-
Notifications
You must be signed in to change notification settings - Fork 84
/
2021-09-22 SquirrelWaffle IOCs
90 lines (77 loc) · 1.74 KB
/
2021-09-22 SquirrelWaffle IOCs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
THREAT IDENTIFICATION: SQUIRREL WAFFLE / QAKBOT
SUBJECTS OBSERVED
Subjects are from stolen email threads
SENDERS OBSERVED
ZIP FILE DISTRIBUTION URLS
https://coastalhighschool.com/voluptatum-aut/explicabo.zip
https://testpaginacalzado.grupomasis.com/et-sint/hic.zip
ZIP FILE HASHES
explicabo.zip
601063ae98a092de30d3d954e44804f6
hic.zip
05a23ce934aebeff293a95bbb3a0b7ca
MALDOC FILE HASHES
specification-188656757.xls
8c23f2bbdcf59af534db70109d1ec611
specification-1891894270.xls
bd1f6788e38c3cb782b6938ec99f7032
CONTACTED DOMAINS/PAYLOAD DOWNLOAD DOMAINS
colegiobilinguepioxii.com.co
keysite.com.co
ricardopiresfotografia.com
PAYLOAD FILE HASHES
test1.test
3c16f43b5d473754da5944ba593715f5
test2.test
67be4a2affe9cc7ce2a5c3b4a905c10d
test.test
c9fa781f4b96be67e6a9255a91cfa146
SQUIRREL WAFFLE C2 (POST DATA TO)
http://incentivaconsultores.com.co/55jHpKCc9DWy/
http://cdelean.org/0qvbbmu9g/
http://bazy.ps/M6SjrMSYC/
QAKBOT C2 TRAFFIC
105.198.236.101:443
105.198.236.99:443
106.250.150.98:443
109.106.69.138:2222
109.12.111.14:443
125.63.101.62:443
144.202.38.185:443
149.28.101.90:443
149.28.101.90:995
149.28.99.97:2222
149.28.99.97:443
175.143.92.16:443
189.210.115.207:443
195.43.173.70:443
196.151.252.84:443
196.221.207.137:995
207.246.77.75:8443
209.210.187.52:443
213.60.147.140:443
216.201.162.158:443
24.122.118.18:443
24.152.219.253:995
45.32.211.207:443
45.63.107.192:2222
45.63.107.192:443
45.77.115.208:2222
45.77.115.208:8443
45.77.115.208:995
50.29.166.232:995
64.121.114.87:443
71.187.170.235:443
72.240.200.181:2222
73.151.236.31:443
74.222.204.82:995
75.67.192.125:443
76.94.200.148:995
83.110.9.71:2222
83.196.56.65:2222
86.220.60.247:2222
92.59.35.196:2222
95.77.223.148:443
96.61.23.88:995