Pulse Detail — Threat Intelligence

PULSE NAME

DISGOMOJI Malware Used to Target Indian Government

WHITE UTA0137 AlienVault 2024-06-18 Modified: 2024-07-18

254

IOCs

HIGH VOLUME

Volexity identified a cyber-espionage campaign by a suspected Pakistan-based threat actor tracked as UTA0137 targeting government entities in India. The campaign leveraged the DISGOMOJI malware, a Golang-based Linux trojan that uses Discord for command and control via emojis. Key capabilities include data exfiltration, persistence mechanisms, and the ability to execute arbitrary commands. Volexity uncovered UTA0137's use of the DirtyPipe exploit against vulnerable BOSS Linux systems, as well as their post-exploitation tactics like network scanning and tunneling. The intrusions appear successful, highlighting UTA0137's evolving tradecraft and persistent interest in Indian targets.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1053.005 T1087.002 T1555.003 T1021.006 T1213.001 T1059.001 T1547.013

MALWARE FAMILIES

DISGOMOJI

Indicators of Compromise (48 / 254 total)

All CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	2d4a5050c7ea6c83665807df151e067e	—	2024-06-18
FileHash-MD5	8bf9cf1363e404a9ad3e0fa9e53057cb	—	2024-06-18
FileHash-MD5	d5f2e3fafbb0701dc0f1adccc7141e63	—	2024-06-18
FileHash-MD5	01c34ccd7ca7c5cdf88272d8c9071004	—	2024-06-18
FileHash-MD5	04a3f16c76f2e6d9eba34dd132fc8c27	—	2024-06-18
FileHash-MD5	13ee4bd10f05ee0499e18de68b3ea4d5	—	2024-06-18
FileHash-MD5	199c855998aedb0ce46e8d34c05eb0cb	—	2024-06-18
FileHash-MD5	20b4eb5787faa00474f7d27c0fea1e4b	—	2024-06-18
FileHash-MD5	237961bbba6d4aa2e0fae720d4ece439	—	2024-06-18
FileHash-MD5	2bf596603c432fa46b494dc3edd2d30f	—	2024-06-18
FileHash-MD5	2c06e31bc2969df108697061325b2e8a	—	2024-06-18
FileHash-MD5	2d4a5050c7ea6c83665807df151e067e	MD5 of e5182d13d66c3efaa7676510581d622f98471895	2024-06-18
FileHash-MD5	3ce8dfb3f1bff805cb6b85a9e950b3a2	—	2024-06-18
FileHash-MD5	3d4e5dbf9b7a6e7336a354b71d4d1a8b	—	2024-06-18
FileHash-MD5	49cbbf586ba1480599be02915e5a8b34	MD5 of 31a1b6e836684c6d7b5d8f7a099dbe090282cbb0	2024-06-18
FileHash-MD5	501a6d48fd8f80a134cf71db3804cf95	—	2024-06-18
FileHash-MD5	50fe93394528a0ede52f9eec6c1bf505	—	2024-06-18
FileHash-MD5	52992eb3a59d7acb736cf9b607337d62	MD5 of 1c8cfa8f36897b6b1179dc4bce49b0e2f86e1a4e	2024-06-18
FileHash-MD5	55c90ff429e4fd72034922383aa31078	—	2024-06-18
FileHash-MD5	56cb95b63162d0dfceb30100ded1131a	—	2024-06-18
FileHash-MD5	56cc70b66be99e01d354ba2aaf88041e	MD5 of 749a8d081e075b921436d07e323964da88bff609	2024-06-18
FileHash-MD5	60fc5dc410b7482566a74d03549d8246	—	2024-06-18
FileHash-MD5	635864ff270cf8e366a7747fb5996766	—	2024-06-18
FileHash-MD5	777cbc972609d26fe6597a442cdf4589	—	2024-06-18
FileHash-MD5	898bfd3df2ccd9508e0bfab672f5f61a	MD5 of 5b7b0b0d7d59e616b0cf75a25ad67dfca89495c4	2024-06-18
FileHash-MD5	8bf9cf1363e404a9ad3e0fa9e53057cb	MD5 of 3dff44bede709295fffd3ae3e9599f6ab8197af4	2024-06-18
FileHash-MD5	9012904377e6934797c8689b8c9268c6	—	2024-06-18
FileHash-MD5	95e17125be0b0f4a4ea1b3d01cc73238	—	2024-06-18
FileHash-MD5	9821c180f81512f1b72c46e462fc759a	MD5 of d0aff8489c02230d4c0935e21125f81895bf6cde	2024-06-18
FileHash-MD5	9f24f757b151a1d81f714075fe7d33d4	—	2024-06-18
FileHash-MD5	9f3359ae571c247a8be28c0684678304	—	2024-06-18
FileHash-MD5	a9182c812c7f7d3e505677a57c8a353b	—	2024-06-18
FileHash-MD5	b4983913d49a2a49545ebe59cd27a7d1	—	2024-06-18
FileHash-MD5	c9969ece7bb47efac4b3b04cdc1538e5	—	2024-06-18
FileHash-MD5	cd7067d58e2319ebc8ed0ecd6b61b2b6	—	2024-06-18
FileHash-MD5	d5f2e3fafbb0701dc0f1adccc7141e63	MD5 of 0d4111ab5471c7f5b909bff336ba8cd66f9d8630	2024-06-18
FileHash-MD5	da745b60b5ef5b4881c6bc4b7a48d784	—	2024-06-18
FileHash-MD5	db0676733eb4ee2c490bdc4fe488b40f	MD5 of 765b17c1e2e1ab3d2fbdba3ccffcdcc4bd750102	2024-06-18
FileHash-MD5	de115e15a6689cf32519c3a046a78626	—	2024-06-18
FileHash-MD5	e0102071722a87f119b12434ae651b48	—	2024-06-18
FileHash-MD5	e6667ab32fbda86a2d2a72ed7e52b146	—	2024-06-18
FileHash-MD5	ee8d767069faf558886f1163a92e4009	—	2024-06-18
FileHash-MD5	f14e778f4d22df275c817ac3014873dc	—	2024-06-18
FileHash-MD5	f2501e8b57486c427579eeda20b729fd	—	2024-06-18
FileHash-MD5	f5d8664cbf4a9e154d4a888e4384cb1d	—	2024-06-18
FileHash-MD5	f68b17f1261aaa4460d759d95124fbd4	—	2024-06-18
FileHash-MD5	fbcd468dcd05cd1bf2ee25f16d09c227	—	2024-06-18
FileHash-MD5	fc61b985d8c590860f397d943131bfb5	—	2024-06-18

References (2)

↗ https://www.volexity.com/blog/2024/06/13/disgomoji-malware-used-to-target-indian-government/ ↗ https://raw.githubusercontent.com/volexity/threat-intel/main/2024/2024-06-13%20DISGOMOJI/indicators/iocs.csv