Copyright © @RedDrip (https://ti.qianxin.com/)
Here are indicators of compromise (IOCs) collected from public resources and our own investigations. Details include sample hash, file type, malware family, as well as first seen and file name from VirusTotal in format below:
Hash | Type | Family | Frist_Seen | Name |
---|---|---|---|---|
8e2b5b95980cf52e99acfa95f5e1570b | Win32 DLL | 2019-11-11 15:22:00 | C:\Users<USER>\AppData\Local\Temp~$doc-ad9b812a-88b2-454c-989f-7bb5fe98717e.ole | |
3c3b2cc9ff5d7030fb01496510ac75f2 | DOC | 2019-11-11 11:13:02 | ?-????2019?????????????????.doc | |
3a8c80d73f9beebd828c3aa172c747fa | RAR | 2019-11-07 01:23:39 | Noi dung don cau cuu.rar | |
82990e2c0432e579a00ab1f75da0dd65 | TXT | 2019-10-26 11:05:08 | lang.ps1 | |
a87ada040f7250b59910345ee0b339b4 | RAR | 2019-10-23 09:20:16 | Thu moi.rar | |
dbdbcd220475678c4becdc57a9233e20 | Win32 EXE | 2019-10-18 07:28:19 | AcroRd32.exe | |
e7de9a64266f07168def534852349957 | RAR | Kryptik | 2019-09-16 00:18:57 | Don khieu nai.rar |
90c66c76095ef1ad5a79e63a544c1bba | Win32 DLL | Kryptik | 2019-09-13 06:02:21 | 123456 |
We will keep updating this project and hope this could help the security community to fight against malware and targeted attack.
If you find an error, please contact us at [email protected] and we’ll try to improve the IOCs.
2019/12/04 Update_log:
Groupname | Total | Update | data |
---|---|---|---|
Aggah | 72 | 72 | 2019/12/04 |
APT-C-01 | 65 | 65 | 2019/12/04 |
APT-C-15 | 8 | 8 | 2019/12/04 |
APT-C-23 | 369 | 369 | 2019/12/04 |
APT-C-27 | 98 | 98 | 2019/12/04 |
APT-C-36 | 117 | 117 | 2019/12/04 |
APT-C-37 | 63 | 63 | 2019/12/04 |
APT1 | 3 | 3 | 2019/12/04 |
APT10 | 667 | 667 | 2019/12/04 |
APT15 | 42 | 42 | 2019/12/04 |
APT16 | 3 | 3 | 2019/12/04 |
APT17 | 2993 | 2993 | 2019/12/04 |
APT19 | 2 | 2 | 2019/12/04 |
APT23 | 27 | 27 | 2019/12/04 |
APT27 | 90 | 90 | 2019/12/04 |
APT28 | 686 | 686 | 2019/12/04 |
APT29 | 410 | 410 | 2019/12/04 |
APT3 | 11 | 11 | 2019/12/04 |
APT33 | 74 | 74 | 2019/12/04 |
APT34 | 115 | 115 | 2019/12/04 |
APT37 | 143 | 143 | 2019/12/04 |
APT40 | 21 | 21 | 2019/12/04 |
APT41 | 30 | 30 | 2019/12/04 |
Attor | 12 | 12 | 2019/12/04 |
Bisonal | 6 | 6 | 2019/12/04 |
BITTER | 194 | 194 | 2019/12/04 |
Blackgear | 267 | 267 | 2019/12/04 |
BlackOasis | 1 | 1 | 2019/12/04 |
BlackTech | 359 | 359 | 2019/12/04 |
BlueMushroom | 27 | 27 | 2019/12/04 |
Bookworm | 20 | 20 | 2019/12/04 |
Buhtrap | 27 | 27 | 2019/12/04 |
C-Major | 408 | 408 | 2019/12/04 |
Calypso | 22 | 22 | 2019/12/04 |
CARROTBAT | 53 | 53 | 2019/12/04 |
Chafer | 18 | 18 | 2019/12/04 |
Charming Kitten | 40 | 40 | 2019/12/04 |
ChessMaster | 5 | 5 | 2019/12/04 |
ChinaZ | 17 | 17 | 2019/12/04 |
Cobalt Group | 98 | 98 | 2019/12/04 |
Cold River | 3 | 3 | 2019/12/04 |
Confucius | 121 | 121 | 2019/12/04 |
CopyKittens | 47 | 47 | 2019/12/04 |
CRASHOVERRIDE | 9 | 9 | 2019/12/04 |
Dark Caracal | 24 | 24 | 2019/12/04 |
Dark Tequila | 2 | 2 | 2019/12/04 |
Darkhotel | 382 | 382 | 2019/12/04 |
DarkHydrus | 43 | 43 | 2019/12/04 |
DEADLYKISS | 5 | 5 | 2019/12/04 |
Domestic Kitten | 37 | 37 | 2019/12/04 |
Donot | 317 | 317 | 2019/12/04 |
DustSquad | 16 | 16 | 2019/12/04 |
El Machete | 208 | 208 | 2019/12/04 |
Energetic Bear | 30 | 30 | 2019/12/04 |
Equation Group | 45 | 45 | 2019/12/04 |
