← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Targeted Crimeware in the Midst of Indiscriminate Activity
WHITE AlienVault 2015-05-06 Modified: 2017-08-24
29
IOCs
MEDIUM VOLUME
Although we have observed low volume spam campaigns by some cybercriminals who have purchased MWI, we recently discovered spearphishing emails by one group using MWI to direct an attack against point-of-sale (POS) service providers. Despite the targeted nature of the spearphishing emails, the payload was the widely distributed Vawktrak banking Trojan. In addition, we found that the infrastructure used in this case overlaps with FindPOS/PoSeidon as well as Chanitor and sits amidst a cluster of largely indiscriminate malicious activity.
vawtrakmwichanitorpostrojantorrussiaaptfireeyefindposposeidonmicrosoft word intruderpoint of sale
Indicators of Compromise (29)
All domain URL FileHash-MD5 email
TYPEINDICATORDESCRIPTIONCREATED
domain othersforrep.com 2017-08-24
domain cakedhisjohn.com 2017-08-24
domain xablopefgr.com 2017-08-24
domain idthentehed.com 2017-08-24
domain pickleweb.net 2017-08-24
domain rebteugrigh.com 2017-08-24
domain winfertrow.com 2017-08-24
URL http://91.220.131.245/joomla/image.php?id=90440600 2017-08-24
URL http://pickleweb.net/upd/112?id=[redacted]&o=1&n=4 2017-08-24
URL http://91.220.131.243/dermo/image.php?id=94970298 2017-08-24
URL http://91.220.131.29/upd/install.exe 2017-08-24
URL http://91.220.131.245/joomla/image.php?id=48436619 2017-08-24
FileHash-MD5 6adb338e08bcead42cd51f0b5b573a58 2017-08-24
FileHash-MD5 17f4394a5540e69a79b3c8cff3e1f225 2017-08-24
FileHash-MD5 6d35acab684d45d8a80c6201d060e6fa 2017-08-24
FileHash-MD5 f06bef376ca88e1e4afe8716f20590cf 2017-08-24
FileHash-MD5 f4d48337c38988acc43b64ee180fa8a0 2017-08-24
FileHash-MD5 cb9749ce4cd28eb73bf9a6bedd2f0c5a 2017-08-24
FileHash-MD5 a74fcd114f1e6df76ce04a0975523cc7 2017-08-24
FileHash-MD5 ac0b1712af0b1a41c6bd216d782022a4 2017-08-24
FileHash-MD5 2f108e18177dd7a6ae7e413e9153337d 2017-08-24
FileHash-MD5 eccc3e3c3c9e863aaf31ec0e2825e820 2017-08-24
FileHash-MD5 b5a8116690a7bdf074db9329b23678b2 2017-08-24
FileHash-MD5 cd128a85e0c89cf09cf31b85812a149e 2017-08-24
FileHash-MD5 dc7740f2ac76b8c5dccf686ad5fd0c05 2017-08-24
FileHash-MD5 4b78c2ab3629e51d8a6c8ffa4410b3f7 2017-08-24
FileHash-MD5 cbe589381dddacb1065cedd0a0094326 2017-08-24
email barkmanueta@rambler.ru 2017-08-24
email sillitoexpya@rambler.ru 2017-08-24