Inside Water Barghest’s Rapid Exploit-to-Market Strategy for IoT Devices

    Friday, November 22, 2024 In: Threat Research Print

    Date: 11/22/2024

    Severity: Medium

    Summary

    Water Barghest is a sophisticated botnet that rapidly exploits vulnerabilities in IoT devices, compromising them to create a vast network of over 20,000 devices by October 2024. The botnet automates the process of scanning public internet databases, such as Shodan, to identify and target vulnerable IoT devices. Once compromised, the Ngioweb malware is deployed to turn these devices into proxies. The entire process, from infection to the device being listed on a residential proxy marketplace, is highly efficient and can be completed in as little as 10 minutes. This rapid exploit-to-market strategy allows Water Barghest to quickly monetize compromised IoT devices.

    Indicators of Compromise (IOC) List

    URL/Domain

    dnslookip.com

    ipscoredns.com

    nslookups.com

    asdns.pp.ua

    asdns2.pp.ua

    ipwebinfo.net

    ipinfocheck.com

    whosedns.pp.ua

    antigutation.info

    antihicipate.com

    disimunous.com

    emelenalike.com

    enidecikive.net

    exagenafy.com

    inoluvary.com

    interocakate.com

    macrofocafify.org

    minixetepate.biz

    misukumotist.info

    monobimefist.com

    prekudinish.com

    prenurevaty.info

    promexucate.com

    recepatission.info

    remalexation.name

    semiridinution-postepudency.com

    subonuker.name

    ultradomafy.net

    underuvukent.com

    monobimefist.com

    prenurevaty.info 

    IP Address

    45.61.141.192

    67.220.85.145

    77.83.199.142

    79.141.162.154

    95.169.180.227

    104.234.240.65

    107.175.229.142

    144.172.76.24

    144.172.111.24

    154.7.253.113

    167.88.166.112

    167.88.168.2

    172.86.96.114

    173.211.70.205

    185.45.195.140

    207.189.164.106

    216.107.139.52

    23.105.170.30

    23.105.170.32

    23.105.170.33

    23.105.170.34

    23.105.170.35

    37.59.213.49

    38.91.106.214

    38.91.106.252

    38.91.107.2

    38.91.107.220

    38.91.107.224

    38.91.107.229

    46.105.44.29

    51.254.149.59

    51.254.167.45

    51.68.244.19

    51.83.116.2

    51.83.116.3

    51.83.116.5

    51.83.116.6

    51.83.116.7

    66.23.233.210

    66.29.128.241

    66.29.128.242

    66.29.128.243

    66.29.128.244

    66.29.128.245

    66.29.128.246

    66.29.129.52

    66.29.129.53

    66.29.129.54

    66.29.129.56

    67.213.210.115

    67.213.210.118

    67.213.210.167

    67.213.210.168

    67.213.210.175

    67.213.210.60

    67.213.210.61

    67.213.210.62

    67.213.212.36

    67.213.212.38

    67.213.212.39

    67.213.212.40

    67.213.212.47

    67.213.212.48

    67.213.212.49

    67.213.212.50

    67.213.212.51

    67.213.212.52

    67.213.212.53

    67.213.212.54

    67.213.212.55

    67.213.212.56

    67.213.212.57

    67.213.212.58

    108.181.132.115

    108.181.132.116

    108.181.132.117

    108.181.132.118

    108.181.133.58

    108.181.133.59

    138.201.21.218

    138.201.21.227

    138.201.21.228

    138.201.21.232

    138.201.21.233

    138.201.21.238

    141.94.238.246

    144.76.167.18

    144.76.167.23

    144.76.167.25

    144.76.167.26

    144.76.167.34

    144.76.167.37

    162.0.220.161

    162.0.220.214

    162.0.220.215

    162.0.220.216

    162.0.220.217

    162.0.220.218

    162.0.220.219

    162.0.220.220

    162.19.7.46

    162.19.7.47

    162.19.7.48

    162.19.7.49

    162.19.7.50

    162.19.7.53

    162.19.7.56

    162.19.7.57

    162.19.7.58

    162.19.7.59

    162.19.7.60

    162.19.7.61

    162.210.192.135

    162.210.192.136

    162.210.192.171

    162.210.197.69

    162.210.197.91

    174.138.176.74

    174.138.176.76

    174.138.176.77

    174.138.176.78

    195.154.43.182

    195.154.43.184

    195.154.43.189

    195.154.43.198

    195.154.43.221

    195.154.43.86

    198.7.56.71

    198.7.56.72

    198.7.56.73

    198.7.56.74

    198.7.61.67

    198.7.61.72

    209.159.153.19

    209.159.153.20

    209.159.153.21

    209.159.153.22

    212.83.137.142

    212.83.137.150

    212.83.137.165

    212.83.137.239

    212.83.137.30

    212.83.137.94

    212.83.138.132

    212.83.138.172

    212.83.138.186

    212.83.138.192

    212.83.138.245

    212.83.138.60

    212.83.142.100

    212.83.142.114

    212.83.142.131

    212.83.142.145

    212.83.142.149

    212.83.142.158

    212.83.143.103

    212.83.143.118

    212.83.143.147

    212.83.143.151

    212.83.143.159

    212.83.143.191

    212.83.143.204

    212.83.143.211

    212.83.143.223

    212.83.143.60

    212.83.143.97

    Hash

    83cf89428e07a1a10b22958dca25f50a8a151bccfa01ee9bcce870303a4f9861

7bddb716c233211fa7332586e7d3e859814ec508108fa1024c4fb99aab843cdf

6a3288b1d326290778544769ea7c1ed80af763ea47fee5131afef209a0e2d301

e0cdaaba90f061d31cfe0211fe207cb3971970a141d9d72f95c8a55c8d565cb1

e2423e93b84284890a27e3796491049a22f6496b3830e20e808dff1c77560e3d

1748978997d9630c568f6c06ff0767ed8b0cfbf5c93612daf600adefecfba2e1

a79ff2cd7f47b11d9176c40f0e82ba9b378c463ff9dd6e3e907df9480c7a1547

743f7c495048d8983bbedc3d52ea00c914fe008b06ef01c1be2a78cd5c1375f3

892eb161254733cf5923313544e923fface375c27b3dcf8f66e79da84c93cf65

129693d8c474a8de8f91e1d16e0129732aba20bea9ac24e7c68b345b7b05ad6f

a8f7eaf999eb6cc8461f785fad13da30315da80b534cae047c5811bbea3351e3

78a1b5bea50034e7a03e6ed5c0f4f80f1fbc770555891a73790e1b59a2fba608

5353228926aa96b546b33de4418f15e347441d16d292f4946beca6a0d314e635

600c56a175f3661f434d1fe3418fb4cca96cdf6f880bd74a389e0d16d85ca501

a3317844f3d6b5b2440be896b84fd6aa4ee77a0f9b656b784b235e077b69715d

bfab45d715e0e090ea18849661ed3ed58bdd7310c54c4a14a607eee4cc742e33

2bf2c10332f1d31e1b87e62ca2d7afc70f073c55474d7f03ff6c37caec28df4a

e3344c598a984dc5dc8dc1d971da8dd9b7058c48288dc5ad063548fff61543a1

35f95fbb1b439a89cbd6e825188fb64fde44aef9829d549b4f547850552e095c

9fead901a3012825841cb6091f52e0a914944fbb1460c3ddb9d07213fbb7e30e

9f1fcfb2fcc66f4e534d3348b8d01eef0be1b153bc022ae7601ed3a0817aae88

4af537b29c54f976801ee7688c4db78d4b4e7b9947769226afc108e4645cf20f

f6d70464165e00de26127464a84919f20521aa4efbecfae41e75688f74436489

05cd00f975bd2522d943e836ef5a1cb00806c6d684987274da850be348b2b1f4

b8385ce60ca6c69b7ea67fa93c7d5908809658e7d8a4fb9e003890b820979f53

9fda16ad1d32f34c221d0e074a4ef13217eded63b5ff507452c4e2bbb57df3a4

869965781d96a06741c2a28c54bb8e3233bc10fcb92455e6cb9ab0c9fc2c54d4

b9360f1434ce7ff45b3ca49ff7269293188a339747b03bcd395b71b1d179700f

be285b77211d1a33b7ae1665623a9526f58219e20a685b6548bc2d8e857b6b44

9cb6c49173e4cb5a0b3c2f6d69a5bdc0bc67138329f00afaf38d678f2c0e00a6

56657300f250fa9df77d6bc393bfc01d585d00bfb5302bf34314368fb13cbe26

4e8a36f467f1dab1b4768f67efd3712562699603839e38d93525c90989a4cf26

2e940e3bd88226cfbbfb7a2eefbdd675173fd2950847a9131e11c1682353e286

1fe1cece08fef19448a32a746f5c8f77521db757c2b345103834a5f617101f15

a8497257d78ea15088e0b9c68319a2c0ae8c651ed36780e9424effe97f440c0c

f95342caa61e77174fe7653eea60909b9db0102c27a0641e25cdc053689110ab

9fb33a16762dce934e7a48946e396ad672ab16d42a060021238f2ddf6a9f0514

97cadc2eba1eaa7a4115ea7cc82a6955bc69d8e2913b0b46f493f9cc84ec07de

74f4d77bf367063bccece2fb3796e6bd7a1f51528f58ed3f1450b7de6c29b5f4

5d89b09dfb7c09a3a42345a136293b469a71ef7a1f599102ad67c09dc4fc53bf

710e0317de732f1bce32ed96d33468cb2b55e513106393b11bf7800081f1e681

eddd909b49f2fef023a7b6188b2ae70bbf1e25e85f5e4c84c19cc25641f17175

c267e0bf3f1a0448e66427d5863d762af7cd6cc7ff812e6addcd4e54d9a46ac9

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Detection Query 1

    userdomainname like "ipscoredns.com" or url like "ipscoredns.com" or userdomainname like "emelenalike.com" or url like "emelenalike.com" or userdomainname like "misukumotist.info" or url like "misukumotist.info" or userdomainname like "ipinfocheck.com" or url like "ipinfocheck.com" or userdomainname like "remalexation.name" or url like "remalexation.name" or userdomainname like "macrofocafify.org" or url like "macrofocafify.org" or userdomainname like "enidecikive.net" or url like "enidecikive.net" or userdomainname like "disimunous.com" or url like "disimunous.com" or userdomainname like "recepatission.info" or url like "recepatission.info" or userdomainname like "underuvukent.com" or url like "underuvukent.com" or userdomainname like "monobimefist.com" or url like "monobimefist.com" or userdomainname like "dnslookip.com" or url like "dnslookip.com" or userdomainname like "ipwebinfo.net" or url like "ipwebinfo.net" or userdomainname like "nslookups.com" or url like "nslookups.com" or userdomainname like "promexucate.com" or url like "promexucate.com" or userdomainname like "minixetepate.biz" or url like "minixetepate.biz" or userdomainname like "prenurevaty.info" or url like "prenurevaty.info" or userdomainname like "ultradomafy.net" or url like "ultradomafy.net" or userdomainname like "exagenafy.com" or url like "exagenafy.com" or userdomainname like "antigutation.info" or url like "antigutation.info" or userdomainname like "asdns.pp.ua" or url like "asdns.pp.ua" or userdomainname like "asdns2.pp.ua" or url like "asdns2.pp.ua" or userdomainname like "whosedns.pp.ua" or url like "whosedns.pp.ua" or userdomainname like "antihicipate.com" or url like "antihicipate.com" or userdomainname like "inoluvary.com" or url like "inoluvary.com" or userdomainname like "interocakate.com" or url like "interocakate.com" or userdomainname like "prekudinish.com" or url like "prekudinish.com" or userdomainname like "semiridinution-postepudency.com" or url like "semiridinution-postepudency.com" or userdomainname like "subonuker.name" or url like "subonuker.name"

    Detection Query 2

    dstipaddress IN ("195.154.43.189","212.83.143.60","67.213.212.48","67.213.210.115","138.201.21.232","108.181.132.116","195.154.43.86","162.19.7.50","67.213.212.49","104.234.240.65","66.29.128.243","212.83.137.165","212.83.142.131","212.83.143.211","162.19.7.49","46.105.44.29","108.181.132.115","51.83.116.5","167.88.168.2","67.213.210.168","209.159.153.21","198.7.61.67","38.91.106.252","144.76.167.34","67.213.212.56","23.105.170.35","67.213.212.36","38.91.107.220","209.159.153.20","66.29.128.242","67.213.212.39","198.7.56.74","162.210.192.136","162.0.220.218","138.201.21.228","144.172.76.24","79.141.162.154","212.83.138.192","38.91.107.2","51.68.244.19","51.254.167.45","66.29.129.54","212.83.138.245","162.19.7.48","51.83.116.7","66.23.233.210","198.7.56.73","212.83.137.142","212.83.138.60","23.105.170.33","67.213.212.40","67.213.212.54","77.83.199.142","67.220.85.145","174.138.176.76","212.83.142.145","138.201.21.238","67.213.212.55","45.61.141.192","51.254.149.59","66.29.128.245","212.83.137.239","174.138.176.74","212.83.143.159","162.0.220.214","162.210.192.171","162.0.220.217","23.105.170.34","216.107.139.52","212.83.143.118","108.181.132.117","162.19.7.47","67.213.212.38","23.105.170.32","195.154.43.221","144.76.167.23","67.213.212.57","173.211.70.205","144.172.111.24","67.213.210.167","107.175.229.142","162.0.220.216","67.213.212.51","209.159.153.22","212.83.137.30","212.83.143.151","162.19.7.59","162.0.220.161","51.83.116.6","162.210.192.135","212.83.142.149","162.19.7.57","174.138.176.78","67.213.210.60","195.154.43.198","198.7.56.72","162.210.197.69","141.94.238.246","212.83.143.204","162.19.7.56","162.19.7.58","172.86.96.114","67.213.212.50","144.76.167.18","108.181.132.118","138.201.21.218","66.29.129.53","66.29.129.56","162.0.220.219","212.83.142.114","212.83.143.147","38.91.107.224","185.45.195.140","138.201.21.227","67.213.210.175","66.29.128.244","212.83.138.186","212.83.143.223","144.76.167.37","174.138.176.77","212.83.137.94","95.169.180.227","154.7.253.113","167.88.166.112","207.189.164.106","23.105.170.30","37.59.213.49","38.91.106.214","38.91.107.229","51.83.116.2","51.83.116.3","66.29.128.241","66.29.128.246","66.29.129.52","67.213.210.118","67.213.210.61","67.213.210.62","67.213.212.47","67.213.212.52","67.213.212.53","67.213.212.58","108.181.133.58","108.181.133.59","138.201.21.233","144.76.167.25","144.76.167.26","162.0.220.215","162.0.220.220","162.19.7.46","162.19.7.53","162.19.7.60","162.19.7.61","162.210.197.91","195.154.43.182","195.154.43.184","198.7.56.71","198.7.61.72","209.159.153.19","212.83.137.150","212.83.138.132","212.83.138.172","212.83.142.100","212.83.142.158","212.83.143.103","212.83.143.191","212.83.143.97") or ipaddress IN ("195.154.43.189","212.83.143.60","67.213.212.48","67.213.210.115","138.201.21.232","108.181.132.116","195.154.43.86","162.19.7.50","67.213.212.49","104.234.240.65","66.29.128.243","212.83.137.165","212.83.142.131","212.83.143.211","162.19.7.49","46.105.44.29","108.181.132.115","51.83.116.5","167.88.168.2","67.213.210.168","209.159.153.21","198.7.61.67","38.91.106.252","144.76.167.34","67.213.212.56","23.105.170.35","67.213.212.36","38.91.107.220","209.159.153.20","66.29.128.242","67.213.212.39","198.7.56.74","162.210.192.136","162.0.220.218","138.201.21.228","144.172.76.24","79.141.162.154","212.83.138.192","38.91.107.2","51.68.244.19","51.254.167.45","66.29.129.54","212.83.138.245","162.19.7.48","51.83.116.7","66.23.233.210","198.7.56.73","212.83.137.142","212.83.138.60","23.105.170.33","67.213.212.40","67.213.212.54","77.83.199.142","67.220.85.145","174