-
Notifications
You must be signed in to change notification settings - Fork 115
/
Ransomware-Netwalker
112 lines (93 loc) · 3.28 KB
/
Ransomware-Netwalker
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
##IOCs
#Netwalker ransomware
0081ebb0d55eda81281afc952107b1540dc3b8ee
0e76db2d2a61b5983c295bb325049b64e74b40ba
147c1adc615daa93e84a5a9210ccc14ae86f6c55
16094d75f4bb593b196210e5d082a7abcdce1d8c
183bca7e9b101a5e29ce6698e365ee552b48d0d8
1897bcfc7f3d4a36bdd29da61e87ba00812dca24
19f12d29639ced3d22f8b4e8e07bf83e1a3fc0aa
1b5dc84b6fc69ffcc7d8bbf3e3ab0b9b305d6365
1e1b1c4ae648786fe429c9ddd2182e0d58bcf423
2a12c2297e08649933785629b047edc38ebe907c
2ddf48174221371ad4f5d339353a3f998044d95d
31e27c53077208aff54b883e8304b06440f736e2
3262e3d171b3b371a59ef62053032ff4d8510657
3fb77d821ea7ec2b30fd3944c3d9361093a58cd6
412112597d6c0dd099def148527a2b0466f0f658
4418547ab686293b57252ee9217d3e0e6823e3b3
4d02ab30002814f3ce0a9888a34abcf641fad3d1
4d3500625181c1469f66163bb7882ec1e82ce46a
4ff76d95673f950b4f949d9f362ee0cafa6307e2
50de46dcd782cafbdecec9860695ca3366644a3d
5b165601b8d0b13a8833c31cb36644aea8121f74
5be2fb7adcfefd741e6b98b4beeadf9e24ea7423
5c3aede31aaa0c77bfc56111ec39ac0503662dd7
61905f80bd29b2bd0cd522a7e822aeb8733bb78c
69e858f578fb0e7fdfb1d26db52dd6a95f5802ff
6a13535190bdcd62af6b4930ea28664c13c6a6be
6c06ed6155aef39529286ab8878432b74ac305b8
6da8ae1da95a0c96b432ad822076a0255e6744fd
6deb034d270782df82b9a012b1e69df6cccb21fe
794589026bdc8b01cad097ffcd50be37a87e7c29
79e6d0dbdfb89350fcf924c6554a5b7c79d4d66d
807d30f37bf2e052a253f64d102a7ab21933567b
82720e4d3fb83baff552ec25eea0fed2befe94fa
8bbfdfdfd026a106943c4e2ec317c89285aa98da
9185d661347a9637250e118d4ee91188945cd699
96432d979fdec055e4f40845a27cf4a9c0a0a34b
9df8e910986e2d6868278bd63236aa929630da40
a14bab81de06e9b590f6cfcd400f90fb5b667eff
a5bea314f701b06efd71533c6db8760da3509cc3
ae9a1f6df72e286c5be1ab13bbd8c75878625d58
b00710d529aefd25d8d51a2c0577bbb72191bc05
b0589d8d73590f39b6f9eba50c375fab858ccfb5
b1212f5b90c45cd22e2601edf74a68e617baa86d
c26d5fbe02f8b0e6a40672b12e69ee78343e9a41
c400de9be89e17b57532ec003e404941f95e358b
c5b3fa421db00fe931f439af5df4f65f7f3d9a1a
d051839026937273723e1b8523d852e799e72041
e1dc994b0ac412e9be56f615eaf4c3dd73315253
d35cbad4163a967f66be460bac029895506917ed
e57731be1f15c323a7b55b914a0599722ff3985f
f0952ec5d3c90398e1335f1fad00b80dbd4c5a32
#Reconnaisance tools
5aa43391fa00828b0d764b555eb1908b747c8781
##Privilege elevation exploits
#CVE-2020-0796
656611001c4a0dcba77392b61461395c9abe82a5
97ee255315173ff6cc62ef4ede12d4cec64af008
#CVE-2019-1458
c82fe9c9fdd61e1e677fe4c497be2e7908476d64
#CVE-2017-0213
b3423b5d096cf915019cd8d7c994cf9919523901
#CVE-2015-1701
90d17ebd75ce7ff4f15b2df951572653efe2ea17
##Password grabbers
#Mimikatz-related
11b0b620d0f0c4269a191d4ad9fd2042fb5e9d6c
99d6cc258737964336fb3847a7027718f70005f5
bdacb11aeded5bc985a2378174fdbbb3290931be
#Other
0ae1f9071c5e8fe4a69d3f671937935d242d8a6c
662bde0b00757c6cacd795b90115c802f1125692
93a2d7c3a9b83371d96a575c15fe6fce6f9d50d3
#Brute forcers
6d390038003c298c7ab8f2cbe35a50b07e096554
##Other tools
#Teamviewer
1004077765c94796c4ec515a5c031f32fac80f1b
a89e825ab5013743fbb455a2d0b1f4eb88b5f868
#AnyDesk
39194c57c0488eca2ca7600d03783f6df4957688
#AV removal tools
1b394aaf9af9338d6335cbfcac88155c6db2ea0b
0c15d2bd27aa88b03e3d4af7a87f92065a2cc13a
2bee8579ef9d3146708179ffd881610366e53d15
#Python installer
068bca4ae5678a9f8db721066ee029d4dd4bf3f4
#Lateral movement
3e32b19e22dd82aab0259752d670e64c9a4a3ae9
502a5780ae69e87db4842d52c59713b1c79dc702
#Misc scripts
3de3b2df19bf8498b94d4b2c2bd2ec21399f346a