Custom Arsenal Developed to Target Multiple Industries

Severity: mediumType: malwareCVE-2017-9805

Earth Lamia, an APT threat actor, has been targeting organizations in Brazil, India, and Southeast Asia since 2023. The group exploits web application vulnerabilities, particularly SQL injection, to gain access to targeted systems. They have developed custom tools like PULSEPACK backdoor and BypassBoss for privilege escalation. Earth Lamia's targets have shifted over time, initially focusing on financial services, then logistics and online retail, and recently IT companies, universities, and government organizations. The group employs various techniques including DLL sideloading, use of legitimate binaries, and development of modular backdoors. Earth Lamia's activities have been linked to other reported campaigns, suggesting a complex and evolving threat landscape.

AI Analysis

Technical Summary

Earth Lamia is an advanced persistent threat (APT) actor active since 2023, primarily targeting organizations across Brazil, India, and Southeast Asia. The group exploits web application vulnerabilities, with a notable emphasis on SQL injection attacks, to gain initial access to targeted systems. Their arsenal includes custom-developed malware such as the PULSEPACK backdoor and BypassBoss, which facilitate persistent access and privilege escalation respectively. Earth Lamia employs sophisticated techniques including DLL sideloading, leveraging legitimate binaries to evade detection, and modular backdoor architectures that allow flexible and adaptive operations. Their targeting has evolved over time, initially focusing on financial services, then expanding to logistics and online retail sectors, and more recently shifting towards IT companies, universities, and government organizations. The group’s tactics, techniques, and procedures (TTPs) align with multiple MITRE ATT&CK techniques such as T1053.005 (Scheduled Task/Job), T1592 (Gather Victim Host Information), T1587.001 (Develop Capabilities), T1140 (Deobfuscate/Decode Files or Information), and T1190 (Exploit Public-Facing Application), among others. Despite the lack of confirmed exploits in the wild for some referenced CVEs, the presence of multiple CVEs (including CVE-2017-9805 and several 2024-2025 vulnerabilities) suggests a broad exploitation scope. The group’s linkage to other campaigns and use of tools like Cobalt Strike and Brute Ratel further indicate a complex and evolving threat landscape with significant operational capabilities. The threat actor’s Chinese nexus and multi-industry targeting underscore a strategic intent to infiltrate diverse sectors for espionage or disruption purposes.

Potential Impact

For European organizations, Earth Lamia’s activities pose a significant risk due to the group’s demonstrated ability to exploit web application vulnerabilities and escalate privileges using custom tools. The modular and stealthy nature of their malware, combined with DLL sideloading and legitimate binary abuse, complicates detection and response efforts. European entities in financial services, logistics, retail, IT, academia, and government sectors could face data breaches, intellectual property theft, operational disruption, and potential espionage. The exploitation of SQL injection vulnerabilities could lead to unauthorized data access or manipulation, undermining confidentiality and integrity. Privilege escalation tools like BypassBoss increase the risk of lateral movement and deeper network compromise. Given the group’s evolving targeting patterns and sophisticated toolset, European organizations may experience prolonged undetected intrusions, leading to reputational damage, regulatory penalties under GDPR, and financial losses. The absence of known exploits in the wild does not diminish the threat, as the group’s capabilities and history suggest a high potential for future exploitation within Europe, especially as attackers often adapt tools and techniques to new environments.

Mitigation Recommendations

European organizations should implement a multi-layered defense strategy tailored to the specific tactics employed by Earth Lamia. First, rigorous web application security testing and immediate remediation of SQL injection vulnerabilities are critical, including the use of parameterized queries and web application firewalls (WAFs) with tailored rulesets. Deploy advanced endpoint detection and response (EDR) solutions capable of identifying DLL sideloading and anomalous use of legitimate binaries. Network segmentation and strict access controls can limit lateral movement post-compromise. Privilege management should enforce least privilege principles and monitor for unusual privilege escalation attempts, potentially using behavioral analytics. Regular threat hunting exercises focused on indicators of compromise related to PULSEPACK, BypassBoss, and Cobalt Strike should be conducted. Incident response plans must be updated to address modular backdoor detection and removal. Additionally, organizations should maintain up-to-date threat intelligence feeds, including monitoring for new CVEs linked to Earth Lamia’s toolkit, and apply patches promptly. Collaboration with national cybersecurity centers and sharing of threat intelligence within European cybersecurity communities will enhance collective defense. Finally, user awareness training should emphasize phishing and social engineering risks that may facilitate initial access.

