Tue, Nov 14, 2023
Filename | Sha256 | Comment |
---|---|---|
user.exe | b5acf14cdac40be590318dee95425d0746e85b1b7b1cbd14da66f21f2522bf4d | Malicious loader |
IP | Comment |
---|---|
81.19.138[.]52 | GRACEWIRE Loader C2 |
45.182.189[.]100 | GRACEWIRE Loader C2 |
179.60.150[.]34 | COBALTSTRIKE C2 |
45.155.37[.]105 | Meshagent remote admin tool C2 |
Path | Comment |
---|---|
C:\Program Files\SysAidServer\tomcat\webapps\usersfiles\user.exe | GRACEWIRE |
C:\Program Files\SysAidServer\tomcat\webapps\usersfiles.war | Archive of WebShells and tools used by the attacker |
C:\Program Files\SysAidServer\tomcat\webapps\leave | Used as a flag for the attacker scripts during execution |
Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.
Threat intelligence are fueled by frontline incident response intel and elite analysts to effectively hunt and respond to threats.
Kroll is the largest global IR provider with experienced responders who can handle the entire security incident lifecycle.
Stop cyberattacks. Kroll Responder managed detection and response is fueled by seasoned IR experts and frontline threat intelligence to deliver unrivaled response.
Kroll’s Malware Analysis and Reverse Engineering team draws from decades of private and public-sector experience, across all industries, to deliver actionable findings through in-depth technical analysis of benign and malicious code.
Our expertise allows us to identify and analyze the scope and intent of advanced persistent threats to launch a targeted and effective response.