Mirrors/APT_CyberCriminal_Campagin_Collections
6
0
Fork 0
mirror of https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections synced 2024-07-05 09:32:16 +00:00
Code Issues Projects Releases Wiki Activity
2b6fffc41f
APT_CyberCriminal_Campagin_.../2020/2020.06.08.TA410/IOCs.txt
CyberMonitor fb8ec1c09a 2020.06.08.TA410
2020-06-09 12:23:36 +08:00

255 lines
3.4 KiB
Plaintext
Raw Blame History

Indicators of Compromise (IOCs)
IOC
IOC Type
Description
faa80e0692ba120e38924ccd46f6be3c25b8edf7cddaa8960fe9ea632dc4a045
SHA256
PE Attachment - our infrastructure offer ann‮cod.exe
b7960d1f40b727bbea18a0e5c62bafcb54c9ec73be3e69e787b7ddafd2aae364
SHA256
PE Attachment - powersafe courses ann‮cod.exe
26eb8a1f0bdde626601d039ea0f2c92a7921152371bafe5e811c6a1831f071ce
SHA256
FlowCloud MS Word Macro Attachment - personal invitation.doc
cd8f877c9a1c31179b633fd74bd5050e4d48eda29244230348c6f84878d0c33c
SHA256
Dropped Files - Cert.pem
e4ad5d3213425c58778d8a0244df4cd99c748f58852d8ac71b46326efd5b3220
SHA256
Dropped Files - pense1.txt
589229e2bd93100049909edf9825dce24ff963a0c465d969027db34e2eb878b4
SHA256
Dropped Files - Temptcm.tmp
1334c742f2aec7e8412d76ba228b99935a49dc96a1e8e1f3446d9f61247ae47e
SHA256
Dropped Files - EhStorAuthn.exe
de30929ef958211f9315e27a7aa45ef061726a76990ddc6b9d9f189b9fbdd45a
SHA256
Dropped Files - dlcore.dll
0b013ccd9e10d7589994629aed18ffe2388cbd745b5b28ab39c07835295a1ca9
SHA256
Dropped Files - rebare.dat
479954b9e7d5c5f7086a2a1ff1dba99de2eab2e1b1bc75ad8f3b211088eb4ee9
SHA256
Dropped Files - rescure.dat
d5191327a984fab990bfb0e811688e65e9aaa751c3d93fa92487e8a95cb2eea8
SHA256
Dropped Files - responsor.dat
0701cc7eb1af616294e90cbb35c99fa2b29d2aada9fcbdcdaf578b3fcf9b56c7
SHA256
Dropped Files - EhStorAuthn_shadow.exe
27f5df1d35744cf283702fce384ce8cfb2f240bae5d725335ca1b90d6128bd40
SHA256
Dropped Files - rescure64.dat
13e761f459c87c921dfb985cbc6489060eb86b4200c4dd99692d6936de8df5ba
SHA256
Dropped Files - rescure86.dat
2481fd08abac0bfefe8d8b1fa3beb70f8f9424a1601aa08e195c0c14e1547c27
SHA256
Dropped Files - hha.dll
188.131.233[.]27
IP
C&C IP
118.25.97[.]43
IP
Sender IP
34.80.27[.]200
IP
Sender IP
134.209.99[.]169
IP
Staging IP
101.99.74[.]234
IP
Staging IP
Asce[.]email
Domain
Phishing Domain
powersafetrainings[.]org
Domain
Phishing Domain
mails.daveengineer[.]com
Domain
Phishing Domain
powersafetraining[.]net
Domain
Related Infrastructure
mails.energysemi[.]com
Domain
Related Infrastructure
www.mails.energysemi[.]com
Domain
Related Infrastructure
www.powersafetraining[.]net
Domain
Related Infrastructure
www.powersafetrainings[.]org
Domain
Related Infrastructure
ffca.caibi379[.]com
Domain
Macro Domain
http://ffca.caibi379[.]com/rwjh/qtinfo.txt
URL
FlowCloud Macro Delivery URL Inactive
https://www.dropbox[.]com:443/s/ddgifm4ityqwx60/Cert.pem?dl=1
URL
FlowCloud Macro Delivery URL
HKEY_LOCAL_MACHINE\SYSTEM\Setup\PrintResponsor\2
Registry Key
FlowCloud Registry Key
HKEY_LOCAL_MACHINE\SYSTEM\Setup\PrintResponsor\3
Registry Key
FlowCloud Registry Key
HKEY_LOCAL_MACHINE\SYSTEM\Setup\PrintResponsor\4
Registry Key
FlowCloud Registry Key
HKEY_LOCAL_MACHINE\HARDWARE\{2DB80286-1784-48b5-A751-B6ED1F490303}
Registry Key
FlowCloud Registry Key
HKEY_LOCAL_MACHINE\HARDWARE\{804423C2-F490-4ac3-BFA5-13DEDE63A71A}
Registry Key
FlowCloud Registry Key
HKEY_LOCAL_MACHINE\HARDWARE\{A5124AF5-DF23-49bf-B0ED-A18ED3DEA027}
Registry Key
FlowCloud Registry Key
G:\FlowCloud\trunk\Dev\src\fcClient\Release\QQSetupEx_func.pdb
File Path
FlowCloud PDB Path
g:\FlowCloud\trunk\Dev\src\fcClient\Release\fcClientDll.pdb
File Path
FlowCloud PDB Path
F:\FlowCloud\trunk\Dev\src\fcClient\kmspy\Driver\Release\Driver.pdb
File Path
FlowCloud PDB Path
F:\FlowCloud\trunk\Dev\src\fcClient\kmspy\Driver\x64\Release\Driver.pdb
File Path
FlowCloud PDB Path
Reference in New Issue View Git Blame Copy Permalink