# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: APT-C-55, Black Banshee, Velvet Chollima, ta427, RftRAT

# Reference: https://otx.alienvault.com/pulse/5c93c4e48312d159728a9d78
# Reference: https://blog.alyac.co.kr/2209 (Korean)

maii-daum-net.atwebpages.com
nate-on.bug3.com
hanmail.membercp.net
korea.getenjoyment.net
mail.membercp.net
/itsme.daum

# Reference: https://twitter.com/blackorbird/status/1086970613552447489

safe-naver-mail.pe.hu

# Reference: https://twitter.com/blackorbird/status/1113318554563076096
# Reference: https://github.com/blackorbird/APT_REPORT/blob/master/kimsuky/aptnote0403
# Reference: https://blog.alyac.co.kr/2234 (Korean)

tcjst.com

# Reference: https://twitter.com/blackorbird/status/1118334122592591872
# Reference: https://raw.githubusercontent.com/blackorbird/APT_REPORT/master/kimsuky/Smoke%20Screen.pdf
# Reference: https://www.virustotal.com/gui/ip-address/192.186.142.74/relations
# Reference: https://otx.alienvault.com/pulse/5cb6e14b2fefc160d9e18b24

http://192.186.142.74
192.186.142.74:81
seoulhobi.biz

# Reference: https://twitter.com/RedDrip7/status/1133268937808859136

lovemoney.mypressonline.com

# Reference: https://blog.alyac.co.kr/2336 (Korean)
# Reference: https://otx.alienvault.com/pulse/5d13373f428cfccd0fa506a6

hellojames.sportsontheweb.net

# Generic trails (also can be met in https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/)

/expres.php

# Reference: https://blog.alyac.co.kr/2347 (Korean)
# Reference: https://otx.alienvault.com/pulse/5cffce34469a83ecb23c93db

http://202.168.155.156
carolie-svr-v1.16mb.com
my-homework.890m.com
naver-security-mail.96.lt
oeks39402.890m.com
filer1.1apps.com
filer2.1apps.com
kuku675.site11.com
kuku79.herobo.com

# Reference: https://blog.alyac.co.kr/2389 (Korean)
# Reference: https://otx.alienvault.com/pulse/5d14b11389f0f0ece394fab8

atene.myartsonline.com
hellojames.sportsontheweb.net
nid2-naver-com.medianewsonline.com
smalldeal.mypressonline.com

# Reference: https://www.anomali.com/blog/suspected-north-korean-cyber-espionage-campaign-targets-multiple-foreign-ministries-and-think-tanks
# Reference: https://otx.alienvault.com/pulse/5d5d6f5c5f0e4d2b7f5f3208
# Reference: https://twitter.com/blackorbird/status/1164370375490228224

alone-service.work
app-support.work
check-up.work
com-main.work
doc-view.work
login-confirm.work
member-service.work
minner.work
short-line.work
sub-state.work
web-line.work

# Reference: https://twitter.com/cyberwar_15/status/1166592637371060226

rnailr.com

# Reference: https://www.cert.ssi.gouv.fr/uploads/CERTFR-2019-ACT-009.pdf
# Reference: https://otx.alienvault.com/pulse/5d6d754babe6ca295f94cb1b

accounted.top
acounts.work
ahooc.com
alive-user.work
alone-service.work
app-house.online
app-main.site
app-support.site
app-support.work
check-line.site
check-operation.site
check-up.work
client-mobile.work
confirm-main.work
dounn.net
dovvn-mail.com
drog-service.com
eposcard.co
first-state.work
gstaticstorage.com
heehorse.com
hotrnall.co
imap-login.com
inbox-mail.work
inbox-yahoo.com
lh-login.com
lh-logs.com
lh-yahoo.com
local-link.work
log-yahoo.com
login-confirm.site
login-confirm.work
login-history.pw
login-sec.com
login-use.com
login-yahoo.info
logins-yahoo.com
mail-down.com
mail-inc.work
mail-service.win
mailseco.com
main-line.work
main-service.site
main-support.work
matmiho.com
member-service.work
message-inbox.work
minner.work
mobile-device.site
mobile-phone.work
myprivacy.work
net-policies.work
old-version.work
online-support.work
open-auth.work
options.work
page-view.work
phlogin.com
profile-setting.work
protect-com.work
protect-mail.work
protect-main.site
retry-confirm.com
script-main.site
sec-line.work
sec-live.com
set-login.com
setting-main.work
share-check.site
short-line.work
sign-in.work
srnbc-card.com
user-account.link
user-accounts.net
user-service.link
user-service.work
viewetherwallet.com
wallet-vahoo.com
weak-online.work
web-info.work
web-mind.work
web-online.work
web-rain.work
web-state.work
web-store.work
yah00.work
yrnall.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1177115401400016901
# Reference: https://blog.alyac.co.kr/2538 (Korean)
# Reference: https://otx.alienvault.com/pulse/5d8dd05bac456c1dade338df

joelwisian.com
reunionhomesok.com

# Reference: https://twitter.com/blackorbird/status/1178497550938034177

eoplus.co.kr/board/pressed/
eoplus.co.kr/board/presset/

# Reference: https://www.virusbulletin.com/uploads/pdf/conference_slides/2019/VB2019-Kim.pdf
# Reference: https://otx.alienvault.com/pulse/5d9f541a43c2babf60994786

c-naver.com
daum-center.net
rrnaver.com
udaum.net
account-google.member-authorize.com
user-manage-center.hol.es
user-daum-center.pe.hu
user-protect-center.pe.hu
naiei-aldiel.16mb.com
nid-protect-team.pe.hu
nid-management-team.890m.com
oeks39402.890m.com
vkcxvkweo.96.lt

# Reference: https://otx.alienvault.com/pulse/5dac36de0d5134df36b16666

clouds.scienceontheweb.net

# Reference: https://twitter.com/spider_girl22/status/1191306963369353216

online---shop.atwebpages.com

# Reference: https://blog.alyac.co.kr/2645 (Korean)
# Reference: https://otx.alienvault.com/pulse/5de68f93fc4d8a6303a7598b

member-view-center.esy.es
primary-help.esy.es
ago2.co.kr/bbs/data/dir/F.php
antichrist.or.kr/data/cheditor/dir1/F.php
gyjmc.com/board/data/cheditor/dir1/F.php

# Reference: https://otx.alienvault.com/pulse/5e257c8c189e48e8e053e75b

antichrist.or.kr/data/cheditor/dir1/lyric64
batgalim.org.il/facebook/Facebook/Entities/ppp/encoding.png
jonashartley.com/hilaryolsen/wp-includes/images/crystal/1122/upload.php
jonashartley.com/hilaryolsen/wp-admin/network/run.php
jonashartley.com/hilaryolsen/wp-includes/random_compat/1122/res.php
jonashartley.com/hilaryolsen/wp-includes/random_compat/1122/expres.php
jonashartley.com/hilaryolsen/wp-includes/customize/1111/res.php
jonashartley.com/hilaryolsen/wp-includes/customize/1111/expres.php
happy-new-year.esy.es
safe-naver-mail.pe.hu

# Reference: https://www.virusbulletin.com/uploads/pdf/conference_slides/2019/VB2019-Kim.pdf
# Reference: https://otx.alienvault.com/pulse/5e42fd9c9fa37be52610c5c5

accounting-microsofft.epizy.com
csdaum-help.esy.es
daum-account-login.esy.es
daum-account-login.esy.esoeks39402.890m.com
daum-account-signin.pe.hu
daum-login-protect.hol.es
daum-setting.hol.es
daum-stting.hol.es
daumlogin.esy.es
gyjmc.com
mail-customer-safety-center.hol.es
mail-kinu.hol.es
mail-naver-protect.hol.es
mail.naver.comuf.com
member-authorize.com
member-daum-regist.hol.es
member-view-center.esy.es
memver-view-center.esy.es
nager-relogin-security.96.lt
naiei-ldel.16mb.com
naver-password.esy.es
naver-security-mail.96.lt
naverhelp.esy.es
naverkorea.esy.es
naverlogin.esy.es
nid-mail.pe.hu
nid-management-team.890m.com
nid-protect-team.pe.hu
primary-help.esy.es
protect-yahoo-teeam.000webhostapp.com
security-mail-daum.000webhostapp.com
snu-mail-ac-kr.esy.es
suppcrt-seourity.esy.es
uefa2018.000webhostapp.com
user-daum-center.pe.hu
user-management-center.hol.es
user-protect-center.pe.hu
vkcxvkweo.96.lt
webrnail-kinu.hol.es

# Reference: https://twitter.com/anyrun_app/status/1115513990711521280
# Reference: https://www.virustotal.com/gui/file/540336c5e61d589776e267eed14eac835720b4484312434ce4f27adfec8bf817/detection

185.224.137.164:21

# Reference: https://twitter.com/cyberwar_15/status/1227709181605613569

happy-boy.pe.hu

# Reference: https://www.pwc.co.uk/issues/cyber-security-data-privacy/research/tracking-kimsuky-north-korea-based-cyber-espionage-group-part-1.html
# Reference: https://otx.alienvault.com/pulse/5e4c19894aad216887c8cb3d

ago2.co.kr/bbs/data/tmp
aiyac-updaite.hol.es
daum-center.net
embed-helper.esy.es
er-manage-center.hol.es
finale-jack.esy.es
kakao-check.esy.es
my-homework.890m.com
naver-mail-com.hol.es
nid-protect-team.pe.hu
nid-yyanagemeniteam.890m.com
nortice-centre.esy.es
oeks39402.890m.com
rrnaver.com
simple-hick.esy.es
suppcrt-seourity.esy.es
udaum.net
upgradesrv.890m.com
user-daum-center.pe.hu
user-manage-cenier.nol.es
user-protect-center.pe.hu

# Reference: https://twitter.com/blackorbird/status/1107214927402418176
# Reference: https://twitter.com/blackorbird/status/1107479347013672960

ddlove.kr/bbs/dta/1

# Reference: https://twitter.com/blackorbird/status/1082553543280680962

ago2.co.kr/bbs/data/dir

# Reference: https://twitter.com/cyberwar_15/status/1230093739554557953

pingball.mygamesonline.org

# Reference: https://twitter.com/spider_girl22/status/1233198285747154944
# Reference: https://twitter.com/cyberwar_15/status/1241591674255446016
# Reference: https://app.any.run/tasks/f4172853-90e6-49ad-be7b-bf6efa771448/

nagoya.datastore.pe.hu
suzuki.datastore.pe.hu
toyota.datastore.pe.hu

# Reference: https://blog.alyac.co.kr/2737 (Korean)

mernberinfo.tech

# Reference: https://twitter.com/cyberwar_15/status/1232989735011794945
# Reference: https://www.virustotal.com/gui/file/2cd5f1852ac6d3ed481394ea0abc49f16789c12fb81bcdf9988762730fb0aa8f/detection
# Reference: https://twitter.com/spider_girl22/status/1234761655214493697
# Reference: https://twitter.com/cyberwar_15/status/1240677656451899394
# Reference: https://twitter.com/Timele9527/status/1240620534468997125

all200.mireene.com
crphone.mireene.com
jmable.mireene.com
jmdesign.mireene.com
nhpurumy.mireene.com
orblog.mireene.com
sgmedia.mireene.com
vnext.mireene.com

# Reference: https://twitter.com/Timele9527/status/1240123132419223554

mybobo.mygamesonline.org

# Reference: https://twitter.com/DeadlyLynn/status/1245264426321600513

saemaeul.mireene.com

# Reference: https://twitter.com/AnonySecAgency/status/1250605504520318977

rolls-royce-love.890m.com

# Reference: https://twitter.com/VK_Intel/status/1257243399742251010

upload.bigfile.hol.es

# Reference: https://twitter.com/AnonySecAgency/status/1263047043150299136

gotoclean.com.co
ricefarm.kr/bbs/st/expres.php

# Reference: https://twitter.com/cyberwar_15/status/1266553918454067201
# Reference: https://www.rfa.org/korean/in_focus/nkhacking-05292020160533.html (Korean)

com-download.work

# Reference: https://twitter.com/cyberwar_15/status/1268073043365990401

part.bigfile.pe.hu

# Reference: https://blog.alyac.co.kr/3033 (Korean)
# Reference: https://otx.alienvault.com/pulse/5ed7c80f673c40df00c52fa6

boaz.kr/skin/member/basic/css/cross.php
boaz.kr/skin/member/basic/css/report.php
boaz.kr/skin/member/log/cross.php
boaz.kr/skin/member/log/pre.hta
boaz.kr/skin/member/log/report.php
boaz.kr/skin/member/log/suf.hta