.138.176.76","212.83.142.145","138.201.21.238","67.213.212.55","45.61.141.192","51.254.149.59","66.29.128.245","212.83.137.239","174.138.176.74","212.83.143.159","162.0.220.214","162.210.192.171","162.0.220.217","23.105.170.34","216.107.139.52","212.83.143.118","108.181.132.117","162.19.7.47","67.213.212.38","23.105.170.32","195.154.43.221","144.76.167.23","67.213.212.57","173.211.70.205","144.172.111.24","67.213.210.167","107.175.229.142","162.0.220.216","67.213.212.51","209.159.153.22","212.83.137.30","212.83.143.151","162.19.7.59","162.0.220.161","51.83.116.6","162.210.192.135","212.83.142.149","162.19.7.57","174.138.176.78","67.213.210.60","195.154.43.198","198.7.56.72","162.210.197.69","141.94.238.246","212.83.143.204","162.19.7.56","162.19.7.58","172.86.96.114","67.213.212.50","144.76.167.18","108.181.132.118","138.201.21.218","66.29.129.53","66.29.129.56","162.0.220.219","212.83.142.114","212.83.143.147","38.91.107.224","185.45.195.140","138.201.21.227","67.213.210.175","66.29.128.244","212.83.138.186","212.83.143.223","144.76.167.37","174.138.176.77","212.83.137.94","95.169.180.227","154.7.253.113","167.88.166.112","207.189.164.106","23.105.170.30","37.59.213.49","38.91.106.214","38.91.107.229","51.83.116.2","51.83.116.3","66.29.128.241","66.29.128.246","66.29.129.52","67.213.210.118","67.213.210.61","67.213.210.62","67.213.212.47","67.213.212.52","67.213.212.53","67.213.212.58","108.181.133.58","108.181.133.59","138.201.21.233","144.76.167.25","144.76.167.26","162.0.220.215","162.0.220.220","162.19.7.46","162.19.7.53","162.19.7.60","162.19.7.61","162.210.197.91","195.154.43.182","195.154.43.184","198.7.56.71","198.7.61.72","209.159.153.19","212.83.137.150","212.83.138.132","212.83.138.172","212.83.142.100","212.83.142.158","212.83.143.103","212.83.143.191","212.83.143.97") or publicipaddress IN ("195.154.43.189","212.83.143.60","67.213.212.48","67.213.210.115","138.201.21.232","108.181.132.116","195.154.43.86","162.19.7.50","67.213.212.49","104.234.240.65","66.29.128.243","212.83.137.165","212.83.142.131","212.83.143.211","162.19.7.49","46.105.44.29","108.181.132.115","51.83.116.5","167.88.168.2","67.213.210.168","209.159.153.21","198.7.61.67","38.91.106.252","144.76.167.34","67.213.212.56","23.105.170.35","67.213.212.36","38.91.107.220","209.159.153.20","66.29.128.242","67.213.212.39","198.7.56.74","162.210.192.136","162.0.220.218","138.201.21.228","144.172.76.24","79.141.162.154","212.83.138.192","38.91.107.2","51.68.244.19","51.254.167.45","66.29.129.54","212.83.138.245","162.19.7.48","51.83.116.7","66.23.233.210","198.7.56.73","212.83.137.142","212.83.138.60","23.105.170.33","67.213.212.40","67.213.212.54","77.83.199.142","67.220.85.145","174.138.176.76","212.83.142.145","138.201.21.238","67.213.212.55","45.61.141.192","51.254.149.59","66.29.128.245","212.83.137.239","174.138.176.74","212.83.143.159","162.0.220.214","162.210.192.171","162.0.220.217","23.105.170.34","216.107.139.52","212.83.143.118","108.181.132.117","162.19.7.47","67.213.212.38","23.105.170.32","195.154.43.221","144.76.167.23","67.213.212.57","173.211.70.205","144.172.111.24","67.213.210.167","107.175.229.142","162.0.220.216","67.213.212.51","209.159.153.22","212.83.137.30","212.83.143.151","162.19.7.59","162.0.220.161","51.83.116.6","162.210.192.135","212.83.142.149","162.19.7.57","174.138.176.78","67.213.210.60","195.154.43.198","198.7.56.72","162.210.197.69","141.94.238.246","212.83.143.204","162.19.7.56","162.19.7.58","172.86.96.114","67.213.212.50","144.76.167.18","108.181.132.118","138.201.21.218","66.29.129.53","66.29.129.56","162.0.220.219","212.83.142.114