New FIN7-Linked Infrastructure, PowerNet Loader, and Fake Update Attacks

Severity: mediumType: malware

Insikt Group uncovered new infrastructure linked to GrayAlpha, a threat actor associated with FIN7. They identified a custom PowerShell loader named PowerNet that deploys NetSupport RAT, and another loader called MaskBat. Three main infection vectors were discovered: fake browser updates, fake 7-Zip download sites, and the TAG-124 traffic distribution system. While all three methods were used simultaneously, only the fake 7-Zip sites remained active at the time of writing. The analysis also led to the identification of a potential individual involved in GrayAlpha operations. The group's sophisticated tactics highlight the need for comprehensive security measures, including application allow-listing, employee training, and advanced detection techniques.

AI Analysis

Technical Summary

The threat described involves a newly uncovered infrastructure linked to GrayAlpha, a threat actor associated with the financially motivated cybercrime group FIN7. The key technical components include a custom PowerShell loader named PowerNet, which is used to deploy the NetSupport Remote Access Trojan (RAT), and another loader called MaskBat. These loaders facilitate the covert installation and execution of malicious payloads on victim systems. The attackers employ three primary infection vectors: fake browser updates, fake 7-Zip download sites, and the TAG-124 traffic distribution system. These vectors are designed to socially engineer victims into executing malicious code by masquerading as legitimate software updates or downloads. At the time of analysis, only the fake 7-Zip download sites remained active, indicating a possible shift in attacker tactics or operational focus. The PowerNet loader leverages PowerShell, a legitimate Windows scripting environment, to evade detection and execute payloads in-memory, complicating traditional signature-based defenses. The NetSupport RAT deployed by PowerNet provides attackers with extensive remote control capabilities, including data exfiltration, credential theft, and lateral movement within networks. MaskBat likely serves as an additional loader or persistence mechanism, although specific technical details are limited. The use of multiple infection vectors and loaders demonstrates the adversary's sophistication and adaptability. The TAG-124 traffic distribution system is a known infrastructure component used to manage and distribute malicious traffic, further indicating a well-resourced and organized campaign. The threat actor employs various MITRE ATT&CK techniques such as T1218.011 (signed binary proxy execution), T1204.002 (user execution via malicious file), T1583.001 (establishing infrastructure), T1055 (process injection), T1059.001 and T1059.003 (PowerShell and command-line interface), T1547.001 (registry run keys for persistence), T1102.002 (web service communication), T1071.001 (application layer protocol), T1204.001 (user execution via malicious link), T1569.002 (service execution), and T1584.001 (compromise infrastructure). This indicates a multi-faceted attack chain involving social engineering, code execution, persistence, and command and control. The identification of a potential individual involved in GrayAlpha operations suggests ongoing intelligence efforts to attribute and disrupt this threat actor. Overall, this campaign highlights the need for layered security controls, including behavioral detection, application allow-listing, and continuous user awareness training to mitigate the risk posed by such advanced threats.

Potential Impact

European organizations face significant risks from this threat due to the potential for unauthorized remote access, data theft, and disruption of business operations. The deployment of NetSupport RAT enables attackers to exfiltrate sensitive data, including intellectual property, financial information, and personally identifiable information (PII), which could lead to regulatory penalties under GDPR. The use of social engineering infection vectors such as fake updates and download sites increases the likelihood of successful compromise, especially in environments with less mature security awareness programs. The persistence and stealth capabilities of the loaders complicate detection and remediation efforts, potentially allowing attackers to maintain long-term access and conduct lateral movement within networks. Critical sectors such as finance, manufacturing, and technology in Europe could be targeted due to their strategic value and the presence of FIN7’s historical focus on financially motivated attacks. The disruption caused by ransomware or data theft could have cascading effects on supply chains and customer trust. Additionally, the use of legitimate tools and protocols for command and control may bypass traditional network defenses, increasing the risk of widespread compromise. The threat also poses a risk to managed service providers (MSPs) and third-party vendors, which could serve as vectors for broader supply chain attacks within Europe.

Mitigation Recommendations

To effectively mitigate this threat, European organizations should implement the following specific measures beyond generic advice: 1. Application Allow-Listing: Enforce strict application allow-listing policies to prevent execution of unauthorized PowerShell scripts and unknown binaries, particularly those mimicking legitimate software like 7-Zip. 2. PowerShell Logging and Constrained Language Mode: Enable detailed PowerShell script block logging and enforce Constrained Language Mode to limit the capabilities of PowerShell in user contexts. 3. Network Segmentation and Egress Filtering: Segment networks to limit lateral movement and apply egress filtering to detect and block suspicious outbound connections to known malicious infrastructure such as TAG-124. 4. Threat Intelligence Integration: Incorporate threat intelligence feeds related to GrayAlpha and FIN7 indicators to enhance detection capabilities and proactively block known malicious domains and IPs. 5. User Training Focused on Social Engineering: Conduct targeted phishing and social engineering awareness campaigns emphasizing the risks of fake software updates and download sites. 6. Endpoint Detection and Response (EDR): Deploy advanced EDR solutions capable of detecting in-memory execution, process injection, and anomalous PowerShell activity. 7. Incident Response Preparedness: Develop and regularly test incident response plans specifically addressing RAT infections and persistence mechanisms. 8. Monitor for Persistence Mechanisms: Regularly audit registry run keys, scheduled tasks, and services for unauthorized entries indicative of T1547.001 and T1569.002 techniques. 9. Restrict Use of Remote Access Tools: Limit and monitor the use of remote administration tools like NetSupport RAT within the environment. 10. Patch Management: Although no specific affected versions are listed, maintain up-to-date patching of all software to reduce exploitation opportunities.

