OSINT - New Malware with Ties to SunOrcal Discovered
Unit 42 has discovered a new malware family we’ve named “Reaver†with ties to attackers who use SunOrcal malware. SunOrcal activity has been documented to at least 2013, and based on metadata surrounding some of the C2s, may have been active as early as 2010. The new family appears to have been in the wild since late 2016 and to date we have only identified 10 unique samples, indicating it may be sparingly used. Reaver is also somewhat unique in the fact that its final payload is in the form of a Control panel item, or CPL file. To date, only 0.006% of all malware seen by Palo Alto Networks employs this technique, indicating that it is in fact fairly rare.
AI Analysis
Technical Summary
The newly discovered malware family named "Reaver" has been identified by Unit 42 and is linked to threat actors previously associated with the SunOrcal malware. SunOrcal has a documented history dating back to at least 2013, with some indicators suggesting activity as early as 2010. Reaver appears to have been active since late 2016 but remains rare, with only 10 unique samples identified to date. This scarcity suggests limited or targeted use rather than widespread campaigns. A notable technical characteristic of Reaver is its use of a Control Panel item (CPL) file as its final payload. This is an uncommon technique, employed by only 0.006% of malware samples observed by Palo Alto Networks, which may help evade detection by traditional antivirus and endpoint protection solutions that focus on more common executable formats. The use of CPL files can allow the malware to execute code within the Windows Control Panel framework, potentially bypassing some security controls or user suspicion. There are no known exploits in the wild associated with this malware, and no specific affected software versions have been identified. The threat level and analysis scores provided are relatively low, and the overall severity is classified as low. However, the connection to a long-standing threat actor group and the unique payload delivery method warrant attention from security teams. The lack of detailed indicators or patch information limits the ability to perform signature-based detection or immediate remediation steps.
Potential Impact
For European organizations, the impact of Reaver is currently assessed as low due to its rarity and limited distribution. However, the malware's unique use of CPL files as payloads could enable stealthy persistence or execution, potentially leading to unauthorized access, data exfiltration, or lateral movement if deployed in targeted attacks. Organizations in sectors with high-value intellectual property or sensitive data could face confidentiality risks if targeted. The malware's ties to a threat actor with a long operational history suggest potential for espionage or targeted intrusion campaigns rather than broad disruption. Given the absence of widespread exploitation, the immediate risk to availability and integrity is minimal, but the stealthy nature of the payload delivery could delay detection and response, increasing potential damage in targeted scenarios.
Mitigation Recommendations
European organizations should enhance monitoring for unusual CPL file executions and incorporate CPL file analysis into their endpoint detection and response (EDR) strategies. Network defenders should implement strict application whitelisting policies that include Control Panel extensions and monitor for unauthorized CPL file creation or modification. Deploy behavioral analytics to detect anomalous activity related to Control Panel processes (e.g., rundll32.exe executing CPL files). Since traditional signature-based detection may be insufficient, organizations should leverage threat intelligence feeds to update detection rules with any emerging indicators related to Reaver or SunOrcal. Regularly audit and restrict administrative privileges to limit the malware's ability to install or execute CPL payloads. Additionally, organizations should conduct targeted threat hunting exercises focusing on CPL file usage and review logs for any suspicious activity dating back to late 2016. Given the malware's rarity, sharing any findings with trusted information sharing and analysis centers (ISACs) or national cybersecurity authorities can help build collective defense.
Affected Countries
Germany, France, United Kingdom, Netherlands, Belgium, Italy, Sweden
Indicators of Compromise
- link: https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-ties-to-sunorcal-discovered/
- comment: Unit 42 has discovered a new malware family we’ve named “Reaver†with ties to attackers who use SunOrcal malware. SunOrcal activity has been documented to at least 2013, and based on metadata surrounding some of the C2s, may have been active as early as 2010. The new family appears to have been in the wild since late 2016 and to date we have only identified 10 unique samples, indicating it may be sparingly used. Reaver is also somewhat unique in the fact that its final payload is in the form of a Control panel item, or CPL file. To date, only 0.006% of all malware seen by Palo Alto Networks employs this technique, indicating that it is in fact fairly rare.
- regkey: %COMMONPROGRAMFILES%\services\
- regkey: %APPDATA%\microsoft\mmc\
- regkey: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Startup
- regkey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Startup
- file: ‘%TEMP%\~WUpdate.lnk
- file: %TEMP%\~Update.lnk
- regkey: %APPDATA%\microsoft\credentials\
- file: %TEMP%\winhelp.dat
- file: [path_previously_identified]\winhelp.cpl
- domain: www.fyoutside.com
- domain: www.tashdqdxp.com
- domain: www.weryhstui.com
- ip: 98.126.156.210
- domain: www.olinaodi.com
- hash: d560f44188fb56d3abb11d9508e1167329470de19b811163eb1167534722e666
- hash: 98eb5465c6330b9b49df2e7c9ad0b1164aa5b35423d9e80495a178eb510cdc1c
- hash: 05ddbd0506ec95fb460b3994e5b21cdb0418ba4aa406374ca1b91249349b7640
- hash: 18ac3b14300ecfeed4b64a844c16dccb06b0e3513d0954d6c6182f2ea14e4c92
- hash: c0f8bb77284b96e07cab1c3fab8800b1bbd030720c74628c4ee5666694ef903d
- hash: 9213f70bce491991c4cbbbd7dc3e67d3a3d535b965d7064973b35c50f265e59b
- hash: 26c234c73e2c3448589c7d4a0cf17f615ad3666541a4e611e2d8b77637205bcf
- hash: ae9f158e4886cfdbfb4f1b3b25707d05f6fd873d0be9d8e7334a2c28741228ee
- hash: 1fcda755e8fa23d27329e4bc0443a82e1c1e9a6c1691639db256a187365e4db1
- hash: c906250e0a4c457663e37119ebe1efa1e4b97eef1d975f383ac3243f9f09908c
- hash: 1813f10bcf74beb582c824c64fff63cb150d178bef93af81d875ca84214307a1
- hash: 799139b5278dc2ac24279cc6c3db44f4ef0ea78ee7b721b0ace38fd8018c51ac
- hash: 81d887fefdbb0219647991c2b7bddf45c2fede4dc6fc18408f1706e0279615b2
- hash: 58312fb742ce881e040e1b5b8555f00a402b8dd4fc886acaae2f862040b3bfc5
- hash: 38ea33dab0ba2edd16ecd98cba161c550d1036b253c8666c4110d198948329fb
- hash: cb7c0cf1750baaa11783e93369230ee666b9f3da7298e4d1bb9a07af6a439f2f
- ip: 104.148.70.217
- hash: da7a5e54d1d45462bda65807c1ef03ee34b7e777
- hash: 7dcf79a66192e88b92ccc12810e61329
- link: https://www.virustotal.com/file/cb7c0cf1750baaa11783e93369230ee666b9f3da7298e4d1bb9a07af6a439f2f/analysis/1510574305/
- hash: 704886d56ded5817e39d7442b0203c2f76207f92
- hash: af6a25fc28e0560860c01d74854a2cba
- link: https://www.virustotal.com/file/38ea33dab0ba2edd16ecd98cba161c550d1036b253c8666c4110d198948329fb/analysis/1510574322/
- hash: 9adbe92835ee2cc93e0d99b9d4536eb7727acf47
- hash: 47cc3592bbf8c3b516ae74c95efb3344
- link: https://www.virustotal.com/file/58312fb742ce881e040e1b5b8555f00a402b8dd4fc886acaae2f862040b3bfc5/analysis/1510574347/
- hash: 7fa8bfc051b98698e6b95cbc7163e4aa41880279
- hash: 5eb3a846092cae378fcd45bdf5453536
- link: https://www.virustotal.com/file/81d887fefdbb0219647991c2b7bddf45c2fede4dc6fc18408f1706e0279615b2/analysis/1510574318/
- hash: a6e538a01c366580e90e49249251b66dfe39c72f
- hash: 11a5b1901243396984670af7acc6cf72
- link: https://www.virustotal.com/file/799139b5278dc2ac24279cc6c3db44f4ef0ea78ee7b721b0ace38fd8018c51ac/analysis/1510574343/
- hash: 03bc4181fb54af3151cab60406a01a44158e5277
- hash: 17587683361d8458aebd9b8fdd07137a
- link: https://www.virustotal.com/file/1813f10bcf74beb582c824c64fff63cb150d178bef93af81d875ca84214307a1/analysis/1510849386/
- hash: b31160953ff19e6abf12fc8319420ab2e1c88e77
- hash: 2d563bf83bddca1f24e8a0ffb951a7e9
- link: https://www.virustotal.com/file/c906250e0a4c457663e37119ebe1efa1e4b97eef1d975f383ac3243f9f09908c/analysis/1510574300/
- hash: 172b4578cb50985b08c227360d9c9df2cf32117a
- hash: aab319d9715d38a37a10d82e87478dfc
- link: https://www.virustotal.com/file/1fcda755e8fa23d27329e4bc0443a82e1c1e9a6c1691639db256a187365e4db1/analysis/1510574331/
- hash: d62f1f039d0be1d7b2a8ed122d97ee917dbc9ce8
- hash: 892350b2a44efd9fa1e7c88aec013818
- link: https://www.virustotal.com/file/ae9f158e4886cfdbfb4f1b3b25707d05f6fd873d0be9d8e7334a2c28741228ee/analysis/1510574327/
- hash: e96be5b542d100913a5bca0f02fb094d6f3ad85b
- hash: dd7edadd019bc120978a4dad284fbea6
- link: https://www.virustotal.com/file/9213f70bce491991c4cbbbd7dc3e67d3a3d535b965d7064973b35c50f265e59b/analysis/1510574335/
- hash: cbde40a234bff8870f8746eca969c364da7f4aec
- hash: ae185e9c43bb1498a3c653a0886896e3
- link: https://www.virustotal.com/file/c0f8bb77284b96e07cab1c3fab8800b1bbd030720c74628c4ee5666694ef903d/analysis/1510921773/
- hash: 5c6b231111239c0625dc9ff4359d1b8553159ecc
- hash: c629f8f3206e5a6de83b4c996a2bacfb
- link: https://www.virustotal.com/file/18ac3b14300ecfeed4b64a844c16dccb06b0e3513d0954d6c6182f2ea14e4c92/analysis/1510610402/
- hash: c05d15fc94d096a821f2c689a29dff7679ce087a
- hash: dadf3d3dd411bc02d7c05ee3a18259ea
- link: https://www.virustotal.com/file/98eb5465c6330b9b49df2e7c9ad0b1164aa5b35423d9e80495a178eb510cdc1c/analysis/1510823791/
- hash: 0cea48067ddbc9227363168013142f6f3a5dea9f
- hash: 9f289cce6f95949450e3f4c96a187f5d
- link: https://www.virustotal.com/file/d560f44188fb56d3abb11d9508e1167329470de19b811163eb1167534722e666/analysis/1510823685/
OSINT - New Malware with Ties to SunOrcal Discovered
Description
Unit 42 has discovered a new malware family we’ve named “Reaver†with ties to attackers who use SunOrcal malware. SunOrcal activity has been documented to at least 2013, and based on metadata surrounding some of the C2s, may have been active as early as 2010. The new family appears to have been in the wild since late 2016 and to date we have only identified 10 unique samples, indicating it may be sparingly used. Reaver is also somewhat unique in the fact that its final payload is in the form of a Control panel item, or CPL file. To date, only 0.006% of all malware seen by Palo Alto Networks employs this technique, indicating that it is in fact fairly rare.
AI-Powered Analysis
Technical Analysis
The newly discovered malware family named "Reaver" has been identified by Unit 42 and is linked to threat actors previously associated with the SunOrcal malware. SunOrcal has a documented history dating back to at least 2013, with some indicators suggesting activity as early as 2010. Reaver appears to have been active since late 2016 but remains rare, with only 10 unique samples identified to date. This scarcity suggests limited or targeted use rather than widespread campaigns. A notable technical characteristic of Reaver is its use of a Control Panel item (CPL) file as its final payload. This is an uncommon technique, employed by only 0.006% of malware samples observed by Palo Alto Networks, which may help evade detection by traditional antivirus and endpoint protection solutions that focus on more common executable formats. The use of CPL files can allow the malware to execute code within the Windows Control Panel framework, potentially bypassing some security controls or user suspicion. There are no known exploits in the wild associated with this malware, and no specific affected software versions have been identified. The threat level and analysis scores provided are relatively low, and the overall severity is classified as low. However, the connection to a long-standing threat actor group and the unique payload delivery method warrant attention from security teams. The lack of detailed indicators or patch information limits the ability to perform signature-based detection or immediate remediation steps.
