← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
KeyBase Keylogger Malware Family Exposed
WHITE AlienVault 2015-06-04 Modified: 2015-06-04
493
IOCs
HIGH VOLUME
In recent months, our team has been tracking a keylogger malware family named KeyBase that has been in the wild since February 2015. The malware comes equipped with a variety of features and can be purchased for $50 directly from the author. It has been deployed in attacks against organizations across many industries and is predominantly delivered via phishing emails.
keybasekeyloggerpythonpaloalto
Indicators of Compromise (173 / 493 total)
All FileHash-SHA256 URL
TYPEINDICATORDESCRIPTIONCREATED
URL http://sonetlinktech.pe.hu/logs/post.php 2015-06-04
URL http://www.gatarcement.com/forum2/post.php 2015-06-04
URL http://unicornpanel.pw/z/b2/post.php 2015-06-04
URL http://accessoryinasia.com/keybase/post.php 2015-06-04
URL http://www.hydropo1ymer.net/emeka/post.php 2015-06-04
URL http://conh.ga/keybase/post.php 2015-06-04
URL http://pepperdeybalms.com/key/post.php 2015-06-04
URL http://www.nostubesaver.com/logs/post.php 2015-06-04
URL http://crackingstaff.zz.mu/keybase/keybase/post.php 2015-06-04
URL http://keybasejasper.esy.es/keybase/keybase/post.php 2015-06-04
URL http://www.sodick-ft.com/money/forum2/post.php 2015-06-04
URL http://108.175.156.78/~thaisupp/asap/post 2015-06-04
URL http://kbas.zz.vc/keybase/post.php 2015-06-04
URL http://108.175.156.78/~thaisupp/shiznith/post 2015-06-04
URL http://commoditiessellers.net/newest/post.php 2015-06-04
URL http://108.175.156.78/~thaisupp/elber/post 2015-06-04
URL http://meyedibleoils.com/obaseki/display/logs/members/post.php 2015-06-04
URL http://ggdigduuzdgz.esy.es/keybase/keybase/post.php 2015-06-04
URL http://xboxlivecodegenerator.info/facebook/keybase/post.php 2015-06-04
URL http://www.dommershuijzen.nu/test/sandex/post.php 2015-06-04
URL http://keybase.ipservices-ltd.co.uk/post.php 2015-06-04
URL http://www.commoditiessellers.net/nation/post.php 2015-06-04
URL http://steelholdings.eu/dave/keybase/post.php 2015-06-04
URL http://108.175.156.78/~thaisupp/relay/post 2015-06-04
URL http://ruggededge.co.in/abacus/post.php 2015-06-04
URL http://mezilansakushmu.net/keybase/post.php 2015-06-04
URL http://108.175.156.78/~thaisupp/stress/post 2015-06-04
URL http://muyitools.wc.lt/unicorn/post.php 2015-06-04
URL http://destinyuband.esy.es/keybase/keybase/post.php 2015-06-04
URL http://www.dmjc-malaysiapalmproducts.com/keyb/keybase/post.php 2015-06-04
URL http://aminedata.pe.hu/keybase/keybase/post.php 2015-06-04
URL http://108.175.156.78/~thaisupp/sense/post 2015-06-04
URL http://www.mohiniorganic.com/post.php 2015-06-04
URL http://ruggededge.co.in/ache/post.php 2015-06-04
URL http://ruggededge.co.in/smooth/post.php 2015-06-04
URL http://bekunebok.netai.net/odenigbo/odenigbo/post.php 2015-06-04
URL http://www.politebobby.com/logs2/post.php 2015-06-04
URL http://obamabigboy.esy.es/keybase/keybase/post.php 2015-06-04
URL http://www.mattyclarkpin.com/keybase/post.php 2015-06-04
URL http://company777.wc.lt/keybase/keybase/post.php 2015-06-04
URL http://martyn.hints.me/keybase/post.php 2015-06-04
URL http://pindakaas1980.host22.com/Keybase/post.php 2015-06-04
URL http://108.175.156.78/~thaisupp/wack/post 2015-06-04
URL http://www.gobrkybz.cf/keybase/post.php 2015-06-04
URL http://www.reefran.com/bright/post.php 2015-06-04
URL http://srv.areshq.eu/eliekeys/post.php 2015-06-04
URL http://ruggededge.co.in/hype/post.php 2015-06-04
URL http://108.175.156.78/~thaisupp/assets/post 2015-06-04
URL http://www.gatarcement.com/forum3/post.php 2015-06-04
URL http://engjackinc.zz.mu/en/en/us/post.php 2015-06-04
URL http://www.politebobby.com/forum/post.php 2015-06-04
URL http://www.royallink.lixter.com/post.php 2015-06-04
URL http://www.snowcoatsounds.com/keybase/post.php 2015-06-04
URL http://unicorndomain.byethost10.com/unicorn/post.php 2015-06-04
URL http://safeinsta.esy.es/keybase/keybase/post.php 2015-06-04
URL http://meridansalmongroups.com/smith/keybase/post.php 2015-06-04
URL http://www.reefran.com/boss/post.php 2015-06-04
URL http://108.175.156.78/~thaisupp/yanze/post 2015-06-04
URL http://keystrokesunlimited.pe.hu/cy/logins/post.php 2015-06-04
URL http://ogaorangeself.esy.es/albany/keybase/keybase/post.php 2015-06-04
URL http://108.175.156.78/~thaisupp/nails/post 2015-06-04
URL http://108.175.156.78/~thaisupp/crown/post 2015-06-04
URL http://www.annabouche.com/keybase/post.php 2015-06-04
URL http://www.omueda3.esy.es/keybase/post.php 2015-06-04
URL http://ruggededge.co.in/rough/post.php 2015-06-04
URL http://www.kaptendemir.com/polite/post.php 2015-06-04
URL http://ruggededge.co.in/break/post.php 2015-06-04
URL http://goodmorninbredrn.net/hil77/post.php 2015-06-04
URL http://199.241.188.234/new/panel/post.php 2015-06-04
URL http://0wn3r.me/1248n7129478n21/post.php 2015-06-04
URL http://www.gatarcement.com/forum/post.php 2015-06-04
URL http://pepperdeybalms.com/keybasee/post.php 2015-06-04
URL http://www.gbkybze.ga/keybase/post.php 2015-06-04
URL http://elvira1983.zz.mu/keybase/keybase3/keybase/post.php 2015-06-04
URL http://www.own3d.dk/keybase/post.php 2015-06-04
URL http://108.175.156.78/~thaisupp/rack/post 2015-06-04
URL http://elvira1983.zz.mu/keybase/keybase/post.php 2015-06-04
URL http://www.lucianojesse.com/music/post.php 2015-06-04
URL http://pepperdeybalms.com/keybase/post.php 2015-06-04
URL http://ruggededge.co.in/pure/post.php 2015-06-04
URL http://www.kyliewalksbase.com/keybase/post.php 2015-06-04
URL http://www.phonesandtabletsfix.com/keybase/post.php 2015-06-04
URL http://hontaman.bounceme.net/gored/post.php 2015-06-04
URL http://clashofclans-cheat.net/Admin/keybase/post.php 2015-06-04
URL http://likelikeblog.bugs3.com/keybase/keybase/post.php 2015-06-04
URL http://www.nhvina.com/forum/post.php 2015-06-04
URL http://madsemanden.coxslot.com/post.php 2015-06-04
URL http://oluwapanel.wc.lt/keybase/keybase/post.php 2015-06-04
URL http://ruggededge.co.in/one/post.php 2015-06-04
URL http://www.nnpcgroupcomd.com/atus/post.php 2015-06-04
URL http://stellatosolutions.com/oldsite/bbc/keybase/post.php 2015-06-04
URL http://www.nnpcgroupcomd.com/oni/post.php 2015-06-04
URL http://ruggededge.co.in/puppy/post.php 2015-06-04
URL http://muzukashibrashinki.net/h55l/post.php 2015-06-04
URL http://108.175.156.78/~thaisupp/rendell/post 2015-06-04
URL http://yiwoagentmarkets.com/AlubarikaBackup/post.php 2015-06-04
URL http://chinzikurishibuk.net/53hik/post.php 2015-06-04
URL http://www.politebobby.com/logs/post.php 2015-06-04
URL http://keybasepanel.hol.es/keybase/keybase/post.php 2015-06-04
URL http://ressurectionplayerz.biz/mack/post.php 2015-06-04
URL http://www.nhvina.com/logs/post.php 2015-06-04
URL http://chinzikurishibuk.net/27wik/post.php 2015-06-04
URL http://supportforpoors.zz.vc/unicorn/post.php 2015-06-04
URL http://tavito.96.lt/keybase/keybase/post.php 2015-06-04
URL http://108.175.156.78/~thaisupp/order/post 2015-06-04
URL http://anonleakz.890m.com/keybase/keybase/post.php 2015-06-04
URL http://www.reefran.com/atus/post.php 2015-06-04
URL http://commoditiessellers.net/june/post.php 2015-06-04
URL http://trinimaxzimuxus.net/99rshi/post.php 2015-06-04
URL http://keybase.zz.mu/keybase/keybase/post.php 2015-06-04
URL http://www.meridansalmongroups.com/extracts/keybase/post.php 2015-06-04
URL http://ruggededge.co.in/two/post.php 2015-06-04
URL http://www.besaeco.com/bright1/post.php 2015-06-04
URL http://verifylogon.me/keybase/post.php 2015-06-04
URL http://www.ugonna.besaba.com/keybase/post.php 2015-06-04
URL http://uniononline-ng.com/america/display/logs/members/post.php 2015-06-04
URL http://pepperdeybalms.com/keybas/post.php 2015-06-04
URL http://www.reefran.com/prince/post.php 2015-06-04
URL http://pepperdeybalms.com/k/post.php 2015-06-04
URL http://167.160.46.7/~keycod/~/kbz/post 2015-06-04
URL http://www.nostubesaver.com/log/post.php 2015-06-04
URL http://www.polite.besaba.com/keybase/post.php 2015-06-04
URL http://www.reefran.com/ugonna/post.php 2015-06-04
URL http://www.rylynnbrackett.com/keybase/post.php 2015-06-04
URL http://username14.esy.es/keybase/keybase/post.php 2015-06-04
URL http://www.usmanmartin.allalla.com/ugonna/post.php 2015-06-04
URL http://www.o9191.com/kb/keybase/post.php 2015-06-04
URL http://eventica.kg/wp-includes/css/keybase/post.php 2015-06-04
URL http://www.jorgenholzmann.nl/sandex/post.php 2015-06-04
URL http://www.tamwaytours.com/keybase/post.php 2015-06-04
URL http://itscam.pro/keybase/post.php 2015-06-04
URL http://stellatosolutions.com/oldsite/keybase/post.php 2015-06-04
URL http://www.kaptendemir.com/jeku/post.php 2015-06-04
URL http://nelsonpanel.96.lt/keybase/keybase/post.php 2015-06-04
URL http://restnwire.no-ip.biz/feel/post.php 2015-06-04
URL http://www.sodick-ft.com/money/forum1/post.php 2015-06-04
URL http://ruggededge.co.in/shiznith/post.php 2015-06-04
URL http://www.smartbass.net/keybase/post.php 2015-06-04
URL http://davisusername.esy.es/keybase/keybase/post.php 2015-06-04
URL http://www.bct-cawe.net/post.php 2015-06-04
URL http://locopoco.zz.mu/keybase/keybase/post.php 2015-06-04
URL http://www.mallustalk.com/unicorn/post.php 2015-06-04
URL http://unicorndomain.pe.hu/unicorn/post.php 2015-06-04
URL http://elvira1983.zz.mu/keybase4/keybase/post.php 2015-06-04
URL http://uniononline-ng.com/obaseki/display/logs/members/post.php 2015-06-04
URL http://www.keybase.in/K/keybase/post.php 2015-06-04
URL http://babaelectricals.com/logs/keybase/post.php 2015-06-04
URL http://ruggededge.co.in/abba/post.php 2015-06-04
URL http://dessy.redhatservices.esy.es/dessy/logins/post.php 2015-06-04
URL http://www.politebobby.com/mega/post.php 2015-06-04
URL http://mailusaacad.com/base/post.php 2015-06-04
URL http://www.hydropo1ymer.net/prince/post.php 2015-06-04
URL http://www.ressurectionplayerz.biz/mack/post.php 2015-06-04
URL http://www.politebobby.com/forum2/post.php 2015-06-04
URL http://190.14.37.19/~keybasec/jizzy/post 2015-06-04
URL http://www.dwtrade.biz/KeyBase/post.php 2015-06-04
URL http://108.175.156.78/~thaisupp/nelson/post 2015-06-04
URL http://comecaca.3eeweb.com/post.php 2015-06-04
URL http://pepperdeybalms.com/sam/post.php 2015-06-04
URL http://haivu8a3.esy.es/post.php 2015-06-04
URL http://www.dwtrade.biz/KeyBase2/post.php 2015-06-04
URL http://keystroke.zz.vc/keybase/keybase/post.php 2015-06-04
URL http://www.cemasian.com/chi/post.php 2015-06-04
URL http://www.udoka.pixub.com/forum/post.php 2015-06-04
URL http://108.175.156.78/~thaisupp/white/post 2015-06-04
URL http://awilmelody.pe.hu/keybase/keybase/post.php 2015-06-04
URL http://commoditiessellers.net/toto/post.php 2015-06-04
URL http://pepperdeybalms.com/sailwin/post.php 2015-06-04
URL http://keybasejasper.esy.es/logs/keybase/keybase/post.php 2015-06-04
URL http://omueda.allalla.com/keybase/post.php 2015-06-04
URL http://108.175.156.78/~thaisupp/real/post 2015-06-04
URL http://www.globeways.website/keybase/post.php 2015-06-04
URL http://oceanicsolutionsenterprise.com/billymike/keybase/post.php 2015-06-04
References (1)
↗ http://researchcenter.paloaltonetworks.com/2015/06/keybase-keylogger-malware-family-exposed/