Skip to content

Commit

Permalink
Updated 2024-06-12-IOCs-for-Koi-Loader-Stealer-infection.txt
Browse files Browse the repository at this point in the history
  • Loading branch information
@brad-duncan
brad-duncan authored Jun 12, 2024
1 parent 6f15ede commit 38f6b42
Showing 1 changed file with 6 additions and 1 deletion.
7 changes: 6 additions & 1 deletion 2024-06-12-IOCs-for-Koi-Loader-Stealer-infection.txt
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,10 @@
2024-06-12 (WEDNESDAY): KOI LOADER/KOI STEALER INFECTION

REFERENCES:

- https://www.linkedin.com/posts/unit42_koiloader-koistealer-unit42threatintel-activity-7206786128199258113-2y7y
- https://x.com/Unit42_Intel/status/1801020508755869718

INITIAL REFERENCES:

- https://x.com/V3n0mStrike/status/1800549934975869433
Expand Down Expand Up @@ -55,4 +60,4 @@ C2 TRAFFIC FOR KOI STEALER:

- 89.251.22[.]227 port 80 - 89.251.22[.]227 - POST /guacos.php HTTP/1.1
- 89.251.22[.]227 port 80 - 89.251.22[.]227 - GET /index.php?id=&subid=gDfS4DCY HTTP/1.1
- 89.251.22[.]227 port 80 - 89.251.22[.]227 - POST /index.php HTTP/1.1
- 89.251.22[.]227 port 80 - 89.251.22[.]227 - POST /index.php HTTP/1.1

0 comments on commit 38f6b42

Please sign in to comment.