IOCs

ipaddress:

194.165.16.24
104.244.73.126
109.201.133.100
162.247.74.27
166.78.48.7
171.25.193.78
185.100.87.202
185.129.62.62
185.220.100.240
185.220.100.241
185.220.100.242
185.220.100.243
185.220.100.246
185.220.100.249
185.220.100.250
185.220.100.252
185.220.100.254
185.220.100.255
185.220.101.134
185.220.101.136
185.220.101.140
185.220.101.143
185.220.101.144
185.220.101.151
185.220.101.155
185.220.101.161
185.220.101.162
185.220.101.164
185.220.101.166
185.220.101.168
185.220.101.172
185.220.101.174
185.220.101.176
185.220.101.181
185.220.101.191
185.220.101.34
185.220.101.37
185.220.101.39
185.220.101.40
185.220.101.42
185.220.101.43
185.220.101.46
185.220.101.5
185.220.101.50
185.220.101.51
185.220.101.53
185.220.101.54
185.220.101.56
185.220.101.57
185.220.101.61
185.56.80.65
193.218.118.158
194.32.107.159
194.32.107.187
194.88.143.66
199.195.250.77
23.129.64.216
23.154.177.4
45.13.104.179
45.154.255.147
45.61.185.90
46.166.139.111
5.2.69.50
51.15.43.205
62.102.148.68
62.102.148.69
81.17.18.62

hash:

027d74534a32ba27f225fff6ee7a755f
0a0c43726fd256ad827f4108bdf5e772
24c49e4c75c6662365e10bbaeaeecb04
2e5724e968f91faaf156c48ec879bb40
3192e913ed0138b2de32c5e95146a24a
40024288c0d230c0b8ad86075bd7c678
43fcb5f22a53a88e726ebef46095cd6b
59690bd935184f2ce4b7de0a60e23f57
5f77c32c37ae7d25e927d91eb3b61c87
6b42a9f10db8b11a15006abced212fa4
6c05637c29b347c28d05b937e670c81e
7ef9d37e18b48de4b26e5d188a383ec8
7f4e74e15fafaf3f8b79254558019d7f
989dd7aa17244da78309d441d265613a
dd4b6e2750f86f2630e3aea418d294c0
e82135951c3d485b7133b9673194a79e
fd84b2f06f90940cb920e20ad4a30a63

ipport:

194.165.16.24:53
194.165.16.24:443

domain:

webserv.systems

url:

http://179.60.150.23:8000/xExportObject.class
ldap://179.60.150.23:1389/o=tomcat
http://194.165.16.24:8229/b1t_1t.sh
http://194.165.16.24:8228/b1t
http://194.165.16.24:8228/b1t
http://194.165.16.24:8228/_run.sh
http://194.165.16.24:8228/run.sh
http://194.165.16.24:8228/share.sh
http://194.165.16.24:8228/b1t
http://194.165.16.24:8228/run.sh
http://194.165.16.24:8228/run.sh
http://194.165.16.24:8229/b4d4b1t.elf