Threat Roundup for June 16-22



As usual, we are bringing you the weekly Threat Roundup to highlight the most prevalent threats we've seen between June 15 and 22. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.

As a reminder, the information provided for the following threats in this post is non-exhaustive and is current as of the date of publication. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net.


The most prevalent threats highlighted in this round up are:

  • Win.Dropper.Generic-6584427-0
    Dropper
    This dropper attempts to allocate a memory region with the flag PAGE_EXECUTE_READWRITE to later inject malicious code and then execute it. These samples also contain TLS callback entries, which allow malware authors to execute malicious code before the debugger has a chance to pause at the traditional entry point.
  • Win.Dropper.Fareit-6584428-0
    Dropper
    Fareit dropper injects code into legitimate system processes, usually through an evasion technique called process hollowing. Some samples may use VB scripts to execute some of its malicious activities and modifies autorun registry keys to maintain persistence on the host.
  • Win.Dropper.Zbot-6584477-0
    Dropper
    Zbot (AKA Zeus bot) is info stealing malware targeting users banking credentials. You can read more on our blog https://talosintelligence.com/zeus_trojan.
  • Win.Trojan.Generic-6584512-1
    Trojan
    This trojan is sometimes related to the Emotet malware family. It creates a copy of itself in system directories such as C:\Windows\SysWOW64\. It is also capable of uploading files with information about the infected system to remote servers and adds a file as a Service in the System Registry Current Control Set.
  • Win.Malware.Installcore-6584374-1
    Malware
    This adware creates a copy of itself in %APPDATA% with the "tmp" extension. Some samples contain a library reference to the SetWindowsHookEx function that could be use to monitor keyboard or other user input, which could indicate keylogger capabilities.
  • Win.Trojan.Jaik-6584366-1
    Trojan
    Jaik contains a library reference to the VisualBasic runtime DLL, which allows the process to run Visual Basic scripts directly or internally. It also attempts to allocate a memory region with the flag PAGE_EXECUTE_READWRITE to later inject malicious code and then execute it.

Threats


Win.Dropper.Generic-6584427-0



Indicators of Compromise


Registry Keys
  • <HKCU>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\CONTENT
  • <HKCU>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\COOKIES
  • <HKCU>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\HISTORY
  • <HKCR>\LOCAL SETTINGS\MUICACHE\3E\52C64B7E
  • <HKLM>\SYSTEM\CONTROLSET001\CONTROL\NETWORK\{4D36E972-E325-11CE-BFC1-08002BE10318}\{9EB90D23-C5F9-4104-85A8-47DD7F6C4070}\CONNECTION
  • <A>\{F698CDEA-372F-11E8-8419-00501E3AE7B5}\DEFAULTOBJECTSTORE\LruList
  • <A>\{F698CDEA-372F-11E8-8419-00501E3AE7B5}\DEFAULTOBJECTSTORE\LRULIST\00000000000029D3
  • <A>\{F698CDEA-372F-11E8-8419-00501E3AE7B5}\DEFAULTOBJECTSTORE\OBJECTTABLE\AB5\INDEXES\FileIdIndex-{3f37ba64-ef5c-11e4-bb8d-806e6f6e6963}
  • <A>\{F698CDEA-372F-11E8-8419-00501E3AE7B5}\DEFAULTOBJECTSTORE\INDEXTABLE\FILEIDINDEX-{3F37BA64-EF5C-11E4-BB8D-806E6F6E6963}
  • <A>\{F698CDEA-372F-11E8-8419-00501E3AE7B5}\DEFAULTOBJECTSTORE\LRULIST
  • <A>\{F698CDEA-372F-11E8-8419-00501E3AE7B5}\DEFAULTOBJECTSTORE\LRULIST\00000000000029D3
  • <A>\{F698CDEA-372F-11E8-8419-00501E3AE7B5}\DEFAULTOBJECTSTORE\OBJECTTABLE\AB5
  • <A>\{F698CDEA-372F-11E8-8419-00501E3AE7B5}\DEFAULTOBJECTSTORE\OBJECTTABLE\AB5
  • <A>\{F698CDEA-372F-11E8-8419-00501E3AE7B5}\DEFAULTOBJECTSTORE\OBJECTTABLE\AB5
  • <HKCU>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\0a0d020000000000c000000000000046
  • <HKCU>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a
  • <HKCU>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\33fd244257221b4aa4a1d9e6cacf8474
  • <HKCU>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\3517490d76624c419a828607e2a54604
  • <HKCU>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\4c8f4917d8ab2943a2b2d4227b0585bf
  • <HKCU>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\5309edc19dc6c14cbad5ba06bdbdabd9
  • <HKCU>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\82fa2a40d311b5469a626349c16ce09b
  • <HKCU>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\8503020000000000c000000000000046
  • <HKCU>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2
  • <HKCU>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
  • <HKCU>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001
  • <HKCU>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002
  • <HKCU>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003
  • <HKCU>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9e71065376ee7f459f30ea2534981b83
  • <HKCU>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\a88f7dcf2e30234e8288283d75a65efb
  • <HKCU>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\c02ebc5353d9cd11975200aa004ae40e
  • <HKCU>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\d33fc3b19a738142b2fc0c56bd56ad8c
  • <HKCU>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\ddb0922fc50b8d42be5a821ede840761
  • <HKCU>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\df18513432d1694f96e6423201804111
  • <HKCU>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\ecd15244c3e90a4fbd0588a41ab27c55
  • <HKCU>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001
  • <HKCU>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}
  • <HKCU>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary
  • <A>\{F698CDEA-372F-11E8-8419-00501E3AE7B5}\DEFAULTOBJECTSTORE\OBJECTTABLE\AB5\INDEXES\FILEIDINDEX-{3F37BA64-EF5C-11E4-BB8D-806E6F6E6963}
  • <A>\{F698CDEA-372F-11E8-8419-00501E3AE7B5}\DEFAULTOBJECTSTORE\INDEXTABLE\FILEIDINDEX-{3F37BA64-EF5C-11E4-BB8D-806E6F6E6963}\10000000090A2
  • <A>\{F698CDEA-372F-11E8-8419-00501E3AE7B5}\DEFAULTOBJECTSTORE\OBJECTTABLE\AB5
  • <HKLM>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN
Mutexes
  • 8-3503835SZBFHHZ
  • O957R401SY5ZZzJz
IP Addresses
  • 198.54.117.218
  • 104.27.180.157
  • 184.168.221.104
  • 52.72.89.116
  • 64.98.145.30
  • 107.173.153.58
  • 162.213.249.103
  • 180.76.141.40
  • 217.76.128.34
  • 104.237.136.127
Domain Names
  • www.dingjian1688.com
  • www.tradewindsonlinemall.com
  • www.mewqaccmertgroup.com
  • www.holymedgap.com
  • www.tealeurope.com
  • www.clinicaslipedema.com
  • www.christynhomes.com
  • www.oliver-group.com
  • www.eloloans.com
  • www.yourdready.com
  • www.cinderellagames.com
Files and or directories created
  • %AllUsersProfile%\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol
  • %LocalAppData%\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\Policy.vpol
  • \PC*\MAILSLOT\NET\NETLOGON
  • %AllUsersProfile%\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol
  • %WinDir%\AppCompat\Programs\RecentFileCache.bcf
  • %ProgramFiles% (x86)\Bzv1lxh98
  • %ProgramFiles% (x86)\Bzv1lxh98\igfxnpttjhuh.exe
  • %LocalAppData%\Temp\Bzv1lxh98
  • %LocalAppData%\Temp\Bzv1lxh98\igfxnpttjhuh.exe
  • %ProgramFiles% (x86)\Bzv1lxh98\igfxnpttjhuh.exe
  • %AppData%\O957R401
  • %AppData%\O957R401\O95log.ini
  • %AppData%\O957R401\O95logim.jpeg
  • %AppData%\O957R401\O95logrc.ini
  • %AppData%\O957R401\O95logim.jpeg
  • %AppData%\O957R401\O95logrc.ini
  • \TEMP\tmpQDq_1r.exe
File Hashes
  • 20c27455b4a86eda29e494e4241f95599175133f8d852759be88641654374ef6
  • 286a7c32ede0a4650e399ee1fefc347d9265befc3381eacefdc63937e19cd6d4
  • 349a7f3b6c5cdb14d58b7eb8d2256a593f3097bf22960504d6d094472fbd1366
  • 3522d25848b5fe656d1fb100ae5d546f376569f8441f5c0e7745f4ac234a5c55
  • 7165fc0f622effb44f6893555e898f3cafea60858923409863e0e2528536999d
  • 7dd9adc72effd65e28191edfd0e282eb4375c3206983fdfae255d12d2f407e91
  • a6e515869be77e1f332df975ca719a54544a0fa56698607788294215369b2ff6
  • bf9274591ed4a439d9b5d8fd6e4c620804e7c33130c8cdc8258df3de7f330fd6
  • e1f0bfaa87925d5f89b9ccc3196246b26296a1ea305ab3bab6e681a78d130bf4
  • e3f0529b2f75ca2930b2bc3dc22d2ada08491abf7a3f384e8ef81ae91ef2b25d
  • fcf94877a6daa05e2e22d70f2d2deb469a655d77a8318a7d2b038a331364e780

