Chrome Store Features Extension Poisoned With Sophisticated Spyware
Kid @ kid @sh.itjust.works Posts 2,247Comments 71Joined 1 yr. ago
Kid @ kid @sh.itjust.works
Posts
2,247
Comments
71
Joined
1 yr. ago
Researchers Share CitrixBleed 2 Detection Analysis After Initial Hold - Infosecurity Magazine
BERT Ransomware Group Targets Asia and Europe on Multiple Platforms | Trend Micro (US)
Data breach reveals Catwatchful 'stalkerware' is spying on thousands of phones | TechCrunch
EU Launches Plan to Implement Quantum-Secure Infrastructure - Infosecurity Magazine
Cyber crooks jump on .es domain for credential phishing trip • The Register
Hunters International Ransomware Is Not Shutting Down, It’s Rebranding - Infosecurity Magazine
Hackers use Fake Cloudflare Verification Screen to Trick Users into Executing Malware
New Hpingbot Abusing Pastebin for Payload Delivery and Hping3 Tool to Launch DDoS Attacks
IOCs from the article :
Type Value Description IP 91.92.240[.]113 Magnet Goblin Infra IP 45.9.149[.]215 Magnet Goblin Infra IP 94.156.71[.]115 Magnet Goblin Infra URL http://91.92.240[.]113/auth.js Magnet Goblin Infra URL http://91.92.240[.]113/login.cgi Magnet Goblin Infra URL http://91.92.240[.]113/aparche2 Magnet Goblin Infra URL http://91.92.240[.]113/agent Magnet Goblin Infra URL http://45.9.149[.]215/aparche2 Magnet Goblin Infra URL http://45.9.149[.]215/agent Magnet Goblin Infra URL http://94.156.71[.]115/lxrt Magnet Goblin Infra URL http://94.156.71[.]115/agent Magnet Goblin Infra URL http://94.156.71[.]115/instali.ps1 Magnet Goblin Infra URL http://94.156.71[.]115/ligocert.dat Magnet Goblin Infra URL http://94.156.71[.]115/angel.dat Magnet Goblin Infra URL http://94.156.71[.]115/windows.xml Magnet Goblin Infra URL http://94.156.71[.]115/instal1.ps1 Magnet Goblin Infra URL http://94.156.71[.]115/Maintenance.ps1 Magnet Goblin Infra URL http://94.156.71[.]115/baba.dat Magnet Goblin Infra URL **http://**oncloud-analytics[.]com/files/mg/elf/RT1.50.png Magnet Goblin Infra URL http://cloudflareaddons[.]com/assets/img/Image_Slider15.1.png Magnet Goblin Infra Domain mailchimp-addons[.]com MiniNerbian C2 Domain allsecurehosting[.]com MiniNerbian C2 Domain dev-clientservice[.]com MiniNerbian C2 Domain oncloud-analytics[.]com MiniNerbian C2 Domain cloudflareaddons[.]com MiniNerbian C2 Domain textsmsonline[.]com MiniNerbian C2 Domain proreceive[.]com MiniNerbian C2 IP 172.86.66[.]165 NerbianRAT C2 IP 45.153.240[.]73 NerbianRAT C2 SHA256 027d03679f7279a2c505f0677568972d30bc27daf43033a463fafeee0d7234f6 NerbianRAT SHA256 9cb6dc863e56316364c7c1e51f74ca991d734dacef9029337ddec5ca684c1106 NerbianRAT SHA256 9d11c3cf10b20ff5b3e541147f9a965a4e66ed863803c54d93ba8a07c4aa7e50 NerbianRAT SHA256 d3fbae7eb3d38159913c7e9f4c627149df1882b57998c8acaac5904710be2236 MiniNerbian SHA256 df91410df516e2bddfd3f6815b3b4039bf67a76f20aecabccffb152e5d6975ef MiniNerbian SHA256 99fd61ba93497214ac56d8a0e65203647a2bc383a2ca2716015b3014a7e0f84d MiniNerbian SHA256 9ff0dcce930bb690c897260a0c5aaa928955f4ffba080c580c13a32a48037cf7 MiniNerbian SHA256 3367a4c8bd2bcd0973f3cb22aa2cb3f90ce2125107f9df2935831419444d5276 MiniNerbian SHA256 f23307f1c286143b974843da20c257901cf4be372ea21d1bb5dea523a7e2785d MiniNerbian SHA256 f1e7c1fc06bf0ea40986aa20e774d6b85c526c59046c452d98e48fe1e331ee4c MiniNerbian SHA256 926aeb3fda8142a6de8bc6c26bc00e32abc603c21acd0f9b572ec0484115bb89 MiniNerbian SHA256 894ab5d563172787b052f3fea17bf7d51ca8e015b0f873a893af17f47b358efe MiniNerbian SHA256 1079e1b6e016b070ebf3e1357fa23313dcb805d3a6805088dbc3ab6d39330548 WARPWIRE SHA256 e134e053a80303d1fde769e50c2557ade0852fa827bed9199e52f67bac0d9efc WARPWIRE URL www.fernandestechnical[.]com/pub/health_check.php Compromised Server URL biondocenere[.]com/pub/health_check.php Compromised Server URL ****www.miltonhouse[.]nl/pub/opt/processor.php Compromised Server URL https://theroots[.]in/pub/media/avatar/223sam.jpg Compromised Server SHA256 7967def86776f36ab6a663850120c5c70f397dd3834f11ba7a077205d37b117f Other: Tools and scripts SHA256 9895286973617a79e2b19f2919190a6ec9afc07a9e87af3557f3d76b252292df Other: Tools and scripts SHA256 bd9edc3bf3d45e3cdf5236e8f8cd57a95ca3b41f61e4cd5c6c0404a83519058e Other: Tools and scripts SHA256 b35f11d4f54b8941d4f1c5b49101b67b563511a55351e10ad4ede17403529c16 Other: Tools and scripts SHA256 7b1d1e639d1994c6235d16a7ac583e583687660d7054a2a245dd18f24d10b675 Other: Tools and scripts SHA256 8fe1ed1e34e8758a92c8d024d73c434665a03e94e5eb972c68dd661c5e252469 Other: Tools and scripts SHA256 fa317b071da64e3ee18d82d3a6a216596f2b4bca5f4d3277a091a137d6a21c45 Other: Tools and scripts