← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Information Stealer Found Hitting Israeli Hospitals
WHITE AlienVault 2017-06-29 Modified: 2017-06-29
14
IOCs
MEDIUM VOLUME
The abuse of shortcut (LNK) files is steadily gaining traction among cybercriminals. We’ve seen a plethora of threats that leverage malicious LNK files: from well-known ransomware families, backdoors typically deployed in targeted attacks, and banking Trojans to spam emails, even an exploit to a LNK vulnerability itself. These threats are usually exacerbated by the further abuse of legitimate tools such as PowerShell, or script automation utility AutoIt. It’s thus not surprising that we discovered an information stealer employing LNK files, which our sensors detected in Israeli hospitals.
autoitmalwaremalwarePowerShelllnk
Indicators of Compromise (14)
All domain URL FileHash-SHA1
TYPEINDICATORDESCRIPTIONCREATED
domain newsofpalestine.com 2017-06-29
domain palestineop.com 2017-06-29
URL http://palestineop.com/fire.exe 2017-06-29
URL http://newsofpalestine.com/dr/7z.exe 2017-06-29
URL http://palestineop.com/myblog/user 2017-06-29
URL http://newsofpalestine.com/newss/gsan 2017-06-29
FileHash-SHA1 01e03241c42b12381e5c3ceb11e53f6c5c6bf0fa 2017-06-29
FileHash-SHA1 1186e8d32677f6ac86a35704c9435ccd9ffa8484 2017-06-29
FileHash-SHA1 479dcd0767653e59f2653b8d3fcddb662a728df4 2017-06-29
FileHash-SHA1 580ff21d0c9d8aeda2b7192b4caaccee8aba6be4 2017-06-29
FileHash-SHA1 5f32f648610202c3e994509ca0fb714370d6761d 2017-06-29
FileHash-SHA1 63ac13c121e523faa7a4b871b9c2f63bea05bbff 2017-06-29
FileHash-SHA1 68d90647cf57428aca972d438974ad6f98e0e2b2 2017-06-29
FileHash-SHA1 ce1b01eccf1b71d50e0f5dd6392bf1a4e6963a99 2017-06-29
References (1)
↗ http://blog.trendmicro.com/trendlabs-security-intelligence/information-stealer-found-hitting-israeli-hospitals/