← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
The Malware That Must Not Be Named: Suspected Espionage Campaign Delivers “Voldemort” | Proofpoint US
WHITE Voldemort AustinBH 2024-08-30 Modified: 2024-09-29
38
IOCs
MEDIUM VOLUME
Find out more about Proofpoint and how to protect your people, data and business from the latest threats, trends and issues in the cybersecurity industry, in a comprehensive guide to the company's products and services.
google sheetvoldemortproofpointcobalt strikewebdav shareuuidgoogle sheetsaugustgoogle drivepython codewebdavpythonserviceclickpowershelltestwebexratsformatexplorermalwarestubcodewin64defense
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Cobalt Strike Voldemort
Indicators of Compromise (38)
All domain FileHash-SHA256 URL email hostname
TYPEINDICATORDESCRIPTIONCREATED
domain trycloudflare.com 2024-08-30
FileHash-SHA256 0b3235db7e8154dd1b23c3bed96b6126d73d24769af634825d400d3d4fe8ddb9 2024-08-30
FileHash-SHA256 3fce52d29d40daf60e582b8054e5a6227a55370bed83c662a8ff2857b55f4cea 2024-08-30
FileHash-SHA256 561e15a46f474255fda693afd644c8674912df495bada726dbe7565eae2284fb 2024-08-30
FileHash-SHA256 6bdd51dfa47d1a960459019a960950d3415f0f276a740017301735b858019728 2024-08-30
FileHash-SHA256 fa383eac2bf9ad3ef889e6118a28aa57a8a8e6b5224ecdf78dcffc5225ee4e1f 2024-08-30
URL http://83.147.243.18/p/ 2024-08-30
URL http://83.147.243.18/p/7c31e3ebfb77ead34ea71900b1b0/stage2-2/[base64 2024-08-30
URL https://od.lk/s/OTRfNzQ5NjQwOTJf/test.png 2024-08-30
URL https://od.lk/s/OTRfODM3MjM2NzVf/La_dichiarazione_precompilata_2024.pdf 2024-08-30
URL https://od.lk/s/OTRfODM5Mzc3NjFf/irs-p966.pdf 2024-08-30
URL https://od.lk/s/OTRfODQ1NDc2MjZf/SA150_Notes_2024.pdf 2024-08-30
URL https://od.lk/s/OTRfODQ1Njk2ODVf/2044_4765.pdf 2024-08-30
URL https://od.lk/s/OTRfODQ1NzA0Mjlf/einzelfragen_steuerbescheinigungen_de.pdf 2024-08-30
URL https://od.lk/s/OTRfODQ4ODE4OThf/logo.png 2024-08-30
URL https://od.lk/s/OTRfODQ5MzQ5Mzlf/ABC_of_Tax.pdf 2024-08-30
URL https://pubs.infinityfreeapp.com/IRS_P966.html 2024-08-30
URL https://pubs.infinityfreeapp.com/La_dichiarazione_precompilata_2024.html 2024-08-30
URL https://pubs.infinityfreeapp.com/Notice_pour_remplir_la_N%C2%B0_2044.html 2024-08-30
URL https://pubs.infinityfreeapp.com/SA150_Notes_2024.html 2024-08-30
URL https://pubs.infinityfreeapp.com/Steuerratgeber.html 2024-08-30
URL https://resource.infinityfreeapp.com/0023012-317.html 2024-08-30
URL https://resource.infinityfreeapp.com/ABC_of_Tax.html 2024-08-30
domain ideasworkshop.it 2024-08-30
domain joshsznapstajler.com 2024-08-30
domain pingb.in 2024-08-30
domain tblsys.com 2024-08-30
email no_reply_irs.gov@amecaindustrial.com 2024-08-30
hostname invasion-prisoners-inns-aging.trycloudflare.com 2024-08-30
hostname pants-graphs-optics-worse.trycloudflare.com 2024-08-30
hostname pubs.infinityfreeapp.com 2024-08-30
hostname recall-addressed-who-collector.trycloudflare.com 2024-08-30
hostname resource.infinityfreeapp.com 2024-08-30
hostname ride-fatal-italic-information.trycloudflare.com 2024-08-30
hostname ways-sms-pmc-shareholders.trycloudflare.com 2024-08-30
domain od.lk 2024-08-30
URL https://sheets.googleapis.com:443/v4/spreadsheets/16JvcER-0TVQDimWV56syk91IMCYXOvZbW4GTnb947eE/ 2024-08-30
hostname 962194083343-nevo9pjnlr7cgirjs1eonpebakrlq3qc.apps.googleusercontent.com 2024-08-30
References (1)
↗ https://www.proofpoint.com/us/blog/threat-insight/malware-must-not-be-named-suspected-espionage-campaign-delivers-voldemort