← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Security Brief: Actor Uses Compromised Accounts, Customized Social Engineering to Target Transport and Logistics Firms with Malware | Proofpoint US
WHITE CyberHunter_NL 2024-09-25 Modified: 2024-10-25
38
IOCs
MEDIUM VOLUME
clickfixproofpointurlsnorth americaaugustdanabotgoogle driveactorbase64security brieflumma stealerstealcfinal
Indicators of Compromise (13 / 38 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain
TYPEINDICATORDESCRIPTIONCREATED
URL http://185.217.197.84/file/information_package.exe 2024-09-25
URL http://185.217.197.84/file/remittance.exe 2024-09-25
URL http://89.23.98.98/file/14242.exe 2024-09-25
URL http://89.23.98.98/file/Rateconfirm.exe 2024-09-25
URL http://89.23.98.98/file/carrier.exe 2024-09-25
URL http://89.23.98.98/file/rate_confirmation.vbs 2024-09-25
URL http://89.23.98.98/file/ratecon.exe 2024-09-25
URL http://ambcrrm.com/ 2024-09-25
URL https://ambccm.com/3.msi 2024-09-25
URL https://ambccm.com/Astra/index.html 2024-09-25
URL https://ambcrrm.com/3.msi 2024-09-25
URL https://idessit.com/fn.msi d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3 2024-09-25
URL https://live-samsaratrucking.com/true-tracking-32934.html 2024-09-25
References (1)
↗ https://www.proofpoint.com/us/blog/threat-insight/security-brief-actor-uses-compromised-accounts-customized-social-engineering