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Sweden

Indicators of Compromise

hash: 0f68e438134c2781d26f6b2b255beec1
hash: 1dd51961e61faac3c0a7a5e4d7910ac2
hash: 1f48ad109b4449fdc0d6f7d3ec51131b
hash: 1facdcd05c43ba4d37274dffc90b6d4e
hash: 23dfefab675e7c735f36e5bbb19da2c0
hash: 249722da053044036b2381619d080bfe
hash: 4811ea6284f12970cf292c9844e326ea
hash: 5b90fd1acec3f6251ff8627a42505e83
hash: 5f3dd0514c98bab7172a4ccb2f7a152d
hash: 61bb551c3ab85d80b8e107019aee02b8
hash: 808502752ca0492aca995e9b620d507b
hash: 8f7dfbec116017d632ca77be578795fd
hash: b8053bcd04ce9d7d19c7f36830a9f26b
hash: d416f79514231cedb2d34514bc10b5c5
hash: df85cc21029de10bd1170e8bc15c92e5
hash: eae9eed174de0c0301e29c4cedf3131d
hash: eba237f4049ee3ef374e25ad59093622
hash: f3981a6a520ee8fb9832ef51b2f1c7d4
hash: 02fa713d3d28f01f697116cea3993014eaaec3df
hash: 1a90eba92624442ca70ea44d1641c1f81544cd3f
hash: 232a0585a7cb6c54e15d5410c96aac5913038e7f
hash: 2f4e56d6b65b58da7af32897035c26317561b648
hash: 3ba9a74f8faeff3de03e4c834f266582e2eb46a8
hash: 41656e98a22c53cf19c87e6acc21b9af8e07902f
hash: 428887427aa631aa3bf8e38c487743a0dc156969
hash: 57a26be3e175fe41fd2581cb7d9c95c7f0b14cf4
hash: 5a341a41bb909bf577465491420e3fce6001c5cf
hash: 5d657c760d3ef7a630e50d09f890cb3452649cd1
hash: 65e980c6f4d42199b1369ee0414665c856d3aa03
hash: 668c40bb6c792b3502b4eefd0916febc8dbd5182
hash: 6eaec5ead18912ece740f8b9704341bace5e30c1
hash: 8a559e3cefd9e5facccae672437c9ea8b2fa1883
hash: 97e85c03da1bbc14541116fb69bc94ad66e553a0
hash: 9c114c01d3aebaf7bdf5a7285585a21c109997f8
hash: ab713a0eb283828102035a0e293e62d0de444880
hash: dc26aa1f01a3cb7c2ad487982efbcfe378d9acc6
hash: 026bda0dd43bb9b1fa988803837582abd3265b33a6932a82724312ecc550e7ba
hash: 029c5914cedf8e79a647ab69ac08b7ea662c7608ea80cd8c42d07f1d9fe84c9b
hash: 0323aca727e12cbb4c492e3339f64969e46b3d300465af8dcdaf0e881aae1d0d
hash: 037bda8a7e324e378720ff143ca1810b95c78e74062913e9bc588aac9aa55483
hash: 038712505c782f6de7fd435805db35cd806da5132bd7b2f2b16b0c430b800f65
hash: 03bc25ae7222a8142e06629d22c62900e9cd2554ff7d2b9d8836125c6c4fea8c
hash: 057782a338549fdb031b21b6cf4bccdfead95f0b97f439f18cef1485b2d17677
hash: 0916166f5cf72e5869aeb75331a46f9bf978fa328b08e13ee356dd7b0b13afba
hash: 09375c5edc56752d5b8d84cb433e6a2151a57b02938bb84e1e07deefbcede3aa
hash: 0bc2ac5aa152fe7ebb4225f09f691f456631845eab2d71d548bdffed681af3b8
hash: 0c4015083a3eefa815d0f5310b112e7aff27199d38d5605f88a79dcab85db2b5
hash: 0cad360457a42c0408d4e7ed9f4f0faf3d96ec2320c2cdd11b53d82de85b5428
hash: 0f56c703e9b7ddeb90646927bac05a5c6d95308c8e13b88e5d4f4b572423e036
hash: 0f7148bd9e74527c9da1a5913a04ee1b4c1c4ea75cab57539e6781e617b9dab0
hash: 0fda765ed7aba6aa92dca681ab7e93160fcc5caaa0afae815d34e33fa647673a
hash: 114465c38e51d9cd15b84f5c57afd2ca5427ef71ece73d592c0f92f5bb69b237
hash: 11bab07f4dd49504f15a0d7bd4c3d57bf93c67939a200fb34d70f18219984c38
hash: 1572c35417c425433d03477d8e02784739337db9c26df25c0e6b2aa0444c0668
hash: 15a61d74ba86155e9d4636b9f081452a530b6766cc59e950d557a21eab96d60a
hash: 160911c246a25cae17454901fb2d7fb31e20dd0f5c12cbf686ffe24510f22ede
hash: 160dd63c6c58bd2a958c6b9e01c873c4192b6a4533197d7b506e49a04c5aef1c
hash: 183fd2afead8af67f7b7e52c052a906aa089b76f3a734137a9fe3e71ebb56f06
hash: 18cb28c5c7beae394111cf867b4e3cd8e154ab7c7f3d91016e0ead5d90009ee3
hash: 1b4660133c2f2125b1013a3fa22de51d60176052d7c1487c09630fee5582298a
hash: 1d0b246f8d43442ea0eaecde5cfa7fcd8139a9ba93496cd82a8ac056f7393bcf
hash: 21a832ac4c538652416124106b307026d9a8abb943501ff2ce3a14d5fdf2c08b
hash: 2301d1efbe6f2cccabad1583fc2d9846b34117159c8576e550a799e91d80d176
hash: 24a7ce118461c264bf797a4632e8b83b11c7f16c4c6836057284751bc33d20f8
hash: 2629de99f35a283ad44e8fea20a3b536187c8babb24f18763429390f77144128
hash: 263ee8e9f8fbdb95ca8afb642e990f66c41e194110a70765f2abf7257e0790e3
hash: 266d2307216788fcf174735535193c77488435b3da5f9b3867e714d94ae1f4e3
hash: 268c2b3286bb079ec6b047fe17321c7a98b24bf36c16598998de4fc48b6bedf9
hash: 2a5e8e3d02de6f13195ac962862e37918fa7ab9aa14d8fbe3eb9f2fb217b9517
hash: 2a62393c3b2e97cdbd03181d4e4cf699d4511c56a1c9c4ed8ff122f05eb919cc
hash: 2c067b470ab3802719ad65ef1e721a3850933c1a9ebf3e97303a3164effb6f63
hash: 2ea8980002af5ace6c34408626ac56b424ea0a2504ccd0281e09d560e8e05276
hash: 2efd13442f109790bdd5e1b33f706e60501546eb06d15a2aa8226458bbbd315e
hash: 2fd5b4d1cb318b8cbd9c3a5df0ee0c248e8261a20f33110b221ae9cb8b1071ae
hash: 3027a212272957298bf4d32505370fa63fb162d6a6a6ec091af9d7626317a858
hash: 3264a6fae4613963e5b559c956d7d0d48041b6e873a5162f6f0a5f942b1b6215
hash: 34903b66d9035ab84878b4a058f99b86852d55c4b69f8e3254f6097f3d0b674f
hash: 367aa34601606f4f09a496dfeed1d301b8b76643f976ed02960d9e85cce38595
hash: 36aa5dc6c23669821204c7d18a714e360cf0ea2b6e48175ba89c7bbb01a3a1bb
hash: 3b50605e11ff66a370a0a2f99ebc6df09d589d107735004862178f661e051ed8
hash: 3b7b0b7dabe9fe77797ef944121f611d6eb69716a15942c6b58998fbfd6b13d9
hash: 3bd969b1b078a20c5a43bb50e7fc035e9c4af41f0c735d07524f770c0fb0ed22
hash: 3be0b7d41d9fedfcbf5dd8147640f1d12c5693936910fcc76d7af99243056b94
hash: 3c248c1fbc3a03da1acb32a7aa932b130db31251aaa5880b6b94dc7cc2423f8e
hash: 3c50d4953e0f695d8e2849546dd0a4a9b8d06b3ab3d70d32e4181ca7f8c58b1e
hash: 3e2f9c3b76c3b4d932783faeb7ab25cfed3edd939f58659e0aa92fd46a6b1111
hash: 411005c29ff637fa65d20a1ffcb6877663e8c73c0ec67b09a9648df9647930a8
hash: 4598d35d789db350008c2307febe18859221923fe9f1fd2fa61bccc8eca8828e
hash: 475e1a46141efb13bae2e935e61a8731d466a53c1268ca54cd7ba3815b002256
hash: 49c71b594ba808832900316af90ab7cac3e9af825d5b7a081244913c8fed849f
hash: 4b49ec2d58a5a2726bd3f8aea4cb876fd24be3f0f44b2c2a5fed61424a7b5f05
hash: 4e10dfd43a25bcf34c545371bbb579c1d7c14a5df6b0a0bf513e306f4a19f7e9
hash: 4e1c1f94358a6402c69cca010fc2829514aeb77d11b33561469f0d0fdf64f989
hash: 5060bcd360683d43dcde43676d908d5d10b5310e71f16c42529b103b91818d57
hash: 512ad96221ddc5bb90228b719ac2badb999e43c129aa759b3619ae6ffea49c73
hash: 526610d0cf97982044b892731a7d47832893028c67e85c1ae04092c7e05dd827
hash: 52af32ab127d9956c598e926e20abfddeff28cf8f6271bc60ea21cc074def08f
hash: 538e5a536714c0db69b4bb1ea6df421299e75e8c0b2c4644992ebd022c98cd65
hash: 53a26d5e2b1ee5d2a8261843c1fe0c68632d6686222f11177bee9c572c485005
hash: 54b0949e3771e1b1dd7eabdbaf2acffe5e527edafc4a5ffa6aaeb0a6047479f1
hash: 56a00f3f589909783b72ca6fe40d898f45d9787e94f4291a008259ff0a18b12c
hash: 57fe3bc7b7d4e2f8b10869d735c95f53d6a85bd59dacd26292c2d6a089fc36b4
hash: 5c74a6e283b679c9a2e1e8dc74b0ac301f5fa4bd2b37a6c3af2ba4015b34a780
hash: 608a5144ae8ddec032854092da555eb9e29626465657c1c5cc3de0ada0bfea7e
hash: 613985e6cb0783fa378100d464065c0cfab636230ed76994d9daed6b19af3be1
hash: 62ba281147ceeefca5bd15f58ac52125bc42b0e134a6fcb4bd90efdae0fce318
hash: 62f734b99e5b690c12f339562c08e6a9168ad91c00bf4efc6c3f2d6c7a9677bd
hash: 67e5fe71333949e664d9fb1d9ac0081c106fabb9b8e141af9874b58c132ab9e7
hash: 687ca3726ef5168cc4e27ebb560ba649ec4967e44d24806c620f5d1337afa46c
hash: 6aa6250bf821907b7a2927086e0f5b8d759a81c620a3cc7cc45023f734dbac70
hash: 6d9b34bec276a1351ef46e63829237c7352a2e64118fe072a650979557b421b9
hash: 6ddf5c9c790a3a4a536b75d46e6ff10edee2012c625d10fbb69a119b68643cef
hash: 6ecd637ec715709a21ae05c3917e7b33cc35ce2b77700c938d16897fcd0cd8ea
hash: 70da3b1b49c0d6c660501a803026e5a5390bbea749b25b8b2ddffef8bb211ff6
hash: 7787eca1528144693930458282ee26c39508a9014152d36efa3b8645c188964c
hash: 78eed41cec221edd4ffed223f2fd2271a96224fd1173ed685c8c0b274fe93029
hash: 7ab4710efc9cee29c4c17c2d7b367ee528ca3070835bc961eb8481f4ef010ee8
hash: 7c56b87fbc92c9ff8bbd0f0979acb839eea8695c1fd18b731fdb0feca077fd4f
hash: 7df588daaa053890cebfc0ac09b3c6b64bac4523719bc88323af6cc7e64377ed
hash: 8019ea81df3933f933d94e2d7989b70f9aa8f4876d8103e79dc2fa9ae3cc87c2
hash: 84f3b5432a437a8319d81556cceb857609d2c5c9a1e4eb8dab61f528db59e83c
hash: 853e735b64cac5c64d18b78b35dc4129551909b8ee3bdb1ad2b6ef75349f0108
hash: 8550677e8ca53235c5eda21401e75ab495e418877e71149d1ae0c3ce247c3124
hash: 8656a40ad826829fc90537ca0bbdbc2bb9d2e7d96e080f3fc4b5796e44c13881
hash: 8ce7e340773af5310bc851b5a9b848a72759fc33059a0d8cc5732a5f97766aa7
hash: 8e036e4c156fe5c51fbca42121b70dd77741b1ccdc1999867d5ca28fc4d57ae8
hash: 8e53784a8600a6e6fcb61cf9a363a49c44fd97bf22cfec2948728ec622d817fc
hash: 900a9e65bab0c31cefb8e144e4d43052d1b0699d8df05b695bfe4b3275747d0f
hash: 9144c7df6fbae476a8f288bbe002a5f83bbd58826dcea2e851f66c25ca568034
hash: 92e82fe79025aa9e68cae7b734de8c840ec7c6dd439f17abefe69354d4a8bd6e
hash: 93d6f9f0172206779c753a4c486dda1de4aa17a5147e84c31203c694655cd8ab
hash: 94ba2a1b5360a6799546999d8c528a064ddf76126b4478df8973ffdada2fdd62
hash: 95fb0944a2348f1e326b4ce65b04a5b62e1587d90c40d3bb505dc93f5f61295a
hash: 961afc40bd120d3715d2fa333de19a83ab4c712092e9289c28e271ec778f4ea0
hash: 9c50cdfed01bb15b584c8871d5cf4dc506705839020fd0626305bf675bd912fc
hash: a134f4f4a8d5efd1529dfe83ba1084083da36fd3e78963e1d5d127f7649acb24
hash: a4f8ffff81c13d2bc6ba5f0ded5ea31b73450ad1a0f42c592f1040d46263846a
hash: a7a7004ed404980e56f3e9dd4b349a42b39d08b310d32c8ec7db8d55ee693a93
hash: a8163c286a140dd67a8c97631d4ef5799f93de94a914c3ab1c3026e1688743fa
hash: acbd2ed341e3dab5d7f258afc098ca86be9916bca6b9d2624557100164a4df2e
hash: ad7848c78cfb589190a1363ee25c6db47dd04a577300a4fbe829ce5b71f0ff39
hash: af2c6c59f98c5a172e071a38706255ee56e9e8f7b4a1c575593b862e60f8a2c4
hash: b0269634a1d295d170e58d6c3c2cb86cd91dea2acd5f3dea9449df8ed0c889c2
hash: b24316e81b6ebf954fab7a87a211554cde6986b239792610f8d234d05d2a2a1f
hash: b26458a0b60f4af597433fb7eff7b949ca96e59330f4e4bb85005e8bbcfa4f59
hash: b2850795bd5be0e6556e20fa10160585def005c2a5cd8df2c345a662714bd815
hash: b4caf6949964f75e8dd281ae2ab9947248120c680415b5f5b307532c1dc99b58
hash: b61c22c6b74a546ee337b3a6cc2ee1fa9f3e92e93eced40fe7df27ffddc4c0fe
hash: b8c0d54f40d0c9deafa44860799a54a09c32cc795498bf0e9f2bef49fa056288
hash: b905802b0e600f2988fb4d16eaa6eec65ed3c5b9735b79dd9a00dfa4d7abe65e
hash: b93632280602502b9480abc7c4acd5c7398004197c4a6013ccd2a4ee4c599591
hash: ba114a9b775ccf8215f80094d353b06b3a9fd32e22167e4e06ba986a738ec518
hash: ba65d71d06a8201d32edb98ca54149fb7662baac43d8ecd853c90d03f4320db0
hash: bb6ab67ddbb74e7afb82bb063744a91f3fecf5fd0f453a179c0776727f6870c7
hash: bc246e2508013cb3d8df5c21bac16ab3584e40b16b31647db31006877bc13db3
hash: bc647e05eea89ea9b5ec3ce728e3c039dd2abd17441e7c39cf130f292edd6efc
hash: bce9616ed0d829a05ce7df6c1fb90895a93772eb438ed7b2cc35407c34031666
hash: c04860e0ecce7d3a91c5358aecbafc495b2a9f0936dabf99db5f46457776687a
hash: c2fdb76ec20047129d5f993917cae4a73b61204c531121a57a9121910910fbaf
hash: c44d1a50eab5299fe20d742093df44a617eeee1e2e0a176bafd8ed95dd60c6c5
hash: c7137d350aaf2acc965763e380255e9fb63d6feefae4ed91c80b70ff022db855
hash: c87f7e0ae64e11ef755083bde6b756c695d07c6b89633f6fb66cd96214bcd502
hash: c8f855c7b1456739d1c03c4225093475baba75cb49d3f1051ba4e40831e5ce84
hash: cbb512c427297c2b67b83e459887b59e3171ad47a22a62d89f03a1eacab1ac42
hash: ce98feac673b63a3c030c976c0dd4a0fba0cd5e124373b390b0f3c7fa761f95e
hash: d04904e32b5cb0f9b559855fac81d62c6ad0472dc443be02f08b6fe4a7d56f71
hash: d1d957406e9177a1ab10bb5a4d2d4dfb3ac971c390f8383eeaa263bdf8038058
hash: d3f0e0563269d23cfd1e54a16badd2e03d7826c364e2fb84ffe3d48b2a3738e9
hash: d6c3c83d8549c691972e8fe91277c579efe83b731d5a1669d42692b0b3a17980
hash: d8364dc34ccece608beea861067fa31cae3f4ef0c3fcdf1804cc88d162c0ff15
hash: d8d1635a515fd3afb2ccfbd2a82feb2c2150161872f3a4babd90146626fe8355
hash: d8e272f50e1d699870a74f8cbed06a9371212c208bcfa8b3c992a4744e84ed87
hash: dc27e0fabdbad970519d354a83f8c4791d2311dedb9e7ed3cee2d0f52078f000
hash: de9117872e6b32d01fe2e2ec54899641486a1ebb3439123aadea8d5388617eee
hash: e1e03d90eb8a65ed6d3b4ff16aed51443ecacba465ff1c96a6604c84b215fec8
hash: e5d34a8a39ae067efe12336732f43775fa8eaf86e0d7668816780d1db9821e5d
hash: e82ecbe3823046a27d8c39cc0a4acb498f415549946c9ff0e241838b34ed5a21
hash: e9808c0e5ebba9aa2b2b5f856d1cb6965f6b5fa49e22dc423251786bb46ac2b7
hash: eb1df006c34463faf8325c52c2f132b62adaaff37afc0bd7ddf0274fa30e59d0
hash: ed8684894015e74ff5cf217cbda2f2036e7c9f573f9b0aa46e29e7ff8c13f11b
hash: edc9222aece9098ad636af351dd896ffee3360e487fda658062a9722edf02185
hash: f29e98d60486472e80d2fac7afa7433bad74d69e25ba8b9533c3b23d6b6be9bd
hash: f3bd3637ad90eae0bfa31c0735fa3bb2e0d7061f63456f7479948ce7e8cd7310
hash: f3f1ac9e1739a840242c9c215080085af61500dbe7bfd01886fe972e0ca22a26
hash: f55bb674f524ea72d91dba894ea5448ecf92aab7bceb0cf0025383483e72cc1f
hash: f80313b4e2d743c94571a98d1672ffc3bc003209c6315ce2a22a9989aae051c2
hash: f90e8f85f79cbff664ad3c4758f1bed8a6ebc2a712180d675ff560bea2b88c65
hash: fc56184a160c0fbb3d2a98e5955dfad4e09e3a8db99f162199d9c1f419460984
hash: ff724631dba8abe354c8742f09d88821237632e36c305ba4f1132a95880dde67
hash: ffdb183742a3404c3756ba654ea8eb7983650cbf8fdc4e8a6514870e251f2915
ip: 103.30.76.206
ip: 104.233.140.135
ip: 134.122.176.156
ip: 141.11.149.124
ip: 149.104.23.171
ip: 154.211.89.5
ip: 164.155.231.64
ip: 206.237.0.251
ip: 206.237.1.201
ip: 206.238.179.172
ip: 206.238.179.242
ip: 206.238.196.155
ip: 206.238.199.21
ip: 206.238.76.121
domain: chrome-online.site
domain: 0ac0568239f8978.ccega6r0yph8.com
domain: 784564141.ccega6r0yph8.com
domain: admin.668608.xyz
domain: api.xwphd.com
domain: bkp.windowstimes.me
domain: c43f5d6e73a7eb.ccega6r0yph8.com
domain: image.windowstimes.online
domain: images.windowstimes.online
domain: times.windowstimes.me
domain: times.windowstimes.online
ip: 43.247.135.53
cve: CVE-2017-9805
cve: CVE-2021-22205
cve: CVE-2024-27198
cve: CVE-2024-27199
cve: CVE-2024-51378
cve: CVE-2024-51567
cve: CVE-2024-56145
cve: CVE-2024-9047
cve: CVE-2025-31324
ip: 149.104.23.176
ip: 206.237.0.49
ip: 206.237.2.40
ip: 206.237.5.19
domain: sentinelones.com

Custom Arsenal Developed to Target Multiple Industries

Severity: medium

Type: malware

CVE: CVE-2017-9805

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Sweden

Indicators of Compromise

hash: 0f68e438134c2781d26f6b2b255beec1
hash: 1dd51961e61faac3c0a7a5e4d7910ac2
hash: 1f48ad109b4449fdc0d6f7d3ec51131b
hash: 1facdcd05c43ba4d37274dffc90b6d4e
hash: 23dfefab675e7c735f36e5bbb19da2c0
hash: 249722da053044036b2381619d080bfe
hash: 4811ea6284f12970cf292c9844e326ea
hash: 5b90fd1acec3f6251ff8627a42505e83
hash: 5f3dd0514c98bab7172a4ccb2f7a152d
hash: 61bb551c3ab85d80b8e107019aee02b8
hash: 808502752ca0492aca995e9b620d507b
hash: 8f7dfbec116017d632ca77be578795fd
hash: b8053bcd04ce9d7d19c7f36830a9f26b
hash: d416f79514231cedb2d34514bc10b5c5
hash: df85cc21029de10bd1170e8bc15c92e5
hash: eae9eed174de0c0301e29c4cedf3131d
hash: eba237f4049ee3ef374e25ad59093622
hash: f3981a6a520ee8fb9832ef51b2f1c7d4
hash: 02fa713d3d28f01f697116cea3993014eaaec3df
hash: 1a90eba92624442ca70ea44d1641c1f81544cd3f
hash: 232a0585a7cb6c54e15d5410c96aac5913038e7f
hash: 2f4e56d6b65b58da7af32897035c26317561b648
hash: 3ba9a74f8faeff3de03e4c834f266582e2eb46a8
hash: 41656e98a22c53cf19c87e6acc21b9af8e07902f
hash: 428887427aa631aa3bf8e38c487743a0dc156969
hash: 57a26be3e175fe41fd2581cb7d9c95c7f0b14cf4
hash: 5a341a41bb909bf577465491420e3fce6001c5cf
hash: 5d657c760d3ef7a630e50d09f890cb3452649cd1
hash: 65e980c6f4d42199b1369ee0414665c856d3aa03
hash: 668c40bb6c792b3502b4eefd0916febc8dbd5182
hash: 6eaec5ead18912ece740f8b9704341bace5e30c1
hash: 8a559e3cefd9e5facccae672437c9ea8b2fa1883
hash: 97e85c03da1bbc14541116fb69bc94ad66e553a0
hash: 9c114c01d3aebaf7bdf5a7285585a21c109997f8
hash: ab713a0eb283828102035a0e293e62d0de444880
hash: dc26aa1f01a3cb7c2ad487982efbcfe378d9acc6
hash: 026bda0dd43bb9b1fa988803837582abd3265b33a6932a82724312ecc550e7ba
hash: 029c5914cedf8e79a647ab69ac08b7ea662c7608ea80cd8c42d07f1d9fe84c9b
hash: 0323aca727e12cbb4c492e3339f64969e46b3d300465af8dcdaf0e881aae1d0d
hash: 037bda8a7e324e378720ff143ca1810b95c78e74062913e9bc588aac9aa55483
hash: 038712505c782f6de7fd435805db35cd806da5132bd7b2f2b16b0c430b800f65
hash: 03bc25ae7222a8142e06629d22c62900e9cd2554ff7d2b9d8836125c6c4fea8c
hash: 057782a338549fdb031b21b6cf4bccdfead95f0b97f439f18cef1485b2d17677
hash: 0916166f5cf72e5869aeb75331a46f9bf978fa328b08e13ee356dd7b0b13afba
hash: 09375c5edc56752d5b8d84cb433e6a2151a57b02938bb84e1e07deefbcede3aa
hash: 0bc2ac5aa152fe7ebb4225f09f691f456631845eab2d71d548bdffed681af3b8
hash: 0c4015083a3eefa815d0f5310b112e7aff27199d38d5605f88a79dcab85db2b5
hash: 0cad360457a42c0408d4e7ed9f4f0faf3d96ec2320c2cdd11b53d82de85b5428
hash: 0f56c703e9b7ddeb90646927bac05a5c6d95308c8e13b88e5d4f4b572423e036
hash: 0f7148bd9e74527c9da1a5913a04ee1b4c1c4ea75cab57539e6781e617b9dab0
hash: 0fda765ed7aba6aa92dca681ab7e93160fcc5caaa0afae815d34e33fa647673a
hash: 114465c38e51d9cd15b84f5c57afd2ca5427ef71ece73d592c0f92f5bb69b237
hash: 11bab07f4dd49504f15a0d7bd4c3d57bf93c67939a200fb34d70f18219984c38
hash: 1572c35417c425433d03477d8e02784739337db9c26df25c0e6b2aa0444c0668
hash: 15a61d74ba86155e9d4636b9f081452a530b6766cc59e950d557a21eab96d60a
hash: 160911c246a25cae17454901fb2d7fb31e20dd0f5c12cbf686ffe24510f22ede
hash: 160dd63c6c58bd2a958c6b9e01c873c4192b6a4533197d7b506e49a04c5aef1c
hash: 183fd2afead8af67f7b7e52c052a906aa089b76f3a734137a9fe3e71ebb56f06
hash: 18cb28c5c7beae394111cf867b4e3cd8e154ab7c7f3d91016e0ead5d90009ee3
hash: 1b4660133c2f2125b1013a3fa22de51d60176052d7c1487c09630fee5582298a
hash: 1d0b246f8d43442ea0eaecde5cfa7fcd8139a9ba93496cd82a8ac056f7393bcf
hash: 21a832ac4c538652416124106b307026d9a8abb943501ff2ce3a14d5fdf2c08b
hash: 2301d1efbe6f2cccabad1583fc2d9846b34117159c8576e550a799e91d80d176
hash: 24a7ce118461c264bf797a4632e8b83b11c7f16c4c6836057284751bc33d20f8
hash: 2629de99f35a283ad44e8fea20a3b536187c8babb24f18763429390f77144128
hash: 263ee8e9f8fbdb95ca8afb642e990f66c41e194110a70765f2abf7257e0790e3
hash: 266d2307216788fcf174735535193c77488435b3da5f9b3867e714d94ae1f4e3
hash: 268c2b3286bb079ec6b047fe17321c7a98b24bf36c16598998de4fc48b6bedf9
hash: 2a5e8e3d02de6f13195ac962862e37918fa7ab9aa14d8fbe3eb9f2fb217b9517
hash: 2a62393c3b2e97cdbd03181d4e4cf699d4511c56a1c9c4ed8ff122f05eb919cc
hash: 2c067b470ab3802719ad65ef1e721a3850933c1a9ebf3e97303a3164effb6f63
hash: 2ea8980002af5ace6c34408626ac56b424ea0a2504ccd0281e09d560e8e05276
hash: 2efd13442f109790bdd5e1b33f706e60501546eb06d15a2aa8226458bbbd315e
hash: 2fd5b4d1cb318b8cbd9c3a5df0ee0c248e8261a20f33110b221ae9cb8b1071ae
hash: 3027a212272957298bf4d32505370fa63fb162d6a6a6ec091af9d7626317a858
hash: 3264a6fae4613963e5b559c956d7d0d48041b6e873a5162f6f0a5f942b1b6215
hash: 34903b66d9035ab84878b4a058f99b86852d55c4b69f8e3254f6097f3d0b674f
hash: 367aa34601606f4f09a496dfeed1d301b8b76643f976ed02960d9e85cce38595
hash: 36aa5dc6c23669821204c7d18a714e360cf0ea2b6e48175ba89c7bbb01a3a1bb
hash: 3b50605e11ff66a370a0a2f99ebc6df09d589d107735004862178f661e051ed8
hash: 3b7b0b7dabe9fe77797ef944121f611d6eb69716a15942c6b58998fbfd6b13d9
hash: 3bd969b1b078a20c5a43bb50e7fc035e9c4af41f0c735d07524f770c0fb0ed22
hash: 3be0b7d41d9fedfcbf5dd8147640f1d12c5693936910fcc76d7af99243056b94
hash: 3c248c1fbc3a03da1acb32a7aa932b130db31251aaa5880b6b94dc7cc2423f8e
hash: 3c50d4953e0f695d8e2849546dd0a4a9b8d06b3ab3d70d32e4181ca7f8c58b1e
hash: 3e2f9c3b76c3b4d932783faeb7ab25cfed3edd939f58659e0aa92fd46a6b1111
hash: 411005c29ff637fa65d20a1ffcb6877663e8c73c0ec67b09a9648df9647930a8
hash: 4598d35d789db350008c2307febe18859221923fe9f1fd2fa61bccc8eca8828e
hash: 475e1a46141efb13bae2e935e61a8731d466a53c1268ca54cd7ba3815b002256
hash: 49c71b594ba808832900316af90ab7cac3e9af825d5b7a081244913c8fed849f
hash: 4b49ec2d58a5a2726bd3f8aea4cb876fd24be3f0f44b2c2a5fed61424a7b5f05
hash: 4e10dfd43a25bcf34c545371bbb579c1d7c14a5df6b0a0bf513e306f4a19f7e9
hash: 4e1c1f94358a6402c69cca010fc2829514aeb77d11b33561469f0d0fdf64f989
hash: 5060bcd360683d43dcde43676d908d5d10b5310e71f16c42529b103b91818d57
hash: 512ad96221ddc5bb90228b719ac2badb999e43c129aa759b3619ae6ffea49c73
hash: 526610d0cf97982044b892731a7d47832893028c67e85c1ae04092c7e05dd827
hash: 52af32ab127d9956c598e926e20abfddeff28cf8f6271bc60ea21cc074def08f
hash: 538e5a536714c0db69b4bb1ea6df421299e75e8c0b2c4644992ebd022c98cd65
hash: 53a26d5e2b1ee5d2a8261843c1fe0c68632d6686222f11177bee9c572c485005
hash: 54b0949e3771e1b1dd7eabdbaf2acffe5e527edafc4a5ffa6aaeb0a6047479f1
hash: 56a00f3f589909783b72ca6fe40d898f45d9787e94f4291a008259ff0a18b12c
hash: 57fe3bc7b7d4e2f8b10869d735c95f53d6a85bd59dacd26292c2d6a089fc36b4
hash: 5c74a6e283b679c9a2e1e8dc74b0ac301f5fa4bd2b37a6c3af2ba4015b34a780
hash: 608a5144ae8ddec032854092da555eb9e29626465657c1c5cc3de0ada0bfea7e
hash: 613985e6cb0783fa378100d464065c0cfab636230ed76994d9daed6b19af3be1
hash: 62ba281147ceeefca5bd15f58ac52125bc42b0e134a6fcb4bd90efdae0fce318
hash: 62f734b99e5b690c12f339562c08e6a9168ad91c00bf4efc6c3f2d6c7a9677bd
hash: 67e5fe71333949e664d9fb1d9ac0081c106fabb9b8e141af9874b58c132ab9e7
hash: 687ca3726ef5168cc4e27ebb560ba649ec4967e44d24806c620f5d1337afa46c
hash: 6aa6250bf821907b7a2927086e0f5b8d759a81c620a3cc7cc45023f734dbac70
hash: 6d9b34bec276a1351ef46e63829237c7352a2e64118fe072a650979557b421b9
hash: 6ddf5c9c790a3a4a536b75d46e6ff10edee2012c625d10fbb69a119b68643cef
hash: 6ecd637ec715709a21ae05c3917e7b33cc35ce2b77700c938d16897fcd0cd8ea
hash: 70da3b1b49c0d6c660501a803026e5a5390bbea749b25b8b2ddffef8bb211ff6
hash: 7787eca1528144693930458282ee26c39508a9014152d36efa3b8645c188964c
hash: 78eed41cec221edd4ffed223f2fd2271a96224fd1173ed685c8c0b274fe93029
hash: 7ab4710efc9cee29c4c17c2d7b367ee528ca3070835bc961eb8481f4ef010ee8
hash: 7c56b87fbc92c9ff8bbd0f0979acb839eea8695c1fd18b731fdb0feca077fd4f
hash: 7df588daaa053890cebfc0ac09b3c6b64bac4523719bc88323af6cc7e64377ed
hash: 8019ea81df3933f933d94e2d7989b70f9aa8f4876d8103e79dc2fa9ae3cc87c2
hash: 84f3b5432a437a8319d81556cceb857609d2c5c9a1e4eb8dab61f528db59e83c
hash: 853e735b64cac5c64d18b78b35dc4129551909b8ee3bdb1ad2b6ef75349f0108
hash: 8550677e8ca53235c5eda21401e75ab495e418877e71149d1ae0c3ce247c3124
hash: 8656a40ad826829fc90537ca0bbdbc2bb9d2e7d96e080f3fc4b5796e44c13881
hash: 8ce7e340773af5310bc851b5a9b848a72759fc33059a0d8cc5732a5f97766aa7
hash: 8e036e4c156fe5c51fbca42121b70dd77741b1ccdc1999867d5ca28fc4d57ae8
hash: 8e53784a8600a6e6fcb61cf9a363a49c44fd97bf22cfec2948728ec622d817fc
hash: 900a9e65bab0c31cefb8e144e4d43052d1b0699d8df05b695bfe4b3275747d0f
hash: 9144c7df6fbae476a8f288bbe002a5f83bbd58826dcea2e851f66c25ca568034
hash: 92e82fe79025aa9e68cae7b734de8c840ec7c6dd439f17abefe69354d4a8bd6e
hash: 93d6f9f0172206779c753a4c486dda1de4aa17a5147e84c31203c694655cd8ab
hash: 94ba2a1b5360a6799546999d8c528a064ddf76126b4478df8973ffdada2fdd62
hash: 95fb0944a2348f1e326b4ce65b04a5b62e1587d90c40d3bb505dc93f5f61295a
hash: 961afc40bd120d3715d2fa333de19a83ab4c712092e9289c28e271ec778f4ea0
hash: 9c50cdfed01bb15b584c8871d5cf4dc506705839020fd0626305bf675bd912fc
hash: a134f4f4a8d5efd1529dfe83ba1084083da36fd3e78963e1d5d127f7649acb24
hash: a4f8ffff81c13d2bc6ba5f0ded5ea31b73450ad1a0f42c592f1040d46263846a
hash: a7a7004ed404980e56f3e9dd4b349a42b39d08b310d32c8ec7db8d55ee693a93
hash: a8163c286a140dd67a8c97631d4ef5799f93de94a914c3ab1c3026e1688743fa
hash: acbd2ed341e3dab5d7f258afc098ca86be9916bca6b9d2624557100164a4df2e
hash: ad7848c78cfb589190a1363ee25c6db47dd04a577300a4fbe829ce5b71f0ff39
hash: af2c6c59f98c5a172e071a38706255ee56e9e8f7b4a1c575593b862e60f8a2c4
hash: b0269634a1d295d170e58d6c3c2cb86cd91dea2acd5f3dea9449df8ed0c889c2
hash: b24316e81b6ebf954fab7a87a211554cde6986b239792610f8d234d05d2a2a1f
hash: b26458a0b60f4af597433fb7eff7b949ca96e59330f4e4bb85005e8bbcfa4f59
hash: b2850795bd5be0e6556e20fa10160585def005c2a5cd8df2c345a662714bd815
hash: b4caf6949964f75e8dd281ae2ab9947248120c680415b5f5b307532c1dc99b58
hash: b61c22c6b74a546ee337b3a6cc2ee1fa9f3e92e93eced40fe7df27ffddc4c0fe
hash: b8c0d54f40d0c9deafa44860799a54a09c32cc795498bf0e9f2bef49fa056288
hash: b905802b0e600f2988fb4d16eaa6eec65ed3c5b9735b79dd9a00dfa4d7abe65e
hash: b93632280602502b9480abc7c4acd5c7398004197c4a6013ccd2a4ee4c599591
hash: ba114a9b775ccf8215f80094d353b06b3a9fd32e22167e4e06ba986a738ec518
hash: ba65d71d06a8201d32edb98ca54149fb7662baac43d8ecd853c90d03f4320db0
hash: bb6ab67ddbb74e7afb82bb063744a91f3fecf5fd0f453a179c0776727f6870c7
hash: bc246e2508013cb3d8df5c21bac16ab3584e40b16b31647db31006877bc13db3
hash: bc647e05eea89ea9b5ec3ce728e3c039dd2abd17441e7c39cf130f292edd6efc
hash: bce9616ed0d829a05ce7df6c1fb90895a93772eb438ed7b2cc35407c34031666
hash: c04860e0ecce7d3a91c5358aecbafc495b2a9f0936dabf99db5f46457776687a
hash: c2fdb76ec20047129d5f993917cae4a73b61204c531121a57a9121910910fbaf
hash: c44d1a50eab5299fe20d742093df44a617eeee1e2e0a176bafd8ed95dd60c6c5
hash: c7137d350aaf2acc965763e380255e9fb63d6feefae4ed91c80b70ff022db855
hash: c87f7e0ae64e11ef755083bde6b756c695d07c6b89633f6fb66cd96214bcd502
hash: c8f855c7b1456739d1c03c4225093475baba75cb49d3f1051ba4e40831e5ce84
hash: cbb512c427297c2b67b83e459887b59e3171ad47a22a62d89f03a1eacab1ac42
hash: ce98feac673b63a3c030c976c0dd4a0fba0cd5e124373b390b0f3c7fa761f95e
hash: d04904e32b5cb0f9b559855fac81d62c6ad0472dc443be02f08b6fe4a7d56f71
hash: d1d957406e9177a1ab10bb5a4d2d4dfb3ac971c390f8383eeaa263bdf8038058
hash: d3f0e0563269d23cfd1e54a16badd2e03d7826c364e2fb84ffe3d48b2a3738e9
hash: d6c3c83d8549c691972e8fe91277c579efe83b731d5a1669d42692b0b3a17980
hash: d8364dc34ccece608beea861067fa31cae3f4ef0c3fcdf1804cc88d162c0ff15
hash: d8d1635a515fd3afb2ccfbd2a82feb2c2150161872f3a4babd90146626fe8355
hash: d8e272f50e1d699870a74f8cbed06a9371212c208bcfa8b3c992a4744e84ed87
hash: dc27e0fabdbad970519d354a83f8c4791d2311dedb9e7ed3cee2d0f52078f000
hash: de9117872e6b32d01fe2e2ec54899641486a1ebb3439123aadea8d5388617eee
hash: e1e03d90eb8a65ed6d3b4ff16aed51443ecacba465ff1c96a6604c84b215fec8
hash: e5d34a8a39ae067efe12336732f43775fa8eaf86e0d7668816780d1db9821e5d
hash: e82ecbe3823046a27d8c39cc0a4acb498f415549946c9ff0e241838b34ed5a21
hash: e9808c0e5ebba9aa2b2b5f856d1cb6965f6b5fa49e22dc423251786bb46ac2b7
hash: eb1df006c34463faf8325c52c2f132b62adaaff37afc0bd7ddf0274fa30e59d0
hash: ed8684894015e74ff5cf217cbda2f2036e7c9f573f9b0aa46e29e7ff8c13f11b
hash: edc9222aece9098ad636af351dd896ffee3360e487fda658062a9722edf02185
hash: f29e98d60486472e80d2fac7afa7433bad74d69e25ba8b9533c3b23d6b6be9bd
hash: f3bd3637ad90eae0bfa31c0735fa3bb2e0d7061f63456f7479948ce7e8cd7310
hash: f3f1ac9e1739a840242c9c215080085af61500dbe7bfd01886fe972e0ca22a26
hash: f55bb674f524ea72d91dba894ea5448ecf92aab7bceb0cf0025383483e72cc1f
hash: f80313b4e2d743c94571a98d1672ffc3bc003209c6315ce2a22a9989aae051c2
hash: f90e8f85f79cbff664ad3c4758f1bed8a6ebc2a712180d675ff560bea2b88c65
hash: fc56184a160c0fbb3d2a98e5955dfad4e09e3a8db99f162199d9c1f419460984
hash: ff724631dba8abe354c8742f09d88821237632e36c305ba4f1132a95880dde67
hash: ffdb183742a3404c3756ba654ea8eb7983650cbf8fdc4e8a6514870e251f2915
ip: 103.30.76.206
ip: 104.233.140.135
ip: 134.122.176.156
ip: 141.11.149.124
ip: 149.104.23.171
ip: 154.211.89.5
ip: 164.155.231.64
ip: 206.237.0.251
ip: 206.237.1.201
ip: 206.238.179.172
ip: 206.238.179.242
ip: 206.238.196.155
ip: 206.238.199.21
ip: 206.238.76.121
domain: chrome-online.site
domain: 0ac0568239f8978.ccega6r0yph8.com
domain: 784564141.ccega6r0yph8.com
domain: admin.668608.xyz
domain: api.xwphd.com
domain: bkp.windowstimes.me
domain: c43f5d6e73a7eb.ccega6r0yph8.com
domain: image.windowstimes.online
domain: images.windowstimes.online
domain: times.windowstimes.me
domain: times.windowstimes.online
ip: 43.247.135.53
cve: CVE-2017-9805
cve: CVE-2021-22205
cve: CVE-2024-27198
cve: CVE-2024-27199
cve: CVE-2024-51378
cve: CVE-2024-51567
cve: CVE-2024-56145
cve: CVE-2024-9047
cve: CVE-2025-31324
ip: 149.104.23.176
ip: 206.237.0.49
ip: 206.237.2.40
ip: 206.237.5.19
domain: sentinelones.com

Source: AlienVault OTX General

Published: Tue May 27 2025

Custom Arsenal Developed to Target Multiple Industries

Medium

Published: Tue May 27 2025 (05/27/2025, 10:35:05 UTC)

Source: AlienVault OTX General

Description

AI-Powered Analysis

AILast updated: 06/26/2025, 13:50:08 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Need more detailed analysis?Get Pro

Pro Feature

For access to advanced analysis and higher rate limits, contact root@offseq.com

Technical Details

Author: AlienVault
Tlp: white
References: ["https://www.trendmicro.com/en_us/research/25/e/earth-lamia.html"]
Adversary: Earth Lamia
Pulse Id: 68359559953d95d9c98f6268
Threat Score: null

Indicators of Compromise

Hash

Value	Description	Copy
hash0f68e438134c2781d26f6b2b255beec1	—
hash1dd51961e61faac3c0a7a5e4d7910ac2	—
hash1f48ad109b4449fdc0d6f7d3ec51131b	—
hash1facdcd05c43ba4d37274dffc90b6d4e	—
hash23dfefab675e7c735f36e5bbb19da2c0	—
hash249722da053044036b2381619d080bfe	—
hash4811ea6284f12970cf292c9844e326ea	—
hash5b90fd1acec3f6251ff8627a42505e83	—
hash5f3dd0514c98bab7172a4ccb2f7a152d	—
hash61bb551c3ab85d80b8e107019aee02b8	—
hash808502752ca0492aca995e9b620d507b	—
hash8f7dfbec116017d632ca77be578795fd	—
hashb8053bcd04ce9d7d19c7f36830a9f26b	—
hashd416f79514231cedb2d34514bc10b5c5	—
hashdf85cc21029de10bd1170e8bc15c92e5	—
hasheae9eed174de0c0301e29c4cedf3131d	—
hasheba237f4049ee3ef374e25ad59093622	—
hashf3981a6a520ee8fb9832ef51b2f1c7d4	—
hash02fa713d3d28f01f697116cea3993014eaaec3df	—
hash1a90eba92624442ca70ea44d1641c1f81544cd3f	—
hash232a0585a7cb6c54e15d5410c96aac5913038e7f	—
hash2f4e56d6b65b58da7af32897035c26317561b648	—
hash3ba9a74f8faeff3de03e4c834f266582e2eb46a8	—
hash41656e98a22c53cf19c87e6acc21b9af8e07902f	—
hash428887427aa631aa3bf8e38c487743a0dc156969	—
hash57a26be3e175fe41fd2581cb7d9c95c7f0b14cf4	—
hash5a341a41bb909bf577465491420e3fce6001c5cf	—
hash5d657c760d3ef7a630e50d09f890cb3452649cd1	—
hash65e980c6f4d42199b1369ee0414665c856d3aa03	—
hash668c40bb6c792b3502b4eefd0916febc8dbd5182	—
hash6eaec5ead18912ece740f8b9704341bace5e30c1	—
hash8a559e3cefd9e5facccae672437c9ea8b2fa1883	—
hash97e85c03da1bbc14541116fb69bc94ad66e553a0	—
hash9c114c01d3aebaf7bdf5a7285585a21c109997f8	—
hashab713a0eb283828102035a0e293e62d0de444880	—
hashdc26aa1f01a3cb7c2ad487982efbcfe378d9acc6	—
hash026bda0dd43bb9b1fa988803837582abd3265b33a6932a82724312ecc550e7ba	—
hash029c5914cedf8e79a647ab69ac08b7ea662c7608ea80cd8c42d07f1d9fe84c9b	—
hash0323aca727e12cbb4c492e3339f64969e46b3d300465af8dcdaf0e881aae1d0d	—
hash037bda8a7e324e378720ff143ca1810b95c78e74062913e9bc588aac9aa55483	—
hash038712505c782f6de7fd435805db35cd806da5132bd7b2f2b16b0c430b800f65	—
hash03bc25ae7222a8142e06629d22c62900e9cd2554ff7d2b9d8836125c6c4fea8c	—
hash057782a338549fdb031b21b6cf4bccdfead95f0b97f439f18cef1485b2d17677	—
hash0916166f5cf72e5869aeb75331a46f9bf978fa328b08e13ee356dd7b0b13afba	—
hash09375c5edc56752d5b8d84cb433e6a2151a57b02938bb84e1e07deefbcede3aa	—
hash0bc2ac5aa152fe7ebb4225f09f691f456631845eab2d71d548bdffed681af3b8	—
hash0c4015083a3eefa815d0f5310b112e7aff27199d38d5605f88a79dcab85db2b5	—
hash0cad360457a42c0408d4e7ed9f4f0faf3d96ec2320c2cdd11b53d82de85b5428	—
hash0f56c703e9b7ddeb90646927bac05a5c6d95308c8e13b88e5d4f4b572423e036	—
hash0f7148bd9e74527c9da1a5913a04ee1b4c1c4ea75cab57539e6781e617b9dab0	—
hash0fda765ed7aba6aa92dca681ab7e93160fcc5caaa0afae815d34e33fa647673a	—
hash114465c38e51d9cd15b84f5c57afd2ca5427ef71ece73d592c0f92f5bb69b237	—
hash11bab07f4dd49504f15a0d7bd4c3d57bf93c67939a200fb34d70f18219984c38	—
hash1572c35417c425433d03477d8e02784739337db9c26df25c0e6b2aa0444c0668	—
hash15a61d74ba86155e9d4636b9f081452a530b6766cc59e950d557a21eab96d60a	—
hash160911c246a25cae17454901fb2d7fb31e20dd0f5c12cbf686ffe24510f22ede	—
hash160dd63c6c58bd2a958c6b9e01c873c4192b6a4533197d7b506e49a04c5aef1c	—
hash183fd2afead8af67f7b7e52c052a906aa089b76f3a734137a9fe3e71ebb56f06	—
hash18cb28c5c7beae394111cf867b4e3cd8e154ab7c7f3d91016e0ead5d90009ee3	—
hash1b4660133c2f2125b1013a3fa22de51d60176052d7c1487c09630fee5582298a	—
hash1d0b246f8d43442ea0eaecde5cfa7fcd8139a9ba93496cd82a8ac056f7393bcf	—
hash21a832ac4c538652416124106b307026d9a8abb943501ff2ce3a14d5fdf2c08b	—
hash2301d1efbe6f2cccabad1583fc2d9846b34117159c8576e550a799e91d80d176	—
hash24a7ce118461c264bf797a4632e8b83b11c7f16c4c6836057284751bc33d20f8	—
hash2629de99f35a283ad44e8fea20a3b536187c8babb24f18763429390f77144128	—
hash263ee8e9f8fbdb95ca8afb642e990f66c41e194110a70765f2abf7257e0790e3	—
hash266d2307216788fcf174735535193c77488435b3da5f9b3867e714d94ae1f4e3	—
hash268c2b3286bb079ec6b047fe17321c7a98b24bf36c16598998de4fc48b6bedf9	—
hash2a5e8e3d02de6f13195ac962862e37918fa7ab9aa14d8fbe3eb9f2fb217b9517	—
hash2a62393c3b2e97cdbd03181d4e4cf699d4511c56a1c9c4ed8ff122f05eb919cc	—
hash2c067b470ab3802719ad65ef1e721a3850933c1a9ebf3e97303a3164effb6f63	—
hash2ea8980002af5ace6c34408626ac56b424ea0a2504ccd0281e09d560e8e05276	—
hash2efd13442f109790bdd5e1b33f706e60501546eb06d15a2aa8226458bbbd315e	—
hash2fd5b4d1cb318b8cbd9c3a5df0ee0c248e8261a20f33110b221ae9cb8b1071ae	—
hash3027a212272957298bf4d32505370fa63fb162d6a6a6ec091af9d7626317a858	—
hash3264a6fae4613963e5b559c956d7d0d48041b6e873a5162f6f0a5f942b1b6215	—
hash34903b66d9035ab84878b4a058f99b86852d55c4b69f8e3254f6097f3d0b674f	—
hash367aa34601606f4f09a496dfeed1d301b8b76643f976ed02960d9e85cce38595	—
hash36aa5dc6c23669821204c7d18a714e360cf0ea2b6e48175ba89c7bbb01a3a1bb	—
hash3b50605e11ff66a370a0a2f99ebc6df09d589d107735004862178f661e051ed8	—
hash3b7b0b7dabe9fe77797ef944121f611d6eb69716a15942c6b58998fbfd6b13d9	—
hash3bd969b1b078a20c5a43bb50e7fc035e9c4af41f0c735d07524f770c0fb0ed22	—
hash3be0b7d41d9fedfcbf5dd8147640f1d12c5693936910fcc76d7af99243056b94	—
hash3c248c1fbc3a03da1acb32a7aa932b130db31251aaa5880b6b94dc7cc2423f8e	—
hash3c50d4953e0f695d8e2849546dd0a4a9b8d06b3ab3d70d32e4181ca7f8c58b1e	—
hash3e2f9c3b76c3b4d932783faeb7ab25cfed3edd939f58659e0aa92fd46a6b1111	—
hash411005c29ff637fa65d20a1ffcb6877663e8c73c0ec67b09a9648df9647930a8	—
hash4598d35d789db350008c2307febe18859221923fe9f1fd2fa61bccc8eca8828e	—
hash475e1a46141efb13bae2e935e61a8731d466a53c1268ca54cd7ba3815b002256	—
hash49c71b594ba808832900316af90ab7cac3e9af825d5b7a081244913c8fed849f	—
hash4b49ec2d58a5a2726bd3f8aea4cb876fd24be3f0f44b2c2a5fed61424a7b5f05	—
hash4e10dfd43a25bcf34c545371bbb579c1d7c14a5df6b0a0bf513e306f4a19f7e9	—
hash4e1c1f94358a6402c69cca010fc2829514aeb77d11b33561469f0d0fdf64f989	—
hash5060bcd360683d43dcde43676d908d5d10b5310e71f16c42529b103b91818d57	—
hash512ad96221ddc5bb90228b719ac2badb999e43c129aa759b3619ae6ffea49c73	—
hash526610d0cf97982044b892731a7d47832893028c67e85c1ae04092c7e05dd827	—
hash52af32ab127d9956c598e926e20abfddeff28cf8f6271bc60ea21cc074def08f	—
