Mirrors
/
ioc-collection
mirror of https://github.com/avast/ioc
6
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Almaq: Added IoC files

This commit is contained in:
Linkeová Romana 2019-08-28 12:49:53 +02:00
parent e9ef2f46f7
commit 094707ea9c
5 changed files with 96 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
Almaq/README.md Normal file
View File

@ -0,0 +1,43 @@
# IoC for Almaq
Malware analysis and more technical information at <https://decoded.avast.io/romanalinkeova/what's-new-in-this-year's-almanaq?/>
### Table of Contents
* [Samples (SHA-256)](#samples-sha-256)
* [Network indicators](#network-indicators)
## Samples (SHA-256)
```
4098d92ead72b1b2749e2d58102327f670a1db2d46c6e74eefbbed7f68167265 - AlMashreqService.dll
9cbc09dd569942582a6ec3d94fb5c9fc70c1e43282dc36dcc8cdf8d0a5131235 - AlMashreqService.dll
8b4baa073900f9602845694f6d1f9358a196ea0b7dfc06ad320f9c162bff0141 - acrobat reader.exe
945426553022101b7a75c6b5cad3d780363193b5412ea077257873b1971dfed3 - adobe.exe
497c2e9aa686f12031df590c124e7a9d0f0b1df7bf52e5fbd9ffa1501e383e93 - Printer.exe
d61b743aa7e5b50f2ebe3f5a4cd31ee97d51282ba083b7dc5265888f5797ab88 - Printr.exe
6fef864850bf8a603305370dc5f522366af6392946a8049647d1423a9a62461c - spoolsv.exe
39f696883838d5ddc91f76fb8f1b547c20a9ef08e1f5e836bf64b7956e7644c3 - Service.exe
32f59e810ab96690c848097686a94c57de6221af6d299ac153f617b7c504bb55 - Service.exe
04e363bd90dea1b18d6f3f4f3f92b00ce55ee1289c05eb575a0f7cd0ab138902 - Dll.exe
2139f4084795ec07ec0ba78292154879c3bb1c495661471017a83355bf5f8af0 - DllLiberary.exe
07884b08b394f1cedec09e8e0bf46a7ef29d904e10cb0079893d294c7ab286a2 - svchost.exe
036760d3a1b4760e9bf5527f0fed0e0a8bb98b6dbec3d5de7d8aba6afbeaf82b - SearchFile.exe
081ea05b7476425189575ce5d30b941a61e252448cc8f8e5bc2a6c290d25d670 - security.exe
078cf6f436eb73112bf4dc00f601e4a82bd4476b55df660a1b19186c8b646fc1 - security.exe
```
## Network indicators
### C&C servers
```
http://servicesx.gearhostpreview[.]com/data.asmx
http://systemservicex.azurewebsites[.]net/data.asmx
http://adobereader.azurewebsites[.]net/data.asmx
http://gcmedservice.azurewebsites[.]net/Scripts.asmx
alhussienweb.ddns[.]net
```
### FTP servers
```
ftp://waws-prod-am2-253.ftp.azurewebsites.windows[.]net/site/wwwroot
ftp://waws-prod-sn1-071.ftp.azurewebsites.windows[.]net/site/wwwroot/
ftp://ftp.gear[.]host/site/wwwroot/
```

8
Almaq/network.txt Normal file
View File

@ -0,0 +1,8 @@
http://servicesx.gearhostpreview[.]com/data.asmx
http://systemservicex.azurewebsites[.]net/data.asmx
http://adobereader.azurewebsites[.]net/data.asmx
http://gcmedservice.azurewebsites[.]net/Scripts.asmx
alhussienweb.ddns[.]net
ftp://waws-prod-am2-253.ftp.azurewebsites.windows[.]net/site/wwwroot
ftp://waws-prod-sn1-071.ftp.azurewebsites.windows[.]net/site/wwwroot/
ftp://ftp.gear[.]host/site/wwwroot/

15
Almaq/samples.md5 Normal file
View File

@ -0,0 +1,15 @@
920507E661C1D84AE628E220E4AE3383
B67190A447A6CFB3A0797499666C8484
5A397C3FD9F2DA729329831FB5353FF0
9E1607D43383A44F657D535447560FDB
EB9309DDFCA03782DE4142C8F07E6F3F
3D812F4E159298B0F11BB882C17C84BA
59A9BA27C4DE5A0EBE47E6DD9AA870A0
59ACCABC0A8A72015B6CE23A12976682
27DECCAF2BE6566CCF94DCDE733007AB
1491B24ED0AF833853163BC0D630CFAA
F18925F67AD48F90707A105F6E8D3BE5
79B34269779A7FD583D2AF73D3843556
999812BA770FD1126A9EBD01672EAD3A
1BCB90D0C9F4095D7E410F82396DDC71
556AA37196833F30BDB74A744E15BEFC

15
Almaq/samples.sha1 Normal file
View File

@ -0,0 +1,15 @@
6B334E28FB385F29DA6B16598D4617E318A20726
30ECB28D08508D60C53A3EF7C7EB3CEA7E736D32
3471D4C8A51318E9248BED4D4E2CFF9BF8FBDF0E
1E354FABB210E89439081CF65D418F2BA57E16B1
DADEAD32347BFE51FC67D6F10E8ACCFDCCC62F2F
040B1B5A5A6566E917477F1EB82D05FA0781DF18
D720F03311C8663E3C3C5DA66E492AC8C5A847BB
CB0944E2CD3715363E5AE49F94C8D1134A566F16
B6CCDA0F3CE2E6766B4ED38F3B3E1277975FE64B
72DFC20631F72BD22F67F4B6265A994360DA6E56
83B2D342072A3DC747287EA84427F1F45C5FFA82
19A7DBD86B8B116FC61D404524A1BC66356FDDAF
BFC45A3BAD6A3B88CF52AA1EB38393F3CBEB1615
0C44F1B288FEF75C0766C8D8E385F2A29D25F755
520D39E01D203CA8B10D9BFC8218458FBD1E2BE8

15
Almaq/samples.sha256 Normal file
View File

@ -0,0 +1,15 @@
036760D3A1B4760E9BF5527F0FED0E0A8BB98B6DBEC3D5DE7D8ABA6AFBEAF82B
04E363BD90DEA1B18D6F3F4F3F92B00CE55EE1289C05EB575A0F7CD0AB138902
07884B08B394F1CEDEC09E8E0BF46A7EF29D904E10CB0079893D294C7AB286A2
078CF6F436EB73112BF4DC00F601E4A82BD4476B55DF660A1B19186C8B646FC1
081EA05B7476425189575CE5D30B941A61E252448CC8F8E5BC2A6C290D25D670
2139F4084795EC07EC0BA78292154879C3BB1C495661471017A83355BF5F8AF0
32F59E810AB96690C848097686A94C57DE6221AF6D299AC153F617B7C504BB55
39F696883838D5DDC91F76FB8F1B547C20A9EF08E1F5E836BF64B7956E7644C3
4098D92EAD72B1B2749E2D58102327F670A1DB2D46C6E74EEFBBED7F68167265
497C2E9AA686F12031DF590C124E7A9D0F0B1DF7BF52E5FBD9FFA1501E383E93
6FEF864850BF8A603305370DC5F522366AF6392946A8049647D1423A9A62461C
8B4BAA073900F9602845694F6D1F9358A196EA0B7DFC06AD320F9C162BFF0141
945426553022101B7A75C6B5CAD3D780363193B5412EA077257873B1971DFED3
9CBC09DD569942582A6EC3D94FB5C9FC70C1E43282DC36DCC8CDF8D0A5131235
D61B743AA7E5B50F2EBE3F5A4CD31EE97D51282BA083B7DC5265888F5797AB88