Attack Signals Possible Return of Genesis Market, Abuses Node.js, and EV Code Signing
==============================================================================================================================================
Indicators of Compromise
==============================================================================================================================================
Files														Detection name
==============================================================================================================================================													
microsoft_barcode_control_16.0_download.exe (cb99365bac3d168e295aa0764a1c67e1a7e582731880ad0522e9b6b3616275df) 	Trojan.Win32.COOKIEMONSTER.JCB
avenir next heavy font.exe (cb99365bac3d168e295aa0764a1c67e1a7e582731880ad0522e9b6b3616275df)  			Trojan.Win32.COOKIEMONSTER.JCB
SutiLauncher.exe (d9ca193b5da85a3841ec749b67168c906e21bbaac40f0a0bff40839efb3a74c1) 				Trojan.Win32.COOKIEMONSTER.A 
SutiLauncher.dll (305cb9ebdef618a626075f71fce3f4a64091e7a875a5ddff983aaeeea0f1fd41) 
svchost.Bat (3b0defb024e41af699b5dfc424a9ff276409f447edd24af024b34941f5ab62a9) 					Trojan.BAT.COOKIEMONSTER.A
svchost.dll (f30b39f5e722cb106f37d1738fff7ad20fa8e312d82e246d4a6e2175685b963b)  				Trojan.Win32.ZENPAK.GFDW
==============================================================================================================================================
URLs
==============================================================================================================================================
hxxps://ps1-local[.]com/obfs3ip2.bs64 - Malware Accomplice
hxxps://iplogger[.]com/RN2qg
complete-s.monster - Disease Vector
hxxp://230927151335115.mxb.ewk48[.]shop/f/fvgs30927001.msi (Node.js installer)- Disease Vector
hxxps://fast-difficult[.]monster/api7[.]php?name=microsoft_barcode_control_16.0_download
91[.]212[.]166[.]16:443
91[.]103[.]252[.]74:80