James_inthe_boxFirst time seeing #expiro drop #originlogger:
https://app.any.run/tasks/3d2d1d8b-b635-40b3-8a45-5edcaf3872b0/
𝙽𝙴𝚃𝚁𝙴𝚂𝙴𝙲@james_inthe_box Thanks for sharing! Looks like it (OriginLogger?) is exfiltrating to:
🔥 cvgrf[.]biz
🔥 knjghuig[.]biz
🔥 npukfztj[.]biz
🔥 przvgke[.]biz
🔥 pywolwnvd[.]biz
🔥 ssbzmoy[.]biz
