Threat Spotlight: WarmCookie/BadSpace

    Thursday, October 24, 2024 In: Threat Research Print

    Date: 10/24/2024

    Severity: Critical 

    Summary

    WarmCookie is a malware family that surfaced in April 2024 and has been distributed through regular malspam and malvertising campaigns. It has been observed being used for initial access and maintaining persistence, allowing for continuous long-term access to compromised systems. WarmCookie also facilitates the delivery of additional malware, such as CSharp-Streamer-RAT and Cobalt Strike. The post-compromise activities linked to WarmCookie show similarities to previously documented actions associated with TA866. We believe that WarmCookie was likely developed by the same threat actors behind the Resident backdoor, which was previously identified in intrusion activities attributed to TA866 by Cisco Talos.

    Indicators of Compromise (IOC) List

    Domains\URLs :

    appmin.checkfedexexp.com

    billing.checkfedexexp.com

    branch1.checkfedexexp.com

    digimind.nl

    jianyun.com

    letjsnod.com

    pankerfan.com

    portals.checkfedexexp.com

    quote.checkfedexexp.com

    reports.checkfedexexp.com

    supports.checkfedexexp.com

    sustaincharlotte.org

    windows.checkfedexexp.com

    www.netzwerkreklame.de

    IP Address : 

    109.236.80.191

    185.49.69.41

    185.73.124.164

    38.180.91.117

    72.5.43.29

    80.66.88.146

    87.251.67.179

    87.251.67.58

    91.202.233.252

    94.232.249.36

    Hash :

    0b26abc692b7a2877b6b6fce6aa99b29af125b063f1c41b507362def59f8dfce

0c9697506df18baac4b4215e78a43926ea4bb94ea3607c851a1c2fe3b5b31f17

0d2cf14d27586ff9da5832e0efaba872a1641617fdb4a47d94b645172f7d2fa6

0d305291091bcb0c943c6472dce450272b2291b6287a053c5c553f082654c718

0d59c9bef911c879011f21163a083c09b759c9757f1ade9da9f87fdce27dc5f4

0da87bff1a95de9fc7467b9894a8d8e0486dfd868c2c7305e83951babacde642

0f11caad7cd5cf4de78145a13590fb50a42a63aaf3bbc6066d2a0bb58a2068f7

124e2b15b001eb302f0a5f43604621a001d250d42afdf353dc812f41bf249a55

13142aa3c815362511acee0b74672081d7bb8cd3cabd8ab4c85fb7ba8126aec5

13ccffd00e2fa89167e29a8d382d8c417e198ffce8684df23e4a8a91fdc0f23e

15b1eb1072de7e16d5b7693a16269b315c0926558fa2cbbcd2948c2dd16ab8a0

193cadbea116833efaaa0bc6fbea552a68c9694fb0177ad873d702001b4cef8d

1bcfed8b593a8a7c8b34e074aca3d4fc68a0ea3343b32eae89fdabf35ad40e7d

1d9f4690a62fd4d17c031924585b1e46e417d8c72f331ba51cf0eceeb91f6579

1dd740062b30ce02e90238d55cb6f786496e120a40e93334fef7033e75d46d79

1ea681b79f88c2f0e9344beedb8776643d735c3f8251479c9495537c40fe5ba1

283cd2138b4f1ffef36411adee02f5d684593bdf3117c760ade04e19c958028a

295d01d02376044ec078128788b4439eba63184147f0137852160952ad1649c2

2a311dd5902d8c6654f2b50f3656201f4ceb98c829678834edaeae5c50c316f5

2a4451ef47b1f4b971539fb6916f7954f80a6735cf75333fa9d19b169c31de2e

2a5a12cc4ef2f0f527cc072243aa27d3e95e48402ef674e92c6709dc03a0836a

2cbd9f49b2dec8a36e0961b5471bdb3266a5c061ba8784e14a193e700d156a0c

2f434cc508baac8440e95e955306ee354e76680eedca4a3ec2d87f592cfdcba7

30a85fa1bf6df41d841efbf986beb286eb829380ebfdf0c1ac694f3d4f24315a

32ff6653fb6e4757c1f7206af26475445e1e43c8e1db0af5309ad8a9c4d86ba1

33f81ee6d9747afe1c7c5a6ed741822749ea42bb297eb642f720fd44ae35e786

34f2fc85932f6fede57846cf2a2d55172d28e4a251bb4434a88a02ce8ec030f0

38f4b197dcda32b14dc98127e3a523364822e108f85153105b77b85ce31438d7

3c4d700c0cab626664864ce4a2502195117e118f1e800a1571d876b6e7f84251

3f073189506b7ca07fb352e267699688bd3a6c11cde72217ec1ffbae211b6e15

40cdac6696e84f677d7e4817fd85f32da0f9256866bb85a25da207e3d5ca7d5c

41d9d1e0599b492fdb6fa2ce47f0094112799830dd8dc1c098690a500a8fa6b1

425da6a7bd4faedc97990c6458d5e6a0635839037a99611385b77b43b443d1ec

43b87cf9b5a73d9bdfdbd9e1da3cb4d1e26a509d328a90c01cc0025a9cb1698f

44faed020d5d8b29918a3f02d757b2cfada67574cf9e02748ea7f75ba5878907

475edfbb2b03182ef7c42c1bc2cc4179b3060d882827029a6e67c045a0c1149b

48320e88c9188d97e7f6a06eddcc8e1f89cf79ed66b68a546cd38e76f183b13e

48640e2fb35f073c22937784f32c157d9a0781d61a2293f73fc3566b708205bd

4b4e27824cd349192cf0913060f1481a192f2b13d44e2787edbe8d7f0c57fa06

4cccc2d7f97a78dd0ef3f06a2fdb555299cd06c4222dd546d87a4ed735743d48

4e731e9e0233d53c70830011690f59b0764f61aa19e49cd10bed92b6eb81762c

4ff20a31223f3c0a04f1646332979c89fce5111f9d288b69568c9120d13c564c

53db2f135883d74dcac2e620d14d7f775876bf49d3d5d4fdb131f8fed4917434

5428e75adfc1f8d9b551f0e912db89c9f82db0bb574a80553b2ee8a829668d18

55ace018a6c4f355511ce3f6833d4b997d4323afb890520dc815aa2f916499f3

5649dcd896bf2155e790c5f05b9fa2ba6fe5befcac85a8cb0beed23945686e02

56984cac7431ef001246350eaa6011cf2f34571e231b29572d27f962f6c7f165

56f9bd572b3d7c65da3d50d77a71fec0f8b4320f7bf7f691221522ac62e5d99b

5970ba228d2afe2031b8e8c17ba284746ebb9066f0ccb8e1fe33a6e3927a6c97

5ab9b4e3f15a04bfe240368d9cea4e6fccbf88c89358e9316055e3f79ca10fd7

5b360b6855e87f173b4429adcca1d5f7735112119d69a5e9268673ab5ac82394

