GossiTheDog’s gists

GossiTheDog / Native-Windows-Useragents-malicious.txt

Last active September 6, 2024 09:21 — forked from trietptm/Native-Windows-Useragentss.txt

Native Windows UserAgents for Threat Hunting

	//Invoke-WebRequest in Powershell - manually whitelist legit content first:
	Mozilla/WindowsPowerShell/

	System.Net.WebClient.DownloadFile():
	None

	//Start-BitsTransfer - manually whitelist legit content first:
	Microsoft BITS/*

	//certutil.exe - manually whitelist legit content first:

GossiTheDog / NoName Ddosia new client info - 31-01-2024

Created January 31, 2024 22:26

NoName Ddosia new client info - 31-01-2024

	NoName Ddosia new client info - 31/01/2024

	New C2
	77.83.246.159 - gir.network again

	File hashes
	c7240651c2cddd3468ab741a1c48674e6a8be803c59f2690d550e80a45fd3fe0
	61c928d2db9a81a841edb06c77d07f26b3acf7e2d39b95916ff395ee151a29fe
	a70016e24a11fef4982f31a8fa145040c485d0d5dc91be1ac994232f4ec55a93
	883d4b478543af279058925351a629cf75b0023c33a468d213b318f5cafec9ea

GossiTheDog / NoName Ddosia new client info - 01-02-2024

Created February 1, 2024 18:02

NoName Ddosia new client info - 01-02-2024

	NoName Ddosia new client info - 01/02/2024

	New C2
	188.116.20.254- ROKO Networks Ltd - [email protected]

	File hashes

	4f33f905a60d9589a14239edb2f5838240d85153a5d10612bcd4f7a5b1ae2cfc
	729d343f7748ceacd04aae48fe7cb40327e6fe45a2a6b0f286ac11f0f216b340
	2599de0c4500c2997b78eb2c598f876756f217008e8fae3e07de7d578247c631

GossiTheDog / NoName Ddosia new client info - 02-02-2024

Created February 2, 2024 15:26

NoName Ddosia new client info - 02-02-2024

	NoName Ddosia new client info - 01/02/2024

	New C2
	45.89.55.4 - Stark Industries Solutions - London

	File hashes
	50a6736f9e5ed7ef9ee6e7fc3947c62785f08f957453b0f180d990053d2acadd
	0bd18838ea6d5f84f656261d1468306cc7d4b6efc1c3a79883b12a37c43dd010
	1d3434347e592d8a4314aecb611f182d6dc2cedc34a7629444888d06ddc59fe0
	1e7c560df41149951d6f3c73134ccf2f47bb78b673853697824a9722f98d4c1e

GossiTheDog / NoName Ddosia new client info - 04-02-2024

Created February 4, 2024 22:43

	New C2
	193.233.193.90 - huize.asia, Hong Kong

	File hashes

	6e9cfeaada4e187ea3b330cea1c9c1ad5b0fce7b9164a163a73f2940a2e4089c
	18982189f89802c4d2326569e01a1df609c35beddf3ac2159b181ebe0482824e
	c08fbe08fd132227e6fbd6d26993f1f4adb82d31b4d828aed185a0a810d98f1f
	01626688a1a3bfc9c734f35ca6cdb7975ecdf7b703e384ef9c6b886ee02dd80d
	2cb083dc0df09ad64f87caeb0a093f0db46b1c3432cc7a7ca323c07d98fe4be2

GossiTheDog / NoName Ddosia new client info - 06-02-2024

Created February 6, 2024 12:40

NoName Ddosia new client info - 06-02-2024

	New C2
	185.234.66.126 - pq.hosting, Netherlands

	File hashes
	f225c445975b7f9085252704a2beb105767d24080e29a5a3ec7bd11de5a3e1f0
	b36de199aeb5decf804c980ff3ab011e6890c4f8fa84b31b5732a5a17212ccb4
	4b27a87ecc57d8defa53a2fdb162a45055ca519f924d6b549c424bc259f4ec2b
	facd81cdaf9f9775e4a0db910fe99d0989e2b23f7ed6b88e136ad9209604ce28
	3e6c97d68ed22e2175efa224efc1696cb5c8c05075dedf66850b7683eafb3378
	8483092fe069c4cfca9cdb5d3e637095e75584bc1ff5789742e2bc2e81bc386e

GossiTheDog / NoName Ddosia new client info - 07-02-2024

Created February 7, 2024 15:41

NoName Ddosia new client info - 07-02-2024

	New C2
	45.136.199.235

	New file hashes
	77d48b8a3be120ddb21fd39fc78816db40c4b2d5192ea7d2ee01fd2cc2b25632
	70a1115e90290be240b9fa5dc46dd255b4b0cdf135930618d766b599791e31a5
	f1b27c49e442b685e1ee54f033eab178329153b9490b75f287a82fe4dac1e72e
	5ed551237b3ea1f317735a89b23e3591deab908115a24298e92dab32d4ae45ef
	509486ee29e34a3a969aee23745df35e0d87a68cce6d46b8b351b57b53138ed4
	1f16fe46759103d47dd9b3dcfc44a3c5b41b07ee12490ae8de0efc2d7765798e

GossiTheDog / NoName Ddosia new client info - 08-02-2024

Created February 8, 2024 09:48

NoName Ddosia new client info - 08-02-2024

	New C2
	83.217.9.33 - iptk.ru, Turkey

	New file hashes

	52242c406e0c030568054294b0cead3e9dca3ae913fe37453092a97d2f312efa
	256fd2f2559f40da2590dc304c136e3cc0c70eccfc894cc22c8947aab8b8fc9a
	ebf5e0d1b00bcf81800f5944db68ae4d83c05ac7025e2a4a53ee478258f451f0
	54abe86d823d867351a43bed5c3b25a8fbc2164ad00b1e4ea772de6905ce86e1
	3ed0c1ec2da77f8e25411bf7dc650a4a6fd015a544c787fdc7c2056de08bf83b

GossiTheDog / NoName Ddosia new client info - 08-02-2024 - round two

Created February 8, 2024 14:30

NoName Ddosia new client info - 08-02-2024 - round two

	New C2
	45.84.0.235 - stark-industries.solutions - Moldova

	New file hashes
	343e4dd1d733aba03b436583ba79ea11d996896d5951bf8841a7f39173721c55
	b770b3cc6c33d1c7b816b9237af0f3c773835e66a63b930f14ad237df3500681
	a89f264ac38a76c0e11fea7a36c490d41eedaecc162e4d6118681d2e43cea446
	b8c3508c5fe6c011f7d0ce052422e635a9355a022c5a40d3f8277e46bddfeba0
	e3163ddb5073b399b0ab05cf4014512f5808f0e36feceb16cc4bff46c0ea862a
	bbde2f2fabfae4f21865b99c5113ddd3b1cc46d64ec87c2213bdaf2fdc78925e

GossiTheDog / NoName Ddosia new client info - 08-02-2024 - round three

Created February 8, 2024 17:45

NoName Ddosia new client info - 08-02-2024 - round three

	New C2
	193.187.175.252 - itos.biz, France

	New file hashes
	0f0a3a35357bdac7131ebd7845cc1203ba9675c92893c01ed9e9a6fadd23f96e
	d0b6c99f96ce9dd407b7d99e842b691a72e215ae77dff427fc5849cac1676e5b
	054a2fd948f009c8fb5626a641b734b6804741c5564a6eec0d01adc76a6d15a3
	1746e6a5a39d5d763510a035c81cdb00b26f8df150b399a25f1eed20124cbf8c
	0e27df3ee85d3fe430ab1b630a0084392e4833fa9d86d4fe7c2b794b2f4572ce
	0a76671492464cf7c3c6252823fd04fa6baddbba6d023286076f1556d698ff02

Kevin Beaumont GossiTheDog