add apt-36 iocs

Author: ThreatLabz

apt36/c2s.txt

@@ -0,0 +1,34 @@
+# Limepad C2 domains
+ncloudup[.]com
+gcloudsvc[.]com
+
+# Credential harvesting sites
+nic-updates[.]in
+kavachmail-govin[.]rf[.]gd
+
+# Attacker-registered domains spoofing Kavach site
+kavach-app[.]com
+kavachguide[.]com
+kavach-app[.]in
+get-kavach[.]in
+getkavach[.]com
+kavachsupport[.]com
+kavachdownload[.]in
+kavachauthentication.blogspot[.]com
+
+# Post-infection IOCs
+139.59.79[.]86
+139.59.79[.]86/song.mp3
+139.59.79[.]86/OneDriveHandler45_bf.zip
+139.59.79[.]86/OneDriveHandler45.zip
+139.59.79[.]86/C2L!Dem0&PeN/A@llPack3Ts/Cert.php
+
+# wzxdao[.]com
+wzxdao[.]com/onedrivehandlerx86.zip
+wzxdao[.]com/OnrDriveHandlerx86.zip
+
+# Decoy file URLs
+hxxp://139.59.23[.]88/confirmation_id.pdf
+hxxps://ncloudup[.]com/trendmic/details.pdf
+hxxp://wzxdao[.]com/resultupdate.jpg
+http://139.59.79[.]86/Pictures.jpg

apt36/hashes.txt

@@ -0,0 +1,7 @@
+123b180ed44531bfbac27c6eb0bbe01d
+3817590cf8bec4a768bb84405590272f
+0ed6451ffe34217e44355706f4900ecc
+94daa776792429d1cb65edc1d525e2fc
+c195d6bb06c93b94d39e5c1a2dfc6792
+889c5c98e88c4889220617f57f5480f7
+ac3f2c8563846134bb42cb050813eac8