Pulse Detail — Threat Intelligence

PULSE NAME

FINALDRAFT Malware Abuses Outlook for C2 Communications

WHITE Superpro 2025-02-17 Modified: 2025-03-19

IOCs

HIGH VOLUME

A newly discovered cyber espionage campaign has been linked to a threat group known as REF7707, which has been targeting government and academic institutions since November 2024. Researchers said the attackers infiltrated a foreign ministry in South America, along with a university and a telecom company in Southeast Asia, using advanced malware with remote access capabilities.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1059 T1189 T1547 T1102 T1105 T1055

MALWARE FAMILIES

C:\\Windows\\system32\\net1 PATHLOADER FINALDRAFT

Indicators of Compromise (72)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	170af43327faff550f8a4b9b28986951	MD5 of 41141e3bdde2a7aebf329ec546745149144eff584b7fe878da7a2ad8391017b9	2025-02-17
FileHash-MD5	3eba3860c1983d183a1c984957dc4b6a	MD5 of f29779049f1fc2d45e43d866a845c45dc9aed6c2d9bbf99a8b1bdacfac2d52f2	2025-02-17
FileHash-MD5	3fd5aae11b1b05480a5d76119dc6ab2b	MD5 of cffca467b6ff4dee8391c68650a53f4f3828a0b5a31a9aa501d2272b683205f9	2025-02-17
FileHash-MD5	4433cdf3fe6c47567f65717ad57b0271	MD5 of 41a3a518cc8abad677bb2723e05e2f052509a6f33ea75f32bd6603c96b721081	2025-02-17
FileHash-MD5	456ba9f5ca408adeb3cb8bc550cb2642	MD5 of 7cd14d3e564a68434e3b705db41bddeb51dbb7d5425fd901c5ec904dbb7b6af0	2025-02-17
FileHash-MD5	54c4d47332ebc8bd2505d6e7638717bc	MD5 of 39e85de1b1121dc38a33eca97c41dbd9210124162c6d669d28480c833e059530	2025-02-17
FileHash-MD5	65ae4161def9ed1b39e25627b91842c4	MD5 of 33f3a8ef2c5fbd45030385b634e40eaa264acbaeb7be851cbf04b62bbe575e75	2025-02-17
FileHash-MD5	764a838236f5dceb3d199059ad36311e	MD5 of 83406905710e52f6af35b4b3c27549a12c28a628c492429d3a411fdb2d28cc8c	2025-02-17
FileHash-MD5	77cb2b8cd04aa216fd973f303d7a8529	MD5 of f90420847e1f2378ac8c52463038724533a9183f02ce9ad025a6a10fd4327f12	2025-02-17
FileHash-MD5	92306905be5b717654d5b105cd506bdd	MD5 of 9a11d6fcf76583f7f70ff55297fb550fed774b61f35ee2edd95cf6f959853bcf	2025-02-17
FileHash-MD5	a9d0f588f1b0f88c5a5036bc5bf2e09e	MD5 of f45661ea4959a944ca2917454d1314546cc0c88537479e00550eef05bed5b1b9	2025-02-17
FileHash-MD5	af467873080447ac8d74f24bb840856f	MD5 of d9fc1cab72d857b1e4852d414862ed8eab1d42960c1fd643985d352c148a6461	2025-02-17
FileHash-MD5	bd0a52ec500758aa4fe6b8179aef802f	MD5 of 842d6ddb7b26fdb1656235293ebf77c683608f8f312ed917074b30fbd5e8b43d	2025-02-17
FileHash-MD5	bd52ff8495cfbbd05ff730d1681a7aa5	MD5 of 49e383ab6d092ba40e12a255e37ba7997f26239f82bebcd28efaa428254d30e1	2025-02-17
FileHash-MD5	d73ae7caf10dfe376c9df21c512248ee	MD5 of 20508edac0ca872b7977d1d2b04425aaa999ecf0b8d362c0400abb58bd686f92	2025-02-17
FileHash-MD5	e541e53a9ae1f0b5a3a8bb9b263dd906	MD5 of 5e3dbfd543909ff09e343339e4e64f78c874641b4fe9d68367c4d1024fe79249	2025-02-17
FileHash-MD5	eb80f68daaf06c460c06395bca0c6d8b	MD5 of 17b2c6723c11348ab438891bc52d0b29f38fc435c6ba091d4464f9f2a1b926e0	2025-02-17
FileHash-SHA1	1cefc829f089bb696253e16659e05f53d83a9aed	SHA1 of 41a3a518cc8abad677bb2723e05e2f052509a6f33ea75f32bd6603c96b721081	2025-02-17
FileHash-SHA1	2fdea656bf50277c8d728e1a005bf1e5157c68d0	SHA1 of 83406905710e52f6af35b4b3c27549a12c28a628c492429d3a411fdb2d28cc8c	2025-02-17
FileHash-SHA1	465f35c8a865b5904474bef9be163e680549f360	SHA1 of cffca467b6ff4dee8391c68650a53f4f3828a0b5a31a9aa501d2272b683205f9	2025-02-17
FileHash-SHA1	549c567cd32a562eaba15fe17ba71ce68cf0228c	SHA1 of f29779049f1fc2d45e43d866a845c45dc9aed6c2d9bbf99a8b1bdacfac2d52f2	2025-02-17
FileHash-SHA1	57868094d1ff07648505e212112444677e4ee9dd	SHA1 of f90420847e1f2378ac8c52463038724533a9183f02ce9ad025a6a10fd4327f12	2025-02-17
FileHash-SHA1	684965930085ff2fef3bb5c5ea20347bbed35cd7	SHA1 of 20508edac0ca872b7977d1d2b04425aaa999ecf0b8d362c0400abb58bd686f92	2025-02-17
FileHash-SHA1	73ebce02a2484cf61681fb47d8c002e8de7762f8	SHA1 of 17b2c6723c11348ab438891bc52d0b29f38fc435c6ba091d4464f9f2a1b926e0	2025-02-17
FileHash-SHA1	7cf31f888d164af7a7e59fbcabde2536cc529875	SHA1 of 41141e3bdde2a7aebf329ec546745149144eff584b7fe878da7a2ad8391017b9	2025-02-17
FileHash-SHA1	a1376a0760c0c327c2ff370cecdf755dfa53eca5	SHA1 of f45661ea4959a944ca2917454d1314546cc0c88537479e00550eef05bed5b1b9	2025-02-17
FileHash-SHA1	a7da4db0635a6c5cfde871a852fb4e6f02089987	SHA1 of 7cd14d3e564a68434e3b705db41bddeb51dbb7d5425fd901c5ec904dbb7b6af0	2025-02-17
FileHash-SHA1	c2c64b44657cca3918679ff9f9eca3e684afdd0c	SHA1 of d9fc1cab72d857b1e4852d414862ed8eab1d42960c1fd643985d352c148a6461	2025-02-17
FileHash-SHA1	c2e0559907bd721a050a9fee4448d062f5edf237	SHA1 of 9a11d6fcf76583f7f70ff55297fb550fed774b61f35ee2edd95cf6f959853bcf	2025-02-17
FileHash-SHA1	c9571f13368844786c7bcb104d9bca2631e006b0	SHA1 of 33f3a8ef2c5fbd45030385b634e40eaa264acbaeb7be851cbf04b62bbe575e75	2025-02-17
FileHash-SHA1	d37b7556accb08c994db1041b2e63d1bbe8b6866	SHA1 of 5e3dbfd543909ff09e343339e4e64f78c874641b4fe9d68367c4d1024fe79249	2025-02-17
FileHash-SHA1	d5183dde7ed7477e72998add497f4514352c1be3	SHA1 of 49e383ab6d092ba40e12a255e37ba7997f26239f82bebcd28efaa428254d30e1	2025-02-17
FileHash-SHA1	d79d5b7742dd848f35424df325610b2e8a8761eb	SHA1 of 39e85de1b1121dc38a33eca97c41dbd9210124162c6d669d28480c833e059530	2025-02-17
FileHash-SHA1	fd56b6ff51331b5746e0ce03ea1bfbd8564fd135	SHA1 of 842d6ddb7b26fdb1656235293ebf77c683608f8f312ed917074b30fbd5e8b43d	2025-02-17
FileHash-SHA256	08331f33d196ced23bb568689c950b39ff7734b7461d9501c404e2b1dc298cc1	—	2025-02-17
FileHash-SHA256	17b2c6723c11348ab438891bc52d0b29f38fc435c6ba091d4464f9f2a1b926e0	—	2025-02-17
FileHash-SHA256	20508edac0ca872b7977d1d2b04425aaa999ecf0b8d362c0400abb58bd686f92	—	2025-02-17
FileHash-SHA256	33f3a8ef2c5fbd45030385b634e40eaa264acbaeb7be851cbf04b62bbe575e75	—	2025-02-17
FileHash-SHA256	39e85de1b1121dc38a33eca97c41dbd9210124162c6d669d28480c833e059530	—	2025-02-17
FileHash-SHA256	41141e3bdde2a7aebf329ec546745149144eff584b7fe878da7a2ad8391017b9	—	2025-02-17
FileHash-SHA256	41a3a518cc8abad677bb2723e05e2f052509a6f33ea75f32bd6603c96b721081	—	2025-02-17
FileHash-SHA256	49e383ab6d092ba40e12a255e37ba7997f26239f82bebcd28efaa428254d30e1	—	2025-02-17
FileHash-SHA256	5e3dbfd543909ff09e343339e4e64f78c874641b4fe9d68367c4d1024fe79249	—	2025-02-17
FileHash-SHA256	6d79dfb00da88bb20770ffad636c884bad515def4f8e97e9a9d61473297617e3	—	2025-02-17
FileHash-SHA256	7cd14d3e564a68434e3b705db41bddeb51dbb7d5425fd901c5ec904dbb7b6af0	—	2025-02-17
FileHash-SHA256	83406905710e52f6af35b4b3c27549a12c28a628c492429d3a411fdb2d28cc8c	—	2025-02-17
FileHash-SHA256	842d6ddb7b26fdb1656235293ebf77c683608f8f312ed917074b30fbd5e8b43d	—	2025-02-17
FileHash-SHA256	9a11d6fcf76583f7f70ff55297fb550fed774b61f35ee2edd95cf6f959853bcf	—	2025-02-17
FileHash-SHA256	cffca467b6ff4dee8391c68650a53f4f3828a0b5a31a9aa501d2272b683205f9	—	2025-02-17
FileHash-SHA256	d9fc1cab72d857b1e4852d414862ed8eab1d42960c1fd643985d352c148a6461	—	2025-02-17
FileHash-SHA256	f29779049f1fc2d45e43d866a845c45dc9aed6c2d9bbf99a8b1bdacfac2d52f2	—	2025-02-17
FileHash-SHA256	f45661ea4959a944ca2917454d1314546cc0c88537479e00550eef05bed5b1b9	—	2025-02-17
FileHash-SHA256	f90420847e1f2378ac8c52463038724533a9183f02ce9ad025a6a10fd4327f12	—	2025-02-17
URL	https://mrd0x.com/the-power-of-cdb-debugging-tool/	—	2025-02-17
URL	https://support.vmphere.com	—	2025-02-17
domain	autodiscovar.com	—	2025-02-17
domain	checkponit.com	—	2025-02-17
domain	d-links.net	—	2025-02-17
domain	hobiter.com	—	2025-02-17
domain	ictnsc.com	—	2025-02-17
domain	mrd0x.com	—	2025-02-17
domain	vm-clouds.net	—	2025-02-17
domain	vmphere.com	—	2025-02-17
hostname	cloud.autodiscovar.com	—	2025-02-17
hostname	digert.ictnsc.com	—	2025-02-17
hostname	ict.ictnsc.com	—	2025-02-17
hostname	pol.vm-clouds.net	—	2025-02-17
hostname	poster.checkponit.com	—	2025-02-17
hostname	support.fortineat.com	—	2025-02-17
hostname	support.vmphere.com	—	2025-02-17
hostname	update.hobiter.com	—	2025-02-17
hostname	www.exploit-monday.com	—	2025-02-17

References (1)

↗ https://www.elastic.co/security-labs/fragile-web-ref7707