OPERA1ER APT IOCs

security IOC

В 2019 году команда Group-IB Threat Intelligence обнаружила серию целевых атак на финансовые организации в Африке. Позже, в 2020 году, Group-IB в сотрудничестве с Orange удалось собрать разрозненные на первый взгляд атаки в единую хронологию и успешно связать их с угрозой под кодовым названием OPERA1ER (также известной как DESKTOP-GROUP, Common Raven, NXSMS).

Indicators of Compromise

IPv4

  • 102.137.108.115
  • 102.137.132.25
  • 102.138.135.72
  • 102.138.175.145
  • 102.138.190.55
  • 102.138.240.28
  • 102.139.157.108
  • 102.139.19.96
  • 102.139.34.137
  • 102.139.99.144
  • 104.18.44.41
  • 104.18.45.41
  • 104.27.142.189
  • 104.27.143.189
  • 107.178.59.195
  • 107.178.59.227
  • 108.62.49.249
  • 13.248.196.204
  • 154.232.115.211
  • 154.232.131.16
  • 154.232.242.226
  • 154.233.179.127
  • 154.233.72.205
  • 154.234.111.1
  • 154.234.155.71
  • 154.234.213.94
  • 154.234.217.34
  • 154.234.50.130
  • 154.235.140.248
  • 154.44.177.192
  • 160.154.129.15
  • 160.154.130.236
  • 160.154.149.196
  • 160.154.151.226
  • 160.155.0.199
  • 172.67.151.41
  • 172.67.214.171
  • 176.9.193.5
  • 178.73.192.17
  • 178.73.192.66
  • 178.73.192.68
  • 178.73.192.70
  • 178.73.218.69
  • 185.11.145.5
  • 185.140.53.18
  • 185.185.84.14
  • 185.185.84.50
  • 185.244.31.24
  • 185.61.137.49
  • 185.62.188.4
  • 188.126.90.14
  • 188.126.90.82
  • 192.236.177.164
  • 192.236.177.166
  • 192.236.177.169
  • 192.236.177.170
  • 192.236.177.171
  • 192.34.109.12
  • 193.183.116.143
  • 193.183.116.225
  • 193.183.116.68
  • 196.180.132.252
  • 196.180.192.89
  • 196.180.210.121
  • 196.180.247.95
  • 196.180.99.187
  • 196.181.100.141
  • 196.181.157.248
  • 196.181.209.215
  • 196.181.23.50
  • 196.181.235.181
  • 196.181.56.65
  • 196.181.84.71
  • 196.182.120.117
  • 196.182.187.28
  • 196.182.26.93
  • 196.182.27.18
  • 196.182.87.192
  • 196.183.129.166
  • 196.183.27.144
  • 196.183.28.111
  • 196.183.32.158
  • 196.47.153.182
  • 20.91.192.253
  • 212.7.208.110
  • 213.227.140.15
  • 37.120.204.132
  • 43.205.33.202
  • 45.145.185.68
  • 45.15.16.140
  • 45.15.16.156
  • 45.15.16.157
  • 45.15.16.166
  • 45.15.16.175
  • 45.15.16.197
  • 45.15.16.205
  • 45.15.16.207
  • 45.15.16.213
  • 45.15.16.228
  • 45.15.16.236
  • 45.15.16.238
  • 45.15.16.239
  • 45.15.17.130
  • 45.15.17.132
  • 45.15.17.133
  • 45.15.17.134
  • 45.15.17.136
  • 45.15.17.137
  • 45.15.17.141
  • 45.15.17.162
  • 45.15.17.163
  • 45.15.17.164
  • 45.15.17.165
  • 45.15.17.194
  • 45.15.17.195
  • 45.15.17.196
  • 45.15.17.197
  • 45.15.17.198
  • 45.15.17.226
  • 45.15.17.227
  • 45.15.17.228
  • 45.15.17.229
  • 45.15.17.234
  • 45.15.18.227
  • 46.246.12.66
  • 46.246.12.77
  • 46.246.14.66
  • 46.246.14.74
  • 46.246.26.77
  • 46.246.4.67
  • 46.246.4.75
  • 46.246.4.78
  • 46.246.6.79
  • 46.246.80.66
  • 46.246.80.72
  • 46.246.82.67
  • 46.246.82.68
  • 46.246.84.17
  • 46.246.84.21
  • 46.246.84.72
  • 46.246.84.74
  • 5.158.83.131
  • 5.158.83.195
  • 72.11.142.240
  • 79.134.225.107
  • 79.134.225.75
  • 83.97.18.130
  • 83.97.18.131
  • 83.97.18.132
  • 83.97.18.133
  • 83.97.18.134
  • 83.97.18.135
  • 83.97.18.136
  • 83.97.18.162
  • 83.97.18.163
  • 83.97.18.164
  • 83.97.18.166
  • 83.97.18.194
  • 83.97.18.195
  • 83.97.18.196
  • 83.97.18.226
  • 83.97.18.227
  • 83.97.18.228
  • 83.97.18.231
  • 91.193.75.171
  • 95.142.44.227

Domains

  • 4x33.ignorelist.com
  • actu.afrikmedia.info
  • actu.banquealtantique.net
  • afijoh.net
  • afrikmedia.info
  • bac.eimaragon.org
  • bac.senegalsante.org
  • banquealtantique.net
  • banqueislamik.ddrive.online
  • bdm-sa.fr
  • blackid-35778.portmap.io
  • boa.eimaragon.org
  • bproduction.duckdns.org
  • bproduction.zapto.org
  • chance2019.ddns.net
  • cnam.myvnc.com
  • cobalt.warii.club
  • codir.ocitnetad.com
  • contact.senegalsante.org
  • coris-bank.fr
  • covid.ocitnetad.co
  • crazy.senegalsante.org
  • direct8.ddns.net
  • download.nortonupdate.com
  • driver.eimaragon.org
  • droid.senegalsante.org
  • dynastie.warzonedns.com
  • eimanet.eimaragon.org
  • eimaragon.org
  • EVAMACHINE.TK
  • files.ddrive.online
  • ftp.eimaragon.org
  • fuck90.duckdns.org
  • gamevnc.myvnc.com
  • HELPDESK-SECURITY.ORG
  • hostmaster.senegalsante.org
  • hunterX1-37009.portmap.io
  • info.senegalsante.org
  • info.warii.club
  • kaspersky-lab.org
  • kpersky.duckdns.org
  • mail.mcafee-endpoint.com
  • mail.warii.club
  • mcafee-endpoint.com
  • microsoft-af.com
  • news.afrikmedia.info
  • news.banquealtantique.net
  • news.coris-bank.fr
  • noreply.mcafee-endpoint.com
  • noreplyrobot.duckdns.org
  • ns.eimaragon.org
  • ns1.eimaragon.org
  • ns1.senegalsante.org
  • ns2.senegalsante.org
  • ocitnetad.com
  • operan.ddns.net
  • personnel.bdm-sa.fr
  • personnels.bdm-sa.fr
  • queen2012.ddns.net
  • reply2host.duckdns.org
  • senegalsante.org
  • server.senegalsante.org
  • server0.senegalsante.org
  • server1.senegalsante.org
  • server2.senegalsante.org
  • server3.senegalsante.org
  • serveur1.hopto.org
  • update.kaspersky-lab.org
  • update.mcafee-endpoint.com
  • update.microsoft-af.com
  • utils.afijoh.net
  • wa.eimaragon.org
  • wari.warii.club
  • warii.club
  • warima.warii.club
  • webdisk.bdm-sa.fr
  • windonwsxp.duckdns.org
  • windowsdefender.redirectme.net
  • windowsdwm.ddns.net
  • windowsupdaters.zapto.org
  • windowsupgraders.ddns.net
  • winsec.ddns.net
  • winsec.eimaragon.org
  • winsec.gotdns.ch
  • winsec.senegalsante.org
  • winsec.warii.club
  • wsus.microsoft-af.com
  • www.privacyfirst.sh
  • www.warii.club
  • zfs.life

