2020-11-11 Ave Maria IOCs

1. THREAT ATTRIBUTION: AVEMARIA RAT
2.  
3. SUBJECTS OBSERVED
4. Shipping Invoice
5.  
6. SENDERS OBSERVED
7. [email protected]
8. [email protected]
9.  
10. MALDOC FILE HASHES
11. Shipping Invoice.xls
12. ab521c63163bb8be0139319493cb5e89
13.  
14. AVE MARIA PAYLOAD URLS
15. https://cutt.ly/WgV1bTC
16. https://cape-eye.co.za/originalfile.exe
17.  
18. AVE MARIA PAYLOAD FILE HASHES
19. originalfile.exe
20. c0a63243c263bc36091e9d0de51e4baa
21.  
22. AVE MARIA C2
23. 209.127.186.228:5200
24.  
25. resolves to:
26. warzonecastro.ddns.net
27.  
28. SUPPORTING EVIDENCE
29. https://urlhaus.abuse.ch/url/807237/
30. https://app.any.run/tasks/85ddbdda-2fd0-484d-90f6-9ef55a8ea0c6/
31. https://app.any.run/tasks/37e8edc3-4e05-40c3-a8ff-355da5f73564/
32. https://twitter.com/peterkruse/status/1326418390383210496