Skip to content

Instantly share code, notes, and snippets.

Blevene Blevene

  • Google
Block or report user

Report or block Blevene

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View Rietspoof
f5d739b5b15530be8acafc0f4f358ec48efbe3b1a5d7debbf94bed17b2a3b940
acf46be54c303002d74df6c975083c706b3e1cb8a92e75516579cd0fe65ce918
9097f3cbedc79d1c1b91a0c3e776c19d07cb233d79e4af6f325e8d5d537348c2
426a4cd4fc593ad0b9b8050a3e4e89299db5aa32f72647f41905e43ab74abea3
5f6b90894eb7cc979c97cef0a33ed2308ef789bd0c4475fc572daa104c5a7993
523fcda29655bec72d941311e70e7e810cc5a040d527fb5739120e36fee2e5df
25d7718dc30eccd1a9a2bc037a49b98c503f8064a55a009b1818ba448bcad27b
1cdc2057c31742b43538d29d749b6a4a1f62be12beeb3a384c77ce17826ef9b9
5c06e75410dd1dbae2fadf7ffe09e7ef2d3dab3c24760141ff3ca20f2f80c140
30a44e3a5ea574049809eb57638b0fd7f11aab150ac791d202d930b7d3e7bd09
@Blevene
Blevene / 3AN Limited CN
Created May 7, 2019
Rietspoof/Megacortex 3AN Limited CN
View 3AN Limited CN
b17ff8c0d83d07fca854d669d1389e8e24718ca54ed1543fdb09e9b9b39456ef
f5d739b5b15530be8acafc0f4f358ec48efbe3b1a5d7debbf94bed17b2a3b940
f5d39e20d406c846041343fe8fbd30069fd50886d7d3d0cce07c44008925d434
b4a65070354d2a89e84b5ddae81a954a868a714a248a48b72c832c759d85558a
acf46be54c303002d74df6c975083c706b3e1cb8a92e75516579cd0fe65ce918
9097f3cbedc79d1c1b91a0c3e776c19d07cb233d79e4af6f325e8d5d537348c2
5f6b90894eb7cc979c97cef0a33ed2308ef789bd0c4475fc572daa104c5a7993
523fcda29655bec72d941311e70e7e810cc5a040d527fb5739120e36fee2e5df
25d7718dc30eccd1a9a2bc037a49b98c503f8064a55a009b1818ba448bcad27b
11f7bb37dd425150e6b095a8d1f3a347ee83e604302a4d9bb201900e74a81d73
View lockergoga.csv
We can make this file beautiful and searchable if this error is corrected: Unclosed quoted field in line 3.
first_submitted (epoch),first_submitted,sha256,file_magic,size,num_detections,RESULTS,signers,full_sig,country
1546950000,2019-01-08 12:20:00,c7a69dcfb6a3fe433a52a71d85a7e90df25b1db1bc843a541eb08ea2fd1052a4,PE32+ executable for MS Windows (DLL) (console) Mono/.Net assembly,2097664,27,"Win64/Filecoder.LockerGoga.A,W64/Filecoder_LockerGoga.A!tr.ransom,Trojan-Ransom.LockerGoga",,,NL
1547710000,2019-01-17 7:26:40,5b0b972713cd8611b04e4673676cdff70345ac7301b2c23173cdfeaff564225c,PE32 executable for MS Windows (GUI) Intel 80386 32-bit,1284112,40,"Trojan[Ransom]/Win32.LockerGoga.a,Ransom.LockerGoga.S5239812,a variant of Win32/Filecoder.LockerGoga.A","""MIKL LIMITED; COMODO RSA Code Signing CA; COMODO SECURE™""","[{""status"":""Trust for this certificate or one of the certificates in the certificate chain has been revoked."",""valid usage"":""Code Signing"",""name"":""MIKL LIMITED"",""algorithm"":""sha256RSA"",""valid from"":""12:00 AM 06/25/2018"",""valid to"":""11:59 PM 06/25/2019"",""serial number"":""3D 25 80 E8 9
@Blevene
Blevene / Hoplight IOCs (Extras)
Created Apr 10, 2019
Additional Hoplight IOCs
View Hoplight IOCs (Extras)
Sourced from VT search, YARA rule provided by US-CERT, modified for VTGrep
content:fjiejffndxklfsdkfjsaadiepwn AND (content:google.co OR content:naver.co)
Ref: https://www.bleepingcomputer.com/news/security/dhs-and-fbi-issue-advisory-on-north-korean-hoplight-malware/
a1eb5a0f15cbe7cdd5eb84839f7490aecf38979467f549a9f9b0591e75d7fab6
b0284e9c4cba2bfd019436d4cbe8f1238fd3f6ed4cb79576057be8c4b74d95e0
741c0e5234c85c488f165d5248707436210f15a5c9a43003fec741da1ad05f98
797a23e0900113b23d468d0050cd0c05f15d3afb34eec4d0e27a6f06398dd849
5712e44c3083e394310042afaef6eb40fbe0c56e551433a6370b1f4b9ef0c0e9
889b744a81ccf1209d724798aa1ef1aa2212ba82007c942a6a8746b7b0c3d616
@Blevene
Blevene / SHA256 Hashes
Created Feb 11, 2019
Feb9-11th, 2019: Emotet PDFs
View SHA256 Hashes
5ae51f890d8c99d4332dfed5e823bafc51f746dbe78de5663c724c97b29ab90f
c44653c5317b897ab9192fbaba95f6844221b3598a785733d98f76f67b19edb9
9690b0623ef3a29ed5ac20318afa2bed1d4da4da26350fd2265c5baa7173f9ac
fea7356239b18ee60184f844d563f2c35b6f5e5461baadd62e1c8a46e643c22d
e423f68c36c629b1160069303a87a926182ae6e1d60cd4d88cfb42198870a1ef
f5ed20002cccd20a5096fea1ce46febb6eaa677048c4b3a82ba5ae16319de4c1
c68b49f15b750abff169e855507dc0c5afc0dfa03a8f3136cbe7fd983258565a
1944deb7d7030d9984c7695607ccb842c239ac0438da4390167f8cb8b43d25c6
56e69d7ff0fa3212bb613654c862d1fe6087c6f6a4d107dc42b480082194bd12
9864893e31021debe9df71f6995e562ca46b3a32412ea6d0661f402110d99855
@Blevene
Blevene / Formbook hashes
Created Nov 20, 2018
Formbook, November19-20 2018
View Formbook hashes
a34fcd5496fab5dce127701c2edbeca41a2fdd9407ae1ecb2aaabbe7dcd51e5d
c0bd8ea4a5eb03c1c011694dc281e99f26fb4e6eb9dd1c5f51c174df5aad8b9a
d0ec1dccf63cc373b5799fd5a36be786aa1ad15b96b4688960a928a7d47cddc5
f5d3771c764945a091df5d49d8526acf4bc0b6deb8529c8e9263b1478f92a385
4c9ccbd475b0e44bb280052407f6724c33bfc8a837eabb9cc7821aa8b2bf30e3
d054a1207332dddc61fdec378763bc6db93c7337e76ab6847fc99b0f2193c7db
3776594e0978a844b5f0153ab9a348630f5cb85c1b2e9dc3006e7b639882554b
ad525b5f0e55e0275a092a3fc890066f5ebc1d03c4aae64af9ae326697fecec8
6dc3aa44055834b68b8d111f8fb1d46d8384c629eea18df6622b9ae0870f2d21
58b7e97f8dd79ad3d9ceb412e2e409130f493b6cca1ba1dd40000cb143542b48
@Blevene
Blevene / Emotet Indicators
Created Nov 16, 2018
Emotet Indicators: November 16th, 2018
View Emotet Indicators
0062692aa2341873911a34738d654dc2ef985620a3dc3b5b7a0733d531fe2038
01da5a902c26bf9aaf5b73f1b12d9ace6721f49e011c1746da4a856e2ee20315
