API tools faq
paste
Advertisement
Bank_Security

BlueNoroff’s indicators of compromise

Bank_Security
Jan 24th, 2022
10,046
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.43 KB | None | 0 0
raw download clone embed print report
  1.  
  2. Malicious shortcut files
  3. 033609f8672303feb70a4c0f80243349
  4. 2100e6e585f0a2a43f47093b6fabde74
  5. 4a3de148b5df41a56bde78a5dcf41975
  6. 5af886030204952ae243eedd25dd43c4 Password.txt.lnk
  7. 5f761f9aa3c1a76b17f584b9547a01a7 Password.txt.lnk
  8. 7a4a0b0f82e63941713ffd97c127dac8 Password.txt.lnk
  9. 813203e18dc1cc8c70d36ed691ca0df3
  10. 961e6ec465d7354a8316393b30f9c6e9 Gdpr Password.txt.lnk
  11. 9ea244f0a0a955e43293e640bb4ee646
  12. a3c61de3938e7599c0199d2778f7d417 Password.txt.lnk
  13. a5d4bfc3eab1a28ffbcba67625d8292e
  14. a94529063c3acdbfa770657e9126b56d
  15. ab095cb9bc84f37a0a655fbc00e5f50e
  16. b52d30d1db40d5d3c375c4a7c8a115c1
  17. dd2569684ca52ed176f1619ecbfa7aaa
  18. dff21849756eca89ebfaa33ed3185d95
  19. e18dd8e61c736cfc6fff86b07a352c12
  20. e546b851ac4fa5a111d10f40260b1466
  21. e6e64c511f935d31a8859e9f3147fe24 Password.txt.lnk
  22. ea7ed84f7936d4cbafa7cec51fe39cf7
  23. f414f6590636037a6ec92a4d951bdf55
  24. 4e207d6e930db4293a6d720cf47858fc
  25. 5e44deca6209e64f4093beae92db0c93 Password.txt.lnk
  26. 84c427e002fd162d596f3f43ce86fd6a Password.txt.lnk
  27. c16977fefbdc825a5c6760d2b4ea3914
  28. e5d12ef32f9bd3235d0ac45013040589
  29. 09bca3ddbc55f22577d2f3a7fda22d1c Password.txt.lnk
  30. 0eb71e4d2978547bd96221548548e9f0 Password.txt.lnk
  31. da599b0cde613b5512c13f299fec739e Password.txt.lnk
  32. 0c9170a2584ceeddb89e4c0f0a2353ed Password.txt.lnk
  33. 5053103dd5d075c1dc54edf1f8568098 Password.txt.lnk
  34. 536bae311c99a4d46f503c68595d4431 Password.txt.lnk
  35. 3078265f207fed66470436da07343732 Password.txt.lnk
  36. 15f1ae1fed1b2ea71fdb9661823663c6 Password.txt.lnk
  37. 56fe283ca3e1c1667191cc7764c260b6 Password.txt.lnk
  38. 850751de7b8e158d86469d22ad1c3101 Password.txt.lnk
  39. 1a8282f73f393656996107b6ec038dd5 Password.txt.lnk
  40. 2ea2ceab1588810961d2fc545e2f957e Password.txt.lnk
  41. 561f70411449b327e3f19d81bb2cea08 Password.txt.lnk
  42. 3812cdc4225182326b1425c9f3c2d50b Password.txt.lnk
  43. 4274e6dbc2b7aee4ef080d19fff47ce7 Password.txt.lnk
  44. 427bdfe4425e6c8e3ea41d89a2f55870 Password.txt.lnk
  45. 7a83be17f4628459e120a64fcab70bac Password.txt.lnk
  46. 5d662269739f1b81072e4c7e48972420 Password.txt.lnk
  47. 244a23172af8720882ae0141292f5c47 Password.txt.lnk
  48. a8e2c94abb4c1e77068a5e2d8943296c Password.txt.lnk
  49. 89c26cefa057cf21054e64b5560bf583 Xbox.lnk
  50. 805949896d8609412732ee7bfb44900a Password.txt.lnk
  51. a2be99a5aa26155e6e42a17fbe4fd54d Security Bugs in rigs.pdf.lnk
  52. 28917b4187b3b181e750bf024c6adf70 readme.txt.lnk
  53. 9f8e51f4adc007bb0364dfafb19a8c11 UserAssist.lnk
  54. 790a21734604b374cf260d20770bfc96 SALT Lending Opportunities.pdf.lnk
  55. db315d7b0d9e8c9ca0aa6892202d498b Password.txt.lnk
  56. 02904e802b5dc2f85eec83e3c1948374 Security Bugs in Operation.pdf.lnk
  57. baebc60beaced775551ec23a691c3da6
  58. 302314d503ae88058cb4c33a6ac6b79b Password.txt.lnk
  59. aeac6f569fb9a7d3f32517aa16e430d6 Password.txt.lnk
  60. 926DEEAF253636521C26442938013204
  61. 8064e00b931c1cab6ba329d665ea599c MSEdge.lnk
  62. bcb4a8f190f2124be57496649078e0ae
  63. 781a20f27b72c1c901164ce1d025f641 MSAssist.lnk
  64. 483e3e0b1dceb4a5a13de65d3556c3fe MSAssist.lnk
  65.  
  66. Malicious documents
  67. 00a63a302dcaffc9f28826e9dba30e03 Abies VC Presentation.docx
  68. ee9dda6bbbb1138263873dbef36a4d42 Abies VC Presentation.docx
  69. 0f1c81c2023eae0fc092ce9f58213bcf Abies VC Presentation.docx
  70. 491e0d776f01f102d36155a46f1a8e3c Ant Capital Presentation (Azure Protected).docx
  71. c33ce08ebcc6e508bb3a17e0fa7b08f8 Global Brain Pitch Deck.docx
  72. b1911ef720b17aeed69ec41c8e94cc1e
  73. 340fb219872ce3c0d3acf924f4f9e598 Venture Labo Investment Pitch Deck.docx
  74. 380e9e78dc5bc91fb6cdd8b4a875f20a
  75. eb18ac97dba79ea48c185fb2826467fe
  76. 2a9ff6d80cdd4aeed1c48a1ccdc525dd Abies VC Presentation.docx
  77. ecf75bec770edcd89a3c16d3c4edde1a Abies VC Presentation (1).docx
  78. 6c4943f4c28a07ee8cae41dad16d72b3 Abies VC Presentation.docx
  79. f76e2e6bfbee77ae36049880d7c227f7 Abies VC Presentation.docx
  80. 7aec3d1b24ed0946ab740924be5834fa Abies VC Presentation.docx
  81. 47e325e3467bfa80055b7c0eebb11212 Abies VC Presentation.docx
  82. 1e0d96c551ca31a4055491edc17ce2dd Abies VC Presentation.docx
  83. bcf97660ce2b09cbffb454aa5436c9a0 Digital Asset Investment Stategy 2020 (ISO 27001).docx
  84. 13ff15ac54a297796e558bb96feaacfd Abies VC Presentation(ISO 27001).docx
  85. cace67b3ea1ce95298933e38311f6d0b Adviser-Non-Disclosure-Agreement-NDA(ISO 27001).docx
  86. 645adf057b55ef731e624ab435a41757 OKEx and DeepMind Intro Deck(ISO 27001_Protected).docx
  87. bde4747408ce3cfdfe8238a133ebcac9 Circle Business Introduction(ISO 27001).docx
  88. 421b1e1ab9951d5b8eeda5b041cb0657 Berkshire Hathaway HomeServices Custody – Mutual NDA.docx
  89. d2f08e227cd528ad8b26e9bbe285ae3c Union Square Ventures Partnership – Mutual NDA Form.docx
  90. 04deb35316ebe1789da042c8876c0622 Chiliz Partnership – Mutual NDA Form.docx
  91. af4eefa8cddc1e412fe91ad33199bd71 FasterCapital Mutual NDA Form.docx
  92. 34239a3607d8b5b8ddd6797855f2e827 FasterCapital Introduction 2020 Oct.docx
  93. 389172d2794d789727b9f7d01ec27f75 Lundbergs NDA Mutual Form.docx
  94. f40e7998a84495648b0338bc016b9417 Union Square Ventures Partnership – Mutual NDA Form.docx
  95. c8c2a9c50ff848342b0885292d5a8cd4 VIRUS.docx
  96. adf9dc317272dc3724895cb07631c361 Non-Disclosure-Agreement-NDA(ISO 27001).docx
  97. 158d84c90a79edb97ec5b840d86217c7 Venture Labo Investment Pitch Deck.docx
  98. e26725f34ebcc7fa9976dd07bfbbfba3 Global Brain Pitch Deck.docx
  99. a435acb5bac92b855d1799a685507522
  100. 9969b67ef643bed20a38346dcd69bec4
  101. a6446bfea82b69169b4026222ca253b2
  102. bdf1643c3a10a25d3aba2c4c608ec5d5
  103. b4b695c8e6fea95db5843a43644f88b0
  104. d8561c74ad9624d7c35c0fb15d3ca8fe
  105. f9195b14ed20b30b7c239d50e6418151
  106. 3dd638551b03a36d13428696dcada5d8
  107. f26eaa212c503aaba6e5015cb8ef44b5 Venture Labo Investment Pitch Deck.docx
  108. 793de76de6d4015ebdd5e552ac5b2f90 Pantera Capital Investment Agreement(Protected).docx
  109. 709ec9fbbc3c37ccd39758527c332b84 Pantera Capital Investment Agreement(Protected).docx
  110. 89099235aad37a29b7acedc96fda0037 Venture Labo Investment Pitch Deck.docx
  111. 358791e1abd64f490c865643a3fbb93d Z Venture Capital Presentation(Protected).docx
  112. cea54a904434c66f217fbadc571e1507 Z Venture Capital Presentation(Protected).docx
  113. 9be0075b9344590b3cabf61c194db180 Rapid Change of Stablecoin (Protected).docx
  114. 98e30453bbf1c9c9f48368f9bbe69edd Z Venture Capital Presentation(Protected).docx
  115. 9ad7b21603ecce5ee744ba8aa387fb6c Pantera Capital Investment Agreement(Protected).docx.123.docx.123
  116.  
  117. Injected remote template
  118. 3dd638551b03a36d13428696dcada5d8
  119. 2da244dc9bbdbf2013b7fbc2a74073a2
  120. f3157dc297cb802c8ae2f07702903bfa
  121.  
  122. Visual Basic Script
  123. ce09cdb7979fb9099f46dd33036b9001 xivwtjab.vbs
  124. f7f4aa55a2e4f38a6a3ea5a108baedf5 vwnozphn.vbs
  125.  
  126. Powershell
  127. ae52b28b360428829c4fcdc14e839f19 usoclient.ps1
  128.  
  129. Powershell agent(VBS-wrapped)
  130. 73572519159b0c27a18dbbaf25ef1cc0 guide.vbs
  131. 8ae6aa90b5f648b3911430f14c92440b %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\check.vbs
  132. ae12a668dd9f254c42fcd803c7645ed1 1.vbs
  133. 589f1bb4da89cfd4a2f7f3489aa426a9 %APPDATA%\microsoft\windows\start menu\programs\startup\guide.vbs
  134. 73572519159b0c27a18dbbaf25ef1cc0 guide.vbs
  135.  
  136. Backdoor
  137. 1d0fc2f1a6eb2b2bfa166a613ca871f0
  138. db91826cb9f2ad6edfed8d6bab5bef1f users.dll, wmc.dll
  139. 9c592a22acdfb750c440fda31da4996c
  140.  
  141. Keylogger
  142. f29be5c7e602e529339fda35ff91bd39
  143.  
  144. Screencapture malware
  145.  
  146. f194e074e7d73c544eebb70e2e2785a1
  147.  
  148. Injector
  149. ec2b51dc1dc99165a0eb46b73c317e25 cssvc.dll
  150. d8e51f1b9f78785ed7449145b705b2e4 cfssvc.dll
  151. dd2d50d2f088ba65a3751e555e0dea71 bfcsvc.dll
  152. f5317f1c0a10a80931378d68be9a4baa lssc.dll
  153. 8727a967bbb5ebd99789f7414d147c31 sst.dll
  154. cab281b38a57524902afcb1c9c8aa5ba bnt.dll
  155. 6a2cbaea7db300925d25d9decf461d95 lmsvc.dll
  156. 33a60ea8859307d3fd1a1fe884e37d2d
  157. 1993ebb00cb670c6e2ca9b5f6c6375c4 sessc.dll
  158. 1fb48113d015466a272e4b70c3109e06 wssc.dll
  159. 33ae39569f0051d8dc153d7b4e814a67
  160. 525345989e10b64cd4d0e144eb48171f
  161. 724d11c2cae561225e7ed31d7517dd40 lsasvc.dll
  162. 56df737f3028203db8d51ed1263160ad ocss.dll
  163. a160b36426ce77bccdd32d117eeb879b csscv.dll
  164. 8fa484d35e60b93a4128dc5de45ec0df wmmc.dll
  165. 5cc93ccc91b2849df55d89b360fbae58
  166. 630ba28be4f55ea67225a3760f9e8c1f
  167.  