hash538e5a536714c0db69b4bb1ea6df421299e75e8c0b2c4644992ebd022c98cd65	—
hash53a26d5e2b1ee5d2a8261843c1fe0c68632d6686222f11177bee9c572c485005	—
hash54b0949e3771e1b1dd7eabdbaf2acffe5e527edafc4a5ffa6aaeb0a6047479f1	—
hash56a00f3f589909783b72ca6fe40d898f45d9787e94f4291a008259ff0a18b12c	—
hash57fe3bc7b7d4e2f8b10869d735c95f53d6a85bd59dacd26292c2d6a089fc36b4	—
hash5c74a6e283b679c9a2e1e8dc74b0ac301f5fa4bd2b37a6c3af2ba4015b34a780	—
hash608a5144ae8ddec032854092da555eb9e29626465657c1c5cc3de0ada0bfea7e	—
hash613985e6cb0783fa378100d464065c0cfab636230ed76994d9daed6b19af3be1	—
hash62ba281147ceeefca5bd15f58ac52125bc42b0e134a6fcb4bd90efdae0fce318	—
hash62f734b99e5b690c12f339562c08e6a9168ad91c00bf4efc6c3f2d6c7a9677bd	—
hash67e5fe71333949e664d9fb1d9ac0081c106fabb9b8e141af9874b58c132ab9e7	—
hash687ca3726ef5168cc4e27ebb560ba649ec4967e44d24806c620f5d1337afa46c	—
hash6aa6250bf821907b7a2927086e0f5b8d759a81c620a3cc7cc45023f734dbac70	—
hash6d9b34bec276a1351ef46e63829237c7352a2e64118fe072a650979557b421b9	—
hash6ddf5c9c790a3a4a536b75d46e6ff10edee2012c625d10fbb69a119b68643cef	—
hash6ecd637ec715709a21ae05c3917e7b33cc35ce2b77700c938d16897fcd0cd8ea	—
hash70da3b1b49c0d6c660501a803026e5a5390bbea749b25b8b2ddffef8bb211ff6	—
hash7787eca1528144693930458282ee26c39508a9014152d36efa3b8645c188964c	—
hash78eed41cec221edd4ffed223f2fd2271a96224fd1173ed685c8c0b274fe93029	—
hash7ab4710efc9cee29c4c17c2d7b367ee528ca3070835bc961eb8481f4ef010ee8	—
hash7c56b87fbc92c9ff8bbd0f0979acb839eea8695c1fd18b731fdb0feca077fd4f	—
hash7df588daaa053890cebfc0ac09b3c6b64bac4523719bc88323af6cc7e64377ed	—
hash8019ea81df3933f933d94e2d7989b70f9aa8f4876d8103e79dc2fa9ae3cc87c2	—
hash84f3b5432a437a8319d81556cceb857609d2c5c9a1e4eb8dab61f528db59e83c	—
hash853e735b64cac5c64d18b78b35dc4129551909b8ee3bdb1ad2b6ef75349f0108	—
hash8550677e8ca53235c5eda21401e75ab495e418877e71149d1ae0c3ce247c3124	—
hash8656a40ad826829fc90537ca0bbdbc2bb9d2e7d96e080f3fc4b5796e44c13881	—
hash8ce7e340773af5310bc851b5a9b848a72759fc33059a0d8cc5732a5f97766aa7	—
hash8e036e4c156fe5c51fbca42121b70dd77741b1ccdc1999867d5ca28fc4d57ae8	—
hash8e53784a8600a6e6fcb61cf9a363a49c44fd97bf22cfec2948728ec622d817fc	—
hash900a9e65bab0c31cefb8e144e4d43052d1b0699d8df05b695bfe4b3275747d0f	—
hash9144c7df6fbae476a8f288bbe002a5f83bbd58826dcea2e851f66c25ca568034	—
hash92e82fe79025aa9e68cae7b734de8c840ec7c6dd439f17abefe69354d4a8bd6e	—
hash93d6f9f0172206779c753a4c486dda1de4aa17a5147e84c31203c694655cd8ab	—
hash94ba2a1b5360a6799546999d8c528a064ddf76126b4478df8973ffdada2fdd62	—
hash95fb0944a2348f1e326b4ce65b04a5b62e1587d90c40d3bb505dc93f5f61295a	—
hash961afc40bd120d3715d2fa333de19a83ab4c712092e9289c28e271ec778f4ea0	—
hash9c50cdfed01bb15b584c8871d5cf4dc506705839020fd0626305bf675bd912fc	—
hasha134f4f4a8d5efd1529dfe83ba1084083da36fd3e78963e1d5d127f7649acb24	—
hasha4f8ffff81c13d2bc6ba5f0ded5ea31b73450ad1a0f42c592f1040d46263846a	—
hasha7a7004ed404980e56f3e9dd4b349a42b39d08b310d32c8ec7db8d55ee693a93	—
hasha8163c286a140dd67a8c97631d4ef5799f93de94a914c3ab1c3026e1688743fa	—
hashacbd2ed341e3dab5d7f258afc098ca86be9916bca6b9d2624557100164a4df2e	—
hashad7848c78cfb589190a1363ee25c6db47dd04a577300a4fbe829ce5b71f0ff39	—
hashaf2c6c59f98c5a172e071a38706255ee56e9e8f7b4a1c575593b862e60f8a2c4	—
hashb0269634a1d295d170e58d6c3c2cb86cd91dea2acd5f3dea9449df8ed0c889c2	—
hashb24316e81b6ebf954fab7a87a211554cde6986b239792610f8d234d05d2a2a1f	—
hashb26458a0b60f4af597433fb7eff7b949ca96e59330f4e4bb85005e8bbcfa4f59	—
hashb2850795bd5be0e6556e20fa10160585def005c2a5cd8df2c345a662714bd815	—
hashb4caf6949964f75e8dd281ae2ab9947248120c680415b5f5b307532c1dc99b58	—
hashb61c22c6b74a546ee337b3a6cc2ee1fa9f3e92e93eced40fe7df27ffddc4c0fe	—
hashb8c0d54f40d0c9deafa44860799a54a09c32cc795498bf0e9f2bef49fa056288	—
hashb905802b0e600f2988fb4d16eaa6eec65ed3c5b9735b79dd9a00dfa4d7abe65e	—
hashb93632280602502b9480abc7c4acd5c7398004197c4a6013ccd2a4ee4c599591	—
hashba114a9b775ccf8215f80094d353b06b3a9fd32e22167e4e06ba986a738ec518	—
hashba65d71d06a8201d32edb98ca54149fb7662baac43d8ecd853c90d03f4320db0	—
hashbb6ab67ddbb74e7afb82bb063744a91f3fecf5fd0f453a179c0776727f6870c7	—
hashbc246e2508013cb3d8df5c21bac16ab3584e40b16b31647db31006877bc13db3	—
hashbc647e05eea89ea9b5ec3ce728e3c039dd2abd17441e7c39cf130f292edd6efc	—
hashbce9616ed0d829a05ce7df6c1fb90895a93772eb438ed7b2cc35407c34031666	—
hashc04860e0ecce7d3a91c5358aecbafc495b2a9f0936dabf99db5f46457776687a	—
hashc2fdb76ec20047129d5f993917cae4a73b61204c531121a57a9121910910fbaf	—
hashc44d1a50eab5299fe20d742093df44a617eeee1e2e0a176bafd8ed95dd60c6c5	—
hashc7137d350aaf2acc965763e380255e9fb63d6feefae4ed91c80b70ff022db855	—
hashc87f7e0ae64e11ef755083bde6b756c695d07c6b89633f6fb66cd96214bcd502	—
hashc8f855c7b1456739d1c03c4225093475baba75cb49d3f1051ba4e40831e5ce84	—
hashcbb512c427297c2b67b83e459887b59e3171ad47a22a62d89f03a1eacab1ac42	—
hashce98feac673b63a3c030c976c0dd4a0fba0cd5e124373b390b0f3c7fa761f95e	—
hashd04904e32b5cb0f9b559855fac81d62c6ad0472dc443be02f08b6fe4a7d56f71	—
hashd1d957406e9177a1ab10bb5a4d2d4dfb3ac971c390f8383eeaa263bdf8038058	—
hashd3f0e0563269d23cfd1e54a16badd2e03d7826c364e2fb84ffe3d48b2a3738e9	—
hashd6c3c83d8549c691972e8fe91277c579efe83b731d5a1669d42692b0b3a17980	—
hashd8364dc34ccece608beea861067fa31cae3f4ef0c3fcdf1804cc88d162c0ff15	—
hashd8d1635a515fd3afb2ccfbd2a82feb2c2150161872f3a4babd90146626fe8355	—
hashd8e272f50e1d699870a74f8cbed06a9371212c208bcfa8b3c992a4744e84ed87	—
hashdc27e0fabdbad970519d354a83f8c4791d2311dedb9e7ed3cee2d0f52078f000	—
hashde9117872e6b32d01fe2e2ec54899641486a1ebb3439123aadea8d5388617eee	—
hashe1e03d90eb8a65ed6d3b4ff16aed51443ecacba465ff1c96a6604c84b215fec8	—
hashe5d34a8a39ae067efe12336732f43775fa8eaf86e0d7668816780d1db9821e5d	—
hashe82ecbe3823046a27d8c39cc0a4acb498f415549946c9ff0e241838b34ed5a21	—
hashe9808c0e5ebba9aa2b2b5f856d1cb6965f6b5fa49e22dc423251786bb46ac2b7	—
hasheb1df006c34463faf8325c52c2f132b62adaaff37afc0bd7ddf0274fa30e59d0	—
hashed8684894015e74ff5cf217cbda2f2036e7c9f573f9b0aa46e29e7ff8c13f11b	—
hashedc9222aece9098ad636af351dd896ffee3360e487fda658062a9722edf02185	—
hashf29e98d60486472e80d2fac7afa7433bad74d69e25ba8b9533c3b23d6b6be9bd	—
hashf3bd3637ad90eae0bfa31c0735fa3bb2e0d7061f63456f7479948ce7e8cd7310	—
hashf3f1ac9e1739a840242c9c215080085af61500dbe7bfd01886fe972e0ca22a26	—
hashf55bb674f524ea72d91dba894ea5448ecf92aab7bceb0cf0025383483e72cc1f	—
hashf80313b4e2d743c94571a98d1672ffc3bc003209c6315ce2a22a9989aae051c2	—
hashf90e8f85f79cbff664ad3c4758f1bed8a6ebc2a712180d675ff560bea2b88c65	—
hashfc56184a160c0fbb3d2a98e5955dfad4e09e3a8db99f162199d9c1f419460984	—
hashff724631dba8abe354c8742f09d88821237632e36c305ba4f1132a95880dde67	—
hashffdb183742a3404c3756ba654ea8eb7983650cbf8fdc4e8a6514870e251f2915	—

Ip

Value	Description	Copy
ip103.30.76.206	—
ip104.233.140.135	—
ip134.122.176.156	—
ip141.11.149.124	—
ip149.104.23.171	—
ip154.211.89.5	—
ip164.155.231.64	—
ip206.237.0.251	—
ip206.237.1.201	—
ip206.238.179.172	—
ip206.238.179.242	—
ip206.238.196.155	—
ip206.238.199.21	—
ip206.238.76.121	—
ip43.247.135.53	—
ip149.104.23.176	—
ip206.237.0.49	—
ip206.237.2.40	—
ip206.237.5.19	—

Domain

Value	Description	Copy
domainchrome-online.site	—
domain0ac0568239f8978.ccega6r0yph8.com	—
domain784564141.ccega6r0yph8.com	—
domainadmin.668608.xyz	—
domainapi.xwphd.com	—
domainbkp.windowstimes.me	—
domainc43f5d6e73a7eb.ccega6r0yph8.com	—
domainimage.windowstimes.online	—
domainimages.windowstimes.online	—
domaintimes.windowstimes.me	—
domaintimes.windowstimes.online	—
domainsentinelones.com	—

Cve

Value	Description	Copy
cveCVE-2017-9805	—
cveCVE-2021-22205	—
cveCVE-2024-27198	—
cveCVE-2024-27199	—
cveCVE-2024-51378	—
cveCVE-2024-51567	—
cveCVE-2024-56145	—
cveCVE-2024-9047	—
cveCVE-2025-31324	—

Threat ID: 6835bdf7182aa0cae2133c1b

Added to database: 5/27/2025, 1:28:23 PM

Last enriched: 6/26/2025, 1:50:08 PM

Last updated: 8/13/2025, 7:25:19 PM

Related Threats

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

NVD Database MITRE CVE Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Custom Arsenal Developed to Target Multiple Industries

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Indicators of Compromise

Custom Arsenal Developed to Target Multiple Industries

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Technical Details

Indicators of Compromise

Hash

Ip

Domain

Cve

Related Threats

Efimer Trojan Steals Crypto, Hacks WordPress Sites via Torrents and Phishing

Coordinated Brute Force Campaign Targets Fortinet SSL VPN

Silent Watcher: Dissecting Cmimai Stealer's VBS Payload

CastleLoader Analysis

The Dark Side of Parental Control Apps

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility