Cobalt Strike Beacon sample

publish date:

reference :

IOC Table
total 2
type value
FileHash-MD5 a32558ae89be938ed8fb4bcaad28efa2
IPv4 185.141.26.46

LightNeuron sample from Turla

publish date:

reference :

IOC Table
total 1
type value
FileHash-MD5 9456197d0f8b6cabfea5f02ffb0176dd

Nanocore RAT via fake DHL failed delivery in Chinese | My Online Security

publish date:

reference :

IOC Table
total 11
type value
domain xapps.link
email 20190618223934.300bae6267767c50@xapps.link
email kate@xapps.link
FileHash-MD5 a9d45fc3aa7b6b26b813417568306edb
FileHash-SHA1 f316253582787d50c356d1d2c3124c2c039b5b23
FileHash-SHA256 010167b9932b917785a638cb92014b38a233f9cce5062dff8699c10f10141776
hostname microsoft.btc-crypto-rewards.cash
IPv4 104.131.99.132
IPv4 185.244.29.22
IPv4 193.56.28.234
IPv4 185.244.29.9

RTO

publish date:

reference :

IOC Table
total 23 View detail
type value
FileHash-MD5 0146eac3aedca01c0095a50bce1b316d
FileHash-SHA256 85e5aff9b169657ba912f4edc019e2d38dd3c3fb2be187309dd65d4ae8732529
FileHash-SHA256 b895399bdd8b07b14e1e613329b76911ebe37ab038e4b760f41e237f863b4964
FileHash-SHA256 fe55650d8b1b78d5cdb4ad94c0d7ba7052351630be9e8c273cc135ad3fa81a75
URL http://200.83.49.141:449
URL http://200.110.72.134:449
URL http://191.241.233.195:449
URL http://186.248.163.198:449
URL http://200.107.59.130:449
URL http://187.95.123.179:449
URL http://187.95.32.18:449
URL http://177.52.79.29:449
URL http://177.52.28.238:449
URL http://186.42.186.202:449
URL http://187.8.169.10:449
URL http://177.183.194.194:449
URL http://200.35.56.81:449
URL http://187.65.49.88:449
YARA 7748f2f8f7934b63e911809de0db4f368817561e
YARA 274178b976ed6decc6a17ec87c9319ca270d884f

Comunicado CSIRT 2CMV-00010-001

publish date:

reference :

IOC Table
total 11
type value
CVE CVE-2017-8570
domain greenroomstudio.live
domain doughnut-snack.live
email recepakduman@turkochat.com
FileHash-MD5 d8d5c69e3ab5114f4bbbbd2ac873874d
FileHash-SHA1 833e6a4b117eada755860e59f6a994bb45c5e924
FileHash-SHA256 564953cb780453d03584cd3f5b68ea30c438c696025290f38c0c77dc304bcaf9
hostname unknownsoft.duckdns.org
hostname turkiye.narinhosting.com
hostname mikelsonallen300.duckdns.org
IPv4 185.171.24.49

Tick group targets South Korea with USB Air Gap Jumper

publish date:

reference :

IOC Table
total 45 View detail
type value
domain englandprevail.com
FileHash-MD5 3fe76cf644e045b8620d577c2366630a
FileHash-MD5 27dbf927e85e00f14ee9be56711a5246
FileHash-MD5 c865b83a2096642b0de3e2880e63ab0e
FileHash-MD5 6f665826f89969f689cba819d626a85b
FileHash-MD5 ca99ea5f1ece7430243d8322445d1a1c
FileHash-MD5 ad33da0d9507e242eb344b313454cea9
FileHash-MD5 b108df0bd168684f27b6bddea737535e
FileHash-SHA256 019874898284935719dc74a6699fb822e20cdb8e3a96a7dc8ec4f625e3f1116e
FileHash-SHA256 92e0d0346774127024c672cc7239dd269824a79e85b84c532128fd9663a0ce78
FileHash-SHA256 ee8d025c6fea5d9177e161dbcedb98e871baceae33b7a4a12e9f73ab62bb0e38
hostname www.kot.gogoblog.net
hostname www.memsbay.com
hostname pre.englandprevail.com
hostname www.poi.cydisk.net
hostname update.saranmall.com
URL http://pre.englandprevail.com/kr/news/index.htm
URL http://update.saranmall.com/script/main.html
URL http://pre.englandprevail.com/km/news/index.htm
URL http://www.memsbay.com:443

DarkHotel disclosed the latest attack on Chinese foreign trade

publish date:

reference :

IOC Table
total 30 View detail
type value
domain 779999977.com
domain star--co.net
domain banilasky.com
domain office-update-checker.com
domain 100100011100.com
domain offices-support.com
domain game-service.org
FileHash-MD5 6468180d1fcf15a8c8420a60268b642d
URL http://779999977.com/banila/config.php
URL http://game-service.org/rmet_x86.txt
URL http://193.29.187.178:51218
URL http://banilasky.com/banila/config.php
URL http://offices-support.com/7cdeb7fe-6efd-4459-be2f-1eb0e0088a60/21147.php
URL http://91.235.116.147:9782
URL http://100100011100.com/banila/config.php
URL http://game-service.org/rmet_x64.txt
URL http://star--co.net/banila/config.php
URL http://game-service.org/584e3411-14a7-41f4-ba1d-e203609b0471/6126.php
URL http://office-update-checker.com/584e3411-14a7-41f4-ba1d-e203609b0471/6126.php
URL http://193.29.187.178:51217

Cryptomining Dropper and Cronjob Creator

publish date:

reference :

IOC Table
total 3
type value
IPv4 82.146.53.166
URL http://82.146.53.166/cr2.sh
URL http://cr2.sh

Ryuk ransomware targeting organisations globally

publish date:

reference :

IOC Table
total 23 View detail
type value
FileHash-MD5 0146eac3aedca01c0095a50bce1b316d
FileHash-SHA256 85e5aff9b169657ba912f4edc019e2d38dd3c3fb2be187309dd65d4ae8732529
FileHash-SHA256 b895399bdd8b07b14e1e613329b76911ebe37ab038e4b760f41e237f863b4964
FileHash-SHA256 fe55650d8b1b78d5cdb4ad94c0d7ba7052351630be9e8c273cc135ad3fa81a75
URL http://200.83.49.141:449
URL http://200.110.72.134:449
URL http://191.241.233.195:449
URL http://186.248.163.198:449
URL http://200.107.59.130:449
URL http://187.95.123.179:449
URL http://187.95.32.18:449
URL http://177.52.79.29:449
URL http://177.52.28.238:449
URL http://186.42.186.202:449
URL http://187.8.169.10:449
URL http://177.183.194.194:449
URL http://200.35.56.81:449
URL http://187.65.49.88:449
YARA 7748f2f8f7934b63e911809de0db4f368817561e
YARA 274178b976ed6decc6a17ec87c9319ca270d884f