2017.03.06.from-shamoon-to-stonedrill

2024-06-16 03:50:04 +00:00 · 2017-03-07 14:38:07 +08:00 · 2017-03-07 14:38:07 +08:00 · 7bff58310b
commit 7bff58310b
parent 98179000a2
7 changed files with 54 additions and 0 deletions
--- a/2017/2017.02.28.dridexs-cold-war-enter-atombombing/AtomBombing_
+++ b/2017/2017.02.28.dridexs-cold-war-enter-atombombing/AtomBombing_
--- a/2017/2017.02.28.dridexs-cold-war-enter-atombombing/AtomBombing_
+++ b/2017/2017.02.28.dridexs-cold-war-enter-atombombing/AtomBombing_
--- a/2017/2017.03.06.from-shamoon-to-stonedrill/IOC.txt
+++ b/2017/2017.03.06.from-shamoon-to-stonedrill/IOC.txt
@ -0,0 +1,53 @@
+Indicators of Compromise
+
+Shamoon MD5s
+
+00c417425a73db5a315d23fac8cb353f
+271554cff73c3843b9282951f2ea7509
+2cd0a5f1e9bcce6807e57ec8477d222a
+33a63f09e0962313285c0f0fb654ae11
+38f3bed2635857dc385c5d569bbc88ac
+41f8cd9ac3fb6b1771177e5770537518
+5446f46d89124462ae7aca4fce420423
+548f6b23799f9265c01feefc6d86a5d3
+63443027d7b30ef0582778f1c11f36f3
+6a7bff614a1c2fd2901a5bd1d878be59
+6bebb161bc45080200a204f0a1d6fc08
+7772ce23c23f28596145656855fd02fc
+7946788b175e299415ad9059da03b1b2
+7edd88dd4511a7d5bcb91f2ff177d29d
+7f399a3362c4a33b5a58e94b8631a3d5
+8405aa3d86a22301ae62057d818b6b68
+8712cea8b5e3ce0073330fd425d34416
+8fbe990c2d493f58a2afa2b746e49c86
+940cee0d5985960b4ed265a859a7c169
+9d40d04d64f26a30da893b7a30da04eb
+aae531a922d9cca9ddca3d98be09f9df
+ac8636b6ad8f946e1d756cd4b1ed866d
+af053352fe1a02ba8010ec7524670ed9
+b4ddab362a20578dc6ca0bc8cc8ab986
+baa9862b027abd61b3e19941e40b1b2d
+c843046e54b755ec63ccb09d0a689674
+d30cfa003ebfcd4d7c659a73a8dce11e
+da3d900f8b090c705e8256e1193a18ec
+dc79867623b7929fd055d94456be8ba0
+ec010868e3e4c47239bf720738e058e3
+efab909e4d089b8f5a73e0b363f471c1
+
+StoneDrill MD5s
+
+ac3c25534c076623192b9381f926ba0d
+0ccc9ec82f1d44c243329014b82d3125
+8e67f4c98754a2373a49eaf53425d79a
+fb21f3cea1aa051ba2a45e75d46b98b8
+
+StoneDrill C2s
+
+www.eservic[.]com
+www.securityupdated[.]com
+www.actdire[.]com
+www.chromup[.]com
+www.chrome-up[.]date
+service1.chrome-up[.]date
+service.chrome-up[.]date
+webmaster.serveirc[.]com
--- a/2017/2017.03.06.from-shamoon-to-stonedrill/Report_Shamoon_StoneDrill_final.pdf
+++ b/2017/2017.03.06.from-shamoon-to-stonedrill/Report_Shamoon_StoneDrill_final.pdf
--- a/2017/2017.03.06.from-shamoon-to-stonedrill/Shamoon_samples.zip
+++ b/2017/2017.03.06.from-shamoon-to-stonedrill/Shamoon_samples.zip
--- a/2017/2017.03.06.from-shamoon-to-stonedrill/StoneDrill_samples.zip
+++ b/2017/2017.03.06.from-shamoon-to-stonedrill/StoneDrill_samples.zip
--- a/README.md
+++ b/README.md
@ -10,6 +10,7 @@ Please fire issue to me if any lost of APT/Malware events/campaigns.
 * [Attack Wiki](https://attack.mitre.org/wiki/Groups)

 ## 2017
+* Mar 06 - [From Shamoon to StoneDrill](https://securelist.com/blog/research/77725/from-shamoon-to-stonedrill/) | [Local](../../blob/master/2017/2017.03.06.from-shamoon-to-stonedrill)
 * Feb 28 - [Dridex’s Cold War: Enter AtomBombing](https://securityintelligence.com/dridexs-cold-war-enter-atombombing/) | [Local](../../blob/master/2017/2017.02.28.dridexs-cold-war-enter-atombombing)
 * Feb 27 - [The Gamaredon Group Toolset Evolution](http://researchcenter.paloaltonetworks.com/2017/02/unit-42-title-gamaredon-group-toolset-evolution/) | [Local](../../blob/master/2017/2017.02.27.gamaredon-group-toolset-evolution/)
 * Feb 23 - [Dissecting the APT28 Mac OS X Payload](https://download.bitdefender.com/resources/files/News/CaseStudies/study/143/Bitdefender-Whitepaper-APT-Mac-A4-en-EN-web.pdf) | [Local](../../blob/master/2017/2017.02.23.APT28_Mac_OS_X_Payload)