IoCs (Indicators of Compromise) for the Coruna iOS iPhone Web Malware Client Side Exploits Serving Web Malware Exploitation Kit
嗯,用户让我帮忙总结一下这篇文章的内容,控制在100个字以内,而且不需要用“文章内容总结”之类的开头。首先,我需要仔细阅读用户提供的文章内容。 看起来这篇文章主要讨论的是一个针对iOS设备的恶意软件活动,特别是Corona iOS客户端的漏洞。文章里提到了很多MD5、SHA-1和SHA-256的哈希值,这些应该是用来识别恶意软件样本的。此外,还有大量的域名和URL链接,这些域名似乎在传播恶意软件。 用户可能是一位安全研究人员或者IT专业人士,他们需要快速了解这篇文章的核心内容。因此,总结的时候要突出关键点:恶意软件活动、iOS漏洞、相关哈希值和域名。同时,要确保语言简洁明了,不超过100个字。 我应该避免使用技术术语过多,但又要准确传达信息。比如,“详细分析”可以概括整个研究过程,“相关哈希值”则涵盖了文章中提到的各种加密哈希。最后,“多个域名传播”说明了攻击者的基础设施情况。 综合考虑后,我会把重点放在活动类型、受影响的系统、技术细节以及传播方式上,这样用户就能迅速抓住文章的主要内容。 </think> 该文章详细分析了近期公开的Corona iOS客户端漏洞及其相关网络钓鱼活动,涉及多个JavaScript恶意负载的哈希值和用于传播恶意软件的活跃域名及URL链接。 2026-3-13 11:4:0 Author: ddanchev.blogspot.com(查看原文) 阅读量:3 收藏

Dear blog readers,

I recently took the time and effort and do some research on the recently made public Coruna iOS iPhone client-side exploits serving web malware exploitation kits.

Here are the details.

Related MD5s for the javascript detected payload:

MD5: 762045d2fb8cf416129ffce6d02decc3
SHA-1: 7c85d1644804f5a3695e5db537cb2afca7665d9c
SHA-256: 52c510ecc3eed32f6f35c699474cb719c90482a2a4b37169cc478d2dbc0b8c89 

MD5: 402b7b34d8cb4ecc108a55e0a628accb
SHA-1: 0517b6fb594211cec82cc91f5ac9da1e154667cb
SHA-256: ea01377836441013d22112f4e5a7139c5ed0ebcf942d0836b9c088413e25692f 

MD5: d653c71ab2dba80a4a002d337603c5ec
SHA-1: 9b62b3c1f26f6fb056be90b1c9fd4ffcbea22bbd
SHA-256: 01d6e008795b73a29359f92856bfeafef8210711c8a95f1cd2ab257f0a7492ba 

MD5: d653c71ab2dba80a4a002d337603c5ec
SHA-1: 9b62b3c1f26f6fb056be90b1c9fd4ffcbea22bbd
SHA-256: 01d6e008795b73a29359f92856bfeafef8210711c8a95f1cd2ab257f0a7492ba 

MD5: 65df0396d5aabecdc3338ffb82896ce9
SHA-1: 089984a87eabdbe01d62fd21f5a3d60a5a2633aa
SHA-256: c167b5f5e150f0ba855c038b4cf0dc7084c77ae2a70ba6248762e11f272c2ec1 

MD5: 3839667917c078cd591a0396470df16e
SHA-1: 695168fe5ab38d5ffc759e07a3d8e5e777d107c7
SHA-256: 8ac1175307ec784f367a0b21cd474c3bfc97d7b238ac4300ac5766ef45e63abb