","212.83.143.147","38.91.107.224","185.45.195.140","138.201.21.227","67.213.210.175","66.29.128.244","212.83.138.186","212.83.143.223","144.76.167.37","174.138.176.77","212.83.137.94","95.169.180.227","154.7.253.113","167.88.166.112","207.189.164.106","23.105.170.30","37.59.213.49","38.91.106.214","38.91.107.229","51.83.116.2","51.83.116.3","66.29.128.241","66.29.128.246","66.29.129.52","67.213.210.118","67.213.210.61","67.213.210.62","67.213.212.47","67.213.212.52","67.213.212.53","67.213.212.58","108.181.133.58","108.181.133.59","138.201.21.233","144.76.167.25","144.76.167.26","162.0.220.215","162.0.220.220","162.19.7.46","162.19.7.53","162.19.7.60","162.19.7.61","162.210.197.91","195.154.43.182","195.154.43.184","198.7.56.71","198.7.61.72","209.159.153.19","212.83.137.150","212.83.138.132","212.83.138.172","212.83.142.100","212.83.142.158","212.83.143.103","212.83.143.191","212.83.143.97") or srcipaddress IN ("195.154.43.189","212.83.143.60","67.213.212.48","67.213.210.115","138.201.21.232","108.181.132.116","195.154.43.86","162.19.7.50","67.213.212.49","104.234.240.65","66.29.128.243","212.83.137.165","212.83.142.131","212.83.143.211","162.19.7.49","46.105.44.29","108.181.132.115","51.83.116.5","167.88.168.2","67.213.210.168","209.159.153.21","198.7.61.67","38.91.106.252","144.76.167.34","67.213.212.56","23.105.170.35","67.213.212.36","38.91.107.220","209.159.153.20","66.29.128.242","67.213.212.39","198.7.56.74","162.210.192.136","162.0.220.218","138.201.21.228","144.172.76.24","79.141.162.154","212.83.138.192","38.91.107.2","51.68.244.19","51.254.167.45","66.29.129.54","212.83.138.245","162.19.7.48","51.83.116.7","66.23.233.210","198.7.56.73","212.83.137.142","212.83.138.60","23.105.170.33","67.213.212.40","67.213.212.54","77.83.199.142","67.220.85.145","174.138.176.76","212.83.142.145","138.201.21.238","67.213.212.55","45.61.141.192","51.254.149.59","66.29.128.245","212.83.137.239","174.138.176.74","212.83.143.159","162.0.220.214","162.210.192.171","162.0.220.217","23.105.170.34","216.107.139.52","212.83.143.118","108.181.132.117","162.19.7.47","67.213.212.38","23.105.170.32","195.154.43.221","144.76.167.23","67.213.212.57","173.211.70.205","144.172.111.24","67.213.210.167","107.175.229.142","162.0.220.216","67.213.212.51","209.159.153.22","212.83.137.30","212.83.143.151","162.19.7.59","162.0.220.161","51.83.116.6","162.210.192.135","212.83.142.149","162.19.7.57","174.138.176.78","67.213.210.60","195.154.43.198","198.7.56.72","162.210.197.69","141.94.238.246","212.83.143.204","162.19.7.56","162.19.7.58","172.86.96.114","67.213.212.50","144.76.167.18","108.181.132.118","138.201.21.218","66.29.129.53","66.29.129.56","162.0.220.219","212.83.142.114","212.83.143.147","38.91.107.224","185.45.195.140","138.201.21.227","67.213.210.175","66.29.128.244","212.83.138.186","212.83.143.223","144.76.167.37","174.138.176.77","212.83.137.94","95.169.180.227","154.7.253.113","167.88.166.112","207.189.164.106","23.105.170.30","37.59.213.49","38.91.106.214","38.91.107.229","51.83.116.2","51.83.116.3","66.29.128.241","66.29.128.246","66.29.129.52","67.213.210.118","67.213.210.61","67.213.210.62","67.213.212.47","67.213.212.52","67.213.212.53","67.213.212.58","108.181.133.58","108.181.133.59","138.201.21.233","144.76.167.25","144.76.167.26","162.0.220.215","162.0.220.220","162.19.7.46","162.19.7.53","162.19.7.60","162.19.7.61","162.210.197.91","195.154.43.182","195.154.43.184","198.7.56.71","198.7.61.72","209.159.153.19","212.83.137.150","212.83.138.132","212.83.138.172","212.83.142.100","212.83.142.158","212.83.143.103","212.83.143.191","212.83.143.97")