Affected Countries

Germany, United Kingdom, France, Italy, Netherlands, Poland, Spain, Belgium

Indicators of Compromise

ip: 62.76.234.234
ip: 62.76.234.99
ip: 45.88.91.8
ip: 85.209.134.106
cidr: 85.209.134.0/24
hash: 05d400f4734d2d68af6bb916112f5a19
hash: 0671bd79586ae06680cfee11753f509e
hash: 068d55958d46c01408ca354967b482b7
hash: 06a6bc8bc98213d770acffb7b28b6abb
hash: 09576ba9ff1933617add7f14e944387b
hash: 0c91401af0f77c91d7d2c2d858043cc2
hash: 0cb3f8d4df1f2139e45b3a276fa48f25
hash: 0ec6ce8d2213cc9a7b570fc22e5fce1a
hash: 14048ed02214ef052169460340e9a420
hash: 14c2ce8f3c5856c8415368930bb8c1df
hash: 2d39a5f8bece043c706a3ff6c1c59e9a
hash: 318bf7ea84487c8a63a3996e24494455
hash: 3a0ef7cf40cc50d47cb956fce8baa456
hash: 3e390f3b3ca7d3716775f832c93fb1b1
hash: 42cb39b338f2b1bc94f5ae483b048e30
hash: 5085779e68656455315ca6a46157ab88
hash: 51feca3c49e7b0323133e85716a28a3a
hash: 5fcd76bddd9b41bf5c63ec660d82f977
hash: 610e029cb014dcec9c079ca11020c333
hash: 663492a2fb33c3c4a5813b880d48f7be
hash: 6eaa4c8938016293d2153ccd78b473fc
hash: 72b343b03e9197f425e6a918a2c20a47
hash: 797992ab276d218d7feb2e6e8b2fd678
hash: 798aed4d37293ea34448cf0496cfeefa
hash: 99b82bdc2f4559929a3a884aebacd11c
hash: a5685feb1b6c54ba5149ed2f7000f491
hash: b0fd9705e8f83129f97f9111b03642fe
hash: b57d2544cb7736d533af1aa07040156b
hash: cdb98412665135775e908564c87d5144
hash: d4fe37649a9778e80ae9a5a8633d2af4
hash: ef9de8cc533ce1848588679e61e70b15
hash: f899781c5239e59fd7d11c9211c08d28
hash: ff25441b7631d64afefdb818cfcceec7
hash: 038dc2008fbafba4e086260fffc1372d3ad8b1e2
hash: 03b19fd1a41d0d1b55ad653341a05071b48a49ea
hash: 15940747af57b5a6c2d722c37dc885f45ed665dc
hash: 1c55e479cd0e64bbeda79758dc2b88679382cc56
hash: 216ad95bec4b03957c4d451ea774ba46b18ec4f4
hash: 21ce24bd123c9e123dffed7aae334dfb3d40c026
hash: 243ed6b028aeb2c94eeafbffcad193f43b808444
hash: 34babd4b6e3f196cb9c1064bceaf350c81a11dca
hash: 381b421b49f88e035b274711d315050f83c43e22
hash: 3b46515807a491f366d6e695288398ddab93e53f
hash: 515d9e04e0699dec2aa101691d166aef4d231dde
hash: 597275867676bb49aac9b8381db0addc4718bc12
hash: 5cc8837f0f87f71c5551c009a69fa12daf3254d4
hash: 68c20ea201ebf82aa721f75c8884bfde6c7083d7
hash: 6d878962e770856cac885deeff5fd75b00a02605
hash: 71babd331be91acc43df85ed35f3a4e9746b59be
hash: 8287f3a900438185a6faa2c106cf05d4a20df1b9
hash: 8448f344c3e05d70506899859cf61ba47bb906f2
hash: 94f1cb1ca20f30f4ccbf7164d4de2a2c2effa298
hash: 99cfbecaebc79e723603997fb2102363319103eb
hash: 9d55e811553bd8a7dba352a30e5aee0a90f9a118
hash: 9efd1954430f98554f60a58eaf76dcabfddb7fbd
hash: af34b30695539f108741648a1fce012bdf81cc75
hash: b5fcf5d6bf770cca52d7cb1e9423fa89c50a0d27
hash: b6c6a400435f6121ce94694702dfec51f16c6085
hash: c641aa50bc40c3fd1e74ed8dc85e6b7019560389
hash: cdd606e1955704796dec7e581b9ce30c5fdf1757
hash: d002071bd7dbe9ef91a843b87a56c156837015f1
hash: d044e629b6c0bafa9b312ab6c7f00cbcaa37b8a0
hash: d21b17f6ec5196c4ce3cad44ca24856b99874793
hash: d42cad9e12c144c243614210b12f5042aa39c35e
hash: e2c98ad43b3b0325bb019e4abae20aa877824dd6
hash: f844e720dd766f9acf89fb92434ec6e75adce09b
hash: 056451b28c4bfe6bf1536c1d67b33f312a06c656cd3c633f40cc5f5b85c6528b
hash: 062c0a5c8f484bc975b3e5490718cc5c7f732f7f53ce35d81e94cd83c273f78b
hash: 08d4a681aadff5681947514509c1f2af10ff8161950df2ae7f8ee214213edc17
hash: 0c46fd6353f75a8dec81adca9f35e839bd8a7ac9490b947374e3c1e3b24e0f79
hash: 0c8b9fa67d1d149636b560a2ec8f9c50cd41ebf11f5691cf2ea39f1d057f8ff1
hash: 0c8d22d58a747ceccad56317b9c0afe58fe4b9f3c2138134e978e43a5f5ac390
hash: 0d44ff778dbecf8d951c54c199bd35ba0fe5ac817d5ef61b2fe998dfdb794560
hash: 0ddce15bea228c65d3b456759de0abc87aa6e805fd6c466347e9b76913a538ce
hash: 0e71728e5e6a762923fc0372e2047e0d969bcc5efbf4f3010df2ff6576cab725
hash: 11464f7ac40e3e5f771dfe19aee3b3d21cf526a11429038ba9de4c9d7e4bb42a
hash: 127c691f5a354fa0933ec3e9d9d1bb976c2de7092065d75ea66626c8dc007029
hash: 13265c0e32312a0763f3f8fed0f017a606355987ac9398bfb38f47c760ad32b0
hash: 1367dcf619cb935dc08d349fc18d3f9726cfceff151f4d57beff45591712189c
hash: 139b48d1b94a9c31a4c7ac1feaa7bf54b50f33ab8936f22404648233bf48cc95
hash: 184a400fe334027ff287ad0cf83c165fdf4605507c83ec054fb2b544f877163c
hash: 191a8766da98b1f992072045905cf82c771d8cb9f697d08873686778dc70c7f6
hash: 194d739fa93970d63dade70aae7c3b9ac8a6938be9f0e2d470d3adf8c106bfad
hash: 1c6c79b07e45630debe31362e4c89ffab3560c4712470f7af891bb31539d153a
hash: 1d17937f2141570de62b437ff6bf09b1b58cfdb13ff02ed6592e077e2d368252
hash: 1e54b2e6558e2c92df73da65cd90b462dcafa1e6dcc311336b1543c68d3e82bc
hash: 1ec930716999f6a80a4f32624d8f907f2c7887e15b1c518d22f4aefe49367bba
hash: 1f38a9e17e5096bca84b6ec87eb5470b2ce4450a6a03b3e41b38dbd91ab281da
hash: 1f52416232bf57e6cbd8a72335a5f321cf8a571e53b043ee69dc3647d4978844
hash: 27567140d447dc662a178989be84d50c40233d6958251c02a02c097f6650024d
hash: 2938261c867331e12e7cff9ee28366f3986986108eeb00507db74cf0d7b6aad2
hash: 2ba527fb8e31cb209df8d1890a63cda9cd4433aa0b841ed8b86fa801aff4ccbd
hash: 2bd6b5cbeddab8b01e14ed4c073afdbd4316340aada77e3e55ba5e1af21652f7
hash: 2c59f3552a77d2c9527970ae99e204ec279756ac24815a899ab43356420057e7
hash: 2fd9e14830bbeef24fdff29a850a6164af4c4722d742185e022df9106029b587
hash: 34f50a5215c544cbd2ce67bcbf89cf2aee798c56cfb9e225e57e8c8270021210
hash: 358ac037d444ece8c21fa85ad71338a3ff0a10b1b0672217ae38eac18b03661f
hash: 36b79a3eca6d0ee23daf10c436f4ec5c8c279fbfd79c965c7e37515c148c3c5b
hash: 37990aecf5fecc61e4b3a3f5eaec14c8ed03cb20681dc53c367d5541600f9312
hash: 3802c396e836de94ee13e38326b3fb937fcf0d6f6ef9ccdf77643be65de4c8ee
hash: 381c6f7f8c12ea1ac483dad9ac71c09fa807bd1ffe2479f6d6c7da14013e7899
hash: 3869340562136d1d8f11c304f207120f9b497e0a430ca1a04c0964eb5b70f277
hash: 3bdaa78077bd71e40b62ec2d6797c027f0b8deba9c3a7de9eb22823ad05c8201
hash: 3c6dacad931bf24eb953858c0bb3e49fe821d111d9003c9fffcb814ae6e8edf8
hash: 3cfcb57b94e69372cd2815dc63d66ab4b4ac4fec48b3b092f76ae5c9beaa353f
hash: 3f4b5b22b53f2fdeb7a82c94ac4d846f1e4ac0e9d055020f2f063598025b4674
hash: 401c5d2157d303df1ca465ff4097ee4474574c39f614cbb5734193a3917354c0
hash: 41be156c27dad780dd96493319dbd89228616573ec7d731ca2e642ee0e554af3
hash: 41c671332b58f92187e32771ed1ba86c1ed256e36f036f74c91cf1aa7db07bc2
hash: 45e0e240b09ec9b1bc488c2eede1cf19456db70398e9b3b0a35ff90e2d2430fe
hash: 4665c7b360b18496be00246eb3bc886e83b22028e95156101bf73bf0c48dddd3
hash: 4814ea15da1826d9ef400c3e607ca87d11b18b8a1b4f43f13afa93467429dfb8
hash: 494460a17bec58d47212c907e7e7706dc80e99b27a022558637caebc2867e574
hash: 4b268cfbdb86017f6271f09eb2aa54334de24d0ed12cfeb26fbb3dd8e104a8d3
hash: 4c2f8feced7768f756ac7d4fa633b08fd61f0ba198c860fa4f1093dedbf060d2
hash: 4d03c2a47265eab0c87006a4a2965fcf394fbdabb8e86cbe16b36376d04b8143
hash: 4d0663cff0c5c3f29c81e9aefd37f16a318ff638986ecc60e9bce6c90b72606b
hash: 4f71162cef29a8b7feb56574b99c0eccd82c39d226b408c1e7233971588edee5
hash: 5072735b87e62c0239099fcd3d74a677e1b4c6497e0b17ed8ea4c83778c13039
hash: 50a5e6a357c841e6c2058ee658c70756da4b803f2a4f6d2cf96ab882a03a5294
hash: 50b102938d29cc7f61c67da6981545c69f70c7178d009ec1999ee0ddfe81ebba
hash: 50cbf5b9ce69a5c9f9adaf59bf53f4f0609afcba36826e2fa88ca6cedbc06e7a
hash: 52ef3b610426343314e6c0f238e4460f0dffedbd022d33cb8f8e78e980d604e0
hash: 5303183d82b8c4d2a47fab4167868a8cfbf8d56d3397701ab890e88c99105ae4
hash: 547ef48f46ecfe31ee7edc7bbff0c2406f43d11915bcef84372172873012eacd
hash: 5838f38e80657dd318bdbcfd1bdb87181e527f2125185ce95b43abd02badea86
hash: 58ab8b2a21e33b0700d11efd5a677bd98e536e200b45e22aa06059c1088063f7
hash: 58cb66268b58d7ca77fb5f5df668ffa76a23854a6267914fc3973dbf92394612
hash: 5e9362dba53021ab588e396e1cb28100718471f07c5dd5cafa6bf5728f014b97
hash: 6053d67835d2925c52263bdb9e4d7475e1015ea9cc4c8f994cfa7e0dbdb7e27f
hash: 62242df8c7db337e46f44c4323ac9738adba89f095deb8e5d873ee8b35fa5079
hash: 63629c87fe460abb657a504bb9786b913b1250288681520cee9e9fbcb14e888f
hash: 65b601f8154bddd42cb31ce166697335e79f2e713655865bee66654c51e7c1dc
hash: 69d267234d62fd6ffd1c6a12b36835b1454dce4a6df1b370e549e275961ae235
hash: 6b999462e434b258980b1532f5d0c3661646f7bb9567aecdd748f6be10dcb740
hash: 6bd191586c52ecd2a3496616838753db21156d52854a99b7d3fcbf9be0a5184a
hash: 6fdeb1c2f4b5bc4ff6ea9635ca72d8670c07cfd17d3b7779caee22b96727f732
hash: 710e80fb64e08f20ab58c20ccdbc966f6e3b54511775e8ed99ff0bcf51690227
hash: 7363086b152422c99618377e384874a17a708d9eb217c0a7c6f8b6f3216f1e4c
hash: 73e775fc0e1a4780a06fda4f21cca16c1dd9eda57fc8a0ab4fb14ebe5a259eac
hash: 76f98321f50595725f64f058d8f33103d518c5d77680fd7d5521c41786299358
hash: 798e651ed0784fa502d4c4af40802edfcb4fa2fb9ff59b89804707e2ad8c9807
hash: 802338ddade5c023b83dd2111fe30b7d5b4b21b86408e91544345e0c45702a1d
hash: 809050c6f29e80e9d0918060634df601ae12b27cc50439f4c123b6301ce26043
hash: 809b54b0f6092cad1a764872acb9a31ed99792589b84cdb279b4b1d15e8ec8e2
hash: 81e6adebca376dfbda0484ab4475d0ac76a1e86afe0930e45ab7137cfd378d38
hash: 8246ba12e1ebfcdbaed80a7ba1ec65423f23b9b7820c0dfb07ee38baa83d6a20
hash: 84f2d273623efb6cdd126a89c1f9567e8977d21ffe684758dd722a27d2d53aa9
hash: 8515d46da83fb649db969b2acca47cd10f232174af358560210b362a56594fd1
hash: 8684e74d35baab30e8f8af7db486c2a339d3063feb2074109b8c96c1fea8313e
hash: 8719ccdb87c8b2c4e312208bd17a8df42a1683c10bb32699bb415a66f0dbdda0
hash: 878a3a06aadf6d22a61dc6a160a389b6fd34f6629a32df3407c300bcd7829f4b
hash: 881a84477b509e2e63b70915055b9af1d12cf8fde9fb5031823c8c2a38c8979a
hash: 890cf9827361add4c2a6e5b93f7f9ccc9bb2f555e0cd535de144203f7156a959
hash: 8b7be1efcddddc3a29ae0514a6ae758e7f86be193ffe380e5e1e38dc22affb38
hash: 8d5d4e48ce623085efec9a56981b0ab74f1180f3b42614df88f11da543f2849a
hash: 8d8d21f2c28f3e44b7253583e04d11cf7e7453dab139c187201f80e70d89b579
hash: 902c9aba42378c40c6c9623bab2326cb8b98fa06cfc0ee0379349055137c9500
hash: 908ef89767bcd583edb96a8c12f3046b9db522cc7310e2c20799881d7bf75f9d
hash: 9112b8623844774b056c842da3417f75c86bff115d5d15db2d6226c6ffd98895
hash: 91c2fbc594469839ad062e7cf359f2451fe8a14f041d8afe515ceab800c35133
hash: 94bb5b8cc0a2d01d4f65294c816299b97dd38bc7be8fc9089dc90cc969995528
hash: 952cac8ec226b4ed38a2631c220bb80409edbc0c9a0ac2793b879a259172282b
hash: 96dfb6337647d890875919334a8dfc1f8f6e887f4b9ff6afedfb3574c7b444a3
hash: 96e20ac7d4b018b360672f3fd9e63d3429bb4dee3974951c70699f44c87278c2
hash: 974285914961125d2963435c3dbe49b882cd88d95563b1ae3a62cd6240618c16
hash: 982ec3915d458007e960a4dbe0c9c914825fd88c1739ab3f7edfebaaa10bc265
hash: 9953bbe13394bc6cd88fd0d13ceff771553e3a63ff84dc20960b67b4b9c9e48e
hash: 9a4e39fcb4033a9c849890085b67faea7265eaf56744e77aa8180b1834b7e14a
hash: a03badf094c46a97711da1494749962168472550f786dbea508cf6978252a2c8
hash: a309753efca5242bbc9ca0e54a381ef2bac6625a0f591d79f8525e1ec196be4e
hash: a38f1ccf9d3e29e39fcb01b53fc245eac2128c4219c6567891dba4f6529f98c1
hash: a5febb4b5ba6572594de87d2a9de6df65d49da755385bf3d3d4d054772ce493c
hash: a67d73996a5479312f4a4ea4fccdde293695359aa6b6da06c01248066a7131f9
hash: a98d6df438ba2615107642c7c6da104de1c9aefdb0f184aead763ae3057c11e9
hash: aadf323d8052da80c761ab9d05717603804405ee33e624926009a30d857d6d1a
hash: abd4263c97ab33b22f67e581ebb09ec7b98e4084dd32a7eca6502d3737715769
hash: acbed908bc3e804ad183f3598dfb379a366f6209462f5fffc77fc9231ae1b048
hash: ade52759c6aba1a0aa5b0dd3f779064c1021502bbe944dd704214522fc66707e
hash: ae4db4f97700aab607368a4d3a489215b2ddb5af60004b8da6e5b0c0220c2c25
hash: af3530b841049f90b9f5c818910f1877ef8f89bea0454fe72ada397e9bef1565
hash: b3a95ec7b1e7e73ba59d3e7005950784d2651fcd2b0e8f24fa665f89a7404a56
hash: b3f46a63817a2076e3de49957d5801eb8ede9dc1498bdab702fcc6f8cccf0e61
hash: b417396efb07943d380182d610da313607308a74fc0dc77318407a5248cbab6e
hash: b7b7516063052b84f3d240b66630b01d0c098376dba531c5ae9dbcaa1a099820
hash: bc3f10302a62a5e100a2a31e50a9c32a554d74015f17be2299273d143d2b42de
hash: bc5c7fc357244b8cdb1d79c545c4ac5d20ba770d028dd4bc66a00dd4ba2679fa
hash: bdd89826ab8d3e3c03833b1ea8e4b0a34c80f13bfa5882e5b82f896cec41d141
hash: bfc1064d3624c7bc68ef6b8ce2b0f40229d5981472c8b443c58f38bf3f461b2a
hash: c220f9ba0ee8445ab6d36f19d7cf24fd6df72eea41b9ba40f585451ee24c0f6d
hash: c2f1c765b03b4ae0c08455c2b5e917ba8564ad945c3580a1e622169aad67807a
hash: c399fe7ba04828aeadd881d7daa17dc0e3b880e95cc1aa2295c510f6bd8aa1d4
hash: c3dc66c657dd5a8a624c6eba67a6b8d1dada8ceeb13aab169c3a88c615831560
hash: c3ecbc6023bfa170c31eaf7033b68495798e305111ca9f2f203f58b9ec942384
hash: c5fa7fd1ff45c5cfaec851795f4c2e15326046f3022778bdf6f37b7b1dd75f5c
hash: c6e672b832dcf78490ea8d128f5f8a647274b9b98d851bc36ff07b2d3a0d7ba3
hash: c8d9270a38a2e6e0659b6b9aab7543add0d1bc521afb51f7dcf68c7426a8d57e
hash: c902a206da5c3e1a4b8b8ba9f0e63f314e8cadcf044c25f729176b29c19bcbbb
hash: d0add7a41b8c78ab0134752665278b9544d417b244a788c620c5da5215b515c0
hash: d6fce7c094994b19d96c9ebcccc07b9fb5efda2e4e1da352d9e0e031f0457c5e
hash: d73af3bd70f0f68846920d61fab8836cf8906a2876489801f6e130f4d92aa50d
hash: da43703c733a1b0af183fdb61877b5c15651c21ffcc3a49c6addc83d76c10329
hash: de5f6cc6a3eaee870f438a43e1e262283124aa1cfa11ad395a05c4bff026c09f
hash: de88ae471d8b95e5e10264aea5eb040fedb9bb71428385e7cff6c77a6ae47d97
hash: e145db8668b15278cc55b723df9f296103ef2ea3511d90e2bbb2ffa5291d4ae4
hash: e2c283438e5f9236c5cb2e6b8b95ca78d520f7b776d64a050664972cb51076f5
hash: e300c44b45b07f3766586e500f4f3596c23ffd80171eaa5334bb4db3e8d027e0
hash: e44958bc36609a48efbe2ad76b57ed2227009bcfac6322c1498b76f8d5cf1271
hash: e4fff1e153ef46a29865f28df724e7a3246809d9ae75a7546b580938acbbcb73
hash: e580dd04cbe2407ac7ab06d148297231cffbb8f8f986ce1e152383970927bb71
hash: e77bd0bf2c2f5f0094126f34de49ea5d4304a094121307603916ae3c50dfcfe4
hash: e8c56706296175195a03348b9cd5064e60c36fdeaa6e5fd7b5614ca6bca1c3f8
hash: e9010ab2a031125f12225d8b1f19ac65bc03b87332dc5caa35028a577b9ca0fe
hash: e9b0cc2118a7a07709b56f7358c07f4a2959f81c87da5f565fa08382768fac8b
hash: ebfdea1721914a504465ea474edc3f823c3e13fc71c86f04f4793c61e5070d92
hash: ee6a58d1e3ce4f2e7fac7bb3c1f1c24836bcc79f456035aede52b7d14a7de77f
hash: f015da1f2ada32f734b81aa282bea62840cd84afaa353ca52d5e2d0c82e705d1
hash: f10bd5443148d47fbf7c6a6998651eb9bda4c7c9213f9e5a65a76e98637cb748
hash: f10ecfd0ac437420e8754dbefd9b49c710fe87548ec1350eb2598785b33afec1
hash: f4052e52fed661fd05ea39a5187781ec6c234c5d7ea4ab91cd77f2e1d2c709b5
hash: f491d8b510ee283d24d40aa5233743d8cf834a164d0f681af8870dd1f35b734c
hash: f4f02429e8e1e966203d69610c31ae94ad4d34de10efd5edc4669ce067c4de4f
hash: fbe1970d89b8546cd57522bf479e8be08fec4f3df9bdf79d0f3436250ce38379
hash: ff6d88f53f2a08107c08729f2698f75cc759f3c423fe6e5b99b2c32d7c40f8a4
ip: 154.216.20.106
ip: 166.88.159.187
ip: 176.32.39.71
ip: 185.125.50.209
ip: 193.32.177.223
ip: 194.87.82.252
ip: 195.133.67.165
ip: 2.58.95.73
ip: 45.140.17.49
ip: 5.252.176.143
ip: 5.252.178.150
ip: 62.60.155.194
ip: 62.76.234.49
ip: 77.90.38.106
ip: 85.209.134.137
ip: 85.209.134.186
ip: 85.209.134.188
ip: 85.209.134.209
ip: 85.209.134.45
ip: 85.209.134.64
ip: 91.149.232.112
ip: 91.200.14.23
ip: 94.159.100.111
ip: 94.159.100.117
ip: 94.159.96.222
url: http://31.boo/73689d8a-25b
url: https://cdn40.click/9e4e27b7-bcfb-4298-bf8f-2cf4a6bdb3bf-9b6b40d6-3f8e-4755-9063-
url: https://cdn40.click/9e4e27b7-bcfb-4298-bf8f-2cf4a6bdb3bf-9b6b40d6-3f8e-4755-9063-562658ebdb95'
url: https://ib.systems/range.csv
url: https://monkeybeta.com/crypt/Package.tar.gpg
url: https://utr-jopass.com/index.php?utm_content=$encryptedString
domain: 2024-7zip-10.shop
domain: 2024-7zip-10.top
domain: 2024-7zip.info
domain: 2024-7zip.pw
domain: 2024-aimp.info
domain: 2024-aimp.pw
domain: 20247zip.one
domain: 2024aimp.info
domain: 2024aimp.top
domain: 2024concur.com
domain: 2024lexisnexis.com
domain: 7-zip.cfd
domain: 7-zip.day
domain: 7-zip.shop
domain: 7zip-1508.one
domain: 7zip-1508.top
domain: 7zip-2024.cfd
domain: 7zip-2024.info
domain: 7zip-2024.pro
domain: 7zip-archiver.click
domain: 7zip-archiver.shop
domain: 7zip-org.live
domain: 7zip.sbs
domain: 7zip10-2024.life
domain: 7zip10-2024.live
domain: 7zip10-2024.top
domain: 7zip1024.life
domain: 7zip1024.live
domain: 7zip1024.top
domain: 7zip2024.info
domain: 7zip2024.one
domain: 7zip2024.pro
domain: 7zip2024.shop
domain: 7zip2024.store
domain: 7zip2024.top
domain: 7zipx.site
domain: 7zlp112024.top
domain: 7zlp2024.shop
domain: 7zlp2024.top
domain: a-asana.com
domain: advanced-ip-scanner.cfd
domain: advanced-ip-scanner.link
domain: advanced-ip-scanner.xyz
domain: advanced-ip-sccanner.com
domain: advancedipscannerapp.com
domain: aimp.day
domain: aimp.link
domain: aimp.pm
domain: aimp.xyz
domain: aimp2024.pw
domain: airtables.net
domain: app-trello.com
domain: as-a-n4.com
domain: as-an-a.org
domain: as4na.com
domain: asaana.net
domain: asana.pm
domain: asana.tel
domain: asana.wf
domain: asanaa.net
domain: assana.monster
domain: assana.vip
domain: bloomberg-t.com
domain: c0ncuur.com
domain: c0oncur.com
domain: cdn40.click
domain: chhimi.com
domain: cnn-news.org
domain: concur-cloud.net
domain: concur-sap.info
domain: concur-sap.life
domain: concur-sap.one
domain: concur-sap.pro
domain: concur.cfd
domain: concur.life
domain: concur.pm
domain: concur.re
domain: concur.skin
domain: concur2024.com
domain: concur24news.one
domain: concurnews.one
domain: concuur.com
domain: concuur.net
domain: concuur.org
domain: dfuture.com
domain: fortis.host
domain: gl-meet2024.com
domain: gogogononono.top
domain: gogogononono.xyz
domain: hip-hosting.com
domain: jvps.hosting
domain: law2024.info
domain: law2024.top
domain: law360.one
domain: lexis-nexis.site
domain: lexis2024.info
domain: lexis2024.pro
domain: lexisnex.pro
domain: lexisnex.team
domain: lexisnex.top
domain: lexisnexis.day
domain: lexisnexis.lat
domain: lexisnexis.one
domain: lexisnexis.pro
domain: lexisnexis.top
domain: lexisnexis2024.com
domain: lexisnexises.net
domain: meet-gl.com
domain: meet-go.click
domain: meet-go.day
domain: meet-go.info
domain: meet-go.link
domain: meet-go.org
domain: meet-goo.net
domain: meet-goo.org
domain: meet2024.com
domain: meetgo2024.life
domain: meetgo2024.top
domain: monkeybeta.com
domain: news-cnn.net
domain: newsconcur.one
domain: newsconcur2024.life
domain: newsconcur2024.world
domain: newsconcur24.one
domain: nmap.re
domain: quicken-install.com
domain: sapc0ncur24.one
domain: sapconcur.pro
domain: sapconcur.top
domain: seven-zip.click
domain: sevenzip.shop
domain: sevenzip.today
domain: thomsonreuter.info
domain: thomsonreuter.pro
domain: utr-jopass.com
domain: wal-streetjournal.com
domain: wall-street-journal.link
domain: webex-install.com
domain: wen-airdrop.net
domain: wen-airdrop.network
domain: westlaw.top
domain: worshipjapan.com
domain: h2.den4ik440.ru
ip: 166.1.160.118
domain: cdn251.lol
domain: cdn3535.shop
domain: teststeststests003202.shop

