17
domain	microsofts.org	—	2023-08-17
domain	microupdate.xyz	—	2023-08-17
domain	miscrosofts.com	—	2023-08-17
hostname	www.100helpchat.com	—	2023-08-17
domain	kaspresksy.com	—	2023-08-17
URL	http://agenfile.oss-ap-southeast-1.aliyuncs.com/agent_source/temp1/cefhelper.zip	—	2023-08-17
URL	http://agenfile.oss-ap-southeast-1.aliyuncs.com/agent_source/temp2/agent_bak.zip	—	2023-08-17
URL	http://agenfile.oss-ap-southeast-1.aliyuncs.com/agent_source/temp3/adobe_helper.zip	—	2023-08-17
URL	http://codewavehub.oss-ap-southeast-1.aliyuncs.com/org/com/file/CodeVerse.zip	—	2023-08-17
domain	tencentchat.net	—	2023-08-17

References (1)

↗ https://www.sentinelone.com/labs/chinese-entanglement-dll-hijacking-in-the-asian-gambling-sector/