ch0ic3/CyberThreatIntel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
c63ccb8596
CyberThreatIntel/Russia/APT/Gamaredon/09-09-19/New samples from the August compaign.md
StrangerealIntel d4e1cdc0d2
Create New samples from the August compaign.md
2019-09-10 01:08:00 +02:00

2.1 KiB
Raw Blame History

New samples from the August compaign

Table of Contents

Malware analysis

Initial vector

The first two samples are maldocs use the CVE-2017-0199 for call a remote template to get the second stage.

alt text

Cyber Threat Intel

Indicators Of Compromise (IOC)

List of all the Indicators Of Compromise (IOC)
Indicator Description
протокол.docx 9a1384868090f54630bc8615c52525a26405a208da1857facb7297d66c69b5c1
18f4aebeac09bd57cf90452facf456a4c6b56dd53a79d08eb5a1d20435acaca6 18f4aebeac09bd57cf90452facf456a4c6b56dd53a79d08eb5a1d20435acaca6
481eee236eadf6c947857820d3af5a397caeb8c45791f0bbdd8a21f080786e75.docx 481eee236eadf6c947857820d3af5a397caeb8c45791f0bbdd8a21f080786e75

||Domain requested| ||IP requested| ||HTTP/HTTPS requests|| ||IP C2| ||Domain C2|

This can be exported as JSON format Export in JSON

Links

Originals tweets:
Links Anyrun: