Mirrors
/
ioc-collection
mirror of https://github.com/avast/ioc
6
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add files via upload

This commit is contained in:
avast-ti 2022-06-02 10:55:12 +02:00 committed by GitHub
parent c0d31d6c24
commit 620551c0d6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 58 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
SMSFactory/README.md Normal file
View File

@ -0,0 +1,39 @@
# IOC for SMSFactory
## Android
SMSFactory has a few versions, each with numerous samples that are nearly identical in their malicious features.
The IOCs include several samples from each version as well as C2 servers used to deliver commands.
### Most recent version with SMS and call features
SHA256 Package name
453df13d0a713ceaaf4790d7d08475a5f770e0ddf3b99c7355e99ff1819f5e83 com.older.appearedbringing
5e0b625abb4125ffeb1ec375f36ad22d8f4699bb411067434b3a71688959e495 xyz.toe.punishmentdemo
315aa2102b04fef28347788c8e32b6b45c0fd395106f6415f8d08db368c85053 xyz.milfs.ebonyignored
adea95a9b678220b6a5c54d54c3043f20c26ed9cbcc4ce304f2a737a98e7d1b4 com.introducing.incestpointer
26d527ffdbe35c1a3cac05a490bca36d3eae13a897648ee7ff81e0c412ce5a54 net.apart.behavioralrefinance
a01808e5b4d57f31bd17b1d8a2422d23d52f618e3284732449f7d22139d0eb36 xyz.bachelor.desktopscooking
### Version with conditions and admin access
SHA256 Package name
a57fdb5f8845022cbcb33e62bfe8fc8757391b64fbfb6be87eb7e71e92c538f5 way.heaven.cringe.stop
5e13ba4cd22e59f9dec180a050865348f8c64147527f5d52a6f467e51201a29a mueres.vives.elige.wise
befbb3ab3711a991903a0cdac8d9f3782bc460c75fece4d9e8b01aba7394acd7 panama.tony.exit.roma
58557cbb1cffa5f50bd2f70e205edca5f2b037bda0e99a2dfe3b1035cc0ff497 scope.submarine.maza.zoo
a9c24f54503c58b73bffa20bd4fb77bd424e01d3014a949a41de638f6841a45f casius.klay.tropa.roop
a0d0ded55f9bf2d286c5eac230b998a5e4ec6bbd894ff2dd0da97fd1079b4a92 period.inform.crash.troupe
### Older game hack version with an icon
SHA256 Package name
d7a6f57c30e04623b105fc83c0b8e85787e327accd0bf691af3b1da655f1d160 com.fortnite
0e278d7faf8dd97689297435f08bb5561c36151b4a3ef2c3ab0d024165170091 com.enlighten.lastlight.hack
ff2a35970052a0d66802d543260f4eafc8ceac4ea0d3a709a1859b0f5914bef9 net.peakgames.amy.hack
06d1759e8b4cdce0bc2faa5f4678d83d64887570dd0dd6a04b596052ab2c7edd com.outfit7.mytalkingtomfree.hack
13f6322973ce58a0e20607e6167f3fb7925c494cdd627bdabdc2d78f87f3c38a com.pockettrend.neomonsters.hack
07fb68ae79c38a3a17222e7fa67bcb5e0bee5a8fe46e4a6b5caaf16135241f45 com.gamefirst.chibisurvivorlord.hack
### C2
sms.service.mobilelinks[.]xyz
krinterro[.]com
phone.relario[.]xyz
sms.relario[.]xyz

19
SMSFactory/SMSFactory IOC.csv Normal file
View File

@ -0,0 +1,19 @@
SHA256,Package name
453df13d0a713ceaaf4790d7d08475a5f770e0ddf3b99c7355e99ff1819f5e83,com.older.appearedbringing
5e0b625abb4125ffeb1ec375f36ad22d8f4699bb411067434b3a71688959e495,xyz.toe.punishmentdemo
315aa2102b04fef28347788c8e32b6b45c0fd395106f6415f8d08db368c85053,xyz.milfs.ebonyignored
adea95a9b678220b6a5c54d54c3043f20c26ed9cbcc4ce304f2a737a98e7d1b4,com.introducing.incestpointer
26d527ffdbe35c1a3cac05a490bca36d3eae13a897648ee7ff81e0c412ce5a54,net.apart.behavioralrefinance
a01808e5b4d57f31bd17b1d8a2422d23d52f618e3284732449f7d22139d0eb36,xyz.bachelor.desktopscooking
a57fdb5f8845022cbcb33e62bfe8fc8757391b64fbfb6be87eb7e71e92c538f5,way.heaven.cringe.stop
5e13ba4cd22e59f9dec180a050865348f8c64147527f5d52a6f467e51201a29a,mueres.vives.elige.wise
befbb3ab3711a991903a0cdac8d9f3782bc460c75fece4d9e8b01aba7394acd7,panama.tony.exit.roma
58557cbb1cffa5f50bd2f70e205edca5f2b037bda0e99a2dfe3b1035cc0ff497,scope.submarine.maza.zoo
a9c24f54503c58b73bffa20bd4fb77bd424e01d3014a949a41de638f6841a45f,casius.klay.tropa.roop
a0d0ded55f9bf2d286c5eac230b998a5e4ec6bbd894ff2dd0da97fd1079b4a92,period.inform.crash.troupe
d7a6f57c30e04623b105fc83c0b8e85787e327accd0bf691af3b1da655f1d160,com.fortnite
0e278d7faf8dd97689297435f08bb5561c36151b4a3ef2c3ab0d024165170091,com.enlighten.lastlight.hack
ff2a35970052a0d66802d543260f4eafc8ceac4ea0d3a709a1859b0f5914bef9,net.peakgames.amy.hack
06d1759e8b4cdce0bc2faa5f4678d83d64887570dd0dd6a04b596052ab2c7edd,com.outfit7.mytalkingtomfree.hack
13f6322973ce58a0e20607e6167f3fb7925c494cdd627bdabdc2d78f87f3c38a,com.pockettrend.neomonsters.hack
07fb68ae79c38a3a17222e7fa67bcb5e0bee5a8fe46e4a6b5caaf16135241f45,com.gamefirst.chibisurvivorlord.hack
1 SHA256 Package name
2 453df13d0a713ceaaf4790d7d08475a5f770e0ddf3b99c7355e99ff1819f5e83 com.older.appearedbringing
3 5e0b625abb4125ffeb1ec375f36ad22d8f4699bb411067434b3a71688959e495 xyz.toe.punishmentdemo
4 315aa2102b04fef28347788c8e32b6b45c0fd395106f6415f8d08db368c85053 xyz.milfs.ebonyignored
5 adea95a9b678220b6a5c54d54c3043f20c26ed9cbcc4ce304f2a737a98e7d1b4 com.introducing.incestpointer
6 26d527ffdbe35c1a3cac05a490bca36d3eae13a897648ee7ff81e0c412ce5a54 net.apart.behavioralrefinance
7 a01808e5b4d57f31bd17b1d8a2422d23d52f618e3284732449f7d22139d0eb36 xyz.bachelor.desktopscooking
8 a57fdb5f8845022cbcb33e62bfe8fc8757391b64fbfb6be87eb7e71e92c538f5 way.heaven.cringe.stop
9 5e13ba4cd22e59f9dec180a050865348f8c64147527f5d52a6f467e51201a29a mueres.vives.elige.wise
10 befbb3ab3711a991903a0cdac8d9f3782bc460c75fece4d9e8b01aba7394acd7 panama.tony.exit.roma
11 58557cbb1cffa5f50bd2f70e205edca5f2b037bda0e99a2dfe3b1035cc0ff497 scope.submarine.maza.zoo
12 a9c24f54503c58b73bffa20bd4fb77bd424e01d3014a949a41de638f6841a45f casius.klay.tropa.roop
13 a0d0ded55f9bf2d286c5eac230b998a5e4ec6bbd894ff2dd0da97fd1079b4a92 period.inform.crash.troupe
14 d7a6f57c30e04623b105fc83c0b8e85787e327accd0bf691af3b1da655f1d160 com.fortnite
15 0e278d7faf8dd97689297435f08bb5561c36151b4a3ef2c3ab0d024165170091 com.enlighten.lastlight.hack
16 ff2a35970052a0d66802d543260f4eafc8ceac4ea0d3a709a1859b0f5914bef9 net.peakgames.amy.hack
17 06d1759e8b4cdce0bc2faa5f4678d83d64887570dd0dd6a04b596052ab2c7edd com.outfit7.mytalkingtomfree.hack
18 13f6322973ce58a0e20607e6167f3fb7925c494cdd627bdabdc2d78f87f3c38a com.pockettrend.neomonsters.hack
19 07fb68ae79c38a3a17222e7fa67bcb5e0bee5a8fe46e4a6b5caaf16135241f45 com.gamefirst.chibisurvivorlord.hack

BIN
SMSFactory/SMSFactory IOC.pdf Normal file
View File

Binary file not shown.