- Notifications
You must be signed in to change notification settings - Fork 110
Files
/
crimson_palace_stac1248-alpha.csv
Latest commit
39 lines (39 loc) · 2.88 KB
/
crimson_palace_stac1248-alpha.csv
1 | Indicator | Data | Notes | ||||
|---|---|---|---|---|---|---|---|
2 | sha256 | 110c5eec940f3abb8b3a671cd292bc9ef65772168325a7949290e9828353824a | sslwnd64.exe (PhantomNet) | ||||
3 | sha256 | e9cb02690d987de8d392d0e24b3ccbb294c751dff73962135913c7ec0d8a8064 | sslwnd64.exe (PhantomNet) | ||||
4 | sha256 | c1abc254d231574044ffe7bdd030be04618916f255396197f1151bfec98c04b6 | nethood.exe (PhantomNet) | ||||
5 | sha256 | e8cd237ac43fa0505d858ac8eb800020eeca104a1cd931d3b6d0ef656ee5393d | oci.dll (PhantomNet) | ||||
6 | sha256 | 173bb620ed2eee6b356e128da88e173eb1b69253ecd616f8f984087688c089fd | X64.dll (PhantomNet, renamed to oci.dll) | ||||
7 | sha256 | c06065d3de3bfb37168a5d94baf1c675f831a201937ef774a36c2ea2bf6fc49e | wlbsctrl.dll (EAGERBEE) | ||||
8 | sha256 | b05b92fd84cc3e3bd6378cadbe9b8b2cb926c42383e6194be1df44d1b9202fc1 | TSVIPSrv.dll (EAGERBEE) | ||||
9 | sha256 | 951c7f8fdb6cfc8b362615ab1eec4a07dc8fccfd3a7ecda8255908a93b6a1f21 | TSVIPSrv.dll (EAGERBEE) | ||||
10 | sha256 | 01544aeb502163c4fb7bac483430059183ce3d11aee78cd4a6c7074c5289540e | C:\ProgramData\Microsoft\DeviceSync\jli.dll (EAGERBEE) | ||||
11 | sha256 | 47c4a62fe75aa62906f0b110668e17947e905a33759100de21b987879b47183b | C:\ProgramData\Microsoft\Vault\vmnat.dll (Merlin) | ||||
12 | sha256 | 7ed44a0e548ba9a3adc1eb4fbf49e773bd9c932f95efc13a092af5bed30d3595 | pc2msupp.dll (Malicious DLL sideloaded by MOBPOPUP.exe) | ||||
13 | sha256 | f499f8d9584e5f4474b19324b807a38fec1c1d38d5df2ff4c1e16798311bc25b | MSI64.exe (RUDEBIRD) | ||||
14 | sha256 | 68ee8c2209641a6796e06caa115effcb89f722a5737210b5bebb87a36e5141a8 | ba0oddof.dll (CSC compilation artifact from 1.ps1 execution) | ||||
15 | sha256 | 9404f51ccaf4165e6add08344f04b90ae79a045814d6b1de6b6c1e30981faa78 | SophosUD.exe (PowHeartBeat) | ||||
16 | sha256 | 0e010a36ff24299592569f7c3fc01c597e158996d94b66eb3bbf757742663e76 | SophosUD.exe (PowHeartBeat) | ||||
17 | sha256 | 1b97afb3310b3af944f74c2d715c110cec32ec536c0a9837b8c88df3438b2a63 | SophosUD2.exe (PowHeartBeat) | ||||
18 | sha256 | 2a662b58f1dd229e7dba923a4d123658e3c10c0cfcec03748fbe577db81db34d | SensAPI.dll (Malicious DLL sideloaded by ph.exe) | ||||
19 | sha256 | bbc0fe549a9e902528a125abd13b1f7c53746416d9c9bb91f88877f37a4ce11c | C:\ProgramData\Microsoft\Windows\svcchost.dll (Malicious DLL sideloaded by renamed vmnat.exe, svcchost.exe) | ||||
20 | domain | cloud.keepasses.com | Merlin C2 | ||||
21 | ip | 89.44.197.74 | Merlin C2 | ||||
22 | domain | scancenter.trendrealtime.com | RUDEBIRD C2 | ||||
23 | ip | 185.195.237.123 | RUDEBIRD C2; EAGERBEE C2 | ||||
24 | ip | 195.123.247.50 | RUDEBIRD C2 | ||||
25 | ip | 172.67.130.71 | PhantomNet C2 | ||||
26 | ip | 45.90.58.103 | PhantomNet C2; RUDEBIRD C2 | ||||
27 | ip | 185.195.237.121 | PhantomNet C2 | ||||
28 | ip | 104.21.3.57 | PhantomNet C2 | ||||
29 | ip | 185.82.217.164 | PhantomNet C2 | ||||
30 | ip | 195.123.245.79 | PhantomNet C2 | ||||
31 | ip | associate.feedfoodconcerning.info | PhantomNet C2 | ||||
32 | ip | associate.freeonlinelearningtech.com | PhantomNet C2 | ||||
33 | ip | msudapis.info | PowHeartBeat C2 | ||||
34 | ip | 154.39.137.29 | PowHeartBeat C2 | ||||
35 | ip | 147.139.47.141 | PowHeartBeat C2 | ||||
36 | ip | 185.167.116.30 | PhantomNet C2; EAGERBEE C2 | ||||
37 | ip | associate.freeonlinelearning.com | EAGERBEE C2 | ||||
38 | ip | 91.220.202.143 | EAGERBEE C2 | ||||
39 | ip | 139.162.18.97 | dllhost.exe |