TLP: Amber
NIVEL DE RIESGO – [Alto]
Acción Requerida: Aplicar los indicadores de compromiso descritos en esta alerta en los dispositivos de seguridad de las organizaciones.
Vector de ataque: Correo electrónico.
Impacto: Robo de información confidencial.

Descripción

Una firma de seguridad ha identificado una nueva campaña maliciosa realizada por el grupo “APT CryptoMimic”, o también conocido como “Dangerous Password”, “CageyChameleon”, “Leery Turtle” o “CryptoCore”. En esta nueva campaña, se ha identificado que tiene como objetivo comprometer a organizaciones financieras o a instituciones que tengan activos de criptomonedas.

CryptoMimic fue identificado por primera vez en abril de 2018 y su principal método de propagación es por mensajes especialmente diseñados para engañar a la víctima, ya sea por medio de correo electrónico o por mensajes directos en “LinkedIn”. En estos, se agrega una URL maliciosa donde redirige a los usuarios a un archivo “.ZIP”, alojado generalmente en supuestos sitios de Google Drive o de One Drive.

De acuerdo con las investigaciones, el programa malicioso utilizado en la campaña actual por CryptoMimic es “Cabbage RAT-A”, “RAT-B” y “RAT-C” los cuales tienen técnicas de evasión y son capaces de identificar si se están ejecutando en entornos virtuales o en una sandbox.

Una vez que el usuario descarga el archivo malicioso, se ejecuta Cabbage RAT-A el cual a su vez extrae RAT-B y RAT-C en el dispositivo. Cabbage RAT-B es el encargado de realizar el envío de la información del equipo infectado al servidor de Comando y Control (C&C), estos datos son utilizados por CryptoMimic para analizar al objetivo y determinar si se continua con el ataque o se detiene la infección.

Posteriormente, Cabagge RAT-C permite que los usuarios maliciosos ejecuten código en el dispositivo afectado, además, este realiza la descarga de otro programa malicioso de nombre “msoRAT”, el cual es el encargado de generar persistencia en el equipo.

De acuerdo con las investigaciones, CryptoMimic tiene como objetivo filtrar información confidencial, como son archivos personales, contraseñas almacenadas en los navegadores Web y datos financieros de las instituciones afectadas.

Nivel de riesgo

  • [Alto]

Sistemas/tecnologías afectadas:

  • Sistema Operativo Microsoft Windows.

Medidas de compromiso (IoCs)

A continuación, se listan los IoCs identificados hasta el momento, relacionados con la campaña reportada en esta alerta:

  • MD5:
    • 16be84684b3cbcde54b45315164bdd23
    • 0a512f11ab114c91dadcd5ca9cea63b8
    • 170a96fd6fb606a56474e2fc716d91bb
    • 9b4df98a975b622c456c7f8e2001628f
    • 23949657ccb9913f746bd777017eca17
    • f0a92e7d0a8eb7a85003a316704c9812
    • 9aa464cc5f50b3db260a0d2ec9e74ead
    • 034c0ad0de6464db26a54620d28382cb
    • e91de2e139d6560f5a81016d46d03db3
    • 797adc31b6370ca50318ae342d692ad6
    • 36ad2e8ac0ec506fe582c14ba5713cd5
    • 7cd7604ddfa4eb0caf7c878c8fdf617f
    • 220e32ff140ef5f0fdef71b5b82b3a48
    • 318285813e4665c80be08db657c2bd4c
    • 92b9808028e5d7019c29ea41df162db4
    • a1c607fe90eecdb3dafea82bb7a089b4
    • 8cb554127837a4002338c10a299289fb
    • e7d42e055708a6659661370b99f516d1
    • 6af21f0bdefb55a4219fd4c25674ba67
    • a9c5355fce2bd42e5cb3cd1fe6c375f1
    • 146827291a77c6d85ec53f18e371a03c
    • 786e61e00c33175cc9ed9b7b99d166d4
    • e2dd0bf4bdf8d51954c7c8a924571d3c
    • bd191dac5e16ec6db262b92b3f4f2556
    • 0dc133b5b06b454d9777b552e84f1f4e
    • 2888f852a8a90e16aa72282fad6eb16e
    • 47c91edfe71fe31801a86ea97cf5a42c
    • 7d9d91748258e35176386497765dbc00
    • 0efd61f2ed379a5ae43c39333196d178
    • 8468a0bae15202a634ac48e56724edbe
    • bd1cf2404e0d03d6256ce333e97af25a
    • 5241c8bf6be44eea9c9c45ef2dcf3867
    • cc7d27698488a80f9fc35341d31ef872
    • 0bc0ed48bb02e5d08d5549b59ff1105a
    • ce09cdb7979fb9099f46dd33036b9001
    • e6e64c511f935d31a8859e9f3147fe24
    • 244a23172af8720882ae0141292f5c47
    • a929b7eb37a7fa26dc59c1fee364ec65
    • ff9ee83f13bd8167d9ba780b2a147668
    • 3812cdc4225182326b1425c9f3c2d50b
    • 0e529999ed0a329c39a2fbdda3458b74
    • 427bdfe4425e6c8e3ea41d89a2f55870
    • 059bde35d1f07a4af75a7e2cbdd73380
    • 8cc8bdc017b103f4dbd00e6336809594
    • 3b6a9b2cbb4874c551929c2b530412ab
    • ce9030dd0ce0c3872f5b59088e9a3362
    • 53b800066811b7668e59774bd4c763ca
    • dbbe0311788f525b2163fb510ca8f22a
    • 4668e0de731ea41243c5bce6ea506309
    • 5d662269739f1b81072e4c7e48972420
    • 97fd02ae666988d853a68fdd7f7d2e7f
    • 097698566d9c88a520e0d5459566a6b1
    • fe9f9f690943047e1f877644cb6d4648
    • d41f422a621b097b949e1540e48d5f58
    • 2ea2ceab1588810961d2fc545e2f957e
    • 7d5c259d422310218a8888ec1ce65e92
    • 3078265f207fed66470436da07343732
    • de762f4e393af735609cf2e08f56ee7b
    • 83bac6075fe0d21eea6c9942b2738a1e
    • 92aa224af7d71c9fc162fdb6ce53bc5b
    • 15f1ae1fed1b2ea71fdb9661823663c6
    • 874ef600af0a8b88ca5c937d140ea8c5
    • 850751de7b8e158d86469d22ad1c3101
    • 093eae51bd7566c40d646c1b37bce0ea
    • 9b694c70494d968c319566f72f358fd3
    • 7a83be17f4628459e120a64fcab70bac
    • 4274e6dbc2b7aee4ef080d19fff47ce7
    • 00ba843f8d6dcb8bbc5b22c3288e8a3e
    • feccea47b97e78f2d6c4271da3f565c4
    • 561f70411449b327e3f19d81bb2cea08
    • cf1bc39380f40a514aa82e4db6215b11
    • c509890d250d6e986e3c3654aa5cea26
    • eab491a31d4f049695c0aa515a0d90b6
    • 5ebdfa1bf92d8075f53427531567fbf7
    • 56fe283ca3e1c1667191cc7764c260b6
    • 0eb71e4d2978547bd96221548548e9f0
    • 09bca3ddbc55f22577d2f3a7fda22d1c
    • e9b4c4ec893a15f23524766764b696c6
    • b85879c0a463dddc3a98c91c9cd52934
    • d73499bc6b500b4fc5648943e12ce9e2
    • db3c54038e0b2db2c058a5e9761e4819
    • 88349b3e7e2e61a8dc3d0fc02e461c7e
    • 0c9170a2584ceeddb89e4c0f0a2353ed
    • 3e9b52e3b90ac45ac5ddb9c91615c7ae
    • b8406b91b0eb57267f192a1aee6d3ee0
    • 753959ab347cc43af439cb3eb36e8caa
    • c5d9a6478b9b68c213301cb81cbd3833
    • d0c500c37ae9f9e3657d26272722b997
    • 8b7350ac6d069e77fb63b3cee3df31a8
    • 1439d13eee4b43501bfadbe40da1e1f6
    • 629f6a17bea4c386aee3dfec2ed6ec2c
    • ee15bec0e9ba39f186d721515efd6a00
    • d3d32225bf893ccc62dee9d833fe04f2
    • da599b0cde613b5512c13f299fec739e
    • 5bb049c31f5fb8c4a076def3efb91177
    • cd0a391331c1d4268bd622080ba68bce
    • d7b8c3c986495a814c9b8bd10d3f5eef
    • b33cade6a8c03e94a7d06306c7cfc36b
    • f3b7eaf965e30bef2d5ef1ee1bb6634b
    • a0d98d01ed78fd66494138ac155c56c1
    • c869b0fe739d0626e4474eea980dd018
    • d7748383f7c1c8a198da473a5f5842fa
    • 2d27e4aa3315c7b49ce5edd1a3fb5485
    • 64272932a09b818a818e965aafc579ab
    • 17d97dca939836fe4eeb61eac371960f
  • SHA-1:
    • 9e52296fcc6dcd25e1e7ea19bf602fed75162f84
    • cc1cb32811f1a19605a37a934542c1efe247f8df
    • 75f676b5ec1a59232e5b068e8806984a7c88a0e9
    • ceafd3a8ecf9f8c6769200581a9bd50ed7add7e2
    • 3423cabf82dbce3c938ae62774ca83707634e4bc
    • fe07bca35f751f3c4fe877e35bddf324ab1f0335
    • 4d263f300aae025157d49b2affab466a89502688
    • 1ae7e243b793ccbf257754c1835a59b4aa126aba
    • 1c5d3c695d72762e0f2945c00764a05016c8c5c0
    • ecb5ba7044417916ba12de5fa9e6fccac3e5d475
    • 29829a4bc5d6f8ff805ff899d172118af08aebf1
    • 8897691313a861d8f8c011a25eb2ad18bd576b52
    • 20c2727c241643917e72aad245cce54c39ddd0cf
    • 64a75a09455fd7d227608607193352b0b6f0687c
    • a3a6436888cae0d136a044cb2502f69cc28221a6
    • 8ae8f2563cdf186839de101f174535688fde7604
    • e66a124d38c0c24de6251c0b1669e2009226cea7
    • 0f882356c3f2fa734e4c7d211c577ce0b9e239ae
    • 800e725d3e715e9a49bb194362c19df5d94896e0
    • c9236c63c8ae90f035c292e49f6c910c3681a94b
    • 69b766a9983dff49cd70aa6344825d0a3308954e
    • b7117a65c278e9d2dadd3cf95807af2e0831fb9c
    • 0dee013dda275f68ddebcae31c042f78d11d73a0
    • 094f8cd73c849fc1ed0e8b28796bb379a467b193
    • f8986fd200c2c16480be1fb31b2616e46eef8b88
    • c0570614f5d665bb3f2b1835cf5ff2d88cb238f6
    • 9a1c53f8a80677f7f6bb14260ef7c03bf4bb0874
    • 53acc50dc855d3798cddbe96ce9c891896235992
    • b06941ac468927e8eac2c1f1f60f7d321d2ee6be
    • 9930b22ad56bd83cd6f37767c50204962c6c50df
    • fd3b589c07ecc048ffb32408dc35170e54125ab9
    • 6c1cdd5e93995e7529a5fe846abde907b50bd7b2
    • 7b18f308f929505df5822410018add5e47a4c66a
    • 03c5465a983cd585735140278b5c09164ab8e262
    • 04d3968d4e140f1a5fc5ae0f1d11618058a723cb
    • 13d25558500b5f57810305a81707ec5e79d8e54c
    • 6a11508e1eb0bcd6c7bccda63a448ad1f4c0090f
    • f64d8032fe5c1fe299db0318c0a46ae4f4905195
