Mirrors
/
Gi7w0rm-MalwareConfigLists
mirror of https://github.com/Gi7w0rm/MalwareConfigLists
10
0
Fork 0
Code Issues Releases Wiki Activity

Add files via upload

This commit is contained in:
Gi7w0rm 2023-09-10 02:49:18 +02:00 committed by GitHub
parent 814616b379
commit e812e9852d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 44 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
DDGroup/IoC_DDGroup_sinkholing.csv Normal file
View File

@ -0,0 +1,44 @@
Domain,Malware,Protocol,Port,Proof
fresh12.ddns.net,Remcos,tcp,2404,https://tria.ge/230909-z3dkvadh91
freshspread.ddnsking.com,Remcos,tcp,2404,https://www.virustotal.com/gui/file/fe2a7bd815aa82979362973574a4432be639fdb0487839eb4a665c2862a62744/behavior - Remcos v3 TLS Connect
frspeed.ddns.net,Remcos,tcp,2404,https://tria.ge/230909-zzkvradh8v/behavioral1
harrywlike.ddns.net,Remcos,,2404,https://tria.ge/230814-jbhsgsad95
harrywlike1.ddns.net,Remcos,,2404,https://tria.ge/230814-jbhsgsad95
hendersonk2022.hopto.org,Remcos,,2404,https://tria.ge/230814-jbhsgsad95
jessen.hopto.org,Remcos,tcp,2404,https://tria.ge/230909-z1zejadh9s/behavioral1
july202022.ddns.net,Remcos,tcp-tls,2404,https://tria.ge/220815-hbsr1sfdbr
july20220spread.ddns.net,Remcos,tcp-tls,2404,https://tria.ge/220815-hbsr1sfdbr
july20220spread2.ddns.net,Remcos,tcp-tls,2404,https://tria.ge/220815-hbsr1sfdbr
kellyben.hopto.org,Remcos,tcp,2404,https://tria.ge/230909-z1zejadh9s/behavioral1
mulla2022.hopto.org,Likely AsyncRAT,tcp,7707,
mynewfresh.ddns.net,Remcos,,2404,https://www.vmray.com/analyses/_vt/f0bea0b60331/report/network.html
mynewfreshmynow.ddns.net,Remcos,,2404,https://www.vmray.com/analyses/_vt/f0bea0b60331/report/network.html
2ndspreading1.ddns.net,Remcos,tcp-tls,2404,https://tria.ge/220815-hbsr1sfdbr
asyrwart.ddns.net
backupjuly2022.ddns.net,Probably Remcos,tcp,2404,https://www.virustotal.com/gui/file/f44ab0fd8950adcdab001b50d7500a9cbc6d1a042bec8ea5bb039efb7216e512/detection
backupjuly20222.ddns.net,Probably Remcos,tcp,2404,https://www.virustotal.com/gui/file/f44ab0fd8950adcdab001b50d7500a9cbc6d1a042bec8ea5bb039efb7216e512/detection
centplus1.serveftp.com,Remcos,,2404,https://tria.ge/230814-jbhsgsad95
febbit1.ddns.net,BitRat,tcp(probably-tls),6655,https://tria.ge/230909-z2733aea69/behavioral1 - Communication password: 81dc9bdb52d04dc20036dbd8313ed055
febbit2.ddns.net,BitRat?,http://febbit2.ddns.net:6655,6655,2511aefa9db9f54ec252be53f876020cf9a408af1648250efc0e0dc2d31991ed
febbit3.ddns.net,ArrowRAT,tcp,1338,https://tria.ge/230909-z21nzsdh9y/behavioral1
febnew.ddns.net,NetWire,http://febnew.ddns.net/,80,82b25c74ccf441dd89da637694f3cf229d1a95c533fb565ea92cdd577cb08410
febnew1.ddns.net,NetWire,tcp,6655,https://www.joesandbox.com/analysis/712090/0/html
febnew2.ddns.net,NetWire,tcp,6655,https://www.joesandbox.com/analysis/712090/0/html
febnew3.ddns.net,NetWire,tcp,6655,additional to 2 prior IoC: https://www.virustotal.com/gui/file/ea43c71d7ec447e2483c7f0c8488972648209f2b487f2e6e64227d3d729c1d88/behavior
febnew4.ddns.net,NetWire,tcp,6655,additional to 2 prior IoC: https://www.virustotal.com/gui/file/ea43c71d7ec447e2483c7f0c8488972648209f2b487f2e6e64227d3d729c1d88/behavior
febnew5.ddns.net,NetWire,tcp,6655,additional to 2 prior IoC: https://www.virustotal.com/gui/file/ea43c71d7ec447e2483c7f0c8488972648209f2b487f2e6e64227d3d729c1d88/behavior
febnew6.ddns.net,NetWire,tcp,6655,additional to 2 prior IoC: https://www.virustotal.com/gui/file/ea43c71d7ec447e2483c7f0c8488972648209f2b487f2e6e64227d3d729c1d88/behavior
febnew7.ddns.net,NetWire,tcp,6655,additional to 2 prior IoC: https://www.virustotal.com/gui/file/ea43c71d7ec447e2483c7f0c8488972648209f2b487f2e6e64227d3d729c1d88/behavior
mynewfreshtop.ddns.net,Remcos,,2404,https://www.vmray.com/analyses/_vt/f0bea0b60331/report/network.html
mywarswarw.ddns.net,WarZone Rat,tcp,5200,https://tria.ge/230708-zd6v4aba3v/behavioral2
mywormtwon.ddns.net,,,7000,LikelyXWorm
newtryex.ddns.net,AsyncRAT,tcp+SSL,7707,https://www.virustotal.com/gui/file/525e6f018fa97536f8cb7c7816f25e99ab644fd9c074f22da3d9ed041be5442a/behavior
newwarr.ddns.net,AveMaria/WarZone,tcp,5200,https://tria.ge/220620-shaj5aebdr/behavioral2
quasharr21.ddns.net,QuasarRAT,tcp-tls,4782,https://tria.ge/230909-zz8ltadh8z/behavioral1
quasharr22.ddns.net,QuasarRAT,tcp-tls,4782,https://tria.ge/230909-zz8ltadh8z/behavioral1
quasharr33.ddns.net,QuasarRAT,tcp-tls,4782,https://tria.ge/230909-zz8ltadh8z/behavioral1
rem1666.hopto.org,RemcosRAT,tcp,2404,(no proof as ModiLoader payload is taken down however several indicators)
sunwap1.ddns.net,RemcosRAT,tcp,2404,(no proof as ModiLoader payload is taken down however several indicators)
wormxwar.ddns.net,XWorm,tcp,7000,https://tria.ge/230909-z3tl3aea2t/behavioral1
febrem.ddns.net,Remcos,,2404,https://www.vmray.com/analyses/50365c827bd7/report/network.html
febrem1.ddns.net,AveMaria/WarZone,tcp,5200,https://tria.ge/220928-2ss9naadap
Can't render this file because it has a wrong number of fields in line 17.