{
  "metadata": {
    "generator": "Bulwark Black IOC Extractor",
    "source": "https://bulwarkblack.com/xworm-rat-campaign-exploits-cve-2018-0802-in-multi-language-phishing-attacks-using-fileless-injection/",
    "fang": "live",
    "exported_at": "2026-07-15T22:58:21Z",
    "total": 25,
    "categories": 6
  },
  "iocs": {
    "Domains": [
      "berlin101.com",
      "cloudinary.com",
      "pub-3bc1de741f8149f49bdbafa703067f24.r2.dev",
      "r2.dev",
      "res.cloudinary.com",
      "retrodayaengineering.icu"
    ],
    "URLs": [
      "berlin101.com",
      "http://pub-3bc1de741f8149f49bdbafa703067f24.r2.dev/wwa.txt",
      "https://pub-3bc1de741f8149f49bdbafa703067f24.r2.dev/wwa.txt",
      "https://res.cloudinary.com/dbjtzqp4q/image/upload/v1767455040/",
      "https://res.cloudinary.com/dbjtzqp4q/image/upload/v1767455040/optimized_MSI_lpsd9p.jpg",
      "https://retrodayaengineering.icu/HGG.hta",
      "pub-3bc1de741f8149f49bdbafa703067f24.r2.dev/wwa.txt",
      "res.cloudinary.com/dbjtzqp4q/image/upload/v1767455040/",
      "res.cloudinary.com/dbjtzqp4q/image/upload/v1767455040/optimized_MSI_lpsd9p.jpg",
      "retrodayaengineering.icu/HGG.hta"
    ],
    "md5": [
      "3bc1de741f8149f49bdbafa703067f24"
    ],
    "sha256": [
      "3F4C3C16F63FB90D1FD64B031D8A9803035F3CB18332E198850896881FB42FE5",
      "8665BC1B33CBE6F5859CD6E362AF77738BA73A6E6D4B9974C16C8521D84C1892",
      "EACD8E95EAD3FFE2C225768EF6F85672C4BFDF61655ED697B97F598203EF2CF6",
      "EE663D016894D44C69B1FDC9D2A5BE02F028A56FC22B694FF7C1DACB2BBBCC6D",
      "FD9BA9E6BD4886EDC1123D4074D0EAC363DF61162364530B1303390AA621140B"
    ],
    "CVEs": [
      "CVE-2017-11882",
      "CVE-2018-0802"
    ],
    "Bitcoin Addresses": [
      "3bc1de741f8149f49bdbafa703067f24"
    ]
  }
}