Mirrors/APT_CyberCriminal_Campagin_Collections
6
0
Fork 0
mirror of https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections synced 2024-06-27 09:20:05 +00:00
Code Issues Projects Releases Wiki Activity
625ff1ea13
APT_CyberCriminal_Campagin_.../2016/2016.05.22.Operation_Ke3chang_Resurfaces_With_New_TidePool_Malware/iocs.txt
CyberMonitor 7cd6ba7319 go
2017-02-11 15:00:00 +08:00

71 lines
3.8 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

TidePool IOCs
Phishing emails:
4d5e0eddcd014c63123f6a46af7e53b5ac25a7ff7de86f56277fe39bff32c7b5
1896d190ed5c5d04d74f8c2bfe70434f472b43441be824e81a31b7257b717e51
de5060b7e9aaaeb8d24153fe35b77c27c95dadda5a5e727d99f407c8703db649
Weaponized document attachments:
785e8a39eb66e872ff5abee48b7226e99bed2e12bc0f68fc430145a00fe523db
eea3f90db41f872da8ed542b37948656b1fb93b12a266e8de82c6c668e60e9fc
TidePool Dropper:
38f2c86041e0446730479cdb9c530298c0c4936722975c4e7446544fd6dcac9f
TidePool dlls:
67c4e8ab0f12fae7b4aeb66f7e59e286bd98d3a77e5a291e8d58b3cfbc1514ed
2252dcd1b6afacde3f94d9557811bb769c4f0af3cb7a48ffe068d31bb7c30e18
9d0a47bdf00f7bd332ddd4cf8d95dd11ebbb945dda3d72aac512512b48ad93ba
C2 domain:
goback.strangled[.]net
TidePool sample groupings
Group 1: 3/1/2012 3/22/2012
71b548e09fd51250356111f394e5fc64ac54d5a07d9bc57852315484c2046093 (BS2005)
39fdcdf019c0fca350ec5bd3de31b6649456993b3f9642f966d610e0190f9297 (BS2005)
bfa5d062bfc1739e1fcfacefd3a1f95b40104c91201efc618804b6eb9e30c018
4e38848fabd0cb99a8b161f7f4972c080ce5990016212330d7bfbe08ab49526a
d097a1d5f86b3a9585cca42a7785b0ff0d50cd1b61a56c811d854f5f02909a5d
25a3b374894cacd922e7ff870bb19c84a9abfd69405dded13c3a6ceb5abe4d27
Group 2: 6/1/2012 7/10/2012
12cc0fdc4f80942f0ba9039a22e701838332435883fa62d0cefd3992867a9e88(BS2005)
a4fae981b687fe230364508a3324cf6e6daa45ecddd6b7c7b532cdc980679076(BS2005)
c1a83a9600d69c91c19207a8ee16347202d50873b6dc4613ba4d6a6059610fa1
Group 3: 8/28/2012 11/19/2012
023e8f5922b7b0fcfe86f9196ae82a2abbc6f047c505733c4b0a732caf30e966(BS2005)
064051e462990b0a530b7bbd5e46b68904a264caee9d825e54245d8c854e7a8a(BS2005)
07aa6f24cec12b3780ebaba2ca756498e3110243ca82dca018b02bd099da36bb(BS2005)
cdb8a15ededa8b4dee4e9b04a00b10bf4b6504b9a05a25ecae0b0aca8df01ff9(BS2005)
f84a847c0086c92d7f90249be07bbf2602fe97488e2fef8d3e7285384c41b54e(BS2005)
89ccea68f76afa99d4b5d00d35b6d2f229c4af914fbb2763e37f5f87dcf2f7bf
be378ad63b61b03bdc6fd3ef3b81d3c2d189602a24a960118e074d7aff26c7bd
c5d274418532231a0a225fc1a659dd034f38fde051840f8ed39e0b960d84c056
Group 4: 4/18/2013 11/5/2013
233bd004ad778b7fd816b80380c9c9bd2dba5b694863704ef37643255797b41f(BS2005)
3795fd3e1fe4eb8a56d611d65797e3947acb209ddb2b65551bf067d8e1fa1945(BS2005)
6d744f8a79e0e937899dbc90b933226e814fa226695a7f0953e26a5b65838c89(BS2005)
b344b9362ac274ca3547810c178911881ccb44b81847071fa842ffc8edfcd6ec(BS2005)
e72c5703391d4b23fcd6e1d4b8fd18fe2a6d74d05638f1c27d70659fbf2dcc58 (BS2005)
690c4f474553a5da5b90fb43eab5db24f1f2086e6d6fd75105b54e616c490f3f
d64cd5b4caf36d00b255fdaccb542b33b3a7d12aef9939e35fdb1c5f06c2d69c
0ec913017c0adc255f451e8f38956cfc1877e1c3830e528b0eb38964e7dd00ff
Post Fireyes Ke3chang blog
Group 5: 5/2/2013 10/23/2013
012fe5fa86340a90055f7ab71e1e9989db8e7bb7594cd9c8c737c3a6231bc8cc
0f88602a11963818b73a52f00a4f670a0bf5111b49549aa13682b66dd9895155
2a454d9577d75ac76f5acf0082a6dca37be41f7c74e0a4dbd41d8a9a75120f5c
66d9001b6107e16cdb4275672e8dd21b3263481a56f461428909a7c265c67851
863ee162a18d429664443ce5c88a21fd629e22ad739191c7c6a9237f64cdd2f3
8b3ef6112f833d6d232864cf66b57a0f513e0663ee118f8d33d93ad8651af330
904e31e4ab030cba00b06216c81252f6ee189a2d044eca19d2c0dc41508512f3
Group 6: 03/09/2014
F3c39376aa93b6d17903f1f3d6a557eb91a977dae19b4358ef57e686cd52cc03
7c17ccdd8eba3791773de8bc05ab4854421bc3f2554c7ded00065c10698300fe
Group 7: 08/26/2014
eca724dd63cf7e98ff09094e05e4a79e9f8f2126af3a41ff5144929f8fede4b4
Group 8: 04/09/2014 04db80d8da9cd927e7ee8a44bfa3b4a5a126b15d431cbe64a508d4c2e407ec05
Group 9: 3/11/2015
6eb3528436c8005cfba21e88f498f7f9e3cf40540d774ab1819cddf352c5823d
Group 10: 08/04/2015
6bcf242371315a895298dbe1cdec73805b463c13f9ce8556138fa4fa0a3ad242
Group 11: 12/28/2015
2252dcd1b6afacde3f94d9557811bb769c4f0af3cb7a48ffe068d31bb7c30e18
38f2c86041e0446730479cdb9c530298c0c4936722975c4e7446544fd6dcac9f
67c4e8ab0f12fae7b4aeb66f7e59e286bd98d3a77e5a291e8d58b3cfbc1514ed
9d0a47bdf00f7bd332ddd4cf8d95dd11ebbb945dda3d72aac512512b48ad93ba
Reference in New Issue View Git Blame Copy Permalink