LegionLoader Indicators of Compromise
Domains
- classifier[.]cc
- colors[.]cc
- config[.]cc
- contributing[.]md
- differ[.]cc
- graph[.]cc
- instruction[.]cc
- points[.]cc
- portable[.]cc
- reader[.]cc
- signature[.]cc
- sqlite[.]cc
- test[.]cc
- util[.]cc
- writer[.]cc
- cleanactiveapp[.]monster
- dipsos-troak[.]com
- eliteleaderapp[.]monster
- elitenewapp[.]monster
- extragrandapp[.]monster
- fatal-hit[.]com
- flash-hit[.]com
- flash3hit[.]com
- freeleaderapp[.]monster
- freepowerapp[.]monster
- getglobal[.]monster
- lamotionpicture[.]com
- linefreeapp[.]monster
- runstarapp[.]monster
- safegrandapp[.]monster
- safepowerapp[.]monster
- saveactiveapps[.]monster
- sendspeed[.]monster
- topgrandapp[.]monster
- topstarapp[.]monster
- vikincdesigns[.]com
- webabilityapp[.]monster
- webnewapp[.]monster
- webrecentapp[.]monster
URLs
- hxxps://dipsos-troak[.]com
- hxxps://dipsos-troak[.]com/s/dl/AD6CXWf9YAUA0oICAEVTFwAMAAAAAABB/011258[.]7z
- hxxps://dipsos-troak[.]com/s/dl/AF91XGf9YAUA0oICAEVTFwAMAAAAAACx/051247[.]7z
- hxxps://elitenewapp[.]monster/
- hxxps://topgrandapp[.]monster/
- hxxp://fatal-hit[.]com/front[.]php
- hxxp://flash-hit[.]com/front[.]php
- hxxp://flash3hit[.]com/front[.]php
- hxxp://lamotionpicture[.]com/front[.]php
- hxxp://vikincdesigns[.]com/front[.]php
- hxxps://cleanactiveapp[.]monster/
- hxxps://eliteleaderapp[.]monster/
- hxxps://extragrandapp[.]monster/
- hxxps://freeleaderapp[.]monster/
- hxxps://freepowerapp[.]monster/
- hxxps://getglobal[.]monster
- hxxps://linefreeapp[.]monster
- hxxps://runstarapp[.]monster/
- hxxps://safegrandapp[.]monster/
- hxxps://safepowerapp[.]monster/
- hxxps://saveactiveapps[.]monster/
- hxxps://sendspeed[.]monster/
- hxxps://topstarapp[.]monster/
- hxxps://webabilityapp[.]monster/
- hxxps://webnewapp[.]monster/
- hxxps://webrecentapp[.]monster/
File Hashes (MD5)
CopyEdit0137c0f33db7427db32f4f24827a8016
0b5d9b80c9bbee71482202720d1bbc3a
269f7cb81ed6d7e9c1794414d6ebc4e7
3f86649d211a7faea0cf75296e3ed3c8
4756fa2af7d98078f29911d5ffc90ec7
4f865cc0fc61a8ae23cc59848a1bbda7
503c7360ab382c2c6d3e990bb67b389d
63ae890faf14d8a5c2e43654584c9664
70a9a5c89b0bb7b8a61515131e3d49f0
76dff166148ec7f9d05a1592a9484c01
87d5c7bc89c56cbbf79afbd195e1666a
908431381d588caea53a651679dacee8
91f3ac3f3849c6b7d97ab5b7562a5627
964ac63249ff18cb510de0f5fcb19255
97a42de72ada85aaa4198559779b58b0
a7a7c8193e0756a85269c58c8b7fbf2e
be06ce0c5e2e80bbca434c894e3da133
cc041f6ca77fbb37f083e557ed051055
e7099e87e04daeb27ea4421c34c49b60
f5d3ec64ca35214424673823c1e535e5
f7e61f06fc606f68b1f8a6270752b832
File Hashes (SHA1)
CopyEdit14080e23ff278eae8e1c16ac0bdc54ec3db86e36
1f473c1f0392ba1aa323a4fa6cc296c5ff1eceb1
1f9c66553b079f34990d691a2d3c54ff1cc4decd
20437caaa4517ed1bbfe07b47aa72fd249d4caa9
40ea26cbe3313f8651b19e5bd97e332296ea22d7
67f930207515ef5ec6550e2d63fc9e4c98e81333
77a5fbef515fcb2baae879a3dedd757fcc3412a8
77ac7e4b25df732c8333b7332d5590b9a893f514
8077203aa10604e5cbaf48f30e091ee52d9082ef
815c64177cb79c0fe9a2c48c5d2002275c97b19c
8d2b4373e55eee815b0479004a304d7f54e2d8ae
a31767b17b928b77075499a516a792c51b9b424f
ed6e109b22693158f77d0ec55f5c1345aaeb4e3b
f74e6b2283d72771b2917981ea4537b4f244dda8
f82bd3fcaa544b51d41a4ab5f54f7229c09383e5
File Hashes (SHA256)
wasmCopyEdit038cbe87c4ddb39e7c7accc95d221950d96f2adb0649acaaea60258255c203a6
082a0596b474806cc0ea58c4f7067a4f1166dbb4aa1800bc58af6f99f1209a4a
17be6c8a4cf914056e5cb5d6a1d087069bd4c8d5a3ed104fefeace42c4fc6083
1a43da62d09a56f50e2797cffb77001027461a6b5ef0713c63d96c60bf8ecadd
1f8ec7a76f4486fdff94743275b2d65e1e4c871f7f933ed5c65c1dfca22909be
21d325a59140755b3cf6b075d5e157f37c2771deb29ae7756092fa8978209f77
23d0db70ba7848789fa117d25f2e94936cf06e58a03fc36647defdd91bf6f1ca
23f064df01ee9eedf9e1341185505b86148873ccc0a922c64bb085ceb5b091fc27e48b5e7925fdc17bef8b7efb8576ee336dbfba31b5f3296bfa9d33c906e385
2eae05e829f353c9a8d01683187eb759dbf73f90ccd435f03d46761b03247fbd