New traces of Hacking Team in the wild

1. New traces of Hacking Team in the wild
2.  
3. IoCs
4.  
5. Samples signed by Ziber Ltd
6. Thumbprint: 14 56 d8 a0 0d 8b e9 63 e2 22 4d 84 5b 12 e5 08 4e a0 b7 07
7. Serial Number: 5e 15 20 5f 18 04 42 cc 6c 3c 0f 03 e1 a3 3d 9f
8.  
9. SHA-1 samples
10. 2eebf9d864bef5e08e2e8abd93561322de2ab33b
11. 51506ed3392b9e59243312b0f798c898804913db
12. 61eda4847845f49689ae582391cd1e6a216a8fa3
13. 68ffd64b7534843ac2c66ed68f8b82a6ec81b3e8
14. 6fd86649c6ca3d2a0653fd0da724bada9b6a6540
15. 92439f659f14dac5b353b1684a4a4b848ecc70ef
16. a10ca5d8832bc2085592782bd140eb03cb31173a
17. a1c41f3dad59c9a1a126324a4612628fa174c45a
18. b7229303d71b500157fa668cece7411628d196e2
19. eede2e3fa512a0b1ac8230156256fc7d4386eb24
20.  
21. C&Cs
22. 149.154.153.223
23. 192.243.101.125
24. 180.235.133.23
25. 192.243.101.124
26. 95.110.167.74
27. 149.154.153.223
28.  
29. Samples signed by ADD Audit
30. Thumbprint: 3e 19 ad 16 4d c1 03 37 53 26 36 c3 7c a4 c5 97 64 6f bc c8
31. Serial Number: 4c 8e 3b 16 13 f7 35 42 f7 10 6f 27 20 94 eb 23
32.  
33. SHA-1 samples
34. 341dbcb6d17a3bc7fa813367414b023309eb69c4
35. 86fad7c362a45097823220b77dcc30fb5671d6d4
36. 9dfc7e78892a9f18d2d15adbfa52cda379ddd963
37. e8f6b7d10b90ad64f976c3bfb4c822cb1a3c34b2
38.  
39. C&Cs
40. 188.166.244.225
41. 45.33.108.172
42. 178.79.186.40
43. 95.110.167.74
44. 173.236.149.166
45.  
46. Samples signed by Media Lid
47. Thumbprint: 17 f3 b5 e1 aa 0b 95 21 a8 94 9b 1c 69 a2 25 32 f2 b2 e1 f5
48. Serial Number: 2c e2 bd 0a d3 cf de 9e a7 3e ec 7c a3 04 00 da
49.  
50. SHA-1 samples
51. 27f4287e1a5348714a308e9175fb9486d95815a2
52. 71a68c6140d066ca016efa9087d71f141e9e2806
53. dc817f86c1282382a1c21f64700b79fcd064ae5c
54.  
55. SHA-1 samples
56. 27f4287e1a5348714a308e9175fb9486d95815a2
57. 71a68c6140d066ca016efa9087d71f141e9e2806
58. dc817f86c1282382a1c21f64700b79fcd064ae5c
59.  
60. C&Cs
61. 188.226.170.222
62. 173.236.149.166
63. Samples signed by Megabit, OOO
64. Thumbprint: 6d e3 a1 9d 00 1f 02 24 c1 c3 8b de fa 74 6f f2 3a aa 43 75
65. Serial Number: 0f bc 30 db 12 7a 53 6c 34 d7 a0 fa 81 b4 81 93
66.  
67. SHA-1 samples
68. 508f935344d95ffe9e7aedff726264a9b500b854
69. 7cc213a26f8df47ddd252365fadbb9cca611be20
70. 98a98bbb488b6a6737b12344b7db1acf0b92932a
71. cd29b37272f8222e19089205975ac7798aac7487
72. d21fe0171f662268ca87d4e142aedfbe6026680b
73. 5BF1742D540F08A187B571C3BF2AEB64F141C4AB
74. 854600B2E42BD45ACEA9A9114747864BE002BF0B
75.  
76. C&Cs
77. 95.110.167.74
78. 188.226.170.222
79. 173.236.149.166
80. 46.165.236.62
81.  
82. Samples signed by Raffaele Carnacina
83. Thumbprint: 8a 85 4f 99 2a 5f 20 53 07 f8 2d 45 93 89 af da 86 de 6c 41
84. Serial Number: 08 44 8b d6 ee 91 05 ae 31 22 8e a5 fe 49 6f 63
85.  
86. SHA-1 samples
87. 4ac42c9a479b34302e1199762459b5e775eec037
88. 2059e2a90744611c7764c3b1c7dcf673bb36f7ab
89. b5fb3147b43b5fe66da4c50463037c638e99fb41
90. 9cd2ff4157e4028c58cef9372d3bb99b8f2077ec
91. b23046f40fbc931b364888a7bc426b56b186d60e
92. cc209f9456f0a2c5a17e2823bdb1654789fcadc8
93. 99c978219fe49e55441e11db0d1df4bda932e021
94. e85c2eab4c9eea8d0c99e58199f313ca4e1d1735
95. 141d126d41f1a779dca69dd09640aa125afed15a
96.  
97. C&Cs
98. 199.175.54.209
99. 199.175.54.228
100. 95.110.167.74
101.  
102. Samples signed by Valeriano Bedeschi
103. Thumbprint: 44 a0 f7 f5 39 fc 0c 8b f6 7b cd b7 db 44 e4 f1 4c 68 80 d0
104. Serial Number: 02 f1 75 66 ef 56 8d c0 6c 9a 37 9e a2 f4 fa ea
105.  
106. SHA-1 samples
107. baa53ddba627f2c38b26298d348ca2e1a31be52e
108. 5690a51384661602cd796e53229872ff87ab8aa4
109. aa2a408fcaa5c86d2972150fc8dd3ad3422f807a
110. 83503513a76f82c8718fad763f63fcd349b8b7fc
111.  
112. C&Cs
113. 172.16.1.206
114.  
115. Source:
116. https://www.welivesecurity.com/2018/03/09/new-traces-hacking-team-wild/