← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkit
WHITE CyberHunter_NL 2026-02-04 Modified: 2026-03-06
61
IOCs
HIGH VOLUME
Chinese hackers used a previously undocumented custom backdoor to deliver shellcode to victims of a targeted espionage campaign, according to Rapid7 Labs and the Rapid 7 MDR team, who have uncovered a new type of malicious implant.
cybersecurity companymanaged detection and responseexposure managementmanaged security solutionsvulnerability managementexposure assessment platformchrysaliskhtmlgeckorapid7cobalt strikewizardapiscs beaconlotus blossomgetprocaddresswin64metasploitcrazyloadernsisconfigserviceshellcodeexecutionfebruarychinese
MITRE ATT&CK & Malware Families
MALWARE FAMILIES
Chinese Cobalt Strike Chrysalis
Indicators of Compromise (61)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 869b85d8004b64fbef4d4ae9d4b20f00 MD5 of a511be5164dc1122fb5a7daa3eef9467e43d8458425b15a640235796006590c9 2026-02-04
FileHash-SHA1 d7ffd7b588880cf61b603346a3557e7cce648c93 SHA1 of a511be5164dc1122fb5a7daa3eef9467e43d8458425b15a640235796006590c9 2026-02-04
FileHash-SHA256 a511be5164dc1122fb5a7daa3eef9467e43d8458425b15a640235796006590c9 2026-02-04
FileHash-MD5 0a77eecbd9bf6aa33671d3f04ef94ad5 MD5 of 078a9e5c6c787e5532a7e728720cbafee9021bfec4a30e3c2be110748d7c43c5 2026-02-04
FileHash-MD5 170e8c92111a6234c3d663e9a35f7f86 MD5 of 831e1ea13a1bd405f5bda2b9d8f2265f7b1db6c668dd2165ccc8a9c4c15ea7dd 2026-02-04
FileHash-MD5 28cb7b261f4eb97e8a4b3b0d32f8def1 MD5 of 2da00de67720f5f13b17e9d985fe70f10f153da60c9ab1086fe58f069a156924 2026-02-04
FileHash-MD5 2dc895d5611a149bfcc0d17c4f02d863 MD5 of 4a52570eeaf9d27722377865df312e295a7a23c3b6eb991944c2ecd707cc9906 2026-02-04
FileHash-MD5 32f3c40b0ed1c5cf23430be7f9eb7b06 MD5 of 3bdc4c0637591533f1d4198a72a33426c01f69bd2e15ceee547866f65e26b7ad 2026-02-04
FileHash-MD5 55921689bddd723f95f1a1e9b8f782e2 MD5 of 77bfea78def679aa1117f569a35e8fd1542df21f7e00e27f192c907e61d63a2e 2026-02-04
FileHash-MD5 6aed7e49bd6c10c4eaee34f8c0eaa055 MD5 of e7cd605568c38bd6e0aba31045e1633205d0598c607a855e2e1bca4cca1c6eda 2026-02-04
FileHash-MD5 b524722db5a0f45718394b1217f02138 MD5 of 4c2ea8193f4a5db63b897a2d3ce127cc5d89687f380b97a1d91e0c8db542e4f8 2026-02-04
FileHash-MD5 b528771daa269af307e87f73016d6d49 MD5 of 8ea8b83645fba6e23d48075a0d3fc73ad2ba515b4536710cda4f1f232718f53e 2026-02-04
FileHash-MD5 c1b1cad9e7afabfacd8988c2a6182a20 MD5 of b4169a831292e245ebdffedd5820584d73b129411546e7d3eccf4663d5fc5be3 2026-02-04
FileHash-MD5 cf51dbe3926ba5e288fee3f17ef73aa7 MD5 of 7add554a98d3a99b319f2127688356c1283ed073a084805f14e33b4f6a6126fd 2026-02-04
FileHash-MD5 e776de5a5ab104ba814d6a70c27ecc42 MD5 of fcc2765305bcd213b7558025b2039df2265c3e0b6401e4833123c461df2de51a 2026-02-04
FileHash-MD5 f82649cd2916cf2f28cf450a7c1ca51f MD5 of 0a9b8df968df41920b6ff07785cbfebe8bda29e6b512c94a3b2a83d10014d2fd 2026-02-04
FileHash-SHA1 07d2a01e1dc94d59d5ca3bdf0c7848553ae91a51 SHA1 of 078a9e5c6c787e5532a7e728720cbafee9021bfec4a30e3c2be110748d7c43c5 2026-02-04
FileHash-SHA1 21a942273c14e4b9d3faa58e4de1fd4d5014a1ed SHA1 of 2da00de67720f5f13b17e9d985fe70f10f153da60c9ab1086fe58f069a156924 2026-02-04
FileHash-SHA1 3090ecf034337857f786084fb14e63354e271c5d SHA1 of b4169a831292e245ebdffedd5820584d73b129411546e7d3eccf4663d5fc5be3 2026-02-04
FileHash-SHA1 73d9d0139eaf89b7df34ceeb60e5f8c7cd2463bf SHA1 of 4a52570eeaf9d27722377865df312e295a7a23c3b6eb991944c2ecd707cc9906 2026-02-04
FileHash-SHA1 7e0790226ea461bcc9ecd4be3c315ace41e1c122 SHA1 of 77bfea78def679aa1117f569a35e8fd1542df21f7e00e27f192c907e61d63a2e 2026-02-04
