Earth Estries Targets Government, Tech for Cyberespionage SHA256 Description Detection cd2b703e1b7cfd6c552406f44ec05480209003789ad4fbba4d4cffd4f104b0a0 Trojan.Win64.TRILLCLIENT.ZCKF 0eaa67fe81cec0a41cd42866df1223cb7d2b5659ab295dffe64fe9c3b76720aa TrojanSpy.Win32.BROWSTHEFT.ZCKF e6f9756613345fd01bbcf28eba15d52705ef4d144c275b8cfe868a5d28c24140 HackTool.Win32.PORTSCAN.ZBKF c7023183e815b9aff68d3eba6c2ca105dbe0a9b05cd209908dcee907a64ce80b TrojanSpy.Win64.BROWSTHEFT.ZAKF 1a9e0c7c88e7a8b065ec88809187f67d920e7845350d94098645e592ec5534f6 TrojanSpy.Win64.TRILLCLIENT.ZBKD efb98b8f882ac84332e7dfdc996a081d1c5e6189ad726f8f8afec5d36a20a730 Backdoor.Win32.ZINGDOOR.ZAKD 8476ad68ce54b458217ab165d66a899d764eae3ad30196f35d2ff20d3f398523 Backdoor.Win32.ZINGDOOR.ZCKE dff1d282e754f378ef00fb6ebe9944fee6607d9ee24ec3ca643da27f27520ac3 Backdoor.Win64.ZINGDOOR.ZBKF 42d4eb7f04111631891379c5cce55480d2d9d2ef8feaf1075e1aed0c52df4bb9 Backdoor.Win32.ZINGDOOR.ZHKH 45b9204ccbad92e4e5fb9e31aab683eb5221eb5f5688b1aae98d9c0f1c920227 Trojan.Win64.TRILLCLIENT.ZBKF 98e250bc06de38050fdeab9b1e2ef7e4d8c401b33fd5478f3b85197112858f4e Trojan.Win32.TRILLINSTALLER.ZBKG b1bc10fa25a4fd5ae7948c6523eb975be8d0f52d1572c57a7ef736134b996586 Trojan.Win64.DRACULOADER.ZCKG 49a0349dfa79b211fc2c5753a9b87f8cd2e9a42e55eca6f350f30c60de2866ce Trojan.Win64.DRACULOADER.ZCKG 71a503b5b6ec8321346bee3f6129af0b8ad490a36092488d085085cdc0fc6b9d Trojan.Win64.DRACULOADER.ZCKG 28109c650df5481c3997b720bf8ce09e7472d9cdb3f02dd844783fd2b1400c72 Trojan.Win64.DRACULOADER.ZCKG a8dd0ca6151000de33335f48a832d24412de13ce05ea6f279bf4aaaa2e5aaecb Trojan.Win64.DRACULOADER.ZCKG deaa3143814c6fe9279e8bc0706df22d63ef197af980d8feae9a8468f441efec Trojan.Win64.DRACULOADER.ZCKG b6481e0edc36a0472ab0ce7d0817f1773c4af9307ae60890a667930558a762ff Trojan.Win64.DRACULOADER.ZCKG eeb3d2e87d343b2acf6bc8e4e4122d76a9ad200ae52340c61e537a80666705ed Loader for HemiGate Trojan.Win32.DRACULOADER.ZCKG 4b014891df3348a76750563ae10b70721e028381f3964930d2dd49b9597ffac3 Backdoor.Win32.HEMIGATE.ZCKG.enc 2531891691ef674345f098ef18b274091acdf3f2808cca753674599c043ccd7d K7SysMn1.dll Trojan.Win32.DRACULOADER.ZCKG c59e17806e3a58792f07662b4985119252c8221688084d20b599699bfdb272d8 K7UI.dll Trojan.Win32.DRACULOADER.ZCKG e1a7e5f27362aaf0d12b58b96a816ef61a2a498def9805297aa81f6f83729230 Trojan.Win32.DRACULOADER.ZYKG ca6713bedbd19c2ad560700b41774825615b0fe80bf61751177ffbc26c77aa30 conhask.jnk Backdoor.Win64.COBEACON.ZCKH.enc cdadad8d7ced1370baa5d1ffe435bed78c2d58ed4cda364b8a7484e3c7cdac98 sbiedl2.dll Trojan.Win64.DRACULOADER.ZCKH 82f3384723b21f9a928029bb3ee116f9adbc4f7ec66d5a856e817c3dc16d149d sbiedll.dll Trojan.Win64.DRACULOADER.ZCKH 415e0893ce227464fb29d76e0500c518935d11379d17fb14effaef82e962ff76 conhask.dll Trojan.Win64.COBEACON.ZCKH.enc f6223d956df81dcb6135c6ce00ee14d0efede9fb399b56d2ee95b7b0538fe12c ssp.dll HackTool.Win64.SSPDUMP.ZPKH Network IOCS Domain/IP Description cloudlibraries[.]global[.]ssl[.]fastly[.]net C&C server shinas[.]global[.]ssl[.]fastly[.]net C&C server zmailssl3[.]global[.]ssl[.]fastly[.]net C&C server nx2.microware-help[.]com C&C server east.smartpisang[.]com C&C server cdn728a66b0.smartlinkcorp[.]net C&C server cdn-6dd0035.oxcdntech[.]com C&C server cdn-7a3d[.]vultr-dns[.]com C&C server web9a78bc52.trhammer[.]com C&C server access.trhammer[.]com C&C Server ms101.cloudshappen[.]com C&C Server https://103.159.133[.]205/index.asp?id=432 C&C Server 96.44.160[.]181 Download site