Added IoC files for CoinHelper

CoinHelper/README.md

@@ -0,0 +1,66 @@
+# IOC for CoinHelper
+
+Malware analysis and more technical informations at <https://decoded.avast.io/janrubin/toss-a-coin-to-your-helper/>
+
+
+### Table of Contents
+* [Samples (SHA-256)](#samples-sha-256)
+* [Network indicators](#network-indicators)
+* [Mutexes](#mutexes)
+
+
+## Samples (SHA-256)
+#### CoinHelper binary and related files
+```
+83a64c598d9a10f3a19eabed41e58f0be407ecbd19bb4c560796a10ec5fccdbf - start.exe
+cc36bb34332e2bc505da46ca2f17206a8ae3e4f667d9bdfbc500a09e77bab09c - asacpiex.dll
+ea308c76a2f927b160a143d94072b0dce232e04b751f0c6432a94e05164e716d - CL_Debug_Log.txt
+126d8e9e03d7b656290f5f1db42ee776113061dbd308db79c302bc79a5f439d3 - 32.exe
+7a3ad620b117b53faa19f395b9532d3db239a1d6b46432033cc0ef6a8d2377cd - 64.exe
+7387e57e5ecfdba01f0ad25eeb49abf52fa0b1c66db0b67e382d3b9c057f51a8 - 32.txt
+ff5aa6390ed05c887cd2db588a54e6da94351eca6f43a181f1db1f9872242868 - 64.txt
+6753d1a408e085e4b6243bfd5e8b44685e8930a81ec27795ccd61f8d54643c4e - amd.txt
+93dd8ef915ca39f2a016581d36c0361958d004760a32e9ee62ff5440d1eee494 - nvidia.txt
+```
+
+
+## Network indicators
+#### Public IP logging service URL
+```
+2no[.]co/1wbYc7
+```
+#### Tor C&Cs
+```
+bgpaio75egqvqigekt5bqfppzgth72r22f7vhm6xolzqd6ohroxs7pqd[.]onion
+jr2jjfxgklthlxh63cz3ajdvh7cj6boz3c3fbhriklk7yip4ce4vzsyd[.]onion
+uovyniuak3w4d3yzs4z4hfgx2qa6l2u6cx4wqsje4pmnmygc6vfddwqd[.]onion
+rcjndzwubq5zbay5xoqk4dnc23gr4ifseqqsmbw5soogye6yysc7nkyd[.]onion
+ist4tvsv5polou6uu5isu6dbn7jirdkcgo3ybjghclpcre5hzonybhad[.]onion
+nt4flrgftahnjzrazdstn2uwykuxuclosht46fnbwlcsjj4zaulomlad[.]onion
+shmauhvdvfcpkz7gl23kmkep5xtajau3ghxtswur6q5bznnpmfam3iqd[.]onion
+sqymp2cgjmp5pllesephn55wtocugudyrxvz2ptkdnctet53e5e4mfid[.]onion
+t6ka6jsevtotg4jstanojg3meo24ciyl3fwllzpml4bpibek6waxsgqd[.]onion
+7cmqghpupqiquxkfgmotxv6nfl366hyekx4mulez6rdgwdmq7hn72rad[.]onion
+bobsslp6f4w23r2g375l6ndbbz7i5uwg7i7j5idieeoqksuwm4wy57yd[.]onion
+diyacgq37d4mdev7jao4vjmpplejpx6srnvjspcg7yh4ffdjkiurekyd[.]onion
+2qepteituvpy42gggxxqaaeozppjagsu5xz2zdsbugt3425t2mbjvbad[.]onion
+r2yzxjp3hrsqjwbpvxsx4zn5ww4cbnt6gqkjkgqrry7634qi7aeqtvyd[.]onion
+t7f46q5mj2i7vatj6oij3s4pzr2glxozqzntnq7hab2unh5ph5iniaad[.]onion
+vmpzn64y2jg3dtvlg3sdqwngciiqbb53quiw52fjldjrkml5cux4kzad[.]onion
+3h7yxuyj6bfgpys63z7gleu6xc3gedgsvzqb2onayv4nvide3cja2vid[.]onion
+4sqi3axlh5bxk3jnh76ohvn3nnwekrubdpygznzeqsji7v66secvhgid[.]onion
+6yhfokwes7hcjnp7bgzlto5umqcoir7bqfxojd7rsrbnb4cad2uf3dad[.]onion
+acis2advyp7ougpe46o64vqwu7qheko3sphytcwsvoyrkysq2r2bt3yd[.]onion
+brnrnawg7yv5ot7qc76fqpju6e34dy4z6rbrw3phax6uoyes4vr7sgad[.]onion
+unbagbew3rjfng5xtyxtp4oyopcopqwmhargs4m5qz47joisgfyv7wqd[.]onion
+xyer2q73qwhc2csqbfzf7w4vv4r6555qhyn6ofm56iwzvkgidxv6coqd[.]onion
+jbadd74iobimuuuvsgm5xdshpzk4vxuh35egd7c3ivll3wj5lc6tjxqd[.]onion
+```
+
+## Mutexes
+```
+QPRZ1bWvXh
+QPRZ1bWvXh2
+QPRZ2bWvXh
+QPRZ3bWvXh
+```

CoinHelper/mutexes.txt

@@ -0,0 +1,4 @@
+QPRZ1bWvXh
+QPRZ1bWvXh2
+QPRZ2bWvXh
+QPRZ3bWvXh

CoinHelper/network.txt

@@ -0,0 +1,31 @@
+Public IP logging service URL
+-----------------
+2no[.]co/1wbYc7
+
+
+Tor C&Cs
+-----------------
+bgpaio75egqvqigekt5bqfppzgth72r22f7vhm6xolzqd6ohroxs7pqd[.]onion
+jr2jjfxgklthlxh63cz3ajdvh7cj6boz3c3fbhriklk7yip4ce4vzsyd[.]onion
+uovyniuak3w4d3yzs4z4hfgx2qa6l2u6cx4wqsje4pmnmygc6vfddwqd[.]onion
+rcjndzwubq5zbay5xoqk4dnc23gr4ifseqqsmbw5soogye6yysc7nkyd[.]onion
+ist4tvsv5polou6uu5isu6dbn7jirdkcgo3ybjghclpcre5hzonybhad[.]onion
+nt4flrgftahnjzrazdstn2uwykuxuclosht46fnbwlcsjj4zaulomlad[.]onion
+shmauhvdvfcpkz7gl23kmkep5xtajau3ghxtswur6q5bznnpmfam3iqd[.]onion
+sqymp2cgjmp5pllesephn55wtocugudyrxvz2ptkdnctet53e5e4mfid[.]onion
+t6ka6jsevtotg4jstanojg3meo24ciyl3fwllzpml4bpibek6waxsgqd[.]onion
+7cmqghpupqiquxkfgmotxv6nfl366hyekx4mulez6rdgwdmq7hn72rad[.]onion
+bobsslp6f4w23r2g375l6ndbbz7i5uwg7i7j5idieeoqksuwm4wy57yd[.]onion
+diyacgq37d4mdev7jao4vjmpplejpx6srnvjspcg7yh4ffdjkiurekyd[.]onion
+2qepteituvpy42gggxxqaaeozppjagsu5xz2zdsbugt3425t2mbjvbad[.]onion
+r2yzxjp3hrsqjwbpvxsx4zn5ww4cbnt6gqkjkgqrry7634qi7aeqtvyd[.]onion
+t7f46q5mj2i7vatj6oij3s4pzr2glxozqzntnq7hab2unh5ph5iniaad[.]onion
+vmpzn64y2jg3dtvlg3sdqwngciiqbb53quiw52fjldjrkml5cux4kzad[.]onion
+3h7yxuyj6bfgpys63z7gleu6xc3gedgsvzqb2onayv4nvide3cja2vid[.]onion
+4sqi3axlh5bxk3jnh76ohvn3nnwekrubdpygznzeqsji7v66secvhgid[.]onion
+6yhfokwes7hcjnp7bgzlto5umqcoir7bqfxojd7rsrbnb4cad2uf3dad[.]onion
+acis2advyp7ougpe46o64vqwu7qheko3sphytcwsvoyrkysq2r2bt3yd[.]onion
+brnrnawg7yv5ot7qc76fqpju6e34dy4z6rbrw3phax6uoyes4vr7sgad[.]onion
+unbagbew3rjfng5xtyxtp4oyopcopqwmhargs4m5qz47joisgfyv7wqd[.]onion
+xyer2q73qwhc2csqbfzf7w4vv4r6555qhyn6ofm56iwzvkgidxv6coqd[.]onion
+jbadd74iobimuuuvsgm5xdshpzk4vxuh35egd7c3ivll3wj5lc6tjxqd[.]onion

CoinHelper/samples.md5

@@ -0,0 +1,9 @@
+14ed4e48eb21324df282179510880d0a
+1d72633024a903e2c032c940de973549
+43141e85e7c36e31b52b22ab94d5e574
+b067e6a02fe417086c69e60e066fdfd7
+c1512c6c7b9fa52c7621d2559ca76086
+1707ec4b99f87d3ec9f4b405f70493f5
+e819e2f372cc1f87fe0273e8ccafdea1
+3cb1de93748a97855050af88dc34105f
+129caf6d5088e8d0137d7453107a631b

CoinHelper/samples.sha1

@@ -0,0 +1,9 @@
+737f320a4f3336d2faf30e600bd7b192b40e6163
+9fa6d79c49ccc3d77346fe72539d7eb4bc4fbc03
+cfd7079a9b268d84b856dc668edbb9ab9ef35312
+3bc7d1ec32692f6b9cdeb0f427721119d92a48c6
+6e8e3ef755de950405d426982f71b4fc26289c19
+a396ccbfa2b3fdd563f70e83ca220dd792734cea
+809b07153a0f586fd137248697ca4bcb0b13da4d
+733c7e8f1f78b26abaed63de4318056f148423b7
+c6e59f733050910d66d6ed03bf78e4f3e25fb661

CoinHelper/samples.sha256

@@ -0,0 +1,9 @@
+83a64c598d9a10f3a19eabed41e58f0be407ecbd19bb4c560796a10ec5fccdbf
+cc36bb34332e2bc505da46ca2f17206a8ae3e4f667d9bdfbc500a09e77bab09c
+ea308c76a2f927b160a143d94072b0dce232e04b751f0c6432a94e05164e716d
+126d8e9e03d7b656290f5f1db42ee776113061dbd308db79c302bc79a5f439d3
+7a3ad620b117b53faa19f395b9532d3db239a1d6b46432033cc0ef6a8d2377cd
+7387e57e5ecfdba01f0ad25eeb49abf52fa0b1c66db0b67e382d3b9c057f51a8
+ff5aa6390ed05c887cd2db588a54e6da94351eca6f43a181f1db1f9872242868
+6753d1a408e085e4b6243bfd5e8b44685e8930a81ec27795ccd61f8d54643c4e
+93dd8ef915ca39f2a016581d36c0361958d004760a32e9ee62ff5440d1eee494