diff --git a/HomuWitch/README.md b/HomuWitch/README.md new file mode 100644 index 0000000..6cd8c27 --- /dev/null +++ b/HomuWitch/README.md @@ -0,0 +1,34 @@ +# IOC for HomuWitch ransomware + +Malware analysis and more technical information at + + +### Table of Contents +* [Samples (SHA-256)](#samples-sha-256) +* [Network indicators](#network-indicators) + + +## Samples (SHA-256) +``` +03e4f770157c11d86d462cc4e9ebeddee3130565221700841a7239e68409accf +0e42c452b5795a974061712928d5005169126ad1201bd2b9490f377827528e5d +16c3eea8ed3a44ee22dad8e8aec0c8c6b43c23741498f11337779e6621d1fe4e +33dd6dfd51b79dad25357f07a8fb4da47cec010e0f8e6d164c546a18ad2a762c +3546b2dd517a99249ef5fd8dfd2a8fd80cb89dfdc9e38602e1f3115634789316 +4ea00f1ffe2bbbf5476c0eb677ac75cf1a765fe5c8ce899f47eb8b344da878ed +6252cda4786396ebd7e9baf8ff0454d6af038aed48a7e4ec33cd9249816db2f4 +9343a0714a0e159b1d49b591f0835398076af8c8e2da56cbb8c9b7a15c9707c8 +bd90468f50629728d717c53cd7806ba59d6ad9377163d0d3328d6db4db6a3826 +cd4c3db443dbfd768c59575ede3b1e26002277c109d39ea020d1bc307374e309 +fd32a8c5cd211b057fdf3e7cc27167296c71e3fb42daa488649cdf81f58f6848 +``` + + +## Network indicators +#### C&C servers +``` +78.142.0.42 +79.137.207.233 +185.216.68.97 +193.164.150.225 +``` diff --git a/HomuWitch/network.txt b/HomuWitch/network.txt new file mode 100644 index 0000000..fadae08 --- /dev/null +++ b/HomuWitch/network.txt @@ -0,0 +1,4 @@ +78.142.0.42 +79.137.207.233 +185.216.68.97 +193.164.150.225 diff --git a/HomuWitch/samples.md5 b/HomuWitch/samples.md5 new file mode 100644 index 0000000..27a3f04 --- /dev/null +++ b/HomuWitch/samples.md5 @@ -0,0 +1,11 @@ +6a4031b90648996edc96a2613770dfed +1caeab3061916c42797db6be6c104cff +c76d1ffe5f002c50351831497e27288d +622977646b6dc119fd7d72f0220aeb08 +4c94cdd785aebedcf2eb3fe4a8b1b7a6 +39fb8a39ef0ae859010229792b18a433 +ee2fd6e1d0e51600906c1e8455197e25 +7edc06ae0340336dd0f0cb1dc3ba291b +7664f920818f0ed143cca2ac6da60a57 +739b13103a0ae7db5e975408bd022dc9 +0c99df62c54ed0260d90b92f421ca263 diff --git a/HomuWitch/samples.sha1 b/HomuWitch/samples.sha1 new file mode 100644 index 0000000..9c04447 --- /dev/null +++ b/HomuWitch/samples.sha1 @@ -0,0 +1,11 @@ +96490ad9b42b7dfd8af9ffad6ec55d60bba51864 +fb99aaa96d674d28a04894c8f82047cea2808b94 +78abf1fcc5783e9c62c78f7ce4b066675bbd71ce +6b904b334653089b627627946553a1ccce9c3220 +332c5cde06c6a3e6174e0bfd846da971f4151599 +35c5b1de844136e32a883981cba8add3af43e952 +df457aea410c6baa767aa281120780b4b1e9e9ed +1e5fdbe22cc41a0ecc18ee6808608cea4b31fba8 +f1575fc3274cebe0a02cbc6d2db7673084ef5870 +2ca94ba8726810b49d69422d3ff5ae4622090f19 +1f161f720f187c2047f197cb3b50dc44a9603c06 diff --git a/HomuWitch/samples.sha256 b/HomuWitch/samples.sha256 new file mode 100644 index 0000000..fb3a4b6 --- /dev/null +++ b/HomuWitch/samples.sha256 @@ -0,0 +1,11 @@ +03e4f770157c11d86d462cc4e9ebeddee3130565221700841a7239e68409accf +0e42c452b5795a974061712928d5005169126ad1201bd2b9490f377827528e5d +16c3eea8ed3a44ee22dad8e8aec0c8c6b43c23741498f11337779e6621d1fe4e +33dd6dfd51b79dad25357f07a8fb4da47cec010e0f8e6d164c546a18ad2a762c +3546b2dd517a99249ef5fd8dfd2a8fd80cb89dfdc9e38602e1f3115634789316 +4ea00f1ffe2bbbf5476c0eb677ac75cf1a765fe5c8ce899f47eb8b344da878ed +6252cda4786396ebd7e9baf8ff0454d6af038aed48a7e4ec33cd9249816db2f4 +9343a0714a0e159b1d49b591f0835398076af8c8e2da56cbb8c9b7a15c9707c8 +bd90468f50629728d717c53cd7806ba59d6ad9377163d0d3328d6db4db6a3826 +cd4c3db443dbfd768c59575ede3b1e26002277c109d39ea020d1bc307374e309 +fd32a8c5cd211b057fdf3e7cc27167296c71e3fb42daa488649cdf81f58f6848