Sei sulla pagina 1di 6

INDICATOR_VALUE,TYPE,COMMENT,ROLE,ATTACK_PHASE,OBSERVED_DATE,HANDLING,DESCRIPTION

181.1.253.234,IPV4ADDR,,IP_WATCHLIST,C2,12/28/2017 00:10:25Z,TLP:WHITE,"According
to DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in Argentina."
200.82.62.24,IPV4ADDR,,IP_WATCHLIST,C2,1/20/2018 13:17:44Z,TLP:WHITE,"According to
DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in Argentina."
81.243.151.226,IPV4ADDR,,IP_WATCHLIST,C2,1/24/2018 07:08:58Z,TLP:WHITE,"According
to DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in Belgium."
81.247.219.196,IPV4ADDR,,IP_WATCHLIST,C2,12/28/2017 13:05:30Z,TLP:WHITE,"According
to DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in Belgium."
138.204.211.197,IPV4ADDR,,IP_WATCHLIST,C2,1/19/2018 19:31:28Z,TLP:WHITE,"According
to DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in Brazil."
177.221.11.176,IPV4ADDR,,IP_WATCHLIST,C2,12/21/2017 22:05:40Z,TLP:WHITE,"According
to DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in Brazil."
177.221.11.233,IPV4ADDR,,IP_WATCHLIST,C2,12/20/2017 16:04:44Z,TLP:WHITE,"According
to DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in Brazil."
177.41.74.199,IPV4ADDR,,IP_WATCHLIST,C2,12/29/2017 11:14:30Z,TLP:WHITE,"According
to DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in Brazil."
179.107.219.90,IPV4ADDR,,IP_WATCHLIST,C2,1/20/2018 09:50:30Z,TLP:WHITE,"According
to DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in Brazil."
187.127.112.60,IPV4ADDR,,IP_WATCHLIST,C2,12/27/2017 15:52:49Z,TLP:WHITE,"According
to DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in Brazil."
187.127.115.206,IPV4ADDR,,IP_WATCHLIST,C2,12/28/2017 19:05:51Z,TLP:WHITE,"According
to DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in Brazil."
189.15.173.106,IPV4ADDR,,IP_WATCHLIST,C2,12/27/2017 01:32:04Z,TLP:WHITE,"According
to DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in Brazil."
103.227.174.79,IPV4ADDR,,IP_WATCHLIST,C2,12/22/2017 14:27:05Z,TLP:WHITE,"According
to DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in Cambodia."
146.88.205.56,IPV4ADDR,,IP_WATCHLIST,C2,1/9/2018 11:35:13Z,TLP:WHITE,"According to
DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in Cambodia."
113.57.34.213,IPV4ADDR,,IP_WATCHLIST,C2,12/26/2017 22:27:56Z,TLP:WHITE,"According
to DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in China."
117.179.224.33,IPV4ADDR,,IP_WATCHLIST,C2,12/26/2017 07:52:45Z,TLP:WHITE,"According
to DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in China."
181.234.231.152,IPV4ADDR,,IP_WATCHLIST,C2,12/29/2017 13:08:05Z,TLP:WHITE,"According
to DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in Colombia."
190.60.109.166,IPV4ADDR,,IP_WATCHLIST,C2,1/4/2018 12:25:46Z,TLP:WHITE,"According to
DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in Colombia."
196.204.141.76,IPV4ADDR,,IP_WATCHLIST,C2,1/28/2018 03:23:42Z,TLP:WHITE,"According
to DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in Egypt."
196.221.41.109,IPV4ADDR,,IP_WATCHLIST,C2,12/11/2017 19:13:21Z,TLP:WHITE,"According
to DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in Egypt."
1.186.218.107,IPV4ADDR,,IP_WATCHLIST,C2,1/15/2018 07:35:24Z,TLP:WHITE,"According to
DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in India."
103.71.212.72,IPV4ADDR,,IP_WATCHLIST,C2,1/31/2018 10:26:58Z,TLP:WHITE,"According to
DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in India."
106.51.226.188,IPV4ADDR,,IP_WATCHLIST,C2,1/4/2018 12:25:46Z,TLP:WHITE,"According to
DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in India."
114.79.191.185,IPV4ADDR,,IP_WATCHLIST,C2,1/11/2018 07:44:40Z,TLP:WHITE,"According
to DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in India."
117.213.169.79,IPV4ADDR,,IP_WATCHLIST,C2,1/23/2018 04:05:16Z,TLP:WHITE,"According
to DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in India."
117.213.170.132,IPV4ADDR,,IP_WATCHLIST,C2,1/24/2018 09:41:11Z,TLP:WHITE,"According
to DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in India."
117.213.170.252,IPV4ADDR,,IP_WATCHLIST,C2,1/24/2018 00:31:09Z,TLP:WHITE,"According
to DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in India."
117.214.92.199,IPV4ADDR,,IP_WATCHLIST,C2,1/5/2018 05:25:36Z,TLP:WHITE,"According to
DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in India."
117.254.85.138,IPV4ADDR,,IP_WATCHLIST,C2,12/27/2017 04:09:31Z,TLP:WHITE,"According
to DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in India."
123.201.161.60,IPV4ADDR,,IP_WATCHLIST,C2,1/24/2018 07:08:58Z,TLP:WHITE,"According
to DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in India."
157.49.171.35,IPV4ADDR,,IP_WATCHLIST,C2,1/16/2018 11:43:23Z,TLP:WHITE,"According to
DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in India."
202.142.71.166,IPV4ADDR,,IP_WATCHLIST,C2,12/6/2017 04:42:11Z,TLP:WHITE,"According
to DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in India."
49.206.100.19,IPV4ADDR,,IP_WATCHLIST,C2,1/2/2018 15:34:14Z,TLP:WHITE,"According to
DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in India."
49.206.105.206,IPV4ADDR,,IP_WATCHLIST,C2,1/25/2018 10:13:58Z,TLP:WHITE,"According
to DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in India."
59.92.69.202,IPV4ADDR,,IP_WATCHLIST,C2,1/2/2018 00:41:50Z,TLP:WHITE,"According to
DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in India."
59.92.69.23,IPV4ADDR,,IP_WATCHLIST,C2,12/20/2017 05:45:32Z,TLP:WHITE,"According to
DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in India."
59.92.69.254,IPV4ADDR,,IP_WATCHLIST,C2,12/13/2017 23:23:28Z,TLP:WHITE,"According to
DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in India."
59.92.69.51,IPV4ADDR,,IP_WATCHLIST,C2,1/7/2018 02:05:46Z,TLP:WHITE,"According to
DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in India."
59.92.70.122,IPV4ADDR,,IP_WATCHLIST,C2,1/24/2018 12:05:08Z,TLP:WHITE,"According to
DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in India."
59.92.70.162,IPV4ADDR,,IP_WATCHLIST,C2,12/12/2017 22:21:37Z,TLP:WHITE,"According to
DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in India."
59.92.70.164,IPV4ADDR,,IP_WATCHLIST,C2,1/27/2018 07:08:33Z,TLP:WHITE,"According to
DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in India."
59.95.151.28,IPV4ADDR,,IP_WATCHLIST,C2,1/14/2018 16:00:02Z,TLP:WHITE,"According to
DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in India."
59.97.22.192,IPV4ADDR,,IP_WATCHLIST,C2,12/29/2017 11:22:49Z,TLP:WHITE,"According to
DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in India."
61.3.239.224,IPV4ADDR,,IP_WATCHLIST,C2,12/28/2017 06:57:04Z,TLP:WHITE,"According to
DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in India."
2.182.31.181,IPV4ADDR,,IP_WATCHLIST,C2,1/23/2018 08:37:29Z,TLP:WHITE,"According to
DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in Iran."
2.182.31.195,IPV4ADDR,,IP_WATCHLIST,C2,1/8/2018 08:34:48Z,TLP:WHITE,"According to
DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in Iran."
2.182.31.84,IPV4ADDR,,IP_WATCHLIST,C2,1/9/2018 11:33:27Z,TLP:WHITE,"According to
DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in Iran."
2.187.201.47,IPV4ADDR,,IP_WATCHLIST,C2,12/22/2017 06:10:25Z,TLP:WHITE,"According to
DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in Iran."
82.212.93.217,IPV4ADDR,,IP_WATCHLIST,C2,1/3/2018 04:05:57Z,TLP:WHITE,"According to
DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in Jordan."
110.36.226.146,IPV4ADDR,,IP_WATCHLIST,C2,1/31/2018 20:08:16Z,TLP:WHITE,"According
to DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in Pakistan."
203.130.24.202,IPV4ADDR,,IP_WATCHLIST,C2,12/28/2017 13:05:30Z,TLP:WHITE,"According
to DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in Pakistan."
176.45.234.206,IPV4ADDR,,IP_WATCHLIST,C2,12/22/2017 05:59:42Z,TLP:WHITE,"According
to DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in Saudi Arabia."
176.45.248.239,IPV4ADDR,,IP_WATCHLIST,C2,12/24/2017 08:14:57Z,TLP:WHITE,"According
to DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in Saudi Arabia."
176.47.60.110,IPV4ADDR,,IP_WATCHLIST,C2,12/23/2017 21:12:50Z,TLP:WHITE,"According
to DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in Saudi Arabia."
188.49.198.65,IPV4ADDR,,IP_WATCHLIST,C2,1/21/2018 19:32:53Z,TLP:WHITE,"According to
DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in Saudi Arabia."
188.54.209.88,IPV4ADDR,,IP_WATCHLIST,C2,12/22/2017 07:02:53Z,TLP:WHITE,"According
to DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in Saudi Arabia."
188.54.251.115,IPV4ADDR,,IP_WATCHLIST,C2,1/1/2018 07:14:31Z,TLP:WHITE,"According to
DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in Saudi Arabia."
5.156.110.212,IPV4ADDR,,IP_WATCHLIST,C2,1/21/2018 05:50:45Z,TLP:WHITE,"According to
DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in Saudi Arabia."
5.156.137.47,IPV4ADDR,,IP_WATCHLIST,C2,12/20/2017 01:14:13Z,TLP:WHITE,"According to
DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in Saudi Arabia."
51.235.186.186,IPV4ADDR,,IP_WATCHLIST,C2,12/26/2017 06:10:31Z,TLP:WHITE,"According
to DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in Saudi Arabia."
90.148.206.252,IPV4ADDR,,IP_WATCHLIST,C2,1/7/2018 06:47:32Z,TLP:WHITE,"According to
DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in Saudi Arabia."
95.184.0.49,IPV4ADDR,,IP_WATCHLIST,C2,1/2/2018 08:05:14Z,TLP:WHITE,"According to
DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in Saudi Arabia."
95.218.39.84,IPV4ADDR,,IP_WATCHLIST,C2,1/4/2018 13:34:14Z,TLP:WHITE,"According to
DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in Saudi Arabia."
2.137.162.251,IPV4ADDR,,IP_WATCHLIST,C2,12/28/2017 05:51:04Z,TLP:WHITE,"According
to DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in Spain."
124.43.35.86,IPV4ADDR,,IP_WATCHLIST,C2,1/5/2018 06:52:17Z,TLP:WHITE,"According to
DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in Sri Lanka."
124.43.39.105,IPV4ADDR,,IP_WATCHLIST,C2,1/24/2018 03:53:45Z,TLP:WHITE,"According to
DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in Sri Lanka."
124.43.41.213,IPV4ADDR,,IP_WATCHLIST,C2,12/8/2017 09:40:09Z,TLP:WHITE,"According to
DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in Sri Lanka."
124.43.41.48,IPV4ADDR,,IP_WATCHLIST,C2,1/31/2018 07:22:19Z,TLP:WHITE,"According to
DHS and FBI analysis, this IP address is associated with Joanap malware. This IP is
geolocated in Sri Lanka."
124.43.42.30,IPV4ADDR,,IP_WATCHLIST,C2,12/28/2017 10:10:42Z,TLP:WHITE,"According to
DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in Sri Lanka."
90.236.254.71,IPV4ADDR,,IP_WATCHLIST,C2,1/15/2018 07:35:24Z,TLP:WHITE,"According to
DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in Sweden."
1.160.139.122,IPV4ADDR,,IP_WATCHLIST,C2,1/31/2018 13:32:02Z,TLP:WHITE,"According to
DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in Taiwan."
1.169.112.88,IPV4ADDR,,IP_WATCHLIST,C2,12/18/2017 05:40:17Z,TLP:WHITE,"According to
DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in Taiwan."
1.170.194.142,IPV4ADDR,,IP_WATCHLIST,C2,12/24/2017 15:39:37Z,TLP:WHITE,"According
to DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in Taiwan."
111.253.145.11,IPV4ADDR,,IP_WATCHLIST,C2,1/5/2018 04:18:06Z,TLP:WHITE,"According to
DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in Taiwan."
111.255.198.92,IPV4ADDR,,IP_WATCHLIST,C2,12/24/2017 03:13:00Z,TLP:WHITE,"According
to DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in Taiwan."
114.26.231.136,IPV4ADDR,,IP_WATCHLIST,C2,12/24/2017 08:14:57Z,TLP:WHITE,"According
to DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in Taiwan."
114.36.15.80,IPV4ADDR,,IP_WATCHLIST,C2,1/28/2018 13:36:30Z,TLP:WHITE,"According to
DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in Taiwan."
114.36.3.66,IPV4ADDR,,IP_WATCHLIST,C2,12/28/2017 10:27:50Z,TLP:WHITE,"According to
DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in Taiwan."
114.39.179.133,IPV4ADDR,,IP_WATCHLIST,C2,12/22/2017 07:02:53Z,TLP:WHITE,"According
to DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in Taiwan."
114.46.75.51,IPV4ADDR,,IP_WATCHLIST,C2,1/1/2018 07:14:31Z,TLP:WHITE,"According to
DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in Taiwan."
122.121.9.203,IPV4ADDR,,IP_WATCHLIST,C2,12/23/2017 02:19:22Z,TLP:WHITE,"According
to DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in Taiwan."
36.229.45.69,IPV4ADDR,,IP_WATCHLIST,C2,12/29/2017 11:22:49Z,TLP:WHITE,"According to
DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in Taiwan."
36.231.179.65,IPV4ADDR,,IP_WATCHLIST,C2,12/22/2017 05:59:42Z,TLP:WHITE,"According
to DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in Taiwan."
36.231.36.64,IPV4ADDR,,IP_WATCHLIST,C2,1/5/2018 05:25:36Z,TLP:WHITE,"According to
DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in Taiwan."
36.235.81.169,IPV4ADDR,,IP_WATCHLIST,C2,1/13/2018 02:49:58Z,TLP:WHITE,"According to
DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in Taiwan."
36.238.65.99,IPV4ADDR,,IP_WATCHLIST,C2,1/24/2018 16:03:11Z,TLP:WHITE,"According to
DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in Taiwan."
41.224.255.67,IPV4ADDR,,IP_WATCHLIST,C2,1/31/2018 19:14:52Z,TLP:WHITE,"According to
DHS and FBI analysis, this IP address is compromised infrastructure. This IP is
geolocated in Tunisia."
4613f51087f01715bf9132c704aea2c2,MD5,FILENAME:scardprv.dll|FILE_SIZE:77824|
SHA1:6b1ddf0e63e04146d68cd33b0e18e668b29035c4|
SHA256:a1c483b0ee740291b91b11e18dd05f0a460127acfc19d47b446d11cd0e26d717|
SSDEEP:768:qtT2AxNtcgpqLepcy2y6/chYdP8KuSFM+Cs5CBaho9S4AJKqBz8MZdVsrQVBnVGa:qwONtBq
L1dDMrs5CN9S4A3HOYBnVL,FILE HASH
WATCHLIST,INSTALLATION,11/20/2010,TLP:WHITE,"According to DHS and FBI analysis,
this Dynamic Link Library (DLL) is a Remote Access Tool (RAT) capable of providing
an array of remote command and control capabilities. It has the ability to
exfiltrate data, drop and run secondary payloads, and provide proxy capabilities on
a compromised Windows device. The malware binds and listens on port 443 for
incoming connections from a remote operator."
298775B04A166FF4B8FBD3609E716945,MD5,FILE_SIZE:86016|
SHA1:2e0f666831f64d7383a11b444e2c16b38231f481|
SHA256:fe7d35d19af5f5ae2939457a06868754b8bdd022e1ff5bdbe4e7c135c48f9a16|
SSDEEP:768:i+cDn8nAQ5Toz4c0+u5jrdXs+W+aCNkiC8xeC3cs:i+M8ndTozOn5jxF/US0s,FILE HASH
WATCHLIST,INSTALLATION,,TLP:WHITE,"According to DHS and FBI analysis, this is a
malicious Portable Executable 32-bit (PE32) file designed to scan the local network
and the internet for machines that are accessible and have open Server Message
Block (SMB) ports. Once the malware gains access to a remote machine it will
deliver a malicious payload."
e86c2f4fc88918246bf697b6a404c3ea,MD5,FILENAME:Wmmvsvc.dll|FILE_SIZE:91664|
SHA1:9b7609349a4b9128b9db8f11ac1c77728258862c|
SHA256:ea46ed5aed900cd9f01156a1cd446cbb3e10191f9f980e9f710ea1c20440c781|
SSDEEP:768:9eY/pEwKWcwP/bY4XxlGLup3Tq1LpDLJkDcw3f9zj:MitnU4viJJDw3Z,FILE HASH
WATCHLIST,INSTALLATION,11/20/2010,TLP:WHITE,"According to DHS and FBI analysis,
this file is a malicious 32-bit Windows Dynamic Link Library (DLL), dropped and
loaded by [MD5: 4731CBAEE7ACA37B596E38690160A749]. When executed, the DLL attempts
to contact all of the Internet Protocol (IP) addresses on the victim's local
subnet. If the file is able to connect to these IPs, it will attempt to gain
unauthorized access via the Server Message Block (SMB) protocol on port 445
utilizing a brute-force password attack."
4731CBAEE7ACA37B596E38690160A749,MD5,FILENAME:Win32.Worm.Agent@077d9e0e12357d27f7f0
c336239e961a7049971446f7a3f10268d9439ef67885.bin|FILE_SIZE:208896|
SHA1:80fac6361184a3e24b33f6acb8688a6b7276b0f2|
SHA256:077d9e0e12357d27f7f0c336239e961a7049971446f7a3f10268d9439ef67885|
SSDEEP:6144:M6atGpHk4NdSksOBbNUyb4ajb1TWiYW9ebYwtJEGLYMYR4:Msdk4NdSksOv,FILE HASH
WATCHLIST,DELIVERY,11/20/2010,TLP:WHITE,"According to DHS and FBI analysis, this is
a Portable Executable 32-bit (PE32) file that can be used to drop and install other
malware on the compromised host."
misswang8107@gmail[.]com,EMAIL,,EMAIL_SOURCE_ADDRESS,RECONNAISSANCE,,TLP:WHITE,"Acc
ording to DHS and FBI analysis, system information collected by the malware was
observed being sent to this email address."
redhat@gmail[.]com,EMAIL,,EMAIL_SOURCE_ADDRESS,RECONNAISSANCE,,TLP:WHITE,"According
to DHS and FBI analysis, system information collected by the malware was observed
being sent to this email address."