-
Notifications
You must be signed in to change notification settings - Fork 115
/
Ransomware-MegaCortex
64 lines (58 loc) · 2.12 KB
/
Ransomware-MegaCortex
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
File hashes:
MegaCortex:
478dc5a5f934c62a9246f7d1fc275868f568bc07
81bb640d960fd68869a569f40835447971e7b235
9b7105dd54c009844c31cd2320a407637c527a3a
9bdf5448971b6ee148cbbed8398f99b88839fcf8
a5177bb1c60c716c67bc4fec2524b332979a8bba
ae54575ab8e0024c1444e84a97bbd239706d3ded
ba79b583b6a35dd38f25afd28055cce1835fffd3
f48b41e4356d6a35cef36ef6153755d8d2ec3f0b
Cobalt Strike reflexive loader:
6544e16c316e4700e9271deb31242edf600599c7
6ca2f90a579d995c334ab1fbfbcbe1199507ad45
7772c87601440e93c6d990f4ee31eed314e9c20d
80fcdf1201299dec71163c28e232e826eb7e580f
851468365a19bcebeaf05091547ada838009c0d6
bed9e0bed8a10bc5a065e106ed51fe2710b3ede8
d4b0a1fcfa64312f30f710f11c22b8f1ecc8a981
de07ddc179f7b55f16f7023c0d82aefabd1426c5
fe4e836e635c72ea435b0ff66bc3d487ca2aaa72
0ce8fcc43f001cff54408bb1c2895880cb900f7c
0dfa89d5d26d5269d3282907e3799224c9958af4
2bb0c3607a445d0c08b1a727d466a66843d4f449
411a0dec716c15e63dca2645c97afb5af8bc9e1a
7fc295772f9edd5edcb0f5a49e440c8f1bf95e7b
82c3f0a7a319bee0bfa20df92f8ed791930bac90
94275573efe6494874f048ce720836b847df3444
bd71e9e0285ef2846fa2cecac9ff60826b002ce6
d764cc88e979f7eff45765994ea68613038facf2
edbd27610b7449c4cf2bb63f65c92ffcfb401627
5d32dab9dd235618a3767c38513c920fab0cf8d5
85e51a0ddd93eaf3a2604e603ce643d17a55dfa1
Cobalt Strike Meterpreter shells:
31af48e1e61d85965fd3f4719306a3993550d7e7
afa7575bf763cf312cbd420bfae50d331729cbfc
e7223ac9968ecf707cc7cca10088ae9a9adec522
2849626522a45673a191265c245f934b91020e1c
Other:
2f40abbb4f78e77745f0e657a19903fc953cc664
Certificates:
3AN LIMITED
Status Valid
Issuer thawte SHA256 Code Signing CA
Valid from 12:00 AM 03/15/2019
Valid to 11:59 PM 03/14/2020
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 60974F5CC654E6F6C0A7332A9733E42F19186FBB
Serial number 04 C7 CD CC 16 98 E2 5B 49 3E B4 33 8D 5E 2F 8B
PRO-STO, TOV
Status Trust for this certificate or one of the certificates in the certificate chain has been revoked.
Issuer Sectigo RSA Code Signing CA
Valid from 01:00 AM 03/01/2019
Valid to 12:59 AM 03/01/2020
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 3B3BA7DAAA011A33447E607FCD178BE6FBE190BE
Serial number 00 CA 0E 70 90 D4 82 70 04 C9 9A F2 FC 7D 73 3C 02