Today > 1 Critical | 2 Medium vulnerabilities   -   You can now download lists of IOCs here!

A Catalog of Hazardous AV Sites – A Tale of Malware Hosting

May 24, 2024, 6:56 p.m.

Tags
.net
2024-05-24
External References
Description

In mid-April 2024, Trellix Advanced Research Center team members observed multiple fake AV sites hosting highly sophisticated malicious files such as APK, EXE and Inno setup installer that includes Spy and Stealer capabilities.

Date

Published: May 24, 2024, 6:32 p.m.

Created: May 24, 2024, 6:32 p.m.

Modified: May 24, 2024, 6:56 p.m.

Indicators

45.138.16.85

185.161.248.78

http://tirechinecarpett.pw/api

http://tolerateilusidjukl.shop/api

http://shortsvelventysjo.shop/api

http://productivelookewr.shop/api

http://shatterbreathepsw.shop/api

http://occupytapsessijk.pw/api

http://musclefarelongea.pw/api

http://ownerbuffersuperw.pw/api

http://liabilitynighstjsko.shop/api

http://freckletropsao.pw/api

http://incredibleextedwj.shop/api

http://fanlumpactiras.pw/api

http://alcojoldwograpciw.shop/api

http://demonstationfukewko.shop/api

tolerateilusidjukl.shop

tirechinecarpett.pw

shatterbreathepsw.shop

shortsvelventysjo.shop

occupytapsessijk.pw

ownerbuffersuperw.pw

productivelookewr.shop

musclefarelongea.pw

liabilitynighstjsko.shop

incredibleextedwj.shop

demonstationfukewko.shop

fanlumpactiras.pw

freckletropsao.pw

alcojoldwograpciw.shop

Download all indicators here!

Attack Patterns

Spynot

Lumma

StealC

T1608

T1572

T1189

T1071

T1102

T1219

T1190