Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool
======================================================================================================
[Files]
[Filename]		[Hashes]					[Detection Name]
Setup.exe		79B38C4BE5AC888E38EC5F21AC3710F3D0936A72	Trojan.Win32.GLOBALSHADOW.A
GlobalProtect.exe	72CDD3856A3FFD530DB50E0F48E71F089858E44F	Backdoor.MSIL.GLOBALSHADOW.A
=====================================================================================================
[URLs and IP Addresses]
hxxp://94.131[.]108.78:7118/B/hi/  					(used to return the result to the C&C server)
hxxp://94.131[.]108.78:7118/B/desktop/ 	 				(used to upload machine information to the C&C server)
94.131.108.78
portal[.]sharjahconnect.online
tdyfbwxngpmixjiqtjjote3k9qwc31dsx.oast.fun 				(main domain for beaconing)
step1-{dsktoProcessId}.tdyfbwxngpmixjiqtjjote3k9qwc31dsx.oast.fun
step2-{dsktoProcessId}.tdyfbwxngpmixjiqtjjote3k9qwc31dsx.oast.fun
step3-{dsktoProcessId}.tdyfbwxngpmixjiqtjjote3k9qwc31dsx.oast.fun
step4-{dsktoProcessId}.tdyfbwxngpmixjiqtjjote3k9qwc31dsx.oast.fun
step5-{dsktoProcessId}.tdyfbwxngpmixjiqtjjote3k9qwc31dsx.oast.fun
step6-{dsktoProcessId}.tdyfbwxngpmixjiqtjjote3k9qwc31dsx.oast.fun