| Sample Hash | STIX JSON IOC Download | IOCs |
|---|---|---|
| 6542ce453a8d0e9d40f30b088e93048ebb64ebf2f6279df552b9f818a6145e82 | https://www.vmray.com/analyses/_vt/6542ce453a8d/report/stix-report-2-1.json | 193[.]233[.]132[.]253 |
| 6b6f0dee91b3d6a228c3ea8caae4db07c963d9991571339c238f5c735a33038e | https://www.vmray.com/analyses/_vt/6b6f0dee91b3/report/stix-report-2-1.json | 147[.]45[.]47[.]93 |
| 9b7fc99774c864589fa2ed6a5c92cd0821a1f09611d5b34c37f715c68f70f1f3 | https://www.vmray.com/analyses/_vt/9b7fc99774c8/report/stix-report-2-1.json | 147[.]45[.]47[.]93 |
| fd13d7cf78df7c365f1780276669ab4cc6cbad531f9cdc60d1dcb4e9eec70801 | https://www.vmray.com/analyses/_vt/fd13d7cf78df/report/stix-report-2-1.json | 193[.]233[.]132[.]74 |
| dd78b392705ccde6829aaa6e5a9bd81a33343f2ba1aa8a45b8fe20cb8355ce34 | https://www.vmray.com/analyses/_vt/dd78b392705c/report/stix-report-2-1.json | 147[.]45[.]47[.]93 |
| 3dacf68502040ee5c167808d7814ed248cd71f4cfd3c025441747eb847555ae4 | https://www.vmray.com/analyses/_vt/3dacf6850204/report/stix-report-2-1.json | 193[.]233[.]132[.]216 |
| 193[.]233[.]132[.]74 | ||
| 66e792786a978b4b4edcc5990cc2ce8d107976145acd5dc053649a4f8d6b7347 | https://www.vmray.com/analyses/_vt/66e792786a97/report/artifacts/stix-report-2-0-iocs.json | 193[.]233[.]132[.]167 /cost/lenin.exe |
| 193[.]233[.]132[.]62:57893 /hera/amadka.exe | ||
| 193[.]233[.]132[.]167 /cost/go.exe | ||
| 193[.]233[.]132[.]56 /Pneh2sXQk0/index.php | ||
| 193[.]233[.]132[.]62 | ||
| 30e5b1065e0d70d2854a6f8a256d6fdad7a0b83d208a772d292f741978683fda | https://www.vmray.com/analyses/_vt/30e5b1065e0d/report/stix-report-2-1.json | 147[.]45[.]47[.]93 |
| 5d11d3500b6c0a448601c3c93ed548120d2e24be4d7985b27c092a1d22031dba | https://www.vmray.com/analyses/_vt/5d11d3500b6c/report/stix-report-2-1.json | agtrainingcentres[.]com /clip[.]exe |
| e3cf477f81b92aadec14dcee22db7f41c74fbcdddae110da05e3695e294a7ea7 | https://www.vmray.com/analyses/_vt/e3cf477f81b9/report/stix-report-2-1.json | 5[.]42[.]96[.]55 /lumma0805[.]exe |
| 5[.]42[.]96[.]55 | ||
| b4980cf355475d0879d2bac69fe4aacf7176c404da18ed6457756860428f406c | https://www.vmray.com/analyses/_vt/b4980cf35547/report/stix-report-2-1.json | 147[.]45[.]47[.]102 |
| 147[.]45[.]47[.]93 | ||
| b662fc479161e92aee6749fa4deb969c12a43eb4b34e913d1340671eba98b64c | https://www.vmray.com/analyses/_vt/b662fc479161/report/stix-report-2-1.json | 147[.]45[.]47[.]126 |
| 5[.]42[.]96[.]141 /go34ko8/index[.]php | ||
| 5[.]42[.]96[.]7 /cost/sarra[.]exe | ||
| 5[.]42[.]96[.]7 /mine/amers[.]exe | ||
| 5[.]42[.]96[.]7 /cost/random[.]exe | ||
| 5[.]42[.]96[.]7 /cost/go[.]exe | ||
| 70a0f8fd6eed4c25d8ffa4117f8b14bc289a18add0a6269e3eb698097085dce7 | https://www.vmray.com/analyses/_vt/70a0f8fd6eed/report/stix-report-2-1.json | 5[.]42[.]66[.]10 /download/th /Retailer_prog.exe |
| 5[.]42[.]96[.]55 /lumma0805[.]exe | ||
| 5[.]42[.]66[.]10 | ||
| 5[.]42[.]96[.]55 | ||
| 5[.]42[.]96[.]54 | ||
| sofaprivateawarderysj[.] shop/api | ||
| d10731ed80960b2fae5f0b589130e5b2f3c3f6c4e0cec16e68b361d6686334e8 | https://www.vmray.com/analyses/_vt/d10731ed8096/report/stix-report-2-1.json | 5[.]42[.]96[.]55 /lumma0805[.]exe |
| 7b9765aa1888bef1c9d1948b1fbe216eda07f0adb648f74b671d47b07aab39ab | https://www.vmray.com/analyses/_vt/7b9765aa1888/report/stix-report-2-1.json | easy2buy[.]ae |
| 193[.]233[.]132[.]47 |
RisePro stealer malware is evolving rapidly, adopting new techniques to evade detection and even mimicking Amadey samples. We've updated our YARA rule to stay ahead of these changes, ensuring accurate detection of the latest RisePro variants within the VMRay Platform.
