#
# LOKI CUSTOM EVIL HASHES
# This file contains MD5, SHA1 and SHA256 hashes and a short info like file name
# or hash origin
#
# FORMAT -----------------------------------------------------------------------
#
# MD5;COMMENT
# SHA1;COMMENT
# SHA256;COMMENT
#
# EXAMPLES ---------------------------------------------------------------------
#
# 0c2674c3a97c53082187d930efb645c2;DEEP PANDA Sakula Malware - http://goo.gl/R3e6eG
# 000c907d39924de62b5891f8d0e03116;The Darkhotel APT http://goo.gl/DuS7WS
# c03318cb12b827c03d556c8747b1e323225df97bdc4258c2756b0d6a4fd52b47;Operation SMN Hashes http://goo.gl/bfmF8B - Zxshell

# 563d1512178cec1f6a73c98d565c98fa;Cygwin nc.exe example

ce583821191345274cd954b2db7da9742c239fe413fc17dcb97ffdd7b51cb072;Dark Caracal - MS Windows HtmlHelp Data
ba4e063472a2559b4baa82d5272304a1cdae6968145c5ef221295c90e88458e2;Dark Caracal - PE32 executable (DLL) (GUI) Intel 80386
26419a0b6e033cdcb7bf4ca6b0b24fda35490cc6f2796682fb9403620f63d428;Dark Caracal - PE32 executable (GUI) Intel 80386
15af5bbf3c8d5e5db41fd7c3d722e8b247b40f2da747d5c334f7fd80b715a649;Dark Caracal - Zip archive data
22eee43887e94997f9f9786092ffd3a9b51f059924cba678cf7b62cfafa65b28;Dark Caracal - PE32 executable (GUI) Intel 80386
fcf8f9566868d65d901fd6db9a8d6decacb860f5595f84a6a878193eda11549d;Dark Caracal - PDF document, version 1.6
f2178146741f91923c7d3e2442bd08605ed5a0927736e8cfdea00c055b2c6284;Dark Caracal - PDF document, version 1.6
6b6d363d653785f420dcc1a23c9d9b8b76b8647209b52562b774c793dc0e3f6b;Dark Caracal - data
a3ae05a134b30b8c8869d0acd65ed5bca160988b404c146a325f2399b9c1a243;Dark Caracal - PE32 executable (DLL) (GUI) Intel 80386
e5eeb0a46dac58b171ebcefec60e9ff351fc7279d95892c6f48f799a1a364215;Dark Caracal - Composite Document File V2 Document
400bca713ba1def9cdbc0e84fc97447db2fa3d12b1c5ef352ef985b7787b6ca4;Dark Caracal - Microsoft Word 2007+
5e0d061531071e53b3b993e06ce20dae6389a7e9eba5d7887399de48e2f2d278;Dark Caracal - Composite Document File V2
f9f2e632535b214a0fab376b32cbee1cab6507490c22ba9e12cfa417ed8d72bb;Dark Caracal - MS-DOS executable
bf600e7b27bdd9e396e5c396aba7f079c244bfb92ee45c721c2294aa36586206;Dark Caracal - PE32 executable (GUI)
da81aec00b563123d2fbd14fb6a76619c90f81e83c5bd8aa0676922cae96b9ad;Dark Caracal - PE32 executable (GUI) Intel 80386
9cf3d3c0b790cebeacb8cb577cd346a6513b1b74fa120aff8984aa022301562e;Dark Caracal - PE32 executable (DLL) (GUI) Intel 80386
091ae8d5649c4e040d25550f2cdf7f1ddfc9c698e672318eb1ab6303aa1cf85b;Dark Caracal - PE32 executable (GUI) Intel 80386
a91c2cad20935a85d6eed72ef663254396914811f043018732d29276424a9578;Dark Caracal - PE32 executable (GUI) Intel 80386
b6ac374f79860ae99736aaa190cce5922a969ab060d7ae367dbfa094bfe4777d;Dark Caracal - PE32 executable (GUI) Intel 80386
ed97719c008422925ae21ff34448a8c35ee270a428b0478e24669396761d0790;Dark Caracal - PE32 executable (GUI) Intel 80386
5c1622cabf21672a8a5379ce8d0ee0ba6d5bc137657f3779faa694fcc4bb3988;Dark Caracal - PE32 executable (GUI) Intel 80386
86f1bbda3ebf03a0f0a79d7bd1db68598ace9465f5cebb7f66773f8a818b4e8b;Dark Caracal - PE32 executable (DLL) (GUI) Intel 80386
675c3d96070dc9a0e437f3e1b653b90dbc6700b0ec57379d4139e65f7d2799cd;Dark Caracal - PE32 executable (DLL) (GUI) Intel 80386
ed25b0c20b1c1b271a511a1266fe3967ab851aaa9f793bdf4f3d19de1dcf6532;Dark Caracal - PE32 executable (GUI) Intel 80386
f581a75a0f8f8eb200a283437bed48f30ae9d5616e94f64acfd93c12fcef987a;Dark Caracal - PE32 executable (GUI) Intel 80386
d57701321f2f13585a02fc8ba6cbf1f2f094764bfa067eb73c0101060289b0ba;Dark Caracal - PE32 executable (GUI) Intel 80386

ff808d0a12676bfac88fd26f955154f8884f2bb7c534b9936510fd6296c543e8;Sofacy Activity https://researchcenter.paloaltonetworks.com/2018/02/unit42-sofacy-attacks-multiple-government-entities/
12e6642cf6413bdf5388bee663080fa299591b2ba023d069286f3be9647547c8;Sofacy Activity https://researchcenter.paloaltonetworks.com/2018/02/unit42-sofacy-attacks-multiple-government-entities/
cb85072e6ca66a29cb0b73659a0fe5ba2456d9ba0b52e3a4c89e86549bc6e2c7;Sofacy Activity https://researchcenter.paloaltonetworks.com/2018/02/unit42-sofacy-attacks-multiple-government-entities/
23411bb30042c9357ac4928dc6fca6955390361e660fec7ac238bbdcc8b83701;Sofacy Activity https://researchcenter.paloaltonetworks.com/2018/02/unit42-sofacy-attacks-multiple-government-entities/

042cc382acb5b2b70c78baa77bb7c5f9;SlingShot APT https://securelist.com/apt-slingshot/84312/
11ccc2c5811c80f2a796817d9ccbe34b;SlingShot APT https://securelist.com/apt-slingshot/84312/
142970f7e10e3a49e583b2f557dcbe79;SlingShot APT https://securelist.com/apt-slingshot/84312/
64f705e55545a371e0f5e599cfbae5e9;SlingShot APT https://securelist.com/apt-slingshot/84312/
6637dbcc6059a1e2e45956d98a3ea590;SlingShot APT https://securelist.com/apt-slingshot/84312/
706269c041d94c4501b78c128f1c0e70;SlingShot APT https://securelist.com/apt-slingshot/84312/
7fb82333aa08f4bfbbfa515e7e93bad4;SlingShot APT https://securelist.com/apt-slingshot/84312/
87a28a99697452a37fc229b3aa3afe97;SlingShot APT https://securelist.com/apt-slingshot/84312/
afaff3310d8c094774da6ba856c1a30e;SlingShot APT https://securelist.com/apt-slingshot/84312/
b7a2525e05769540f48733d5673a77fa;SlingShot APT https://securelist.com/apt-slingshot/84312/
c638169aaa777d4f6eae43205a39e274;SlingShot APT https://securelist.com/apt-slingshot/84312/
db71aed3b9ffbbfa4c49db036520ceeb;SlingShot APT https://securelist.com/apt-slingshot/84312/
f4944c5d47907ce93819aed8c4f76bcc;SlingShot APT https://securelist.com/apt-slingshot/84312/

3fefa55daeb167931975c22df3eca20a;Temp.Periscope https://goo.gl/qeBHsr - HOMEFRY, a 64-bit Windows password dumper/cracker - x.js
40528e368d323db0ac5c3f5e1efe4889;Temp.Periscope https://goo.gl/qeBHsr - MURKYTOP, a command-line reconnaissance tool - mt.exe
a68bf5fce22e7f1d6f999b7a580ae477;Temp.Periscope https://goo.gl/qeBHsr - AIRBREAK, a JavaScript-based backdoor which retrieves commands from hidden strings in compromised webpages - com4.js
3eb6f85ac046a96204096ab65bbd3e7e;Temp.Periscope https://goo.gl/qeBHsr - AIRBREAK, a JavaScript-based backdoor which retrieves commands from hidden strings in compromised webpages - green.ddd
6e843ef4856336fe3ef4ed27a4c792b1;Temp.Periscope https://goo.gl/qeBHsr - Beacon, a commercially available backdoor - BGij
a9e7539c1ebe857bae6efceefaa9dd16;Temp.Periscope https://goo.gl/qeBHsr - PHOTO, also reported as Derusbi - msresamn.ttf
bd9e4c82bf12c4e7a58221fc52fed705;Temp.Periscope https://goo.gl/qeBHsr - BADFLICK, backdoor that is capable of modifying the file system, generating a reverse shell, and modifying its command-and-control configuration

EE04B324F7E25B59D3412232A79D1878632D6817C3BB49500B214BF19AFA4E2C;Mozilla.exe - https://goo.gl/i3prxY
0BA49FEB7784E6D33D821B36C5C669D09E58B6795ACA3EEBBF104B763B3B3C20;Updateproxy.dll - https://goo.gl/i3prxY
33B7407E534B46BF8EC06D9F45ECD2D3C7D954340669E94CD7CEDCBAE5BAD2DD;Telnet.dll - https://goo.gl/i3prxY
6160AF383794212B6AD8AB9D6D104BBE7AEFB22410F3AB8EA238F98DABFC48B7;Socks.dll - https://goo.gl/i3prxY
C63B01C40038CA076072A35913F56D82E32FCEE3567650F3392B5C5DA0004548;Shell.dll - https://goo.gl/i3prxY
D51EC4ACEAFA971E7ABD0CF4D27539A4212A448268EF1DB285CD9CE9024D6EB3;Session.dll - https://goo.gl/i3prxY
BD8086DE44E16EFDD380E23E49C4058D956538B01E1AE999B679B6B76B643C7D;Screen.dll - https://goo.gl/i3prxY
B44A9545B697B4D46D5B96862A6F19EA72F89FED279F56309B2F245AC8380BE0;Port.dll - https://goo.gl/i3prxY
F4DF97108F18654089CFB863F2A45AA41D17A3CE8A44CCCC474F281A20123436;File.dll - https://goo.gl/i3prxY
D31D38403E039F5938AE8A5297F35EB5343BB9362D08499B1E07FAD3936CE6F7;ConEmu.exe - https://goo.gl/i3prxY
A591D4D5B8D23FF12E44A301CE5D4D9BF966EBA0FC0068085B4B4EC3CE352963;Noodles.exe - https://goo.gl/i3prxY
EEBFF21DEF49AF4E85C26523AF2AD659125A07A09DB50AC06BD3746483C89F9D;Coal.exe (Malicious executable) - https://goo.gl/i3prxY
97B9D7E16CD6B78A090E9FA7863BD9A57EA5BBE6AE443FA788603EEE5DA0BFC3;Abg.exe (Malicious executable) - https://goo.gl/i3prxY
B6C21C26AEF75AD709F6C9CFA84BFA15B7EE709588382CE4BC3544A04BCEB661;23d.exe (Malicious executable) - https://goo.gl/i3prxY
DB9B9FA9EFA53662EC27F4B74B79E745F54B6C30C547A4E5BD2754E9F635F6DB;89d.exe (Malicious executable) - https://goo.gl/i3prxY

f3e3e25a822012023c6e81b206711865;Energetic Bear Hashes - ini.php
f3e3e25a822012023c6e81b206711865;Energetic Bear Hashes - mysql.php
c76470e85b7f3da46539b40e5c552712;Energetic Bear Hashes - opts.php
155385cc19e3092765bcfed034b82ccb;Energetic Bear Hashes - error_log.php
1644af9b6424e8f58f39c7fa5e76de51;Energetic Bear Hashes - code29.php
1644af9b6424e8f58f39c7fa5e76de51;Energetic Bear Hashes - proxy87.php
2292f5db385068e161ae277531b2e114;Energetic Bear Hashes - theme.php
7ec514bbdc6dd8f606f803d39af8883f;Energetic Bear Hashes - sma.php
78c31eff38fdb72ea3b1800ea917940f;Energetic Bear Hashes - media.php

ec968325394f3e6821bf90fda321e09b;Orange Worm IOC https://goo.gl/VdrwgR - WMIAMGMT.DLL
01cf05a07af57a7aafd0ad225a6fd300;Orange Worm IOC https://goo.gl/VdrwgR - WMIASSN.DLL
d57df638c7befd7897c9013e90b678f0;Orange Worm IOC https://goo.gl/VdrwgR - wmiamgmt.dll
5c3499acfe0ad7563b367fbf7fb2928c;Orange Worm IOC https://goo.gl/VdrwgR - wmipadp.dll
4b91ec8f5d4a008dd1da723748a633b6;Orange Worm IOC https://goo.gl/VdrwgR - wmipadp.dll
134846465b8c3f136ace0f2a6f15e534;Orange Worm IOC https://goo.gl/VdrwgR - wmiassn.dll
9d2cb9d8e73fd879660d9390ba7de263;Orange Worm IOC https://goo.gl/VdrwgR - WMIPDPA.DLL
939e76888bdeb628405e1b8be963273c;Orange Worm IOC https://goo.gl/VdrwgR - wmiadrv.dll
de9b01a725d4f19da1c1470cf7a948ee;Orange Worm IOC https://goo.gl/VdrwgR - wmipdpa.dll
bb939a868021db963916cc0118aab8ee;Orange Worm IOC https://goo.gl/VdrwgR - wmipadp.dll
3289c9a1b534a19925a14a8f7c39187c;Orange Worm IOC https://goo.gl/VdrwgR - wmiadrv.dll
9d3839b39d699336993df1dd4501892b;Orange Worm IOC https://goo.gl/VdrwgR - wmipdpa.dll
5c3499acfe0ad7563b367fbf7fb2928c;Orange Worm IOC https://goo.gl/VdrwgR - wmipadp.dll
fece72bd41cb0e06e05a847838fbde56;Orange Worm IOC https://goo.gl/VdrwgR - wmiassn.dll
bbd9e4204514c66c1babda178c01c213;Orange Worm IOC https://goo.gl/VdrwgR - wmiadrv.dll
ee4206cf4227661d3e7ec846f0d69a43;Orange Worm IOC https://goo.gl/VdrwgR - wmipadp.dll
290d8e8524e57783e8cc1b9a3445dfe9;Orange Worm IOC https://goo.gl/VdrwgR - wmiamgmt.dll
0240ed7e45567f606793dafaff024acf;Orange Worm IOC https://goo.gl/VdrwgR - wmipsrvce.exe
047f70dbac6cd9a4d07abef606d89fb7;Orange Worm IOC https://goo.gl/VdrwgR - wmiapsrvce.exe
0240ed7e45567f606793dafaff024acf;Orange Worm IOC https://goo.gl/VdrwgR - WMIAPSRVUX.EXE
2ae53de1a1f65a6d57e96dab26c73cda;Orange Worm IOC https://goo.gl/VdrwgR - wmiapsrve.exe
47345640c135bd00d9f2969fabb4c9fa;Orange Worm IOC https://goo.gl/VdrwgR - WMIPSVRCE.EXE
cb9954509dc82e6bbed2aee202d88415;Orange Worm IOC https://goo.gl/VdrwgR - wmipsrvce.exe
cb9954509dc82e6bbed2aee202d88415;Orange Worm IOC https://goo.gl/VdrwgR - WMIPSVRE.EXE
b680b119643876286030c4f6134dc4e3;Orange Worm IOC https://goo.gl/VdrwgR - wmiapsrve.exe
fac94bc2dcfbef7c3b248927cb5abf6d;Orange Worm IOC https://goo.gl/VdrwgR - wmipvsre.exe
856683aee9687f6fdf00cfd4dc4c2aef;Orange Worm IOC https://goo.gl/VdrwgR - wmiapsvrce.exe
847459c8379250d8be2b2d365be877f5;Orange Worm IOC https://goo.gl/VdrwgR - wmiapsrve.exe
fac94bc2dcfbef7c3b248927cb5abf6d;Orange Worm IOC https://goo.gl/VdrwgR - WMIAPSRVE.EXE
fac94bc2dcfbef7c3b248927cb5abf6d;Orange Worm IOC https://goo.gl/VdrwgR - WMIPRVSE.EXE
cb9954509dc82e6bbed2aee202d88415;Orange Worm IOC https://goo.gl/VdrwgR - WMIPVSRE.EXE
6277e675d335fd69a3ff13a465f6b0a8;Orange Worm IOC https://goo.gl/VdrwgR - wmipsrvce.exe
847459c8379250d8be2b2d365be877f5;Orange Worm IOC https://goo.gl/VdrwgR - wmiapsvre.exe
3bedc1c4c1023c141c2f977e846c476e;Orange Worm IOC https://goo.gl/VdrwgR - wmipsvrce.exe
ce3894ee6f3c2c2c828148f7f779aafe;Orange Worm IOC https://goo.gl/VdrwgR - WMIAPVSRE.EXE
3b3a1062689ffa191e58d5507d39939d;Orange Worm IOC https://goo.gl/VdrwgR - wmiaprvse.exe
47345640c135bd00d9f2969fabb4c9fa;Orange Worm IOC https://goo.gl/VdrwgR - WMIAPSVRE.EXE
3bedc1c4c1023c141c2f977e846c476e;Orange Worm IOC https://goo.gl/VdrwgR - wmiapvsre.exe
6277e675d335fd69a3ff13a465f6b0a8;Orange Worm IOC https://goo.gl/VdrwgR - wmiapsrve.exe
856683aee9687f6fdf00cfd4dc4c2aef;Orange Worm IOC https://goo.gl/VdrwgR - wmipsvrce.exe
cb9954509dc82e6bbed2aee202d88415;Orange Worm IOC https://goo.gl/VdrwgR - wmipsvrce.exe
fac94bc2dcfbef7c3b248927cb5abf6d;Orange Worm IOC https://goo.gl/VdrwgR - wmipsrvce.exe
847459c8379250d8be2b2d365be877f5;Orange Worm IOC https://goo.gl/VdrwgR - WMIPRVSE.EXE
cb9954509dc82e6bbed2aee202d88415;Orange Worm IOC https://goo.gl/VdrwgR - wmiapsrvcx.exe
856683aee9687f6fdf00cfd4dc4c2aef;Orange Worm IOC https://goo.gl/VdrwgR - wmiapsrvce.exe
cb9954509dc82e6bbed2aee202d88415;Orange Worm IOC https://goo.gl/VdrwgR - wmiprvse.exe
7e5f76c7b5bf606b0fdc17f4ba75de03;Orange Worm IOC https://goo.gl/VdrwgR - wmiapsvrce.exe
177bece20ba6cc644134709a391c4a98;Orange Worm IOC https://goo.gl/VdrwgR - wmiapsrvex.exe
fac94bc2dcfbef7c3b248927cb5abf6d;Orange Worm IOC https://goo.gl/VdrwgR - wmiaprvse.exe
fac94bc2dcfbef7c3b248927cb5abf6d;Orange Worm IOC https://goo.gl/VdrwgR - wmipsvre.exe
3b3a1062689ffa191e58d5507d39939d;Orange Worm IOC https://goo.gl/VdrwgR - wmiapsrvex.exe
b59e4942f7c68c584a35d59e32adce3a;Orange Worm IOC https://goo.gl/VdrwgR - wmiapsrve.exe
81e61e5f44a6a476983e7a90bdac6a55;Orange Worm IOC https://goo.gl/VdrwgR - WMIAPSRVCX.EXE

f1df1a795eb784f7bfc3ba9a7e3b00ac;Fancy Bear - Lojack Double Agents - https://asert.arbornetworks.com/lojack-becomes-a-double-agent/
6eaa1ff5f33df3169c209f98cc5012d0;Fancy Bear - Lojack Double Agents - https://asert.arbornetworks.com/lojack-becomes-a-double-agent/
f3c6e16f0dd2b0e55a7dad365c3877d4;Fancy Bear - Lojack Double Agents - https://asert.arbornetworks.com/lojack-becomes-a-double-agent/
cf45ec807321d12f8df35fa434591460;Fancy Bear - Lojack Double Agents - https://asert.arbornetworks.com/lojack-becomes-a-double-agent/
f391556d9f89499fa8ee757cb3472710;Fancy Bear - Lojack Double Agents - https://asert.arbornetworks.com/lojack-becomes-a-double-agent/

02AE075DA4FB2A6D38CE06F8F40E397E;Ocean Lotus Report by Tencent https://s.tencent.com/research/report/471.html (Document_GPI Invitation-UNSOOC China.doc)
D7C172D4A88573B7E373F2B666C011AC;Ocean Lotus Report by Tencent https://s.tencent.com/research/report/471.html (GPI Invitation-UNSOOC China.doc)
72A5AD375401F33A5079CAEE18884C9D;Ocean Lotus Report by Tencent https://s.tencent.com/research/report/471.html ({92BA1818-0119-4F79-874E-E3BF79C355B8}.dll)
79D06DD20768FD8CD4A043833C1F2D4B;Ocean Lotus Report by Tencent https://s.tencent.com/research/report/471.html ({A96B020F-0000-466F-A96D-A91BBF8EAC96}.dll)\
EC505565E4CB5A22BFD3F63E4AD83FF3;Ocean Lotus Report by Tencent https://s.tencent.com/research/report/471.html (HttpProv.dll)
2559738D1BD4A999126F900C7357B759;Ocean Lotus Report by Tencent https://s.tencent.com/research/report/471.html (HttpProv.dll)
2DFAEDD9265642E430E6635F210FABB4;Ocean Lotus Report by Tencent https://s.tencent.com/research/report/471.html (DnsProvider.dll)
F775CC387A55831386E44DD00EF9723E;Ocean Lotus Report by Tencent https://s.tencent.com/research/report/471.html (rastls.dll)
B10F93CDBCDF43D4C5C5770872E239F4;Ocean Lotus Report by Tencent https://s.tencent.com/research/report/471.html (OUTLFLTR.DAT)

E42a8cef2e70d4f3c96c2b8073e7d396;Patchwork activity - Collecting file modules - https://goo.gl/hDQizk
0fa12f215b8c5cfed492d3c5ee2867b3;Patchwork activity - Keylogger module - https://goo.gl/hDQizk
5c3456d5932544b779fe814133344fdb;Patchwork activity - Download the execution module - https://goo.gl/hDQizk
F396b476413558266f3abd336e06cbfc;Patchwork activity - Download Execution Module [beta] - https://goo.gl/hDQizk

8549dcbdfc6885e0e7a1521da61352ef4f084d969dd30719166b47fdb204828a;Tick Group Weaponized USB https://researchcenter.paloaltonetworks.com/2018/06/unit42-tick-group-weaponized-secure-usb-drives-target-air-gapped-critical-systems/
31aea8630d5d2fcbb37a8e72fe4e096d0f2d8f05e03234645c69d7e8b59bb0e8;Tick Group Weaponized USB https://researchcenter.paloaltonetworks.com/2018/06/unit42-tick-group-weaponized-secure-usb-drives-target-air-gapped-critical-systems/
b1bb1d5f178b064eb1d7c9cc7cadcf8b3959a940c14cee457ce3aba5795660aa;Tick Group Weaponized USB https://researchcenter.paloaltonetworks.com/2018/06/unit42-tick-group-weaponized-secure-usb-drives-target-air-gapped-critical-systems/
3227d1e39fc3bc842245ccdb16eeaadad3bcd298e811573b2e68ef2a7077f6f6;Tick Group Weaponized USB https://researchcenter.paloaltonetworks.com/2018/06/unit42-tick-group-weaponized-secure-usb-drives-target-air-gapped-critical-systems/
92e0d0346774127024c672cc7239dd269824a79e85b84c532128fd9663a0ce78;Tick Group Weaponized USB https://researchcenter.paloaltonetworks.com/2018/06/unit42-tick-group-weaponized-secure-usb-drives-target-air-gapped-critical-systems/
33665d93ab2a0262551c61ec9a3adca2c2b8dfea34e6f3f723274d88890f6ceb;Tick Group Weaponized USB https://researchcenter.paloaltonetworks.com/2018/06/unit42-tick-group-weaponized-secure-usb-drives-target-air-gapped-critical-systems/
019874898284935719dc74a6699fb822e20cdb8e3a96a7dc8ec4f625e3f1116e;Tick Group Weaponized USB https://researchcenter.paloaltonetworks.com/2018/06/unit42-tick-group-weaponized-secure-usb-drives-target-air-gapped-critical-systems/
f817c9826089b49d251b8a09a0e9bf9b4b468c6e2586af60e50afe48602f0bec;Tick Group Weaponized USB https://researchcenter.paloaltonetworks.com/2018/06/unit42-tick-group-weaponized-secure-usb-drives-target-air-gapped-critical-systems/

8e6d87eadb27b74852bd5a19062e52ed;Lucky Mouse NDISPROXY - https://securelist.com/luckymouse-ndisproxy-driver/87914/ -
d21de00f981bb6b5094f9c3dfa0be533;Lucky Mouse NDISPROXY - https://securelist.com/luckymouse-ndisproxy-driver/87914/ -
a2eb59414823ae00d53ca05272168006;Lucky Mouse NDISPROXY - https://securelist.com/luckymouse-ndisproxy-driver/87914/ -
493167e85e45363d09495d0841c30648;Lucky Mouse NDISPROXY - https://securelist.com/luckymouse-ndisproxy-driver/87914/ -
ad07b44578fa47e7de0df42a8b7f8d2d;Lucky Mouse NDISPROXY - https://securelist.com/luckymouse-ndisproxy-driver/87914/ -
83c5ff660f2900677e537f9500579965;Lucky Mouse NDISPROXY - https://securelist.com/luckymouse-ndisproxy-driver/87914/ - Auxiliary Earthworm SOCKS tunneler and Scanline network scanner

001b8f696b6576798517168cd0a0fb44;APT10 IOCs - Source: AlienVault OTX
00591821f328911380277272164d08cd;APT10 IOCs - Source: AlienVault OTX
007f5599898ab9013672226b4c5f57e1;APT10 IOCs - Source: AlienVault OTX
01468a69ca8676b51a357676e0856c88;APT10 IOCs - Source: AlienVault OTX
018509c1165817d4b0a3e728eab41ea0;APT10 IOCs - Source: AlienVault OTX
0232172544079ff42890db4fd248cc11;APT10 IOCs - Source: AlienVault OTX
03091bfdaa8ea40f049539f97cb21403;APT10 IOCs - Source: AlienVault OTX
037e7c0620ab5d83a5a36974527a6db3;APT10 IOCs - Source: AlienVault OTX
0506cf6d4e86c9ad1d4ea985f43582c6;APT10 IOCs - Source: AlienVault OTX
05138bd38f7c63313cb72b4ed5c241fa;APT10 IOCs - Source: AlienVault OTX
054d9852de6983116bd3d521e8d73296;APT10 IOCs - Source: AlienVault OTX
0556ff5e5f8744bff47d4921494ba46d;APT10 IOCs - Source: AlienVault OTX
05ac9875df6a4e1b7b7a21099d27caaf;APT10 IOCs - Source: AlienVault OTX
05c974fa1e5c11e472706f98c9923f61;APT10 IOCs - Source: AlienVault OTX
069d85a86c3199e6e543608fc7ea0bbb;APT10 IOCs - Source: AlienVault OTX
076ec3aa6b0cb93e7d4cd607f3ced946;APT10 IOCs - Source: AlienVault OTX
079a440bee0f86d8a59ebc5c4b523a07;APT10 IOCs - Source: AlienVault OTX
07aa0340ec0bfbb2e59f1cc50382c055;APT10 IOCs - Source: AlienVault OTX
07abd6583295061eac2435ae470eff78;APT10 IOCs - Source: AlienVault OTX
07e5f351325b1b50c4d9c0dcc73ee294;APT10 IOCs - Source: AlienVault OTX
08709f35581e0958d1ca4e50b7d86dba;APT10 IOCs - Source: AlienVault OTX
08a268a4c473f9920b254a6b6fc62548;APT10 IOCs - Source: AlienVault OTX
08a3259648ae99053ba24aa60a309770;APT10 IOCs - Source: AlienVault OTX
08f10881e2c57eb6f7368b7c06735826;APT10 IOCs - Source: AlienVault OTX
0921d7b4bf06276f4f59c85eb240da29;APT10 IOCs - Source: AlienVault OTX
098bfd5c1e7a5cf9f914c09abacb58f9;APT10 IOCs - Source: AlienVault OTX
0b3a047d31461e20887bb1d32b4e472f;APT10 IOCs - Source: AlienVault OTX
0b3ae22200bceedc02cf46938a376fa4;APT10 IOCs - Source: AlienVault OTX
0b6845fbfa54511f21d93ef90f77c8de;APT10 IOCs - Source: AlienVault OTX
0b87f38f9151ef81e07c2cdd8a602335;APT10 IOCs - Source: AlienVault OTX
0c0a39e1cab4fc9896bdf5ef3c96a716;APT10 IOCs - Source: AlienVault OTX
0d50bd8299de64525a78845957456959;APT10 IOCs - Source: AlienVault OTX
0de2dc76a10d583f2d8c5c1e780a7f39;APT10 IOCs - Source: AlienVault OTX
0f3f59190054c95b9001baa3f2aea917;APT10 IOCs - Source: AlienVault OTX
0f6b00b0c5a26a5aa8942ae356329945;APT10 IOCs - Source: AlienVault OTX
102494d665b137bf91e902076f339185;APT10 IOCs - Source: AlienVault OTX
10c13a817bf7622b2359d1816be4c122;APT10 IOCs - Source: AlienVault OTX
10c8d81bc66c02ab7083632ce56800fa;APT10 IOCs - Source: AlienVault OTX
11a96b51e1c9d29cc122ea7f9a64532c;APT10 IOCs - Source: AlienVault OTX
11ea8d8dd0ffde8285f3c0049861a442;APT10 IOCs - Source: AlienVault OTX
13cdd0d9f222a47589c5c71fa3ac2cbe;APT10 IOCs - Source: AlienVault OTX
15112a53fcecc4c666a82ca84a853716;APT10 IOCs - Source: AlienVault OTX
156ce6a9d3eaac1584b8df714a35c530;APT10 IOCs - Source: AlienVault OTX
15a34beac5d75f5ab7b94d14ff3c0b5f;APT10 IOCs - Source: AlienVault OTX
15faecbbc412a7c3bd1049d77bc7618b;APT10 IOCs - Source: AlienVault OTX
17b8e6ac3830ad58afe1a70df4319fae;APT10 IOCs - Source: AlienVault OTX
184dd07bc91cc915aebf157a8b28066d;APT10 IOCs - Source: AlienVault OTX
19417f7551bc54db6783823325557773;APT10 IOCs - Source: AlienVault OTX
195bdc84f114c282e61f206dc88cd26d;APT10 IOCs - Source: AlienVault OTX
19610f0d343657f6842d2045e8818f09;APT10 IOCs - Source: AlienVault OTX
19aa5019f3c00211182b2a80dd967572;APT10 IOCs - Source: AlienVault OTX
1b1588507439cf700f411336e40b94a1;APT10 IOCs - Source: AlienVault OTX
1b47a8c22f9905afe05fad41ff3c9e4d;APT10 IOCs - Source: AlienVault OTX
1b50e838babcd80ab95cff14bdf22a69;APT10 IOCs - Source: AlienVault OTX
1b851bb23578033c79b8b15313b9c382;APT10 IOCs - Source: AlienVault OTX
1b891bc2e5038615efafabe48920f200;APT10 IOCs - Source: AlienVault OTX
1bc481cb01b205095c86174a171676d8;APT10 IOCs - Source: AlienVault OTX
1c3fe3ec1148fa72c18e2fcc3cdb354f;APT10 IOCs - Source: AlienVault OTX
1d0105cf8e076b33ed499f1dfef9a46b;APT10 IOCs - Source: AlienVault OTX
1d11be8616289afcb3e4da79ecba774d;APT10 IOCs - Source: AlienVault OTX
1d3ebced0619f8e399a91735a05cf617;APT10 IOCs - Source: AlienVault OTX
1d4e74574bd8fde793d85cbe59f8a288;APT10 IOCs - Source: AlienVault OTX
1ecbff1a46a8ec9a0c3ee45a390950a0;APT10 IOCs - Source: AlienVault OTX
1f8093417f3aaa8460d34742f51ecb81;APT10 IOCs - Source: AlienVault OTX
200c06f1be562a09cafab07d22838767;APT10 IOCs - Source: AlienVault OTX
20d5e35295ee38ff96ce20f9db4f690d;APT10 IOCs - Source: AlienVault OTX
20e5d623af9afe095ef449cb9b6c9b46;APT10 IOCs - Source: AlienVault OTX
21567cce2c26e7543b977a205845ba77;APT10 IOCs - Source: AlienVault OTX
2186f6a75f13f533d05925c6403f9c5a;APT10 IOCs - Source: AlienVault OTX
21c46a95329f3f16050a7421841a92c4;APT10 IOCs - Source: AlienVault OTX
223d1396f2b5b7719702c980cbd1d6c0;APT10 IOCs - Source: AlienVault OTX
224bc8cb1f2e265ccca90657232d8b4d;APT10 IOCs - Source: AlienVault OTX
22b0ac28f22dec098f3d743be4a8164f;APT10 IOCs - Source: AlienVault OTX
22d799e3fe58e5d10341080d370b683e;APT10 IOCs - Source: AlienVault OTX
233368858a54e5f41f28dbbb7b9bb245;APT10 IOCs - Source: AlienVault OTX
234257c192caa419d14096f104b03e06;APT10 IOCs - Source: AlienVault OTX
238ab76f12b861cbb8646337a8c48062;APT10 IOCs - Source: AlienVault OTX
23c5226e6bf83d768720524fb743c8eb;APT10 IOCs - Source: AlienVault OTX
23d03ee4bf57de7087055b230dae7c5b;APT10 IOCs - Source: AlienVault OTX
246cb77ecfd0a8e62b68c76be5a6ce5c;APT10 IOCs - Source: AlienVault OTX
24c2661aece1c089aa57c6efa7380e9d;APT10 IOCs - Source: AlienVault OTX
250495a936dd186b689438aab3cea65b;APT10 IOCs - Source: AlienVault OTX
251a5361efa82fb66e0832cc2de63b93;APT10 IOCs - Source: AlienVault OTX
257b3ed1145c25e3e67f83f61a637034;APT10 IOCs - Source: AlienVault OTX
25a11276aa992478f4c21c64ee409b35;APT10 IOCs - Source: AlienVault OTX
25a2bb2eda3c432a4c1ce481d9ceb2e6;APT10 IOCs - Source: AlienVault OTX
2685d8eb6009fd7f03956928f08071de;APT10 IOCs - Source: AlienVault OTX
26c7326f4449c1337fc42e43ca0790dd;APT10 IOCs - Source: AlienVault OTX
26f932c0ff3dd6bbf0361a6b97343b1a;APT10 IOCs - Source: AlienVault OTX
28b21e27faf143e07cb4bc0cb7ca226b;APT10 IOCs - Source: AlienVault OTX
2901d47b89ca048bee6a0d47bbe04677;APT10 IOCs - Source: AlienVault OTX
291976ba47cec4b3c0e31cbc50ab1923;APT10 IOCs - Source: AlienVault OTX
294d9eed9a99acc4a32c5db83921258c;APT10 IOCs - Source: AlienVault OTX
298f6b668801d98dea6fb0353eccf851;APT10 IOCs - Source: AlienVault OTX
2a11d0f22b413d990437892ec6fb28a9;APT10 IOCs - Source: AlienVault OTX
2bc9bfcc2127b50b703aeb4ac35556c5;APT10 IOCs - Source: AlienVault OTX
2bd698ae474b18cf4748edd99bd6c9e7;APT10 IOCs - Source: AlienVault OTX
2c6126e9f308d1be11553978e8a97621;APT10 IOCs - Source: AlienVault OTX
2c8c0b42bf8e210de28bcf2d8152f71d;APT10 IOCs - Source: AlienVault OTX
2cfdd81233e787045da7244690762c83;APT10 IOCs - Source: AlienVault OTX
2d1e048030c27e2d57f0448df78142f6;APT10 IOCs - Source: AlienVault OTX
2dac055855822e69679aa367d002f5e9;APT10 IOCs - Source: AlienVault OTX
2f1722210a991c50e6484911e0b7bbef;APT10 IOCs - Source: AlienVault OTX
2f9e44e0cef0b4a67b7be74bc11b8e7d;APT10 IOCs - Source: AlienVault OTX
312dc69dd6ea16842d6e58cd7fd98ba4;APT10 IOCs - Source: AlienVault OTX
320f6a41238efadeda9a8c50ca0796a3;APT10 IOCs - Source: AlienVault OTX
33c50a7ec7fc4cd601801eed093dc620;APT10 IOCs - Source: AlienVault OTX
343974937d2a9a83ea08828cf447a53e;APT10 IOCs - Source: AlienVault OTX
35947b085e4593ccf38a5eb26ca4d4cf;APT10 IOCs - Source: AlienVault OTX
37a5d27d49385f4e8edb94ad83b38164;APT10 IOCs - Source: AlienVault OTX
37c89f291dbe880b1f3ac036e6b9c558;APT10 IOCs - Source: AlienVault OTX
392cfd925a11113033e1a7bde5805f6e;APT10 IOCs - Source: AlienVault OTX
392f15c431c00f049bb1282847d8967f;APT10 IOCs - Source: AlienVault OTX
3ab3cbe9b138eadebd92d26bf972be44;APT10 IOCs - Source: AlienVault OTX
3afa9243b3aeb534e02426569d85e517;APT10 IOCs - Source: AlienVault OTX
3be48faafcbad4bf56128f703e2afc96;APT10 IOCs - Source: AlienVault OTX
3cbb5664d70bbe62f19ee28f26f21d7e;APT10 IOCs - Source: AlienVault OTX
3d83df756cc1e575755a7a3a8d9d8afc;APT10 IOCs - Source: AlienVault OTX
3dacd8986fd0e3fc632caf0353753561;APT10 IOCs - Source: AlienVault OTX
3de28143f1d30467e843940f05c81a19;APT10 IOCs - Source: AlienVault OTX
3ed23505e3eb519d399419431b8aea16;APT10 IOCs - Source: AlienVault OTX
406f0e37c494a945d6f53c7110d8af98;APT10 IOCs - Source: AlienVault OTX
40ae680e0f9cf3ae344ad97c55723aa9;APT10 IOCs - Source: AlienVault OTX
429f5048462fd037e3ad7f8a211004c6;APT10 IOCs - Source: AlienVault OTX
42b091f63548fccbbd87f8c06b632dda;APT10 IOCs - Source: AlienVault OTX
42c6e38375e46075eb1abd7a41ae15c5;APT10 IOCs - Source: AlienVault OTX
44c7319d8d7b84c52c4a6c94056d246b;APT10 IOCs - Source: AlienVault OTX
44cdbb4f54972fe98b4b96757e15b33a;APT10 IOCs - Source: AlienVault OTX
451c52652ddb28e9071078f214a327a7;APT10 IOCs - Source: AlienVault OTX
454a7f651e366ec0982216ae8d45544d;APT10 IOCs - Source: AlienVault OTX
45f5b2404eefe7672534bcd13466987d;APT10 IOCs - Source: AlienVault OTX
472b1710794d5c420b9d921c484ca9e8;APT10 IOCs - Source: AlienVault OTX
47f4342644d92abf02a70987e58378ad;APT10 IOCs - Source: AlienVault OTX
486a97e513b02bde9e61f16ec8c55a01;APT10 IOCs - Source: AlienVault OTX
492c9ea17e215053db1c214bb369684f;APT10 IOCs - Source: AlienVault OTX
494e65cf21ad559fccf3dacdd69acc94;APT10 IOCs - Source: AlienVault OTX
4a076785e9786324bb852dd5bc27f10b;APT10 IOCs - Source: AlienVault OTX
4ad286a97c82f91df3e07b101a224f56;APT10 IOCs - Source: AlienVault OTX
4be4697be34f31e94c19e0f1f153c554;APT10 IOCs - Source: AlienVault OTX
4ca079c6325c5ad8e0155f49cab6b3f5;APT10 IOCs - Source: AlienVault OTX
4d449395552584ef28c7dea47e54cb30;APT10 IOCs - Source: AlienVault OTX
4d4ecaa074e5bab3ecc0c68de10687e5;APT10 IOCs - Source: AlienVault OTX
4d66d143a784d9beac9643a1634484ef;APT10 IOCs - Source: AlienVault OTX
4dd21fd277c772bcf8b9d1d72bf68de8;APT10 IOCs - Source: AlienVault OTX
4dfdfd203eeeff75474b8f431b6e0750;APT10 IOCs - Source: AlienVault OTX
4f1ffebb45b30dd3496caaf1fa9c77e3;APT10 IOCs - Source: AlienVault OTX
4f505ca0ea4540e6662def1c1ddadd03;APT10 IOCs - Source: AlienVault OTX
4f83c01e8f7507d23c67ab085bf79e97;APT10 IOCs - Source: AlienVault OTX
50607e692e7f9c47cc25a1719cdd5a75;APT10 IOCs - Source: AlienVault OTX
52f6a991feb2785451d66b49f287e588;APT10 IOCs - Source: AlienVault OTX
53473af71d40568d25da87fc41dfe500;APT10 IOCs - Source: AlienVault OTX
5359c9cd0936d10b88b6bce295026ea9;APT10 IOCs - Source: AlienVault OTX
5392f1399a49935817669d22e5e644ea;APT10 IOCs - Source: AlienVault OTX
53c8096033db54e5ec3d5eb9ac080fc4;APT10 IOCs - Source: AlienVault OTX
53fe5d10530fbef13da8c9e706a72944;APT10 IOCs - Source: AlienVault OTX
54855f3b7bbaaf754928e69435959ae8;APT10 IOCs - Source: AlienVault OTX
557f8d4c6f8b386c32001def807dc715;APT10 IOCs - Source: AlienVault OTX
55b8690c0aae4e500e645d5f49ce5a13;APT10 IOCs - Source: AlienVault OTX
578b17334312f81934adfed048ffdafd;APT10 IOCs - Source: AlienVault OTX
582bbe1c49290cd5dbf33f2b6507f484;APT10 IOCs - Source: AlienVault OTX
583ab1678588b754899b9d2c58f20aa2;APT10 IOCs - Source: AlienVault OTX
588f58afc2298e6b31e44ebc86aee104;APT10 IOCs - Source: AlienVault OTX
595205651920d06353e9ef9ef8b6e316;APT10 IOCs - Source: AlienVault OTX
59a3ff3496740ceea97ff70a980bc3ae;APT10 IOCs - Source: AlienVault OTX
59f23652dc1bad9b33b5345a1cde8c7c;APT10 IOCs - Source: AlienVault OTX
5a22e5aee4da2fe363b77f1351265a00;APT10 IOCs - Source: AlienVault OTX
5a78974df88ab6a67bb72a5c7a437fb2;APT10 IOCs - Source: AlienVault OTX
5b045d98606f000a236b1bd4ac4c9e48;APT10 IOCs - Source: AlienVault OTX
5b425dcf90df36706bcdd21438d6d32a;APT10 IOCs - Source: AlienVault OTX
5beb4504fe22e859a2b09cd5a654b23e;APT10 IOCs - Source: AlienVault OTX
5c5401fd7d32f481570511c73083e9a1;APT10 IOCs - Source: AlienVault OTX
5dd963d33c31cdb9131d86241e754d81;APT10 IOCs - Source: AlienVault OTX
5de8a11c4e98b6e4903a227604370ede;APT10 IOCs - Source: AlienVault OTX
5e223ef669acd309697c90cac2f9953f;APT10 IOCs - Source: AlienVault OTX
5ed1cb6e270a66d593478ebfefd7213d;APT10 IOCs - Source: AlienVault OTX
5f3b25e36f6c6637eb08dcca1c3a8ed6;APT10 IOCs - Source: AlienVault OTX
6102f79567dff2168beb17aba31e058f;APT10 IOCs - Source: AlienVault OTX
6190bbd83798a82d0309e886123f21c9;APT10 IOCs - Source: AlienVault OTX
6257e9973eb355b73d7610be8c1f0663;APT10 IOCs - Source: AlienVault OTX
625a4f618d14991cd9bd595bdd590570;APT10 IOCs - Source: AlienVault OTX
627aab44b52ccbd11564bd4668f193ce;APT10 IOCs - Source: AlienVault OTX
6285cba13fc5c2538e31c7f2529c7069;APT10 IOCs - Source: AlienVault OTX
62898b77bd9e8e286d6bc760f3e28981;APT10 IOCs - Source: AlienVault OTX
667989ffa5e77943f3384e78adf93510;APT10 IOCs - Source: AlienVault OTX
6739542294a6cc5ca4f272181944b943;APT10 IOCs - Source: AlienVault OTX
6799d58e43f98b2f2da099e7989f9772;APT10 IOCs - Source: AlienVault OTX
682a71edb073760ea81241f7d701ed1d;APT10 IOCs - Source: AlienVault OTX
684888079aaf7ed25e725b55a3695062;APT10 IOCs - Source: AlienVault OTX
686bb59ea637fb3af214c8c21761cda8;APT10 IOCs - Source: AlienVault OTX
6a3b8d24c125f3a3c7cff526e63297f3;APT10 IOCs - Source: AlienVault OTX
6b27330b779541ae8f3de7a491a19d8f;APT10 IOCs - Source: AlienVault OTX
6c260baa4367578778b1ecdaaab37ef9;APT10 IOCs - Source: AlienVault OTX
6f142bfa1e80fea6846364d8e6a5abf6;APT10 IOCs - Source: AlienVault OTX
6f3d15cf788e28ca504a6370c4ff6a1e;APT10 IOCs - Source: AlienVault OTX
6f5648ea4ca8a65c36c328c5ae8ac096;APT10 IOCs - Source: AlienVault OTX
6f932e38a2a67e8f73606dc30e7a2d7a;APT10 IOCs - Source: AlienVault OTX
6fea7954ab3d31414946d95e72f3152c;APT10 IOCs - Source: AlienVault OTX
6ff16afc92ce09acd2e3890b780efd86;APT10 IOCs - Source: AlienVault OTX
70c24654674742680a0c5938b10f8a28;APT10 IOCs - Source: AlienVault OTX
726788726dfb19231c6fc9c83ee2f392;APT10 IOCs - Source: AlienVault OTX
726bd0bd6cca8d481cf6165c95528caa;APT10 IOCs - Source: AlienVault OTX
727dd4a7aae56a8202c5aa7758ea5d46;APT10 IOCs - Source: AlienVault OTX
72f50a28656fa65b6d770af89ed82d69;APT10 IOCs - Source: AlienVault OTX
733c4799634e42d5a60a63210135f797;APT10 IOCs - Source: AlienVault OTX
73ed47540322051e27cd79325b6cbae0;APT10 IOCs - Source: AlienVault OTX
75500bb4143a052795ec7d2e61ac3261;APT10 IOCs - Source: AlienVault OTX
75569018fc3dcdf9458545ef5d83626b;APT10 IOCs - Source: AlienVault OTX
7584da171aab7895ffa08fe0baee2d3c;APT10 IOCs - Source: AlienVault OTX
75dc1e22e16c39e3532673f75fd41b93;APT10 IOCs - Source: AlienVault OTX
76808c0ade61f433bb5be83a4464eb9e;APT10 IOCs - Source: AlienVault OTX
76b744382cdc455f8b20542de34493d2;APT10 IOCs - Source: AlienVault OTX
779dbb88e037a6ecc8ab352961dbb028;APT10 IOCs - Source: AlienVault OTX
7891f00dcab0e4a2f928422062e94213;APT10 IOCs - Source: AlienVault OTX
78a4fee0e7b471f733f00c6e7bca3d90;APT10 IOCs - Source: AlienVault OTX
78c309be8437e7c1d2dd3f12d7c034c8;APT10 IOCs - Source: AlienVault OTX
797b450509e9cad63d30cd596ac8b608;APT10 IOCs - Source: AlienVault OTX
79dc5ee17ab11a647d6dff51d3908bda;APT10 IOCs - Source: AlienVault OTX
79e5a1d9adad4d64c8f5be2eb8345605;APT10 IOCs - Source: AlienVault OTX
79f71f327a38c2226d36a21172d2922b;APT10 IOCs - Source: AlienVault OTX
7af04a468de09c519681dcb0bd77030b;APT10 IOCs - Source: AlienVault OTX
7bee1d0709169e07db6182e65dc50b60;APT10 IOCs - Source: AlienVault OTX
7d16392926ec1d0a2494bb71470c68d3;APT10 IOCs - Source: AlienVault OTX
7e3c3eec58cbb6c4bcc4d59a549f7678;APT10 IOCs - Source: AlienVault OTX
7ed71cf0b98e60cc5d4296220f47c5a2;APT10 IOCs - Source: AlienVault OTX
7f9692ba1a14c9c5ea97d6182f07051b;APT10 IOCs - Source: AlienVault OTX
7fe3e44991c645642119fcc683bd62df;APT10 IOCs - Source: AlienVault OTX
80512010e667756f7d611f5cc6a6f9bb;APT10 IOCs - Source: AlienVault OTX
80d234dc62c1bcec1466986f1224c205;APT10 IOCs - Source: AlienVault OTX
80fa12d221adba53b8e7f9514960f945;APT10 IOCs - Source: AlienVault OTX
82f926009c06dfa452714608da21cb77;APT10 IOCs - Source: AlienVault OTX
83388058055d325a2fa5288182a41e89;APT10 IOCs - Source: AlienVault OTX
83448fc10f297a6968aeda7c02b09051;APT10 IOCs - Source: AlienVault OTX
83ddbc17900e325f6a0f7ebf375c8c1b;APT10 IOCs - Source: AlienVault OTX
84e767032054e0c2fef5764fb60679f4;APT10 IOCs - Source: AlienVault OTX
850a7e877d8e68188714ff5344f6fc15;APT10 IOCs - Source: AlienVault OTX
8571bac93788be4be74562e2e0c628d5;APT10 IOCs - Source: AlienVault OTX
86e2134168165d56c6e75d7b29c8f816;APT10 IOCs - Source: AlienVault OTX
878d13b8ceb49cfe9ff1b063bffeb9a9;APT10 IOCs - Source: AlienVault OTX
87e01acad9b67953881c7d1b8e28d003;APT10 IOCs - Source: AlienVault OTX
88a308d5bd6bff3e5047bea27e563d6d;APT10 IOCs - Source: AlienVault OTX
89cdae384c49f321a22dfb848cfa46ed;APT10 IOCs - Source: AlienVault OTX
8a21337be17e1e921eeb4d1b9c1b4773;APT10 IOCs - Source: AlienVault OTX
8a2205deb22c6ad61f007d52dc220351;APT10 IOCs - Source: AlienVault OTX
8a8e9bbf1ca2a926f0a5d06217eeea55;APT10 IOCs - Source: AlienVault OTX
8a93859e5f7079d6746832a3a22ff65c;APT10 IOCs - Source: AlienVault OTX
8aa2f821f252bb441a2fd0bc833b44b8;APT10 IOCs - Source: AlienVault OTX
8c9e843d62ff89f15c25517eff02497b;APT10 IOCs - Source: AlienVault OTX
8ca16b82d57cf6898a55e9fcdb400769;APT10 IOCs - Source: AlienVault OTX
8d6b6e023b4221bae8ed37bb18407516;APT10 IOCs - Source: AlienVault OTX
8ece7de82e1bdd4659a122c06ea9533e;APT10 IOCs - Source: AlienVault OTX
923c0e5dec753e3b7eb6d8f441a7206f;APT10 IOCs - Source: AlienVault OTX
92b90ee787a22487cae7592b5b93d386;APT10 IOCs - Source: AlienVault OTX
92e584577965e7ea7bf78f803d75ca53;APT10 IOCs - Source: AlienVault OTX
930525ac7bed4f1bf8bbf0a775dbea25;APT10 IOCs - Source: AlienVault OTX
93eda944f9c87c91945694b1c1d4bf05;APT10 IOCs - Source: AlienVault OTX
93fff47b3e13f3264349838c105358ca;APT10 IOCs - Source: AlienVault OTX
94bdc9ded334eceedfa288ffdd03e30f;APT10 IOCs - Source: AlienVault OTX
95da3987c6ebd2646e90b7c2a42c19a7;APT10 IOCs - Source: AlienVault OTX
9647626a70f006b49bc35d110aaadf8a;APT10 IOCs - Source: AlienVault OTX
973e0c922eb07aad530d8a1de19c7755;APT10 IOCs - Source: AlienVault OTX
9788c12cb574e9a9db4cae37c3adc56c;APT10 IOCs - Source: AlienVault OTX
985a61e8c38333b9e184a2c5c31e623d;APT10 IOCs - Source: AlienVault OTX
994fdc67386bd33bf849dd97adc04244;APT10 IOCs - Source: AlienVault OTX
9a014c33f9a9958ffbcf99d2a71d52fe;APT10 IOCs - Source: AlienVault OTX
9a0b957f164508830342310c44d56e49;APT10 IOCs - Source: AlienVault OTX
9af4c1e5bb81bf2df607653fcc25915a;APT10 IOCs - Source: AlienVault OTX
9b17ce7974a0cdd039ca759f3e31e82a;APT10 IOCs - Source: AlienVault OTX
9bb609caf50d36e24b152ee467ef3a61;APT10 IOCs - Source: AlienVault OTX
9bf3e6a95a261a449be02ac03d4f0523;APT10 IOCs - Source: AlienVault OTX
9df016883d872fd61fcc2d00856592d5;APT10 IOCs - Source: AlienVault OTX
9dfab49035ee6c6e9b8bb601c63bdac9;APT10 IOCs - Source: AlienVault OTX
9ed1164f4f6a337cde2ba6e7c72730cf;APT10 IOCs - Source: AlienVault OTX
9ee006601c5ee9f6f1992ec38fed63f6;APT10 IOCs - Source: AlienVault OTX
9ee9a5f37a679ddc1650ab36d91e9581;APT10 IOCs - Source: AlienVault OTX
a02610e760fa15c064931cfafb90a9e8;APT10 IOCs - Source: AlienVault OTX
a07fea56b45d0d1ebb6df4589e750464;APT10 IOCs - Source: AlienVault OTX
a12966de4cef5daad50fc539a2d8f6a6;APT10 IOCs - Source: AlienVault OTX
a18c7bd9ed367e7f467a2aa4079fb213;APT10 IOCs - Source: AlienVault OTX
a1942d1cc7552387393b91a14c9a3d73;APT10 IOCs - Source: AlienVault OTX
a1d0f8895052b60c4d2860556494f233;APT10 IOCs - Source: AlienVault OTX
a25a1b81525c8dd7c59b0d44f20b1981;APT10 IOCs - Source: AlienVault OTX
a32468828c12657497cddf57190f5700;APT10 IOCs - Source: AlienVault OTX
a50c5ba8a92c7b199ac9e20a815d9e69;APT10 IOCs - Source: AlienVault OTX
a58d72524b51aa4dbbb70431bd3dbbe9;APT10 IOCs - Source: AlienVault OTX
a5d0545030be75a421529c2b0be6c4bd;APT10 IOCs - Source: AlienVault OTX
a75bea992cef46c1a4ee5146150540aa;APT10 IOCs - Source: AlienVault OTX
a7d0b38bda630c927820380d311ddc70;APT10 IOCs - Source: AlienVault OTX
aa9eded1eb95f026aaf84919cc27ad32;APT10 IOCs - Source: AlienVault OTX
aaa62d5f0e348f0e890ad9d3f71e448d;APT10 IOCs - Source: AlienVault OTX
abbecc6f9ea7d3a7e43ebad73d0094fa;APT10 IOCs - Source: AlienVault OTX
abf8e40d7c99e9b3f515ec0872fe099e;APT10 IOCs - Source: AlienVault OTX
ac0ff4bad83350b7dde27af8728a469f;APT10 IOCs - Source: AlienVault OTX
ac725400d9a5fe832dd40a1afb2951f8;APT10 IOCs - Source: AlienVault OTX
ac86c256b30534d5ede4a0df1019507e;APT10 IOCs - Source: AlienVault OTX
af0d365a2c59709ece196037740bdb81;APT10 IOCs - Source: AlienVault OTX
b0263050fdc7c6ae3836f43c7ffdd7b0;APT10 IOCs - Source: AlienVault OTX
b0649c1f7fb15796805ca983fd8f95a3;APT10 IOCs - Source: AlienVault OTX
b0f541cd6bff77de916e58d493f54b10;APT10 IOCs - Source: AlienVault OTX
b1238ccbb10af3e81110d3afacd98161;APT10 IOCs - Source: AlienVault OTX
b18a316b2ce6e099fe7fbf69283cbc5e;APT10 IOCs - Source: AlienVault OTX
b1c35a4e6d892bbd60ee24cbeba35a2e;APT10 IOCs - Source: AlienVault OTX
b1dc1fef5bfd49522a41fbfe808fd46f;APT10 IOCs - Source: AlienVault OTX
b2dfe6d3be38cef08e9a3141ca3599c0;APT10 IOCs - Source: AlienVault OTX
b332234f01ec229a03c0c60045f37072;APT10 IOCs - Source: AlienVault OTX
b34402586a077b7ed11b44d042c7aabf;APT10 IOCs - Source: AlienVault OTX
b344820e8f719d22bf8d6f939bc40b44;APT10 IOCs - Source: AlienVault OTX
b3bc4b5f17fd5f87ec3714c6587f6906;APT10 IOCs - Source: AlienVault OTX
b451e4089d902b22cf057475a730178c;APT10 IOCs - Source: AlienVault OTX
b4522d05a9e3a034af481a7797a445ea;APT10 IOCs - Source: AlienVault OTX
b45318fe5c373cf4e252baea82fb0337;APT10 IOCs - Source: AlienVault OTX
b4bea824c539785dedb83c8599c90255;APT10 IOCs - Source: AlienVault OTX
b51e95cef7be4dcb77eb5ce9679e08e0;APT10 IOCs - Source: AlienVault OTX
b65076f4cb6e74429dd02fcacda0bec3;APT10 IOCs - Source: AlienVault OTX
b6b61218eaf31b42a9a4727875e5663a;APT10 IOCs - Source: AlienVault OTX
b7d39c5833e5896b7f5849966095a4bf;APT10 IOCs - Source: AlienVault OTX
b8874451d524c64e1f33b3896fb262d5;APT10 IOCs - Source: AlienVault OTX
b8ec26fcf2a4e855e04278f9bf5dc877;APT10 IOCs - Source: AlienVault OTX
bb269704ba8647da97377440d403ae4d;APT10 IOCs - Source: AlienVault OTX
bbf32eeb560a42a3a69beaed645e7777;APT10 IOCs - Source: AlienVault OTX
bd1ae82185d3eb0a8c8c615e710240ac;APT10 IOCs - Source: AlienVault OTX
bd64660692b84e2b6fcb25d02cecbbcb;APT10 IOCs - Source: AlienVault OTX
bdc263c93bc5bd0d31a517be469a697a;APT10 IOCs - Source: AlienVault OTX
bdd054de9e710830ac04b6f076fc5f71;APT10 IOCs - Source: AlienVault OTX
c101d289d36558c6fbe388d32bd32ab4;APT10 IOCs - Source: AlienVault OTX
c1cb28327d3364768d1c1e4ce0d9bc07;APT10 IOCs - Source: AlienVault OTX
c2a07ca21ecad714821df647ada8ecaa;APT10 IOCs - Source: AlienVault OTX
c3a9fe8ebb1428d8f3bec167fc9bb26a;APT10 IOCs - Source: AlienVault OTX
c4e3543b5b9bb91158628c64a57f9863;APT10 IOCs - Source: AlienVault OTX
c578b8db3869d92482fc77eeedf41eb0;APT10 IOCs - Source: AlienVault OTX
c67ac21cfeab6866eb55dfc9c4f73670;APT10 IOCs - Source: AlienVault OTX
c7f6e98e4539bd127573cd5934256c91;APT10 IOCs - Source: AlienVault OTX
c870ce1cbc120f74059e5f1bb1f76040;APT10 IOCs - Source: AlienVault OTX
c88b11367a1f4625d4e7a8fb3a45f4c5;APT10 IOCs - Source: AlienVault OTX
c93eef1b06805a23e655c3856e7c7a17;APT10 IOCs - Source: AlienVault OTX
ca507b0dd178471e9cadf4ca313a67e3;APT10 IOCs - Source: AlienVault OTX
ca9644ef0f7ed355a842f6e2d4511546;APT10 IOCs - Source: AlienVault OTX
cb1194123f68a68eb14552c085b620ce;APT10 IOCs - Source: AlienVault OTX
cb713b544dce5a2505e393f6587aaa47;APT10 IOCs - Source: AlienVault OTX
cb8cb3e16408976ef209735b337aca4b;APT10 IOCs - Source: AlienVault OTX
cca227f70a64e1e7fcf5bccdc6cc25dd;APT10 IOCs - Source: AlienVault OTX
ccc27f07678c04abb29f65b02c6034ae;APT10 IOCs - Source: AlienVault OTX
cd7a5bead5b5cff37f72a8b6e666d8e3;APT10 IOCs - Source: AlienVault OTX
cddfa154bbe89d4627210eba087c3504;APT10 IOCs - Source: AlienVault OTX
ce33b6d1350d7cd5835fb0dfa7ba41c8;APT10 IOCs - Source: AlienVault OTX
ceda2299257c96e60ead75fce414c68d;APT10 IOCs - Source: AlienVault OTX
cf8094c07c15aa394dddd4eca4aa8c8b;APT10 IOCs - Source: AlienVault OTX
cfbcb83f8515bd169afd0b22488b4430;APT10 IOCs - Source: AlienVault OTX
d0a5df8c159a7c9cc9494a39386d124f;APT10 IOCs - Source: AlienVault OTX
d1bab4a30f2889ad392d17573302f097;APT10 IOCs - Source: AlienVault OTX
d22f5f14f573293231f04cc53fee17f9;APT10 IOCs - Source: AlienVault OTX
d316848ce47c098ccfe72aa7311aaffa;APT10 IOCs - Source: AlienVault OTX
d3ae29e3719d5fd68d31bf3c4d9eac30;APT10 IOCs - Source: AlienVault OTX
d4398f6f7ba070b6cdee7204f6862bd9;APT10 IOCs - Source: AlienVault OTX
d4b7f99669a3efc94006e5fe9d84eb65;APT10 IOCs - Source: AlienVault OTX
d4dc09440947193687e396f19fb13235;APT10 IOCs - Source: AlienVault OTX
d508147fed6e41bfc31ad8151bc0bb13;APT10 IOCs - Source: AlienVault OTX
d536c4b71d131848e965c4524780a8aa;APT10 IOCs - Source: AlienVault OTX
d537ce1bb88d7bd0d9d30f0554b91f51;APT10 IOCs - Source: AlienVault OTX
d5d3b8a1b024ee4874284bb5761d0080;APT10 IOCs - Source: AlienVault OTX
d6365edf2d3afa6d155273814b494eb3;APT10 IOCs - Source: AlienVault OTX
d67e2f5e6a0b046ae3bf5c61f1f384ec;APT10 IOCs - Source: AlienVault OTX
d69598758998cf5f677be9312b807938;APT10 IOCs - Source: AlienVault OTX
d6f7a1995a869dbd411c2b46364a6dc9;APT10 IOCs - Source: AlienVault OTX
d7dc970923cc80be272aaf6bd1a59fe7;APT10 IOCs - Source: AlienVault OTX
d81b91cd4c6f42eb7049109cb42461ed;APT10 IOCs - Source: AlienVault OTX
d84851ad131424f04fbffc3bbac03bff;APT10 IOCs - Source: AlienVault OTX
d9a958d55d457d745998ee70cf025cb9;APT10 IOCs - Source: AlienVault OTX
d9f87e744dbc898212a9eaa4594301b0;APT10 IOCs - Source: AlienVault OTX
da6c98d8f37290a10119fbca33eec58a;APT10 IOCs - Source: AlienVault OTX
dad8c74bb745e6dc664bdd9e725845ef;APT10 IOCs - Source: AlienVault OTX
dbb867c2250b5be4e67d1977fcf721fb;APT10 IOCs - Source: AlienVault OTX
dccb71a74f719aa23e8bbb51ec037f56;APT10 IOCs - Source: AlienVault OTX
dceae0d1a680bc098bae9da466e12610;APT10 IOCs - Source: AlienVault OTX
ddf317c659b2a0e5a2198c7b20c3c8dc;APT10 IOCs - Source: AlienVault OTX
de32915056d480b8b722e0a93164dbfe;APT10 IOCs - Source: AlienVault OTX
de8ed8c6c2f9f83b70361e16d016f15a;APT10 IOCs - Source: AlienVault OTX
df5bd411f080b55c578aeb9001a4287d;APT10 IOCs - Source: AlienVault OTX
dfd1c73b603015dee7057df3c27baf92;APT10 IOCs - Source: AlienVault OTX
e106794ea5918a44031c274de463e90a;APT10 IOCs - Source: AlienVault OTX
e15fb188c0c50d62657c7fd368a9a4ab;APT10 IOCs - Source: AlienVault OTX
e1663b6462115ba929b05bb75a61ed5f;APT10 IOCs - Source: AlienVault OTX
e1fbf8d74b622fde3cf765a3a51ca39f;APT10 IOCs - Source: AlienVault OTX
e2627a887898b641db720531258fd133;APT10 IOCs - Source: AlienVault OTX
e2b61acf0db4d64d9fb325922c014969;APT10 IOCs - Source: AlienVault OTX
e33cf5b9f3991a8ee4e71f4380dd7eb1;APT10 IOCs - Source: AlienVault OTX
e389421b162ca38a468c3addd80055b2;APT10 IOCs - Source: AlienVault OTX
e43e14f6d1159ea9564bc23982b9afd5;APT10 IOCs - Source: AlienVault OTX
e6152c187cd57269bd94e97efd64e69b;APT10 IOCs - Source: AlienVault OTX
e61c043005c16028dd55c04b14041f5e;APT10 IOCs - Source: AlienVault OTX
e68ac9e407477b29073ebe4a15e1f520;APT10 IOCs - Source: AlienVault OTX
e696b38ac71b23f50ee68da06a004af3;APT10 IOCs - Source: AlienVault OTX
e6b7df4e923e701f1f8464c768eca166;APT10 IOCs - Source: AlienVault OTX
e6c596cfa163fe9b8883c7618d594018;APT10 IOCs - Source: AlienVault OTX
e6ca06e9b000933567a8604300094a85;APT10 IOCs - Source: AlienVault OTX
e75fe20dd51d32772d5211924d4f8564;APT10 IOCs - Source: AlienVault OTX
e7ba79a6dce057d6be798465831c75db;APT10 IOCs - Source: AlienVault OTX
e822304b4d0b8213f5bb22ec1a90ac85;APT10 IOCs - Source: AlienVault OTX
e84b87db6ae7c34fc7e6bc2f0bef4ae4;APT10 IOCs - Source: AlienVault OTX
e85005524e8e6a8612c9d0899bb952d6;APT10 IOCs - Source: AlienVault OTX
e8f3790cfac1b104965dead841dc20b2;APT10 IOCs - Source: AlienVault OTX
e975d5b29d988929e5ad3a8fa19083d1;APT10 IOCs - Source: AlienVault OTX
e9a57f70f739cb26dc053238b0a97425;APT10 IOCs - Source: AlienVault OTX
ea70f760e7e58a7b22601ba4bd3cee13;APT10 IOCs - Source: AlienVault OTX
ebf157abfe656d87e43a63ca91507996;APT10 IOCs - Source: AlienVault OTX
ec9f882d7eb9b60431e56ed4e25f3830;APT10 IOCs - Source: AlienVault OTX
eca515f4d356627969a630434f29ca4b;APT10 IOCs - Source: AlienVault OTX
ed65bbe9498d3fb1e4d4ac0058590d88;APT10 IOCs - Source: AlienVault OTX
edcd313791506c623d8a2a88b9b0e84c;APT10 IOCs - Source: AlienVault OTX
edfa6607207ddbca961ae7b78405f761;APT10 IOCs - Source: AlienVault OTX
ee794b3595285f2de4a618dead0287ed;APT10 IOCs - Source: AlienVault OTX
ef9c0ea7ad447d0841e083534249089e;APT10 IOCs - Source: AlienVault OTX
ef9d8cd06de03bd5f07b01c1cce9761f;APT10 IOCs - Source: AlienVault OTX
f01a9a2d1e31332ed36c1a4d2839f412;APT10 IOCs - Source: AlienVault OTX
f03f70d331c6564aec8931f481949188;APT10 IOCs - Source: AlienVault OTX
f0d6b45e96cdbbbec6403ddb2ca98654;APT10 IOCs - Source: AlienVault OTX
f1575d9675976629ccd5a04c099843c0;APT10 IOCs - Source: AlienVault OTX
f17674fdbb084dd646bc4f678d558179;APT10 IOCs - Source: AlienVault OTX
f188936d2c8423cf064d6b8160769f21;APT10 IOCs - Source: AlienVault OTX
f310584eb1538cb78ca8c225038b2e54;APT10 IOCs - Source: AlienVault OTX
f34a455e657209e42ac3f04bddb2e008;APT10 IOCs - Source: AlienVault OTX
f46019f795bd721262dc69988d7e53bc;APT10 IOCs - Source: AlienVault OTX
f5744d72c6919f994ff452b0e758ffee;APT10 IOCs - Source: AlienVault OTX
f586edd88023f49bc4f9d84f9fb6bd7d;APT10 IOCs - Source: AlienVault OTX
f6264ad9ce8757e5d40a4050ae1f6f9c;APT10 IOCs - Source: AlienVault OTX
f6a79b54c6351c32fe35cda9a78b607f;APT10 IOCs - Source: AlienVault OTX
f6caa0160a6f0e5264fd16fa5ae95696;APT10 IOCs - Source: AlienVault OTX
f86c912661dbda535cbab464e79e26be;APT10 IOCs - Source: AlienVault OTX
f8b3ad7d73ba432bc3e7084f9f7dee7d;APT10 IOCs - Source: AlienVault OTX
f9383ba6e87230df915f6a60a035ce4c;APT10 IOCs - Source: AlienVault OTX
f989ac92a714b1b7c57a0fe51e0b5f43;APT10 IOCs - Source: AlienVault OTX
faacabea42afbc6cd5ce684e1bbfb073;APT10 IOCs - Source: AlienVault OTX
faf53a283d4a171dc30385e3c42c487c;APT10 IOCs - Source: AlienVault OTX
faf9576ce2af23aac67d3087eb85a92b;APT10 IOCs - Source: AlienVault OTX
fb0c13738d3756df8333a202b4e3c6ea;APT10 IOCs - Source: AlienVault OTX
fb498e6a994d6d53b80c53a05fc2da36;APT10 IOCs - Source: AlienVault OTX
fc26ad639598a92546af2daa6f6a7afd;APT10 IOCs - Source: AlienVault OTX
fd28643af68edfc4a8e0e30b946f790b;APT10 IOCs - Source: AlienVault OTX
fe63d984246dbc092517840d50a0d12b;APT10 IOCs - Source: AlienVault OTX
01edb82de7b9666eaa5d2791a14092f2e73d2795;APT10 IOCs - Source: AlienVault OTX
154669ce22c0b29af28e0677bc65c43fc35cdd6a;APT10 IOCs - Source: AlienVault OTX
16a046d2557cc6377d713e21f14f1ebea7128419;APT10 IOCs - Source: AlienVault OTX
16d0795e4864f67acbb1ae2ce76eb16445dae4b5;APT10 IOCs - Source: AlienVault OTX
1df29c63c917b089fe0fc099e2783c0c679892e5;APT10 IOCs - Source: AlienVault OTX
1f412a62f50ff71f0b2b2f54aaa980962ebfd8a4;APT10 IOCs - Source: AlienVault OTX
256b8c23e55402cd5a83d19d6bd4c9f41ded187a;APT10 IOCs - Source: AlienVault OTX
2723fa5a414a503262d634fcc781d7d57c6f76ee;APT10 IOCs - Source: AlienVault OTX
2c1b42e8c8acea5082275b6ea5f5c64ebaf4fa30;APT10 IOCs - Source: AlienVault OTX
2d0ee3b718ec4e391753616853286c22be7bf521;APT10 IOCs - Source: AlienVault OTX
2d5c5e210c7db4ba6012bd761154db0d1f5cd658;APT10 IOCs - Source: AlienVault OTX
4132068417bcbffec16ac655a14f29aa74189fcb;APT10 IOCs - Source: AlienVault OTX
42d5c9c4c02e6d5c88ec0acce72327389a92f0d7;APT10 IOCs - Source: AlienVault OTX
466bebb26375db4236a2864028414d48cdf01e62;APT10 IOCs - Source: AlienVault OTX
56126b1c19c1121c0f5065204ef5cc4633079b98;APT10 IOCs - Source: AlienVault OTX
56d6c3ffa4f3d5ae742f937fae85f0995814cf90;APT10 IOCs - Source: AlienVault OTX
5b045d98606f000a236b1bd4ac4c9e482b3f5475;APT10 IOCs - Source: AlienVault OTX
68e3f80012a78518ddbde055b5e42dd4d82e58e5;APT10 IOCs - Source: AlienVault OTX
69620adf44795ee5293ce301cd3d70045e332bbf;APT10 IOCs - Source: AlienVault OTX
6edd9bb17a999b5f5abcf123a2701e4ea4ada9a2;APT10 IOCs - Source: AlienVault OTX
741e955a9e458a70b5c085b3bfba800fdfb4ccde;APT10 IOCs - Source: AlienVault OTX
76006bea0a48f1f0c33a54e57e4f2a9c1206b13f;APT10 IOCs - Source: AlienVault OTX
7cace2e51e8ecc5ddb9720a8dc9e1f3596fe343b;APT10 IOCs - Source: AlienVault OTX
7cb04a4b86d998604341bc2b610a0a556830993d;APT10 IOCs - Source: AlienVault OTX
83d419bc812d08c9d09baa49a4313a81eda54702;APT10 IOCs - Source: AlienVault OTX
95ab56ab1f0d4f010569ead7915fbc833a36cd73;APT10 IOCs - Source: AlienVault OTX
a7d0b38bda630c927820380d311ddc70a9606407;APT10 IOCs - Source: AlienVault OTX
a91669bb4dcb713e997ddf98417730de78cb990a;APT10 IOCs - Source: AlienVault OTX
a954a3f20ef8065d98d9e3a3c5ae254e27c63bf6;APT10 IOCs - Source: AlienVault OTX
aaee7385b2c836e9d3e14812807f911c2144a894;APT10 IOCs - Source: AlienVault OTX
aee17dbab01ed334bb94506fcbc2ed259242159e;APT10 IOCs - Source: AlienVault OTX
b1043250c499ccf0ad56a688ccce662f42386869;APT10 IOCs - Source: AlienVault OTX
b23d698df6594f690f3462e238e1e9f2ec029bbf;APT10 IOCs - Source: AlienVault OTX
b966657d35bba9416775d320bb87086001995bbe;APT10 IOCs - Source: AlienVault OTX
cc3b6cafdbb88bd8dac122e73d3d0f067cf63091;APT10 IOCs - Source: AlienVault OTX
d348ea7b49dee36d4f979f729e70612f9426bf3e;APT10 IOCs - Source: AlienVault OTX
de5af856804974ba3df03928fff03447e8f4c9c2;APT10 IOCs - Source: AlienVault OTX
df8f49a3fdf8a9d550b22d65d21a8006ff593ac4;APT10 IOCs - Source: AlienVault OTX
e7103c2bbc24087b0326c7e3c521b613d99a503e;APT10 IOCs - Source: AlienVault OTX
f1c739e50eeeaeea503cab6a2402fe4d92b9225f;APT10 IOCs - Source: AlienVault OTX
f834f32bb1c7106638b628ea35778be0ddf813de;APT10 IOCs - Source: AlienVault OTX
11bdb69deffdc41216bae091ab4273206f0fcaaceffc5ae2cbb1a02d800c203f;APT10 IOCs - Source: AlienVault OTX
19aa5019f3c00211182b2a80dd9675721dac7cfb31d174436d3b8ec9f97d898b;APT10 IOCs - Source: AlienVault OTX
2965c1b6ab9d1601752cb4aa26d64a444b0a535b1a190a70d5ce935be3f91699;APT10 IOCs - Source: AlienVault OTX
2c71eb5c781daa43047fa6e3d85d51a061aa1dfa41feb338e0d4139a6dfd6910;APT10 IOCs - Source: AlienVault OTX
312dc69dd6ea16842d6e58cd7fd98ba4d28eefeb4fd4c4d198fac4eee76f93c3;APT10 IOCs - Source: AlienVault OTX
316e89d866d5c710530c2103f183d86c31e9a90d55e2ebc2dda94f112f3bdb6d;APT10 IOCs - Source: AlienVault OTX
36db2c5f8bb947cad25a4abeaff1ff0e827bd7fcf9c77dbfb36247e3fc9f530a;APT10 IOCs - Source: AlienVault OTX
37333ecdd16b1ecbcd070b202492c1870dafd799f6299a420cdcc8a9e149cc93;APT10 IOCs - Source: AlienVault OTX
388d6b38f21c79e0e2ad7ead1108025b8bb3486d8d29f2468b5cb0e54bff11d2;APT10 IOCs - Source: AlienVault OTX
3915c538df2834515e14adae2ba2fa751145f80f556008e5e5fbb02ae4626b45;APT10 IOCs - Source: AlienVault OTX
3d5e3648653d74e2274bb531d1724a03c2c9941fdf14b8881143f0e34fe50f03;APT10 IOCs - Source: AlienVault OTX
412120355d9ac8c37b5623eea86d82925ca837c4f8be4aa24475415838ecb356;APT10 IOCs - Source: AlienVault OTX
44a7bea8a08f4c2feb74c6a00ff1114ba251f3dc6922ea5ffab9e749c98cbdce;APT10 IOCs - Source: AlienVault OTX
4521a74337a8b454f9b80c7d9e57b4c9580567f84e513d9a3ce763275c55e691;APT10 IOCs - Source: AlienVault OTX
45d804f35266b26bf63e3d616715fc593931e33aa07feba5ad6875609692efa2;APT10 IOCs - Source: AlienVault OTX
471b7edbd3b344d3e9f18fe61535de6077ea9fd8aa694221529a2ff86b06e856;APT10 IOCs - Source: AlienVault OTX
4cc0adf4baa1e3932d74282affb1a137b30820934ad4f80daceec712ba2bbe14;APT10 IOCs - Source: AlienVault OTX
4de5a22cd798950a69318fdcc1ec59e9a456b4e572c2d3ac4788ee96a4070262;APT10 IOCs - Source: AlienVault OTX
4ff6a97d06e2e843755be8697f3324be36e1ebeb280bb45724962ce4b6710297;APT10 IOCs - Source: AlienVault OTX
5262cb9791df50fafcb2fbd5f93226050b51efe400c2924eecba97b7ce437481;APT10 IOCs - Source: AlienVault OTX
5412cddde0a2f2d78ec9de0f9a02ac2b22882543c9f15724ebe14b3a0bf8cbda;APT10 IOCs - Source: AlienVault OTX
5504e04083d6146a67cb0d671d8ad5885315062c9ee08a62e40e264c2d5eab91;APT10 IOCs - Source: AlienVault OTX
5961861d2b9f50d05055814e6bfd1c6291b30719f8a4d02d4cf80c2e87753fa1;APT10 IOCs - Source: AlienVault OTX
6392e0701a77ea25354b1f40f5b867a35c0142abde785a66b83c9c8d2c14c0c3;APT10 IOCs - Source: AlienVault OTX
646f837a9a5efbbdde474411bb48977bff37abfefaa4d04f9fb2a05a23c6d543;APT10 IOCs - Source: AlienVault OTX
66e677b081e0361020cda4f218a501497faad1f6c0897f26c25ca51c4a5dad40;APT10 IOCs - Source: AlienVault OTX
6c7e85e426999579dd6a540fcd827b644a79cda0ad50211d585a0be513571586;APT10 IOCs - Source: AlienVault OTX
7188f76ca5fbc6e57d23ba97655b293d5356933e2ab5261e423b3f205fe305ee;APT10 IOCs - Source: AlienVault OTX
723983883fc336cb575875e4e3ff0f19bcf05a2250a44fb7c2395e564ad35d48;APT10 IOCs - Source: AlienVault OTX
75ef6ea0265d2629c920a6a1c0d1dd91d3c0eda86445c7d67ebb9b30e35a2a9f;APT10 IOCs - Source: AlienVault OTX
76721d08b83aae945aa00fe69319f896b92c456def4df5b203357cf443074c03;APT10 IOCs - Source: AlienVault OTX
7eeaa97d346bc3f8090e5b742f42e8900127703420295279ac7e04d06ebe0a04;APT10 IOCs - Source: AlienVault OTX
9199799fe80252a352729567a7436deddff3902d033531fd650a0090f42e7f37;APT10 IOCs - Source: AlienVault OTX
92dbbe0eff3fe0082c3485b99e6a949d9c3747afa493a0a1e336829a7c1faafb;APT10 IOCs - Source: AlienVault OTX
9a6692690c03ec33c758cb5648be1ed886ff039e6b72f1c43b23fbd9c342ce8c;APT10 IOCs - Source: AlienVault OTX
9fbd69da93fbe0e8f57df3161db0b932d01b6593da86222fabef2be31899156d;APT10 IOCs - Source: AlienVault OTX
a6b6c66735e5e26002202b9d263bf8c97e278f6969c141853857000c8d242d24;APT10 IOCs - Source: AlienVault OTX
a9dd70d451da54f22d12335ece4117a479cc80a9983381b063e36b1dbaa06ca5;APT10 IOCs - Source: AlienVault OTX
ae0dd5df608f581bbc075a88c48eedeb7ac566ff750e0a1baa7718379941db86;APT10 IOCs - Source: AlienVault OTX
ae6b45a92384f6e43672e617c53a44225e2944d66c1ffb074694526386074145;APT10 IOCs - Source: AlienVault OTX
af1b2cd8580650d826f48ad824deef3749a7db6fde1c7e1dc115c6b0a7dfa0dd;APT10 IOCs - Source: AlienVault OTX
b20ce00a6864225f05de6407fac80ddb83cd0aec00ada438c1e354cdd0d7d5df;APT10 IOCs - Source: AlienVault OTX
bc2f07066c624663b0a6f71cb965009d4d9b480213de51809cdc454ca55f1a91;APT10 IOCs - Source: AlienVault OTX
c21eaadf9ffc62ca4673e27e06c16447f103c0cf7acd8db6ac5c8bd17805e39d;APT10 IOCs - Source: AlienVault OTX
cb0c8681a407a76f8c0fd2512197aafad8120aa62e5c871c29d1fd2a102bc628;APT10 IOCs - Source: AlienVault OTX
d26dae0d8e5c23ec35e8b9cf126cded45b8096fc07560ad1c06585357921eeed;APT10 IOCs - Source: AlienVault OTX
d63e412305ab76a5421c3d3e24d66758bae418a05579f61a71856b59e9c6b1b6;APT10 IOCs - Source: AlienVault OTX
d956e2ff1b22ccee2c5d9819128103d4c31ecefde3ce463a6dea19ecaaf418a1;APT10 IOCs - Source: AlienVault OTX
db7c1534dede15be08e651784d3a5d2ae41963d192b0f8776701b4b72240c38d;APT10 IOCs - Source: AlienVault OTX
dcff19fc193f1ba63c5dc6f91f00070e6912dcec3868e889fed37102698b554b;APT10 IOCs - Source: AlienVault OTX
e28294f62178451c7b11988d2c790f7f44c81b0bf06ab252e60f6b9ca57cacec;APT10 IOCs - Source: AlienVault OTX
e6ecb146f469d243945ad8a5451ba1129c5b190f7d50c64580dbad4b8246f88e;APT10 IOCs - Source: AlienVault OTX
e7c143ae98c211d3aab6f65cbeafe039fee5ea7d06ce485837d7e88c889da579;APT10 IOCs - Source: AlienVault OTX
e88f5bf4be37e0dc90ba1a06a2d47faaeea9047fec07c17c2a76f9f7ab98acf0;APT10 IOCs - Source: AlienVault OTX
e90064884190b14a6621c18d1f9719a37b9e5f98506e28ff0636438e3282098b;APT10 IOCs - Source: AlienVault OTX
eeef6f264824ca4c725e6017e6ca6227d55f63f267cfa9520569a463f9471648;APT10 IOCs - Source: AlienVault OTX
efa0b414a831cbf724d1c67808b7483dec22a981ae670947793d114048f88057;APT10 IOCs - Source: AlienVault OTX
f0002b912135bcee83f901715002514fdc89b5b8ed7585e07e482331e4a56c06;APT10 IOCs - Source: AlienVault OTX
f251485a62e104dfd8629dc4d2dfd572ebd0ab554602d682a28682876a47e773;APT10 IOCs - Source: AlienVault OTX
f45b183ef9404166173185b75f2f49f26b2e44b8b81c7caf6b1fc430f373b50b;APT10 IOCs - Source: AlienVault OTX
f6449e255bc1a9d4a02391be35d0dd37def19b7e20cfcc274427a0b39cb21b7b;APT10 IOCs - Source: AlienVault OTX
f9acc706d7bec10f88f9cfbbdf80df0d85331bd4c3c0188e4d002d6929fe4eac;APT10 IOCs - Source: AlienVault OTX
fcccc611730474775ff1cfd4c60481deef586f01191348b07d7a143d174a07b0;APT10 IOCs - Source: AlienVault OTX
fd6a956a7708708cddff78c8505c7db73d7c4e961da8a3c00cc5a51171a92b7b;APT10 IOCs - Source: AlienVault OTX
ff4979980b00773c414c3cd5571eae8cc3916d3607e9621400f0302f1e138882;APT10 IOCs - Source: AlienVault OTX

