Skip to content

fox-it/cryptophp

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits
scripts
scripts
 
 
README.md
README.md
 
 
domains.txt
domains.txt
 
 
email_addresses.txt
email_addresses.txt
 
 
file_hashes.csv
file_hashes.csv
 
 
ips.txt
ips.txt
 
 

Repository files navigation

CryptoPHP Indicators of Compromise

This repository contains the indicators of compromise for the CryptoPHP backdoor.

The whitepaper regarding CryptoPHP can be found here:

Available IOCs

filename description
file_hashes.csv Contains the MD5 and SHA1 hashes of the different versions of the backdoor and when they were first seen
domains.txt Contains the C2 domains used by the backdoor
ips.txt Contains the C2 ip addresses used by the backdoor
email_addresses.txt Contains the email addresses used as backup communication by the backdoor

Available scripts

We created some Python scripts to help administrators identify CryptoPHP:

https://github.com/fox-it/cryptophp/tree/master/scripts

About

CryptoPHP Indicators of Compromise

Resources

Readme
Activity
Custom properties

Stars

129 stars

Watchers

37 watching

Forks

49 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages