Added IoC for Parrot TDS

2022-04-06 11:44:17 +02:00 · 2022-04-06 11:44:17 +02:00 · 46420fbe85
parent 8c4e1ffbfb
commit 46420fbe85
2 changed files with 30 additions and 3 deletions
--- a/ParrotTDS/README.md
+++ b/ParrotTDS/README.md
@ -1,2 +1,23 @@
-# ParrotTDS_IoC
-This repository contains IoCs of the Parrot TDS
+# IoC for ParrotTDS and related SocGholish campaign
+
+Analysis is available at https://decoded.avast.io/janrubin/parrot-tds-takes-over-web-servers-and-threatens-millions/.
+
+## Samples (SHA-256)
+#### Binary and related files
+##### Parrot TDS
+```
+e22e88c8ec0f439eebbb6387eeea0d332f57c137ae85cf1d8d1bb4c7ea8bd2f2 - Proxied version JavaScript
+daabdec3d5a43bb1c0340451be466d9f90eaa0cfac92fb6beaabc59452c473c3 - Direct version JavaScript
+b63260c1f213c02fcbb5c1a069ab2f1d17031e598fd19673bb639aa7557a9bae - Webshell
+```
+##### FakeUpdate
+```
+0046fad95da901f398f800ece8af479573a08ebf8db9529851172ead01648faa - FakeUpdate JavaScript
+15afd9eb66450b440d154e98ed82971f1b968323ff11b839b046ae4bec60f855 - FakeUpdate appearance JavaScript
+```
+##### NetSupport RAT
+```
+b6b51f4273420c24ea7dc13ef4cc7615262ccbdf6f5e5a49dae604ec153055ad - NetSupport Client
+8ad9c598c1fde52dd2bfced5f953ca0d013b0c65feb5ded73585cfc420c95a95 - NetSupport Client
+4fffa055d56e48fa0c469a54e2ebd857f23eca73a9928805b6a29a9483dffc21 - NetSupport Config
+```
--- a/ParrotTDS/network.txt
+++ b/ParrotTDS/network.txt
@ -43,4 +43,10 @@ hill-family[.]us
 194.180.158[.]173
 87.120.8[.]141
 15.76.172[.]110
-45.76.172[.]113
+45.76.172[.]113
+5.180.136[.]119
+94.158.247[.]84
+94.158.245[.]113
+94.158.247[.]100
+154.38.242[.]14
+199.247.3[.]55