# Copyright (c) 2014-2022 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: vidar stealer, mars stealer

# Reference: https://twitter.com/malware_traffic/status/1112776731331620865

hospitaleco.com

# Reference: https://twitter.com/malware_traffic/status/1103717653590482944

gettorrent.ac.ug

# Reference: https://twitter.com/malware_traffic/status/1101164760647847936

capitalinvest.ac.ug

# Reference: https://twitter.com/malware_traffic/status/1083771485997670400

tepingost.ug

# Reference: https://twitter.com/K_N1kolenko/status/1116263090562183168
# Reference: https://pastebin.com/jFhkBu32

bokolavrstos.com
newagenias.com
binacoirel.com
malansio.com
jamaliensor.com
kolobkoproms.ug
bastionprofi.ug
tepingost.ug
startolete-vn.ug
bestchope.ug
fashionhub.ug
mytradecrypto.ug
applezone.ug
travelups.co.ug
travelforyou.ac.ug
einvestment.ac.ug
newphone.ac.ug
newstoday.ug
globalcoin.ac.ug
yourseo.ac.ug
cryptoshop.ac.ug
capitalinvest.ac.ug
onlineinvestment.ac.ug
allcashbacks.ac.ug
getpayment.ac.ug
gettorrent.ac.ug
proshop.ac.ug
yandex.ac.ug
yandex.ug
google.ac.ug
search.ac.ug
hospitaleco.com
oldspicebest.com
refenansoro.com

# Reference: https://twitter.com/x42x5a/status/1121094286613852162

santaluisa.top

# Reference: https://twitter.com/VK_Intel/status/1125549719885893633

golenirose.com

# Reference: https://app.any.run/tasks/6faf55b6-9675-4c23-acf6-e165e1938e43/
# Reference: https://twitter.com/raby_mr/status/1136498987890925569

crypto-widget.live
penthausebrones.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1166604400489639936

eroomia.com

# Reference: https://twitter.com/malware_traffic/status/1169727825823354880

xhth516682.com

# Reference: https://twitter.com/ActorExpose/status/1176782301222658048
# Reference: https://app.any.run/tasks/6d880837-3ba9-439c-b67b-ee6d2837b645/

aaenyhostel.org

# Reference: https://github.com/silence-is-best/c2db#vidar-stealer

weimachel.net

# Reference: https://twitter.com/0xFrost/status/1182973846208598017
# Reference: https://app.any.run/tasks/d498ebc5-51cd-446f-9d98-7e43628b56b5/

garbage-barabage.top

# Reference: https://app.any.run/tasks/52656d24-b866-416c-b703-ee0fae0e3f78/

klegrandlichgrum.com

# Reference: https://twitter.com/James_inthe_box/status/1191695072032460800

qubert.org

# Reference: https://pastebin.com/xwT2gAgE

acrelop.com
martinlloyd.net
pineloseesrae.com
qubert.org

# Reference: https://app.any.run/tasks/42a9a425-d8f8-4504-8bbf-63c0c10c4bda/

gebrauchlichtal.com

# Reference: https://twitter.com/Paladin3161/status/1162320397368381441

villadubois.org

# Reference: https://twitter.com/P3pperP0tts/status/1178820466917675008

lanokhasd.com

# Reference: https://twitter.com/P3pperP0tts/status/1196440836852125698

steerdemens.com

# Reference: https://twitter.com/P3pperP0tts/status/1197178756068257795
# Reference: https://www.virustotal.com/gui/ip-address/209.141.33.126/relations

http://209.141.33.126
steerdemens.com
starlikespace.org
longvoyages.com
xd.botnet.services

# Reference: https://twitter.com/P3pperP0tts/status/1198935640664133644

crarepo.com

# Reference: https://twitter.com/P3pperP0tts/status/1198984250420269057
# Reference: https://app.any.run/tasks/60002c6f-65b1-4597-a011-1b2de844e56f/
# Reference: https://app.any.run/tasks/16784961-e95f-403d-8726-ad04d37c7b8a/
# Reference: https://www.virustotal.com/gui/file/1223da902b1525073ad6a4a71214b1c1b062fa61ce23138dcea4e7c7bfe9b8ab/detection

agent1.icu
agent2.icu
amdsetup4.icu
amdsetup5.icu
juhubeachn.com
legion17.icu
toplegions1.icu
updateinfo3.top
updateinfo4.top

# Reference: https://pastebin.com/iDrBJG8j

fastupdate1.top
fastupdate2.top
fastupdate3.top
fastupdate4.top
foxupdate1.me
foxupdate2.me
homeporno228.com
legion17.com
thepleasurelive.com

# Reference: https://pastebin.com/x2qLz9FJ

voyagephoshop.org

# Reference: https://twitter.com/ViriBack/status/1202413165482409984

http://195.133.1.170
ahmatokomaro.pw
bestdead.pw
petordementyev.pw

# Reference: https://pastebin.com/HBSmJ4wb

789456123.monster
legion17.net
lowupdate3.top
lowupdate4.top
softupdate1.me
softupdate2.me
xylolle.com
ybookfli.net

# Reference: https://app.any.run/tasks/45b54b0e-6de2-4975-b640-779026655f7c/

grelkafestivales.com

# Reference: https://twitter.com/MBThreatIntel/status/1225917125493018624

naumokukea.com
porosnter55.xyz

# Reference: https://www.virustotal.com/gui/file/48c34dd8345ab24ac203e3efc7f46643c4817a42b12fcd7c8a62211b4f4fc02d/detection

gyeonggidoo.com

# Reference: https://twitter.com/P3pperP0tts/status/1228775071260594176

greenlandsurround.com

# Reference: https://app.any.run/tasks/2e1aa0da-69b6-4f5f-847b-243cfaaabd4a/

gewe.tech

# Reference: https://www.virustotal.com/gui/file/2ca7597f7b6a1227c6bace9b1441f2b439935f02a35ffa2a2562f5ccc6cff8e4/detection

maineacadia.com

# Reference: https://www.virustotal.com/gui/domain/paparazzis.pw/relations

paparazzis.pw

# Reference: https://twitter.com/malwrhunterteam/status/1242355604477423617

whoer-vpn.net

# Reference: https://www.virustotal.com/gui/ip-address/161.117.177.248/relations

verifiedomg.top

# Reference: https://twitter.com/JAMESWT_MHT/status/1246056096055406592
# Reference: https://app.any.run/tasks/d75d4f69-8381-46c7-9f0e-ce5ba2eb1ac1/

etips.fun

# Reference: https://app.any.run/tasks/fe00595d-b20e-4f2e-9c47-9f1cb79a63b3/

wrangellse.com

# Reference: https://twitter.com/James_inthe_box/status/1248964446505947136
# Reference: https://app.any.run/tasks/4cc95d8b-f2c7-457d-97d2-991d0115c1b4/

yrhealth.life

# Reference: https://app.any.run/tasks/d8a2ef38-b0a0-4619-ab21-918d7e6eefcf/
# Reference: https://www.virustotal.com/gui/domain/mastercard.ru.com/relations

mastercard.ru.com

# Reference: https://twitter.com/petrovic082/status/1257619785707393034
# Reference: https://app.any.run/tasks/a3380ace-5f86-4240-a986-f244231c05cc/

archessee.com

# Reference: https://app.any.run/tasks/93596f59-77f9-4b55-af25-3939594ed913/

repitoperano.pw

# Reference: https://www.virustotal.com/gui/domain/waterpocketfold.com/relations
# Reference: https://app.any.run/tasks/b7d1ca5f-e49f-4d50-b4b0-690e6b8b7783/

