-
Notifications
You must be signed in to change notification settings - Fork 151
/
Copy pathPhobos_IOCs.text
64 lines (64 loc) · 3.6 KB
/
Phobos_IOCs.text
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
Campaign 1 - Phobos
T1112: Modify Registry
T1036: Masquerading
T1497.001: System Checks
T1497.003: Time Based Evasion
T1564.001: Hidden Files and Directories
Phobos
T1486: Data Encrypted for Impact
T1490: Inhibit System Recovery
T1547.001: Registry Run Keys / Startup Folder
T1007: System Service Discovery
T1047: Windows Management Instrumentation
T1091: Replication Through Removable Media
4fecc6966f120328c80d5227469b392dacfd1fe42ae36eb5ec25f90d890c45df
b3bc4a50c29b60d62471b29a11251196267b42832806390193d856d5e29fd8fa
8f9aae15f608be642fe3d5b987f4f30553b83717a5be41081052bb0900353008
e006bc9c44997c54fa84aa7ab3745a9b491efa824c77f571da2f72a37afbb7a1
270b678f1c514768a758f709b7218c117d8c5d5782492092a21cc869c05c9f88
d54904df3b37f78205d0c399e4238848e55d156add1c8d7efedfe15a945b6997
314c90b01ee600e5c7955556cea2cb72a09d112e624b9f726f543d7ef35b41cb
e7cd24ff93a5a9da4639b10511c3d4d7f5a8fc0779e2ddf9d296148c9c75f5d9
ef30731d6917448f786e61116d98e22454046b3c723f84c8371e44ad5be8ea07
07512b65e911782f3b169992dfeee9878be8d29fec6770400d3192ecfadadcbc
17963b8fbf621c6c6e3600832d74653eb410e92a8a80920978f1121acb78dd6e
df44dfc3a43607b8628563d4f706dac06672e98f197c9692ab83f64c83833290
ab465569d9e8d1d97722f7719cd676ad8565d1e1bfa8b72b2ef7864da90d9b49
0f1631f4dc9882d65dd560b3825bf23c0cd6c3cc61fa7c5a49577bc80aef6911
5825762d36f8a4be4eca5596d0d29b6bfea53b7c067c208d595115e3b440fbfa
2303d017e4fb8c4b4ae03b481709783fed84dee6c2439a7d14fcd0699bdff8dc
d07e7ac45e908f7b92fac9142c2abaa2386452b405bdc35aa23b02fc543b43f2
b266cd40ef1129dae1985d4a146d03c122de05dfe073b0f9f94fba56cb2142b5
e83403ef53374b979fa085498f757dc9e478e75448c4e1f17e8b80bdf8c3b37f
224474164972ee872db283d8f30378a2d38b084fb0a203581761b7385749d5ec
2c39811fd7945cd71764cb39e2d1e7dba085b78fc42757df1596d01eeae51c2d
69f427d2f79cdc51fb128f16e957271de67b987bf97885562ff0eb9f7a646143
ad5703ee3d60a673736a1cec1716b548ece326c38af84f3da45784c489603880
0b62a87a3d7ae500d436db1ab5af982c103a6c61dfa7bb14f041e6b13e856c92
ba599c526600267b31cadf7a932abf188fea654531ba3b92c07ce7cf39ea057a
234931d8a0aadcfc7e776eff31da608ec544a301e82512bf68a106f0733f1242
17cde554e888f4d8aba412d384577e57f875bc8424b68c5a1fd0f03cac112015
978bbce3cca6c76fe24689eed0e2fbbc90ac8f1d756b1f576e28951521916b1d
7a02af6ffd8d3b8296dccc00b29a809531455b9ca9b15a31681d4e95c98343e6
53bbce404ca0e33a3988d04edb8921ec48cdcc586c8ffb7b37b09ec10c0be29f
2980e10d80e445e2520deeace53e51b00b5084eb2daea50d798ab4a4cdae380c
f204a42c4d1fe7f52ca2b3b0ed2900f782af4154820ccd9a6a9762764d06075a
aa1395f51ecc869687c8666b31600e12ef4c11570d369352b1c4e30a48d0603d
86805f08cbad1a2bf3a74549cb928d39adfd3404d04872ce28f9d99bc02c643c
c616ff330f498addf0e4f95181286d8746fcb8520af2d9dbfb3be70f2f3914e6
3dbfe9f62ea42ddce933f8569cbb4f45cfb4b2351c70985b4d93cb8a3ff91d59
668105dfac6930268f800bfba8ab265808a97803f24ff83727d06815edb95799
b26a6c62ba91f0950553d47f974fb046b41e10a61223574bfaf48c1ca8f33fc2
6eab95f87c75be7ceec1aab6afffa18777ec9919cd50176fcf0cf1b1c0c28fb0
c3457406750b70c312e951cd3950ce762eef913917f4c258ef322c72a245c2c1
d237f18cb3cecab56a29af4a7bc5601ab9ab12d6888b00afdfab22cc26e77d98
dca5794d85c55c6360fda6a49d3386354bdd1917c6da55cc23a29b932b1e7eae
faf5fcf650481d2d3e82f056272e4a61423788328451a716c65e1302e9221316
348d94257a8742c3889cdfaecaf582de4219a7af25a3cc9d88360fe0b1ebf5ec
9e06fcc85240b897f92b089c24381c4fb0404e77ff8e76cad1e06dfeda6d7795
229847fc5a703e7dd41b3a860605b15b172b3e5a805bc5757d125a6befe1b995
341c6d3e6ad4db1217fcb1d959384b83f99c917ac5f5a317310b36081c44fa03
2a0d45ac2a4493d185a7366e3976f8b94f51aecaf8784af75fab87c1fc3af053
e45920ea07313fbe08c87784f6a73807258d287d00d7443a8aff08c9553786db
80c43d17892164024db48075e3b17ee56a5d157d734dc152f2cc106dbc0503f9
T1016: System Network Configuration Discovery