Payload downloads
gateway.storjshare.io
link.storjshare.io

C2 comms
209.250.255.169

First stage payload
5ee2120821e570760cfb22b8b1d3329407807c14d31c0667f47f36d5d11b0111
d234bb81737612a4f9d18d47992412e84bbfb7f75de2c7c83e850c16b88f6fff

Emerging Threats network signatures
ET INFO File Sharing Service Domain in DNS Lookup (link .storjshare .io)
ET INFO Observed File Sharing Service Domain (link .storjshare .io in TLS SNI)
ET INFO Commonly Actor Abused Online Service Domain (storjshare .io)
ET INFO Observed Commonly Actor Abused Online Service Domain (storjshare .io in TLS SNI)
Network traffic tells — C2 comms
http://x.x.x.x/get_updates
http://x.x.x.x/send_message
http://x.x.x.x/send_status

Additional Handala activity IOCs
First stage payload
6cc5b94b93bc91eb34447322cfc9b4b1cfbc1b201788acf68a0a53ce3cb091ab
c42cc664d738825c4d144d9f273c99f42065e1cb25fb13ce504bab2c4d06922d

C2 comms
80.240.30.16
176.10.125.107

- AI Assistant - ChatGPT and Gemini for Chrome
- Bard AI Chat Extension
- GPT 4 Summary with OpenAI
- Search Copilot AI Assistant for Chrome
- TinaMInd AI Assistant
- Wayin AI
- VPNCity
- Internxt VPN
- Vindoz Flex Video Recorder
- VidHelper Video Downloader
- Bookmark Favicon Changer
- Castorus
- Uvoice
- Reader Mode
- Parrot Talks
- Primus