OSINT - TA505 IoC - 2020-06-06
OSINT - TA505 IoC - 2020-06-06
AI Analysis
Technical Summary
The provided information pertains to an OSINT (Open Source Intelligence) report on the threat actor TA505, dated June 6, 2020. TA505 is a well-known financially motivated cybercrime group recognized for its prolific use of malware campaigns, including ransomware and banking Trojans, often delivered via phishing emails and malicious attachments. This particular report appears to be an indicator of compromise (IoC) collection or analysis related to TA505's activities, focusing on payload delivery and network activity. However, no specific affected software versions, exploits, or malware samples are detailed in the report. The threat level is indicated as medium, with a certainty of 50%, suggesting moderate confidence in the intelligence. The report does not mention any patches or known exploits in the wild, indicating that this is more of a threat actor profile and activity overview rather than a vulnerability disclosure. TA505 is known for leveraging large-scale spam campaigns to distribute malware payloads, often targeting financial institutions, retail, and other sectors. The lack of specific technical indicators or vulnerabilities limits the granularity of this analysis, but the persistent and evolving nature of TA505's campaigns makes it a relevant threat for organizations to monitor.
Potential Impact
For European organizations, the presence or activity of TA505 represents a significant risk primarily through phishing campaigns leading to malware infections such as ransomware or banking Trojans. Successful compromise can result in data theft, financial loss, operational disruption, and reputational damage. Given TA505's history of targeting financial institutions and retail sectors, European banks, payment processors, and e-commerce companies are particularly at risk. The impact extends to potential disruption of critical services and exposure of sensitive customer data, which could also lead to regulatory penalties under GDPR. The medium severity and moderate certainty suggest that while there is no immediate exploit or vulnerability to patch, organizations should remain vigilant against TA505's tactics, techniques, and procedures (TTPs), especially in the context of phishing and malware delivery.
Mitigation Recommendations
1. Enhance email security by deploying advanced anti-phishing solutions that include sandboxing and URL analysis to detect and block malicious attachments and links commonly used by TA505. 2. Conduct regular user awareness training focused on recognizing phishing attempts and social engineering tactics employed by TA505. 3. Implement network segmentation and strict access controls to limit lateral movement in case of a breach. 4. Employ endpoint detection and response (EDR) tools capable of identifying and mitigating malware behaviors associated with TA505 payloads. 5. Maintain up-to-date backups with offline or immutable storage to recover from potential ransomware attacks. 6. Monitor network traffic for unusual patterns or connections to known TA505 infrastructure using threat intelligence feeds. 7. Collaborate with national and European cybersecurity centers to share intelligence and receive timely alerts about TA505 activity. These measures go beyond generic advice by focusing on the specific delivery methods and behaviors associated with TA505.
Affected Countries
Germany, United Kingdom, France, Italy, Spain, Netherlands, Belgium, Poland
Indicators of Compromise
- hash: da69f29433079fd3362a44205288037e92a51649aee0dbdb7a004af979c1a2c0
- hash: ffa5704e0d8f90d2ff614a13a8592cc9214dd43ee63bfe55130406f0fe3d99f1
- hash: 8d14795b20647bf8ff806f9c9ea796f22fb4bca206451a4e099fc91a3b4b51da
- hash: 99e358f5cb421f5b27d6e6a25fd0d02c68dc91d9f35545109499210d3ebc09af
- hash: 729cac7c82d789304b4433aaf4954e5702ca51e4e33d1d7540bbd1d3db682aa1
- hash: 11c4d7d1295a5dd6a2e75d5ca9e63d17b860d85a4b536bb3261ecc7971ef1160
- hash: d83c4504b995d83d26e5d38154aadfd143e5c4f2ba4db74702ef1d9b23653a8a
- hash: c9852bc298d391e6e505c779f66f56ee2bc1c798a165c755400d7f53eef32af1
- hash: fb7a62b777cc0e8ef85881def16d3fbbda37623550834a75fe18211114a58348
- hash: 1aa9ff62b7c1443151a9fa3222fa6dbcb80e03cf605c35b0e6b89bba64395f09
- hash: 68297165307bba31cc24147b26619d464e9651ef9dc640e08017432fdc5d558c
- hash: f5bd2dfa0d751b21727043afd1f0d264391d539e39e5859afc9f746b9d254815
- hash: 7e63e4191deaec39a8876a53afba51f7422ab46452916eab894f4884b70d82f6
- hash: beabc893191a149e7a8977a494a07b6afba1e2427609e7b19ba5037d25b00f65
- hash: fff1078e1fd6595676a83b18639c6426daf5a78aab1295e185f5fa1d5b448106
- hash: 57f40bc3fe0c0fe4bb253a802a23b56601ded98a432f865859cdb5027c88fc9c
- hash: 477dce007f475e7709fd1f57d0a839857f0f0bfe9efd539fec6aef873bcfffc0
- hash: ba627162e299061e1ec7d15f06bb722d4c0dc7dfb52f503e46f45f401decf7e9
- hash: 74b502f9181fc1dcdcdf1751bd878a62752eff2069c258a422cfcbcd27ffc0db
- hash: 976f3e9c2f7c8eaff5daf9214707eb06b2aee4e9a1c38c110d7680ec58303dec
- hash: 3fb29a8d9260d17d55e68d7a94dce24195bf8659bd4ced4ee5a338208df162bb
- hash: b4deb3f933ef379e07a770692d228114f159a9e709b1a7ea1a03530d5931d621
- hash: 4e06ffed085764b0356faed9c1337724bd7ac6520fd4f1f8c161b3fd99b9cbba
- hash: 3785d529e4658e035205791c2d2165ba9075d3e0da14ec214da53cbb0a686f27
- link: https://github.com/MalwareLab-pl/ioc/blob/master/ta505.txt
- url: https://shr-links.com/syscap/upt64/
- ip: 92.38.163.14
- hash: 76d4d9710105e77f11023127c4603202
- hash: 5c9a006de991acb9c1eaa25ccd690a5969103613
- hash: 11c4d7d1295a5dd6a2e75d5ca9e63d17b860d85a4b536bb3261ecc7971ef1160
- datetime: 2020-06-05T15:56:50+00:00
- link: https://www.virustotal.com/gui/file/11c4d7d1295a5dd6a2e75d5ca9e63d17b860d85a4b536bb3261ecc7971ef1160/detection/f-11c4d7d1295a5dd6a2e75d5ca9e63d17b860d85a4b536bb3261ecc7971ef1160-1591372610
- text: 23/59
- hash: 7922dd7e868d11720447d92d055b5f41
- hash: 588fa2d1a8365c6730d5c38e60c031c22c9c7a6d
- hash: c9852bc298d391e6e505c779f66f56ee2bc1c798a165c755400d7f53eef32af1
- datetime: 2020-06-05T15:41:00+00:00
- link: https://www.virustotal.com/gui/file/c9852bc298d391e6e505c779f66f56ee2bc1c798a165c755400d7f53eef32af1/detection/f-c9852bc298d391e6e505c779f66f56ee2bc1c798a165c755400d7f53eef32af1-1591371660
- text: 24/61
- hash: be1c1c8e84f203611ff89262c516d3eb
- hash: b6ade2071fbf76d3813b203d1169298a2affeecc
- hash: ffa5704e0d8f90d2ff614a13a8592cc9214dd43ee63bfe55130406f0fe3d99f1
- datetime: 2020-06-07T08:47:46+00:00
- link: https://www.virustotal.com/gui/file/ffa5704e0d8f90d2ff614a13a8592cc9214dd43ee63bfe55130406f0fe3d99f1/detection/f-ffa5704e0d8f90d2ff614a13a8592cc9214dd43ee63bfe55130406f0fe3d99f1-1591519666
- text: 35/61
- hash: 192850f198984a57f3379aca25071fe5
- hash: a43b96ec81b6f59be3c7ea84116150f22522b6a7
- hash: f5bd2dfa0d751b21727043afd1f0d264391d539e39e5859afc9f746b9d254815
- datetime: 2020-06-07T08:47:19+00:00
- link: https://www.virustotal.com/gui/file/f5bd2dfa0d751b21727043afd1f0d264391d539e39e5859afc9f746b9d254815/detection/f-f5bd2dfa0d751b21727043afd1f0d264391d539e39e5859afc9f746b9d254815-1591519639
- text: 33/61
- hash: 72734bd6dae49c29c75c3d620569b240
- hash: ced97bb4810cd20ee8c34d66eabe9ebe198a4fbd
- hash: 99e358f5cb421f5b27d6e6a25fd0d02c68dc91d9f35545109499210d3ebc09af
- datetime: 2020-06-05T16:18:04+00:00
- link: https://www.virustotal.com/gui/file/99e358f5cb421f5b27d6e6a25fd0d02c68dc91d9f35545109499210d3ebc09af/detection/f-99e358f5cb421f5b27d6e6a25fd0d02c68dc91d9f35545109499210d3ebc09af-1591373884
- text: 24/61
- hash: 8ba0e2bfcf76a6e29451ef6246f88027
- hash: ca96f20bdfbb5966735b2b2919d05201d8171eff
- hash: 3fb29a8d9260d17d55e68d7a94dce24195bf8659bd4ced4ee5a338208df162bb
- datetime: 2020-06-07T08:47:36+00:00
- link: https://www.virustotal.com/gui/file/3fb29a8d9260d17d55e68d7a94dce24195bf8659bd4ced4ee5a338208df162bb/detection/f-3fb29a8d9260d17d55e68d7a94dce24195bf8659bd4ced4ee5a338208df162bb-1591519656
- text: 36/62
- hash: 8e0362dc80fe13c0516269629917a5c6
- hash: 877efed5d8335226013748d5c2c4bbb1f54c3f4c
- hash: beabc893191a149e7a8977a494a07b6afba1e2427609e7b19ba5037d25b00f65
- datetime: 2020-06-07T08:47:37+00:00
- link: https://www.virustotal.com/gui/file/beabc893191a149e7a8977a494a07b6afba1e2427609e7b19ba5037d25b00f65/detection/f-beabc893191a149e7a8977a494a07b6afba1e2427609e7b19ba5037d25b00f65-1591519657
- text: 36/62
- hash: 0371319d18d95c62224f9f00f0c5f559
- hash: 61ad9193b0d4d16c819e0c3a910a31503003911b
- hash: 729cac7c82d789304b4433aaf4954e5702ca51e4e33d1d7540bbd1d3db682aa1
- datetime: 2020-06-07T14:33:48+00:00
- link: https://www.virustotal.com/gui/file/729cac7c82d789304b4433aaf4954e5702ca51e4e33d1d7540bbd1d3db682aa1/detection/f-729cac7c82d789304b4433aaf4954e5702ca51e4e33d1d7540bbd1d3db682aa1-1591540428
- text: 35/61
- hash: a7befa28b5b2677ed603642e68e71f14
- hash: b0e7d5bddc5be96b5d19f37acd6d8b9c0bba98d4
- hash: 477dce007f475e7709fd1f57d0a839857f0f0bfe9efd539fec6aef873bcfffc0
- datetime: 2020-06-07T08:47:43+00:00
- link: https://www.virustotal.com/gui/file/477dce007f475e7709fd1f57d0a839857f0f0bfe9efd539fec6aef873bcfffc0/detection/f-477dce007f475e7709fd1f57d0a839857f0f0bfe9efd539fec6aef873bcfffc0-1591519663
- text: 35/62
- hash: 0b7efd2e4625db9aa96790b1b1ff0606
- hash: 665814a856d2cc5bb8c384abe6c8e3e86bbe457a
- hash: 4e06ffed085764b0356faed9c1337724bd7ac6520fd4f1f8c161b3fd99b9cbba
- datetime: 2020-06-07T08:47:17+00:00
- link: https://www.virustotal.com/gui/file/4e06ffed085764b0356faed9c1337724bd7ac6520fd4f1f8c161b3fd99b9cbba/detection/f-4e06ffed085764b0356faed9c1337724bd7ac6520fd4f1f8c161b3fd99b9cbba-1591519637
- text: 36/62
- hash: e42530cdf26863a64cf3e2a36ce453a0
- hash: 9ac036fce02324247d814248545698728c6801fa
- hash: 1aa9ff62b7c1443151a9fa3222fa6dbcb80e03cf605c35b0e6b89bba64395f09
- datetime: 2020-06-07T08:47:53+00:00
- link: https://www.virustotal.com/gui/file/1aa9ff62b7c1443151a9fa3222fa6dbcb80e03cf605c35b0e6b89bba64395f09/detection/f-1aa9ff62b7c1443151a9fa3222fa6dbcb80e03cf605c35b0e6b89bba64395f09-1591519673
- text: 36/62
- hash: 5ef8996aa04140bdb8b2cc06dcf9295b
- hash: 7c96dd8b7c2db3d73a49cf2f89d2ac2039d4cc13
- hash: 74b502f9181fc1dcdcdf1751bd878a62752eff2069c258a422cfcbcd27ffc0db
- datetime: 2020-06-07T08:47:31+00:00
- link: https://www.virustotal.com/gui/file/74b502f9181fc1dcdcdf1751bd878a62752eff2069c258a422cfcbcd27ffc0db/detection/f-74b502f9181fc1dcdcdf1751bd878a62752eff2069c258a422cfcbcd27ffc0db-1591519651
- text: 35/62
- hash: 70bee4614d6feed54067b2326dac0d8c
- hash: 6226b2ef35896bbab2024a574efd0bbae60a2f95
- hash: 8d14795b20647bf8ff806f9c9ea796f22fb4bca206451a4e099fc91a3b4b51da
- datetime: 2020-06-05T17:25:24+00:00
- link: https://www.virustotal.com/gui/file/8d14795b20647bf8ff806f9c9ea796f22fb4bca206451a4e099fc91a3b4b51da/detection/f-8d14795b20647bf8ff806f9c9ea796f22fb4bca206451a4e099fc91a3b4b51da-1591377924
- text: 27/61
- hash: 3db430270c732bd63b2fdbe9f261418c
- hash: 018f669a416c7e70faf667bc00bdbd28589688c4
- hash: 68297165307bba31cc24147b26619d464e9651ef9dc640e08017432fdc5d558c
- datetime: 2020-06-07T08:47:26+00:00
- link: https://www.virustotal.com/gui/file/68297165307bba31cc24147b26619d464e9651ef9dc640e08017432fdc5d558c/detection/f-68297165307bba31cc24147b26619d464e9651ef9dc640e08017432fdc5d558c-1591519646
- text: 35/62
- hash: 2a00e6a23e50628c3a14bf899cd90fb3
- hash: 915e6c4ec3a8ba5c5840818c4dfd7264d223af0d
- hash: fb7a62b777cc0e8ef85881def16d3fbbda37623550834a75fe18211114a58348
- datetime: 2020-06-05T15:22:51+00:00
- link: https://www.virustotal.com/gui/file/fb7a62b777cc0e8ef85881def16d3fbbda37623550834a75fe18211114a58348/detection/f-fb7a62b777cc0e8ef85881def16d3fbbda37623550834a75fe18211114a58348-1591370571
- text: 24/61
- hash: 03d2595f08bf26294c85ef4a323cce6b
- hash: 58564d5b674408cd945101fc51016f34f5cdcf0b
- hash: ba627162e299061e1ec7d15f06bb722d4c0dc7dfb52f503e46f45f401decf7e9
- datetime: 2020-06-07T08:47:16+00:00
- link: https://www.virustotal.com/gui/file/ba627162e299061e1ec7d15f06bb722d4c0dc7dfb52f503e46f45f401decf7e9/detection/f-ba627162e299061e1ec7d15f06bb722d4c0dc7dfb52f503e46f45f401decf7e9-1591519636
- text: 35/61
- hash: 23d54d1cbcf95f8ced8e0bfc30d297f4
- hash: 29e23e8490b68c749c302650e9779e54d976ea15
- hash: 976f3e9c2f7c8eaff5daf9214707eb06b2aee4e9a1c38c110d7680ec58303dec
- datetime: 2020-06-05T13:04:11+00:00
- link: https://www.virustotal.com/gui/file/976f3e9c2f7c8eaff5daf9214707eb06b2aee4e9a1c38c110d7680ec58303dec/detection/f-976f3e9c2f7c8eaff5daf9214707eb06b2aee4e9a1c38c110d7680ec58303dec-1591362251
- text: 8/60
- hash: 095b95375b6710664b72eef48d7e3af1
- hash: 8c0479901702cbab4e90e3c974277a38621e9fe9
- hash: b4deb3f933ef379e07a770692d228114f159a9e709b1a7ea1a03530d5931d621
- datetime: 2020-06-07T08:47:17+00:00
- link: https://www.virustotal.com/gui/file/b4deb3f933ef379e07a770692d228114f159a9e709b1a7ea1a03530d5931d621/detection/f-b4deb3f933ef379e07a770692d228114f159a9e709b1a7ea1a03530d5931d621-1591519637
- text: 35/62
- hash: 176b9dcdae46842e45ec7d6498c1e632
- hash: 857a5b9974c0f14e9e6545fca74ce5752d81b8c5
- hash: d83c4504b995d83d26e5d38154aadfd143e5c4f2ba4db74702ef1d9b23653a8a
- datetime: 2020-06-07T08:47:18+00:00
- link: https://www.virustotal.com/gui/file/d83c4504b995d83d26e5d38154aadfd143e5c4f2ba4db74702ef1d9b23653a8a/detection/f-d83c4504b995d83d26e5d38154aadfd143e5c4f2ba4db74702ef1d9b23653a8a-1591519638
- text: 35/62
- hash: 8e4c6545134b1f950f4994c3117e938a
- hash: 7d283592694c9cfdb8f4bdde6bfccda74cf576bf
- hash: 3785d529e4658e035205791c2d2165ba9075d3e0da14ec214da53cbb0a686f27
- datetime: 2020-06-07T08:47:37+00:00
- link: https://www.virustotal.com/gui/file/3785d529e4658e035205791c2d2165ba9075d3e0da14ec214da53cbb0a686f27/detection/f-3785d529e4658e035205791c2d2165ba9075d3e0da14ec214da53cbb0a686f27-1591519657
- text: 35/62
- hash: 5f827d1c77e743a1afc97a5116f6dc8d
- hash: 472ab52d68e82d8a26ebf2692dd8939b29297097
- hash: da69f29433079fd3362a44205288037e92a51649aee0dbdb7a004af979c1a2c0
- datetime: 2020-06-07T08:47:31+00:00
- link: https://www.virustotal.com/gui/file/da69f29433079fd3362a44205288037e92a51649aee0dbdb7a004af979c1a2c0/detection/f-da69f29433079fd3362a44205288037e92a51649aee0dbdb7a004af979c1a2c0-1591519651
- text: 35/62
- hash: 27d945c488031ba6b3fde4969ee497b7
- hash: e44ec2d2ecc92399644f8b2121b5ad0d477be989
- hash: 57f40bc3fe0c0fe4bb253a802a23b56601ded98a432f865859cdb5027c88fc9c
- datetime: 2020-06-07T08:47:22+00:00
- link: https://www.virustotal.com/gui/file/57f40bc3fe0c0fe4bb253a802a23b56601ded98a432f865859cdb5027c88fc9c/detection/f-57f40bc3fe0c0fe4bb253a802a23b56601ded98a432f865859cdb5027c88fc9c-1591519642
- text: 35/62
- hash: b8e872c70a524be967a7433da70cb290
- hash: 6fa99b401074456c2c2780031f0f468645049b0e
- hash: fff1078e1fd6595676a83b18639c6426daf5a78aab1295e185f5fa1d5b448106
- datetime: 2020-06-07T08:47:46+00:00
- link: https://www.virustotal.com/gui/file/fff1078e1fd6595676a83b18639c6426daf5a78aab1295e185f5fa1d5b448106/detection/f-fff1078e1fd6595676a83b18639c6426daf5a78aab1295e185f5fa1d5b448106-1591519666
- text: 36/62
- hash: e249d3d1c0832edf6420f57d74a22a6a
- hash: 46526876907d34bc399578045e1fbce8d4e90cc3
- hash: 7e63e4191deaec39a8876a53afba51f7422ab46452916eab894f4884b70d82f6
- datetime: 2020-06-07T08:47:53+00:00
- link: https://www.virustotal.com/gui/file/7e63e4191deaec39a8876a53afba51f7422ab46452916eab894f4884b70d82f6/detection/f-7e63e4191deaec39a8876a53afba51f7422ab46452916eab894f4884b70d82f6-1591519673
- text: 35/61
OSINT - TA505 IoC - 2020-06-06
Description
OSINT - TA505 IoC - 2020-06-06
AI-Powered Analysis
Technical Analysis
The provided information pertains to an OSINT (Open Source Intelligence) report on the threat actor TA505, dated June 6, 2020. TA505 is a well-known financially motivated cybercrime group recognized for its prolific use of malware campaigns, including ransomware and banking Trojans, often delivered via phishing emails and malicious attachments. This particular report appears to be an indicator of compromise (IoC) collection or analysis related to TA505's activities, focusing on payload delivery and network activity. However, no specific affected software versions, exploits, or malware samples are detailed in the report. The threat level is indicated as medium, with a certainty of 50%, suggesting moderate confidence in the intelligence. The report does not mention any patches or known exploits in the wild, indicating that this is more of a threat actor profile and activity overview rather than a vulnerability disclosure. TA505 is known for leveraging large-scale spam campaigns to distribute malware payloads, often targeting financial institutions, retail, and other sectors. The lack of specific technical indicators or vulnerabilities limits the granularity of this analysis, but the persistent and evolving nature of TA505's campaigns makes it a relevant threat for organizations to monitor.
Potential Impact
For European organizations, the presence or activity of TA505 represents a significant risk primarily through phishing campaigns leading to malware infections such as ransomware or banking Trojans. Successful compromise can result in data theft, financial loss, operational disruption, and reputational damage. Given TA505's history of targeting financial institutions and retail sectors, European banks, payment processors, and e-commerce companies are particularly at risk. The impact extends to potential disruption of critical services and exposure of sensitive customer data, which could also lead to regulatory penalties under GDPR. The medium severity and moderate certainty suggest that while there is no immediate exploit or vulnerability to patch, organizations should remain vigilant against TA505's tactics, techniques, and procedures (TTPs), especially in the context of phishing and malware delivery.
Mitigation Recommendations
1. Enhance email security by deploying advanced anti-phishing solutions that include sandboxing and URL analysis to detect and block malicious attachments and links commonly used by TA505. 2. Conduct regular user awareness training focused on recognizing phishing attempts and social engineering tactics employed by TA505. 3. Implement network segmentation and strict access controls to limit lateral movement in case of a breach. 4. Employ endpoint detection and response (EDR) tools capable of identifying and mitigating malware behaviors associated with TA505 payloads. 5. Maintain up-to-date backups with offline or immutable storage to recover from potential ransomware attacks. 6. Monitor network traffic for unusual patterns or connections to known TA505 infrastructure using threat intelligence feeds. 7. Collaborate with national and European cybersecurity centers to share intelligence and receive timely alerts about TA505 activity. These measures go beyond generic advice by focusing on the specific delivery methods and behaviors associated with TA505.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 2
- Uuid
- 5eddeee6-22ec-419b-8634-429602de0b81
- Original Timestamp
- 1591603181
Indicators of Compromise
Hash
| Value | Description | Copy |
|---|---|---|
hashda69f29433079fd3362a44205288037e92a51649aee0dbdb7a004af979c1a2c0 | # get2 c2: shr-links.com | |
hashffa5704e0d8f90d2ff614a13a8592cc9214dd43ee63bfe55130406f0fe3d99f1 | # get2 c2: shr-links.com | |
hash8d14795b20647bf8ff806f9c9ea796f22fb4bca206451a4e099fc91a3b4b51da | # get2 c2: shr-links.com | |
hash99e358f5cb421f5b27d6e6a25fd0d02c68dc91d9f35545109499210d3ebc09af | # get2 c2: shr-links.com | |
hash729cac7c82d789304b4433aaf4954e5702ca51e4e33d1d7540bbd1d3db682aa1 | # get2 c2: shr-links.com | |
hash11c4d7d1295a5dd6a2e75d5ca9e63d17b860d85a4b536bb3261ecc7971ef1160 | # get2 c2: shr-links.com | |
hashd83c4504b995d83d26e5d38154aadfd143e5c4f2ba4db74702ef1d9b23653a8a | # get2 c2: shr-links.com | |
hashc9852bc298d391e6e505c779f66f56ee2bc1c798a165c755400d7f53eef32af1 | # get2 c2: shr-links.com | |
hashfb7a62b777cc0e8ef85881def16d3fbbda37623550834a75fe18211114a58348 | # get2 c2: shr-links.com | |
hash1aa9ff62b7c1443151a9fa3222fa6dbcb80e03cf605c35b0e6b89bba64395f09 | # get2 c2: shr-links.com | |
hash68297165307bba31cc24147b26619d464e9651ef9dc640e08017432fdc5d558c | # get2 c2: shr-links.com | |
hashf5bd2dfa0d751b21727043afd1f0d264391d539e39e5859afc9f746b9d254815 | # get2 c2: shr-links.com | |
hash7e63e4191deaec39a8876a53afba51f7422ab46452916eab894f4884b70d82f6 | # get2 c2: shr-links.com | |
hashbeabc893191a149e7a8977a494a07b6afba1e2427609e7b19ba5037d25b00f65 | # get2 c2: shr-links.com | |
hashfff1078e1fd6595676a83b18639c6426daf5a78aab1295e185f5fa1d5b448106 | # get2 c2: shr-links.com | |
hash57f40bc3fe0c0fe4bb253a802a23b56601ded98a432f865859cdb5027c88fc9c | # get2 c2: shr-links.com | |
hash477dce007f475e7709fd1f57d0a839857f0f0bfe9efd539fec6aef873bcfffc0 | # get2 c2: shr-links.com | |
hashba627162e299061e1ec7d15f06bb722d4c0dc7dfb52f503e46f45f401decf7e9 | # get2 c2: shr-links.com | |
hash74b502f9181fc1dcdcdf1751bd878a62752eff2069c258a422cfcbcd27ffc0db | # get2 c2: shr-links.com | |
hash976f3e9c2f7c8eaff5daf9214707eb06b2aee4e9a1c38c110d7680ec58303dec | # get2 c2: shr-links.com | |
hash3fb29a8d9260d17d55e68d7a94dce24195bf8659bd4ced4ee5a338208df162bb | # get2 c2: shr-links.com | |
hashb4deb3f933ef379e07a770692d228114f159a9e709b1a7ea1a03530d5931d621 | # get2 c2: shr-links.com | |
hash4e06ffed085764b0356faed9c1337724bd7ac6520fd4f1f8c161b3fd99b9cbba | # get2 c2: shr-links.com | |
hash3785d529e4658e035205791c2d2165ba9075d3e0da14ec214da53cbb0a686f27 | # get2 c2: shr-links.com | |
hash76d4d9710105e77f11023127c4603202 | # get2 c2: shr-links.com | |
hash5c9a006de991acb9c1eaa25ccd690a5969103613 | # get2 c2: shr-links.com | |
hash11c4d7d1295a5dd6a2e75d5ca9e63d17b860d85a4b536bb3261ecc7971ef1160 | # get2 c2: shr-links.com | |
hash7922dd7e868d11720447d92d055b5f41 | # get2 c2: shr-links.com | |
hash588fa2d1a8365c6730d5c38e60c031c22c9c7a6d | # get2 c2: shr-links.com | |
hashc9852bc298d391e6e505c779f66f56ee2bc1c798a165c755400d7f53eef32af1 | # get2 c2: shr-links.com | |
hashbe1c1c8e84f203611ff89262c516d3eb | # get2 c2: shr-links.com | |
hashb6ade2071fbf76d3813b203d1169298a2affeecc | # get2 c2: shr-links.com | |
hashffa5704e0d8f90d2ff614a13a8592cc9214dd43ee63bfe55130406f0fe3d99f1 | # get2 c2: shr-links.com | |
hash192850f198984a57f3379aca25071fe5 | # get2 c2: shr-links.com | |
hasha43b96ec81b6f59be3c7ea84116150f22522b6a7 | # get2 c2: shr-links.com | |
hashf5bd2dfa0d751b21727043afd1f0d264391d539e39e5859afc9f746b9d254815 | # get2 c2: shr-links.com | |
hash72734bd6dae49c29c75c3d620569b240 | # get2 c2: shr-links.com | |
hashced97bb4810cd20ee8c34d66eabe9ebe198a4fbd | # get2 c2: shr-links.com | |
hash99e358f5cb421f5b27d6e6a25fd0d02c68dc91d9f35545109499210d3ebc09af | # get2 c2: shr-links.com | |
hash8ba0e2bfcf76a6e29451ef6246f88027 | # get2 c2: shr-links.com | |
hashca96f20bdfbb5966735b2b2919d05201d8171eff | # get2 c2: shr-links.com | |
hash3fb29a8d9260d17d55e68d7a94dce24195bf8659bd4ced4ee5a338208df162bb | # get2 c2: shr-links.com | |
hash8e0362dc80fe13c0516269629917a5c6 | # get2 c2: shr-links.com | |
hash877efed5d8335226013748d5c2c4bbb1f54c3f4c | # get2 c2: shr-links.com | |
hashbeabc893191a149e7a8977a494a07b6afba1e2427609e7b19ba5037d25b00f65 | # get2 c2: shr-links.com | |
hash0371319d18d95c62224f9f00f0c5f559 | # get2 c2: shr-links.com | |
hash61ad9193b0d4d16c819e0c3a910a31503003911b | # get2 c2: shr-links.com | |
hash729cac7c82d789304b4433aaf4954e5702ca51e4e33d1d7540bbd1d3db682aa1 | # get2 c2: shr-links.com | |
hasha7befa28b5b2677ed603642e68e71f14 | # get2 c2: shr-links.com | |
hashb0e7d5bddc5be96b5d19f37acd6d8b9c0bba98d4 | # get2 c2: shr-links.com | |
hash477dce007f475e7709fd1f57d0a839857f0f0bfe9efd539fec6aef873bcfffc0 | # get2 c2: shr-links.com | |
hash0b7efd2e4625db9aa96790b1b1ff0606 | # get2 c2: shr-links.com | |
hash665814a856d2cc5bb8c384abe6c8e3e86bbe457a | # get2 c2: shr-links.com | |
hash4e06ffed085764b0356faed9c1337724bd7ac6520fd4f1f8c161b3fd99b9cbba | # get2 c2: shr-links.com | |
hashe42530cdf26863a64cf3e2a36ce453a0 | # get2 c2: shr-links.com | |
hash9ac036fce02324247d814248545698728c6801fa | # get2 c2: shr-links.com | |
hash1aa9ff62b7c1443151a9fa3222fa6dbcb80e03cf605c35b0e6b89bba64395f09 | # get2 c2: shr-links.com | |
hash5ef8996aa04140bdb8b2cc06dcf9295b | # get2 c2: shr-links.com | |
hash7c96dd8b7c2db3d73a49cf2f89d2ac2039d4cc13 | # get2 c2: shr-links.com | |
hash74b502f9181fc1dcdcdf1751bd878a62752eff2069c258a422cfcbcd27ffc0db | # get2 c2: shr-links.com | |
hash70bee4614d6feed54067b2326dac0d8c | # get2 c2: shr-links.com | |
hash6226b2ef35896bbab2024a574efd0bbae60a2f95 | # get2 c2: shr-links.com | |
hash8d14795b20647bf8ff806f9c9ea796f22fb4bca206451a4e099fc91a3b4b51da | # get2 c2: shr-links.com | |
hash3db430270c732bd63b2fdbe9f261418c | # get2 c2: shr-links.com | |
hash018f669a416c7e70faf667bc00bdbd28589688c4 | # get2 c2: shr-links.com | |
hash68297165307bba31cc24147b26619d464e9651ef9dc640e08017432fdc5d558c | # get2 c2: shr-links.com | |
hash2a00e6a23e50628c3a14bf899cd90fb3 | # get2 c2: shr-links.com | |
hash915e6c4ec3a8ba5c5840818c4dfd7264d223af0d | # get2 c2: shr-links.com | |
hashfb7a62b777cc0e8ef85881def16d3fbbda37623550834a75fe18211114a58348 | # get2 c2: shr-links.com | |
hash03d2595f08bf26294c85ef4a323cce6b | # get2 c2: shr-links.com | |
hash58564d5b674408cd945101fc51016f34f5cdcf0b | # get2 c2: shr-links.com | |
hashba627162e299061e1ec7d15f06bb722d4c0dc7dfb52f503e46f45f401decf7e9 | # get2 c2: shr-links.com | |
hash23d54d1cbcf95f8ced8e0bfc30d297f4 | # get2 c2: shr-links.com | |
hash29e23e8490b68c749c302650e9779e54d976ea15 | # get2 c2: shr-links.com | |
hash976f3e9c2f7c8eaff5daf9214707eb06b2aee4e9a1c38c110d7680ec58303dec | # get2 c2: shr-links.com | |
hash095b95375b6710664b72eef48d7e3af1 | # get2 c2: shr-links.com | |
hash8c0479901702cbab4e90e3c974277a38621e9fe9 | # get2 c2: shr-links.com | |
hashb4deb3f933ef379e07a770692d228114f159a9e709b1a7ea1a03530d5931d621 | # get2 c2: shr-links.com | |
hash176b9dcdae46842e45ec7d6498c1e632 | # get2 c2: shr-links.com | |
hash857a5b9974c0f14e9e6545fca74ce5752d81b8c5 | # get2 c2: shr-links.com | |
hashd83c4504b995d83d26e5d38154aadfd143e5c4f2ba4db74702ef1d9b23653a8a | # get2 c2: shr-links.com | |
hash8e4c6545134b1f950f4994c3117e938a | # get2 c2: shr-links.com | |
hash7d283592694c9cfdb8f4bdde6bfccda74cf576bf | # get2 c2: shr-links.com | |
hash3785d529e4658e035205791c2d2165ba9075d3e0da14ec214da53cbb0a686f27 | # get2 c2: shr-links.com | |
hash5f827d1c77e743a1afc97a5116f6dc8d | # get2 c2: shr-links.com | |
hash472ab52d68e82d8a26ebf2692dd8939b29297097 | # get2 c2: shr-links.com | |
hashda69f29433079fd3362a44205288037e92a51649aee0dbdb7a004af979c1a2c0 | # get2 c2: shr-links.com | |
hash27d945c488031ba6b3fde4969ee497b7 | # get2 c2: shr-links.com | |
hashe44ec2d2ecc92399644f8b2121b5ad0d477be989 | # get2 c2: shr-links.com | |
hash57f40bc3fe0c0fe4bb253a802a23b56601ded98a432f865859cdb5027c88fc9c | # get2 c2: shr-links.com | |
hashb8e872c70a524be967a7433da70cb290 | # get2 c2: shr-links.com | |
hash6fa99b401074456c2c2780031f0f468645049b0e | # get2 c2: shr-links.com | |
hashfff1078e1fd6595676a83b18639c6426daf5a78aab1295e185f5fa1d5b448106 | # get2 c2: shr-links.com | |
hashe249d3d1c0832edf6420f57d74a22a6a | # get2 c2: shr-links.com | |
hash46526876907d34bc399578045e1fbce8d4e90cc3 | # get2 c2: shr-links.com | |
hash7e63e4191deaec39a8876a53afba51f7422ab46452916eab894f4884b70d82f6 | # get2 c2: shr-links.com |
Link
| Value | Description | Copy |
|---|---|---|
linkhttps://github.com/MalwareLab-pl/ioc/blob/master/ta505.txt | — | |
linkhttps://www.virustotal.com/gui/file/11c4d7d1295a5dd6a2e75d5ca9e63d17b860d85a4b536bb3261ecc7971ef1160/detection/f-11c4d7d1295a5dd6a2e75d5ca9e63d17b860d85a4b536bb3261ecc7971ef1160-1591372610 | # get2 c2: shr-links.com | |
linkhttps://www.virustotal.com/gui/file/c9852bc298d391e6e505c779f66f56ee2bc1c798a165c755400d7f53eef32af1/detection/f-c9852bc298d391e6e505c779f66f56ee2bc1c798a165c755400d7f53eef32af1-1591371660 | # get2 c2: shr-links.com | |
linkhttps://www.virustotal.com/gui/file/ffa5704e0d8f90d2ff614a13a8592cc9214dd43ee63bfe55130406f0fe3d99f1/detection/f-ffa5704e0d8f90d2ff614a13a8592cc9214dd43ee63bfe55130406f0fe3d99f1-1591519666 | # get2 c2: shr-links.com | |
linkhttps://www.virustotal.com/gui/file/f5bd2dfa0d751b21727043afd1f0d264391d539e39e5859afc9f746b9d254815/detection/f-f5bd2dfa0d751b21727043afd1f0d264391d539e39e5859afc9f746b9d254815-1591519639 | # get2 c2: shr-links.com | |
linkhttps://www.virustotal.com/gui/file/99e358f5cb421f5b27d6e6a25fd0d02c68dc91d9f35545109499210d3ebc09af/detection/f-99e358f5cb421f5b27d6e6a25fd0d02c68dc91d9f35545109499210d3ebc09af-1591373884 | # get2 c2: shr-links.com | |
linkhttps://www.virustotal.com/gui/file/3fb29a8d9260d17d55e68d7a94dce24195bf8659bd4ced4ee5a338208df162bb/detection/f-3fb29a8d9260d17d55e68d7a94dce24195bf8659bd4ced4ee5a338208df162bb-1591519656 | # get2 c2: shr-links.com | |
linkhttps://www.virustotal.com/gui/file/beabc893191a149e7a8977a494a07b6afba1e2427609e7b19ba5037d25b00f65/detection/f-beabc893191a149e7a8977a494a07b6afba1e2427609e7b19ba5037d25b00f65-1591519657 | # get2 c2: shr-links.com | |
linkhttps://www.virustotal.com/gui/file/729cac7c82d789304b4433aaf4954e5702ca51e4e33d1d7540bbd1d3db682aa1/detection/f-729cac7c82d789304b4433aaf4954e5702ca51e4e33d1d7540bbd1d3db682aa1-1591540428 | # get2 c2: shr-links.com | |
linkhttps://www.virustotal.com/gui/file/477dce007f475e7709fd1f57d0a839857f0f0bfe9efd539fec6aef873bcfffc0/detection/f-477dce007f475e7709fd1f57d0a839857f0f0bfe9efd539fec6aef873bcfffc0-1591519663 | # get2 c2: shr-links.com | |
linkhttps://www.virustotal.com/gui/file/4e06ffed085764b0356faed9c1337724bd7ac6520fd4f1f8c161b3fd99b9cbba/detection/f-4e06ffed085764b0356faed9c1337724bd7ac6520fd4f1f8c161b3fd99b9cbba-1591519637 | # get2 c2: shr-links.com | |
linkhttps://www.virustotal.com/gui/file/1aa9ff62b7c1443151a9fa3222fa6dbcb80e03cf605c35b0e6b89bba64395f09/detection/f-1aa9ff62b7c1443151a9fa3222fa6dbcb80e03cf605c35b0e6b89bba64395f09-1591519673 | # get2 c2: shr-links.com | |
linkhttps://www.virustotal.com/gui/file/74b502f9181fc1dcdcdf1751bd878a62752eff2069c258a422cfcbcd27ffc0db/detection/f-74b502f9181fc1dcdcdf1751bd878a62752eff2069c258a422cfcbcd27ffc0db-1591519651 | # get2 c2: shr-links.com | |
linkhttps://www.virustotal.com/gui/file/8d14795b20647bf8ff806f9c9ea796f22fb4bca206451a4e099fc91a3b4b51da/detection/f-8d14795b20647bf8ff806f9c9ea796f22fb4bca206451a4e099fc91a3b4b51da-1591377924 | # get2 c2: shr-links.com | |
linkhttps://www.virustotal.com/gui/file/68297165307bba31cc24147b26619d464e9651ef9dc640e08017432fdc5d558c/detection/f-68297165307bba31cc24147b26619d464e9651ef9dc640e08017432fdc5d558c-1591519646 | # get2 c2: shr-links.com | |
linkhttps://www.virustotal.com/gui/file/fb7a62b777cc0e8ef85881def16d3fbbda37623550834a75fe18211114a58348/detection/f-fb7a62b777cc0e8ef85881def16d3fbbda37623550834a75fe18211114a58348-1591370571 | # get2 c2: shr-links.com | |
linkhttps://www.virustotal.com/gui/file/ba627162e299061e1ec7d15f06bb722d4c0dc7dfb52f503e46f45f401decf7e9/detection/f-ba627162e299061e1ec7d15f06bb722d4c0dc7dfb52f503e46f45f401decf7e9-1591519636 | # get2 c2: shr-links.com | |
linkhttps://www.virustotal.com/gui/file/976f3e9c2f7c8eaff5daf9214707eb06b2aee4e9a1c38c110d7680ec58303dec/detection/f-976f3e9c2f7c8eaff5daf9214707eb06b2aee4e9a1c38c110d7680ec58303dec-1591362251 | # get2 c2: shr-links.com | |
linkhttps://www.virustotal.com/gui/file/b4deb3f933ef379e07a770692d228114f159a9e709b1a7ea1a03530d5931d621/detection/f-b4deb3f933ef379e07a770692d228114f159a9e709b1a7ea1a03530d5931d621-1591519637 | # get2 c2: shr-links.com | |
linkhttps://www.virustotal.com/gui/file/d83c4504b995d83d26e5d38154aadfd143e5c4f2ba4db74702ef1d9b23653a8a/detection/f-d83c4504b995d83d26e5d38154aadfd143e5c4f2ba4db74702ef1d9b23653a8a-1591519638 | # get2 c2: shr-links.com | |
linkhttps://www.virustotal.com/gui/file/3785d529e4658e035205791c2d2165ba9075d3e0da14ec214da53cbb0a686f27/detection/f-3785d529e4658e035205791c2d2165ba9075d3e0da14ec214da53cbb0a686f27-1591519657 | # get2 c2: shr-links.com | |
linkhttps://www.virustotal.com/gui/file/da69f29433079fd3362a44205288037e92a51649aee0dbdb7a004af979c1a2c0/detection/f-da69f29433079fd3362a44205288037e92a51649aee0dbdb7a004af979c1a2c0-1591519651 | # get2 c2: shr-links.com | |
linkhttps://www.virustotal.com/gui/file/57f40bc3fe0c0fe4bb253a802a23b56601ded98a432f865859cdb5027c88fc9c/detection/f-57f40bc3fe0c0fe4bb253a802a23b56601ded98a432f865859cdb5027c88fc9c-1591519642 | # get2 c2: shr-links.com | |
linkhttps://www.virustotal.com/gui/file/fff1078e1fd6595676a83b18639c6426daf5a78aab1295e185f5fa1d5b448106/detection/f-fff1078e1fd6595676a83b18639c6426daf5a78aab1295e185f5fa1d5b448106-1591519666 | # get2 c2: shr-links.com | |
linkhttps://www.virustotal.com/gui/file/7e63e4191deaec39a8876a53afba51f7422ab46452916eab894f4884b70d82f6/detection/f-7e63e4191deaec39a8876a53afba51f7422ab46452916eab894f4884b70d82f6-1591519673 | # get2 c2: shr-links.com |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://shr-links.com/syscap/upt64/ | — |
Ip
| Value | Description | Copy |
|---|---|---|
ip92.38.163.14 | — |
Datetime
| Value | Description | Copy |
|---|---|---|
datetime2020-06-05T15:56:50+00:00 | # get2 c2: shr-links.com | |
datetime2020-06-05T15:41:00+00:00 | # get2 c2: shr-links.com | |
datetime2020-06-07T08:47:46+00:00 | # get2 c2: shr-links.com | |
datetime2020-06-07T08:47:19+00:00 | # get2 c2: shr-links.com | |
datetime2020-06-05T16:18:04+00:00 | # get2 c2: shr-links.com | |
datetime2020-06-07T08:47:36+00:00 | # get2 c2: shr-links.com | |
datetime2020-06-07T08:47:37+00:00 | # get2 c2: shr-links.com | |
datetime2020-06-07T14:33:48+00:00 | # get2 c2: shr-links.com | |
datetime2020-06-07T08:47:43+00:00 | # get2 c2: shr-links.com | |
datetime2020-06-07T08:47:17+00:00 | # get2 c2: shr-links.com | |
datetime2020-06-07T08:47:53+00:00 | # get2 c2: shr-links.com | |
datetime2020-06-07T08:47:31+00:00 | # get2 c2: shr-links.com | |
datetime2020-06-05T17:25:24+00:00 | # get2 c2: shr-links.com | |
datetime2020-06-07T08:47:26+00:00 | # get2 c2: shr-links.com | |
datetime2020-06-05T15:22:51+00:00 | # get2 c2: shr-links.com | |
datetime2020-06-07T08:47:16+00:00 | # get2 c2: shr-links.com | |
datetime2020-06-05T13:04:11+00:00 | # get2 c2: shr-links.com | |
datetime2020-06-07T08:47:17+00:00 | # get2 c2: shr-links.com | |
datetime2020-06-07T08:47:18+00:00 | # get2 c2: shr-links.com | |
datetime2020-06-07T08:47:37+00:00 | # get2 c2: shr-links.com | |
datetime2020-06-07T08:47:31+00:00 | # get2 c2: shr-links.com | |
datetime2020-06-07T08:47:22+00:00 | # get2 c2: shr-links.com | |
datetime2020-06-07T08:47:46+00:00 | # get2 c2: shr-links.com | |
datetime2020-06-07T08:47:53+00:00 | # get2 c2: shr-links.com |
Text
| Value | Description | Copy |
|---|---|---|
text23/59 | # get2 c2: shr-links.com | |
text24/61 | # get2 c2: shr-links.com | |
text35/61 | # get2 c2: shr-links.com | |
text33/61 | # get2 c2: shr-links.com | |
text24/61 | # get2 c2: shr-links.com | |
text36/62 | # get2 c2: shr-links.com | |
text36/62 | # get2 c2: shr-links.com | |
text35/61 | # get2 c2: shr-links.com | |
text35/62 | # get2 c2: shr-links.com | |
text36/62 | # get2 c2: shr-links.com | |
text36/62 | # get2 c2: shr-links.com | |
text35/62 | # get2 c2: shr-links.com | |
text27/61 | # get2 c2: shr-links.com | |
text35/62 | # get2 c2: shr-links.com | |
text24/61 | # get2 c2: shr-links.com | |
text35/61 | # get2 c2: shr-links.com | |
text8/60 | # get2 c2: shr-links.com | |
text35/62 | # get2 c2: shr-links.com | |
text35/62 | # get2 c2: shr-links.com | |
text35/62 | # get2 c2: shr-links.com | |
text35/62 | # get2 c2: shr-links.com | |
text35/62 | # get2 c2: shr-links.com | |
text36/62 | # get2 c2: shr-links.com | |
text35/61 | # get2 c2: shr-links.com |
Threat ID: 682c7adce3e6de8ceb7784bd
Added to database: 5/20/2025, 12:51:40 PM
Last enriched: 6/19/2025, 2:19:59 PM
Last updated: 8/12/2025, 7:14:20 AM
Views: 11
Related Threats
Actions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.