Potential Impact
For European organizations, the impact of Reaver is currently assessed as low due to its rarity and limited distribution. However, the malware's unique use of CPL files as payloads could enable stealthy persistence or execution, potentially leading to unauthorized access, data exfiltration, or lateral movement if deployed in targeted attacks. Organizations in sectors with high-value intellectual property or sensitive data could face confidentiality risks if targeted. The malware's ties to a threat actor with a long operational history suggest potential for espionage or targeted intrusion campaigns rather than broad disruption. Given the absence of widespread exploitation, the immediate risk to availability and integrity is minimal, but the stealthy nature of the payload delivery could delay detection and response, increasing potential damage in targeted scenarios.
Mitigation Recommendations
European organizations should enhance monitoring for unusual CPL file executions and incorporate CPL file analysis into their endpoint detection and response (EDR) strategies. Network defenders should implement strict application whitelisting policies that include Control Panel extensions and monitor for unauthorized CPL file creation or modification. Deploy behavioral analytics to detect anomalous activity related to Control Panel processes (e.g., rundll32.exe executing CPL files). Since traditional signature-based detection may be insufficient, organizations should leverage threat intelligence feeds to update detection rules with any emerging indicators related to Reaver or SunOrcal. Regularly audit and restrict administrative privileges to limit the malware's ability to install or execute CPL payloads. Additionally, organizations should conduct targeted threat hunting exercises focusing on CPL file usage and review logs for any suspicious activity dating back to late 2016. Given the malware's rarity, sharing any findings with trusted information sharing and analysis centers (ISACs) or national cybersecurity authorities can help build collective defense.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 3
- Analysis
- 2
- Uuid
- 5a0a9aa9-23a4-4607-b6df-41a9950d210f
- Original Timestamp
- 1510922435
Indicators of Compromise
Link
| Value | Description | Copy |
|---|---|---|
linkhttps://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-ties-to-sunorcal-discovered/ | — | |
linkhttps://www.virustotal.com/file/cb7c0cf1750baaa11783e93369230ee666b9f3da7298e4d1bb9a07af6a439f2f/analysis/1510574305/ | SunOrcal - Xchecked via VT: cb7c0cf1750baaa11783e93369230ee666b9f3da7298e4d1bb9a07af6a439f2f | |
linkhttps://www.virustotal.com/file/38ea33dab0ba2edd16ecd98cba161c550d1036b253c8666c4110d198948329fb/analysis/1510574322/ | SunOrcal - Xchecked via VT: 38ea33dab0ba2edd16ecd98cba161c550d1036b253c8666c4110d198948329fb | |
linkhttps://www.virustotal.com/file/58312fb742ce881e040e1b5b8555f00a402b8dd4fc886acaae2f862040b3bfc5/analysis/1510574347/ | SunOrcal - Xchecked via VT: 58312fb742ce881e040e1b5b8555f00a402b8dd4fc886acaae2f862040b3bfc5 | |
linkhttps://www.virustotal.com/file/81d887fefdbb0219647991c2b7bddf45c2fede4dc6fc18408f1706e0279615b2/analysis/1510574318/ | SunOrcal - Xchecked via VT: 81d887fefdbb0219647991c2b7bddf45c2fede4dc6fc18408f1706e0279615b2 | |
