{
  "name": "Eight Arms to Hold You: The Cuttlefish Malware",
  "slug": "eight-arms-to-hold-you-the-cuttlefish-malware",
  "description": "The Black Lotus Labs team at Lumen Technologies is tracking a malware platform named Cuttlefish, targeting enterprise-grade small office/home office (SOHO) routers. This modular malware primarily steals authentication material from web requests transiting the router. It can also perform DNS and HTTP hijacking for connections to private IP spaces on internal networks. Cuttlefish overlaps with a previously reported activity cluster called HiatusRat, potentially linked to the interests of the People's Republic of China. While there is code overlap, shared victimology has not been observed between these two malware families.",
  "published": "2024-05-02T11:50:55+00:00",
  "created_at": "2024-05-02T11:50:55+00:00",
  "modified_at": "2024-05-02T12:17:42+00:00",
  "created_at_opencti": "2024-05-02T11:50:55+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "bash",
    "cuttlefish",
    "hiatusrat",
    "hijacking",
    "infostealer"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "36.75.75.75"
      },
      {
        "id": "",
        "name": "138.112.25.25"
      },
      {
        "id": "",
        "name": "123.181.24.36"
      },
      {
        "id": "",
        "name": "1.13.16.45"
      },
      {
        "id": "",
        "name": "209.141.49.178"
      },
      {
        "id": "",
        "name": "205.185.122.121"
      },
      {
        "id": "",
        "name": "198.98.56.93"
      },
      {
        "id": "",
        "name": "107.189.28.251"
      },
      {
        "id": "",
        "name": "71.162.181.51"
      },
      {
        "id": "",
        "name": "pp.kkthreas.com"
      },
      {
        "id": "",
        "name": "kkthreas.com"
      },
      {
        "id": "",
        "name": "fadsdsdasaf2233.com"
      },
      {
        "id": "",
        "name": "e48c250c47dd071dcee984a8e9f27b170004ff81c3f0da6a50364fdecf800fd3"
      },
      {
        "id": "",
        "name": "eb7a7ab952080f66c82fe8350da131ce0d7766f203bd4d97b0798b4f59283a27"
      },
      {
        "id": "",
        "name": "cfd134523be5498a192b212202746300d68da44965f465225b7e6a2fe1d9d296"
      },
      {
        "id": "",
        "name": "b7915c43908a85e0430fa98cb0a08b24cfd3812662be1affa4ed9e135a31fb1e"
      },
      {
        "id": "",
        "name": "a7de324a92f54ac30035e27a80a97329d30e21315f948cea636298b011998e90"
      },
      {
        "id": "",
        "name": "9b736c8555bdbb27498edcf5b074ed33b792e99436a2bb5691beb96d1d141365"
      },
      {
        "id": "",
        "name": "99d5cf32f8198e99c530be4f5e05487e280bacdb8ef26aaf38dc20e301aad75f"
      },
      {
        "id": "",
        "name": "94812d391160e4fce821701b944cfd8f5fd9454b3cbb8e8974d1dc259310e500"
      },
      {
        "id": "",
        "name": "7e1d0ba01333479be1ddeb56de94e15204776245431480f59cd98f45ba956530"
      },
      {
        "id": "",
        "name": "73cf20675639c18c04381b5efd7d628736d149734280988f55358e301c1d9bb8"
      },
      {
        "id": "",
        "name": "70693211cd0b14a7463b39b2fa801ce1fdefc85c7f3e003772d1b4deeb78efde"
      },
      {
        "id": "",
        "name": "6295d5cb21c441066d2da81a76440bcac9bd5a7830fc9faea9668bd0b2015046"
      },
      {
        "id": "",
        "name": "44b769be0c2a807082a9bfd2f33fdc744552c5c7ca88a812ef4bd0393a50f132"
