Cisco Talos Intelligence Group - Comprehensive Threat Intelligence ...

C45-2022-01-12-7

Indicators of Compromise (IOC) List

Indicator of Compromise (IOC)	Date Published	IOC Type
574b348f67921ce34f660afe2ff75d0538bd5ea203739a77479dba7f026f0476	12/01/2022	SHA-256
48951f6847400dd39cba2f5ba0376e08bb4b7e36a4c3567792289734758b7bf9	12/01/2022	SHA-256
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId to fingerprint the victim	12/01/2022	Win_Registry
c8dec500839b3698755d9304442aa9f3516218b7c6340e2b1202dbe83089ab1d	12/01/2022	SHA-256
7257729274b6ab5c1a605900fa40b2a76f386b3dbb3c0f4ab29e85b780eaef73	12/01/2022	SHA-256
be02ba931ff61e5fb9ea332d41cf347d12fc84b4557ad28d82d2b2551406e4da	12/01/2022	SHA-256
194.156.90.26	12/01/2022	IPv4
b7f3d1dd2aa804eb498480b7a3b03ea003efb665005e844e51be5b8ab9dc8e79	12/01/2022	SHA-256
28ef1f6f0d8350a3fda0f604089288233d169946fca868c074fc16541b140055	12/01/2022	SHA-256
5d7a0823b291315c81e35ed0c7ca7c81c6595c7ca9e5ebf0f56993a02d77c1f2	12/01/2022	SHA-256
13.78.209.105	12/01/2022	IPv4
HKEY_CURRENT_USER\Software\NETwIRe\HostId	12/01/2022	Win_Registry
8ffde50491ef1cfc93f417b731186a08fb6c3e5aad21f131a60b87936bd3f850	12/01/2022	SHA-256
bffb4b88ef53beb49ba2af08212870b203a29c7fcd1c8f02e0a905e71a8af6df	12/01/2022	SHA-256
1490f6303a675ded86c22841f87868c6f0867e922671e0426f499e46a72060d2	12/01/2022	SHA-256
52.27.15.250	12/01/2022	IPv4
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run	12/01/2022	Win_Registry
2605a1cb2b510612119fdb0e62b543d035ad4f3c873d0f5a7aa3291968c50bc8	12/01/2022	SHA-256
HKEY_CURRENT_USER\Software\NETwIRe\Install Date	12/01/2022	Win_Registry
dfdb008304c3c2a5ec1528fe113e26088b6118c27e27e5d456ff39d300076451	12/01/2022	SHA-256
137.135.65.29	12/01/2022	IPv4
23.102.1.5	12/01/2022	IPv4
103.151.123.194	12/01/2022	IPv4
c8c69f36f89061f4ce86b108c0ff12ade49d665eace2d60ba179a2341bd54c40	12/01/2022	SHA-256
98e3e47c326aeb2e6001efca84737ae0ef78ce3576912aebfcbe05105db3f72a	12/01/2022	SHA-256
64.188.16.134	12/01/2022	IPv4
988c1b9c99f74739edaf4e80ecaba04407e0ca7284f3dbd13c87a506bf0e97b7	12/01/2022	SHA-256
ff66be4a8df7bd09427a53d2983e693489fbe494edd0244053b29b9f048df136	12/01/2022	SHA-256
185.249.196.175	12/01/2022	IPv4
52.150.26.35	12/01/2022	IPv4
1.2.2.0	12/01/2022	IPv4
5518f5e20b27a4b10ebc7abce37c733ab532354b5db6aed7edf19c25caba2ff3	12/01/2022	SHA-256
843c5f7a818681e3df212c80515cdce0bd56c6e178412736b8a22b15ebb35435	12/01/2022	SHA-256
959484bfe98d39321a877e976a7cde13c9e2d0667a155dda17aeade58b68391c	12/01/2022	SHA-256
4b61697d61a8835a503f2ea6c202b338bde721644dc3ec3e41131d910c657545	12/01/2022	SHA-256
1dd6d37553168fa3929f5eaa5b2b0505aae5897809b532dd0b12eae8ffd8957f	12/01/2022	SHA-256
HKEY_CURRENT_USER\SOfttware\Microsoft\WIndows\CurrentVersion\Run\SysWOW32 with its value as the path to the trojan. AsyncRAT AsyncRAT is a remote access tool meant to remotely monitor and control computers through secure encrypted connection. Threat actors in this campaign use the AsyncRAT client by setting its configuration to connect to the C2 server and provide the attacker with remote access to the victim	12/01/2022	Win_Registry
6b4401690cb0a07ee98ff3c5fc351b20c6e0a4ba7474c6ad858e5dc69a60b36f	12/01/2022	SHA-256
e3f46470aa9ef52628f741e07db33a6af854693ae2a761d397bf87fbfbe687c9	12/01/2022	SHA-256
13.82.65.56	12/01/2022	IPv4
40.85.140.7	12/01/2022	IPv4
44f5442b45a48365cdd6c7d1f16ba19dea4fb1865ea4e9178c5758929f59d0f7	12/01/2022	SHA-256
bbceba6fd06b01bd5c69ccab1ea106189455e1e85e577e278f9f362940b5442c	12/01/2022	SHA-256
a5d5de41b6546981f2284c07aa2fe17ac0b15727fb96fdff33db020a0826810e	12/01/2022	SHA-256
d42e5f2e60b39e2aca3dd09a4dd5803a04b33821e6da8808ef9ef450d6771e30	12/01/2022	SHA-256
eae81605341641ad10c18ab60b79339617f0219abaa1ab5ee7883fc9d429b885	12/01/2022	SHA-256
5d64794cf6025bccda9ea93926894bc49599573a8f59905cdb394e5137496150	12/01/2022	SHA-256
68106918876232b746129b1161c3ac81914672776522f722062945f55166ba68	12/01/2022	SHA-256

Download as CSV

View Report >>