08a85f5fe8714b4842180c12c4d192bd186500af01ee39825f6d5100a2019ebc;ASCS AUS parliament incident https://twitter.com/cyb3rops/status/1097423665472376832
a95c9fe29a8ae0f618536fdf4874ede5412281e8dfb380bf1370a8d8794f787a;ASCS AUS parliament incident https://twitter.com/cyb3rops/status/1097423665472376832
b63ae455f3deaca297b616dd3356063112cfda6e6c5434c407781461ae69361f;ASCS AUS parliament incident https://twitter.com/cyb3rops/status/1097423665472376832
a94169d76a708f7587e363a4f92cd3997bcb1132f635daa53b13c7c56fa52f25;ASCS AUS parliament incident https://twitter.com/cyb3rops/status/1097423665472376832
af7f737a67710ea305becf53440993c3a4a13d82024e9c5928a5ef489c3981b7;ASCS AUS parliament incident https://twitter.com/cyb3rops/status/1097423665472376832
1fda1baf873fca466846c8bf8a567c909dbbf78a22b1eea589ec1e6d21a5d718;ASCS AUS parliament incident https://twitter.com/cyb3rops/status/1097423665472376832
510375f8142b3651df67d42c3eff8d2d880987c0e057fc75a5583f36de34bf0e;ASCS AUS parliament incident https://twitter.com/cyb3rops/status/1097423665472376832
1c113dce265e4d744245a7c55dadc80199ae972a9e0ecbd0c5ced57067cf755b;ASCS AUS parliament incident https://twitter.com/cyb3rops/status/1097423665472376832
54a17fb257db2d09d61af510753fd5aa00537638a81d0a8762a5645b4ef977e4;ASCS AUS parliament incident https://twitter.com/cyb3rops/status/1097423665472376832
83321c02339bb51735fbcd9a80c056bd3b89655f3dc41e5fef07ca46af09bb71;ASCS AUS parliament incident https://twitter.com/cyb3rops/status/1097423665472376832
de10502ac251a7118da4a23e15d38ffe925ed573c5b19b9d4d81169c5b691697;ASCS AUS parliament incident https://twitter.com/cyb3rops/status/1097423665472376832
7ac6f973f7fccf8c3d58d766dec4ab7eb6867a487aa71bc11d5f05da9322582d;ASCS AUS parliament incident https://twitter.com/cyb3rops/status/1097423665472376832
3bd7f85606a0dfe8090500af4553ff5aeaa962a302e0ec3061f3cd7ee0df9da2;ASCS AUS parliament incident https://twitter.com/cyb3rops/status/1097423665472376832
77462fc331bcacf2939a6227c474b4ccc2c59317cb295426e5077fa743078a98;ASCS AUS parliament incident https://twitter.com/cyb3rops/status/1097423665472376832
0d6209d86f77a0a69451b0f27b476580c14e0cda15fa6a5003aab57a93e7e5a5;ASCS AUS parliament incident https://twitter.com/cyb3rops/status/1097423665472376832
1087a214ebe61ded9f61de81999868f399a1105188467e4e44182c02ee264a19;ASCS AUS parliament incident https://twitter.com/cyb3rops/status/1097423665472376832
fdf15f388a511a63fbad223e6edb259abdd4009ec81fcc87ce84f0f2024c8057;ASCS AUS parliament incident https://twitter.com/cyb3rops/status/1097423665472376832
a0cd92a272e9d4107bb15afa32fa3aec2dc06cbe558e645c8a8fe3dc860244ce;ASCS AUS parliament incident https://twitter.com/cyb3rops/status/1097423665472376832

b7f958f93e2f297e717cffc2fe43f2e9;Bronze Union IOC - MD5 hash - ZxShell installer
fa53f09cd22b46b554762dc1a12c99dd692ec681;Bronze Union IOC - SHA1 hash - ZxShell installer
ef049339f1eb091cda335b51939f91e784e1ab1e006056d5a6bb526743b6cbc7;Bronze Union IOC - SHA256 hash - ZxShell installer
62bcbfae5276064615d0d45b895fdff2;Bronze Union IOC - MD5 hash - ZxShell service DLL (AudioSdk.dll)
9020e5010a916c6187597e9932402ed29098371c;Bronze Union IOC - SHA1 hash - ZxShell service DLL (AudioSdk.dll)
c2229a463637433451a3a50ccf3c888da8202058f5022ffd2b00fc411b395b79;Bronze Union IOC - SHA256 hash - ZxShell service DLL (AudioSdk.dll)
ae9c39e0d9a0c0ae48a72cb10521d2f3;Bronze Union IOC - MD5 hash - Malicious driver associated with ZxShell (autochk.sys)
2e80926d67ea68acb1df441be5ee1f2d86e7f92b;Bronze Union IOC - SHA1 hash - Malicious driver associated with ZxShell (autochk.sys)
b28c024db80cf3e7d5b24ccc9342014de19be990efe154ba9a7d17d9e158eecb;Bronze Union IOC - SHA256 hash - Malicious driver associated with ZxShell (autochk.sys)
40cdd3cfe86c93872b163fb3550f47f6;Bronze Union IOC - MD5 hash - Gh0st RAT installer (T.exe)
ad2b27ea2fde31b1cc5104c01a21b22fef507c3d;Bronze Union IOC - SHA1 hash - Gh0st RAT installer (T.exe)
9a1437edd0493ff615a77b9ee1717c5f49ab0b28d1778898f591fb803655fbc6;Bronze Union IOC - SHA256 hash - Gh0st RAT installer (T.exe)
9c42cd7efbdfc47303d051f056c52d29;Bronze Union IOC - MD5 hash - Gh0st RAT binary (install.dll, FastUserSwitchingCompatibilitysex.dll)
b8aa43dc92bec864c94442e6bf8c629c3bd0fe92;Bronze Union IOC - SHA1 hash - Gh0st RAT binary (install.dll, FastUserSwitchingCompatibilitysex.dll)
0b1217bd95678ca4e6f81952226a0cfd639ce4b2f7e7fce94ab177d42c5abf62;Bronze Union IOC - SHA256 hash - Gh0st RAT binary (install.dll, FastUserSwitchingCompatibilitysex.dll)
06348bbe0cc839f23c2d9471cfb19de3;Bronze Union IOC - MD5 hash - Gh0st RAT installer (Update.exe)
cd7c92ac0b36a8befa1b151537fc3fcdafca8606;Bronze Union IOC - SHA1 hash - Gh0st RAT installer (Update.exe)
b43ccd5b23d348f72466612d597ad71246113a9d524c9b27e682d1f7300a0672;Bronze Union IOC - SHA256 hash - Gh0st RAT installer (Update.exe)
c8d83840b96f5a186e7bb6320e998f72;Bronze Union IOC - MD5 hash - SysUpdate installer (self-extracting RAR file) associated with BRONZE UNION
42e3fbff6f5576a3f4e8f941ea3dc00462d7838c;Bronze Union IOC - SHA1 hash - SysUpdate installer (self-extracting RAR file) associated with BRONZE UNION
938f32822c1a6b1140ac0af60a06ae39011464de37c511921d8a7d9c6a69c9df;Bronze Union IOC - SHA256 hash - SysUpdate installer (self-extracting RAR file) associated with BRONZE UNION
ef41da16fdedcc450d0cc6ca708a9222;Bronze Union IOC - MD5 hash - SysUpdate installer (self-extracting RAR file) associated with BRONZE UNION
714215d63b2f2d8f2caf94902af2f25452c21264;Bronze Union IOC - SHA1 hash - SysUpdate installer (self-extracting RAR file) associated with BRONZE UNION
0777fa4832ecf164029e23d0125b4fdc87e2f46ffc4e1badd6a45cf5be721660;Bronze Union IOC - SHA256 hash - SysUpdate installer (self-extracting RAR file) associated with BRONZE UNION
c25e8e4a2d5314ea55afd09845b3e886;Bronze Union IOC - MD5 hash - SysUpdate installer (self-extracting RAR file) associated with BRONZE UNION
e8cf3522b68a51b2aabcfc6f98b39da15a23da1d;Bronze Union IOC - SHA1 hash - SysUpdate installer (self-extracting RAR file) associated with BRONZE UNION
76bc063f8f348a202f92faac0c36f1a0a122f9b3568342abcd97651be7adec08;Bronze Union IOC - SHA256 hash - SysUpdate installer (self-extracting RAR file) associated with BRONZE UNION
88a27758f3066dd4da18983a005ddc20;Bronze Union IOC - MD5 hash - SysUpdate installer (self-extracting RAR file) associated with BRONZE UNION
1f9c979cbab9ff2519aa3bf3006a752177f4d8c6;Bronze Union IOC - SHA1 hash - SysUpdate installer (self-extracting RAR file) associated with BRONZE UNION
24a7e226f14fb86275b423d63d0332bfb95e261532f0667517c01da9d2bc51b3;Bronze Union IOC - SHA256 hash - SysUpdate installer (self-extracting RAR file) associated with BRONZE UNION
17acc1d983dde32b5bcde9c9624848b0;Bronze Union IOC - MD5 hash - SysUpdate installer (self-extracting RAR file) associated with BRONZE UNION
a03b14cac23dcfa2b2e12d5a8e53959d5a2e8fa2;Bronze Union IOC - SHA1 hash - SysUpdate installer (self-extracting RAR file) associated with BRONZE UNION
3f69c0e7392bc6441a308281b07627797613d89666a5c9b22cb104edf359c46b;Bronze Union IOC - SHA256 hash - SysUpdate installer (self-extracting RAR file) associated with BRONZE UNION
a13772805b772f374f7d709999a816d5;Bronze Union IOC - MD5 hash - Malicious SysUpdate DLL (Wsock32.dll) associated with BRONZE UNION
fa9600f1d15e61d5f2bdb8ac0399b7f42da63a01;Bronze Union IOC - SHA1 hash - Malicious SysUpdate DLL (Wsock32.dll) associated with BRONZE UNION
d40903560072bb777290d75d7e31a927f05924bffe00d26713c6b39e8e68ae82;Bronze Union IOC - SHA256 hash - Malicious SysUpdate DLL (Wsock32.dll) associated with BRONZE UNION
78142cdad08524475f710e5702827a66;Bronze Union IOC - MD5 hash - Encrypted SysUpdate payload (sys.bin.url) associated with BRONZE UNION
bc20da9465a7a7f9c2d5666ea5370c6c1e988441;Bronze Union IOC - SHA1 hash - Encrypted SysUpdate payload (sys.bin.url) associated with BRONZE UNION
3cebc9161e3e964a2e7651566c5a710d0625192ddecd14cfc5a873e7bc6db96f;Bronze Union IOC - SHA256 hash - Encrypted SysUpdate payload (sys.bin.url) associated with BRONZE UNION
0955e01bc26455965b682247ecb86add;Bronze Union IOC - MD5 hash - Malicious SysUpdate DLL (pdh.dll) associated with BRONZE UNION
23533c452b12131253e4e21f00ae082eba7cfdb3;Bronze Union IOC - SHA1 hash - Malicious SysUpdate DLL (pdh.dll) associated with BRONZE UNION
9d9c9c17ae4100b817a311ea0c6402e9f3eedc94741423796df3ead1375aaebf;Bronze Union IOC - SHA256 hash - Malicious SysUpdate DLL (pdh.dll) associated with BRONZE UNION
d4bb5c6364c4b4a07e6bbf2177129655;Bronze Union IOC - MD5 hash - Encrypted SysUpdate payload (sys.bin.url) associated with BRONZE UNION
0689e40696a0cbecc5c3391e8b8b40d27a033186;Bronze Union IOC - SHA1 hash - Encrypted SysUpdate payload (sys.bin.url) associated with BRONZE UNION
dcfc9e4077705385328133557629fffee11662b7843b34dd4e1e42404ac2e921;Bronze Union IOC - SHA256 hash - Encrypted SysUpdate payload (sys.bin.url) associated with BRONZE UNION
cbb84d382724dd8adc5725dfca9b4af1;Bronze Union IOC - MD5 hash - Malicious SysUpdate DLL (pdh.dll) associated with BRONZE UNION
88de66897c448229b52c2ac991ba63e14fc3276b;Bronze Union IOC - SHA1 hash - Malicious SysUpdate DLL (pdh.dll) associated with BRONZE UNION
01926af0ff76607b3859734dda4b97fc55a8b8c2582982af786977929a414092;Bronze Union IOC - SHA256 hash - Malicious SysUpdate DLL (pdh.dll) associated with BRONZE UNION
8cb11e271aba3354545a77751c1e783e;Bronze Union IOC - MD5 hash - Malicious SysUpdate DLL (pdh.dll) associated with BRONZE UNION
e49833f2a4ec0422410a1c28ef58c9fc33c3a13f;Bronze Union IOC - SHA1 hash - Malicious SysUpdate DLL (pdh.dll) associated with BRONZE UNION
7f16b19f22ab0a33f9bf284aa0c2a9b9a429c4f4b7b801f2d2d80440eb74437f;Bronze Union IOC - SHA256 hash - Malicious SysUpdate DLL (pdh.dll) associated with BRONZE UNION
53d0db22c5abaf904d85facb70a60c8e;Bronze Union IOC - MD5 hash - Malicious SysUpdate DLL (pdh.dll) associated with BRONZE UNION
d363606e6159a786b06891227efac2164eeda7b3;Bronze Union IOC - SHA1 hash - Malicious SysUpdate DLL (pdh.dll) associated with BRONZE UNION
a941d46d6352fb2d70bba1423c4890dd5516e45d81f826900272ed14d0b678f4;Bronze Union IOC - SHA256 hash - Malicious SysUpdate DLL (pdh.dll) associated with BRONZE UNION
9814cdc7033a97fcf4f31aa377be60ba;Bronze Union IOC - MD5 hash - Malicious SysUpdate ActiveX control (LDVPOCX.OCX) associated with BRONZE UNION
2d568eb8ef17529e8bb6e658a032690e0f527d24;Bronze Union IOC - SHA1 hash - Malicious SysUpdate ActiveX control (LDVPOCX.OCX) associated with BRONZE UNION
9c1c798ba8b7f6f2334dcfcb8066be05d49c2e1395f7e7c8332e42afa708f5ae;Bronze Union IOC - SHA256 hash - Malicious SysUpdate ActiveX control (LDVPOCX.OCX) associated with BRONZE UNION
8b8e44bd5e4a9f7d58714ba9ca72351c;Bronze Union IOC - MD5 hash - Word document downloader (Final.docx) used by BRONZE UNION, associated with SysUpdate
02704ef94519eee0a57073b1e530ffea73df2a1f;Bronze Union IOC - SHA1 hash - Word document downloader (Final.docx) used by BRONZE UNION, associated with SysUpdate
86de90119b572620fd6a690b903c721679359cdc81f3d3327677e13539d5f626;Bronze Union IOC - SHA256 hash - Word document downloader (Final.docx) used by BRONZE UNION, associated with SysUpdate

5798aefb07e12a942672a60c2be101dc26b01485616713e8be1f68b321747f2f;Elfin Report on APT33 - Notestuk/TURNEDUP
a67461a0c14fc1528ad83b9bd874f53b7616cfed99656442fb4d9cdd7d09e449;Elfin Report on APT33 - AutoIt backdoor
f2943f5e45befa52fb12748ca7171d30096e1d4fc3c365561497c618341299d5;Elfin Report on APT33 - Gpppassword
87e2cf4aa266212aa8cf1b1c98ae905c7bac40a6fc21b8e821ffe88cf9234586;Elfin Report on APT33 - LaZagne
709df1bbd0a5b15e8f205b2854204e8caf63f78203e3b595e0e66c918ec23951;Elfin Report on APT33 - LaZagne
a23c182349f17398076360b2cb72e81e5e23589351d3a6af59a27e1d552e1ec0;Elfin Report on APT33 - Quasar RAT
0b3610524ff6f67c59281dbf4a24a6e8753b965c15742c8a98c11ad9171e783d;Elfin Report on APT33 - Quasar RAT
d5262f1bc42d7d5d0ebedadd8ab90a88d562c7a90ff9b0aed1b3992ec073e2b0;Elfin Report on APT33 - Quasar RAT
ae1d75a5f87421953372e79c081e4b0a929f65841ed5ea0d380b6289e4a6b565;Elfin Report on APT33 - Remcos
e999fdd6a0f5f8d1ca08cf2aef47f5ddc0ee75879c6f2c1ee23bc31fb0f26c70;Elfin Report on APT33 - Remcos
018360b869d8080cf5bcca1a09eb8251558378eb6479d8d89b8c80a8e2fa328c;Elfin Report on APT33 - Remcos
367e78852134ef488ecf6862e71f70a3b10653e642bda3df00dd012c4e130330;Elfin Report on APT33 - Remcos
ea5295868a6aef6aac9e117ef128e9de107817cc69e75f0b20648940724880f3;Elfin Report on APT33 - Remcos
6401abe9b6e90411dc48ffc863c40c9d9b073590a8014fe1b0e6c2ecab2f7e18;Elfin Report on APT33 - SniffPass
bf9c589de55f7496ff14187b1b5e068bd104396c23418a18954db61450d21bab;Elfin Report on APT33 - DarkComet
af41e9e058e0a5656f457ad4425a299481916b6cf5e443091c7a6b15ea5b3db3;Elfin Report on APT33 - DarkComet
c7a2559f0e134cafbfc27781acc51217127a7739c67c40135be44f23b3f9d77b;Elfin Report on APT33 - AutoIt FTP tool
99c1228d15e9a7693d67c4cb173eaec61bdb3e3efdd41ee38b941e733c7104f8;Elfin Report on APT33 - .NET FTP tool
94526e2d1aca581121bd79a699a3bf5e4d91a4f285c8ef5ab2ab6e9e44783997;Elfin Report on APT33 - PowerShell downloader (registry.ps1)
dedfbc8acf1c7b49fb30af35eda5e23d3f7a202585a5efe82ea7c2a785a95f40;Elfin Report on APT33 - POSHC2 backdoor

87648aad45d9142d1d825d728b7aa098f92aea38698209d038ba58b7385f8df6;Triton Actor TTP IOCs - KB77846376.exe - https://www.fireeye.com/blog/threat-research/2019/04/triton-actor-ttp-profile-custom-attack-tools-detections.html
2141b526a81bb87b964880e69933aad3932131ccccee5949d2a16c1e124ccdbb;Triton Actor TTP IOCs - KB77846376.exe.x64 - https://www.fireeye.com/blog/threat-research/2019/04/triton-actor-ttp-profile-custom-attack-tools-detections.html
c55e63f8a3b328c3ba77cebf821bdc5243b15a0298057e75f7605d0922c8d7cd;Triton Actor TTP IOCs - Netexec.exe - https://www.fireeye.com/blog/threat-research/2019/04/triton-actor-ttp-profile-custom-attack-tools-detections.html
70efbd074326e7bbd4e851ded5c362fe5fe06282ed4bbb4b9f761f1b12ee32f7;Triton Actor TTP IOCs - runsvc.exe - https://www.fireeye.com/blog/threat-research/2019/04/triton-actor-ttp-profile-custom-attack-tools-detections.html
910b26c942c0cff8b1f5a57e1521801bfd54c8cbcfd23d3d11ea9fe27ca4a0e9;Triton Actor TTP IOCs - svchostpla.exe - https://www.fireeye.com/blog/threat-research/2019/04/triton-actor-ttp-profile-custom-attack-tools-detections.html
1330594c2685fe6fc2c87439ef151dfacabc78402379a73be39953048b144960;Triton Actor TTP IOCs - compattelprerunner.exe - https://www.fireeye.com/blog/threat-research/2019/04/triton-actor-ttp-profile-custom-attack-tools-detections.html
6ab948ec61f1f7e04119da85d5263d428a1de070edad3a4e796bada2ab05cea7;Triton Actor TTP IOCs - compattelprerunner.exe - https://www.fireeye.com/blog/threat-research/2019/04/triton-actor-ttp-profile-custom-attack-tools-detections.html
4c2383c8650112e00cb8b52d0faac7b98207073db081dbdcbb278f0470b869a1;Triton Actor TTP IOCs - compattelprerunner.exe - https://www.fireeye.com/blog/threat-research/2019/04/triton-actor-ttp-profile-custom-attack-tools-detections.html
6d2d9623762f822949eef80b02f4ba2d26227eb23ad5b8d1a0a3d6da3bc60d6c;Triton Actor TTP IOCs - ProgramDataUpdater.xml - https://www.fireeye.com/blog/threat-research/2019/04/triton-actor-ttp-profile-custom-attack-tools-detections.html
0fc391cdef0705f032109e16f8f591e1e6f8ffccbc46f4eb4a8fa058047c0adc;Triton Actor TTP IOCs - napupdatedb.exe - https://www.fireeye.com/blog/threat-research/2019/04/triton-actor-ttp-profile-custom-attack-tools-detections.html
970fab66733ba594b435cf345c72814ee5f8443c44d28ef251f768ad66a6c052;Triton Actor TTP IOCs - alg.exe - https://www.fireeye.com/blog/threat-research/2019/04/triton-actor-ttp-profile-custom-attack-tools-detections.html
fc5b4c61f66beb58a62636ab7c198e6ab7f38ce201f098f2818a5699b8aa1138;Triton Actor TTP IOCs - userinit.exe - https://www.fireeye.com/blog/threat-research/2019/04/triton-actor-ttp-profile-custom-attack-tools-detections.html
1848d26e47ee4937ef02e67a447b4054d66f4d659f1fbd8bda1482dc4f02c7c4;Triton Actor TTP IOCs - csrss.exe - https://www.fireeye.com/blog/threat-research/2019/04/triton-actor-ttp-profile-custom-attack-tools-detections.html
98da0ce88de897e1b08733ac771edab5e5b2a2dda8aab0e73c1d41bade275ff6;Triton Actor TTP IOCs - tquery.dll - https://www.fireeye.com/blog/threat-research/2019/04/triton-actor-ttp-profile-custom-attack-tools-detections.html
f0dcbc83d911c382da7ba06a027bdd5861d1a9b723ebe5d9d6f6b79d7b70f29d;Triton Actor TTP IOCs - txflog.dll - https://www.fireeye.com/blog/threat-research/2019/04/triton-actor-ttp-profile-custom-attack-tools-detections.html
f7bdddbeae239305ccca3b7eb1019b713bd0f7f060976494e810917a1e6ad5ee;Triton Actor TTP IOCs - DEFAULT - https://www.fireeye.com/blog/threat-research/2019/04/triton-actor-ttp-profile-custom-attack-tools-detections.html
1f1902e4482527824ef2c0c2039162db85e5a671caf0767a695116b03cfc866d;Triton Actor TTP IOCs - DEFAULT.BAK - https://www.fireeye.com/blog/threat-research/2019/04/triton-actor-ttp-profile-custom-attack-tools-detections.html
1d359163b6bd882ae4c26854d69745136a23f3abb7c96341f6d17e18a546a5fd;Triton Actor TTP IOCs - spl32.exe - https://www.fireeye.com/blog/threat-research/2019/04/triton-actor-ttp-profile-custom-attack-tools-detections.html
3b6fd091b956b17476990c6ca77dd8f77d203d3170745d1b7c7894bfcf629b86;Triton Actor TTP IOCs - WinSAT.exe - https://www.fireeye.com/blog/threat-research/2019/04/triton-actor-ttp-profile-custom-attack-tools-detections.html
720ef3d5b5416974376ca4ea8bd536e9eeb608f89e3b5b264e197266be8a9f4e;Triton Actor TTP IOCs - csrss.exe - https://www.fireeye.com/blog/threat-research/2019/04/triton-actor-ttp-profile-custom-attack-tools-detections.html
084c21e75fbfa5056fec913c237ce7fba314f88fbd687e8dcb1e777003f79b0e;Triton Actor TTP IOCs - clusapi.dll - https://www.fireeye.com/blog/threat-research/2019/04/triton-actor-ttp-profile-custom-attack-tools-detections.html
9224c2b00e94e5c57d63820aebe613843b5c851a027488148308fac2d02206f0;Triton Actor TTP IOCs - PolicMan.dll - https://www.fireeye.com/blog/threat-research/2019/04/triton-actor-ttp-profile-custom-attack-tools-detections.html
7633b4178611e28aedfa365a0de8ebe5f41ae8eeee71322f04d0e30e50ba2914;Triton Actor TTP IOCs - verifier2.dll - https://www.fireeye.com/blog/threat-research/2019/04/triton-actor-ttp-profile-custom-attack-tools-detections.html
7bcca38e43f3b37b1acea05899a7c11dfb62de64531bd48af992d5e400a1755f;Triton Actor TTP IOCs - misc.mof - https://www.fireeye.com/blog/threat-research/2019/04/triton-actor-ttp-profile-custom-attack-tools-detections.html
0da4c0b83fa1ad4af9aad6c42feecc6c21c3fd0e660b9e5b3857ddeae3473d54;Triton Actor TTP IOCs - logoff.aspx - https://www.fireeye.com/blog/threat-research/2019/04/triton-actor-ttp-profile-custom-attack-tools-detections.html
f81aa77d23ca6662efb3e6e33538a60e39abb5ca66102e07ffa318a6d6cd78ec;Triton Actor TTP IOCs - flogon.js; - https://www.fireeye.com/blog/threat-research/2019/04/triton-actor-ttp-profile-custom-attack-tools-detections.html

02681a7fe708f39beb7b3cf1bd557ee9;ScarCruft malware - Bluetooth info harvester - https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/
C781f5fad9b47232b3606e4d374900cd;ScarCruft malware - Installer - https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/
032ed0cd234f73865d55103bf4ceaa22;ScarCruft malware - Downloader - https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/
22aaf617a86e026424edb7c868742495;ScarCruft malware - AV Remover - https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/
07d2200f5c2d03845adb5b20841faa94;ScarCruft malware - AV Remover - https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/
1f5ac2f1744ed9c3fd01fe72ee8d334f;ScarCruft malware - Initial Dropper - https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/
4d20f7311f4f617104f559a04afd2fbf;ScarCruft malware - Installer - https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/
03e5e566c1153cb1d18b8bc7c493025f;ScarCruft malware - Downloader - https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/
C66ef71830341bb99d30964a8089a1fc;ScarCruft malware - Loader - https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/
5999e01b83aa1cc12a2ad6a0c0dc27c3;ScarCruft malware - Installer - https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/
4d3c34a3070643c225be1dbbb3457ad4;ScarCruft malware - Injector - https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/
0790F1D7A1B9432AA5B8590286EB8B95;ScarCruft malware - Downloader - https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/
04371bf88b598b56691b0ad9da08204b;ScarCruft malware - Installer - https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/
e8b23cfc805353f55ed67cf0af58f305;ScarCruft malware - UAC bypass(UACME) - https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/
5380a173757e67d9b12f316771012768;ScarCruft malware - Installer - https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/
Ec0e77b57cb9dd7a04ab6e453810937c;ScarCruft malware - Downloader - https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/
25701492a18854ffdb05317ec7d19c29;ScarCruft malware - Installer - https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/
172b4dc27e41e4a0c84a803b0b944d3e;ScarCruft malware - UAC bypass(UACME) - https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/
7149c205d634c4d17dae33fffb8a68ab;ScarCruft malware - Image file embedded ROKRAT - https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/
A76c4a79e6ff73bfd7149a49852e8916;ScarCruft malware - ROKRAT - https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/
F63fc2d11fcebd37be3891def5776f6c;ScarCruft malware - Dropper - https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/
899e90a0851649a5c270d1f78baf60f2;ScarCruft malware - Simple HTTP Downloader - https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/
E88f7f285163d0c080c8d3e525b35ab3;ScarCruft malware - Simple HTTP Downloader - https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/
D7c94c5ba028dc22a570f660b8dee5b9;ScarCruft malware - Simple HTTP Downloader - https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/
A6bd2cf7bccf552febb8e8347d07529a;ScarCruft malware - Simple HTTP Downloader - https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/
7a338d08226f5a38353385c8a5dec746;ScarCruft malware - Simple HTTP Downloader - https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/
46F66D2D990660661D00F5177306309C;ScarCruft malware - Simple HTTP Uploader - https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/
5e0e11bca0e94914e565c1dcc1ee6860;ScarCruft malware - GreezaBackdoor of DarkHotel - https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/
4c2016df6b546326d67ac2a79dea1343;ScarCruft malware - Konni - https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/

006569f0a7e501e58fe15a4323eedc08f9865239131b28dc5f95f750b4767b38;Emissary Panda Webshells https://unit42.paloaltonetworks.com/emissary-panda-attacks-middle-east-government-sharepoint-servers/
2feae7574a2cc4dea2bff4eceb92e3a77cf682c0a1e78ee70be931a251794b86;Emissary Panda Webshells https://unit42.paloaltonetworks.com/emissary-panda-attacks-middle-east-government-sharepoint-servers/
d1ab0dff44508bac9005e95299704a887b0ffc42734a34b30ebf6d3916053dbe;Emissary Panda Webshells https://unit42.paloaltonetworks.com/emissary-panda-attacks-middle-east-government-sharepoint-servers/
6b3f835acbd954af168184f57c9d8e6798898e9ee650bd543ea6f2e9d5cf6378;Emissary Panda Webshells https://unit42.paloaltonetworks.com/emissary-panda-attacks-middle-east-government-sharepoint-servers/
88027a44dc82a97e21f04121eea2e86b4ddf1bd7bbaa4ad009b97b50307570bd;Emissary Panda Tools and Malware https://unit42.paloaltonetworks.com/emissary-panda-attacks-middle-east-government-sharepoint-servers/
738128b4f42c8d2335d68383d72734130c0c4184725c06851498a4cf0374a841;Emissary Panda Tools and Malware https://unit42.paloaltonetworks.com/emissary-panda-attacks-middle-east-government-sharepoint-servers/
3bca0bb708c5dad1c683c6ead857a5ebfa15928a59211432459a3efa6a1afc59;Emissary Panda Tools and Malware https://unit42.paloaltonetworks.com/emissary-panda-attacks-middle-east-government-sharepoint-servers/
29897f2ae25017455f904595872f2430b5f7fedd00ff1a46f1ea77e50940128e;Emissary Panda Tools and Malware https://unit42.paloaltonetworks.com/emissary-panda-attacks-middle-east-government-sharepoint-servers/
d0df8e1dcf30785a964ecdda9bd86374d35960e1817b25a6b0963da38e0b1333;Emissary Panda Tools and Malware https://unit42.paloaltonetworks.com/emissary-panda-attacks-middle-east-government-sharepoint-servers/
a18326f929229da53d4cc340bde830f75e810122c58b523460c8d6ba62ede0e5;Emissary Panda Tools and Malware https://unit42.paloaltonetworks.com/emissary-panda-attacks-middle-east-government-sharepoint-servers/
090cefebef655be7f879f2f14bd849ac20c4051d0c13e55410a49789738fad98;Emissary Panda Tools and Malware https://unit42.paloaltonetworks.com/emissary-panda-attacks-middle-east-government-sharepoint-servers/
7eea6e15bb13a3b65cca9405829123761bf7d12c6dc3b81ce499d8f6a0b25fb7;Emissary Panda Tools and Malware https://unit42.paloaltonetworks.com/emissary-panda-attacks-middle-east-government-sharepoint-servers/
38fa396770e0ecf60fe1ce089422283e2dc8599489bd18d5eb033255dd8e370c;Emissary Panda Tools and Malware https://unit42.paloaltonetworks.com/emissary-panda-attacks-middle-east-government-sharepoint-servers/
4a26ec5fd16ee13d869d6b0b6177e570444f6a007759ea94f1aa18fa831290a8;Emissary Panda Tools and Malware https://unit42.paloaltonetworks.com/emissary-panda-attacks-middle-east-government-sharepoint-servers/
b2b2e900aa2e96ff44610032063012aa0435a47a5b416c384bd6e4e58a048ac9;Emissary Panda Tools and Malware https://unit42.paloaltonetworks.com/emissary-panda-attacks-middle-east-government-sharepoint-servers/
475c7e88a6d73e619ec585a7c9e6e57d2efc8298b688ebc10a3c703322f1a4a7;Emissary Panda Tools and Malware https://unit42.paloaltonetworks.com/emissary-panda-attacks-middle-east-government-sharepoint-servers/
9f5f3a9ce156213445d08d1a9ea99356d2136924dc28a8ceca6d528f9dbd718b;Emissary Panda Tools and Malware https://unit42.paloaltonetworks.com/emissary-panda-attacks-middle-east-government-sharepoint-servers/
c9d5dc956841e000bfd8762e2f0b48b66c79b79500e894b4efa7fb9ba17e4e9e;Emissary Panda Tools and Malware https://unit42.paloaltonetworks.com/emissary-panda-attacks-middle-east-government-sharepoint-servers/
a6cad2d0f8dc05246846d2a9618fc93b7d97681331d5826f8353e7c3a3206e86;Emissary Panda Tools and Malware https://unit42.paloaltonetworks.com/emissary-panda-attacks-middle-east-government-sharepoint-servers/
e781ce2d795c5dd6b0a5b849a414f5bd05bb99785f2ebf36edb70399205817ee;Emissary Panda Tools and Malware https://unit42.paloaltonetworks.com/emissary-panda-attacks-middle-east-government-sharepoint-servers/
d0df8e1dcf30785a964ecdda9bd86374d35960e1817b25a6b0963da38e0b1333;Emissary Panda Tools and Malware https://unit42.paloaltonetworks.com/emissary-panda-attacks-middle-east-government-sharepoint-servers/
06510504f30feb1adc7e423d5a24e67e5b97acbfafe40f253a054be8b1c4e8d7;Emissary Panda Tools and Malware https://unit42.paloaltonetworks.com/emissary-panda-attacks-middle-east-government-sharepoint-servers/
b279a41359367408c627ffa8d80051ed0f04c76fbf6aed79b3b2963203e08ade;Emissary Panda Tools and Malware https://unit42.paloaltonetworks.com/emissary-panda-attacks-middle-east-government-sharepoint-servers/
7eea6e15bb13a3b65cca9405829123761bf7d12c6dc3b81ce499d8f6a0b25fb7;Emissary Panda Tools and Malware https://unit42.paloaltonetworks.com/emissary-panda-attacks-middle-east-government-sharepoint-servers/
04f48ed27a83a57a971e73072ac5c769709306f2714022770fb364fd575fd462;Emissary Panda Tools and Malware https://unit42.paloaltonetworks.com/emissary-panda-attacks-middle-east-government-sharepoint-servers/
090cefebef655be7f879f2f14bd849ac20c4051d0c13e55410a49789738fad98;Emissary Panda Tools and Malware https://unit42.paloaltonetworks.com/emissary-panda-attacks-middle-east-government-sharepoint-servers/
38fa396770e0ecf60fe1ce089422283e2dc8599489bd18d5eb033255dd8e370c;Emissary Panda Tools and Malware https://unit42.paloaltonetworks.com/emissary-panda-attacks-middle-east-government-sharepoint-servers/
2dde8881cd9b43633d69dfa60f23713d7375913845ac3fe9b4d8a618660c4528;Emissary Panda Tools and Malware https://unit42.paloaltonetworks.com/emissary-panda-attacks-middle-east-government-sharepoint-servers/

50c0bf9479efc93fa9cf1aa99bdca923273b71a1;Turla Snake malware - PowerShell loader with encrypted payload PowerShell/Turla.T - https://www.welivesecurity.com/2019/05/29/turla-powershell-usage/
ec54ef8d79bf30b63c5249af7a8a3c652595b923;Turla Snake malware - RPC backdoor (client) Win64/Turla.BQ - https://www.welivesecurity.com/2019/05/29/turla-powershell-usage/
9cdf6d5878fc3aecf10761fd72371a2877f270d0;Turla Snake malware - RPC backdoor (server) Win64/Turla.BQ - https://www.welivesecurity.com/2019/05/29/turla-powershell-usage/
d3df3f32716042404798e3e9d691aced2f78bdd5;Turla Snake malware - File exfiltration RPC plugin Win32/Turla.BZ - https://www.welivesecurity.com/2019/05/29/turla-powershell-usage/
9d1c563e5228b2572f5ca14f0ec33ca0deda3d57;Turla Snake malware - RPCSpoofServerInstaller Win64/Turla.BS - https://www.welivesecurity.com/2019/05/29/turla-powershell-usage/
b948e25d061039d64115cfde74d2ff4372e83765;Turla Snake malware - RPC interface patcher Win64/Turla.BR - https://www.welivesecurity.com/2019/05/29/turla-powershell-usage/

04fb0ccf3ef309b1cd587f609ab0e81e;APT 41 - CRACKSHOT https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html
0b2e07205245697a749e422238f9f785;APT 41 - CRACKSHOT https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html
272537bbd2a8e2a2c3938dc31f0d2461;APT 41 - CRACKSHOT https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html
dd792f9185860e1464b4346254b2101b;APT 41 - CRACKSHOT https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html
fcfab508663d9ce519b51f767e902806;APT 41 - CRACKSHOT https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html
5b26f5c7c367d5e976aaba320965cc7f;APT 41 - GEARSHIFT https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html
f8c89ccd8937f2b760e6706738210744;APT 41 - GEARSHIFT https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html
46a557fbdce734a6794b228df0195474;APT 41 - HIGHNOON https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html
77c60e5d2d99c3f63f2aea1773ed4653;APT 41 - HIGHNOON https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html
849ab91e93116ae420d2fe2136d24a87;APT 41 - HIGHNOON https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html
36711896cfeb67f599305b590f195aec;APT 41 - HIGHNOON.BIN https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html
7d51ea0230d4692eeedc2d5a4cd66d2d;APT 41 - HIGHNOON.BIN https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html
a0a96138b57ee24eed31b652ddf60d4e;APT 41 - HIGHNOON.BIN https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html
ba08b593250c3ca5c13f56e2ca97d85e;APT 41 - JUMPALL https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html
223e4cc4cf5ce049f300671697a17a01;APT 41 - POISONPLUG https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html
37e100dd8b2ad8b301b130c2bca3f1ea;APT 41 - POISONPLUG https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html
557ff68798c71652db8a85596a4bab72;APT 41 - POISONPLUG https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html
830a09ff05eac9a5f42897ba5176a36a;APT 41 - POISONPLUG https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html
b0877494d36fab1f9f4219c3defbfb19;APT 41 - POISONPLUG https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html
c8403fabda4d036a55d0353520e765c9;APT 41 - POISONPLUG https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html
ff8d92dfbcda572ef97c142017eec658;APT 41 - POISONPLUG https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html
ffd0f34739c1568797891b9961111464;APT 41 - POISONPLUG https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html
72584d6b7dd10c82d9118567b548b2b1;APT 41 - POISONBLUG.SHADOW https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html
97363d50a279492fda14cbab53429e75;APT 41 - POISONBLUG.SHADOW https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html
a6c7db170bc7a4ee2cdb192247b59cd6;APT 41 - POISONBLUG.SHADOW https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html

c613fcccb380f7e3ce157c4f620efca503c1bad3;Sofacy malware - (eml file) - DOC/TrojanDownloader.Agent.AMY
6f281b30d8d6a9bc1dbe2fe73995aac382c4a543;Sofacy malware - 612243236.docx - DOC/TrojanDownloader.Agent.AMY
f3f945fb22916f82cb7407cde2a80a68cd83b074;Sofacy malware - wordData.dotm - VBA/TrojanDropper.Agent.AIP
a56af5b44624e8ada60057fd7f39af5b3de10724;Sofacy malware - lmss.zip - Win32/TrojanDownloader.Sednit.BK
b8ac400e1deb6e90fa4e2adb150c511c98bafc6e;Sofacy malware - lmss.doc - VBA/TrojanDropper.Agent.AIQ
f0793e02180f3ccf48e41bd67ec1161d93f07e01;Sofacy malware - lmss.exe - Win32/TrojanDownloader.Sednit.BK
04303024ff453f918925d7160abbd199f137a442;Sofacy malware - ospsvc.dll - Win32/Sednit.DI
c96db85ece2b57a9e82ba36b5f31ca9d2051a6f0;Sofacy malware - osppsvc.exe - Win32/Sednit.DJ

395E87C5BD00F78BF4C63880C6982A7941A2ECD0;Winnti Report - .NET injector - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
08B825C87171500E694798527E17A849160B0A72;Winnti Report - VBS injector - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
97709D62531D12A6994BCE5787D519DB52435A62;Winnti Report - InnerLoader - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
252640016FAEFF97FA22EB2B736973ED16D73FBE;Winnti Report - InnerLoader - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
F5BA05240B1609D4131D5DCA7F5E6E90B5748004;Winnti Report - InnerLoader - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
E14A6A8447CE1D45494E613D6327430D9025A2E5;Winnti Report - NetAgent - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
74A68DAD4BC87EACCA93106832F8B4AEE82843A2;Winnti Report - NetAgent - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
5AB3461B17EE3806ABBB06B8966F6B0011F3D8F2;Winnti Report - NetAgent - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
A1AED6FD6990A74590864F9D2A6E714A715FCE3E;Winnti Report - SK3 - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
E0F276ED16027ED2953A7B0E5274D3F563A75A9D;Winnti Report - SK3 - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
14C32D0C0346EF4A2B1993FDA9AAB670806B9284;Winnti Report - SK3 - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
52A8C38890360D0B32993A44C9E94E660F3FA8F4;Winnti Report - Merged NetAgent & ProcTran - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
20CA6EAE9D6CF2275F9BFD24A0E07F75BEE119BA;Winnti Report - Merged NetAgent & ProcTran - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
DBE3EECE00C255A3FDF924B82621394377B0E865;Winnti Report - Merged NetAgent & ProcTran - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
A08922372042B4C3C0FAA120E9DD626823CDB3C7;Winnti Report - UserFunction - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
93F623C91F579D33788F84A9A83478CD2E9646AA;Winnti Report - UserFunction - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
44DDBF7AA256A4B0E25DE585E95EA520BF2C4891;Winnti Report - ProcTran - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
75B7A4B7E01CECC9AFBDAB01C49E9D7FCCACFDC0;Winnti Report - ProcTran - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
82072CB53416C89BFEE95B239F9A90677A0848DF;Winnti Report - Payload in Overlay - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
634344FAFD6E16F171B0857962149659639FDF41;Winnti Report - Payload in Overlay - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
ED0C9354D34D6E9F09B7038D391E846CDD9E0EAE;Winnti Report - Payload in Overlay - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
E6D43344A354EB17E0E0E76AD391FBCAF9C34119;Winnti Report - Payload in Overlay - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
22B82AE0819DA2FD887BE55A8508FFB46D02CA99;Winnti Report - Payload in Overlay - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
F14694BDDE921B31030300CC9BDC5574BA3D9F74;Winnti Report - Payload in Overlay - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
971BB08196BBA400B07CF213345F55CE0A6EEDC8;Winnti Report - Payload in Overlay - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
438178A5816D3EF6AC02D4DB929A48FA558E514C;Winnti Report - Payload in Overlay - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
4DC5FADECE500CCD8CC49CFCF8A1B59BAEE3382A;Winnti Report - Payload in Overlay - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
C44D06F79E5E42B08BE17A8A7DBAF61400F1DE28;Winnti Report - Payload in Overlay - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
672BB391B92681ADCFCFB4F2F728EDF32F2FB8FE;Winnti Report - Payload in Overlay - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
9E8883A6DE72D338E2C0C1A0E291D013A0CE9058;Winnti Report - Payload in ADS - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
B09ADDDE1523C223C4F8FBF0E541C627E4A04400;Winnti Report - Payload in ADS - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
BD1F1494B8D18DAF07DE7D47549A7E27FF3FFD05;Winnti Report - Payload in Overlay - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
757FF5EC3DC53ABBB62391B14883EF460F6FD404;Winnti Report - Payload in Overlay - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
BDBADB2E3EEDD72DD6F8D9235699A139CAB69AAE;Winnti Report - Payload in Overlay - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
4D090E6B749D4D3D8E413F44EB2DE6925C78CD82;Winnti Report - Payload in Overlay - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
B4446480813D3BFC8DE4049A32A72CC0EB0D8094;Winnti Report - Payload in Overlay - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
95A41FDDDC8CAF097902B484F8440BDDAD0C5B32;Winnti Report - Winnti droppers (Install.exe) - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
D9A54F79CA15C7E363DBE62B4D1C5C8D103103A2;Winnti Report - Winnti droppers (Install.exe) - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
DAF1CD345F44CB2BF1CFA8D68EECAF1961CBD51F;Winnti Report - Winnti droppers (Install.exe) - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
3DF753F56BB53F72D3DF735A898D7221C3B5272E;Winnti Report - Winnti droppers (Install.exe) - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
6C10C9D46531FBC5F0C2372A116AB31C730ED4B7;Winnti Report - Winnti droppers (Install.exe) - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
D74F1C8257409AD964DB22087A559609C2D0D978;Winnti Report - Winnti droppers (Install.exe) - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
E6677E5E2D68BC544B210E69D9C8DF6A2752C20A;Winnti Report - Winnti droppers (Install.exe) - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
EC0E4A6E2E630267C13B449ED4CF3F04598E40DF;Winnti Report - Winnti droppers (Install.exe) - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
F61403E7730D17B967DA3143BC7CB33EEBE826C0;Winnti Report - Winnti droppers (Install.exe) - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
FD9DED44C47585541B89FFD25907A9A2ED41A995;Winnti Report - Winnti droppers (Install.exe) - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
E0B1005DA5B35E31F09FC82A694F188A92CCA85D;Winnti Report - Winnti droppers (Install.exe) - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
CD36CAF7F7CD9F161743348D2EA69A9E0254C3B5;Winnti Report - Winnti droppers (Install.exe) - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
2C35E28FBA5D05F10430C4D70E4938426F38E228;Winnti Report - Winnti droppers (Install.exe) - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
1AE6FBAD7AF15FB7E60DBBFEA964F0E49372AE53;Winnti Report - Winnti droppers (Install.exe) - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
1EC1B5A902869ED5D51012826A34FFA9225853CB;Winnti Report - Winnti droppers (Install.exe) - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
B08D72576B93687DFC61ABFA740DD39490D6A262;Winnti Report - Winnti malware - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
DE197A5DC5B38E4B72BC37C14CF38E577DDEB8B5;Winnti Report - Winnti malware - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
4EA2ED895111A70B9A59DF37343440E4A3A97A47;Winnti Report - Winnti malware - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
DE197A5DC5B38E4B72BC37C14CF38E577DDEB8B5;Winnti Report - Winnti malware - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
C452BDF6FF99243A12789FF4B99AC71A5DA5F696;Winnti Report - Winnti malware - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
B08D72576B93687DFC61ABFA740DD39490D6A262;Winnti Report - Winnti malware - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
24AA07A0B3665BF97A1545B0F2749CD509F1B4CA;Winnti Report - Winnti malware - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
E26B59789029D23BD9232FA6B1C90EC9379B9066;Winnti Report - Winnti malware - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
C262D297EAEC622E3FB8E1FC2A0017E28168879A;Winnti Report - Winnti malware - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
645720EC88C993B28D982C0AD89A5ACA79CE7E16;Winnti Report - Winnti malware - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
B6819C870DF88A973EB48B572AD1CFEAEB6A655A;Winnti Report - Winnti malware - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
8DF84B01B08EE983C66BECC59C0F361D246A96ED;Winnti Report - Winnti malware - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
723B27ABA08CBB3A9CA42F7E8350451D00829E5A;Winnti Report - Winnti malware - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
55155C3A7B993584A07ACDBF92F2200804C00E02;Winnti Report - Winnti malware - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
5105F3020B5E680FA66D664C7F8C811F072933CF;Winnti Report - Winnti malware - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
D62A0BD08C5B435D1B8A0505E8018D58A9667B2C;Winnti Report - Winnti malware - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
C262D297EAEC622E3FB8E1FC2A0017E28168879A;Winnti Report - Winnti malware - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
7B0AAE2AA17BD5712DD682F35C7A8E3E1CDCC57C;Winnti Report - Winnti malware - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
47A262BAE22BB77850A1E3E38F8E529189D291F6;Winnti Report - AceHash - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
35C026F8C35BFCEECD23EACE19F09D3DF2FD72DA;Winnti Report - AceHash - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
43FF18CEB3814F1DAE940AD977C59A96BB016E76;Winnti Report - AceHash - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
D24BBB898A4A301870CAB85F836090B0FC968163;Winnti Report - AceHash - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
70B21E3AC69F0220784228375BA6BEF37FE0C488;Winnti Report - XMRig - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
9BFB1C92489DA812DBE53B2A8E2CC2724CF74B4E;Winnti Report - XMRig - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
EE5FEB8E9428A04C454966F6E19E202CCB33545F;Winnti Report - XMRig - https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/

2b9244c526e2c2b6d40e79a8c3edb93c;APT41 tinyurl.com/y4tu7uan DEADEYE.APPEND POISONPLUG
04be89ff5d217796bc68678d2508a0d7;APT41 tinyurl.com/y4tu7uan DEADEYE.APPEND POISONPLUG
092ae9ce61f6575344c424967bd79437;APT41 tinyurl.com/y4tu7uan DEADEYE.APPEND LOWKEY.HTTP
37e100dd8b2ad8b301b130c2bca3f1ea;APT41 tinyurl.com/y4tu7uan DEADEYE.APPEND POISONPLUG
39fe65a46c03b930ccf0d552ed3c17b1;APT41 tinyurl.com/y4tu7uan DEADEYE.APPEND POISONPLUG
557ff68798c71652db8a85596a4bab72;APT41 tinyurl.com/y4tu7uan DEADEYE.APPEND POISONPLUG
64e09cf2894d6e5ac50207edff787ed7;APT41 tinyurl.com/y4tu7uan DEADEYE.APPEND POISONPLUG
650a3dce1380f9194361e0c7be9ffb97;APT41 tinyurl.com/y4tu7uan DEADEYE.APPEND POISONPLUG
7dc6bbc202e039dd989e1e2a93d2ec2d;APT41 tinyurl.com/y4tu7uan DEADEYE.APPEND LOWKEY
7f05d410dc0d1b0e7a3fcc6cdda7a2ff;APT41 tinyurl.com/y4tu7uan DEADEYE.APPEND LOWKEY
904bbe5ac0d53e74a6cefb14ebd58c0b;APT41 tinyurl.com/y4tu7uan DEADEYE.APPEND POISONPLUG
c11dd805de683822bf4922aecb9bfef5;APT41 tinyurl.com/y4tu7uan DEADEYE.APPEND LOWKEY.HTTP
d49c186b1bfd7c9233e5815c2572eb98;APT41 tinyurl.com/y4tu7uan DEADEYE.APPEND LOWKEY
e58d4072c56a5dd3cc5cf768b8f37e5e;APT41 tinyurl.com/y4tu7uan None - encrypted data XMRIG
eb37c75369046fb1076450b3c34fb8ab;APT41 tinyurl.com/y4tu7uan DEADEYE.APPEND LOWKEY
ee5b707249c562dc916b125e32950c8d;APT41 tinyurl.com/y4tu7uan DEADEYE.APPEND POISONPLUG
ff8d92dfbcda572ef97c142017eec658;APT41 tinyurl.com/y4tu7uan DEADEYE.APPEND POISONPLUG
ffd0f34739c1568797891b9961111464;APT41 tinyurl.com/y4tu7uan DEADEYE.APPEND POISONPLUG
5322816c2567198ad3dfc53d99567d6e;APT41 tinyurl.com/y4tu7uan DEADEYE.DOWN

4BA559C403FF3F5CC2571AE0961EAFF6CF0A50F6;Operation Ghost Dukes PolyglotDuke - https://www.welivesecurity.com/2019/10/17/operation-ghost-dukes-never-left/
CF14AC569A63DF214128F375C12D90E535770395;Operation Ghost Dukes PolyglotDuke - https://www.welivesecurity.com/2019/10/17/operation-ghost-dukes-never-left/
539D021CD17D901539A5E1132ECAAB7164ED5DB5;Operation Ghost Dukes PolyglotDuke - https://www.welivesecurity.com/2019/10/17/operation-ghost-dukes-never-left/
0E25EE58B119DD48B7C9931879294AC3FC433F50;Operation Ghost Dukes PolyglotDuke - https://www.welivesecurity.com/2019/10/17/operation-ghost-dukes-never-left/
D625C7CE9DC7E56A29EC9A81650280EDC6189616;Operation Ghost Dukes PolyglotDuke - https://www.welivesecurity.com/2019/10/17/operation-ghost-dukes-never-left/
0A5A7DD4AD0F2E50F3577F8D43A4C55DDC1D80CF;Operation Ghost Dukes RegDuke Loader - https://www.welivesecurity.com/2019/10/17/operation-ghost-dukes-never-left/
F7FD63C0534D2F717FD5325D4397597C9EE4065F;Operation Ghost Dukes RegDuke Loader - https://www.welivesecurity.com/2019/10/17/operation-ghost-dukes-never-left/
194D8E2AE4C723CE5FE11C4D9CFEFBBA32DCF766;Operation Ghost Dukes RegDuke Loader - https://www.welivesecurity.com/2019/10/17/operation-ghost-dukes-never-left/
64D6C11FFF2C2AADAACEE01B294AFCC751316176;Operation Ghost Dukes RegDuke Loader - https://www.welivesecurity.com/2019/10/17/operation-ghost-dukes-never-left/
6ACC0B1230303F8CF46152697D3036D69EA5A849;Operation Ghost Dukes RegDuke Loader - https://www.welivesecurity.com/2019/10/17/operation-ghost-dukes-never-left/
170BE45669026F3C1FC5BA2D48817DBF950DA3F6;Operation Ghost Dukes RegDuke Loader - https://www.welivesecurity.com/2019/10/17/operation-ghost-dukes-never-left/
5905C55189C683BC37258AEC28E916C41948CD1C;Operation Ghost Dukes RegDuke Backdoor - https://www.welivesecurity.com/2019/10/17/operation-ghost-dukes-never-left/
B05CABA461000C6EBD8B237F318577E9BCCD6047;Operation Ghost Dukes MiniDuke - https://www.welivesecurity.com/2019/10/17/operation-ghost-dukes-never-left/
718C2CE6170D6CA505297B41DE072D8D3B873456;Operation Ghost Dukes MiniDuke - https://www.welivesecurity.com/2019/10/17/operation-ghost-dukes-never-left/
A88DA2DD033775F7ABC8D6FB3AD5DD48EFBEADE1;Operation Ghost Dukes FatDuke - https://www.welivesecurity.com/2019/10/17/operation-ghost-dukes-never-left/
DB19171B239EF6DE8E83B2926EADC652E74A5AFA;Operation Ghost Dukes FatDuke - https://www.welivesecurity.com/2019/10/17/operation-ghost-dukes-never-left/
9E96B00E9F7EB94A944269108B9E02D97142EEDC;Operation Ghost Dukes FatDuke Loader - https://www.welivesecurity.com/2019/10/17/operation-ghost-dukes-never-left/
AF2B46D4371CE632E2669FEA1959EE8AF4EC39CE;Operation Ghost Dukes LiteDuke - https://www.welivesecurity.com/2019/10/17/operation-ghost-dukes-never-left/

18E4FEB988CB95D71D81E1964AA6280E22361B9F;Winnti MSSQL server backdoor - VMP Loader - https://www.welivesecurity.com/2019/10/21/winnti-group-skip2-0-microsoft-sql-server-backdoor/
4AF89296A15C1EA9068A279E05CC4A41B967C956;Winnti MSSQL server backdoor - VMP Loader - https://www.welivesecurity.com/2019/10/21/winnti-group-skip2-0-microsoft-sql-server-backdoor/
A2571946AB181657EB825CDE07188E8BCD689575;Winnti MSSQL server backdoor - Inner-Loader injector - https://www.welivesecurity.com/2019/10/21/winnti-group-skip2-0-microsoft-sql-server-backdoor/
60B9428D00BE5CE562FF3D888441220290A6DAC7;Winnti MSSQL server backdoor - skip-2.0 - https://www.welivesecurity.com/2019/10/21/winnti-group-skip2-0-microsoft-sql-server-backdoor/

C9C39045FA14E94618DD631044053824;Calypso APT 2019 - Droppers and payload - https://www.ptsecurity.com/ww-en/analytics/calypso-apt-2019/
E24A62D9826869BC4817366800A8805C;Calypso APT 2019 - Droppers and payload - https://www.ptsecurity.com/ww-en/analytics/calypso-apt-2019/
F0F5DA1A4490326AA0FC8B54C2D3912D;Calypso APT 2019 - Droppers and payload - https://www.ptsecurity.com/ww-en/analytics/calypso-apt-2019/
CB914FC73C67B325F948DD1BF97F5733;Calypso APT 2019 - Droppers and payload - https://www.ptsecurity.com/ww-en/analytics/calypso-apt-2019/
6347E42F49A86AFF2DEA7C8BF455A52A;Calypso APT 2019 - Droppers and payload - https://www.ptsecurity.com/ww-en/analytics/calypso-apt-2019/
0171E3C76345FEE31B90C44570C75BAD;Calypso APT 2019 - Droppers and payload - https://www.ptsecurity.com/ww-en/analytics/calypso-apt-2019/
17E05041730DCD0732E5B296DB16D757;Calypso APT 2019 - Droppers and payload - https://www.ptsecurity.com/ww-en/analytics/calypso-apt-2019/
69322703B8EF9D490A20033684C28493;Calypso APT 2019 - Droppers and payload - https://www.ptsecurity.com/ww-en/analytics/calypso-apt-2019/
22953384F3D15625D36583C524F3480A;Calypso APT 2019 - Droppers and payload - https://www.ptsecurity.com/ww-en/analytics/calypso-apt-2019/
1E765FED294A7AD082169819C95D2C85;Calypso APT 2019 - Droppers and payload - https://www.ptsecurity.com/ww-en/analytics/calypso-apt-2019/
C84DF4B2CD0D3E7729210F15112DA7AC;Calypso APT 2019 - Droppers and payload - https://www.ptsecurity.com/ww-en/analytics/calypso-apt-2019/
ACAAB4AA4E1EA7CE2F5D044F198F0095;Calypso APT 2019 - Droppers and payload - https://www.ptsecurity.com/ww-en/analytics/calypso-apt-2019/
85CE60B365EDF4BEEBBDD85CC971E84D;Calypso APT 2019 - Droppers with the same payload - https://www.ptsecurity.com/ww-en/analytics/calypso-apt-2019/
1ED72C14C4AAB3B66E830E16EF90B37B;Calypso APT 2019 - Droppers with the same payload - https://www.ptsecurity.com/ww-en/analytics/calypso-apt-2019/
CB914FC73C67B325F948DD1BF97F5733;Calypso APT 2019 - Droppers with the same payload - https://www.ptsecurity.com/ww-en/analytics/calypso-apt-2019/
E3E61F30F8A39CD7AA25149D0F8AF5EF;Calypso APT 2019 - Payload without dropper - https://www.ptsecurity.com/ww-en/analytics/calypso-apt-2019/
974298EB7E2ADFA019CAE4D1A927AB07;Calypso APT 2019 - Payload without dropper - https://www.ptsecurity.com/ww-en/analytics/calypso-apt-2019/
AA1CF5791A60D56F7AE6DA9BB1E7F01E;Calypso APT 2019 - Payload without dropper - https://www.ptsecurity.com/ww-en/analytics/calypso-apt-2019/
05F472A9D926F4C8A0A372E1A7193998;Calypso APT 2019 - Payload without dropper - https://www.ptsecurity.com/ww-en/analytics/calypso-apt-2019/
0D532484193B8B098D7EB14319CEFCD3;Calypso APT 2019 - Payload without dropper - https://www.ptsecurity.com/ww-en/analytics/calypso-apt-2019/
E1A578A069B1910A25C95E2D9450C710;Calypso APT 2019 - Payload without dropper - https://www.ptsecurity.com/ww-en/analytics/calypso-apt-2019/
2807236C2D905A0675878E530ED8B1F8;Calypso APT 2019 - Payload without dropper - https://www.ptsecurity.com/ww-en/analytics/calypso-apt-2019/
847B5A145330229CE149788F5E221805;Calypso APT 2019 - Payload without dropper - https://www.ptsecurity.com/ww-en/analytics/calypso-apt-2019/
D1A1166BEC950C75B65FDC7361DCDC63;Calypso APT 2019 - Payload without dropper - https://www.ptsecurity.com/ww-en/analytics/calypso-apt-2019/
CCE8C8EE42FEAED68E9623185C3F7FE4;Calypso APT 2019 - Payload without dropper - https://www.ptsecurity.com/ww-en/analytics/calypso-apt-2019/
43B7D48D4B2AFD7CF8D4BD0804D62E8B;Calypso APT 2019 - Hussar - https://www.ptsecurity.com/ww-en/analytics/calypso-apt-2019/
617D588ECCD942F243FFA8CB13679D9C;Calypso APT 2019 - Hussar - https://www.ptsecurity.com/ww-en/analytics/calypso-apt-2019/
5199EF9D086C97732D97EDDEF56591EC;Calypso APT 2019 - FlyingDutchman - https://www.ptsecurity.com/ww-en/analytics/calypso-apt-2019/
06C1D7BF234CE99BB14639C194B3B318;Calypso APT 2019 - FlyingDutchman - https://www.ptsecurity.com/ww-en/analytics/calypso-apt-2019/

d4be15adbbe135d172d5e0afcd191ae740df22de5d3beac98e188a3cf01a036b;C2 With it All - WSDB.bat - https://blog.talosintelligence.com/2019/11/c2-with-it-all.html
a78bacb79d5d229aa8d6c574d1d8386664918a520beebc655975b04a61da1308;C2 With it All - WSDB.ps1 - https://blog.talosintelligence.com/2019/11/c2-with-it-all.html
e410b949d128ffb513af037355fe777b5b40799001a312843e405070308a3f36;C2 With it All - WSDB.xml - https://blog.talosintelligence.com/2019/11/c2-with-it-all.html
3de852ed3bd3579cd9875108e121ba6fd68a66f8f6948cce072e8013ad1955ea;C2 With it All - c32_217061.exe - https://blog.talosintelligence.com/2019/11/c2-with-it-all.html
fa7c7db9d33e1f4193bfe460d1a61096d75315212042a62bb3a30b3077511610;C2 With it All - c64_217061.exe - https://blog.talosintelligence.com/2019/11/c2-with-it-all.html
0273d96cef6683e3fb205b8e841579b44bae16ff1e3ab57647b1a9d2947db5c7;C2 With it All - file.exe - https://blog.talosintelligence.com/2019/11/c2-with-it-all.html
bc919680471fd1b631e80c37e83aeb6877f13f4ed47ae22100cf4d60e27a93a4;C2 With it All - mimikatz.exe - https://blog.talosintelligence.com/2019/11/c2-with-it-all.html
b9a8710e55bb2d55bbeed9cebb83ac2f18f78818f0c05f18c96f766c8c47e2d9;C2 With it All - no135.exe - https://blog.talosintelligence.com/2019/11/c2-with-it-all.html
f658ddcf8e87de957a81bb92d44ce02913b427e8bccbe663669ee2613d355555;C2 With it All - p1q135no.sfx.exe - https://blog.talosintelligence.com/2019/11/c2-with-it-all.html
89f8af1eb52f31b011982d7a1ecc1eed25af6c14bf5f317568a3450db5db7247;C2 With it All - q108.exe - https://blog.talosintelligence.com/2019/11/c2-with-it-all.html
dcb76dc106e586c6f8bfa82832a66f525a9addb5450912004e92dd578ff2a60a;C2 With it All - q121k.exe - https://blog.talosintelligence.com/2019/11/c2-with-it-all.html
04d0824f70be3666d79b2a49b85cf6b60b566d7b8cc9efd31195644514fb0cb1;C2 With it All - q135.exe - https://blog.talosintelligence.com/2019/11/c2-with-it-all.html
08499612bcf7ccb250438ce8f6eed616511e27c762d66132fef93296007984ac;C2 With it All - q137k.exe - https://blog.talosintelligence.com/2019/11/c2-with-it-all.html
0273d96cef6683e3fb205b8e841579b44bae16ff1e3ab57647b1a9d2947db5c7;C2 With it All - svchost.exe - https://blog.talosintelligence.com/2019/11/c2-with-it-all.html
619f0c489beac9a792b9b42fa6529b3faf4329692fb52d17123ef69733868845;C2 With it All - zap32.exe - https://blog.talosintelligence.com/2019/11/c2-with-it-all.html
98a4f69eff1f91f63fb74420ee4c16be508aa203d04f66e98b1dcb554def61ee;C2 With it All - zap64.exe - https://blog.talosintelligence.com/2019/11/c2-with-it-all.html
b1e883222f3205db59ff812c6f6097291df12b1784c9e64eef674ab3a173c07a;C2 With it All - q159.exe - https://blog.talosintelligence.com/2019/11/c2-with-it-all.html

1addee050504ba999eb9f9b1ee5b9f04;Dark Universe APT - https://securelist.com/darkuniverse-the-mysterious-apt-framework-27/94897/
4b71ec0b2d23204e560481f138833371;Dark Universe APT - https://securelist.com/darkuniverse-the-mysterious-apt-framework-27/94897/
4e24b26d76a37e493bb35b1a8c8be0f6;Dark Universe APT - https://securelist.com/darkuniverse-the-mysterious-apt-framework-27/94897/
405ef35506dc864301fada6f5f1d0711;Dark Universe APT - https://securelist.com/darkuniverse-the-mysterious-apt-framework-27/94897/
764a4582a02cc54eb1d5460d723ae3a5;Dark Universe APT - https://securelist.com/darkuniverse-the-mysterious-apt-framework-27/94897/
c2edda7e766553a04b87f2816a83f563;Dark Universe APT - https://securelist.com/darkuniverse-the-mysterious-apt-framework-27/94897/
71d36436fe26fe570b876ad3441ea73c;Dark Universe APT - https://securelist.com/darkuniverse-the-mysterious-apt-framework-27/94897/

02B38F6E8B54885FA967851A5580F61C14A0AAB6;DePriMon malware https://www.welivesecurity.com/2019/11/21/deprimon-default-print-monitor-malicious-downloader/
03E047DD4CECB16F513C44599BF9B8BA82D0B7CB;DePriMon malware https://www.welivesecurity.com/2019/11/21/deprimon-default-print-monitor-malicious-downloader/
0996C280AB704E95C9043C5A250CCE077DF9C8B2;DePriMon malware https://www.welivesecurity.com/2019/11/21/deprimon-default-print-monitor-malicious-downloader/
15EBE328A501B1D603E66762FBB4583D73E109F7;DePriMon malware https://www.welivesecurity.com/2019/11/21/deprimon-default-print-monitor-malicious-downloader/
1911F6E8B05E38A3C994048C759C5EA2B95CE5F7;DePriMon malware https://www.welivesecurity.com/2019/11/21/deprimon-default-print-monitor-malicious-downloader/
2B30BE3F39DEF1F404264D8858B89769E6C032D9;DePriMon malware https://www.welivesecurity.com/2019/11/21/deprimon-default-print-monitor-malicious-downloader/
2D80B235CDF41E09D055DD1B01FD690E13BE0AC7;DePriMon malware https://www.welivesecurity.com/2019/11/21/deprimon-default-print-monitor-malicious-downloader/
6DB79671A3F31F7A9BB870151792A56276619DC1;DePriMon malware https://www.welivesecurity.com/2019/11/21/deprimon-default-print-monitor-malicious-downloader/
6FAB7AA0479D41700981983A39F962F28CCFBE29;DePriMon malware https://www.welivesecurity.com/2019/11/21/deprimon-default-print-monitor-malicious-downloader/
7D0B08654B47329AD6AE44B8FF158105EA736BC3;DePriMon malware https://www.welivesecurity.com/2019/11/21/deprimon-default-print-monitor-malicious-downloader/
7E8A7273C5A0D49DFE6DA04FEF963E30D5258814;DePriMon malware https://www.welivesecurity.com/2019/11/21/deprimon-default-print-monitor-malicious-downloader/
8B4F3A06BA41F859E4CC394985BB788D5F76C85C;DePriMon malware https://www.welivesecurity.com/2019/11/21/deprimon-default-print-monitor-malicious-downloader/
94C0BE25077D9A76F14A63CBF7A774A96E8006B8;DePriMon malware https://www.welivesecurity.com/2019/11/21/deprimon-default-print-monitor-malicious-downloader/
968B52550062848A717027C512AFEDED19254F58;DePriMon malware https://www.welivesecurity.com/2019/11/21/deprimon-default-print-monitor-malicious-downloader/
9C4BADE47865E8111DD3EEE6C5C4BC83F2489F5B;DePriMon malware https://www.welivesecurity.com/2019/11/21/deprimon-default-print-monitor-malicious-downloader/
AA59CB6715CFFF545579861E5E77308F6CAEAC36;DePriMon malware https://www.welivesecurity.com/2019/11/21/deprimon-default-print-monitor-malicious-downloader/
C2388C2B2ED6063EACBA8A4021CE32EB0929FAD2;DePriMon malware https://www.welivesecurity.com/2019/11/21/deprimon-default-print-monitor-malicious-downloader/
CA34050771678C65040065822729F44B35C87B0C;DePriMon malware https://www.welivesecurity.com/2019/11/21/deprimon-default-print-monitor-malicious-downloader/
D38045B42C7E87C199993AB929AD92ADE4F82398;DePriMon malware https://www.welivesecurity.com/2019/11/21/deprimon-default-print-monitor-malicious-downloader/
E272FDA0E9BA1A1B8EF444FF5F2E8EE419746384;DePriMon malware https://www.welivesecurity.com/2019/11/21/deprimon-default-print-monitor-malicious-downloader/
E2D39E290201010F49652EE6116FD9B35C9AD882;DePriMon malware https://www.welivesecurity.com/2019/11/21/deprimon-default-print-monitor-malicious-downloader/
F413EEE3CFD85A60D7AFC4D4ECC4445BB1F0B8BC;DePriMon malware https://www.welivesecurity.com/2019/11/21/deprimon-default-print-monitor-malicious-downloader/

9ae7c4a4e1cfe9b505c3a47e66551eb1357affee65bfefb0109d02f4e97c06dd;GALLIUM APT IOC https://www.microsoft.com/security/blog/2019/12/12/gallium-targeting-global-telecom/
7772d624e1aed327abcd24ce2068063da0e31bb1d5d3bf2841fc977e198c6c5b;GALLIUM APT IOC https://www.microsoft.com/security/blog/2019/12/12/gallium-targeting-global-telecom/
657fc7e6447e0065d488a7db2caab13071e44741875044f9024ca843fe4e86b5;GALLIUM APT IOC https://www.microsoft.com/security/blog/2019/12/12/gallium-targeting-global-telecom/
2ef157a97e28574356e1d871abf75deca7d7a1ea662f38b577a06dd039dbae29;GALLIUM APT IOC https://www.microsoft.com/security/blog/2019/12/12/gallium-targeting-global-telecom/
52fd7b90d7144ac448af4008be639d4d45c252e51823f4311011af3207a5fc77;GALLIUM APT IOC https://www.microsoft.com/security/blog/2019/12/12/gallium-targeting-global-telecom/
a370e47cb97b35f1ae6590d14ada7561d22b4a73be0cb6df7e851d85054b1ac3;GALLIUM APT IOC https://www.microsoft.com/security/blog/2019/12/12/gallium-targeting-global-telecom/
5bf80b871278a29f356bd42af1e35428aead20cd90b0c7642247afcaaa95b022;GALLIUM APT IOC https://www.microsoft.com/security/blog/2019/12/12/gallium-targeting-global-telecom/
6f690ccfd54c2b02f0c3cb89c938162c10cbeee693286e809579c540b07ed883;GALLIUM APT IOC https://www.microsoft.com/security/blog/2019/12/12/gallium-targeting-global-telecom/
3c884f776fbd16597c072afd81029e8764dd57ee79d798829ca111f5e170bd8e;GALLIUM APT IOC https://www.microsoft.com/security/blog/2019/12/12/gallium-targeting-global-telecom/
1922a419f57afb351b58330ed456143cc8de8b3ebcbd236d26a219b03b3464d7;GALLIUM APT IOC https://www.microsoft.com/security/blog/2019/12/12/gallium-targeting-global-telecom/
fe0e4ef832b62d49b43433e10c47dc51072959af93963c790892efc20ec422f1;GALLIUM APT IOC https://www.microsoft.com/security/blog/2019/12/12/gallium-targeting-global-telecom/
7ce9e1c5562c8a5c93878629a47fe6071a35d604ed57a8f918f3eadf82c11a9c;GALLIUM APT IOC https://www.microsoft.com/security/blog/2019/12/12/gallium-targeting-global-telecom/
178d5ee8c04401d332af331087a80fb4e5e2937edfba7266f9be34a5029b6945;GALLIUM APT IOC https://www.microsoft.com/security/blog/2019/12/12/gallium-targeting-global-telecom/
51f70956fa8c487784fd21ab795f6ba2199b5c2d346acdeef1de0318a4c729d9;GALLIUM APT IOC https://www.microsoft.com/security/blog/2019/12/12/gallium-targeting-global-telecom/
889bca95f1a69e94aaade1e959ed0d3620531dc0fc563be9a8decf41899b4d79;GALLIUM APT IOC https://www.microsoft.com/security/blog/2019/12/12/gallium-targeting-global-telecom/
332ddaa00e2eb862742cb8d7e24ce52a5d38ffb22f6c8bd51162bd35e84d7ddf;GALLIUM APT IOC https://www.microsoft.com/security/blog/2019/12/12/gallium-targeting-global-telecom/
44bcf82fa536318622798504e8369e9dcdb32686b95fcb44579f0b4efa79df08;GALLIUM APT IOC https://www.microsoft.com/security/blog/2019/12/12/gallium-targeting-global-telecom/
63552772fdd8c947712a2cff00dfe25c7a34133716784b6d486227384f8cf3ef;GALLIUM APT IOC https://www.microsoft.com/security/blog/2019/12/12/gallium-targeting-global-telecom/
056744a3c371b5938d63c396fe094afce8fb153796a65afa5103e1bffd7ca070;GALLIUM APT IOC https://www.microsoft.com/security/blog/2019/12/12/gallium-targeting-global-telecom/

08f87f8c64a4c98b0e99592a436d601249feeaec4a2c4effbf69a166e4f592a0;Operation Wocao IOCs https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/
2047e464627e36410b3458e23062f23eecbd383e7854b55b497ec8db017c0d5e;Operation Wocao IOCs https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/
29d5933c18826b00bc075623740c00c00057ff897580bea3362674f6ec1cbe10;Operation Wocao IOCs https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/
3016ea94e3c5bd7f9d8e503b1817491bcf9e2ee5bb82fc106aa5d692dd0ff5c6;Operation Wocao IOCs https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/
459910699497f2efe921a197e365fd5938af55378b3b20d2867ce171036fb675;Operation Wocao IOCs https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/
5cf61c0b865fd2ab897c72ff2cc01ac4c31ea9c50ecc3d47693f3482fd8f91d4;Operation Wocao IOCs https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/
5d01150ade4b302b9fd765fd0fb70aa17ee9cb9fcb219c2d270fd90ad8d01188;Operation Wocao IOCs https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/
6972ba198ed0d30de9f66be5777ecdba2d657078f138325ee6db225c20b29e6e;Operation Wocao IOCs https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/
75ac4478c1729d1b5434724cf0c2bd53cc5940d251a4ca07b17c239c8f62da8d;Operation Wocao IOCs https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/
a4a448d40aa8b4ff1d18de7a84b7fbc4c41c00062a56cd7c74ac443b61438f47;Operation Wocao IOCs https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/
b2162d4cbeee907d1af13918900e6e4f13232d00915563d841aa7c904d94589c;Operation Wocao IOCs https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/
c109ddd4f43bc38a50b07b4fc22fe568cced4fb4d8c5bd71546407c2c6219048;Operation Wocao IOCs https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/
d43251480775f224517f484686bc7ca39e532d900b86ebf6ed37da8ee13534a4;Operation Wocao IOCs https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/
e959c1eee16fcc512392fedd2704c7051742260f335f9b2d9f37fe23b3bde47d;Operation Wocao IOCs https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/

774a9c3ff01a3e734b7bec0c312120126295fad9;BRONZE PRESIDENT - ORat malware sample - https://www.secureworks.com/research/bronze-president-targets-ngos
4c81777551a772218519fb6dd1a6672aade4a936;BRONZE PRESIDENT - Cobalt Strike payload - https://www.secureworks.com/research/bronze-president-targets-ngos
c72cc22ad328946201b069cddae0eee021d687b1;BRONZE PRESIDENT - Cobalt Strike payload - https://www.secureworks.com/research/bronze-president-targets-ngos
f14eaf5d648aebb2ed7b00b2cf4349263b30fb1c;BRONZE PRESIDENT - Modified DLL file (goopdate.dll) used by BRONZE PRESIDENT to install RCSession - https://www.secureworks.com/research/bronze-president-targets-ngos
603babf64a62989bf00e124955471519f0d8e8ed;BRONZE PRESIDENT - RCSession payload (English.rtf) - https://www.secureworks.com/research/bronze-president-targets-ngos
fcb799d02e6c1b4ac76ec8c5e704c7c511762d2d;BRONZE PRESIDENT - Modified DLL file (goopdate.dll) used by BRONZE PRESIDENT to install RCSession - https://www.secureworks.com/research/bronze-president-targets-ngos
ed8ad981c73ed444f1b89c4bda71ed99ca966c5a;BRONZE PRESIDENT - RCSession payload (English.rtf) - https://www.secureworks.com/research/bronze-president-targets-ngos
bd2533005a2eaed203054fd649fdbdcd3e3a860a;BRONZE PRESIDENT - Associated with BRONZE PRESIDENT phishing lure delivering PlugX - https://www.secureworks.com/research/bronze-president-targets-ngos
9136eed34bea473d0f8554fb1d914502b832f219;BRONZE PRESIDENT - Associated with BRONZE PRESIDENT phishing lure delivering PlugX - https://www.secureworks.com/research/bronze-president-targets-ngos
1a2f1c97a5883e8bb4edcdacfe176da98b266b42;BRONZE PRESIDENT - Associated with BRONZE PRESIDENT phishing lure delivering PlugX - https://www.secureworks.com/research/bronze-president-targets-ngos

273aa20c4857d98cfa51ae52a1c21bf871c0f9cd0bf55d5e58caba5d1829846f;JhoneRAT Docx - https://blog.talosintelligence.com/2020/01/jhonerat.html
29886dbbe81ead9e9999281e62ecf95d07acb24b9b0906b28beb65a84e894091;JhoneRAT Docx - https://blog.talosintelligence.com/2020/01/jhonerat.html
d5f10a0b5c103100a3e74aa9014032c47aa8973b564b3ab03ae817744e74d079;JhoneRAT Docx - https://blog.talosintelligence.com/2020/01/jhonerat.html
6cc0c11c754e1e82bca8572785c27a364a18b0822c07ad9aa2dc26b3817b8aa4;JhoneRAT Template - https://blog.talosintelligence.com/2020/01/jhonerat.html
7e1121fca3ac7c2a447b61cda997f3a8202a36bf9bb08cca3402df95debafa69;JhoneRAT Image - https://blog.talosintelligence.com/2020/01/jhonerat.html
b4a43b108989d1dde87e58f1fd6f81252ef6ae19d2a5e8cd76440135e0fd6366;JhoneRAT PE Autoit - https://blog.talosintelligence.com/2020/01/jhonerat.html
4228a5719a75be2d6658758fc063bd07c1774b44c10b00b958434421616f1548;JhoneRAT PE Python - https://blog.talosintelligence.com/2020/01/jhonerat.html

0C5B15D89FDA9BAF446B286C6F97F535;WildPressure Hash IOC https://securelist.com/wildpressure-targets-industrial-in-the-middle-east/96360/
17B1A05FC367E52AADA7BDE07714666B;WildPressure Hash IOC https://securelist.com/wildpressure-targets-industrial-in-the-middle-east/96360/
A76991F15D6B4F43FBA419ECA1A8E741;WildPressure Hash IOC https://securelist.com/wildpressure-targets-industrial-in-the-middle-east/96360/

c0c467c8e9b2046d7053642cc9bdd57d;APT41 Campaign - Marcho 2020 - 1.txt - https://www.fireeye.com/blog/threat-research/2020/03/apt41-initiates-global-intrusion-campaign-using-multiple-exploits.html
155e98e5ca8d662fad7dc84187340cbc;APT41 Campaign - Marcho 2020 - fuc - https://www.fireeye.com/blog/threat-research/2020/03/apt41-initiates-global-intrusion-campaign-using-multiple-exploits.html
7966c2c546b71e800397a67f942858d0;APT41 Campaign - Marcho 2020 - install.bat - https://www.fireeye.com/blog/threat-research/2020/03/apt41-initiates-global-intrusion-campaign-using-multiple-exploits.html
5909983db4d9023e4098e56361c96a6f;APT41 Campaign - Marcho 2020 - storesyncsvc.dll - https://www.fireeye.com/blog/threat-research/2020/03/apt41-initiates-global-intrusion-campaign-using-multiple-exploits.html
3e856162c36b532925c8226b4ed3481c;APT41 Campaign - Marcho 2020 - 2.exe - https://www.fireeye.com/blog/threat-research/2020/03/apt41-initiates-global-intrusion-campaign-using-multiple-exploits.html
659bd19b562059f3f0cc978e15624fd9;APT41 Campaign - Marcho 2020 - TzGG - https://www.fireeye.com/blog/threat-research/2020/03/apt41-initiates-global-intrusion-campaign-using-multiple-exploits.html

f2d4a35f20cd92c13cab8f6a50995a3b;Skeleton Key Campaign https://medium.com/@cycraft_corp/taiwan-high-tech-ecosystem-targeted-by-foreign-apt-group-5473d2ad8730
389d184ef0b0b2901c982c421142cbb1;Skeleton Key Campaign https://medium.com/@cycraft_corp/taiwan-high-tech-ecosystem-targeted-by-foreign-apt-group-5473d2ad8730
c9b8cab697f23e6ee9b1096e312e8573;Skeleton Key Campaign https://medium.com/@cycraft_corp/taiwan-high-tech-ecosystem-targeted-by-foreign-apt-group-5473d2ad8730
a403d96953eb867f3092751d0763c7d0;Skeleton Key Campaign https://medium.com/@cycraft_corp/taiwan-high-tech-ecosystem-targeted-by-foreign-apt-group-5473d2ad8730
bb897e34bc0d1e82dfe79d0898f5aa88;Skeleton Key Campaign https://medium.com/@cycraft_corp/taiwan-high-tech-ecosystem-targeted-by-foreign-apt-group-5473d2ad8730

94cae63dcbabb71c5dd43f55fd09caeffdcd7628a02a112fb3cba36698ef72bc;Chafer Toolset Hash IOC - 11.exe
fb9e181d3ea6faa9d0e7431bfc8301fd66bcc8c3d66b26cef7036d117ee5fbb1;Chafer Toolset Hash IOC - 1.exe
a1672417b70e407cec5d81446b6c197e169909edddae925d18b183828d3450ed;Chafer Toolset Hash IOC - VNC_bypauth.txt
863db5a8b6564e44b5dbfef8da2e62cde00e32b03c29321628fc30d67f1eb891;Chafer Toolset Hash IOC - a
2555e848eda2a5a9bc48d107520b7fb3faf684ce45b12d763981655aecd3f057;Chafer Toolset Hash IOC - a.c
3fc3ecfd634344c11abb594c3ecb9f05cea3117607bda0a129115cb87dd9b3fa;Chafer Toolset Hash IOC - bc.exe
e1796b1b2cc3b32fb7c81c61b6ed7ae7e5a7a247d2d7f323cf54c3583fe89990;Chafer Toolset Hash IOC - cmd.jsp
6085b743a677204f6c8263b3c9baf50c588c48fab7dfa1d0fa87a89b47a67d08;Chafer Toolset Hash IOC - cmd.txt
caf0b9afe8f3cb2037640a49d3aaec078940b6ea193338bb5a482e5d2f5fd21c;Chafer Toolset Hash IOC - find.bat
7eb05334bb1fa0cb49b095a906821bccdbab94348613919fdeb1ee60ef1346b7;Chafer Toolset Hash IOC - ip.txt
da6b03ee40f03e27547c2f92df3e22222c14e56e182e2b0c71828eb06f837eb8;Chafer Toolset Hash IOC - ipwdump.exe
4c5de55447be1a635ddfbf405ad4927b6d75ef42949559b083b314f0fcc19423;Chafer Toolset Hash IOC - ipwlsa.dll
c839e886b98d2c752a134e888dad40799cd9966f8a73b51edc85ca2d72f99616;Chafer Toolset Hash IOC - mfevtpse.exe
cbcc37f37d326d3c3def52b3e3a42d14857d56ba6b6e13d02b3cd041cbb2aa3a;Chafer Toolset Hash IOC - nc.jpg
3d1d3871edd985cae2838f4b7fbae6675d70e28bb8606ac42b5b7591290f0e96;Chafer Toolset Hash IOC - p.txt
29fe8ea77382e942bcb318c54ba98c3b33db48240591cc0b6ca61860a8070d01;Chafer Toolset Hash IOC - pan.zip
3b826c09907aa099098bdafa876381c21dd72691ef3f26f1a5cb99795c7da067;Chafer Toolset Hash IOC - pc.txt
29b24268c57e306e6ba881f80998188dc1e76e64621535380e4b67e8d086f658;Chafer Toolset Hash IOC - servlets-examples.war
06b15c48ba3bda15a38ab840538ea919f6a721361c590956a7b389fdafefcabd;Chafer Toolset Hash IOC - v
29b24268c57e306e6ba881f80998188dc1e76e64621535380e4b67e8d086f658;Chafer Toolset Hash IOC - web-console.war
ade900cf62545fa8b56c15132fc4d5ffc5e160b08aa5679f5e438c154aed02b0;Chafer Toolset Hash IOC - winexe
8a4bc150868f870e05acb743b6798109aa302712c7e971ba6c61553e28fa0bcd;Chafer Toolset Hash IOC - winexe.sh
39daa8fe6a9f017dcdfe911b48031d8d20218da589e3d7608066aa1aa18b0d5b;Chafer Toolset Hash IOC - winexe2

2a3f36c849d9fbfe510c00ac4aca1750452cd8f6d8b1bc234d22bc0c40ea1613;Greenbug IOC Reverse Shell
9809aeb6fd388db9ba60843d5a8489fea268ba30e3935cb142ed914d49c79ac5;Greenbug IOC Infostealer
3c6bc3294a0b4b6e95f747ec847660ce22c5c4eee2681d02cc63f2a88d2d0b86;Greenbug IOC Backdoor
ece23612029589623e0ae27da942440a9b0a9cd4f9681ec866613e64a247969d;Greenbug IOC Mimikatz
b8797931ad99b983239980359ef0ae132615ebedbf6fcb0c0e9979404b4a02a8;Greenbug IOC Webshell
9de28b94aa3f1a849221cf74224554b41a77473c694cadf3f2526ab06480eb85;Greenbug IOC Webshell
b51eca570abad9341a08ae4d153d2c64827db876ee0491eb941d7e9a48d43554;Greenbug IOC Webshell
16e1e886576d0c70af0f96e3ccedfd2e72b8b7640f817c08a82b95ff5d4b1218;Greenbug IOC Webshell
abb3ddc945d147a4ed435b71490764bc4a2860f4ad264052f407357911bd6746;Greenbug IOC Webshell
6cb51c7011f27418c772124d4433350a534061f5732c1331f5483d62b42402f7;Greenbug IOC Webshell
9bf8121e0f3461412dde107c4d1ceb2ed18ec0741f458956830e038fd1be6d44;Greenbug IOC Webshell
75cee6136011516dfe7bd9e45b25c2cf5d9af149a81fff0b8b3ab157a8cbf321;Greenbug IOC Covenant stager
e974237c32f5d28019c5328bd022469236da87eecee19487902133aea89432a0;Greenbug IOC Covenant stager
f577fc8f22b6eec782dbcbe54f5a8f3b00e8e6d8dc7aa94b2fffcc2b7ce09c6a;Greenbug IOC Covenant stager
53bbc9ebe40725bd74ebf29616f48a8aed0a544dd0e4f40801ac1b522f2cf32f;Greenbug IOC CHM file
fd95ffb7c70f828ef021e7dbdaf852f54f385095e7f58607f093096b68f40a32;Greenbug IOC Backdoor
071e20a982ea6b8f9d482685010be7aaf036401ea45e2977aca867cedcdb0217;Greenbug IOC Unknown
ee32bde60d1175709fde6869daf9c63cd3227155e37f06d45a27a2f45818a3dc;Greenbug IOC Backdoor
4c7813a1f3eb5d5d8b8a1e53af074c96cfc6ddb14b21188fd84970f001bfc0ff;Greenbug IOC Unknown
471dadfe16cf2cf82566d404d2b7d1baf66b72c385ae272dcc743a285113e280;Greenbug IOC CHM file
069a29a0642ea5e2034250f5465cb2230edf1b49ad42d16ff4cddfee1f693314;Greenbug IOC Unknown
faba07425c1fa65a9a68a17b99e83663a2a32fbb2a7c3df347b7a7411a7058bc;Greenbug IOC Unknown
0644b3ffc856eb54b53338ab8ecd22dd005ee5aacfe321f4e61b763a93f82aea;Greenbug IOC Unknown
fc002268620fa67ffe260ea9f3a6bbad8637f9bef8ae85b8d6061cec0390b9e2;Greenbug IOC Unknown
450ebd66ba67bb46bf18d122823ff07ef4a7b11afe63b6f269aec9236a1790cd;Greenbug IOC Unknown

8f0fcb5a80b2bca62d79f0d1cbdc93fb;BRONZE VINEWOOD report MD5 hash - https://www.secureworks.com/research/bronze-vinewood-targets-supply-chains
9c162e042e0a892924f8415f7d72fe4f966bae7d;BRONZE VINEWOOD report SHA1 hash - https://www.secureworks.com/research/bronze-vinewood-targets-supply-chains
16e9c238c6a77ebbb3c5b75ba78e6584;BRONZE VINEWOOD report MD5 hash - encrypted loader DLL - https://www.secureworks.com/research/bronze-vinewood-targets-supply-chains
251138c6caac684f1900edeb282ff098;BRONZE VINEWOOD report MD5 hash - encrypted loader DLL - https://www.secureworks.com/research/bronze-vinewood-targets-supply-chains
a88db7ca71000dc197ee29d53cbd2a95;BRONZE VINEWOOD report MD5 hash - encrypted loader DLL - https://www.secureworks.com/research/bronze-vinewood-targets-supply-chains
244595a997af4bb8bac5efaee34805ff;BRONZE VINEWOOD report MD5 hash - loader DLL - https://www.secureworks.com/research/bronze-vinewood-targets-supply-chains
ff693988afa9ee34be78057ac51bad77691aa552;BRONZE VINEWOOD report SHA1 hash - loader DLL - https://www.secureworks.com/research/bronze-vinewood-targets-supply-chains
7fff010d11be12966bbf4dbdfacbb4d6;BRONZE VINEWOOD report MD5 hash - encrypted loader DLL - https://www.secureworks.com/research/bronze-vinewood-targets-supply-chains
8b77ba9868df648d22cbce5145e315b50d822d4a;BRONZE VINEWOOD report SHA1 hash - encrypted loader DLL - https://www.secureworks.com/research/bronze-vinewood-targets-supply-chains
e8e59b44613b5af58688809f8cb6dfa8;BRONZE VINEWOOD report MD5 hash - payload - https://www.secureworks.com/research/bronze-vinewood-targets-supply-chains
2e84fd87150a002df98233093f2842337c594604;BRONZE VINEWOOD report SHA1 hash - payload - https://www.secureworks.com/research/bronze-vinewood-targets-supply-chains
5f31452fdbfa4b01437fd553198ab563;BRONZE VINEWOOD report MD5 hash - encrypted payload - https://www.secureworks.com/research/bronze-vinewood-targets-supply-chains
ca0996634789f7039edc67a60de4498d66a63d9f;BRONZE VINEWOOD report SHA1 hash - encrypted payload - https://www.secureworks.com/research/bronze-vinewood-targets-supply-chains
7fff010d11be12966bbf4dbdfacbb4d6;BRONZE VINEWOOD report MD5 hash - encrypted payload - https://www.secureworks.com/research/bronze-vinewood-targets-supply-chains
2bbf74073ed7a910a69c3d2a67bd5f8f;BRONZE VINEWOOD report MD5 hash - used by BRONZE VINEWOOD; uses GitHub gist for command and control - https://www.secureworks.com/research/bronze-vinewood-targets-supply-chains
462be075b591547fefb54d2f95930ef674b4bfa4c2cafbf6b90e6741274cfe85;BRONZE VINEWOOD report - Malicious DLL that launches HanaLoader
c1f02f8bc3c391e576c9cda626a9eb81c4b2fe063cc80de592d9ce999478eeaa;BRONZE VINEWOOD report - BRONZE VINEWOOD encrypted loader DLL
71d30d6cf37d5d0fcb2e9a9061fde20f62683a6be91e52abc5f665e5ec021cf3;BRONZE VINEWOOD report - Encrypted zlib-compressed file containing HanaLoader

401BC3740385A73EF0D3AD93DFCE03C82770072A;EvilNum Report - Helper Tools – rev.py - https://www.welivesecurity.com/2020/07/09/more-evil-deep-look-evilnum-toolset/
27054C073C10F61452101646DA5AC9AA21DC90DB;EvilNum Report - Helper Tools – runner.py - https://www.welivesecurity.com/2020/07/09/more-evil-deep-look-evilnum-toolset/
C4817D8C8E0B147ED5220229987FC84A43DA16A5;EvilNum Report - Helper Tools – PythonProxy.py - https://www.welivesecurity.com/2020/07/09/more-evil-deep-look-evilnum-toolset/
480C6F0C3998009C017051A8D6FFE199BC2A18DF;EvilNum Report - Helper Tools – socks.py - https://www.welivesecurity.com/2020/07/09/more-evil-deep-look-evilnum-toolset/
C17CF1E8B4806A931F5FA0D73AD4BB521C43849A;EvilNum Report - Helper Tools – log.py - https://www.welivesecurity.com/2020/07/09/more-evil-deep-look-evilnum-toolset/
47A7CD789C90735325EBD2C495A983A9C7E56E6F;EvilNum Report - Helper Tools – l.py - https://www.welivesecurity.com/2020/07/09/more-evil-deep-look-evilnum-toolset/
2B8522ED748178037BD13FC4D3F564CE8B7BA6D6;EvilNum Report - Helper Tools – Win.ps1 - https://www.welivesecurity.com/2020/07/09/more-evil-deep-look-evilnum-toolset/
9677FCBF6F59BE2A5AB61BE5E6DF91599FB67602;EvilNum Report - Helper Tools – abc.bat (executes Golden Chickens components) - https://www.welivesecurity.com/2020/07/09/more-evil-deep-look-evilnum-toolset/
476BB78BCF194523C385E2CEE364D6D097464ECA;EvilNum Report - Helper Tools – hi.txt (remote scriptlet) - https://www.welivesecurity.com/2020/07/09/more-evil-deep-look-evilnum-toolset/
E0957B2421A6EF3237A33A37DA8B52A9F29863D6;EvilNum Report - TerraTV – 15159.ocx - https://www.welivesecurity.com/2020/07/09/more-evil-deep-look-evilnum-toolset/
1F287AA922911F72F68B4B0C8645B4C909EB07B9;EvilNum Report - TerraTV – ACTIVEDS.dll - https://www.welivesecurity.com/2020/07/09/more-evil-deep-look-evilnum-toolset/
7C98E37CBA9B9C757E77892F02E1783A80AC450F;EvilNum Report - TerraStealer - https://www.welivesecurity.com/2020/07/09/more-evil-deep-look-evilnum-toolset/
73C5792AA05C122903C1AEA1E1F965D223C073D8;EvilNum Report - TerraStealer - https://www.welivesecurity.com/2020/07/09/more-evil-deep-look-evilnum-toolset/
C341D18A79057B032DC0A03F4524606205057F62;EvilNum Report - TerraStealer - https://www.welivesecurity.com/2020/07/09/more-evil-deep-look-evilnum-toolset/
E8A95EC590E5786B780D3D6986282273895B4C8A;EvilNum Report - TerraStealer - https://www.welivesecurity.com/2020/07/09/more-evil-deep-look-evilnum-toolset/
1C1D8D0AF6AA728589C5D0D0F46C01B129C75BA0;EvilNum Report - TerraPreter – msf_64.ocx - https://www.welivesecurity.com/2020/07/09/more-evil-deep-look-evilnum-toolset/
A7F1C2BE87B5EE4392757948FB7C895CAD95520B;EvilNum Report - TerraPreter – msfsigned.ocx - https://www.welivesecurity.com/2020/07/09/more-evil-deep-look-evilnum-toolset/
7D9037377DC2A2E3FC1985983942D1E9F986AA42;EvilNum Report - TerraPreter – msfsignednofront.ocx - https://www.welivesecurity.com/2020/07/09/more-evil-deep-look-evilnum-toolset/
976DA2E8BDD698D974D38D01593897CA64946D92;EvilNum Report - More Eggs – load.ocx - https://www.welivesecurity.com/2020/07/09/more-evil-deep-look-evilnum-toolset/
1303EB76FE1F978C6BFB6EA28329E7CDA61126AF;EvilNum Report - More Eggs – loadsigned.ocx - https://www.welivesecurity.com/2020/07/09/more-evil-deep-look-evilnum-toolset/
3200E9832CD61828DDF4E82155D66B63D2E6A54E;EvilNum Report - More Eggs – 32753.ocx - https://www.welivesecurity.com/2020/07/09/more-evil-deep-look-evilnum-toolset/
AF68B3E310BF8446E4CD10EFCF4776196131E785;EvilNum Report - More Eggs – 13681.ocx - https://www.welivesecurity.com/2020/07/09/more-evil-deep-look-evilnum-toolset/
D675D3AC1C05DC7AC73674C47FA141D75F537DD3;EvilNum Report - More Eggs – 13435.ocx - https://www.welivesecurity.com/2020/07/09/more-evil-deep-look-evilnum-toolset/
B3C8C1C80824278661FBB26B17040B87180D1D34;EvilNum Report - C# Agent – system.memmory.dll - https://www.welivesecurity.com/2020/07/09/more-evil-deep-look-evilnum-toolset/
C23F0551C2F7937EA4AD4B970B01CBD4D104EFFE;EvilNum Report - C# Agent – Policy.exe - https://www.welivesecurity.com/2020/07/09/more-evil-deep-look-evilnum-toolset/
6E7493BD1EF727FBC6EECD3AE5EC31BB8C1E897D;EvilNum Report - C# Agent – Policy.exe - https://www.welivesecurity.com/2020/07/09/more-evil-deep-look-evilnum-toolset/
4187F714076853B1FFA38A84835DB2623460F537;EvilNum Report - C# Agent Loader – Policy.exe - https://www.welivesecurity.com/2020/07/09/more-evil-deep-look-evilnum-toolset/
04F7FEDF8FDDF8EB5B592A57F67F72B1075C7CC1;EvilNum Report - C# Agent Loader – ServiceHud.exe - https://www.welivesecurity.com/2020/07/09/more-evil-deep-look-evilnum-toolset/
B6B9C5EFFDD14E2920183B313C56E5068C57A709;EvilNum Report - C# Agent Loader – ServiceHud.exe - https://www.welivesecurity.com/2020/07/09/more-evil-deep-look-evilnum-toolset/
D6341CD464847C9C2716030111261D5B84A43B2A;EvilNum Report - C# Copier – ypoc.exe - https://www.welivesecurity.com/2020/07/09/more-evil-deep-look-evilnum-toolset/
AB0C6268C61D9F36996BA7653B3A3E1EDE2AEE51;EvilNum Report - C# Copier – ypoc.exe - https://www.welivesecurity.com/2020/07/09/more-evil-deep-look-evilnum-toolset/
A6ECD3A818D463155C31977000E6FDE3EB8A2352;EvilNum Report - MSI Installer of C# agent - SecuUpdate2021.msi - https://www.welivesecurity.com/2020/07/09/more-evil-deep-look-evilnum-toolset/

4B90E2E2D1DEA7889DC15059E11E11353FA621A6;Winnti - First stage - https://www.welivesecurity.com/2020/05/21/no-game-over-winnti-group/
C7A9DCD4F9B2F26F50E8DD7F96352AEC7C4123FE;Winnti - First stage - https://www.welivesecurity.com/2020/05/21/no-game-over-winnti-group/
3508EB2857E279E0165DE5AD7BBF811422959158;Winnti - First stage - https://www.welivesecurity.com/2020/05/21/no-game-over-winnti-group/
729D526E75462AA8D33A1493B5A77CB28DD654BC;Winnti - First stage - https://www.welivesecurity.com/2020/05/21/no-game-over-winnti-group/
5663AF9295F171FDD41A6D819094A5196920AA4B;Winnti - First stage - https://www.welivesecurity.com/2020/05/21/no-game-over-winnti-group/
23789B2C9F831E385B22942DBC22F085D62B48C7;Winnti - PipeMon - https://www.welivesecurity.com/2020/05/21/no-game-over-winnti-group/
53C5AE2655808365F1030E1E06982A7A6141E47F;Winnti - PipeMon - https://www.welivesecurity.com/2020/05/21/no-game-over-winnti-group/
E422CC1D7B2958A59F44EE6D1B4E10B524893E9D;Winnti - PipeMon - https://www.welivesecurity.com/2020/05/21/no-game-over-winnti-group/
5BB96743FEB1C3375A6E2660B8397C68BEF4AAC2;Winnti - PipeMon - https://www.welivesecurity.com/2020/05/21/no-game-over-winnti-group/
78F4ACD69DC8F9477CAB9C732C91A92374ADCACD;Winnti - PipeMon - https://www.welivesecurity.com/2020/05/21/no-game-over-winnti-group/
B56D8F826FA8E073E6AD1B99B433EAF7501F129E;Winnti - PipeMon - https://www.welivesecurity.com/2020/05/21/no-game-over-winnti-group/
534CD47EB38FEE7093D24BAC66C2CF8DF24C7D03;Winnti - PipeMon - https://www.welivesecurity.com/2020/05/21/no-game-over-winnti-group/
168101B9B3B512583B3CE6531CFCE6E5FB581409;Winnti - PipeMon encrypted binarie - https://www.welivesecurity.com/2020/05/21/no-game-over-winnti-group/
C887B35EA883F8622F7C48EC9D0427AFE833BF46;Winnti - PipeMon encrypted binarie - https://www.welivesecurity.com/2020/05/21/no-game-over-winnti-group/
44D0A2A43ECC8619DE8DB99C1465DB4E3C8FF995;Winnti - PipeMon encrypted binarie - https://www.welivesecurity.com/2020/05/21/no-game-over-winnti-group/
E17972F1A3C667EEBB155A228278AA3B5F89F560;Winnti - PipeMon encrypted binarie - https://www.welivesecurity.com/2020/05/21/no-game-over-winnti-group/
C03BE8BB8D03BE24A6C5CF2ED14EDFCEFA8E8429;Winnti - PipeMon encrypted binarie - https://www.welivesecurity.com/2020/05/21/no-game-over-winnti-group/
2B0481C61F367A99987B7EC0ADE4B6995425151C;Winnti - PipeMon encrypted binaries - https://www.welivesecurity.com/2020/05/21/no-game-over-winnti-group/
AF9C220D177B0B54A790C6CC135824E7C829B681;Winnti - WinEggDrop - https://www.welivesecurity.com/2020/05/21/no-game-over-winnti-group/
4A240EDEF042AE3CE47E8E42C2395DB43190909D;Winnti - Mimikatz - https://www.welivesecurity.com/2020/05/21/no-game-over-winnti-group/
751A9CBFFEC28B22105CDCAF073A371DE255F176;Winnti - Netcat - https://www.welivesecurity.com/2020/05/21/no-game-over-winnti-group/
48230228B69D764F71A7BF8C08C85436B503109E;Winnti - HTran - https://www.welivesecurity.com/2020/05/21/no-game-over-winnti-group/
D24BBB898A4A301870CAB85F836090B0FC968163;Winnti - AceHash - https://www.welivesecurity.com/2020/05/21/no-game-over-winnti-group/

285714ff750fe1b3343593b2efb7fc3e8229e755c128759faedc5654deae879a;GoldenSpy Report - BKA August 2020 - https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html
e41102043cfb9279cf1aafa89de7336a5d94fcfd0217eb590b36d119bbfaaa0f;GoldenSpy Report - BKA August 2020 - https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html
843d996888de1201acb028e45c3a36102ae53a6b97428a79097cd9756f85dd62;GoldenSpy Report - BKA August 2020 - https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html
f16c756e3bebd76d0c2ca1e73b4539a36fde97afdbb4591c7fac8f0db1492d45;GoldenSpy Report - BKA August 2020 - https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html
b6982fe4ab882cfdcba091c6617b9d279a9bcfd3e28a76d5fb2c0cdfc0c23064;GoldenSpy Report - BKA August 2020 - https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html
68472c7468b931dbbea1900bdeb4dcf10bdbfe1384e0984f4272f1a036659202;GoldenSpy Report - BKA August 2020 - https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html
6366f009e4c0303d7f5ba0bb6a529039618ff8715972713c3b6645d1aef3d4c1;GoldenSpy Report - BKA August 2020 - https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html
ce3d64f8ad4dcbbf5324e05c81a716c5d2493e149edafbc5cb73c01836bea5f2;GoldenSpy Report - BKA August 2020 - https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html
862115c6d8d6e6addeb408c45ac0a7f8a25126d5ccca6d9356143a7a683c009d;GoldenSpy Report - BKA August 2020 - https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html
c9d1ec32df1b134aa809bc8b3ad475b690347294693f6c5b65ab1df94fa4d1fd;GoldenSpy Report - BKA August 2020 - https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html
7bf45c75dca3362331d5a9a116bf9c7a52e1352905a5dee66f0cf123acc461b2;GoldenSpy Report - BKA August 2020 - https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html
67316d574d0e05549bf314b4764842e2b598f2ffae1ac82123b3dd592f605751;GoldenSpy Report - BKA August 2020 - https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html
d41081969a212dec0ca623d848fb51907d8cdb1cb7bd86e1354e3041052858fb;GoldenSpy Report - BKA August 2020 - https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html
afe2bcd5cb2de6349329c42631bfbbdba46d672f6dc515a5bee63cb4265e49f8;GoldenSpy Report - BKA August 2020 - https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html
98b5320e7464fc69b12eb626b6336604efcbf6502adc38c77f6db41666da9dd1;GoldenSpy Report - BKA August 2020 - https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html
f89e898ea40e10901c0c9f9100f269a227323ace1f7248293bfd57982dea1a67;GoldenSpy Report - BKA August 2020 - https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html
853ef8130b50e9fce5f7575afc04374de0232fa5fe6b7b4d97fda7bf17ec58c9;GoldenSpy Report - BKA August 2020 - https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html
39b914c8064becf3df1df39b0517bda05371e90b8b5fe15aad275faac634876f;GoldenSpy Report - BKA August 2020 - https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html
8b0e1be70409238e7577429df3eaa84a6b12f36d9dbb6e47607f7fc354ddb961;GoldenSpy Report - BKA August 2020 - https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html
a8169c566bf4566c6c4ba98ce7f9ecf143ae6c21dc0d7b15779c936e1ff60269;GoldenSpy Report - BKA August 2020 - https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html
55429a6085d50782be52bb2150cfabecfdaa4eb843350399c3cf88a9ab9fa4c1;GoldenSpy Report - BKA August 2020 - https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html
e8118cb2941c0421a2f6942919f8541b5fab348e2334102eab8654d2c4bff8ed;GoldenSpy Report - BKA August 2020 - https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html
2878ad6d386bc3fd9f0625195a3a60fc5056ff7ff24e57cf466e54af07d0217e;GoldenSpy Report - BKA August 2020 - https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html
af120f411c2c1f3ec52516006a25c734a5a0e4952c3eb942ad99858420c9135e;GoldenSpy Report - BKA August 2020 - https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html
a44e6b87dc1165c4c6839554dd412e98fade0a7e7c6341b9d44c0ee0dd034160;GoldenSpy Report - BKA August 2020 - https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html
561f89c566af35a90ae19285177cedaae3a0cbd7c8d415c57766e7988503c686;GoldenSpy Report - BKA August 2020 - https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html
e0e7b4f6878483bdc8c3e01d4daa11c71e61385e85a6eaa2be8fec04d250b74e;GoldenSpy Report - BKA August 2020 - https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html
c12e099fb5e825be513c75cff8b4f064b9d4ea8435bab254d69e126b74959372;GoldenSpy Report - BKA August 2020 - https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html
8c756a02e7eb863cf1375e7069a92c49fbc669c5e3ea95fb5ddab764096fa31e;GoldenSpy Report - BKA August 2020 - https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html
b1193c3f6f33686e3dd0429e6a873fb5d6f4662af7d43ed72aa4fbae557af56a;GoldenSpy Report - BKA August 2020 - https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html
6b7c7c0d1d574cbd3f7a7df1ed5a78c2340acad9ed319214c12c212dbb6e8b8d;GoldenSpy Report - BKA August 2020 - https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html
2f36085961f4569733e90c4eb2612cd3b320b60a9270450d30b1943ffefa78a4;GoldenSpy Report - BKA August 2020 - https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html
a78162bbb5d2b1e90f6bff13e246b7b6f1407b6fe58ba968764aaf8352920c33;GoldenSpy Report - BKA August 2020 - https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html
3b63900e56a7eccee43d42a77fcb6d7834943f5236adae063abe32111f35152d;GoldenSpy Report - BKA August 2020 - https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html
5246fc50cce0b3492939a169082eebfde63c9ebc312267eef6d1bb47b44c44aa;GoldenSpy Report - BKA August 2020 - https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html
534da7cf722968de28eceff23e2924e180bf2c59f3852fb58a4653f8a54fa69a;GoldenSpy Report - BKA August 2020 - https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html
817887f4e977443cb446579f080ae848a2235b79f8c174e7201cebf62e9ccd94;GoldenSpy Report - BKA August 2020 - https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html
323d0cf9ac1c750761f66482154dbd3144dae7336c955a4576cb4cce6438a6ba;GoldenSpy Report - BKA August 2020 - https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html
c4fc73dbfc0d61a0a60239971225321b882af5923babf26c324726b80db612a2;GoldenSpy Report - BKA August 2020 - https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html
d29f78f020e3e50f6692470ad725cb684aa2644596ea0c1b332145a62a6f6a66;GoldenSpy Report - BKA August 2020 - https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html
82fb179572b6c4ce92bb2a9950675a135cb88aa64e1b4ca93288f4058a8886f3;GoldenSpy Report - BKA August 2020 - https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html
63163b1358e60631f0baf9d04cd8398ca45228ed43d3df48a8b7749fd4181fdf;GoldenSpy Report - BKA August 2020 - https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html
a9a6116f7a4f592c6bd75e09d9562fe6e21cc9067f6a60cb5d56704a3b746608;GoldenSpy Report - BKA August 2020 - https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html
dfed03b4d22eb818859fdb5cca94ac90d7a538f6bca9a086c9a86806c07f8fe2;GoldenSpy Report - BKA August 2020 - https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html
a26a8103df2d4fd152def868cfead5e1e2c9b333d0d0110cee02c06a98f1c188;GoldenSpy Report - BKA August 2020 - https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html
8215972987c85e180e7df1a17bac6575df92fe882d0092bf470d2ce651db2585;GoldenSpy Report - BKA August 2020 - https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html
7b1578fd81d09729784a8200fe79e9255cdd695ac882ec3db22219277c4f675e;GoldenSpy Report - BKA August 2020 - https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html
3a184ed46b10e27515f8f8726a91886296f7ab1e9c05552b1189d828f15ccb3f;GoldenSpy Report - BKA August 2020 - https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html
48dbe64eea55a0e579a2e8e12bfe3eb38416563c70a0c49e9ab2d72ac90254ce;GoldenSpy Report - BKA August 2020 - https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html
5684427b6cd6752bea95cdde7772b28ba0051be97045eef8224a63b5f3da3398;GoldenSpy Report - BKA August 2020 - https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html
10e8c9ade8687cfb2badb23c90e8f025c2b2e35d0934d287e19c2b14746395c2;GoldenSpy Report - BKA August 2020 - https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html
e6466b2761600ac993bb0d46e3707fb059edd9212d671c5736cf25070a076508;GoldenSpy Report - BKA August 2020 - https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html
7f5ed71f18937ecc6db9520ca9a9d16e3c113609c7a9a99a29ba74687f1349d2;GoldenSpy Report - BKA August 2020 - https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html
7d48f65ff9e904ac98e0f41b94f04723ce907fc221efffbbf83545ca167fe921;GoldenSpy Report - BKA August 2020 - https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html
985cc0b818fee90bf0cd3b76b60239b5f4eae55f64280c8cca1a667950fb2e4a;GoldenSpy Report - BKA August 2020 - https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html
7b014a03f58545736685fbad24d65b6324c0c2ad627fadfdb772e1ddcdd15f6c;GoldenSpy Report - BKA August 2020 - https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html
953cec896a79dc12eecc8e1e48f3b0e43bc9d95bb19dbd7318bae45027ff1334;GoldenSpy Report - BKA August 2020 - https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html
ac9253dec9288e1277c4b6e842c75de99d156db5ac4516c0780bc2e87b2410c9;GoldenSpy Report - BKA August 2020 - https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html
9e7957475fb3d849fb1f5bcce5b110f87a47bac621d4a31989c6f5d154b6e0ee;GoldenSpy Report - BKA August 2020 - https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html

d0d626deb3f9484e649294a8dfa814c5568f846d5aa02d4cdad5d041a29d5600;FireEye SUNBURST Report - CORE-2019.4.5220.20574-SolarWinds-Core-v2019.4.5220-Hotfix5.msp
019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134;FireEye SUNBURST Report - SolarWinds.Orion.Core.BusinessLayer.dll SUNBURST backdoor
ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6;FireEye SUNBURST Report - SolarWinds.Orion.Core.BusinessLayer.dll SUNBURST backdoor
32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77;FireEye SUNBURST Report - SolarWinds.Orion.Core.BusinessLayer.dll SUNBURST backdoor
292327e5c94afa352cc5a02ca273df543f2020d0e76368ff96c84f4e90778712;FireEye SUNBURST Report - OrionImprovementBusinessLayer.2.cs Decompiled and corrected source code for SUNBURST 
c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71;FireEye SUNBURST Report - app_web_logoimagehandler.ashx.b6031896.dll Webshell

0B0CF4ADA30797B0488857F9A3B1429F44335FB6;Lucky Mouse Campaign - Trojanized Able Desktop - https://www.welivesecurity.com/2020/12/10/luckymouse-ta428-compromise-able-desktop/
B51835A5D8DA77A49E3266494A8AE96764C4C152;Lucky Mouse Campaign - Trojanized Able Desktop - https://www.welivesecurity.com/2020/12/10/luckymouse-ta428-compromise-able-desktop/
23A227DD9B77913D15735A25EFB0882420B1DE81;Lucky Mouse Campaign - Payload loader - https://www.welivesecurity.com/2020/12/10/luckymouse-ta428-compromise-able-desktop/
2A630E25D0C1006B6DBD7277F8E52A3574BEFFEC;Lucky Mouse Campaign - Payload loader - https://www.welivesecurity.com/2020/12/10/luckymouse-ta428-compromise-able-desktop/
8FFF5C6EB4DAEE2052B3578B73789EB15711FEEE;Lucky Mouse Campaign - HyperBro - https://www.welivesecurity.com/2020/12/10/luckymouse-ta428-compromise-able-desktop/
0550AAE6E3CEABCEF2A3F926339E68817112059A;Lucky Mouse Campaign - HyperBro - https://www.welivesecurity.com/2020/12/10/luckymouse-ta428-compromise-able-desktop/
5D066113534A9E31F49BEFDA560CF8F8890496D0;Lucky Mouse Campaign - Korplug - https://www.welivesecurity.com/2020/12/10/luckymouse-ta428-compromise-able-desktop/
ED6CECFDAAEB7F41A824757862640C874EF3F7AE;Lucky Mouse Campaign - Tmanger - https://www.welivesecurity.com/2020/12/10/luckymouse-ta428-compromise-able-desktop/


118189f90da3788362fe85eafa555298423e21ec37f147f3bf88c61d4cd46c51;CobaltStrike Beacon Loader https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/
1817a5bf9c01035bcf8a975c9f1d94b0ce7f6a200339485d8f93859f8f6d730c;CobaltStrike Beacon Loader https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/
1ec138f21a315722fb702706b4bdc0f544317f130f4a009502ec98345f85e4ad;CobaltStrike Beacon Loader https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/
2a276f4b11f47f81dd2bcb850a158d4202df836769da5a23e56bf0353281473e;CobaltStrike Beacon Loader https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/
327f1d94bc26779cbe20f8689be12c7eee2e390fbddb40b92ad00b1cddfd6426;CobaltStrike Beacon Loader https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/
3985dea8e467c56e8cc44ebfc201253ffee923765d12808aaf17db2c644c4c06;CobaltStrike Beacon Loader https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/
557f91404fb821d7c1e98d9f2f5296dc12712fc19c87a84602442b4637fb23d4;CobaltStrike Beacon Loader https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/
5cf85c3d18cd6dba8377370883a0fffda59767839156add4c8912394f76d6ef0;CobaltStrike Beacon Loader https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/
5f8650ca0ed22ad0d4127eb4086d4548ec31ad035c7aec12c6e82cb64417a390;CobaltStrike Beacon Loader https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/
674075c8f63c64ad5fa6fd5e2aa6e4954afae594e7b0f07670e4322a60f3d0cf;CobaltStrike Beacon Loader https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/
6ff3a4f7fd7dc793e866708ab0fe592e6c08156b1aa3552a8d74e331f1aea377;CobaltStrike Beacon Loader https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/
7c68f8d80fc2a6347da7c196d5f91861ba889afb51a4da4a6c282e06ef5bdb7e;CobaltStrike Beacon Loader https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/
915705c09b4bd108bcd123fe35f20a16d8c9c7d38d93820e8c167695a890b214;CobaltStrike Beacon Loader https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/
948bfdfad43ad52ca09890a4d2515079c29bdfe02edaa53e7d92858aa2dfbe4c;CobaltStrike Beacon Loader https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/
955609cf0b4ea38b409d523a0f675d8404fee55c458ad079b4031e02433fdbf3;CobaltStrike Beacon Loader https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/
b348546f4c6a9bcafd81015132f09cf8313420eb653673bf3d65046427b1167f;CobaltStrike Beacon Loader https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/
b35e0010e0734fcd9b5952ae93459544ae33485fe0662fae715092e0dfb92ad3;CobaltStrike Beacon Loader https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/
b820e8a2057112d0ed73bd7995201dbed79a79e13c79d4bdad81a22f12387e07;CobaltStrike Beacon Loader https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/
be9dbbec6937dfe0a652c0603d4972ba354e83c06b8397d6555fd1847da36725;CobaltStrike Beacon Loader https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/
c5a818d9b95e1c548d6af22b5e8663a2410e6d4ed87df7f9daf7df0ef029872e;CobaltStrike Beacon Loader https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/
c741797dd400de5927f8b5317165fc755d6439749c39c380a1357eac0a00f90c;CobaltStrike Beacon Loader https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/
c7924cc1bc388cfcdc2ee2472899cd34a2ef4414134cbc23a7cb530650f93d98;CobaltStrike Beacon Loader https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/
c96b7a3c9acf704189ae8d6124b5a7b1f0e8c83c246b59bc5ff15e17b7de4c84;CobaltStrike Beacon Loader https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/
cbbe224d9854d6a4269ed2fa9b22d77681f84e3ca4e5d6891414479471f5ca68;CobaltStrike Beacon Loader https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/
cdd9b4252ef2f6e64bccc91146ec5dc51d94e2761184cd0ffa9909aa739fa17e;CobaltStrike Beacon Loader https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/
dbd26ccb3699f426dc6799e218b91d1a3c1d08ad3006bc2880e29c755a4e2338;CobaltStrike Beacon Loader https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/
e60e1bb967db273b922deeea32d56fc6d9501a236856ef9a3e5f76c1f392000a;CobaltStrike Beacon Loader https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/
f2d38a29f6727f4ade62d88d8a68de0d52a0695930b8c92437a2f9e4de92e418;CobaltStrike Beacon Loader https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/
f61a37aa8581986ba600286d65bb76100fb44e347e253f1f5ad50051e5f882f5;CobaltStrike Beacon Loader https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/
f81987f1484bfe5441be157250b35b0a2d7991cf9272fa4eacd3e9f0dee235de;CobaltStrike Beacon Loader https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/

0ac5c8ad0c2ddef4d41724acac586ffabcc92ab9d4906a4fc4a1ff2ec2feec7c;Lazarus campaign against researchers Malicious Visual Studio .vcxproj files https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/
1cc60cb1e08779ff140dfbb4358a7c2587ba58ad2f1f23343b9efb51bb25aaed;Lazarus campaign against researchers Malicious Visual Studio .vcxproj files https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/
5024f199836692fe428aef3d41a561448632e9cbab954f842ef300573600423d;Lazarus campaign against researchers Malicious Visual Studio .vcxproj files https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/
98a6e0c8b8ec4dbbc3ef21308ec04912fa38e84828cedad99e081d588811ba5e;Lazarus campaign against researchers Malicious Visual Studio .vcxproj files https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/
d02752aadc71fafa950a6a51b1298dc914e81d20f95a86b12ee07cd2d2a85711;Lazarus campaign against researchers Malicious Visual Studio .vcxproj files https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/

0acf21fba2b46ad2dd9c0da887f0fda704e7a5569b735c288d43a57688eb53fa;Lazarus campaign against researchers - Comebacker malware - https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/
133280e985448a3cfa8906830af137634c4657740a8c7209a368c5a0d0b3dabf;Lazarus campaign against researchers - Comebacker malware - https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/
25d8ae4678c37251e7ffbaeddc252ae2530ef23f66e4c856d98ef60f399fa3dc;Lazarus campaign against researchers - Comebacker malware - https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/
284df008aa2459fd1e69b1b1c54fb64c534fce86d2704c4d4cc95d72e8c11d6f;Lazarus campaign against researchers - Comebacker malware - https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/
34e13e2efb336fbe8202ca931a496aa451cf554450806b63d25a57a627e0fb65;Lazarus campaign against researchers - Comebacker malware - https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/
39ad9ae3780c2f6d41b1897e78f2b2b6d549365f5f024bc68d1fe794b940f9f1;Lazarus campaign against researchers - Comebacker malware - https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/
4c3499f3cc4a4fdc7e67417e055891c78540282dccc57e37a01167dfe351b244;Lazarus campaign against researchers - Comebacker malware - https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/
68e6b9d71c727545095ea6376940027b61734af5c710b2985a628131e47c6af7;Lazarus campaign against researchers - Comebacker malware - https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/
80a19caf4cfc9717d449975f98a157d0a483bf48a05e3b6f7a9b204faa8c35d1;Lazarus campaign against researchers - Comebacker malware - https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/
88aeaff0d989db824d6e9429cd94bc22bbbfc39775c0929e703343798f69e9cc;Lazarus campaign against researchers - Comebacker malware - https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/
913871432989378a042f5023351c2fa2c2f43b497b75ef2a5fd16d65aa7d0f54;Lazarus campaign against researchers - Comebacker malware - https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/
ca48fa63bd603c74ab02841fc6b6e90c29a9b740232628fadafa923d2833a314;Lazarus campaign against researchers - Comebacker malware - https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/
d0678fe8c92912698c4b9d4d03d83131e16d8b219ccf373fa847da476788785b;Lazarus campaign against researchers - Comebacker malware - https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/
5815103140c68614fd7fc05bad540e654a37b81b7e451e213128f2eff081005a;Lazarus campaign against researchers - Comebacker malware - https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/
e413e8094d76061f094f8b9339d00d80514065f7d37c184543c0f80c5d51bd80;Lazarus campaign against researchers - Comebacker malware - https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/
c23f50c8014c190afa14b4c2c9b85512fb3a75405652c9b6be1401f678295f36;Lazarus campaign against researchers - Comebacker malware - https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/
a75886b016d84c3eaacaf01a3c61e04953a7a3adf38acf77a4a2e3a8f544f855;Lazarus campaign against researchers - Comebacker malware - https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/

0acf21fba2b46ad2dd9c0da887f0fda704e7a5569b735c288d43a57688eb53fa;Lazarus campaign against researchers - Klackring malware - https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/
16ad21aedf8f43fcedaa19dbd4f4fda0f3fec0517662b99a3054dac6542ab865;Lazarus campaign against researchers - Klackring malware - https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/
1d9a58bc9b6b22fb3e3099996dbab13bfc5258b8307026f66fa69729d40f2b13;Lazarus campaign against researchers - Klackring malware - https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/
4bfeb22ec438cf7ed8a7fefe6e7f321d842ad6ade0ca772732d1a757177e7ad7;Lazarus campaign against researchers - Klackring malware - https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/
6b3a693d391426182fc2944d14b0816cdf1e5f87c13d6eb697756f9577b0bcee;Lazarus campaign against researchers - Klackring malware - https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/
70e1f774c0c80e988641d709d3a6990193e039b1ce618ceaacc1d61a850e9b76;Lazarus campaign against researchers - Klackring malware - https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/
77a9a0f67d09cafaf05ee090483a64622a7a04dfe226763f68651b071c1802f2;Lazarus campaign against researchers - Klackring malware - https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/
8d85e31de2623538a42a211e3919d5602f99dc80f21e0c5f99d53838b2b07063;Lazarus campaign against researchers - Klackring malware - https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/
90b4bd609b84c41beeed5b9310f2d84de83c74aaecfd1facc02e278be5059110;Lazarus campaign against researchers - Klackring malware - https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/
9c90bbe4b61136d94170e90c299adab0d1ccbc3a8f71519799dd901d742f3561;Lazarus campaign against researchers - Klackring malware - https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/
9f23069f74d0fb09823ad7f46f338d7920a731622404a7754df36ffbc40f8744;Lazarus campaign against researchers - Klackring malware - https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/
a1c4c617d99d10bbb2524b4d5bfdcf00f47d9cf39e8c7d3e6a9ce1219393da5a;Lazarus campaign against researchers - Klackring malware - https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/
a4fb20b15efd72f983f0fb3325c0352d8a266a69bb5f6ca2eba0556c3e00bd15;Lazarus campaign against researchers - Klackring malware - https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/
aa5264323755a7dfa7c39ada09224c8c1de03ec8aeb6f7b216a56e8475e5f547;Lazarus campaign against researchers - Klackring malware - https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/
aeb6fb0ba6d947b4ee67a5111fbdf798c4488377ae28bdf537c1f920a58785b7;Lazarus campaign against researchers - Klackring malware - https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/
b47969e73931546fdcfb1e69c43da911dc9f7bb8d0e211731a253b572ecdc4fe;Lazarus campaign against researchers - Klackring malware - https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/
bc19a9415428973d65358291d604d96a0915a01d4b06939269b9e210f23aad43;Lazarus campaign against researchers - Klackring malware - https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/
c5d13324100047d7def82eeafdb6fc98cc2ccfae56db66ada9f1c3c7429ef9cb;Lazarus campaign against researchers - Klackring malware - https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/
dcc986c48c9c99c012ae2b314ac3f2223e217aee2ccdfb733cbbdaea0b713589;Lazarus campaign against researchers - Klackring malware - https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/
e8cf9b04ba7054e1c34bda05106478f9071f8f6569b4822070834abbf8e07a95;Lazarus campaign against researchers - Klackring malware - https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/
b32319da446dcf83378ab714f5ad0229dff43c9c6b345b69f1a397c951c1122e;Lazarus campaign against researchers - Klackring malware - https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/
11fef660dec27474c0c6c856a7b4619155821fdd1ce404848513a2700be806a5;Lazarus campaign against researchers - Klackring malware - https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/
9e562cc5c3eb48a5f1a1ccd29bf4b2ff4ab946f45aa5d8ea170f69104b684023;Lazarus campaign against researchers - Klackring malware - https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/
58a74dceb2022cd8a358b92acd1b48a5e01c524c3b0195d7033e4bd55eff4495;Lazarus campaign against researchers - viaglt64.sys – Vulnerable Vir.IT driver for CVE-2017-16238 - https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/
5e54bccbd4d93447e79cda0558b0b308a186c2be571c739e5460a3cb6ef665c0;AppleJues Campaign (Updater) - https://us-cert.cisa.gov/ncas/alerts/aa21-048a
6ee19085ad5c17f989616d17ef68041910b3d0cbcf7e08cc7d7c1a1cb09e6b69;AppleJues Campaign (celastradepro_win_installer_1....) - https://us-cert.cisa.gov/ncas/alerts/aa21-048a
a84ed8ce714dff76b48b26414de9f045de561146d7eaa09019cbfbb2586c9765;AppleJues Campaign (CelasTradePro.exe) - https://us-cert.cisa.gov/ncas/alerts/aa21-048a
bdff852398f174e9eef1db1c2d3fefdda25fe0ea90a40a2e06e51b5c0ebd69eb;AppleJues Campaign (Updater.exe) - https://us-cert.cisa.gov/ncas/alerts/aa21-048a
c0c2239138b9bc659b5bddd8f49fa3f3074b65df8f3a2f639f7c632d2306af70;AppleJues Campaign (CelasTradePro) - https://us-cert.cisa.gov/ncas/alerts/aa21-048a
d404c0a634cef0d32029286fde8efccb6dfe1809066bbec7ac32d42c5ce3bc04;AppleJues Campaign (celastradepro_mac_installer_1....) - https://us-cert.cisa.gov/ncas/alerts/aa21-048a
07c38ca1e0370421f74c949507fc0d21f4cfcb5866a4f9c0751aefa0d6e97542;AppleJues Campaign (jmttrader.msi) - https://us-cert.cisa.gov/ncas/alerts/aa21-048a
081d1739422bf050755e6af269a717681274821cea8becb0962d4db61869c5d6;AppleJues Campaign (JMTTrader.exe) - https://us-cert.cisa.gov/ncas/alerts/aa21-048a
4d6078fc1ea6d3cd65c3ceabf65961689c5bc2d81f18c55b859211a60c141806;AppleJues Campaign (jmttrader_mac.dmg) - https://us-cert.cisa.gov/ncas/alerts/aa21-048a
7ea6391c11077a0f2633104193ec08617eb6321a32ac30c641f1650c35eed0ea;AppleJues Campaign (JMTTrader) - https://us-cert.cisa.gov/ncas/alerts/aa21-048a
9bf8e8ac82b8f7c3707eb12e77f94cd0e06a972658610d136993235cbfa53641;AppleJues Campaign (CrashReporter.exe) - https://us-cert.cisa.gov/ncas/alerts/aa21-048a
e352d6ea4da596abfdf51f617584611fc9321d5a6d1c22aff243aecdef8e7e55;AppleJues Campaign (CrashReporter) - https://us-cert.cisa.gov/ncas/alerts/aa21-048a
e3623c2440b692f6b557a862719dc95f41d2e9ad7b560e837d3b59bfe4b8b774;AppleJues Campaign - https://us-cert.cisa.gov/ncas/alerts/aa21-048a
af4144c1f0236e6b59f40d88635ec54c2ef8034f6a96a83f5dbfd6b8ea2c0d49;AppleJues Campaign - https://us-cert.cisa.gov/ncas/alerts/aa21-048a
0967d2f122a797661c90bc4fc00d23b4a29f66129611b4aa76f62d8a15854d36;AppleJues Campaign - https://us-cert.cisa.gov/ncas/alerts/aa21-048a
01c13f825ec6366ac2b6dd80e5589568fa5c8685cb4d924d1408e3d7c178902f;AppleJues Campaign - https://us-cert.cisa.gov/ncas/alerts/aa21-048a
755bd7a3765efceb8183ffade090ef2637a85c4505f8078dda116013dd5758f3;AppleJues Campaign - https://us-cert.cisa.gov/ncas/alerts/aa21-048a
2ab58b7ce583402bf4cbc90bee643ba5f9503461f91574845264d4f7e3ccb390;AppleJues Campaign - https://us-cert.cisa.gov/ncas/alerts/aa21-048a
6f45a004ad6bb087f733feb618e115fe88164f6db9562cb9b428372c9add75f0;AppleJues Campaign - https://us-cert.cisa.gov/ncas/alerts/aa21-048a
631ac269925bb72b5ad8f469062309541e1edfec5610a21eecded75a35e65680;AppleJues Campaign - https://us-cert.cisa.gov/ncas/alerts/aa21-048a
0bc7517aa2f0c1820ced399bfd66b993f10ad77e8d72727b0f3dc1ca35cad7ba;AppleJues Campaign (kupay_upgrade) - https://us-cert.cisa.gov/ncas/alerts/aa21-048a
1b60a6d35c872102f535ae6a3d7669fb7d55c43dc7e73354423fdcca01a955d6;AppleJues Campaign (Kupay.exe) - https://us-cert.cisa.gov/ncas/alerts/aa21-048a
91eaf215be336eae983d069de16630cc3580e222c427f785e0da312d0692d0fd;AppleJues Campaign (kupayupdate_stage2) - https://us-cert.cisa.gov/ncas/alerts/aa21-048a
fc1aafd2ed190fa523e60c3d22b6f7ca049d97fc41c9a2fe987576d6b5e81d6d;AppleJues Campaign (KupayUpgrade.exe) - https://us-cert.cisa.gov/ncas/alerts/aa21-048a
326d7836d580c08cf4b5e587434f6e5011ebf2284bbf3e7c083a8f41dac36ddd;AppleJues Campaign (CoinGoTradeUpgradeDaemon) - https://us-cert.cisa.gov/ncas/alerts/aa21-048a
3e5442440aea07229a1bf6ca2fdf78c5e2e5eaac312a325ccb49d45da14f97f4;AppleJues Campaign (CoinGoTrade.exe) - https://us-cert.cisa.gov/ncas/alerts/aa21-048a
527792dfab79f026eaa6930d2109c93e816ed31826dba0338a9223db71aced18;AppleJues Campaign (CoinGo_Trade) - https://us-cert.cisa.gov/ncas/alerts/aa21-048a
572a124f5665be68eaa472590f3ba75bf34b0ea2942b5fcbfd3e74654202dd09;AppleJues Campaign (CoinGoTradeUpdate.exe) - https://us-cert.cisa.gov/ncas/alerts/aa21-048a
5e40d106977017b1ed235419b1e59ff090e1f43ac57da1bb5d80d66ae53b1df8;AppleJues Campaign (prtspool) - https://us-cert.cisa.gov/ncas/alerts/aa21-048a
21afaceee5fab15948a5a724222c948ad17cad181bf514a680267abcce186831;AppleJues Campaign (DorusioUpgrade.exe) - https://us-cert.cisa.gov/ncas/alerts/aa21-048a
78b56a1385f2a92f3c9404f71731088646aac6c2c84cc19a449976272dab418f;AppleJues Campaign (Dorusio.exe) - https://us-cert.cisa.gov/ncas/alerts/aa21-048a
dcb232409c799f6ddfe4bc0566161c2d0b372db6095a0018e6059e34c2b79c61;AppleJues Campaign (dorusio_upgrade) - https://us-cert.cisa.gov/ncas/alerts/aa21-048a
bb430087484c1f4587c54efc75681eb60cf70956ef2a999a75ce7b563b8bd694;AppleJues Campaign (Ants2WhaleHelper) - https://us-cert.cisa.gov/ncas/alerts/aa21-048a
d5ac680e14b013e0624470da7f46e84809d00b59a7544f6a42b110cf0e29254e;AppleJues Campaign (Ants2Whale) - https://us-cert.cisa.gov/ncas/alerts/aa21-048a


b191cc4d73a247afe0a62a8c38dc9137;Threat Needle - Installer - %APPDATA%\Microsoft\DRM\logon.bin https://securelist.com/lazarus-threatneedle/100803/
9e440e231ef2c62c78147169a26a1bd3;Threat Needle - Installer - C:\ProgramData\ntnser.bin https://securelist.com/lazarus-threatneedle/100803/
b7cc295767c1d8c6c68b1bb6c4b4214f;Threat Needle - Installer - C:\ProgramData\ntnser.bin https://securelist.com/lazarus-threatneedle/100803/
0f967343e50500494cf3481ce4de698c;Threat Needle - Installer - C:\ProgramData\Microsoft\MSDN\msdn.bin https://securelist.com/lazarus-threatneedle/100803/
09aa1427f26e7dd48955f09a9c604564;Threat Needle - Installer - %APPDATA\Microsoft\info.dat https://securelist.com/lazarus-threatneedle/100803/
07b22533d08f32d48485a521dbc1974d;Threat Needle - Installer - C:\ProgramData\adobe\load.dat https://securelist.com/lazarus-threatneedle/100803/
1c5e4d60a1041cf2903817a31c1fa212;Threat Needle - Installer - C:\ProgramData\Adobe\adobe.tmp https://securelist.com/lazarus-threatneedle/100803/
4cebc83229a40c25434c51ee3d6be13e;Threat Needle - Installer - C:\ProgramData\Adobe\up.tmp https://securelist.com/lazarus-threatneedle/100803/
23b04b18c75aa7d286fea5d28d41a830;Threat Needle - Installer - %APPDATA%\Microsoft\DRM\logon.dat https://securelist.com/lazarus-threatneedle/100803/
319ace20f6ffd39b7fff1444f73c9f5d;Threat Needle - Installer - %APPDATA%\Microsoft\DRM\logon.bin https://securelist.com/lazarus-threatneedle/100803/
45c0a6e13cad26c69eff59fded88ef36;Threat Needle - Installer - %APPDATA%\Microsoft\DRM\logon.dat https://securelist.com/lazarus-threatneedle/100803/
486f25db5ca980ef4a7f6dfbf9e2a1ad;Threat Needle - Installer - C:\ProgramData\ntusers.dat https://securelist.com/lazarus-threatneedle/100803/
1333967486d3ab50d768fb745dae9af5;Threat Needle - Installer - C:\PerfLogs\log.bin https://securelist.com/lazarus-threatneedle/100803/
07b22533d08f32d48485a521dbc1974d;Threat Needle - Installer - C:\ProgramData\Adobe\load.dat https://securelist.com/lazarus-threatneedle/100803/
c86d0a2fa9c4ef59aa09e2435b4ab70c;Threat Needle - Installer - %TEMP%\ETS4659.tmp https://securelist.com/lazarus-threatneedle/100803/
69d71f06fbfe177fb1a5f57b9c3ae587;Threat Needle - Installer - %APPDATA%\Microsoft\Windows\shsvcs.db https://securelist.com/lazarus-threatneedle/100803/
7bad67dcaf269f9ee18869e5ef6b2dc1;Threat Needle - Installer - https://securelist.com/lazarus-threatneedle/100803/
956e5138940a4f44d1c2c24f122966bd;Threat Needle - Installer - %APPDATA%\ntuser.bin https://securelist.com/lazarus-threatneedle/100803/
ed627b7bbf7ea78c343e9fb99783c62b;Threat Needle - Loader - https://securelist.com/lazarus-threatneedle/100803/  
1a17609b7df20dcb3bd1b71b7cb3c674;Threat Needle - Loader - https://securelist.com/lazarus-threatneedle/100803/ %ALLUSERSPROFILE%\ntuser.bin
fa9635b479a79a3e3fba3d9e65b842c3;Threat Needle - Loader - https://securelist.com/lazarus-threatneedle/100803/  
3758bda17b20010ff864575b0ccd9e50;Threat Needle - Loader - https://securelist.com/lazarus-threatneedle/100803/ %SYSTEMROOT%\system\mraudio.drv
cbcf15e272c422b029fcf1b82709e333;Threat Needle - Loader - https://securelist.com/lazarus-threatneedle/100803/ %SYSTEMROOT%\system\mraudio.drv
9cb513684f1024bea912e539e482473a;Threat Needle - Loader - https://securelist.com/lazarus-threatneedle/100803/  
36ab0902797bd18acd6880040369731c;Threat Needle - Loader - https://securelist.com/lazarus-threatneedle/100803/ %SYSTEMROOT%\LogonHours.sys
db35391857bcf7b0fa17dbbed97ad269;Threat Needle - Loader - https://securelist.com/lazarus-threatneedle/100803/ %ALLUSERSPROFILE%\Adobe\update.tmp
be4c927f636d2ae88a1e0786551bf3c4;Threat Needle - Loader - https://securelist.com/lazarus-threatneedle/100803/ %ALLUSERSPROFILE%\Adobe\unpack.tmp
728948c66582858f6a3d3136c7fbe84a;Threat Needle - Loader - https://securelist.com/lazarus-threatneedle/100803/ %APPDATA%\Microsoft\IBM.DAT
06af39b9954dfe9ac5e4ec397a3003fb;Threat Needle - Loader - https://securelist.com/lazarus-threatneedle/100803/  
29c5eb3f17273383782c716754a3025a;Threat Needle - Loader - https://securelist.com/lazarus-threatneedle/100803/  
79d58b6e850647024fea1c53e997a3f6;Threat Needle - Loader - https://securelist.com/lazarus-threatneedle/100803/  
e604185ee40264da4b7d10fdb6c7ab5e;Threat Needle - Loader - https://securelist.com/lazarus-threatneedle/100803/  
2a73d232334e9956d5b712cc74e01753;Threat Needle - Loader - https://securelist.com/lazarus-threatneedle/100803/  
1a17609b7df20dcb3bd1b71b7cb3c674;Threat Needle - Loader - https://securelist.com/lazarus-threatneedle/100803/ %ALLUSERSPROFILE%\ntuser.bin
459be1d21a026d5ac3580888c8239b07;Threat Needle - Loader - https://securelist.com/lazarus-threatneedle/100803/ %ALLUSERSPROFILE%\ntuser.bin
87fb7be83eff9bea0d6cc95d68865564;Threat Needle - Loader - https://securelist.com/lazarus-threatneedle/100803/ %SYSTEMROOT%\SysWOW64\wmdmpmsp.sys
062a40e74f8033138d19aa94f0d0ed6e;Threat Needle - Loader - https://securelist.com/lazarus-threatneedle/100803/ %APPDATA%\microsoft\OutIook.db
9b17f0db7aeff5d479eaee8056b9ac09;Threat Needle - Loader - https://securelist.com/lazarus-threatneedle/100803/ %TEMP%\ETS4658.tmp, %APPDATA%\Temp\BTM0345.tmp
9b17f0db7aeff5d479eaee8056b9ac09;Threat Needle - Loader - https://securelist.com/lazarus-threatneedle/100803/ %APPDATA%\Temp\BTM0345.tmp
420d91db69b83ac9ca3be23f6b3a620b;Threat Needle - Loader - https://securelist.com/lazarus-threatneedle/100803/  
238e31b562418c236ed1a0445016117c;Threat Needle - Loader - https://securelist.com/lazarus-threatneedle/100803/ %APPDATA%\Microsoft\Windows\lconcaches.db, %TEMP%\cache.db
36ab0902797bd18acd6880040369731c;Threat Needle - Loader - https://securelist.com/lazarus-threatneedle/100803/  
238e31b562418c236ed1a0445016117c;Threat Needle - Loader - https://securelist.com/lazarus-threatneedle/100803/ %TEMP%\cache.db, %APPDATA%\Microsoft\Windows\lconcaches.db
ad1a93d6e6b8a4f6956186c213494d17;Threat Needle - Loader - https://securelist.com/lazarus-threatneedle/100803/ %APPDATA%\Microsoft\Windows\shsvcs.db
c34d5d2cc857b6ee9038d8bb107800f1;Threat Needle - Loader - https://securelist.com/lazarus-threatneedle/100803/  
16824dfd4a380699f3841a6fa7e52c6d;Threat Needle - Registry Loader - https://securelist.com/lazarus-threatneedle/100803/  
aa74ed16b0057b31c835a5ef8a105942;Threat Needle - Registry Loader - https://securelist.com/lazarus-threatneedle/100803/  
85621411e4c80897c588b5df53d26270;Threat Needle - Registry Loader - https://securelist.com/lazarus-threatneedle/100803/ %SYSTEMROOT%\system\avimovie.dll
a611d023dfdd7ca1fab07f976d2b6629;Threat Needle - Registry Loader - https://securelist.com/lazarus-threatneedle/100803/  
160d0e396bf8ec87930a5df46469a960;Threat Needle - Registry Loader - https://securelist.com/lazarus-threatneedle/100803/ %WINDIR%\winhelp.dll
110e1c46fd9a39a1c86292487994e5bd;Threat Needle - Registry Loader - https://securelist.com/lazarus-threatneedle/100803/  
ac86d95e959452d189e30fa6ded05069;Threat Needle - Downloader https://securelist.com/lazarus-threatneedle/100803/ %APPDATA%\Microsoft\thumbnails.db
bea90d0ef40a657cb291d25c4573768d;Threat Needle - Trojanized VNC Uploader - https://securelist.com/lazarus-threatneedle/100803/ %ALLUSERSPROFILE%\adobe\arm86.dat
254a7a0c1db2bea788ca826f4b5bf51a;Threat Needle - Trojanized VNC Uploader - https://securelist.com/lazarus-threatneedle/100803/ %APPDATA%\PBL\user.tmp, %APPDATA%\Comms\Comms.dat
6f0c7cbd57439e391c93a2101f958ccd;Threat Needle - Trojanized VNC Uploader - https://securelist.com/lazarus-threatneedle/100803/ %APPDATA\PBL\update.tmp
fc9e7dc13ce7edc590ef7dfce12fe017;Threat Needle - Trojanized VNC Uploader - https://securelist.com/lazarus-threatneedle/100803/
0aceeb2d38fe8b5ef2899dd6b80bfc08;Threat Needle - Trojanized VNC Uploader - https://securelist.com/lazarus-threatneedle/100803/ %TEMP%\ETS5659.tmp
09580ea6f1fe941f1984b4e1e442e0a5;Threat Needle - Trojanized VNC Uploader - https://securelist.com/lazarus-threatneedle/100803/ %TEMP%\ETS4658.tmp

95b78f4d3602aeea4f7a33c9f1b49a97;UNC2198 Activity - SYSTEMBC https://www.fireeye.com/blog/threat-research/2021/02/melting-unc2198-icedid-to-ransomware-operations.html
0378897e4ec1d1ee4637cff110635141;UNC2198 Activity - SYSTEMBC https://www.fireeye.com/blog/threat-research/2021/02/melting-unc2198-icedid-to-ransomware-operations.html
c803200ad4b9f91659e58f0617f0dafa;UNC2198 Activity - SYSTEMBC https://www.fireeye.com/blog/threat-research/2021/02/melting-unc2198-icedid-to-ransomware-operations.html
ad4d445091a3b66af765a1d653fd1eb7;UNC2198 Activity - SYSTEMBC https://www.fireeye.com/blog/threat-research/2021/02/melting-unc2198-icedid-to-ransomware-operations.html
9ecf25b1e9be0b20822fe25269fa5d02;UNC2198 Activity - SYSTEMBC https://www.fireeye.com/blog/threat-research/2021/02/melting-unc2198-icedid-to-ransomware-operations.html
e319f5a8fe496c0c8247e27c3469b20d;UNC2198 Activity - SYSTEMBC https://www.fireeye.com/blog/threat-research/2021/02/melting-unc2198-icedid-to-ransomware-operations.html
a8a7059278d82ce55949168fcd1ddde4;UNC2198 Activity - SYSTEMBC https://www.fireeye.com/blog/threat-research/2021/02/melting-unc2198-icedid-to-ransomware-operations.html
aea530f8a0645419ce0abe1bf2dc1584;UNC2198 Activity - SYSTEMBC https://www.fireeye.com/blog/threat-research/2021/02/melting-unc2198-icedid-to-ransomware-operations.html
3098fbc98e90d91805717d7a4f946c27;UNC2198 Activity - BEACON https://www.fireeye.com/blog/threat-research/2021/02/melting-unc2198-icedid-to-ransomware-operations.html
e124cd26fcce258addc85d7f010655ea;UNC2198 Activity - BEACON https://www.fireeye.com/blog/threat-research/2021/02/melting-unc2198-icedid-to-ransomware-operations.html
7ae990c12bf5228b6d1b90d40ad0a79f;UNC2198 Activity - BEACON https://www.fireeye.com/blog/threat-research/2021/02/melting-unc2198-icedid-to-ransomware-operations.html
3eb552ede658ee77ee4631d35eac6b43;UNC2198 Activity - BEACON https://www.fireeye.com/blog/threat-research/2021/02/melting-unc2198-icedid-to-ransomware-operations.html
c188c6145202b65a941c41e7ff2c9afd;UNC2198 Activity - BEACON https://www.fireeye.com/blog/threat-research/2021/02/melting-unc2198-icedid-to-ransomware-operations.html
2f43055df845742d137a18b347f335a5;UNC2198 Activity - BEACON https://www.fireeye.com/blog/threat-research/2021/02/melting-unc2198-icedid-to-ransomware-operations.html
87dc37e0edb39c077c4d4d8f1451402c;UNC2198 Activity - ICEDID https://www.fireeye.com/blog/threat-research/2021/02/melting-unc2198-icedid-to-ransomware-operations.html
1efababd1d6bd869f005f92799113f42;UNC2198 Activity - ICEDID https://www.fireeye.com/blog/threat-research/2021/02/melting-unc2198-icedid-to-ransomware-operations.html
a64e7dd557e7eab3513c9a5f31003e68;UNC2198 Activity - ICEDID https://www.fireeye.com/blog/threat-research/2021/02/melting-unc2198-icedid-to-ransomware-operations.html
9760913fb7948f2983831d71a533a650;UNC2198 Activity - ICEDID https://www.fireeye.com/blog/threat-research/2021/02/melting-unc2198-icedid-to-ransomware-operations.html
14467102f8aa0a0d95d0f3c0ce5f0b59;UNC2198 Activity - ICEDID https://www.fireeye.com/blog/threat-research/2021/02/melting-unc2198-icedid-to-ransomware-operations.html

b75f163ca9b9240bf4b37ad92bc7556b40a17e27c2b8ed5c8991385fe07d17d0;HAFNIUM Webshells - Exchange Exploitation - https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/
097549cf7d0f76f0d99edf8b2d91c60977fd6a96e4b8c3c94b0b1733dc026d3e;HAFNIUM Webshells - Exchange Exploitation - https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/
2b6f1ebb2208e93ade4a6424555d6a8341fd6d9f60c25e44afe11008f5c1aad1;HAFNIUM Webshells - Exchange Exploitation - https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/
65149e036fff06026d80ac9ad4d156332822dc93142cf1a122b1841ec8de34b5;HAFNIUM Webshells - Exchange Exploitation - https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/
511df0e2df9bfa5521b588cc4bb5f8c5a321801b803394ebc493db1ef3c78fa1;HAFNIUM Webshells - Exchange Exploitation - https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/
4edc7770464a14f54d17f36dc9d0fe854f68b346b27b35a6f5839adf1f13f8ea;HAFNIUM Webshells - Exchange Exploitation - https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/
811157f9c7003ba8d17b45eb3cf09bef2cecd2701cedb675274949296a6a183d;HAFNIUM Webshells - Exchange Exploitation - https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/
1631a90eb5395c4e19c7dbcbf611bbe6444ff312eb7937e286e4637cb9e72944;HAFNIUM Webshells - Exchange Exploitation - https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/

70d93035b0693b0e4ef65eb7f8529e6385d698759cc5b8666a394b2136cc06eb;NOBELIUM report - GoldMax - https://www.microsoft.com/security/blog/2021/03/04/goldmax-goldfinder-sibot-analyzing-nobelium-malware/
0e1f9d4d0884c68ec25dec355140ea1bab434f5ea0f86f2aade34178ff3a7d91;NOBELIUM report - GoldMax - https://www.microsoft.com/security/blog/2021/03/04/goldmax-goldfinder-sibot-analyzing-nobelium-malware/
247a733048b6d5361162957f53910ad6653cdef128eb5c87c46f14e7e3e46983;NOBELIUM report - GoldMax - https://www.microsoft.com/security/blog/2021/03/04/goldmax-goldfinder-sibot-analyzing-nobelium-malware/
f28491b367375f01fb9337ffc137225f4f232df4e074775dd2cc7e667394651c;NOBELIUM report - GoldMax - https://www.microsoft.com/security/blog/2021/03/04/goldmax-goldfinder-sibot-analyzing-nobelium-malware/
611458206837560511cb007ab5eeb57047025c2edc0643184561a6bf451e8c2c;NOBELIUM report - GoldMax - https://www.microsoft.com/security/blog/2021/03/04/goldmax-goldfinder-sibot-analyzing-nobelium-malware/
b9a2c986b6ad1eb4cfb0303baede906936fe96396f3cf490b0984a4798d741d8;NOBELIUM report - GoldMax - https://www.microsoft.com/security/blog/2021/03/04/goldmax-goldfinder-sibot-analyzing-nobelium-malware/
bbd16685917b9b35c7480d5711193c1cd0e4e7ccb0f2bf1fd584c0aebca5ae4c;NOBELIUM report - GoldMax - https://www.microsoft.com/security/blog/2021/03/04/goldmax-goldfinder-sibot-analyzing-nobelium-malware/
0affab34d950321e3031864ec2b6c00e4edafb54f4b327717cb5b042c38a33c9;NOBELIUM report - GoldFinder - https://www.microsoft.com/security/blog/2021/03/04/goldmax-goldfinder-sibot-analyzing-nobelium-malware/
7e05ff08e32a64da75ec48b5e738181afb3e24a9f1da7f5514c5a11bb067cbfb;NOBELIUM report - Sibot - https://www.microsoft.com/security/blog/2021/03/04/goldmax-goldfinder-sibot-analyzing-nobelium-malware/
acc74c920d19ea0a5e6007f929ef30b079eb2836b5b28e5ffcc20e68fa707e66;NOBELIUM report - Sibot - https://www.microsoft.com/security/blog/2021/03/04/goldmax-goldfinder-sibot-analyzing-nobelium-malware/

938a7622a3a80d1d721eb090d90a9dcfc4d37047;Silver Fish Report - https://www.prodaft.com/m/uploads/SilverFish_TLPWHITE.pdf
3cae987fd99950a299b690a1e03a09a15adc9eb556f7f2901afd3bc06719f4db;Silver Fish Report - https://www.prodaft.com/m/uploads/SilverFish_TLPWHITE.pdf
9401b5f30b6c20a42c69135fe189ae2cd2037224;Silver Fish Report - https://www.prodaft.com/m/uploads/SilverFish_TLPWHITE.pdf
e6ff50bdcc7b57fbc52ab203470fa388487bf92412c59b2678d57dde701ba985;Silver Fish Report - https://www.prodaft.com/m/uploads/SilverFish_TLPWHITE.pdf
10459c6ac3e90b1881aaea002cbeccfc56db51f1;Silver Fish Report - https://www.prodaft.com/m/uploads/SilverFish_TLPWHITE.pdf
c418acbe45ccaa7e66eb9db8fd595a89c8215c9ac5e2d151dd3389641e81b50a;Silver Fish Report - https://www.prodaft.com/m/uploads/SilverFish_TLPWHITE.pdf
a40e93621562911c5b68e959cc228de85c131a70;Silver Fish Report - https://www.prodaft.com/m/uploads/SilverFish_TLPWHITE.pdf
67ff5c5fd19b23fb92cb0a395c9e12729c3a31ae21b44bfccde671f84e18f9c5;Silver Fish Report - https://www.prodaft.com/m/uploads/SilverFish_TLPWHITE.pdf
10459c6ac3e90b1881aaea002cbeccfc56db51f1;Silver Fish Report - https://www.prodaft.com/m/uploads/SilverFish_TLPWHITE.pdf
c418acbe45ccaa7e66eb9db8fd595a89c8215c9ac5e2d151dd3389641e81b50a;Silver Fish Report - https://www.prodaft.com/m/uploads/SilverFish_TLPWHITE.pdf
5140f683154442e56ae23d945d75d706ea05812c;Silver Fish Report - https://www.prodaft.com/m/uploads/SilverFish_TLPWHITE.pdf
dbe2d877924c7b650d380d86cb46bf5d91a44ba03f30f6eee93c621c23a852f9;Silver Fish Report - https://www.prodaft.com/m/uploads/SilverFish_TLPWHITE.pdf
12fdd2372e3f9e97c2c833a0f6198b80253cf642;Silver Fish Report - https://www.prodaft.com/m/uploads/SilverFish_TLPWHITE.pdf
3aff515be9c17e3e6a46e891e10a2e807e9595111049b1d7c229e1f920b680c0;Silver Fish Report - https://www.prodaft.com/m/uploads/SilverFish_TLPWHITE.pdf
6ac3c7e6394807ec79db553bdf2fe165786699f7;Silver Fish Report - https://www.prodaft.com/m/uploads/SilverFish_TLPWHITE.pdf
0afcd12924eed83f0e3f33c51a0766849df661ea2220b4a919297b0ef742b7c3;Silver Fish Report - https://www.prodaft.com/m/uploads/SilverFish_TLPWHITE.pdf
415fc0c77ec428b340adce386859bb78a74c1419;Silver Fish Report - https://www.prodaft.com/m/uploads/SilverFish_TLPWHITE.pdf
d5c4d94bb747555921469eff6a3660456d0c048c735de4bb9099c303d713e73e;Silver Fish Report - https://www.prodaft.com/m/uploads/SilverFish_TLPWHITE.pdf
70db5f335df4b63908ba5b634c01dae3be33ea82;Silver Fish Report - https://www.prodaft.com/m/uploads/SilverFish_TLPWHITE.pdf
61d50f4a45cde3234e612016fb6816b47ebf4b6644b759365ffd53eb6bb1e5e7;Silver Fish Report - https://www.prodaft.com/m/uploads/SilverFish_TLPWHITE.pdf
c243dc2571e60ab643c6c46d32dc9565b9b30fff;Silver Fish Report - https://www.prodaft.com/m/uploads/SilverFish_TLPWHITE.pdf
4d4f0eb982a52768e1195e4632a0de4f2671c99cd2ce2acbca6442de5f25251e;Silver Fish Report - https://www.prodaft.com/m/uploads/SilverFish_TLPWHITE.pdf
1694771d42771aebbd8746bd0c3fb4a5e6a70c95;Silver Fish Report - https://www.prodaft.com/m/uploads/SilverFish_TLPWHITE.pdf
24d1bd110c0bf7f21f75c9e99ddbb29bd0cfebf5577b4202d35e4ffe36477de6;Silver Fish Report - https://www.prodaft.com/m/uploads/SilverFish_TLPWHITE.pdf
cd5f39aa95ea31f4bf6e7976bc1644fa3101909e;Silver Fish Report - https://www.prodaft.com/m/uploads/SilverFish_TLPWHITE.pdf
7cfb684fb46e9b66881d213fa212a39b770a7820c627c7ce2073d397dead9430;Silver Fish Report - https://www.prodaft.com/m/uploads/SilverFish_TLPWHITE.pdf
8f4a86c33991d672575d13a2bc2020f9cd3353f2;Silver Fish Report - https://www.prodaft.com/m/uploads/SilverFish_TLPWHITE.pdf
59a779046e32940c08f4c723143134a1b14d6855de3482e8503fca47aea9413e;Silver Fish Report - https://www.prodaft.com/m/uploads/SilverFish_TLPWHITE.pdf
11dfcff4b0bcaa1402f15ed41cd3f4a7fdcfb267;Silver Fish Report - https://www.prodaft.com/m/uploads/SilverFish_TLPWHITE.pdf
65226d59bb790120af2ad70d48736a8a223f6122d6ee5dd6b48bd5c47ff94b0b;Silver Fish Report - https://www.prodaft.com/m/uploads/SilverFish_TLPWHITE.pdf
615321ff979379e66f9471368ed3c057a0f4e17c;Silver Fish Report - https://www.prodaft.com/m/uploads/SilverFish_TLPWHITE.pdf
5ed2e0bf353cfee15e50f2e4188fed20c79cf2c6dc517c34069570ddca9c92f9;Silver Fish Report - https://www.prodaft.com/m/uploads/SilverFish_TLPWHITE.pdf

be53764063bb1d054d78f2bf08fb90f3;Ecipekac loader - jli.dll P8RAT - https://securelist.com/apt10-sophisticated-multi-layered-loader-ecipekac-discovered-in-a41apt-campaign/101519/
cca46fc64425364774e5d5db782ddf54;Ecipekac loader - vmtools.dll SodaMaster - https://securelist.com/apt10-sophisticated-multi-layered-loader-ecipekac-discovered-in-a41apt-campaign/101519/
dd672da5d367fd291d936c8cc03b6467;Ecipekac loader - CCFIPC64.DLL FYAnti loader - https://securelist.com/apt10-sophisticated-multi-layered-loader-ecipekac-discovered-in-a41apt-campaign/101519/
f60f7a1736840a6149d478b23611d561;Encrypted Ecipekac Layer II, IV loader (shellcode) - vac.dll P8RAT - https://securelist.com/apt10-sophisticated-multi-layered-loader-ecipekac-discovered-in-a41apt-campaign/101519/
59747955a8874ff74ce415e56d8beb9c;Encrypted Ecipekac Layer II, IV loader (shellcode) - pcasvc.dll P8RAT - https://securelist.com/apt10-sophisticated-multi-layered-loader-ecipekac-discovered-in-a41apt-campaign/101519/
4638220ec2c6bc1406b5725c2d35edc3;Encrypted Ecipekac Layer II, IV loader (shellcode) - wiaky002_CNC1755D.dll SodaMaster - https://securelist.com/apt10-sophisticated-multi-layered-loader-ecipekac-discovered-in-a41apt-campaign/101519/
d37964a9f7f56aad9433676a6df9bd19;Encrypted Ecipekac Layer II, IV loader (shellcode) - c_apo_ipoib6x.dll SodaMaster - https://securelist.com/apt10-sophisticated-multi-layered-loader-ecipekac-discovered-in-a41apt-campaign/101519/
335ce825da93ed3fdd4470634845dfea;Encrypted Ecipekac Layer II, IV loader (shellcode) - msftedit.prf.cco FYAnti loader - https://securelist.com/apt10-sophisticated-multi-layered-loader-ecipekac-discovered-in-a41apt-campaign/101519/
f4c4644e6d248399a12e2c75cf9e4bdf;Encrypted Ecipekac Layer II, IV loader (shellcode) - msdtcuiu.adi.wdb FYAnti loader - https://securelist.com/apt10-sophisticated-multi-layered-loader-ecipekac-discovered-in-a41apt-campaign/101519/
019619318e1e3a77f3071fb297b85cf3;Encrypted QuasarRAT - web_lowtrust.config.uninstall QuasarRAT  - https://securelist.com/apt10-sophisticated-multi-layered-loader-ecipekac-discovered-in-a41apt-campaign/101519/

