← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
jf_cf_frostovip.exe and 180^^^^^AAn_ok.exe
WHITE Arek-BTC 2025-01-08 Modified: 2025-01-08
127
IOCs
HIGH VOLUME
A report on a Windows malware attack has been published online by Microsoft and by Nextron Systems, the same company that developed the attack itself, and is being investigated by the US National Security Agency (NSA).
pejzaszsha1imphaszgreedy filedeletion usingdel idxjuniornextronexampleexternalnetfiledataportshomenet
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (127)
All hostname FileHash-SHA256 URL domain FileHash-MD5 FileHash-SHA1
TYPEINDICATORDESCRIPTIONCREATED
hostname www.crazyfrost.com 2025-01-08
FileHash-SHA256 0405a1415a34cc0a8e63f5273f01c6ff505d40a181157ca1d27952024e83bd1e 2025-01-08
FileHash-SHA256 060804e5e08d4d1273cbad0d46921923eb012a9224dcdc0b93e7d1c5d8fb941b 2025-01-08
FileHash-SHA256 08e851b1883c49d1b3e26752eafc60672a4a43c9c9dd4ca5c87d132ef89b92d4 2025-01-08
FileHash-SHA256 1c7ea25b3ab7f876f40578d19f1bc33c5895033e21519b8a30d12b33bcb34afb 2025-01-08
FileHash-SHA256 21d3639e461ef8161791fcf9f026b8fe887c9843f5d335d603e952cf26f0588c 2025-01-08
FileHash-SHA256 3757cfb5189395e7f2e645beb281e39b006bd1eb5d69ab2e9bb6c8664c55571b 2025-01-08
FileHash-SHA256 3cf7669d499ebe791c227948c2c5f86307b6f1caaed9b0577c59938101353a91 2025-01-08
FileHash-SHA256 463558b4dd1cb41f6264707e5b0553c5bcb5d32867474e8cffc407f59e74c50f 2025-01-08
FileHash-SHA256 4b44ac447ac00e8d8cc6ca2987974f416691308a477145f57006da389fc849c3 2025-01-08
FileHash-SHA256 4b9d6c5de40bfc4da8cb8b3ab9408dc574346b97268983f10bef8810e3f6bed8 2025-01-08
FileHash-SHA256 5ca9e90584275a05e118163388a5585ff071bb1b5dcd227dd78cf1442e9b88d0 2025-01-08
FileHash-SHA256 666c860e6ed6eab6e69e6eabb312b7664376a30edbd9a97e50732fcd4cdc190d 2025-01-08
FileHash-SHA256 893c4eeb1b2846071c872548bac2b7b5d0531f02752986ed9f8284e7c00b60f0 2025-01-08
FileHash-SHA256 a6e2272fc7d3848fc92f22d460898d191236b1f40ae0a182ccaf97d66f011f7d 2025-01-08
FileHash-SHA256 b560df68a784e301e59c7a4f7395f600508186da98b72430683657a78adbecf5 2025-01-08
FileHash-SHA256 c9f4127bfee8b9d2153f2f265c010aae50af8710f1f0d49aeb7a37f3515ff950 SHA256 of e1a953bd1cf41ead8eed194bcbc05ad645465a4e 2025-01-08
FileHash-SHA256 d831e03510008d3bdee45ba09c893c709d18065b42e5821af0a098d32f9ec8ba 2025-01-08
FileHash-SHA256 df51b09cc98cc9edfe15a49ef16d84385580b50d4e1da20008ac5b271a6d3ecf 2025-01-08
FileHash-SHA256 e596122610eef190812513338b819dc2ba1bd4c673aa352d5b2f453b4320ba70 2025-01-08
FileHash-SHA256 f0688ccb807d6c98efc20b1b3eb196fd991d85655db699aaa36a661829343991 2025-01-08
URL http://www.crazyfrost.com/cdn-cgi/images/cf-icon-browser.png 2025-01-08
URL http://www.crazyfrost.com/cdn-cgi/images/cf-icon-cloud.png 2025-01-08
URL http://www.crazyfrost.com/cdn-cgi/images/cf-icon-error.png 2025-01-08
URL http://www.crazyfrost.com/cdn-cgi/images/cf-icon-ok.png 2025-01-08
URL http://www.crazyfrost.com/cdn-cgi/images/cf-icon-server.png 2025-01-08
URL http://www.crazyfrost.com/cdn-cgi/styles/main.css 2025-01-08
URL http://www.crazyfrost.com/wp-content/plugins/buddypress/bp-templates/bp-legacy/js/buddypress.min.js 2025-01-08
URL http://www.crazyfrost.com/wp-content/themes/parabola/fonts/yanonekaffeesatz-light-webfont.eot 2025-01-08
URL http://www.crazyfrost.com/wp-content/themes/parabola/js/frontend.js 2025-01-08
URL http://www.crazyfrost.com/wp-content/themes/twentyten/style.css 2025-01-08
URL http://www.crazyfrost.com/wp-content/uploads/2011/01/%D0%BA%D0%BE%D0%BB%D0%BB%D0%B0%D0%B68.jpg 2025-01-08
URL http://www.crazyfrost.com/wp-content/uploads/2012/11/jf_cf_invisible.png 2025-01-08
URL http://www.crazyfrost.com/wp-includes/images/smilies/icon_sad.gif 2025-01-08
URL http://www.crazyfrost.com/wp-includes/images/smilies/icon_smile.gif 2025-01-08
URL http://www.crazyfrost.com/wp-includes/js/admin-bar.min.js?ver=4.7.1 2025-01-08
URL http://www.crazyfrost.com/wp-includes/js/wp-embed.min.js 2025-01-08
URL http://www.crazyfrost.com/wp-includes/js/wp-embed.min.js?ver=4.7.1 2025-01-08
URL https://www.crazyfrost.com/favicon.ico 2025-01-08
URL http://rucheats.com/ 2025-01-08
domain rucheats.com 2025-01-08
FileHash-SHA256 010d1e688bdcfc162d1ffbb8574d10f25b939e25ecf4b0c2ffcd7483e56081cf 2025-01-08
hostname pay.rucheats.com 2025-01-08
hostname ww25.rucheats.com 2025-01-08
hostname ww38.rucheats.com 2025-01-08
URL http://rucheats.com/crossfire.html 2025-01-08
URL http://rucheats.com/ext.php?ref=http://file-space.org/files/get/3yKx1EW5G5/dxhook.rar.html 2025-01-08
URL http://rucheats.com/ext.php?ref=http://file-space.org/files/get/3yKx1EW5G5/dxhook.rar.html/ 2025-01-08
URL http://rucheats.com/showthread.php?t=41526 2025-01-08
URL http://ww1.rucheats.com/crossfire.html?sub1=20201009-0720-10cd-b16e-32b4707ee614 2025-01-08
URL http://ww1.rucheats.com/px.gif?ch=1&rn=2.380949288427324 2025-01-08
URL http://ww1.rucheats.com/search/tsc.php?200=MzU4NDg3ODcw&21=MjExLjEwNy4yNS42OQ==&681=MTYwMjE4ODQxMWIzZGZkNTY4NzU1ZDhkODA4MGVlNWE1NGNiOWI4YzAz&crc=ffe56be151a7fecf72dd5e595cc3e36fb7b3cac9&cv=1 2025-01-08
URL http://ww1.rucheats.com/showthread.php?t=41526&sub1=20200725-2122-5415-b6e3-50dfa9b5f0e1 2025-01-08
URL http://ww16.rucheats.com/?sub1=20210308-0545-2954-82f2-3a5207419058 2025-01-08
URL http://ww16.rucheats.com/?sub1=20210312-1850-222d-b9ef-9705a6114b99 2025-01-08
URL http://ww16.rucheats.com/?sub1=20210605-0751-3287-8ffd-b6554f99ef38 2025-01-08
URL http://ww16.rucheats.com/crossfire.html?sub1=20210403-2359-245d-8603-49ba090b9fc2 2025-01-08
URL http://ww16.rucheats.com/favicon.ico 2025-01-08
URL http://ww16.rucheats.com/search/tsc.php?200=MzU4NDg3ODcw&21=MzQuODYuMjQxLjMx&681=MTYxNTUzNTQyM2RhZjk5OWE4NGYyODc0NjIyODljMTVhZGY3ZjhhYWNi&crc=33e9a2709d697bb6ace1e35931c08baa4efa6a45&cv=1 2025-01-08
URL http://ww38.rucheats.com/favicon.ico 2025-01-08
URL http://ww38.rucheats.com/forumdisplay.php?f=5 2025-01-08
URL http://ww38.rucheats.com/ls.php 2025-01-08
URL http://ww38.rucheats.com/track.php?domain=rucheats.com&toggle=browserjs&uid=MTYyMDgxMjQ4Ni43NzA3OjU0MzlhZGMxM2M5MjM0NDYyMzU3YWE3MGYwYzI3MGYwYmRhZTZkM2RjMzFmZGNlZjVkZjlmYWFkYzJmMGNlNmU6NjA5YmEyYzZiYzI1ZQ== 2025-01-08
URL https://ww38.rucheats.com/ls.php 2025-01-08
FileHash-MD5 2807a864b00c862e15d701aa98ac4262 MD5 of e1a953bd1cf41ead8eed194bcbc05ad645465a4e 2025-01-08
FileHash-MD5 bf5a4aa99e5b160f8521cadd6bfe73b8 2025-01-08
FileHash-SHA1 7ba8286e4049de022b0b1c0f067c1928b30dd418 2025-01-08
FileHash-SHA1 e1a953bd1cf41ead8eed194bcbc05ad645465a4e 2025-01-08
FileHash-SHA256 b6861743a77db9241a661281423246facba3fd5eb559d7fcc6f0e37cff2b112e 2025-01-08
FileHash-SHA256 1ff951a5bb674efbd806a3242f30e1895cb2d3e6664c3a76d037fe78fcd6889f 2025-01-08
FileHash-SHA256 255a65d30841ab4082bd9d0eea79d49c5ee88f56136157d8d6156aef11c12309 2025-01-08
FileHash-SHA256 63c442853b734391a71507e0acb483b2c7b5a1bb2eba9afd537d0938f221b8b6 2025-01-08
FileHash-SHA256 c6dfe6ad1b90a7a9a1775305913b51d2886a2eed924ab23b63eaf8621301f53b 2025-01-08
FileHash-SHA256 f98b3783b49bc9af1488cb2c08be1f293e76e0c9dbfb3e1421c8753ad2a32258 2025-01-08
FileHash-MD5 0ee4b742dd1cdde9c69b42e43911ddc1 2025-01-08
FileHash-MD5 e967b8c0c0d41352a44e3a15e8f465fe 2025-01-08
URL http://kotik.cc/ 2025-01-08
URL http://www.crazyfrost.com/ 2025-01-08
URL http://www.crazyfrost.com/favicon.ico 2025-01-08
URL https://kotik.cc/ 2025-01-08
URL https://kotik.cc/WwrA2Eib8gEBaBZb/css/bootstrap.css 2025-01-08
URL https://kotik.cc/WwrA2Eib8gEBaBZb/css/cover.css 2025-01-08
URL https://kotik.cc/WwrA2Eib8gEBaBZb/js/bootstrap.js 2025-01-08
URL https://kotik.cc/shop/media/0ee4b742dd1cdde9c69b42e43911ddc1.jpg 2025-01-08
URL https://kotik.cc/shop/media/e967b8c0c0d41352a44e3a15e8f465fe.jpg 2025-01-08
domain kotik.cc 2025-01-08
FileHash-SHA256 1c21a044ef304721bd90d876827a74bd27f74f3ea282e25eab4a39f42a661685 2025-01-08
FileHash-SHA256 329fc4b57540ee0cc717dfa2611a84a621f83d7314a66ab83170be1c81f3b03f 2025-01-08
FileHash-SHA256 3a78e716558d5c059a66111c2d368cd387a41c6b9a87391b5646ce02cdffa3a6 2025-01-08
FileHash-SHA256 624c73d2734c1455fd0de24db6f3aa1df4517592f9dd9739569dcf4a75190e68 2025-01-08
FileHash-SHA256 7e6edc13cca99c6d1d042e8d3bb823e52ee17d8d024d413306a6d2527f0190b8 2025-01-08
FileHash-SHA256 854c185e860d062825911d343c9404ee3f973dcf84815f1c32cdde0c0f940e58 2025-01-08
FileHash-SHA256 a6dbd0c7953b6b434ff79c6e59a67a22a20cb0356e7dc79f84a9dfc8cb7aa115 2025-01-08
FileHash-SHA256 a8f546e21a13b75a09d23160e1580e9402531dc64f609e65eed7d71e182d7ac4 2025-01-08
FileHash-SHA256 dfb6c0c43baf933a3d4c8fe05de32c645825586ac6804064927d7a1c2db74445 2025-01-08
