← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
PEAKLIGHT: Decoding the Stealthy Memory-Only Malware | Google Cloud Blog
WHITE AustinBH 2024-08-23 Modified: 2024-09-22
65
IOCs
HIGH VOLUME
powershellbase64stealthconfigurationvariationbase64 decodingdecompressionecb modegzippowershell codelogic
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (65)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 c047ae13fc1e25bc494b17ca10aa179e 2024-08-23
FileHash-SHA1 e293c7815c0eb8fbc44d60a3e9b27bd91b44b522 SHA1 of c047ae13fc1e25bc494b17ca10aa179e 2024-08-23
FileHash-SHA256 6c30c8a2e827f48fcfc934dd34fb2cb10acb8747fd11faae085d8ad352c01fbf SHA256 of c047ae13fc1e25bc494b17ca10aa179e 2024-08-23
FileHash-MD5 059d94e8944eca4056e92d60f7044f14 2024-08-23
FileHash-MD5 236c709bbcb92aa30b7e67705ef7f55a 2024-08-23
FileHash-MD5 307f40ebc6d8a207455c96d34759f1f3 2024-08-23
FileHash-MD5 43939986a671821203bf9b6ba52a51b4 2024-08-23
FileHash-MD5 47eee41b822d953c47434377006e01fe 2024-08-23
FileHash-MD5 58c4ba9385139785e9700898cb097538 2024-08-23
FileHash-MD5 62f20122a70c0f86a98ff14e84bcc999 2024-08-23
FileHash-MD5 91423dd4f34f759aaf82aa73fa202120 2024-08-23
FileHash-MD5 95361f5f264e58d6ca4538e7b436ab67 2024-08-23
FileHash-MD5 a6c4d2072961e9a8c98712c46be588f8 2024-08-23
FileHash-MD5 b15bac961f62448c872e1dc6d3931016 2024-08-23
FileHash-MD5 b6b8164feca728db02e6b636162a2960 2024-08-23
FileHash-MD5 b716a1d24c05c6adee11ca7388b728d3 2024-08-23
FileHash-MD5 bb9641e3035ae8c0ab6117ecc82b65a1 2024-08-23
FileHash-MD5 c56b5f0201a3b3de53e561fe76912bfd 2024-08-23
FileHash-MD5 d6ea5dcdb2f88a65399f87809f43f83c 2024-08-23
FileHash-MD5 d7aff07e7cd20a5419f2411f6330f530 2024-08-23
FileHash-MD5 d8e21ac76b228ec144217d1e85df2693 2024-08-23
FileHash-MD5 dfdc331e575dae6660d6ed3c03d214bd 2024-08-23
FileHash-MD5 e7c43dc3ec4360374043b872f934ec9e 2024-08-23
FileHash-MD5 f98e0d9599d40ed032ff16de242987ca 2024-08-23
FileHash-SHA1 1dcb61babb08fe5db711e379cb67335357a5db82 SHA1 of b15bac961f62448c872e1dc6d3931016 2024-08-23
FileHash-SHA1 2a4062e10a5de813f5688221dbeb3f3ff33eb417 SHA1 of c56b5f0201a3b3de53e561fe76912bfd 2024-08-23
FileHash-SHA1 46a491abbbb434b6a1a2a1b1a793d24acd1d6c4b SHA1 of 059d94e8944eca4056e92d60f7044f14 2024-08-23
FileHash-SHA256 237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d SHA256 of c56b5f0201a3b3de53e561fe76912bfd 2024-08-23
FileHash-SHA256 9fa7cacb5730faacc2b17d735c45ee1370130d863c3366d08ec013afe648bfa6 SHA256 of 059d94e8944eca4056e92d60f7044f14 2024-08-23
FileHash-SHA256 bf1a0c67b433f52ebd304553f022baa34bfbca258c932d2b4b8b956b1467bfa5 SHA256 of b15bac961f62448c872e1dc6d3931016 2024-08-23
URL http://62.133.61.56/Downloads 2024-08-23
URL http://62.133.61.56/Downloads/Full 2024-08-23
URL http://62.133.61.56/Downloads/Full%20Video%20HD%20 2024-08-23
URL http://gceight8vt.top/upload.php 2024-08-23
URL https://brewdogebar.com/code.vue 2024-08-23
URL https://forikabrof.click/flkhfaiouwrqkhfasdrhfsa.png 2024-08-23
domain brewdogebar.com 2024-08-23
domain considerrycurrentyws.shop 2024-08-23
domain deprivedrinkyfaiir.shop 2024-08-23
domain detailbaconroollyws.shop 2024-08-23
domain forikabrof.click 2024-08-23
domain gceight8vt.top 2024-08-23
domain horsedwollfedrwos.shop 2024-08-23
domain messtimetabledkolvk.shop 2024-08-23
domain patternapplauderw.shop 2024-08-23
domain relaxtionflouwerwi.shop 2024-08-23
domain tropicalironexpressiw.shop 2024-08-23
domain understanndtytonyguw.shop 2024-08-23
URL https://fatodex.b-cdn.net/K1.zip 2024-08-23
URL https://fatodex.b-cdn.net/K2.zip 2024-08-23
URL https://fatodex.b-cdn.net/fatodex 2024-08-23
URL https://matodown.b-cdn.net/K1.zip 2024-08-23
URL https://matodown.b-cdn.net/K2.zip 2024-08-23
URL https://matodown.b-cdn.net/matodown 2024-08-23
URL https://nextomax.b-cdn.net/L1.zip 2024-08-23
URL https://nextomax.b-cdn.net/L2.zip 2024-08-23
URL https://nextomax.b-cdn.net/nexto 2024-08-23
URL https://nextomax.b-cdn.net/video.mp4 2024-08-23
URL https://potexo.b-cdn.net/K1.zip 2024-08-23
URL https://potexo.b-cdn.net/K2.zip 2024-08-23
URL https://potexo.b-cdn.net/potexo 2024-08-23
hostname fatodex.b-cdn.net 2024-08-23
hostname matodown.b-cdn.net 2024-08-23
hostname nextomax.b-cdn.net 2024-08-23
hostname potexo.b-cdn.net 2024-08-23
References (1)
↗ https://cloud.google.com/blog/topics/threat-intelligence/peaklight-decoding-stealthy-memory-only-malware/