    • f532df98d3598786f2135894a7143eea3d095bbc
    • 9bd37da47b5e86d459baf89f0790f37201c60efb
    • 9c2f7308ecf3fe58a9dc84c0ac3e0b3ab47e152f
    • 03e19b4ab5d4e232c38b52b7237bb5f47a6d94ad
    • 50da227c63e3142c5d3f46ec9710bbf6a2300727
    • 81fb19e53ffc800435f7df13ee6113b11c81af90
    • 4201ab88dd97f8f2698ba789bb7d214ad7f0f3a8
    • f510dfb63c6fc0c30a06c14d18de5ecda676b150
    • 270ea539e8f2aadf3f6dd69dd0cea15862ffd124
    • e290fb87ba949bbadc2cdfa16124a81ab5fbfd5d
    • 3e1f0e4fdb8b4fb5001a56de75505f0ad9fea964
    • cd80ee494e31498ca6488f1f1676928bbc12f24b
    • 44abe3207d7d988f680099aa4340ea514c03f5ae
    • 065cb17d2e0f557297c6e659a6faa853a0616f8a
    • 6eb48b3b20add4bf3804247c63632d2a0aa822e1
    • 83901a4e4e40c3af3f30402860193f6f34e20440
    • bbad7232926a39c785a90716ca2bb56ebc203d5c
    • 040eb591500caa4cbaa0c57b0059c30166c1e5c0
    • c65432f5d6d6df17bf4970995565f688188aba56
    • cc249befa277b9ee639abcaa96c7091643a226a4
    • 5d3923a8ee496455ec7bd172f016c2851f008e29
    • 81563221df713252e80e23e250caf9c1aec56a0d
    • 0913ce1e8cc50aa903bf325dc7fe1f636e28dffb
    • f83c963e50fadcb82d2b02e31774cc522a82acee
    • 9f1cb6dad0f3052c7d5d3472fa245ce2d2f1aa07
    • e04580a6242aee3e739921ef5a3de08f8a7c18c7
    • 283259ebd9cff58313713d3cab2418d1847cb2bb
    • c6faf1b5fd4c730c15fb46b03bf89eac1b03bfba
    • 734795ae337d225e4a6549e44df9883dd6dfa698
    • b2cd3681af45241cc020a0a2795401b72f4d917a
    • 207e0fc966aa677f65eb5b7a09f248b078c429a7
    • bc608400f9fc6c34f7ab230ee71a42920e90c9e7
    • e938efab0b98037e3b48c970b72116ade5298686
    • 779763f91871d66af383e423392e2dbc9dca78d6
    • 565cee442755609184e70ab925708ceca4457463
    • 5278ccf2114ed0a97af33ff022e754b67879efb0
    • 292998cd12eb20617b19b350e93440e0633f2429
    • b37811888595d9f974a3b0d1f918cfaba439754c
    • 1489c3fce945ebca2f49ad1bb5746fea1bcfead5
    • 51419dacb863c5701f910d1534d970d6644ffca4
    • ffada6f3fff7c1bdbaaea8845697506094d5e14d
    • 32b3cb5a2e99e9aba8e0ece324f2d31dd3911a07
    • d93d09128fcb3a00f7c6194ebc25a0892770cd81
    • c2c47a963f5444bb92b6b6b81d3b9450278a4b9b
    • e4ba20ae1412a8c42208db6e9f0ea90fdf81fcfc
    • 00ed3808b2c6e01040090ed1724fb1571ac0e5a9
    • c797f08f349fb367bce35679618dacc12a0f56f0
    • 47d42cef215abadd6af7694fb8add167dd06c384
    • 56421a179b69cbf48c94dff21f72bd134236f35f
    • 0f4bc92eb3edcb3595145202749df0365a9c1613
    • da013027c7f534321c940f2047354359d7b32480
    • 5de5c8a002ff515346eea4ae9f5d0d25a24f88af
    • 48a931cbb23910022bfb6e3da1c5bffba19ce1a6
    • bb20524b0a50f5f6edab68c6748f7e9b9b7a87ad
    • 15b077e3e6064e2b4c054604b2765d5a784bba73
    • 59424ba83c93fa38f7e074a9d4eefc0d0ab2ca17
    • 0a0fbd08dc6f903408899605f13d5e87a18de759
    • 8af1c8c44d321209492c0c73c8ae25f8265833d4
    • a2d2096073816a5faa1168a2cc5bd3e6e7e66e50
    • 5886fb74d704e6b8e0917ea443a1e5aabeb06dee
  • SHA-256:
    • 3644a49b1bebda5b4a8ef404b42c5dd85187cf5bb924867ceea3869b6c1caf59
    • 36bf1246cad7363fae53c8fc29cf2e2069aa94da8cc98d5807893887247b6b39
    • 3ac12b9d9317b02082ef7a4cb45ec432a034369e79e5bfab58b869a1a0b21e5e
    • 7b3cc4d3bb171c10258d2e0357fabd4cd3db65f99afb406db644cff557c2e012
    • 7d046f87f3804aa4ff95817823cd47eaa221287f59a701cf9b6a76a871cd3a6e
    • 03e3eb441834030151cb5dbad343147324c2405cb30b5d16e602bb961c924301
    • ada0a1dd7d8bb33e904c164d353594192c6f13cc868c0291a5162d3876dc1a7b
    • ccf9d589a1dd56c53a58fd961e95bedf40a4fa1d7260b0b43f32e5b4105197dd
    • c23428217c8caa02f7d2f81d271c38e86c1e0aeabd0da5bec709cf6140dde5f4
    • d23be8d1141403ea5dd4df238b3b374b09c14e6671fb22a6c2e40c72cef92e26
    • 98fedbc81faf7d3cf52136265f2965f9fde4061043c085144026cf2875952739
    • 9d5aec6b8b56d231d41fdfcb499a2b73c0d5b016da0f24d47ad97897eef721cf
    • 4ecab0f81a2da70df5f2260bab7c8c130b200dbfe2bbd8e3d1845ff0c93c7861
    • bcf013edf6da2b54e3657cf320a06977b40ac5a9e983054a29102e10481ace0a
    • 661820016c397ed3cc9bc44d101f16ddc94b35ebc847ba35c45d4f215e4d34c0
    • 7df6a0d33fb8b0a5b1fe17b5f7bac556e023908288bc2ac34920352930f46c79
    • 3b1ac67fbca5cf286b96841d9c472414ac1a09d0615bb927b542b79b39156341
    • edd08889595629780fe4435dbe61b5b3f9b08e8a2d1e4dd17fce5b04c1f09064
    • 501cbf7eee801eeeebb66c266de838ec0ed1de4fcbb1d03d27791385efa18c09
    • c646d17984f5c6f15f01eaa9d32c40449bd4769d8c43a961dd3fdfec3b792d27
    • a7dfa742df787b85692937c14a838a70821a1ca4d47a77b3f47f78cc81fd28ed
    • 89fff0e862a789fad7124dd56e44e7632181449b6e2eb4d8d6c338c523f449a5
    • 2e0e4200f59eca25e48269aee417b8a01d677a02c9086f669446faa6e3fdabcc
    • 31051da63697c2e94fd3164ce0b87488e858b4b8e0d547cd0fb0531ded8ee1ef
    • c653d4097878e9c9de47e6824ee44ce1572239e5530fb13373b86321246e8da5
    • b313ba2c4bc01a817deeae6e6a98ede2e953176060b7bc99c9dcbe02f49d4ba6
    • 0567521a4d529d6b0316514a9e6da26e3905171709d224b1ce8cf8e1c17ee84c
    • 583bc1607ca8aafa0b6ee9a4c6870085ef3f5f1823456f930ef32b0bf2229867
    • 1bd1853d2d1fdd6605b3295e09223a364e1dc160462fd9cb912d09c5ce919bd1
    • 024ce4d9aabf0a25ca609d356c4a6254b0cdc1e57c93f50a4d2a907b01861e21
    • eb56dde44edebfd84c513fbc07ec318e53911b5f6bfd895ad087e0d8cf8e3ff1
    • 9b20767b11f7e54644104d455aa25c6a0fc99ce9d7b39b98408f8687209585e2
    • 426650ccd372823b531bc417e33f39582714b368953e464647b3be281f010de7
    • bb2dd206d52e8e9099e277a36ed6419d9a27982c1cb944879ea4d4884111949b
    • 02d8b12b641379001f3236bef47d91abf1d4f58a4e62a67202295521a6b601f5
    • 997429deb1ed9d9c614af3f44730f143c944f04f273afb84375dffe526fde5de
    • 7dcbeb1806296739acfa5819872e8d9669a9c60be1fc96be9cb73ca519917ae8
    • 7d7592b8ede71086bee14d66cb2c253ab93abaa0eaf767882167a993f692fe3d
    • 169aa92015d3ae94d841745b3bb3be5addd980596ba42c50cf9666ed9ac88334
    • 57278dab6a0e8438444996503a6528ff8a816be0060d5e5db7a6ab1a0d6122f1
    • 27fe3f36e00b68dcf318bb19ccb39a8b103ace6410e56e9c30182dd6d9187543
    • b269a26bf280351a7e7776067c8bf2454805d0cfd4b9ea95d98701ad9ed6ba75
    • dffd5189580f53236543c4010a48d994629934ee54cfdaafc9de1f83bf35d06e
    • d70988e43ebc4981e880489b11b6c374d466ef04803f9c2e084af037049cfd04
