Name	Name	Last commit message	Last commit date
parent directory ..
README.adoc	README.adoc

Name

Last commit message

Last commit date

Cavalry Werewolf hacker group attacks Russian state institutions — Indicators of compromise

Samples

All hashes are SHA1

BackDoor.ShellNET.1

ec7269f3e208d72085a99109a9d31e06b4a52152

BackDoor.ShellNET.2

1957fb36537df5d1a29fb7383bc7cde00cd88c77

BackDoor.Tunnel.41

c3929c555f4b61458030b70bc889baca8d777abc

BackDoor.RShell.169

633885f16ef1e848a2e057169ab45d363f3f8c57

BackDoor.ReverseShell.10

dd98dcf6807a7281e102307d61c71b7954b93032
f546861adc7c8ca88e3b302d274e6fffb63de9b0

BackDoor.ReverseProxy.1

6ec8a10a71518563e012f4d24499b12586128c55

BAT.DownLoader.1138

d2106c8dfd0c681c27483a21cc72d746b2e5c18c

Trojan.FileSpyNET.5

f40ef5cd25c3f9d552be6a43218be91d07650660

Trojan.Packed2.49708

5684972ded765b0b08b290c85c8fac8ed3fea273
29ee3910d05e248cfb3ff62bd2e85e9c76db44a5
ce4912e5cd46fae58916c9ed49459c9232955302
653ffc8c3ec85c6210a416b92d828a28b2353c17
b52e1c9484ab694720dc62d501deca2aa922a078

Trojan.Siggen31.54011

baab225a50502a156222fcc234a87c09bc2b1647
93000d43d5c54b07b52efbdad3012e232bdb49cc

BackDoor.Siggen2.5463

c96beb026dc871256e86eca01e1f5ba2247a0df6

Trojan.Inject5.57968

e840c521ec436915da71eb9b0cfd56990f4e53e5
22641dea0dbe58e71f93615c208610f79d661228

Trojan.Packed2.49862

8279ad4a8ad20bf7bbca0fc54428d6cdc136b776
a2326011368d994e99509388cb3dc132d7c2053f
451cfa10538bc572d9fd3d09758eb945ac1b9437
a5e7e75ee5c0fb82e4dc2f7617c1fe3240f21db2
bbe3a5ef79e996d9411c8320b879c5e31369921e
e8ab26b3141fbb410522b2cbabdc7e00a9a55251
dcd374105a5542ef5100f6034c805878153b1205
e51a65f50b8bb3abf1b7f2f9217a24acfb3de618
d2a7bcbf908507af3d7d3b0ae9dbaadd141810a4
c89c1ed4b6dda8a00af54a0ab6dca0630eb45d81
b05c5fe8b206fb0d168f3a1fc91b0ed548eb46f5
b4d0d2bbcfc5a52ed8b05c756cfbfa96838af231

Trojan.Clipper.808

96bf2f07c785f6889799458f0609293ccb005634
939ca87baee86097ec901bd7c121f7c1b1976f24
360b759555286a48db9fce259853f2d62de02897

Network indicators

Domains

sss[.]qwadx[.]com

IPs

188[.]127.251[.]146
193[.]149.129[.]113
195[.]2.79[.]245
172[.]86.75[.]237
185[.]231.155[.]111
185[.]231.154[.]84
188[.]127.227[.]226
188[.]127.231[.]136
77[.]232.42[.]107
78[.]128.112[.]209
96[.]9.125[.]168
109[.]172.85[.]63
94[.]198.52[.]210
109[.]172.85[.]95
89[.]110.98[.]234
62[.]113.114[.]209
89[.]22.161[.]133
188[.]127.225[.]191
94[.]198.52[.]200
91[.]219.148[.]93
185[.]244.180[.]169
185[.]173.37[.]67
168[.]100.10[.]73
45[.]9.120[.]11
195[.]133.1[.]120
192[.]165.32[.]78
185[.]130.251[.]139
194[.]180.11[.]75

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.adoc

Cavalry Werewolf hacker group attacks Russian state institutions — Indicators of compromise

Samples

BackDoor.ShellNET.1

BackDoor.ShellNET.2

BackDoor.Tunnel.41

BackDoor.RShell.169

BackDoor.ReverseShell.10

BackDoor.ReverseProxy.1

BAT.DownLoader.1138

Trojan.FileSpyNET.5

Trojan.Packed2.49708

Trojan.Siggen31.54011

BackDoor.Siggen2.5463

Trojan.Inject5.57968

Trojan.Packed2.49862

Trojan.Clipper.808

Network indicators

Domains

IPs

FilesExpand file tree

Cavalry Werewolf

Directory actions

More options

Directory actions

More options

Latest commit

History

Cavalry Werewolf

Folders and files

parent directory

README.adoc

Cavalry Werewolf hacker group attacks Russian state institutions — Indicators of compromise

Samples

BackDoor.ShellNET.1

BackDoor.ShellNET.2

BackDoor.Tunnel.41

BackDoor.RShell.169

BackDoor.ReverseShell.10

BackDoor.ReverseProxy.1

BAT.DownLoader.1138

Trojan.FileSpyNET.5

Trojan.Packed2.49708

Trojan.Siggen31.54011

BackDoor.Siggen2.5463

Trojan.Inject5.57968

Trojan.Packed2.49862

Trojan.Clipper.808

Network indicators

Domains

IPs