Pulse Detail — Threat Intelligence

PULSE NAME

Malvertising as Entry Vector for BlackCat/AlphV - "Nitrogen" - TrendMicro

WHITE Techronik 2023-07-27 Modified: 2023-08-26

193

IOCs

HIGH VOLUME

Early detection of "Nitrogen" malware (Initial access) before it was being called that. This mostly covers the infection chain to BlackCat/AlphV. From TrendMicro - end of June 2023 Malvertising, spy boy Terminator and Trojan backdoors https://www.trendmicro.com/en_us/research/23/f/malvertising-used-as-entry-vector-for-blackcat-actors-also-lever.html

c server disease vector cobeacon c2 entry vector blackcat leverage spyboy terminator file iocs network iocs trojanspy nitrogen initial access

MITRE ATT&CK & Malware Families

MALWARE FAMILIES

TrojanSpy nitrogen

Indicators of Compromise (193)

All URL FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
URL	https://anydeesk.net	—	2023-07-27
FileHash-MD5	0f7b6bb3a239cf7a668a8625e6332639	MD5 of 5263a135f09185aa44f6b73d2f8160f56779706d	2023-07-27
FileHash-MD5	0f9f8018891559f0c48055a74f27425a	MD5 of 21e7bcc03c607e69740a99d0e9ae8223486c73af50f4c399c8d30cce4d41e839	2023-07-27
FileHash-MD5	1e49cdfc621240c2e1ce1c7c735dcf27	MD5 of 25467df66778077cc387f4004f25aa20b1f9caec2e73b9928ec4fe57b6a2f63c	2023-07-27
FileHash-MD5	514a72b9628574eac1dfb7d5061769f6	MD5 of 8859a09fdc94d7048289d2481ede4c98dc342c0a0629cbcef2b91af32d52acb5	2023-07-27
FileHash-MD5	689a0c77af5442657b703e44365bbeb7	MD5 of c7a5a4fb4f680974f3334f14e0349522502b9d5018ec9be42beec5fa8c1597fe	2023-07-27
FileHash-MD5	6a709b9fba96674e4f663fa4a88fbd25	MD5 of 42da9e9e3152c1d995d8132674368da4be78bf6a	2023-07-27
FileHash-MD5	6c69cceb7541e7bab1986ac54ab396ef	MD5 of 4a4d20d107ee8e23ce1ebe387854a4bfe766fc99f359ed18b71d3e01cb158f4a	2023-07-27
FileHash-MD5	6f5e7beb8fba48143c95692af66f89d8	MD5 of aae1b17891ec215a0e238f881be862b4f598e46c	2023-07-27
FileHash-MD5	70f9bf7caf38a0b864fc190fe238b066	MD5 of e862f106ed8e737549ed2daa95e5b8d53ed50f87	2023-07-27
FileHash-MD5	ab8ba6f7d1af2d0a5d81cf42aefe8e51	—	2023-07-27
FileHash-MD5	af107f3ce32d6c018cb701aa54a46279	MD5 of 337ca5eefe18025c6028d617ee76263279650484	2023-07-27
FileHash-MD5	b17435075407f7aa9e48e74a426035f7	MD5 of bacbe893b668a63490d2ad045a69b66c96dcacb500803c68a9de6cca944affef	2023-07-27
FileHash-MD5	cc83d2123769e0615c4d35fdb24346b6	MD5 of 3ce4ed3c7bd97b84045bdcfc84d3772b4c3a29392a9a2eee9cc17d8a5e5403ce	2023-07-27
FileHash-MD5	d82eaea0554bcc516d43ae3e1615a88a	MD5 of 5cbb6978c9d01c8a6ea65caccb451bf052ed2acd	2023-07-27
FileHash-MD5	e80ed5e6c78f16690b8cae9c5bd0f631	MD5 of 13090722ba985bafcccfb83795ee19fd4ab9490af1368f0e7ea5565315c067fe	2023-07-27
