LARVA-47

LARVA-47, commonly referred to as the RIG Exploit Kit operator, is a cybercriminal group that has been active since 2014. This group is responsible for managing and distributing one of the most persistent and widely used exploit kits in the underground cybercrime ecosystem.

The full report is available here

LARVA-47 Indicators of Compromise (IOC)

Exploit Server

195.16.88.28

Proxy IPs

188.227.106.162
188.227.106.81
188.227.106.83
188.227.57.93
188.227.58.144
188.227.58.152
188.227.59.52
195.16.88.28
45.138.26.51
45.138.26.89
45.138.26.93
45.138.26.94

White Listed IPs

188.225.75.54
45.132.226.177

Hashes

SHA256
0773d5b2b39b964d5cdc4883e249564c697b6fee222caeed2ead3b0c7dad13c4
078ca38607f24fd21a563fa5189843734677b98d5017d5ebb03b2960053b25b5
0a59f083b2e7e919ad75c38df302283deace71ad4106fe22685e290b504e860f
11ad03c89b363353ce776edaa00cb52a71f37e6e189bce97d56859b72eca312a
148c2c5b82b22f83365e60b3494a42b1b1def3a19e086ba15a409cc2fbd50f01
1d3440fb24a7347ce312d135f138e829acc8b41f94a9491d1d195a257557f4a9
1eff4b54c1c2efc1e10fd49ef41386ab918c1c2e2c296221a85b812a7ad52e43
30f025e2a0b486f8a161eca4b4ca1df721cb1e0a6eab97ecd7e78afd0894fa6a
3c0145066c3e5b65134f6a157e26b1d6f49b2690f7aa684c70015e605a4f67f0
3c0f15094521a8677c186664573964cf9e0ab6d45c0540ee005a816465b1de51
3db1507069c0251f8a38ebac572798ecfc01856cb5febcb3f1b2fc9593b5bb1f
41a78aadb442254b6f68805375a3c7de630cd784aa739e51390da7b7ffa7fb83
49600d1fcbe50d40816e1588eacbf4b013b2951b55c9dfbf47735f1c868d72c0
4ea543e3a45ed569a9f4f4bfa7c396a0e49c360f8ed304045f7799c73d5d915a
529f5f92656efa3c8bd13c4a463b3f2550e1b4e7096426900da8de0d4fc43e44
57fc3ccdbf6ef5d5a9cc2ee339151726167b67d2678203a7174c3e3b79e9ff28
5826e055857331d129b88765c9e5a77322f4e36a336c812c502c8b87c51e503a
594a43692deac6a19744b687a29e23dc2d5f425ad17e1e0abbb556c037bdbfb5
5958a682ac3dc146b53e4bcb80f8c250ecc9ecc573e292b465de2b8daf2c8a96
5963424f5de77627224de02039d01e6693b8e267fc04f914e82c52b492e7c794
642511ccfe08d4dbcc2d7056278642d5ed9f9fb93dabeee442e28abf969691bb
69313a6cf63eafab288b2e1d23767243887568b5f10a55e128426f62938f8405
6f4d3a71ac731c8fbd21dda98b6a7a585569d9c8eaac4a1476a9f91b3f899582
72813522a065e106ac10aa96e835c47aa9f34e981db20fa46a8f36c4543bb85d
72b4b2922c575e9a801ece637bfde4154368baf17055881876ae174a5d920ae7
732eaa1e4d585156f4df6eecbbe73f6555ef0e23eca126e86686d5bc02f4be09
77c0a32673e08c2ae14b2846f678b7763785f5253b39eb45888f4a3b75297a09
7c96aeef8194d246210e843f3b9c3c6482a9a8ce5f706463fe5efdd06c81ef8d
829ec000ca31cafdf9ca32222077126d9a82dd857a4353bf2eea269cbe1edbdf
831ab9985f48fa2ad45da96b2dfba5eff98f4b18ba10c0ce12c8b3ffa687cd01
83f61982f8afe07127590669f261f08737f3cdc89b7abf8a543f3d95c2562f2f
869de7797af7c2a59e0597eaf752706acbbffde05f8c3f49c89e4a323999f460
9758f5352b7db9e60b6a935e65ad131d5de29e236133456846544dce0949fc5b
a69ee818693bfa3e1cc3999b243cf61948d238e5e7791b1d43952d961f150cd6
ac1dd32c41f6002bdf2eb564653ff23e069594ce55f9e22093355084ee28a6fd
ada01d4123accf798ba38ee21dd2dd5a813255f9a5143acb714d390ae03e967c
b070c9601e7ab97793ed65b5fc43694fb8cb1ca531240dffd0090e6cda259bde
b378914aca1901f23b5b213baae490c92a4eed43f78c7bdd25cebae92393af96
b9fd7622c3fcfdd6eb9b2cb917a3cb64eb35c61221de4866303ca88d828d5bed
bfcc9508bd3176186f186c639c797e317733eac4350e80a56cf9f417008ddae1
cb2ed19eef732c1c5f493ca7c8fc1ede57cf3bfd3e8887c522865ce0eabe449a
d5391582f00ac861712b5a810e26bb0355688c12fec74f956df28778a601b883
d83494cfb155056118365455f5396401e97bd50a156242f2b5025a44c67095b1
ed11dc8f2282bd070f44afcb725202f42a77d807c69219f18a6b3460a3c8e68f
f19f501beaf1cf4d8a2d0f0495d20749ec2086f1b52205779060028ffe6a81f9

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

LARVA-47

LARVA-47 Indicators of Compromise (IOC)

Exploit Server

Proxy IPs

White Listed IPs

Hashes

Files

README.md

Latest commit

History

README.md

File metadata and controls

LARVA-47

LARVA-47 Indicators of Compromise (IOC)

Exploit Server

Proxy IPs

White Listed IPs

Hashes