API tools faq
paste
Advertisement
cs0sf

APT33 IOCs

cs0sf
Mar 27th, 2019
1,402
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.13 KB | None | 0 0
raw download clone embed print report
  1. # Flfin - APT33
  2. # Based on https://www.symantec.com/blogs/threat-intelligence/elfin-apt33-espionage
  3.  
  4. # WinRAR
  5. 89.34.237.118:808/Rar32.exe
  6.  
  7. # POSHC2
  8. mynetwork.ddns.net:880/st-36-p4578.ps1
  9. # HFS Panel, Other files
  10. hxxp//mynetwork.ddns.net:880/MSFeeds.vbe
  11. # SHA256 - e101556a7438fc4e294cc7e60ebc52362534eac52a9aa1a421e482506b524512
  12. hxxp//mynetwork.ddns.net:880/registry.ps1
  13. # SHA256 - 8a5a947cc4d0649d776c1be1eaee105eb3771f2ec7e50c111e9f1668cb53a3a8
  14.  
  15. # Quasar RAT, Not a Multihomed IP
  16. 217.147.168.123
  17.  
  18. # Custom FTP Tool, Not a Multihomed IP
  19. 192.119.15.36:880/ftp.exe
  20.  
  21. # C2, Not a Multihomed IP
  22. ftp://89.34.237.118:2020
  23.  
  24. # Malware Samples
  25. # MD5 SHA256
  26. c02689449a4ce73ec79a52595ab590f6 5798aefb07e12a942672a60c2be101dc26b01485616713e8be1f68b321747f2f Notestuk/TURNEDUP Win32.Trojan.Hombot
  27. c079412d8386f29ce40d0e8352cff96d a67461a0c14fc1528ad83b9bd874f53b7616cfed99656442fb4d9cdd7d09e449 AutoIt backdoor Win32.Trojan.Tiggre
  28. 451ce41809508b7f88a24caba884926c f2943f5e45befa52fb12748ca7171d30096e1d4fc3c365561497c618341299d5 Gpppassword Win32.Trojan.Hacktool
  29. 99fa06574acad41ad3ea5998923873ce 87e2cf4aa266212aa8cf1b1c98ae905c7bac40a6fc21b8e821ffe88cf9234586 LaZagne Win32.Trojan.Hacktool
  30. 0997f4ded857be05e4142109e3812d41 709df1bbd0a5b15e8f205b2854204e8caf63f78203e3b595e0e66c918ec23951 LaZagne Win32.Trojan.Hacktool
  31. 8307361a634d5489434c7711fe3b320a a23c182349f17398076360b2cb72e81e5e23589351d3a6af59a27e1d552e1ec0 Quasar RAT Win32.Trojan.Quasar
  32. 618f5a9916d3762538755c38992977e3 0b3610524ff6f67c59281dbf4a24a6e8753b965c15742c8a98c11ad9171e783d Quasar RAT Win32.Trojan.Quasar
  33. 17fc032e3b92eaa5222a7f147a0ccd27 d5262f1bc42d7d5d0ebedadd8ab90a88d562c7a90ff9b0aed1b3992ec073e2b0 Quasar RAT Win32.Trojan.Quasar
  34. 67fff57bb44d3458b17f0c7a7a45f405 ae1d75a5f87421953372e79c081e4b0a929f65841ed5ea0d380b6289e4a6b565 Remcos Win32.Trojan.Casdet
  35. 8ff436b4a5743ef1903b372c52567319 e999fdd6a0f5f8d1ca08cf2aef47f5ddc0ee75879c6f2c1ee23bc31fb0f26c70 Remcos Win32.Trojan.Kryptik
  36. - 018360b869d8080cf5bcca1a09eb8251558378eb6479d8d89b8c80a8e2fa328c Remcos
  37. - 367e78852134ef488ecf6862e71f70a3b10653e642bda3df00dd012c4e130330 Remcos
  38. - ea5295868a6aef6aac9e117ef128e9de107817cc69e75f0b20648940724880f3 Remcos
  39. - aa905a3508d9309a93ad5c0ec26ebc9b 6401abe9b6e90411dc48ffc863c40c9d9b073590a8014fe1b0e6c2ecab2f7e18 SniffPass Win32.Trojan.Hacktool
  40. bf9c589de55f7496ff14187b1b5e068bd104396c23418a18954db61450d21bab DarkComet
  41. - 550ed5aef772bdb0e280b1c283ac5f9f af41e9e058e0a5656f457ad4425a299481916b6cf5e443091c7a6b15ea5b3db3 DarkComet Win32.Trojan.Occamy
  42. - c7a2559f0e134cafbfc27781acc51217127a7739c67c40135be44f23b3f9d77b AutoIt FTP tool
  43. - 99c1228d15e9a7693d67c4cb173eaec61bdb3e3efdd41ee38b941e733c7104f8 .NET FTP tool
  44. - 94526e2d1aca581121bd79a699a3bf5e4d91a4f285c8ef5ab2ab6e9e44783997 PowerShell downloader (registry.ps1)
  45. - dedfbc8acf1c7b49fb30af35eda5e23d3f7a202585a5efe82ea7c2a785a95f40 POSHC2 backdoor
  46.  
  47. # Non-Free Domains
  48. update-sec.com
  49. service-avant.com
  50. microsoftupdated.com
  51. securityupdated.com
  52. svcexplores.com
  53. mynetwork.cf
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!