Carder Tools/Phishing links

publish date:

reference :

IOC Table
total 15
type value
domain soumaismagalu.com
domain ofertasespecial2019.com
hostname rds.ofertas-mes-de-maio.com
hostname www75.top-top-de-maio.com
hostname www52.megacupomdedesconto.com
hostname www.semanadasoff.com
hostname www89.megacupomdedesconto.com
URL http://soumaismagalu.com/PmvVsa2222454545da/index.php?&id=3
URL https://ofertasespecial2019.com/363595072/?TelefoneseCelulares/Smartphones/Android/smartphone-samsung-galaxy-j8-sm-j810m-4g-android-80-octa-core-18ghz-64gb-camera-16mp-tela-60-quot-preto-13672356.html?utm_source=facebook&utm_medium=SocialMedia&utm_campaign=UserShared&cd=771370428
URL https://rds.ofertas-mes-de-maio.com/419440b1-30d0-be3-8956-48f1b36ad060/produto/132733871/lavadora-de-roupas-brastemp-11kg-bwk11-branco
URL https://www75.top-top-de-maio.com/tkn7389180/smartphone-motorola-moto-g7-plus-64gb-dual-chip-android-pie-9-0-tela-6-3-1-8-ghz-octa-core-4g-camera-16mp-f1-7-5mp-f1-9-dual-cam-rubi/134186306/pr
URL https://www.semanadasoff.com/maio/338746614/?UtilidadesDomesticas/Panelas/conjuntodepanelas/conjunto-de-panelas-tramontina-bergamo-com-panela-de-pressao-6-pecas-13175579.html?utm_source=facebook&utm_medium=SocialMedia&utm_campaign=UserShared&cd=975592554
URL https://rds.ofertas-mes-de-maio.com/edd7f233-05bf-805-86cf-3134dccc17bd/produto/133718358/smart-tv-led-50-lg-50uk6510-ultra-hd-4k-com-conversor-digital-4-hdmi-2-usb-wi-fi-thinq-ai-webos-4.0-60hz-inteligencia-artificial-prata
URL https://www52.megacupomdedesconto.com/tkn1198987/smartphone-motorola-moto-g6-plus-dual-chip-android-oreo-8-0-tela-5-9-octa-core-2-2-ghz-64gb-4g-camera-12-5mp-dual-traseira-indigo/133453185/pr
URL https://www89.megacupomdedesconto.com/tkn3036789/smartphone-motorola-moto-g6-plus-dual-chip-android-oreo-8-0-tela-5-9-octa-core-2-2-ghz-64gb-4g-camera-12-5mp-dual-traseira-indigo/133453185/pr

#Gafgyt #IoT #Malware #Backdoor #DDos Threat Actor #Nakuma

publish date:

reference :

IOC Table
total 12
type value
IPv4 134.209.25.238
URL http://134.209.25.238/wrgjwrgjwrg246356356356/harm7
URL http://134.209.25.238/wrgjwrgjwrg246356356356/hm68k
URL http://134.209.25.238/wrgjwrgjwrg246356356356/harm6
URL http://134.209.25.238/wrgjwrgjwrg246356356356/hmpsl
URL http://134.209.25.238/wrgjwrgjwrg246356356356/harm
URL http://134.209.25.238/wrgjwrgjwrg246356356356/hx86
URL http://134.209.25.238/wrgjwrgjwrg246356356356/hspc
URL http://134.209.25.238/wrgjwrgjwrg246356356356/hmips
URL http://134.209.25.238/wrgjwrgjwrg246356356356/hsh4
URL http://134.209.25.238/bins/sora.arm7
URL http://134.209.25.238/bins/sora.arm

Emotet IOCs 5/17/2019

publish date:

reference :

Emotet Payload URLs, Hashes - 2019-05-17

publish date:

reference :

IOC Table
total 230 View detail
type value
URL http://doanthanhnien.spktvinh.edu.vn/wp-admin/verification_area/sec/Us/myaccount/new_resourses/
URL http://gadgetandplay.com/wp-admin/0q7eb83365
URL https://blog.apoictech.com/wordpress/wp-content/9on272
URL http://blog.apoictech.com/wordpress/wp-content/9on272
URL http://old.oleglukanov.com/cgi-bin/cesbtj755s6p0fcyvimmnneg38ms_go812f7-566475421578787/
URL http://notix-test.ru/zamki/jwgiy866pt1ct8zemzx8yrku3b_6m6s088-5933526545566/
URL http://neurologicalcareofoc.com/jutorje32/OfpUqeUuYdluaSgfbIe/
URL http://newwebsite.smex.org/wp-admin/LLC/yebukw3dgwgzq5ebygh_n4g4iort3o-84431657/
URL http://onetouchfootball.gr/aqqf/parts_service/pmtwlshs32bqzll_ny4lmq4zgp-1593792866860/
URL http://ohioamft.org/images/esp/whoiy5qxbjnrp1gmegkx8_2dy87q342n-1691925380481/
URL http://msinet.s87.xrea.com/ogasa_data/lm/wrqrib4qqa_g37i0cgy2r-75961413357/
URL http://gigmoz.com/saicollection/9tnulb5pniumdu53qd5adk_k9gzahh9o-436784313075/
URL http://kulzein.com/tcsa2fo/titjckjb80xyv6xjs9l879gv_vwuyzcy9pt-31037587938083/
URL http://agents.map-link.co.uk/cgi-bin/Pages/dxebbm7rfe9yjkcu1s0f_owwlim3rvt-900385447853124/
URL http://amarresyretornosdeamor.com/wp-includes/esp/neJynmXSShVwzuVQWBaeQrwvj/
URL http://mapala.politala.ac.id/wp-includes/Scan/84lyfqg006n3tnv_pqc15-6573296772/
URL http://biyoistatistikdoktoru.com/wp-content/jlEzCPsEEfOdjSUjIFIJ/
URL http://greencampus.uho.ac.id/wp-content/uploads/esp/fexcocn582zqkrx45qc979i_b7al0se-6012446038782/
URL http://physionize.com/wp-includes/paclm/wgkcgc583re0c6veyxfn1zf4u95uey_u407xg-23929936006/
URL http://www.pomohouse.com/wp-content/LLC/bs5wlwidu_lhwh8-6531737739304/

Comunicado CSIRT 8FPH-00020-001 - Phishing Banco Estado

publish date:

reference :

IOC Table
total 12
type value
domain elbrus-voda.ru
domain apnarigs.com
email apache@figueroa.net
email apache@transber.net
email apache@hwsrv-485021.hostwindsdns.com
email apache@nutrientes.com
hostname www.csirt.gob.cl
hostname hwsrv-485021.hostwindsdns.com
hostname k1.onlinepublication.treetion.com
IPv4 45.7.228.66
IPv4 45.7.228.48
URL https://www.csirt.gob.cl

An Unauthenticated RCE Gold Rush: A Look at Attacks Exploiting Confluence CVE-2019-3396

publish date:

reference :

IOC Table
total 81 View detail
type value
domain paneltxd.cl
FileHash-SHA256 8269773c98c259acb7d109de1c448673d1e45b3684834b19335bd42c84977e4c
FileHash-SHA256 7f52efd3d2a99475164a9413ed2d1b947129099d67c72583633cedbc6032f8e5
FileHash-SHA256 92a6c2a5a70f6535bb3bfdffb3c3829ffae8a9bea380c34311e72dc0f66bcfdb
FileHash-SHA256 c39b2db5e3d54335c5320f399212c9e073c48f001a8dd9250f711d45420d3a2a
FileHash-SHA256 6e26a649c7cecae0f367e53e901529717bddce9ae5ec9dff070b8c3392c13e71
FileHash-SHA256 f882528e1ac9ca36db8354822e527c50c141aea05b6e120ff5a61e3a170ba5f9
FileHash-SHA256 a6876c0caebfa1eacf13b8236fa64e509e1df2fe9c88b0a03eea880c8023dbcb
URL http://166.62.38.167/plus/cx.2
URL http://166.62.38.167/plus/rc9
URL http://681f224d.ngrok.io/f/serve?l=o&r=a319660436b4ce21b5da4fe407676ea5
URL http://198.12.156.218/plus/java
URL http://820c29ed.ngrok.io/c?r=a319660436b4ce21b5da4fe407676ea5
URL http://426c9be3.ngrok.io/f/serve?l=o&r=a319660436b4ce21b5da4fe407676ea5
URL http://166.62.38.167/plus/kok
URL http://166.62.38.167/plus/wow_cf
URL https://dd.heheda.tk/id_rsa.pub
URL http://9d09805e.ngrok.io/d8/nginx
URL http://198.12.156.218/plus/javad
URL http://193.57.40.46/rep2.php

An Unauthenticated RCE Gold Rush: A Look at Attacks Exploiting Confluence CVE-2019-3396

publish date:

reference :

IOC Table
total 81 View detail
type value
domain paneltxd.cl
FileHash-SHA256 8269773c98c259acb7d109de1c448673d1e45b3684834b19335bd42c84977e4c
FileHash-SHA256 7f52efd3d2a99475164a9413ed2d1b947129099d67c72583633cedbc6032f8e5
FileHash-SHA256 92a6c2a5a70f6535bb3bfdffb3c3829ffae8a9bea380c34311e72dc0f66bcfdb
FileHash-SHA256 c39b2db5e3d54335c5320f399212c9e073c48f001a8dd9250f711d45420d3a2a
FileHash-SHA256 6e26a649c7cecae0f367e53e901529717bddce9ae5ec9dff070b8c3392c13e71
FileHash-SHA256 f882528e1ac9ca36db8354822e527c50c141aea05b6e120ff5a61e3a170ba5f9
FileHash-SHA256 a6876c0caebfa1eacf13b8236fa64e509e1df2fe9c88b0a03eea880c8023dbcb
URL http://166.62.38.167/plus/cx.2
URL http://166.62.38.167/plus/rc9
URL http://681f224d.ngrok.io/f/serve?l=o&r=a319660436b4ce21b5da4fe407676ea5
URL http://198.12.156.218/plus/java
URL http://820c29ed.ngrok.io/c?r=a319660436b4ce21b5da4fe407676ea5
URL http://426c9be3.ngrok.io/f/serve?l=o&r=a319660436b4ce21b5da4fe407676ea5
URL http://166.62.38.167/plus/kok
URL http://166.62.38.167/plus/wow_cf
URL https://dd.heheda.tk/id_rsa.pub
URL http://9d09805e.ngrok.io/d8/nginx
URL http://198.12.156.218/plus/javad
URL http://193.57.40.46/rep2.php

Swf malware on Metadefender.com

publish date:

reference :

Mp4 malware on Metadefender.com

publish date:

reference :

Exp malware on Metadefender.com

publish date:

reference :

Gator malware on Metadefender.com

publish date:

reference :

Rincux malware on Metadefender.com

publish date:

reference :

Padodor malware on Metadefender.com

publish date:

reference :