Severity
Medium
Analysis Summary
Following threat indicators have been retrieved from multiple malware and phishing campaigns. These malicious IPs and domains are involved in dropping various Trojans and malware.
Impact
- Olympic Destroyer
- AutoIT malware
Indicators of Compromise
| IP(s) / Hostname(s) | 159.148.186[.]116 5.133.12[.]224 86.96.193[.]134 |
| URLs | accountservice[.]org ilmuniversityonline[.]com newage[.]minernewage[.]com newage[.]newminersage[.]com newage[.]radnewage[.]com |
| Filename | verclsid.exe streamer.exe stream.txt |
| Malware Hash (MD5/SHA1/SH256) | 02017a5216d0726471de5ecca0610fa25d946148476b6af172c786b29b87c88e 09fa321c109450dba8b97f8b8e268e9a8e996b3febc0f02127927a8a3d314269 51a32b51cd38c043944c85095e518f33685f68125e1bd388fcdaee6b12a696d5 893b978f47cd4c2f30e1f5e3bb75bee9aa996ddb12e79f882bfbb2f5d53d1a64 aac65773727c6eb86accd7b3905da6d2dbfc945fe57101f86bb5ceba12db1496 ac17114be068f1cdfe1e660ddbe78dd73f8d7259be0fcd5a64cb4df8b9611daf b85027de6871e2ed1a2154edb645fd016807989b44107fc2804eb6e9acce3b9d c0137e41f9d1b165c57e76714bb44e4ca4de2f8f83f6fd4bd34c90ed01553764 77c2372364b6dd56bc787fda46e6f4240aaa0353ead1e3071224d454038a545e b4d8d7cbec7fe4c24dcb9b38f6036a58b765efda10c42fce7bbe2b2bf79cd53e |
- Block the threat indicators at their respective controls.
- Keep operating system patches up-to-date.
- Never click on the links/attachments sent by unknown senders.