Clone, Compile, Compromise: Water Curse’s Open-Source Malware Trap on GitHub 
Indicators of Compromise

SHA1						Detection
6b78948f441eee53f21791d4dd88dd4fdcd5f7e3	Trojan.PS1.SAKULOAD.AA
4c189405d684eb8e70b1848b356967e783b9c543	Trojan.PS1.BOXTER.SAK
5cd53d94caf0e811b82bad958b34322eb082567f	Trojan.MSIL.SAKURAT.AA.comp
e1a02b787597a844b82a73c2488000088d0533b4	TrojanSpy.Win32.DOENERIUM.AA
ad25ee224973140d41c6ecf1c1500d4efeb0b324	Trojan.PS1.NULLMOVER.SAK
27c4161777ba005166156de311ba58de49eac874	Trojan.MSIL.SAKULOAD.AA
435e74551890b8c70c4b09446ec6ce0a932763f5	Trojan.Win32.KEPAVLL.VSNW07E25
4c391ebeff4cdfbc87ca83772a535d4386e5a5b2	Trojan.Win64.INFOSTEAL.E
585b76875aad1c99d3e06c29ad46b3adeb45639d	Trojan.Win32.FRS.VSNW07E25
fdb9fc2de72be71084cc60508d00bedbf9337172	Trojan.PS1.DISABLER.C
60bdf425bd22c34bad7d5663db31d2107153f729	Trojan.BAT.DULLDROP.EF25
68911ad6696cfdb15c967a82c2d8aab1be634659	HackTool.PS1.DULL.EF25
d94f476b2aceaf4e83197475280f89ecbe3b8d35	Backdoor.JS.DULLRAT.EF25

URL/IP											Classification
46[.]101[.]236[.]176									C&C Server
hxxps://rlim[.]com/seraswodinsx/raw							Malware Accomplice
hxxps://pastebin[.]com/raw/LC0H4rhJ							Malware Accomplice
hxxps://pastejustit[.]com/raw/tfauzcl5xj						C&C Server
hxxps://github[.]com/unheard44/fluid_bean/releases/download/releases/SearchFilter[.]7z	Disease Vector
hxxps://popcorn-soft[.]glitch[.]me/popcornsoft[.]me					Malware Accomplice