Alerta de Seguridad Cibernética2020/08/02 · 46 PK factura agosto.doc DL9751881407GG.doc QBD-080120 QMT-081720.doc 465939.doc DMU-080120 WFW-081820.doc QC2988851787CI.doc 50152150.doc

Ministerio del Interior y Seguridad Pública Página 1 de 20

Alerta de seguridad cibernética 2CMV20-00077-01

Clase de alerta Fraude

Tipo de incidente Malware

Nivel de riesgo Alto

TLP Blanco

Fecha de lanzamiento original 19 de Agosto de 2020

Última revisión 19 de Agosto de 2020

NOTIFICACIÓN La información consignada en el presente informe es producto del análisis de múltiples fuentes, de terceras partes e investigación propia del equipo CSIRT. La información contenida en los informes o comunicados está afecta a actualizaciones, por lo cual se recomienda establecer una cuarentena preventiva respecto de los IoC mencionados, previa evaluación de impacto en servicios productivos; una vez que sus plataformas de monitoreo no detecten actividad maliciosa, se debe evaluar la posibilidad de liberar del bloqueo a los IoC consignados en el reporte respectivo, tales como servicios de hosting, de cloud o similares. Estos casos de phishing no involucran directamente a las entidades ni al sistema bancario, sino que son técnicas de fraude indirecto, en las que en infraestructura externa a éstas se arma el mencionado phishing, para construir el engaño. Las entidades, en general, al tomar conocimiento de estos portales maliciosos articulan, dentro de sus potestades y marco legal vigente, las acciones necesarias para poder desarticularlos, pero ciertamente los usuarios también estamos llamados a estar atentos a estos intentos de engaño.

Resumen El Equipo de Respuesta ante Incidentes de Seguridad Informática (CSIRT), comparte una serie de Indicadores de Compromiso (IoC) obtenidos del análisis realizado a múltiples campañas de phishing con archivos adjuntos que contienen malware, los que están circulando en el ciberespacio nacional y representan un riesgo para los sistemas informáticos, así como para los usuarios en general. CSIRT recomienda a los administradores y usuarios bloquear los hash publicados en este informe, y mantener un permanente monitoreo sobre el resto de los Indicadores de Compromiso.

Alerta de Seguridad Cibernética


Observación Solicitamos tener en consideración las señales de compromiso en su conjunto.

