Pulse Detail — Threat Intelligence

PULSE NAME

Threat Intel Report - W15-2023

WHITE aa00643640@techmahindra.com 2023-04-10 Modified: 2023-05-10

203

IOCs

HIGH VOLUME

This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. Security is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. These details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.

Indicators of Compromise (203)

All CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
CVE	CVE-2022-27926	—	2023-04-10
CVE	CVE-2023-1707	—	2023-04-10
CVE	CVE-2023-28205	—	2023-04-10
CVE	CVE-2023-28206	—	2023-04-10
CVE	CVE-2023-28303	—	2023-04-10
FileHash-MD5	0abca5a76379dc774f4c133a177cde59	MD5 of 59a16f9faf29768ed027a33dced3dc1cd61c4be814b59070b3ce79e34bb6b963	2023-04-10
FileHash-MD5	0e6334f3895d668dc2eca3a74e015624	MD5 of 38bdcae9e27d094752bd095c32f2b5143a47a9ad9837139837193fb54163b9c3	2023-04-10
FileHash-MD5	16b67de79530a182c3e49ae82bb5f337	MD5 of db086d3a605b003097b60b57556386d8e7044578dcbe734ed1bc188d4f95ff1e	2023-04-10
FileHash-MD5	1ed1ae52785f50e3ba1bee8c0c71a8d0	MD5 of 87b9b4c99a296003001f8fbac9c6bce260b054a6ce135d6f99449cc3e27ca816	2023-04-10
FileHash-MD5	6809ca52cdc1bfffe3496efd3e2409b5	MD5 of 36102822cb63b04fe1ae8268519a7a854a4bd8e763c93fe17908d56838944f4a	2023-04-10
FileHash-MD5	9045d0b46b820ae46a56caea6c975791	MD5 of 307b462b554900aa1b0802f4e89752cde49cb4045bc83ac8708578d37ebdadb0	2023-04-10
FileHash-SHA1	44134800f629ede1e7152aaceb1789fa43fe24fa	SHA1 of 36102822cb63b04fe1ae8268519a7a854a4bd8e763c93fe17908d56838944f4a	2023-04-10
FileHash-SHA1	4dafd0c1e75ba9518a8199d82cc22e93d7d24e34	SHA1 of 38bdcae9e27d094752bd095c32f2b5143a47a9ad9837139837193fb54163b9c3	2023-04-10
FileHash-SHA1	5c7c48d7f3fea2c5e5f950cf83492cda82fda838	SHA1 of 59a16f9faf29768ed027a33dced3dc1cd61c4be814b59070b3ce79e34bb6b963	2023-04-10
FileHash-SHA1	a5aed746e30dc95b0303ccd0dc8671561c066ccb	SHA1 of 87b9b4c99a296003001f8fbac9c6bce260b054a6ce135d6f99449cc3e27ca816	2023-04-10
FileHash-SHA1	d3d256b5ad2497542dbad422e009e47ce939571f	SHA1 of 307b462b554900aa1b0802f4e89752cde49cb4045bc83ac8708578d37ebdadb0	2023-04-10
FileHash-SHA1	eee43890558d207f8232364d42c84af09ba08e80	SHA1 of db086d3a605b003097b60b57556386d8e7044578dcbe734ed1bc188d4f95ff1e	2023-04-10
FileHash-SHA256	1ffe4a7da63a97207035b75ec0d5850d462b801830bc7039f860ab6d029f4fd8	—	2023-04-10
FileHash-SHA256	2cbbd2ddcf06673ed1ad758b71f2df75a21543ea149f15a73773ae90c6f5bce5	—	2023-04-10
FileHash-SHA256	307b462b554900aa1b0802f4e89752cde49cb4045bc83ac8708578d37ebdadb0	—	2023-04-10
FileHash-SHA256	36102822cb63b04fe1ae8268519a7a854a4bd8e763c93fe17908d56838944f4a	—	2023-04-10
FileHash-SHA256	38bdcae9e27d094752bd095c32f2b5143a47a9ad9837139837193fb54163b9c3	—	2023-04-10
FileHash-SHA256	46e79c4fad89248076f6cf7e98aa01dfac657cb66d4ba3eb00544eb96e97886f	—	2023-04-10
FileHash-SHA256	59a16f9faf29768ed027a33dced3dc1cd61c4be814b59070b3ce79e34bb6b963	—	2023-04-10
FileHash-SHA256	6ea3cd8360da5ae8137caa97560ca21e2ffc1e84ca814a160eb629dd84124818	—	2023-04-10
FileHash-SHA256	875d856c37fde99e43deb9fefb56e49a59687aa1fbf830b1b126168a29128e31	—	2023-04-10
FileHash-SHA256	87b9b4c99a296003001f8fbac9c6bce260b054a6ce135d6f99449cc3e27ca816	—	2023-04-10
FileHash-SHA256	d82562a1db289dff5085aee93a4a1bf572ee1ade364205e146a42667e02404d3	—	2023-04-10
FileHash-SHA256	db086d3a605b003097b60b57556386d8e7044578dcbe734ed1bc188d4f95ff1e	—	2023-04-10
FileHash-SHA256	db7d183bfb8be509bd2adc8995a949e8b7ee0de1ea4f616fc1a7d556c9edda08	—	2023-04-10
URL	http://109.206.243.208/2.exe	—	2023-04-10
URL	http://110.182.248.44:35183/.i	—	2023-04-10
URL	http://112.248.115.23:54626/i	—	2023-04-10
URL	http://113.116.88.162:57336/bin.sh	—	2023-04-10
URL	http://114.238.147.43:54099/Mozi.m	—	2023-04-10
URL	http://115.214.13.156:47818/bin.sh	—	2023-04-10
URL	http://115.230.74.20:48832/bin.sh	—	2023-04-10
URL	http://115.46.116.239:33515/bin.sh	—	2023-04-10
URL	http://115.46.116.239:33515/i	—	2023-04-10
URL	http://115.49.1.164:42736/i	—	2023-04-10
URL	http://115.50.99.85:57668/Mozi.m	—	2023-04-10
URL	http://115.54.184.24:38711/i	—	2023-04-10
URL	http://115.56.102.64:33452/bin.sh	—	2023-04-10
URL	http://115.56.102.64:33452/i	—	2023-04-10
URL	http://117.193.110.241:34438/Mozi.m	—	2023-04-10
URL	http://117.194.160.56:58784/Mozi.m	—	2023-04-10
URL	http://117.198.249.168:41106/i	—	2023-04-10
URL	http://117.204.159.198:44183/Mozi.m	—	2023-04-10
URL	http://117.204.95.239:34217/bin.sh	—	2023-04-10
URL	http://117.210.189.221:37350/Mozi.m	—	2023-04-10
URL	http://117.211.34.198:39447/Mozi.m	—	2023-04-10
URL	http://117.211.43.194:49898/Mozi.a	—	2023-04-10
URL	http://117.211.46.40:47138/Mozi.m	—	2023-04-10
URL	http://117.215.240.211:54030/Mozi.a	—	2023-04-10
URL	http://117.216.17.96:36518/Mozi.m	—	2023-04-10
URL	http://117.216.18.217:55080/Mozi.m	—	2023-04-10
URL	http://117.216.20.9:45742/i	—	2023-04-10
URL	http://117.216.28.203:59419/Mozi.m	—	2023-04-10
URL	http://117.217.237.47:56182/mozi.a	—	2023-04-10
URL	http://117.219.112.247:33822/i	—	2023-04-10
URL	http://117.223.88.43:44338/bin.sh	—	2023-04-10
URL	http://117.223.88.43:44338/i	—	2023-04-10
URL	http://117.235.50.207:59865/Mozi.m	—	2023-04-10
URL	http://117.63.30.31:2216/.i	—	2023-04-10
URL	http://120.211.137.183:56911/bin.sh	—	2023-04-10
URL	http://120.211.137.183:56911/i	—	2023-04-10
URL	http://120.211.137.27:32812/Mozi.m	—	2023-04-10
URL	http://120.211.178.96:50109/bin.sh	—	2023-04-10
URL	http://120.211.178.96:50109/i	—	2023-04-10
URL	http://120.211.70.141:52134/bin.sh	—	2023-04-10
URL	http://120.211.70.141:52134/i	—	2023-04-10
URL	http://120.211.70.85:52862/bin.sh	—	2023-04-10
URL	http://121.238.170.49:44686/.i	—	2023-04-10
URL	http://122.142.227.213:50207/bin.sh	—	2023-04-10
URL	http://123.10.53.226:34385/i	—	2023-04-10
URL	http://123.14.119.84:45993/bin.sh	—	2023-04-10
URL	http://123.14.159.220:59079/bin.sh	—	2023-04-10
URL	http://125.44.37.215:57406/i	—	2023-04-10
URL	http://125.46.238.121:39731/Mozi.m	—	2023-04-10
URL	http://125.47.203.12:58216/bin.sh	—	2023-04-10
URL	http://125.47.203.12:58216/i	—	2023-04-10
URL	http://158.255.82.208:53088/Mozi.a	—	2023-04-10
URL	http://163.179.164.164:39512/Mozi.m	—	2023-04-10
URL	http://165.255.82.84:46675/Mozi.m	—	2023-04-10
URL	http://175.170.247.172:35454/Mozi.m	—	2023-04-10
URL	http://175.31.228.12:25450/.i	—	2023-04-10
URL	http://180.115.230.182:43875/Mozi.a	—	2023-04-10
URL	http://182.121.236.18:51909/bin.sh	—	2023-04-10
URL	http://182.122.216.54:57482/Mozi.m	—	2023-04-10
URL	http://182.123.190.200:46884/bin.sh	—	2023-04-10
URL	http://182.123.190.200:46884/i	—	2023-04-10
URL	http://182.124.94.227:60488/i	—	2023-04-10
URL	http://182.126.86.30:49640/Mozi.m	—	2023-04-10
URL	http://182.127.34.135:53956/Mozi.m	—	2023-04-10
URL	http://182.59.107.104:33413/bin.sh	—	2023-04-10
URL	http://190.109.227.149:57614/Mozi.a	—	2023-04-10
URL	http://190.109.232.157:42126/Mozi.a	—	2023-04-10
URL	http://200.110.48.35:34386/Mozi.m	—	2023-04-10
URL	http://201.205.108.66:49043/Mozi.m	—	2023-04-10
URL	http://218.62.216.7:38164/Mozi.a	—	2023-04-10
URL	http://219.156.102.27:48448/Mozi.m	—	2023-04-10
URL	http://219.156.40.150:53486/i	—	2023-04-10
URL	http://222.140.197.145:60213/Mozi.m	—	2023-04-10
URL	http://222.93.248.173:58440/bin.sh	—	2023-04-10
URL	http://27.202.139.204:45035/i	—	2023-04-10
URL	http://27.215.49.44:40873/Mozi.m	—	2023-04-10
URL	http://27.215.80.224:43720/i	—	2023-04-10
URL	http://36.233.58.42:47860/mozi.a	—	2023-04-10
URL	http://39.34.200.193:40484/Mozi.m	—	2023-04-10
URL	http://42.233.56.50:54959/Mozi.m	—	2023-04-10
URL	http://45.234.96.161:45459/i	—	2023-04-10
URL	http://46.103.6.182:1701/.i	—	2023-04-10
URL	http://47.203.13.253:11806/.i	—	2023-04-10
URL	http://51.161.64.200/Dle7Wp/ProtonUniversalUpda...	—	2023-04-10
URL	http://58.255.129.88:54127/Mozi.m	—	2023-04-10
URL	http://59.89.235.101:42961/bin.sh	—	2023-04-10
URL	http://59.92.161.54:32954/Mozi.m	—	2023-04-10
URL	http://59.99.140.20:55236/i	—	2023-04-10
URL	http://61.3.81.35:41990/Mozi.m	—	2023-04-10
URL	http://61.3.99.127:56654/mozi.m	—	2023-04-10
URL	http://61.52.159.66:40586/bin.sh	—	2023-04-10
URL	http://61.52.159.66:40586/i	—	2023-04-10
URL	http://64.237.206.127:57727/Mozi.m	—	2023-04-10
URL	http://78.180.183.119:57446/Mozi.m	—	2023-04-10
URL	http://78.187.83.78:43300/Mozi.m	—	2023-04-10
URL	http://78.26.18.101:50538/Mozi.m	—	2023-04-10
URL	http://82.35.118.45:56053/Mozi.m	—	2023-04-10
URL	http://99.68.146.9:35753/Mozi.m	—	2023-04-10
URL	http://broad.qz.fj.dynamic.163data.co	—	2023-04-10
URL	http://convergeict.com	—	2023-04-10
domain	alter.net	—	2023-04-10
domain	antibotcloud.com	—	2023-04-10
domain	articulaterot.top	—	2023-04-10
domain	ato-aus-i.top	—	2023-04-10
domain	augov-uu.top	—	2023-04-10
domain	cheats4pro.com	—	2023-04-10
domain	citisec-online.co	—	2023-04-10
domain	formsubmit.co	—	2023-04-10
domain	frederikkempe.com	—	2023-04-10
domain	freebusy.io	—	2023-04-10
domain	holdthismoney.site	—	2023-04-10
domain	isns.net	—	2023-04-10
domain	lingaly.pl	—	2023-04-10
domain	lombardodiers.com	—	2023-04-10
domain	lombardodiers.net	—	2023-04-10
domain	majul.com	—	2023-04-10
domain	meubs2pj.com	—	2023-04-10
domain	missrevolt.top	—	2023-04-10
domain	ns8469rfvth42.xyz	—	2023-04-10
domain	online-dib.today	—	2023-04-10
domain	painthenceforth.top	—	2023-04-10
domain	pogothere.xyz	—	2023-04-10
domain	serviclubpromopuntos.club	—	2023-04-10
domain	synovs.com	—	2023-04-10
domain	trigonevo.com	—	2023-04-10
domain	ventinious.com	—	2023-04-10
domain	whoistory.com	—	2023-04-10
hostname	10.14.81.110.broad.qz.fj.dynamic.163data.co	—	2023-04-10
hostname	1234sad-45811.portmap.host	—	2023-04-10
hostname	24367.portmap.host	—	2023-04-10
hostname	26202.portmap.host	—	2023-04-10
hostname	27370.portmap.io	—	2023-04-10
hostname	37978.portmap.io	—	2023-04-10
hostname	38805.portmap.io	—	2023-04-10
hostname	38888.portmap.io	—	2023-04-10
hostname	45525.portmap.host	—	2023-04-10
hostname	45811.portmap.host	—	2023-04-10
hostname	57768.portmap.io	—	2023-04-10
hostname	94.104.32.152.convergeict.com	—	2023-04-10
hostname	brisilda-38805.portmap.io	—	2023-04-10
hostname	cdn.freebusy.io	—	2023-04-10
hostname	cdn.guerrilla-links.com	—	2023-04-10
hostname	cdn.remotecompany.com	—	2023-04-10
hostname	coperate.yallalive.one	—	2023-04-10
hostname	dns57126.phdns22.es	—	2023-04-10
hostname	duffiscool.ddns.net	—	2023-04-10
hostname	hackeroibambini-38888.portmap.io	—	2023-04-10
hostname	horneyolle-37978.portmap.io	—	2023-04-10
hostname	host-157-100-173-127.ecua.net.ec	—	2023-04-10
hostname	ip-211-253.cirebonkab.go.id	—	2023-04-10
hostname	laconjopan.duckdns.org	—	2023-04-10
hostname	mehack1234567.ddns.net	—	2023-04-10
hostname	mehack227.ddns.net	—	2023-04-10
hostname	mehackiscool.ddns.net	—	2023-04-10
hostname	msedge.f.tlu.dl.delivery.mp	—	2023-04-10
hostname	njxyro.ddns.net	—	2023-04-10
hostname	perdigitalocean-26202.portmap.host	—	2023-04-10
hostname	rivindu-45525.portmap.host	—	2023-04-10
hostname	static.whogohost.net	—	2023-04-10
hostname	sunsett-24367.portmap.host	—	2023-04-10
hostname	ten-0-5-0-8.tamp23-ser2.bhn.net	—	2023-04-10
hostname	thechappylant-27370.portmap.io	—	2023-04-10
hostname	ts201-smtpout81.ddc.teliasonera.net	—	2023-04-10
hostname	vcctggqm3t.dattolocal.net	—	2023-04-10
hostname	vmqwerty.duckdns.org	—	2023-04-10
hostname	wattychapo-57768.portmap.io	—	2023-04-10
hostname	web.nicolaschaulin.fr	—	2023-04-10
hostname	wpika-54902.portmap.io	—	2023-04-10
hostname	www.aheatea.com	—	2023-04-10
hostname	www.lombardodiers.co	—	2023-04-10
hostname	www.lombardodiers.com	—	2023-04-10
hostname	www.maaspros.com	—	2023-04-10
hostname	www.testcontainers.org	—	2023-04-10

References (2)

↗ https://www.senderscore.org/ ↗ https://www.silobreaker.com/category/threat-reports/