mirror of https://github.com/avast/ioc
Added IoC for Parrot TDS
This commit is contained in:
parent
8c4e1ffbfb
commit
46420fbe85
|
@ -1,2 +1,23 @@
|
|||
# ParrotTDS_IoC
|
||||
This repository contains IoCs of the Parrot TDS
|
||||
# IoC for ParrotTDS and related SocGholish campaign
|
||||
|
||||
Analysis is available at https://decoded.avast.io/janrubin/parrot-tds-takes-over-web-servers-and-threatens-millions/.
|
||||
|
||||
## Samples (SHA-256)
|
||||
#### Binary and related files
|
||||
##### Parrot TDS
|
||||
```
|
||||
e22e88c8ec0f439eebbb6387eeea0d332f57c137ae85cf1d8d1bb4c7ea8bd2f2 - Proxied version JavaScript
|
||||
daabdec3d5a43bb1c0340451be466d9f90eaa0cfac92fb6beaabc59452c473c3 - Direct version JavaScript
|
||||
b63260c1f213c02fcbb5c1a069ab2f1d17031e598fd19673bb639aa7557a9bae - Webshell
|
||||
```
|
||||
##### FakeUpdate
|
||||
```
|
||||
0046fad95da901f398f800ece8af479573a08ebf8db9529851172ead01648faa - FakeUpdate JavaScript
|
||||
15afd9eb66450b440d154e98ed82971f1b968323ff11b839b046ae4bec60f855 - FakeUpdate appearance JavaScript
|
||||
```
|
||||
##### NetSupport RAT
|
||||
```
|
||||
b6b51f4273420c24ea7dc13ef4cc7615262ccbdf6f5e5a49dae604ec153055ad - NetSupport Client
|
||||
8ad9c598c1fde52dd2bfced5f953ca0d013b0c65feb5ded73585cfc420c95a95 - NetSupport Client
|
||||
4fffa055d56e48fa0c469a54e2ebd857f23eca73a9928805b6a29a9483dffc21 - NetSupport Config
|
||||
```
|
||||
|
|
|
@ -43,4 +43,10 @@ hill-family[.]us
|
|||
194.180.158[.]173
|
||||
87.120.8[.]141
|
||||
15.76.172[.]110
|
||||
45.76.172[.]113
|
||||
45.76.172[.]113
|
||||
5.180.136[.]119
|
||||
94.158.247[.]84
|
||||
94.158.245[.]113
|
||||
94.158.247[.]100
|
||||
154.38.242[.]14
|
||||
199.247.3[.]55
|
||||
|
|
Loading…
Reference in New Issue