mirror of
https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections
synced 2024-07-01 03:11:38 +00:00
103 lines
3.0 KiB
Plaintext
103 lines
3.0 KiB
Plaintext
SHA1: a7d206791b1cdec616e9b18ae6fa1548ca96a321
|
|
First Seen: Nov. 24, 2015
|
|
Name:STEP Democracy Year 1 Acheivements_25112015.exe
|
|
Decoy Doc: STEP Democracy Year 1 Acheivements_25112015.docx
|
|
Campaign ID: om
|
|
C2s: jackhex.md5c.net:8080
|
|
jackhex.md5c.net:53
|
|
jackhex.md5c.net:53
|
|
Mutex: 20150120
|
|
Password: 18703983384
|
|
|
|
SHA1: 724166261e9c2e7718be22b347671944a1e7fded
|
|
First Seen: Nov. 23, 2015
|
|
Name:Year1achievementsv2.exe
|
|
Decoy Doc: Year1achievementsv2.docx
|
|
Campaign ID: om
|
|
C2s: jackhex.md5c.net:8080
|
|
jackhex.md5c.net:53
|
|
jackhex.md5c.net:53
|
|
Mutex: 20150120
|
|
Password: 15911117665
|
|
|
|
SHA1: 675a3247f4c0e1105a41c685f4c2fb606e5b1eac
|
|
First Seen: April 7, 2016
|
|
Name: Commission on Filipinos Overseas & Dubai %E2%80%AEcod.doc
|
|
Decoy Doc: Commission on Filipinos Overseas & Dubai.doc
|
|
Campaign ID: gmkill
|
|
C2s: webserver.servehttp.com:8080
|
|
webserver.servehttp.com:8080
|
|
webserver.servehttp.com:8081
|
|
Mutex: 20150120
|
|
Password: 13813819438
|
|
|
|
SHA1: 63e00dbf45961ad11bd1eb55dff9c2771c2916a6
|
|
First Seen: April 11, 2016
|
|
Name: 1.exe
|
|
Decoy Doc: Chairman's Report of the 19th ASEAN Regional Forum Heads of Defence Universities, Colleges, Instiutions Meeting, Nay Pay Taw, Myanmar.doc
|
|
Campaign ID: mm20160405
|
|
Domain Created: December 17, 2015
|
|
C2s: admin.nslookupdns.com:81
|
|
admin.nslookupdns.com:53
|
|
admin.nslookupdns.com:8080
|
|
Mutex: 20150120
|
|
Password: 52100521000
|
|
|
|
SHA1: 31756ccdbfe05d0a510d2dcf207fdef5287de285
|
|
First Seen: March 20, 2016
|
|
Name: Unknown
|
|
Decoy Doc: Robertus Subono-REGISTRATION_FORM_ASEAN_CMCoord2016.docx
|
|
Campaign ID: modth
|
|
Domain Created: December 17, 2015
|
|
C2s: admin.nslookupdns.com:80
|
|
admin.nslookupdns.com:53
|
|
admin.nslookupdns.com:8080
|
|
Mutex: 20150120
|
|
Password: 52100521000
|
|
|
|
SHA1: ec646c57f9ac5e56230a17aeca6523a4532ff472
|
|
First Seen: March 10, 2016
|
|
Name: 2016.02.29-03.04 -ASEM Weekly.docx.rar^2016.02.29-03.04 -ASEM Weekly.docx.exe
|
|
Decoy Doc: 2016.02.29-03.04 -ASEM Weekly.docx (Mongolian language)
|
|
Campaign ID: wj201603
|
|
Domain Created: January 14, 2016
|
|
C2s: web.microsoftdefence.com:8080
|
|
web.microsoftdefence.com:8080
|
|
web.microsoftdefence.com:80
|
|
Mutex: 20150120
|
|
Password: 80012345678
|
|
|
|
SHA1: f389e1c970b2ca28112a30a8cfef1f3973fa82ea
|
|
Name: Unknown
|
|
Decoy Doc: 1.docx (corrupted but recoverable, Korean language)
|
|
First Seen: April 9, 2016
|
|
CampaignID: kk31
|
|
C2s: webserver.servehttp.com:59148
|
|
webserver.servehttp.com:59418
|
|
webserver.servehttp.com:5000
|
|
Mutex: 20160301
|
|
Password: 13177776666
|
|
|
|
SHA1: 49e36de6d757ca44c43d5670d497bd8738c1d2a4
|
|
Name: Unknown
|
|
Decoy doc: 1.pdf, references project in Vietnam requesting an email to a Thailand email address
|
|
First Seen: March 10, 2016
|
|
C2s: webserver.servehttp.com:59148
|
|
webserver.servehttp.com:59418
|
|
webserver.servehttp.com:1024
|
|
Mutex: 20160219
|
|
Campaign ID: mt39
|
|
|
|
Discovered during investigation, but do not drop decoy docs, exhibited similar configuration padding
|
|
SHA1: ef2618d58bd50fa232a19f9bcf3983d1e2dff266
|
|
Name: 2.tmp
|
|
Decoy Doc: None
|
|
First Seen: June 3, 2015
|
|
Domain Created: May 29, 2015
|
|
C2s: news.tibetgroupworks.com:80
|
|
news.tibetgroupworks.com:80
|
|
news.tibetgroupworks.com:80
|
|
Campaign ID: 213
|
|
Mutex: 2015012
|
|
|