Kirk Sayre kirk-sayre-work
kirk-sayre-work
/ gist:8ef1c26c7788485602c7f40166b0ed48
Created
February 25, 2025 15:50
Arabic AsyncRAT BAT Downloader IOCs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| AsyncRAT Download Domains: | |
| www[.]secs[.]com[.]ly | |
| www[.]alraed-allibi[.]ly | |
| www[.]almamas[.]com[.]ly | |
| jabalareknu[.]ly | |
| elzaeem[.]com | |
| alasfar-atc[.]com | |
| aigroup[.]ly |
kirk-sayre-work
/ gist:39419267911ff31039033cba168ee6ee
Created
January 30, 2025 18:05
Unknown Brazilian Whatsapp Phish Campaign IOCs 1/30/2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Unknown Brazilian Whatsapp Phish Campaign IOCs | |
| LNK Downloader SHA256: | |
| 0ab3961a8e14d251b7823661154cac27f456f8e3d6eec971caf28fe4d29fa26f | |
| 0bdf5e7f8d4d0e339bbf2948d84f042903bf2eacde9548514aa6b3a96f3f15d8 | |
| 135c26d1a624793438b8ddde0e782b9cc66f7e0dbab83f35607012012958d59d | |
| 156961c606c571d69bc12f66aae85d530ec39663c57967ec052a65f42e8843bb | |
| 1881ebac3d31fe9d1552a57d7797ee554e26b8e1f82a3d5e80b14ca2b8228643 | |
| 1b089c67ecfe70b393e47459076de4201e170106ef0d00f81655db9c13a7fde4 |
kirk-sayre-work
/ gist:eb6657891391549c01c640be099539d1
Created
December 6, 2024 20:11
Celestial Stealer start.bat Next Stage URLs (URL + start.bat SHA256)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Celestial Stealer start.bat Next Stage URLs (URL + start.bat SHA256) | |
| ('+' indicates domain listed in Trellix blog post @ https://www.trellix.com/blogs/research/anatomy-of-celestial-stealer-malware-as-a-service-revealed/) | |
| + https[:]//spinit[.]discloud[.]app/Update | |
| 1374951e2ce3442790e1cb485b838c68f147da6e6758c13c32c91cadc244759e | |
| 64bdc08894d2266031d17cb822c7e5dd5eab78fe5fe64d4fc0f9144e5df334ca | |
| + https[:]//python-developers[.]net/Python | |
| 19251875426af36307335bdeaeb770079f6ebfb095aec6f70eebb2145559ac0f |
kirk-sayre-work
/ gist:354d875086bb533b3095dc06b7537869
Created
October 1, 2024 15:04
10/1/2024 BlindEagle VBS Sample IOCs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 10/1/2024 BlindEagle VBS Sample IOCs | |
| ====================================================== | |
| VBS Downloader SHA256: | |
| 01b5377b8e2fd5cc88c57a2115fefc853ddecbf4aff300357391dcd803b7d67d | |
| 05f1bfad1052e82ed6fc8d3348ea86f1958b8d8f39d331967edba843ce1214f7 | |
| 100d33a5d9d11b85a4b1f821a5dce334df5673da75d57ec4061df68d1c1a1a9f | |
| 186313dcc5e093e7997eaa5e1bd8e9d788bcb35537ab3d6741e3b6e37eecfa60 | |
| 2004d59d558983f5d19b914b2b348f75443c81b6f2cf0c76f7735037d376ced1 |
kirk-sayre-work
/ gist:a4a8c83481bbf0197375e3fd21914fc1
Created
August 13, 2024 15:01
Mispadu Droppers + Downloaders (8/6/2024 - 8/13/2024)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ========================================================================================== | |
| Next Stage Domain Summary: | |
| argetinoslaliga2025.com | |
| betmaniaplus.com | |
| blackinfect.ddns.net | |
| booshome.transportsd.shop | |
| contadcom.pro | |
| contpt.top | |
| firegold.ygto.com |
kirk-sayre-work
/ gist:1dd6e5b08cf168a9b5f9281ce5c37ebb
Created
December 19, 2023 21:22
Gaameradon Word/VBS IOCs 12/19/2023
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Gaameradon Word/VBS IOCs 12/19/2023 | |
| Word VBS Dropper Samples: | |
| 0d5ac615c2ed6b9082a31d8bf972354ac207a314619a34d84b3e6365f33278ec | |
| d4670935070941c60f39fbf58318574139262a4830e1f14e30144929b445dbd1 | |
| e06ab88a57c9fb5c32a12cdfcfc4945f00f4992cf715b1ef051835f39d1ff6d1 | |
| 67e83344af4e3adaebbd81438b367175107e3985af48847ff49842d034bb439d | |
| f8728139fc099387abf6a6ad92614ea82d3eeace122e347266dfaf941ba05736 | |
| 6956804df2c6463d8bd049c5b0d462f92981f343800bb20b6d39d8e8b80093bc |
kirk-sayre-work
/ gist:d9c2918435ed029c15702d9f1cae7cd6
Created
October 30, 2023 20:41
Malicious Ad Network Weebly Sites 10/30/2023
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| abilitypasa.weebly.com | |
| absolutestorm.weebly.com | |
| acabazar.weebly.com | |
| acaboston.weebly.com | |
| acaconnections.weebly.com | |
| academypna.weebly.com | |
| acaforum.weebly.com | |
| acahan.weebly.com | |
| acahit.weebly.com | |
| acalabs.weebly.com |
kirk-sayre-work
/ gist:dabdba72fac1b5c05784e9d7b33a374f
Created
September 13, 2023 21:38
DarkGate VBS IOCs 9/13/2023
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ad69260c01893e83429a85d3e9e75d28f1c6ba3fb7190799af09afe27d4193e9 | |
| http://whatup.cloud:9999/bclrlapx | |
| 2e1e2e480f4fe00a18433af359c5025be4b28237cb3cf783f3cbb9900b9d5004 | |
| http://positivereview.cloud:80/druunpfp | |
| d28a4e5d6cb5c2d08468fff1d181c4b2a3efb708d500e8df2276da9f4743bbd8 | |
| http://positivereview.cloud:80/ktzkdpqn | |
| 6c08b0ab384a21f30baf8b01104041b6f92c93e22787dd430e098f01303a6306 |
kirk-sayre-work
/ gist:81b592ea35efcc655ead1f17075f51e5
Created
September 8, 2023 15:20
Blind Eagle JS IOCs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 976f87ce068e3c03404e3c0d141a76ce162e8d143ff093ba9a0279906296c77b | |
| https://uploaddeimagens.com.br/images/004/591/185/original/js_no_startup.jpg?1693261014 | |
| 6a4bf66fbbbf904c20c917307a6d9e9c0255c867d319c031ab7e6bdd961910fe | |
| https://uploaddeimagens.com.br/images/004/591/185/original/js_no_startup.jpg?1693261014 | |
| fcb9b4ac86494dfd46494e0f2cc1b59c092aa9b0a904957d4a813022ec556584 | |
| https://uploaddeimagens.com.br/images/004/591/185/original/js_no_startup.jpg?1693261014 | |
| 644f193420b74e89a0667ebc749a843339b2c978663dfb5d97202ec9c7bf9400 |
kirk-sayre-work
/ gist:ce08df119b2b9c16f31dd94c895adcdc
Created
September 5, 2023 19:14
Danabot VBS 9/5/2023
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Downloader URLs: | |
| https://bakersfield.barracudas.sbs/?nz5jedvlzb3hrz2ubtw18xz3i3so2cec | |
| https://tampa.barracudas.sbs/?anzb3dpidfi8tsvv6xyshe0hav | |
| https://greensboro.soulcarelife.org/?79vayfn8yw0hanaz87vjb33g7m13 | |
| https://greensboro.soulcarelife.org/?nz25pby0b3vvd50rc7gjhdxuz387887qx1 | |
| https://lincoln.soulcarelife.org/?pllfnthzb3joyoff039ccutzk2fq | |
| https://pittsburgh.soulcarelife.org/?cznk39s8czb3ioxjh83zhs3cmok | |
| https://pittsburgh.soulcarelife.org/?ntzb3eamel8pqr6ol2wg1kmts0 | |
| https://plano.soulcarelife.org/?5nzumurxizhrb3bpztdybha98e8 |
NewerOlder