Malware Type: Backdoor Trojan — IOCs(Indicators of Compromise): vasumov.dat, vasumov.exe, avvenne.ini, destinata.ini, ora.exe.com, qual.ini, IP Address: 195.58.48.252, C2s: suqklp53.top, xxxp://moraub06.top/index.php, xxxp://cazars09.top/downfiles/lv.exe File Information and Hashes: Stage 1: Triage A user attempted to torrent Microsoft Word. Crowdstrike Falcon detected the activity from the setup file that they downloaded. Instead of installing Microsoft Word it runs the following command from cmd.exe: