Russian Military Cyber Actors Target US and Global Critical Infrastructure

    Friday, September 6, 2024 In: Threat Research Print

    Date: 09/06/2024

    Severity: High

    Summary

    "Russian Military Cyber Actors Target US and Global Critical Infrastructure" is that Russian military cyber units have been actively targeting and compromising critical infrastructure systems in the US and worldwide. These attacks aim to disrupt essential services and gather sensitive information, highlighting the growing threat of state-sponsored cyber warfare. The report outlines various tactics used by these cyber actors, the vulnerabilities they exploit, and the potential risks to national and global security.

    Indicators of Compromise (IOC) List

    URL/Domain

    https://3proxy.ru

    https://cdn.discordapp.com/attachments/888408190625128461/895633952247799858/n.lashevychdirekcy.atom.gov.ua.zip

    https://cdn.discordapp.com/attachments/928503440139771947/930108637681184768/tbopbh.jpg

    https://cdn.discordapp.com/attachments/945968593030496269/945970446149509130/client.exe

    https://nssm.cc

    3237.site

    3proxy.ru

    cdn.discordapp.com

    discordapp.com

    dns.test658324901domain.me

    interlinks.top

    nssm.cc

    smm2021.net

    test658324901domain.me

    IP Address

    111.111.111.111

    112.132.218.45

    112.51.253.153

    154.21.20.82

    179.43.133.202

    179.43.142.42

    179.43.162.55

    179.43.175.108

    179.43.175.38

    179.43.176.60

    179.43.187.47

    179.43.189.218

    185.245.84.227

    185.245.85.251

    194.26.29.251

    194.26.29.84

    194.26.29.95

    194.26.29.98

    45.141.87.11

    46.101.242.222

    5.226.139.66

    62.173.140.223

    79.124.8.66

    81.17.24.130

    90.131.156.107

    Hash

    032f5642d4fb2fdd74e6f20a13c57746

03af632aa6f87bf9dd4364ee3b612cbb

08dfebc04eb61c9a6d87b6524c1c0f2e

09a2d85e809d36bff82bd5ab773980a3

0a2affa6d895baab087b84e93145da35

0adc2530cf348c0a3d53a680291a3d67

0dc5ac12f7690db15c99eaabc11b129c

0e03103e8110785156105946e48ea9e0

0e6374042b33d78329149a6189a7cb46

1220b580cef1bf22351e271773945d20

143594597130e301499e5940a5fb798a

14c8482f302b5e81e3fa1b18a509289d

17fc12902f4769af3a9271eb4e2dacce

1934e2ebc64d41e37ef53ea0c075e974

19cb20c4e7dbfe15c1aa284752d0fecb

1c85c0d044ac837e8939564afac1eb32

1cac5c0cb8801e8730447023270d8d56

1e22d64f263e8ea4b2d37dcd9b7c3012

2128361d8aaae1225d50c9add32006a1

246d9f9831b125ea7e6ef21bc4c8a0ca

246f31c86bbbe7f65c0126cf4a1a947a

251f3a4757d9e4de0499cc30c0bc00a9

28d571ddb5c04d065dfe1be9604663ba

29d83f29c0b0a0b7499e71e7d5cb713f

2b2509c6ee46d6327f2f1c9a75122d15

2b39eab325906b0a3ab7e584c3d67349

2b5f159f022109a8de1bc5dd9e3138a0

2ca6bcf16ee4293a771a1cf7b7b9ee49

2e035360971a817b854d7d5a2b008717

32db8abce1618e60441f5c7cf4be0d22

332b7f6662e28e3577bd1b269904b940

343b140977b3f9b227e7e5f82b0fadb5

3907c7fbd4148395284d8e6e3c1dba5d

394e056cb6cb732dfd5e0d45d3dae938

3bcff990faacbebb8fb470dfe03e2543

3ccf799ff208981349cee4fb1a1cf88c

3fe96ff4a5ef0f5346ce645a2a893597

4074798a621232dc448b65db7b1fdd66

41871fef433d7b4b89fd226fe3a1a2c0

422437f326b8dbe30cc5f103bde31f26

47f4534da421daf8089cf34d53f6bb6e

4bce4831b1dd71f19c55b3e3b5e99856

4c19aeecbfca13b8a199703d8b8284b9

4d8343c40be53d6521244fe74393d937

4e9c55c6fe25d61ca4394de794546fab

540ee8e39150c539fea582b0e77be7b0

54a9fa9eb337a3b5ca7b0fa4553e439d

552d9b79cc544fc6c3e8aa204dd00811

562c337b8caca330da2ea6ae07ee5db6

569c1d31f4c7ec7701d8e4e51b59fe85

56e0446a6d7175a0d09110bc483ddbed

58dc7c9577ff90a046359ca255c0c9f4

58e879213d81333b628434ba4aeb2751

59da31da4db1aa5f9a5c7c0c151422c8

5a537673c34933fc854fbfb65477a686

5b884f15dc9b072d7bbad9ec2b249f38

5c3b0040e2dece6e17093ae607b79044

5c9e2195d10375b746b6717fdb47b5b9

5d063eecd894d3d523875bc82ef6f319

5d5c99a08a7d927346ca2dafa7973fc1

5eaa7e812733a5c8cda734fab2f752d5

5f4df6dd8e644d59eaf182e500b5e7bf

601c12596dfea84c2113ae5ee59a52ec

6154760e602bd71192d93f72fbdb486e

618d62dd95fd9aeb855fe2ef1403dce5

64b9feeccf6c183b9f7138f8fc53acbb

