Indicators of Compromise

SHA256									malware
9c681493c81581995e6a48b96411a7004fe77558d7ca863e26398538ad78f385	NOOPLDR (DLL)
8574a494425825958c1e978ca7f66a467954fa90c7c898eebac49928519f0eae	LODEINFOLDR (Type 2)
87fd4cf002e4d3867462c7a08124cba154750ae78785009a9f213c7479241eef	LODEINFOLDR (Type 2)


domain/IP		malware			comment
ns1[.]tlsart[.]com	Cobalt Strike	 
{DGA}[.]hopto[.]org	NOOPDOOR		DDNS, blocking all sub-domains is not recommended
{DGA}[.]gotdns[.]ch	NOOPDOOR		DDNS, blocking all sub-domains is not recommended
{DGA}[.]myftp[.]org	NOOPDOOR / LODEINFO	DDNS, blocking all sub-domains is not recommended
{DGA}[.]tw8sl[.]com	NOOPDOOR	 
{DGA}[.]srmbr[.]com	NOOPDOOR	 
45[.]76[.]197[.]236	NOOPDOOR / LODEINFO	IP related to the domain used by NOOPDOOR and LODEINFO