TLP:WHITE41 IOCs
Armored Likho digging a snake pit: inside the covert BusySnake Stealer campaign
Threat Actors
Malware Families
Diamond Model
Adversary(3)
Infrastructure(6)
Capability(1)
Victim
5W+H Threat Analysis
Analysis unavailable
Indicators of Compromise
Indicators of Compromise41
| Type | Indicator | Confidence | Score | First Seen |
|---|---|---|---|---|
| MD5 | 80b7700053e115d65365ce7330383320 exploitfile-hashintel-blog | Medium | 53 | Jul 3, 26 |
| URL | http://grked.online:8000/tunnel/create/?username=redacted intel-blogmalwarenetwork | High | 58 | Jul 3, 26 |
| MD5 | a0ec7a8e61eff3f445a7455b3aef9fbb exploitfile-hashintel-blog | Medium | 53 | Jul 3, 26 |
| MD5 | 90378881856abfa47d7745c0a3ef9dc8 exploitfile-hashintel-blog | Medium | 53 | Jul 3, 26 |
| MD5 | fd2bdd8047addee6fde2f532de181bfd exploitfile-hashintel-blog | Medium | 53 | Jul 3, 26 |
| URL | https://grked.online/tunnel/create/?username=redacted intel-blogmalwarenetwork | High | 58 | Jul 3, 26 |
| MD5 | ddff82a115558584bbd7741d4ffb35b4 exploitfile-hashintel-blog | Medium | 53 | Jul 3, 26 |
| MD5 | 5d5c3e483c5e544260ce98fc29fbf192 exploitfile-hashintel-blog | Medium | 53 | Jul 3, 26 |
| MD5 | f2ab09d7e7a375a192508a5014aa2ee4 exploitfile-hashintel-blog | Medium | 53 | Jul 3, 26 |
| MD5 | e2550cfad9dcc880bf04f6048f90868c exploitfile-hashintel-blog | Medium | 53 | Jul 3, 26 |
| Domain | ndrt.ink exploitintel-blogmalware | High | 58 | Jul 3, 26 |
| MD5 | 006887732ca4a4a46a97989cf4deeef6 exploitfile-hashintel-blog | Medium | 53 | Jul 3, 26 |
| MD5 | 0041fd1b2358cd08dbcbc28ea8fc3d20 exploitfile-hashintel-blog | Medium | 53 | Jul 3, 26 |
| MD5 | 8188b2f347b77d65d08cfb23808ac244 exploitfile-hashintel-blog | Medium | 53 | Jul 3, 26 |
| MD5 | 78135f72ab148a0cc074f6b2dd51fff6 exploitfile-hashintel-blog | Medium | 53 | Jul 3, 26 |
| MD5 | 894332174f536c2e1efeda05cba79f8b exploitfile-hashintel-blog | Medium | 53 | Jul 3, 26 |
| Domain | onetoken.ink exploitintel-blogmalware | High | 58 | Jul 3, 26 |
| Domain | arvax.xyz exploitintel-blogmalware | High | 58 | Jul 3, 26 |
| Domain | lvl99.store exploitintel-blogmalware | High | 58 | Jul 3, 26 |
| Domain | winupdate.live exploitintel-blogmalware | High | 58 | Jul 3, 26 |
| Domain | myboard.chickenkiller.com exploitintel-blogmalware | High | 58 | Jul 3, 26 |
| MD5 | f5c6434ee5f7578faa3bc1257e1c9226 exploitfile-hashintel-blog | Medium | 53 | Jul 3, 26 |
| MD5 | 732c31acf971a81c7e51b2a3dae82020 exploitfile-hashintel-blog | Medium | 53 | Jul 3, 26 |
| MD5 | 7141917cba2eee2b4d31107faccf3a39 exploitfile-hashintel-blog | Medium | 53 | Jul 3, 26 |
| MD5 | 1dba3e505491a260a44c867902c3296e exploitfile-hashintel-blog | Medium | 53 | Jul 3, 26 |
| MD5 | c7622a1effa27bbfee6d6e03d6474343 exploitfile-hashintel-blog | Medium | 53 | Jul 3, 26 |
| MD5 | cf74ac018d158ea2c2cfa1b1d71d95bc exploitfile-hashintel-blog | Medium | 53 | Jul 3, 26 |
| MD5 | 7db9c688c620e54e8c69b7e52a7579fb exploitfile-hashintel-blog | Medium | 53 | Jul 3, 26 |
| Domain | winupdate.ink exploitintel-blogmalware | High | 58 | Jul 3, 26 |
| MD5 | c019797a00fd56edb1f468ac0a598510 exploitfile-hashintel-blog | Medium | 53 | Jul 3, 26 |
| MD5 | 6b45ddb39a6e86229348dcbba3857e7c exploitfile-hashintel-blog | Medium | 53 | Jul 3, 26 |
| IP | 159.198.75.219 exploitintel-blogmalware | High | 58 | Jul 3, 26 |
| MD5 | 1096268fa2b3d454c86cf851cb782319 exploitfile-hashintel-blog | Medium | 53 | Jul 3, 26 |
| MD5 | 2dfa1d949872c1b2f04952dd3e5f5d8f exploitfile-hashintel-blog | Medium | 53 | Jul 3, 26 |
| IP | 69.67.173.153 exploitintel-blogmalware | High | 58 | Jul 3, 26 |
| IP | 159.198.32.222 intel-blogmalwarenetwork | High | 58 | Jul 3, 26 |
| Domain | varenie.live exploitintel-blogmalware | High | 58 | Jul 3, 26 |
| IP | 159.198.41.140 abuseaccessalienvault_ransomware | High | 70 | May 7, 26 |
| Domain | myboard.twilightparadox.com exploitintel-blogmalware | High | 58 | Jul 3, 26 |
| MD5 | 393b498f2114cabc0b29d5fcd9dc6723 exploitfile-hashintel-blog | Medium | 53 | Jul 3, 26 |
| MD5 | 07213c419489c02791e8d67b91e404ef exploitfile-hashintel-blog | Medium | 53 | Jul 3, 26 |
IOC Relationship Graph
IOC Relationship Graph41 total IOCs
MD5URLDomainIP