New FIN7-Linked Infrastructure, PowerNet Loader, and Fake Update Attacks

Severity: medium

Type: malware

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Germany, United Kingdom, France, Italy, Netherlands, Poland, Spain, Belgium

Indicators of Compromise

ip: 62.76.234.234
ip: 62.76.234.99
ip: 45.88.91.8
ip: 85.209.134.106
cidr: 85.209.134.0/24
hash: 05d400f4734d2d68af6bb916112f5a19
hash: 0671bd79586ae06680cfee11753f509e
hash: 068d55958d46c01408ca354967b482b7
hash: 06a6bc8bc98213d770acffb7b28b6abb
hash: 09576ba9ff1933617add7f14e944387b
hash: 0c91401af0f77c91d7d2c2d858043cc2
hash: 0cb3f8d4df1f2139e45b3a276fa48f25
hash: 0ec6ce8d2213cc9a7b570fc22e5fce1a
hash: 14048ed02214ef052169460340e9a420
hash: 14c2ce8f3c5856c8415368930bb8c1df
hash: 2d39a5f8bece043c706a3ff6c1c59e9a
hash: 318bf7ea84487c8a63a3996e24494455
hash: 3a0ef7cf40cc50d47cb956fce8baa456
hash: 3e390f3b3ca7d3716775f832c93fb1b1
hash: 42cb39b338f2b1bc94f5ae483b048e30
hash: 5085779e68656455315ca6a46157ab88
hash: 51feca3c49e7b0323133e85716a28a3a
hash: 5fcd76bddd9b41bf5c63ec660d82f977
hash: 610e029cb014dcec9c079ca11020c333
hash: 663492a2fb33c3c4a5813b880d48f7be
hash: 6eaa4c8938016293d2153ccd78b473fc
hash: 72b343b03e9197f425e6a918a2c20a47
hash: 797992ab276d218d7feb2e6e8b2fd678
hash: 798aed4d37293ea34448cf0496cfeefa
hash: 99b82bdc2f4559929a3a884aebacd11c
hash: a5685feb1b6c54ba5149ed2f7000f491
hash: b0fd9705e8f83129f97f9111b03642fe
hash: b57d2544cb7736d533af1aa07040156b
hash: cdb98412665135775e908564c87d5144
hash: d4fe37649a9778e80ae9a5a8633d2af4
hash: ef9de8cc533ce1848588679e61e70b15
hash: f899781c5239e59fd7d11c9211c08d28
hash: ff25441b7631d64afefdb818cfcceec7
hash: 038dc2008fbafba4e086260fffc1372d3ad8b1e2
hash: 03b19fd1a41d0d1b55ad653341a05071b48a49ea
hash: 15940747af57b5a6c2d722c37dc885f45ed665dc
hash: 1c55e479cd0e64bbeda79758dc2b88679382cc56
hash: 216ad95bec4b03957c4d451ea774ba46b18ec4f4
hash: 21ce24bd123c9e123dffed7aae334dfb3d40c026
hash: 243ed6b028aeb2c94eeafbffcad193f43b808444
hash: 34babd4b6e3f196cb9c1064bceaf350c81a11dca
hash: 381b421b49f88e035b274711d315050f83c43e22
hash: 3b46515807a491f366d6e695288398ddab93e53f
hash: 515d9e04e0699dec2aa101691d166aef4d231dde
hash: 597275867676bb49aac9b8381db0addc4718bc12
hash: 5cc8837f0f87f71c5551c009a69fa12daf3254d4
hash: 68c20ea201ebf82aa721f75c8884bfde6c7083d7
hash: 6d878962e770856cac885deeff5fd75b00a02605
hash: 71babd331be91acc43df85ed35f3a4e9746b59be
hash: 8287f3a900438185a6faa2c106cf05d4a20df1b9
hash: 8448f344c3e05d70506899859cf61ba47bb906f2
hash: 94f1cb1ca20f30f4ccbf7164d4de2a2c2effa298
hash: 99cfbecaebc79e723603997fb2102363319103eb
hash: 9d55e811553bd8a7dba352a30e5aee0a90f9a118
hash: 9efd1954430f98554f60a58eaf76dcabfddb7fbd
hash: af34b30695539f108741648a1fce012bdf81cc75
hash: b5fcf5d6bf770cca52d7cb1e9423fa89c50a0d27
hash: b6c6a400435f6121ce94694702dfec51f16c6085
hash: c641aa50bc40c3fd1e74ed8dc85e6b7019560389
hash: cdd606e1955704796dec7e581b9ce30c5fdf1757
hash: d002071bd7dbe9ef91a843b87a56c156837015f1
hash: d044e629b6c0bafa9b312ab6c7f00cbcaa37b8a0
hash: d21b17f6ec5196c4ce3cad44ca24856b99874793
hash: d42cad9e12c144c243614210b12f5042aa39c35e
hash: e2c98ad43b3b0325bb019e4abae20aa877824dd6
hash: f844e720dd766f9acf89fb92434ec6e75adce09b
hash: 056451b28c4bfe6bf1536c1d67b33f312a06c656cd3c633f40cc5f5b85c6528b
hash: 062c0a5c8f484bc975b3e5490718cc5c7f732f7f53ce35d81e94cd83c273f78b
hash: 08d4a681aadff5681947514509c1f2af10ff8161950df2ae7f8ee214213edc17
hash: 0c46fd6353f75a8dec81adca9f35e839bd8a7ac9490b947374e3c1e3b24e0f79
hash: 0c8b9fa67d1d149636b560a2ec8f9c50cd41ebf11f5691cf2ea39f1d057f8ff1
hash: 0c8d22d58a747ceccad56317b9c0afe58fe4b9f3c2138134e978e43a5f5ac390
hash: 0d44ff778dbecf8d951c54c199bd35ba0fe5ac817d5ef61b2fe998dfdb794560
hash: 0ddce15bea228c65d3b456759de0abc87aa6e805fd6c466347e9b76913a538ce
hash: 0e71728e5e6a762923fc0372e2047e0d969bcc5efbf4f3010df2ff6576cab725
hash: 11464f7ac40e3e5f771dfe19aee3b3d21cf526a11429038ba9de4c9d7e4bb42a
hash: 127c691f5a354fa0933ec3e9d9d1bb976c2de7092065d75ea66626c8dc007029
hash: 13265c0e32312a0763f3f8fed0f017a606355987ac9398bfb38f47c760ad32b0
hash: 1367dcf619cb935dc08d349fc18d3f9726cfceff151f4d57beff45591712189c
hash: 139b48d1b94a9c31a4c7ac1feaa7bf54b50f33ab8936f22404648233bf48cc95
hash: 184a400fe334027ff287ad0cf83c165fdf4605507c83ec054fb2b544f877163c
hash: 191a8766da98b1f992072045905cf82c771d8cb9f697d08873686778dc70c7f6
hash: 194d739fa93970d63dade70aae7c3b9ac8a6938be9f0e2d470d3adf8c106bfad
hash: 1c6c79b07e45630debe31362e4c89ffab3560c4712470f7af891bb31539d153a
hash: 1d17937f2141570de62b437ff6bf09b1b58cfdb13ff02ed6592e077e2d368252
hash: 1e54b2e6558e2c92df73da65cd90b462dcafa1e6dcc311336b1543c68d3e82bc
hash: 1ec930716999f6a80a4f32624d8f907f2c7887e15b1c518d22f4aefe49367bba
hash: 1f38a9e17e5096bca84b6ec87eb5470b2ce4450a6a03b3e41b38dbd91ab281da
hash: 1f52416232bf57e6cbd8a72335a5f321cf8a571e53b043ee69dc3647d4978844
hash: 27567140d447dc662a178989be84d50c40233d6958251c02a02c097f6650024d
hash: 2938261c867331e12e7cff9ee28366f3986986108eeb00507db74cf0d7b6aad2
hash: 2ba527fb8e31cb209df8d1890a63cda9cd4433aa0b841ed8b86fa801aff4ccbd
hash: 2bd6b5cbeddab8b01e14ed4c073afdbd4316340aada77e3e55ba5e1af21652f7
hash: 2c59f3552a77d2c9527970ae99e204ec279756ac24815a899ab43356420057e7
hash: 2fd9e14830bbeef24fdff29a850a6164af4c4722d742185e022df9106029b587
hash: 34f50a5215c544cbd2ce67bcbf89cf2aee798c56cfb9e225e57e8c8270021210
hash: 358ac037d444ece8c21fa85ad71338a3ff0a10b1b0672217ae38eac18b03661f
hash: 36b79a3eca6d0ee23daf10c436f4ec5c8c279fbfd79c965c7e37515c148c3c5b
hash: 37990aecf5fecc61e4b3a3f5eaec14c8ed03cb20681dc53c367d5541600f9312
hash: 3802c396e836de94ee13e38326b3fb937fcf0d6f6ef9ccdf77643be65de4c8ee
hash: 381c6f7f8c12ea1ac483dad9ac71c09fa807bd1ffe2479f6d6c7da14013e7899
hash: 3869340562136d1d8f11c304f207120f9b497e0a430ca1a04c0964eb5b70f277
hash: 3bdaa78077bd71e40b62ec2d6797c027f0b8deba9c3a7de9eb22823ad05c8201
hash: 3c6dacad931bf24eb953858c0bb3e49fe821d111d9003c9fffcb814ae6e8edf8
hash: 3cfcb57b94e69372cd2815dc63d66ab4b4ac4fec48b3b092f76ae5c9beaa353f
hash: 3f4b5b22b53f2fdeb7a82c94ac4d846f1e4ac0e9d055020f2f063598025b4674
hash: 401c5d2157d303df1ca465ff4097ee4474574c39f614cbb5734193a3917354c0
hash: 41be156c27dad780dd96493319dbd89228616573ec7d731ca2e642ee0e554af3
hash: 41c671332b58f92187e32771ed1ba86c1ed256e36f036f74c91cf1aa7db07bc2
hash: 45e0e240b09ec9b1bc488c2eede1cf19456db70398e9b3b0a35ff90e2d2430fe
hash: 4665c7b360b18496be00246eb3bc886e83b22028e95156101bf73bf0c48dddd3
hash: 4814ea15da1826d9ef400c3e607ca87d11b18b8a1b4f43f13afa93467429dfb8
hash: 494460a17bec58d47212c907e7e7706dc80e99b27a022558637caebc2867e574
hash: 4b268cfbdb86017f6271f09eb2aa54334de24d0ed12cfeb26fbb3dd8e104a8d3
hash: 4c2f8feced7768f756ac7d4fa633b08fd61f0ba198c860fa4f1093dedbf060d2
hash: 4d03c2a47265eab0c87006a4a2965fcf394fbdabb8e86cbe16b36376d04b8143
hash: 4d0663cff0c5c3f29c81e9aefd37f16a318ff638986ecc60e9bce6c90b72606b
hash: 4f71162cef29a8b7feb56574b99c0eccd82c39d226b408c1e7233971588edee5
hash: 5072735b87e62c0239099fcd3d74a677e1b4c6497e0b17ed8ea4c83778c13039
hash: 50a5e6a357c841e6c2058ee658c70756da4b803f2a4f6d2cf96ab882a03a5294
hash: 50b102938d29cc7f61c67da6981545c69f70c7178d009ec1999ee0ddfe81ebba
hash: 50cbf5b9ce69a5c9f9adaf59bf53f4f0609afcba36826e2fa88ca6cedbc06e7a
hash: 52ef3b610426343314e6c0f238e4460f0dffedbd022d33cb8f8e78e980d604e0
hash: 5303183d82b8c4d2a47fab4167868a8cfbf8d56d3397701ab890e88c99105ae4
hash: 547ef48f46ecfe31ee7edc7bbff0c2406f43d11915bcef84372172873012eacd
hash: 5838f38e80657dd318bdbcfd1bdb87181e527f2125185ce95b43abd02badea86
hash: 58ab8b2a21e33b0700d11efd5a677bd98e536e200b45e22aa06059c1088063f7
hash: 58cb66268b58d7ca77fb5f5df668ffa76a23854a6267914fc3973dbf92394612
hash: 5e9362dba53021ab588e396e1cb28100718471f07c5dd5cafa6bf5728f014b97
hash: 6053d67835d2925c52263bdb9e4d7475e1015ea9cc4c8f994cfa7e0dbdb7e27f
hash: 62242df8c7db337e46f44c4323ac9738adba89f095deb8e5d873ee8b35fa5079
hash: 63629c87fe460abb657a504bb9786b913b1250288681520cee9e9fbcb14e888f
hash: 65b601f8154bddd42cb31ce166697335e79f2e713655865bee66654c51e7c1dc
hash: 69d267234d62fd6ffd1c6a12b36835b1454dce4a6df1b370e549e275961ae235
hash: 6b999462e434b258980b1532f5d0c3661646f7bb9567aecdd748f6be10dcb740
hash: 6bd191586c52ecd2a3496616838753db21156d52854a99b7d3fcbf9be0a5184a
hash: 6fdeb1c2f4b5bc4ff6ea9635ca72d8670c07cfd17d3b7779caee22b96727f732
hash: 710e80fb64e08f20ab58c20ccdbc966f6e3b54511775e8ed99ff0bcf51690227
hash: 7363086b152422c99618377e384874a17a708d9eb217c0a7c6f8b6f3216f1e4c
hash: 73e775fc0e1a4780a06fda4f21cca16c1dd9eda57fc8a0ab4fb14ebe5a259eac
hash: 76f98321f50595725f64f058d8f33103d518c5d77680fd7d5521c41786299358
hash: 798e651ed0784fa502d4c4af40802edfcb4fa2fb9ff59b89804707e2ad8c9807
hash: 802338ddade5c023b83dd2111fe30b7d5b4b21b86408e91544345e0c45702a1d
hash: 809050c6f29e80e9d0918060634df601ae12b27cc50439f4c123b6301ce26043
hash: 809b54b0f6092cad1a764872acb9a31ed99792589b84cdb279b4b1d15e8ec8e2
hash: 81e6adebca376dfbda0484ab4475d0ac76a1e86afe0930e45ab7137cfd378d38
hash: 8246ba12e1ebfcdbaed80a7ba1ec65423f23b9b7820c0dfb07ee38baa83d6a20
hash: 84f2d273623efb6cdd126a89c1f9567e8977d21ffe684758dd722a27d2d53aa9
hash: 8515d46da83fb649db969b2acca47cd10f232174af358560210b362a56594fd1
hash: 8684e74d35baab30e8f8af7db486c2a339d3063feb2074109b8c96c1fea8313e
hash: 8719ccdb87c8b2c4e312208bd17a8df42a1683c10bb32699bb415a66f0dbdda0
hash: 878a3a06aadf6d22a61dc6a160a389b6fd34f6629a32df3407c300bcd7829f4b
