← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
The Pumpkin Eclipse - Chalubo Malware
WHITE AlienVault 2024-06-04 Modified: 2024-07-02
93
IOCs
HIGH VOLUME
Chalubo is a commodity remote access trojan (RAT). First identified in 2018, employed savvy tradecraft to obfuscate its activity; it removed all files from disk to run in-memory, assumed a random process name already present on the device, and encrypted all communications with the command and control (C2) server. Chalubo has payloads designed for all major SOHO/IoT kernels, pre-built functionality to perform DDoS attacks, and can execute any Lua script sent to the bot.
lua scriptsoho
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Chalubo
Indicators of Compromise (27 / 93 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
URL http://185.189.240.13:8080/E2XRIEGSOAPU3Z5Q8 2024-06-04
URL http://185.189.240.13:8080/E2XRIEGSOAPU3Z5Q8/res.dat 2024-06-04
URL http://194.36.190.99:38291/as/crtarm3 2024-06-04
URL http://2.59.222.97/dldsc522dsdasd/res.dat 2024-06-04
URL http://91.211.88.225:8080/SASBCKXOWYALLCZXF 2024-06-04
URL http://91.211.88.6:8080/ASUHALUMNABTC 2024-06-04
URL http://ammhdfgygb.com/dldsc522dsdasd/res.dat 2024-06-04
URL http://coreconf.net:8080/E2XRIEGSOAPU3Z5Q8 2024-06-04
URL http://coreconf.net:8080/E2XRIEGSOAPU3Z5Q8/mips 2024-06-04
URL http://nihiosuxnmo.com:8080/SASBCKXOWYALLCZXF 2024-06-04
URL http://sainnguatc.com:8080/ASUHALUMNABTC b16e15764b8bc06c5c3f9f19bc8b99fa48e7894aa5a6ccdad65da49bbf564793 2024-06-04
URL http://sainnguatc.com:8080/ASUHALUMNABTC/res.dat 2024-06-04
URL http://secu100.com/23652xxxxx000008skcai/res.dat 2024-06-04
URL http://xmsecu.io/00030674uucyttsikk/res.dat 2024-06-04
URL http://xmsecu.io/00030678bbgstrjs/res.dat 2024-06-04
URL http://xmsecu.io/c638020vkklkjjiu/res.dat 2024-06-04
URL http://xmsecu.net/00030695mcksiqq/res.dat 2024-06-04
URL http://xmsecu.net/00030695mcksiqq/res.dat\t 2024-06-04
URL http://xmsecu100.net/23652xxxxx000008skcai/res.dat 2024-06-04
URL https://cu6s.com 2024-06-04
URL https://dh.id3cqcmgjcb.top 2024-06-04
URL https://m.aiguoba.com 2024-06-04
URL https://m.isanyin.com 2024-06-04
URL https://mh.55dmh.com 2024-06-04
URL https://www.v5002.cn 2024-06-04
URL http://104.233.210.119:51248/get_fwuueicj. 2024-06-04
URL http://104.233.210.119:51248/get_scrpc 2024-06-04
References (2)
↗ https://github.com/blacklotuslabs/IOCs/blob/main/Pumpkin_Eclipse_IOCs.txt ↗ https://blog.lumen.com/the-pumpkin-eclipse/