iocs 01de124cfce46ee08b17cee79487f63a

1. Sample 01de124cfce46ee08b17cee79487f63a (https://app.any.run/tasks/95c6675b-1cb6-460b-a9b7-e26dad19f760)
2. -PONY FAREIT TROJAN
3. -Downloaded from: hxxp://selfhelpstartshere.]com/wp-admin/q.exe (https://urlhaus.abuse.ch/url/206165/)
4. -Urls into the unpacked binary:
5. hxxp://theeditedword.com/wp-includes/art.exe - 9ae9ef73266e59f9a867ada98181b2c3 #COBALSTRIKE #LOADER
6. hxxp://ikusi.org/wp-content/plugins/apikey/art.exe - 9ae9ef73266e59f9a867ada98181b2c3 #COBALSTRIKE #LOADER
7. hxxp://avans24.ru/art.exe - 9ae9ef73266e59f9a867ada98181b2c3 #COBALSTRIKE #LOADER
8. hxxp://cid.ag/wp-admin/art.exe - 9ae9ef73266e59f9a867ada98181b2c3 #COBALSTRIKE #LOADER
9. hxxp://kingusaref.com/mlu/forum.php
10. hxxp://tansinmaked.ru/mlu/forum.php
11. hxxp://retnejustren.ru/mlu/forum.php
12.  
13. Sample 9ae9ef73266e59f9a867ada98181b2c3 (https://app.any.run/tasks/be2ce0d5-1ffc-4c03-b52a-0223c05d773d)
14. -COBALTSTRIKE LOADER
15. -Connects to:
16. http://31.44.184.33/H7mp (https://app.any.run/tasks/80fbc913-c3a2-413b-9bb5-9a37a647ea0c)
17. http://31.44.184.33/g.pixel