TLP:WHITE28 IOCs
New WhiskerSpy Backdoor via Watering Hole Attack -Detection & Response
Malware Families
Diamond Model
Adversary
Infrastructure(6)
Capability(1)
Victim
5W+H Threat Analysis
Analysis unavailable
Indicators of Compromise
Indicators of Compromise28
| Type | Indicator | Confidence | Score | First Seen |
|---|---|---|---|---|
| SHA256 | fbac7b40a12970cdcc36f48945beb83bf9461f14c59cb8106ad8e43e5d22a970 file-hashintel-blogloader | Medium | 53 | Jun 2, 26 |
| SHA256 | 902902b5457c6945c2b3878521d23d05d448de179d19761c718fb67c15a4bcc0 file-hashintel-blogloader | Medium | 53 | Jun 2, 26 |
| Domain | updategoogle.servehttp.com intel-blogmalwarenetwork | High | 58 | Jun 2, 26 |
| Domain | googlemap.hopto.org intel-blogmalwarenetwork | High | 58 | Jun 2, 26 |
| Domain | selectorioi.ddns.net exploitintel-blogmalware | High | 58 | Jun 2, 26 |
| SHA256 | 371cfa10a7262438e5bc0694ba5628eb21e044dc8173710df51826dafa11e300 file-hashintel-blogmalware | Medium | 53 | Jun 2, 26 |
| Domain | liveupdate.servepics.com intel-blogmalwarenetwork | High | 58 | Jun 2, 26 |
| SHA256 | 66c8e0acfe030c4eec474cd75c4d831601dae3ef4e1cef78b624de3c346c186d file-hashintel-blogloader | Medium | 53 | Jun 2, 26 |
| SHA256 | ce7016067c97421e3050fa8bd7f1950e0707e6deeac20003f5f30f1c58f435bc file-hashintel-blogmalware | Medium | 53 | Jun 2, 26 |
| Domain | florida.serveblog.net intel-blogmalwarenetwork | High | 58 | Jun 2, 26 |
| SHA256 | 3d4107c738b46f75c5b1b88ef06f82a5779ddd830527c9becc951080a5491f13 file-hashintel-blogloader | Medium | 53 | Jun 2, 26 |
| SHA256 | 7365f661ad9e558fdd668d3563e0a1b85ccf1a543be51cb942db508f9ccbcf5e file-hashintel-blogloader | Medium | 53 | Jun 2, 26 |
| SHA256 | 20c214d58ccfb5ad797f1a02667078d182629ac7e157162566c123519e039d55 file-hashintel-blogloader | Medium | 53 | Jun 2, 26 |
| SHA256 | 1c24d9013b3eae373fc28d40f9e475e1dd22c228e8f1e539ed9229e21807839d file-hashintel-blogmalware | Medium | 53 | Jun 2, 26 |
| Domain | googlemap.serveblog.net intel-blogmalwarenetwork | High | 58 | Jun 2, 26 |
| SHA256 | 6f0a0ac477c73c2533a39cb3d8fbf45365761d11b7368460964a4572e91c5fcb file-hashintel-blogmalware | Medium | 53 | Jun 2, 26 |
| SHA256 | 076ba1135b2f9f4dbc38e306dc533af71b311c1dc98788c18253448fca096c46 file-hashintel-blogmalware | Medium | 53 | Jun 2, 26 |
| Domain | microsoftwindow.sytes.net intel-blogmalwarenetwork | High | 58 | Jun 2, 26 |
| Domain | rs.myftp.biz exploitintel-blogmalware | High | 58 | Jun 2, 26 |
| SHA256 | 84e9bcc055225bd50534147e355834325b97ad948c3a10d792928b48c56c1712 file-hashintel-blogloader | Medium | 53 | Jun 2, 26 |
| SHA256 | c78cb41f4fb4e5f5476eb2c1414f138643494c2b8abe2cf539fafc54199e2aef file-hashintel-blogloader | Medium | 53 | Jun 2, 26 |
| Domain | chromecast.hopto.org intel-blogmalwarenetwork | High | 58 | Jun 2, 26 |
| SHA256 | c357e572dd7c618c54f8333313266a8a9cf07c1038d6b2f711cdbae714bc2654 file-hashintel-blogmalware | Medium | 53 | Jun 2, 26 |
| SHA256 | 3d62e122e31d7929e76633773d752b8bee31462bb79cb5b8b7c6952341e93482 file-hashintel-blogloader | Medium | 53 | Jun 2, 26 |
| SHA256 | e01399d47cda45f1af496fa460f20620a5b08c39714875fe292a5fc3d1c7a215 file-hashintel-blogmalware | Medium | 53 | Jun 2, 26 |
| SHA256 | effa1ae32dbcf6bc64a5025bca4f4c41572439b69edd58b5f78952a407ceb5df file-hashintel-blogmalware | Medium | 53 | Jun 2, 26 |
| Domain | windowsupdate.sytes.net intel-blogmalwarenetwork | High | 58 | Jun 2, 26 |
| Domain | londoncity.hopto.org intel-blogmalwarenetwork | High | 58 | Jun 2, 26 |
IOC Relationship Graph
IOC Relationship Graph28 total IOCs
SHA256Domain