Magnet Goblin Targets Publicly Facing Servers Using 1-Day Vulnerabilities - Check Point Research (research.checkpoint.com)
from kid@sh.itjust.works to cybersecurity@sh.itjust.works on 11 Mar 2024 12:02
https://sh.itjust.works/post/16049221

#cybersecurity

threaded - newest

kid@sh.itjust.works on 11 Mar 2024 12:13 collapse

IOCs from the article :

Type	Value	Description

IP	91.92.240[.]113	Magnet Goblin Infra

IP	45.9.149[.]215	Magnet Goblin Infra

IP	94.156.71[.]115	Magnet Goblin Infra

URL	http://91.92.240[.]113/auth.js	Magnet Goblin Infra

URL	http://91.92.240[.]113/login.cgi	Magnet Goblin Infra

URL	http://91.92.240[.]113/aparche2	Magnet Goblin Infra

URL	http://91.92.240[.]113/agent	Magnet Goblin Infra

URL	http://45.9.149[.]215/aparche2	Magnet Goblin Infra

URL	http://45.9.149[.]215/agent	Magnet Goblin Infra

URL	http://94.156.71[.]115/lxrt	Magnet Goblin Infra

URL	http://94.156.71[.]115/agent	Magnet Goblin Infra

URL	http://94.156.71[.]115/instali.ps1	Magnet Goblin Infra

URL	http://94.156.71[.]115/ligocert.dat	Magnet Goblin Infra

URL	http://94.156.71[.]115/angel.dat	Magnet Goblin Infra

URL	http://94.156.71[.]115/windows.xml	Magnet Goblin Infra

URL	http://94.156.71[.]115/instal1.ps1	Magnet Goblin Infra

URL	http://94.156.71[.]115/Maintenance.ps1	Magnet Goblin Infra

URL	http://94.156.71[.]115/baba.dat	Magnet Goblin Infra

URL	**http://**oncloud-analytics[.]com/files/mg/elf/RT1.50.png	Magnet Goblin Infra

URL	http://cloudflareaddons[.]com/assets/img/Image_Slider15.1.png	Magnet Goblin Infra

Domain	mailchimp-addons[.]com	MiniNerbian C2

Domain	allsecurehosting[.]com	MiniNerbian C2

Domain	dev-clientservice[.]com	MiniNerbian C2

Domain	oncloud-analytics[.]com	MiniNerbian C2

Domain	cloudflareaddons[.]com	MiniNerbian C2

Domain	textsmsonline[.]com	MiniNerbian C2

Domain	proreceive[.]com	MiniNerbian C2

IP	172.86.66[.]165	NerbianRAT C2

IP	45.153.240[.]73	NerbianRAT C2

SHA256	027d03679f7279a2c505f0677568972d30bc27daf43033a463fafeee0d7234f6	NerbianRAT

SHA256	9cb6dc863e56316364c7c1e51f74ca991d734dacef9029337ddec5ca684c1106	NerbianRAT

SHA256	9d11c3cf10b20ff5b3e541147f9a965a4e66ed863803c54d93ba8a07c4aa7e50	NerbianRAT

SHA256	d3fbae7eb3d38159913c7e9f4c627149df1882b57998c8acaac5904710be2236	MiniNerbian

SHA256	df91410df516e2bddfd3f6815b3b4039bf67a76f20aecabccffb152e5d6975ef	MiniNerbian

SHA256	99fd61ba93497214ac56d8a0e65203647a2bc383a2ca2716015b3014a7e0f84d	MiniNerbian

SHA256	9ff0dcce930bb690c897260a0c5aaa928955f4ffba080c580c13a32a48037cf7	MiniNerbian

SHA256	3367a4c8bd2bcd0973f3cb22aa2cb3f90ce2125107f9df2935831419444d5276	MiniNerbian
</