Jump to content
Aerosol

Recommended Posts

Aerosol Newbie

Aerosol

Posted
Posted

Rocket Kitten Showing Its Claws: Operation Woolen-GoldFish and the GHOLE campaign - Security News - Trend Micro USA

Rocket Kitten refers to a cyber threat group that has been hitting different public and private Israeli/European organizations. It has launched two campaigns so far: a malware campaign that exclusively makes use of GHOLE malware, as well as a targeted attack dubbed as “Operation Woolen-GoldFish” that's possibly state-sponsored.

TSPY_WOOLERG.A - b4790618672197cab31681994bbc10a4 (exfiltration via FTP -_-") SetWindowsHookExW/WH_KEYBOARD_LL - GetKeyState - GetKeyboardState

TROJ_GHOLE.A - 916be1b609ed3dc80e5039a1d8102e82

TROJ_GHOLE.A - b4790618672197cab31681994bbc10a4

X2KM_DROPPR.DF - 5a009a0d0c5ecaac1407fb32ee1c8172

Download

Pass: 

 infected

Source

Aerosol Newbie

Aerosol

Posted
  • Author
Posted

First discovered XLS - 3f7118a2ff787e61b5d18ba0591a29f90349d8ab93aa7d005cdf833f8c9895b2

Dropped file - 69cd44995cd8705f9d21cecc978b6a646eefb9872761844fd33b05b7ac2f0767

other samples:

0b75e6364bb63043cf60c8adc98a5749b5167322f8951b128b56768158e3f576
578bb18c52242192d6404f3263930f0992dc6babbcbdd72f393228de036a0ea5
f0f83d8a8eb7737a92212fe0a13045a3f867c580a47191a048465cd1efb41905
9bec8af624f7df5eeb8d0b072ad8914dded727cb0a58ebf45a9e4df9d7bdf8fd
a9b7c289cea29941b0c4c0e2809d703f934dbcc29c13b4bc900b0ee973108984

Download

Pass: 

infected

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...