Mirrors/APT_CyberCriminal_Campagin_Collections
6
0
Fork 0
mirror of https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections synced 2024-07-05 09:32:16 +00:00
Code Issues Projects Releases Wiki Activity
cd3e137d12
APT_CyberCriminal_Campagin_.../2021/2021.10.19.UNC1945_LightBasin/IOCs/indicators.csv
cybermonitor 6ecca466ac 2022
2022-04-27 16:20:36 +08:00

2.7 KiB
Executable File
Raw Blame History

1IndicatorSHA256 HashesDescription
2/usr/local/sbin/iptables97d4c9b5750d614face73d11ba8532e53594332af53f4c07c1543195225b76ebTrojanized iptables binary that replaced legitimate version
3/usr/bin/pingge9c0f00c34dcd28fc3cc53c9496bff863b81b06723145e106ab7016c66581f72 4668561d60daeb7a4a50a9c3e210a4343f92cadbf2d52caab5684440da6bf562PingPong Implant
4/usr/lib/om_proc3a259ad7e5c19a782f7736b5ac50aac4ba4d03b921ffc6a3ff6a48d720f02012 65143ccb5a955a22d6004033d073ecb49eba9227237a46929495246e36eff8e1Microsocks Proxy
5/usr/lib/frpc05537c1c4e29db76a24320fb7cb80b189860389cdb16a9dbeb0c8d30d9b37006 16294086be1cc853f75e864a405f31e2da621cb9d6a59f2a71a2fca4e268b6c2Fast Reverse Proxy
6/usr/lib/frpc.iniN/AFast Reverse Proxy Configuration
7/usr/lib/cord.lib /usr/lib/libcord.so /usr/bin/libcord.so6d3759b3621f3e4791ebcd28e6ea60ce7e64468df24cf6fddf8efb544ab5aec0 c5ddd616e127df91418aeaa595ac7cd266ffc99b2683332e0f112043796ede1d 9973edfef797db84cd17300b53a7a35d1207d166af9752b3f35c72b4df9a98bc 4480b58979cc913c27673b2f681335deb1627e9ba95073a941f4cd6d6bcd6181 ad9fef1b86b57a504cfa1cfbda2e2ac509750035bff54e1ca06f7ff311d94689CordScan Telecommunications Scanning Utility
8/home/REDACTED/cordscan_raw_armcdf230a7e05c725a98ce95ad8f3e2155082d5a6b1e839c2b2653c3754f06c2e7CordScan Telecommunications Scanning Utility (ARM Architecture)
9/usr/lib/javacee917495c2fd919d4d4baa2f8a3791bcfd58d605ee457a81feb52bc65eb706fd62SIGTRANslator
10/usr/lib/sgsnemu /usr/bin/sgsnemu /usr/lib/sgsnemu_bakbf5806cebc5d1a042f87abadf686fb623613ed33591df1a944b5e7879fb189c8 78c579319734a81c0e6d08f1b9ac59366229f1256a0b0d5661763f6931c3b63c b06f52e2179ec9334f8a3fe915d263180e538f7a2a5cb6ad8d60f045789123b6SGSN Emulator
11/usr/lib/tshda388e2ac588be6ab73d7e7bbb61d83a5e3a1f80bf6a326f42b6b5095a2f35df3TinyShell
12/home/REDACTED/win7_exp/proxychains.conf /usr/lib/win7_exp/proxychains.confN/AProxyChains Configuration
13/var/tmp/.font-unixN/ASLAPSTICK Credential Output File
14/usr/local/sbin/iptables97d4c9b5750d614face73d11ba8532e53594332af53f4c07c1543195225b76ebTrojanized Iptables
15/usr/sbin/iptablesDir/ /sbin/iptablesDir/N/AThreat Actor-created directories containing legitimate copies of iptables utilities following installation of trojanized version
1645.76.215.0/24N/AVultr IP range used by LightBasin
17167.179.91.0/24N/AVultr IP range used by LightBasin
1845.32.116.0/24N/AVultr IP range used by LightBasin
19207.148.24.0/24N/AVultr IP range used by LightBasin
20172.104.79.0/24N/ALinode IP range used by LightBasin
2145.33.77.0/24N/ALinode IP range used by LightBasin
22139.162.156.0/24N/ALinode IP range used by LightBasin
23172.104.236.0/24N/ALinode IP range used by LightBasin
24172.104.129.0/24N/ALinode IP range used by LightBasin