-
Notifications
You must be signed in to change notification settings - Fork 16
/
Copy pathGoldDragon_campaign.txt
72 lines (65 loc) · 2.29 KB
/
GoldDragon_campaign.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
Indicators of Compromise Gold Dragon campaign
Reference: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malware-attacks-gains-permanent-presence-on-victims-systems/
MITRE ATT&CK techniques Observed during the campaign:
+++++++++++++++++++++++++++++++++++++++++++++++++++++
Powershell
Data Encrypted
Scheduled Task
Modify Existing Service
Data from local system
Exfiltration over Command and Control channel
Disabling Security tools
Exfiltration Over Other Network Medium
Modify Registry
Rundll32
Network Service Scanning
File and Directory Discovery
Process Discovery
System Information Discovery
System Network Configuration Discovery
Query Registry
Input Capture
DLL Side Loading
IPs
++++++++++++++++++++++++++++++++++++++++++++++++
223.194.70.136
Domains
++++++++++++++++++++++++++++++++++++++++++++++++
trydai.000webhostapp.com
follow_dai.000webhostapp.com
eodo1.000webhostapp.com
nid-help-pchange.atwebpages.com
ink.inkboom.co.kr
followgho.byethost7.com
Hashes
+++++++++++++++++++++++++++++++++++++++++
fef671c13039df24e1606d5fdc65c92fbc1578d9
06948ab527ae415f32ed4b0f0d70be4a86b364a5
96a2fda8f26018724c86b275fe9396e24b26ec9e
ad08a60dc511d9b69e584c1310dbd6039acffa0d
c2f01355880cd9dfeef75cff189f4a8af421e0d3
615447f458463dc77f7ae3b0a4ad20ca2303027a
bf21667e4b48b8857020ba455531c9c4f2560740
bc6cb78e20cb20285149d55563f6fdcf4aaafa58
465d48ae849bbd6505263f3323e818ccb501ba88
a9eb9a1734bb84bbc60df38d4a1e02a870962857
539acd9145befd7e670fe826c248766f46f0d041
d63c7d7305a8b2184fff3b0941e596f09287aa66
35e5310b6183469f4995b7cd4f795da8459087a4
11a38a9d23193d9582d02ab0eae767c3933066ec
e68f43ecb03330ff0420047b61933583b4144585
83706ddaa5ea5ee2cfff54b7c809458a39163a7a
3a0c617d17e7f819775e48f7edefe9af84a1446b
761b0690cd86fb472738b6dc32661ace5cf18893
7e74f034d8aa4570bd1b7dcfcdfaa52c9a139361
5e1326dd7122e2e2aed04ca4de180d16686853a7
6e13875449beb00884e07a38d0dd2a73afe38283
4f58e6a7a04be2b2ecbcdcbae6f281778fdbd9f9
389db34c3a37fd288e92463302629aa48be06e35
71f337dc65459027f4ab26198270368f68d7ae77
5a7fdfa88addb88680c2f0d5f7095220b4bbffc1
7ae731d666e547b4f3442fe5675c8e8719d8d862
URLs
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
hxxps://minibodegaslock.cl:443/components/com_tags/controllers/default_tags.php
hxxps://minibodegaslock.cl/components/com_tags/controllers/access_log