Mirrors
/
ioc-collection
mirror of https://github.com/avast/ioc
6
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

ViperSoftX: Added IoC

This commit is contained in:
janrubin 2022-11-21 13:20:54 +01:00 committed by GitHub
parent 43fbdfe7ce
commit 3ee9d7b78d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
14 changed files with 451 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
ViperSoftX/README.md Normal file
View File

@ -0,0 +1,71 @@
# IoC for ViperSoftX and VenomSoftX
Malware analysis and more technical information at <https://decoded.avast.io/janrubin/vipersoftx-hiding-in-system-logs-and-spreading-venomsoftx>
### Table of Contents
* [Samples (SHA-256)](#samples-sha-256)
* [C&Cs](#cnc)
* [Wallet addresses](#wallet-addresses)
## Samples (SHA-256)
#### ViperSoftX binary and related files
```
e1dc058fc8282acb95648c1ee6b0bc36b0d6b5e6853d4f602df5549e67d6d11a
0bad2617ddb7586637ad81aaa32912b78497daf1f69eb9eb7385917b2c8701c2
0cb5c69e8e85f44725105432de551090b28530be8948cc730e4b0d901748ff6f
23b9075dac7dbf712732bb81ecd2c21259f384eb79ae8fdebe29b7c5a12d0519
5c5202ed975d6647bd157ea494d0a09aac41d686bcf39b16a870422fa77a9add
```
#### VenomSoftX binary and related files
```
3fe448df20c8474730415f07d05bef3011486ec1e070c67683c5034ec76a2fcb
0de9a23f88b9b7bda3da989dce7ad014112d88100dceaabca072d6672522be26
1d6845c7b92d6eb70464a35b6075365872c0ae40890133f4d7dd17ea066f8481
7107ab14a1760c6dccd25bf5e22221134a23401595d10c707f023f8ca5f1b854
ddee23e2bfd6b9d57569076029371e6e686b801131b6b503e7444359d9d8d813
947215a1c401522d654e1d1d241e4c8ee44217dacd093b814e7f38d4c9db0289
7b75c1150ef10294c5b9005dbcd2ee6795423ec20c512eb16c8379b6360b6c98
d7dfc84af13f49e2a242f60804b70f82efff7680cddf07f412667f998143fe9c
4da1352e3415faa393e4d088b5d54d501c8d2a9be9af1362ca5cc0a799204b37
705deecbbb6fd4855df3de254057c90150255c947b0fb985ea1e0f923f75a95f
```
## C&Cs
```
api.private-chatting[.]com
apps-analyser[.]com
wmail-blog[.]com
wmail-service[.]com
```
## Wallet addresses
```
0x12507F83Dde59C206ec400719dF80D015D9D17B6
0x884467182849bA788ba89300e176ebe11624C882
122zNSYNN2TSR2H5wBCX16Yyvq7qLFWo1d6Lvw2t9CNxMxt1
1L8EBHDeiHeumtcpcroaxBceXnWFiYU5dh
1Pqkb4MZwKzgSNkaX32wMwg95D9NfW9vZX
32Wx3dsHCCxyJZLwseFYkgeFqVk16tCCcF
3JvBvRuBfYvB6MjzMornj9EQpxhq9W7vXP
475WGyX8zvFFCUR9ufThrNRtJmzmU13gqH9GV2WgAjbR7FgRVCWzokdfVf2hqvRbDBaMzBm1zpDiBTpBgxLt6d7nAdEEhC4
48qx1krgEGzdcSacbmZdioNwXxW6r43yFSJDKPWZb3wsK9pYhajHNyE5FujWo1NxVwEBvGebS7biW9mjMEWdMevqMGmDJ6x
7j5bxiFPSsScScBEjLj9qud5Yc2CqXGmembX3hQBdFTd$
DDxhfK5wbJkRN25mAbBYk3ND4xLjiMRyNq
DUUNTm23sVwLyiw27WW9ZPT9XfiWhB1Cvf
TDJLMdJWPrKNMHuxgpQL8QPYgvdXTnWJao
XdxTmTFuHrcHnQQhfweAnHtExFB5BXmU1z
Xtwj8uGx77NYBUki1UCPvEhe4kHYi6yWng
addr1q9c27w7u4uh55sfp64ahtrnj44jkthpe7vyqgcpt73z9lrq7fw3juld8k2ksz2p82tv45j8yc5wzqmr4ladxyt0vjxrsf33mjk
bc1qn6ype8u5kgj672mvsez9wz9wt9wk22tzd5vprp
bc1qxgz2g8kn2kg0wqqrmctyxu5n925pnwphzlehaw
bnb1u64a2n3jhw4yh73s84rc58v8wxrwp7r8jwakpr
bnb1vmwl54jxj9yvsgz33xtyuvqnurdjy2raqnttkq
cosmos1mcah8lel6rxhlqsyrzpm8237cqcuzgyw70nm6f
kava1emxzwjw84e0re7awgue9kp4gseesyqrttg69sm
qq9yrhef7csy3yzgxgs0rvkvez440mk53gv8ulyu6a
qqh3g98z60rdl05044xxt7gkgncezmdfy5tja99z53
rH6dyKWNpcvFz6fQ4ohyDbevSxcxdxfSmz
rpzn8Ax7Kz1A4Yi8KqvzV43KYsa59SH2Aq
t1XjiZx8EydDDRuLisoYyVifcSFb96a3YBj
tz1g6rcQAgtdZc8PNUaTUzrDD8PYuCeVj4mb
zil1aw3kyrymt52pq2e4xwzusdfce9e5tmewvshdrm
```

107
ViperSoftX/extras/VenomSoftX_address_book.txt Normal file
View File

@ -0,0 +1,107 @@
{
'^1[a-km-zA-HJ-NP-Z1-9]{25,34}$': {
'coin': ['BTC', 'BCH'],
'address': '1L8EBHDeiHeumtcpcroaxBceXnWFiYU5dh',
'network': ['BTC', 'BCH']
},
'^3[a-km-zA-HJ-NP-Z1-9]{25,34}$': {
'coin': ['BTC', 'BCH'],
'address': '32Wx3dsHCCxyJZLwseFYkgeFqVk16tCCcF',
'network': ['BTC', 'BCH']
},
'^bc1q[0-9A-Za-z]{37,62}$': {
'coin': ['BTC'],
'address': 'bc1qxgz2g8kn2kg0wqqrmctyxu5n925pnwphzlehaw',
'network': ['BTC']
},
'^bc1p[0-9A-Za-z]{37,62}$': {
'coin': ['BTC'],
'address': 'bc1qxgz2g8kn2kg0wqqrmctyxu5n925pnwphzlehaw',
'network': ['BTC']
},
'^((bitcoincash:)?(q|p)[a-z0-9]{41})$': {
'coin': ['BCH'],
'address': 'qqh3g98z60rdl05044xxt7gkgncezmdfy5tja99z53',
'network': ['BCH']
},
'^((BITCOINCASH:)?(Q|P)[A-Z0-9]{41})$': {
'coin': ['BCH'],
'address': 'qqh3g98z60rdl05044xxt7gkgncezmdfy5tja99z53',
'network': ['BCH']
},
'^(0x)[0-9A-Fa-f]{40}$': {
'coin': ['BTC', 'BCH', 'BNB', 'DOGE', 'ETH', 'XRP', 'USDT', 'SOL', 'ATOM', 'DOT', 'XTZ', 'ZEC', 'ADA', 'ZIL'],
'address': '0x12507F83Dde59C206ec400719dF80D015D9D17B6',
'network': ['BSC', 'ETH', 'ARBITRUM', 'AVAXC', 'MATIC']
},
'^(bnb1)[0-9a-z]{38}$': {
'coin': ['BTC', 'BCH', 'BNB', 'DOGE', 'ETH', 'XRP', 'USDT', 'KAVA', 'ATOM', 'DOT', 'XTZ', 'ZEC', 'ADA'],
'address': 'bnb1u64a2n3jhw4yh73s84rc58v8wxrwp7r8jwakpr',
'network': ['BNB']
},
'^[48][a-zA-Z|\\d]{94}([a-zA-Z|\\d]{11})?$': {
'coin': ['XMR'],
'address': '475WGyX8zvFFCUR9ufThrNRtJmzmU13gqH9GV2WgAjbR7FgRVCWzokdfVf2hqvRbDBaMzBm1zpDiBTpBgxLt6d7nAdEEhC4',
'network': ['XMR']
},
'^[X|7][0-9A-Za-z]{33}$': {
'coin': ['DASH'],
'address': 'XdxTmTFuHrcHnQQhfweAnHtExFB5BXmU1z',
'network': ['DASH']
},
'^(D|A|9)[a-km-zA-HJ-NP-Z1-9]{33,34}$': {
'coin': ['DOGE'],
'address': 'DUUNTm23sVwLyiw27WW9ZPT9XfiWhB1Cvf',
'network': ['DOGE']
},
'^r[1-9A-HJ-NP-Za-km-z]{25,34}$': {
'coin': ['XRP'],
'address': 'rpzn8Ax7Kz1A4Yi8KqvzV43KYsa59SH2Aq',
'network': ['XRP']
},
'^T[1-9A-HJ-NP-Za-km-z]{33}$': {
'coin': ['USDT'],
'address': 'TDJLMdJWPrKNMHuxgpQL8QPYgvdXTnWJao',
'network': ['TRX']
},
'^(kava1)[0-9a-z]{38}$': {
'coin': ['KAVA'],
'address': 'kava1emxzwjw84e0re7awgue9kp4gseesyqrttg69sm',
'network': ['KAVA']
},
'^(cosmos1)[0-9a-z]{38}$': {
'coin': ['ATOM'],
'address': 'cosmos1mcah8lel6rxhlqsyrzpm8237cqcuzgyw70nm6f',
'network': ['ATOM']
},
'^(tz[1,2,3])[a-zA-Z0-9]{33}$': {
'coin': ['XTZ'],
'address': 'tz1g6rcQAgtdZc8PNUaTUzrDD8PYuCeVj4mb',
'network': ['XTZ']
},
'^(t)[A-Za-z0-9]{34}$': {
'coin': ['ZEC'],
'address': 't1XjiZx8EydDDRuLisoYyVifcSFb96a3YBj',
'network': ['ZEC']
},
'^(([0-9A-Za-z]{57,59})|([0-9A-Za-z]{100,104}))$': {
'coin': ['ADA'],
'address': 'addr1q9c27w7u4uh55sfp64ahtrnj44jkthpe7vyqgcpt73z9lrq7fw3juld8k2ksz2p82tv45j8yc5wzqmr4ladxyt0vjxrsf33mjk',
'network': ['ADA']
},
'zil1[qpzry9x8gf2tvdw0s3jn54khce6mua7l]{38}': {
'coin': ['ZIL'],
'address': 'zil1aw3kyrymt52pq2e4xwzusdfce9e5tmewvshdrm',
'network': ['ZIL']
},
'^[1-9A-HJ-NP-Za-km-z]{32,44}$': {
'coin': ['USDT', 'SOL'],
'address': '7j5bxiFPSsScScBEjLj9qud5Yc2CqXGmembX3hQBdFTd',
'network': ['SOL']
},
'^(1)[0-9a-z-A-Z]{44,50}$': {
'coin': ['DOT'],
'address': '122zNSYNN2TSR2H5wBCX16Yyvq7qLFWo1d6Lvw2t9CNxMxt1',
'network': ['DOT']
}
};

66
ViperSoftX/extras/extraction_script/extract_files.py Normal file
View File

@ -0,0 +1,66 @@
from mainfest_pb2 import Mainfest
from malduck import aes, sha256, uint32
from pathlib import Path
import argparse
def decrypt(data: bytes) -> bytes:
key = bytes.fromhex("71C54C3BCFFCE591A70C0B5BA6448327BC975D89F3021053125F1CB9A7C0AF72")
iv = bytes.fromhex("C0BA0B56EAC742AFD4CB680EE0EB4FB0")
decrypted = aes.cbc.decrypt(key, iv, data)
pad_len = decrypted[-1]
padding = decrypted[-pad_len:]
assert all(x == pad_len for x in padding)
return decrypted[:-pad_len]
def load_manifest(data: bytes) -> Mainfest: # The "typo" is intetional
manifest = Mainfest()
decrypted_data = decrypt(data)
manifest.ParseFromString(decrypted_data)
return manifest
def find_encrypted_manifest(data: bytes) -> bytes:
test_data = data[-0x24: -0x20]
checksum = data[-0x20:]
print(test_data, checksum)
assert sha256(test_data) == checksum
offset = uint32(test_data)
assert isinstance(offset, int)
return data[-0x24 - offset: -0x24]
def extract_files(manifest: Mainfest, data: bytes):
outdir = Path("extracted_files")
outdir.mkdir(exist_ok=True)
(outdir/"manifest.dat").write_bytes(manifest.SerializeToString())
for i, f in enumerate(manifest.Files):
print(f)
content = data[f.Offset: f.Offset + f.Size]
outf = outdir / str(i)
outf.write_bytes(decrypt(content))
if __name__ == "__main__":
parser = argparse.ArgumentParser(
prog = 'Extractor for ViperSoftX\'s initial payloads (commonly named Activator.exe)',
description = "This script extracts files from ViperSoftX\'s initial payloads (commonly named Activator.exe)")
parser.add_argument('filepath')
args = parser.parse_args()
path = Path(args.filepath)
if not Path.exists(path) or not Path.is_file(path):
print("[!] The provided path does not exist or is not a file!")
exit(1)
data = b""
with open(path, "rb") as fd:
data = fd.read()
enc_manifest = find_encrypted_manifest(data) # find offset
manifest = load_manifest(enc_manifest) # decrypt and load protobuf
extract_files(manifest, data) # dump manifest and extracted files

12
ViperSoftX/extras/extraction_script/mainfest.proto Normal file
View File

@ -0,0 +1,12 @@
package sfs;
message File {
optional int32 Id = 1;
optional uint64 Offset = 2;
optional uint64 Size = 3;
optional bytes Metadata = 4;
}
message Mainfest {
repeated File Files = 1;
}

27
ViperSoftX/extras/extraction_script/mainfest_pb2.py Normal file
View File

@ -0,0 +1,27 @@
# -*- coding: utf-8 -*-
# Generated by the protocol buffer compiler. DO NOT EDIT!
# source: mainfest.proto
"""Generated protocol buffer code."""
from google.protobuf.internal import builder as _builder
from google.protobuf import descriptor as _descriptor
from google.protobuf import descriptor_pool as _descriptor_pool
from google.protobuf import symbol_database as _symbol_database
# @@protoc_insertion_point(imports)
_sym_db = _symbol_database.Default()
DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n\x0emainfest.proto\x12\x03sfs\"B\n\x04\x46ile\x12\n\n\x02Id\x18\x01 \x01(\x05\x12\x0e\n\x06Offset\x18\x02 \x01(\x04\x12\x0c\n\x04Size\x18\x03 \x01(\x04\x12\x10\n\x08Metadata\x18\x04 \x01(\x0c\"$\n\x08Mainfest\x12\x18\n\x05\x46iles\x18\x01 \x03(\x0b\x32\t.sfs.File')
_builder.BuildMessageAndEnumDescriptors(DESCRIPTOR, globals())
_builder.BuildTopDescriptorsAndMessages(DESCRIPTOR, 'mainfest_pb2', globals())
if _descriptor._USE_C_DESCRIPTORS == False:
DESCRIPTOR._options = None
_FILE._serialized_start=23
_FILE._serialized_end=89
_MAINFEST._serialized_start=91
_MAINFEST._serialized_end=127
# @@protoc_insertion_point(module_scope)

