Closed g0d33p3rsec closed 2 weeks ago
Damned, this is teen records in one..., will solves this for you, as you are a big supplier of info
Damned, this is teen records in one..., will solves this for you, as you are a big supplier of info
Sorry about that. I wasn't sure which approach would be best. It felt like it made sense to keep the group together to show the relation. What would be the best way to keep this sort of information organized here? A parent post with the host IP then reference the derived domains and C2?
Comments
This IP is hosting several domains that are being used to distribute MeduzaStealer. When the file is viewed on VirusTotal, the string
{"C2 url": "79.137.197.154:15666"}
is visible in the Decoded Text section of the behavior report. Viewinghttp://79.137.197.154/
shows the login screen for the C2 dashboard.Wildcard domain records
Sub-Domain records
No response
Hosts (RFC:953) specific records, not used by DNS RPZ firewalls
No response
SeafeSearch records
No response
Screenshots
Screenshot
![346371493-de0b7280-a2d9-4218-8050-44caac4db34a](https://github.com/mypdns/matrix/assets/108126637/f88406a5-b23f-4363-857f-81eb5762f40e) ![346370414-1f4a869c-b047-421e-a128-fcb56ba545e8](https://github.com/mypdns/matrix/assets/108126637/4f446329-8f95-4270-8103-b583ba6d0576) ![346370414-1f4a869c-b047-421e-a128-fcb56ba545e8-1](https://github.com/mypdns/matrix/assets/108126637/c45cb70b-9906-406d-a63c-e4e7fc9f6bb0) ![346371553-5b6ae09b-07d3-4382-a23c-2691579dd9ef](https://github.com/mypdns/matrix/assets/108126637/c0142eb9-50f2-4579-ab42-9013f0257084) ![346371630-6877c4cb-00eb-4c72-b9e7-4a2e4271c1a4](https://github.com/mypdns/matrix/assets/108126637/cf252336-e320-44ff-9e73-9c11eb96a268)Links to external sources
logs from uBlock Origin
N/A