← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
IOC - Operation MotorBeacon : Threat Actor targets Russian Automotive Sector using .NET Implant
SEQRITE Labs Research Team has recently uncovered a campaign which involves targeting Russian Automobile-Commerce industry which involves commercial as well as automobile oriented transactions , we saw the use of unknown .NET malware which we have dubbed as CAPI Backdoor.
In this blog, we will explore the technical details of this campaign we encountered during our initial analysis and examine the various stages of the infection chain, starting with a deep dive into the decoy document, to analyzing the CAPI Backdoor. we will then look into the infrastructure along with the common tactics , techniques and procedures (TTPs).
Indicators of Compromise (11)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| FileHash-MD5 | 957b34952d92510e95df02e3600b8b21 | — | 2025-10-22 | |
| FileHash-MD5 | c0adfd84dfae8880ff6fd30748150d32 | — | 2025-10-22 | |
| FileHash-MD5 | c6a6fcec59e1eaf1ea3f4d046ee72ffe | — | 2025-10-22 | |
| FileHash-SHA1 | d79cf0c0555384e108c267631f6f40073944fb63 | SHA1 of c0adfd84dfae8880ff6fd30748150d32 | 2025-10-22 | |
| FileHash-SHA1 | d90fea97f9d9d93a8ea305d711fdf3ce3b3433db | SHA1 of c6a6fcec59e1eaf1ea3f4d046ee72ffe | 2025-10-22 | |
| FileHash-SHA1 | dfbcac6785b545c2eecdaf72b77e2d8cef8749ef | SHA1 of 957b34952d92510e95df02e3600b8b21 | 2025-10-22 | |
| FileHash-SHA256 | 4ee6b5b70dda69cb36acb7a246226093072111a7b40cb3790c2f68167765002a | SHA256 of 957b34952d92510e95df02e3600b8b21 | 2025-10-22 | |
| FileHash-SHA256 | 7408aed34c4f0df30a3fea3300379a4917849c6277e6dc1a2a0924021c47b73f | SHA256 of c0adfd84dfae8880ff6fd30748150d32 | 2025-10-22 | |
| FileHash-SHA256 | 7b53e13f0431a8c785a7b65440e53db716aa8ce2575927e2fa4f4c4b0eb75490 | SHA256 of c6a6fcec59e1eaf1ea3f4d046ee72ffe | 2025-10-22 | |
| URL | https://carprlce.ru | — | 2025-10-22 | |
| domain | carprlce.ru | — | 2025-10-22 |