Trusted Design

New Attacks Linked to C0d0s0 Group

概要

Unit 42 discovered new activity that appears related to an adversary group previously called “C0d0so0” or “Codoso”. This group is well known for a widely publicized attack involving the compromise of Forbes.com, in which the site was used to compromise selected targets via a watering hole to a zero-day Adobe Flash exploit. Compared to other adversary groups, C0d0so0 has shown the use of more sophisticated tactics and tools and has been linked to leveraging zero-day exploits on numerous occasions in combination with watering hole and spear phishing attacks. In the newly discovered attack campaign, Unit 42 identified attacks targeting organizations within the telecommunications, high tech, education, manufacturing, and legal services industries. The attacks likely were initially delivered via spear-phishing e-mails, or as demonstrated by C0d0so0 in the past, legitimate websites that had been previously compromised then used as watering holes for the selected victims.

Created: 2026-02-23

Indicators

• FileHash-SHA256 - 02cf5c244aebaca6195f45029c1e37b22495609be7bdfcfcd79b0c91eac44a13 -
• YARA - 16df60bb9170b1efff749d48d98ba3de5941fd59 -
• FileHash-SHA256 - de33dfce8143f9f929abda910632f7536ffa809603ec027a4193d5e57880b292 -
• FileHash-MD5 - cd8c2bb644496d46bf1e91ad8a8f882b -
• FileHash-SHA256 - ccf87057a4ab02e53bff5828d779a6e704b040aef863f66e8f571638d7d50cd2 -
• hostname - www.jbossas.org -
• FileHash-SHA256 - b631553421aa17171cc47248adc110ca2e79eff44b5e5b0234d69b30cab104e3 -
• YARA - 327ccb62f6c43eb39a9f04d4ca12ff74450aad34 -
• YARA - 003c2b6781d152d90d7a7a51649b63a39e99aff6 -
• YARA - 664f8978ee0dfa5898c0f395f9ffb7c55cd5f2d2 -
• FileHash-MD5 - b06a3a9744e9d4c059422e7ad729ef90 -
• YARA - 3952d0b01e1e32b01e93b5b14fb0f6eadeb393e6 -
• FileHash-SHA256 - 934b87ddceabb2063b5e5bc4f964628fe0c63b63bb2346b105ece19915384fc7 -
• FileHash-SHA256 - de984eda2dc962fde75093d876ec3fe525119de841a96d90dc032bfb993dbdac -
• YARA - e379868637313a8016b21ea98489217f966b9ead -
• YARA - c6b62055000c6bdd78f1e440e5ce52ffaea61659 -
• FileHash-SHA256 - d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297 -
• FileHash-SHA1 - f6aee373f2517f2fb686284c27a84a20999a15a5 -
• FileHash-SHA256 - 8a56b476d792983aea0199ee3226f0d04792b70a1c1f05f399cb6e4ce8a38761 -
• FileHash-SHA1 - 380fb5278907faf3fca61910f7ed9394b2337eda -
• FileHash-SHA1 - f7984427093ba1fc08412f8594944cefe2d86cbf -
• FileHash-SHA256 - ce91ea20aa2e6af79508dd0a40ab0981f463b4d2714de55e66d228c579578266 -
• hostname - www.microsoft-cache.com -
• FileHash-SHA1 - 9ba2249f0a8108503820e2d9c8cbff941089cb2d -
• URL - http://210.181.184.64/example/McAltLib.dll -
• FileHash-SHA256 - ea67d76e9d2e9ce3a8e5f80ff9be8f17b2cd5b1212153fdf36833497d9c060c0 -
• FileHash-SHA256 - d66106ec2e743dae1d71b60a602ca713b93077f56a47045f4fc9143aa3957090 -
• FileHash-SHA1 - cc6ebeea48a12b396c5fa797e595a0c3b96942de -
• FileHash-SHA1 - 615b022a56e2473b92c22efa9198a2210f21bdc3 -
• FileHash-SHA1 - b630b7a8fe065e1a6f51ee74869b3938dc411126 -
• hostname - www.supermanbox.org -
