# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/VK_Intel/status/1268610373004845059
# Reference: https://twitter.com/malwrhunterteam/status/1268966003582566401
# Reference: https://www.virustotal.com/gui/file/91e18e5e048b39dfc8d250ae54471249d59c637e7a85981ab0c81cf5a4b8482d/detection
# Reference: https://twitter.com/abuse_ch/status/1269852916074110976
# Reference: https://twitter.com/ScumBots/status/1270904922909872128
# Reference: https://twitter.com/bryceabdo/status/1271498581271330821
# Reference: https://twitter.com/ScumBots/status/1266120897020248065
# Reference: https://twitter.com/VK_Intel/status/1273346999740481536
# Reference: https://twitter.com/cyber__sloth/status/1273990449796198407
# Reference: https://twitter.com/MBThreatIntel/status/1275106542795329536
# Reference: https://twitter.com/bryceabdo/status/1275153235620347904
# Reference: https://twitter.com/cyber__sloth/status/1278997323960352768
# Reference: https://twitter.com/VK_Intel/status/1279856863178379265
# Reference: https://twitter.com/bryceabdo/status/1280941877408215040
# Reference: https://twitter.com/Dan__Mayer/status/1281026825926275072
# Reference: https://twitter.com/bryceabdo/status/1281683188826476544
# Reference: https://twitter.com/sisoma2/status/1282347857752793088
# Reference: https://twitter.com/ScumBots/status/1284620297312899072
# Reference: https://twitter.com/VK_Intel/status/1285251276335394817
# Reference: https://twitter.com/malwrhunterteam/status/1288438777623588866
# Reference: https://twitter.com/bryceabdo/status/1288558940557660162
# Reference: https://twitter.com/VK_Intel/status/1290318472434593792
# Reference: https://twitter.com/abuse_ch/status/1290630827152482307
# Reference: https://twitter.com/bryceabdo/status/1290638836347867136
# Reference: https://twitter.com/d4rksystem/status/1292836072985186305
# Reference: https://twitter.com/d4rksystem/status/1293595428869623809
# Reference: https://twitter.com/d4rksystem/status/1294316886579204096
# Reference: https://twitter.com/d4rksystem/status/1295378909949829122
# Reference: https://twitter.com/bryceabdo/status/1295400365035323392
# Reference: https://twitter.com/bryceabdo/status/1295348221401849859
# Reference: https://twitter.com/malwrhunterteam/status/1296006838341730304
# Reference: https://twitter.com/malwrhunterteam/status/1296385118039408640
# Reference: https://twitter.com/SiberTurkce/status/1297314456779849732
# Reference: https://app.any.run/tasks/a7c92987-a473-4ff1-b372-1a77e9b9decf/
# Reference: https://app.any.run/tasks/27fbdbfb-e057-4a9e-9d4e-693b909aec0f/
# Reference: https://app.any.run/tasks/db7c3b9e-6358-494a-9cb4-245804c70472/
# Reference: https://bazaar.abuse.ch/sample/3e6c11f27c1309c63abe0a1563c6141ce7b8d8110419c572be46dcb3578db443/
# Reference: https://www.virustotal.com/gui/ip-address/47.98.172.161/relations
# Reference: https://www.virustotal.com/gui/ip-address/103.73.67.169/relations
# Reference: https://www.virustotal.com/gui/file/9127040d80ffbebb9955bcc555420a120ecf48414c6844dd4855f7af7cbf24c0/detection
# Reference: https://www.virustotal.com/gui/file/c786e4de11e64be8d4118cf8ba6b210e3396e3bb579f3afd4bf528c35bab4a6b/detection
# Reference: https://www.virustotal.com/gui/file/70eae6d411554b0587f9bc3e7e7cc753e81b8086310dc5fa8181c44632fe1ada/detection
# Reference: https://www.virustotal.com/gui/file/a0b8c7df99d8c8ee6488f091e3a85adc3cc9e9694600c5b44ff9a77f18440eb1/detection
# Reference: https://www.virustotal.com/gui/file/cfce56dad68d7f1c394ed90701eaf2ac0234eaa58666a95ab69f09b9d68e3166/detection
# Reference: https://www.virustotal.com/gui/file/bc7c981300bcc3e4d2a5bf466f0082abfb1cefea323398f611ca3bd3b2cd8847/detection
# Reference: https://www.virustotal.com/gui/file/201dceb5c7e8e54a72d9eb9247bcc9c6c1ce4bdc3c55409fb9a52d47b01799d2/detection
# Reference: https://www.virustotal.com/gui/file/1d08196ad8f4a2c207c229cb0305a1d1d7cd2e0c62672288e1a0339d50f7a12b/detection
# Reference: https://www.virustotal.com/gui/file/bb9b158dd736f0d79af54347b22d601488ee21fc5c4d1a5e4134ffd37210d9c4/detection
# Reference: https://www.virustotal.com/gui/file/b889c77d3c4d2d6b18e40d8464361aa4e9624fd81d7c7f96058c7a2a892a7f7c/detection
# Reference: https://www.virustotal.com/gui/file/2576b210dedb085df2fa992f7c1b5d4f1dce5dfb6ba0a27142a6d184d02f96c5/detection
# Reference: https://www.virustotal.com/gui/file/a5c6c0b4a5397d0796d79d215ebb3bcbe6421787ee27d088d9afdd2a41f85e28/detection
# Reference: https://www.virustotal.com/gui/file/c6276381af7a009277c8f4e19867fdbe65c7bbe25b5560961c72ece22075de6b/detection
# Reference: https://www.virustotal.com/gui/file/06086f2e9c847e2a677a4e02bfd61ee54bb24a1f6ccf06e70e391dca5cf3347e/detection
# Reference: https://www.virustotal.com/gui/file/b83cada9c2dcf4381ddad40b4e61fdb5b77d7b776712f623cae92a8e5e40dd9c/detection
# Reference: https://www.virustotal.com/gui/file/df8c266e39c85b35d7d7ba3165d9f224b6dce9fb9bb14657ff2872fc4e236efc/detection
# Reference: https://www.virustotal.com/gui/file/79222d38743b7d3e2f208fd3dd01bc8e4c8428a5c5df3608c2db94a2d82a4b74/detection
# Reference: https://www.virustotal.com/gui/file/9b820101221c735fdab1decf617d4a8c6bedba759d0821972f71eb2abd8fe1e7/detection
# Reference: https://www.virustotal.com/gui/file/1fddb3dd1c9691b5790370e92524a456634ea127af40a64e2a2656ed2f238077/detection
# Reference: https://www.virustotal.com/gui/file/de9fb5ae3fafcfdf1c471baae83928ab000801c5b4878717f54dabac35ba7528/detection
# Reference: https://www.virustotal.com/gui/file/75cc406dac68a06b89b86ea746fe0d947544b4e5b5b194f7aa754327a45127b9/detection
# Reference: https://www.virustotal.com/gui/file/2690860626a3b170c1ed972d3d0abb66908caf031d3a52e99334ac1ce559933b/detection
# Reference: https://www.virustotal.com/gui/file/c51c6261ec425453f9b1d2229266b6a6470faee26ba646438c4f2db3a3e40f81/detection
# Reference: https://www.virustotal.com/gui/file/ed19505af22c3c6457c6eaa7797442bfc4b2e7b033a0492ebbd0a31cdf295c6f/detection
# Reference: https://www.virustotal.com/gui/file/63a1a4b5ee7f06eac89b39ff826733d706b97635e45ed5a724f3d1e1857d4153/detection
# Reference: https://www.virustotal.com/gui/file/ba684857aec6b421eb7b5780e5b78df48efadfdbd913f3142bb70825e056ddcd/detection
# Reference: https://www.virustotal.com/gui/file/0aa01cb516c022547ce7034f1ca21e1134a5cf11c85a83c89e411edbf39f7188/detection
# Reference: https://www.virustotal.com/gui/file/217bb3510d12a0893c7d279f7729bed532682da2a6945e0d0531a2f4d296a5a8/detection
# Reference: https://www.virustotal.com/gui/file/b081d2983f3e2b4a12a5bb63c14c868098ac076114b2033ec57f75e61f0cbe0a/detection
# Reference: https://www.virustotal.com/gui/file/b97f7d0972ce0247068b3e26b7d5b72aab4b13515f7cce271b760d8f96c0b837/detection
# Reference: https://www.virustotal.com/gui/file/0790e138f23c1335d30fae4b1cd42937f6c43b1300b40bc02c15f48f48aac6d7/detection
# Reference: https://www.virustotal.com/gui/file/acc0b0822c145305a93e9d3647e689d21901e0e4f00cd1bbba243454f8dc7445/detection
# Reference: https://www.virustotal.com/gui/file/40f192e247c94a1628803d7f97f07be0c5518f377f2e57fb07246dfa2c1bfa8c/detection
# Reference: https://www.virustotal.com/gui/file/8ab748f1371df23572b12d26bf32d88e579be77bb730528396f0a4d53f2ea8db/detection
# Reference: https://www.virustotal.com/gui/file/3c598f856412b72ff1d50d39293b357e422699fe329e03bf3b1859f3e3bee3c8/detection
# Reference: https://www.virustotal.com/gui/file/81a62d5e8827a65466bbbea46d2c3a3597dae8458aa11eba0ca0e7102c06a2d3/detection
# Reference: https://www.virustotal.com/gui/file/70eae6d411554b0587f9bc3e7e7cc753e81b8086310dc5fa8181c44632fe1ada/detection
# Reference: https://www.virustotal.com/gui/file/74ba43e07c57b6aac5581e77f585c10d8707dc16a58a65fe27dc48ddcd05b149/detection
# Reference: https://www.virustotal.com/gui/file/d0e08274a178568977ec783eb99e82d80287e721bb67c9348af592067bb5ca04/detection