FileHash-SHA256 e838aa26103c28461866369a29f1e47e25b66723a6f9c4b12a1ee21c10f475ad 2025-01-08
FileHash-SHA256 ea0801a4488bbe8460151a2cc34bd0ca8374d147003c6ba561025c1c8d4b2dd4 2025-01-08
URL http://kotik.cc/index.html 2025-01-08
URL http://kotik.cc/index.jpg 2025-01-08
URL http://www.kotik.cc/ 2025-01-08
FileHash-MD5 09d0478591d4f788cb3e5ea416c25237 2025-01-08
FileHash-MD5 f59e1e2e39f7251ba701bae881d6f9f1 MD5 of 18b1e74e5aa5abf487fe7a2480ee061edc56dab7 2025-01-08
FileHash-SHA1 18b1e74e5aa5abf487fe7a2480ee061edc56dab7 2025-01-08
FileHash-SHA1 c204e0099dc3a6e4040b06a80925da804a718abd 2025-01-08
FileHash-SHA256 cce6fcb62fba3fbd855f621aab13e79b97820709b77dc5a0630256882e2d0315 SHA256 of 18b1e74e5aa5abf487fe7a2480ee061edc56dab7 2025-01-08
FileHash-MD5 55a54008ad1ba589aa210d2629c1df41 MD5 of 4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a 2025-01-08
FileHash-SHA1 bf8b4530d8d246dd74ac53a13471bba17941dff7 SHA1 of 4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a 2025-01-08
FileHash-SHA256 020f22915c62077dcc4fd14cedab8d09435a5e6d289ec40390030cf4a88acda9 2025-01-08
FileHash-SHA256 211bdf19381949eb8115d9b099670d0277e91531afea23e23a11879d9a29f87d 2025-01-08
FileHash-SHA256 22ba330dd5998b6bb084ae0d600d19689ceb6bdcf3ebdb7f2a852800fa36c185 2025-01-08
FileHash-SHA256 4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a 2025-01-08
FileHash-SHA256 58875236808ea450225529164f04eaeb0b341f7587b3852cbee7f022079c9899 2025-01-08
FileHash-SHA256 62c2767be43ce2410d10f709341e14e99a0ba367b6955529a6a8ab86f11a47c1 2025-01-08
FileHash-SHA256 638f9628c3793854e90d3fbeafce653b394f31a58458eb040e1fba910f860588 2025-01-08
FileHash-SHA256 6b9ff626112380b9aa383cf5df371a3e147d141c75130b5b21143a5133971498 2025-01-08
FileHash-SHA256 6d241945060776f853744d590e05d6e1d8c52ff1f2aa44dac4df1f95f119832f 2025-01-08
FileHash-SHA256 6ec8c14ac01b37fe2ae8b2fbf979522a4cf43ddd3dddbe223051a6ce4745b914 2025-01-08
FileHash-SHA256 80e11238bbaff26d463b751eea5412d23200b15cd4f458bd7b6aa8df4fb65497 2025-01-08
FileHash-SHA256 87a564de60ffcd8a6ff888542b3ce1d68e1f7309c2ff63f79231e4aea81f685a 2025-01-08
FileHash-SHA256 9262c51f2cce2a1401fbc080309b329c1dbc94a60df1ee26c684ba0c50e051ee 2025-01-08
FileHash-SHA256 9955f4a562efd60e9e84fb2ae6530fd781f06724fad301713d2fdc262a2f635d 2025-01-08
FileHash-SHA256 a4bc0331febbc3dbd8a8ee93d280e5d1b2c3bd9a65653a7abe2d2fd6f413c934 2025-01-08
FileHash-SHA256 c4231438c8c06b68a5482ab83306003f45754eef6ed78748ea2d19ea7627172f 2025-01-08
FileHash-SHA256 c75d63f3a9e1a6703664577e5d1bf3c812f845ca2f5debd20b5405c0a08fe280 2025-01-08
FileHash-SHA256 ea16a02d807dbd5c28d658902b3ffe6112505d0d13520e3d394988274b795733 2025-01-08
FileHash-SHA256 f30fb086b944a92cd01260369475104025c3abf7832f5b3aab2d958b13ef17a2 2025-01-08
FileHash-SHA256 f4b4a7c53b3a64bef00efcc51cfb9b0dc0a18e204aa58abfd76bba49bdf751c8 2025-01-08