mirror of
https://github.com/avast/ioc
synced 2024-06-29 18:21:19 +00:00
105 lines
3.8 KiB
Markdown
105 lines
3.8 KiB
Markdown
# IoC for CacheFlow
|
|
|
|
Malware analysis and more technical information at <https://decoded.avast.io/janvojtesek/backdoored-browser-extensions-hid-malicious-traffic-in-analytics-requests/>
|
|
|
|
### Table of Contents
|
|
* [Samples (SHA-256)](#samples-sha-256)
|
|
* [Network indicators](#network-indicators)
|
|
* [Extension IDs](#extension-ids)
|
|
|
|
|
|
## Samples (SHA-256)
|
|
#### CacheFlow scripts related files
|
|
```
|
|
2bc86c14609928183bf3d94e1b6f082a07e6ce0e80b1dffc48d3356b6942c051 - manifest.json
|
|
bdd2ec1f2e5cc0ba3980f7f96cba5bf795a6e012120db9cab0d8981af3fa7f20 - background.js
|
|
3dad00763b7f97c27d481242bafa510a89fed19ba60c9487a65fa4e86dcf970d - jquery.js
|
|
4e236104f6e155cfe65179e7646bdb825078a9fea39463498c5b8cd99d409e7a - Intermediary Downloader
|
|
ebf6ca39894fc7d0e634bd6747131efbbd0d736e65e68dcc940e3294d3c93df4 - Payload
|
|
0f99ec8031d482d3cefa979fbd61416558e03a5079f43c2d31aaf4ea20ce28a0 - Injected script
|
|
```
|
|
|
|
## Network indicators
|
|
#### C&C domains
|
|
```
|
|
abuse-extensions[.]com
|
|
ampliacion[.]xyz
|
|
a.xfreeservice[.]com
|
|
b.xfreeservice[.]com
|
|
c.xfreeservice[.]com
|
|
browser-stat[.]com
|
|
check-stat[.]com
|
|
check4.scamprotection[.]net
|
|
connecting-to-the[.]net
|
|
cornewus[.]com
|
|
downloader-ig[.]com
|
|
exstats[.]com
|
|
ext-feedback[.]com
|
|
extstatistics[.]com
|
|
figures-analysis[.]com
|
|
huffily.mydiaconal[.]com
|
|
jastats[.]com
|
|
jokopinter[.]com
|
|
limbo-urg[.]com
|
|
mydiaconal[.]com
|
|
notification-stat[.]com
|
|
orgun.johnoil[.]com
|
|
outstole.my-sins[.]com
|
|
peta-line[.]com
|
|
root.s-i-z[.]com
|
|
s3.amazonaws[.]com/directcdn/j6dle93f17c30.js
|
|
s3.amazonaws[.]com/wwwjs/ga9anf7c53390.js
|
|
s3.amazonaws[.]com/wwwjs/hc8e0ccd7266c.js
|
|
safenewtab[.]com
|
|
script-protection[.]com
|
|
server-status[.]xyz
|
|
servscrpt[.]de
|
|
stats.script-protection[.]com
|
|
statslight[.]com
|
|
ulkon.johnoil[.]com
|
|
user-experience[.]space
|
|
user-feedbacks[.]com
|
|
user.ampliacion[.]xyz
|
|
xf.gdprvalidate[.]de/partner/8otb939m/index.php
|
|
```
|
|
|
|
## Extension IDs
|
|
#### A list of Chrome infected browser extensions with IDs
|
|
```
|
|
mdpgppkombninhkfhaggckdmencplhmg - Direct Message for Instagram
|
|
fgaapohcdolaiaijobecfleiohcfhdfb - DM for Instagram
|
|
iibnodnghffmdcebaglfgnfkgemcbchf - Invisible mode for Instagram Direct Message
|
|
olkpikmlhoaojbbmmpejnimiglejmboe - Downloader for Instagram
|
|
bhfoemlllidnfefgkeaeocnageepbael - App Phone for Instagram
|
|
nilbfjdbacfdodpbdondbbkmoigehodg - Stories for Instagram
|
|
eikbfklcjampfnmclhjeifbmfkpkfpbn - Universal Video Downloader
|
|
pfnmibjifkhhblmdmaocfohebdpfppkf - Video Downloader for FaceBook™
|
|
cgpbghdbejagejmciefmekcklikpoeel - Vimeo™ Video Downloader
|
|
klejifgmmnkgejbhgmpgajemhlnijlib - Zoomer for Instagram and FaceBook
|
|
ceoldlgkhdbnnmojajjgfapagjccblib - VK UnBlock. Works fast.
|
|
mnafnfdagggclnaggnjajohakfbppaih - Odnoklassniki UnBlock. Works quickly.
|
|
oknpgmaeedlbdichgaghebhiknmghffa - Upload photo to Instagram™
|
|
pcaaejaejpolbbchlmbdjfiggojefllp - Spotify Music Downloader
|
|
lmcajpniijhhhpcnhleibgiehhicjlnk - The New York Times News
|
|
lgjogljbnbfjcaigalbhiagkboajmkkj - FORBES
|
|
akdbogfpgohikflhccclloneidjkogog - Скачать фото и видео из Instagram
|
|
```
|
|
|
|
#### A list of Edge infected browser extensions with IDs
|
|
```
|
|
lnocaphbapmclliacmbbggnfnjojbjgf - Direct Message for Instagram™
|
|
bhcpgfhiobcpokfpdahijhnipenkplji - Instagram Download Video & Image
|
|
dambkkeeabmnhelekdekfmabnckghdih - App Phone for Instagram
|
|
dgjmdlifhbljhmgkjbojeejmeeplapej - Universal Video Downloader
|
|
emechknidkghbpiodihlodkhnljplpjm - Video Downloader for FaceBook™
|
|
hajlccgbgjdcjaommiffaphjdndpjcio - Vimeo™ Video Downloader
|
|
dljdbmkffjijepjnkonndbdiakjfdcic - Volume Controller
|
|
cjmpdadldchjmljhkigoeejegmghaabp - Stories for Instagram
|
|
jlkfgpiicpnlbmmmpkpdjkkdolgomhmb - Upload photo to Instagram™
|
|
njdkgjbjmdceaibhngelkkloceihelle - Pretty Kitty, The Cat Pet
|
|
phoehhafolaebdpimmbmlofmeibdkckp - Video Downloader for YouTube
|
|
pccfaccnfkjmdlkollpiaialndbieibj - SoundCloud Music Downloader
|
|
fbhbpnjkpcdmcgcpfilooccjgemlkinn - Instagram App with Direct Message DM
|
|
aemaecahdckfllfldhgimjhdgiaahean - Downloader for Instagram
|
|
```
|