Office 365 Phishing Survey

publish date:

reference :

IOC Table
total 3
type value
email jdl_ny@hotmail.com
IPv4 13.107.43.13
URL https://onedrive.live.com/survey?resid=C5848A82F8488850!5867&authkey=!AF-l_r2pGsDrXmI

Emotet Payload URLs, Hashes - 2019-04-19

publish date:

reference :

IOC Table
total 26 View detail
type value
FileHash-MD5 4042f9b434b667cc9ba1c96715a1a79e
URL http://danpanahon.com/dan/Ss2r/
URL http://www.kizlardunyasi.com/wp-content/plugins/--gotmls/images/mQm4/
URL https://ecigcanadazone.com/test/zvSvE/
URL http://www.jubileesvirginhair.com/wp-content/upgrade/2PWW/
URL http://johnstranovsky.com/96t8b-z2ns7-galcijo/wF53m
URL http://johnstranovsky.com/96t8b-z2ns7-galcijo/H_p
URL https://www.glamoroushairextension.com/wp-content/N_ls/
URL http://himatika.mipa.uns.ac.id/wp-content/By_2
URL http://arjanlame.com/cgi-bin/eA_w/
URL http://reckon.sk/e107_admin/LP_Rl/
URL http://kbnsa.com/_OLDNEW/o_lk/
URL http://projekthd.com/pub/j_y/
URL http://johnstranovsky.com/96t8b-z2ns7-galcijo/H_p/
URL http://ritikavasudev.com/wp-content/xsNSC
URL http://richardcorneliusonline.com/1/66SR/
URL http://schaferandschaferlaw.com/bin/v7kj/
URL http://estasporviajar.com/afiliados/yC/
URL http://ritikavasudev.com/wp-content/xsNSC/
URL http://erlcomm.com/BNzC-VgDgOLD9aPylaRI_sdwzsBjeN-XK/SXZ/

Oceanlotus uses malicious macro documents to attack Cambodia

publish date:

reference :

IOC Table
total 9
type value
FileHash-MD5 c7931fa4c144c1c4dc19ad4c41c1e17f
FileHash-SHA1 91510b97f764296b16fc88f0195cec6e6f1604af
FileHash-SHA256 6b28a0252d0812221e1dcfaf06017ed96595bae2c59dd7ba03a41093faeca1d1
hostname snort.lauradesnoyers.com
hostname nvidia.benjamiilliams.club
hostname 365.urielcallum.com
URL http://snort.lauradesnoyers.com
URL http://snort.lauradesnoyers.com/
URL https://snort.lauradesnoyers.com/

Verk

publish date:

reference :

IOC Table
total 1669 View detail
type value
domain acsocietyy.com
domain anvprn.com
domain bridgeluxlightmadness.com
email cvnxus@yahoo.com
email brownrobin20@yahoo.com
FileHash-SHA256 5b3ad93b9120d5d0f65f8c599fb0b3bf45fcd7714a76d22b6cd4599e0c816b79
hostname www.nz.compress.to
hostname www.mircsoft.compress.to
hostname www.latestnews.epac.to
hostname www.findme.epac.to
hostname nz.compress.to
hostname mircsoft.compress.to
hostname latestnews.epac.to
hostname fu.epac.to
hostname ftp.nz.compress.to
hostname ftp.mircsoft.compress.to
hostname ftp.latestnews.epac.to
hostname ftp.findme.epac.to
hostname findme.epac.to
hostname koala.acsocietyy.com

Comunicado CSIRT 8FPH-00011-001 - Phishing Banco Estado

publish date:

reference :

IOC Table
total 10
type value
domain visfotak.org
domain apnarigs.com
email apache@barrios.net
email apache@hwsrv-485018.hostwindsdns.com
email bancoestado@plusconsulting.cl
email apache@glucerna.com
email apache@hwsrv-484015.hostwindsdns.com
email apache@paxos.io
email apache@hwsrv-484769.hostwindsdns.com
email apache@artista.net

Emotet Payload URLs, Hashes - 2019-04-18

publish date:

reference :

IOC Table
total 39 View detail
type value
URL http://asesorestetico.com/wp-includes/9X2c8/
URL http://durakbufecengelkoy.com/wp-includes/6ih/
URL http://sertecii.com/nekt0uw/SRJ6a/
URL http://eurofutura.com/anti/98c/
URL http://skpindia.net/wp-content/66Wp/
URL http://lotuspolymers.com/wp-includes/kRym/
URL http://hjylw66.com/wp-admin/m_aW/
URL http://flattjern.no/wp-admin/n_0/
URL http://biotopcare.top/wp-includes/kt_Ra/
URL http://diper.one/wp-admin/c_V/
URL http://brighteducationcenter.org.rw/cgi-bin/o_kC/
URL http://gmvmexico.com/images/bi/
URL http://luxurychauffeurlondon.com/wp-admin/vWu/
URL http://mediamatters.info/VVpm/
URL http://www.asesorestetico.com/wp-includes/9X2c8/
URL http://mazzottadj.com/stats/FE/
URL http://miokon.com/qubexe.miokon.com/O_RN/
URL http://mohamadfala.com/mohamadandelham.com/P_P/
URL http://aomyl8.com/wp-admin/D_Z/
URL http://mirrorstage.org/wp-admin/Vv_g/

Beahny

publish date:

reference :

IOC Table
total 36 View detail
type value
FileHash-SHA256 fa0978b3d14458524bb235d6095358a27af9f2e9281be7cd0eb1a4d2123a8330
FileHash-SHA256 aaef385a090d83639fb924c679b2ff22e90ae9377774674d537670a975513397
FileHash-SHA256 3f28cace99d826b3fa6ed3030ff14ba77295d47a4b6785a190b7d8bc0f337e41
FileHash-SHA256 7c402add8feffadc6f07881d201cb21bc4b39df98709917949533f6febd53b6e
FileHash-SHA256 e28b7c8b4fc37b0ef91f32bd856dd71599acd2f2071fcba4984cc331827c0e13
hostname lplp1.beahh.com
hostname oo.beahh.com
hostname ii.ackng.com
hostname v.y6h.net
hostname lplp1.abbny.com
URL http://v.y6h.net/g?l
URL http://log.beahh.com/logging.php?ver=5p?src=wm&target
URL http://down.beahh.com/new.dat?allv5
URL http://p.beahh.com/upgrade.php
URL http://v.beahh.com/wm?hp
URL http://pp.abbny.com/t.php
URL http://v.y6h.net/g?h
URL http://down.beahh.com/c32.dat
URL http://ii.ackng.com/t.php
URL http://oo.beahh.com/t.php

Indicators from Wipro Breach

publish date:

reference :

IOC Table
total 52 View detail
type value
hostname messagelab.zoominfo.com.secured-mail.online
hostname secure.expediagroup.com.internal-message.app
hostname secured-mail.internal-message.app
URL http://messagelab.zoominfo.com.secured-mail.online/
URL http://secure.expediagroup.com.internal-message.app/
URL http://secured-mail.internal-message.app/
URL http://securemail.wipro.com.internal-message.app/
URL https://secure.elavon.com.internal-message.app/a34fc9f417efef3c2/
URL https://secure.wipro.com.internal-message.app/a34fc9f417efef3c2/
URL https://securemail.avanade.com.internal-message.app/a34fc9f417efef3c2/
URL https://securemail.searshc.com.internal-message.app/a34fc9f417efef3c2/
URL https://secure.coinstar.com.encrypt-email.online/a34fc9f417efef3c1/
URL http://29com.secure-message.online/a34fc9f417efef281sa/
URL http://corpmail.expediagroup%28%29com.secure-message.online/a34fc9f417efef281sa/
URL http://corpmail.expediagroup.com.secure-message.online/
URL http://secure-message.online/
URL https://federation.gamestop.com.secure-message.online/
URL https://federation.gamestop.com.secure-message.online/a34fc9f417efef3c1/
URL http://outlook.wipro365.com/
URL http://secure.microsoftonline-secure-login.com/

Ucraina Lugansk

publish date:

reference :

NamPoHyu-MegaLocker

publish date:

reference :

IOC Table
total 2
type value
domain qlcd3bgmyv4kvztb.onion
URL http://qlcd3bgmyv4kvztb.onion

Sea Turtle

publish date:

reference :

IOC Table
total 30 View detail
type value
hostname ns1.lcjcomputing.com
hostname ns2.intersecdns.com
hostname ns1.intersecdns.com
hostname ns2.lcjcomputing.com
IPv4 159.89.101.204
IPv4 128.199.50.175
IPv4 82.196.8.43
IPv4 139.59.134.216
IPv4 146.185.143.158
IPv4 178.62.218.244
IPv4 212.32.235.160
IPv4 95.179.150.101
IPv4 199.247.3.191
IPv4 198.211.120.186
IPv4 95.179.150.92
IPv4 146.185.145.202
IPv4 206.221.184.133
IPv4 108.61.123.149
IPv4 142.54.179.69
IPv4 139.162.144.139

formbook

publish date:

reference :

IOC Table
total 5
type value
FileHash-MD5 f5ca22066709d4285b4d79592a018ff7
FileHash-SHA256 987ace9d5990defe220f568a76f61e9ba02fc6cfaa465562b810cefc85929c3f
hostname www.wanjiangshengming.com
IPv4 45.67.14.61
URL http://45.67.14.61/I/00613017

Wipro breach IOCs

publish date:

reference :

IOC Table
total 52 View detail
type value
hostname secure.expediagroup.com.internal-message.app
hostname securemail.wipro.com.internal-message.app
hostname secure.elavon.com.internal-message.app
hostname secure.wipro.com.internal-message.app
hostname securemail.avanade.com.internal-message.app
hostname securemail.searshc.com.internal-message.app
hostname messagelab.zoominfo.com.secured-mail.online
hostname secure.microsoftonline-secure-login.com
hostname outlook.wipro365.com
hostname corpmail.expediagroup%28%29com.secure-message.online
hostname corpmail.expediagroup.com.secure-message.online
hostname federation.gamestop.com.secure-message.online
URL https://secure.elavon.com.internal-message.app/a34fc9f417efef3c2/
URL https://secure.wipro.com.internal-message.app/a34fc9f417efef3c2/
URL https://securemail.avanade.com.internal-message.app/a34fc9f417efef3c2/
URL http://messagelab.zoominfo.com.secured-mail.online/
URL http://secure.microsoftonline-secure-login.com/
URL http://outlook.wipro365.com/
URL http://corpmail.expediagroup%28%29com.secure-message.online/a34fc9f417efef281sa/
URL http://corpmail.expediagroup.com.secure-message.online/

DNS Hijacking

publish date:

reference :

IOC Table
total 11
type value
CVE CVE-2017-3881
CVE CVE-2018-0296
CVE CVE-2018-7600
CVE CVE-2014-6271
CVE CVE-2017-12617
CVE CVE-2009-1151
CVE CVE-2017-6736
hostname ns2.intersecdns.com
hostname ns1.intersecdns.com
hostname ns2.lcjcomputing.com
hostname ns1.lcjcomputing.com