On February 12, ALPHV ransomware affiliate “Notchy” compromised Change Healthcare, a large payment management company connecting more than 1.6 million health professionals, 70,000 pharmacies and 8,000 healthcare facilities in the US healthcare system. It appears that the attackers create a new executable for each of their victims customizing it according to the AV and EDR solutions present.STONESTOP and POORTRY are heavily obfuscated.
Disclaimer: This article is part of X-Force OSINT Advisories automated collection to enable faster integration of open-source articles to client environments. All credit and copyright goes to the original authors.
Sample Indicators of Compromise:
9667288503bc26ed9e957050f7e87929f1a7931e8b21797180b68de22a430411d9a24f5c62928dd9f5900b4a9d8ce9e09b73509bc75537c223532ebf8c22e76d5d2f77971ffe4bab08904e58c8d0c5ba2eefefa414599ebac72092e833f86537cc16267ba6bb49149183b6de2980824b8b4d5d1456fed51b6c5fd9099a904b507539bd88d9bb42d280673b573fc0f5783f32db559c564b95ae33d720d9034f5a
