mirror of
https://github.com/Gi7w0rm/MalwareConfigLists
synced 2024-06-16 03:58:56 +00:00
59 lines
3.1 KiB
Plaintext
59 lines
3.1 KiB
Plaintext
###################################################################################################
|
|
SmokeLoader C2 URLs:
|
|
|
|
http://host-file-host6.com/
|
|
http://aek0aicifaloh1yo.com/
|
|
http://wa5zu7sekai8xeih.com/
|
|
http://yic0oosaeiy7ahng.com/
|
|
http://kingpirate.ru/tmp/
|
|
http://hoh0aeghwugh2gie.com/
|
|
http://hie7doodohpae4na.com/
|
|
http://potunulit.org/
|
|
http://firsttrusteedrx.ru/tmp/
|
|
|
|
###################################################################################################
|
|
SmokeLoader additional distribution:
|
|
|
|
https://leaderspro.ps/tmp/index.php
|
|
http://respekt5569.com/downloads/toolspub1.exe
|
|
http://hugersi.com/dl/6523.exe
|
|
http://79.137.194.41/s.exe
|
|
|
|
###################################################################################################
|
|
Payloads:
|
|
|
|
https://anonfiles.com/c5f1A1m6z8/Server_exe -> Silly actor with bad payload
|
|
|
|
https://anonfiles.com/29l4A4mdz3/Server_exe- > Silly actor with broken payload
|
|
|
|
https://transfer.sh/get/Hue3ho/op.exe -> DCRat -> C2: http://089240.clmonth.nyashteam.top/nyashsupport.php
|
|
|
|
https://transfer.sh/get/5DgY9D/setup_1682003561.594086.exe -> RedLine: C2: dragrun.top:28786 (Botnet: 5631065866_99) 95.217.245.250:28786
|
|
|
|
http://atomic.opdailyallowance.top/ufo.exe -> Crashing in Sandbox: https://tria.ge/230421-s55nsaad6y/behavioral2
|
|
|
|
|
|
https://github.com/ThunderMods/dassd/raw/main/4k4wuzs.exe -> DCRat -> C2: http://77.73.131.120//3LineVm/DleServerMariadb/Windows/Lowflowerpipe/Temp4/Touniversal/Multiline/CentrallocalsqlDownloads/Multitest/async5Uploads5/ProcessorJavascript0dump/18ImageTrack/dumpLinuxWpCentral/UniversalDefault/PollauthUpdate2/WindowsDump8/dumpphppacketGame/downloadsProcessorpoll/SqlUploadsDump/externalVmPhpdatalifelocal.php (https://tria.ge/230421-s5x9psad6v/behavioral2)
|
|
|
|
|
|
https://cdn.discordapp.com/attachments/1076564301877354569/1098620905766268933/opo.exe -> 5/10 -> https://tria.ge/230421-tknefaaf4v/behavioral2
|
|
|
|
###################################################################################################
|
|
Old Payloads:
|
|
|
|
https://www.jani.hu/upload/files/cheese_sDu.bat -> Analyzed already
|
|
https://github.com/Abraham3210/bitcoin/releases/download/New/2-1_2023-04-14_08-31.exe -> Analyzed already
|
|
https://store1.gofile.io/download/02e69779-8bda-4464-9669-05fb0e8f9ae7/74.0.3729.108_chrome_installer.exe -> Analyzed already
|
|
https://nftsmean.com/pro2.exe -> Analyzed already
|
|
http://45.9.74.80/power.exe -> Analyzed already
|
|
http://45.138.74.247/shared/Ruzvelt.exe -> Analyzed already
|
|
|
|
###################################################################################################
|
|
Payloads (down/not executed)
|
|
|
|
https://cdn.discordapp.com/attachments/1082332577060356128/1087147141560012851/635965506.exe?raw -> Down
|
|
https://cdn.discordapp.com/attachments/1076564301877354569/1098620905766268933/opo.exe
|
|
https://cdn.discordapp.com/attachments/920726397322928168/1079835676448669768/qwfqwf.exe
|
|
https://cdn.discordapp.com/attachments/1082332577060356128/1087147141560012851/635965506.exe?raw
|
|
https://cdn.discordapp.com/attachments/1069223617117814787/1069223713129635970/asdasdb.exe
|
|
https://cdn.discordapp.com/attachments/1091449028107051142/1094520407274569738/bildak.exe |