Testing Indicators

Testing Indicators

CanCyber has setup a number of domains, IPs, files, and certificates for testing purposes. These are tasked in MISP for detection at Event 969.

None of these sites have any real malware or pose any actual risk.

Simulated Badness

IP: 35.183.9.38

Domains: malware-c2.com, www.img-url.com, jpg.img-url.com, png.img-url.com

URLS: http://png.img-url.com/ImportantDocument8b745966fd.jpg
http://malware-c2.com/ImportantDocument8b745966fd.jpg
http://malware-c2.com/TPSReportfaf8b745966fd.xlsx
http://jpg.img-url.com/ImportantDocument8b745966fd.jpg
http://jpg.img-url.com/TPSReportfaf8b745966fd.xlsx
http://png.img-url.com/TPSReportfaf8b745966fd.xlsx

Filenames: ImportantDocument8b745966fd.jpg, TPSReportfaf8b745966fd.xlsx

File Hash: 9f23bd021d571abf6d2faf8b745966fd, c6e7ec54ed35eb19ba8d736ac257b63e (you can download the 2 files at the above URLs to get the same "bad" files.

SSL Cert Hash: dd1bec8f68dbdcc76c7b0f755aba0e53ba6fea41feac760a1dd869a8e3cfe1a5, eb3797b15cbdae7e28baa56fdac40780ab9a4e0527624b94ff328e0d0fb1c9ad (malware-c2.com and img-url.com)

Network content: http://malware-c2.com/bad.html "991CANCYBER_TEST_BAD_SIGNATURE991"

Simulated Goodness

IP: 35.183.24.213

Domains: notmalware-c2.com

SSL Cert Hash: https://notmalware-c2.com/

.