mirror of
https://github.com/danielmiessler/SecLists.git
synced 2025-07-18 09:49:26 -04:00
added indicators of compromise from the kaspersky careto report
This commit is contained in:
j0hnf
parent
e99f140bff
commit
a5fcb22cd8
5 changed files with 92 additions and 0 deletions
1
IOCs/README
Normal file
1
IOCs/README
Normal file
|
|
@ -0,0 +1 @@
|
||||||
|
Lists of indicators of compromise
|
||||||
17
IOCs/kaspersky_careto_C2.txt
Normal file
17
IOCs/kaspersky_careto_C2.txt
Normal file
|
|
@ -0,0 +1,17 @@
|
||||||
|
190.10.9.209
|
||||||
|
190.105.232.46
|
||||||
|
196.40.84.94
|
||||||
|
200.122.160.25
|
||||||
|
202.150.211.102
|
||||||
|
202.150.214.50
|
||||||
|
202.75.56.123
|
||||||
|
202.75.56.231
|
||||||
|
202.75.58.153
|
||||||
|
210.48.153.236
|
||||||
|
223.25.232.161
|
||||||
|
37.235.63.127
|
||||||
|
75.126.146.114
|
||||||
|
81.0.233.15
|
||||||
|
82.208.40.11
|
||||||
|
62.149.227.3
|
||||||
|
75.126.146.114
|
||||||
26
IOCs/kaspersky_careto_domains.txt
Normal file
26
IOCs/kaspersky_careto_domains.txt
Normal file
|
|
@ -0,0 +1,26 @@
|
||||||
|
nthost.shacknet.nu
|
||||||
|
tunga.homedns.org
|
||||||
|
prosoccer1.dyndns.info
|
||||||
|
prosoccer2.dyndns.info
|
||||||
|
nav1002.ath.cx
|
||||||
|
pininfarina.dynalias.com
|
||||||
|
wqq.dyndns.org
|
||||||
|
pl400.dyndns.org
|
||||||
|
services.serveftp.org
|
||||||
|
sv.serveftp.org
|
||||||
|
cherry1962.dyndns.org
|
||||||
|
carrus.gotdns.com
|
||||||
|
ricush.ath.cx
|
||||||
|
takami.podzone.net
|
||||||
|
dfup.selfip.org
|
||||||
|
wwnav.selfip.net
|
||||||
|
fast8.homeftp.org
|
||||||
|
ctronlinenews.dyndns.tv
|
||||||
|
mango66.dyndns.org
|
||||||
|
gx5639.dyndns.tv
|
||||||
|
services.serveftp.org
|
||||||
|
*.redirserver.net
|
||||||
|
*.swupdt.com
|
||||||
|
*.msupdt.com
|
||||||
|
*.appleupdt.com
|
||||||
|
*.linkconf.net
|
||||||
47
IOCs/kaspersky_careto_files.txt
Normal file
47
IOCs/kaspersky_careto_files.txt
Normal file
|
|
@ -0,0 +1,47 @@
|
||||||
|
%system%\objframe.dll
|
||||||
|
%system%\shlink32.dll
|
||||||
|
%system%\shlink64.dll
|
||||||
|
cdllait32.dll
|
||||||
|
cdllait64.dll
|
||||||
|
cdlluninstallws32.dll
|
||||||
|
cdlluninstallws64.dll
|
||||||
|
cdlluninstallsgh32.dll
|
||||||
|
cdlluninstallsgh64.dll
|
||||||
|
%system%\c_50225.nls
|
||||||
|
%system%\c_50227.nls
|
||||||
|
%system%\c_50229.nls
|
||||||
|
%system%\c_51932.nls
|
||||||
|
%system%\c_51936.nls
|
||||||
|
%system%\c_51949.nls
|
||||||
|
%system%\c_51950.nls
|
||||||
|
%system%\c_57002.nls
|
||||||
|
%system%\c_57006.nls
|
||||||
|
%system%\c_57008.nls
|
||||||
|
%system%\c_57010.nls
|
||||||
|
%system%\cdgext32.dll
|
||||||
|
%system%\cfgbkmgrs.dll
|
||||||
|
%system%\cfgmgr64.dll
|
||||||
|
%system%\comsvrpcs.dll
|
||||||
|
%system%\d3dx8_20.dll
|
||||||
|
%system%\dllcomm.dll
|
||||||
|
%system%\drivers\wmimgr.sys
|
||||||
|
%system%\drvinfo.bin
|
||||||
|
%system%\FCache.bin
|
||||||
|
%system%\FFExtendedCommand.dll
|
||||||
|
%system%\gpktcsp32.dll
|
||||||
|
%system%\HPQueue.bin
|
||||||
|
%system%\LPQueue.bin
|
||||||
|
%system%\mdwmnsp.dll
|
||||||
|
%system%\rpcdist.dll
|
||||||
|
%system%\scsvrft.dll
|
||||||
|
%system%\sdptbw.dll
|
||||||
|
%system%\slbkbw.dll
|
||||||
|
%system%\skypeie6plugin.dll
|
||||||
|
%system%\wmspdmgr.dll
|
||||||
|
%temp%\~DF01AC74D8BE15EE01.tmp
|
||||||
|
%temp%\~DF23BF45A473C42B56.tmp
|
||||||
|
%temp%\~DFA0528CD81300F372.tmp
|
||||||
|
%temp%\~DF8471938479DA49221.tmp
|
||||||
|
%appdata%\microsoft\c_27803.nls
|
||||||
|
%appdata%\microsoft\objframe.dll
|
||||||
|
%appdata%\microsoft\shmgr.dll
|
||||||
1
IOCs/kaspersky_careto_registry.txt
Normal file
1
IOCs/kaspersky_careto_registry.txt
Normal file
|
|
@ -0,0 +1 @@
|
||||||
|
[HKLM\Software\Classes\CLSID\{E6BB64BE-0618-4353-9193-0AFE606D6F0C}\InprocServer32]
|
||||||
Loading…
Add table
Reference in a new issue