Aerosol Posted March 19, 2015 Report Share Posted March 19, 2015 Rocket Kitten Showing Its Claws: Operation Woolen-GoldFish and the GHOLE campaign - Security News - Trend Micro USARocket Kitten refers to a cyber threat group that has been hitting different public and private Israeli/European organizations. It has launched two campaigns so far: a malware campaign that exclusively makes use of GHOLE malware, as well as a targeted attack dubbed as “Operation Woolen-GoldFish” that's possibly state-sponsored.TSPY_WOOLERG.A - b4790618672197cab31681994bbc10a4 (exfiltration via FTP -_-") SetWindowsHookExW/WH_KEYBOARD_LL - GetKeyState - GetKeyboardStateTROJ_GHOLE.A - 916be1b609ed3dc80e5039a1d8102e82 TROJ_GHOLE.A - b4790618672197cab31681994bbc10a4X2KM_DROPPR.DF - 5a009a0d0c5ecaac1407fb32ee1c8172DownloadPass: infected Source Quote Link to comment Share on other sites More sharing options...
Aerosol Posted March 21, 2015 Author Report Share Posted March 21, 2015 First discovered XLS - 3f7118a2ff787e61b5d18ba0591a29f90349d8ab93aa7d005cdf833f8c9895b2 Dropped file - 69cd44995cd8705f9d21cecc978b6a646eefb9872761844fd33b05b7ac2f0767 other samples:0b75e6364bb63043cf60c8adc98a5749b5167322f8951b128b56768158e3f576578bb18c52242192d6404f3263930f0992dc6babbcbdd72f393228de036a0ea5f0f83d8a8eb7737a92212fe0a13045a3f867c580a47191a048465cd1efb419059bec8af624f7df5eeb8d0b072ad8914dded727cb0a58ebf45a9e4df9d7bdf8fda9b7c289cea29941b0c4c0e2809d703f934dbcc29c13b4bc900b0ee973108984DownloadPass: infected Quote Link to comment Share on other sites More sharing options...
