StopRansomware: Blacksuit (Royal) Ransomware

    Monday, August 12, 2024 In: Threat Research Print

    Date: 08/10/2024

    Severity: High

    Summary

    Blacksuit, also known as Royal ransomware, is a type of malicious software designed to encrypt files on a victim's computer, making them inaccessible until a ransom is paid. This ransomware typically targets businesses and organizations, often using phishing emails or other methods to gain access to systems. Once activated, it encrypts files and demands payment, usually in cryptocurrency, for the decryption key. To protect against Blacksuit ransomware, it's crucial to maintain regular backups, use robust security measures, and be cautious with email attachments and links.

    Indicators of Compromise (IOC) List

    IOCs for March 2023

    URL/Domains

    softeruplive.com

    sombrat.com

    parkerpublic.com

    altocloudzone.live

    tumbleproperty.com

    myappearinc.com

    gororama.com

    ciborkumari.xyz

    attack.mitre.org

    https://attack.mitre.org/tactics/enterprise/

    IP Address

    134.35.9.209

    5.44.42.20

    197.94.67.207

    105.69.155.85

    5.188.86.195

    5.181.234.58

    139.60.161.213

    113.169.187.159

    68.83.169.91

    181.164.194.228

    179.43.167.10

    81.184.181.215

    186.86.212.138

    209.141.36.116

    98.143.70.147

    105.158.118.241

    45.8.158.104

    47.87.229.39

    139.195.43.166

    23.111.114.52

    181.141.3.126

    197.207.181.147

    77.73.133.84

    45.227.251.167

    152.89.247.50

    41.251.121.35

    41.97.65.51

    140.82.48.158

    190.193.180.228

    42.189.12.36

    196.70.77.11

    45.61.136.47

    197.158.89.85

    197.11.134.255

    163.182.177.80

    197.207.218.27

    197.204.247.7

    89.108.65.136

    41.100.55.97

    186.64.67.6

    185.143.223.69

    94.232.41.105

    82.12.196.197

    148.213.109.165

    61.166.221.46

    41.109.11.80

    102.157.44.105

    193.149.176.157

    193.235.146.104

    41.107.77.67

    147.135.36.162

    185.7.214.218

    147.135.11.223

    Hash

    5cae01aea8ed390ce9bec17b6c1237e4

92283d4d0e7e730c3f4f5485bfa48cb6

50cc3a3bca96d7096c8118e838d9bc16

0191d87b91f1545e13b3af4a442ae949

cb8a14388e1da3956849d638af50fe9d

57bd8fba4aa26033fa080f390b31ed0e

5cb9d80f82f674b065c3d80816a370c4

cdcf4f24dc07d5da5be076793983a308

527c71c523d275c8367b67bbebf48e9f

1206bd44744d61f6c31aba2234c34d3e35b5bac7

7902b08fb184cfb9580d0ad950baf048a795f7c1

3288f6f98bc2445f4ad688b562fe12414893c1ac

3a80a49efaac5d839400e4fb8f803243fb39a513

dd37973be7e6ede23c131a48919a4f6e1fb49328

0488348645ebb39ee7a51a09f2705c87d89d27f1

a0ee0761602470e24bcea5f403e8d1e8bfa29832

65dc04f3f75deb3b287cca3138d9d0ec36b8bea0

b286b58ed32b6df4ecdb5df86d7d7d177bb7bfaf

342b398647073159dfa8a7d36510171f731b760089a546e96fbb8a292791efee

a83a5810ea7a4f02d4623c509dd9b88ad4e432177143e9e9b2b30f9b2943a1b0

19896a23d7b054625c2f6b1ee1551a0da68ad25cddbb24510a3b74578418e618

216047c048bf1dcbf031cf24bd5e0f263994a5df60b23089e393033d17257cb5

0a9a342cf4b9ccba811922b32c55498a3448b198702e2ec17269653c161bbda3

8a99353662ccae117d2bb22efd8c43d7169060450be413af763e8ad7522d2451

4cd00234b18e04dcd745cc81bb928c8451f6601affb5fa45f20bb11bfb5383ce

08c6e20b1785d4ec4e3f9956931d992377963580b4b2c6579fd9930e08882b1c

f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee

    IOCs for November 2023

    URL/Domain

    tumbleproperty.com

    attack.mitre.org

    sombrat.com

    gororama.com

    altocloudzone.live

    parkerpublic.com

    myappearinc.com

    softeruplive.com

    ciborkumari.xyz

    https://attack.mitre.org/tactics/enterprise/

    IP Address

    77.73.133.84

    197.207.218.27

    42.189.12.36

    5.181.234.58

    5.44.42.20

    197.204.247.7

    186.64.67.6

    163.182.177.80

    209.141.36.116

