Threat Actors Target France with CV Lures to Deploy Crypto Miners and Infostealers Targeting Enterprise Environments

URLs/Domains

eufr18-166.workdns.com

pool.supportxmr.com/pool-fr.supportxmr.com

lmtop.ma

fortrust-cf.ma

expressnegoce.ma

https://www.dropbox.com/scl/fi/w539fqxeew7p4tooxymd5/gmail2.7z

https://www.dropbox.com/scl/fi/00v09bc31ppk9tcr1c1fz/gmail_ma.7z

https://lmtop.ma/wp-content/uploads/2018/05/1300.png

https://pastebin.com/K9rHTWbB

IP Address

46.105.76.166

217.64.148.121

141.94.96.71

141.94.96.144

94.100.180.160

208.95.112.1

172.67.69.226

Hash

f33586a516e58b2f349dfd7743702f43f5e0ece769ed46088d3400d1b0f0b10b

0863bd3878d0a0e6b809eccacffe83fa5b2ccccbef7830f956accd306a81298e

24a1eacb0fbed9efb819567b7e25151384825d353254b31ec9d875694f7f53d4

3c03ca8fb96c8e1c61e58a5c65d9eeda0f5bbe5c2faf4c021e7b704fe5917f29

63bae4929da48baa903251966e3e6bc3b46c4c9fd70b4e8b171bde3218484362

7578a9ff2b432f3fa9582d2adeb281eca73ce7ff73a48f8dbdc29c54e616c1de

7a76eb82b564837c1bf43883a1d93ff7a2e9a56ecb0f093447593329e5200492

7eb7c1d6b03522109517b94779019aedbf93d7e441883dfd09eb90e0709dc2ca

7f48b81c923002827ffed90fd5ebb9bf98f38c00ca78b4921dab057d89fb1705

7fc00bf9c5ca44e7708a0d1d56221fc564859ec3aa7f299c7f3c698cb4d580da

a1c56fc63d58c613115c298baca7da311f021e451c4394b08323b95572c2ecb6

a33bf25ece3360c4d75127aa032f20f5093fc2cd20fcb709f0370369fcf0b9dc

b25a969eb9bec5945cff6ebbfc76c3630635662c607e298645db3a4f26fd0665

b72a1fb2d8032fac898285e37085c6283eb2322d3c49aa35e6dac64836c1335e

c3ff6d497e1ffc65a56577afdc64984f61542faeeed6beb0a957539e48ee86ef

ee42c62af657c8ebe6096a8d4f8e2baf17a37648288ada7e903cdbf83c146560

3c68e3d7a1eaf38cf4b4de68444cc005e03cba7ee86a76209f87efcf952d8211

1ecaef416cc63d931eada6cf373cf24a4a405750b626ef29f7b031503b1f6270

47d70838cbedc8b0e0634e51bde8a72035922bddc1177cc9210fa0adb967d6a2

936583f5116bb46703ba8a4998157fbaa2af5a2d29f240ddda92be312403e940

45eddd42646074db6ac073119c87df0d2a597666fa75f33580fa611724adadf2

fa58dced1d951f4f308248336aefb15727ea0dd09749ce5643d37c515733f8ee

11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5

866a0803d06c7941e9ae87cbe83c6d85267c43299b09b9edabf030d54bee2676

853d8001c173520a7f459be73ac6bb7f0363db3beb7632f0a6059fb88b288b6a

Detection Query 1 :

