API tools faq
paste
Advertisement
Bank_Security

Dridex IOC

Bank_Security
Jul 9th, 2019
21,167
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.11 KB | None | 0 0
raw download clone embed print report
  1. Table 1: List of potential web inject source
  2.  
  3. Web Inject Sources
  4. hxxps://144[.]76[.]111[.]43:443/5/amex_l4R5Ej69o91Bc3ja/
  5. hxxps://144[.]76[.]111[.]43:443/5/bbt_biz_l4R5Ej69o91Bc3ja/
  6. hxxps://144[.]76[.]111[.]43:443/5/bbt_corp_l4R5Ej69o91Bc3ja/
  7. hxxps://144[.]76[.]111[.]43:443/5/bmo_l4R5Ej69o91Bc3ja/
  8. hxxps://144[.]76[.]111[.]43:443/5/bnycash_l4R5Ej69o91Bc3ja/
  9. hxxps://144[.]76[.]111[.]43:443/5/bremer_l4R5Ej69o91Bc3ja/
  10. hxxps://144[.]76[.]111[.]43:443/5/pnc_l4R5Ej69o91Bc3ja/
  11. hxxps://144[.]76[.]111[.]43:443/5/scotiabank_l4R5Ej69o91Bc3ja/
  12. hxxps://144[.]76[.]111[.]43:443/5/tdbank_tdetreasury_l4R5Ej69o91Bc3ja/
  13. hxxps://144[.]76[.]111[.]43:443/510/tiquani_l4R5Ej69o91Bc3ja/
  14. hxxps://144[.]76[.]111[.]43:443/520/amama_l4R5Ej69o91Bc3ja/
  15. hxxps://144[.]76[.]111[.]43:443/520/amunba_l4R5Ej69o91Bc3ja/
  16. hxxps://144[.]76[.]111[.]43:443/520/atonbu_l4R5Ej69o91Bc3ja/
  17. hxxps://144[.]76[.]111[.]43:443/520/bacana_l4R5Ej69o91Bc3ja/
  18. hxxps://144[.]76[.]111[.]43:443/520/bahaba_l4R5Ej69o91Bc3ja/
  19. hxxps://144[.]76[.]111[.]43:443/520/bokafi_l4R5Ej69o91Bc3ja/
  20. hxxps://144[.]76[.]111[.]43:443/520/bomobo_l4R5Ej69o91Bc3ja/
  21. hxxps://144[.]76[.]111[.]43:443/520/buliba_l4R5Ej69o91Bc3ja/
  22. hxxps://144[.]76[.]111[.]43:443/520/camaba_l4R5Ej69o91Bc3ja/
  23. hxxps://144[.]76[.]111[.]43:443/520/camaci_l4R5Ej69o91Bc3ja/
  24. hxxps://144[.]76[.]111[.]43:443/520/camana_l4R5Ej69o91Bc3ja/
  25. hxxps://144[.]76[.]111[.]43:443/520/cibaca_l4R5Ej69o91Bc3ja/
  26. hxxps://144[.]76[.]111[.]43:443/520/cobaba_l4R5Ej69o91Bc3ja/
  27. hxxps://144[.]76[.]111[.]43:443/520/cobuba_l4R5Ej69o91Bc3ja/
  28. hxxps://144[.]76[.]111[.]43:443/520/emriba_l4R5Ej69o91Bc3ja/
  29. hxxps://144[.]76[.]111[.]43:443/520/ewaba_l4R5Ej69o91Bc3ja/
  30. hxxps://144[.]76[.]111[.]43:443/520/facosa_l4R5Ej69o91Bc3ja/
  31. hxxps://144[.]76[.]111[.]43:443/520/famaba_l4R5Ej69o91Bc3ja/
  32. hxxps://144[.]76[.]111[.]43:443/520/finiba_l4R5Ej69o91Bc3ja/
  33. hxxps://144[.]76[.]111[.]43:443/520/fumaba_l4R5Ej69o91Bc3ja/
  34. hxxps://144[.]76[.]111[.]43:443/520/hacaba_l4R5Ej69o91Bc3ja/
  35. hxxps://144[.]76[.]111[.]43:443/520/hasaba_l4R5Ej69o91Bc3ja/
  36. hxxps://144[.]76[.]111[.]43:443/520/hasaba_uk_pers_l4R5Ej69o91Bc3ja/
  37. hxxps://144[.]76[.]111[.]43:443/520/iboaba_l4R5Ej69o91Bc3ja/
  38. hxxps://144[.]76[.]111[.]43:443/520/inruba_l4R5Ej69o91Bc3ja/
  39. hxxps://144[.]76[.]111[.]43:443/520/irisoba_l4R5Ej69o91Bc3ja/
  40. hxxps://144[.]76[.]111[.]43:443/520/katata_l4R5Ej69o91Bc3ja/
  41. hxxps://144[.]76[.]111[.]43:443/520/lakala_l4R5Ej69o91Bc3ja/
  42. hxxps://144[.]76[.]111[.]43:443/520/lemiba_l4R5Ej69o91Bc3ja/
  43. hxxps://144[.]76[.]111[.]43:443/520/madaba_l4R5Ej69o91Bc3ja/
