Malware and Phishing IOCs

publish date:

reference :

IOC Table
total 24 View detail
type value
domain analbeg.info
domain baptist411.com
domain fantalebooks.com
domain nakulsoft.in
domain yimsodsai.com
domain zaragozamaraton.live
FileHash-SHA256 633c73a8301bf31c433c17d794c766820d6deff07423fe123f13945ca3f9f2e1
FileHash-SHA256 66e5a01798f5801f4f334dac6071a45e92c2b68a13c1b0f472c4d67445feefb3
hostname eden.it-guys.net.nz
hostname no.pdsa.org.ph
URL http://analbeg.info/readme.htm
URL http://eden.it-guys.net.nz/wp-content/languages/plugins/ugh/Entrar/Login/succure/ID-NUMB263/myaccount/signin
URL http://fantalebooks.com/invest
URL http://yimsodsai.com/upload/Westpac.com.au
URL http://zaragozamaraton.live/mercy/redic.php
URL https://baptist411.com/w-admin/bol.westpac/home/
URL https://nakulsoft.in/admin/wstpc/login.php
URL https://no.pdsa.org.ph/n/n.php?email=username@domain.com
URL http://confidentlearners.co.nz/EAKL_bzLb-CzGjmLQ/3Z/Payments/022019
URL http://chrysaliseffect.co.nz/eyqav_cXqW-ZMMNZgf/S9V/Attachments/2019-02

More Russian language malspam pushing Shade (Troldesh) ransomware

publish date:

reference :

IOC Table
total 17
type value
domain sidneyyin.com
domain simplerlife.pl
domain cryptsen7fo43rr6.onion
email pilotpilot088@gmail.com
FileHash-SHA256 17539e1a0c33fe2f98fa1b8fa282f9f3786ba15419e30ae6c4171ccff65338c9
FileHash-SHA256 33dde2eed8ccb2b74c9d0feaf19c341354e54cb5d2c9e475507ff3fe22240381
FileHash-SHA256 6950efbd9d6d10fdd8f644a71b30e53a8d1dbd64976279d8a192a0c9459d06e1
FileHash-SHA256 e76b93f6ab032e16f5f1d600cb061db49a10538b10a063561df95be94156ac0b
hostname cryptsen7fo43rr6.onion.cab
hostname cryptsen7fo43rr6.onion.to
IPv4 62.212.69.227
IPv4 74.220.207.61
URL http://cryptsen7fo43rr6.onion.cab/
URL http://cryptsen7fo43rr6.onion.to/
URL http://cryptsen7fo43rr6.onion/
URL http://sidneyyin.com/templates/joomlage0084-aravnik/css/msg.jpg
URL http://simplerlife.pl/wp-content/themes/hueman/assets/admin/css/pic.zip

Phishing Campaign Spoofs United Nations and Multiple Other Organizations

publish date:

reference :

IOC Table
total 27 View detail
type value
domain caixyonline.net
domain checkonevanillabalanceonline.com
domain doc-verify.com
domain firsttexaen.com
domain onevanillabalance.xyz
domain onevanillagift.net
domain onevanillainsight.xyz
hostname 163-services.docs-verify.com
hostname 163.docs-verify.com
hostname cloud.aol.com.documents.unite.docs-verify.com
hostname cloud.unite.un.org.docs-verify.com
hostname cloud.yahoo.com.documents.unite.docs-verify.com
hostname download-netease.docs-verify.com
hostname www.163-services.docs-verify.com
URL http://caixyonline.net
URL http://checkonevanillabalanceonline.com
URL http://firsttexaen.com
URL http://onevanillabalance.xyz
URL http://onevanillagift.net
URL http://onevanillainsight.xyz

IceID IOCs 2/19/2019

publish date:

reference :

IOC Table
total 86 View detail
type value
FileHash-SHA256 01c3058c593fa543b895d50bc10c9b53d245fc98a27fa58ef25157f9996055b8
FileHash-SHA256 02ab984f67e3ff528e840b1d7c8b2cc7a6c27acb09a9f644a5e625f364ec17de
FileHash-SHA256 030be1873d7358f1e791894bbfc6b0129cd974d5a0c0a17bd3c751518902faa9
FileHash-SHA256 03e620aea2588b297c0c962392e9f040cbc659e8d20f912d743e4e9680c342e4
FileHash-SHA256 047da0e3cfd0ec9794a094afd675e039fc554076f2bcf671625a87de39a7168f
FileHash-SHA256 051818703e557b4fcdea24a05de613cbea09b42e7314389a8b0259c1e3945518
FileHash-SHA256 0550647994dcfeabda1258d23fbca7a122615a989180214a80d920efde575fbe
FileHash-SHA256 083ab6a2729797b21cb2e57a59452c942f47b7714d1cf07d27b8eccf9b4bad09
FileHash-SHA256 10c19eaad4fa56ffb570b0117fba84b9316547667e3b98c34bdddcacc203255b
FileHash-SHA256 15117dd9cfeccf5e818573d38ba43f18142f50e66e7290832472d165e83bd0e1
FileHash-SHA256 16d388d48d60e7bac365197f8fb724143297fbbf3d73bae432d42f1fd87732a6
FileHash-SHA256 1738d23aa12131f30403f0509d7f6785c270c752d7040c53d65fbf1c2cc217f2
FileHash-SHA256 1aec0588d59fe94508aacd76eb7926d4a8143b26df61cb77ced5b857568b1516
FileHash-SHA256 1aff3a32dc8352797318e5b0255d42f8bf2bc75aefb9ed7678e9eb259088df41
FileHash-SHA256 1b27a8d7c0dd1b0b99b26c5a5cc98b75cd9c18d6dc25753c50008695cf89b2e6
FileHash-SHA256 1bfd852da30008228f8a3d28f1fccc5421dd997f913cc68cdb71f75bbc14469f
FileHash-SHA256 23aa46b7a88c3a4e4ac69340761f6f7205a7b806284461662eb88aceb48ca1b4
FileHash-SHA256 23aabfd94611b802f3df56b2164ccc0738f67d0a5c3fcc1416a36903667b0b43
FileHash-SHA256 2805cc7243dabb6ce8e401866b5614db4e12dfd062cd62681fb5967d32649c43
FileHash-SHA256 2a9d245dc822c329167f7cccd5a4a6379b94794a829ce752b0428b89b91e75b7

Emotet Payload URLs, Hashes - 2019-02-19

publish date:

reference :

IOC Table
total 38 View detail
type value
URL http://moitruongdothisonla.com/vehRqSLI0/
URL http://54.145.153.237/4gehkVV/
URL http://personit.ru/dA6Oi9YKR3/
URL http://35.204.251.94/xqhubRX1Phu0/
URL http://fondtomafound.org/wvvw/unKeiHfM4yykPTCnP/
URL http://postvirale.com/88IIx8tsZCiqB/
URL http://sanaitgroup.ir/nF8XNmV4jNttCj/
URL http://edvanta.com/wp-content/rDaOutqPT8a/
URL http://www.uzmanportal.com/6YgWpoHfD4/
URL http://www.webdigitechs.com/IeIln2Q/
URL http://www.mandirnj.com/gMwvAxiL/
URL http://izavu.com/3iNoMXGuXt/
URL http://dixe.online/VyPeeBKx/
URL http://eurobandusedtires.com/zPHjxgHOOcELDDt
URL http://chileven.com/CyJEXxRWdViHRk_WiQW
URL http://tongdailyson.com/xep5fMwX
URL http://tongdailyson.com/xep5fMwX/
URL http://clients.nashikclick.com/q3RlrjE1m3/
URL http://geestdriftnu.com/52fklZvC/
URL http://kynangdaotao.com/7eTswQx/

Once hailed as unhackable, blockchains are now getting hacked - MIT Technology Review

publish date:

reference :

IOC Table
total 29 View detail
type value
URL http://api.gate.io/
URL https://data.gate.io/api
URL https://gate.io/api2
URL https://gate.io/fee
URL https://gate.io/login
URL https://gate.io/myaccount
URL https://gate.io/trade/ATMI_ETH
URL https://gate.io/trade/BTM_USDT
URL https://gate.io/trade/doge_btc
URL https://gate.io/trade/doge_usdt
URL https://gate.io/trade/met_eth
URL https://gate.io/trade/neo_btc
URL https://gate.io/trade/neo_usdt
URL https://gate.io/trade/xlm_btc
URL https://gate.io/trade/xlm_eth
URL https://gate.io/trade/xlm_usdt
URL https://new.gate.io/trade/LTC_BTC
URL https://support.gate.io/hc/en
URL https://www.gate.io/
URL https://www.gate.io/login

Remoteadmin malware on Metadefender.com

publish date:

reference :

Powershell malware on Metadefender.com

publish date:

reference :

Mailsend malware on Metadefender.com

publish date:

reference :

Wannacry malware on Metadefender.com

publish date:

reference :

Zbot malware on Metadefender.com

publish date:

reference :

Floxif malware on Metadefender.com

publish date:

reference :