В 2019 году команда Group-IB Threat Intelligence обнаружила серию целевых атак на финансовые организации в Африке. Позже, в 2020 году, Group-IB в сотрудничестве с Orange удалось собрать разрозненные на первый взгляд атаки в единую хронологию и успешно связать их с угрозой под кодовым названием OPERA1ER (также известной как DESKTOP-GROUP, Common Raven, NXSMS).
Indicators of Compromise
IPv4
- 102.137.108.115
- 102.137.132.25
- 102.138.135.72
- 102.138.175.145
- 102.138.190.55
- 102.138.240.28
- 102.139.157.108
- 102.139.19.96
- 102.139.34.137
- 102.139.99.144
- 104.18.44.41
- 104.18.45.41
- 104.27.142.189
- 104.27.143.189
- 107.178.59.195
- 107.178.59.227
- 108.62.49.249
- 13.248.196.204
- 154.232.115.211
- 154.232.131.16
- 154.232.242.226
- 154.233.179.127
- 154.233.72.205
- 154.234.111.1
- 154.234.155.71
- 154.234.213.94
- 154.234.217.34
- 154.234.50.130
- 154.235.140.248
- 154.44.177.192
- 160.154.129.15
- 160.154.130.236
- 160.154.149.196
- 160.154.151.226
- 160.155.0.199
- 172.67.151.41
- 172.67.214.171
- 176.9.193.5
- 178.73.192.17
- 178.73.192.66
- 178.73.192.68
- 178.73.192.70
- 178.73.218.69
- 185.11.145.5
- 185.140.53.18
- 185.185.84.14
- 185.185.84.50
- 185.244.31.24
- 185.61.137.49
- 185.62.188.4
- 188.126.90.14
- 188.126.90.82
- 192.236.177.164
- 192.236.177.166
- 192.236.177.169
- 192.236.177.170
- 192.236.177.171
- 192.34.109.12
- 193.183.116.143
- 193.183.116.225
- 193.183.116.68
- 196.180.132.252
- 196.180.192.89
- 196.180.210.121
- 196.180.247.95
- 196.180.99.187
- 196.181.100.141
- 196.181.157.248
- 196.181.209.215
- 196.181.23.50
- 196.181.235.181
- 196.181.56.65
- 196.181.84.71
- 196.182.120.117
- 196.182.187.28
- 196.182.26.93
- 196.182.27.18
- 196.182.87.192
- 196.183.129.166
- 196.183.27.144
- 196.183.28.111
- 196.183.32.158
- 196.47.153.182
- 20.91.192.253
- 212.7.208.110
- 213.227.140.15
- 37.120.204.132
- 43.205.33.202
- 45.145.185.68
- 45.15.16.140
- 45.15.16.156
- 45.15.16.157
- 45.15.16.166
- 45.15.16.175
- 45.15.16.197
- 45.15.16.205
- 45.15.16.207
- 45.15.16.213
- 45.15.16.228
- 45.15.16.236
- 45.15.16.238
- 45.15.16.239
- 45.15.17.130
- 45.15.17.132
- 45.15.17.133
- 45.15.17.134
- 45.15.17.136
- 45.15.17.137
- 45.15.17.141
- 45.15.17.162
- 45.15.17.163
- 45.15.17.164
- 45.15.17.165
- 45.15.17.194
- 45.15.17.195
- 45.15.17.196
- 45.15.17.197
- 45.15.17.198
- 45.15.17.226
- 45.15.17.227
- 45.15.17.228
- 45.15.17.229
- 45.15.17.234
- 45.15.18.227
- 46.246.12.66
- 46.246.12.77
- 46.246.14.66
- 46.246.14.74
- 46.246.26.77
- 46.246.4.67
- 46.246.4.75
- 46.246.4.78
- 46.246.6.79
- 46.246.80.66
- 46.246.80.72
- 46.246.82.67
- 46.246.82.68
- 46.246.84.17
