Skip to content
Navigation Menu
Toggle navigation
Sign in
Product
Actions
Automate any workflow
Packages
Host and manage packages
Security
Find and fix vulnerabilities
Codespaces
Instant dev environments
GitHub Copilot
Write better code with AI
Code review
Manage code changes
Issues
Plan and track work
Discussions
Collaborate outside of code
Explore
All features
Documentation
GitHub Skills
Blog
Solutions
For
Enterprise
Teams
Startups
Education
By Solution
CI/CD & Automation
DevOps
DevSecOps
Resources
Learning Pathways
White papers, Ebooks, Webinars
Customer Stories
Partners
Open Source
GitHub Sponsors
Fund open source developers
The ReadME Project
GitHub community articles
Repositories
Topics
Trending
Collections
Enterprise
Enterprise platform
AI-powered developer platform
Available add-ons
Advanced Security
Enterprise-grade security features
GitHub Copilot
Enterprise-grade AI features
Premium Support
Enterprise-grade 24/7 support
Pricing
Search or jump to...
Search code, repositories, users, issues, pull requests...
Provide feedback
We read every piece of feedback, and take your input very seriously.
Include my email address so I can be contacted
Saved searches
Use saved searches to filter your results more quickly
Sign in
Sign up
{{ message }}
sophoslabs
/
IoCs
Public
Notifications
You must be signed in to change notification settings
Fork
110
Star
509
Code
Issues
2
Pull requests
1
Actions
Projects
Security
Insights
Additional navigation options
Files
master
2023-08-25 Citrix CVE-2023-3519 attacks.csv
2023-10-ColdFusion-ransomware-IOCs.csv
2023-12 Akira followup.csv
2024-02_Payloads_associated_with_ScreenConnect_attacks.csv
2309 Tiny Turla backdoor.csv
2310 CVE-2023-40044 wsftp ransomware.csv
2311 Vice Society - Rhysida IoCs.csv
2404 impersonation campaign.csv
3CX IoCs 2023-03.csv
3proxy-backdoor-IOCs.csv
ATK-Brutel.csv
Andr-FakeApp.csv
Android-HiddAd-T
Android-fauxanticovid.csv
Android-pakchat.csv
Android_C23-spyware.csv
CVE-2018-0798 RTFs
CVE-2022-26134_attacks.csv
CVE-2022-3236_IOCs.csv
CloudChat-IOCs.csv
Cryptorom_fakeapps_2.csv
DLLsideloading-PlugX-USBworm-2023-03.csv
Follina_CVE-2022-30190_hashes.csv
FoolsGoldMetaTraderShaZhuPan.csv
IOC_imagespam.csv
Iranian-banking-malware.csv
Karma_Conti_joint_IOCs.csv
Mal-BadNode.csv
Mal-EncPk-APV_IOCs.csv
Malspam-OtoGonderici
Malware-SystemBC.csv
Miner-Mrbminer.csv
Miner-Tor2Mine.csv
MoDi-RAT-reflective-injection.csv
Nitrogen 2023-07.csv
OWASSRF IOCs 2023-03.csv
PUA-QuickCPU_xmr-stak.csv
Qakbot-onenote-attacks.csv
README.md
Ransom-Lockbit_20220412.csv
Ransomware-AstroLocker.csv
Ransomware-BlackByte.csv
Ransomware-Conti.csv
Ransomware-Dharma-RaaS.csv
Ransomware-Dharma-console-history-toolbelt-script.txt
Ransomware-Egregor.csv
Ransomware-EpsilonRed.csv
Ransomware-LockBit
Ransomware-LockBit.csv
Ransomware-Lockbit3-IOCs.csv
Ransomware-Matrix
Ransomware-Maze.csv
Ransomware-MegaCortex
Ransomware-Midas.csv
Ransomware-MountLocker.csv
Ransomware-Netfilim.csv
Ransomware-Netwalker
Ransomware-Play.csv
Ransomware-ProLock.csv
Ransomware-REvil-Kaseya.csv
Ransomware-Ryuk.csv
Ransomware-Snatch
Ransomware_BlackCat - triple ransomware attack.csv
Ransomware_BlackKingDom.csv
Ransomware_DearCry.csv
Ransomware_Hive - triple ransomware attack.csv
Ransomware_Lockbit - triple ransomware attack.csv
Ransomware_Prolock_services_stopped.csv
Ransomware_prolock_processes_stopped.csv
ShaZhuPanfakeapps.csv
Stealer-Baldr
Sunburst_blocklists.csv
Troj-Agent-BKJE.csv
Troj-AgentTesla.csv
Troj-BazarBackdoor.csv
Troj-BazarLd.csv
Troj-BuerLd-A.csv
Troj-DocDL-AEOL.csv
Troj-DropperAsAService.csv
Troj-Emotet-Ukraine_maldocs.csv
Troj-KilllSomeOne.csv
Troj-Kingmine
Troj-Miner-AED.csv
Troj-PS-FX.csv
Troj-Polazert_IOCs.csv
Troj-Qakbot.csv
Troj-Ransom-GXS.csv
Troj-gootloader.csv
Troj-gootloader.yara
Troj_Agent-BJJB.csv
Troj_GuLoader.csv
Trojan-Glupteba
Trojan-LDMiner.csv
Worm-Raspberry-Robin.csv
Worm-WannaCry
Zemana-driver-IoCs.csv
atk-backstab-d.csv
bitcoin-addys
crimson_palace_post-08-2023.csv
crimson_palace_prior_intrusions.csv
crimson_palace_stac1248-alpha.csv
crimson_palace_stac1305_charlie.csv
crimson_palace_stac1870_bravo.csv
defi-mining-scams-iocs.csv
double-dragon-breath-iocs.csv
email account compromise 365 2023-06.csv
files_hosted_on_discord.csv
fleeceware-chatbot-apps.csv
mal-fakealert.csv
maldrivers_release_2.csv
malware-MyKings
malware-MyKings-domains
malware-MyKings-v2.csv
malware-Raticate
malware-raticate-cloudeye.csv
ms-msdt restore registry key.reg
papercut-nday-indicators-of-compromise.csv
raccoonstealer.csv
ransomware_atomsilo.csv
ransomware_memento.csv
smishing campaign targeting Indian customers 2023-04.csv
usb worm with global reach.csv
Breadcrumbs
IoCs
/
crimson_palace_prior_intrusions.csv
Blame
Blame
Latest commit
packetrat
Add files via upload
Jun 6, 2024
bd83a7a
·
Jun 6, 2024
History
History
9 lines (9 loc) · 759 Bytes
Breadcrumbs
IoCs
/
crimson_palace_prior_intrusions.csv
Top
File metadata and controls
Preview
Code
Blame
9 lines (9 loc) · 759 Bytes
Raw
1
Indicator
Data
Notes
2
sha256
cca5ae87cd710a8fbf994addb0abc8bf1deb222214d4831289885de23ca98924
textinputhost.exe (renamed rc.exe)
3
sha256
c1bec59afd3c6071b461bb480ff88ba7e36759a949f4850cc26f0c18e4c811a0
TextInputHost.dat
4
sha256
f682323a2c543abbe12c21a77ee93b49444381fa33f76c67363c84764ca4c675
sc.cfg
5
sha256
506b21588541243f3ddd5acb759bf20a3bf06fd2fea455066866154bc5e59721
appmgmt.dll (Stowaway)
6
sha256
4ae29b8124f6221dab934ac04afed2acc8b17c6b35120d568bad8658cbca01c6
check.exe (NUPAKAGE)
7
sha256
56F0C8047203147D9B9A888EBAC8F33B14AE198182A13913A0F93652DFE2052A
appmgmt.dll (Stowaway)
8
sha256
b708dd11942c3e87a8987bdf83f7ea603425ae75fc25a306f54f1087df4198b4
swprvs.dll
9
sha256
f830c3771d35237b4a63b946d7a0d187f5aaa4240e965d74070b7d72b6fba210
winbridge.dll
