CL-STA-0048: An Espionage Operation Against High-Value Targets in South Asia

URL/Domain

h5.nasa6.com

sentinelones.com

test.nulq5r.ceye.io

mail.tttseo.com

web.nginxui.cc

IP Address

38.54.30.117

65.20.69.103

52.77.234.115

192.227.180.124

107.174.39.125

154.201.68.57

38.54.56.88

43.247.135.106

18.183.94.114

206.237.0.49

Hash

3503d6ccb9f49e1b1cb83844d1b05ae3cf7621dfec8dc115a40abb9ec61b00bb

c5af6fd69b75507c1ea339940705eaf61deadd9c3573d2dec5324c61e77e6098

525540eac2d90c94dd3352c7dd624720ff2119082807e2670785aed77746301d

af0baf0a9142973a3b2a6c8813a3b4096e516188a48f7fd26ecc8299bce508e1

508d6dd6c45027e3cda3d93364980f32ffc34c684a424c769954d741cf0d40d0

0f85b67f0c4ca0e7a80df8567265b3fa9f44f2ad6ae09a7c9b7fac2ca24e62a8

8dfc107662f22cff20d19e0aba76fcd181657255078a78fb1be3d3a54d0c3d46

336892ff8f07e34d18344f4245406e001f1faa779b3f10fd143108d6f30ebb8a

35da93d03485b07a8387e46d1ce683a81ae040e6de5bb1a411feb6492a0f8435

a09179dec5788a7eee0571f2409e23df57a63c1c62e4b33f2af068351e5d9e2d

edc9222aece9098ad636af351dd896ffee3360e487fda658062a9722edf02185

Detection Query 1

userdomainname like "test.nulq5r.ceye.io" or url like "test.nulq5r.ceye.io" or userdomainname like "mail.tttseo.com" or url like "mail.tttseo.com" or userdomainname like "web.nginxui.cc" or url like "web.nginxui.cc" or userdomainname like "h5.nasa6.com" or url like "h5.nasa6.com" or userdomainname like "sentinelones.com" or url like "sentinelones.com"

Detection Query 2

dstipaddress IN ("38.54.56.88","43.247.135.106","18.183.94.114","206.237.0.49","38.54.30.117","65.20.69.103","52.77.234.115","192.227.180.124","107.174.39.125","154.201.68.57") or ipaddress IN ("38.54.56.88","43.247.135.106","18.183.94.114","206.237.0.49","38.54.30.117","65.20.69.103","52.77.234.115","192.227.180.124","107.174.39.125","154.201.68.57") or publicipaddress IN ("38.54.56.88","43.247.135.106","18.183.94.114","206.237.0.49","38.54.30.117","65.20.69.103","52.77.234.115","192.227.180.124","107.174.39.125","154.201.68.57") or srcipaddress IN ("38.54.56.88","43.247.135.106","18.183.94.114","206.237.0.49","38.54.30.117","65.20.69.103","52.77.234.115","192.227.180.124","107.174.39.125","154.201.68.57")

Detection Query 3

sha256hash IN ("3503d6ccb9f49e1b1cb83844d1b05ae3cf7621dfec8dc115a40abb9ec61b00bb","c5af6fd69b75507c1ea339940705eaf61deadd9c3573d2dec5324c61e77e6098","525540eac2d90c94dd3352c7dd624720ff2119082807e2670785aed77746301d","af0baf0a9142973a3b2a6c8813a3b4096e516188a48f7fd26ecc8299bce508e1","508d6dd6c45027e3cda3d93364980f32ffc34c684a424c769954d741cf0d40d0","0f85b67f0c4ca0e7a80df8567265b3fa9f44f2ad6ae09a7c9b7fac2ca24e62a8","8dfc107662f22cff20d19e0aba76fcd181657255078a78fb1be3d3a54d0c3d46","336892ff8f07e34d18344f4245406e001f1faa779b3f10fd143108d6f30ebb8a","35da93d03485b07a8387e46d1ce683a81ae040e6de5bb1a411feb6492a0f8435","a09179dec5788a7eee0571f2409e23df57a63c1c62e4b33f2af068351e5d9e2d","edc9222aece9098ad636af351dd896ffee3360e487fda658062a9722edf02185")