Trusted Design

Wild Neutron – Economic espionage threat actor returns

概要

A powerful threat actor known as “Wild Neutron” (also known as “Jripbot” and “Morpho“) has been active since at least 2011, infecting high profile companies for several years by using a combination of exploits, watering holes and multi-platform malware. The latest round of attacks in 2015 uses a stolen code signing certificate belonging to Taiwanese electronics maker Acer and an unknown Flash Player exploit. Wild Neutron hit the spotlight in 2013, when it successfully infected companies such as Apple, Facebook, Twitter and Microsoft. This attack took advantage of a Java zero-day exploit and used hacked forums as watering holes. The 2013 incident was highly publicized and, in the aftermath, the threat actor went dark for almost one year.

Created: 2026-02-23

Indicators

• hostname - fw.ddosprotected.eu -
• FileHash-SHA256 - 4bd548fe07b19178281edb1ee81c9711525dab03dc0b6676963019c44cc75865 -
• hostname - find.a-job.today -
• FileHash-SHA256 - 8ca7ed720babb32a6f381769ea00e16082a563704f8b672cb21cf11843f4da7a -
• hostname - adb.strangled.net -
• hostname - app.cloudprotect.eu -
• YARA - ae35c2b77351ba2d8f6e82996ff21cd60055994e -
• YARA - a48a7ba3b4b1ebe56817262eb1696d0d39555cab -
• FileHash-MD5 - 48319e9166cda8f605f9dce36f115bc8 -
• YARA - 59c1eb628ecc6a76e4b7c3a1e8d091aba4590536 -
• hostname - img.digitalinsight-ltd.com -
• FileHash-MD5 - 14ba21a3a0081ef60e676fd4945a8bdc -
• hostname - fb.clust12-akmai.net -
• hostname - ads.digitalinsight-ltd.com -
• hostname - logs.cloudprotect.eu -
• Mutex - _Winlogon_TCP_Service -
• FileHash-SHA256 - 1604e36ccef5fa221b101d7f043ad7f856b84bf1a80774aa33d91c2a9a226206 -
• Mutex - Global\LnrRTPDispatchEvents -
• hostname - min.liveanalytics.org -
• domain - corp-aapl.com -
• FileHash-MD5 - f0fff29391e7c2e7b13eb4a806276a84 -
• FileHash-SHA256 - 781eb1e17349009fbae46aea5c59d8e5b68ae0b42335cb035742f6b0f4e4087e -
• hostname - ssl.cloudprotect.eu -
• FileHash-SHA256 - 8d80f9ef55324212759f4b6070cb8fce18a008ae9dd8b9598553206654d13a6f -
• domain - fbcbn.net -
• YARA - 765b9001049e1e8712fbed506b77927f70a7c0a8 -
• FileHash-MD5 - 1f5f5db7b15fe672e8db091d9a291df0 -
• FileHash-SHA256 - c2c761cde3175f6e40ed934f2e82c76602c81e2128187bab61793ddb3bc686d0 -
• YARA - f31aa7386347a71c19a6eae1bab0a57f7173e101 -
• FileHash-SHA256 - 2b5065a3d0e0b8252a987ef5f29d9e1935c5863f5718b83440e68dc53c21fa94 -
• YARA - a85cb4aade4d2469b1511ee3733dc2f7338564c6 -
• FileHash-MD5 - 95ffe4ab4b158602917dd2a999a8caf8 -
• CVE - CVE-2012-3213 -
• hostname - cryptomag.mediasource.ch -
• hostname - cache.cloudbox-storage.com -
• YARA - 9b86b0f3051c8922ecfb1b07c5fc153d98482efb -
• YARA - a4acc7b763c05016ff8396430749ad00ab02c92f -
• FileHash-SHA256 - 1d3bdabb350ba5a821849893dabe5d6056bf7ba1ed6042d93174ceeaa5d6dad7 -
• YARA - ce80ddbc7efc1d32edc5d096339c753bfc651406 -
• FileHash-MD5 - 1582d68144de2808b518934f0a02bfd6 -
• hostname - ww1.jdk-update.com -
• hostname - ssl.updatesoft.eu -
• FileHash-MD5 - 342887a7ec6b9f709adcb81fef0d30a3 -
• FileHash-MD5 - dee8297785b70f490cc00c0763e31b69 -
• FileHash-MD5 - 0fa3657af06a8cc8ef14c445acd92c0f -
• FileHash-SHA256 - 758e6b519f6c0931ff93542b767524fc1eab589feb5cfc3854c77842f9785c92 -
• hostname - pop.digitalinsight-ltd.com -
• FileHash-SHA256 - 683f5b476f8ffe87ec22b8bab57f74da4a13ecc3a5c2cbf951999953c2064fc9 -
• FileHash-MD5 - ee24a7ad8d137e54b854095188de0bbf -
• YARA - f9e90099324cff2094bc7e88c587d6d6e9b2a26c -
• FileHash-SHA256 - a14d31eb965ea8a37ebcc3b5635099f2ca08365646437c770212d534d504ff3c -
• FileHash-SHA256 - b4005530193bc523d3e0193c3c53e2737ae3bf9f76d12c827c0b5cd0dcbaae45 -
• FileHash-MD5 - 088472f712d1491783bbad87bcc17c48 -
• hostname - drfx.chickenkiller.com -
• URL - http://fw.ddosprotected.eu:80 -
• YARA - ba959767a42d81c04c0ab12ac9e30cd5d8461be9 -

類似Pulses

• CVE-2015-5122 Exploited in Strategic Web Compromise (score: 0.62)
• Angler, Nuclear Exploit Kits Integrate Pawn Storm Flash Exploit (score: 0.60)
• Darkhotel’s attacks in 2015 (score: 0.60)
• BBSRAT Attacks Targeting Russian Organizations (score: 0.59)
• Operation Clandestine Wolf – Adobe Flash Zero-Day APT3 Phishing (score: 0.58)

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

---

← Pulse一覧に戻る