mirror of
https://github.com/valitydev/signature-base.git
synced 2024-11-06 18:15:20 +00:00
OTX Update and b374k back connect shell
This commit is contained in:
Florian Roth
parent
de84c3ae42
commit
08ebcc5b36
@ -1,61 +1,142 @@
|
||||
84.11.146.62;The Kittens Strike Back https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/rocket-kitten-co
|
||||
107.6.181.116;The Kittens Strike Back https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/rocket-kitten-co
|
||||
chanstring.com;Linux.Lady http://vms.drweb.com/virus/?_is=1&i=8400823
|
||||
138.68.12.109;Linux.Lady http://vms.drweb.com/virus/?_is=1&i=8400823
|
||||
104.131.120.66;Linux.Lady http://vms.drweb.com/virus/?_is=1&i=8400823
|
||||
russell03.servehttp.com;MONSOON \u2013 ANALYSIS OF AN APT CAMPAIGN https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-securi
|
||||
wxycgc.steelhome.cn;MONSOON \u2013 ANALYSIS OF AN APT CAMPAIGN https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-securi
|
||||
wxkysteel.steelhome.cn;MONSOON \u2013 ANALYSIS OF AN APT CAMPAIGN https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-securi
|
||||
russell01.servebeer.com;MONSOON \u2013 ANALYSIS OF AN APT CAMPAIGN https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-securi
|
||||
wgeastchina.steelhome.cn;MONSOON \u2013 ANALYSIS OF AN APT CAMPAIGN https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-securi
|
||||
ussainbolt.mooo.com;MONSOON \u2013 ANALYSIS OF AN APT CAMPAIGN https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-securi
|
||||
asatar.ignorelist.com;MONSOON \u2013 ANALYSIS OF AN APT CAMPAIGN https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-securi
|
||||
russell02.servehttp.com;MONSOON \u2013 ANALYSIS OF AN APT CAMPAIGN https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-securi
|
||||
javedtar.chickenkiller.com;MONSOON \u2013 ANALYSIS OF AN APT CAMPAIGN https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-securi
|
||||
captain.chickenkiller.com;MONSOON \u2013 ANALYSIS OF AN APT CAMPAIGN https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-securi
|
||||
updatesoft.zapto.org;MONSOON \u2013 ANALYSIS OF AN APT CAMPAIGN https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-securi
|
||||
rasheed.crabdance.com;MONSOON \u2013 ANALYSIS OF AN APT CAMPAIGN https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-securi
|
||||
www.militaryworkerscn.com;MONSOON \u2013 ANALYSIS OF AN APT CAMPAIGN https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-securi
|
||||
tariqj.crabdance.com;MONSOON \u2013 ANALYSIS OF AN APT CAMPAIGN https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-securi
|
||||
www.cnmilit.com;MONSOON \u2013 ANALYSIS OF AN APT CAMPAIGN https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-securi
|
||||
updatesys.zapto.org;MONSOON \u2013 ANALYSIS OF AN APT CAMPAIGN https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-securi
|
||||
raheel.ignorelist.com;MONSOON \u2013 ANALYSIS OF AN APT CAMPAIGN https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-securi
|
||||
www.81-cn.net;MONSOON \u2013 ANALYSIS OF AN APT CAMPAIGN https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-securi
|
||||
ussainbolt1.mooo.com;MONSOON \u2013 ANALYSIS OF AN APT CAMPAIGN https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-securi
|
||||
www.newsnstat.com;MONSOON \u2013 ANALYSIS OF AN APT CAMPAIGN https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-securi
|
||||
212.129.13.110;MONSOON \u2013 ANALYSIS OF AN APT CAMPAIGN https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-securi
|
||||
85.25.79.230;MONSOON \u2013 ANALYSIS OF AN APT CAMPAIGN https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-securi
|
||||
45.43.192.172;MONSOON \u2013 ANALYSIS OF AN APT CAMPAIGN https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-securi
|
||||
43.249.37.173;MONSOON \u2013 ANALYSIS OF AN APT CAMPAIGN https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-securi
|
||||
5.254.98.68;MONSOON \u2013 ANALYSIS OF AN APT CAMPAIGN https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-securi
|
||||
194.63.142.174;MONSOON \u2013 ANALYSIS OF AN APT CAMPAIGN https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-securi
|
||||
axroot.com;Operation Manul https://www.eff.org/files/2016/08/03/i-got-a-letter-from-the-government.pdf
|
||||
mangoco.net;Operation Manul https://www.eff.org/files/2016/08/03/i-got-a-letter-from-the-government.pdf
|
||||
adobeinstall.com;Operation Manul https://www.eff.org/files/2016/08/03/i-got-a-letter-from-the-government.pdf
|
||||
kaliex.net;Operation Manul https://www.eff.org/files/2016/08/03/i-got-a-letter-from-the-government.pdf
|
||||
dropboxonline.com;Operation Manul https://www.eff.org/files/2016/08/03/i-got-a-letter-from-the-government.pdf
|
||||
orange2015.net;Operation Manul https://www.eff.org/files/2016/08/03/i-got-a-letter-from-the-government.pdf
|
||||
adobeair.net;Operation Manul https://www.eff.org/files/2016/08/03/i-got-a-letter-from-the-government.pdf
|
||||
adobe-flashviewer.accountslogin.services;Operation Manul https://www.eff.org/files/2016/08/03/i-got-a-letter-from-the-government.pdf
|
||||
jaysonj.no-ip.biz;Operation Manul https://www.eff.org/files/2016/08/03/i-got-a-letter-from-the-government.pdf
|
||||
98.37.201.117;CERT Orange Polska Report 2014 http://www.orange.pl/ocp-http/PL/Binary2/2003243/4102642946.pdf
|
||||
109.74.195.149;CERT Orange Polska Report 2014 http://www.orange.pl/ocp-http/PL/Binary2/2003243/4102642946.pdf
|
||||
42.121.125.34;CERT Orange Polska Report 2014 http://www.orange.pl/ocp-http/PL/Binary2/2003243/4102642946.pdf
|
||||
95.183.8.24;CERT Orange Polska Report 2014 http://www.orange.pl/ocp-http/PL/Binary2/2003243/4102642946.pdf
|
||||
42.121.133.1;CERT Orange Polska Report 2014 http://www.orange.pl/ocp-http/PL/Binary2/2003243/4102642946.pdf
|
||||
173.242.124.163;CERT Orange Polska Report 2014 http://www.orange.pl/ocp-http/PL/Binary2/2003243/4102642946.pdf
|
||||
118.184.176.15;CERT Orange Polska Report 2014 http://www.orange.pl/ocp-http/PL/Binary2/2003243/4102642946.pdf
|
||||
46.30.42.166;CERT Orange Polska Report 2014 http://www.orange.pl/ocp-http/PL/Binary2/2003243/4102642946.pdf
|
||||
donkixot17.ru;CERT Orange Polska Report 2014 http://www.orange.pl/ocp-http/PL/Binary2/2003243/4102642946.pdf
|
||||
donkixot17.net;CERT Orange Polska Report 2014 http://www.orange.pl/ocp-http/PL/Binary2/2003243/4102642946.pdf
|
||||
chanstring.com;Linux.Lady.1 propagating via Redis https://vms.drweb.com/virus/?_is=1&i=8400823 / https://vms.drweb.com/virus/?
|
||||
r.chanstring.com;Linux.Lady.1 propagating via Redis https://vms.drweb.com/virus/?_is=1&i=8400823 / https://vms.drweb.com/virus/?
|
||||
bikessport.com;Strider: Cyberespionage group turns eye of Sauron on targets http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sau
|
||||
rapidcomments.com;Strider: Cyberespionage group turns eye of Sauron on targets http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sau
|
||||
wildhorses.awardspace.info;Strider: Cyberespionage group turns eye of Sauron on targets http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sau
|
||||
www.myhomemusic.com;Strider: Cyberespionage group turns eye of Sauron on targets http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sau
|
||||
flowershop22.110mb.com;Strider: Cyberespionage group turns eye of Sauron on targets http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sau
|
||||
88.198.222.163;Group5: Syria and the Iranian Connection https://citizenlab.org/2016/08/group5-syria/
|
||||
air.dscvn.org;Korplug RAT used to attack Vietnamese institutions https://blog.malwarebytes.com/threat-analysis/2016/08/unpacking-the-spyware-disg
|
||||
adjust-local-settings.com;NSO Group\u2019s iPhone Zero-Days used against a UAE Human Rights Defender https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-grou
|
||||
bahrainsms.co;NSO Group\u2019s iPhone Zero-Days used against a UAE Human Rights Defender https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-grou
|
||||
emiratesfoundation.net;NSO Group\u2019s iPhone Zero-Days used against a UAE Human Rights Defender https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-grou
|
||||
fb-accounts.com;NSO Group\u2019s iPhone Zero-Days used against a UAE Human Rights Defender https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-grou
|
||||
cnn-africa.co;NSO Group\u2019s iPhone Zero-Days used against a UAE Human Rights Defender https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-grou
|
||||
topcontactco.com;NSO Group\u2019s iPhone Zero-Days used against a UAE Human Rights Defender https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-grou
|
||||
whatsapp-app.com;NSO Group\u2019s iPhone Zero-Days used against a UAE Human Rights Defender https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-grou
|
||||
newtarrifs.net;NSO Group\u2019s iPhone Zero-Days used against a UAE Human Rights Defender https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-grou
|
||||
icloudcacher.com;NSO Group\u2019s iPhone Zero-Days used against a UAE Human Rights Defender https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-grou
|
||||
turkeynewsupdates.com;NSO Group\u2019s iPhone Zero-Days used against a UAE Human Rights Defender https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-grou
|
||||
tpcontact.co.uk;NSO Group\u2019s iPhone Zero-Days used against a UAE Human Rights Defender https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-grou
|
||||
bulbazaur.com;NSO Group\u2019s iPhone Zero-Days used against a UAE Human Rights Defender https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-grou
|
||||
asrararabiya.co;NSO Group\u2019s iPhone Zero-Days used against a UAE Human Rights Defender https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-grou
|
||||
accounts.mx;NSO Group\u2019s iPhone Zero-Days used against a UAE Human Rights Defender https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-grou
|
||||
pickuchu.com;NSO Group\u2019s iPhone Zero-Days used against a UAE Human Rights Defender https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-grou
|
||||
uaenews.online;NSO Group\u2019s iPhone Zero-Days used against a UAE Human Rights Defender https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-grou
|
||||
aalaan.tv;NSO Group\u2019s iPhone Zero-Days used against a UAE Human Rights Defender https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-grou
|
||||
unonoticias.net;NSO Group\u2019s iPhone Zero-Days used against a UAE Human Rights Defender https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-grou
|
||||
track-your-fedex-package.org;NSO Group\u2019s iPhone Zero-Days used against a UAE Human Rights Defender https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-grou
|
||||
manoraonline.net;NSO Group\u2019s iPhone Zero-Days used against a UAE Human Rights Defender https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-grou
|
||||
damanhealth.online;NSO Group\u2019s iPhone Zero-Days used against a UAE Human Rights Defender https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-grou
|
||||
alawaeltech.com;NSO Group\u2019s iPhone Zero-Days used against a UAE Human Rights Defender https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-grou
|
||||
ooredoodeals.com;NSO Group\u2019s iPhone Zero-Days used against a UAE Human Rights Defender https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-grou
|
||||
redcrossworld.com;NSO Group\u2019s iPhone Zero-Days used against a UAE Human Rights Defender https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-grou
|
||||
googleplay-store.com;NSO Group\u2019s iPhone Zero-Days used against a UAE Human Rights Defender https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-grou
|
||||
mz-vodacom.info;NSO Group\u2019s iPhone Zero-Days used against a UAE Human Rights Defender https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-grou
|
||||
univision.click;NSO Group\u2019s iPhone Zero-Days used against a UAE Human Rights Defender https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-grou
|
||||
turkishairines.info;NSO Group\u2019s iPhone Zero-Days used against a UAE Human Rights Defender https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-grou
|
||||
sabafon.info;NSO Group\u2019s iPhone Zero-Days used against a UAE Human Rights Defender https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-grou
|
||||
smser.net;NSO Group\u2019s iPhone Zero-Days used against a UAE Human Rights Defender https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-grou
|
||||
bbc-africa.com;NSO Group\u2019s iPhone Zero-Days used against a UAE Human Rights Defender https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-grou
|
||||
y0utube.com.mx;NSO Group\u2019s iPhone Zero-Days used against a UAE Human Rights Defender https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-grou
|
||||
icrcworld.com;NSO Group\u2019s iPhone Zero-Days used against a UAE Human Rights Defender https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-grou
|
||||
alljazeera.co;NSO Group\u2019s iPhone Zero-Days used against a UAE Human Rights Defender https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-grou
|
||||
asrararablya.com;NSO Group\u2019s iPhone Zero-Days used against a UAE Human Rights Defender https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-grou
|
||||
checkinonlinehere.com;NSO Group\u2019s iPhone Zero-Days used against a UAE Human Rights Defender https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-grou
|
||||
asrarrarabiya.com;NSO Group\u2019s iPhone Zero-Days used against a UAE Human Rights Defender https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-grou
|
||||
sms.webadv.co;NSO Group\u2019s iPhone Zero-Days used against a UAE Human Rights Defender https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-grou
|
||||
185.106.120.182;Android Malware Targeting Journalists https://iranthreats.github.io/resources/android-malware/
|
||||
www.creammemory.com;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
www.cbkjdxf.com;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
www.km153.com;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
www.bigfixtools.com;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
www.appsecnic.com;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
www.bluesixnine.com;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
www.autoapec.com;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
www.iapfreecenter.com;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
www.lisword.com;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
www.km-nyc.com;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
www.newpresses.com;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
116.31.116.17;Chinese APT IP monitored on Alien Vault USM(demo) http://whois.domaintools.com/116.31.116.17 / https://isc.sans.edu//ipinfo.html?i
|
||||
wada-awa.org;SpearPhishing campaign targeting the World Anti-Doping Agency and the Court of Arbitration for Sport https://www.paralympic.org/news/wada-warns-stakeholders-phishing-scams
|
||||
wada-arna.org;SpearPhishing campaign targeting the World Anti-Doping Agency and the Court of Arbitration for Sport https://www.paralympic.org/news/wada-warns-stakeholders-phishing-scams
|
||||
tas-cass.org;SpearPhishing campaign targeting the World Anti-Doping Agency and the Court of Arbitration for Sport https://www.paralympic.org/news/wada-warns-stakeholders-phishing-scams
|
||||
xafmolog.ru;Vawtrak C2 \u2013 Pin it http://www.threatgeek.com/2016/08/vawtrak-trojan-variant-https-c2.html
|
||||
hzvmnpug.ru;Vawtrak C2 \u2013 Pin it http://www.threatgeek.com/2016/08/vawtrak-trojan-variant-https-c2.html
|
||||
ttliiubl.ru;Vawtrak C2 \u2013 Pin it http://www.threatgeek.com/2016/08/vawtrak-trojan-variant-https-c2.html
|
||||
xdpnchon.ru;Vawtrak C2 \u2013 Pin it http://www.threatgeek.com/2016/08/vawtrak-trojan-variant-https-c2.html
|
||||
sgtxgkbi.ru;Vawtrak C2 \u2013 Pin it http://www.threatgeek.com/2016/08/vawtrak-trojan-variant-https-c2.html
|
||||
hvnmwvdt.ru;Vawtrak C2 \u2013 Pin it http://www.threatgeek.com/2016/08/vawtrak-trojan-variant-https-c2.html
|
||||
qkgpedwe.ru;Vawtrak C2 \u2013 Pin it http://www.threatgeek.com/2016/08/vawtrak-trojan-variant-https-c2.html
|
||||
dmugmwbu.ru;Vawtrak C2 \u2013 Pin it http://www.threatgeek.com/2016/08/vawtrak-trojan-variant-https-c2.html
|
||||
rsojnear.ru;Vawtrak C2 \u2013 Pin it http://www.threatgeek.com/2016/08/vawtrak-trojan-variant-https-c2.html
|
||||
gdxwlrat.ru;Vawtrak C2 \u2013 Pin it http://www.threatgeek.com/2016/08/vawtrak-trojan-variant-https-c2.html
|
||||
kmosszts.ru;Vawtrak C2 \u2013 Pin it http://www.threatgeek.com/2016/08/vawtrak-trojan-variant-https-c2.html
|
||||
hstqothv.ru;Vawtrak C2 \u2013 Pin it http://www.threatgeek.com/2016/08/vawtrak-trojan-variant-https-c2.html
|
||||
qrqlyhfc.ru;Vawtrak C2 \u2013 Pin it http://www.threatgeek.com/2016/08/vawtrak-trojan-variant-https-c2.html
|
||||
ybqojmpa.ru;Vawtrak C2 \u2013 Pin it http://www.threatgeek.com/2016/08/vawtrak-trojan-variant-https-c2.html
|
||||
xyigqlfc.ru;Vawtrak C2 \u2013 Pin it http://www.threatgeek.com/2016/08/vawtrak-trojan-variant-https-c2.html
|
||||
nevlomzj.ru;Vawtrak C2 \u2013 Pin it http://www.threatgeek.com/2016/08/vawtrak-trojan-variant-https-c2.html
|
||||
enhicefv.ru;Vawtrak C2 \u2013 Pin it http://www.threatgeek.com/2016/08/vawtrak-trojan-variant-https-c2.html
|
||||
jhxrkeuh.ru;Vawtrak C2 \u2013 Pin it http://www.threatgeek.com/2016/08/vawtrak-trojan-variant-https-c2.html
|
||||
www.knowledgetime.slyip.net;Satellite Turla infrastructure https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-contr
|
||||
treesofter.mooo.com;Satellite Turla infrastructure https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-contr
|
||||
archive-articles.linkpc.net;Satellite Turla infrastructure https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-contr
|
||||
sendmessage.mooo.com;Satellite Turla infrastructure https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-contr
|
||||
forumgeek.zzux.com;Satellite Turla infrastructure https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-contr
|
||||
www.psychology-blog.ezua.com;Satellite Turla infrastructure https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-contr
|
||||
www.priceline.publicvm.com;Satellite Turla infrastructure https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-contr
|
||||
officebuild.4irc.com;Satellite Turla infrastructure https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-contr
|
||||
bestfunc.slyip.net;Satellite Turla infrastructure https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-contr
|
||||
newforum.chickenkiller.com;Satellite Turla infrastructure https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-contr
|
||||
tellmemore.4irc.com;Satellite Turla infrastructure https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-contr
|
||||
priceline.publicvm.com;Satellite Turla infrastructure https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-contr
|
||||
trytowin.ignorelist.com;Satellite Turla infrastructure https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-contr
|
||||
booking.strangled.net;Satellite Turla infrastructure https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-contr
|
||||
ebay-global.publicvm.com;Satellite Turla infrastructure https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-contr
|
||||
blackerror.ignorelist.com;Satellite Turla infrastructure https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-contr
|
||||
ceremon.2waky.com;Satellite Turla infrastructure https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-contr
|
||||
patherror.publicvm.com;Satellite Turla infrastructure https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-contr
|
||||
www.tellmemore.4irc.com;Satellite Turla infrastructure https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-contr
|
||||
worldlist.linkpc.net;Satellite Turla infrastructure https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-contr
|
||||
www.ebay-global.publicvm.com;Satellite Turla infrastructure https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-contr
|
||||
top100news.my-wan.de;Satellite Turla infrastructure https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-contr
|
||||
www.patherror.publicvm.com;Satellite Turla infrastructure https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-contr
|
||||
dellservice.publicvm.com;Satellite Turla infrastructure https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-contr
|
||||
papperbell.effers.com;Satellite Turla infrastructure https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-contr
|
||||
onlineshop.sellclassics.com;Satellite Turla infrastructure https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-contr
|
||||
climbent.mooo.com;Satellite Turla infrastructure https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-contr
|
||||
www.bestfunc.slyip.net;Satellite Turla infrastructure https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-contr
|
||||
knowledgetime.slyip.net;Satellite Turla infrastructure https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-contr
|
||||
badget.ignorelist.com;Satellite Turla infrastructure https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-contr
|
||||
highhills.ignorelist.com;Satellite Turla infrastructure https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-contr
|
||||
psychology-blog.ezua.com;Satellite Turla infrastructure https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-contr
|
||||
wordlisten.mooo.com;Satellite Turla infrastructure https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-contr
|
||||
www.dellservice.publicvm.com;Satellite Turla infrastructure https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-contr
|
||||
profound.zzux.com;Satellite Turla infrastructure https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-contr
|
||||
www.forumgeek.zzux.com;Satellite Turla infrastructure https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-contr
|
||||
kersachi.ignorelist.com;Satellite Turla infrastructure https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-contr
|
||||
www.worldlist.linkpc.net;Satellite Turla infrastructure https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-contr
|
||||
katynew.pw;Operation Ghoul: targeted attacks on industrial organizations https://securelist.com/blog/research/75718/operation-ghoul-targeted-attacks-on-i
|
||||
brokelimiteds.in;Operation Ghoul: targeted attacks on industrial organizations https://securelist.com/blog/research/75718/operation-ghoul-targeted-attacks-on-i
|
||||
indyproject.org;Operation Ghoul: targeted attacks on industrial organizations https://securelist.com/blog/research/75718/operation-ghoul-targeted-attacks-on-i
|
||||
f444c4f547116bfd052461b0b3ab1bc2b445a.com;Operation Ghoul: targeted attacks on industrial organizations https://securelist.com/blog/research/75718/operation-ghoul-targeted-attacks-on-i
|
||||
mercadojs.com;Operation Ghoul: targeted attacks on industrial organizations https://securelist.com/blog/research/75718/operation-ghoul-targeted-attacks-on-i
|
||||
glazeautocaree.com;Operation Ghoul: targeted attacks on industrial organizations https://securelist.com/blog/research/75718/operation-ghoul-targeted-attacks-on-i
|
||||
copylines.biz;Operation Ghoul: targeted attacks on industrial organizations https://securelist.com/blog/research/75718/operation-ghoul-targeted-attacks-on-i
|
||||
studiousb.com;Operation Ghoul: targeted attacks on industrial organizations https://securelist.com/blog/research/75718/operation-ghoul-targeted-attacks-on-i
|
||||
apple-recovery.us;Operation Ghoul: targeted attacks on industrial organizations https://securelist.com/blog/research/75718/operation-ghoul-targeted-attacks-on-i
