10
0
mirror of https://github.com/Gi7w0rm/MalwareConfigLists synced 2024-06-20 22:18:43 +00:00
Gi7w0rm-MalwareConfigLists/DDGroup/IoC_DDGroup_sh.csv

4.3 KiB

1DomainMalwareProtocolPortProof
2fresh12.ddns.netRemcostcp2404https://tria.ge/230909-z3dkvadh91
3freshspread.ddnsking.comRemcostcp2404https://www.virustotal.com/gui/file/fe2a7bd815aa82979362973574a4432be639fdb0487839eb4a665c2862a62744/behavior - Remcos v3 TLS Connect
4frspeed.ddns.netRemcostcp2404https://tria.ge/230909-zzkvradh8v/behavioral1
5harrywlike.ddns.netRemcos2404https://tria.ge/230814-jbhsgsad95
6harrywlike1.ddns.netRemcos2404https://tria.ge/230814-jbhsgsad95
7hendersonk2022.hopto.orgRemcos2404https://tria.ge/230814-jbhsgsad95
8jessen.hopto.orgRemcostcp2404https://tria.ge/230909-z1zejadh9s/behavioral1
9july202022.ddns.netRemcostcp-tls2404https://tria.ge/220815-hbsr1sfdbr
10july20220spread.ddns.netRemcostcp-tls2404https://tria.ge/220815-hbsr1sfdbr
11july20220spread2.ddns.netRemcostcp-tls2404https://tria.ge/220815-hbsr1sfdbr
12kellyben.hopto.orgRemcostcp2404https://tria.ge/230909-z1zejadh9s/behavioral1
13mulla2022.hopto.orgLikely AsyncRATtcp7707
14mynewfresh.ddns.netRemcos2404https://www.vmray.com/analyses/_vt/f0bea0b60331/report/network.html
15mynewfreshmynow.ddns.netRemcos2404https://www.vmray.com/analyses/_vt/f0bea0b60331/report/network.html
162ndspreading1.ddns.netRemcostcp-tls2404https://tria.ge/220815-hbsr1sfdbr
17backupjuly2022.ddns.netProbably Remcostcp2404https://www.virustotal.com/gui/file/f44ab0fd8950adcdab001b50d7500a9cbc6d1a042bec8ea5bb039efb7216e512/detection
18backupjuly20222.ddns.netProbably Remcostcp2404https://www.virustotal.com/gui/file/f44ab0fd8950adcdab001b50d7500a9cbc6d1a042bec8ea5bb039efb7216e512/detection
19centplus1.serveftp.comRemcos2404https://tria.ge/230814-jbhsgsad95
20febbit1.ddns.netBitRattcp(probably-tls)6655https://tria.ge/230909-z2733aea69/behavioral1 - Communication password: 81dc9bdb52d04dc20036dbd8313ed055
21febbit2.ddns.netBitRat?http://febbit2.ddns.net:665566552511aefa9db9f54ec252be53f876020cf9a408af1648250efc0e0dc2d31991ed
22febbit3.ddns.netArrowRATtcp1338https://tria.ge/230909-z21nzsdh9y/behavioral1
23febnew.ddns.netNetWirehttp://febnew.ddns.net/8082b25c74ccf441dd89da637694f3cf229d1a95c533fb565ea92cdd577cb08410
24febnew1.ddns.netNetWiretcp6655https://www.joesandbox.com/analysis/712090/0/html
25febnew2.ddns.netNetWiretcp6655https://www.joesandbox.com/analysis/712090/0/html
26febnew3.ddns.netNetWiretcp6655additional to 2 prior IoC: https://www.virustotal.com/gui/file/ea43c71d7ec447e2483c7f0c8488972648209f2b487f2e6e64227d3d729c1d88/behavior
27febnew4.ddns.netNetWiretcp6655additional to 2 prior IoC: https://www.virustotal.com/gui/file/ea43c71d7ec447e2483c7f0c8488972648209f2b487f2e6e64227d3d729c1d88/behavior
28febnew5.ddns.netNetWiretcp6655additional to 2 prior IoC: https://www.virustotal.com/gui/file/ea43c71d7ec447e2483c7f0c8488972648209f2b487f2e6e64227d3d729c1d88/behavior
29febnew6.ddns.netNetWiretcp6655additional to 2 prior IoC: https://www.virustotal.com/gui/file/ea43c71d7ec447e2483c7f0c8488972648209f2b487f2e6e64227d3d729c1d88/behavior
30febnew7.ddns.netNetWiretcp6655additional to 2 prior IoC: https://www.virustotal.com/gui/file/ea43c71d7ec447e2483c7f0c8488972648209f2b487f2e6e64227d3d729c1d88/behavior
31mynewfreshtop.ddns.netRemcos2404https://www.vmray.com/analyses/_vt/f0bea0b60331/report/network.html
32mywarswarw.ddns.netWarZone Rattcp5200https://tria.ge/230708-zd6v4aba3v/behavioral2
33mywormtwon.ddns.net7000LikelyXWorm
34newtryex.ddns.netAsyncRATtcp+SSL7707https://www.virustotal.com/gui/file/525e6f018fa97536f8cb7c7816f25e99ab644fd9c074f22da3d9ed041be5442a/behavior
35newwarr.ddns.netAveMaria/WarZonetcp5200https://tria.ge/220620-shaj5aebdr/behavioral2
36quasharr21.ddns.netQuasarRATtcp-tls4782https://tria.ge/230909-zz8ltadh8z/behavioral1
37quasharr22.ddns.netQuasarRATtcp-tls4782https://tria.ge/230909-zz8ltadh8z/behavioral1
38quasharr33.ddns.netQuasarRATtcp-tls4782https://tria.ge/230909-zz8ltadh8z/behavioral1
39rem1666.hopto.orgRemcosRATtcp2404(no proof as ModiLoader payload is taken down however several indicators)
40sunwap1.ddns.netRemcosRATtcp2404(no proof as ModiLoader payload is taken down however several indicators)
41wormxwar.ddns.netXWormtcp7000https://tria.ge/230909-z3tl3aea2t/behavioral1
42febrem.ddns.netRemcos2404https://www.vmray.com/analyses/50365c827bd7/report/network.html
43febrem1.ddns.netAveMaria/WarZonetcp5200https://tria.ge/220928-2ss9naadap