Mirrors
/
ioc-collection
mirror of https://github.com/avast/ioc
6
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
ioc-collection/LuckyMouse
History
LuiginoCamastra f591ae22e9 LuckyMouse/README.md:fixed link 2020-12-09 14:46:25 +01:00
..
README.md LuckyMouse/README.md:fixed link 2020-12-09 14:46:25 +01:00
samples.md5 LuckyMouse: Added IoC files 2020-12-09 10:39:50 +01:00
samples.sha1 LuckyMouse: Added IoC files 2020-12-09 10:39:50 +01:00
samples.sha256 LuckyMouse: Added IoC files 2020-12-09 10:39:50 +01:00

README.md

IoC for LuckyMouse

Malware analysis and more technical information at https://decoded.avast.io/luigicamastra/apt-group-targeting-governmental-agencies-in-east-asia/

Table of Contents

Samples (SHA-256)

Backdoor PolPo

1EC731E955957FD06C42692BAE06C2EC13A39FE206ED65A5F145AE26D561C6BC
0F9657438FD7A3917B1A9E4026D5B2D9C92184582270657FEBE67BEC73D88DA6
FAB3A7E9708F750156BFA42DC5B8CF94FB24299AAF57B27023CD447A3D654EAD
C76FF6352464CF4C1A548273EAF7D1F5C29F459F9A1762D07264CBD059ED0701

Bacdkoor LuckyBack

119C220303D57C7D7FC14CD971411FCFC2B09258CCB8C1495DE0B33B02342541
7807C0177CF37BCE6E38EF534F804935F505A24D735BAA53A18E2DA766EC136B
6A2083FE6A1046FC108D09656D8A062500BFB9F5475F969A8C586699E0D5363A

Backdoor BlueTraveller

0791D3496C966858FBDE1C98D189D53BBF478F7CC2A3A3F3876EB56F42F0F36F
B2B744525989FB2AD99ED2652351FCA150589C5F3DECAF8E69F6ABCD325F88B5 (dropper)

RAT HyperBro

2D2EA3002C367684F21AD08BDC9B5079EBDEE08B6356AC5694EFA139D4C6E60D

RAT Korplug

F2343499E127CB3DF917AE139D1A300233EBE8D83C43D41FC925640B47CCBBA4 (http_dll.dat)

Information Collector

56abd939abcc49570ab00eb4c5b0898c37549afd8539f4c8b7239530889807d1
6834CD58E413B46FE627FEC2218E5FADB1EF15E4CE6259E5812C0DE4062D005B
c0c5c4eae6122eea65f5b3d0edecedb7240b47160b110019f4092572dbb28b67

Data extractor 1

F8DA8EAD6E74E93482C8C4857783BBFF13E17930C924D4B450E978A97CBFA4ED

Data extractor 2

76538110C1207E47674BD7561AEA5CD41C8DDF7228A3FB141C70E7193EC04CD2
BE2DB9EB879B54C1C7220CF858EA3A4BD31E2474F3BE13D5ABEA2A0C1C24CA4B

ShellCodeExecutor

3CF29801BB08C335B97B7FBEF86DF085EA848D6A6CC0790CCCFCECACE07879CB

StartService

b861eab09daec59d5bea634b1ecf0edad17f819dc381dfd472fd23b4d9412c40
7C9257945F61D0F807064AA3BCEE04192E5396784DDE4C258D82BF3DBDDC2708

ServiceInstaller

DDDFFAD08343309561583F4AED1314949873E447E9BADB7B9619C36B0D96F9D6

UAC Bypass

268945FDF918EF6CB9863072BB898D1019C0911D4BC3BEB60A8A6F63D958D2A6

Lazagne

5D953D887ABF65FA7C8D3A2336B6EC8E510B1019819E93A6CFC0D767B0C89A4C
F7DF1B0B031BB5CE55A6DEDC83238838939A3DF6754DFC672302033BDA6C43EC

Mimikatz

37286285CB0F8305BD23A693B2E7ACE71538E4C0B9F13EE6CA4E9E9419657813
11B680737EB744867F8194D0997B0B694DBE2D5EFDBCEF88D404B1F79B7F7B7A
EAD61053881B4B6531B1610AD6A41096F181D2793A0EFC353D5B92B92548A2F4
8EB83D8739BF93D182ACDEF104D212F028FC1BD70336B22E4DCD41896BB580D1

PortScanner

2F81A30C205ED7BCA253FD5D14C164CBA0FE5CCB63D0A6CE29ABF324A1FD4814

Nbtscan

C9D5DC956841E000BFD8762E2F0B48B66C79B79500E894B4EFA7FB9BA17E4E9E
DA21AA6710528B9267833E2EF2E7974F5E7D32F02201FB63326FEA174926E78F

Earthworm

0f11d142064c98c35258ad7e761b66980faa7fbc34ced687689b774e6b0c6efe
5D1732094EEADDB74017BDA0BEFC1379817D19BD0093FD4FA2FFDC2D146C24A9 (VM protected)

FRP

247834006F766C942184F74757552B8FF243EC47892240329D23E80A88151605

Network indicators

C&C servers

202.179.0[.]142 8000
202.179.0[.]142 8080
202.179.5[.]161 443
202.179.5[.]85 8080
202.179.5[.]43 443
203.91.119[.]4 8000
202.59.9[.]58 80 
139.180.208[.]225
202.59.9[.]58 80 8443
106.13.149[.]126 443
139.180.208[.]225 443
139.180.155[.]133 80
45.77.55[.]145
oss.chrome-upgrade[.]com
go.vegispaceshop[.]org
web.microlynconline[.]com:80
home.microlynconline[.]com:8000
help.microlynconline[.]com:443
host.microlynconline[.]com:53