IoC hash Hash SHA-256

f98994a898e97dd2173021aad49d223a8fec7b5320dc209cc1ee76335433b672

18d68b5bbbcb1968de076f0bda037bf014cf39da9dc062973b1f28ae805c10b8

9543563739bbd6d95b1ad3bb28c811d9485b04c763865fcb8bcb438e70ad574b

297f4f2334f23666aa894f8d89b15cc255462eda977a194792c9eefa5102a3da

3f46dfa02116a1ceeb64442bfe328046c881c67e3324a5b7af2167a7f7056da2

a422a9f419e7692a5a70575b5c1b7fd1840cc04a8513905d24bf1c3f123c6532

77893a46e331faf345a8134849c0182109a90c65f156f288b95f054bc8bf667d

e7007d098ff3b77d307fdffbc2b566e6396298bfb9718bd207a8b377aca0b96a

6d46c17e15f81d98edf2be463c6d3c8735ff411e04b3f533264e778175372e67

174fc48e8d50201c36d32a44446a1cb0b1a77746ff175b1eb6c97abe19157fa0

cef55bfb3607b1fa90780d86b0a2f03ac858ce5f4d71778e1b6d7fc9c420c778

dffcf6bdb07238ccba3d7190b2c9994281d93771382853b5123b72b346a6e580

fbd3059fd805394844c3155289cf746cfd0579cd29abddfb067755782344f6b4

d8236d000f03a86fa9df277fbc63c0d49157fa9a170567a8db6d0d10ea606fc6

1a92578592df96f6bc3c58861c8719f37bd57d2386789d07d319c613fcf2f79b

4cca158b9ffeb360d5409c9413c6b4f57c4fdd7dfbad1e89a8d1f249e0595362

3619fbb933dd0f54a5b27edbb09cc0950e8250993bdcef880918e88ed4eff418

04720f67384947a995cfabe2be07526e81fa7c380a66341af27b1f8ef4ef9158

bde72c1bf759a57cf0109b13c85ddb2b27fd7f7d67ab0e2f018fb4c10259277b

185da05786d6028eff22b5748184651bcd2954560679f89186d4cd3757bc07fb

0d7e384c35af2672e0e3f1cad3be7f2247e70a58b8930b6c260c2fe82641fa93

46b9311d8d94361f0d43fd2719ac24f83990c6176434ed1b4382268316158604

06de4cc259e1fab7824ccc937c5ad00fc3f316fa6080c96f0e288470125e9eb0

fe442ef5cd52c1dfb8ccd533db4683801f76a6a062fe3def156f0728ab209d1c

faf2e08c637a9dbfd4ca262d44d755121df6192e1b7700c3f7426f91ad782a79

227f0660fbaab5a545997b64d5eccdd1b1a42b997846f7aa00ca3cb732571d62

046ef2036e93a6cf34529a8ebbb37aa633f1036021511edbee0fd2fac0363770

500826678f9ee983af861d485726ad3b896a888ce5d73112f751aab0afa9c25f

6936a0509e4e7dfe0eda19591c4cd14bf4958b673904423fcdac0ce635df17f5

0ea7c2f853927d7c5f78f0463c1692da8cda7db61ec5a96c22eccf839c20ea41

20a253289b5b1e98e4395fedf4b787f6c29a346461417bac10a3929e44aa80eb

7a615254ea1efaebbfad0fa7ce4029962f9b84cbc802040f176dd2ba0dad7a8b


eb7d757f12a5c7e1a504263dbaf96edfb70106b9077bd018a596707630e59f36

6811d911f0a55d9d3baa024402e6683613bb6948d2a582af62744cf0d5999811

aa3f314a08d05ace99de921d3d158e0e2ca34ff02bfa203d7fca86efd3b6ecf9

75ec695404e6fb8eb94c2a23f18c96f049a29b0966b8962e9aa8dfea8cdfb6fb

90c7df1ef47b67fcf93ca956da8e1e239c24a0f2c54452b61f26697b5cbd4ccc

58a3b5eb7cee65af636f922599c80f432b67b9056e592d2b04d0b3eae348cdaf

332fb15e827574730b238731c1d69515d2110a2a48ecf3742552854097bbc5a1

ade9e39c47dfdbc8a8ca925275202e185a89afd1ff228d367e8c57c35f909145

40f7770f2b4cf7b9278695e6fcea916099ecedae08d4f4b3070f3fb47feb413b

0ffb643d2ef22089512c5de14e1d2f14d5632e77e9f609b1374c79fbe0a788e0

b6a88a3105cda60ccf7cc420d8219613a29354b440198a823a06fab33a7ce0f3

e2531260a88716bc42cfedc37b67576c03c26a31b38478d1a5ba6507a290e01e

d34a4e095dde98d6740346383251d18ce5f9bb8c58071f128db8083844be55e7

4426143a003042fcf53c32a42cb6e2dfa30ff4dfdf7e2248eb6533df67ac8723

7d80b665b7d9907557a2756a0b1d72dcaada131868f4b54e1f6b0d851af8a691

329ad300db13941747388cb7e32c6ef8f8875d3090cb9ebf09aa51420faa9bfa

cfe5cae34d529a71812a66cb3d6f2e9b2b7446bf4ece6aeae5c32c9cb325ce7a

716cb0fed68d3999a988461ba151d314310471e1ff5e5267419ad5f378da2150

92bd87c0eed15bf75f7c61b1879280e25a7997a4afe7c804c82a3902f51d46c1

fb085bfcaca400fc73c9feab6b6188756efe9a48bd1252d7a4d92d49e128d7fd

8a0ab5f62f9c89e569b8ba1bcdead4ea78ec2c487bd77ffd4c6e46069fc2de61

59e51163c89fdb8efb233116a9162bcfbdb1aca8abca68d8844ba7a446b79231

9615937f74340796ec99bd10c3ab61cad9ed3bf418618f63ee4bf0b26a12933d

93c757f16bc5e7ceb5300b74601fb8dd0622aeeb7874d3de80cd8cd0fba33fc6

ca8339f01605aab6ffe387c190cfb94678d9b01c46b49833e21c4764361916ec

77b91e171886421bc7a87ccccd572453071795281331490c3984b3601ca941a6

17f0df38dcfe5b2c5d5dcf6381bfbad1f787fc57254289d5cd3bb3862c97dff2

908512123aef8dc11a155b449d0d8b44aff22633d16740b3526993469b23cf76

8b3d645a87ba02e7f90563ea285607a6c60a2a6889ec4eddcc2f3bb29fbb8a85

69d3f09930fcee1c934169fbf11d379163a3058c0db215c9fa09a756934ef0d2

92be4a79167b433e9a255723e3b6e3e3b01bc350cdaa6bc01a1cb46653bdc086

