From 45143ead1294ad4957e6888fc2877308587fa17a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adolf=20St=C5=99eda?= Date: Thu, 12 Sep 2019 09:34:02 +0200 Subject: [PATCH] WiryJMPer --- WiryJMPer/README.md | 34 ++++++++++++++++++++++++++++++++++ WiryJMPer/network.txt | 1 + WiryJMPer/samples.md5 | 13 +++++++++++++ WiryJMPer/samples.sha1 | 13 +++++++++++++ WiryJMPer/samples.sha256 | 13 +++++++++++++ 5 files changed, 74 insertions(+) create mode 100644 WiryJMPer/README.md create mode 100644 WiryJMPer/network.txt create mode 100644 WiryJMPer/samples.md5 create mode 100644 WiryJMPer/samples.sha1 create mode 100644 WiryJMPer/samples.sha256 diff --git a/WiryJMPer/README.md b/WiryJMPer/README.md new file mode 100644 index 0000000..e27fcdb --- /dev/null +++ b/WiryJMPer/README.md @@ -0,0 +1,34 @@ +# IoC for WiryJMPer + +Malware analysis and more technical information at + + +### Table of Contents +* [Samples (SHA-256)](#samples-sha-256) +* [Network indicators](#network-indicators) + +## Samples (SHA-256) +``` +f1963b44a9c887f02f6e9574aea863974be57a033600047b8e0911f9dbcb9914 - analyzed sample +7477159797a7f06e3c153662bfef624d056e64b552f455fe53e80f0afb0a1860 - ABBC Coin wallet +6daa1ff03fdbbb58b1f41d2f7dc550ee97fc5b957252b7f1703c81c50b3d406f - Netwire payload +``` +### Other Samples +``` +6e1cfde5278d03c6df204d845d165673df89cfd047f4eda97816ee351115a652 +4b7bd8581b85bb33d4748aaeda6a3e5ec8f930751688ffb6854522411f3ad275 +81740ad6a3f0e5c1698132524e0d4b23b4f4773761bca68fdaef33748ef299e3 +880de7e64c0678a38ef6964b6ff2f48e426449426b58a516556285421c223374 +125cf6b01deb86df16e0961021a57b28177b8efedc6bf4f617bef940cf4b9d74 +04a92a7e171b583c40cee9d2760b20fa8324e45f3938f7d41f48065829103ebd +4a3d3e85d09074ed1e1de5e48c97c4e42fbcb3cfb44b213c0224ffb191dcd1c2 +0631ace562e077814c7788b9fe10c865579a29cf180654658f30ab38387a13e3 +d1457c238b99ca8904693551f92310acae561c68c20a8caafe3391d927d7618e +ea855c2b53419dcd81e677520d4e55d41cb5ce2933f550edd6520cce15da93fc +``` + +## Network indicators +### Netwire C&C servers +``` +46.166.160[.]158 +``` diff --git a/WiryJMPer/network.txt b/WiryJMPer/network.txt new file mode 100644 index 0000000..1e1b12b --- /dev/null +++ b/WiryJMPer/network.txt @@ -0,0 +1 @@ +46.166.160[.]158 diff --git a/WiryJMPer/samples.md5 b/WiryJMPer/samples.md5 new file mode 100644 index 0000000..8bbc871 --- /dev/null +++ b/WiryJMPer/samples.md5 @@ -0,0 +1,13 @@ +1a96da4105eade067080c87c267e4b50 +1c9f7d44f9f95e87c03a2ed65408d179 +2ecf19b079e061b14fd1ccb1bea1edb1 +43a2d2d93896aa74d2187220c4cdf0ca +4b30330bf1cafa991ba2e7cf1f96f77d +502f0ad0332477f72821479453da1ab3 +5cba5b80efbac028847a05cc9f83fed5 +5d2567a78276edb74a2115e7f9355dfe +77ec579347955cfa32f219386337f5bb +99f079f1b69dd2b2fbca11322ebb1ea7 +ca5d4dba40f82e5493628f0893e00862 +da5d5fd9c9d47c212ef4aa13dbc8ff8d +e3137275d9ef204209418b297d10e10c diff --git a/WiryJMPer/samples.sha1 b/WiryJMPer/samples.sha1 new file mode 100644 index 0000000..171aef7 --- /dev/null +++ b/WiryJMPer/samples.sha1 @@ -0,0 +1,13 @@ +01241aca2fb179c83cf22997ce35b7451ac1f385 +3839501aaef5c401f5e5e5eb54dcad30c37b62b6 +39c28c1705cf5572872e8d16366f1c0f0a4e06b9 +48dafdf33fb8a91aec8fcaaca5b53909b63cab1e +5eccf807ac98acd7dba73366a17e3d2f839f42b7 +6b9f62c0703fde5c3ea90560e0a4da5c20ad2904 +6da16c21f8d771a07b9e5066d31aa0f76b11e0ee +77226a5dd703264f7399cd9d8c91c1f2636252dc +a15b289dd0f1c779aef52e4f8f02f22949d8c39f +bb2a48d9bdc62d4d50f4b39421ba4eaabe68204e +c3b111e05bf75e3fd49e62b88f8cc7e94980282c +c9c08ac1675ab9b8cb11c54a0280e84d249f4211 +d1a8a6c3e11471df3e54fa28ecd2a53db1c84cfc diff --git a/WiryJMPer/samples.sha256 b/WiryJMPer/samples.sha256 new file mode 100644 index 0000000..28f1463 --- /dev/null +++ b/WiryJMPer/samples.sha256 @@ -0,0 +1,13 @@ +04a92a7e171b583c40cee9d2760b20fa8324e45f3938f7d41f48065829103ebd +0631ace562e077814c7788b9fe10c865579a29cf180654658f30ab38387a13e3 +125cf6b01deb86df16e0961021a57b28177b8efedc6bf4f617bef940cf4b9d74 +4a3d3e85d09074ed1e1de5e48c97c4e42fbcb3cfb44b213c0224ffb191dcd1c2 +4b7bd8581b85bb33d4748aaeda6a3e5ec8f930751688ffb6854522411f3ad275 +6daa1ff03fdbbb58b1f41d2f7dc550ee97fc5b957252b7f1703c81c50b3d406f +6e1cfde5278d03c6df204d845d165673df89cfd047f4eda97816ee351115a652 +7477159797a7f06e3c153662bfef624d056e64b552f455fe53e80f0afb0a1860 +81740ad6a3f0e5c1698132524e0d4b23b4f4773761bca68fdaef33748ef299e3 +880de7e64c0678a38ef6964b6ff2f48e426449426b58a516556285421c223374 +d1457c238b99ca8904693551f92310acae561c68c20a8caafe3391d927d7618e +ea855c2b53419dcd81e677520d4e55d41cb5ce2933f550edd6520cce15da93fc +f1963b44a9c887f02f6e9574aea863974be57a033600047b8e0911f9dbcb9914