hash: 881a84477b509e2e63b70915055b9af1d12cf8fde9fb5031823c8c2a38c8979a
hash: 890cf9827361add4c2a6e5b93f7f9ccc9bb2f555e0cd535de144203f7156a959
hash: 8b7be1efcddddc3a29ae0514a6ae758e7f86be193ffe380e5e1e38dc22affb38
hash: 8d5d4e48ce623085efec9a56981b0ab74f1180f3b42614df88f11da543f2849a
hash: 8d8d21f2c28f3e44b7253583e04d11cf7e7453dab139c187201f80e70d89b579
hash: 902c9aba42378c40c6c9623bab2326cb8b98fa06cfc0ee0379349055137c9500
hash: 908ef89767bcd583edb96a8c12f3046b9db522cc7310e2c20799881d7bf75f9d
hash: 9112b8623844774b056c842da3417f75c86bff115d5d15db2d6226c6ffd98895
hash: 91c2fbc594469839ad062e7cf359f2451fe8a14f041d8afe515ceab800c35133
hash: 94bb5b8cc0a2d01d4f65294c816299b97dd38bc7be8fc9089dc90cc969995528
hash: 952cac8ec226b4ed38a2631c220bb80409edbc0c9a0ac2793b879a259172282b
hash: 96dfb6337647d890875919334a8dfc1f8f6e887f4b9ff6afedfb3574c7b444a3
hash: 96e20ac7d4b018b360672f3fd9e63d3429bb4dee3974951c70699f44c87278c2
hash: 974285914961125d2963435c3dbe49b882cd88d95563b1ae3a62cd6240618c16
hash: 982ec3915d458007e960a4dbe0c9c914825fd88c1739ab3f7edfebaaa10bc265
hash: 9953bbe13394bc6cd88fd0d13ceff771553e3a63ff84dc20960b67b4b9c9e48e
hash: 9a4e39fcb4033a9c849890085b67faea7265eaf56744e77aa8180b1834b7e14a
hash: a03badf094c46a97711da1494749962168472550f786dbea508cf6978252a2c8
hash: a309753efca5242bbc9ca0e54a381ef2bac6625a0f591d79f8525e1ec196be4e
hash: a38f1ccf9d3e29e39fcb01b53fc245eac2128c4219c6567891dba4f6529f98c1
hash: a5febb4b5ba6572594de87d2a9de6df65d49da755385bf3d3d4d054772ce493c
hash: a67d73996a5479312f4a4ea4fccdde293695359aa6b6da06c01248066a7131f9
hash: a98d6df438ba2615107642c7c6da104de1c9aefdb0f184aead763ae3057c11e9
hash: aadf323d8052da80c761ab9d05717603804405ee33e624926009a30d857d6d1a
hash: abd4263c97ab33b22f67e581ebb09ec7b98e4084dd32a7eca6502d3737715769
hash: acbed908bc3e804ad183f3598dfb379a366f6209462f5fffc77fc9231ae1b048
hash: ade52759c6aba1a0aa5b0dd3f779064c1021502bbe944dd704214522fc66707e
hash: ae4db4f97700aab607368a4d3a489215b2ddb5af60004b8da6e5b0c0220c2c25
hash: af3530b841049f90b9f5c818910f1877ef8f89bea0454fe72ada397e9bef1565
hash: b3a95ec7b1e7e73ba59d3e7005950784d2651fcd2b0e8f24fa665f89a7404a56
hash: b3f46a63817a2076e3de49957d5801eb8ede9dc1498bdab702fcc6f8cccf0e61
hash: b417396efb07943d380182d610da313607308a74fc0dc77318407a5248cbab6e
hash: b7b7516063052b84f3d240b66630b01d0c098376dba531c5ae9dbcaa1a099820
hash: bc3f10302a62a5e100a2a31e50a9c32a554d74015f17be2299273d143d2b42de
hash: bc5c7fc357244b8cdb1d79c545c4ac5d20ba770d028dd4bc66a00dd4ba2679fa
hash: bdd89826ab8d3e3c03833b1ea8e4b0a34c80f13bfa5882e5b82f896cec41d141
hash: bfc1064d3624c7bc68ef6b8ce2b0f40229d5981472c8b443c58f38bf3f461b2a
hash: c220f9ba0ee8445ab6d36f19d7cf24fd6df72eea41b9ba40f585451ee24c0f6d
hash: c2f1c765b03b4ae0c08455c2b5e917ba8564ad945c3580a1e622169aad67807a
hash: c399fe7ba04828aeadd881d7daa17dc0e3b880e95cc1aa2295c510f6bd8aa1d4
hash: c3dc66c657dd5a8a624c6eba67a6b8d1dada8ceeb13aab169c3a88c615831560
hash: c3ecbc6023bfa170c31eaf7033b68495798e305111ca9f2f203f58b9ec942384
hash: c5fa7fd1ff45c5cfaec851795f4c2e15326046f3022778bdf6f37b7b1dd75f5c
hash: c6e672b832dcf78490ea8d128f5f8a647274b9b98d851bc36ff07b2d3a0d7ba3
hash: c8d9270a38a2e6e0659b6b9aab7543add0d1bc521afb51f7dcf68c7426a8d57e
hash: c902a206da5c3e1a4b8b8ba9f0e63f314e8cadcf044c25f729176b29c19bcbbb
hash: d0add7a41b8c78ab0134752665278b9544d417b244a788c620c5da5215b515c0
hash: d6fce7c094994b19d96c9ebcccc07b9fb5efda2e4e1da352d9e0e031f0457c5e
hash: d73af3bd70f0f68846920d61fab8836cf8906a2876489801f6e130f4d92aa50d
hash: da43703c733a1b0af183fdb61877b5c15651c21ffcc3a49c6addc83d76c10329
hash: de5f6cc6a3eaee870f438a43e1e262283124aa1cfa11ad395a05c4bff026c09f
hash: de88ae471d8b95e5e10264aea5eb040fedb9bb71428385e7cff6c77a6ae47d97
hash: e145db8668b15278cc55b723df9f296103ef2ea3511d90e2bbb2ffa5291d4ae4
hash: e2c283438e5f9236c5cb2e6b8b95ca78d520f7b776d64a050664972cb51076f5
hash: e300c44b45b07f3766586e500f4f3596c23ffd80171eaa5334bb4db3e8d027e0
hash: e44958bc36609a48efbe2ad76b57ed2227009bcfac6322c1498b76f8d5cf1271
hash: e4fff1e153ef46a29865f28df724e7a3246809d9ae75a7546b580938acbbcb73
hash: e580dd04cbe2407ac7ab06d148297231cffbb8f8f986ce1e152383970927bb71
hash: e77bd0bf2c2f5f0094126f34de49ea5d4304a094121307603916ae3c50dfcfe4
hash: e8c56706296175195a03348b9cd5064e60c36fdeaa6e5fd7b5614ca6bca1c3f8
hash: e9010ab2a031125f12225d8b1f19ac65bc03b87332dc5caa35028a577b9ca0fe
hash: e9b0cc2118a7a07709b56f7358c07f4a2959f81c87da5f565fa08382768fac8b
hash: ebfdea1721914a504465ea474edc3f823c3e13fc71c86f04f4793c61e5070d92
hash: ee6a58d1e3ce4f2e7fac7bb3c1f1c24836bcc79f456035aede52b7d14a7de77f
hash: f015da1f2ada32f734b81aa282bea62840cd84afaa353ca52d5e2d0c82e705d1
hash: f10bd5443148d47fbf7c6a6998651eb9bda4c7c9213f9e5a65a76e98637cb748
hash: f10ecfd0ac437420e8754dbefd9b49c710fe87548ec1350eb2598785b33afec1
hash: f4052e52fed661fd05ea39a5187781ec6c234c5d7ea4ab91cd77f2e1d2c709b5
hash: f491d8b510ee283d24d40aa5233743d8cf834a164d0f681af8870dd1f35b734c
hash: f4f02429e8e1e966203d69610c31ae94ad4d34de10efd5edc4669ce067c4de4f
hash: fbe1970d89b8546cd57522bf479e8be08fec4f3df9bdf79d0f3436250ce38379
hash: ff6d88f53f2a08107c08729f2698f75cc759f3c423fe6e5b99b2c32d7c40f8a4
ip: 154.216.20.106
ip: 166.88.159.187
ip: 176.32.39.71
ip: 185.125.50.209
ip: 193.32.177.223
ip: 194.87.82.252
ip: 195.133.67.165
ip: 2.58.95.73
ip: 45.140.17.49
ip: 5.252.176.143
ip: 5.252.178.150
ip: 62.60.155.194
ip: 62.76.234.49
ip: 77.90.38.106
ip: 85.209.134.137
ip: 85.209.134.186
ip: 85.209.134.188
ip: 85.209.134.209
ip: 85.209.134.45
ip: 85.209.134.64
ip: 91.149.232.112
ip: 91.200.14.23
ip: 94.159.100.111
ip: 94.159.100.117
ip: 94.159.96.222
url: http://31.boo/73689d8a-25b
url: https://cdn40.click/9e4e27b7-bcfb-4298-bf8f-2cf4a6bdb3bf-9b6b40d6-3f8e-4755-9063-
url: https://cdn40.click/9e4e27b7-bcfb-4298-bf8f-2cf4a6bdb3bf-9b6b40d6-3f8e-4755-9063-562658ebdb95'
url: https://ib.systems/range.csv
url: https://monkeybeta.com/crypt/Package.tar.gpg
url: https://utr-jopass.com/index.php?utm_content=$encryptedString
domain: 2024-7zip-10.shop
domain: 2024-7zip-10.top
domain: 2024-7zip.info
domain: 2024-7zip.pw
domain: 2024-aimp.info
domain: 2024-aimp.pw
domain: 20247zip.one
domain: 2024aimp.info
domain: 2024aimp.top
domain: 2024concur.com
domain: 2024lexisnexis.com
domain: 7-zip.cfd
domain: 7-zip.day
domain: 7-zip.shop
domain: 7zip-1508.one
domain: 7zip-1508.top
domain: 7zip-2024.cfd
domain: 7zip-2024.info
domain: 7zip-2024.pro
domain: 7zip-archiver.click
domain: 7zip-archiver.shop
domain: 7zip-org.live
domain: 7zip.sbs
domain: 7zip10-2024.life
domain: 7zip10-2024.live
domain: 7zip10-2024.top
domain: 7zip1024.life
domain: 7zip1024.live
domain: 7zip1024.top
domain: 7zip2024.info
domain: 7zip2024.one
domain: 7zip2024.pro
domain: 7zip2024.shop
domain: 7zip2024.store
domain: 7zip2024.top
domain: 7zipx.site
domain: 7zlp112024.top
domain: 7zlp2024.shop
domain: 7zlp2024.top
domain: a-asana.com
domain: advanced-ip-scanner.cfd
domain: advanced-ip-scanner.link
domain: advanced-ip-scanner.xyz
domain: advanced-ip-sccanner.com
domain: advancedipscannerapp.com
domain: aimp.day
domain: aimp.link
domain: aimp.pm
domain: aimp.xyz
domain: aimp2024.pw
domain: airtables.net
domain: app-trello.com
domain: as-a-n4.com
domain: as-an-a.org
domain: as4na.com
domain: asaana.net
domain: asana.pm
domain: asana.tel
domain: asana.wf
domain: asanaa.net
domain: assana.monster
domain: assana.vip
domain: bloomberg-t.com
domain: c0ncuur.com
domain: c0oncur.com
domain: cdn40.click
domain: chhimi.com
domain: cnn-news.org
domain: concur-cloud.net
domain: concur-sap.info
domain: concur-sap.life
domain: concur-sap.one
domain: concur-sap.pro
domain: concur.cfd
domain: concur.life
domain: concur.pm
domain: concur.re
domain: concur.skin
domain: concur2024.com
domain: concur24news.one
domain: concurnews.one
domain: concuur.com
domain: concuur.net
domain: concuur.org
domain: dfuture.com
domain: fortis.host
domain: gl-meet2024.com
domain: gogogononono.top
domain: gogogononono.xyz
domain: hip-hosting.com
domain: jvps.hosting
domain: law2024.info
domain: law2024.top
domain: law360.one
domain: lexis-nexis.site
domain: lexis2024.info
domain: lexis2024.pro
domain: lexisnex.pro
domain: lexisnex.team
domain: lexisnex.top
domain: lexisnexis.day
domain: lexisnexis.lat
domain: lexisnexis.one
domain: lexisnexis.pro
domain: lexisnexis.top
domain: lexisnexis2024.com
domain: lexisnexises.net
domain: meet-gl.com
domain: meet-go.click
domain: meet-go.day
domain: meet-go.info
domain: meet-go.link
domain: meet-go.org
domain: meet-goo.net
domain: meet-goo.org
domain: meet2024.com
domain: meetgo2024.life
domain: meetgo2024.top
domain: monkeybeta.com
domain: news-cnn.net
domain: newsconcur.one
domain: newsconcur2024.life
domain: newsconcur2024.world
domain: newsconcur24.one
domain: nmap.re
domain: quicken-install.com
domain: sapc0ncur24.one
domain: sapconcur.pro
domain: sapconcur.top
domain: seven-zip.click
domain: sevenzip.shop
domain: sevenzip.today
domain: thomsonreuter.info
domain: thomsonreuter.pro
domain: utr-jopass.com
domain: wal-streetjournal.com
domain: wall-street-journal.link
domain: webex-install.com
domain: wen-airdrop.net
domain: wen-airdrop.network
domain: westlaw.top
domain: worshipjapan.com
domain: h2.den4ik440.ru
ip: 166.1.160.118
domain: cdn251.lol
domain: cdn3535.shop
domain: teststeststests003202.shop

