← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
From South America to Southeast Asia: The Fragile Web of REF7707 — Elastic Security Labs
WHITE CyberHunter_NL 2025-02-14 Modified: 2025-03-16
72
IOCs
HIGH VOLUME
A detailed analysis of the malware used to infiltrate a foreign ministry in South America, as part of a multi-million dollar cyber-attack, reveals details about the operation, the tactics and infrastructure used by the attackers.
finaldraftref7707virustotalguidloadermicrosoftlabspathloadersoutheast asiawindowssecurity labsaugustpowershellsiestagraphmalwareagentpersistencehongfebruaryc:\\windows\\system32\\net1
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
C:\\Windows\\system32\\net1 PATHLOADER FINALDRAFT
Indicators of Compromise (17 / 72 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 170af43327faff550f8a4b9b28986951 MD5 of 41141e3bdde2a7aebf329ec546745149144eff584b7fe878da7a2ad8391017b9 2025-02-14
FileHash-MD5 3eba3860c1983d183a1c984957dc4b6a MD5 of f29779049f1fc2d45e43d866a845c45dc9aed6c2d9bbf99a8b1bdacfac2d52f2 2025-02-14
FileHash-MD5 3fd5aae11b1b05480a5d76119dc6ab2b MD5 of cffca467b6ff4dee8391c68650a53f4f3828a0b5a31a9aa501d2272b683205f9 2025-02-14
FileHash-MD5 4433cdf3fe6c47567f65717ad57b0271 MD5 of 41a3a518cc8abad677bb2723e05e2f052509a6f33ea75f32bd6603c96b721081 2025-02-14
FileHash-MD5 456ba9f5ca408adeb3cb8bc550cb2642 MD5 of 7cd14d3e564a68434e3b705db41bddeb51dbb7d5425fd901c5ec904dbb7b6af0 2025-02-14
FileHash-MD5 54c4d47332ebc8bd2505d6e7638717bc MD5 of 39e85de1b1121dc38a33eca97c41dbd9210124162c6d669d28480c833e059530 2025-02-14
FileHash-MD5 65ae4161def9ed1b39e25627b91842c4 MD5 of 33f3a8ef2c5fbd45030385b634e40eaa264acbaeb7be851cbf04b62bbe575e75 2025-02-14
FileHash-MD5 764a838236f5dceb3d199059ad36311e MD5 of 83406905710e52f6af35b4b3c27549a12c28a628c492429d3a411fdb2d28cc8c 2025-02-14
FileHash-MD5 77cb2b8cd04aa216fd973f303d7a8529 MD5 of f90420847e1f2378ac8c52463038724533a9183f02ce9ad025a6a10fd4327f12 2025-02-14
FileHash-MD5 92306905be5b717654d5b105cd506bdd MD5 of 9a11d6fcf76583f7f70ff55297fb550fed774b61f35ee2edd95cf6f959853bcf 2025-02-14
FileHash-MD5 a9d0f588f1b0f88c5a5036bc5bf2e09e MD5 of f45661ea4959a944ca2917454d1314546cc0c88537479e00550eef05bed5b1b9 2025-02-14
FileHash-MD5 af467873080447ac8d74f24bb840856f MD5 of d9fc1cab72d857b1e4852d414862ed8eab1d42960c1fd643985d352c148a6461 2025-02-14
FileHash-MD5 bd0a52ec500758aa4fe6b8179aef802f MD5 of 842d6ddb7b26fdb1656235293ebf77c683608f8f312ed917074b30fbd5e8b43d 2025-02-14
FileHash-MD5 bd52ff8495cfbbd05ff730d1681a7aa5 MD5 of 49e383ab6d092ba40e12a255e37ba7997f26239f82bebcd28efaa428254d30e1 2025-02-14
FileHash-MD5 d73ae7caf10dfe376c9df21c512248ee MD5 of 20508edac0ca872b7977d1d2b04425aaa999ecf0b8d362c0400abb58bd686f92 2025-02-14
FileHash-MD5 e541e53a9ae1f0b5a3a8bb9b263dd906 MD5 of 5e3dbfd543909ff09e343339e4e64f78c874641b4fe9d68367c4d1024fe79249 2025-02-14
FileHash-MD5 eb80f68daaf06c460c06395bca0c6d8b MD5 of 17b2c6723c11348ab438891bc52d0b29f38fc435c6ba091d4464f9f2a1b926e0 2025-02-14
References (1)
↗ https://www.elastic.co/security-labs/fragile-web-ref7707?utm_source=organic-social&utm_medium=twitter&utm_campaign=esl:_threat_research_esl_blog_post&utm_content=16121679496&linkId=746103721