673586594242d99ab02118595e457297

683546b9171a1ea284a96d1b45d1d823

6859fe5a3eead00a563cd93efcc6ea96

69e58c5ee69f5e5e8a58f4afdd59adfe

6a4fca88ee36fecc5113e188cc39d25c

6c152774f6894407075e6f0a2859bbae

6e1394938c2fecad2d4f5b3bcf357ec0

6eed4ee0cc57126e9a096ab9905f471c

7234da8ceafbe6586469f18c03cc1832

755dac7edd17fbf5b5c449dd06c02e14

764f691b2168e8b3b6f9fb6582e2f819

77675a24040f10c85112d9a219d5f1c7

77aa3f342a0d69fda67c853bcc004d48

78c855a088924e92a7f60d661c3d1845

791a81f31a8e7090a7d5417451e09efa

7a70d5fbbafe3454b76e3ad2f009618f

7c8cb5598e724d34384cce7402b11f0e

7d3b529db1bd896d9fd877b85cafdc64

7e0c42d33921a89724424f17c97037bd

7f84263fd24f783ff72d5ae91011b558

7fe7f33d9b5dbdf3d032d2a10e39f283

80f0ee332a452172533ad8863bb3bc63

85afdef18d65b0518d709a5a324ea57a

8633bd2bbbb5da22c3f8751150186c42

869742fb9db71fdb66f00528fe2966ec

8744cec7547b1e73705c10a264e28e08

875f9200b49db08c33962b0a6bd05ab9

896e0f54fc67d72d94b40d7885f10c51

8a2ba7f9cb6f65edf65dbe579907551e

8cfef66b390f08bdbfd940922cf51650

8d3d4d702ba6b4be2766a41bfe5ff76e

911c7e82f32f78577dcd725a7adb114d

9152c9de57b5647ee4ab3dff551dc8dd

9345425cf07b4c39a80cd8540e08bfde

94bf96b76c2a092de8962496ce35deaf

955e4c198ee58e40fe92cb74ceefdf00

95cf2a5a24b0d33d621bb8995d5826bc

9606b4720a0e73ef1f00505a11aab2f7

9657c2ef6ed5229740b125df9ca6c915

96964aed18f65a7acae632f358a093f6

974e7c0b3660fbf18f29eac059f85ac0

981160dee6cd25fb181e54eca7ff7c22

99305ce01cc2d0f58cd226efb2de893f

9935a86108e3ae3f72cd15817601dcc6

993f01861aff306df44e6475f7886f37

9b1191f1ceddf312b0d609cd929c6631

9b2924c727aa3a061906321a66c9050c

9c695be3703194fdb71c212a0832bcf3

9d7ab8b0aa669125d9a5adc4f46c56f3

9f11e915be5c0d02a3130329cf032a28

a1b509254a0a1daa7e00d279ec974461

a5494ffd9efb7c3df59c527076a05e62

a66b3b22a3619f739b197d0d443b700c

a905d620717f75751aa94ceb88995dbc

a9c9c0be8eca3b575c24da0fcf1af1a9

ad0ca738aa6c987e4ee1a87ff2b8acd5

aecb57e20d2c0b0d9fece2cbcbcc3459

af277ae0fbf6cc20f887696ea4756d46

af85885a74cfe099676af542dcdc5741

afbb9459d4a0f60d7ffb3b3532d11bc2

b0d0a23766fa64ece9315f37b28bb4c0

b32e14a9b7de6c92cd16758fa6e23346

b3370eb3c5ef6c536195b3bea0120929

b7c1a8d39f46eaf52be90e24565dd6b0

b85538f665fdb6c8d9a74f2df7369832

c265188fdadddb648629e8060601dca7

c9d1677f4f89b95b41591b23a1dc1a63

ca43a241042b5fcc305393765ae18e69

cc4a9db6f250114e26d8d9ba6ab46bc9

cd62d4a178705b2b90a8babd8613df93

cee5acbfef7e76f52f40b8ae95199c50

d034fe4c71b16b6d331886c24fef2751

d06761b2cff86035a4838110ed6ab622

d0b00a6c83ce810ec2763af17e8ab1c4

d33f608f561096be24cba91797e0da2f

d40195a444526eafb0db56d95bf8655d

d43446b4a22a597b93b559821ee5ac9b

d6b41747cb035c4c2b08790cd57f0626

d8c04ecd646a1f8537a59f63518ef3c6

d973210977957209f255b58eb1715b12

da4d81f9ef3b25ea09f34481d923dd9d

dc795cb9290b1bc0b7fb1ce9d6ae7c93

dd2431b1f858b4ca14a4ea05fb8c4a06

ddec2d79f460a881849037336ba8968f

de1bf141976776becd376a0dac400df6

de1f9d1f0336ddcff832ad3900acd2f1

de276cf07ccffa18d7ffc35281bca910

de85ca91e1e8100a619de1c25112f1a5

dea3ae8225913dd98148fc86cfc3bcbe

df4f856f783d23fb01af1e0e64bc0e20

e1a15bc13157134f542cd9c55c742460

e21fe98cc8866c0eeecf3549ebcec751

e2cc52273d56ed66c800a726760c1ed0

e4634ef9bfe7b598b857ad997445b239

e61518ae9454a563b8f842286bbdb87b

eac0ae655d344c25ff467a929790885c

eef2363744345741e09fe5380eeb4df3

f34f60375bebad861a35b7c4bb0fa1c8

f4f4e55a00d2f3a433c9e5624285ac1c

f73d203bdf924658fd6edf3444c93a50

f772f5c65d65412f61ef5f2660e33ceb

f8ffd1eab6223e31b15d0fd6c3c0472e

fa97dbe84ce7717b754795fa89f13dce

fba76f4eb2e7a2eb17193bebe290a198

fc418fdda06ce5982153766dcefb71d9

ffa68749aa3fc6495e2c49b01d964339

de1f9d1f0336ddcff832ad3900acd2f1

16525cb2fd86dce842107eb1ba6174b23f188537

189166d382c73c242ba45889d57980548d4ba37e

27c176bbd3e254d5e46ccb865d29c8c166ba4a9f

2e113050a81bbd0774db7e86fad4abd44e5b6ec2

4f06d376648def0bb8a325e70046a5030d2cb1d1

50566fdea2f4b8a3466427f9c6798dabe2587823

5d60c8507ac9b840a13ffdf19e3315a3e14de66a

5fbd9bd73040d7a2cac0fc21d2fe29ebe57fb597

7070b7e9d537c96a2218b3907b05af2d7378661c

731dab83ef1d02203db64fbefbe59f3791db1e21