linkhttps://www.virustotal.com/file/799139b5278dc2ac24279cc6c3db44f4ef0ea78ee7b721b0ace38fd8018c51ac/analysis/1510574343/ | SunOrcal - Xchecked via VT: 799139b5278dc2ac24279cc6c3db44f4ef0ea78ee7b721b0ace38fd8018c51ac | |
linkhttps://www.virustotal.com/file/1813f10bcf74beb582c824c64fff63cb150d178bef93af81d875ca84214307a1/analysis/1510849386/ | Reaver.v3 - Xchecked via VT: 1813f10bcf74beb582c824c64fff63cb150d178bef93af81d875ca84214307a1 | |
linkhttps://www.virustotal.com/file/c906250e0a4c457663e37119ebe1efa1e4b97eef1d975f383ac3243f9f09908c/analysis/1510574300/ | Reaver.v3 - Xchecked via VT: c906250e0a4c457663e37119ebe1efa1e4b97eef1d975f383ac3243f9f09908c | |
linkhttps://www.virustotal.com/file/1fcda755e8fa23d27329e4bc0443a82e1c1e9a6c1691639db256a187365e4db1/analysis/1510574331/ | Reaver.v3 - Xchecked via VT: 1fcda755e8fa23d27329e4bc0443a82e1c1e9a6c1691639db256a187365e4db1 | |
linkhttps://www.virustotal.com/file/ae9f158e4886cfdbfb4f1b3b25707d05f6fd873d0be9d8e7334a2c28741228ee/analysis/1510574327/ | Reaver.v3 - Xchecked via VT: ae9f158e4886cfdbfb4f1b3b25707d05f6fd873d0be9d8e7334a2c28741228ee | |
linkhttps://www.virustotal.com/file/9213f70bce491991c4cbbbd7dc3e67d3a3d535b965d7064973b35c50f265e59b/analysis/1510574335/ | Reaver.v3 - Xchecked via VT: 9213f70bce491991c4cbbbd7dc3e67d3a3d535b965d7064973b35c50f265e59b | |
linkhttps://www.virustotal.com/file/c0f8bb77284b96e07cab1c3fab8800b1bbd030720c74628c4ee5666694ef903d/analysis/1510921773/ | Reaver.v3 - Xchecked via VT: c0f8bb77284b96e07cab1c3fab8800b1bbd030720c74628c4ee5666694ef903d | |
linkhttps://www.virustotal.com/file/18ac3b14300ecfeed4b64a844c16dccb06b0e3513d0954d6c6182f2ea14e4c92/analysis/1510610402/ | Reaver.v3 - Xchecked via VT: 18ac3b14300ecfeed4b64a844c16dccb06b0e3513d0954d6c6182f2ea14e4c92 | |
linkhttps://www.virustotal.com/file/98eb5465c6330b9b49df2e7c9ad0b1164aa5b35423d9e80495a178eb510cdc1c/analysis/1510823791/ | Reaver.v2 - Xchecked via VT: 98eb5465c6330b9b49df2e7c9ad0b1164aa5b35423d9e80495a178eb510cdc1c | |
linkhttps://www.virustotal.com/file/d560f44188fb56d3abb11d9508e1167329470de19b811163eb1167534722e666/analysis/1510823685/ | Reaver.v1 - Xchecked via VT: d560f44188fb56d3abb11d9508e1167329470de19b811163eb1167534722e666 |
Comment
| Value | Description | Copy |
|---|---|---|
commentUnit 42 has discovered a new malware family we’ve named “Reaver†with ties to attackers who use SunOrcal malware. SunOrcal activity has been documented to at least 2013, and based on metadata surrounding some of the C2s, may have been active as early as 2010. The new family appears to have been in the wild since late 2016 and to date we have only identified 10 unique samples, indicating it may be sparingly used. Reaver is also somewhat unique in the fact that its final payload is in the form of a Control panel item, or CPL file. To date, only 0.006% of all malware seen by Palo Alto Networks employs this technique, indicating that it is in fact fairly rare. | — |
Regkey
| Value | Description | Copy |
|---|---|---|
regkey%COMMONPROGRAMFILES%\services\ | — | |
regkey%APPDATA%\microsoft\mmc\ | — | |
regkeyHKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Startup | — | |
regkeyHKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Startup | — | |
regkey%APPDATA%\microsoft\credentials\ | — |
File
| Value | Description | Copy |
|---|---|---|
file‘%TEMP%\~WUpdate.lnk | — | |
file%TEMP%\~Update.lnk | — | |
file%TEMP%\winhelp.dat | — | |
file[path_previously_identified]\winhelp.cpl | — |
Domain
| Value | Description | Copy |
|---|---|---|
domainwww.fyoutside.com | C2 | |
domainwww.tashdqdxp.com | C2 | |
domainwww.weryhstui.com | C2 | |
domainwww.olinaodi.com | C2 |
Ip
| Value | Description | Copy |
|---|---|---|
ip98.126.156.210 | — | |
ip104.148.70.217 | C2 |
Hash
| Value | Description | Copy |
|---|---|---|
hashd560f44188fb56d3abb11d9508e1167329470de19b811163eb1167534722e666 | Reaver.v1 | |
hash98eb5465c6330b9b49df2e7c9ad0b1164aa5b35423d9e80495a178eb510cdc1c | Reaver.v2 | |
hash05ddbd0506ec95fb460b3994e5b21cdb0418ba4aa406374ca1b91249349b7640 | Reaver.v2 | |
hash18ac3b14300ecfeed4b64a844c16dccb06b0e3513d0954d6c6182f2ea14e4c92 | Reaver.v3 | |
hashc0f8bb77284b96e07cab1c3fab8800b1bbd030720c74628c4ee5666694ef903d | Reaver.v3 | |
hash9213f70bce491991c4cbbbd7dc3e67d3a3d535b965d7064973b35c50f265e59b | Reaver.v3 | |
hash26c234c73e2c3448589c7d4a0cf17f615ad3666541a4e611e2d8b77637205bcf | Reaver.v3 | |
hashae9f158e4886cfdbfb4f1b3b25707d05f6fd873d0be9d8e7334a2c28741228ee | Reaver.v3 | |
hash1fcda755e8fa23d27329e4bc0443a82e1c1e9a6c1691639db256a187365e4db1 | Reaver.v3 | |
hashc906250e0a4c457663e37119ebe1efa1e4b97eef1d975f383ac3243f9f09908c | Reaver.v3 | |
hash1813f10bcf74beb582c824c64fff63cb150d178bef93af81d875ca84214307a1 | Reaver.v3 | |
hash799139b5278dc2ac24279cc6c3db44f4ef0ea78ee7b721b0ace38fd8018c51ac | SunOrcal | |
hash81d887fefdbb0219647991c2b7bddf45c2fede4dc6fc18408f1706e0279615b2 | SunOrcal | |
hash58312fb742ce881e040e1b5b8555f00a402b8dd4fc886acaae2f862040b3bfc5 | SunOrcal | |
hash38ea33dab0ba2edd16ecd98cba161c550d1036b253c8666c4110d198948329fb | SunOrcal | |
hashcb7c0cf1750baaa11783e93369230ee666b9f3da7298e4d1bb9a07af6a439f2f | SunOrcal | |
hashda7a5e54d1d45462bda65807c1ef03ee34b7e777 | SunOrcal - Xchecked via VT: cb7c0cf1750baaa11783e93369230ee666b9f3da7298e4d1bb9a07af6a439f2f | |
hash7dcf79a66192e88b92ccc12810e61329 | SunOrcal - Xchecked via VT: cb7c0cf1750baaa11783e93369230ee666b9f3da7298e4d1bb9a07af6a439f2f | |
hash704886d56ded5817e39d7442b0203c2f76207f92 | SunOrcal - Xchecked via VT: 38ea33dab0ba2edd16ecd98cba161c550d1036b253c8666c4110d198948329fb | |
hashaf6a25fc28e0560860c01d74854a2cba | SunOrcal - Xchecked via VT: 38ea33dab0ba2edd16ecd98cba161c550d1036b253c8666c4110d198948329fb | |
hash9adbe92835ee2cc93e0d99b9d4536eb7727acf47 | SunOrcal - Xchecked via VT: 58312fb742ce881e040e1b5b8555f00a402b8dd4fc886acaae2f862040b3bfc5 | |
hash47cc3592bbf8c3b516ae74c95efb3344 | SunOrcal - Xchecked via VT: 58312fb742ce881e040e1b5b8555f00a402b8dd4fc886acaae2f862040b3bfc5 | |
hash7fa8bfc051b98698e6b95cbc7163e4aa41880279 | SunOrcal - Xchecked via VT: 81d887fefdbb0219647991c2b7bddf45c2fede4dc6fc18408f1706e0279615b2 | |
hash5eb3a846092cae378fcd45bdf5453536 | SunOrcal - Xchecked via VT: 81d887fefdbb0219647991c2b7bddf45c2fede4dc6fc18408f1706e0279615b2 | |
hasha6e538a01c366580e90e49249251b66dfe39c72f | SunOrcal - Xchecked via VT: 799139b5278dc2ac24279cc6c3db44f4ef0ea78ee7b721b0ace38fd8018c51ac | |
hash11a5b1901243396984670af7acc6cf72 | SunOrcal - Xchecked via VT: 799139b5278dc2ac24279cc6c3db44f4ef0ea78ee7b721b0ace38fd8018c51ac | |
hash03bc4181fb54af3151cab60406a01a44158e5277 | Reaver.v3 - Xchecked via VT: 1813f10bcf74beb582c824c64fff63cb150d178bef93af81d875ca84214307a1 | |
hash17587683361d8458aebd9b8fdd07137a | Reaver.v3 - Xchecked via VT: 1813f10bcf74beb582c824c64fff63cb150d178bef93af81d875ca84214307a1 | |
hashb31160953ff19e6abf12fc8319420ab2e1c88e77 | Reaver.v3 - Xchecked via VT: c906250e0a4c457663e37119ebe1efa1e4b97eef1d975f383ac3243f9f09908c | |
hash2d563bf83bddca1f24e8a0ffb951a7e9 | Reaver.v3 - Xchecked via VT: c906250e0a4c457663e37119ebe1efa1e4b97eef1d975f383ac3243f9f09908c | |
hash172b4578cb50985b08c227360d9c9df2cf32117a | Reaver.v3 - Xchecked via VT: 1fcda755e8fa23d27329e4bc0443a82e1c1e9a6c1691639db256a187365e4db1 | |
hashaab319d9715d38a37a10d82e87478dfc | Reaver.v3 - Xchecked via VT: 1fcda755e8fa23d27329e4bc0443a82e1c1e9a6c1691639db256a187365e4db1 | |
hashd62f1f039d0be1d7b2a8ed122d97ee917dbc9ce8 | Reaver.v3 - Xchecked via VT: ae9f158e4886cfdbfb4f1b3b25707d05f6fd873d0be9d8e7334a2c28741228ee | |
hash892350b2a44efd9fa1e7c88aec013818 | Reaver.v3 - Xchecked via VT: ae9f158e4886cfdbfb4f1b3b25707d05f6fd873d0be9d8e7334a2c28741228ee | |
hashe96be5b542d100913a5bca0f02fb094d6f3ad85b | Reaver.v3 - Xchecked via VT: 9213f70bce491991c4cbbbd7dc3e67d3a3d535b965d7064973b35c50f265e59b | |
hashdd7edadd019bc120978a4dad284fbea6 | Reaver.v3 - Xchecked via VT: 9213f70bce491991c4cbbbd7dc3e67d3a3d535b965d7064973b35c50f265e59b | |
hashcbde40a234bff8870f8746eca969c364da7f4aec | Reaver.v3 - Xchecked via VT: c0f8bb77284b96e07cab1c3fab8800b1bbd030720c74628c4ee5666694ef903d | |
hashae185e9c43bb1498a3c653a0886896e3 | Reaver.v3 - Xchecked via VT: c0f8bb77284b96e07cab1c3fab8800b1bbd030720c74628c4ee5666694ef903d | |
hash5c6b231111239c0625dc9ff4359d1b8553159ecc | Reaver.v3 - Xchecked via VT: 18ac3b14300ecfeed4b64a844c16dccb06b0e3513d0954d6c6182f2ea14e4c92 | |
hashc629f8f3206e5a6de83b4c996a2bacfb | Reaver.v3 - Xchecked via VT: 18ac3b14300ecfeed4b64a844c16dccb06b0e3513d0954d6c6182f2ea14e4c92 | |
hashc05d15fc94d096a821f2c689a29dff7679ce087a | Reaver.v2 - Xchecked via VT: 98eb5465c6330b9b49df2e7c9ad0b1164aa5b35423d9e80495a178eb510cdc1c | |
hashdadf3d3dd411bc02d7c05ee3a18259ea | Reaver.v2 - Xchecked via VT: 98eb5465c6330b9b49df2e7c9ad0b1164aa5b35423d9e80495a178eb510cdc1c | |
hash0cea48067ddbc9227363168013142f6f3a5dea9f | Reaver.v1 - Xchecked via VT: d560f44188fb56d3abb11d9508e1167329470de19b811163eb1167534722e666 | |
hash9f289cce6f95949450e3f4c96a187f5d | Reaver.v1 - Xchecked via VT: d560f44188fb56d3abb11d9508e1167329470de19b811163eb1167534722e666 |
Threat ID: 682b81078ee1a77b717bd7da
Added to database: 5/19/2025, 7:05:43 PM
Last enriched: 6/18/2025, 7:34:34 PM
Last updated: 7/26/2025, 12:52:42 AM
Views: 15
Related Threats
ThreatFox IOCs for 2025-08-10
MediumThreatFox IOCs for 2025-08-09
MediumThreatFox IOCs for 2025-08-08
MediumThreatFox IOCs for 2025-08-07
MediumMicrosoft unveils Project Ire: AI that autonomously detects malware
LowActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.