DISGOMOJI Malware Used to Target Indian Government
June 18, 2024, 6:42 a.m.
Tags
External References
Description
Volexity identified a cyber-espionage campaign by a suspected Pakistan-based threat actor tracked as UTA0137 targeting government entities in India. The campaign leveraged the DISGOMOJI malware, a Golang-based Linux trojan that uses Discord for command and control via emojis. Key capabilities include data exfiltration, persistence mechanisms, and the ability to execute arbitrary commands. Volexity uncovered UTA0137's use of the DirtyPipe exploit against vulnerable BOSS Linux systems, as well as their post-exploitation tactics like network scanning and tunneling. The intrusions appear successful, highlighting UTA0137's evolving tradecraft and persistent interest in Indian targets.
Date
Published: June 18, 2024, 6:08 a.m.
Created: June 18, 2024, 6:08 a.m.
Modified: June 18, 2024, 6:42 a.m.
Indicators
fe7e7a5a1b1d634dec3fc9c6bc91c6e96ec635fece5af10cfac894fd228ca38d
fb30e5c67b92dc17d7a6e412f36d9b521842f8d7df38a00584c1362303b26655
ead993c1d537c239750e19a5700a58501dab319d5d271bf85137608448c1faa0
e89589e9ce043b28def17c91fa780322205ee08daa8b3cffe67b46bdae0e3a35
dfb72668791b4fe28884706b7756b02b951b43219e528b970ceb0369c86e3fd3
db9afd2c59f20e04db37ddd38d1e911cdb4bddf39c24e4ce7cedda4eec984604
db91e23d9715464511057f2e15c9adc97d3f27fcfa308f05ac7e2de7275fdd32
d3d5d0b210c3fc5c679419d6aa9014f62dcd60b0582cd8d544357f6420407b36
cfb9ffb83877b421e95c9a2c3f65c106b9afb42babce7ba824671f9736bf0f7c
c177361992b207575b9aeb98aad7c2d522eace7ada6f1351434dd79a921ce260
af2201af8054e8e11eef7980fe15dc62eb2b7582f4f2bab4d8256f23f6db984e
bac7e6776c120b2b5da4d171afaea26144e77ad54f7516a0325260ee020b3f52
ae59ba12ec6a42ee5b08c3e2ce91ec02071b2f5ad9338e3a19d690bd68acb860
9c1ffafe0bb4388569fed2a8d4af591ce65ae00f47793ee97c07f686c5fab100
98b24fb7aaaece7556aea2269b4e908dd79ff332ddaa5111caec49123840f364
76d9654f28bcaa713a99caa2839a572fc999a726827a0216da71ac184cee6d19
8c8ef2d850bd9c987604e82571706e11612946122c6ab089bd54440c0113968e
74e0af32c47e3bbe6becfb4027bbdcc01fbe36c92c70ce8edd676cc9aa3d6437
5ef431a481c9baeb1d8cfaf6e1c323531a57c14a5b878575b267f2f969451fdb
6c2f18f5d70f794b8826ee2575d973ddb07cbf9d15115973fe92df74079b6412
5ecbc33fe3b345f2956cff566203e33b9390a3ed9923b990a46804880ae2f59b
5821744413146654397903128fece87d7d9d71c4ade5fd40cdcf3cece2faf8f0
4ddf0c70be0b81ab44f018521f788213de2ccf72b7a7f452f327b81172014182
38e1c0ca15ed83ed27148c31a31e0b33de627519ab2929d4aa69484534589086
3d1b3ba5e1c1d1626595098f042913bc39601c80ab2c934cb994d3c053f218c5
3845877017eb07be71820e8514502a3dcd24177540591c5ce2c13aca94caa4ac
2cec6bd5e9ff046771623cfa0802cacd78b7521bf61b144e9c8dfa77d994927c
37bfa72c2820bcf9adb8707ae624452e0b769bc1c1f2a24ebb518c6e1794f3e2
2abaae4f6794131108adf5b42e09ee5ce24769431a0e154feabe6052cfe70bf3
26bf853b951e8d8ba6007e9d5c77f441faa739171e95f27f8d3851e07bc65b11
207334927fc39278e37afe124769ed980e9a8ae86b0346408af64c86a7c99e6a
1b1d1d775571232235ed6fb84413eb60593340c1c1ea3b77bd72d3b68058f55c
