mirror of https://github.com/avast/ioc
MpIncident: init IoCs
This commit is contained in:
parent
918203d337
commit
a61e7d5546
|
@ -0,0 +1,50 @@
|
|||
# IoC from Backdoored Client from Mongolian CA MonPass
|
||||
|
||||
Malware analysis and more technical information at <https://decoded.avast.io/luigicamastra/backdoored-client-from-mongolian-ca-monpass/>
|
||||
|
||||
|
||||
### Table of Contents
|
||||
* [Samples (SHA-256)](#samples-sha-256)
|
||||
* [Network indicators](#network-indicators)
|
||||
|
||||
## Samples (SHA-256)
|
||||
```
|
||||
4A43FA8A3305C2A17F6A383FB68F02515F589BA112C6E95F570CE421CC690910
|
||||
hxxps://jquery-code.ml/Download/Browser_Plugin.exe
|
||||
hxxp://micsoftin.us:2086/dow/83.bmp
|
||||
hxxp://37.61.205.212:8880/dow/Aili.pdf
|
||||
|
||||
e2596f015378234d9308549f08bcdca8eadbf69e488355cddc9c2425f77b7535
|
||||
379d5eef082825d71f199ab8b9b6107c764b7d77cf04c2af1adee67b356b5c7a
|
||||
a7e9e2bec3ad283a9a0b130034e822c8b6dfd26dda855f883a3a4ff785514f97
|
||||
-hxxp://download.google-images.ml:8880/download/x37.bmp
|
||||
|
||||
f21a9c69bfca6f0633ba1e669e5cf86bd8fc55b2529cd9b064ff9e2e129525e8
|
||||
-hxxp://download.google-images.ml:8880/downloa/37.bmp
|
||||
-hxxp://37.61.205.212:8880/download/Browers_plugin.exe
|
||||
|
||||
28e050d086e7d055764213ab95104a0e7319732c041f947207229ec7dfcd72c8
|
||||
-hxxp://download.google-images.ml:8880/downloa/37.bmp
|
||||
|
||||
5cebdb91c7fc3abac1248deea6ed6b87fde621d0d407923de7e1365ce13d6dbe
|
||||
-hxxp://micsoftin.us:2086/dow/83.bmp
|
||||
|
||||
456b69628caa3edf828f4ba987223812cbe5bbf91e6bbf167e21bef25de7c9d2
|
||||
-hxxp://download.google-images.ml:8880/download/DNSs.bat
|
||||
|
||||
9834945a07cf20a0be1d70a8f7c2aa8a90e625fa86e744e539b5fe3676ef14a9
|
||||
-hxxp://download.google-images.ml:8880/download/DNSs.bat
|
||||
-hxxp://download.google-images.ml:8880/download/x37.bmp
|
||||
```
|
||||
|
||||
## Network indicators
|
||||
### C&C servers
|
||||
```
|
||||
37.61.205[.]212
|
||||
micsoftin[.]us
|
||||
jquery-code[.]ml
|
||||
download.google-images[.]ml
|
||||
dev.google-dev[.]ml
|
||||
internet.google-dev[.]ml
|
||||
jquery.google-dev[.]ml
|
||||
```
|
|
@ -0,0 +1,9 @@
|
|||
0dca25cb980e13b125c2490e63ffdd86
|
||||
2a61b97914cfb6810e37ebebb440e943
|
||||
41dc7763def09be7f2e8a4dbc9922434
|
||||
738f46546f6d4a79e2d917b26bf8a93a
|
||||
6136add51eda5b198b6d36dc0c693e20
|
||||
0fab8fa2ef340a93f0b062d575ade5b7
|
||||
a241ff3d86925a4a12916b401536b019
|
||||
e451a8a028da21cf0faa97881f226dfc
|
||||
abcd461bdb6a6537b7a36848a87b5ea6
|
|
@ -0,0 +1,9 @@
|
|||
74995058f9e7fa6951821c0568fdaf168cace179
|
||||
6fb68fcbc578b4eda978b463345d2919eed70020
|
||||
ff703024e0b59fe20495d6b9f568bedddc8b12e1
|
||||
834e80f6fa9935fd3184c25e4e37b0a068a773ee
|
||||
fc33ae4120496b81fbad82b14821ea996ce46ce7
|
||||
7c425c48861e39f2613ff72199f711e761165054
|
||||
d28eacb1b4d2e9ef54f7dff09ca03a6866fc9184
|
||||
3880ee01f2fc37dcae2c840799c7a8a71f31a0ed
|
||||
e99d5a620a488133f4da24e1f8d2d5e68542b6f3
|
|
@ -0,0 +1,9 @@
|
|||
F21A9C69BFCA6F0633BA1E669E5CF86BD8FC55B2529CD9B064FF9E2E129525E8
|
||||
A7E9E2BEC3AD283A9A0B130034E822C8B6DFD26DDA855F883A3A4FF785514F97
|
||||
5CEBDB91C7FC3ABAC1248DEEA6ED6B87FDE621D0D407923DE7E1365CE13D6DBE
|
||||
9834945A07CF20A0BE1D70A8F7C2AA8A90E625FA86E744E539B5FE3676EF14A9
|
||||
456B69628CAA3EDF828F4BA987223812CBE5BBF91E6BBF167E21BEF25DE7C9D2
|
||||
28E050D086E7D055764213AB95104A0E7319732C041F947207229EC7DFCD72C8
|
||||
4A43FA8A3305C2A17F6A383FB68F02515F589BA112C6E95F570CE421CC690910
|
||||
E2596F015378234D9308549F08BCDCA8EADBF69E488355CDDC9C2425F77B7535
|
||||
379D5EEF082825D71F199AB8B9B6107C764B7D77CF04C2AF1ADEE67B356B5C7A
|
Loading…
Reference in New Issue