0affab34d950321e3031864ec2b6c00e4edafb54f4b327717cb5b042c38a33c9;SUNSHUTTLE IOC - (finder.exe) https://us-cert.cisa.gov/ncas/analysis-reports/ar21-105a
0d770e0d6ee77ed9d53500688831040b83b53b9de82afa586f20bb1894ee7116;SUNSHUTTLE IOC - (owafont.aspx) https://us-cert.cisa.gov/ncas/analysis-reports/ar21-105a
4e8f24fb50a08c12636f3d50c94772f355d5229e58110cccb3b4835cb2371aec;SUNSHUTTLE IOC - (bootcats.exe) https://us-cert.cisa.gov/ncas/analysis-reports/ar21-105a
6b01eeef147d9e0cd6445f90e55e467b930df2de5d74e3d2f7610e80f2c5a2cd;SUNSHUTTLE IOC - (f3.exe) https://us-cert.cisa.gov/ncas/analysis-reports/ar21-105a
7e05ff08e32a64da75ec48b5e738181afb3e24a9f1da7f5514c5a11bb067cbfb;SUNSHUTTLE IOC - ( rundll32registry_createremote...) https://us-cert.cisa.gov/ncas/analysis-reports/ar21-105a
88cd1bc85e6a57fa254ede18f96566b33cee999c538902aefc5b819d71163d07;SUNSHUTTLE IOC - (prnmngrz.vbs) https://us-cert.cisa.gov/ncas/analysis-reports/ar21-105a
94c58c7fb43153658eaa9409fc78d8741d3c388d3b8d4296361867fe45d5fa45;SUNSHUTTLE IOC - (Lexicon.exeUnPacked) https://us-cert.cisa.gov/ncas/analysis-reports/ar21-105a
acc74c920d19ea0a5e6007f929ef30b079eb2836b5b28e5ffcc20e68fa707e66;SUNSHUTTLE IOC - (rundll32registry_schtaskdaily....) https://us-cert.cisa.gov/ncas/analysis-reports/ar21-105a
b9a2c986b6ad1eb4cfb0303baede906936fe96396f3cf490b0984a4798d741d8;SUNSHUTTLE IOC - (Lexicon.exe) https://us-cert.cisa.gov/ncas/analysis-reports/ar21-105a
cb80a074e5fde8d297c2c74a0377e612b4030cc756baf4fff3cc2452ebc04a9c;SUNSHUTTLE IOC - (prndrvrn.vbs) https://us-cert.cisa.gov/ncas/analysis-reports/ar21-105a
e9ddf486e5aeac02fc279659b72a1bec97103f413e089d8fabc30175f4cdbf15;SUNSHUTTLE IOC - (rundll32file_schtaskdaily.vbs) https://us-cert.cisa.gov/ncas/analysis-reports/ar21-105a
ec5f07c169267dec875fdd135c1d97186b494a6f1214fb6b40036fd4ce725def;SUNSHUTTLE IOC - (SchCachedSvc.exe) https://us-cert.cisa.gov/ncas/analysis-reports/ar21-105a
f28491b367375f01fb9337ffc137225f4f232df4e074775dd2cc7e667394651c;SUNSHUTTLE IOC - (WindowsDSVC.exe) https://us-cert.cisa.gov/ncas/analysis-reports/ar21-105a
f2a8bdf135caca0d7359a7163a4343701a5bdfbc8007e71424649e45901ab7e2;SUNSHUTTLE IOC - (f2.exe) https://us-cert.cisa.gov/ncas/analysis-reports/ar21-105a
a9037af30ff270901e9d5c2ee5ba41d547bc19c880f5cb27f50428f9715d318f;SUNSHUTTLE IOC - (Final_vbscript.vbs) https://us-cert.cisa.gov/ncas/analysis-reports/ar21-105a
bc7a3b3cfae59f1bfbde57154cb1e7deebdcdf6277ac446919df07e3b8a6e4df;SUNSHUTTLE IOC - (runlog.dat.tmp) https://us-cert.cisa.gov/ncas/analysis-reports/ar21-105a
d8009ad96082a31d074e85dae3761b51a78f99e2cc8179ba305955c2a645b94d;SUNSHUTTLE IOC - (finder.exe_Unpacked) https://us-cert.cisa.gov/ncas/analysis-reports/ar21-105a
fa1959dd382ce868c975599c6c3cc536aa0073be44fc8a6571a20fb0c8bea836;SUNSHUTTLE IOC - (WindowsDSVC.exe_Unpacked) https://us-cert.cisa.gov/ncas/analysis-reports/ar21-105a

1d3ab04e21cfd40aa8d4300a359a09e3b520d39b1496be1e4bc91ae1f6730ecc;Samples mentioned in PulseSecure report by FireEye - https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html
7fa71a7f76ef63465cfeacf58217e0b66fc71bc81d37c44380a6f572b8a3ec7a;Samples mentioned in PulseSecure report by FireEye - https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html
68743e17f393d1f85ee937dffacc91e081b5f6f43477111ac96aa9d44826e4d2;Samples mentioned in PulseSecure report by FireEye - https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html
d72daafedf41d484f7f9816f7f076a9249a6808f1899649b7daa22c0447bb37b;Samples mentioned in PulseSecure report by FireEye - https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html
cd09ec795a8f4b6ced003500a44d810f49943514e2f92c81ab96c33e1c0fbd68;Samples mentioned in PulseSecure report by FireEye - https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html
a1dcdf62aafc36dd8cf64774dea80d79fb4e24ba2a82adf4d944d9186acd1cc1;Samples mentioned in PulseSecure report by FireEye - https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html
1ab50b77dd9515f6cd9ed07d1d3176ba4627a292dc4a21b16ac9d211353818bd;Samples mentioned in PulseSecure report by FireEye - https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html
68743e17f393d1f85ee937dffacc91e081b5f6f43477111ac96aa9d44826e4d2;Samples mentioned in PulseSecure report by FireEye - https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html
88170125598a4fb801102ad56494a773895059ac8550a983fdd2ef429653f079;Samples mentioned in PulseSecure report by FireEye - https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html
133631957d41eed9496ac2774793283ce26f8772de226e7f520d26667b51481a;Samples mentioned in PulseSecure report by FireEye - https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html
1741dc0a491fcc8d078220ac9628152668d3370b92a8eae258e34ba28c6473b9;Samples mentioned in PulseSecure report by FireEye - https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html
06c56bd272b19bf7d7207443693cd1fc774408c4ca56744577b11fee550c23f7;Samples mentioned in PulseSecure report by FireEye - https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html
f2b1bd703c3eb05541ff84ec375573cbdc70309ccb82aac04b72db205d718e90;Samples mentioned in PulseSecure report by FireEye - https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html
224b7c45cf6fe4547d3ea66a12c30f3cb4c601b0a80744154697094e73dbd450;Samples mentioned in PulseSecure report by FireEye - https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html
64c87520565165ac95b74d6450b3ab8379544933dd3e2f2c4dc9b03a3ec570a7;Samples mentioned in PulseSecure report by FireEye - https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html
78d7c7c9f800f6824f63a99d935a4ad0112f97953d8c100deb29dae24d7da282;Samples mentioned in PulseSecure report by FireEye - https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html
705cda7d1ace8f4adeec5502aa311620b8d6c64046a1aed2ae833e2f2835154f;Samples mentioned in PulseSecure report by FireEye - https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html
133631957d41eed9496ac2774793283ce26f8772de226e7f520d26667b51481a;Samples mentioned in PulseSecure report by FireEye - https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html
d72daafedf41d484f7f9816f7f076a9249a6808f1899649b7daa22c0447bb37b;Samples mentioned in PulseSecure report by FireEye - https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html
cd09ec795a8f4b6ced003500a44d810f49943514e2f92c81ab96c33e1c0fbd68;Samples mentioned in PulseSecure report by FireEye - https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html
1ab50b77dd9515f6cd9ed07d1d3176ba4627a292dc4a21b16ac9d211353818bd;Samples mentioned in PulseSecure report by FireEye - https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html
b1c2368773259fbfef425e0bb716be958faa7e74b3282138059f511011d3afd9;Samples mentioned in PulseSecure report by FireEye - https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html
c9b323b9747659eac25cec078895d75f016e26a8b5858567c7fb945b7321722c;Samples mentioned in PulseSecure report by FireEye - https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html
06c56bd272b19bf7d7207443693cd1fc774408c4ca56744577b11fee550c23f7;Samples mentioned in PulseSecure report by FireEye - https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html
e63ab6f82c711e4ecc8f5b36046eb7ea216f41eb90158165b82a6c90560ea415;Samples mentioned in PulseSecure report by FireEye - https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html
b2350954b9484ae4eac42b95fae6edf7a126169d0b93d79f49d36c5e6497062a;Samples mentioned in PulseSecure report by FireEye - https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html
168976797d5af7071df257e91fcc31ce1d6e59c72ca9e2f50c8b5b3177ad83cc;Samples mentioned in PulseSecure report by FireEye - https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html
a1dcdf62aafc36dd8cf64774dea80d79fb4e24ba2a82adf4d944d9186acd1cc1;Samples mentioned in PulseSecure report by FireEye - https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html
9f6ac39707822d243445e30d27b8404466aa69c61119d5308785bf4a464a9ebd;Samples mentioned in PulseSecure report by FireEye - https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html
c774eca633136de35c9d2cd339a3b5d29f00f761657ea2aa438de4f33e4bbba4;Samples mentioned in PulseSecure report by FireEye - https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html
7fa71a7f76ef63465cfeacf58217e0b66fc71bc81d37c44380a6f572b8a3ec7a;Samples mentioned in PulseSecure report by FireEye - https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html
1d3ab04e21cfd40aa8d4300a359a09e3b520d39b1496be1e4bc91ae1f6730ecc;Samples mentioned in PulseSecure report by FireEye - https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html
f2b1bd703c3eb05541ff84ec375573cbdc70309ccb82aac04b72db205d718e90;Samples mentioned in PulseSecure report by FireEye - https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html
224b7c45cf6fe4547d3ea66a12c30f3cb4c601b0a80744154697094e73dbd450;Samples mentioned in PulseSecure report by FireEye - https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html
68743e17f393d1f85ee937dffacc91e081b5f6f43477111ac96aa9d44826e4d2;Samples mentioned in PulseSecure report by FireEye - https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html
4c5555955b2e6dc55f52b0c1a3326f3d07b325b112060329c503b294208960ec;Samples mentioned in PulseSecure report by FireEye - https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html
1741dc0a491fcc8d078220ac9628152668d3370b92a8eae258e34ba28c6473b9;Samples mentioned in PulseSecure report by FireEye - https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html
88170125598a4fb801102ad56494a773895059ac8550a983fdd2ef429653f079;Samples mentioned in PulseSecure report by FireEye - https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html
2610d0372e0e107053bc001d278ef71f08562e5610691f18b978123c499a74d8;Samples mentioned in PulseSecure report by FireEye - https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html
b990f79ce80c24625c97810cb8f161eafdcb10f1b8d9d538df4ca9be387c35e4;Samples mentioned in PulseSecure report by FireEye - https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html

0aef64991f9121a244c3f3bf7f5448bb8fb2c858bcf0ff26b3b663937af9ef40;Iron Tiger Repoirt - HackTool.Linux.ReverseProxy.AA - Modified FRP - https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html
0e3cc4de26f59e4bee6760bdb1fb8cb9f48dc18aad1d8909c736a1a12841e1dd;Iron Tiger Repoirt - thumb.db - Trojan.Win32.HYPERBRO.AA.enc - HyperBro - https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html
0e4becf70bb3c624b24d38f44bf92bd510f0ff718df2e3db8b71ef009189f072;Iron Tiger Repoirt - DLPPREM3 2.DLL - Trojan.Win32.SYSUPDATE.BYY - SysUpdate - https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html
10ca2b47daaadb716b12a2b071de01e86c902e11263dc39e396be642adf369ce;Iron Tiger Repoirt - config.data - TROJ_FRS.VSNTCT21 - SysUpdate - https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html
15d404e03f1335a3e4a9e691a3f57b3765823249d5f28a23a728dab6f19cedc0;Iron Tiger Repoirt - shjdh23423 .bin - TROJ_ZBOTENC.ZCHE-A - Pandora rootkit - https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html
1ac0be7d289f2bbd00979069b9d3bf6ac76c0828c0ca7674ec791cdb463b8ff0;Iron Tiger Repoirt - FPMMC.dll - TROJ_GEN.R002C0RLM20 - SysUpdate - https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html
1b07b070eeec2744c7be733590a5694cd1ee9e967249a8efa50d3243468aa7b1;Iron Tiger Repoirt - TROJ_GEN.R002C0DL420 - HyperBro - https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html
244cc119ec1e77262f48dc5d2fc285ed4904b30b44ea28bf41f531cfb75cff99;Iron Tiger Repoirt - mpsvc.dll - TROJ_FRS.VSNTCT21 - Type 1 - https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html
310524c47128a0095a923aea045db3b0bb999af41a77953667f2d812e6f08634;Iron Tiger Repoirt - SETUPEN GINE.hlp - Trojan.Win64.PANDORA.A.enc - Pandora rootkit - https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html
36fad80a5f328f487b20a3f5fc5f1902d50cbb1bd9167c44b66929a1288fc6f4;Iron Tiger Repoirt - thinhostpro bedll.dll - TROJ_GEN.R002C0DKU20 - HyperBro - https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html
3e04eb55095ad6a45905564d91f2ab6500e07afcdf9d6c710d6166d4eef28185;Iron Tiger Repoirt - Sosyal Güvenlik Reformu- Not-3.doc - TROJ_FRS.0NA103CT21 - HyperBro - https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html
4123a19cda491f4d31a855e932b8b7afdcf3faf5b448f892da624c768205a289;Iron Tiger Repoirt - Questions for Exit Interview_r ussian.doc - TROJ_FRS.0NA103CU21 - SysUpdate - https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html
434cbc840f64033d64f76de7234afb05fddf582195c68bf8f786dd22daaa1c21;Iron Tiger Repoirt - LIBVLC.dll - TROJ_FRS.VSNTAR21 - SysUpdate - https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html
4f01ccf39dd17b3820b3ae2c650dab8d508254db6022b4aacf43d908e0fec678;Iron Tiger Repoirt - SETUPEN GINE.hlp - TROJ_FRS.VSNTCT21 - Pandora rootkit - https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html
4f6987f39b14372d724086cbafc87de37d4b0f78491af93de1161f0b6ed413a7;Iron Tiger Repoirt - thumb.dat - Trojan.Win32.HYPERBRO.AA.enc - HyperBro - https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html
4fce3d38e0a308088cd75c2ef1bb5aa312e83447d63a82f62839d3609a283b02;Iron Tiger Repoirt - ASTEL.doc - TROJ_FRS.0NA103CU21 - SysUpdate - https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html
52072a8f99dacd5c293fccd051eab95516d8b880cd2bc5a7e0f4a30d008e22a7;Iron Tiger Repoirt - vftrace.dll - Trojan.Win32.HYPERBRO.AB - HyperBro - https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html
5665fbb579e72e5b7a891389181c1cd9c6162bc684948483f1a0a685c134d848;Iron Tiger Repoirt - Backdoor.Win32.HYPERBRO.EN D - HyperBro - https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html
5a98c49b4e5d980bc8078cbbd8899397e95a488234a87a12813fe437c585600f;Iron Tiger Repoirt - Trojan.Win32.HYPERBRO.AA.enc - HyperBro - https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html
5d7ceaa3947d08636070f102772190ce7267d8f7d8e9fd58b29573b229de6599;Iron Tiger Repoirt - DLPPREM3 2.bin - Trojan.Win32.SYSUPDATE.BYY.e nc - SysUpdate - https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html
601a02b81e3bd134c2cf681ac03d696b446e10bf267b11b91517db1b233fec74;Iron Tiger Repoirt - thumb.dat - Trojan.Win32.HYPERBRO.AA.enc - HyperBro - https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html
69f1914582f66ed216369d3a95842d58de9dffdbe8ae98712513c4ce142658ea;Iron Tiger Repoirt - dummy_64. sys - Rootkit.Win64.HIDDEN.A - Hidden rootkit - https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html
6e1e74b0a064cc7d9aba8e485417632d7a55e0ff4ba9b078358ce9dd8b85ece4;Iron Tiger Repoirt - SETUPEN GINE.dll - TROJ_FRS.0NA103CT21 - SysUpdate - https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html
734373b9d486c0a29a5b849f65cc060f461c471f318b61e122d813432a0bb752;Iron Tiger Repoirt - mpsvc.dll - TROJ_FRS.0NA103CT21 - Type 1 - https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html
74780cd444b41d2fc8438f71528923d3ab297deed0fd1588d6d0c6707aecdc13;Iron Tiger Repoirt - thumb.dat - Trojan.Win32.HYPERBRO.AA.enc - HyperBro - https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html
788bd34d3c5d12b9767f8ac5587f1970597c47fb06713a6070d430a593bb4945;Iron Tiger Repoirt - TROJ_GEN.R002C0DKU20 - HyperBro - https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html
7b007e0989e57e4507888cbb7ddd1c59002ba9e2071c36ac2e6d8e44648cda11;Iron Tiger Repoirt - libgcj.vlc - Trojan.Win32.SYSUPDATE.BZA.e nc - SysUpdate - https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html
7fa187c76316a428b0d0cecb8e5e12893a2b020fecde540246bb30d7f8868199;Iron Tiger Repoirt - thumb.dat - Trojan.Win32.HYPERBRO.AA.enc - HyperBro - https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html
809aa69cd6c335f100baef5fa7897b153762e527bb811d2c570e8b3c7448f3b6;Iron Tiger Repoirt - mpsvc.dll - TROJ_FRS.0NA103CT21 - HyperBro - https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html
80fc8917c91c132e5274319013a4b659e435e8de8abf655cf3482798acb8650a;Iron Tiger Repoirt - thumb.db - Trojan.Win32.HYPERBRO.AA.enc - HyperBro - https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html
83406f39147b01136bf9b3b88a1ec1a9339cd9d0cbcfa2a2583e3f97ad852287;Iron Tiger Repoirt - thumb.dat - Trojan.Win32.HYPERBRO.AB.enc - HyperBro - https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html
9000ce3c0e01b6c80edb3af87aad8117513ce334135aa7d7b1c2afa067f4c4ab;Iron Tiger Repoirt - sllauncherE NU.dll - TROJ_GEN.R002C0DB321 - HyperBro - https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html
900d6356e8a35f8fa6477cbc6a6bc79aa7a08c73773809965398b399d6833a5b;Iron Tiger Repoirt - HiddenCLI. exe - Rootkit.Win64.HIDDEN.A - Hidden rootkit - https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html
91ac0dcb290f3d32a6607f2a21f0b2df4d413c3f44923bec8ce9466131dde8b0;Iron Tiger Repoirt - SETUPEN GINE.DLL - TROJ_FRS.VSNTDC21 - Pandora rootkit - https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html
92bbcb5461ab5959e31f997a6df77995377d69f8077e43e5812fcbe9303d831c;Iron Tiger Repoirt - mpsvc.dll - TROJ_FRS.0NA103CT21 - HyperBro - https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html
942213df53d2c84a0efdd7c6a72ea4767cb4fa5f339bd86f7188be605818904e;Iron Tiger Repoirt - thumb.dat - Trojan.Win32.HYPERBRO.AA.enc - HyperBro - https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html
999b1e31893d02dcef20a3846ad7e96153b0057b960488ad8b07c4d9c33d099e;Iron Tiger Repoirt - LIBVLC.dll - TROJ_FRS.VSNTAR21 - SysUpdate - https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html
9ae06dee8248c9e794e0ebae3274b25b280219068b73923783eb7dfea1358ec1;Iron Tiger Repoirt - Trojan.Win32.HYPERBRO.AC - HyperBro - https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html
a4c7fe8278be79ce0bb0eca168412d5d25305dfc71b062af91e8cabbc8164783;Iron Tiger Repoirt - data.res - Trojan.Win32.SYSUPDATE.BYY.e nc - SysUpdate - https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html
a5d8cae9de9edf81d4898879b09c16d6afd12f1bdc320acdbc5c8a430831e55b;Iron Tiger Repoirt - 8.t - TROJ_FRS.0NA103CU21 - SysUpdate - https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html
ab6998352fc0d745af94f02e42f8c3f061a99179fce2c890760f293f9744d1e8;Iron Tiger Repoirt - GvG36a467 C6Hkea - TROJ_FRS.VSNTCU21 - SysUpdate - https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html
af31c16dcd54ee11d425eb3a579ad0606a05b36c0605cc16007f3d3c84d8e291;Iron Tiger Repoirt - UPDSPAPI. dll - TROJ_ZBOT.ZCHE-A - Pandora rootkit - https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html
b39e2cf333b9f854bcdf993aa6c1f357d2a7042139e4c6ca47ed504090006a61;Iron Tiger Repoirt - Trojan.Win32.SYSUPDATE.BZA.e nc - SysUpdate - https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html
b945275314566e970c078316d9039171246b8ecbbe57cd424f1f486782d5aa61;Iron Tiger Repoirt - thumb.dat - Backdoor.Win32.HYPERBRO.ENF .enc - HyperBro - https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html
d396eecf91cb35bc96d740e3d4aa7cac1143a98c3e185980731a48b1aad0bfd9;Iron Tiger Repoirt - drv64.sys - Rootkit.Win64.PANDORA.A - Pandora rootkit - https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html
d40414b1173d59597ed1122361fe60303d3526f15320aede355c6ad9e7e239af;Iron Tiger Repoirt - thinhostpro bedll.dll - TROJ_GEN.R002C0DL420 - HyperBro - https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html
d474198fd5ab7800cf00afbff16b258493529bc0e8451fb9382250a15ae29edb;Iron Tiger Repoirt - utils.dll - TROJ_FRS.VSNTCT21 - Hidden rootkit - https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html
e05e853cca1a8e9c8b1674f59c27b562887742f3110499f8ff38d0d287f0e7de;Iron Tiger Repoirt - Trojan.Win32.SYSUPDATE.BZA.e nc - SysUpdate - https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html
e123481468938fd56eeb506148db923033c3b1ed1d09088640fcf9031cd583c9;Iron Tiger Repoirt - mpsvc.dll - TROJ_FRS.VSNTCT21 - Type 1 - https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html
e21360d6411ec9a719789e0f82dad5e380ee4a81faa3ebc072c8779e2a1da5ed;Iron Tiger Repoirt - mpsvc.dll - TROJ_FRS.VSNTCT21 - HyperBro - https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html
e657b213e87e1066de110cb4010e1c57250ebe46f08d2b9abc99a1b7c3e2d0dc;Iron Tiger Repoirt - SETUPEN GINE.DLL - TROJ_GEN.R03BC0WLB20 - Pandora rootkit - https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html
e74056a729e004031b78007708bb98d759ff94b46866898c5a05d87013cd643c;Iron Tiger Repoirt - vftrace.dll - Backdoor.Win32.HYPERBRO.ENF - HyperBro - https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html
ef51b08234488b6cb51eb949dff5b7421e9a040f73c10a40d5320dac561d944f;Iron Tiger Repoirt - TROJ_FRS.0NA103CT21 - SysUpdate - https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html
f944aa7f829f4129953e42026649179fc741def0dbd04d2cd5285501f8d4af5e;Iron Tiger Repoirt - TROJ_FRS.VSNTDC21 - Pandora rootkit - https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html
f9f3cdf8cca3cb138be71066314b1d6431de52a647b067efa87b2df7a9a3ae50;Iron Tiger Repoirt - LIBVLC.hlp - Trojan.Win32.SYSUPDATE.BZA.e nc - SysUpdate - https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html
fee067f6fe10f4d3f49fd082a2eb48619c4d43fc98bc689b3740cb862ff77d24;Iron Tiger Repoirt - TROJ_GEN.R002C0DB321 - HyperBro - https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html
92d53b227eac5ba0935726c86d8f0f456ab8429473bca4f68858448e92c6fade;Iron Tiger Repoirt - HiddenServ ice.exe - Rootkit.Win64.HIDDEN.A - Hidden rootkit - https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html
5cae9a425ed6a030390e7b104bf49836b0a1bdd86c0d345ce7a74b2207807459;Iron Tiger Repoirt - Hidden.sys - TROJ_FRS.VSNTCT21 - Hidden rootkit - https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html
87c78d62fd35bb25e34abb8f4caace4a;SOMBRAT UNC2447 https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html
6382d48fae675084d30ccb69b4664cbb;SOMBRAT UNC2447 (31dcd09eb9fa2050aadc0e6ca05957bf unxored) https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html
cf1b9284d239928cce1839ea8919a7af;SOMBRAT Launcher (wwansvc.a XOR key) https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html
4aa3eab3f657498f52757dc46b8d1f11;SOMBRAT Launcher (wwansvc.c) https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html
1f6495ea7606a15daa79be93070159a8;SOMBRAT Launcher (wwansvc.bat) https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html
31dcd09eb9fa2050aadc0e6ca05957bf;SOMBRAT Launcher (wwansvc.b) https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html
edf567bd19d09b0bab4a8d068af15572;SOMBRAT Launcher (wwansvc.b) https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html
a5b26931a1519e9ceda04b4c997bb01f;SOMBRAT Launcher (wwansvc.txt) https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html
f0751bef4804fadfe2b993bf25791c49;SOMBRAT Launcher (4aa3eab3f657498f52757dc46b8d1f11 unxored) https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html
87c78d62fd35bb25e34abb8f4caace4a;SOMBRAT Launcher (edf567bd19d09b0bab4a8d068af15572 unxored) https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html
39ea2394a6e6c39c5d7722dc996daf05;FIVEHANDS https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html
f568229e696c0e82abb35ec73d162d5e;FIVEHANDS https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html
6c849920155f48d4b4aafce0fc49eb5b;FIVEHANDS Encrypted Dropper https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html
22d35005e926fe29379cb07b810a6075;FIVEHANDS Encrypted Dropper https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html
57824214710bc0cdb22463571a72afd0;FIVEHANDS Encrypted Dropper https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html
87c0b190e3b4ab9214e10a2d1c182153;FIVEHANDS Encrypted Dropper https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html
1b0b9e4cddcbcb02affe9c8124855e58;FIVEHANDS Encrypted Dropper https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html
46ecc24ef6d20f3eaf71ff37610d57d1;FIVEHANDS Encrypted Dropper https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html
1a79b6d169aac719c9323bc3ee4a8361;FIVEHANDS Encrypted Dropper https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html
a64d79eba40229ae9aaebbd73938b985;FIVEHANDS Encrypted Dropper https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html
136bd70f7aa98f52861879d7dca03cf2;HELLOKITTY https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html
06ce6cd8bde756265f95fcf4eecadbe9;HELLOKITTY https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html
af568e8a6060812f040f0cb0fd6f5a7b;HELLOKITTY https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html
d96adf82f061b1a6c80699364a1e3208;HELLOKITTY https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html
c50ab1df254c185506ab892dc5c8e24b;DEATHRANSOM https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html
c925822c6d5175c30ba96388b07e9e16;WARPRISM (unc2447) https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html
c171bcd34151cbcd48edbce13796e0ed;WARPRISM  https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html
d87fcd8d2bf450b0056a151e9a116f72;WARPRISM  https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html
f739977004981fbe4a54bc68be18ea79;WARPRISM  https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html
e18b27f75c95b4d50bfcbcd00a5bd6c5;WARPRISM  https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html
df6e6b3e53cc713276a03cce8361ae0f;WARPRISM  https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html
1cd03c0d00f7bfa7ca73f7d73677d8f8;WARPRISM  https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html
8071f66d64395911a7aa0d2057b9b00d;WARPRISM  https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html
c12a96e9c50db5f8b0b3b5f9f3f134f0;WARPRISM  https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html
e39184eacba2b05aaa529547abf41d2b;WARPRISM  https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html
09a05a2212bd2c0fe0e2881401fbff17;WARPRISM  https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html
8226d7615532f32eca8c04ac0d41a9fd;WARPRISM  https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html
a01a2ba3ae9f50a5aa8a5e3492891082;WARPRISM  https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html
29e53b32d5b4aae6d9a3b3c81648653c;WARPRISM  https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html
a809068b052bc209d0ab13f6c5c8b4e7;WARPRISM  https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html
74c688a22822b2ab8f18eafad2271cac;BEACON UNC2447 https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html
7d6e57cbc112ebd3d3c95d3c73451a38;BEACON UNC2447 https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html
4d3d3919dda002511e03310c49b7b47f;FOXGRABBER https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html
48307C22A930A2215F7601C78240A5EE;Operation TunnelSnake - Moriya Agent - https://securelist.com/operation-tunnelsnake-and-moriya-rootkit/101831/
A2C4EE84E3A95C8731CA795F53F900D5;Operation TunnelSnake - Moriya 64-bit Driver - https://securelist.com/operation-tunnelsnake-and-moriya-rootkit/101831/
5F0F1B0A033587DBCD955EDB1CDC24A4;Operation TunnelSnake - IISSpy - https://securelist.com/operation-tunnelsnake-and-moriya-rootkit/101831/
C1159FE3193E8B5206006B4C9AFBFE62;Operation TunnelSnake - ProcessKiller - https://securelist.com/operation-tunnelsnake-and-moriya-rootkit/101831/
DA627AFEE096CDE0B680D39BD5081C41;Operation TunnelSnake - ProcessKiller Driver – 32-bit - https://securelist.com/operation-tunnelsnake-and-moriya-rootkit/101831/
07CF58ABD6CE92D96CFC5ABC5F6CBC9A;Operation TunnelSnake - ProcessKiller Driver – 64-bit - https://securelist.com/operation-tunnelsnake-and-moriya-rootkit/101831/
9A8F39EBCC580AA56D6DDAF5804EAE61;Operation TunnelSnake - pv.tmp (Custom PSExec Server) - https://securelist.com/operation-tunnelsnake-and-moriya-rootkit/101831/
39C361ABB74F9A338EA42A083E6C7DF8;Operation TunnelSnake - pc.tmp (Custom PsExec Client) - https://securelist.com/operation-tunnelsnake-and-moriya-rootkit/101831/
DE3FB65461EE8A68A3C7D490CDAC296D;Operation TunnelSnake - tran.tmp (Exfiltration tool) - https://securelist.com/operation-tunnelsnake-and-moriya-rootkit/101831/
EAC0E57A22936D4C777AA121F799FEE6;Operation TunnelSnake - client.exe (Utility embedded in tran.tmp) - https://securelist.com/operation-tunnelsnake-and-moriya-rootkit/101831/
D745174F5B0EB41D9F764B22A5ECD357;Operation TunnelSnake - rasauto.dll (Bouncer Loader) - https://securelist.com/operation-tunnelsnake-and-moriya-rootkit/101831/
595E43CDF0EDCAA31525D7AAD87B7BE4;Operation TunnelSnake - 8.tmp (HTTP )Scanner - https://securelist.com/operation-tunnelsnake-and-moriya-rootkit/101831/
9D75B50727A8E732DB0ADE7E270A7395;Operation TunnelSnake - ep.tmp DCOM Scanner - https://securelist.com/operation-tunnelsnake-and-moriya-rootkit/101831/
3A4E1F3F7E1BAAB8B02F3A8EE20F98C9;Operation TunnelSnake - nw.tmp Bouncer Loader - https://securelist.com/operation-tunnelsnake-and-moriya-rootkit/101831/
47F2D06713DAD556F535E523B777C682;Operation TunnelSnake - Termite - https://securelist.com/operation-tunnelsnake-and-moriya-rootkit/101831/
45A5D9053BC90ED657FA90DE0B775E8F;Operation TunnelSnake - Earthworm - https://securelist.com/operation-tunnelsnake-and-moriya-rootkit/101831/
9059c5b46dce8595fcc46e63e4ffbceeed883b7b1c9a2313f7208a7f26a0c186;NOBELIUM IOC Attachment.html - https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/
ca66b671a75bbee69a4a4d3000b45d5dc7d3891c7ee5891272ccb2c5aed5746c;NOBELIUM IOC ScanClientUpdate.zip - https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/
6df1d7191f6dd930642cc5c599efb54bfcc964b7a2e77f6007787de472b22a6a;NOBELIUM IOC attachment.html - https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/
3b94cc71c325f9068105b9e7d5c9667b1de2bde85b7abc5b29ff649fd54715c4;NOBELIUM IOC KM.FileSystem.dll - https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/
60e20576b08a24cdaeaabc4849011885fb7517713226e2663031d9533d2187bc;NOBELIUM IOC attachment.img - https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/
f006af714379fdd63923536d908f916f4c55480f3d07adadd53d5807e0c285ee;NOBELIUM IOC attachment.iso - https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/
89016b87e97a07b4e0263a18827defdeaa3e150b1523534bbdebe7305beabb64;NOBELIUM IOC AktualizC!ciu.img - https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/
7ed1b6753c94250ad3c1c675eb644940c8104ff06a123252173c33cc1be5e434;NOBELIUM IOC ICA-declass.iso - https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/
74202eed181e2b83dd0ab6f791a34a13bd94e63e86b82395f9443cb5aeddc891;NOBELIUM IOC ScanClientUpdate.lnk - https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/
0acb884f2f4cfa75b726cb8290b20328c8ddbcd49f95a1d761b7d131b95bafec;NOBELIUM IOC boom.exe - https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/
2a352380d61e89c89f03f4008044241a38751284995d000c73acf9cad38b989e;NOBELIUM IOC msdiskmountservice.dll - https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/
776014a63bf3cc7034bd5b6a9c36c75a930b59182fe232535bb7a305e539967b;NOBELIUM IOC diassvcs.dll - https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/
d37347f47bb8c7831ae9bb902ed27a6ce85ddd9ba6dd1e963542fd63047b829c;NOBELIUM IOC Meeting info.docx - https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/
7a3b27cf04b7f8110fc1eee5f9c4830d38ac00467fc856330115af4bffaf35b6;NOBELIUM IOC reply slip.rtf - https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/
eae312c5ec2028a2602c9654be679ecde099b2c0b148f8d71fca43706efe4c76;NOBELIUM IOC Attachment.lnk - https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/
f88530bc87cf2c133c0a50e434ce0428694901fe7860abb42737097fdea56b30;NOBELIUM IOC reply slip.lnk - https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/
69f0d85119123f3c2e4c052a83671732aced07312a05a3abf4ab0360c70f65de;NOBELIUM IOC AKTUALIZ.LNK - https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/
4fbfeb7a0bb6b9841b92fa4e6b5a7bdb69c2a12ed39691c9495ff88cd6f58836;NOBELIUM IOC NativeCacheSvc.dll - https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/
117317d623003995d639975774edd1bfe38cec7d24b22d3e48d22c91cf8636bb;NOBELIUM IOC CertPKIProvider.dll - https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/
c4ff632696ec6e406388e1d42421b3cd3b5f79dcb2df67e2022d961d5f5a9e78;NOBELIUM IOC Java_SRE_runtime_update.dll - https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/
0c14a791f8a48d2944a9fa842f45becb7309ad004695e38f48fca69135d327c6;NOBELIUM IOC mshost.dll - https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/
bca5560a9a9dd54be76e4a8d63a66e9cfd731b0bd28524db05cc498bb5b56384;NOBELIUM IOC msch.dll - https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/
1c17c39af41a5d8f54441ce6b1cf925f6727a2ee9038284a8a7071c984d0460f;NOBELIUM IOC mswsc.dll - https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/
d7c05bd68e8bde3d13aa7dbd6911461104d06715da15d3ee7f75136fa8330cc2;NOBELIUM IOC Integrated Review.lnk - https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/

3C0DB3A5194E1568E8E2164149F30763B7F3043D;ESET BackdoorDiplomacy Report - logout.aspx - ASP/Webshell.H - BackdoorDiplomacy webshell – variant N2 - https://www.welivesecurity.com/2021/06/10/backdoordiplomacy-upgrading-quarian-turian/
32EF3F67E06C43C18E34FB56E6E62A6534D1D694;ESET BackdoorDiplomacy Report - current.aspx - ASP/Webshell.O - BackdoorDiplomacy webshell – variant  - https://www.welivesecurity.com/2021/06/10/backdoordiplomacy-upgrading-quarian-turian/S1
8C4D2ED23958919FE10334CCFBE8D78CD0D991A8;ESET BackdoorDiplomacy Report - errorEE.aspx - ASP/Webshell.J - BackdoorDiplomacy webshell – variant  - https://www.welivesecurity.com/2021/06/10/backdoordiplomacy-upgrading-quarian-turian/N1
C0A3F78CF7F0B592EF813B15FC0F1D28D94C9604;ESET BackdoorDiplomacy Report - App_Web_xcg2dubs.dll - MSIL/Webshell.C - BackdoorDiplomacy webshell –  - https://www.welivesecurity.com/2021/06/10/backdoordiplomacy-upgrading-quarian-turian/variant N3
CDD583BB6333644472733617B6DCEE2681238A11;ESET BackdoorDiplomacy Report - N/A - Linux/Agent.KD - Linux Turian backdoor - https://www.welivesecurity.com/2021/06/10/backdoordiplomacy-upgrading-quarian-turian/
FA6C20F00F3C57643F312E84CC7E46A0C7BABE75;ESET BackdoorDiplomacy Report - N/A - Linux/Agent.KD - Linux Turian backdoor - https://www.welivesecurity.com/2021/06/10/backdoordiplomacy-upgrading-quarian-turian/
5F87FBFE30CA5D6347F4462D02685B6E1E90E464;ESET BackdoorDiplomacy Report - ScnCfg.exe - Win32/Agent.TGO - Windows Turian backdoor - https://www.welivesecurity.com/2021/06/10/backdoordiplomacy-upgrading-quarian-turian/
B6936BD6F36A48DD1460EEB4AB8473C7626142AC;ESET BackdoorDiplomacy Report - VMSvc.exe - Win32/Agent.QKK - Windows Turian backdoor - https://www.welivesecurity.com/2021/06/10/backdoordiplomacy-upgrading-quarian-turian/
B16393DFFB130304AD627E6872403C67DD4C0AF3;ESET BackdoorDiplomacy Report - svchost.exe - Win32/Agent.TZI - Windows Turian backdoor - https://www.welivesecurity.com/2021/06/10/backdoordiplomacy-upgrading-quarian-turian/
9DBBEBEBBA20B1014830B9DE4EC9331E66A159DF;ESET BackdoorDiplomacy Report - nvsvc.exe - Win32/Agent.UJH - Windows Turian backdoor - https://www.welivesecurity.com/2021/06/10/backdoordiplomacy-upgrading-quarian-turian/
564F1C32F2A2501C3C7B51A13A08969CDC3B0390;ESET BackdoorDiplomacy Report - AppleVersions.dll - Win64/Agent.HA - Windows Turian backdoor - https://www.welivesecurity.com/2021/06/10/backdoordiplomacy-upgrading-quarian-turian/
6E1BB476EE964FFF26A86E4966D7B82E7BACBF47;ESET BackdoorDiplomacy Report - MozillaUpdate.exe - Win32/Agent.UJH - Windows Turian backdoor - https://www.welivesecurity.com/2021/06/10/backdoordiplomacy-upgrading-quarian-turian/
FBB0A4F4C90B513C4E51F0D0903C525360FAF3B7;ESET BackdoorDiplomacy Report - nvsvc.exe - Win32/Agent.QAY - Windows Turian backdoor - https://www.welivesecurity.com/2021/06/10/backdoordiplomacy-upgrading-quarian-turian/
2183AE45ADEF97500A26DBBF69D910B82BFE721A;ESET BackdoorDiplomacy Report - nvsvcv.exe - Win32/Agent.UFX - Windows Turian backdoor - https://www.welivesecurity.com/2021/06/10/backdoordiplomacy-upgrading-quarian-turian/
849B970652678748CEBF3C4D90F435AE1680601F;ESET BackdoorDiplomacy Report - efsw.exe - Win32/Agent.UFX - Windows Turian backdoor - https://www.welivesecurity.com/2021/06/10/backdoordiplomacy-upgrading-quarian-turian/
C176F36A7FC273C9C98EA74A34B8BAB0F490E19E;ESET BackdoorDiplomacy Report - iexplore32.exe - Win32/Agent.QAY - Windows Turian backdoor - https://www.welivesecurity.com/2021/06/10/backdoordiplomacy-upgrading-quarian-turian/
626EFB29B0C58461D831858825765C05E1098786;ESET BackdoorDiplomacy Report - iexplore32.exe - Win32/Agent.UFX - Windows Turian backdoor - https://www.welivesecurity.com/2021/06/10/backdoordiplomacy-upgrading-quarian-turian/
40E73BF21E31EE99B910809B3B4715AF017DB061;ESET BackdoorDiplomacy Report - explorer32.exe - Win32/Agent.QAY - Windows Turian backdoor - https://www.welivesecurity.com/2021/06/10/backdoordiplomacy-upgrading-quarian-turian/
255F54DE241A3D12DEBAD2DF47BAC5601895E458;ESET BackdoorDiplomacy Report - Duser.dll - Win32/Agent.URH - Windows Turian backdoor - https://www.welivesecurity.com/2021/06/10/backdoordiplomacy-upgrading-quarian-turian/
A99CF07FBA62A63A44C6D5EF6B780411CF1B1073;ESET BackdoorDiplomacy Report - Duser.dll - Win64/Agent.HA - Windows Turian backdoor - https://www.welivesecurity.com/2021/06/10/backdoordiplomacy-upgrading-quarian-turian/
934B3934FDB4CD55DC4EA1577F9A394E9D74D660;ESET BackdoorDiplomacy Report - Duser.dll - Win32/Agent.TQI - Windows Turian backdoor - https://www.welivesecurity.com/2021/06/10/backdoordiplomacy-upgrading-quarian-turian/
EF4DF176916CE5882F88059011072755E1ECC482;ESET BackdoorDiplomacy Report - iexplore32.exe - Win32/Agent.QAY - Windows Turian backdoor - https://www.welivesecurity.com/2021/06/10/backdoordiplomacy-upgrading-quarian-turian/

2723ac49d3f59b51d96f3ab3605becdef1987242ef3d9d5b8490b0c9abe45049;PCShare - https://go.recordedfuture.com/hubfs/reports/cta-2021-0616.pdf
425d2a6416a59943428e8727d2ad6247eb8342c35c4bd1d5b80df25d6fbcae94;PCShare - https://go.recordedfuture.com/hubfs/reports/cta-2021-0616.pdf
4c6a45d08cb649b5486d9719634f903b3561e7820eda31bd50d811a01bd3481b;PCShare - https://go.recordedfuture.com/hubfs/reports/cta-2021-0616.pdf
b668f9e213282cd1b941ab8d6dd5f3dd3266011ae16c0795ca86d12a57c095cc;PCShare - https://go.recordedfuture.com/hubfs/reports/cta-2021-0616.pdf
69a9e5545103b582173ed268fc5ca0014c4d2e17337a953752b0157a76cc0bcb;PCShare - https://go.recordedfuture.com/hubfs/reports/cta-2021-0616.pdf
7f3c26b8d3087f1cc345da965bb7af1a58488c6e260f12e72d8274d949a857bd;PCShare - https://go.recordedfuture.com/hubfs/reports/cta-2021-0616.pdf
556d34db7e60b0d25eca0d8e6b9297cd9f2174c0d2ca013c0036a067457a2d01;PCShare - https://go.recordedfuture.com/hubfs/reports/cta-2021-0616.pdf
e8f347745b1808db185c682af87896a941b4042f5de919e2010749152bda48ad;PCShare - https://go.recordedfuture.com/hubfs/reports/cta-2021-0616.pdf
a7a3cd98252047717f8f429d2060aa84c6ee4ed8ae60ee15ad0b2b5807158c70;PCShare - https://go.recordedfuture.com/hubfs/reports/cta-2021-0616.pdf
e1ca30bbdea8523aec6570f1b2f59012d0899875325a9ac88f09e09c14734ecc;PCShare - https://go.recordedfuture.com/hubfs/reports/cta-2021-0616.pdf
f0c0a9b2911ee1f1774e69e0be313eda2054d744fa547f1c64ba0f078db3fcd9;PCShare - https://go.recordedfuture.com/hubfs/reports/cta-2021-0616.pdf
9f9fde45784f93c18ea998d90aa6791905c81061d974416dd722071fbd54688e;PCShare - https://go.recordedfuture.com/hubfs/reports/cta-2021-0616.pdf
69a9e5545103b582173ed268fc5ca0014c4d2e17337a953752b0157a76cc0bcb;PCShare - https://go.recordedfuture.com/hubfs/reports/cta-2021-0616.pdf
8afcc6a25320a28833334a413a0f395a73bacf033fe0e84fea7ed4fec7945ca4;PCShare - https://go.recordedfuture.com/hubfs/reports/cta-2021-0616.pdf
eeef1439b17280dfd7ce821752551aee57f3d1b7f385fe9cf331f69abd35cd96;PCShare - https://go.recordedfuture.com/hubfs/reports/cta-2021-0616.pdf
8afcc6a25320a28833334a413a0f395a73bacf033fe0e84fea7ed4fec7945ca4;PCShare - https://go.recordedfuture.com/hubfs/reports/cta-2021-0616.pdf
4a7910fe2c0e611be52d15798563c007aa632d47eae1f020be95fde27d963da9;QUICKHEAL - https://go.recordedfuture.com/hubfs/reports/cta-2021-0616.pdf
f45c6f8695fbc6e537cea15142f062a0d21c4a556c5fc1f7a2f3ee661b036ffc;QUICKHEAL - https://go.recordedfuture.com/hubfs/reports/cta-2021-0616.pdf
851010b875a2ae5c68e85c7d549082539e427b0e9f0c5efef92e1396c6d8a0ae;QUICKHEAL - https://go.recordedfuture.com/hubfs/reports/cta-2021-0616.pdf
c21a3a44b46e7242c0762c8ec5e8a394ddc74b747244c5b83678620ae141e59c;PlugX - https://go.recordedfuture.com/hubfs/reports/cta-2021-0616.pdf
6cd5079a69d9a68029e37f2680f44b7ba71c2b1eecf4894c2a8b293d5f768f10;PlugX - https://go.recordedfuture.com/hubfs/reports/cta-2021-0616.pdf
45c944889a482ae2e0e0a8e260c3be737cb612c8804164badef61e8a8713b92f;PlugX - https://go.recordedfuture.com/hubfs/reports/cta-2021-0616.pdf
0c596299c47ce6305e07f55397fd69d49c8cab4f4b34a617bb6670dcaac9d9f2;Icefog - https://go.recordedfuture.com/hubfs/reports/cta-2021-0616.pdf
11f38b6a69978dad95c9b1479db9a8729ca57329855998bd41befc364657d654;Icefog - https://go.recordedfuture.com/hubfs/reports/cta-2021-0616.pdf
D096EECD60710CCF7F1658A52D54CAEF9CB26B3857B3A3DBEFA688C769E07339;Icefog - https://go.recordedfuture.com/hubfs/reports/cta-2021-0616.pdf
087d8bee1db61273a7cd533d52b63265d3a8a8b897526d7849c48bcdba4b22ec;Icefog - https://go.recordedfuture.com/hubfs/reports/cta-2021-0616.pdf
73bbb96e078a2ca3d55e0acffe0f9c80edf6ff0459a25c34edb4c14bb88783c1;Icefog - https://go.recordedfuture.com/hubfs/reports/cta-2021-0616.pdf
e149E7C145D440193A0E3BF4B54C44DE00BBC3872EF18D6DA3C12F1E7ADD3053;Icefog - https://go.recordedfuture.com/hubfs/reports/cta-2021-0616.pdf
acb11d9d0652c95b16db17fda918ff5b6ee668156a30fe6276b0fa66f74c9720;PoisonIvy - https://go.recordedfuture.com/hubfs/reports/cta-2021-0616.pdf
c1e3a5e171d0de6054f4a1aeb9a46ff176ef5ba6464304b2f2660a23396e91f4;PoisonIvy - https://go.recordedfuture.com/hubfs/reports/cta-2021-0616.pdf
379af30d508cdbae7eb201041d8eb815b239e181dd8106145d4263753df3acd9;PoisonIvy - https://go.recordedfuture.com/hubfs/reports/cta-2021-0616.pdf
367718fd58c658dce22c995f3e10bc3a5425814ddf221686e166e3129a53e897;PoisonIvy - https://go.recordedfuture.com/hubfs/reports/cta-2021-0616.pdf
51e3f3a762ab6fb0c3db4819560c6b1607cdcd257ce375e68fdf1a17ff5c2cb5;Royal Road - https://go.recordedfuture.com/hubfs/reports/cta-2021-0616.pdf
597c0c6f397eefb06155abdf5aa9a7476c977c44ef8bd9575b01359e96273486;Royal Road - https://go.recordedfuture.com/hubfs/reports/cta-2021-0616.pdf
4e1a2f731688f9aab80b1f55d9101bb1cddec08214d4379621c434899a01efbf;Royal Road - https://go.recordedfuture.com/hubfs/reports/cta-2021-0616.pdf
a95bbc1f067783c1107566ed7897549f6504d5367b8282efe6f06dc31414c314;Royal Road - https://go.recordedfuture.com/hubfs/reports/cta-2021-0616.pdf
9d239ddd4c925d14e00b5a95827e9191bfda7d59858f141f6f5dcc52329838f0;Royal Road - https://go.recordedfuture.com/hubfs/reports/cta-2021-0616.pdf
f5365387320ae6e6907fd2700f340ba8712cb08f7e52b2ec4dccfe99b3d648ef;Royal Road - https://go.recordedfuture.com/hubfs/reports/cta-2021-0616.pdf
ecdf806bb7ac876bac8250a1f0ff40395faf7a6738df6e0f62553c4164fdf16d;Royal Road - https://go.recordedfuture.com/hubfs/reports/cta-2021-0616.pdf
5238f8d8c3d16b52d39aa722daff663a5e6307c4b46e360969d84bf409a2690f;Royal Road - https://go.recordedfuture.com/hubfs/reports/cta-2021-0616.pdf

1430291f2db13c3d94181ada91681408;DarkSide Supply Chain Attack - Trojanized Nullsoft Installer/SmartPSS - https://www.fireeye.com/blog/threat-research/2021/06/darkside-affiliate-supply-chain-software-compromise.html
54e0a0d398314f330dfab6cd55d95f38;DarkSide Supply Chain Attack - Trojanized Nullsoft Installer/SmartPSS - https://www.fireeye.com/blog/threat-research/2021/06/darkside-affiliate-supply-chain-software-compromise.html
e9ed774517e129a170cdb856bd13e7e8;DarkSide Supply Chain Attack - Trojanized Nullsoft Installer/SVStation - https://www.fireeye.com/blog/threat-research/2021/06/darkside-affiliate-supply-chain-software-compromise.html
f075c2894ac84df4805e8ccf6491a4f4;DarkSide Supply Chain Attack - SMOKEDHAM LOADER - https://www.fireeye.com/blog/threat-research/2021/06/darkside-affiliate-supply-chain-software-compromise.html
05d38c7e957092f7d0ebfc7bf1eb5365;DarkSide Supply Chain Attack - SMOKEDHAM LOADER - https://www.fireeye.com/blog/threat-research/2021/06/darkside-affiliate-supply-chain-software-compromise.html
127bf1d43313736c52172f8dc6513f56;DarkSide Supply Chain Attack - SMOKEDHAM - https://www.fireeye.com/blog/threat-research/2021/06/darkside-affiliate-supply-chain-software-compromise.html
9de326bf37270776b78e30d442bda48b;DarkSide Supply Chain Attack - SMOKEDHAM - https://www.fireeye.com/blog/threat-research/2021/06/darkside-affiliate-supply-chain-software-compromise.html
b06319542cab55346776f0358a61b3b3;DarkSide Supply Chain Attack - SMOKEDHAM - https://www.fireeye.com/blog/threat-research/2021/06/darkside-affiliate-supply-chain-software-compromise.html
a9fa3eba3f644ba352462b904dfbcc1a;DarkSide Supply Chain Attack - Beacon Shellcode  - https://www.fireeye.com/blog/threat-research/2021/06/darkside-affiliate-supply-chain-software-compromise.html

dfddbd09ccea598c4841f1abbc927f1c661d85d4bd9bcb081f7c811212d8a64a;TA456 targeting defence contractors https://www.proofpoint.com/us/blog/threat-insight/i-knew-you-were-trouble-ta456-targets-defense-contractor-alluring-social-media
612bdfb4f6eaf920a7a41fa06de8d99f6ecf6ad147374efa6eb1d5aff91df558;TA456 targeting defence contractors https://www.proofpoint.com/us/blog/threat-insight/i-knew-you-were-trouble-ta456-targets-defense-contractor-alluring-social-media
1534f95f49ddf2ada38561705f901e5938470c1678d6a81f0f4177ba7412ef5b;TA456 targeting defence contractors https://www.proofpoint.com/us/blog/threat-insight/i-knew-you-were-trouble-ta456-targets-defense-contractor-alluring-social-media
da65aa439e90d21b2cf53afef6491e7dcdca19dd1bbec50329d53f3d977ee089;TA456 targeting defence contractors https://www.proofpoint.com/us/blog/threat-insight/i-knew-you-were-trouble-ta456-targets-defense-contractor-alluring-social-media

e9c0f00c34dcd28fc3cc53c9496bff863b81b06723145e106ab7016c66581f72;PingPong - Light Basin IOCs https://www.crowdstrike.com/blog/an-analysis-of-lightbasin-telecommunications-attacks/
4668561d60daeb7a4a50a9c3e210a4343f92cadbf2d52caab5684440da6bf562;PingPong - Light Basin IOCs https://www.crowdstrike.com/blog/an-analysis-of-lightbasin-telecommunications-attacks/
3a259ad7e5c19a782f7736b5ac50aac4ba4d03b921ffc6a3ff6a48d720f02012;Microsocks Proxy - Light Basin IOCs https://www.crowdstrike.com/blog/an-analysis-of-lightbasin-telecommunications-attacks/
65143ccb5a955a22d6004033d073ecb49eba9227237a46929495246e36eff8e1;Microsocks Proxy - Light Basin IOCs https://www.crowdstrike.com/blog/an-analysis-of-lightbasin-telecommunications-attacks/
05537c1c4e29db76a24320fb7cb80b189860389cdb16a9dbeb0c8d30d9b37006;Fast Reverse Proxy - Light Basin IOCs https://www.crowdstrike.com/blog/an-analysis-of-lightbasin-telecommunications-attacks/
16294086be1cc853f75e864a405f31e2da621cb9d6a59f2a71a2fca4e268b6c2;Fast Reverse Proxy - Light Basin IOCs https://www.crowdstrike.com/blog/an-analysis-of-lightbasin-telecommunications-attacks/
a388e2ac588be6ab73d7e7bbb61d83a5e3a1f80bf6a326f42b6b5095a2f35df3;TinyShell backdoor - Light Basin IOCs https://www.crowdstrike.com/blog/an-analysis-of-lightbasin-telecommunications-attacks/

1d3e2742e922641b7063db8cafed6531;diag.ps1 BEACON.SMB malware connecting to \\.\pipe\chrome.5687.8051.183894933787788877a1
273ce653c457c9220ce53d0dfd3c60f1;vcredist.ps1 BEACON malware connecting via HTTPS to nordicmademedia[.]com
3304036ac3bbf6cb2205e30226c89a1a;logo.png Hosted on http://23.106.123[.]15/logo.png, BEACON malware connected via HTTPS to stonecrestnews.com
3633203d9a93fecfa9d4d9c06fc7fe36;LocalData.dll CEELOADER malware that obtains a payload from http://theandersonco[.]com/wp_info.php
e5aacf3103af27f9aaafa0a74b296d50;Unknown BEACON malware connecting via HTTPS to nordicmademedia[.]com
f3962456f7fc8d10644bf051ddb7c7ef;DiagView.dll CEELOADER malware that obtains a payload from http://tomasubiera[.]com/wp_getcontent.php

