talos · Crawled Jul 5, 2026

Beyond IOCs: AI-enabled threat intelligence

15 IoCs 2 Malware
Read original article ↗

AI Summary

Cisco Talos highlights the increasing abuse of Windows Component Object Model (COM) by malware families such as Qakbot and WarmCookie for lateral movement, persistence, and evasion. COM's use of opaque GUIDs and indirect vtable calls complicates manual analysis and static detection, allowing attackers to blend malicious activities with legitimate system processes. Defenders are advised to enhance their ability to detect and interpret COM-related artifacts to uncover hidden stages of the infection chain.

AI-extracted · verify before operational use

Extracted Entities 2 found

Indicators of Compromise 15 extracted

Type Value Detail
SHA-256 9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507 Details →
MD5 2915b3f8b703eb744fc54c81f4a9c67f Details →
Filename VID001.exe Details →
SHA-256 9896a6fcb9bb5ac1ec5297b4a65be3f647589adf7c37b45f3f7466decd6a4a7f Details →
MD5 38de5b216c33833af710e88f7f64fc98 Details →
Filename SECOH-QAD.exe Details →
SHA-256 afc8a00883a4ea07df2dc1d4ed02f8a23b35c9456413b438a2d9ce3ae5076638 Details →
MD5 cc4d231df34e57f59eb970353c7d9de2 Details →
Filename AutoPico.exe Details →
SHA-256 e60ab99da105ee27ee09ea64ed8eb46d8edc92ee37f039dbc3e2bb9f587a33ba Details →
MD5 dbd8dbecaa80795c135137d69921fdba Details →
Filename u992574.dll Details →
SHA-256 853baab97b1f3b03c1ffa55797e87867f5fb7ce33457411f56afd270cb395453 Details →
MD5 41acb30b9d662d48b7b4fc0ac3d4b79f Details →
Filename SignInfoConsole.exe Details →

MITRE ATT&CK TTPs 2 techniques