Currently active domains serving these:

hxxp://b27.icu/055c5ab6028f7c0a3f8970975c332fe4417b054c.js
hxxp://b27.icu/25bb1b38371a67e977ed534d251d95b6f07aff90.js
hxxp://b27.icu/2839f4ff4e23733e6ba132e639ce96d36d23c6b6.js
hxxp://b27.icu/2cea19382f2b211e8caf609bc0bacc98f2557543.js
hxxp://b27.icu/5aed00feae0b817db276377c1306e5fcae67cb95.js
hxxp://b27.icu/7994d095b1a601253c206c45c120a80c4c0f3736.js
hxxp://b27.icu/8d646979cf7f3e5e33a85024b6cf2bc81a6c5812.js
hxxp://b27.icu/9e7e6ec78463c5e6bdee39e9f3f33d6fa296ea72.js
hxxp://b27.icu/b903659316e881e624062869c4cf4066d7886c28.js
hxxp://b27.icu/d715f1db179d73edcc180a8e376b3c17a09e389a.js
hxxp://b27.icu/d9a260b1c2f63ab5e5aac4261d8a0be5a8b64da0.js
hxxp://b27.icu/ee164f985cd9a7786dad6ca922b2de314dde9231.js
hxxp://b27.icu/feeee5ddaf2659ba86423519b13de879f59b326d.js

Related domains known to have been involved in the campaign include:

hxxp://game.7p.game
hxxp://4kgame.us

The complete set of domains serving these:

hxxp://taisunwin.ac
hxxp://sbet.ac
hxxp://i9-bet.ac
hxxp://gunbet.ac
hxxp://gemwin.ac
hxxp://gem88.ac
hxxp://bet247.ac
hxxp://tubeluck.com
hxxp://appstoreconn.com
hxxp://sj9ioz3a7y89cy7.xyz
hxxp://3v5w1km5gv.xyz
hxxp://fxrhcnfwxes90q.xyz
hxxp://dd9l7e6ghme8pbk.xyz
hxxp://lddx3z2d72aa8i6.xyz
hxxp://dbgopaxl.com
hxxp://land.777bingos.xyz
hxxp://land.bingo777.now
hxxp://land.77bingos.com
hxxp://kanav.blog
hxxp://goanalytics.xyz
hxxp://cy8.top
hxxp://26a.online
hxxp://7ff.online
hxxp://98a.online
hxxp://n49.top
hxxp://7uspin.us
hxxp://4kgame.us
hxxp://seven7.to
hxxp://seven7.vip
hxxp://spin7.icu
hxxp://h4k.icu
hxxp://4u.game
hxxp://7p.game
hxxp://b27.icu
hxxp://binancealliancesintro.com
hxxp://goodcryptocurrency.top
hxxp://pepeairdrop01.com
hxxp://ai-scorepredict.com
hxxp://cdn.uacounter.com
hxxp://m.pc6.com
hxxp://ddus17.com
hxxp://osec2.668ddf.cc
hxxp://ios.teegrom.top
hxxp://i.binaner.com
hxxp://ajskbnrs.xn--jor0b302fdhgwnccw8g.com
hxxp://65sse.668ddf.cc
hxxp://sadjd.mijieqi.cn
hxxp://mkkku.com
hxxp://w2a315.tubeluck.com
hxxp://ose.668ddf.cc
hxxp://cryptocurrencyworld.top
hxxp://iphonex.mjdqw.cn
hxxp://share.4u.game
hxxp://bestcryptocurrency.top
hxxp://so5083.tubeluck.com
hxxp://y4w.icu
hxxp://share.7p.game
hxxp://appstoreconn.com
hxxp://k96.icu
hxxp://7fun.icu
hxxp://t7c.icu
hxxp://anygg.liquorfight.com
hxxp://btrank.top
hxxp://res54allb.xn--xkrsa0078bd6d.com
hxxp://vvri8ocl4t3k8n6.xyz
hxxp://rlau616jc7a7f7i.xyz
hxxp://ol67el6pxg03ad7.xyz
hxxp://6zvjeulzaw5c0mv.xyz
hxxp://ztvnhmhm4zj95w3.xyz
hxxp://v2gmupm7o4zihc3.xyz
hxxp://pen0axt0u476duw.xyz
hxxp://hfteigt3kt0sf3z.xyz
hxxp://xfal48cf0ies7ew.xyz
hxxp://yvgy29glwf72qnl.xyz
hxxp://lk4x6x2ejxaw2br.xyz
hxxp://2s3b3rknfqtwwpo.xyz
hxxp://xjslbdt9jdijn15.xyz
hxxp://hui4tbh9uv9x4yi.xyz
hxxp://xittgveqaufogve.xyz
hxxp://xmmfrkq9oat1daq.xyz
hxxp://lsnngjyu9x6vcg0.xyz
hxxp://gdvynopz3pa0tik.xyz
hxxp://o08h5rhu2lu1x0q.xyz
hxxp://zcjdlb5ubkhy41u.xyz
hxxp://8fn4957c5g986jp.xyz
hxxp://uawwydy3qas6ykv.xyz
hxxp://sf2bisx5nhdkygn3l.xyz
hxxp://roy2tlop2u.xyz
hxxp://gqjs3ra34lyuvzb.xyz
hxxp://eg2bjo5x5r8yjb5.xyz
hxxp://b38w09ecdejfqsf.xyz

The actual client-side exploits serving URLs:

hxxp://cdn.uacounter.com/stat.html
hxxp://ai-scorepredict.com/static/analytics.html
hxxp://m.pc6.com/test/tuiliu/group.html
hxxp://ddus17.com/tuiliu/group.html
hxxp://goodcryptocurrency.top/details/group.html
hxxp://pepeairdrop01.com/static/analytics.html
hxxp://osec2.668ddf.cc/tuiliu/group.html
hxxp://ios.teegrom.top/tuiliu/group.html
hxxp://i.binaner.com/group.html
hxxp://ajskbnrs.xn--jor0b302fdhgwnccw8g.com/gogo/list.html
hxxp://sj9ioz3a7y89cy7.xyz/list.html
hxxp://65sse.668ddf.cc/tuiliu/group.html
hxxp://sadjd.mijieqi.cn/group.html
hxxp://mkkku.com/static/analytics.html
hxxp://dbgopaxl.com/static/goindex/tuiliu/group.html
hxxp://w2a315.tubeluck.com/static/goindex/tuiliu/group.html
hxxp://ose.668ddf.cc/tuiliu/group.html
hxxp://cryptocurrencyworld.top/details/group.html
hxxp://iphonex.mjdqw.cn/tuiliu/group.html
hxxp://share.4u.game/group.html
hxxp://26a.online/group.html
hxxp://binancealliancesintro.com/group.html
hxxp://4u.game/group.html
hxxp://bestcryptocurrency.top/details/group.html
hxxp://b27.icu/group.html
hxxp://h4k.icu/group.html
hxxp://so5083.tubeluck.com/static/goindex/group.html
hxxp://seven7.vip/group.html
hxxp://y4w.icu/group.html
hxxp://7ff.online/group.html
hxxp://cy8.top/group.html
hxxp://7uspin.us/group.html
hxxp://seven7.to/group.html
hxxp://4kgame.us/group.html
hxxp://share.7p.game/group.html
hxxp://appstoreconn.com/xmweb/group.html
hxxp://k96.icu/group.html
hxxp://7fun.icu/group.html
hxxp://n49.top/group.html
hxxp://98a.online/group.html
hxxp://spin7.icu/group.html
hxxp://t7c.icu/group.html
hxxp://7p.game/group.html
hxxp://lddx3z2d72aa8i6.xyz/group.html
hxxp://anygg.liquorfight.com/88k4ez/group.html
hxxp://goanalytics.xyz/88k4ez/group.html
hxxp://land.77bingos.com/88k4ez/group.html
hxxp://land.bingo777.now/88k4ez/group.html
hxxp://land.777bingos.xyz/88k4ez/group.html
hxxp://btrank.top/tuiliu/group.html
hxxp://dd9l7e6ghme8pbk.xyz/group.html
hxxp://res54allb.xn--xkrsa0078bd6d.com/group.html
hxxp://fxrhcnfwxes90q.xyz/group.html
hxxp://kanav.blog/group.html
hxxp://3v5w1km5gv.xyz/group.html 


文章来源: https://ddanchev.blogspot.com/2026/03/iocs-indicators-of-compromise-for.html
如有侵权请联系:admin#unsafe.sh