TLP:WHITE13 IOCs
From Fake Purchase Orders to Remote Access: Analyzing the JS.MonoGlyphRAT Threat to US Enterprises
Malware Families
Diamond Model
Adversary
Infrastructure(6)
Capability(1)
Victim
5W+H Threat Analysis
Analysis unavailable
Indicators of Compromise
Indicators of Compromise13
| Type | Indicator | Confidence | Score | First Seen |
|---|---|---|---|---|
| URL | http://158.94.211.76:34567/ceoznp?ia=UDP3HIP4P5SH3U5R&df=0</li> intel-blogmalwarenetwork | High | 58 | Jun 2, 26 |
| SHA256 | 5446b24959c1c2707accfc257aaac61819c01d1ed65bca910a7e8be1787d200f aptespionagefile-hash | Medium | 51 | Jun 2, 26 |
| URL | http://158.94.211.76:34567/ceoznp?ia=GEZHOV8LBB7PY4KX</li> intel-blogmalwarenetwork | High | 58 | Jun 2, 26 |
| MD5 | 76e6f6c63756479726e6565647879637 file-hashintel-blogmalware | Medium | 51 | Jun 2, 26 |
| URL | http://158.94.211.76:34567/ceoznp?ia=GEZHOV8LBB7PY4KX&df=0</li> intel-blogmalwarenetwork | High | 58 | Jun 2, 26 |
| IP | 158.94.211.76 aptespionageintel-blog | High | 58 | Jun 2, 26 |
| MD5 | 766bbae98154b60b381ce91bfb5473ed aptespionagefile-hash | Medium | 51 | Jun 2, 26 |
| IP | 91.92.243.79 intel-blogmalwarenetwork | High | 58 | Jun 2, 26 |
| URL | http://158.94.211.76:34567/ceoznp intel-blogmalwarenetwork | High | 58 | Jun 2, 26 |
| Domain | scan.aryamint.com intel-blogmalwarenetwork | High | 58 | Jun 2, 26 |
| SHA256 | aa5b97546a5cb1e62fbacc5f8521a7fc593ed37b11604966a87b464b9bcc1eb2 file-hashintel-blogloader | Medium | 51 | Jun 2, 26 |
| URL | http://158.94.211.76:34567/ceoznp?ia=UDP3HIP4P5SH3U5R</li> intel-blogmalwarenetwork | High | 58 | Jun 2, 26 |
| Domain | aryamint.com intel-blogmalwarenetwork | High | 58 | Jun 2, 26 |
IOC Relationship Graph
IOC Relationship Graph13 total IOCs
URLSHA256MD5IPDomain