Skip to content
Branch: master
Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
..
Failed to load latest commit information.
README.adoc Add IoCs for Machete Aug 5, 2019
misp-machete-event.json Add IoCs for Machete Aug 5, 2019
samples.md5 Add IoCs for Machete Aug 5, 2019
samples.sha1 Add IoCs for Machete Aug 5, 2019
samples.sha256 Add IoCs for Machete Aug 5, 2019

README.adoc

Machete — Indicators of Compromise

For a technical analysis of Machete, check the white paper available on WeLiveSecurity.

A high level summary is also available as a blog post here.

The MISP event is available in misp-machete-event.json.

Sample hashes

GoogleUpdate.exe

SHA-1 hash ESET Detection Name

048C40EB606DA3DEF08C9F6997C1948AFBBC959B

Python/Machete.F

2E8D8508096CAA38493414F6BA788D0041EA9E15

Python/Machete.F

85BDD7D871108C737701AC30C14A2D343CBDEF94

Python/Machete.D

8ED8CB784512F7DADD147347FC94E945FAF16338

Python/Machete.F

9C413075AAB7EF7876B8DC8D7B7C1B9B96842C6E

Python/Machete.A

AB8DD6B0CC950618589603012863B57F7ADB9D9B

Python/Machete.A

Chrome.exe

SHA-1 hash ESET Detection Name

318496B58CF5052EFD49A95C721D9165278E9FCE

Python/Machete.B

3BB345032B6D0226D6771BA65FE4DA0FAF628631

Python/Machete.B

946A24DFBD0AE94209EF7C284D3F462548566A3C

Python/Machete.B

984B9202A6DBD7D3DD696CAE1220338A68092DC9

Python/Machete.B

EABD45D0A86113F5CCFF9FD292C1E482A5727815

Python/Machete.B

F05BC018C90B560DC4932758956ADFFBC10588CE

Python/Machete.B

GoogleCrash.exe

SHA-1 hash ESET Detection Name

204A2850548E5994D4696E9002F90DFCCBE2093A

Python/Machete.C

3792588EDC809270E6666A4677EC85A3400BA4CF

Python/Machete.E

4899A2C2CECEB92D2CC4ED17D092D1D599379284

Python/Machete.A

A42756280AA352F4612BED85AABF7F3267E676C2

Python/Machete.E

A97CF05AD7F3102BDE45E4B4947ED435EFEA1968

Python/Machete.E

RAR/7z SFX: config + malicious components

ESET detection names vary for these samples, depending on the malicious components they hold inside.