FileHash-MD5	f21106d2f63112f8db10169d503c635a	MD5 of c82b28daeb33d94ae3cafbc52dbb801c4a5b8cfa	2023-07-27
FileHash-SHA1	014c277113c4b8c4605cb91b29302cdedbc2044e	—	2023-07-27
FileHash-SHA1	01b122eb0edb6274b3743458e375e34126fd2f9a	—	2023-07-27
FileHash-SHA1	0362c710e4813020147f5520a780a15ef276e229	—	2023-07-27
FileHash-SHA1	03d7bc24d828abaf1a237b3f418517fada8ae64f	—	2023-07-27
FileHash-SHA1	0437f84967de62d8959b89d28a56e40247b595d8	—	2023-07-27
FileHash-SHA1	06e3f86369046856b56d47f45ea2f7cf8e240ac5	—	2023-07-27
FileHash-SHA1	08f63693bb40504b71fe3e4e4d9e7142c011aeb1	—	2023-07-27
FileHash-SHA1	0cc0e1cbf4923d2ce7179064c244fe138dcb3ce8	—	2023-07-27
FileHash-SHA1	0fe306dc12ba6441ba2a5cab1b9d26638c292f9c	—	2023-07-27
FileHash-SHA1	105d33c00847ccd0fb230f4a7457e8ab6fb035fc	—	2023-07-27
FileHash-SHA1	12534212c7d4b3e4262edc9dc2a82c98c2121d04	—	2023-07-27
FileHash-SHA1	141c7b9be4445c1aad70ec35ae3fe02f5f8d37ac	—	2023-07-27
FileHash-SHA1	152400be759355ec8dd622ec182c29ce316eabb1	—	2023-07-27
FileHash-SHA1	1674ba9037321494b08f0a31eda5d1104550b6c6	SHA1 of 21e7bcc03c607e69740a99d0e9ae8223486c73af50f4c399c8d30cce4d41e839	2023-07-27
FileHash-SHA1	1aff9fd8fdc0eae3c09a3ee6b4df2cdb24306498	—	2023-07-27
FileHash-SHA1	1ca4e3fdcdf8a9ab095cfa0629750868eb955eb7	—	2023-07-27
FileHash-SHA1	2547d2deedc385f7557d5301c19413e1cbf58cf8	—	2023-07-27
FileHash-SHA1	27e9e6a54d73dcb28b5c7dfb4e2e05aaba913995	—	2023-07-27
FileHash-SHA1	2a85cdfb1c3434d73ece7fe60d6d2d5c9b7667dd	—	2023-07-27
FileHash-SHA1	2f2eb89d3e6726c6c62d6153e2db1390b7ae7d01	—	2023-07-27
FileHash-SHA1	31d4dadd11fe52024b1787a20b56700e7fd257f8	—	2023-07-27
FileHash-SHA1	337ca5eefe18025c6028d617ee76263279650484	—	2023-07-27
FileHash-SHA1	36b454592fc2b8556c2cb983c41af4d2d8398ea2	—	2023-07-27
FileHash-SHA1	3789a218c966f175067242975e1cb44abdef81ec	—	2023-07-27
FileHash-SHA1	379e497d0574fd4e612339440b603f380093655c	—	2023-07-27
FileHash-SHA1	381058a5075ce06605350172e72c362786e8c5e3	—	2023-07-27
FileHash-SHA1	3b14559a6e33fce120a905fde57ba6ed268a51f1	—	2023-07-27
FileHash-SHA1	3d4051c65d1b5614af737cb72290ec15b71b75bd	—	2023-07-27
FileHash-SHA1	3f6a5bd2e4ff1bf58f85e5a365386ef3a5687a1d	SHA1 of 3ce4ed3c7bd97b84045bdcfc84d3772b4c3a29392a9a2eee9cc17d8a5e5403ce	2023-07-27
FileHash-SHA1	42920e4d15428d4e7a8f52ae703231bdf0aec241	—	2023-07-27
FileHash-SHA1	42da9e9e3152c1d995d8132674368da4be78bf6a	—	2023-07-27
FileHash-SHA1	4829eaa38bd061773ceefe175938a2c0d75a75f3	—	2023-07-27
FileHash-SHA1	508e7522db24cca4913aeed8218975c539d3b0a4	—	2023-07-27
FileHash-SHA1	5263a135f09185aa44f6b73d2f8160f56779706d	—	2023-07-27
FileHash-SHA1	52d415ca1ab75236f9fff784e6b83e57f8280506	SHA1 of c7a5a4fb4f680974f3334f14e0349522502b9d5018ec9be42beec5fa8c1597fe	2023-07-27
FileHash-SHA1	5831b3a830690c603fd093329dce93b9a7e83ad3	—	2023-07-27
FileHash-SHA1	5c6aa1a5bd7572ac8e91eaa5c9d6096f302f775b	—	2023-07-27
FileHash-SHA1	5cbb6978c9d01c8a6ea65caccb451bf052ed2acd	—	2023-07-27
FileHash-SHA1	5e36a649c82fa41a600d51fe99f4aa8911b87828	—	2023-07-27
FileHash-SHA1	5ec6b30dacfced696c0145a373404e63763c2fa8	—	2023-07-27
FileHash-SHA1	5ed1b9810ee12d2b9b358dd09c6822588bbb4a83	—	2023-07-27
FileHash-SHA1	5f455dcdca66df9041899708289950519971bb76	—	2023-07-27
FileHash-SHA1	61e41be7a9889472f648a5a3d0b0ab69e2e056c5	—	2023-07-27
FileHash-SHA1	69ffad6be67724b1c7e8f65e8816533a96667a36	—	2023-07-27
FileHash-SHA1	6ea353f143f21a339628bfa9422abb06200c06a3	SHA1 of bacbe893b668a63490d2ad045a69b66c96dcacb500803c68a9de6cca944affef	2023-07-27
FileHash-SHA1	7254fc0e84357c95a33b100d34bf84c22d1b9f88	SHA1 of 13090722ba985bafcccfb83795ee19fd4ab9490af1368f0e7ea5565315c067fe	2023-07-27
FileHash-SHA1	72603dadebc12de4daf2e12d28059c4a3dcf60d0	—	2023-07-27
FileHash-SHA1	75d02e81cc326e6a0773bc11ffa6fa2f6fa5343e	—	2023-07-27
FileHash-SHA1	75e9d507b1a1606a3647fe182c4ed3a153cecc2c	—	2023-07-27
FileHash-SHA1	7874d722a6dbaef9e5f9622d495f74957da358da	—	2023-07-27
FileHash-SHA1	7b3051f8d09d53e7c5bc901262f5822f1999caae	—	2023-07-27
FileHash-SHA1	7d500a2cd8ea7e455ae1799cb4142bb2abac3ae1	—	2023-07-27
FileHash-SHA1	801950ed376642e537466795f92b04e13a4fcc2a	—	2023-07-27
FileHash-SHA1	83c5f8821f9a07e0318beaa4bcf0b7ef21127aa8	—	2023-07-27
FileHash-SHA1	913414069259e760e201d0520ce35fe22cf3c285	—	2023-07-27
FileHash-SHA1	92673b91d2c86309f321ade6a86f0c9e632346d8	—	2023-07-27
FileHash-SHA1	930bd974a2d01393636fdb91ca9ac53256ff6690	—	2023-07-27
FileHash-SHA1	946c0a0c613c8ac959d94bb2fd152c138fc752da	—	2023-07-27
FileHash-SHA1	9480a79b0b6f164b1148c56f43f3d505ee0b7ef3	—	2023-07-27
FileHash-SHA1	94e2eb70f2873cdcf967ee526a7e68ae629e3107	SHA1 of 25467df66778077cc387f4004f25aa20b1f9caec2e73b9928ec4fe57b6a2f63c	2023-07-27
FileHash-SHA1	974c1684cf0f3a46af12ba61836e4c161fd48cb5	—	2023-07-27
FileHash-SHA1	9b1ebbe03949e0c16338595b1772befe276cd10d	—	2023-07-27
FileHash-SHA1	9d85cb2c6f1fccc83217837a63600b673da1991a	—	2023-07-27
FileHash-SHA1	a0f1a8462cb9105660af2d4240e37a27b5a9afad	—	2023-07-27
FileHash-SHA1	a116ef48119c542a2d864f41dbbb66e18d5cd4e6	—	2023-07-27
FileHash-SHA1	a5c164b734a8b61d8af70257e23d16843a4c72e3	—	2023-07-27
FileHash-SHA1	a7b1853348346d5d56f4c33f313693a18b6af457	—	2023-07-27
FileHash-SHA1	a9310c3f039c4e2184848f0eb8e65672f9f11240	—	2023-07-27
FileHash-SHA1	a9a03d39705bd1d31563d7a513a170c99f724923	—	2023-07-27
FileHash-SHA1	aae1b17891ec215a0e238f881be862b4f598e46c	—	2023-07-27
