2020-11-10 AveMaria IOCs

1. THREAT ATTRIBUTION: AVEMARIA RAT
2. (Attribution is not 100% certain)
3.  
4. SUBJECTS OBSERVED
5. Shipping Invoice
6.  
7. SENDERS OBSERVED
8. [email protected]
9.  
10. MALDOC FILE HASHES
11. Invoice.xls
12. e57b69e23d20f2fa1a390c7bf0afce64
13.  
14. AVE MARIA PAYLOAD URLS
15. https://cutt.ly/7gCwp0G
16. https://cape-eye.co.za/Andfw7.exe
17.  
18. AVE MARIA PAYLOAD FILE HASHES
19. Andfw7.exe
20. 82fad720c1c6bf97c3157c2def0cf651
21.  
22. AVE MARIA C2
23. 209.127.186.228:6606
24.  
25. SUPPORTING EVIDENCE
26. https://urlhaus.abuse.ch/browse.php?search=cape-eye.co.za
27. (shows AveMaria, Masslogger and NetWire delivered from the same domain)
28.  
29. https://app.any.run/tasks/286047a6-7591-476c-ba09-45c2e58f3148/