2CMV20-00099-01 CSIRT comparte IoC de múltiples campañas de phishing con malware
CSIRT comparte una serie de Indicadores de Compromiso (IoC) obtenidos del análisis realizado a múltiples campañas de phishing con archivos adjuntos que contienen malware
Resumen
El Equipo de Respuesta ante Incidentes de Seguridad Informática (CSIRT), comparte una serie de Indicadores de Compromiso (IoC) obtenidos del análisis realizado a múltiples campañas de phishing con archivos adjuntos que contienen malware, los que están circulando en el ciberespacio nacional y representan un riesgo para los sistemas informáticos, así como para los usuarios en general.
CSIRT recomienda a los administradores y usuarios bloquear los hash publicados en este informe, y mantener un permanente monitoreo sobre el resto de los Indicadores de Compromiso.
Observación
Solicitamos tener en consideración las señales de compromiso en su conjunto.
IoC hash
Hash SHA-256
| 6f32e5d2dfd9a87164f699ee8e3d392cdf80ce0536d9e83446c8b1a27b7cff04 |
| e9bf585558025eb9bdeea1ea837d1e67cd0fde0e13edd2a81f5302879b3060b6 |
| 7370b8da7b74345f6fb95685aada4845864eb3803c1aae1fad3948526bfa01f3 |
| 31f0b205c09b9d99e10c2626936588bd3b473116e313045031cfa6f9a8bf23c8 |
| d0132055304b041268020fd30816c556f84bdacf1d2a557efac9b7e9340ab421 |
| 2a670c20aea3ea3e3a5e9b2b1349ee44170adaa6b69f85ce7333e7797d725b61 |
| 303537b71bdaf8a3cb504c80ab093e3787d3cf857675c00d2971947c223f3c8a |
| 1e40be3f853beaeda07c390b5ed99a122826489ee7ae256dea2a36e1366f1d69 |
| e532efdce8a929c2d55ea0800a2458d74e80bf6cb28f13482b799b2562cd7e45 |
| 0ffcccb1c460d3df51af4cfb227d51a634850c77cdabae32e69c63e7e700c298 |
| 33050792ac86e7e40818bc2014d049cd5434579b86362d65c85a897385b1f5e7 |
| 12c8aa7d4ab57c71ae4ab215a7463abb2a9dc6d02c75eb4843b9dd71936c4f89 |
| 5b3665c1666104a59f232b7acd7c3c0767b6dfaa1d09f5b69cbe57771fdce184 |
| 57ed94d7e612ed9536d871112ab6f03018a4501b26d00a39678908310927fe74 |
| 71e4ec3e11f734f0ce73a46fcbe3079f4418154382d6389da01859b9ad74bd99 |
| 48292e33335076e57a2ca9414bf29a2ca545741520dc274875ce7259a7d46dac |
| 13c792d0c8f243ee5311b9faf4a29d1c0def68b6305e8633fcd71192c3d0a8d9 |
| 2e3e4d4620fde9c6be42e4305dfcf252c59ecc43ba88bde976d51b14b06aa433 |
| 8b4da4887873aaa6f06e76aab1af4e70cf6b2b9c0f49b291a47ee71785fed21f |
| 5a17f6b20b9ba74795655e5bc018ab80cecc85ec63f92f1ccd1bcf8e766964be |
| f139d60eda8537275895f24b7050901cf78560a72f35d6f4c463e79d9571e9b7 |
| 3b15710a3ff2b8f40af56ef3f69de2a7d1bc5f6213ed69d4c26e8362ac7e8a68 |
| e300249269ebc1d09a64798980c1a2c28253b6f51595e775e190b14b80214ff3 |
| 03f4f82414ce14e6953d59c3bf8f6290d09008e4e00eef88d4c5a9f7971287db |
| 4a9b30e50b8ff305b06d7a5487d9680a9e14140adea122698fd4b2e6396bdd09 |
| 38b035b1b37f64ed891730cfd77f781c442987e5bbe372cdf43473bffaa58195 |
| 3207073cb0a36893fd66ce7369e682435effd0a709e6af1dababb08e29185e2e |
| e0ba3e59dc27ee7783d5cbf288d39d0c0587f3f63f3a7806fd5d2cec5d2e9ed0 |
| 32e363a27211e8611e12839054d79162639aeab7df60f9040c45ed5748ec3777 |
| 27e44663219563e7600f8b9da77ab67915fe6f480b27cf6ef50da02c475ea10b |
| 8ac1680c0c5e8a7d29a679853b8f4bccac80d061e41b1fd2b5840998aba9911c |
| c130edaae88b1e0fd286f27921028a747da2ed741fcd5974dd30e15bb3457519 |
| 690a4efeaba7d8fb29ee6f9d39381c4f7ac5f540bd5e6ee68505e61e3969d07c |
| c2d2f7e23951c1a0d7fedce9657e927d097ed15bdf4c63bf2321bbcadc82025a |
| 979236f4d2d99e9272c6abef5b246723ac02e7bba9dc2aee883c4c907fe4b362 |
| fc1939fd2cacf6f7ac22fe924f8d116a91ae8d2e883fc741c8412a45e0643d01 |
| d9cfb4033370de561edf8d4c1eaf2e4045c764644dc930cb3e2e407bc559c51a |
| ebce7a7d34c786394873698f2a2805a214e815d340536eeb533c9eeebf17507b |
| d6fc8acb0c1a4b38f100335349e71cfca14003134259cd7798a9d50fe45735ee |
| 2d5db19f14ba5acd1290b35efceb0d2a5fb4b948cc627ccfd3fffa7e41136fb1 |
| ed95e2423b60e7aed421c0a27101fd4fe4da1410dd3ef2543c5cd37fa64d367d |
| 2da0ef0ca6c372248db1c0649512c63d840327ce42f58c710711ac7d7f5c32db |
| 97e5dffcb4c7076c608e19d5e560c5cfae224809ed7a9d6ef382edeb03d28849 |
| f411abc0842fb6ed73a4289b5d99b75b99983571b7cdabb113ec585bf64a09f6 |
| 91e9ec22d3f510e1b7ba947611f13faf6b0d80eac73e3672b1d5fffafed7b759 |
| 9f17846cc14d83122dfdf29194e7fba592b01f96202c26a7286fc163806c402b |
| 47a086f6882d289c4cdb4ea3d403bd89ef1004610427b8473346c4e4691f1101 |
| 98ac2fefbd42cbcc0b074eb0dc69ec8978bd6704df72875908a6e67bdbdcc6e7 |
| 61fa86d57f5bd8416845fdff78646dfb24b6c8e7da232d2e88d60190b629d366 |
| 887c886039d31f56238509e0eb03b2f2088435d3a3e722318eee6c2d1a294bc5 |
| f664e1fd3dddf3dcc2b9e771b06e320d918f008c86079724e94986dfff964047 |
| ad3a5964b5ee30bc6c4ec2df2b461d50098115a9d71b598817ea93b2a1004ae8 |
| f579a6044d9f764bd59abd53771cb8846744e24997e2d83e41a17a445578826d |
| a10c5877a5b5136ab7451d54fe6c5c4dc6bda8b938f6ebe89b412e8f4300711b |
| 407e900aeb12594e7eb97b115c3056c7806a6c58308a23d375a5bd2c0011dacc |
| c5e2d0b936f0a5bb18fb8399f3c5a16c7a38ccbf4784909f0cd8f557ff32f127 |
| 74c02791bd5b59926d6eff9113abfaf907a47501118cfd2bcadafe6bd5743395 |
| 3ec46abbbe0a436821be33ba6874de56d1be6fa545437f4098500832a872cd9e |
| a359976c23d4dcb59cf9aca1a6f13cae327350ed9412891ae9b5809449294129 |
| 97ad7480c18700b829905e122046cfa957ba98b9ef87e307f32a1e8c05b67341 |
| 0741cfd29e5f65b1aa4109ef4a59d28a73671f4ccd35cf80c3df2928ecf39a03 |
| 49871d524581292374e1d7bc032507e04f342fb6b1eef3a1d13be8c7cac32762 |
| 0b7eb20c08e2a9885d8b26ab8442407b129323e3c6d848361b1343f2428e1e91 |
| 528f1b4f95dd84158a1514661e0cebf5032ee7f790e6731c5031c1dd499023ba |
| 70d9f3accd5adcc4408324ba6829f44acdd7a14bd7a6ec1e403a581243e97c40 |
| ab69f7f0907173d593c3358900b82fad7f44258e0cda700862ef26718a0ba7c3 |
| 14e14dff94f0ecce9eae85db1e0d740e7ef3363e90a0459985101ca8799855ea |
| e5167e507922118a6e91f8f01e88764a848d490552bc6d7fccc4cc23ecb4d4fe |
| 5c3d3397104ffae586985bb885709bfd1cd240931e43316bad0aaf2bc7750513 |
| adaa0fe136908739b1ed8db9d58f52e9632ad712055d7202d851da3257cbf9c1 |
| fb97ec83ab4222c8aaeea5825aa18e11a4d759822e1392445ecb18a277c798c6 |
| e276bdf358df5e2a0e1bbc76097577ea20ff8ae70d7a8dbcf976a894f78a4116 |
| b3050bc882e0cf76614e603eaff0384fb03dc63eb7ae7092018e3e5886ae1338 |
| 420074927cecfdd14b592fd7b6bf73315531a7dbce23b024f4007c31f43b3717 |
| aaef2072aca77347cd48b244b92eaff43baf0badc32b8e2e8699c21d6a2be561 |
| 4846b137d8cc5dae6ed7e1b3477444bca0adc09c3c8c235c17116f513c44bf63 |
| dc7bbcc9be5194ef0cc6ec9de42efab4c6e0fa1c681207887e51fe4e19d970b1 |
| a807dfec2c89a22208ee036211c7b86598f693db7ebc6bafbc609b0fe7b0d8e8 |
| 6b49e4f9fa88dd99e2847840a9468f1686c4e069ea056c486cdd658f6df49125 |
| f664e1fd3dddf3dcc2b9e771b06e320d918f008c86079724e94986dfff964047 |
| 2e635c36fd2df11f722f382050313dc4a5a445f9edee97a2066ee2a0291bf860 |
| 5d349dc97b131734a22ef88c9825497239e6211786be5b294d6e7f9b7a41bc9d |
| 4b906d56dd10c8d471dca7a08528213a88203b7c6f04a960e2a5a76cc6222788 |
| eff6e22577b89ef7a134f2ec99e3b426a50448267649a406b433b958e137f7bf |
| 2312c67148186dade137a5236d8512810d9da94284c5279a8c5ee896de5798a1 |
| 30dfcef2007b235ad1365502bcd27b7396fb3ff1ba1a11b04fbde4e96b8f6a14 |
| eb463c59e334794f1c472830f4316523df2972cb4ad33dea56b8507ad61c2634 |
| 7c2a94eb0fb9c115b27de3d5648fc05e7c461dcbb77fbc836ec797341b805765 |
| 0c90744ef98c7fa2e8a729df263500eddf1fd53d0062adff5639869bfa562c5d |
| a082e2984928662ddb2d7ffc6b77324ecae038393f8a6d7ebe645146dc49693d |
| fa1e5c03f6e205320437c6b642e02dec1f76beb922c1cd0d54c2ef03df354259 |
| 023ac952180c4661877f070715678e2474e0049468ae96322ce9381c33e63537 |
| cc80da42d0a79006379f0ceb6cba541293f0343f2fe82159ea4c794acfecfe3b |
| 5396bb7b6bf5e612449e83f621aaa67367eb752c64a041963648e29104d4a7cf |
| 725e66047be2a54ea02b16d3531f3e755345b2de161135f6ddc0e8545dcd7f96 |
| 76869a30bbdf21b0d47076ff7d55a0c38a892a22b737f24a4872848f3da2ba5f |
| 92e6aabffd833c52e4d3fb3159f75651b059e456079692823f1f232027441e41 |
| b77a1fc0f078c8a86bd14ebfb3f0f4548ff34634e966d17977107f142199286b |
| 0431f5f8b30dd67313111db8d41fced020bee27102d3c19539f590db8eb5685a |
| dd97e4a36f8ed1047e5e47ce567614922ec5ba6f94e96875379d18b255716e72 |
| a58299529b036408c1c439cf231ae786542fe2ad77e7fb0d2d53171cc3e4dbec |
| 183de1c93b294381f628fd9141d692cdf8185b5b7ede070e90b14abe3b022d6e |
| e4821f23851252f25c611325d6a12516d725210c2b69c8d254cf459cce0dd8b4 |
| 9aabfc5e23df466658f418ccf4359b12d7b8d60b8b58e4d447f75a58d4e1933b |
| 4d358483596d4b60173088edfccc9c877992e8d85d8ddc880c23dc92e28d1800 |
| 34d963518ea410088384709aa8e4e8a7e7e6cfc0dc5d85b1a2eaef7087a10995 |
| 9059e4b37d8555ef1436009b974f93552a7a84e6543ab8decc77d8ae44f9e368 |
| 20b86bbc2b11116c630a0f80cfeebf9854979f7f3f1710ab6d9733f8674f183f |
| 5fda1081db969483e3a2239d39b5bc224e38004faccdd4ca9db790834558288b |
| a7ecbf2693a4aa62d76630eb2cad54adefc883ebe185c7931a7f858e5fd65b14 |
| bfc95db60438a34241e2d837d040e7e73f9fa44eb0fa9ab2906406562b3cd4d4 |
| b25d126a1c1bb22993ac8165ecd2492e6dcf983d5fa89b4faaf33c6fd8a5ae2e |
| de697471bb0e47014159bc130baaa9e085a9c7ba451202495647a8a4c83e48b2 |
| 21d08704155eedf8ac5d01ef9c3e69e78e1918b2599b9422a541d860ecdbaa50 |
| b88080f4f38523cff63b842f71dd95fa862955f28cb2c203696b0017e6dd739e |
| 1ff844f0e99fd7407c1a1e50f37b81384a77994afe372cffd701c6511c1151af |
| c863a9cea6f4fcc78a6c005c027a0a1a028a2c8e97c24bc3c86ba70665c7defb |
| 6046f56203076e4d3a828488334e5a1684b64f94dfe45dc7c8d2428ea34470c9 |
| d7278dd12e9b1509a3e041aef2b8a1e13e515317ee3e8e75ff8aaa4dd5c5a6d5 |
| dc169abeeb3d9a7c0e928261fca9198dfb2a21eee8badcd1bafd64e66a3e1684 |
| a88d09e31b3d69e78b88c96f053a9afbe29daa59fc50e5ba269f4a24b3a04d88 |
| 800f0a634d65b9cb421f9d1ee2127e63d1c46079f5ad8010508b05adae83de6f |
| c6e4a496af068244d31394ce56686ba6e889b0aa73d38cb4c7771ab140c14fab |
| b13d431a07f4f60bac10cfeae185552509c0efee7d9de7c369d5b63a4b9db4a2 |
IoC nombre de archivo
Nombres de Archivos con Malware
| $3372po.doc | ARCH 19 173-558307.doc |
| {:REGEX:}320207 10-2020.doc | Arch 1910 H_72018.doc |
| {:REGEX:}35 1910.doc | Arch_19_2020.doc |
| 00100019.zip | Arch-102020-BIS-63332.doc |
| 0536042_102020_W_113091.doc | Arch-19-102020-300882.doc |
| 095-17206574.doc | Archivo 234_86636423.doc |
| 12.doc | Archivo YVY_84767.doc |
| 1643082 102020 U-7277056.doc | Archivo_0-99557.doc |
| 20201010 specification Annex No2 dd 09-10-2020.zip | Archivo-1910-102020-43966710.doc |
| 24-2020.doc | ARCHIVOFile 102020.doc |
| 2591_27-53289087.doc | ARCHIVOFile_0_83745448.doc |
| 29 2020.doc | ARCHIVOFile-20-2020-019-38002387.doc |
| 29529692 102020.doc | ATTACHMENT578.doc |
| 310 19 55-8134.doc | BM74787453J_COVID-19_SARS-CoV-2.doc |
| 3625.doc | CH09335855E_COVID-19_SARS-CoV-2.doc |
| 38023749_1910_320-5794899.doc | COVID-19 report 10 19 2020.doc |
| 3855 102020.doc | CZ35715612S_COVID-19_SARS-CoV-2.doc |
| 53051_2020.doc | DAT-46-0055527.doc |
| 66914_102020_HSR-0429.doc | Datos_2020_57372899.doc |
| 67788967765499pdf.rar | Datos-19-102020.doc |
| 71_19_2020.doc | Datos-1910-2020-88_66920532.doc |
| 7774 19 67-58413621.doc | Documentacin 2020.doc |
| 7941_65_81403673.doc | Documento 102020 377908.doc |
| 86145727_20_2020.doc | Documento 19 102020.doc |
| 873-978-192729.doc | Documento-102020-115-34486.doc |
| 96 19 102020 52-8913.doc | Documento-102020-6-0758.doc |
| 969 19.doc | ETD-387295400-EABM1004AA01.zip |
| AA59856457E_COVID-19_SARS-CoV-2.doc | EU77585821A_COVID-19_SARS-CoV-2.doc |
| Adjunto 19 2020 91595.doc | faktra.doc |
| Adjunto 1910 8-5129.doc | file 1910 1250.doc |
| Adjunto 1910 GF_49108.doc | FO93469571I_COVID-19_SARS-CoV-2.doc |
| Adjunto 3_9755912.doc | Form - 19 Oct, 2020.doc |
| Adjunto_865_75346.doc | FT90198855J_COVID-19_SARS-CoV-2.doc |
| Adjunto_DHZ_12893248.doc | GA73832298A_COVID-19_SARS-CoV-2.doc |
| Adjunto-2020-ZJ-336706.doc | H9605-1910-2020.doc |
| AIR WAY BILL 101.14KG+4.16kg SYN2012-1 WITH FINAL WEIGHT.pdf.img | info 102020 MMK_09241.doc |
| AK59281041D_COVID-19_SARS-CoV-2.doc | INFO 102020.doc |
| MTT Requirment-61410A410A9G.doc | INFO 1910 37287952.doc |
| New Order ECANDES - October.xlsx | INFO 2020 G_1843797.doc |
| NN33760669F_COVID-19_SARS-CoV-2.doc | info_102020_K-30308.doc |
| NR3111869089YY.doc | INFO_1910_102020.doc |
| oktober-19-864921-2020.doc | info-102020-FXG_23340.doc |
| Order 4500121785.img | INFO-1-7542446.doc |
| P.O List.arj | info-1910-2020.doc |
| PAKUOTE_461678165 249.doc | info-40_8554.doc |
| Payment copy(2).doc | Informacin 102020.doc |
| PAYMENT FILE.rar | Informacion-20-F_89094871.doc |
| Payment-101920.gz | informe 20 10.doc |
| PI-292829.txt.gz | INVOICE & PACKING LIST 6200001169 &6200001166.pdf.img |
| PO 33722.doc | Invoice.xlsx |
| PO# 10162020Ex.doc | JM18629218D_COVID-19_SARS-CoV-2.doc |
| Proof_of _Payment.img | JU29906225J_COVID-19_SARS-CoV-2.doc |
| Purchase Order.xlsx | Mensaje 102020.doc |
| PW-5890222.rar | mensaje_2020_FB-435861.doc |
| QUOTATION_TEM PDF.GZ.iso | Mensaje-19-2020-313_3395.doc |
| Remittance Scan DOC-2029293#PI207-048.gz | mensaje-20-1_21671.doc |
| Remittance Scan DOC-2029293#PI207-048.pptx.gz | mensaje-2010-2020-250-9282.doc |
| REP740183 191020.doc | mensaje-R_5572.doc |
| RFQ.xlsx | MEYW.doc |
| RFQ-FOR ILAGAN ISABELA.doc | MKWF 152020.zip |
| SF77908714Q_COVID-19_SARS-CoV-2.doc | msg25390.pif |
| SG-F2020516573.xlsx | MT103 Adnoc.tar |
| SOA 19.10.2020.xlsx | MT103_YIU LIAN19102020.docx |
| Swift Advice.docx | WaybillDoc_4439769283.zip |
| UPS Detail.img | wire transfer MT103.zip |
| URGENT INQUIRY.r00 | YE04167698I_COVID-19_SARS-CoV-2.doc |
| Z071522 102020 UHG-58349774.doc | YU67003411R_COVID-19_SARS-CoV-2.doc |
IoC servidor smtp
Direcciones IP del servidor Smtp de donde fue enviado el correo
| 5.153.251.184 |
| 156.96.128.247 |
| 118.69.192.71 |
| 82.165.241.240 |
| 37.48.85.205 |
| 82.208.137.216 |
| 52.156.129.54 |
| 45.153.240.123 |
| 185.222.57.141 |
IoC Correo Electrónico
Correo electrónico de donde fue enviado
Recomendaciones
- No abrir correos ni mensajes de dudosa procedencia.
- Desconfiar de los enlaces y archivos en los mensajes o correo.
- Mantener actualizadas sus plataformas (Office, Windows, Adobe Acrobat, Oracle Java y otras).
- Ser escépticos frente ofertas, promociones o premios increíbles que se ofrecen por internet.
- Prestar atención en los detalles de los mensajes o redes sociales.
- Evaluar el bloqueo preventivo de los indicadores de compromisos.
- Mantener actualizadas todas las plataformas de tecnologías y de detección de amenazas.
- Revisar los controles de seguridad de los AntiSpam y SandBoxing.
- Realizar concientización permanente para los usuarios sobre este tipo de amenazas.
- Visualizar los sitios web que se ingresen sean los oficiales.
Informe
El informe oficial publicado por el CSIRT del Gobierno de Chile está disponible en el siguiente enlace: 2CMV20-00099-01