Vidar_IOCs_2019-11-25_14_02.txt

#Vidar #malware #OSINT #IOC

MD5s:
5ee1227e20fe723538b50b7025ee546e
b51b126f69022c7f53b4e0c19608be39
d9160e846a7dd1f58b972a5550999999

IPs:
161[.]117[.]225[.]32
208[.]95[.]112[.]1
209[.]141[.]33[.]126
23[.]52[.]1[.]137
23[.]52[.]1[.]152
23[.]52[.]1[.]160
47[.]254[.]232[.]105
62[.]210[.]6[.]175

Domains:
bitbucket[.]org
crarepo[.]com
legion17[.]com
pix-fix[.]net
ssdupdate1[.]top
ssdupdate2[.]top
starlikespace[.]org
superghost[.]ug

URL:
http://bitbucket[.]org/being-decide/google/downloads/setup_c[.]exe,
http://bitbucket[.]org/fastuploads/2019/downloads/setup_m[.]exe,
http://bitbucket[.]org/teethdefinition/file/downloads/setup_c[.]exe,
http://crarepo[.]com/,
http://crarepo[.]com/237,
http://crarepo[.]com/freebl3[.]dll,
http://crarepo[.]com/freebl3[.]dll?ddosprotected=1,
http://crarepo[.]com/mozglue[.]dll,
http://crarepo[.]com/msvcp140[.]dll,
http://crarepo[.]com/nss3[.]dll,
http://crarepo[.]com/softokn3[.]dll,
http://crarepo[.]com/vcruntime140[.]dll,
http://legion17[.]com/legion17/welcome,
http://pix-fix[.]net/p/wo[.]php?stub=24&cid=,
http://ssdupdate1[.]top/gate1[.]php?a=bbed3e55656ghf02-0b41-11e3-8249id=2,
http://ssdupdate1[.]top/gate1[.]php?a=bbed3e55656ghf02-0b41-11e3-8249id=28,
http://ssdupdate1[.]top/gate1[.]php?a=true,
http://ssdupdate2[.]top/test/eu/1[.]exe,
http://ssdupdate2[.]top/test/eu/2[.]exe,
http://ssdupdate2[.]top/test/us/1[.]exe,
http://ssdupdate2[.]top/test/us/2[.]exe,
http://starlikespace[.]org/,
http://starlikespace[.]org/237,
http://starlikespace[.]org/83,
http://starlikespace[.]org/freebl3[.]dll,
http://starlikespace[.]org/freebl3[.]dll?ddosprotected=1,
http://starlikespace[.]org/mozglue[.]dll,
http://starlikespace[.]org/msvcp140[.]dll,
http://starlikespace[.]org/nss3[.]dll,
http://starlikespace[.]org/softokn3[.]dll,
http://starlikespace[.]org/vcruntime140[.]dll,
http://superghost[.]ug/api/check[.]get,
http://superghost[.]ug/api/gate[.]get?p1=0&p2=9&p3=0&p4=0&p5=0&p6=0&p7=0&p8=0&p9=0&p10=gIBmoBIFHT6Ix0AKSoc+DvHPbaNDkQqeETPp,