# Reference: https://twitter.com/XOR_Hex/status/1273023258535886848

dept-dp.lab.hol.es

# Reference: https://twitter.com/cyberwar_15/status/1273435333430935552

gbxhd.org-help.com

# Reference: https://twitter.com/ccxsaber/status/1273804166612135940

security-confirm.bmail-org.com

# Reference: https://twitter.com/ShadowChasing1/status/1274724519803043852

finalist.org-help.com

# Reference: https://twitter.com/cyberwar_15/status/1275368364819410950

foxhunter.getenjoyment.net
korea.getenjoyment.net
pootball.getenjoyment.net

# Reference: https://twitter.com/DeadlyLynn/status/1275998401524424704

attachchosun.atwebpages.com

# Reference: https://twitter.com/ccxsaber/status/1278941222166380545

lovelovelove.atwebpages.com

# Reference: https://twitter.com/DeadlyLynn/status/1281840956170317824

bascetball.atwebpages.com

# Reference: https://twitter.com/cyberoverdrive/status/1285955528770891776
# Reference: https://www.virustotal.com/gui/file/4fae9a942aafddc8ee21a753302cec3c5273d3f71e132f176cb799dd922e30ac/detection

pingguo5.atwebpages.com

# Reference: https://app.any.run/tasks/74d55d02-7bbd-444c-a01b-30ac52a7e576/

foxonline123.atwebpages.com

# Reference: https://twitter.com/cyberwar_15/status/1296301860312084482

jongjin.000webhostapp.com

# Reference: https://twitter.com/DeadlyLynn/status/1299970605043707905
# Reference: https://www.virustotal.com/gui/file/4ff2a67b094bcc56df1aec016191465be4e7de348360fd307d1929dc9cbab39f/detection

portable.epizy.com

# Reference: https://otx.alienvault.com/pulse/5f737caa710907613c4d2773

account-protect.work
account-viewer.work
com-active.work
com-download.work
com-option.work
com-ssl.work
com-sslnet.work
com-vps.work
default.tokyo
desk-top.work
doc-view.pw
dorey.work
dutaley.work
exiweng.work
idiolos.work
intemet.work
jp-sec.pw
jp-ssl.work
kinac.work
net-sec.pw
org-view.pw
org-view.work
org-vip.work
org-vps.work
poulsen.work
robezo.work
rtyuio.work
sslport.work
sslserver.work
ssltop.work
taplist.work
tlsmain.work
unrepong.work
verdall.xyz
vpstop.work
webmain.work

# Reference: https://twitter.com/cyberwar_15/status/1313175039307476993

daumcleaner.mywebcommunity.org
naver.mywebcommunity.org
workcrafter.mywebcommunity.org

# Reference: https://twitter.com/DeadlyLynn/status/1314181830162083841
# Reference: https://www.virustotal.com/gui/file/363386c4caa5a995d3ca9345520c90942d5d3e1aaf8056831348f92eb73c15db/detection

goldbin.myartsonline.com

# Reference: https://twitter.com/vigilantbeluga/status/1315720089316941824
# Reference: https://twitter.com/vigilantbeluga/status/1315722308703543297

hdac-wallet.com
kasse-v1.hdac-wallet.com
update.hdac-tech.com
wallet.hdac-tech.com

# Reference: https://twitter.com/vigilantbeluga/status/1255002262256025600
# Reference: https://www.virustotal.com/gui/file/3110f00c1c48bbba24931042657a21c55e9a07d2ef315c2eae0a422234623194/detection

general-second.org-help.com

# Reference: https://us-cert.cisa.gov/ncas/alerts/aa20-301a
# Reference: https://otx.alienvault.com/pulse/5f9856f8655cfd07338c8e83

account.daum.unikftc.kr
account.daum.unikortv.com
account.daurn.pe.hu
amberalexander.ghtdev.com
beyondparallel.sslport.work
bigfile.pe.hu
cdaum.pe.hu
cloudmail.cloud
cloudnaver.com
coinone.co.in
com-download.work
com-option.work
com-ssl.work
com-sslnet.work
com-vps.work
comment.poulsen.work
cooper.center
csnaver.com
daum.net.pl
daum.unikortv.com
daurn.org
daurn.pe.hu
demand.poulsen.work
dept-dr.lab.hol.es
downloadman06.com
dubai-1.com
eastsea.or.kr
gloole.net
help-navers.com
help.unikoreas.kr
helpnaver.com
hogy.desk-top.work
impression.poulsen.work
intemet.work
intranet.ohchr.account-protect.work
jonga.ml
jp-ssl.work
kooo.gq
loadmanager07.com
login.bignaver.com
login.daum.kcrct.ml
login.daum.net-accounts.info
login.daum.unikortv.com
login.outlook.kcrct.ml
mail.unifsc.com
mailsnaver.com
member-authorize.com
member.daum.uniex.kr
member.daum.unikortv.com
member.navier.pe.hu
msdatl3.inc
msolui80.inc
myaccount.nkaac.net
myaccounts.gmail.kr-infos.com
myetherwallet.co.in
myetherwallet.com.mx
naver.co.in
naver.com.cm
naver.com.de
naver.com.ec
naver.com.mx
naver.com.pl
naver.com.se
naver.cx
naver.hol.es
naver.koreagov.com
naver.onegov.com
naver.pw
naver.unibok.kr
naverdns.co
net.tm.ro
nid.naver.com.se
nid.naver.corper.be
nid.naver.onektx.com
nid.naver.unibok.kr
nid.naver.unicrefia.com
nidlogin.naver.corper.be
nidnaver.email
nidnaver.net
ns.onekorea.me
nytimes.onekma.com
org-vip.work
preview.manage.org-view.work
pro-navor.com
read-hanmail.net
read-naver.com
read.tongilmoney.com
resetprofile.com
resultview.com
riaver.site
sankei.sslport.work
securetymail.com
servicenidnaver.com
smtper.cz
smtper.org
sslserver.work
ssltop.work
statement.poulsen.work
sts.desk-top.work
taplist.work
tiosuaking.com
top.naver.onekda.com
usernaver.com
view-hanmail.net
view-naver.com
vilene.desk-top.work
vpstop.work
webmain.work
webuserinfo.com
ww-naver.com

# Reference: https://www.cybereason.com/blog/back-to-the-future-inside-the-kimsuky-kgh-spyware-suite
# Reference: https://www.cyberscoop.com/north-korea-espionage-kimsuky-cybereason/
# Reference: https://otx.alienvault.com/pulse/5fa029ed2e8d9de384c74f26

csv.posadadesantiago.com/home/up.php?id=
csv.posadadesantiago.com/home?act=news&id=
csv.posadadesantiago.com/home?id=
myaccounts.posadadesantiago.com/test/Update.php?wShell=
wave.posadadesantiago.com/home/dwn.php?van=

# Reference: https://blog.alyac.co.kr/3352
# Reference: https://otx.alienvault.com/pulse/5fa1bb282c5efd7327b229a6

xeoskin.co.kr/wp/wp-includes/SimplePie/Net/

# Reference: https://twitter.com/cyberwar_15/status/1327040440189607936
# Reference: https://twitter.com/cyberwar_15/status/1327045373781635072
# Reference: https://twitter.com/cyberwar_15/status/1327403605825970176
# Reference: https://twitter.com/cyberwar_15/status/1327403626118094848

accountcheck.net
app.veryton.ml
appmedicine.whoint.cf
astrozeneca.ml
bidmc.accountcheck.net
daumi.club
daurn.ga
dup.photo.oiiio.ga
email-hanwha.pe.hu
genexine.member-info.net
jnj.accountcheck.net
kaist.r-naver.com
kari.gq
kimm.r-naver.com
krnvc.ga
logins.daumi.club
logins.daurn.ga
love.krnvc.ga
mail.astrozeneca.ml
member-info.net
oiiio.ga
on.color.oiiio.ga
r-naver.com
shinpoong.accountcheck.net
shinpoong.r-naver.com
shkj.hol.es
veryton.ml
webmail.kari.gq
whoint.cf

# Reference: https://twitter.com/RedDrip7/status/1329628989699235840
# Reference: https://otx.alienvault.com/pulse/5fb804ac581df7fe4f35bfd6
# Reference: https://www.virustotal.com/gui/file/9365ce79a51768a398cc22ec701d5f256de827fbefed283c933dea4052d66027/detection

pelebra.atwebpages.com

# Reference: https://twitter.com/jfslowik/status/1330611004456067073

asia-studies.net
itamaraty.net
midsecurity.org
netsecurityservice.com
securitycounci1report.org

# Reference: https://twitter.com/cyberwar_15/status/1332300116179312640

bidmc.accountcheck.net
genexine.member-info.net
jnj.accountcheck.net
shinpoong.accountcheck.net
shinpoong.r-naver.com

# Reference: https://twitter.com/cyberwar_15/status/1333181928606814211

daumusercenter.web.app

# Reference: https://twitter.com/cyberwar_15/status/1333767468473487363

autoway.huyndai.ml
huyndai.ml

# Reference: https://twitter.com/Timele9527/status/1333971180290592769

documentserver.site

# Reference: https://twitter.com/h2jazi/status/1339226171272286209
# Reference: https://blog.alyac.co.kr/3458 (Korean)
# Reference: https://otx.alienvault.com/pulse/5fdbc57a744937101f4f9adc

hahae.co.kr/new3/ISAF/Libs/php/cross.php

# Reference: https://twitter.com/RedDrip7/status/1336258913323216896
# Reference: https://www.virustotal.com/gui/file/1909010c264328edaf24cc2804d4f046aabd3c59de45e1d295d4155eb466d753/detection

price365.co.kr/abbi/json/ps/aa.php

# Reference: https://twitter.com/cyberwar_15/status/1343610577894088704
# Reference: https://www.virustotal.com/gui/ip-address/27.255.79.204/relations

bkl-co.ml
conm.ga
covision.tk
dongguk.ml
edongwon.ml
edongyang.ml
ejnuac.ml
ekecc.ml
ekoreapetroleum.ml
eland.ml
enepa.cf
esmec.ml
gwdeuac.ml
gwpancon.ml
imperial.fit
kangwon.ml
kccworld.ml
kyungnam.ml
kyungnam.tk
kyungshin.ml
leeko.ml
maeil.ml
miraeasset.ml
naver.srl
nexaemc.ml
nh-amundi.ml
onestorecorp.ml
s-food.ml
samyang.ml
sejonggroup.ml
slworld.cf
sogang.ml
tlbu.ml
webnaver.srl
wonik.ml
yncc.ml
zdnet.ga
email.dongwon.ml
email.dongyang.ml
email.jnuac.ml
email.kecc.ml
email.koreapetroleum.ml
email.nepa.cf
ext.imperial.fit
gwmail.deuac.ml
gwmail.pancon.ml
mail.bkl-co.ml
mail.conm.ga
mail.covision.tk
mail.dongguk.ml
mail.eland.ml
mail.esmec.ml
mail.kangwon.ml
mail.kccworld.ml
mail.kyungnam.ml
mail.kyungnam.tk
mail.kyungshin.ml
mail.leeko.ml
mail.maeil.ml
mail.miraeasset.ml
mail.naver.srl
mail.nh-amundi.ml
mail.onestorecorp.ml
mail.s-food.ml
mail.samyang.ml
mail.sejonggroup.ml
mail.slworld.cf
mail.sogang.ml
mail.tlbu.ml
mail.wonik.ml
mail.yncc.ml
mail.zdnet.ga
nidlogin.naver.srl
nmail.exaemc.ml
webmail.naver.srl

