IoCs/Troj-BazarLd.csv at master · sophoslabs/IoCs
Tags
| attack-pattern: | Data Rundll32 - T1218.011 Rundll32 - T1085 |
Common Information
| Type | Value |
|---|---|
| UUID | 7d9bedaa-ee87-4004-90eb-3e8bf6ab5164 |
| Fingerprint | 69fb28d14582672d |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Jan. 1, 2022, midnight |
| Added to db | Sept. 11, 2022, 12:41 p.m. |
| Last updated | Nov. 18, 2024, 1:38 a.m. |
| Headline | UNKNOWN |
| Title | IoCs/Troj-BazarLd.csv at master · sophoslabs/IoCs |
| Detected Hints/Tags/Attributes | 20/1/27 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://github.com/sophoslabs/IoCs/blob/master/Troj-BazarLd.csv |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 71 | news.sophos.com |
|
| Details | Domain | 2 | amadeamadey.at |
|
| Details | File | 1 | troj-bazarld.csv |
|
| Details | File | 3 | annualreport.exe |
|
| Details | File | 2127 | cmd.exe |
|
| Details | md5 | 1 | 21807bf30699429100f07c674e9f52f0 |
|
| Details | md5 | 1 | 441a9b57a778665b0689986265a59caf |
|
| Details | md5 | 1 | 494e8dc63210ed59ab012ebb5be1a283 |
|
| Details | md5 | 1 | c941c4a83663fa976cf0367844900bc6 |
|
| Details | md5 | 1 | c9ea53bdb7010f189f3c4566a854c543 |
|
| Details | md5 | 1 | 21e3cae5b77c41528658ada08509c392 |
|
| Details | sha1 | 1 | e53166ca0f09ad46795cd8f5a1c9a4a2d5b21415 |
|
| Details | sha1 | 1 | 634892c91f5ddfab0891fe7e004e50e46fe60cef |
|
| Details | sha1 | 1 | 165403fd23ee320564b9b455f234b60b02ba1ff8 |
|
| Details | sha1 | 1 | 52458f4e9449a66235486cd8adb52fd2de332814 |
|
| Details | sha1 | 1 | 8a487c189edd6e3cc32cee7709aa4e0c21d07491 |
|
| Details | sha1 | 1 | d86639b31a7eb172c064c72788d1fbf4dc1440e6 |
|
| Details | sha1 | 1 | d3213224dad1803840f7878bcc1df85ca38deed2 |
|
| Details | sha1 | 1 | cf0fcc2c856e800b360e545359fca9a367489424 |
|
| Details | sha1 | 1 | 3b52cc3f5c58316827c183d664e21344993a5502 |
|
| Details | sha1 | 1 | e0aef96555318bac394065c9721c0310ca0df091 |
|
| Details | sha1 | 1 | bdb0e0889d3ec7af0398b08ece2f45ed1844d85d |
|
| Details | sha1 | 1 | 06765c5f039002c614a35d36a14597e86ef20370 |
|
| Details | sha256 | 1 | 44c15c76277adcfa5fa07b746c7083a4ee874751b678091edd56a003b0312c9c |
|
| Details | sha256 | 1 | 71cd6cb93fcf508761b72fac05bc96a07697718eb928c72fc7731dab457b3606 |
|
| Details | sha256 | 3 | 52bbe09c7150ea66269c71bac8d0237fb0e6b0cae4ca63ab19807c310d6a1a0b |
|
| Details | Url | 1 | https://news.sophos.com/en-us/2021/04/15/bazarloader-deploys-a-pair-of-novel-spam-vectors |