Tag: pseudoDarkleech

IOCs: 107.181.172.103 – lovlose.com – Compromised site 109.234.37.178 – new.buttock.toys – RIG-v EK Cerber check-in traffic via UDP port 6892 1.22.15.0/27 2.23.16.0/27 91.239.24.0/24 91.239.25.0/24 IOCs: 184.168.136.128 – tarboushgrill.com – Compromised site 81.177.139.86 – see.soulartspublishing.com – RIG-v EK Cerber check-in traffic via UDP port 6892 77.4.1.0/27 77.15.1.0/27 91.239.24.0/24 91.239.25.0/24 IOCs: 141.138.168.111 – hoolhoevebriards.com – Compromised site ...

IOCs: 184.172.50.36 – chicago.fdmaps.com – Compromised site 195.161.62.232 – new.underinsuredamerican.org – Rig-V EK Cerber check-in traffic via UDP port 6892: 37.15.20.0/27 77.1.12.0/27 91.239.24.0/24 91.239.25.0/24 148.251.6.214 – btc.blockr.io – Bitcoin block explorer 84.200.4.130 – ffoqr3ug7m726zou.1mstqg.top – Cerber Decryptor site Traffic: Hashes: SHA256: 814d06968bd54aadd13f3e352d5c6b792decdb1c8eeec8d35e7aeaa0cde72b57 File name: RigV UA check.html SHA256: 7e285aee3f54b9a289d03f8a6904eeed8dd88c3028f92ce9d62d8f2c333a52d7 File name: RigV EK Landing Page.html ...

IOCs: 162.255.161.10 – luckystavern.com – Compromised site 81.177.6.49 – will.warondoctors.info – Rig-V EK Cerber check-in traffic via UDP port 6892: 37.15.20.0/27 77.1.12.0/27 91.239.24.0/24 91.239.25.0/24 148.251.6.214 – btc.blockr.io – Bitcoin block explorer 23.152.0.137 – ffoqr3ug7m726zou.13inb1.top – Cerber Decryptor site Traffic: Hashes: SHA256: 948785c8a2c441345317ea80e1fd7c622599932dade375872b9c5b9030a61145 File name: RigV UA check page.html SHA256: 699fe5529a3a6928717e47300646d18f36a6ce21823228fffdd52d06e9aa9cd5 File name: RigV EK Landing ...

IOCs: 166.62.25.210 – dunlogginvet.com – Compromised website 195.133.49.182 – art.thinleadermd.com – Rig-v EK sub-domain Cerber check-in traffic via UDP port 6892: 37.15.20.0/27 77.1.12.0/27 91.239.24.0/24 91.239.25.0/24 148.251.6.214 – btc.blockr.io – Bitcoin block explorer 185.82.200.167 – avsxrcoq2q5fgrw2.1gaje2.top – Cerber Decryptor site Traffic: Hashes: SHA256: df65f65dc15cfa999f07869b587c74c645da66129c009db5d8b8c2c29ae4fadf File name: Rig-V Flash Exploit.swf SHA256: 9f93a612da234591aa2645277aa0672ad53cfebe2697bdcf5e38e0920e270d35 File name: OTTYUADAF SHA256: d6a7f7253e30ffbfddc85c34a905dd9022819df0629c698fe71bec384b041f6d ...

IOCs: 74.220.207.74 – neilfoote.com – Compromised website 46.30.46.210 – new.toyotaoflaramie.com – Rig-V EK Cerber check-in traffic via UDP port 6892: 15.49.2.0/27 122.1.13.0/27 194.165.16.0/24 194.165.17.0/24 ICMP traffic from 95.141.21.37 via destination port 6892 185.98.87.153 – ffoqr3ug7m726zou.zgyua4.top 148.251.6.214 – btc.blockr.io – Bitcoin block explorer ffoqr3ug7m726zou.162egg.top – Cerber Decryptor site ffoqr3ug7m726zou.rssh31.bid – Cerber Decryptor site ffoqr3ug7m726zou.onion.to – Cerber ...

IOCs: 142.147.9.32 – carrollgymnastics.com – Compromised website 194.87.238.148 – new.ehrlichusedautos.com – Rig-V EK Cerber checkin UDP traffic via port 6892 (3 times for all IPs in each subnet listed below): 15.49.2.0/27 122.1.13.0/27 194.165.16.0/24 194.165.17.0/24 148.251.6.214 – btc.blockr.io – Bitcoin block explorer 54.91.45.162 – ffoqr3ug7m726zou.41c920.top – Cerber Decryptor site 54.91.45.162 – ffoqr3ug7m726zou.rovr6i.top – Cerber Decryptor site ...