Actors
Naming registry
Threats
Is my stack targeted?
Campaigns
Track campaigns
Compare
Attribution by source
Search
Full text search
confirmed

Operation Cloud Hopper

Sustained campaign targeting managed service providers to gain access to client networks across multiple sectors and countries simultaneously. One of the largest known cyber espionage operations.

Start date
1 January 2016
End date
31 December 2018
Techniques
28

Indicators of compromise

100
40 sha25626 sha126 md58 domain

Attributed actors

menuPass· primaryAPT10· primary

Targeting

Sectors

technologygovernmentdefencehealthcarefinance

Regions

North AmericaEuropeAsia Pacific

Techniques (28)

collection1
T1560.001Archive via Utility
command-and-control4
T1573.001Symmetric Cryptography
T1090.001Internal Proxy
T1105Ingress Tool Transfer
T1071.001Web Protocols
credential-access1
T1003.001LSASS Memory
defense-impairment2
T1574.002DLL Side-Loading
T1070.001Clear Windows Event Logs
discovery3
T1057Process Discovery
T1082System Information Discovery
T1083File and Directory Discovery
execution3
T1059.003Windows Command Shell
T1059.001PowerShell
T1053.005Scheduled Task
exfiltration1
T1041Exfiltration Over C2 Channel
initial-access4
T1078Valid Accounts
T1199Trusted Relationship
T1566.001Spearphishing Attachment
T1190Exploit Public-Facing Application
lateral-movement3
T1021.001Remote Desktop Protocol
T1021.002SMB/Windows Admin Shares
T1550.002Pass the Hash
persistence5
T1078Valid Accounts
T1547.001Registry Run Keys / Startup Folder
T1574.002DLL Side-Loading
T1543.003Windows Service
T1053.005Scheduled Task
privilege-escalation6
T1078Valid Accounts
T1547.001Registry Run Keys / Startup Folder
T1574.002DLL Side-Loading
T1055Process Injection
T1543.003Windows Service
T1053.005Scheduled Task
stealth5
T1078Valid Accounts
T1140Deobfuscate/Decode Files or Information
T1070.004File Deletion
T1055Process Injection
T1027Obfuscated Files or Information

Indicators of compromise (100)

