top of page
Multistage Loader used to spread AZORult and NanoCore
C45-2020-04-16-4
Indicators of Compromise (IOC) List
Indicator of Compromise (IOC) | Date Published | IOC Type |
|---|---|---|
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\ and adds the command line to leverage mshta to download the malicious next stage payload.
As a result | 16/04/2020 | Win_Registry |
4d299bee18901eb48929f3b493f65699 | 16/04/2020 | MD5 |
cd425ac433c6fa5b79eecbdd385740ab | 16/04/2020 | MD5 |
7083ee8cabbf500a3b286b8027f8f9fe | 16/04/2020 | MD5 |
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\BACKup2
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\BACKup3
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\
The fact that this VBScript ensures that a scheduled task is created and three backup Windows Registry keys are created for persistence indicates that the attacker took extra measures to ensure that the infection chain starts on the machine | 16/04/2020 | Win_Registry |
2d3b0a3369e7a33b5c3e3115d7fa5a58 | 16/04/2020 | MD5 |
b825645e1132c77550d14503974c9ea2 | 16/04/2020 | MD5 |
89e3d26cdc862e47d6c7d665135e28d6 | 16/04/2020 | MD5 |
7db36d502e4a1d35873c8a0c51bafbbf | 16/04/2020 | MD5 |
f35b21cf37fbdae346858b490a0f230a | 16/04/2020 | MD5 |
9f8db1103850e43681ea79cec06e13c7 | 16/04/2020 | MD5 |
35de5c352023db9d406a835ef7f318e5 | 16/04/2020 | MD5 |
13ae5088ae7e5ac1335a573d52befabc | 16/04/2020 | MD5 |
dc01e01fea24cf2f2a208d62e219889b | 16/04/2020 | MD5 |
7679fec5f6bf7206635b96efa52d1d07 | 16/04/2020 | MD5 |
56b4f3bc5b500d4120b55ff3dcaf1cc9 | 16/04/2020 | MD5 |
5d926bae6c76e8b86192c205c49cd195 | 16/04/2020 | MD5 |
23.81.246.150 | 16/04/2020 | IPv4 |
cc53f0a1a256678ba7d79aa475128d9c | 16/04/2020 | MD5 |
bbe077e2cd3c321427a16557d26a3438 | 16/04/2020 | MD5 |
26dd0f673b3ab628231c7b267077356cabd394b177ac78f245ec5b29b2444d6a | 16/04/2020 | SHA-256 |
4cfea775333d107ec43d621aa4c9968b | 16/04/2020 | MD5 |
16ac16400e2f1f125664b62c16be9c88 | 16/04/2020 | MD5 |
c726636d2b7f8c838f7f882071181c95 | 16/04/2020 | MD5 |
f934dc6b441789365d5aa641bbf8ef3f | 16/04/2020 | MD5 |
60221d709e0ad65bb23bd00a3977c55d | 16/04/2020 | MD5 |
23.247.102.10 | 16/04/2020 | IPv4 |
0b0b570451b699d96c70ebf400628caa | 16/04/2020 | MD5 |
216.170.114.4 | 16/04/2020 | IPv4 |
bottom of page