Table of Contents
These plain text indicators of compromise are an annex to ESET’s quarterly Threat Report for Q2 2020.
The full Threat Report is available on WeLiveSecurity in PDF format at the follow URL:
Serial number: 4bb0b5a8d5b5b0d58e9c5733 Thumbprint: 794e2af8affb7d78ff654d2dd780e39fd682e152 CN = Wuhan Aixinsen Technology Co., Ltd. O = Wuhan Aixinsen Technology Co., Ltd. L = Wuhan S = Hubei C = CN Valid from: Wednesday, 8 January 2020 11:07:22 Valid to: Friday, 8 January 2021 11:07:22
617C42943DCD973235E2227D3AE88F330A2944D0 D69BA2099A9483FC2691D500FCFFF2E1FC382C2D 9757D92DCB5FC253783E8A1D2702BF0F1196D4AB
Aerojet RocketDyne Job and Salary Information- Human Resource Manger_PC_Version.7z лист НДІХП.doc Northrop Grumman.doc javacpld.exe C:\Intel\GfxCPL.exe C:\Intel\hidasvc.exe C:\OneDrive\OneDriveSync.exe
https://www.advantims[.]com/Sync.xsl https://www.c-section[.]com/ng.docx https://www.c-section[.]com/GfxCPL.xsl https://www.apl-tec[.]com/ExportImport/Export/All.pdf https://www.apl-tec[.]com/WebAPL/img/contact.jpg https://qfclindia[.]com/img/panel.png https://qfclindia[.]com/login/about-us.docx
LNK/TrojanDropper.Agent.BK MSIL/ShellcodeRunner.A MSIL/ShellcodeRunner.B MSIL/ShellcodeRunner.C MSIL/ShellcodeRunner.D Win32/Korplug.PW Win64/Motnug.K Win64/Motnug.R Win64/Motnug.S Win64/Agent.ZZ
0F1F2431ECCCB980F7D93B9AF52139D0D508510F 281C1B196CD992906D8583E64011DC28D9C52E3C 1B1A867A950C0CD4AACA930E4978F8C47287EC63 724B2E24872BE445ED2F914B252F8CCF580E9C71 EB2FB8F0E14CB68B45B4DB7ACC05AD22A151D19D ED0D4BAA22DFADF41484955A823AAA095470E6D7 A6FC4834B9DBA46ACE3055C7214D65AE39BBF920 4A5E5ED953EE8BC0FF438192E6235F205304BBCE DBA010496A7BE2E5DE1F923FFDFC19BF345B650B 9E0F7A78CDBC83B9086DF1B4AEF6E06DF2B98A27 6224F4E73D49AD40D67E41AB22086239B153B6C8 42811D5A48200361E72ADD7D50D7511EE22B3BB1 9D1940ED48190277C9D98DDBD7E4EA63ADE5CEAE 9AC922E2A445E039EE3DDD6DE102A20824476326 AE9E6EC5489492210ECAD274475710F1456631EF 5C142A6A8B555C52E4C6A9AE2DE52DFAA4AB7644
Winnti Group packed PeddleCheap
8B8D2EB8DE66890F4C0950CCB3FFF95B0F42B9E1 B48BEB5E49976294287B1D6910D7445DB83E5CF2
International English Language Testing System certificate.pdf.lnk Curriculum Vitae_WANG LEI_Hong Kong Polytechnic University.pdf.lnk oci.dll C:\Windows\System32\spool\prtprocs\x64\winprint.dll svchast.exe work.exe OfficeUpdate.exe C:\PerfLogs\svchost.exe C:\PerfLogs\kiir.dll C:\perflogs\aspnet_cas.exe C:\PerfLogs\mscoreei.tlb C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.tlb C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\NetFx40_IIS_schema.config C:\Windows\Microsoft.NET\Framework64\v2.0.50727\vbs.exe C:\PerfLogs\NetFx40_IIS_schema.config C:\PerfLogs\Resolution.exe C:\perflogs\vbs.exe C:\Windows\system32\dhcp.exe uDWM.tmp 66DF3DFG.tmp mscoreei.tlb hd.exe Ulsassx64.exe
8.9.11[.]130 45.76.6[.]149 45.76.31[.]159 107.191.60[.]153 124.156.138[.]199 149.28.75[.]141 149.28.78[.]89 103.79.76[.]205 107.174.45[.]134 high.micorsoff[.]com ns.mircosoftbox[.]com 6q4qp9trwi.dnslookup[.]services http://sixindent.epizy[.]com/inter.php http://goodhk.azurewebsites[.]net/inter.php https://docs.google[.]com/document/d/1tRuDARmS6VLJIQ4R9rGqL1gFWOnkyLw5FE-9gwsrwm8 https://docs.google[.]com/document/d/1LLU09rtIknFkLu2PeUJNlMh0vWAm7nGGjM9K9Bxnbi
Serial number: d04591134c09d426 Thumbprint: b8cff709950cfa86665363d9553532db9922265c CN = 10.200.206.100 O = Internet Widgits Pty Ltd ST = Some-State C = US Valid from: 2017-11-23 02:08:55 Valid to: 2027-11-21 02:08:55
Serial number: 112195a147c06211d2c4b82b627e3d07bf09 Thumbprint: 91e256ac753efe79927db468a5fa60cb8a835ba5 CN = ZEALOT DIGITAL INTERNATIONAL CORPORATION O = ZEALOT DIGITAL INTERNATIONAL CORPORATION L = Kaohsiung City S = Taiwan C = TW Valid from: Thursday, August 20, 2015 9:43:53 AM Valid to: Monday, September 19, 2016 9:43:53 AM
Serial number: 7e748cdde5b67111bfe43346900e043d Thumbprint: 4d7af6c12794acebdb9254da7839bd0e6ae9133c CN = 21ViaNet Broadband Limited OU = CloudEx Department OU = Digital ID Class 3 - Microsoft Software Validation v2 O = 21ViaNet Broadband Limited L = Beijing S = Beijing C = CN Valid from: Friday, January 15, 2010 2:00:00 AM Valid to: Tuesday, January 15, 2013 1:59:59 AM
egpclopembbljpmifeohhpchacfmienk epbafoeegabblfebgialknoklomcdcog fbcnandddcicamlihombjhlijadopgbk gcnehcoagbchkmplookbmpbkacmejpkd gdeonaknmgmojbmdllhfkplfkagebkib gdlhhmjmdjmlfpnnbgfcebkienknfkei hafkepickjhnomjepannhjcgdmhdhjdc hgknndaldoddbpkbfgkdlbellagpimio hjciidhdblhkjpopafjbbdfjaknfopfl hmlkfjjokellkejakdcndcdknhmmconk jhmmdcocjepheielbkgehfgeainjiokj lidnfimcehcmkfmloggkocgglkegkgjh lfdkkfclehfafopgfcdmoailhahalphd lplaikpmjcnpgaleiplfnmdpcffdpdjg
https://addons.cdn.mozilla.net/user-media/addons/2644453/ledger_nano-2.2.1-fx.xpi?filehash=sha256%3Ac296c7c11162a947775ea79ac74f183c9077a16efd9f245d1ced33b999029b0b https://addons.cdn.mozilla.net/user-media/addons/2637065/trust_wallet-1.9-fx.xpi?filehash=sha256%3A56cab47d0f34ea3841689edf1d41c0ada9ceac2cc6f95b8d3ee57f486017c15f https://addons.cdn.mozilla.net/user-media/addons/2648902/atomic_wallet-2.4.3-an+fx.xpi?filehash=sha256%3A31ec1e501fc3810b1df94d9f97b982fdbc1d8bbfe05d302d9b6a3a76c0517e67 https://addons.cdn.mozilla.net/user-media/addons/2644883/atomic_wallet-2.15.4-fx.xpi?filehash=sha256%3Ab67b229812d0c51b57e305d6f3e3c2578de4becb3eebccdc3ce11353fb6e4b89 https://addons.cdn.mozilla.net/user-media/addons/2650892/tezbox_tezos_wallet-20.0.1-fx.xpi?filehash=sha256%3A701cfc301e23a59156624f593839e03a5ad73a98fe75788dc020e295583b7686 https://addons.cdn.mozilla.net/user-media/addons/2645150/atomic_wallet-1.0.2-fx.xpi?filehash=sha256%3A7394786dfc4c3ab9c47d79ddf0e93465f50333e4781e7512d677e8aa954f4d83 https://addons.cdn.mozilla.net/user-media/addons/2651929/leafwallet_easy_to_use_eos_wallet-1.2.8-fx.xpi?filehash=sha256%3A682a56a9b218197f0ebbbef424a9e1d00e74b2518bf430ff62380cfa28eb5a5b https://addons.cdn.mozilla.net/user-media/addons/2636409/nano_ledger_wallet-2.4.44-an+fx.xpi?filehash=sha256%3A921e62261a0fd69e850eaba45e4a71fefb65e2d5e84b41a59435f8e01fb95ad9 https://addons.cdn.mozilla.net/user-media/addons/2645428/ledger_nano-1.2.1-an+fx.xpi?filehash=sha256%3Aff078f920bf3d0b3880c0cfb77a4acbf7d91e0048b8df414b6976b2fd7ca06ba