2
ViperSoftX/extras/extraction_script/requirements.txt Normal file
View File

@ -0,0 +1,2 @@
malduck
protobuf>=4.0.0

27
ViperSoftX/extras/list_of_api_calls.txt Normal file
View File

@ -0,0 +1,27 @@
Blockchain.com
https://blockchain.info/wallet
Binance
https://www.binance.com/bapi/accounts/v1/protect/account/email/sendEmailVerifyCode
https://www.binance.com/bapi/accounts/v1/protect/account/email/sendMobileVerifyCode
https://www.binance.com/bapi/kyc/v1/private/risk/check/withdraw-pre-check
https://www.binance.com/bapi/capital/v3/private/capital/withdraw/apply
https://www.binance.com/bapi/asset/v3/private/asset-service/asset/get-user-asset
https://www.binance.com/bapi/capital/v1/private/capital/deposit/queryUserDepositAddress
Coinbase
https://www.coinbase.com/api/v3/coinbase.public_api.authed.sends.Sends/CreateSend
https://www.coinbase.com/api/v3/coinbase.public_api.authed.sends.Sends/CreateSendMax
https://www.coinbase.com/api/v3/coinbase.public_api.authed.accounts.Accounts/GetAccounts
https://www.coinbase.com/api/v3/coinbase.public_api.authed.sends.Sends/CommitSend
https://www.coinbase.com/graphql/query?&operationName=ReceiveContentQuery
Gate.io
https://www.gate.io/myaccount/second_confirm
Kucoin
https://www.kucoin.com/_api/payment/withdraw/safe-img
https://www.kucoin.com/_api/payment/withdraw/apply
https://www.kucoin.com/_api/account-front/query/currency-balance
https://www.kucoin.com/_api/payment/deposit-address/get

19
ViperSoftX/extras/list_of_keywords.txt Normal file
View File

@ -0,0 +1,19 @@
Keywords for monitoring opened windows
----------------
binance
coinbase
blockchain
voyager
blockfi
coindesk
etoro
kucoin
citi
paxful
paypal
huobi
poloniex
bittrex
kraken
bitfinex
bitstamp

41
ViperSoftX/extras/list_of_locations.txt Normal file
View File

@ -0,0 +1,41 @@
List of checked locations for cryptocurrency related theft
----------------
%ProgramFiles%\Binance
%ProgramFiles%\Bitcoin
%ProgramFiles%\Ledger Live
%ProgramFiles(x86)%\Electrum
%appdata%\Armory
%appdata%\Atomic Wallet
%appdata%\Bitcoin
%appdata%\DELTA
%appdata%\Electrum
%appdata%\Exodus
%appdata%\Guarda
%appdata%\Jaxx Liberty
%appdata%\Ledger Live
%appdata%\TREZOR Bridge
%appdata%\binance
%appdata%\com.liberty.jaxx
%localappdata%\Blockstream Green
%localappdata%\BraveSoftware\Brave-Browser\User Data\Default\Extensions\aeachknmefphepccionboohckonoeemg
%localappdata%\BraveSoftware\Brave-Browser\User Data\Default\Extensions\cjelfplplebdjjenllpjcblmjkfcffne
%localappdata%\BraveSoftware\Brave-Browser\User Data\Default\Extensions\fhbohimaelbohpjbbldcngcnapndodjp
%localappdata%\BraveSoftware\Brave-Browser\User Data\Default\Extensions\hnfanknocfeofbddgcijnmhnfnkdnaad
%localappdata%\BraveSoftware\Brave-Browser\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn
%localappdata%\BraveSoftware\Brave-Browser\User Data\Default\Extensions\nlbmnnijcnlegkjjpcfjclmcfggfefdm
%localappdata%\Coinomi
%localappdata%\Docker
%localappdata%\Google\Chrome\User Data\Default\Extensions\aeachknmefphepccionboohckonoeemg
%localappdata%\Google\Chrome\User Data\Default\Extensions\cjelfplplebdjjenllpjcblmjkfcffne
%localappdata%\Google\Chrome\User Data\Default\Extensions\fhbohimaelbohpjbbldcngcnapndodjp
%localappdata%\Google\Chrome\User Data\Default\Extensions\hnfanknocfeofbddgcijnmhnfnkdnaad
%localappdata%\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn
%localappdata%\Google\Chrome\User Data\Default\Extensions\nlbmnnijcnlegkjjpcfjclmcfggfefdm
%localappdata%\Microsoft\Edge\User Data\Default\Extensions\ejbalbakoplchlghecdalmeeeajnimhm
%localappdata%\Microsoft\Edge\User Data\Default\Extensions\gmcoclageakkbkbbflppkbpjcbkcfedg
%localappdata%\Programs\Trezor Suite
%localappdata%\Programs\atomic
%localappdata%\exodus

30
ViperSoftX/extras/wallets.csv Normal file
View File

@ -0,0 +1,30 @@
cryptocurrency,address
ADA,addr1q9c27w7u4uh55sfp64ahtrnj44jkthpe7vyqgcpt73z9lrq7fw3juld8k2ksz2p82tv45j8yc5wzqmr4ladxyt0vjxrsf33mjk
ATOM,cosmos1mcah8lel6rxhlqsyrzpm8237cqcuzgyw70nm6f
BNB,bnb1u64a2n3jhw4yh73s84rc58v8wxrwp7r8jwakpr
BNB,bnb1vmwl54jxj9yvsgz33xtyuvqnurdjy2raqnttkq
BTC,1L8EBHDeiHeumtcpcroaxBceXnWFiYU5dh
BTC,1Pqkb4MZwKzgSNkaX32wMwg95D9NfW9vZX
BTC,32Wx3dsHCCxyJZLwseFYkgeFqVk16tCCcF
BTC,3JvBvRuBfYvB6MjzMornj9EQpxhq9W7vXP
BTC,bc1qn6ype8u5kgj672mvsez9wz9wt9wk22tzd5vprp
BTC,bc1qxgz2g8kn2kg0wqqrmctyxu5n925pnwphzlehaw
BTC,qq9yrhef7csy3yzgxgs0rvkvez440mk53gv8ulyu6a
BTC,qqh3g98z60rdl05044xxt7gkgncezmdfy5tja99z53
DASH,XdxTmTFuHrcHnQQhfweAnHtExFB5BXmU1z
DASH,Xtwj8uGx77NYBUki1UCPvEhe4kHYi6yWng
DOT,122zNSYNN2TSR2H5wBCX16Yyvq7qLFWo1d6Lvw2t9CNxMxt1
DOGE,DDxhfK5wbJkRN25mAbBYk3ND4xLjiMRyNq
DOGE,DUUNTm23sVwLyiw27WW9ZPT9XfiWhB1Cvf
ETH,0x12507F83Dde59C206ec400719dF80D015D9D17B6
ETH,0x884467182849bA788ba89300e176ebe11624C882
KAVA,kava1emxzwjw84e0re7awgue9kp4gseesyqrttg69sm
SOL,7j5bxiFPSsScScBEjLj9qud5Yc2CqXGmembX3hQBdFTd$
USDT,TDJLMdJWPrKNMHuxgpQL8QPYgvdXTnWJao
XMR,475WGyX8zvFFCUR9ufThrNRtJmzmU13gqH9GV2WgAjbR7FgRVCWzokdfVf2hqvRbDBaMzBm1zpDiBTpBgxLt6d7nAdEEhC4
XMR,48qx1krgEGzdcSacbmZdioNwXxW6r43yFSJDKPWZb3wsK9pYhajHNyE5FujWo1NxVwEBvGebS7biW9mjMEWdMevqMGmDJ6x
XRP,rH6dyKWNpcvFz6fQ4ohyDbevSxcxdxfSmz
XRP,rpzn8Ax7Kz1A4Yi8KqvzV43KYsa59SH2Aq
XTZ,tz1g6rcQAgtdZc8PNUaTUzrDD8PYuCeVj4mb
ZEC,t1XjiZx8EydDDRuLisoYyVifcSFb96a3YBj
ZIL,zil1aw3kyrymt52pq2e4xwzusdfce9e5tmewvshdrm
