YoroTrooper APT IOCs - SEC-1275-1
Common Information
Type Value
UUID 11c59a1d-5df0-4cc4-8419-1b6d5f0408d9
Fingerprint 2e8938f05b20da4a
Analysis status DONE
Considered CTI value 0
Text language
Published Oct. 30, 2023, midnight
Added to db Oct. 30, 2023, 6:56 a.m.
Last updated Nov. 17, 2024, 12:58 p.m.
Headline YoroTrooper APT IOCs
Title YoroTrooper APT IOCs - SEC-1275-1
Detected Hints/Tags/Attributes 14/1/102
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 8 Архивы IOC - SEC-1275-1 https://1275.ru/ioc/feed 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 3
tpp.tj
Details Domain 2
auth.mail-ru.link
Details Domain 3
mail.az-link.email
Details Domain 3
mail.asco.az-link.email
Details Domain 3
redirect.az-link.email
Details File 3
file.js
Details File 1
mshostss.rar
Details File 1
png.php
Details File 1
rat.js
Details File 2
rat.php
Details File 1
startpng.js
Details File 1
2208281.pdf
Details File 2
az.pdf
Details File 27
file.php
Details File 207
login.php
Details File 2
c1.exe
Details File 25
main.exe
Details File 1
main2.exe
Details File 1
resoluton.exe
Details File 1
wwser.exe
Details File 1
uap.txt
Details File 1
bossmaster.txt
Details File 1
azərbaycan_litva.jpg
Details File 20
login.aspx
Details File 1
rightupsbot.txt
Details sha1 2
75676763663a2f2f31302e3130302e3230302e32
Details sha256 2
0a9908d8c4de050149883ca17625bbe97830ba61c3fe6b0ef704c65361027add
Details sha256 2
1828e2df0ad76ea503af7206447e40482669bb25624a60b0f77743cd70f819f6
Details sha256 2
1e350b316cbc42917f10f6f12fa2a0b8ed2fa6b0159c36141bce18edb6ea7aa0
Details sha256 2
30a969fa0492479b1c6ef6d23f8fcccf3d7af35b235d74cab2c0c2fc8c212ad4
Details sha256 2
37c369f9a9cac898af2668b1287dea34c753119071a1c447b0bfecd171709340
Details sha256 2
56fc680799999e38ce84c80e27788839f35ee817816de15b90aa39332fcc5aee
Details sha256 2
57d0336c0dbaf455229d2689bf82f9678eb519e017d40ba60a6d6b90f87321f8
Details sha256 2
5a6b089b1d2dd66948f24ed2d9464ce61942c19e98922dd77d36427f6cded634
Details sha256 2
8131bd594aff4f4e233ac802799df3422f423dc28e96646a09a2656563c4ad7c
Details sha256 2
832d58d9e067730a5705c8c307fd51c044d9697911043be9564593e05216e82a
Details sha256 2
8921c20539fc019a9127285ca43b35610f8ecb0151872cdd50acdaa12c23722d
Details sha256 2
93829ee93688a31f90572316ecb21702eab04886c8899c0a59deda3b2f96c4be
Details sha256 2
941be28004afc2c7c8248a86b5857a35ab303beb33c704640852741b925558a1
Details sha256 2
9b81c5811ef3742cd4f45b6c3ba1ace70a0ce661acc42d974beaeddf307dd53d
Details sha256 2
a25db1457cf6b52be481929755dd9699ed8d009aa30295b2bf54710cb07a2f22
Details sha256 2
a3b1c3faa287f6ba2f307af954bb2503b787ae2cd59ec65e0bdd7a0595ea8c7e
Details sha256 2
a5d8924f7f285f907e7e394635f31564a371dd58fad8fc621bacd5a55ca5929b
Details sha256 2
ab6a8718dffbe48fd8b3a74f4bcb241cde281acf9e378b0c2370a040e4d827da
Details sha256 2
b4eac90e866f5ad8af37b43f5e9459e59ee1e7e2cbb284703c0ef7b1a13ee723
Details sha256 2
b6a5d6696cbb1690f75b0d9a42df8cefd444cfd3749be474535948a70ff2efd2
Details sha256 2
da75326cfebcca12c01e4a51ef77547465e03316c5f6fbce901ddcfe6425b753
Details sha256 2
e0c7479e36b20cd7c3ca85966968b258b1148eb645a544230062ec5dff563258
Details sha256 2
e95e64e7ba4ef18df0282df15fc97cc76ba57ea250a0df51469337f561cc67d3
Details sha256 2
ed8c04a3e2d95d5ad8e2327a56d221715f06ed84eb9dc44ff86acff4076629d7
Details sha256 2
f55b41ca475f411af10eaf082754c6e8b7a648da4fa72c23cbfea9fa13a91d88
Details IPv4 3
168.100.8.21
Details IPv4 5
46.161.27.151
Details IPv4 3
168.100.8.242
Details IPv4 3
168.100.8.36
Details IPv4 3
206.166.251.146
Details IPv4 5
46.161.40.164
Details Url 3
http://168.100.8.21/file.js
Details Url 3
http://168.100.8.21/mshostss.rar
Details Url 3
http://168.100.8.21/png.php
Details Url 3
http://168.100.8.21/rat.js
Details Url 3
http://168.100.8.21/rat.php
Details Url 3
http://168.100.8.21/startpng.js
Details Url 3
http://168.100.8.21/win.hta
Details Url 2
http://168.100.8.242/0075676763663a2f2f31302e3130302e3230302e32/0075676763663a2f2f31302e3130302e3230302e32
Details Url 2
http://168.100.8.242/0075676763663a2f2f31302e3130302e3230302e32/0075676763663a2f2f31302e3130302e3230302e32/index_files/2208281.pdf
Details Url 2
http://168.100.8.242/0075676763663a2f2f31302e3130302e3230302e32/0075676763663a2f2f31302e3130302e3230302e32/index_files/az.pdf
Details Url 2
http://168.100.8.242/0075676763663a2f2f31302e3130302e3230302e32/0075676763663a2f2f31302e3130302e3230302e32/logout
Details Url 3
http://168.100.8.36
Details Url 2
http://168.100.8.36/0075676763663a2f2f31302e3130302e3230302e32/0075676763663a2f2f31302e3130302e3230302e32/index_files/file.php
Details Url 2
http://168.100.8.36/0075676763663a2f2f31302e3130302e3230302e32/0075676763663a2f2f31302e3130302e3230302e32/index_files/login.php
Details Url 2
http://168.100.8.36/0075676763663a2f2f31302e3130302e3230302e32/0075676763663a2f2f31302e3130302e3230302e32/logout
Details Url 2
http://206.166.251.146/0075676763663a2f2f31302e3130302e3230302e32/0075676763663a2f2f31302e3130302e3230302e32/index_files/az.pdf
Details Url 2
http://206.166.251.146/0075676763663a2f2f31302e3130302e3230302e32/0075676763663a2f2f31302e3130302e3230302e32/logout
Details Url 3
http://46.161.27.151:80/c1.exe
Details Url 3
http://46.161.40.164/main.exe
Details Url 3
http://46.161.40.164/main2.exe
Details Url 3
http://46.161.40.164/resoluton.exe
Details Url 3
http://46.161.40.164/wwser.exe
Details Url 3
http://tpp.tj/285/file.js
Details Url 3
http://tpp.tj/285/png.php
Details Url 3
http://tpp.tj/285/startpng.js
Details Url 3
http://tpp.tj/285/uap.txt
Details Url 3
http://tpp.tj/285/update.hta
Details Url 3
http://tpp.tj/bossmaster.txt
Details Url 3
http://tpp.tj/t/rat.js
Details Url 3
http://tpp.tj/t/rat.php
Details Url 2
https://auth.mail-ru.link/public_html/home/files/login.php?email=1
Details Url 3
https://e.mail.az-link.email
Details Url 2
https://e.mail.az-link.email/public/security/files/azərbaycan_litva.jpg
Details Url 2
https://e.mail.az-link.email/public/security/files/login.php?email=1
Details Url 2
https://mail.asco.az-link.email/5676763663a2f2f31302e3130302e3230302e32/75676763663a2f2f31302e3130302e3230302e32/login.php
Details Url 3
https://mail.asco.az-link.email/login.aspx
Details Url 3
https://redirect.az-link.email
Details Url 2
https://redirect.az-link.email/5676763663a2f2f31302e3130302e3230302e32/75676763663a2f2f31302e3130302e3230302e32/login.aspx
Details Url 3
https://tpp.tj/main.exe
Details Url 3
https://tpp.tj/rightupsbot.txt
Details Url 3
https://tpp.tj/t/file.js
Details Url 3
https://tpp.tj/t/png.php
Details Url 3
https://tpp.tj/t/rat.php
Details Url 3
https://tpp.tj/t/startpng.js
Details Url 3
https://tpp.tj/t/sys.hta