A forum for reverse engineering, OS internals and malware analysis 

Forum for completed malware requests.
 #32113  by r0ny
 Fri Sep 14, 2018 3:43 pm
The 360 ​​Threat Intelligence Center recently discovered the new CVE-2017-11882 vulnerability document used by Sea Lotus. Through the analysis of the vulnerability document and related attacks, we linked the organization's recent attacks against South Asian countries. And found a suspected "Hai Lianhua" organization in the beginning of May 2017 for a centralized attack on the domestic, combined with internal threat intelligence data, we believe that this is the organization's use of the "eternal blue" loopholes Attacks against domestic colleges and universities.

ref:https://ti.360.net/blog/articles/oceanl ... niversity/

IOCs:

5bcf16810c7ef5bce3023d0bbefb4391
a532040810d0e34a28f20347807eb89f
 #32114  by Antelox
 Fri Sep 14, 2018 4:06 pm
BR,

Antelox
You do not have the required permissions to view the files attached to this post.