Earth Kurma APT Campaign Targets Southeast Asian Government, Telecoms Sectors
Indicators of Compromise (IoC)

Type 	Indicator 								Description 
sha256 	004adec667373bdf6146e05b9a1c6e0c63941afd38e30c2461eaecb707352466 	TESDAT 
sha256 	0a50587785bf821d224885cbfc65c5fd251b3e43cda90c3f49435bb3323d2a8b 	TESDAT 
sha256 	10898b74b612b1e95826521c5ccf36f7a238f5d181993c3c78c2098fcfdc1f3f 	TESDAT 
sha256 	131bacdddd51f0d5d869b63912606719cd8f7a8f5b5f4237cbdb5c2e22e2cba2 	WMIHACKER 
sha256 	1ab42121bb45028a17a3438b65a3634adb7d673a4e1291efeabf227a4e016cfb 	SIMPOBOXSPY 
sha256 	1c350d09c1cd545d54c38cd03aba3fd4eb0e8d97a3ba6c3744cc33ed92cb9a48 	DUNLOADER 
sha256 	1e48967e24d4ae2ac2697ef09c0f2702285825831bd516cb3be8859496fd296f 	DUNLOADER 
sha256 	1f3f384e29eab247ec99d97dfe6a4b67110888e4ad313b75fa9d0beceef87e93 	KRNRAT 
sha256 	1f5f6cc1cbf578412ea5279dbdb432eda251309695513a74de66063ab02789f1 	TESDAT 
sha256 	2c9b8e4852181d51ff72dc6dec78bef014db8af83d30c05c3e9c5eb060278730 	KRNRAT 
sha256 	2e87615142170a7510e26f94790bfb81df4d499a9f530d0bd8fe0fb1575b17f8 	TESDAT 
sha256 	34366323262346e10d8780bad9d30c6d4d747e4ec543243be76f33b7c028ea36 	TESDAT 
sha256 	37a397a2482b37d19d58588c0a897a08111b74d122c21542f1bf852ae83e1db0 	DMLOADER 
sha256 	383aa73fe72caf268ce0874ebbcd13fc4c9e1e5c6200cdd66862de7257942cea 	TESDAT 
sha256 	398234b692a80a424939e98a2d96a705ce3fd9d61950420b5f2af45890abc48e 	TESDAT 
sha256 	4198b4ec5bb0c72112e9cf835686c33b9a97037acfb7727e494046a73106e938 	MORIYA 
sha256 	45e1138f2b8e822cbd4573cb53104b402ae26dcddb42c70534cf024a8bc6db66 	DUNLOADER 
sha256 	49ab6e2b5e378c74d196aecac4e84c969c800051167c1e33d204531fabd17990 	KMLOG 
sha256 	4ae186ee19d0d3e246dc37ac722a27d5297d2577de59b8583c97897480290bc1 	TESDAT 
sha256 	54e14b7742801970c578fad2ec2a193334ca8a17b60ee18dd6ec0fbfc8ce900b 	SIMPOBOXSPY 
sha256 	612a5fcb7620deef45a021140b6c06ab9c0473dce5b7e4a54960e330a00c90f3 	DUNLOADER 
sha256 	6190b13df521306bfa7ee973b864ba304ee0971865a66afbe0b4661c986099f4 	KMLOG 
sha256 	66edb72f6f7c8cad23c6659a81fa023f57c1a86c7d7b7022f1453b177f2b3670 	NBTSCAN 
sha256 	6bbbb227d679ea00f0663c2e261d5649417d08285f9acc1fd80e806ddea08403 	TESDAT 
sha256 	6ef3a27fdca386fe093c12146cd854d9ae6b42ca637950ca46bfd364ceab5b53 	DUNLOADER 
sha256 	73afc6af6fdfcaf9832aa2975489271bad7c8ea58679f1a2ddd8f60b44cc4a13 	TESDAT 
sha256 	75cc8474abb1d9a06cd8086fede98958653d013fb7ff89bbc32458b022a8fc94 	DUNLOADER 
sha256 	823a0862d10f41524362ba8e8976ddfd4524c74075bd7f3beffa794afb54f196 	MORIYA 
sha256 	8414136128f73fa7e29032df7b8115bc89832c57e2602d81de1e520cc2d7958d 	ICMPINGER 
sha256 	85e78a1b0a78e5d921c89241aaadd505d66dc4df29ca7d8a81098f42487ba350 	TESDAT 
sha256 	876c822f333e812041af24ae80935a830ca5016f9aaf2e8319ebb6cab1f9d7d0 	SIMPOBOXSPY 
sha256 	8c703148567cb66fe27bc07d18de58aa36aa84a49f1ce7545e9ec56378857d3d 	TESDAT 
sha256 	8ca1ffbd3cd22b9bead766ebd2a0f7b2d195b03d533bacf0cb8e1b1887af5636 	KMLOG 
sha256 	8e6583cca6dd4a78bdc0387c7f30334ab038e5c77848f708fe578e60dd8d9e00 	DUNLOADER 
sha256 	96b407856889c920a49f921d925118a130b904e99f9fe43a87342c680ffb9f27 	ODRIZ 
sha256 	a359a06fbc6b5cf5adf7f53c35145b28f3c8a70f6998631090021825aea08e22 	TESDAT 
sha256 	aa925a5a8a7d5b36a66431f4968bd1003d1bbb6cb3ff6d03d9e3e0143c48382b 	DUNLOADER 
sha256 	aef3407310de48e13575c3d98b660ab7ddafb7efe3f4909682907ac286062392 	TESDAT 
sha256 	b26e8e0be066ee0b86f8fb2b0a703717ebbf34c8a33ef9a6f8f164ad012f1746 	LADON 
sha256 	c0326a0cd6137514ee14b6ac3be7461e8cf6c6adec74d087fd30cb06b91ecda2 	TESDAT 
sha256 	c6f73268eba553c7991f876a166440f5b4d519dea6b13bc90583fde1e89e81ed 	FRPC 
sha256 	d3d2355b1ffb3f6f4ba493000e135dfd1b28156672e17f0b34dfc90cc3add352 	TESDAT 
sha256 	e143c15eaa0b3faccc93ce3693960323dbaa683ac9ce30382e876690278dfefa 	DUNLOADER 
sha256 	ec9220cf8208a3105022b47861d4e200672846ef484c1ea481c5cfd617cb18dc 	MORIYA 
sha256 	f3916c414db0f660d488c9d3aaa8355f3eb036ca27a9c606fe7e5e1a9bd42b38 	LADON 
sha256 	f52d9355b9efb6a1fcb32b890c5c373274df21ce38050d49416f469be95dc783 	DUNLOADER 
sha256 	f9892636093266a01ed6f0486c00189d2eeb532a3086660490f4efeb6d026487 	FRPC 
domain 	www[.]dfsg3gfsga[.]space 						C&C 
domain 	www[.]igtsadlb2ra[.]pw 							C&C 
domain 	www[.]ihyvcs5t[.]pw 							C&C 
domain 	www[.]vidsec[.]cc 							C&C 
ipv4 	103[.]238[.]214[.]88 							C&C 
ipv4 	149[.]28[.]147[.]63 							C&C 
ipv4 	166[.]88[.]194[.]53 							C&C 
ipv4 	185[.]239[.]225[.]106 							C&C 
ipv4 	38[.]147[.]191[.]103 							C&C 
ipv4 	38[.]60[.]199[.]225 							C&C 
ipv4 	45[.]77[.]250[.]21 							C&C