e997b17d809b4d63590d7b7cca81318d3ecd18b59a46a4e83d88af6dfaeba54b

fa091c2063586cd9d9d914232f24262ac4919b56a505d3d55f4c41b1993041e5

fb6aad846cb69bf2d5287dddf2b0f0899e5338ece7621d4d6553aea13fa9a285

8f839a86131afe705c426058f4a696abfb173755e42eb809bfa930a3542741fb

98c343c9a6bc0e1498638cbceb56365d8a033eb3443f2856a872d5a3253d5040

0398e937578299c8ea89c81fa485998fe3da3bb72a1b32e1bfd698f9e68f2d46

775e429d5a487bc3419e7fa9d362bbd136cbabd2c69fe1197945413cd64ebad6

95f94d75396fe435cb3fdd83334a9f6233ee4253b6fda99e32faa74ec7305c51

d37dbec53cd6d4b87ab9e6a91a87faebb6fb73800d94ea40c53636513335d109

8c3afbfc78b8936d04e1372b507046990c8f3a3d4dff80f59669660aa77fffa2


a24e88dcf3313d7c4ead8e94f929a233d7adf5f289c8037f28eddf84409dd8f2

9703189cdb1cb81ac14c18596b0a22f0ecd3ab887b96706d493b72957cc615fd

5f0f7cccdbe15b26ad3d18fe0dc9c31aba891cea529b65e56c7dda35fa776c0c

f5a8e153aae0bd35392951aa14269d64d085b52b1e38adbf0e5715f52d82cda8

5b62c33ddf4d2cbf235e5207ef5f6464e4a842e2cccb62845b9a31aef1dcab54

32cb1657bab6cea4734f694fefe16389dca17cad7673cc0be676c77e070ae735

d9a6c193324e3a4357eea060096a2f90b24985940093efa00beb121d569f1ff0

c0d52e530eb53f7b00ada02a5980f4c692aa0f49500db8e023aea44a5b55c0fa

6eb52f464c8845b595169880341a670e6dfc2fb1c5ba4e59f01122d6e15c9536

5e842e47338636cf919cf4da91f192fdee581c3e70625ca84d9ff63ab8b6a012

61ec87677af079740e9c49f8d26425ce9c1226a994c24e44e236880751d8dc14

b46dc61d653d60ad6c496660e2145b3fd27354a3c6e1ff594d17394f2cd887f2

dd1a79922dcf7462e86f200320762c2cb41cf4afb4c128643ce1692c558fb7f4

94d6420132e9859795d85a622449c7e306f28f23cfdab39609510bfeda7695e8

2249b7f682e20e230fa3a26e2c1ca95f543448fafef5872aba51ab41dac6d54a

e9d5441c50624af5a58096ec5ba16a2d815082b0ae4167400701d59e831bcba1

3fd81bce17b322cc1810239bbffd1d54f1f2cf880ffba276b56bbd4bf3aa3287

5fd5cdc5dad1c3ce7bf38da2cb907aff373556d7c3f43a2395d16a99d3c0dfeb

8448d217b8a0f93db8a7571e4cfd2283b1d7078b06506c3730338f54fc0680ad

cf567e80d7e19ed5820e08e0338208b17c91f0fe1989cfee472451d2fc3848a0

9b212f90514071a55bf12f4c577d7a54e8c1ddaca53bcf4d7c8c7ae4c8325e4d

206ad3ad8761a58ca0bb2aa65d378fb30638e52b2be1afff27894588a7fd2c81

1899cec0cd26a1b49b85ae455427f61b4af70acc8b085439bccaf9fed3b51ac2

da36139efceba6bdc76e654a8ee65827216781721578417791ffd386102b8272

bfe6c5f2d5512c4387c5300429ed7fadfedc8354ac47ab2585b84c0804f79add

bdf05c1c759b9f0ed36f608a1bed6c48a5b457eccbe5acb964f950ed4006886b

a71ccfc955896a3c1c1af01f0bf76e4f0032ee7a7d2d1072261ddc50ca08c949

45b3f1d38ebf562468ecb35248f517976d119812dfb7373139c8225318083402

f3e599462a205bfa1d00617bff2cc11d0be8953e1521bdcce0dec8ad9ca1b444

189e751b7d5d57f38e4ab49d26fce361285f1d52c700d0c442b61afe9e8308bd

b9878f3f33f338d3ea58d9e922b333821014a2aaf46a8d3b598c7a27aedac605

63fa0eb755ae45f56d259df0fae19cf7992fd7695e7db566244c445e60fd9803

b44d0d608fe7f5e038f70b94b4f28aae16833d45cec730d67050f2ce4fb3ab70

9c4332c86f7690f33c80b5326ccfd8a2f6ee89f3eb0cadee21135c2a326b93b5

88bf8bac950394612282361b551093cf1fc81018c759f1df9997f41fe11c7be6

c528dd38d4123c0429eb386d155c37d99c40cc4b2537d2cf5bddc183c9400390

581a74987162ca509dd5e397e1d5189136812f1a56cab71495037e89d3340a10

67e3d2e4c15cbacbbe31eb1f9d4f091cb49509df87b5a84d5509f3a31e1810ca

c70fe59a67a2136f0a15f346ebb447c499d6d4a8642552cc3b0f8573b1a3ef2a

cc586efd62ea905b8782884b3c34e8404c346ad58e81f4a5dd77b9458a1d6537

6adf785658455f70d106830a974f0bfdb045878521186d0dc35737e80b56b9b5


fa53a4fb5c10db946ef6af1aaee112b851770c3658dbed165a6eebdc581a4e9f

eee94cac6c0f88fc93e5dd97b0ce0c6c740340806d55b5a39d2fac81361899c7

bb8b51bb8f2d33030c1f963dd95654077beff6ce188a27f1fbf8d0fc792d03a9

fcdb070abfffb0c9f0e4f52377b257f711f6d42380533d0e0230a6afedf0c489

bb82816cbe417ced582eb8915113ac0c7ed3dec3dbfe85ffebf43b6d6279eed5

23df8f7223ff69ad36e49017802700a225daf7f5c5b41760ced3d5933b2e5396

e9e9ebe0236825ef7054438292cba1f38d5939f1f6f961cd20529f0e99308484

4ec08e452e7eafcff44c88aecf71b7cd95f8d3a68a7258f9bece3aa3a0caa123

1862e99ea1c167eae32cb508186cfa5563bd0be486afcd3ea2758bdbbeac634a

5a26227258ad3ff240bb5aceed102d85676e47f37027b00bb1ab4f2c483f428e

00e63f775ab6754542ad3fc9901605f2f2deffc3c9b94042334f3dfaa2d57813

746d6b431ea0298e8c198ed25d40a2ebac830a9ab45a026e598b9b12da73d755

43a7011f32bdee999ab624a671ab51d41d8873700bfb1206ca7f26b381ff430f

