Adnan Mohd Shukor xanda

## gist:87cfd2891cab50230ee072c7c02e64e3
a1763.hasil-gov.com
a5415.hasil-gov.com
bantuan-keluarga.hasil-gov.com
bantuan-keluargamy.hasil-gov.com
bantuan-prihatin-nasional.apy-1d.com
bantuan-senarai.myk-1d.com
bantuanrakyatmalaysiamadani2024.myk-1d.com
bkm-my.hasil-gov.com
bkm-my7.hasil-gov.com
bkm041.hasil-gov.com

## gist:819b43a4b72db169d51ddd818efa0869
nts-info.website
nts-mailer.website
nts-news.website
nts-post.website
nts-poster.website
nts-viewer.store
ntshome.website
ntsinfo.website
ntsmail.website
ntsmailer.store

## gist:871961aeec055636390c620986df5aa6
"screen_name":"AdiratnaZ"
"screen_name":"AirJernih19"
"screen_name":"AlifSafee"
"screen_name":"AmirShah769565"
"screen_name":"AzlanAryan"
"screen_name":"CeritaPenang"
"screen_name":"DayakSwkParty"
"screen_name":"DesmondJekan"
"screen_name":"EdisiPinang"
"screen_name":"Evy32803781"

## gist:2764fc288f7a392f4c1e9f8b3e300e36
.shop & .store are APK download site
.com and .online are C2

app.mymaxgrocer.com
appws1.online
cosmetic.mydiveapp.online
crabee.mydiveapp.online
ddealx.store
divedealc.store
divedealp.shop

## gist:da7057aa36d24dad8b495ba43be29a93
<custom_item>
type: FILE_CHECK_NOT
system: "Linux"
description: "Check for BPFdoor (2022/2023) runtime lock file"
value_data: "/var/run/initd.lock"
</custom_item>

## Vulnerable_JndiLookup_class_hashes.csv

          
            JndiLookup.class for Lib4J version
            md5sum
            sha1sum
            sha256sum

            
              2.0-beta9
              662118846c452c4973eca1057859ad61
              9799470c2cca80f047f6b0d1588dacae9aae26fc
              39a495034d37c7934b64a9aa686ea06b61df21aa222044cc50a47d6903ba1ca8

            
              2.0-rc1
              662118846c452c4973eca1057859ad61
              9799470c2cca80f047f6b0d1588dacae9aae26fc
              39a495034d37c7934b64a9aa686ea06b61df21aa222044cc50a47d6903ba1ca8

            
              2.0-rc2
              1daf21d95a208cfce994704824f46fae
              ec9326bae452f2d2e8a4852b24799d6458d11d46
              a03e538ed25eff6c4fe48aabc5514e5ee687542f29f2206256840e74ed59bcd2

            
              2
              62c82ad7c1ec273a683de928c93abbe9
              e605ca8be62f8f26c43d906f392090231e96edfd
              fd6c63c11f7a6b52eff04be1de3477c9ddbbc925022f7216320e6db93f1b7d29

            
              2.0.1
              2365c12b4a7c5fa5d7903dd90ca9e463
              040c7583735f58988635563b0b6c0f009d5ae5c0
              964fa0bf8c045097247fa0c973e0c167df08720409fd9e44546e0ceda3925f3e

            
              2.0.2
              5c727238e74ffac28315c36df27ef7cc
              7d403e7e7208e4d9ebaf2b32ddc90a04170580c5
              9626798cce6abd0f2ffef89f1a3d0092a60d34a837a02bbe571dbe00236a2c8c

            
              2.1
              8ededbb1646c1a4dd6cdb93d9a01f43c
              1b0283f98e00f04be9b8cf655f881e767c8bb386
              a768e5383990

## vulnerable_log4j-core_hashes.csv
version,md5,sha1,sha256
log4j-core-2.0-beta9.jar,152ecb3ce094ac5bc9ea39d6122e2814,678861ba1b2e1fccb594bb0ca03114bb05da9695,dcde6033b205433d6e9855c93740f798951fa3a3f252035a768d9f356fde806d
log4j-core-2.0-rc1.jar,088df113ad249ab72bf19b7f00b863d5,4363cdf913a584fe8fa72cf4c0eaae181ef7d1eb,db3906edad6009d1886ec1e2a198249b6d99820a3575f8ec80c6ce57f08d521a
log4j-core-2.0-rc2.jar,de8d01cc15fd0c74fea8bbb668e289f5,2e8d52acfc8c2bbbaa7baf9f3678826c354f5405,ec411a34fee49692f196e4dc0a905b25d0667825904862fdba153df5e53183e0
log4j-core-2.0.jar,cd70a1888ecdd311c1990e784867ce1e,7621fe28ce0122d96006bdb56c8e2cfb2a3afb92,85338f694c844c8b66d8a1b981bcf38627f95579209b2662182a009d849e1a4c
log4j-core-2.0.1.jar,fbfa5f33ab4b29a6fdd52473ee7b834d,895130076efaf6dcafb741ed7e97f2d346903708,a00a54e3fb8cb83fab38f8714f240ecc13ab9c492584aa571aec5fc71b48732d
log4j-core-2.0.2.jar,8c0cf3eb047154a4f8e16daf5a209319,13521c5364501478e28c77a7f86b90b6ed5dbb77,c584d1000591efa391386264e0d43ec35f4dbb146cad9390f73358d9c84ee78d
log4j-core-2.1.jar,8d331544b2e7b20

## gist:63ea8a53ef99fd37d67048c8ca24af39
1.196.144.102
110.88.28.139
112.245.145.208
112.47.5.25
115.197.162.93
115.216.79.109
115.216.79.36
123.180.138.121
123.180.138.125
123.180.138.46

## gist:f80de067b81106c4d3054e6298c4cdbf
www2.savegreatinstallliteflash.icu
www2.newgreatinstallliteflash.icu
www2.smallgreatinstallliteflash.icu
www2.fixinstallgreatliteflash.icu
www2.betterinstallgreatliteflash.icu
www2.mixgreatinstallliteflash.icu
www2.getinstallgreatliteflash.icu
www2.makegreatinstallliteflash.icu
www2.moregreatinstallliteflash.icu
www2.mediainstallgreatliteflash.icu

## gist:abbed2d9bc28a417f00ede975faaa182
view-source:http://sushi-king.com/v2/ compromised

redirect user ke TDS most likely kemudian akan di redirect ke exploit kit

At the moment dia redirect ke hxxp://blmfgsquv.ddnsking[.]com/wordpress/?bf7N&utm_source=le

dan historically turut redirect ke:
qchdxdevcf.ddnsking[.]com
ortjotbik.hopto[.]org
qjcaer.hopto[.]org
	a1763.hasil-gov.com
	a5415.hasil-gov.com
	bantuan-keluarga.hasil-gov.com
	bantuan-keluargamy.hasil-gov.com
	bantuan-prihatin-nasional.apy-1d.com
	bantuan-senarai.myk-1d.com
	bantuanrakyatmalaysiamadani2024.myk-1d.com
	bkm-my.hasil-gov.com
	bkm-my7.hasil-gov.com
	bkm041.hasil-gov.com
	nts-info.website
	nts-mailer.website
	nts-news.website
	nts-post.website
	nts-poster.website
	nts-viewer.store
	ntshome.website
	ntsinfo.website
	ntsmail.website
	ntsmailer.store
	"screen_name":"AdiratnaZ"
	"screen_name":"AirJernih19"
	"screen_name":"AlifSafee"
	"screen_name":"AmirShah769565"
	"screen_name":"AzlanAryan"
	"screen_name":"CeritaPenang"
	"screen_name":"DayakSwkParty"
	"screen_name":"DesmondJekan"
	"screen_name":"EdisiPinang"
	"screen_name":"Evy32803781"
	.shop & .store are APK download site
	.com and .online are C2

	app.mymaxgrocer.com
	appws1.online
	cosmetic.mydiveapp.online
	crabee.mydiveapp.online
	ddealx.store
	divedealc.store
	divedealp.shop
	<custom_item>
	type: FILE_CHECK_NOT
	system: "Linux"
	description: "Check for BPFdoor (2022/2023) runtime lock file"
	value_data: "/var/run/initd.lock"
	</custom_item>
JndiLookup.class for Lib4J version	md5sum	sha1sum	sha256sum
2.0-beta9	662118846c452c4973eca1057859ad61	9799470c2cca80f047f6b0d1588dacae9aae26fc	39a495034d37c7934b64a9aa686ea06b61df21aa222044cc50a47d6903ba1ca8
2.0-rc1	662118846c452c4973eca1057859ad61	9799470c2cca80f047f6b0d1588dacae9aae26fc	39a495034d37c7934b64a9aa686ea06b61df21aa222044cc50a47d6903ba1ca8
2.0-rc2	1daf21d95a208cfce994704824f46fae	ec9326bae452f2d2e8a4852b24799d6458d11d46	a03e538ed25eff6c4fe48aabc5514e5ee687542f29f2206256840e74ed59bcd2
2	62c82ad7c1ec273a683de928c93abbe9	e605ca8be62f8f26c43d906f392090231e96edfd	fd6c63c11f7a6b52eff04be1de3477c9ddbbc925022f7216320e6db93f1b7d29
2.0.1	2365c12b4a7c5fa5d7903dd90ca9e463	040c7583735f58988635563b0b6c0f009d5ae5c0	964fa0bf8c045097247fa0c973e0c167df08720409fd9e44546e0ceda3925f3e
2.0.2	5c727238e74ffac28315c36df27ef7cc	7d403e7e7208e4d9ebaf2b32ddc90a04170580c5	9626798cce6abd0f2ffef89f1a3d0092a60d34a837a02bbe571dbe00236a2c8c
2.1	8ededbb1646c1a4dd6cdb93d9a01f43c	1b0283f98e00f04be9b8cf655f881e767c8bb386	a768e5383990
	version,md5,sha1,sha256
	log4j-core-2.0-beta9.jar,152ecb3ce094ac5bc9ea39d6122e2814,678861ba1b2e1fccb594bb0ca03114bb05da9695,dcde6033b205433d6e9855c93740f798951fa3a3f252035a768d9f356fde806d
	log4j-core-2.0-rc1.jar,088df113ad249ab72bf19b7f00b863d5,4363cdf913a584fe8fa72cf4c0eaae181ef7d1eb,db3906edad6009d1886ec1e2a198249b6d99820a3575f8ec80c6ce57f08d521a
	log4j-core-2.0-rc2.jar,de8d01cc15fd0c74fea8bbb668e289f5,2e8d52acfc8c2bbbaa7baf9f3678826c354f5405,ec411a34fee49692f196e4dc0a905b25d0667825904862fdba153df5e53183e0
	log4j-core-2.0.jar,cd70a1888ecdd311c1990e784867ce1e,7621fe28ce0122d96006bdb56c8e2cfb2a3afb92,85338f694c844c8b66d8a1b981bcf38627f95579209b2662182a009d849e1a4c
	log4j-core-2.0.1.jar,fbfa5f33ab4b29a6fdd52473ee7b834d,895130076efaf6dcafb741ed7e97f2d346903708,a00a54e3fb8cb83fab38f8714f240ecc13ab9c492584aa571aec5fc71b48732d
	log4j-core-2.0.2.jar,8c0cf3eb047154a4f8e16daf5a209319,13521c5364501478e28c77a7f86b90b6ed5dbb77,c584d1000591efa391386264e0d43ec35f4dbb146cad9390f73358d9c84ee78d
	log4j-core-2.1.jar,8d331544b2e7b20
	1.196.144.102
	110.88.28.139
	112.245.145.208
	112.47.5.25
	115.197.162.93
	115.216.79.109
	115.216.79.36
	123.180.138.121
	123.180.138.125
	123.180.138.46
	www2.savegreatinstallliteflash.icu
	www2.newgreatinstallliteflash.icu
	www2.smallgreatinstallliteflash.icu
	www2.fixinstallgreatliteflash.icu
	www2.betterinstallgreatliteflash.icu
	www2.mixgreatinstallliteflash.icu
	www2.getinstallgreatliteflash.icu
	www2.makegreatinstallliteflash.icu
	www2.moregreatinstallliteflash.icu
	www2.mediainstallgreatliteflash.icu
	view-source:http://sushi-king.com/v2/ compromised

	redirect user ke TDS most likely kemudian akan di redirect ke exploit kit

	At the moment dia redirect ke hxxp://blmfgsquv.ddnsking[.]com/wordpress/?bf7N&utm_source=le

	dan historically turut redirect ke:
	qchdxdevcf.ddnsking[.]com
	ortjotbik.hopto[.]org
	qjcaer.hopto[.]org