MD5

  • 009bcdb4cb4784df7e366921c523db16
  • 017ba3cb35528108f6c4e05db99f3572
  • 0258f4f0319fa77b10978dd92edf87c1
  • 043956a214b56a2efd323ec305a813f2
  • 044e0bb14076e83bcd38c537ff328f73
  • 093ba856381c9e17e29a5fc2aadfa9f9
  • 0a11428c5f4cb64bea4905576d30044d
  • 0ca97bf824c3bf16818f9830c0ba83a5
  • 0f304bd73274a6fd4a5b05eb5f0657f7
  • 10260f016285a196e245493a0e50681a
  • 1305f4fe0f5032c82e3dd5ca4ecae235
  • 13c07511ff89f1567a8f39a5215bc884
  • 13e7c5ad329a3e3c0568d27cc2242af6
  • 18126be163eb7df2194bb902c359ba8e
  • 2178d1efad5f2a1f7400e0d6d0a263f8
  • 21bf477dbc9eaca77e0d7e77856bddd7
  • 22fe5107805f9c5f1ce8051c9796df18
  • 24aa5d597961bc1d902c5462052a1250
  • 27304b246c7d5b4e149124d5f93c5b01
  • 2806b0bfd215648edb1bb3ef32855a99
  • 2b83d157f134a0388d6b48a4fbb85bd0
  • 2c5dcd5c42ece2a91e53914f10b10270
  • 2d03e001d92c099a002692c1669432b6
  • 2d17eb61660c1e4390fe88c9ddefc6c7
  • 2e2ddfd6d3a10d5dd51f8cbdeaeb4b75
  • 2e5af496face122157e459e84e5fe14b
  • 306447863f89c6962fc5c16517c8fb9c
  • 330cf14b15f441462554917d66f4c4cf
  • 34499495a77a34ce3a58899089f97062
  • 351cbc60e73886519a8e1232adf80f28
  • 368653e74934b6d649c8d08d66341177
  • 37502ecc7f8575055873f92719e1c7b6
  • 3a60017847cf09f334fd8a2d0b001543
  • 3b6c29c8ff1ea1649da4863b6e543e04
  • 3c1e90e8b5d180ff0f5455dd92bdb412
  • 3cbe2c4d95d10a0d5f1d33db3e752df0
  • 3d79e91b1382280535596ce7eaa5e29b
  • 446a6e8c3876959ba1695899fe3584a7
  • 472873942f0e7750ced3bc42c0b469f7
  • 47777cb7a44e587e1c39eb4b7aec6ac4
  • 478d8e6a7766702a584073c295c0eadc
  • 49ad6020376caba051b4d6a6578efc1c
  • 4b27c3d57fe01a2a5b2001854507e0e2
  • 4b78df00aa863bc8b581b33289031500
  • 4f27b4322117484847c7021a5325814d
  • 4facb81f57e515a508040270849bcd35
  • 52616e216f614ce92ea9512d49d039c4
  • 52e666a32d0847b416b66ad9aa98bbed
  • 5501196c0134a5a9eac0dfe250acd055
  • 588afc20615b110b8bc0365397c3dbbf
  • 58961c3ea961f0de2177b352d51e047d
  • 5aa2bc6132915f9ddd56b7fd17f992e6
  • 5d9d7de37e423d33aec86617a750662d
  • 5ecc4ad7475caef78f0e035aa277b51e
  • 63417ec71d3c7670c2306afc4164b0de
  • 63649943c1ffb9d650d73bc375b6f224
  • 63c7f3e2eb52298bdb9641b8ac319882
  • 6414928547ef254886331378cfb97be1
  • 64e61ec18ab4336798f667c4465a7b58
  • 670a05010ba9c97e7451e1d7896801ae
  • 67f6cea5ce043f1e4872c357d2752379
  • 690d63a3dd05649f330df67b072df337
  • 69c2af6fffd6537590c7bdba36b5823b
  • 6a1bf6f6bc7d86fa77db57132ef65ee6
  • 6ccdc868a729510a1c2f3ce447e1de05
  • 6d56ab884f43028bb642f76acf286de1
  • 6d93c6535945e0caadb6ebee9b2b5e17
  • 70bc161f01937e17bae835b4df2c84b6
  • 72902ec0df95a7dcfb3b66f9b02ef7f3
  • 72f82d3fa5ffa8a82a5ac1176363dfef
  • 7444684c7152c6089e68305c36f585e3
  • 7584fa7ded7aed3b38635274719b7966
  • 75e55496a2c4d240805291780478cb45
  • 7803e73ea96be23f3499b4af3e100161
  • 7ddee4ec4650bf7836478ca8f286ac10
  • 7e2801b8d44eb6bece5b3b5467242111
  • 7efe472be826bf387545117b3e463fed
  • 8061ba44ebc7cc1adb5dc61c903f541f
