Skip to content

Instantly share code, notes, and snippets.

View GossiTheDog's full-sized avatar

Kevin Beaumont GossiTheDog

690 followers · 0 following
View GitHub Profile
@GossiTheDog
GossiTheDog / Native-Windows-Useragents-malicious.txt
Last active November 18, 2022 01:30 — forked from trietptm/Native-Windows-Useragentss.txt
Native Windows UserAgents for Threat Hunting
//Invoke-WebRequest in Powershell - manually whitelist legit content first:
Mozilla/*WindowsPowerShell/*
System.Net.WebClient.DownloadFile():
None
//Start-BitsTransfer - manually whitelist legit content first:
Microsoft BITS/*
//certutil.exe - manually whitelist legit content first:
@GossiTheDog
GossiTheDog / NoName Ddosia new client info - 31-01-2024
Created January 31, 2024 22:26
NoName Ddosia new client info - 31-01-2024
NoName Ddosia new client info - 31/01/2024
New C2
77.83.246.159 - gir.network again
File hashes
c7240651c2cddd3468ab741a1c48674e6a8be803c59f2690d550e80a45fd3fe0
61c928d2db9a81a841edb06c77d07f26b3acf7e2d39b95916ff395ee151a29fe
a70016e24a11fef4982f31a8fa145040c485d0d5dc91be1ac994232f4ec55a93
883d4b478543af279058925351a629cf75b0023c33a468d213b318f5cafec9ea
@GossiTheDog
GossiTheDog / NoName Ddosia new client info - 01-02-2024
Created February 1, 2024 18:02
NoName Ddosia new client info - 01-02-2024
NoName Ddosia new client info - 01/02/2024
New C2
188.116.20.254- ROKO Networks Ltd - abuse@iroko.net
File hashes
4f33f905a60d9589a14239edb2f5838240d85153a5d10612bcd4f7a5b1ae2cfc
729d343f7748ceacd04aae48fe7cb40327e6fe45a2a6b0f286ac11f0f216b340
2599de0c4500c2997b78eb2c598f876756f217008e8fae3e07de7d578247c631
@GossiTheDog
GossiTheDog / NoName Ddosia new client info - 02-02-2024
Created February 2, 2024 15:26
NoName Ddosia new client info - 02-02-2024
NoName Ddosia new client info - 01/02/2024
New C2
45.89.55.4 - Stark Industries Solutions - London
File hashes
50a6736f9e5ed7ef9ee6e7fc3947c62785f08f957453b0f180d990053d2acadd
0bd18838ea6d5f84f656261d1468306cc7d4b6efc1c3a79883b12a37c43dd010
1d3434347e592d8a4314aecb611f182d6dc2cedc34a7629444888d06ddc59fe0
1e7c560df41149951d6f3c73134ccf2f47bb78b673853697824a9722f98d4c1e
@GossiTheDog
GossiTheDog / NoName Ddosia new client info - 04-02-2024
Created February 4, 2024 22:43
New C2
193.233.193.90 - huize.asia, Hong Kong
File hashes
6e9cfeaada4e187ea3b330cea1c9c1ad5b0fce7b9164a163a73f2940a2e4089c
18982189f89802c4d2326569e01a1df609c35beddf3ac2159b181ebe0482824e
c08fbe08fd132227e6fbd6d26993f1f4adb82d31b4d828aed185a0a810d98f1f
01626688a1a3bfc9c734f35ca6cdb7975ecdf7b703e384ef9c6b886ee02dd80d
2cb083dc0df09ad64f87caeb0a093f0db46b1c3432cc7a7ca323c07d98fe4be2
@GossiTheDog
GossiTheDog / NoName Ddosia new client info - 06-02-2024
Created February 6, 2024 12:40
NoName Ddosia new client info - 06-02-2024
New C2
185.234.66.126 - pq.hosting, Netherlands
File hashes
f225c445975b7f9085252704a2beb105767d24080e29a5a3ec7bd11de5a3e1f0
b36de199aeb5decf804c980ff3ab011e6890c4f8fa84b31b5732a5a17212ccb4
4b27a87ecc57d8defa53a2fdb162a45055ca519f924d6b549c424bc259f4ec2b
facd81cdaf9f9775e4a0db910fe99d0989e2b23f7ed6b88e136ad9209604ce28
3e6c97d68ed22e2175efa224efc1696cb5c8c05075dedf66850b7683eafb3378
8483092fe069c4cfca9cdb5d3e637095e75584bc1ff5789742e2bc2e81bc386e
@GossiTheDog
GossiTheDog / NoName Ddosia new client info - 07-02-2024
Created February 7, 2024 15:41
NoName Ddosia new client info - 07-02-2024
New C2
45.136.199.235
New file hashes
77d48b8a3be120ddb21fd39fc78816db40c4b2d5192ea7d2ee01fd2cc2b25632
70a1115e90290be240b9fa5dc46dd255b4b0cdf135930618d766b599791e31a5
f1b27c49e442b685e1ee54f033eab178329153b9490b75f287a82fe4dac1e72e
5ed551237b3ea1f317735a89b23e3591deab908115a24298e92dab32d4ae45ef
509486ee29e34a3a969aee23745df35e0d87a68cce6d46b8b351b57b53138ed4
1f16fe46759103d47dd9b3dcfc44a3c5b41b07ee12490ae8de0efc2d7765798e
@GossiTheDog
GossiTheDog / NoName Ddosia new client info - 08-02-2024
Created February 8, 2024 09:48
NoName Ddosia new client info - 08-02-2024
New C2
83.217.9.33 - iptk.ru, Turkey
New file hashes
52242c406e0c030568054294b0cead3e9dca3ae913fe37453092a97d2f312efa
256fd2f2559f40da2590dc304c136e3cc0c70eccfc894cc22c8947aab8b8fc9a
ebf5e0d1b00bcf81800f5944db68ae4d83c05ac7025e2a4a53ee478258f451f0
54abe86d823d867351a43bed5c3b25a8fbc2164ad00b1e4ea772de6905ce86e1
3ed0c1ec2da77f8e25411bf7dc650a4a6fd015a544c787fdc7c2056de08bf83b
@GossiTheDog
GossiTheDog / NoName Ddosia new client info - 08-02-2024 - round two
Created February 8, 2024 14:30
NoName Ddosia new client info - 08-02-2024 - round two
New C2
45.84.0.235 - stark-industries.solutions - Moldova
New file hashes
343e4dd1d733aba03b436583ba79ea11d996896d5951bf8841a7f39173721c55
b770b3cc6c33d1c7b816b9237af0f3c773835e66a63b930f14ad237df3500681
a89f264ac38a76c0e11fea7a36c490d41eedaecc162e4d6118681d2e43cea446
b8c3508c5fe6c011f7d0ce052422e635a9355a022c5a40d3f8277e46bddfeba0
e3163ddb5073b399b0ab05cf4014512f5808f0e36feceb16cc4bff46c0ea862a
bbde2f2fabfae4f21865b99c5113ddd3b1cc46d64ec87c2213bdaf2fdc78925e
@GossiTheDog
GossiTheDog / NoName Ddosia new client info - 08-02-2024 - round three
Created February 8, 2024 17:45
NoName Ddosia new client info - 08-02-2024 - round three
New C2
193.187.175.252 - itos.biz, France
New file hashes
0f0a3a35357bdac7131ebd7845cc1203ba9675c92893c01ed9e9a6fadd23f96e
d0b6c99f96ce9dd407b7d99e842b691a72e215ae77dff427fc5849cac1676e5b
054a2fd948f009c8fb5626a641b734b6804741c5564a6eec0d01adc76a6d15a3
1746e6a5a39d5d763510a035c81cdb00b26f8df150b399a25f1eed20124cbf8c
0e27df3ee85d3fe430ab1b630a0084392e4833fa9d86d4fe7c2b794b2f4572ce
0a76671492464cf7c3c6252823fd04fa6baddbba6d023286076f1556d698ff02