Pulse Detail — Threat Intelligence

PULSE NAME

Operation Crimson Palace: Sophos threat hunting unveils multiple clusters of Chinese state-sponsored activity targeting Southeast Asian government

WHITE tr2222200 2024-06-06 Modified: 2024-07-06

125

IOCs

HIGH VOLUME

↓ CSV ↓ JSON

MOBPOPUP.dll (CSC) has been found to be the source of a malicious DLL, which can be found in Microsoft's operating system, on the second day of the Windows Store.

phantomnet c2 phantomnet eagerbee rudebird c2 eagerbee c2 powheartbeat c2 vbs script pocoproxy cobalt strike custom stowaway nupakage malicious dll

Indicators of Compromise (13 / 125 total)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain hostname URL

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	8f3862191232959fc941afd4c2943b86	MD5 of e9cb02690d987de8d392d0e24b3ccbb294c751dff73962135913c7ec0d8a8064	2024-06-06
FileHash-MD5	ce74b7b305b8f6e8ef650e348118e902	MD5 of c06065d3de3bfb37168a5d94baf1c675f831a201937ef774a36c2ea2bf6fc49e	2024-06-06
FileHash-MD5	e09c9841d8d9f77cde35499f083ef752	MD5 of 7ed44a0e548ba9a3adc1eb4fbf49e773bd9c932f95efc13a092af5bed30d3595	2024-06-06
FileHash-MD5	e397775e130add76d0140c413efd183f	MD5 of 110c5eec940f3abb8b3a671cd292bc9ef65772168325a7949290e9828353824a	2024-06-06
FileHash-MD5	054a32d6033b1744dca7f49b2e466ea2	MD5 of ea8c8f834523886b07d87e85e24f124391d69a738814a0f7c31132b6b712ed65	2024-06-06
FileHash-MD5	3ac3d514f4600611af8cb83e50e3e9a1	MD5 of c1d818f18c7160807d9031e024fcc6429476d6455221e3aa988c6245269fbcc8	2024-06-06
FileHash-MD5	26a3762b49b1c6c04c859dd4305e4f95	MD5 of cca5ae87cd710a8fbf994addb0abc8bf1deb222214d4831289885de23ca98924	2024-06-06
FileHash-MD5	1453290db80241683288f33e6dd5e80e	MD5 of 2b7602cc1521101d116995e3e2ddfe0943349806378a0d40add81ba64e359b6c	2024-06-06
FileHash-MD5	57b51418a799d2d016be546f399c2e9b	MD5 of 101bf8dcdd414f09ba46cdecbd96e8606c79b0e76b6a2ce040395e775cb4da86	2024-06-06
FileHash-MD5	5e83b6ed422399de04408b80f3e5470e	MD5 of 5f959f480a66a33d37d9a0ef6c8f7d0059625ca2a8ae9236b49b194733622655	2024-06-06
FileHash-MD5	609aa4fe6955ee8fadaabbbcda229376	MD5 of a22b8ef40b8abe2bd7161f425484e82207f322fef1d0562de5bf98e2f642b477	2024-06-06
FileHash-MD5	8a0af14818eb5d6041d6988af1cf586d	MD5 of 4dd0debf03eeb938fbaca1f1fd391523358c23cbf18959a149c29133cc3c9cae	2024-06-06
FileHash-MD5	aaf1146ec9c633c4c3fbe8091f1596d8	MD5 of cc19c785702eea660a1dd7cbf9e4fef80b41384e8bd6ce26b7229e0251f24272	2024-06-06

References (1)

↗ https://news.sophos.com/en-us/2024/06/05/operation-crimson-palace-sophos-threat-hunting-unveils-multiple-clusters-of-chinese-state-sponsored-activity-targeting-southeast-asia/