From faa94969a232e1bc41bc7fae7fffe0221cc166ac Mon Sep 17 00:00:00 2001
From: Gi7w0rm <89871181+Gi7w0rm@users.noreply.github.com>
Date: Fri, 8 Sep 2023 08:12:24 +0200
Subject: [PATCH] Update Additional_IoC.txt

---
 DDGroup/Additional_IoC.txt | 92 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 92 insertions(+)

diff --git a/DDGroup/Additional_IoC.txt b/DDGroup/Additional_IoC.txt
index 0e856c6..688938e 100644
--- a/DDGroup/Additional_IoC.txt
+++ b/DDGroup/Additional_IoC.txt
@@ -15,6 +15,98 @@ sunwap878.ddns.net
 rennelautos.zapto.org 
 halwachi50.mymediapc.net
 
+##Associated samples (Deffinetly not all!) Sha-256:
+3ab77283c1cc94af6895468cb0f781ea5d0859423b1ebe0e6c9b010759924ec6
+8ea012caa07e0f5fa060b66950de748902f95ed1830d98311fbaf36cf08cdb15
+28c039b5743bdf5a231fd5431bd8ed58b090c3ffee5cde83d6e22b8354fbde8a
+161afe95ce60a5bac63338d626e7000d142449911bca0127a84b33f8db53a803
+004634b1124c2c538b6f4644057a70f024c33e1f931fbf3781dda13bff411d0d
+a9d392315ccff1c17d1410bdd34547566b64038d2dbea4b6a06a85bdfc2e6284
+70e4ecc3f3b3ed9bbc58c487dfae637819738cb0b39e2196e7afd373276931f4
+6fb0237579a55a2947de71d3d33e644081fd7afd02de6f37ff0c504efed5ff6c
+154a361c6541d47c432c9af07c24ae462340a178d8eb278bae24a7cc81b498b6
+263dd64e9f5c81d3688cb3788d80a0f7b8ec6f92c728069f34b2349e2ffa3c11
+2951cb766b89f9e3e65902fec634ed924168629f2dd3a178ba753e66ce4be73f
+84d32881ef43a7662841c032d263478fb93c5bac82a126a0d06daf685ad7fa3c
+ec9904d31d19e082cfcd0706933896d268b5dfe2be7116e924e38c23535b6b57
+5db7b68c271c734923c58e79ca334dca8f4cf11bc60b4fd6fbf8e919d10cd201
+b30bb110af50672dd2f6fdf755a3699ebed2f497da3cd1b8fa0f94ac572a8ced
+afd38445e5249ac5ac66addd18c20d271f41c3ffb056ca49c8c02f9fecb4afcb
+f0bea0b603315d014b05dee779470561705b73652f78d68e0341d83a9c3ce5f9
+cd26009a2cfa0a5f8b8e44786b045b4a0d8faf78ae5ae044a64226f3ced2bda7
+a8bb4e9aafa760d9b9c05d1df5e131633dbf32e57e2c71b8c0a6eccb445b81a5
+12c87ccc8c293657e41d39202a8ccc02a106ee4128769957d42a206019fcf20d
+4245bb44ce88dce8c77ed44dba40629ac6e489767b46521a45cf7f52554ed1ca
+59fbf83208e965445268cc973a63516dba60c68eced0d3cd8ed2e9499951dc32
+5f7305226de03c27cfff62e6708b0de56d274bddd2c7a4a9a6c35f09c771dd2f
+7c4978528431d76c38dc9f18087e5e2d4d2fbddafcb8a536eb8a7f328fbcb46b
+d0298b630deda48afe5853031e2459bc7d27bdcc0c383a1a591a4a578b8a747a
+003bce0c13d0325e4b534a4a16e6f1dd1b5c77922eb03e33c676eaf7787513de
+e6bf87ec571628e096e6505ee87f617f594ed7664782bf4f82810be28028147b
+e58026e101ae93162cbf114997a2a2c78a80adfb6e6469823dd0d90572cef140
+df7e668541b31a71da6bd928a67628c239d3cb3b8839d94bf8fadbb1f7be650b
+cd2a403eafc870dd7c1d0e33864a272ca0ca94142e78053bd4a5235dcd59ebcf
+c5f4b38a7e16440cb2e4cde3591109905c0817e4b9df4ac240892b81e7b1b000
+bd45e50b3ec1e76b4cc8c018131921f5237a356b1dcbc9ec69fdf9788edbea58
+32510d7a1b643e17fb3565cb4a15706afeb6376aeb60aeac4e3e9a2b6cd796ee
+003bce0c13d0325e4b534a4a16e6f1dd1b5c77922eb03e33c676eaf7787513de
+048993d88c16c522d363dfe09944b2b3eb67ac0c27b2d7acadce59f377e5c628
+059d55eac6a0eee44a3a269fc7b942d5bd2a6cf5435befc73ab531ad9fb55b31
+28f0b7093f103fa23a823659bcac42ccc40f772211612a412a30561663304643
+0b3eadbb1888ed6d73f400f4bd492baec047119c7e81d35e3afbb8dcaea7cce0
+0f01ac3196ac58a02df4d1e0bb1ec2ad6943e4a09338af5e0df35b900c2c72fd
+1efca5ad50898efd4f4e9e86f823928d8d83e9021ca048d9f55185e1b1ee4c64
+2929451852384ac9f1b289746f767b752e04ec5d778b9538ac761cb175006948
+acbf8fbc4738474345e2f8c93dc19802190b8c355792b2249f350dc55b8e62c3
+b186a727bd9fdf45c56b47e8d4f280b47a921f8fb16cde051b3b657c652c649b
+198dc2ddc84a875059ffd1f5a1e629aba7cde655dc390888a6eccb6448837a1b
+c36679dbe29496a971e748fc84acc7574b96bdf28aa4dd6e5307d740bd7b9a25
+c9791f9e39bd2948e10b599936ea09b2a3211ecad6041d0b560a895b8c547f8c
+dacac52a378ad8d74430d29733767e2b8e6282a86e29aef40e8e0f8544c8b16a
+dd248dcb742175c4ea98e085fc1a9a9dcad0feedee9a1c66006025de163a9789
+87158990b991188d10c7789ee8b3892a23f6d8c761d0a044d2943b8a74136ccb
+c186f21ff4f4867f19488ac5d05b7b07caa86a674e152d8272835214ea3ea04d
+a7350c594fc833e98897f69be6031b098f142275d265bc1022b0a57fe30458b8
+c3be511ac2f7f25d9907e18df4efa90e0fc8605137c14d6da23c443efad3b9b0
+a7ec66320c2f1715eeac5b65af7bf5198e0358fca736d2044919683677d3e3da
+a9de1c0c653a6eff70c3b37b6cb8effc5730c8080ef48be3ded3e81878a78007
+b58c136a19f5fb1d32d05d11a29f61dca14dffd87dbb81667bd6c66e3613b424
+dbf8bb8d9587f9fa403f76c110b19e85e76fda83185954e139a855b5a4b7d93a
+e1e0732f2b4d14428bc6a43e7039ce4b5f2a579a9fe92937ffac9712705ebe87
+f44ab0fd8950adcdab001b50d7500a9cbc6d1a042bec8ea5bb039efb7216e512
+371592f4e173e26d7b228039a596b064bd57ce5476070c40328e487ce19a54a9
+c8a906f10681b8d860ebb7f26f0979c612216d88d33024fb7fea32d82d8bda41
+3d95c5e4fafd5d0de6fa5940bd98bcb14ba3f8c5b58c3dee003ee2054b9f0724
+664ace276ff7abcd2090be13ec0227905fdb27d60fa57bc2da9f00fbcfc2caae
+4a91bd3dfd27b0ba6ac2c4d7128b29c28a6da1f571911ebdc0031cbe8fd16110
+71ab1c23478d5328368aa417b75ca6a06d7bae4efd6afb628db2c35d555f4411
+ae011e1cd61f45e3298e2808341c92189c19ca6b636287622cc74ab21c5986f0
+9bcfb753bcd1e4331d9c5d618a66fba6b3f7345a1856cfefff21a6a235877a18
+c3db3949a924d35d26d516a985ca17e3312e57a0f9b2ddf841b4ef9115af27a6
+862503a460034a8ecba2dc22911d95875aa9d48ab9cdaa5b001ae9abea9823aa
+d3b2c410b431c006c59f14b33e95c0e44e6221b1118340c745911712296f659f
+5b6931c916d9cf095d300facb81f7e60b0ce44a365999f7e876107770ad3ac56
+d87578933a614691c888afd1b2eae2e765e36ecf0388ad3923e54ebd89054692
+2511aefa9db9f54ec252be53f876020cf9a408af1648250efc0e0dc2d31991ed
+3ba5000678759979bbf4de990a65ba6dc0042fdba9a1af0d2948c07991eabe2f
+5a86beef7389e6fcd0c5910770bbf4aa92a353d3ccc0c5b80e9ec41f48c5af4a
+9c457ce3eb5b5b0456c80609b512040696acab4f47d7b6879f0200e1b8501075
+df89b24a6d5aa863a8f74587615c997510a46dc5fe6dc52389047b8d0753b1f2
+2511aefa9db9f54ec252be53f876020cf9a408af1648250efc0e0dc2d31991ed
+9f46555944110c0b982e05620a58e6a3828fa6ad8e8dd8f55894e25150207a5e
+271c4db2e858b6c1151a59707d774bc7a8c416b60900fc1ea10e3ae9773cd658
+39b9b9d2c699f8523e55a05bfc74f6f5764fabb0a1418f1cec4bc78609c1b37b
+ea43c71d7ec447e2483c7f0c8488972648209f2b487f2e6e64227d3d729c1d88
+82b25c74ccf441dd89da637694f3cf229d1a95c533fb565ea92cdd577cb08410
+eddd07b69b4942f144f84ce2f03c6785b8c770a6f226c5d0f31c47bb147e7367
+fcfc72e7b57a95e9a438c7e3efd5378c78dc0c471addbeebc3acfc4c1eee376c
+251c8b15309af7b8c372cdcc26d522afadad06717de6ce58d3bdb5079b17e559
+39b9b9d2c699f8523e55a05bfc74f6f5764fabb0a1418f1cec4bc78609c1b37b
+5ec0f1fd757eb3a0a76e602559d027b94012d929d4fd6a9afddf0e7dfd535337
+
+## Used to host malware:
+stickerpix.co.uk
+https://stickerpix.co.uk/4.exe
 
 ## As per Microsoft Threat Intel the actor is connected to the following domains: