mirror of https://github.com/avast/ioc
f81770425f
|
||
|---|---|---|
| .. | ||
| README.md | ||
| samples.md5 | ||
| samples.sha1 | ||
| samples.sha256 | ||
IoC for Raspberry Robin/Roshtyak
Malware analysis and more technical information at https://decoded.avast.io/janvojtesek/raspberry-robins-roshtyak-a-little-lesson-in-trickery/
Table of Contents
Samples (SHA-256)
Roshtyak
05c771c6ab0fb3b75dcaa748750ec31de621e61a23e42b52431d67b1025a1e56
09600477ff392293e3fbef40b3ecdb489819f6f0c74c3c8ec90efa58a0e8bd6f
0b5860e7a380623920a2426dd72fe5981ec1f21600b381e414eb54b0b2dffcc6
0f2fefe08d185e1a03d065ff45840b5bd3b9c0492b3b8434fc785e96eb981a23
105a6bfbc28c85c95411468c6e45ca66ceddfd16e04049c076160b689d0421a1
1073d38346b39fb3d92f4cd814ea13d32ecf5b16c07c87560802343bd1605dfd
1308405ad1cacc637c888a93028962c0638d3a09f8042e9d51fa269d9af5be75
181303c131c604ca92454680d988782230aa9d424ff7b1aae8eac172adcc63f5
1d0191c5dc6cd12bc3718fbc1c7bff5dc037d79f6e0aa29441a9d2c717a81005
2011a4d44868c7ae5888e002e560bdefaee80fb1ebc475ab27cc087ceaba3421
273f8a8e3f1f7aebebb62cd85ccde99f31c97cfb690bf1d82137dc907d8b46c8
2b58155372b12666d1ffd2b868200c6d4708bce810cda5de1df4d027878bee50
2d09627f1e18e10a84ee46a39393a475f2221646845619d0e91c53e55b6ced78
3258221c3cfe43e436dcdcd861094958fb3b2a0c6e6fbd480340a617bd6c6372
325e69483cabd38079c34b6aac5f7ecb6bd971e2ad050009569fbf5f87e5b4e5
3456982084e2ba7e9bf2640d6635aad3b73daa0e6d4b5d2fadc8231234a8fefb
3e97d7208c0b4d30bd9e2df8128d149bc63678e6bb4de1c856652ff1771e399d
41a872cfc4d45bebd449c1f07df957003ce9e2b70f61723c87a11c9d3ad18a5c
4bdc63acbbdc6f332d710327cae95825e517e5023c8c3d708433d4adbd905565
4ec325580b1b5df51c1ce739795ba0bd791b87eb46b30d01f1720f1a4a4855f4
4f7d0d590e1beed28c106c4dfb0484621fceea018b9f655987b42a623e58b18e
6198efa6bec2d0ecf4eace023570538289e8160866caee151bda35be7736c1b6
6265d6edfbf0dc8e475bb1ad50d211963302e3ee6fb3ffa1554995fc132e7288
634688f7b8f7b1cdc1103fdf1d27a2f0a9d944eca3561949b6638325905d9523
641e899d788a5a12aaa9ce95a3b136ef69746ea41075364c545131b44a671150
64aa54501ee346360ef487938058dc6987a2217928eb3bd097bae24a3b1f33af
667e9bd9ae498dcfb9948f7a77c188fb26df9eb2fcc51bbe41ab7c2a3ddff230
6966cf4fdf8d2903e6592dbe33d9c384ecab2a04c52f7ceb4443fdd76d4243ea
6f179213ad18db6dc9e85159af8224f1aafde8db534cb7d1e6400eeafc4650f8
70dbb7409aa5bf237f0463da8a26e2c0ea12d7f2c35e9bce89a9b2e820ac638d
7752fc97466c4d70051d078cfe0741655a0671881b04de7880baa6bd23a1aea7
825c881dd6061a1b181bdecd74da45a894e9ab6c5674f019172e4926d1e19b6e