Coverage


Screenshots of Detection

AMP



ThreatGrid



Win.Dropper.Fareit-6584428-0



Indicators of Compromise


Registry Keys
  • <HKCU>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
  • <HKCU>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\HISTORY
  • <HKCU>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\COOKIES
  • <HKCU>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\CONTENT
  • <HKLM>\Software\Microsoft\Fusion\GACChangeNotification\Default
  • <HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
  • <HKCU>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
Mutexes
  • N/A
IP Addresses
  • 216.146.43.71
Domain Names
  • checkip.dyndns.org
Files and or directories created
  • %AppData%\MDU Resources Group Inc\MDU Resources Group Inc.exe
  • %AppData%\MDU Resources Group Inc\MDU Resources Group Inc.exe
  • %AppData%\MDU Resources Group Inc
File Hashes
  • 09aee7d45b4d4990fbfe44fbc41d908d363c3c6b3a68a633b6d0d88819dd8203
  • 0ab5ea239c3b4a2eae0c9a8d7fe6fbfceb877e542a823bf971e712efaac84a00
  • 0ad759f72f4c8fcfb84067b4b53776763c2e5b663ee1617f15135918a056bc4f
  • 21793b775320c182c4db6ffd742445ddddc9dd4925ef1ca979ed6a35c617fd45
  • 27a501fb263df4360b53753c91a66bda55541d7e0b43e5698665978f537a2eb8
  • 2ff4ee2c05c59076e923c0ee07a27a2f8434fcfe047d341538b1ea8cdfa6729d
  • 3ac4b5cd646a722924118e761366480c83ab278dbb5416a5e58e0eddf3a1b903
  • 406d5dc4de69215015543a52be7d3bafdeb7191adc98084563d55b5996659ce4
  • 437068cc219c152d4bef83c2dd6916e0c0a090eb607c68018c28c6ac82c84b2f
  • 4c65d4cf2a7773a7358323b826665b0dcc8eefaa6cc543fb493f3aff3329804a
  • 7ff6c48e69875b5d824d1a6b005e179002076f4ce90fce5c9a22f044ac65291c
  • 94a44a077ea320d2bbf338b72fa4c263d8cf70eb398c5ffb07d5dc7e0adf840d
  • a92ad1f6f77b663420940708572de26cbaaeb70d4e22114f7c1c8f62d7f4d500
  • b381f69867fff9a3e07c84f7186a1ed86dbf98c7b9f09df3978b6649e13fb1c3
  • b5e589fd4e4522ab6320a76a1c2e69e6e1e557628e87cc16e0572ef0f31453d8
  • c0b1a8acf40906c0c0ee2041ee1e3f1c04ec0b73602b0ed8e8e97104075c70a7
  • c11d18e057fd911901e9473689b04156110cf5eea97e4b33f363b00ad0d161e0
  • c4df3b3743c9696c5f20b9763644bff65500440019bbc83f85930ddb287a936b
  • e18f8ac7f8275e648ef44c882e032389770e0ce4fda43142b69ab23ab4e9f45d
  • e9c8209739ed62082a8f9cb4067ab2c8ff2588db6c0a165726b55cb5bef62695
  • f32c8bd9e3c0bedcbe6c33d08723513d3da438219902c25012c10d648a11d824
  • f51967541563d54bd8e7219a127d5f2189cf01eb33236729b3dbb540b171d17d
  • fd29ce672f03d7970cbedcd45a75e512a1df62e758f5776b90e1af6f1a2c2f2c

Coverage


Screenshots of Detection

AMP



ThreatGrid



Win.Dropper.Zbot-6584477-0



Indicators of Compromise


Registry Keys
  • <HKCU>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\CONNECTIONS
  • <HKLM>\SYSTEM\CONTROLSET001\SERVICES\MPSSVC\PARAMETERS\PORTKEYWORDS\DHCP
  • <HKLM>\SYSTEM\CONTROLSET001\SERVICES\NETBT\PARAMETERS\INTERFACES\TCPIP_{9EB90D23-C5F9-4104-85A8-47DD7F6C4070}
  • <HKLM>\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS\INTERFACES\{9EB90D23-C5F9-4104-85A8-47DD7F6C4070}
  • <HKLM>\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS\INTERFACES\{9EB90D23-C5F9-4104-85A8-47DD7F6C4070}
  • <HKCU>\SOFTWARE\MICROSOFT\Ycbi
  • <HKCU>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
  • <HKCU>\SOFTWARE\Microsoft\Ycbi
  • <HKCU>\Software\Microsoft\Windows\Currentversion\Run
  • <HKCU>\SOFTWARE\MICROSOFT\YCBI
  • <HKCU>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
  • <HKCU>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\CONTENT
  • <HKCU>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\COOKIES
  • <HKCU>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\HISTORY
  • <HKCU>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS
  • <HKLM>\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP
  • <HKCU>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP
  • <HKLM>\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP
  • <HKCU>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP
  • <HKCU>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\ACTION CENTER\CHECKS\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.101
  • <HKCU>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\ACTION CENTER\CHECKS\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.103
  • <HKCU>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\ACTION CENTER\CHECKS\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.100
  • <HKCU>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\ACTION CENTER\CHECKS\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.102
  • <HKCU>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\ACTION CENTER\CHECKS\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.104
  • <HKCU>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\CONNECTIONS
Mutexes
  • N/A
IP Addresses
  • N/A
Domain Names
  • roster.su
  • etot.su
Files and or directories created
  • %LocalAppData%\Temp\tmpb550dbcc.bat
  • %AppData%\Ikywz
  • %AppData%\Ikywz\opmaf.exe
  • %AppData%\Meen
  • %AppData%\Meen\moibq.aqy
  • %AppData%\Zulie
  • %AppData%\Zulie\ylhib.ecf
  • %AppData%\Ikywz\opmaf.exe
  • %LocalAppData%\Microsoft\Windows\WebCache\WebCacheV01.dat
  • \TEMP\tmpWfEKb5.exe
  • %LocalAppData%\Temp\tmpb550dbcc.bat
  • %AppData%\Microsoft\Protect\S-1-5-21-2580483871-590521980-3826313501-500\Preferred
  • %AppData%\Microsoft\Protect\S-1-5-21-2580483871-590521980-3826313501-500\faf08ed1-edb0-448c-809a-73cb275c3833
File Hashes
  • 153f450b211047e543b1ccce8ef6afe41a476aeccfd961cd0159d24e1096f77f
  • 20d24c1936867db7511ec35003079dfd0bd6fa91f4bc0b34485c7f3a5adf31b4
  • 71361e9c9a716ad6b6e0cc13e35b1f3ac0e39aa1eb33d445b87add909fb6e665
  • b9163c8a5974b8b9397fc2af2fa692cbf6a9e332bf2fc5cc7cfe4ef256ec3bc6
  • bb463702eb24d0d43d4510366ef05dc0cc5d6c001db2d80b7da59ce27d0f096c
  • bfe8551016d5e77bc71774f3a1bb7b194ed0817ae11155347c8b3ec8f8f9578d
  • d2c7a02492ab09e846a8dac12ab7bb7d742f0052071ab194cb6f838c68b14381
  • df65bd267142c58835136c519d40eb4b529b735e4d0ee7baa7aee00e62d17f00
  • e1de7ded32c7deabba387fd5ccf09d62c8fbd13b18a6bf1c8fa17d6746688c84
  • f675c120ed096112a120ec9b4a72dd589f5fed33d280b851c71d1c9657397a5f
  • f9dd63a23f4cf30db953e13d2a9f66fa6db69ac59b432f3a7abe9b6d9a955631
  • fb48a9b9da0d772521f925d3f578930cbd078e438d8c0a796a1112f1f96db659

