From 8a8920ae040827b08751c400c8b4a80da5f8700d Mon Sep 17 00:00:00 2001 From: ItsIgnacioPortal <5990@protonmail.com> Date: Sat, 22 Feb 2025 04:27:30 -0300 Subject: [PATCH] chore(wordlist): Removed obsolete IOCs wordlists IOCs become obsolete extremely quickly, and these wordlists are 11 years old as of writing this. Related to #54 --- IOCs/README.md | 1 - IOCs/kaspersky-careto-C2.txt | 17 -------- IOCs/kaspersky-careto-domains.txt | 26 ----------- IOCs/kaspersky-careto-files-no-env-vars.txt | 48 --------------------- IOCs/kaspersky-careto-files.txt | 48 --------------------- IOCs/kaspersky-careto-registry.txt | 1 - 6 files changed, 141 deletions(-) delete mode 100644 IOCs/README.md delete mode 100644 IOCs/kaspersky-careto-C2.txt delete mode 100644 IOCs/kaspersky-careto-domains.txt delete mode 100644 IOCs/kaspersky-careto-files-no-env-vars.txt delete mode 100644 IOCs/kaspersky-careto-files.txt delete mode 100644 IOCs/kaspersky-careto-registry.txt diff --git a/IOCs/README.md b/IOCs/README.md deleted file mode 100644 index 01a7cc29..00000000 --- a/IOCs/README.md +++ /dev/null @@ -1 +0,0 @@ -Lists of indicators of compromise diff --git a/IOCs/kaspersky-careto-C2.txt b/IOCs/kaspersky-careto-C2.txt deleted file mode 100644 index 74ad8c56..00000000 --- a/IOCs/kaspersky-careto-C2.txt +++ /dev/null @@ -1,17 +0,0 @@ -190.10.9.209 -190.105.232.46 -196.40.84.94 -200.122.160.25 -202.150.211.102 -202.150.214.50 -202.75.56.123 -202.75.56.231 -202.75.58.153 -210.48.153.236 -223.25.232.161 -37.235.63.127 -75.126.146.114 -81.0.233.15 -82.208.40.11 -62.149.227.3 -75.126.146.114 diff --git a/IOCs/kaspersky-careto-domains.txt b/IOCs/kaspersky-careto-domains.txt deleted file mode 100644 index aee5a862..00000000 --- a/IOCs/kaspersky-careto-domains.txt +++ /dev/null @@ -1,26 +0,0 @@ -nthost.shacknet.nu -tunga.homedns.org -prosoccer1.dyndns.info -prosoccer2.dyndns.info -nav1002.ath.cx -pininfarina.dynalias.com -wqq.dyndns.org -pl400.dyndns.org -services.serveftp.org -sv.serveftp.org -cherry1962.dyndns.org -carrus.gotdns.com -ricush.ath.cx -takami.podzone.net -dfup.selfip.org -wwnav.selfip.net -fast8.homeftp.org -ctronlinenews.dyndns.tv -mango66.dyndns.org -gx5639.dyndns.tv -services.serveftp.org -*.redirserver.net -*.swupdt.com -*.msupdt.com -*.appleupdt.com -*.linkconf.net diff --git a/IOCs/kaspersky-careto-files-no-env-vars.txt b/IOCs/kaspersky-careto-files-no-env-vars.txt deleted file mode 100644 index 17200985..00000000 --- a/IOCs/kaspersky-careto-files-no-env-vars.txt +++ /dev/null @@ -1,48 +0,0 @@ -windows\objframe.dll -windows\shlink32.dll -windows\shlink64.dll -cdllait32.dll -cdllait64.dll -cdlluninstallws32.dll -cdlluninstallws64.dll -cdlluninstallsgh32.dll -cdlluninstallsgh64.dll -windows\c_50225.nls -windows\c_50227.nls -windows\c_50229.nls -windows\c_51932.nls -windows\c_51936.nls -windows\c_51949.nls -windows\c_51950.nls -windows\c_57002.nls -windows\c_57006.nls -windows\c_57008.nls -windows\c_57010.nls -windows\cdgext32.dll -windows\cfgbkmgrs.dll -windows\cfgmgr64.dll -windows\comsvrpcs.dll -windows\d3dx8_20.dll -windows\dllcomm.dll -windows\drivers\wmimgr.sys -windows\drvinfo.bin -windows\FCache.bin -windows\FFExtendedCommand.dll -windows\gpktcsp32.dll -windows\HPQueue.bin -windows\LPQueue.bin -windows\mdwmnsp.dll -windows\rpcdist.dll -windows\scsvrft.dll -windows\sdptbw.dll -windows\slbkbw.dll -windows\skypeie6plugin.dll -windows\wmspdmgr.dll -%temp%\~DF01AC74D8BE15EE01.tmp -%temp%\~DF23BF45A473C42B56.tmp -%temp%\~DFA0528CD81300F372.tmp -%temp%\~DF8471938479DA49221.tmp -%appdata%\microsoft\c_27803.nls -%appdata%\microsoft\objframe.dll -%appdata%\microsoft\shmgr.dll -%systemdrive%\boot.ini diff --git a/IOCs/kaspersky-careto-files.txt b/IOCs/kaspersky-careto-files.txt deleted file mode 100644 index f779bb85..00000000 --- a/IOCs/kaspersky-careto-files.txt +++ /dev/null @@ -1,48 +0,0 @@ -%system%\objframe.dll -%system%\shlink32.dll -%system%\shlink64.dll -cdllait32.dll -cdllait64.dll -cdlluninstallws32.dll -cdlluninstallws64.dll -cdlluninstallsgh32.dll -cdlluninstallsgh64.dll -%system%\c_50225.nls -%system%\c_50227.nls -%system%\c_50229.nls -%system%\c_51932.nls -%system%\c_51936.nls -%system%\c_51949.nls -%system%\c_51950.nls -%system%\c_57002.nls -%system%\c_57006.nls -%system%\c_57008.nls -%system%\c_57010.nls -%system%\cdgext32.dll -%system%\cfgbkmgrs.dll -%system%\cfgmgr64.dll -%system%\comsvrpcs.dll -%system%\d3dx8_20.dll -%system%\dllcomm.dll -%system%\drivers\wmimgr.sys -%system%\drvinfo.bin -%system%\FCache.bin -%system%\FFExtendedCommand.dll -%system%\gpktcsp32.dll -%system%\HPQueue.bin -%system%\LPQueue.bin -%system%\mdwmnsp.dll -%system%\rpcdist.dll -%system%\scsvrft.dll -%system%\sdptbw.dll -%system%\slbkbw.dll -%system%\skypeie6plugin.dll -%system%\wmspdmgr.dll -%temp%\~DF01AC74D8BE15EE01.tmp -%temp%\~DF23BF45A473C42B56.tmp -%temp%\~DFA0528CD81300F372.tmp -%temp%\~DF8471938479DA49221.tmp -%appdata%\microsoft\c_27803.nls -%appdata%\microsoft\objframe.dll -%appdata%\microsoft\shmgr.dll -%systemdrive%\boot.ini diff --git a/IOCs/kaspersky-careto-registry.txt b/IOCs/kaspersky-careto-registry.txt deleted file mode 100644 index c03e88fd..00000000 --- a/IOCs/kaspersky-careto-registry.txt +++ /dev/null @@ -1 +0,0 @@ -[HKLM\Software\Classes\CLSID\{E6BB64BE-0618-4353-9193-0AFE606D6F0C}\InprocServer32]