079bcf1087e9dd2e1d63d15a784ee36aab95bf09c0f57c1ccdf69ef2348ea77b
0a07cfc820b9ff728dabb39d8295ce0efbb5390f86d1cd525879b64b56231aac
0a3f0bb71442c58ff7d83f42d4c17eaa6467048f9c551ae535ab7fdde93650c8
0bd37ceff94394828645a0cb4d43e363b1e12c516164d42187c2c1641bfa268d
0c2299de95c6449104d90410646ab19ab540d42ec19a74e28642dfac4be9782b
12eeb4d6ed06fdaa609b2bedb2c8433c5c1426cf8fec63aa0d9b62d53857656a
12f9a8c99798490cf35deaf4a33c1396fa295baa43703c09899a8c30c3e5a9d4
136ad986a085a7ac59c2bdea852972f44849d1f92264e88b3a59ba31df143771
View November 13th 2018
f887e50af1c99ba73f280e28c7b0581b392782dba0bf2effc72d1719d039152b,
http://www.xianjiaopi.com/41964H/PAY/US/,
http://agrarszakkepzes.hu/Q1iM9mt5a/,
http://agrarszakkepzes.hu/Q1iM9mt5a,
https://www.linktub.com/blog/wp-content/004444BN/com/Business/,
http://www.linktub.com/blog/wp-content/004444BN/com/Business,
http://bandarbola.net/4KMA/PAYMENT/Personal,
d8829e9c2929163f31b001419bb2f9bf88ebf9f92bc1783229ba42b8e1ba8029,
543beab4afdffb67c0b1cdc05a357404c7a9830b50f3e0125c0d57f2fcb8c19e,
7a142698e26899993b4d4b78276c26cde44d3a8fc724bd392e6eb7a5161e0b12,
@Blevene
Blevene / Emotet IOCs
Created Nov 9, 2018
Emotet Campaigns: November 9th, 2018
View Emotet IOCs
Emotet Campaign 1: https://www.virustotal.com/graph/g9c1d51be17da4d3d856dadb8ce07046e45da445e9dfa4304bc49880d90df381e
12b379ac95454c365edf299e087e861fbe8df739dcdb3d82b30dae3c4a201583
18d8a6f6bd307d67250eaccc4cc7b82f660a1923f6163c58666b969a5be18cd3
39942a00f9a77d75652b1c3911efdad8d8ff9f7c4f2b645418c54c5bb5074e32
6bd4b3f2072f67bb90832835c91a977dead10682a2a5f76b17993c73782179c0
6e7475b559f466986e6b33ff0c54896e3d85b3e6f7c04b75ca719433672eb1a4
7f52604743302a60f667bbcaddc4dc372a602862f41bf7a741f3676ebb3cbc6b
9c1468cf0ec8794f7a75fb8537e1a42e24436bcf63298792eb62ff55ee517f38
9f874949de45411ab799b437564babfb14560b13383b8feb6dfad4944cf0a79d
@Blevene
Blevene / Emotet indicators
Created Nov 7, 2018
Emotet Indicators, November 7th, 2018
View Emotet indicators
01b52a15ba574e0ff16992965e3ebded49184b773465c2e48c41a6eaaec5fb70
0e825a9d115094b55e7ba9ce61735a6f5a7f6d94bd96de1440d63c01f5f93328
15663cca3c0e6837bf152f9cf9e995044721912fc7be0af486d14ba5a9d30776
1669658aa33d503a33501b21e315eca3be32ddcca70cb2077cc26275a3af05cb
21a52f2daad62f5cae0bb5307cc1d52cc0ada69ab05c0bafb0b543a74d012976
2aba409bab2990d7e48372698f361ce745b77b1b69924f14e3d713cfedf5c497
3dfd5b39ebf59837ff31dca9dded2a4770179d701589a125c61c84cafc307a56
4d5be1e5dace81b566024381e087f309413a2ffbe53982e1378a28b6a56be02b
51b324525eef0c5183f3841b14d6bae0ae368687ce9599b660dc09d690126fc3
56611c695a5fd11ebe3d42accc6b7ba109d70204898f37749ad1f803d5fa7106
You can’t perform that action at this time.