← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
New BugSleep Backdoor Deployed in Recent MuddyWater Campaigns - Check Point Research
WHITE CyberHunter_NL 2024-07-16 Modified: 2024-08-15
105
IOCs
HIGH VOLUME
bugsleepmuddywaterisraelsaudi arabiaazerbaijanegnytepdf attachmentministryintelligencesecuritytoolsfebruarycodevirustotal
Indicators of Compromise (105)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain URL hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 0993e8ffdc69c202e56b8070a0ceb8cd MD5 of 20aaeac4dbea89b50d011e9becdf51afc1a1a1f254a5f494b80c108fd3c7f61a 2024-07-16
FileHash-MD5 1986e572654593df8e08ff69bb284dc6 MD5 of 88788208316a6cf4025dbabbef703f51d77d475dc735bf826b8d4a13bbd6a3ee 2024-07-16
FileHash-MD5 242098c3e87822bffa7c337987065fbe MD5 of 39da7cc7c627ea4c46f75bcec79e5669236e6b43657dcad099e1b9214527670e 2024-07-16
FileHash-MD5 4d5ca8c51171d9d9b944d9c4b2cd6e61 MD5 of 4064e4bb9a4254948047858301f2b75e276a878321b0cc02710e1738b42548ca 2024-07-16
FileHash-MD5 7675b919678e71e01c145f79c6452607 MD5 of 31591fcf677a2da2834d2cc99a00ab500918b53900318f6b19ea708eba2b38ab 2024-07-16
FileHash-MD5 7b88765f265124a80a443a353493b88e MD5 of c88453178f5f6aaab0cab2e126b0db27b25a5cfe6905914cc430f6f100b7675c 2024-07-16
FileHash-MD5 9c63b57d1250cd89fbd82ae2b4062aa3 MD5 of e7896ccb82ae35e1ee5949b187839faab0b51221d510b25882bbe711e57c16d2 2024-07-16
FileHash-MD5 a24d25af9985c28cb0d93443cc899aa2 MD5 of c80c8dd7be3ccf18e327355b880afb5a24d5a0596939458fb13319e05c4d43e9 2024-07-16
FileHash-MD5 a46206daae98334e47e178bc718d9baf MD5 of 424a9c85f97aa1aece9480bd658266c366a60ff1d62c31b87ddc15a1913c10e4 2024-07-16
FileHash-MD5 a50a20edddaded453410600549968914 MD5 of 94278fa01900fdbfb58d2e373895c045c69c01915edc5349cd6f3e5b7130c472 2024-07-16
FileHash-MD5 a713e686fd984588a4db74f34bf32275 MD5 of 960d4c9e79e751be6cad470e4f8e1d3a2b11f76f47597df8619ae41c96ba5809 2024-07-16
FileHash-MD5 af6d4ffcaf5d3dab814d16429cb76754 MD5 of 55af6a90ac8863f27b3fcaa416a0f1e4ff02fb42aa46a7274c6b76aa000aacc2 2024-07-16
FileHash-MD5 b77259eb3279ef1f5eb7cfae7d818ff1 MD5 of 1c0947258ddb608c879333c941f0738a7f279bc14630f2c8877b82b8046acf91 2024-07-16
FileHash-MD5 b868885719d2244fc2eee84200f456c7 MD5 of 7e14ca8cb7980e85aff4038f489442eace33530fd02e2b9c382a4b6907601bee 2024-07-16
FileHash-MD5 c17f4bb8e415e21e6010b98e13c6dff3 MD5 of b8703744744555ad841f922995cef5dbca11da22565195d05529f5f9095fbfca 2024-07-16
FileHash-MD5 c381c2cb8fdd6acf1636280b9424f573 MD5 of ff2ae62ba88e7068fa142bbe67d7b9398e8ae737a43cf36ace1fcf809776c909 2024-07-16
FileHash-MD5 c8f6081c824d17c5efba58def4d7e33a MD5 of c23f17b92b13464a570f737a86c0960d5106868aaa5eac2f2bac573c3314eb0f 2024-07-16