FileHash-SHA1 813ace987a61af909c053607635489ee984534f4 SHA1 of 4c2ea8193f4a5db63b897a2d3ce127cc5d89687f380b97a1d91e0c8db542e4f8 2026-02-04
FileHash-SHA1 94dffa9de5b665dc51bc36e2693b8a3a0a4cc6b8 SHA1 of 8ea8b83645fba6e23d48075a0d3fc73ad2ba515b4536710cda4f1f232718f53e 2026-02-04
FileHash-SHA1 9c0eff4deeb626730ad6a05c85eb138df48372ce SHA1 of fcc2765305bcd213b7558025b2039df2265c3e0b6401e4833123c461df2de51a 2026-02-04
FileHash-SHA1 9fbf2195dee991b1e5a727fd51391dcc2d7a4b16 SHA1 of e7cd605568c38bd6e0aba31045e1633205d0598c607a855e2e1bca4cca1c6eda 2026-02-04
FileHash-SHA1 bd4915b3597942d88f319740a9b803cc51585c4a SHA1 of 831e1ea13a1bd405f5bda2b9d8f2265f7b1db6c668dd2165ccc8a9c4c15ea7dd 2026-02-04
FileHash-SHA1 c68d09dd50e357fd3de17a70b7724f8949441d77 SHA1 of 0a9b8df968df41920b6ff07785cbfebe8bda29e6b512c94a3b2a83d10014d2fd 2026-02-04
FileHash-SHA1 d0662eadbe5ba92acbd3485d8187112543bcfbf5 SHA1 of 7add554a98d3a99b319f2127688356c1283ed073a084805f14e33b4f6a6126fd 2026-02-04
FileHash-SHA1 f7910d943a013eede24ac89d6388c1b98f8b3717 SHA1 of 3bdc4c0637591533f1d4198a72a33426c01f69bd2e15ceee547866f65e26b7ad 2026-02-04
FileHash-SHA256 078a9e5c6c787e5532a7e728720cbafee9021bfec4a30e3c2be110748d7c43c5 2026-02-04
FileHash-SHA256 0a9b8df968df41920b6ff07785cbfebe8bda29e6b512c94a3b2a83d10014d2fd 2026-02-04
FileHash-SHA256 2da00de67720f5f13b17e9d985fe70f10f153da60c9ab1086fe58f069a156924 2026-02-04
FileHash-SHA256 3bdc4c0637591533f1d4198a72a33426c01f69bd2e15ceee547866f65e26b7ad 2026-02-04
FileHash-SHA256 4a52570eeaf9d27722377865df312e295a7a23c3b6eb991944c2ecd707cc9906 2026-02-04
FileHash-SHA256 4c2ea8193f4a5db63b897a2d3ce127cc5d89687f380b97a1d91e0c8db542e4f8 2026-02-04
FileHash-SHA256 77bfea78def679aa1117f569a35e8fd1542df21f7e00e27f192c907e61d63a2e 2026-02-04
FileHash-SHA256 7add554a98d3a99b319f2127688356c1283ed073a084805f14e33b4f6a6126fd 2026-02-04
FileHash-SHA256 831e1ea13a1bd405f5bda2b9d8f2265f7b1db6c668dd2165ccc8a9c4c15ea7dd 2026-02-04
FileHash-SHA256 8ea8b83645fba6e23d48075a0d3fc73ad2ba515b4536710cda4f1f232718f53e 2026-02-04
FileHash-SHA256 9276594e73cda1c69b7d265b3f08dc8fa84bf2d6599086b9acc0bb3745146600 2026-02-04
FileHash-SHA256 b4169a831292e245ebdffedd5820584d73b129411546e7d3eccf4663d5fc5be3 2026-02-04
FileHash-SHA256 e7cd605568c38bd6e0aba31045e1633205d0598c607a855e2e1bca4cca1c6eda 2026-02-04
FileHash-SHA256 f4d829739f2d6ba7e3ede83dad428a0ced1a703ec582fc73a4eee3df3704629a 2026-02-04
FileHash-SHA256 fcc2765305bcd213b7558025b2039df2265c3e0b6401e4833123c461df2de51a 2026-02-04
URL http://124.222.137.114:9999/3yZR31VK 2026-02-04
URL http://124.222.137.114:9999/api/Info/submit 2026-02-04
URL http://124.222.137.114:9999/api/updateStatus/v1 2026-02-04
URL http://134.0.0.0 2026-02-04
URL http://59.110.7.32:8880/api/Metadata/submit 2026-02-04
URL http://59.110.7.32:8880/api/getBasicInfo/v1 2026-02-04
URL http://59.110.7.32:8880/uffhxpSy 2026-02-04
URL http://95.179.213.0 2026-02-04
URL http://api.wiresguard.com/api/FileUpload/submit 2026-02-04
URL http://api.wiresguard.com/update/v1 2026-02-04
URL http://api.wiresguard.com/users/admin 2026-02-04
URL https://api.skycloudcenter.com/a/chat/s/70521ddf-a2ef-4adf-9cf0-6d8e24aaa821 2026-02-04
URL https://api.wiresguard.com/api/Info/submit 2026-02-04
URL https://api.wiresguard.com/api/getInfo/v1 2026-02-04
URL https://api.wiresguard.com/users/system 2026-02-04
hostname api.skycloudcenter.com 2026-02-04
hostname api.wiresguard.com 2026-02-04
References (1)
↗ https://www.rapid7.com/blog/post/tr-chrysalis-backdoor-dive-into-lotus-blossoms-toolkit/