Mirrors
/
ioc-collection
mirror of https://github.com/avast/ioc
6
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

WiryJMPer

This commit is contained in:
Adolf Středa 2019-09-12 09:34:02 +02:00
parent f752469d11
commit 45143ead12
5 changed files with 74 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
WiryJMPer/README.md Normal file
View File

@ -0,0 +1,34 @@
# IoC for WiryJMPer
Malware analysis and more technical information at <https://decoded.avast.io/adolfstreda/the-tangle-of-wiryjmper's-obfuscation/>
### Table of Contents
* [Samples (SHA-256)](#samples-sha-256)
* [Network indicators](#network-indicators)
## Samples (SHA-256)
```
f1963b44a9c887f02f6e9574aea863974be57a033600047b8e0911f9dbcb9914 - analyzed sample
7477159797a7f06e3c153662bfef624d056e64b552f455fe53e80f0afb0a1860 - ABBC Coin wallet
6daa1ff03fdbbb58b1f41d2f7dc550ee97fc5b957252b7f1703c81c50b3d406f - Netwire payload
```
### Other Samples
```
6e1cfde5278d03c6df204d845d165673df89cfd047f4eda97816ee351115a652
4b7bd8581b85bb33d4748aaeda6a3e5ec8f930751688ffb6854522411f3ad275
81740ad6a3f0e5c1698132524e0d4b23b4f4773761bca68fdaef33748ef299e3
880de7e64c0678a38ef6964b6ff2f48e426449426b58a516556285421c223374
125cf6b01deb86df16e0961021a57b28177b8efedc6bf4f617bef940cf4b9d74
04a92a7e171b583c40cee9d2760b20fa8324e45f3938f7d41f48065829103ebd
4a3d3e85d09074ed1e1de5e48c97c4e42fbcb3cfb44b213c0224ffb191dcd1c2
0631ace562e077814c7788b9fe10c865579a29cf180654658f30ab38387a13e3
d1457c238b99ca8904693551f92310acae561c68c20a8caafe3391d927d7618e
ea855c2b53419dcd81e677520d4e55d41cb5ce2933f550edd6520cce15da93fc
```
## Network indicators
### Netwire C&C servers
```
46.166.160[.]158
```

1
WiryJMPer/network.txt Normal file
View File

@ -0,0 +1 @@
46.166.160[.]158

13
WiryJMPer/samples.md5 Normal file
View File

@ -0,0 +1,13 @@
1a96da4105eade067080c87c267e4b50
1c9f7d44f9f95e87c03a2ed65408d179
2ecf19b079e061b14fd1ccb1bea1edb1
43a2d2d93896aa74d2187220c4cdf0ca
4b30330bf1cafa991ba2e7cf1f96f77d
502f0ad0332477f72821479453da1ab3
5cba5b80efbac028847a05cc9f83fed5
5d2567a78276edb74a2115e7f9355dfe
77ec579347955cfa32f219386337f5bb
99f079f1b69dd2b2fbca11322ebb1ea7
ca5d4dba40f82e5493628f0893e00862
da5d5fd9c9d47c212ef4aa13dbc8ff8d
e3137275d9ef204209418b297d10e10c

13
WiryJMPer/samples.sha1 Normal file
View File

@ -0,0 +1,13 @@
01241aca2fb179c83cf22997ce35b7451ac1f385
3839501aaef5c401f5e5e5eb54dcad30c37b62b6
39c28c1705cf5572872e8d16366f1c0f0a4e06b9
48dafdf33fb8a91aec8fcaaca5b53909b63cab1e
5eccf807ac98acd7dba73366a17e3d2f839f42b7
6b9f62c0703fde5c3ea90560e0a4da5c20ad2904
6da16c21f8d771a07b9e5066d31aa0f76b11e0ee
77226a5dd703264f7399cd9d8c91c1f2636252dc
a15b289dd0f1c779aef52e4f8f02f22949d8c39f
bb2a48d9bdc62d4d50f4b39421ba4eaabe68204e
c3b111e05bf75e3fd49e62b88f8cc7e94980282c
c9c08ac1675ab9b8cb11c54a0280e84d249f4211
d1a8a6c3e11471df3e54fa28ecd2a53db1c84cfc

13
WiryJMPer/samples.sha256 Normal file
View File

@ -0,0 +1,13 @@
04a92a7e171b583c40cee9d2760b20fa8324e45f3938f7d41f48065829103ebd
0631ace562e077814c7788b9fe10c865579a29cf180654658f30ab38387a13e3
125cf6b01deb86df16e0961021a57b28177b8efedc6bf4f617bef940cf4b9d74
4a3d3e85d09074ed1e1de5e48c97c4e42fbcb3cfb44b213c0224ffb191dcd1c2
4b7bd8581b85bb33d4748aaeda6a3e5ec8f930751688ffb6854522411f3ad275
6daa1ff03fdbbb58b1f41d2f7dc550ee97fc5b957252b7f1703c81c50b3d406f
6e1cfde5278d03c6df204d845d165673df89cfd047f4eda97816ee351115a652
7477159797a7f06e3c153662bfef624d056e64b552f455fe53e80f0afb0a1860
81740ad6a3f0e5c1698132524e0d4b23b4f4773761bca68fdaef33748ef299e3
880de7e64c0678a38ef6964b6ff2f48e426449426b58a516556285421c223374
d1457c238b99ca8904693551f92310acae561c68c20a8caafe3391d927d7618e
ea855c2b53419dcd81e677520d4e55d41cb5ce2933f550edd6520cce15da93fc
f1963b44a9c887f02f6e9574aea863974be57a033600047b8e0911f9dbcb9914