mirror of https://github.com/avast/ioc
8fc421bfa8
|
||
|---|---|---|
| .. | ||
| extras | ||
| README.md | ||
| network.txt | ||
| samples.csv | ||
| samples.md5 | ||
| samples.sha1 | ||
| samples.sha256 | ||
IoC for GuptiMiner
Malware analysis and more technical information at https://decoded.avast.io/janrubin/guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining/
Table of Contents
Samples (SHA-256)
GuptiMiner binary and related files
c3122448ae3b21ac2431d8fd523451ff25de7f6e399ff013d6fa6953a7998fa3
7a1554fe1c504786402d97edecc10c3aa12bd6b7b7b101cfc7a009ae88dd99c6
3515113E7127DC41FB34C447F35C143F1B33FD70913034742E44EE7A9DC5CC4C
e0dd8af1b70f47374b0714e3b368e20dbcfa45c6fe8f4a2e72314f4cd3ef16ee
de48abe380bd84b5dc940743ad6727d0372f602a8871a4a0ae2a53b15e1b1739
8e96d15864ec0cc6d3976d87e9e76e6eeccc23c551b22dcfacb60232773ec049
FF884D4C01FCCF08A916F1E7168080A2D740A62A774F18E64F377D23923B0297
294B73D38B89CE66CFDEFA04B1678EDF1B74A9B7F50343D9036A5D549ADE509A
6305d66aac77098107e3aa6d85af1c2e3fc2bb1f639e4a9da619c8409104c414
357009a70daacfc3379560286a134b89e1874ab930d84edb2d3ba418f7ad6a0b
364984e8d62eb42fd880755a296bd4a93cc071b9705c1f1b43e4c19dd84adc65
4dfd082eee771b7801b2ddcea9680457f76d4888c64bb0b45d4ea616f0a47f21
487624b44b43dacb45fd93d03e25c9f6d919eaa6f01e365bb71897a385919ddd
1c31d06cbdf961867ec788288b74bee0db7f07a75ae06d45d30355c0bc7b09fe
1fbc562b08637a111464ba182cd22b1286a185f7cfba143505b99b07313c97a4
07beca60c0a50520b8dbc0b8cc2d56614dd48fef0466f846a0a03afbfc42349d
f0ccfcb5d49d08e9e66b67bb3fedc476fdf5476a432306e78ddaaba4f8e3bbc4
8446d4fc1310b31238f9a610cd25ea832925a25e758b9a41eea66f998163bb34
74D7F1AF69FB706E87FF0116B8E4FA3A9B87275505E2EE7A32A8628A2D066549
af9f1331ac671d241bf62240aa52389059b4071a0635cb9cb58fa78ab942a33b
31dfba1b102bbf4092b25e63aae0f27386c480c10191c96c04295cb284f20878
b0f94d84888dffacbc10bd7f9983b2d681b55d7e932c2d952d47ee606058df54
f656a418fca7c4275f2441840faaeb70947e4f39d3826d6d2e50a3e7b8120e4e
7f1221c613b9de2da62da613b8b7c9afde2ea026fe6b88198a65c9485ded7b3d
C&Cs
_spf.microsoft[.]com
acmeautoleasing[.]net
b.guterman[.]net
breedbackfp[.]com
crl.microsoft[.]com
crl.peepzo[.]com
crl.sneakerhost[.]com
desmoinesreg[.]com
dl.sneakerhost[.]com
edgesync[.]net
espcomp[.]net
ext.microsoft[.]com
ext.peepzo[.]com
ext.sneakerhost[.]com
gesucht[.]net
globalsign.microsoft[.]com
icamper[.]net
m.airequipment[.]net
m.cbacontrols[.]com
m.gosoengine[.]com
m.guterman[.]net
m.indpendant[.]com
m.insomniaccinema[.]com
m.korkyt[.]net
m.satchmos[.]net
m.sifraco[.]com
ns.bretzger[.]net
ns.deannacraite[.]com
ns.desmoinesreg[.]com
ns.dreamsoles[.]com
ns.editaccess[.]com
ns.encontacto[.]net
ns.gravelmart[.]net
ns.gridsense[.]net
ns.jetmediauk[.]com
ns.kbdn[.]net
ns.lesagencestv[.]net
ns.penawarkanser[.]net
ns.srnmicro[.]net
ns.suechiLton[.]com
ns.trafomo[.]com
ns1.earthscienceclass[.]com
ns1.peepzo[.]com
ns1.securtelecom[.]com
ns1.sneakerhost[.]com
p.bramco[.]net
p.hashvault[.]pro
r.sifraco[.]com
spf.microsoft[.]com
widgeonhill[.]com
www.bascap[.]net
Mutexes
ESOCESS_
Global\Fri Aug 13 02:17:49 2021
Global\Fri Aug 13 02:22:55 2021
Global\Mon Apr 19 06:03:17 2021
Global\Mon Apr 24 07:19:54 2023
Global\Mon Feb 27 08:11:25 2023
Global\Mon Jun 14 03:22:57 2021
Global\Mon Mar 13 07:29:11 2023
Global\Mon Mar 22 09:16:00 2021
Global\Sun Jun 13 08:22:07 2021
Global\Thu Aug 10 03:25:11 2023
Global\Thu Aug 12 02:07:58 2021
Global\Thu Feb 23 08:37:09 2023
Global\Thu Mar 25 02:03:14 2021
Global\Thu Mar 25 09:31:19 2021
Global\Thu Nov 2 08:21:56 2023
Global\Thu Nov 9 06:19:40 2023
Global\Tue Apr 25 08:32:05 2023
Global\Tue Mar 23 02:37:32 2021
Global\Tue Oct 10 08:07:11 2023
Global\Wed Aug 11 09:16:37 2021
Global\Wed Jan 5 09:15:56 2022
Global\Wed Jun 2 09:43:03 2021
Global\Wed Mar 1 01:29:48 2023
Global\Wed Mar 23 08:56:01 2022
Global\Wed Mar 23 09:06:36 2022
Global\Wed May 10 06:38:46 2023
Global1
GlobalMIVOD_V4
GMCM1
MIVOD_6
MTX_EX01
Mutex_ONLY_ME_V1
Mutex_ONLY_ME_V2
Mutex_ONLY_ME_V3
PROCESS_
SLDV014
SLDV02
SLDV024
SLDV04
SLDV10
SLDV11
SLDV13
SLDV15
SLDV17
SLDV22
SLDV26
PDBs
E:\projects\projects\RunCompressedSC\x64\Release\RunCompressedSC.pdb
E:\Projects\putty-src\windows\VS2012\x64\Release\plink.pdb
F:\CODE-20221019\Projects\RunCompressedSC\x64\Release\RunCompressedSC.pdb
F:\Pro\MainWork\Release\MainWork.pdb
F:\Pro\MainWork\x64\Release\MainWork.pdb
F:\Projects\2020-NEW\20200307-NEW\MainWork-VS2017-IPHLPAPI\Release\MainWork.pdb
F:\Projects\2020-NEW\20200307-NEW\MainWork-VS2017-IPHLPAPI\x64\Release\MainWork.pdb
F:\Projects\2020-NEW\20200307-NEW\MainWork-VS2017-nvhelper\Release\MainWork.pdb
F:\Projects\2020-NEW\20200307-NEW\MainWork-VS2017-nvhelper\x64\Release\MainWork.pdb
F:\Projects\RunCompressedSC\x64\Release\RunCompressedSC.pdb
F:\V202102\MainWork-VS2017 – Monitor\Release\MainWork.pdb
F:\V202102\MainWork-VS2017 – Monitor\x64\Release\MainWork.pdb
H:\projects\MainWork\Release\MainWork.pdb