forked from CronUp/Malware-IOCs
-
Notifications
You must be signed in to change notification settings - Fork 0
/
2021-12-29_Malvertising2RedLine
133 lines (127 loc) · 3.31 KB
/
2021-12-29_Malvertising2RedLine
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
ANONFILES -> MALVERTISING -> REDLINE MALWARE
REFERENCE1: https://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer
REFERENCE2: https://twitter.com/1ZRR4H/status/1460566090745098240
########################################################################
DOWNLOAD DOMAINS
https://zipuploads.com/1.zip
https://engfilesload.com/1.zip
https://getfileasap1.com/1.zip
https://bestfilesstorage.com/1.zip
https://zipuniquedownloads.com/1.zip
https://topfilesstorage.com/1.zip
https://getthisfileasap.com/1.zip
https://loaduploads.com/1.zip
https://absoluteuniqueloads.com/1.zip
https://secondfilesstorage.com/1.zip
https://uploadloads.com/1.zip
https://readytoloadforyou.com/1.zip
https://yfilesstorage1.com/1.zip
https://yourfilesstorage.com/1.zip
https://fastrarloads.com/1.zip
https://rarloads.com/1.zip
https://uniqueloads.com/1.zip
ANY.RUN
https://app.any.run/tasks/26a1622b-930a-411a-a9c5-e7cbd86c255f
REDLINE C2 SERVERS
2.56.56.126:38524
23.88.114.184:9295
185.215.113.29:34865
185.204.109.248:26250
94.140.115.160:81
91.243.32.73:7171
103.246.144.29:44301
45.129.99.59:80
193.150.103.37:81
45.147.196.146:6213
IPS
2.56.59.42
2.56.56.126
103.246.144.29
148.251.234.83
148.251.234.93
151.115.10.1
160.153.249.159
185.112.83.8
185.215.113.208
185.215.113.29
193.150.103.37
194.180.174.41
212.193.30.29
212.193.30.45
23.88.114.184
37.230.138.66
45.129.99.59
45.144.225.57
45.147.196.146
85.209.157.230
91.219.236.18
91.224.22.193
94.140.115.160
140.82.121.3
149.28.78.238
156.67.74.197
162.0.210.44
185.112.83.49
185.204.109.248
192.243.59.13
91.243.32.73
DOMAINS
stylesheet.faseaegasdfase.com
tg8.cllgxx.com
360devtracking.com
baanrabiengfah.com
c9d0e790b353537889bd47a364f5acff43c11f244.xyz
api3.testrequest.info
stewei.s3.pl-waw.scw.cloud
ad-postback.biz
ad-storage.biz
vataeagene.xyz
b.dxyzgame.com
b.xyzgameb.com
c.xyzgamec.com
d.gogamed.com
c9d0e790b353537889bd47a364f5acff43c11f243.xyz
capitalfm997.com
curtainshare.su
datingmart.me
eurekabike.com
freshstart-upsolutions.me
glitterandsparkle.net
jangeamele.xyz
jggrmmojcc.com
online-stock-solutions.com
service-domain.xyz
webdeadshare24.me
gp.gamebuy768.com
ip.sexygame.jp
source3.boys4dayz.com
URLS
http://185.215.113.208/ferrari.exe
http://212.193.30.29/download/Service.bmp
http://stylesheet.faseaegasdfase.com/hp8/g1/rtst1053.exe
http://tg8.cllgxx.com/sr21/siww1047.exe
http://185.112.83.8/install6.exe
http://194.180.174.41/baldandbankrupt1
http://2.56.59.42/base/api/getData.php
http://2.56.59.42/base/api/statistics.php
http://2.56.59.42/service/communication.php
http://212.193.30.29/WW/file1.exe
http://212.193.30.29/WW/file2.exe
http://212.193.30.29/WW/file3.exe
http://212.193.30.29/WW/file4.exe
http://212.193.30.29/download/Cube_WW14.bmp
http://212.193.30.45/WW/file10.exe
http://212.193.30.45/WW/file5.exe
http://212.193.30.45/WW/file6.exe
http://212.193.30.45/WW/file7.exe
http://212.193.30.45/WW/file8.exe
http://212.193.30.45/WW/file9.exe
http://212.193.30.45/proxies.txt
http://360devtracking.com/bjmphptnnxcdgfqp/dzxtcbbqdhcnxhbw
http://45.144.225.57/download/NiceProcessX32.bmp
http://45.144.225.57/server.txt
http://91.219.236.18/baldandbankrupt1
http://api3.testrequest.info/api2/google_api_ifi
http://baanrabiengfah.com/setup.exe
http://c9d0e790b353537889bd47a364f5acff43c11f244.xyz/verify.php?id=31_d30ddb805283274a932d44d053d2749f
http://stewei.s3.pl-waw.scw.cloud/power-plant/ShareFolder.exe