Earth Preta Spear-Phishing Governments Worldwide Distributed links https://drive.google.com/uc?id=1pJR6hvEcdZFNPS9BIuw2Egcp_gb-pvLR&export=download https://drive.google.com/uc?id=1t0Cxanp-cm9bOyOfrfu5BN1ya2CZs-3q&export=download https://drive.google.com/uc?id=12ZEERd58S25zxAWUF5tiBSPOswYgtU2j&export=download https://drive.google.com/uc?id=1OGNqBZNG57STWtoTIUwoBMFDIcu9AMh1&export=download https://drive.google.com/uc?id=1BG0F1NdkPZOY6w2Y0YEs6nMGYLvSJiQo&export=download https://drive.google.com/uc?id=1mQGqtxR8XzafPalD7hEUBZw-LHtPHeAG&export=download https://drive.google.com/uc?id=1mhv6sOKU1OmqrX3PRB7fme-STM8wCMw4&export=download https://www.dropbox.com/s/8zswaln4nm0neap/Action%20Plan%202022.zip?dl=1 http://103.75.190.224/Enable_Adobe_Flash_Player.zip https://drive.google.com/uc?id=1xr-NUG2el_8wI6Lnvkp-q17rV3C_vxoC&export=download https://drive.google.com/uc?id=1fMn9S7VIn8BszBL-VcNdJF8SkKzwTRov&export=download https://drive.google.com/uc?id=14topBrJNM5J1m4h2bO3ihi5M6apWnx8S&export=download https://drive.google.com/uc?id=1aTbT-p28UK-KaYttQT3nIdynHnVdPS6w&export=download https://drive.google.com/uc?id=1roe1BE_Riy7AVbqtJZUxKTHkNvs3yn3a&export=download https://drive.google.com/uc?id=1g36jBkVLHubXsKrf9MaUkbRwBYv6Iu7-&export=download https://drive.google.com/uc?id=1UHAuqp6a3qNZfzF51-p3XBDYMkG77aYL&export=download https://drive.google.com/uc?id=1zlvioLjo9HjTVqP0fDBrkQnJACW9HABf&export=download https://drive.google.com/uc?id=1qWMPrQ_s55Y__9mBIRR1-Nw6oQiFdMII&export=download https://drive.google.com/uc?id=1072qv4eeKRZLRfiSsx0OfrRzBLk2f0Xe&export=download https://drive.google.com/uc?id=1KJ702ReZ_C_Z6sHzd2W1hciHjhSd9pH&export=download https://drive.google.com/uc?id=19eGOwbQZU8Qtvt2t5kqPdvRY7S_1N504&export=download https://drive.google.com/uc?id=1A6JFwcE0s9KFdLkdABgZmnavH709XCtM&export=download https://drive.google.com/uc?id=1PSKh4XIMoPCsLmsUvmqWJ67lyoQuOBgZ&export=download https://drive.google.com/file/d/1S6WhR8iIXTsKxroU6tY_PlJhDlA_0r_-/view?usp=drive_web https://drive.google.com/uc?id=1tf0_WX1Qak84rfylGEoo4YvlYU5Dd5vA&export=download https://drive.google.com/uc?id=1_kYWY8u9mLqNBfBQh53ZQSxAPFB_hWaf&export=download https://drive.google.com/uc?id=1vQWG_GdVcqM_pp_UbbEysuC_AGr4flFP&export=download https://drive.google.com/uc?id=1oyY0Fda3sqnogAIQQdkr3yDko5RJX67E&export=download https://drive.google.com/uc?id=1qKHgooWqJaaPxtEaPDbhaL0oD_NheOi6&export=download https://drive.google.com/file/d/1zHRbWBx1ZXNMetm7RxawRS2b55yF6337/view?usp=drive_web Malware Decoy Archive Files Filename SHA256 Owner’s Gmail 20220622.rar c0b9438186e27a1ebba214724a35195ce1f3fea41b6c0b69a10c649688371ec3 - Assistance and Recovery(china).rar 72b870a6914798b75bd45e483a47bf1c6eabd185ea577b621a23242a13ec58df uthawtaraung@gmail.com MRR_67(20220707).rar 186c3d32b3674faaf2c59b780ec2e5aeedc48199beae07c69e7cc14180c3683b mofapolcoord2020@gmail.com DA and MAI Call(New).zip 1ba12162a50fd5acbb38d9d0a99efb3b43358457e3279b86954dfff39b5cde4d qmgrudept@gmail.com 220509 - (Cabinet Meeting 2022).zip