APT_CyberCriminal_Campagin_.../2016/2016.10.31.Emissary_Trojan_Changelog/IoC.txt
CyberMonitor 7cd6ba7319 go
2017-02-11 15:00:00 +08:00

155 lines
4.6 KiB
Plaintext

Emissary Delivery Documents
42b8898c07374b1fc6a4a33441aadf10e47f226d9d3bf3368a459c0e221dff73
37f752f89b0384291af23542efc08c01be962c04e3b2c881a8bc1f8771e9179f
52b7f93bd4c2d1b1818f2a9506551852e2e7b511c9298e71edb54a39f69f94f2
5cda2251059c34f55ac23941b56e248b9a1111e98f62c5a307eadbb9618592dd
70097adba2743653bc73d0a2909a13f2904dbbcc1ffdb4e9013a8e61866abf5c
9bb0288f7b98fac909ed91ec24dad0d5a31e3eec93a1641849d9dab56c23aa59
b201c89fd7bdfc625bacfd4850feaa81269d9b41ed10ba1f7c0cb1339f4a6abe
ddbe42fb03bf9f4b9144396e814f13cd7054dcf238234dcb838fa9643136c03a
e67d3cc1684c789c3bd02af7a68b783fd90dc6d2d660b174d533f4c0e07490f9
0c550fad82f2653bc13d9629357a2a56df82602ee0ce96aa5a31f885e3aa29df
f36b7f63f46ae6afe8882b34c1ec11597c8537a3a7fa8b6521a83308940cc77b
Emissary Installers/Loaders
fdcd10a2c2bf802ba5b6be55c16c0bf407bcbee902b66466b0f954d2951fad2d
da29b647411153b49cbf4df862e3f36209eafb8ebe8b966429edec4fb15dbce9
721676d529a0c439594502f1d53fec697adc80fa1301d2bf20c2600d99ceed4e
0069029ee4029df88f700da335a06e0e3a534a94552fe966186166b526a20b6a
9420017390c598ee535c24f7bcbd39f40eca699d6c94dc35bcf59ddf918c59ab
26e2f4f9026f19156a73ffbfde438916f24d80b8812b6cebe98167eb9be0863c
8e3b7dc3dca92d7458265e2bcd69caa558cbbf24bbbf1200b9aa924260c42480
e817610b62ccd00bdfc9129f947ac7d078d97525e9628a3aa61027396dba419b
02831316a3a04c1248605f28fb08d810230dd4411b2a1fc8187508aea6b449c5
675869fac21a94c8f470765bc6dd15b17cc4492dd639b878f241a45b2c3890fc
70561f58c9e5868f44169854bcc906001947d98d15e9b4d2fbabd1262d938629
925d2f960d8db0510f3681c038311c0c2df86c5ba03f8cb61e3c8846c31bd6e1
98fb1d2975babc18624e3922406545458642e01360746870deee397df93f50e0
a8b0d084949c4f289beb4950f801bf99588d1b05f68587b245a31e8e82f7a1b8
b07fbb92484fd2aff6d28f0ab04d5f51e96420b6d670f921b0bbe0e5392da408
c72b07f2a423abc4fc45dfddc5162b8eb1ea97d5b5e66811526433f09b6cdf41
dd8ffb9f961299f7cc9cb51e17a5cccf79b7fb583e594b05ef93b54c8cad54f6
fbcb401cf06326ab4bb53fb9f01f1ca647f16f926811ea66984f1a1b8cf2f7bb
e21b47dfa9e250f49a3ab327b7444902e545bed3c4dcfa5e2e990af20593af6d
Emissary DLL Version 1.0 through 5.4
a7d07b92e48876e2195e5d8769a47cf0a237e11ac304e41b14fc36042b0d9484
e6c4611b1399ada920730686395d6fc1700fc39add3d0d40b4f784ccb6ad0c30
931a1284b11a3997c7a99076d582ed3436aa30409dc73bd763436dddd490f9cb
5edf2d0270f8e7eb5be3476802e46c578c4afc4b046411be0806b9acc3bfa099
9dab2d1b16eb0fb4ec2095d4b4e2a3ad67a707ab4f54f9c26539619691f103f3
dcbeca8c92d6d18f2faf385e677913dc8abac3fa3303c1f5cfe166180cffbed3
5171c9a593389011da4d72125e52bf7ef86b2da7fcd6c2a2bc95467afe6a1b58
70bed57bc3484fe5dbcf3c732bd7b11f80a742138f4733bc7e9b6d03e721da4a
c145bb2e4ce77c79aa01de2aec4a8b5b0b680e23bceda2c230903b5f0e119634
375190cc8e0e75cf771d66347ea2a04b6d1b59bf2f56823eb81270618f133e2d
e369417a7623d73346f6dff729e68f7e057f7f6dae7bb03d56a7510cb3bfe538
29d8dc863427c8e37b75eb738069c2172e79607acc7b65de6f8086ba36abf051
46ad72811990c1937d26e1f80ec1b9def8c112817f4bb9f94e3d1e4f0fb86f80
bfceccdd553c7e26006bb044ea6d87e597c7cce08218068e31dc940e9f55b636
731cd2ce87f4c4375782de0686b5b16619f8fa2de188522cbc8e64f8851bb7ed
acf7dc5a10b00f0aac102ecd9d87cd94f08a37b2726cb1e16948875751d04cc9
Emissary C2 URLs
http://101.55.121[.]79/lightserver/Default.aspx
http://101.55.33[.]92/default.aspx
http://101.55.33[.]92:80/default.aspx
http://101.55.33[.]95:80/default.aspx
http://103.243.24[.]179/Default.aspx
http://118.193.221[.]233:80/default.aspx
http://123.1.159[.]153/lightserver/Default.aspx
http://123.1.159[.]210/lightserver/Default.aspx
http://140.131.39[.]11/icanxp/help/help/default.aspx
http://163.20.127[.]27/0test/test/default.aspx
http://203.124.14[.]214/default.aspx
http://203.124.14[.]229/default.aspx
http://210.209.121[.]31/lightserver/default.aspx
http://210.209.121[.]92/lightserver/Default.aspx
http://210.209.121[.]92/weboffice/Default.aspx
http://appletree.onthenetas[.]com/Default.aspx
http://bluefield.byinter[.]net/lightserver/Default.aspx
http://booking.passinggas[.]net/lightserver/Default.aspx
http://chairman.OnTheNetAs[.]com/weboffice/Default.aspx
http://dnt5b.myfw[.]us/Default.aspx
http://dnt5b.myfw[.]us/default.aspx
http://eventlog.findhere[.]org/Default.aspx
http://grassland.OnTheNetAs[.]com/lightserver/Default.aspx
http://groupspace.findhere[.]org/lightserver/Default.aspx
http://photograph.myfw[.]us/lightserver/default.aspx
http://ustar5.PassAs[.]us/Default.aspx
http://ustar5.PassAs[.]us/default.aspx
http://webonline.OnTheNetAs[.]com/lightserver/default.aspx
http://www.danangqt[.]net:80/default.aspx
http://zooboo.PassingGas[.]net/weboffice/Default.aspx
Emissary Campaign Codes
3test
FJ201508
lyk_WW
A-1117a
QPR-Z0330
YUIO
ZGP-M
xman
A-1117a
Flash
FJ20151125
YUIO
ll
A-1231a
ux-2011
RT101212
111
UPG-ZHG-01
IC00001