EvilGnome | 3 | 3 | 2019/12/04 |
FIN6 | 56 | 56 | 2019/12/04 |
FIN7 | 531 | 531 | 2019/12/04 |
Gallmaker | 15 | 15 | 2019/12/04 |
Gamaredon Group | 232 | 232 | 2019/12/04 |
GlassRAT | 3 | 3 | 2019/12/04 |
Golden Chickens | 16 | 16 | 2019/12/04 |
Gorgon | 1046 | 1046 | 2019/12/04 |
Gravityrat | 15 | 15 | 2019/12/04 |
GreyEnergy | 35 | 35 | 2019/12/04 |
HackingTeam | 37 | 37 | 2019/12/04 |
Hades | 73 | 73 | 2019/12/04 |
Hellsing | 84 | 84 | 2019/12/04 |
HEXANE | 1 | 1 | 2019/12/04 |
HexCode | 7 | 7 | 2019/12/04 |
Higaisa | 54 | 54 | 2019/12/04 |
Honeybee | 26 | 26 | 2019/12/04 |
IceFog | 116 | 116 | 2019/12/04 |
Inception Framework | 5 | 5 | 2019/12/04 |
INDRIK SPIDER | 8 | 8 | 2019/12/04 |
Infy group | 196 | 196 | 2019/12/04 |
Iron Group | 15 | 15 | 2019/12/04 |
Kimsuky | 160 | 160 | 2019/12/04 |
KingSqlZ | 7 | 7 | 2019/12/04 |
KONNI | 108 | 108 | 2019/12/04 |
Kulak | 3 | 3 | 2019/12/04 |
Lazarus Group | 1456 | 1456 | 2019/12/04 |
Leafminer | 38 | 38 | 2019/12/04 |
leetMX | 2 | 2 | 2019/12/04 |
Longhorn | 49 | 49 | 2019/12/04 |
LUNAR SPIDER | 2 | 2 | 2019/12/04 |
MageCart | 51 | 51 | 2019/12/04 |
MartyMcFly | 5 | 5 | 2019/12/04 |
Matryoshka | 18 | 18 | 2019/12/04 |
Metamorfo | 30 | 30 | 2019/12/04 |
MM CORE | 22 | 22 | 2019/12/04 |
Mofang | 36 | 36 | 2019/12/04 |
Molerats | 513 | 513 | 2019/12/04 |
MoneyTaker | 12 | 12 | 2019/12/04 |
MuddyWater | 253 | 253 | 2019/12/04 |
Mustang Panda | 16 | 16 | 2019/12/04 |
NARWHAL SPIDER | 3 | 3 | 2019/12/04 |
NotPetya | 1 | 1 | 2019/12/04 |
OceanLotus | 965 | 965 | 2019/12/04 |
OilRig | 64 | 64 | 2019/12/04 |
Operation Dustysky | 22 | 22 | 2019/12/04 |
Operation Ghoul | 20 | 20 | 2019/12/04 |
Orangeworm | 8 | 8 | 2019/12/04 |
Outlaw | 7 | 7 | 2019/12/04 |
Pacha Group | 13 | 13 | 2019/12/04 |
PatchWork | 1149 | 1149 | 2019/12/04 |
PINCHY SPIDER | 8 | 8 | 2019/12/04 |
PKPLUG | 432 | 432 | 2019/12/04 |
PowerPool | 5 | 5 | 2019/12/04 |
PowerSniff | 18 | 18 | 2019/12/04 |
projectsauron | 29 | 29 | 2019/12/04 |
PROMETHIUM | 92 | 92 | 2019/12/04 |
PUSIKURAC | 2 | 2 | 2019/12/04 |
RANCOR | 44 | 44 | 2019/12/04 |
Red Signature | 10 | 10 | 2019/12/04 |
RedAlpha | 16 | 16 | 2019/12/04 |
Roma225 | 3 | 3 | 2019/12/04 |
Rover | 7 | 7 | 2019/12/04 |
Ryuk | 3 | 3 | 2019/12/04 |
Sandworm | 3 | 3 | 2019/12/04 |
Scarlet Mimic | 73 | 73 | 2019/12/04 |
SEA | 7 | 7 | 2019/12/04 |
ShadowHammer | 48 | 48 | 2019/12/04 |
Shamoon 3 | 19 | 19 | 2019/12/04 |
Sidewinder | 67 | 67 | 2019/12/04 |
Silence | 101 | 101 | 2019/12/04 |
Slingshot | 4 | 4 | 2019/12/04 |
Snake Wine | 45 | 45 | 2019/12/04 |
SocketPlayer | 13 | 13 | 2019/12/04 |
Sowbug | 4 | 4 | 2019/12/04 |
Suckfly | 6 | 6 | 2019/12/04 |
SWEED | 14 | 14 | 2019/12/04 |
TA505 | 890 | 890 | 2019/12/04 |
TA555 | 16 | 16 | 2019/12/04 |
Taidoor | 11 | 11 | 2019/12/04 |
TajMahal | 1 | 1 | 2019/12/04 |
TH-163 | 3 | 3 | 2019/12/04 |
Thrip | 104 | 104 | 2019/12/04 |
Tick | 58 | 58 | 2019/12/04 |
TOOHASH | 41 | 41 | 2019/12/04 |
Tortoiseshell | 17 | 17 | 2019/12/04 |
TRITON | 16 | 16 | 2019/12/04 |
TurkHackTeam | 11 | 11 | 2019/12/04 |
Turla | 282 | 282 | 2019/12/04 |
Unit 8200 | 8 | 8 | 2019/12/04 |
Urpage | 139 | 139 | 2019/12/04 |
White Company | 16 | 16 | 2019/12/04 |
WindShift | 9 | 9 | 2019/12/04 |
WIRTE | 7 | 7 | 2019/12/04 |
xHunt | 5 | 5 | 2019/12/04 |
ZooPark | 43 | 43 | 2019/12/04 |