Pulse Detail — Threat Intelligence

PULSE NAME

Stealer Malware (Hash / C2)

WHITE IndoOpenThreatXchange 2024-07-24 Modified: 2025-01-15

802

IOCs

HIGH VOLUME

Malware that stealing capabilities like Vidar, Raccoon, Mars, and Redline (will update in the future). any detection from internal network from this otx pulse indicates data leak. please fullscan your endpoint using antivirus and make sure change your all password. Family : Steal C Malware; Redline Stealer; Flame Stealer; Lumma Stealer; Cheana Stealer; Gomorra Stealer; Meduza Stealer; Hawkeye Malware; Node Stealer; Amatera Stealer ; Last Update : 16/12/2024 (Update Lumma Stealer, Add Amatera Stealer, Telegram Stealer and other)

Stealer

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1041 T1003

Indicators of Compromise (73 / 802 total)

All IPv4 FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain hostname URL

TYPE	INDICATOR	DESCRIPTION	CREATED
IPv4	40.86.87.10	CC=US ASN=AS8075 MICROSOFT-CORP-MSN-AS-BLOCK	2024-07-24
IPv4	45.152.114.233	CC=NL ASN=AS56971 Cgi Global Limited	2024-07-24
IPv4	85.28.47.30	CC=RU ASN=AS216319 Chromis It Ltd	2024-07-24
IPv4	89.169.54.23	CC=DE ASN=AS210644 Aeza International Ltd	2024-07-24
IPv4	146.70.86.139	CC=NL ASN=AS9009 M247 Europe SRL	2024-07-24
IPv4	146.70.86.49	CC=NL ASN=AS9009 M247 Europe SRL	2024-07-24
IPv4	185.106.93.99	CC=TR ASN=AS210644 Aeza International Ltd	2024-07-24
IPv4	185.216.70.126	CC=BG ASN=AS215240 Silent Connection Ltd.	2024-07-24
IPv4	188.245.82.177	CC=DE ASN=AS24940 Hetzner Online GmbH	2024-07-24
IPv4	194.116.214.29	CC=FR ASN=AS56971 Cgi Global Limited	2024-07-24
IPv4	194.55.186.27	CC=US ASN=AS50580 Mario Networks Limited	2024-07-24
IPv4	217.138.215.82	CC=NL ASN=AS9009 M247 Europe SRL	2024-07-24
IPv4	5.230.253.197	CC=DE ASN=AS12586 GHOSTnet GmbH	2024-07-24
IPv4	85.28.47.101	CC=RU ASN=AS216319 Chromis It Ltd	2024-07-24
IPv4	89.110.74.220	CC=NL ASN=AS216071 Servers Tech Fzco	2024-07-24
IPv4	91.92.244.238	CC=BG ASN=AS394711 LIMENET	2024-07-24
IPv4	94.156.79.31	CC=BG ASN=AS215240 Silent Connection Ltd.	2024-07-24
IPv4	172.93.223.99	CC=US ASN=AS133643 EWEBGURU	2024-09-23
IPv4	185.196.8.126	CC=CH ASN=AS42624 Global-Data System IT Corporation	2024-09-23
IPv4	77.91.77.180	CC=DE ASN=AS210644 Aeza International Ltd	2024-09-23
IPv4	38.150.13.6	CC=HK ASN=AS202662 Hytron Network Services Limited	2024-09-23
IPv4	185.215.113.16	CC=SC ASN=AS51381 1337team Limited	2024-09-23
IPv4	185.215.113.19	CC=SC ASN=AS51381 1337team Limited	2024-09-23
IPv4	45.80.158.31	CC=NL ASN=AS210558 1337 Services GmbH	2024-09-23
IPv4	80.66.75.214	CC=RU ASN=AS211849 Kakharov Orinbassar Maratuly	2024-09-23
IPv4	172.247.44.218	CC=US ASN=AS40065 CNSERVERS	2024-09-23
IPv4	185.208.158.115	CC=US ASN=AS42624 Global-Data System IT Corporation	2024-09-23
IPv4	95.164.47.211	CC=DE ASN=AS44477 Stark Industries Solutions Ltd	2024-09-23
IPv4	147.45.47.155	CC=RU ASN=AS215789 Karina Rashkovska	2024-09-23
IPv4	149.104.29.1	CC=HK ASN=AS139659 LUCIDACLOUD LIMITED	2024-09-23
IPv4	154.216.18.105	CC=HK ASN=AS215240 Silent Connection Ltd.	2024-09-23
IPv4	154.216.20.42	CC=HK ASN=AS215240 Silent Connection Ltd.	2024-09-23
IPv4	185.208.158.116	CC=US ASN=AS42624 Global-Data System IT Corporation	2024-09-23
IPv4	193.109.85.54	CC=RU ASN=AS209641 I-servers Ltd	2024-09-23
IPv4	193.109.85.61	CC=RU ASN=AS209641 I-servers Ltd	2024-09-23
IPv4	193.109.85.78	CC=RU ASN=AS209641 I-servers Ltd	2024-09-23
IPv4	193.109.85.79	CC=RU ASN=AS209641 I-servers Ltd	2024-09-23
IPv4	31.41.244.10	CC=RU ASN=AS57678 Cat Technologies Co. Limited	2024-09-23
IPv4	45.202.35.101	CC=US ASN=AS215208 Dolphin 1337 Limited	2024-09-23
IPv4	77.105.132.27	CC=DE ASN=AS216300 Closed Joint Stock Company AbkhazMedia	2024-09-23
IPv4	77.91.77.81	CC=DE ASN=AS210644 Aeza International Ltd	2024-09-23
IPv4	79.137.192.15	CC=RU	2024-09-23
IPv4	89.23.103.42	CC=NL ASN=AS215540 Global Connectivity Solutions Llp	2024-09-23
IPv4	94.232.249.157	CC=NL ASN=AS214927 Psb Hosting Ltd	2024-09-23
IPv4	94.232.249.206	CC=NL ASN=AS214927 Psb Hosting Ltd	2024-09-23
IPv4	109.107.181.162	CC=DE ASN=AS210644 Aeza International Ltd	2024-11-15
IPv4	109.120.140.242	CC=DE ASN=AS210644 Aeza International Ltd	2024-11-15
IPv4	109.120.177.224	CC=DE ASN=AS210644 Aeza International Ltd	2024-11-15
IPv4	109.172.94.66	CC=DE ASN=AS210644 Aeza International Ltd	2024-11-15
IPv4	111.90.148.191	CC=MY ASN=AS45839 Shinjiru Technology Sdn Bhd	2024-11-15
IPv4	147.45.44.212	CC=RU ASN=AS215789 Karina Rashkovska	2024-11-15
IPv4	150.241.92.160	CC=FR ASN=AS210644 Aeza International Ltd	2024-11-15
IPv4	150.241.98.41	CC=DE ASN=AS210644 Aeza International Ltd	2024-11-15
IPv4	157.254.223.253	CC=US ASN=AS213186 Yanoor Islam Khan	2024-11-15
IPv4	176.124.204.206	CC=DE ASN=AS210644 Aeza International Ltd	2024-11-15
IPv4	176.124.205.86	CC=US ASN=AS210644 Aeza International Ltd	2024-11-15
IPv4	178.236.247.3	CC=US ASN=AS210644 Aeza International Ltd	2024-11-15
IPv4	185.125.230.40	CC=NL ASN=AS210644 Aeza International Ltd	2024-11-15
IPv4	194.87.189.21	CC=DE ASN=AS210644 Aeza International Ltd	2024-11-15
IPv4	194.87.29.74	CC=DE ASN=AS210644 Aeza International Ltd	2024-11-15
IPv4	195.133.18.88	CC=DE ASN=AS210644 Aeza International Ltd	2024-11-15
IPv4	212.23.222.212	CC=PL ASN=AS201814 MEVSPACE sp. z o.o.	2024-11-15
IPv4	37.27.104.29	CC=FI ASN=AS24940 Hetzner Online GmbH	2024-11-15
IPv4	45.130.145.152	CC=AE ASN=AS50340 JSC Selectel	2024-11-15
IPv4	45.136.50.73	CC=NL ASN=AS58061 Scalaxy B.V.	2024-11-15
IPv4	45.66.228.64	CC=DE ASN=AS215439 Play2go International Limited	2024-11-15
IPv4	62.113.200.103	CC=DE ASN=AS47447 23M GmbH	2024-11-15
IPv4	62.60.217.17	CC=DE ASN=AS210644 Aeza International Ltd	2024-11-15
IPv4	89.169.53.23	CC=DE ASN=AS210644 Aeza International Ltd	2024-11-15
IPv4	89.22.239.174	CC=SE ASN=AS210644 Aeza International Ltd	2024-11-15
IPv4	95.181.173.98	CC=US ASN=AS210644 Aeza International Ltd	2024-11-15
IPv4	129.204.194.84	CC=CN ASN=AS45090 Shenzhen Tencent Computer Systems Company Limited	2024-11-15
IPv4	204.141.42.56	CC=US ASN=AS2639 ZOHO-AS	2024-11-15