Mirrors/APT_CyberCriminal_Campagin_Collections
6
0
Fork 0
mirror of https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections synced 2024-06-16 12:00:04 +00:00
Code Issues Projects Releases Wiki Activity
master
APT_CyberCriminal_Campagin_.../2017/2017.05.03.konni-malware-under-radar-for-years/IOCs.txt
cybermonitor 6ecca466ac 2022
2022-04-27 16:20:36 +08:00

98 lines
3.3 KiB
Plaintext
Executable File
Raw Permalink Blame History

IOCs
2014 CAMPAIGN: FATAL BEAUTY
DROPPER
SHA256: 413772d81e4532fec5119e9dce5e2bf90b7538be33066cf9a6ff796254a5225f
Filename: beauty.scr
DROPPED FILES
#1
SHA256: eb90e40fc4d91dec68e8509056c52e9c8ed4e392c4ac979518f8d87c31e2b435
Filename: C:\Windows\beauty.jpg
File type: JPEG image data, JFIF standard 1.02
#2
SHA256: 44150350727e2a42f66d50015e98de462d362af8a9ae33d1f5124f1703179ab9
Hilename: C:\Windows\svchost.exe
File type: PE32 executable (GUI) Intel 80386, for MS Windows
CC
phpschboy[.]prohosts[.]org
jams481[.]site[.]bz
2016 CAMPAIGN: HOW CAN NORTH KOREAN HYDROGEN BOMB WIPE OUT MANHATTAN
DROPPER
SHA256: 94113c9968db13e3412c1b9c1c882592481c559c0613dbccfed2fcfc80e77dc5
Filename: How can North Korean hydrogen bomb wipe out Manhattan.src
DROPPED
#1
SHA256: 56f159cde3a55ae6e9270d95791ef2f6859aa119ad516c9471010302e1fb5634
Filename: conhote.dll
#2
SHA256: 553a475f72819b295927e469c7bf9aef774783f3ae8c34c794f35702023317cc
Filename: winnit.exe
#3
SHA256: 92600679bb183c1897e7e1e6446082111491a42aa65a3a48bd0fceae0db7244f
Filename: Anti virus service.lnk
CC
dowhelsitjs[.]netau[.]net
2017 CAMPAIGN A:
DROPPER
SHA256: 69a9d7aa0cb964c091ca128735b6e60fa7ce028a2ba41d99023dd57c06600fe0
Filename: Pyongyang Directory Group email April 2017 RC_Office_Coordination_Associate.src
DROPPED
#1
SHA256: 3de491de3f39c599954bdbf08bba3bab9e4a1d2c64141b03a866c08ef867c9d1
Filename: adobe distillist.lnk
#2
SHA256: 39bc918f0080603ac80fe1ec2edfd3099a88dc04322106735bc08188838b2635
Filename: winload.exe
#3
SHA256: dd730cc8fcbb979eb366915397b8535ce3b6cfdb01be2235797d9783661fc84d
Filename: winload.dll
CC
Pactchfilepacks[.]net23[.]net
checkmail[.]phpnet[.]us
2017 CAMPAIGN B:
DROPPER
SHA256: 640477943ad77fb2a74752f4650707ea616c3c022359d7b2e264a63495abe45e
Filename: Inter Agency List and Phonebook - April 2017 RC_Office_Coordination_Associate.src
DROPPED
#1
SHA256: 4585584fe7e14838858b24c18a792b105d18f87d2711c060f09e62d89fc3085b
Filename: adobe distillist.lnk
#2
SHA256: 39bc918f0080603ac80fe1ec2edfd3099a88dc04322106735bc08188838b2635
Filename: winload.exe
#3
SHA256: dd730cc8fcbb979eb366915397b8535ce3b6cfdb01be2235797d9783661fc84d
Filename: winload.dll
CC
Pactchfilepacks[.]net23[.]net
checkmail[.]phpnet[.]us
RELATED SAMPLES
413772d81e4532fec5119e9dce5e2bf90b7538be33066cf9a6ff796254a5225f
44150350727e2a42f66d50015e98de462d362af8a9ae33d1f5124f1703179ab9
553a475f72819b295927e469c7bf9aef774783f3ae8c34c794f35702023317cc
56f159cde3a55ae6e9270d95791ef2f6859aa119ad516c9471010302e1fb5634
94113c9968db13e3412c1b9c1c882592481c559c0613dbccfed2fcfc80e77dc5
f091d210fd214c6f19f45d880cde77781b03c5dc86aa2d62417939e7dce047ff
0f327d67b601a87e575e726dc67a10c341720267de58f3bd2df3ce705055e757
234f9d50aadb605d920458cc30a16b90c0ae1443bc7ef3bf452566ce111cece8
39bc918f0080603ac80fe1ec2edfd3099a88dc04322106735bc08188838b2635
581e820637decf37bfd315c6eb71176976a0f2d59708f2836ff969873b86c7db
640477943ad77fb2a74752f4650707ea616c3c022359d7b2e264a63495abe45e
69a9d7aa0cb964c091ca128735b6e60fa7ce028a2ba41d99023dd57c06600fe0
97b1039612eb684eaec5d21f0ac0a2b06b933cc3c078deabea2706cb69045355
dae9d8f9f7f745385286775f6e99d3dcc55bbbe47268a3ea20deffe5c8fd0f0e
dd730cc8fcbb979eb366915397b8535ce3b6cfdb01be2235797d9783661fc84d
e6a9d9791f763123f9fe1f69e69069340e02248b9b16a88334b6a5a611944ef9
ead47df090a4de54220a8be27ec6737304c1c3fe9d0946451b2a60b8f11212d1
Reference in New Issue View Git Blame Copy Permalink