mirror of
https://github.com/avast/ioc
synced 2024-06-16 11:58:39 +00:00
commit
237040c3af
23
ParrotTDS/README.md
Normal file
23
ParrotTDS/README.md
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
# IoC for ParrotTDS and related SocGholish campaign
|
||||||
|
|
||||||
|
Analysis is available at https://decoded.avast.io/janrubin/parrot-tds-takes-over-web-servers-and-threatens-millions/.
|
||||||
|
|
||||||
|
## Samples (SHA-256)
|
||||||
|
#### Binary and related files
|
||||||
|
##### Parrot TDS
|
||||||
|
```
|
||||||
|
e22e88c8ec0f439eebbb6387eeea0d332f57c137ae85cf1d8d1bb4c7ea8bd2f2 - Proxied version JavaScript
|
||||||
|
daabdec3d5a43bb1c0340451be466d9f90eaa0cfac92fb6beaabc59452c473c3 - Direct version JavaScript
|
||||||
|
b63260c1f213c02fcbb5c1a069ab2f1d17031e598fd19673bb639aa7557a9bae - Webshell
|
||||||
|
```
|
||||||
|
##### FakeUpdate
|
||||||
|
```
|
||||||
|
0046fad95da901f398f800ece8af479573a08ebf8db9529851172ead01648faa - FakeUpdate JavaScript
|
||||||
|
15afd9eb66450b440d154e98ed82971f1b968323ff11b839b046ae4bec60f855 - FakeUpdate appearance JavaScript
|
||||||
|
```
|
||||||
|
##### NetSupport RAT
|
||||||
|
```
|
||||||
|
b6b51f4273420c24ea7dc13ef4cc7615262ccbdf6f5e5a49dae604ec153055ad - NetSupport Client
|
||||||
|
8ad9c598c1fde52dd2bfced5f953ca0d013b0c65feb5ded73585cfc420c95a95 - NetSupport Client
|
||||||
|
4fffa055d56e48fa0c469a54e2ebd857f23eca73a9928805b6a29a9483dffc21 - NetSupport Config
|
||||||
|
```
|
52
ParrotTDS/network.txt
Normal file
52
ParrotTDS/network.txt
Normal file
@ -0,0 +1,52 @@
|
|||||||
|
clickstat360[.]com
|
||||||
|
statclick[.]net
|
||||||
|
staticvisit[.]net
|
||||||
|
webcachespace[.]net
|
||||||
|
syncadv[.]com
|
||||||
|
webcachestorage[.]com
|
||||||
|
parmsplace[.]com
|
||||||
|
ahrealestatepr[.]com
|
||||||
|
expresswayautopr[.]com
|
||||||
|
xomosagency[.]com
|
||||||
|
codigodebarra[.]co
|
||||||
|
craigconnors[.]com
|
||||||
|
lawrencetravelco[.]com
|
||||||
|
maxxcorp[.]net
|
||||||
|
2ctmedia[.]com
|
||||||
|
accountablitypartner[.]com
|
||||||
|
walmyrivera[.]com
|
||||||
|
youbyashboutique[.]com
|
||||||
|
weightlossihp[.]com
|
||||||
|
codingbit[.]co[.]in
|
||||||
|
fishslayerjigco[.]com
|
||||||
|
avanzatechnicalsolutions[.]com
|
||||||
|
srkpc[.]com
|
||||||
|
wholesalerandy[.]com
|
||||||
|
mattingsolutions[.]co
|
||||||
|
integrativehealthpartners[.]com
|
||||||
|
wwpcrisis[.]com
|
||||||
|
lilscrambler[.]com
|
||||||
|
markbrey[.]com
|
||||||
|
nuwealthmedia[.]com
|
||||||
|
pocketstay[.]com
|
||||||
|
fioressence[.]com
|
||||||
|
drpease[.]com
|
||||||
|
refinedwebs[.]com
|
||||||
|
spillpalletonline[.]com
|
||||||
|
altcoinfan[.]com
|
||||||
|
windsorbongvape[.]com
|
||||||
|
hill-family[.]us
|
||||||
|
109.234.35[.]249
|
||||||
|
141.136.35[.]157
|
||||||
|
91.219.236[.]192
|
||||||
|
91.219.236[.]202
|
||||||
|
194.180.158[.]173
|
||||||
|
87.120.8[.]141
|
||||||
|
15.76.172[.]110
|
||||||
|
45.76.172[.]113
|
||||||
|
5.180.136[.]119
|
||||||
|
94.158.247[.]84
|
||||||
|
94.158.245[.]113
|
||||||
|
94.158.247[.]100
|
||||||
|
154.38.242[.]14
|
||||||
|
199.247.3[.]55
|
8
ParrotTDS/samples.md5
Normal file
8
ParrotTDS/samples.md5
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
252dce576f9fbb9aaa7114dd7150f320
|
||||||
|
8050cab7a651295576e361c1d3a47ae1
|
||||||
|
30a320e1ace79672ba59e4ef4b0714b2
|
||||||
|
fcc699089107449df02860fbd5ee14b0
|
||||||
|
5e8c0513edb7d188b817fad58bc1d607
|
||||||
|
252dce576f9fbb9aaa7114dd7150f320
|
||||||
|
2a77875b08d4d2bb7b654db33a88f16c
|
||||||
|
c28b5bb4cc0608fed45b1450a19bf8ed
|
8
ParrotTDS/samples.sha1
Normal file
8
ParrotTDS/samples.sha1
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
c07f0a02c284b697dff119839f455836be39d10e
|
||||||
|
e587f7c71cee0bdba61992b3bf21c75c9ffa226f
|
||||||
|
bfd262619992d77f941a8afed423261a97c11758
|
||||||
|
2a5b98f479541c4de547430e152b5ec2cd98ed4e
|
||||||
|
71a4784fa9c477472873302188cab1b7261146d3
|
||||||
|
c07f0a02c284b697dff119839f455836be39d10e
|
||||||
|
e68dede6f9288e04eaf0359d5622d721fea7184d
|
||||||
|
0bf7c6a89c229931f368d4151e25c73faa6baf12
|
8
ParrotTDS/samples.sha256
Normal file
8
ParrotTDS/samples.sha256
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
e22e88c8ec0f439eebbb6387eeea0d332f57c137ae85cf1d8d1bb4c7ea8bd2f2
|
||||||
|
daabdec3d5a43bb1c0340451be466d9f90eaa0cfac92fb6beaabc59452c473c3
|
||||||
|
b63260c1f213c02fcbb5c1a069ab2f1d17031e598fd19673bb639aa7557a9bae
|
||||||
|
0046fad95da901f398f800ece8af479573a08ebf8db9529851172ead01648faa
|
||||||
|
15afd9eb66450b440d154e98ed82971f1b968323ff11b839b046ae4bec60f855
|
||||||
|
b6b51f4273420c24ea7dc13ef4cc7615262ccbdf6f5e5a49dae604ec153055ad
|
||||||
|
8ad9c598c1fde52dd2bfced5f953ca0d013b0c65feb5ded73585cfc420c95a95
|
||||||
|
4fffa055d56e48fa0c469a54e2ebd857f23eca73a9928805b6a29a9483dffc21
|
Loading…
Reference in New Issue
Block a user