DOGE Binary Loader Indicators of Compromise

April 22, 2025, 10:47 p.m.

Description

This intelligence document provides a list of Indicators of Compromise (IoCs) associated with the DOGE Binary Loader. It includes several malicious URLs hosted on the domain 'hilarious-trifle-d9182e.netlify.app' along with their corresponding SHA-256 hashes. The listed files include PowerShell scripts ('lootsubmit.ps1' and 'trackerjacker.ps1'), a PNG image ('qrcode.png'), and an executable ('ktool.exe'). These IoCs are crucial for identifying and mitigating potential infections related to the DOGE Binary Loader malware campaign.

External References

https://documents.trendmicro.com/images/TEx/DOGE-Binary-Loader-IoCsfutsQEh.txt
https://otx.alienvault.com/pulse/6807c697bf4aed9f93dbef55
Tags
powershell
ioc
sha-256
2025-04-22
url
doge binary loader
netlify

Date

  • Created: April 22, 2025, 4:40 p.m.
  • Published: April 22, 2025, 4:40 p.m.
  • Modified: April 22, 2025, 10:47 p.m.

Attack Patterns

  • DOGE Binary Loader