mirror of
https://github.com/avast/ioc
synced 2024-06-28 09:41:14 +00:00
43 lines
1.6 KiB
Markdown
43 lines
1.6 KiB
Markdown
|
# IoC for F-Scrack-mimikatz
|
||
|
|
||
|
Malware analysis and more technical information at <https://decoded.avast.io/ondrejmokos/f-scrack-mimikatz-a-bundle-of-tools/>
|
||
|
|
||
|
|
||
|
### Table of Contents
|
||
|
* [Samples (SHA-256)](#samples-sha-256)
|
||
|
* [Network indicators](#network-indicators)
|
||
|
|
||
|
## Samples (SHA-256)
|
||
|
```
|
||
|
fd5a462016f5a5c3afd0a642cebea42837edd3dc0c446c413770aaa70467c612 - SFX archive
|
||
|
f6c3a8dafb12df7aee0b00a5e0f4201a5fe963c890332c68284ba1d728055230 - depszip
|
||
|
02d720a97b5496550c22a5adffcb6b17a2dde3e191fda46c9e05dd3182ae186d - Xagent.exe
|
||
|
3d2d8fd2c15da7ac4d03436a717613316f5e6a371618d4a386d968e3ea0fc267 - eternal11.dll
|
||
|
6818f885162fc5449571b8a21f28ed3505e43a226f33cb0540f97a7277ae902d - eternal22.dll
|
||
|
1d9fc5a423bd778769729c1d5c75c8b9dd694a9b8026bafa8cb18a93cbacb4aa - XMRig (x86)
|
||
|
f38c4cfddf62ce50310b6bb65db3bf14b07c053724e01d8ddf492e38264562c3 - XMRig (x86)
|
||
|
0de09fae50bcb810943cff3d9882fd01766e85c94a2299e6d3f1f6205622f3a6 - XMRig (x64)
|
||
|
9464e66c0a666ea86194bf80afd9dbc3e303d120b687dba14a02914c0a804845 - XMRig (x64)
|
||
|
9ce588c9e3765232e56b41db86f10632659ee2eb68615c4f926d2ee31cdfa418 - XMRig (x64)
|
||
|
d7fbd2a4db44d86b4cf5fa4202203dacfefd6ffca6a0615dca5bc2a200ad56b6 - XMRig (x64)
|
||
|
```
|
||
|
|
||
|
## Network indicators
|
||
|
```
|
||
|
myip.dnsomatic[.]com
|
||
|
down.cacheoffer[.]tk/d2/reg9.sct
|
||
|
lazagne.cacheoffer[.]tk/Windows.zip
|
||
|
png.realtimenews[.]tk/m.png
|
||
|
png.realtimenews[.]tk/q.png
|
||
|
u.swb[.]one/cidir
|
||
|
u.swb[.]one/crack
|
||
|
u.swb[.]one/upload/win
|
||
|
xmr.enjoytopic[.]tk/d/ps3.txt
|
||
|
xmr.enjoytopic[.]tk/d/regxmr222.sct
|
||
|
xmr.enjoytopic[.]tk/d/regxmr888.sct
|
||
|
xmr.enjoytopic[.]tk/d/regxmr999.sct
|
||
|
xmr.enjoytopic[.]tk/d/rigd32.txt
|
||
|
xmr.enjoytopic[.]tk/d/rigd64.txt
|
||
|
lnk0[.]com/BtoUt4
|
||
|
```
|