SHA-1 hash Filename

00397DA69B8E748720AEDFD80D78166573C33EC8

ders.exe

03929A5530639C1D9DBD395A298C59FD7EFF1DEC

chrome.sfx.exe

0922DEFB82FF1140BBE3481BAB27564BB966D50B

ChrOme_UpdAte.sfx.exe

0AC64E08E63601AD9D6A4EF019E5B374784AF80A

chrome.sfx.exe

0BA5BCE133B50EF80FD9241C3EA5CB9135CA4EB1

ders.exe

161629F63422AB34108854662313F87A278DD7F5

chrome.sfx.exe

24752DAB28C3ADD4C31591F2EC480CE3CA83E0AA

python27.exe

341F2EFA0FD11B4480D8503BFB81C62AF667D72D

chrome_Up.sfx.exe

4C130AA110B290A0CF4FF1C099EA2A705081A9CB

Chrome_Update.sfx.exe

50C23690C23EE070AD3A20FCED7311BFDF098833

ders.exe

67ECBC1E9A66719C599E6DDED33A85F70DACA13E

chrome.sfx.exe

6A69A2A2D4A2F8690B71386F0F092B04EA5A647D

ders.exe

92C56AF6815597C0135C21EF5A35D41B0E2A460F

Python_27.exe

9E52E1C015B97D4FB2CAC888F8FC69D729AF78F5

finaser.aes

A48A71B9D1C00A683397F97C02E0DBB3F4606863

ders.exe

B6E436A0FFF117A1C3D3D70947F62D4CAC66C95E

ders.exe

C4ACCF6071F51ADE102190C6FA350435FC202654

Python.27.exe

D5238CDE036EEFCC6D8D686B3A00247F27DA894C

Python.27.exe

DDA105D8D894F73B16518D546270E4F783CB5178

python27.exe

E85C1EF38C39B6087EA9AC8171DDD1416B9A5306

python27.exe

FD52B10E9D4E5D343E589627444A6766357D5E47

Security.exe

7z SFX: decoy + downloader

SHA-1 hash Filename

52B680F472AE463436979DA325DB7AD64D5AF1EF

Mapa_monitoreo_WRF_ind02052018.scr

69109287D41C002FA70BB3D6238C4056B2B24B2F

Mapa_monitoreo_WRF_ind02052018.scr

89C0FDEED36A69099E935A590A103339B0CBE525

Mapa_monitoreo_WRF_ind02052018.scr

9EA7832D83C74C839A49580B4211E627A24571BE

Programa Formacion en Contratacion Publica.scr

BFD0CBEF5B9C329792B38274474F04BD8109DF66

RGMA0_1_629.scr

FB871AACA0DDCF2F009A2D11ECF672CFB61B7357

CALENDARIO_ACTIVIDADES_COLCO_EC.scr

FDE89FCEC30FCAABB3D42ED87180843F3E760CD8

Mapa_monitoreo_WRF_ind02052018.scr

RAR SFX: URL config + downloader

SHA-1 hash Filename

9912BDBE08179122DC3797A2585D463573D1B5A5

04Down.exe

AB16808B5B4706B6265C5FF5FEF8B8460C8A51F8

4Down.sfx.exe

BDAAB0B356EC9FE61FEE1723E1DD52E39DDC6699

04Down.exe

DED6509458DF62D3CE60C68F3A2A87E59F1F96BE

Down.sfx.exe

Downloader

SHA-1 hash Filename ESET Detection Name

2B7404F6B0075BC1192D61D4AF135D521D5F08A3

RdrCEF.exe

Python/Machete.A

53102E57B40FEACB64566C26D101D9242DECE77C

Down.exe

Python/Machete.A

56E8743E0773286A4B9E055147D96D53A43BECA1

Down.exe

Python/Machete.A

71F69F04307C8F5675DCADEAA80B8C2B95691B01

Down.exe

Python/Machete.A

904137B61F1DED66C8CA76EBF198DEC1B638B5D4

Down.exe

Python/Machete.A

FBB485B40477F5A014E7096747B1B4A494CE50EF

Down.exe

Python/Machete.A

RAR/7z SFX: decoy + payload (no downloader)

SHA-1 hash Filename

0468D3776435E527DBA52B9DA61D38C076DDA09A

FORMATO UNICO DE RENDIMIENTO OPERATIVO GNB 11JUNIO2019 CZGNB-13 xlsx.scr

10EB152039CB0A379DAAB272151BC1BAA8C6D4DB

Radiograma 004026_pdf.scr

173664DE0A9A08218098ABFB86D2C64F25B5EE37

Diseño_pptx.scr

212F3697117D17EC3F299D037845CF3DB20CE88A

29EA8A983E56229AC69FFF9958319B66C006020B

RDGMA 1101 001 jpg.scr

3562CB8D37E68025787C31A0B4654A1CE209E62F

20190611101428 pdf.scr

35E4ECB61F1FA09BEC8A4528C592D982D33B6C6B

INVITADOS_MEXICANOS.scr

442E6CC28D118CFAF1A5482E2000C7DC00D9A7B9

5C56AC14CA7159804A9D53FE037CFD0D99D45AB1

JUNIO_19_PROPUESTA_CLARO_RENOVACION.scr

61DE62436B3806A3A645C96677D7AD9D802E30A8

FORMATO DE NOVEDADES PARA DC PERSONAL xls.scr

62800D245A3726CA390D08B7BF17FE2C37F2B3CF

20190611101331.scr

64F1322BF2A898278AA1E73803FDD500B6E5E7C7

RAD_N_0961_21MAY19.scr

79AC512389EF9E27A3598CA2968573DB4F5FD58F

RAD OFL0120_jpg.scr

7A1AD75A1AA73EC72EE21B213FCCA55D57A0CD58

S_E_ARLETTE_MARENCO_NOTA_INFORMANDO_TERMINO_DE_MISION_001.scr

8E0AC29B8BD0C086B20C23B254CF047AA30A0529

07_1379.scr

91F2C7EED2EE92D11BC6B8FD8D3CBA0B02C8D074

Blason.scr

97EDCDFD6E674591C1E809381C7E68F11DFA81FC

08_1159.scr

9D65B55168526161A79F4743A37B1A7358C67037

INSTRUCCIONES DEL JSO 08JUN19 docx.scr

A19648A5576E0B9FC449D89ADDC569BA1350ECFF

A94916F9696D861FE040891634B3F2DA09557F13

REPORTE OPERACIONAL 10JUN19 pdf.scr

B451F623FE9F315EB886B83F27139FC236A07EC9

20190611101428.scr

C39B9D966AED0372619B3989995AB9AD12F94D38

NOTA_CICR_00079.scr

CF10E0313177FF4C9C588232218078EB870C0079

BOLETA DE PERMISO NELSON GUERERE docx.scr

E8BBCB0F6538D1543BFA3F7A66F20155EBC2BCC8

JUNIO_27_PROPUESTA_CLARO_RENOVACION.scr

EA3D823DF9F0E41AD1DA2FD3492B418693BED8BD

20190611101331 pdf.scr

EB82401CE6B2497AEB1FC666697D7D9CE66E4D5B

Asimilacion.scr

\_hashlbi.pyw

SHA-1 hash ESET Detection Name

1B3723651E1D321D4F34F2A243D7751D17288257

Python/Machete.G

7FFB9C7DA20C536B694E78538B65726EACB1B055

Python/Machete.G

B1ADF4B46350FB801CE54DA9C93A4EF79674F3F5

Python/Machete.G

\_bsdbd.pyw

SHA-1 hash ESET Detection Name

0C33B75F6C4FC0413ABDBCDA1C5E18C907F13DC3

Python/Machete.G

314D9B4C25DD69453D86E4C7062DCE6DEDDA0533

Python/Machete.G

D4CF22F3DB78BDC1CEB55431857D88166CE677D4

Python/Machete.G

\_clypes.pyw

SHA-1 hash ESET Detection Name

26FB301AF7393B5E564B8C802F5795EDEBD7CECF

Python/Machete.G

979859B5A177650EF0549C81FD66D36E9DEA8078

Python/Machete.G

A07E38DF9887EA7811369CD72C57FD6D44523CD6

Python/Machete.G

\_elementree.pyw

SHA-1 hash ESET Detection Name

07E383E9FF04F587769845306DC4BFE75630BAAA

Python/Machete.G

3B6F5CB20FF3AC0EE3813A68A937AAE92EBC46D3

Python/Machete.G

56765B7511372A8E9BE017F48A764D141F485474

Python/Machete.G

CF2DC40926D8747AEC572DFD711BBFD766AADB10

Python/Machete.G

\_mssi.pyw

SHA-1 hash ESET Detection Name

6B42091CA2F89A59F4E27E30ACDACF32EB83F824

Python/Machete.G

708F159F2CFE22FF0C4464F2FEDAA0501868BDD8

Python/Machete.G

DE639618B550DBE9071E999AAA5B4FC81F63A5A6

Python/Machete.G

\_multiproccessing.pyw

SHA-1 hash ESET Detection Name

0B6F61AF3E2C6551F15E0F888177EEC91F20BA99

Python/Machete.G

76AABC0AF5D487A80BCBA19555191B46766139FA

Python/Machete.G

7FF87649CA1D9178A02CD9942856D1B590652C6E

Python/Machete.G

8692EB1E620F2BCDDAF28F0CB726CEC2AA1C230D

Python/Machete.G

8AF19AA3F18CB35F12EE3966931E11799C3AC5A4

Python/Machete.G

E1BC4EC7F82FA06924DC4B43FBBB485D8C86D9CD

Python/Machete.G

Domain names

  • tobabean.expert

  • koliast.com

  • u929489355.hostingerapp.com

  • u154611594.hostingerapp.com

  • 6e24a5fb.ngrok.io

  • f9527d03.ngrok.io

  • adtiomtardecessd.zapto.org

  • mcsi.gotdns.ch

  • djcaps.gotdns.ch

  • tokeiss.ddns.net

  • artyomt.com

  • lawyersofficial.mipropia.com

  • ceofanb18.mipropia.com

Server IPs

  • 185.224.137.63

  • 156.67.222.88

  • 158.69.9.209

  • 142.44.236.215

  • 199.79.63.188

  • 109.61.164.33

You can’t perform that action at this time.