Mirrors
/
ioc-collection
mirror of https://github.com/avast/ioc
6
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
ioc-collection/MyKings-clipboard-stealer
History
Jakub Kaloč 0948faec14 readme mod 2021-10-12 10:19:42 +02:00
..
extras readme mod 2021-10-12 10:19:42 +02:00
README.md readme mod 2021-10-12 10:15:21 +02:00
cnc.txt added mykings iocs 2021-10-07 21:00:13 +02:00
mutexes.txt added mykings iocs 2021-10-07 21:00:13 +02:00
samples.md5 added mykings iocs 2021-10-07 21:00:13 +02:00
samples.sha1 added mykings iocs 2021-10-07 21:00:13 +02:00
samples.sha256 added mykings iocs 2021-10-07 21:00:13 +02:00
steam_links.txt added mykings iocs 2021-10-07 21:00:13 +02:00
wallets.txt added mykings iocs 2021-10-07 21:00:13 +02:00
yadisk_links.txt added mykings iocs 2021-10-07 21:00:13 +02:00

README.md

IoC for MyKings - clipboard stealer

Malware analysis and more technical information at https://decoded.avast.io/janrubin/the-king-is-dead-long-live-mykings/

Table of Contents

Samples (SHA-256)

MyKings clipboard stealer binary and related files

0390B466A8AF2405DC269FD58FE2E3F34C3219464DCF3D06C64D01E07821CD7A
0CDEF01E74ACD5BBFB496F4FAD5357266DABB2C457BC3DC267FFAD6457847AD4
2AAF1ABEAEEED79E53CB438C3BF6795C7C79E256E1F35E2A903C6E92CEE05010
5AE5FF335C88A96527426B9D00767052A3CBA3C3493A1FA37286D4719851C45C
B9C7CB2EBF3C5FFBA6FDEEA0379CED4AF04A7C9A0760F76C5F075DED295C5CE2
D2E8B77FE0DDB96C4D52A34F9498DC7DD885C7B11B8745B78F3F6BEAEEC8E191
F778CA041CD10A67C9110FB20C5B85749D01AF82533CC0429A7EB9BADC45345C

Mutex names

Windows 7 Professional02
Windows 7 Ultimate02
Windows 10 Enterprise02
Windows 10 Pro02
Windows XP02

C&Cs and logging servers

http://2no[.]co/1ajz97
http://2no[.]co/1aMC97
http://2no[.]co/1Lan77
http://ioad[.]pw/ioad.exe
http://ioad[.]pw/v.sct
http://iplogger[.]co/1h9PN6.html
http://iplogger[.]org/1aMC97
http://kr1s[.]ru/doc.dat
http://kr1s[.]ru/java.dat
http://kr1s[.]ru/tess.html
http://u.f321y[.]com/buff2.dat
http://u.f321y[.]com/dhelper.dat
http://u.f321y[.]com/oneplus.dat
http://u.f321y[.]com/tess.html
http://u.f321y[.]com/VID.dat
http://zcop[]].ru/java12.dat

Yandex disk links

https://disk[.]yandex.ru/d/NGyR4jFCNjycVA

Steam trade offer links

https://steamcommunity[.]com/tradeoffer/new/?partner=121845838&token=advSgAXy

Wallet addresses

0x039fd537a61e4a7f28e43740fe29ac84443366f6
0x6a1A2C1081310a237Cd328B5d7e702CB80Bd2078
12cZKjNqqxcFovghD5N7fgPNMLFZeLZc3u
16G1hnVBhfrncLe71SH3mr19LBcRrkyewF
22UapTiJgyuiWg2FCGrSsEEEpV7NLsHaHBFyCZD8nc1c9DEPa5JrELQFr6MNqj3PGR4PGXzCGYQw7UemxRoRxCC97r43pZs
3PAFMSCjWpf5WDxkkECMmwqkZGHySgpuzEo
41xDYg86Zug9dwbJ3ysuyWMF7R6Un2Ko84TNfiCW7xghhbKZV6jh8Q7hJoncnLayLVDwpzbPQPi62bvPqe6jJouHAsGNkg2
7117094708328086084L
AKY1itrWtsmziQhg2THDcR3oJhXsVLRxM7
AXnqKf2Pz6n9pjYfm2hrekzUNRooggjGpr
D6nziu2uAoiWvdjRYRPH7kedgzh56Xkjjv
DAsKfjhtVYnJQ7GTjwPAJMRzCtQ1G36Cyk
DdzFFzCqrht9wkicvUx4Hc4W9gjCbx1sjsWAie5zLHo2K2R42y2zvA7W9S9dM9bCHE7xtpNriy1EpE5xwv7mPuSjhP4FyB9Z1ra6Ge3y
EVRzjX4wpeb9Ys6i1LFcZyTkEQvV9Eo2Wk
GBJOA4BNCXBSYG3ZVU2GXNOOA2JJLCG4JIVNEINHQIZNVMX4SSH5LLK7
LbAKQZutpqA9Lef6UGJ2rRMJkiq7fx7h9z
LUfdGb4pCzTAq9wucRpZZgCF69QHpAgvfE
QNkbMtCmWSCFS1U63PcAxhKufLvEwSsJ8t
qrfdnklvpgmh94dycdsp68qd6nf9fk8vlsr24n2mcp
QrKfx3qsqaMQUVHx8yAd1aTHHRdjP6Tg
qz45uawuzuf0fa3ldalh32z86nkk850e0qcpnf6yye
rNoeET6PH5dkf1VVvuUc2eZYap9yDZiKTm
SPLfNnmUdqmYu1FH2qMcGiU7P8Mwf9Z3Kr
t1JjREG9k58srT42KitRp3GyMBm2x4B889o
t1Suv1nezoZVk98LHu4tRxQ6xgofxQwi54h
VhGTEsM6ewqNBJwDEB2o6bHvRqFdGqu5HM
XdxsHPrsJvsDze4CQkMVVgsuqrHqys791e
Xup4gBGLZLDi9J9VbcLuRHGKDXaUjwMoZV