  • 808502752ca0492aca995e9b620d507b
  • 809f42059da3058a1e62fa7ba56ce66b
  • 80c0cd9971c1d458c40a10ffc54ec35d
  • 834d61aa653f8503aa36fffc9774b2b6
  • 8416149a694a4ad8b54ae06579f56908
  • 8a3214f0631c3afe3b3fa269ff887318
  • 8bed50e5bb8aaee9c8af1ee14623547e
  • 8cd17229113b8f57d7db6b2719f93f4d
  • 905de14f4c515e82bf4603fa7c3dae4e
  • 9321c107d1f7e336cda550a2bf049108
  • 9425024fe2b94a9c7cdf8ea60a1fbdb7
  • 96d38bc4a675ab2505806d9ea4df6bea
  • 9768250c8ad2861dd46c1a2d5f9b0ac3
  • 97bfda8cede4baec095f0f24b4c47a56
  • 98d1c565e5b6484e937efed5e777263d
  • 9c38991c3770b0c2917659bdb7091ed9
  • 9d5696758c45cceb3405a62af931c11d
  • 9d61b753e7073a70fb6f4b577c9270f0
  • a0873962bca482a7d14dafbeaf5346cb
  • a1d02f0906e7cac845c1979b3e0c783a
  • a69f9a26f8cf8abddc0e105328198766
  • a919affc3ca6ae4f534d6acb2f31a5fa
  • a963112260daf1fcf30f394a21e123e1
  • a9ab4f14d339eb15d8209b13a51ce989
  • aae20b78c9bcba19e95fc56a630228a0
  • af67701a6387834d2195282719ef6636
  • b1de80dc4a1d8122909f53a101802449
  • b6c707729ac8e7fe2f6d358b5dd2736c
  • b9943a25caed8e251a9580ebb6148137
  • ba6d2148ecff70e2134953df18210c15
  • ba9a525cee898c867b2587a492167877
  • bace201a0f9bc25dda6b288e22023f61
  • bb431f144ae22c06662fcb0d64dd6b7d
  • bb592a79fd934e30df6832b67b918923
  • bcc73790f7b2d37704976cd78095a9e9
  • beceae2fdc4f7729a93e94ac2ccd78cc
  • bed4f32f0d6f97feee6c03f287e1832c
  • c1523055a02b61e0f4ba87547b29ec0c
  • c2a287fae215fa3c4ae4accf5186d014
  • c872af5d1182e865dc72e23fed938b5c
  • c9194a86915eb04b8293183dada19e79
  • ce5ac0502ff412be598914c12babfb03
  • ce83775b68686c01d1c45fe47d8e5325
  • cebbd06d6dbf99ab1eb868310f642027
  • cfbac2be66ebfe0a9324d188199c0de2
  • d1b2d809addb30c85c8344336f3bc6ff
  • d1dcf91ee3d482623365bf5976e19dc1
  • d440dd5375fd1dc90858cc4d2415b5f9
  • d532dd9036497a0ed71ace5ec1b45fb8
  • d6a3f830a51ec64acaab361e056f5e0d
  • db37a5c00a956bb8d6cc18974992a2dc
  • dbd7a7cc06ca8e4c5ccc5fb901271d80
  • dc1e1506c0c03663233911f4d0a22c70
  • dc33c287ffa253bc5af591e7f40877da
  • dda5a9d262181339921c04902bd77173
  • df88175fb96cad1ca9605db2352ae063
  • e2b0d44be0970b740afc27ff82bb29bf
  • e8848f591f9cd537e1feb84a54fe18ff
  • e89790f614197291933982e26f9214ca
  • ed5d15c55ee5cc0eba0aa8c4f42b45d9
  • eeb12aa59e79027fa2bafd0c6e244f9e
  • eebaef66a9d009ba52f40eb7b66c06f8
  • f1bef120cb72066000e67171ed5193a7
  • f2060ef4f0e02bb9f96f4f0ac295c03f
  • f24a401dc5974e995a2cf98f03a42e17
  • f58ccfae8b60f37e8d612532395170de
  • f61a31de0f8478b9b4332ae321b03c1b
  • f7533a09f0bc3b7e9317c65050f987d2
  • f7b0cf59a52e2c03a38bd6d04aab47fc
  • f7e6e117024b8936cf0f3ba1ac303a3b
  • fb6c7eb4f64f699511380721e9c8cabb
  • fbec4459fbf7018db2a0148406d8196f
  • fd4f43af4b47683256b31e74d5bdfb9c

SHA1

  • 17e0b8fe9acfd1776a1566ce5ed6f051f7e0f91f
  • 2707299e9ec7fb2173f6afb2e23a4d74865cf5a3
  • ac85af8395d1b97a8cbcbd16f995ce119e3c4955

Technical report

SEC-1275-1
Добавить комментарий