🔒 Closed Cyberthreat?

[ravage]

nakita ko lang sa fb cspcert page


Cyber Security Philippines - CERT
This one is for IT and Cyber Security Teams you have in your company, these are threats that may or may not be detected by their current security solutions and that we are recommending to forcibly block them just to be on the safe side.

Threat Advisory:
To All Filipino Institutions belonging to TELCO, ACADEMIA, R&D and GOVERNMENT which are the target of TAG-22 Chinese State Sponsored Cyber Attack, have your IT Admins and InfoSec Teams set your network and endpoint security to flag and block the following IOC data within your infrastructure accordingly to prevent outbreak.
Credits to: Insikt Group
GAT-22 Active Threat Vectors
IPv4
66(.)42(.)61(.)81 scanning_host
45(.)77(.)107(.)26 scanning_host
37(.)61(.)205(.)212 scanning_host
207(.)148(.)70(.)19 scanning_host
139(.)180(.)187(.)35 scanning_host
139(.)180(.)156(.)26 scanning_host
114(.)143(.)30(.)50 scanning_host
107(.)170(.)109(.)82 scanning_host
67(.)205(.)143(.)19 exploit_source DIGITAL OCEAN Asset
IOC's

Hostname
www(.)livehost(.)live
wvt(.)livehost(.)live
wntc(.)livehost(.)live
wlamazcsrv1(.)windowshost(.)club
wctu(.)livehost(.)live
vwlamazcsrv1(.)windowshost(.)club
v2ray(.)windowshost(.)club
snoc(.)hostingupdate(.)club
sci(.)livehost(.)live
sc(.)livehost(.)live
ntuml(.)lmgur(.)me
ns2(.)windowshost(.)club
mrgt(.)hostingupdate(.)club
m2(.)livehost(.)live
local(.)windowshost(.)club
kases(.)lmgur(.)me
dsyu(.)livehost(.)live
download(.)google-images(.)ml
dntc(.)livehost(.)live
dns(.)livehost(.)live
coivotek(.)livehost(.)live
coivo2xo(.)livehost(.)live
c2(.)windowshost(.)club
bc(.)windowshost(.)club
arress(.)windowshost(.)club
vt(.)livehost(.)live
vt(.)livehost(.)com

Domain
windowshost(.)club
wikimedia(.)vip
symantecupd(.)com
nfdkjbfwjakd(.)ml
micsoftin(.)us
microsoftd(.)tk
lmgur(.)me
livehost(.)live
jquery-code(.)ml
hostingupdate(.)club
google-images(.)ml

IPv4
95(.)111(.)245(.)74
93(.)180(.)156(.)77
66(.)42(.)44(.)130
45(.)76(.)178(.)7
45(.)32(.)112(.)201
206(.)189(.)69(.)127
202(.)73(.)97(.)91
202(.)182(.)96(.)238
202(.)182(.)102(.)168
198(.)13(.)37(.)172
192(.)99(.)169(.)235
186(.)250(.)242(.)178
182(.)162(.)136(.)235
163(.)49(.)70(.)18
158(.)247(.)219(.)236
158(.)247(.)206(.)194
154(.)220(.)3(.)252
141(.)164(.)63(.)174
141(.)164(.)62(.)81
141(.)164(.)61(.)70
141(.)164(.)35(.)117
139(.)180(.)135(.)200
139(.)180(.)135(.)175
139(.)180(.)131(.)135
116(.)203(.)104(.)216
107(.)161(.)183(.)116
103(.)215(.)168(.)179
101(.)53(.)136(.)36
202(.)70(.)66(.)146
139(.)180(.)141(.)227

SHA256
f21a9c69bfca6f0633ba1e669e5cf86bd8fc55b2529cd9b064ff9e2e129525e8
e33c31cbf4fb871dac77586900392c789ac6f1da7d6ccd9cedf8a9639a7de27e
d7ede69b96bd482cfaeffe0ee582b23f507a46237070c75c3b711d0be716538b
d546daa385c1b05514c1a3a85bf536259660e650e20c09af41a2966a42e8a127
d4017f4868716fd6af954d63069eff110d8aa193669e691b509f2b10deed0157
bcd938fffe54a891eaf355444439b657e7a0d8f6465aff0ccf1f54d86fa06b92
abd81e97006124b547bbb387de853b1990ff38a87dce3377a1e5e535d1b203d6
a7e9e2bec3ad283a9a0b130034e822c8b6dfd26dda855f883a3a4ff785514f97
a2318cfd61b2c89ccd0e4d3e331311995c877c4aff6583d0fa63cb111483761e
98a7c0e03e1e90d63fda22ae0d5947abd48709ebbd2ee86ce88277b12696c4d8
8df253e4085f02181fdaf957dca2110543b99628cf3d82310b9ada5a327b3831
5f5fac89d925a12972206f346245ba317b027f107a500f1bdbed01e40c065e9b
5dc4b4848c381db04941be8215446c502957d7faf0d96f957f3221b79051c691
59b500eed76b69c9f952131a378a8168c76833aeafaa7aa943e8ee6aa8c1a350
408a3ebea3b9b3cd1eeb99eb4fabf3f2fb6d0d0b40df6cf4b1c20286df23df5f
339586a4c87084519dd29ab07fe82ed0a1c99df01818a948b717269555a55910
2a6ff83f65c2620cce9ceee3a570b0540f1e4ab5ac2e1b804a1b3da4c7ad926b
23df4aba9536b2ea8de3bc5035f87dfe7698e7cae6400068b15d305c1e147d18
c2df9f77b7c823543a0528a28de3ca7acb2b1d587789abfe40f799282c279f7d
2af96606c285542cb970d50d4740233d2cddf3e0fe165d1989afa29636ea11db

SHA1
f1c869b90ef838d65721b94d41486d83108c162e
efc7302107a827570c001900583d9fae14114e60
e99d5a620a488133f4da24e1f8d2d5e68542b6f3
e5a54e1e674300c22b9b577e678c2a2b8472a284
d28eacb1b4d2e9ef54f7dff09ca03a6866fc9184
95c05cb1f3f9c496e2095b7f0a5256b0d5554f6c
7a700c36c14b33c75007dd8fdfc66155c5ed51e4
70ac9d6f6e77bdf1d056b5a5b2168b2f3c6c09d4
5d0739fd9378ca4a358d95c724b99b7762ac2f6b
3fb78920509ca490f46073df1d7bd186db69c085
f40a49ec1f0ef58ee28818f5d8f79f036c7b4e2b
ab6b7ab68ff2ebe190456e3d7464c6142fed6961

MD5
b0076f01bd03466788c510328159ad44
abcd461bdb6a6537b7a36848a87b5ea6
a241ff3d86925a4a12916b401536b019
84c62087f75910c5b9d533faf2b91da8
629d126b357abc16fa44ee08c860cade
5dfb7f863cd291544b9dfdb3de25162f
59d23f4da9837474d3f2d9f6816bd716
332265a774e2ad113cbf4d05189d2ee0
17af90c51b31765aa1b5bed8b81588df
0caa82c50b8aed7834d38ac338b1f69c
e31b4fb81764e4dd6bacab9baba266b4
0e0c65c206e1244987db350f3fefabd6

 

[PHC-BlackQuantum]

thanks sa info master. medyo alarming ito.

 

[FreeAllYouCan-OFFICIAL]

thanks boss, adding to firewall now

 

[staedtler]

Salamat master, i added to firewall

 

[luffy777]

Thanks sa pag share

 

[Skia Monarch]

Stay safe peeps! mostly for companies. secure your network protocols and VPN!

 

[Phc_Mared08]

salamat sa info master

 

[buuu]

Thanks for information TS.

 

[PHC-Raldin]

Na add ko na sa master firewall namin sa company. Salamat po

 

[Josemari_10]

thanks po sa info

 

[g33z]

kung sa company nyo my VPN kayo tapos mga remote users is from PH, then try to enable nadin ang geo-location filtering tapos limit nyo nadin ng services po.