November 20, 2023
Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]
Rewterz Threat Advisory – Microsoft PowerShell Core Multiple Vulnerabilities
May 24, 2019Rewterz Threat Alert – Shade Ransomware Hits High-Tech, Wholesale & Education Sectors in Multiple Countries
May 24, 2019Rewterz Threat Advisory – Microsoft PowerShell Core Multiple Vulnerabilities
May 24, 2019Rewterz Threat Alert – Shade Ransomware Hits High-Tech, Wholesale & Education Sectors in Multiple Countries
May 24, 2019
Severity
Medium
Analysis Summary
Shade ransomware has been targeting hosts running Microsoft Windows, since 2014. It is also known as Troldesh. Distributed through Russian language as well as English language malspam campaigns and exploit kits, Shade ransomware encrypts files on your computer and appends an extension .crypted000007 with the name of each encrypted file.
When a Windows host is infected with Shade ransomware, its desktop background announces the infection, and ten text files appear on the desktop named README1.txt through README10.txt as shown in Figure 1.
These readme text files are the ransom notes as shown below:
The Malspam-based infections for Shade ransomware involve a JavaScript (.js) or other type of script-based file disguised as an invoice or bill. In some cases, Shade malspam has links for these script-based files. In other cases, the files are directly attached to the emails within a zip file or other type of archive.
Shade ransomware’s favorite victims fall under High Tech category in many countries including U.S, Japan, India, Thailand, Canada.
Impact
- Files Encryption
- Loss of Information
- Financial Loss
Indicators of Compromise
URLs
- hxxp[:]//333media[.]co[.]uk/[.]tmb/inf[.]inf
- hxxp[:]//abcstudio[.]sk/wp-content/themes/fusion-base/fonts/msg[.]jpg
- hxxp[:]//abyaz[.]ir/wp-content/themes/woodstock/js/1[.]pdf
- hxxp[:]//acffiorentina[.]ru/assets/1[.]pdf
- hxxp[:]//actinix[.]com/wp-content/themes/ultra/images/msg[.]jpg
- hxxp[:]//adelekeoluwakemiandco[.]com/wp-content/themes/twentyseventeen/inc/inf[.]inf
- hxxp[:]//agava[.]ee/wp-content/themes/graphene/bootstrap-rtl/1[.]pdf
- hxxp[:]//alpadegra[.]pe/wp-content/themes/mesmerize/customizer/css/hp[.]gf
- hxxp[:]//ambulatorium[.]sk/wp-admin/css/colors/blue/hp[.]gf
- hxxp[:]//amsr[.]ma/templates/businessplan/html/com_contact/categories/msg[.]jpg
- hxxp[:]//andyburkholder[.]com/wordpress/wp-admin/css/colors/blue/hp[.]gf
- hxxp[:]//andyliotta[.]com/wp-content/themes/musicpro/js/cookie/msg[.]jpg
- hxxp[:]//anselmi[.]at/templates/rt_hadron/css-compiled/hp[.]gf
- hxxp[:]//anyadavidson[.]com/wordpress/wp-admin/css/colors/blue/hp[.]gf
- hxxp[:]//app[.]expalglobal[.]com/upload/items/img/1[.]pdf
- hxxp[:]//arbanstore[.]com/wp-admin/css/colors/blue/hp[.]gf
- hxxp[:]//arbanstore[.]com/wp-admin/css/colors/blue/inf[.]inf
- hxxp[:]//archiaidbd[.]com/templates/shaper_helix3/css/presets/inf[.]inf
- hxxp[:]//ascentprint[.]ru/scripts/1[.]pdf
- hxxp[:]//auroradx[.]com/adxwp/wp-content/backups-dup-pro/tmp/gr[.]mpwq
- hxxp[:]//auroradx[.]com/adxwp/wp-content/nfwlog/cache/hp[.]gf
- hxxp[:]//automodernshop[.]com/[.]quarantine/inf[.]inf
- hxxp[:]//b-compu[.]de/templates/conext/content_images_source/msg[.]jpg
- hxxp[:]//b-compu[.]de/templates/conext/html/com_contact/contact/msg[.]jpg
- hxxp[:]//balloflightning[.]com/wp-content/themes/vigilance/css/msg[.]jpg
- hxxp[:]//bamferproductions[.]com/GeneratedItems/1[.]pdf
- hxxp[:]//banzay[.]com/wp-content/themes/di-blog/languages/msg[.]jpg
- hxxp[:]//bbbrown[.]com/wp-content/themes/twentyten/languages/msg[.]jpg
- hxxp[:]//berkaytulpar[.]com[.]tr/inf[.]inf
- hxxp[:]//bitcoinqrgen[.]com/wp-content/ai1wm-backups/hp[.]gf
- hxxp[:]//bjlaser[.]com/templates/outsourcing-fjt/html/com_contact/contact/msg[.]jpg
- hxxp[:]//britishcollege[.]edu[.]lk/[.]well-known/acme-challenge/inf[.]inf
- hxxp[:]//bursabowling[.]com/templates/rt_myriad/custom/1[.]pdf
- hxxp[:]//canadianpricespharmacy[.]xyz/wp-content/themes/maxshop/images/hp[.]gf
- hxxp[:]//capablecanines[.]org/wp-content/themes/Divi/css/hp[.]gf
- hxxp[:]//clubdelideres[.]org/font-awesome/css/hp[.]gf
- hxxp[:]//coastalcrestgroup[.]com/wp-content/themes/betheme/assets/animations/hp[.]gf
- hxxp[:]//conozcatlanta[.]com/[.]well-known/acme-challenge/hp[.]gf
- hxxp[:]//consultantlegality[.]com/wp-content/themes/llorix-one-lite/css/hp[.]gf
- hxxp[:]//costiran[.]com/wp-admin/css/colors/blue/inf[.]inf
- hxxp[:]//crlagoa[.]cdecantanhede[.]pt/wp-admin/css/colors/blue/hp[.]gf
- hxxp[:]//customercarelist[.]info/wp-content/themes/Newspaper/parts/footer/hp[.]gf
- hxxp[:]//cvpass[.]net/wp-content/themes/twentyseventeen/assets/css/inf[.]inf
- hxxp[:]//damyo[.]co[.]kr/wp-content/themes/enfold/config-gravityforms/hp[.]gf
- hxxp[:]//damyo[.]co[.]kr/wp-content/themes/enfold/lang/hp[.]gf
- hxxp[:]//davanaweb[.]com/wp-content/themes/arras-theme/@eaDir/hp[.]gf
- hxxp[:]//davidgillettephotography[.]com/wp-content/themes/boilerplate/boilerplate-admin/inf[.]inf
- hxxp[:]//demo[.]art-of-digital[.]com/yoga/2018/12/24/live-a-perfect-life/feed/inf[.]inf
- hxxp[:]//dicaconsultores[.]com/wp-content/themes/empowerment/inc/msg[.]jpg
- hxxp[:]//dnz17[.]in[.]ua/tmp/inf[.]inf
- hxxp[:]//dongavienthong[.]com/wp-includes/ID3/inf[.]inf
- hxxp[:]//donmago[.]com/wp-content/themes/betheme/js/parallax/msg[.]jpg
