CrazyHunter Campaign Targets Taiwanese Critical Sectors
Indicators of Compromise (IoC)

File Name					SHA1							Detection
bb.exe						0937377d1ef1d47a04f1e55d929fe79c313d7640		Trojan.Win64.HUNTER.BC
C:\Users\Public\Prince-Built.exe		1b826a12a630e777aa2c3036f1159db15f2bdd66		Ransom.Win64.PIRCEN.THABHBE
crazyhunter.sys					15823b729ad7aad20192ebe3fc1c21ea985001d7		Ransom.Win64.HUNTER.BC
file.exe					318a601a5d758dd870c38b8c4792a2c3405e6c28		Trojan.Win64.CRAZYHUNTER.A.go
go.exe						79c3fd97d33e114f8681c565f983cd8b8f9d8d93		Trojan.Win64.ZAMPROCKILLER.BJ.go
go2.exe						b6737248f7baed88177658598002df5433155450		Trojan.Win64.ZAMPROCKILLER.BJ.go
go3.exe, crazyhunter.exe			bed4229e774f136e1898fad9d37bd96e9156369e		Ransom.Win64.HUNTER.BC
gpo.exe						9e126627dff082000a830b8e2e04206ced8663ff		HackTool.MSIL.SHARPGPOABUSE.BD
ru.bat						086262abb7e85c43ffb6c384966d130ca612169b		Trojan.BAT.DULLOAD.BD25
zam64.sys					cd248648eafca6ef77c1b76237a6482f449f13be	

SHA1						Description
0937377d1ef1d47a04f1e55d929fe79c313d7640	Decrypter and loader for CrazyHunter.sys
1b826a12a630e777aa2c3036f1159db15f2bdd66	CrazyHunter Ransomware
15823b729ad7aad20192ebe3fc1c21ea985001d7	Encrypted and being loaded by BB.exe with “-f” parameter
318a601a5d758dd870c38b8c4792a2c3405e6c28	Serves as a server or monitoring tool and delete the files based on the extension in parameter
79c3fd97d33e114f8681c565f983cd8b8f9d8d93	ZammoCide v.5
b6737248f7baed88177658598002df5433155450	ZammoCide v.5
bed4229e774f136e1898fad9d37bd96e9156369e	CrazyHunter Ransomware
9e126627dff082000a830b8e2e04206ced8663ff	SharpGPOAbuse
086262abb7e85c43ffb6c384966d130ca612169b	Batch file for multiple execution of binaries
cd248648eafca6ef77c1b76237a6482f449f13be	Zemana Anti