waterpocketfold.com

# Reference: https://app.any.run/tasks/d6a32934-daf9-4b83-9a2a-9f5a5feb4b64/

barddistocor.com

# Reference: https://app.any.run/tasks/32e30b47-f656-4505-af07-7e3f7c0c3b93/

http://213.226.114.54

# Reference: https://twitter.com/malwrhunterteam/status/1264259160918671363
# Reference: https://www.virustotal.com/gui/domain/sumliomicna.com/relations

sumliomicna.com

# Reference: https://www.virustotal.com/gui/file/ffc9319863cf7efe7575c36357ecd7102f99c99758ed94e97d31d78c7e1966a3/detection

headborro.com

# Reference: https://twitter.com/vigilantbeluga/status/1257891038582067200
# Reference: https://www.virustotal.com/gui/domain/chumashpeople.com/relations

chumashpeople.com

# Reference: https://www.virustotal.com/gui/file/13f8e88a6f37b999c12513887752d7a03637e32106ef4109e11a9a8f260ccfab/detection

piedmontteem.com

# Reference: https://www.virustotal.com/gui/file/aecddb3a9656759f5681708172573f435c3db0539d6a7a0230ec93b4e3f131a1/detection
# Reference: https://www.virustotal.com/gui/file/e0830aec7a5737f0558860a3ff192c6270bf57b2bc1c01ad514c012f7d039bae/detection
# Reference: https://www.virustotal.com/gui/file/87dac3be0edd3b599b3d50eec0edbe751e6d2951b22182a85b017acf26d485f7/detection

backgrounds.pk
jamshed.pk
karimgousa.ug
karimgouss.ug
levitt.ug
levitts.ug
marcakass.ug
tribunal.ug
zaragoza.co.ug

# Reference: https://www.virustotal.com/gui/file/f1d7ea9dcf7abe22f07f3d14fb21636e47bb0def2f766632a547d20f7d258aa5/detection

http://37.252.5.111

# Reference: https://www.virustotal.com/gui/file/f2a0fdf6caf5be2b84dcc0efb0c59082fa67350d49a1f2951b451df6f1d2bb21/detection

tomasisa.ug

# Reference: https://www.virustotal.com/gui/file/51b82ddc8786bdd8a0805baebaa243df7910711d422aad9f5fa867f46c7fcc71/detection
# Reference: https://www.virustotal.com/gui/file/cd8751bd47174dbae36c414383ca789d6d23062d528a34eaa81924cb3c0bfaf5/detection
# Reference: https://www.virustotal.com/gui/file/30ff25b4a60bd0e1f46e544dc44138aa3cf59ef87a84f1eafae990c61f1e5266/detection
# Reference: https://www.virustotal.com/gui/file/1969bcde226f3b3bcfb67912b5ff6efd8038383dc2655980a6f51730e8361d09/detection
# Reference: https://www.virustotal.com/gui/file/c81ae80ffb2e2a3af8c2b5ae405f848ed094e3f4112a501c4bb773d5f494239d/detection

lkjhgfdsa4.ru
zver.tech

# Reference: https://www.virustotal.com/gui/file/5282290d0d6e2b1add3d298052c4f607afa58e12559ddcf99da3a242d8329cf8/detection

sl9XA73g7u3EO07WT42n7f4vIn5fZH.biz

# Reference: https://www.virustotal.com/gui/file/bc275cd76478e4d3387740dd955d9b9b5b36f064656ecb1e1cea9b8649eec57d/detection

smarteyecare.in

# Reference: https://www.virustotal.com/gui/file/eb496b85f98f8b3f2b4f4150295b490c04b6b710818b9ebf592272b5dd3005c0/detection

precambrianera.com

# Reference: https://app.any.run/tasks/4b8bd5e5-b60d-45ee-9fa1-e631e591987b/

likeanimals.net

# Reference: https://www.virustotal.com/gui/file/50d214d5c28d4fe7980d89449aed8714b12285ec9f7e21e3bf21c66d3f2797d0/detection

nextgentoolkit.com

# Reference: https://www.virustotal.com/gui/ip-address/217.8.117.77/relations
# Reference: https://app.any.run/tasks/3b0bd018-731d-493c-a4d3-9a58a97e03ff/
# Reference: https://www.virustotal.com/gui/file/aba9f9d6904d1474f7a0693e80d182eff9cb8a1c185f0090876cf8eb83914cbb/detection
# Reference: https://www.virustotal.com/gui/file/c08958f222a52901aade88ebe2c3636a8bca3bf9fb6874ffbae93261ebfec86f/detection

agentt.ac.ug
agenttt.ac.ug
andreas.ac.ug
andres.ac.ug
courtneyhones.ac.ug
courtneyjjones.ac.ug
courtneyjones.ac.ug
courtneysdv.ac.ug
ferreira.ac.ug
ferreiranadii.ac.ug
foundsomebo.ac.ug
iloveyoubabu.ac.ug
iloveyoubaby.ac.ug
jamesrlongacre.ac.ug
jonescourtney.ac.ug
letitburnsf.ac.ug
malarcvgs.ac.ug
morasergio.ac.ug
morasergiov.ac.ug
nadia.ac.ug

# Reference: https://twitter.com/JAMESWT_MHT/status/1328290554912903169
# Reference: https://app.any.run/tasks/34c3a80a-83a1-476e-80ce-2ce62e40e0b7/
# Reference: https://www.virustotal.com/gui/file/0ea95746928602fad4896c1085ee0125dbeb29145dea813ad3444f648c9db2c8/detection
# Reference: https://www.virustotal.com/gui/file/95268ee22cb09ca871b56ede8eca4a1655490ef02ad14bbd2c02b60eea19481c/detection
# Reference: https://www.virustotal.com/gui/file/9dd08cf2672502db217f9772affb88657f8559d8f4d946af25c4b22428ea336a/detection
# Reference: https://www.virustotal.com/gui/file/a6dbfda2fe88b1f7e1184f3ab5fd3e206aece25707fb55d25b1fda513bf93007/detection

buydating.co.ug
gomisacar.com
rineialav.com
swiloodex.com

# Reference: https://www.virustotal.com/gui/file/9a5e8b3e5929b50b2ac4c44587fb01153ad9377681c3ca5c2dfee11830a2caec/detection

sbershit.com

# Reference: https://www.virustotal.com/gui/file/76ce130d2447f71bea8ed902959fd7e0aeac86b55f9e44a327c1f1c1bd73ba3f/detection

molothunsen.com

# Reference: https://www.virustotal.com/gui/file/9f7708675b4cb733db4405d8c42f54828d7069e990bc8238f74abe8222425037/detection

whoicehkestes.com

# Reference: https://www.virustotal.com/gui/file/628a9c97a55155f60d3b5ae29bc64f1dca5a6baf2b4f6a1a1de5e836cd4fb73f/detection

desperate.website

# Reference: https://www.virustotal.com/gui/file/95bf761c12eba2be84e29c60e31017bc60007ed0f38fcdf261d5fef34e8e4f2f/detection

badlandsparks.com

# Reference: https://www.virustotal.com/gui/file/0af341a92c789bd37e8d7d029f0c225f66f5137f678ea8082426bb565261e740/detection

paunsaugunt.com

# Reference: https://www.virustotal.com/gui/file/7b5a9d6119e910f5c0441ae27293b0367718a4257062f29ec8ef27342a0b8de8/detection

biscayneinn.com

# Reference: https://app.any.run/tasks/4ec40ce2-3250-47c5-96d8-07bcb4c4d1b9/

realmengame.com

# Reference: https://app.any.run/tasks/2c8c2f47-e965-4ca7-ab5f-bf8bcefd74b2/

marianne.ac.ug

# Reference: https://www.virustotal.com/gui/file/2953c2448667bc21d451fce8747513bfaaf0df312df1e0a47604ea49a2bbbda4/detection

prosecuredata.top

# Reference: https://www.virustotal.com/gui/file/b25e4f3d4cfb1ade5d4d68469d6f9b365dddc0296f4a66b2e60f29d476889db9/detection

altmessager.com

# Reference: https://www.virustotal.com/gui/file/3d4b459e2a4a78a2c693876b548b248acf9bb3278fb87ec66b5e4cf204a42cf9/detection
# Reference: https://www.virustotal.com/gui/file/b2ca76052b184c69881e79f3f7549ae884f38a57f50f5801fa40aa953f20b11b/detection

kenutduk.duckdns.org

# Reference: https://app.any.run/tasks/030e7573-8696-417e-8741-b8f80e43caa6/

goodssogood.com

# Reference: https://app.any.run/tasks/5a354632-e77c-42ab-8ff0-87bcad5c78fc/

/a/a/www/

# Reference: https://www.virustotal.com/gui/file/240a264d7565a846f6b1a1d83fbec957351de24e6096cf325e6fb24f229e81a1/detection

paperone.co.ug

# Reference: https://www.virustotal.com/gui/file/54976d4745f4fe0b1492cdecdfdb465a81b8acfe305e210d3e2a39b945889082/detection

hydrakupi.co.ug

# Reference: https://www.virustotal.com/gui/file/899940dfc0c21fb132d23ffb7f8bd4bfbef3bd52b741f1da49834dbcd4ac0578/detection

fastkisel.co.ug

# Reference: https://www.virustotal.com/gui/file/477c7d30787de3f979707583bdfae90fb84bd070003c2ccfd260cba2aed08234/detection

didntreadlol.com

# Reference: https://www.virustotal.com/gui/file/7a48e7fad9485df2316249060c7820a56ddb1b0c2841718744e31fe9b5b18786/detection

duckclack.com

# Reference: https://twitter.com/pmmkowalczyk/status/1369275271011041281
# Reference: https://www.virustotal.com/gui/file/d466ef9698569363af4f08b64235817c7838c726c1faee300582aab3d90f5683/detection

/lancer/getm.php?pid=

# Reference: https://www.virustotal.com/gui/file/0a98dfea9758a2d86facdd37086aae816688386cb897957d72ce95fe2c12093f/detection

zockzock.top

# Reference: https://www.virustotal.com/gui/file/802f2e368248bf75bb83af798f562f9fb2bf07227500b0986abc16a0b42d3ebb/detection
# Reference: https://www.virustotal.com/gui/file/6039cff3d4e528c47b3cd505d14ba6645b4056aa139a06150a0ace56c9cd402f/detection

test.adegokecollege.com

# Reference: https://www.virustotal.com/gui/file/2f4dc31023ec39356b3aa220863cba0ac8b25770641423bccf79ee2b10d77278/detection

nmorbertomo.ac.ug

# Reference: https://www.virustotal.com/gui/file/2e99c313e0c650e1550099cda6493a1896741c8ca294b201d2f2edd5238cdb7a/detection

http://45.147.198.62

# Reference: https://app.any.run/tasks/377e6816-2765-4384-bf2a-4818f84b2b8d/

cache.krishgarden.com

# Reference: https://www.virustotal.com/gui/file/764574a80f1738d589a165cb5fecc7840220c7e72ffe795be772ccf58a0f7ceb/detection

static.parafia-strumiany.pl

# Reference: https://www.virustotal.com/gui/file/0e55e17532909ad5ad34eb4e35d791b27c6951dd15a8baba34c29ae572c884d0/detection

ciaociaoline.com

# Reference: https://twitter.com/c3rb3ru5d3d53c/status/1380870829932744707
# Reference: https://app.any.run/tasks/edc50f68-7088-439e-8993-b6bf2fbb4cde/

data.parafia-strumiany.pl

# Reference: https://app.any.run/tasks/0273000c-ebf5-4a51-a89e-3d0159ff5bb3/

http://45.85.90.86

# Reference: https://twitter.com/fr0s7_/status/1384855677659660288
# Reference: https://app.any.run/tasks/210dcd67-5096-4f79-9cb7-21502ca24854/

stealer.xxxy.biz

# Reference: https://twitter.com/reecdeep/status/1387777010097852426

http://203.159.80.206

# Reference: https://www.virustotal.com/gui/file/e5686e76056d1a4ac0a3120e1de3e3ab9aca585fb151881e76885d36a6621092/detection

lotomoto.info

# Reference: https://twitter.com/James_inthe_box/status/1389233811251073033
# Reference: https://app.any.run/tasks/4a9b349d-ade4-4723-ac41-40415532e8bc/
# Reference: https://app.any.run/tasks/3e24fd12-9eed-4e6a-9b49-dfd3d8341a87/

http://31.210.21.181

# Reference: https://www.virustotal.com/gui/file/bbd4dd21dde67a96ac02aa9795ce662fa36d4edb90d13f2ffbdeee0d4aea5050/detection

vtqt.xyz

# Reference: https://www.virustotal.com/gui/file/3be583104ac2df031993b4f1bcbca40c01cefc5282050bc70b74e6e428291aba/detection

http://31.210.20.228

# Reference: https://www.virustotal.com/gui/file/55f1a2084fd1c1d5477519f06b02aa4fa4d917aaceffd116fc45820dc49a7795/detection

osiq.xyz

# Reference: https://www.virustotal.com/gui/file/7d449aa7f0c8097671688a2636f7b2d748f5ee3e4e63de3447d903fd371533f0/detection

http://45.144.225.173

# Reference: https://www.virustotal.com/gui/file/fa1b210bdfaa9d9ed60eeee1196af0a697ed9bb1b6fbcc7108ebf43b55a313a5/detection

http://159.69.87.239

# Reference: https://www.virustotal.com/gui/ip-address/188.34.193.205/relations
# Reference: https://www.virustotal.com/gui/file/83422a63a67f69382eb8b0770a89d1841b43aac04beb7ae14429d35ce4b77a3f/detection

http://188.34.193.205

# Reference: https://www.virustotal.com/gui/file/8209fcebdc81bc471b8abd57c07a18a7f222803f625028e26e343fde63183fda/detection

http://78.142.29.63

# Reference: https://www.virustotal.com/gui/file/1fa6a1833e1fe0875ea6f0ddf0dab47659a5a9cc8db80e6496177215bfbff498/detection

worstyear2020.com

# Reference: https://www.virustotal.com/gui/file/dfe963eae24c412b410f879df4f8fdec5b1a4fa8e20f44ab4eea4af4f811cf19/detection

dollartikuda.xyz
ys-gay.net

# Reference: https://www.virustotal.com/gui/file/c41aa6d6eeac57851b0a00a619609ed764072881b85b7dad25ac30f2856eda43/detection

support121.ddns.net

# Reference: https://www.virustotal.com/gui/file/f7a75dfb71ae46a4d6732100359c7d1b6fb5bb65338d6d1b702871ca492d3d54/detection

sefagusten.top

# Reference: https://www.virustotal.com/gui/file/cdeda69bc5ed54e292430a0e7017a66472ef4a1a25e3ebc125785fa2f9dc2bd9/detection

siwirnes.top

# Reference: https://www.virustotal.com/gui/file/573ac5d6b60b2965407c8fbf5c9d0f82067a19c27db420c4f5e9067798bcf6f9/detection

http://162.55.189.102

# Reference: https://www.virustotal.com/gui/file/835c8f02b83dd9bf4b3bf34f7e786b9b37c22924977eab54c6be9f69f1fefc69/detection

http://168.119.226.10

# Reference: https://www.virustotal.com/gui/file/326bebb9e00419c94b901a4597b8d8b1b56ac6ca9cbb96fc8f40df4d85d588cb/detection

http://176.123.4.140

# Reference: https://www.virustotal.com/gui/file/f4a1b439d5d5dcda842507571335e05665dfddc1cec1690d2fa66480c84d3e50/detection

http://185.99.133.218

# Reference: https://www.virustotal.com/gui/file/addabc3e06c8044f4eb4dfc9b63c0d40c4c3e628761ac097a8647d105376051c/detection

http://188.34.193.205

# Reference: https://www.virustotal.com/gui/file/dc466832b1cfeb541df94d49aea4de357c034f78bf70480c27fe265e440010bf/detection

http://159.69.87.239

# Reference: https://www.virustotal.com/gui/file/49b3c1cea44676e46f5dd2d99db7810d3e09d256318be8429d1faa25a53d80b6/detection

http://195.201.94.135

# Reference: https://www.virustotal.com/gui/file/8d2dbbfd60c93fa6faf7f7b3bcfe4ac73dc6c2870911fe8f2c1c4e14bff90499/detection

http://49.12.77.13

# Reference: https://www.virustotal.com/gui/file/d17da61df61aace32659d4c00fd886a6115c893ce48b84c1a819ed6cb7fc1a61/detection

http://198.98.55.103

# Reference: https://www.virustotal.com/gui/file/00bebbc8e8adec6a7133ea0b83663d072b50cdab673d6b4d42b41d0a3fd61bc7/detection

djalil.top

# Reference: https://www.virustotal.com/gui/file/cc981c93093a992a27a48072beda1ebeefd2c23d1e961fd427995d389960890b/detection

lookluck.net

# Reference: https://www.virustotal.com/gui/file/3436be047261b75482542deb4e22e89927e89f60b6061fa32d72043ef8e4afad/detection

http://205.185.127.90

# Reference: https://www.virustotal.com/gui/file/6d68a55fc9958ed4e1e38eb44159f7ef87c434f91c78ae5c8bc58a979526f0da/detection

http://116.203.140.224
http://78.47.81.226

# Reference: https://www.virustotal.com/gui/file/dccba229de62bcbd976968e97f5c2febecf9408e339c553371563e43e8f7be48/detection

http://78.47.87.144

# Reference: https://www.virustotal.com/gui/file/bf9be8425f9523539e9fadbd7b96ced4fc65eaabb1006996a6974c6da8041a7e/detection

http://88.198.106.10

# Reference: https://www.virustotal.com/gui/file/a439026408378e73e65afe890e517d9fd78ed55739840cd0eec1e0d83056dd33/detection

http://94.130.58.199

# Reference: https://medium.com/s2wlab/deep-analysis-of-vidar-stealer-ebfc3b557aed
# Reference: https://otx.alienvault.com/pulse/60b10fc3cf96ed70dad3bc07

bittracker.co.ug
blockbock.com
bockbock.top
bocksmoke.com
brainstormer.co.ug
cache.krishgarden.com
centos8lts.com
centoswiki.co.ug
choohchooh.com
ciaociaoline.com
ciaociaoline.top
customkitchaid.com
data.parafia-strumiany.pl
didntreadlol.com
djalil.top
dockclock.pro
duckclack.com
fastkisel.co.ug
flinstonehouse.co.ug
ftp.dwysokinski.me
fuckspha.com
gate.akadns9.net
goodssogood.com
guilmettemoron.com
hydrakupi.co.ug
juhjuh.com
kenutduk.duckdns.org
kiselev.co.ug
lookluck.net
mail.kiselev.co.ug
paperone.co.ug
promo.parafia-strumiany.pl
protestbonjer.ml
shirleyhorn.com
smtp.omplcement.com
static.accelerator-introlab.ml
static.helpmybusiness.ga
static.parafia-strumiany.pl
upload.krishgarden.com
yourpro.top
zockzock.top

# Reference: https://www.virustotal.com/gui/ip-address/185.215.113.114/relations
# Reference: https://www.virustotal.com/gui/file/4b17367ca1fa965f3e4c89a58c7f0325157c224eb80d3344490c7f368f12a833/detection

bilederina.top
binoders.top
cerolipak.top
manusorg.top
mutaleson.top
tenorimp.top
veribuman.top
cleardatass.com
datastatscl.com
statsdatacl.com

# Reference: https://www.virustotal.com/gui/file/c54b414ff7ca8ec5843b3944a53b63fd1a904be8423be677a738060fb1546ff2/detection

http://103.155.81.167

# Reference: https://tria.ge/210710-kzbnpe2rbx

sergeevih43.tumblr.com

# Reference: https://www.virustotal.com/gui/file/ec763b65e400b9caaf560db4f26600251bd0971c7202a799dc7c3ce732a3717b/detection

http://162.55.223.232

# Reference: https://www.virustotal.com/gui/file/b32eb85e201ed5cb4bdef0f43882da7c32807d9be2dc9412aae0db3162d46fb2/detection

http://5.34.178.48

# Reference: https://twitter.com/pollo290987/status/1415925808766623744

sslamlssa1.tumblr.com

# Reference: https://www.virustotal.com/gui/file/a94a56609fd846b118788f9b003adecbdf47b06380cc9d9af5bd403fc5362941/detection
# Reference: https://www.virustotal.com/gui/file/f83d5140698073bdaa2e907ee6cbe025256b5796ce18f0d2cbc8efff4e9962cb/detection

http://116.202.183.50
xeronxikxxx.tumblr.com

# Reference: https://tria.ge/210726-6jdmkdfwcs

shpak125.tumblr.com

# Reference: https://twitter.com/reecdeep/status/1422191780833988616
# Reference: https://www.virustotal.com/gui/file/6c67e1ccf77b872b1f3cf257a257d75c4995dc079945080f578b51357ccdbe55/detection

himarkh.xyz

# Reference: https://twitter.com/Racco42/status/1422961309012930564
# Reference: https://app.any.run/tasks/b295d801-8643-4b42-a848-55c8fa5c22a1/

irkark.xyz

# Reference: https://www.virustotal.com/gui/file/7e04a5f055b6ea1d3402465c4bc96f89b660b82c494b860832f5b7540608bb70/detection
# Reference: https://www.virustotal.com/gui/file/aa1dc867430200195ec34624c58bce2dec6bcda1f837529c564b7cfab0ee978f/detection
# Reference: https://www.joesandbox.com/analysis/454005?idtype=analysisid

anqwcvaaq.xyz
/8GzIpNiHlc.php
/Fl26aoXOqL.php

# Reference: https://www.virustotal.com/gui/ip-address/188.130.139.107/relations

indiacas.xyz
indiamed.xyz
indianot.xyz
kazced.site
kazfds.xyz
kazkef.site
kazksc.xyz
kaznas.site
kazopz.xyz
kazxzs.xyz

# Reference: https://twitter.com/benkow_/status/1443189560024969226
# Reference: https://tria.ge/210929-pd2k9sfacl/behavioral1

http://79.124.78.139

# Reference: https://twitter.com/benkow_/status/1447835812050112516
# Reference: https://tria.ge/211012-jzgv4abhb7/behavioral1

gurums.online

# Reference: https://twitter.com/InQuest/status/1450099115258486784

http://136.144.41.229
searcer.x24hr.com
/gJCbU1V9y2.php

# Reference: https://twitter.com/benkow_/status/1457786964191571977
# Reference: https://tria.ge/211108-xpsfqschd6/behavioral1

http://65.108.80.190

# Reference: https://tria.ge/211117-lb4q3aehak/behavioral1

http://159.69.92.223

# Reference: https://twitter.com/Jane_0stin/status/1463981701596598272
# Reference: https://app.any.run/tasks/762741f6-b2d4-4fde-bf1c-111caf124379/

die-grausamste-herrin.at

# Reference: https://www.virustotal.com/gui/file/1ac64c5db03f0fc9729de68be00e2eff7a59f8e10d2ec50c5d348029de745ba4/detection

http://185.215.113.22
/E2vacMBpWA.php

# Reference: https://twitter.com/ViriBack/status/1476718496218324993
# Reference: https://tria.ge/211231-a19g3aehhj/behavioral1

main2.flashysoft.me

# Reference: https://www.virustotal.com/gui/file/baf599abab1d6969e1ba455f83375cbc9643bbe5049189729d3ce60be08e4a58/detection

http://188.34.200.103

# Reference: https://github.com/ti-research-io/ti/blob/main/ioc_extender/TF_vidar.json

derxblog.de
milktr.uk

# Reference: https://www.virustotal.com/gui/file/c3e725df442abe93e1d1d5ca01fc8105521c82e8e5f86d07171d8f95562c59a5/detection

http://49.12.198.69

# Reference: https://twitter.com/crep1x/status/1478361605394116612

http://116.202.186.120

# Reference: https://twitter.com/crep1x/status/1475535929985187846
# Reference: https://tria.ge/211227-sfrevsbcfq/behavioral1
# Reference: https://www.virustotal.com/gui/file/12f67b777aa65271b2e5773b042cbf8bc1c0bf8cabaf356aa05b583a1e581b94/detection

http://116.202.188.27

# Reference: https://www.virustotal.com/gui/file/42e77b0c32a2e1d98bb7e45198c83f92cad7f33b1369bc61c38ceab0ec2cd4f3/detection

http://167.86.127.231

# Reference: https://twitter.com/crep1x/status/1480574856265711618

http://78.46.160.87

# Reference: https://www.virustotal.com/gui/file/01a46fe5d3f043fe1b45548a36b63edfd841c1841ec5b6878d10ecab36d81d88/detection

http://65.108.180.72

# Reference: https://www.virustotal.com/gui/file/15bd912b0e66bf88fc6dbae28754cb085bfa199b7f7e0d4989ab39a747053be6/detection

hjggvbc.ru

# Reference: https://www.virustotal.com/gui/file/00706aeb7422cf62dbcf72342b913d32e85a68d025629d9ea464162ece67bcc2/detection

http://116.203.165.54

# Reference: https://www.virustotal.com/gui/file/005d0cbf83fcceb2657b56711cc56a4144d9c58a8393d3d1ae052db880b60269/detection

boombangers00666999.sc
/gate2233.php

# Reference: https://twitter.com/ViriBack/status/1487421178557964292
# Reference: https://app.any.run/tasks/49b5dee3-f179-4d8d-8000-0a7cde350c1e/
# Reference: https://www.virustotal.com/gui/file/2c35ee480e2ea480624011857326defe537063bb383824013a8f8a0b9182e3b1/detection

anydesk.computer
panel.computer

# Reference: https://www.virustotal.com/gui/file/27afc8d7727c80c934d73e4aa021ab138b99149023dbc1625c8d4ba867981652/detection

banlobora2.temp.swtest.ru

# Reference: https://www.virustotal.com/gui/file/2d299fcdf7562306634b74f187b445ad17ca07495d2a36ffca86c7425a7982db/detection

opmos.temp.swtest.ru

# Reference: https://www.virustotal.com/gui/file/7da3029263bfbb0699119a715ce22a3941cf8100428fd43c9e1e46bf436ca687/detection

cookreceipts.fun

# Reference: https://www.virustotal.com/gui/file/3c81b46f9c2fd6871f6844585c9d835eea672e1e0c8e26e667ce8049579e3245/detection

sl9XA73g7u3EO07WT42n7f4vIn5fZH.biz

# Reference: https://www.virustotal.com/gui/file/1e0608ba01db4c6a953d5a2bf144a944d5939790fd9e0acd7c06a37563470add/detection

f0457102.xsph.ru

# Reference: https://www.virustotal.com/gui/file/6e5bef09238ff67eb3c4765eed4a0d647a3b0d9be6e7604a3e9a0d509623c6fd/detection

admin.foa.ae

# Reference: https://www.virustotal.com/gui/file/c145a437ca06f644c48e37c597d6efc46f4a0e4d8b1bfb265a1d28ced7e8009b/detection

bergamot.nu

# Reference: https://www.virustotal.com/gui/file/4e842aade6a22d8efbcae4bd9cde73de26398f7f70a06fc09042ed72bb61465a/detection

cmd3490ghbdtn3.ru

# Reference: https://www.virustotal.com/gui/file/c48534128c907c63db7b3f995cbb17eb67a973a8abc7e567cac4229889df1535/detection

databasecontrol.xyz

# Reference: https://www.virustotal.com/gui/file/253a4539177c2e6617a98571a87211a364d1a9d6dee454589548a6413db23be5/detection

datamon.cc

# Reference: https://www.virustotal.com/gui/file/03830b7509fe6e46ea89d7fe60f732120cca1501473c5fc477e2d96b01f7f050/detection

gfxapanbnqd4jhf.pw

# Reference: https://www.virustotal.com/gui/file/64d7ba13bf3e525fc99988f742b751c9df4431af7b26a7d6cdb3191218648517/detection

ggtyyu.pw

# Reference: https://www.virustotal.com/gui/file/47019ee43e1682cdcdabda06ba450642be49b241416da1331917726cf6e565b8/detection

hostisgerhg.tk

# Reference: https://www.virustotal.com/gui/file/e677eb033d3676db1d9beae7fa1d392fef40cf0950f862108609ff25b25a4642/detection

kepler071.site

# Reference: https://www.virustotal.com/gui/file/c79a3bd6b7a37c9bf58d12a6c493e00df8413d6b68892f8c402fb34a8341aa5b/detection

lilldshar.space

# Reference: https://www.virustotal.com/gui/file/b2af96a978461c384d5efdb367b6d80028cee69d86b3cb3691b43e8a62721788/detection

masadproject.life

# Reference: https://www.virustotal.com/gui/file/02fc294d8a722633df5411062307978762ce56ed1b285cf1b388a5ca2df809f2/detection

onlinemseof.site

# Reference: https://www.virustotal.com/gui/file/0425eaee15de5550bb64838d9c3fb74071d83575362388c22d45e2385e996bbc/detection

pablopanuroere.pw

# Reference: https://www.virustotal.com/gui/file/0b3cf8e37e13a3100885a6a538da9244c72b0223501dc4f6b23929204c8d3361/detection

poiuytrewq2.site

# Reference: https://www.virustotal.com/gui/file/d1cf6edc0a27e9eadabbaacd1ec9650d6484f91556c5e81ed3b43923c4dfc1d0/detection

shlyapa.website

# Reference: https://www.virustotal.com/gui/file/9801abe4b5e3a68d376694c548d992fd1372df88299d3618b5d8c2b36c9530a4/detection

tgp.opcache.xyz

# Reference: https://www.virustotal.com/gui/file/e48514ff1736378e93832535b9c903655de96e48c5ae3ab2382ff3c8c016725c/detection

topteamover9000.fun

# Reference: https://www.virustotal.com/gui/file/d66df2e485a93c02470b99c6d4821f2f5a3bc7cde19d3ccec70d1f0dd874a66b/detection

travelgidblog.top

# Reference: https://www.virustotal.com/gui/file/fd991646249ed10695d429cac8df890dda694ba66df071469e047547df602a68/detection

watchmovie.life

# Reference: https://www.virustotal.com/gui/file/74465e9ad0ef9a1cce5f2e7485c20cb2f7d15cee1f224ac8629f68656febb39e/detection

xenicoln.gb.net

# Reference: https://www.virustotal.com/gui/file/169a4309780969168c4af528075bb4b1e2526f976ab572cdfa6ff3e13a009faa/detection

yrhealth.life

# Reference: https://github.com/cyberark/malware-research/blob/master/OskiStealer/IoCs.pdf

http://162.0.224.159
http://173.232.146.69
http://176.113.81.170
http://178.32.145.141
http://188.227.57.121
http://194.87.147.13
http://194.87.234.156
http://194.87.236.221
http://194.87.95.5
http://195.133.147.113
http://195.133.197.21
http://45.141.84.143
http://45.143.92.129
http://45.143.93.152
http://45.151.144.128
http://45.8.228.100
http://46.17.96.25
http://5.187.7.144
http://52.246.250.237
http://80.89.228.202
http://80.89.238.87
http://85.209.91.120
http://89.223.123.36
http://91.245.227.131
http://92.53.124.88

# Reference: https://app.any.run/tasks/1ba24008-9819-4fda-9098-d2e769715470/

http://65.108.155.192

# Reference: https://twitter.com/phishgalore/status/1490794416239489028
# Reference: https://twitter.com/JCyberSec_/status/1491008346505515015
# Reference: https://www.virustotal.com/gui/file/95573cc24f3901c938e84f9628359a9dcc816dd451809f5313a99fe8da2756b9/detection

bank-statement.xyz
freddomdomain.xyz
order-magento-admin.com
statement-scotiabank.com

# Reference: https://tria.ge/220202-w4cs6abagj/behavioral1

http://95.216.183.78

# Reference: https://tria.ge/220202-w4s55sbagl/behavioral1

uploaditem.xyz

# Reference: https://twitter.com/ViriBack/status/1492589247697719304
# Reference: https://www.virustotal.com/gui/domain/flashysoft.me/relations
# Reference: https://www.virustotal.com/gui/file/241d7ec7d8a462c1a9c4570be1ddcb744f38b9322635ed860219505054c7db25/detection

flashysoft.me
main.flashysoft.me

# Reference: https://app.any.run/tasks/75915cfb-9864-46c5-b673-20e0a8ec9409/

http://95.216.147.143

# Reference: https://www.virustotal.com/gui/ip-address/13.78.210.162/relations
# Reference: https://www.virustotal.com/gui/file/b9c74bca334747feac392bc96d57d870f1907ec6ec3062bd405c1df3ccc16b74/detection

bankkia.gq
dashgaa.tk
wellsfago.ga

# Reference: https://app.any.run/tasks/45ddee1d-5fc4-4c0a-859c-42b4fbc333d0/

http://94.130.174.62

# Reference: https://www.virustotal.com/gui/file/148c9a3fc02110a684dedd1af853b508bdab5eed766f9fadd15e910ae46b2b1f/detection

bestpolandhotels.com

# Reference: https://isc.sans.edu/diary/28468

bor4omkin.ru
dersed.com
sughicent.com

# Reference: https://www.virustotal.com/gui/file/0239bcbfae35cdefd367a9dc269287c92b666743018e45f6265495b43fbbb27c/detection

maurizio.ug

# Reference: https://www.virustotal.com/gui/file/034e8e297165eeb14372eea7a7e68756e561df39b84c5be924e542a36dee7418/detection

hubvera.ac.ug
prepepe.ac.ug

# Reference: https://www.virustotal.com/gui/ip-address/185.215.113.77/relations

agentt.ac.ug
agenttt.ac.ug
ailsom.ac.ug
andres.ac.ug
andres.ug
backgrounds.pk
bilbosaquet.ug
brice.ac.ug
colonna.ac.ug
colonna.ug
conthruian.ug
courtneyjones.ac.ug
cracksmsa.ug
cvae.ac.ug
dancedance.ac.ug
danielmax.ac.ug
danielmi.ac.ug
darkangel.ac.ug
ddlakava.ac.ug
erolasa.ac.ug
erolbasa.ac.ug
gordonas.ac.ug
gordonhk.ac.ug
gordons.ac.ug
hanxlas.ac.ug
hsagoi.ac.ug
imobiles.pk
jamshed.pk
jonescourtney.ac.ug
kode.ac.ug
kodekode.ac.ug
kullasa.ac.ug
lastimaners.ug
lizzard.ac.ug
lizzzqua.ac.ug
lucab.ug
macakslcaq.ug
malcacnba.ac.ug
mantata.ac.ug
marcapinyo.ru
marcyovcx.ru
marianne.ac.ug
marketprice.pk
mastitisa.ac.ug
matisaas.ac.ug
matiti.ug
maurizio.ac.ug
mazooyaar.ac.ug
mazoyer.ac.ug
milsom.ac.ug
milsom.ug
moreirawag.ac.ug
myfidlerpro.ug
myhostiger.ug
myproskxa.ac.ug
nicolas.ug
nikahuve.ac.ug
nmorbertomo.ac.ug
nothinglike.ac.ug
omomom.ug
pakxkvad.ac.ug
pdshcjvnv.ug
playwell.ug
pretorian.ac.ug
pretorian.ug
puritaaxa.ac.ug
qwerty12346.ru
regay.ac.ug
saba.ac.ug
scarsa.ac.ug
scarsxa.ug
scouragae.ac.ug
sergui.ac.ug
taurus.ug
triathlethe.ug
underdohag.ac.ug
veronika.ac.ug
veronikaa.ac.ug
veronikac.ac.ug
viniscav.ac.ug
wellplayed.ug
zxvbcrt.ug

# Reference: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/vidar-malware-launcher-concealed-in-help-file/
# Reference: https://otx.alienvault.com/pulse/623c985eb2d2a96857e9985b

http://95.216.181.231

# Reference: https://twitter.com/Cyber_O51NT/status/1508819570588459017
# Reference: https://blog.morphisec.com/threat-research-mars-stealer
# Reference: https://www.virustotal.com/gui/file/6670b60de348f134151d4911e9714ee1cb3a51dd9d0f008b0fa2d42c796d2cfb/detection
# Reference: https://www.virustotal.com/gui/file/6b18a223ce8f1f42880a54809880cd5c3a6890955d2469b10ea771dab333871e/detection
# Reference: https://www.virustotal.com/gui/file/ab7e7d8594befb5a7137ec323db87a4aacfa64260327d61eee30626a760c3d5b/detection
# Reference: https://www.virustotal.com/gui/file/77148020b07fa69f4c68596f3132186975d7e289cff617ae9f4dab6806709807/detection
# Reference: https://www.virustotal.com/gui/file/0f2edca4bfbbde781da5438b0dec6f91e701588b854d66561be0f2d9d5074a78/detection
# Reference: https://www.virustotal.com/gui/file/8f925aa659cdab2466d2860dfc06d14d1c384c7a449683813db8d9219ed333c9/detection

http://185.212.130.47
http://193.56.146.66
http://5.45.84.214
http://66.29.142.232
http://82.146.63.54
http://91.92.128.35
telemeetrydata.cn
tommytshop.com
tonyshop312.com
/SCmygye1LE/FTOauwvCfJ/
/FTOauwvCfJ/
/SCmygye1LE/
/2BxXIkoySb.php
/8cPynL7Va1.php
/eglkAa6HG1.php
/gfattee933.php
/KNOuG8qeID.php
/tytfu656i7kuydgsjdsdu.php
/umO0HLhYp5.php

# Reference: https://www.virustotal.com/gui/file/8537e3492ed1da3a8c301853548e4ffb1e79906063e20ba237db9038121ae4a2/detection

http://45.9.20.31
/LD3F8IPgas.php

# Reference: https://www.virustotal.com/gui/file/56cf528c7b47eec296feb89c8314db85d81eaca55b96387360e0ec3e7b6caa1b/detection

f0649032.xsph.ru
f0649033.xsph.ru

# Reference: https://www.virustotal.com/gui/file/7e7b97d4785f8f237e996ba65d7369261071db6e66b796ad87a195d6caded887/detection

http://176.57.189.191

# Reference: https://www.virustotal.com/gui/file/1fc99227ff5f8d7548959ebabda2fdd4c9c51c3ee924e5494e70af307d8aafc5/detection

http://154.16.112.151

# Reference: https://twitter.com/0xrb/status/1511564992805761024
# Reference: https://www.virustotal.com/gui/file/4bcff4386ce8fadce358ef0dbe90f8d5aa7b4c7aec93fca2e605ca2cbc52218b/detection

http://194.87.218.39
/RyC66VfSGP.php

# Reference: https://twitter.com/0xrb/status/1511939521877000194
# Reference: https://www.virustotal.com/gui/file/813b776096fefc9a314814fc0a79019e50268ab598dd7257fc5f3cc438191d84/detection
# Reference: https://www.virustotal.com/gui/file/ff676d4c5f83c81b77d21b605866d45acde3e04f4cf9f2cf9180f154144a48b9/detection

250329.prohoster.biz

# Reference: https://www.virustotal.com/gui/file/f668f1ba25939689fb35e11e3c77f2824ede2373ebb48ec711bb99d11de3027b/detection

a0634004.xsph.ru

# Reference: https://twitter.com/fr0s7_/status/1512457923947114499
# Reference: https://www.virustotal.com/gui/file/ba981a94852325debf0e4b478266f6efd8e4e9c5b149fd9ad277be0be5045768/detection

http://95.217.244.41

# Reference: https://twitter.com/0xrb/status/1513739710765895681
# Reference: https://www.virustotal.com/gui/file/473c8b608a69a546da4510f610501bcac001e726699e75d8a15afd50ff66f460/detection

http://62.204.41.128
/81uBpsioYb.php

# Reference: https://twitter.com/0xrb/status/1513762639218118656
# Reference: https://www.virustotal.com/gui/file/309122794db2c8fd2ffd82c9770988297860a56116ce184be08da75b64d361f8/detection
# Reference: https://www.virustotal.com/gui/file/0f63b4b4659449eee766610af817b786e9cd7622743851cf7b71430613d7521b/detection

http://62.204.41.69
62.204.41.166:27688
/p8jG9WvgbE.php

# Reference: https://twitter.com/0xrb/status/1513747076714491905
# Reference: https://www.virustotal.com/gui/ip-address/2.57.186.176/relations
# Reference: https://www.virustotal.com/gui/file/455118a3a6c915e50ec4ff1133b51f24b1e080e3e591f42e41e144af0bdc7890/detection

cheapa.link
cheapb.link
cheapc.link
cheapd.link
cheape.link
cheapf.link
cheapg.link
cheaph.link
cheapi.link
cheapj.link
cheapk.link
cheapl.link
cheapm.link
cheapn.link
cheapo.link
cheapp.link
cheapq.link
cheapr.link
cheaps.link
cheapt.link
cheapu.link
cheapv.link
cheapw.link
cheapx.link
cheapy.link
cheapz.link

# Reference: https://twitter.com/Glacius_/status/1513861040605442052

http://195.242.111.168
/2s06lj04kybnr4ze.php

# Reference: https://twitter.com/0xrb/status/1515918645800882181
# Reference: https://www.virustotal.com/gui/ip-address/185.215.113.89/relations
# Reference: https://www.virustotal.com/gui/file/fd48ebb9c6da16d3f371ee0e1bd94c7027ffacb7b99d27e59c81c8504477fd60/detection

asdasgs.ug
beachwood.ug
courtneyjones.ac.ug
danwisha.ac.ug
hubvera.ac.ug
kodekode.ac.ug
ludivineemery.ac.ug
malayska.ug
marksidfgs.ug
marnersstyler.ug
mistitis.ug
rockphil.ac.ug
rockrock.ug
triathlethe.ug
underdohg.ac.ug
underdohg.ug

# Reference: https://twitter.com/0xrb/status/1516280842586566656
# Reference: https://twitter.com/0xrb/status/1517034682164334592
# Reference: https://www.virustotal.com/gui/ip-address/2.56.240.56/relations
# Reference: https://www.virustotal.com/gui/ip-address/2.57.187.224/relations
# Reference: https://www.virustotal.com/gui/ip-address/45.8.124.64/relations
# Reference: https://www.virustotal.com/gui/file/03989d0af03476f5611d18e2e8f6706be0d542707336c2b426035c78335f1328/detection
# Reference: https://www.virustotal.com/gui/file/c24d3ad6c8178c5066eea814986ce73e26d6ec2812fc6f56b0275eb68da0f6bb/detection
# Reference: https://www.virustotal.com/gui/file/6e304b4616eb9daa7da76d3c1894d5e62af10fe6dc3d6b2356518dbb1121d6b9/detection

jsdkca.link
jsdkcb.link
jsdkcc.link
jsdkcd.link
jsdkce.link
jsdkcf.link
jsdkcg.link
jsdkch.link
jsdkci.link
jsdkcj.link
jsdkck.link
jsdkcl.link
jsdkcm.link
jsdkcn.link
jsdkco.link
jsdkcp.link
jsdkcq.link
jsdkcr.link
jsdkcs.link
jsdkct.link
jsdkcu.link
jsdkcv.link
jsdkcw.link
jsdkcx.link
jsdkcy.link
jsdkcz.link

# Reference: https://twitter.com/0xrb/status/1516640874306088960
# Reference: https://www.virustotal.com/gui/file/18c7c5e7d5146bef12ead85598bf5d2c48ee5e6634d4769221d3e7712809f1ad/detection

xiskasment.com

# Reference: https://twitter.com/James_inthe_box/status/1517238542434414592
# Reference: https://app.any.run/tasks/f82a6efe-c21c-4949-8523-d3f2ad8be39c/

http://5.252.178.50

# Reference: https://twitter.com/James_inthe_box/status/1517262007795281920
# Reference: https://app.any.run/tasks/e6362786-dbeb-44ad-b62e-ddf6a6fe7c1c/

http://116.202.1.195

# Reference: https://www.virustotal.com/gui/file/9699bee0ae268555ceb77a02522f568229233284c9eb698209c03b05b1304b10/detection

http://139.177.176.177

# Reference: https://app.any.run/tasks/2bf3a7e1-f6a9-44dc-9d15-d9fa4f803e65/

http://195.201.250.209

# Reference: https://twitter.com/0xrb/status/1521717264311275520

http://185.104.114.24

# Reference: https://twitter.com/0xrb/status/1522455058520358912
# Reference: https://www.virustotal.com/gui/file/1fb1244bbc75553e090acf7f1dfc01f4283b428ac966364fad0d95bd1b967e61/detection

http://162.33.179.235
/gatero0m.php

# Reference: https://twitter.com/0xrb/status/1522450567473549313

micrwa.link
micrwb.link
micrwc.link
micrwd.link
micrwe.link
micrwf.link
micrwg.link
micrwh.link
micrwi.link
micrwj.link
micrwk.link
micrwl.link
micrwm.link
micrwn.link
micrwo.link
micrwp.link
micrwq.link
micrwr.link
micrws.link
micrwt.link
micrwu.link
micrwv.link
micrww.link
micrwx.link
micrwy.link
micrwz.link
/8sdd875.php

# Reference: https://www.virustotal.com/gui/file/0ed195ec728ae0cf1d028dfc6682e64f4355b3e33ce4de258f854701dce4ee61/detection
# Reference: https://tria.ge/220610-s2xtrshbb2/behavioral1

http://93.115.21.45
/gtaddress

# Reference: https://www.virustotal.com/gui/file/62a53b52eb3408052d19cace306452e9d3075618b4198e3e8c0beb7200da5886/detection

http://78.47.227.68

# Reference: https://twitter.com/c_APT_ure/status/1526268613367300096
# Reference: https://www.virustotal.com/gui/file/6852472f4d85443563b226cc8dd1adfc7b005d094071eb460681af0830d10a16/detection
# Reference: https://www.virustotal.com/gui/file/b9106d6ef93fa8f25f43b1fb0b4fe6e29b1afb44844159a22bd5fa23ddaebe1f/detection
# Reference: https://www.virustotal.com/gui/file/e106f33cb1f8c26b6211611bd22fcaced5d1c88700670c8b477827f9e00a8b3f/detection

http://23.95.52.191

# Reference: https://www.virustotal.com/gui/file/05a3028bc4f10ff3387b486c171178f7d5a4864de59f6693d2dcbdae035820d1/detection

http://95.217.244.73

# Reference: https://www.zscaler.com/blogs/security-research/vidar-distributed-through-backdoored-windows-11-downloads-and-abusing
# Reference: https://otx.alienvault.com/pulse/62876ce0115d3177c23d5d74

ms-teams-app.net
ms-win11.com
win11-serv.com
win11-serv4.com
win11install.com
ms-win11.midlandscancer.com

# Reference: https://www.virustotal.com/gui/file/00068c42aca308063416f2ab531c218bd8c6b960fe727064f03cfda101f9c746/detection

http://162.55.213.180

# Reference: https://www.virustotal.com/gui/file/0290fd4f9c7240911d9051f76167a75dd78834e6a03faf6b09aeae21ff3094db/detection

backgrounds.pk
gadem.ug
lcjvkdfas.ug
zaragoza.co.ug
zaragozsa.ug

# Reference: https://www.virustotal.com/gui/file/f6a58d46a92e7739388cd9e1c0df2800af70169a6df2a19b8c1b96defeed902e/detection

2tril.com

# Reference: https://app.any.run/tasks/67322566-fff2-4a64-a5b8-405599618c7d/

http://107.189.13.22

# Reference: http://lists.emergingthreats.net/pipermail/emerging-sigs/2022-May/030670.html
# Reference: https://www.virustotal.com/gui/file/7093aba8ae03275caab7372a7d56172df1716120d477dc276ee9f0b08816bd0c/detection

aztkiryhetxx.ru
ckrddvcveumq.ru
cugdwpnykghx.ru
dvizhdom.ru
dwrfqitgvmqn.ru
rhjebiuujydv.ru
rwwmefkauiaa.ru
sanlygeljek.ru
sinelnikovd.ru
wzqyuwtdxyee.ru
zpuxmwmwdxxk.ru
zyzkikpfewuf.ru

# Reference: https://www.virustotal.com/gui/file/8bf5a6be286efa5c7871d287a80120fc48a3744bd2a6a3764834082b95e68674/detection

cenlar.cc

# Reference: https://tria.ge/220602-rf2p6acaaj/behavioral1

http://107.189.11.124

# Reference: https://twitter.com/BlackLotusLabs/status/1532795523329052672
# Reference: https://www.virustotal.com/gui/file/78456112caae4c00fa66e6f9c7474331a2befe795a75a7313d4e0770196a0b35/detection

http://116.202.187.69

# Reference: https://www.virustotal.com/gui/file/005c0f50f1b90558975f0c63b23fc35b0493ea596a9c5e051c2f26dc3ca977e0/detection

http://185.9.41.83
http://212.110.132.195
http://77.232.41.206

# Reference: https://www.virustotal.com/gui/file/005c0f50f1b90558975f0c63b23fc35b0493ea596a9c5e051c2f26dc3ca977e0/detection

http://2.57.122.82

# Reference: https://www.virustotal.com/gui/file/9d66a6a6823aea1b923f0c200dfecb1ae70839d955e11a3f85184b8e0b16c6f8/detection

http://45.140.146.169
/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/

# Reference: https://tria.ge/220609-ztaslagec8/behavioral1

http://194.156.98.151

# Reference: https://www.virustotal.com/gui/file/12e81b998b37955c4e028a9f46378b8b664646e3cc5f177a867321c54af30ca3/detection

http://194.180.174.180

# Reference: https://www.virustotal.com/gui/file/ead121e4d007085adb42edd61c3328aa728fa2c1d7c78e77ceb64f999f7323e3/detection

ratinonanuere.pw

# Reference: https://www.virustotal.com/gui/file/037b340417857e618b37cfc3c6b4e6d01717ca0cedfaf57c4d98f368f432f10d/detection

recmaster.ru

# Reference: https://www.virustotal.com/gui/file/03d90fc0c0da8275035336d823f053a84ef50ab82aa0d2bba0722bb9e32a5627/detection

martinlloyd.net

# Reference: https://tracker.viriback.com/dump.php (2022-07-11)

http://13.58.70.215
http://185.4.65.70
http://188.212.124.14
http://193.203.238.120
http://194.233.168.238
http://194.87.218.26
http://195.242.110.71
http://45.130.104.128
http://45.138.157.227
http://62.204.41.103
http://62.204.41.179
http://62.204.41.223
http://80.79.114.182
http://91.243.44.99
http://94.142.141.235
a0626884.xsph.ru
anderd2w.beget.tech
blitzhost.ga
dashgaa.ml
ericfatima.beget.tech
f0623459.xsph.ru
ida-ayu.com
img.futanari-toons.com
mars.cryptominingpioneer.com
mars22.cryptominingpioneer.com
nationalspaceforceusaaainc.com
pashiudsa.com
share.softwareshare.me
tracey991.beget.tech
truehempbiz.com
zl3fh9x1.beget.tech
/5Ou97MmeyI/
/5Ou97MmeyI/login.php
/SCmtgye1LE/
/SCmtgye1LE/login.php
/c0XEaQ58yT/
/c0XEaQ58yT/login.php
/deAGgwt1R7/
/deAGgwt1R7/login.php
/yugYFTr5u6uytJgfj/
/yugYFTr5u6uytJgfj/login.php

# Reference: https://tria.ge/220531-s91kmafcgl/behavioral1

http://78.47.74.118

# Reference: https://tria.ge/220715-rnvltacbhl/behavioral2

http://45.144.29.243

# Reference: https://twitter.com/ViriBack/status/1549905970905612290

http://185.104.114.24
http://146.190.235.63
http://185.4.65.203
http://193.124.22.9
http://87.120.37.42
http://94.102.57.150
http://94.124.78.161
chicvvdon.lol
goldrushaw.ug
moneyd.link
renox.lol
superfilmes.cf
topababa.us
data.topababa.us

# Reference: https://twitter.com/idclickthat/status/1551249542783328257
# Reference: https://tria.ge/220724-ttq7paafbm/behavioral1

http://185.53.46.199
zidclouzby2.xyz

# Reference: https://app.any.run/tasks/da232c24-a63c-4378-ae30-f3305fd0334e/

http://95.217.244.216

# Reference: https://twitter.com/ViriBack/status/1554137490872799233
# Reference: https://tria.ge/220801-str9baahe3

atomic-wallet.net
/marsword/gate.php
