mirror of
https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections
synced 2024-06-29 18:31:36 +00:00
384 lines
10 KiB
Plaintext
384 lines
10 KiB
Plaintext
= Operation Spalax -- Indicators of Compromise
|
|
|
|
An analysis of Operation Spalax is available as a https://www.welivesecurity.com/2021/01/12/operation-spalax-targeted-malware-attacks-colombia/[blogpost on WeLiveSecurity].
|
|
|
|
== ESET detection names
|
|
|
|
- MSIL/Bladabindi.AS
|
|
- MSIL/Bladabindi.BA
|
|
- MSIL/Bladabindi.BC
|
|
- Win32/Rescoms.B
|
|
- MSIL/Agent.CFQ
|
|
|
|
== SHA-1 hashes
|
|
|
|
----
|
|
068841C9DCA03E6FEAC78DAA7950ADF6362DDBF4
|
|
0A4742BE00AF2B0E26987E5E3F37B9784BDEA826
|
|
12BF261E27956522B0990A7EA87CBFDF03CE9321
|
|
13A5C261C2B59FC416AC4B4AF004A858E272DF2F
|
|
157192200F356D0C972340AE98D5C4396D7BA51D
|
|
185664DF6E1547C8E695E6018A53124E522612A6
|
|
229BFED1D0F656125F883EC8D44D9EB85DDA1517
|
|
23292AA461768B3CF1D2A527BB9F760E5524CD5A
|
|
260E4B0352F452479D082453DD1E0D355C5C2797
|
|
28429B11C39A7FFA70A2839B9FF5C73210149F55
|
|
2E5E628F2CE5AEB2235B7FBB155B13BE2B432FFC
|
|
33C991AA0AFED58A4785E1F048C5D972EB4BB561
|
|
3751D00639C255EE53002CA1DCCABD185094BFB4
|
|
3A65745DEE2AFBFFE00569C83572723FD8C04E76
|
|
3C97CF4091233D2C2FC6A692208AE99EAF5EE9A6
|
|
3D4683F71759ED4C8C0E7D7199DC1718980DF883
|
|
3D4FA76A42B050BC188540C7F2759E7D10C9E14A
|
|
466D5DF1F085689D4DD305B4B4F7B88095C6F0DB
|
|
4682C947B330ECDC4724014E36414EE54968DCB4
|
|
4AAAC562CC6D32AE9A46AA05674EC7A9BD4D6912
|
|
55EEC354B5F1E58A8A59A7BE1CD287EC2C2CA02E
|
|
6358B2BF1DC6E8AFF646AD6AB919BE865FA19870
|
|
642EC136B72B76EBAC5D6312B6DFA6600220403B
|
|
6E81343018136B271D1F95DB536CA6B2FD1DFCD6
|
|
70EB055574E3AE5F1B17A3CF171FADB5A9D39E19
|
|
728FC6952F1D038BD1FDF01B44C4AF05E363A4BB
|
|
7E44A76B4690110E14FC939F88086F73293F9DD1
|
|
7EDB738018E0E91C257A6FC94BDBA50DAF899F90
|
|
80ABDBDC1E5BBA2D61D5D5C2C6F4DCEF91F217FB
|
|
812A407516F9712C80B70A14D6CDF282C88938C1
|
|
827EC99DF4E10E99E4095A8DDBB95398A90AE728
|
|
86A0376DE9B9EE12F86ED24091BC151EBAE7D147
|
|
86E28EB8CD37FD6602EAA55E594B2B6C930A66E7
|
|
89426C0A2AD155353FF8FEECEE1A4C463B2E7FAE
|
|
8D8DE9045ECCAE3A98EC2FA89DECA53B1E684C28
|
|
90C4FE7EB949C44607D29680B6B8A47BF294E02E
|
|
9333A67EF082C0005B82A9B1C9E002A167173197
|
|
9BDEB45C595EB98777BAF36AF66172AA716DE90F
|
|
9CFDB16851A0C9A5E698AC34CDC59D50DC8E8CF9
|
|
9F584F1AFDFF31C3EC994F7D1DB5847DEB6C0C80
|
|
A0083FCE727C42A3E5B359CE7677573175B7FEE1
|
|
A4FD08D1823E3192673D706FC7ED204C6D90862B
|
|
A69CB37AC5E7EF539422DD98132A57D8643B42BD
|
|
ABA11F423F8088617FF5D3A6AC3A08041EFE9131
|
|
AF0530B9F70E62AB47BB696AEF6F79AC28E6411D
|
|
AF2EBB666BDA08E1832C504C61942AA92DB10B03
|
|
B5385A01025431B88B4140538F6885904A496471
|
|
B5ED4D1CB148709E77D88B917FFDD858153C14CA
|
|
BC97F72E95E678D355ABD52A5D72C5CE17092F40
|
|
BF22C39210B216C2FCEA74C91672767488A8B0D0
|
|
C04F007881F757A7A2FFDC94F5763B61042173B7
|
|
C57F92CFF68BEFEEB9286EC6D85EF8FC9AE728C7
|
|
C96FF9E0DA18A66FF2907459B2200CF70A36A83E
|
|
D3A22FFBC3AB0384083CF158E2FCE9CC28605280
|
|
D993E3DA6DA34581BA6D3CA18D33356767CBECF7
|
|
DC0B25884C0379F1B3058B5DA1D6FF3DF735EF03
|
|
E40213B90338A5076559B0A4E505CB237A5BFFAB
|
|
E9290A9D4297AAF6BC05DD1CCD1A95B9C0819B82
|
|
EE5C737012942806DF0A834EBD3914BD8BB19702
|
|
F8740228FC561D4E0668DB75416DCD4BA16152EA
|
|
F9B1DB221BC531ABBF22124307F443460CE5EEC9
|
|
FD449438EB94B0DF64C7FF5580C239F11536390C
|
|
----
|
|
|
|
== IP addresses
|
|
|
|
----
|
|
179.14.171[.]7
|
|
179.14.173[.]93
|
|
181.131.216[.]115
|
|
181.131.228[.]204
|
|
181.131.231[.]245
|
|
181.131.237[.]247
|
|
181.137.112[.]215
|
|
181.137.113[.]205
|
|
181.137.118[.]201
|
|
181.137.119[.]97
|
|
181.137.123[.]124
|
|
181.137.124[.]132
|
|
181.140.198[.]107
|
|
181.140.212[.]168
|
|
181.140.213[.]212
|
|
181.140.213[.]213
|
|
181.142.172[.]125
|
|
181.142.179[.]66
|
|
181.142.184[.]22
|
|
181.49.90[.]193
|
|
181.52.100[.]157
|
|
181.52.102[.]87
|
|
181.52.103[.]140
|
|
181.52.104[.]2
|
|
181.52.107[.]55
|
|
181.52.108[.]50
|
|
181.52.110[.]207
|
|
181.52.113[.]142
|
|
181.52.113[.]157
|
|
181.52.113[.]230
|
|
181.52.113[.]57
|
|
181.52.113[.]83
|
|
181.52.252[.]110
|
|
181.58.132[.]31
|
|
181.58.133[.]54
|
|
181.58.152[.]42
|
|
181.58.154[.]33
|
|
181.58.155[.]117
|
|
181.59.9[.]81
|
|
181.61.169[.]163
|
|
181.61.170[.]142
|
|
186.145.214[.]167
|
|
186.145.214[.]199
|
|
186.145.214[.]25
|
|
186.146.240[.]244
|
|
186.147.55[.]135
|
|
186.147.55[.]19
|
|
186.81.119[.]4
|
|
186.82.241[.]203
|
|
186.82.242[.]6
|
|
186.85.86[.]143
|
|
186.85.86[.]196
|
|
186.85.86[.]226
|
|
186.85.86[.]26
|
|
186.85.87[.]246
|
|
186.85.87[.]48
|
|
190.159.206[.]164
|
|
191.88.217[.]14
|
|
200.116.77[.]118
|
|
128.90.108[.]132
|
|
128.90.108[.]177
|
|
128.90.112[.]34
|
|
128.90.112[.]142
|
|
128.90.115[.]100
|
|
128.90.115[.]244
|
|
----
|
|
|
|
== Domain names
|
|
|
|
----
|
|
amsdkjeduejfhdgerop.duckdns[.]org
|
|
asdeas.duckdns[.]org
|
|
aventura7538.duckdns[.]org
|
|
constructora823964823.duckdns[.]org
|
|
covied19.duckdns[.]org
|
|
cuarentarem.duckdns[.]org
|
|
desastre333.duckdns[.]org
|
|
doddyfire.linkpc[.]net
|
|
dominoduck2069.duckdns[.]org
|
|
dominoduck2070.duckdns[.]org
|
|
dominoduck2093.duckdns[.]org
|
|
dominoduck2094.duckdns[.]org
|
|
dominoduck2095.duckdns[.]org
|
|
dominoduck2096.duckdns[.]org
|
|
dominoduck2097.duckdns[.]org
|
|
dominoduck2098.duckdns[.]org
|
|
dominoduck2099.duckdns[.]org
|
|
dominoduck2100.duckdns[.]org
|
|
estacion373.duckdns[.]org
|
|
federa.duckdns[.]org
|
|
festivaldeamor.publicvm[.]com
|
|
hospisanjose.publicvm[.]com
|
|
inmosas.linkpc[.]net
|
|
julian.linkpc[.]net
|
|
login2020.duckdns[.]org
|
|
marianavilla3008m.duckdns[.]org
|
|
marianavilla3008n.duckdns[.]org
|
|
marzoorganigrama20202020.duckdns[.]org
|
|
mayo202020junio.duckdns[.]org
|
|
mayolomejor.duckdns[.]org
|
|
medicosta.linkpc[.]net
|
|
migracion.linkpc[.]net
|
|
nacionaliste61327.duckdns[.]org
|
|
nationalgeografics2020.duckdns[.]org
|
|
nicolas20190427.duckdns[.]org
|
|
npspwrap.duckdns[.]org
|
|
nuevoproxy.duckdns[.]org
|
|
nvidia.geforcegt[.]icu
|
|
patoquienfue.duckdns[.]org
|
|
pedrobedoya201904.duckdns[.]org
|
|
powerrangers.duckdns[.]org
|
|
proxyip.duckdns[.]org
|
|
proxyyyy.duckdns[.]org
|
|
pruebacientifica202020.duckdns[.]org
|
|
pruebanumerounoaa.duckdns[.]org
|
|
pruebaunorem.duckdns[.]org
|
|
rewt6.duckdns[.]org
|
|
ruthy.qdp6fj1uji[.]xyz
|
|
septiembresesientequevienediciembre.duckdns[.]org
|
|
shark.vfpi2hz38p[.]icu
|
|
shellbrdhwwindowsone.duckdns[.]org
|
|
subdomine2020octubrexxx.duckdns[.]org
|
|
tasagera.duckdns[.]org
|
|
tonystark2025.duckdns[.]org
|
|
trabajo2019.duckdns[.]org
|
|
treintarem.duckdns[.]org
|
|
treintaycincorem.duckdns[.]org
|
|
treintaycuatrorem.duckdns[.]org
|
|
treintaydosrem.duckdns[.]org
|
|
treintaynueverem.duckdns[.]org
|
|
treintayochorem.duckdns[.]org
|
|
treintaysieteremc.duckdns[.]org
|
|
treintayunorem.duckdns[.]org
|
|
tuluavalle3.duckdns[.]org
|
|
veinticuatroremc.duckdns[.]org
|
|
veintiochoremc.duckdns[.]org
|
|
veintiseisremcs.duckdns[.]org
|
|
veintisieteremc.duckdns[.]org
|
|
veintitressisisi.duckdns[.]org
|
|
veintiunoremco.duckdns[.]org
|
|
windonwcorpo.duckdns[.]org
|
|
windowspowershell.duckdns[.]org
|
|
administradorduck.duckdns[.]org
|
|
agosto20192019.duckdns[.]org
|
|
agrariobuenasuerte.duckdns[.]org
|
|
altamarjosexxx.publicvm[.]com
|
|
america9999000.duckdns[.]org
|
|
americadnsdu.duckdns[.]org
|
|
appleerveapple.duckdns[.]org
|
|
aquaserver.duckdns[.]org
|
|
asebly.duckdns[.]org
|
|
barcelonasevere.duckdns[.]org
|
|
barranquilla.duckdns[.]org
|
|
becerrilserver.duckdns[.]org
|
|
briserodeenero202020.duckdns[.]org
|
|
buenaventura.duckdns[.]org
|
|
callejas2013.publicvm[.]com
|
|
candyperreo.duckdns[.]org
|
|
carlosgamez.duckdns[.]org
|
|
carmelovalencia.duckdns[.]org
|
|
cartagena.duckdns[.]org
|
|
cartagenacity.duckdns[.]org
|
|
catorcednsremc.duckdns[.]org
|
|
caucasia.duckdns[.]org
|
|
cayenasserver.duckdns[.]org
|
|
contoda.duckdns[.]org
|
|
cristinahurtado.duckdns[.]org
|
|
cuartoservremc.duckdns[.]org
|
|
cucutadeportivo.duckdns[.]org
|
|
davidspain.duckdns[.]org
|
|
decimoremcdns.duckdns[.]org
|
|
dieciocohoroem.duckdns[.]org
|
|
diecisieteremc.duckdns[.]org
|
|
diesinueveremc.duckdns[.]org
|
|
dnsamericaquincejulio.duckdns[.]org
|
|
dominoduck2051.duckdns[.]org
|
|
dominoduck2052.duckdns[.]org
|
|
dominoduck2057.duckdns[.]org
|
|
dominoduck2059.duckdns[.]org
|
|
dominoduck2061.duckdns[.]org
|
|
dominoduck2063.duckdns[.]org
|
|
dominoduck2064.duckdns[.]org
|
|
dominoduck2066.duckdns[.]org
|
|
dominoduck2068.duckdns[.]org
|
|
dominoduck2071.duckdns[.]org
|
|
dominoduck2073.duckdns[.]org
|
|
dominoduck2074.duckdns[.]org
|
|
dominoduck2075.duckdns[.]org
|
|
dominoduck2076.duckdns[.]org
|
|
dominoduck2078.duckdns[.]org
|
|
dominoduck2080.duckdns[.]org
|
|
dominoduck2081.duckdns[.]org
|
|
dominoduck2082.duckdns[.]org
|
|
dominoduck2084.duckdns[.]org
|
|
dominoduck2085.duckdns[.]org
|
|
dominoduck2086.duckdns[.]org
|
|
dominoduck2087.duckdns[.]org
|
|
dominoduck2088.duckdns[.]org
|
|
dominoduck2089.duckdns[.]org
|
|
dominoduck2090.duckdns[.]org
|
|
dominoduck2091.duckdns[.]org
|
|
dominoduck2092.duckdns[.]org
|
|
domipxy8087.duckdns[.]org
|
|
duquepresi.linkpc[.]net
|
|
duquericopan.duckdns[.]org
|
|
econotas.duckdns[.]org
|
|
elagustin10.duckdns[.]org
|
|
elbrayan.duckdns[.]org
|
|
elchancle.duckdns[.]org
|
|
eljhonky.duckdns[.]org
|
|
ellider.duckdns[.]org
|
|
elpaisa.duckdns[.]org
|
|
elpatin.duckdns[.]org
|
|
elpropio.duckdns[.]org
|
|
elrompeculo.duckdns[.]org
|
|
elsalvaje.duckdns[.]org
|
|
exitoparatodo.duckdns[.]org
|
|
frankproxynue.duckdns[.]org
|
|
ibagueibague.duckdns[.]org
|
|
ivancalderon.duckdns[.]org
|
|
jblllegolahora.duckdns[.]org
|
|
juliowd.duckdns[.]org
|
|
junio2019ok.duckdns[.]org
