Pulse Detail — Threat Intelligence

PULSE NAME

Malvertising Used as Entry Vector for BlackCat, Actors Also Leverage SpyBoy Terminator

WHITE CyberHunter_NL 2023-07-28 Modified: 2023-08-27

194

IOCs

HIGH VOLUME

Malvertising, spy boy Terminator and Trojan backdoors are all part of the same code used in the latest spy-hunting campaign, as revealed in a series of tweets by the BBC's Panorama programme.

c server disease vector cobeacon c2 entry vector blackcat actors leverage spyboy terminator file iocs network iocs trojanspy

MITRE ATT&CK & Malware Families

MALWARE FAMILIES

TrojanSpy

Indicators of Compromise (16 / 194 total)

All URL FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	0f7b6bb3a239cf7a668a8625e6332639	MD5 of 5263a135f09185aa44f6b73d2f8160f56779706d	2023-07-28
FileHash-MD5	0f9f8018891559f0c48055a74f27425a	MD5 of 21e7bcc03c607e69740a99d0e9ae8223486c73af50f4c399c8d30cce4d41e839	2023-07-28
FileHash-MD5	1e49cdfc621240c2e1ce1c7c735dcf27	MD5 of 25467df66778077cc387f4004f25aa20b1f9caec2e73b9928ec4fe57b6a2f63c	2023-07-28
FileHash-MD5	514a72b9628574eac1dfb7d5061769f6	MD5 of 8859a09fdc94d7048289d2481ede4c98dc342c0a0629cbcef2b91af32d52acb5	2023-07-28
FileHash-MD5	689a0c77af5442657b703e44365bbeb7	MD5 of c7a5a4fb4f680974f3334f14e0349522502b9d5018ec9be42beec5fa8c1597fe	2023-07-28
FileHash-MD5	6a709b9fba96674e4f663fa4a88fbd25	MD5 of 42da9e9e3152c1d995d8132674368da4be78bf6a	2023-07-28
FileHash-MD5	6c69cceb7541e7bab1986ac54ab396ef	MD5 of 4a4d20d107ee8e23ce1ebe387854a4bfe766fc99f359ed18b71d3e01cb158f4a	2023-07-28
FileHash-MD5	6f5e7beb8fba48143c95692af66f89d8	MD5 of aae1b17891ec215a0e238f881be862b4f598e46c	2023-07-28
FileHash-MD5	70f9bf7caf38a0b864fc190fe238b066	MD5 of e862f106ed8e737549ed2daa95e5b8d53ed50f87	2023-07-28
FileHash-MD5	ab8ba6f7d1af2d0a5d81cf42aefe8e51	—	2023-07-28
FileHash-MD5	af107f3ce32d6c018cb701aa54a46279	MD5 of 337ca5eefe18025c6028d617ee76263279650484	2023-07-28
FileHash-MD5	b17435075407f7aa9e48e74a426035f7	MD5 of bacbe893b668a63490d2ad045a69b66c96dcacb500803c68a9de6cca944affef	2023-07-28
FileHash-MD5	cc83d2123769e0615c4d35fdb24346b6	MD5 of 3ce4ed3c7bd97b84045bdcfc84d3772b4c3a29392a9a2eee9cc17d8a5e5403ce	2023-07-28
FileHash-MD5	d82eaea0554bcc516d43ae3e1615a88a	MD5 of 5cbb6978c9d01c8a6ea65caccb451bf052ed2acd	2023-07-28
FileHash-MD5	e80ed5e6c78f16690b8cae9c5bd0f631	MD5 of 13090722ba985bafcccfb83795ee19fd4ab9490af1368f0e7ea5565315c067fe	2023-07-28
FileHash-MD5	f21106d2f63112f8db10169d503c635a	MD5 of c82b28daeb33d94ae3cafbc52dbb801c4a5b8cfa	2023-07-28

References (2)

↗ https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/f/malvertising-used-as-entry-vector-for-blackcat-actors-also-leverage-spyboy-terminator-/Malvertising_IOCs.txt ↗ https://www.trendmicro.com/en_us/research/23/f/malvertising-used-as-entry-vector-for-blackcat-actors-also-lever.html