d8f54575aff075268200250b3ed4af1da894db2199432b7110605003c6afba4a - ASEAN Leaders_Meeting.rar 492fd69150d0cb6765e5201c144e26783b785242f4cf807d3425f8b8df060062 - Justice and Accountability for People - JPA project.zip 6478cbb620e1a6fe1fb7e9e15b37fdc10668aa5bf2c825b8cd65b129e6443e60 nld.tawtha285@gmail.com Report-CRPH (NUCC and JCC members).rar f2b10278aaa2dfc4344119551f624679b5a3d2501b39ec989b87690e0d357f42 - War Bullentin 6.00PM. EST june 22.rar dcefa4f651108d8371806403da4be9675797940faa580cc64f83116517c55ca7 - Action Plan 2022.zip ef3966d15af3665ee5126df394cefdf6f78fce77db7a70d5f35c19c234715035 - Enable_Adobe_Flash_Player.zip 2f2a8a001072f14c066bea15388af2155b02e0046180e450268db6bcdafa6e5a - AFP SRDP Strategic Concept Plan.zip 262c6ad46bacd268900008d6cd32ea5bcfe032ffc0bf82e838e234cdca374d64 imac.afp@gmail.com 至李治安邀請函.rar b2a86c5e1f0812483b0fdbde162457fd7ee71809a8a03c72762c037b1430115e yunlike717@gmail.com 24-08-2022.rar 9ef78cdd09a9b6ddb095e2474d9b888f2d4854a1324c46ec1db368dde390fddc yunlike717@gmail.com Invitatie -25 7 2022.jar 064fe5bc15828693ac62cfd7e83f705d734e2554d2ff8ed82f701864512e7624 mofapolcoord2020@gmail.com 9th SST Agreed Minutes(English).rar 5d5c6d118ee90fe675a7d7bb8af9640bcc76caff9b2ebead4d06f74654f56260 kyawkhainglinn56317@gmail.com some of my questions.rar 536fa7a7bcc7ba39da329a1656a2ac0448a9f01885bf48de6f15f554ce7994ac vocational.etd000@gmail.com nude photos of your lover.rar 8912199477e11df4409f6400ceb7c0e4a91ce77679948372d7d81e07dec68942 yunlike717@gmail.com ENL_20220711.rar 229508972ad52e0ae1ff2d74fc70ebefd8b816e212ced849fbe6c1c2a1350ef6 zawlynnmyint2020@gmail.com 27-6-2022.rar 447a62c7e29e2da85884b6e4aea80aca2cc5ba86694733ca397a2c8ba0f8e197 qmgrudept@gmail.com APPROVED DF Re-Consolidation and Presentsation of PMC Inputs for PN RMPG 2024-2029.rar 1ffee8c9aee944f72aa595c8feb7c745d0a509ca9542e26993076d2052474fc9 htunmin.333@gmail.com nude photos of your lover.rar 575bffe2a79606bbd91b6bb67224c2efda4fe34b4ce284996cfbf14c1cc79e0e minmin218111@gmail.com Ministries(en).zip aa2a59cbe6f82fb3a0df1e676cb7f5e098133f1f03e595aa28c40a01d0ad5ebd molnewslabour@gmail.com China VS Taiwan.rar 04ad7451ee9e7e7fca594adb8d68644943255e3dde6f79d0f49b567420148867 yunlike717@gmail.com AD to DD (Q&A)FGLLID(EN).zip dc95ea503b3b2085b24471b96c33bbcdf057baa3970a4080f965033ee862d4f0 kyawmintun.medical@gmail.com Talk points(EN).rar ee3b19071abcdeeb47199b60764ae382d21b39633f9755e90abec8fdc0db5ef0 royalacer2020@gmail.com Invitation.tar 431c9d4093a2def74a5e6a08b749455cb398ceab6cc887593b1d342f803e2027 mofapolcoord2020@gmail.com Memorandum Circular - Official List of Candidates.rar 05d310c386edcd277b69d4ee8b956d710b966eca961a512f01dc9503a8eae0b6 yunlike717@gmail.com attachment(EN).rar 2ec0031743443ab69d38d6d3a8b39824a5ae804bbece8cdfc0c6c691fce31349 yunlike717@gmail.com Letter for Immigration - PH-AU WHV.rar fdd77d852e2f9fb34724c0ebb5c22acf655fb2787d91c24a7040822aa81b1c81 vocational.etd000@gmail.com Desktop.rar a0fb562c8a2697a6d981cd281e661bd88fcec23cce34c9d31d081a942e8a45fe zegobirdnpt@gmail.com Trojan.Win32.TONEINS Filename SHA256 libcef.dll 9b6c76fa7518727d0031d4df694fb934dd5619a64a736d1643e56d89d32dc428 libcef.dll 6b452b2b1c68fe9957f6b2371898fe39a820cf3b5a6f338f5fb2f9639aaf886e libcef.dll d16b3f4cd6271c613a2c9184242b76df96cac0985bf9c4ff330f75e831c1e8f9 libcef.dll 21056092f307fdc39c04459f0caf2402c632cc9270b40a6b9449b0bd7f5047bf libcef.dll 510ac911c71704d21f5363441571af6f93ab11810aa0900bfc558494521015cf libcef.dll fde817b21f7495a28616609b0a87703bf1eb4a2b7c04ef7982d4610166b81eea libcef.dll 37367b193e5c927976472655d3de5684d3cf3bbb7bccdb380f336d1771a49017 libcef.dll a54152723492d3efd9e2fbf64d6d8599766962d001cc0f21450bfa956862fbf4 libcef.dll fa5c1ae296c7d25701a91d8e390b1187481a5143fb10c4c3935a547e6c792d76 libcef.dll 4fe16d20796fb1b1803d4862e74bfee25b77f62a664ae7cb060421a185da8709 libcef.dll 22ab2ec8793d9e51b28a033f7b60fc33c6d7e943f15883913654bff81f6c28eb libcef.dll 65d2406d9149f6a55a8550ffc72a5ccf1866e293801e9348f1df08a846423fb2 Secur32.dll d608e9c9892303fc5c551611d028e6994a198dd77cc4d529911961d10bb4b204 libcef.dll ce87ae6962e28bb7f904d448d62b0101547dc8cdf37f095a546eb899bfcec5cc libcef.dll e6e291dc2906b2167143e3b9b433696f52ae6a95d687f3c72e2f752928fa41ef libcef.dll 1a30f00ce5b8ce1f05a7938ada8c85e130f25986efcc61432c28a5bc29c47d90 libcef.dll 21f79743184783aeee30bfb06cb585f6b258459a329d07942f5f743d47708e05 libcef.dll 28f9661d8e89741574a39d57b5602f5662ec7950b721d7eb2f91e84e7040ce3b Backdoor.Win32.TONESHELL Filename Variant SHA256 coreclr.dll B 5a70f5b647ecc08bb8556a22f464a89d8d1e5ce535d84cf6162bea0434a7358a coreclr.dll B 21cc217f89008f3f0fbae731671fe4927c9047f59ff3100c7dadf03e62139874 TenioDL_core.dll B 78c70e6531ab86934d5dca8f100084b326ed0ab74541b1535f4bb7431bfea728 coreclr.dll B f731b25c32963507d307255237d4c52095c5714ef15cdcf6f923bb47d717e95f coreclr.dll B 02b52914afd13e1c91be5c61936c81a24ce3b4b0de4132d3ac96c5afd254716e coreclr.dll B 0f220ebbab71a8568eb0dfff22ea8c77cc05653580dc02ba86ca430c25f285ef TenioDL_core.dll B 41a9207db41c21c871109514d45a846b00afedbf82e0f31e989460bfe20a1c81 coreclr.dll B f1aa3e3b09a8c84cbfaaaef076b3e19a79bb1a82ee5905a2358bc4d2167225de 2345DLAgent.dll B 030aedf498ee37fc9722238e43fd39f5cb984f0e6a86915d30eda69921de0d76 TenioDL_core.dll B 8f3a28336793f619d1ccd4974059ccfbf93be61cd05240d807ca94d42adeb101 coreclr.dll B 033065cf18592ed41714866b1fc43aa9da55b46f13e4cbc60e8d027699baffe0 TenioDL_core.dll B 00b9d01d103f85170142e0f045a1943b10dfcc9d86a935d8853c6336d7055784 2345DLAgent.dll B 5ca7ccd312871a20cc5a35e3b115266fe8a9ceb3470844597d73a0ed8013c2b7 VERSION.dll A efd1a86330cecba5d8d038fba65ac8e76955ed724986aa87cd6ca9f72f6941c7 TenioDL_core.dll B f8275f6f78618cb1de4fc4d0d288c5aa2967de74375cc82aa98d0392c71d537a CefBrowser.dll A 8c83975a37abdf726c0752d853224f594ab39b9fa167103fcfb7e797d027a0dc 2345DLAgent.dll B d79832bd6904f02c09094c0a6c3fd176c42727868138ebe2d3fada581d2da50a coreclr.dll B ecbe91ab9cf171411ef23ffa031e26be254e28b3bab698b8ec169bdc15a61c6b Trojan.Win32.PUBLOAD Filename SHA256 EVENT.dll c52828dbf62fc52ae750ada43c505c934f1faeb9c58d71c76bdb398a3fbbe1e2 libcef.dll 966ab1c468e3fc7d8d8b2d73a9ca9a85d352a0db8043c5eab36dd304a5915812 NvSmartMax.dll cfa33741054fa661525cbff8375a17e5c91d7411a9c18f78c7d0cdf8a24ab207 hpqhvsei.dll f99560a6a6bcf3f0c4dbe5d3957e942eb4dfa88f5e9d59efa6ba017f5f626c31 qbcore.dll 10a746434abb8428c6b6a411d4dc069a89988a17a042e7f63fbfa867f3013cb3 kdump.dll b7c7d90d4fd0917f2ed1d60ee334f8077d9b6620bb4b52aab76c67d2db642dc7 goopdate.dll ef54e266f8fc9eb97d71c76f2a53b65bef83fe5fc270fbfe83463f83678ff44c active_desktop_render.dll 1aafbe976c3559b61531910c75f9bb90176641f565f9810a18dcde9564241164 hpqhvsei.dll cd697ed22e3ece7ef2e203c28c297d7be0b5ef862c2fd1a0c2f9b0fd3cc4e90a hpqhvsei.dll 891335282ff2d45689cec8066eb5ed9167297e8d989529e8dc33e9ee1a7d4f86 goopdate.dll df84d6c284dd39c2bfed6f8eb26149a4154396c27de50595ed5d80b428930dcd C&C Servers 89.38.225.151 103.15.29.179 202.53.148.24 103.15.28.208 202.58.105.38 98.142.251.29 202.53.148.26 Abused Legitimate Executables Thus far, the attacker deploying the backdoor TONESHELL has used several different legitimate executables to perform DLL side-loading. Original Filename SHA256 Description Signer adobe_licensing_wf_helper.exe 4761183bc8bff993a5551916eda73c84bb8f9eadd24c4c19587045bb91609a83 Adobe Licensing WF Helper Adobe Inc. AppXUpdate.exe cb8a83b590893daa9b02b8e1a1c9afb68d6f2a82c9e0d2d2c63a36a510f6fda3 国信证券股份有限公司 Silverlight.Configuration.exe f11009988b813821857c8d2db0f88e1d45b20762f62a3cf432339f352b12cefe Microsoft® Silverlight Configuration Utility Microsoft Corporation hpqhvind.exe 404c4ab8ea4d0c05ac78038a7addb045861706832ea3a51dec8c39cfc15017d3 HelpContentIndexer Hewlett Packard TenioDL.exe 1442420937e6276905197078ae1b251a2e93eb42a40bbd6e6c8d9a981945391f Tencent TenioDL for Game Tencent Technology(Shenzhen) Company Limited MasterPDF.exe f5dd40ed8b156d254c3c0daf6a770a1718848b6e21a911238f7ae2d08e16f4ab 迅读PDF大师主程序 天津迅读科技有限公司 2345DLAgent.exe 765bca508d96c012d246ed92355ff4c287a201b61c9e4a3b3d19f855a2f6efc3 网络辅助工具 Shanghai 2345 Mobile Technology Co., Ltd. Setup.exe ff2be9643a7df7241768e7e439524d11618f2b8a8fbe47f2e94d6453b0e04dae Suite Integration Toolkit Executable Microsoft Corporation UpdateTrayIcon.exe b3f1c0bb367ef35c76ba11730a815bd5ecafcef4594f6724da18c1f4b99cede4 Tencent Technology(Shenzhen) Company Limited WinWord.exe 8cfb55087fa8e4c1e7bcc580d767cf2c884c1b8c890ad240c1e7009810af6736 Microsoft Word Microsoft Corporation minibrowser.exe 52d617b4d5b7d04dd2394d4bb3ccc834b805d836ee50a8f3407de2d80a52b35e 腾讯TBS Tencent Technology(Shenzhen) Company Limited active_desktop_launcher.exe 2fc14451ef0ff0919995d46fedc7b7c7f9a9adbf9c40f6b36b480e637d581e6b active_desktop_launcher GuangZhou KuGou Computer Technology Co.,Ltd. AvastBrowserUpdate.exe 6a424a15d553d307d26d3d33f875a9a69117edfebe32bd2712b5750d98967353 Avast Browser Avast Software s.r.o. AVGBrowserUpdate.exe 412230d27ace8ecf6aa4aaab24c9aa4677e5831e2c2b74a27dab9265c3068781 AVG Browser AVG Technologies USA, LLC