    82.12.196.197

    98.143.70.147

    179.43.167.10

    140.82.48.158

    5.188.86.195

    139.195.43.166

    45.8.158.104

    134.35.9.209

    102.157.44.105

    61.166.221.46

    81.184.181.215

    186.86.212.138

    41.97.65.51

    197.11.134.255

    68.83.169.91

    94.232.41.105

    193.235.146.104

    181.164.194.228

    152.89.247.50

    41.107.77.67

    196.70.77.11

    89.108.65.136

    45.61.136.47

    41.109.11.80

    197.94.67.207

    181.141.3.126

    148.213.109.165

    105.69.155.85

    41.100.55.97

    139.60.161.213

    147.135.11.223

    41.251.121.35

    113.169.187.159

    147.135.36.162

    45.227.251.167

    190.193.180.228

    197.158.89.85

    197.207.181.147

    185.143.223.69

    193.149.176.157

    105.158.118.241

    23.111.114.52

    47.87.229.39

    185.7.214.218

    Hash

    50cc3a3bca96d7096c8118e838d9bc16

0191d87b91f1545e13b3af4a442ae949

748de52961d2f182d47e88d736f6c835

57bd8fba4aa26033fa080f390b31ed0e

527c71c523d275c8367b67bbebf48e9f

92283d4d0e7e730c3f4f5485bfa48cb6

9656cd12e3a85b869ad90a0528ca026e

be7b13aee7b510b052d023dd936dc32f

5cae01aea8ed390ce9bec17b6c1237e4

5cb9d80f82f674b065c3d80816a370c4

cb8a14388e1da3956849d638af50fe9d

3288f6f98bc2445f4ad688b562fe12414893c1ac

65dc04f3f75deb3b287cca3138d9d0ec36b8bea0

b286b58ed32b6df4ecdb5df86d7d7d177bb7bfaf

dd37973be7e6ede23c131a48919a4f6e1fb49328

3a80a49efaac5d839400e4fb8f803243fb39a513

7902b08fb184cfb9580d0ad950baf048a795f7c1

9e19afc15c5781e8a89a75607578760aabad8e65

6715b888a280d54de9a8482e40444087fd4d5fe8

861793c4e0d4a92844994b640cc6bc3e20944a73

1206bd44744d61f6c31aba2234c34d3e35b5bac7

30cc7724be4a09d5bcd9254197af05e9fab76455

a0ee0761602470e24bcea5f403e8d1e8bfa29832

342b398647073159dfa8a7d36510171f731b760089a546e96fbb8a292791efee

a83a5810ea7a4f02d4623c509dd9b88ad4e432177143e9e9b2b30f9b2943a1b0

8a99353662ccae117d2bb22efd8c43d7169060450be413af763e8ad7522d2451

90ae0c693f6ffd6dc5bb2d5a5ef078629c3d77f874b2d2ebd9e109d8ca049f2c

19896a23d7b054625c2f6b1ee1551a0da68ad25cddbb24510a3b74578418e618

f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee

5654f32a4f0f2e900a35761e8caf7ef0c50ee7800e0a3b19354b571bc6876f61

91605641a4c7e859b7071a9841d1cd154b9027e6a58c20ec4cadafeaf47c9055

4cd00234b18e04dcd745cc81bb928c8451f6601affb5fa45f20bb11bfb5383ce

1c849adcccad4643303297fb66bfe81c5536be39a87601d67664af1d14e02b9e

08c6e20b1785d4ec4e3f9956931d992377963580b4b2c6579fd9930e08882b1c

216047c048bf1dcbf031cf24bd5e0f263994a5df60b23089e393033d17257cb5

b9ef2e948a9b49a6930fc190b22cbdb3571579d37a4de56564e41a2ef736767b

    IOCs for August 2024

    URL/Domain

    altocloudzone.live

    attack.mitre.org

    ciborkumari.xyz

    file.io

    gororama.com

    hourlyprofitstore.com

    interpolyaris.ru

    megupdate.com

    oldtimertreffen-rethem.de

    parencyivf.com

    parkerpublic.com

    protect-us.mimecast.com

    provincial-gaiters-gw.aws-use1.cloud-ara.tyk.io

    recruitment-interview.org

    softeruplive.com

    sombrat.com

    store.turnovercheck.com

    stroeck.at

    tumbleproperty.com

    zoommanager.com

    IP Address

    102.157.44.105

    105.158.118.241

    105.69.155.85

    113.169.187.159

    134.35.9.209

    138.199.53.226

    139.195.43.166

    139.60.161.213

    140.82.18.48

    140.82.48.158

    141.98.80.181

    143.244.146.183

    144.202.120.122

    147.135.11.223

    147.135.36.162

    148.213.109.165

    152.89.247.50

    155.138.150.236

    163.182.177.80

    179.43.167.10

    180.131.145.85

    181.141.3.126

    181.164.194.228

    184.166.211.74

    184.174.96.16

    185.143.223.69

    185.190.24.103

    185.7.214.218

    186.64.67.6

    186.86.212.138

    190.193.180.228

    193.149.176.157

    193.235.146.104

    193.37.69.116

    196.70.77.11

    197.11.134.255

    197.158.89.85

    197.204.247.7

    197.207.181.147

    197.207.218.27

    197.94.67.207

    209.141.36.116

    23.111.114.52

    41.100.55.97

    41.107.77.67

    41.109.11.80

    41.251.121.35

    41.97.65.51

    42.189.12.36

    45.141.87.218

    45.227.251.167

    45.61.136.47

    45.76.225.156

    45.8.158.104

    47.87.229.39

    5.181.234.58

    5.188.86.195

    5.44.42.20

    61.166.221.46

    68.83.169.91

    77.73.133.84

    81.184.181.215

    82.12.196.197

    89.108.65.136

    89.251.22.32

    93.184.221.240

    94.232.41.105

    98.143.70.147

    Hash

    0191d87b91f1545e13b3af4a442ae949

43250dd7f3a01c689131849c39f36482

50cc3a3bca96d7096c8118e838d9bc16

527c71c523d275c8367b67bbebf48e9f

57bd8fba4aa26033fa080f390b31ed0e

5cae01aea8ed390ce9bec17b6c1237e4

5cb9d80f82f674b065c3d80816a370c4

748de52961d2f182d47e88d736f6c835

75b55bb34dac9d02740b9ad6b6820360

75b55bb34dac9d02740b9ad6b6820360

92283d4d0e7e730c3f4f5485bfa48cb6

9495672a47fcaa5ce6f9f1bd86a56b79

9656cd12e3a85b869ad90a0528ca026e

be7b13aee7b510b052d023dd936dc32f

c1d6a5a9a9952583809ccf9ee7e67888

ed44877077716103973cbbebd531f38e

fa40a83774c126982696e8f8e380a49a

1206bd44744d61f6c31aba2234c34d3e35b5bac7

30cc7724be4a09d5bcd9254197af05e9fab76455

3182cc12b54a95a2d0d7f6fb8a0e4662a53bfe81

3288f6f98bc2445f4ad688b562fe12414893c1ac

39ef662922463b913e84a338ad4832674219964d

3a80a49efaac5d839400e4fb8f803243fb39a513

65dc04f3f75deb3b287cca3138d9d0ec36b8bea0

6715b888a280d54de9a8482e40444087fd4d5fe8

7902b08fb184cfb9580d0ad950baf048a795f7c1

861793c4e0d4a92844994b640cc6bc3e20944a73

9e19afc15c5781e8a89a75607578760aabad8e65

a17c21b909c56d93d978014e63fb06926eaea8e7

b286b58ed32b6df4ecdb5df86d7d7d177bb7bfaf

ceb8c699a57193aa3be2a1766b03050cde3c738a

dd37973be7e6ede23c131a48919a4f6e1fb49328

e4af08758daf4d2dc601a65ec739ad6959aea401

01ce9cfebb29596d0ab7c99e8dbadf1a8409750b183e6bf73e0de021b365be13

13d12091f39649493eab3cf0e56681e1ff0d8b982b85af65a0b2dd89532003a6

141b2190f51397dbd0dfde0e3904b264c91b6f81febc823ff0c33da980b69944

19896a23d7b054625c2f6b1ee1551a0da68ad25cddbb24510a3b74578418e618

1c849adcccad4643303297fb66bfe81c5536be39a87601d67664af1d14e02b9e

216047c048bf1dcbf031cf24bd5e0f263994a5df60b23089e393033d17257cb5

342b398647073159dfa8a7d36510171f731b760089a546e96fbb8a292791efee

4cd00234b18e04dcd745cc81bb928c8451f6601affb5fa45f20bb11bfb5383ce

5654f32a4f0f2e900a35761e8caf7ef0c50ee7800e0a3b19354b571bc6876f61

8a99353662ccae117d2bb22efd8c43d7169060450be413af763e8ad7522d2451

90ae0c693f6ffd6dc5bb2d5a5ef078629c3d77f874b2d2ebd9e109d8ca049f2c

91605641a4c7e859b7071a9841d1cd154b9027e6a58c20ec4cadafeaf47c9055

9493b512d7d15510ebee5b300c55b67f9f2ff1dda64bddc99ba8ba5024113300

a83a5810ea7a4f02d4623c509dd9b88ad4e432177143e9e9b2b30f9b2943a1b0

ae724dce252c7b05a84bc264993172cf86950d22744b5e3a1b15ba645d9d3733

b9ef2e948a9b49a6930fc190b22cbdb3571579d37a4de56564e41a2ef736767b

e87512ea12288acec611cf8e995c4ced3971d9e35c0c5dcfd9ee17c9e3ed913d

f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Queries for March 2023 IOCs

    Query 1

    userdomainname like "softeruplive.com" or url like "softeruplive.com" or userdomainname like "sombrat.com" or url like "sombrat.com" or userdomainname like "parkerpublic.com" or url like "parkerpublic.com" or userdomainname like "altocloudzone.live" or url like "altocloudzone.live" or userdomainname like "tumbleproperty.com" or url like "tumbleproperty.com" or userdomainname like "myappearinc.com" or url like "myappearinc.com" or userdomainname like "gororama.com" or url like "gororama.com" or userdomainname like "https://attack.mitre.org/tactics/enterprise/" or url like "https://attack.mitre.org/tactics/enterprise/" or userdomainname like "ciborkumari.xyz" or url like "ciborkumari.xyz" or userdomainname like "attack.mitre.org" or url like "attack.mitre.org"

    Query 2

    dstipaddress IN ("134.35.9.209","5.44.42.20","197.94.67.207","105.69.155.85","5.188.86.195","5.181.234.58","139.60.161.213","113.169.187.159","68.83.169.91","181.164.194.228","179.43.167.10","81.184.181.215","186.86.212.138","209.141.36.116","98.143.70.147","105.158.118.241","45.8.158.104","47.87.229.39","139.195.43.166","23.111.114.52","181.141.3.126","197.207.181.147","77.73.133.84","45.227.251.167","152.89.247.50","41.251.121.35","41.97.65.51","140.82.48.158","190.193.180.228","42.189.12.36","196.70.77.11","45.61.136.47","197.158.89.85","197.11.134.255","163.182.177.80","197.207.218.27","197.204.247.7","89.108.65.136","41.100.55.97","186.64.67.6","185.143.223.69","94.232.41.105","82.12.196.197","148.213.109.165","61.166.221.46","41.109.11.80","102.157.44.105","193.149.176.157","193.235.146.104","41.107.77.67","147.135.36.162","185.7.214.218","147.135.11.223") or ipaddress IN ("134.35.9.209","5.44.42.20","197.94.67.207","105.69.155.85","5.188.86.195","5.181.234.58","139.60.161.213","113.169.187.159","68.83.169.91","181.164.194.228","179.43.167.10","81.184.181.215","186.86.212.138","209.141.36.116","98.143.70.147","105.158.118.241","45.8.158.104","47.87.229.39","139.195.43.166","23.111.114.52","181.141.3.126","197.207.181.147","77.73.133.84","45.227.251.167","152.89.247.50","41.251.121.35","41.97.65.51","140.82.48.158","190.193.180.228","42.189.12.36","196.70.77.11","45.61.136.47","197.158.89.85","197.11.134.255","163.182.177.80","197.207.218.27","197.204.247.7","89.108.65.136","41.100.55.97","186.64.67.6","185.143.223.69","94.232.41.105","82.12.196.197","148.213.109.165","61.166.221.46","41.109.11.80","102.157.44.105","193.149.176.157","193.235.146.104","41.107.77.67","147.135.36.162","185.7.214.218","147.135.11.223") or publicipaddress IN ("134.35.9.209","5.44.42.20","197.94.67.207","105.69.155.85","5.188.86.195","5.181.234.58","139.60.161.213","113.169.187.159","68.83.169.91","181.164.194.228","179.43.167.10","81.184.181.215","186.86.212.138","209.141.36.116","98.143.70.147","105.158.118.241","45.8.158.104","47.87.229.39","139.195.43.166","23.111.114.52","181.141.3.126","197.207.181.147","77.73.133.84","45.227.251.167","152.89.247.50","41.251.121.35","41.97.65.51","140.82.48.158","190.193.180.228","42.189.12.36","196.70.77.11","45.61.136.47","197.158.89.85","197.11.134.255","163.182.177.80","197.207.218.27","197.204.247.7","89.108.65.136","41.100.55.97","186.64.67.6","185.143.223.69","94.232.41.105","82.12.196.197","148.213.109.165","61.166.221.46","41.109.11.80","102.157.44.105","193.149.176.157","193.235.146.104","41.107.77.67","147.135.36.162","185.7.214.218","147.135.11.223") or srcipaddress IN ("134.35.9.209","5.44.42.20","197.94.67.207","105.69.155.85","5.188.86.195","5.181.234.58","139.60.161.213","113.169.187.159","68.83.169.91","181.164.194.228","179.43.167.10","81.184.181.215","186.86.212.138","209.141.36.116","98.143.70.147","105.158.118.241","45.8.158.104","47.87.229.39","139.195.43.166","23.111.114.52","181.141.3.126","197.207.181.147","77.73.133.84","45.227.251.167","152.89.247.50","41.251.121.35","41.97.65.51","140.82.48.158","190.193.180.228","42.189.12.36","196.70.77.11","45.61.136.47","197.158.89.85","197.11.134.255","163.182.177.80","197.207.218.27","197.204.247.7","89.108.65.136","41.100.55.97","186.64.67.6","185.143.223.69","94.232.41.105","82.12.196.197","148.213.109.165","61.166.221.46","41.109.11.80","102.157.44.105","193.149.176.157","193.235.146.104","41.107.77.67","147.135.36.162","185.7.214.218","147.135.11.223")

    Query 3

    md5hash IN ("5cae01aea8ed390ce9bec17b6c1237e4","92283d4d0e7e730c3f4f5485bfa48cb6","50cc3a3bca96d7096c8118e838d9bc16","0191d87b91f1545e13b3af4a442ae949","cb8a14388e1da3956849d638af50fe9d","57bd8fba4aa26033fa080f390b31ed0e","5cb9d80f82f674b065c3d80816a370c4","cdcf4f24dc07d5da5be076793983a308","527c71c523d275c8367b67bbebf48e9f")

    Query 4

    sha1hash IN ("1206bd44744d61f6c31aba2234c34d3e35b5bac7","7902b08fb184cfb9580d0ad950baf048a795f7c1","3288f6f98bc2445f4ad688b562fe12414893c1ac","3a80a49efaac5d839400e4fb8f803243fb39a513","dd37973be7e6ede23c131a48919a4f6e1fb49328","0488348645ebb39ee7a51a09f2705c87d89d27f1","a0ee0761602470e24bcea5f403e8d1e8bfa29832","65dc04f3f75deb3b287cca3138d9d0ec36b8bea0","b286b58ed32b6df4ecdb5df86d7d7d177bb7bfaf")

    Query 5

    sha1hash IN ("1206bd44744d61f6c31aba2234c34d3e35b5bac7","7902b08fb184cfb9580d0ad950baf048a795f7c1","3288f6f98bc2445f4ad688b562fe12414893c1ac","3a80a49efaac5d839400e4fb8f803243fb39a513","dd37973be7e6ede23c131a48919a4f6e1fb49328","0488348645ebb39ee7a51a09f2705c87d89d27f1","a0ee0761602470e24bcea5f403e8d1e8bfa29832","65dc04f3f75deb3b287cca3138d9d0ec36b8bea0","b286b58ed32b6df4ecdb5df86d7d7d177bb7bfaf")

    Queries for November 2023 IOCs

    Query 1

    userdomainname like "tumbleproperty.com" or url like "tumbleproperty.com" or userdomainname like "attack.mitre.org" or url like "attack.mitre.org" or userdomainname like "sombrat.com" or url like "sombrat.com" or userdomainname like "gororama.com" or url like "gororama.com" or userdomainname like "altocloudzone.live" or url like "altocloudzone.live" or userdomainname like "parkerpublic.com" or url like "parkerpublic.com" or userdomainname like "myappearinc.com" or url like "myappearinc.com" or userdomainname like "softeruplive.com" or url like "softeruplive.com" or userdomainname like "https://attack.mitre.org/tactics/enterprise/" or url like "https://attack.mitre.org/tactics/enterprise/" or userdomainname like "ciborkumari.xyz" or url like "ciborkumari.xyz"

    Query 2

    dstipaddress IN ("77.73.133.84","197.207.218.27","42.189.12.36","5.181.234.58","5.44.42.20","197.204.247.7","186.64.67.6","163.182.177.80","209.141.36.116","82.12.196.197","98.143.70.147","179.43.167.10","140.82.48.158","5.188.86.195","139.195.43.166","45.8.158.104","134.35.9.209","102.157.44.105","61.166.221.46","81.184.181.215","186.86.212.138","41.97.65.51","197.11.134.255","68.83.169.91","94.232.41.105","193.235.146.104","181.164.194.228","152.89.247.50","41.107.77.67","196.70.77.11","89.108.65.136","45.61.136.47","41.109.11.80","197.94.67.207","181.141.3.126","148.213.109.165","105.69.155.85","41.100.55.97","139.60.161.213","147.135.11.223","41.251.121.35","113.169.187.159","147.135.36.162","45.227.251.167","190.193.180.228","197.158.89.85","197.207.181.147","185.143.223.69","193.149.176.157","105.158.118.241","23.111.114.52","47.87.229.39","185.7.214.218") or ipaddress IN ("77.73.133.84","197.207.218.27","42.189.12.36","5.181.234.58","5.44.42.20","197.204.247.7","186.64.67.6","163.182.177.80","209.141.36.116","82.12.196.197","98.143.70.147","179.43.167.10","140.82.48.158","5.188.86.195","139.195.43.166","45.8.158.104","134.35.9.209","102.157.44.105","61.166.221.46","81.184.181.215","186.86.212.138","41.97.65.51","197.11.134.255","68.83.169.91","94.232.41.105","193.235.146.104","181.164.194.228","152.89.247.50","41.107.77.67","196.70.77.11","89.108.65.136","45.61.136.47","41.109.11.80","197.94.67.207","181.141.3.126","148.213.109.165","105.69.155.85","41.100.55.97","139.60.161.213","147.135.11.223","41.251.121.35","113.169.187.159","147.135.36.162","45.227.251.167","190.193.180.228","197.158.89.85","197.207.181.147","185.143.223.69","193.149.176.157","105.158.118.241","23.111.114.52","47.87.229.39","185.7.214.218") or publicipaddress IN ("77.73.133.84","197.207.218.27","42.189.12.36","5.181.234.58","5.44.42.20","197.204.247.7","186.64.67.6","163.182.177.80","209.141.36.116","82.12.196.197","98.143.70.147","179.43.167.10","140.82.48.158","5.188.86.195","139.195.43.166","45.8.158.104","134.35.9.209","102.157.44.105","61.166.221.46","81.184.181.215","186.86.212.138","41.97.65.51","197.11.134.255","68.83.169.91","94.232.41.105","193.235.146.104","181.164.194.228","152.89.247.50","41.107.77.67","196.70.77.11","89.108.65.136","45.61.136.47","41.109.11.80","197.94.67.207","181.141.3.126","148.213.109.165","105.69.155.85","41.100.55.97","139.60.161.213","147.135.11.223","41.251.121.35","113.169.187.159","147.135.36.162","45.227.251.167","190.193.180.228","197.158.89.85","197.207.181.147","185.143.223.69","193.149.176.157","105.158.118.241","23.111.114.52","47.87.229.39","185.7.214.218") or srcipaddress IN ("77.73.133.84","197.207.218.27","42.189.12.36","5.181.234.58","5.44.42.20","197.204.247.7","186.64.67.6","163.182.177.80","209.141.36.116","82.12.196.197","98.143.70.147","179.43.167.10","140.82.48.158","5.188.86.195","139.195.43.166","45.8.158.104","134.35.9.209","102.157.44.105","61.166.221.46","81.184.181.215","186.86.212.138","41.97.65.51","197.11.134.255","68.83.169.91","94.232.41.105","193.235.146.104","181.164.194.228","152.89.247.50","41.107.77.67","196.70.77.11","89.108.65.136","45.61.136.47","41.109.11.80","197.94.67.207","181.141.3.126","148.213.109.165","105.69.155.85","41.100.55.97","139.60.161.213","147.135.11.223","41.251.121.35","113.169.187.159","147.135.36.162","45.227.251.167","190.193.180.228","197.158.89.85","197.207.181.147","185.143.223.69","193.149.176.157","105.158.118.241","23.111.114.52","47.87.229.39","185.7.214.218")

