Skip to content

Commit a5fcb22

Browse files
j0hnfj0hnf
committed
added indicators of compromise from the kaspersky careto report
1 parent e99f140 commit a5fcb22

5 files changed

+92
-0
lines changed

IOCs/README

+1
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
Lists of indicators of compromise

IOCs/kaspersky_careto_C2.txt

+17
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
190.10.9.209
2+
190.105.232.46
3+
196.40.84.94
4+
200.122.160.25
5+
202.150.211.102
6+
202.150.214.50
7+
202.75.56.123
8+
202.75.56.231
9+
202.75.58.153
10+
210.48.153.236
11+
223.25.232.161
12+
37.235.63.127
13+
75.126.146.114
14+
81.0.233.15
15+
82.208.40.11
16+
62.149.227.3
17+
75.126.146.114

IOCs/kaspersky_careto_domains.txt

+26
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,26 @@
1+
nthost.shacknet.nu
2+
tunga.homedns.org
3+
prosoccer1.dyndns.info
4+
prosoccer2.dyndns.info
5+
nav1002.ath.cx
6+
pininfarina.dynalias.com
7+
wqq.dyndns.org
8+
pl400.dyndns.org
9+
services.serveftp.org
10+
sv.serveftp.org
11+
cherry1962.dyndns.org
12+
carrus.gotdns.com
13+
ricush.ath.cx
14+
takami.podzone.net
15+
dfup.selfip.org
16+
wwnav.selfip.net
17+
fast8.homeftp.org
18+
ctronlinenews.dyndns.tv
19+
mango66.dyndns.org
20+
gx5639.dyndns.tv
21+
services.serveftp.org
22+
*.redirserver.net
23+
*.swupdt.com
24+
*.msupdt.com
25+
*.appleupdt.com
26+
*.linkconf.net

IOCs/kaspersky_careto_files.txt

+47
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,47 @@
1+
%system%\objframe.dll
2+
%system%\shlink32.dll
3+
%system%\shlink64.dll
4+
cdllait32.dll
5+
cdllait64.dll
6+
cdlluninstallws32.dll
7+
cdlluninstallws64.dll
8+
cdlluninstallsgh32.dll
9+
cdlluninstallsgh64.dll
10+
%system%\c_50225.nls
11+
%system%\c_50227.nls
12+
%system%\c_50229.nls
13+
%system%\c_51932.nls
14+
%system%\c_51936.nls
15+
%system%\c_51949.nls
16+
%system%\c_51950.nls
17+
%system%\c_57002.nls
18+
%system%\c_57006.nls
19+
%system%\c_57008.nls
20+
%system%\c_57010.nls
21+
%system%\cdgext32.dll
22+
%system%\cfgbkmgrs.dll
23+
%system%\cfgmgr64.dll
24+
%system%\comsvrpcs.dll
25+
%system%\d3dx8_20.dll
26+
%system%\dllcomm.dll
27+
%system%\drivers\wmimgr.sys
28+
%system%\drvinfo.bin
29+
%system%\FCache.bin
30+
%system%\FFExtendedCommand.dll
31+
%system%\gpktcsp32.dll
32+
%system%\HPQueue.bin
33+
%system%\LPQueue.bin
34+
%system%\mdwmnsp.dll
35+
%system%\rpcdist.dll
36+
%system%\scsvrft.dll
37+
%system%\sdptbw.dll
38+
%system%\slbkbw.dll
39+
%system%\skypeie6plugin.dll
40+
%system%\wmspdmgr.dll
41+
%temp%\~DF01AC74D8BE15EE01.tmp
42+
%temp%\~DF23BF45A473C42B56.tmp
43+
%temp%\~DFA0528CD81300F372.tmp
44+
%temp%\~DF8471938479DA49221.tmp
45+
%appdata%\microsoft\c_27803.nls
46+
%appdata%\microsoft\objframe.dll
47+
%appdata%\microsoft\shmgr.dll

IOCs/kaspersky_careto_registry.txt

+1
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
[HKLM\Software\Classes\CLSID\{E6BB64BE-0618-4353-9193-0AFE606D6F0C}\InprocServer32]

0 commit comments

Comments
 (0)