SHA126
aee17dbab01ed334bb94506fcbc2ed259242159econfirmed
7cace2e51e8ecc5ddb9720a8dc9e1f3596fe343bconfirmed
df8f49a3fdf8a9d550b22d65d21a8006ff593ac4confirmed
42d5c9c4c02e6d5c88ec0acce72327389a92f0d7confirmed
2c1b42e8c8acea5082275b6ea5f5c64ebaf4fa30confirmed
741e955a9e458a70b5c085b3bfba800fdfb4ccdeconfirmed
b1043250c499ccf0ad56a688ccce662f42386869confirmed
b966657d35bba9416775d320bb87086001995bbeconfirmed
256b8c23e55402cd5a83d19d6bd4c9f41ded187aconfirmed
83d419bc812d08c9d09baa49a4313a81eda54702confirmed
68e3f80012a78518ddbde055b5e42dd4d82e58e5confirmed
56d6c3ffa4f3d5ae742f937fae85f0995814cf90confirmed
aaee7385b2c836e9d3e14812807f911c2144a894confirmed
16d0795e4864f67acbb1ae2ce76eb16445dae4b5confirmed
2d0ee3b718ec4e391753616853286c22be7bf521confirmed
1f412a62f50ff71f0b2b2f54aaa980962ebfd8a4confirmed
b23d698df6594f690f3462e238e1e9f2ec029bbfconfirmed
de5af856804974ba3df03928fff03447e8f4c9c2confirmed
a954a3f20ef8065d98d9e3a3c5ae254e27c63bf6confirmed
4132068417bcbffec16ac655a14f29aa74189fcbconfirmed
69620adf44795ee5293ce301cd3d70045e332bbfconfirmed
16a046d2557cc6377d713e21f14f1ebea7128419confirmed
56126b1c19c1121c0f5065204ef5cc4633079b98confirmed
466bebb26375db4236a2864028414d48cdf01e62confirmed
2d5c5e210c7db4ba6012bd761154db0d1f5cd658confirmed
a91669bb4dcb713e997ddf98417730de78cb990aconfirmed
SHA25640
9f01dd2b19a1032e848619428dd46bfeb6772be2e78b33723d2fa076f1320c57confirmed
fadf362a52dcf884f0d41ce3df9eaa9bb30227afda50c0e0657c096baff501f0confirmed
7eeaa97d346bc3f8090e5b742f42e8900127703420295279ac7e04d06ebe0a04confirmed
efa0b414a831cbf724d1c67808b7483dec22a981ae670947793d114048f88057confirmed
b20ce00a6864225f05de6407fac80ddb83cd0aec00ada438c1e354cdd0d7d5dfconfirmed
9edf191c6ca1e4eddc40c33e2a2edf104ce8dfff37b2a8b57b8224312ff008feconfirmed
f0002b912135bcee83f901715002514fdc89b5b8ed7585e07e482331e4a56c06confirmed
2965c1b6ab9d1601752cb4aa26d64a444b0a535b1a190a70d5ce935be3f91699confirmed
e90064884190b14a6621c18d1f9719a37b9e5f98506e28ff0636438e3282098bconfirmed
312dc69dd6ea16842d6e58cd7fd98ba4d28eefeb4fd4c4d198fac4eee76f93c3confirmed
a6b6c66735e5e26002202b9d263bf8c97e278f6969c141853857000c8d242d24confirmed
4cc0adf4baa1e3932d74282affb1a137b30820934ad4f80daceec712ba2bbe14confirmed
dcff19fc193f1ba63c5dc6f91f00070e6912dcec3868e889fed37102698b554bconfirmed
f251485a62e104dfd8629dc4d2dfd572ebd0ab554602d682a28682876a47e773confirmed
e6ecb146f469d243945ad8a5451ba1129c5b190f7d50c64580dbad4b8246f88econfirmed
412120355d9ac8c37b5623eea86d82925ca837c4f8be4aa24475415838ecb356confirmed
66e677b081e0361020cda4f218a501497faad1f6c0897f26c25ca51c4a5dad40confirmed
f1ca9998ca9078c27a6dab286dfe25fcdfb1ad734cc2af390bdcb97da1214563confirmed
cb0c8681a407a76f8c0fd2512197aafad8120aa62e5c871c29d1fd2a102bc628confirmed
ae6b45a92384f6e43672e617c53a44225e2944d66c1ffb074694526386074145confirmed
bc2f07066c624663b0a6f71cb965009d4d9b480213de51809cdc454ca55f1a91confirmed
fd6a956a7708708cddff78c8505c7db73d7c4e961da8a3c00cc5a51171a92b7bconfirmed
5412cddde0a2f2d78ec9de0f9a02ac2b22882543c9f15724ebe14b3a0bf8cbdaconfirmed
44a7bea8a08f4c2feb74c6a00ff1114ba251f3dc6922ea5ffab9e749c98cbdceconfirmed
c21eaadf9ffc62ca4673e27e06c16447f103c0cf7acd8db6ac5c8bd17805e39dconfirmed
6605b27e95f5c3c8012e4a75d1861786fb749b9a712a5f4871adbad81addb59econfirmed
d26dae0d8e5c23ec35e8b9cf126cded45b8096fc07560ad1c06585357921eeedconfirmed
76721d08b83aae945aa00fe69319f896b92c456def4df5b203357cf443074c03confirmed
c6b8ed157eed54958da73716f8db253ba5124a0e4b649f08de060c4aa6531afcconfirmed
2c71eb5c781daa43047fa6e3d85d51a061aa1dfa41feb338e0d4139a6dfd6910confirmed
92dbbe0eff3fe0082c3485b99e6a949d9c3747afa493a0a1e336829a7c1faafbconfirmed
316e89d866d5c710530c2103f183d86c31e9a90d55e2ebc2dda94f112f3bdb6dconfirmed
6392e0701a77ea25354b1f40f5b867a35c0142abde785a66b83c9c8d2c14c0c3confirmed
5961861d2b9f50d05055814e6bfd1c6291b30719f8a4d02d4cf80c2e87753fa1confirmed
45d804f35266b26bf63e3d616715fc593931e33aa07feba5ad6875609692efa2confirmed
6c7e85e426999579dd6a540fcd827b644a79cda0ad50211d585a0be513571586confirmed
4521a74337a8b454f9b80c7d9e57b4c9580567f84e513d9a3ce763275c55e691confirmed
19aa5019f3c00211182b2a80dd9675721dac7cfb31d174436d3b8ec9f97d898bconfirmed
e88f5bf4be37e0dc90ba1a06a2d47faaeea9047fec07c17c2a76f9f7ab98acf0confirmed
9a6692690c03ec33c758cb5648be1ed886ff039e6b72f1c43b23fbd9c342ce8cconfirmed
MD526
b0649c1f7fb15796805ca983fd8f95a3confirmed
5a78974df88ab6a67bb72a5c7a437fb2confirmed
23d03ee4bf57de7087055b230dae7c5bconfirmed
83ddbc17900e325f6a0f7ebf375c8c1bconfirmed
0f6b00b0c5a26a5aa8942ae356329945confirmed
8a93859e5f7079d6746832a3a22ff65cconfirmed
3afa9243b3aeb534e02426569d85e517confirmed
ca9644ef0f7ed355a842f6e2d4511546confirmed
37c89f291dbe880b1f3ac036e6b9c558confirmed
8ece7de82e1bdd4659a122c06ea9533econfirmed
4f505ca0ea4540e6662def1c1ddadd03confirmed
850a7e877d8e68188714ff5344f6fc15confirmed
e975d5b29d988929e5ad3a8fa19083d1confirmed
1d0105cf8e076b33ed499f1dfef9a46bconfirmed
684888079aaf7ed25e725b55a3695062confirmed
07abd6583295061eac2435ae470eff78confirmed
f586edd88023f49bc4f9d84f9fb6bd7dconfirmed
f5744d72c6919f994ff452b0e758ffeeconfirmed
d316848ce47c098ccfe72aa7311aaffaconfirmed
19610f0d343657f6842d2045e8818f09confirmed
0c0a39e1cab4fc9896bdf5ef3c96a716confirmed
667989ffa5e77943f3384e78adf93510confirmed
f6264ad9ce8757e5d40a4050ae1f6f9cconfirmed
c1cb28327d3364768d1c1e4ce0d9bc07confirmed
19417f7551bc54db6783823325557773confirmed
472b1710794d5c420b9d921c484ca9e8confirmed
DOMAIN8
nunluck.re26.comconfirmed
contractus.qpoe.comconfirmed
cvnx.zyns.comconfirmed
yahoo.incloud-go.comconfirmed
msn.incloud-go.comconfirmed
www.mseupdate.ourhobby.comconfirmed
inspgon.re26.comconfirmed
apple.cmdnetview.comconfirmed