1cdf1f32f31e226f037fda562985e481b7aa0b809971f2e40b713b034cf1d44e
1844156b1a72a7daa8de4139175a2bdeb4bd326b9e3e1fb4dd2ae00b313b0a44
1387b77a41e5a244c03ea7f5c90a2e528abe0ed7a4e6cb659183f7112c546046
0c284271e3d90a6673d84cf6291f92f32ade7c7f760bbe135880b949b38046ee
0cb88c8b8e2969af26678df4d3c395101c49c7c808d2cb2d7a0f00f60bdddcba
0b5cf9bd917f0af03dd694ff4ce39b0b34a97c9f41b87feac1dc884a684f60ef
03666fb1c21d8a8cf38219691d2218d78eef5b00d20f26c25afde5d9e1daf80a
1e45d68106ca78f46be508427362b8ce24fdf5485c368f9369c913935cf04f99
c981aa1f05adf030bacffc0e279cf9dc93cef877f7bce33ee27e9296363cf002
9709b0876c2a291cb57aa0646f9179d29d89abb2f8868663147ab0ca4e6c501b
51a372fee89f885741515fa6fdf0ebce860f98145c9883f2e3e35c0fe4432885
1e657d3047f3534dcd4539ce54db9f5901f7e53999bae340a850cc8d2aacc33c
d9f29a626857fa251393f056e454dfc02de53288ebe89a282bad38d03f614529
179.43.175.111
www2.clawsindia.in
www.www.clawsindia.in
www.shop.clawsindia.in
www.secy-org.in
www.publicinfo.in
www.ordai.quest
www.old.clawsindia.in
www.nic-tech.in
www.mailgate.clawsindia.in
www.infosec2.in
www.esttsec.in
www.estbsec.in
www.epar-online.in
www.emailnic.online
www.emailnic-tech.email
www.dev.clawsindia.in
www.defenseinsight.in
www.coordsec2.in
www.clawsindia.in
www.certdehli.in
www.awesscholarship.in
www.awesindia.online
www.apsdelhicantt.in
www.admincoord.in
http://ordai.quest/vmcoreinfo
ww12.epar-online.in
whm.clawsindia.in
webmail.clawsindia.in
webdisk.defenseinsight.in
webdisk.estbsec.in
webdisk.clawsindia.in
test.clawsindia.in
sql.clawsindia.in
smtp.mail.clawsindia.in
shop.clawsindia.in
portal.clawsindia.in
pop3.clawsindia.in
pop.clawsindia.in
play.emailnic.online
pcda.admincoord.in
outlook.emailnic.online
old.clawsindia.in
ns1.clawsindia.in
mx4.clawsindia.in
mx10.clawsindia.in
mx0.clawsindia.in
mbox.clawsindia.in
mailrelay.clawsindia.in
mailgate.clawsindia.in
mail6.clawsindia.in
mail.clawsindia.in
m.emailnic.online
mail.defenseinsight.in
m.clawsindia.in
login.emailnic.online
localhost.clawsindia.in
lists.clawsindia.in
intranet.clawsindia.in
insight.defenseinsight.in
imap.clawsindia.in
help.clawsindia.in
gate.clawsindia.in
ftp.publicinfo.in
ftp.clawsindia.in
epar.emailnic-tech.email
email.publicinfo.in
email.parichay.online
email.gov.in.parichay.online
email.gov.in.estbsec.in
email.estbsec.in
email.emailnic.online
email.emailnic-tech.email
email.coordsec2.in
email.apsdelhicantt.in
dev.nic-tech.in
dev.clawsindia.in
dc-mx.ae172f95f2ec.defenseinsight.in
cpanel.clawsindia.in
blog.clawsindia.in
cloud.publicinfo.in
autoconfig.clawsindia.in
adfs.clawsindia.in
accounts.emailnic.online
account.emailnic.online
parichay.online
nic-tech.in
epar-online.in
emailnic.online
defenseinsight.in
certdehli.in
awesscholarship.in
apsdelhicantt.in
ordai.quest
secy-org.in
publicinfo.in
infosec2.in
esttsec.in
emailnic-tech.email
estbsec.in
coordsec2.in
clawsindia.in
awesindia.online
admincoord.in
Attack Patterns
DISGOMOJI
UTA0137
T1547.013
T1213.001
T1021.006
T1053.005
T1087.002
T1555.003
T1059.001
CVE-2024-3400
CVE-2022-0847
Additional Informations
Government
India