Skip to content

/ APT_Digital_Weapon

Indicators of compromise (IOCs) collected from public resources and categorized by Qi-AnXin.
Branch: master
Find file
Clone or download

Clone with HTTPS

Use Git or checkout with SVN using the web URL.

Open in Desktop Download ZIP

Launching GitHub Desktop

If nothing happens, download GitHub Desktop and try again.

Launching GitHub Desktop

If nothing happens, download GitHub Desktop and try again.

Launching Xcode

If nothing happens, download Xcode and try again.

Launching Visual Studio

If nothing happens, download the GitHub extension for Visual Studio and try again.

RedDrip7
RedDrip7 2020/01/09
Latest commit 25a02aa Jan 9, 2020
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
APT-C-01 2019/12/05 Dec 5, 2019
APT-C-15 2019/12/05 Dec 5, 2019
APT-C-23 2019/12/05 Dec 5, 2019
APT-C-27 2019/12/05 Dec 5, 2019
APT-C-36 2019/12/05 Dec 5, 2019
APT-C-37 2019/12/05 Dec 5, 2019
APT1 2019/12/05 Dec 5, 2019
APT10
APT15 2019/12/05 Dec 5, 2019
APT16
APT17 2020/01/09 Jan 10, 2020
APT19 2019/12/05 Dec 5, 2019
APT23 2019/12/05 Dec 5, 2019
APT27 2020/01/09 Jan 10, 2020
APT28 2020/01/09 Jan 10, 2020
APT29 2019/12/05 Dec 5, 2019
APT3 2019/12/05 Dec 5, 2019
APT33 2019/12/05 Dec 5, 2019
APT34 2020/01/09 Jan 10, 2020
APT37 2019/12/05 Dec 5, 2019
APT40 2020/01/09 Jan 10, 2020
APT41 2020/01/09 Jan 10, 2020
Aggah 2019/12/05 Dec 5, 2019
Attor 2019/12/05 Dec 5, 2019
BITTER 2020/01/09 Jan 10, 2020
BRONZE PRESIDENT 2020/01/09 Jan 10, 2020
Bisonal 2019/12/05 Dec 5, 2019
BlackOasis 2019/12/05 Dec 5, 2019
BlackTech 2020/01/09 Jan 10, 2020
Blackgear 2019/12/05 Dec 5, 2019
BlueMushroom 2019/12/05 Dec 5, 2019
Bookworm 2019/12/05 Dec 5, 2019
Buhtrap 2019/12/05 Dec 5, 2019
C-Major 2019/12/05 Dec 5, 2019
CARROTBAT 2019/12/05 Dec 5, 2019
CRASHOVERRIDE 2019/12/05 Dec 5, 2019
Calypso 2019/12/05 Dec 5, 2019
Chafer 2019/12/05 Dec 5, 2019
Charming Kitten 2019/12/05 Dec 5, 2019
ChessMaster 2019/12/05 Dec 5, 2019
ChinaZ 2020/01/09 Jan 10, 2020
Cobalt Group 2020/01/09 Jan 10, 2020
Cold River 2019/12/05 Dec 5, 2019
Confucius 2019/12/05 Dec 5, 2019
CopyKittens 2019/12/05 Dec 5, 2019
DEADLYKISS 2019/12/05 Dec 5, 2019
Dark Caracal 2019/12/05 Dec 5, 2019
Dark Tequila 2019/12/05 Dec 5, 2019
DarkHydrus 2019/12/05 Dec 5, 2019
Darkhotel 2019/12/05 Dec 5, 2019
Domestic Kitten 2019/12/05 Dec 5, 2019
Donot 2020/01/09 Jan 10, 2020
DustSquad 2020/01/09 Jan 10, 2020
El Machete 2020/01/09 Jan 10, 2020
Energetic Bear 2019/12/05 Dec 5, 2019
Equation Group remove wrong md5 Dec 5, 2019
EvilGnome 2019/12/05 Dec 5, 2019
FIN6 2020/01/09 Jan 10, 2020
FIN7 2020/01/09 Jan 10, 2020
FIN8 2020/01/09 Jan 10, 2020
GALLIUM 2020/01/09 Jan 10, 2020
Gallmaker 2019/12/05 Dec 5, 2019
Gamaredon Group 2020/01/09 Jan 10, 2020
GlassRAT 2019/12/05 Dec 5, 2019
Golden Chickens 2019/12/05 Dec 5, 2019
Gorgon 2020/01/09 Jan 10, 2020
Gravityrat 2019/12/05 Dec 5, 2019
GreyEnergy 2019/12/05 Dec 5, 2019
HEXANE 2019/12/05 Dec 5, 2019
HackingTeam 2019/12/05 Dec 5, 2019
Hades 2019/12/05 Dec 5, 2019
Hellsing 2019/12/05 Dec 5, 2019
HexCode 2019/12/05 Dec 5, 2019
Higaisa 2019/12/05 Dec 5, 2019
Honeybee 2019/12/05 Dec 5, 2019
INDRIK SPIDER 2019/12/05 Dec 5, 2019
IceFog 2019/12/05 Dec 5, 2019
Inception Framework 2019/12/05 Dec 5, 2019
Infy group 2019/12/05 Dec 5, 2019
Iron Group 2019/12/05 Dec 5, 2019
KONNI 2020/01/09 Jan 10, 2020
Kimsuky 2020/01/09 Jan 10, 2020
KingSqlZ 2019/12/05 Dec 5, 2019
Kulak 2019/12/05 Dec 5, 2019
LUNAR SPIDER 2019/12/05 Dec 5, 2019
Lazarus Group 2020/01/09 Jan 10, 2020
Leafminer 2019/12/05 Dec 5, 2019
Longhorn 2019/12/05 Dec 5, 2019
MM CORE 2019/12/05 Dec 5, 2019
MageCart 2019/12/05 Dec 5, 2019
MartyMcFly 2019/12/05 Dec 5, 2019
Matryoshka 2019/12/05 Dec 5, 2019
Metamorfo 2019/12/05 Dec 5, 2019
Mofang 2019/12/05 Dec 5, 2019
Molerats 2020/01/09 Jan 10, 2020
MoneyTaker 2019/12/05 Dec 5, 2019
MuddyWater 2020/01/09 Jan 10, 2020
Mustang Panda 2020/01/09 Jan 10, 2020
NARWHAL SPIDER 2019/12/05 Dec 5, 2019
NotPetya 2019/12/05 Dec 5, 2019
OceanLotus 2020/01/09 Jan 10, 2020
OilRig 2020/01/09 Jan 10, 2020
Operation Dustysky 2019/12/05 Dec 5, 2019
Operation Ghoul 2019/12/05 Dec 5, 2019
Orangeworm 2019/12/05 Dec 5, 2019
Outlaw 2019/12/05 Dec 5, 2019
PINCHY SPIDER 2019/12/05 Dec 5, 2019
PKPLUG 2019/12/05 Dec 5, 2019
PROMETHIUM 2019/12/05 Dec 5, 2019
PUSIKURAC 2019/12/05 Dec 5, 2019
Pacha Group 2019/12/05 Dec 5, 2019
PatchWork 2019/12/05 Dec 5, 2019
PowerPool 2019/12/05 Dec 5, 2019
PowerSniff 2019/12/05 Dec 5, 2019
RANCOR 2020/01/09 Jan 10, 2020
Red Signature 2019/12/05 Dec 5, 2019
RedAlpha 2019/12/05 Dec 5, 2019
RevengeHotels 2020/01/09 Jan 10, 2020
Roma225 2019/12/05 Dec 5, 2019
Rover 2019/12/05 Dec 5, 2019
Ryuk 2019/12/05 Dec 5, 2019
SEA 2019/12/05 Dec 5, 2019
SWEED 2019/12/05 Dec 5, 2019
Sandworm 2019/12/05 Dec 5, 2019
Scarlet Mimic 2019/12/05 Dec 5, 2019
ShadowHammer 2019/12/05 Dec 5, 2019
Shamoon 3 2019/12/05 Dec 5, 2019
Sidewinder 2020/01/09 Jan 10, 2020
Silence 2019/12/06 Dec 6, 2019
Slingshot 2019/12/05 Dec 5, 2019
Snake Wine 2019/12/05 Dec 5, 2019
SocketPlayer 2019/12/05 Dec 5, 2019
Sowbug
Suckfly 2019/12/05 Dec 5, 2019
TA505 2020/01/09 Jan 10, 2020
TA555 2019/12/05 Dec 5, 2019
TH-163 2019/12/05 Dec 5, 2019
TOOHASH 2019/12/05 Dec 5, 2019
TRITON 2019/12/05 Dec 5, 2019
Taidoor 2019/12/05 Dec 5, 2019
TajMahal 2019/12/05 Dec 5, 2019
Thrip 2019/12/05 Dec 5, 2019
Tick 2020/01/09 Jan 10, 2020
Tortoiseshell 2019/12/05 Dec 5, 2019
TurkHackTeam 2019/12/05 Dec 5, 2019
Turla 2020/01/09 Jan 10, 2020
Unit 8200 2019/12/05 Dec 5, 2019
Urpage 2019/12/05 Dec 5, 2019
WIRTE 2019/12/05 Dec 5, 2019
White Company 2019/12/05 Dec 5, 2019
WindShift 2019/12/05 Dec 5, 2019
ZooPark 2019/12/05 Dec 5, 2019
leetMX 2019/12/05 Dec 5, 2019
projectsauron 2019/12/05 Dec 5, 2019
xHunt 2020/01/09 Jan 10, 2020
LICENSE Create LICENSE Dec 10, 2019
README.MD 2020/01/09 Jan 10, 2020
logo.png 2019/12/05 Dec 5, 2019

README.MD

Copyright © @RedDrip (https://ti.qianxin.com/)

Here are indicators of compromise (IOCs) collected from public resources and our own investigations. Details include sample hash, file type, malware family, as well as first seen and file name from VirusTotal in format below:

Hash Type Family Frist_Seen Name
8e2b5b95980cf52e99acfa95f5e1570b Win32 DLL 2019-11-11 15:22:00 C:\Users<USER>\AppData\Local\Temp~$doc-ad9b812a-88b2-454c-989f-7bb5fe98717e.ole
3c3b2cc9ff5d7030fb01496510ac75f2 DOC 2019-11-11 11:13:02 ?-????2019?????????????????.doc
3a8c80d73f9beebd828c3aa172c747fa RAR 2019-11-07 01:23:39 Noi dung don cau cuu.rar
82990e2c0432e579a00ab1f75da0dd65 TXT 2019-10-26 11:05:08 lang.ps1
a87ada040f7250b59910345ee0b339b4 RAR 2019-10-23 09:20:16 Thu moi.rar
dbdbcd220475678c4becdc57a9233e20 Win32 EXE 2019-10-18 07:28:19 AcroRd32.exe
e7de9a64266f07168def534852349957 RAR Kryptik 2019-09-16 00:18:57 Don khieu nai.rar
90c66c76095ef1ad5a79e63a544c1bba Win32 DLL Kryptik 2019-09-13 06:02:21 123456

We will keep updating this project and hope this could help the security community to fight against malware and targeted attack.

If you find an error, please contact us at ti_support@qianxin.com and we’ll try to improve the IOCs.

2020/01/09 Update_log:

Groupname Total Update data
APT17 2994 1 2020/01/09
APT27 92 2 2020/01/09
APT28 690 4 2020/01/09
APT34 121 6 2020/01/09
APT40 23 2 2020/01/09
APT41 32 2 2020/01/09
BITTER 200 6 2020/01/09
BlackTech 369 10 2020/01/09
BRONZE PRESIDENT 3 3 2020/01/09
ChinaZ 27 10 2020/01/09
Cobalt Group 113 15 2020/01/09
Donot 329 12 2020/01/09
DustSquad 19 3 2020/01/09
El Machete 209 1 2020/01/09
FIN6 64 8 2020/01/09
FIN7 536 5 2020/01/09
FIN8 4 4 2020/01/09
GALLIUM 12 12 2020/01/09
Gamaredon Group 256 24 2020/01/09
Gorgon 1047 1 2020/01/09
Kimsuky 163 3 2020/01/09
KONNI 110 2 2020/01/09
Lazarus Group 1480 24 2020/01/09
Molerats 520 7 2020/01/09
MuddyWater 268 15 2020/01/09
Mustang Panda 20 4 2020/01/09
OceanLotus 973 8 2020/01/09
OilRig 72 8 2020/01/09
RANCOR 47 3 2020/01/09
RevengeHotels 2 2 2020/01/09
Sidewinder 75 8 2020/01/09
TA505 908 18 2020/01/09
Tick 71 13 2020/01/09
Turla 289 7 2020/01/09
xHunt 7 2 2020/01/09
You can’t perform that action at this time.