mirror of
https://github.com/avast/ioc
synced 2024-06-30 18:51:19 +00:00
36 lines
772 B
Markdown
36 lines
772 B
Markdown
# IoC for Compromised Philippine Navy Certificate
|
|
|
|
Malware analysis and more technical informations at <https://decoded.avast.io/threatintel/avast-finds-compromised-philippine-navy-certificate-used-in-remote-access-tool/>
|
|
|
|
|
|
### Table of Contents
|
|
* [Samples (SHA-256)](#samples-sha-256)
|
|
* [Network indicators](#network-indicators)
|
|
* [File names](#file-names)
|
|
* [Mutex](#mutex)
|
|
|
|
|
|
## Samples (SHA-256)
|
|
#### Binary and related files
|
|
```
|
|
85FA43C3F84B31FBE34BF078AF5A614612D32282D7B14523610A13944AADAACB - C:\Windows\System32\wlbsctrl.dll
|
|
```
|
|
|
|
|
|
## Network indicators
|
|
#### C&C servers
|
|
```
|
|
dost[.]igov-service[.]net:8443
|
|
```
|
|
|
|
|
|
## File names
|
|
```
|
|
C:\Windows\System32\wlbsctrl.dll
|
|
```
|
|
|
|
## Mutex
|
|
```
|
|
t7As7y9I6EGwJOQkJz1oRvPUFx1CJTsjzgDlm0CxIa4=
|
|
```
|