  44. hxxps://144[.]76[.]111[.]43:443/520/magaba_l4R5Ej69o91Bc3ja/
  45. hxxps://144[.]76[.]111[.]43:443/520/matawa_l4R5Ej69o91Bc3ja/
  46. hxxps://144[.]76[.]111[.]43:443/520/mecoma_l4R5Ej69o91Bc3ja/
  47. hxxps://144[.]76[.]111[.]43:443/520/moboma_l4R5Ej69o91Bc3ja/
  48. hxxps://144[.]76[.]111[.]43:443/520/osv_cetiba_l4R5Ej69o91Bc3ja/
  49. hxxps://144[.]76[.]111[.]43:443/520/osv_fasaba_l4R5Ej69o91Bc3ja/
  50. hxxps://144[.]76[.]111[.]43:443/520/osv_sabatu_l4R5Ej69o91Bc3ja/
  51. hxxps://144[.]76[.]111[.]43:443/520/osv_tobipu_l4R5Ej69o91Bc3ja/
  52. hxxps://144[.]76[.]111[.]43:443/520/pawaba_l4R5Ej69o91Bc3ja/
  53. hxxps://144[.]76[.]111[.]43:443/520/peniba_l4R5Ej69o91Bc3ja/
  54. hxxps://144[.]76[.]111[.]43:443/520/pocoba_l4R5Ej69o91Bc3ja/
  55. hxxps://144[.]76[.]111[.]43:443/520/povaba_l4R5Ej69o91Bc3ja/
  56. hxxps://144[.]76[.]111[.]43:443/520/rabaca2_l4R5Ej69o91Bc3ja/
  57. hxxps://144[.]76[.]111[.]43:443/520/rabaca_l4R5Ej69o91Bc3ja/
  58. hxxps://144[.]76[.]111[.]43:443/520/rasaba_l4R5Ej69o91Bc3ja/
  59. hxxps://144[.]76[.]111[.]43:443/520/satara_l4R5Ej69o91Bc3ja/
  60. hxxps://144[.]76[.]111[.]43:443/520/secaba_l4R5Ej69o91Bc3ja/
  61. hxxps://144[.]76[.]111[.]43:443/520/sigaba_l4R5Ej69o91Bc3ja/
  62. hxxps://144[.]76[.]111[.]43:443/520/socoba_l4R5Ej69o91Bc3ja/
  63. hxxps://144[.]76[.]111[.]43:443/520/synova_l4R5Ej69o91Bc3ja/
  64. hxxps://144[.]76[.]111[.]43:443/520/tadaba_l4R5Ej69o91Bc3ja/
  65. hxxps://144[.]76[.]111[.]43:443/520/todoba_l4R5Ej69o91Bc3ja/
  66. hxxps://144[.]76[.]111[.]43:443/520/ubatra_l4R5Ej69o91Bc3ja/
  67. hxxps://144[.]76[.]111[.]43:443/520/unbaba_l4R5Ej69o91Bc3ja/
  68. hxxps://144[.]76[.]111[.]43:443/520/wabaca_l4R5Ej69o91Bc3ja/
  69. hxxps://akamai-static5[.]online/appleadmin/gate[.]php
  70. hxxps://akamai-static5[.]online/bestbuyadmin/gate[.]php
  71. hxxps://akamai-static5[.]online/costcoadmin/gate[.]php
  72. hxxps://akamai-static5[.]online/ebayadmin/gate[.]php
  73. hxxps://akamai-static5[.]online/neweggadmin/gate[.]php
  74. hxxps://akamai-static5[.]online/ppadmin/gate[.]php
  75. hxxps://akamai-static5[.]online/samsclubadmin/gate[.]php
  76. hxxps://akamai-static5[.]online/walmartadmin/gate[.]php
  77. hxxps://bustheza[.]com/lob[.]php
  78. hxxps://cachejs[.]com/lob[.]php
  79. hxxps://46[.]105[.]131[.]77:443/B88U86giIPyD55RK/
  80. hxxps://46[.]105[.]131[.]77:443/ehf9i7ywh5kdyu50/
  81. hxxps://46[.]105[.]131[.]77:443/xobj6j20x84lhk3x/
  82. Table 2: Command and control hosts (C2)
  83.  
  84. RMS RAT C2
  85. 217[.]12[.]201[.]159:5655
  86. Dridex C2
  87. hxxps://71[.]217[.]15[.]111:443/
  88. hxxps://97[.]76[.]245[.]131:443/
  89. hxxps://24[.]40[.]243[.]66:443/
  90. hxxps://159[.]69[.]89[.]90:3389/
  91. hxxps://159[.]89[.]179[.]87:3389/
  92. hxxps://62[.]210[.]26[.]206:3389/
  93. Table 3: Payload locations
  94.  
  95. Office Macro Payloads
  96. hxxp://topdalescotty[.]top/filexxx/wiskkk[.]exe
  97. hxxp://topdalescotty[.]top/filexxx/wotam[.]exe
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!