Mirrors
/
APT_CyberCriminal_Campagin_Collections
mirror of https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections
6
0
Fork 0
Code Issues Projects Releases Wiki Activity

2017.11.02.KeyBoys_are_back

This commit is contained in:
Ziv Chang 2017-11-03 15:07:06 +08:00
parent ba7ca6b990
commit 38f2fb0c97
5 changed files with 81 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
2017/2017.06.26.Threat_Group-4127/threat-group-4127-targets-google-accounts.pdf Normal file
View File

Binary file not shown.

75
2017/2017.11.02.KeyBoys_are_back/Appendix_A_IoC.txt Normal file
View File

@ -0,0 +1,75 @@
Indicators
Indicator Type
101.200.135.85 IP address
103.215.81.196 IP address
103.215.83.193 IP address
103.86.86.177 IP address
118.163.165.20 IP address
142.4.34.92 IP address
144.48.8.68 IP address
174.139.29.6 IP address
180.101.75.169 IP address
213.183.51.187 IP address
23.234.27.100 IP address
27.126.186.74 IP address
47.89.58.141 IP address
http://213.183.51[.]187/debug.dll URI
dumblamb.zzux.com Domain
foxsay.mefound.com Domain
greentree.yourtrap.com Domain
kawayi.zzux.com Domain
mianliu.party Domain
mianliu.video Domain
mir2dun.cn Domain
weblogic.ddns.mobi Domain
weblogic.xxuz.com Domain
weblogic1709.justdied.com Domain
weblogic1709.my03.com Domain
weblogic1709.zzux.com Domain
weblogic727.2waky.com Domain
weblogic727.dumb1.com Domain
www.yierzhi.com Domain
xiaomayun.online Domain
yunmian.loan Domain
yunmian.party Domain
yunmian.video Domain
yunnian.online Domain
yunnian.top Domain
657603405@qq.com Email address
sensr9.dat Filename
sensr3.dat Filename
netis9.tsp Filename
netis3.tsp Filename
52d11a0a5142f0b37aa2d288321ba099 Hash (MD5)
581ddf0208038a90f8bc2cdc75833425 Hash (MD5)
64b2ac701a0d67da134e13b2efc46900 Hash (MD5)
1dbbdd99cb8d7089ab31efb5dcf09706 Hash (MD5)
7aea7486e3a7a839f49ebc61f1680ba3 Hash (MD5)
a55b0c98ac3965067d0270a95e60e87e Hash (MD5)
7d39cef34bdc751e9cf9d46d2f0bef95 Hash (MD5)
5708e0320879de6f9ac928046b1e4f4e Hash (MD5)
a6903d93f9d6f328bcfe3e196fd8c78b Hash (MD5)
292843976600e8ad2130224d70356bfc Hash (MD5)
2e04cdf98aead9dd9a5210d7e601cca7 Hash (MD5)
cf6f333f99ee6342d6735ac2f6a37c1e Hash (MD5)
ac9b8c82651eafff9a3bbe7c69d69447 Hash (MD5)
29e44cfa7bcde079e9c7afb23ca8ef86 Hash (MD5)
d6ddecdb823de235dd650c0f7a2f3d8f Hash (MD5)
42c63de7dac16366dfea14fa9ddac3cd Hash (MD5)
f21e3b927d269b0622d94c55db9d2808758379aa413c10971fa745cd6e0503c0 Hash (SHA-256)
f15d2e9deaeb495fe8a62c05993b9f69bf07331910ed2483e1bab7d31d30231b Hash (SHA-256)
f3f55c3df39b85d934121355bed439b53501f996e9b39d4abed14c7fe8081d92 Hash (SHA-256)
750f4a9ae44438bf053ffb344b959000ea624d1964306e4b3806250f4de94bc8 Hash (SHA-256)
12dfb83a3866c93cd1c08652ed0a16a492777355985a973ef50973896795eb34 Hash (SHA-256)
5d0aef905c9f8f74bb82eba89c11ec5b27d35e560b5cacf81087fca0775a8bfa Hash (SHA-256)
b4535aa71da630992392c3c202d59274ce49a3fe4f1ac01d7434f1dceeda47e5 Hash (SHA-256)
34f740e5d845710ede1d942560f503e117600bcc7c5c17e03c09bfc66556196c Hash (SHA-256)
a6e9951583073ab2598680b17b8b99bab280d6dca86906243bafaf3febdf1565 Hash (SHA-256)
d5c27308f50a9c6d8ccd01269ca09a7a13e1615945b8047c4e55c610718e317e Hash (SHA-256)
b5782f67054df36c49d9394c12c8bbbca69bfd0f9ccdcf934bc402c6881eca66 Hash (SHA-256)
1d716cee0f318ee14d7c3b946a4626a1afe6bb47f69668065e00e099be362e22 Hash (SHA-256)
0f9a7efcd3a2b1441834dae7b43cd8d48b4fc1daeb2c081f908ac5a1369de753 Hash (SHA-256)
97fa07a035f7b9ad9cc5c7fd3a5df4b8692e748ca5c40067446632f9a3c25952 Hash (SHA-256)
fc84856814307a475300d2a44e8d15635dedd02dc09a088a47d1db03bc309925 Hash (SHA-256)
842cb2bed58459445cd4c6f22acf4b6f77f8b93c9ce202aa54539c1d2b0d45c1 Hash (SHA-256)

