Forensic Blogs

An aggregator for digital forensics blogs

by

2019-nCoV CORONAVIRUS CASE DATABASE

[OFF TOPIC]
This post is a very much unrelated to information security and malware.

However, it is still very much "Contagio" as it is a project for keeping stats for the coronavirus 2019-nCoV infections.

While there are a number of resources that post current daily stats, it is harder to find daily historical numbers going to the first known infection case that was recorded on December 1, 2019.

Feel free to export, download and use it for any purposes. If you decide to use it and want to let me know or have corrections, you can leave a comment or email (email address is in the profile).

LInk 1  2019-nCoV Coronavirus database 

Link 2  2019-nCoV Coronavirus database 

It works fine on mobile devices but the layout renders much better on a larger screen.

by

APT Calypso RAT, Flying Dutchman Samples


Reference

2019-10-31 Calypso APT: new group attacking state institutions



 Attackers exploit Windows SMB vulnerability CVE-2017-0143 or use stolen credentials to gain access, deploy the custom Calypso RAT and use it to upload other tools such as Mimikatz, EternalBlue and EternalRomance. They move laterally and steal data.



Download
             Other malware
Download. Email me if you need the password (see in my profile)


Hashes



MD5SHA256SHA1FilenameFile TyeeStageaa1cf5791a60d56f7ae6da9bb1e7f01ed5afa3bfd423ba060207ad025467feaa56ac53d13616ac8782a7f63c9fc0fdb4bdd8b9115d1ae536d0ea1e62052485e5ad10761fMPSSVC.dllpe dllCalypso RAT Payload1e765fed294a7ad082169819c95d2c85f6a09372156a8aef96576627a1ed9e57f194b008bb77e32ca29ac89505f933f060dda7ccd9ae00701046923b619a1b9c33c8e2acWscntfy.exepe exeCalypso RAT Dropper17e05041730dcd0732e5b296db16d757b6c21c26aef75ad709f6c9cfa84bfa15b7ee709588382ce4bc3544a04bceb661f3301405d8ad5b160747241d6b2a8d88bf6292e8pe exeCalypso RAT Dropper1ed72c14c4aab3b66e830e16ef90b37beebff21def49af4e85c26523af2ad659125a07a09db50ac06bd3746483c89f9ddc0d0a34f107d140d9e47582e17a7fec945403eacoal.exepe exeCalypso RAT Droppere24a62d9826869bc4817366800a8805cc407c3dde18c9b56ed24492ca257d77a570616074356b8c7854a080823f7ee1753791c9e7c41931a6becb999fee4eb7daf9b1a11data01.binpe dllCalypso RAT Dropperc9c39045fa14e94618dd631044053824ab39301d45045172ad41c9a89210fdc6f0d3f9dccb567fd733b0dbffbfcfbcc31cda28bc307c09508dbb1f3495a967bbcc29326epe exeCalypso RAT Dropper69322703b8ef9d490a20033684c28493e6a3b43acdaa824f3280095b10798ea341839f7d43f0460df8989f13c98fa6e0f203680d97705d99f92fe9797691be6177f5fd41RasCon.dllpe dllCalypso RAT Dropper85ce60b365edf4beebbdd85cc971e84d5dfdee5dd680948d19ab4d16df534cf10aca5fa0b157c59659d6517fe897c62fd9c14f7b6de8e26ae33e41a72ae8e35bb1af4434pe exeCalypso RAT Dropper6347e42f49a86aff2dea7c8bf455a52a281583aca23f8fd8745dd88a600cbfc578d819859a13957ec022b86c3c1c99f48b2a81af85590e0e36efc1c05aa4f0600ea21545HIDMgr.dllpe dllCalypso RAT Droppercb914fc73c67b325f948dd1bf97f57330031c7b63c1e1cd36d55f585d97e2b21a13a19858d5a1aa5455e5cc64b41e6e937ce4d0a3168e3b2f80b3fae38082e68a454aee0pe exeCalypso RAT Dropperc84df4b2cd0d3e7729210f15112da7ac4e8351ddaff18f7df6fcc27a3c75598e0c56d3b406818d45effb4e78616092c241a0c5a1aad36f405c8755613c732591e3300f97mscorsvw.dllpe dllCalypso RAT Dropper5199ef9d086c97732d97eddef56591ec511683c8ee62478c2b45be1f782ce678bbe03c4349a1778651414803010b3ee9d19a786adc09dff84642f2c2e0386193fa2a914bdnscache.dllpe dllFlyingDutchman06c1d7bf234ce99bb14639c194b3b318a9a82099aa812d0c4025bee2b34f3b34c1d102773e36f1d50648815913dbe03d464ab9e11d371bf24de46c98c295d4afe7e957c1fromResource.exepedllFlyingDutchman617d588eccd942f243ffa8cb13679d9c0664b09a86ec2df7dfe01a93e184a1fa23df66ea82cab39000944e418ec1f7b21b043fdcb582ed13cbf7dabcef6527762b5be93cpe dllHussar2807236c2d905a0675878e530ed8b1f8314e438198f8cc2ee393c75f8e9f2ebd2b5133fd6f2b7deb1178f82782fc63302f6fe857632a67e87f4f3631bfa93713ccdf168aAeLookupMgr.dllpe dllCalypso RAT Payloadcce8c8ee42feaed68e9623185c3f7fe438cc404437b936660066b71cc87a28af1995248d6d4c471706eb1dd347129b4b9d2235c911b86bb6ad55d953a2f56ea78c5478e5AppCert.dll.crtCalypso RAT Payloade1a578a069b1910a25c95e2d9450c710413622ded5d344a5a78de4fea22cfdabdeb4cdccf69e9a1f58f668096c32473836087a5b0809dc3f9dc5a77355a88e99af491a88RasCfgMan.dll.crtCalypso RAT Payload0d532484193b8b098d7eb14319cefcd3f8043d6bfc3e63d8561f7f74e65cb7ff1731577ecf6c7559795d9de21298f0fc31f4c6dc6ce78b4e0439b30c830dfd5d9a3fc4feRasCfgMan.dllpe dllCalypso RAT Payload974298eb7e2adfa019cae4d1a927ab070461710e681fd6dc9f1c83b57f94a88cd6df9e6432174cbfdd70dfd24577a0f841bc37679ce3caeecc176d10b4f8259918e25807VirtualUMP.dll.crtCalypso RAT Payload05f472a9d926f4c8a0a372e1a71939988017923cd8169bf951106f053408b425f1eb310a9421685638ead55bb3823db38d909bd3450ebe0cffd0cb17b91bc28d23ef5083EFSProvider.dll.crtCalypso RAT Payloadd1a1166bec950c75b65fdc7361dcdc63f3f38c097b0cc5337b7d2dbec098bf6d0a3bb4a3e0336e7b1c8af75268a0a49d5731350f68a74fb4762c4ea878ecff635588a825RasCon.dllpe dll 64bits assemblyCalypso RAT Payloade3e61f30f8a39cd7aa25149d0f8af5efc4dc7519bccc24c53794bf9178e4a4d0823875c34479d01cedbb3e9b10f5c7301b75ea494c3ac171c5177bdcc263b89a3f24f207MPSSVC.dllpe dllCalypso RAT Payload

by

Masad Clipper and Stealer – Windows spyware exfiltrating data via Telegram (samples)


Reference

2019-09-25 Juniper. Masad Stealer: Exfiltrating using Telegram 


“Masad Clipper and Stealer” steals browser information, computer files,  and automatically replaces cryptocurrency wallets from the clipboard with its own.It is written using Autoit scripts and then compiled into a Windows executable.
It uses Telegram to exfiltrate stolen information.





Download
             Other malware
Download. Email me if you need the password (see in my profile)




Hashes
SHA256SHA1MD51acf5a461ee16336eb8bbf8d29982c7e26d5e11827c58ca01adac671a28b52ad6001b34c17c122d201613fffd846b056614b66dae03234c2259c474aeb69500423ddeed7290a1b89517dec10bfd9938a0e86ae8c53b0c78ed7c60dc99e4f8e5837f4f24a32800c10588053813f55bf8c87771311c5f7f38e2df4c1cf093c8373a8f2f194e77b69a27937a1068f130a90b44781eea3351ba8a2776d0fede9699ba8b32f3198de045ba2a67b06344e4f1cf85086f6b584316ec53d5e548368f1c4d8f0d908f5f4ff671df5f1da87e44bca3cc360c64cc7449ec1dc26b7d1708441d471bf3d36cd330db35762942fe5483e6b82220eeeef12e531eb3347fea16ac11082ce517dd23eee335bedfc6bcd8205cf97d52551a96dacb089ac41463d21cab2b004ba8c38ffc6cb5fb0958ddd34db5b79a15cb61f5260f0b9d807faa160e6d49590e4b5fdf9653eb1ffbdae8cb4f1f2d7174779aa23c5a25c7cdbaba9c6c655c918dac3d9823ac62ebed9d7d3e94e1eaafc074a279a6b82fe801d3c8be9d16df2ef5623b177040029ab0fd56cd7e493b46a331ef18bd303d703f6d341be258ac3d95961ff0a67d4bf792f9e896530e193b091dca29c2ea9740352af2c9cc926deba7dffc452f213f7f05fa462aac76def5b53351b3b1ddb41124ca368b6755e62e5c0ff79ea1e3bd146ee8a349af309b4acf0558a9c667e78293ae16167ab646381c277c2ca84319ceb57bacb2c92c4cdc7665adb1cda5897d4df4a560f88ba933cefbe9a8034f0ba34e7d18481a7db7451c8ef4b6172fb0cad6db0513a5100749407e97085af470c75ef004f2235d30af44fc26a3f2317507a09d91014469b0453843ba3c528d11d1df62a969a282e9e54534fb3845962672ad6d8bbc29cb6d062f5b8100890c0f1894544b3f99168377ec46c38e9114a0607b4488cd539b8b0b443abd121e3b763054180cd4e24c0a78b49055ad36dbc849f1a096cddf2db8cee0b9338c21d7bec99308ce4bf409417b642cd9432000a5c19d22dfb1d606e5539399aa1a536baafd2f8d5ce4b04b7eec6530a4a9d40510177468fadc235253e5a74530a8c9d990f3c5027fc204ffa42262b7570b6fccb435d4d38a3610fc5d8b73da810646407c333fe52186281965a5949d8f94e17ebcd4cb6d0a7c19f49facbfc1b1c74111e5ceb83550d6c8f7698584b2e7c62061447a6a2583ed6957180c205e7ebe4411664672359b393f530fc2fc144134b9d4b10d94f6381b446a1728b116d62e65c1a52db45235af12caf7e38c0fd114077927d501606575ba9ab38ecfb3407d432a4388980d7e3539d74a950dab23d00ac848d76a227f4fe282b7ddfd82a6dfc4c25da2735a684462b42fe4e1c413d8e34135cee7610890497183eb6251efef307ea013fe17bb23077b4f80df48b91b425eda058285ca0a957fe6c253827f344da4ba8692d77a4e21a1df4251594be2d27d87dd8aed231874332ca462fb462e4f68450d2c2c22d4bcddda77b3f3f74a2bdffd167917686e139016fa511f6546ed439d2606c6db8821685a99f5a14ef3f710668b58dc89c69265c83749c62ee0131710bf26931cb1e463a8fbda3b0c34df85677d8f752dc1e1a5eeba0c922be594fbfa878f631c0632f6c4d260b00918817ff66a1f9f15efe44c1a58460856d635fca52631305f1fefc58eafa74496524b660ebf41953d5c6e212fc306cdb0c6519f3571ec66288405dab43332ca03812617f85fb08832fbbe1f1d89901fe034b8a819485e20d841195e2e8a7ae5b41ff709887bb216984d37863c08b9fdd969297d35d353804c949eca23103b1de05278b49f42c3ab6b06f4bf20aafa5f2faefaa84c16ecd0487db2df1802dd4ee4ae3b62b5f08937dd5c77c4366ee61cbd7e636aea8540836a60036d6fc04acda8f33a6d35eb577c27754c2f2b4d6f4869576c7c4e11b2c5e9b017683ae89826114662dad8553d5eeed5217b57047f22bc964e294d7ab314c34e5934d91a5a918c0bd4dd98008383fc52045ad896449fa7f0037593bb730ed1ef88aa547006dbcaa05b60a9d625852ac4f2d0d805ab16498815535d9f08c39c4cf396427f3a345e5c09a4c9d5469e9095813418260045c2b11e499e4eaa0ffb25293f90f580c464157df4c6aacc0b893ed366f9f307326e59efa61e5153450dddaf7e5bb24aabf66eecd0c8b79cf0b5f1fbc05dc8baca492b748adeb01fb4904e02723b59211ecde222f7b12d91e87f898e0d41c0f2c22d4e9278a942326877fc368da780b72140535d4c2d391e76dc8181d31ad5c4547ceae4d0550c8460524c16a6105afc056760e872c4966656256c9dc37f485d3fa8f6cf13061cb1ea38ae0d5d2edfd95134aefcf640c24a1ab5344a96150fb05edb00a0e5ff70e899857549e3263c887a799416c8bbab43ab130ca1be9bbd78c42c30dc551a3cb3bc935c0eae79b79f17942e439c2722241f765d2ad4fb58edd76a4adea96f852b81760a425befaa11ea37c0cdea2622630bf2a0c94bb95042211ab614d5d9782064bc38d40c88f32c0410479cbd61caa40f332cfcda8c0ef579ede59eff23caa1e57fd171a5b1a88e9583b42439851a91a940eb31105ab29cb314846da2ed43b820bfec2059823b936d782bea7bc16abd9923dddb56fff82df7a565b4570d299486697310f277018b2cc6226dca6c7678cac6718c8584f7231340ad8cd7c03477559fdf48b261f916ce97ffc6817a4772705df68e6ccca8181009dc7d8766a85d85bb6a26ee69b66fee968affb1fc7756deb0e29807a06681d09a0425990be76b31816795875469e3dcf78484a999183324da9affdf2aaeff508d1dc473e1b8f6313447b8a4b49671ddeb8a4ee4b1ccf6b823ee82e400ba25b1f532cd369d7e536475a470e2011b77ffeaf7bb3bc988f7cd32d411f2a9888afc72c7a892e2a1def55128a3da6f70129acdbf9dbe955cfe7fc84d6636a34ad1a11dbaa1daec179e426bdcd9887b3d26dc06b202417c08f951df31bec02e35c9a4656bb3a3bdf631bb37605a855d77ab16377a8a314982f723fcc6fae9ca15f15fbae58cb97b0d48a0248461e78e34e6d530338e3e5b91f209a1662678505dfaad6d10b84c73544eb748d547cb5bad9bdebc12c530dab0a65c37ffd72612fa70531f3a402c1662ed6adffbf2b1b65cf902d1df763698eb76d21e4e94b4c62971418c972722d984ff6da2bc26a0aca4c7f209cc39c05bbf6e72b5b24c0c81e0671bf17b1e78d9f124ddd69c257189f1e814bb9e3731c00926fc2371e6ebe2654f3950ca02e553cd98c83e945ee3013aa40897baec0305b34a2b4030025e039c54c2d3923057447494ca0923d7645604faaa864a079adeb741a5d6e65507a2819b2fee4835d396077d9f8e6995e28c789d8b24e982ac53d5d6ba453de73b796f85c8a7de71407d6e3c4206edda3a19b790ea12f785256510dde367d3313b5267536a58ca0c27dbdac7c693f57e1a92f7393daf7ead9a44b12e35f850705798fc879a6defec886d31f6375712466dd794a96f030fb4e859ee6a97c50c973a73dced3640befe37f579cfd15367ce6a9bbede2ad3a1e779f02539ccd07bff735e0823add9730b2c259564a8fe72333604a5686e30f6242f01db6d77ac21211992ceae4e66e1e03c1cb39d61e03645b9369f28252ca769314c6bf63ff4d32d8a0a42e81ea39304fb7ab13c880fe593ef5538fbf66b3b3e1cb7b9b8bdfe3d0e95feaed685a784aed14d087b019ba2eb0274947a840d2bdbae4ae36742107d057478328df8f538102508de00b0c4b37c7b5a85a0e7a2c4197c3794c8bb2eb5763bf6083040ca51e83415f27c9412d9e3d700bd0841493b207bc96abf944ab0ca709a695ce6c35c029dd7577e29f403d7144698b417a2edceb31a9c0d05e5f13c6caee0576b154151dc8ace5c57f109e6bb211a019db20c4f0127c4d13c7703f730bf492768c0cda049c85493df4e97db3db4ddc94075ba62cb6a895ac5ba5b6472680d47410a238a56bf6b1bde63cee9b81902efd187fdd56ecee5853754ce0a19d5ab5c3b02429886e2d4f0bcc97ce130ae89647f648d3e96548a391a29f9d176b913e7f693355700aaadbb90dcf547bd8f4074af97416d8b84ea64b2f3319064aa4bce64ad0c2e2d3957175a996b925e9391a69140caf6e4adba928694ffe66dd575413a40839f2807593aa21c711526cff1249cc45b61ce8d28d87f8edc6616447e38168e610bed142f0b9c46ea6849baa823deb9075e8df77b891115c019244de09de488bb5c0739485721182c01a82b01d145b5ebe019806885bbaafe37bc10ca09549e41c240b793fd29a70690a5d80b4963d46711f9064b96ff2d0affdef1ecd82d120659db95e2d8a8509ac05f5445d18d32cc7cb103d87098c9702cab7454b52869aeeb6a22919f29a7f19be7509255ce2d8c83ee29a163488438c9ea9014ddf1a9b2d382cc5d7e6baf2587fafaedbab4a78b9b7fd8b55f8c73675005a09008bc91d6bc3b5ad59a630ab4670dca6ac0d926165a3ecfd8d92d8ea2280cd06a5cc32b7d668e2b4b2e68f3a7e2a98ecc6fbb2cb5649daf751fcbfb81bcbef623aadd50330342dc464a31b843b3d8b5767d62a62f5e515ac2b380b208fbe620ff5a7aaf7f3fcf4abc9365e0e77b3ec4b434db14535c5835c9dfb3cbbc7f6fef6034c