      },
      {
        "id": "",
        "name": "4aa23fbdc27d317c6e54481b6d884b962adf6e691a4731c859ddaf9af09822c6"
      },
      {
        "id": "",
        "name": "3d9ee05c0841ad65547c0cc8516d092cff48dad5e7bbf97c99ddd44ee94a24bc"
      },
      {
        "id": "",
        "name": "37537ac2c4c60a67e92d5badae04f7f9115e97a67199b6f2c0010620c3eb0594"
      },
      {
        "id": "",
        "name": "2f0911fb892d448910c36a37c9fbdec8c73ccfecc274854b1fa053fb1cc2369b"
      },
      {
        "id": "",
        "name": "2ed174523bd80a93b7d09940d375f9c0d71e1ce8ecffb2320e02a78f4b601408"
      },
      {
        "id": "",
        "name": "263074f7312146f3275af64adbc5d02a618ed193ac84951c529ce8c367fb76e6"
      },
      {
        "id": "",
        "name": "23c2e7ff2602e5f76b3f2c354761ef39966facb3b12ed05551816f482d4d5608"
      },
      {
        "id": "",
        "name": "172212750bb3f4708a728d1d48ade3d6dd503d2892d4cc72d1719c06d5a1f4a8"
      },
      {
        "id": "",
        "name": "1168e97ccf61600536e93e9c371ee7671bae4198d4bf566550328b241ec52e89"
      },
      {
        "id": "",
        "name": "10a4edbbb852a1b01fc6fbf0aa1407bc8589432bddb2001ae62702f18d919e89"
      },
      {
        "id": "",
        "name": "0dfde136c06636f2055153af4ad5f9bc2ed0ed2c055dde1fdbe82f866d0ebbac"
      },
      {
        "id": "",
        "name": "0a08579e3416dc3cdd80c215b8fb94d86a0bb42c8c733530850417cffd6bde38"
      },
      {
        "id": "",
        "name": "07df37d8168e911b189bbe0912b4842fa1fe48d5264e99738ad3247f9c818478"
      },
      {
        "id": "",
        "name": "f226bf37af9c33162063db3eb018fed7f088f86d0a20ca54c013fda96c7f2e05"
      },
      {
        "id": "",
        "name": "82c569b93da5c18ed649ebd4c2c79437db4611a6a1373e805a3cb001c64130b7"
      }
    ],
    "malware": [
      {
        "id": "39ff8080-7aba-4ba4-9edc-ca4a17308093",
        "name": "Cuttlefish",
        "slug": "cuttlefish"
      },
      {
        "id": "legacy:malware:219a94662d2b0f84",
        "name": "HiatusRat",
        "slug": "hiatusrat"
      }
    ],
    "attack_patterns": [
      {
        "id": "fa5d98a2-f22c-4fc2-9995-3891dd5839dc",
        "name": "T1504"
      },
      {
        "id": "974c830f-44ef-4037-a4f8-c0aa492a78de",
        "name": "T1600"
      },
      {
        "id": "ab179192-1c1a-4b7d-9792-b608a9459b71",
        "name": "T1591"
      },
      {
        "id": "1e043fe4-2413-4b8e-887c-0fe45d095a24",
        "name": "T1583"
      },
      {
        "id": "232fbdfa-94c6-443d-b575-373e75b4f4c2",
        "name": "T1567"
      },
      {
        "id": "3245033a-53c4-454c-873a-fb653af0bf8a",
        "name": "T1552"
      },
      {
        "id": "a72b6e11-a5d5-4f5a-8f0d-8861e90c34f7",
        "name": "T1555"
      },
      {
        "id": "74d5f31c-5e2d-4aed-b8b9-4fabdde76dfa",
        "name": "T1598"
      },
      {
        "id": "c473a756-355a-42ad-a0df-cd3a8fa006d1",
        "name": "T1057"
      },
      {
        "id": "fa3b8b48-d97c-4242-83a6-07d435a5a79e",
        "name": "T1041"
      }
    ],
    "others": [
      {
        "id": "",
        "name": "United States of America"
      }
    ]
  },
  "external_refs": [
    "https://github.com/blacklotuslabs/IOCs/blob/main/Cuttlefish_IOCs.txt",
    "https://blog.lumen.com/eight-arms-to-hold-you-the-cuttlefish-malware/",
    "https://otx.alienvault.com/pulse/66339a3fb48f836792b3116a"
  ]
}