← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Silent Skimmer Gets Loud (Again)
WHITE Silent Skimmer CyberHunter_NL 2024-11-08 Modified: 2024-12-08
53
IOCs
HIGH VOLUME
A report from Palo Alto Networks Unit 42 on the threat posed by a threat actor called Silent Skimmer has been published in the Journal of the International Security Conference (CISA) on 7 November 2024.
ip addressfigureringq loaderunittelerik uittpssilent skimmergodpotatomshtapython scriptpowershellcobalt strikealliancepythonblackcatnitrogenloader
Indicators of Compromise (53)
All CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
CVE CVE-2017-11317 2024-11-08
CVE CVE-2019-18935 2024-11-08
CVE CVE-2024-6387 2024-11-08
FileHash-MD5 290ac5ae58291ca3e2462e04e92ed348 MD5 of 64ae2bf6920311be2521c47678c04299bd24c2caec2df5b340aa212a69760fda 2024-11-08
FileHash-MD5 4f12adedf1799d19cad7f9b9410812d7 MD5 of 55271d94eb3c95bb6a1965d44bade5ecef5ff610e87133f169e602eb94c39d6b 2024-11-08
FileHash-MD5 86cbc8c8a1c0e326a83647f34fc5dee4 MD5 of 0aa0ca465170315d2f02c471d5d96ce5fbd6076f59be83fa5398968e951a5f51 2024-11-08
FileHash-MD5 8c17b20b082fdfdabf1c5ea81baa4caf MD5 of 06710575d20cacd123f83eb82994879367e07f267e821873bf93f4db6312a97b 2024-11-08
FileHash-MD5 8c2042a689d351dfe086295240f461f0 MD5 of 342daa41ba3989d5ecb95c7c19a55c1a00c12b6c2faa2cac052bc910a6edd56f 2024-11-08
FileHash-MD5 d8826378c545f5adb22bfb86d9bb10d3 MD5 of 12508b830149c2d84f2c80947e78218128d16a834c8d0695068f3e773ac62ef9 2024-11-08
FileHash-SHA1 0ab3cf83c9eeeb3d6c443a9dd4879a439b8f3fef SHA1 of 0aa0ca465170315d2f02c471d5d96ce5fbd6076f59be83fa5398968e951a5f51 2024-11-08
FileHash-SHA1 12d23b62ce69320bc72a9f4b00fb7c5bf404f69b SHA1 of 12508b830149c2d84f2c80947e78218128d16a834c8d0695068f3e773ac62ef9 2024-11-08
FileHash-SHA1 4b42571c4ba36724f3d3801c8aa88ba1f20deeef SHA1 of 55271d94eb3c95bb6a1965d44bade5ecef5ff610e87133f169e602eb94c39d6b 2024-11-08
FileHash-SHA1 9941c3e3422e50997a853710f438b44182da08eb SHA1 of 342daa41ba3989d5ecb95c7c19a55c1a00c12b6c2faa2cac052bc910a6edd56f 2024-11-08
FileHash-SHA1 b65300921a31631b01144796541dc95e2136c8a3 SHA1 of 64ae2bf6920311be2521c47678c04299bd24c2caec2df5b340aa212a69760fda 2024-11-08
FileHash-SHA1 efb2e11a69fb3ddec3df8a5a3fbe16e60e2335cb SHA1 of 06710575d20cacd123f83eb82994879367e07f267e821873bf93f4db6312a97b 2024-11-08
FileHash-SHA256 06710575d20cacd123f83eb82994879367e07f267e821873bf93f4db6312a97b 2024-11-08
FileHash-SHA256 0aa0ca465170315d2f02c471d5d96ce5fbd6076f59be83fa5398968e951a5f51 2024-11-08
FileHash-SHA256 12508b830149c2d84f2c80947e78218128d16a834c8d0695068f3e773ac62ef9 2024-11-08
FileHash-SHA256 1b325d32bc99db4b16e2cc4d4810c195f3643936d7ff5baee43ddd18cae9b2a6 2024-11-08
FileHash-SHA256 1c9a9732d600d975b5b44ab326d5cc99123a84d5b400a189902ff6d249a24bda 2024-11-08
