API tools faq
paste
Advertisement
Bank_Security

New MuddyWater APT Activities

Bank_Security
Jun 11th, 2019
15,291
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.38 KB | None | 0 0
raw download clone embed print report
  1. New MuddyWater APT Activities
  2. Indicators of Compromise (IoCs)
  3.  
  4. SHA-256s
  5. 4d72dcd33379fe7a34f9618e692f659fa9d318ab623168cd351c18ca3a805af1
  6. 7e7b6923f3e2ee919d1ea1c8f8d9a915c52392bd6f9ab515e4eb95fa42355991
  7. 1dae45ea1f644c0a8e10c962d75fca1cedcfd39a88acef63869b7a5990c1c60b
  8. 3deaa4072da43185d4213a38403383b7cefe92524b69ce4e7884a3ddc0903f6b
  9. 36ccae4dffc70249c79cd3156de1cd238af8f7a3e47dc90a1c33476cf97a77b0
  10. 9389cf41e89a51860f918f29b55e34b5643264c990fe54273ffbbf5336a35a45
  11. dab2cd3ddfe29a89b3d80830c6a4950952a44b6c97a664f1e9c182318ae5f4da
  12. 200c3d027b2d348b0633f8debbbab9f3efc465617727df9e3fdfa6ceac7d191b
  13. 98f0f2c42f703bfbb96de87367866c3cced76d5a8812c4cbc18a2be3da382c95
  14. 20bf83bf516b12d991d38fdc014add8ad5db03907a55303f02d913db261393a9
  15. f5ef4a45e19da1b94c684a6c6d51b86aec622562c45d67cb5aab554f21eb9061
  16. ff349c8bf770ba09d3f9830e22ab6306c022f4bc1beb193b3b2cfe044f9d617b
  17. 95c650a540ed5385bd1caff45ba06ff90dc0773d744efc4c2e4b29dda102fcce
  18. 6be18e3afeec482c79c9dea119d11d9c1598f59a260156ee54f12c4d914aed8f
  19. 3c0c58d4b9eefea56e2f7be3f07cdb73e659b4db688bfbf9eacd96ba5ab2dfe5
  20. 745b0e0793fc507d9e1ad7155beb7ac48f8a556e6ef06e43888cbefec3083f2f
  21. 9580aaca2e0cd607eaf54c3eb933e41538dc10cd341d41e3daa9185b2a6341c4
  22. 0ae4ce8c511a22da99c6edc4be86af1c5d3a7d2baf1e862925a503d8baae9fd7
  23. c19095433ac4884d3205a59e61c90752ecb4e4fa6a84e21f49ed82d9ec48aa3c
  24. 264f2ea4a8fad97e66d5ad41a57517b4645fe4c4959d55370919379b844b0750
  25. 36be54812428b4967c3d25aafdc703567b42ad4536c089aefaef673ce36a958f
  26. 9112505ff574b43dd27efc8afcf029841e1ea5193db90424b8b8b6b0e53c3437
  27. d77d16c310cce09b872c91ca223b106f4b56572242ff5c4e756572070fac210f
  28. d5b7a5ae4156676b37543a3183df497367429ae2d01ef33ebc357c4bdd9864c3
  29. c63f1d364b9fa2c1023ce5a1b5fed12e1eba780c64276811c4b47743dfcbadbd
  30. 0e7e3c2c7fe34afc02c6e672ae00bc4e432b300ec184dec08440fba91b664999
  31. 88e02850c575504bb4476f0d519cec8e6a562b72d17ed50b9d465d8e0de50093
  32. 67c3c5af27d19f25bc55c8e36ef19b57c03b211ce0637055721ae4b0e57011a7
  33. 5194f84cc52093bb4978167a9f2d5c0903e9de0b81ca20f492e4fc78b6a77655
  34. 3e6d39886d76ab3c08b26feae075e01e9fb3c90795fa52dd6c74e4ef8b590fe8
  35. 525ba2c8d35f6972ac8fcec8081ae35f6fe8119500be20a4113900fe57d6a0de
  36.  
  37. 5d3d5fa9c6ffa64b2af0c5ce357cb6a16085280d32eb321d679b57472ffb1019
  38. 6ccb3882c516fafc54444e09f5c60738831292be0231939bec9168a0203e01bb
  39. c175b2e9f0d73db293ca061ce95cdd92a423348aa162b14c158d97e9e7c3ff10
  40. 66733fe27591347f6b28bc7750ba1b47b2853f711adcdb1270951c6b92e795d6
  41. fbd63941a25253f5bafe69c9cc86c7effc6ff14b9adddd6f69e2f26ed39a77a4
  42. Malicious Word documents
  43.  
  44. SHA-256s
  45. 2ba871586176522fe75333e834c16025b01e1771e4c07bc13995adbfa77c45f5
  46. 6a441b2303aeb38309bf2cb70f1c97213b0fa2cf7a0f0f8251fe6dc9965ada3b
  47. d698c1d492332f312487e027d0665970b0462aceeeba3c91e762cff8579e7f72
  48. 99e9a816e6b3fe7868b9c535ed13028f41089e0275eba1ba46ae7a62a7e47668
  49. 6a441b2303aeb38309bf2cb70f1c97213b0fa2cf7a0f0f8251fe6dc9965ada3b
  50. d698c1d492332f312487e027d0665970b0462aceeeba3c91e762cff8579e7f72
  51. Compressed weaponized documents
  52.  
  53. SHA-256s
  54. df1bd693c11893c5259c591dceef707aa0480ef5626529f8a5b0ef826e5c0dec
  55. 4ba618c04cbdc47de2ab5f2c91f466bc42163fd541de80ab8b5e50f687bbb91c
  56. e241b152e3f672434636c527ae0ebbd08c777f488020c98efce8b324486335c5
  57. df1bd693c11893c5259c591dceef707aa0480ef5626529f8a5b0ef826e5c0dec
  58. POWERSTATS encoded with PS2EXE tool
  59.  
  60. SHA-256s
  61. 6b4d271a48d118843aee3dee4481fa2930732ed7075db3241a8991418f00d92b
  62. 02f54da6c6f2f87ff7b713d46e058dedac1cedabd693643bb7f6dfe994b2105d
  63. 9af8a93519d22ed04ffb9ccf6861c9df1b77dc5d22e0aeaff4a582dbf8660ba6
  64. dff2e39b2e008ea89a3d6b36dcd9b8c927fb501d60c1ad5a52ed1ffe225da2e2
  65. 26de4265303491bed1424d85b263481ac153c2b3513f9ee48ffb42c12312ac43
  66. 3bfec096c4837d1e6485fe0ae0ea6f1c0b44edc611d4f2204cc9cf73c985cbc2
  67. 5dbf6e347164d580665208b2bc04756857529121fd1c7861e84f18e8a6027924
  68. e9617764411603ddd4e7f39603a4bdaf602e20126608b3717b1f6fcae60981f2
  69. be9fb556a3c7aef0329e768d7f903e7dd42a821abc663e11fb637ce33b007087
  70. de4a1622b498c1cc989be1a1480a23f4c4e9cd25e729a329cfadb7594c714358
  71. Android malware
  72.  
  73. SHA-256s
  74. c2c2adecff2e517395571f4f9bee3b8cffed4521a8e1a3e3b363fd5e635f2eee
  75. b2242bc51ebe2c3abc5a8691546827070540db43843b8328bdb81f450cd1254b
  76. a4f9509e865d0a387cb8f0367e35ffd259b193f5270aacb67cb99942071c60cc
  77. Executable files
  78.  
  79. SHA-256s
  80. 484f78eb4a3bb69d62491fdb84f2c81b7ae131ec8452a04d6018a634e961cd6a
  81. a35406d9ef82a68fbabb3c1e19911c9ed41bed335ef44a15037d1580c2b9dd12
  82. efdec1ad0830359632141186917fd32809360894e8c0a28c28d3d0a71f48ec2f
  83. f1a69e2041ab8ab190d029d0e061f107ef1223b553e97c302e973a3b3c80f83e
  84. 31cf13e8579f0589424631c6be659480f9a204a50a54073e7d7fe6c9c81fa0db
  85. Patched Lazagne
  86.  
  87. SHA-256s
  88. 6ee79815f71e2eb4094455993472c7fb185cde484c8b5326e4754adcb1faf78e
  89. 81c7787040ed5ecf21b6f80dc84bc147cec518986bf25aa933dd44c414b5f498
  90. 999e4753749228a60d4d20cc5c5e27ca4275fe63e6083053a5b01b5225c8d53a
  91. 8501c4df5995fd283e733ab00492f35aecb6ea2315b44e85abb90b3f067ccb64
  92. 4bd93e4a9826a65ade60117f6136cb4ed0e17beae8668a7c7981d15c0bed705a
  93. SHARPSTATS
  94.  
  95. SHA-256s
  96. 503b2b01bb58fc433774e41a539ae9b06004c7557ac60e7d8a6823f5da428eb8
  97. 04acd5721ad37ac5aa84e7f7e20986de0a532fb625a8bc75302a0f38c171cee3
  98. 8ea17ed2cb662118937ed6fe189582cc11b2b73bb27a223d0468881ac5fcc08e
  99. e2f82b074074955eeca3b0dd7b2831192bee49de329d5d4b36742c9721c8ad94
  100. 503b2b01bb58fc433774e41a539ae9b06004c7557ac60e7d8a6823f5da428eb8
  101. DELPHSTATS
  102.  
  103. Backend server
  104. SHA-256s
  105. e60c802b692a503f4f91e8809bb961b5423c602f6fb374de1af4d983415de3f1
  106. c84a61ba8c84ca1e879c4d8ac802ec260a8c426d89a09d8627a8c08ff6d88faf
  107. 78da47f5a341909d1e6f50f8d39fdde8129ede86f04f3e88b2278e16c72e2461
  108. 4e2cdfed691d6debab01c1733135b146817c94024177f9ef4b22726fac84322f
  109. 3fee29fefe4aa9386a11a7a615dd052ff89e21d87eee0fff5d6f933d9384ede2
  110. 3c75c2f7b299d9cc03a7ff91c568defaa39b4be02d58a75a85930ab23d2a2cff
  111. 276a765a10f98cda1a38d3a31e7483585ca3722ecad19d784441293acf1b7beb
  112. 818253f297fea7d8a2324ee1a233aabbaf3b0b4b9cdaa1ebd676fe00f2247388
  113. f6707b5f41192353be3311fc7f48ee30465038366386b909e6cefaade70c91bc
  114. de7b77f9c456d26e369263b6e1d001279b69e687b2d3029803ede21417d4f5fa
  115. cc685f30e2f6039d12b4cbc92e38f1d64ba75ac12cb86afce5261a11cf4931de
  116. 0faa2bb90de44ef87c7ee11165f7c702211dd603bdaea94af09cfecc3f525138
  117. e6812fa0e12cc1913bfc7eb6dceb638429048e3cc59ce576c012a1d27fa20959
  118. fb773f7324fdca584fff7da490820c7243a10555c8ff717d21c039a5ba337a43
  119. 11761d6cf365932540ccb95b6f20aa45379736cfde33742a004fc8ceccad7daf
  120. b9d4752b892759bb0cb166ab565f050f4b6385dd67f4288ff2231c69ab984a26
  121. 604e09e01e2bfbc8f3680abd8005906e3fbcd2f4edaf24d80cd7105ec6f991b1
  122. f2b8d7ce968ed8d6c33116bcfb8aeed97d89ec1ebf4f505c891020dc79d0ddd3
  123. 336237b1ed2c99c0fef4c954490bd8282d6e46941d2ac2b6c9294a1aa9a254ed
  124. 28a0131a9fda9fe2f2272c5091c77dc750da93d4a070dbd817af38723ea18f02
  125. d320286e80d5785bbd14b10c00f5c9d38d9a781075d7d6ed4eb27c07d4788dbf
  126. 24878dbde796c471a9d028f65421017afc087c958fb54c4b6c3cc7aeabbc1119
  127. 57a9e2e6e715455827faefa982b4312b203189950fe285f1413174f5e812e408
  128. 92bb4432cc9d2988ee4043e420a4df9c8caec4cd93ab258e07546781daa37086
  129.  
  130. SHA-256s
  131. 121adcf3a52cafd0204ca4d4a42a9a09d6c9f559bcb997e51dba79c6a5a04efd
  132. edde2eb39ed2f145c41e53e87d43add8de336d3e4d5c8d261f471d35edf3ed47
  133. Post-exploitation malware
  134.  
  135. C&C Servers
  136. 103[.]13[.]67[.]4
  137. 80[.]80[.]163[.]182
  138. 80[.]90[.]87[.]201
  139. 91[.]187[.]114[.]210
  140. 78[.]129[.]139[.]131
  141. 103[.]13[.]67[.]4
  142. 80[.]80[.]163[.]182
  143. 80[.]90[.]87[.]201
  144. 91[.]187[.]114[.]210
  145. 78[.]129[.]139[.]131
  146. 192[.]168[.]1[.]104:54863
  147. 163[.]172[.]147[.]222:4555
  148. hxxp://78[.]129[.]139[.]148
  149. hxxp://31[.]171[.]154[.]67
  150. hxxp://79[.]106[.]224[.]203
  151. hxxp://185[.]34[.]16[.]82
  152. hxxp://104[.]237[.]233[.]17
  153. hxxp://46[.]99[.]148[.]96
  154. hxxp://134[.]19[.]215[.]3:443
  155. hxxp://gladiyator[.]tk
  156. hxxp://51[.]77[.]97[.]65
  157. hxxp://31[.]171[.]154[.]67
  158. hxxp://79[.]106[.]224[.]203
  159. hxxp://185[.]14[.]248[.]26
  160. hxxp://185[.]162[.]235[.]182
  161. hxxp://185[.]117[.]75[.]116/tmp[.]php
  162. hxxp://38[.]132[.]99[.]167/crf[.]txt
  163. hxxp://185[.]244[.]149[.]218/JpeGDownload/*[.]jpeg
  164. hxxp://185[.]185[.]25[.]175/ref45[.]php
  165. hxxp://185[.]185[.]25[.]175/sDownloads/*[.]jpeg
  166. hxxp://82[.]102[.]8[.]101/bcerrxy[.]php
  167. amazo0n[.]serveftp[.]com/Data
  168. zstoreshoping[.]ddns[.]net/Data/
  169. hxxp://zstoreshoping[.]ddns[.]net/users[.]php?tname=
  170. shopcloths[.]ddns[.]net
  171. getgooogle[.]hopto[.]org
  172. hxxp://gladiyator[.]tk
  173. googleads[.]hopto[.]org
  174. hxxp://www[.]shareliverpoolfc[.]co[.]uk/js/main.php
  175. hxxp://valis-ti[.]cl/assets/main[.]php
  176. hxxp://www[.]latvia-usa[.]org/wpincludes/customize/main.php
  177. hxxp://www[.]shareliverpoolfc[.]co[.]uk/js/main[.]php
  178. hxxp://valis-ti[.]cl/assets/main[.]php
  179. hxxp://www[.]latvia-usa[.]org/wpincludes/customize/main[.]php
  180. hxxp://googleads[.]hopto[.]org/data/ce28e899a8d3d00a.]dat
  181. hxxp://ciscoupdate2019[.]gotdns[.]ch/users[.]php?
  182. hxxps://www[.]jsonstore[.]io/4de4d6d84d17638b3cd0eaf18857784aff27501be7d3dd89fad2b7ac2134f52e
  183. (abused)
  184. hxxps://www[.]jsonstore[.]io/ddf35a64bd5ad54f9de868a84cdb21299a33d126e307ec3a868f65372402816a
  185. (abused)
  186. hxxps://104[.]237[.]233[.]38:8080/YIZDGrM_4mRn_mb8PdhL_QfL2h49-aAO0wfaxRxJAdq9pH2JeliMez10IwMk6PCnluziydTlV-/
  187. hxxps://104[.]237[.]255[.]212:443/GfaBcrPI14rArcGvmQT2g3sW3ZtmqL6IU0Vg5oy21aOK4gvmvYx_TCP_whhSnyQH7/
  188. hxxps://104[.]237[.]233[.]38:1022/aeacrE65xE9SdVN3CJwS9gbtNM84GL_ajl_AD2EoEOHrmbpQ5qC9J7GcSSZQ0JNBDnOulnMWgNy3FV2kcHRuM0u5NMo5Jv9Ks4zS5-pLkiYs4me/
  189. hxxps://104[.]237[.]233[.]38:8080/nud2WCL9WzTiAOMCuFMboA18GWsmrc8k6VqGrXXfqVghYktellhTS7_tg-D64spqdv4sOJ/
  190. hxxps://88[.]99[.]17[.]148:443/3gg7DuFHLwC8gPwW3z9rgnS1Is8F83B-95PHYnVpk9219KbHn-IChwxSFR35a117i2Jz_OX9mUPAYRJw3NhMBxUVDp4iMOkzt/
  191. hxxps://104[.]237[.]233[.]40:8443/zi5w0iDM6aLEgcWDnumYywaHa33BIPzaylNUPUECcNCmfNNcxzv05flJoB3wvWqH6Uf01vI-1yKF96/
  192. hxxps://78[.]129[.]139[.]134:8864/lZkP68TtH_BpZGhmMwxNPwy0vjimgwDRfk01pV2Xu2FztbaevB6RzBUPRietWtBcuxru7tTsF3rZGFPbepd294BP2MG
  193. d/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!