mirror of
https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections
synced 2024-07-05 09:32:16 +00:00
158 lines
6.1 KiB
Plaintext
158 lines
6.1 KiB
Plaintext
Campaign 1
|
|
0a19ff6641710799f55f87dde8368f1f8dd65df733026c44895413d4d0551d3e
|
|
c89a6f34e268fc278a2a432906430de5b34f1bcc66abdbf42dfb7efd66dd1789
|
|
b2deb7ba90236e7560e763c0b51ccd3292c16001b19de6081f6887fd4bb6c54c
|
|
3710e346662d90d7a79d5a0f089d29497364bfdfef1fe92e97f9cb0ef9085e2b
|
|
658b49ce37c0de6f7964f037efd2fdf9ffa7464ebb672c9bc736aaca6f16a816
|
|
6ecfa92a50f8607d68a22d81f331a03afd5704e8050f919018d211d3bfe17545
|
|
b4475e10f17d3042d72c89c8bb41e0d26f89e241f9fb0a3f561e8b75c525f155
|
|
dbf077ee1a9898a48c5ff8be6c1c40f6ff8f962e197203328d6a38a37b339fcf
|
|
5a037073cee53b16e24884de250c481245733ca36d490d6ccf6bd89f5d5b9eff
|
|
a326d53ba25a45e83b756eab6e5b92e73ddb6abe2e4afe901b8b346848081b49
|
|
864cd1cbf2bbb78528c7a23f77d65ef10e1fc2076c8aa3156f4c75ff40f39d6c
|
|
547207a3eb537c6b72a22420354471af1e763d4b66eab57938959ad4a581da96
|
|
17e6956252795cb552fc36936f35b7d4213290a27547ea01fa4e2ddab4984863
|
|
832f2bf5f2a1a0f40eb89b0d0f793ebd87de09936b19ac723e0f45d56c297c98
|
|
a42c300498189da05c0df077eb7c9690f8f866984d54a3e77ff0e7133f9b8150
|
|
32c9e1b0df6672d578ff03e37de3a7ffd8e3dae1cef6bf72ba2907764780943f
|
|
181900a35994a230e556d7169b06424ab5002c11c932ed229cbf97bc89fa3801
|
|
6e5796897b714032f6078460ebab05707bfb622d8696079a90b73f17443f2891
|
|
818983bd0636b497f50c5d88dd6d445f97ab7ba5cb16bfb7e3507477627b43f4
|
|
f80cb4485215b0742f8eb52176feacc81f3480a05e80ab3f93296a8c3065f44c
|
|
4b85eeb935fb27ad2f2389f44a868a7f40c934944f226bf7336ba637297187bb
|
|
11baa12646aaf52cf6af9207afe9114c6bdffc16bbb3b7e20225182f766812a1
|
|
|
|
Campaign 2
|
|
62b925870b591e72d98fc370c7943c8afd97e99f264919907469876c2c1a6e22
|
|
3c5d30e50426186a45c6cee71e34b97fecace53bf5cfe092317d12cc73454de5
|
|
87efed1d252426d609deebe96c92cfe417b72aec54c39cb7c61d8aa80f8630ae
|
|
42fc44622a1e2e6569d0c41f7f6919aa4847bcc8042688fbdf15ea510563990a
|
|
9a31bd14db9289028a7d833d2ca28131bb2c2a505ad3a69064b97453f5f34ceb
|
|
70de9b2eef65e71737558999d8f5ee00ff6ed100d7ddbb5bbc2b5f16f1bb6cdf
|
|
9d7861c14680bd8eb5ec6641f1761df8a8bcdad9fc1fdc6028f17bf1dc9a384f
|
|
c0a74e429d67691c69c38044d241e7c860a76b8579ffacd7991ed32953cfcd0c
|
|
a2ba22c9e4ca97ac1f6c117bba4090f2cdb9cedcad30e68666bd67183ef102f3
|
|
74aaf71f2ec7afb5d61a3f25b3878a327ada4b8d29c62ca23a3d0cbbe134c4f1
|
|
ea51d9b9becc292d654db7773c3a60e5a92c9e51c03a812f9ccf4ecfd296ddbe
|
|
a773ca3d514b7232932f451539adc94d0933ce313328ed9f48ed5f1ebf4f555e
|
|
|
|
Campaign 3
|
|
92f829ebcda59a979889ff63082f8a8dde31a9e1fca950116edc2429c86e3af0
|
|
f491f0c961ccf721dd36ef74dc764b89f41ca2f9068e98e4509dfd1204335fd5
|
|
300c453f1a23149b1d1f2140c17107845b139fc8bcc78f7af607ec0dc1886545
|
|
a6aa4b2f9ac141ffb19aa1a846625a4a87b5726f2e51de0f4b04bc203fc6d8ed
|
|
4fcaeec9c065be5cdb5a5a13005f60f15181dc3b2fc0a6a95236872e7b79ea1a
|
|
dd9cb7e25cf587d1e8a6a857652b226fb760dcec1a2f1f8bd1f3478f64106069
|
|
c34059d7d84e86ecdd061db7f7e0d4c1374d7cbac3a0ef2014be1783eee0308b
|
|
bfc56135480dc62cc0cc59afbc6f789e8653c3572a27a0e8d88a9af87bc7766f
|
|
99fe53df1ff7aab3ec24e4a55c2fe3999fd1526c4ebd5d69ccb49ea21284b6ff
|
|
0515a25c628c836a3c9b1cf4662648c1ff06c5a73a70fee847bbeb2f000ef25b
|
|
a35ade39711fc3a32d976f1b765eeee466beaf3c5c638de1dcdf5cef0852b713
|
|
a170d60f042695e7cf4e101201fdb42c9098a61fad230aebed7ec6b2922cedcb
|
|
b5cb4efaae1a96a9845ec8990a7b351e127f68f1cb25bea030088e9abcb1d25b
|
|
8618e2aa6e4586700485b1438c3d41fc0e2c4f7e1461ab5728a6037cbce255c9
|
|
2743c38ed0f50f2dba370234514a36d31756c26820f5f3a95b3a8e34f7c9a137
|
|
112a0a7a764c073844f14c6ff284d59674062379579c0051d9e224b1f8404447
|
|
27b0d4870da49246f191fdf1d0b1b284b05461e132cde25693f82f4d2f39c800
|
|
125307a1cfeba113260663a1575481a33523354d55becbda07a3de6d6399fb2b
|
|
d9597a3a5b6c2a4f960cfaaabf69e81a3842ec7c34ad5e9a5270118e8d62481c
|
|
ed693eb9bf5fbd35c147640a4c0c688f3baa620e58dabaf0da351aa9c9825857
|
|
05e25668ecab07ba2dd341f257809f1f2c8cd7ce40c292dd68fe5d084e6e7d3c
|
|
f75c90fd0e80b7088645a9f383076bf450327b4f268ee76bba890b51fe4ce02d
|
|
85629f01dcfbf54dc16d5c02765939ce9adba9110019c6b0f9c19bc2fe5c1ffb
|
|
ca7e82c05049a081d052e12868c0af6531a3d5b94c2767ee760f437310e3e7d5
|
|
|
|
Campaign 4
|
|
08c8902ba83e2535caf9eb6b9b2cfadc6ef91a970c14ae2aa97d3f5ef67d7c87
|
|
6dd3e18ef332e6a6241095ee01f6d64b5251a9fcfcbaaf76dc63e9de9615248f
|
|
98ce5ad1a455614fc4bcfd1d789efc6cdfafb752d1642cd987dc36cd1ece62ba
|
|
945b3a4f18decc98121ac3cd8406a6a4bbc3af2882f90b873c452f9d7d05fb0b
|
|
36a374b7b0d7b6f230e092c74cb9744468dce9d16b8ec9506bc8931b5b268205
|
|
375693eb6ff08811764b9fb292e09c4232e380732bf18620ffe89f57feeb6b92
|
|
02883fde3408c86f4a261907335d8e95e7f33c9f7e95f298a67a3e7a1777b9a6
|
|
47a4e4f234051fc889d3180d7b26a93527d36baea05d70786976bdc5a3c3b26c
|
|
|
|
Campaign 5
|
|
86f65d097883c73d2cfcc7691182a90f373869c10366084274843423cb32f9cb
|
|
c867c20bd9fabc6855b15b607a18637040a68174d9b2c98ccebd7e4ed259979c
|
|
7d3196d1f645c8f1d7c941c261c0e4c3aa5cea2137c40cd59091f4c4ed8d4fed
|
|
058fa9c3d43e5bb10914ccc6015b522740cb512c2ef46f082f17627b9c40d4ab
|
|
0fca673bb346dcda20aa59e1de49dee4e3aace600d97c1f66bf4f20f74213451
|
|
9401a08c1293a7bf361dcef2ee9dbfb310e130474ae1e25af6c3868c6ab7acf3
|
|
611c6c9a1d0574fb5651facdf55e20421ead937a4205d2c3ee521b5c3f282df0
|
|
73d0ccd49d0742b3cf96f2c3010b52864d544688d5ac469d57fec7752c48e720
|
|
07aec105b470a12d9a8d1036f4f2c61a4419ba45a8b9fd19fb48a90369b8745a
|
|
e6f2d277d61fd27d2a6452619111c272047ff478247251c9ec5651f5f67e1519
|
|
fcb636e016115862b12385330bc2f39a778f79141f07d589dcae8506f0cd3216
|
|
6547d7da4ff2202628eb1e845af176daf0b0fdf4611629d1aa3901c004364ccf
|
|
75f0fe3334945f520f4496cf8e17afb5d0cad12cfb81e9bb441ef317177521ec
|
|
|
|
#Domains used as C&C for malware payloads delivered by RATicate
|
|
|
|
#Betabot
|
|
allenservice.ga
|
|
gelcursot.top
|
|
negrodesigns.ga
|
|
pitchstak.ga
|
|
stngpetty.ga
|
|
webxpo.ga
|
|
|
|
#Lokibot
|
|
gelcursot.top
|
|
pitchstak.ga
|
|
|
|
#Formbook
|
|
binzom.com/c208
|
|
cbespania.info/c206
|
|
conrak.net/c206
|
|
coxemen.com/c206
|
|
czxpkj.com/c206
|
|
dachfix.com/c206
|
|
ef-oh.com/c208
|
|
hearee.com/c208
|
|
hsctsu.com/sa
|
|
hypnose-beziers.com/c206
|
|
jevmod.com/c206
|
|
jinshasoft.com/c208
|
|
lighthouse-campus24.com/c206
|
|
miscov.com/p0x
|
|
odoyo.net/c208
|
|
oleum.gmbh/c206
|
|
phochain.com/sa
|
|
pizzans.com/c208
|
|
pupilfy.com/c206
|
|
ratokasutka.com/p0x
|
|
rdrfi.com/sa/
|
|
skylod.com/sa
|
|
slashoff.com/c208
|
|
sofisleep.com/c208
|
|
tellpizzqhut.com/c206
|
|
terenium.com/c206
|
|
vibe.restaurant/c206
|
|
yamatobb.com/c206
|
|
yncits89.com/p0x
|
|
bywebhost.com/c208
|
|
|
|
#Netwire
|
|
79.134.225.11:1199
|
|
79.134.225.97:2556
|
|
|
|
#Bladabindi
|
|
tucson1989.duckdns.org
|
|
pedrobedoya201904.duckdns.org
|
|
|
|
#Blackrat
|
|
79.134.225.97:1982
|
|
|
|
#Remcos
|
|
cashout2018.ddns.de
|
|
|
|
#AgentTesla
|
|
mail.newmedicacare.com
|
|
mail.jrdigitalstore.com
|
|
mail.koyo.com.my
|
|
mail.qoa.com.my
|
|
mail.sedirectory.com.my
|
|
mail.arkazo.com
|
|
mail.alhilaly-group.com
|