Mirrors
/
Gi7w0rm-MalwareConfigLists
mirror of https://github.com/Gi7w0rm/MalwareConfigLists
10
0
Fork 0
Code Issues Releases Wiki Activity

Update smoke_out_01_05_2023_DE.txt

This commit is contained in:
Gi7w0rm 2023-05-11 21:12:08 +02:00 committed by GitHub
parent 7f9bf69902
commit 03d5f9a42b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 38 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
SmokeLoader/smoke_out_01_05_2023_DE.txt
View File

@ -1,32 +1,63 @@
https://cdn.discordapp.com/attachments/1069223617117814787/1069223713129635970/asdasdb.exe
http://respekt5569.com/downloads/toolspub1.exe
http://file-file-file1.com/stats.php?id=2070&key=87fcacd7bf7286244bbe3e4cda5a36fd
http://colisumy.com/dl/buildz.exe
http://potunulit.org/
http://45.9.74.80/power.exe
http://host-file-host6.com/
https://nftsmean.com/pro2.exe
https://bitbucket.org/jwgo-software/software_good/downloads/SvCpJuhbT.exe
https://bitbucket.org/jwgo-software/software_good/downloads/SvCpJuhbT.exe -> RedLine -> C2: 185.106.93.153:23523
https://cdn.discordapp.com/attachments/1079458314498363533/1102595020047007815/Install.exe
https://transfer.sh/get/bFxytP/rename%20this.exe
https://transfer.sh/get/bFxytP/rename%20this.exe -> QuasarRat -> (Botnet: Build02) -> C2: 185.195.237.203:19068 + https://transfer.sh/get/3VzhHC/Jmxkxue.dat
http://yic0oosaeiy7ahng.com/
https://github.com/Prynt-Software/DotNetDLL/raw/main/%40Ysbigbossy3.exe
-> Downloads a .Net dll from:
http://5.75.134.144/dashboard/Gdacjjk.dll -> Something reaches out to Telegram: https://api.telegram.org/bot5726741061:AAElVs4Kh5cFjADvNi4pSC5O6l_EdthxhCY/sendMessage?chat_id=5701072641&text=%0D%0A%F0%9F%94%8A%20*NEW%20EXECUTION*%0D%0A1%EF%B8%8F%E2%83%A3%20User%20=%20Admin%0D%0A2%EF%B8%8F%E2%83%A3%20Date%20UTC%20=%205/2/2023%2012:26:37%20PM%0D%0A3%EF%B8%8F%E2%83%A3%20File%20=%20@Ysbigbossy3.exe%0D%0A -> C2: 5.75.134.144:7985 (Not RedLine)
https://transfer.sh/%28/94SYzQ/IMG_5435.exe%29.zip
http://aek0aicifaloh1yo.com/
http://kingpirate.ru/tmp/
https://cdn.discordapp.com/attachments/848958130402361345/1099311683115167754/WhiteCrypt_2.exe
https://transfer.sh/get/BqbS9m/hlthot.exe
https://github.com/Prynt-Software/DotNetDLL/raw/main/Bhyzvt.exe
https://transfer.sh/get/BqbS9m/hlthot.exe -> Vidar (DeadDrops: https://steamcommunity.com/profiles/76561199499188534 + https://t.me/nutalse ) -> C2: http://168.119.169.139:131 + http://65.109.225.236 ->
http://keep-ass.online/HitHot.exe -> Down
https://github.com/Prynt-Software/DotNetDLL/raw/main/Bhyzvt.exe -> C2:
5.75.134.144:80 (likely down at point of scan because now a webserver (see result above))
http://hoh0aeghwugh2gie.com/
https://transfer.sh/get/dQEV74/Medusa%20%284%29.exe
https://transfer.sh/get/DO72v5/zxz668_crypted.exe
https://transfer.sh/get/DO72v5/zxz668_crypted.exe -> Nope
http://193.233.232.253/s.exe
http://wa5zu7sekai8xeih.com/
https://cdn.discordapp.com/attachments/1082332577060356128/1087147141560012851/635965506.exe?raw
https://transfer.sh/C0XDc5/Launcher.exe
https://transfer.sh/C0XDc5/Launcher.exe -> DCRat -> C2: 544560.clmonth.nyashteam.top/nyashsupport.php
http://hie7doodohpae4na.com/
https://leaderspro.ps/tmp/index.php
https://cdn.discordapp.com/attachments/920726397322928168/1079835676448669768/qwfqwf.exe
https://cdn.discordapp.com/attachments/1091449028107051142/1094520407274569738/bildak.exe
https://github.com/Abraham3210/bitcoin/releases/download/New/2-1_2023-04-14_08-31.exe
https://transfer.sh/get/2vYlhu/steamconnect.exe
https://transfer.sh/get/2vYlhu/steamconnect.exe -> Nope