mirror of
https://github.com/avast/ioc
synced 2024-06-30 02:31:23 +00:00
51 lines
1.7 KiB
Markdown
51 lines
1.7 KiB
Markdown
# IoC from Backdoored Client from Mongolian CA MonPass
|
|
|
|
Malware analysis and more technical information at <https://decoded.avast.io/luigicamastra/backdoored-client-from-mongolian-ca-monpass/>
|
|
|
|
|
|
### Table of Contents
|
|
* [Samples (SHA-256)](#samples-sha-256)
|
|
* [Network indicators](#network-indicators)
|
|
|
|
## Samples (SHA-256)
|
|
```
|
|
4A43FA8A3305C2A17F6A383FB68F02515F589BA112C6E95F570CE421CC690910
|
|
- hxxps://jquery-code.ml/Download/Browser_Plugin.exe
|
|
- hxxp://micsoftin.us:2086/dow/83.bmp
|
|
- hxxp://37.61.205.212:8880/dow/Aili.pdf
|
|
|
|
e2596f015378234d9308549f08bcdca8eadbf69e488355cddc9c2425f77b7535
|
|
379d5eef082825d71f199ab8b9b6107c764b7d77cf04c2af1adee67b356b5c7a
|
|
a7e9e2bec3ad283a9a0b130034e822c8b6dfd26dda855f883a3a4ff785514f97
|
|
- hxxp://download.google-images.ml:8880/download/x37.bmp
|
|
|
|
f21a9c69bfca6f0633ba1e669e5cf86bd8fc55b2529cd9b064ff9e2e129525e8
|
|
- hxxp://download.google-images.ml:8880/downloa/37.bmp
|
|
- hxxp://37.61.205.212:8880/download/Browers_plugin.exe
|
|
|
|
28e050d086e7d055764213ab95104a0e7319732c041f947207229ec7dfcd72c8
|
|
- hxxp://download.google-images.ml:8880/downloa/37.bmp
|
|
|
|
5cebdb91c7fc3abac1248deea6ed6b87fde621d0d407923de7e1365ce13d6dbe
|
|
- hxxp://micsoftin.us:2086/dow/83.bmp
|
|
|
|
456b69628caa3edf828f4ba987223812cbe5bbf91e6bbf167e21bef25de7c9d2
|
|
- hxxp://download.google-images.ml:8880/download/DNSs.bat
|
|
|
|
9834945a07cf20a0be1d70a8f7c2aa8a90e625fa86e744e539b5fe3676ef14a9
|
|
- hxxp://download.google-images.ml:8880/download/DNSs.bat
|
|
- hxxp://download.google-images.ml:8880/download/x37.bmp
|
|
```
|
|
|
|
## Network indicators
|
|
### C&C servers
|
|
```
|
|
37.61.205[.]212
|
|
micsoftin[.]us
|
|
jquery-code[.]ml
|
|
download.google-images[.]ml
|
|
dev.google-dev[.]ml
|
|
internet.google-dev[.]ml
|
|
jquery.google-dev[.]ml
|
|
```
|