978eeecce40faa3115232aa22fa2b53bc7559cb9f4c5ac82ed26728e460a78bd

348368dc3b9ba59325226c159fd0b695e4256ad96894a3f58d3b97297a87a1b0

2c9e7a8034c8beec56ee3f61e3e9f4ec9843f443d6df99c206d1840accdc102d

002fc17ef46f5a786a26f8463cd5ec94ae73ee28100e60d364eb8ac85e70a10a

2aef7ca0588b356c05ad5f310cdb665c2f2ab7f82613fe391dd4fd6272f24603

4b5a8f5083d27e7c3aa4c825edbf9e6a464fc717ba35c243bb20798e6cd26da5

98b1f2eff24595a16d48e214e8f412c7e6dca8a44e20f4bc3aee00441439eab8

a63fd6eac2ee50dc75e438aee7a9583cb97067bed45ed1c41a7ff5b6b3f89cf0

3c740f3dc0f136e33708d29131b274d7a1fc962128d6189d2654075f43961e08

201b17de99f93a5fa3807f62e4e862b2ab1b07126ee25a8fb255e5d2c4527375

a38fbf291813f0d3078e4887373bf0474bb087a170130e54570d9a85a626dc8e

71cf52e83c16ce9dfad8a074f4c768efc94e262d70f9115f97decbccbf717981

3caba7efd725be382a8a8eac13727a40e06874f65eb610f89e0b36dcc38ad34e

37fa3d3cd6ac66a6c2dac81cdbfa47a07af9cc5d6103546473c07d0dec853636

b4d0273f36db1867db54b66d10779029279628a6d26cd2bca605d3f2837c5fb8

e72e7fc919831a1466ce7e52f75ba5ed79a6ae5c1782de1f1e33b1130f843609

3d12c877744aa451b0e669637cef10a67244306c52a802810e40ff736b42bd5f

98d8ff69999f9f0ed17a7875abca69ebd33ae56204503783bea9d9bc923496db

5323e3eb22fcccd879cb74f47c89d13dfe4e32625f12857c2ba993caeaed39fe

de40280458d35dea7236154a871466f833a5c4f60f3a91275194a5a0339ffe52

e882dad5b84a41853fdb21f8229c8bf081505ddb9334dba42ab48f07edcebc86

be3ec3f71ce797fc82f6e2c0d4544dde3c5ab20ff6df9ed778b0ba1199a980e2

8b03dc5fe55fec0064b3e0886526d6645dd239585dbd1aac5ccaa79d68bf51e4

8926d5c96e139ba0f6c24f25c6d8a167c05cb416b4a917f184a5da60b2cee1e4

4dd5ab66252f8c62ed437b7aa2ce0426029c40a38e511f9e124f54c2b3752a5d

0b3c0e9e585c187c0cd73a7b46e88b06de2dcf0e3bc11e372868160594e150d8

913b79fe3a68e12795c56f4d4bf82f292e1a8b06d1b47d9faf93c282045319ed

6d8658726b4fb0e9ef7e2c4da945df3eb19d81048f5b0d4445be37f1e6cc8ad2


47059a1a51e2abdc01bd5c19826c992c01a9dc001c66b1b463ed7aeb44f62f1d

524a45bae0ff0792a7f063698960cfcc707811a9a20723507fb9f894e24d8503

c25024ee8d53903cfab572479d2d30782fc9df4b2e101ba9828744e33255c4e8

f05d89aea9d681615cc37d7ada7cee7e50f61352664be0ccb362ae3b5d5d0fda

be85dc6e1ccbe1a1c0f6d504a7893e15d4139c39f4754e8c90a503ae4dfeeea5

768b963eba0a3f6936ff6a6953909f9f70e8751a3b527b73aa0bb5def1b18305

e484e9b8614dff68bd63e103a395b4e03576c2f72fdcba1ff45344012e0f51b6

c41115601a53737c376d1dc1da83bc2a8d4acb832cc3f149aacdf10d92b29095

c44ddcbb54399b54e123f47cf9753dd6376799ce5b101f6a809e957d0b087a3f

28f6023bfe0f6ec89ed3bd76ac369c6347f97ddfbfe104362cd71e5c60bd7437

d56fdd0ccb98a6cb5c98565a6f4d41a26344720b3635b39cdcdb2d13c1b686fc

df8740ae590def15c4443a1e068954d92bdf4035d39b8250481c07c02ae7c373

8a346d540cf74e5dd42aa37659347c7620b972f541ed167bf4ffe7cfcacfe5e5

3afc9565e573e4030c9c8bac0e975001756c97d9eb9aeb1317fc8244f9df9770

7b327eaa3928f6043c1a1364f7dca7cadd6dfe5221f8555a7a844e4a52101cec

7abe37b5b2e622d3ec70391b7e4d53594577c7fea86952a162c22520f5d10291

b2e310b87932d9d9b75c6c2b58caa56ba1fcc0d03637627f831caf40d4156cba

2ef79addbe800eb9cc6e7cd3386b63c1370ec0f595ec5b65a082dfbce3837859

612b779113ec8d81f1ffc43f5b9bffb62a97950d057effa9f9e24f5f13d46f6c

657d798133ff1935cb7d0f8980eb83f408621878a93ab88f8c9f1be17700f75e

09ffc4b4cec8fd4e7071f214ce992e4dac4870b72ff58d734e672d763ccd77f6

356f43c65acd95a0bcf798d86d04b043095ea34975b204598716ca76bb1ed357

d9623f83524ea21232f8df4322a7aca03db7dff94fb5304113564817d3b0182a

c42abb9fa8937bca3cddedf87bd43ee5383c16d5a85e9d18be5f8fa7c0159535

04cf34eadc316061e04e41e01bf2baf556ecbd8ed8a9b34987a0575c84271c35

57cf1b076796e169a6599ca8f463d2fea98ff186a6b9215cc98dcf547afb6d7b

fe72696d2003571f0b659f44787261607f5adfeca7a77225b4bfa30b7a5d4b97

4880043b21ec4f81329836eb14803cdda9f0b7b7218e8a6fd41cce2826022904

54a03fd844bd0237edd04f5f5f777855449117d3977037241a9d4fb0a3e8b149

f8755264f3d8f399537a24b661c03a5fdaf95b380d54293e9e629a3a435cc226

7f4e4f3eefdc7a69b151888c8c227893792cdae5597cd4d7e62cfafcc32716b0

a1ca5c664ed712f7cbca1d38ec1291e96c2393ea5bb9e1b36d016d47ef173a9d

cc29f4c7086098e3bb1351f264d439f5729a410d85313b59daa22e2b67a54057

b89d02d402a5f4db4df9e72ac240eb526e5b96469661a262b475fe018d54f228

2de62d171dbfbb7398e853d4faf274db9b60035a756c376fba07042cfcf8199d

87eb2f405773712e9d12623350ee562319819738d65ed41c6376266640eb1f69

75563b87c6657d466beb1c426cb08f1380f17c6fe35bfcd2f3a553bfdf32a279

62506545326bc483873654cda3ebdfb3c5ffa30cabee18746bfc6b2b06977993

6b28437ebd75936f77995f10607758608e2d451de0d3335636a91fccacb9b7c6

47604867d48e5d9e542c13a46887adda882a4728e6cce5978ab383cb21880a03

5d40f4447b0c10d9560efec254e9430c00b5eab6a774cb90c9d8de57f13b6e1a


03ead2f45f23a95abc9209c03df2c8a1400b1f8f06345ed3431fd504fb083f82

aa8cfd62ae12c0e35ad98edbdc85a4dae438acd7f64f4b08357c4fd821ff3fe1

607f2d3fdda89ae8fed6e2dbd496d8a75a833ba6b941455366e5f3a932ff90d5

3c8d0b8a43d47da9031d500893c83e1726d04fb5ae5de24eb1ebb7113b58d8c1

233d20caa736efe036af3668750d91abe1cb9875e21f1b98d132e4cb4b3874ee

e913ad1ba012af8eb0ce8b48d9a447946693799982c3e9745a3f2c8f7b05d12b

a6bf7c0ccbf14795a34485db9596b83c0d8abf85ceef10c71a3565cf7818593d

a2023357e6cf1b6f5e633fa46766a7fda350e0a45e0f3d271f9df3c798482d15

ad1494059b201a097ba8a3156a6ebb080c0b8802151eebde41382a763b3e9dd2

3cefcf5ad08a8d16eda2106a7db59390b92e186b986da306bbdb522c86a76534

3075e5f4103e8dd642f315d74bf45b8683c6634fd3bf5958bc5225f745dba25c

bd6df621d3fc21030e92e7668b7ed7d038ec043653dd65b4178a622131c27327

e75883ed510de13a0311605a559d6a8f6f216bafbae992c11d525e7f6214b1b6

2122d67f3efbf699748dcf332fcbdbe1b9ed50cc14d6e68d3d73ca0ba73289e9

54ca43ab959fa234c5cc5ffc16cb0f0910fddcbf73136401eedc8f84bd28f728

287337f947290c2bc018c9d0aecaa86f30a6daa50e0ccfca3e397c0b2bfbc780

20eaef5ab4337ffe731943e15d1822c0b42e278332cbc6399b5b1f031a9f23a5

10b49172e6e4ba6fac7d733e85effec0d72c1077507ac7e98c71a8f74c318773

24b24ee24b676c4cf5d7d4f0dea41ea30ef46e4474b290eaab7dc1941f0e0315

809ad73e491d6ce936fc90b0303db1917449dbe70a5ea5ee5fef887645509a59

9f03234323d8ae6e2ad0cf5001292eac89cf3c41981d821b34965d5868128e68

584ca69f52252ded48d5dbce85e882df0cd4e30106e1e261bf79f2d9f121ab71

08f14fc7ac2c26cc0bcaa8aef6df87ae2b90adeed51667cabb1584580270ce5f

567f4c890c02a53a461c9148bfc53ba7fa81e860af19fa301eb5ca88e4de56ba

0ffacda83d4ca9966d92b07cf426f4ebe177b75b4cf10a1c1df47dacc52a6716

7ebe28c0f113999d2ed45a66e070ec77faef6dec4de96cf9035fb9da0c0540e1

efbbeaf00643e431d783d7ba955b9aef2bd2326ca2e09c5774a0a54e8912a5ef

39106c66978d889afee80a155de6b0cabe0a3678f630309a9f1752fb1dbf8ecd

28eb269b67c89bd0d04e74dd775b7afcb67e009382ee26b17fc495a72c31cc5c

4602ab6ff950014ed49278c1101a4f5c64417eb9f70856c9d361c2e393806b93

e19b9654e1f76d723bd9c7d0b543c1ef240466147ee608e4e0ffb4122fce0eef

d00c00ee39c2f7a87db1c7d238df43c9d71b26c2588f4e335165c5cd67c5094d

b8fa920d5e8902180bd0478ea2b1e70de0ea05c4d5058318173f6775c96e18fa

4d1ffbaeeb94a3adb75f9922984da87853510fb64295d0f0616c95384a911ca8

62fd92f98c1c6afe0e51f8832dd35a6f076b8958dc9c250945f6a1387edd47d6

ca214508f0518b89800ba96061c22fb5af0cd98352c551482452958f5d4b2e9a

b2163e3062e73a47d4ed30f1180c31877bf31baf4b7d4d3f23bd2a754af5749a

e4c3fbee57d6e1944f42a9a821297fda3d4946a7638af1d2a9e88ffa066e3d37

0864f5af979d54417ea5c1db2c5f330d5bb0488bb0b0316f990e644e0ec2c327

62f25d164ef59be5ad282fad344656d63ae755643c7be3b729899b31c97b0925

5b01dd76ade01ba0bfbce5aee4b310370916da6d975d16b6f189365f7201425f


IoC Descarga malware Urls http[:]//tastes2plate[.]com/wp-content/uploads/GxpWf_A6FfCE8_disk/test_area/8581944_PF0FZ/ http[:]//newburg[.]k12[.]mo[.]us/wordpress/multifunctional-resource/verified-DbMQ3A-1xD6m5YbELu/q86bIXX5aYC2-GcfikGIibpMo0m/ http[:]//mgsaltyapi[.]com/wp-admin/multifunctional-sl66-8p0maajsuwix51/v1ST5n-7f3ZPee53n-L9W3t2p-9ultbTS0bEW/060411442688-4jwlKG4/ https[:]//idan-online[.]co[.]il/wp-admin/multifunctional-6aegl2k8-bdnxzeqw/external-warehouse/913493-XyBY4/ http[:]//marialzlp[.]000webhostapp[.]com/wp-admin/protected_module/additional_space/IoDBfs7sEFc_8lnqkn5y/

https[:]//123456789[.]best/wp-content/open-zone/verifiable-portal/yeeqa-us33uyw187s/ http[:]//www[.]mitrausahacontrucion[.]com/multifunctional-section/interior-space/3748955-qcnrk6/ http[:]//www[.]lexmausa[.]com/2013xmas/protected_box/605352_oVCidSYoqkvVj_BofA_856wt2Dp/xT8nkJDqBh_eim4vxMc4835/ http[:]//www[.]ncsu[.]org[.]ng/wp-content/open_sector/special_132395439978_iFwxIMDxH/amv_6344927y7364x/ http[:]//www[.]muebleslostroncos[.]cl/available_module/interior_tlTyv4H_SpdckBXyF/6093299_8G0RDZj/ http[:]//ibda[.]adv[.]br/multifunctional_section/close_rza32z0_33801i/9Wh7ix06A_JjjMgz8wd8b5Mj/

http[:]//idealli[.]com[.]br/css/private-zone/close-forum/89zgkw4j7djr8q-08ts2/ http[:]//ncsu[.]org[.]ng/wp-content/open_sector/special_132395439978_iFwxIMDxH/amv_6344927y7364x/

http[:]//kanchpurcity[.]com/open-resource/verifiable-portal/m5sq6I2ee-iKo4ndmIv5s6l/

http[:]//sungvalopkhongsam[.]com/temp/t90yjs/

http[:]//drshekharbiswas[.]com/cgi-bin/La1/

https[:]//www[.]proyectobayacu[.]com/nothing/5/

http[:]//digitalmarketingbloggers[.]com/elju/Ao5IJy/

http[:]//recuperaatupareja[.]com/Archivosviejos/tw/

http[:]//www[.]laibray[.]com/blog/N9z/ http[:]//dandbtrucking[.]com/BgaNhV1vj_oUVFlHeu35vSHqv_b1nq0h1qm1x_rzjzsg2y3/687393_DtW1TUWj9_profile/ojmk_22s8t6x// http[:]//admvero[.]com[.]br/minhaagua/personal_box/close_lcdwnop_iedanuwfbxoc/LqmhQ1I_novvbhnpju/

http[:]//iraniansk[.]com/open_array/y95o2z97gsw3_nk9buc_profile/8iowzk2_z150t43sy3y/


IoC nombre de archivo Nombres de Archivos con Malware

03234864 factura agosto.doc 752.doc Scan01OrderAugust-pdf.zip

1161299.doc 786023 factura agosto.doc Shipping Doc.zip

20200811155150194_____________.gz 813_17082020.xlsx SL-9718 Medical report Covid-19.doc

2020-08-17 Fra. 03670.doc 96-6-99672.doc Swift Copy.gz 2020-08-17 Fra. CI47-92 JR5185.doc 968_0001.doc TF7606971641ZB.doc 2020-08-17 Fra. IM 44-39298.doc AA 95-845085.doc TP-3191 Medical report Covid-19.doc 2020-08-17 Fra. MP 28-22406.doc AB3536396835GU.doc TQC-080120 VKH-081820.doc 2020-08-17 Fra. NEC414517601871340495.doc AF 26-9956678.doc UMS-080120 JSL-081820.doc 2020-08-17 Fra. VG76-5577 LE67126685.doc AH1681482709XX.doc UN-1759 Medical report Covid-19.doc 2020-08-18 Fra. NP92-817 QG4236665.doc AI1493098909PA.doc

updated SOA End-July 2020_Evaluated.r00

20201708_261770.doc Alb. 41-0-654506.doc UUX-080120 LRI-081720.doc

20201708_59-5-3074.doc Alb. 74-0-06651517.doc UVVP-080120 WXVV-081820.doc

20201708_619.doc Alb. HO43-253 XW4987.doc VD8470903562VX.doc

20201708_63858.doc Alb. WL93-8751 BE58325638.doc WE-18746 Medical report COVID-19.doc

20201808_38-5-226743.doc

Alb. YLP32871224117388872.doc WLE-080120 WVV-081720.doc

20201808_83534282.doc AO9793911509SB.doc WN-22271 Medical report COVID-19.doc 20201808_JF 76-0752927.doc

APH-080120 HIS-081720.doc WXO-080120 DTW-081720.doc

202027-6-839007.doc ARD-080120 GFM-081720.doc XI1367993523MJ.doc

202028455.doc AZQ-080120 QXR-081820.doc XR7758766814RF.doc

202073 CM.doc BL0052651418CY.doc YO1391566886MF.doc

202078 QN.doc BWQ-080120 CNZ-081820.doc ZTM-080120 ZIX-081820.doc


2020OS00052547.doc CC-29968 Medical report COVID-19.doc ZZ7104752050KZ.doc

2020QL0002875.doc Copy invoice #7820.doc PO# 08182020.doc 2020ZQ86-92 LN53477534.doc

COVID-19 report 08 17 2020.doc PO# 08182020Ex.doc

22-6-3861.doc COVID-19 report 08 18 2020.doc PO#03465 17 August 2020.doc

27-2-35213060.doc CV-4114 Medical report COVID-19.doc PO#HD512-6 5700.img

342810241.doc Dagordning fr det kommande mtet.doc productz list.zip

3996.doc Datos factura.doc Proforma Invoice 081720.zip

46 PK factura agosto.doc DL9751881407GG.doc QBD-080120 QMT-081720.doc

465939.doc DMU-080120 WFW-081820.doc QC2988851787CI.doc

50152150.doc EQ-5399 Medical report Covid-19.doc RDM-080120 EKS-081720.doc

5537_00044.doc EWI-080120 KCB-081820.doc Rechnung_17_08_2020.doc

56-2-97423351.doc FA# 08182020.doc Ref ____ PURCHASE ORDER. 17082020 ___ Scan.iso

56623_00049.doc FACT - Aug 18, 2020.doc

REF_DHL EXPRESS KULI500796821_PO200000035_SCAN DOCS.iso

73673777637883.zip FACT. 1927_0002.doc RHN-080120 XVF-081720.doc

HH0315243789CZ.doc FACT. 34-1-9794.doc RMS-080120 YRP-081820.doc Indirect Air Heater requirements.zip FACT. 49 QJ.doc RP33-6215 JY5941 factura agosto.doc

INP-080120 XUZ-081820.doc FACT. 99672.doc RT0382294608FV.doc INV #246133 FOR PO #2083785194.doc

