mirror of
https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections
synced 2024-06-16 12:00:04 +00:00
71 lines
2.0 KiB
Plaintext
Executable File
71 lines
2.0 KiB
Plaintext
Executable File
ESET detection names:
|
|
Win32/TeleBot trojan
|
|
VBS/Agent.BB trojan
|
|
VBS/Agent.BD trojan
|
|
VBS/Agent.BE trojan
|
|
Win32/PSW.Agent.ODE trojan
|
|
Win64/PSW.Agent.K trojan
|
|
Python/Filecoder.R trojan
|
|
Win32/Filecoder.AESNI.C trojan
|
|
Win32/Filecoder.NKH trojan
|
|
Win32/Diskcoder.C trojan
|
|
Win64/Riskware.Mimikatz application
|
|
Win32/RiskWare.Mimikatz application
|
|
|
|
C&C servers:
|
|
transfinance.com[.]ua (IP: 130.185.250.171)
|
|
bankstat.kiev[.]ua (IP: 82.221.128.27)
|
|
www.capital-investing.com[.]ua (IP: 82.221.131.52)
|
|
|
|
Legitimate servers abused by malware authors:
|
|
api.telegram.org (IP: 149.154.167.200, 149.154.167.197, 149.154.167.198, 149.154.167.199)
|
|
|
|
VBS backdoor:
|
|
1557E59985FAAB8EE3630641378D232541A8F6F9
|
|
31098779CE95235FED873FF32BB547FFF02AC2F5
|
|
CF7B558726527551CDD94D71F7F21E2757ECD109
|
|
|
|
Mimikatz:
|
|
91D955D6AC6264FBD4324DB2202F68D097DEB241
|
|
DCF47141069AECF6291746D4CDF10A6482F2EE2B
|
|
4CEA7E552C82FA986A8D99F9DF0EA04802C5AB5D
|
|
4134AE8F447659B465B294C131842009173A786B
|
|
698474A332580464D04162E6A75B89DE030AA768
|
|
00141A5F0B269CE182B7C4AC06C10DEA93C91664
|
|
271023936A084F52FEC50130755A41CD17D6B3B1
|
|
D7FB7927E19E483CD0F58A8AD4277686B2669831
|
|
56C03D8E43F50568741704AEE482704A4F5005AD
|
|
38E2855E11E353CEDF9A8A4F2F2747F1C5C07FCF
|
|
4EAAC7CFBAADE00BB526E6B52C43A45AA13FD82B
|
|
F4068E3528D7232CCC016975C89937B3C54AD0D1
|
|
|
|
Win32/TeleBot:
|
|
A4F2FF043693828A46321CCB11C5513F73444E34
|
|
5251EDD77D46511100FEF7EBAE10F633C1C5FC53
|
|
8D379585E0A9DB4C65450622CED26C108DC694AB
|
|
|
|
Win32/PSW.Agent.ODE (CredRaptor):
|
|
759DCDDDA26CF2CC61628611CF14CFABE4C27423
|
|
77C1C31AD4B9EBF5DB77CC8B9FE9782350294D70
|
|
EAEDC201D83328AF6A77AF3B1E7C4CAC65C05A88
|
|
EE275908790F63AFCD58E6963DC255A54FD7512A
|
|
EE9DC32621F52EDC857394E4F509C7D2559DA26B
|
|
FC68089D1A7DFB2EB4644576810068F7F451D5AA
|
|
|
|
Win32/Filecoder.NKH:
|
|
1C69F2F7DEE471B1369BF2036B94FDC8E4EDA03E
|
|
|
|
Python/Filecoder.R:
|
|
AF07AB5950D35424B1ECCC3DD0EEBC05AE7DDB5E
|
|
|
|
Win32/Filecoder.AESNI.C:
|
|
BDD2ECF290406B8A09EB01016C7658A283C407C3
|
|
9C694094BCBEB6E87CD8DD03B80B48AC1041ADC9
|
|
D2C8D76B1B97AE4CB57D0D8BE739586F82043DBD
|
|
|
|
Win32/Diskcoder.C:
|
|
34F917AABA5684FBE56D3C57D48EF2A1AA7CF06D
|
|
|
|
PHP shell:
|
|
D297281C2BF03CE2DE2359F0CE68F16317BF0A86
|