Switch branches/tags
Nothing to show
Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
..
Failed to load latest commit information.
README.adoc

README.adoc

Investimer — Indicators of compromise

Details of the Investimer’s activity are described at https://news.drweb.com/show/?lng=en&i=12886

Samples

All hashes are SHA1

ACRUX

1cc4f2c62293be47c46e1e77cb8903498893b679 - Trojan.BtcMine.3035
588637a1d4a3c204372159e65bad0be84b41f9aa - Trojan.BtcMine.3040
66b5833195bfde7c50c80617c083f6ee685b30c8 - Trojan.BtcMine.3041
7e5d94746386af8cbe6c550b6ffcf6f4bc06f42c - Trojan.BtcMine.3034
d91d3bda7d0ad320f26e8cbe34fe5d57464caf34 - Trojan.Packed.193
df1ecdae40cfb7b040e41f6b2529be2a942e48df - Trojan.BtcMine.3037
e4596f292b96f97d9de2eb2aed7ef7ab3ec10f99 - Trojan.Packed.193
e72fe063ce180b8f07240aed53b22a1bc47a29a6 - Trojan.BtcMine.3031

Arkei

04c58a62a858bd8ffe578d84fdd1bc57d7a62cab - Trojan.Inject3.10256
0f30fdb27377c614b7835a3b710a7d6133510541 - Trojan.PWS.Stealer.24676
12c24fdff1159004895c3c5d08222df4bc541a2d - Trojan.Siggen7.42576
1e1cb44c157753a7fa293e3d5f840fa6ce9b9d35 - Trojan.Packed2.41319
1e9d25d0bb1cf8ab9a47cd0d51e57f9ce28dee57 - Trojan.PWS.Stealer.24572
25edc63b6d7ae026a25ebd6c2122896d8c148d09 - Trojan.Siggen7.42576
36d2475a9891d0b31f924523ff5df4d374f8ec87 - Trojan.Siggen7.42576
3cbd578f2bc8a86c0f1d21dc5b38f6310b1a140e - Trojan.Siggen7.42576
4351ff797d237cdf8e37ad5fd842171991df1efd - Trojan.Siggen7.42576
4f3d6e15d501b9a4ea0f57475328e8d09671b6d5 - Trojan.PWS.Stealer.24676
5283991b787439835e4579fd00cb243611ff3045 - Trojan.Inject3.9331
53b665a73bd2664a4aeee08806f92bd259633f7b - Trojan.PWS.Stealer.24442
6a0c93fef3e0aceb5c41ca719ee83023f971a711 - Trojan.PWS.Stealer.24442
7ef62997767fd718b761d32f1ec4040f6d54fab7 - Trojan.Inject3.10256
81ff86e9d5af7fddeb55857cda50f0c9f2ad23d4 - Trojan.Siggen7.42576
8235f89c3eeb25746ada70da92585bd52de786a9 - Trojan.PWS.Stealer.24603
8e62074b1f77b66fc8559eda72f993279f0224c3 - Trojan.Packed2.41278
b7fd0411ec91d13d7270d4dfb0db28440e7260a0 - Trojan.Siggen7.42576
dd4f13b04ccf460b1b535cb8c255b5d47efe1985 - Trojan.Siggen7.42576

AZORult

289ca2f2cfd0e131773bf6d56e69978f5a8350a0 - Trojan.PWS.Stealer.23950
9929f2a71138960153c190c06bc2e7982d8c141d - Trojan.Inject3.9331
c3c758a65499b508597df621040fff3c0b00a047 - Trojan.Packed2.41281

Eredel

038250f585b4062b1d3feb4f6d609fe18355222d - Trojan.Packed2.41182
049759dc910d719328ccdb181f6cd69b24a01110 - Trojan.Packed2.41182
0eba752daa92ee359d19e0435ee51a690666f4c2 - Trojan.Packed2.41182
558d67308c78e6f71784fb1a8f16e088fb247de0 - Trojan.Packed2.41182
5bc04c8e245b4b9cdbbe91939e6b32e821cfdda0 - Trojan.Packed2.41182
5caf3e859d65630e2b69fb3f0d686adf74f094db - Trojan.Packed2.41182
63ece1388932e9be2ef74e8504675ed75dede914 - Trojan.Packed2.41182
7bf6ab15e667e3671157eb1b80e227a572b50000 - Trojan.Packed2.41182
b044fd5874c4281327b1f72b0db52c0b2cfd4931 - Trojan.Inject3.10256
dad095dd7127a219c1dbdebe8f33a2361eeacbf5 - Trojan.Packed2.41182
f152a97842e0dd87a403aad118ae78648a7721ef - Trojan.Packed2.41182
f7e0d406d03e05d5e4fc25c5ac2fb3fd66c39c17 - Trojan.PWS.Stealer.24604

Kpot

1270b4091691e03e495f9ae9cca94b3bb1f9ad78 - Trojan.PWS.Stealer.24575
720f10909bac57097b6380a43186236c82d99f56 - Trojan.PWS.Stealer.24652
781a269dd64c0b061e110b71948651dbcf5a5d5c - Trojan.PWS.Stealer.24325
e637367a315faefb506e97368887a0c18a50f5d5 - Trojan.PWS.Stealer.24653

Kratos

36ee19ae11c5a6fc34a38e170de09ff06295acb8 - Trojan.Packed2.41161
741f9714294c12d69eb898a0db10cef8765fd5aa - Trojan.PWS.Stealer.23849

N0F1L3

002e913acfbfc055690dff24aca6fef42a2f64dd - Trojan.PWS.Stealer.23208
32b512a46dadc0fb6636b14f57c6b805e17d8cdc - Trojan.PWS.Stealer.23202
5fe2b7be66cb32ee47b34f82e2fcee1accf68966 - Trojan.PWS.Stealer.21284
73fd2ac1459c9a2c9c16c5ef59952460895ad34a - Trojan.PWS.Stealer.22928
adba86091fd095eb334caf1f5f083629e19fec66 - Trojan.PWS.Stealer.22928
be744730327a1fb4f0a775c35efe2ee6f098d61a - Trojan.Packed2.40914
d8c031ad44c9b416b1772203d8644c5642f0e049 - Trojan.PWS.Stealer.24895

Pony

c7f693244230180ab751e8477e16c57e362e88c7 - Trojan.PWS.Stealer.13052

Predator The Thief

00b0d5fd1c720b59c3e467ab7ae8d10b19cd1b35 - Trojan.DownLoader27.701
01813e3c4afd53eee31b91ab04623d1c698ba1e9 - Trojan.Encoder.26235
02715b3e0cbfd0d4d6b293a62125176107546099 - Trojan.PWS.Stealer.24834
086dc6190e224e5e6915b798646d41a25a66d00b - Trojan.Packed.193
196261a55e55b3908c9433e3cb0059725f1e97a6 - Trojan.Packed.193
22ebda166949698cf77079471c4572037d71693c - Trojan.DownLoader27.419
535d6b75d925629b59ef010fbcdb38fb1557e5d2 - Trojan.PWS.Stealer.24574
5556212f338e4843d6a4bf052ab6d27c69c5d3cb - Trojan.PWS.Stealer.24571
5713a5ddfc82e8b48c068606fac8a377ea6fadf8 - Trojan.PWS.Stealer.24659
5777efe7a9b01bf945bad9bfb74dea783d5895ea - Trojan.PWS.Stealer.24657
6797e5461a40af047df7d302c74e740df686b00a - Trojan.PWS.Stealer.24561
6f80e76aee323efdf9f8931d6a0225b49a45a205 - Trojan.PWS.Stealer.24573
72e1f9b42572f19f422cc4e8e062194d45ea7934 - Trojan.PWS.Stealer.24391
7e69d8cf58771d400ba2451e2eb8514d2c74dcd6 - Trojan.PWS.Stealer.24560
8593a30e372044163ea1a0d4b785b2e9d0003b27 - Trojan.PWS.Stealer.24605
8e93efc7aeed07539f5f8041c8e9b2f39cb2ca40 - Trojan.PWS.Stealer.24442
9a15c10c2688f32dc11b5621dbdbf67f1e348dc7 - Trojan.PWS.Stealer.24625
9c2cfc4cf4619cb525d020a665532ecc8dc3f33f - Trojan.PWS.Steam.16207
9f3e36888d0d410e5e0bee5e3be46fec3835c1e1 - Trojan.PWS.Stealer.24854
a170ce1b72bd59fdfda8d0c985d271733ff8d1c6 - Trojan.PWS.Stealer.24563
afffd90c30cd4473d2a919ac63044b522d05d36d - Trojan.DownLoader27.419
cb3ce9f6bb8ef30c178f67aaab73cd885dfe6f69 - Trojan.PWS.Stealer.24571

Spy-Agent

044afa02bba97f4816b67b967ba5806b5c8929e4 - Trojan.DownLoader27.7465
0cd3ddf91284fc005d6f7acfb76d3a35fdbe0aeb - Trojan.DownLoader26.49460
220f8b021fc12481c7c28230222f77b62d5334cf - BackDoor.TeamViewer.180
2540c274c90c9d0de3806e36a9cd09e248dfc86c - Trojan.MulDrop8.43229
36ec3355da616056d8079832d10f55d70695b7f1 - Trojan.DownLoader26.58874
3c881b12f1b272c9c14c24468cb05d94f1837221 - Trojan.DownLoader26.59704
3fb4795c00b6b52ef203039c3f8e7eab14ab5219 - BackDoor.TeamViewer.179
62101fb69306364513101674ceb904b8d3a8fc32 - BackDoor.TeamViewer.181
71b4f50dfba25ec3565e627c541b57d764a853b3 - Trojan.MulDrop8.48384
95f0b80eb8c20287252e20499baa571af029d573 - Trojan.MulDrop8.25846
9613a0b65c61aa0406d5330112a4b11e5c7a1865 - Trojan.MulDrop8.37275
9ffd17ed6d463fbc93e60f161f8678305001dfbf - Trojan.DownLoader26.50704
a65d0fbce9d8f3d71eac13baf6c8c5802ebf85f6 - Trojan.MulDrop8.37022
adcb9e0e06ec2c9c55a123083cd9edb6ba5d02de - Trojan.DownLoader26.46028
be6156ab0cec2436440282869a08b00466e5a0d6 - BackDoor.TeamViewer.182
cb68045e54d1cd218995c82e36a2bf29f0b97cb9 - Trojan.MulDrop8.37563
e4e653160ad4fa7fda99905ac5ef5d8ef561a493 - Trojan.DownLoader26.48383
e73935a706e15caffaeb465e1057a9c587da6f88 - BackDoor.TeamViewer.168
e91996401455667fd9ff1991ce6f720ed0788307 - Trojan.DownLoader27.6092
fb6e00ca371ac24e4e8e4519cbde5ec2de01ce72 - Trojan.DownLoader26.52700

DarkVNC

3b75f4a128a80ef574fff7f5e1da9e67faeb55f1 - BackDoor.DarkVNC.3
ea5afa25b386b68ff9f143343a011cdae341b747 - BackDoor.DarkVNC.3
ed1583d7c901309880e9b7c548b10c558a664798 - BackDoor.DarkVNC.2
ef07b905634ca5013bd0c70e92a2570f70da0651 - BackDoor.DarkVNC.7

Loader by Danij

3840709e2a77e277d6127a135d60ac58ab729c57 - Trojan.AutoIt.261
7e71988e106f598583a98d8479b24b93019b32ad - Trojan.DownLoader27.11011

Smoke Loader

dae8285bf70b3e4716ba9f6ba59edaecdec527e5 - Trojan.DownLoader26.9526

Network indicators

Server with malicious sites & panels

185.231.70.51

DarkVNC C&C

37.46.133.31

HVNC C&C

94.250.255.57

Domains

adogegold.live
adsdoge.com
ark.surfeth.com
best.surfeth.com
beta.gopetrom.com
big.surfeth.com
bill.gopetrom.com
bitcodoubler.com
bithelp.top
bot.surfeth.com
botik.surfeth.com
btcmaster.top
btctrades.info
crmine.com
cryptonas.top
cryptonia.top
cryptoniaz.top
cryptono.top
cryptons.top
doge.gopetrom.com
dogeboost.com
dogegold.live
dogehour.com
dogeloto.com
dogem.top
dogemaster.top
dogetaxi.com
ethinvite.top
ethsurfer.top
ethtab.top
get-doges.top
get.surfeth.com
getdoggs.top
getdogs.top
getdooge.top
getmydoge.top
go.adsdoge.com
gopetrom.com
home.gopetrom.com
investime-pro.myjino.ru
log.surfeth.com
megabit.top
megabit.win
minestab.top
mmpower.ru
my.surfeth.com
new.gopetrom.com
new.surfeth.com
panel.bithelp.top
panel.gopetrom.com
panel.zastrahui.xyz
quoetex.top
sbtctrades.info
shop.gopetrom.com
shop.surfeth.com
smoke.surfeth.com
surfeth.com
top.gopetrom.com
tv.zastrahui.xyz
vksecured.ru
work.gopetrom.com
worldofswords.net
zastrahui.xyz