domainname like "lmtop.ma" or siteurl like "lmtop.ma" or url like "lmtop.ma" or domainname like "https://lmtop.ma/wp-content/uploads/2018/05/1300.png" or siteurl like "https://lmtop.ma/wp-content/uploads/2018/05/1300.png" or url like "https://lmtop.ma/wp-content/uploads/2018/05/1300.png" or domainname like "eufr18-166.workdns.com" or siteurl like "eufr18-166.workdns.com" or url like "eufr18-166.workdns.com" or domainname like "pool.supportxmr.com/pool-fr.supportxmr.com" or siteurl like "pool.supportxmr.com/pool-fr.supportxmr.com" or url like "pool.supportxmr.com/pool-fr.supportxmr.com" or domainname like "fortrust-cf.ma" or siteurl like "fortrust-cf.ma" or url like "fortrust-cf.ma" or domainname like "expressnegoce.ma" or siteurl like "expressnegoce.ma" or url like "expressnegoce.ma" or domainname like "https://www.dropbox.com/scl/fi/w539fqxeew7p4tooxymd5/gmail2.7z" or siteurl like "https://www.dropbox.com/scl/fi/w539fqxeew7p4tooxymd5/gmail2.7z" or url like "https://www.dropbox.com/scl/fi/w539fqxeew7p4tooxymd5/gmail2.7z" or domainname like "https://www.dropbox.com/scl/fi/00v09bc31ppk9tcr1c1fz/gmail_ma.7z" or siteurl like "https://www.dropbox.com/scl/fi/00v09bc31ppk9tcr1c1fz/gmail_ma.7z" or url like "https://www.dropbox.com/scl/fi/00v09bc31ppk9tcr1c1fz/gmail_ma.7z" or domainname like "https://pastebin.com/K9rHTWbB" or siteurl like "https://pastebin.com/K9rHTWbB" or url like "https://pastebin.com/K9rHTWbB"

Detection Query 2 :

dstipaddress IN ("208.95.112.1","141.94.96.71","46.105.76.166","141.94.96.144","217.64.148.121","94.100.180.160","172.67.69.226") or srcipaddress IN ("208.95.112.1","141.94.96.71","46.105.76.166","141.94.96.144","217.64.148.121","94.100.180.160","172.67.69.226")

Detection Query 3 :

sha256hash IN ("45eddd42646074db6ac073119c87df0d2a597666fa75f33580fa611724adadf2","7a76eb82b564837c1bf43883a1d93ff7a2e9a56ecb0f093447593329e5200492","866a0803d06c7941e9ae87cbe83c6d85267c43299b09b9edabf030d54bee2676","a33bf25ece3360c4d75127aa032f20f5093fc2cd20fcb709f0370369fcf0b9dc","b25a969eb9bec5945cff6ebbfc76c3630635662c607e298645db3a4f26fd0665","7fc00bf9c5ca44e7708a0d1d56221fc564859ec3aa7f299c7f3c698cb4d580da","11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5","0863bd3878d0a0e6b809eccacffe83fa5b2ccccbef7830f956accd306a81298e","7eb7c1d6b03522109517b94779019aedbf93d7e441883dfd09eb90e0709dc2ca","1ecaef416cc63d931eada6cf373cf24a4a405750b626ef29f7b031503b1f6270","853d8001c173520a7f459be73ac6bb7f0363db3beb7632f0a6059fb88b288b6a","7f48b81c923002827ffed90fd5ebb9bf98f38c00ca78b4921dab057d89fb1705","7578a9ff2b432f3fa9582d2adeb281eca73ce7ff73a48f8dbdc29c54e616c1de","fa58dced1d951f4f308248336aefb15727ea0dd09749ce5643d37c515733f8ee","63bae4929da48baa903251966e3e6bc3b46c4c9fd70b4e8b171bde3218484362","3c03ca8fb96c8e1c61e58a5c65d9eeda0f5bbe5c2faf4c021e7b704fe5917f29","47d70838cbedc8b0e0634e51bde8a72035922bddc1177cc9210fa0adb967d6a2","24a1eacb0fbed9efb819567b7e25151384825d353254b31ec9d875694f7f53d4","f33586a516e58b2f349dfd7743702f43f5e0ece769ed46088d3400d1b0f0b10b","a1c56fc63d58c613115c298baca7da311f021e451c4394b08323b95572c2ecb6","c3ff6d497e1ffc65a56577afdc64984f61542faeeed6beb0a957539e48ee86ef","b72a1fb2d8032fac898285e37085c6283eb2322d3c49aa35e6dac64836c1335e","ee42c62af657c8ebe6096a8d4f8e2baf17a37648288ada7e903cdbf83c146560","936583f5116bb46703ba8a4998157fbaa2af5a2d29f240ddda92be312403e940","3c68e3d7a1eaf38cf4b4de68444cc005e03cba7ee86a76209f87efcf952d8211")