FileHash-SHA1	ab0eade9b8d24b09e32aa85f78a51b777861debc	—	2023-07-27
FileHash-SHA1	ac8e3146f41845a56584ce5e8e172a56d59aa804	—	2023-07-27
FileHash-SHA1	ad981cd18f58e12db7c9da661181f6eb9a1754f3	—	2023-07-27
FileHash-SHA1	aee0b252334b47a6e382ce2e01de9191de2e6a7a	—	2023-07-27
FileHash-SHA1	b0d61d1eba9ebf6b7eabcd62b70936d1a343178e	—	2023-07-27
FileHash-SHA1	b34bb1395199c7b168d9204833fdfd13d542706d	—	2023-07-27
FileHash-SHA1	b35be51d727d8b6f8132850f0d044b838fec001d	—	2023-07-27
FileHash-SHA1	b4f59fe2ee3435b9292954d1c3ef7e74c233abea	—	2023-07-27
FileHash-SHA1	b98bb7b4c3b823527790cb62e26d14d34d3e499b	—	2023-07-27
FileHash-SHA1	bc09ee8b42ac3f6107ab5b51a2581a9161e53925	—	2023-07-27
FileHash-SHA1	bc0fb6b220045f54d34331345d1302f9a00b3580	—	2023-07-27
FileHash-SHA1	c133992ea87f83366e4af5401a341365190df4e7	—	2023-07-27
FileHash-SHA1	c14bd9ad77d8beca07fb17dc34f8a5f636e621b5	—	2023-07-27
FileHash-SHA1	c1516915431cb55703b5a88d94ef6de0ac67190a	—	2023-07-27
FileHash-SHA1	c7568d00ae38b3a4691a413ed439a0e3fb5664b1	—	2023-07-27
FileHash-SHA1	c779a4a98925bc2f7feac91c1867a3f955462fc2	—	2023-07-27
FileHash-SHA1	c82b28daeb33d94ae3cafbc52dbb801c4a5b8cfa	—	2023-07-27
FileHash-SHA1	c9cdfdc45b04cca45b64fedca7c372f73b42cab2	—	2023-07-27
FileHash-SHA1	cb358aa4ed50db8270f3ee7ea5848b8c16fa21fe	—	2023-07-27
FileHash-SHA1	cd485054625ea8ec5cf1fe0e1f11ede2e23dde00	—	2023-07-27
FileHash-SHA1	cf9fa97058a4645df43b0d6dcfcdcf663bdef32d	SHA1 of 8859a09fdc94d7048289d2481ede4c98dc342c0a0629cbcef2b91af32d52acb5	2023-07-27
FileHash-SHA1	cfbde85bdb62054b5b9eb4438c3837b9f1a69f61	—	2023-07-27
FileHash-SHA1	d125c4f82e0bbf369caf1be524250674a603435c	—	2023-07-27
FileHash-SHA1	d2663fc6966c197073c7315264602b4c6ba9c192	—	2023-07-27
FileHash-SHA1	d883be0ee79dec26ef8c04e0e2857a516cff050c	—	2023-07-27
FileHash-SHA1	de7fb8efa05ddf5f21a65e940717626b1c3d6cb4	—	2023-07-27
FileHash-SHA1	e5d434dfa2634041cdbdac1dec58fcd49d629513	—	2023-07-27
FileHash-SHA1	e5db80c01562808ef2ec1c4b8f3f033ac0ed758d	—	2023-07-27
FileHash-SHA1	e6e7f30f06b16b8a946a757ff5c19336c12bb41d	SHA1 of 4a4d20d107ee8e23ce1ebe387854a4bfe766fc99f359ed18b71d3e01cb158f4a	2023-07-27
FileHash-SHA1	e862f106ed8e737549ed2daa95e5b8d53ed50f87	—	2023-07-27
FileHash-SHA1	eeff22b4a442293bf0f5ef05154e8d4c7a603005	—	2023-07-27
FileHash-SHA1	f2f5137c28416f76f9f4b131f85252f8273baee8	—	2023-07-27
FileHash-SHA1	f42e97901a1a3b87b4f326cb9e6cbdb98652d900	—	2023-07-27
FileHash-SHA1	fb2ef2305511035e1742f689fce928c424aa8b7d	—	2023-07-27
FileHash-SHA1	fd84cf245f7a60c38ac7c92e36458c5ea4680809	—	2023-07-27
FileHash-SHA256	13090722ba985bafcccfb83795ee19fd4ab9490af1368f0e7ea5565315c067fe	—	2023-07-27
FileHash-SHA256	18051333e658c4816ff3576a2e9d97fe2a1196ac0ea5ed9ba386c46defafdb88	SHA256 of 5263a135f09185aa44f6b73d2f8160f56779706d	2023-07-27
FileHash-SHA256	21e7bcc03c607e69740a99d0e9ae8223486c73af50f4c399c8d30cce4d41e839	—	2023-07-27
FileHash-SHA256	25467df66778077cc387f4004f25aa20b1f9caec2e73b9928ec4fe57b6a2f63c	—	2023-07-27
FileHash-SHA256	3308040f48f591c76162d948338d4e6ba4b2c28b286c8f957fcdc23c6c453422	SHA256 of 42da9e9e3152c1d995d8132674368da4be78bf6a	2023-07-27
FileHash-SHA256	3ce4ed3c7bd97b84045bdcfc84d3772b4c3a29392a9a2eee9cc17d8a5e5403ce	—	2023-07-27
FileHash-SHA256	4a4d20d107ee8e23ce1ebe387854a4bfe766fc99f359ed18b71d3e01cb158f4a	—	2023-07-27
FileHash-SHA256	4b8be22b23cd9098218a6f744baeb45c51b6fad6a559b01fe92dbb53c6e2c128	SHA256 of 5cbb6978c9d01c8a6ea65caccb451bf052ed2acd	2023-07-27
FileHash-SHA256	7eade755a832eeaaa1323c8a2126bc9a77195959b49d1899bfd823466175ef70	SHA256 of 337ca5eefe18025c6028d617ee76263279650484	2023-07-27
FileHash-SHA256	8859a09fdc94d7048289d2481ede4c98dc342c0a0629cbcef2b91af32d52acb5	—	2023-07-27
FileHash-SHA256	8dfac6521ef877efede0a82bf46d94f590127e2607b78d08321953796fddbba9	SHA256 of e862f106ed8e737549ed2daa95e5b8d53ed50f87	2023-07-27
FileHash-SHA256	9e5205865a23c4b8a60935a3fdf1f203286b3e240940bfbeaf0101b00cfc68d6	SHA256 of aae1b17891ec215a0e238f881be862b4f598e46c	2023-07-27
FileHash-SHA256	bacbe893b668a63490d2ad045a69b66c96dcacb500803c68a9de6cca944affef	—	2023-07-27
FileHash-SHA256	c7a5a4fb4f680974f3334f14e0349522502b9d5018ec9be42beec5fa8c1597fe	—	2023-07-27
FileHash-SHA256	d53f1143d5910f025e48389f8ebb5c983007b84f2c485eba7658aa34b74e846e	SHA256 of c82b28daeb33d94ae3cafbc52dbb801c4a5b8cfa	2023-07-27
URL	http://104.234.147.134/python/python.zip	—	2023-07-27
URL	http://104.234.147.134/python/unzip.bat	—	2023-07-27
URL	http://172.86.123.226/python/pp3.py	—	2023-07-27
URL	http://172.86.123.226/python/python.zip	—	2023-07-27
URL	http://172.86.123.226/python/unzip.bat	—	2023-07-27
URL	http://45.12.253.50:447/work2	—	2023-07-27
URL	http://45.66.230.240/python/pp	—	2023-07-27
URL	http://bigallpack.com/union/desktop	—	2023-07-27
URL	http://ccloseyoueyes.com/python/pp3.py	—	2023-07-27
URL	https://104.234.147.134/python/pp3.py	—	2023-07-27
URL	https://167.88.164.40/python/pp2	—	2023-07-27
URL	https://167.88.164.40/python/pp3.py	—	2023-07-27
URL	https://167.88.164.40/python/python.zip	—	2023-07-27
URL	https://167.88.164.40/python/unzip.bat	—	2023-07-27
URL	https://172.86.123.127:8443/work2	—	2023-07-27
URL	https://172.86.123.127:8443/work2z	—	2023-07-27
URL	https://172.86.123.226:8443/work3	—	2023-07-27
URL	https://172.86.123.226:8443/work3z	—	2023-07-27
URL	https://193.42.32.58/python/pp	—	2023-07-27
URL	https://193.42.32.58:8443/work2z	—	2023-07-27
URL	https://193.42.32.58:8443/zakrep	—	2023-07-27
URL	https://45.66.230.240/python/pp3.py	—	2023-07-27
URL	https://45.66.230.240/python/python.zip	—	2023-07-27
URL	https://45.66.230.240/python/unzip.bat	—	2023-07-27
URL	https://45.66.230.240:8443/work1	—	2023-07-27
URL	https://airplexacrepair.com/the-key-to-secure-remote-desktop-connections-a-comprehensive-guide/	—	2023-07-27
URL	https://closeyoueyes.com/python/python.zip	—	2023-07-27
URL	https://closeyoueyes.com/python/unzip.bat	—	2023-07-27
URL	https://cuororeresteadntno.com/how-to-work-with-ftp-ftps-connection-through-winscp/	—	2023-07-27
URL	https://events.drdivyaclinic.com/wp-content/task/update/WinSCP-5.21.8-Setup.iso	—	2023-07-27
URL	https://firstclassbale.com/python/pp3.py	9e5205865a23c4b8a60935a3fdf1f203286b3e240940bfbeaf0101b00cfc68d6	2023-07-27
URL	https://firstclassbale.com/python/python.zip	9e3cd45683316e4ae81185fa2694ad07881ab2906bbc721771511de76479bfac	2023-07-27
URL	https://firstclassbale.com/python/unzip.bat	8e5e82ee2b96085b913fcadd661bb6135468fef846ecc6328093e6c9c5c9a959	2023-07-27
URL	https://maker-events.com/automating-file-transfers-with-winscp/	7d04f7431bbfa41a04bcc7e6b98b9de0d919756c4c671c5785c99fff45f16402	2023-07-27
URL	https://mm.onemakan.ml//wp/wp-content/winscp/smart/WinSCP-5.21.8-Setup.iso	—	2023-07-27
URL	https://winsccp.com/WLPuVHrN	—	2023-07-27
URL	https://www.yb-lawyers.com/wp-content/ter/anyconnect/AnyDesk.iso	a25eba7a79e46e5f6498ccb82fb4ef0eb3abe784fa0d061fe9e1adce9d39caa7	2023-07-27
domain	airplexacrepair.com	—	2023-07-27
domain	aleagroupdevelopment.com	—	2023-07-27
domain	anydeesk.net	—	2023-07-27
domain	azurecloudup.online	—	2023-07-27
domain	bigallpack.com	—	2023-07-27
domain	ccloseyoueyes.com	—	2023-07-27
domain	closeyoueyes.com	—	2023-07-27
domain	cloudupdateservice.online	—	2023-07-27
domain	cuororeresteadntno.com	—	2023-07-27
domain	devnetapp.com	—	2023-07-27
domain	firstclassbale.com	—	2023-07-27
domain	maker-events.com	—	2023-07-27
domain	situotech.com	—	2023-07-27
domain	winsccp.com	—	2023-07-27
hostname	events.drdivyaclinic.com	—	2023-07-27
hostname	hacktool.python.lazagne.ad	—	2023-07-27
hostname	mm.onemakan.ml	—	2023-07-27
hostname	trojan.bat.cobeacon.ao	—	2023-07-27
hostname	www.yb-lawyers.com	—	2023-07-27

References (2)

↗ https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/f/malvertising-used-as-entry-vector-for-blackcat-actors-also-leverage-spyboy-terminator-/Malvertising_IOCs.txt ↗ https://www.trendmicro.com/en_us/research/23/f/malvertising-used-as-entry-vector-for-blackcat-actors-also-lever.html