The 360 Threat Intelligence Center recently discovered the new CVE-2017-11882 vulnerability document used by Sea Lotus. Through the analysis of the vulnerability document and related attacks, we linked the organization's recent attacks against South Asian countries. And found a suspected "Hai Lianhua" organization in the beginning of May 2017 for a centralized attack on the domestic, combined with internal threat intelligence data, we believe that this is the organization's use of the "eternal blue" loopholes Attacks against domestic colleges and universities.
ref:https://ti.360.net/blog/articles/oceanl ... niversity/
IOCs:
5bcf16810c7ef5bce3023d0bbefb4391
a532040810d0e34a28f20347807eb89f
ref:https://ti.360.net/blog/articles/oceanl ... niversity/
IOCs:
5bcf16810c7ef5bce3023d0bbefb4391
a532040810d0e34a28f20347807eb89f