What SOCs Need to Know About Water Dybbuk, A BEC Actor Using Criminal Open-Source Toolkits
--------------------------------------------------------------------------------------------

SHA256	
									Detection name
0a675c12abfbbf4b52f8107984b71a086d9be7cb7f2a49e5519a7551d64921a9	Trojan.JS.DYBBUK.SMG
dd3ad3c70c541b3d6a9605a133bdab94131e2e6d45544cb963e326ea5ad75ed4	Trojan.JS.DYBBUK.SMG
d5bd8eaab6f30df025e316737a66dd38345059bfdb52e90dd51fd9ed68ff271c	Trojan.JS.DYBBUK.SMG
4d10145fa799faefd4dc158b2341c32263f2c6b40a06b728007d487bb890cd5d	Trojan.JS.DYBBUK.SMG
5b1b94228cf9865379f5870382d9a0d184e9e7399da1328c62880efbeb90e412	Trojan.JS.DYBBUK.SMG
99c2fb920882d220fe3d025f58fc802bdd5d9c43b678d780399d2f6e122eae3d	Trojan.JS.DYBBUK.SMG
9dccc64bb5e446e462a3fae06b02fcef5b56614bd6cf6509ed1061ca7a532dd8	Trojan.JS.DYBBUK.SMG
1a6c6fa7cd638efab21e4157fe7619aab638766b0015e1c89dfda0792c1e979d	Trojan.JS.DYBBUK.SMG
538ee877eec06d52004a0ec3295ec276e46d7a5f195323d1d4140e66fbe2489b	Trojan.JS.DYBBUK.SMG
522f4fc4c44740682a497b1f1247f117a7b9371f56c3cbf2901ce37791fc983e	Trojan.JS.DYBBUK.SMG
99166815befe8c801881fc94e294672cd176f7314b854276453e14a9f5c9464f	Trojan.JS.DYBBUK.SMG
6ffa1f793b508b7943418baeea16cef880f4509301857657c20c7b18bd42777f	Trojan.JS.DYBBUK.SMG
989c920295e820ac73ff86f47f01cb85d4367ed2d665f77595a80243312114a1	Trojan.JS.DYBBUK.SMG
--------------------------------------------------------------------------------------------

URLs

agrexlnc.com
redirectorfile.azurewebsites.net
authentificationservicetoken.azurewebsites.net
eddingtonmaine.gov
amarugujarat.com
ccts-jinkkingdatasets.gq
quotaupgradededicated.com
ccts-jinkkingdatasets.cf
dentzelofficefilenow.com
redglightks.org
gotrights.de
diabetesandlifecare.com
3dsolutlon.com
invoiceauthenticatitionvalidatysession.live
saferboxissueresolver.com
inv[.]remitance-outbound.org
edgememblognservc.com
memblognservcinsight.com
loginonlineout.com
738267872.azurefd.net
quotaupgradededicated.com
--------------------------------------------------------------------------------------------

Paths

/image/Doc.php?inf=[user-agent]&ip=[ip-address]
/image/Doc.php?send=
/image/Doc.php?dom=
/image/Doc.php?update
/Host/Doc.php?inf=[user-agent]&ip=[ip-address]
/Host/Doc.php?send=
/Host/Doc.php?dom=
/Host/Doc.php?update
/index.php?remote
/index.php?inf=[user-agent]&ip=[ip-address]
/index.php?send=
/index.php?dom=
/index.php?tele
/script/Docs.php?remote
/script/Docs.php?inf=[user-agent]&ip=[ip-address]
/script/Docs.php?send=
/script/Docs.php?dom=
/script/Docs.php?tele