  168. Persistence Backdoor #1
  169. 2934a7a0dfaf2ebc81b1f089277129c4 Default.rdp
  170. 6c97c64052dfdc457b001f84b8657435 Default.rdp
  171. bdc354506d6c018b52cb92a9d91f5f7c Default.rdp
  172. 737478dbd1f66c9edb2d6c149432be26 Default.rdp
  173. 5912e271b0da85ae3327d66deabf03ed Default.rdp
  174. d209c3da192c49cecb5a7b3d0f7154ac Default.rdp
  175. 8d8f3a0d186b275e51589a694e09e884 Default.rdp
  176. 7ccf3ddbdb175fcfece9c4423acf07b6
  177. 0a9b8ca2988208b876b74641c07f631e Default.rdp
  178.  
  179. Persistence Backdoor #2
  180. 9b30baa7873d86f985657c3e324ac431 vsat.dll
  181. ae79ea7dfa81e95015bef839c2327108 ssdp.dll
  182. ca9b98f17b9e24ca3f802c04eb508103
  183. 849dd9e09cc2434ee7dbdbf9e1c408b2
  184. 804523ecb9f7809fc2377d03b47dba22
  185. 2b7e434e52ff7480ae06ba901f8efbfd
  186. 7129020312b85d5b1e760fc57b567d95
  187. ea9d8b81c9f85fd142639997187b447e
  188. e80f9d2fa735d7ab3bd9e954c4fcb6d0
  189. e2ddf13340ba79b2635618e5675eea23
  190. 00a145e8f67a92b01ce4d85a0ed6bd77
  191. 73aed6bcf90f936f3fbcb389a133d7c8
  192. ff28ec14ec926b9892c61b9bf154a910
  193. 97e5c0fe8089da97665a22975e2c86de
  194. f60d7f620dc925c4e786bcf46856f4c8
  195. 4fbff7f0f62b26963b56c0fc23486891
  196. 4bb579d59830579be9ead9f74a55001e
  197. aafc80ff2afc71b0d5abd6c8d2809e65
  198. 9850b24f8d70ad957f328961170e2d40
  199. 58495a2083065b36040eea288a9d5e17
  200. f1cfd14b030e6b5d75e777ace530dad9
  201. 1fb25f72e4eb26b0df154de28dbff74c
  202. 1b1acc7f27717905e7094f338f81db9f
  203. 3776d4a24213972b54b9ed3360ac7883
  204. c93f3bb4f7b19f5eb6f736f2659c4dae
  205. 9084620e0219c035d60d395be1bf4cae
  206. 2e38f37a23d9f00a02098dd302fc14e2
  207.  
  208. Domains
  209. abiesvc[.]com
  210. abiesvc[.]info
  211. abiesvc.jp[.]net
  212. atom.publicvm[.]com
  213. att.gdrvupload[.]xyz
  214. authenticate.azure-drive[.]com
  215. azureprotect[.]xyz
  216. backup.163qiye[.]top
  217. beenos[.]biz
  218. bhomes[.]cc
  219. bitcoinnews.mefound[.]com
  220. bitflyer[.]team
  221. blog.cloudsecure[.]space
  222. buidihub[.]com
  223. chemistryworld[.]us
  224. circlecapital[.]us
  225. client.googleapis[.]online
  226. cloud.azure-service[.]com
  227. cloud.globalbrains[.]co
  228. cloud.jumpshare[.]vip
  229. cloud.venturelabo[.]co
  230. cloudshare.jumpshare[.]vip
  231. coin-squad[.]co
  232. coinbig[.]dev
  233. coinbigex[.]com
  234. deepmind[.]fund
  235. dekryptcap[.]digital
  236. dllhost[.]xyz:5600
  237. doc.venturelabo[.]co
  238. doc.youbicapital[.]cc
  239. doconline[.]top
  240. docs.azureword[.]com
  241. docs.coinbigex[.]com
  242. docs.gdriveshare[.]top
  243. docs.goglesheet[.]com
  244. docs.securedigitalmarkets[.]co
  245. docstream[.]online
  246. document.antcapital[.]us
  247. document.bhomes[.]cc
  248. document.fastercapital[.]cc
  249. document.kraken-dev[.]com
  250. document.lundbergs[.]cc
  251. document.skandiafastigheter[.]cc
  252. documentprotect[.]live
  253. documentprotect[.]pro
  254. documents.antcapital[.]us
  255. docuserver[.]xyz
  256. domainhost.dynamic-dns[.]net
  257. download.azure-safe[.]com
  258. download.azure-service[.]com
  259. download.gdriveupload[.]site
  260. drives.googldrive[.]xyz
  261. drives.googlecloud[.]live
  262. driveshare.googldrive[.]xyz
  263. dronefund[.]icu
  264. drw[.]capital
  265. eii[.]world
  266. etherscan.mrslove[.]com
  267. faq78.faqserv[.]com
  268. fastdown[.]site
  269. fastercapital[.]cc
  270. file.venturelabo[.]co
  271. filestream[.]download
  272. foundico.mefound[.]com
  273. galaxydigital[.]cc
  274. galaxydigital[.]cloud
  275. googledrive[.]download
  276. googledrive[.]email
  277. googledrive[.]online
  278. googledrive.publicvm[.]com
  279. googleexplore[.]net
  280. googleservice[.]icu
  281. googleservice[.]xyz
  282. gsheet.gdocsdown[.]com
  283. hiccup[.]shop
  284. innoenergy[.]info
  285. isosecurity[.]xyz
  286. jack710[.]club
  287. jumpshare[.]vip
  288. kraken-dev[.]com
  289. ledgerservice.itsaol[.]com
  290. lemniscap[.]cc
  291. lundbergs[.]cc
  292. mail.gdriveupload[.]info
  293. mail.gmaildrive[.]site
  294. mail.googleupload[.]info
  295. mclland[.]com
  296. microstratgey[.]com
  297. miss.outletalertsdaily[.]com
  298. msoffice.qooqle[.]download
  299. note.onedocshare[.]com
  300. onlinedocpage[.]org
  301. page.googledocpage[.]com
  302. product.onlinedoc[.]dev
  303. protect.antcapital[.]us
  304. protect.azure-drive[.]com
  305. protect.venturelabo[.]co
  306. protectoffice[.]club
  307. pvset.itsaol[.]com
  308. qooqle[.]download
  309. qoqle[.]online
  310. regcnlab[.]com
  311. reit[.]live
  312. securedigitalmarkets[.]ca
  313. share.bloomcloud[.]org
  314. share.devprocloud[.]com
  315. share.docuserver[.]xyz
  316. share.stablemarket[.]org
  317. sharedocs[.]xyz
  318. signverydn.sharebusiness[.]xyz
  319. sinovationventures[.]co
  320. skandiafastigheter[.]cc
  321. slot0.regcnlab[.]com
  322. svr04.faqserv[.]com
  323. tokenhub.mefound[.]com
  324. tokentrack.mrbasic[.]com
  325. twosigma.publicvm[.]com
  326. up.digifincx[.]com
  327. upcraft[.]io
  328. updatepool[.]online
  329. upload.gdrives[.]best
  330. venturelabo[.]co
  331. verify.googleauth[.]pro
  332. word.azureword[.]com
  333. www.googledocpage[.]com
  334. www.googlesheetpage[.]org
  335. www.onlinedocpage[.]org
  336. youbicapital[.]cc
  337.  
  338. C2 address used by backdoor
  339. 118.70.116[.]154:8080
  340. 163.25.24[.]44
  341. 45.238.25[.]2
  342. devstar.dnsrd[.]com
  343. fxbet.linkpc[.]net
  344. lservs.linkpc[.]net
  345. mmsreceive.linkpc[.]net
  346. mmsreceive.linkpc[.]net
  347. msservices.hxxps443[.]org
  348. onlineshoping.publicvm[.]com
  349. palconshop.linkpc[.]net
  350. pokersonic.publicvm[.]com
  351. press.linkpc[.]net
  352. rubbishshop.linkpc[.]net
  353. rubbishshop.publicvm[.]com
  354. socins.publicvm[.]com
  355. vpsfree.linkpc[.]net
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!