Pulse Detail — Threat Intelligence

PULSE NAME

The Pumpkin Eclipse - Lumen

WHITE bluenumberone 2024-05-31 Modified: 2024-06-30

IOCs

HIGH VOLUME

The Chalubo malware family was used in a destructive attack on a single internet service provider in late October 2023, Lumen Technologies’ Black Lotus Labs has revealed in an open-source report.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1195 T1199 T1140 T1055 T1102 T1104 T1016 T1070 T1218 T1495

MALWARE FAMILIES

Chalubo

Indicators of Compromise (93)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	d23dab9c57284b5457c991abe63b7cd4	MD5 of a8a2c2f82d542b0e05848d102e2f04239982b48ba7522a83dfc8b1308d7a8c12	2024-05-31
FileHash-SHA1	59d70e5a2b470827a750bf2ef36020aec61ae386	SHA1 of a8a2c2f82d542b0e05848d102e2f04239982b48ba7522a83dfc8b1308d7a8c12	2024-05-31
FileHash-SHA256	a8a2c2f82d542b0e05848d102e2f04239982b48ba7522a83dfc8b1308d7a8c12	—	2024-05-31
FileHash-MD5	28827aba3675e1a802bb7d8113701615	MD5 of f9db9632ffd7e3bd5b700025fa9278420de0778029fe2eedb6ea7b3d7b999ef6	2024-05-31
FileHash-SHA1	183fa84e35bb498efb4dfb05d2a4997cd66e2f0f	—	2024-05-31
FileHash-SHA1	21d9ae29551dcbe39de375bdf8ada5a47b0e2372	—	2024-05-31
FileHash-SHA1	27dc61dd0bb9a53799ae29c6927f38d98ccdb27b	—	2024-05-31
FileHash-SHA1	6c6609264e9e4b365e1bd7df187f4405a1df3f02	—	2024-05-31
FileHash-SHA1	851da211a48eda4fb1bb9914bc6afe2adae82da0	SHA1 of f9db9632ffd7e3bd5b700025fa9278420de0778029fe2eedb6ea7b3d7b999ef6	2024-05-31
FileHash-SHA1	adc617d5bc875d26fef3ef469e88a16079c50274	—	2024-05-31
FileHash-SHA256	00550d5c2ed14a445ae13cff8eff32ba7a7dd502d145481bcd18161cf1df540d	—	2024-05-31
FileHash-SHA256	08dd3d407a74159c2de0f6be0956a79625bdeb2f913d04520d1f8f310d6a78fc	—	2024-05-31
FileHash-SHA256	0c7c6926e854aac4dc4821be07f826157b576d0a217d74d5675d7b32eb78b50e	—	2024-05-31
FileHash-SHA256	117bd27a209d6350b10f5c8f8cf841755c253276460be8c7681f5357e07d2e0c	—	2024-05-31
FileHash-SHA256	2653886ab93ab5d7c779b796f87199e033ce012970d565d91cf9063d6149a1f8	—	2024-05-31
FileHash-SHA256	2a65fdd8c44a6b7191c09702d9f747471564346c465a42b9abbb4dfa1bc5f7fb	—	2024-05-31
FileHash-SHA256	2ec65d77b5146dc898acf5b14df33f49306d539f6d84784e135d32d1807b37ce	—	2024-05-31
FileHash-SHA256	38c639a245e1dd04786881fae1060fbd72d3ed419b2f0d38d6082dc9d67876c3	—	2024-05-31
FileHash-SHA256	49c04e56dfb17ac16acddfcf9eff7ae82d70294a8ec70b6365ab43a07441badd	—	2024-05-31
FileHash-SHA256	5621cdb8d07900a333d022a9696c1a6f7e45d6cfc713558c462a3ace7c4b426f	—	2024-05-31
