add iocs for tradingview campaign delivering smokeloader and arkeistealer

ThreatLabz · ThreatLabz · commit 8888f4efc81a · 2022-12-22T11:18:04.000-08:00
diff --git a/smokeloader_tradingview_campaign/c2s.txt b/smokeloader_tradingview_campaign/c2s.txt
@@ -0,0 +1,13 @@
+# SmokeLoader C2
+85.208.136[.]162
+
+# ArkeiStealer download URL 
+212[.]8[.]246[.]70/builds/still[.]exe
+212[.]8[.]246[.]70/builds/installer[.]exe
+212[.]8[.]246[.]70/builds/bot[.]exe
+
+# Fake TradingView download URL
+hxxps://tradingview[.]business/download.php
+
+# Fake TradingView Application Distribution Domain
+sxvlww.am.files.1drv.com
diff --git a/smokeloader_tradingview_campaign/hashes.txt b/smokeloader_tradingview_campaign/hashes.txt
@@ -0,0 +1,8 @@
+# ArkeiStealer payload
+4d7f538bf21bf0c42fee87d28d3f3079
+55552ed60bddd332eee8a23f0494174f
+16857afad0b6c40469e5d9d9b63a2927
+0743250f8bb1a0baa01affcfd963d171
+
+# Fake TradingView Desktop Application
+fc99ea424df48f2b661219b71f33b979
