mirror of
https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections
synced 2024-07-03 00:35:31 +00:00
51 KiB
51 KiB
1 | <!DOCTYPE html> |
---|---|
2 | <head> |
3 | |
4 | |
5 | |
6 | |
7 | <title>malware-indicators/indicators.csv at master · citizenlab/malware-indicators · GitHub</title> |
8 | |
9 | |
10 | |
11 | |
12 | |
13 | |
14 | </head> |
15 | |
16 | |
17 | |
18 | |
19 | </a> |
20 | </button> |
21 | Features |
22 | Business |
23 | Explore |
24 | Marketplace |
25 | Pricing |
26 | </a> </nav> |
27 | </label> |
28 | </form></div> |
29 | </div> |
30 | </div> |
31 | </div> |
32 | </header> |
33 | </div> |
34 | </div> |
35 | |
36 | |
37 | <li> |
38 | Watch |
39 | </a> |
40 | 26 |
41 | </a> |
42 | </li> |
43 | <li> |
44 | Star |
45 | </a> |
46 | 41 |
47 | </a> |
48 | </li> |
49 | <li> |
50 | Fork |
51 | </a> |
52 | 13 |
53 | </a> |
54 | </li> |
55 | </ul> |
56 | </h1> |
57 | </div> |
58 | |
59 | itemscope |
60 | </a> </span> |
61 | </a> </span> |
62 | </a> </span> |
63 | Projects |
64 | </a> |
65 | Insights |
66 | </button> |
67 | Pulse |
68 | </a> |
69 | Graphs |
70 | </a> |
71 | </div> |
72 | </div> |
73 | </div> |
74 | </nav> |
75 | </div> |
76 | </div> |
77 | |
78 | <!-- blob contrib key: blob_contributors:v21:9128d0b7fd7bee77154e9e4daaec05f8 --> |
79 | |
80 | |
81 | <i>Branch:</i> |
82 | </button> |
83 | </div> |
84 | </div> |
85 | <ul> |
86 | </li> |
87 | </li> |
88 | </ul> |
89 | </div> |
90 | </div> |
91 | master |
92 | </span> |
93 | </a> |
94 | </div> |
95 | </div> |
96 | </div> |
97 | </div> |
98 | </div> |
99 | </div> |
100 | </div> |
101 | data-pjax |
102 | Find file |
103 | </a> |
104 | </div> |
105 | </div> |
106 | </div> |
107 | |
108 | 6891050 |
109 | </a> |
110 | </span> |
111 | <div> |
112 | </div> |
113 | <strong>1</strong> |
114 | contributor |
115 | </button> |
116 | |
117 | </div> |
118 | </li> |
119 | </ul> |
120 | </div> |
121 | </div> |
122 | </div> |
123 | </a> |
124 | </button> |
125 | </button> |
126 | </div> |
127 | 49 lines (48 sloc) |
128 | 5.31 KB |
129 | </div> |
130 | </div> |
131 | |
132 | </div> |
133 | <thead> |
134 | <th>uuid</th> |
135 | <th>event_id</th> |
136 | <th>category</th> |
137 | <th>type</th> |
138 | <th>value</th> |
139 | <th>comment</th> |
140 | <th>to_ids</th> |
141 | <th>date</th> |
142 | </tr> |
143 | </thead> |
144 | <tbody> |
145 | <td>595baf52-2a08-4576-9f76-06e38e96ca05</td> |
146 | <td>108</td> |
147 | <td>Payload delivery</td> |
148 | <td>email-src</td> |
149 | <td>aisia.anminda8@mail.com</td> |
150 | <td></td> |
151 | <td>0</td> |
152 | <td>20170704</td> |
153 | </tr> |
154 | <td>595baf52-7340-4840-bda0-06e38e96ca05</td> |
155 | <td>108</td> |
156 | <td>Payload delivery</td> |
157 | <td>email-src</td> |
158 | <td>hellomice@mail.com</td> |
159 | <td></td> |
160 | <td>0</td> |
161 | <td>20170704</td> |
162 | </tr> |
163 | <td>595baf7a-6598-4ecc-ba74-06e28e96ca05</td> |
164 | <td>108</td> |
165 | <td>Payload delivery</td> |
166 | <td>url</td> |
167 | <td>http://43.240.14.37/asdasdasadqddd12222111.php/article.asp</td> |
168 | <td></td> |
169 | <td>1</td> |
170 | <td>20170704</td> |
171 | </tr> |
172 | <td>595bafa7-2d34-43d7-87a1-06e38e96ca05</td> |
173 | <td>108</td> |
174 | <td>Payload delivery</td> |
175 | <td>url</td> |
176 | <td>http://chinadagitaltimes.net/2016/07/chinese-hackers-blamed-multiple-breaches-fdic</td> |
177 | <td></td> |
178 | <td>1</td> |
179 | <td>20170704</td> |
180 | </tr> |
181 | <td>595bafe1-e518-4bfb-9701-06e28e96ca05</td> |
182 | <td>108</td> |
183 | <td>Payload delivery</td> |
184 | <td>ip-src</td> |
185 | <td>43.240.14.37</td> |
186 | <td>hosted phishing page</td> |
187 | <td>1</td> |
188 | <td>20170704</td> |
189 | </tr> |
190 | <td>595bb024-550c-4f0e-89b0-06e38e96ca05</td> |
191 | <td>108</td> |
192 | <td>Attribution</td> |
193 | <td>whois-registrant-email</td> |
194 | <td>aobama_5@yahoo.com</td> |
195 | <td></td> |
196 | <td>0</td> |
197 | <td>20170704</td> |
198 | </tr> |
199 | <td>595bb071-226c-4930-9b42-06e28e96ca05</td> |
200 | <td>108</td> |
201 | <td>Payload delivery</td> |
202 | <td>domain</td> |
203 | <td>secuerserver.com</td> |
204 | <td></td> |
205 | <td>1</td> |
206 | <td>20170704</td> |
207 | </tr> |
208 | <td>595bb071-3318-40b2-945f-06e28e96ca05</td> |
209 | <td>108</td> |
210 | <td>Payload delivery</td> |
211 | <td>domain</td> |
212 | <td>bowenpress.net</td> |
213 | <td></td> |
214 | <td>1</td> |
215 | <td>20170704</td> |
216 | </tr> |
217 | <td>595bb071-3d20-4589-9055-06e28e96ca05</td> |
218 | <td>108</td> |
219 | <td>Payload delivery</td> |
220 | <td>domain</td> |
221 | <td>bowenpress.org</td> |
222 | <td></td> |
223 | <td>1</td> |
224 | <td>20170704</td> |
225 | </tr> |
226 | <td>595bb071-b9e0-4f44-a56e-06e28e96ca05</td> |
227 | <td>108</td> |
228 | <td>Payload delivery</td> |
229 | <td>domain</td> |
230 | <td>datalink.one</td> |
231 | <td></td> |
232 | <td>1</td> |
233 | <td>20170704</td> |
234 | </tr> |
235 | <td>595bb071-c44c-45ce-b8b4-06e28e96ca05</td> |
236 | <td>108</td> |
237 | <td>Payload delivery</td> |
238 | <td>domain</td> |
239 | <td>bowenpross.com</td> |
240 | <td></td> |
241 | <td>1</td> |
242 | <td>20170704</td> |
243 | </tr> |
244 | <td>595bb071-d1e8-4cde-9c68-06e28e96ca05</td> |
245 | <td>108</td> |
246 | <td>Payload delivery</td> |
247 | <td>domain</td> |
248 | <td>bowenpres.com</td> |
249 | <td></td> |
250 | <td>1</td> |
251 | <td>20170704</td> |
252 | </tr> |
253 | <td>595bb071-dcec-4872-ad35-06e28e96ca05</td> |
254 | <td>108</td> |
255 | <td>Payload delivery</td> |
256 | <td>domain</td> |
257 | <td>epochatimes.com</td> |
258 | <td></td> |
259 | <td>1</td> |
260 | <td>20170704</td> |
261 | </tr> |
262 | <td>595bb0af-3930-4285-9fdd-06e38e96ca05</td> |
263 | <td>108</td> |
264 | <td>Payload delivery</td> |
265 | <td>domain</td> |
266 | <td>smtpout.secuerserver.com</td> |
267 | <td></td> |
268 | <td>1</td> |
269 | <td>20170704</td> |
270 | </tr> |
271 | <td>595bb0af-4794-4d7f-ba4c-06e38e96ca05</td> |
272 | <td>108</td> |
273 | <td>Payload delivery</td> |
274 | <td>domain</td> |
275 | <td>www.vnews.hk</td> |
276 | <td></td> |
277 | <td>1</td> |
278 | <td>20170704</td> |
279 | </tr> |
280 | <td>595bb0af-5a40-459c-a05d-06e38e96ca05</td> |
281 | <td>108</td> |
282 | <td>Payload delivery</td> |
283 | <td>domain</td> |
284 | <td>get.adobe.com.bowenpress.org</td> |
285 | <td></td> |
286 | <td>1</td> |
287 | <td>20170704</td> |
288 | </tr> |
289 | <td>595bb0af-9bd4-4f6e-b2fa-06e38e96ca05</td> |
290 | <td>108</td> |
291 | <td>Payload delivery</td> |
292 | <td>domain</td> |
293 | <td>hk.secuerserver.com</td> |
294 | <td></td> |
295 | <td>1</td> |
296 | <td>20170704</td> |
297 | </tr> |
298 | <td>595bb0af-9c98-4021-9af7-06e38e96ca05</td> |
299 | <td>108</td> |
300 | <td>Payload delivery</td> |
301 | <td>domain</td> |
302 | <td>www.mail.secuerserver.com</td> |
303 | <td></td> |
304 | <td>1</td> |
305 | <td>20170704</td> |
306 | </tr> |
307 | <td>595bb0af-a424-469a-9a7f-06e38e96ca05</td> |
308 | <td>108</td> |
309 | <td>Payload delivery</td> |
310 | <td>domain</td> |
311 | <td>www.secuerserver.com</td> |
312 | <td></td> |
313 | <td>1</td> |
314 | <td>20170704</td> |
315 | </tr> |
316 | <td>595bb0af-c4b8-4124-a2b5-06e38e96ca05</td> |
317 | <td>108</td> |
318 | <td>Payload delivery</td> |
319 | <td>domain</td> |
320 | <td>pop.secuerserver.com</td> |
321 | <td></td> |
322 | <td>1</td> |
323 | <td>20170704</td> |
324 | </tr> |
325 | <td>595bb0af-e108-4480-aa27-06e38e96ca05</td> |
326 | <td>108</td> |
327 | <td>Payload delivery</td> |
328 | <td>domain</td> |
329 | <td>www.bowenpress.org</td> |
330 | <td></td> |
331 | <td>1</td> |
332 | <td>20170704</td> |
333 | </tr> |
334 | <td>595bb0cc-f258-491f-afcd-06e28e96ca05</td> |
335 | <td>108</td> |
336 | <td>Payload delivery</td> |
337 | <td>url</td> |
338 | <td>http://get.adobe.com.bowenpress.org/Adobe/update/20161201/AdobeUpdate.html</td> |
339 | <td></td> |
340 | <td>1</td> |
341 | <td>20170704</td> |
342 | </tr> |
343 | <td>595bb15f-4a08-4a4a-9ff5-06e38e96ca05</td> |
344 | <td>108</td> |
345 | <td>Payload delivery</td> |
346 | <td>url</td> |
347 | <td>http://get.adobe.com.bowenpress.org/Adobe/update/20161201/AdobeUpdate20161201.exe</td> |
348 | <td></td> |
349 | <td>1</td> |
350 | <td>20170704</td> |
351 | </tr> |
352 | <td>595bb15f-8488-4a3b-abea-06e38e96ca05</td> |
353 | <td>108</td> |
354 | <td>Payload delivery</td> |
355 | <td>url</td> |
356 | <td>http://get.adobe.com.bowenpress.org/Adobe/update/20170312/AdobeUpdate20170312.exe</td> |
357 | <td></td> |
358 | <td>1</td> |
359 | <td>20170704</td> |
360 | </tr> |
361 | <td>595bb15f-d000-400a-b7a9-06e38e96ca05</td> |
362 | <td>108</td> |
363 | <td>Payload delivery</td> |
364 | <td>url</td> |
365 | <td>http://get.adobe.com.bowenpress.org/Adobe/update/20160812/AdobeUpdate20160812.exe</td> |
366 | <td></td> |
367 | <td>1</td> |
368 | <td>20170704</td> |
369 | </tr> |
370 | <td>595bb15f-dc68-4468-9572-06e38e96ca05</td> |
371 | <td>108</td> |
372 | <td>Payload delivery</td> |
373 | <td>url</td> |
374 | <td>http://get.adobe.com.bowenpress.org/Adobe/update/20160703/AdobeUpdate20160703.exe</td> |
375 | <td></td> |
376 | <td>1</td> |
377 | <td>20170704</td> |
378 | </tr> |
379 | <td>595bb19a-2bec-4af4-bd28-06e28e96ca05</td> |
380 | <td>108</td> |
381 | <td>Network activity</td> |
382 | <td>domain</td> |
383 | <td>email23.secuerserver.com</td> |
384 | <td></td> |
385 | <td>1</td> |
386 | <td>20170704</td> |
387 | </tr> |
388 | <td>595bb19a-3be4-4267-9c73-06e28e96ca05</td> |
389 | <td>108</td> |
390 | <td>Network activity</td> |
391 | <td>domain</td> |
392 | <td>hk.secuerserver.com</td> |
393 | <td></td> |
394 | <td>1</td> |
395 | <td>20170704</td> |
396 | </tr> |
397 | <td>595bb19a-53fc-4c93-87b1-06e28e96ca05</td> |
398 | <td>108</td> |
399 | <td>Network activity</td> |
400 | <td>domain</td> |
401 | <td>dns.bowenpress.org</td> |
402 | <td></td> |
403 | <td>1</td> |
404 | <td>20170704</td> |
405 | </tr> |
406 | <td>595bb286-ee4c-4c91-91b9-06e38e96ca05</td> |
407 | <td>108</td> |
408 | <td>Payload delivery</td> |
409 | <td>ip-src</td> |
410 | <td>45.124.24.39</td> |
411 | <td>Cloudie IP used for scanning</td> |
412 | <td>1</td> |
413 | <td>20170704</td> |
414 | </tr> |
415 | <td>595bb2d6-70e0-4d6d-bdc7-06e28e96ca05</td> |
416 | <td>108</td> |
417 | <td>Payload delivery</td> |
418 | <td>ip-src</td> |
419 | <td>23.239.106.119</td> |
420 | <td>Gorilla servers malware and phishing server</td> |
421 | <td>1</td> |
422 | <td>20170704</td> |
423 | </tr> |
424 | <td>595bb322-0618-43dc-bd26-06e38e96ca05</td> |
425 | <td>108</td> |
426 | <td>Artifacts dropped</td> |
427 | <td>md5</td> |
428 | <td>e0338b1f010fdc4751de5f58e4acf2ad</td> |
429 | <td></td> |
430 | <td>0</td> |
431 | <td>20170704</td> |
432 | </tr> |
433 | <td>595bb322-0b70-4d94-873f-06e38e96ca05</td> |
434 | <td>108</td> |
435 | <td>Artifacts dropped</td> |
436 | <td>md5</td> |
437 | <td>c1dabd54a672cbc2747c53a8041d5602</td> |
438 | <td></td> |
439 | <td>0</td> |
440 | <td>20170704</td> |
441 | </tr> |
442 | <td>595bb322-0d44-4380-9208-06e38e96ca05</td> |
443 | <td>108</td> |
444 | <td>Artifacts dropped</td> |
445 | <td>md5</td> |
446 | <td>d80fc6a4f175e3ab417b9f96c3b37c73</td> |
447 | <td></td> |
448 | <td>0</td> |
449 | <td>20170704</td> |
450 | </tr> |
451 | <td>595bb322-12c0-4c0c-8d64-06e38e96ca05</td> |
452 | <td>108</td> |
453 | <td>Artifacts dropped</td> |
454 | <td>md5</td> |
455 | <td>ac5763000ae435875f3b709a5f23ecc0</td> |
456 | <td></td> |
457 | <td>0</td> |
458 | <td>20170704</td> |
459 | </tr> |
460 | <td>595bb322-2550-44cc-8747-06e38e96ca05</td> |
461 | <td>108</td> |
462 | <td>Artifacts dropped</td> |
463 | <td>md5</td> |
464 | <td>19c5f8829444956ba30e023aaaec6408</td> |
465 | <td></td> |
466 | <td>0</td> |
467 | <td>20170704</td> |
468 | </tr> |
469 | <td>595bb322-34b4-4c04-a93c-06e38e96ca05</td> |
470 | <td>108</td> |
471 | <td>Artifacts dropped</td> |
472 | <td>md5</td> |
473 | <td>bb080489dbc98a59cac130475e019fb2</td> |
474 | <td></td> |
475 | <td>0</td> |
476 | <td>20170704</td> |
477 | </tr> |
478 | <td>595bb322-4794-4b32-8ad7-06e38e96ca05</td> |
479 | <td>108</td> |
480 | <td>Artifacts dropped</td> |
481 | <td>md5</td> |
482 | <td>88e027b1ef7b2da1766e6b6819bba0f0</td> |
483 | <td></td> |
484 | <td>0</td> |
485 | <td>20170704</td> |
486 | </tr> |
487 | <td>595bb322-59ac-4310-aa50-06e38e96ca05</td> |
488 | <td>108</td> |
489 | <td>Artifacts dropped</td> |
490 | <td>md5</td> |
491 | <td>e841ecaa44b3589120b72e60b53f39c6</td> |
492 | <td></td> |
493 | <td>0</td> |
494 | <td>20170704</td> |
495 | </tr> |
496 | <td>595bb322-7e84-47a6-a022-06e38e96ca05</td> |
497 | <td>108</td> |
498 | <td>Artifacts dropped</td> |
499 | <td>md5</td> |
500 | <td>95efa51b52f121cec239980127b7f96b</td> |
501 | <td></td> |
502 | <td>0</td> |
503 | <td>20170704</td> |
504 | </tr> |
505 | <td>595bb322-88f8-4934-93ca-06e38e96ca05</td> |
506 | <td>108</td> |
507 | <td>Artifacts dropped</td> |
508 | <td>md5</td> |
509 | <td>4ddf012d8a42ad2666e06ad2f0a8410e</td> |
510 | <td></td> |
511 | <td>0</td> |
512 | <td>20170704</td> |
513 | </tr> |
514 | <td>595bb322-897c-4d64-99b1-06e38e96ca05</td> |
515 | <td>108</td> |
516 | <td>Artifacts dropped</td> |
517 | <td>md5</td> |
518 | <td>2332aa40d15399179c068ab205a5303d</td> |
519 | <td></td> |
520 | <td>0</td> |
521 | <td>20170704</td> |
522 | </tr> |
523 | <td>595bb322-90a4-47f8-9056-06e38e96ca05</td> |
524 | <td>108</td> |
525 | <td>Artifacts dropped</td> |
526 | <td>md5</td> |
527 | <td>f282fd20d7eaebe848b5111ecdae82a6</td> |
528 | <td></td> |
529 | <td>0</td> |
530 | <td>20170704</td> |
531 | </tr> |
532 | <td>595bb322-a12c-4e3f-b0ee-06e38e96ca05</td> |
533 | <td>108</td> |
534 | <td>Artifacts dropped</td> |
535 | <td>md5</td> |
536 | <td>88f43fe753e64d9c536fca16979984ef</td> |
537 | <td></td> |
538 | <td>0</td> |
539 | <td>20170704</td> |
540 | </tr> |
541 | <td>595bb322-dfec-480b-9ec1-06e38e96ca05</td> |
542 | <td>108</td> |
543 | <td>Artifacts dropped</td> |
544 | <td>md5</td> |
545 | <td>029ba5f0f6997bc36a094e86848a5b82</td> |
546 | <td></td> |
547 | <td>0</td> |
548 | <td>20170704</td> |
549 | </tr> |
550 | <td>595bb322-f1a0-4a70-a9ad-06e38e96ca05</td> |
551 | <td>108</td> |
552 | <td>Artifacts dropped</td> |
553 | <td>md5</td> |
554 | <td>13b148aead5e844f7262da768873cec0</td> |
555 | <td></td> |
556 | <td>0</td> |
557 | <td>20170704</td> |
558 | </tr> |
559 | <td>595bb322-fa5c-4ee1-b354-06e38e96ca05</td> |
560 | <td>108</td> |
561 | <td>Artifacts dropped</td> |
562 | <td>md5</td> |
563 | <td>945de4d3a046a698aec222fc90a148ba</td> |
564 | <td></td> |
565 | <td>0</td> |
566 | <td>20170704</td> |
567 | </tr> |
568 | </tbody> |
569 | </table> |
570 | </div> |
571 | </div> |
572 | </div> |
573 | </form> </div> |
574 | </div> |
575 | </div> |
576 | </div> |
577 | </div> |
578 | </div> |
579 | |
580 | </ul> |
581 | </a> |
582 | </ul> |
583 | </div> |
584 | </div> |
585 | </button> |
586 | You can't perform that action at this time. |
587 | </div> |
588 | |
589 | |
590 | |
591 | |
592 | |
593 | |
594 | </div> |
595 | </div> |
596 | </button> |
597 | </div> |
598 | </div> |
599 | </body> |
600 | </html> |