FileHash-SHA256	59437e986acd685ad3ce48bf010efff22aa866c0fa066b0e64e510ecb026dd1a	—	2024-05-31
FileHash-SHA256	5b7874b18e8365e07624946a33518988aea4c72478a285a36047b4ba554a7576	—	2024-05-31
FileHash-SHA256	5b9405418b654c9418e514ae3420c72af58d418adefca43644bf2bf14d89cc5a	—	2024-05-31
FileHash-SHA256	5fc8534d490312823a49e2a13afc8a7b6b026280c79db704465fddd8a1fdc376	—	2024-05-31
FileHash-SHA256	619564061e62a6352f0ce1a06d2883d46eb69df16322b30e8a2a9c65e2d32f5f	—	2024-05-31
FileHash-SHA256	68f0131d75e53635964fd709e1fa39fffe50380d14acded981aa8525ea4ad4a7	—	2024-05-31
FileHash-SHA256	6be5b4bc461f1ba931bfe773df66bf5f8052626adbdf2b1156a06d0da2d8d3d1	—	2024-05-31
FileHash-SHA256	7a81bbb1f7055cd3f30db8bb2a104b969914ccd520cf85c24b25ba5b0c720206	—	2024-05-31
FileHash-SHA256	82c569b93da5c18ed649ebd4c2c79437db4611a6a1373e805a3cb001c64130b7	—	2024-05-31
FileHash-SHA256	847e7f8209803d786660c5ba6d19ce59f76fe26e3e33e50cbe6dd663d40ad569	—	2024-05-31
FileHash-SHA256	8639bbb3ffe5fa51334c6ab4d45ae1647a29a97f061a9456991333ab166b52fd	—	2024-05-31
FileHash-SHA256	8f4b61975539dbfe903f448636a48168351018801f2581a63d97179c37cad979	—	2024-05-31
FileHash-SHA256	967289406b0da030a93cefaa2644b109260565f5f767b95ce2a5d96d49c57bf2	—	2024-05-31
FileHash-SHA256	9b929bcc182c39540767a9b8237a8436c82997c68d4d2ba710241387c39c27f5	—	2024-05-31
FileHash-SHA256	a9cea205140babed24faea1b27f62b2f36464b8562223d96ecb617258a2fd284	—	2024-05-31
FileHash-SHA256	b2e2193e49ee1240be30f5040dbb5e2c973cdfb02c3ea88ef4ffeda884de28c2	—	2024-05-31
FileHash-SHA256	b5fc0c265eb192b2a2d778e66d6f076e876eeacf57c3927e406b4e1b72152038	—	2024-05-31
FileHash-SHA256	bdef8e089ffa00794f40f14ad3cdb8f1629241a4ac313bef8fe3d38e08207e4c	—	2024-05-31
FileHash-SHA256	c513616d5cb9ff8fa3c1cd774722729cd28859dbdc2b30a4ebda9e548b9a4f06	—	2024-05-31
FileHash-SHA256	c5317722effa07b56f9e81ef096b1711048eac6629c0ec72d8e8c72c6aae8f41	—	2024-05-31
FileHash-SHA256	d0643c777b0b24ca747f7dc79d3bdfbc04d3095ded760e6a54fa62bfa6945df3	—	2024-05-31
FileHash-SHA256	d6778d5ad096516b881bbf2aca2d790b5217dfb83bb256e3f9d710056c9b512a	—	2024-05-31
FileHash-SHA256	d9322af52b941e76bec3d2596a1c1be47dffc4fb161656da2c7c45b3d492cfd8	—	2024-05-31
FileHash-SHA256	e5030083c101058f52394820420a372bf93bcac2d802902d4d4c91470c96b608	—	2024-05-31
FileHash-SHA256	e9b52b551f4918a8c2d7fb1967d2948bda5ec0cd943beac29bff913771ff1ebd	—	2024-05-31
FileHash-SHA256	ed9511c16229f4bb41f461e90fff7964e79f2c2d27e7de2b107e4d003e9e0def	—	2024-05-31
FileHash-SHA256	f423aae265c3ca31661a208a43674db76fffb2994b801227218d978da6ddd0c3	—	2024-05-31
FileHash-SHA256	f5894f0cc7d9da2f188b740bb0596206038d9dba430c7d2a145d7454d9f1b4db	—	2024-05-31
FileHash-SHA256	f9db9632ffd7e3bd5b700025fa9278420de0778029fe2eedb6ea7b3d7b999ef6	—	2024-05-31
URL	http://185.189.240.13:8080/E2XRIEGSOAPU3Z5Q8	—	2024-05-31
URL	http://185.189.240.13:8080/E2XRIEGSOAPU3Z5Q8/res.dat	—	2024-05-31
URL	http://194.36.190.99:38291/as/crtarm3	—	2024-05-31
URL	http://2.59.222.97/dldsc522dsdasd/res.dat	—	2024-05-31
URL	http://91.211.88.225:8080/SASBCKXOWYALLCZXF	—	2024-05-31
URL	http://91.211.88.6:8080/ASUHALUMNABTC	—	2024-05-31
URL	http://ammhdfgygb.com/dldsc522dsdasd/res.dat	—	2024-05-31
URL	http://coreconf.net:8080/E2XRIEGSOAPU3Z5Q8	—	2024-05-31
URL	http://coreconf.net:8080/E2XRIEGSOAPU3Z5Q8/mips	—	2024-05-31
URL	http://nihiosuxnmo.com:8080/SASBCKXOWYALLCZXF	—	2024-05-31
URL	http://sainnguatc.com:8080/ASUHALUMNABTC	b16e15764b8bc06c5c3f9f19bc8b99fa48e7894aa5a6ccdad65da49bbf564793	2024-05-31
URL	http://sainnguatc.com:8080/ASUHALUMNABTC/res.dat	—	2024-05-31
URL	http://secu100.com/23652xxxxx000008skcai/res.dat	—	2024-05-31
URL	http://xmsecu.io/00030674uucyttsikk/res.dat	—	2024-05-31
URL	http://xmsecu.io/00030678bbgstrjs/res.dat	—	2024-05-31
URL	http://xmsecu.io/c638020vkklkjjiu/res.dat	—	2024-05-31
URL	http://xmsecu.net/00030695mcksiqq/res.dat	—	2024-05-31
URL	http://xmsecu.net/00030695mcksiqq/res.dat\t	—	2024-05-31
URL	http://xmsecu100.net/23652xxxxx000008skcai/res.dat	—	2024-05-31
URL	https://cu6s.com	—	2024-05-31
URL	https://dh.id3cqcmgjcb.top	—	2024-05-31
URL	https://m.aiguoba.com	—	2024-05-31
URL	https://m.isanyin.com	—	2024-05-31
URL	https://mh.55dmh.com	—	2024-05-31
URL	https://www.v5002.cn	—	2024-05-31
domain	2fgithub.com	—	2024-05-31
domain	ammhdfgygb.com	—	2024-05-31
domain	coreconf.net	—	2024-05-31
domain	cu6s.com	—	2024-05-31
domain	nihiosuxnmo.com	—	2024-05-31
domain	sainnguatc.com	—	2024-05-31
domain	secu100.com	—	2024-05-31
domain	xmsecu.io	—	2024-05-31
domain	xmsecu.net	—	2024-05-31
domain	xmsecu100.net	—	2024-05-31
hostname	axon-stall.riddlecamera.net	—	2024-05-31
hostname	dh.id3cqcmgjcb.top	—	2024-05-31
hostname	lighten.medyamol.com	—	2024-05-31
hostname	m.aiguoba.com	—	2024-05-31
hostname	m.isanyin.com	—	2024-05-31
hostname	mh.55dmh.com	—	2024-05-31
hostname	www.v5002.cn	—	2024-05-31
URL	http://104.233.210.119:51248/get_fwuueicj.	—	2024-05-31
URL	http://104.233.210.119:51248/get_scrpc	—	2024-05-31

References (2)

↗ https://github.com/blacklotuslabs/IOCs/blob/main/Pumpkin_Eclipse_IOCs.txt ↗ https://blog.lumen.com/the-pumpkin-eclipse/