ioc[.]one - OSINT Cyber Threat Intelligence Database

tweets/2022-01-17-IOCs-for-Astaroth-Guildma-infection.txt at master · pan-unit42/tweets

Tags

country:	Brazil
attack-pattern:	Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Powershell - T1086 Scripting - T1064 Scripting

Show in Graph

Common Information

Type	Value
UUID	6080bbdc-badc-4602-9b00-45f46045631c
Fingerprint	ec1f3918a4a75687
Analysis status	DONE
Considered CTI value	2
Text language
Published	Jan. 17, 2022, midnight
Added to db	Sept. 11, 2022, 12:45 p.m.
Last updated	Nov. 18, 2024, 9:32 a.m.
Headline	UNKNOWN
Title	tweets/2022-01-17-IOCs-for-Astaroth-Guildma-infection.txt at master · pan-unit42/tweets
Detected Hints/Tags/Attributes	28/2/56

Source URLs

	Redirection	Url
Details	Source	https://github.com/pan-unit42/tweets/blob/master/2022-01-17-IOCs-for-Astaroth-Guildma-infection.txt

URL Provider

Details	Provider	Source level domain
Details	github.com	github.com

Attributes

Details	Type	#Events	Value
Details	Domain	1	brasilirib07.iribfinanceiroorgbrasil.cloud
Details	Domain	1	silvia.onmicrosoft.com
Details	Domain	20	is.gd
Details	Domain	1	y7iar15iowe.netirib.one
Details	Domain	1	zeb.mi.imati.cnr.it
Details	Domain	1	49oujr.elthalion.cfd
Details	Domain	1	1svdca3awt.reizorandir.sbs
Details	Domain	1	d36c259d9ddee6a5075920479f3c30df.bihcreuomegscmedfuaggprjrjomosga.cf
Details	Domain	1	b1de04354c314704bffdcf6da5989fd7.bihcreuomegscmedfuaggprjrjomosga.cf
Details	Domain	1	e25fa991460f33251405b284f08b84b4.jfhobjjddhsrspocbcorushsgcjhmgsg.gq
Details	Domain	1	4f7afe1492603307b978fbffb672156a.jfhobjjddhsrspocbcorushsgcjhmgsg.gq
Details	Domain	1	11847.20547.zip
Details	Email	1	envionotafiscal426@silvia.onmicrosoft.com
Details	File	1	2022-01-17-iocs-for-astaroth-guildma-infection.txt
Details	File	1	20547.zip
Details	File	1210	powershell.exe
Details	File	5	c:\windows\system32\bitsadmin.exe
Details	File	1	c:\windows\temp\bhriwgjtvqazbeciqbmivay37695086602\out.exe
Details	File	1	c:\windows\temp\bhriwgjtvqazbeciqbmivay37695086602\sqlite3.dll
Details	File	29	autoit3.exe
Details	File	1	c:\windows\temp\bhriwgjtvqazbeciqbmivay37695086602\dart.dll
Details	File	1	c:\windows\temp\bhriwgjtvqazbeciqbmivay37695086602\darts.dll
Details	File	1	c:\windows\temp\bhriwgjtvqazbeciqbmivay37695086602\log33.dll
Details	File	1	dart.dll
Details	File	1	darts.dll
Details	File	1	log33.dll
Details	md5	1	d36c259d9ddee6a5075920479f3c30df
Details	md5	1	b1de04354c314704bffdcf6da5989fd7
Details	md5	1	e25fa991460f33251405b284f08b84b4
Details	md5	1	4f7afe1492603307b978fbffb672156a
Details	sha256	1	d55076ddb14bb738c21af1b6350cd071ec9a83bb26cf627ea403d8f482d912b3
Details	sha256	1	4149af6393383f2d52407bb2ed0eee4649f3cacfd8b2d18967e6c2a4fd5078a0
Details	sha256	1	b03f5df4eb85bf5af00edab4fa5cce11abcb75e980f31e434fd957b86428d631
Details	sha256	1	9f0568fd4af722756a30ead152d90db4c38f06ae01cdb6e5ff7696007b25015a
Details	sha256	1	739b2dd012ea183895cc01116906f339c9aa1c0baabf6f22c8e59e25a0c12917
Details	sha256	1	b712286d4d36c74fa32127f848b79cfb857fdc2b1c84bbbee285cf34752443a2
Details	sha256	6	237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d
Details	sha256	1	841c97fdd8b434be673d22df68a378913800ab089a53c335221d63fa95caa52a
Details	sha256	1	485ed71cf4a39221d57656cb9f8c3fe87210e8a7b4de053611febea84a8a5d97
Details	sha256	1	560498979df4664e3d9aafc72504014da2d0dcf7480a8ea051c443313ff0e2df
Details	sha256	1	6a94418da55c81aeea4bf4d0d888a05c6ce67d2d18b417c4296851ceaa67c516
Details	sha256	1	20ed67c588295a375d220f9557a0a7b798c9cc21181798c8f0e6d4f0d35049db
Details	sha256	1	994c2693c964b2592c168b45a25128140a050201000000000000000000000000
Details	sha256	1	5d82afd889fd5af9485f3816a81c90c9c3b321a35ec20504fd2868e5e6428ce0
Details	sha256	1	79bba1f2f78495031be02c85daf25ff9f586013de148a2cb6ca68bcdaa1e8485
Details	sha256	1	4605553f18de62be3a13e1661d9a8457ebc33f6730bc898c03792fee0da56763
Details	IPv4	1	46.148.234.126
Details	IPv4	1	104.21.86.54
Details	IPv4	1	104.21.48.111
Details	IPv4	1	172.67.194.164
Details	IPv4	1	172.67.197.42
Details	IPv4	1	104.21.76.154
Details	IPv4	1	172.67.198.188
Details	IPv4	1	104.21.44.107
Details	IPv4	4	3.3.14.5
Details	Url	1	http://is.gd/oc6ano/m23deldyz1lelzimrk/z0ay20k2d2