← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
USCYBERCOM Malware Alert July 2019
WHITE APT33 AlienVault 2019-07-02 Modified: 2019-07-04
97
IOCs
HIGH VOLUME
USCYBERCOM has discovered active malicious use of CVE-2017-11774 and recommends immediate #patching. Malware is currently delivered and indicators are provided.
malwareUSCYBERCOM
Indicators of Compromise (97)
All FileHash-SHA256 domain URL CVE hostname FileHash-MD5
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 8e75241ddc1b6d2efccc42c4822af8ff13b824a1e792011f80e0debe0099b121 2019-07-02
FileHash-SHA256 f2bf20e7bb482d27da8f19aa0f8bd4927746a65300929b99166867074a38a4b4 2019-07-02
FileHash-SHA256 0515cd2ba84a5da10c63cadae06f04d778d66c054b9184edb57be6ea95a1095b 2019-07-02
FileHash-SHA256 28ebfe86217ed36ead5b429cadcd005338a0ae6207119729b53698b5e4a3ef3f 2019-07-02
FileHash-SHA256 b09bce085a2bbc1c0498baf3f75b48f8c86db132ebfc64d72b300f47b7435e89 2019-07-02
FileHash-SHA256 dc546dc992b31b3927e63cefbfd2716ca016ca238f6142cf16e27b240b0d7bb9 2019-07-02
domain customermgmt.net 2019-07-02
URL https://customermgmt.net/page/macrocosm 2019-07-02
CVE CVE-2017-11774 2019-07-02
FileHash-SHA256 1d4f9fadc9599cdee0901b5150230a35387dea95e3fe31819452bfcfd04b0d12 2019-07-02
URL https://customermgmt.net/page/news 2019-07-02
URL http://139.59.46.154:3485/eiloShaegae1 2019-07-03
URL http://ntg-sa.com/downloads/citrix_certificate.exe 2019-07-04
URL http://mol.com-ho.me/cv_itworx.do 2019-07-04
URL http://mol.com-ho.me/job_titles_itworx.doc 2019-07-04
URL http://www.taqa.com.sa/indexAr.htm 2019-07-04
URL http://www.taqa.com.sa/arabic/images/certificate.crt.exe 2019-07-04
URL http://moh.com-ho.me/health_insurance_registration.doc 2019-07-04
hostname get.adobe.go-microstf.com 2019-07-04
hostname design.analytics-google.org 2019-07-04
hostname lists.analytics-google.org 2019-07-04
domain go-microstf.com 2019-07-04
domain jquerycode-download.live 2019-07-04
domain analytics-google.org 2019-07-04
URL http://69.87.223.26/IMo8oosieVai 2019-07-04
URL http://69.87.223.26:8080/eiloShaegae1 2019-07-04
URL https://ntg-sa.com/downloads/citrix_certificate.exe 2019-07-04
URL http://104.218.120.128/check.aspx 2019-07-04
URL http://ntg-sa.com/cv.doc 2019-07-04
URL http://ntg-sa.com/job_titles.doc 2019-07-04
URL http://jquerycode-download.live/checkFile.aspx 2019-07-04
URL http://ntg-sa.com/Password_Policy.xlsm 2019-07-04
URL http://mol.com-ho.me/* 2019-07-04
URL http://jquerycode-download.live/check.aspx 2019-07-04
URL http://moh.com-ho.me/Health_insurance_plan.doc 2019-07-04
URL http://ntg-sa.com/job_titles_mci.doc 2019-07-04
URL http://69.87.223.26:8080/p 2019-07-04
URL http://mol.com-ho.me/cv_itworx.doc 2019-07-04
URL http://go-microstf.com/checkFile.aspx 2019-07-04
URL http://moh.com-ho.me/* 2019-07-04
URL http://104.218.120.128/msservice-a-4.exe 2019-07-04
URL http://ntg-sa.com/* 2019-07-04
URL http://ntg-sa.com/discount_voucher_codes.xlsm 2019-07-04
URL http://ntg-sa.com/cv_mci.doc 2019-07-04
URL http://taqa.com.sa/arabic/resumes/resume.doc 2019-07-04
URL http://ntg-sa.com/job_titles_itworx.doc 2019-07-04
