mirror of
https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections
synced 2024-07-03 00:35:31 +00:00
98 lines
3.3 KiB
Plaintext
98 lines
3.3 KiB
Plaintext
|
IOCs
|
||
|
2014 CAMPAIGN: FATAL BEAUTY
|
||
|
DROPPER
|
||
|
SHA256: 413772d81e4532fec5119e9dce5e2bf90b7538be33066cf9a6ff796254a5225f
|
||
|
Filename: beauty.scr
|
||
|
DROPPED FILES
|
||
|
#1
|
||
|
SHA256: eb90e40fc4d91dec68e8509056c52e9c8ed4e392c4ac979518f8d87c31e2b435
|
||
|
Filename: C:\Windows\beauty.jpg
|
||
|
File type: JPEG image data, JFIF standard 1.02
|
||
|
|
||
|
#2
|
||
|
SHA256: 44150350727e2a42f66d50015e98de462d362af8a9ae33d1f5124f1703179ab9
|
||
|
Hilename: C:\Windows\svchost.exe
|
||
|
File type: PE32 executable (GUI) Intel 80386, for MS Windows
|
||
|
CC
|
||
|
phpschboy[.]prohosts[.]org
|
||
|
jams481[.]site[.]bz
|
||
|
2016 CAMPAIGN: HOW CAN NORTH KOREAN HYDROGEN BOMB WIPE OUT MANHATTAN
|
||
|
DROPPER
|
||
|
SHA256: 94113c9968db13e3412c1b9c1c882592481c559c0613dbccfed2fcfc80e77dc5
|
||
|
Filename: How can North Korean hydrogen bomb wipe out Manhattan.src
|
||
|
DROPPED
|
||
|
#1
|
||
|
SHA256: 56f159cde3a55ae6e9270d95791ef2f6859aa119ad516c9471010302e1fb5634
|
||
|
Filename: conhote.dll
|
||
|
|
||
|
#2
|
||
|
SHA256: 553a475f72819b295927e469c7bf9aef774783f3ae8c34c794f35702023317cc
|
||
|
Filename: winnit.exe
|
||
|
|
||
|
#3
|
||
|
SHA256: 92600679bb183c1897e7e1e6446082111491a42aa65a3a48bd0fceae0db7244f
|
||
|
Filename: Anti virus service.lnk
|
||
|
CC
|
||
|
dowhelsitjs[.]netau[.]net
|
||
|
|
||
|
2017 CAMPAIGN A:
|
||
|
DROPPER
|
||
|
SHA256: 69a9d7aa0cb964c091ca128735b6e60fa7ce028a2ba41d99023dd57c06600fe0
|
||
|
Filename: Pyongyang Directory Group email April 2017 RC_Office_Coordination_Associate.src
|
||
|
|
||
|
DROPPED
|
||
|
#1
|
||
|
SHA256: 3de491de3f39c599954bdbf08bba3bab9e4a1d2c64141b03a866c08ef867c9d1
|
||
|
Filename: adobe distillist.lnk
|
||
|
|
||
|
#2
|
||
|
SHA256: 39bc918f0080603ac80fe1ec2edfd3099a88dc04322106735bc08188838b2635
|
||
|
Filename: winload.exe
|
||
|
|
||
|
#3
|
||
|
SHA256: dd730cc8fcbb979eb366915397b8535ce3b6cfdb01be2235797d9783661fc84d
|
||
|
Filename: winload.dll
|
||
|
CC
|
||
|
Pactchfilepacks[.]net23[.]net
|
||
|
checkmail[.]phpnet[.]us
|
||
|
2017 CAMPAIGN B:
|
||
|
DROPPER
|
||
|
SHA256: 640477943ad77fb2a74752f4650707ea616c3c022359d7b2e264a63495abe45e
|
||
|
Filename: Inter Agency List and Phonebook - April 2017 RC_Office_Coordination_Associate.src
|
||
|
|
||
|
DROPPED
|
||
|
#1
|
||
|
SHA256: 4585584fe7e14838858b24c18a792b105d18f87d2711c060f09e62d89fc3085b
|
||
|
Filename: adobe distillist.lnk
|
||
|
|
||
|
#2
|
||
|
SHA256: 39bc918f0080603ac80fe1ec2edfd3099a88dc04322106735bc08188838b2635
|
||
|
Filename: winload.exe
|
||
|
|
||
|
#3
|
||
|
SHA256: dd730cc8fcbb979eb366915397b8535ce3b6cfdb01be2235797d9783661fc84d
|
||
|
Filename: winload.dll
|
||
|
CC
|
||
|
Pactchfilepacks[.]net23[.]net
|
||
|
checkmail[.]phpnet[.]us
|
||
|
|
||
|
RELATED SAMPLES
|
||
|
413772d81e4532fec5119e9dce5e2bf90b7538be33066cf9a6ff796254a5225f
|
||
|
44150350727e2a42f66d50015e98de462d362af8a9ae33d1f5124f1703179ab9
|
||
|
553a475f72819b295927e469c7bf9aef774783f3ae8c34c794f35702023317cc
|
||
|
56f159cde3a55ae6e9270d95791ef2f6859aa119ad516c9471010302e1fb5634
|
||
|
94113c9968db13e3412c1b9c1c882592481c559c0613dbccfed2fcfc80e77dc5
|
||
|
f091d210fd214c6f19f45d880cde77781b03c5dc86aa2d62417939e7dce047ff
|
||
|
0f327d67b601a87e575e726dc67a10c341720267de58f3bd2df3ce705055e757
|
||
|
234f9d50aadb605d920458cc30a16b90c0ae1443bc7ef3bf452566ce111cece8
|
||
|
39bc918f0080603ac80fe1ec2edfd3099a88dc04322106735bc08188838b2635
|
||
|
581e820637decf37bfd315c6eb71176976a0f2d59708f2836ff969873b86c7db
|
||
|
640477943ad77fb2a74752f4650707ea616c3c022359d7b2e264a63495abe45e
|
||
|
69a9d7aa0cb964c091ca128735b6e60fa7ce028a2ba41d99023dd57c06600fe0
|
||
|
97b1039612eb684eaec5d21f0ac0a2b06b933cc3c078deabea2706cb69045355
|
||
|
dae9d8f9f7f745385286775f6e99d3dcc55bbbe47268a3ea20deffe5c8fd0f0e
|
||
|
dd730cc8fcbb979eb366915397b8535ce3b6cfdb01be2235797d9783661fc84d
|
||
|
e6a9d9791f763123f9fe1f69e69069340e02248b9b16a88334b6a5a611944ef9
|
||
|
ead47df090a4de54220a8be27ec6737304c1c3fe9d0946451b2a60b8f11212d1
|
||
|
|