-
Notifications
You must be signed in to change notification settings - Fork 12
/
Copy pathKVbotnet_IOCs.txt
128 lines (122 loc) · 5.59 KB
/
KVbotnet_IOCs.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
Indicators of Compromise
------------------------
(Feb 7, 2024 release)
IP address Timeframe Characterization
152.32.138[.]247 Dec 5, 2023 - Jan 3, 2024 Callback Server
45.159.209[.]228 Dec 15, 2023 Payload Server
45.63.60[.]39 Jan 12, 2024 Router Proxy C2
45.32.174[.]131 Jan 12, 2024 Router Proxy C2
------------------------
(Previous IOCs Dec 13, 2023)
IP Address Active Timeframe Characterization
207.246.100[.]151 Feb. 7 – May 6 2022 Proxy Router C2
66.42.124[.]155 Feb. 7 – May 6 2022 Proxy Router C2
104.156.246[.]150 Feb. 7 – May 6 2022 Proxy Router C2
192.169.6[.]241 May 2 – May 3 2022 Proxy Router C2
149.28.119[.]73 May 8 – Sept. 25 2022 Proxy Router C2
45.32.88[.]250 May – Nov. 2 2022 Proxy Router C2
144.202.43[.]124 Sept. 22 – Nov. 2 2022 Proxy Router C2
108.61.203[.]19 Nov. 12 – Dec. 2022 Proxy Router C2
140.82.20[.]246 Nov. 12 – Dec. 2022 Proxy Router C2
159.203.72[.]166 Mar. 27 – Nov. 13 2023 Proxy Router C2
140.82.20[.]246 Nov. 28, 2022 – Nov. 13 2023 Proxy Router C2
108.61.132[.]157 Nov. 15 – 20, 2023 Proxy Router C2
144.202.49[.]189 Nov. 17 – Dec. 6 2023 Proxy Router C2
174.138.56[.]21 Nov. 17 – Dec. 4 2023 Proxy Router C2
159.203.113[.]25 Nov. 17 – Dec. 6 2023 Proxy Router C2
216.128.179[.]235 May – Dec. 6 2022 Callback Server
216.128.180[.]232 May 19 – Sept. 25 2022 1st stage Payload Server
155.138.146[.]162 Sept. 26 – Dec. 12 2022 1st stage Payload Server
45.156.21[.]172 Dec. 13, 2022 – Sept. 1 2023 1st stage Payload Server
45.11.92[.]176 April – Dec. 6 2023 1st stage Payload Server
193.36.119[.]48 Aug. 28, 2022 – Dec. 6 2023 1st stage Upstream Controller
Files
Kv-all.sh (Cisco)
7043ffd9ce3fe48c9fb948ae958a2e9966d29afe380d6b61d5efb826b70334f5
Kv-arm
690638c702170dba9e43b0096944c4e7540b827218afbfaebc902143cda4f2a7
Kv-mipsel
48299c2c568ce5f0d4f801b4aee0a6109b68613d2948ce4948334bbd7adc49eb
Cli_download_arm
0279435f8727cca99bee575d157187787174d39f6872c2067de23afc681fe586
Cli_download_mipsel
2cb6df289475457e807fc202a2b4688b2e23a88c94a8431981780caf8b76acf7
download_cli_x86_64
b4f2470159ca93f9d585ae2df1da972f6d14a0c418ebc202a324b9be5c877b61
Cli_download_MIPs
d6cd1636569bba4131462bb8f45be1daa9a203aa343b6f2fd48a4847acfc29fa
Cli_download_I866
3fab16ec4643d8f6b9a99d85427322f7fb40e9ea3cd4de8318c6a52e29869d5a
86f01d5342ec39c65b1cff716f19c334cec26a82b87492d783d5e8f4ff9cb63a
Test_02
19aa5a2235ee2518826a48363cb603060ee73ddccdf7d93bf197f97d7402aa37
Main payloads
Sha256:c524e118b1e263fccac6e94365b3a0b148a53ea96df21c8377ccd8ec3d6a0874
Sha1:067f238d9d5c219d3c359dc398f5416f1a99c70b
Sha256:2711f1341d2f150a0c3e2d596939805d66ba7c6403346513d1fc826324f63c87
Sha1: 08ad4f940d488587697820d13c3d175a05e5fa6c
Sha256:5928f67db54220510f6863c0edc0343fdb68f7c7070496a3f49f99b3b545daf9
Sha1:0bafedb699488d2a46878b429e8992f50e881eee
Sha256:8e35d8643c00d9e2993625b03366a7cd1bd36e6a60bc0c6039a509fccf9df150
Sha1:245e31af35cc6b950fcf08a0348a1b5ad178bf9a
Sha256:07118af421f14a7e07601639f44a72f6782757ae74d2afffdb531b8209697e7f
Sha1:311722dc71061d9977b8f713f812ed47ff9b8a7a
Sha256:dc7b6b4f53581b53edfbbc83d825cfa0450b2039f126cd62e8529189bb156033
Sha1:3a2ef359ee152f2f4b19c418d7b3cbee
Sha256:c2299d8581af4ea8048bbf2bffd45c6ddca323c9c718c172355cc0df006ea6ca
Sha1:48c3bd085b0d078cc6981f717755b694
Sha256:88fc3816c94f9b0191179f4e933843ee4cfdbcb392968605491a387b1235ec12
Sha1:4bfffff0405a1156c801444c35b25c241b687c04
Sha256:6a8230e66011e0a0012273f7d12110c23b1e33bd7232dc67a836662a3d1075c7
Sha1:6528827cdd6fd5b27543669c606577a3fd733e73
Sha256:08d0da0c36089f7a1f700b989f2f7825c5ba2549a20735d0bd1e64ca9c4885bc
Sha1:6b458e39559fb6cb9f1c23ec15ee7300fcf15da7
Sha256:e88b03465c0376463f912a5601a518cc697330dc3e5857068f3de0c434b52c9a
Sha1:6c177b41cc4376afbc955522ee213addb4ca2ef4
Sha256:c0871ecfe8b306074c6d376db14d966578a8511e5b5d355a4cf2c4d0b8c9deb9
Sha1:7178ee14a4103f569d0cb4cc84ab016f27caf7dc
Sha256:b845ef0f9c5853ad1c226ac0ae7bb91159d5bb132185c1bfd171696b755a9164
Sha1:7b30dc024e2bbfa9d21aca46783a6cd2656e6a92
Sha256:5a2681ea2e1d0d5e7db2a2499d2e6e27b2689830c638d5ee28c2eef9867ececf
Sha1:82de9031e5f6e46f7b7560d7ae45329f711d139f
Sha256:5512cce87ff9dfd3ee9721eb29302d1700199ed7d625e09f9f779772ec06bdb0
Sha1:8c04be1d054d0a9a5e33723ed91c336cd9e94cce
Sha256:f5271fcb895977dc1eead64415e525323cd412e3f2625aee2fafbb5674beea28
Sha1:8ed5a832dc036c452e137199db3e2f021390a9fb
Sha256:d90e4a1b3a6bf019474b3be1703bf3211f1ebcca00b21bc252a39af274dc4fb0
Sha1:9029f0e725e0134b1ca3db329d263d7794623c5f
Sha256:9e6a2a01decc2c26f3586a119b6fd3a886c4cf9c76aa452339d164fda40c63e4
Sha1:9c13ccb0c31539303b4b9cf0c8b6691afb351d77
Sha256:bf0ed245e897c7d1ada511db2939e8f3a879a96543f2651d5631339d5419bb75
Sha1:a4414dee4899fad39014b269d16daed7065ba123
Sha256:c71d04e2b6b35fdd058b4be5cf9ea3478697950378d4ee3c7fe0bf87e1e3730f
Sha1:a6a4e8aba325b1942c80beaf17dc9887efd2f7a0
Sha256:36c63d0c2a78497ccf555e84f0233a514943faeff38281d99d00baf5df23f184
Sha1:f7315b4a12fd470a561be7289631a776
Sha256:b6226c3e0e4ad64bbda3e6a79eb464c7050faa25d1f5332dcac014d2e79dd87f
Sha1:fd8981b043381adfaed6ac4c4a625c177d343804
X.509 Certificate sha256 Fingerprints
cdffba0ebda39b3b58f59815be3829ca9c1cde957b46a6ad5ce4b31e405455bb
2b640582bbbffe58c4efb8ab5a0412e95130e70a587fd1e194fbcd4b33d432cf