- Notifications
You must be signed in to change notification settings - Fork 110
Files
/
crimson_palace_stac1305_charlie.csv
Latest commit
24 lines (24 loc) · 1.83 KB
/
crimson_palace_stac1305_charlie.csv
1 | Indicator | Data | Notes | |
|---|---|---|---|---|
2 | sha256 | f788d5c2c1bb2d88db09b727b3841155daf43ba81802b5faffec72640451fa4f | tpyrced_ambs.exe | |
3 | sha256 | ad346007f28c4b6d409c95f55e750e249db4b168cd7061baa128f826df948e10 | 443.txt (PocoProxy) | |
4 | sha256 | 1ad26a31c5387055610e053dbab8355e1371f89dfa37526f7a3341122526b719 | 4413.txt (PocoProxy) | |
5 | sha256 | 91f40e8659da3dbbb22497b317aa37f26403be86662e359ecddcb4a0c72e154c | chrome.log (PocoProxy) | |
6 | filename | aaaa.txt | PocoProxy | |
7 | sha256 | 7d6209036d370dbce7a0657f35dedeaa59c15fcfb4d696b9ebdd0fcc773dad50 | a8.txt (PocoProxy) | |
8 | sha256 | 34294ff52899a63f2dc02e5a8f1488343afdb9702437d409a0869317ccfb4243 | s.dat (Malicious file) | |
9 | sha256 | 5f3fd50715aabf43cc6edb5f38026a3baa37a7fd7a17ae232fc65e186c83befb | msedge_elf.dll (HUI Loader) | |
10 | sha256 | 4fcbc598c5699ea48a1edd8dda065eab210f09ad900ab167cb5abdf9841dd2b7 | hideschtasks.exe (Custom binary; remotely creates scheduled tasks) | |
11 | sha256 | 755b14ad83da2f2eff8ef8bf83ed74c6d96f6b3b3fde95d4c13d8cb75d861631 | log.ini (Masquerading DLL generating C2) | |
12 | sha256 | 44e0c61f70f44e3a35ecde9b49a623973727d3aa68922ef4e1ff8dfc74795582 | 11.log (LSASS credential interceptor) | |
13 | sha256 | a1a8adae91daa96deb01326c702fec388d0fa983f299de3f1bdb8a277df64423 | 1.dat (Cobalt Strike) | |
14 | sha256 | 3a85c36fff48b223f6edd722bc1603a1fd9b00d3e4d46a88151c4b1b696d90d1 | sssa.exe (Malicious file) | |
15 | sha256 | 62c9b97a849f40f4b5b167b96a54fa1ef03624ac8f2972b641af8ca5d00b5db0 | McPvNs.dll (Malicious DLL sideloaded by McPvTray.exe) | |
16 | sha256 | c1d818f18c7160807d9031e024fcc6429476d6455221e3aa988c6245269fbcc8 | rsndispot.sys , EDR evasion | |
17 | sha256 | ea8c8f834523886b07d87e85e24f124391d69a738814a0f7c31132b6b712ed65 | rspot.sys, EDR evasion | |
18 | ip | 198.13.47.158 | PocoProxy C2 | |
19 | ip | 64.176.50.42 | PocoProxy C2 | |
20 | ip | 158.247.241.188 | PocoProxy C2 | |
21 | domain | www.googlespeedtest33.com | PocoProxy C2 | |
22 | ip | 139.180.217.105 | PocoProxy C2 | |
23 | ip | 45.130.229.181 | Cobalt Strike C2 | |
24 | ip | 185.201.8.187 | Cobalt Strike C2 |