mirror of
https://github.com/avast/ioc
synced 2024-06-16 03:48:39 +00:00
Added IoC for Parrot TDS
This commit is contained in:
parent
8c4e1ffbfb
commit
46420fbe85
@ -1,2 +1,23 @@
|
|||||||
# ParrotTDS_IoC
|
# IoC for ParrotTDS and related SocGholish campaign
|
||||||
This repository contains IoCs of the Parrot TDS
|
|
||||||
|
Analysis is available at https://decoded.avast.io/janrubin/parrot-tds-takes-over-web-servers-and-threatens-millions/.
|
||||||
|
|
||||||
|
## Samples (SHA-256)
|
||||||
|
#### Binary and related files
|
||||||
|
##### Parrot TDS
|
||||||
|
```
|
||||||
|
e22e88c8ec0f439eebbb6387eeea0d332f57c137ae85cf1d8d1bb4c7ea8bd2f2 - Proxied version JavaScript
|
||||||
|
daabdec3d5a43bb1c0340451be466d9f90eaa0cfac92fb6beaabc59452c473c3 - Direct version JavaScript
|
||||||
|
b63260c1f213c02fcbb5c1a069ab2f1d17031e598fd19673bb639aa7557a9bae - Webshell
|
||||||
|
```
|
||||||
|
##### FakeUpdate
|
||||||
|
```
|
||||||
|
0046fad95da901f398f800ece8af479573a08ebf8db9529851172ead01648faa - FakeUpdate JavaScript
|
||||||
|
15afd9eb66450b440d154e98ed82971f1b968323ff11b839b046ae4bec60f855 - FakeUpdate appearance JavaScript
|
||||||
|
```
|
||||||
|
##### NetSupport RAT
|
||||||
|
```
|
||||||
|
b6b51f4273420c24ea7dc13ef4cc7615262ccbdf6f5e5a49dae604ec153055ad - NetSupport Client
|
||||||
|
8ad9c598c1fde52dd2bfced5f953ca0d013b0c65feb5ded73585cfc420c95a95 - NetSupport Client
|
||||||
|
4fffa055d56e48fa0c469a54e2ebd857f23eca73a9928805b6a29a9483dffc21 - NetSupport Config
|
||||||
|
```
|
||||||
|
@ -43,4 +43,10 @@ hill-family[.]us
|
|||||||
194.180.158[.]173
|
194.180.158[.]173
|
||||||
87.120.8[.]141
|
87.120.8[.]141
|
||||||
15.76.172[.]110
|
15.76.172[.]110
|
||||||
45.76.172[.]113
|
45.76.172[.]113
|
||||||
|
5.180.136[.]119
|
||||||
|
94.158.247[.]84
|
||||||
|
94.158.245[.]113
|
||||||
|
94.158.247[.]100
|
||||||
|
154.38.242[.]14
|
||||||
|
199.247.3[.]55
|
||||||
|
Loading…
Reference in New Issue
Block a user