Trusted Design

Sakula Reloaded

概要

Sakula is a well known malware variant linked to several significant targeted intrusion campaigns over the past 2-3 years. This remote access toolkit has been publicly examined multiple times by the threat intelligence community. CrowdStrike has released two blog posts detailing Sakula campaigns and continues to investigate its usage. In the past two years, two campaigns of Sakula activity stand out as being particularly significant – the “French Aerospace” Campaign and the “Ironman” Campaign. In recent months, CrowdStrike has observed limited use of what appears to be a third Sakula variant.

Created: 2026-02-23

Indicators

• YARA - ae7f60ede2f4ad6567224efc2d2b10cb685530d2 -
• domain - inocnation.com -
• hostname - webmail.vipreclod.com -
• CVE - CVE-2015-5119 -
• FileHash-SHA1 - 5d201a0fb0f4a96cefc5f73effb61acff9c818e1 -
• YARA - 130ce7146596c5896cc060510bec2c2d2a4dfdfa -
• FileHash-SHA256 - c6c3bb72896f8f0b9a5351614fd94e889864cf924b40a318c79560bbbcfa372f -
• FileHash-SHA256 - ab58b6aa7dcc25d8f6e4b70a24e0ccede0d5f6129df02a9e61293c1d7d7640a2 -
• hostname - cdn.sanecat.com -
• FileHash-SHA1 - 38e21f0b87b3052b536408fdf59185f8b3d210b9 -
• domain - we11point.com -
• YARA - b5722256e2ce4af26e62eb111a158418aa64d7ca -
• YARA - 13518b0620a55bc2a4b97ec9a07fa7acc09d9560 -
• hostname - capstone.homeftp.net -
• YARA - d9da1e0553b50f47d414249c02e0aa4d60ab0970 -
• YARA - 587a751ff33b175d663f198e34e8aed4f9d41c56 -
• YARA - 9c797c5fa4e142124fa2196019015698801de1ba -
• YARA - e70409f91e4c0eb219d9394bf3076952fff442b1 -
• FileHash-SHA1 - ffb1d8ea3039d3d5eb7196d27f5450cac0ea4f34 -
• hostname - oa.ameteksen.com -
• CVE - CVE-2014-0322 -
• URL - http://www.cbppnews.com/movie.swf -
• YARA - a72bbda5b897993d87dfa427740ffa5945ba61b3 -

類似Pulses

• Sakula Malware Family (score: 0.72)
• #1020 Dissecting the Malware Involved in the INOCNATION Campaign (score: 0.64)
• Jaku Analysis of a Botnet Campaign (score: 0.61)
• BBSRAT Attacks Targeting Russian Organizations (score: 0.61)
• CrowdStrike Global Threat Intel Report 2014 (score: 0.60)

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

---

← Pulse一覧に戻る