FileHash-SHA256 28f0f37fcdee2ac2c022bb454b30f05458075434fa57662af2de22ba5cfb45c1 2024-11-08
FileHash-SHA256 29a81d3125ab1c886266a03902204253708f8d181c547a88ceb447ef59f99f60 2024-11-08
FileHash-SHA256 311935e115d678adbe502c8cc4e5396323f3f015ee186df6dc9f67ae0248104b 2024-11-08
FileHash-SHA256 342daa41ba3989d5ecb95c7c19a55c1a00c12b6c2faa2cac052bc910a6edd56f 2024-11-08
FileHash-SHA256 3579bae222eb8d7a7c3c16598cf9e81aecbbfc1a2ac2168430e48acfb02cfb24 2024-11-08
FileHash-SHA256 55271d94eb3c95bb6a1965d44bade5ecef5ff610e87133f169e602eb94c39d6b 2024-11-08
FileHash-SHA256 5acac9846035863b178ff75fb2a8bdcd53e5d496007d032c3fb20e0dc8306fd9 2024-11-08
FileHash-SHA256 5d82f31bc37aa18e5c5110968b1a85aa419c6e2840e17074d2519ed9ad5b914c 2024-11-08
FileHash-SHA256 5ef5c841f74f9331efb5a43cd16d62fd27eb8293888e872a17c7a57795e37d75 2024-11-08
FileHash-SHA256 64ae2bf6920311be2521c47678c04299bd24c2caec2df5b340aa212a69760fda 2024-11-08
FileHash-SHA256 7dadff4d883b32c01bbcb96baf081649dbfadd186b934a7fd3c9754e0ba87ab3 2024-11-08
FileHash-SHA256 8240d49629a558acc0426dff40c042fa989fb46159bb5971ee3c4211b68a59d0 2024-11-08
FileHash-SHA256 85d67f9f6f82de5a8f5f92fcf9a82bbed2ff6f6d91a06a058a40c5a64882149b 2024-11-08
FileHash-SHA256 8ae2b420245ebbd983d42bb2d8ceb92f2e7ef40181d8f1cb347797ee7a61b2a1 2024-11-08
FileHash-SHA256 91a5f92908c561f1d1814d36da613c5b7411bb45554e1b2d19713f1f6d50a10c 2024-11-08
FileHash-SHA256 9b29964d0b3d026aa01713dbdf4361439788c05c8eb8723fc7cfb933245dec45 2024-11-08
FileHash-SHA256 a2a17e561d50f69e011598fd2e03b0376f6468609a1b2d6be9d458ee5c8b397d 2024-11-08
FileHash-SHA256 b1d10328d0cbe3413d1ec15888e5772e323798072fda1285f17b61a96bf0e34e 2024-11-08
FileHash-SHA256 b1da7982199597882a2da8c45114f4cf74fed64447fca8c5f58ced24d7085c77 2024-11-08
FileHash-SHA256 b44e6fd83b87d50c8aa8cf62de2578a13c22292fcf298b7664ed828804280dbe 2024-11-08
FileHash-SHA256 c0244fafbd5231730fdd0bfef2a972dd074f52ca46dc377494424269add81d2b 2024-11-08
FileHash-SHA256 c73e3b300ac9eb956a471cefb2282602834b5809c46b7807cfc06f671a5d9f8f 2024-11-08
FileHash-SHA256 dc53581d4c9140b0f987eb6686d67db6d777f8c89114b062be35b8f2847aa66f 2024-11-08
FileHash-SHA256 e3746de8993069f343a7334046a2361318e213e13883513a7c0713a847fd4dc9 2024-11-08
URL http://13.71.153.8/logtest.ps1 2024-11-08
URL http://13.78.113.103/One.ps1 2024-11-08
URL http://172.86.96.245/129-80.hta 2024-11-08
URL http://20.210.230.146/SecurityHealthSystray.hta 2024-11-08
URL http://20.222.194.41/SecurityHealthSystray.hta 2024-11-08
URL http://48.218.138.60/a.txt 2024-11-08
URL http://48.218.138.60/m.txt 2024-11-08
domain nigntboxcdn.com 2024-11-08
hostname f9e5e09788.ipv6.1433.eu.org 2024-11-08
References (1)
↗ https://unit42.paloaltonetworks.com/silent-skimmer-latest-campaign/