forked from sophoslabs/IoCs
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathTroj-Kingmine
293 lines (278 loc) · 10.3 KB
/
Troj-Kingmine
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
Users of Sophos Endpoint with EDR can threat hunt for non-deterministic indicators relating to this threat using the rules posted at
https://community.sophos.com/products/intercept/early-access-program/b/blog/posts/kingminer-non-deterministic-indicators-of-compromise
Servers
q.112adfdae.tk
a.1b051fdae.tk
1d28ebfdae.com
3096bfdae.com
ww33.3096bfdae.com
q.30263fdae.tk
309cffdae.tk
3190cfdae.com
aa.30583fdae.tk
q.30583fdae.tk
w.30713fdae.tk
qqqw.3113cfdae.com
qqqw1.3113cfdae.com
ww.3113cfdae.com
31524fdae.com
a.5c12fdae.tk
a.869d4fdae.tk
95.179.131.54
107.154.161.209
185.234.216.157
185.234.216.223
216.155.157.194
aqwxrfghh.com
l.aqwxrfghh.com
brydfghh.com
w.ddff1.tk
a.qwerr.ga
ll.homewrt.com
w1.hamewrt.com
w.homewrt.com
w1.homewrt.com
116.116.91.198
120.78.68.141
CVE-2017-0213
46b56f58c4f091614879116bbefc07a63ec32bd3
CVE-2019-0803
061f2b264cade317f6bfad672a3742e2233a86b5
1eb8385dda72275b55f3a34a0aae66aa44265fc1
2fc2dad9bad0df9c2e34fee2007944ad582f85e3
57ab92b9243a91e370f4ef7848e9e5f58ea82c50
96c71d04109d25f7905cf740a351a2a0440c9cc1
d3e619f0ae6331282db1cbd1d20160a1158b3437
dd16703f6df7f76062a60d03936aee59c8448c10
ecbad1c87cf52613faed2d1f030d9eedb50adf4e
ece2503f6e2ace7800dc01fe83d775a99d03a45a
Eternalblue
aae229a770a9a89dd482323827a73f50bf0e1012
f615e5001e8a7dd546a9625d2e6ebc2b40efeb88
Gh0st loader
0cebb1f70e14c005ac0b082532666cde92bb44ad
a133affa355979c17f39c4b3762d9317b9edc9ba
ad59161ef32a5e7c50091d318de59ffb594abb11
b2b6f81a009d2788bbe03a8b513bea236849b30f
f6e7ba9f91e4b6e96196aea2aa6c50725760d855
32-bit side-loader
32a6e5ec4c2100c3fa1d47a253f7076f8413b255
3a2fd2d6d5161bdb4a2277c8f7139117f42a86dc
571c28704b53f6407502821758339f9b87d29d46
5dece93c638710c51c5d3f4b4964a851dee67110
67c2bc99545fd503342e1630197f268d4a1b5ecd
9b585ac05ad0e16b02a49232118257fc23fbc8c6
d9fb54efa9206a1a2a3c8778653f1ca69dd19f87
e4f3b83f5c6de9d232ef23c40b4fca90fbf2d3f3
ee81c65559c001c3d98036e077888a771e1d96ee
022f289f8cd529218b7c7d7f1dd78ff5635e279b
02fcf8d2a34cdfd3177dda2acdcd6f075c185c47
084ea2038488827740162e04742049aa128d4efd
0c4c683fa9e083e95fc352b224a74c6a51dd5399
24f0130234e3df3b9e19d1fcda1897e7836bcbc3
262fde56052e2e387751b04e16cbef826a6f9348
2d304654437518994c3346b7247efaac216ac916
2e243dbb92275f1c2a1fa230c3cd1e65b4d5a107
356f5bce5e050521250e74525b7acd8afc3f0b70
3769c36d6d8057ec33a38b9f4daaa05b05b6501e
3a942099e24448ee1fed803dc6fc6368dab98d21
3b47df287afca3b0b0e83319a7244e839820d7da
3c1fb1c35240c6c7a567a403b600b3dd6c6d405e