# Reference: https://www.virustotal.com/gui/file/7b1144668c6fd523ab7f421eb9f724cb8a1effc85fd2a0ca6386a3de7b8745fd/detection
# Reference: https://www.virustotal.com/gui/file/45b253db751c69bdc1d532167e482ef03f426d4dd06a513d342faf61e976f269/detection
# Reference: https://www.virustotal.com/gui/file/663a1620146702c3210eb0ce4389dc20b1ae1d952c9566b5778e20f360fe090b/detection
# Reference: https://www.virustotal.com/gui/file/a90bee1d485bcbf91f771a1b43f783d56048506c4fb2e93560ad1e84ab0f2a2e/detection
# Reference: https://www.virustotal.com/gui/file/59415cd23bfc12d279394e6b236334c176dc2b83444c7c16a387d40c026c3e58/detection
# Reference: https://www.virustotal.com/gui/file/1293f0c34a1c3c1cc381a748d577d0246a0e5347b4e4a585420702dcec2ea9ff/detection
# Reference: https://www.virustotal.com/gui/file/41128cccd33e0034c4cd7d780da576e8c1037da21348571b17d77aa2f77270f1/detection
# Reference: https://www.virustotal.com/gui/file/883c1f116448550be96f42cb3ff650d02770798ab382a1801e84028d986a41c2/detection
# Reference: https://www.virustotal.com/gui/file/af3c45f941a7c7fe4aa3fa19a0e73ccc021b997d3ec72a72ee30f892fdc28435/detection
# Reference: https://www.virustotal.com/gui/file/65748b58b0580782b6e8aac5ebb2f9842dc8ab1cacf4fb6a7c93e546dc806124/detection
# Reference: https://www.virustotal.com/gui/file/e571cd3a4c0744cb3c5443b868577adced331a7545fcb6e2ed0efbe7506a2f9b/detection
# Reference: https://www.virustotal.com/gui/file/1a9bbebde954b27cbf6006128e1a22bdfa81d4ea853ba99bab4ec3333ea0bb89/detection
# Reference: https://www.virustotal.com/gui/file/df3a63acc7b50b4f76d1c4a1f6b014512d64b9803a1c8c1e047e59142777c5a7/detection
# Reference: https://www.virustotal.com/gui/file/866b0d38c7e14bf17f049fb1543f518c891424c9b5aa6a67dd195230a1d6c063/detection
# Reference: https://www.virustotal.com/gui/file/7cba6b6c6be23da94ded1ce4bf3e4d8b246be0f2b680b7b376dc0c4e2fb1fdbc/detection
# Reference: https://www.virustotal.com/gui/file/241a1134ff620ebe2640a33a8aafd411c000b0a79774312a1697e47cb8d41bc4/detection
# Reference: https://www.virustotal.com/gui/file/ac4264160b365dbf7ae7d8fd794437408f7bee4ab5b43562a1ed4a777c721d60/detection
# Reference: https://www.virustotal.com/gui/file/e4ca37b939f9ca60aab3b68d49169ee93e46548b76dfb31eeb43d4161fd3dc1a/detection
# Reference: https://www.virustotal.com/gui/file/9b27a5018742f9fd6d6c1f94e56215b64eaf0b263e43b82feec02ceeab208398/detection
# Reference: https://www.virustotal.com/gui/file/6b07347f1041d1415d27d2b8e488861738ae492d91b3c20d3c63bf9aac24c618/detection
# Reference: https://www.virustotal.com/gui/file/6a7cc1605bd960679139025251b4d75178fa30caeb1968f744929c27f8030903/detection
# Reference: https://www.virustotal.com/gui/file/aaf496757bc935e63ee7b77a1b99ac62032a30255b38426915371620eb09c494/detection
# Reference: https://www.virustotal.com/gui/file/ec80dafae2b435962d141d4137ba9e9b84d36c5933828c490d113a88b9c4d2a5/detection
# Reference: https://www.virustotal.com/gui/file/3f6a83e5c484e9d495e3f29ffcedc2881690d54a7058e5c677e3feda66ed96fe/detection
# Reference: https://www.virustotal.com/gui/file/eb1d75f02e09b08c65e1541bddcd6888c334977bb1fb603fa45dcd1a836bb406/detection
# Reference: https://www.virustotal.com/gui/file/2610754a99eb906bc26243eff669ca156c0b0cfb56875fc93ec17a607c95cfb4/detection
# Reference: https://www.virustotal.com/gui/file/966c1e28256b05643504b99716bbeb200ec19a577018f81fa87afa25adf91349/detection
# Reference: https://www.virustotal.com/gui/file/8818926ece9a710a855fa177e1b99860da65b93ec9035d99f93a794885bbd569/detection
# Reference: https://www.virustotal.com/gui/file/ec06102bf93522b24afce8e7641a0182b4bf0c53861599f22b5ee257ad1ee2d8/detection
# Reference: https://www.virustotal.com/gui/file/06f5157afd7a7595fbe784a6e098a8286bf5f3cded51f4969b431066baa5c386/detection
# Reference: https://www.virustotal.com/gui/file/fa1621a1171424dfc1671013d1027817d6d8792c1709416754a37abc5ab057fc/detection
# Reference: https://www.virustotal.com/gui/file/5e627b14e776856c2904f622b43da929fbc41c1d0b753cd0f98913d8eeaf3544/detection
# Reference: https://www.virustotal.com/gui/file/b8c45daf9ab25efa15938474bfea3dc7265d6183a12c7dc15e0c4ba4c8fb5d32/detection
# Reference: https://www.virustotal.com/gui/file/8f881c41b67a4170458e00fb809aa70b654c2fa56492c0b307ae8f0f0e19c119/detection
# Reference: https://www.virustotal.com/gui/file/c626145b58a19a639b3250472fe72d8efdb6117b43618591292eb6a8216c2fea/detection
# Reference: https://www.virustotal.com/gui/file/037b31af7dd458885e26a667a51305ef1d927ee2f4edc30b88e40df07d688a35/detection
# Reference: https://www.virustotal.com/gui/file/ac01f66470b49d74801c7954fcef0f644e9560295c66f0ae10106d6b874e7344/detection
# Reference: https://www.virustotal.com/gui/file/32b8ffac3250444904e6af3fca1f6408e684f11ad59e6c46887cf44f5de19e6b/detection
# Reference: https://www.virustotal.com/gui/file/bd50fceeb89d220f6710030d3aacbc2427c5796d9b7f3dee8a362f4e7d4113ef/detection
# Reference: https://www.virustotal.com/gui/file/8c195ec63793d4d4927cb5e06cd2c5771cedab32baecd2097454e3709e2748cc/detection
# Reference: https://www.virustotal.com/gui/file/203f753b4e81e49247f62c3f59e6744e6b7b3b0a399ebe7118b0fcc23c6ebf22/detection
# Reference: https://www.virustotal.com/gui/file/af2bc53c341eaa7f66aeb3e4ebf060b686ea155c53dabde46b5be66cbd43d803/detection
# Reference: https://www.virustotal.com/gui/file/888750cee6858ec2c6131628caa562be26b1c65ecaeff4addcbf73a456c99517/detection
# Reference: https://www.virustotal.com/gui/file/46b3109edcdd1cde67200eb9e4ae5c2120837a07e891266a04dd033d49bea774/detection
# Reference: https://www.virustotal.com/gui/file/5cf1056b581d44583325bc9e76291201b265f8b9b4f429e75948e72fd3678e4f/detection
# Reference: https://www.virustotal.com/gui/file/a95bc01a29ac616addd8de1175cc7d9829d0df06057b88964be2962f5c93d887/detection
# Reference: https://www.virustotal.com/gui/file/b96adf2b963739440e30c50e52a07b37711356238a586f6f0267db7d722b44cf/detection
# Reference: https://www.virustotal.com/gui/file/d7ccd0d5372559401b658a95bff01ee87c971dd156ef214c69f664304228fae2/detection
# Reference: https://www.virustotal.com/gui/file/fd3131ed00a549e74a748e85b586ef78d07330fd4e1d365aacdc0b4b5f6f67cc/detection
# Reference: https://www.virustotal.com/gui/file/2f408250c933dcb7eda32d753f17dc431b46b449d6c7d7ca3025fbe380cfc2d1/detection
# Reference: https://www.virustotal.com/gui/file/a4d2e612e77dcc342b1f5d82d46171e2fcd30f4e4cc4d14c1333930fce062de5/detection
# Reference: https://www.virustotal.com/gui/file/17b47507c571fd0991f2470a90c89c381a40a13e6fcdb7fee9171ac854a60efc/detection
# Reference: https://www.virustotal.com/gui/file/342d1aa4c4802c86a8abd3e01954e08b07253b374bd63206ac0783fd3ac9d8e6/detection
# Reference: https://www.virustotal.com/gui/file/e0ee55e0cb93b6ee7c05d621203b02d80efa20b9f6e81f358b60fe46f3025814/detection
# Reference: https://www.virustotal.com/gui/file/25252261401920a07bf257a208446c78875bfffe2bd2f753235b11332f429e80/detection
# Reference: https://www.virustotal.com/gui/file/b2fed38cf0b3cc2b92b2b1dc193ea309c7ef9c90f0941171cdb61cbb7c4bd124/detection
# Reference: https://www.virustotal.com/gui/file/14e0f1b88468c759b17a973728c8c8da394d2624b4f9aa1e4ecbf80366a7a487/detection
# Reference: https://www.virustotal.com/gui/file/dba7ce026c226da8b54c9edf36d34fdf630e13c0319cca0f43661a686e702f07/detection
# Reference: https://www.virustotal.com/gui/file/cc8f59afac88e3d8b8805d3cccdf93711b371518cb20889b2f5d412845089030/detection
# Reference: https://www.virustotal.com/gui/file/b7ab50cc2d5573a205666be0b8a83523d614347673e58daf00ac9072beb9dca4/detection
# Reference: https://www.virustotal.com/gui/file/6d2af4341f956c200257535080a37b252dc910e0d52bc295e1a4803ee80c34af/detection
# Reference: https://www.virustotal.com/gui/file/6d2af4341f956c200257535080a37b252dc910e0d52bc295e1a4803ee80c34af/detection
# Reference: https://www.virustotal.com/gui/file/0562e5a3adee03b840bf767c48603aa807536181d8db2ec7681155038013d4bd/detection
# Reference: https://www.virustotal.com/gui/file/e99509ba8514cdbca496011cda5d7f32c9ec3452a4778ff0ec85ed11ebd73b1d/detection
# Reference: https://www.virustotal.com/gui/file/4d8232c8973ec2c528be5f380b9f027a7221023e2b2e774403a8839385b2e197/detection
# Reference: https://www.virustotal.com/gui/file/5130e07eda1bde32fcf52cbeeccfdfb376a452be17540ec66f05da7d9b808fcf/detection
# Reference: https://www.virustotal.com/gui/file/9485ba313d5141997bd094d278139303e1d59392a7c0b611efc5947eedb4abc6/detection
# Reference: https://www.virustotal.com/gui/file/0ceaf7d3a3b4e5d449ab2f60503b3ad2033ed7c136fa8f860548167abe8c9879/detection
# Reference: https://www.virustotal.com/gui/file/19f9ce568f425779bded9b58d132c8e2dac84f1337e278fc73aaed837fcf3be0/detection
# Reference: https://www.virustotal.com/gui/file/86ecb5b31182eb2fd094398cbc5a7f3d20aa6a661a733294009d14cd7ba19224/detection
# Reference: https://www.virustotal.com/gui/file/18e1faee8a479ff511cfe0ce6a49a1863f9123828aafc7a8f9bcc2b818f0c606/detection
# Reference: https://www.virustotal.com/gui/file/ae3ebebf3ff7d84f1371c5b3a81911c7e50acb4700ae41ab42b63a2de18f08b4/detection
# Reference: https://www.virustotal.com/gui/file/8f08b27ce2952751b62c818323535ed72fc2a0a5706ecccc1afc6e0024d5d59c/detection
# Reference: https://www.virustotal.com/gui/file/12278a4c7c9600fbe9e527388a4d96b5d29e110cf630d20ddc1efdb8f069b3c9/detection
# Reference: https://www.virustotal.com/gui/file/65b353273d5aa143b6ad5fc5ee4af51930ccef9ea96d07345a619f8950d1132d/detection
# Reference: https://www.virustotal.com/gui/file/178bba892544670c9b347112461fc5443e02bd5a7685c9c29a4218dcf64eb25c/detection
# Reference: https://www.virustotal.com/gui/file/723a84df66c3ee2f788acd1426e1a14176f1f27dba10cc842ba05acfb659615e/detection
# Reference: https://www.virustotal.com/gui/file/e05f6dab54210a041235191663afd7f296c4733e42d9f09b971a9861bf317df8/detection
# Reference: https://www.virustotal.com/gui/file/8f7b9a377a14260d8bdcc6e18e749013a0c2c09a60d46fa026d77f6d92b7b801/detection
# Reference: https://www.virustotal.com/gui/file/23b970bbb13046fc091e0f97417fbf6047279e05935ab29b2e0d6eaa16c4fbd3/detection
# Reference: https://www.virustotal.com/gui/file/e99cc027c77bed5c1414225e39093bde66c654a9adfcca9cb3ddafa266410aea/detection
# Reference: https://www.virustotal.com/gui/file/ce83f302a60301e222c23e67a7525106d610c6231c23d747ad4263669c1c88c7/detection
# Reference: https://www.virustotal.com/gui/file/925f678c8adafa7aeae7d0894ea871001ffabe237d6e6b5764eabb0c59c6f8d1/detection
# Reference: https://www.virustotal.com/gui/file/8255cac50835b7957f99c316b18db603429583e2c9f2fe605e5a4a9f19c6e9cb/detection
# Reference: https://www.virustotal.com/gui/file/e6454c8bb951808c4a233ab5f3d3e2967a5090f64b1797b6514f22dc4abf283a/detection
# Reference: https://www.virustotal.com/gui/file/e4f8ba6b534fe074a465bed485952ad9077ae9ec2559aa704da65a6848b926ef/detection
# Reference: https://www.virustotal.com/gui/file/26760ca79ec85b46777cda948a746134b8513692075fbc17db7a553b24fd3482/detection
# Reference: https://www.virustotal.com/gui/file/2c75fcb1983a87e786ec745a20df2f2e508c294da40e956e0c46786005120a6c/detection
# Reference: https://www.virustotal.com/gui/file/59aca50cb75bc0a04800fdaa9e55c259f08b07f5705783def02789c1cfe439d1/detection
# Reference: https://www.virustotal.com/gui/file/0bcb3e0d5496e7211313a35799aa38d4b571d316014ebd2242ca8d556f9d32a3/detection
# Reference: https://www.virustotal.com/gui/file/4c830a4247fc3203fbc7fde4ec81d002fd4899cac3e364a7cb30d15bf09c147e/detection
# Reference: https://www.virustotal.com/gui/file/0e7ca7211cdac296ed0b50ca565b91b320db3152d32e23f88c6c46e2ea003e48/detection
# Reference: https://www.virustotal.com/gui/file/a0bf02f7dd4044543ecaf4df5b150e945ac719f0a9899ffafd11f641de1acf2b/detection
# Reference: https://www.virustotal.com/gui/file/b97b606aef81420a441aba88b42c44aa8e102390434be5714d33bb07645912d2/detection
# Reference: https://www.virustotal.com/gui/file/8d1baf0c8b986b24d03c608c4edaa1053d3dc90065bfcd2a827651a6effb0bdb/detection
# Reference: https://www.virustotal.com/gui/file/4e002bce081442b7bc369d0a52eca3dba64d38649da8416863bd40b8bc3a49c7/detection
# Reference: https://www.virustotal.com/gui/file/14c63d1c8979ac3e55720fbfedd7f1f7fb68bbf16a2ca2882284817cf01ccd8f/detection
# Reference: https://www.virustotal.com/gui/file/32142bfd3bdea4149b55c42462a82bcf349cadb64d08c6a86d4aaf2b76697ba6/detection
# Reference: https://www.virustotal.com/gui/file/041e2abbe05bf376269b41e88f3eac89ae1cb5ac6f0455bd5bd70cd4fd47ac10/detection
# Reference: https://www.virustotal.com/gui/file/89817e1b41550510423b0228002a17b9920432d0d20f42d700aa3ba64f559fc3/detection
# Reference: https://www.virustotal.com/gui/file/5c263861953572824bdecc358c48a73d1c29f3351ed494fd1074230e9e7f2b32/detection
# Reference: https://www.virustotal.com/gui/file/adae349f4b35b704d8b07ef08021f7c01943ff5b4e77dd775551978c68f80b54/detection
# Reference: https://www.virustotal.com/gui/file/dc5c65a9d3dd46e29143c7fea02a070ae6b29395687462e21c7830c12510f05c/detection
# Reference: https://www.virustotal.com/gui/file/d587d29bd55768099f37c62c2fb94cae86c741aea8598ba81c78b9dc9d326719/detection
# Reference: https://www.virustotal.com/gui/file/0a0b584f7f6b0ebb48a9b77bf4aff49d87fe6415ddd61a658334d759269e4e92/detection
# Reference: https://www.virustotal.com/gui/file/7fbb2b279ca7e0c3805a516e66ad495f3525c99140459bde810dab0f370c656e/detection
# Reference: https://www.virustotal.com/gui/file/a0822940a97be891b6d669ab1501fe9fd20e544aedc0514b34057f6c41b4c4f7/detection
# Reference: https://www.virustotal.com/gui/file/c893ea2cde94539b29ea04f5ae4f6a078f22bf8512612127c6ae5aab11e83be4/detection
# Reference: https://www.virustotal.com/gui/file/0321ab9427231744eac118feca875d2e4cdefab7fd4b2438fdd6bc148a29f894/detection
# Reference: https://www.virustotal.com/gui/file/0701bbc25b7ebefd61eaeec13bf1f8502b80a266cd4ce6ddfb650832b4d18b86/detection
# Reference: https://www.virustotal.com/gui/file/421c81b27bf6f7932b5ee00d1898195ffb516cbe84fe410c4eba5f3c17c4e9c5/detection
# Reference: https://twitter.com/malwrhunterteam/status/1299375482643927045
# Reference: https://twitter.com/bryceabdo/status/1299369692709236738
# Reference: https://twitter.com/bryceabdo/status/1294044087121858560
# Reference: https://twitter.com/bryceabdo/status/1293198360615231488
# Reference: https://twitter.com/bryceabdo/status/1290330524834201604
# Reference: https://twitter.com/bryceabdo/status/1303324710688628738
# Reference: https://twitter.com/bryceabdo/status/1306226330166464512
# Reference: https://app.any.run/tasks/e2d1a0d7-875b-4ea0-bb60-fc05bb9ea742/
# Reference: https://app.any.run/tasks/7c554c3b-4bb8-47e4-9eb8-9a6827998ebf/
# Reference: https://app.any.run/tasks/ffc1ecff-e461-4474-8352-551db7e7b06f/
# Reference: https://app.any.run/tasks/31076788-db3b-4caa-89de-105c3e389aef/
# Reference: https://app.any.run/tasks/b21034a4-e7b5-4b7b-b914-0f3cbe8296a0/
# Reference: https://app.any.run/tasks/886477ef-ef81-4661-8bc9-43dbe7af8d7c/
# Reference: https://app.any.run/tasks/bb4550be-e808-42ee-b774-6a70b6d20b60/
# Reference: https://app.any.run/tasks/3095963a-5c11-4fe5-ad78-8722bda375e8/
# Reference: https://app.any.run/tasks/ffd4ef2f-756b-41d6-913a-9bf0314d0041/
# Reference: https://app.any.run/tasks/c034a9dc-85e2-40ce-b7bf-ea37f35c0c56/
# Reference: https://app.any.run/tasks/cd200345-e7e3-4efe-b72e-84535c477b66/
# Reference: https://app.any.run/tasks/0d8bd7ea-5b29-4772-be98-01727944dd8e/
# Reference: https://app.any.run/tasks/2b091597-7999-4927-a0d5-8f2fefb2f828/
# Reference: https://app.any.run/tasks/5059012f-55e1-4407-9ef7-ccc962d1fc5e/
# Reference: https://app.any.run/tasks/73532d2a-c4c9-415a-8f2c-6f1bed1c5821/
# Reference: https://app.any.run/tasks/aa5d7890-1ab8-4fea-ac36-49f1a8e1611f/

