TLP:WHITE17 IOCs
The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkit
Malware Families
Diamond Model
Adversary
Infrastructure(6)
Capability(1)
Victim
5W+H Threat Analysis
Analysis unavailable
Indicators of Compromise
Indicators of Compromise17
| Type | Indicator | Confidence | Score | First Seen |
|---|---|---|---|---|
| URL | api.wiresguard.com/api/FileUpload/submit c2loadermalware | High | 68 | Jun 2, 26 |
| URL | 124.222.137.114:9999/3yZR31VK c2malwarenetwork | High | 68 | Jun 2, 26 |
| URL | https://api.wiresguard.com/api/Info/submit c2malwarenetwork | High | 68 | Jun 2, 26 |
| URL | https://api.wiresguard.com/api/getInfo/v1 c2malwarenetwork | High | 68 | Jun 2, 26 |
| Domain | api.skycloudcenter.com malwarenetwork | High | 68 | Jun 2, 26 |
| IP | 124.222.137.114 loadermalwarenetwork | High | 68 | Jun 2, 26 |
| IP | 61.4.102.97 loadermalwarenetwork | High | 68 | Jun 2, 26 |
| IP | 59.110.7.32 botnetloadermalware | High | 86 | Jun 2, 26 |
| URL | http://59.110.7.32:8880/uffhxpSy c2loadermalware | High | 68 | Jun 2, 26 |
| URL | https://api.wiresguard.com/users/system c2malwarenetwork | High | 68 | Jun 2, 26 |
| URL | api.wiresguard.com/update/v1 c2loadermalware | High | 68 | Jun 2, 26 |
| URL | http://124.222.137.114:9999/api/updateStatus/v1 c2malwarenetwork | High | 68 | Jun 2, 26 |
| IP | 95.179.213.0 intel-blogmalwarenetwork | High | 69 | Jun 2, 26 |
| URL | http://59.110.7.32:8880/api/Metadata/submit c2loadermalware | High | 68 | Jun 2, 26 |
| URL | https://notepad-plus-plus.org/news/hijacked-incident-info-update/ c2malwarenetwork | High | 68 | Jun 2, 26 |
| URL | http://59.110.7.32:8880/api/getBasicInfo/v1 c2loadermalware | High | 68 | Jun 2, 26 |
| URL | http://124.222.137.114:9999/api/Info/submit c2malwarenetwork | High | 68 | Jun 2, 26 |
IOC Relationship Graph
IOC Relationship Graph17 total IOCs
URLDomainIP