← Back to Pulse Feed
PULSE DETAIL
The BlackBerry Research & Intelligence Team recently connected seemingly disparate malware campaigns, which began with an unusual Cobalt Strike configuration that was first included in a blog post published the same month as COVID-19 lockdowns began in Europe and the U.S. What we found led us through a malicious infrastructure that had been partially documented in articles by several other research organizations.
MITRE ATT&CK & Malware Families
Indicators of Compromise (59)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| FileHash-MD5 | 0d29745c6c31d8da252039ffe06e5eb6 | MD5 of cdb46a214f9d5a338b8a14b9f0b03b81ef8a5f597a6254cab974961e418e9df7 | 2021-10-06 | |
| FileHash-MD5 | 10523457ffe8477e49a13aa8e495933b | MD5 of bac2bd46719223c605a7bce281a4b2d3e5b5703031a675155577cf8a3d079fc0 | 2021-10-06 | |
| FileHash-MD5 | 201b9bdeb711419b30871190e8f01649 | MD5 of 3058815c1f6ef83a66a022cbd9b8fa1a08db7ad90c71272f4efe3a42b3ce5bc6 | 2021-10-06 | |
| FileHash-MD5 | 60e236b628feac4c1cd1548d7bc4959f | MD5 of 3e3073741d5c3b27b79fa563da0eb68cd5b02e00af8a778b61219f76538c52e4 MD5 of 3e3073741d5c3b27b79fa563da0eb68cd5b02e00af8a778b61219f76538c52e4 | 2021-10-06 | |
| FileHash-MD5 | 9e11d73a029d2dffde3d7a957a1a50fb | MD5 of eefd527c61bfff88b368e1e197bf17aa30c00b0a6b71e0b1ce6bbca53b69189b | 2021-10-06 | |
| FileHash-MD5 | 9e4f11b2a3333ed51d6612effa3da4ee | MD5 of a0f2d31977a55cadc8959a07c8f7ab7796e1ce90a0a66f1d896c36dc8b80b698 | 2021-10-06 | |
| FileHash-MD5 | a407c234099a27ef4685710611016226 | MD5 of 2d8121231b803b336005d4374635cb76e7ff2ef45b44dd7b4dd3d218573222c8 | 2021-10-06 | |
| FileHash-MD5 | e60a75d7fe57c1b12f6bc881fd1dbf8e | MD5 of 8d5510ec251ee3d504f56670a8ad37058bea029400acb1151b32b7a9db5d32d9 | 2021-10-06 | |
| FileHash-SHA1 | 143beef82e2119d8e7280427b7d0ac97e85fd55d | SHA1 of bac2bd46719223c605a7bce281a4b2d3e5b5703031a675155577cf8a3d079fc0 | 2021-10-06 | |
| FileHash-SHA1 | 630ad598b29f354a3e4011e17e9a2a31777c411d | SHA1 of cdb46a214f9d5a338b8a14b9f0b03b81ef8a5f597a6254cab974961e418e9df7 | 2021-10-06 | |
| FileHash-SHA1 | 7aba2884c5efb0c637810191ca5e04575bbbee5a | SHA1 of 3058815c1f6ef83a66a022cbd9b8fa1a08db7ad90c71272f4efe3a42b3ce5bc6 | 2021-10-06 | |
| FileHash-SHA1 | ad5f0784b059e5ad60045dc4aa14cb76f33c056a | SHA1 of a0f2d31977a55cadc8959a07c8f7ab7796e1ce90a0a66f1d896c36dc8b80b698 | 2021-10-06 | |
| FileHash-SHA1 | b475d30a0a83825232ee76ae5dca1abab9a41859 | SHA1 of 3e3073741d5c3b27b79fa563da0eb68cd5b02e00af8a778b61219f76538c52e4 SHA1 of 3e3073741d5c3b27b79fa563da0eb68cd5b02e00af8a778b61219f76538c52e4 | 2021-10-06 | |
| FileHash-SHA1 | b92e1f2218b759636d2cd72d5aa4aa74743da3a0 | SHA1 of 2d8121231b803b336005d4374635cb76e7ff2ef45b44dd7b4dd3d218573222c8 | 2021-10-06 | |
| FileHash-SHA1 | cc5432f78d01e362f79d197617093df17701bce0 | SHA1 of 8d5510ec251ee3d504f56670a8ad37058bea029400acb1151b32b7a9db5d32d9 | 2021-10-06 | |
| FileHash-SHA1 | d95c5a8ec29b5a65e28436dc77c0c6496eec8077 | SHA1 of eefd527c61bfff88b368e1e197bf17aa30c00b0a6b71e0b1ce6bbca53b69189b | 2021-10-06 | |
| FileHash-SHA256 | 09adb7ff9f73d889f1dc941db74e2a557b6b3555d481407311cc86e20d0a1a9d | — | 2021-10-06 | |
| FileHash-SHA256 | 10153e7ebe0dc57d15eceff16e2631157181c2125b29226d779d5fa00d641821 | — | 2021-10-06 | |
| FileHash-SHA256 | 1f9c11f13604e57d0dcf36e639458a8713d2149e2091db3b0b9ab89007a2746a | — | 2021-10-06 | |
| FileHash-SHA256 | 278b898172a729dff62b8587d7608d9478ec132edf5e210eb277e75bc2251091 | — | 2021-10-06 | |
| FileHash-SHA256 | 2d8121231b803b336005d4374635cb76e7ff2ef45b44dd7b4dd3d218573222c8 | — | 2021-10-06 | |
| FileHash-SHA256 | 2d9e25876950ccce143b1157979d5eeba1dc1201ff68003aa558692634416d07 | — | 2021-10-06 | |
| FileHash-SHA256 | 3058815c1f6ef83a66a022cbd9b8fa1a08db7ad90c71272f4efe3a42b3ce5bc6 | — | 2021-10-06 | |
| FileHash-SHA256 | 3e3073741d5c3b27b79fa563da0eb68cd5b02e00af8a778b61219f76538c52e4 | — | 2021-10-06 | |
| FileHash-SHA256 | 4cac0f8b79a741c677799489bc7b21bc9b5fdef191d0a92c6c651ee0cbcbcc30 | — | 2021-10-06 | |
| FileHash-SHA256 | 5bba4e9fd057d4727d454518f05ff89ddec6391bafd0420f3418d36962963721 | — | 2021-10-06 | |
| FileHash-SHA256 | 6f19a33e9cb47f91c89af7fe0f9fdfed9591b2ee46e33fbeb4dae6c14016be7d | — | 2021-10-06 | |
| FileHash-SHA256 | 78b9b4c66a1d7a605d51209afe6049020e21056d6051d37946ff07daa531f742 | — | 2021-10-06 | |
| FileHash-SHA256 | 84ca67aa686066865553de64b72ac3bf2a9f8493c9a06fefc3c3977f3f80ca99 | — | 2021-10-06 | |
| FileHash-SHA256 | 8642843752bab88e7d6ee13647de19ab60e312e42a9a629f46efe94606b6c83f | — | 2021-10-06 | |
| FileHash-SHA256 | 8d5510ec251ee3d504f56670a8ad37058bea029400acb1151b32b7a9db5d32d9 | — | 2021-10-06 | |
| FileHash-SHA256 | 97191fa8ce8bb57e488fd111a2ae479a9796e2253e12956d17baab4f6db56075 | — | 2021-10-06 | |
| FileHash-SHA256 | a0f2d31977a55cadc8959a07c8f7ab7796e1ce90a0a66f1d896c36dc8b80b698 | — | 2021-10-06 | |
| FileHash-SHA256 | a911e0a1c750c0abbe7bc193b8e002aa3ceeaf466f4a3b05d6a74e3c36f6fc27 | — | 2021-10-06 | |
| FileHash-SHA256 | aa8e324a75f41ba273e22229f57aa7502a9c00bd112d4aaccffdc3009891c6e3 | — | 2021-10-06 | |
| FileHash-SHA256 | ac48715eb0c9872cb67405b31c11b997de1e151e8afc87e45a32a5e278617531 | — | 2021-10-06 | |
| FileHash-SHA256 | ae7adf40dfc136be99d6d0d60c367b121219d46ce400b318860fa51f4d1bd223 | — | 2021-10-06 | |
| FileHash-SHA256 | bac2bd46719223c605a7bce281a4b2d3e5b5703031a675155577cf8a3d079fc0 | — | 2021-10-06 | |
| FileHash-SHA256 | bf89c26372de6d0c5dac52f0b86717ff2c7854177f36b1e9a9fa6f72a96a4f42 | — | 2021-10-06 | |
| FileHash-SHA256 | c1ab2558c28ab8cd05ef87fe6b19461859c36c8111cd871ee4707150cf991f59 | — | 2021-10-06 | |
| FileHash-SHA256 | cdb46a214f9d5a338b8a14b9f0b03b81ef8a5f597a6254cab974961e418e9df7 | — | 2021-10-06 | |
| FileHash-SHA256 | dfb507d503c50a842e617f80dac3127a47518d6eccdd7687ac3857b07f658253 | — | 2021-10-06 | |
| FileHash-SHA256 | eefd527c61bfff88b368e1e197bf17aa30c00b0a6b71e0b1ce6bbca53b69189b | — | 2021-10-06 | |
| FileHash-SHA256 | f3e766cfb85419ac229b27ece0acd169a2899f59bc6ae267427c0596638c1759 | — | 2021-10-06 | |
| FileHash-SHA256 | f7561c283d37307f86653ad984b832b088e4a32fa23bfeaae46b320c6c51bb7c | — | 2021-10-06 | |
| URL | http://107.182.24.70/jquery-3.3.1.min.js | — | 2021-10-06 | |
| URL | http://144.202.98.198/jquery-3.3.1.min.js | — | 2021-10-06 | |
| URL | http://ns.mircosoftdoc.com/en-us/learn | — | 2021-10-06 | |
| URL | http://www.microsoftbooks.dns-dns.com/jquery-3.3.1.min.js | — | 2021-10-06 | |
| URL | http://www.mlcrosoft.site/search | — | 2021-10-06 | |
| domain | assistcustody.xyz | — | 2021-10-06 | |
| domain | chaindefend.bid | — | 2021-10-06 | |
| domain | defendchain.xyz | — | 2021-10-06 | |
| domain | isbigfish.xyz | — | 2021-10-06 | |
| domain | zalofilescdn.com | — | 2021-10-06 | |
| hostname | microsoftonlineupdate.dynamic-dns.net | — | 2021-10-06 | |
| hostname | ns.mircosoftdoc.com | — | 2021-10-06 | |
| hostname | www.microsoftbooks.dns-dns.com | — | 2021-10-06 | |
| hostname | www.mlcrosoft.site | — | 2021-10-06 |