# Reference: https://twitter.com/cyberwar_15/status/1345704290069876736

karist.cf
kaist-ac.xyz
krfa.ml
veryton.ml
kaist.krfa.ml
kaist-ac.xyz
mail.kaist-ac.xyz
vpn.karist.cf
app.veryton.ml

# Reference: https://twitter.com/h2jazi/status/1347225069890789376
# Reference: https://www.virustotal.com/gui/file/18ee06625f7bddadafa8c256d63a123f4e69d5488f88828052fd7803b3aa8b3b/detection

cwda.co.kr/theme/basic/skin/new/basic/update/

# Reference: https://twitter.com/AnonySecAgency/status/1350988738973884418
# Reference: https://www.virustotal.com/gui/file/fd740b70649f06269bf8fe2d0d4fdd87d99606a7a666c4f6a2fc89bee70b6649/detection

connectter.atwebpages.com

# Reference: https://twitter.com/cyberwar_15/status/1352117474943135745
# Reference: https://twitter.com/cyberwar_15/status/1352117964527423490
# Reference: https://www.virustotal.com/gui/ip-address/121.78.88.85/relations

attach.ddns.net
bigfile-naver.servepics.com
cafe-daum.ddns.net
naver.serveblog.net
naver.servehttp.com

# Reference: https://twitter.com/ShadowChasing1/status/1358713278390673408
# Reference: https://www.virustotal.com/gui/file/39bd6b689b02d6dee329131a51aa09301889faf5698eeac0d02aef0ba47cf024/detection
# Reference: https://www.virustotal.com/gui/file/a8820cc75cd580c8eda747931eb36f5943cece48ba720af9771cf16490a78aa6/detection

reform-ouen.com/wp-includes/css/dist/nux/dotm/dwn.php

# Reference: https://twitter.com/ShadowChasing1/status/1362575412539183115
# Reference: https://www.virustotal.com/gui/file/115b9bf1c6f6040248dfa1a77044143dc318e3712ad613a022b4cced6007906f/detection

anpcb.co.kr/plugin/sns/facebook/src/update/normal.dotm

# Reference: https://twitter.com/AnonySecAgency/status/1366948179762024449
# Reference: https://www.virustotal.com/gui/file/73476d8ed35d6bbdaab3e7a17de7668af3860e994ac59107ecbe1aba7e40ace1/detection
# Reference: https://www.virustotal.com/gui/file/412baf955c1e256c4e8bf7e07ce0f1fbf14c03d11ed98932be45a58a14d55690/detection

monkey.funnystory.tech
seoul.lastpark.life

# Reference: https://twitter.com/ShadowChasing1/status/1368827485253627907
# Reference: https://www.virustotal.com/gui/file/e46887db62f3ee5583587531358e1b70cc8a171067fa4e1ae3e6693f7f9fc938/detection

koreacit.co.kr/skin/

# Reference: https://twitter.com/ShadowChasing1/status/1372464570183208961
# Reference: https://www.virustotal.com/gui/file/50d826640cc9ba66b789f0823f04308178b435f7eb39021bf7861061849f7efd/detection

inonix.co.kr/kor/board/widgets/mcontent/skins/tmp

# Reference: https://twitter.com/ShadowChasing1/status/1372537353311449091

waels.onlinewebshop.net/st/

# Reference: https://twitter.com/Xxx_8885/status/1373888922179170305
# Reference: https://twitter.com/Xxx_8885/status/1373889297414123521
# Reference: https://www.virustotal.com/gui/file/a030873cf5a9b8c76740a1ba9a4d28fc7acf4ce71ebebbe33a46be372f551004/detection
# Reference: https://www.virustotal.com/gui/file/a56163d758cd4a0a00e0991b7a4aecab35fdecb59df6d1821488826f8b37d7b9/detection
# Reference: https://www.virustotal.com/gui/file/e532685d362475dd3dec1aacedff87c7b32ec3573714a9f56ac87905fa13d66c/detection
# Reference: https://www.virustotal.com/gui/file/00bbab408dbc5c1a95143f75c282a74dddd5a87df533d7d198c1fc7eb2138269/detection
# Reference: https://www.virustotal.com/gui/file/a2465f753ff409cbd036cc0235704e3f49d9a52b8e4e2bc812428d7c8ea6f32b/detection

http://200.200.200.200/test/v.php
eucie091.myartsonline.com
eucie09111.myartsonline.com
ftcpark59.getenjoyment.net

# Reference: https://twitter.com/blackorbird/status/1377218251344633856
# Reference: https://twitter.com/RedDrip7/status/1377217232573321220

policy.webofknowledg.com
usamilitarysavings.webofknowledg.com
webofknowledg.com

# Reference: https://twitter.com/ShadowChasing1/status/1377841916948082689
# Reference: https://www.virustotal.com/gui/file/873b8fb97b4b0c6d7992f6af15653295788526def41f337c651dc64e8e4aeebd/detection
# Reference: https://www.virustotal.com/gui/file/4a1c43258fe0e3b75afc4e020b904910c94d9ba08fc1e3f3a99d188b56675211/detection

pcsecucheck.scienceontheweb.net

# Reference: https://twitter.com/ShadowChasing1/status/1377900770629099530
# Reference: https://www.virustotal.com/gui/file/3dd9628b3f92a1f8c340e546343c1c1448de94212a9c19e83cae661eba2d1b37/detection

beilksa.scienceontheweb.net

# Reference: https://twitter.com/mg2_tracy1/status/1379269472926638081
# Reference: https://www.virustotal.com/gui/file/b89e79ee9c4834177cbabba9b265910a6a55c7defd2863cc1699753dbfa342b8/detection

baboivan.scienceontheweb.net

# Reference: https://twitter.com/h2jazi/status/1380510153397637127
# Reference: https://www.virustotal.com/gui/file/e6f0d7e114c04017b07f321ba4df440ff55718ef451b1a3cb0f1c0856bd1c86e/detection

