← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
The Curious Case of Notepad and Chthonic: Exposing a Malicious Infrastructure
WHITE AlienVault 2017-08-15 Modified: 2017-08-15
83
IOCs
HIGH VOLUME
Recently, I’ve been investigating malware utilizing PowerShell and have spent a considerable amount of time refining ways to identify new variants of attacks as they appear. This posting is a follow-up of my previous work on this subject in “Pulling Back the Curtains on EncodedCommand PowerShell Attacks”.
Chthonic
Indicators of Compromise (33 / 83 total)
All domain FileHash-SHA256 URL
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 0972fc9602b00595e1022d9cfe7e9c9530d4e9adb5786fea830324b3f7ff4448 2017-08-15
FileHash-SHA256 142bf7f47bfbd592583fbcfa22a25462df13da46451b17bb984d50ade68a5b17 2017-08-15
FileHash-SHA256 145d47f4c79206c6c9f74b0ab76c33ad0fd40ac6724b4fac6f06afec47b307c6 2017-08-15
FileHash-SHA256 29c7740f487a461a96fad1c8db3921ccca8cc3e7548d44016da64cf402a475ad 2017-08-15
FileHash-SHA256 2a80fdda87127bdc56fd35c3e04eb64a01a159b7b574177e2e346439c97b770a 2017-08-15
FileHash-SHA256 2c258ac862d5e31d8921b64cfa7e5a9cd95cca5643c9d51db4c2fcbe75fa957a 2017-08-15
FileHash-SHA256 2ddaa30ba3c3e625e21eb7ce7b93671ad53326ef8b6e2bc20bc0d2de72a3929d 2017-08-15
FileHash-SHA256 43bfaf9a2a4d46695bb313a32d88586c510d040844f29852c755845a5a09d9df 2017-08-15
FileHash-SHA256 538ff577a80748d87b5e738e95c8edd2bd54ea406fe3a75bf452714b17528a87 2017-08-15
FileHash-SHA256 5785c2d68d6f669b96c3f31065f0d9804d2ab1f333a90d225bd993e66656b7d9 2017-08-15
FileHash-SHA256 5edf117e7f8cd176b1efd0b5fd40c6cd530699e7a280c5c7113d06e9c21d6976 2017-08-15
FileHash-SHA256 6263730ef54fbed0c2d3a7c6106b6e8b12a6b2855a03e7caa8fb184ed1eabeb2 2017-08-15
FileHash-SHA256 675719a9366386034c285e99bf33a1a8bafc7644874b758f307d9a288e95bdbd 2017-08-15
FileHash-SHA256 677dd11912a0f13311d025f88caabeeeb1bda27c7c1b5c78cffca36de46e8560 2017-08-15
FileHash-SHA256 6f4b2c95b1a0f320da1b1eaa918c338c0bab5cddabe169f12ee734243ed8bba8 2017-08-15
FileHash-SHA256 7fe1069c118611113b4e34685e7ee58cb469bda4aa66a22db10842c95f332c77 2017-08-15
FileHash-SHA256 8284ec768a06b606044defe2c2da708ca6b3b51f8e58cb66f61bfca56157bc88 2017-08-15
FileHash-SHA256 9acdad02ca8ded6043ab52b4a7fb2baac3a08c9f978ce9da2eb51c816a9e7a2e 2017-08-15
FileHash-SHA256 a5001e9b29078f532b1a094c8c16226d20c03922e37a4fca2e9172350bc160a0 2017-08-15
FileHash-SHA256 a636f49814ea6603534f780b83a5d0388f5a5d0eb848901e1e1bf2d19dd84f05 2017-08-15
FileHash-SHA256 a9021e253ae52122cbcc2284b88270ceda8ad9647515d6cca96db264a76583f5 2017-08-15
FileHash-SHA256 b41660db6dcb0d3c7b17f98eae3141924c8c0ee980501ce541b42dc766f85628 2017-08-15
FileHash-SHA256 b836576877b2fcb3cacec370e5e6a029431f59d5070da89d94200619641ca0c4 2017-08-15
FileHash-SHA256 cb3173a820ac392005de650bbd1dd24543a91e72d4d56300a7795e887a8323b2 2017-08-15
FileHash-SHA256 d5e56b9b5f52293b209a60c2ccd0ade6c883f9d3ec09571a336a3a4d4c79134b 2017-08-15
FileHash-SHA256 dc8f34829d5fede991b478cf9117fb18c32d639573a827227b2fc50f0b475085 2017-08-15
FileHash-SHA256 dd5f237153856d19cf20e80ff8238ca42047113c44fae27b5c3ad00be2755eea 2017-08-15
FileHash-SHA256 dd639d76ff6f33bbfaf3bd398056cf4e95e27822bd9476340c7703f5b38e0183 2017-08-15
FileHash-SHA256 dd9c558ba58ac81a2142ecb308ac8d0f044c7059a039d2e367024d953cd14a00 2017-08-15
FileHash-SHA256 e5a00b49d4ab3e5a3a8f60278b9295f3d252e3e04dadec2624bb4dcb2eb0fada 2017-08-15
FileHash-SHA256 f0ce51eb0e6c33fdb8e1ccb36b9f42139c1dfc58d243195aedc869c7551a5f89 2017-08-15
FileHash-SHA256 fd5fd7058cf157ea249d4dcba71331f0041b7cf8fd635f37ad13aed1b06bebf2 2017-08-15
FileHash-SHA256 fdedf0f90d42d3779b07951d1e8826c7015b3f3e724ab89e350c9608e1f23852 2017-08-15
References (1)
↗ https://researchcenter.paloaltonetworks.com/2017/08/unit42-the-curious-case-of-notepad-and-chthonic-exposing-a-malicious-infrastructure/