Copyright © @RedDrip (https://ti.qianxin.com/)
Here are indicators of compromise (IOCs) collected from public resources and our own investigations. Details include sample hash, file type, malware family, as well as first seen and file name from VirusTotal in format below:
| Hash | Type | Family | First_Seen | Name |
|---|---|---|---|---|
| 8e2b5b95980cf52e99acfa95f5e1570b | Win32 DLL | 2019-11-11 15:22:00 | C:\Users<USER>\AppData\Local\Temp~$doc-ad9b812a-88b2-454c-989f-7bb5fe98717e.ole | |
| 3c3b2cc9ff5d7030fb01496510ac75f2 | DOC | 2019-11-11 11:13:02 | ?-????2019?????????????????.doc | |
| 3a8c80d73f9beebd828c3aa172c747fa | RAR | 2019-11-07 01:23:39 | Noi dung don cau cuu.rar | |
| 82990e2c0432e579a00ab1f75da0dd65 | TXT | 2019-10-26 11:05:08 | lang.ps1 | |
| a87ada040f7250b59910345ee0b339b4 | RAR | 2019-10-23 09:20:16 | Thu moi.rar | |
| dbdbcd220475678c4becdc57a9233e20 | Win32 EXE | 2019-10-18 07:28:19 | AcroRd32.exe | |
| e7de9a64266f07168def534852349957 | RAR | Kryptik | 2019-09-16 00:18:57 | Don khieu nai.rar |
| 90c66c76095ef1ad5a79e63a544c1bba | Win32 DLL | Kryptik | 2019-09-13 06:02:21 | 123456 |
We will keep updating this project and hope this could help the security community to fight against malware and targeted attack.
If you find an error, please contact us at [email protected] and we’ll try to improve the IOCs.
| Groupname | Total | Update | data |
|---|---|---|---|
| APT-LY-1006 | 35 | 35 | 2023-05-28 |
| APT-Q-27 | 99 | 99 | 2023-05-28 |
| APT37 | 148 | 2 | 2023-05-28 |
| APT43 | 24 | 24 | 2023-05-28 |
| BadMagic | 25 | 25 | 2023-05-28 |
| Earth Lusca | 19 | 5 | 2023-05-28 |
| goldenjackal | 5 | 5 | 2023-05-28 |
| Karakurt | 2 | 2 | 2023-05-28 |
| Kasablanka | 12 | 3 | 2023-05-28 |
| Lancefly | 7 | 7 | 2023-05-28 |
| LAPSUS | 85 | 1 | 2023-05-28 |
| Lazarus Group | 1826 | 71 | 2023-05-28 |
| MuddyWater | 298 | 1 | 2023-05-28 |
| Mustang Panda | 114 | 6 | 2023-05-28 |
| OilAlpha | 14 | 14 | 2023-05-28 |
| Quantum | 5 | 5 | 2023-05-28 |
| WinterVivern | 6 | 6 | 2023-05-28 |