@360CoreSec profile picture
360 Threat Intelligence Center @360CoreSec
Joined May 2017
  • Tweets 115
  • Following 123
  • Followers 5,083
26 Photos and videos
#APT # Konni MD5: cfa9474e43df286726351a098e4d1862 C&C: http://footballs[.]sportsontheweb[.]net
11
25
#APT #StrongPity MD5: 3118385afbd4ebef45b7b230cd5a643e C2: cdn2-state-upd[.]com
1
5
10
#APT #Gamaredon MD5:6d956049dbaadc19543a565d303e26a5 C&C:http://classroom[.]dangeti[.]ru/IRINA/interdependent/intercourse/intercourse[.]dot
9
21
#APT-C-35 #Donot MD5: 46899620da3c24566258eda6202251b5 C&C: http://wee365[.]com/craken/authenticate/check.php
6
12
#APT The lure document #FerociousKitten Group used: MD5: 3e38999a11cda8c9290dbe02b0e4634a C&C: microsoft.microcaft[.]xyz
1
3
4
#APT-C-61 #Sanuwa MD5:54f8ac92afeb71cf53fe5c10a71fb880 https://op9.herokuapp[.]com
1
5
22
The samples were from South Asia. The attacker tricked victims with political hotspots on phony website with fanatical slogans in Indian, and conducted RAT #attack. MD5: fbeb1867cee05818199f91ccb99bc32e 37255857bd1fc48c7fcc2a3fa8af86a5 c820f9d2ec9ea0d0c74a11d48a74b311
1
8
13
jayshreeram[.]cf/AnyDesk.exe jayshreeram[.]cf/PAG-HCNR-visit-US-on-25-jun-21.jpg
1
3
3
It 's suspected to be an #attack targeting IN. MD5: 953bb2b7296ffc9ee915c90adaf6a716 d061dab09ce1480d9317b79bf0a15a71 908F0BF164379FFF5A0A99B73FE64CA7 45.147.228[.]195
1
6
13
The sample conducted targeted information collection. MD5: 37278b7996dc08b11968cb5d1e5f438e 0e18eb5bf3ab75e555e4909d9171b64a www.master2025[.]com slpct.co[.]in/images/totalegit[.]exe

1
4
8
It 's suspected to be an #attack targeting South America. MD5: 2e1b90807d12eb20c5d7bc495fca543a 8a4e17f2a30047f307ea3c956e04d4ac deae11179f4c80cf07c96280548fb843
4
6
#APT-C-41 #StrongPity Sample of downloaders MD5: E324079702DAC313A849749217EAB6BC C&C: singlefunctionapp[.]com 195[.]123[.]246[.]38
3
5
#Evilnum MD5: 984a7a5f67eddd64dfd538797018feb2 FileName: SelfiePassport2505.jpg.lnk C2: http[:]//apintoative[.]com/get.php
1
8
18
#TransparentTribe #Netwire #Backdoor MD5: 3C3AD5B94E69953D141CDB7C1BC65747 C&C: 66.154.103.106:13374
360 Threat Intelligence Center@360CoreSec
12 Aug 2021
#Netwire RAT suspected to be dropped by #APT-C-56 #TransparentTribe MD5: c2a38018cf336685e3c760c614bbf4c3 f0b43a3f4821a4cf4b514144b496e4d7
2
5
#Netwire RAT suspected to be dropped by #APT-C-56 #TransparentTribe MD5: c2a38018cf336685e3c760c614bbf4c3 f0b43a3f4821a4cf4b514144b496e4d7
3
8
#APT #Kimsuky Template injection file: BIOStyle.dotm MD5: 863fd86868014b5cc008764816c422c5 URL: http://vnskwl[.]mypressonline[.]com/relationship/BIOStyle[.]dotm http://outwd[.]myartsonline[.]com/yu/ls[.]txt
1
6
14
#Kimsuky Script MD5: a7e25f83a24ac1c73acb587457e325e7 http://outwd[.]myartsonline[.]com/yu/ls[.]down
1
3
#OperationMermaid #APT-C-07 MD5: 5070200184B2A7B0373008B85EDED359 filename:d697 14BCE6FA7E68F2D886D221E3EFFEFB0F filename:d962.exe
1
4
12
#APT-C-56 #TransparentTribe #Downloader MD5:b0be45e54ac96dd70887f836bd43a5ed URL:https://www[.]bsnlplots[.]com/css/css/chk[.]php
1
2
12
#APT #Kimsuky Malicious PDF document Name: 인터뷰질문지-최은율(한국어).pdf MD5:6d6399e5e98164e365029a9b141e1646 C&C: http:// rhwkdlaktm[.]atwebpages[.]com/download.php?filename=acom2
2
7
26
Load more