Source: AlienVault OTX General

Published: Fri Jun 13 2025

New FIN7-Linked Infrastructure, PowerNet Loader, and Fake Update Attacks

Medium

Malwarefake updates powernet 7-zip infrastructure fin7 tag-124 netsupport rat maskbat t1218.011 t1204.002 t1583.001 t1055 t1059.001 t1547.001 t1102.002 t1059.003 t1071.001 t1204.001 t1569.002 t1584.001

Published: Fri Jun 13 2025 (06/13/2025, 20:55:44 UTC)

Source: AlienVault OTX General

Description

AI-Powered Analysis

AILast updated: 06/18/2025, 13:04:54 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Need more detailed analysis?Get Pro

Pro Feature

For access to advanced analysis and higher rate limits, contact root@offseq.com

Technical Details

Author: AlienVault
Tlp: white
References: ["https://www.recordedfuture.com/research/grayalpha-uses-diverse-infection-vectors-deploy-powernet-loader-netsupport-rat","https://cms.recordedfuture.com/uploads/format_webp/recordedfuture_insikt_cover_gray_alpha_1600x600_e9dc818048.jpg"]
Adversary: GrayAlpha
Pulse Id: 684c90509889eb77ff43d758
Threat Score: null

Indicators of Compromise

Ip

Value	Description	Copy
ip62.76.234.234	—
ip62.76.234.99	—
ip45.88.91.8	—
ip85.209.134.106	—
ip154.216.20.106	—
ip166.88.159.187	—
ip176.32.39.71	—
ip185.125.50.209	—
ip193.32.177.223	—
ip194.87.82.252	—
ip195.133.67.165	—
ip2.58.95.73	—
ip45.140.17.49	—
ip5.252.176.143	—
ip5.252.178.150	—
ip62.60.155.194	—
ip62.76.234.49	—
ip77.90.38.106	—
ip85.209.134.137	—
ip85.209.134.186	—
ip85.209.134.188	—
ip85.209.134.209	—
ip85.209.134.45	—
ip85.209.134.64	—
ip91.149.232.112	—
ip91.200.14.23	—
ip94.159.100.111	—
ip94.159.100.117	—
ip94.159.96.222	—
ip166.1.160.118	—

