Threat Actor Groups, Including Black Basta, are Exploiting Recent ScreenConnect Vulnerabilities
[Indicators of Compromise]
==============================================================================================================================
[Hashes - SHA256]							[Description]		[Detection name]	
11d2dde6c51e977ed6e3f3d3e256c78062ae41fe780aefecfba1627e66daf771	Cobalt Strike		Backdoor.Win64.COBEACON.YXEBVZ
cc13b5721f2ee6081c1244dd367a9de958353c29e32ea8b66e3b20b293fabc55	Cobalt Strike		Backdoor.Win64.COBEACON.YXEBVZ
e3401d7699cc5067620e43bd24e8ccd437832c16f2fa7d5baaad8c170383cc92	Cobalt Strike 		Trojan.PS1.COBEACON.SMYXAK-A
fa131238c3c35efe99cde59dd409c0436fd642b6bf5d56f994f52ab3a62bae4e	Cobalt Strike		Backdoor.Win64.COBEACON.YXEBVZ
764c53ea8ab98e4720ec55876c1b656d38e5e225c3835ffba491f64fa6b24b00	Cobalt Strike		Backdoor.Win64.COBEACON.SMOSLJEWA.stg
3a659609850664cbc0683c8c7b92be816254eb9306e7fb12ad79d5a9af0fb623	Bl00dy ransomware	Ransom.Win32.BLOODY.YXEBVZ
8e51de4774d27ad31a83d5df060ba008148665ab9caf6bc889a5e3fba4d7e600	Bl00dy ransomware	Ransom.Win32.BLOODY.YXEBVZ
444338339260d884070de53554543785acc3c9772e92c5af1dff96e60e67c195	XWorm malware		Backdoor.Win32.XWORM.YXEBVZ
47d83461ee57031fd2814382fb526937a4cfa9a3eea7a47e4e7ee185c0602b27	XWorm malware		Backdoor.Win32.XWORM.YXEBVZ
f1c7045badec0b9771da4a0f067eac99587d235d1ede35190080cd051d923da		XWorm malware		Backdoor.Win32.XWORM.YXEBVZ

[URLs and IP Addresses]							[Description]
159[.]65[.]130[.]146							Cobalt Strike C&C server
wipresolutions[.]com							Cobal tStrike C&C server
*.dns.artstrailreviews[.]com						Cobalt Strike C&C server		
hxxp://23[.]26[.]137[.]225:8084/msappdata.msi				Bl00dy ransomware source	
hxxp://23[.]26[.]137[.]225:8091/chromeset.exe				Bl00dy ransomware source		
input-beats[.]gl[.]at[.]ply[.]gg					XWorm C&C	
scamkiller.duckdns[.]org						XWorm C&C