Copyright © @RedDrip (https://ti.qianxin.com/)
Here are indicators of compromise (IOCs) collected from public resources and our own investigations. Details include sample hash, file type, malware family, as well as first seen and file name from VirusTotal in format below:
| Hash | Type | Family | First_Seen | Name |
|---|---|---|---|---|
| 8e2b5b95980cf52e99acfa95f5e1570b | Win32 DLL | 2019-11-11 15:22:00 | C:\Users<USER>\AppData\Local\Temp~$doc-ad9b812a-88b2-454c-989f-7bb5fe98717e.ole | |
| 3c3b2cc9ff5d7030fb01496510ac75f2 | DOC | 2019-11-11 11:13:02 | ?-????2019?????????????????.doc | |
| 3a8c80d73f9beebd828c3aa172c747fa | RAR | 2019-11-07 01:23:39 | Noi dung don cau cuu.rar | |
| 82990e2c0432e579a00ab1f75da0dd65 | TXT | 2019-10-26 11:05:08 | lang.ps1 | |
| a87ada040f7250b59910345ee0b339b4 | RAR | 2019-10-23 09:20:16 | Thu moi.rar | |
| dbdbcd220475678c4becdc57a9233e20 | Win32 EXE | 2019-10-18 07:28:19 | AcroRd32.exe | |
| e7de9a64266f07168def534852349957 | RAR | Kryptik | 2019-09-16 00:18:57 | Don khieu nai.rar |
| 90c66c76095ef1ad5a79e63a544c1bba | Win32 DLL | Kryptik | 2019-09-13 06:02:21 | 123456 |
We will keep updating this project and hope this could help the security community to fight against malware and targeted attack.
If you find an error, please contact us at ti_support@qianxin.com and we’ll try to improve the IOCs.
| Groupname | Total | Update | data |
|---|---|---|---|
| APT-C-64 | 1 | 1 | 2025-08-19 |
| APT28 | 764 | 13 | 2025-08-19 |
| APT29 | 456 | 1 | 2025-08-19 |
| APT33 | 168 | 11 | 2025-08-19 |
| APT34 | 154 | 3 | 2025-08-19 |
| APT35 | 7 | 6 | 2025-08-19 |
| APT37 | 170 | 13 | 2025-08-19 |
| Bluenoroff group | 6 | 6 | 2025-08-19 |
| Charming Kitten | 52 | 3 | 2025-08-19 |
| CL-CRI-1014 | 9 | 9 | 2025-08-19 |
| Cobalt Whisper | 8 | 8 | 2025-08-19 |
| Curly COMrades | 4 | 4 | 2025-08-19 |
| Cyber Partisans | 59 | 59 | 2025-08-19 |
| DarkGaboon | 107 | 8 | 2025-08-19 |
| Darkhotel | 3191 | 2742 | 2025-08-19 |
| Donot | 466 | 28 | 2025-08-19 |
| dragonforce | 9 | 6 | 2025-08-19 |
| Earth Lusca | 62 | 3 | 2025-08-19 |
| EarthEstries | 19 | 1 | 2025-08-19 |
| EncryptHub | 102 | 85 | 2025-08-19 |
| FaceDuck Group | 2485 | 5 | 2025-08-19 |
| FamousSparrow | 1 | 1 | 2025-08-19 |
| FIN6 | 69 | 3 | 2025-08-19 |
| FIN7 | 642 | 92 | 2025-08-19 |
| ForumTroll | 1 | 1 | 2025-08-19 |
| Gamaredon Group | 606 | 59 | 2025-08-19 |
| Gelsemium | 20 | 3 | 2025-08-19 |
| Golden Chickens | 67 | 51 | 2025-08-19 |
| GreedyBear | 271 | 271 | 2025-08-19 |
| HackingTeam | 44 | 1 | 2025-08-19 |
| Higaisa | 683 | 610 | 2025-08-19 |
| Hive0117 | 19 | 3 | 2025-08-19 |
| Inception Framework | 16 | 7 | 2025-08-19 |
| Jade Sleet | 3 | 3 | 2025-08-19 |
| Kimsuky | 363 | 53 | 2025-08-19 |
| KONNI | 168 | 20 | 2025-08-19 |
| LapDogs | 1 | 1 | 2025-08-19 |
| Librarian Ghouls | 12 | 12 | 2025-08-19 |
| LUNAR SPIDER | 7 | 5 | 2025-08-19 |
| Moonstone Sleet | 9 | 1 | 2025-08-19 |
| MuddyWater | 319 | 8 | 2025-08-19 |
| MUT-9332 | 1 | 1 | 2025-08-19 |
| Nobelium | 22 | 3 | 2025-08-19 |
| Obstinate Mogwai | 3 | 3 | 2025-08-19 |
| OceanLotus | 1194 | 51 | 2025-08-19 |
| Operation SideCopy | 47 | 6 | 2025-08-19 |
| Outlaw | 36 | 5 | 2025-08-19 |
| PatchWork | 1240 | 20 | 2025-08-19 |
| sapphire werewolf | 3 | 1 | 2025-08-19 |
| Sidewinder | 206 | 63 | 2025-08-19 |
| Silent Werewolf | 14 | 14 | 2025-08-19 |
| Stealth Falcon | 16 | 16 | 2025-08-19 |
| Storm-0978 | 23 | 4 | 2025-08-19 |
| TA558 | 399 | 1 | 2025-08-19 |
| Taidoor | 853 | 4 | 2025-08-19 |
| TGR-CRI-0045 | 1 | 1 | 2025-08-19 |
| Turla | 450 | 4 | 2025-08-19 |
| UAC | 99 | 17 | 2025-08-19 |
| UAC-0063 | 11 | 2 | 2025-08-19 |
| UAC-0099 | 43 | 14 | 2025-08-19 |
| UAC-0154 | 1 | 1 | 2025-08-19 |
| UAC-0184 | 45 | 6 | 2025-08-19 |
| UNC1549 | 35 | 2 | 2025-08-19 |
| UNC5221 | 16 | 5 | 2025-08-19 |
| UTG-Q-015 | 5 | 5 | 2025-08-19 |
| XDSpy | 53 | 42 | 2025-08-19 |