6e2069758228e8d69f8c0a82a88ca7433a0a71076c9b1cb0d4646ba8236edf23;NOBELIUM Indicators - Container https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
24caf54e7c3fe308444093f7ac64d6d520c8f44ea4251e09e24931bdb72f5548;NOBELIUM Indicators - Malicious LNK https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
6866041f93141697ec166fe64e35b00c5fcd5d009500ecf58dd0b7e28764b167;NOBELIUM Indicators - Malicious LNK https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
a4f1f09a2b9bc87de90891da6c0fca28e2f88fd67034648060cef9862af9a3bf;NOBELIUM Indicators - CobaltStrike https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
5f7d08eb2039a9d2e99ebf3d0ef2796b93d0a01e9b8ec403fec8fcdf46448693;NOBELIUM Indicators - Container https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
292e5b0a12fea4ff3fc02e1f98b7a370f88152ce71fe62670dd2f5edfaab2ff8;NOBELIUM Indicators - CobaltStrike https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
065e9471fb4425ec0b3a2fd15e1546d66002caca844866b0764cbf837c21a72a;NOBELIUM Indicators - Email Attachment https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
112f92cfecdc4e177458bc1caebcc4420b5879840f137f249fac360ddac64ddd;NOBELIUM Indicators - Container https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
a45a77ad5c138a149aa71fb323a1e2513e7ac416be263d1783a7db380d06d2fc;NOBELIUM Indicators - Container https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
88c95954800827cb68e1efdacd99093f7f9646d82613039472b5c90e5978444d;NOBELIUM Indicators - CobaltStrike https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
f5bc4a9ffc2d33d4f915e41090af71544d84b651fb2444ac91f6e56c1f2c70d5;NOBELIUM Indicators - Email Attachment https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
873717ea2ea01ae6cd2c2dca9d6f832a316a6e0370071bb4ee6ecff3163f8d18;NOBELIUM Indicators - Container https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
7bf3457087ea91164f86f4bb50ddb46c469c464c300228dba793f7bfe608c83e;NOBELIUM Indicators - Encrypted Payload https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
b81beb17622d4675a1c6f4efb358cc66903366df75eb5911bca725465160bdb6;NOBELIUM Indicators - Malicious LNK https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
f9a74ac540a6584fc3ba7ccc172f948c6b716cceea313ce1d9e7b735fa2a5687;NOBELIUM Indicators - CobaltStrike,CobaltStrike https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
dcf48223af8bb423a0b6d4a366163b9308e9102764f0e188318a53f18d6abd25;NOBELIUM Indicators - Email Attachment https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
d19ff098fe0f5947e08ec23be27d3a3355e14fb20135d8c4145126caa8be4b05;NOBELIUM Indicators - Container https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
1f5a915e75ad96e560cee3e24861cf6f8de299fdf79e1829453defbfe2013239;NOBELIUM Indicators - CobaltStrike,CobaltStrike https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
194f4d1823e93905ee346d7e1fffc256e0befd478735f4b961954df52558c618;NOBELIUM Indicators - Malicious LNK https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
2836e5553e1ae52a1591545b362d1a630e3fef7e6b7e8342a84008fe4a6473a9;NOBELIUM Indicators - Email Attachment https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
cfb57906cf9c5e9c91bc4aa065f7997b1b32b88ff76f253a73ee7f6cfd8fff2f;NOBELIUM Indicators - Email Attachment https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
98473e1b8f7bedd5cfa3b83dad611db48eee23faec452e62797fb7752228c759;NOBELIUM Indicators - Container https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
2ebbb99b8dae0c7b0931190fa81add987b44d4435dafcf53a9cde0f19bb91398;NOBELIUM Indicators - CobaltStrike,CobaltStrike https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
574b7a80d8b9791cb74608bc4a9fcba4e4574fafef8e57bdee340728445ebd16;NOBELIUM Indicators - Decoy Document https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
3c86859207ac6071220976c52cef99abf18ae37ae702c5d2268948dda370910b;NOBELIUM Indicators - Malicious LNK https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
279d5ef8f80aba530aaac8afd049fa171704fc703d9cfe337b56639732e8ce11;NOBELIUM Indicators - Email Attachment https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
749bf48a22ca161d86b6e36e71a6817b478a99d935cd721e8bf3dba716224c84;NOBELIUM Indicators - Container https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
cf1d992f776421f72eabc31d5afc2f2067ae856f1c9c1d6dc643a67cb9349d8c;NOBELIUM Indicators - 1st Stage https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
73ca0485f2c2c8ba95e00188de7f5509304e1c1eb20ed3a238b0aa9674f9104e;NOBELIUM Indicators - Decoy Document https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
eae312c5ec2028a2602c9654be679ecde099b2c0b148f8d71fca43706efe4c76;NOBELIUM Indicators - Malicious LNK https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
9301e48ea3fa7d39df871f04072ee47b9046d76aa378a1c5697f3b2c14aef1d6;NOBELIUM Indicators - Email Attachment https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
e41a7616a3919d883beb1527026281d66e7bcdaff99600e462d36a58f1bdc794;NOBELIUM Indicators - Container https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
60e20576b08a24cdaeaabc4849011885fb7517713226e2663031d9533d2187bc;NOBELIUM Indicators - Container https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
8199f309478e8ed3f03f75e7574a3e9bce09b4423bd7eb08bb5bff03af2b7c27;NOBELIUM Indicators - 1st Stage https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
0acb884f2f4cfa75b726cb8290b20328c8ddbcd49f95a1d761b7d131b95bafec;NOBELIUM Indicators - 1st Stage https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
d37347f47bb8c7831ae9bb902ed27a6ce85ddd9ba6dd1e963542fd63047b829c;NOBELIUM Indicators - Decoy Document https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
0585ed374f47d823f8fcbb4054ad06980b1fe89f3fa3484558e7d30f7b6e9597;NOBELIUM Indicators - Malicious LNK https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
eae312c5ec2028a2602c9654be679ecde099b2c0b148f8d71fca43706efe4c76;NOBELIUM Indicators - Malicious LNK https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
656384c4e5f9fe435d51edf910e7ba28b5c6d183587cf3e8f75fb2d798a01eeb;NOBELIUM Indicators - 2nd Stage https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
136f4083b67bc8dc999eb15bb83042aeb01791fc0b20b5683af6b4ddcf0bbc7d;NOBELIUM Indicators - 2nd Stage https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
23e20d630a8fd12600c2811d8f179f0e408dcb3e82600456db74cbf93a66e70f;NOBELIUM Indicators - 2nd Stage https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
b0bfe6a8aa031f7f5972524473f3e404f85520a7553662aaf886055007a57db5;NOBELIUM Indicators - 2nd Stage https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
f7e8c9d19efd71f5c8217bf12bdd3f6c88d5f56ab65fea02dc2777c5402a18f1;NOBELIUM Indicators - Email Attachment https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
b295c5ad4963bdffa764b93421c3dd512ca6733b79bdff2b99510e7d56a70935;NOBELIUM Indicators - 2nd Stage https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
6d08b767117a0915fb86857096b4219fd58596b42ccf61462b137432abd3920e;NOBELIUM Indicators - Malware https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
94786066a64c0eb260a28a2959fcd31d63d175ade8b05ae682d3f6f9b2a5a916;NOBELIUM Indicators - Container https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
2523f94bd4fba4af76f4411fe61084a7e7d80dec163c9ccba9226c80b8b31252;NOBELIUM Indicators - Container https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
ee42ddacbd202008bcc1312e548e1d9ac670dd3d86c999606a3a01d464a2a330;NOBELIUM Indicators - 2nd Stage https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
ee42ddacbd202008bcc1312e548e1d9ac670dd3d86c999606a3a01d464a2a330;NOBELIUM Indicators - 2nd Stage https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
7d34f25ad8099bd069c5a04799299f17d127a3866b77ee34ffb59cfd36e29673;NOBELIUM Indicators - Decoy Document https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
7d34f25ad8099bd069c5a04799299f17d127a3866b77ee34ffb59cfd36e29673;NOBELIUM Indicators - Decoy Document https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
48b5fb3fa3ea67c2bc0086c41ec755c39d748a7100d71b81f618e82bf1c479f0;NOBELIUM Indicators - Malicious LNK https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
48b5fb3fa3ea67c2bc0086c41ec755c39d748a7100d71b81f618e82bf1c479f0;NOBELIUM Indicators - Malicious LNK https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
9059c5b46dce8595fcc46e63e4ffbceeed883b7b1c9a2313f7208a7f26a0c186;NOBELIUM Indicators - Email Attachment https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
ca66b671a75bbee69a4a4d3000b45d5dc7d3891c7ee5891272ccb2c5aed5746c;NOBELIUM Indicators - Email Attachment https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
6df1d7191f6dd930642cc5c599efb54bfcc964b7a2e77f6007787de472b22a6a;NOBELIUM Indicators - Email Attachment https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
3b94cc71c325f9068105b9e7d5c9667b1de2bde85b7abc5b29ff649fd54715c4;NOBELIUM Indicators - 2nd Stage https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
60e20576b08a24cdaeaabc4849011885fb7517713226e2663031d9533d2187bc;NOBELIUM Indicators - Container https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
f006af714379fdd63923536d908f916f4c55480f3d07adadd53d5807e0c285ee;NOBELIUM Indicators - Container https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
89016b87e97a07b4e0263a18827defdeaa3e150b1523534bbdebe7305beabb64;NOBELIUM Indicators - Container https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
7ed1b6753c94250ad3c1c675eb644940c8104ff06a123252173c33cc1be5e434;NOBELIUM Indicators - Container https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
74202eed181e2b83dd0ab6f791a34a13bd94e63e86b82395f9443cb5aeddc891;NOBELIUM Indicators - Malicious LNK https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
2a352380d61e89c89f03f4008044241a38751284995d000c73acf9cad38b989e;NOBELIUM Indicators - CobaltStrike https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
776014a63bf3cc7034bd5b6a9c36c75a930b59182fe232535bb7a305e539967b;NOBELIUM Indicators - CobaltStrike https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
d37347f47bb8c7831ae9bb902ed27a6ce85ddd9ba6dd1e963542fd63047b829c;NOBELIUM Indicators - Decoy Document https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
7a3b27cf04b7f8110fc1eee5f9c4830d38ac00467fc856330115af4bffaf35b6;NOBELIUM Indicators - Decoy Document https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
eae312c5ec2028a2602c9654be679ecde099b2c0b148f8d71fca43706efe4c76;NOBELIUM Indicators - Malicious LNK https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
f88530bc87cf2c133c0a50e434ce0428694901fe7860abb42737097fdea56b30;NOBELIUM Indicators - Malicious LNK https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
69f0d85119123f3c2e4c052a83671732aced07312a05a3abf4ab0360c70f65de;NOBELIUM Indicators - Malicious LNK https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
4fbfeb7a0bb6b9841b92fa4e6b5a7bdb69c2a12ed39691c9495ff88cd6f58836;NOBELIUM Indicators - 2nd Stage https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
117317d623003995d639975774edd1bfe38cec7d24b22d3e48d22c91cf8636bb;NOBELIUM Indicators - 2nd Stage https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
c4ff632696ec6e406388e1d42421b3cd3b5f79dcb2df67e2022d961d5f5a9e78;NOBELIUM Indicators - CobaltStrike https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
0c14a791f8a48d2944a9fa842f45becb7309ad004695e38f48fca69135d327c6;NOBELIUM Indicators - CobaltStrike https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
bca5560a9a9dd54be76e4a8d63a66e9cfd731b0bd28524db05cc498bb5b56384;NOBELIUM Indicators - CobaltStrike https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
1c17c39af41a5d8f54441ce6b1cf925f6727a2ee9038284a8a7071c984d0460f;NOBELIUM Indicators - VaporRage https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
d7c05bd68e8bde3d13aa7dbd6911461104d06715da15d3ee7f75136fa8330cc2;NOBELIUM Indicators - Malicious LNK https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv

bf4f41403280c1b115650d470f9b260a5c9042c04d9bcc2a6ca504a66379b2d6;55;Vulnerable Log4j library ./apache-log4j-2.0-alpha2-bin/log4j-core-2.0-alpha2.jar
58e9f72081efff9bdaabd82e3b3efe5b1b9f1666cefe28f429ad7176a6d770ae;55;Vulnerable Log4j library ./apache-log4j-2.0-beta1-bin/log4j-core-2.0-beta1.jar
ed285ad5ac6a8cf13461d6c2874fdcd3bf67002844831f66e21c2d0adda43fa4;55;Vulnerable Log4j library ./apache-log4j-2.0-beta2-bin/log4j-core-2.0-beta2.jar
dbf88c623cc2ad99d82fa4c575fb105e2083465a47b84d64e2e1a63e183c274e;55;Vulnerable Log4j library ./apache-log4j-2.0-beta3-bin/log4j-core-2.0-beta3.jar
a38ddff1e797adb39a08876932bc2538d771ff7db23885fb883fec526aff4fc8;55;Vulnerable Log4j library ./apache-log4j-2.0-beta4-bin/log4j-core-2.0-beta4.jar
7d86841489afd1097576a649094ae1efb79b3147cd162ba019861dfad4e9573b;55;Vulnerable Log4j library ./apache-log4j-2.0-beta5-bin/log4j-core-2.0-beta5.jar
4bfb0d5022dc499908da4597f3e19f9f64d3cc98ce756a2249c72179d3d75c47;55;Vulnerable Log4j library ./apache-log4j-2.0-beta6-bin/log4j-core-2.0-beta6.jar
473f15c04122dad810c919b2f3484d46560fd2dd4573f6695d387195816b02a6;55;Vulnerable Log4j library ./apache-log4j-2.0-beta7-bin/log4j-core-2.0-beta7.jar
b3fae4f84d4303cdbad4696554b4e8d2381ad3faf6e0c3c8d2ce60a4388caa02;55;Vulnerable Log4j library ./apache-log4j-2.0-beta8-bin/log4j-core-2.0-beta8.jar
dcde6033b205433d6e9855c93740f798951fa3a3f252035a768d9f356fde806d;55;Vulnerable Log4j library ./apache-log4j-2.0-beta9-bin/log4j-core-2.0-beta9.jar
85338f694c844c8b66d8a1b981bcf38627f95579209b2662182a009d849e1a4c;55;Vulnerable Log4j library ./apache-log4j-2.0-bin/log4j-core-2.0.jar
db3906edad6009d1886ec1e2a198249b6d99820a3575f8ec80c6ce57f08d521a;55;Vulnerable Log4j library ./apache-log4j-2.0-rc1-bin/log4j-core-2.0-rc1.jar
ec411a34fee49692f196e4dc0a905b25d0667825904862fdba153df5e53183e0;55;Vulnerable Log4j library ./apache-log4j-2.0-rc2-bin/log4j-core-2.0-rc2.jar
a00a54e3fb8cb83fab38f8714f240ecc13ab9c492584aa571aec5fc71b48732d;55;Vulnerable Log4j library ./apache-log4j-2.0.1-bin/log4j-core-2.0.1.jar
c584d1000591efa391386264e0d43ec35f4dbb146cad9390f73358d9c84ee78d;55;Vulnerable Log4j library ./apache-log4j-2.0.2-bin/log4j-core-2.0.2.jar
8bdb662843c1f4b120fb4c25a5636008085900cdf9947b1dadb9b672ea6134dc;55;Vulnerable Log4j library ./apache-log4j-2.1-bin/log4j-core-2.1.jar
c830cde8f929c35dad42cbdb6b28447df69ceffe99937bf420d32424df4d076a;55;Vulnerable Log4j library ./apache-log4j-2.2-bin/log4j-core-2.2.jar
6ae3b0cb657e051f97835a6432c2b0f50a651b36b6d4af395bbe9060bb4ef4b2;55;Vulnerable Log4j library ./apache-log4j-2.3-bin/log4j-core-2.3.jar
535e19bf14d8c76ec00a7e8490287ca2e2597cae2de5b8f1f65eb81ef1c2a4c6;55;Vulnerable Log4j library ./apache-log4j-2.4-bin/log4j-core-2.4.jar
42de36e61d454afff5e50e6930961c85b55d681e23931efd248fd9b9b9297239;55;Vulnerable Log4j library ./apache-log4j-2.4.1-bin/log4j-core-2.4.1.jar
4f53e4d52efcccdc446017426c15001bb0fe444c7a6cdc9966f8741cf210d997;55;Vulnerable Log4j library ./apache-log4j-2.5-bin/log4j-core-2.5.jar
df00277045338ceaa6f70a7b8eee178710b3ba51eac28c1142ec802157492de6;55;Vulnerable Log4j library ./apache-log4j-2.6-bin/log4j-core-2.6.jar
28433734bd9e3121e0a0b78238d5131837b9dbe26f1a930bc872bad44e68e44e;55;Vulnerable Log4j library ./apache-log4j-2.6.1-bin/log4j-core-2.6.1.jar
cf65f0d33640f2cd0a0b06dd86a5c6353938ccb25f4ffd14116b4884181e0392;55;Vulnerable Log4j library ./apache-log4j-2.6.2-bin/log4j-core-2.6.2.jar
5bb84e110d5f18cee47021a024d358227612dd6dac7b97fa781f85c6ad3ccee4;55;Vulnerable Log4j library ./apache-log4j-2.7-bin/log4j-core-2.7.jar
ccf02bb919e1a44b13b366ea1b203f98772650475f2a06e9fac4b3c957a7c3fa;55;Vulnerable Log4j library ./apache-log4j-2.8-bin/log4j-core-2.8.jar
815a73e20e90a413662eefe8594414684df3d5723edcd76070e1a5aee864616e;55;Vulnerable Log4j library ./apache-log4j-2.8.1-bin/log4j-core-2.8.1.jar
10ef331115cbbd18b5be3f3761e046523f9c95c103484082b18e67a7c36e570c;55;Vulnerable Log4j library ./apache-log4j-2.8.2-bin/log4j-core-2.8.2.jar
dc815be299f81c180aa8d2924f1b015f2c46686e866bc410e72de75f7cd41aae;55;Vulnerable Log4j library ./apache-log4j-2.9.0-bin/log4j-core-2.9.0.jar
9275f5d57709e2204900d3dae2727f5932f85d3813ad31c9d351def03dd3d03d;55;Vulnerable Log4j library ./apache-log4j-2.9.1-bin/log4j-core-2.9.1.jar
f35ccc9978797a895e5bee58fa8c3b7ad6d5ee55386e9e532f141ee8ed2e937d;55;Vulnerable Log4j library ./apache-log4j-2.10.0-bin/log4j-core-2.10.0.jar
5256517e6237b888c65c8691f29219b6658d800c23e81d5167c4a8bbd2a0daa3;55;Vulnerable Log4j library ./apache-log4j-2.11.0-bin/log4j-core-2.11.0.jar
d4485176aea67cc85f5ccc45bb66166f8bfc715ae4a695f0d870a1f8d848cc3d;55;Vulnerable Log4j library ./apache-log4j-2.11.1-bin/log4j-core-2.11.1.jar
3fcc4c1f2f806acfc395144c98b8ba2a80fe1bf5e3ad3397588bbd2610a37100;55;Vulnerable Log4j library ./apache-log4j-2.11.2-bin/log4j-core-2.11.2.jar
057a48fe378586b6913d29b4b10162b4b5045277f1be66b7a01fb7e30bd05ef3;55;Vulnerable Log4j library ./apache-log4j-2.12.0-bin/log4j-core-2.12.0.jar
5dbd6bb2381bf54563ea15bc9fbb6d7094eaf7184e6975c50f8996f77bfc3f2c;55;Vulnerable Log4j library ./apache-log4j-2.12.1-bin/log4j-core-2.12.1.jar
c39b0ea14e7766440c59e5ae5f48adee038d9b1c7a1375b376e966ca12c22cd3;55;Vulnerable Log4j library ./apache-log4j-2.13.0-bin/log4j-core-2.13.0.jar
6f38a25482d82cd118c4255f25b9d78d96821d22bab498cdce9cda7a563ca992;55;Vulnerable Log4j library ./apache-log4j-2.13.1-bin/log4j-core-2.13.1.jar
54962835992e303928aa909730ce3a50e311068c0960c708e82ab76701db5e6b;55;Vulnerable Log4j library ./apache-log4j-2.13.2-bin/log4j-core-2.13.2.jar
e5e9b0f8d72f4e7b9022b7a83c673334d7967981191d2d98f9c57dc97b4caae1;55;Vulnerable Log4j library ./apache-log4j-2.13.3-bin/log4j-core-2.13.3.jar
68d793940c28ddff6670be703690dfdf9e77315970c42c4af40ca7261a8570fa;55;Vulnerable Log4j library ./apache-log4j-2.14.0-bin/log4j-core-2.14.0.jar
9da0f5ca7c8eab693d090ae759275b9db4ca5acdbcfe4a63d3871e0b17367463;55;Vulnerable Log4j library ./apache-log4j-2.14.1-bin/log4j-core-2.14.1.jar
006fc6623fbb961084243cfc327c885f3c57f2eba8ee05fbc4e93e5358778c85;55;Vulnerable Log4j library ./log4j-2.0-alpha1/log4j-core-2.0-alpha1.jar

4f8417af3a6f75780e09c5792397a05f;Malicious iLO Board components https://threats.amnpardaz.com/en/2021/12/28/implant-arm-ilobleed-a/
8433650ef98fd8790877e6616c02b66c;Malicious iLO Board components https://threats.amnpardaz.com/en/2021/12/28/implant-arm-ilobleed-a/
ae22d82a3e954ecf911b834463dbfbbe;Malicious iLO Board components https://threats.amnpardaz.com/en/2021/12/28/implant-arm-ilobleed-a/
1fdb4270665177ecb1c9708039bab934;Malicious iLO Board components https://threats.amnpardaz.com/en/2021/12/28/implant-arm-ilobleed-a/
7df3b258ca3c12f0f8de77469456e25d;Malicious iLO Board components https://threats.amnpardaz.com/en/2021/12/28/implant-arm-ilobleed-a/
9ab97c5b03664da18ab1f775dc11c200;Malicious iLO Board components https://threats.amnpardaz.com/en/2021/12/28/implant-arm-ilobleed-a/
7df3b258ca3c12f0f8de77469456e25d;Malicious iLO Board components https://threats.amnpardaz.com/en/2021/12/28/implant-arm-ilobleed-a/
9ab97c5b03664da18ab1f775dc11c200;Malicious iLO Board components https://threats.amnpardaz.com/en/2021/12/28/implant-arm-ilobleed-a/
64d0143d638885745b241796268eb0b2;Malicious iLO Board components https://threats.amnpardaz.com/en/2021/12/28/implant-arm-ilobleed-a/
bdeeab3994ec5d0b93d961148a6b712d;Malicious iLO Board components https://threats.amnpardaz.com/en/2021/12/28/implant-arm-ilobleed-a/

D94962550B90DDB3F80F62BD96BD9858;MoonBounce APT - EFI Rootkit – Malicious CORE_DXE - https://securelist.com/moonbounce-the-dark-side-of-uefi-firmware/105468/
C3B153347AED27435A18E789D8B67E0A;MoonBounce APT - Modified WMI DLL Launcher - https://securelist.com/moonbounce-the-dark-side-of-uefi-firmware/105468/
4D5EB9F6F501B4F6EDF981A3C6C4D6FA;MoonBounce APT - StealthVector - https://securelist.com/moonbounce-the-dark-side-of-uefi-firmware/105468/
E7155C355C90DC113476DDCF765B187D;MoonBounce APT - StealthVector - https://securelist.com/moonbounce-the-dark-side-of-uefi-firmware/105468/
899608DE6B59C63B4AE219C3C13502F5;MoonBounce APT - StealthVector - https://securelist.com/moonbounce-the-dark-side-of-uefi-firmware/105468/
4EF90CEEF2CC9FF3121B34A9891BB28D;MoonBounce APT - StealthVector - https://securelist.com/moonbounce-the-dark-side-of-uefi-firmware/105468/
CFF2772C44F6F86661AB0A4FFBF86833;MoonBounce APT - StealthVector - https://securelist.com/moonbounce-the-dark-side-of-uefi-firmware/105468/
5F9020983A61446A77AF1976247C443D;MoonBounce APT - InstallUtil Launcher - https://securelist.com/moonbounce-the-dark-side-of-uefi-firmware/105468/
0603C8AAECBDC523CBD3495E93AFB20C;MoonBounce APT - StealthMutant - https://securelist.com/moonbounce-the-dark-side-of-uefi-firmware/105468/
8C7598061D1E8741B8389A80BFD8B8F5;MoonBounce APT - StealthMutant - https://securelist.com/moonbounce-the-dark-side-of-uefi-firmware/105468/
F9F9D6FB3CB94B1CDF9E437141B59E16;MoonBounce APT - StealthMutant - https://securelist.com/moonbounce-the-dark-side-of-uefi-firmware/105468/
5FE6CE9C48D0AE98EC2CA1EC9759AAD9;MoonBounce APT - Microcin - https://securelist.com/moonbounce-the-dark-side-of-uefi-firmware/105468/
50FF717A8E3106DDBF00FB42212879C5;MoonBounce APT - Microcin - https://securelist.com/moonbounce-the-dark-side-of-uefi-firmware/105468/
D98614600775781673B6DF397CC4F476;MoonBounce APT - Microcin - https://securelist.com/moonbounce-the-dark-side-of-uefi-firmware/105468/
C9B250099E2DD27BB4170836AC480FE0;MoonBounce APT - Go Implant - https://securelist.com/moonbounce-the-dark-side-of-uefi-firmware/105468/
97EF7B8FCDCB0C0D9FBB93D0F7E6E3B6;MoonBounce APT - Go Implant - https://securelist.com/moonbounce-the-dark-side-of-uefi-firmware/105468/
4E4388D7967E0433D400C60475974D50;MoonBounce APT - Mimikat_SSP - https://securelist.com/moonbounce-the-dark-side-of-uefi-firmware/105468/
5F1C7602688E67F299F5BD533FA07880;MoonBounce APT - Mimikat_SSP - https://securelist.com/moonbounce-the-dark-side-of-uefi-firmware/105468/
45E862964EF4EFDEA181F3927D20E96D;MoonBounce APT - xTalker Rootkit - https://securelist.com/moonbounce-the-dark-side-of-uefi-firmware/105468/
4BC82105403974AA24BF02CFB66B8F7C;MoonBounce APT - xTalker Rootkit - https://securelist.com/moonbounce-the-dark-side-of-uefi-firmware/105468/

707B8684009665742B9C6D801C12B9803F33FC518CB6BF513B4FA15A9E72E106;MoonBounce APT - EFI Rootkit - https://securelist.com/moonbounce-the-dark-side-of-uefi-firmware/105468/
F17C1F644CEF38D7083CD6DDEB52BFDA2D36D0376EA38CC3F413CAB2CA16CA7D;MoonBounce APT - EFI Rootkit - https://securelist.com/moonbounce-the-dark-side-of-uefi-firmware/105468/

FD9C17C35A68FC505235E20C6E50C622AED8DEA0;Industroyer2 Report - 108_100.exe Win32/Industroyer.B Industroyer2 - https://www.welivesecurity.com/2022/04/12/industroyer2-industroyer-reloaded/
6FA04992C0624C7AA3CA80DA6A30E6DE91226A16;Industroyer2 Report - zrada.exe Win32/Agent.AECG ArguePatch - https://www.welivesecurity.com/2022/04/12/industroyer2-industroyer-reloaded/
9CE1491CE69809F92AE1FE8D4C0783BD1D11FBE7;Industroyer2 Report - pa.pay N/A TailJump (Encrypted CaddyWiper) - https://www.welivesecurity.com/2022/04/12/industroyer2-industroyer-reloaded/
0090CB4DE31D2D3BCA55FD4A36859921B5FC5DAE;Industroyer2 Report - link.ps1 PowerShell/HackTool.Agent.AH Script which enumerates GPO - https://www.welivesecurity.com/2022/04/12/industroyer2-industroyer-reloaded/
D27D0B9BB57B2BAB881E0EFB97C740B7E81405DF;Industroyer2 Report - sc.sh Linux/Agent.PC trojan OrcShred (Linux worm) - https://www.welivesecurity.com/2022/04/12/industroyer2-industroyer-reloaded/
3CDBC19BC4F12D8D00B81380F7A2504D08074C15;Industroyer2 Report - wobf.sh Linux/KillFiles.C trojan AwfulShred (Linux wiper) - https://www.welivesecurity.com/2022/04/12/industroyer2-industroyer-reloaded/
8FC7646FA14667D07E3110FE754F61A78CFDE6BC;Industroyer2 Report - wsol.sh Linux/KillFiles.B trojan SoloShred (Solaris wiper) - https://www.welivesecurity.com/2022/04/12/industroyer2-industroyer-reloaded/

164f6a8f7d2035ea47514ea84294348e32c90d817724b80ad9cd3af6f93d83f8;Lazarus IOCs https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lazarus-dream-job-chemical
18686d04f22d3b593dd78078c9db0ac70f66c7138789ad38469ec13162b14cef;Lazarus IOCs https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lazarus-dream-job-chemical
1cb8ea3e959dee988272904dbb134dad93539f2c07f08e1d6e10e75a019b9976;Lazarus IOCs https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lazarus-dream-job-chemical
2dd29b36664b28803819054a59934f7a358a762068b18c744281e1589af00f1f;Lazarus IOCs https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lazarus-dream-job-chemical
32bfdf1744077c9365a811d66a6ea152831a60a4f94e671a83228016fc87615f;Lazarus IOCs https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lazarus-dream-job-chemical
35de8163c433e8d9bf6a0097a506e3abbb8308330d3c5d1dea6db71e1d225fc3;Lazarus IOCs https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lazarus-dream-job-chemical
4277fcaada4939b76a3df4515b7f74837bf8c4b75d4ff00f8d464169eede01e3;Lazarus IOCs https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lazarus-dream-job-chemical
4446efafb4b757f7fc20485198236bed787c67ceffc05f70cd798612424384ce;Lazarus IOCs https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lazarus-dream-job-chemical
48f3ead8477f3ef16da6b74dadc89661a231c82b96f3574c6b7ceb9c03468291;Lazarus IOCs https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lazarus-dream-job-chemical
4a2236596e92fa704d8550c56598855121430f96fe088712b043cba516f1c76c;Lazarus IOCs https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lazarus-dream-job-chemical
54029bd4fcc24551564942561a60b906bee136264f24f43775b7a8e15095a9e0;Lazarus IOCs https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lazarus-dream-job-chemical
56da872e8b0f145417defd4a37f357b2f73f244836ee30ac27af7591cda2d283;Lazarus IOCs https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lazarus-dream-job-chemical
5e7edc8f1c652f53a6d2eabfbd9252781598de91dbe59b7a74706f69eb52b287;Lazarus IOCs https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lazarus-dream-job-chemical
5f20cc6a6a82b940670a0f89eda5d68f091073091394c362bfcaf52145b058db;Lazarus IOCs https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lazarus-dream-job-chemical
61e305d6325b1ffb6de329f1eb5b3a6bcafa26c856861a8200d717df0dec48c4;Lazarus IOCs https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lazarus-dream-job-chemical
67f1db122ad8f01e5faa60e2facf16c0752f6ab24b922f218efce19b0afaf607;Lazarus IOCs https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lazarus-dream-job-chemical
7491f298e27eb7ce7ebbf8821527667a88eecd5f3bc5b38cd5611f7ebefde21e;Lazarus IOCs https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lazarus-dream-job-chemical
79b7964bde948b70a7c3869d34fe5d5205e6259d77d9ac7451727d68a751aa7d;Lazarus IOCs https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lazarus-dream-job-chemical
7aa62af5a55022fd89b3f0c025ea508128a03aab5bc7f92787b30a3e9bc5c6e4;Lazarus IOCs https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lazarus-dream-job-chemical
8769912b9769b4c11aabc523a699d029917851822d4bc1cb6cc65b0c27d2b135;Lazarus IOCs https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lazarus-dream-job-chemical
8aace6989484b88abc7e3ec6f70b60d4554bf8ee0f1ccad15db84ad04c953c2d;Lazarus IOCs https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lazarus-dream-job-chemical
942489ce7dce87f7888322a0e56b5e3c3b0130e11f57b3879fbefc48351a78f6;Lazarus IOCs https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lazarus-dream-job-chemical
a881c9f40c1a5be3919cafb2ebe2bb5b19e29f0f7b28186ee1f4b554d692e776;Lazarus IOCs https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lazarus-dream-job-chemical
bdb76c8d0afcd6b57c8f1fa644765b95375af2c3a844c286db7f60cf9ca1a22a;Lazarus IOCs https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lazarus-dream-job-chemical
d815fb8febaf113f3cec82f552dfec1f205071a0492f7e6a2657fa6b069648c6;Lazarus IOCs https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lazarus-dream-job-chemical
e1997d1c3d84c29e02b1b7b726a0d0f889a044d7cd339f4fb88194c2c0c6606d;Lazarus IOCs https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lazarus-dream-job-chemical
e31af5131a095fbc884c56068e19b0c98636d95f93c257a0c829ec3f3cc8e4ba;Lazarus IOCs https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lazarus-dream-job-chemical
ef987baef9a1619454b14e1fec64283808d4e0ce16fb87d06049bfcf9cf56af3;Lazarus IOCs https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lazarus-dream-job-chemical
f29d386bdf77142cf2436797fba1f8b05fab5597218c2b77f57e46b8400eb9de;Lazarus IOCs https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lazarus-dream-job-chemical
f7359490d6c141ef7a9ee2c03dbbd6ce3069e926d83439e1f8a3dfb3a7c3dc94;Lazarus IOCs https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lazarus-dream-job-chemical
f8995634b102179a5d3356c6f353cb3a42283d9822e157502486262a3af4447e;Lazarus IOCs https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lazarus-dream-job-chemical
ff167e09b3b7ad6ed1dead9ee5b4747dd308699a00905e86162d1ec1b61e0476;Lazarus IOCs https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lazarus-dream-job-chemical

647ebdca2ef6b74b17bb126df19bf0ed88341650;WhisperGate IOCs - loader2132.exe - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
24f71409bde9d01e3519236e66f3452236302e46;WhisperGate IOCs - saint.exe - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
1e3497ac435936be06ba665a4acd06b850cf56b4;WhisperGate IOCs - loader.exe - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
981319f00b654d0142430082f2e636ef69a377d9;WhisperGate IOCs - Yudjcfoyg.exe - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
e0dbe49c9398a954095ee68186f391c288b9fcc5;WhisperGate IOCs - Project_1.exe - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
0ba64c284dc0e13bc3f7adfee084ed25844da3d2;WhisperGate IOCs - Hjtiyz.jpg - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
6b8eab6713abb7c1c51701f12f23cdff2ff3a243;WhisperGate IOCs - Ltfckzl.jpg - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
3bbb84206f0c81f7fd57148f913db448a8172e92;WhisperGate IOCs - Vgdnggv.jpg - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
7c77b1c72a2228936e4989de2dfab95bfbbbc737;WhisperGate IOCs - Pfiegomql.jpg - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
c0cd6f8567df73e9851dbca4f7c4fbfe4813a2e1;WhisperGate IOCs - Fezpwij.jpg - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
d6830184a413628db9946faaae8b08099c0593a0;WhisperGate IOCs - Bqpptgcal.jpg - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
d083da96134924273a7cbc8b6c51c1e92de4f9e1;WhisperGate IOCs - loader.jpg - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
d599f16e60a916f38f201f1a4e6d73cb92822502;WhisperGate IOCs - Debythht.jpg - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
9b9374a5e376492184a368fcc6723a7012132eae;WhisperGate IOCs - Dmhdgocsp.jpg - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
86bd95db7b514ea0185dba7876fa612fae42b715;WhisperGate IOCs - Zysyrokzk.jpg - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
e7917df9feabfedae47d8b905136d52cb5cb7f37;WhisperGate IOCs - Baeipiyd.jpg - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
b2d863fc444b99c479859ad7f012b840f896172e;WhisperGate IOCs - Tbopbh.jpg - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
d85e1614cf4a1e9ec632580b62b0ecb5f8664352;WhisperGate IOCs - Lxkdjr.jpg - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
08f0b0d66d370151fd8a265b1f9be8be61cc1aa9;WhisperGate IOCs - Twojt.bin - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
5ac592332a406d5b2dcfc81b131d261da7e791d2;WhisperGate IOCs - Rvlxi.bin - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
052825569c880212e1e39898d387ef50238aaf35;WhisperGate IOCs - Yarfe.bin - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
4c2a0f44b176ba83347062df1d56919a25445568;WhisperGate IOCs - Ftvqpq.bin - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
d51214461fc694a218a01591c72fe89af0353bc1;WhisperGate IOCs - Pkbsu.bin - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
1125b2c3c91491aa71e0536bb9a8a1b86ff8f641;WhisperGate IOCs - Pkcxiu.bin - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
37f54f121bcae65b4b3dd680694a11c5a5dfc406;WhisperGate IOCs - loader.bin - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
4facd9a973505bb00eb1fd9687cbab906742df73;WhisperGate IOCs - loader.bin - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
376a2339cbbb94d33f82dea2ea78bb011485e0d9;WhisperGate IOCs - Qmpnrffn.bin - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
b6793fc62b27ee3cce24e9e63e3108a777f71904;WhisperGate IOCs - Vpzhote.bin - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
1fc463b2f53ba0889c90cc2b7866afae45a511de;WhisperGate IOCs - Yymmdbfrb.bin - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
ff71f9defc2dd27b488d961ce0fbc6ece56b2962;WhisperGate IOCs - Zlhmmwutx.bin - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
13ca079770f6f9bdddfea5f9d829889dc1fbc4ed;WhisperGate IOCs - Xhlnfjeqy.bin - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
c99c982d1515ade3da81268e79f5e5f7d550aabd;WhisperGate IOCs - Gpfsqm.png - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
d6ffa42548ff12703e38c5db6c9c39c34fe3d82a;WhisperGate IOCs - Ktlbo.png - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
bd5116865bcf066758f817ba9385cc7d001ecad9;WhisperGate IOCs - Vgdnggv.png - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
034c0d73b21cf17c25c086d19a6ef3bb8a06bab7;WhisperGate IOCs - Rsscffiiu.png - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
69e4efc8000a473d2b2c0067f317b22664453205;WhisperGate IOCs - loader.png - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
424f7a756f72f1da9012859bf86ad7651bafa937;WhisperGate IOCs - Wmztvc.png - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
6c64e1f2ba11ecff5e899f880d14da42acf3f699;WhisperGate IOCs - Ygxdlt.png - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
fa8a373e837d7be2fce0bfe073a6fdeaefc56ca1;WhisperGate IOCs - Fewbfaklk.png - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
0eccc0aa674fd9fc27023c70067e630fd5d21cd6;WhisperGate IOCs - www.google.png - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
6e11c3e119499f11b83787cc4bb5f2751bd90219;WhisperGate IOCs - Nxoaa.com - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
8a93bfd9e70611547a420971662d113b6b3c6234;WhisperGate IOCs - Lxkdjr.com - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
b19d5f0d8696271aff5af616b91a4cdc73981934;WhisperGate IOCs - www.google.com - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
b5e3e65cd6b09b17d4819a1379dde7db3e33813b;WhisperGate IOCs - Cpdfx.jpeg - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
d92e315f3c290a7e71950480f074af5b59e8bd3d;WhisperGate IOCs - Mtubbb.jpeg - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
fb83899dc633c59a8473a3048c9aacce7e1bf8d8;WhisperGate IOCs - Kzwolw.jpeg - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
5fbd9bd73040d7a2cac0fc21d2fe29ebe57fb597;WhisperGate IOCs - Fczdcmep.jpeg - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
90fa56e79765d27d35706d028d32dc5be7efb623;WhisperGate IOCs - Jdeiipc.jpeg - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
cd8ef5a2543a2535416655f861c574c63e9008ea;WhisperGate IOCs - 5415.jpeg - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
72a45d6bfde93eb92a7b7a1ea284f35e1d24203a;WhisperGate IOCs - 000.jpeg - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
d2a697fc1b61888c49a48ce094e400b62a71201d;WhisperGate IOCs - Ofewufeiy.exe - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
bddb6994656659d098d6040dc895e90877fb1266;WhisperGate IOCs - load.exe - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
00d6c66ab2fd1810628d13980cc73275884933b1;WhisperGate IOCs - loader.exe - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
12f50a97955497c49f9603ea2531384e430f0df5;WhisperGate IOCs - loader.exe - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
27c176bbd3e254d5e46ccb865d29c8c166ba4a9f;WhisperGate IOCs - Wdlord.bin - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
88c76d31b046227d82f94db87697b25e482eb398;WhisperGate IOCs - Ofewufeiy.bin - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
2e113050a81bbd0774db7e86fad4abd44e5b6ec2;WhisperGate IOCs - Bdfjvu.bin - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
db370ee79d9b4bd44e07f425d7b06beffc8bdded;WhisperGate IOCs - Jdnpanki.bin - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
88e5bf24bd0f01778217c4fcdb37b76929c2d32b;WhisperGate IOCs - downloader.bin - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
f6acdc16c695c3c219116aea3d585efedcafdab5;WhisperGate IOCs - up74987340.bin - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
c3181fd7cb463893fc73974acc0016605d90ef6c;WhisperGate IOCs - Tdivhgry.png - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
731dab83ef1d02203db64fbefbe59f3791db1e21;WhisperGate IOCs - Mbowytboz.png - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
50566fdea2f4b8a3466427f9c6798dabe2587823;WhisperGate IOCs - Tlmbluje.png - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
5dbd68dd3bab6f3a06e303d68bb23e37994084eb;WhisperGate IOCs - loader.png - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
ac618c4ece55eca2b067bedd2ce963b8ada30b40;WhisperGate IOCs - antidef.bat - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
a0074dbb3316eb570c08219609921a33052d7356;WhisperGate IOCs - antidef.bat - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
c4f8d6354ef3ee4e437aa7312df0121446d3a71f;WhisperGate IOCs - antidef.bat - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
d9c2ce9c53f10cd12844a98270b4559e9fbfde44;WhisperGate IOCs - antidef.bat - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
87a36b87bade46d0b0614b104152db7814808b21;WhisperGate IOCs - antidef.bat - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
4ac3c035909101ebddcb78573723d4d48b293a6e;WhisperGate IOCs - loader_exe_64_97975_1.exe - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
f990e9c85cd196f9380930e951fbc2085fdf76b7;WhisperGate IOCs - api_signed_3.exe - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
e8623063485c61d7411fab8f72cfdbab08f29131;WhisperGate IOCs - api_crypted_2.exe - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
e0770b79e372f2cab86ae2ec33b5160708059eee;WhisperGate IOCs - payload.exe - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
2ee451947da9efdee0e9f39c9623f388297db6b4;WhisperGate IOCs - test2.exe - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
c681f91c80673deff9f6efa61060f597fc0c1cd0;WhisperGate IOCs - payload.exe - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
d8d875f31c4d7c40cfd6483d6b250943d4f5e437;WhisperGate IOCs - api177_crypted.exe - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
f24c3237a1612888c8b5526e557a963f3b73e984;WhisperGate IOCs - api177_signed.exe - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
76152dc6243ae29d8315f24f6e9449d620f672cd;WhisperGate IOCs - Fearsomely.exe - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
d08d894023b16b8374466e6e9ede97f56f7cd4c7;WhisperGate IOCs - firstgoon.exe - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
f7ab3996edf81551fdd867fdd28a616491445c38;WhisperGate IOCs - test4.exe - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
31ef83a2032cdcc2412991a8fbfe75ed1eed11e8;WhisperGate IOCs - documents.exe - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
d08d894023b16b8374466e6e9ede97f56f7cd4c7;WhisperGate IOCs - firstgoon1.exe - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
8b9e47457a645d41b98ba07249e8cc3406831cb5;WhisperGate IOCs - 7.exe - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
f9b6fff55fef34fc49432c8338eb3e9c0c44286e;WhisperGate IOCs - Matrix_MAX.exe - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
b91ede2fa35ea3d4031fb51c32bc8211ab5f1e75;WhisperGate IOCs - crypted.exe - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
d665b0cfd313d8a72586b0515b92496dd7dc4bb0;WhisperGate IOCs - crypted_2.exe - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
4a434c738e402242ecca92182312f04ce336ff86;WhisperGate IOCs - work.exe - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
3e50a761cd4bbd9eeaf8f6b9629f9ce871d6f2dd;WhisperGate IOCs - SLP.exe - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
6c216522d2a1211399fb08567fcdec1d341340e3;WhisperGate IOCs - Downloader.exe - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
6d11b5e4fce9c580b06298ca3dd4a6134fe4b520;WhisperGate IOCs - Xhlnfjeqy.exe - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
3ac2d185c28548d43ea47b8fa3795b4308a4c39d;WhisperGate IOCs - Jdnpanki.exe - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
e0770b79e372f2cab86ae2ec33b5160708059eee;WhisperGate IOCs - payload.vbs payload_2.vbs - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
98ab3ae46358a66c480810d1e4f24ef730e4dc7e;WhisperGate IOCs - 1.rar - https://www.cisa.gov/uscert/ncas/alerts/aa22-057a

BB93AE0FEE817FE56C31BDC997F3F7D57A48C187;Winnti IOCs STASHLOG https://www.cybereason.com/blog/operation-cuckoobees-a-winnti-malware-arsenal-deep-dive#iocs
4D1B8791D0715FE316B43FC95BDC335CB31A82CA;Winnti IOCs STASHLOG https://www.cybereason.com/blog/operation-cuckoobees-a-winnti-malware-arsenal-deep-dive#iocs
2D336978AF261E07B1ECFAF65DC903B239E287A4;Winnti IOCs STASHLOG https://www.cybereason.com/blog/operation-cuckoobees-a-winnti-malware-arsenal-deep-dive#iocs
F2D04FE529E2D8DAB96242305255CFB84CE81E9C;Winnti IOCs STASHLOG https://www.cybereason.com/blog/operation-cuckoobees-a-winnti-malware-arsenal-deep-dive#iocs
F8D46895E738254238473D650D99BDC92C34EE44;Winnti IOCs SPARKLOG https://www.cybereason.com/blog/operation-cuckoobees-a-winnti-malware-arsenal-deep-dive#iocs
9267FE0BB6D367FC9186E89EA65B13BAA7418D87;Winnti IOCs PRIVATELOG https://www.cybereason.com/blog/operation-cuckoobees-a-winnti-malware-arsenal-deep-dive#iocs
A009A0F5A385683AEA74299CBE6D5429C609F2D2;Winnti IOCs PRIVATELOG https://www.cybereason.com/blog/operation-cuckoobees-a-winnti-malware-arsenal-deep-dive#iocs
1316F715D228AE6CC1FBA913C6CC309861F82E14;Winnti IOCs PRIVATELOG https://www.cybereason.com/blog/operation-cuckoobees-a-winnti-malware-arsenal-deep-dive#iocs
1275894D8231FE25DB56598DDCF869F88DF5AD8D;Winnti IOCs WINNKIT https://www.cybereason.com/blog/operation-cuckoobees-a-winnti-malware-arsenal-deep-dive#iocs
9139C89B2B625E2CEEE2CBF72AEF6C5104707A26;Winnti IOCs WINNKIT https://www.cybereason.com/blog/operation-cuckoobees-a-winnti-malware-arsenal-deep-dive#iocs
082DBCA2C3CA5C5410DE9951A5C681F0C42235C8;Winnti IOCs WINNKIT https://www.cybereason.com/blog/operation-cuckoobees-a-winnti-malware-arsenal-deep-dive#iocs

9fc7df2b2539ec3abeb90848903ad608a1101345;metaMain CDB Injector cdb.in - https://assets.sentinelone.com/sentinellabs22/metador
e7f68dc6b8e4cabe5773a5b0b2306a404706de48;metaMain DLL Loader speech02.db - https://assets.sentinelone.com/sentinellabs22/metador
0397b92bd8606e2b11ec6518c2df43decaf02382;metaMain Orchestrator speech03.db - https://assets.sentinelone.com/sentinellabs22/metador
0f021a6c32f4d9053a9d8fb36749f8c434376fd1;Mafalda v. 143 Mode 0 - Over TCP fcache11.db - https://assets.sentinelone.com/sentinellabs22/metador
fdec8be5d5f2693fbfa36fdf38aa8f9932c6a34a;Mafalda v. 143 Mode 2 - Over HTTP fcache13.db - https://assets.sentinelone.com/sentinellabs22/metador
00f2176edb17d970005fc70a66ecc587a84f8620;Mafalda v.144 (Obfuscated)Mode 0 - Over TCP fcache11.db - https://assets.sentinelone.com/sentinellabs22/metador
3e2724b9a8ecf05661d91b02accdc1da7e43d513;Mafalda v.144 (Obfuscated)Mode 2 - Over HTTP fcache13.db - https://assets.sentinelone.com/sentinellabs22/metador
b5d35c1e75330c0b26ebbd562191beb7f03d726b;Mafalda v.144 (Obfuscated)Mode 3 - Over pipes fcache14.db - https://assets.sentinelone.com/sentinellabs22/metador

2716c60c28cf7f7568f55ac33313468b;UNC2886 report - Malicious VIB .vgz Payload https://www.mandiant.com/resources/blog/esxi-hypervisors-malware-persistence
5ffa6d539a4d7bf5aacc4d32e198cc1607d4a522;UNC2886 report - Malicious VIB .vgz Payload https://www.mandiant.com/resources/blog/esxi-hypervisors-malware-persistence
2be5f4520846bf493b4694789841907d058fe08d59fff6bad7abe1db8ed96e7d;UNC2886 report - Malicious VIB .vgz Payload https://www.mandiant.com/resources/blog/esxi-hypervisors-malware-persistence
bd6e38b6ff85ab02c1a4325e8af29ce4;UNC2886 report - Malicious VIB Deployment Script https://www.mandiant.com/resources/blog/esxi-hypervisors-malware-persistence
17fb90d01403cb3d1566c91560f8f4b7dd139aa8;UNC2886 report - Malicious VIB Deployment Script https://www.mandiant.com/resources/blog/esxi-hypervisors-malware-persistence
e68872c49aaedeb3bde3ff5fd2ad6f70658687dc02d04f12ebc7cb28e821cc88;UNC2886 report - Malicious VIB Deployment Script https://www.mandiant.com/resources/blog/esxi-hypervisors-malware-persistence
8e80b40b1298f022c7f3a96599806c43;UNC2886 report - VIRTUALPITA https://www.mandiant.com/resources/blog/esxi-hypervisors-malware-persistence
e9cbac1f64587ce1dc5b92cde9637affb3b58577;UNC2886 report - VIRTUALPITA https://www.mandiant.com/resources/blog/esxi-hypervisors-malware-persistence
c2ef08af063f6d416233a4b2b2e991c177fc72d70a76c24bca9080521d41040f;UNC2886 report - VIRTUALPITA https://www.mandiant.com/resources/blog/esxi-hypervisors-malware-persistence
61ab3f6401d60ec36cd3ac980a8deb75;UNC2886 report - VIRTUALPIE https://www.mandiant.com/resources/blog/esxi-hypervisors-malware-persistence
93d5c4ebec2aa45dcbd6ddbaad5d80614af82f84;UNC2886 report - VIRTUALPIE https://www.mandiant.com/resources/blog/esxi-hypervisors-malware-persistence
4cf3e0b60e880e6a6ba9f45187ac5454813ae8c2031966d8b264ae0d1e15e70d;UNC2886 report - VIRTUALPIE https://www.mandiant.com/resources/blog/esxi-hypervisors-malware-persistence
9ea86dccd5bbde47f8641b62a1eeff07;UNC2886 report - Malicious VIB Payload https://www.mandiant.com/resources/blog/esxi-hypervisors-malware-persistence
b90b19781fde2c35963eb3eac4ce2acc6f5019fb;UNC2886 report - Malicious VIB Payload https://www.mandiant.com/resources/blog/esxi-hypervisors-malware-persistence
23eb8d056f18e7c69ec3568f2833c9d09e91df98d11b11de235331ef42756fe5;UNC2886 report - Malicious VIB Payload https://www.mandiant.com/resources/blog/esxi-hypervisors-malware-persistence
9d5cc1ee99ccb1ec4d20be1cee10173e;UNC2886 report - Malicious VIB Deployment Script https://www.mandiant.com/resources/blog/esxi-hypervisors-malware-persistence
9d191849d6c57bc8a052ec3dac2aa9f57c3fe0cd;UNC2886 report - Malicious VIB Deployment Script https://www.mandiant.com/resources/blog/esxi-hypervisors-malware-persistence
4d995eb87b0685124b7f1640d1ab431f5a1ab991ade02750b876ed5c523234bb;UNC2886 report - Malicious VIB Deployment Script https://www.mandiant.com/resources/blog/esxi-hypervisors-malware-persistence
2c28ec2d541f555b2838099ca849f965;UNC2886 report - VIRTUALPITA https://www.mandiant.com/resources/blog/esxi-hypervisors-malware-persistence
e35733db8061b57b8fcdb83ab51a90d0a8ba618c;UNC2886 report - VIRTUALPITA https://www.mandiant.com/resources/blog/esxi-hypervisors-malware-persistence
505eb3b90cd107cf7e2c20189889afdff813b2fbb98bbdeab65cde520893b168;UNC2886 report - VIRTUALPITA https://www.mandiant.com/resources/blog/esxi-hypervisors-malware-persistence
744e2a4c1da48869776827d461c2b2ec;UNC2886 report - VIRTUALPITA https://www.mandiant.com/resources/blog/esxi-hypervisors-malware-persistence
a3cc666e0764e856e65275bd4f32a56d76e51420;UNC2886 report - VIRTUALPITA https://www.mandiant.com/resources/blog/esxi-hypervisors-malware-persistence
4a6f559426493abc0d056665f23457e2779abd3482434623e1f61f4cd5b41843;UNC2886 report - VIRTUALPITA https://www.mandiant.com/resources/blog/esxi-hypervisors-malware-persistence
93d50025b81d3dbcb2e25d15cae03428;UNC2886 report - VIRTUALPITA https://www.mandiant.com/resources/blog/esxi-hypervisors-malware-persistence
abff003edf67e77667f56bbcfc391e2175cb0f8a;UNC2886 report - VIRTUALPITA https://www.mandiant.com/resources/blog/esxi-hypervisors-malware-persistence
13f11c81331bdce711139f985e6c525915a72dc5443fbbfe99c8ec1dd7ad2209;UNC2886 report - VIRTUALPITA https://www.mandiant.com/resources/blog/esxi-hypervisors-malware-persistence
fe34b7c071d96dac498b72a4a07cb246;UNC2886 report - VIRTUALPITA https://www.mandiant.com/resources/blog/esxi-hypervisors-malware-persistence
0962e10dc34256c6b31509a5ced498f8f6a3d6b6;UNC2886 report - VIRTUALPITA https://www.mandiant.com/resources/blog/esxi-hypervisors-malware-persistence
5731d988781c9a1d2941f7333615f6292fb359f6d48498f32c29878b5bedf00f;UNC2886 report - VIRTUALPITA https://www.mandiant.com/resources/blog/esxi-hypervisors-malware-persistence

296D882CB926070F6E43C99B9E1683497B6F17C4;Lazarus report - FudModule.dll Win64/Rootkit.NukeSped.A A user‑mode module that operates with the kernel memory.
001386CBBC258C3FCC64145C74212A024EAA6657;Lazarus report - C:\PublicCache\msdxm.ocx Win32/NukeSped.KQ A dropper of the HTTP(S) downloader.
569234EDFB631B4F99656529EC21067A4C933969;Lazarus report - colorui.dll Win64/NukeSped.JK A dropper of BLINDINGCAN side-loaded by a legitimate colorcpl.exe.
735B7E9DFA7AF03B751075FD6D3DE45FBF0330A2;Lazarus report - N/A Win64/NukeSped.JK A 64-bit variant of the BLINDINGCAN RAT.
4AA48160B0DB2F10C7920349E3DCCE01CCE23FE3;Lazarus report - N/A Win32/NukeSped.KQ An HTTP(S) downloader.
C71C19DBB5F40DBB9A721DC05D4F9860590A5762;Lazarus report - Adobe.tmp Win64/NukeSped.JD A dropper of the HTTP(S) uploader.
97DAAB7B422210AB256824D9759C0DBA319CA468;Lazarus report - credui.dll Win64/NukeSped.JH A dropper of an intermediate loader.
FD6D0080D27929C803A91F268B719F725396FE79;Lazarus report - N/A Win64/NukeSped.LP An HTTP(S) uploader.
83CF7D8EF1A241001C599B9BCC8940E089B613FB;Lazarus report - N/A Win64/NukeSped.JH An intermediate loader that loads an additional payload from the file system.
085F3A694A1EECDE76A69335CD1EA7F345D61456;Lazarus report - cryptsp.dll Win64/NukeSped.JF A dropper in the form of a trojanized lecui library.
55CAB89CB8DABCAA944D0BCA5CBBBEB86A11EA12;Lazarus report - mi.dll Win64/NukeSped.JF A dropper in the form of a trojanized lecui library.
806668ECC4BFB271E645ACB42F22F750BFF8EE96;Lazarus report - credui.dll Win64/NukeSped.JC A trojanized FingerText plug-in for Notepad++.
BD5DCB90C5B5FA7F5350EA2B9ACE56E62385CA65;Lazarus report - msdxm.ocx Win32/NukeSped.KT A trojanized version of LibreSSL’s sslSniffer.

37011eed9de6a90f3be3e1cbba6c5ab2;Emperor Dragonfly report - Encrypted Cobalt Strike payload - saved as C:\Windows\Help\OEM\ContentStore\vlcplayer.dat https://blog.sygnia.co/revealing-emperor-dragonfly-a-chinese-ransomware-group?hsLang=en
240118f6205effcb3a12455a81cfb1c7;Emperor Dragonfly report - Weaponized DLL loaded by FCAuth.exe - saved as C:\Windows\Help\Corporate\utilsdll.dll https://blog.sygnia.co/revealing-emperor-dragonfly-a-chinese-ransomware-group?hsLang=en
e5fd4d5774ad97e5c04b69deae33dc9e;Emperor Dragonfly report - Weaponized DLL loaded by mfeann.exe - saved as C:\Windows\debug\LockDown.dll https://blog.sygnia.co/revealing-emperor-dragonfly-a-chinese-ransomware-group?hsLang=en
2893d476408e23b7e8a65c6898fe43fa;Emperor Dragonfly report - Encrypted Cobalt Strike payload - saved as C:\Windows\Help\Corporate\auth.dat https://blog.sygnia.co/revealing-emperor-dragonfly-a-chinese-ransomware-group?hsLang=en
8161d8339411ddd6d99d54d3aefa2943;Emperor Dragonfly report - Encrypted Cobalt Strike payload - saved as C:\Windows\debug\debug.dat https://blog.sygnia.co/revealing-emperor-dragonfly-a-chinese-ransomware-group?hsLang=en
5a852305ffb7b5abeb39fcb9a37122ff;Emperor Dragonfly report - Weaponized DLL loaded by vlc.exe - saved as C:\Windows\Help\Corporate\libvlc.dll https://blog.sygnia.co/revealing-emperor-dragonfly-a-chinese-ransomware-group?hsLang=en
f0656e3a70ab0a10f8d054149f12c935;Emperor Dragonfly report - Encrypted Cobalt Strike payload - saved as C:\Windows\Help\Corporate\auth.dat https://blog.sygnia.co/revealing-emperor-dragonfly-a-chinese-ransomware-group?hsLang=en
37011eed9de6a90f3be3e1cbba6c5ab2;Emperor Dragonfly report - Encrypted Cobalt Strike payload - saved as C:\Windows\Help\Corporate\vlcplayer.dat https://blog.sygnia.co/revealing-emperor-dragonfly-a-chinese-ransomware-group?hsLang=en
5695de561a065123178067fcedf39ce3;Emperor Dragonfly report - NPC client for NPS tunnel tool - saved as C:\Windows\Help\mui\0409\WindowsUpdate.exe https://blog.sygnia.co/revealing-emperor-dragonfly-a-chinese-ransomware-group?hsLang=en
ea4ca87315d14f5142aaef1f5e287417;Emperor Dragonfly report - Keylogger - saved as C:\Windows\Help\OEM\ContentStore.exe https://blog.sygnia.co/revealing-emperor-dragonfly-a-chinese-ransomware-group?hsLang=en
5a6008cf994779cde1698a0e80bb817d;Emperor Dragonfly report - IOX port forwarder and proxy - saved as C:\Windows\Help\Windows\dec.exe https://blog.sygnia.co/revealing-emperor-dragonfly-a-chinese-ransomware-group?hsLang=en

3F4E3C5301752D39DAF97384CCA47564DA1C3314;POLONIUM Report dnw.exe PowerShell/Agent.GJ CreepyDrive https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
CC820ED9A23084104807941B76A2679243BA357C;POLONIUM Report Request.exe PowerShell/Agent.HF CreepySnail https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
03A35A0167684E6CCCA641296969972E49B88D60;POLONIUM Report DropBox.exe MSIL/Agent.DPT DeepCreep https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
4E7DBFF20995E97190536B284D7E5CC65922FD55;POLONIUM Report Mega.exe MSIL/Agent.DPT MegaCreep https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
994EAD7666A67E33C57A51EF98076D41AABB7FB7;POLONIUM Report Regestries.exe MSIL/Tiny.DG FlipCreep https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
79DE0AF2F10F8D39A93EED911D4048D87E3C8A1C;POLONIUM Report WinUpdate.dll MSIL/Agent.DYU TechnoCreep https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
2B9444B0E1747EB4F482D29C9DE27D07CCE55A76;POLONIUM Report WindowsSartup22.exe Win64/HackTool.NetHacker.G PapaCreep https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
F26F43AD2E2980B96497242A3F30CA003E5CF54C;POLONIUM Report WinSc.exe MSIL/Tiny.DG Screenshots module https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
F41E27C4C863821DE6CAD91CA7E77CD6CA6CE5D3;POLONIUM Report 4kyro3fs.dll MSIL/Spy.Keylogger.FGC Keylogger module https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
94E75BA7C4476AFDACF4B39E403379C5ECD1BED6;POLONIUM Report Device.exe MSIL/Spy.Tiny.CZ Webcam module https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
B87CC5269A5DF5CF093F8D28DF78952F662162B6;POLONIUM Report OnDrive.exe MSIL/Agent.DTP Reverse shell module https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
809048A40274350BD0C453E49D8C1F7D32397164;POLONIUM Report Rehost.exe MSIL/Spy.Tiny.DA Exfiltration module https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
43E3C3752A15D0BDE7135E1B52F1DE397B5314B5;POLONIUM Report Microsoft Malware Protection.exe MSIL/Agent.DYV Tunnels module https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/


12ae1d7e2485dbb51aabbdb2b4cec6261cf43116;POLONIUM IOC - CreepySnail - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
23f8f2e7558ed894e800cce9ea352c0d8efb2216;POLONIUM IOC - CreepySnail - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
298c100aa98e79e54ca8454f8400e9543791fa15;POLONIUM IOC - CreepySnail - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
35c67f8b6f9d6b32a021edd7d59fafe868341c8a;POLONIUM IOC - CreepySnail - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
4a54c5dc45ce0047291dc98ad87f42cfe9fa046e;POLONIUM IOC - CreepySnail - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
550adbb75c7e1cd178cb8c39f0911c494b24c687;POLONIUM IOC - CreepySnail - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
5d8a4e53a96fd0c7809ba7d9cd6e730da00e1321;POLONIUM IOC - CreepySnail - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
5f7a338bb99aed422e1a69fe48726d42dbe71854;POLONIUM IOC - CreepySnail - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
67600c5b1b6221385c4b34dbbb80037dffcb171e;POLONIUM IOC - CreepySnail - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
6b5296db642689a5ad249cb66a5ae85ec664fd2c;POLONIUM IOC - CreepySnail - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
7722386c075db083878496875c156c67238758e6;POLONIUM IOC - CreepySnail - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
7d6550f8992515f79a43473bebdf2593caf25900;POLONIUM IOC - CreepySnail - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
806aeca473af9afef5a0ab29f30a9a272d9cec51;POLONIUM IOC - CreepySnail - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
8e7818cc76da718c6d35d430e9d4763ecb940318;POLONIUM IOC - CreepySnail - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
8c0c39418339a0458809125de1a88a0c005694bd;POLONIUM IOC - CreepySnail - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
a22318388bbe3014d087e20f1a2bf363071ade0a;POLONIUM IOC - CreepySnail - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
b810ed016e708f1c828dce82051c4b265794d583;POLONIUM IOC - CreepySnail - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
c7d4cf00bd2d90e03191657b89b75bfc9d2df5d8;POLONIUM IOC - CreepySnail - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
cc820ed9a23084104807941b76a2679243ba357c;POLONIUM IOC - CreepySnail - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
f074085be2a913c54100686fe7ef274a53323bda;POLONIUM IOC - CreepySnail - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
83a4f138d57fce4256727e517a8d19e67554c15f;POLONIUM IOC - CreepyDrive - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
1929900b68ac8a65d515002d313336781801e3ef;POLONIUM IOC - CreepyDrive - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
5c33a153f221f80c916b7e505f6e2144cd5b88a2;POLONIUM IOC - CreepyDrive - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
3f4e3c5301752d39daf97384cca47564da1c3314;POLONIUM IOC - CreepyDrive - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
457c34aeaf4e2e5086221b20fec17df29a6b49d3;POLONIUM IOC - CreepyDrive - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
9826aa25f2f005f9567f512f540cbed4d054692f;POLONIUM IOC - CreepyDrive - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
a4ac86b005c20d239cd0088d774ced701adc1d01;POLONIUM IOC - CreepyDrive - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
db3f13d29a64205780b9a675019405bb338ca375;POLONIUM IOC - CreepyDrive - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
0832fec447b9b8a90ef4797c7b098b06e198d167;POLONIUM IOC - DeepCreep - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
03a35a0167684e6ccca641296969972e49b88d60;POLONIUM IOC - DeepCreep - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
23f1e9788688184712dc2b0eaad4c51584edabd0;POLONIUM IOC - DeepCreep - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
243e21af3c97ff2a6f705c05d0e62e97931d620e;POLONIUM IOC - DeepCreep - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
5eef1ac7df2293d9432362fc586a7a7157b69157;POLONIUM IOC - DeepCreep - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
31c5dda0181daac130e900368b97adda8b09b762;POLONIUM IOC - DeepCreep - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
5f40f2da77ba7ef01f2ee4143d6022a0ef28c8f1;POLONIUM IOC - DeepCreep - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
8bb125624b52e3d2d82c272a0d1dd3906e1c3978;POLONIUM IOC - DeepCreep - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
89014d65d24dc14357a34d1d251e4cd43de6856d;POLONIUM IOC - DeepCreep - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
99f7ef4d8eb9903543ce9c8201baa342d242b6ae;POLONIUM IOC - DeepCreep - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
a9febe898daef40e7819a7b3bfef19462db894c5;POLONIUM IOC - DeepCreep - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
bf90d666626423741576072547c19b9ccd1459a7;POLONIUM IOC - DeepCreep - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
bb39a928343d04a38addf122449d68fddf5f7e29;POLONIUM IOC - DeepCreep - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
aa442a83b7cd173734552b6611c50d050efe8277;POLONIUM IOC - DeepCreep - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
e50765d980fd662f4e5c5609cb1876ab67815ef5;POLONIUM IOC - DeepCreep - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
d0f05a5ad4e13610605b2d4b60854bfc002799c2;POLONIUM IOC - DeepCreep - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
84e4aab5f5e2afbfa5b314d720e02e33c49d526d;POLONIUM IOC - DeepCreep - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
4e7dbff20995e97190536b284d7e5cc65922fd55;POLONIUM IOC - MegaCreep - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
21ef3d7adca478145c5d28fcf9c786c5f0aea0e6;POLONIUM IOC - MegaCreep - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
0ce82be2f436d179b54a0cc6fcc675010822d268;POLONIUM IOC - MegaCreep - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
22d9058c3706e7a713949093f82d8bff4a8afa62;POLONIUM IOC - MegaCreep - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
45e56d259a7194c7c3adfefd8ada077dc2b800b8;POLONIUM IOC - MegaCreep - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
53bee089331b9bc06dd1ee3fe5e5b8bd3107ffdd;POLONIUM IOC - MegaCreep - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
b48cbb7a5f9bfbfbfb07113fb3728132d528e1f3;POLONIUM IOC - MegaCreep - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
37a4a82075c24dbd3678c037f7abd2dbae49678f;POLONIUM IOC - MegaCreep - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
2b9444b0e1747eb4f482d29c9de27d07cce55a76;POLONIUM IOC - PapaCreep - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
459aece315af3d00342e5dde5fb79e7a908e8460;POLONIUM IOC - PapaCreep - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
97ed514f7510852c558a1b32c99f56ebc460dd8b;POLONIUM IOC - PapaCreep - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
7cfa11879af6cea88cffa2aab354fb79bf77132a;POLONIUM IOC - PapaCreep - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
309f1750a63c3bcb8cad83a65a69a401f04c51d2;POLONIUM IOC - PapaCreep - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
8aa46b8d0c47d447b87920a5a7494ce235707d7d;POLONIUM IOC - PapaCreep - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
9b03c838727fa3ada42bb4fa0422129ebfabf7bb;POLONIUM IOC - PapaCreep - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
23ce10c11dcd93bcbf2a4e50d4cd02dc862b9cc4;POLONIUM IOC - FlipCreep - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
45b3af39c5ef08f7407b94d564a432503b00275a;POLONIUM IOC - FlipCreep - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
9d7cf542cb3af7bf3e364ef01c73f3c74b0abae2;POLONIUM IOC - FlipCreep - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
994ead7666a67e33c57a51ef98076d41aabb7fb7;POLONIUM IOC - FlipCreep - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
92f3ae51657659098c0a0110b9a681d32b77e9c1;POLONIUM IOC - FlipCreep - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
9e25e2a18f1dc3a38c59a1408f982d895ce1b9b4;POLONIUM IOC - FlipCreep - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
b6371ef797c85f87128a696ec9c9edb93d90aae2;POLONIUM IOC - FlipCreep - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
79de0af2f10f8d39a93eed911d4048d87e3c8a1c;POLONIUM IOC - TechnoCreep - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
5036863519737b54c5d68891ee2e3ca795044803;POLONIUM IOC - Screenshot modules - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
37e8036e20b93a4aed5b6bd600b97cbaf6964567;POLONIUM IOC - Screenshot modules - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
691aa02384e5121598d21606445ab41325cdfa52;POLONIUM IOC - Screenshot modules - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
f26f43ad2e2980b96497242a3f30ca003e5cf54c;POLONIUM IOC - Screenshot modules - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
f3b714698311bd6b7984f0dafa425f71f07c764c;POLONIUM IOC - Screenshot modules - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
a0a2768d500714f62b64b57185e71140d3c993d1;POLONIUM IOC - Keylogger modules - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
04378736da5c2da06bd5b15a41aaccac233df44b;POLONIUM IOC - Keylogger modules - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
ab9bf33a0cc0e676c4f843b1dc163861e6b13b6f;POLONIUM IOC - Keylogger modules - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
c77cfd19d504da2639bf51e96ac27db3ff455d45;POLONIUM IOC - Keylogger modules - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
b601e9249d53b22e43c01f83d2356e9c7b41a443;POLONIUM IOC - Keylogger modules - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
81606f1cdb7efcae54c66876fc3f31e84b8f7f15;POLONIUM IOC - Keylogger modules - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
378dd134ff6cc55f36496ee717e4efca022bd754;POLONIUM IOC - Keylogger modules - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
94e75ba7c4476afdacf4b39e403379c5ecd1bed6;POLONIUM IOC - Webcam module - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
b87cc5269a5df5cf093f8d28df78952f662162b6;POLONIUM IOC - Reverse shell modules - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
3024f8b0439d7c271967d22373604215a4ce0ac4;POLONIUM IOC - Reverse shell modules - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
911bc1e7c3d2295bb5ad01412c6fdcf2d937bd41;POLONIUM IOC - Reverse shell modules - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
1438f9fc50e914cb63b209a3312aa2857a410769;POLONIUM IOC - Reverse shell modules - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
7a9deb71f791eb8d781250b0c8c3d546d91fbde1;POLONIUM IOC - Tunneling modules - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
43e3c3752a15d0bde7135e1b52f1de397b5314b5;POLONIUM IOC - Tunneling modules - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
a02bcb0aa90004651c87873d9387dc6c00367643;POLONIUM IOC - Tunneling modules - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
addafa922ef03e0fe25ab53cf8eb62f4c1cbdc02;POLONIUM IOC - Tunneling modules - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
809048a40274350bd0c453e49d8c1f7d32397164;POLONIUM IOC - Exfiltration modules - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
24117276a118df5095d139aaaac8342f150de94a;POLONIUM IOC - Exfiltration modules - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
e889e5bbb128e38c0924a67c0946c699bd2de3b3;POLONIUM IOC - Exfiltration modules - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
b7f0c0a26df905aed543658df3d752de363ab8a3;POLONIUM IOC - Exfiltration modules - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
87684a3dcaa1488bf0579dc1e27304f6c64f794a;POLONIUM IOC - Exfiltration modules - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
21b4bf095e7c0eac92af96be1c2c6b0231807142;POLONIUM IOC - Small DLLs - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
235341ef26c356a302b7641f4097a87cc027d5c2;POLONIUM IOC - Small DLLs - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
3115939f4abf600bd0d17cb8aacca3c9cd786e64;POLONIUM IOC - Small DLLs - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
5a0df60f25538883957d67675ae73a87d10cad91;POLONIUM IOC - Small DLLs - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
465c4351273ffad066b991bb4ec1956f34ee8082;POLONIUM IOC - Small DLLs - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
62986c220efea9d64f4903461a8a6d2541ed6a7a;POLONIUM IOC - Small DLLs - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
93a625513ecba05c56f6ac45de3a5745edabfe2a;POLONIUM IOC - Small DLLs - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
a19ba5d1ea315e0ca3a9a3ea6ccffc756404cec0;POLONIUM IOC - Small DLLs - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
d5637caf5a931335b6b887a5ccbe36fffa6b4f9c;POLONIUM IOC - Small DLLs - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
86377c1b8d54536c79c71f8913b72ca88d230bd4;POLONIUM IOC - Small DLLs - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
f5505b35c9e9b6515875bea5c0bbf564add4939e;POLONIUM IOC - Small DLLs - https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/