40c46843635c0896d1412c0b1183b1ca7b2df16f
41b02d997f36426d1334a06aece1db40dd0cacb2
4816757df7649ff3e4256d14e77e22709b5fdc9f
5a42378b3802426eba23a2dc29def9bc3ed0c52d
611becc1e6de67921aa65102acdf6d570cc27339
65308ad080c54e28835131a3e8ffb7fa57f691cd
6ab5debf724afc50377c1e46cf374da52d3b57ef
6aec7910f9cc7fe1e564920dafa8675f03f2e943
6b6fce7507ef4ad2aae18c2e993bfc6944e38085
73416b02b20e68c314078a5fd33a8fc29e3b4d2f
73d9eb77dfd737c771f42871fc5ddf927fad26c5
79bc431b94bf4af60c6607783d2409263c4ad70f
7a4d89dcec2d25d5342ffa9e36dd72b4146e5dea
9eb15cd828f339041890a3772cad3bf8a3e7309a
a1f35575c7b58f740993d9f0ad048c6e1c88ff20
ad1760544a5757c9ee62dac0f091e48f6cb95ad5
aea922aa3039241f75f50d29329f26c23fed7037
c246c692c861b91edc5e58dcee80ad006130f294
c31cba884486f49eac7f78018431c2daea31ad2f
c504c7471a21df44602f16ac5ca0da90f28692f7
d6263707224c8ae1f889fe3591c920ac17f21b0b
e1a9c244b3483e8dc43fda1f67b4d61d1a7ab73a
f38015a1fc6cac753800c0541530f9266a798150
f456e5c914b7d6fbf1054f6bbcee2640b33907f7
64-bit side-loader
002ad4bf73e1665c36ffd06bf143b9d13cd802d8
2e7b9ef31a39b999bfac45109999ec62ba8b3a11
3df0417054c7bcee5eb2ae2d4369220185015807
4577c3944d272e5db9de0e78f07eafcdf89fbbf6
462bfbb845d212cfbe5551eabf954cd812f97fc6
6648e7451bbac68bd8b935f145dcd0a1f1c06332
83986ed8fc2b81c1785246cba8b439516ed0942c
d13f7dd36063b46624f31e8798021975500471f2
e2aa6fff362ae1fe7fe1ac97a3db6889c794ac81
f98419d143d3b1ca4438371c29e31134f812f29c
054aaf4dee9a54190981744fb92c884704aeb543
0c4f76e907d70c09ac52d0c29be3db957fb06201
1430c02de2915a093b7b136b51a711dfee611d16
1432fb8fcaa780e836e90d35e564a8db7e9cd20e
1d383a9dfac24e893647c8a409759f99e2600f74
1df90c47508de351e819bf5902247f98fbe04085
2341195495a9273c3992ae1b552a492d95776497
236c9bee2d9c3522a8a27a8a197ae9829bc6dda0
31c2a4e7e27c5e020e3140d9f38c4dc90ea6cf60
4c3b8eb09c0b7af69a00684331f083e9e43a209b
4e8754aadd3b750a005bddb7d6647739c137e84e
5049b493977b0118a8997f9a617c8b5734a88919
50c690fe83b48fa51bad5cac3fba552f0269aab4
6559beb37d76eb474f8513d3f01188d48f052da4
66b17cad0a00af2e8cb0dd4e8a337682eb2ac63f
6e1d5e3345f6ad11a36cb067c5f318172f8feea9
725a183f5a1296f2b50a03d2b3e06ad2043cbefd
746264089817a0a4208bf8b69eb09ba1a5633723
7f53c16611efffe0286a964e34c3ea86d1584630
8017279108f2322baeef96a3462ef615f0a3bdab
809d9538cbdd50ff23027f40ea3b9b36a739bfb7
886e9721adc46c0572f51c9278342484180cda21
8eb190629aa18003b62f1640d4d2f3ee2ce26d60
94eb5d897743919d0657d7067f253d198ee0650d
960667be2fea6a8b2a4028d1d5f5634e22b9b424
98044072662886949cfdbc28e322c3b30d142daf
99643ebd1e5dc3bb8d094ce4dd73ae42cad1f454
9c2fba08773fc5920c77ebafb0c5d75d9f6dcfe0
a5e5cfe60fc9ce27ab8d40b09338eaa4bbff0d9b
a5c9734215837049fe6eb1221a3addeeacfca7cf
ad1f0122456d20db2a2abbfeb59e11e890308a16
b32f3416da820cd189e7ac6af64cc1dd212e0ef7
b4ab24a7f296a5b96e24049dafe09fbb7a827337
b5d77ec51444b407adc2ed73dbca8c3213f08c17
b6457952be75b5d088879e8c8308eabc59148938
b73ea79b8338efd89049d88dd115a72ca14e48ac
bb3b9efcba38d4aeab8432fa592e610347750d5a
c470ff93d6ea9853d7d4c7167e30b8559d9faf0e
c6342253c3b37e822b34b2d90f8f17a3f9bf1a32
ca5c215de268e4dc765edd853f3b6b6c5b0d2c1b
d34ae103b9f338b8da36c592988c5a7d8e0c6e82
d38c23602cf912038a8fe920c2e57c922ce50419
d5df48f6efbf70801578bc1b9b6af35dad7b53b1
d6492abddd0ed7364b868ea6614a369bdf83961f
ec44554767e5c9caaaf2ffd76ef803c73797d24b
ecc219159db2a08991e1121ecc3dcdf1fa457b26
ed9b88d8094484227b937b792275e34e77ac1701
f0d83f8b0ad4ca9d2c2ddefe3ee4aeafd10730fc
f1a183cc47f704736dfe1d208be5c69e346c4305
f578290de120e03a2ca6bca497decea907bb9c5f
fb5d762121ccdafe1d3e6d9019f6e365d510b587
fe28873c907d854e890c29eb18c4f2587a819e1d
xmrig miner
03545411bf1b7cbe99d6975e9173874de5867d41
0a0292f4228fd4474045d75847d4f1dbf508e0ec
0b1d6f7cf22c9e28521d7f9ba316f085b1514a28
0bbd48d03fae842ec5d40d88856b011d5bfd368b
116e85a4da897a2ae65d24c90b079b375fbc6b7b
1d7ad49a51f1e290eac8a7d191bc7bfa4ebc74da
1fa0757351e9bf65423bb0a934c2541e8ac97d8f
208310740cbeca5dd1e816500cd7c68c7fbdfe5a
2da5864d00a05f5eb99869ae7cca702c8dca0559
3084e2ddfe5a64a90a360844a21d9407daf2790d
38d3a6317cfd7b76664f636579602ed7c616aa90
3d3e2dfcbbc470a481960d82fd4095337a9007e8
479b43a5bf9754b2d8f9fc52b7b04f79e6220871
4be89995c10197683fd62f5014472b48ac4660c4
533e7c74808e343c4cdc7ef5c805d810fcdeefc0
5483b446ea225bc8d3b4e5f91774fc6fea781044
6ab2ef87a207821d859890ff9697981d572f9abc
6bca87cbb73aa2f58fce7b5be995544699e1f176
7e18b9488627da6790ba5cd027ae23458e99abd5
8009a154bf3d6bded146d67ad6788cd81563a519
831e3f75695f8fdbf74b5dfd0a428f1ef07c192c
85ef4379fc070ac31b162cf3266573618062d30c
936f6662203f3bdb2a2d4b3dddbda2661f559215
9563f2d5ee06fd37372b0aa9fee05497ca6a17c4
a2615049a0bc850ed9c21569caacd2ac1efbfe72
a55bb59efa936a1d11024b8788aaa401868c67ff
a9163231b6382c53ec40532ff2db3202c41d3523
aed019c810b58b4f0a838e26c5e1554f50056cc7
ba64265b09c9b307d4066e42805b9d383d556c28
ba6ac34c67b0ffb74464867e926347b4fbebf7b3
bc30a4e8d7f5421438cbc922e5df2d9ae9633401
bbc7679c7195f1bbe99016c52cb431a921269aa3
bdaf393c4d1ece554b142a7beeec7ff89d553cc0
bfc8c0dc6f2d7e38405c224d9029bd56c3b9786d
c013b3f4b1345d3fc8a0816ffd1163dc78d85852
c06579bf43c499a0a547cf74bf8eda473b8de539
c253f8ca5173cd6e6b717dbe663aced4f1e0ce6a
c5202319d3b8620042d6a86172634864c05f20cb
c866c9fe3ae360afd0a26010c4a6aeeb383c483b
c9ef67fd962879c592c8e38f49deb4b5b01afe03
d01a53d5040b8d3d4600d6bf02805a787a444850
d6e15fbaff8fcca80713cf7fa22e4097628f0e8f
d9963282662bee3f01fcc3992639b2cd9ce0b331
dc7d77a752926bb7370f6d7c2160a65f2f95bd1d
f27f72ad5aa94476b8856af91201cfdf14a06934
VBS/Scriptlet
09a61ecbff96a0382311530815a0ab64e034d101
0f69f89ccb8b6d408928a152fb772efb0baadca9
13bce05a3f644bb689beb88b5b406f3dbbc59280
19f09a3a60b9c3b15a33be0cbc849acb0df45c38
1ad53c5e2d5b4e603ee4e2352fccf775201773d2
1f9fb46514c7a359536dfcb1c2248580c817ecef
244dd61209db2b765f5684ecdf96b31e2ba08527
38a2fc8b80f100cd672576d9d3cc8542cf000888
3a077d096e30d25d36f85fff467037293c3bc9b5
3b4d3a7b162057ad776259bcac38979d8900788d
416fc8d701852e6e9dd4e4301ea0dbf301e86c5b
456f1bcb7023182e1a85193778e24ebbda48bcea
50561536f569dc0447184e4beb8d748c6b21da61
58e889f9c8ade83f919488eae2689bd54f993423
62532eef4073b68e3c6989fdfedc5df4f6490d3f
64df1ffaba08e409e038f7c1d3a9702579b27fd3
6cef2f29606231d474e17fa6dfa2d2c0079b7ca1
86eaf6ed35b87bea428d0f315622edc516cc9477
8b7415d6fef22da0476eda7782e5a5363d7a2fb0
9e4269a1fcf4315aaa1d70dc100374a71374b22f
a3ac99e4164a0d866ed63e72102712bd0b49e76e
b09ccf21e8e7838b5f3ec48cef0e3242783f57ee
b2c077db5c4f0ce4a49f447254bd63d66e48ae67
b64f9bd612a5e79668f6fff75bdb5b16427319b4
b7b049c0c987cb9e8525f7fbf7d87198b5cbcbb3
c6f769598efea6f998ce6ed0f4352ed09a29869f
cd9fc7a6575f771b14b6c9cb2eec041242fda127
d084532d48161c32ed10f1a753ec139bdabecf9f
d19aef482c0b0bb5aea22efa62af9c9afc749c5c
dbe975a6cfab902b9652a1cea3a1033fa9fa6389
e1097f6bc91081a10bbaa9286ac3aca09a182a2e
e2a1bc35828c168d81eb846783e570f8b229660e
ec864bff8a7337ad51b6d400071dba285b360ac8
f20ba017abd69c41306769142f7db2542f88b8bb
f46d11ea868b4a78bc64fddeed42dd4bc1c40699
Linux script
12d0e4035a3c73703d5da132e178f5c864b3d88f
e4a1a2b1eb895ece3c7be4f8c4d77057ad61ede3
Gates
124fead2101134a614fa07a611ae0dbbe3217c31
18ebaa74b81e1f779bb1f673590ff94bae34f6b6
1d8703a8245793cd912668240b09e60859bd1247
2a7d6de5144c7657078b36666fb1d66ac9222f91
2f533c635bdee17744b1704e60b2481127430115
3c99190e46b89973fac3763340b86bb8ac0384a7
60623aae98eedf8bea1ed9664e276762cc16254d
63d1b9e2b8329a91aaa3260bf6754800cb19551d
76a32e46d66b0b11e422816cde996f21d97b1deb
d88b80e112328e31ec88f2a37c890da484c32a7e
bfa1fb540b56ae48f891a616c5cfcd7d3175a163
dae8004b1882febcabec45897dede35e33ffc780
e7fcee93788492509157ad36b5b9d9ef3b7652b7
e8a2e709240043cd192b293bcbc08b31213e0e68
fddc50da8577040b2d77602407fac6afbedfd746
XOR.DDoS
e63117707d4196bb5251cf7b811549f0ba70abb2
Control panel applet
32a6e5ec4c2100c3fa1d47a253f7076f8413b255
4577c3944d272e5db9de0e78f07eafcdf89fbbf6
Mimikatz
0f5fd4c1c0ddc0c1452707262ce7742fbfb2bcd9
2dadd03c745076ba059d10fe10275c6d03fea1a6
Other
c498044a48553748ca2bb1e9ebfe58760540b3a8