CryptoPHP Indicators of Compromise
This repository contains the indicators of compromise for the CryptoPHP backdoor.
The whitepaper regarding CryptoPHP can be found here:
|file_hashes.csv||Contains the MD5 and SHA1 hashes of the different versions of the backdoor and when they were first seen|
|domains.txt||Contains the C2 domains used by the backdoor|
|ips.txt||Contains the C2 ip addresses used by the backdoor|
|email_addresses.txt||Contains the email addresses used as backup communication by the backdoor|
We created some Python scripts to help administrators identify CryptoPHP: