← Back to Pulse Feed
PULSE DETAIL
Today, we’re announcing that Microsoft’s Digital Crimes Unit (DCU) has taken legal and technical action to disrupt a criminal botnet called ZLoader. ZLoader is made up of computing devices in businesses, hospitals, schools, and homes around the world and is run by a global internet-based organized crime gang operating malware as a service that is designed to steal and extort money.
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
T1555.003
T1557
T1518.001
T1047
T1059.003
T1588.001
T1539
T1482
T1012
T1587.001
T1008
T1055.001
T1036.001
T1490
T1547.001
T1588.002
T1204.002
T1204.001
T1074.001
T1573.001
T1588.006
T1106
T1056.001
T1548.002
T1587.003
T1553.004
T1005
T1562.001
T1529
T1059.005
T1041
T1189
T1219
T1027.002
T1140
T1587.002
T1583.004
T1124
T1071.001
T1082
T1016
T1033
T1070.004
T1584.004
T1083
T1560.003
T1059.001
T1113
T1568.002
T1036.005
T1057
T1489
MALWARE FAMILIES
Zloader
Ursnif
Raccoon
Zloader 2
Indicators of Compromise (82)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| FileHash-MD5 | 58831fbd01b08e1e951f085c17a0bb7d | MD5 of 54e6e6b23dec0432da2b36713a206169468f4f9d7691ccf449d7d946617eca45 MD5 of 54e6e6b23dec0432da2b36713a206169468f4f9d7691ccf449d7d946617eca45 | 2022-04-18 | |
| FileHash-SHA1 | d5d5efb7affb79dc6c72d78c7a07617263f8ac69 | SHA1 of 54e6e6b23dec0432da2b36713a206169468f4f9d7691ccf449d7d946617eca45 SHA1 of 54e6e6b23dec0432da2b36713a206169468f4f9d7691ccf449d7d946617eca45 | 2022-04-18 | |
| FileHash-SHA256 | 54e6e6b23dec0432da2b36713a206169468f4f9d7691ccf449d7d946617eca45 | — | 2022-04-18 | |
| FileHash-MD5 | 03d5ae30a0bd934a23b6a7f0756aa504 | — | 2022-04-18 | |
| FileHash-MD5 | 800f1fbfda6fa368cd469f5bdff644b0 | MD5 of 5da3db74eee74412c1290393a0a0487c63b2c022e57aebcd632f0c3caf23d8bc | 2022-04-18 | |
| FileHash-MD5 | eb8439d5ee379f19d25c2445d28e135a | MD5 of 384f3719ba4fbcf355cc206e27f3bfca94e7bf14dd928de62ab5f74de90df34a | 2022-04-18 | |
| FileHash-SHA1 | 46c79bd6482e287647b1d6700176a5f6f5ac6d57 | — | 2022-04-18 | |
| FileHash-SHA1 | 5426510acb07efc464c47bbe0cc413489365a3d9 | SHA1 of 384f3719ba4fbcf355cc206e27f3bfca94e7bf14dd928de62ab5f74de90df34a | 2022-04-18 | |
| FileHash-SHA1 | fa1db6808d4b4d58de6f7798a807dd4bea5b9bf7 | SHA1 of 5da3db74eee74412c1290393a0a0487c63b2c022e57aebcd632f0c3caf23d8bc | 2022-04-18 | |
| FileHash-SHA256 | 384f3719ba4fbcf355cc206e27f3bfca94e7bf14dd928de62ab5f74de90df34a | — | 2022-04-18 | |
| FileHash-SHA256 | 44ede6e1b9be1c013f13d82645f7a9cff7d92b267778f19b46aa5c1f7fa3c10b | — | 2022-04-18 | |
| FileHash-SHA256 | 5b731854c58c2c1316633e570c9ec82474347e64b07ace48017d0be2b6331eed | — | 2022-04-18 | |
| FileHash-SHA256 | 5da3db74eee74412c1290393a0a0487c63b2c022e57aebcd632f0c3caf23d8bc | — | 2022-04-18 | |
| FileHash-SHA256 | c7441a27727069ce11f8d54676f8397e85301b4d65d4d722c6b239a495fd0282 | — | 2022-04-18 | |
| domain | aerulonoured.su | — | 2022-04-18 | |
| domain | braves.fun | — | 2022-04-18 | |
| domain | dotxvcnjlvdajkwerwoh.com | — | 2022-04-18 | |
| domain | endoftheendi.com | — | 2022-04-18 | |
| domain | etjmejjcxjtwweitluuw.com | — | 2022-04-18 | |
| domain | qyfurihpsbhbuvitilgw.com | — | 2022-04-18 | |
| domain | teamworks455.com | — | 2022-04-18 | |
| URL | https://endoftheendi.com/12.exe | — | 2022-04-18 | |
| URL | https://cmdadminu.com | — | 2022-04-18 | |
| URL | https://datalystoy.com | — | 2022-04-18 | |
| URL | https://teamworks455.com | — | 2022-04-18 | |
| URL | https://updatemsicheck.com | — | 2022-04-18 | |
| CVE | CVE-2012-0151 | — | 2022-04-18 | |
| CVE | CVE-2013-3900 | — | 2022-04-18 | |
| FileHash-MD5 | 077cfbe2754d9bdd984cebff7b925ad8 | MD5 of 30d8ba32daf9e18e9e3ce564fc117a2faf738405 | 2022-04-18 | |
| FileHash-MD5 | 5cae01aea8ed390ce9bec17b6c1237e4 | MD5 of 3a80a49efaac5d839400e4fb8f803243fb39a513 | 2022-04-18 | |
| FileHash-MD5 | 5ce59cd58a34bc0530e398330013ee77 | MD5 of f3b3cf03801527c24f9059f475a9d87e5392dae9 | 2022-04-18 | |
| FileHash-MD5 | 66863e846cd5360736c868038b4d8a02 | MD5 of e7d7be1f1fe04f6708efb8f0f258471d856f8f8f | 2022-04-18 | |
| FileHash-MD5 | ae2b147bba8bbe97300ee12fa439d19b | MD5 of 4858bc02452a266ea3e1a0dd84a31fa050134fb8 | 2022-04-18 | |
| FileHash-MD5 | e5f69cf5e3b412444c4ad60defefc861 | MD5 of f4879eb2c159c4e73139d1ac5d5c8862af8f1719 | 2022-04-18 | |
| FileHash-SHA1 | 23d38e876772a4e28f1b8b6aaf03e18c7cfe5757 | — | 2022-04-18 | |
| FileHash-SHA1 | 30d8ba32daf9e18e9e3ce564fc117a2faf738405 | — | 2022-04-18 | |
| FileHash-SHA1 | 33fd41e6fd2ccf3dfb0fcb90eb7f27e5eab2a0b3 | — | 2022-04-18 | |
| FileHash-SHA1 | 3a80a49efaac5d839400e4fb8f803243fb39a513 | — | 2022-04-18 | |
| FileHash-SHA1 | 462e242ef2e6bad389dab845c68dd41493f91c89 | — | 2022-04-18 | |
| FileHash-SHA1 | 4858bc02452a266ea3e1a0dd84a31fa050134fb8 | — | 2022-04-18 | |
| FileHash-SHA1 | 5a4e5ee60cb674b2bfcd583ee3641d7825d78221 | — | 2022-04-18 | |
| FileHash-SHA1 | 5aa2f377c73a0e73e7e81a606ca35bc07331ef51 | — | 2022-04-18 | |
| FileHash-SHA1 | 9d3e6b2f91547d891f0716004358a8952479c14d | — | 2022-04-18 | |
| FileHash-SHA1 | a187d9c0b4bdb4d0b5c1d2bdbcb65090dcee5d8c | — | 2022-04-18 | |
| FileHash-SHA1 | bd989516f902c0b4aff7bcf32db511452355d7c5 | — | 2022-04-18 | |
| FileHash-SHA1 | beab91a74563df8049a894d5a2542dd8843553c2 | — | 2022-04-18 | |
| FileHash-SHA1 | e4274681989347fabb22050a5ad14fe66ffdc000 | — | 2022-04-18 | |
| FileHash-SHA1 | e7d7be1f1fe04f6708efb8f0f258471d856f8f8f | — | 2022-04-18 | |
| FileHash-SHA1 | f3b3cf03801527c24f9059f475a9d87e5392dae9 | — | 2022-04-18 | |
| FileHash-SHA1 | f4879eb2c159c4e73139d1ac5d5c8862af8f1719 | — | 2022-04-18 | |
| FileHash-SHA256 | 19896a23d7b054625c2f6b1ee1551a0da68ad25cddbb24510a3b74578418e618 | SHA256 of 3a80a49efaac5d839400e4fb8f803243fb39a513 | 2022-04-18 | |
| FileHash-SHA256 | 5f02551d7a9d3021e59c22c84147874e78019417480ed3e792197743fb48c2a0 | SHA256 of 30d8ba32daf9e18e9e3ce564fc117a2faf738405 | 2022-04-18 | |
| FileHash-SHA256 | 950ad539dfc8e16c07d24dbb37ae19daa0b2f32164ba0cb3c81fa7e689f274e1 | SHA256 of f3b3cf03801527c24f9059f475a9d87e5392dae9 | 2022-04-18 | |
| FileHash-SHA256 | b83a51edb03adbaf47fd133a6d8e3139906d3dc4d70eb06d45f45815db8bbb85 | SHA256 of f4879eb2c159c4e73139d1ac5d5c8862af8f1719 | 2022-04-18 | |
| FileHash-SHA256 | c3dcb0b174fe9b61f8f20d829f0b05fdf04848fc7087f53b7de1e4d91e8042dd | SHA256 of e7d7be1f1fe04f6708efb8f0f258471d856f8f8f | 2022-04-18 | |
| FileHash-SHA256 | f537cfc1c44ea27081e917e92f2909a8a5c81695a7954add30a6e6e4fd22c85f | SHA256 of 4858bc02452a266ea3e1a0dd84a31fa050134fb8 | 2022-04-18 | |
| domain | asdfghdsajkl.com | — | 2022-04-18 | |
| domain | checksoftupdate.com | — | 2022-04-18 | |
| domain | clouds222.com | — | 2022-04-18 | |
| domain | cmdadminu.com | — | 2022-04-18 | |
| domain | commandaadmin.com | — | 2022-04-18 | |
| domain | daksjuggdhwa.com | — | 2022-04-18 | |
| domain | datalystoy.com | — | 2022-04-18 | |
| domain | djshggadasj.com | — | 2022-04-18 | |
| domain | dkisuaggdjhna.com | — | 2022-04-18 | |
| domain | dquggwjhdmq.com | — | 2022-04-18 | |
| domain | eiqwuggejqw.com | — | 2022-04-18 | |
| domain | iasudjghnasd.com | — | 2022-04-18 | |
| domain | kdjwhqejqwij.com | — | 2022-04-18 | |
| domain | kjdhsasghjds.com | — | 2022-04-18 | |
| domain | lkjhgfgsdshja.com | — | 2022-04-18 | |
| domain | porno3xgirls.fun | — | 2022-04-18 | |
| domain | porno3xgirls.space | — | 2022-04-18 | |
| domain | porno3xgirls.website | — | 2022-04-18 | |
| domain | pornokeyxxx.pw | — | 2022-04-18 | |
| domain | pornoxxxguru.space | — | 2022-04-18 | |
| domain | porxnoxxx.pw | — | 2022-04-18 | |
| domain | porxnoxxx.site | — | 2022-04-18 | |
| domain | sofftsportal.su | — | 2022-04-18 | |
| domain | updatemsicheck.com | — | 2022-04-18 | |
| ario.hi@rover.info | — | 2022-04-18 | ||
| hostname | rec.kindplanet.us | — | 2022-04-18 |