Apt

publish date:

reference :

IOC Table
total 5
type value
FileHash-SHA256 3ecedf89f4d274b28446447d5f7b90b744527a7c2e0e127bbe9bcac709030481
FileHash-SHA256 c9321dd7a2299c16830fb987923214ef17d8e6831d76640b87f3efb77f5a89e9
hostname open.betaoffice.net
URL https://open.betaoffice.net/nani.png
URL http://open.betaoffice.net/ttes.jpg

Cyberattacker = LinuxForbes

publish date:

reference :

IOC Table
total 71 View detail
type value
domain angtechy.com
domain cqledu.com
domain cqyrxy.com
domain drlve-gooog1e.com
domain login-live.space
domain mail-aol.space
domain mail-defense.tk
domain mail-dsi-go.space
domain mail-epochtimes.space
domain plshl.com
domain webmail-mpt.space
domain wengiguowengui.space
FileHash-SHA256 d5c38ea22a4caad56490c6fae7605117dcbea771caef55a4d8072640be1727c5
hostname 220x218x70x160.ap220.ftth.ucom.ne.jp
hostname apple.internetdocss.com
URL http://doc.internetdocss.com/index?as4angkdkaaaaaaaaadkpe1fe2xfxbuqecwlekanwfn45gbf98xrf6zk1uwd/2tnjwdwprsczyse6j
URL http://doc.internetdocss.com/audio
URL http://doc.internetdocss.com/index
URL http://doc.internetdocss.com/nethelp
URL http://doc.internetdocss.com/word

o365 phishing - Pastebin.com

publish date:

reference :

IOC Table
total 24 View detail
type value
domain dynamicfluidpower.com
domain jenenin.com
domain number1email.com
domain pennies-earned.com
domain stainedglassseattle.pw
hostname fuzo.dopybo.us
hostname login.microsoftonline.com.office.default.shatos.shnpoc.net
hostname zmnm.bramma.us
IPv4 104.27.142.236
IPv4 104.27.143.236
IPv4 169.46.202.162
IPv4 173.212.247.119
URL http://login.microsoftonline.com.office.default.shatos.shnpoc.net
URL https://dynamicfluidpower.com/cxx/onedri/one/
URL https://fuzo.dopybo.us/aaa/index2.php
URL https://jenenin.com/kul
URL https://number1email.com/wp-includes/IXR/oath1/redirect.php
URL https://pennies-earned.com/kilf/re.php
URL https://stainedglassseattle.pw/onedrive/ofiice/office/login.php
URL https://zmnm.bramma.us/

Argenta Phishing - 2018/09/19

publish date:

reference :

IOC Table
total 3
type value
domain online-domiciliering-service.one
IPv4 185.175.208.217
URL https://online-domiciliering-service.one/inzien/formulier/

o365 phishing - Pastebin.com

publish date:

reference :

IOC Table
total 18
type value
domain brianhigh.co.nz
domain kompu.es
domain shearingpoint-server.ml
domain weiterweiter.bid
hostname spiritisminscotland.gb.net
hostname www.absoluciones.com.mx
IPv4 104.31.94.244
IPv4 104.31.95.244
IPv4 176.9.73.153
IPv4 198.54.114.228
IPv4 66.147.242.88
IPv4 67.23.238.251
URL https://brianhigh.co.nz/index.php
URL https://kompu.es/wp/web/demolitionsound/ooff/%25%24%23%40%5e%26/ofiice
URL https://shearingpoint-server.ml/front//
URL https://spiritisminscotland.gb.net/M3/indexa.php
URL https://weiterweiter.bid/Office/one/
URL https://www.absoluciones.com.mx/libraries/owa/os

New Fareit/Pony malware campaign

publish date:

reference :

IOC Table
total 14
type value
CVE CVE-2017-11882
domain mdideals.us
domain myp0nysite.ru
FileHash-MD5 34b8ae48d946822e28209bae803844a6
FileHash-MD5 ed5b401d21f2dbb9e6a1af3437c048f9
FileHash-SHA1 394f25d6ed614a90e4e48258338196771d231180
FileHash-SHA1 9392a55a4720f952a55c559f883cefc56f25eef0
IPv4 151.80.159.160
IPv4 199.188.200.112
IPv4 78.142.19.67
URL http://78.142.19.67/%7Ewinvps/1_com/flora/gate.php
URL http://mdideals.us/florence9832423.jpg
URL http://mdideals.us/florence9832423.jpg 199.188.200.112
URL http://myp0nysite.ru/shit.exe

o365 Phishing - Pastebin.com

publish date:

reference :

IOC Table
total 19
type value
domain d8.cl
domain glotobanki.com
domain missionarytechteam.org
domain sgnews.net
hostname diversityunityfreedom.gb.net
hostname svr99.twilightparadox.com
IPv4 104.31.68.140
IPv4 104.31.69.140
IPv4 107.155.86.205
IPv4 173.236.21.2
IPv4 192.140.56.133
IPv4 199.192.25.10
IPv4 68.65.122.75
URL http://glotobanki.com/secured/SiteContent/14108/_vti_cnf/outlook/
URL http://missionarytechteam.org/Outlook/Micr2018/Adobe/
URL https://d8.cl/xiner/039333/783233/45363/
URL https://diversityunityfreedom.gb.net/M31R
URL https://sgnews.net/wp-content/bante/index.html
URL https://svr99.twilightparadox.com/5ba2103d19782

Fuc malware on Metadefender.com

publish date:

reference :

IOC Table
total 1
type value
CVE CVE-2012-1723

Ole malware on Metadefender.com

publish date:

reference :

Probably malware on Metadefender.com

publish date:

reference :

IOC Table
total 1
type value
CVE CVE-2017-11882

Shellcode malware on Metadefender.com

publish date:

reference :

Hzuf malware on Metadefender.com

publish date:

reference :

IOC Table
total 1
type value
CVE CVE-2012-0158

Swf malware on Metadefender.com

publish date:

reference :