8b9ea540f76c84460a5457b060489341b3374e0b17c24895b3df68e73bc12011
8c6eb7b3590a221d6e5dde90c1b3c1a46cc37ab5e0becf0c2fb96358856760d3
8d35efd658a4c648f1f0bda743b235ea298ba427aa9c24fe7d37b34f65029636
8ff280e6e5ce3d38fb92c687cfe7ad39538b041632ed018815eb126b24e5d491
9239c45b08079866ad61b0f35709bf0502af35e0661439b886bf085b0242bdee
92491497b83a8ad213c15c3f43fc34358a6d7e5ccf3cfbc7e93bb3f436a96456
9254db5b18f53f25d68ab5a1e973a46590965403cb3b38ce0a0c171653e810b7
99c0c2111241b8ab416a7405a0453b77b3e5749bfd1fb182848b903d1adae15f
9c362e16e56723885d4c3ad88ce36d57713f24d01f23d52b0c465d5d4767dd8f
a14f14c7b468c40f865db7512d632b7268ba958786ad2b6e3c8cae85eaec9fae
a19a4037df70ff896bbbf923b250098d78933af9ad77d1017d4f5b85e5a8b8fb
a1b2435d7cc11d738419b0d1b9a2c7d6b8c071f17ac08f6dce5eb85771dc624c
a43a2e2351b2087f48c52d33b18e6278bd50d8e64c18462335988300c27febb9
a5b7f672907cc9716d3ccc20f2c783fef110dd1a92f0c03acf1e6b7cab121e76
b09ed3931a6fbfa3a2bf701c92302e80f716f0c29384046b34b78429a5274c7d
b0b16fcec7631b087f7cd5965676a3ff39b9e29b3696454cbec489623da922de
b13823805b534d14f88fa2c017c469517e81d6aa19994ba432f683b1dc304d58
b4cb7640d4ecacaf554744229f5dd5d07fba70b72cc19d268b3fb70a7e4914a4
b59cbd494a290e3c98db577558c97071d2667ad414e77495e56132c4c5b81313
bad38e743708ea746930e8f4b6663a162add4503821d998a6049961e82c48250
bd6ddcecebe506a720c12191c0b06fc928cb04252b18c7ec27b0cd163cd5866f
c158550e9871f0337417ab19111f233fb4fa653f63ac184922d3eb6e3eb720f9
c45cb46b5b052459a4e8d93377f22c482eafe2930a18571c92b4970d7f31da23
c64878de9c1f1114988726b990e51e76a63d09773b67ac000918c7befd9fba9b
cc945f11956cb1c4a5c0cc80e4f49409976138816326bb13a2e65bf9e38c0d7c
cdb1485fc915ccc5359389f27780c8dce6e44e9c2623cf7ecf362d1ea13dd01d
d0e4b91971520c3aa4b92af5203627666cd83261f41dfb02f29371069d25de52
d41af31a3d833b8470bd2fac52c258ada62819cdf212bee1ae4168e100c9438d
d4bfc8c52f58dabc6c25d28142af9386f4b70f79dcc42518e00b114696ca57fb
e8ebd9b7bcf8bb42b910c9fd5b94f9ffa98399fe3d6a09c1490dacf2ae680270
edea13bf957e4c450c1028a1071fdbd9efeec94717c172260912eaf022d32621
f0a7fc685747beb21d9339aed02eb9f7ee85996d79d226858fea8c2f83af36cc
fc2fdacbbb116992dcd444cbc4c65179a33277ca588f02f9c696129ffe341b9e
fd843db504171aab5fbbc2955fda9471f726a4d006c28ad25174f729f4c8b874
Network indicators
Onion C&Cs
ip2djbz3xidmkmkw:53148
tq2srsgevhutzw42:43477
krq2qyjhfwh4trww:51499
xph6exfmdo7b4tkw:38607
p2dw3umgw6qhrld3:25947
2q3n7ycm7vxe73g6:30656
kzzuxfvchn5kb73c:21646
42xgf6qae5wjbcva:45252
miwia5zo4oxcj7n6:11472
gk7jrmr5v3nw3u7m:40090
nwogcq7cmhth7e4x:15588
lbwgagk54ww5c3nj:32284
re5sb73yb75nbkrm:33033
5fajnveyn2bd4nm7:5990
sv2fubnuttyzvfgl:39828
xh6pciiw6yeqz3bs:19956
xup6y7cxgjorezif:51516
niddw7jlqyc64xwc:36583
gwtpcz4n3wtkwhj4:64393
w4qjsuu5x5kwvkgu:61921
wkhipwh6fb5j5hzx:25280
rs24qxgkhecjcgdn:51533
6lmt3ott62q5pwae:52403
dvivtswsxdxsqqxa:26960
i3uhj2pyh4cwwbmy:54343
7udhxrfpz6qwvspy:31399
3wquaem4x5qylhs5:17953
rim3qyk3tdbt2iw3:60747
nczflpbaow2ta7ua:19155
qwhbbp6ye2l25wv6:13927
vcammjx7ddus5kfr:64148
obowq55leh2wguwg:35882
pvy2atf27dq2d334:2720
ga3zm6uelxuniyq4:60117
ml7sphy7w3k2ge6d:12508
Raspberry Robin C&Cs
0dz[.]me
0e[.]si
0i[.]pm
0t[.]yt
0v[.]wf
0w[.]pm
0x9[.]biz
13j[.]me
1h3[.]me
1i[.]pm
1j[.]pm
1j4[.]xyz
1k4[.]xyz
1n4[.]xyz
1u[.]pm
21k[.]website
2i[.]nu
2i[.]pm
2j4[.]xyz
2um[.]xyz
2yd[.]eu
3e[.]pm
3h[.]wf
3h1[.]xyz
4c[.]pm
4j[.]pm
4j1[.]xyz
4j5[.]xyz
4k1[.]xyz
4kx[.]xyz
4m[.]wf
4q[.]pm
4s[.]pm
4s3[.]me
4w[.]rs
4w[.]wf
5j8[.]xyz
5jb[.]me
5jk[.]club
5kj[.]xyz
5kx[.]me
5qe8[.]com
5qw[.]pw
5s[.]pm
5z[.]wf
66j[.]me
6id[.]xyz
6j2[.]xyz
6qo[.]at
6t[.]nz
6t[.]re
6w[.]re
6wr9[.]com
6xj[.]xyz
6y[.]re
7d[.]rs
7yfb[.]com
8t[.]pm
8t[.]wf
9r[.]re
9r[.]sk
aij[.]hk
as3[.]biz
b3vv[.]com
b8x[.]org
b9[.]pm
bpyo[.]in
c0[.]wf
c4z[.]pl
c7[.]lc
d4j[.]club
dj2[.]biz
doem[.]re
dsi[.]mk
e9[.]wf
egso[.]net
ej3[.]xyz
ejk[.]bz
ejk[.]li
euya[.]cn
f0[.]tel
fnx[.]wf
fxb[.]tw
fz[.]ms
g3[.]rs
g4[.]tel
g4[.]wf
getmyfile[.]eu
glnj[.]nl
gloa[.]in
gz3[.]nl
h0[.]wf
i0up[.]com
i49[.]xyz
i4x[.]xyz
i6n[.]xyz
iz[.]gy
j1n[.]me
j2[.]gy
j3n[.]xyz
j4r[.]xyz
j4z[.]co
j4z[.]xyz
j5m[.]biz
j5n[.]xyz
j68[.]info
j8[.]si
jjl[.]one
jrtz[.]re
jrx[.]fr
jrx[.]tw
jzm[.]pw
k0[.]pm
k1n[.]club
k5j[.]one
k5m[.]co
k5x[.]xyz
k6c[.]org
k6j[.]me
k6j[.]pw
kglo[.]link
kj1[.]xyz
kjaj[.]top
kr4[.]xyz
krrz[.]pm
l5k[.]xyz
l6nk[.]com
l9b[.]org
lgf[.]pw
lwip[.]re
lwxa[.]eu
m0[.]wf
m0[.]yt
m5n[.]biz
mirw[.]wf
mn1[.]biz
mnem[.]wf
msix[.]pm
mwgq[.]net
mz3[.]biz
mzjc[.]is
n3[.]wf
n5[.]ms
n51[.]biz
n54[.]me
n5k[.]me
nk0[.]club
nt3[.]xyz
nwz[.]li
nz4[.]xyz
nzm[.]one
oj8[.]eu
omzk[.]org
p3[.]ms
p9[.]tel
pjz[.]one
q0[.]pm
q2[.]rs
qji6[.]com
qmpo[.]art
r0[.]pm
r0[.]wf
r4e[.]pl
r6[.]nz
ri7[.]biz
rx3[.]xyz
s0[.]pm
s8[.]cx
skqv[.]eu
t0[.]wf
t7[.]nz
tiua[.]uk
trzx[.]eu
tz6[.]org
u0[.]pm
u8wp[.]com
ue2[.]eu
uoej[.]net
uqw[.]futbol
uz3[.]me
v0[.]cx
vn6[.]co
vs[.]gy
w4[.]nz
w4[.]rs
w4[.]wf
w6[.]nz
wak[.]rocks
xjam[.]hk
xz4[.]biz
y0[.]wf
y3x[.]biz
ynns[.]uk
yuiw[.]xyz
z7s[.]org
zbs[.]is
zie5[.]com
zjc[.]bz
zk[.]qa
zk4[.]me
zk5[.]co
zxn[.]fyi