kirk-sayre-work

Gaameradon Word/VBS IOCs 12/19/2023

Word VBS Dropper Samples:

0d5ac615c2ed6b9082a31d8bf972354ac207a314619a34d84b3e6365f33278ec
d4670935070941c60f39fbf58318574139262a4830e1f14e30144929b445dbd1
e06ab88a57c9fb5c32a12cdfcfc4945f00f4992cf715b1ef051835f39d1ff6d1
67e83344af4e3adaebbd81438b367175107e3985af48847ff49842d034bb439d
f8728139fc099387abf6a6ad92614ea82d3eeace122e347266dfaf941ba05736
6956804df2c6463d8bd049c5b0d462f92981f343800bb20b6d39d8e8b80093bc

kirk-sayre-work

abilitypasa.weebly.com
absolutestorm.weebly.com
acabazar.weebly.com
acaboston.weebly.com
acaconnections.weebly.com
academypna.weebly.com
acaforum.weebly.com
acahan.weebly.com
acahit.weebly.com
acalabs.weebly.com

kirk-sayre-work

ad69260c01893e83429a85d3e9e75d28f1c6ba3fb7190799af09afe27d4193e9
http://whatup.cloud:9999/bclrlapx

2e1e2e480f4fe00a18433af359c5025be4b28237cb3cf783f3cbb9900b9d5004
http://positivereview.cloud:80/druunpfp

d28a4e5d6cb5c2d08468fff1d181c4b2a3efb708d500e8df2276da9f4743bbd8
http://positivereview.cloud:80/ktzkdpqn

6c08b0ab384a21f30baf8b01104041b6f92c93e22787dd430e098f01303a6306

kirk-sayre-work

976f87ce068e3c03404e3c0d141a76ce162e8d143ff093ba9a0279906296c77b
https://uploaddeimagens.com.br/images/004/591/185/original/js_no_startup.jpg?1693261014

6a4bf66fbbbf904c20c917307a6d9e9c0255c867d319c031ab7e6bdd961910fe
https://uploaddeimagens.com.br/images/004/591/185/original/js_no_startup.jpg?1693261014

fcb9b4ac86494dfd46494e0f2cc1b59c092aa9b0a904957d4a813022ec556584
https://uploaddeimagens.com.br/images/004/591/185/original/js_no_startup.jpg?1693261014

644f193420b74e89a0667ebc749a843339b2c978663dfb5d97202ec9c7bf9400

kirk-sayre-work

Downloader URLs:

https://bakersfield.barracudas.sbs/?nz5jedvlzb3hrz2ubtw18xz3i3so2cec
https://tampa.barracudas.sbs/?anzb3dpidfi8tsvv6xyshe0hav
https://greensboro.soulcarelife.org/?79vayfn8yw0hanaz87vjb33g7m13
https://greensboro.soulcarelife.org/?nz25pby0b3vvd50rc7gjhdxuz387887qx1
https://lincoln.soulcarelife.org/?pllfnthzb3joyoff039ccutzk2fq
https://pittsburgh.soulcarelife.org/?cznk39s8czb3ioxjh83zhs3cmok
https://pittsburgh.soulcarelife.org/?ntzb3eamel8pqr6ol2wg1kmts0
https://plano.soulcarelife.org/?5nzumurxizhrb3bpztdybha98e8

kirk-sayre-work

Async RAT JS/PWSH IOCs 6/2023 - 8/2023

Domains:

asuxtp.fun
docusec.top
easdiv.top
eividsy.top
eovze.fun
euuvua3.top

kirk-sayre-work

JS Sample Hashes:

9b20c63d3f0c1d24e05187f89f281c0b9a606344d6764179198149a405d5bc21
d01f48387858ae24bd9cb56464a3583d4c63b3ff1429c9dd78b1b5b6fc1ac969
bbe2297b23e4060abd6351cfdb2a9e043217ad00f9b2349fcc86ca6f8c5cdd6d
2f7bebbe3db9d041e85723dc4c997279b12dbe44c7d40b286071722f87d5a210
efeacce1ff64045b4b4f04b54150ef2ed991c0850bc22b6220fc37b69eb3f1e7
b5511dcb01ed978944b9b7e052ad00832a6d2439a0fea352d9c35eb27427b6ec
95e0322d029d6cda1d65a9def576455be66a7520f14fd2eabcecf1f5ddeec5e1
142dd778e8cb858f0b02bfaa551164fa3ccbea82b280838aaf1696a88ff223ea

kirk-sayre-work

2nd Stage URLs:

http://149.248.0.82:2351/msiaybguqux
http://149.248.0.82:2351/msihlxovvqy
http://149.248.0.82:2351/msikywiobng
http://149.248.0.82:2351/msivwrwqepo
http://149.248.0.82:2351/msilrqozizy
http://45.89.65.198:80/msidkbkejlq
http://45.89.65.198:80/msilrajnmvn
http://reactervnamnat.com:80/msicvmskumh

kirk-sayre-work

29c272e281c77612613122f5ab4a3a02b83081512f945369288a09aefe5878e6
https://job.goosenecks.sbs/?ntz1hdcu1k1gb3mcx37vinss0nszf

360154387ae3f1c820d5f03d970c8ec609084d1a85c582bf32354fd96427c475
https://naagara.top/?nbxzv1myb3rb0v34fizozcuxj3mj

57008f154c30f7b2e2f2f92be69d7c0fc914382a2566304d1e4ced950bb9b114
https://naagara.top/?nbxzv1myb3rb0v34fizozcuxj3mj

5d9b7b6fed87b3a87337b02c820d2253c711fe5f51bc26f632990d48eea7570b

kirk-sayre-work

Next Stage Download Domains:

asuxtp.fun
bisiv.top
dubpv.top
eovze.fun
fyzyxe.top
igsufb.top
izrvb.top
lvuse.top