Copyright © @RedDrip (https://ti.qianxin.com/)
Here are indicators of compromise (IOCs) collected from public resources and our own investigations. Details include sample hash, file type, malware family, as well as first seen and file name from VirusTotal in format below:
| Hash | Type | Family | First_Seen | Name |
|---|---|---|---|---|
| 8e2b5b95980cf52e99acfa95f5e1570b | Win32 DLL | 2019-11-11 15:22:00 | C:\Users<USER>\AppData\Local\Temp~$doc-ad9b812a-88b2-454c-989f-7bb5fe98717e.ole | |
| 3c3b2cc9ff5d7030fb01496510ac75f2 | DOC | 2019-11-11 11:13:02 | ?-????2019?????????????????.doc | |
| 3a8c80d73f9beebd828c3aa172c747fa | RAR | 2019-11-07 01:23:39 | Noi dung don cau cuu.rar | |
| 82990e2c0432e579a00ab1f75da0dd65 | TXT | 2019-10-26 11:05:08 | lang.ps1 | |
| a87ada040f7250b59910345ee0b339b4 | RAR | 2019-10-23 09:20:16 | Thu moi.rar | |
| dbdbcd220475678c4becdc57a9233e20 | Win32 EXE | 2019-10-18 07:28:19 | AcroRd32.exe | |
| e7de9a64266f07168def534852349957 | RAR | Kryptik | 2019-09-16 00:18:57 | Don khieu nai.rar |
| 90c66c76095ef1ad5a79e63a544c1bba | Win32 DLL | Kryptik | 2019-09-13 06:02:21 | 123456 |
We will keep updating this project and hope this could help the security community to fight against malware and targeted attack.
If you find an error, please contact us at ti_support@qianxin.com and we’ll try to improve the IOCs.
| Groupname | Total | Update | data |
|---|---|---|---|
| APT-LY-1006 | 61 | 6 | 2026/02/12 |
| APT-Q-12 | 8 | 8 | 2026/02/12 |
| APT-Q-15 | 1 | 1 | 2026/02/12 |
| APT-Q-27 | 180 | 45 | 2026/02/12 |
| APT-Q-63 | 6 | 1 | 2026/02/12 |
| APT28 | 796 | 32 | 2026/02/12 |
| APT33 | 235 | 67 | 2026/02/12 |
| APT35 | 8 | 1 | 2026/02/12 |
| APT37 | 177 | 7 | 2026/02/12 |
| babyelephant | 20 | 20 | 2026/02/12 |
| Bloody Wolf | 30 | 25 | 2026/02/12 |
| Bluenoroff group | 15 | 9 | 2026/02/12 |
| C-Major | 618 | 1 | 2026/02/12 |
| Citrine Sleet | 2 | 2 | 2026/02/12 |
| CL-STA-0043 | 9 | 3 | 2026/02/12 |
| Confucius | 174 | 5 | 2026/02/12 |
| CoreWerewolf | 6 | 1 | 2026/02/12 |
| DarkGaboon | 108 | 1 | 2026/02/12 |
| Darkhotel | 3194 | 3 | 2026/02/12 |
| Donot | 485 | 19 | 2026/02/12 |
| dragonforce | 25 | 16 | 2026/02/12 |
| EarthEstries | 32 | 13 | 2026/02/12 |
| EncryptHub | 104 | 2 | 2026/02/12 |
| FaceDuck Group | 2502 | 17 | 2026/02/12 |
| FIN7 | 644 | 2 | 2026/02/12 |
| Gamaredon Group | 665 | 59 | 2026/02/12 |
| Ghostwriter | 48 | 20 | 2026/02/12 |
| Higaisa | 2529 | 1846 | 2026/02/12 |
| Homeland Justice | 8 | 6 | 2026/02/12 |
| Inception Framework | 17 | 1 | 2026/02/12 |
| Infy group | 215 | 19 | 2026/02/12 |
| Kimsuky | 422 | 59 | 2026/02/12 |
| KONNI | 207 | 39 | 2026/02/12 |
| Lazarus Group | 1831 | 3 | 2026/02/12 |
| Librarian Ghouls | 20 | 8 | 2026/02/12 |
| LUNAR SPIDER | 37 | 30 | 2026/02/12 |
| MKLG | 20 | 5 | 2026/02/12 |
| MuddyWater | 370 | 51 | 2026/02/12 |
| Mysterious Elephant | 39 | 16 | 2026/02/12 |
| NoName057 | 565 | 11 | 2026/02/12 |
| OceanLotus | 1230 | 36 | 2026/02/12 |
| OilRig | 113 | 1 | 2026/02/12 |
| Operation SideCopy | 66 | 19 | 2026/02/12 |
| PatchWork | 1271 | 31 | 2026/02/12 |
| ref7707 | 20 | 4 | 2026/02/12 |
| Sandworm | 59 | 5 | 2026/02/12 |
| Sidewinder | 263 | 57 | 2026/02/12 |
| Silent Werewolf | 19 | 5 | 2026/02/12 |
| TA558 | 406 | 7 | 2026/02/12 |
| TAG-100 | 10 | 7 | 2026/02/12 |
| ToddyCat | 53 | 1 | 2026/02/12 |
| Turla | 455 | 5 | 2026/02/12 |
| UAC-0063 | 24 | 13 | 2026/02/12 |
| UAC-0184 | 48 | 3 | 2026/02/12 |
| UAC-0245 | 13 | 13 | 2026/02/12 |
| UAT-5394 | 27 | 7 | 2026/02/12 |
| UNC1151 | 71 | 4 | 2026/02/12 |
| UNC1549 | 68 | 33 | 2026/02/12 |
| UNC5174 | 8 | 7 | 2026/02/12 |
| UNC5221 | 47 | 31 | 2026/02/12 |
| UNC5267 | 3 | 3 | 2026/02/12 |
| UTG-Q-015 | 6 | 1 | 2026/02/12 |
| VasyGrek | 53 | 24 | 2026/02/12 |
| Void Blizzard | 13 | 13 | 2026/02/12 |
| WIRTE | 54 | 16 | 2026/02/12 |