7631b43feb02fb8dc97401e82a1ec5c7d970a055

80abdc5c36eb4a2745783e6590a13d92497c8513

82d29b52e35e7938e7ee610c04ea9daaf5e08e90

88c76d31b046227d82f94db87697b25e482eb398

892be61f0cf68425e42efda9aa31f0e14bc963b5

90fa56e79765d27d35706d028d32dc5be7efb623

91f7690be7d36bde7537193987610848289e0f56

9a4a1581cc3971579574f837e110f3bd6d529dab

a67205dc84ec29eb71bb259b19c1a1783865c0fc

b2d863fc444b99c479859ad7f012b840f896172e

b5e3e65cd6b09b17d4819a1379dde7db3e33813b

c3181fd7cb463893fc73974acc0016605d90ef6c

d2d96f0d819abd771617e806994effc180c7438c

d33f12dbcdd427c527a8285fd9ab0c848051288b

d4851eb90fc4ba627b6ce633c40852b963a1b555

db370ee79d9b4bd44e07f425d7b06beffc8bdded

f6acdc16c695c3c219116aea3d585efedcafdab5

fb83899dc633c59a8473a3048c9aacce7e1bf8d8

0dd61a16c625c49ffefaf4ce24cabf9a074028a06640d9bbb804f735ff56dfa3

163932f1d39d2ae140bcf89aee6d514f65902ce8b4d46c7061c1cc94eb2a25b2

2880f3c707dff1de85e6b9a7e7154648e2e1df535647c0917e8fb4ea0fe9fd20

29ae7b30ed8394c509c561f6117ea671ec412da50d435099756bbb257fafb10b

34ca75a8c190f20b8a7596afeb255f2228cb2467bd210b2637965b61ac7ea907

35feefe6bd2b982cb1a5d4c1d094e8665c51752d0a6f7e3cae546d770c280f3a

3c02aeeb57d3c64feae109f50a89774111a443142859891bae4fb2f469fa0466

3de02a782987b4463e02dda90df57a06fb0022eb8840a17c4c812631705ebf7c

489ab4819830d231c3fc3572c5386cad9d18773a8121373ea8174de981cc9166

4ff07f308da5b18f4a71ef09eea3f3c968683c93e8aa55d3f03975207e3b19ce

5e0f28bd2d49b73e96a87f5c20283ebe030f4bb39b3107d4d68015dce862991d

7f8d4a36d05b60f0dd986a3bbde1be34b10a2d80297d1ae28d3fdaaa914fb8bf

887936dc1db271c6970ca78f25c4eb62d3816761b675db2cf4a46645c98a5fd9

923eb77b3c9e11d6c56052318c119c1a22d11ab71675e6b95d05eeb73d1accd6

9ef7dbd3da51332a78eff19146d21c82957821e464e8133e9594a07d716d892d

a05f2999844495bffb3405b1db2d1927e5237e61d71edb599a5fa64e3e575856

a196c6b8ffcb97ffb276d04f354696e2391311db3841ae16c8c9f56f36a38e92

a5833236a73c66add109c8b53adda6f998bf92d63955fa06787d66d670d7889e

aa212493331277dd28a8b9b2f535c7b719ff9c6d4ccad121fd0a59dcb78697d9

aa79afbf82b06cda268664b7c83900d8f7a33e0f0071facba0b3d8f7a68ce56a

b72e8c0e4291e85ad683d6dcba449f18eacd31e8e5395c7064dcb05077db4a06

b7b76f3fe12e12b8d1d34dcd1a53ab18223ec10a5a7549b2db4cde5d84c8970d

b9e64b58d7746cb1d3bed20405ef34d097af08c809d8dad10b9296b0bebb2b0b

bc2e7451995e188f50581efb2b564dfbc5b593f57f7b52072eeba235a0861670

c27a3b0ffaba2258d66d595c5478f12ee8a107cd590132a4a72d8bfdaf486fc1

d3a80ce2fded8144d347ee0b42c18ff6ad8cb386c3a2fc884ef2348afe7633c9

db5a204a34969f60fe4a653f51d64eee024dbf018edea334e8b3df780eda846f

dcbbae5a1c61dbbbb7dcd6dc5dd1eb1169f5329958d38b58c3fd9384081c9b78

eab7c6ef336c0fe2e0d15e2ccfe851f7ee172bdc14cee2d25e1c245e9034279d

fae14137605c6a173eaca1e89ad92961e6cb2b66b924087f2f109c0ab38a0d71

fd4a5398e55beacb2315687a75af5aa15b776b5d36b9800a1792ede3955616c2

    Filenames

    Afgyyppsysmtddhvhhaw.dll

    Avbbwys.dll

    Azkebvoyswvjnrpmn.dll

    Budoejokuqbge.dll

    Bwqdffttejlkeqe.dll

    Bxqbsyxfkjzmhdtfceoak.dll

    Clsrncpbaucrabuobcpale.dll

    Cpdvzvzyghy.dll

    Ctiktdfyauejxfak.dll

    Czxhayyankwsp.dll

    Djpajq.dll

    Dmdtflkcgebf.dll

    Ejcpaujkmvjndgqznimmkgd.dll

    Encuutwvdqbxlxh.dll

    Esalfjyraquwfxcgufwzip.dll

    Fdgofjdvmmllgsxunb.dll

    Fkhzvcuucaprsibp.dll

    Fkthhyexkr.dll

    Fqattuyxknkhv.dll

    Fqyubbzbubsge.dll

    Frkmlkdkdubkznbkmcf.dll

    Gsiook.dll

    Gutjuhi.dll

    Hisvswmeswmnqbvzpoxzx.dll

    Hsoahb.dll

    Icyjkszdzgoxdfuwptkwxo.dll

    Jdfzavlqr.dll

    Jrdggfjvve.dll

    Jteieurqgvpgnhw.dll

    Kbuqtmznmodjzvxvwxcvho.dll

    Kdmvyizz.dll

    Kfxghcmg.dll

    Krewcizfplntbwcqawfhtfpd.dll

    Lsurhpmpyewhv.dll

    Mbkzrkfasxgxtzhgpgsehip.dll

    Mhnovdgzzidqx.dll

    Mlfampnfnmjvjnahkrawwqd.dll

    Mppveiyannobrcdlkd.dll

    Mzhyeemgqbmamubqn.dll

    Nbbudwt.dll

    Nhqcfzagulwaw.dll

    Nlzhpvuzzoycqnnpl.dll

    Noubvdigjlwsnqiylzgikkk.dll

    Nvxwbzciqarteyuz.dll

    Nykfvwmchighqwcguabvgq.dll

    Ofgdwttnmqibnmpqx.dll

    Ohtvepefcjnchrrasokn.dll

    Olkscszculdbzvco.dll

    Onkwzkpfuqazvali.dll

    Opaqwrazeyyilbbjlkf.dll

    Owxtabfdqhkaahhwsgkatuu.dll

    Poezcjhvkzgmnyqljpbte.dll

    Rvyqctymumtudroyae.dll

    Sutragevr.dll

    Sxkdxclqmxnmjgedhgagl.dll

    Tosyxesxgrzyb.dll

    Tpmnkauftdydomyz.dll

    Tptjtwfhpsjfksqoajt.dll

    Tsgblplhdwwj.dll

    Uqhznlcagzyoqrbyylnnwn.dll

    Uslrfkxccdyetfdxmaokbhv.dll

    Waordspinycera.dll

    Wcfsobntsczz.dll

    Wpqyhvfnunlabx.dll

    Wqwpawlulyrsrjcbvuvddeud.dll

    Wqxpgvsgvhygmfbziucxcuh.dll

    Xgcpgrxhchgwz.dll

    Xgkepoc.dll

    Xlfthpiq.dll

    Xlocky.dll

    Xqblktvxmnxrzwiuqdfxzrd.dll

    Xykqrksoqqgyuckfc.dll

    Yawyjonk.dll

    Yrknbt.dll

    Yvbmuigfihprdxgiirp.dll

    Ywrovtjimixpmizuln.dll

    Zfgdccnwnee.dll

    Zkuxhxwbvifejn.dll

    Zsdflpivel.dll

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    URL/Domain

    userdomainname like "https://3proxy.ru" or url like "https://3proxy.ru" or userdomainname like "https://cdn.discordapp.com/attachments/888408190625128461/895633952247799858/n.lashevychdirekcy.atom.gov.ua.zip" or url like "https://cdn.discordapp.com/attachments/888408190625128461/895633952247799858/n.lashevychdirekcy.atom.gov.ua.zip" or userdomainname like "https://cdn.discordapp.com/attachments/928503440139771947/930108637681184768/tbopbh.jpg" or url like "https://cdn.discordapp.com/attachments/928503440139771947/930108637681184768/tbopbh.jpg" or userdomainname like "https://cdn.discordapp.com/attachments/945968593030496269/945970446149509130/client.exe" or url like "https://cdn.discordapp.com/attachments/945968593030496269/945970446149509130/client.exe" or userdomainname like "https://nssm.cc" or url like "https://nssm.cc" or userdomainname like "3237.site" or url like "3237.site" or userdomainname like "3proxy.ru" or url like "3proxy.ru" or userdomainname like "cdn.discordapp.com" or url like "cdn.discordapp.com" or userdomainname like "discordapp.com" or url like "discordapp.com" or userdomainname like "dns.test658324901domain.me" or url like "dns.test658324901domain.me" or userdomainname like "interlinks.top" or url like "interlinks.top" or userdomainname like "nssm.cc" or url like "nssm.cc" or userdomainname like "smm2021.net" or url like "smm2021.net" or userdomainname like "test658324901domain.me" or url like "test658324901domain.me"

    IP Address

    dstipaddress IN ("111.111.111.111","112.132.218.45","112.51.253.153","154.21.20.82","179.43.133.202","179.43.142.42","179.43.162.55","179.43.175.108","179.43.175.38","179.43.176.60","179.43.187.47","179.43.189.218","185.245.84.227","185.245.85.251","194.26.29.251","194.26.29.84","194.26.29.95","194.26.29.98","45.141.87.11","46.101.242.222","5.226.139.66","62.173.140.223","79.124.8.66","81.17.24.130","90.131.156.10") or ipaddress IN ("111.111.111.111","112.132.218.45","112.51.253.153","154.21.20.82","179.43.133.202","179.43.142.42","179.43.162.55","179.43.175.108","179.43.175.38","179.43.176.60","179.43.187.47","179.43.189.218","185.245.84.227","185.245.85.251","194.26.29.251","194.26.29.84","194.26.29.95","194.26.29.98","45.141.87.11","46.101.242.222","5.226.139.66","62.173.140.223","79.124.8.66","81.17.24.130","90.131.156.10") or publicipaddress IN ("111.111.111.111","112.132.218.45","112.51.253.153","154.21.20.82","179.43.133.202","179.43.142.42","179.43.162.55","179.43.175.108","179.43.175.38","179.43.176.60","179.43.187.47","179.43.189.218","185.245.84.227","185.245.85.251","194.26.29.251","194.26.29.84","194.26.29.95","194.26.29.98","45.141.87.11","46.101.242.222","5.226.139.66","62.173.140.223","79.124.8.66","81.17.24.130","90.131.156.10") or srcipaddress IN ("111.111.111.111","112.132.218.45","112.51.253.153","154.21.20.82","179.43.133.202","179.43.142.42","179.43.162.55","179.43.175.108","179.43.175.38","179.43.176.60","179.43.187.47","179.43.189.218","185.245.84.227","185.245.85.251","194.26.29.251","194.26.29.84","194.26.29.95","194.26.29.98","45.141.87.11","46.101.242.222","5.226.139.66","62.173.140.223","79.124.8.66","81.17.24.130","90.131.156.10")

    Hash Query 1

    MD5hash IN ("032f5642d4fb2fdd74e6f20a13c57746","03af632aa6f87bf9dd4364ee3b612cbb","08dfebc04eb61c9a6d87b6524c1c0f2e","09a2d85e809d36bff82bd5ab773980a3","0a2affa6d895baab087b84e93145da35","0adc2530cf348c0a3d53a680291a3d67","0dc5ac12f7690db15c99eaabc11b129c","0e03103e8110785156105946e48ea9e0","0e6374042b33d78329149a6189a7cb46","1220b580cef1bf22351e271773945d20","143594597130e301499e5940a5fb798a","14c8482f302b5e81e3fa1b18a509289d","17fc12902f4769af3a9271eb4e2dacce","1934e2ebc64d41e37ef53ea0c075e974","19cb20c4e7dbfe15c1aa284752d0fecb","1c85c0d044ac837e8939564afac1eb32","1cac5c0cb8801e8730447023270d8d56","1e22d64f263e8ea4b2d37dcd9b7c3012","2128361d8aaae1225d50c9add32006a1","246d9f9831b125ea7e6ef21bc4c8a0ca","246f31c86bbbe7f65c0126cf4a1a947a","251f3a4757d9e4de0499cc30c0bc00a9","28d571ddb5c04d065dfe1be9604663ba","29d83f29c0b0a0b7499e71e7d5cb713f","2b2509c6ee46d6327f2f1c9a75122d15","2b39eab325906b0a3ab7e584c3d67349","2b5f159f022109a8de1bc5dd9e3138a0","2ca6bcf16ee4293a771a1cf7b7b9ee49","2e035360971a817b854d7d5a2b008717","32db8abce1618e60441f5c7cf4be0d22","de1bf141976776becd376a0dac400df6","de1f9d1f0336ddcff832ad3900acd2f1","de276cf07ccffa18d7ffc35281bca910","de85ca91e1e8100a619de1c25112f1a5","dea3ae8225913dd98148fc86cfc3bcbe")

    Hash Query 2

    MD5hash IN ("332b7f6662e28e3577bd1b269904b940","343b140977b3f9b227e7e5f82b0fadb5","3907c7fbd4148395284d8e6e3c1dba5d","394e056cb6cb732dfd5e0d45d3dae938","3bcff990faacbebb8fb470dfe03e2543","3ccf799ff208981349cee4fb1a1cf88c","3fe96ff4a5ef0f5346ce645a2a893597","4074798a621232dc448b65db7b1fdd66","41871fef433d7b4b89fd226fe3a1a2c0","422437f326b8dbe30cc5f103bde31f26","47f4534da421daf8089cf34d53f6bb6e","4bce4831b1dd71f19c55b3e3b5e99856","4c19aeecbfca13b8a199703d8b8284b9","4d8343c40be53d6521244fe74393d937","4e9c55c6fe25d61ca4394de794546fab","540ee8e39150c539fea582b0e77be7b0","54a9fa9eb337a3b5ca7b0fa4553e439d","552d9b79cc544fc6c3e8aa204dd00811","562c337b8caca330da2ea6ae07ee5db6","569c1d31f4c7ec7701d8e4e51b59fe85","56e0446a6d7175a0d09110bc483ddbed","58dc7c9577ff90a046359ca255c0c9f4","58e879213d81333b628434ba4aeb2751","59da31da4db1aa5f9a5c7c0c151422c8","5a537673c34933fc854fbfb65477a686","5b884f15dc9b072d7bbad9ec2b249f38","5c3b0040e2dece6e17093ae607b79044","5c9e2195d10375b746b6717fdb47b5b9","5d063eecd894d3d523875bc82ef6f319","5d5c99a08a7d927346ca2dafa7973fc1","df4f856f783d23fb01af1e0e64bc0e20","e1a15bc13157134f542cd9c55c742460","e21fe98cc8866c0eeecf3549ebcec751","e2cc52273d56ed66c800a726760c1ed0","e4634ef9bfe7b598b857ad997445b239")

