################################################################################################### SmokeLoader C2 URLs: http://host-file-host6.com/ http://potunulit.org/ http://firsttrusteedrx.ru/tmp/ http://kingpirate.ru/tmp/ ################################################################################################### SmokeLoader additional distribution: https://leaderspro.ps/tmp/index.php http://hugersi.com/dl/6523.exe http://respekt5569.com/downloads/toolspub1.exe ################################################################################################### Payloads: http://212.113.119.255/file/lega.exe -> Amadey -> C2: http://212.113.119.255/joomla/index.php -> https://bitbucket.org/dushanbepromo/kingsoft/downloads/build_2.exe + https://bbuseruploads.s3.amazonaws.com//fec0945a-edfb-46b3-b675-619ba5fd68dd/downloads/42b2638f-8cab-442d-b8fd-d45b466d087c/build_2.exe -> http://s.ss2.us/r.crl SectopRat + RedLine -> C2: http://95.214.27.27:33806/ https://fortniteprouniversity.com/wp-content/uploads/Donald2.exe -> https://www.fortniteprouniversity.com/wp-content/uploads/Logs-1.exe -> Unknown Stealer http://colisumy.com/dl/buildz.exe -> DJVU Ransomware C2: http://zexeq.com/raud/get.php + http://colisumy.com/dl/build2.exe + http://zexeq.com/files/1/build3.exe + Vidar Stealer -> DeadDrop: https://steamcommunity.com/profiles/76561199499188534 + https://t.me/nutalse -> C2: sportbike http://95.217.246.227| + sportbike http://116.203.2.149:11111| https://cdn.discordapp.com/attachments/1099285398921945139/1099285673254604810/Lingoaa.exe -> RedLine -> C2: 37.220.87.13:48790 ################################################################################################### Old Payloads: http://45.138.74.247/shared/Ruzvelt.exe http://45.9.74.80/power.exe https://github.com/Abraham3210/bitcoin/releases/download/New/2-1_2023-04-14_08-31.exe ################################################################################################### Payloads (down/not executed) https://nftsmean.com/run02_2.exe -> Down https://cdn.discordapp.com/attachments/1069223617117814787/1069223713129635970/asdasdb.exe https://cdn.discordapp.com/attachments/848958130402361345/1099237519037575208/WhiteCrypt.exe https://cdn.discordapp.com/attachments/1091449028107051142/1094520407274569738/bildak.exe https://cdn.discordapp.com/attachments/920726397322928168/1079835676448669768/qwfqwf.exe https://cdn.discordapp.com/attachments/1082332577060356128/1087147141560012851/635965506.exe