From e94035c5576669533e06009854cbf0d39a5aa38b Mon Sep 17 00:00:00 2001
From: Gi7w0rm <89871181+Gi7w0rm@users.noreply.github.com>
Date: Fri, 2 Jun 2023 04:30:07 +0200
Subject: [PATCH] Add files via upload

---
 SmokeLoader/smoke_out_01_06_2023.txt | 44 ++++++++++++++++++++++++++++
 SmokeLoader/smoke_out_31_05_2023.txt | 30 +++++++++++++++++++
 2 files changed, 74 insertions(+)
 create mode 100644 SmokeLoader/smoke_out_01_06_2023.txt
 create mode 100644 SmokeLoader/smoke_out_31_05_2023.txt

diff --git a/SmokeLoader/smoke_out_01_06_2023.txt b/SmokeLoader/smoke_out_01_06_2023.txt
new file mode 100644
index 0000000..128fa0b
--- /dev/null
+++ b/SmokeLoader/smoke_out_01_06_2023.txt
@@ -0,0 +1,44 @@
+https://cdn.discordapp.com/attachments/1091449028107051142/1094520407274569738/bildak.exe
+https://cdn.discordapp.com/attachments/1111985588615249960/1113790937693433916/54656464.exe
+http://colisumy.com/dl/build.exe
+https://speedlab.com.eg/tmp/index.php
+http://45.9.74.80/wall.exe
+http://host-file-host6.com/
+https://cdn.discordapp.com/attachments/1111985588615249960/1113502455964110848/54656464.exe
+
+https://filetransfer.io/data-package/llBlT2VL/download -> GoogleChromeUpdate.exe ->  https://raw.githubusercontent.com/RHGF44/string/main/readme.txt -> DCRat -> C2: pococox.cc -> 134.255.216.148:80 (+ Scheduled Task and Add-MpPreference -ExclusionPath)
+
+http://hugersi.com/dl/6523.exe
+
+https://darkbox.pw/d/2NDOYbiR12bS1ItY28sWAZ6I2FJlkP -> clear.exe -> Loader reaching out to: 
+http://5.42.94.169/customer/115 -> Downloads and executes RedLine C2: 45.9.74.4:46910
+
+http://potunulit.org/
+
+http://kingpirate.ru/tmp/
+
+http://respekt5568.com/downloads/toolspub1.exe
+
+https://nftsmean.com/pro2.exe
+
+https://cdn.discordapp.com/attachments/1113947677764374622/1113960414951252049/1st.exe -> C2: 84.54.50.125:58002
+
+http://dropbuyinc.ga/
+
+https://cdn.discordapp.com/attachments/920726397322928168/1079835676448669768/qwfqwf.exe
+
+http://140.99.221.199/sp.exe
+
+http://95.214.27.98/file/lega.exe -> 2x RedLine (Botnet:lars && Botnet grom) C2:  83.97.73.127:19045 + Amadey: http://95.214.27.98/cronus/index.php
+
+https://seattle-fishing-club.com/search.php
+
+http://194.180.48.90/cc.exe -> Rhadamanthys Stealer -> C2: 179.43.162.23:8509
+
+http://colisumy.com/dl/buildz.exe
+
+https://cdn.discordapp.com/attachments/1082332577060356128/1087147141560012851/635965506.exe?raw
+
+https://cdn.discordapp.com/attachments/1069223617117814787/1069223713129635970/asdasdb.exe
+
+https://miami-golf-club.com/search.php
diff --git a/SmokeLoader/smoke_out_31_05_2023.txt b/SmokeLoader/smoke_out_31_05_2023.txt
new file mode 100644
index 0000000..bc0b39a
--- /dev/null
+++ b/SmokeLoader/smoke_out_31_05_2023.txt
@@ -0,0 +1,30 @@
+http://host-file-host6.com/
+
+https://cdn.discordapp.com/attachments/1069223617117814787/1069223713129635970/asdasdb.exe
+
+http://140.99.221.199/sp.exe -> Binary Themida Packed and evades Virtual Box via ACPI registry values and SandBox via SystemBiosVersion and VideoBiosVersion
+
+http://kingpirate.ru/tmp/
+
+https://cdn.discordapp.com/attachments/1082332577060356128/1087147141560012851/635965506.exe?raw
+
+http://respekt5568.com/downloads/toolspub1.exe
+
+https://cdn.discordapp.com/attachments/1091449028107051142/1094520407274569738/bildak.exe
+
+http://colisumy.com/dl/build.exe
+
+http://potunulit.org/
+
+https://speedlab.com.eg/tmp/index.php -> SmokeLoader pub1 
+
+http://45.9.74.80/wall.exe -> Amadey (C2: 45.9.74.80/0bjdn2Z/index.php ) + Fabookie (C2s: http://us.imgjeoigaa.com/sts/imagc.jpg + 
+http://as.imgjeoigaa.com/check/safe) + XMRig (Pool: xmr-eu2.nanopool.org)
+
+http://colisumy.com/dl/buildz.exe
+
+https://cdn.discordapp.com/attachments/920726397322928168/1079835676448669768/qwfqwf.exe
+
+https://nftsmean.com/pro2.exe
+
+https://cdn.discordapp.com/attachments/1111985588615249960/1113502455964110848/54656464.exe