pc.ac-kr.esy.es

# Reference: https://twitter.com/ShadowChasing1/status/1382509560179531782
# Reference: https://www.virustotal.com/gui/file/e7fae41c0bd8d3d95253bd75dce99015599ecc404bd8d737cec305fc3e4dd018/detection

wbg0909.scienceontheweb.net

# Reference: https://twitter.com/AnonySecAgency/status/1383241650319683590
# Reference: https://www.virustotal.com/gui/file/92b9933f3477241ffd92d0f76ef0dcf46730209a1ecab7eceb399d540530799f/detection

cuinm.huikm.kro.kr

# Reference: https://twitter.com/HONKONE_K/status/1386152816545128450
# Reference: https://www.virustotal.com/gui/file/4252c0b130be39bf2258c84c436c17babfd650b6d665ac6c4e050f87fe34e46e/detection

pootball.medianewsonline.com

# Reference: https://twitter.com/ShadowChasing1/status/1388522768111656963
# Reference: https://www.virustotal.com/gui/file/f8e972a26117bd14f5ec4dca9de0244d0bfd29bbbfd9104b2ccdc49fa93416d8/detection

ikpoo.cf
onedrive-upload.ikpoo.cf

# Reference: https://twitter.com/ShadowChasing1/status/1388529890614341635
# Reference: https://www.virustotal.com/gui/file/2365a48f7d6cf6dcc83195f06ea11b93c955c3a491c60b50ba42788917ba22e2/detection

riseknite.life
download.riseknite.life

# Reference: https://mp.weixin.qq.com/s/8RgFvA_rOR2nIGxjWbEq-w

travelmountain.ml
alps.travelmountain.ml

# Reference: https://twitter.com/h2jazi/status/1390734706103234561
# Reference: https://twitter.com/ShadowChasing1/status/1391620287024668679
# Reference: https://www.virustotal.com/gui/file/622cb6a772b0034f741aa58a50f1155a2a4240021c929d90fbed4182877fa579/detection
# Reference: https://www.virustotal.com/gui/file/2ed6b0e116a50ee9be7ac74b7be0e73ac4aeb15ddb9b42a1db5bcfba4dccdead/detection

mechapia.com/_admin/nicerlnm/web/style/list.php
mechapia.com/_admin/nicerlnm/web/style/css/

# Reference: https://twitter.com/ShadowChasing1/status/1391618560753999872
# Reference: https://twitter.com/ShadowChasing1/status/1391622743146188800
# Reference: https://www.virustotal.com/gui/file/2365a48f7d6cf6dcc83195f06ea11b93c955c3a491c60b50ba42788917ba22e2/detection
# Reference: https://www.virustotal.com/gui/file/fa4d05e42778581d931f07bb213389f8e885f3c779b9b465ce177dd8750065e2/detection
# Reference: https://www.virustotal.com/gui/file/2c796053053a571e9f913fd5bae3bb45e27a9f510eace944af4b331e802a4ba0/detection

chollian.ml
daom.ml
daum-accounts.cf
gmail-account.gq
gmrail.ml
grnail-login.ml
kisa-security.cf
letterpaper.press
live-sign.ml
natesec-page.ml
naver-security.cf
navor.ml
pcjindustries.com
riseknite.life
secure-dm.tk
seoul-kor.ml
seoul-kor.tk
travelmountain.ml
alps.travelmountain.ml
check.kisa-security.cf
download.riseknite.life
login.daum-accounts.cf
login.gmail-account.gq
login.live-sign.ml
login.natesec-page.ml
login.secure-dm.tk
logins.daom.ml
logins.daum-accounts.cf
new.seoul-kor.ml
nid-nav.navor.ml
nids.naver-security.cf
nids.navor.ml
outlook.seoul-kor.tk
signin.chollian.ml
signin.gmrail.ml
signin.grnail-login.ml
texts.letterpaper.press
webmail.pcjindustries.com

# Reference: https://twitter.com/sS55752750/status/1391765099992453125

flagguarder.site
glow.flagguarder.site

# Reference: https://twitter.com/h2jazi/status/1392128092840284164
# Reference: https://www.virustotal.com/gui/file/85847cad7f57db4534634d51f7e2c74a23719fcf74c891872d98e7c921f0fd56/detection

rukagu.mypressonline.com

# Reference: https://twitter.com/cyberwar_15/status/1392376928624013312

daum-attach.ddns.net

# Reference: https://twitter.com/ShadowChasing1/status/1392284742163206146

yes24-mart.pe.hu

# Reference: https://twitter.com/ShadowChasing1/status/1394911946118295553
# Reference: https://twitter.com/ShadowChasing1/status/1394911948353859585
# Reference: https://www.virustotal.com/gui/file/9ba5266d806df037acb1144836c21b70c5fc0aa6820d2ce07ee28accdff6c9bf/detection

follcdn.myartsonline.com
sima.atspace.tv

# Reference: https://twitter.com/ShadowChasing1/status/1395684553507840003

yanggucam.designsoup.co.kr/user/views/board/skin/secret/css/list.php

# Reference: https://twitter.com/h2jazi/status/1395782753765974023

samsoding.homm7.gethompy.com/plugins/dropzone/min/css/list.php

# Reference: https://twitter.com/m0br3v/status/1399637361697378306
# Reference: https://twitter.com/ShadowChasing1/status/1399753970839547910
# Reference: https://www.virustotal.com/gui/file/fe1a734019f0dc714bd3360e2369853ea97c02f108afe963769318934470967b/detection

at-me.ml
kt1kreate.cf
ahn-lab.cf
snubh.r-e.kr
shore.ml
snu-h.ml
kumb.cf
naver-login.cf
naver-check.ml
snuh.r-e.kr
app.at-me.ml
sms.kt1kreate.cf
v3.ahn-lab.cf
mail.snubh.r-e.kr
anto.shore.ml
smtp.snu-h.ml
mail.kumb.cf
help.naver-login.cf
mail.naver-check.ml
mail.snuh.r-e.kr

