backoff Malware IOCs

Jul 05, 2023 Malware

Overview

Opendir containing Backoff RAT and config was detected hosted by Chinese VPS.

IOCs

IPv4

180.76.133.152
8.210.210.166
8.210.125.65
8.210.62.234

Files

fly.php

dHJvamFuOi8vR0FSWUVMMkBmdXFpYW5nLndvb2dlMTIzLnRvcDoyMDQwNCNoazAxCnRyb2phbjovL0dBUllFTDJAZnVxaWFuZzMud29vZ2UxMjMudG9wOjIwNDA0I2hrMDIKdHJvamFuOi8vR0FSWUVMMkB0cm9qYW4uc3VwZXJlcG94eXJlc2luLmNvbToyMDI0NSNoazAzCg==

Decoded

trojan://GARYEL2@fuqiang.wooge123.top:20404#hk01
trojan://GARYEL2@fuqiang3.wooge123.top:20404#hk02
trojan://GARYEL2@trojan.superepoxyresin.com:20245#hk03

Share on: