malware-ioc/especter at master · eset/malware-ioc
Tags
| attack-pattern: | Data Bootkit - T1542.003 Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Bootkit - T1067 Rootkit - T1014 Rootkit |
Common Information
| Type | Value |
|---|---|
| UUID | a8f73262-6c98-4143-a943-af48c4977ab1 |
| Fingerprint | 99988b0b8da674d2 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Jan. 1, 2022, midnight |
| Added to db | Sept. 26, 2022, 9:33 a.m. |
| Last updated | Nov. 17, 2024, 6:30 p.m. |
| Headline | ESPecter — Indicators of Compromise |
| Title | malware-ioc/especter at master · eset/malware-ioc |
| Detected Hints/Tags/Attributes | 19/1/48 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://github.com/eset/malware-ioc/tree/master/especter |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 262 | www.welivesecurity.com |
|
| Details | Domain | 1 | swj02.gicp.net |
|
| Details | Domain | 1 | server.microsoftassistant.com |
|
| Details | Domain | 1 | yspark.justdied.com |
|
| Details | Domain | 1 | crystalnba.com |
|
| Details | File | 2 | winsys.dll |
|
| Details | File | 1 | %windir%\temp\vmmmlog.exe |
|
| Details | File | 1 | %windir%\temp\vmmmmlog.exe |
|
| Details | File | 13 | client.dll |
|
| Details | File | 9 | null.sys |
|
| Details | File | 12 | beep.sys |
|
| Details | File | 1 | %windir%\\help\\intel.chm |
|
| Details | sha1 | 1 | abc03a234233c63330c744fda784385273af395b |
|
| Details | sha1 | 1 | dcd42b04705b784ad62bb36e17305b6e6414f033 |
|
| Details | sha1 | 1 | 656c263fa004bb3e6f3ee6ef6767d101869c7f7c |
|
| Details | sha1 | 1 | a8b4fe8a421c86eae060bb8bf525ef1e1fc133b2 |
|
| Details | sha1 | 1 | 3ac6f9458a4a1a16390379621fdd230c656fc444 |
|
| Details | sha1 | 1 | 9f6df0a011748160b0c18fb2b44ebe9fa9d517e9 |
|
| Details | sha1 | 1 | 2c22ae243fdc08b84b38d9580900a9a9e3823acf |
|
| Details | sha1 | 1 | 08077d940f2b385fbd287d84edb58493136c8391 |
|
| Details | sha1 | 1 | 1d75bfb18ffc0b820cb36acf8707343fa6679863 |
|
| Details | sha1 | 1 | 37e49dbceb1354d508319548a7efbd149bfa0e8d |
|
| Details | sha1 | 1 | 7f501aeb51ce3232a979ccf0e11278346f746d1f |
|
| Details | sha1 | 1 | 27ad0a8a88eab01e2b48ba19d2aaabf360ece5b8 |
|
| Details | sha1 | 1 | 8ab33e432c8bee54ae759dfb5346d21387f26902 |
|
| Details | sha1 | 1 | 09f0f17aeccdef5cb1112bc9bef0fe4f828d6d3b |
|
| Details | sha1 | 1 | 374d1a399ef44472ee088563d621df28221cbcce |
|
| Details | sha1 | 1 | 7ad4442d3c02fa145bef9bf18c9464c3e4449224 |
|
| Details | sha1 | 1 | 865f5b87b5f6fb75f3ec68ca05a21cc36446812f |
|
| Details | sha1 | 1 | 99dc33bedf4cb9bdbdf04cc60e1da55cfbeadc09 |
|
| Details | sha1 | 1 | c06eeb1600cf4e8aac91730e00dd7c169738afde |
|
| Details | sha1 | 1 | c8c2c127ec6af87d96b058ff023b534f1237215c |
|
| Details | sha1 | 1 | ca19347287fce93f2c675efdf88c8b0db4910929 |
|
| Details | sha1 | 1 | cae4b2c049542fd28667ca6e9afa440b3f0138f9 |
|
| Details | sha1 | 1 | 180b0e6a4a3334aaa4249b3d631695a31eb45d7a |
|
| Details | sha1 | 1 | c7fe86e5981b39927275873c3a386cb1d8c93a6b |
|
| Details | sha1 | 1 | 81e6d19865647dc160861e2154d6903fc78c7dfb |
|
| Details | sha1 | 1 | 0a8a388911a7a368fc1cf111fb26ba92a19fed3e |
|
| Details | sha1 | 1 | abb410a4f863b101c218990664981914d14f1e58 |
|
| Details | sha1 | 1 | 26f7757602000bcc3c18a887dbc7416ae43bf61a |
|
| Details | sha1 | 1 | 6b2ad6114029d60f7c40f306271669b3a69ea270 |
|
| Details | sha1 | 1 | 030b97860ed5a3089c5e8efb8edd7cc359134124 |
|
| Details | sha1 | 1 | 0a97efa15a62e90d71f643b693b3dd3cf2657b9f |
|
| Details | IPv4 | 1 | 196.1.2.111 |
|
| Details | IPv4 | 1 | 103.212.69.175 |
|
| Details | IPv4 | 1 | 183.90.187.65 |
|
| Details | IPv4 | 1 | 61.178.79.69 |
|
| Details | Url | 1 | https://www.welivesecurity.com/2021/10/05/uefi-threats-moving-esp-introducing-especter-bootkit |