• YARA - 906fbd7e5b8d09c3e60a13b0ecb913cf00bc60f1 -
• hostname - mail-news.eicp.net -
• FileHash-MD5 - 26e863f917da0b3f7a48304eb6d1b1d3 -
• FileHash-SHA256 - 74e1e83ac69e45a3bee78ac2fac00f9e897f281ea75ed179737e9b6fe39971e3 -
• FileHash-SHA256 - 130abb54112dd47284fdb169ff276f61f2b69d80ac0a9eac52200506f147b5f8 -
• FileHash-SHA256 - 3ea6b2b51050fe7c07e2cf9fa232de6a602aa5eff66a2e997b25785f7cf50daa -
• FileHash-SHA256 - b2950f2e09f5356e985c38b284ea52175d21feee12e582d674c0da2233b1feb1 -
• FileHash-SHA256 - e770a298ae819bba1c70d0c9a2e02e4680d3cdba22d558d21caaa74e3970adf1 -
• FileHash-SHA256 - 126fbdcfed1dfb31865d4b18db2fb963f49df838bf66922fea0c37e06666aee1 -
• FileHash-SHA256 - 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8 -
• FileHash-SHA256 - bf52ca4d4077ae7e840cf6cd11fdec0bb5be890ddd5687af5cfa581c8c015fcd -
• YARA - c0a0bf386e0ff52cd76cf3445ca471b378564d10 -
• FileHash-SHA256 - 4b16f6e8414d4192d0286b273b254fa1bd633f5d3d07ceebd03dfdfc32d0f17f -
• FileHash-MD5 - 39a95c4cbf28eaa534c8f4fc311fe558 -
• FileHash-SHA256 - 41a936b0d1fd90dffb2f6d0bcaf4ad0536f93ca7591f7b75b0cd1af8804d0824 -
• YARA - b3d771613011c3ac9f490a09f7b5fb997b00032d -
• FileHash-SHA256 - 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 -
• FileHash-SHA256 - 3577845d71ae995762d4a8f43b21ada49d809f95c127b770aff00ae0b64264a3 -
• YARA - f9ab0f6e308c504bcc48b8e60d6d282beb6a16a7 -
• FileHash-MD5 - 2161c859b21c1b4b430774df0837da9d -
• FileHash-SHA256 - 13bce64b3b5bdfd24dc6f786b5bee08082ea736be6536ef54f9c908fd1d00f75 -
• FileHash-SHA256 - b9510e4484fa7e3034228337768176fce822162ad819539c6ca3631deac043eb -
• FileHash-SHA256 - bc0b885cddf80755c67072c8b5961f7f0adcaeb67a1a5c6b3475614fd51696fe -
• FileHash-SHA256 - 448711bd3f689ceebb736d25253233ac244d48cb766834b8f974c2e9d4b462e8 -
• FileHash-SHA256 - b95d7f56a686a05398198d317c805924c36f3abacbb1b9e3f590ec0d59f845d8 -
• YARA - 544a0d31fe6e13157941d1a5fda25476ba8983f2 -
• FileHash-SHA256 - b690394540cab9b7f8cc6c98fd95b4522b84d1a5203b19c4974b58829889da4c -
• FileHash-SHA256 - 0b8cbc9b4761ab35acce2aa12ba2c0a283afd596b565705514fd802c8b1e144b -
• FileHash-SHA256 - 58334eb7fed37e3104d8235d918aa5b7856f33ea52a74cf90a5ef5542a404ac3 -
• FileHash-MD5 - 1cb673679f37b6a3f482bb59b52423ab -
• YARA - 629c1de77c6bc6f76a69d4153ab90fce2721e0bf -
• YARA - c5a6377c52bddde5554553c497682db106c78ffd -
• URL - http://42.200.18.194/example/McAltLib.dll -
• YARA - daf1c614dc6ce0b5f223780299bb7aa7cc4af612 -
• FileHash-MD5 - 8afecc8e61fe3805fdd41d4591710976 -
• URL - http://218.54.139.20/example/McAltLib.dll -
• YARA - a2e534c94a563991c628c927474a70ef822e7897 -
• FileHash-SHA256 - fd22547497ce52049083092429eeff0599d0b11fe61186e91c91e1f76b518fe2 -

類似Pulses

• Chinese Actors attacks on US Government and EU Media (score: 0.70)
• New Spear Phishing Campaign Pretends to be EFF (score: 0.70)
• Forbes.com Waterhole Attack (score: 0.68)
• New Sofacy Attacks Against US Government Agency (score: 0.66)
• Multiple Chinese APT Groups Quickly Use Flash Zero-Day (score: 0.66)

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

---

← Pulse一覧に戻る