Upload files to "/"
This commit is contained in:
236
ioc.md
Normal file
236
ioc.md
Normal file
@ -0,0 +1,236 @@
|
||||
## MD5
|
||||
```
|
||||
f8df6cf748cc3cf7c05ab18e798b3e91,md5, info Stealer Implants,,,
|
||||
ef8c77dc451f6c783d2c4ddb726de111,md5, info Stealer Implants,,,
|
||||
de26f488328ea0436199c5f728ecd82a,md5, info Stealer Implants,,,
|
||||
d4b75a8318befdb1474328a92f0fc79d,md5, info Stealer Implants,,,
|
||||
ba40c097e9d06130f366b86deb4a8124,md5, info Stealer Implants,,,
|
||||
b0844bb9a6b026569f9baf26a40c36f3,md5, info Stealer Implants,,,
|
||||
89052678dc147a01f3db76febf8441e4,md5, info Stealer Implants,,,
|
||||
842f8064a81eb5fc8828580a08d9b044,md5, info Stealer Implants,,,
|
||||
7c527c6607cc1bfa55ac0203bf395939,md5, info Stealer Implants,,,
|
||||
75fd9018433f5cbd2a4422d1f09b224e,md5, info Stealer Implants,,,
|
||||
729c24cc6a49fb635601eb88824aa276,md5, info Stealer Implants,,,
|
||||
69f6dcdb3d87392f300e9052de99d7ce,md5, info Stealer Implants,,,
|
||||
5e17d1a077f86f7ae4895a312176eba6,md5, info Stealer Implants,,,
|
||||
373ebf513d0838e1b8c3ce2028c3e673,md5, info Stealer Implants,,,
|
||||
351260c2873645e314a889170c7a7750,md5, info Stealer Implants,,,
|
||||
23ce22596f1c7d6db171753c1d2612fe,md5, info Stealer Implants,,,
|
||||
0c03efd969f6d9e6517c300f8fd92921,md5, info Stealer Implants,,,
|
||||
277acb857f1587221fc752f19be27187,md5, info Stealer Implants,,,
|
||||
faa47ecbcc846bf182e4ecf3f190a9f4,md5, info Stealer Payload,,,
|
||||
d8c6199b414bdf298b6a774e60515ba5,md5, info Stealer Payload,,,
|
||||
9d3337f0e95ece531909e4c8d9f1cc55,md5, info Stealer Payload,,,
|
||||
6bd84dfb987f9c40098d12e3959994bc,md5, info Stealer Payload,,,
|
||||
6396908315d9147de3dff98ab1ee4cbe,md5, info Stealer Payload,,,
|
||||
1e210fcc47eda459998c9a74c30f394e,md5, info Stealer Payload,,,
|
||||
fe0438938eef75e090a38d8b17687357,md5, info Stealer Payload,,,
|
||||
e0f8d7ec2be638fbf3ddf8077e775b2d,md5, info Stealer Bait File,,,
|
||||
cdd4cfac3ffe891eac5fb913076c4c40,md5, info Stealer Bait File,,,
|
||||
b57b13e9883bbee7712e52616883d437,md5, info Stealer Bait File,,,
|
||||
a3f4e422aecd0547692d172000e4b9b9,md5, info Stealer Bait File,,,
|
||||
9871272af8b06b484f0529c10350a910,md5, info Stealer Bait File,,,
|
||||
97b19d9709ed3b849d7628e2c31cdfc4,md5, info Stealer Bait File,,,
|
||||
8e960334c786280e962db6475e0473ab,md5, info Stealer Bait File,,,
|
||||
76e7cbab1955faa81ba0dda824ebb31d,md5, info Stealer Bait File,,,
|
||||
7140dbd0ca6ef09c74188a41389b0799,md5, info Stealer Bait File,,,
|
||||
5c3394e37c3d1208e499abe56e4ec7eb,md5, info Stealer Bait File,,,
|
||||
47765d12f259325af8acda48b1cbad48,md5, info Stealer Bait File,,,
|
||||
3e6cf927c0115f76ccf507d2f5913e02,md5, info Stealer Bait File,,,
|
||||
32da6c4a44973a5847c4a969950fa4c4,md5, info Stealer Bait File,,,
|
||||
fea50d3bb695f6ccc5ca13834cdfe298,md5, Lumma Stealer,,,