4
2017/2017.11.02.KeyBoys_are_back/Appendix_B.txt Normal file
View File

@ -0,0 +1,4 @@
Embedded SSL certificate
-----BEGIN CERTIFICATE-----
MIID0TCCArmgAwIBAgIJALFGobpzN5MdMA0GCSqGSIb3DQEBCwUAMH8xCzAJBgNV BAYTAkNOMQswCQYDVQQIDAJHRDELMAkGA1UEBwwCR1oxDDAKBgNVBAoMA1NTVDEP MA0GA1UECwwGSmVzc01BMRcwFQYDVQQDDA53d3cuamVzc21hLm9yZzEeMBwGCSqG SIb3DQEJARYPbGRjc2FhQDIxY24uY29tMB4XDTE2MDQwMTE1MDIwMFoXDTI0MDYx ODE1MDIwMFowfzELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAkdEMQswCQYDVQQHDAJH WjEMMAoGA1UECgwDU1NUMQ8wDQYDVQQLDAZKZXNzTUExFzAVBgNVBAMMDnd3dy5q ZXNzbWEub3JnMR4wHAYJKoZIhvcNAQkBFg9sZGNzYWFAMjFjbi5jb20wggEiMA0G CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDht6llexLtFkV8ijjdJGaHXXQysWOJ UM/YQFYP52nviurJSpMbWSXnuaDlfidk76B66Np5mlnN5BiHqbBj34GCVKz5VQtx 3kMY1y30YWyiHAEZiV3PLQc8/A9MnJM/q/mHaulmTuJi8A85TWadqUNXgiaIMkqz bKaauR1/GCxXuEVroqtyR99RCWhfakTz04KfIbt83QR0imWC6uhmvD/DXJ03XFzd XkK5aNp+ef1sBQgFKjeXV6EMuq+UgEDPXlCDUJAqsZt6W/ohrCAHWQYZ/RSvvaMJ O7aWROGAC/lh6ATOIbFlGVppw6zUGdIDkB5FVF1MC7CyDndncFrY+OJzAgMBAAGj UDBOMB0GA1UdDgQWBBT8fu6QFIfxlQvMWjl5pmfBjL6ciDAfBgNVHSMEGDAWgBT8 fu6QFIfxlQvMWjl5pmfBjL6ciDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUA A4IBAQDI+f6GMBJxRJNKrgbUYLD1U6LWEQJQ50g2NxGy0j+TL6oypoo/kyME3tOR EmXEDzytGcSaQ78xYcg97UQd8OhXYQr0qwZ/JLarmhCVK/bfbGTIn4Mk4ZgDqcOU 46jsJeEZwUSrrq7svKO5d7+wV0VGPO+Ww4yzRCPwm2puXFY1+KpTxYX31+wwMB8p 7GuJEDgV08qzLfcBAfSFFYiOHL3tJ+XNKFNRqigjeYrWuAMphOhpYfYnU0d0upe8 wWx9Unm8qSkc7hiS/vvs1v7Pv1sqMFRBoaKOTqZ7Wz/5AySGPQjeMV/atmArDEkx z58OEgTzg1J/Keztxwj7I2KnYHyH
-----END CERTIFICATE-----

BIN
2017/2017.11.02.KeyBoys_are_back/The KeyBoys are back in town.pdf Normal file
View File

Binary file not shown.

3
README.md
View File

@ -45,7 +45,8 @@ Please fire issue to me if any lost of APT/Malware events/campaigns.
* Jul 05 - [[Citizen Lab] Insider Information: An intrusion campaign targeting Chinese language news sites](https://citizenlab.org/2017/07/insider-information-an-intrusion-campaign-targeting-chinese-language-news-sites/) | [Local](../../blob/master/2017/2017.07.05.insider-information)
* Jun 30 - [[ESET] TeleBots are back: supply-chain attacks against Ukraine](https://www.welivesecurity.com/2017/06/30/telebots-back-supply-chain-attacks-against-ukraine/) | [Local](../../blob/master/2017/2017.06.30.telebots-back-supply-chain)
* Jun 30 - [[Kaspersky] From BlackEnergy to ExPetr](https://securelist.com/from-blackenergy-to-expetr/78937/) | [Local](../../blob/master/2017/2017.06.30.From_BlackEnergy_to_ExPetr)
* Jun 22 - [[Palo Alto Networks] The New and Improved macOS Backdoor from OceanLotus](https://researchcenter.paloaltonetworks.com/2017/06/unit42-new-improved-macos-backdoor-oceanlotus/) | [Local](../../blob/master/2017/2017.06.22.new-improved-macos-backdoor-oceanlotus)
* Jun 26 - [[Dell] Threat Group-4127 Targets Google Accounts]() | [Local](../../blob/master/2017/2017.06.26.Threat_Group-4127)
* Jun 22 - [[Palo Alto Networks] The New and Improved macOS Backdoor from OceanLotus](https://www.secureworks.com/research/threat-group-4127-targets-google-accounts) | [Local](../../blob/master/2017/2017.06.22.new-improved-macos-backdoor-oceanlotus)
* Jun 22 - [[Trend Micro] Following the Trail of BlackTechs Cyber Espionage Campaigns](http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blacktech-cyber-espionage-campaigns/) | [Local](../../blob/master/2017/2017.06.22.following-trail-blacktech-cyber-espionage-campaigns)
* Jun 19 - [[root9B] SHELLTEA + POSLURP MALWARE: memory resident point-of-sale malware attacks industry](https://www.root9b.com/sites/default/files/whitepapers/PoS%20Malware%20ShellTea%20PoSlurp_0.pdf) | [Local](../../blob/master/2017/2017.06.19.SHELLTEA_POSLURP_MALWARE)
* Jun 15 - [[Recorded Future] North Korea Is Not Crazy](https://www.recordedfuture.com/north-korea-cyber-activity/) | [Local](../../blob/master/2017/2017.06.15.north-korea-cyber-activity)