Create DarkGate_Censys_12_10_2023.txt

DarkGate/DarkGate_Censys_12_10_2023.txt

@@ -0,0 +1,48 @@
+C2 (Censys): 162.33.178.63:2351
+
+########################################
+
+http://195.211.98.105/public/gffdgfdgfdg.msi <- Darkgate
+C2: http://greadeaoptimalle.com (alternative port 443)
+
+Historical DNS:
+sylv.sylvalawcorp.com ->
+sylvalawcorp.com -> 162.241.224.167 + 45.79.132.153 + 34.197.89.244
+
+
+omgy.omgyardsignstx.com -> also pointed at 	45.88.67.16
+omgyardsignstx.com -> 162.241.225.36 ( Briefly pointed at 34.102.136.180 in the past)
+
+also C2 hosted: 195.211.98.105:2351
+
+########################################
+
+C2 (Censys): 89.248.193.66:2351
+
+# Campaign likely targeting Asian victims with a Cosmetic Lure, an ECommerce Lure and a toothcleaning ad
+http://148.113.1.180:8080/
+http://148.113.1.180:8080/CD.hta
+http://148.113.1.180:8080/LG.hta
+http://148.113.1.180:8080/otoke.vbs
+http://148.113.1.180:8080/TMDT.hta
+http://148.113.1.180:8080/HomeCd/PRODUCTS%20-%20Sale%20Campains.pdf.lnk
+http://148.113.1.180:8080/HomeTMDT/ECOMMERCE%20PLATFORM%20AGREEMENT.pdf.lnk
+http://148.113.1.180:8080/HomeLingiang/Lingiang%20Cosmetic%20Campaign%202023.pdf.lnk
+http://148.113.1.180:8080/Content/CD/PRODUCTS%20-%20Sale%20Campains.pdf
+http://148.113.1.180:8080/Content/Lingiang/Lingiang%20Cosmetic%20Campaign%202023.pdf
+http://148.113.1.180:8080/Content/TMDT/ECOMMERCE%20PLATFORM%20AGREEMENT.pdf
+C2 (Censys): 148.113.1.180:2351
+
+########################################
+
+C2 (Censys): 162.33.179.65:2351
+
+C2 (Censys): 81.19.135.139:2351
+
+C2 (Censys): 149.248.0.82:2351
+
+C2 (Censys): 185.130.227.202:2351
+
+C2 (Censys): 94.130.49.223:2351
+
+C2 (Censys): 54.39.198.245:2351