|
|
jvlra.elagustin10.duckdns[.]org
|
|
kobebrayant202020.duckdns[.]org
|
|
lacuartaserver.duckdns[.]org
|
|
lacupula.duckdns[.]org
|
|
laesperanza.duckdns[.]org
|
|
laestoyhaciendoboja.duckdns[.]org
|
|
lapopaserver.duckdns[.]org
|
|
lastorresdnspato.duckdns[.]org
|
|
leorodriguez.duckdns[.]org
|
|
lorenzomorales.duckdns[.]org
|
|
loretico.duckdns[.]org
|
|
losfloresserver.duckdns[.]org
|
|
luissandoval.duckdns[.]org
|
|
malito.duckdns[.]org
|
|
maradonanjved.duckdns[.]org
|
|
medallo.duckdns[.]org
|
|
medellinmedell.duckdns[.]org
|
|
mgfe25r.duckdns[.]org
|
|
michaelot.duckdns[.]org
|
|
mundialseguro.duckdns[.]org
|
|
navidadserverazul.duckdns[.]org
|
|
neuvoprxych.duckdns[.]org
|
|
novalitoserdns.duckdns[.]org
|
|
noviembre201920192019.duckdns[.]org
|
|
nuevocarrera.duckdns[.]org
|
|
nuevoverde.duckdns[.]org
|
|
obrerosies.duckdns[.]org
|
|
octavoserrem.duckdns[.]org
|
|
octubre090988.duckdns[.]org
|
|
octubre20192019.duckdns[.]org
|
|
onceremcserv.duckdns[.]org
|
|
orgamarzo2020.duckdns[.]org
|
|
pachonjazul.duckdns[.]org
|
|
pedroleiba.duckdns[.]org
|
|
pelao4763.duckdns[.]org
|
|
polania.duckdns[.]org
|
|
poloniaverde.duckdns[.]org
|
|
ponymaltadns.duckdns[.]org
|
|
popayanserver.duckdns[.]org
|
|
proxypaul.duckdns[.]org
|
|
proyectoscincuenta.duckdns[.]org
|
|
prueba111.duckdns[.]org
|
|
prueba1672.duckdns[.]org
|
|
pruebadomainsvir.duckdns[.]org
|
|
pruebaremc.duckdns[.]org
|
|
quintoquinto.duckdns[.]org
|
|
quintoservrem.duckdns[.]org
|
|
raquel.duckdns[.]org
|
|
recuperacionvive.duckdns[.]org
|
|
remcquince.duckdns[.]org
|
|
riofrioservervjd.duckdns[.]org
|
|
rolandoochoa.duckdns[.]org
|
|
rosaguerrero.duckdns[.]org
|
|
rosariotijerasnj.duckdns[.]org
|
|
sandray.duckdns[.]org
|
|
secretariageneral.duckdns[.]org
|
|
septimoserv.duckdns[.]org
|
|
servdoceremco.duckdns[.]org
|
|
serverbambupato.duckdns[.]org
|
|
servipanxtr.duckdns[.]org
|
|
servtreceremc.duckdns[.]org
|
|
snajuandns.duckdns[.]org
|
|
soluciondeahora.duckdns[.]org
|
|
sportdns.duckdns[.]org
|
|
terceroremco.duckdns[.]org
|
|
tonystark2019.duckdns[.]org
|
|
tonystark2020.duckdns[.]org
|
|
tonystark2021.duckdns[.]org
|
|
trabajovalle2019.duckdns[.]org
|
|
tractor1.duckdns[.]org
|
|
treintallegamos.duckdns[.]org
|
|
treintaytresrem.duckdns[.]org
|
|
verdehithoy.duckdns[.]org
|
|
verdepruebauno.duckdns[.]org
|
|
vueloempresarial.duckdns[.]org
|
|
xtrtiy697.duckdns[.]org
|
|
yari73.duckdns[.]org
|
|
----
|