    Hash Query 3

    MD5hash IN ("5eaa7e812733a5c8cda734fab2f752d5","5f4df6dd8e644d59eaf182e500b5e7bf","601c12596dfea84c2113ae5ee59a52ec","6154760e602bd71192d93f72fbdb486e","618d62dd95fd9aeb855fe2ef1403dce5","64b9feeccf6c183b9f7138f8fc53acbb","673586594242d99ab02118595e457297","683546b9171a1ea284a96d1b45d1d823","6859fe5a3eead00a563cd93efcc6ea96","69e58c5ee69f5e5e8a58f4afdd59adfe","6a4fca88ee36fecc5113e188cc39d25c","6c152774f6894407075e6f0a2859bbae","6e1394938c2fecad2d4f5b3bcf357ec0","6eed4ee0cc57126e9a096ab9905f471c","7234da8ceafbe6586469f18c03cc1832","755dac7edd17fbf5b5c449dd06c02e14","764f691b2168e8b3b6f9fb6582e2f819","77675a24040f10c85112d9a219d5f1c7","77aa3f342a0d69fda67c853bcc004d48","78c855a088924e92a7f60d661c3d1845","791a81f31a8e7090a7d5417451e09efa","7a70d5fbbafe3454b76e3ad2f009618f","7c8cb5598e724d34384cce7402b11f0e","7d3b529db1bd896d9fd877b85cafdc64","7e0c42d33921a89724424f17c97037bd","7f84263fd24f783ff72d5ae91011b558","7fe7f33d9b5dbdf3d032d2a10e39f283","80f0ee332a452172533ad8863bb3bc63","85afdef18d65b0518d709a5a324ea57a","8633bd2bbbb5da22c3f8751150186c42","e61518ae9454a563b8f842286bbdb87b","eac0ae655d344c25ff467a929790885c","eef2363744345741e09fe5380eeb4df3","f34f60375bebad861a35b7c4bb0fa1c8","f4f4e55a00d2f3a433c9e5624285ac1c")

    Hash Query 4

    MD5hash IN ("869742fb9db71fdb66f00528fe2966ec","8744cec7547b1e73705c10a264e28e08","875f9200b49db08c33962b0a6bd05ab9","896e0f54fc67d72d94b40d7885f10c51","8a2ba7f9cb6f65edf65dbe579907551e","8cfef66b390f08bdbfd940922cf51650","8d3d4d702ba6b4be2766a41bfe5ff76e","911c7e82f32f78577dcd725a7adb114d","9152c9de57b5647ee4ab3dff551dc8dd","9345425cf07b4c39a80cd8540e08bfde","94bf96b76c2a092de8962496ce35deaf","955e4c198ee58e40fe92cb74ceefdf00","95cf2a5a24b0d33d621bb8995d5826bc","9606b4720a0e73ef1f00505a11aab2f7","9657c2ef6ed5229740b125df9ca6c915","96964aed18f65a7acae632f358a093f6","974e7c0b3660fbf18f29eac059f85ac0","981160dee6cd25fb181e54eca7ff7c22","99305ce01cc2d0f58cd226efb2de893f","9935a86108e3ae3f72cd15817601dcc6","993f01861aff306df44e6475f7886f37","9b1191f1ceddf312b0d609cd929c6631","9b2924c727aa3a061906321a66c9050c","9c695be3703194fdb71c212a0832bcf3","9d7ab8b0aa669125d9a5adc4f46c56f3","9f11e915be5c0d02a3130329cf032a28","a1b509254a0a1daa7e00d279ec974461","a5494ffd9efb7c3df59c527076a05e62","a66b3b22a3619f739b197d0d443b700c","a905d620717f75751aa94ceb88995dbc","f73d203bdf924658fd6edf3444c93a50","f772f5c65d65412f61ef5f2660e33ceb","f8ffd1eab6223e31b15d0fd6c3c0472e","fa97dbe84ce7717b754795fa89f13dce","fba76f4eb2e7a2eb17193bebe290a198")

    Hash Query 5

    MD5hash IN ("a9c9c0be8eca3b575c24da0fcf1af1a9","ad0ca738aa6c987e4ee1a87ff2b8acd5","aecb57e20d2c0b0d9fece2cbcbcc3459","af277ae0fbf6cc20f887696ea4756d46","af85885a74cfe099676af542dcdc5741","afbb9459d4a0f60d7ffb3b3532d11bc2","b0d0a23766fa64ece9315f37b28bb4c0","b32e14a9b7de6c92cd16758fa6e23346","b3370eb3c5ef6c536195b3bea0120929","b7c1a8d39f46eaf52be90e24565dd6b0","b85538f665fdb6c8d9a74f2df7369832","c265188fdadddb648629e8060601dca7","c9d1677f4f89b95b41591b23a1dc1a63","ca43a241042b5fcc305393765ae18e69","cc4a9db6f250114e26d8d9ba6ab46bc9","cd62d4a178705b2b90a8babd8613df93","cee5acbfef7e76f52f40b8ae95199c50","d034fe4c71b16b6d331886c24fef2751","d06761b2cff86035a4838110ed6ab622","d0b00a6c83ce810ec2763af17e8ab1c4","d33f608f561096be24cba91797e0da2f","d40195a444526eafb0db56d95bf8655d","d43446b4a22a597b93b559821ee5ac9b","d6b41747cb035c4c2b08790cd57f0626","d8c04ecd646a1f8537a59f63518ef3c6","d973210977957209f255b58eb1715b12","da4d81f9ef3b25ea09f34481d923dd9d","dc795cb9290b1bc0b7fb1ce9d6ae7c93","dd2431b1f858b4ca14a4ea05fb8c4a06","ddec2d79f460a881849037336ba8968f","fc418fdda06ce5982153766dcefb71d9","ffa68749aa3fc6495e2c49b01d964339","de1f9d1f0336ddcff832ad3900acd2f1")

    Hash Query 6

    sha1hash IN ("16525cb2fd86dce842107eb1ba6174b23f188537","189166d382c73c242ba45889d57980548d4ba37e","27c176bbd3e254d5e46ccb865d29c8c166ba4a9f","2e113050a81bbd0774db7e86fad4abd44e5b6ec2","4f06d376648def0bb8a325e70046a5030d2cb1d1","50566fdea2f4b8a3466427f9c6798dabe2587823","5d60c8507ac9b840a13ffdf19e3315a3e14de66a","5fbd9bd73040d7a2cac0fc21d2fe29ebe57fb597","7070b7e9d537c96a2218b3907b05af2d7378661c","731dab83ef1d02203db64fbefbe59f3791db1e21","7631b43feb02fb8dc97401e82a1ec5c7d970a055","80abdc5c36eb4a2745783e6590a13d92497c8513","82d29b52e35e7938e7ee610c04ea9daaf5e08e90","88c76d31b046227d82f94db87697b25e482eb398","892be61f0cf68425e42efda9aa31f0e14bc963b5","90fa56e79765d27d35706d028d32dc5be7efb623","91f7690be7d36bde7537193987610848289e0f56","9a4a1581cc3971579574f837e110f3bd6d529dab","a67205dc84ec29eb71bb259b19c1a1783865c0fc","b2d863fc444b99c479859ad7f012b840f896172e","b5e3e65cd6b09b17d4819a1379dde7db3e33813b","c3181fd7cb463893fc73974acc0016605d90ef6c","d2d96f0d819abd771617e806994effc180c7438c","d33f12dbcdd427c527a8285fd9ab0c848051288b","d4851eb90fc4ba627b6ce633c40852b963a1b555","db370ee79d9b4bd44e07f425d7b06beffc8bdded","f6acdc16c695c3c219116aea3d585efedcafdab5","fb83899dc633c59a8473a3048c9aacce7e1bf8d8")

    Hash Query 7

    Sha256hash IN ("0dd61a16c625c49ffefaf4ce24cabf9a074028a06640d9bbb804f735ff56dfa3","163932f1d39d2ae140bcf89aee6d514f65902ce8b4d46c7061c1cc94eb2a25b2","2880f3c707dff1de85e6b9a7e7154648e2e1df535647c0917e8fb4ea0fe9fd20","29ae7b30ed8394c509c561f6117ea671ec412da50d435099756bbb257fafb10b","34ca75a8c190f20b8a7596afeb255f2228cb2467bd210b2637965b61ac7ea907","35feefe6bd2b982cb1a5d4c1d094e8665c51752d0a6f7e3cae546d770c280f3a","3c02aeeb57d3c64feae109f50a89774111a443142859891bae4fb2f469fa0466","3de02a782987b4463e02dda90df57a06fb0022eb8840a17c4c812631705ebf7c","489ab4819830d231c3fc3572c5386cad9d18773a8121373ea8174de981cc9166","4ff07f308da5b18f4a71ef09eea3f3c968683c93e8aa55d3f03975207e3b19ce","5e0f28bd2d49b73e96a87f5c20283ebe030f4bb39b3107d4d68015dce862991d","7f8d4a36d05b60f0dd986a3bbde1be34b10a2d80297d1ae28d3fdaaa914fb8bf","887936dc1db271c6970ca78f25c4eb62d3816761b675db2cf4a46645c98a5fd9","923eb77b3c9e11d6c56052318c119c1a22d11ab71675e6b95d05eeb73d1accd6","9ef7dbd3da51332a78eff19146d21c82957821e464e8133e9594a07d716d892d","a05f2999844495bffb3405b1db2d1927e5237e61d71edb599a5fa64e3e575856","a196c6b8ffcb97ffb276d04f354696e2391311db3841ae16c8c9f56f36a38e92","a5833236a73c66add109c8b53adda6f998bf92d63955fa06787d66d670d7889e","aa212493331277dd28a8b9b2f535c7b719ff9c6d4ccad121fd0a59dcb78697d9","aa79afbf82b06cda268664b7c83900d8f7a33e0f0071facba0b3d8f7a68ce56a","b72e8c0e4291e85ad683d6dcba449f18eacd31e8e5395c7064dcb05077db4a06","b7b76f3fe12e12b8d1d34dcd1a53ab18223ec10a5a7549b2db4cde5d84c8970d","b9e64b58d7746cb1d3bed20405ef34d097af08c809d8dad10b9296b0bebb2b0b","bc2e7451995e188f50581efb2b564dfbc5b593f57f7b52072eeba235a0861670","c27a3b0ffaba2258d66d595c5478f12ee8a107cd590132a4a72d8bfdaf486fc1","d3a80ce2fded8144d347ee0b42c18ff6ad8cb386c3a2fc884ef2348afe7633c9","db5a204a34969f60fe4a653f51d64eee024dbf018edea334e8b3df780eda846f","dcbbae5a1c61dbbbb7dcd6dc5dd1eb1169f5329958d38b58c3fd9384081c9b78","eab7c6ef336c0fe2e0d15e2ccfe851f7ee172bdc14cee2d25e1c245e9034279d","fae14137605c6a173eaca1e89ad92961e6cb2b66b924087f2f109c0ab38a0d71","fd4a5398e55beacb2315687a75af5aa15b776b5d36b9800a1792ede3955616c2")