    • c9a8dbac885c20cc7901fd3b53d557a808145806b36c066836039c4e656fffe9
    • 3249e2eb1eaa628dcf7c83062463bc6bad36515b130e760333da98ea8ffd362e
    • a42574ccb5fa0b37b36f42633c3c24a916ebf7fb093562f207859ed7c07868bf
    • d05348bd98f781ba26a14085cac2f8040006501cad726af8638bf71350245e25
    • d81471ce32b8109fea01956bc96253f7a53004bafe3ca55df44526d49152736c
    • 7ee88c6f150ca4ed19655146d644024d5034ce93686900eff0b3521f66ed55c6
    • 516e58ddabe506c18098bd0ee842edb6c3ae4b49cbe51b844e79009d070ccc39
    • e099ae57f9d5b63a8297f958973c650fa5564a022fcfed00bbb67f8993077cab
    • 901eca85c5711a53e53c48309b3afd34cbb014c91a20f8f716ee21832c7cd5e0
    • fbfdcfbff95fb5c54e892d2bec01554e23c76e45fb54d27a06232a5a6b7d5cc8
    • 1b1c8103d7cf206e0e055a95d9d3ff305d4a89f62c3d692a3d28745d3259158f
    • e2eecaabb731f95b6b0250eb5e1b0324ad5844cdc43c1b8497a6972061abf775
    • 9c3431932cdf13c6c126df26bab60259fc040e1d97c60f0bd621d9e35469c40c
    • 94dd52af96abca69f86b549f35dab502db14f0ade74fd87f316bd039e87f42e2
    • 6ea04c6cda18b297928009da41bb2f329a63840d66c2b2d54e26a482065bdd4e
    • 915a1924ff9299cbf28e48d7e1df5a09d7fe0d6a664564aea84e63f230eaa96e
    • c2d9a510d82a3e003a059c6448fff61ba9e39fe8ec6f079b90adabfc93f72b4e
    • 7ad1f7c989d7d8937bf9a1aca255c273a0bede03e6d26f5537971bd264fbadd9
    • a2af7ce3ddcb8bcce83c837902373ed880c3feee44453889bf5d0162b6989659
    • f9e299c562195513968be88c6096957494cf15195a05c4abc907520eff872332
    • ba54f79c32806b8d7e8f023b8339b1882761eecc3a5f8b9d40ab764bf2ed3f26
    • 122674a261ac7061c8a304f3e4a1fb13023f39102e5605e30f7aad0ab388dfa0
    • fe820433b912d08483030ae0a3229d2617f71999178fd29c909478ddef2fba8f
    • ac8978cc72a5ff44ccc4cac9b1d88de5d61705d3c8a10cc9cab60d6059e3eac7
    • 5d183e8950c7fd56350d5c7edd42481b7f164e34243fe832b1f4dd125da08b32
    • 9ab13bfc2c60c1c15e677df76e8768e054d01d24f095cecf752491f785babc0b
    • 0994376ed9ae4c8793ddb90c6caac75a9a69388579a58c1975b851a20a42b953
    • c35414673681517a7931f37fb299edac13ed993afa3e9a0009f2e0983e02d8e2
    • 070be2bfc60d1616afb196d523f1540d5fb62867d379f6e87b6f65bc38455c5a
    • ef3c435a184a1f2a756a597967504ae8744184553571620962238e2ac29471ee
    • 1b3379432b313270a7c657505438fddace80584d17641cbcd97113e12c6ed26c
    • 2b3fb6bda062f520155d55603e723ea927cfe6367fcc2eb67aa317790f86704e
    • e784a3169431980569d2376c611748b36a28f3f4e4644436846f554c3ef65b30
    • a837287bf214666ca214b5530dd56edbd6469e6a6c179a6075dc64422ee5a65f
    • c60aedbb20fdea048fa2d4b3bdc520f9f9b9172ee16c01dac19b33781b1bdb1d
    • 0f413432d5f4fc1479ea058d6f45c6214f5d1aa6f56a367ace5b86d7ebe31dea
    • 481629605412b02746f6ed7c102a391a4d8d49bd90f137bb262b723437de0937
    • b077edc8d08796cdff8b75e5cb66e0191510a559941b431e38040e51b6607876
    • 5c8291d7a3bf4e7f958f33ba3cb3fb35218a86ed9c67178ecc458c5d2d5f6203
    • 439fcbfd868078a4f774c17400c3af9d730458578a8e51c349c2b9848ba2afef
    • 00efd0888b1772382ff75931ee186cbbcaf6576a0211ac1ab26420484259427a
    • b0dd8c5bc3a8609f4c963c572f92f5a91da663e92e10c26ce385ecb27999db18
    • bc64a9361f5125309c747675b5c176fd8a941ed8040642f1c4914e730edc4f7d
    • 919380f60b8e644ebdf68bbc64dd14e012d50df343bd35881636f0d1ee934f1f
    • 7446efa798cfa7908e78e7fb2bf3ac57486be4d2edea8a798683c949d504dee6
    • 09f0e82a3bad997c32605a1d3f9e40a0489b587af188fd05d4506358f2e890b4
    • dc3ec28a4f19ebd070c7d03cb2f72a71cbe86dd30d8b96705a4899a7d5658be9
    • 0676fb5226c0a85f304236a520e6b21d9c045becc9f71bd46bcd27e2ef8d472a
    • fd963e1a9102c817bf9d46d8ea05a082e1fec4900ba3a89f79d275c7cf436557
    • a464781b616c86bbd68dbf909826444f7fd6c6ae378caf074926df7aebc4e3a1
    • 77b339250a3793b5aef04d6f626045810a0bc216ee4ee3d0062986ad1f460378
    • 1533374acf886bc3015c4cba3da1c67e67111c22d00a8bbf7694c5394b91b9fc
    • 91e3abd3bd0cbb79077e1628e3a3a0fd5e6dbafdc7e842eff9e05086a5215c6c
    • 997c4f7695a6a615da069d5f839582fdb83f215bc999e8af492636b2b5e3436c
  • Domininos:
    • gogleshare[.]xyz
    • googledrive[.]network
    • googledrive[.]email
    • gmaildrive[.]site
    • googldocs[.]org
    • gdriveupload[.]info
    • googleapis[.]online
    • gmaildriver[.]info
    • googleexplore[.]net
    • googledrv[.]com
    • googlefileshare[.]com
    • googledrive[.]online
    • goglesheet[.]com
    • gdriverfileshare[.]com
    • gdrvupload[.]xyz
    • filecloud[.]website
    • gdriveupload[.]site
    • googledrive[.]download
    • gdrvcheck[.]co
    • googldrive[.]xyz
    • gdrvup[.]xyz
    • fcloudshare[.]xyz
    • gmaildrive[.]info
    • gdrvauth[.]cloud
    • googledriver[.]xyz
    • showprice[.]xyz
    • sharesdown[.]xyz
    • wechart[.]org
    • googledriver[.]net
    • googledriver[.]info
    • googledriveshare[.]com
    • liveonedrvshare[.]xyz
    • krypitalvc[.]com
    • sendspace[.]buzz
    • secureshares[.]online
    • uploadsfiles[.]xyz
    • googleupload[.]info
    • googleshare[.]org
    • microsoftapp[.]life
    • onedrivecloud[.]store
    • navicheck[.]xyz
    • googlecloud[.]live
    • googlefiledrive[.]com
    • msupdatepms[.]xyz
    • onedrvfile[.]site
    • provemail[.]net
    • privacyshield[.]services
    • googleauth[.]pro
    • googlecstorage[.]com
    • googleclouddrive[.]com
    • ownemail[.]me
    • onedrivems[.]online
    • onedriveglobal[.]com
    • onedrvdn[.]co
    • onedrivrshares[.]xyz
    • sharegoogldrive[.]online
    • sharedrivegght[.]xyz
    • euprotect[.]net
    • dns-cloud[.]net
    • digifincx[.]com
    • gdrvshare[.]site
    • gdrives[.]best
    • drivegooglshare[.]xyz
    • amazonaws1[.]info
    • gdriveshareslink[.]xyz
    • financialmarketing[.]live
    • drivegmail[.]top
    • gdriveshare[.]top
    • gdrives[.]top
    • decurret[.]site
    • 1drv[.]email
    • 1driv[.]org
    • drivegoogle[.]org
    • cloudsecure[.]space
    • cloudocs[.]space
    • blockchaintransparency[.]ins
    • amzonnews[.]club
    • 1drvmail[.]work
    • cloudfiles[.]club
    • bugscrowd[.]com
    • onedriveupdate[.]publicvm[.]com
    • msupdate[.]publicvm[.]com
    • twosigma[.]publicvm[.]com
    • drivegoogle[.]publicvm[.]com
    • googleupdate[.]publicvm[.]com
    • connsec[.]publicvm[.]com
    • drivegooogle[.]publicvm[.]com
    • chromeupdate[.]publicvm[.]com
    • mpksl[.]publicvm[.]com
    • mskpupdate[.]publicvm[.]com
    • googledrive[.]publicvm[.]com
    • googledrive[.]dynu[.]net
    • europegdprsec[.]onmypc[.]org
    • coinnews[.]onmypc[.]org
    • vpset[.]onmypc[.]org
    • armzon[.]onmypc[.]org
    • coindeck[.]onmypc[.]org
    • eusharesrv[.]onmypc[.]org
    • gdrive[.]onmypc[.]org
    • termsofservice[.]onmypc[.]org
    • esosv[.]itemdb[.]com
    • excinfo[.]itemdb[.]com
    • sevicebill[.]itemdb[.]com
    • coinomic[.]itsaol[.]com
    • ddsvr[.]itsaol[.]com
    • tokenomic[.]itsaol[.]com
    • btcprime[.]itsaol[.]com
    • ledgerservice[.]itsaol[.]com
    • vpsfree[.]linkpc[.]net
    • googledrive[.]linkpc[.]net
    • matrixpartners[.]theworkpc[.]com
    • blackwell[.]tekstar[.]us
    • windrvupdate[.]kozow[.]com
  • Direccion IPs:
    • 66[.]181[.]166[.]11
    • 78[.]94[.]213[.]101
    • 203[.]144[.]133[.]42
    • 69[.]64[.]54[.]215
    • 210[.]212[.]148[.]30
    • 66[.]181[.]166[.]15
    • 23[.]65[.]190[.]86
    • 70[.]184[.]87[.]103
    • 91[.]98[.]251[.]208
    • 59[.]127[.]150[.]197
    • 190[.]85[.]159[.]46
    • 190[.]81[.]34[.]163
    • 191[.]215[.]16[.]82
    • 91[.]140[.]255[.]62
    • 68[.]232[.]175[.]188
    • 128[.]201[.]64[.]194
    • 23[.]254[.]144[.]139
    • 209[.]208[.]109[.]38
    • 59[.]120[.]122[.]35
    • 145[.]108[.]194[.]10
    • 140[.]117[.]91[.]22
    • 199[.]66[.]91[.]106
    • 202[.]39[.]61[.]57
    • 192[.]48[.]29[.]14
    • 197[.]44[.]198[.]211
    • 186[.]232[.]112[.]25
    • 125[.]100[.]175[.]62
    • 192[.]183[.]29[.]182
    • 62[.]201[.]228[.]179
    • 181[.]193[.]82[.]122
    • 197[.]51[.]50[.]158
    • 140[.]136[.]134[.]201
    • 185[.]45[.]28[.]182
    • 203[.]151[.]166[.]13
    • 104[.]168[.]137[.]213
    • 88[.]204[.]166[.]59

Medidas de contención

  • Implementar los indicadores de compromiso compartidos en los dispositivos de seguridad que lo permitan considerando dispositivos como IDS, IPS, gestores de contenido, AV, EndPoint, firewall, DLP, etc.
  • Implementar dispositivos de seguridad que permitan identificar y bloquear peticiones maliciosas hacia o desde los equipos de su infraestructura (IDS, IPS, gestores de contenido, AV, EndPoint, firewall, DLP, por mencionar algunos).
  • Generar listas negras que eviten las comunicaciones hacia los indicadores notificados.
  • Evitar descargar archivos adjuntos de correos electrónicos provenientes de remitentes desconocidos o sospechosos.
  • Identificar los equipos internos que tengan actividad relacionada con los indicadores notificados y realizar un análisis a mayor profundidad.
  • Mantener las firmas de los antivirus actualizadas para prevenir una posible infección.
  • Concientizar a usuarios finales respecto a este tipo de campañas.

Referencias