add indicators related to infection chain found at 185.156.72.2

[g0d33p3rsec]

Phishing Domain/URL/IP(s):

49.12.106.231
62.60.226.191
77.83.207.69
185.156.72.2
185.156.72.8
185.156.72.96
185.254.96.157
193.41.226.231
16.16.4t.com
anesthwtcm.run
araucahkbm.live
blackswmxc.top
cornerdurv.top
crocodilefg.top
dogalmedical.org
easterxeen.run
fanpuy.com
featurlyin.top
flowerexju.bet
hasdjputa.site
jackthyfuc.run
laminaflbx.shop
laminaflbx.shop
lonehunqpom.life
medikalbitkisel.org
meteorplyp.live
narrathfpt.top
onehunqpom.life
overcovtcg.top
posseswsnc.top
rocketlump.com
sifeaturlyin.top
tfeaturlyin.top
toptalentw.top
ublackswmxc.top
uovercovtcg.top
venaetdqfn.run
victoreqs.run
viridisw.top
wolverineas.top
wonehunqpom.life
yonehunqpom.life
zmedtipp.live
http://185.156.72.2/test/exe/random.exe
http://185.156.72.2/testmine/random.exe
http://185.156.72.96/te4h2nus/index.php
http://185.156.72.2/files/7119420249/9gDAOjO.exe
http://185.156.72.2/newdef/random.exe
http://185.156.72.2/files/6242777811/wdGu2fq.exe
http://185.156.72.2/files/6003232782/oxDU0MW.exe
http://185.156.72.2/files/5297474040/eETeAyL.exe
http://185.156.72.2/files/7453936223/08IyOOF.exe
http://185.156.72.2/files/5494432675/ZGSI81i.exe
http://185.156.72.2/files/740061926/ra02W4S.exe
http://185.156.72.2/files/5765828710/Nac4XO2.exe
http://185.156.72.2/files/5675500188/lIYv4it.exe
http://185.156.72.2/files/5675500188/dutIbNV.exe
http://185.156.72.2/files/5795480469/A2vn0Mb.exe
http://185.156.72.2/files/6723359323/FxefytI.exe
http://185.156.72.2/files/5373782173/kcOE8k8.exe
http://185.156.72.2/files/7970347270/e18ROnk.exe
http://77.83.207.69/test/amnew.exe
http://185.156.72.2/files/unique2/random.exe
http://185.156.72.2/files/unique1/random.exe
http://185.156.72.2/luma/random.exe
http://185.156.72.2/off/random.exe
http://185.156.72.2/well/random.exe
http://185.156.72.2/files/fate/random.exe
http://77.83.207.69/rob75u9v/index.php
https://github.com/legendary99999/gvdsgvdfvdfv/releases/download/fsdavdafvafv/legedddd.exe
https://github.com/legendary99999/bvfdvdfsvdsf/releases/download/sdvadfsvadf/cron.exe
https://github.com/legendary99999/fdsgsdgaafg/releases/download/sdfbsdgbfadbda/alex12312321312.exe
https://github.com/legendary99999/dsafgasfasf/releases/download/adfbadfbadfb/oldsfsdf.exe
https://pastebin.com/raw/rFcK9sdX
https://t.me/coscossk
https://t.me/eom25h
https://t.me/wermnjgk34
https://steamcommunity.com/profiles/76561199843888646/
https://hasdjputa.site/api/log
https://steamcommunity.com/profiles/76561199845513035
https://fanpuy.com/zxod
https://rocketlump.com/hdz
https://medikalbitkisel.org/pek
https://dogalmedical.org/xap
https://victoreqs.run/xapw
https://viridisw.top/qwed
https://toptalentw.top/qena
https://crocodilefg.top/qeji
https://wolverineas.top/xadw
https://steamcommunity.com/profiles/76561199855598339
https://49.12.106.231
http://185.254.96.157:3324/download/file?name=aaa.exe
http://185.156.72.8/diamo/post.php
http://62.60.226.191/diamo/post.php
http://185.156.72.8/zpaxpjz/get.php
http://185.156.72.196/info
http://185.156.72.196/update
http://185.156.72.196/service
http://185.156.72.196/ycl
https://cornerdurv.top/adwq
https://narrathfpt.top/tekq
https://jackthyfuc.run/xpas
https://wonehunqpom.life/zpxd
https://laminaflbx.shop/twoq
https://overcovtcg.top/juhd
https://blackswmxc.top/bgry
https://posseswsnc.top/akds
https://tfeaturlyin.top/pdal
https://meteorplyp.live/lekp
https://flowerexju.bet/lanz
https://zmedtipp.live/mnvzx
https://easterxeen.run/zavc
https://araucahkbm.live/baneb
https://uovercovtcg.top/juhd
https://featurlyin.top/pdal
https://sifeaturlyin.top/pdal
https://lonehunqpom.life/zpxd
https://anesthwtcm.run/ladj
https://yonehunqpom.life/zpxd
https://onehunqpom.life/zpxd
https://laminaflbx.shop/twoq
https://ublackswmxc.top/bgry
https://16.16.4t.com/

Impersonated domain

Describe the issue

I found a file on URLhaus, http://185.156.72.2/test/exe/random.exe that kicks off an infection chain leading to a mess of malware.

http://185.156.72.2/test/exe/random.exe	e0bf449d9bd144db6c38d20c28649f8331de61aa9d8bc582942a20ce7c92131e
http://185.156.72.2/testmine/random.exe	e29a3db17025e34336b10d36e5dd59ff5d1ac07ada8df0cddba0d3f3db689f65
http://185.156.72.2/files/7119420249/9gDAOjO.exe	43245dbe1605cf981329b2736800b1c60ee6195cbeee06007236040c073d8a05
http://185.156.72.2/newdef/random.exe	7603220bb8d1de4d8b2851fb753d35d9dba0ffeefe911a4ab2c08b9bd61ba096
http://185.156.72.2/files/6242777811/wdGu2fq.exe	28ae2d2994f7121416dfbd876a6c04c762d761225973f3b7f38b158155f6b2d9
http://185.156.72.2/files/6003232782/oxDU0MW.exe	a94c30191ea73419ebf08919e8a1c8ea0ace0e5d05da21e3692ed8a91f96c659
http://185.156.72.2/files/5297474040/eETeAyL.exe	69e5df64a26a033f5a84c3948adf7469b85b03735fc28fa089a738cca730a851
http://185.156.72.2/files/7453936223/08IyOOF.exe	e13f38636c5776a92885f62831bc323f843256c147eafcd79eafe96762a6145a
http://185.156.72.2/files/5494432675/ZGSI81i.exe	4b49ecdac3221f60f27bf1fc2950f86a5ff640fab62729c4a6a84717a828bb3c
http://185.156.72.2/files/740061926/ra02W4S.exe	e596bea77a032d4d8887eb905db0ecfc3b5bb4b90b70913dcbb19fbaf909b7b5
http://185.156.72.2/files/5765828710/Nac4XO2.exe	4e0a86084741ff32c5f0ef35dbcc64223ec48bea99c1052dfe689bfb39499547
http://185.156.72.2/files/5675500188/lIYv4it.exe	5bbdaeffbd8ae20418fba98c976546f53af8ee56fd36e452ee7b787a8363e2b7
http://185.156.72.2/files/5675500188/dutIbNV.exe	c01b2a6d818eb13727f56b003f3f42cc6495256a8850e32a5590a7a96261b69e
http://185.156.72.2/files/5795480469/A2vn0Mb.exe	0c181b7d7e866be58430f2b4ea0b8822bd1c1a5c64e63815ae9b8531134f42b4
http://185.156.72.2/files/6723359323/FxefytI.exe	2fb4eb0304ef4de81d8cd1d9beb301f83a4190eb30924ad38e526160cb852d6a
http://185.156.72.2/files/5373782173/kcOE8k8.exe	72387970568c1851c69084ec5a8b20816cd74e9bedcc269b065bff6cffc497ea
http://185.156.72.2/files/7970347270/e18ROnk.exe	72387970568c1851c69084ec5a8b20816cd74e9bedcc269b065bff6cffc497ea
http://77.83.207.69/test/amnew.exe	561f76bf2cd6cb4ac9d5dbb7232e699c16f79e63a0858e0672d619423ac22c52
http://185.156.72.2/files/unique2/random.exe	4a991d77afd122cbfedc7d61f0edf90f2907640a25c17fa4b9390e64a926e704
http://185.156.72.2/files/unique1/random.exe	a6e46cc6ea6bb54c37b6846e77047932bc3c871d7363a9114a916eb44702a039
http://185.156.72.2/luma/random.exe	7e268bf5ccd71be30eea4258e54cd291f4e0191fa6eb6b28825ba71098abd486
http://185.156.72.2/off/random.exe	7603220bb8d1de4d8b2851fb753d35d9dba0ffeefe911a4ab2c08b9bd61ba096
http://185.156.72.2/well/random.exe	723a97a39bc5e5ed8a1c625beede8ca350e5447dd2771f5bbdbc278eff8d63a7
http://185.156.72.2/files/fate/random.exe	995acf8dfee5d50968d18bf3d069b0647dd37ba471593a78d3fd2d95692b36a3
https://github.com/legendary99999/gvdsgvdfvdfv/releases/download/fsdavdafvafv/legedddd.exe	9482ee7226d9b64d474c18fce49dd65ad1f446da97aa3280ab6b3bf353e47fce
https://github.com/legendary99999/bvfdvdfsvdsf/releases/download/sdvadfsvadf/cron.exe	a1ff13b119e6128b3ea517a2e6c669959477e34c84f4523fa70c57cab372408d
https://github.com/legendary99999/fdsgsdgaafg/releases/download/sdfbsdgbfadbda/alex12312321312.exe	4f27e0b1c92f3a1b99b2c5a4bb266bfe3ca3b25f68432adf4376bc6623cd54d3
https://github.com/legendary99999/dsafgasfasf/releases/download/adfbadfbadfb/oldsfsdf.exe	8082929d2515a9d912ac14d5d59cd6f44b4796d94e37561d51f75a1fbce79441

Related external source

https://urlhaus.abuse.ch/url/3542097/
https://app.any.run/tasks/f427a757-7d57-40be-875b-9e7393f488e8
https://tria.ge/250519-aer1wszry3/behavioral1
https://tria.ge/250517-dqlj2afm6x/behavioral1
https://any.run/report/446b2602121cce17c0894e40c768918102d347e1a166e40909d4947be3ef3e81/f427a757-7d57-40be-875b-9e7393f488e8

Screenshot

Click to expand