Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Flfin - APT33
- # Based on https://www.symantec.com/blogs/threat-intelligence/elfin-apt33-espionage
- # WinRAR
- 89.34.237.118:808/Rar32.exe
- # POSHC2
- mynetwork.ddns.net:880/st-36-p4578.ps1
- # HFS Panel, Other files
- hxxp//mynetwork.ddns.net:880/MSFeeds.vbe
- # SHA256 - e101556a7438fc4e294cc7e60ebc52362534eac52a9aa1a421e482506b524512
- hxxp//mynetwork.ddns.net:880/registry.ps1
- # SHA256 - 8a5a947cc4d0649d776c1be1eaee105eb3771f2ec7e50c111e9f1668cb53a3a8
- # Quasar RAT, Not a Multihomed IP
- 217.147.168.123
- # Custom FTP Tool, Not a Multihomed IP
- 192.119.15.36:880/ftp.exe
- # C2, Not a Multihomed IP
- ftp://89.34.237.118:2020
- # Malware Samples
- # MD5 SHA256
- c02689449a4ce73ec79a52595ab590f6 5798aefb07e12a942672a60c2be101dc26b01485616713e8be1f68b321747f2f Notestuk/TURNEDUP Win32.Trojan.Hombot
- c079412d8386f29ce40d0e8352cff96d a67461a0c14fc1528ad83b9bd874f53b7616cfed99656442fb4d9cdd7d09e449 AutoIt backdoor Win32.Trojan.Tiggre
- 451ce41809508b7f88a24caba884926c f2943f5e45befa52fb12748ca7171d30096e1d4fc3c365561497c618341299d5 Gpppassword Win32.Trojan.Hacktool
- 99fa06574acad41ad3ea5998923873ce 87e2cf4aa266212aa8cf1b1c98ae905c7bac40a6fc21b8e821ffe88cf9234586 LaZagne Win32.Trojan.Hacktool
- 0997f4ded857be05e4142109e3812d41 709df1bbd0a5b15e8f205b2854204e8caf63f78203e3b595e0e66c918ec23951 LaZagne Win32.Trojan.Hacktool
- 8307361a634d5489434c7711fe3b320a a23c182349f17398076360b2cb72e81e5e23589351d3a6af59a27e1d552e1ec0 Quasar RAT Win32.Trojan.Quasar
- 618f5a9916d3762538755c38992977e3 0b3610524ff6f67c59281dbf4a24a6e8753b965c15742c8a98c11ad9171e783d Quasar RAT Win32.Trojan.Quasar
- 17fc032e3b92eaa5222a7f147a0ccd27 d5262f1bc42d7d5d0ebedadd8ab90a88d562c7a90ff9b0aed1b3992ec073e2b0 Quasar RAT Win32.Trojan.Quasar
- 67fff57bb44d3458b17f0c7a7a45f405 ae1d75a5f87421953372e79c081e4b0a929f65841ed5ea0d380b6289e4a6b565 Remcos Win32.Trojan.Casdet
- 8ff436b4a5743ef1903b372c52567319 e999fdd6a0f5f8d1ca08cf2aef47f5ddc0ee75879c6f2c1ee23bc31fb0f26c70 Remcos Win32.Trojan.Kryptik
- - 018360b869d8080cf5bcca1a09eb8251558378eb6479d8d89b8c80a8e2fa328c Remcos
- - 367e78852134ef488ecf6862e71f70a3b10653e642bda3df00dd012c4e130330 Remcos
- - ea5295868a6aef6aac9e117ef128e9de107817cc69e75f0b20648940724880f3 Remcos
- - aa905a3508d9309a93ad5c0ec26ebc9b 6401abe9b6e90411dc48ffc863c40c9d9b073590a8014fe1b0e6c2ecab2f7e18 SniffPass Win32.Trojan.Hacktool
- bf9c589de55f7496ff14187b1b5e068bd104396c23418a18954db61450d21bab DarkComet
- - 550ed5aef772bdb0e280b1c283ac5f9f af41e9e058e0a5656f457ad4425a299481916b6cf5e443091c7a6b15ea5b3db3 DarkComet Win32.Trojan.Occamy
- - c7a2559f0e134cafbfc27781acc51217127a7739c67c40135be44f23b3f9d77b AutoIt FTP tool
- - 99c1228d15e9a7693d67c4cb173eaec61bdb3e3efdd41ee38b941e733c7104f8 .NET FTP tool
- - 94526e2d1aca581121bd79a699a3bf5e4d91a4f285c8ef5ab2ab6e9e44783997 PowerShell downloader (registry.ps1)
- - dedfbc8acf1c7b49fb30af35eda5e23d3f7a202585a5efe82ea7c2a785a95f40 POSHC2 backdoor
- # Non-Free Domains
- update-sec.com
- service-avant.com
- microsoftupdated.com
- securityupdated.com
- svcexplores.com
- mynetwork.cf
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement