Pulse Detail — Threat Intelligence

PULSE NAME

Separating the bee from the panda: CeranaKeeper making a beeline for Thailand

WHITE CyberHunter_NL 2024-10-03 Modified: 2024-11-02

IOCs

MEDIUM VOLUME

A new China-aligned advanced persistent threat group, CeranaKeeper, is targeting government institutions in Thailand, according to ESET Research. the research firm's findings in a white paper and blogpost.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1005 T1036 T1039 T1071 T1072 T1074 T1090 T1102 T1132 T1140 T1547 T1560 T1567 T1573 T1574 T1583 T1585 T1587 T1110 T1176 T1083 T1027 T1566 T1530 T1059

MALWARE FAMILIES

PixelDrain OneDoor AGP WavyExfiller PixelDrain TONESHELL C++ DropboxFlop TONEINS Python BingoShell

Indicators of Compromise (30)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	01577a3a9d626776f95222f01b7c21db	—	2024-10-03
FileHash-MD5	17341eef7418450e661b74b144570017	—	2024-10-03
FileHash-MD5	1f625a8c64d36b60d660d66e82646696	—	2024-10-03
FileHash-MD5	24e12b8b1255df4e6619ed1a6ae1c75b	—	2024-10-03
FileHash-MD5	2b65b74e52fbf25cb400dbdfcd1a06a7	MD5 of dafad19900fff383c2790e017c958a1e92e84f7bb159a2a7136923b715a4c94f	2024-10-03
FileHash-MD5	2c972703e1dc7800a187426a6b34efdc	—	2024-10-03
FileHash-MD5	33f9c087578c03d083d7863c708eca21	—	2024-10-03
FileHash-MD5	3f81d1e70d9ee39c83b582ac3bcc1cdf	—	2024-10-03
FileHash-MD5	451ee465675e674cebe3c42ed41356ae	—	2024-10-03
FileHash-MD5	4a1d4a9f4805779cebdf5e6c2399afb5	—	2024-10-03
FileHash-MD5	6655c5686b9b0292cf5121fc6346341b	—	2024-10-03
FileHash-MD5	92e84f7bb159a2a7136923b715a4c94f	—	2024-10-03
FileHash-MD5	b15ba83681c4d2c2716602615288b7e6	—	2024-10-03
FileHash-MD5	b25c79ba507a256c9ca12a9bd34def6a	—	2024-10-03
FileHash-MD5	b888704b421a85a15011456a9a2c192a	—	2024-10-03
FileHash-MD5	dafad19900fff383c2790e017c958a1e	—	2024-10-03
FileHash-MD5	e038f5da31331cdbcd4ff1a2d15bb7c8	—	2024-10-03
FileHash-MD5	e6ab24b826c034a6d9e152673b911592	—	2024-10-03
FileHash-MD5	e7b6164b6ec7b7552c93713403507b53	—	2024-10-03
FileHash-SHA1	322eb20377dbdb4acb3067a4f2aaa47631ca5ed5	SHA1 of dafad19900fff383c2790e017c958a1e92e84f7bb159a2a7136923b715a4c94f	2024-10-03
FileHash-SHA256	24e12b8b1255df4e6619ed1a6ae1c75b17341eef7418450e661b74b144570017	—	2024-10-03
FileHash-SHA256	3f81d1e70d9ee39c83b582ac3bcc1cdfe038f5da31331cdbcd4ff1a2d15bb7c8	—	2024-10-03
FileHash-SHA256	451ee465675e674cebe3c42ed41356ae2c972703e1dc7800a187426a6b34efdc	—	2024-10-03
FileHash-SHA256	dafad19900fff383c2790e017c958a1e92e84f7bb159a2a7136923b715a4c94f	—	2024-10-03
FileHash-SHA256	e7b6164b6ec7b7552c93713403507b531f625a8c64d36b60d660d66e82646696	—	2024-10-03
domain	dljmp2p.com	—	2024-10-03
domain	inly5sf.com	—	2024-10-03
hostname	www.dl6yfsl.com	—	2024-10-03
hostname	www.toptipvideo.com	—	2024-10-03
hostname	www.uvfr4ep.com	—	2024-10-03

References (1)

↗ https://www.welivesecurity.com/en/eset-research/separating-bee-panda-ceranakeeper-making-beeline-thailand/