Bills C26 and C27 Prompt Major Regulatory Changes in Cybersecurity and Data Collection What Canada’s Vital Industries Should Know About Bills C26 and C27 The nature of cybersecurity and data collection in Canada is set to experience major changes that will impact all of Canada’s tech industries. The introduction of [...]
Image from bleepingcomputer.com
Ransomware continues to be a plague on the internet and still sets itself as the fastest growing malware family we have seen in the last number of years. In this post we describe the technical details about a newly observed campaign of the notorious Crypt0l0cker (aka TorrentLocker or Teerac) ransomware. Crypt0l0cker has gone through a long evolution, the adversaries are updating and improving the malware on a regular basis. Several indicators inside the samples we have analysed point to a new major version of the malware. We have already seen large campaigns targeting Europe and other parts of the world in 2014 and 2015. It seems to be that the actors behind these campaigns are back now and launching again massive spam attacks. This post will also give you insights about the level of sophistication this malware has reached.
REFERENCE: http://blog.talosintelligence.com/2017/03/crypt0l0cker-torrentlocker-old-dog-new.html
Indicators of Compromise:
| Indicator type | Indicator |
| domain | divamind.org |
| URL | http://glutenfreeworks.com/lftAd.vfd |
| URL | http://prorubim.com/led.poi |
| URL | http://4839.js2-order.pl/file/set.rte |
| URL | http://48f4339.js2-order.pl/file/set.rte |
| URL | http://quatang.thackhoi.com/system.ohp |
| URL | http://arkatechknowledges.com/wp-admin/link.rew |
| FileHash-SHA256 | 744b169cc40871e9c39409dbd89879c499433625f9fed1adfc700edcf293b1b0 |
| FileHash-SHA256 | de183a7886c3dedbbb1d9260934f0d6e7d4abca72fb942c573dc74ac449c4bfc |
| FileHash-SHA256 | 899c4eb640f97c3b198970e9d25d0464361f3bf5f8839b16f1e10493a82c5382 |
| FileHash-SHA256 | 3c413bf58186282a6ecfec8e6a3f7a6b931b15cd404961accfc7665ad8372a92 |
| FileHash-SHA256 | ccb3eba9526df1d9eb983bb5259c47e552efb4fdf8cd95e6a6b6856351114b8f |
| FileHash-SHA256 | 78f720f09a6ad23a0332c6531c4792a74d554d66d36f007d1e94bdd9c4fb2d1a |
| FileHash-SHA256 | ace22efeff8824d0297d7ecd7430ca1f89bf49f394185ec6208e754d0bf505bc |
| FileHash-SHA256 | 5bd73eb812173508fc8dc2d8d23f50ea219dc94211a64d5840655ba3e6b0d889 |
| FileHash-SHA256 | c11762004e8a1f31e5e45c21c7af2db2fb304952f0d02e467bc55a8fc0194e8c |
| FileHash-SHA256 | 2c8c0d8e1d74a02c44b92e1ee90a1f192e3ea3f65b29bcbba8fe6fc860e8dc6b |
| FileHash-SHA256 | 1e2cb0cf9b5b7e7b825fda20a37e5c6e1bb9c548eb89cc457026e4cbee35cd23 |
| FileHash-SHA256 | 9e0ee793008c69494627383251098e1d500212a77fd025f6645c47ffabf015eb |
| FileHash-SHA256 | 76f3828bfc53aa3d2f3057521c913797c1e3a7cb8331112bb1771ec6d4241e66 |
| FileHash-SHA256 | 07dab1e46585e90dd9fc1d82b572d454102e09e25e50fc634145dd999b440ee7 |
| FileHash-SHA256 | 7505f9a8c2092b255f9f41571fba2c09143b69c7ab9505c28188c88d4c80c5a7 |
| FileHash-SHA256 | bcd94a7c4a24645948c46afb2616720e2bb166bc327e63dfe2b8c3135accb548 |
| FileHash-SHA256 | cb9050f37dfc7e19b59d3ef4e332efcf2bc04c5707f41b43453f6c50d3740bc4 |
| FileHash-SHA256 | e32cbfce6291382a188d2dae50c4b3c2a173097f2b4fc17904daceac9b2f3396 |
| FileHash-SHA256 | c326b820c6184521b18fef27741fadb628414839ace202352db29608f17f995d |
| FileHash-SHA256 | 3745e6e8419a2090130473cb0b8197031fee9c07a824395d1ab261257def3100 |
| FileHash-SHA256 | e3166a14289b69956beba9fe0ac91aaeeff4c50fc9eb6a15a22864575fcc22fc |
| FileHash-SHA256 | 076bb85648f5a5e09c85dbf5997b58e7580031e64e5555a58ac0c3bce62a857b |
| FileHash-SHA256 | ea1f0f1ff85130dc4634019d9e305d35097483d38e37c8aa4dc6c81b7aed1418 |
| FileHash-SHA256 | 87fce23e17a86775b210c81089013ca7c058c03cd1b83b79b73413bd380efced |
| FileHash-SHA256 | 197aa2490e81362e651af2ab8e4ae2c41a5da1a2812e4377719596a2eb2b8c8f |
| FileHash-SHA256 | 0044e8a82a234674a070e9695f80f418ab72d351a4123b528e51b2b9eb2e44eb |
| FileHash-SHA256 | f893dbf5891995984e564c44878dd5c8dea94812c3df7b995d79159bca051f79 |
| domain | syhkhuiml35mt5qh.onion |
| domain | kghynzmoq7kvdzis.onion |
| domain | x5sbb5gesp6kzwsh.onion |
| domain | sharptok.org |
| domain | w7yr6b5oktcjo2jj.onion |
| URL | http://saunabau.sk/index.pjk |
| URL | http://activmedia.net/license.ttx |
| URL | http://saudail-alpin.no/point.gkp |
| URL | http://biotechclinical.com/leet.tjr |
| URL | http://www.girokonto.club/wp-conf.ghj |
| URL | http://blisunn.com/test.gtr |
| URL | http://fms-uchet.ru/multi.rty |
| URL | http://nji.fileserver4390.org/file/bord.vcx |
| URL | http://staracer.com.br/robots.ckl |
| URL | http://mayaastro.com/wp-conf.bgt |
| URL | http://www.mmgmarketing.com/wu.vbn |
| URL | http://fanrp.com/test.bhu |
| URL | http://partylimobusnj.com/wp-conf.tyu |
| URL | http://directory.submitlocally.com/res.jnb |
| URL | http://ansagoldcoast.com/pols.vfr |
| URL | http://gidrostroy-nn.ru/wp-includes/feed.gtb |
| URL | http://humannecessityfoundation.com/php.oiw |
| URL | http://ileriteknikservis.com/wp-log.bnm |
| URL | http://iuhd873.omniheart.pl/file/set.rte |
| URL | http://ltmp.joymes.pl/file/vet.bnm |
| URL | http://ltmp.joymes.pl/file/nib.vcb |
| URL | http://flyanairliner.com/tire.bnm |
| URL | http://drjacobberger.com/fav.vcb |
| URL | http://ltmp.applepice.pl/file/set.rte |
| URL | http://cyjt.com/left.lop |
| URL | http://rubbishinteriors.com/401.hji |
| URL | http://ltmp.joymes.pl/file/bon.ijn |
| domain | giftbests.com |
Looking for automated defense from Advanced Threats like these? Get in touch with us right now
Header image from http://blog.talosintelligence.com/2017/03/dnsmessenger.html The Domain Name System (DNS) is one of the most commonly used Internet application protocols on corporate networks. It is responsible for providing name resolution so that ...
How Cobalt Strike Is Being Turned Against Canadian Industry Cobalt Strike Malware Stirs Concerns Across Canada Cobalt Strike is one of the many tools used by hackers for compromising networks, harvesting sensitive data, and extorting money from victims. Cobalt Strike malware is a complex issue to address for IT professionals in Canada, as it is ...
