Tag: Godzilla Loader
Afraidgate at 178.62.242.179 Leads to RIG-v EK at 92.53.120.233, Godzilla Loader Grabs Locky (.osiris)
IOCs: 138.128.171.35 – northcoastmed.com – Compromised website 178.62.242.179 – dropname.syncroweb.com – Afraidgate subdomain 92.53.120.233 – red.telco.news – RIG-v EK 200.7.102.105 – lingvitopr.com – Godzilla loader GET for Locky 188.127.239.53 – Locky post-infection traffic – POST /checkupdate Traffic: Hashes: SHA256: 443b3bb140553acc8c861ddc2a0275936a5a26489030b424703775d2f3242ae8 File name: northcoastmed.com.html SHA256: cebd2b86b7830c3b11414581de5068d6d152873731a4a1f3fa7270d21a7a3fb2 File name: dropname.syncroweb.com Afraidgate.js SHA256: eb8fb3f87093c0a9e24047cee0f472373d3d78212ced708d235825b31a70df4b File name: RIG-v Pre-Landing ...
Malware breakdown 