URL http://jquerycode-download.live/flashplayer23pp_xa_install.exe 2019-07-04
URL http://139.59.46.154/IMo8oosieVai 2019-07-04
URL http://jquerycode-download.live/CitrixReceiver.exe 2019-07-04
URL http://mci.com-ho.me/cv_mci.doc 2019-07-04
URL http://mci.com-ho.me/* 2019-07-04
URL http://itworx.com-ho.me/* 2019-07-04
URL http://ntg-sa.com/cv_itworx.doc 2019-07-04
URL http://taqa.com.sa/arabic/tempdn/cv-taqa.doc 2019-07-04
URL http://taqa.com.sa/arabic/images/certificate.crt.exe 2019-07-04
URL http://analytics-google.org:69/check.aspx 2019-07-04
URL https://ntg-sa.com/Downloads/Chrome_Update.exe 2019-07-04
URL http://jquerycode-download.live/CheckLog.aspx 2019-07-04
URL http://104.218.120.128:69/checkFile.aspx 2019-07-04
URL http://104.218.120.128/msservice-a-2.exe 2019-07-04
URL https://ntg-sa.com/Downloads/flashplayer23pp_xa_install.exe 2019-07-04
URL http://jquerycode-download.live/chrome_update.exe 2019-07-04
URL http://analytics-google.org/checkFile.aspx 2019-07-04
URL http://ntg-sa.com/Health_insurance_plan.doc 2019-07-04
URL http://ntg-sa.com/Health_insurance_registration.doc 2019-07-04
URL http://taqa.com.sa/arabic/resumes/cv-taqa.doc 2019-07-04
URL http://moh.com-ho.me/Health_insurance_registration.doc 2019-07-04
URL http://jquerycode-download.live/citrixcertificate.exe 2019-07-04
URL http://104.218.120.128/pro.bat 2019-07-04
hostname mci.com-ho.me 2019-07-04
hostname mol.com-ho.me 2019-07-04
hostname itworx.com-ho.me 2019-07-04
hostname moh.com-ho.me 2019-07-04
FileHash-MD5 ecfc0275c7a73a9c7775130ebca45b74 2019-07-04
FileHash-MD5 f4d18316e367a80e1005f38445421b1f 2019-07-04
FileHash-MD5 fa72c068361c05da65bf2117db76aaa8 2019-07-04
FileHash-MD5 83be35956e5d409306a81e88a1dc89fd 2019-07-04
FileHash-MD5 bcafe408567557289003c79f745f7713 2019-07-04
FileHash-MD5 d87663ce6a9fc0e8bc8180937b3566b9 2019-07-04
FileHash-MD5 f9adf73bf1cdd7cd278e5137d966ddd4 2019-07-04
FileHash-MD5 623e05dd58d86da76fdfcf9b57032168 2019-07-04
FileHash-MD5 edfc37461fa66716b53333fd7f841a8e 2019-07-04
FileHash-MD5 6946836f2feb98d6e8021af6259a02dd 2019-07-04
FileHash-MD5 444c93e736194a01bf3b319e3963d746 2019-07-04
FileHash-MD5 b8373f909fa228c2b6e7d69f065f30fb 2019-07-04
FileHash-MD5 c2165155fcba5b737ee70354b5244be3 2019-07-04
FileHash-MD5 b34fd14105be23480c44cfdf6eb26807 2019-07-04
FileHash-MD5 9b1a06590b091d300781d8fbee180e75 2019-07-04
FileHash-MD5 45b0e5a457222455384713905f886bd4 2019-07-04
FileHash-MD5 43fad2d62bc23ffdc6d301571135222c 2019-07-04
FileHash-MD5 03ea9457bf71d51d8109e737158be888 2019-07-04
FileHash-MD5 0ed61b6f1008000c6dfcd3d842b21971 2019-07-04
FileHash-MD5 ce25f1597836c28cf415394fb350ae93 2019-07-04
FileHash-MD5 19cea065aa033f5bcfa94a583ae59c08 2019-07-04
FileHash-MD5 3fb33a2747b39a9b1c5c1e41fade595e 2019-07-04
FileHash-MD5 638b74a712a7e45efc9bec126b0f2d87 2019-07-04
FileHash-MD5 1b5e33e5a244d2d67d7a09c4ccf16e56 2019-07-04
References (4)
↗ https://twitter.com/CNMF_VirusAlert/status/1146132674781822976 ↗ https://twitter.com/CNMF_VirusAlert/status/1146132674781822976?s=20 ↗ https://twitter.com/obiwanblee/status/1146152208976584704 ↗ https://securelist.com/twas-the-night-before/91599/