FACT. OR 56-48039843.doc RTQ-080120 RVD-081820.doc

Inv_1067.doc

FACT. PEUV077923577909.doc MAK-080120 GNC-081720.doc

INV_39021.doc

FACT. QXW2887328484235324.doc MBS-080120 FQL-081820.doc

Inv_9037.doc FACT.doc MNN-080120 PSX-081820.doc

INV_93168.doc Factura.doc MP-55216 Medical report COVID-19.doc

INV839.zip FAILED EMAIL eml open.gz N.29 OS 17.08.2020.doc

Invoice 06542.doc Faktur.doc N.36150680 18.08.2020.doc IRT-080120 OQQ-081820.doc

fatura T0007754167.doc N.74-8-676128 17.08.2020.doc


JJ5331288329BZ.doc FB8456549828FT.doc N.JF00015244 17.08.2020.doc

JN6464976675GX.do Form - Aug 17, 2020.doc N.VU08201333572986 17.08.2020.doc JO-52643 Medical report Covid-19.doc Form - Aug 18, 2020.doc NK4817661927LA.doc

JT9322637524BE.doc GFC-080120 WKL-081820.doc NWN-080120 REL-081820.doc

KDR-080120 MWR-081820.doc

GHN-080120 IFL-081820.doc OA 72-21091414.doc

KF 43-972992.doc PO 20856200 OLEO FLEX PDF .rar OQ9641257618WJ.doc

KR-1258 Medical report Covid-19.doc PO# 08172020.doc Payment.zip

KU 93-769585.doc PO# 08172020Ex.doc LY3971074418XF.doc


IoC servidor smtp

5.189.135.221 74.220.206.252 170.249.206.138 103.109.25.36 131.72.236.55

23.111.143.210 74.220.207.208 175.107.240.134 103.133.20.22 136.243.187.29

23.111.143.210 74.220.207.225 177.185.202.216 103.253.68.67 137.59.125.221

43.224.137.123 74.220.209.181 177.185.202.216 103.254.14.200 144.217.69.169

43.252.214.122 74.220.210.212 181.198.224.105 103.26.42.41 148.251.244.2

45.126.132.213 74.220.210.228 182.160.122.181 103.83.38.226 150.95.20.150

62.149.128.214 74.220.211.246 182.160.122.181 103.92.104.3 150.95.29.51

62.149.156.112 74.220.216.250 184.154.107.172 104.247.72.249 151.80.78.96

62.149.179.208 74.220.217.178 184.168.200.142 108.166.43.74 153.138.238.12

65.254.253.236 74.220.217.252 184.168.200.145 109.234.163.97 153.149.143.67

66.147.241.113 74.220.218.106 184.170.148.101 109.235.65.189 153.153.66.3

66.147.247.160 74.220.220.119 184.171.255.111 112.213.93.174 153.153.66.6

69.167.137.193 74.220.220.170 185.148.128.148 113.23.215.95 154.0.162.179

74.220.192.153 74.220.221.190 185.179.184.102 114.30.80.44 154.0.169.12

74.220.192.249 74.220.221.200 185.227.138.227 115.84.182.194 154.0.169.64

74.220.193.201 74.220.221.238 190.184.196.178 116.12.85.34 154.0.173.234

74.220.194.149 74.220.221.249 191.252.198.204 123.30.129.117 156.38.171.181

74.220.194.151 74.220.222.141 192.175.105.170 124.29.202.132 158.69.240.61

74.220.194.234 74.220.223.204 192.185.148.200 125.227.90.183 160.119.100.67

74.220.200.166 74.220.223.250 192.185.148.231 128.199.131.40 160.242.49.126

74.220.200.196 87.253.233.170 192.185.149.105 173.249.21.44 162.144.111.43

74.220.200.235 89.203.138.188 192.185.150.107 175.107.240.76 162.144.140.96

74.220.201.145 89.221.252.218 192.185.150.114 175.176.147.4 162.210.70.54

74.220.201.196 89.221.252.218 197.242.156.134 177.185.201.98 162.214.54.112

74.220.201.213 94.252.181.139 197.242.157.212 177.55.103.29 162.241.105.43

74.220.201.248 95.216.103.165 200.110.173.210 180.235.151.22 162.241.42.18

74.220.202.132 96.125.179.170 201.238.215.219 184.107.100.85 162.253.127.45

74.220.202.148 96.125.179.170 205.251.153.191 184.107.112.53 164.68.115.135

74.220.202.232 96.125.179.170 207.249.158.163 185.200.20.119 165.73.83.35

74.220.205.132 98.143.158.242 207.249.158.163 185.222.57.169 168.167.71.253

74.220.205.158 98.143.158.242 210.245.107.120 185.222.57.205 170.10.164.167

74.220.205.178 98.143.158.242 211.125.120.156 185.222.57.242 170.239.100.98

74.220.205.178 101.102.238.229 213.142.130.206 185.222.58.144 172.105.52.120

74.220.206.126 119.245.142.234 213.143.253.142 185.226.161.11 173.0.129.209

74.220.206.169 123.255.201.254 213.202.100.111 185.28.60.181 173.203.187.74

74.220.206.194 125.214.169.213 101.99.64.123 185.35.23.117 173.203.187.93

192.185.149.77 200.91.48.2 210.213.92.2 185.4.133.197 190.0.230.13


192.185.192.36 201.149.15.150 210.213.92.2 185.55.224.110 190.210.9.242

192.185.193.11 201.76.49.154 210.245.83.174 185.93.245.35 190.226.41.10

192.185.45.176 201.76.49.182 211.29.132.97 186.237.0.131 190.61.219.216

192.185.45.27 201.76.49.196 212.118.123.53 188.132.176.49 191.252.14.5

192.185.47.206 201.76.49.222 212.20.161.18 188.166.73.131 191.252.30.137

192.185.47.228 201.76.49.225 212.88.109.66 189.113.174.73 191.252.30.33

192.185.48.251 201.76.49.227 213.240.61.10 189.126.112.25 192.163.233.42

192.185.49.60 201.76.49.230 216.169.98.160 189.126.112.27 192.185.143.39

192.185.51.36 202.148.2.134 217.70.175.44 189.126.112.48 192.185.145.23

194.126.4.68 202.158.48.236 219.94.128.26 189.126.112.57 192.185.145.82

194.126.4.82 202.162.192.24 24.232.0.139 189.126.112.62 192.185.145.87

194.90.6.2 202.169.39.204 31.186.28.21 50.28.39.88 66.85.47.220

196.2.147.90 202.4.37.25 31.186.28.34 52.76.237.110 66.85.47.220

196.22.216.144 202.4.60.35 37.156.29.128 54.240.8.86 66.96.184.10

196.27.102.191 202.57.8.101 37.19.92.36 54.36.111.161 66.96.184.5

196.44.32.227 202.71.100.21 37.49.230.243 58.71.59.77 66.96.185.5

197.211.212.76 202.88.241.248 37.9.56.226 58.71.59.77 66.96.185.6

197.211.212.79 202.88.241.251 38.130.211.52 61.219.144.88 66.96.186.4

197.242.65.114 202.95.144.38 41.221.32.195 63.250.38.3 66.96.187.3

197.242.65.114 203.124.36.83 41.221.49.90 64.37.52.189 66.96.188.10

197.248.233.41 203.177.82.98 41.74.187.136 65.175.68.101 66.96.188.3

198.187.29.79 206.222.8.29 41.76.108.165 65.254.253.37 66.96.188.8

198.23.53.179 208.71.172.68 43.224.137.51 65.254.253.45 66.96.189.1

198.54.125.159 208.91.198.48 43.224.137.53 65.254.253.46 66.96.189.3

198.57.173.34 209.133.202.18 45.137.22.57 65.254.253.59 66.96.189.3

200.12.192.14 209.58.149.66 45.251.56.182 65.254.253.73 66.96.189.8

200.142.147.58 209.59.168.84 45.64.4.100 65.254.253.89 67.20.67.37

200.245.83.221 210.129.11.7 46.20.151.99 65.60.11.250 67.20.79.41

200.41.28.226 210.134.90.2 46.32.238.114 66.147.240.69 67.20.81.137

200.50.248.6 210.134.90.9 5.189.163.52 66.147.250.25 67.20.97.105

200.58.121.149 210.213.92.2 50.116.126.2 66.232.27.119 67.20.97.165

70.35.202.75 69.89.25.95 69.16.227.88 67.222.50.109 67.20.98.147

70.38.28.119 69.89.26.216 69.167.162.9 67.222.50.66 67.210.244.99

70.40.193.100 69.89.27.4 69.89.16.85 67.222.51.104 67.210.244.99

70.40.200.122 69.89.28.200 69.89.17.47 67.222.51.49 67.222.18.199

70.40.200.171 69.89.28.253 69.89.18.216 67.222.52.142 67.222.33.93

70.40.205.201 69.89.28.91 69.89.19.216 67.222.56.175 67.222.34.117

70.40.208.124 69.89.29.153 69.89.20.122 67.222.57.138 67.222.34.132

70.40.208.160 69.89.29.159 69.89.20.3 67.222.58.180 67.222.34.81

70.40.208.208 69.89.30.115 69.89.22.63 67.222.58.54 67.222.35.83

70.40.209.137 69.89.30.151 69.89.23.13 67.222.59.140 67.222.39.168


70.40.215.117 69.89.30.229 69.89.23.86 67.222.61.27 67.222.44.232

70.40.217.51 69.89.30.69 69.89.24.149 67.222.62.120 67.222.44.69

70.40.217.88 70.35.202.75 69.89.24.34 67.222.62.125 67.222.49.102

70.40.218.76 70.35.202.75 69.89.25.95 67.225.129.56 67.222.49.109

72.15.201.46 74.220.222.40 93.185.68.226 85.25.87.137 81.198.71.199

72.29.120.14 74.220.223.18 94.127.4.170 86.96.131.226 82.197.76.218

72.52.250.192 74.54.29.166 95.216.106.42 86.96.227.138 82.197.76.218

74.208.90.116 78.142.63.250 95.216.37.58 86.96.229.234 85.117.34.60

74.220.192.60 78.142.63.250 96.44.163.13 86.96.229.235 85.187.151.45

74.220.193.93 78.83.173.222 98.142.233.71 87.79.4.6 74.220.210.33

74.220.199.64 78.83.173.222 98.142.233.74 91.134.237.32 74.220.220.66

74.220.203.2 80.74.176.115 74.220.211.53 91.192.36.151 74.220.222.19

74.220.203.34 74.220.220.79 74.220.216.10 92.55.64.66 74.220.208.25

74.220.203.38 74.220.220.82 74.220.216.93 74.220.210.16 74.220.221.75

74.220.218.65


IoC Correo Electronico

[email protected] [email protected]


















































































































































































[email protected]


Recomendaciones

No abrir correos ni mensajes de dudosa procedencia. Desconfiar de los enlaces y archivos en los mensajes o correo. Mantener actualizadas sus plataformas (Office, Windows, Adobe Acrobat, Oracle Java y

otras). Ser escépticos frente ofertas, promociones o premios increíbles que se ofrecen por

internet. Prestar atención en los detalles de los mensajes o redes sociales. Evaluar el bloqueo preventivo de los indicadores de compromisos. Mantener actualizadas todas las plataformas de tecnologías y de detección de

amenazas. Revisar los controles de seguridad de los AntiSpam y SandBoxing. Realizar concientización permanente para los usuarios sobre este tipo de amenazas. Visualizar los sitios web que se ingresen sean los oficiales.

Documents

Alerta de Seguridad Cibernética2020/08/02 · 46 PK factura agosto.doc DL9751881407GG.doc QBD-080120 QMT-081720.doc 465939.doc DMU-080120 WFW-081820.doc QC2988851787CI.doc 50152150.doc