Copyright © @RedDrip (https://ti.qianxin.com/)
Here are indicators of compromise (IOCs) collected from public resources and our own investigations. Details include sample hash, file type, malware family, as well as first seen and file name from VirusTotal in format below:
| Hash | Type | Family | First_Seen | Name |
|---|---|---|---|---|
| 8e2b5b95980cf52e99acfa95f5e1570b | Win32 DLL | 2019-11-11 15:22:00 | C:\Users<USER>\AppData\Local\Temp~$doc-ad9b812a-88b2-454c-989f-7bb5fe98717e.ole | |
| 3c3b2cc9ff5d7030fb01496510ac75f2 | DOC | 2019-11-11 11:13:02 | ?-????2019?????????????????.doc | |
| 3a8c80d73f9beebd828c3aa172c747fa | RAR | 2019-11-07 01:23:39 | Noi dung don cau cuu.rar | |
| 82990e2c0432e579a00ab1f75da0dd65 | TXT | 2019-10-26 11:05:08 | lang.ps1 | |
| a87ada040f7250b59910345ee0b339b4 | RAR | 2019-10-23 09:20:16 | Thu moi.rar | |
| dbdbcd220475678c4becdc57a9233e20 | Win32 EXE | 2019-10-18 07:28:19 | AcroRd32.exe | |
| e7de9a64266f07168def534852349957 | RAR | Kryptik | 2019-09-16 00:18:57 | Don khieu nai.rar |
| 90c66c76095ef1ad5a79e63a544c1bba | Win32 DLL | Kryptik | 2019-09-13 06:02:21 | 123456 |
We will keep updating this project and hope this could help the security community to fight against malware and targeted attack.
If you find an error, please contact us at ti_support@qianxin.com and we’ll try to improve the IOCs.
| Groupname | Total | Update | data |
|---|---|---|---|
| APT42 | 11 | 5 | 2024-06-11 |
| APT43 | 26 | 2 | 2024-06-11 |
| CoralRaider | 39 | 32 | 2024-06-11 |
| DuneQuixote | 40 | 40 | 2024-06-11 |
| FaceDuck Group | 2423 | 1 | 2024-06-11 |
| GuptiMiner | 8 | 8 | 2024-06-11 |
| Hellhounds | 37 | 16 | 2024-06-11 |
| LilacSquid | 1 | 1 | 2024-06-11 |
| Moonstone Sleet | 8 | 8 | 2024-06-11 |
| sapphire werewolf | 2 | 2 | 2024-06-11 |
| Sticky Werewolf | 9 | 5 | 2024-06-11 |
| Storm-1811 | 5 | 5 | 2024-06-11 |
| UAC | 25 | 6 | 2024-06-11 |
| Unfading Sea Haze | 10 | 10 | 2024-06-11 |