NHC_QNAPCRYPT

publish date:

reference :

IOC Table
total 1
type value
YARA 6b17049e851eae6ff28e7cedbaffa455a8e0f6cf

Latest Dridex variant in circulation

publish date:

reference :

IOC Table
total 1
type value
FileHash-MD5 6e54136b7abd9e787cd62d2ff0c77acf

buhtrap

publish date:

reference :

IOC Table
total 29 View detail
type value
domain corp-microsoft.com
domain ipv6-microsoft.org
domain secure-telemetry.net
domain services-glbdns2.com
domain hdfilm-seyret.com
FileHash-SHA256 6e820b5732cd8bb95546cf39aeb6babe90cf4cc7dde675b718710babcf1740b5
FileHash-SHA256 b475f14a1ffdeaf883c73e97724544b9bba0f6c481830bd25e3ba0d0f69b9181
FileHash-SHA256 fd6c772c31da19a66283af4703d1d5072a9158d03031a4094ac2eb8dccd3d6d1
hostname win10.ipv6-microsoft.org
hostname 7812.reg0.5204.toor.win10.ipv6-microsoft.org
hostname redmond.corp-microsoft.com
hostname 7812.reg0.5267.toor.win10.ipv6-microsoft.org
hostname 7812.reg0.5173.toor.win10.ipv6-microsoft.org
hostname 7812.reg0.5314.toor.win10.ipv6-microsoft.org
hostname 7812.reg0.5361.toor.win10.ipv6-microsoft.org
URL http://redmond.corp-microsoft.com/g/help/index.php
URL https://services-glbdns2.com/FIGm6uJx0MhjJ2ImOVurJQTs0rRv5Ef2UGoSc
URL https://hdfilm-seyret.com/help/index.php
URL https://redmond.corp-microsoft.com/help/index.php
URL https://secure-telemetry.net/wp-login.php

ServHelper Malware

publish date:

reference :

IOC Table
total 61 View detail
type value
domain medastr.com
domain techno-d.it
domain shortag.icu
domain fjiisfa3iasddis33.icu
domain bascif.com
domain nextstep.mx
FileHash-SHA256 fcfaa5a008448be96b273ca3d59e28d4a0b20156909da676520dc5103d15ad77
FileHash-SHA256 a376e884f0cb39739fa42ebe6360f5432ea83325edcedc79492e8771609f9f90
FileHash-SHA256 ade64bcb51b89e2662efecbfa589d14a1157a317a62ce2aa98e393e8f2610a4e
FileHash-SHA256 ad377333d9d2d6620fcb6b63b4c48bf70202776e1e9bb38a8577434937c08e73
FileHash-SHA256 17d11b9e324faf3b1a53d8fdb002508fc0b6236472d762822d9b550c690b2623
FileHash-SHA256 5ff1fb5a71605746af7679bdee63d531341f8699b45db6155d784bae8e520d75
hostname ns3056231.ip-37-59-62.eu
URL http://169.239.129.61/k1
URL http://169.239.129.60/k1
URL http://shortag.icu/docs/s.php
URL http://bascif.com/tt1
URL http://169.239.129.60/t1
URL http://169.239.129.61:80
URL http://medastr.com/docs/s.php

XpertRAT

publish date:

reference :

IOC Table
total 14
type value
FileHash-MD5 ae70e7b1dd45769c7a33fd3021ad58fb
FileHash-MD5 53e1266d332fd41cbc5aa9a53763ad37
FileHash-MD5 2a0d46d75ea4e6afb0aaedcb95d499eb
FileHash-MD5 bde8cfdad7b2163b18e0685d773c8a7c
FileHash-MD5 dc23573f7489c7b0817f035d6aaf2fed
FileHash-MD5 bde8cfdad7b2163b18e0685d77292488
FileHash-MD5 53e1266d332fd41cbc5aa9a53763bb64
FileHash-MD5 027beafa44379dc101378a189566005a
FileHash-SHA256 3fec3cfb179c80e16c68c79b17970e8cb1f1470cd3b786bfc70f91e0632d0208
FileHash-SHA256 3c249ea5120fdccc8254db0e0fe8a91e21a9d3d53d90a264a34278f13b1796fe
hostname blog.yoroi.company
hostname thisurl.doesntexist.com
IPv4 216.38.2.211
URL https://blog.yoroi.company/research/spotting-rats-tales-from-a-criminal-attack/

Anubis Android Malware

publish date:

reference :

IOC Table
total 60 View detail
type value
domain firstdoxed.space
domain ndudetto.top
domain blackleaf.top
domain playclints1.space
domain sositehuypidarasi.com
domain ktosdelaetskrintotpidor.com
domain marksteylor.us
domain lskbfidsbvkjsfgakfjsdffsdfupdate.net
FileHash-SHA256 1acca6953081cfc12d5cbeda1990b93b3298b1adc3c6ffad624e454f5854736f
FileHash-SHA256 6079af3bab8bb0ba445cd0dd896d8c8d7845da3757755b4ef3af584d227e0490
FileHash-SHA256 9046270d735579bcedb6bb7c0a2ad21f9b5ef9432e46e733b36de964aecd3abc
FileHash-SHA256 f767baadda60c618d7e14461831e7371a54cdf152b1fd5eb52a8aa4bb7300227
URL https://blackleaf.top
URL http://demo.website.com/
URL https://ndudetto.top
URL https://playclints1.space
URL https://lskbfidsbvkjsfgakfjsdffsdfupdate.net/o1o/a16.php
URL https://firstdoxed.space
URL https://sositehuypidarasi.com
URL http://sositehuypidarasi.com

jalalas.mybigcommerce.com/sas_socgen777

publish date:

reference :

IOC Table
total 1
type value
URL http://jalalas.mybigcommerce.com/sas_socgen777

eCh0raix Ransomware

publish date:

reference :

IOC Table
total 10
type value
domain sg3dwqfpnr4sl5hh.onion
FileHash-MD5 95d8d99c935895b665d7da2f3409b88f
FileHash-SHA256 154dea7cace3d58c0ceccb5a3b8d7e0347674a0e76daffa9fa53578c036d9357
FileHash-SHA256 3d7ebe73319a3435293838296fbb86c2e920fd0ccc9169285cc2c4d7fa3f120d
URL http://sg3dwqfpnr4sl5hh.onion/order/144roXnW219APfnM5qz8vvw4CwnaYsy2av
URL http://sg3dwqfpnr4sl5hh.onion/static/
URL http://sg3dwqfpnr4sl5hh.onion/order/1LWqmP4oTjWS3ShfHWm1UjnvaLxfMr2kjm
URL http://sg3dwqfpnr4sl5hh.onion/api/GetAvailKeysByCampId/13
URL http://192.99.206.61:65000
YARA deb5e35b3f8e3cf66e6676afc67f52ea1756ca2e

Buhtrap group uses zero‑day in latest espionage campaigns

publish date:

reference :

IOC Table
total 29 View detail
type value
domain corp-microsoft.com
domain ipv6-microsoft.org
domain secure-telemetry.net
domain services-glbdns2.com
domain hdfilm-seyret.com
FileHash-SHA256 6e820b5732cd8bb95546cf39aeb6babe90cf4cc7dde675b718710babcf1740b5
FileHash-SHA256 b475f14a1ffdeaf883c73e97724544b9bba0f6c481830bd25e3ba0d0f69b9181
FileHash-SHA256 fd6c772c31da19a66283af4703d1d5072a9158d03031a4094ac2eb8dccd3d6d1
hostname win10.ipv6-microsoft.org
hostname 7812.reg0.5204.toor.win10.ipv6-microsoft.org
hostname redmond.corp-microsoft.com
hostname 7812.reg0.5267.toor.win10.ipv6-microsoft.org
hostname 7812.reg0.5173.toor.win10.ipv6-microsoft.org
hostname 7812.reg0.5314.toor.win10.ipv6-microsoft.org
hostname 7812.reg0.5361.toor.win10.ipv6-microsoft.org
URL http://redmond.corp-microsoft.com/g/help/index.php
URL https://services-glbdns2.com/FIGm6uJx0MhjJ2ImOVurJQTs0rRv5Ef2UGoSc
URL https://hdfilm-seyret.com/help/index.php
URL https://redmond.corp-microsoft.com/help/index.php
URL https://secure-telemetry.net/wp-login.php

SilentBruter

publish date:

reference :

IOC Table
total 19
type value
domain penisviva.com
domain akvarij.org
FileHash-MD5 1c315f9487ad20c3ac72747f13968507
FileHash-MD5 1f0792d43f023d1472880723d464316f
FileHash-SHA1 991e98b47248ac3ca90998197b20d563750af8a7
FileHash-SHA1 d9597552a1be9beea12a966ab158fd798353653f
FileHash-SHA256 46fd1e8d08d06cdb9d91e2fe19a1173821dffa051315626162e9d4b38223bd4a
FileHash-SHA256 05073af551fd4064cced8a8b13a4491125b3cd1f08defe3d3970b8211c46e6b2
hostname www.sgomezfragrances.com
IPv4 5.45.69.149
URL http://5.45.69.149:7000/static/img
URL http://5.45.69.149:7000/storage
URL http://5.45.69.149
URL http://5.45.69.149:7000/login
URL http://5.45.69.149:7000/static/assets
URL http://sgomezfragrances.com/search.exe
URL http://penisviva.com/readme.exe
URL http://akvarij.org/index.exe
URL http://www.sgomezfragrances.com/search.exe