Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- // MITRE ATT&CK Techniques
- [+] T1193 – Actor relies on spear-phishing as infection vector
- [+] T1002 – Actor compresses and encrypts data
- [+] T1132 – Actor encodes data
- [+] T1023 – Actor relies on shortcuts to achieve persistence
- [+] T1060 – Malware maintain persistence through Start menu folder
- [+] T1071 – Actor relies on standard application layer protocol for C2 coms
- [+] T1043 – Actor uses common ports to communicate
- // Indicators of Compromise
- SHA256: b018639e9a5f3b2b9c257b83ee51a3f77bbec1a984db13d1c00e0CC77704abb4
- SHA256: adf86d77eb4064c52a3e4fb3f1c3218ee2b7de2b1780b81c612886d72aa9c923
- SHA256: 1a172d92638e6fdb2858dcca7a78d4b03c424b7f14be75c2fd479f59049bc5f9 - https://www.virustotal.com/gui/file/1a172d92638e6fdb2858dcca7a78d4b03c424b7f14be75c2fd479f59049bc5f9/detection
- SHA256: ec254c40abff00b104a949f07b7b64235fc395ecb9311eb4020c1c4da0e6b5c4 - https://www.virustotal.com/gui/file/ec254c40abff00b104a949f07b7b64235fc395ecb9311eb4020c1c4da0e6b5c4/detection
- SHA256: 26a2fa7b45a455c311fd57875d8231c853ea4399be7b9344f2136030b2edc4aa - https://www.virustotal.com/gui/file/26a2fa7b45a455c311fd57875d8231c853ea4399be7b9344f2136030b2edc4aa/detection
- Domain name (compromised): curiofirenze[.]com
- IP Address: 193.70.64.163
- File: %USERPROFILE%”\AppData\Local\Microsoft\ThumbNail\thumnail.db
- File: %APPDATA% \Microsoft\Windows\Start Menu\Programs\Startup\thumbnail.lnk
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
