Indicators of compromise
Earth Kapre hashes

SHA256						Detection name
1cf5d081dcc474eefb710ce11f67ab2a9d5f829a	Trojan.Win64.CRUDLER.A
28ef33b00c9c347f35405ff0b35c499acd71573e	Trojan.Win64.CRUDLER.A
2003d2de9c155799fea82663245add57d59813aa	Trojan.Win64.CRUDLER.A
240e037af8964388d8ca92385528bece5e0c6546	Trojan.Win64.CRUDLER.A.enc
5f0fea19115fea2596a6db636736ff96510b79fb	Trojan.Win64.CRUDLER.A
67dae474eb9eb8c2f7b8d315d84ca9b5de31d5da	Trojan.Win64.CRUDLER.A.enc
732aa4679a372696b67c0666cd8c0279049d7a92	Trojan.Win64.CRUDLER.A
819c480f31650773a8e3de3ffb8f89a8ce062368	Trojan.Win64.CRUDLER.A
8a8f1dcdc301036fae02269da2d26f321886444b	Trojan.Win64.CRUDLER.A
8e5bacc6773843bac2f52c63bd0f6e4a868eb4da	Trojan.Win64.CRUDLER.A
ae5496ce5295a11957d7bb19c903c8128d0e73c1	Trojan.XML.CRUDLER.A
df4099baa679fca159a301fb1b9aaa9d4ef4648c	Trojan.Win64.CRUDLER.A
f3cfbf02099830ce9492d231b4a00dbcb46facd4	Trojan.Win64.CRUDLER.A


C&C servers

23[.]254[.]224[.]79
198[.]252[.]101[.]86
	
http://preston[.]melaniebest[.]com/ms/ms.tmp = 79. Disease Vector
http://preston[.]melaniebest[.]com/ms/msa.tmp = 79. Disease Vector
http://preston[.]melaniebest[.]com/ms/curl.tmp = 79. Disease Vector
http://preston[.]melaniebest[.]com/ms/7za.tmp = 79. Disease Vector
https://preslive[.]cn[.]alphastoned[.]pro/ms/msa.tmp = 79. Disease Vector
https://preslive[.]cn[.]alphastoned[.]pro/ms/curl.tmp = 79. Disease Vector
https://preslive[.]cn[.]alphastoned[.]pro/ms/7 = 79. Disease Vector
http://unipreg[.]tumsun[.]com:80/ms/psa.tmp = 79. Disease Vector
http://unipreg[.]tumsun[.]com:80/ms/7za.tmp = 79. Disease Vector
https://preslive[.]cn[.]alphastoned[.]pro:443/ms/curl.tmp = 79. Disease Vector