API tools faq
paste
paladin316

Malicious_IOCs_2019-12-24_12_04.txt

paladin316
Dec 24th, 2019
1,936
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.34 KB | None | 0 0
raw download clone embed print report
  1. Malicious_IOCs_2019-12-24_12_04
  2.  
  3. Malware Famaily: Malicious
  4.  
  5. SHA256:
  6. 0810f1e1b014228476c9a7f91d4202686d7509234ffa18cd43bf000336825eb3
  7. 1979363c4e12e30113a61a6bcd4507f1bad8f4225efd104e47b50c7446ecc527
  8. 48d59d8e0bbc2088e12a1294d2396ee96b0c40cb84d6fff3467ea7b021cc7310
  9. 7362536c7850fc0afe1469e2b44259fa793480778a675972b236da72eb4a6aef
  10. 79723cbc2234e26aae3111b8c7b6711da68a46d01e5808598a1492e49c331f60
  11. ca3ad3ac161709f3c3ce1c2e63fd4a612ac2d987bf2fa321284c6e4e8c64c93b
  12. clamav:Txt.Downloader.Generic-6810205-0,
  13.  
  14. IPs:
  15. 1[.]0[.]0[.]100
  16. 1[.]0[.]0[.]25
  17. 112[.]82[.]242[.]163
  18. 113[.]106[.]48[.]72
  19. 116[.]211[.]100[.]137
  20. 116[.]211[.]100[.]181
  21. 116[.]211[.]100[.]182
  22. 118[.]25[.]165[.]228
  23. 119[.]147[.]80[.]20
  24. 120[.]132[.]48[.]228
  25. 125[.]77[.]142[.]201
  26. 134[.]175[.]107[.]117
  27. 140[.]249[.]60[.]229
  28. 162[.]241[.]173[.]131
  29. 162[.]241[.]216[.]20
  30. 169[.]254[.]255[.]254
  31. 180[.]150[.]178[.]242
  32. 180[.]150[.]179[.]27
  33. 183[.]95[.]89[.]203
  34. 184[.]28[.]188[.]179
  35. 188[.]127[.]227[.]76
  36. 202[.]107[.]193[.]171
  37. 2[.]1[.]0[.]26
  38. 23[.]35[.]171[.]27
  39. 23[.]52[.]0[.]137
  40. 23[.]52[.]0[.]138
  41. 23[.]52[.]0[.]139
  42. 23[.]52[.]0[.]144
  43. 23[.]52[.]0[.]145
  44. 23[.]52[.]0[.]147
  45. 23[.]52[.]0[.]152
  46. 23[.]52[.]0[.]153
  47. 23[.]52[.]0[.]154
  48. 23[.]52[.]0[.]155
  49. 23[.]52[.]0[.]160
  50. 23[.]52[.]0[.]162
  51. 23[.]52[.]0[.]163
  52. 23[.]52[.]0[.]168
  53. 23[.]52[.]0[.]169
  54. 23[.]52[.]0[.]170
  55. 23[.]52[.]0[.]171
  56. 23[.]52[.]0[.]176
  57. 23[.]52[.]0[.]177
  58. 23[.]52[.]0[.]178
  59. 23[.]52[.]0[.]179
  60. 23[.]52[.]0[.]184
  61. 23[.]52[.]0[.]185
  62. 23[.]52[.]0[.]186
  63. 23[.]60[.]139[.]27
  64. 3[.]0[.]3[.]10
  65. 95[.]217[.]99[.]22
  66.  
  67. Domains:
  68. brekatrinado[.]red
  69. dssp[.]stnts[.]com
  70. dssp[.]workday360[.]cn
  71. e[.]dangeana[.]com
  72. exceptionalsanta[.]pro
  73. exceptionalsanta[.]red
  74. fmjstorage[.]com
  75. happysantacows[.]red
  76. log[.]r9j43[.]cn
  77. l[.]raidmedia[.]com[.]cn
  78. ocsp[.]int-x3[.]letsencrypt[.]org
  79. ocsp[.]thawte[.]com
  80. pubg[.]heymoney[.]cn
  81. res[.]duduniu[.]cn
  82. sisipiciliko[.]pro
  83. th[.]symcd[.]com
  84. tuijian[.]workday360[.]cn
  85. update[.]bainv[.]net
  86. u[.]raidmedia[.]com[.]cn
  87. v2api[.]v6[.]cn
  88. www[.]ecowis[.]com
  89. youtop-engine[.]stnts[.]com
  90.  
  91. URL:
  92. http://brekatrinado[.]red/data3[.]php?2E6F3FE1ABC798B0,
  93. http://dssp[.]stnts[.]com:8888/?opt=put&mq=newicon_shellstart&data=&gid=1905353524&mac=18C086CD4732&pcname=Host&bootid=3C2433D3B92A46D33E2AD4B8C038A5BD&start=TRUE&&version=2[.]1[.]0[.]26&cid=EABAFDC9&ccid=0&tgid=&p=AAAmc3RhcnQ9VFJVRSYmdmVyc2lvbj0yLjEuMC4yNiZjaWQ9RUFCQUZEQzkmY2NpZD0wJnRnaWQ9AAAAAA==,
  94. http://dssp[.]stnts[.]com:8888/?opt=put&mq=plug_desktopstart&data=&gid=1905353524&mac=18C086CD4732&pcname=Host&bootid=3C2433D3B92A46D33E2AD4B8C038A5BD&version=2[.]1[.]0[.]26&cid=EABAFDC9&ccid=00000000&iconNum=100&tgid=&p=AAAmdmVyc2lvbj0yLjEuMC4yNiZjaWQ9RUFCQUZEQzkmY2NpZD0wMDAwMDAwMCZpY29uTnVtPTEwMCZ0Z2lkPQAAAAAA,
  95. http://dssp[.]stnts[.]com:8888/?opt=put&mq=plug_playvideo_start&data=&gid=1905353524&mac=18C086CD4731&pcname=Host&bootid=754AD125D3B751ACE8B1A3A675057E5C&cid=3824&version=7[.]10[.]0319[.]1207&info=plugin_run@origin=Steam[.]exe&plugid=18011501&ccid=FFFFFFFF,
  96. http://dssp[.]stnts[.]com:8888/?opt=put&mq=plug_sth_start&data=&gid=1905353524&mac=18C086CD4731&pcname=Host&bootid=754AD125D3B751ACE8B1A3A675057E5C&cid=3824&plugver=1[.]0[.]0[.]1002&act=plugin_exit,
  97. http://dssp[.]stnts[.]com:8888/?opt=put&mq=plug_sth_start&data=&gid=1905353524&mac=18C086CD4731&pcname=Host&bootid=754AD125D3B751ACE8B1A3A675057E5C&cid=3824&plugver=1[.]0[.]0[.]1002&act=plugin_run,
  98. http://dssp[.]workday360[.]cn:8888/?opt=put&mq=plug_douyuflow_start&data=&gid=1905353524&mac=18C086CD4731&pcname=Host&bootid=754AD125D3B751ACE8B1A3A675057E5C&module=init%20cfg%20error&version=1[.]0[.]0[.]25&cid=,
  99. http://dssp[.]workday360[.]cn:8888/?opt=put&mq=plug_douyuflow_start&data=&gid=1905353524&mac=18C086CD4731&pcname=Host&bootid=754AD125D3B751ACE8B1A3A675057E5C&module=plug_sslsrv&version=1[.]0[.]0[.]25&cid=,
  100. http://dssp[.]workday360[.]cn:8888/?opt=put&mq=plug_show_start&data=&gid=1905353524&mac=18C086CD4731&pcname=Host&bootid=754AD125D3B751ACE8B1A3A675057E5C&cid=&plugver=1[.]0[.]0[.]25&act=init%20show%20cfg%20error,
  101. http://e[.]dangeana[.]com/pubg/union_plugin_769d7d5b819009a2910d5750ef6d7056_XMNetSpeeder_3[.]0[.]3[.]10_qd12_v3[.]exe,
  102. http://happysantacows[.]red/data3[.]php?2E6F3FE11D4EBB5D,
  103. http://log[.]r9j43[.]cn/terminal/start-up,
  104. http://ocsp[.]int-x3[.]letsencrypt[.]org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBR%2B5mrncpqz%2FPiiIGRsFqEtYHEIXQQUqEpqYwR93brm0Tm3pkVl7%2FOo7KECEgR2zmso4BF%2FR%2BnIRwZIatRIrw%3D%3D,
  105. http://ocsp[.]thawte[.]com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D,
  106. http://pubg[.]heymoney[.]cn/api?q=SUVWa3JIR0Z2djZpZER5Z1B2RHhIT0hUUFNVRnk2cHJncG5CQkRhcytmbz0=,
  107. http://res[.]duduniu[.]cn:8088/iprotectinit/bak/1/dseb[.]dat,
  108. http://res[.]duduniu[.]cn:8088/iprotectinit/bak/1/gajp[.]dat,
  109. http://res[.]duduniu[.]cn:8088/iprotectinit/bak/1/ghfot[.]dat,
  110. http://res[.]duduniu[.]cn:8088/iprotectinit/bak/1/mtbill[.]dat,
  111. http://res[.]duduniu[.]cn:8088/iprotectinit/bak/1/mulone1[.]dat,
  112. http://res[.]duduniu[.]cn:8088/iprotectinit/bak/1/mulone2[.]dat,
  113. http://res[.]duduniu[.]cn:8088/iprotectinit/bak/1/psip[.]dat,
  114. http://res[.]duduniu[.]cn:8088/iprotectinit/bak/1/PSvr[.]dat,
  115. http://res[.]duduniu[.]cn:8088/iprotectinit/bak/1/upopup[.]dat,
  116. http://th[.]symcd[.]com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D,
  117. http://youtop-engine[.]stnts[.]com/v2/icon?cid=EABAFDC9&ccid=00000000&bootid=3C2433D3B92A46D33E2AD4B8C038A5BD&pcname=Host&mac=18C086CD4732&scheme=0,
  118.  
  119. #malware #OSINT #IOC
  120. #Malicious
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!