|
||||
emailreferentie.appleid.apple.nl.468213579.com;Operation Ghoul: targeted attacks on industrial organizations https://securelist.com/blog/research/75718/operation-ghoul-targeted-attacks-on-i
|
||||
verificatie.appleid.apple.nl.referentie.357912468.com;Operation Ghoul: targeted attacks on industrial organizations https://securelist.com/blog/research/75718/operation-ghoul-targeted-attacks-on-i
|
||||
cgi.ebay.com-wn.in;Operation Ghoul: targeted attacks on industrial organizations https://securelist.com/blog/research/75718/operation-ghoul-targeted-attacks-on-i
|
||||
apple.security-block.com;Operation Ghoul: targeted attacks on industrial organizations https://securelist.com/blog/research/75718/operation-ghoul-targeted-attacks-on-i
|
||||
free.meedlifespeed.com;Operation Ghoul: targeted attacks on industrial organizations https://securelist.com/blog/research/75718/operation-ghoul-targeted-attacks-on-i
|
||||
customer.comcast.com.aboranian.com;Operation Ghoul: targeted attacks on industrial organizations https://securelist.com/blog/research/75718/operation-ghoul-targeted-attacks-on-i
|
||||
europcubit.com;Aveo Malware Family Targets Japanese Speaking Users http://researchcenter.paloaltonetworks.com/?p=17203
|
||||
snoozetime.info;Aveo Malware Family Targets Japanese Speaking Users http://researchcenter.paloaltonetworks.com/?p=17203
|
||||
bluepaint.info;Aveo Malware Family Targets Japanese Speaking Users http://researchcenter.paloaltonetworks.com/?p=17203
|
||||
7b7p.info;Aveo Malware Family Targets Japanese Speaking Users http://researchcenter.paloaltonetworks.com/?p=17203
|
||||
coinpack.info;Aveo Malware Family Targets Japanese Speaking Users http://researchcenter.paloaltonetworks.com/?p=17203
|
||||
donkeyhaws.info;Aveo Malware Family Targets Japanese Speaking Users http://researchcenter.paloaltonetworks.com/?p=17203
|
||||
50.63.202.38;Aveo Malware Family Targets Japanese Speaking Users http://researchcenter.paloaltonetworks.com/?p=17203
|
||||
104.202.173.82;Aveo Malware Family Targets Japanese Speaking Users http://researchcenter.paloaltonetworks.com/?p=17203
|
||||
107.180.36.179;Aveo Malware Family Targets Japanese Speaking Users http://researchcenter.paloaltonetworks.com/?p=17203
|
||||
web4solution.net;Shakti Trojan: Document Thief https://blog.malwarebytes.com/threat-analysis/2016/08/shakti-trojan-stealing-doc
|
||||
securedesignus.com;Shakti Trojan: Document Thief https://blog.malwarebytes.com/threat-analysis/2016/08/shakti-trojan-stealing-doc
|
||||
securedesignuk.com;Shakti Trojan: Document Thief https://blog.malwarebytes.com/threat-analysis/2016/08/shakti-trojan-stealing-doc
|
||||
zjfq4lnfbs7pncr5.onion.to;New Locky Ransomware Spotted in the Brazilian Underground Market, Uses Windows Script Files http://blog.trendmicro.com/trendlabs-security-intelligence/new-locky-ransomware-
|
||||
193.104.41.178;SteamStealer IPs https://bartblaze.blogspot.com/2014/11/malware-spreading-via-steam-chat.html / h
|
||||
31.170.164.100;SteamStealer IPs https://bartblaze.blogspot.com/2014/11/malware-spreading-via-steam-chat.html / h
|
||||
37.187.37.235;SteamStealer IPs https://bartblaze.blogspot.com/2014/11/malware-spreading-via-steam-chat.html / h
|
||||
@ -412,6 +493,112 @@ flowershop22.110mb.com;Strider: Cyberespionage group turns eye of Sauron on targ
|
||||
194.67.197.3;SteamStealer IPs https://bartblaze.blogspot.com/2014/11/malware-spreading-via-steam-chat.html / h
|
||||
194.58.69.204;SteamStealer IPs https://bartblaze.blogspot.com/2014/11/malware-spreading-via-steam-chat.html / h
|
||||
193.124.59.5;SteamStealer IPs https://bartblaze.blogspot.com/2014/11/malware-spreading-via-steam-chat.html / h
|
||||
185.146.171.13;SteamStealer IPs https://bartblaze.blogspot.com/2014/11/malware-spreading-via-steam-chat.html / h
|
||||
185.146.168.181;SteamStealer IPs https://bartblaze.blogspot.com/2014/11/malware-spreading-via-steam-chat.html / h
|
||||
clients14-google.com;Visa Alert indicators (Carbanak, MalumPOS) http://krebsonsecurity.com/2016/08/visa-alert-and-update-on-the-oracle-breach/ /
|
||||
clients12-google.com;Visa Alert indicators (Carbanak, MalumPOS) http://krebsonsecurity.com/2016/08/visa-alert-and-update-on-the-oracle-breach/ /
|
||||
clients4-google.com;Visa Alert indicators (Carbanak, MalumPOS) http://krebsonsecurity.com/2016/08/visa-alert-and-update-on-the-oracle-breach/ /
|
||||
clients2-google.com;Visa Alert indicators (Carbanak, MalumPOS) http://krebsonsecurity.com/2016/08/visa-alert-and-update-on-the-oracle-breach/ /
|
||||
clients1-google.com;Visa Alert indicators (Carbanak, MalumPOS) http://krebsonsecurity.com/2016/08/visa-alert-and-update-on-the-oracle-breach/ /
|
||||
clients7-google.com;Visa Alert indicators (Carbanak, MalumPOS) http://krebsonsecurity.com/2016/08/visa-alert-and-update-on-the-oracle-breach/ /
|
||||
clients6-google.com;Visa Alert indicators (Carbanak, MalumPOS) http://krebsonsecurity.com/2016/08/visa-alert-and-update-on-the-oracle-breach/ /
|
||||
clients5-google.com;Visa Alert indicators (Carbanak, MalumPOS) http://krebsonsecurity.com/2016/08/visa-alert-and-update-on-the-oracle-breach/ /
|
||||
clients9-google.com;Visa Alert indicators (Carbanak, MalumPOS) http://krebsonsecurity.com/2016/08/visa-alert-and-update-on-the-oracle-breach/ /
|
||||
clients3-google.com;Visa Alert indicators (Carbanak, MalumPOS) http://krebsonsecurity.com/2016/08/visa-alert-and-update-on-the-oracle-breach/ /
|
||||
clients8-google.com;Visa Alert indicators (Carbanak, MalumPOS) http://krebsonsecurity.com/2016/08/visa-alert-and-update-on-the-oracle-breach/ /
|
||||
80.255.3.109;Visa Alert indicators (Carbanak, MalumPOS) http://krebsonsecurity.com/2016/08/visa-alert-and-update-on-the-oracle-breach/ /
|
||||
185.86.149.115;Visa Alert indicators (Carbanak, MalumPOS) http://krebsonsecurity.com/2016/08/visa-alert-and-update-on-the-oracle-breach/ /
|
||||
164.132.221.147;Visa Alert indicators (Carbanak, MalumPOS) http://krebsonsecurity.com/2016/08/visa-alert-and-update-on-the-oracle-breach/ /
|
||||
107.181.246.211;Visa Alert indicators (Carbanak, MalumPOS) http://krebsonsecurity.com/2016/08/visa-alert-and-update-on-the-oracle-breach/ /
|
||||
192.169.82.86;Visa Alert indicators (Carbanak, MalumPOS) http://krebsonsecurity.com/2016/08/visa-alert-and-update-on-the-oracle-breach/ /
|
||||
85.10.229.196;Visa Alert indicators (Carbanak, MalumPOS) http://krebsonsecurity.com/2016/08/visa-alert-and-update-on-the-oracle-breach/ /
|
||||
45.32.129.185;SEDNIT Malware: Russian Operation Pawn Storm DNC Hack - Call for ANSIR http://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/pawn-storm-espion
|
||||
92.63.100.150;SEDNIT Malware: Russian Operation Pawn Storm DNC Hack - Call for ANSIR http://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/pawn-storm-espion
|
||||
clients14-google.com;Visa Alert and Update on the Oracle MICROS Breach http://krebsonsecurity.com/wp-content/uploads/2016/08/Visa-PFD-MICROS-Alert-12AU
|
||||
clients12-google.com;Visa Alert and Update on the Oracle MICROS Breach http://krebsonsecurity.com/wp-content/uploads/2016/08/Visa-PFD-MICROS-Alert-12AU
|
||||
clients4-google.com;Visa Alert and Update on the Oracle MICROS Breach http://krebsonsecurity.com/wp-content/uploads/2016/08/Visa-PFD-MICROS-Alert-12AU
|
||||
clients2-google.com;Visa Alert and Update on the Oracle MICROS Breach http://krebsonsecurity.com/wp-content/uploads/2016/08/Visa-PFD-MICROS-Alert-12AU
|
||||
clients1-google.com;Visa Alert and Update on the Oracle MICROS Breach http://krebsonsecurity.com/wp-content/uploads/2016/08/Visa-PFD-MICROS-Alert-12AU
|
||||
clients7-google.com;Visa Alert and Update on the Oracle MICROS Breach http://krebsonsecurity.com/wp-content/uploads/2016/08/Visa-PFD-MICROS-Alert-12AU
|
||||
clients6-google.com;Visa Alert and Update on the Oracle MICROS Breach http://krebsonsecurity.com/wp-content/uploads/2016/08/Visa-PFD-MICROS-Alert-12AU
|
||||
clients5-google.com;Visa Alert and Update on the Oracle MICROS Breach http://krebsonsecurity.com/wp-content/uploads/2016/08/Visa-PFD-MICROS-Alert-12AU
|
||||
clients9-google.com;Visa Alert and Update on the Oracle MICROS Breach http://krebsonsecurity.com/wp-content/uploads/2016/08/Visa-PFD-MICROS-Alert-12AU
|
||||
clients3-google.com;Visa Alert and Update on the Oracle MICROS Breach http://krebsonsecurity.com/wp-content/uploads/2016/08/Visa-PFD-MICROS-Alert-12AU
|
||||
clients8-google.com;Visa Alert and Update on the Oracle MICROS Breach http://krebsonsecurity.com/wp-content/uploads/2016/08/Visa-PFD-MICROS-Alert-12AU
|
||||
92.63.100.150;ET INFO JAVA - Java Archive Download By Vulnerable Client - Russian IP
|
||||
ispsystem.net;ET INFO JAVA - Java Archive Download By Vulnerable Client - Russian IP
|
||||
nederlandstest.com;Bad News Bears - Panda Banker Starts Looking More Like a Grizzly https://www.proofpoint.com/us/threat-insight/post/panda-banker-starts-looking-mo
|
||||
test2222test.info;Bad News Bears - Panda Banker Starts Looking More Like a Grizzly https://www.proofpoint.com/us/threat-insight/post/panda-banker-starts-looking-mo
|
||||
droidgrades.top;Android Marcher: Continuously Evolving Mobile Malware https://www.zscaler.com/blogs/research/android-marcher-continuously-evolving-mob
|
||||
droidgrades.us;Android Marcher: Continuously Evolving Mobile Malware https://www.zscaler.com/blogs/research/android-marcher-continuously-evolving-mob
|
||||
droidsg.pw;Android Marcher: Continuously Evolving Mobile Malware https://www.zscaler.com/blogs/research/android-marcher-continuously-evolving-mob
|
||||
apply.ebizx.net;Fresh Baked HOMEKit-made Cookles \u2013 With a DarkHotel Overlap http://researchcenter.paloaltonetworks.com/2016/08/unit42-fresh-baked-homekit-ma
|
||||
apply-wsu.ebizx.net;Fresh Baked HOMEKit-made Cookles \u2013 With a DarkHotel Overlap http://researchcenter.paloaltonetworks.com/2016/08/unit42-fresh-baked-homekit-ma
|
||||
dyn.pwnz.org;Fresh Baked HOMEKit-made Cookles \u2013 With a DarkHotel Overlap http://researchcenter.paloaltonetworks.com/2016/08/unit42-fresh-baked-homekit-ma
|
||||
dyn.kaleebso.com;Fresh Baked HOMEKit-made Cookles \u2013 With a DarkHotel Overlap http://researchcenter.paloaltonetworks.com/2016/08/unit42-fresh-baked-homekit-ma
|
||||
inocnation.com;#1020 Dissecting the Malware Involved in the INOCNATION Campaign https://www.fidelissecurity.com/sites/default/files/FTA_1020_Fidelis_Inocnation_
|
||||
mail.cbppnews.com;#1020 Dissecting the Malware Involved in the INOCNATION Campaign https://www.fidelissecurity.com/sites/default/files/FTA_1020_Fidelis_Inocnation_
|
||||
202.172.32.160;#1020 Dissecting the Malware Involved in the INOCNATION Campaign https://www.fidelissecurity.com/sites/default/files/FTA_1020_Fidelis_Inocnation_
|
||||
211.104.106.41;#1020 Dissecting the Malware Involved in the INOCNATION Campaign https://www.fidelissecurity.com/sites/default/files/FTA_1020_Fidelis_Inocnation_
|
||||
87.193.23.40;#1020 Dissecting the Malware Involved in the INOCNATION Campaign https://www.fidelissecurity.com/sites/default/files/FTA_1020_Fidelis_Inocnation_
|
||||
84.11.146.62;The Kittens Strike Back https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/rocket-kitten-co
|
||||
107.6.181.116;The Kittens Strike Back https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/rocket-kitten-co
|
||||
chanstring.com;Linux.Lady http://vms.drweb.com/virus/?_is=1&i=8400823
|
||||
138.68.12.109;Linux.Lady http://vms.drweb.com/virus/?_is=1&i=8400823
|
||||
104.131.120.66;Linux.Lady http://vms.drweb.com/virus/?_is=1&i=8400823
|
||||
russell03.servehttp.com;MONSOON \u2013 ANALYSIS OF AN APT CAMPAIGN https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-securi
|
||||
wxycgc.steelhome.cn;MONSOON \u2013 ANALYSIS OF AN APT CAMPAIGN https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-securi
|
||||
wxkysteel.steelhome.cn;MONSOON \u2013 ANALYSIS OF AN APT CAMPAIGN https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-securi
|
||||
russell01.servebeer.com;MONSOON \u2013 ANALYSIS OF AN APT CAMPAIGN https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-securi
|
||||
wgeastchina.steelhome.cn;MONSOON \u2013 ANALYSIS OF AN APT CAMPAIGN https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-securi
|
||||
ussainbolt.mooo.com;MONSOON \u2013 ANALYSIS OF AN APT CAMPAIGN https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-securi
|
||||
asatar.ignorelist.com;MONSOON \u2013 ANALYSIS OF AN APT CAMPAIGN https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-securi
|
||||
russell02.servehttp.com;MONSOON \u2013 ANALYSIS OF AN APT CAMPAIGN https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-securi
|
||||
javedtar.chickenkiller.com;MONSOON \u2013 ANALYSIS OF AN APT CAMPAIGN https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-securi
|
||||
captain.chickenkiller.com;MONSOON \u2013 ANALYSIS OF AN APT CAMPAIGN https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-securi
|
||||
updatesoft.zapto.org;MONSOON \u2013 ANALYSIS OF AN APT CAMPAIGN https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-securi
|
||||
rasheed.crabdance.com;MONSOON \u2013 ANALYSIS OF AN APT CAMPAIGN https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-securi
|
||||
www.militaryworkerscn.com;MONSOON \u2013 ANALYSIS OF AN APT CAMPAIGN https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-securi
|
||||
tariqj.crabdance.com;MONSOON \u2013 ANALYSIS OF AN APT CAMPAIGN https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-securi
|
||||
www.cnmilit.com;MONSOON \u2013 ANALYSIS OF AN APT CAMPAIGN https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-securi
|
||||
updatesys.zapto.org;MONSOON \u2013 ANALYSIS OF AN APT CAMPAIGN https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-securi
|
||||
raheel.ignorelist.com;MONSOON \u2013 ANALYSIS OF AN APT CAMPAIGN https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-securi
|
||||
www.81-cn.net;MONSOON \u2013 ANALYSIS OF AN APT CAMPAIGN https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-securi
|
||||
ussainbolt1.mooo.com;MONSOON \u2013 ANALYSIS OF AN APT CAMPAIGN https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-securi
|
||||
www.newsnstat.com;MONSOON \u2013 ANALYSIS OF AN APT CAMPAIGN https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-securi
|
||||
212.129.13.110;MONSOON \u2013 ANALYSIS OF AN APT CAMPAIGN https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-securi
|
||||
85.25.79.230;MONSOON \u2013 ANALYSIS OF AN APT CAMPAIGN https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-securi
|
||||
45.43.192.172;MONSOON \u2013 ANALYSIS OF AN APT CAMPAIGN https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-securi
|
||||
43.249.37.173;MONSOON \u2013 ANALYSIS OF AN APT CAMPAIGN https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-securi
|
||||
5.254.98.68;MONSOON \u2013 ANALYSIS OF AN APT CAMPAIGN https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-securi
|
||||
194.63.142.174;MONSOON \u2013 ANALYSIS OF AN APT CAMPAIGN https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-securi
|
||||
axroot.com;Operation Manul https://www.eff.org/files/2016/08/03/i-got-a-letter-from-the-government.pdf
|
||||
mangoco.net;Operation Manul https://www.eff.org/files/2016/08/03/i-got-a-letter-from-the-government.pdf
|
||||
adobeinstall.com;Operation Manul https://www.eff.org/files/2016/08/03/i-got-a-letter-from-the-government.pdf
|
||||
kaliex.net;Operation Manul https://www.eff.org/files/2016/08/03/i-got-a-letter-from-the-government.pdf
|
||||
dropboxonline.com;Operation Manul https://www.eff.org/files/2016/08/03/i-got-a-letter-from-the-government.pdf
|
||||
orange2015.net;Operation Manul https://www.eff.org/files/2016/08/03/i-got-a-letter-from-the-government.pdf
|
||||
adobeair.net;Operation Manul https://www.eff.org/files/2016/08/03/i-got-a-letter-from-the-government.pdf
|
||||
adobe-flashviewer.accountslogin.services;Operation Manul https://www.eff.org/files/2016/08/03/i-got-a-letter-from-the-government.pdf
|
||||
jaysonj.no-ip.biz;Operation Manul https://www.eff.org/files/2016/08/03/i-got-a-letter-from-the-government.pdf
|
||||
98.37.201.117;CERT Orange Polska Report 2014 http://www.orange.pl/ocp-http/PL/Binary2/2003243/4102642946.pdf
|
||||
109.74.195.149;CERT Orange Polska Report 2014 http://www.orange.pl/ocp-http/PL/Binary2/2003243/4102642946.pdf
|
||||
42.121.125.34;CERT Orange Polska Report 2014 http://www.orange.pl/ocp-http/PL/Binary2/2003243/4102642946.pdf
|
||||
95.183.8.24;CERT Orange Polska Report 2014 http://www.orange.pl/ocp-http/PL/Binary2/2003243/4102642946.pdf
|
||||
42.121.133.1;CERT Orange Polska Report 2014 http://www.orange.pl/ocp-http/PL/Binary2/2003243/4102642946.pdf
|
||||
173.242.124.163;CERT Orange Polska Report 2014 http://www.orange.pl/ocp-http/PL/Binary2/2003243/4102642946.pdf
|
||||
118.184.176.15;CERT Orange Polska Report 2014 http://www.orange.pl/ocp-http/PL/Binary2/2003243/4102642946.pdf
|
||||
46.30.42.166;CERT Orange Polska Report 2014 http://www.orange.pl/ocp-http/PL/Binary2/2003243/4102642946.pdf
|
||||
donkixot17.ru;CERT Orange Polska Report 2014 http://www.orange.pl/ocp-http/PL/Binary2/2003243/4102642946.pdf
|
||||
donkixot17.net;CERT Orange Polska Report 2014 http://www.orange.pl/ocp-http/PL/Binary2/2003243/4102642946.pdf
|
||||
chanstring.com;Linux.Lady.1 propagating via Redis https://vms.drweb.com/virus/?_is=1&i=8400823 / https://vms.drweb.com/virus/?
|
||||
r.chanstring.com;Linux.Lady.1 propagating via Redis https://vms.drweb.com/virus/?_is=1&i=8400823 / https://vms.drweb.com/virus/?
|
||||
bikessport.com;Strider: Cyberespionage group turns eye of Sauron on targets http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sau
|
||||
rapidcomments.com;Strider: Cyberespionage group turns eye of Sauron on targets http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sau
|
||||
wildhorses.awardspace.info;Strider: Cyberespionage group turns eye of Sauron on targets http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sau
|
||||
www.myhomemusic.com;Strider: Cyberespionage group turns eye of Sauron on targets http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sau
|
||||
flowershop22.110mb.com;Strider: Cyberespionage group turns eye of Sauron on targets http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sau
|
||||
88.198.222.163;Group5: Syria and the Iranian Connection https://citizenlab.org/2016/08/group5-syria/
|
||||
183.60.48.25;APT: Portscans for RDP, VNC, SSH and Telnet
|
||||
brandsparkbestnewproductawards.com;Cerber ransomware https://twitter.com/bartblaze/status/758600547247222784
|
||||
46.183.223.236;Cerber ransomware https://twitter.com/bartblaze/status/758600547247222784
|
||||
@ -12417,11 +12604,6 @@ dnt5b.myfw.us;Attack on French Diplomat Linked to Operation Lotus Blossom http:/
|
||||
ustar5.passas.us;Attack on French Diplomat Linked to Operation Lotus Blossom http://researchcenter.paloaltonetworks.com/2015/12/attack-on-french-diplomat-lin
|
||||
203.124.14.229;Attack on French Diplomat Linked to Operation Lotus Blossom http://researchcenter.paloaltonetworks.com/2015/12/attack-on-french-diplomat-lin
|
||||
190.123.45.139;Pro PoS - Point of Sales malware http://blog.talosintel.com/2015/12/pro-pos.html
|
||||
inocnation.com;#1020 Dissecting the Malware Involved in the INOCNATION Campaign https://www.fidelissecurity.com/sites/default/files/FTA_1020_Fidelis_Inocnation_
|
||||
mail.cbppnews.com;#1020 Dissecting the Malware Involved in the INOCNATION Campaign https://www.fidelissecurity.com/sites/default/files/FTA_1020_Fidelis_Inocnation_
|
||||
202.172.32.160;#1020 Dissecting the Malware Involved in the INOCNATION Campaign https://www.fidelissecurity.com/sites/default/files/FTA_1020_Fidelis_Inocnation_
|
||||
211.104.106.41;#1020 Dissecting the Malware Involved in the INOCNATION Campaign https://www.fidelissecurity.com/sites/default/files/FTA_1020_Fidelis_Inocnation_
|
||||
87.193.23.40;#1020 Dissecting the Malware Involved in the INOCNATION Campaign https://www.fidelissecurity.com/sites/default/files/FTA_1020_Fidelis_Inocnation_
|
||||
wx.iosyy.me;iOS Trojan "Tiny"\u201d Attacks Jailbroken Devices http://researchcenter.paloaltonetworks.com/2015/12/ios-trojan-tinyv-attacks-jail
|
||||
apt.appstt.com;iOS Trojan "Tiny"\u201d Attacks Jailbroken Devices http://researchcenter.paloaltonetworks.com/2015/12/ios-trojan-tinyv-attacks-jail
|
||||
ninthclub.com;Malvertising campaigns use domain shadowing to pull in Angler EK https://www.proofpoint.com/us/threat-insight/post/The-Shadow-Knows
|
||||
|
||||
@ -1,3 +1,312 @@
|
||||
c52464e9df8b3d08fc612a0f11fe53b2;Korplug RAT used to attack Vietnamese institutions https://blog.malwarebytes.com/threat-analysis/2016/08/unpacking-the-spyware-disg
|
||||
321a2f0abe47977d5c8663bd7a7c7d28;Korplug RAT used to attack Vietnamese institutions https://blog.malwarebytes.com/threat-analysis/2016/08/unpacking-the-spyware-disg
|
||||
28f151ae7f673c0cf369150e0d44e415;Korplug RAT used to attack Vietnamese institutions https://blog.malwarebytes.com/threat-analysis/2016/08/unpacking-the-spyware-disg
|
||||
a9891222232145581fe8d0d483edb4b18836bcfc;First Twitter-controlled Android botnet discovered http://www.welivesecurity.com/2016/08/24/first-twitter-controlled-android-botnet
|
||||
e5212d4416486af42e7ed1f58a526aef77be89be;First Twitter-controlled Android botnet discovered http://www.welivesecurity.com/2016/08/24/first-twitter-controlled-android-botnet
|
||||
aff9f39a6ca5d68c599b30012d79da29e2672c6e;First Twitter-controlled Android botnet discovered http://www.welivesecurity.com/2016/08/24/first-twitter-controlled-android-botnet
|
||||
85899e8270a7f1795189e67625a33098b8264bbd5c79d2800246aa69f89e8ee4;Android Malware Targeting Journalists https://iranthreats.github.io/resources/android-malware/
|
||||
d128d2177c65a24cc2938193b6b45e927679a367c7ba1d408baca734aef3e23f;Android Malware Targeting Journalists https://iranthreats.github.io/resources/android-malware/
|
||||
e2694da3a053c434d0265be78525cf43babd95efb2660446eddc7cdfda51f468;Android Malware Targeting Journalists https://iranthreats.github.io/resources/android-malware/
|
||||
40e09e28551080f4ebdba54ff15e81a5;Android Malware Targeting Journalists https://iranthreats.github.io/resources/android-malware/
|
||||
8b2ad85b8b5c835777664f240f2065e6;Android Malware Targeting Journalists https://iranthreats.github.io/resources/android-malware/
|
||||
3101082d0277e6de030da7a9b813dc93;Android Malware Targeting Journalists https://iranthreats.github.io/resources/android-malware/
|
||||
dea37352265078712314c6733d74a826700f7b37;Android Malware Targeting Journalists https://iranthreats.github.io/resources/android-malware/
|
||||
f4234a501edcd30d3bc15c983692c9450383b73bdd310059405c5e3a43cc730b;Fantom ransomware https://twitter.com/JakubKroustek/status/768509157196439558
|
||||
7d80230df68ccba871815d68f016c282;Fantom ransomware https://twitter.com/JakubKroustek/status/768509157196439558
|
||||
e10874c6108a26ceedfc84f50881824462b5b6b6;Fantom ransomware https://twitter.com/JakubKroustek/status/768509157196439558
|
||||
5d4f2871fd1818527ebd65b0ff930a77;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
b7b282c9e3eca888cbdb5a856e07e8bd;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
e26a2afaaddfb09d9ede505c6f1cc4e3;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
c9484902c7f1756b26244d6d644c9dd5;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
d8e68db503f4155ed1aeba95d1f5e3e4;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
40601cf29c1bbfe0942d1ac914d8ce27;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
c90f798ccfbedb4bbe6c4568e0f05b68;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
ab153afbfbcfc8c67cf055b0111f0003;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
29395c528693b69233c1c12bef8a64b3;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
b6c08fd8a9f32a17c3550d3b2d302dc5;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
28f2396a1e306d05519b97a3a46ee925;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
c4c068200ad8033a0f0cf28507b51842;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
6f931c15789d234881be8ae8ccfe33f4;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
ebf42e8b532e2f3b19046b028b5dfb23;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
414854a9b40f7757ed7bfc6a1b01250f;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
4c6b21e98ca03e0ef0910e07cef45dac;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
f18be055fae2490221c926e2ad55ab11;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
2a2b22aa94a59575ca1dea8dd489d2eb;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
4154548e1f8e9e7eb39d48a4cd75bcd1;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
d28d67b4397b7ce1508d10bf3054ffe5;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
9c31551cd8087072d08c9004c0ce76c5;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
74b87086887e0c67ffb035069b195ac7;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
e62a63307deead5c9fcca6b9a2d51fb0;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
cd1aa1c8cdf4a4ba8dc4309ce30ec263;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
62e5d5e244059dc02654f497401615cc;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
e3ae3cbc024e39121c87d73e87bb2210;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
95bfe940816a89f168cacbc340eb4a5f;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
4e5c116d874bbaaf7d6dadec7be926f5;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
2d75de9e1bb58fe61fd971bb720a49b7;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
9982fd829c0048c8f89620691316763a;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
5c7a6b3d1b85fad17333e02608844703;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
e39756bc99ee1b05e5ee92a1cdd5faf4;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
6e689351d94389ac6fdc341b859c7f6f;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
b8617302180d331e197cc0433fc5023d;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
acb2ba25ef225d820ac8a5923b746cb8;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
af670600dee2bf13a68eb962cce8f122;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
11876eaadeac34527c28f4ddfadd1e8d;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
7b111e1054b6b929de071c4f48386415;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
23813c5bf6a7af322b40bd2fd94bd42e;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
fe211c7a081c1dac46e3935f7c614549;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
6791254f160e98ac1f46b4d506b695ad;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
b5a343d11e1f7340de99118ce9fc1bbb;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
07bb30a2a42423e54f70af61e20edca3;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
b79d87ff6de654130da95c73f66c15fa;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
ed151602dea80f39173c2f7b1dd58e06;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
646e2cfa6aa457013769e2b89454acf7;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
550459b31d8dabaad1923565b7e50242;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
08f299c2d8cfe1ae64d71dfb15fe6e8d;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
b2138a57f723326eda5a26d2dec56851;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
8c713117af4ca6bbd69292a78069e75b;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
597805832d45d522c4882f21db800ecf;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
b83d43e3b2f0b0a0e5cc047ef258c2cb;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
71f25831681c19ea17b2f2a84a41bbfb;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
da92b863095ee730aef6c6c541ab7697;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
42ccbccf48fe1cb63a81c9f094465ae2;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
428fc53c84e921ac518e54a5d055f54a;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
a813eba27b2166620bd75029cc1f04b0;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
649fa64127fef1305ba141dd58fb83a5;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
44b98f22155f420af4528d17bb4a5ec8;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
9cbcc68c9b913a5fda445fbc7558c658;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
9c0cad1560cd0ffe2aa570621ef7d0a0;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
4fffcbdd4804f6952e0daf2d67507946;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
fad06d7b4450c4631302264486611ec3;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
ff00682b0b8c8d13b797d722d9048ea2;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
310a4a62ba3765cbf8e8bbb9f324c503;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
5b590798da581c894d8a87964763aa8b;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
a2e0203e665976a13cdffb4416917250;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
1f64afa4069036513604cbf651e53e0d;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
948a53450e1d7dc7535ea52ca7d5bddd;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
1133fe501fa4691b7f52e53706c80df9;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
b4ae0004094b37a40978ef06f311a75e;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
0fcb4ffe2eb391421ec876286c9ddb6c;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
82e13f3031130bd9d567c46a9c71ef2b;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
af1c1c5d8031c4942630b6a10270d8f4;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
b493ad490b691b8732983dcca8ea8b6f;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
db3e5c2f2ce07c2d3fa38d6fc1ceb854;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
8022a4136a6200580962da94f3cdb905;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
65232a8d555d7c4f7bc0d7c5da08c593;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
8ff473bedbcc77df2c49a91167b1abeb;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
4c10a1efed25b828e4785d9526507fbc;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
0570066887f44bc6c82ebe033cad0451;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
a9e8e402a7ee459e4896d0ba83543684;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
37aee58655f5859e60ece6b249107b87;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
c4dec6d69d8035d481e4f2c86f580e81;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
5ddbd80720997f7a8ff53396e8e8b920;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
49aca228674651cba776be727bdb7e60;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
5eaf3deaaf2efac92c73ada82a651afe;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
e9e514f8b1561011b4f034263c33a890;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
021e134c48cd9ce9eaf6a1c105197e5d;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
062fe1336459a851bd0ea271bb2afe35;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
65b984b198359003a5a3b8aaf91af234;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
139158fe63a0e46639cc20b754a7c38c;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
37e568bed4ae057e548439dc811b4d3a;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
80e39b656f9a77503fa3e6b7dd123ee3;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
f4a648a2382c51ca367be87d05628cff;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
0c4fcef3b583d0ffffc2b14b9297d3a4;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
d97aace631d6f089595f5ce177f54a39;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
12e1dcd71693b6f875a98aefbd4ec91a;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
8da9373fc5b8320fb04d6202ca1eb6f1;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
6508ee27afe517aa846f9447faef59b8;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
bbb3cb030686748b1244276e15085153;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
168d207d0599ed0bb5bcfca3b3e7a9d3;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
78c4fcee5b7fdbabf3b9941225d95166;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
9e3ef98abcfffcf3205261e09e06cba6;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
1e6ee89fddcf23132ee12802337add61;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
1b81b80ff0edf57da2440456d516cc90;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
002e27938c9390a942cf4b4c319f1768;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
8c9db773d387bf9b3f2b6a532e4c937c;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
c95cd106c1fecbd500f4b97566d8dc96;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
6bd422d56e85024e67cc12207e330984;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
bf8616bbed6d804a3dea09b230c2ab0c;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
b249bcf741e076f11b6c9553f6104f16;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
b5546842e08950bc17a438d785b5a019;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
ee1b23c97f809151805792f8778ead74;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
4f00235b5208c128440c5693b7b85366;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
40f47850c5ebf768fd1303a32310c73e;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
9e27277ef0b6b25ccb2bb79dbf7554a7;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
5ae51243647b7d03a5cb20dccbc0d561;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
853a20f5fc6d16202828df132c41a061;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
baff5262ae01a9217b10fcd5dad9d1d5;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
dc95b0e8ecb22ad607fc912219a640c1;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
572c9cd4388699347c0b2edb7c6f5e25;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
d93026b1c6c828d0905a0868e4cbc55f;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
d591dc11ecffdfaf1626c1055417a50d;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
53f1358cbc298da96ec56e9a08851b4b;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
df1799845b51300b03072c6569ab96d5;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
01d2383152795e4ec98b874cd585da30;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
592381dfa14e61bce089cd00c9b118ae;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
ba80e3ad617e6998f3c4b003397db840;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
1612b392d6145bfb0c43f8a48d78c75f;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
10aa368899774463a355f1397e6e5151;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
6ba315275561d99b1eb8fc614ff0b2b3;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
5dd625af837e164dd2084b1f44a45808;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
35dfb55f419f476a54241f46e624a1a4;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
8e2eee994cd1922e82dea58705cc9631;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
4ee00c46da143ba70f7e6270960823be;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
c2acc9fc9b0f050ec2103d3ba9cb11c0;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
ec3905d8e100644ae96ad9b51d701a7f;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
4a41c422e9eb29f5d722700b060bca11;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
c6e388ee5269239070e5ad7336d0bf59;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
09010917cd00dc8ddd21aeb066877aa2;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
0a4fdacde69a566f53833500a0d53a35;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
010ca5e1de980f5f45f9d82027e1606c;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
44992068aab25daa1decae93b25060af;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
d55514d8b97999453621a8614090cbf0;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
d38e02eac7e3b299b46ff2607dd0f288;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
0cdc35ffc222a714ee138b57d29c8749;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
49ee6365618b2a5819d36a48131e280c;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
7c307ca84f922674049c0c43ca09bec1;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
8214b0e18fbcd5db6b008884e7685f2c;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
f97ec83d68362e4dff4756ed1101fea8;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
95bb314fe8fdbe4df31a6d23b0d378bc;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
cb1087b2add3245418257d648ac9e9a7;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
a5ca2c5b4d8c0c1bc93570ed13dcab1a;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
b590c15499448639c2748ff9e0d214b2;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
1dbb584e19499e26398fb0a7aa2a01b7;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
08b54f9b2b3fb19e388d390d278f3e44;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
ad044dc0e2e1eaa19cf031dbcff9d770;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
cc06815e8d8c0083263651877decb44b;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
3166baffecccd0934bdc657c01491094;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
d8248be5ed0f2f8f9787be331a18c36b;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
59e055cee87d8faf6f701293e5830b5a;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
e6289e7f9f26be692cbe6f335a706014;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
4b8531d294c020d5f856b58a5a23b238;OTX Plus https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b
|
||||
a78972ac6dee8c7292ae06783cfa1f918bacfe956595d30a0a8d99858ce94b5a;VB Dropper and Shellcode for Hancitor Reveal New Techniques Behind Uptick http://researchcenter.paloaltonetworks.com/2016/08/unit42-vb-dropper-and-shellco
|
||||
4b3912077ef47515b2b74bc1f39de44ddd683a3a79f45c93777e49245f0e9848;VB Dropper and Shellcode for Hancitor Reveal New Techniques Behind Uptick http://researchcenter.paloaltonetworks.com/2016/08/unit42-vb-dropper-and-shellco
|
||||
03aef51be133425a0e5978ab2529890854ecf1b98a7cf8289c142a62de7acd1a;VB Dropper and Shellcode for Hancitor Reveal New Techniques Behind Uptick http://researchcenter.paloaltonetworks.com/2016/08/unit42-vb-dropper-and-shellco
|
||||
ad3d6b1d1d7ba9626c141b54478eddaf5391c982;BANKER Trojan Sports New Technique to Take Advantage of 2016 Olympics http://blog.trendmicro.com/trendlabs-security-intelligence/banker-trojan-sports-
|
||||
fdcdf4d29be548504f4905901a1a662f96808637;BANKER Trojan Sports New Technique to Take Advantage of 2016 Olympics http://blog.trendmicro.com/trendlabs-security-intelligence/banker-trojan-sports-
|
||||
37cf565b8ee6db67b11f2a084a11e30e14bfc8439c462270d01d50bdbae0ea61;Vawtrak C2 \u2013 Pin it http://www.threatgeek.com/2016/08/vawtrak-trojan-variant-https-c2.html
|
||||
6f9727385d3bf55e1d57fe7606999db2bc29f21b7f9d1d3fa7073218d73ac28d;Vawtrak C2 \u2013 Pin it http://www.threatgeek.com/2016/08/vawtrak-trojan-variant-https-c2.html
|
||||
a513fc3dd36d24ea9fd17596607278aa47a03b67a3c09aff72fc2a8b8a9e0636;Vawtrak C2 \u2013 Pin it http://www.threatgeek.com/2016/08/vawtrak-trojan-variant-https-c2.html
|
||||
721b673777b927146b1a62fd2079f726624b3e7c789d6f04e5ccd6f122d44e2d;Vawtrak C2 \u2013 Pin it http://www.threatgeek.com/2016/08/vawtrak-trojan-variant-https-c2.html
|
||||
eb259aaa694ede59d8f6bf9fc7c7218a;Vawtrak C2 \u2013 Pin it http://www.threatgeek.com/2016/08/vawtrak-trojan-variant-https-c2.html
|
||||
e75436d09b378f20de647ace1acd1d59;Vawtrak C2 \u2013 Pin it http://www.threatgeek.com/2016/08/vawtrak-trojan-variant-https-c2.html
|
||||
627914b5c8663ca5c3fef7be88c9f3f2;Vawtrak C2 \u2013 Pin it http://www.threatgeek.com/2016/08/vawtrak-trojan-variant-https-c2.html
|
||||
d0301d5552775eb1e2398127568d5111;Vawtrak C2 \u2013 Pin it http://www.threatgeek.com/2016/08/vawtrak-trojan-variant-https-c2.html
|
||||
cc6926cde42c6e29e96474f740d12a78;Operation Ghoul: targeted attacks on industrial organizations https://securelist.com/blog/research/75718/operation-ghoul-targeted-attacks-on-i
|
||||
c3cf7b29426b9749ece1465a4ab4259e;Operation Ghoul: targeted attacks on industrial organizations https://securelist.com/blog/research/75718/operation-ghoul-targeted-attacks-on-i
|
||||
5a97d62dc84ede64846ea4f3ad4d2f93;Operation Ghoul: targeted attacks on industrial organizations https://securelist.com/blog/research/75718/operation-ghoul-targeted-attacks-on-i
|
||||
b8f6e6a0cb1bcf1f100b8d8ee5cccc4c;Operation Ghoul: targeted attacks on industrial organizations https://securelist.com/blog/research/75718/operation-ghoul-targeted-attacks-on-i
|
||||
fc8da575077ae3db4f9b5991ae67dab1;Operation Ghoul: targeted attacks on industrial organizations https://securelist.com/blog/research/75718/operation-ghoul-targeted-attacks-on-i
|
||||
36a9ae8c6d32599f21c9d1725485f1a3;Operation Ghoul: targeted attacks on industrial organizations https://securelist.com/blog/research/75718/operation-ghoul-targeted-attacks-on-i
|
||||
8d46ee2d141176e9543dea9bf1c079c8;Operation Ghoul: targeted attacks on industrial organizations https://securelist.com/blog/research/75718/operation-ghoul-targeted-attacks-on-i
|
||||
6e959ccb692668e70780ff92757d2335;Operation Ghoul: targeted attacks on industrial organizations https://securelist.com/blog/research/75718/operation-ghoul-targeted-attacks-on-i
|
||||
3664d7150ac98571e7b5652fd7e44085;Operation Ghoul: targeted attacks on industrial organizations https://securelist.com/blog/research/75718/operation-ghoul-targeted-attacks-on-i
|
||||
21ea64157c84ef6b0451513d0d11d02e;Operation Ghoul: targeted attacks on industrial organizations https://securelist.com/blog/research/75718/operation-ghoul-targeted-attacks-on-i
|
||||
dabc47df7ae7d921f18faf685c367889;Operation Ghoul: targeted attacks on industrial organizations https://securelist.com/blog/research/75718/operation-ghoul-targeted-attacks-on-i
|
||||
aaee8ba81bee3deb1c95bd3aaa6b13d7;Operation Ghoul: targeted attacks on industrial organizations https://securelist.com/blog/research/75718/operation-ghoul-targeted-attacks-on-i
|
||||
55358155f96b67879938fe1a14a00dd6;Operation Ghoul: targeted attacks on industrial organizations https://securelist.com/blog/research/75718/operation-ghoul-targeted-attacks-on-i
|
||||
5a68f149c193715d13a361732f5adaa1;Operation Ghoul: targeted attacks on industrial organizations https://securelist.com/blog/research/75718/operation-ghoul-targeted-attacks-on-i
|
||||
d87d26309ef01b162882ee5069dc0bde;Operation Ghoul: targeted attacks on industrial organizations https://securelist.com/blog/research/75718/operation-ghoul-targeted-attacks-on-i
|
||||
ae2a78473d4544ed2acd46af2e09633d;Operation Ghoul: targeted attacks on industrial organizations https://securelist.com/blog/research/75718/operation-ghoul-targeted-attacks-on-i
|
||||
08c18d38809910667bbed747b2746201;Operation Ghoul: targeted attacks on industrial organizations https://securelist.com/blog/research/75718/operation-ghoul-targeted-attacks-on-i
|
||||
f9ef50c53a10db09fc78c123a95e8eec;Operation Ghoul: targeted attacks on industrial organizations https://securelist.com/blog/research/75718/operation-ghoul-targeted-attacks-on-i
|
||||
460e18f5ae3e3eb38f8cae911d447590;Operation Ghoul: targeted attacks on industrial organizations https://securelist.com/blog/research/75718/operation-ghoul-targeted-attacks-on-i
|
||||
07b105f15010b8c99d7d727ff3a9e70f;Operation Ghoul: targeted attacks on industrial organizations https://securelist.com/blog/research/75718/operation-ghoul-targeted-attacks-on-i
|
||||
8101c298a33d91a985a5150d0254cf426601e4632250f5a03ddac39375e7fb4d;Aveo Malware Family Targets Japanese Speaking Users http://researchcenter.paloaltonetworks.com/?p=17203
|
||||
9dccfdd2a503ef8614189225bbbac11ee6027590c577afcaada7e042e18625e2;Aveo Malware Family Targets Japanese Speaking Users http://researchcenter.paloaltonetworks.com/?p=17203
|
||||
d9181d69c40fc95d7d27448f5ece1878;Shakti Trojan: Document Thief https://blog.malwarebytes.com/threat-analysis/2016/08/shakti-trojan-stealing-doc
|
||||
bc05977b3f543ac1388c821274cbd22e;Shakti Trojan: Document Thief https://blog.malwarebytes.com/threat-analysis/2016/08/shakti-trojan-stealing-doc
|
||||
6992370821f8fbeea4a96f7be8015967;Shakti Trojan: Document Thief https://blog.malwarebytes.com/threat-analysis/2016/08/shakti-trojan-stealing-doc
|
||||
8ea35293cbb0712a520c7b89059d5a2a;Shakti Trojan: Document Thief https://blog.malwarebytes.com/threat-analysis/2016/08/shakti-trojan-stealing-doc
|
||||
7d0ebb99055e931e03f7981843fdb540;Shakti Trojan: Document Thief https://blog.malwarebytes.com/threat-analysis/2016/08/shakti-trojan-stealing-doc
|
||||
b1380af637b4011e674644e0a1a53a64;Shakti Trojan: Document Thief https://blog.malwarebytes.com/threat-analysis/2016/08/shakti-trojan-stealing-doc
|
||||
565951232e4a1d491d932c916bc534e8fb02b29b;New Locky Ransomware Spotted in the Brazilian Underground Market, Uses Windows Script Files http://blog.trendmicro.com/trendlabs-security-intelligence/new-locky-ransomware-
|
||||
6deccbb36f4e83834985fe49fc235683cf90f054;New Locky Ransomware Spotted in the Brazilian Underground Market, Uses Windows Script Files http://blog.trendmicro.com/trendlabs-security-intelligence/new-locky-ransomware-
|
||||
180bdd12c3ee6d8f0a2d47ddaad5a2daa513883e;New Locky Ransomware Spotted in the Brazilian Underground Market, Uses Windows Script Files http://blog.trendmicro.com/trendlabs-security-intelligence/new-locky-ransomware-
|
||||
ae78a7b67cb5d3c92406cfa9f5fb38adc8015fdf;New Locky Ransomware Spotted in the Brazilian Underground Market, Uses Windows Script Files http://blog.trendmicro.com/trendlabs-security-intelligence/new-locky-ransomware-
|
||||
0b4396bd30f65b74ce38f7f8f6b7bc1e451fbccc;New Locky Ransomware Spotted in the Brazilian Underground Market, Uses Windows Script Files http://blog.trendmicro.com/trendlabs-security-intelligence/new-locky-ransomware-
|
||||
005cc479faa2324625365bde7771096683312737;New Locky Ransomware Spotted in the Brazilian Underground Market, Uses Windows Script Files http://blog.trendmicro.com/trendlabs-security-intelligence/new-locky-ransomware-
|
||||
812fbf9e30a7b86c4a72cca66e1d2fc57344bb09;New Locky Ransomware Spotted in the Brazilian Underground Market, Uses Windows Script Files http://blog.trendmicro.com/trendlabs-security-intelligence/new-locky-ransomware-
|
||||
288c7c4fa2fc2a36e532f938b1dc18e4918a0e36;New Locky Ransomware Spotted in the Brazilian Underground Market, Uses Windows Script Files http://blog.trendmicro.com/trendlabs-security-intelligence/new-locky-ransomware-
|
||||
d8ff29cff5341b361ca3cee67eabbd22698daa2b;New Locky Ransomware Spotted in the Brazilian Underground Market, Uses Windows Script Files http://blog.trendmicro.com/trendlabs-security-intelligence/new-locky-ransomware-
|
||||
4641fb72aaf1461401490eaf1916de4103bbece5;New Locky Ransomware Spotted in the Brazilian Underground Market, Uses Windows Script Files http://blog.trendmicro.com/trendlabs-security-intelligence/new-locky-ransomware-
|
||||
22de960d38310643c3e68c2ba8ec68d855b43ebd;New Locky Ransomware Spotted in the Brazilian Underground Market, Uses Windows Script Files http://blog.trendmicro.com/trendlabs-security-intelligence/new-locky-ransomware-
|
||||
936ac2f42a1a641d52ba8078c42f5879e2dd41a0;New Locky Ransomware Spotted in the Brazilian Underground Market, Uses Windows Script Files http://blog.trendmicro.com/trendlabs-security-intelligence/new-locky-ransomware-
|
||||
3790c8bc8e691c79d80e458ba5e5c80b0b12a0c8;New Locky Ransomware Spotted in the Brazilian Underground Market, Uses Windows Script Files http://blog.trendmicro.com/trendlabs-security-intelligence/new-locky-ransomware-
|
||||
0e76d8fd54289043012a917148dacda0730e4d88;New Locky Ransomware Spotted in the Brazilian Underground Market, Uses Windows Script Files http://blog.trendmicro.com/trendlabs-security-intelligence/new-locky-ransomware-
|
||||
8bdc38b005e09b34c1bce94529158de75408e905;New Locky Ransomware Spotted in the Brazilian Underground Market, Uses Windows Script Files http://blog.trendmicro.com/trendlabs-security-intelligence/new-locky-ransomware-
|
||||
eb01089b3625d56d50e8768e94cfef1c84c25601;New Locky Ransomware Spotted in the Brazilian Underground Market, Uses Windows Script Files http://blog.trendmicro.com/trendlabs-security-intelligence/new-locky-ransomware-
|
||||
a94ce98bcc9a130aa88e9655672497c701bda4a5;New Locky Ransomware Spotted in the Brazilian Underground Market, Uses Windows Script Files http://blog.trendmicro.com/trendlabs-security-intelligence/new-locky-ransomware-
|
||||
bb8aba09bc9b97c7358b62f2ff016d05955a5967;New Locky Ransomware Spotted in the Brazilian Underground Market, Uses Windows Script Files http://blog.trendmicro.com/trendlabs-security-intelligence/new-locky-ransomware-
|
||||
fc591d83cdebe57b60588f59466ec3b12283cc2c;New Locky Ransomware Spotted in the Brazilian Underground Market, Uses Windows Script Files http://blog.trendmicro.com/trendlabs-security-intelligence/new-locky-ransomware-
|
||||
e2d94f69134d97c71f2b70fc0a3558b30637e46d;New Locky Ransomware Spotted in the Brazilian Underground Market, Uses Windows Script Files http://blog.trendmicro.com/trendlabs-security-intelligence/new-locky-ransomware-
|
||||
dcdb228d515f08673542b89abb86f36b3b134d72;New Locky Ransomware Spotted in the Brazilian Underground Market, Uses Windows Script Files http://blog.trendmicro.com/trendlabs-security-intelligence/new-locky-ransomware-
|
||||
9f48fa841fc8b0e945c43db5b18b37bdf2da8f5b;New Locky Ransomware Spotted in the Brazilian Underground Market, Uses Windows Script Files http://blog.trendmicro.com/trendlabs-security-intelligence/new-locky-ransomware-
|
||||
5be1de4a018b746953381ea400278d25e7c3d024;New Locky Ransomware Spotted in the Brazilian Underground Market, Uses Windows Script Files http://blog.trendmicro.com/trendlabs-security-intelligence/new-locky-ransomware-
|
||||
2c62f7b01dd423cef488100f7c0ca440194657d9;New Locky Ransomware Spotted in the Brazilian Underground Market, Uses Windows Script Files http://blog.trendmicro.com/trendlabs-security-intelligence/new-locky-ransomware-
|
||||
719f0d406038b932805d338f929d12c899ec97e1;New Locky Ransomware Spotted in the Brazilian Underground Market, Uses Windows Script Files http://blog.trendmicro.com/trendlabs-security-intelligence/new-locky-ransomware-
|
||||
5994eb7696e11818d01bc7447adcf9ec5c1c5f13;New Locky Ransomware Spotted in the Brazilian Underground Market, Uses Windows Script Files http://blog.trendmicro.com/trendlabs-security-intelligence/new-locky-ransomware-
|
||||
3bc8656186ee93d25173ba0f3c07a9cced23e7cd;New Locky Ransomware Spotted in the Brazilian Underground Market, Uses Windows Script Files http://blog.trendmicro.com/trendlabs-security-intelligence/new-locky-ransomware-
|
||||
3329fb8fd5e664ccde59e12e608e0bce3ef95225;New Locky Ransomware Spotted in the Brazilian Underground Market, Uses Windows Script Files http://blog.trendmicro.com/trendlabs-security-intelligence/new-locky-ransomware-
|
||||
08f1565514122c578da05cbf8b50ee9dcfa41af6;New Locky Ransomware Spotted in the Brazilian Underground Market, Uses Windows Script Files http://blog.trendmicro.com/trendlabs-security-intelligence/new-locky-ransomware-
|
||||
69da16cb954e8e48cea4b64a6bbc267ed01ab2b3;New Locky Ransomware Spotted in the Brazilian Underground Market, Uses Windows Script Files http://blog.trendmicro.com/trendlabs-security-intelligence/new-locky-ransomware-
|
||||
c76222e1206bad8e9a4a6f4867b2e235638a4c4c;New Locky Ransomware Spotted in the Brazilian Underground Market, Uses Windows Script Files http://blog.trendmicro.com/trendlabs-security-intelligence/new-locky-ransomware-
|
||||
b2d1e7860f617014e0546b9d48450f221fe118ec;New Locky Ransomware Spotted in the Brazilian Underground Market, Uses Windows Script Files http://blog.trendmicro.com/trendlabs-security-intelligence/new-locky-ransomware-
|
||||
e3e49bf06cd03fb0ea687507931927e32e0a5a1c;New Locky Ransomware Spotted in the Brazilian Underground Market, Uses Windows Script Files http://blog.trendmicro.com/trendlabs-security-intelligence/new-locky-ransomware-
|
||||
91762a5406e5291837ed259cd840cf4d22a2ddfa;New Locky Ransomware Spotted in the Brazilian Underground Market, Uses Windows Script Files http://blog.trendmicro.com/trendlabs-security-intelligence/new-locky-ransomware-
|
||||
752ab2146016bcafbfe17f710d61d3ad3822f849;New Locky Ransomware Spotted in the Brazilian Underground Market, Uses Windows Script Files http://blog.trendmicro.com/trendlabs-security-intelligence/new-locky-ransomware-
|
||||
a2899353b237e08a7570c674d05d326d43173231;New Locky Ransomware Spotted in the Brazilian Underground Market, Uses Windows Script Files http://blog.trendmicro.com/trendlabs-security-intelligence/new-locky-ransomware-
|
||||
0a17d419461f2a7a722f4e15c2760d182626e698;New Locky Ransomware Spotted in the Brazilian Underground Market, Uses Windows Script Files http://blog.trendmicro.com/trendlabs-security-intelligence/new-locky-ransomware-
|
||||
da0fd77c60a2c9a53985a096bdae1bef89034a01;New Locky Ransomware Spotted in the Brazilian Underground Market, Uses Windows Script Files http://blog.trendmicro.com/trendlabs-security-intelligence/new-locky-ransomware-
|
||||
56dd1d2b944dae25e87a2f9b7d6c653b2ece4486;New Locky Ransomware Spotted in the Brazilian Underground Market, Uses Windows Script Files http://blog.trendmicro.com/trendlabs-security-intelligence/new-locky-ransomware-
|
||||
6014a6afdf09edeb927a9a6a4e0df591d72b1899;New Locky Ransomware Spotted in the Brazilian Underground Market, Uses Windows Script Files http://blog.trendmicro.com/trendlabs-security-intelligence/new-locky-ransomware-
|
||||
e362b04fe7f26663d7d43dd829d3c4310b2fc699;New Locky Ransomware Spotted in the Brazilian Underground Market, Uses Windows Script Files http://blog.trendmicro.com/trendlabs-security-intelligence/new-locky-ransomware-
|
||||
0b7b2ba3c35e334bf5bc13929c77ecaf51758e2b;New Locky Ransomware Spotted in the Brazilian Underground Market, Uses Windows Script Files http://blog.trendmicro.com/trendlabs-security-intelligence/new-locky-ransomware-
|
||||
9ba7499c98e2b52303912352e1aca694552e0e86;New Locky Ransomware Spotted in the Brazilian Underground Market, Uses Windows Script Files http://blog.trendmicro.com/trendlabs-security-intelligence/new-locky-ransomware-
|
||||
6a9b6ae21c5f5e560591b73d0049f6ca2d720122;New Locky Ransomware Spotted in the Brazilian Underground Market, Uses Windows Script Files http://blog.trendmicro.com/trendlabs-security-intelligence/new-locky-ransomware-
|
||||
21dca77e6ef9e89c788ee0b592c22f5448de2762;New Locky Ransomware Spotted in the Brazilian Underground Market, Uses Windows Script Files http://blog.trendmicro.com/trendlabs-security-intelligence/new-locky-ransomware-
|
||||
1a46c45a443b1c10eaa9aa317cd343b83160828f;New Locky Ransomware Spotted in the Brazilian Underground Market, Uses Windows Script Files http://blog.trendmicro.com/trendlabs-security-intelligence/new-locky-ransomware-
|
||||
0c82f9ebc4ace5d6fd62c04972cf6a56aa022bfd;New Locky Ransomware Spotted in the Brazilian Underground Market, Uses Windows Script Files http://blog.trendmicro.com/trendlabs-security-intelligence/new-locky-ransomware-
|
||||
b8b79e8baf39e0e7616170216b25c1505974f42c;New Locky Ransomware Spotted in the Brazilian Underground Market, Uses Windows Script Files http://blog.trendmicro.com/trendlabs-security-intelligence/new-locky-ransomware-
|
||||
5a044104a6eed7e343814b3e0fc2db535c515ea2;New Locky Ransomware Spotted in the Brazilian Underground Market, Uses Windows Script Files http://blog.trendmicro.com/trendlabs-security-intelligence/new-locky-ransomware-
|
||||
a2420f7806b3e00db9608abf80ee91a2447f68ad;New Locky Ransomware Spotted in the Brazilian Underground Market, Uses Windows Script Files http://blog.trendmicro.com/trendlabs-security-intelligence/new-locky-ransomware-
|
||||
2cf2f41d2454b59641a84f8180fd7e32135a0dbc;Visa Alert indicators (Carbanak, MalumPOS) http://krebsonsecurity.com/2016/08/visa-alert-and-update-on-the-oracle-breach/ /
|
||||
d0b3562d868694fd1147e15483f88f3a78ebedfb;Visa Alert indicators (Carbanak, MalumPOS) http://krebsonsecurity.com/2016/08/visa-alert-and-update-on-the-oracle-breach/ /
|
||||
757ae5eed0c5e229ad9bae586f1281b5de053767;Visa Alert indicators (Carbanak, MalumPOS) http://krebsonsecurity.com/2016/08/visa-alert-and-update-on-the-oracle-breach/ /
|
||||
fe713f9bb90b999250c3b6a3bba965d603de32a3;Visa Alert indicators (Carbanak, MalumPOS) http://krebsonsecurity.com/2016/08/visa-alert-and-update-on-the-oracle-breach/ /
|
||||
90e85b471b64667dbcde3aee3fa504c0d4b0ad35;Visa Alert indicators (Carbanak, MalumPOS) http://krebsonsecurity.com/2016/08/visa-alert-and-update-on-the-oracle-breach/ /
|
||||
f728bf7d6dbfc4c7bea21d6a3fd0b88f4fe52a4a;Visa Alert indicators (Carbanak, MalumPOS) http://krebsonsecurity.com/2016/08/visa-alert-and-update-on-the-oracle-breach/ /
|
||||
798bc2d91293c18af7e99ba7c9a4fd3010051741;Visa Alert indicators (Carbanak, MalumPOS) http://krebsonsecurity.com/2016/08/visa-alert-and-update-on-the-oracle-breach/ /
|
||||
7bd8ec3cabcb9cde609b3bac1bf3f9e72a6d9c06717f4a87575c56b663501010;Visa Alert indicators (Carbanak, MalumPOS) http://krebsonsecurity.com/2016/08/visa-alert-and-update-on-the-oracle-breach/ /
|
||||
b524746a569e1eebcfc4fea6be8515144cda0dd9a0904f76507c42c72e9dfa45;Visa Alert indicators (Carbanak, MalumPOS) http://krebsonsecurity.com/2016/08/visa-alert-and-update-on-the-oracle-breach/ /
|
||||
09476a996bc78b1f45f8056153aba1896f5c5589d9cdd5a703e72e078a9d5693;Visa Alert indicators (Carbanak, MalumPOS) http://krebsonsecurity.com/2016/08/visa-alert-and-update-on-the-oracle-breach/ /
|
||||
c8b07874594760d5c40f79f7f9d2eb05f07bc663951dacbb924fd615ee2a396d;Visa Alert indicators (Carbanak, MalumPOS) http://krebsonsecurity.com/2016/08/visa-alert-and-update-on-the-oracle-breach/ /
|
||||
1ba17497994ef84c7853c59ae089fcaa;Visa Alert indicators (Carbanak, MalumPOS) http://krebsonsecurity.com/2016/08/visa-alert-and-update-on-the-oracle-breach/ /
|
||||
45699cb86d10cf8ac5bd88276ec65eda;Visa Alert indicators (Carbanak, MalumPOS) http://krebsonsecurity.com/2016/08/visa-alert-and-update-on-the-oracle-breach/ /
|
||||
3efea0afa146936d7c019107f3866b39;Visa Alert indicators (Carbanak, MalumPOS) http://krebsonsecurity.com/2016/08/visa-alert-and-update-on-the-oracle-breach/ /
|
||||
acdd2cffc40d73fdc11eb38954348612;Visa Alert indicators (Carbanak, MalumPOS) http://krebsonsecurity.com/2016/08/visa-alert-and-update-on-the-oracle-breach/ /
|
||||
2cf2f41d2454b59641a84f8180fd7e32135a0dbc;Visa Alert and Update on the Oracle MICROS Breach http://krebsonsecurity.com/wp-content/uploads/2016/08/Visa-PFD-MICROS-Alert-12AU
|
||||
d0b3562d868694fd1147e15483f88f3a78ebedfb;Visa Alert and Update on the Oracle MICROS Breach http://krebsonsecurity.com/wp-content/uploads/2016/08/Visa-PFD-MICROS-Alert-12AU
|
||||
757ae5eed0c5e229ad9bae586f1281b5de053767;Visa Alert and Update on the Oracle MICROS Breach http://krebsonsecurity.com/wp-content/uploads/2016/08/Visa-PFD-MICROS-Alert-12AU
|
||||
fe713f9bb90b999250c3b6a3bba965d603de32a3;Visa Alert and Update on the Oracle MICROS Breach http://krebsonsecurity.com/wp-content/uploads/2016/08/Visa-PFD-MICROS-Alert-12AU
|
||||
90e85b471b64667dbcde3aee3fa504c0d4b0ad35;Visa Alert and Update on the Oracle MICROS Breach http://krebsonsecurity.com/wp-content/uploads/2016/08/Visa-PFD-MICROS-Alert-12AU
|
||||
f728bf7d6dbfc4c7bea21d6a3fd0b88f4fe52a4a;Visa Alert and Update on the Oracle MICROS Breach http://krebsonsecurity.com/wp-content/uploads/2016/08/Visa-PFD-MICROS-Alert-12AU
|
||||
798bc2d91293c18af7e99ba7c9a4fd3010051741;Visa Alert and Update on the Oracle MICROS Breach http://krebsonsecurity.com/wp-content/uploads/2016/08/Visa-PFD-MICROS-Alert-12AU
|
||||
