#1275989: Recent APT-C-37 Attacks in the Middle East - Additional IOCs

Description: Recent APT-C-37 Attacks in the Middle East

REFERENCES:
http://blogs.360.cn/post/analysis-of-apt-c-37.html
https://github.com/StrangerealIntel/CyberThreatIntel/blob/master/Israel/APT/Unknown/26-08-19/Malware%20analysis%2026-08-19.md
First Aid: IOCs: (66 in total - selection provided here)

FileHash-SHA256 141d48379222c0866a009713d0fd18d5ab6ceb5d98a93f63f2c9f1b9aea25f25
FileHash-SHA256 7d989a9a3faef377f2556e090014f96ba3bf8a8299ba256d30fab41710499a7c
FileHash-SHA256 379cd2fed583c183fc1c5d1597421642f8e6b15af74ec58348e40ee80f227b25
FileHash-SHA256 01e17b74b4a0b7514c1085856aba7b753fe3bc7cd3f5c5509b64b47040aa9c53
FileHash-SHA256 3f995274f42c5a75c6e389237e5fd3a7f476207014d99a9653ad2c4a4ceb453f
FileHash-SHA256 41a0e5f23f1a8f26deaee42602f0ec3e539a871902fdac6b2aed378a66157c4e
FileHash-SHA256 8a1efbffdf69cb760cb0026a21e53ae5aa95c55b09bc9ee58317e4b9056d4001
FileHash-SHA256 990d67de4ebe0dd3b65922da16c09a55eee5df0c9588f0102787486a51e3cc36
FileHash-SHA256 b7711d6eaa6e03d3b0cb45c2a6d0b939938c2e8e042e42f8664ca3dec5a93e4e
FileHash-SHA256 c82411e81ae2e13c2bd8ed7602dd448d87263a6e9f833001b77c825141c379b2
FileHash-SHA256 f4a9e62d8317969e0ea5f676481ff2746042ade9eea72060e631873e58c4bb70
FileHash-SHA256 9f31bc110e05039d0f059dcc62ead9c211eb6b722876c32e534da99658ec4a5d
FileHash-SHA256 6713d2fd6a9d45084d348d3a886f5dd1cda96f2b79aa6150071b2260ea05405a
FileHash-SHA256 c6d3ccfd42856e2656e2e365bf9a1f57830b20fba79b6d10403433da133b325d
FileHash-SHA256 32e216942f995f285947c7e7ee8cf438440c8a1e033bb27517f5e5361dafa8e8
FileHash-SHA256 99290f5df739bf01b4fcaaf6925466d5bff60b7a9de08ffc72121b7fb5400198
FileHash-SHA256 3853e0bf00d6dbfc574bc0564f0c90b93a66d644dd4dc8b8c00564f0b6edf581
FileHash-SHA256 08fa35e25f4c7a6279a84b337d541989498d74f2c5e84cc4039d667fedc725c7
FileHash-SHA256 2e5f9bb1cef985eab15ad8d9072e51c71be2810fea789836b401b96bc898943b
FileHash-SHA256 03d82852bbb28d1740e50206e7726c006b9b984a8309e2f203e65a67d7d3bcad
URL http://mmksba.dyndns.org:4455
URL http://israanews.zz.com.ve/hw.zip.zip
URL http://adamnews.for.ug/hwdownhww
hostname israanews.zz.com.ve
hostname webhoptest.webhop.info
hostname mmksba.dyndns.org
hostname adamnews.for.ug
hostname mmksba.simple-url.com
FileHash-MD5 74ef1c5905200ea664a603a67554422b
hostname samd1.duckdns.org
More info: https://otx.alienvault.com/pulse/5d7916e3f619df83fd65778e?source=email_notification

Date added Sept. 11, 2019, 6:57 p.m.
Source AlienVault
Subjects
  • All New Malware or Attack Alerts - New Reports / IOCs in
  • APT-C-37 / Pat Bear
  • . APTs - Advanced Persistent Threats - New Reports in
  • Backdoors, Trojans and RAT's
  • General Malware - New Reports in
  • Industrial / Political Espionage Alerts
  • NjRAT / Bladabindi / njRAT Lime Edition