Coverage


Screenshots of Detection

AMP



ThreatGrid


Win.Trojan.Generic-6584512-1



Indicators of Compromise


Registry Keys
  • <HKLM>\SYSTEM\CONTROLSET001\SERVICES\MPSSVC\PARAMETERS\PORTKEYWORDS\DHCP
  • <HKCR>\LOCAL SETTINGS\MUICACHE\3E\52C64B7E
  • <HKLM>\SYSTEM\CONTROLSET001\CONTROL\NETWORK\{4D36E972-E325-11CE-BFC1-08002BE10318}\{9EB90D23-C5F9-4104-85A8-47DD7F6C4070}\CONNECTION
  • <A>\{F698CDEA-372F-11E8-8419-00501E3AE7B5}\DEFAULTOBJECTSTORE\IndexTable
  • <A>\{F698CDEA-372F-11E8-8419-00501E3AE7B5}\DEFAULTOBJECTSTORE\INDEXTABLE\FileIdIndex-{3f37ba64-ef5c-11e4-bb8d-806e6f6e6963}
  • <A>\{F698CDEA-372F-11E8-8419-00501E3AE7B5}\DEFAULTOBJECTSTORE\LRULIST\00000000000029D3
  • <A>\{F698CDEA-372F-11E8-8419-00501E3AE7B5}\DEFAULTOBJECTSTORE\LRULIST\00000000000029D6
  • <A>\{F698CDEA-372F-11E8-8419-00501E3AE7B5}\DEFAULTOBJECTSTORE
  • <A>\{F698CDEA-372F-11E8-8419-00501E3AE7B5}\DEFAULTOBJECTSTORE\LRULIST\00000000000029D3
  • <A>\{F698CDEA-372F-11E8-8419-00501E3AE7B5}\DEFAULTOBJECTSTORE\LRULIST\00000000000029D3
  • <A>\{F698CDEA-372F-11E8-8419-00501E3AE7B5}\DEFAULTOBJECTSTORE\LRULIST\00000000000029D6
  • <A>\{F698CDEA-372F-11E8-8419-00501E3AE7B5}\DEFAULTOBJECTSTORE\LRULIST\00000000000029D6
  • <HKU>\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\CONTENT
  • <HKU>\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\HISTORY
  • <HKU>\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\COOKIES
  • <A>\{F698CDEA-372F-11E8-8419-00501E3AE7B5}\DEFAULTOBJECTSTORE\OBJECTTABLE\AB6\INDEXES\FILEIDINDEX-{3F37BA64-EF5C-11E4-BB8D-806E6F6E6963}
  • <A>\{F698CDEA-372F-11E8-8419-00501E3AE7B5}\DEFAULTOBJECTSTORE\INDEXTABLE\FILEIDINDEX-{3F37BA64-EF5C-11E4-BB8D-806E6F6E6963}\8000000005683
  • <A>\{F698CDEA-372F-11E8-8419-00501E3AE7B5}\DEFAULTOBJECTSTORE\INDEXTABLE\FILEIDINDEX-{3F37BA64-EF5C-11E4-BB8D-806E6F6E6963}\A00000000572A
  • <HKLM>\SYSTEM\CONTROLSET001\SERVICES\GENRALNLA
  • <HKU>\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\CONNECTIONS
Mutexes
  • PEM1A4
  • PEM938
  • PEMB6C
  • PEM570
  • PEM6D0
  • PEM53C
  • PEMB18
IP Addresses
  • 192.168.1.1
  • 255.255.255.255
  • 192.168.1.255
  • 70.182.77.184
  • 69.17.170.58
  • 209.85.144.108
  • 68.1.17.8
  • 209.85.144.16
  • 62.254.26.220
  • 82.57.200.135
  • 193.252.22.86
  • 194.60.217.89
  • 74.124.44.100
  • 195.200.78.68
  • 64.8.71.14
  • 108.167.146.22
  • 193.252.22.84
  • 208.91.199.223
  • 64.210.232.50
  • 192.185.4.48
  • 217.79.186.14
  • 66.147.240.163
  • 64.98.36.162
  • 69.168.97.48
  • 62.254.26.231
  • 62.24.139.43
  • 216.40.42.154
  • 40.97.188.226
  • 184.154.202.50
  • 143.95.253.117
  • 198.89.124.197
  • 158.69.57.254
  • 192.185.4.148
  • 69.163.253.7
  • 74.208.196.99
  • 212.1.215.225
  • 195.229.241.221
  • 69.89.31.229
  • 54.169.79.115
  • 93.17.128.164
  • 50.87.144.90
  • 64.136.52.50
  • 144.217.66.117
  • 69.168.97.78
  • 62.24.202.43
  • 52.71.59.20
  • 64.4.202.62
Domain Names
  • smtp.orange.fr
  • smtp.googlemail.com
  • smtp.crosbyisd.org
  • smtp.robeson.k12.nc.us
  • smtp.fuse.net
  • smtp.tim.it
  • smtp.cox.net
  • smtp.blueyonder.co.uk
  • mail.vd.educanet2.ch
  • smtp.gmail.com
  • mail.wanadoo.fr
  • gator4037.hostgator.com
  • bbm-exchange.bbm-germany.de
  • mail.cmidwest.com
  • mail.banit.club
  • mail.sfr.fr
  • smtp.netzero.com
  • mail.telebeep.com
  • smtp.tiscali.co.uk
  • mail.virgin.net
  • s4.fcomet.com
  • smtp.gtscarrier.com
  • smtp.charter-business.net
  • mail.cecompute.com
  • smtp.hughes.net
  • smtp.rcn.com
  • mail.dbmcbride.com
  • smtp.talktalk.net
  • smtp.whitecars.com
  • gator4136.hostgator.com
  • mail.niuelec.com.pg
  • mail.rjcables.com
  • gator3071.hostgator.com
  • mail.fuse.net
  • smtp.wanadoo.fr
  • smtp.exchange.1and1.com
  • smtp.orthopaedicsopenjournal.com
  • mail.tropitelvalley.com
  • smtp.exchange.emailservice.io
  • box429.bluehost.com
  • mail.cmail.club
  • mail.xplornet.ca
  • mail.labolab.com.ec
  • smtp.nhspeedometer.com
  • smtp.emirates.net.ae
Files and or directories created
  • \srvsvc
  • %WinDir%\AppCompat\Programs\RecentFileCache.bcf
  • %System32%\config\SYSTEM
  • %System32%\config\SYSTEM.LOG1
  • %WinDir%\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
  • %WinDir%\SysWOW64\wrGwEEi.exe
  • %WinDir%\SysWOW64\wrGwEEi.exe
File Hashes
  • 07fd0e423c2272c76323d8b816f83ff4e4715fa97d22ef331131bd4ac5b084b4
  • 114d916fdfc70a518790f184311ff5ef3488b4181366e782b37c0d68fdfd2f1e
  • 482be1caf6a2a0b959a4a40460c007f88615ab787b8771474f9c6fc5cf5acf66
  • 4ac3cc415b1b3847b69ec0e7fb4287dce886fe17631a4f5a9f0f400118aa972a
  • 5ad9c2866e77495fe2d41c5067879bb938716fe00e4a8dbcfaa7b90a8b53655e
  • 5f12c45ebd24669b0e69e63c549c6812d742220c5221bb147c6312f1a68ac5dc
  • 6a3d06d6bbe7b98f604cc9167b7a96c94b8fb7f749f893038926f552b56c8931
  • 7335842c08c2f8caecf1754ca5d5ee75d9a4cdaae05d70792dd4be56127de424
  • 7f198deac8ecf78fc1658728669c1523176a65d71e95605b28991b09a40a6259
  • 8387856244d53a3025f8eafbe1cd2bbfcf0c40c6a04f70de1d0e22d29261de96
  • 86d9d667ba5d0880ada452dbac0b6dec35c30248398d14f984143ce7738e61fa
  • 969e2c1803df2eda353feb8381687922d28d58bc2910feabc894842d4d9a388f
  • 9c5e793117db00555164da86a4c4f075b24abef08b313bc192bb80a9f55f4e69
  • 9fbbcd37da800026d3dcd10d2e3cd622447ff0d91c65c6ddf4a232dee2b6f054
  • cc0208db49b171a19a6309301e78a0619bf3122887da1d28ea29ee0e84717026
  • dad9965c05194ec329b240eec4e975269c2f4bc2a3fdda057872991c541ef7f8
  • e7f818214208a01677a70b60b598703ab4c4408b1a495172e25934a7ae11c84b

Coverage


Screenshots of Detection

AMP



ThreatGrid



Win.Malware.Installcore-6584374-1



Indicators of Compromise


Registry Keys
  • <HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
  • <HKCU>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\CONTENT
  • <HKCU>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\COOKIES
  • <HKCU>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\HISTORY
  • <HKCU>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS
  • <HKCU>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\CONNECTIONS
  • <HKCU>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP
  • <HKCR>\LOCAL SETTINGS\MUICACHE\3E\52C64B7E
  • <HKLM>\SYSTEM\CONTROLSET001\CONTROL\NETWORK\{4D36E972-E325-11CE-BFC1-08002BE10318}\{9EB90D23-C5F9-4104-85A8-47DD7F6C4070}\CONNECTION
  • <HKCU>\Software\Microsoft\Internet Explorer\Main
Mutexes
  • !IECompat!Mutex
IP Addresses
  • 35.163.153.35
  • 52.206.6.222
  • 52.42.47.197
  • 34.218.108.244
Domain Names
  • rp.totikik1.com
  • os.totikik1.com
  • os2.totikik1.com
Files and or directories created
  • %LocalAppData%\Temp\in699DB22B\
  • %LocalAppData%\Temp\in699DB22B\2A4213C8.tmp
  • %LocalAppData%\Temp\INH265~1\css\
  • %LocalAppData%\Temp\INH265~1\css\ie6_main.css
  • %LocalAppData%\Temp\INH265~1\css\main.css
  • %LocalAppData%\Temp\INH265~1\css\sdk-ui\
  • %LocalAppData%\Temp\INH265~1\css\sdk-ui\browse.css
  • %LocalAppData%\Temp\INH265~1\css\sdk-ui\button.css
  • %LocalAppData%\Temp\INH265~1\css\sdk-ui\checkbox.css
  • %LocalAppData%\Temp\INH265~1\css\sdk-ui\images\
  • %LocalAppData%\Temp\INH265~1\css\sdk-ui\images\button-bg.png
  • %LocalAppData%\Temp\INH265~1\css\sdk-ui\images\progress-bg-corner.png
  • %LocalAppData%\Temp\INH265~1\css\sdk-ui\images\progress-bg.png
  • %LocalAppData%\Temp\INH265~1\css\sdk-ui\images\progress-bg2.png
  • %LocalAppData%\Temp\INH265~1\css\sdk-ui\progress-bar.css
  • %LocalAppData%\Temp\INH265~1\csshover3.htc
  • %LocalAppData%\Temp\INH265~1\form.bmp.Mask
  • %LocalAppData%\Temp\INH265~1\images\
  • %LocalAppData%\Temp\INH265~1\images\BG.png
  • %LocalAppData%\Temp\INH265~1\images\Close.png
  • %LocalAppData%\Temp\INH265~1\images\Close_Hover.png
  • %LocalAppData%\Temp\INH265~1\images\Color_Button.png
  • %LocalAppData%\Temp\INH265~1\images\Grey_Button.png
  • %LocalAppData%\Temp\INH265~1\images\Grey_Button_Hover.png
  • %LocalAppData%\Temp\INH265~1\images\Loader.gif
  • %LocalAppData%\Temp\INH265~1\images\Progress.png
  • %LocalAppData%\Temp\INH265~1\images\ProgressBar.png
  • %LocalAppData%\Temp\INH265~1\images\sponsored.png
  • %LocalAppData%\Temp\INH265~1\locale\
  • %LocalAppData%\Temp\INH265~1\locale\EN.locale
  • %LocalAppData%\Temp\INH265~1\images\Color_Button_Hover.png
  • %LocalAppData%\Temp\9E6FFDFF.log
  • %LocalAppData%\Temp\9E7000AD.log
  • %LocalAppData%\Temp\9E7000BD.log
  • %LocalAppData%\Temp\inH265813966324383\
  • %LocalAppData%\Temp\inH265813966324383\bootstrap_5001.html
  • %ProgramFiles% (x86)\9E7009E1.log
File Hashes
  • 00f5fb9fcc5740a8538141cd5faba3ff4c326558c62e5e95da316129785673c5
  • 012a09533536cc77bf0eaed8ab3acefae793bdd35223ce5391710c70ddffe393
  • 0135775f4298ddb7b44b2bb40c869c8ad78ba874203e151634eb2c71506c7332
  • 0546adad07a2169c980d9965bc94ed94b9fce9b2f310ae1be8c6df3ba8c0a177
  • 09d060282484fb0eed75a2f7e5970699b002c42ebddd5b0017911b01706f4646
  • 09d603e99ccec947facb2b2da48bd5c7da44c622da2c97344fa89ed39dd65812
  • 0a1c695bef83997a684e845b9179c9e229e4ca479e92e81b2e006dac6f559fe9
  • 0a52f81e4d9c244880353df9b641c88f4649ced7df1a820c1bcc5a9722189a0b
  • 0c07cb171aa5978cd5eeeecd22ed32b83e253926f82a439f2be076248894b1d9
  • 0c97012e37ef8f55af1b9926c065c9c08bc32224718f2bbd6f3a3e971f6075d7
  • 0e4ee2f6bddd019745bfca57bd47260ba52e0c8bc42013036b05d89fc643592a
  • 0ec5f5d88faf0ed99235adf55c0f97870512a10144d97d8b32658bf718d4bca8
  • 0fb590428e8b12d48d74e7744bb00aaa88c9079deadc8f5e61aec1145e67e0c1
  • 1357c5fa8e01e446f4ec0065e7400b5810ee53115735f09e97a3af413b6d8de9
  • 14018597d0f8231df086e21e0d8660b4ad94aeda5fefd3749604039731d50f55
  • 14416c9bf4c7b938377b528cddd359509ce3c09a57b12a756451432f96e3e8a9
  • 15d4ce867af59a0f95c4acd35c4abd4e0d8fe199a7a32fae5480c68669aa2469
  • 17bde73dc4ee1fd1999d6efe7519a25bbfc61fe53c705665a2451b26367826b4
  • 1806d1dc9deebea348c03f731696c0191f7ddf74b7c3af512df96e9c86dade47
  • 185b0a621bd278df79a77eddecfe9908e8032b9e19d5db930ef5cfa56b766a45
  • 1b6f5acaa8737285ab91f7ca5d80dff908aee706254c1aad1eabb8f310f78649
  • 1cd10e184752c9eb4bc7c1d3301bc80f5d56b25c294d66945e4ae86653aa87a8
  • 1e6bb4ed50b658e0bdd74fdfbb7897f847d83be01292b19fc29d4ebcc52557b6
  • 200de4855c7523956ccbd08585b6102cec28ddc0710a6a1e11885b7b73b1d541
  • 20ba5231bc9b84ce5640aca571ca65f76b0d1e2e5ff07250057c2757b3d58262

Coverage


Screenshots of Detection

AMP



ThreatGrid


Win.Trojan.Jaik-6584366-1



Indicators of Compromise


Registry Keys
  • <HKCU>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\CONTENT
  • <HKCU>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\COOKIES
  • <HKCU>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\HISTORY
  • <HKCR>\LOCAL SETTINGS\MUICACHE\3E\52C64B7E
  • <A>\{F698CDEA-372F-11E8-8419-00501E3AE7B5}\DEFAULTOBJECTSTORE\OBJECTTABLE\AB5
  • <A>\{F698CDEA-372F-11E8-8419-00501E3AE7B5}\DEFAULTOBJECTSTORE\INDEXTABLE\FILEIDINDEX-{3F37BA64-EF5C-11E4-BB8D-806E6F6E6963}\1000000008F79
  • <A>\{F698CDEA-372F-11E8-8419-00501E3AE7B5}\DEFAULTOBJECTSTORE\OBJECTTABLE\AB6
  • <A>\{F698CDEA-372F-11E8-8419-00501E3AE7B5}\DEFAULTOBJECTSTORE\LRULIST\00000000000029D6
  • <A>\{F698CDEA-372F-11E8-8419-00501E3AE7B5}\DEFAULTOBJECTSTORE\OBJECTTABLE\AB6\Indexes
  • <A>\{F698CDEA-372F-11E8-8419-00501E3AE7B5}\DEFAULTOBJECTSTORE\OBJECTTABLE\AB6\INDEXES\FileIdIndex-{3f37ba64-ef5c-11e4-bb8d-806e6f6e6963}
  • <A>\{F698CDEA-372F-11E8-8419-00501E3AE7B5}\DEFAULTOBJECTSTORE\OBJECTTABLE\AB5\INDEXES\FILEIDINDEX-{3F37BA64-EF5C-11E4-BB8D-806E6F6E6963}
  • <A>\{F698CDEA-372F-11E8-8419-00501E3AE7B5}\DEFAULTOBJECTSTORE\OBJECTTABLE\AB6\INDEXES\FILEIDINDEX-{3F37BA64-EF5C-11E4-BB8D-806E6F6E6963}
  • <HKCU>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\0a0d020000000000c000000000000046
  • <HKCU>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a
  • <HKCU>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\33fd244257221b4aa4a1d9e6cacf8474
  • <HKCU>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\3517490d76624c419a828607e2a54604
  • <HKCU>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\4c8f4917d8ab2943a2b2d4227b0585bf
  • <HKCU>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\5309edc19dc6c14cbad5ba06bdbdabd9
  • <HKCU>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\82fa2a40d311b5469a626349c16ce09b
  • <HKCU>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\8503020000000000c000000000000046
  • <HKCU>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2
  • <HKCU>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
  • <HKCU>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001
  • <HKCU>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002
  • <HKCU>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003
  • <HKCU>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9e71065376ee7f459f30ea2534981b83
  • <HKCU>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\a88f7dcf2e30234e8288283d75a65efb
  • <HKCU>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\c02ebc5353d9cd11975200aa004ae40e
  • <HKCU>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\d33fc3b19a738142b2fc0c56bd56ad8c
  • <HKCU>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\ecd15244c3e90a4fbd0588a41ab27c55
  • <HKCU>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001
  • <HKCU>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}
  • <HKCU>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary
  • <HKLM>\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
Mutexes
  • 8-3503835SZBFHHZ
  • O247ST8-UYZ6KDCz
IP Addresses
  • 34.202.122.77
  • 199.34.228.159
  • 188.93.150.105
  • 199.193.6.130
  • 79.98.129.62
  • 198.185.159.145
  • 156.67.212.57
  • 94.73.146.154
Domain Names
  • www.acilklimaservisi.net
  • www.mediquipmedicalsolutions.net
  • www.thisforthatquidproquo.com
  • www.verim.site
  • www.nextdealworld.com
  • www.pelatihanukm.com
  • www.maydiamondbeautyandstyle.com
  • www.mirrorxr.com
  • www.nuuee.com
  • www.walktofinancialfreedom.com
  • www.epsycoachez.com
Files and or directories created
  • \PC*\MAILSLOT\NET\NETLOGON
  • %AllUsersProfile%\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol
  • %LocalAppData%\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\Policy.vpol
  • %AppData%\O247ST8-
  • %AppData%\O247ST8-\O24log.ini
  • %AppData%\O247ST8-\O24logim.jpeg
  • %AppData%\O247ST8-\O24logrv.ini
  • %ProgramFiles% (x86)\L0xbx
  • %ProgramFiles% (x86)\L0xbx\winztqlgh18.exe
  • %LocalAppData%\Temp\L0xbx
  • %LocalAppData%\Temp\L0xbx\winztqlgh18.exe
  • \TEMP\tmptxf6QC.exe
File Hashes
  • 4145362d249b81cd7f7caca054693ef5621a1f820101b4bff27009c896157e75
  • 5270a58badc5af1c4eb47e8100958699dcb4ef137670da52e24d23f1d687caac
  • 5dda41fb0abc6528d80995aedb47c0b59fc6467e7307bbdc75d097aef50fcd21
  • 71f19b06d95ec1e2947c012008bda50e23fca9a8707ccef53f2b3d4c496d179e
  • 7985460fa754edcbc2e3aa499d0dacf771a60d8a2c53e05113faeccae1496542
  • a28fabc26c7bf6da4e8a7ae712c89fa173de94787aa612a245a1452a8fb4d497
  • c2d7be6d4ab0d11a3cae4872db6fd104f1cdfcf6516e3b3548297e3b86795bf9
  • da56e0abc288d01462844de42eeac4c7a14f76f09028ffb2d55909beace24504
  • eafe26e115ca9bf982d3b579f7970e3ffa4307b9e9ab5794dd14f192941360c6
  • ed5478099263686e19bf1fc7f5c169f84afb05ecc44008e3056d913e20edc6a6

Coverage





Screenshots of Detection

AMP



ThreatGrid



Tags: ,,,,
Share: Email, ReBlog, Twitter, Facebook, Pinterest, Google+
Newer Post: Newer Post
Older Post: Older Post
Date:
Edit this post

Discussion

Powered by Manual Template
Name

.NET 0-day 0day ACDSee Adobe advisory adwind AMP Android Antenna House antivirus apple APT arbitrary code execution Attribution Automation Bahamut BASS beers with talos bitcoin Bitvote Black Hat botnet Brazil BRKSEC-2010 CASC chrome cisco Cisco Live Cisco Security Clam AV ClamAV Cobalt group code injection command injection conferences Coverage cryptocurrency cryptomining CSV CTA CVE-2016-8610 CVE-2017-0199 cve-2017-11882 CVE-2017-5638 CVE-2018-3857 CVE-2018-3858 CVE-2018-3859 CVE-2018-3860 CVE-2018-3870 CVE-2018-3871 CVE-2018-8506 cybercrime dark cloud DDE Decryptor Def Con detection dispute DOC DoS Excel Exploit exploit kits RTF fast flux Flash formbook Foscam Foxit Fuzzing gandcrab google GoScanSSH gozi gplayed GravityRAT Group123 Hangul healthcare HWP Hyland IcedID ICS IDA Pro IMAP incident response India inesap infostealer intel iOS IoT iot malware iPhone IR isfb jRAT JScript kernel mode KevDroid Korea Linux macros MalDoc Malware Malware Analysis Malware Research MDM meltdown meraki Microsoft Microsoft Patch Tuesday Middle East miners mining mobile device management monero Moxa ms tuesday natus NavRAT new router malware NordVPN North Korea nvidia Office office router attack Olympic Destoryer Olympic Destroyer Olympics opsec password stealer patch tuesday PDF phishing PhotoLine PLC podcast pony Powershell privilege escalation ProntoVPN PTEX PubNub PubNubRAT py2exe Pyeongchang pyrebox python Qatar ransomware RAT remcos remote access tool remote code execution research research spotlight reven ReversingLabs Rocke Rockwell Automation ROKRAT rootkit rtf ruby ryptoShuffler samsam samsung Scriptlets security updates sennoma signatures SimpleDirect Media Layer smartthings Smoke Loader Snort Snort Rules Sony South Korea spam spectre spyeye stealer steam struts support Talos TALOS-2017-0507 talosintelligence.com telegrab telegram Tetrane Thanatos ThanatosDecryptor threat intelligence Threat Research Threat Research Summit Threat Round-up Threat Roundup ThreatGrid threats TIFF trickbot trojan TTRS Umbrella ursnif VBScript VMI vpn filter attack VPNFiler VPNFilter VPNFilter malware vuln dev vulndev vulnerabilities Vulnerability vulnerability analysis Vulnerability Report Vulnerability Research vulnerability spotlight vulnerabillity vulnerable routers Whitepaper Windows WindowsCodecs.dll wipers xamarin XSS
false
ltr
item
materialize material: Threat Roundup for June 16-22
Threat Roundup for June 16-22
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhnm8VLxkasp8AkmLiw33d0NngRNm0OZAXvEjxORu37CdQMsQgMydS0GXIlm5dlOFbZUroSDdM9Zp9rE-g7GoYlPBy3SFAubVU9EHA7T1wuek6XgyJXyFPG0IBoXoK6WQ6F6_DBG9YGtMw/s640/threat_roundup_logo_v2.png
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhnm8VLxkasp8AkmLiw33d0NngRNm0OZAXvEjxORu37CdQMsQgMydS0GXIlm5dlOFbZUroSDdM9Zp9rE-g7GoYlPBy3SFAubVU9EHA7T1wuek6XgyJXyFPG0IBoXoK6WQ6F6_DBG9YGtMw/s72-c/threat_roundup_logo_v2.png
materialize material
https://materialize-material.blogspot.com/2018/06/threat-roundup-for-june-16-22.html
https://materialize-material.blogspot.com/
http://materialize-material.blogspot.com/
http://materialize-material.blogspot.com/2018/06/threat-roundup-for-june-16-22.html
true
1816414542238562206
UTF-8
Not found any posts Not found any related posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU Tag ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Contents See also related Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS CONTENT IS PREMIUM Please share to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy