Earth Bogle: Campaigns Target The Middle East With Geopolitical Lures CAB file-hosting URLs https://fv9-2.failiem.lv/f/nvge8wkk3 https://fv9-2.failiem.lv/down.php?i=nvge8wkk3 Stage 1 downloaders Recording voice Qatar - Turkey.vbs 2f1c9ae4477f2b990ec6d084cb00c791b4e33be4828bda947f6c600239a13d0a Trojan.PS1.POWLOAD.TIAOENS UAE Embassy to Israel - Documents 2022.vbs 6bd72e80361c1be1a3cbe79f26d34855a0fd6483784b0de5f30bf36b4536a9c1 Trojan.VBS.POWLOAD.AUFNWF Documents Libya Israel - 2023.vbs a531b9fdb6c216839451aae63cd2a13e552ac1960ae3f2e298a1c8fca54b96c3 Trojan.VBS.POWLOAD.AUFNWF Israel and the UAE 2022.vbs 9c2f26dcba299e0fadd6c400adc4cef030fb5b66c10cceccf2f99849871f5490 Trojan.VBS.POWLOAD.AUFNWF Libya recording voice - 2023.vbs d039aebefb27b463d620f462938ade04c0492f5274d0b28a44777e6de4c80673 Trojan.VBS.POWLOAD.AUFNWF Voice Libya recording Hafter - 2022.vbs 00d8ac438ea309ca28693b9760bf9c2a6dce079699c503f7d7ba749fdcb8f4c1 Trojan.VBS.POWLOAD.AUFNWF Voice of Israel and the UAE - 2022.vbs f17059c48b1f2a9f80eae8dca222d5753aa3d8d20a26bf67546a084ca79e108e Trojan.VBS.POWLOAD.AUFNWF Qatar and Libya documents 2022.vbs 74aad1d1c94d222b5ab92efd6c7aaf1b40c3246a44917a51d6bf6f45d6f9a65b Trojan.VBS.POWLOAD.AUFNWF List of names Qatar 2022.vbs 4888c4fe2e334dcb358ca810229f1d0699c792cf8b6fbf2e1b48a66f7b2d695c Trojan.VBS.POWLOAD.AUFNWF gJhkEJvwBCHe.vbs_ 353e4e1f3e4002e3d4264ac3ede26991cf5dcbe24774e9c1eb6e2a6e2d730778 Trojan.VBS.POWLOAD.AUFNWF Audio recording of Libya and the Emirates.vbs 6560ef1253f239a398cc5ab237271bddd35b4aa18078ad253fd7964e154a2580 Trojan.PS1.POWLOAD.TIAOENS Stage 2 droppers 5555555555555555555(OUT).jpg 9bb8f517fd031f9c839cd54d8b6c04fb51768d778e0f640619b019d3ba1f7f55 Trojan.PS1.POWLOAD.TIAOENS DFvKKnFBvI_HEX.jpg 78ac9da347d13a9cf07d661cdcd10cb2ca1b11198e4618eb263aec84be32e9c8 Trojan.PS1.POWEXEC.K FdysGNjmSf_DEC.jpg 67c4f872bff257417a98a8bb75ac110d3ca5c7d5584f2de3c5a2337d2a948710 Trojan.PS1.POWEXEC.K c03299acd37ab7c15f0d949d15f38cceacbfa817106382616e6d4064a2315942 Trojan.PS1.POWEXEC.K 10.jgp 60eeb78b09fc7fe64dde782609edc2ab4eb6daff3df1db88b054932f417e5b45 Trojan.PS1.POWLOAD.TIAOENS rYFFCeKHlIT.bat_ 8ecc313c38eae8fa61c67bbe37532022b6deff76ae857961fc594190cff2f7a7 Trojan.BAT.POWEXEC.AR Stage 2 dropper hosting URLs https://gpla.gov.ly/out/5555555555555555555(OUT).jpg https://gpla.gov.ly/4444488888/DFvKKnFBvI_HEX.jpg https://www.gpla.gov.ly/news/ETErpTJVDq_DEC.jpg https://gpla.gov.ly/333333/cEsITGEhOH_aaaaaa.jpg https://www.shorturl.at/fkvxD https://cdn.discordapp.com/attachments/1003201277469138987/1003219218424135680/456456465.jpg https://onedrive.live.com/download?cid=FFEE38EB861E9448&resid=FFEE38EB861E9448%211405&authkey=AOJ0s9tYFj7d0kg Process injector payload1.exe_ be979023ad6ab5427be284eac89929a9ce1d2fb83d6e28f7ce1748a4f3756e49 Backdoor.Win32.BLADABINDI.POWRHV.dam NjRAT payloads payload2.exe_ 4c24d601bda43317eded06b0aad61fb6734e760048193779006a1030d39f5a4a Backdoor.Win32.BLADABINDI.POWRHV payload2.exe_ af1f23e8fbe2c39e30644bb6715dd272c4b237974124f4425ab4d90fb7b4c087 Backdoor.Win32.BLADABINDI.POWRHV NjRAT command and control (C&C) domain 2525.libya2020.com.ly