SHARE
TWEET

2019-09-20-danabot-iocs

W3ndige Sep 20th, 2019 506 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. * VBS network connections:
  2. 194.32.78[.]85:443
  3. 31.214.157.14:80
  4.  
  5. * Domains:
  6. minopells[.]xyz|194.32.78[.]85
  7. seioooi[.]xyz|31.214.157[.]14
  8.  
  9. * Domains found in Explorer.EXE memory:
  10. buismashallah[.]at
  11. ey7kuuklgieop2pq[.]onion
  12.  
  13. * URLs found in Explorer.EXE memory:
  14. hxxp://shoshanna[.]at/images/eEfnxMewtb/I9AeYNwCfQwIkCRhm/J1IBuvozvG67/pg_2Fy9xcSI/_2BcFNX0PkJz5t/6rTcnU_2B99DMTDSnXxUo/fcYxNb7xVXRxkiUw/nCLQNj8qHQqYQiY/biGuPIoNP_2F_2BlbN/exCxLKQJy/YIjke6u6Rx4nDEdET
  15.  
  16. * Explorer.EXE network connections:
  17. 151.251.23[.]210:80
  18. 79.136.8[.]168:80
  19.  
  20. * DNS records for Explorer.exe query for shoshanna[.]at:
  21.  
  22. shoshanna.at: type A, class IN, addr 201.189.177.2
  23. shoshanna.at: type A, class IN, addr 46.209.12.222
  24. shoshanna.at: type A, class IN, addr 151.251.23.210
  25. shoshanna.at: type A, class IN, addr 91.201.175.46
  26. shoshanna.at: type A, class IN, addr 124.195.215.242
  27. shoshanna.at: type A, class IN, addr 31.5.167.149
  28. shoshanna.at: type A, class IN, addr 217.27.35.117
  29. shoshanna.at: type A, class IN, addr 197.255.225.117
  30. shoshanna.at: type A, class IN, addr 89.215.216.77
  31. shoshanna.at: type A, class IN, addr 37.34.225.14
  32.  
  33. and
  34.  
  35. shoshanna.at: type A, class IN, addr 79.136.8.168
  36. shoshanna.at: type A, class IN, addr 188.254.186.158
  37. shoshanna.at: type A, class IN, addr 95.158.162.200
  38. shoshanna.at: type A, class IN, addr 201.189.177.2
  39. shoshanna.at: type A, class IN, addr 46.10.66.102
  40. shoshanna.at: type A, class IN, addr 46.237.80.152
  41. shoshanna.at: type A, class IN, addr 151.251.23.210
  42. shoshanna.at: type A, class IN, addr 37.247.216.118
  43. shoshanna.at: type A, class IN, addr 91.201.175.46
  44. shoshanna.at: type A, class IN, addr 188.112.188.207
  45.  
  46. * At later stage there were webinjects in Explorer.EXE memory with this domain:
  47. vaunuty[.]online
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top