|
||||
83ae58dd03f33d1fae6771e859200be6,md5, Lumma Stealer,,,
|
||||
7b1f43deed8fc7e35f8394548e12dd81,md5, Lumma Stealer,,,
|
||||
c39f64a31e9f15338f83411bb9fc0942,md5, Lumma Stealer,,,
|
||||
b832096cf669ff4d66e04b252cb1a1dc,md5, Lumma Stealer,,,
|
||||
d6ea5dcdb2f88a65399f87809f43f83c,md5, erefgojgbu - CRYPTBOT,,,
|
||||
307f40ebc6d8a207455c96d34759f1f3,md5, L2.zip - CRYPTBOT,,,
|
||||
d8e21ac76b228ec144217d1e85df2693,md5, Sеtup.exe - CRYPTBOT,,,
|
||||
43939986a671821203bf9b6ba52a51b4,md5, oqnhustu - LUMMAC.V2,,,
|
||||
58c4ba9385139785e9700898cb097538,md5, WebView2Loader.dll - LUMMAC.V2,,,
|
||||
95361f5f264e58d6ca4538e7b436ab67,md5, Downloader - PEAKLIGHT,,,
|
||||
b716a1d24c05c6adee11ca7388b728d3,md5, Downloader - PEAKLIGHT,,,
|
||||
b15bac961f62448c872e1dc6d3931016,md5, Aaaa.exe - SHADOWLADDER,,,
|
||||
e7c43dc3ec4360374043b872f934ec9e,md5, bentonite.cfg - SHADOWLADDER,,,
|
||||
f98e0d9599d40ed032ff16de242987ca,md5, cymophane.doc - SHADOWLADDER,,,
|
||||
b6b8164feca728db02e6b636162a2960,md5, K1.zip - SHADOWLADDER,,,
|
||||
bb9641e3035ae8c0ab6117ecc82b65a1,md5, K1.zip - SHADOWLADDER,,,
|
||||
236c709bbcb92aa30b7e67705ef7f55a,md5, K2.zip - SHADOWLADDER,,,
|
||||
d7aff07e7cd20a5419f2411f6330f530,md5, K2.zip - SHADOWLADDER,,,
|
||||
a6c4d2072961e9a8c98712c46be588f8,md5, L1.zip - SHADOWLADDER,,,
|
||||
059d94e8944eca4056e92d60f7044f14,md5, LiteSkinUtils.dll - SHADOWLADDER,,,
|
||||
dfdc331e575dae6660d6ed3c03d214bd,md5, toughie.txt - SHADOWLADDER,,,
|
||||
47eee41b822d953c47434377006e01fe,md5, WCLDll.dll - SHADOWLADDER,,,
|
||||
```
|
||||
|
||||
## Sha256
|
||||
```
|
||||
b6a016ef240d94f86e20339c0093a8fa377767094276730acd96d878e0e1d624, sha256, Malware, PS, medium
|
||||
cc29f33c1450e19b9632ec768ad4c8c6adbf35adaa3e1de5e19b2213d5cc9a54, sha256, Malware, PS, medium
|
||||
632816db4e3642c8f0950250180dfffe3d37dca7219492f9557faf0ed78ced7c, sha256, Malware, ZIP, medium
|
||||
19d04a09e2b691f4fb3c2111d308dcfa2651328dfddef701d86c726dce4a334a, sha256, Malware, ZIP, medium
|
||||
d737637ee5f121d11a6f3295bf0d51b06218812b5ec04fe9ea484921e905a207, sha256, Malware, EXE, medium
|
||||
bbf7154f14d736f0c8491fb9fb44d2f179cdb02d34ab54c04466fa0702ea7d55, sha256, Malware, EXE, medium
|
||||
fa58022d69ca123cbc1bef13467d6853b2d55b12563afdbb81fc64b0d8a1d511, sha256, Malware, HTA, medium
|
||||
ed062c189419bca7d8c816bcdb1a150c7ca7dd1ad6e30e1f46fae0c10ab062ef, sha256, AntiSpam.exe, nan, medium
|
||||
d512bf205fb9d1c429a7f11f3b720c74680ea88b62dda83372be8f0de1073a08, sha256, AntiSpam.exe, nan, medium
|
||||
dc5c9310a2e6297caa4304002cdfb6fbf7d6384ddbd58574f77a411f936fab0b, sha256, AntiSpam.exe, nan, medium
|
||||
24b6ddd3028c28d0a13da0354333d19cbc8fd12d4351f083c8cb3a93ec3ae793, sha256, , nan, medium
|
||||
9c1e0c8c5b9b9fe9d0aa533fb7d9d1b57db98fd70c4f66a26a3ed9e06ac132a7, sha256, , nan, medium
|
||||
ac22ab152ed2e4e7b4cd1fc3025b58cbcd8d3d3ae3dbc447223dd4eabb17c45c, sha256, update6.exe Used, nan, medium
|
||||
ab1f101f6cd7c0cffc65df720b92bc8272f82a1e13f207dff21caaff7675029f, sha256, update7.exe, nan, medium
|
||||
9ED2B4D88B263F5078003EF35654ED5C205AC2F2C0E9225D4CDB4C24A5EA9AF2, sha256, update8.exe, nan, medium
|
||||
ab3daec39332ddeeba64a2f1916e6336a36ffcc751554954511121bd699b0caa, sha256, atiumdag.dll, nan, medium
|
||||
7d96ec8b72015515c4e0b5a1ae6c799801cf7b86861ade0298a372c7ced5fd93, sha256, Log.dll., nan, medium
|
||||
9dc809b2e5fbf38fa01530609ca7b608e2e61bd713145f84cf22c68809aec372, sha256, proxy, nan, medium
|
||||
fb4fa180a0eee68c06c85e1e755f423a64aa92a3ec6cf76912606ac253973506, sha256, , PS, medium
|
||||
fcf59559731574c845e42cd414359067e73fca108878af3ace99df779d48cbc3, sha256, , nan, medium
|
||||
949faad2c2401eb854b9c32a6bb6e514ad075e5cbe96154c172f5f6628af43ed, sha256, , nan, medium
|
||||
b92cf617a952f0dd2c011d30d8532d895c0cfbfd9556f7595f5b220e99d14d64, sha256, update2.dll , nan, medium
|
||||
cff5c6694d8925a12ce13a85e969bd468e28313af2fb46797bdcf77092012732, sha256, APEXScan.exe , nan, medium
|
||||
cb03b206d63be966ddffa7a2115ea99f9fec50d351dce03dff1240bb073b5b50, sha256, unnamed , nan, medium
|
||||
ccaa8c8b39cb4a4de4944200936bcd4796367c16421a89e6a7d5476ae2da78cd, sha256, update1.exe , nan, medium
|
||||
1ade6a15ebcbe8cb9bda1e232d7e4111b808fd4128e0d5db15bfafafc3ec7b8e, sha256, update4.exe , nan, medium
|
||||
ce1f44a677d9b7d1d62373175f5583d9e8c04e16ebd94656e21aa296e00e93d7, sha256, lu2.exe , nan, medium
|
||||
```
|
||||
|
||||
|
||||
## IPs
|
||||
```
|
||||
77.73.134.68,ip_address, Lumma Stealer
|
||||
144.76.173.247,ip_address, Lumma Stealer
|
||||
157.90.248.179,ip_address, Lumma Stealer
|
||||
213.252.244.62,ip_address, Lumma Stealer
|
||||
45.155.249.97,ip_address, Cobalt Strike C2 IP address
|
||||
77.238.224.56,ip_address, C2 address
|
||||
77.238.229.63,ip_address, C2 address
|
||||
77.238.250.123,ip_address, C2 address
|
||||
77.238.245.233,ip_address,C2 address
|
||||
91.142.74.28,ip_address,C2 address
|
||||
191.142.74.28,ip_address,C2 address
|
||||
195.2.70.38,ip_address,C2 address
|
||||
37.221.126.202,ip_address,C2 address used by the threat actor to connect via Anydesk
|
||||
91.196.70.160,ip_address, Socks proxy server
|
||||
217.15.175.191,ip_address, SystemBC C2 IP address
|
||||
```
|
||||
|
||||
|
||||
## Domains
|
||||
```
|
||||
testdomain123123.shop, domain, maliciousmd5, infoStealers
|
||||
savefrom.net, domain,streamingmd5, infoStealers
|
||||
unblocked.watch, domain,streamingmd5, infoStealers
|
||||
mp3fromlink.com, domain,streamingmd5, infoStealers
|
||||
hisotv.com, domain,streamingmd5, infoStealers
|
||||
www.portalmovies.com.ar, domain,streamingmd5, infoStealers
|
||||
sfrom.net, domain,streamingmd5, infoStealers
|
||||
tagalogdubbed.com, domain,streamingmd5, infoStealers
|
||||
www.youtubepp.com, domain,streamingmd5, infoStealers
|
||||
ssyoutube.com, domain,streamingmd5, infoStealers
|
||||
www.y2mate.com, domain,streamingmd5, infoStealers
|
||||
Multicanais.love, domain,streamingmd5, infoStealers
|
||||
averageorganicfallfaw.shop, domain, Command Servers -md5, infoStealers
|
||||
distincttangyflippan.shop, domain, Command Servers -md5, infoStealers
|
||||
macabrecondfucews.shop, domain, Command Servers -md5, infoStealers
|
||||
greentastellesqwm.shop, domain, Command Servers -md5, infoStealers
|
||||
stickyyummyskiwffe.shop, domain, Command Servers -md5, infoStealers
|
||||
sturdyregularrmsnhw.shop, domain, Command Servers -md5, infoStealers
|
||||
lamentablegapingkwaq.shop, domain, Command Servers -md5, infoStealers
|
||||
Innerverdanytiresw.shop, domain, Command Servers -md5, infoStealers
|
||||
standingcomperewhitwo.shop, domain, Command Servers -md5, infoStealers
|
||||
uniedpureevenywjk.shop, domain, samples -md5, infoStealers
|
||||
spotlessimminentys.shop, domain, samples -md5, infoStealers
|
||||
specialadventurousw.shop, domain, samples -md5, infoStealers
|
||||
stronggemateraislw.shop, domain, samples -md5, infoStealers
|
||||
willingyhollowsk.shop, domain, samples -md5, infoStealers
|
||||
handsomelydicrwop.shop, domain, samples -md5, infoStealers
|
||||
softcallousdmykw.shop, domain, samples -md5, infoStealers
|
||||
celebratioopz.shop, domain, Lumma Stealer, infoStealers
|
||||
writerospzm.shop, domain, Lumma Stealer, infoStealers
|
||||
deallerospfosu.shop, domain, Lumma Stealer, infoStealers
|
||||
bassizcellskz.shop, domain, Lumma Stealer, infoStealers
|
||||
mennyudosirso.shop, domain, Lumma Stealer, infoStealers
|
||||
languagedscie.shop, domain, Lumma Stealer, infoStealers
|
||||
complaintsipzzx.shop, domain, Lumma Stealer, infoStealers
|
||||
quialitsuzoxm.shop, domain, Lumma Stealer, infoStealers
|
||||
relaxtionflouwerwi.shop, domain, LUMMAC.V2 C2s, infoStealers
|
||||
deprivedrinkyfaiir.shop, domain, LUMMAC.V2 C2s, infoStealers
|
||||
detailbaconroollyws.shop, domain, LUMMAC.V2 C2s, infoStealers
|
||||
messtimetabledkolvk.shop, domain, LUMMAC.V2 C2s, infoStealers
|
||||
considerrycurrentyws.shop, domain, LUMMAC.V2 C2s, infoStealers
|
||||
understanndtytonyguw.shop, domain, LUMMAC.V2 C2s, infoStealers
|
||||
patternapplauderw.shop, domain, LUMMAC.V2 C2s, infoStealers
|
||||
horsedwollfedrwos.shop, domain, LUMMAC.V2 C2s, infoStealers
|
||||
tropicalironexpressiw.shop, domain, LUMMAC.V2 C2s, infoStealers
|
||||
falseaudiencekd.shop, domain,Lumma C2 domain, infoStealers
|
||||
feighminoritsjda.shop, domain,Lumma C2 domain, infoStealers
|
||||
justifycanddidatewd.shop, domain,Lumma C2 domain, infoStealers
|
||||
marathonbeedksow.shop, domain,Lumma C2 domain, infoStealers
|
||||
pleasurenarrowsdla.shop, domain,Lumma C2 domain, infoStealers
|
||||
raiseboltskdlwpow.shop, domain,Lumma C2 domain, infoStealers
|
||||
richardflorespoew.shop, domain,Lumma C2 domain, infoStealers
|
||||
strwawrunnygjwu.shop, domain,Lumma C2 domain, infoStealers
|
||||
https://ch3.dlvideosfre.click/human-verify-system.html, domain, Lumma Stealer, infoStealers
|
||||
https://verif.dlvideosfre.click/2ndhsoru, domain, Lumma Stealer, infoStealers
|
||||
https://verif.dlvideosfre.click/K1.zip, domain, Lumma Stealer, infoStealers
|
||||
https://verif.dlvideosfre.click/K2.zip, domain, Lumma Stealer, infoStealers
|
||||
https://verif.dlvideosfre.click, domain, Lumma Stealer, infoStealers
|
||||
Ofsetvideofre.click/, domain, Fake Captcha Websites, infoStealers
|
||||
Newvideozones.click/veri.html, domain, Fake Captcha Websites, infoStealers
|
||||
Clickthistogo.com/go/67fe87ca-a2d4-48ae-9352-c5453156df67?var_3=F60A0050-6F56-11EF-AA98-FFC33B7D3D59, domain, Fake Captcha Websites, infoStealers
|
||||
Downloadstep.com/go/08a742f2-0a36-4a00-a979-885700e3028c, domain, Fake Captcha Websites, infoStealers
|
||||
Betterdirectit.com/, domain, Fake Captcha Websites, infoStealers
|
||||
Betterdirectit.com/go/67fe87ca-a2d4-48ae-9352-c5453156df67, domain, Fake Captcha Websites, infoStealers
|
||||
heroic-genie-2b372e.netlify.app/please-verify-z.html, domain, Fake Captcha Websites, infoStealers
|
||||
Downloadstep.com/go/79553157-f8b8-440b-ae81-0d81d8fa17c4, domain, Fake Captcha Websites, infoStealers
|
||||
Downloadsbeta.com/go/08a742f2-0a36-4a00-a979-885700e3028c, domain, Fake Captcha Websites, infoStealers
|
||||
Streamingsplays.com/go/6754805d-41c5-46b7-929f-6655b02fce2c, domain, Fake Captcha Websites, infoStealers
|
||||
Streamingsplays.com/go/b11f973d-01d4-4a5b-8af3-139daaa5443f, domain, Fake Captcha Websites, infoStealers
|
||||
Streamingszone.com/go/b3ddd860-89c0-448c-937d-acf02f7a766f?c=AOsl62afSQUAEX4CAEJPFwASAAAAAABQ, domain, Fake Captcha Websites, infoStealers
|
||||
Streamingsplays.com/go/1c406539-b787-4493-a61b-f4ea31ffbd56, domain, Fake Captcha Websites, infoStealers
|
||||
github-scanner.shop/, domain, Fake Captcha Websites, infoStealers
|
||||
github-scanner.com/, domain, Fake Captcha Websites, infoStealers
|
||||
botcheck.b-cdn.net/captcha-verify-v7.html, domain, Fake Captcha Websites, infoStealers
|
||||
Rungamepc.ru/?load=Black-Myth-Wukong-crack, domain, Redirectingmd5, infoStealers
|
||||
game02-com.ru/?load=Cities-Skylines-2-Crack-Setup, domain, Redirectingmd5, infoStealers
|
||||
Rungamepc.ru/?load=Dragons-Dogma-2-Crack, domain, Redirectingmd5, infoStealers
|
||||
Rungamepc.ru/?load=Dying-Light-2-Crack, domain, Redirectingmd5, infoStealers
|
||||
Rungamepc.ru/?load=Monster-Hunter-Rise-Crack, domain, Redirectingmd5, infoStealers
|
||||
Runkit.com/wukong/black-myth-wukong-crack-pc, domain, Websites Containing Malicious URLsmd5, infoStealers
|
||||
Runkit.com/skylinespc/cities-skylines-ii-crack-pc-full-setup, domain, Websites Containing Malicious URLsmd5, infoStealers
|
||||
Runkit.com/masterposte/dying-light-2-crack-on-pc-denuvo-fix, domain, Websites Containing Malicious URLsmd5, infoStealers
|
||||
Runkit.com/dz4583276/monster-hunter-rise-crack-codex-pc/1.0.0/clone, domain, Websites Containing Malicious URLsmd5, infoStealers
|
||||
Groups.google.com/g/hogwarts-legacy-crack-empress, domain, Websites Containing Malicious URLsmd5, infoStealers
|
||||
By.tribuna.com/extreme/blogs/3143511-black-myth-wukong-full-unlock/, domain, Websites Containing Malicious URLsmd5, infoStealers
|
||||
https://human-check.b-cdn.net/verify-captcha-v7.html, domain, Lumma Stealer CAPTCHA, infoStealers
|
||||
https://poko.b-cdn.net/poko, domain,Lumma Stealer Mshta, infoStealers
|
||||
https://fatodex.b-cdn.net/fatodex, domain, PEAKLIGHT NBIsmd5, infoStealers
|
||||
https://matodown.b-cdn.net/matodown, domain, PEAKLIGHT NBIsmd5, infoStealers
|
||||
https://potexo.b-cdn.net/potexo, domain, PEAKLIGHT NBIsmd5, infoStealers
|
||||
hxxp://gceight8vt.top/upload.php, domain,CRYPTBOT C2s, infoStealers
|
||||
https://brewdogebar.com/code.vue, domain,CRYPTBOT C2s, infoStealers
|
||||
hxxp://62.133.61.56/Downloads/Full%20Video%20HD%20(1080p).lnk, domain,SHADOWLADDER, infoStealers
|
||||
https://fatodex.b-cdn.net/K1.zip, domain,SHADOWLADDER, infoStealers
|
||||
https://fatodex.b-cdn.net/K2.zip, domain,SHADOWLADDER, infoStealers
|
||||
https://forikabrof.click/flkhfaiouwrqkhfasdrhfsa.png, domain,SHADOWLADDER, infoStealers
|
||||
https://matodown.b-cdn.net/K1.zip, domain,SHADOWLADDER, infoStealers
|
||||
https://matodown.b-cdn.net/K2.zip, domain,SHADOWLADDER, infoStealers
|
||||
https://nextomax.b-cdn.net/L1.zip, domain,SHADOWLADDER, infoStealers
|
||||
https://nextomax.b-cdn.net/L2.zip, domain,SHADOWLADDER, infoStealers
|
||||
https://potexo.b-cdn.net/K1.zip, domain,SHADOWLADDER, infoStealers
|
||||
https://potexo.b-cdn.net/K2.zip, domain,SHADOWLADDER, infoStealers
|
||||
spamicrosoft.com, domain,Used to make external Microsoft Teams calls after email bombing users., infoStealers
|
||||
halagifts.com, domain,SystemBC C2 domain, infoStealers
|
||||
preservedmoment.com, domain,Cobalt Strike domain, infoStealers
|
||||
```
|
||||
|
||||
[1][2][3][4][5][6]
|
||||
|
||||
|
||||
|
||||
[1]: https://securelist.com/angry-likho-apt-attacks-with-lumma-stealer/115663/
|
||||
[2]: https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/
|
||||
[3]: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/behind-the-captcha-a-clever-gateway-of-malware/
|
||||
[4]: https://denwp.com/dissecting-lumma-malware/
|
||||
[5]: https://cloud.google.com/blog/topics/threat-intelligence/peaklight-decoding-stealthy-memory-only-malware/
|
||||
[6]: https://www.rapid7.com/blog/post/2024/08/12/ongoing-social-engineering-campaign-refreshes-payloads/
|
||||
Reference in New Issue
Block a user