12eaac1b8dc29ba29287e7e30c893017f82c6fadb73dbc8ef2fa6f5bd5d9d84e;Cranefly IOCs https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cranefly-new-tools-technique-geppei-danfuan
981b28d7521c5b02f026cb1ba5289d61ae2c1bb31e8b256db21b5dcfb8837475;Cranefly IOCs https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cranefly-new-tools-technique-geppei-danfuan
6dcfa79948cf90b10b05b59237cf46adb09b2ce53bc2c0d38fce875eccd3a7e1;Cranefly IOCs https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cranefly-new-tools-technique-geppei-danfuan
0af8bf1fa14fe492de1cc870ac0e01fc8b2f6411de922712a206b905a10ee379;Cranefly IOCs https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cranefly-new-tools-technique-geppei-danfuan
7d5018d823939a181a84e7449d1c50ac3eb94abf3585a2154693ef5180877b95;Cranefly IOCs https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cranefly-new-tools-technique-geppei-danfuan
b5a4804cf7717fda1f01f23c1c2fe99fe9473b03f0247bcc6190f17d26856844;Cranefly IOCs https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cranefly-new-tools-technique-geppei-danfuan
1975bea7ca167d84003b601f0dfb95c4b31a174ce5af0b19e563cb33cba22ffa;Cranefly IOCs https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cranefly-new-tools-technique-geppei-danfuan

100c5e4d5b7e468f1f16b22c05b2ff1cfaa02eafa07447c7d83e2983e42647f0;Somnia_07_0 - Somnia Ransomware Case https://cert.gov.ua/article/2724253
ac5e68c15f5094cc6efb8d25e1b2eb13d1b38b104f31e1c76ce472537d715e08;Somnia_07_wit - Somnia Ransomware Case https://cert.gov.ua/article/2724253
99cf5c03dac82c1f4de25309a8a99dcabf964660301308a606cdb40c79d15317;1.exeob - Somnia Ransomware Case https://cert.gov.ua/article/2724253
156965227cbeeb0e387cb83adb93ccb3225f598136a43f7f60974591c12fafcf;funnysomniaex - Somnia Ransomware Case https://cert.gov.ua/article/2724253
e449c28e658babb7e32c89b07ddee36cadeddfc77f17dd1be801b134a6857aa9;text.exe <TAAG1> - Somnia Ransomware Case https://cert.gov.ua/article/2724253
fbed7e92caefbd74437d0970921bfd7cb724c98c90efd9b6d0c2ac377751c9e5;Iip_scanner.z - Somnia Ransomware Case https://cert.gov.ua/article/2724253
06fe57cadb837a4e3b47589e95bb01aec1cfb7ce62fdba1f4323bb471591e1d2;Ip_scannerGex - Somnia Ransomware Case https://cert.gov.ua/article/2724253
c87261c139ecba1989a88e157a71e3af;Ip_scanner_unpack> - Somnia Ransomware Case https://cert.gov.ua/article/2724253

78dcf144e82e947c20f152a8a57376b43e7aac3fee4bf1d18d22d4c14b25e56f;RansomBoggs malware https://twitter.com/ESETresearch/status/1596181925663760386?s=20&t=lhE6eIEW1dl2k_HvZsr69g
a490d03e780a6b664da65e20afa7845c6f79af60b6a496ff113bf9e9034e77d0;RansomBoggs malware https://twitter.com/ESETresearch/status/1596181925663760386?s=20&t=lhE6eIEW1dl2k_HvZsr69g


9b546bd99272cf4689194d698c830a2510194722;Cuba Ransomware Advisory https://www.cisa.gov/uscert/ncas/alerts/aa22-335a
f1103e627311e73d5f29e877243e7ca203292f9419303c661aec57745eb4f26c;Cuba Ransomware Advisory https://www.cisa.gov/uscert/ncas/alerts/aa22-335a
a7c207b9b83648f69d6387780b1168e2f1eabd23ae6e162dd700ae8112f8b96c;Cuba Ransomware Advisory https://www.cisa.gov/uscert/ncas/alerts/aa22-335a
02a733920c7e69469164316e3e96850d55fca9f5f9d19a241fad906466ec8ae8;Cuba Ransomware Advisory https://www.cisa.gov/uscert/ncas/alerts/aa22-335a
0cf6399db55d40bc790a399c6bbded375f5a278dc57a143e4b21ea3f402f551f;Cuba Ransomware Advisory https://www.cisa.gov/uscert/ncas/alerts/aa22-335a
f5db51115fa0c910262828d0943171d640b4748e51c9a140d06ea81ae6ea1710;Cuba Ransomware Advisory https://www.cisa.gov/uscert/ncas/alerts/aa22-335a
857f28b8fe31cf5db6d45d909547b151a66532951f26cda5f3320d2d4461b583;Cuba Ransomware Advisory https://www.cisa.gov/uscert/ncas/alerts/aa22-335a
08eb4366fc0722696edb03981f00778701266a2e57c40cd2e9d765bf8b0a34d0;Cuba Ransomware Advisory https://www.cisa.gov/uscert/ncas/alerts/aa22-335a
f8144fa96c036a8204c7bc285e295f9cd2d1deb0379e39ee8a8414531104dc4a;Cuba Ransomware Advisory https://www.cisa.gov/uscert/ncas/alerts/aa22-335a
88d13669a994d2e04ec0a9940f07ab8aab8563eb845a9c13f2b0fec497df5b17;Cuba Ransomware Advisory https://www.cisa.gov/uscert/ncas/alerts/aa22-335a
0f385cc69a93abeaf84994e7887cb173e889d309a515b55b2205805bdfe468a3;Cuba Ransomware Advisory https://www.cisa.gov/uscert/ncas/alerts/aa22-335a
0d5e3483299242bf504bd3780487f66f2ec4f48a7b38baa6c6bc8ba16e4fb605;Cuba Ransomware Advisory https://www.cisa.gov/uscert/ncas/alerts/aa22-335a
7e00bfb622072f53733074795ab581cf6d1a8b4fc269a50919dda6350209913c;Cuba Ransomware Advisory https://www.cisa.gov/uscert/ncas/alerts/aa22-335a
af4523186fe4a5e2833bbbe14939d8c3bd352a47a2f77592d8adcb569621ce02;Cuba Ransomware Advisory https://www.cisa.gov/uscert/ncas/alerts/aa22-335a
8a3d71c668574ad6e7406d3227ba5adc5a230dd3057edddc4d0ec5f8134d76c3;Cuba Ransomware Advisory https://www.cisa.gov/uscert/ncas/alerts/aa22-335a
4306c5d152cdd86f3506f91633ef3ae7d8cf0dd25f3e37bec43423c4742f4c42;Cuba Ransomware Advisory https://www.cisa.gov/uscert/ncas/alerts/aa22-335a
3d4502066a338e19df58aa4936c37427feecce9ab8d43abff4a7367643ae39ce;Cuba Ransomware Advisory https://www.cisa.gov/uscert/ncas/alerts/aa22-335a
f538b035c3de87f9f8294bec272c1182f90832a4e86db1e47cbb1ab26c9f3a0b;Cuba Ransomware Advisory https://www.cisa.gov/uscert/ncas/alerts/aa22-335a
fd87ca28899823b37b2c239fbbd236c555bcab7768d67203f86d37ede19dd975;Cuba Ransomware Advisory https://www.cisa.gov/uscert/ncas/alerts/aa22-335a
1817cc163482eb21308adbd43fb6be57fcb5ff11fd74b344469190bb48d8163b;Cuba Ransomware Advisory https://www.cisa.gov/uscert/ncas/alerts/aa22-335a
bff4dd37febd5465e0091d9ea68006be475c0191bd8c7a79a44fbf4b99544ef1;Cuba Ransomware Advisory https://www.cisa.gov/uscert/ncas/alerts/aa22-335a
ecefd9bb8b3783a81ab934b44eb3d84df5e58f0289f089ef6760264352cf878a;Cuba Ransomware Advisory https://www.cisa.gov/uscert/ncas/alerts/aa22-335a
db3b1f224aec1a7c58946d819d729d0903751d1867113aae5cca87e38c653cf4;Cuba Ransomware Advisory https://www.cisa.gov/uscert/ncas/alerts/aa22-335a
74fbf3cc44dd070bd5cb87ca2eed03e1bbeec4fec644a25621052f0a73abbe84;Cuba Ransomware Advisory https://www.cisa.gov/uscert/ncas/alerts/aa22-335a
b160bd46b6efc6d79bfb76cf3eeacca2300050248969decba139e9e1cbeebf53;Cuba Ransomware Advisory https://www.cisa.gov/uscert/ncas/alerts/aa22-335a
f869e8fbd8aa1f037ad862cf6e8bbbf797ff49556fb100f2197be4ee196a89ae;Cuba Ransomware Advisory https://www.cisa.gov/uscert/ncas/alerts/aa22-335a
0c2ffed470e954d2bf22807ba52c1ffd1ecce15779c0afdf15c292e3444cf674;Cuba Ransomware Advisory https://www.cisa.gov/uscert/ncas/alerts/aa22-335a
310afba59ab8e1bda3ef750a64bf39133e15c89e8c7cf4ac65ee463b26b136ba;Cuba Ransomware Advisory https://www.cisa.gov/uscert/ncas/alerts/aa22-335a
b5d202456ac2ce7d1285b9c0e2e5b7ddc03da1cbca51b5da98d9ad72e7f773b8;Cuba Ransomware Advisory https://www.cisa.gov/uscert/ncas/alerts/aa22-335a
1f842f84750048bb44843c277edeaa8469697e97c4dbf8dc571ec552266bec9f;Cuba Ransomware Advisory https://www.cisa.gov/uscert/ncas/alerts/aa22-335a
1b943afac4f476d523310b8e3afe7bca761b8cbaa9ea2b9f01237ca4652fc834;Cuba Ransomware Advisory https://www.cisa.gov/uscert/ncas/alerts/aa22-335a
b9afe016dbdba389000b01ce7645e7eea1b0a50827cded1cbaa48fbc715197bb;Cuba Ransomware Advisory https://www.cisa.gov/uscert/ncas/alerts/aa22-335a
61971d3cbf88d6658e5209de443e212100afc8f033057d9a4e79000f6f0f7cc4;Cuba Ransomware Advisory https://www.cisa.gov/uscert/ncas/alerts/aa22-335a
8e64bacaf40110547b334eadcb0792bdc891d7ae298fbfff1367125797b6036b;Cuba Ransomware Advisory https://www.cisa.gov/uscert/ncas/alerts/aa22-335a
c646199a9799b6158de419b1b7e36b46c7b7413d6c35bfffaeaa8700b2dcc427;Cuba Ransomware Advisory https://www.cisa.gov/uscert/ncas/alerts/aa22-335a
bd270853db17f94c2b8e4bd9fa089756a147ed45cbc44d6c2b0c78f361978906;Cuba Ransomware Advisory https://www.cisa.gov/uscert/ncas/alerts/aa22-335a
2eb3ef8a7a2c498e87f3820510752043b20cbe35b0cbd9af3f69e8b8fe482676;Cuba Ransomware Advisory https://www.cisa.gov/uscert/ncas/alerts/aa22-335a
0afed8d1b7c36008de188c20d7f0e2283251a174261547aab7fb56e31d767666;Cuba Ransomware Advisory https://www.cisa.gov/uscert/ncas/alerts/aa22-335a
e0d89c88378dcb1b6c9ce2d2820f8d773613402998b8dcdb024858010dec72ed;Cuba Ransomware Advisory https://www.cisa.gov/uscert/ncas/alerts/aa22-335a
571f8db67d463ae80098edc7a1a0cad59153ce6592e42d370a45df46f18a4ad8;Cuba Ransomware Advisory https://www.cisa.gov/uscert/ncas/alerts/aa22-335a
10a5612044599128981cb41d71d7390c15e7a2a0c2848ad751c3da1cbec510a2;Cuba Ransomware Advisory https://www.cisa.gov/uscert/ncas/alerts/aa22-335a
1807549af1c8fdc5b04c564f4026e41790c554f339514d326f8b55cb7b9b4f79;Cuba Ransomware Advisory https://www.cisa.gov/uscert/ncas/alerts/aa22-335a
01242b35b6def71e42cc985e97d618e2fabd616b16d23f7081d575364d09ca74;Cuba Ransomware Advisory https://www.cisa.gov/uscert/ncas/alerts/aa22-335a
952b34f6370294c5a0bb122febfaa80612fef1f32eddd48a3d0556c4286b7474;Cuba Ransomware Advisory https://www.cisa.gov/uscert/ncas/alerts/aa22-335a
9aa1f37517458d635eae4f9b43cb4770880ea0ee171e7e4ad155bbdee0cbe732;Cuba Ransomware Advisory https://www.cisa.gov/uscert/ncas/alerts/aa22-335a
3a8b7c1fe9bd9451c0a51e4122605efc98e7e4e13ed117139a13e4749e211ed0;Cuba Ransomware Advisory https://www.cisa.gov/uscert/ncas/alerts/aa22-335a

3ea2d190879c8933363b222c686009b81ba8af9eb6ae3696d2f420e187467f08;Probably Scattered Spider campaign - Packed Fleet Deck binary https://www.crowdstrike.com/blog/analysis-of-intrusion-campaign-targeting-telecom-and-bpo-companies/
cce5e2ccb9836e780c6aa075ef8c0aeb8fec61f21bbef9e01bdee025d2892005;Probably Scattered Spider campaign - IIatZ - Backconnect TCP malware used to read and execute shellcode from C2, executed via OpenAM exploit https://www.crowdstrike.com/blog/analysis-of-intrusion-campaign-targeting-telecom-and-bpo-companies/
acadf15ec363fe3cc373091cbe879e64f935139363a8e8df18fd9e59317cc918;Probably Scattered Spider campaign - insomnia.exe - Prevents a system from entering sleep mode https://www.crowdstrike.com/blog/analysis-of-intrusion-campaign-targeting-telecom-and-bpo-companies/
982dda5eec52dd54ff6b0b04fd9ba8f4c566534b78f6a46dada624af0316044e;Probably Scattered Spider campaign - lockhuntersetup_3-4-3.exe - File unlocking tool (for deletion of locked files) https://www.crowdstrike.com/blog/analysis-of-intrusion-campaign-targeting-telecom-and-bpo-companies/
443dc750c35afc136bfea6db9b5ccbdb6adb63d3585533c0cf55271eddf29f58;Probably Scattered Spider campaign - “Midgetpack” packed binary used to establish connections to 67.43.235.122 on ports 4444 and 8888 https://www.crowdstrike.com/blog/analysis-of-intrusion-campaign-targeting-telecom-and-bpo-companies/
443dc750c35afc136bfea6db9b5ccbdb6adb63d3585533c0cf55271eddf29f58;Probably Scattered Spider campaign - “Midgetpack” packed binary used to establish connections to 67.43.235.122 on ports 4444 and 8888 https://www.crowdstrike.com/blog/analysis-of-intrusion-campaign-targeting-telecom-and-bpo-companies/
53b7d5769d87ce6946efcba00805ddce65714a0d8045aeee532db4542c958b9f;Probably Scattered Spider campaign - naaNa.b64 Backconnect TCP malware used to read and execute shellcode from C2, executed via OpenAM exploit https://www.crowdstrike.com/blog/analysis-of-intrusion-campaign-targeting-telecom-and-bpo-companies/
4188736108d2b73b57f63c0b327fb5119f82e94ff2d6cd51e9ad92093023ec93;Probably Scattered Spider campaign - ok.exe Binary with same name as other adversary tooling to prevent system from sleeping https://www.crowdstrike.com/blog/analysis-of-intrusion-campaign-targeting-telecom-and-bpo-companies/
cce5e2ccb9836e780c6aa075ef8c0aeb8fec61f21bbef9e01bdee025d2892005;Probably Scattered Spider campaign - RmaDc Backconnect TCP malware used to read and execute shellcode from C2 https://www.crowdstrike.com/blog/analysis-of-intrusion-campaign-targeting-telecom-and-bpo-companies/
648c2067ef3d59eb94b54c43e798707b030e0383b3651bcc6840dae41808d3a9;Probably Scattered Spider campaign - rsocx.exe SOCKS5 bind/reverse proxy https://www.crowdstrike.com/blog/analysis-of-intrusion-campaign-targeting-telecom-and-bpo-companies/

3ea2d190879c8933363b222c686009b81ba8af9eb6ae3696d2f420e187467f08;Probably Scattered Spider campaign - Packed Fleet Deck binary https://www.crowdstrike.com/blog/analysis-of-intrusion-campaign-targeting-telecom-and-bpo-companies/
cce5e2ccb9836e780c6aa075ef8c0aeb8fec61f21bbef9e01bdee025d2892005;Probably Scattered Spider campaign - IIatZ - Backconnect TCP malware used to read and execute shellcode from C2, executed via OpenAM exploit https://www.crowdstrike.com/blog/analysis-of-intrusion-campaign-targeting-telecom-and-bpo-companies/
acadf15ec363fe3cc373091cbe879e64f935139363a8e8df18fd9e59317cc918;Probably Scattered Spider campaign - insomnia.exe - Prevents a system from entering sleep mode https://www.crowdstrike.com/blog/analysis-of-intrusion-campaign-targeting-telecom-and-bpo-companies/
982dda5eec52dd54ff6b0b04fd9ba8f4c566534b78f6a46dada624af0316044e;Probably Scattered Spider campaign - lockhuntersetup_3-4-3.exe - File unlocking tool (for deletion of locked files) https://www.crowdstrike.com/blog/analysis-of-intrusion-campaign-targeting-telecom-and-bpo-companies/
443dc750c35afc136bfea6db9b5ccbdb6adb63d3585533c0cf55271eddf29f58;Probably Scattered Spider campaign - “Midgetpack” packed binary used to establish connections to 67.43.235.122 on ports 4444 and 8888 https://www.crowdstrike.com/blog/analysis-of-intrusion-campaign-targeting-telecom-and-bpo-companies/
53b7d5769d87ce6946efcba00805ddce65714a0d8045aeee532db4542c958b9f;Probably Scattered Spider campaign - naaNa.b64 Backconnect TCP malware used to read and execute shellcode from C2, executed via OpenAM exploit https://www.crowdstrike.com/blog/analysis-of-intrusion-campaign-targeting-telecom-and-bpo-companies/
4188736108d2b73b57f63c0b327fb5119f82e94ff2d6cd51e9ad92093023ec93;Probably Scattered Spider campaign - ok.exe	Binary with same name as other adversary tooling to prevent system from sleeping https://www.crowdstrike.com/blog/analysis-of-intrusion-campaign-targeting-telecom-and-bpo-companies/
cce5e2ccb9836e780c6aa075ef8c0aeb8fec61f21bbef9e01bdee025d2892005;Probably Scattered Spider campaign - RmaDc Backconnect TCP malware used to read and execute shellcode from C2 https://www.crowdstrike.com/blog/analysis-of-intrusion-campaign-targeting-telecom-and-bpo-companies/
648c2067ef3d59eb94b54c43e798707b030e0383b3651bcc6840dae41808d3a9;Probably Scattered Spider campaign - rsocx.exe SOCKS5 bind/reverse proxy https://www.crowdstrike.com/blog/analysis-of-intrusion-campaign-targeting-telecom-and-bpo-companies/


f2c4281e4d6c11173493b759adfb0eb798ce46650076e7633cf086b6d59fdb98;Cloud Atlas IOCs - Методические рекомендации для грузоотправителей-грузополучателей (2022).doc (Guidelines for consignors-consignees (2022).doc) - https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/apt-cloud-atlas-unbroken-threat/
482aeb3db436e8d531b2746a513fe9a96407cf4458405680a49605e136858ec5;Cloud Atlas IOCs - Будьте_бдительны_Корпоративное_уведомление.doc (Stay_alert_Corporate_Notice.doc) - https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/apt-cloud-atlas-unbroken-threat/
2f97374c76ae10c642a57a8b13d25cbdc070c9098c951ea418d1533ac01dc23c;Cloud Atlas IOCs - Иранские оценки визита В. Путина в Тегеран.doc (Iranian assessments of V. Putin's visit to Tehran.doc) - https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/apt-cloud-atlas-unbroken-threat/
3cf2bda35e88c59bb89e7fdc8fcfd4c46b2b9186e61325d2924e049d775b741f;Cloud Atlas IOCs - Почему исламский мир не дает Западу изолировать Россию.doc (Why the Islamic world does not allow the West to isolate Russia.doc) - https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/apt-cloud-atlas-unbroken-threat/
c0e154b10d70b99b5616a2eda6bfe188a49f85ed3aa92d48ec9ce709df9d563f;Cloud Atlas IOCs - leptophis[1].doc - https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/apt-cloud-atlas-unbroken-threat/
a4194555b19ea32680cc23f8f7d42da02b82eba8b64cb5f4630110f4e2c1ddf3;Cloud Atlas IOCs - lep[1].hta - https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/apt-cloud-atlas-unbroken-threat/
59066dc428cde7cc55f3c24c2658d3e288f3f072811d86243a85af14bd482744;Cloud Atlas IOCs - unbroken.vbs - https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/apt-cloud-atlas-unbroken-threat/
4cb6e224b6b03a2f6ac1ac23e6bf097067018b90493ee94f210f66fbbbbdce77;Cloud Atlas IOCs - unbroken.vbs.vbs - https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/apt-cloud-atlas-unbroken-threat/
2233c0d4030cc728c2219b1e9c4c05cb262e2ddc7f4ac2f2924767396418c25a;Cloud Atlas IOCs - list.ps1 - https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/apt-cloud-atlas-unbroken-threat/
7fcf7c1dad362283d0a27993df4764e2bbb11857842b80f63d63449b9f2f1fa4;Cloud Atlas IOCs - office.ps1 - https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/apt-cloud-atlas-unbroken-threat/
d9fc6504c8970fefc441c77965937c382b029f1278918d1f54d196859e9f6e7c;Cloud Atlas IOCs - office.ps1 - https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/apt-cloud-atlas-unbroken-threat/
3e7b066c26ba98d285a41043c739be8767606d9df057ee2f7bcddb7862c00711;Cloud Atlas IOCs - rtcpsvc.dll - https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/apt-cloud-atlas-unbroken-threat/
c5d1de206445f508c1af5f213e46b915b536e4b36ef917c4e826a982dd47c312;Cloud Atlas IOCs - lockrail.dll - https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/apt-cloud-atlas-unbroken-threat/
8215e918ca3a77424dadac1aebc9a44b8f9840cd1389df0399a9fa4eb6329775;Cloud Atlas IOCs - holeincorner - https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/apt-cloud-atlas-unbroken-threat/
b8dc70b9ffe06c9ecaf0216ea7948fe718143db10641a23297652693ea026ab3;Cloud Atlas IOCs - Salzgitters.avi - https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/apt-cloud-atlas-unbroken-threat/
f4e710f515249e8c08ae76284bfb280070e1fd2308e9d9321d92163dfc73be66;Cloud Atlas IOCs - Schultes.wmv - https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/apt-cloud-atlas-unbroken-threat/

F4691FF3B3ACD15653684F372285CAC36C8D0AEF;Mirrorface IOCs - K7SysMn1.dll Win32/Agent.ACLP LODEINFO loader https://www.welivesecurity.com/2022/12/14/unmasking-mirrorface-operation-liberalface-targeting-japanese-political-entities/
DB81C8719DDAAE40C8D9B9CA103BBE77BE4FCE6C;Mirrorface IOCs - K7SysMon.Exe.db N/A Encrypted LODEINFO https://www.welivesecurity.com/2022/12/14/unmasking-mirrorface-operation-liberalface-targeting-japanese-political-entities/
A8D2BE15085061B753FDEBBDB08D301A034CE1D5;Mirrorface IOCs - JsSchHlp.exe Win32/Agent.ACLP JsSchHlp.exe with appended encrypted second-stage LODEINFO in the security directory https://www.welivesecurity.com/2022/12/14/unmasking-mirrorface-operation-liberalface-targeting-japanese-political-entities/
0AB7BB3FF583E50FBF28B288E71D3BB57F9D1395;Mirrorface IOCs - JSESPR.dll Win32/Agent.ACLP Second-stage LODEINFO loader https://www.welivesecurity.com/2022/12/14/unmasking-mirrorface-operation-liberalface-targeting-japanese-political-entities/
E888A552B00D810B5521002304D4F11BC249D8ED;Mirrorface IOCs - 31558_n.dll Win32/Agent.ACLP MirrorStealer credential stealer https://www.welivesecurity.com/2022/12/14/unmasking-mirrorface-operation-liberalface-targeting-japanese-political-entities/

9111c8b59e29cdf762d1c2330da8c0217967f76e;NATBypass hacktool https://github.com/cw1997/NATBypass/releases
a6dca7c1b90bf1c2d5981b2e899ac74d371882ee;NATBypass hacktool https://github.com/cw1997/NATBypass/releases

4550635143c9997d5499d1d4a4c860126ee9299311fed0f85df9bb304dca81ff;NATBypass (na.exe) https://medium.com/@DCSO_CyTec/apt41-the-spy-who-failed-to-encrypt-me-24fc0f49cad1
e518b80316bf1c349943040e4d26401958846c2596e58f1c98be835ecf29b381;NATBypass Cabinet Archive (na) https://medium.com/@DCSO_CyTec/apt41-the-spy-who-failed-to-encrypt-me-24fc0f49cad1
7b4f69b00d72fac3ed2c0b25d424f013f96537c563906b782742da15c72e9147;Bitlocker encryption batch-script (test.bat) https://medium.com/@DCSO_CyTec/apt41-the-spy-who-failed-to-encrypt-me-24fc0f49cad1
180efca9b5560e02f957f49f0b272339561483232adf0714021d6b32b737e707;Bitlocker encryption prep batch-script (copys.bat https://medium.com/@DCSO_CyTec/apt41-the-spy-who-failed-to-encrypt-me-24fc0f49cad1
011e9aaa6251db149d1693c02a8c6407012520fb9b2f8f47e64b897017c0e673;Distribute Jetico BestCrypt batch-script (1.bat) https://medium.com/@DCSO_CyTec/apt41-the-spy-who-failed-to-encrypt-me-24fc0f49cad1
28be4681480932361d75cfc360baf2c8c6d13b28d019e3dd053184894b994ef3;Execute bitlocker encryption batch-script (end.bat) https://medium.com/@DCSO_CyTec/apt41-the-spy-who-failed-to-encrypt-me-24fc0f49cad1
806761850d19f0cc9f41618e74db471e85c494e952f900f827c1779f2d1c4d31;MiPing (p.exe) https://medium.com/@DCSO_CyTec/apt41-the-spy-who-failed-to-encrypt-me-24fc0f49cad1
bc20f4c28cbdf38eba69eb144a89c20c162481955d4cff8bdf02ba9644865523;Discovery batch-script (cmd-webshell.txt) https://medium.com/@DCSO_CyTec/apt41-the-spy-who-failed-to-encrypt-me-24fc0f49cad1
367b8052db12cb9ddce01275fc213480831dc5fe9aa3da64fecc2360267905a0;China Chopper Web Shell (supp0rt.aspx) https://medium.com/@DCSO_CyTec/apt41-the-spy-who-failed-to-encrypt-me-24fc0f49cad1

bc76bd7b332aa8f6aedbb8e11b7ba9b6;Turla Report - ANDROMEDA: TrustedInstaller.exe - https://www.mandiant.com/resources/blog/turla-galaxy-opportunity
b3657bcfe8240bc0985093a0f8682703;Turla Report - ANDROMEDA: mskmde.com - https://www.mandiant.com/resources/blog/turla-galaxy-opportunity
2eb6df8795f513c324746646b594c019;Turla Report - KOPILUWAK WinRAR SFX - https://www.mandiant.com/resources/blog/turla-galaxy-opportunity
d8233448a3400c5677708a8500e3b2a0;Turla Report - KOPILUWAK xpexplore.js - https://www.mandiant.com/resources/blog/turla-galaxy-opportunity
403876977dfb4ab2e2c15ad4b29423ff;Turla Report - QUIETCANARY 00c3df3b.exe - https://www.mandiant.com/resources/blog/turla-galaxy-opportunity
8954caa2017950e0f6269d6f6168b796;Turla Report - QUIETCANARY file.exe16 - https://www.mandiant.com/resources/blog/turla-galaxy-opportunity

9976625b5a3035dc68e878ad5ac3682ccb74ef2007c501c8023291548e11301a;Dark Pink Malware IOCs https://blog.group-ib.com/dark-pink-apt
c60f778641942b7b0c00f3214211b137b683e8296abb1905d2557bfb245bf775;Dark Pink Malware IOCs https://blog.group-ib.com/dark-pink-apt
e3181ee97d3ffd31c22c2c303c6e75d0196912083d0c21536e5833ee7d108736;Dark Pink Malware IOCs https://blog.group-ib.com/dark-pink-apt
e45df7418ca47a9a4c4803697f4b28c618469c6e5a5678213ab81df9fcc9fd51;Dark Pink Malware IOCs https://blog.group-ib.com/dark-pink-apt

6793e9299cab4cd07d4ddf35e03b32a05b0e965b3691d258ec2568402cf8d28f;ChamelGang IOCs - https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/new-apt-group-chamelgang/
e8ee5b0d6b683407aa9cb091bf92273af0e287d4e7daa94ca93cd230e94df37a;ChamelGang IOCs - https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/new-apt-group-chamelgang/
d4e3747658e1a9e6587da411dc944597af95dd49b07126b8b090c7677ee30674;ChamelGang IOCs - https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/new-apt-group-chamelgang/
16b54dc11dbe2948467a10d68728811b03c12b12f7b29e53d0985fa07e29f9b7;ChamelGang IOCs .vim https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/new-apt-group-chamelgang/
ba867705eb986d1975abcf2f2b90ee2c7fdd09255076823cdd85c0feeea15a1b;ChamelGang IOCs avp.exe https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/new-apt-group-chamelgang/
f1afce3be297fa6185903274b3b44cd263b4c1ea89e8282334bc5771c53af1c5;ChamelGang IOCs curlt.exe https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/new-apt-group-chamelgang/
8e0e5ec7ed16e5fb1e8980a3ec6e3c5982fd8fa4cfc31428a6638950bbe5607a;ChamelGang IOCs dlang.dat https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/new-apt-group-chamelgang/
b9a231496682cd6bed978fb1b2b15986211e5c38a13cbb246de3dcf1d8db41f4;ChamelGang IOCs dlang.dat https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/new-apt-group-chamelgang/
d831a87c6abd1bbb5a9ac9e1aac06a3d9b81b6e474bdc0c78e1908e26a6166b3;ChamelGang IOCs dlang.dat https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/new-apt-group-chamelgang/
538d423e3a8a884aac2d80b248d194388d3520cc508990da14c0a1384e7eddbd;ChamelGang IOCs iis64.dll, iisfcgix64.dll, modrpflt.dll, httpsrfm64.dll https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/new-apt-group-chamelgang/
73e9f7b9d22159f485b1c733981261ddc26fe7fcd104babfcc60369b354ccbe7;ChamelGang IOCs modrpflt.dll https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/new-apt-group-chamelgang/
27b64e64b6787ad0682eac8aa42f9cd423518a92c4f6ce98596339363eeeebcc;ChamelGang IOCs modrpflt.dll https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/new-apt-group-chamelgang/
be147fe9110e32b4c4558900f63888756941bf0d0519dc25c075509457748c25;ChamelGang IOCs MpCmdRun.log.1 https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/new-apt-group-chamelgang/
21d41a206cd12784473bec587a0b014b7cfd29c8da958531c773547402a16908;ChamelGang IOCs nfsd https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/new-apt-group-chamelgang/
9dd08351c1094e29f279e66731bea55f546e534fdff8688b16b44b86f67df6cb;ChamelGang IOCs o.r https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/new-apt-group-chamelgang/
60758fd51c29c09b989be480107f36e7c5552e99a283588ad31c0f87a9353f69;ChamelGang IOCs oci.dll https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/new-apt-group-chamelgang/
8f349ea483b4986b90384bcdde30666669303ede91f9261f40213bac9e44f286;ChamelGang IOCs oci.dll https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/new-apt-group-chamelgang/
9f0fc02c4cc5d77f28f3828a361afc93459c888acb1a186e874a60ead3c68ba6;ChamelGang IOCs oci.dll https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/new-apt-group-chamelgang/
3b3d097873899e1a1d99c2ba5aedfc68b67f30acfeefc74e30eb02647729602f;ChamelGang IOCs oci.dll https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/new-apt-group-chamelgang/
e18546ad747fa063285f24264f9dc3d452c9eb94dc7f1e87b5a8b0677bbf78d7;ChamelGang IOCs ocilib.dll https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/new-apt-group-chamelgang/
21d41a206cd12784473bec587a0b014b7cfd29c8da958531c773547402a16908;ChamelGang IOCs old.awk https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/new-apt-group-chamelgang/
f1afce3be297fa6185903274b3b44cd263b4c1ea89e8282334bc5771c53af1c5;ChamelGang IOCs p.exe, proxyT.exe https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/new-apt-group-chamelgang/
be34984240e19e64eebcf7f31be9d1dee3defdefb7c9c5de77693527cfb89333;ChamelGang IOCs protsdown.dll https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/new-apt-group-chamelgang/
c6b0ea8e61dffe61737911cceafdf281c9e656e87365e9119184e4f42bd42c11;ChamelGang IOCs RunCheckConfig.class https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/new-apt-group-chamelgang/
5c61d82b42c91c387d5ea6e245056b7a8aa213fcafe08c3a72e1866554931290;ChamelGang IOCs siiHost.exe https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/new-apt-group-chamelgang/
eb4a359c73c31e262e17a6bc2ccefa20429c3f5e2f6e9c521b9ad0ff96fd6ce0;ChamelGang IOCs siihost.exe https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/new-apt-group-chamelgang/
e3af2ef75033f3ececfd102ca116476397bac6244a8baafb1adebbe8d79c292e;ChamelGang IOCs ssconf https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/new-apt-group-chamelgang/
ba867705eb986d1975abcf2f2b90ee2c7fdd09255076823cdd85c0feeea15a1b;ChamelGang IOCs sshost.exe https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/new-apt-group-chamelgang/
dbf16553507202fbd1aed5057df92d11b88563585ae9bcc517f584826fe4819d;ChamelGang IOCs tcs.jsp https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/new-apt-group-chamelgang/
8491a786a3a00549f35302160c70e6b8cca6e9792be82e0092e7444850ebdfe9;ChamelGang IOCs tunnel.jsp https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/new-apt-group-chamelgang/
23403a06e470420b8f02d3c352f08446146920412d02444771b42c561d69ba83;ChamelGang IOCs wl https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/new-apt-group-chamelgang/
132688d482129c3935577e73de15f4cc5f382bd511c249d19adbb78b9f1d16c3;ChamelGang IOCs wl.dll https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/new-apt-group-chamelgang/
373974f2e7933ec8b6eb7afbc98d2d4e0cfc348321864aaf1bbaf66d4d9ef83b;ChamelGang IOCs wlbsctrl.dll https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/new-apt-group-chamelgang/
4b9701472ab1aabe7ea5a15146d21a9ebff60fe8077efb013d54969ff2b67b39;ChamelGang IOCs wlbsctrl.dll https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/new-apt-group-chamelgang/

00782ccd65a1e03e3e74ce1e59e752926e0a050818fa195bd7e5a5b359500758;CERT-UA#5850 - 23.12.22 02:10:52 new.exe (CaddyWiper v3) https://cert.gov.ua/article/3718487
e3bc3689f01fd431cd2ed368ae91eceaa7c465c2781fa7b7dc2ec9143a404f79;CERT-UA#5850 - 02.10.22 09:53:56 upd.exe (ZeroWipe) https://cert.gov.ua/article/3718487
301b248a8291df6c7f3565a3dac17ee69609f36ef474b4f20eebe134746a9cac;CERT-UA#5850 - news.bat https://cert.gov.ua/article/3718487
246607235d560e90590dcf1b0507ab18de74afcc4429d8d5f3ba97eacc92d73f;CERT-UA#5850 - r.sh (AwfulShred) https://cert.gov.ua/article/3718487
66548ba6ca6d34b7d17e42ab2e1405db1c581a516e0b1a4942d373d6d5396ba4;CERT-UA#5850 - audit.sh (BidSwipe) https://cert.gov.ua/article/3718487

11be1803e2e307b647a8a7e02d128335c448ff741bf06bf52b332e0bbf423b03;3CX Compromise - 11be1803e2e307b647a8a7e02d128335c448ff741bf06bf52b332e0bbf423b03
253f3a53796f1b0fbe64f7b05ae1d66bc2b0773588d00c3d2bf08572a497fa59;3CX Compromise - ffmpeg_dlls/253f3a53796f1b0fbe64f7b05ae1d66bc2b0773588d00c3d2bf08572a497fa59
29ce6bca0ffcf5891ac6a554fdd0355dddd71fe8f6e8e3f833b5753d7bbc73d9;3CX Compromise - 3CXDesktopApp-18.12.402.dmg
2a22798543bd1f97dd5cd626ba9ac6de6d0a744f3cab01faf9dfc238b24e178b;3CX Compromise - second-stage - Copy.dll
2b5c2975a87c3e8c3cbad3b154a9f0fd772019fecb7c5da1c80cce227060fb84;3CX Compromise - ffmpeg.dll
396350b12b7626d40d76b0c8814920e5692f5a396a3110432a4f361e93a2d881;3CX Compromise
5009c7d1590c1f8c05827122172583ddf924c53b55a46826abf66da46725505a;3CX Compromise 
51079c7e549cbad25429ff98b6d6ca02dc9234e466dd9b75a5e05b9d7b95af72;3CX Compromise - 3CX Desktop App
5407cda7d3a75e7b1e030b1f33337a56f293578ffa8b3ae19c671051ed314290;3CX Compromise - 3CXDesktopApp-18.11.1213.dmg https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/
59e1edf4d82fae4978e97512b0331b7eb21dd4b838b850ba46794d9c7a2c0983;3CX Compromise - 3cxdesktopapp-18.12.416.msi https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/
6285ffb5f98d35cd98e78d48b63a05af6e4e4dea;3CX Compromise - Windows binary https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/
693f96516f43561ba4ae10f2a08758b42cbf9c75cdafe3263169ff7f26dfd206;3CX Compromise - third-stage.dll
6a0f637546684c90809cf264c22a861c9a07b1ca3b2ef6a359a14d612e392c1a;3CX Compromise
7667d1b8fcc4f712084e3e3f8b4ab505ab150c52aea7b219249ec508b4b0e224;3CX Compromise
7986bbaee8940da11ce089383521ab420c443ab7b15ed42aed91fd31ce833896;3CX Compromise - ffmpeg_dlls/7986bbaee8940da11ce089383521ab420c443ab7b15ed42aed91fd31ce833896
7c55c3dfa373b6b342390938029cb76ef31f609d9a07780772c6010a4297e321;3CX Compromise - 3CXDesktopApp-18.12.416-full.nupkg
7d0200959c1c9742cb0dbca92dcfe4b5e61c48476dcfdfc177d0413ed88757c3;3CX Compromise - 3CXDesktopApp-18.12.407.dmg
82a2dafd6ce594f2cf8588f32585c71be2180fc4cf9a144e300b1692f3de5807;3CX Compromise - 82a2dafd6ce594f2cf8588f32585c71be2180fc4cf9a144e300b1692f3de5807.exe, third-stage - mapped.dll
8433a94aedb6380ac8d4610af643fb0e5220c5cb;3CX Compromise - Windows binary https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/
851c2c99ebafd4e5e9e140cfe3f2d03533846ca16f8151ae8ee0e83c692884b7;3CX Compromise - 851c2c99ebafd4e5e9e140cfe3f2d03533846ca16f8151ae8ee0e83c692884b7.exe, 164e9b60000.dll
87c5d0c93b80acf61d24e7aaf0faae231ab507ca45483ad3d441b5d1acebc43c;3CX Compromise
8ab3a5eaaf8c296080fadf56b265194681d7da5da7c02562953a4cb60e147423;3CX Compromise - payload
92005051ae314d61074ed94a52e76b1c3e21e7f0e8c1d1fdd497a006ce45fa61;3CX Compromise - macOS binary https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/
99dbc6fe3c3e465052fcefa1642861747dc9e069eeb244589b605bd710b1e0d1;3CX Compromise
a64fa9f1c76457ecc58402142a8728ce34ccba378c17318b3340083eeb7acc67;3CX Compromise - dylib/a64fa9f1c76457ecc58402142a8728ce34ccba378c17318b3340083eeb7acc67
aa124a4b4df12b34e74ee7f6c683b2ebec4ce9a8edcf9be345823b4fdcf5d868;3CX Compromise - 3cxdesktopapp-18.12.407.msi https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/
aa4e398b3bd8645016d8090ffc77d15f926a8e69258642191deb4e68688ff973;3CX Compromise - trololo.dll
ac99602999bf9823f221372378f95baa4fc68929bac3a10e8d9a107ec8074eca;3CX Compromise - macos/ac99602999bf9823f221372378f95baa4fc68929bac3a10e8d9a107ec8074eca
b56279136d816a11cf4db9fc1b249da04b3fa3aef4ba709b20cdfbe572394812;3CX Compromise - 11be1803e2e307b647a8a7e02d128335c448ff741bf06bf52b332e0bbf423b03_shellcode
b86c695822013483fa4e2dfdf712c5ee777d7b99cbad8c2fa2274b133481eadb;3CX Compromise - macOS binary https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/
c485674ee63ec8d4e8fde9800788175a8b02d3f9416d0e763360fff7f8eb4e02;3CX Compromise - 3CXDesktopApp ffmpeg.dll
d67e6ba9be2ae522e05838285acefc2513b61f6ccae159027914a5813fb5f80f;3CX Compromise - authenticodepadding_trimmed_decrypted_trimmed.bin
dde03348075512796241389dfea5560c20a3d2a2eac95c894e7bbed5e85a0acc;3CX Compromise - Windows binary https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/
e4dac5422cc1b7f6df6017d2568502fb02756694eeae7c10916314d66898c811;3CX Compromise - sam.dll.bin
e6bbc33815b9f20b0cf832d7401dd893fbc467c800728b5891336706da0dbcec;3CX Compromise - 3cxdesktopapp-latest.dmg https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/
f5fdefaa5321e2cea02ef8b479de8ec3c5505e956ea1484c84a7abb17231fe24;3CX Compromise - suddenicon
f7ba7f9bf608128894196cf7314f68b78d2a6df10718c8e0cd64dbe3b86bc730;3CX Compromise - com.electron.3cx-desktop-app
fad482ded2e25ce9e1dd3d3ecc3227af714bdfbbde04347dbc1b21d6a3670405;3CX Compromise - Windows binary https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/
fee4f9dabc094df24d83ec1a8c4e4ff573e5d9973caa676f58086c99561382d7;3CX Compromise - libffmpeg.dylib
ffde718e6839ef7123b6e7347969c50652e07877f245450f29133f062f3275ec;3CX Compromise - 3CXDesktopApp-memory.exe
6c121f2b2efa6592c2c22b29218157ec9e63f385e7a1d7425857d603ddef8c59;3CX macOS Update agent https://objective-see.org/blog/blog_0x74.html

9f85a07d4b4abff82ca18d990f062a84;Gopuram IOC (3CX related activity) https://securelist.com/gopuram-backdoor-deployed-through-3cx-supply-chain-attack/109344/
96d3bbf4d2cf6bc452b53c67b3f2516a;Gopuram IOC (3CX related activity) https://securelist.com/gopuram-backdoor-deployed-through-3cx-supply-chain-attack/109344/
6ce5b6b4cdd6290d396465a1624d489c7afd2259a4d69b73c6b0ba0e5ad4e4ad;Gopuram shellcode loaders https://securelist.com/gopuram-backdoor-deployed-through-3cx-supply-chain-attack/109344/
b56279136d816a11cf4db9fc1b249da04b3fa3aef4ba709b20cdfbe572394812;Gopuram shellcode loaders https://securelist.com/gopuram-backdoor-deployed-through-3cx-supply-chain-attack/109344/

882d95bdbca75ab9d13486e477ab76b3978e14d6fca30c11ec368f7e5fa1d0cb;eFile infected extensions https://twitter.com/malwrhunterteam/status/1642994177095942146?s=20
095fbb7685f5ad054bab28346d744e137564beabc33c13a25818936ddc739f5b;eFile infected extensions https://twitter.com/malwrhunterteam/status/1642994177095942146?s=20

d9d19abffc2c7dac11a16745f4aea44f;SIMPLESEA malware mentioned in Mandiant report on 3CX https://www.3cx.com/blog/news/mandiant-initial-results/

404b09def6054a281b41d309d809a428;NK UNC4736 VEILEDSIGNAL malware https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise
c6441c961dcad0fe127514a918eaabd4;NK UNC4736 VEILEDSIGNAL malware https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise
6727284586ecf528240be21bb6e97f88;NK UNC4736 VEILEDSIGNAL malware https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise
00a43d64f9b5187a1e1f922b99b09b77;NK UNC4736 VEILEDSIGNAL malware https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise
451c23709ecd5a8461ad060f6346930c;NK UNC4736 POOLRAT malware https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise
900b63ff9b06e0890bf642bdfcbfcc6ab7887c7a3c057c8e3fd6fba5ffc8e5d6;NK UNC4736 Installer that drops VEILEDSIGNAL malware https://twitter.com/cyb3rops/status/1649054604620075022?s=20
aa318070ad1bf90ed459ac34dc5254acc178baff3202d2ea7f49aaf5a055dd43;NK UNC4736 VEILEDSIGNAL malware https://twitter.com/cyb3rops/status/1649068018754830336?s=20

00a442a4305c62cefa8105c0b4c4a9a5f4d1e93b;60;asmmap64.sys - Memory mapping Driver - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
00b4e8b7644d1bf93f5ddb5740b444b445e81b02;60;driver7-x86.sys - The driver for the ECtool driver-based tools - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
012db3a80faf1f7f727b538cbe5d94064e7159de;60;WinRing0.sys - WinRing0 - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
01779ee53f999464465ed690d823d160f73f10e7;60;WinIO32A.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
01a578a3a39697c4de8e3dab04dba55a4c35163e;60;NTIOLib.sys - NTIOLib For MSIRatio_CC - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
0291d0457acaf0fe8ed5c3137302390469ce8b35;75;7.sys - malicious - https://github.com/magicsword-io/LOLDrivers
0307d76750dd98d707c699aee3b626643afb6936;60;CITMDRV_IA64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
0466e90bf0e83b776ca8716e01d35a8a2e5f96d3;60;mhyprot.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
0466e90bf0e83b776ca8716e01d35a8a2e5f96d3;60;Mhyprot2.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
054a50293c7b4eea064c91ef59cf120d8100f237;60;NTIOLib.sys - NTIOLib - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
05ac1c64ca16ab0517fe85d4499d08199e63df26;60;81.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
05c0c49e8bcf11b883d41441ce87a2ee7a3aba1d;60;viraglt64.sys - VirIT Agent System - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
05c0c49e8bcf11b883d41441ce87a2ee7a3aba1d;60;viragt64.sys - VirIT Agent System - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
064de88dbbea67c149e779aac05228e5405985c7;75;ntbios_2.sys - ntbios driver - malicious - https://github.com/magicsword-io/LOLDrivers
078ae07dec258db4376d5a2a05b9b508d68c0123;60;CITMDRV_AMD64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
08596732304351b311970ff96b21f451f23b1e25;60;fidpcidrv.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
0b6ec2aedc518849a1c61a70b1f9fb068ede2bc3;60;AsrSetupDrv103.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
0b8b83f245d94107cb802a285e6529161d9a834d;60;NTIOLib.sys - NTIOLib - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
0c26ab1299adcd9a385b541ef1653728270aa23e;60;VProEventMonitor.sys - VProEventMonitor.Sys - Event Monitoring driver - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
0c74d09da7baf7c05360346e4c3512d0cd433d59;60;WinIo64A.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
0de4247e72d378713bcf22d5c5d3874d079203bb4364e25f67a90d5570bdcce8;60;TestBone.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
0ebaef662b14410c198395b13347e1d175334ec67919709ad37d65eba013adff;60;bw.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
0f780b7ada5dd8464d9f2cc537d973f5ac804e9c;60;bandai.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
0fd2df82341bf5ebb8a53682e60d08978100c01acb0bed7b6ce2876ada80f670;60;Lurker.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
10115219e3595b93204c70eec6db3e68a93f3144;75;2.sys - malicious - https://github.com/magicsword-io/LOLDrivers
10e15ba8ff8ed926ddd3636cec66a0f08c9860a4;60;fiddrv64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
1292c7dd60214d96a71e7705e519006b9de7968f;60;elrawdsk.sys - RawDisk Driver. Allows write access to files and raw disk sectors for user mode applications in Windows 2000 and later. - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
12d38abbc5391369a4c14f3431715b5b76ac5a2a;60;PanMonFltX64.sys - PanCafe Manager File Monitor - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
146d77e80ca70ea5cb17bfc9a5cea92334f809cbdc87a51c2d10b8579a4b9c88;60;t.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
14bf0eaa90e012169745b3e30c281a327751e316;60;NTIOLib.sys - NTIOLib_X64 - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
152b6bb9ffd2ffec00cc46f5c6e29362d0e66e67;60;NTIOLib.sys - NTIOLib for DebugLED - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
15c53eb3a0ea44bbd2901a45a6ebeae29bb123f9c1115c38dfb2cdbec0642229;60;nt6.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
15d1a6a904c8409fb47a82aefa42f8c3c7d8c370;60;AsrDrv103.sys - ASRock IO Driver - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
15df139494d2c40a645fb010908551185c27f3c5;60;NTIOLib.sys - NTIOLib - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
160c96b5e5db8c96b821895582b501e3c2d5d6e7;60;CITMDRV_IA64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
166759fd511613414d3213942fe2575b926a6226;60;rtkio.sys - Realtek IODriver - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
16d7ecf09fc98798a6170e4cef2745e0bee3f5c7;60;zam64.sys - ZAM - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
16d7ecf09fc98798a6170e4cef2745e0bee3f5c7;60;zamguard64.sys - ZAM - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
17fa047c1f979b180644906fe9265f21af5b0509;75;0x3440_blacklotus_v2_driver.sys - malicious - https://github.com/magicsword-io/LOLDrivers
19bd488fe54b011f387e8c5d202a70019a204adf;60;CITMDRV_AMD64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
19f3343bfad0ef3595f41d60272d21746c92ffca;60;DirectIo.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
1acc7a486b52c5ee6619dbdc3b4210b5f48b936f;60;ASIO32.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
1d0df45ee3fa758f0470e055915004e6eae54c95;60;AsrSmartConnectDrv.sys - RW-Everything Read & Write Driver - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
1e7c241b9a9ea79061b50fb19b3d141dee175c27;60;ASIO32.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
1f25f54e9b289f76604e81e98483309612c5a471;75;wantd_3.sys - WAN Transport Driver - malicious - https://github.com/magicsword-io/LOLDrivers
1f3799fed3cf43254fe30dcdfdb8dc02d82e662b;75;0x3040_blacklotus_beta_driver.sys - malicious - https://github.com/magicsword-io/LOLDrivers
1f3799fed3cf43254fe30dcdfdb8dc02d82e662b;75;0x3040_blacklotus_beta_driver.sys - malicious - https://github.com/magicsword-io/LOLDrivers
1f3a9265963b660392c4053329eb9436deeed339;60;CITMDRV_AMD64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
1f7501e01d84a2297c85cb39880ec4e40ac3fe8a;60;NTIOLib.sys - NTIOLib - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
1fd7f881ea4a1dbb5c9aeb9e7ad659a85421745b;60;NTIOLib.sys - NTIOLib - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
205c69f078a563f54f4c0da2d02a25e284370251;60;CITMDRV_IA64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
213ba055863d4226da26a759e8a254062ea77814;60;BS_RCIO.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
21e6c104fe9731c874fab5c9560c929b2857b918;60;Agent64.sys - DriverAgent Direct I/O for 64-bit Windows - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
21edff2937eb5cd6f6b0acb7ee5247681f624260;60;smep_capcom.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
221dfbc74bbb255b0879360ccc71a74b756b2e0f16e9386b38a9ce9d4e2e34f9;60;bwrs.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
2261198385d62d2117f50f631652eded0ecc71db;60;ADV64DRV.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
258359a7fa3d975620c9810dab3a6493972876a024135feaf3ac8482179b2e79;60;t8.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
25bf4e30a94df9b8f8ab900d1a43fd056d285c9d;75;wantd_5.sys - WAN Transport Driver - malicious - https://github.com/magicsword-io/LOLDrivers
25d812a5ece19ea375178ef9d60415841087726e;60;libnicm.sys - XTier COM Services Driver - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
26c4a7b392d7e7bd7f0a2a758534e45c0d9a56ab;60;HwOs2Ec7x64.sys - HwOs2Ec - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
27d3ebea7655a72e6e8b95053753a25db944ec0f;60;Agent64.sys - DriverAgent Direct I/O for 64-bit Windows - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
27eab595ec403580236e04101172247c4f5d5426;60;NTIOLib.sys - MSI ComCenService Driver - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
282bb241bda5c4c1b8eb9bf56d018896649ca0e1;60;fiddrv.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
28b1c0b91eb6afd2d26b239c9f93beb053867a1a;60;NTIOLib.sys - NTIOLib - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
291b4a88ffd2ac1d6bf812ecaedc2d934dc503cb;60;PanIO.sys - Temperature and system information driver - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
29a190727140f40cea9514a6420f5a195e36386b;60;mtcBSv64.sys - MiTAC System Service Provider - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
2a6e6bd51c7062ad24c02a4d2c1b5e948908d131;60;CITMDRV_AMD64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
2b0bb408ff0e66bcdf6574f1ca52cbf4015b257b;60;HwRwDrv.sys - Hardware read & write driver - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
2b4d0dead4c1a7cc95543748b3565cfa802e5256;60;asrdrv104.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
2c27abbbbcf10dfb75ad79557e30ace5ed314df8;60;netfilterdrv.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
2c5ff272bd345962ed41ab8869aef41da0dfe697;60;Bs_Def.sys - Default BIOS Flash Driver - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
2d503a2457a787014a1fdd48a2ece2e6cbe98ea7;60;AsrIbDrv.sys - RW-Everything Read & Write Driver - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
2dfcb799b3c42ecb0472e27c19b24ac7532775ce;60;GLCKIO2.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
2e3de9bff43d7712707ef8a0b10f7e4ad8427fd8;60;CITMDRV_AMD64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
2f991435a6f58e25c103a657d24ed892b99690b8;60;ALSysIO64.sys - ALSysIO - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
2fc6845047abcf2a918fce89ab99e4955d08e72c;60;IOMap64.sys - ASUS Kernel Mode Driver for NT  - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
30a224b22592d952fbe2e6ad97eda4a8f2c734e0;60;CITMDRV_IA64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
312e31851e0fc2072dbf9a128557d6ef;60;goad.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
31fac347aa26e92db4d8c9e1ba37a7c7a2234f08;75;POORTRY1.sys - malicious - https://github.com/magicsword-io/LOLDrivers
3270720a066492b046d7180ca6e60602c764cac7;60;CITMDRV_AMD64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
33285b2e97a0aeb317166cce91f6733cf9c1ad53;60;Se64a.sys - EnTech softEngine x64 kernel-mode driver - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
3390919bb28d5c36cc348f9ef23be5fa49bfd81263eb7740826e4437cbe904cd;60;nstrwsk.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
33cdab3bbc8b3adce4067a1b042778607dce2acd;60;Agent64.sys - DriverAgent Direct I/O for 64-bit Windows - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
34c85afe6d84cd3deec02c0a72e5abfa7a2886c3;60;aswVmm.sys - avast! VM Monitor - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
351cbd352b3ec0d5f4f58c84af732a0bf41b4463;60;Lv561av.sys - Logitech Video Driver - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
35829e096a15e559fcbabf3441d99e580ca3b26e;60;NBIOLib_X64.sys - NTIOLib - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
35829e096a15e559fcbabf3441d99e580ca3b26e;60;NTIOLib.sys - NTIOLib - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
3599ea2ac1fa78f423423a4cf90106ea0938dde8;60;elbycdio.sys - ElbyCD Windows NT/2000/XP I/O driver - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
35f1ba60ba0da8512a0b1b15ee8e30fe240d77cd;60;NTIOLib.sys - NTIOLib - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
36875562e747136313ec5db58174e5fab870997a054ca8d3987d181599c7db6a;60;d3.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
37364cb5f5cefd68e5eca56f95c0ab4aff43afcc;60;NTIOLib.sys - NTIOLib - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
37dde6bd8a7a36111c3ac57e0ac20bbb93ce3374d0852bcacc9a2c8c8c30079e;60;bwrsh.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
37e6450c7cd6999d080da94b867ba23faa8c32fe;75;wantd_6.sys - WAN Transport Driver - malicious - https://github.com/magicsword-io/LOLDrivers
3805e4e08ad342d224973ecdade8b00c40ed31be;60;NTIOLib_X64.sys - NTIOLib - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
3805e4e08ad342d224973ecdade8b00c40ed31be;60;NTIOLib.sys - NTIOLib - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
3a95cc82173032b82a0ffc7d2e438df64c13bc16b4574214c9fe3be37250925e;60;TGSafe.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
3abb9d0a9d600200ae19c706e570465ef0a15643;60;NTIOLib.sys - NTIOLib For MSISimple_OC - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
3ae56ab63230d6d9552360845b4a37b5801cc5ea;60;gameink.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
3b6b35bca1b05fafbfc883a844df6d52af44ccdc;75;wantd_2.sys - WAN Transport Driver - malicious - https://github.com/magicsword-io/LOLDrivers
3e9b62d2ea2be50a2da670746c4dbe807db9601980af3a1014bcd72d0248d84c;60;GameTerSafe.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
3ee2fd08137e9262d2e911158090e4a7c7427ea0;60;BlackBoneDrv10.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
3ef30c95e40a854cc4ded94fc503d0c3dc3e620e;75;NodeDriver.sys - malicious - https://github.com/magicsword-io/LOLDrivers
3f223581409492172a1e875f130f3485b90fbe5f;60;amp.sys - AMP Minifilter - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
400f833dcc2ef0a122dd0e0b1ec4ec929340d90e;60;AsrOmgDrv.sys - ASRock IO Driver - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
414cd15d6c991d19fb5be02e3b9fb0e6c5ce731c;60;NTIOLib.sys - NTIOLib - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
4243dbbf6e5719d723f24d0f862afd0fcb40bc35;60;driver7-x86-withoutdbg.sys - The driver for the ECtool driver-based tools - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
4268f30b79ce125a81d0d588bef0d4e2ad409bbb;60;CITMDRV_AMD64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
43419df1f9a07430a18c5f3b3cc74de621be0f8e;60;WINIODrv.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
455bc98ba32adab8b47d2d89bdbadca4910f91c182ab2fc3211ba07d3784537b;60;nstr.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
460008b1ffd31792a6deadfa6280fb2a30c8a5d2;60;WINIODrv.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
461882bd59887617cadc1c7b2b22d0a45458c070;60;AsrSetupDrv103.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
468e2e5505a3d924b14fedee4ddf240d09393776;60;CITMDRV_AMD64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
471ca4b5bb5fe68543264dd52acb99fddd7b3c6d;60;LgCoreTemp.sys - CPU Core Temperature Monitor - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
4789b910023a667bee70ff1f1a8f369cffb10fe8;60;fidpcidrv.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
485c0b9710a196c7177b99ee95e5ddb35b26ddd1;60;dbutil.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
490109fa6739f114651f4199196c5121d1c6bdf2;60;ATSZIO.sys - ATSZIO Driver - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
490109fa6739f114651f4199196c5121d1c6bdf2;60;ATSZIO64.sys - ATSZIO Driver - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
4941c4298f4560fc1e59d0f16f84bab5c060793700b82be2fd7c63735f1657a8;60;windows7-32.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
49ed27460730b62403c1d2e4930573121ab0c86c442854bc0a62415ca445a810;60;Proxy32.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
4a235f0b84ff615e2879fa9e0ec0d745fcfdaa5c;60;CITMDRV_AMD64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
4a705af959af61bad48ef7579f839cb5ebd654d2;60;CITMDRV_IA64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
4a7d66874a0472a47087fabaa033a85d47413379;60;asrdrv104.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
4a9093e8dbcb867e1b97a0a67ce99a8511900658f5201c34ffb8035881f2dbbe;60;ProtectS.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
4b009e91bae8d27b160dc195f10c095f8a2441e1;60;iomem64.sys - DTR Kernel mode driver - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
4B882748FAF2C6C360884C6812DD5BCBCE75EBFF;75;blacklotus_beta_driver.sys - malicious - https://github.com/magicsword-io/LOLDrivers
4b8c0445075f09aeef542ab1c86e5de6b06e91a3;60;full.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
4c18754dca481f107f0923fb8ef5e149d128525d;60;vmdrv.sys - Voicemod Virtual Audio Device (WDM) - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
4cff6e53430b81ecc4fae453e59a0353bcfe73dd5780abfc35f299c16a97998e;60;t3.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
4d41248078181c7f61e6e4906aa96bbdea320dc2;60;cpuz.sys - CPUID Driver - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
4e56e0b1d12664c05615c69697a2f5c5d893058a;60;HW.sys - HW - Windows NT-8 (32/64 bit) kernel mode driver for PC ports/memory/PCI access - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
4e826430a1389032f3fe06e2cc292f643fb0c417;60;CITMDRV_IA64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
4f7a8e26a97980544be634b26899afbefb0a833c;60;AMDRyzenMasterDriver.sys - AMD Ryzen Master Service Driver - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
4fe873544c34243826489997a5ff14ed39dd090d;40;RTCore64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
50e2bc41f0186fdce970b80e2a2cb296353af586;60;dbutil.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
51b60eaa228458dee605430aae1bc26f3fc62325;60;CITMDRV_AMD64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
53acd4d9e7ba0b1056cf52af0d191f226eddf312;60;NTIOLib.sys - NTIOLib_X64 - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
53f776d9a183c42b93960b270dddeafba74eb3fb;75;daxin_blank5.sys - malicious - https://github.com/magicsword-io/LOLDrivers
5520ac25d81550a255dc16a0bb89d4b275f6f809;60;inpoutx64.sys - Kernel level port access driver - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
558aad879b6a47d94a968f39d0a4e3a3aaef1ef1;60;WinRing0.sys - WinRing0 - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
55ab7e27412eca433d76513edc7e6e03bcdd7eda;60;ASIO32.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
5711c88e9e64e45b8fc4b90ab6f2dd6437dc5a8a;60;CITMDRV_IA64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
57511ef5ff8162a9d793071b5bf7ebe8371759de;60;AsrDrv101.sys - ASRock IO Driver - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
589a7d4df869395601ba7538a65afae8c4616385;60;physmem.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
5a7dd0da0aee0bdedc14c1b7831b9ce9178a0346;60;ASIO32.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
5b9623da9ba8e5c80c49473f40ffe7ad315dcadffc3230afdc9d9226d60a715a;60;windows8-10-32.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
5d6b9e80e12bfc595d4d26f6afb099b3cb471dd4;60;aswArPot.sys - Avast Anti Rootkit - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
5db61d00a001fd493591dc919f69b14713889fc5;60;BS_RCIO64.sys - I/O Interface driver file - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
5dd2c31c4357a8b76db095364952b3d0e3935e1d;60;CITMDRV_IA64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
5e6ddd2b39a3de0016385cbd7aa50e49451e376d;60;NTIOLib.sys - NTIOLib - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
5f8356ffa8201f338dd2ea979eb47881a6db9f03;60;NTIOLib.sys - NTIOLib - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
5fb9421be8a8b08ec395d05e00fd45eb753b593a;60;CorsairLLAccess64.sys - Corsair LL Access - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
6003184788cd3d2fc624ca801df291ccc4e225ee;60;iomem64.sys - DTR Kernel mode driver - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
6053d258096bccb07cb0057d700fe05233ab1fbb;60;dbk64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
609fa1efcf61e26d64a5ceb13b044175ab2b3a13;60;BS_Def64.sys - Default BIOS Flash Driver - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
6100eb82a25d64a7a7702e94c2b21333bc15bd08;60;NTIOLib.sys - NTIOLib - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
623cd2abef6c92255f79cbbd3309cb59176771da;60;CITMDRV_AMD64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
643383938d5e0d4fd30d302af3e9293a4798e392;60;semav6msr.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
643383938d5e0d4fd30d302af3e9293a4798e392;60;semav6msr64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
64e4ac8b9ea2f050933b7ec76a55dd04e97773b4;60;nscm.sys - Novell XTier Session Manager - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
64f9e664bc6d4b8f5f68616dd50ae819c3e60452efd5e589d6604b9356841b57;60;1.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
6523b3fd87de39eb5db1332e4523ce99556077dc;60;AsrAutoChkUpdDrv.sys - AsrAutoChkUpdDrv Driver - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
65d8a7c2e867b22d1c14592b020c548dd0665646;60;NTIOLib.sys - NTIOLib - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
6714380bc0b8ab09b9a0d2fa66d1b025b646b946;60;CITMDRV_IA64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
684786de4b3b3f53816eae9df5f943a22c89601f;60;rzpnk.sys - Razer Overlay Support - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
696d68bdbe1d684029aaad2861c49af56694473a;60;vboxdrv.sys - VirtualBox Support Driver - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
6a3d3b9ab3d201cd6b0316a7f9c3fb4d34d0f403;60;rtkiow8x64.sys - Realtek IO Driver - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
6abbc3003c7aa69ce79cbbcd2e3210b07f21d202;75;wantd.sys - WAN Transport Driver - malicious - https://github.com/magicsword-io/LOLDrivers
6afc6b04cf73dd461e4a4956365f25c1f1162387;60;inpoutx64.sys - Kernel level port access driver - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
6b54f8f137778c1391285fee6150dfa58a8120b1;60;MsIo64.sys - MICSYS driver - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
6c1bb3a72ebfb5359b9e22ca44d0a1ff825a68f2;60;asrdrv104.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
6debce728bcff73d9d1d334df0c6b1c3735e295c;75;4.sys - malicious - https://github.com/magicsword-io/LOLDrivers
708016fbe22c813a251098f8f992b177b476bd1bbc48c2ed4a122ff74910a965;60;b3.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
71469dce9c2f38d0e0243a289f915131bf6dd2a8;75;ntbios.sys - ntbios driver - malicious - https://github.com/magicsword-io/LOLDrivers
72966ca845759d239d09da0de7eebe3abe86fee3;60;AsrDrv10.sys - ASRock IO Driver - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
729a8675665c61824f22f06c7b954be4d14b52c4;60;asrdrv104.sys - ASRock IO Driver - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
72b99147839bcfb062d29014ec09fe20a8f261748b5925b00171ef3cb849a4c1;60;kbdcap64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
738b7918d85e5cb4395df9e3f6fc94ddad90e939;60;WINIODrv.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
73bac306292b4e9107147db94d0d836fdb071e33;75;daxin_blank3.sys - malicious - https://github.com/magicsword-io/LOLDrivers
745335bcdf02fb42df7d890a24858e16094f48fd;75;PcieCubed.sys - PCIe Video Capture - malicious - https://github.com/magicsword-io/LOLDrivers
745bad097052134548fe159f158c04be5616afc2;60;Dh_Kernel.sys - dianhu - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
74e4e3006b644392f5fcea4a9bae1d9d84714b57;60;hw.sys - HW - Windows NT-10 (32/64 bit) kernel mode driver for PC ports/memory/PCI access - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
7667b72471689151e176baeba4e1cd9cd006a09a;60;nvflsh64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
7838fb56fdab816bc1900a4720eea2fc9972ef7a;60;fidpcidrv.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
7859e75580570e23a1ef7208b9a76f81738043d5;60;mydrivers.sys - DriverGenius Hardware monitor - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
78b9481607ca6f3a80b4515c432ddfe6550b18a8;60;NTIOLib.sys - NTIOLib for MSIFrequency_CC - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
7ab4565ba24268f0adadb03a5506d4eb1dc7c181;60;CITMDRV_IA64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
7ba19a701c8af76988006d616a5f77484c13cb0a;60;driver7-x64.sys - The driver for the ECtool driver-based tools - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
7c1b25518dee1e30b5a6eaa1ea8e4a3780c24d0c;60;vboxdrv.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
7c6cad6a268230f6e08417d278dda4d66bb00d13;60;IObitUnlocker.sys - Unlocker Driver - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
7d7c03e22049a725ace2a9812c72b53a66c2548b;60;BS_Def64.sys - Default BIOS Flash Driver - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
7d8937c18d6e11a0952e53970a0934cf0e65515637ac24d6ca52ccf4b93d385f;60;nt3.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
7e836dadc2e149a0b758c7e22c989cbfcce18684;75;POORTRY2.sys - malicious - https://github.com/magicsword-io/LOLDrivers
7eec3a1edf3b021883a4b5da450db63f7c0afeeb;60;asrdrv104.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
7fb52290883a6b69a96d480f2867643396727e83;60;WinRing0.sys - WinRing0 - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
806832983bb8cb1e26001e60ea3b7c3ade4d3471;60;LgDCatcher.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
80fa962bdfb76dfcb9e5d13efc38bb3d392f2e77;60;ASIO32.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
8111085022bda87e5f6aa4c195e743cc6dd6a3a6d41add475d267dc6b105a69f;60;NetProxyDriver.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
814200191551faec65b21f5f6819b46c8fc227a3;60;PanIOx64.sys - Temperature and system information driver - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
8183a341ba6c3ce1948bf9be49ab5320e0ee324d;60;WinFlash64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
823da894b2c73ffcd39e77366b6f1abf0ae9604d9b20140a54e6d55053aadeba;60;d4.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
82ba5513c33e056c3f54152c8555abf555f3e745;60;sandra.sys - Sandra Device Driver (Win64 x64)(Unicode) - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
8302802b709ad242a81b939b6c90b3230e1a1f1e;75;daxin_blank.sys - malicious - https://github.com/magicsword-io/LOLDrivers
84df20b1d9d87e305c92e5ffae21b10b325609d59d835a954dbd8750ef5dabf4;60;b.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
8626ab1da6bfbdf61bd327eb944b39fd9df33d1d;60;CITMDRV_IA64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
8692274681e8d10c26ddf2b993f31974b04f5bf0;75;daxin_blank4.sys - malicious - https://github.com/magicsword-io/LOLDrivers
877c6c36a155109888fe1f9797b93cb30b4957ef;60;piddrv.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
879fcc6795cebe67718388228e715c470de87dca;60;NTIOLib.sys - NTIOLib for MSIDDR_CC - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
89909fa481ff67d7449ee90d24c167b17b0612f1;60;msrhook.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
89cd760e8cb19d29ee08c430fb17a5fd4455c741;60;AsrRapidStartDrv.sys - RW-Everything Read & Write Driver - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
8b6aa5b2bff44766ef7afbe095966a71bc4183fa;60;AsIO.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
8b6aa5b2bff44766ef7afbe095966a71bc4183fa;60;AsUpIO64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
8c377ab4eebc5f4d8dd7bb3f90c0187dfdd3349f;60;HpPortIox64.sys - HpPortIo - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
8cc8974a05e81678e3d28acfe434e7804abd019c;60;fiddrv.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
8d59fd14a445c8f3f0f7991fa6cd717d466b3754;60;gdrv.sys - GIGA-BYTE NonPNP Driver - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
8db869c0674221a2d3280143cbb0807fac08e0cc;60;Agent64.sys - DriverAgent Direct I/O for 64-bit Windows - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
8f5cd4a56e6e15935491aa40adb1ecad61eafe7c;60;CITMDRV_AMD64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
8fb149fc476cf5bf18dc575334edad7caf210996;60;WinIO32.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
90a76945fd2fa45fab2b7bcfdaf6563595f94891;60;DBUtilDrv2.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
910cb12aa49e9f35ecc4907e8304adf0dcca8cf1;60;superbmc.sys - superbmc - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
91F832F46E4C38ECC9335460D46F6F71352CFFED;75;blacklotus_beta_driver_2.sys - malicious - https://github.com/magicsword-io/LOLDrivers
92f251358b3fe86fd5e7aa9b17330afa0d64a705;60;AsIO.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
93aa3bb934b74160446df3a47fa085fd7f3a6be9;60;NTIOLib.sys - NTIOLib - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
943593e880b4d340f2548548e6e673ef6f61eed3;60;winio64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
947db58d6f36a8df9fa2a1057f3a7f653ccbc42e;60;rtkiow10x64.sys - Realtek IO Driver - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
976777d39d73034df6b113dfce1aa6e1d00ffcfd;60;NTIOLib.sys - NTIOLib - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
99201c9555e5faf6e8d82da793b148311f8aa4b8;60;rtkio64.sys - Realtek IO Driver - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
9923c8f1e565a05b3c738d283cf5c0ed61a0b90f;60;AsrDrv102.sys - ASRock IO Driver - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
994DC79255AEB662A672A1814280DE73D405617A;75;blacklotus_beta_driver_3.sys - malicious - https://github.com/magicsword-io/LOLDrivers
9a35ae9a1f95ce4be64adc604c80079173e4a676;60;BSMI.sys - SMI Driver - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
9a35ae9a1f95ce4be64adc604c80079173e4a676;60;BSMIXP64.sys - SMI Driver - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
9c24dd75e4074041dbe03bf21f050c77d748b8e9;60;BS_HWMIo64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
9c256edd10823ca76c0443a330e523027b70522d;60;NTIOLib.sys - NTIOLib For NTIOLib_ECO - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
9c6749fc6c1127f8788bff70e0ce9062959637c9;60;NTIOLib.sys - NTIOLib - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
9d07df024ec457168bf0be7e0009619f6ac4f13c;60;BSMEMx64.sys - I/O Interface driver file - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
9d58f640c7295952b71bdcb456cae37213baccdcd3032c1e3aeb54e79081f395;60;ProtectS.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
a00e444120449e35641d58e62ed64bb9c9f518d2;60;TmComm.sys - TrendMicro Common Module - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
a197a02025946aca96d6e74746f84774df31249e;60;mhyprot3.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
a21c84c6bf2e21d69fa06daaf19b4cc34b589347;60;kprocesshacker.sys - KProcessHacker - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
a2e0b3162cfa336cd4ab40a2acc95abe7dc53843;60;CITMDRV_IA64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
a3636986cdcd1d1cb8ab540f3d5c29dcc90bb8f0;60;d.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
a3e507e713f11901017fc328186ae98e23de7cea5594687480229f77d45848d8;60;b1.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
a3ed5cbfbc17b58243289f3cf575bf04be49591d;75;POORTRY.sys - malicious - https://github.com/magicsword-io/LOLDrivers
a48aa80942fc8e0699f518de4fd6512e341d4196;75;daxin_blank2.sys - malicious - https://github.com/magicsword-io/LOLDrivers
a4b2c56c12799855162ca3b004b4b2078c6ecf77;60;nvflash.sys - NVIDIA Flash Driver, Version 1.8.0 - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
a64354aac2d68b4fa74b5829a9d42d90d83b040c;60;PCHunter.sys - Epoolsoft Windows Information View Tools - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
a65fabaf64aa1934314aae23f25cdf215cbaa4b6;60;WinIo64C.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
a6816949cd469b6e5c35858d19273936fab1bef6;60;PanMonFlt.sys - PanCafe Manager File Monitor - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
a6fe4f30ca7cb94d74bc6d42cdd09a136056952e;60;CITMDRV_AMD64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
a7948a4e9a3a1a9ed0e4e41350e422464d8313cd;60;AsrSetupDrv103.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
a7bd05de737f8ea57857f1e0845a25677df01872;60;NTIOLib.sys - NTIOLib - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
a7d827a41b2c4b7638495cd1d77926f1ba902978;60;piddrv.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
a804ebec7e341b4d98d9e94f6e4860a55ea1638d;75;gftkyj64.sys - malicious - https://github.com/magicsword-io/LOLDrivers
a87d6eac2d70a3fbc04e59412326b28001c179de;60;EneTechIo64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
ac13941f436139b909d105ad55637e1308f49d9a;60;HOSTNT.sys - Hostnt 64-bit driver - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
ac600a2bc06b312d92e649b7b55e3e91e9d63451;60;OpenLibSys.sys - OpenLibSys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
aca8e53483b40a06dfdee81bb364b1622f9156fe;60;81.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
ace6b9e34e3e2e73fe584f3bbdb4e4ec106e0a7d;60;CITMDRV_AMD64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
ae79e760c739d6214c1e314728a78a6cb6060cce206fde2440a69735d639a0a2;60;ni.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
af50109b112995f8c82be8ef3a88be404510cdde;40;RTCore64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
af6e1f2cfb230907476e8b2d676129b6d6657124;60;AsIO.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
b0032b8d8e6f4bd19a31619ce38d8e010f29a816;60;AsrDrv106.sys - ASRock IO Driver - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
b03b1996a40bfea72e4584b82f6b845c503a9748;60;DBUtilDrv2.sys - DBUtil - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
b242b0332b9c9e8e17ec27ef10d75503d20d97b6;60;WinIo64C.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
b25170e09c9fb7c0599bfba3cf617187f6a733ac;60;CITMDRV_IA64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
b2f955b3e6107f831ebe67997f8586d4fe9f3e98;75;LcTkA.sys - malicious - https://github.com/magicsword-io/LOLDrivers
b480c54391a2a2f917a44f91a5e9e4590648b332;60;AMDPowerProfiler.sys - AMD Power Profiling Driver - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
b49ac8fefc6d1274d84fef44c1e5183cc7accba1;60;dcr.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
b4d014b5edd6e19ce0e8395a64faedf49688ecb5;60;EneIo64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
b4d014b5edd6e19ce0e8395a64faedf49688ecb5;60;winio64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
b4d1554ec19504215d27de0758e13c35ddd6db3e;60;CITMDRV_IA64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
b4dcdbd97f38b24d729b986f84a9cdb3fc34d59f;60;FairplayKD.sys - Multi Theft Auto patch driver - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
b89a8eef5aeae806af5ba212a8068845cafdab6f;60;LenovoDiagnosticsDriver.sys - Lenovo Diagnostics Driver for Windows 10 and later. - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
b8de3a1aeeda9deea43e3f768071125851c85bd0;60;NTIOLib.sys - NTIOLib - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
b97a8d506be2e7eaa4385f70c009b22adbd071ba;60;AsIO.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
b9807b8840327c6d7fbdde45fc27de921f1f1a82;60;WiseUnlo.sys - WiseUnlo - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
bb962c9a8dda93e94fef504c4159de881e4706fe;60;amifldrv64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
bbc0b9fd67c8f4cefa3d76fcb29ff3cef996b825;60;UCOREW64.SYS - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
bbc1e5fd826961d93b76abd161314cb3592c4436;60;ncpl.sys - Novell Client Portability Layer - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
bc2f3850c7b858340d7ed27b90e63b036881fd6c;60;80.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
bc47e15537fa7c32dfefd23168d7e1741f8477ed;60;procexp.Sys - Process Explorer - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
be03e9541f56ac6ed1e81407dcd7cc85c0ffc538c3c2c2c8a9c747edbcf13100;60;t7.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
bf87e32a651bdfd9b9244a8cf24fca0e459eb614;60;NTIOLib.sys - NTIOLib - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
bfe55cacc7c56c9f7bd75bdb4b352c0b745d071b;60;speedfan.sys - SpeedFan Device Driver - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
c1d5cf8c43e7679b782630e93f5e6420ca1749a7;60;capcom.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
c23eeb6f18f626ce1fd840227f351fa7543bb167;75;Air_SYSTEM10.sys - malicious - https://github.com/magicsword-io/LOLDrivers
c257aa4094539719a3c7b7950598ef872dbf9518;75;daxin_blank6.sys - malicious - https://github.com/magicsword-io/LOLDrivers
c4d7fb9db3c3459f7e8c0e3d48c95c7c9c4cff60;60;NTIOLib.sys - NTIOLib For MSISimple_OC - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
c4ed28fdfba7b8a8dfe39e591006f25d39990f07;60;piddrv64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
c52cef5b9e1d4a78431b7af56a6fdb6aa1bcad65;60;atillk64.sys - ATI Diagnostics Hardware Abstraction Sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
c60fcff9c8e5243bbb22ec94618b9dcb02c59bb49b90c04d7d6ab3ebbd58dc3a;60;Proxy64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
c6bd965300f07012d1b651a9b8776028c45b149a;60;BSMIx64.sys - SMI Driver - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
c6d349823bbb1f5b44bae91357895dba653c5861;60;PhlashNT.sys - SWinFlash Driver for Windows NT - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
c834c4931b074665d56ccab437dfcc326649d612;60;CITMDRV_AMD64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
c8d87f3cd34c572870e63a696cf771580e6ea81b;60;NTIOLib.sys - NTIOLib - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
c948ae14761095e4d76b55d9de86412258be7afd;60;dbutil_2_3.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
c948ae14761095e4d76b55d9de86412258be7afd;60;dbutil_2_3.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
c95db1e82619fb16f8eec9a8209b7b0e853a4ebe;60;CITMDRV_IA64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
c969f1f73922fd95db1992a5b552fbc488366a40;60;NTIOLib.sys - NTIOLib - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
c9cbfdd0be7b35751a017ec59ff7237ffdc4df1f;60;CITMDRV_AMD64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
cb22723faa5ae2809476e5c5e9b9a597b26cab9b;60;viragt.sys - VirIT Agent System - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
cb3de54667548a5c9abf5d8fa47db4097fcee9f1;60;BS_HWMIO64_W10.sys - I/O Interface driver file - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
cb3f30809b05cf02bc29d4a7796fb0650271e542;75;daxin_blank1.sys - malicious - https://github.com/magicsword-io/LOLDrivers
cb57f3a7fe9e1f8e63332c563b0a319b26c944be839eabc03e9a3277756ba612;60;d2.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
cb9890d4e303a4c03095d7bc176c42dee1b47d8aa58e2f442ec1514c8f9e3cec;60;nt2.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
cc0e0440adc058615e31e8a52372abadf658e6b1;60;inpoutx64.sys - Kernel level port access driver - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
cc383ad11e9d06047a1558ed343f389492da3ac2b84b71462aee502a2fa616c8;60;c.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
cc51be79ae56bc97211f6b73cc905c3492da8f9d;60;GLCKIO2.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
ccd547ef957189eddb6ee213e5e0136e980186f9;60;SSPORT.sys - Port Contention Driver - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
ccdd3a1ebe9a1c8f8a72af20a05a10f11da1d308;60;otipcibus.sys - Hardware Access Driver - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
cce9b82f01ec68f450f5fe4312f40d929c6a506e;60;NTIOLib.sys - NTIOLib - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
ce549714a11bd43b52be709581c6e144957136ec;60;elrawdsk.sys - RawDisk Driver. Allows write access to files and raw disk sectors for user mode applications in Windows 2000 and later. - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
d02403f85be6f243054395a873b41ef8a17ea279;75;wantd_4.sys - WAN Transport Driver - malicious - https://github.com/magicsword-io/LOLDrivers
d04e5db5b6c848a29732bfd52029001f23c3da75;60;iqvw64e.sys - Intel(R) Network Adapter Diagnostic Driver - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
d04e5db5b6c848a29732bfd52029001f23c3da75;60;NalDrv.sys - Intel(R) Network Adapter Diagnostic Driver - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
d098600152e5ee6a8238d414d2a77a34da8afaaa;60;nicm.sys - Novell XTCOM Services Driver - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
d0d39e1061f30946141b6ecfa0957f8cc3ddeb63;60;NCHGBIOS2x64.SYS - BIOS Update Driver For Windows x64 Edition - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
d25340ae8e92a6d29f599fef426a2bc1b5217299;60;WinRing0x64.sys - WinRing0 - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
d25904fbf907e19f366d54962ff543d9f53b8fdfd2416c8b9796b6a8dd430e26;60;My.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
d2e6fc9259420f0c9b6b1769be3b1f63eb36dc57;60;cpuz_x64.sys - CPUID Driver - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
d34a7c497c603f3f7fcad546dc4097c2da17c430;60;NTIOLib.sys - NTIOLib for MSICPU_CC - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
d417c0be261b0c6f44afdec3d5432100e420c3ed;75;ndislan.sys - MS LAN Driver - malicious - https://github.com/magicsword-io/LOLDrivers
d5562fb90b0b3deb633ab335bcbd82ce10953466a428b3f27cb5b226b453eaf3;60;Black.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
d569d4bab86e70efbcdfdac9d822139d6f477b7c;60;ASIO32.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
d5fd9fe10405c4f90235e583526164cd0902ed86;60;AsUpIO.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
d62fa51e520022483bdc5847141658de689c0c29;60;NTIOLib.sys - NTIOLib - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
d702d88b12233be9413446c445f22fda4a92a1d9;60;segwindrvx64.sys - SEG Windows Driver x64 - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
d7bc7306cb489fe4c285bbeddc6d1a09e814ef55cf30bd5b8daf87a52396f102;60;nt4.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
d7e8aef8c8feb87ce722c0b9abf34a7e6bab6eb4;60;NTIOLib.sys - NTIOLib - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
d7f7594ff084201c0d9fa2f4ef1626635b67bce5;60;phymem64.sys - phymem Application - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
d8498707f295082f6a95fd9d32c9782951f5a082;60;krpocesshacker.sys - KProcessHacker - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
d94f2fb3198e14bfe69b44fb9f00f2551f7248b2;60;NTIOLib.sys - NTIOLib - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
d979353d04bf65cc92ad3412605bc81edbb75ec2;60;Agent64.sys - DriverAgent Direct I/O for 64-bit Windows - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
d9c09dd725bc7bc3c19b4db37866015817a516ef;60;NTIOLib.sys - NTIOLib - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
da9cea92f996f938f699902482ac5313d5e8b28e;60;OpenLibSys.sys - OpenLibSys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
dc0e97adb756c0f30b41840a59b85218cbdd198f;60;HwOs2Ec10x64.sys - HwOs2Ec - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
dc55217b6043d819eadebd423ff07704ee103231;60;BS_I2c64.sys - I/O Interface driver file - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
dc55217b6043d819eadebd423ff07704ee103231;60;BS_I2cIo.sys - I/O Interface driver file - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
dc7b022f8bd149efbcb2204a48dce75c72633526;60;CITMDRV_IA64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
ddbe809b731a0962e404a045ab9e65a0b64917ad;60;Dh_Kernel_10.sys - dianhu - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
de6bf572d39e2611773e7a01f0388f84fb25da6cba2f1f8b9b36ffba467de6fa;60;WYProxy32.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
dec8a933dba04463ed9bb7d53338ff87f2c23cfb79e0e988449fc631252c9dcc;60;b4.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
dfaefd06b680f9ea837e7815fc1cc7d1f4cc375641ac850667ab20739f46ad22;60;windows-xp-64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
e039c9dd21494dbd073b4823fc3a17fbb951ec6c;60;asrdrv104.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
e09b5e80805b8fe853ea27d8773e31bff262e3f7;60;dbutil.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
e22495d92ac3dcae5eeb1980549a9ead8155f98a;60;magdrvamd64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
e35a2b009d54e1a0b231d8a276251f64231b66a3;60;NTIOLib.sys - NTIOLib - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
e3c1dd569aa4758552566b0213ee4d1fe6382c4b;60;dbutil.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
e4436c8c42ba5ffabd58a3b2256f6e86ccc907ab;60;fiddrv64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
e5021a98e55d514e2376aa573d143631e5ee1c13;60;asrdrv104.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
e6305dddd06490d7f87e3b06d09e9d4c1c643af0;60;MsIo32.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
e6765d8866cad6193df1507c18f31fa7f723ca3e;75;Sense5Ext.sys - Sense5 Driver - malicious - https://github.com/magicsword-io/LOLDrivers
e74b6dda8bc53bc687fc21218bd34062a78d8467;60;netfilterdrv.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
e83458c4a6383223759cd8024e60c17be4e7c85f;60;BS_Flash64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
e92817a8744ebc4e4fa5383cdce2b2977f01ecd4;60;GVCIDrv64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
ea360a9f23bb7cf67f08b88e6a185a699f0c5410;60;bandai.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
ea877092d57373cb466b44e7dbcad4ce9a547344;60;CITMDRV_IA64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
eb93d2f564fea9b3dc350f386b45de2cd9a3e001;60;fidpcidrv64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
ec4cc6de4c779bb1ca1dd32ee3a03f7e8d633a9b;60;NTIOLib.sys - NTIOLib for MSIClock_CC - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
ecb4d096a9c58643b02f328d2c7742a38e017cf0;60;CITMDRV_IA64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
eeff4ec4ebc12c6acd2c930dc2eaaf877cfec7ec;60;fidpcidrv.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
ef80da613442047697bec35ea228cde477c09a3d;60;Monitor_win10_x64.sys - IObit Temperature Monitor - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
f02af84393e9627ba808d4159841854a6601cf80;60;ALSysIO64.sys - ALSysIO - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
f052dc35b74a1a6246842fbb35eb481577537826;60;smep_namco.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
f0c463d29a5914b01e4607889094f1b7d95e7aaf;60;SysInfo.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
f18e669127c041431cde8f2d03b15cfc20696056;60;WinIo64B.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
f1c8c3926d0370459a1b7f0cf3d17b22ff9d0c7f;60;WinIO32B.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
f36a47edfacd85e0c6d4d22133dd386aee4eec15;60;WCPU.sys - ASUS TDE CPU Driver - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
f3cce7e79ab5bd055f311bb3ac44a838779270b6;60;AsrSetupDrv103.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
f3db629cfe37a73144d5258e64d9dd8b38084cf4;60;kEvP64.sys - PowerTool - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
f42f28d164205d9f6dab9317c9fecad54c38d5d2;60;Phymemx64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
f50c6b84dfb8f2d53ba3bce000a55f0a486c0e79;60;NTIOLib.sys - NTIOLib - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
f5696fb352a3fbd14fb1a89ad21a71776027f9ab;60;cpuz141.sys - CPUID Driver - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
f6f11ad2cd2b0cf95ed42324876bee1d83e01775;40;RTCore64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
f8886a9c759e0426e08d55e410b02c5b05af3c287b15970175e4874316ffaf13;60;NetFlt.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
f9519d033d75e1ab6b82b2e156eafe9607edbcfb;60;BS_Def64.sys - Default BIOS Flash Driver - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
f9feb60b23ca69072ce42264cd821fe588a186a6;60;CITMDRV_IA64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
faa870b0cb15c9ac2b9bba5d0470bd501ccd4326;60;81.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
fafa1bb36f0ac34b762a10e9f327dcab2152a6d0b16a19697362d49a31e7f566;60;WYProxy64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
fbf8b0613a2f7039aeb9fa09bd3b40c8ff49ded2;60;rwdrv.sys - RwDrv Driver - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
fcd615df88645d1f57ff5702bd6758b77efea6d0;60;LHA.sys - LHA - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
fcde5275ee1913509927ce5f0f85e6681064c9d2;60;AsIO64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
fcdfe570e6dc6e768ef75138033d9961f78045adca53beb6fdb520f6417e0df1;60;cpupress.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
fd33fb2735cc5ef466a54807d3436622407287e325276fcd3ed1290c98bd0533;60;nt5.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
fe10018af723986db50701c8532df5ed98b17c39;60;gdrv.sys - GIGABYTE Tools - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
fe1d909ab38de1389a2a48352fd1c8415fd2eab0;60;CITMDRV_IA64.sys - vulnerable driver - https://github.com/magicsword-io/LOLDrivers
FFF4F28287677CAABC60C8AB36786C370226588D;75;blacklotus_beta_driver_4.sys - malicious - https://github.com/magicsword-io/LOLDrivers
fff7ee0febb8c93539220ca49d4206616e15c666;60;BEDAISY.SYS - vulnerable driver - https://github.com/magicsword-io/LOLDrivers

03c8c9956938147bcc81a19e580ca8b5214e82829ec0494c22b0f59013ca22b2;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
06edb9f17a9007c8b6db6ee2fc240e88e238f06c7c983f987cd9be1b80010d04;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
09f2e41661cbbd714d22986fbb36a2b5764a5544c85f9875d227f6a26e1c8c8b;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
0ac2943abf5ef953b939247b74331fb2c437e405a81dd5569d9cff1d6183d53a;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
0dd832075d552da3d29b1ef471fc23b47c0d54b9fd1541935b23f1c5813da08c;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
0e5eb8d0bebf089a974bc0ca85d33d73f9a0bf72ed2a5e3a62a0387b51d509ce;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
0e99607b20d537497169c506c6893243d3f1bd5960505c1566bd97c0a741adfb;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
0ed1b0fae1a6e705d1b116d08b7184e0a2ee2a0e6b0c372ce69b40e9ef34579f;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
17864e719e9c61d84e29a3cedf2b63aeaecfc10867211efc3077dd216b0a4965;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
1e918f170a796b4b0b1400bb9bdae75be1cf86705c2d0fc8fb9dd0c5016b933b;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
24558c1cb417b6387e2406c70ff13f5438506e8d7560dd7b226499c872c8076f;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
24d6b301a1268ba8b373275981538855205eb0115609800f2b5b95377483b108;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
2df05c41acc56d0f4c9371da62ec6cb311c9afb84b4a4d8c3738583ccc874d38;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
2f871712447dde7c3552f5aa90a2292821c6f32d92788e00dee8566f8d4de209;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
338b89190177e950151a198823fd9d5f4ea25c1faf73e56ca5d9cf69d373fd66;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
3c430c719c9053a74d74dcc5e52b40d10f109db1dc9458a05a7a413b86a93467;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
3d23947c39680b9fcf22b092b97c9d38edcc02f7ad13d3a925d1ee0b62797e73;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
3f8f266488f3b888eb77b8df43582fa8124366b7d0670ed78926410f9c9f411f;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
45ec69179be0f20088f10be909fc8b6104f85607db0a556482fee9384eb4d52b;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
475552c7476ad45e42344eee8b30d44c264d200ac2468428aa86fc8795fb6e34;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
4b2bd93b32de4be7235c95c97af98e12bed5f0602b7b428700f9a1348cb2f731;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
4e371dd0448f1de869ee087b59ff88d11865463715272bcc6c29b0d5e21dbd82;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
50484376441815f7f85aa294290a9b6072a6a9e8feae79447c5c4de855c5a3d3;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
5156a8ae596c06692aef13ac6524c7f1e20d52e4ea0f5a5ad43a6874edcc5e1f;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
52febd655c84f4557de0ca35a236d468c03fa3bd0f51f54c31b37db29673da3f;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
537b428a0ad622765010c4405c1603ff464fcbb24ae4c2fbf559a10b8ea4593d;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
561d28e0888cdb0a8fce41754742aa8eb1bf5c8dd4eacbf9af0f40e0d36013c2;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
56f9e50da4817b1de9d9291eb5f2bc63703ca3e6f4a8571bde28cf756e2c80ba;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
599a102b6445fa88392b8c85a31d80ece950624219d846affbfb7131d4bf550b;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
62c6affbee1ba9a0435562db6e092a5018effeed0bd0f1d0494f34ce6cd403e9;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
67fe6b4b726451375e2dc3f87a0954cd01083fb4d8f4fb074bf699536450af04;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
6a6f1c13eefcba07c0fc8aa0b70ab6fe2bc709a9eaf83090b735fec8e0dd576b;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
6b6e59284750fc0e6fac4d6c2a46100e9b0dde54e000b7327edd4a4dced9e9a0;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
6e79e3d0580d244c2fc2179a4f08cb80f945ad33d8c4c325de4e35e0d41584c5;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
702a10fa1541869f455143ed00425e4e9b2d533c3b639259bde6aac97eca15ed;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
754952ff4187789c0269982d056f6a863409963f46d870c0a8d054e0fe69857b;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
777adc7e8a3e1422b3fc9c10ce31e996c057fe801a5292f0902bd5c5365e7287;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
7b5dfe4f9e4ee68e3cdd9c91bcae26db334d49ae4c1f9525cecd834de48df110;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
8310f47ba34eb1aca146a5bdb8b59138173e659fbeb57a4c89355d8c54930b6b;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
84e680f95cd31db85663a5482a68778dd236503d88e8a6d8e3c4a6c9ba201102;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
8844d9b3aea1568a7ff298e6dc12564c422dafae6510db377454ca6072861dde;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
899afe09e356003605b30dc209a5ba4ef6910baef23fac268bcac6db3cfee98d;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
8e8addb29426d845a0101c2c1f26c2e7fe8c78128ab04f16cfcb4e06461b0101;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
953a7719b50073e701730fcff79b2fee7054c72c54d1f0b0f2571d3ce7fdb925;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
98acba206e9f3843a4a7e07c66ead4366fbe7976653b65ed0c311d4efae878ab;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
9be93e365a8240a03b05db26684b708b46d7585be325a3e22170cd5b324e0cb0;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
9d61099de8327efeff7e4aea81d9f3396a2218e6b22e15d05032a765897c0eba;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
a1111555bfde8807746c8af73deceb4bdadc52dee87004e2ad7239c038687985;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
a120f42de7b5bfcb55c40afc857b6baf4d1ac60725500c27a5b2942bda970ccf;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
a80b37c9749d6f2c2fdf64922a3142eb0fd63c72fd2989d7e75dcb4be367299a;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
a9f6c38c2608d6f36f246e74a9fd17e915c89e54eafa2281b8ace86133df22b3;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
aa6f27b8b2ca5826f497362042c003b5e1d7ca22383d82730fbc5c45e048d839;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
aef3e0a113345c1adca2d627c5853a11ddfc4e0e07fd28c10049a9b766c0fbc5;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
b06dc8f3de1e7e5a53dc7ad0f8028f78a843df54884b4a92bcec21071f0e649b;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
c3d65e174d47d3772cb431ea599bba76b8670bfaa51081895796432e2ef6461f;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
c4b5797189521611b809720ed9c4734f1dec8a2ee2597781ffe438f652a58ce5;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
c7d9dab91b726dea5abaa893d8f60bd4795f489894044dc56a9d3aad9cc49740;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
cc5c7db3068d99d6271fb38ab15b78c633c92249c4d783db0cdae2b918e97969;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
d0eb15fe822c6239a8bb2b42fbc035d0956c72ac6fbd1429c1ab7f7e348b8f94;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
d57f40a0e9018765cd79393a0d57d8e6d6d880d93b95fa57cedbda5a0b4a1ae3;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
d809eddc88a14239e8a069fa71f81f3e4af4dc293f7575d71d597c80f8767816;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
d92b8ac828b827e4e5b9e9aeb02676783cdb1884f42194823769ccf033a7b9c5;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
df4e1cf6eaf602f99849ddb6802bd91fb13cd5c3f9fb420250d8a3d750642efa;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
e352109145416e3b61dcf5e09492d24410828121e7d74c08ce0d3157b45a0831;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
e50f1f1e9fb9198e5b094773d1d0068cc1cb1987d06583abaca20adc1f8932a9;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
e6cb6a3dcbd85954e5123759461198af67658aa425a6186ffc9b57b772f9158f;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
ee39a9a3fbde8b15ce4ac34519e248ea746a52ae0ae680da5b0c7ef919e583a3;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
ef43b4b4a755494b10b7431527aead697feab6fa48cf4684cca4fb5b8cd09035;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
f88e92940985413acd440daa20c08df99c54613636826d9d95b898d39c44b19b;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
f8e2a41c0444d7da76fc1682f3eb7e2a90140e1b68b413f4426bac357cbe14bb;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
fb5eebcd4100593a1b2890267037b7701c83f32c284b99908ff1c34d5693bfc2;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449
ff9f39869baafa17592820f7f5cf101b15a8423831abfa97c89cf193cdd98e89;UEFI BIOS revocation list - https://twitter.com/m_haggis/status/1654570708029288449

2413b5d0750c23b07999ec33a5b4930be224b661aaf290a0118db803f31acbc5;MOVEit Transfer exploitation - dropped ASPX web shell https://www.trustedsec.com/blog/critical-vulnerability-in-progress-moveit-transfer-technical-analysis-and-recommendations/?utm_content=251159938&utm_medium=social&utm_source=twitter&hss_channel=tw-403811306
48367d94ccb4411f15d7ef9c455c92125f3ad812f2363c4d2e949ce1b615429a;MOVEit Transfer exploitation - dropped ASPX web shell https://www.trustedsec.com/blog/critical-vulnerability-in-progress-moveit-transfer-technical-analysis-and-recommendations/?utm_content=251159938&utm_medium=social&utm_source=twitter&hss_channel=tw-403811306
6015fed13c5510bbb89b0a5302c8b95a5b811982ff6de9930725c4630ec4011d;MOVEit Transfer exploitation - dropped ASPX web shell https://www.trustedsec.com/blog/critical-vulnerability-in-progress-moveit-transfer-technical-analysis-and-recommendations/?utm_content=251159938&utm_medium=social&utm_source=twitter&hss_channel=tw-403811306
702421bcee1785d93271d311f0203da34cc936317e299575b06503945a6ea1e0;MOVEit Transfer exploitation - dropped ASPX web shell https://www.trustedsec.com/blog/critical-vulnerability-in-progress-moveit-transfer-technical-analysis-and-recommendations/?utm_content=251159938&utm_medium=social&utm_source=twitter&hss_channel=tw-403811306
9d1723777de67bc7e11678db800d2a32de3bcd6c40a629cd165e3f7bbace8ead;MOVEit Transfer exploitation - dropped ASPX web shell https://www.trustedsec.com/blog/critical-vulnerability-in-progress-moveit-transfer-technical-analysis-and-recommendations/?utm_content=251159938&utm_medium=social&utm_source=twitter&hss_channel=tw-403811306
9e89d9f045664996067a05610ea2b0ad4f7f502f73d84321fb07861348fdc24a;MOVEit Transfer exploitation - dropped ASPX web shell https://www.trustedsec.com/blog/critical-vulnerability-in-progress-moveit-transfer-technical-analysis-and-recommendations/?utm_content=251159938&utm_medium=social&utm_source=twitter&hss_channel=tw-403811306
b1c299a9fe6076f370178de7b808f36135df16c4e438ef6453a39565ff2ec272;MOVEit Transfer exploitation - dropped ASPX web shell https://www.trustedsec.com/blog/critical-vulnerability-in-progress-moveit-transfer-technical-analysis-and-recommendations/?utm_content=251159938&utm_medium=social&utm_source=twitter&hss_channel=tw-403811306
c56bcb513248885673645ff1df44d3661a75cfacdce485535da898aa9ba320d4;MOVEit Transfer exploitation - dropped ASPX web shell https://www.trustedsec.com/blog/critical-vulnerability-in-progress-moveit-transfer-technical-analysis-and-recommendations/?utm_content=251159938&utm_medium=social&utm_source=twitter&hss_channel=tw-403811306
d49cf23d83b2743c573ba383bf6f3c28da41ac5f745cde41ef8cd1344528c195;MOVEit Transfer exploitation - dropped ASPX web shell https://www.trustedsec.com/blog/critical-vulnerability-in-progress-moveit-transfer-technical-analysis-and-recommendations/?utm_content=251159938&utm_medium=social&utm_source=twitter&hss_channel=tw-403811306
e8012a15b6f6b404a33f293205b602ece486d01337b8b3ec331cd99ccadb562e;MOVEit Transfer exploitation - dropped ASPX web shell https://www.trustedsec.com/blog/critical-vulnerability-in-progress-moveit-transfer-technical-analysis-and-recommendations/?utm_content=251159938&utm_medium=social&utm_source=twitter&hss_channel=tw-403811306
fe5f8388ccea7c548d587d1e2843921c038a9f4ddad3cb03f3aa8a45c29c6a2f;MOVEit Transfer exploitation - dropped ASPX web shell https://www.trustedsec.com/blog/critical-vulnerability-in-progress-moveit-transfer-technical-analysis-and-recommendations/?utm_content=251159938&utm_medium=social&utm_source=twitter&hss_channel=tw-403811306
0b3220b11698b1436d1d866ac07cc90018e59884e91a8cb71ef8924309f1e0e9;MOVEit Transfer exploitation - https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
110e301d3b5019177728010202c8096824829c0b11bb0dc0bff55547ead18286;MOVEit Transfer exploitation - https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
1826268249e1ea58275328102a5a8d158d36b4fd312009e4a2526f0bfbc30de2;MOVEit Transfer exploitation - https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
2ccf7e42afd3f6bf845865c74b2e01e2046e541bb633d037b05bd1cdb296fa59;MOVEit Transfer exploitation - https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
58ccfb603cdc4d305fddd52b84ad3f58ff554f1af4d7ef164007cb8438976166;MOVEit Transfer exploitation - https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
98a30c7251cf622bd4abce92ab527c3f233b817a57519c2dd2bf8e3d3ccb7db8;MOVEit Transfer exploitation - https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
a8f6c1ccba662a908ef7b0cb3cc59c2d1c9e2cbbe1866937da81c4c616e68986;MOVEit Transfer exploitation - https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
b5ef11d04604c9145e4fe1bedaeb52f2c2345703d52115a5bf11ea56d7fb6b03;MOVEit Transfer exploitation - https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
cec425b3383890b63f5022054c396f6d510fae436041add935cd6ce42033f621;MOVEit Transfer exploitation - https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
ed0c3e75b7ac2587a5892ca951707b4e0dd9c8b18aaf8590c24720d73aa6b90c;MOVEit Transfer exploitation - https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
0b3220b11698b1436d1d866ac07cc90018e59884e91a8cb71ef8924309f1e0e9;MOVEit Transfer exploitation - https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
110e301d3b5019177728010202c8096824829c0b11bb0dc0bff55547ead18286;MOVEit Transfer exploitation - https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
1826268249e1ea58275328102a5a8d158d36b4fd312009e4a2526f0bfbc30de2;MOVEit Transfer exploitation - https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
2ccf7e42afd3f6bf845865c74b2e01e2046e541bb633d037b05bd1cdb296fa59;MOVEit Transfer exploitation - https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
58ccfb603cdc4d305fddd52b84ad3f58ff554f1af4d7ef164007cb8438976166;MOVEit Transfer exploitation - https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
98a30c7251cf622bd4abce92ab527c3f233b817a57519c2dd2bf8e3d3ccb7db8;MOVEit Transfer exploitation - https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
a8f6c1ccba662a908ef7b0cb3cc59c2d1c9e2cbbe1866937da81c4c616e68986;MOVEit Transfer exploitation - https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
b5ef11d04604c9145e4fe1bedaeb52f2c2345703d52115a5bf11ea56d7fb6b03;MOVEit Transfer exploitation - https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
cec425b3383890b63f5022054c396f6d510fae436041add935cd6ce42033f621;MOVEit Transfer exploitation - https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
ed0c3e75b7ac2587a5892ca951707b4e0dd9c8b18aaf8590c24720d73aa6b90c;MOVEit Transfer exploitation - https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023

827d507aa3bde0ef903ca5dec60cdec8;Barracuda ESG exploitation - CVE-2023-2868 - mod_udp.so SALTWATER Variant https://www.barracuda.com/company/legal/esg-vulnerability
2ccb9759800154de817bf779a52d48f8;Barracuda ESG exploitation - CVE-2023-2868 - install_helo.tar TAR Package https://www.barracuda.com/company/legal/esg-vulnerability
f5ab04a920302931a8bd063f27b745cc;Barracuda ESG exploitation - CVE-2023-2868 - intent_helo Bash script https://www.barracuda.com/company/legal/esg-vulnerability
177add288b289d43236d2dba33e65956;Barracuda ESG exploitation - CVE-2023-2868 - pd Reverse Shell https://www.barracuda.com/company/legal/esg-vulnerability
881b7846f8384c12c7481b23011d8e45;Barracuda ESG exploitation - CVE-2023-2868 - update_v31.sh Bash script https://www.barracuda.com/company/legal/esg-vulnerability
cd2813f0260d63ad5adf0446253c2172;Barracuda ESG exploitation - CVE-2023-2868 - mod_require_helo.lua SEASIDE https://www.barracuda.com/company/legal/esg-vulnerability
82eaf69de710abdc5dea7cd5cb56cf04;Barracuda ESG exploitation - CVE-2023-2868 - BarracudaMailService SEASPY https://www.barracuda.com/company/legal/esg-vulnerability
e80a85250263d58cc1a1dc39d6cf3942;Barracuda ESG exploitation - CVE-2023-2868 - BarracudaMailService SEASPY https://www.barracuda.com/company/legal/esg-vulnerability
5d6cba7909980a7b424b133fbac634ac;Barracuda ESG exploitation - CVE-2023-2868 - BarracudaMailService SEASPY https://www.barracuda.com/company/legal/esg-vulnerability
1bbb32610599d70397adfdaf56109ff3;Barracuda ESG exploitation - CVE-2023-2868 - BarracudaMailService SEASPY https://www.barracuda.com/company/legal/esg-vulnerability
4b511567cfa8dbaa32e11baf3268f074;Barracuda ESG exploitation - CVE-2023-2868 - BarracudaMailService SEASPY https://www.barracuda.com/company/legal/esg-vulnerability
a08a99e5224e1baf569fda816c991045;Barracuda ESG exploitation - CVE-2023-2868 - BarracudaMailService SEASPY https://www.barracuda.com/company/legal/esg-vulnerability
19ebfe05040a8508467f9415c8378f32;Barracuda ESG exploitation - CVE-2023-2868 - BarracudaMailService SEASPY https://www.barracuda.com/company/legal/esg-vulnerability
1fea55b7c9d13d822a64b2370d015da7;Barracuda ESG exploitation - CVE-2023-2868 - mod_udp.so SALTWATER Variant https://www.barracuda.com/company/legal/esg-vulnerability
64c690f175a2d2fe38d3d7c0d0ddbb6e;Barracuda ESG exploitation - CVE-2023-2868 - mod_udp.so SALTWATER Variant https://www.barracuda.com/company/legal/esg-vulnerability
4cd0f3219e98ac2e9021b06af70ed643;Barracuda ESG exploitation - CVE-2023-2868 - mod_udp.so SALTWATER Variant https://www.barracuda.com/company/legal/esg-vulnerability

0245e7f9105253ecb30de301842e28e4;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
0805b523120cc2da3f71e5606255d29c;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
0c227990210e7e9d704c165abd76ebe2;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
0d67f50a0bf7a3a017784146ac41ada0;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
132a342273cd469a34938044e8f62482;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
17696a438387248a12cc911fbae8620e;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
177add288b289d43236d2dba33e65956;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
19e373b13297de1783cecf856dc48eb0;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
19ebfe05040a8508467f9415c8378f32;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
1b1830abaf95bd5a44aa3873df901f28;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
1bbb32610599d70397adfdaf56109ff3;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
1bc5212a856f028747c062b66c3a722a;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
1c042d39ca093b0e7f1412453b132076;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
1fea55b7c9d13d822a64b2370d015da7;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
23f4f604f1a05c4abf2ac02f976b746b;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
2ccb9759800154de817bf779a52d48f8;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
2d841cb153bebcfdee5c54472b017af2;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
2e30520f8536a27dd59eabbcb8e3532a;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
349ca242bc6d2652d84146f5f91c3dbb;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
35cf6faf442d325961935f660e2ab5a0;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
3b93b524db66f8bb3df8279a141734bb;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
3c20617f089fe5cc9ba12c43c6c072f5;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
3e3f72f99062255d6320d5e686f0e212;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
407738e565b4e9dafb07b782ebcf46b0;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
42722b7d04f58dcb8bd80fe41c7ea09e;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
436587bad5e061a7e594f9971d89c468;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
446f3d71591afa37bbd604e2e400ae8b;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
45b79949276c9cb9cf5dc72597dc1006;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
4b511567cfa8dbaa32e11baf3268f074;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
4c1c2db989e0e881232c7748593d291e;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
4ca4f582418b2cc0626700511a6315c0;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
4cd0f3219e98ac2e9021b06af70ed643;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
4ec4ceda84c580054f191caa09916c68;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
5392fb400bd671d4b185fb35a9b23fd3;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
5d6cba7909980a7b424b133fbac634ac;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
5fdee67c82f5480edfa54afc5a9dc834;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
64c690f175a2d2fe38d3d7c0d0ddbb6e;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
666da297066a2596cacb13b3da9572bf;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
683acdb559bbc7fb64431d1f579a8104;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
694cdb49879f1321abb4605adf634935;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
69ef9a9e8d0506d957248e983d22b0d5;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
6f79ef58b354fd33824c96625590c244;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
76811232ede58de2faf6aca8395f8427;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
7d7fd05b262342a9e8237ce14ec41c3b;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
827d507aa3bde0ef903ca5dec60cdec8;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
82eaf69de710abdc5dea7cd5cb56cf04;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
831d41ba2a0036540536c2f884d089f9;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
85c5b6c408e4bdb87da6764a75008adf;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
87847445f9524671022d70f2a812728f;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
878cf1de91f3ae543fd290c31adcbda4;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
881b7846f8384c12c7481b23011d8e45;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
8fc03800c1179a18fbd58d746596fa7d;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
8fdf3b7dc6d88594b8b5173c1aa2bc82;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
9033dc5bac76542b9b752064a56c6ee4;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
a08a99e5224e1baf569fda816c991045;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
a45ca19435c2976a29300128dc410fd4;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
ac4fb6d0bfc871be6f68bfa647fc0125;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
ad1dc51a66201689d442499f70b78dea;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
b601fce4181b275954e3f35b18996c92;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
ba7af4f98d85e5847c08cf6cefdf35dc;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
be5b6b52780d35f1392f45d96beb868c;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
bef722484288e24258dd33922b1a7148;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
c528b6398c86f8bdcfa3f9de7837ebfe;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
c56d7b86e59c5c737ee7537d7cf13df1;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
c7a89a215e74104682880def469d4758;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
c979e8651c1f40d685be2f66e8c2c610;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
cb0f7f216e8965f40a724bc15db7510b;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
cd2813f0260d63ad5adf0446253c2172;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
ce67bb99bc1e26f6cb1f968bc1b1ec21;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
d098fe9674b6b4cb540699c5eb452cb5;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
db4c48921537d67635bb210a9cb5bb52;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
e4e86c273a2b67a605f5d4686783e0cc;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
e52871d82de01b7e7f134c776703f696;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
e80a85250263d58cc1a1dc39d6cf3942;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
f5ab04a920302931a8bd063f27b745cc;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
f6857841a255b3b4e4eded7a66438696;Barracuda ESG exploitation - UNC4841 IOCs https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally


cdf7fa901701ea1ef642aeb271c70361;UA-CERT Turla IOCs localhost.mof https://cert.gov.ua/article/5213167
153b713b3c6e642f39993d65ab33c5f0;UA-CERT Turla IOCs Pending.mof https://cert.gov.ua/article/5213167
9ececb4acbf692c2a8ea411f2e7dd006;UA-CERT Turla IOCs Server.dll https://cert.gov.ua/article/5213167
5c7466a177fcaad2ebab131a54c28fab;UA-CERT Turla IOCs Control.dll https://cert.gov.ua/article/5213167
b63c2ec9a631e0217d39c4a43527a0ce;UA-CERT Turla IOCs login.aspx  https://cert.gov.ua/article/5213167
420b7dc391f2cb0a9a684c1c48c334e2;UA-CERT Turla IOCs logon https://cert.gov.ua/article/5213167
491e462bf1213fede82925dea5df8fff;UA-CERT Turla IOCs logon https://cert.gov.ua/article/5213167
9dd2bea4f2df8d3ef51dc10c6db2e07a;UA-CERT Turla IOCs SYNC https://cert.gov.ua/article/5213167
8c56c22343853d3797037bdac2cec6c7;UA-CERT Turla IOCs wp-file-s  https://cert.gov.ua/article/5213167
17402fc21c7bafae2c1a149035cd0835;UA-CERT Turla IOCs Control.dll https://cert.gov.ua/article/5213167
d3065b4b1e8f6ecb63685219113ff0b8;UA-CERT Turla IOCs Control.dll https://cert.gov.ua/article/5213167
5210b3d85fd0026205baee2c77ac0acd;UA-CERT Turla IOCs two.exe https://cert.gov.ua/article/5213167
4065e647380358d22926c24a63c26ac4;UA-CERT Turla IOCs Config.dat  https://cert.gov.ua/article/5213167
11a289347b95aab157aa0efe4a59bf24;UA-CERT Turla IOCs Senatorial.ex https://cert.gov.ua/article/5213167
cba1f4c861240223332922d2913d18e5;UA-CERT Turla IOCs 1.ps1  https://cert.gov.ua/article/5213167
65102299bf8d7f0129ebbcb08a9c2d98;UA-CERT Turla IOCs messagee https://cert.gov.ua/article/5213167

c0b42bbd06d6e25dfe8faebd735944714b421388;NCSC-NO observed the following webshell hash https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-213a
1cd358d28b626b7a23b9fd4944e29077c265db46;NCSC-NO observed the following hash of mi.war https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-213a

7cdee5a583eacf24b1f142413aabb4e556ccf4ef3a4764ad084c1526cc90e117;FBI uninstaller for QBOT Takedown https://www.justice.gov/usao-cdca/divisions/national-security-division/qakbot-resources
fab408536aa37c4abc8be97ab9c1f86cb33b63923d423fdc2859eb9d63fa8ea0;FBI uninstaller for QBOT Takedown https://www.justice.gov/usao-cdca/divisions/national-security-division/qakbot-resources

cc21c77e1ee7e916c9c48194fad083b2d4b2023df703e544ffb2d6a0bfc90a63;Lockbit Citrixbleed IOCs https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-325a
ed5d694d561c97b4d70efe934936286fe562addf7d6836f795b336d9791a5c44;Lockbit Citrixbleed IOCs https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-325a

78a11835b48bbe6a0127b777c0c3cc102e726205f67afefcd82f073e56489e49;ScreenConnect Exploitation IOCs - Ransomware C:\Windows\TEMP\ScreenConnect\22.5.7881.8171\LB3.exe https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
8e51de4774d27ad31a83d5df060ba008148665ab9caf6bc889a5e3fba4d7e600;ScreenConnect Exploitation IOCs - Ransomware http[:]//23.26.137[.]225:8084/msappdata.msi c:\mpyutd.msi https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
2da975fee507060baa1042fb45e8467579abf3f348f1fd37b86bb742db63438a;ScreenConnect Exploitation IOCs - Ransomware UPX.exe https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
a50d9954c0a50e5804065a8165b18571048160200249766bfa2f75d03c8cb6d0;ScreenConnect Exploitation IOCs - Ransomware svchost.exe https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
ec49f5033374eb8f533e291111e1433e2da127f45857aebbbe614e711b3ca989;ScreenConnect Exploitation IOCs - Cryptocurrency Miner hxxps[://]transfer[.]sh/GElU1LmvbS/injcet.ps1 https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
0a492d89ea2c05b1724a58dd05b7c4751e1ffdd2eab3a2f6a7ebe65bf3fdd6fe;ScreenConnect Exploitation IOCs - Cobalt Strike hxxp[://]minish[.]wiki[.]gd/c[.]pdfC:\programdata\update[.]dat https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
6065fee2d0cb0dc7d0c0788e7e9424088e722dfcf9356d20844d7b2d75b20163;ScreenConnect Exploitation IOCs - Cobalt Strike C:\perflogs\RunSchedulerTaskOnce.ps1 https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
81b4a649a42a157facede979828095ccddcdf6cec47e8a3156530e0c02e9625e;ScreenConnect Exploitation IOCs - Cobalt Strike copy.exe https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
e8c48250cf7293c95d9af1fb830bb8a5aaf9cfb192d8697d2da729867935c793;ScreenConnect Exploitation IOCs - SimpleHelp RMM https[:]//cmctt.]com/pub/media/wysiwyg/sun.pngC:\Windows\spsrv.exe https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
37a39fc1feb4b14354c4d4b279ba77ba51e0d413f88e6ab991aad5dd6a9c231b;ScreenConnect Exploitation IOCs - SimpleHelp RMM cmctt[.]com/pub/media/wysiwyg/invoke.png	 https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
a0fd0ceb95e775a48a95c00eab42fa5bb170f552005c38812fd03ab4cc14932e;ScreenConnect Exploitation IOCs - SimpleHelp RMM C:\\Users\\oldadmin\\Documents\\Maxx Uptime remote connection\\Files\\agent.exe	 https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
2e0df44dd75dbdbd70f1a777178ad8a1867cf0738525508b6120ba21f4505f47;ScreenConnect Exploitation IOCs - SimpleHelp RMM C:\\ProgramData\\JWrapper-Remote Access\\JWAppsSharedConfig\\serviceconfig.xml	 https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
69c7fc246c4867f070e1a7b80c7c41574ee76ab54a8b543a1e0f20ce4a0d5cde;ScreenConnect Exploitation IOCs - SSH Script d https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
aa9f5ed1eede9aac6d07b0ba13b73185838b159006fa83ed45657d7f333a0efe;ScreenConnect Exploitation IOCs - SSH Script Z.zip https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
6e8f83c88a66116e1a7eb10549542890d1910aee0000e3e70f6307aae21f9090;ScreenConnect Exploitation IOCs - Beacon driver.dll https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708

656e22c65bf7c04d87b5afbe52b8d800;perfctl IOCs https://www.aquasec.com/blog/perfctl-a-stealthy-malware-targeting-millions-of-linux-servers/
6e7230dbe35df5b46dcd08975a0cc87f;perfctl IOCs https://www.aquasec.com/blog/perfctl-a-stealthy-malware-targeting-millions-of-linux-servers/
835a9a6908409a67e51bce69f80dd58a;perfctl IOCs https://www.aquasec.com/blog/perfctl-a-stealthy-malware-targeting-millions-of-linux-servers/
cf265a3a3dd068d0aa0c70248cd6325d;perfctl IOCs https://www.aquasec.com/blog/perfctl-a-stealthy-malware-targeting-millions-of-linux-servers/
da006a0b9b51d56fa3f9690cf204b99f;perfctl IOCs https://www.aquasec.com/blog/perfctl-a-stealthy-malware-targeting-millions-of-linux-servers/
ba120e9c7f8896d9148ad37f02b0e3cb;perfctl IOCs https://www.aquasec.com/blog/perfctl-a-stealthy-malware-targeting-millions-of-linux-servers/