Upload files to "yara"
This commit is contained in:
2
yara/Bifrost-suricata-20250112.txt
Normal file
2
yara/Bifrost-suricata-20250112.txt
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
alert ip 107.191.61.247 any -> any any (msg:"Suspicious Bifrost IP detected Entering Network: 107.191.61.247 (source) - APT Group: BlackTech"; sid:7744721591; rev:1;)
|
||||||
|
alert ip any any -> 107.191.61.247 any (msg:"Suspicious Bifrost IP detected Leaving Network: 107.191.61.247 (destination) - APT Group: BlackTech"; sid:7744721592; rev:1;)
|
||||||
12
yara/Bifrost-yara-20250112.yar
Normal file
12
yara/Bifrost-yara-20250112.yar
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
Bifrost_IOCs {
|
||||||
|
meta:
|
||||||
|
creator = "Cpl Iverson"
|
||||||
|
date = "2025-01-12"
|
||||||
|
description = "Suspicious IPs, Hashes, and Domains"
|
||||||
|
apt_group = "BlackTech"
|
||||||
|
strings:
|
||||||
|
$ip_107_191_61_247 = "107.191.61.247"
|
||||||
|
$md5_8fd3925dadf37bebcc8844214f2bcd18 = "8fd3925dadf37bebcc8844214f2bcd18"
|
||||||
|
condition:
|
||||||
|
any of them
|
||||||
|
}
|
||||||
64
yara/BlackTech-suricata-20250112.txt
Normal file
64
yara/BlackTech-suricata-20250112.txt
Normal file
@ -0,0 +1,64 @@
|
|||||||
|
alert ip 59.124.71.29 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 59.124.71.29 (source) - APT Group: BlackTech"; sid:754179006; rev:1;)
|
||||||
|
alert ip any any -> 59.124.71.29 any (msg:"Suspicious BlackTech IP detected Leaving Network: 59.124.71.29 (destination) - APT Group: BlackTech"; sid:754179007; rev:1;)
|
||||||
|
alert ip 61.56.11.42 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 61.56.11.42 (source) - APT Group: BlackTech"; sid:7681016193; rev:1;)
|
||||||
|
alert ip any any -> 61.56.11.42 any (msg:"Suspicious BlackTech IP detected Leaving Network: 61.56.11.42 (destination) - APT Group: BlackTech"; sid:7681016194; rev:1;)
|
||||||
|
alert ip 210.242.211.175 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 210.242.211.175 (source) - APT Group: BlackTech"; sid:3725887954; rev:1;)
|
||||||
|
alert ip any any -> 210.242.211.175 any (msg:"Suspicious BlackTech IP detected Leaving Network: 210.242.211.175 (destination) - APT Group: BlackTech"; sid:3725887955; rev:1;)
|
||||||
|
alert ip 114.27.132.233 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 114.27.132.233 (source) - APT Group: BlackTech"; sid:709943673; rev:1;)
|
||||||
|
alert ip any any -> 114.27.132.233 any (msg:"Suspicious BlackTech IP detected Leaving Network: 114.27.132.233 (destination) - APT Group: BlackTech"; sid:709943674; rev:1;)
|
||||||
|
alert ip 122.117.107.178 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 122.117.107.178 (source) - APT Group: BlackTech"; sid:2924766347; rev:1;)
|
||||||
|
alert ip any any -> 122.117.107.178 any (msg:"Suspicious BlackTech IP detected Leaving Network: 122.117.107.178 (destination) - APT Group: BlackTech"; sid:2924766348; rev:1;)
|
||||||
|
alert ip 59.125.132.175 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 59.125.132.175 (source) - APT Group: BlackTech"; sid:1025446180; rev:1;)
|
||||||
|
alert ip any any -> 59.125.132.175 any (msg:"Suspicious BlackTech IP detected Leaving Network: 59.125.132.175 (destination) - APT Group: BlackTech"; sid:1025446181; rev:1;)
|
||||||
|
alert ip 211.23.191.4 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 211.23.191.4 (source) - APT Group: BlackTech"; sid:1096202446; rev:1;)
|
||||||
|
alert ip any any -> 211.23.191.4 any (msg:"Suspicious BlackTech IP detected Leaving Network: 211.23.191.4 (destination) - APT Group: BlackTech"; sid:1096202447; rev:1;)
|
||||||
|
alert ip 220.132.50.81 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 220.132.50.81 (source) - APT Group: BlackTech"; sid:380105595; rev:1;)
|
||||||
|
alert ip any any -> 220.132.50.81 any (msg:"Suspicious BlackTech IP detected Leaving Network: 220.132.50.81 (destination) - APT Group: BlackTech"; sid:380105596; rev:1;)
|
||||||
|
alert ip 61.222.32.205 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 61.222.32.205 (source) - APT Group: BlackTech"; sid:3491818927; rev:1;)
|
||||||
|
alert ip any any -> 61.222.32.205 any (msg:"Suspicious BlackTech IP detected Leaving Network: 61.222.32.205 (destination) - APT Group: BlackTech"; sid:3491818928; rev:1;)
|
||||||
|
alert ip 220.134.98.3 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 220.134.98.3 (source) - APT Group: BlackTech"; sid:2758518549; rev:1;)
|
||||||
|
alert ip any any -> 220.134.98.3 any (msg:"Suspicious BlackTech IP detected Leaving Network: 220.134.98.3 (destination) - APT Group: BlackTech"; sid:2758518550; rev:1;)
|
||||||
|
alert ip 1.170.118.233 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 1.170.118.233 (source) - APT Group: BlackTech"; sid:9801135185; rev:1;)
|
||||||
|
alert ip any any -> 1.170.118.233 any (msg:"Suspicious BlackTech IP detected Leaving Network: 1.170.118.233 (destination) - APT Group: BlackTech"; sid:9801135186; rev:1;)
|
||||||
|
alert ip 60.251.199.226 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 60.251.199.226 (source) - APT Group: BlackTech"; sid:9774568301; rev:1;)
|
||||||
|
alert ip any any -> 60.251.199.226 any (msg:"Suspicious BlackTech IP detected Leaving Network: 60.251.199.226 (destination) - APT Group: BlackTech"; sid:9774568302; rev:1;)
|
||||||
|
alert ip 123.110.131.86 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 123.110.131.86 (source) - APT Group: BlackTech"; sid:3997918156; rev:1;)
|
||||||
|
alert ip any any -> 123.110.131.86 any (msg:"Suspicious BlackTech IP detected Leaving Network: 123.110.131.86 (destination) - APT Group: BlackTech"; sid:3997918157; rev:1;)
|
||||||
|
alert ip 59.120.169.51 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 59.120.169.51 (source) - APT Group: BlackTech"; sid:216812622; rev:1;)
|
||||||
|
alert ip any any -> 59.120.169.51 any (msg:"Suspicious BlackTech IP detected Leaving Network: 59.120.169.51 (destination) - APT Group: BlackTech"; sid:216812623; rev:1;)
|
||||||
|
alert ip 220.133.73.13 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 220.133.73.13 (source) - APT Group: BlackTech"; sid:1823793281; rev:1;)
|
||||||
|
alert ip any any -> 220.133.73.13 any (msg:"Suspicious BlackTech IP detected Leaving Network: 220.133.73.13 (destination) - APT Group: BlackTech"; sid:1823793282; rev:1;)
|
||||||
|
alert ip 220.134.10.17 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 220.134.10.17 (source) - APT Group: BlackTech"; sid:4706859242; rev:1;)
|
||||||
|
alert ip any any -> 220.134.10.17 any (msg:"Suspicious BlackTech IP detected Leaving Network: 220.134.10.17 (destination) - APT Group: BlackTech"; sid:4706859243; rev:1;)
|
||||||
|
alert ip 60.249.208.167 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 60.249.208.167 (source) - APT Group: BlackTech"; sid:5130034148; rev:1;)
|
||||||
|
alert ip any any -> 60.249.208.167 any (msg:"Suspicious BlackTech IP detected Leaving Network: 60.249.208.167 (destination) - APT Group: BlackTech"; sid:5130034149; rev:1;)
|
||||||
|
alert ip 118.163.168.223 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 118.163.168.223 (source) - APT Group: BlackTech"; sid:370437273; rev:1;)
|
||||||
|
alert ip any any -> 118.163.168.223 any (msg:"Suspicious BlackTech IP detected Leaving Network: 118.163.168.223 (destination) - APT Group: BlackTech"; sid:370437274; rev:1;)
|
||||||
|
alert ip 111.249.102.102 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 111.249.102.102 (source) - APT Group: BlackTech"; sid:9108918494; rev:1;)
|
||||||
|
alert ip any any -> 111.249.102.102 any (msg:"Suspicious BlackTech IP detected Leaving Network: 111.249.102.102 (destination) - APT Group: BlackTech"; sid:9108918495; rev:1;)
|
||||||
|
alert ip 61.58.90.11 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 61.58.90.11 (source) - APT Group: BlackTech"; sid:3978267590; rev:1;)
|
||||||
|
alert ip any any -> 61.58.90.11 any (msg:"Suspicious BlackTech IP detected Leaving Network: 61.58.90.11 (destination) - APT Group: BlackTech"; sid:3978267591; rev:1;)
|
||||||
|
alert ip 125.227.225.181 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 125.227.225.181 (source) - APT Group: BlackTech"; sid:7005467689; rev:1;)
|
||||||
|
alert ip any any -> 125.227.225.181 any (msg:"Suspicious BlackTech IP detected Leaving Network: 125.227.225.181 (destination) - APT Group: BlackTech"; sid:7005467690; rev:1;)
|
||||||
|
alert ip 118.163.14.17 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 118.163.14.17 (source) - APT Group: BlackTech"; sid:2425784574; rev:1;)
|
||||||
|
alert ip any any -> 118.163.14.17 any (msg:"Suspicious BlackTech IP detected Leaving Network: 118.163.14.17 (destination) - APT Group: BlackTech"; sid:2425784575; rev:1;)
|
||||||
|
alert ip 122.147.248.69 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 122.147.248.69 (source) - APT Group: BlackTech"; sid:741663504; rev:1;)
|
||||||
|
alert ip any any -> 122.147.248.69 any (msg:"Suspicious BlackTech IP detected Leaving Network: 122.147.248.69 (destination) - APT Group: BlackTech"; sid:741663505; rev:1;)
|
||||||
|
alert ip 125.227.241.2 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 125.227.241.2 (source) - APT Group: BlackTech"; sid:3174873956; rev:1;)
|
||||||
|
alert ip any any -> 125.227.241.2 any (msg:"Suspicious BlackTech IP detected Leaving Network: 125.227.241.2 (destination) - APT Group: BlackTech"; sid:3174873957; rev:1;)
|
||||||
|
alert ip 114.39.59.244 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 114.39.59.244 (source) - APT Group: BlackTech"; sid:8569925249; rev:1;)
|
||||||
|
alert ip any any -> 114.39.59.244 any (msg:"Suspicious BlackTech IP detected Leaving Network: 114.39.59.244 (destination) - APT Group: BlackTech"; sid:8569925250; rev:1;)
|
||||||
|
alert ip 59.125.7.185 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 59.125.7.185 (source) - APT Group: BlackTech"; sid:1118471843; rev:1;)
|
||||||
|
alert ip any any -> 59.125.7.185 any (msg:"Suspicious BlackTech IP detected Leaving Network: 59.125.7.185 (destination) - APT Group: BlackTech"; sid:1118471844; rev:1;)
|
||||||
|
alert ip 61.219.96.18 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 61.219.96.18 (source) - APT Group: BlackTech"; sid:1486351566; rev:1;)
|
||||||
|
alert ip any any -> 61.219.96.18 any (msg:"Suspicious BlackTech IP detected Leaving Network: 61.219.96.18 (destination) - APT Group: BlackTech"; sid:1486351567; rev:1;)
|
||||||
|
alert ip 61.58.90.63 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 61.58.90.63 (source) - APT Group: BlackTech"; sid:576420246; rev:1;)
|
||||||
|
alert ip any any -> 61.58.90.63 any (msg:"Suspicious BlackTech IP detected Leaving Network: 61.58.90.63 (destination) - APT Group: BlackTech"; sid:576420247; rev:1;)
|
||||||
|
alert ip 210.67.101.84 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 210.67.101.84 (source) - APT Group: BlackTech"; sid:3472083329; rev:1;)
|
||||||
|
alert ip any any -> 210.67.101.84 any (msg:"Suspicious BlackTech IP detected Leaving Network: 210.67.101.84 (destination) - APT Group: BlackTech"; sid:3472083330; rev:1;)
|
||||||
|
alert ip 203.74.123.121 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 203.74.123.121 (source) - APT Group: BlackTech"; sid:3303612154; rev:1;)
|
||||||
|
alert ip any any -> 203.74.123.121 any (msg:"Suspicious BlackTech IP detected Leaving Network: 203.74.123.121 (destination) - APT Group: BlackTech"; sid:3303612155; rev:1;)
|
||||||
|
alert ip 18.163.14.17 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 18.163.14.17 (source) - APT Group: BlackTech"; sid:5957364886; rev:1;)
|
||||||
|
alert ip any any -> 18.163.14.17 any (msg:"Suspicious BlackTech IP detected Leaving Network: 18.163.14.17 (destination) - APT Group: BlackTech"; sid:5957364887; rev:1;)
|
||||||
|
alert ip 177.135.177.54 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 177.135.177.54 (source) - APT Group: BlackTech"; sid:4954509509; rev:1;)
|
||||||
|
alert ip any any -> 177.135.177.54 any (msg:"Suspicious BlackTech IP detected Leaving Network: 177.135.177.54 (destination) - APT Group: BlackTech"; sid:4954509510; rev:1;)
|
||||||
324
yara/BlackTech-yara-20250112.yar
Normal file
324
yara/BlackTech-yara-20250112.yar
Normal file
@ -0,0 +1,324 @@
|
|||||||
|
BlackTech_IOCs {
|
||||||
|
meta:
|
||||||
|
creator = "Cpl Iverson"
|
||||||
|
date = "2025-01-12"
|
||||||
|
description = "Suspicious IPs, Hashes, and Domains"
|
||||||
|
apt_group = "BlackTech"
|
||||||
|
strings:
|
||||||
|
$ip_59_124_71_29 = "59.124.71.29"
|
||||||
|
$ip_61_56_11_42 = "61.56.11.42"
|
||||||
|
$ip_210_242_211_175 = "210.242.211.175"
|
||||||
|
$ip_114_27_132_233 = "114.27.132.233"
|
||||||
|
$ip_122_117_107_178 = "122.117.107.178"
|
||||||
|
$ip_59_125_132_175 = "59.125.132.175"
|
||||||
|
$ip_211_23_191_4 = "211.23.191.4"
|
||||||
|
$ip_220_132_50_81 = "220.132.50.81"
|
||||||
|
$ip_61_222_32_205 = "61.222.32.205"
|
||||||
|
$ip_220_134_98_3 = "220.134.98.3"
|
||||||
|
$ip_1_170_118_233 = "1.170.118.233"
|
||||||
|
$ip_60_251_199_226 = "60.251.199.226"
|
||||||
|
$ip_123_110_131_86 = "123.110.131.86"
|
||||||
|
$ip_59_120_169_51 = "59.120.169.51"
|
||||||
|
$ip_220_133_73_13 = "220.133.73.13"
|
||||||
|
$ip_220_134_10_17 = "220.134.10.17"
|
||||||
|
$ip_60_249_208_167 = "60.249.208.167"
|
||||||
|
$ip_118_163_168_223 = "118.163.168.223"
|
||||||
|
$ip_111_249_102_102 = "111.249.102.102"
|
||||||
|
$ip_61_58_90_11 = "61.58.90.11"
|
||||||
|
$ip_125_227_225_181 = "125.227.225.181"
|
||||||
|
$ip_118_163_14_17 = "118.163.14.17"
|
||||||
|
$ip_122_147_248_69 = "122.147.248.69"
|
||||||
|
$ip_125_227_241_2 = "125.227.241.2"
|
||||||
|
$ip_114_39_59_244 = "114.39.59.244"
|
||||||
|
$ip_59_125_7_185 = "59.125.7.185"
|
||||||
|
$ip_61_219_96_18 = "61.219.96.18"
|
||||||
|
$ip_61_58_90_63 = "61.58.90.63"
|
||||||
|
$ip_210_67_101_84 = "210.67.101.84"
|
||||||
|
$ip_203_74_123_121 = "203.74.123.121"
|
||||||
|
$ip_18_163_14_17 = "18.163.14.17"
|
||||||
|
$ip_177_135_177_54 = "177.135.177.54"
|
||||||
|
$md5_34a0be585725b0076e017c8fcb0fc180 = "34a0be585725b0076e017c8fcb0fc180"
|
||||||
|
$md5_1423e253f7a8954ca3c74432b5e4d038 = "1423e253f7a8954ca3c74432b5e4d038"
|
||||||
|
$md5_b7bf246b1481b24ff262cd03c53caf15 = "b7bf246b1481b24ff262cd03c53caf15"
|
||||||
|
$md5_fda02aaff2ea8c91283f1041257cf36f = "fda02aaff2ea8c91283f1041257cf36f"
|
||||||
|
$md5_3d341703a981388b3fde70173a172f89 = "3d341703a981388b3fde70173a172f89"
|
||||||
|
$md5_59e9af5b230f46df15e076cd6dd82d1e = "59e9af5b230f46df15e076cd6dd82d1e"
|
||||||
|
$md5_bd917f5ac3dc380a6fc53c60c9223deb = "bd917f5ac3dc380a6fc53c60c9223deb"
|
||||||
|
$md5_e5c8b3017d309a7383c9504d7e318596 = "e5c8b3017d309a7383c9504d7e318596"
|
||||||
|
$md5_926f008ef342ae1cc138687ff68a424a = "926f008ef342ae1cc138687ff68a424a"
|
||||||
|
$md5_1c460850b55125a7d1f554ee0203fa25 = "1c460850b55125a7d1f554ee0203fa25"
|
||||||
|
$md5_65f4245e3e7f80c47c7e5b7aa23c5920 = "65f4245e3e7f80c47c7e5b7aa23c5920"
|
||||||
|
$md5_2a94c32c20dd4632e0a5084b134e6344 = "2a94c32c20dd4632e0a5084b134e6344"
|
||||||
|
$md5_cc18bdaf99fa701796518db86e651702 = "cc18bdaf99fa701796518db86e651702"
|
||||||
|
$md5_6a97ff47b8d715be62305ff15fb47332 = "6a97ff47b8d715be62305ff15fb47332"
|
||||||
|
$md5_9bb0135b4808331933490d4749d30c11 = "9bb0135b4808331933490d4749d30c11"
|
||||||
|
$md5_ab9b323901bcf38b8b990db3cae2b596 = "ab9b323901bcf38b8b990db3cae2b596"
|
||||||
|
$md5_87af1c51d21d13899db75f675b1faa87 = "87af1c51d21d13899db75f675b1faa87"
|
||||||
|
$md5_dc2b8aefe8bd08f196ea7a6f0caa2764 = "dc2b8aefe8bd08f196ea7a6f0caa2764"
|
||||||
|
$md5_cad875330c25231211fc9a416c3846b7 = "cad875330c25231211fc9a416c3846b7"
|
||||||
|
$md5_019ef03e6b34991c31518ceafa3c6498 = "019ef03e6b34991c31518ceafa3c6498"
|
||||||
|
$md5_0db2c1195c97fc909b6fdb4b09227457 = "0db2c1195c97fc909b6fdb4b09227457"
|
||||||
|
$md5_eae2ea929c754a6d65e2b216e5d32e7a = "eae2ea929c754a6d65e2b216e5d32e7a"
|
||||||
|
$md5_a11d30dcfb8cedcb56dad172b213f388 = "a11d30dcfb8cedcb56dad172b213f388"
|
||||||
|
$md5_5694a226f66e3b07aeb188a54304b371 = "5694a226f66e3b07aeb188a54304b371"
|
||||||
|
$md5_b04fab560ac090e0ff3f1c602f3fcfd7 = "b04fab560ac090e0ff3f1c602f3fcfd7"
|
||||||
|
$md5_299d0c5f43e59fc9415d70816aee56c6 = "299d0c5f43e59fc9415d70816aee56c6"
|
||||||
|
$md5_296dcc2bd1f6359466ff068c8001bbec = "296dcc2bd1f6359466ff068c8001bbec"
|
||||||
|
$md5_5a7d8fe286333416796cefc19b0f5cba = "5a7d8fe286333416796cefc19b0f5cba"
|
||||||
|
$md5_57c0114780d2860a3adbae095c72a97d = "57c0114780d2860a3adbae095c72a97d"
|
||||||
|
$md5_6b18b1e939e5a06303220ee16f045a50 = "6b18b1e939e5a06303220ee16f045a50"
|
||||||
|
$md5_062bcc4ed28b41bab70d7efc2e8b1b11 = "062bcc4ed28b41bab70d7efc2e8b1b11"
|
||||||
|
$md5_3214cdac71fa4313d195eb81eace4db8 = "3214cdac71fa4313d195eb81eace4db8"
|
||||||
|
$md5_1fe7391ac994bf37d7ccb9c7358c4419 = "1fe7391ac994bf37d7ccb9c7358c4419"
|
||||||
|
$md5_1134972f093ab1ef08b912cabbc43b39 = "1134972f093ab1ef08b912cabbc43b39"
|
||||||
|
$md5_b2559336f0e73830a411ce6032474d6e = "b2559336f0e73830a411ce6032474d6e"
|
||||||
|
$md5_f0c1cc799d56d58f528f41039895f8f8 = "f0c1cc799d56d58f528f41039895f8f8"
|
||||||
|
$md5_65a4384fcbe3d010a57a8530b27e0a4e = "65a4384fcbe3d010a57a8530b27e0a4e"
|
||||||
|
$md5_7a00205cdb74c1d5811cc3c44739a348 = "7a00205cdb74c1d5811cc3c44739a348"
|
||||||
|
$md5_6ea02a64df51ab2f12530ffd2e3688de = "6ea02a64df51ab2f12530ffd2e3688de"
|
||||||
|
$md5_5699884869d8796ab33416c3af5305a2 = "5699884869d8796ab33416c3af5305a2"
|
||||||
|
$md5_4085f90f6934422921bd8602f0a975c0 = "4085f90f6934422921bd8602f0a975c0"
|
||||||
|
$md5_fa4bb0c43fcfaaa4d98d6322c376281d = "fa4bb0c43fcfaaa4d98d6322c376281d"
|
||||||
|
$md5_18c409071622553a1d66e0a02d261f7f = "18c409071622553a1d66e0a02d261f7f"
|
||||||
|
$md5_d39b01a44f1487c4bb3c68a528438144 = "d39b01a44f1487c4bb3c68a528438144"
|
||||||
|
$md5_b9b6488f990a96a1c2f5c3e99a43a212 = "b9b6488f990a96a1c2f5c3e99a43a212"
|
||||||
|
$md5_737c6923effeee58717f613db304955a = "737c6923effeee58717f613db304955a"
|
||||||
|
$md5_662edc1100e2d8863bf713ae47985245 = "662edc1100e2d8863bf713ae47985245"
|
||||||
|
$md5_5f06d234fc285ee9f127f95206696796 = "5f06d234fc285ee9f127f95206696796"
|
||||||
|
$md5_96be4a1c418f10c50659bab0b25b9115 = "96be4a1c418f10c50659bab0b25b9115"
|
||||||
|
$md5_34e38d4b970be9f19b6f29c83023b498 = "34e38d4b970be9f19b6f29c83023b498"
|
||||||
|
$md5_73fabddce8887d0253503daa4a50fdf7 = "73fabddce8887d0253503daa4a50fdf7"
|
||||||
|
$md5_64ec5419edd9ff050d839845a0a5bea3 = "64ec5419edd9ff050d839845a0a5bea3"
|
||||||
|
$md5_5633009e7ce55be0213e76c74fdcf9d6 = "5633009e7ce55be0213e76c74fdcf9d6"
|
||||||
|
$md5_cab9d743c0868f7edfe11fa9fb99262b = "cab9d743c0868f7edfe11fa9fb99262b"
|
||||||
|
$md5_8a81e6a62d3bdcffe074807d7173840f = "8a81e6a62d3bdcffe074807d7173840f"
|
||||||
|
$md5_7a1b0e86d2c7da3f52c74a4ce4b675af = "7a1b0e86d2c7da3f52c74a4ce4b675af"
|
||||||
|
$md5_7745f7a89aa20da8d681fee4f25741df = "7745f7a89aa20da8d681fee4f25741df"
|
||||||
|
$md5_5fc4a20161b6d95d5bd0c0567472c4b0 = "5fc4a20161b6d95d5bd0c0567472c4b0"
|
||||||
|
$md5_9e529a8fbc25cc73bafc1e9d881f320f = "9e529a8fbc25cc73bafc1e9d881f320f"
|
||||||
|
$md5_9b6f818f769655c8618ae0420bc994ec = "9b6f818f769655c8618ae0420bc994ec"
|
||||||
|
$md5_8edf98a3e38cf8e2a5414f2ff9a1c2a6 = "8edf98a3e38cf8e2a5414f2ff9a1c2a6"
|
||||||
|
$md5_ea1a6799ee02bcadf70b34f7801e525f = "ea1a6799ee02bcadf70b34f7801e525f"
|
||||||
|
$md5_259ce74e8a6ddc2507efa64371f3d45e = "259ce74e8a6ddc2507efa64371f3d45e"
|
||||||
|
$md5_6d355a4339f92d6056f2708194213440 = "6d355a4339f92d6056f2708194213440"
|
||||||
|
$md5_76055e90b1e1e9d67139c7645c21092e = "76055e90b1e1e9d67139c7645c21092e"
|
||||||
|
$md5_0929230644a301857bac09379257883a = "0929230644a301857bac09379257883a"
|
||||||
|
$md5_22ede86834e0060a88d6f45ce3982277 = "22ede86834e0060a88d6f45ce3982277"
|
||||||
|
$md5_ec7c6b43beec56df72cb74dd28b5b1d2 = "ec7c6b43beec56df72cb74dd28b5b1d2"
|
||||||
|
$md5_76b464c98790d8f01e02d24b53f4486d = "76b464c98790d8f01e02d24b53f4486d"
|
||||||
|
$md5_93b68ae2023940bb2e8506d6131d9d27 = "93b68ae2023940bb2e8506d6131d9d27"
|
||||||
|
$md5_289286f8289b707d41e74a199a88be64 = "289286f8289b707d41e74a199a88be64"
|
||||||
|
$md5_97fdb683e7b56bdf198d2b4c0e9b2715 = "97fdb683e7b56bdf198d2b4c0e9b2715"
|
||||||
|
$md5_70b31b12a5ba644de0093970af9866b8 = "70b31b12a5ba644de0093970af9866b8"
|
||||||
|
$md5_2267326efac998fa4ddbc7d8e3940c0d = "2267326efac998fa4ddbc7d8e3940c0d"
|
||||||
|
$md5_6c145f1ad75de785a75903a4a5d485e8 = "6c145f1ad75de785a75903a4a5d485e8"
|
||||||
|
$md5_28da4707d69de5cc3d544d6a90fff8ff = "28da4707d69de5cc3d544d6a90fff8ff"
|
||||||
|
$md5_4446ba673bc5c2adf31823301a4fdd3a = "4446ba673bc5c2adf31823301a4fdd3a"
|
||||||
|
$md5_37bf2df225650b39c9874ecf392a9a9b = "37bf2df225650b39c9874ecf392a9a9b"
|
||||||
|
$md5_976f0e7d1b1d5a4c5dc3f714885134dd = "976f0e7d1b1d5a4c5dc3f714885134dd"
|
||||||
|
$md5_468571266346f4b659b948a67e8ab005 = "468571266346f4b659b948a67e8ab005"
|
||||||
|
$md5_1d87a00f54a16f9c0ee135731296eb58 = "1d87a00f54a16f9c0ee135731296eb58"
|
||||||
|
$md5_8820d713e7052abe411cccb92c365783 = "8820d713e7052abe411cccb92c365783"
|
||||||
|
$md5_f77bd5d0d0b85c0fb2f986d952891071 = "f77bd5d0d0b85c0fb2f986d952891071"
|
||||||
|
$md5_410ceb4d5008887a66587130d57adeee = "410ceb4d5008887a66587130d57adeee"
|
||||||
|
$md5_09d1ebf1a6c10083f8d66003418e6e06 = "09d1ebf1a6c10083f8d66003418e6e06"
|
||||||
|
$md5_9d014bc00ecb311db63beeadf0d8bb19 = "9d014bc00ecb311db63beeadf0d8bb19"
|
||||||
|
$md5_5b83dcd3f6615e9b18104088523eaaf3 = "5b83dcd3f6615e9b18104088523eaaf3"
|
||||||
|
$md5_3d356c2d84c39bab9fcb1fea1a132f6a = "3d356c2d84c39bab9fcb1fea1a132f6a"
|
||||||
|
$md5_e448666cf15651eff32e7296f2f57206 = "e448666cf15651eff32e7296f2f57206"
|
||||||
|
$md5_b3dfe482568c508bc21f8da8a291f2cd = "b3dfe482568c508bc21f8da8a291f2cd"
|
||||||
|
$md5_5e72bcafef281999bafeff7b9085dc7c = "5e72bcafef281999bafeff7b9085dc7c"
|
||||||
|
$md5_01a916c6863f98d8126bb75a4f291a5d = "01a916c6863f98d8126bb75a4f291a5d"
|
||||||
|
$md5_47a0e644aae76b040aaecf7f7b75404b = "47a0e644aae76b040aaecf7f7b75404b"
|
||||||
|
$md5_c56f890e9a3e4d9ffd2aba80d95b2f89 = "c56f890e9a3e4d9ffd2aba80d95b2f89"
|
||||||
|
$md5_8d31ebecdf790a80175d358212b3dd19 = "8d31ebecdf790a80175d358212b3dd19"
|
||||||
|
$md5_a735b9c81e6cffd576abd914cc635aea = "a735b9c81e6cffd576abd914cc635aea"
|
||||||
|
$md5_a2bfef210952aa4177ec03000b231228 = "a2bfef210952aa4177ec03000b231228"
|
||||||
|
$md5_791dbd6071c8d5e04fcaad95b9b6a039 = "791dbd6071c8d5e04fcaad95b9b6a039"
|
||||||
|
$md5_089d583667b28c2182be1b65b74c2ffb = "089d583667b28c2182be1b65b74c2ffb"
|
||||||
|
$md5_b0969efc34fe6d06542942b14295305b = "b0969efc34fe6d06542942b14295305b"
|
||||||
|
$md5_601a4718678a290c004b531b498e40fa = "601a4718678a290c004b531b498e40fa"
|
||||||
|
$md5_811ad8d894c461c446843de4a9a3fd42 = "811ad8d894c461c446843de4a9a3fd42"
|
||||||
|
$md5_dcd88df79393a92bbf29824580649d0c = "dcd88df79393a92bbf29824580649d0c"
|
||||||
|
$md5_18ca4159820c1766f358de2ffc92a271 = "18ca4159820c1766f358de2ffc92a271"
|
||||||
|
$md5_50ee06096d78ca5eff8d19de8aacf76e = "50ee06096d78ca5eff8d19de8aacf76e"
|
||||||
|
$md5_fd016b952c98a8be9c51c44d2a288c71 = "fd016b952c98a8be9c51c44d2a288c71"
|
||||||
|
$md5_3470568793761e75d72eb0c99a4bb6ec = "3470568793761e75d72eb0c99a4bb6ec"
|
||||||
|
$md5_cb612bd16abae8bdbd551e78278988f4 = "cb612bd16abae8bdbd551e78278988f4"
|
||||||
|
$md5_cea5d1fcf92da7212bcdc2989a3518e7 = "cea5d1fcf92da7212bcdc2989a3518e7"
|
||||||
|
$md5_7d166e7a86084eeae5f42211ace8622c = "7d166e7a86084eeae5f42211ace8622c"
|
||||||
|
$md5_69d83dd95abf0f3e9cccaf30d909d8ab = "69d83dd95abf0f3e9cccaf30d909d8ab"
|
||||||
|
$md5_f7675431685701edb506ffebc182f6ef = "f7675431685701edb506ffebc182f6ef"
|
||||||
|
$md5_4bcb99623c05fc2abaa1b4090b0bee6c = "4bcb99623c05fc2abaa1b4090b0bee6c"
|
||||||
|
$md5_c6e098547bace9c4844dd99230a525b8 = "c6e098547bace9c4844dd99230a525b8"
|
||||||
|
$md5_5bb14699b14e48608d43f51c56b88a04 = "5bb14699b14e48608d43f51c56b88a04"
|
||||||
|
$md5_1c00baebd1d2979a1009652dbc58c1fd = "1c00baebd1d2979a1009652dbc58c1fd"
|
||||||
|
$md5_87375cc6cdf60fc92c973ca984946e7f = "87375cc6cdf60fc92c973ca984946e7f"
|
||||||
|
$md5_3406ce96eaafd68fa469af2409ad6ffe = "3406ce96eaafd68fa469af2409ad6ffe"
|
||||||
|
$md5_dee1f09ef83a041555ce8b1f3effab01 = "dee1f09ef83a041555ce8b1f3effab01"
|
||||||
|
$md5_c40b172d7e99335e1724dc8ba18a42d7 = "c40b172d7e99335e1724dc8ba18a42d7"
|
||||||
|
$md5_04a420981c8724b654b30ecb13a1b9a5 = "04a420981c8724b654b30ecb13a1b9a5"
|
||||||
|
$md5_402627c57c6127187c7ee1ba9b4e11ad = "402627c57c6127187c7ee1ba9b4e11ad"
|
||||||
|
$md5_413a34cb61e954c4e82a63875cce9a67 = "413a34cb61e954c4e82a63875cce9a67"
|
||||||
|
$md5_87835a271ff098d7a0a44e45be83a9d8 = "87835a271ff098d7a0a44e45be83a9d8"
|
||||||
|
$md5_7f84dea46b4e29911604a2afaf1c57ab = "7f84dea46b4e29911604a2afaf1c57ab"
|
||||||
|
$md5_9c863613cc5890067a9733eb15cf749e = "9c863613cc5890067a9733eb15cf749e"
|
||||||
|
$md5_61d318aacfd97961a9248f696025177e = "61d318aacfd97961a9248f696025177e"
|
||||||
|
$md5_23b1717f7690f2670585ce42abcf07c0 = "23b1717f7690f2670585ce42abcf07c0"
|
||||||
|
$md5_e5761a294e7955bf234f7dd38b980633 = "e5761a294e7955bf234f7dd38b980633"
|
||||||
|
$md5_7021e319704ba7bddcdc37716a5c879e = "7021e319704ba7bddcdc37716a5c879e"
|
||||||
|
$md5_f60de91238d965455629b12694fb9dbc = "f60de91238d965455629b12694fb9dbc"
|
||||||
|
$md5_7ca58dd5daa70dd5dc278070512eb394 = "7ca58dd5daa70dd5dc278070512eb394"
|
||||||
|
$md5_391974cd1e5338938faf7f9a22ee3bf5 = "391974cd1e5338938faf7f9a22ee3bf5"
|
||||||
|
$md5_842e7ed1d9a3148c706e2f5e80e01735 = "842e7ed1d9a3148c706e2f5e80e01735"
|
||||||
|
$md5_45ed3086b3d03b253f8746a174a060d1 = "45ed3086b3d03b253f8746a174a060d1"
|
||||||
|
$md5_639637d46f64f4e0164e704be98c7c67 = "639637d46f64f4e0164e704be98c7c67"
|
||||||
|
$md5_2a233c4f6571a2fc3342d6edf3c1e98d = "2a233c4f6571a2fc3342d6edf3c1e98d"
|
||||||
|
$md5_77e8503f721a715a5309f89c88f1da8c = "77e8503f721a715a5309f89c88f1da8c"
|
||||||
|
$md5_6b022a8cea1bd0e3b511961c7f12da0e = "6b022a8cea1bd0e3b511961c7f12da0e"
|
||||||
|
$md5_5bc08352ad0ca4b3727bd7c509515693 = "5bc08352ad0ca4b3727bd7c509515693"
|
||||||
|
$md5_dbeb16d8745a9b9b0daf946d2caecae0 = "dbeb16d8745a9b9b0daf946d2caecae0"
|
||||||
|
$md5_3da2ad2d32f02172623cc5dfb342e43c = "3da2ad2d32f02172623cc5dfb342e43c"
|
||||||
|
$md5_c288f4729f7cdce991dcf7c2b156e854 = "c288f4729f7cdce991dcf7c2b156e854"
|
||||||
|
$md5_acc03ef1eef25c397972ae27087621a6 = "acc03ef1eef25c397972ae27087621a6"
|
||||||
|
$md5_63d453db999cb3a9b388180b7364d43c = "63d453db999cb3a9b388180b7364d43c"
|
||||||
|
$md5_89eb892d945034e549118cda2120c17d = "89eb892d945034e549118cda2120c17d"
|
||||||
|
$md5_d016d961bf0cf4b3aec5619b1b5ebc60 = "d016d961bf0cf4b3aec5619b1b5ebc60"
|
||||||
|
$md5_17cece9c7bbe0c2d6c37056742a7a7e9 = "17cece9c7bbe0c2d6c37056742a7a7e9"
|
||||||
|
$md5_c6c5b4de5cc10418e2f14305d6541bd4 = "c6c5b4de5cc10418e2f14305d6541bd4"
|
||||||
|
$md5_b90b0ff065be669d4d882a2861115ea5 = "b90b0ff065be669d4d882a2861115ea5"
|
||||||
|
$md5_5708d6c871e56833020be00fcac9b4fa = "5708d6c871e56833020be00fcac9b4fa"
|
||||||
|
$md5_cfc48c66c7630653faa136ba83617cb0 = "cfc48c66c7630653faa136ba83617cb0"
|
||||||
|
$md5_8c2e717c09cee5234bec059decc04fbc = "8c2e717c09cee5234bec059decc04fbc"
|
||||||
|
$md5_03823081d5de20d03cf85259ae7ee47c = "03823081d5de20d03cf85259ae7ee47c"
|
||||||
|
$md5_cf128ba5945102e1b1a089032f2e4bc1 = "cf128ba5945102e1b1a089032f2e4bc1"
|
||||||
|
$md5_b14f8f099e4ebbaf4312eb86d739267f = "b14f8f099e4ebbaf4312eb86d739267f"
|
||||||
|
$md5_3b30e94191d82f3566de058a60c4ce41 = "3b30e94191d82f3566de058a60c4ce41"
|
||||||
|
$md5_f5cce3e8c5d8d24edca83ae34d505d61 = "f5cce3e8c5d8d24edca83ae34d505d61"
|
||||||
|
$md5_32549e52c76cacf4a4725340c5eaaabd = "32549e52c76cacf4a4725340c5eaaabd"
|
||||||
|
$md5_0fd48bd160854bea6e9df66a9451b9ed = "0fd48bd160854bea6e9df66a9451b9ed"
|
||||||
|
$md5_ea475f5a99ae4f81d23be81bdcfbb6ac = "ea475f5a99ae4f81d23be81bdcfbb6ac"
|
||||||
|
$md5_123a97612de9089409ad512f3bb2379a = "123a97612de9089409ad512f3bb2379a"
|
||||||
|
$md5_808e8a7ff27e284bbd07cee65403b66c = "808e8a7ff27e284bbd07cee65403b66c"
|
||||||
|
$md5_73993f9f448449f0c5c6977664cfd8fa = "73993f9f448449f0c5c6977664cfd8fa"
|
||||||
|
$md5_58ebad50377af27347a4a216625ec8c7 = "58ebad50377af27347a4a216625ec8c7"
|
||||||
|
$md5_bc6b1264f9dfebdde7a4b94ff0f61c83 = "bc6b1264f9dfebdde7a4b94ff0f61c83"
|
||||||
|
$md5_593d2f1113836a49cb27cef3ce699933 = "593d2f1113836a49cb27cef3ce699933"
|
||||||
|
$md5_463d74f0085a613c44dc9ded28ba903d = "463d74f0085a613c44dc9ded28ba903d"
|
||||||
|
$md5_c74a645b0a52812f026f5cfe6d168f40 = "c74a645b0a52812f026f5cfe6d168f40"
|
||||||
|
$md5_69b4467e347dcf360ef7d2dd2a869601 = "69b4467e347dcf360ef7d2dd2a869601"
|
||||||
|
$md5_7163a7326321ce88f14c2156c29f8386 = "7163a7326321ce88f14c2156c29f8386"
|
||||||
|
$md5_73add080471429445ecba08d95f03b01 = "73add080471429445ecba08d95f03b01"
|
||||||
|
$md5_4892a108c084f7471b601194957ec431 = "4892a108c084f7471b601194957ec431"
|
||||||
|
$md5_0fbf6146e6478d9a6945341a45885400 = "0fbf6146e6478d9a6945341a45885400"
|
||||||
|
$md5_6ff0374bf169ddedaf2654c94b985617 = "6ff0374bf169ddedaf2654c94b985617"
|
||||||
|
$md5_c64778a2ddcc66db666e63ca6781ef3f = "c64778a2ddcc66db666e63ca6781ef3f"
|
||||||
|
$md5_462372c1f7f27ad12cc452dbb3358122 = "462372c1f7f27ad12cc452dbb3358122"
|
||||||
|
$md5_a6b48f5675c55b124908dd11635919ac = "a6b48f5675c55b124908dd11635919ac"
|
||||||
|
$md5_79f1af23d5ab729a3071d1f4c2a0606f = "79f1af23d5ab729a3071d1f4c2a0606f"
|
||||||
|
$domain_ting_qpoe_com = "ting.qpoe.com"
|
||||||
|
$domain_moutain_onmypc_org = "moutain.onmypc.org"
|
||||||
|
$domain_cust_compradecedines_com_ar = "cust.compradecedines.com.ar"
|
||||||
|
$domain_cecs_ben-wan_com = "cecs.ben-wan.com"
|
||||||
|
$domain_edit_ctotw_tw = "edit.ctotw.tw"
|
||||||
|
$domain_rio_onmypc_org = "rio.onmypc.org"
|
||||||
|
$domain_techlawilo_effers_com = "techlawilo.effers.com"
|
||||||
|
$domain_moc_mrface_com = "moc.mrface.com"
|
||||||
|
$domain_every_b0ne_com = "every.b0ne.com"
|
||||||
|
$domain_usamovie_mylftv_com = "usamovie.mylftv.com"
|
||||||
|
$domain_applestore_dnset_com = "applestore.dnset.com"
|
||||||
|
$domain_fastnews_ezua_com = "fastnews.ezua.com"
|
||||||
|
$domain_accounts_fartit_com = "accounts.fartit.com"
|
||||||
|
$domain_music_ftp_sh = "music.ftp.sh"
|
||||||
|
$domain_ikwb55_ikwb_com = "ikwb55.ikwb.com"
|
||||||
|
$domain_pcphoto_servehalflife_com = "pcphoto.servehalflife.com"
|
||||||
|
$domain_festival_lflinkup_net = "festival.lflinkup.net"
|
||||||
|
$domain_kh7710103_qnoddns_org_cn = "kh7710103.qnoddns.org.cn"
|
||||||
|
$domain_soo_dtdns_net = "soo.dtdns.net"
|
||||||
|
$domain_sysinfo_itemdb_com = "sysinfo.itemdb.com"
|
||||||
|
$domain_injure_ignorelist_com = "injure.ignorelist.com"
|
||||||
|
$domain_linenews_mypicure_info = "linenews.mypicure.info"
|
||||||
|
$domain_forums_happyforever_com = "forums.happyforever.com"
|
||||||
|
$domain_showgirls_mooo_com = "showgirls.mooo.com"
|
||||||
|
$domain_dcns_chickenkiller_com = "dcns.chickenkiller.com"
|
||||||
|
$domain_xuite_myMom_info = "xuite.myMom.info"
|
||||||
|
$domain_kukupy_chatnook_com = "kukupy.chatnook.com"
|
||||||
|
$domain_support_bonbonkids_hk = "support.bonbonkids.hk"
|
||||||
|
$domain_tabf_garrarufaworld_com = "tabf.garrarufaworld.com"
|
||||||
|
$domain_hehagame_Got-Game_org = "hehagame.Got-Game.org"
|
||||||
|
$domain_newspaper_otzo_com = "newspaper.otzo.com"
|
||||||
|
$domain_greeting_hopewill_com = "greeting.hopewill.com"
|
||||||
|
$domain_picture_diohwm_com = "picture.diohwm.com"
|
||||||
|
$domain_npa_dynamicdns_org_uk = "npa.dynamicdns.org.uk"
|
||||||
|
$domain_formosa_happyforever_com = "formosa.happyforever.com"
|
||||||
|
$domain_moea_crabdance_com = "moea.crabdance.com"
|
||||||
|
$domain_subnotes_ignorelist_com = "subnotes.ignorelist.com"
|
||||||
|
$domain_forums_toythieves_com = "forums.toythieves.com"
|
||||||
|
$domain_paperspot_wikaba_com = "paperspot.wikaba.com"
|
||||||
|
$domain_firstme_mysecondarydns_com = "firstme.mysecondarydns.com"
|
||||||
|
$domain_nspo_itaiwans_com = "nspo.itaiwans.com"
|
||||||
|
$domain_asus_strangled_net = "asus.strangled.net"
|
||||||
|
$domain_freeonshop_x24hr_com = "freeonshop.x24hr.com"
|
||||||
|
$domain_mirdc_happyforever_com = "mirdc.happyforever.com"
|
||||||
|
$domain_job_jobical_com = "job.jobical.com"
|
||||||
|
$domain_hinet_homenet_org = "hinet.homenet.org"
|
||||||
|
$domain_cypd_slyip_com = "cypd.slyip.com"
|
||||||
|
$domain_picture_brogrammer_org = "picture.brogrammer.org"
|
||||||
|
$domain_17ublig_1dumb_com = "17ublig.1dumb.com"
|
||||||
|
$domain_cert_dynet_com = "cert.dynet.com"
|
||||||
|
$domain_cwb_soportetechmdp_com_ar = "cwb.soportetechmdp.com.ar"
|
||||||
|
$domain_zing_youdontcare_com = "zing.youdontcare.com"
|
||||||
|
$domain_mozila_strangled_net = "mozila.strangled.net"
|
||||||
|
$domain_tios_nsicscores_com = "tios.nsicscores.com"
|
||||||
|
$domain_setting_herbalsolo_com = "setting.herbalsolo.com"
|
||||||
|
$domain_pictures_wasson_com = "pictures.wasson.com"
|
||||||
|
$domain_jog_punked_us = "jog.punked.us"
|
||||||
|
$domain_pictures_happyforever_com = "pictures.happyforever.com"
|
||||||
|
$domain_superapple_sendsmtp_com = "superapple.sendsmtp.com"
|
||||||
|
$domain_rdec_compress_to = "rdec.compress.to"
|
||||||
|
$domain_timehigh_ddns_info = "timehigh.ddns.info"
|
||||||
|
$domain_amazon_otzo_com = "amazon.otzo.com"
|
||||||
|
$domain_teacher_yahoomit_com = "teacher.yahoomit.com"
|
||||||
|
$domain_dream_wikaba_com = "dream.wikaba.com"
|
||||||
|
$domain_webmail_24-7_ro = "webmail.24-7.ro"
|
||||||
|
$domain_av100_mynetav_net = "av100.mynetav.net"
|
||||||
|
$domain_yahoo_zzux_com = "yahoo.zzux.com"
|
||||||
|
$domain_zip_zyns_com = "zip.zyns.com"
|
||||||
|
$domain_avira_justdied_com = "avira.justdied.com"
|
||||||
|
$domain_dwnic_crabdance_com = "dwnic.crabdance.com"
|
||||||
|
$domain_africa_themafia_info = "africa.themafia.info"
|
||||||
|
$domain_wordhasword_darktech_org = "wordhasword.darktech.org"
|
||||||
|
$domain_techlaw_linestw_com = "techlaw.linestw.com"
|
||||||
|
$domain_webey_sbfhome_net = "webey.sbfhome.net"
|
||||||
|
$domain_twcert_compress_to = "twcert.compress.to"
|
||||||
|
$domain_INetGIS_faceboktw_com = "INetGIS.faceboktw.com"
|
||||||
|
$domain_idb_jamescyoung_com = "idb.jamescyoung.com"
|
||||||
|
$domain_icst_compress_to = "icst.compress.to"
|
||||||
|
$domain_needjustword_bbsindex_com = "needjustword.bbsindex.com"
|
||||||
|
$domain_blognews_onmypc_org = "blognews.onmypc.org"
|
||||||
|
$domain_su27_oCry_com = "su27.oCry.com"
|
||||||
|
$domain_dcns_soniceducation_com = "dcns.soniceducation.com"
|
||||||
|
$domain_front_fartit_com = "front.fartit.com"
|
||||||
|
$domain_sushow_xxuz_com = "sushow.xxuz.com"
|
||||||
|
$domain_motc_linestw_com = "motc.linestw.com"
|
||||||
|
$domain_facebook_itsaol_com = "facebook.itsaol.com"
|
||||||
|
$domain_tw_chatnook_com = "tw.chatnook.com"
|
||||||
|
$domain_newpower_jkub_com = "newpower.jkub.com"
|
||||||
|
$domain_boe_pixarworks_com = "boe.pixarworks.com"
|
||||||
|
$domain_docsedit_cleansite_us = "docsedit.cleansite.us"
|
||||||
|
$domain_wendy_uberleet_com = "wendy.uberleet.com"
|
||||||
|
$domain_flog_pgp_com_mx = "flog.pgp.com.mx"
|
||||||
|
$domain_zany_strangled_net = "zany.strangled.net"
|
||||||
|
$domain_microsfot_ikwb_com = "microsfot.ikwb.com"
|
||||||
|
$domain_blognews_ezua_com = "blognews.ezua.com"
|
||||||
|
$domain_beersale_servebeer_com = "beersale.servebeer.com"
|
||||||
|
$domain_ametoy_acmetoy_com = "ametoy.acmetoy.com"
|
||||||
|
$domain_effinfo_effers_com = "effinfo.effers.com"
|
||||||
|
$domain_movieonline_redirectme_net = "movieonline.redirectme.net"
|
||||||
|
$domain_tw_shop_tm = "tw.shop.tm"
|
||||||
|
$domain_asus0213_asuscomm_com = "asus0213.asuscomm.com"
|
||||||
|
$domain_furniture_home_kg = "furniture.home.kg"
|
||||||
|
$domain_dpp_edesizns_com = "dpp.edesizns.com"
|
||||||
|
condition:
|
||||||
|
any of them
|
||||||
|
}
|
||||||
10
yara/Flagpro-suricata-20250112.txt
Normal file
10
yara/Flagpro-suricata-20250112.txt
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
alert ip 107.191.61.40 any -> any any (msg:"Suspicious Flagpro IP detected Entering Network: 107.191.61.40 (source) - APT Group: BlackTech"; sid:518411836; rev:1;)
|
||||||
|
alert ip any any -> 107.191.61.40 any (msg:"Suspicious Flagpro IP detected Leaving Network: 107.191.61.40 (destination) - APT Group: BlackTech"; sid:518411837; rev:1;)
|
||||||
|
alert ip 172.104.109.217 any -> any any (msg:"Suspicious Flagpro IP detected Entering Network: 172.104.109.217 (source) - APT Group: BlackTech"; sid:2259028385; rev:1;)
|
||||||
|
alert ip any any -> 172.104.109.217 any (msg:"Suspicious Flagpro IP detected Leaving Network: 172.104.109.217 (destination) - APT Group: BlackTech"; sid:2259028386; rev:1;)
|
||||||
|
alert ip 139.162.87.180 any -> any any (msg:"Suspicious Flagpro IP detected Entering Network: 139.162.87.180 (source) - APT Group: BlackTech"; sid:3339182745; rev:1;)
|
||||||
|
alert ip any any -> 139.162.87.180 any (msg:"Suspicious Flagpro IP detected Leaving Network: 139.162.87.180 (destination) - APT Group: BlackTech"; sid:3339182746; rev:1;)
|
||||||
|
alert ip 45.76.184.227 any -> any any (msg:"Suspicious Flagpro IP detected Entering Network: 45.76.184.227 (source) - APT Group: BlackTech"; sid:3650785005; rev:1;)
|
||||||
|
alert ip any any -> 45.76.184.227 any (msg:"Suspicious Flagpro IP detected Leaving Network: 45.76.184.227 (destination) - APT Group: BlackTech"; sid:3650785006; rev:1;)
|
||||||
|
alert ip 45.32.23.140 any -> any any (msg:"Suspicious Flagpro IP detected Entering Network: 45.32.23.140 (source) - APT Group: BlackTech"; sid:9643976871; rev:1;)
|
||||||
|
alert ip any any -> 45.32.23.140 any (msg:"Suspicious Flagpro IP detected Leaving Network: 45.32.23.140 (destination) - APT Group: BlackTech"; sid:9643976872; rev:1;)
|
||||||
24
yara/Flagpro-yara-20250112.yar
Normal file
24
yara/Flagpro-yara-20250112.yar
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
Flagpro_IOCs {
|
||||||
|
meta:
|
||||||
|
creator = "Cpl Iverson"
|
||||||
|
date = "2025-01-12"
|
||||||
|
description = "Suspicious IPs, Hashes, and Domains"
|
||||||
|
apt_group = "BlackTech"
|
||||||
|
strings:
|
||||||
|
$ip_107_191_61_40 = "107.191.61.40"
|
||||||
|
$ip_172_104_109_217 = "172.104.109.217"
|
||||||
|
$ip_139_162_87_180 = "139.162.87.180"
|
||||||
|
$ip_45_76_184_227 = "45.76.184.227"
|
||||||
|
$ip_45_32_23_140 = "45.32.23.140"
|
||||||
|
$sha256_e197c583 = "e197c583f57e6c560b576278233e3ab050e38aa9424a5d95b172de66f9cfe970"
|
||||||
|
$sha256_840ce62f = "840ce62f92fc519cd1a33b62f4b9f92a962b7fb28c12d2f607dec0b520e6a4b2"
|
||||||
|
$sha256_e81255ff = "e81255ff6e0ed937603748c1442ce9d6588decf6922537037cf3f1a7369a8876"
|
||||||
|
$sha256_655ca39b = "655ca39beb2413803af099879401e6d634942a169d2f57eb30f96154a78b2ad5"
|
||||||
|
$sha256_54e6ea47 = "54e6ea47eb04634d3e87fd7787e2136ccfbcc80ade34f246a12cf93bab527f6b"
|
||||||
|
$sha256_77680fb9 = "77680fb906476f0d84e15d5032f09108fdef8933bcad0b941c9f375fedd0b2c9"
|
||||||
|
$sha256_ba27ae12 = "ba27ae12e6f3c2c87fd2478072dfa2747d368a507c69cd90b653c9e707254a1d"
|
||||||
|
$domain_update_centosupdates_com = "update.centosupdates.com"
|
||||||
|
$domain_org_misecure_com = "org.misecure.com"
|
||||||
|
condition:
|
||||||
|
any of them
|
||||||
|
}
|
||||||
BIN
yara/Plead-suricata-20250112.txt
Normal file
BIN
yara/Plead-suricata-20250112.txt
Normal file
Binary file not shown.
22
yara/Plead-yara-20250112.yar
Normal file
22
yara/Plead-yara-20250112.yar
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
Plead_IOCs {
|
||||||
|
meta:
|
||||||
|
creator = "Cpl Iverson"
|
||||||
|
date = "2025-01-12"
|
||||||
|
description = "Suspicious IPs, Hashes, and Domains"
|
||||||
|
apt_group = "BlackTech"
|
||||||
|
strings:
|
||||||
|
$sha1_13D064741B801E421E3B53BC5DABFA7031C98DD9 = "13D064741B801E421E3B53BC5DABFA7031C98DD9"
|
||||||
|
$sha1_62A693F5E4F92CCB5A2821239EFBE5BD792A46CD = "62A693F5E4F92CCB5A2821239EFBE5BD792A46CD"
|
||||||
|
$sha1_11A5D1A965A3E1391E840B11705FFC02759618F8 = "11A5D1A965A3E1391E840B11705FFC02759618F8"
|
||||||
|
$sha1_B01D8501F1EEAF423AA1C14FCC816FAB81AC8ED8 = "B01D8501F1EEAF423AA1C14FCC816FAB81AC8ED8"
|
||||||
|
$sha1_1DB4650A89BC7C810953160C6E41A36547E8CF0B = "1DB4650A89BC7C810953160C6E41A36547E8CF0B"
|
||||||
|
$sha1_9C4F8358462FAFD83DF51459DBE4CD8E5E7F2039 = "9C4F8358462FAFD83DF51459DBE4CD8E5E7F2039"
|
||||||
|
$sha1_80AE7B26AC04C93AD693A2D816E8742B906CC0E3 = "80AE7B26AC04C93AD693A2D816E8742B906CC0E3"
|
||||||
|
$sha1_239786038B9619F9C22401B110CF0AF433E0CEAD = "239786038B9619F9C22401B110CF0AF433E0CEAD"
|
||||||
|
$sha1_CA160884AE90CFE6BEC5722FAC5B908BF77D9EEF = "CA160884AE90CFE6BEC5722FAC5B908BF77D9EEF"
|
||||||
|
$domain_okinawas_ssl443_org = "okinawas.ssl443.org"
|
||||||
|
$domain_office_panasocin_com = "office.panasocin.com"
|
||||||
|
$domain_amazon_panasocin_com = "amazon.panasocin.com"
|
||||||
|
condition:
|
||||||
|
any of them
|
||||||
|
}
|
||||||
6
yara/TsCookie-suricata-20250112.txt
Normal file
6
yara/TsCookie-suricata-20250112.txt
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
alert ip 220.130.216.76 any -> any any (msg:"Suspicious TsCookie IP detected Entering Network: 220.130.216.76 (source) - APT Group: BlackTech"; sid:8166465416; rev:1;)
|
||||||
|
alert ip any any -> 220.130.216.76 any (msg:"Suspicious TsCookie IP detected Leaving Network: 220.130.216.76 (destination) - APT Group: BlackTech"; sid:8166465417; rev:1;)
|
||||||
|
alert ip 60.244.52.29 any -> any any (msg:"Suspicious TsCookie IP detected Entering Network: 60.244.52.29 (source) - APT Group: BlackTech"; sid:7569006617; rev:1;)
|
||||||
|
alert ip any any -> 60.244.52.29 any (msg:"Suspicious TsCookie IP detected Leaving Network: 60.244.52.29 (destination) - APT Group: BlackTech"; sid:7569006618; rev:1;)
|
||||||
|
alert ip 45.76.102.145 any -> any any (msg:"Suspicious TsCookie IP detected Entering Network: 45.76.102.145 (source) - APT Group: BlackTech"; sid:8497073872; rev:1;)
|
||||||
|
alert ip any any -> 45.76.102.145 any (msg:"Suspicious TsCookie IP detected Leaving Network: 45.76.102.145 (destination) - APT Group: BlackTech"; sid:8497073873; rev:1;)
|
||||||
61
yara/TsCookie-yara-20250112.yar
Normal file
61
yara/TsCookie-yara-20250112.yar
Normal file
@ -0,0 +1,61 @@
|
|||||||
|
TsCookie_IOCs {
|
||||||
|
meta:
|
||||||
|
creator = "Cpl Iverson"
|
||||||
|
date = "2025-01-12"
|
||||||
|
description = "Suspicious IPs, Hashes, and Domains"
|
||||||
|
apt_group = "BlackTech"
|
||||||
|
strings:
|
||||||
|
$ip_220_130_216_76 = "220.130.216.76"
|
||||||
|
$ip_60_244_52_29 = "60.244.52.29"
|
||||||
|
$ip_45_76_102_145 = "45.76.102.145"
|
||||||
|
$sha256_5443ee54 = "5443ee54a532846da3182630e2bb031f54825025700bcd5f0e34802e7345c7b2"
|
||||||
|
$sha256_0683437a = "0683437aebd980c395a83e837a6056df1a21e137e875f234d1ed9f9a91dfdc7f"
|
||||||
|
$sha256_1fa7cbe5 = "1fa7cbe57eedea0ebc8eb37b91e7536c07be7da7775a6c01e5b14489387b9ca8"
|
||||||
|
$sha256_201bf3cd = "201bf3cd2a723d6c728d18a9e41ff038549eac8406f453c5197a1a7b45998673"
|
||||||
|
$sha256_cdf0e4c4 = "cdf0e4c415eb55bccb43a650e330348b63bc3cbb53f71a215c44ede939b4b830"
|
||||||
|
$sha256_20f7f367 = "20f7f367f9cb8beca7ce1ba980fafa870863245f27fea48b971859a8cb47eb09"
|
||||||
|
$sha256_afe780ba = "afe780ba2af6c86babf2d0270156da61f556c493259d4ca54c67665c17b02023"
|
||||||
|
$sha256_06a9c713 = "06a9c71342eeb14b7e8871f77524e8acc7b86670411b854fa7f6f57c918ffd2b"
|
||||||
|
$sha256_6d2f5675 = "6d2f5675630d0dae65a796ac624fb90f42f35fbe5dec2ec8f4adce5ebfaabf75"
|
||||||
|
$sha256_6b66c6d8 = "6b66c6d8859dfe06c0415be4df2bd836561d5a6eabce98ddd2ee54e89e37fd44"
|
||||||
|
$sha256_39d7d764 = "39d7d764405b9c613dff6da4909d9bc46620beee7a7913c4666acf9e76a171e4"
|
||||||
|
$sha256_96306202 = "96306202b0c4495cf93e805e9185ea6f2626650d6132a98a8f097f8c6a424a33"
|
||||||
|
$sha256_12b0f133 = "12b0f1337bda78f8a7963d2744668854d81e1f1b64790b74d486281bc54e6647"
|
||||||
|
$sha256_2bd13d63 = "2bd13d63797864a70b775bd1994016f5052dc8fd1fd83ce1c13234b5d304330d"
|
||||||
|
$sha256_35f96618 = "35f966187098ac42684361b2a93b0cee5e2762a0d1e13b8d366a18bccf4f5a91"
|
||||||
|
$sha256_0debbcc2 = "0debbcc297cb8f9b81c8c217e748122243562357297b63749c3847af3b7fd646"
|
||||||
|
$sha256_17f1996a = "17f1996ad7e602bd2a7e9524d7d70ee8588dac51469b08017df9aaaca09d8dd9"
|
||||||
|
$sha256_203c924c = "203c924cd274d052e8e95246d31bd168f3d8a0700a774c98eff882c8b8399a2f"
|
||||||
|
$sha256_e451a1e0 = "e451a1e05c0cc363a185a98819cd2af421ac87154702bf72007ecc0134c7f417"
|
||||||
|
$sha256_1da9b4a8 = "1da9b4a84041b8c72dad9626db822486ce47b9a3ab6b36c41b0637cd1f6444d6"
|
||||||
|
$sha256_f16befd7 = "f16befd79b7f8ffdaf934ef337a91a5f1dc6da54c4b2bee5fe7a0eb38e8af39e"
|
||||||
|
$sha256_4a8237f9 = "4a8237f9ecdad3b51ffd00d769e23f61f1e791f998d1959ad9b61d53ea306c09"
|
||||||
|
$domain_apk36501_flnet_org = "apk36501.flnet.org"
|
||||||
|
$domain_okinawas_ssl443_org = "okinawas.ssl443.org"
|
||||||
|
$domain_gethappy_effers_com = "gethappy.effers.com"
|
||||||
|
$domain_ntp_ukrootns1_com = "ntp.ukrootns1.com"
|
||||||
|
$domain_twnicsi_ignorelist_com = "twnicsi.ignorelist.com"
|
||||||
|
$domain_jpcerts_jpcertinfo_com = "jpcerts.jpcertinfo.com"
|
||||||
|
$domain_eoffice_etowns_org = "eoffice.etowns.org"
|
||||||
|
$domain_lang_suroot_com = "lang.suroot.com"
|
||||||
|
$domain_office_dns04_com = "office.dns04.com"
|
||||||
|
$domain_jpcert_ignorelist_com = "jpcert.ignorelist.com"
|
||||||
|
$domain_epayplus_flnet_org = "epayplus.flnet.org"
|
||||||
|
$domain_lookatinfo_dnset_com = "lookatinfo.dnset.com"
|
||||||
|
$domain_longdays_csproject_org = "longdays.csproject.org"
|
||||||
|
$domain_langlang_dnset_com = "langlang.dnset.com"
|
||||||
|
$domain_appinfo_fairuse_org = "appinfo.fairuse.org"
|
||||||
|
$domain_fatgirls_fatdiary_org = "fatgirls.fatdiary.org"
|
||||||
|
$domain_carcolors_effers_com = "carcolors.effers.com"
|
||||||
|
$domain_ktyguxs_dnset_com = "ktyguxs.dnset.com"
|
||||||
|
$domain_newtowns_flnet_org = "newtowns.flnet.org"
|
||||||
|
$domain_sslmaker_ssl443_org = "sslmaker.ssl443.org"
|
||||||
|
$domain_twcertcc_jumpingcrab_com = "twcertcc.jumpingcrab.com"
|
||||||
|
$domain_iawntsilk_dnset_com = "iawntsilk.dnset.com"
|
||||||
|
$domain_edu_microsoftmse_com = "edu.microsoftmse.com"
|
||||||
|
$domain_inewdays_csproject_org = "inewdays.csproject.org"
|
||||||
|
$domain_savecars_dnset_com = "savecars.dnset.com"
|
||||||
|
$domain_splashed_effers_com = "splashed.effers.com"
|
||||||
|
condition:
|
||||||
|
any of them
|
||||||
|
}
|
||||||
BIN
yara/TsCookiev2-suricata-20250112.txt
Normal file
BIN
yara/TsCookiev2-suricata-20250112.txt
Normal file
Binary file not shown.
13
yara/TsCookiev2-yara-20250112.yar
Normal file
13
yara/TsCookiev2-yara-20250112.yar
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
TsCookiev2_IOCs {
|
||||||
|
meta:
|
||||||
|
creator = "Cpl Iverson"
|
||||||
|
date = "2025-01-12"
|
||||||
|
description = "Suspicious IPs, Hashes, and Domains"
|
||||||
|
apt_group = "BlackTech"
|
||||||
|
strings:
|
||||||
|
$sha256_fc863fbd = "fc863fbd71e22c99eaa2b1b0eb72d806cedeb536213e600afb03f0fbea9d2bb3"
|
||||||
|
$domain_home_mwbsys_org = "home.mwbsys.org"
|
||||||
|
$domain_app_dynamicrosoft_com = "app.dynamicrosoft.com"
|
||||||
|
condition:
|
||||||
|
any of them
|
||||||
|
}
|
||||||
24
yara/waterbear-suricata-20250112.txt
Normal file
24
yara/waterbear-suricata-20250112.txt
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
alert ip 45.77.181.203 any -> any any (msg:"Suspicious waterbear IP detected Entering Network: 45.77.181.203 (source) - APT Group: BlackTech"; sid:5921737425; rev:1;)
|
||||||
|
alert ip any any -> 45.77.181.203 any (msg:"Suspicious waterbear IP detected Leaving Network: 45.77.181.203 (destination) - APT Group: BlackTech"; sid:5921737426; rev:1;)
|
||||||
|
alert ip 103.40.112.228 any -> any any (msg:"Suspicious waterbear IP detected Entering Network: 103.40.112.228 (source) - APT Group: BlackTech"; sid:3182573330; rev:1;)
|
||||||
|
alert ip any any -> 103.40.112.228 any (msg:"Suspicious waterbear IP detected Leaving Network: 103.40.112.228 (destination) - APT Group: BlackTech"; sid:3182573331; rev:1;)
|
||||||
|
alert ip 59.125.119.202 any -> any any (msg:"Suspicious waterbear IP detected Entering Network: 59.125.119.202 (source) - APT Group: BlackTech"; sid:8583068955; rev:1;)
|
||||||
|
alert ip any any -> 59.125.119.202 any (msg:"Suspicious waterbear IP detected Leaving Network: 59.125.119.202 (destination) - APT Group: BlackTech"; sid:8583068956; rev:1;)
|
||||||
|
alert ip 139.180.201.6 any -> any any (msg:"Suspicious waterbear IP detected Entering Network: 139.180.201.6 (source) - APT Group: BlackTech"; sid:7607440005; rev:1;)
|
||||||
|
alert ip any any -> 139.180.201.6 any (msg:"Suspicious waterbear IP detected Leaving Network: 139.180.201.6 (destination) - APT Group: BlackTech"; sid:7607440006; rev:1;)
|
||||||
|
alert ip 139.162.112.74 any -> any any (msg:"Suspicious waterbear IP detected Entering Network: 139.162.112.74 (source) - APT Group: BlackTech"; sid:5681332719; rev:1;)
|
||||||
|
alert ip any any -> 139.162.112.74 any (msg:"Suspicious waterbear IP detected Leaving Network: 139.162.112.74 (destination) - APT Group: BlackTech"; sid:5681332720; rev:1;)
|
||||||
|
alert ip 172.104.92.110 any -> any any (msg:"Suspicious waterbear IP detected Entering Network: 172.104.92.110 (source) - APT Group: BlackTech"; sid:5363415535; rev:1;)
|
||||||
|
alert ip any any -> 172.104.92.110 any (msg:"Suspicious waterbear IP detected Leaving Network: 172.104.92.110 (destination) - APT Group: BlackTech"; sid:5363415536; rev:1;)
|
||||||
|
alert ip 168.95.1.1 any -> any any (msg:"Suspicious waterbear IP detected Entering Network: 168.95.1.1 (source) - APT Group: BlackTech"; sid:2071065055; rev:1;)
|
||||||
|
alert ip any any -> 168.95.1.1 any (msg:"Suspicious waterbear IP detected Leaving Network: 168.95.1.1 (destination) - APT Group: BlackTech"; sid:2071065056; rev:1;)
|
||||||
|
alert ip 45.76.218.116 any -> any any (msg:"Suspicious waterbear IP detected Entering Network: 45.76.218.116 (source) - APT Group: BlackTech"; sid:5808228675; rev:1;)
|
||||||
|
alert ip any any -> 45.76.218.116 any (msg:"Suspicious waterbear IP detected Leaving Network: 45.76.218.116 (destination) - APT Group: BlackTech"; sid:5808228676; rev:1;)
|
||||||
|
alert ip 108.160.138.235 any -> any any (msg:"Suspicious waterbear IP detected Entering Network: 108.160.138.235 (source) - APT Group: BlackTech"; sid:5795869186; rev:1;)
|
||||||
|
alert ip any any -> 108.160.138.235 any (msg:"Suspicious waterbear IP detected Leaving Network: 108.160.138.235 (destination) - APT Group: BlackTech"; sid:5795869187; rev:1;)
|
||||||
|
alert ip 211.72.242.120 any -> any any (msg:"Suspicious waterbear IP detected Entering Network: 211.72.242.120 (source) - APT Group: BlackTech"; sid:6756046166; rev:1;)
|
||||||
|
alert ip any any -> 211.72.242.120 any (msg:"Suspicious waterbear IP detected Leaving Network: 211.72.242.120 (destination) - APT Group: BlackTech"; sid:6756046167; rev:1;)
|
||||||
|
alert ip 108.160.132.108 any -> any any (msg:"Suspicious waterbear IP detected Entering Network: 108.160.132.108 (source) - APT Group: BlackTech"; sid:2503198458; rev:1;)
|
||||||
|
alert ip any any -> 108.160.132.108 any (msg:"Suspicious waterbear IP detected Leaving Network: 108.160.132.108 (destination) - APT Group: BlackTech"; sid:2503198459; rev:1;)
|
||||||
|
alert ip 220.135.71.92 any -> any any (msg:"Suspicious waterbear IP detected Entering Network: 220.135.71.92 (source) - APT Group: BlackTech"; sid:121564119; rev:1;)
|
||||||
|
alert ip any any -> 220.135.71.92 any (msg:"Suspicious waterbear IP detected Leaving Network: 220.135.71.92 (destination) - APT Group: BlackTech"; sid:121564120; rev:1;)
|
||||||
79
yara/waterbear-yara-20250112.yar
Normal file
79
yara/waterbear-yara-20250112.yar
Normal file
@ -0,0 +1,79 @@
|
|||||||
|
waterbear_IOCs {
|
||||||
|
meta:
|
||||||
|
creator = "Cpl Iverson"
|
||||||
|
date = "2025-01-12"
|
||||||
|
description = "Suspicious IPs, Hashes, and Domains"
|
||||||
|
apt_group = "BlackTech"
|
||||||
|
strings:
|
||||||
|
$ip_45_77_181_203 = "45.77.181.203"
|
||||||
|
$ip_103_40_112_228 = "103.40.112.228"
|
||||||
|
$ip_59_125_119_202 = "59.125.119.202"
|
||||||
|
$ip_139_180_201_6 = "139.180.201.6"
|
||||||
|
$ip_139_162_112_74 = "139.162.112.74"
|
||||||
|
$ip_172_104_92_110 = "172.104.92.110"
|
||||||
|
$ip_168_95_1_1 = "168.95.1.1"
|
||||||
|
$ip_45_76_218_116 = "45.76.218.116"
|
||||||
|
$ip_108_160_138_235 = "108.160.138.235"
|
||||||
|
$ip_211_72_242_120 = "211.72.242.120"
|
||||||
|
$ip_108_160_132_108 = "108.160.132.108"
|
||||||
|
$ip_220_135_71_92 = "220.135.71.92"
|
||||||
|
$sha256_eed2ab9f = "eed2ab9f2c09e47c7689204ad7f91e5aef3cb25a41ea524004a48bb7dc59f969"
|
||||||
|
$sha256_649675ba = "649675baef92381ffcdfa42e8959015e83c1ab1c7bbfd64635ce5f6f65efd651"
|
||||||
|
$sha256_3f26a971 = "3f26a971e393d7f6ce7bf4416abdbfa1def843a0cf74d8b7bb841ca90f5c9ed9"
|
||||||
|
$sha256_7532fe7a = "7532fe7a16ba1db4d5e8d47de04b292d94882920cb672e89a48d07e77ddd0138"
|
||||||
|
$sha256_50ba9a22 = "50ba9a2235b9b67e16e6bd26ae042a958d065eb2c5273f07eee20ec86c58a653"
|
||||||
|
$sha256_884cefcc = "884cefccd5b3c3a219a176c0c614834b5b6676abbac1d1c98f39624fccc71bf9"
|
||||||
|
$sha256_7c0d2782 = "7c0d2782a33debb65b488893705e71a001ea06c4eb4fe88571639ed71ac85cdd"
|
||||||
|
$sha256_4c05ee58 = "4c05ee584530fd9622b9e3be555c9132fad961848ea215ecb0dd9430df7e4ed8"
|
||||||
|
$sha256_9c436db4 = "9c436db49b27bed20b42157b50d8bdad414b12f01e2127718250565017a08d84"
|
||||||
|
$sha256_bda6812c = "bda6812c3bbba3c885584d234be353b0a2d1b1cbd29161deab0ef8814ac1e8e1"
|
||||||
|
$sha256_78581711 = "7858171120792e5c98cfa75ccde7cba49e62a2aeb32ed62322aae0a80a50f1ea"
|
||||||
|
$sha256_05d0ab2f = "05d0ab2fbeb7e0ba7547afb013d307d32588704daac9c12002a690e5c1cde3a4"
|
||||||
|
$sha256_485d5af4 = "485d5af4ad86e9241abd824df7b3f7d658b1b77c7dcc3c9b74bfe1ddc074c87d"
|
||||||
|
$sha256_6d40c289 = "6d40c289a154142cdd5298e345bcea30b13f26b9eddfe2d9634e71e1fb935fbe"
|
||||||
|
$sha256_d4d5c73c = "d4d5c73c40f50cdef1500fca8329bc8f3f05f6e2ffda9c8feb9be1dcca6ccd31"
|
||||||
|
$sha256_81a4b847 = "81a4b84700b5f4770b11a5fe30a8df42e5579fd622fd54143b3d2578df4b559d"
|
||||||
|
$sha256_f2160168 = "f21601686a2af1a312e0f99effa2c2755f872b693534dbe14f034fa23587ac0b"
|
||||||
|
$sha256_3fefceea = "3fefceeab9f845f9ddbe9c3a0712d45aad4c87fdbb178d13955944dbe6b338a3"
|
||||||
|
$sha256_aa51b69d = "aa51b69d05741144d139b422c3b90fdf6d7d5a36dd6c7090c226a0fc155ada34"
|
||||||
|
$sha256_9603b622 = "9603b62268c2bbb06da5c99572c3dc2ec988c49c86db2abc391acf53c1cccceb"
|
||||||
|
$sha256_53402b66 = "53402b662679f0bfd08de3abb064930af40ff6c9ec95469ce8489f65796e36c3"
|
||||||
|
$sha256_acb2abc7 = "acb2abc7fb44c2fdea0b65706d1e8b4c0bfb20e4bd4dcee5b95b346a60c6bd31"
|
||||||
|
$sha256_dea5c564 = "dea5c564c9d961ccf2ed535139fbfca4f1727373504f2972ac92acfaf21da831"
|
||||||
|
$sha256_f9f6bc63 = "f9f6bc637f59ef843bc939cb6be5000da5b9277b972904bf84586ea0a17a6000"
|
||||||
|
$sha256_cb1a536e = "cb1a536e11ae1000c1b29233544377263732ca67cd679f3f6b20016fbd429817"
|
||||||
|
$sha256_b9f3a3b9 = "b9f3a3b9452a396c3ba0ce4a644dd2b7f494905e820e7b1c6dca2fdcce069361"
|
||||||
|
$sha256_3277e3f3 = "3277e3f370319f667170fc7333fc5e081a0a87cb85b928219b3b3caf7f1e549c"
|
||||||
|
$sha256_3d18bb8b = "3d18bb8b9a5af20ab10441c8cd40feff0aabdd3f4c669ad40111e3aa5e8c54b8"
|
||||||
|
$sha256_abb91dfd = "abb91dfd95d11a232375d6b5cdf94b0f7afb9683fb7af3e50bcecdb2bd6cb035"
|
||||||
|
$sha256_638cfbe6 = "638cfbe609d7f3e88767133be5ea5f9a75f1d703275f38eb9ec2414e179483b9"
|
||||||
|
$sha256_5818bfe7 = "5818bfe75d73a92eb775fae3b876086a9e70e1e677b7c162b49fb8c1cc996788"
|
||||||
|
$sha256_b32ab70f = "b32ab70f3f441a775771d6c824d4526715460c0fd72a1dfdec8cd531aef5fabd"
|
||||||
|
$sha256_5a35672f = "5a35672f293f8f586fa9cfac0b09c2c52a85d4e8bc77b1ed4d7c16c58fe97a81"
|
||||||
|
$sha256_a7f3b8af = "a7f3b8afb963528b4821b6151d259cf05ae970bc4400b805f7713bd8a0902a42"
|
||||||
|
$sha256_73799d67 = "73799d67d32a2b5554c39330e81e7c8069feaa56520e22a7fd0a52e8857c510c"
|
||||||
|
$sha256_8cd6dfff = "8cd6dfffc251f9571f7a82cca2eca09914c950f3b96aaaeaeaaeeac342f9b550"
|
||||||
|
$sha256_28ca0c21 = "28ca0c218e14041b9f32a0b9a17d6ee5804e4ff52e9ef228a1f0f8b00ba24c11"
|
||||||
|
$sha256_3909e837 = "3909e837f3a96736947e387a84bb57e57974db9b77fb1d8fa5d808a89f9a401b"
|
||||||
|
$sha256_fcfdd079 = "fcfdd079b5861c0192e559c80e8f393b16ba419186066a21aab0294327ea9e58"
|
||||||
|
$sha256_8da532ea = "8da532ea294cc2c99e02ce8513a15b108a7c49bd90f7001ce6148955304733cb"
|
||||||
|
$sha256_9e3ecda0 = "9e3ecda0f8e23116e1e8f2853cf07837dd5bc0e2e4a70d927b37cfe4f6e69431"
|
||||||
|
$sha256_69d60562 = "69d60562a8d69500e8cb47a48293894385743716e2214fd4e81682ab6ed1c46b"
|
||||||
|
$sha256_35bd3c96 = "35bd3c96abbf9e4da9f7a4433d72f90bfe230e3e897a7aaf6f3d54e9ff66a05a"
|
||||||
|
$sha256_39668008 = "39668008deb49a9b9a033fd01e0ea7c5243ad958afd82f79c1665fb73c7cfadf"
|
||||||
|
$sha256_3442c076 = "3442c076c8824d5da065616063a6520ee1d9385d327779b5465292ac978dec26"
|
||||||
|
$sha256_f11e2146 = "f11e2146b4b7da69112f4681daca0c5ec18917acc4cf4f78d8bff7ac0b53e15c"
|
||||||
|
$sha256_c7c7b227 = "c7c7b2270767aaa2d66018894a7425ba6192730b4fe2130d290cd46af5cc0b7b"
|
||||||
|
$sha256_6f970227 = "6f97022782d63c6cea53ad151c5b7e764e62533d8257e439033c0307437bfb2a"
|
||||||
|
$domain_apple_wikaba_com = "apple.wikaba.com"
|
||||||
|
$domain_itaiwans_com = "itaiwans.com"
|
||||||
|
$domain_ntstore_hosthampster_com = "ntstore.hosthampster.com"
|
||||||
|
$domain_asiainfo_hpcloudnews_com = "asiainfo.hpcloudnews.com"
|
||||||
|
$domain_loop_microsoftmse_com = "loop.microsoftmse.com"
|
||||||
|
$domain_microsoftmse_com = "microsoftmse.com"
|
||||||
|
$domain_mx_msdtc_tw = "mx.msdtc.tw"
|
||||||
|
$domain_naaakkk_wikaba_com = "naaakkk.wikaba.com"
|
||||||
|
$domain_blog_mysecuritycamera_com = "blog.mysecuritycamera.com"
|
||||||
|
condition:
|
||||||
|
any of them
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user