FileHash-MD5 d1e400e1e8100872d1f0f6a4f99eb51d MD5 of 90f94d98386c179a1b98a1f082b0c7487b22403d8d5eb3db6828725d14392ded 2024-07-16
FileHash-MD5 d783001d1f98fe3b33e7b97b0b7d96dc MD5 of 73c677dd3b264e7eb80e26e78ac9df1dba30915b5ce3b1bc1c83db52b9c6b30e 2024-07-16
FileHash-MD5 dab63e3d8fdc6800c983430e25bce791 MD5 of fb58c54a6d0ed24e85b213f0c487f8df05e421d7b07bd2bece3a925a855be93a 2024-07-16
FileHash-MD5 e7df84a5a22aeafcf1c3abf4fd986c91 MD5 of 5df724c220aed7b4878a2a557502a5cefee736406e25ca48ca11a70608f3a1c0 2024-07-16
FileHash-MD5 f9ffe8ec3d808da08bc335583a0631ce MD5 of 7e6b04e17ae273700cef4dc08349af949dbd4d3418159d607529ae31285e18f7 2024-07-16
FileHash-MD5 fc3f730f2253db14076fa2e3c37aeb1b MD5 of 8fbd374d4659efdc5b5a57ff4168236aeaab6dae4af6b92d99ac28e05f04e5c1 2024-07-16
FileHash-SHA1 00a2639215e4c2c790bb84cd952539e3d7eacdf5 SHA1 of 1c0947258ddb608c879333c941f0738a7f279bc14630f2c8877b82b8046acf91 2024-07-16
FileHash-SHA1 04224ab9da82d078d5b9e48589c56e9bde707fcf SHA1 of 55af6a90ac8863f27b3fcaa416a0f1e4ff02fb42aa46a7274c6b76aa000aacc2 2024-07-16
FileHash-SHA1 1121bcd922a493585ff7d8d43a7f54ac71c26308 SHA1 of 7e6b04e17ae273700cef4dc08349af949dbd4d3418159d607529ae31285e18f7 2024-07-16
FileHash-SHA1 17239764355e7f21237ff5ca05c36cc9dd1c934f SHA1 of 424a9c85f97aa1aece9480bd658266c366a60ff1d62c31b87ddc15a1913c10e4 2024-07-16
FileHash-SHA1 272199dba36d45e0b724db571c75b271a52dc8cd SHA1 of 31591fcf677a2da2834d2cc99a00ab500918b53900318f6b19ea708eba2b38ab 2024-07-16
FileHash-SHA1 27810d36a8c07ae78bd15ee79bacc20f9954943d SHA1 of 7e14ca8cb7980e85aff4038f489442eace33530fd02e2b9c382a4b6907601bee 2024-07-16
FileHash-SHA1 57a35ad499a93bff43d7b312f98f8f363f666c22 SHA1 of e7896ccb82ae35e1ee5949b187839faab0b51221d510b25882bbe711e57c16d2 2024-07-16
FileHash-SHA1 5d340a54081fe37832690a5a73060fa34b5a3527 SHA1 of 88788208316a6cf4025dbabbef703f51d77d475dc735bf826b8d4a13bbd6a3ee 2024-07-16
FileHash-SHA1 7160edebb59ba860f84f7b0658e5598c2af6a030 SHA1 of 20aaeac4dbea89b50d011e9becdf51afc1a1a1f254a5f494b80c108fd3c7f61a 2024-07-16
FileHash-SHA1 72775239683ea6a651b5c73d2e3ed006af5e1cad SHA1 of 5df724c220aed7b4878a2a557502a5cefee736406e25ca48ca11a70608f3a1c0 2024-07-16
FileHash-SHA1 7918e2c9c6f2847078bb736968f8f21b7e70a0af SHA1 of ff2ae62ba88e7068fa142bbe67d7b9398e8ae737a43cf36ace1fcf809776c909 2024-07-16
FileHash-SHA1 7badbd6ee555a882a02ed345472a20ce211b1d5f SHA1 of 90f94d98386c179a1b98a1f082b0c7487b22403d8d5eb3db6828725d14392ded 2024-07-16
FileHash-SHA1 8761d79aaef37b92593f772f6a26359696e31187 SHA1 of c80c8dd7be3ccf18e327355b880afb5a24d5a0596939458fb13319e05c4d43e9 2024-07-16
FileHash-SHA1 8ad703fe537157d9916b7650720f8c66f0de7bf8 SHA1 of fb58c54a6d0ed24e85b213f0c487f8df05e421d7b07bd2bece3a925a855be93a 2024-07-16
