API tools faq
paste
Advertisement
Bank_Security

New TA505 IOCs

Bank_Security
Dec 23rd, 2019
14,669
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.21 KB | None | 0 0
raw download clone embed print report
  1. TA505, known group that targets Banks around the world, evolves ServHelper, uses Predator The Thief and Team Viewer Hijacking
  2.  
  3.  
  4. IOC Comment
  5. 9aa1b6bb7d53b008b6529b4a2f6bfada ServHelper
  6. a2e77ee41f4d4d3e8814d07d26ec5be3 Malicious .docx
  7. 77f46b13d858f83c3ce5bdc6ffbc8a95 WinDef.msi
  8. de70f256b9fd194f6844d7aa81b17b4e crypted.exe (Predator)
  9. 6954cee9db2533337e4425aceacc547b DEFOFF.exe
  10. a606d454b408b99aa9fc7ad774951621 LDR_5622.js
  11. 92cc85c53e169b330fd8686d35259261 file1.exe
  12. a511410d5889fca07a0dd0a8c84d6c8a signed.exe
  13. c3c226ec03f393103b9df764df50f0bc msi.dll
  14. hxxp://96.9.211[.]157/sdf4r3r3/WinDef.msi WinDef Download URL
  15. hxxps://soul-fly[.]xyz/api/gate.get Predator C2
  16. hxxps://artrolife[.]club/fhj37f34fdd/file1.exe LDR_5622 URL1
  17. hxxp://supremeconnect[.]xyz/fdfg83574gd/file2.exe LDR_5622 URL2
  18. hxxp://0926tv[.]xyz/mystt34834ujf37data/ Team Viewer Panel
  19. hxxp://gabardine[.]xyz/log.txt ServHelper NetSupport
  20. hxxp://kuarela[.]xyz/1.txt ServHelper NetSupport
  21. hxxp://foxlnklnk[.]xyz/pf1.txt ServHelper NetSupport
  22. hxxp://cafafafa[.]xyz/pf1.txt ServHelper NetSupport
  23. hxxp://letitbe[.]icu/2.txt ServHelper NetSupport
  24.  
  25.  
  26. ATT&CK TTPs
  27.  
  28.  
  29. Tactic Technique
  30. Initial Access T1193 – Spearphishing Attachment
  31. T1192 – Spearphishing Link
  32. Execution T1059 – Command-Line Interface
  33. T1086 – PowerShell
  34. T1085 – Rundll32
  35. T1053 – Scheduled Task
  36. T1064 – Scripting
  37. Persistence T1098 – Account Manipulation
  38. T1136 – Create Account
  39. T1078 – Valid Accounts
  40. T1053 – Scheduled Task
  41. Privilege Escalation T1038 – DLL Search Order Hijacking
  42. Defense Evasion T1089 – Disabling Security Tools
  43. T1107 – File Deletion
  44. T1143 – Hidden Window
  45. Credential Access T1179 – Hooking
  46. T1503 – Credentials from Web Browsers
  47. Discovery T1069 – Permission Groups Discovery
  48. T1087 – Account Discovery
  49. T1082 – System Information Discovery
  50. Collection T1119 – Automated Collection
  51. T1056 – Input Capture
  52. Command and Control
  53.  
  54.  
  55. T1132 – Data Encoding
  56. T1001 – Data obfuscation
  57. T1219 – Remote Access Tools
  58. T1105 – Remote File Copy
  59. T1071 – Standard Application Layer Protocol
  60. Exfiltration T1022 – Data encryption
  61. Impact T1529 – System Shutdown/Reboot
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!