mirror of
https://github.com/Gi7w0rm/MalwareConfigLists
synced 2024-06-28 09:53:06 +00:00
4.3 KiB
4.3 KiB
1 | Domain | Malware | Protocol | Port | Proof |
---|---|---|---|---|---|
2 | fresh12.ddns.net | Remcos | tcp | 2404 | https://tria.ge/230909-z3dkvadh91 |
3 | freshspread.ddnsking.com | Remcos | tcp | 2404 | https://www.virustotal.com/gui/file/fe2a7bd815aa82979362973574a4432be639fdb0487839eb4a665c2862a62744/behavior - Remcos v3 TLS Connect |
4 | frspeed.ddns.net | Remcos | tcp | 2404 | https://tria.ge/230909-zzkvradh8v/behavioral1 |
5 | harrywlike.ddns.net | Remcos | 2404 | https://tria.ge/230814-jbhsgsad95 | |
6 | harrywlike1.ddns.net | Remcos | 2404 | https://tria.ge/230814-jbhsgsad95 | |
7 | hendersonk2022.hopto.org | Remcos | 2404 | https://tria.ge/230814-jbhsgsad95 | |
8 | jessen.hopto.org | Remcos | tcp | 2404 | https://tria.ge/230909-z1zejadh9s/behavioral1 |
9 | july202022.ddns.net | Remcos | tcp-tls | 2404 | https://tria.ge/220815-hbsr1sfdbr |
10 | july20220spread.ddns.net | Remcos | tcp-tls | 2404 | https://tria.ge/220815-hbsr1sfdbr |
11 | july20220spread2.ddns.net | Remcos | tcp-tls | 2404 | https://tria.ge/220815-hbsr1sfdbr |
12 | kellyben.hopto.org | Remcos | tcp | 2404 | https://tria.ge/230909-z1zejadh9s/behavioral1 |
13 | mulla2022.hopto.org | Likely AsyncRAT | tcp | 7707 | |
14 | mynewfresh.ddns.net | Remcos | 2404 | https://www.vmray.com/analyses/_vt/f0bea0b60331/report/network.html | |
15 | mynewfreshmynow.ddns.net | Remcos | 2404 | https://www.vmray.com/analyses/_vt/f0bea0b60331/report/network.html | |
16 | 2ndspreading1.ddns.net | Remcos | tcp-tls | 2404 | https://tria.ge/220815-hbsr1sfdbr |
17 | backupjuly2022.ddns.net | Probably Remcos | tcp | 2404 | https://www.virustotal.com/gui/file/f44ab0fd8950adcdab001b50d7500a9cbc6d1a042bec8ea5bb039efb7216e512/detection |
18 | backupjuly20222.ddns.net | Probably Remcos | tcp | 2404 | https://www.virustotal.com/gui/file/f44ab0fd8950adcdab001b50d7500a9cbc6d1a042bec8ea5bb039efb7216e512/detection |
19 | centplus1.serveftp.com | Remcos | 2404 | https://tria.ge/230814-jbhsgsad95 | |
20 | febbit1.ddns.net | BitRat | tcp(probably-tls) | 6655 | https://tria.ge/230909-z2733aea69/behavioral1 - Communication password: 81dc9bdb52d04dc20036dbd8313ed055 |
21 | febbit2.ddns.net | BitRat? | http://febbit2.ddns.net:6655 | 6655 | 2511aefa9db9f54ec252be53f876020cf9a408af1648250efc0e0dc2d31991ed |
22 | febbit3.ddns.net | ArrowRAT | tcp | 1338 | https://tria.ge/230909-z21nzsdh9y/behavioral1 |
23 | febnew.ddns.net | NetWire | http://febnew.ddns.net/ | 80 | 82b25c74ccf441dd89da637694f3cf229d1a95c533fb565ea92cdd577cb08410 |
24 | febnew1.ddns.net | NetWire | tcp | 6655 | https://www.joesandbox.com/analysis/712090/0/html |
25 | febnew2.ddns.net | NetWire | tcp | 6655 | https://www.joesandbox.com/analysis/712090/0/html |
26 | febnew3.ddns.net | NetWire | tcp | 6655 | additional to 2 prior IoC: https://www.virustotal.com/gui/file/ea43c71d7ec447e2483c7f0c8488972648209f2b487f2e6e64227d3d729c1d88/behavior |
27 | febnew4.ddns.net | NetWire | tcp | 6655 | additional to 2 prior IoC: https://www.virustotal.com/gui/file/ea43c71d7ec447e2483c7f0c8488972648209f2b487f2e6e64227d3d729c1d88/behavior |
28 | febnew5.ddns.net | NetWire | tcp | 6655 | additional to 2 prior IoC: https://www.virustotal.com/gui/file/ea43c71d7ec447e2483c7f0c8488972648209f2b487f2e6e64227d3d729c1d88/behavior |
29 | febnew6.ddns.net | NetWire | tcp | 6655 | additional to 2 prior IoC: https://www.virustotal.com/gui/file/ea43c71d7ec447e2483c7f0c8488972648209f2b487f2e6e64227d3d729c1d88/behavior |
30 | febnew7.ddns.net | NetWire | tcp | 6655 | additional to 2 prior IoC: https://www.virustotal.com/gui/file/ea43c71d7ec447e2483c7f0c8488972648209f2b487f2e6e64227d3d729c1d88/behavior |
31 | mynewfreshtop.ddns.net | Remcos | 2404 | https://www.vmray.com/analyses/_vt/f0bea0b60331/report/network.html | |
32 | mywarswarw.ddns.net | WarZone Rat | tcp | 5200 | https://tria.ge/230708-zd6v4aba3v/behavioral2 |
33 | mywormtwon.ddns.net | 7000 | LikelyXWorm | ||
34 | newtryex.ddns.net | AsyncRAT | tcp+SSL | 7707 | https://www.virustotal.com/gui/file/525e6f018fa97536f8cb7c7816f25e99ab644fd9c074f22da3d9ed041be5442a/behavior |
35 | newwarr.ddns.net | AveMaria/WarZone | tcp | 5200 | https://tria.ge/220620-shaj5aebdr/behavioral2 |
36 | quasharr21.ddns.net | QuasarRAT | tcp-tls | 4782 | https://tria.ge/230909-zz8ltadh8z/behavioral1 |
37 | quasharr22.ddns.net | QuasarRAT | tcp-tls | 4782 | https://tria.ge/230909-zz8ltadh8z/behavioral1 |
38 | quasharr33.ddns.net | QuasarRAT | tcp-tls | 4782 | https://tria.ge/230909-zz8ltadh8z/behavioral1 |
39 | rem1666.hopto.org | RemcosRAT | tcp | 2404 | (no proof as ModiLoader payload is taken down however several indicators) |
40 | sunwap1.ddns.net | RemcosRAT | tcp | 2404 | (no proof as ModiLoader payload is taken down however several indicators) |
41 | wormxwar.ddns.net | XWorm | tcp | 7000 | https://tria.ge/230909-z3tl3aea2t/behavioral1 |
42 | febrem.ddns.net | Remcos | 2404 | https://www.vmray.com/analyses/50365c827bd7/report/network.html | |
43 | febrem1.ddns.net | AveMaria/WarZone | tcp | 5200 | https://tria.ge/220928-2ss9naadap |