FileHash-SHA1 9543cab61c330e533bcdd92ed6e1012f1b284d10 SHA1 of 39da7cc7c627ea4c46f75bcec79e5669236e6b43657dcad099e1b9214527670e 2024-07-16
FileHash-SHA1 a2373fc44cd34e56beacd6c7359f4cda4d37022c SHA1 of 4064e4bb9a4254948047858301f2b75e276a878321b0cc02710e1738b42548ca 2024-07-16
FileHash-SHA1 b99d3ac574d6611c7304ef87e9c51c187bb5dd42 SHA1 of 73c677dd3b264e7eb80e26e78ac9df1dba30915b5ce3b1bc1c83db52b9c6b30e 2024-07-16
FileHash-SHA1 d76e5ac85cd57425dc3c5dc27c438b0725d6eaa4 SHA1 of 94278fa01900fdbfb58d2e373895c045c69c01915edc5349cd6f3e5b7130c472 2024-07-16
FileHash-SHA1 dc6005970d96982d5a992f36f353b5ac30cdcd59 SHA1 of c23f17b92b13464a570f737a86c0960d5106868aaa5eac2f2bac573c3314eb0f 2024-07-16
FileHash-SHA1 dfaae4c2ac9a19d2ef0fde43b6786a01b39b5521 SHA1 of 960d4c9e79e751be6cad470e4f8e1d3a2b11f76f47597df8619ae41c96ba5809 2024-07-16
FileHash-SHA1 e2561fe1a6f120558455969be358050561006871 SHA1 of c88453178f5f6aaab0cab2e126b0db27b25a5cfe6905914cc430f6f100b7675c 2024-07-16
FileHash-SHA1 e2bee0b9a6e262daa4842245e469f5a0310da868 SHA1 of b8703744744555ad841f922995cef5dbca11da22565195d05529f5f9095fbfca 2024-07-16
FileHash-SHA1 e8e16606c34e8d85da2a250d3083800e63a2b901 SHA1 of 8fbd374d4659efdc5b5a57ff4168236aeaab6dae4af6b92d99ac28e05f04e5c1 2024-07-16
FileHash-SHA256 02060a9ea0d0709e478e2fba6e9b71c1b7315356acc4f64e40802185c4f42f1c 2024-07-16
FileHash-SHA256 0ab2b0a2c46d14593fe900e7c9ce5370c9cfbf6927c8adb5812c797a25b7f955 2024-07-16
FileHash-SHA256 1c0947258ddb608c879333c941f0738a7f279bc14630f2c8877b82b8046acf91 2024-07-16
FileHash-SHA256 20aaeac4dbea89b50d011e9becdf51afc1a1a1f254a5f494b80c108fd3c7f61a 2024-07-16
FileHash-SHA256 31591fcf677a2da2834d2cc99a00ab500918b53900318f6b19ea708eba2b38ab 2024-07-16
FileHash-SHA256 39da7cc7c627ea4c46f75bcec79e5669236e6b43657dcad099e1b9214527670e 2024-07-16
FileHash-SHA256 4064e4bb9a4254948047858301f2b75e276a878321b0cc02710e1738b42548ca 2024-07-16
FileHash-SHA256 424a9c85f97aa1aece9480bd658266c366a60ff1d62c31b87ddc15a1913c10e4 2024-07-16
FileHash-SHA256 53b4a4359757e7f4e83929fba459677e76340cbec7e2e1588bbf70a4df7b0e97 2024-07-16
FileHash-SHA256 55af6a90ac8863f27b3fcaa416a0f1e4ff02fb42aa46a7274c6b76aa000aacc2 2024-07-16
FileHash-SHA256 5df724c220aed7b4878a2a557502a5cefee736406e25ca48ca11a70608f3a1c0 2024-07-16
FileHash-SHA256 73c677dd3b264e7eb80e26e78ac9df1dba30915b5ce3b1bc1c83db52b9c6b30e 2024-07-16
FileHash-SHA256 7e14ca8cb7980e85aff4038f489442eace33530fd02e2b9c382a4b6907601bee 2024-07-16
FileHash-SHA256 7e6b04e17ae273700cef4dc08349af949dbd4d3418159d607529ae31285e18f7 2024-07-16
FileHash-SHA256 88788208316a6cf4025dbabbef703f51d77d475dc735bf826b8d4a13bbd6a3ee 2024-07-16
FileHash-SHA256 8fbd374d4659efdc5b5a57ff4168236aeaab6dae4af6b92d99ac28e05f04e5c1 2024-07-16
FileHash-SHA256 90f94d98386c179a1b98a1f082b0c7487b22403d8d5eb3db6828725d14392ded 2024-07-16
FileHash-SHA256 94278fa01900fdbfb58d2e373895c045c69c01915edc5349cd6f3e5b7130c472 2024-07-16
FileHash-SHA256 960d4c9e79e751be6cad470e4f8e1d3a2b11f76f47597df8619ae41c96ba5809 2024-07-16
FileHash-SHA256 a0968e820bbc5e099efd55143028b1997fd728d923c19af03a1ccec34ce73d9b 2024-07-16
FileHash-SHA256 b8703744744555ad841f922995cef5dbca11da22565195d05529f5f9095fbfca 2024-07-16
FileHash-SHA256 c23f17b92b13464a570f737a86c0960d5106868aaa5eac2f2bac573c3314eb0f 2024-07-16
FileHash-SHA256 c80c8dd7be3ccf18e327355b880afb5a24d5a0596939458fb13319e05c4d43e9 2024-07-16
FileHash-SHA256 c88453178f5f6aaab0cab2e126b0db27b25a5cfe6905914cc430f6f100b7675c 2024-07-16
FileHash-SHA256 e2810cca5d4b74e0fe04591743e67da483a053a8b06f3ef4a41bdabee9c48cf7 2024-07-16
FileHash-SHA256 e7896ccb82ae35e1ee5949b187839faab0b51221d510b25882bbe711e57c16d2 2024-07-16
FileHash-SHA256 f925d929602c9bae0a879bb54b08f5f387d908d4766506c880c5d29986320cf9 2024-07-16
FileHash-SHA256 fb58c54a6d0ed24e85b213f0c487f8df05e421d7b07bd2bece3a925a855be93a 2024-07-16
FileHash-SHA256 ff2ae62ba88e7068fa142bbe67d7b9398e8ae737a43cf36ace1fcf809776c909 2024-07-16
domain onlinemailerservices.com 2024-07-16
domain smartcloudcompany.com 2024-07-16
domain smtpcloudapp.com 2024-07-16
domain softwarehosts.com 2024-07-16
URL https://shorturl.at/NCxJk 2024-07-16
URL https://shorturl.at/bYqUx 2024-07-16
URL https://ws.onehub.com/files/bbmiio1c 2024-07-16
URL https://ws.onehub.com/files/zgov9aqy 2024-07-16
hostname airpaz.egnyte.com 2024-07-16
hostname airpazfly.egnyte.com 2024-07-16
hostname airpazflys.egnyte.com 2024-07-16
hostname alkan.egnyte.com 2024-07-16
hostname alltrans.egnyte.com 2024-07-16
hostname bgu.egnyte.com 2024-07-16
hostname cairoairport.egnyte.com 2024-07-16
hostname cnsmportal.egnyte.com 2024-07-16
hostname downloadfile.egnyte.com 2024-07-16
hostname fbcsoft.egnyte.com 2024-07-16
hostname filecloud.egnyte.com 2024-07-16
hostname fileuploadcloud.egnyte.com 2024-07-16
hostname gcare.egnyte.com 2024-07-16
hostname getter.egnyte.com 2024-07-16
hostname kinneretacil.egnyte.com 2024-07-16
hostname ksa1.egnyte.com 2024-07-16
hostname megolan.egnyte.com 2024-07-16
hostname nour.egnyte.com 2024-07-16
hostname rimonnet.egnyte.com 2024-07-16
hostname salary.egnyte.com 2024-07-16
hostname silbermintz1.egnyte.com 2024-07-16
hostname ws.onehub.com 2024-07-16
References (1)
↗ https://research.checkpoint.com/2024/new-bugsleep-backdoor-deployed-in-recent-muddywater-campaigns/