3a56be53c1493e1bcfae1c22750a1511460a42984c0388fd7bf2b75e9ed041b4;Bad News Bears - Panda Banker Starts Looking More Like a Grizzly https://www.proofpoint.com/us/threat-insight/post/panda-banker-starts-looking-mo
|
||||
b78afdedb28db1f5d7d9364f2a78e84a3d140dbc90dddd9cba461b41ba864578;Bad News Bears - Panda Banker Starts Looking More Like a Grizzly https://www.proofpoint.com/us/threat-insight/post/panda-banker-starts-looking-mo
|
||||
bb06bfad96535ad04a6e65a6e68f34cb51f311cae48a2ff1c305f3957b2c8a4b;Fresh Baked HOMEKit-made Cookles \u2013 With a DarkHotel Overlap http://researchcenter.paloaltonetworks.com/2016/08/unit42-fresh-baked-homekit-ma
|
||||
f9bf645a3a7d506136132fcfa18ddf057778d641ff71d175afd86f1a4fed7ee9;Fresh Baked HOMEKit-made Cookles \u2013 With a DarkHotel Overlap http://researchcenter.paloaltonetworks.com/2016/08/unit42-fresh-baked-homekit-ma
|
||||
4a5807bab603d3a0a5d36aaec75729310928a9a57375b7440298fb3f3e4a2279;Fresh Baked HOMEKit-made Cookles \u2013 With a DarkHotel Overlap http://researchcenter.paloaltonetworks.com/2016/08/unit42-fresh-baked-homekit-ma
|
||||
2437d0a9cc019e33fe8306fceed99605dd5ab67a8023da65fa20b9815ec19d06;Fresh Baked HOMEKit-made Cookles \u2013 With a DarkHotel Overlap http://researchcenter.paloaltonetworks.com/2016/08/unit42-fresh-baked-homekit-ma
|
||||
ab7b5c35786813ed874483d388edbee3736eb6af7bc4946c41794209026eeac4;Fresh Baked HOMEKit-made Cookles \u2013 With a DarkHotel Overlap http://researchcenter.paloaltonetworks.com/2016/08/unit42-fresh-baked-homekit-ma
|
||||
ed676d191684fa03b2b57925fe081cf32d5d6b074637f6f2a6401dd891818752;Fresh Baked HOMEKit-made Cookles \u2013 With a DarkHotel Overlap http://researchcenter.paloaltonetworks.com/2016/08/unit42-fresh-baked-homekit-ma
|
||||
fce3dd4bd160b8c0698ca1dfba37bc49b3e1ad80cf77a31741bdbd2fa698be36;#1020 Dissecting the Malware Involved in the INOCNATION Campaign https://www.fidelissecurity.com/sites/default/files/FTA_1020_Fidelis_Inocnation_
|
||||
cd07ac5947c643854375603800a4f70e2dfe202c8a1f801204328921cb3a2a4c;#1020 Dissecting the Malware Involved in the INOCNATION Campaign https://www.fidelissecurity.com/sites/default/files/FTA_1020_Fidelis_Inocnation_
|
||||
01a0c03f7e01bc41e91cff5d2610ac22da77dbfd01decf60c486b500390cd3ae;#1020 Dissecting the Malware Involved in the INOCNATION Campaign https://www.fidelissecurity.com/sites/default/files/FTA_1020_Fidelis_Inocnation_
|
||||
1ed0c71298d7e69916fb579772f67109f43c7c9c2809fd80e61fc5e680079663;#1020 Dissecting the Malware Involved in the INOCNATION Campaign https://www.fidelissecurity.com/sites/default/files/FTA_1020_Fidelis_Inocnation_
|
||||
4f4bf27b738ff8f2a89d1bc487b054a8;#1020 Dissecting the Malware Involved in the INOCNATION Campaign https://www.fidelissecurity.com/sites/default/files/FTA_1020_Fidelis_Inocnation_
|
||||
a7bd555866ae1c161f78630a638850e7;#1020 Dissecting the Malware Involved in the INOCNATION Campaign https://www.fidelissecurity.com/sites/default/files/FTA_1020_Fidelis_Inocnation_
|
||||
2f7e5f91be1f5be2b2f4fda0910a4c16;#1020 Dissecting the Malware Involved in the INOCNATION Campaign https://www.fidelissecurity.com/sites/default/files/FTA_1020_Fidelis_Inocnation_
|
||||
75d3d1f23628122a64a2f1b7ef33f5cf;#1020 Dissecting the Malware Involved in the INOCNATION Campaign https://www.fidelissecurity.com/sites/default/files/FTA_1020_Fidelis_Inocnation_
|
||||
46a995df8d9918ca0793404110904479b6adcb9f;The Kittens Strike Back https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/rocket-kitten-co
|
||||
db2b8f49b4e76c2f538a3a6b222c35547c802cef;The Kittens Strike Back https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/rocket-kitten-co
|
||||
29968b0c4157f226761073333ff2e82b588ddf8e;The Kittens Strike Back https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/rocket-kitten-co
|
||||
@ -14223,15 +14532,6 @@ e9f51a4e835929e513c3f30299567abc;Attack on French Diplomat Linked to Operation L
|
||||
748feae269d561d80563eae551ef7bfd;Attack on French Diplomat Linked to Operation Lotus Blossom http://researchcenter.paloaltonetworks.com/2015/12/attack-on-french-diplomat-lin
|
||||
06f1d2be5e981dee056c231d184db908;Attack on French Diplomat Linked to Operation Lotus Blossom http://researchcenter.paloaltonetworks.com/2015/12/attack-on-french-diplomat-lin
|
||||
9fd6f702763a9840bd1b3a898eb9c62d;Attack on French Diplomat Linked to Operation Lotus Blossom http://researchcenter.paloaltonetworks.com/2015/12/attack-on-french-diplomat-lin
|
||||
fce3dd4bd160b8c0698ca1dfba37bc49b3e1ad80cf77a31741bdbd2fa698be36;#1020 Dissecting the Malware Involved in the INOCNATION Campaign https://www.fidelissecurity.com/sites/default/files/FTA_1020_Fidelis_Inocnation_
|
||||
cd07ac5947c643854375603800a4f70e2dfe202c8a1f801204328921cb3a2a4c;#1020 Dissecting the Malware Involved in the INOCNATION Campaign https://www.fidelissecurity.com/sites/default/files/FTA_1020_Fidelis_Inocnation_
|
||||
01a0c03f7e01bc41e91cff5d2610ac22da77dbfd01decf60c486b500390cd3ae;#1020 Dissecting the Malware Involved in the INOCNATION Campaign https://www.fidelissecurity.com/sites/default/files/FTA_1020_Fidelis_Inocnation_
|
||||
1ed0c71298d7e69916fb579772f67109f43c7c9c2809fd80e61fc5e680079663;#1020 Dissecting the Malware Involved in the INOCNATION Campaign https://www.fidelissecurity.com/sites/default/files/FTA_1020_Fidelis_Inocnation_
|
||||
5bb4814bd28ee8abb15be6b8e723f6960f37ec17a619f5d93efbcc6fc59502f6;#1020 Dissecting the Malware Involved in the INOCNATION Campaign https://www.fidelissecurity.com/sites/default/files/FTA_1020_Fidelis_Inocnation_
|
||||
4f4bf27b738ff8f2a89d1bc487b054a8;#1020 Dissecting the Malware Involved in the INOCNATION Campaign https://www.fidelissecurity.com/sites/default/files/FTA_1020_Fidelis_Inocnation_
|
||||
a7bd555866ae1c161f78630a638850e7;#1020 Dissecting the Malware Involved in the INOCNATION Campaign https://www.fidelissecurity.com/sites/default/files/FTA_1020_Fidelis_Inocnation_
|
||||
2f7e5f91be1f5be2b2f4fda0910a4c16;#1020 Dissecting the Malware Involved in the INOCNATION Campaign https://www.fidelissecurity.com/sites/default/files/FTA_1020_Fidelis_Inocnation_
|
||||
75d3d1f23628122a64a2f1b7ef33f5cf;#1020 Dissecting the Malware Involved in the INOCNATION Campaign https://www.fidelissecurity.com/sites/default/files/FTA_1020_Fidelis_Inocnation_
|
||||
96f5698271c9b79e78a6f499bd74b4eb78d00f7247db5dcb3b65ba8ecbf4a098;iOS Trojan "Tiny"\u201d Attacks Jailbroken Devices http://researchcenter.paloaltonetworks.com/2015/12/ios-trojan-tinyv-attacks-jail
|
||||
c6ec85a4aedfdd543f1c20fdf1ed15923e257c9664fd8c5ea38826dd47c0322d;iOS Trojan "Tiny"\u201d Attacks Jailbroken Devices http://researchcenter.paloaltonetworks.com/2015/12/ios-trojan-tinyv-attacks-jail
|
||||
09fb33e3fe30e99a993dbf834ea6085f46f60366a17964023eb184ee64247be9;iOS Trojan "Tiny"\u201d Attacks Jailbroken Devices http://researchcenter.paloaltonetworks.com/2015/12/ios-trojan-tinyv-attacks-jail
|
||||
|
||||
@ -13,6 +13,7 @@ rule EQGRP_noclient_3_0_5 {
|
||||
author = "Florian Roth"
|
||||
reference = "Research"
|
||||
date = "2016-08-15"
|
||||
score = 75
|
||||
strings:
|
||||
$x1 = "-C %s 127.0.0.1\" scripme -F -t JACKPOPIN4 '&" fullword ascii
|
||||
$x2 = "Command too long! What the HELL are you trying to do to me?!?! Try one smaller than %d bozo." fullword ascii
|
||||
@ -29,6 +30,7 @@ rule EQGRP_installdate {
|
||||
author = "Florian Roth"
|
||||
reference = "Research"
|
||||
date = "2016-08-15"
|
||||
score = 75
|
||||
strings:
|
||||
$x1 = "#Provide hex or EP log as command-line argument or as input" fullword ascii
|
||||
$x2 = "print \"Gimme hex: \";" fullword ascii
|
||||
@ -47,6 +49,7 @@ rule EQGRP_teflondoor {
|
||||
author = "Florian Roth"
|
||||
reference = "Research"
|
||||
date = "2016-08-15"
|
||||
score = 75
|
||||
strings:
|
||||
$x1 = "%s: abort. Code is %d. Message is '%s'" fullword ascii
|
||||
$x2 = "%s: %li b (%li%%)" fullword ascii
|
||||
@ -67,6 +70,7 @@ rule EQGRP_durablenapkin_solaris_2_0_1 {
|
||||
author = "Florian Roth"
|
||||
reference = "Research"
|
||||
date = "2016-08-15"
|
||||
score = 75
|
||||
strings:
|
||||
$s1 = "recv_ack: %s: Service not supplied by provider" fullword ascii
|
||||
$s2 = "send_request: putmsg \"%s\": %s" fullword ascii
|
||||
@ -83,6 +87,7 @@ rule EQGRP_teflonhandle {
|
||||
author = "Florian Roth"
|
||||
reference = "Research"
|
||||
date = "2016-08-15"
|
||||
score = 75
|
||||
strings:
|
||||
$s1 = "%s [infile] [outfile] /k 0x[%i character hex key] </g>" fullword ascii
|
||||
$s2 = "File %s already exists. Overwrite? (y/n) " fullword ascii
|
||||
@ -99,6 +104,7 @@ rule EQGRP_false {
|
||||
author = "Florian Roth"
|
||||
reference = "Research"
|
||||
date = "2016-08-15"
|
||||
score = 75
|
||||
strings:
|
||||
$s1 = { 00 25 64 2E 0A 00 00 00 00 25 64 2E 0A 00 00 00
|
||||
00 25 6C 75 2E 25 6C 75 2E 25 6C 75 2E 25 6C 75
|
||||
@ -119,6 +125,7 @@ rule EQGRP_bc_genpkt {
|
||||
author = "Florian Roth"
|
||||
reference = "Research"
|
||||
date = "2016-08-15"
|
||||
score = 75
|
||||
strings:
|
||||
$x1 = "load auxiliary object=%s requested by file=%s" fullword ascii
|
||||
$x2 = "size of new packet, should be %d <= size <= %d bytes" fullword ascii
|
||||
@ -138,6 +145,7 @@ rule EQGRP_dn_1_0_2_1 {
|
||||
author = "Florian Roth"
|
||||
reference = "Research"
|
||||
date = "2016-08-15"
|
||||
score = 75
|
||||
strings:
|
||||
$s1 = "Valid commands are: SMAC, DMAC, INT, PACK, DONE, GO" fullword ascii
|
||||
$s2 = "invalid format suggest DMAC=00:00:00:00:00:00" fullword ascii
|
||||
@ -153,6 +161,7 @@ rule EQGRP_morel {
|
||||
author = "Florian Roth"
|
||||
reference = "Research"
|
||||
date = "2016-08-15"
|
||||
score = 75
|
||||
hash1 = "a9152e67f507c9a179bb8478b58e5c71c444a5a39ae3082e04820a0613cd6d9f"
|
||||
strings:
|
||||
$s1 = "%d - %d, %d" fullword ascii
|
||||
@ -168,6 +177,7 @@ rule EQGRP_bc_parser {
|
||||
author = "Florian Roth"
|
||||
reference = "Research"
|
||||
date = "2016-08-15"
|
||||
score = 75
|
||||
hash1 = "879f2f1ae5d18a3a5310aeeafec22484607649644e5ecb7d8a72f0877ac19cee"
|
||||
strings:
|
||||
$s1 = "*** Target may be susceptible to FALSEMOREL ***" fullword ascii
|
||||
@ -182,6 +192,7 @@ rule EQGRP_1212 {
|
||||
author = "Florian Roth"
|
||||
reference = "Research"
|
||||
date = "2016-08-15"
|
||||
score = 75
|
||||
strings:
|
||||
$s1 = "if (!(($srcip,$dstip,$srcport,$dstport) = ($line=~/^([a-f0-9]{8})([a-f0-9]{8})([a-f0-9]{4})([a-f0-9]{4})$/)))" fullword ascii
|
||||
$s2 = "$ans=\"$srcip:$srcport -> $dstip:$dstport\";" fullword ascii
|
||||
@ -199,6 +210,7 @@ rule EQGRP_1212_dehex {
|
||||
author = "Florian Roth"
|
||||
reference = "Research"
|
||||
date = "2016-08-15"
|
||||
score = 75
|
||||
strings:
|
||||
$s1 = "return \"ERROR:$line is not a valid address\";" fullword ascii
|
||||
$s2 = "print \"ERROR: the filename or hex representation needs to be one argument try using \\\"'s\\n\";" fullword ascii
|
||||
|
||||
22
yara/gen_b374k_extra.yar
Normal file
22
yara/gen_b374k_extra.yar
Normal file
@ -0,0 +1,22 @@
|
||||
/*
|
||||
Yara Rule Set
|
||||
Author: Florian Roth
|
||||
Date: 2016-08-18
|
||||
Identifier: b374k - Back Connect Payload UPX
|
||||
*/
|
||||
|
||||
rule b374k_back_connect {
|
||||
meta:
|
||||
description = "Detects privilege escalation tool"
|
||||
author = "Florian Roth"
|
||||
reference = "Internal Analysis"
|
||||
date = "2016-08-18"
|
||||
score = 80
|
||||
hash1 = "c8e16f71f90bbaaef27ccaabb226b43762ca6f7e34d7d5585ae0eb2d36a4bae5"
|
||||
strings:
|
||||
$s1 = "AddAtomACreatePro" fullword ascii
|
||||
$s2 = "shutdow" fullword ascii
|
||||
$s3 = "/config/i386" fullword ascii
|
||||
condition:
|
||||
( uint16(0) == 0x5a4d and filesize < 10KB and all of them )
|
||||
}
|
||||
@ -35,6 +35,7 @@ rule Typical_Malware_String_Transforms {
|
||||
$i1 = "paeHssecorPteG" fullword ascii
|
||||
$i2 = "sserddAcorPteG" fullword ascii
|
||||
$i3 = "AyrarbiLdaoL" fullword ascii
|
||||
$i4 = "AssecorPetaerC" fullword ascii
|
||||
|
||||
/* Registry */
|
||||
$r1 = "teSlortnoCtnerruC" fullword ascii
|
||||
|
||||
Loading…
Reference in New Issue
Block a user