History

Adolf Středa 45143ead12 WiryJMPer		2019-09-12 09:34:02 +02:00
..
README.md	WiryJMPer	2019-09-12 09:34:02 +02:00
network.txt	WiryJMPer	2019-09-12 09:34:02 +02:00
samples.md5	WiryJMPer	2019-09-12 09:34:02 +02:00
samples.sha1	WiryJMPer	2019-09-12 09:34:02 +02:00
samples.sha256	WiryJMPer	2019-09-12 09:34:02 +02:00

README.md

IoC for WiryJMPer

Malware analysis and more technical information at https://decoded.avast.io/adolfstreda/the-tangle-of-wiryjmper's-obfuscation/

Samples (SHA-256)
Network indicators

Samples (SHA-256)

f1963b44a9c887f02f6e9574aea863974be57a033600047b8e0911f9dbcb9914 - analyzed sample
7477159797a7f06e3c153662bfef624d056e64b552f455fe53e80f0afb0a1860 - ABBC Coin wallet
6daa1ff03fdbbb58b1f41d2f7dc550ee97fc5b957252b7f1703c81c50b3d406f - Netwire payload

Other Samples

6e1cfde5278d03c6df204d845d165673df89cfd047f4eda97816ee351115a652
4b7bd8581b85bb33d4748aaeda6a3e5ec8f930751688ffb6854522411f3ad275
81740ad6a3f0e5c1698132524e0d4b23b4f4773761bca68fdaef33748ef299e3
880de7e64c0678a38ef6964b6ff2f48e426449426b58a516556285421c223374
125cf6b01deb86df16e0961021a57b28177b8efedc6bf4f617bef940cf4b9d74
04a92a7e171b583c40cee9d2760b20fa8324e45f3938f7d41f48065829103ebd
4a3d3e85d09074ed1e1de5e48c97c4e42fbcb3cfb44b213c0224ffb191dcd1c2
0631ace562e077814c7788b9fe10c865579a29cf180654658f30ab38387a13e3
d1457c238b99ca8904693551f92310acae561c68c20a8caafe3391d927d7618e
ea855c2b53419dcd81e677520d4e55d41cb5ce2933f550edd6520cce15da93fc

Network indicators

Netwire C&C servers

46.166.160[.]158

README.md

IoC for WiryJMPer

Table of Contents

Samples (SHA-256)

Other Samples

Network indicators

Netwire C&C servers