# Note: CobaltStrike, CrowdStrike

http://101.132.33.79
http://103.140.228.201
http://104.243.34.50
http://106.13.84.99
http://112.74.33.227
http://114.67.98.102
http://116.85.25.159
http://120.79.218.54
http://120.79.51.94
http://121.43.238.160
http://129.204.227.27
http://142.93.5.32
http://149.129.72.37
http://154.92.16.126
http://155.94.133.110
http://172.245.153.150
http://18.195.207.204
http://218.253.251.90
http://218.253.251.100
http://31.14.40.55
http://45.66.250.14
http://45.78.67.211
http://45.80.191.125
http://45.119.117.102
http://45.145.185.188
http://46.166.128.234
http://47.105.143.181
http://51.77.103.125
http://62.60.135.22
http://78.142.18.157
101.132.33.79:443
101.132.33.79:4527
103.117.137.34:3322
103.214.168.176:443
104.233.224.237:4389
104.27.158.158:8080
104.27.158.158:8443
104.27.159.158:8443
106.13.84.99:23333
106.13.84.99:8989
106.14.82.209:8443
106.15.106.246:8888
106.52.228.232:8888
106.75.8.237:8899
107.174.144.153:9002
109.235.70.99:443
114.67.98.102:30900
114.67.98.102:7799
116.85.25.159:12358
116.85.25.159:39999
117.50.63.248:40080
118.24.108.239:8000
118.89.59.179:8123
120.79.218.54:9999
120.79.51.94:8080
120.79.51.94:8443
121.199.46.249:3333
121.199.46.249:4444
121.199.46.249:9000
121.199.46.249:9090
121.36.102.227:443
121.36.102.227:7777
121.36.102.227:8888
121.36.149.225:4444
121.36.149.225:6677
121.36.149.225:6699
121.36.149.225:7788
121.36.149.225:7799
121.36.149.225:84
121.36.149.225:85
121.36.149.225:88
122.114.162.219:4568
122.51.34.238:4445
123.206.41.254:8888
129.204.227.27:44521
124.70.151.66:8888
135.181.49.38:443
139.196.171.222:12080
139.196.171.222:9999
139.196.86.63:11111
139.196.86.63:11112
139.196.86.63:12331
139.196.86.63:12345
139.199.158.84:14333
139.199.158.84:14433
139.199.158.84:2333
139.199.158.84:55533
139.199.158.84:8091
139.224.239.145:2333
139.224.239.145:6666
139.224.31.47:6578
149.129.54.16:8082
152.136.147.116:8848
154.206.40.42:5555
154.92.16.126:7779
155.94.133.110:4000
155.94.133.110:443
162.244.80.177:443
167.114.205.47:443
172.245.153.150:443
172.245.153.150:81
172.67.186.150:8080
193.112.99.77:8888
194.135.81.96:443
194.156.133.23:8008
218.253.251.90:8001
3.6.98.232:443
39.101.207.158:12358
39.101.207.158:39999
39.101.174.221:12358
39.101.174.221:39999
39.97.243.151:8080
39.98.140.30:443
42.159.7.101:7255
42.159.7.101:8633
45.76.158.91:443
45.76.158.91:6666
45.76.209.19:80
45.78.67.211:777
45.80.191.125:888
47.104.129.249:14444
47.104.84.3:8000
47.105.143.181:8885
47.115.37.55:8111
47.93.16.255:12344
47.93.231.121:11111
47.93.231.121:18080
47.93.231.121:50443
47.93.231.121:55555
47.93.231.121:8080
47.93.254.49:666
47.95.32.44:5566
47.97.160.248:4443
47.97.160.248:44444
47.97.160.248:44445
47.97.160.248:8000
47.98.172.161:8081
49.233.73.185:1234
49.233.78.35:8888
49.235.199.136:20480
49.235.166.224:12406
59.110.213.182:12345
59.110.213.182:443
59.110.213.182:8888
60.205.215.23:8001
66.42.39.79:443
78.142.18.157:443
8.210.181.149:16678
8.211.19.217:443
81.68.136.238:8891
91.241.19.10:443
97.64.22.226:1080
97.64.22.226:443
116.85.25.159:39999
116.85.25.159:12358
202.182.110.58:443
8.210.181.149:16678
130.204.52.112/en_US/
130.204.52.112/submit.php
121.36.149.225:82
211.159.158.117:1233
173.82.26.59:9090
198.13.51.69:88
206.189.42.30:9002
101.201.65.35:8080
49.233.13.210:8443
49.12.104.241/fwlink
69.64.49.110/g.pixel
46.8.198.25/g.pixel
amlakist.com
pwspaic.com
paic.website
haha.autohome.com.cn
androidtopapp.com
bankshopstars.site
cashihash.com
cashtil.com
cdn-cloudflare.org
checkbacktill.com
cob.wolt.services
cofeedback.com
computerupdate2020.microsoft.com
consultane.com
dr0pbox.myftp.biz
dukeid.com
ec2.amazzed.top
ec4.wddiosp.net
jahjaho.net
microsoftdoc.live
moffice365.live
robotvice.com
websitelistbuilder.com
typiconsult.com
image91.360doc.com
welcome.toutiao.com
payroll.blogtodaynews.com
zalofilescdn.com
mcafee-endpoint.com
microsoft-bj.ml
microsoft-shop.com
microsoft365.ga
microsofts.download
mrnxvdm.tk
nortonupdate.com
office365-update.servehttp.com
omnomnom.group
reportsbank.com
sharepoint-update.com
signup-now.com
hosting-64.xyz
netf30813.monster
pipelevel64.xyz
2-server.xyz
media64.xyz
netw32.xyz
pipe-64.xyz
robertstratton.xyz
rogerwlaker.xyz
onlinestephanie.xyz
jarredlike.xyz
vhvh.pw
xyxyxt.net
unwomen.org/jquery-3.3.1.min.js
prodibi.com/jquery-3.3.1.min.js
oriental-residence.com/jquery-3.3.1.min.js
atakai-technologies.online
amatai-technologies.site
akamai-technologies.website
amamai-tecnologies.digital
amamai-tecnologies.space
amatai-technologies.digital
faisal-cv.com
vzproxy.verizon.com
winsecurityupdate7x32.org
updatesecurity64win.org
winupdate7x32.org
winupdate7x32.net
securityupdatewin32.org
dealeva.com
dombug.com
goodroy.com
keyisa.com
paraget.com
peernew.com
stephq.com
toproy.com
freesectest.ml
winservsec.com
studentedu.hk.appledaily.live

# Reference: https://blog.talosintelligence.com/2020/06/indigodrop-maldocs-cobalt-strike.html
# Reference: https://otx.alienvault.com/pulse/5ef1091a9653016c3a10d2c8

http://134.209.196.51
http://134.209.200.91
http://139.59.1.154
http://139.59.79.105
http://139.59.81.167
http://157.245.78.153
http://165.22.201.190
http://188.166.14.73
http://188.166.25.156
http://202.59.79.131
139.59.1.154:8201
202.59.79.131:8080
tecbeck.com

# Reference: https://app.any.run/tasks/073d7bd4-4118-4a60-b0c6-7fcb99261fe2/
# Reference: https://app.any.run/tasks/0c2a5bd1-3a04-4bf2-90db-370040821288/

193.203.14.162:7898
45.138.72.132:80

# Reference: https://app.any.run/tasks/148aea5f-232c-4696-9c31-e37ddba65513/

192.119.110.130:443

# Reference: https://app.any.run/tasks/6409d356-c7dc-4a74-83cb-14e03436f243/

42.159.86.214:8080

# Reference: https://twitter.com/bryceabdo/status/1250501636201512965

microsoft-ns1.com
office365upgrade.com

# Reference: https://twitter.com/bryceabdo/status/1306593639217283073

msdn64x7.net

# Reference: https://twitter.com/bryceabdo/status/1308743381099646976

conwaytools.me

# Reference: https://twitter.com/bryceabdo/status/1308778721797640195

dockerresearchlabs.com

# Reference: https://www.virustotal.com/gui/file/545274ea63b297206e53adfda656e3df67dcb035a847becfa63f8b0d31ad2974/detection
# Reference: https://www.virustotal.com/gui/file/1e8a375aca4a4e10e6c002eea55737b98651c59a5e075db9cd3fc66b6c826c20/detection

http://116.63.179.203
116.63.179.203:8080

# Reference: https://www.virustotal.com/gui/file/3ea3a1629e806031a53acca9937f0a61f6bc6768a8cd1a22edb4ad0ac4bd158a/detection

118.31.63.29:4444

# Reference: https://www.virustotal.com/gui/file/fae0bb1e37cda8c9d0ebf08512f3fda50fe09a0852e86fed52c741c72e4e2006/detection

microsoftupdates.ml

# Reference: https://twitter.com/malwrhunterteam/status/1307004506090205184
# Reference: https://www.virustotal.com/gui/file/6cd20654fc250ac87991352b57036c4cd65845615d3e76ca708059036725ce84/detection

58.215.157.240:80
58.215.157.241:80

# Reference: https://twitter.com/d4rksystem/status/1306963562129227777

101.32.46.240:443
windows-update.nz

# Reference: https://www.virustotal.com/gui/file/5c0efb94f94503bf22dca20783f649935dc2bce25b1e60f4f717d99f36f7bd8f/detection

47.56.126.243:8443

# Reference: https://www.virustotal.com/gui/file/3c411a8e15a5f9da25398aa9f9a6ce5850d253b6e5b677e316641afbe1ef48ce/detection

http://39.103.129.174
39.103.129.174:8090

# Reference: https://twitter.com/d4rksystem/status/1310600150847455234

checkavail.space

# Reference: https://twitter.com/reegun21/status/1309500548224184322
# Reference: https://www.virustotal.com/gui/file/09f345ed03515edb3e0098c1f7b79a8e93b1ff8189f56eecb8bea47136a152c2/detection

http://188.119.149.108
188.119.149.108:443
18.192.188.29:8001
http://37.1.210.141
molinahealthcare.gq
x.necential.de

# Reference: https://twitter.com/d4rksystem/status/1310962538335662084

154.194.255.61:1112

# Reference: https://www.virustotal.com/gui/file/608f082e569b2e089e1c89a789e1963c108f972d20ea4e0b5114c0661c50fe6a/detection
# Reference: https://www.virustotal.com/gui/file/fffd5fb4107407ecc42df03dec6cc20d164b651879ac0a77455e07d9fc001a6d/detection

185.200.34.175:12345

# Reference: https://www.virustotal.com/gui/file/cd76d1d4806e451e88c98e804bccc696e0d78775c9a4a696e9de1fe732c98846/detection

http://121.37.212.243
35.194.127.200:9090

# Reference: https://twitter.com/d4rksystem/status/1311346316908339200

35.201.229.47:6666

# Reference: https://www.virustotal.com/gui/file/bbcf017b03cd244398f6a69f4543d8c91c13b92fb24988915b8c6528b57d9e30/detection

155.94.135.156:14357

# Reference: https://www.virustotal.com/gui/file/ffb4cb0c66f58bb549fcdaa8a3479add80d7b1f69b71fefe4ea7dc029ec45871/detection

155.94.135.156:4445

# Reference: https://www.virustotal.com/gui/file/3a562c03a7158a1bb8c5afb0ce70bacdc4b7f5f03ea92363403197e58e6e99c9/detection

117.174.113.71:1213

# Reference: https://www.virustotal.com/gui/file/5da35edd8ddc0c4300a7e885ccaf417daf393150d35aad3f1d24a4839dea2e4b/detection

117.174.113.71:65500

# Reference: https://www.virustotal.com/gui/file/e6d37db815eb5f61f76f3dece07af0fbed2542beaf496cd5c4a800cafa70cea3/detection

117.174.113.71:8888

# Reference: https://www.virustotal.com/gui/file/cca380d18764adc6589cb94018c7a3cec6daa125c2909dd26a531c448501c8dc/detection

githubsec.tk

# Reference: https://www.virustotal.com/gui/file/87dca59ec3d55bcb1b05da564e5ce0a164ab633f1c46a18a97f72a30efff7388/detection

molinahealthcare.gq

# Reference: https://www.virustotal.com/gui/file/606c40821c82c44ce2990de952de16065d2289e1ffb91e003682675d9b1ec2fe/detection

120.25.123.158:8443

# Reference: https://www.virustotal.com/gui/file/248e6a90db1260061df8dac193d70f237210302479455b7110935066ddc99ee4/detection

154.209.69.6:1234

# Reference: https://www.virustotal.com/gui/file/53dbb408672eef0fb71f27a9fda1e9ec35588c7cd390893e2627dd3acb516459/detection

154.209.69.6:7899

# Reference: https://www.virustotal.com/gui/file/d5191559a3016231a9f1a1d29dae98496d431f31884db7c2572e8e071c014486/detection

http://154.209.69.6

# Reference: https://twitter.com/d4rksystem/status/1312029574331600896

119.45.191.253:8080

# Reference: https://twitter.com/malwrhunterteam/status/1312098094260117504

live-dvb-c.youku.com

# Reference: https://www.virustotal.com/gui/file/7d4657bc4224540eac6992d4b87b2570aefd4a7dfcc3ee7f246f2ff4a291ec71/detection

104.243.19.135:8088

# Reference: https://www.virustotal.com/gui/file/5549083af6734261be7cade3bbadbffdde00b12d8f4f884ec71c9e2ef5306118/detection

104.243.19.135:5678

# Reference: https://www.virustotal.com/gui/file/aa0be24ac6b5aaf757424cf2bc9f4f72321f445ef0ccd28d1e279cebd3ec754b/detection

http://114.80.110.39

# Reference: https://www.virustotal.com/gui/file/81a69e85fc1bf4c6549035ea7d0e8ff5351da4aa015e7fb53f43738b7f8b05e2/detection

http://113.96.179.221
http://36.99.196.220
http://58.49.193.212

# Reference: https://www.virustotal.com/gui/file/a2b3f282a809d01e197ec7c04c96c1971110e8e0d4dc22c7d5c7f16b86150808/detection

123.207.20.180:10015

# Reference: https://www.virustotal.com/gui/file/48b73e0d34194b834c713ad773e4a261c27b4a7b771b54e89e98909e82fdd2f7/detection

123.207.20.180:10070

# Reference: https://www.virustotal.com/gui/file/fcd72dbd60e6b2665d10e5a5d4d480ecd2b3e5fd736d4a526bd22704e4df8269/detection

123.207.20.180:10025

# Reference: https://www.virustotal.com/gui/file/02570bc3de4a4bbe76c33cba3f610820cbc979aec89a683c5b2cc8e044ed158d/detection

123.207.20.180:10035

# Reference: https://www.virustotal.com/gui/file/9f49451812417ec0c359aaf2791ed62d9a9019741134c20d2e3eb222d3a703ca/detection

123.207.20.180:10014

# Reference: https://www.virustotal.com/gui/file/9c2f7b86462774b99bdbc96e24a11723a1edc34a3d98a6a414a78ae5370d06c0/detection

123.207.20.180:10062

# Reference: https://www.virustotal.com/gui/file/84437b68342e0b1fa131b1fcf1dbde90a24462eeb2b86143b52d56957b829dc2/detection

123.207.20.180:10072

# Reference: https://www.virustotal.com/gui/file/bae843b3dcac33a4e812d7cc498358932cca6fdf7e07a742f2d92bd265a1e84f/detection

123.207.20.180:10058

# Reference: https://www.virustotal.com/gui/file/ed59e4cc578bbb125166e58942544cf1bf68393a5ca59b31a2bf2e62a77175d9/detection

139.219.7.217:4430

# Reference: https://www.virustotal.com/gui/file/fab3890bb36681ba07af2ceffdea9fd7bd42626daa4719e69b10cff4f36dfef0/detection

119.28.93.67:8000

# Reference: https://twitter.com/levigundert/status/1312065474927235072

172.241.29.12:3790

# Reference: https://www.virustotal.com/gui/file/ebbd2f4eef7ebb924a6f8b0eb9a7a5e0762992bfaca34bf6ab200b905b087bd4/detection

116.85.69.130:443

# Reference: https://www.virustotal.com/gui/file/09cc55acdc1f3241261386a9ba57eb17f2d1ea8570d60f6f91d2ce15a6e80681/detection

42.51.67.111:8611

# Reference: https://www.virustotal.com/gui/file/e4dd5fc22ff3e9b0fa1f5b7b65fb5dfeac24aab741eee8a7af93f397b5720f4a/detection

103.205.7.201:8600
42.51.67.111:8612

# Reference: https://www.virustotal.com/gui/file/4c9a82765eeedefaead451e778eb0a0d3b9a5d6f149e6f005adb637e6be39bf6/detection
# Reference: https://twitter.com/pmelson/status/1312796980473729024

185.174.103.157:443
185.174.103.157:80

# Reference: https://www.virustotal.com/gui/file/a9ca1d6a981ccc8d8b144f337c259891a67eb6b85ee41b03699baacf4aae9a78/detection

178.79.179.200:443

# Reference: https://www.virustotal.com/gui/file/418e111b53bc96cadb2aebd57fe8c9315834c647ccc7aa4ee5a7cd9e0715fb2f/detection

116.62.174.32:6666
http://116.62.174.32

# Reference: https://twitter.com/ScumBots/status/1313140725383651329
# Reference: https://www.virustotal.com/gui/ip-address/87.121.52.229/relations

87.121.52.229:443
supercombinating.com

# Reference: https://www.virustotal.com/gui/file/452e2b1c870841ea7d8fe7a9b3046206d634a9e4180abea218c06736e129e419/detection

212.64.65.50:53

# Reference: https://www.virustotal.com/gui/file/69dab575d08d749dbaac76f7ae5ca87a83a7f7beb56ccecdf551df54c7a13255/detection

116.63.155.102:443

# Reference: https://www.virustotal.com/gui/file/bbe04907b22f077c3b52985b738168cdc970ee5c8f7f25899a45e4d1cdf94b14/detection

39.108.195.174:8001

# Reference: https://www.virustotal.com/gui/file/6b40a7ce3a67ebdcb825f59709576dcc97c7dc2d52d6e4677c790dd326c9f5df/detection

60.190.119.117:8008

# Reference: https://www.virustotal.com/gui/file/466c909ef1e4ee4293acd3999565a5fdbdd226d46d716698bc41581c35f713fa/detection

60.190.119.117:9009

# Reference: https://twitter.com/d4rksystem/status/1313494222872420352

http://144.34.165.136
http://18.159.252.67

# Reference: https://www.virustotal.com/gui/file/4c3d2a07b5ddb595f37cce72ef7cab2b6df27cee6f6d1c83cca15ba6d8798615/detection
# Reference: https://www.virustotal.com/gui/file/e107115c6a844fb98475caaa449474e95e4f562b47f3e45fbf14b643dd13c613/detection

pepesec.azureedge.net

# Reference: https://www.virustotal.com/gui/file/b9bcaaefb5dd8f522945d12a4f6d57a42a6e2db6998a7386144144592b1c0952/detection

103.205.7.201:3320
103.205.7.201:37412
aaabbbccc-liebiao.9pyw.com

# Reference: https://www.virustotal.com/gui/file/b1a82bb2c571f69d88aa28b70e231b8a249aeea810179e3762304d66695c4d2b/detection

103.205.7.201:8001

# Reference: https://www.virustotal.com/gui/file/9f8deedba4e28c66d5f597d7031b0160425b3a90fa5c2297bcad097f9e7096eb/detection
# Reference: https://www.virustotal.com/gui/file/10433791ae6fecb3d1f8801e168a8d8230056d59390ab6405cf0dbdf424ebb2b/detection

45.32.62.213:8880

# Reference: https://www.virustotal.com/gui/file/36a2e64665dbea84776253e15bd8bc9cebfb647e085fcfee50f24e3b0b4c7582/detection

207.148.118.99:443
jsc.aliyunsdn.com

# Reference: https://twitter.com/malwrhunterteam/status/1314558847588143105
# Reference: https://www.virustotal.com/gui/file/236f333149df4e6a888330f98453f2ed2b5175a9dc5f7c9b3375ab89d916627c/detection
# Reference: https://www.virustotal.com/gui/file/bc4e902a2fb6d9224587212fa4ca49133f2f6b5e4dcdfee2f71dd5ff85a68a66/detection

139.155.91.159:21001
45.32.207.129:21001
host.360-update.com

# Reference: https://www.virustotal.com/gui/file/cca109052df824b750402bf3302102be844e8c0a1ae70ce322035f4c17a12f21/detection

http://45.86.163.86

# Reference: https://www.virustotal.com/gui/file/759501730757f599f2e3934f452f127c765300fdca9fce57cd9590647d6d1684/detection
# Reference: https://www.virustotal.com/gui/file/959244b071e6762f42dc5c22f237a20f56c9df60218fb0673d37450ad74282fb/detection

104.24.110.22:2095
104.24.111.22:2095
172.67.219.38:2095
usahack.xyz

# Reference: https://www.virustotal.com/gui/file/7d95da7bd7f521b988809acd34e37b4fa956e3612398447ed12c67d8c6508d5c/detection
# Reference: https://www.virustotal.com/gui/file/d0d31768cde303eb954ae5209a415c7f551f3f701a1cb43a68c97f86386cb057/detection

http://103.152.132.23
103.152.132.23:443

# Reference: https://www.virustotal.com/gui/file/fbd2233ff798f26fb3998f5149af251f07fe4fa06b255dd6b991a569ae8097d5/detection
# Reference: https://www.virustotal.com/gui/file/1b0318224a1d139510139e1765c5e7b1295fc29c0ee861ea33a1ff4f68a93023/detection

13.67.239.91:443
api.pcocot.com

# Reference: https://www.virustotal.com/gui/file/0fffc765338044eccefa1984d3c52e1a37d21f780d9cf3cba56b80fef84518bd/detection

120.79.244.41:7878

# Reference: https://twitter.com/d4rksystem/status/1315672322762825729

http://194.99.21.202

# Reference: https://app.any.run/tasks/03ec2e4c-e5be-4f8b-a1d9-ca4fd51db517/

http://45.32.32.95

# Reference: https://www.virustotal.com/gui/file/9ca0885bc44fc50015d2db4775a8b16272805ee4f5fd2bab5b6371c8ae576348/detection

45.32.1.7:2233

# Reference: https://twitter.com/d4rksystem/status/1316035968340766726
# Reference: https://www.virustotal.com/gui/file/a0578b73f58e8cf479f9c69d1e8ad29977359dd6121a0be234e58df476a26dd6/detection

54.179.204.35:443
msregistrar.com

# Reference: https://www.virustotal.com/gui/file/ae6ca525ecf445ed86bd0d8a9b917afacfc45b54243dcae1e5578cfd3369b5e5/detection
# Reference: https://www.virustotal.com/gui/file/e031505f9fc872531f9d8718d342ca7fdd90585efdac2198a69374f79776f310/detection
# Reference: https://www.virustotal.com/gui/file/68eb410bd9e172538dcd99bd3c0c1bbf2754117c4de6772cf1bdf537ad990c76/detection
# Reference: https://www.virustotal.com/gui/file/af94d92e216aa5d2ad6f11de234e9d23b313f08fb5cc8d376212a43128caa595/detection

104.31.89.151:2083
104.31.89.151:8880
172.67.148.251:2083
z652.com

# Reference: https://www.virustotal.com/gui/file/0d66c2fbe562a48e10c2f3d728f26dec2b8de81a78552928a35e57ee7501e495/detection
# Reference: https://www.virustotal.com/gui/file/7e2204fcc0bf11d3dd9273178ed3e7ac1acd812a6053b77904a0771e3d5ae7fb/detection
# Reference: https://www.virustotal.com/gui/file/7bef980f2d19a5f122432902b760af9ca36e7eb0fea31c5e276a92d2c7727733/detection

http://145.249.106.231

# Reference: https://twitter.com/d4rksystem/status/1316423524882345984

http://194.87.95.167

# Reference: https://twitter.com/malwrhunterteam/status/1316668613747597312
# Reference: https://www.virustotal.com/gui/ip-address/109.201.142.110/relations
# Reference: https://www.virustotal.com/gui/file/f90129b0d41a4602f9a9ab2377fbab2fb59b0c3044fd86b1944671216b62aa4f/detection
# Reference: https://www.virustotal.com/gui/file/b6e8845304e6e747baffabb5f041201231eed8c2b27eeb0b2b22128e69f0038b/detection

109.201.142.110:443
forteupdate.com

# Reference: https://twitter.com/kyleehmke/status/1316727958661476353
# Reference: https://twitter.com/kyleehmke/status/1316727959735205897
# Reference: https://twitter.com/kyleehmke/status/1316727960666284033
# Reference: https://www.virustotal.com/gui/ip-address/45.147.229.52/relations
# Reference: https://www.virustotal.com/gui/file/4544b478b2029ec38eb4bda111741a10f0684e38f1b29ce092b93df882d11f9e/detection
# Reference: https://www.virustotal.com/gui/file/2376a8da650c124b3d916765f82929b4109f20bc4f211a39a4d1cd4391780d1f/detection

45.147.229.52:443
45.147.230.131:443
ate-cic.com
backup-helper.com
backup-leader.com
backup-simple.com
bakcup-checker.com
bakcup-monster.com
boost-servicess.com
itsme-belgie.com
nas-leader.com
nas-simple-helper.com
online-activering.com
service-checker.com
service-leader.com

# Reference: https://app.any.run/tasks/cc2dbd61-ce6a-43e3-b078-c5a4fca5d84e/
# Reference: https://www.virustotal.com/gui/ip-address/185.153.198.124/relations

185.153.198.124:443

# Reference: https://www.virustotal.com/gui/file/7a6c30e910938a30bbd5928e2e1d80020148c3e7862d6059b83cde816a139e4c/detection
# Reference: https://www.virustotal.com/gui/file/868f5c21ea3610220291376f0f0840e1bf48e42e117c8cffe25c8f728f3ea53d/detection
# Reference: https://www.virustotal.com/gui/file/f2dd98c4956ba7ddf88cf6038d7c0fa2619e33e7c1ac37d36f6583b596bf6e75/detection

http://42.194.215.224
42.194.215.224:443
42.194.215.224:50001

# Reference: https://www.virustotal.com/gui/file/20b8d8491a64104cad453e037a8cc68c489679e8e070d74f3186c21f918bcdcb/detection

104.27.159.224:2086
charismatic-guy.me

# Reference: https://twitter.com/d4rksystem/status/1317118108696334341

155.94.151.222:443
http://156.239.157.66
http://207.148.102.51

# Reference: https://www.virustotal.com/gui/file/db38d9b23211526933e20a725cc0a21106e4b960565ecbbd8bb8ecaa45acfb4c/detection
# Reference: https://www.virustotal.com/gui/file/c74ad1f1d812516367adedc579e9cace3fbb38400bd372ff2baa476eb076eb73/detection
# Reference: https://www.virustotal.com/gui/file/2546cf19855a5772834dcbd41fbc9206946c6c9953243edc96831e9d667677e8/detection

pepesec3.azureedge.net
pepesec3.ec.azureedge.net

# Reference: https://www.virustotal.com/gui/file/f092ffd1167579c7d0314f654ed25432da3e4cbc8b48b58fd6ed3a16d6f186ed/detection

101.37.85.106:7555

# Reference: https://www.virustotal.com/gui/file/f30cc30aaf88b4470250880cb2da47807d1d4985f843b18c00d2e51ac78131b6/detection

101.37.85.106:8080

# Reference: https://www.virustotal.com/gui/file/5e91ff40d85e197751696bb1f6ab66055b6408ef99bfc12e54f27fc4f7674268/detection

101.37.85.106:9988

# Reference: https://app.any.run/tasks/fbd0a347-e914-470c-97b1-e3275d619357/
# Reference: https://www.virustotal.com/gui/file/c9d9e4e25c1b8672d126d8269fa64643b17314515c6ed0fc33c12fed0f69ce63/detection

huawei-promotion.com
home.huawei-promotion.com

# Reference: https://twitter.com/malwrhunterteam/status/1318109081882841088
# Reference: https://www.virustotal.com/gui/file/d2eee2fa771e54c1a44cfc4d40eef50be4776a25987b72633f7b91faf2302092/detection

217.12.218.199:443

# Reference: https://twitter.com/kyleehmke/status/1318154835183677440

best-backup.com
best-nas.com
bestservicehelper.com
simple-backupbooster.com
simpleservice-checker.com
top-backuphelper.com
top-backupservice.com
top3-services.com
topbackup-helper.com
topbackupintheworld.com
topservice-masters.com
topservicebooster.com

# Reference: https://twitter.com/kyleehmke/status/1319575445600428035

backups1helper.com
driver-boosters.com
driver1downloads.com
service-hel.com
service1update.com
service1view.com
servicehel.com
servicereader.com
top3servicebooster.com
view-backup.com

# Reference: https://www.virustotal.com/gui/file/8cc100635c5b90972a8001ad8a7160ed6be058e077eef9cdf437cd1805eaf104/detection

52.14.54.251:443

# Reference: https://www.virustotal.com/gui/file/f205dd34ad12009018bd7318b552ceb7c3413a3d3ed54dc5af76247fd1290d5a/detection

bullheadcitybee.us
westharrison.org

# Reference: https://app.any.run/tasks/d11dc06d-229b-48ed-ad75-cf39571b10ee/

46.8.180.147:443

# Reference: https://app.any.run/tasks/95038ae0-03ab-4fa9-a14c-cc3abd7c849a/

http://103.228.130.104/updates.rss

# Reference: https://app.any.run/tasks/45879790-4707-46b7-a12b-f4043e360feb/

http://173.234.155.231/ga.js

# Reference: https://app.any.run/tasks/4106d3df-1efc-479f-9539-b00ed7cc1dbb/

172.247.123.118:9080

# Reference: https://app.any.run/tasks/5fc7e87e-c219-4a94-8dd9-f7d95c4d68e5/

160.124.49.133:7777

# Reference: https://app.any.run/tasks/6344a790-6098-4f2f-8940-c47fc3d10a7b/

http://37.221.113.120/push

# Reference: https://app.any.run/tasks/6d22ffda-7494-4139-8752-a73c70c4f984/

144.168.63.190:8082

# Reference: https://app.any.run/tasks/6725e2c2-9de5-4f6e-8929-519b4a6a99e6/
# Reference: https://app.any.run/tasks/8d7f1fb5-6beb-47b5-ad78-c441e3133ceb/

http://45.146.165.142/IE9CompatViewList.xml
http://45.146.165.142/cm

# Reference: https://app.any.run/tasks/27cf987c-943c-48e7-ab21-9aeec430b242/

198.13.32.247:8000

# Reference: https://app.any.run/tasks/faca4fb3-89e9-4e22-af0e-f0abfe347172/

139.180.188.22:888

# Reference: https://app.any.run/tasks/419868a6-3152-48be-8cc9-379d636ce9a9/

http://109.234.34.116/push

# Reference: https://app.any.run/tasks/15e8bd10-0b7a-4486-89bb-f8204514397f/

http://172.81.212.89/push

# Reference: https://app.any.run/tasks/fdb56336-1231-4fbc-a460-998246103eaf/

http://202.182.117.241/load

# Reference: https://app.any.run/tasks/abd0ee54-f91d-485f-bd0c-f827368da494/

http://81.68.140.178/g.pixel

# Reference: https://app.any.run/tasks/793f930a-e893-40c6-8444-763d708190b3/

http://139.224.116.161/push

# Reference: https://app.any.run/tasks/e6240347-3e5a-4ee1-9cdf-616666b19475/

http://207.154.250.85/g.pixel

# Reference: https://app.any.run/tasks/d1861257-be9c-4cfd-999d-8ea0288b4d77/

http://45.141.84.212/push

# Reference: https://app.any.run/tasks/e448fa2a-b57f-4aa2-af20-dd7ca2a85f50/

http://45.146.165.227/updates.rss

# Reference: https://twitter.com/malware_traffic/status/1318713989371756544

http://104.238.134.63/submit.php
http://104.238.134.63/updates.rss

# Reference: https://app.any.run/tasks/1a9e61d4-813d-48f8-94c0-1fea1e7e1118/

http://45.141.84.218/visit.js

# Reference: https://app.any.run/tasks/afbf9daf-f83e-413b-b8f6-27028d8e9622/

47.75.251.9:8888

# Reference: https://app.any.run/tasks/4dab1cc1-6627-468e-9c74-b6caa512f91d/

http://83.220.172.27/g.pixel

# Reference: https://app.any.run/tasks/a9bc0914-a647-4a2a-8ee5-1bf72011354e/

http://117.78.1.204/pixel.gif

# Reference: https://app.any.run/tasks/3fd032a3-3c13-41a2-8fc6-63e25fbf4b14/

flash-load.ml

# Reference: https://app.any.run/tasks/9b1ced11-696c-48e6-ad44-b47253d1fe0d/

47.94.196.194:8888

# Reference: https://app.any.run/tasks/8ae79b03-edda-4e8c-8515-0115727b2c45/

conf.azureedge.net

# Reference: https://app.any.run/tasks/b5a83b7c-50fe-46de-a36d-efdbdbc46a11/

kalicobalt.ddns.net

# Reference: https://app.any.run/tasks/e4f1997e-d40d-43f4-8efc-8a09ce3502ed/

47.97.164.40:8080

# Reference: https://app.any.run/tasks/be7683e4-c5ea-4aa7-a83b-ba0782a83d2e/

93.115.21.43:8080

# Reference: https://app.any.run/tasks/ac5be7de-e06b-4038-9765-7a9a89e76cbc/

158.247.211.216:8080

# Reference: https://www.virustotal.com/gui/file/2a2ee5c57f94511369b7f3d3a1d0c0547599f8578892c3e717af700dcde1ddf6/detection

node.podzone.org

# Reference: https://www.virustotal.com/gui/file/fddcc86a7c20b70f58f7f0d9d9c61a6eff5342b0d8510889616fe26e99c04035/detection
# Reference: https://www.virustotal.com/gui/file/9675f832a7dfda9e5cbbc6ae409b8d630392e56c29fe4e110d27134100e31d52/detection

http://5.79.119.191/ga.js
5.79.119.191:8080

# Reference: https://www.virustotal.com/gui/file/8b8ffeec1b276b158b8c2334dbcac254135c4dbbbe66637bfcf2bcef39a2f5cd/detection

45.134.168.146:6868

# Reference: https://www.virustotal.com/gui/file/452e2b1c870841ea7d8fe7a9b3046206d634a9e4180abea218c06736e129e419/detection

212.64.65.50:53

# Reference: https://www.virustotal.com/gui/file/bbe04907b22f077c3b52985b738168cdc970ee5c8f7f25899a45e4d1cdf94b14/detection

39.108.195.174:8001

# Reference: https://app.any.run/tasks/b20786f0-36d7-4377-87ac-8fb2747d6c95/

iqio.net

# Reference: https://app.any.run/tasks/5323d269-3367-4bdb-b189-5847f35646c1/

43.226.155.154:443

# Reference: https://www.virustotal.com/gui/file/857a50958036298fb9869190575990b36ec13885f0588c7f31da01a8f63fdefd/detection
# Reference: https://app.any.run/tasks/d83bf908-159e-42de-a656-b2924b2c1761/

http://104.238.134.63

# Reference: https://www.virustotal.com/gui/file/2a2ee5c57f94511369b7f3d3a1d0c0547599f8578892c3e717af700dcde1ddf6/detection

185.161.210.189:443

# Reference: https://twitter.com/malwrhunterteam/status/1318904041590718469
# Reference: https://www.virustotal.com/gui/file/836db6bde6f664fa42b020c7b4549713022eac87410c1ed1104b6d4df615a599/detection

topbackupintheworld.com

# Reference: https://twitter.com/kyleehmke/status/1318896410687885312
# Reference: https://twitter.com/kyleehmke/status/1318896411757498375

backup1helper.com
backup1master.com
boost-yourservice.com
checktodrivers.com
driver1master.com
driver1updater.com
driverdwl.com
godofservice.com
service1updater.com
viewdrivers.com

# Reference: https://www.virustotal.com/gui/file/a32e37ae08d6a723dff7313d96bc7e23fe9b7db18295e2916f3c935530329919/detection

frontend.physicsandcs.me

# Reference: https://twitter.com/d4rksystem/status/1318960239513804801

213.164.204.7:443

# Reference: https://twitter.com/pancak3lullz/status/1318990219824287744

http://195.123.246.33
103.143.81.177:443
106.52.152.85:443
123.56.228.208:8484
47.100.12.121:7890
47.244.3.176:39002
49.233.155.141:7001

# Reference: https://app.any.run/tasks/d400a6c0-38ce-4242-aadb-e08c96913608/

http://209.126.119.186/YeQM
http://209.126.119.186/cm

# Reference: https://www.virustotal.com/gui/file/315a3095062001ec75a2e4e9bf2b068ce840860c218d4c4b408eb39706578951/detection

test.praetorian-threat-hunt.com

# Reference: https://www.virustotal.com/gui/file/d3a62b4a0b738173562b0323780bf1f0f56f4a8c2258a669447f75e6e2c341aa/detection

47.103.205.254:8081

# Reference: https://www.virustotal.com/gui/file/9300ae74258f6f1d8e2186636fbf9f3f689983b53d3d56245766496552edd257/detection
# Reference: https://www.virustotal.com/gui/file/0732084ec0399e14fddab091557d7d3ef6b0ccf613f6910803c33727954e7c33/detection

120.78.196.37:8888

# Reference: https://www.virustotal.com/gui/file/da725957d24a193350af135631ab7b286983caeaa1619b61c2535aa1794575c2/detection
# Reference: https://www.virustotal.com/gui/file/2a644f9a1caee7aebd48c9bb630fe6908f05c9bf16cdf5c892fe5d46f669433c/detection

47.98.105.114:8888

# Reference: https://thedfirreport.com/2020/10/18/ryuk-in-5-hours/

havemosts.com
quwasd.com

# Reference: https://twitter.com/malwrhunterteam/status/1319353040785330176
# Reference: https://www.virustotal.com/gui/file/22231ae860d3e69476c2b697403e42e941bea53e244bfd2e7ebf47e527da2f1a/detection
# Reference: https://www.virustotal.com/gui/file/7714576e5255b891f909e82ef775d38a595ea4188c61af82b640194c53cd6a16/detection
# Reference: https://www.virustotal.com/gui/file/4f7dd00a005caf046dd7e494fea25be2264974264d567edfc89122242b7c41bc/detection
# Reference: https://www.virustotal.com/gui/file/6a539aaded06c2fb9dc8466e8d98f5413d53c5e0e75db61989332e9998b7a76c/detection

173.232.146.37:443

# Reference: https://app.any.run/tasks/3d9decdf-154d-4225-9ccb-dd246ac80875/

139.162.161.211:13541

# Reference: https://www.virustotal.com/gui/file/5c2d669c29bf38e23703703a396d53917f0822d5f599ff3df212319cb755ebee/detection

http://47.98.118.25/j.ad

# Reference: https://www.virustotal.com/gui/file/0e06fd34e65536711149762f673f5d884f6b2bb469198f09f4917dc29957a7e6/detection

47.98.118.25:8000

# Reference: https://www.virustotal.com/gui/file/4ee861177122b8cd8bb560eb3ea1897895be00aab79071b3b4792ef80689dde4/detection

132.232.80.78:8520

# Reference: https://www.virustotal.com/gui/file/93378648feffe8e9f40d3c72d98ea7ee5537a7019c9b49bfa7a2f3c1bcf5e6a2/detection

132.232.80.78:8052

# Reference: https://www.virustotal.com/gui/file/7e41151b49920e8fbe014814bd28afbb306d98fd9e45030326fb943c9ff91015/detection

132.232.80.78:5438

# Reference: https://www.virustotal.com/gui/file/af1114bfdff6f3fef37685976e500f20d4db1e94173957ed9f539ebb48ae0ad6/detection

144.34.218.157:23333

# Reference: https://www.virustotal.com/gui/file/7f4b50d2a55c50ac53bc04cd5b6733f659aff46597c65bdda38ce6f1a1deb843/detection
# Reference: https://www.virustotal.com/gui/file/deb398aa4b335f7c0c6f3a7a63ce46f60c21ada112a2ab76995f277ff1f97d3f/detection
# Reference: https://www.virustotal.com/gui/file/49d2bfac6f67d27805524c41ea6f29f965ebf4aba0ce6995b0639a09ce852962/detection
# Reference: https://www.virustotal.com/gui/file/f57dc2131a87e7cad9b18c82b8efb215d1c985c43764751431cce2a9374b93eb/detection

news.gfstaxadvisory.com

# Reference: https://www.virustotal.com/gui/file/ebbec6471d6aefea65e705cbced4ccc934bd09e81046c476d70e8b9ef0f1e9db/detection

104.239.178.204:8080
reward-firstenergy.azureedge.net

# Reference: https://www.virustotal.com/gui/file/df6b79b9b98b3832d6fde2b99906e1a93cf1a5e2a848ee5c42fc7ed48216c1aa/detection

173.82.110.209:443

# Reference: https://www.virustotal.com/gui/file/5daf37825cdc2b41a078b9a4b73c62700c2a6e41ae7d696b3fa644310109c253/detection

binbong.net

# Reference: https://twitter.com/James_inthe_box/status/1319742462693314561

office-cdn6.azureedge.net

# Reference: https://www.virustotal.com/gui/file/623332bed79f64a1eb61b00ef5b6578c1a61cec774ec9471aff8931a80e7e5e4/detection
# Reference: https://www.virustotal.com/gui/file/6979ec25a08584254fa65eeb6c1afafce160e41d90020feb7a200c0820fa79a8/detection

tothesky.merseine.com

# Reference: https://www.virustotal.com/gui/file/d8b888596f39303218f057514f02ab7203c8a48728b2eacce84c7fd0896d670f/detection

121.36.252.20:881

# Reference: https://www.virustotal.com/gui/file/84afb641bdcfca87b509c1b97783705557e9be5bf6dcb7932806540f7afe35dc/detection

121.36.252.20:882

# Reference: https://www.virustotal.com/gui/file/10c60f8438d275a4d778a8017e963eb78d2b1ba9bb7df601018a49ac6afbf3aa/detection

121.36.252.20:999

# Reference: https://www.virustotal.com/gui/file/867a132629eb3616f1d466d05fd0ebda770ef5edad04002d542af1f2911c6adf/detection

121.36.252.20:1111

# Reference: https://www.virustotal.com/gui/file/6e78a9c4b51c808bf9ecb4bd2b93ccffb4eab0a831386e32561c371f5e629f18/detection

49.235.252.199:12305

# Reference: https://www.virustotal.com/gui/file/6fb246e17e3b442a24cae411f061e986b9c847233129808d4319bb538869a701/detection

81.69.14.19:13355

# Reference: https://www.virustotal.com/gui/file/3b18371984244b90ee23c8fd5b2b75d278749f81027930152fa1b0730762b4ea/detection

81.69.14.19:33899

# Reference: https://www.virustotal.com/gui/file/f46c27806c51b9ca44d349fea8f6041445c1c3580a3658511dd8db94fbbb18c9/detection

ssl.cccccsssss.com

# Reference: https://twitter.com/kyleehmke/status/1321370267025727488

idriveboost.com
idrivecheck.com
idrivedownload.com
idrivedwn.com
idrivefinder.com
idrivehepler.com
idriverrs.com
idriveupdate.com
idriveview.com
service1boost.com
service1upd.com

# Reference: https://www.virustotal.com/gui/file/cb896a1dfc536a1dae13bf96c44d4296ec12ce5f423347872ec18f2e5d27e286/detection

http://81.71.34.172/IE9CompatViewList.xml
http://81.71.34.172/L5rj

# Reference: https://www.virustotal.com/gui/file/d6b93583d2c8d20f8875011a119f12ac9f75c5c40710dbf8a6a78a1621fd9758/detection

139.9.55.197:446

# Reference: https://www.virustotal.com/gui/file/d5d18dc766092ff6930e01f8245f61239e3546292cbba98eee4ff2a0f7a64048/detection

148.70.139.64:1221

# Reference: https://twitter.com/malwrhunterteam/status/1321421801440858112
# Reference: https://www.virustotal.com/gui/file/fe75f7b188da991162296d782d906b30b5be301e2234aac1b0b3714b742205f4/detection

123.57.241.254:81
182.92.3.93:5678

# Reference: https://www.virustotal.com/gui/file/3e5712bbacb8a667457d554e86a66b8d0a0c6f4c580062b18bfba6d33124c50a/detection

95.179.141.5:9999

# Reference: https://www.virustotal.com/gui/file/25ed94591db7227a89568c088d7acc6cc06d339d4af3b300cba306c89aa67642/detection

148.72.211.222:7777

# Reference: https://www.virustotal.com/gui/file/940256445907dff1f5151a7aca61841d7aa29ee9ff47f99b9b4bc57cbbebb50f/detection

http://160.119.79.88

# Reference: https://www.virustotal.com/gui/file/0e723e0b0ec849c9d9b2b6b6410ba03cd184f03301470c57da662ec84eed0bf7/detection

high.vphelp.net

# Reference: https://www.virustotal.com/gui/file/f345e5048ec968417d288cb9e01d50bd262be45c18db1552af30380a3902626f/detection

360bug.net

# Reference: https://twitter.com/malware_traffic/status/1321482374044069888
# Reference: https://twitter.com/malware_traffic/status/1321182175916679168
# Reference: https://www.virustotal.com/gui/file/e765b7584834e1438df2865e24651067c59d50dc165ace09e293d295b6e90843/detection

http://185.153.199.166/match
http://185.153.199.166/pixel
http://69.30.232.138/activity

# Reference: https://twitter.com/d4rksystem/status/1321496952358555655

http://103.80.27.87
http://104.238.134.63
http://209.126.119.186

# Reference: https://twitter.com/d4rksystem/status/1319292434136895488

158.247.212.131:1080
http://194.99.21.202

# Reference: https://gist.github.com/aaronst/6aa7f61246f53a8dd4befea86e832456 (# UNC1878)
# Reference: https://otx.alienvault.com/pulse/5f99dd6b17da45dfb9dc296e

aaatus.com
actionshunter.com
avrenew.com
ayechecker.com
ayiyas.com
backup-helper.com
backup-leader.com
backup-simple.com
backup1helper.com
backup1master.com
backup1service.com
backup1services.com
backupmaster-service.com
backupmasterservice.com
backupmastter.com
backupnas1.com
backups1helper.com
bakcup-checker.com
bakcup-monster.com
best-backup.com
best-nas.com
bestservicehelper.com
besttus.com
bigtus.com
biliyilish.com
bithunterr.com
blackhoall.com
boost-servicess.com
boost-yourservice.com
boostsecuritys.com
boostyourservice.com
bouths.com
brainschampions.com
bugsbunnyy.com
cantliee.com
caonimas.com
chainnss.com
chalengges.com
cheapshhot.com
check1domains.com
check4list.com
checkhunterr.com
checktodrivers.com
checkwinupdate.com
chekingking.com
ciscocheckapi.com
cleardefencewin.com
cmdupdatewin.com
comssite.com
conhostservice.com
cylenceprotect.com
daggerclip.com
debug-service.com
defenswin.com
developmasters.com
dotmaingame.com
driver-boosters.com
driver1downloads.com
driver1master.com
driver1updater.com
driverdwl.com
driverjumper.com
easytus.com
eighteenthservicehelper.com
eighthservicehelper.com
eighthserviceupdater.com
eithtservice-developer.com
elephantdrrive.com
eleventhservicehelper.com
eleventhserviceupdater.com
errvghu.com
fastbloodhunter.com
fifteenthservicehelper.com
fifthservice-developer.com
fifthservicehelper.com
fifthserviceupdater.com
findtus.com
firstservice-developer.com
firstserviceupdater.com
firstservisehelper.com
firsttus.com
fourservicehelper.com
fourteenthservicehelper.com
fourthservice-developer.com
fourthserviceupdater.com
freeallsafe.com
freeoldsafe.com
gameleaderr.com
getinformationss.com
giveasees.com
greattus.com
gtrsqer.com
gungameon.com
gunsdrag.com
hakunaman.com
hakunamatatata.com
harddagger.com
havemosts.com
havesetup.net
helpforyourservice.com
hungrrybaby.com
huntersservice.com
hurrypotter.com
hybriqdjs.com
idrivecheck.com
idrivedownload.com
idrivedwn.com
idrivefinder.com
idrivehepler.com
idriveupdate.com
idriveview.com
iexploreservice.com
imagodd.com
info-develop.com
jomamba.best
jonsonsbabyy.com
kungfupandasa.com
lindasak.com
livecheckpointsrs.com
livetus.com
loockfinderrs.com
loxliver.com
lsassupdate.com
lsasswininfo.com
luckyhunterrs.com
martahzz.com
maybebaybe.com
microsoftupdateswin.com
mixunderax.com
moonshardd.com
mountasd.com
myservicebooster.com
myservicebooster.net
myserviceconnect.net
myserviceupdater.com
myyserviceupdater.com
nas-leader.com
nas-simple-helper.com
nasmastrservice.com
newservicehelper.com
nineteenthservicehelper.com
ninethservice-developer.com
ninethserviceupdater.com
ninthservicehelper.com
nomadfunclub.com
puckhunterrr.com
pudgeee.com
qascker.com
quwasd.com
raaidboss.com
raidbossa.com
rapirasa.com
razorses.com
realgamess.com
regbed.com
reginds.com
remotessa.com
renovatesystem.com
rulemonster.com
saynoforbubble.com
scrservallinst.info
secondlivve.com
secondservice-developer.com
secondservicehelper.com
secondserviceupdater.com
service-booster.com
service-boosterr.com
service-checker.com
service-hel.com
service-hellper.com
service-helpes.com
service-hunter.com
service-leader.com
service-updateer.com
service-updater.com
service1boost.com
service1update.com
service1updater.com
service1view.com
serviceboosterr.com
serviceboostnumberone.com
servicecheckerr.com
servicedbooster.com
servicedhunter.com
servicedpower.com
servicedupdater.com
servicegungster.com
servicehel.com
servicehunterr.com
servicemonsterr.com
servicemount.com
servicereader.com
servicesbooster.com
servicesbooster.org
servicesecurity.org
serviceshelpers.com
serviceshelps.com
servicesupdater.com
serviceswork.net
serviceupdates.net
serviceupdatter.com
serviceuphelper.com
servicewikii.com
seventeenthservicehelper.com
seventhservice-developer.com
seventhservicehelper.com
seventhserviceupdater.com
sexycservice.com
sexyservicee.com
shabihere.com
sibalsakie.com
simple-backupbooster.com
sixteenthservicehelper.com
sixthservice-developer.com
sixthservicehelper.com
sixthserviceupdater.com
sobcase.com
sophosdefence.com
sunofgodd.com
sweetmonsterr.com
target-support.online
tarhungangster.com
taskshedulewin.com
tenthservice-developer.com
tenthservicehelper.com
tenthserviceupdater.com
thirdservice-developer.com
thirdservicehelper.com
thirdserviceupdater.com
thirteenthservicehelper.com
tiancaii.com
timesshifts.com
top-backuphelper.com
top-backupservice.com
top-servicebooster.com
top-serviceupdater.com
top3-services.com
top3servicebooster.com
topbackup-helper.com
topbackupintheworld.com
topsecurityservice.net
topservice-masters.com
topservicebooster.com
topservicehelper.com
topservicesbooster.com
topservicesecurity.com
topservicesecurity.net
topservicesecurity.org
topservicesupdate.com
topservicesupdates.com
topserviceupdater.com
twelfthservicehelper.com
twelvethserviceupdater.com
twentiethservicehelper.com
unlockwsa.com
update-wind.com
update-wins.com
updatemanagir.us
updatewinlsass.com
updatewinsoftr.com
view-backup.com
viewdrivers.com
vnuret.com
voiddas.com
web-analysis.live
windefenceinfo.com
windefens.com
winsysteminfo.com
winsystemupdate.com
wodemayaa.com
wondergodst.com
worldtus.com
yourserviceupdater.com
yoursuperservice.com
zapored.com
zetrexx.com
zhameharden.com

# Reference: https://twitter.com/kyleehmke/status/1321728850095722496

backupslive.com

# Reference: https://twitter.com/kyleehmke/status/1321737401530753026

boost-helper.com
supservupdate.com

# Reference: https://www.virustotal.com/gui/file/fb40acf24c2ea5e6736f2c1c0f7d98f37b746a4d84f164071f95550f4e49458f/detection

47.75.49.6:6050

# Reference: https://www.virustotal.com/gui/file/264357a7374d079801cca76340e58b2461105d432a89f9e09f903d0da8d24d39/detection

143.229.2.88:80

# Reference: https://www.virustotal.com/gui/file/9eb47a6c5f215414a4013a6ab4327049416fe6d65abccf7444e96cff892dc8b7/detection

47.105.163.137:23233

# Reference: https://www.virustotal.com/gui/file/79c305001ff2aea1d206c6d04968cbc29ae444ce0344a822cac69e2faadbb164/detection

47.105.163.137:12345

# Reference: https://www.virustotal.com/gui/file/6d4664aacc2836ac8c3bf5a7a42e811611b4ea517df3b27139a70f51d8cddf9a/detection

47.105.163.137:8099

# Reference: https://www.virustotal.com/gui/file/59231471c76ab9907d3c6fea4d8b0f43b3ef45f6e5a6f6d553e7d906b6bcc1d8/detection

134.175.132.40:23456

# Reference: https://twitter.com/kyleehmke/status/1321865650474749957

it1booster.com
itopupdater.com
iupdaters.com
iupdatemaster.com
imasterupdate.com

# Reference: https://twitter.com/kyleehmke/status/1321966648614658048

thecheckupdater.com

# Reference: https://twitter.com/pancak3lullz/status/1321885918660300802

140.143.197.39:10086
149.28.16.36:1521
211.149.143.218:8000

# Reference: https://app.any.run/tasks/45eb07a2-2781-4e13-94d5-aa9d48e67e61/

keefu.10086.cn/LfAi
keefu.10086.cn/dpixel

# Generic

/Simpletest?SimpleFuck=
/maps/overlaybfpr?q=
/IE9CompatViewList.xml
