Last active
February 4, 2026 09:01
-
-
Save DXPetti/762d9f0372029cddd817d554a4c012c2 to your computer and use it in GitHub Desktop.
Custom Indicators for Notepad++ Chrysalis Backdoor based on associated Rapid7 blog entry https://www.rapid7.com/blog/post/tr-chrysalis-backdoor-dive-into-lotus-blossoms-toolkit/
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| IndicatorType | IndicatorValue | ExpirationTime | Action | Severity | Title | Description | RecommendedActions | RbacGroups | Category | MitreTechniques | GenerateAlert | |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| FileSha256 | a511be5164dc1122fb5a7daa3eef9467e43d8458425b15a640235796006590c9 | 2027-02-01T00:00:00Z | BlockAndRemediate | Low | Notepad++ Chrysalis Backdoor file detected | A file hash associated with the Notepad++ Chrysalis Backdoor was detected | Quarantine the file and investigate the source. | SuspiciousActivity | TRUE | |||
| FileSha256 | 8ea8b83645fba6e23d48075a0d3fc73ad2ba515b4536710cda4f1f232718f53e | 2027-02-01T00:00:00Z | BlockAndRemediate | Low | Notepad++ Chrysalis Backdoor file detected | A file hash associated with the Notepad++ Chrysalis Backdoor was detected | Quarantine the file and investigate the source. | SuspiciousActivity | TRUE | |||
| FileSha256 | 2da00de67720f5f13b17e9d985fe70f10f153da60c9ab1086fe58f069a156924 | 2027-02-01T00:00:00Z | BlockAndRemediate | Low | Notepad++ Chrysalis Backdoor file detected | A file hash associated with the Notepad++ Chrysalis Backdoor was detected | Quarantine the file and investigate the source. | SuspiciousActivity | TRUE | |||
| FileSha256 | 77bfea78def679aa1117f569a35e8fd1542df21f7e00e27f192c907e61d63a2e | 2027-02-01T00:00:00Z | BlockAndRemediate | Low | Notepad++ Chrysalis Backdoor file detected | A file hash associated with the Notepad++ Chrysalis Backdoor was detected | Quarantine the file and investigate the source. | SuspiciousActivity | TRUE | |||
| FileSha256 | 3bdc4c0637591533f1d4198a72a33426c01f69bd2e15ceee547866f65e26b7ad | 2027-02-01T00:00:00Z | BlockAndRemediate | Low | Notepad++ Chrysalis Backdoor file detected | A file hash associated with the Notepad++ Chrysalis Backdoor was detected | Quarantine the file and investigate the source. | SuspiciousActivity | TRUE | |||
| FileSha256 | 9276594e73cda1c69b7d265b3f08dc8fa84bf2d6599086b9acc0bb3745146600 | 2027-02-01T00:00:00Z | BlockAndRemediate | Low | Notepad++ Chrysalis Backdoor file detected | A file hash associated with the Notepad++ Chrysalis Backdoor was detected | Quarantine the file and investigate the source. | SuspiciousActivity | TRUE | |||
| FileSha256 | f4d829739f2d6ba7e3ede83dad428a0ced1a703ec582fc73a4eee3df3704629a | 2027-02-01T00:00:00Z | BlockAndRemediate | Low | Notepad++ Chrysalis Backdoor file detected | A file hash associated with the Notepad++ Chrysalis Backdoor was detected | Quarantine the file and investigate the source. | SuspiciousActivity | TRUE | |||
| FileSha256 | 4a52570eeaf9d27722377865df312e295a7a23c3b6eb991944c2ecd707cc9906 | 2027-02-01T00:00:00Z | BlockAndRemediate | Low | Notepad++ Chrysalis Backdoor file detected | A file hash associated with the Notepad++ Chrysalis Backdoor was detected | Quarantine the file and investigate the source. | SuspiciousActivity | TRUE | |||
| FileSha256 | 831e1ea13a1bd405f5bda2b9d8f2265f7b1db6c668dd2165ccc8a9c4c15ea7dd | 2027-02-01T00:00:00Z | BlockAndRemediate | Low | Notepad++ Chrysalis Backdoor file detected | A file hash associated with the Notepad++ Chrysalis Backdoor was detected | Quarantine the file and investigate the source. | SuspiciousActivity | TRUE | |||
| FileSha256 | 0a9b8df968df41920b6ff07785cbfebe8bda29e6b512c94a3b2a83d10014d2fd | 2027-02-01T00:00:00Z | BlockAndRemediate | Low | Notepad++ Chrysalis Backdoor file detected | A file hash associated with the Notepad++ Chrysalis Backdoor was detected | Quarantine the file and investigate the source. | SuspiciousActivity | TRUE | |||
| FileSha256 | 4c2ea8193f4a5db63b897a2d3ce127cc5d89687f380b97a1d91e0c8db542e4f8 | 2027-02-01T00:00:00Z | BlockAndRemediate | Low | Notepad++ Chrysalis Backdoor file detected | A file hash associated with the Notepad++ Chrysalis Backdoor was detected | Quarantine the file and investigate the source. | SuspiciousActivity | TRUE | |||
| FileSha256 | e7cd605568c38bd6e0aba31045e1633205d0598c607a855e2e1bca4cca1c6eda | 2027-02-01T00:00:00Z | BlockAndRemediate | Low | Notepad++ Chrysalis Backdoor file detected | A file hash associated with the Notepad++ Chrysalis Backdoor was detected | Quarantine the file and investigate the source. | SuspiciousActivity | TRUE | |||
| FileSha256 | 078a9e5c6c787e5532a7e728720cbafee9021bfec4a30e3c2be110748d7c43c5 | 2027-02-01T00:00:00Z | BlockAndRemediate | Low | Notepad++ Chrysalis Backdoor file detected | A file hash associated with the Notepad++ Chrysalis Backdoor was detected | Quarantine the file and investigate the source. | SuspiciousActivity | TRUE | |||
| FileSha256 | b4169a831292e245ebdffedd5820584d73b129411546e7d3eccf4663d5fc5be3 | 2027-02-01T00:00:00Z | BlockAndRemediate | Low | Notepad++ Chrysalis Backdoor file detected | A file hash associated with the Notepad++ Chrysalis Backdoor was detected | Quarantine the file and investigate the source. | SuspiciousActivity | TRUE | |||
| FileSha256 | 7add554a98d3a99b319f2127688356c1283ed073a084805f14e33b4f6a6126fd | 2027-02-01T00:00:00Z | BlockAndRemediate | Low | Notepad++ Chrysalis Backdoor file detected | A file hash associated with the Notepad++ Chrysalis Backdoor was detected | Quarantine the file and investigate the source. | SuspiciousActivity | TRUE | |||
| FileSha256 | fcc2765305bcd213b7558025b2039df2265c3e0b6401e4833123c461df2de51a | 2027-02-01T00:00:00Z | BlockAndRemediate | Low | Notepad++ Chrysalis Backdoor file detected | A file hash associated with the Notepad++ Chrysalis Backdoor was detected | Quarantine the file and investigate the source. | SuspiciousActivity | TRUE | |||
| IpAddress | 95.179.213.0 | 2027-02-01T00:00:00Z | Block | Low | Notepad++ Chrysalis Backdoor IP Address Activity | A connection to a public IP address associated with the Notepad++ Chrysalis Backdoor was detected | Block the IP address and investigate | SuspiciousActivity | TRUE | |||
| IpAddress | 61.4.102.97 | 2027-02-01T00:00:00Z | Block | Low | Notepad++ Chrysalis Backdoor IP Address Activity | A connection to a public IP address associated with the Notepad++ Chrysalis Backdoor was detected | Block the IP address and investigate | SuspiciousActivity | TRUE | |||
| IpAddress | 59.110.7.32 | 2027-02-01T00:00:00Z | Block | Low | Notepad++ Chrysalis Backdoor IP Address Activity | A connection to a public IP address associated with the Notepad++ Chrysalis Backdoor was detected | Block the IP address and investigate | SuspiciousActivity | TRUE | |||
| IpAddress | 124.222.137.114 | 2027-02-01T00:00:00Z | Block | Low | Notepad++ Chrysalis Backdoor IP Address Activity | A connection to a public IP address associated with the Notepad++ Chrysalis Backdoor was detected | Block the IP address and investigate | SuspiciousActivity | TRUE | |||
| DomainName | api.skycloudcenter.com | 2027-02-01T00:00:00Z | Block | Low | Notepad++ Chrysalis Backdoor Domain Activity | A domain associated with the Notepad++ Chrysalis Backdoor was detected | Block the domain and investigate | SuspiciousActivity | TRUE | |||
| DomainName | api.wiresguard.com | 2027-02-01T00:00:00Z | Block | Low | Notepad++ Chrysalis Backdoor Domain Activity | A domain associated with the Notepad++ Chrysalis Backdoor was detected | Block the domain and investigate | SuspiciousActivity | TRUE |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment