Add files via upload

This commit is contained in:
Gi7w0rm 2023-04-27 22:10:45 +02:00 committed by GitHub
parent 50136790c2
commit 6bef49646b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 321 additions and 0 deletions

View File

@ -0,0 +1,59 @@
###################################################################################################
SmokeLoader C2 URLs:
http://host-file-host6.com/
http://aek0aicifaloh1yo.com/
http://wa5zu7sekai8xeih.com/
http://yic0oosaeiy7ahng.com/
http://kingpirate.ru/tmp/
http://hoh0aeghwugh2gie.com/
http://hie7doodohpae4na.com/
http://potunulit.org/
http://firsttrusteedrx.ru/tmp/
###################################################################################################
SmokeLoader additional distribution:
https://leaderspro.ps/tmp/index.php
http://respekt5569.com/downloads/toolspub1.exe
http://hugersi.com/dl/6523.exe
http://79.137.194.41/s.exe
###################################################################################################
Payloads:
https://anonfiles.com/c5f1A1m6z8/Server_exe -> Silly actor with bad payload
https://anonfiles.com/29l4A4mdz3/Server_exe- > Silly actor with broken payload
https://transfer.sh/get/Hue3ho/op.exe -> DCRat -> C2: http://089240.clmonth.nyashteam.top/nyashsupport.php
https://transfer.sh/get/5DgY9D/setup_1682003561.594086.exe -> RedLine: C2: dragrun.top:28786 (Botnet: 5631065866_99) 95.217.245.250:28786
http://atomic.opdailyallowance.top/ufo.exe -> Crashing in Sandbox: https://tria.ge/230421-s55nsaad6y/behavioral2
https://github.com/ThunderMods/dassd/raw/main/4k4wuzs.exe -> DCRat -> C2: http://77.73.131.120//3LineVm/DleServerMariadb/Windows/Lowflowerpipe/Temp4/Touniversal/Multiline/CentrallocalsqlDownloads/Multitest/async5Uploads5/ProcessorJavascript0dump/18ImageTrack/dumpLinuxWpCentral/UniversalDefault/PollauthUpdate2/WindowsDump8/dumpphppacketGame/downloadsProcessorpoll/SqlUploadsDump/externalVmPhpdatalifelocal.php (https://tria.ge/230421-s5x9psad6v/behavioral2)
https://cdn.discordapp.com/attachments/1076564301877354569/1098620905766268933/opo.exe -> 5/10 -> https://tria.ge/230421-tknefaaf4v/behavioral2
###################################################################################################
Old Payloads:
https://www.jani.hu/upload/files/cheese_sDu.bat -> Analyzed already
https://github.com/Abraham3210/bitcoin/releases/download/New/2-1_2023-04-14_08-31.exe -> Analyzed already
https://store1.gofile.io/download/02e69779-8bda-4464-9669-05fb0e8f9ae7/74.0.3729.108_chrome_installer.exe -> Analyzed already
https://nftsmean.com/pro2.exe -> Analyzed already
http://45.9.74.80/power.exe -> Analyzed already
http://45.138.74.247/shared/Ruzvelt.exe -> Analyzed already
###################################################################################################
Payloads (down/not executed)
https://cdn.discordapp.com/attachments/1082332577060356128/1087147141560012851/635965506.exe?raw -> Down
https://cdn.discordapp.com/attachments/1076564301877354569/1098620905766268933/opo.exe
https://cdn.discordapp.com/attachments/920726397322928168/1079835676448669768/qwfqwf.exe
https://cdn.discordapp.com/attachments/1082332577060356128/1087147141560012851/635965506.exe?raw
https://cdn.discordapp.com/attachments/1069223617117814787/1069223713129635970/asdasdb.exe
https://cdn.discordapp.com/attachments/1091449028107051142/1094520407274569738/bildak.exe

View File

@ -0,0 +1,28 @@
https://leaderspro.ps/tmp/index.php
http://firsttrusteedrx.ru/tmp/
http://host-file-host6.com/
http://colisumy.com/dl/buildz.exe
https://cdn.discordapp.com/attachments/1091449028107051142/1094520407274569738/bildak.exe
http://aapu.at/tmp/
http://179.43.155.247/cc.exe
https://cdn.discordapp.com/attachments/920726397322928168/1079835676448669768/qwfqwf.exe
http://respekt5569.com/downloads/toolspub1.exe
https://store1.gofile.io/download/02e69779-8bda-4464-9669-05fb0e8f9ae7/74.0.3729.108_chrome_installer.exe
https://github.com/Abraham3210/bitcoin/releases/download/New/2-1_2023-04-14_08-31.exe
https://nftsmean.com/Amadey.exe
http://212.113.119.255/file/lega.exe
http://potunulit.org/
http://kingpirate.ru/tmp/
https://cdn.discordapp.com/attachments/1069223617117814787/1069223713129635970/asdasdb.exe
http://45.138.74.247/shared/Ruzvelt.exe
http://hugersi.com/dl/6523.exe
https://nftsmean.com/pro2.exe
http://45.9.74.80/power.exe
https://cdn.discordapp.com/attachments/1082332577060356128/1087147141560012851/635965506.exe?raw
https://x0.at/YTMh.exe
https://nhtygd.site/Fugies.exe -> RedLine (Botnet: testbuild) -> C2: 195.201.110.74:46850

View File

@ -0,0 +1,47 @@
###################################################################################################
SmokeLoader C2 URLs:
http://host-file-host6.com/
http://potunulit.org/
###################################################################################################
SmokeLoader additional distribution:
https://leaderspro.ps/tmp/index.php
http://firsttrusteedrx.ru/tmp/
http://kingpirate.ru/tmp/
http://hugersi.com/dl/6523.exe
http://respekt5569.com/downloads/toolspub1.exe
###################################################################################################
Payloads:
http://212.113.119.255/file/lega.exe -> Amadey -> C2: http://212.113.119.255/joomla/index.php -> https://bitbucket.org/dushanbepromo/kingsoft/downloads/build_2.exe + https://bbuseruploads.s3.amazonaws.com//fec0945a-edfb-46b3-b675-619ba5fd68dd/downloads/42b2638f-8cab-442d-b8fd-d45b466d087c/build_2.exe ->
http://s.ss2.us/r.crl SectopRat + RedLine -> C2: http://95.214.27.27:33806/
https://fortniteprouniversity.com/wp-content/uploads/Donald2.exe -> https://www.fortniteprouniversity.com/wp-content/uploads/Logs-1.exe -> Unknown Stealer
http://colisumy.com/dl/buildz.exe -> DJVU Ransomware C2: http://zexeq.com/raud/get.php + http://colisumy.com/dl/build2.exe + http://zexeq.com/files/1/build3.exe + Vidar Stealer -> DeadDrop: https://steamcommunity.com/profiles/76561199499188534 + https://t.me/nutalse -> C2: sportbike http://95.217.246.227| + sportbike http://116.203.2.149:11111|
https://cdn.discordapp.com/attachments/1099285398921945139/1099285673254604810/Lingoaa.exe -> RedLine -> C2: 37.220.87.13:48790
###################################################################################################
Old Payloads:
http://45.138.74.247/shared/Ruzvelt.exe
http://45.9.74.80/power.exe
https://github.com/Abraham3210/bitcoin/releases/download/New/2-1_2023-04-14_08-31.exe
###################################################################################################
Payloads (down/not executed)
https://nftsmean.com/run02_2.exe -> Down
https://cdn.discordapp.com/attachments/1069223617117814787/1069223713129635970/asdasdb.exe
https://cdn.discordapp.com/attachments/848958130402361345/1099237519037575208/WhiteCrypt.exe
https://cdn.discordapp.com/attachments/1091449028107051142/1094520407274569738/bildak.exe
https://cdn.discordapp.com/attachments/920726397322928168/1079835676448669768/qwfqwf.exe
https://cdn.discordapp.com/attachments/1082332577060356128/1087147141560012851/635965506.exe

View File

@ -0,0 +1,46 @@
###################################################################################################
SmokeLoader C2 URLs:
http://host-file-host6.com/
http://potunulit.org/
http://kingpirate.ru/tmp/
http://firsttrusteedrx.ru/tmp/
###################################################################################################
SmokeLoader additional distribution:
http://respekt5569.com/downloads/toolspub1.exe
http://hugersi.com/dl/6523.exe
https://leaderspro.ps/tmp/index.php
###################################################################################################
Payloads:
https://cdn.discordapp.com/attachments/848958130402361345/1099311683115167754/WhiteCrypt_2.exe -> Raccoon -> C2: http://193.109.120.2/
https://filebin.net/4cbm1s5qxxqosoit/MSPlay.exe -> AsyncRat -> C2: 84.54.50.51:8848
https://transfer.sh/get/s24Wr9/Cdtjmff.exe -> 87.121.221.84:44810 -> https://github.com/test93872/demo5/raw/main/plugin_4.dll -> XMRig
https://transfer.sh/wa1Mwt/312312312.exe -> RedLine -> 176.123.9.85:16482
###################################################################################################
Old Payloads:
###################################################################################################
Payloads (down/not executed)
https://github.com/Abraham3210/bitcoin/releases/download/New/2-1_2023-04-14_08-31.exe
http://45.9.74.80/power.exe
https://cdn.discordapp.com/attachments/1082332577060356128/1087147141560012851/635965506.exe?raw
https://cdn.discordapp.com/attachments/920726397322928168/1079835676448669768/qwfqwf.exe
http://193.233.134.115/shared/Ruzvelt.exe
http://193.233.134.117/shared/Ruzvelt.exe
https://cdn.discordapp.com/attachments/1091449028107051142/1094520407274569738/bildak.exe
https://store1.gofile.io/download/02e69779-8bda-4464-9669-05fb0e8f9ae7/74.0.3729.108_chrome_installer.exe
https://cdn.discordapp.com/attachments/1069223617117814787/1069223713129635970/asdasdb.exe
https://nftsmean.com/pro2.exe
http://colisumy.com/dl/buildz.exe
http://212.113.119.255/file/lega.exe

View File

@ -0,0 +1,74 @@
###################################################################################################
SmokeLoader C2 URLs:
http://host-file-host6.com/
http://potunulit.org/
###################################################################################################
SmokeLoader additional distribution:
http://respekt5569.com/downloads/toolspub1.exe
https://leaderspro.ps/tmp/index.php
http://firsttrusteedrx.ru/tmp/
http://kingpirate.ru/tmp/
http://hugersi.com/dl/6523.exe
###################################################################################################
Payloads:
https://transfer.sh/W1oUlM/31.exe -> RedLine -> C2: 176.123.9.85:16482
https://transfer.sh/get/42DMMk/11.exe -> RedLine (Botnet: richdazbot) -> C2: 45.77.166.103:37904
https://filebin.net/5ur6rsrmw90pwoze/build.exe -> RedLine (Botnet: deepweb) -> C2: 185.254.37.119:1334 + SectopRat (no c2 maybe FP)
https://transfer.sh/get/Ny0S0A/423243.exe -> https://transfer.sh/get/1EFuk8/Ypxvgfcj.bmp -> PowerShell: 18.136.210.27:80 -> RedLine (Botnet: richdazbot) -> C2: 45.77.166.103:37904 + C2: 195.201.245.238:6695
https://filebin.net/o87c9xsntbtaqjg7/Uefsayznff.exe -> RedLine -> C2: 185.254.37.58:7701
###################################################################################################
Payloads (down/not executed)
https://filebin.net/0ox1glv8hj6e0ech/RuntimeBroker.exe -> https://tria.ge/230427-x5frwahd86/behavioral2 -> No C2 Comms
https://transfer.sh/get/YGRdlX/vidar.exe -> Down
###################################################################################################
Old Payloads:
https://github.com/Abraham3210/bitcoin/releases/download/New/2-1_2023-04-14_08-31.exe
https://cdn.discordapp.com/attachments/1069223617117814787/1069223713129635970/asdasdb.exe
https://cdn.discordapp.com/attachments/920726397322928168/1079835676448669768/qwfqwf.exe
https://cdn.discordapp.com/attachments/1091449028107051142/1094520407274569738/bildak.exe
https://cdn.discordapp.com/attachments/1082332577060356128/1087147141560012851/635965506.exe?raw
http://colisumy.com/dl/buildz.exe
http://45.9.74.80/power.exe
http://193.233.134.117/shared/Ruzvelt.exe
https://store1.gofile.io/download/02e69779-8bda-4464-9669-05fb0e8f9ae7/74.0.3729.108_chrome_installer.exe
https://nftsmean.com/pro2.exe
https://nftsmean.com/new.exe

View File

@ -0,0 +1,67 @@
###################################################################################################
SmokeLoader C2 URLs:
http://wa5zu7sekai8xeih.com/
http://potunulit.org/
http://yic0oosaeiy7ahng.com/
http://aek0aicifaloh1yo.com/
http://hie7doodohpae4na.com/
http://host-file-host6.com/
http://hoh0aeghwugh2gie.com/
###################################################################################################
SmokeLoader additional distribution:
http://respekt5569.com/downloads/toolspub1.exe
http://hugersi.com/dl/6523.exe
http://aapu.at/tmp/
http://kingpirate.ru/tmp/
https://leaderspro.ps/tmp/index.php
###################################################################################################
Payloads:
https://radiobridge-egy.com/tmp/index.php -> Bootkit: https://tria.ge/230427-wp1xfaha86
https://github.com/HiddenEyeZ/tg/raw/main/Mjmbjbvye.exe -> Loader with Telegram C2: https://api.telegram.org/bot5726741061:AAElVs4Kh5cFjADvNi4pSC5O6l_EdthxhCY/sendMessage?chat_id=5701072641 -> RedLine (C2: 5.75.134.144:7985 )
https://transfer.sh/get/IeMHv4/open.exe -> Raccoonv2 / RecordBreaker C2: http://85.192.63.15/
https://transfer.sh/get/UXwIbr/5.exe -> RedLine Stealer (BotNet:Installs3000_20230424 ) -> C2: 149.100.138.146:80 + 154.49.136.127:80
https://transfer.sh/get/VVjGiQ/Hknmozjx.exe -> Unknown Loader/Stealer? -> C2: 87.121.221.84:44810 -> https://github.com/test93872/demo5/raw/main/plugin_4.dll -> XMRig
http://193.142.59.113/forum/img/130.exe -> RedLine (Botnet: 1379752987) -> C2: 167.235.158.92:13190
https://transfer.sh/get/d5VDLG/Novaa.exe -> Themida packed RedLine -> C2: 195.201.245.238:6695
http://146.19.173.221/file24si.exe -> RedLine -> C2: 176.124.192.196:80 (url: janjackfrs.com)
https://transfer.sh/get/8CIWav/123.exe -> RedLine -> C2: 195.201.245.238:6695
https://transfer.sh/DYkXJz/ole.exe -> RedLine -> C2: 176.123.9.85:16482
https://transfer.sh/get/DlCQPI/423243.exe -> https://transfer.sh/get/SatXF5/Hkthmahafsn.dat -> RedLine (Botnet: richdazbot) -> C2: 45.77.166.103:37904 + RedLine -> C2: 195.201.245.238:6695
###################################################################################################
Payloads (down/not executed)
https://transfer.sh/get/5IQwbm/stcr.exe -> Not Found
###################################################################################################
Old Payloads:
https://github.com/Abraham3210/bitcoin/releases/download/New/2-1_2023-04-14_08-31.exe
https://cdn.discordapp.com/attachments/1091449028107051142/1094520407274569738/bildak.exe
https://cdn.discordapp.com/attachments/848958130402361345/1099311683115167754/WhiteCrypt_2.exe
https://cdn.discordapp.com/attachments/1069223617117814787/1069223713129635970/asdasdb.exe
http://colisumy.com/dl/buildz.exe
https://www.jani.hu/upload/files/cheese_sDu.bat
https://cdn.discordapp.com/attachments/1082332577060356128/1087147141560012851/635965506.exe?raw
https://store1.gofile.io/download/02e69779-8bda-4464-9669-05fb0e8f9ae7/74.0.3729.108_chrome_installer.exe
http://212.113.119.255/file/lega.exe
http://5.252.118.57/s.exe
http://193.233.134.117/shared/Ruzvelt.exe
https://cdn.discordapp.com/attachments/920726397322928168/1079835676448669768/qwfqwf.exe
https://nftsmean.com/pro2.exe
http://45.9.74.80/power.exe