I've decided to share with everyone some technical details behind a currently circulating malicious software serving campaign that's dropping a SmokeLoader variant on the targeted host and is using a variety of C&C server domains for communication with the malicious attackers.
Sample screenshots include:
Sample campaign structure:
MD5: ccaf26afe7db068aa11331f6c5af14d8
hxxp://host-file-host6.com - 34.106.70.53
hxxp://host-host-file8.com
Sample related responding IPs known to have been involved in the campaign include:
hxxp://176.124.221.9
hxxp://23.48.95.144
hxxp://45.91.8.70
hxxp://185.144.28.175
hxxp://31.44.185.182
hxxp://8.209.65.68
hxxp://45.134.27.228
hxxp://2.16.165.19
hxxp://185.251.89.108
hxxp://195.186.210.241
Stay tuned!
No comments:
Post a Comment