Infostealer Campaign against ISPs

    Thursday, March 6, 2025 In: Threat Research Print

    Date: 03/06/2025

    Severity: High

    Summary

    This campaign targets ISP infrastructure providers on the West Coast of the United States and in China. Originating from Eastern Europe, the mass exploitation campaign uses basic tools to hijack victims' computer processing power, deploying cryptomining payloads and multi-functional binaries. Key tactics include:

    • Credential abuse through brute-force attacks using weak credentials
    • Data exfiltration via Command and Control (C2) servers
    • Deployment of additional crimeware
    • Self-termination to evade detection
    • Establishing persistence, disabling remote access, and launching pivot attacks on targeted CIDRs

    Indicators of Compromise (IOC) List

    Hash : 

    76b1237d26b94eb75ed600ba51d4b2414a8da48a30d06973921bcd0ee9fac761

4d084a7e0c656d038d3176e97a4f807d094ce78f6b1f92a6ada7b93cf6a7cf03

78f69097a5ba8480e39d735732d22319d7f4d05002940d99b326970353c8a545

713120bac7807f6fc0a6050135556c0614a66be2fb476cfe163877f3d03b4d08

16d2f6194d1b1989fbef4572055dbf62a0d6a2570b316ac15722192f1c559a50

95c101a0164af189cc282eb2d67e143b42e6d57d7ef396d59715a355a3162b96

6c36d61ad03e33dc3bc5d26e336855c4ab147541ccb989a35d3ed470fd1d521f

9e24c7b4604aa3022325b62154ac80dc76533fa96a3418d8e15d28c998fb9c53

11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5

644c9745d1d2f679db73fcb717dd37e180e19d5b0fc74575e4cefe4f543f2768

1cf2bdb1cdd34bb50d60f21b8208041913747b8deca5f26aa187d2e8c0e9a105

270b8685104389b8341dc7c68fb362579170b82bffe89cc964cb27c10e496f08

644c9745d1d2f679db73fcb717dd37e180e19d5b0fc74575e4cefe4f543f2768

2b8be1bbaf17a69326f65096a31054a1198e66a83e31c37d1eee1c2580d6c7fa

837dc4e83fcefc8334384c88d672eb2dee31bceb64657ca7bb4322536a810192

57d0b8a89b216aadb6525bccfdb67917d52e239856ae9011721e84746b99571e

f98a335a128a062323476454ae7c5490c5a134461ab49ee05afa81b4714d033c

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Hash : 

    sha256hash IN ("f98a335a128a062323476454ae7c5490c5a134461ab49ee05afa81b4714d033c","4d084a7e0c656d038d3176e97a4f807d094ce78f6b1f92a6ada7b93cf6a7cf03","270b8685104389b8341dc7c68fb362579170b82bffe89cc964cb27c10e496f08","76b1237d26b94eb75ed600ba51d4b2414a8da48a30d06973921bcd0ee9fac761","2b8be1bbaf17a69326f65096a31054a1198e66a83e31c37d1eee1c2580d6c7fa","78f69097a5ba8480e39d735732d22319d7f4d05002940d99b326970353c8a545","9e24c7b4604aa3022325b62154ac80dc76533fa96a3418d8e15d28c998fb9c53","16d2f6194d1b1989fbef4572055dbf62a0d6a2570b316ac15722192f1c559a50","95c101a0164af189cc282eb2d67e143b42e6d57d7ef396d59715a355a3162b96","6c36d61ad03e33dc3bc5d26e336855c4ab147541ccb989a35d3ed470fd1d521f","1cf2bdb1cdd34bb50d60f21b8208041913747b8deca5f26aa187d2e8c0e9a105","713120bac7807f6fc0a6050135556c0614a66be2fb476cfe163877f3d03b4d08","644c9745d1d2f679db73fcb717dd37e180e19d5b0fc74575e4cefe4f543f2768","11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5","644c9745d1d2f679db73fcb717dd37e180e19d5b0fc74575e4cefe4f543f2768","837dc4e83fcefc8334384c88d672eb2dee31bceb64657ca7bb4322536a810192","57d0b8a89b216aadb6525bccfdb67917d52e239856ae9011721e84746b99571e")


    Reference:    

    https://www.splunk.com/en_us/blog/security/infostealer-campaign-against-isps.html 


    Tags

    MalwareExploitCryptominingUnited StatesChinaFinancial Services

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2025 by Gurucul - All rights reserved.