Gi7w0rm-MalwareConfigLists/IoC_DDGroup_sh.csv at main

mirror of https://github.com/Gi7w0rm/MalwareConfigLists synced 2024-06-27 09:28:30 +00:00

Update and rename IoC_DDGroup_sinkholing.csv to IoC_DDGroup_sh.csv

2023-09-10 02:49:54 +02:00

4.3 KiB

Raw Permalink Blame History

1	Domain	Malware	Protocol	Port	Proof
2	fresh12.ddns.net	Remcos	tcp	2404	https://tria.ge/230909-z3dkvadh91
3	freshspread.ddnsking.com	Remcos	tcp	2404	https://www.virustotal.com/gui/file/fe2a7bd815aa82979362973574a4432be639fdb0487839eb4a665c2862a62744/behavior - Remcos v3 TLS Connect
4	frspeed.ddns.net	Remcos	tcp	2404	https://tria.ge/230909-zzkvradh8v/behavioral1
5	harrywlike.ddns.net	Remcos		2404	https://tria.ge/230814-jbhsgsad95
6	harrywlike1.ddns.net	Remcos		2404	https://tria.ge/230814-jbhsgsad95
7	hendersonk2022.hopto.org	Remcos		2404	https://tria.ge/230814-jbhsgsad95
8	jessen.hopto.org	Remcos	tcp	2404	https://tria.ge/230909-z1zejadh9s/behavioral1
9	july202022.ddns.net	Remcos	tcp-tls	2404	https://tria.ge/220815-hbsr1sfdbr
10	july20220spread.ddns.net	Remcos	tcp-tls	2404	https://tria.ge/220815-hbsr1sfdbr
11	july20220spread2.ddns.net	Remcos	tcp-tls	2404	https://tria.ge/220815-hbsr1sfdbr
12	kellyben.hopto.org	Remcos	tcp	2404	https://tria.ge/230909-z1zejadh9s/behavioral1
13	mulla2022.hopto.org	Likely AsyncRAT	tcp	7707
14	mynewfresh.ddns.net	Remcos		2404	https://www.vmray.com/analyses/_vt/f0bea0b60331/report/network.html
15	mynewfreshmynow.ddns.net	Remcos		2404	https://www.vmray.com/analyses/_vt/f0bea0b60331/report/network.html
16	2ndspreading1.ddns.net	Remcos	tcp-tls	2404	https://tria.ge/220815-hbsr1sfdbr
17	backupjuly2022.ddns.net	Probably Remcos	tcp	2404	https://www.virustotal.com/gui/file/f44ab0fd8950adcdab001b50d7500a9cbc6d1a042bec8ea5bb039efb7216e512/detection
18	backupjuly20222.ddns.net	Probably Remcos	tcp	2404	https://www.virustotal.com/gui/file/f44ab0fd8950adcdab001b50d7500a9cbc6d1a042bec8ea5bb039efb7216e512/detection
19	centplus1.serveftp.com	Remcos		2404	https://tria.ge/230814-jbhsgsad95
20	febbit1.ddns.net	BitRat	tcp(probably-tls)	6655	https://tria.ge/230909-z2733aea69/behavioral1 - Communication password: 81dc9bdb52d04dc20036dbd8313ed055
21	febbit2.ddns.net	BitRat?	http://febbit2.ddns.net:6655	6655	2511aefa9db9f54ec252be53f876020cf9a408af1648250efc0e0dc2d31991ed
22	febbit3.ddns.net	ArrowRAT	tcp	1338	https://tria.ge/230909-z21nzsdh9y/behavioral1
23	febnew.ddns.net	NetWire	http://febnew.ddns.net/	80	82b25c74ccf441dd89da637694f3cf229d1a95c533fb565ea92cdd577cb08410
24	febnew1.ddns.net	NetWire	tcp	6655	https://www.joesandbox.com/analysis/712090/0/html
25	febnew2.ddns.net	NetWire	tcp	6655	https://www.joesandbox.com/analysis/712090/0/html
26	febnew3.ddns.net	NetWire	tcp	6655	additional to 2 prior IoC: https://www.virustotal.com/gui/file/ea43c71d7ec447e2483c7f0c8488972648209f2b487f2e6e64227d3d729c1d88/behavior
27	febnew4.ddns.net	NetWire	tcp	6655	additional to 2 prior IoC: https://www.virustotal.com/gui/file/ea43c71d7ec447e2483c7f0c8488972648209f2b487f2e6e64227d3d729c1d88/behavior
28	febnew5.ddns.net	NetWire	tcp	6655	additional to 2 prior IoC: https://www.virustotal.com/gui/file/ea43c71d7ec447e2483c7f0c8488972648209f2b487f2e6e64227d3d729c1d88/behavior
29	febnew6.ddns.net	NetWire	tcp	6655	additional to 2 prior IoC: https://www.virustotal.com/gui/file/ea43c71d7ec447e2483c7f0c8488972648209f2b487f2e6e64227d3d729c1d88/behavior
30	febnew7.ddns.net	NetWire	tcp	6655	additional to 2 prior IoC: https://www.virustotal.com/gui/file/ea43c71d7ec447e2483c7f0c8488972648209f2b487f2e6e64227d3d729c1d88/behavior
31	mynewfreshtop.ddns.net	Remcos		2404	https://www.vmray.com/analyses/_vt/f0bea0b60331/report/network.html
32	mywarswarw.ddns.net	WarZone Rat	tcp	5200	https://tria.ge/230708-zd6v4aba3v/behavioral2
33	mywormtwon.ddns.net			7000	LikelyXWorm
34	newtryex.ddns.net	AsyncRAT	tcp+SSL	7707	https://www.virustotal.com/gui/file/525e6f018fa97536f8cb7c7816f25e99ab644fd9c074f22da3d9ed041be5442a/behavior
35	newwarr.ddns.net	AveMaria/WarZone	tcp	5200	https://tria.ge/220620-shaj5aebdr/behavioral2
36	quasharr21.ddns.net	QuasarRAT	tcp-tls	4782	https://tria.ge/230909-zz8ltadh8z/behavioral1
37	quasharr22.ddns.net	QuasarRAT	tcp-tls	4782	https://tria.ge/230909-zz8ltadh8z/behavioral1
38	quasharr33.ddns.net	QuasarRAT	tcp-tls	4782	https://tria.ge/230909-zz8ltadh8z/behavioral1
39	rem1666.hopto.org	RemcosRAT	tcp	2404	(no proof as ModiLoader payload is taken down however several indicators)
40	sunwap1.ddns.net	RemcosRAT	tcp	2404	(no proof as ModiLoader payload is taken down however several indicators)
41	wormxwar.ddns.net	XWorm	tcp	7000	https://tria.ge/230909-z3tl3aea2t/behavioral1
42	febrem.ddns.net	Remcos		2404	https://www.vmray.com/analyses/50365c827bd7/report/network.html
43	febrem1.ddns.net	AveMaria/WarZone	tcp	5200	https://tria.ge/220928-2ss9naadap

4.3 KiB Raw Permalink Blame History

4.3 KiB

Raw Permalink Blame History