    Query 3

    md5hash IN ("50cc3a3bca96d7096c8118e838d9bc16","0191d87b91f1545e13b3af4a442ae949","748de52961d2f182d47e88d736f6c835","57bd8fba4aa26033fa080f390b31ed0e","527c71c523d275c8367b67bbebf48e9f","92283d4d0e7e730c3f4f5485bfa48cb6","9656cd12e3a85b869ad90a0528ca026e","be7b13aee7b510b052d023dd936dc32f","5cae01aea8ed390ce9bec17b6c1237e4","5cb9d80f82f674b065c3d80816a370c4","cb8a14388e1da3956849d638af50fe9d")

    Query 4

    sha1hash IN ("3288f6f98bc2445f4ad688b562fe12414893c1ac","65dc04f3f75deb3b287cca3138d9d0ec36b8bea0","b286b58ed32b6df4ecdb5df86d7d7d177bb7bfaf","dd37973be7e6ede23c131a48919a4f6e1fb49328","3a80a49efaac5d839400e4fb8f803243fb39a513","7902b08fb184cfb9580d0ad950baf048a795f7c1","9e19afc15c5781e8a89a75607578760aabad8e65","6715b888a280d54de9a8482e40444087fd4d5fe8","861793c4e0d4a92844994b640cc6bc3e20944a73","1206bd44744d61f6c31aba2234c34d3e35b5bac7","30cc7724be4a09d5bcd9254197af05e9fab76455","a0ee0761602470e24bcea5f403e8d1e8bfa29832")

    Query 5

    sha256hash IN ("342b398647073159dfa8a7d36510171f731b760089a546e96fbb8a292791efee","a83a5810ea7a4f02d4623c509dd9b88ad4e432177143e9e9b2b30f9b2943a1b0","8a99353662ccae117d2bb22efd8c43d7169060450be413af763e8ad7522d2451","90ae0c693f6ffd6dc5bb2d5a5ef078629c3d77f874b2d2ebd9e109d8ca049f2c","19896a23d7b054625c2f6b1ee1551a0da68ad25cddbb24510a3b74578418e618","f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee","5654f32a4f0f2e900a35761e8caf7ef0c50ee7800e0a3b19354b571bc6876f61","91605641a4c7e859b7071a9841d1cd154b9027e6a58c20ec4cadafeaf47c9055","4cd00234b18e04dcd745cc81bb928c8451f6601affb5fa45f20bb11bfb5383ce","1c849adcccad4643303297fb66bfe81c5536be39a87601d67664af1d14e02b9e","08c6e20b1785d4ec4e3f9956931d992377963580b4b2c6579fd9930e08882b1c","216047c048bf1dcbf031cf24bd5e0f263994a5df60b23089e393033d17257cb5","b9ef2e948a9b49a6930fc190b22cbdb3571579d37a4de56564e41a2ef736767b")

    Queries for August 2024 IOCs

    Query 1

    userdomainname like "altocloudzone.live" or url like "altocloudzone.live" or userdomainname like "attack.mitre.org" or url like "attack.mitre.org" or userdomainname like "ciborkumari.xyz" or url like "ciborkumari.xyz" or userdomainname like "file.io" or url like "file.io" or userdomainname like "gororama.com" or url like "gororama.com" or userdomainname like "hourlyprofitstore.com" or url like "hourlyprofitstore.com" or userdomainname like "interpolyaris.ru" or url like "interpolyaris.ru" or userdomainname like "megupdate.com" or url like "megupdate.com" or userdomainname like "oldtimertreffen-rethem.de" or url like "oldtimertreffen-rethem.de" or userdomainname like "parencyivf.com" or url like "parencyivf.com" or userdomainname like "parkerpublic.com" or url like "parkerpublic.com" or userdomainname like "protect-us.mimecast.com" or url like "protect-us.mimecast.com" or userdomainname like "provincial-gaiters-gw.aws-use1.cloud-ara.tyk.io" or url like "provincial-gaiters-gw.aws-use1.cloud-ara.tyk.io" or userdomainname like "recruitment-interview.org" or url like "recruitment-interview.org" or userdomainname like "softeruplive.com" or url like "softeruplive.com" or userdomainname like "sombrat.com" or url like "sombrat.com" or userdomainname like "store.turnovercheck.com" or url like "store.turnovercheck.com" or userdomainname like "stroeck.at" or url like "stroeck.at" or userdomainname like "tumbleproperty.com" or url like "tumbleproperty.com" or userdomainname like "zoommanager.com" or url like "zoommanager.com" 

    Query 2

    dstipaddress IN  ("102.157.44.105","105.158.118.241","105.69.155.85","113.169.187.159","134.35.9.209","138.199.53.226","139.195.43.166","139.60.161.213","140.82.18.48","140.82.48.158","141.98.80.181","143.244.146.183","144.202.120.122","147.135.11.223","147.135.36.162","148.213.109.165","152.89.247.50","155.138.150.236","163.182.177.80","179.43.167.10","180.131.145.85","181.141.3.126","181.164.194.228","184.166.211.74","184.174.96.16","185.143.223.69","185.190.24.103","185.7.214.218","186.64.67.6","186.86.212.138","190.193.180.228","193.149.176.157","193.235.146.104","193.37.69.116","196.70.77.11","197.11.134.255","197.158.89.85","197.204.247.7","197.207.181.147","197.207.218.27","197.94.67.207","209.141.36.116","41.100.55.97","41.107.77.67","41.109.11.80","41.251.121.35","41.97.65.51","42.189.12.36","45.141.87.218","45.227.251.167","45.61.136.47","45.76.225.156","45.8.158.104","47.87.229.39","5.181.234.58","5.188.86.195","5.44.42.20","61.166.221.46","68.83.169.91","77.73.133.84","81.184.181.215","82.12.196.197","89.108.65.136","89.251.22.32","93.184.221.240","94.232.41.105","98.143.70.147") or ipaddress IN ("102.157.44.105","105.158.118.241","105.69.155.85","113.169.187.159","134.35.9.209","138.199.53.226","139.195.43.166","139.60.161.213","140.82.18.48","140.82.48.158","141.98.80.181","143.244.146.183","144.202.120.122","147.135.11.223","147.135.36.162","148.213.109.165","152.89.247.50","155.138.150.236","163.182.177.80","179.43.167.10","180.131.145.85","181.141.3.126","181.164.194.228","184.166.211.74","184.174.96.16","185.143.223.69","185.190.24.103","185.7.214.218","186.64.67.6","186.86.212.138","190.193.180.228","193.149.176.157","193.235.146.104","193.37.69.116","196.70.77.11","197.11.134.255","197.158.89.85","197.204.247.7","197.207.181.147","197.207.218.27","197.94.67.207","209.141.36.116","41.100.55.97","41.107.77.67","41.109.11.80","41.251.121.35","41.97.65.51","42.189.12.36","45.141.87.218","45.227.251.167","45.61.136.47","45.76.225.156","45.8.158.104","47.87.229.39","5.181.234.58","5.188.86.195","5.44.42.20","61.166.221.46","68.83.169.91","77.73.133.84","81.184.181.215","82.12.196.197","89.108.65.136","89.251.22.32","93.184.221.240","94.232.41.105","98.143.70.147") or publicipaddress IN ("102.157.44.105","105.158.118.241","105.69.155.85","113.169.187.159","134.35.9.209","138.199.53.226","139.195.43.166","139.60.161.213","140.82.18.48","140.82.48.158","141.98.80.181","143.244.146.183","144.202.120.122","147.135.11.223","147.135.36.162","148.213.109.165","152.89.247.50","155.138.150.236","163.182.177.80","179.43.167.10","180.131.145.85","181.141.3.126","181.164.194.228","184.166.211.74","184.174.96.16","185.143.223.69","185.190.24.103","185.7.214.218","186.64.67.6","186.86.212.138","190.193.180.228","193.149.176.157","193.235.146.104","193.37.69.116","196.70.77.11","197.11.134.255","197.158.89.85","197.204.247.7","197.207.181.147","197.207.218.27","197.94.67.207","209.141.36.116","41.100.55.97","41.107.77.67","41.109.11.80","41.251.121.35","41.97.65.51","42.189.12.36","45.141.87.218","45.227.251.167","45.61.136.47","45.76.225.156","45.8.158.104","47.87.229.39","5.181.234.58","5.188.86.195","5.44.42.20","61.166.221.46","68.83.169.91","77.73.133.84","81.184.181.215","82.12.196.197","89.108.65.136","89.251.22.32","93.184.221.240","94.232.41.105","98.143.70.147") or srcipaddress IN ("102.157.44.105","105.158.118.241","105.69.155.85","113.169.187.159","134.35.9.209","138.199.53.226","139.195.43.166","139.60.161.213","140.82.18.48","140.82.48.158","141.98.80.181","143.244.146.183","144.202.120.122","147.135.11.223","147.135.36.162","148.213.109.165","152.89.247.50","155.138.150.236","163.182.177.80","179.43.167.10","180.131.145.85","181.141.3.126","181.164.194.228","184.166.211.74","184.174.96.16","185.143.223.69","185.190.24.103","185.7.214.218","186.64.67.6","186.86.212.138","190.193.180.228","193.149.176.157","193.235.146.104","193.37.69.116","196.70.77.11","197.11.134.255","197.158.89.85","197.204.247.7","197.207.181.147","197.207.218.27","197.94.67.207","209.141.36.116","41.100.55.97","41.107.77.67","41.109.11.80","41.251.121.35","41.97.65.51","42.189.12.36","45.141.87.218","45.227.251.167","45.61.136.47","45.76.225.156","45.8.158.104","47.87.229.39","5.181.234.58","5.188.86.195","5.44.42.20","61.166.221.46","68.83.169.91","77.73.133.84","81.184.181.215","82.12.196.197","89.108.65.136","89.251.22.32","93.184.221.240","94.232.41.105","98.143.70.147")

    Query 3

    md5hash IN ("0191d87b91f1545e13b3af4a442ae949","43250dd7f3a01c689131849c39f36482","50cc3a3bca96d7096c8118e838d9bc16","527c71c523d275c8367b67bbebf48e9f","57bd8fba4aa26033fa080f390b31ed0e","5cae01aea8ed390ce9bec17b6c1237e4","5cb9d80f82f674b065c3d80816a370c4","748de52961d2f182d47e88d736f6c835","75b55bb34dac9d02740b9ad6b6820360","75b55bb34dac9d02740b9ad6b6820360","92283d4d0e7e730c3f4f5485bfa48cb6","9495672a47fcaa5ce6f9f1bd86a56b79","9656cd12e3a85b869ad90a0528ca026e","be7b13aee7b510b052d023dd936dc32f","c1d6a5a9a9952583809ccf9ee7e67888","ed44877077716103973cbbebd531f38e","fa40a83774c126982696e8f8e380a49a")

    Query 4

    sha1hash IN ("1206bd44744d61f6c31aba2234c34d3e35b5bac7","30cc7724be4a09d5bcd9254197af05e9fab76455","3182cc12b54a95a2d0d7f6fb8a0e4662a53bfe81","3288f6f98bc2445f4ad688b562fe12414893c1ac","39ef662922463b913e84a338ad4832674219964d","3a80a49efaac5d839400e4fb8f803243fb39a513","65dc04f3f75deb3b287cca3138d9d0ec36b8bea0","6715b888a280d54de9a8482e40444087fd4d5fe8","7902b08fb184cfb9580d0ad950baf048a795f7c1","861793c4e0d4a92844994b640cc6bc3e20944a73","9e19afc15c5781e8a89a75607578760aabad8e65","a17c21b909c56d93d978014e63fb06926eaea8e7","b286b58ed32b6df4ecdb5df86d7d7d177bb7bfaf","ceb8c699a57193aa3be2a1766b03050cde3c738a","dd37973be7e6ede23c131a48919a4f6e1fb49328","e4af08758daf4d2dc601a65ec739ad6959aea401")

    Query 5

    sha256hash IN ("01ce9cfebb29596d0ab7c99e8dbadf1a8409750b183e6bf73e0de021b365be13","13d12091f39649493eab3cf0e56681e1ff0d8b982b85af65a0b2dd89532003a6","141b2190f51397dbd0dfde0e3904b264c91b6f81febc823ff0c33da980b69944","19896a23d7b054625c2f6b1ee1551a0da68ad25cddbb24510a3b74578418e618","1c849adcccad4643303297fb66bfe81c5536be39a87601d67664af1d14e02b9e","216047c048bf1dcbf031cf24bd5e0f263994a5df60b23089e393033d17257cb5","342b398647073159dfa8a7d36510171f731b760089a546e96fbb8a292791efee","4cd00234b18e04dcd745cc81bb928c8451f6601affb5fa45f20bb11bfb5383ce","5654f32a4f0f2e900a35761e8caf7ef0c50ee7800e0a3b19354b571bc6876f61","8a99353662ccae117d2bb22efd8c43d7169060450be413af763e8ad7522d2451","90ae0c693f6ffd6dc5bb2d5a5ef078629c3d77f874b2d2ebd9e109d8ca049f2c","91605641a4c7e859b7071a9841d1cd154b9027e6a58c20ec4cadafeaf47c9055","9493b512d7d15510ebee5b300c55b67f9f2ff1dda64bddc99ba8ba5024113300","a83a5810ea7a4f02d4623c509dd9b88ad4e432177143e9e9b2b30f9b2943a1b0","ae724dce252c7b05a84bc264993172cf86950d22744b5e3a1b15ba645d9d3733","b9ef2e948a9b49a6930fc190b22cbdb3571579d37a4de56564e41a2ef736767b","e87512ea12288acec611cf8e995c4ced3971d9e35c0c5dcfd9ee17c9e3ed913d","f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee")

    Reference: 

    https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-061a

     

     


    Tags

    MalwarePhishingRansomwareCISA

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2025 by Gurucul - All rights reserved.