← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Verblecon: Sophisticated New Loader Used in Low-level Attacks | Symantec Enterprise Blogs
WHITE CyberHunter_NL 2023-04-04 Modified: 2023-04-04
26
IOCs
MEDIUM VOLUME
An unknown attacker is using a complex and powerful malware loader in low-level attacks, according to security analysts from Symantec and the UK-based firm, which specialises in security software.
verbleconwindowsinfectioniddiscordstorageleveldbsymantecmin readnew loaderattackshome threatnextdatemaintoolspassteamclose
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Verblecon
Indicators of Compromise (26)
All URL FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain hostname
TYPEINDICATORDESCRIPTIONCREATED
URL https://gaymers.ax/ 2023-04-04
URL https://jonathanhardwick.me/hardwick.bin 2023-04-04
URL https://jonathanhardwick.me/hardwick.jar 2023-04-04
FileHash-MD5 1f431d1498c45f6fd5a4975c5475c9a7 MD5 of 5a4f6332ad08b35c055bb5e6dfddc79d2f7905e63fac7595efbedd0b27f12eb8 2023-04-04
FileHash-MD5 36c89be43122fd968de9283eb3c2fdfd MD5 of 32a9415daa7f37a93dd0b347461844673c0f5baf0c15c01ee48b147dadf28299 2023-04-04
FileHash-MD5 6f3af6ffb074513b51bba688a0b41df7 2023-04-04
FileHash-MD5 923ec15ffa4474ca7bf200bfb90e782d 2023-04-04
FileHash-MD5 c49165830ceaa2903d996e9794c50dc8 MD5 of f3f4af5f5eae1a28ad5a01b56d71302a265bce17d2c87ce731edf440612818a6 2023-04-04
FileHash-SHA1 32e80ae488534601711b1001a3fd9c372ad093e2 SHA1 of 32a9415daa7f37a93dd0b347461844673c0f5baf0c15c01ee48b147dadf28299 2023-04-04
FileHash-SHA1 66cbfd551e35ee191a79da8163c795af16fea282 SHA1 of 5a4f6332ad08b35c055bb5e6dfddc79d2f7905e63fac7595efbedd0b27f12eb8 2023-04-04
FileHash-SHA1 d031bba3d7e73bbdc5e53d073fd8a6a98294ec4f SHA1 of f3f4af5f5eae1a28ad5a01b56d71302a265bce17d2c87ce731edf440612818a6 2023-04-04
FileHash-SHA256 32a9415daa7f37a93dd0b347461844673c0f5baf0c15c01ee48b147dadf28299 2023-04-04
FileHash-SHA256 5a4f6332ad08b35c055bb5e6dfddc79d2f7905e63fac7595efbedd0b27f12eb8 2023-04-04
FileHash-SHA256 f3f4af5f5eae1a28ad5a01b56d71302a265bce17d2c87ce731edf440612818a6 2023-04-04
URL http://test.verble.rocks/dorflersaladreviews.bin 2023-04-04
URL http://test.verble.rocks/dorflersaladreviews.jar 2023-04-04
URL http://verble.software/styles.jar d162756d7cd11317f0c004172f6127bbcb564186dc43284ab7d4b293789434df 2023-04-04
URL https://jonathanhardwick.me/config.txt 2023-04-04
URL https://jonathanhardwick.me/hardwick.jar~start 2023-04-04
domain 6f3af6ffb074513b51bba688a0b41df7.tk 2023-04-04
domain gaymers.ax 2023-04-04
domain jonathanhardwick.me 2023-04-04
domain user.name 2023-04-04
domain verble.software 2023-04-04
hostname datetime.date.today 2023-04-04
hostname test.verble.rocks 2023-04-04
References (1)
↗ https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/verblecon-sophisticated-malware-cryptocurrency-mining-discord