← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
New Backdoor Discovered in Limited Attacks
WHITE eric.ford 2023-05-01 Modified: 2023-05-01
44
IOCs
MEDIUM VOLUME
IBM updated and republished a report on 27 April 2023, revealing the discovery of a new backdoor malware family called MINODO, used in campaigns since late February 2023. All customers are likely to be targeted by the adversaries, and the impact could cause moderate to considerable damage due to data theft and disruption of operations. The initial infection vector could be phishing or malvertising. This threat is still active, and ATI recommends incorporating the hashes and domains to your defense-in-depth strategy to mitigate the risks.
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
MINODO BACKDOOR PROJECT NEMESIS infostealer DAVE LOADER
Indicators of Compromise (44)
All IPv4 FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain
TYPEINDICATORDESCRIPTIONCREATED
IPv4 170.130.55.250 CC=US ASN=AS62904 AS62904 2023-05-01
IPv4 185.225.17.202 CC=RO ASN=AS39798 MivoCloud SRL 2023-05-01
FileHash-MD5 1d157b06b8455e07623611261f0e39cc MD5 of f4ebd59fb578a0184abf6870fc652210d63e078a35dace0a48c5f273e417c13d 2023-05-01
FileHash-MD5 2373be26018075847aea51636b739f66 2023-05-01
FileHash-MD5 273743dae912e34afe847ff81432b61b MD5 of b14ab379ff43c7382c1aa881b2be39275c1594954746ef58f6a9a3535e8dc1a8 2023-05-01
FileHash-MD5 2cc79806701f1a6e877c29b93f06f1bb MD5 of de9b3c01991e357a349083f0db6af3e782f15e981e2bf0a16ba618252585923a 2023-05-01
FileHash-MD5 2f929e7cb8a9918655318172bb380cc8 MD5 of dbdfc3ca5afa186c1a9a9c03129773f7bc17fb7988fe0ca40fc3c5bedb201978 2023-05-01
FileHash-MD5 6ab489e129b4514b4f04e414ef032d78 MD5 of 51e0512a54640be8e3477363c8d72d893c6edd20399bddf71e95eec3ddfdb42e 2023-05-01
FileHash-MD5 9eefc7ef7e8638343029dc904a7317d2 MD5 of f1817665ea2831f775e23cbda27cbeb06d03e6c39bbfad920b50f40712dd37cb 2023-05-01
FileHash-MD5 9fecb82a3c135fec485c39ed9899e765 MD5 of ce99b4c0d75811ce70610d39b1007f99560e6dea887a451e08916a4f8cf33678 2023-05-01
FileHash-MD5 adcbdbf021aea00c2c5d78206d49b88d MD5 of 92651f9418625e5281b84cccb817e94e6294b36c949b00fcd4046770b87f10e4 2023-05-01
FileHash-MD5 be2f1f1bd45e9b71c50a6414f267a47e MD5 of e5af0b9f4650dc0193c9884507e6202b04bb87ac5ed261be3f4ecfa3b6911af8 2023-05-01
FileHash-MD5 cdbe0feb82b1caf164c7da42cb9a20be 2023-05-01
FileHash-MD5 d9ffb202d6b679e5ad7303c0334cd000 2023-05-01
FileHash-SHA1 19eed494134936a00f48d5904679c97ade6d0e08 SHA1 of e5af0b9f4650dc0193c9884507e6202b04bb87ac5ed261be3f4ecfa3b6911af8 2023-05-01
FileHash-SHA1 261f2e39597ebff967e98e5a261166f9594ab632 SHA1 of de9b3c01991e357a349083f0db6af3e782f15e981e2bf0a16ba618252585923a 2023-05-01
FileHash-SHA1 2bf3b2493976bce8667a90ff6cb5acd0ec4c56af SHA1 of f4ebd59fb578a0184abf6870fc652210d63e078a35dace0a48c5f273e417c13d 2023-05-01
FileHash-SHA1 3644ce93962d69b8a3fbaa2684c8eec48c0bb841 SHA1 of ce99b4c0d75811ce70610d39b1007f99560e6dea887a451e08916a4f8cf33678 2023-05-01
FileHash-SHA1 50f6d556af335d06dfd63f18ebea210200e39fd2 SHA1 of 92651f9418625e5281b84cccb817e94e6294b36c949b00fcd4046770b87f10e4 2023-05-01
FileHash-SHA1 62db5198a43841fd78b0c894fa8b5569f1371c81 SHA1 of f1817665ea2831f775e23cbda27cbeb06d03e6c39bbfad920b50f40712dd37cb 2023-05-01
FileHash-SHA1 756823a0d6ebd7136310080335aa880fbe6b7b20 SHA1 of 51e0512a54640be8e3477363c8d72d893c6edd20399bddf71e95eec3ddfdb42e 2023-05-01
FileHash-SHA1 9acbdb4d3cba5aacc70cfd497a441e4704dc727c SHA1 of dbdfc3ca5afa186c1a9a9c03129773f7bc17fb7988fe0ca40fc3c5bedb201978 2023-05-01
FileHash-SHA1 f13c36d02117c91ec93cb6aff56b53bff5d12a89 SHA1 of b14ab379ff43c7382c1aa881b2be39275c1594954746ef58f6a9a3535e8dc1a8 2023-05-01
FileHash-SHA256 51e0512a54640be8e3477363c8d72d893c6edd20399bddf71e95eec3ddfdb42e 2023-05-01
FileHash-SHA256 92651f9418625e5281b84cccb817e94e6294b36c949b00fcd4046770b87f10e4 2023-05-01
FileHash-SHA256 b14ab379ff43c7382c1aa881b2be39275c1594954746ef58f6a9a3535e8dc1a8 2023-05-01
FileHash-SHA256 ce99b4c0d75811ce70610d39b1007f99560e6dea887a451e08916a4f8cf33678 2023-05-01
FileHash-SHA256 dbdfc3ca5afa186c1a9a9c03129773f7bc17fb7988fe0ca40fc3c5bedb201978 2023-05-01
FileHash-SHA256 de9b3c01991e357a349083f0db6af3e782f15e981e2bf0a16ba618252585923a 2023-05-01
FileHash-SHA256 e5af0b9f4650dc0193c9884507e6202b04bb87ac5ed261be3f4ecfa3b6911af8 2023-05-01
FileHash-SHA256 f1817665ea2831f775e23cbda27cbeb06d03e6c39bbfad920b50f40712dd37cb 2023-05-01
FileHash-SHA256 f4ebd59fb578a0184abf6870fc652210d63e078a35dace0a48c5f273e417c13d 2023-05-01
IPv4 178.23.190.73 CC=NL ASN=AS44477 Stark Industries Solutions Ltd 2023-05-01
IPv4 185.225.17.220 CC=RO ASN=AS39798 MivoCloud SRL 2023-05-01
IPv4 4.158.247.72 CC=GB ASN=AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 2023-05-01
IPv4 45.67.34.236 CC=RO ASN=AS44477 Stark Industries Solutions Ltd 2023-05-01
IPv4 5.182.37.118 CC=RO ASN=AS44477 Stark Industries Solutions Ltd 2023-05-01
IPv4 88.119.175.124 CC=US ASN=AS61272 Informacines sistemos ir technologijos, UAB 2023-05-01
IPv4 94.158.247.23 CC=US ASN=AS39798 MivoCloud SRL 2023-05-01
IPv4 94.158.247.72 CC=US ASN=AS39798 MivoCloud SRL 2023-05-01
URL http://170.130.55.250/x64.exe 2023-05-01
URL https://upperdunk.com/mr64.exe dbdfc3ca5afa186c1a9a9c03129773f7bc17fb7988fe0ca40fc3c5bedb201978 2023-05-01
domain es-megadom.com 2023-05-01
domain upperdunk.com 2023-05-01
References (1)
↗ https://securityintelligence.com/posts/ex-conti-fin7-actors-collaborate-new-backdoor/?c=Threat%20Research