- 46.246.84.21
- 46.246.84.72
- 46.246.84.74
- 5.158.83.131
- 5.158.83.195
- 72.11.142.240
- 79.134.225.107
- 79.134.225.75
- 83.97.18.130
- 83.97.18.131
- 83.97.18.132
- 83.97.18.133
- 83.97.18.134
- 83.97.18.135
- 83.97.18.136
- 83.97.18.162
- 83.97.18.163
- 83.97.18.164
- 83.97.18.166
- 83.97.18.194
- 83.97.18.195
- 83.97.18.196
- 83.97.18.226
- 83.97.18.227
- 83.97.18.228
- 83.97.18.231
- 91.193.75.171
- 95.142.44.227
Domains
- 4x33.ignorelist.com
- actu.afrikmedia.info
- actu.banquealtantique.net
- afijoh.net
- afrikmedia.info
- bac.eimaragon.org
- bac.senegalsante.org
- banquealtantique.net
- banqueislamik.ddrive.online
- bdm-sa.fr
- blackid-35778.portmap.io
- boa.eimaragon.org
- bproduction.duckdns.org
- bproduction.zapto.org
- chance2019.ddns.net
- cnam.myvnc.com
- cobalt.warii.club
- codir.ocitnetad.com
- contact.senegalsante.org
- coris-bank.fr
- covid.ocitnetad.co
- crazy.senegalsante.org
- direct8.ddns.net
- download.nortonupdate.com
- driver.eimaragon.org
- droid.senegalsante.org
- dynastie.warzonedns.com
- eimanet.eimaragon.org
- eimaragon.org
- EVAMACHINE.TK
- files.ddrive.online
- ftp.eimaragon.org
- fuck90.duckdns.org
- gamevnc.myvnc.com
- HELPDESK-SECURITY.ORG
- hostmaster.senegalsante.org
- hunterX1-37009.portmap.io
- info.senegalsante.org
- info.warii.club
- kaspersky-lab.org
- kpersky.duckdns.org
- mail.mcafee-endpoint.com
- mail.warii.club
- mcafee-endpoint.com
- microsoft-af.com
- news.afrikmedia.info
- news.banquealtantique.net
- news.coris-bank.fr
- noreply.mcafee-endpoint.com
- noreplyrobot.duckdns.org
- ns.eimaragon.org
- ns1.eimaragon.org
- ns1.senegalsante.org
- ns2.senegalsante.org
- ocitnetad.com
- operan.ddns.net
- personnel.bdm-sa.fr
- personnels.bdm-sa.fr
- queen2012.ddns.net
- reply2host.duckdns.org
- senegalsante.org
- server.senegalsante.org
- server0.senegalsante.org
- server1.senegalsante.org
- server2.senegalsante.org
- server3.senegalsante.org
- serveur1.hopto.org
- update.kaspersky-lab.org
- update.mcafee-endpoint.com
- update.microsoft-af.com
- utils.afijoh.net
- wa.eimaragon.org
- wari.warii.club
- warii.club
- warima.warii.club
- webdisk.bdm-sa.fr
- windonwsxp.duckdns.org
- windowsdefender.redirectme.net
- windowsdwm.ddns.net
- windowsupdaters.zapto.org
- windowsupgraders.ddns.net
- winsec.ddns.net
- winsec.eimaragon.org
- winsec.gotdns.ch
- winsec.senegalsante.org
- winsec.warii.club
- wsus.microsoft-af.com
- www.privacyfirst.sh
- www.warii.club
- zfs.life
MD5
- 009bcdb4cb4784df7e366921c523db16
- 017ba3cb35528108f6c4e05db99f3572
- 0258f4f0319fa77b10978dd92edf87c1
- 043956a214b56a2efd323ec305a813f2
- 044e0bb14076e83bcd38c537ff328f73
- 093ba856381c9e17e29a5fc2aadfa9f9
- 0a11428c5f4cb64bea4905576d30044d
- 0ca97bf824c3bf16818f9830c0ba83a5
- 0f304bd73274a6fd4a5b05eb5f0657f7
- 10260f016285a196e245493a0e50681a
- 1305f4fe0f5032c82e3dd5ca4ecae235
- 13c07511ff89f1567a8f39a5215bc884
- 13e7c5ad329a3e3c0568d27cc2242af6
- 18126be163eb7df2194bb902c359ba8e
- 2178d1efad5f2a1f7400e0d6d0a263f8
- 21bf477dbc9eaca77e0d7e77856bddd7
- 22fe5107805f9c5f1ce8051c9796df18
- 24aa5d597961bc1d902c5462052a1250
- 27304b246c7d5b4e149124d5f93c5b01
- 2806b0bfd215648edb1bb3ef32855a99
- 2b83d157f134a0388d6b48a4fbb85bd0
- 2c5dcd5c42ece2a91e53914f10b10270
- 2d03e001d92c099a002692c1669432b6
- 2d17eb61660c1e4390fe88c9ddefc6c7
- 2e2ddfd6d3a10d5dd51f8cbdeaeb4b75
- 2e5af496face122157e459e84e5fe14b
- 306447863f89c6962fc5c16517c8fb9c
- 330cf14b15f441462554917d66f4c4cf
- 34499495a77a34ce3a58899089f97062
- 351cbc60e73886519a8e1232adf80f28
- 368653e74934b6d649c8d08d66341177
- 37502ecc7f8575055873f92719e1c7b6
- 3a60017847cf09f334fd8a2d0b001543
- 3b6c29c8ff1ea1649da4863b6e543e04
- 3c1e90e8b5d180ff0f5455dd92bdb412
- 3cbe2c4d95d10a0d5f1d33db3e752df0
- 3d79e91b1382280535596ce7eaa5e29b
- 446a6e8c3876959ba1695899fe3584a7
- 472873942f0e7750ced3bc42c0b469f7
- 47777cb7a44e587e1c39eb4b7aec6ac4
- 478d8e6a7766702a584073c295c0eadc
- 49ad6020376caba051b4d6a6578efc1c
- 4b27c3d57fe01a2a5b2001854507e0e2
- 4b78df00aa863bc8b581b33289031500
- 4f27b4322117484847c7021a5325814d
- 4facb81f57e515a508040270849bcd35
- 52616e216f614ce92ea9512d49d039c4
- 52e666a32d0847b416b66ad9aa98bbed
- 5501196c0134a5a9eac0dfe250acd055
- 588afc20615b110b8bc0365397c3dbbf
- 58961c3ea961f0de2177b352d51e047d
- 5aa2bc6132915f9ddd56b7fd17f992e6
- 5d9d7de37e423d33aec86617a750662d
- 5ecc4ad7475caef78f0e035aa277b51e
- 63417ec71d3c7670c2306afc4164b0de
- 63649943c1ffb9d650d73bc375b6f224
- 63c7f3e2eb52298bdb9641b8ac319882
- 6414928547ef254886331378cfb97be1
- 64e61ec18ab4336798f667c4465a7b58
- 670a05010ba9c97e7451e1d7896801ae
- 67f6cea5ce043f1e4872c357d2752379
- 690d63a3dd05649f330df67b072df337
- 69c2af6fffd6537590c7bdba36b5823b
- 6a1bf6f6bc7d86fa77db57132ef65ee6
- 6ccdc868a729510a1c2f3ce447e1de05
- 6d56ab884f43028bb642f76acf286de1
- 6d93c6535945e0caadb6ebee9b2b5e17
- 70bc161f01937e17bae835b4df2c84b6
- 72902ec0df95a7dcfb3b66f9b02ef7f3
- 72f82d3fa5ffa8a82a5ac1176363dfef
- 7444684c7152c6089e68305c36f585e3
- 7584fa7ded7aed3b38635274719b7966
- 75e55496a2c4d240805291780478cb45
- 7803e73ea96be23f3499b4af3e100161
- 7ddee4ec4650bf7836478ca8f286ac10
- 7e2801b8d44eb6bece5b3b5467242111
- 7efe472be826bf387545117b3e463fed
- 8061ba44ebc7cc1adb5dc61c903f541f
- 808502752ca0492aca995e9b620d507b
- 809f42059da3058a1e62fa7ba56ce66b
