(1)
File Name | VDI-QUOTATION-PAYMENT.xlsx |
Created process | vbc.exe |
Connected (Ip/Dns) | secure01-redirect[.]net |
MD5 | 1325c1dc4db5e238475858c2feaa326a |
SHA256 | c84daab0159e54c17bbb8ff7c7d61111fef8588a9a540f5b5f74eb66aa1d1265 |
Family | Lokibot |
(2)
File Name | 6580579446983db99ba7f0870582a13a.exe |
Created process | 6580579446983db99ba7f0870582a13a.exe |
Connected (Ip/Dns) | hdmibonquet.ir |
MD5 | 6580579446983db99ba7f0870582a13a |
SHA256 | 69610eb2689986f31a48f809678ffbb9e1d902aaf32a7987584b79e04d9d815f |
Family | Lokibot |
(3)
File Name | REP_89419812646634117.doc |
Created process | ntvdm.exe |
Connected (Ip/Dns) | Amelano[.]net, firelabo[.]com |
MD5 | 1d6f0e7e30c1d9e3f64b0d36e602da50 |
SHA256 | 70b4dbed87a8be890a088d70057ce44413bf3a65df5c5c15d049de0b9c47ff8d |
Family | Emotet |
(4)
File Name | 64054BA3C90D329FE750F7902674DFAB229DFE61673F6.exe |
Created process | 64054BA3C90D329FE750F7902674DFAB229DFE61673F6.exe |
Connected (Ip/Dns) | Concideritdone[.]duckdns[.]org |
MD5 | 87a9c22b51822df32a2d3a64cc993d3c |
SHA256 | 64054ba3c90d329fe750f7902674dfab229dfe61673f63c96cd307708300a665 |
Family | Nanocore |
(5)
File Name | 300d7ba2-837c-4ff6-8484-fcbb7c7da8ea |
Created process | 300d7ba2-837c-4ff6-8484-fcbb7c7da8ea.exe |
Connected (Ip/Dns) | mandar78325[.]duckdns[.]org |
MD5 | b603745b1de1c4659a1f0ec481d28122 |
SHA256 | a8e7ed5bf8a9fb7def7dfc0b5ebefca9b7805dc271000ab8677f62d8679a8444 |
Family | Remcos |
(6)
File Name | 123_DVD_Ripper_v1_keygen.exe |
Created process | 123_DVD_Ripper_v1_keygen.exe |
Connected (Ip/Dns) | Kvaka[.]li |
MD5 | e58e1c2c8163932ace8234bb2da7c93b |
SHA256 | c16f0bab128a87e41be5cb095262b1d652ca24a228754d075b27d3e2991d97c2 |
Family | Azorult |
(7)
File Name | svchost.exe |
Created process | svchost.exe |
Connected (Ip/Dns) | JowaTonix976-41619[.]portmap[.]io |
MD5 | bdd1b56633a2966218849fd0d3598d93 |
SHA256 | 754bb708cf068adf1fdbcde6949f37b4a6501b66f6c5a050f23a0bae09aad40b |
Family | Avemaria |
(8)
File Name | DB4F561EC42EA2C6F0F2EEC13060C8035329625490940.exe |
Created process | DB4F561EC42EA2C6F0F2EEC13060C8035329625490940.exe |
Connected (Ip/Dns) | Creacionesfina[.]com, myp0nysite[.]ru |
MD5 | 5c3fce4f9dac1d6b0ff14eae8fa03c7b |
SHA256 | db4f561ec42ea2c6f0f2eec13060c8035329625490940006fd21630a079691df |
Family | Pony |
(9)
File Name | A bunch of shit.zip |
Created process | 2018-01-28-Seamless-campaign-Rig-EK-payload-GandCrab-ransomware.exe" |
Connected (Ip/Dns) | Nomoreransom[.]bit, gandcrab[.]bit |
MD5 | d83265f3da6386ed4628569d32759e68 |
SHA256 | 190d2b1687a04c56b2cc1ae7a4cd5ed8643867444ad09c4fee136a4374b6b737 |
Family | GandCrab |
(10)
File Name | d7635680fdef884b00183d6e6279c816.js.vir |
Created process | d7635680fdef884b00183d6e6279c816.js.vir |
Connected (Ip/Dns) | 1j1m3r3[.]kozow[.]com , wshsoft[.]company |
MD5 | d7635680fdef884b00183d6e6279c816 |
SHA256 | 2bad00a5d95151f8a72c537e066bb1d2f1f7c73dfadca31f0ec21da7935df1df |
Family | wshrat |
(11)
File Name | ee5d22a6100afb0935a51cc27ff16e833c796abce26d9ce254d66f30ab28c150.exe |
Created process | ee5d22a6100afb0935a51cc27ff16e833c796abce26d9ce254d66f30ab28c150.exe |
Connected (Ip/Dns) | 23[.]229[.]29[.]48 |
MD5 | 90a89fc585f1c79b2629c9dd8520ddb9 |
SHA256 | ee5d22a6100afb0935a51cc27ff16e833c796abce26d9ce254d66f30ab28c150 |
Family | Danabot |
Article Link: IOCs 28_11_2021