http://blog.talosintelligence.com/2017/ ... lware.html
https://www.piriform.com/news/blog/2017 ... dows-users
https://www.virustotal.com/#/file/6f784 ... 9f432f0a9/ (in attachment below)
https://www.virustotal.com/#/file/1a4a5 ... 3cf6030ff/
https://www.virustotal.com/#/file/36b36 ... a0bfdb2e9/
INDICATORS OF COMPROMISE (IOCS)
File Hashes
6f7840c77f99049d788155c1351e1560b62b8ad18ad0e9adda8218b9f432f0a9
1a4a5123d7b2c534cb3e3168f7032cf9ebf38b9a2a97226d0fdb7933cf6030ff
36b36ee9515e0a60629d2c722b006b33e543dce1c8c2611053e0651a0bfdb2e9
DGA Domains
ab6d54340c1a[.]com
aba9a949bc1d[.]com
ab2da3d400c20[.]com
ab3520430c23[.]com
ab1c403220c27[.]com
ab1abad1d0c2a[.]com
ab8cee60c2d[.]com
ab1145b758c30[.]com
ab890e964c34[.]com
ab3d685a0c37[.]com
ab70a139cc3a[.]com
IP Addresses
216[.]126[.]225[.]148
https://www.piriform.com/news/blog/2017 ... dows-users
https://www.virustotal.com/#/file/6f784 ... 9f432f0a9/ (in attachment below)
https://www.virustotal.com/#/file/1a4a5 ... 3cf6030ff/
https://www.virustotal.com/#/file/36b36 ... a0bfdb2e9/
INDICATORS OF COMPROMISE (IOCS)
File Hashes
6f7840c77f99049d788155c1351e1560b62b8ad18ad0e9adda8218b9f432f0a9
1a4a5123d7b2c534cb3e3168f7032cf9ebf38b9a2a97226d0fdb7933cf6030ff
36b36ee9515e0a60629d2c722b006b33e543dce1c8c2611053e0651a0bfdb2e9
DGA Domains
ab6d54340c1a[.]com
aba9a949bc1d[.]com
ab2da3d400c20[.]com
ab3520430c23[.]com
ab1c403220c27[.]com
ab1abad1d0c2a[.]com
ab8cee60c2d[.]com
ab1145b758c30[.]com
ab890e964c34[.]com
ab3d685a0c37[.]com
ab70a139cc3a[.]com
IP Addresses
216[.]126[.]225[.]148
Attachments
Password: infected
(3.5 MiB) Downloaded 84 times
(3.5 MiB) Downloaded 84 times
