IOCs 28_11_2021


 


(1)

File Name

VDI-QUOTATION-PAYMENT.xlsx

Created process

vbc.exe

Connected (Ip/Dns)

secure01-redirect[.]net

MD5

1325c1dc4db5e238475858c2feaa326a

SHA256

c84daab0159e54c17bbb8ff7c7d61111fef8588a9a540f5b5f74eb66aa1d1265

Family

Lokibot

 

(2)

File Name

6580579446983db99ba7f0870582a13a.exe

Created process

6580579446983db99ba7f0870582a13a.exe

Connected (Ip/Dns)

hdmibonquet.ir

MD5

6580579446983db99ba7f0870582a13a

SHA256

69610eb2689986f31a48f809678ffbb9e1d902aaf32a7987584b79e04d9d815f

Family

Lokibot

 

(3)

File Name

REP_89419812646634117.doc

Created process

ntvdm.exe

Connected (Ip/Dns)

Amelano[.]net, firelabo[.]com

MD5

1d6f0e7e30c1d9e3f64b0d36e602da50

SHA256

70b4dbed87a8be890a088d70057ce44413bf3a65df5c5c15d049de0b9c47ff8d

Family

Emotet

 

(4)

File Name

64054BA3C90D329FE750F7902674DFAB229DFE61673F6.exe

Created process

64054BA3C90D329FE750F7902674DFAB229DFE61673F6.exe

Connected (Ip/Dns)

Concideritdone[.]duckdns[.]org

MD5

87a9c22b51822df32a2d3a64cc993d3c

SHA256

64054ba3c90d329fe750f7902674dfab229dfe61673f63c96cd307708300a665

Family

Nanocore

 

(5)

File Name

300d7ba2-837c-4ff6-8484-fcbb7c7da8ea

Created process

300d7ba2-837c-4ff6-8484-fcbb7c7da8ea.exe

Connected (Ip/Dns)

mandar78325[.]duckdns[.]org

MD5

b603745b1de1c4659a1f0ec481d28122

SHA256

a8e7ed5bf8a9fb7def7dfc0b5ebefca9b7805dc271000ab8677f62d8679a8444

Family

Remcos

 

(6)

File Name

123_DVD_Ripper_v1_keygen.exe

Created process

123_DVD_Ripper_v1_keygen.exe

Connected (Ip/Dns)

Kvaka[.]li

MD5

e58e1c2c8163932ace8234bb2da7c93b

SHA256

c16f0bab128a87e41be5cb095262b1d652ca24a228754d075b27d3e2991d97c2

Family

Azorult

 

(7)

File Name

svchost.exe

Created process

svchost.exe

Connected (Ip/Dns)

JowaTonix976-41619[.]portmap[.]io

MD5

bdd1b56633a2966218849fd0d3598d93

SHA256

754bb708cf068adf1fdbcde6949f37b4a6501b66f6c5a050f23a0bae09aad40b

Family

Avemaria

 

(8)

File Name

DB4F561EC42EA2C6F0F2EEC13060C8035329625490940.exe

Created process

DB4F561EC42EA2C6F0F2EEC13060C8035329625490940.exe

Connected (Ip/Dns)

Creacionesfina[.]com, myp0nysite[.]ru

MD5

5c3fce4f9dac1d6b0ff14eae8fa03c7b

SHA256

db4f561ec42ea2c6f0f2eec13060c8035329625490940006fd21630a079691df

Family

Pony

 


(9)

File Name

A bunch of shit.zip

Created process

2018-01-28-Seamless-campaign-Rig-EK-payload-GandCrab-ransomware.exe"

Connected (Ip/Dns)

Nomoreransom[.]bit, gandcrab[.]bit

MD5

d83265f3da6386ed4628569d32759e68

SHA256

190d2b1687a04c56b2cc1ae7a4cd5ed8643867444ad09c4fee136a4374b6b737

Family

GandCrab

 

(10)

File Name

d7635680fdef884b00183d6e6279c816.js.vir

Created process

d7635680fdef884b00183d6e6279c816.js.vir

Connected (Ip/Dns)

1j1m3r3[.]kozow[.]com , wshsoft[.]company

MD5

d7635680fdef884b00183d6e6279c816

SHA256

2bad00a5d95151f8a72c537e066bb1d2f1f7c73dfadca31f0ec21da7935df1df

Family

wshrat

 

(11)

File Name

ee5d22a6100afb0935a51cc27ff16e833c796abce26d9ce254d66f30ab28c150.exe

Created process

ee5d22a6100afb0935a51cc27ff16e833c796abce26d9ce254d66f30ab28c150.exe

Connected (Ip/Dns)

23[.]229[.]29[.]48

MD5

90a89fc585f1c79b2629c9dd8520ddb9

SHA256

ee5d22a6100afb0935a51cc27ff16e833c796abce26d9ce254d66f30ab28c150

Family

Danabot

 


Comments

Post a Comment

Popular posts from this blog

IOCs 7_8_2021

Image
  (1) File Name Netflix Checker AutoProxy.rar Created process Qsbb.exe Connected (Ip/Dns) Fhruhceio[.]eu5[.]org MD5 54407258f1e20055897fe7dad504a5dc SHA256 4c54592475d4636eb0fe0555dbe44813332059d787c755571797484b87983a50 Family njRAT   (2) File Name Start.exe Created process yGYkD7gHOX.exe Connected (Ip/Dns) Telete[.]in MD5 e123bd2a5d074027510e792b92bce913 SHA256 245c87b29983815f1bad519d8490e4fae064ec3f4788781f3944cbe4ad7e8e8b Family Raccoon   (3) File Name Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Created process Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Connected (Ip/Dns) www[.]transinta[.]com MD5 c5
Read more

Phishing Attacks 23_4_2022

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course   (1) Sender ip 180.214.238.82 From "Dang Thi Thu Hien<hiendang@panpacific.co.kr>" Subject "RE: [SSC CS] F22 03/09 Buy Shipping request_04062022" Attachment "SEALOGISTICS DEBIT NOTE.zip" MD5 add8e964a595d7af30f02783943c3a00 SHA256 24f6485539bc5d700d17ec8d629827ea80dfae2eb2189e872f4b8ae0e7f1d66f Family AgentTesla   If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube   AgentTesla .         (2) Sender ip 138.197.200.182 From "Nguyen Thi Quy <nguyen@47.fximnii.sbs>" Subject "RE: Purchase Inquiry: KPC/PU-231(MECH)NBI/20-22"
Read more

Phishing Attacks 15_2_2021

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course (1) Sender ip 137.184.90.200 From "<zita@anthonybirch.ml>" Subject "Attached our formal P/O : 4501226854." Attachment "PO - 4501226854,pdf (1).iso" MD5 9addd85060db79af3b0ac0e3011c69c1 SHA256 b0b0135c292340ab5993a9f2bea6f3f6e6478fb5883fe2e1ef67c60cf3dd0944 Family Formbook   (2) Sender ip 143.198.41.151 From "Gilbert Anderson <info@digimaincheckshower.com>" Subject "Please accept my applicant " Attachment "Approvald-32134.doc" MD5 40582aacc0f7f8a0946a64249dae4767 SHA256 1b97ac97a845c9f63cf7308e3f6f983
Read more