Turla Outlook Backdoor Filename IOCs

https://www.welivesecurity.com/2018/08/22/turla-unique-outlook-backdoor/
2024-11-06 18:15:20 +00:00 · 2018-08-22 15:42:31 +02:00 · 2018-08-22 15:42:31 +02:00 · 479f69360c
commit 479f69360c
parent 5bffe6fdc3
1 changed files with 7 additions and 0 deletions
--- a/iocs/filename-iocs.txt
+++ b/iocs/filename-iocs.txt
@ -3053,4 +3053,11 @@ ystem32\\Microsoft\\Protect\\Windows\\svchost.exe;80
 # Insikt Report https://www.recordedfuture.com/chinese-cyberespionage-operations/
 /usr/bin/ext4;70

+# Turla Outlook Backdoor https://www.welivesecurity.com/2018/08/22/turla-unique-outlook-backdoor/
+\\Microsoft\\Windows\\scawrdot\.db;100
+\\Microsoft\\Windows\\flobcsnd\.dat;100
+\\mapid\.tlb;60
+\\cbmsfgrc\.dat;60
+\\mswmpdat\.tlb;60
+
 # End