The blog post from Malwarebytes, titled "Malvertisers zoom in on cryptocurrencies and initial access," details a rise in malicious ads targeting software like Zoom, often used by those interested in cryptocurrencies and corporate networks. Two specific cases were highlighted: HiroshimaNukes, a new malware loader, and FakeBat, a loader tracked via a new control panel called Hunting panel 1.40. The report outlines the methods, distribution, and specific indicators of compromise for these malvertising campaigns, emphasizing the continued threat they pose and the efforts to protect users from such attacks.
IoC
SHA256
- 30fda67726f77706955f6b52b202452e91d5ff132783854eec63e809061a4b5c
- 44cac5bf0bab56b0840bd1c7b95f9c7f5078ff417705eeaaf5ea5a2167a81dd5
- 462df2e4a633e57de0d5148060543576d7c1165bf90e6aec4183f430d8925a1c
- 5b917d04d416cafaf13ed51c40b58dc8b4413483ea3f5406b8348038125cad0b
- dcb80bd21bd6900fe87423d3fb0c49d8f140d5cf5d81b662cd74c22fca622893
- fd524641d2be705d76feb0453374c5b2ad9582ced4f00bb3722b735401da2762
IPv4
- 94.131.110.127
URL
- http://l.hyros.com/c8KqPHYKdt
- http://scheta.site/apps.store/ZoomInstaller.msix
- http://windows-rars.shop/bootstrap/Zoom-x64.msix
REFERENCES
- https://www.malwarebytes.com/blog/threat-intelligence/2023/12/malvertisers-zoom-in-on-cryptocurrencies-and-initial-access
- https://otx.alienvault.com/pulse/65817e4c05cbf5d0fa336908
TAGS
Malvertisers, Zoom, cryptocurrencies, FakeBat
No comments:
Post a Comment