Skip to content

Instantly share code, notes, and snippets.

View qbourgue's full-sized avatar

qbourgue qbourgue

5 followers · 6 following
View GitHub Profile
@qbourgue
qbourgue / malvertising_infra_distributing_netsupport_rat.md
Created May 2, 2024 21:22

Malicious websites impersonating legitimate software

Domain names:

138.124.183.79.sslip.io
7-zip.cfd
7-zip.day
advanced-ip-scanner.cfd
advanced-ip-scanner.link
advancedipscannerapp.com
@qbourgue
qbourgue / fc78172f2aef5c8e7f5a19035e9b35c5d767381af8bc51d5a7ebc618e03cdc38.json
Created May 1, 2024 20:19
ACR Stealer deobfuscated configuration (SHA256: fc78172f2aef5c8e7f5a19035e9b35c5d767381af8bc51d5a7ebc618e03cdc38)
{
"b": [
{
"n": "b\\c8",
"p": "\\Local\\Google\\Chrome\\User Data",
"t": 1,
"pn": "chrome.exe"
},
{
"n": "b\\c8",
@qbourgue
qbourgue / acr_stealer_conf_deobfuscated_c20948517d9210c8a7ccac76c4ad2e474157c408c49f07497677c3fcca736976.json
Last active May 1, 2024 20:19
ACR Stealer deobfuscated configuration (SHA256: c20948517d9210c8a7ccac76c4ad2e474157c408c49f07497677c3fcca736976)
{
"b": [
{
"n": "b\\c8",
"p": "\\Local\\Google\\Chrome\\User Data",
"t": 1,
"pn": "chrome.exe"
},
{
"n": "b\\c8",
@qbourgue
qbourgue / malvertising_distribution_advanced_ip_scanner.txt
Last active December 21, 2023 09:20
Domain names hosting a webpage that impersonates the official Advanced IP Scanner website and distributes DanaBot 2023-12-21
adavanced-ip-scaner.com
adavanced-ip-scanner.com
adevancd-lp-scanner.com
adevanced-ip-scans.com
adevanced-lp-scaners.com
adevanced-lp-scanner.net
adevanced-lp-scanners.com
adsvancd-lp-scanner.net
adsvanced-ip-scanner.com
advancd-ip-scanner.com
@qbourgue
qbourgue / vidar_fqdn_impersonating_anydesk_website.txt
Created January 8, 2023 21:13
FQDNs hosting a webpage that impersonates the official AnyDesk website and distributes Vidar stealer (botnet id 586) 2023-01-08
1123am.org
2022-12-01znegeulfluxsisilafamille.blog.msi-afteburner.com
2022-12-02znegeulfluxsisilafamille.wp.msl-afteburner.com
42c150df-96bf-4714-9d76-9b9c8f464b9c.msl-afteburner.com
56988011-f30d-45c5-a604-63d3f977f48b.firslhorlzom.com
5f7f20b6-142f-4be4-b2f3-162a57f19e8f.msl-afteburner.com
7-zlp.quest
7-zlp.shop
7-zlp.xyz
79161e492f6e.firslhorlzom.com