- hxxp[:]//dresscollection[.]ru/errors/default/css/msg[.]jpg
- hxxp[:]//ekolog[.]org/687a0eb9e70069aa3c7f5a7bc1b08bf0/msg[.]jpg
- hxxp[:]//elurnsummit[.]com/wp-content/themes/writee/templates/inf[.]inf
- hxxp[:]//emfbd[.]org/wp-content/themes/frontier/includes/genericons/hp[.]gf
- hxxp[:]//enaghsh[.]ir/wp-content/themes/mweb-digiland/dokan/hp[.]gf
- hxxp[:]//entrepreneurspider[.]com/wp-content/themes/astra/languages/inf[.]inf
- hxxp[:]//escwireless[.]com/templates/jm-0013/css/gr[.]mpwq
- hxxp[:]//eurotecheu[.]com/wp-content/themes/skt-solar-energy/js/inf[.]inf
- hxxp[:]//farmworldtech[.]com/wp-content/themes/generatepress/inc/customizer/controls/css/1[.]pdf
- hxxp[:]//fcbiolog[.]com/errordocs/style/inf[.]inf
- hxxp[:]//fenapro[.]org[.]br/templates/ja_edenite/css/colors/msg[.]jpg
- hxxp[:]//flashsale88[.]com/wp-admin/css/colors/blue/inf[.]inf
- hxxp[:]//flirtwithclassdemo[.]racevmarketing[.]com/wp-admin/css/colors/blue/1[.]pdf
- hxxp[:]//foodera[.]co/wp-admin/css/colors/blue/1[.]pdf
- hxxp[:]//forestandseaclub[.]racevmarketing[.]com/wp-content/cache/et/26/1[.]pdf
- hxxp[:]//frenchdoitbetter[.]my/wp-includes/ID3/hp[.]gf
- hxxp[:]//gimnazjum-zawichost[.]pl/dokumenty/mlody_naukowiec/msg[.]jpg
- hxxp[:]//gpcezhukone[.]org/templates/rt_audacity/html/com_content/archive/hp[.]gf
- hxxp[:]//greenerpathway[.]info/wp-admin/css/colors/blue/gr[.]mpwq
- hxxp[:]//grunert[.]biz/wp-content/themes/sydney/languages/hp[.]gf
- hxxp[:]//hamayeshgroup[.]com/[.]well-known/pki-validation/inf[.]inf
- hxxp[:]//hitechontheweb[.]com/wp-content/themes/advanced-twenty-seventeen-child/template-parts/footer/inf[.]inf
- hxxp[:]//importfish[.]ru/dynamic/msg[.]jpg
- hxxp[:]//inhome[.]theadleaf[.]net/wordpress/inf[.]inf
- hxxp[:]//innovationsolarinc[.]com/wp-content/themes/isi/bbpress/inf[.]inf
- hxxp[:]//instanttechnology[.]com[.]au/wp-content/themes/skyline/inc/footers/inf[.]inf
- hxxp[:]//invokeshop[.]com/wp-content/ai1wm-backups/inf[.]inf
- hxxp[:]//iqra[.]tn/fbs/hp[.]gf
- hxxp[:]//iqra[.]tn/wp-admin/css/colors/blue/hp[.]gf
- hxxp[:]//isfacca[.]ir/IrSans/css/inf[.]inf
- hxxp[:]//jazarah[.]net/wp-content/themes/truemag/admin/assets/css/msg[.]jpg
- hxxp[:]//jbrealestategroups[.]com/wp-content/themes/bridge/export/msg[.]jpg
- hxxp[:]//jgcarpetcleaning[.]com/wp-content/themes/bb-theme/classes/1[.]pdf
- hxxp[:]//joeksdj[.]nl/VT555/_vti_cnf/msg[.]jpg
- hxxp[:]//kean3[.]com/[.]well-known/pki-validation/hp[.]gf
- hxxp[:]//khabbas[.]com/wp-content/themes/twentyseventeen/inc/hp[.]gf
- hxxp[:]//kokkelering[.]no/wp-content/themes/Divi/core/admin/css/inf[.]inf
- hxxp[:]//koren[.]cc/wp-content/themes/twentyseventeen/template-parts/footer/inf[.]inf
- hxxp[:]//languardia[.]ru/wp-content/languages/plugins/msg[.]jpg
- hxxp[:]//leamoreconstruction[.]com/wp-content/themes/buildplus/admin/1[.]pdf
- hxxp[:]//liliatomova[.]com/wp-includes/ID3/1[.]pdf
- hxxp[:]//linetours[.]ru/wp-content/themes/untitled/styles/msg[.]jpg
- hxxp[:]//louismoreno[.]com/wp-content/themes/asterion/page-templates/msg[.]jpg
- hxxp[:]//magicsounds[.]net/wp-admin/css/colors/blue/1[.]pdf
- hxxp[:]//mail[.]333media[.]co[.]uk/public_html/plugins/acl/localization/inf[.]inf
- hxxp[:]//mail[.]360cleaning[.]co[.]uk/skins/classic/images/buttons/hp[.]gf
- hxxp[:]//mail[.]360cleaning[.]co[.]uk/wp_caden_package_1[.]3/Licensing/inf[.]inf
- hxxp[:]//mail[.]creativerentacar[.]com/installer/images/inf[.]inf
- hxxp[:]//mail[.]creativetravelworld[.]com/plugins/acl/localization/hp[.]gf
- hxxp[:]//mail[.]zadiaks90[.]com/installer/images/inf[.]inf
- hxxp[:]//makeupp[.]site/wp-content/themes/twentysixteen/genericons/1[.]pdf
- hxxp[:]//makeupp[.]site/wp-content/themes/twentysixteen/genericons/inf[.]inf
- hxxp[:]//mapsu[.]org/awstats/msg[.]jpg
- hxxp[:]//marathonbuilding[.]com/wp-content/themes/Marathon20140204a/images/msg[.]jpg
- hxxp[:]//marketingcoachth[.]com/wp-admin/css/colors/blue/msg[.]jpg
- hxxp[:]//meeweb[.]com/admin/swfupload/css/inf[.]inf
- hxxp[:]//meurls[.]xyz/wp-content/plugins/ad-ace/assets/css/fonts/iconfont/msg[.]jpg
- hxxp[:]//miumilkshop[.]com/wp-includes/ID3/hp[.]gf
- hxxp[:]//mmonteironavegacao[.]com[.]br/blog/category/msg[.]jpg
- hxxp[:]//montaneproperties[.]co[.]za/cache/1[.]pdf
- hxxp[:]//musiciansassociationofthephilippines[.]com/wp-includes/ID3/inf[.]inf
- hxxp[:]//muslimlifestyleexpo[.]info/wp-content/themes/singlepage/languages/1[.]pdf
- hxxp[:]//myclientsdemo[.]com/cannadyz/css/hp[.]gf
- hxxp[:]//nest[.]sn/wp-content/themes/education-web/languages/msg[.]jpg
- hxxp[:]//new4[.]pipl[.]ua/[.]well-known/acme-challenge/inf[.]inf
- hxxp[:]//noblechild[.]com/wp-content/themes/mt-dark/languages/hp[.]gf
- hxxp[:]//northernoceanmarine[.]com/wp-content/themes/nom/images/hp[.]gf
- hxxp[:]//northernoceanmarine[.]com/wp-content/themes/nom/images/inf[.]inf
- hxxp[:]//novotravel[.]ir/wp-snapshots/hp[.]gf
- hxxp[:]//oestervraafys[.]dk/templates/rt_cygnet/fields/hp[.]gf
- hxxp[:]//orielliespinoza[.]com/wp-content/themes/rara-business/images/hp[.]gf
- hxxp[:]//orielliespinoza[.]com/wp-content/themes/rara-business/inc/css/hp[.]gf
- hxxp[:]//ozemag[.]com/wp-content/themes/emag/template-parts/msg[.]jpg
- hxxp[:]//panamacitybeachcondosforsale[.]net/wp-content/themes/astra/assets/css/minified/compatibility/woocommerce/hp[.]gf
- hxxp[:]//pitbullcreative[.]net/wp-content/themes/alyeska/lang/hp[.]gf
- hxxp[:]//pixonet[.]ir/wp-snapshots/hp[.]gf
- hxxp[:]//plasticbottle-factory[.]com/wp-content/themes/baiila/fonts/hp[.]gf
- hxxp[:]//prathmeshbiotech[.]com/templates/jd_miami/css/presets/inf[.]inf
- hxxp[:]//precision[.]bc[.]ca/wp-content/themes/precision/colors/hp[.]gf
- hxxp[:]//prigo[.]com/bluewhale/hp[.]gf
- hxxp[:]//rayaxiaomi[.]com/wp-content/themes/abchlik/widgets/hp[.]gf
- hxxp[:]//repairinc[.]wsid[.]net/wp-admin/css/colors/blue/inf[.]inf
- hxxp[:]//rickspringfield[.]jp/PHOTOS/PHOTOS_files/msg[.]jpg
- hxxp[:]//robinchahal[.]com/ftp/msg[.]jpg
- hxxp[:]//rockett[.]net/wp-content/themes/simplemag/formats/hp[.]gf
- hxxp[:]//ryzconstruccionesciviles[.]com/wp-content/themes/spacious/font-awesome/css/inf[.]inf
- hxxp[:]//sabbath[.]weswesmusic[.]com/wp-includes/ID3/hp[.]gf
- hxxp[:]//sagami-suisan[.]com/wpBK/msg[.]jpg
- hxxp[:]//schwimmerforum[.]de/archive/hp[.]gf
- hxxp[:]//shop[.]albertgrafica[.]com[.]br/vqmod/install/msg[.]jpg
- hxxp[:]//smarthost[.]kiev[.]ua/templates/sunshine/css/msg[.]jpg
- hxxp[:]//snowfeel[.]in/wp-admin/css/colors/blue/hp[.]gf
- hxxp[:]//solutionpc[.]be/modules/php/1[.]pdf
- hxxp[:]//spidernet[.]comuv[.]com/wp-content/themes/twentyseventeen/inc/inf[.]inf
- hxxp[:]//standard-cement[.]kz/hp[.]gf
- hxxp[:]//stilldesigning[.]com/wp-content/themes/stilldesigning-2014/css/hp[.]gf
- hxxp[:]//subastaomarwheels[.]com/wp-content/themes/revo/css/fancy/hp[.]gf
- hxxp[:]//szimano[.]org/wordpress/wp-admin/css/colors/blue/1[.]pdf
- hxxp[:]//tanmoy[.]xyz/wp-content/themes/sility/files/hp[.]gf
- hxxp[:]//tasooshi[.]com/wp-content/themes/astra/assets/css/minified/compatibility/woocommerce/msg[.]jpg
- hxxp[:]//tasooshi[.]com/wp-content/themes/astra/inc/addons/transparent-header/assets/js/minified/msg[.]jpg
- hxxp[:]//taxi-kazan[.]su/administrator/cache/msg[.]jpg
- hxxp[:]//telebriscom[.]cl/wp-content/themes/fitness-wellness/languages/msg[.]jpg
- hxxp[:]//thabazimbi[.]net/css/1[.]pdf
- hxxp[:]//thaisell[.]com/AM/hp[.]gf
- hxxp[:]//thefourthseasona-1-z[.]com/wp-includes/ID3/1[.]pdf
- hxxp[:]//thegioibds[.]net/wp-includes/ID3/1[.]pdf
- hxxp[:]//thelearningcompany[.]com[.]au/templates/eventus2/images/presets/default/inf[.]inf
- hxxp[:]//tilmenyoresel[.]com/catalog/controller/account/inf[.]inf
- hxxp[:]//tntnailswoodlands[.]com/wp-admin/css/colors/blue/hp[.]gf
- hxxp[:]//tntnailswoodlands[.]com/wp-admin/css/colors/blue/inf[.]inf
- hxxp[:]//tosama[.]de/templates/jsn_artista_pro/js/inf[.]inf
- hxxp[:]//tourview[.]ir/wp-includes/ID3/hp[.]gf
- hxxp[:]//trdesign[.]org/themes/bartik/color/1[.]pdf
- hxxp[:]//tugaukina[.]com/wp-content/themes/sahifa/framework/admin/images/inf[.]inf
- hxxp[:]//twosisterstravelco[.]com/wp-content/themes/uncode/languages/hp[.]gf
- hxxp[:]//tyger[.]ro/wp-content/themes/twentysixteen/inc/inf[.]inf
- hxxp[:]//varfolomeev[.]ru/cgi-bin/msg[.]jpg
- hxxp[:]//veganwarrior[.]racevmarketing[.]com/wp-content/cache/et/8/1[.]pdf
- hxxp[:]//vehiclescanner[.]co[.]uk/[.]quarantine/hp[.]gf
- hxxp[:]//visionfirst[.]site/wp-admin/css/colors/blue/gr[.]mpwq
- hxxp[:]//visitjourney[.]org/wp-content/plugins/admin-menu-editor/ajax-wrapper/hp[.]gf
- hxxp[:]//vlakvarkproductions[.]co[.]za/[.]well-known/acme-challenge/inf[.]inf
- hxxp[:]//voasi[.]com/wp-content/themes/twentyseventeen/assets/css/msg[.]jpg
- hxxp[:]//www[.]333media[.]co[.]uk/wp-content/plugins/Plugin/Licensing/inf[.]inf
- hxxp[:]//www[.]baumont[.]fr/wp-content/themes/dt-the7/languages/hp[.]gf
- hxxp[:]//www[.]djyan[.]net/administrator/cache/inf[.]inf
- hxxp[:]//www[.]eliasmetal[.]co[.]il/wp-content/languages/plugins/1[.]pdf
- hxxp[:]//www[.]glitzygal[.]net/wp-content/themes/FreshClean/includes/msg[.]jpg
- hxxp[:]//www[.]gran-premio[.]es/wp-content/themes/elastico/functions/css/hp[.]gf
- hxxp[:]//www[.]gran-premio[.]es/wp-content/themes/elastico/js/hp[.]gf
- hxxp[:]//www[.]illustr8design[.]co[.]uk/wp-content/themes/illustr8black/font/hp[.]gf
- hxxp[:]//www[.]insidepoolmag[.]com/wp-content/themes/vidorev/page-templates/msg[.]jpg
- hxxp[:]//www[.]krayot[.]ru/includes/hp[.]gf
- hxxp[:]//www[.]krohm[.]net/wp-content/themes/Flexible_old/css/hp[.]gf
- hxxp[:]//www[.]leamoreconstruction[.]com/wp-content/themes/buildplus/admin/1[.]pdf
- hxxp[:]//www[.]mashmul[.]ir/components/com_ajax/hp[.]gf
- hxxp[:]//www[.]phazethree[.]com/wp-content/themes/customizr/inc/admin/css/msg[.]jpg
- hxxp[:]//www[.]plasticbottle-factory[.]com/wp-content/themes/baiila/fonts/hp[.]gf
- hxxp[:]//www[.]scottpatton[.]com/birthday/hp[.]gf
- hxxp[:]//www[.]scottpatton[.]com/img/common/hp[.]gf
- hxxp[:]//www[.]sey-org[.]com/wp-content/themes/frindle/templ/msg[.]jpg
- hxxp[:]//www[.]soundtel[.]com/cgi-bin/msg[.]jpg
- hxxp[:]//www[.]thecustomboxeshelp[.]com/wp-content/themes/Newspaper/mobile/amp/css/inf[.]inf
- hxxp[:]//www[.]x-ng[.]de/wp-content/themes/my-vcard-resume/vendors/bootstrap/css/hp[.]gf
- hxxp[:]//www[.]xfreaks[.]at/templates/reinhard4/css/inf[.]inf
- hxxp[:]//zipcarbahamas[.]com/wp-admin/css/colors/blue/inf[.]inf
- hxxp[:]//zzb[.]kz/libraries/cms/captcha/hp[.]gf
Malware Hash (MD5/SHA1/SH256)
- 1fc2e4c5ff5844410fc7b78c6987cddf
- 44ff529219044aea635985dbb98b63f1
- c834c0e071ba81c16ec8093233a268c9
- d4dd2a704dc4058951b330bf9e72df57
- 7288d113b95d76bdb5e80040fcded9a4
- 862ced9771f1d1af136e0b00c9a37496
- 4efaa45b9e7c58ee04eecbf11c430063
- fc2d1d2825c42a11b56d6e5fd0ef0317
- 358f9893f047e1e0e7d4eee13bd4a3b6
- 17c7cda30096c869c95c50852b4043c9
- d27974f69100fe36c948f25529a72a2d
- 21d5abb9977d71918ee1de4e83dc8e84
- 6cc16cb37135f58895345e3f8cbfdd5d
- 6f3e147fca1f2c8fe6275082d66e2a30
- 75e0a3f7fa6853b006b7871be3217e21
- 588c44f7d45328df605aaa90902f51b4
- 9cbdc4243bf6b775c17ddae33472d7f0
- 399602c103cf91b3983742ab89a71918
- e64ffb9762baa56fca2dcf788e671c19
- d0b32bcb0d2d3c809dd829d0b4f5e36f
- f0a70786bc46ef829652208789fb71a8
- a49becf00b4f784713850c36c93743fd
- 26e56de629257522119b9c0bf303f178
- efeef329677779bdce968ad62a4744a6
- 92b5abef090c538d37aaa4d4220d203c
- f8f2854a70018b6dc26069bfd677ac65
- 6050d781f8a9138342195c195354f601
- 013aae78d326cfb1cc3c1baf924368c1
- adead6c71c051595f60dbd42919cbfa3
- b891aa5781114582c27baa0c8029777c
- d7b1976d623015332b2ff468f385ea69
- e3b60927db92de73e80813fa24a7c61b
- a645c3785b9f3ece07bd959631f8fdc0
- 7382581e63ff4fe62477dd915fa33736
- 5d5d9dba99e609b34ea040ef7003e444
- 834e658f1c9206f3dcf1076192ba7256
- 969305f9f01a46e8eee82885d9bde2bd
- 2d4f8a97b58382be42c61bacd190a577
- 024b96c94297855f73d34df614a4baa3
- 5b6401c25c4db9c6552a24bcf72295b8
- 66527ee46c0939b508607efab87b352d
- 4d988338e79cb04cdc1358d49dfdd2e9
- e1910ce7fa51b3d99c1664c632949cdd
- 80c87c3b7187bf24ad3e3805c9ceccca
- e8178a58198d491bd2dbcc2c170fd40d
- 4a9246917961b64d89d52f812647a4c6
- 46d391cb2a6c43cee82609ee33fb371b
- 86cc993b9af22ce2624a6a3d7831e422
- b82b82beb62ac4eb418482d9bcb517c2
- 08588913138eae6baec523566ae4131e
- e5dbf26de67c36360904167fc0d014e7
- bd2504c9adb62cce7cc148f97f5f9201
- bb39f3c3bafd9fac9c8cc1b8ed2a6e40
- b6a294ac8421dfc269e9af7428094063
- eecc3f8b06d10c937ee2bdda9afdfc03
- 214139f97f853b7febdf030baba6bafd
- ee65ebbc954c2ad5a09042d138af0679
- 91ecfc7bef3e8f2851cd0b3a80e767b4
- 9c216a7d7e50c0576ca4bdc794db37c8
- 4dc6394261c4404164c1061deef9afb3
- 821db42aed5076881f1ccf04fb9f3025
- 65c7547198528217791e1f0de2788e7d
- 2507d78dec3de7552c582576ba48865d
- e704da02579efeb63b16181bdec2b77f
- cb65cf232455da6e55f9d27339caa4b3
- cb444d53bc22ef7a48f809801bb06ec7
- d618bf728cecc3d684fc28c23996a95f
- f97ff2b608b522b1a6769a87c74af6d4
- 38af0830c3144800359245d53a8854b5
- 7e921e11caeb6f9594fa286d217af62e
- e3cce010a6dd36ea82db065ee92f2c2e
- eb4a56ff586f6c8efe402a1684c79464
- 4a56b5573673cc7d2cb3161fbfce5c7c
- 201e80d06b45399649f453017eb5a4e5
- 84b8bc2fea52b2090f29857f5d7e467e
- 73dea1a75637e14f6fcd012fe2815636
Remediation
- Block the threat indicators at their respective controls.
- Do not download email attachments coming from untrusted sources.
- Do not click on URLs received in untrusted emails.
- Scan all files prior to execution.
- Closely monitor invoice/bill-themed emails, (They’re also frequently reported in phishing alerts).