#1250899: Dorv Infostealers - Additional IOCs

Description: Efosteal, can communicate with attackers via Telegram. It packages stolen info into a ZIP file that it sends to malicious domains via POST. It can vanish without a trace by deleting itself and the files it writes data to.

Reference:
https://twitter.com/wdsecurity/status/1105992405629583362
First Aid: IOCs:

FileHash-SHA256 2a1fa7a34e59d18a984af4b16b50fec4d9a2e507dec5d714b0b8a7d44c6588ad 0
FileHash-SHA256 3e9d27281bc67822c5b842ee7f5d0a72915e3285b6c4d9bcf0bccc55ab705f82 0
FileHash-SHA256 6e6a81c711f60ccc868a9a731c4cee5c4c3cdf336f0e006647ae9cb9de144ae2 0
FileHash-SHA256 716e3713504d2303a45a9814462495fa6c667ced669cb7848c27b63035a164fc 0
FileHash-SHA256 73a4afdf76d5fd896932a15c4a5616a168f69e44bfdea151d2521c567a08fcbf 0
FileHash-SHA256 77ff6fafc8801e4702411f62efab1eecea54a2df712b18170ed3bf106d215ecf 0
FileHash-SHA256 a2f5817d17ced1e6a61b2f836a8ae9e1919cd7a9a26030e061aef98e00af0596 0
FileHash-SHA256 e1f26c5eb5a3334c2643618879ed4ed06fb3650ce7d1a8b1a62408dee023e738 0
FileHash-SHA256 ea33d72dc2ac4897bb68593bbdfdfabd11b7e90fc36519b92056f37d4f121685 0
domain googleservice-info.ru 0
URL http://googleservice-info.ru/google_status.php
More info: https://otx.alienvault.com/pulse/5c8ba7800565581adeae9ebb?utm_medium=InProduct&utm_source=OTX&utm_content=Email&utm_campaign=new_pulse_from_subscribed

Date added March 15, 2019, 8:29 p.m.
Source AlienVault
Subjects
  • All New Malware Alerts - New Reports / IOCs in
  • General Malware - New Reports in