TeamCity Vulnerability Exploits Lead to Jasmin Ransomware, Other Malware Types
==============================================================================================================================================
Indicators of Compromise
==============================================================================================================================================	
[File hash]								[Description]				[Detection name]
56942b36d5990f66a81955a94511298fd27cb6092e467110a7995a0654f17b1a 	Jasmin Ransomware MSI			Ransom.MSIL.SMINAJ.THCOFBD
32a630decb8fcc8a7ed4811f4293b9d5a242ce7865ab10c19a16fc4aa384bf64	Jasmin Ransomware PE File		Ransom.MSIL.SMINAJ.THCOFBD
7cbe0c55b3ca5d12be640e519e4399469399b3eaada20705342fa681befe8c7b 	Coinminer MSI File			Trojan.Win64.MALXMR.YXECLZ
01db4578f5fb7b29800f7b07a31fda7ff812309f62f7148fca0e246279f6ca61 	Coinminer PE File			Trojan.Win64.MALXMR.YXECLZ
908b30abf730a5b51a3d25965eff45a639e881a97505220a38591fe326e00697 	SparkRAT malware			Backdoor.Win32.SPARKRAT.YXECLZ
1320e6dd39d9fdb901ae64713594b1153ee6244daa84c2336cf75a2a0b726b3c	Linux Cobalt Strike Beacon File		Backdoor.Linux.COBEACON.SMYXDKV

[URLs and IP addresses]	
hxxp://207[.]246[.]102[.]242:56641/ABC[.]msi				ITW URL of Jasmin Ransomware
83[.]97[.]20[.]141 							Cobeacon C&C server
38[.]54[.]94[.]13							SparkRAT ITW IP and C&C server
hxxp://146[.]70[.]149[.]185:58090/JavaAccessBridge-64.msi		ITW URL of Coinminer deployed from Vulnerable Teamcity servers