← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Securonix Threat Labs Security Advisory: New Golang Attack Campaign GO#WEBBFUSCATOR Leverages Office Macros and James Webb Images to Infect Systems - Securonix
WHITE CyberHunter_NL 2022-08-31 Modified: 2022-09-30
19
IOCs
MEDIUM VOLUME
Securonix's Go platform is the latest platform to be targeted by cyber-thieves using the language's programming language to create malware and attack systems. and it is not the first one to use Go.
or deviceactionprocess createprocesscontainslocalappdataprocesscreateprocessrollup2trace executedchildprocprocstartmalwaretargetvirustotalexampleexecutiondownloadfebruary
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (19)
All FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 383136adaf956f1fab03de8c1064f7b9119b5b656bedda7ce3137bebbb2a920f 2022-08-31
FileHash-SHA256 3bdf6d9f0f35be75d8345d897ec838ae231ba01ae898f6d0c8f920ff4061fc22 2022-08-31
FileHash-SHA256 d09af37cdbae7273e4e7c79b242023ffdb07c8ccab2280db7fe511d2b14ad19c 2022-08-31
FileHash-SHA256 da43ec30fe12c45529e51a0c986a856aa8772483875356f29382ac514788f86d 2022-08-31
URL http://185.247.209.255 2022-08-31
URL http://www.xmlschemeformat.com/update/2021/Office/form.dotm 2022-08-31
URL http://www.xmlschemeformat.com/update/2021/office/oxb36f8geec634.jpg 2022-08-31
URL https://zeltser.com/c2-dns-tunneling/ 2022-08-31
domain apiregis.com 2022-08-31
domain updatesagent.com 2022-08-31
domain xmlschemeformat.com 2022-08-31
domain zeltser.com 2022-08-31
hostname c44352ssaweq.apiregis.com 2022-08-31
hostname ns1.apiregis.com 2022-08-31
hostname ns1.updatesagent.com 2022-08-31
hostname ns2.apiregis.com 2022-08-31
hostname ns2.updatesagent.com 2022-08-31
hostname replacewithrandom.c44352ssaweq.apiregis.com 2022-08-31
hostname www.xmlschemeformat.com 2022-08-31
References (1)
↗ https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/