2024 重点保障安全意识培训参会人员名单.zip
SHA256:c9d2dca72286c01e068b1995e3aa7772ff9686a492b89e8b8c7b0ecaf715cf40
MD5:eb97e771dc4dd54c18553471d5fe3bbb
C2:110.41.46.45:9111
攻击手法:Rust、APC 调用 CobaltStrike 木马
关于 2024 年公司财务调整的通知.exe
SHA256:d44f628b8e447249ef9ce8871350c52693c1f31cb126307be9f1b2c535053a4a
MD5:248b44673cbb0384180fc62ca972f018
来源:向日葵多协议 RDP 插件
关于 2024 攻防演练员工守则通知.exe
SHA256:bccd982dab220d22689cf81277789ef64b32f575a08f604e1a75da1d5d6aee10
MD5:1c26667276b0f3f69ab55bf8b34fdd22
C2:8.134.249.167:9099
攻击手法:利用微信检测虚拟机 后门木马
集团“星火计划”推荐学员参加选拔考试通知_docx.exe
SHA256:54a28a2bc66c4529aaf2c7b92d724f2a2943dcd12bb960f43e6d34cf90ace700
MD5:7c29a8b9e872af42b5d92dc98f87a917
C2:59.42.126.162:80
来源:CobaltStrike 木马
徐加李简历.docx.exe
SHA256:d86db50d6990d345a1280991b757c770b661d94592a68a95c48b189b7ac4bf50
MD5:b97e176e0ee5987ddfe98e056df343e9
SHA1:3bdde433ae2579d8270110fa6281e2feca7d6225
**金融(渠道经理).zip
SHA256:431d010c90b451c107d4160bb134ff072cf8c7076f16ab516faa2d31ef3c4759
MD5:6330fab9ce531ce8943132272a3cb2a7
相关IP域名/C2:mobile.static.apiproxy.cloud.360.net/mobile.static.apiproxy.cloud.360.net.cdn.dnsv1.com:443
攻击手法:域前置 CobaltStrike 木马
**会议(去除 30 分钟限制).exe
SHA256:ac962605550d120d4d38ba87a10c87027c7ccb3f430475c0104646183bc6f825
MD5:2a04ff4412e48aabdc6fc073ae734cd2
C2:154.12.83.210:54123
攻击手法:资源段解密执行 CobaltStrike 木马
**有限公司社会招聘报名登记表.exe
SHA256:02bbeb4d9d6f13fe1db44a0a2da572b1596d9ff59b79376e8afaeab0ba76a1d6
MD5:09c7199b2bcd0d908a2b8d6867a1b240
C2:2gwxrah28rj0z.cfc-execute.bj.baidubce.com
攻击手法:垃圾代码耗时、Rust CobaltStrike 木马
第三周周报.exe
SHA256:090a42171e42477dbcf0d02a4e901e8eb20cfde8c1765c9a67a84bafd256b2a4
MD5:5cd7b3e9950c5169a5278bdee38438ef
C2:2gwxrah28rj0z.cfc-execute.bj.baidubce.com,downloadlog.oss-cn-chengdu.aliyuncs.com
攻击手法:go 编译,从对象存储中获取到加密载荷 CobaltStrike 木马
测试 tdp (2).zip
SHA256:13d7483a1f1a0b72aaa09ec985797556eeb402c893013a5bc08b706300c5bb3d
MD5:e2eba605cf1b6822e1bd9cb06bd334db
C2:101.200.150.8:8089
攻击手法:原版 CS CobaltStrike 木马
《关于集团网络资产评估管理有关事项的通知》.exe
SHA256:f1d4316a2c7bccf197ee6209389fe1ad7aef8a3b94aebae5548c8d1a05f036cd
MD5:1b50d0cc313552072462327588f93a49
C2:117.50.187.104:443
来源:CobaltStrike 木马
对于**有限公司的异议书.exe
SHA256:7b9c13919a006396b8c60eeaa54bd5728ef70aa7b7890232f3752506243a3e66
MD5:32a8cade2024195a71aeb1ebbd1c296f
C2:175.178.226.246:33333
来源:CobaltStrike 木马
artifact.exe
SHA256:c716ebfc4ae128c5d3b5a882683d7ca833bc4f339909cba4153425d4df765954
MD5:9974ad03575c5a8bfae6f2bb787321ea
C2:39.101.122.168:89
来源:CobaltStrike 木马
***服务平台-存在弱口令漏洞.exe
SHA256:2358438e0c5931b12b2233d449354d3db21e17c350fdf171298c6665514bc655
MD5:aef9c59cb030b7e4038ca9850c95f8a2
C2:www.tencentcloud.site
攻击手法:白加黑 CobaltStrike 木马
杨*.rar
SHA256:7a5fdc1afaadd9d3673b922c45d65061b0ac01f9ffce6b0aec1126d843561f72
MD5:6a0427a10e8e51b1db6c5670fe071f82
相关IP域名:36.249.64.101:443(CDN),www.jinsixian.cn(Host)
攻击手法:域前置 CobaltStrike 木马
***服务平台-存在弱口令漏洞.exe
SHA256:2358438e0c5931b12b2233d449354d3db21e17c350fdf171298c6665514bc655
MD5:aef9c59cb030b7e4038ca9850c95f8a2
C2:www.tencentcloud.site
攻击手法:白加黑 CobaltStrike 木马
Desktop.exe
SHA256:ce19a3062a20d0f2b0bc2a774c11912214aba6e27a191ae31bb96bf6610ca765
MD5:65c7f30fde67152da3176a8b55577acc
C2:101.132.194.179:8081
来源:CobaltStrike 木马
edragent
SHA256:e3ef6b7090bba1ca1590f09538f2261d78dbfbea1435dd99b1e8e12e1636bbe5
MD5:a7a2d23e0b1941876d043f0af6e71110
C2:139.196.210.163:50010
来源:CobaltStrike 木马
原文始发于微信公众号(嗨嗨安全):【情报速递】HW 最新木马样本集情报
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论