# IOClist - filename # # Use these IOCs at your own risk. # # See : http://www.botvrij.eu # %CommonApplicationData%\Local\user.key # filename - ToddyCat: Keep calm and check logs (372) %PROGRAMFILES%\Windows Mail\AcroRd64.exe # filename - ToddyCat: Keep calm and check logs (372) %PROGRAMFILES%\Windows Mail\DsNcDiag.dll # filename - ToddyCat: Keep calm and check logs (372) %COMMONPROGRAMFILES%\VLCMedia\VLCMediaUP.exe # filename - ToddyCat: Keep calm and check logs (372) %COMMONPROGRAMFILES%\VLCMedia\DsNcDiag.dll # filename - ToddyCat: Keep calm and check logs (372) Unpublished Pictures 1-20230802T122531-002-sfx.exe # filename - Void Rabisu Targets Female Political Leaders with New Slimmed-Down ROMCOM Variant (373) pcmf-installer-23.0.5.exe # filename - Void Rabisu Targets Female Political Leaders with New Slimmed-Down ROMCOM Variant (373) payload.bin # filename - AA23-347A Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally (382) 0296e2ce999e67c76352613a718e11516fe1b0efc3ffdb8918fc999dd76a73a5.bin # filename - AA23-347A Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally (382) MediaPl.dll # filename - New TTPs observed in Mint Sandstorm campaign targeting high-profile individuals at universities and research orgs (385) comx3.dll.txt # filename - NSPX30: A sophisticated AitM-enabled implant evolving since 2005 (387) msfmtkl.dat # filename - NSPX30: A sophisticated AitM-enabled implant evolving since 2005 (387) c001.dat # filename - NSPX30: A sophisticated AitM-enabled implant evolving since 2005 (387) c002.dat # filename - NSPX30: A sophisticated AitM-enabled implant evolving since 2005 (387) c003.dat # filename - NSPX30: A sophisticated AitM-enabled implant evolving since 2005 (387) a010.dat # filename - NSPX30: A sophisticated AitM-enabled implant evolving since 2005 (387) b011.dat # filename - NSPX30: A sophisticated AitM-enabled implant evolving since 2005 (387) msnsp.dll # filename - NSPX30: A sophisticated AitM-enabled implant evolving since 2005 (387) comx3.dll # filename - NSPX30: A sophisticated AitM-enabled implant evolving since 2005 (387) minibrowser_shell.dll # filename - NSPX30: A sophisticated AitM-enabled implant evolving since 2005 (387) b010.dat # filename - NSPX30: A sophisticated AitM-enabled implant evolving since 2005 (387) Notif.FEL.RHKVYIIPFVBCGQJPOQÃ.msi # filename - ESET takes part in global operation to disrupt the Grandoreiro banking trojan (388) RYCB79H7B-7DVH76Y3-67DVHC6T20-CH377DFHVO-6264704.msi # filename - ESET takes part in global operation to disrupt the Grandoreiro banking trojan (388) BrightmetricAgent.exe # filename - PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure (402) eaef901b31b5835035b75302f94fee27288ce46971c6db6221ecbea9ba7ff9d0 # filename - PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure (402) SMSvcService.exe # filename - PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure (402) hxxp[://]84[.]32[.]189[.]74/underwall/docs/7z.zip # filename - CVE-2024-21412: Water Hydra Targets Traders With Microsoft Defender SmartScreen Zero-Day (408) hxxp[://]84[.]32[.]189[.]74/underwall/docs/passport.jpg.url # filename - CVE-2024-21412: Water Hydra Targets Traders With Microsoft Defender SmartScreen Zero-Day (408) hxxp[://]84[.]32[.]189[.]74/underwall/docs/warop.url # filename - CVE-2024-21412: Water Hydra Targets Traders With Microsoft Defender SmartScreen Zero-Day (408) hxxp[://]84[.]32[.]189[.]74/underwall/expand/7z.zip # filename - CVE-2024-21412: Water Hydra Targets Traders With Microsoft Defender SmartScreen Zero-Day (408) hxxp[://]84[.]32[.]189[.]74/underwall/expand/photo_2023-12-26.jpg.url # filename - CVE-2024-21412: Water Hydra Targets Traders With Microsoft Defender SmartScreen Zero-Day (408) hxxp[://]84[.]32[.]189[.]74/underwall/expand/warop.url # filename - CVE-2024-21412: Water Hydra Targets Traders With Microsoft Defender SmartScreen Zero-Day (408) hxxp[://]84[.]32[.]189[.]74/underwall/society/7z.zip # filename - CVE-2024-21412: Water Hydra Targets Traders With Microsoft Defender SmartScreen Zero-Day (408) hxxp[://]84[.]32[.]189[.]74/underwall/society/photo_2023-12-26.jpg.url # filename - CVE-2024-21412: Water Hydra Targets Traders With Microsoft Defender SmartScreen Zero-Day (408) hxxp[://]84[.]32[.]189[.]74/underwall/society/warop.url # filename - CVE-2024-21412: Water Hydra Targets Traders With Microsoft Defender SmartScreen Zero-Day (408) /underwall/docs/7z.zip # filename - CVE-2024-21412: Water Hydra Targets Traders With Microsoft Defender SmartScreen Zero-Day (408) /underwall/docs/passport.jpg.url # filename - CVE-2024-21412: Water Hydra Targets Traders With Microsoft Defender SmartScreen Zero-Day (408) /underwall/docs/warop.url # filename - CVE-2024-21412: Water Hydra Targets Traders With Microsoft Defender SmartScreen Zero-Day (408) /underwall/expand/7z.zip # filename - CVE-2024-21412: Water Hydra Targets Traders With Microsoft Defender SmartScreen Zero-Day (408) /underwall/expand/photo_2023-12-26.jpg.url # filename - CVE-2024-21412: Water Hydra Targets Traders With Microsoft Defender SmartScreen Zero-Day (408) /underwall/expand/warop.url # filename - CVE-2024-21412: Water Hydra Targets Traders With Microsoft Defender SmartScreen Zero-Day (408) /underwall/society/7z.zip # filename - CVE-2024-21412: Water Hydra Targets Traders With Microsoft Defender SmartScreen Zero-Day (408) /underwall/society/photo_2023-12-26.jpg.url # filename - CVE-2024-21412: Water Hydra Targets Traders With Microsoft Defender SmartScreen Zero-Day (408) /underwall/society/warop.url # filename - CVE-2024-21412: Water Hydra Targets Traders With Microsoft Defender SmartScreen Zero-Day (408) CustomAction.idt # filename - Astaroth, Mekotio & Ousaban abusing Google Cloud Run in LATAM-focused malware campaigns (416) AutoIt3.exe # filename - Astaroth, Mekotio & Ousaban abusing Google Cloud Run in LATAM-focused malware campaigns (416) sdk.log # filename - Astaroth, Mekotio & Ousaban abusing Google Cloud Run in LATAM-focused malware campaigns (416) dump.log # filename - Astaroth, Mekotio & Ousaban abusing Google Cloud Run in LATAM-focused malware campaigns (416) Binary.tnqqhgm.dll # filename - Astaroth, Mekotio & Ousaban abusing Google Cloud Run in LATAM-focused malware campaigns (416) Binary.sknwvly.dll # filename - Astaroth, Mekotio & Ousaban abusing Google Cloud Run in LATAM-focused malware campaigns (416)