- 80c0cd9971c1d458c40a10ffc54ec35d
- 834d61aa653f8503aa36fffc9774b2b6
- 8416149a694a4ad8b54ae06579f56908
- 8a3214f0631c3afe3b3fa269ff887318
- 8bed50e5bb8aaee9c8af1ee14623547e
- 8cd17229113b8f57d7db6b2719f93f4d
- 905de14f4c515e82bf4603fa7c3dae4e
- 9321c107d1f7e336cda550a2bf049108
- 9425024fe2b94a9c7cdf8ea60a1fbdb7
- 96d38bc4a675ab2505806d9ea4df6bea
- 9768250c8ad2861dd46c1a2d5f9b0ac3
- 97bfda8cede4baec095f0f24b4c47a56
- 98d1c565e5b6484e937efed5e777263d
- 9c38991c3770b0c2917659bdb7091ed9
- 9d5696758c45cceb3405a62af931c11d
- 9d61b753e7073a70fb6f4b577c9270f0
- a0873962bca482a7d14dafbeaf5346cb
- a1d02f0906e7cac845c1979b3e0c783a
- a69f9a26f8cf8abddc0e105328198766
- a919affc3ca6ae4f534d6acb2f31a5fa
- a963112260daf1fcf30f394a21e123e1
- a9ab4f14d339eb15d8209b13a51ce989
- aae20b78c9bcba19e95fc56a630228a0
- af67701a6387834d2195282719ef6636
- b1de80dc4a1d8122909f53a101802449
- b6c707729ac8e7fe2f6d358b5dd2736c
- b9943a25caed8e251a9580ebb6148137
- ba6d2148ecff70e2134953df18210c15
- ba9a525cee898c867b2587a492167877
- bace201a0f9bc25dda6b288e22023f61
- bb431f144ae22c06662fcb0d64dd6b7d
- bb592a79fd934e30df6832b67b918923
- bcc73790f7b2d37704976cd78095a9e9
- beceae2fdc4f7729a93e94ac2ccd78cc
- bed4f32f0d6f97feee6c03f287e1832c
- c1523055a02b61e0f4ba87547b29ec0c
- c2a287fae215fa3c4ae4accf5186d014
- c872af5d1182e865dc72e23fed938b5c
- c9194a86915eb04b8293183dada19e79
- ce5ac0502ff412be598914c12babfb03
- ce83775b68686c01d1c45fe47d8e5325
- cebbd06d6dbf99ab1eb868310f642027
- cfbac2be66ebfe0a9324d188199c0de2
- d1b2d809addb30c85c8344336f3bc6ff
- d1dcf91ee3d482623365bf5976e19dc1
- d440dd5375fd1dc90858cc4d2415b5f9
- d532dd9036497a0ed71ace5ec1b45fb8
- d6a3f830a51ec64acaab361e056f5e0d
- db37a5c00a956bb8d6cc18974992a2dc
- dbd7a7cc06ca8e4c5ccc5fb901271d80
- dc1e1506c0c03663233911f4d0a22c70
- dc33c287ffa253bc5af591e7f40877da
- dda5a9d262181339921c04902bd77173
- df88175fb96cad1ca9605db2352ae063
- e2b0d44be0970b740afc27ff82bb29bf
- e8848f591f9cd537e1feb84a54fe18ff
- e89790f614197291933982e26f9214ca
- ed5d15c55ee5cc0eba0aa8c4f42b45d9
- eeb12aa59e79027fa2bafd0c6e244f9e
- eebaef66a9d009ba52f40eb7b66c06f8
- f1bef120cb72066000e67171ed5193a7
- f2060ef4f0e02bb9f96f4f0ac295c03f
- f24a401dc5974e995a2cf98f03a42e17
- f58ccfae8b60f37e8d612532395170de
- f61a31de0f8478b9b4332ae321b03c1b
- f7533a09f0bc3b7e9317c65050f987d2
- f7b0cf59a52e2c03a38bd6d04aab47fc
- f7e6e117024b8936cf0f3ba1ac303a3b
- fb6c7eb4f64f699511380721e9c8cabb
- fbec4459fbf7018db2a0148406d8196f
- fd4f43af4b47683256b31e74d5bdfb9c
SHA1
- 17e0b8fe9acfd1776a1566ce5ed6f051f7e0f91f
- 2707299e9ec7fb2173f6afb2e23a4d74865cf5a3
- ac85af8395d1b97a8cbcbd16f995ce119e3c4955