ioc-collection/Philippine-Navy-Certificate/README.md

# IoC for Compromised Philippine Navy Certificate

Malware analysis and more technical informations at <https://decoded.avast.io/threatintel/avast-finds-compromised-philippine-navy-certificate-used-in-remote-access-tool/>


### Table of Contents
* [Samples (SHA-256)](#samples-sha-256)
* [Network indicators](#network-indicators)
* [File names](#file-names)
* [Mutex](#mutex)


## Samples (SHA-256)
#### Binary and related files
```
85FA43C3F84B31FBE34BF078AF5A614612D32282D7B14523610A13944AADAACB - C:\Windows\System32\wlbsctrl.dll
```


## Network indicators
#### C&C servers
```
dost[.]igov-service[.]net:8443
```


## File names
```
C:\Windows\System32\wlbsctrl.dll
```

## Mutex
```
t7As7y9I6EGwJOQkJz1oRvPUFx1CJTsjzgDlm0CxIa4=
```
Add files via upload 2022-03-28 10:22:42 +00:00			`# IoC for Compromised Philippine Navy Certificate`

			`Malware analysis and more technical informations at <https://decoded.avast.io/threatintel/avast-finds-compromised-philippine-navy-certificate-used-in-remote-access-tool/>`


			`### Table of Contents`
			`* [Samples (SHA-256)](#samples-sha-256)`
			`* [Network indicators](#network-indicators)`
			`* [File names](#file-names)`
			`* [Mutex](#mutex)`


			`## Samples (SHA-256)`
Add files via upload 2022-03-28 10:31:12 +00:00			`#### Binary and related files`
Add files via upload 2022-03-28 10:22:42 +00:00			```
			`85FA43C3F84B31FBE34BF078AF5A614612D32282D7B14523610A13944AADAACB - C:\Windows\System32\wlbsctrl.dll`
			```


			`## Network indicators`
			`#### C&C servers`
			```
			`dost[.]igov-service[.]net:8443`
			```


			`## File names`
			```
			`C:\Windows\System32\wlbsctrl.dll`
			```

			`## Mutex`
			```
			`t7As7y9I6EGwJOQkJz1oRvPUFx1CJTsjzgDlm0CxIa4=`
			```