1 cryptocurrency address
2 ADA addr1q9c27w7u4uh55sfp64ahtrnj44jkthpe7vyqgcpt73z9lrq7fw3juld8k2ksz2p82tv45j8yc5wzqmr4ladxyt0vjxrsf33mjk
3 ATOM cosmos1mcah8lel6rxhlqsyrzpm8237cqcuzgyw70nm6f
4 BNB bnb1u64a2n3jhw4yh73s84rc58v8wxrwp7r8jwakpr
5 BNB bnb1vmwl54jxj9yvsgz33xtyuvqnurdjy2raqnttkq
6 BTC 1L8EBHDeiHeumtcpcroaxBceXnWFiYU5dh
7 BTC 1Pqkb4MZwKzgSNkaX32wMwg95D9NfW9vZX
8 BTC 32Wx3dsHCCxyJZLwseFYkgeFqVk16tCCcF
9 BTC 3JvBvRuBfYvB6MjzMornj9EQpxhq9W7vXP
10 BTC bc1qn6ype8u5kgj672mvsez9wz9wt9wk22tzd5vprp
11 BTC bc1qxgz2g8kn2kg0wqqrmctyxu5n925pnwphzlehaw
12 BTC qq9yrhef7csy3yzgxgs0rvkvez440mk53gv8ulyu6a
13 BTC qqh3g98z60rdl05044xxt7gkgncezmdfy5tja99z53
14 DASH XdxTmTFuHrcHnQQhfweAnHtExFB5BXmU1z
15 DASH Xtwj8uGx77NYBUki1UCPvEhe4kHYi6yWng
16 DOT 122zNSYNN2TSR2H5wBCX16Yyvq7qLFWo1d6Lvw2t9CNxMxt1
17 DOGE DDxhfK5wbJkRN25mAbBYk3ND4xLjiMRyNq
18 DOGE DUUNTm23sVwLyiw27WW9ZPT9XfiWhB1Cvf
19 ETH 0x12507F83Dde59C206ec400719dF80D015D9D17B6
20 ETH 0x884467182849bA788ba89300e176ebe11624C882
21 KAVA kava1emxzwjw84e0re7awgue9kp4gseesyqrttg69sm
22 SOL 7j5bxiFPSsScScBEjLj9qud5Yc2CqXGmembX3hQBdFTd$
23 USDT TDJLMdJWPrKNMHuxgpQL8QPYgvdXTnWJao
24 XMR 475WGyX8zvFFCUR9ufThrNRtJmzmU13gqH9GV2WgAjbR7FgRVCWzokdfVf2hqvRbDBaMzBm1zpDiBTpBgxLt6d7nAdEEhC4
25 XMR 48qx1krgEGzdcSacbmZdioNwXxW6r43yFSJDKPWZb3wsK9pYhajHNyE5FujWo1NxVwEBvGebS7biW9mjMEWdMevqMGmDJ6x
26 XRP rH6dyKWNpcvFz6fQ4ohyDbevSxcxdxfSmz
27 XRP rpzn8Ax7Kz1A4Yi8KqvzV43KYsa59SH2Aq
28 XTZ tz1g6rcQAgtdZc8PNUaTUzrDD8PYuCeVj4mb
29 ZEC t1XjiZx8EydDDRuLisoYyVifcSFb96a3YBj
30 ZIL zil1aw3kyrymt52pq2e4xwzusdfce9e5tmewvshdrm

4
ViperSoftX/network.txt Normal file
View File

@ -0,0 +1,4 @@
api.private-chatting[.]com
apps-analyser[.]com
wmail-blog[.]com
wmail-service[.]com

15
ViperSoftX/samples.md5 Normal file
View File

@ -0,0 +1,15 @@
ec78b42d48246195cbe1180360681b90
1895630ecd7b5b25192c6740a5e285ec
83b6801a346f95a0bb0f175dde5331e6
3ba82b143dcad78847a3a1e966645684
fb22059f044090792958e2e294d70061
33e688eaa778983c40ea801d6fcefcb5
59cf96c6b5c8c1fddf2071b912a7ebe4
4fb6f22de4f9a3056773e6a39827b547
af54393602bc627c59fdb3627dccef3b
60d43fa0c6c7fdbf2a8461b4f8ff58cb
715cbedcf82cc3e260ba028b20d9dd60
0d100484df69f48eaa60a657526bc382
fa7e6865eb2c4bb1e8fcbe0976360187
f45b25105027c9ef073076ccb0d43043
477a21627ebd684cce73c5194484f5c3

15
ViperSoftX/samples.sha1 Normal file
View File

@ -0,0 +1,15 @@
017ec0ac62f7512c990e6d07b1399861d6e8c4f5
1bf288509225b86bfe5076eacb1b6d93ca83a6b6
a56497f1445973cb5cbcb729edad3c03b0923ed3
fe99dea8887f44e8941be30f825b18c42647fd8b
66b1f93985ed4ab34dbe4cbf73726d84562ae0fe
b6e76874391805eb8503285537868e73a1f39a47
4a9e16c39014bd4ba79ebdb06052457485521f15
0d52d082be149d6d81052657d7b1c38a8ae87b7a
31fd33b614312d6d3db5651e611b39eacb8b29fe
7e119fd410366a9dcb55b3b04a23f27395656de0
a5e0fcf98f440a01565081cbf733d862468e9dcd
284e3098d6db46035679b0487199df7c50cb2fb7
9c68ea21e8ecfc05db0034b00a3cfd1b21272f76
9d1b8290b51fa5fff4a4907b49d51f8ee0d8567b
ff4ad0bc5d3791fdddae2b60239de423ca4e8d12

15
ViperSoftX/samples.sha256 Normal file
View File

@ -0,0 +1,15 @@
e1dc058fc8282acb95648c1ee6b0bc36b0d6b5e6853d4f602df5549e67d6d11a
0bad2617ddb7586637ad81aaa32912b78497daf1f69eb9eb7385917b2c8701c2
0cb5c69e8e85f44725105432de551090b28530be8948cc730e4b0d901748ff6f
23b9075dac7dbf712732bb81ecd2c21259f384eb79ae8fdebe29b7c5a12d0519
5c5202ed975d6647bd157ea494d0a09aac41d686bcf39b16a870422fa77a9add
3fe448df20c8474730415f07d05bef3011486ec1e070c67683c5034ec76a2fcb
0de9a23f88b9b7bda3da989dce7ad014112d88100dceaabca072d6672522be26
1d6845c7b92d6eb70464a35b6075365872c0ae40890133f4d7dd17ea066f8481
7107ab14a1760c6dccd25bf5e22221134a23401595d10c707f023f8ca5f1b854
ddee23e2bfd6b9d57569076029371e6e686b801131b6b503e7444359d9d8d813
947215a1c401522d654e1d1d241e4c8ee44217dacd093b814e7f38d4c9db0289
7b75c1150ef10294c5b9005dbcd2ee6795423ec20c512eb16c8379b6360b6c98
d7dfc84af13f49e2a242f60804b70f82efff7680cddf07f412667f998143fe9c
4da1352e3415faa393e4d088b5d54d501c8d2a9be9af1362ca5cc0a799204b37
705deecbbb6fd4855df3de254057c90150255c947b0fb985ea1e0f923f75a95f