Botnet Muhstik is Actively Exploiting Drupal CVE-2018-7600 in a Worm Style

publish date:

reference :

IOC Table
total 76 View detail
type value
URL http://121.128.171.44:9090
URL http://139.99.101.96:9090
URL http://142.44.163.168:9090
URL http://142.44.240.14:9090
URL http://144.217.84.99:9090
URL http://145.239.84.0:9090
URL http://145.239.93.125:9090
URL http://147.135.210.184:9090
URL http://192.99.71.250:9090
URL http://47.135.208.145:4871
URL http://66.70.190.236:9090
URL http://104.236.26.43/muhstik.sh
URL http://104.236.26.43/xmrt32.sh
URL http://121.127.216.91/multiply/wp-content/plugins/all-in-one-wp-migration/t6ssh
URL http://191.238.234.227/amazon.php
URL http://191.238.234.227/dedi.php
URL http://191.238.234.227/x/aioarm
URL http://191.238.234.227/x/aioi586
URL http://191.238.234.227/x/aiomips
URL http://191.238.234.227/x/aiomipsel

Ramnit malware on Metadefender.com

publish date:

reference :

RansSIRIA Ransomware Takes Advantage of the Syrian Refugee Crisis

publish date:

reference :

Minecraft & CS:GO Ransomware Strive For Media Attention

publish date:

reference :

IOC Table
total 54 View detail
type value
FileHash-MD5 11ad8a33f89c0f6488a26ae8f01a31d7
FileHash-MD5 19504eb1c5d21d896d7e217f66031b7b
FileHash-SHA256 066231686b4634081736ef2f51e83cc69cc01db203967a88f7ff7d9fa84984f8
FileHash-SHA256 1c565d978f3fe2b259af7d06cdb3651afee200a580a04b2b6fb856a4d986306b
FileHash-SHA256 1ec96281a57a01a6415662f44a9b96a2f00488beae12c5c730cfa96b63abd42c
FileHash-SHA256 2b9a684946c626f525f96b45c00514d6523821fa5031fc2042ef21d0069ebdbb
FileHash-SHA256 2d1eb5797b8fbcbea8462b470da343ba95d545808d83f71b8763e1daf7648b14
FileHash-SHA256 3b02d16e71307f5b80d45ba04610be6c12e7a523ccb704f8a2478a213a15e86b
FileHash-SHA256 40b851137f18e50c182c3a303ac97005a75edc6e470434e14535255c7a34aec6
FileHash-SHA256 658708957da960774321d1272443f78992de56ce66a739a990944267200465e9
FileHash-SHA256 68eadde62a0c5baa44484194f62fc80ec5e27b8581f3219fecc0ccb92c4c4d75
FileHash-SHA256 6cdacbc0c3a6c2aca98210bd16b76d2bf2740c8c67606f62203592f290fac76e
FileHash-SHA256 7119237f48aadb9a87389b2252fbd28fa69384a91a49c8d14f3900311ce84d1b
FileHash-SHA256 72d103eb07d8d8b9fb4a1cbb12b20716936b97574d688631956dc7becabbd784
FileHash-SHA256 7d8929ef41ecfa871779c8a41028d3339023472b6845263d1324703551675668
FileHash-SHA256 8522f0a546fe566529f48b67c8d92d5cab82fe67471249097b3b0b095fe1a154
FileHash-SHA256 8bc877003404b1bd51bc1d614c5c3f27151633b06c43c5fba73f61ef7fc88dfa
FileHash-SHA256 92311f839fbc21568323a3ec53c9c16d6febcf593c301c3263e453c62c1a4913
FileHash-SHA256 e5d8e5e967ca27c012e15f8a675feddeaa189176cb0e237f99fdbbb9a4bad6c3
FileHash-SHA256 e8b3dc551d14fc9ed2da1405b34cec5ba17abf7b1bd60266501cd6c903163050

Report for no10thecoffeeshop.co.uk Web Stresser DDoS Tools

publish date:

reference :

IOC Table
total 12
type value
domain ed6d7b8eb28f58f673882c805b7e5219.zip
domain no10thecoffeeshop.co.uk
FileHash-MD5 ed6d7b8eb28f58f673882c805b7e5219
hostname www.no10thecoffeeshop.co.uk
URL http://no10thecoffeeshop.co.uk/INV/PUT-4856
URL http://no10thecoffeeshop.co.uk/INV/PUT-4856/
URL http://no10thecoffeeshop.co.uk/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-countdown.js
URL http://no10thecoffeeshop.co.uk/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-counters-circle.js
URL http://no10thecoffeeshop.co.uk/wp-content/themes/flecia/p_bruke_su=
URL http://www.no10thecoffeeshop.co.uk/wp-content/themes/flecia/p_bruke_su=
URL http://no10thecoffeeshop.co.uk/wp-content/plugins/fusion-bui
URL http://no10thecoffeeshop.co.uk/wp-content/themes/flecia/imag

Botnet Muhstik is Actively Exploiting Drupal CVE-2018-7600 in a Worm Style

publish date:

reference :

IOC Table
total 42 View detail
type value
URL http://121.128.171.44:9090
URL http://139.99.101.96:9090
URL http://142.44.163.168:9090
URL http://142.44.240.14:9090
URL http://144.217.84.99:9090
URL http://145.239.84.0:9090
URL http://145.239.93.125:9090
URL http://147.135.210.184:9090
URL http://192.99.71.250:9090
URL http://47.135.208.145:4871
URL http://66.70.190.236:9090
URL http://104.236.26.43/muhstik.sh
URL http://104.236.26.43/xmrt32.sh
URL http://121.127.216.91/multiply/wp-content/plugins/all-in-one-wp-migration/t6ssh
URL http://191.238.234.227/amazon.php
URL http://191.238.234.227/dedi.php
URL http://191.238.234.227/x/aioarm
URL http://191.238.234.227/x/aioi586
URL http://191.238.234.227/x/aiomips
URL http://191.238.234.227/x/aiomipsel

Stresspaint Malware Campaign Targeting Facebook Credentials

publish date:

reference :

IOC Table
total 23 View detail
type value
domain homepagetools.online
domain xn--80a2a18a.net
domain xn--p1aca6f.com
FileHash-SHA256 a3af6c0d0e7e4cdfdadc1e4be38407521f95d822cc19b9618296ac4ceaba7347
FileHash-SHA256 06a03e0b9084a592f40570e489d00a09da3532c1e45b2686ae31ef3238f95b81
FileHash-SHA256 48e11de64e113d61974f3d4ceefc1b9c459d7e5bf9f0a83055b01adff2cf2c8a
FileHash-SHA256 6ac9ecac0cd90bbcb5486978a61763fe91deaf75017844bf57ca649cf3972dc0
FileHash-SHA256 152a1ff7d81bf28b04ca9023ec01bf68f7ff9e7d05d595d1fc42e4b0c20bb5bb
hostname api.adeoalennvasc243822.online
hostname count.homepagetools.online
URL http://count.homepagetools.online/
URL http://count.homepagetools.online/fadmin/count0.php?js=
URL http://xn--80a2a18a.net/
URL http://xn--p1aca6f.com/
URL http://count.homepagetools.online/fadmin/count0.php?js=meqtmRTeyJndWlkIjoiUUhQWVcxMTA5NDQyMDE4MTkwNCIsIm9zIjoiV2luZG93czciLCJhZ2VudCI6IkNocm9tZSIsInNldHVwIjoiNCJ9
URL http://count.homepagetools.online/fadmin/count0.php?js=MTifYDGeyJndWlkIjoiOFZBSlgyMjQzMjIyMDE4MTkwNCIsIm9zIjoiV2luZG93czciLCJhZ2VudCI6IkNocm9tZSIsInNldHVwIjoiNCJ9
URL http://count.homepagetools.online/fapi.php?guid=313033333554455155494C41424F4F4D424F4F4D&os=5&oslan=1033&setup=RegOK12
URL http://count.homepagetools.online/fadmin/post.php?js=
URL http://count.homepagetools.online/fadmin/count0.php?js=rMhfSONeyJndWlkIjoiVE1LWTEwMTQwM
URL http://xn--p1aca6f.com/Relieve_stress_Paint_1.6.exe

Faceliker malware on Metadefender.com

publish date:

reference :

Ramnit malware on Metadefender.com

publish date:

reference :