5ca2106d823eeee827f228b8a1caf6e769ce7cefea6da72f537e2e302f10f13b

5cd47f178fd5afc2c290c77695277183df54d886f444f5993bbbe169eb3e2b12

60a43c829aaf03c42d012c0f61501e87864c19896d43f61f990d5be9a822eb9b

60cd63e288c4054f85c9ea8167e0e58c1bd9998a15e3f8ed211132b42f76bdb6

613e6a8a49a61f157a8e064b7fbc7bd5d59909d47e31f6c18cd5c5659808ee89

616b1e1127902cef942cbc8ba6b89fe2e3090e992c7ae5e08c7d54b508b0caab

62a653ff8e81f7ed05a1415a2ea679a993d5c1b0abd0ea93aff82dc10142629f

62fb7f43c677ee2fe56406e7af8876289d3751e7c001aa627dd287baf5687f06

63537e464742099cfaf06904676e8955c0543a621e1936297e49090587a84ac1

668e1270bdb9a3aba41389777fc1ccd8759ad1316c62ea7c3f711925b44ef0b6

669e721ddb304f09ad60a7e166710a08e37a42f6a8cd5bc47a21fa0342292507

676cbcaa74ee8e43abaf0a2767c7559a8f4a7c6720ecc5ae53101a16a3219b9a

67984703c89ee30cadaa8d7dd5c1a0e9f7f5d096ab0d6d03fdb01115780fa7c3

6a195e6111c9a4b8c874d51937b53cd5b4b78efc32f7bb255012d05087586d8f

6ac099ab5132a17bf7a492b47442f0f6776eb76d702a5c2d947dab0ab33cfc45

6c41faafcf01000547c1e327c7366a89b4d5f9e64de2da404c34954990f7e1fa

6cd8a62fb051c17da53b46bc05c6407eab58582c531f8dd18553ecd2b3b37411

6db0d6eaff5279d815e66e1abbdd7e4159c58c7747b158659d875c369c153b89

6fb83280ffc0feddf3f346a4d3a8914f26c097b8aef3a276590ea44ce9d70204

71053c8a336c10154dadd4572c00e45e177b2f29470bd7171b28e49ab855def0

712738c0afe1d10f28b6aefecb44f2bc442007fdd65f8f07582120e3ec22d590

748e247912e4f40c685c4b756cd9bfbc39c7b3fcd649cd85f83c67c4cdd8a62d

770cafb3fe795c2f13eb44f0a6073b8fe4fb3ee08240b3243c747444592d85ff

7b340050fe9bec7024092de63d223d2a96a32d14676f6c82c9024278ae0b323e

7b7dbd54308cacec5c591dbd6a2b9f90368f986572c3edcbfedca7812b409347

7c49024676be4f90d905028675d4a714311f971c099ab01e3cd26cd13c68499c

8087f6755ef54c99000517a5bf5a94ceeb43ee34d2774051c616b51e8d827e0a

824438852f5f11bef8a60df08f6746abf869c52e288456f4cefb97910ae2fcd7

83218a0beee310a8056ca62946a5f8ca742787e49cf2b4f93e29c4940d3961c9

84519a45da0535087202b576391d1952a4cc81213f0e470db65f1817b65ee9d7

87ce3aaf800b7a80f82d38fd6ff60925814dbe611786c29040bc9fcfa9943fd3

87f57a7a4b4c83ecb3cdd5f274c95cd452c703de604f68aff6e59964b662e3f8

8d81f6af61f019c56ade65dc80a8b8332f8d141fa11714bc2f5594242661d8a3

8e8cebab33731844245e5f70e90933c37a19010bf893027ad7af2a92e1d56244

8f7b7f3da174d8ff41b2bc86e363d00d198d79cf52de078a3a5f6b55352bceb8

90b85d2ca44186de6df202abf27e3737c52691bf5dd28841fba8860bdc4483f8

927e941acb5bc42ff2050ad04fdb6e21d33f9b02cb3fc279dfee2f814557d8e5

95831ac07e5f732817af71fc4a9f33b707a656078cff6a58042bbd07bdb9bbbd

959098a5c53f7a16fa644152aa4ffe52a989b24c1c5f87a23ae74719aab82238

962e21e349a00ef86d1c094b7ef6e80a5c99b98c1165f3fc318a55deff25731f

975deab236438b6d7fa3ad1be7d9c2a3fabbd6103ff5f8b7fe536205ad715508

9a27a2ad96f7676d28f99ffc4cbc51a81b42c7739fc15a0e57295b028d6c830d

9bc4c44b24f4ba71a1c7f5dd1c8135544218235ae58efa81898e55515938da6a

9d143e0be6e08534bb84f6c478b95be26867bef2985b1fe55f45a378fc3ccf2b

9d4c80ea1d6d1ce11f9bb79d7a5a4ddfcea9f20ffe039db7215e9c57fc183476

9e182abd97e46d2788e637b1969deede1821bc08ece40d731ec1051be0b32330

a0916d3b97c0df2ec1ed6a772dac27c24842a64d4f6e078c941fa2046cabb9ed

a16ec983d5d2d7d4373da2faede5457ee5587b36e5bfd737a6c6d2c42ff7266f

a1cb61abc99eb58e30ae7a9908c260be26ce072400ad771532bfe7c039ce10ef

a20c9fe2888286473faea909d2f22a75a1b982387b08e2ba0bd091ae631f36fc

a5f16fa960fe0461e2009bd748bc9057ef5cd31f05f48b12cfd7790fa741a24e

a725883bd1c39e48ab60b2c26b5692f7334a3e4544927057a9ffbdabfeedf432

ab8cd83f855445bd9486be0960b2dbb038c313165f2a9eb7cc5eecf96c344be6

ad2333e1403e3d8f5d9bd89d7178e85523fa7445e0a05b57fd9bc35547ec0d98

b3415b4f3524ac4df8fcff649b986d0ffe3874050bf48f0f1949c745c9e51d46

b54b42b4dfb93502646e9e8cb0eb5b65dccf2b872ab79f67641e307a08234b94

b6ac7f6e3b03acd364123a07b2122d943c4111ac4786bb188d94eae0e5b22c02

b7aec5f73d2a6bbd8cd920edb4760e2edadc98c3a45bf4fa994d47ca9cbd02f6

b9278ecce14213a1920ca9cc2b23ee18641c07a2780b693f009dcac578ffef92

ba4c8be6a1eb92d79df396eea8658b778f4bc0f010da48e1d26e3fc55d83e9c7

bb74c6fc0323956dd140988372c412f8b32735fb0ed1ad416e367d29c06af9cc

bfcb215f86fc4f8b4829f6ddd5acb118e80fb5bd977453fc7e8ef10a52fc83b7

c36749f11be375b6f103ff973255b6d32ed816ba27c158adea087de7546045da

c437e5caa4f644024014d40e62a5436c59046efc76c666ea3f83ab61df615314

c64cb9e0740c17b2561eed963a4d9cf452e84f462d5004ddbd0e0c021a8fdabc

c6c777beb38120497e6b26fea8f376652eafb5b661c65a87265421dc83f61121

c7fc0661c1dabd6efd61eaf6c11f724c573bb70510e1345911bdb68197e598e7

c8f3947a5d377064640358cfb0320de30324eb6d66789afaf1e4cd1a8dbb187b

cbd7ba0886a3e0d60b15bed0736bfaa130d47ab247e374d79c3612ce6ce049b6

ccde1ded028948f5cd3277d2d4af6b22fa33f53abde84ea2aa01f1872fad1d13

ccf29931f8bddd1888912ba5def598bf73c29bb20be50e44f60d36e3c0296c8b

cd9aebcc686a8a2eb25bf5d75100b28f58aad6512222ade6630bbad59e877369

cec5bfbbd96c9a150d740c5be7d1d86c35ade0611085de537b8d1ca4887f2780

cee576f6d4d05bfb4f0e0704a4712af10b0afcb369407f5edf3526145a53a685

cf2e04d01b3de16d9aaa90c0d95775c9a99e63b23cc42043046ba31725d80e2e

cfa312272a7e55330855325925cc449a9ca8f80626d1003b0981c4375fad69a3

d20903e4f8635fc8f8a7d1ab2330a61eb1fad29e03c353ede85bc359aa019f2c

d4c140b094dd3f278e8b99aa504419d2c2dc9bdb4169dc5eaaf55c187fd2f011

d4c955b1db1e499ea47196b8f630205329f9277f3cc184d75a3b69a70d8c49da

d596868e19902772b38e91a6421ae72750e02445cdb6d24a9b3e78931c1d1ffd

d7cfd49c873810b2f3369af4f8e8d0bac57c83137b1cd173f2f79a8d5f0898b9

db7827bb6788f0a7dae5ef2dc0f3c389ab2616fabed27d646b09ecceb7c1eea9

ddbcce9bb969bda17064796c25abcc346748e7cd5d9d0460672d8d09ea97d24f

de6dbd27a07500e11af05f0420902c4d172aa34f6681d3f1546cf5b5872b3310

e04562fb05388e10d6d70d4cadbec059c6c0601f8232d8699ad8a6d3ee0e75d6

e2c7fb642d9227013695257561a77f9164f992615082b85fe973dde2934ecf1c

e4a9105c3c44cd3f0f975f807127aae121b67c561240fefdce215c715695d5be

e640676b0ff2ba116d8cea36cd7103a5897eb29e9c8a297bb8883b83972565a1

e79e1858fdd8cb7642f0df4b2f696126df1bd6fc5f4731af8d797e02273f307f

e8ca376afa8e85fcd0487c25fd8330455cd2a5ea17aeaed95e9fd085d81035c8

e94f9221944a764f220831eb421d4571b32e5b243aad4943b69ae2bcfb176737

ebc0ded53cd49db7ea646bd02f391dee05f6093ec26300a7389ae2ef8d769a6f

ec4217947c398d6aa335436b8da830e66557031dd1ec152e33093c8cc8466077

eca43317ae815a18eeaf723506c960a9b2edc39f127e5a200011e594e0ab31e2

eec7ed30a026ba5ba82c288693bb6ad16cfc5643768bb89e5a0b17109d1fc7a6

f036314c1ce294070c181bc0bc8af837679b1aeafbf2497799c065cbadc72474

f0ce1e9db6418c488beb9be3b205d4c16afbbed6be20eebe8445d9cdbfc23dde

f31e28b2fd8efe63a7a2c39f7f87d895c44694d80b5fcbff91d51dc63eafa9dc

f4d2c9470b322af29b9188a3a590cbe85bacb9cc8fcd7c2e94d82271ded3f659

f57dcff87305797c6488b8a45b2d48c1c119cc19a316f452c04b38e30090477d

f7fce1a38543f29336e8ae8ab659370ce21734acb2b5d86426f64143a9e3bf41

fa02d4d18b61842ab7166d6274e6b941342be58372f2a903e293554bbb07dd45

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Domains\URLs :

    userdomainname like "quote.checkfedexexp.com" or url like "quote.checkfedexexp.com" or userdomainname like "branch1.checkfedexexp.com" or url like "branch1.checkfedexexp.com" or userdomainname like "billing.checkfedexexp.com" or url like "billing.checkfedexexp.com" or userdomainname like "pankerfan.com" or url like "pankerfan.com" or userdomainname like "digimind.nl" or url like "digimind.nl" or userdomainname like "windows.checkfedexexp.com" or url like "windows.checkfedexexp.com" or userdomainname like "www.netzwerkreklame.de" or url like "www.netzwerkreklame.de" or userdomainname like "appmin.checkfedexexp.com" or url like "appmin.checkfedexexp.com" or userdomainname like "portals.checkfedexexp.com" or url like "portals.checkfedexexp.com" or userdomainname like "letjsnod.com" or url like "letjsnod.com" or userdomainname like "jianyun.com" or url like "jianyun.com" or userdomainname like "reports.checkfedexexp.com" or url like "reports.checkfedexexp.com" or userdomainname like "supports.checkfedexexp.com" or url like "supports.checkfedexexp.com" or userdomainname like "sustaincharlotte.org" or url like "sustaincharlotte.org"

    IP Address : 

    dstipaddress IN ("38.180.91.117","94.232.249.36","72.5.43.29","109.236.80.191","91.202.233.252","80.66.88.146","185.73.124.164","185.49.69.41","87.251.67.179","87.251.67.58") or ipaddress IN ("38.180.91.117","94.232.249.36","72.5.43.29","109.236.80.191","91.202.233.252","80.66.88.146","185.73.124.164","185.49.69.41","87.251.67.179","87.251.67.58") or publicipaddress IN ("38.180.91.117","94.232.249.36","72.5.43.29","109.236.80.191","91.202.233.252","80.66.88.146","185.73.124.164","185.49.69.41","87.251.67.179","87.251.67.58") or srcipaddress IN ("38.180.91.117","94.232.249.36","72.5.43.29","109.236.80.191","91.202.233.252","80.66.88.146","185.73.124.164","185.49.69.41","87.251.67.179","87.251.67.58")

    Hash  1 : 

    sha256hash IN ("676cbcaa74ee8e43abaf0a2767c7559a8f4a7c6720ecc5ae53101a16a3219b9a","6db0d6eaff5279d815e66e1abbdd7e4159c58c7747b158659d875c369c153b89","824438852f5f11bef8a60df08f6746abf869c52e288456f4cefb97910ae2fcd7","9d4c80ea1d6d1ce11f9bb79d7a5a4ddfcea9f20ffe039db7215e9c57fc183476","de6dbd27a07500e11af05f0420902c4d172aa34f6681d3f1546cf5b5872b3310","d4c955b1db1e499ea47196b8f630205329f9277f3cc184d75a3b69a70d8c49da","748e247912e4f40c685c4b756cd9bfbc39c7b3fcd649cd85f83c67c4cdd8a62d","6cd8a62fb051c17da53b46bc05c6407eab58582c531f8dd18553ecd2b3b37411","770cafb3fe795c2f13eb44f0a6073b8fe4fb3ee08240b3243c747444592d85ff","ba4c8be6a1eb92d79df396eea8658b778f4bc0f010da48e1d26e3fc55d83e9c7","283cd2138b4f1ffef36411adee02f5d684593bdf3117c760ade04e19c958028a","c7fc0661c1dabd6efd61eaf6c11f724c573bb70510e1345911bdb68197e598e7","cd9aebcc686a8a2eb25bf5d75100b28f58aad6512222ade6630bbad59e877369","425da6a7bd4faedc97990c6458d5e6a0635839037a99611385b77b43b443d1ec","475edfbb2b03182ef7c42c1bc2cc4179b3060d882827029a6e67c045a0c1149b","83218a0beee310a8056ca62946a5f8ca742787e49cf2b4f93e29c4940d3961c9","9d143e0be6e08534bb84f6c478b95be26867bef2985b1fe55f45a378fc3ccf2b","c8f3947a5d377064640358cfb0320de30324eb6d66789afaf1e4cd1a8dbb187b","669e721ddb304f09ad60a7e166710a08e37a42f6a8cd5bc47a21fa0342292507","15b1eb1072de7e16d5b7693a16269b315c0926558fa2cbbcd2948c2dd16ab8a0","43b87cf9b5a73d9bdfdbd9e1da3cb4d1e26a509d328a90c01cc0025a9cb1698f","2a4451ef47b1f4b971539fb6916f7954f80a6735cf75333fa9d19b169c31de2e","0f11caad7cd5cf4de78145a13590fb50a42a63aaf3bbc6066d2a0bb58a2068f7","5ab9b4e3f15a04bfe240368d9cea4e6fccbf88c89358e9316055e3f79ca10fd7","927e941acb5bc42ff2050ad04fdb6e21d33f9b02cb3fc279dfee2f814557d8e5","62a653ff8e81f7ed05a1415a2ea679a993d5c1b0abd0ea93aff82dc10142629f","124e2b15b001eb302f0a5f43604621a001d250d42afdf353dc812f41bf249a55","959098a5c53f7a16fa644152aa4ffe52a989b24c1c5f87a23ae74719aab82238","f31e28b2fd8efe63a7a2c39f7f87d895c44694d80b5fcbff91d51dc63eafa9dc","295d01d02376044ec078128788b4439eba63184147f0137852160952ad1649c2","7c49024676be4f90d905028675d4a714311f971c099ab01e3cd26cd13c68499c","5428e75adfc1f8d9b551f0e912db89c9f82db0bb574a80553b2ee8a829668d18","a1cb61abc99eb58e30ae7a9908c260be26ce072400ad771532bfe7c039ce10ef","c6c777beb38120497e6b26fea8f376652eafb5b661c65a87265421dc83f61121","db7827bb6788f0a7dae5ef2dc0f3c389ab2616fabed27d646b09ecceb7c1eea9","e79e1858fdd8cb7642f0df4b2f696126df1bd6fc5f4731af8d797e02273f307f","8e8cebab33731844245e5f70e90933c37a19010bf893027ad7af2a92e1d56244","712738c0afe1d10f28b6aefecb44f2bc442007fdd65f8f07582120e3ec22d590","eec7ed30a026ba5ba82c288693bb6ad16cfc5643768bb89e5a0b17109d1fc7a6","1bcfed8b593a8a7c8b34e074aca3d4fc68a0ea3343b32eae89fdabf35ad40e7d","a16ec983d5d2d7d4373da2faede5457ee5587b36e5bfd737a6c6d2c42ff7266f","7b340050fe9bec7024092de63d223d2a96a32d14676f6c82c9024278ae0b323e","5ca2106d823eeee827f228b8a1caf6e769ce7cefea6da72f537e2e302f10f13b","60cd63e288c4054f85c9ea8167e0e58c1bd9998a15e3f8ed211132b42f76bdb6","b9278ecce14213a1920ca9cc2b23ee18641c07a2780b693f009dcac578ffef92","193cadbea116833efaaa0bc6fbea552a68c9694fb0177ad873d702001b4cef8d","a20c9fe2888286473faea909d2f22a75a1b982387b08e2ba0bd091ae631f36fc","d20903e4f8635fc8f8a7d1ab2330a61eb1fad29e03c353ede85bc359aa019f2c","4ff20a31223f3c0a04f1646332979c89fce5111f9d288b69568c9120d13c564c","95831ac07e5f732817af71fc4a9f33b707a656078cff6a58042bbd07bdb9bbbd","5649dcd896bf2155e790c5f05b9fa2ba6fe5befcac85a8cb0beed23945686e02","0b26abc692b7a2877b6b6fce6aa99b29af125b063f1c41b507362def59f8dfce","0d2cf14d27586ff9da5832e0efaba872a1641617fdb4a47d94b645172f7d2fa6","30a85fa1bf6df41d841efbf986beb286eb829380ebfdf0c1ac694f3d4f24315a")

    Hash  2 :

    sha256hash IN ("616b1e1127902cef942cbc8ba6b89fe2e3090e992c7ae5e08c7d54b508b0caab","67984703c89ee30cadaa8d7dd5c1a0e9f7f5d096ab0d6d03fdb01115780fa7c3","c64cb9e0740c17b2561eed963a4d9cf452e84f462d5004ddbd0e0c021a8fdabc","962e21e349a00ef86d1c094b7ef6e80a5c99b98c1165f3fc318a55deff25731f","4e731e9e0233d53c70830011690f59b0764f61aa19e49cd10bed92b6eb81762c","e4a9105c3c44cd3f0f975f807127aae121b67c561240fefdce215c715695d5be","8087f6755ef54c99000517a5bf5a94ceeb43ee34d2774051c616b51e8d827e0a","6ac099ab5132a17bf7a492b47442f0f6776eb76d702a5c2d947dab0ab33cfc45","b3415b4f3524ac4df8fcff649b986d0ffe3874050bf48f0f1949c745c9e51d46","32ff6653fb6e4757c1f7206af26475445e1e43c8e1db0af5309ad8a9c4d86ba1","cec5bfbbd96c9a150d740c5be7d1d86c35ade0611085de537b8d1ca4887f2780","ddbcce9bb969bda17064796c25abcc346748e7cd5d9d0460672d8d09ea97d24f","668e1270bdb9a3aba41389777fc1ccd8759ad1316c62ea7c3f711925b44ef0b6","87f57a7a4b4c83ecb3cdd5f274c95cd452c703de604f68aff6e59964b662e3f8","d4c140b094dd3f278e8b99aa504419d2c2dc9bdb4169dc5eaaf55c187fd2f011","2cbd9f49b2dec8a36e0961b5471bdb3266a5c061ba8784e14a193e700d156a0c","613e6a8a49a61f157a8e064b7fbc7bd5d59909d47e31f6c18cd5c5659808ee89","5cd47f178fd5afc2c290c77695277183df54d886f444f5993bbbe169eb3e2b12","e640676b0ff2ba116d8cea36cd7103a5897eb29e9c8a297bb8883b83972565a1","3f073189506b7ca07fb352e267699688bd3a6c11cde72217ec1ffbae211b6e15","38f4b197dcda32b14dc98127e3a523364822e108f85153105b77b85ce31438d7","8d81f6af61f019c56ade65dc80a8b8332f8d141fa11714bc2f5594242661d8a3","9e182abd97e46d2788e637b1969deede1821bc08ece40d731ec1051be0b32330","0d305291091bcb0c943c6472dce450272b2291b6287a053c5c553f082654c718","eca43317ae815a18eeaf723506c960a9b2edc39f127e5a200011e594e0ab31e2","9bc4c44b24f4ba71a1c7f5dd1c8135544218235ae58efa81898e55515938da6a","0d59c9bef911c879011f21163a083c09b759c9757f1ade9da9f87fdce27dc5f4","a5f16fa960fe0461e2009bd748bc9057ef5cd31f05f48b12cfd7790fa741a24e","0c9697506df18baac4b4215e78a43926ea4bb94ea3607c851a1c2fe3b5b31f17","55ace018a6c4f355511ce3f6833d4b997d4323afb890520dc815aa2f916499f3","e2c7fb642d9227013695257561a77f9164f992615082b85fe973dde2934ecf1c","0da87bff1a95de9fc7467b9894a8d8e0486dfd868c2c7305e83951babacde642","4b4e27824cd349192cf0913060f1481a192f2b13d44e2787edbe8d7f0c57fa06","ec4217947c398d6aa335436b8da830e66557031dd1ec152e33093c8cc8466077","b6ac7f6e3b03acd364123a07b2122d943c4111ac4786bb188d94eae0e5b22c02","ad2333e1403e3d8f5d9bd89d7178e85523fa7445e0a05b57fd9bc35547ec0d98","4cccc2d7f97a78dd0ef3f06a2fdb555299cd06c4222dd546d87a4ed735743d48","56984cac7431ef001246350eaa6011cf2f34571e231b29572d27f962f6c7f165","b54b42b4dfb93502646e9e8cb0eb5b65dccf2b872ab79f67641e307a08234b94","bfcb215f86fc4f8b4829f6ddd5acb118e80fb5bd977453fc7e8ef10a52fc83b7","d7cfd49c873810b2f3369af4f8e8d0bac57c83137b1cd173f2f79a8d5f0898b9","44faed020d5d8b29918a3f02d757b2cfada67574cf9e02748ea7f75ba5878907","1d9f4690a62fd4d17c031924585b1e46e417d8c72f331ba51cf0eceeb91f6579","ccf29931f8bddd1888912ba5def598bf73c29bb20be50e44f60d36e3c0296c8b","bb74c6fc0323956dd140988372c412f8b32735fb0ed1ad416e367d29c06af9cc","ccde1ded028948f5cd3277d2d4af6b22fa33f53abde84ea2aa01f1872fad1d13","5b360b6855e87f173b4429adcca1d5f7735112119d69a5e9268673ab5ac82394","2a311dd5902d8c6654f2b50f3656201f4ceb98c829678834edaeae5c50c316f5","f57dcff87305797c6488b8a45b2d48c1c119cc19a316f452c04b38e30090477d","f0ce1e9db6418c488beb9be3b205d4c16afbbed6be20eebe8445d9cdbfc23dde","6c41faafcf01000547c1e327c7366a89b4d5f9e64de2da404c34954990f7e1fa","f4d2c9470b322af29b9188a3a590cbe85bacb9cc8fcd7c2e94d82271ded3f659","40cdac6696e84f677d7e4817fd85f32da0f9256866bb85a25da207e3d5ca7d5c","2f434cc508baac8440e95e955306ee354e76680eedca4a3ec2d87f592cfdcba7","cfa312272a7e55330855325925cc449a9ca8f80626d1003b0981c4375fad69a3","8f7b7f3da174d8ff41b2bc86e363d00d198d79cf52de078a3a5f6b55352bceb8","ebc0ded53cd49db7ea646bd02f391dee05f6093ec26300a7389ae2ef8d769a6f")

    Hash  3 :

    sha256hash IN ("13142aa3c815362511acee0b74672081d7bb8cd3cabd8ab4c85fb7ba8126aec5","13ccffd00e2fa89167e29a8d382d8c417e198ffce8684df23e4a8a91fdc0f23e","1dd740062b30ce02e90238d55cb6f786496e120a40e93334fef7033e75d46d79","1ea681b79f88c2f0e9344beedb8776643d735c3f8251479c9495537c40fe5ba1","2a5a12cc4ef2f0f527cc072243aa27d3e95e48402ef674e92c6709dc03a0836a","33f81ee6d9747afe1c7c5a6ed741822749ea42bb297eb642f720fd44ae35e786","34f2fc85932f6fede57846cf2a2d55172d28e4a251bb4434a88a02ce8ec030f0","3c4d700c0cab626664864ce4a2502195117e118f1e800a1571d876b6e7f84251","41d9d1e0599b492fdb6fa2ce47f0094112799830dd8dc1c098690a500a8fa6b1","48320e88c9188d97e7f6a06eddcc8e1f89cf79ed66b68a546cd38e76f183b13e","48640e2fb35f073c22937784f32c157d9a0781d61a2293f73fc3566b708205bd","53db2f135883d74dcac2e620d14d7f775876bf49d3d5d4fdb131f8fed4917434","56f9bd572b3d7c65da3d50d77a71fec0f8b4320f7bf7f691221522ac62e5d99b","5970ba228d2afe2031b8e8c17ba284746ebb9066f0ccb8e1fe33a6e3927a6c97","60a43c829aaf03c42d012c0f61501e87864c19896d43f61f990d5be9a822eb9b","62fb7f43c677ee2fe56406e7af8876289d3751e7c001aa627dd287baf5687f06","63537e464742099cfaf06904676e8955c0543a621e1936297e49090587a84ac1","6a195e6111c9a4b8c874d51937b53cd5b4b78efc32f7bb255012d05087586d8f","6fb83280ffc0feddf3f346a4d3a8914f26c097b8aef3a276590ea44ce9d70204","71053c8a336c10154dadd4572c00e45e177b2f29470bd7171b28e49ab855def0","7b7dbd54308cacec5c591dbd6a2b9f90368f986572c3edcbfedca7812b409347","84519a45da0535087202b576391d1952a4cc81213f0e470db65f1817b65ee9d7","87ce3aaf800b7a80f82d38fd6ff60925814dbe611786c29040bc9fcfa9943fd3","90b85d2ca44186de6df202abf27e3737c52691bf5dd28841fba8860bdc4483f8","975deab236438b6d7fa3ad1be7d9c2a3fabbd6103ff5f8b7fe536205ad715508","9a27a2ad96f7676d28f99ffc4cbc51a81b42c7739fc15a0e57295b028d6c830d","a0916d3b97c0df2ec1ed6a772dac27c24842a64d4f6e078c941fa2046cabb9ed","a725883bd1c39e48ab60b2c26b5692f7334a3e4544927057a9ffbdabfeedf432","ab8cd83f855445bd9486be0960b2dbb038c313165f2a9eb7cc5eecf96c344be6","b7aec5f73d2a6bbd8cd920edb4760e2edadc98c3a45bf4fa994d47ca9cbd02f6","c36749f11be375b6f103ff973255b6d32ed816ba27c158adea087de7546045da","c437e5caa4f644024014d40e62a5436c59046efc76c666ea3f83ab61df615314","cbd7ba0886a3e0d60b15bed0736bfaa130d47ab247e374d79c3612ce6ce049b6","cee576f6d4d05bfb4f0e0704a4712af10b0afcb369407f5edf3526145a53a685","cf2e04d01b3de16d9aaa90c0d95775c9a99e63b23cc42043046ba31725d80e2e","d596868e19902772b38e91a6421ae72750e02445cdb6d24a9b3e78931c1d1ffd","e04562fb05388e10d6d70d4cadbec059c6c0601f8232d8699ad8a6d3ee0e75d6","e8ca376afa8e85fcd0487c25fd8330455cd2a5ea17aeaed95e9fd085d81035c8","e94f9221944a764f220831eb421d4571b32e5b243aad4943b69ae2bcfb176737","f036314c1ce294070c181bc0bc8af837679b1aeafbf2497799c065cbadc72474","f7fce1a38543f29336e8ae8ab659370ce21734acb2b5d86426f64143a9e3bf41","fa02d4d18b61842ab7166d6274e6b941342be58372f2a903e293554bbb07dd45")

    Reference:

    https://blog.talosintelligence.com/warmcookie-analysis/


    Tags

    MalwareWarmCookieBadSpace

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2024 by Gurucul - All rights reserved.