Malware dataset 20190804 | Network

publish date:

reference :

Mirai over Tor

publish date:

reference :

IOC Table
total 20
type value
domain nd3rwzslqhxibkl7.onion
FileHash-SHA256 eeae01f4717f4d6248ee9e9e6d53d841c648e35259716dfe74cac630e15f1811
FileHash-SHA256 7d2f5f5efb4aa8e5dca543734829ac4eb9d89885d7e60aed6af4d35508ded21c
FileHash-SHA256 4d46ad4602b486ff7146a14165948f46a70bf41323e6bb619cc2ff08ad02f2ee
FileHash-SHA256 bc56b7aa78b71a3d0bcf5fa14eeeb87eea42b52988b13bee8d3a27baa3370a3a
FileHash-SHA256 d80b745ee1ab066614ab083d9f40248c17b12cc68aaff98bbf7c6ade22b54555
URL http://185.100.84.187/t/
URL http://nd3rwzslqhxibkl7.onion:1356
URL http://89.248.174.198/main/
URL http://185.100.84.187/t/x86
URL http://185.100.84.187/t/t.mips
URL http://185.100.84.187/t/t.arm
URL http://185.100.84.187/t/t.arm7
URL http://89.248.174.198/main/arm7
URL http://89.248.174.198
URL http://89.248.174.198/
URL http://89.248.174.198/jaws.sh
URL http://89.248.174.198/main/x86
URL http://89.248.174.198/main/mips
URL http://89.248.174.198/main/arm

FormJacking

publish date:

reference :

IOC Table
total 74 View detail
type value
URL http://google-analytics.cm/
URL http://google-analytics.cm/%20www.google-analytics.cm/libs/1.0.28/analytics.js
URL http://www.google-analytics.cm/analytics.js
URL https://google-analytics.cm/
URL https://www.google-analytics.cm/analytics.js
URL https://www.google-analytics.cm/libs/1.0.28/analytics.js
URL http://googlc-analytics.cm/
URL http://googlc-analytics.cm/analytics.js
URL http://www.googlc-analytics.cm/
URL http://www.googlc-analytics.cm/v/analytics.js
URL https://www.googlc-analytics.cm/libs/analytics.js
URL https://www.googlc-analytics.cm/v/analytics.js
URL https://www.googlc-analytics.cm:80/
URL http://googietagmanagar.com/cdn/loungefly/4879465
URL https://googietagmanagar.com/
URL http://gstaticss.com/
URL http://gstaticss.com/Fgate.php
URL http://gstaticss.com/Fgate.php/Fimage_id
URL http://gstaticss.com/css/gate.php
URL http://gstaticss.com/gate.php

MuddyWaters Phishing

publish date:

reference :

IOC Table
total 5
type value
FileHash-MD5 1633f9a283ee5a888ca623b87837b5b6
FileHash-SHA1 4fdb65d365bf5da57522b97de454f3144ecb85fe
FileHash-SHA256 65e37811e8086a0d4553ab955a3b67ec6f9be8d797727cc5ef7864cf90176ea3
URL http://instmech.uz/meryem.php
URL http://46.166.176.242/main.php

Hexane Targeting Oil and Gas

publish date:

reference :

IOC Table
total 18
type value
FileHash-MD5 8486004b414f8e539669ba044f024cb5
FileHash-MD5 464082dad67ce6fcadd869cfbd693a92
FileHash-MD5 132a9a296f6d3293b027ca537ffc4876
FileHash-SHA1 76d5ecba252c7bb09ca1d472437c2afb98f69fb1
FileHash-SHA1 c2359c8fa2fc35cc4e48b2c49eaed9c92f20459f
FileHash-SHA1 696ebf3610be69bc8a109ba058ad82fab580c2a4
FileHash-SHA256 43ef6f87e2abc6551943557df7f345aeaf50c881772d953317fc7250b211ff9b
FileHash-SHA256 18fbe86687134090eef2fbfec358c256bef64e310d3814f7f91263d4257df60c
FileHash-SHA256 ec95229e0310c9b6c81be9d9cb7f8e98e6df3b43e586848cbbb815f61955bfaa
hostname 2234318426f6e6c696e6530023.web-traffic.info
hostname 22330243431302e302e31352e313520023.web-traffic.info
hostname 2233537486f6e6c696e6530023.web-traffic.info
hostname www.web-traffic.info
hostname 22330204433303545413035333046304610000.web-traffic.info
URL http://www.web-traffic.info/api/IOSet?id=2urc1CbAQQZAYkqAFO1WDw%3D%3D
URL http://www.web-traffic.info/api/Response?id=2urc1CbAQQZAYkqAFO1WDw%3D%3D
URL http://www.web-traffic.info/
URL http://www.web-traffic.info/api/Tik?id=2urc1CbAQQZAYkqAFO1WDw%3D%3D

From Carnaval to Cinco de Mayo – The journey of Amavaldo

publish date:

reference :

IOC Table
total 21 View detail
type value
FileHash-SHA1 12c93bb262696314123562f8a4b158074c9f6b95
FileHash-SHA1 b855d8b1bad07d578013bdb472122e405d49acc1
FileHash-SHA1 4dba5fe842b01b641a7228a4c8f805e4627c0012
FileHash-SHA1 fc37ac7523cf3b4020ec46d6a47bc26957e3c054
FileHash-SHA1 9a968341c65ab47bf5c7290f3b36fcf70e9c574b
FileHash-SHA1 e0c8e11f8b271c1e40f5c184afa427ffe99444f8
FileHash-SHA1 b191810094dd2ee6b13c0d33458fafcd459681ae
FileHash-SHA1 6d80a959e7f52150fda2241a4073a29085c9386b
FileHash-SHA1 ad1fce0c62b532d097dacfce149c452154d51eb0
FileHash-SHA1 b761d9216c00f5e2871de16ae157de13c6283b5d
FileHash-SHA1 6c04499f7406e270b590374ef813c4012530273e
FileHash-SHA1 b80294261c8a1635e16e14f55a3d76889ff2c857
hostname clausdomain.homeunix.com
hostname balacimed.mine.nu
hostname fbclinica.game-server.cc
hostname newcharlesxl.scrapping.cc
URL http://balacimed.mine.nu:3579
URL http://newcharlesxl.scrapping.cc:3844
URL http://fbclinica.game-server.cc:3351
URL http://clausdomain.homeunix.com:3928

Clop Ransomware

publish date:

reference :

DealPly Revisited

publish date:

reference :

IOC Table
total 23 View detail
type value
domain bdubnium.com
domain codfs.com
domain uyvsa.com
domain qaofd.com
domain wugulaf.com
domain tuwoqol.com
domain pocxc.com
domain adofd.com
domain ziuet.com
domain cwnpu.com
domain dabfd.com
domain fodfr.com
domain pydac.com
domain bxvdc.com
FileHash-SHA256 2540e4d34c4d8f494fc4edda67737b7209ee6cefb0ec74028b6abcd3911ec338
FileHash-SHA256 fc2352a81fedad3cbb86dcb0e6b97ad023fe318d468fbb94602fb95f11eb8040
hostname www.dabfd.com
hostname www.tuwoqol.com
hostname rp.tuwoqol.com
hostname www.bdubnium.com

New Campaign Targeting Internal Interests

publish date:

reference :

IOC Table
total 39 View detail
type value
FileHash-SHA256 8e827bf48b20ce1c1c56679b4ed6c788dd4314d24170674c8db59555558a85f2
FileHash-SHA256 aa7f97295d5ab02b4b2a5a9c6b450ad0fc9d88ac0b6801d268c2bc4c0da76a4e
FileHash-SHA256 b4f34ca5435fa824c9fe3e2cf6f98f621d2ca3d3d4a9d720e62e4cd0a891c15a
FileHash-SHA256 ba7f1517c341059ba979dde3cc0ca11e5ecb865a28c9a027f7d56bdc2dbeb24e
FileHash-SHA256 032d1440856878e44457a0e08e472b8c895de319974f2fa354a15b756a1bef09
FileHash-SHA256 11b7ac4e3309d63ca801fee02c489066577a142d753fe47474039981e0344caf
FileHash-SHA256 16c1cc7bafea372580f94b5b6b628af0a3b551aafad3d39c16c13af27c67d2c9
FileHash-SHA256 3c48ebb6e1aef326e57125ab3468d13ced410faf37fc43a9539ac1a1746879c8
FileHash-SHA256 54736232a6186f698bd3f06a74a2c81f4c7e19436cd2b5121118a24485b6698a
FileHash-SHA256 5501b0e438beda70e11211163a71fca1c236fb6ee7b9edfc750356703ac3abbe
FileHash-SHA256 6789609b6af65f8dbff320020e56e594f862c006827c2a450039c9ed7d0f972f
FileHash-SHA256 838b1ec0071351e9d256035fc718c2155ae0afc69b5708607543a1580fb29284
FileHash-SHA256 903c4fad643ecfab5c523dfb4b555693071717e8e5fb508338dde71e28d0b676
FileHash-SHA256 b3f256b37b80ee7720b0230fc33b25a2f27ef3d3e87ebc1fefa34a801efcaad9
FileHash-SHA256 cdc279a770158fe9db79ac664fcc288013c3ac21d8851f89f323146a107d2a93
FileHash-SHA256 d4c78330b908e376c32bf31687f2bcfaa7193e1367a7f88cb79c62b97a69035a
FileHash-SHA256 d8ca91bb7396fd6af6b8bb708dfb48ed2b605b2dabb5dcb4d15175766a61b06d
FileHash-SHA256 e5531f9e0428bc067486e28c6a1d77ae67372c54c3101dfa2f2169cee2343bd8
FileHash-SHA256 eb5ed7e08d457504bfa71aaf146311caf73b06623f1ca9b1e25cf75792d79a73
FileHash-SHA256 f27ca2ae5b9b2ad36a7d3cdc4ba17566554ec415c010bc322547b7796a70d314

Rocke in the Netflow

publish date:

reference :

IOC Table
total 46 View detail
type value
FileHash-SHA256 3086499f5d2b1dc1969fa21332a26054fba7730a9dd7edb108b8a8eca675f6ce
FileHash-SHA256 4dd686d70b701452c5f7c0f58fc37006a67e29e316ff5d13f7e99de664812b4c
FileHash-SHA256 60aadabd2f3f1465f239d2721a663f4b9f9d15e739dcb14df64e241c2d37e30c
FileHash-SHA256 7bbf71453d488c12083c875754063c51c9dc4f762f082f5a9579c0741e172474
FileHash-SHA256 9136080cb4c0424f4b5c0c16f00a3883f66e67c440a851fb7614c3ae8e2aacea
FileHash-SHA256 cd031f8adfbb650b3d79529ec97ca2bc9249d14e4da644957e97e3f0739fd329
FileHash-SHA256 e2db2dca7d84098192c5562c299a76330ca556ac30d583ac8079fe63b61e94d5
FileHash-SHA256 a9228b6a3fe0b8375d6b881626fd4b59fbbf54dbd60a94b085ee0455b3d18fe9
FileHash-SHA256 111ffc37cc5c6932e7ebd640399f651ec6269f198c160a448f74cd37cba64216
FileHash-SHA256 2d55b16850a944ea10b3ae722f3a3fb13307a393c72999711abef2c1a9faccf5
FileHash-SHA256 30762c69d9a761a13dba60e5f4995f389078b797919e7660af1dae978cebda27
FileHash-SHA256 30d8aa6684674895908bc812a7ab4139726b19201e8a45f3751bc8c866f1ee61
FileHash-SHA256 4c4400de4371120a6020ae6cad50890353a6f895cb5a4a3db8e9b8b53db9e10d
FileHash-SHA256 623009a01ecbb1e858e814a843c0b76389f240fe04015b2b86919552a522d7af
FileHash-SHA256 71722975754eac8cf72a2b0a7887d3a6addf0c5236cbb925b467bf4dd427a09a
FileHash-SHA256 833611f8588fbb7a338c0c810dceeb3b0b10fd54509ebd6536765ec9ebef738a
FileHash-SHA256 9223d173cf7ad670b04ac12fe221a13fe1750a4ce2d3a319cdb23b66f09a8d8a
FileHash-SHA256 93c0cd03cccaddb857a21ce6348a54179c1de2c37660d4d402d9c2055a9c5d93
FileHash-SHA256 ba7ea424d66262f02f68c3bfcd1e768bb9c83770e5e2a6da9e7df1844b4e8e3c
FileHash-SHA256 bab27f611518dc55b00b1a9287bdb8e059c4f4cc1607444f40e0c45d5842994f

Lazarus False Flag Attack

publish date:

reference :

IOC Table
total 20
type value
FileHash-MD5 9d5059aa920839a74115607d17137e3a
FileHash-MD5 477079eff920ebffa46c91205688d821
FileHash-MD5 a1a9a90865d15523579d69f09d18f843
FileHash-MD5 fdf9157747e1b913a3cce6c648072468
FileHash-MD5 0bc4139287377102db89912ae8aac14d
FileHash-MD5 3a3c263d34207d37342436317d382153
FileHash-SHA256 3c844c1d7060aa6d063f71081df5f49e3a205e398b7a719939b04f9e260200f1
FileHash-SHA256 73d65cd0b513cadaaa76b559ada28996eb06b68954538fc628e03893f5ff85e8
FileHash-SHA256 7510b511093b09fe2bb0e9f7b60b80a40fabde9a6914842e10cf702b51393298
FileHash-SHA256 9e2d374bfc9e099d376f5255f194608dcedbba68ac16611ed3eb8fdc1e030586
FileHash-SHA256 ad3fada660f40b5d3ce2c6187dffc07507e7461a3d3ac249fbb6850e6028d517
FileHash-SHA256 b5453db394ce8c22330fe620ab62a8a40ab491992e93d7f495d0370b93bf9688
FileHash-SHA256 d057088d0de3d920ea0939217c756274018b6e89cbfc74f66f50a9d27a384b09
FileHash-SHA256 e452536f98446f54c6527106c7b123de12f010d3f1fcb25812f533d797253128
FileHash-SHA256 fa7c09036e545cb4898df21e284d81aded9d1d86e85af899bfb14d16a19b625c
URL https://darvishkhan.net/wp-content/uploads/2017/06/update6.dat
URL http://price365.co.kr/abbi/json/openssl.php?igot=1
URL http://price365.co.kr/abbi/head0.jpg
URL https://darvishkhan.net/wp-content/uploads/2017/06/update3.dat
URL http://price365.co.kr/abbi/tail0.jpg

IOCs for 04/08/2019

publish date:

reference :

IOC Table
total 25 View detail
type value
domain briiteair.com
domain lubaiir.com
domain bellfligth.com
domain flightpart.com
domain prodimachinet.site
domain rrsanitationservices.com
domain abifph.com
email b.carlson@briiteair.com
email liveinvestment2@yahoo.com
email brian.b@centralcoastinvestments.com
email vjz909@alumni.ku.dk
email customercare@mscdirect.com
FileHash-SHA256 03f3cf1aadd1cf5b95f1e04fc8a61b68d3a83767318a4c5760df56c30ebf6d7a
FileHash-SHA256 02a1d432bbc1f38dca35e6de40ca275d4cc0a4e2ca172672b60b470b457e3186
FileHash-SHA256 7df3b2c86978239b2b25cdbccea5011851f07b358c9589a748ee0075d2e5ae6c
FileHash-SHA256 79bd4c9d37aac7bcdbecb4902f856bd13efb1869efd89522b13797332f9710b5
URL https://agilesofts.com/sp/form.php
URL https://prodimachinet.site/SZR565TFIHIOG6PHY/odt.php
URL http://wwwnhbgoutlookofficeowa.blob.core.windows.net/auth/vmnotemessage.html
URL http://wwwnhbgoutlookofficeowa.blob.core.windows.net

Lazarus False Flag Attack

publish date:

reference :

IOC Table
total 20
type value
FileHash-MD5 9d5059aa920839a74115607d17137e3a
FileHash-MD5 477079eff920ebffa46c91205688d821
FileHash-MD5 a1a9a90865d15523579d69f09d18f843
FileHash-MD5 fdf9157747e1b913a3cce6c648072468
FileHash-MD5 0bc4139287377102db89912ae8aac14d
FileHash-MD5 3a3c263d34207d37342436317d382153
FileHash-SHA256 3c844c1d7060aa6d063f71081df5f49e3a205e398b7a719939b04f9e260200f1
FileHash-SHA256 73d65cd0b513cadaaa76b559ada28996eb06b68954538fc628e03893f5ff85e8
FileHash-SHA256 7510b511093b09fe2bb0e9f7b60b80a40fabde9a6914842e10cf702b51393298
FileHash-SHA256 9e2d374bfc9e099d376f5255f194608dcedbba68ac16611ed3eb8fdc1e030586
FileHash-SHA256 ad3fada660f40b5d3ce2c6187dffc07507e7461a3d3ac249fbb6850e6028d517
FileHash-SHA256 b5453db394ce8c22330fe620ab62a8a40ab491992e93d7f495d0370b93bf9688
FileHash-SHA256 d057088d0de3d920ea0939217c756274018b6e89cbfc74f66f50a9d27a384b09
FileHash-SHA256 e452536f98446f54c6527106c7b123de12f010d3f1fcb25812f533d797253128
FileHash-SHA256 fa7c09036e545cb4898df21e284d81aded9d1d86e85af899bfb14d16a19b625c
URL https://darvishkhan.net/wp-content/uploads/2017/06/update6.dat
URL http://price365.co.kr/abbi/json/openssl.php?igot=1
URL http://price365.co.kr/abbi/head0.jpg
URL https://darvishkhan.net/wp-content/uploads/2017/06/update3.dat
URL http://price365.co.kr/abbi/tail0.jpg

Rocke in the Netflow

publish date:

reference :

IOC Table
total 46 View detail
type value
FileHash-SHA256 3086499f5d2b1dc1969fa21332a26054fba7730a9dd7edb108b8a8eca675f6ce
FileHash-SHA256 4dd686d70b701452c5f7c0f58fc37006a67e29e316ff5d13f7e99de664812b4c
FileHash-SHA256 60aadabd2f3f1465f239d2721a663f4b9f9d15e739dcb14df64e241c2d37e30c
FileHash-SHA256 7bbf71453d488c12083c875754063c51c9dc4f762f082f5a9579c0741e172474
FileHash-SHA256 9136080cb4c0424f4b5c0c16f00a3883f66e67c440a851fb7614c3ae8e2aacea
FileHash-SHA256 cd031f8adfbb650b3d79529ec97ca2bc9249d14e4da644957e97e3f0739fd329
FileHash-SHA256 e2db2dca7d84098192c5562c299a76330ca556ac30d583ac8079fe63b61e94d5
FileHash-SHA256 a9228b6a3fe0b8375d6b881626fd4b59fbbf54dbd60a94b085ee0455b3d18fe9
FileHash-SHA256 111ffc37cc5c6932e7ebd640399f651ec6269f198c160a448f74cd37cba64216
FileHash-SHA256 2d55b16850a944ea10b3ae722f3a3fb13307a393c72999711abef2c1a9faccf5
FileHash-SHA256 30762c69d9a761a13dba60e5f4995f389078b797919e7660af1dae978cebda27
FileHash-SHA256 30d8aa6684674895908bc812a7ab4139726b19201e8a45f3751bc8c866f1ee61
FileHash-SHA256 4c4400de4371120a6020ae6cad50890353a6f895cb5a4a3db8e9b8b53db9e10d
FileHash-SHA256 623009a01ecbb1e858e814a843c0b76389f240fe04015b2b86919552a522d7af
FileHash-SHA256 71722975754eac8cf72a2b0a7887d3a6addf0c5236cbb925b467bf4dd427a09a
FileHash-SHA256 833611f8588fbb7a338c0c810dceeb3b0b10fd54509ebd6536765ec9ebef738a
FileHash-SHA256 9223d173cf7ad670b04ac12fe221a13fe1750a4ce2d3a319cdb23b66f09a8d8a
FileHash-SHA256 93c0cd03cccaddb857a21ce6348a54179c1de2c37660d4d402d9c2055a9c5d93
FileHash-SHA256 ba7ea424d66262f02f68c3bfcd1e768bb9c83770e5e2a6da9e7df1844b4e8e3c
FileHash-SHA256 bab27f611518dc55b00b1a9287bdb8e059c4f4cc1607444f40e0c45d5842994f