    Filename Query 8

    ((resourcename in ("Windows Security" ) AND eventtype in ("4663" ) ) AND Objectname like "Afgyyppsysmtddhvhhaw.dll,Avbbwys.dll,Azkebvoyswvjnrpmn.dll,Budoejokuqbge.dll,Bwqdffttejlkeqe.dll,Bxqbsyxfkjzmhdtfceoak.dll,Clsrncpbaucrabuobcpale.dll,Cpdvzvzyghy.dll,Ctiktdfyauejxfak.dll,Czxhayyankwsp.dll,Djpajq.dll,Dmdtflkcgebf.dll,Ejcpaujkmvjndgqznimmkgd.dll,Encuutwvdqbxlxh.dll,Esalfjyraquwfxcgufwzip.dll,Fdgofjdvmmllgsxunb.dll,Fkhzvcuucaprsibp.dll,Fkthhyexkr.dll,Fqattuyxknkhv.dll,Fqyubbzbubsge.dll,Frkmlkdkdubkznbkmcf.dll,Gsiook.dll,Gutjuhi.dll,Hisvswmeswmnqbvzpoxzx.dll,Hsoahb.dll,Icyjkszdzgoxdfuwptkwxo.dll,Jdfzavlqr.dll,Jrdggfjvve.dll,Jteieurqgvpgnhw.dll,Kbuqtmznmodjzvxvwxcvho.dll,Kdmvyizz.dll,Kfxghcmg.dll,Krewcizfplntbwcqawfhtfpd.dll,Lsurhpmpyewhv.dll,Mbkzrkfasxgxtzhgpgsehip.dll,Mhnovdgzzidqx.dll,Mlfampnfnmjvjnahkrawwqd.dll,Mppveiyannobrcdlkd.dll,Mzhyeemgqbmamubqn.dll,Nbbudwt.dll,Nhqcfzagulwaw.dll,Nlzhpvuzzoycqnnpl.dll,Noubvdigjlwsnqiylzgikkk.dll,Nvxwbzciqarteyuz.dll,Nykfvwmchighqwcguabvgq.dll,Ofgdwttnmqibnmpqx.dll,Ohtvepefcjnchrrasokn.dll,Olkscszculdbzvco.dll,Onkwzkpfuqazvali.dll,Opaqwrazeyyilbbjlkf.dll,Owxtabfdqhkaahhwsgkatuu.dll,Poezcjhvkzgmnyqljpbte.dll,Rvyqctymumtudroyae.dll,Sutragevr.dll,Sxkdxclqmxnmjgedhgagl.dll,Tosyxesxgrzyb.dll,Tpmnkauftdydomyz.dll,Tptjtwfhpsjfksqoajt.dll,Uqhznlcagzyoqrbyylnnwn.dll,Uslrfkxccdyetfdxmaokbhv.dll,Waordspinycera.dll,Wcfsobntsczz.dll,Wpqyhvfnunlabx.dll,Wqwpawlulyrsrjcbvuvddeud.dll,Wqxpgvsgvhygmfbziucxcuh.dll,Xgcpgrxhchgwz.dll,Xgkepoc.dll,Xlfthpiq.dll,Xlocky.dll,Xqblktvxmnxrzwiuqdfxzrd.dll,Xykqrksoqqgyuckfc.dll,Yawyjonk.dll,Yrknbt.dll,Yvbmuigfihprdxgiirp.dll,Ywrovtjimixpmizuln.dll,Zfgdccnwnee.dll,Zkuxhxwbvifejn.dll,Zsdflpivel.dll")

    Filename Query 9((Technologygroup = "EDR" ) AND Objectname like "Afgyyppsysmtddhvhhaw.dll,Avbbwys.dll,Azkebvoyswvjnrpmn.dll,Budoejokuqbge.dll,Bwqdffttejlkeqe.dll,Bxqbsyxfkjzmhdtfceoak.dll,Clsrncpbaucrabuobcpale.dll,Cpdvzvzyghy.dll,Ctiktdfyauejxfak.dll,Czxhayyankwsp.dll,Djpajq.dll,Dmdtflkcgebf.dll,Ejcpaujkmvjndgqznimmkgd.dll,Encuutwvdqbxlxh.dll,Esalfjyraquwfxcgufwzip.dll,Fdgofjdvmmllgsxunb.dll,Fkhzvcuucaprsibp.dll,Fkthhyexkr.dll,Fqattuyxknkhv.dll,Fqyubbzbubsge.dll,Frkmlkdkdubkznbkmcf.dll,Gsiook.dll,Gutjuhi.dll,Hisvswmeswmnqbvzpoxzx.dll,Hsoahb.dll,Icyjkszdzgoxdfuwptkwxo.dll,Jdfzavlqr.dll,Jrdggfjvve.dll,Jteieurqgvpgnhw.dll,Kbuqtmznmodjzvxvwxcvho.dll,Kdmvyizz.dll,Kfxghcmg.dll,Krewcizfplntbwcqawfhtfpd.dll,Lsurhpmpyewhv.dll,Mbkzrkfasxgxtzhgpgsehip.dll,Mhnovdgzzidqx.dll,Mlfampnfnmjvjnahkrawwqd.dll,Mppveiyannobrcdlkd.dll,Mzhyeemgqbmamubqn.dll,Nbbudwt.dll,Nhqcfzagulwaw.dll,Nlzhpvuzzoycqnnpl.dll,Noubvdigjlwsnqiylzgikkk.dll,Nvxwbzciqarteyuz.dll,Nykfvwmchighqwcguabvgq.dll,Ofgdwttnmqibnmpqx.dll,Ohtvepefcjnchrrasokn.dll,Olkscszculdbzvco.dll,Onkwzkpfuqazvali.dll,Opaqwrazeyyilbbjlkf.dll,Owxtabfdqhkaahhwsgkatuu.dll,Poezcjhvkzgmnyqljpbte.dll,Rvyqctymumtudroyae.dll,Sutragevr.dll,Sxkdxclqmxnmjgedhgagl.dll,Tosyxesxgrzyb.dll,Tpmnkauftdydomyz.dll,Tptjtwfhpsjfksqoajt.dll,Uqhznlcagzyoqrbyylnnwn.dll,Uslrfkxccdyetfdxmaokbhv.dll,Waordspinycera.dll,Wcfsobntsczz.dll,Wpqyhvfnunlabx.dll,Wqwpawlulyrsrjcbvuvddeud.dll,Wqxpgvsgvhygmfbziucxcuh.dll,Xgcpgrxhchgwz.dll,Xgkepoc.dll,Xlfthpiq.dll,Xlocky.dll,Xqblktvxmnxrzwiuqdfxzrd.dll,Xykqrksoqqgyuckfc.dll,Yawyjonk.dll,Yrknbt.dll,Yvbmuigfihprdxgiirp.dll,Ywrovtjimixpmizuln.dll,Zfgdccnwnee.dll,Zkuxhxwbvifejn.dll,Zsdflpivel.dll")

    Reference:

    https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-249a


    Tags

    CISAMalwarePhishingExploitation

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2024 by Gurucul - All rights reserved.