Cidr

Value	Description	Copy
cidr85.209.134.0/24	—

Hash

Value	Description	Copy
hash05d400f4734d2d68af6bb916112f5a19	—
hash0671bd79586ae06680cfee11753f509e	—
hash068d55958d46c01408ca354967b482b7	—
hash06a6bc8bc98213d770acffb7b28b6abb	—
hash09576ba9ff1933617add7f14e944387b	—
hash0c91401af0f77c91d7d2c2d858043cc2	—
hash0cb3f8d4df1f2139e45b3a276fa48f25	—
hash0ec6ce8d2213cc9a7b570fc22e5fce1a	—
hash14048ed02214ef052169460340e9a420	—
hash14c2ce8f3c5856c8415368930bb8c1df	—
hash2d39a5f8bece043c706a3ff6c1c59e9a	—
hash318bf7ea84487c8a63a3996e24494455	—
hash3a0ef7cf40cc50d47cb956fce8baa456	—
hash3e390f3b3ca7d3716775f832c93fb1b1	—
hash42cb39b338f2b1bc94f5ae483b048e30	—
hash5085779e68656455315ca6a46157ab88	—
hash51feca3c49e7b0323133e85716a28a3a	—
hash5fcd76bddd9b41bf5c63ec660d82f977	—
hash610e029cb014dcec9c079ca11020c333	—
hash663492a2fb33c3c4a5813b880d48f7be	—
hash6eaa4c8938016293d2153ccd78b473fc	—
hash72b343b03e9197f425e6a918a2c20a47	—
hash797992ab276d218d7feb2e6e8b2fd678	—
hash798aed4d37293ea34448cf0496cfeefa	—
hash99b82bdc2f4559929a3a884aebacd11c	—
hasha5685feb1b6c54ba5149ed2f7000f491	—
hashb0fd9705e8f83129f97f9111b03642fe	—
hashb57d2544cb7736d533af1aa07040156b	—
hashcdb98412665135775e908564c87d5144	—
hashd4fe37649a9778e80ae9a5a8633d2af4	—
hashef9de8cc533ce1848588679e61e70b15	—
hashf899781c5239e59fd7d11c9211c08d28	—
hashff25441b7631d64afefdb818cfcceec7	—
hash038dc2008fbafba4e086260fffc1372d3ad8b1e2	—
hash03b19fd1a41d0d1b55ad653341a05071b48a49ea	—
hash15940747af57b5a6c2d722c37dc885f45ed665dc	—
hash1c55e479cd0e64bbeda79758dc2b88679382cc56	—
hash216ad95bec4b03957c4d451ea774ba46b18ec4f4	—
hash21ce24bd123c9e123dffed7aae334dfb3d40c026	—
hash243ed6b028aeb2c94eeafbffcad193f43b808444	—
hash34babd4b6e3f196cb9c1064bceaf350c81a11dca	—
hash381b421b49f88e035b274711d315050f83c43e22	—
hash3b46515807a491f366d6e695288398ddab93e53f	—
hash515d9e04e0699dec2aa101691d166aef4d231dde	—
hash597275867676bb49aac9b8381db0addc4718bc12	—
hash5cc8837f0f87f71c5551c009a69fa12daf3254d4	—
hash68c20ea201ebf82aa721f75c8884bfde6c7083d7	—
hash6d878962e770856cac885deeff5fd75b00a02605	—
hash71babd331be91acc43df85ed35f3a4e9746b59be	—
hash8287f3a900438185a6faa2c106cf05d4a20df1b9	—
hash8448f344c3e05d70506899859cf61ba47bb906f2	—
hash94f1cb1ca20f30f4ccbf7164d4de2a2c2effa298	—
hash99cfbecaebc79e723603997fb2102363319103eb	—
hash9d55e811553bd8a7dba352a30e5aee0a90f9a118	—
hash9efd1954430f98554f60a58eaf76dcabfddb7fbd	—
hashaf34b30695539f108741648a1fce012bdf81cc75	—
hashb5fcf5d6bf770cca52d7cb1e9423fa89c50a0d27	—
hashb6c6a400435f6121ce94694702dfec51f16c6085	—
hashc641aa50bc40c3fd1e74ed8dc85e6b7019560389	—
hashcdd606e1955704796dec7e581b9ce30c5fdf1757	—
hashd002071bd7dbe9ef91a843b87a56c156837015f1	—
hashd044e629b6c0bafa9b312ab6c7f00cbcaa37b8a0	—
hashd21b17f6ec5196c4ce3cad44ca24856b99874793	—
hashd42cad9e12c144c243614210b12f5042aa39c35e	—
hashe2c98ad43b3b0325bb019e4abae20aa877824dd6	—
hashf844e720dd766f9acf89fb92434ec6e75adce09b	—
hash056451b28c4bfe6bf1536c1d67b33f312a06c656cd3c633f40cc5f5b85c6528b	—
hash062c0a5c8f484bc975b3e5490718cc5c7f732f7f53ce35d81e94cd83c273f78b	—
hash08d4a681aadff5681947514509c1f2af10ff8161950df2ae7f8ee214213edc17	—
hash0c46fd6353f75a8dec81adca9f35e839bd8a7ac9490b947374e3c1e3b24e0f79	—
hash0c8b9fa67d1d149636b560a2ec8f9c50cd41ebf11f5691cf2ea39f1d057f8ff1	—
hash0c8d22d58a747ceccad56317b9c0afe58fe4b9f3c2138134e978e43a5f5ac390	—
hash0d44ff778dbecf8d951c54c199bd35ba0fe5ac817d5ef61b2fe998dfdb794560	—
hash0ddce15bea228c65d3b456759de0abc87aa6e805fd6c466347e9b76913a538ce	—
hash0e71728e5e6a762923fc0372e2047e0d969bcc5efbf4f3010df2ff6576cab725	—
hash11464f7ac40e3e5f771dfe19aee3b3d21cf526a11429038ba9de4c9d7e4bb42a	—
hash127c691f5a354fa0933ec3e9d9d1bb976c2de7092065d75ea66626c8dc007029	—
hash13265c0e32312a0763f3f8fed0f017a606355987ac9398bfb38f47c760ad32b0	—
hash1367dcf619cb935dc08d349fc18d3f9726cfceff151f4d57beff45591712189c	—
hash139b48d1b94a9c31a4c7ac1feaa7bf54b50f33ab8936f22404648233bf48cc95	—
hash184a400fe334027ff287ad0cf83c165fdf4605507c83ec054fb2b544f877163c	—
hash191a8766da98b1f992072045905cf82c771d8cb9f697d08873686778dc70c7f6	—
hash194d739fa93970d63dade70aae7c3b9ac8a6938be9f0e2d470d3adf8c106bfad	—
hash1c6c79b07e45630debe31362e4c89ffab3560c4712470f7af891bb31539d153a	—
hash1d17937f2141570de62b437ff6bf09b1b58cfdb13ff02ed6592e077e2d368252	—
hash1e54b2e6558e2c92df73da65cd90b462dcafa1e6dcc311336b1543c68d3e82bc	—
hash1ec930716999f6a80a4f32624d8f907f2c7887e15b1c518d22f4aefe49367bba	—
hash1f38a9e17e5096bca84b6ec87eb5470b2ce4450a6a03b3e41b38dbd91ab281da	—
hash1f52416232bf57e6cbd8a72335a5f321cf8a571e53b043ee69dc3647d4978844	—
hash27567140d447dc662a178989be84d50c40233d6958251c02a02c097f6650024d	—
hash2938261c867331e12e7cff9ee28366f3986986108eeb00507db74cf0d7b6aad2	—
hash2ba527fb8e31cb209df8d1890a63cda9cd4433aa0b841ed8b86fa801aff4ccbd	—
hash2bd6b5cbeddab8b01e14ed4c073afdbd4316340aada77e3e55ba5e1af21652f7	—
hash2c59f3552a77d2c9527970ae99e204ec279756ac24815a899ab43356420057e7	—
hash2fd9e14830bbeef24fdff29a850a6164af4c4722d742185e022df9106029b587	—
hash34f50a5215c544cbd2ce67bcbf89cf2aee798c56cfb9e225e57e8c8270021210	—
hash358ac037d444ece8c21fa85ad71338a3ff0a10b1b0672217ae38eac18b03661f	—
hash36b79a3eca6d0ee23daf10c436f4ec5c8c279fbfd79c965c7e37515c148c3c5b	—
hash37990aecf5fecc61e4b3a3f5eaec14c8ed03cb20681dc53c367d5541600f9312	—
hash3802c396e836de94ee13e38326b3fb937fcf0d6f6ef9ccdf77643be65de4c8ee	—
hash381c6f7f8c12ea1ac483dad9ac71c09fa807bd1ffe2479f6d6c7da14013e7899	—
hash3869340562136d1d8f11c304f207120f9b497e0a430ca1a04c0964eb5b70f277	—
hash3bdaa78077bd71e40b62ec2d6797c027f0b8deba9c3a7de9eb22823ad05c8201	—
hash3c6dacad931bf24eb953858c0bb3e49fe821d111d9003c9fffcb814ae6e8edf8	—
hash3cfcb57b94e69372cd2815dc63d66ab4b4ac4fec48b3b092f76ae5c9beaa353f	—
hash3f4b5b22b53f2fdeb7a82c94ac4d846f1e4ac0e9d055020f2f063598025b4674	—
hash401c5d2157d303df1ca465ff4097ee4474574c39f614cbb5734193a3917354c0	—
hash41be156c27dad780dd96493319dbd89228616573ec7d731ca2e642ee0e554af3	—
hash41c671332b58f92187e32771ed1ba86c1ed256e36f036f74c91cf1aa7db07bc2	—
hash45e0e240b09ec9b1bc488c2eede1cf19456db70398e9b3b0a35ff90e2d2430fe	—
hash4665c7b360b18496be00246eb3bc886e83b22028e95156101bf73bf0c48dddd3	—
hash4814ea15da1826d9ef400c3e607ca87d11b18b8a1b4f43f13afa93467429dfb8	—
hash494460a17bec58d47212c907e7e7706dc80e99b27a022558637caebc2867e574	—
hash4b268cfbdb86017f6271f09eb2aa54334de24d0ed12cfeb26fbb3dd8e104a8d3	—
hash4c2f8feced7768f756ac7d4fa633b08fd61f0ba198c860fa4f1093dedbf060d2	—
hash4d03c2a47265eab0c87006a4a2965fcf394fbdabb8e86cbe16b36376d04b8143	—
hash4d0663cff0c5c3f29c81e9aefd37f16a318ff638986ecc60e9bce6c90b72606b	—
hash4f71162cef29a8b7feb56574b99c0eccd82c39d226b408c1e7233971588edee5	—
hash5072735b87e62c0239099fcd3d74a677e1b4c6497e0b17ed8ea4c83778c13039	—
hash50a5e6a357c841e6c2058ee658c70756da4b803f2a4f6d2cf96ab882a03a5294	—
hash50b102938d29cc7f61c67da6981545c69f70c7178d009ec1999ee0ddfe81ebba	—
hash50cbf5b9ce69a5c9f9adaf59bf53f4f0609afcba36826e2fa88ca6cedbc06e7a	—
hash52ef3b610426343314e6c0f238e4460f0dffedbd022d33cb8f8e78e980d604e0	—
hash5303183d82b8c4d2a47fab4167868a8cfbf8d56d3397701ab890e88c99105ae4	—
hash547ef48f46ecfe31ee7edc7bbff0c2406f43d11915bcef84372172873012eacd	—
hash5838f38e80657dd318bdbcfd1bdb87181e527f2125185ce95b43abd02badea86	—
hash58ab8b2a21e33b0700d11efd5a677bd98e536e200b45e22aa06059c1088063f7	—
hash58cb66268b58d7ca77fb5f5df668ffa76a23854a6267914fc3973dbf92394612	—
hash5e9362dba53021ab588e396e1cb28100718471f07c5dd5cafa6bf5728f014b97	—
hash6053d67835d2925c52263bdb9e4d7475e1015ea9cc4c8f994cfa7e0dbdb7e27f	—
hash62242df8c7db337e46f44c4323ac9738adba89f095deb8e5d873ee8b35fa5079	—
hash63629c87fe460abb657a504bb9786b913b1250288681520cee9e9fbcb14e888f	—
hash65b601f8154bddd42cb31ce166697335e79f2e713655865bee66654c51e7c1dc	—
hash69d267234d62fd6ffd1c6a12b36835b1454dce4a6df1b370e549e275961ae235	—
hash6b999462e434b258980b1532f5d0c3661646f7bb9567aecdd748f6be10dcb740	—
hash6bd191586c52ecd2a3496616838753db21156d52854a99b7d3fcbf9be0a5184a	—
hash6fdeb1c2f4b5bc4ff6ea9635ca72d8670c07cfd17d3b7779caee22b96727f732	—
hash710e80fb64e08f20ab58c20ccdbc966f6e3b54511775e8ed99ff0bcf51690227	—
hash7363086b152422c99618377e384874a17a708d9eb217c0a7c6f8b6f3216f1e4c	—
hash73e775fc0e1a4780a06fda4f21cca16c1dd9eda57fc8a0ab4fb14ebe5a259eac	—
hash76f98321f50595725f64f058d8f33103d518c5d77680fd7d5521c41786299358	—
hash798e651ed0784fa502d4c4af40802edfcb4fa2fb9ff59b89804707e2ad8c9807	—
hash802338ddade5c023b83dd2111fe30b7d5b4b21b86408e91544345e0c45702a1d	—
hash809050c6f29e80e9d0918060634df601ae12b27cc50439f4c123b6301ce26043	—
hash809b54b0f6092cad1a764872acb9a31ed99792589b84cdb279b4b1d15e8ec8e2	—
hash81e6adebca376dfbda0484ab4475d0ac76a1e86afe0930e45ab7137cfd378d38	—
hash8246ba12e1ebfcdbaed80a7ba1ec65423f23b9b7820c0dfb07ee38baa83d6a20	—
hash84f2d273623efb6cdd126a89c1f9567e8977d21ffe684758dd722a27d2d53aa9	—
hash8515d46da83fb649db969b2acca47cd10f232174af358560210b362a56594fd1	—
hash8684e74d35baab30e8f8af7db486c2a339d3063feb2074109b8c96c1fea8313e	—
hash8719ccdb87c8b2c4e312208bd17a8df42a1683c10bb32699bb415a66f0dbdda0	—
hash878a3a06aadf6d22a61dc6a160a389b6fd34f6629a32df3407c300bcd7829f4b	—
hash881a84477b509e2e63b70915055b9af1d12cf8fde9fb5031823c8c2a38c8979a	—
hash890cf9827361add4c2a6e5b93f7f9ccc9bb2f555e0cd535de144203f7156a959	—
hash8b7be1efcddddc3a29ae0514a6ae758e7f86be193ffe380e5e1e38dc22affb38	—
hash8d5d4e48ce623085efec9a56981b0ab74f1180f3b42614df88f11da543f2849a	—
hash8d8d21f2c28f3e44b7253583e04d11cf7e7453dab139c187201f80e70d89b579	—
hash902c9aba42378c40c6c9623bab2326cb8b98fa06cfc0ee0379349055137c9500	—
hash908ef89767bcd583edb96a8c12f3046b9db522cc7310e2c20799881d7bf75f9d	—
hash9112b8623844774b056c842da3417f75c86bff115d5d15db2d6226c6ffd98895	—
hash91c2fbc594469839ad062e7cf359f2451fe8a14f041d8afe515ceab800c35133	—
hash94bb5b8cc0a2d01d4f65294c816299b97dd38bc7be8fc9089dc90cc969995528	—
hash952cac8ec226b4ed38a2631c220bb80409edbc0c9a0ac2793b879a259172282b	—
hash96dfb6337647d890875919334a8dfc1f8f6e887f4b9ff6afedfb3574c7b444a3	—
hash96e20ac7d4b018b360672f3fd9e63d3429bb4dee3974951c70699f44c87278c2	—
hash974285914961125d2963435c3dbe49b882cd88d95563b1ae3a62cd6240618c16	—
hash982ec3915d458007e960a4dbe0c9c914825fd88c1739ab3f7edfebaaa10bc265	—
hash9953bbe13394bc6cd88fd0d13ceff771553e3a63ff84dc20960b67b4b9c9e48e	—
hash9a4e39fcb4033a9c849890085b67faea7265eaf56744e77aa8180b1834b7e14a	—
hasha03badf094c46a97711da1494749962168472550f786dbea508cf6978252a2c8	—
hasha309753efca5242bbc9ca0e54a381ef2bac6625a0f591d79f8525e1ec196be4e	—
hasha38f1ccf9d3e29e39fcb01b53fc245eac2128c4219c6567891dba4f6529f98c1	—
hasha5febb4b5ba6572594de87d2a9de6df65d49da755385bf3d3d4d054772ce493c	—
hasha67d73996a5479312f4a4ea4fccdde293695359aa6b6da06c01248066a7131f9	—
hasha98d6df438ba2615107642c7c6da104de1c9aefdb0f184aead763ae3057c11e9	—
hashaadf323d8052da80c761ab9d05717603804405ee33e624926009a30d857d6d1a	—
hashabd4263c97ab33b22f67e581ebb09ec7b98e4084dd32a7eca6502d3737715769	—
hashacbed908bc3e804ad183f3598dfb379a366f6209462f5fffc77fc9231ae1b048	—
hashade52759c6aba1a0aa5b0dd3f779064c1021502bbe944dd704214522fc66707e	—
hashae4db4f97700aab607368a4d3a489215b2ddb5af60004b8da6e5b0c0220c2c25	—
hashaf3530b841049f90b9f5c818910f1877ef8f89bea0454fe72ada397e9bef1565	—
hashb3a95ec7b1e7e73ba59d3e7005950784d2651fcd2b0e8f24fa665f89a7404a56	—
hashb3f46a63817a2076e3de49957d5801eb8ede9dc1498bdab702fcc6f8cccf0e61	—
hashb417396efb07943d380182d610da313607308a74fc0dc77318407a5248cbab6e	—
hashb7b7516063052b84f3d240b66630b01d0c098376dba531c5ae9dbcaa1a099820	—
hashbc3f10302a62a5e100a2a31e50a9c32a554d74015f17be2299273d143d2b42de	—
hashbc5c7fc357244b8cdb1d79c545c4ac5d20ba770d028dd4bc66a00dd4ba2679fa	—
hashbdd89826ab8d3e3c03833b1ea8e4b0a34c80f13bfa5882e5b82f896cec41d141	—
hashbfc1064d3624c7bc68ef6b8ce2b0f40229d5981472c8b443c58f38bf3f461b2a	—
hashc220f9ba0ee8445ab6d36f19d7cf24fd6df72eea41b9ba40f585451ee24c0f6d	—
hashc2f1c765b03b4ae0c08455c2b5e917ba8564ad945c3580a1e622169aad67807a	—
hashc399fe7ba04828aeadd881d7daa17dc0e3b880e95cc1aa2295c510f6bd8aa1d4	—
hashc3dc66c657dd5a8a624c6eba67a6b8d1dada8ceeb13aab169c3a88c615831560	—
hashc3ecbc6023bfa170c31eaf7033b68495798e305111ca9f2f203f58b9ec942384	—
hashc5fa7fd1ff45c5cfaec851795f4c2e15326046f3022778bdf6f37b7b1dd75f5c	—
hashc6e672b832dcf78490ea8d128f5f8a647274b9b98d851bc36ff07b2d3a0d7ba3	—
hashc8d9270a38a2e6e0659b6b9aab7543add0d1bc521afb51f7dcf68c7426a8d57e	—
hashc902a206da5c3e1a4b8b8ba9f0e63f314e8cadcf044c25f729176b29c19bcbbb	—
hashd0add7a41b8c78ab0134752665278b9544d417b244a788c620c5da5215b515c0	—
hashd6fce7c094994b19d96c9ebcccc07b9fb5efda2e4e1da352d9e0e031f0457c5e	—
hashd73af3bd70f0f68846920d61fab8836cf8906a2876489801f6e130f4d92aa50d	—
hashda43703c733a1b0af183fdb61877b5c15651c21ffcc3a49c6addc83d76c10329	—
hashde5f6cc6a3eaee870f438a43e1e262283124aa1cfa11ad395a05c4bff026c09f	—
hashde88ae471d8b95e5e10264aea5eb040fedb9bb71428385e7cff6c77a6ae47d97	—
hashe145db8668b15278cc55b723df9f296103ef2ea3511d90e2bbb2ffa5291d4ae4	—
hashe2c283438e5f9236c5cb2e6b8b95ca78d520f7b776d64a050664972cb51076f5	—
hashe300c44b45b07f3766586e500f4f3596c23ffd80171eaa5334bb4db3e8d027e0	—
hashe44958bc36609a48efbe2ad76b57ed2227009bcfac6322c1498b76f8d5cf1271	—
hashe4fff1e153ef46a29865f28df724e7a3246809d9ae75a7546b580938acbbcb73	—
hashe580dd04cbe2407ac7ab06d148297231cffbb8f8f986ce1e152383970927bb71	—
hashe77bd0bf2c2f5f0094126f34de49ea5d4304a094121307603916ae3c50dfcfe4	—
hashe8c56706296175195a03348b9cd5064e60c36fdeaa6e5fd7b5614ca6bca1c3f8	—
hashe9010ab2a031125f12225d8b1f19ac65bc03b87332dc5caa35028a577b9ca0fe	—
hashe9b0cc2118a7a07709b56f7358c07f4a2959f81c87da5f565fa08382768fac8b	—
hashebfdea1721914a504465ea474edc3f823c3e13fc71c86f04f4793c61e5070d92	—
hashee6a58d1e3ce4f2e7fac7bb3c1f1c24836bcc79f456035aede52b7d14a7de77f	—
hashf015da1f2ada32f734b81aa282bea62840cd84afaa353ca52d5e2d0c82e705d1	—
hashf10bd5443148d47fbf7c6a6998651eb9bda4c7c9213f9e5a65a76e98637cb748	—
hashf10ecfd0ac437420e8754dbefd9b49c710fe87548ec1350eb2598785b33afec1	—
hashf4052e52fed661fd05ea39a5187781ec6c234c5d7ea4ab91cd77f2e1d2c709b5	—
hashf491d8b510ee283d24d40aa5233743d8cf834a164d0f681af8870dd1f35b734c	—
hashf4f02429e8e1e966203d69610c31ae94ad4d34de10efd5edc4669ce067c4de4f	—
hashfbe1970d89b8546cd57522bf479e8be08fec4f3df9bdf79d0f3436250ce38379	—
hashff6d88f53f2a08107c08729f2698f75cc759f3c423fe6e5b99b2c32d7c40f8a4	—

Url

Value	Description	Copy
urlhttp://31.boo/73689d8a-25b	—
urlhttps://cdn40.click/9e4e27b7-bcfb-4298-bf8f-2cf4a6bdb3bf-9b6b40d6-3f8e-4755-9063-	—
urlhttps://cdn40.click/9e4e27b7-bcfb-4298-bf8f-2cf4a6bdb3bf-9b6b40d6-3f8e-4755-9063-562658ebdb95'	—
urlhttps://ib.systems/range.csv	—
urlhttps://monkeybeta.com/crypt/Package.tar.gpg	—
urlhttps://utr-jopass.com/index.php?utm_content=$encryptedString	—

Domain

Value	Description	Copy
domain2024-7zip-10.shop	—
domain2024-7zip-10.top	—
domain2024-7zip.info	—
domain2024-7zip.pw	—
domain2024-aimp.info	—
domain2024-aimp.pw	—
domain20247zip.one	—
domain2024aimp.info	—
domain2024aimp.top	—
domain2024concur.com	—
domain2024lexisnexis.com	—
domain7-zip.cfd	—
domain7-zip.day	—
domain7-zip.shop	—
domain7zip-1508.one	—
domain7zip-1508.top	—
domain7zip-2024.cfd	—
domain7zip-2024.info	—
domain7zip-2024.pro	—
domain7zip-archiver.click	—
domain7zip-archiver.shop	—
domain7zip-org.live	—
domain7zip.sbs	—
domain7zip10-2024.life	—
domain7zip10-2024.live	—
domain7zip10-2024.top	—
domain7zip1024.life	—
domain7zip1024.live	—
domain7zip1024.top	—
domain7zip2024.info	—
domain7zip2024.one	—
domain7zip2024.pro	—
domain7zip2024.shop	—
domain7zip2024.store	—
domain7zip2024.top	—
domain7zipx.site	—
domain7zlp112024.top	—
domain7zlp2024.shop	—
domain7zlp2024.top	—
domaina-asana.com	—
domainadvanced-ip-scanner.cfd	—
domainadvanced-ip-scanner.link	—
domainadvanced-ip-scanner.xyz	—
domainadvanced-ip-sccanner.com	—
domainadvancedipscannerapp.com	—
domainaimp.day	—
domainaimp.link	—
domainaimp.pm	—
domainaimp.xyz	—
domainaimp2024.pw	—
domainairtables.net	—
domainapp-trello.com	—
domainas-a-n4.com	—
domainas-an-a.org	—
domainas4na.com	—
domainasaana.net	—
domainasana.pm	—
domainasana.tel	—
domainasana.wf	—
domainasanaa.net	—
domainassana.monster	—
domainassana.vip	—
domainbloomberg-t.com	—
domainc0ncuur.com	—
domainc0oncur.com	—
domaincdn40.click	—
domainchhimi.com	—
domaincnn-news.org	—
domainconcur-cloud.net	—
domainconcur-sap.info	—
domainconcur-sap.life	—
domainconcur-sap.one	—
domainconcur-sap.pro	—
domainconcur.cfd	—
domainconcur.life	—
domainconcur.pm	—
domainconcur.re	—
domainconcur.skin	—
domainconcur2024.com	—
domainconcur24news.one	—
domainconcurnews.one	—
domainconcuur.com	—
domainconcuur.net	—
domainconcuur.org	—
domaindfuture.com	—
domainfortis.host	—
domaingl-meet2024.com	—
domaingogogononono.top	—
domaingogogononono.xyz	—
domainhip-hosting.com	—
domainjvps.hosting	—
domainlaw2024.info	—
domainlaw2024.top	—
domainlaw360.one	—
domainlexis-nexis.site	—
domainlexis2024.info	—
domainlexis2024.pro	—
domainlexisnex.pro	—
domainlexisnex.team	—
domainlexisnex.top	—
domainlexisnexis.day	—
domainlexisnexis.lat	—
domainlexisnexis.one	—
domainlexisnexis.pro	—
domainlexisnexis.top	—
domainlexisnexis2024.com	—
domainlexisnexises.net	—
domainmeet-gl.com	—
domainmeet-go.click	—
domainmeet-go.day	—
domainmeet-go.info	—
domainmeet-go.link	—
domainmeet-go.org	—
domainmeet-goo.net	—
domainmeet-goo.org	—
domainmeet2024.com	—
domainmeetgo2024.life	—
domainmeetgo2024.top	—
domainmonkeybeta.com	—
domainnews-cnn.net	—
domainnewsconcur.one	—
domainnewsconcur2024.life	—
domainnewsconcur2024.world	—
domainnewsconcur24.one	—
domainnmap.re	—
domainquicken-install.com	—
domainsapc0ncur24.one	—
domainsapconcur.pro	—
domainsapconcur.top	—
domainseven-zip.click	—
domainsevenzip.shop	—
domainsevenzip.today	—
domainthomsonreuter.info	—
domainthomsonreuter.pro	—
domainutr-jopass.com	—
domainwal-streetjournal.com	—
domainwall-street-journal.link	—
domainwebex-install.com	—
domainwen-airdrop.net	—
domainwen-airdrop.network	—
domainwestlaw.top	—
domainworshipjapan.com	—
domainh2.den4ik440.ru	—
domaincdn251.lol	—
domaincdn3535.shop	—
domainteststeststests003202.shop	—

Threat ID: 6852b5e8a8c9212743885547

Added to database: 6/18/2025, 12:49:44 PM

Last enriched: 6/18/2025, 1:04:54 PM

Last updated: 8/15/2025, 7:16:50 AM

Related Threats

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

New FIN7-Linked Infrastructure, PowerNet Loader, and Fake Update Attacks

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Indicators of Compromise

New FIN7-Linked Infrastructure, PowerNet Loader, and Fake Update Attacks

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Technical Details

Indicators of Compromise

Ip

Cidr

Hash

Url

Domain

Related Threats

Fake ChatGPT Desktop App Delivering PipeMagic Backdoor, Microsoft

Phishing Scam with Fake Copyright Notices Drops New Noodlophile Stealer Variant

ThreatFox IOCs for 2025-08-17

ThreatFox IOCs for 2025-08-16

Scammers Compromised by Own Malware, Expose $4.67M Operation and Identities

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility