Skip to content

Instantly share code, notes, and snippets.

Blevene Blevene

  • PANW
Block or report user

Report or block Blevene

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@Blevene
Blevene / DLLs that call DudeAR
Created Oct 11, 2019
Corsin Gave Us Weird Stuff
View DLLs that call DudeAR
658e7067c6ce8369f03fd2f1b206c7e940526e587c1e0769648b919bf6d85cd6
c39f3423794da57b7748d1785512f79cd7034989af85e4bcdc49007614942471
13cb40ce5591364fb0cad94ec55fcd17856ce6f8bbf88a45dfb04734c700af84
d44fcb39d39ee22c00d1ee6deedf01a555101b3387672c264c29f3c4f0efddd2
09e9fe9fdf0b81fbb167cca756cb58eb4a434b723f20365269ec2a0d56d2d2a7
d594bd343f8000c648cfebda782009be49e55e61448fa0a1f4249d35b1921d81
61efbbf690113e9de5da96a5c416b8124dfa76bd665ceb622bed3edafbe9589c
ed1da8d5b12c0d152f77a0d3442b6da2f87e59b70abe413490c2313491c4d4aa
c5106c91a0d9e35dfb456f707a63293ceabbdf3814ad24743e37599ff13a68f4
bc80c1ae8e79c5f3b01a97cd3ea4699c96538380a9f42f24e98a8e166d2a3b8e
@Blevene
Blevene / Raw Data 2013-2018
Last active Sep 5, 2019
Crimeware in the Modern Era Appendix
View Raw Data 2013-2018
distinct_samples month keyword
133308 201812 steal
992409 201812 ransom
155525 201812 bank
641780 201812 mine
709085 201811 mine
898598 201811 ransom
257001 201811 bank
168621 201811 steal
1093310 201810 mine
@Blevene
Blevene / Additional Hashes
Created Aug 27, 2019
Related to: a3f474cdb601cc14420cd023d0ca8844c178b7e5f52382b312f0d52f94a3ae77
View Additional Hashes
a3f474cdb601cc14420cd023d0ca8844c178b7e5f52382b312f0d52f94a3ae77
ce56e6667808c87d2e5c99e98d0882a542fe21a283b1ffab834b8413a4a720c2
bb7d16e967ff1d09538d908569aa210ac690e6d803525b07b99519c66981428e
7c591a45d281ff66506100d06c1a1cacfc7acf398a7a7bec34c2322602896d09
948bebafaf36d0bfa6f0c3f466bc45380eb9253a151e9a1df69d6c33c6444299
1119e5c92057e00ef03b50ddca00fa86209d22786df8a7679f1aca7567646f68
@Blevene
Blevene / ElectricFish
Created Aug 14, 2019
CyberCom 8/14/19
View ElectricFish
Original File: 7cf5d86cc75cd8f0e22e35213a9c051b740bd4667d9879a446f06277782bffd1
Related (Yara Rule Results):
9049c508327ed3ab72df33328145eb226e53805d90dd74c353067f5b167747f3
22d244fe63f27279db4b082afe296cd931cf377e3b9501fc8ffc372cb31f076a
515fdca93acf6a8d23b4fe67d51d4cab5cda6ddbc3d508dd63b61c432d169ca7
a1260fd3e9221d1bc5b9ece6e7a5a98669c79e124453f2ac58625085759ed3bb
7efe8a7ad9c6a6146bddd5aef9ceba477ca6973203a41f4b7f823095a90cb10f
5d25465ec4d51c6b61947990fb148d0b1ee8a344069d5ac956ef4ea6a61af879
@Blevene
Blevene / Hashes.csv
Last active Aug 13, 2019
VirusTotal previous 365 Days [May 7th, 2019] of Malware Signed with Certs
View Hashes.csv
We can't make this file beautiful and searchable because it's too large.
samples day signers Signer 1 Signer 2 Signer 3 Extra Stuff
a83f2d4073b7ecaf4f277db62ec44f8b10a9f16a297ebb4db9826a7a08eb06d2 2019-02-20 南昌博众彩软件有限公司; WoTrus Code Signing CA; Certum Trusted Network CA 南昌博众彩软件有限公司 WoTrus Code Signing CA Certum Trusted Network CA
7639f505eb9b8ab4e585a2dd5e9f300e936ba73e5b5db4c51bcb0ba52e751581 2018-08-20 A&W Global Ltd; thawte SHA256 Code Signing CA; thawte A&W Global Ltd thawte SHA256 Code Signing CA thawte
bf920c41e76de53a7660c12b7d14d2f1ad60539b142654893e7cc420b2bdbc2b 2018-12-19 深圳市掌星立意科技有限公司; VeriSign Class 3 Code Signing 2010 CA; VeriSign 深圳市掌星立意科技有限公司 VeriSign Class 3 Code Signing 2010 CA VeriSign
d3aaad15925caae5262366e3a5bf4edec0246877c340e2ba75e5dc96f8410c4a 2018-10-05 LEMONADE EVENTS LIMITED; COMODO RSA Code Signing CA; COMODO SECURE™ LEMONADE EVENTS LIMITED COMODO RSA Code Signing CA COMODO SECURE™
54fb9e302b497f99c6e7ac891e31faaeaf62245e8c0f65ca7a81c7916225d511 2018-10-25 AmeriTechnology Group, Inc.; Go Daddy Secure Certificate Authority - G2; Go Daddy Roo
View Malicious LNK Hashes
18ca83b6f3a3de26084ea49c80f4bef08b43b29bfb7121056e71c665bc6eed1e
2136e521991979fb22ac465a6d317ce5256094c163d841b05e27c177150984e6
a3993d7966d169fbde28ad8ef29e940e0847fa883bd19a664552a1c0b80f7f46
49775c194307dd767055480293d7fdb858cf082bc2c64d7e28b03a4806dc4685
1b95c5ead9cce9e0dc4a0f0b1c0c4e21bfa7a70d1d343934208edd072cb5f3cf
19161067f9b7980298b36c2dbf9914e83a0616459c8599de9934ea21e3fdf739
9b32f98102bc88547f21d452c389b0d122bf368857e917fcb3acac4ed443e904
f9ee04bee778d572e6df3e0679bd76074fa8ada5867530700b8d50ee5595854e
c608b60283423df3ac8dd0fcea8499ab4aaa969531a04988f90c1f2b1801087a
7a83c557ab36d09a84e7472873a1fc7bfbafd1f43b4d4827b979903ab152478d
@Blevene
Blevene / QuickNotes
Created Jul 2, 2019
Cyber July 2nd 2019 Quick Notes
View QuickNotes
CyberCom
https://twitter.com/CNMF_VirusAlert/status/1146130046127681536
https://twitter.com/CNMF_VirusAlert/status/1146130046127681536
https://customermgmt.net/page/macrocosm - 37.220.6.115 (AS 20860 (Iomart Cloud Services Limited))
b09bce085a2bbc1c0498baf3f75b48f8c86db132ebfc64d72b300f47b7435e89 - Powermet , 2017-01-14 03:35Z
@Blevene
Blevene / IOCs
Last active May 27, 2019
Winnit: More than Just Windows and Gates, IOCs
View IOCs
#Source Blog Post
https://medium.com/chronicle-blog/winnti-more-than-just-windows-and-gates-e4f03436031a
---
#Yara Rules
---
rule WinntiLinux_Dropper : azazel_fork
{
meta:
desc = "Detection of Linux variant of Winnti"
View Rietspoof
f5d739b5b15530be8acafc0f4f358ec48efbe3b1a5d7debbf94bed17b2a3b940
acf46be54c303002d74df6c975083c706b3e1cb8a92e75516579cd0fe65ce918
9097f3cbedc79d1c1b91a0c3e776c19d07cb233d79e4af6f325e8d5d537348c2
426a4cd4fc593ad0b9b8050a3e4e89299db5aa32f72647f41905e43ab74abea3
5f6b90894eb7cc979c97cef0a33ed2308ef789bd0c4475fc572daa104c5a7993
523fcda29655bec72d941311e70e7e810cc5a040d527fb5739120e36fee2e5df
25d7718dc30eccd1a9a2bc037a49b98c503f8064a55a009b1818ba448bcad27b
1cdc2057c31742b43538d29d749b6a4a1f62be12beeb3a384c77ce17826ef9b9
5c06e75410dd1dbae2fadf7ffe09e7ef2d3dab3c24760141ff3ca20f2f80c140
30a44e3a5ea574049809eb57638b0fd7f11aab150ac791d202d930b7d3e7bd09
@Blevene
Blevene / 3AN Limited CN
Created May 7, 2019
Rietspoof/Megacortex 3AN Limited CN
View 3AN Limited CN
b17ff8c0d83d07fca854d669d1389e8e24718ca54ed1543fdb09e9b9b39456ef
f5d739b5b15530be8acafc0f4f358ec48efbe3b1a5d7debbf94bed17b2a3b940
f5d39e20d406c846041343fe8fbd30069fd50886d7d3d0cce07c44008925d434
b4a65070354d2a89e84b5ddae81a954a868a714a248a48b72c832c759d85558a
acf46be54c303002d74df6c975083c706b3e1cb8a92e75516579cd0fe65ce918
9097f3cbedc79d1c1b91a0c3e776c19d07cb233d79e4af6f325e8d5d537348c2
5f6b90894eb7cc979c97cef0a33ed2308ef789bd0c4475fc572daa104c5a7993
523fcda29655bec72d941311e70e7e810cc5a040d527fb5739120e36fee2e5df
25d7718dc30eccd1a9a2bc037a49b98c503f8064a55a009b1818ba448bcad27b
11f7bb37dd425150e6b095a8d1f3a347ee83e604302a4d9bb201900e74a81d73
You can’t perform that action at this time.