    Detection Query 3

    sha256hash IN ("e0cdaaba90f061d31cfe0211fe207cb3971970a141d9d72f95c8a55c8d565cb1","5d89b09dfb7c09a3a42345a136293b469a71ef7a1f599102ad67c09dc4fc53bf","9fead901a3012825841cb6091f52e0a914944fbb1460c3ddb9d07213fbb7e30e","9fb33a16762dce934e7a48946e396ad672ab16d42a060021238f2ddf6a9f0514","c267e0bf3f1a0448e66427d5863d762af7cd6cc7ff812e6addcd4e54d9a46ac9","bfab45d715e0e090ea18849661ed3ed58bdd7310c54c4a14a607eee4cc742e33","743f7c495048d8983bbedc3d52ea00c914fe008b06ef01c1be2a78cd5c1375f3","56657300f250fa9df77d6bc393bfc01d585d00bfb5302bf34314368fb13cbe26","6a3288b1d326290778544769ea7c1ed80af763ea47fee5131afef209a0e2d301","f95342caa61e77174fe7653eea60909b9db0102c27a0641e25cdc053689110ab","710e0317de732f1bce32ed96d33468cb2b55e513106393b11bf7800081f1e681","600c56a175f3661f434d1fe3418fb4cca96cdf6f880bd74a389e0d16d85ca501","b8385ce60ca6c69b7ea67fa93c7d5908809658e7d8a4fb9e003890b820979f53","eddd909b49f2fef023a7b6188b2ae70bbf1e25e85f5e4c84c19cc25641f17175","97cadc2eba1eaa7a4115ea7cc82a6955bc69d8e2913b0b46f493f9cc84ec07de","05cd00f975bd2522d943e836ef5a1cb00806c6d684987274da850be348b2b1f4","9cb6c49173e4cb5a0b3c2f6d69a5bdc0bc67138329f00afaf38d678f2c0e00a6","e3344c598a984dc5dc8dc1d971da8dd9b7058c48288dc5ad063548fff61543a1","892eb161254733cf5923313544e923fface375c27b3dcf8f66e79da84c93cf65","7bddb716c233211fa7332586e7d3e859814ec508108fa1024c4fb99aab843cdf","5353228926aa96b546b33de4418f15e347441d16d292f4946beca6a0d314e635","e2423e93b84284890a27e3796491049a22f6496b3830e20e808dff1c77560e3d","4e8a36f467f1dab1b4768f67efd3712562699603839e38d93525c90989a4cf26","869965781d96a06741c2a28c54bb8e3233bc10fcb92455e6cb9ab0c9fc2c54d4","be285b77211d1a33b7ae1665623a9526f58219e20a685b6548bc2d8e857b6b44","35f95fbb1b439a89cbd6e825188fb64fde44aef9829d549b4f547850552e095c","a3317844f3d6b5b2440be896b84fd6aa4ee77a0f9b656b784b235e077b69715d","9f1fcfb2fcc66f4e534d3348b8d01eef0be1b153bc022ae7601ed3a0817aae88","a79ff2cd7f47b11d9176c40f0e82ba9b378c463ff9dd6e3e907df9480c7a1547","129693d8c474a8de8f91e1d16e0129732aba20bea9ac24e7c68b345b7b05ad6f","9fda16ad1d32f34c221d0e074a4ef13217eded63b5ff507452c4e2bbb57df3a4","a8497257d78ea15088e0b9c68319a2c0ae8c651ed36780e9424effe97f440c0c")

    Detection Query 4

    sha256hash IN ("83cf89428e07a1a10b22958dca25f50a8a151bccfa01ee9bcce870303a4f9861","1748978997d9630c568f6c06ff0767ed8b0cfbf5c93612daf600adefecfba2e1","a8f7eaf999eb6cc8461f785fad13da30315da80b534cae047c5811bbea3351e3","78a1b5bea50034e7a03e6ed5c0f4f80f1fbc770555891a73790e1b59a2fba608","2bf2c10332f1d31e1b87e62ca2d7afc70f073c55474d7f03ff6c37caec28df4a","4af537b29c54f976801ee7688c4db78d4b4e7b9947769226afc108e4645cf20f","f6d70464165e00de26127464a84919f20521aa4efbecfae41e75688f74436489","b9360f1434ce7ff45b3ca49ff7269293188a339747b03bcd395b71b1d179700f","2e940e3bd88226cfbbfb7a2eefbdd675173fd2950847a9131e11c1682353e286","1fe1cece08fef19448a32a746f5c8f77521db757c2b345103834a5f617101f15","74f4d77bf367063bccece2fb3796e6bd7a1f51528f58ed3f1450b7de6c29b5f4")

    Reference: 

    https://www.trendmicro.com/en_us/research/24/k/water-barghest.html 


    Tags

    BotnetMalwareWater Barghest

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2024 by Gurucul - All rights reserved.