← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Separating the bee from the panda: CeranaKeeper making a beeline for Thailand
WHITE AlienVault 2024-10-03 Modified: 2024-11-02
16
IOCs
MEDIUM VOLUME
This intelligence report details a sophisticated malware campaign targeting multiple industries across various countries. The threat actor employs advanced tactics, techniques, and procedures (TTPs) to infiltrate networks, maintain persistence, and exfiltrate sensitive data. The malware used in this campaign is highly modular and adaptable, allowing the attackers to customize their approach for each target. The report highlights the use of social engineering, exploits for known vulnerabilities, and custom-built tools to achieve their objectives. It also provides indicators of compromise (IoCs) and recommendations for detection and mitigation.
custom malwaremulti-industry targetingpersistence techniquesadvanced persistent threatsocial engineeringdata exfiltrationnetwork infiltration
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (16)
All domain hostname FileHash-MD5 FileHash-SHA1 FileHash-SHA256
TYPEINDICATORDESCRIPTIONCREATED
domain dljmp2p.com 2024-10-03
domain inly5sf.com 2024-10-03
hostname www.dl6yfsl.com 2024-10-03
hostname www.toptipvideo.com 2024-10-03
hostname www.uvfr4ep.com 2024-10-03
FileHash-MD5 2b65b74e52fbf25cb400dbdfcd1a06a7 MD5 of dafad19900fff383c2790e017c958a1e92e84f7bb159a2a7136923b715a4c94f 2024-10-04
FileHash-SHA1 322eb20377dbdb4acb3067a4f2aaa47631ca5ed5 SHA1 of dafad19900fff383c2790e017c958a1e92e84f7bb159a2a7136923b715a4c94f 2024-10-04
FileHash-SHA256 24e12b8b1255df4e6619ed1a6ae1c75b17341eef7418450e661b74b144570017 2024-10-04
FileHash-SHA256 3f81d1e70d9ee39c83b582ac3bcc1cdfe038f5da31331cdbcd4ff1a2d15bb7c8 2024-10-04
FileHash-SHA256 451ee465675e674cebe3c42ed41356ae2c972703e1dc7800a187426a6b34efdc 2024-10-04
FileHash-SHA256 6655c5686b9b0292cf5121fc6346341bb888704b421a85a15011456a9a2c192a 2024-10-04
FileHash-SHA256 b15ba83681c4d2c2716602615288b7e64a1d4a9f4805779cebdf5e6c2399afb5 2024-10-04
FileHash-SHA256 b25c79ba507a256c9ca12a9bd34def6a33f9c087578c03d083d7863c708eca21 2024-10-04
FileHash-SHA256 dafad19900fff383c2790e017c958a1e92e84f7bb159a2a7136923b715a4c94f 2024-10-04
FileHash-SHA256 e6ab24b826c034a6d9e152673b91159201577a3a9d626776f95222f01b7c21db 2024-10-04
FileHash-SHA256 e7b6164b6ec7b7552c93713403507b531f625a8c64d36b60d660d66e82646696 2024-10-04
References (1)
↗ https://www.welivesecurity.com/en/eset-research/separating-bee-panda-ceranakeeper-making-beeline-thailand/