Blevene Blevene
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original File: 7cf5d86cc75cd8f0e22e35213a9c051b740bd4667d9879a446f06277782bffd1 | |
| Related (Yara Rule Results): | |
| 9049c508327ed3ab72df33328145eb226e53805d90dd74c353067f5b167747f3 | |
| 22d244fe63f27279db4b082afe296cd931cf377e3b9501fc8ffc372cb31f076a | |
| 515fdca93acf6a8d23b4fe67d51d4cab5cda6ddbc3d508dd63b61c432d169ca7 | |
| a1260fd3e9221d1bc5b9ece6e7a5a98669c79e124453f2ac58625085759ed3bb | |
| 7efe8a7ad9c6a6146bddd5aef9ceba477ca6973203a41f4b7f823095a90cb10f | |
| 5d25465ec4d51c6b61947990fb148d0b1ee8a344069d5ac956ef4ea6a61af879 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 18ca83b6f3a3de26084ea49c80f4bef08b43b29bfb7121056e71c665bc6eed1e | |
| 2136e521991979fb22ac465a6d317ce5256094c163d841b05e27c177150984e6 | |
| a3993d7966d169fbde28ad8ef29e940e0847fa883bd19a664552a1c0b80f7f46 | |
| 49775c194307dd767055480293d7fdb858cf082bc2c64d7e28b03a4806dc4685 | |
| 1b95c5ead9cce9e0dc4a0f0b1c0c4e21bfa7a70d1d343934208edd072cb5f3cf | |
| 19161067f9b7980298b36c2dbf9914e83a0616459c8599de9934ea21e3fdf739 | |
| 9b32f98102bc88547f21d452c389b0d122bf368857e917fcb3acac4ed443e904 | |
| f9ee04bee778d572e6df3e0679bd76074fa8ada5867530700b8d50ee5595854e | |
| c608b60283423df3ac8dd0fcea8499ab4aaa969531a04988f90c1f2b1801087a | |
| 7a83c557ab36d09a84e7472873a1fc7bfbafd1f43b4d4827b979903ab152478d |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CyberCom | |
| https://twitter.com/CNMF_VirusAlert/status/1146130046127681536 | |
| https://twitter.com/CNMF_VirusAlert/status/1146130046127681536 | |
| https://customermgmt.net/page/macrocosm - 37.220.6.115 (AS 20860 (Iomart Cloud Services Limited)) | |
| b09bce085a2bbc1c0498baf3f75b48f8c86db132ebfc64d72b300f47b7435e89 - Powermet , 2017-01-14 03:35Z |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Source Blog Post | |
| https://medium.com/chronicle-blog/winnti-more-than-just-windows-and-gates-e4f03436031a | |
| --- | |
| #Yara Rules | |
| --- | |
| rule WinntiLinux_Dropper : azazel_fork | |
| { | |
| meta: | |
| desc = "Detection of Linux variant of Winnti" |
Blevene
/ Hashes.csv
Last active
July 2, 2024 07:09
VirusTotal previous 365 Days [May 7th, 2019] of Malware Signed with Certs
We can't make this file beautiful and searchable because it's too large.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| samples day signers Signer 1 Signer 2 Signer 3 Extra Stuff | |
| a83f2d4073b7ecaf4f277db62ec44f8b10a9f16a297ebb4db9826a7a08eb06d2 2019-02-20 南昌博众彩软件有限公司; WoTrus Code Signing CA; Certum Trusted Network CA 南昌博众彩软件有限公司 WoTrus Code Signing CA Certum Trusted Network CA | |
| 7639f505eb9b8ab4e585a2dd5e9f300e936ba73e5b5db4c51bcb0ba52e751581 2018-08-20 A&W Global Ltd; thawte SHA256 Code Signing CA; thawte A&W Global Ltd thawte SHA256 Code Signing CA thawte | |
| bf920c41e76de53a7660c12b7d14d2f1ad60539b142654893e7cc420b2bdbc2b 2018-12-19 深圳市掌星立意科技有限公司; VeriSign Class 3 Code Signing 2010 CA; VeriSign 深圳市掌星立意科技有限公司 VeriSign Class 3 Code Signing 2010 CA VeriSign | |
| d3aaad15925caae5262366e3a5bf4edec0246877c340e2ba75e5dc96f8410c4a 2018-10-05 LEMONADE EVENTS LIMITED; COMODO RSA Code Signing CA; COMODO SECURE™ LEMONADE EVENTS LIMITED COMODO RSA Code Signing CA COMODO SECURE™ | |
| 54fb9e302b497f99c6e7ac891e31faaeaf62245e8c0f65ca7a81c7916225d511 2018-10-25 AmeriTechnology Group, Inc.; Go Daddy Secure Certificate Authority - G2; Go Daddy Roo |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| f5d739b5b15530be8acafc0f4f358ec48efbe3b1a5d7debbf94bed17b2a3b940 | |
| acf46be54c303002d74df6c975083c706b3e1cb8a92e75516579cd0fe65ce918 | |
| 9097f3cbedc79d1c1b91a0c3e776c19d07cb233d79e4af6f325e8d5d537348c2 | |
| 426a4cd4fc593ad0b9b8050a3e4e89299db5aa32f72647f41905e43ab74abea3 | |
| 5f6b90894eb7cc979c97cef0a33ed2308ef789bd0c4475fc572daa104c5a7993 | |
| 523fcda29655bec72d941311e70e7e810cc5a040d527fb5739120e36fee2e5df | |
| 25d7718dc30eccd1a9a2bc037a49b98c503f8064a55a009b1818ba448bcad27b | |
| 1cdc2057c31742b43538d29d749b6a4a1f62be12beeb3a384c77ce17826ef9b9 | |
| 5c06e75410dd1dbae2fadf7ffe09e7ef2d3dab3c24760141ff3ca20f2f80c140 | |
| 30a44e3a5ea574049809eb57638b0fd7f11aab150ac791d202d930b7d3e7bd09 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| b17ff8c0d83d07fca854d669d1389e8e24718ca54ed1543fdb09e9b9b39456ef | |
| f5d739b5b15530be8acafc0f4f358ec48efbe3b1a5d7debbf94bed17b2a3b940 | |
| f5d39e20d406c846041343fe8fbd30069fd50886d7d3d0cce07c44008925d434 | |
| b4a65070354d2a89e84b5ddae81a954a868a714a248a48b72c832c759d85558a | |
| acf46be54c303002d74df6c975083c706b3e1cb8a92e75516579cd0fe65ce918 | |
| 9097f3cbedc79d1c1b91a0c3e776c19d07cb233d79e4af6f325e8d5d537348c2 | |
| 5f6b90894eb7cc979c97cef0a33ed2308ef789bd0c4475fc572daa104c5a7993 | |
| 523fcda29655bec72d941311e70e7e810cc5a040d527fb5739120e36fee2e5df | |
| 25d7718dc30eccd1a9a2bc037a49b98c503f8064a55a009b1818ba448bcad27b | |
| 11f7bb37dd425150e6b095a8d1f3a347ee83e604302a4d9bb201900e74a81d73 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Sourced from VT search, YARA rule provided by US-CERT, modified for VTGrep | |
| content:fjiejffndxklfsdkfjsaadiepwn AND (content:google.co OR content:naver.co) | |
| Ref: https://www.bleepingcomputer.com/news/security/dhs-and-fbi-issue-advisory-on-north-korean-hoplight-malware/ | |
| a1eb5a0f15cbe7cdd5eb84839f7490aecf38979467f549a9f9b0591e75d7fab6 | |
| b0284e9c4cba2bfd019436d4cbe8f1238fd3f6ed4cb79576057be8c4b74d95e0 | |
| 741c0e5234c85c488f165d5248707436210f15a5c9a43003fec741da1ad05f98 | |
| 797a23e0900113b23d468d0050cd0c05f15d3afb34eec4d0e27a6f06398dd849 | |
| 5712e44c3083e394310042afaef6eb40fbe0c56e551433a6370b1f4b9ef0c0e9 | |
| 889b744a81ccf1209d724798aa1ef1aa2212ba82007c942a6a8746b7b0c3d616 |
We can make this file beautiful and searchable if this error is corrected: Unclosed quoted field in line 3.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| first_submitted (epoch),first_submitted,sha256,file_magic,size,num_detections,RESULTS,signers,full_sig,country | |
| 1546950000,2019-01-08 12:20:00,c7a69dcfb6a3fe433a52a71d85a7e90df25b1db1bc843a541eb08ea2fd1052a4,PE32+ executable for MS Windows (DLL) (console) Mono/.Net assembly,2097664,27,"Win64/Filecoder.LockerGoga.A,W64/Filecoder_LockerGoga.A!tr.ransom,Trojan-Ransom.LockerGoga",,,NL | |
| 1547710000,2019-01-17 7:26:40,5b0b972713cd8611b04e4673676cdff70345ac7301b2c23173cdfeaff564225c,PE32 executable for MS Windows (GUI) Intel 80386 32-bit,1284112,40,"Trojan[Ransom]/Win32.LockerGoga.a,Ransom.LockerGoga.S5239812,a variant of Win32/Filecoder.LockerGoga.A","""MIKL LIMITED; COMODO RSA Code Signing CA; COMODO SECURE™""","[{""status"":""Trust for this certificate or one of the certificates in the certificate chain has been revoked."",""valid usage"":""Code Signing"",""name"":""MIKL LIMITED"",""algorithm"":""sha256RSA"",""valid from"":""12:00 AM 06/25/2018"",""valid to"":""11:59 PM 06/25/2019"",""serial number"":""3D 25 80 E8 9 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 5ae51f890d8c99d4332dfed5e823bafc51f746dbe78de5663c724c97b29ab90f | |
| c44653c5317b897ab9192fbaba95f6844221b3598a785733d98f76f67b19edb9 | |
| 9690b0623ef3a29ed5ac20318afa2bed1d4da4da26350fd2265c5baa7173f9ac | |
| fea7356239b18ee60184f844d563f2c35b6f5e5461baadd62e1c8a46e643c22d | |
| e423f68c36c629b1160069303a87a926182ae6e1d60cd4d88cfb42198870a1ef | |
| f5ed20002cccd20a5096fea1ce46febb6eaa677048c4b3a82ba5ae16319de4c1 | |
| c68b49f15b750abff169e855507dc0c5afc0dfa03a8f3136cbe7fd983258565a | |
| 1944deb7d7030d9984c7695607ccb842c239ac0438da4390167f8cb8b43d25c6 | |
| 56e69d7ff0fa3212bb613654c862d1fe6087c6f6a4d107dc42b480082194bd12 | |
| 9864893e31021debe9df71f6995e562ca46b3a32412ea6d0661f402110d99855 |