# Reference: https://blog.malwarebytes.com/threat-analysis/2021/06/kimsuky-apt-continues-to-target-south-korean-government-using-appleseed-backdoor/
# Reference: https://otx.alienvault.com/pulse/60b66cda1f2d210aa677cfbe

gmail-account.gq
gmrail.ml
goggle.hol.es
googgle.kro.kr
google-manager.ga
google-signin.ga
grnail-login.ml
grnail-signin.ga
grnail-signing.work
ikpoo.cf
kr-infos.com
letterpaper.press
microsoft-office.us
mygoogle-signin.ga
mygrnail-security.work
mygrnail-signin.ga
mygrnail-signing.work
riseknite.life
travelmountain.ml
account.googgle.kro.kr
account.grnail-signin.ga
accounts.goggle.hol.es
accounts.google-manager.ga
accounts.google-signin.ga
accounts.grnail-signin.ga
accounts.grnail-signing.work
alps.travelmountain.ml
download.riseknite.life
login.gmail-account.gq
login.gmeil.kro.kr
myaccount.google-signin.ga
myaccount.google.newkda.com
myaccount.google.nkaac.net
myaccount.grnail-security.work
myaccount.grnail-signin.ga
myaccount.grnail-signing.work
myaccounts-gmail.autho.co
myaccounts-gmail.kr-infos.com
myaccounts.grnail-signin.ga
ns1.microsoft-office.us
ns2.microsoft-office.us
onedrive-upload.ikpoo.cf
protect.grnail-signin.ga
signin.gmrail.ml
signin.grnail-login.ml
texts.letterpaper.press
wscript.shell.run

# Reference: https://twitter.com/360CoreSec/status/1401863232835383302
# Reference: https://www.virustotal.com/gui/file/811b42bb169f02d1b0b3527e2ca6c00630bebd676b235cd4e391e9e595f9dfa8/detection

alyssalove.getenjoyment.net
smyun0272.blogspot.com

# Reference: https://twitter.com/ShadowChasing1/status/1402239834819743746
# Reference: https://www.virustotal.com/gui/file/934731692b12fd182acbc698dd3f8ef59984aa4e7ef56e124f9851852878817e/detection

manct.atwebpages.com

# Reference: https://twitter.com/h2jazi/status/1402267704610988033
# Reference: https://www.virustotal.com/gui/file/c362b4cb60edfa5bf17123845e59311335b03139d77ec27b9a9ffb7b31e60154/detection

quarez.atwebpages.com

# Reference: https://twitter.com/arphanetx/status/1403765541739941889
# Reference: https://www.virustotal.com/gui/file/9dac6553b89645ac8d9e0a3dc877d12641e6d05fb52e8de6ae5533b2bdf0abc9/detection

pollor.p-e.kr

# Reference: https://github.com/blackorbird/APT_REPORT/blob/master/kimsuky/Kimsuky%20APT%20Group%20targeted%20on%20South%20Korean%20defense%20and%20security%20departments.pdf

amikbvx.cf
at-me.ml
atooi.ga
bnmvg.cf
daum-or.ml
daum-vpn.ml
daums.cf
dmaccount.ml
gommi.ml
kakaoo.ml
kititi.ga
kumb.cf
may3.cf
nate-on.ml
nate-or.ga
naver-check.ml
onehappy.ml
outlookin.ml
pamik.cf
shore.ml
uhuioo.cf
wowow.ga
xdtgh.ga
yes24-mart.pe.hu
admin.daum-or.ml
anto.shore.ml
ao.nate-on.ml
app.at-me.ml
app.gommi.ml
apple.may3.cf
auth.daum-or.ml
dnhji.bnmvg.cf
exchange.amikbvx.cf
gate.uhuioo.cf
gom.kititi.ga
helper.onehappy.ml
imap.pamik.cf
mail.daums.cf
mail.dmaccount.ml
mail.kakaoo.ml
mail.kumb.cf
mail.naver-check.ml
mail.outlookin.ml
mail3.nate-or.ga
member.dmaccount.ml
members.daum-vpn.ml
owo.owo.wowow.ga
qygbn.xdtgh.ga
vpn.atooi.ga

# Reference: https://twitter.com/fuuuing_/status/1393102998532886531

fabre.myartsonline.com

# Reference: https://twitter.com/TeamT5_Official/status/1410206100033400838
# Reference: https://biz.chosun.com/policy/politics/2021/06/18/V4DTFCEXPRA4DFCBVVJO3DPR5I/ (Korean)
# Reference: https://www.virustotal.com/gui/ip-address/27.102.106.48/relations
# Reference: https://www.virustotal.com/gui/ip-address/27.102.107.63/relations
# Reference: https://www.virustotal.com/gui/ip-address/27.102.112.49/relations
# Reference: https://www.virustotal.com/gui/ip-address/27.102.114.89/relations

boryung.tk
cdaum.kro.kr
celltrion.ml
cimoon.ml
claum.ml
cloudmall.club
cnaver.kro.kr
csdaum.ga
dongguk.kro.kr
home-info.ml
jbnu.info
jbnu.ml
lottebp.ga
minia.ml
naver-in.ml
nhnems.nsec.kro.kr
nidcorp.n-e.kr
novavax.ml
nsec.nhnems.kro.kr
nsuites.ga
pagelock.host
uni-korea.ga
uni-tuebingen.buzz
uni-tuebingen.cf
xonate.kro.kr
admin.claum.ml
admin.naver-in.ml
alarm.naver-in.ml
aol.pagelock.host
app.seoul.minia.ml
celltrion.cloudmall.club
daum.home-info.ml
exchange.uni-tuebingen.buzz
exchange.uni-tuebingen.cf
helper.uni-korea.ga
home.xonate.kro.kr
its.jbnu.ml
mail.celltrion.ml
mail.naver-in.ml
mail.novavax.ml
manager.naver-in.ml
member.cdaum.kro.kr
member.csdaum.ga
member.daum.home-info.ml
member.dongguk.kro.kr
myinfo.cnaver.kro.kr
nhn.nsuites.ga
nhnems.nsec.kro.kr
nid.naver.home-info.ml
nidcorp.nsuites.ga
nidlogin.nidcorp.n-e.kr
nsec.nhnems.kro.kr
onedrive-upload.ikpoo.cf
onedrive.ikpoo.cf
user.lottebp.ga
user.naver-in.ml

# Reference: https://twitter.com/ShadowChasing1/status/1410887216956547076

atooi.ga
gommi.ml
kumb.cf
onono.ml
uhuioo.cf
app.gommi.ml
gate.uhuioo.cf
mail.kumb.cf
vpn.atooi.ga
go.onono.ml

# Reference: https://twitter.com/h2jazi/status/1411826239455760387
# Reference: https://www.virustotal.com/gui/file/79848ca15ec49057261b6ba52275692d131b8dd034ae9a4cca1e1b81d9e18b77/detection

chels.mypressonline.com

# Reference: https://twitter.com/k3yp0d/status/1415652277914939393

tbear.mypressonline.com

# Reference: https://twitter.com/higefox/status/1411884786323361792
# Reference: https://asec.ahnlab.com/ko/24834/
# Reference: https://asec.ahnlab.com/ko/25351/
# Reference: https://otx.alienvault.com/pulse/60f125c78978e02a40e00c85

benze.atwebpages.com
btige.myartsonline.com
ccav.myartsonline.com
chels.mypressonline.com
giruz.atwebpages.com
jupit.getenjoyment.net
lieon.mypressonline.com
lovel.myartsonline.com
lovels.myartsonline.com
mantc.getenjoyment.net
modri.myartsonline.com
obser.mygamesonline.org
ranso.myartsonline.com
rster.atwebpages.com
stair.atwebpages.com
stair.myartsonline.com
vbqwer.mypressonline.com
visul.myartsonline.com
warcr.onlinewebshop.net

# Reference: https://twitter.com/h2jazi/status/1417093562278240256
# Reference: https://www.virustotal.com/gui/file/d3138e7b0dcf5e916834b045c1b006a1cd223dca75626bd1354b47dbd0c63ae2/detection

1213rt.atwebpages.com

# Reference: https://twitter.com/fuuuing_/status/1417426427528417283

kimshan600000.blogspot.com

# Reference: https://mp.weixin.qq.com/s/og8mfnqoKZsHlOJdIDKYgQ
# Reference: https://otx.alienvault.com/pulse/60ffcd56a7dc0038376fe52e

worldinfocontact.club
alyssalove.getenjoyment.net
hanlight.mygamesonline.org
kr2959.atwebpages.com
majar.medianewsonline.com
samsoding.homm7.gethompy.com
anpcb.co.kr/plugin/sns/facebook/src/update/normal.dotm
beilksa.scienceontheweb.net/cookie/select/log/tmp
beilksa.scienceontheweb.net/cookie/select/log/list.php
cwda.co.kr/theme/basic/skin/new/basic/update/Normal.dotm
cwda.co.kr/theme/basic/skin/new/basic/update/list.php
heritage2020.cafe24.com/plugin/kcpcert/bin/list.php
inonix.co.kr/kor/board/widgets/mcontent/skins/tmp
inonix.co.kr/kor/page/product/_notes/list.php
inonix.co.kr/kor/page/product/_notes/tmp/
koreacit.co.kr/skin/new/basic/update/temp
mechapia.com/_admin/nicerlnm/web/style/list.php
miracle.designsoup.co.kr/user/views/resort/controller/css/update/list.php
nuclearpolicy101.org/wp-admin/includes/0421/d.php
reform-ouen.com/wp-includes/css/dist/nux/dotm/dwn.php
yanggucam.designsoup.co.kr/user/views/board/skin/secret/css/list.php

# Reference: https://twitter.com/360CoreSec/status/1423561133873537024
# Reference: https://www.virustotal.com/gui/file/cd9421c332a2b90b26152f0e85a7db621306cd1daa70f30af3210895d2aeb577/detection

rhwkdlaktm.atwebpages.com

# Reference: https://twitter.com/ShadowChasing1/status/1446270087506194432
# Reference: https://www.virustotal.com/gui/file/82067ef8b907888f9fc27dd0630c37c95b0a55a7c225fb2d693115c41c7dd5be/detection

greatname.000webhostapp.com

# Reference: https://twitter.com/ShadowChasing1/status/1446278566564433939
# Reference: https://www.virustotal.com/gui/file/32beeda8cffc2ecc689ea2529194cf806955879a334ec68176864d1e6c09800c

youtoboo.kro.kr
movie.youtoboo.kro.kr

# Reference: https://twitter.com/ShadowChasing1/status/1446272122058280963

navercheck.kro.kr
nidlogin.navercheck.kro.kr

# Reference: https://twitter.com/ShadowChasing1/status/1446271028481593365
# Reference: https://www.virustotal.com/gui/file/db88dc539bccce8c30e3ba6897171989c9a340f23075c614f3c5a73ae0160db1

tigerwood.tech
ppahjcz.tigerwood.tech

# Reference: https://twitter.com/ShadowChasing1/status/1446270634690895872
# Reference: https://www.virustotal.com/gui/file/324b2e2c0471e49c7cc07725a7d748041479714d265ec6dbf386edd3f619f03c

requests.p-e.kr
ping.requests.p-e.kr

# Reference: https://twitter.com/ShadowChasing1/status/1446269684072914946
# Reference: https://www.virustotal.com/gui/file/8e263345cfeda4eb6720c47d4eaaee236be294fda693d840199f221d6e1412c6

beast.16mb.com

# Reference: https://blog.talosintelligence.com/2021/11/kimsuky-abuses-blogs-delivers-malware.html

44179d6df22c56f339bf.blogspot.com
4b758c2e938d65bee050.blogspot.com
akf4tvrbmg.blogspot.com
amfuz2h5b2s.blogspot.com
byun70kh.mygamesonline.org
gyzang0826.blogspot.com
gyzang1.blogspot.com
gyzang58.blogspot.com
gyzang681.blogspot.com
gyzang682.blogspot.com
kimshan600000.blogspot.com
o61666ch.getenjoyment.net
pjeu1urxdnvef6twpveg.blogspot.com
rrmu1qrxdoekv6twc9pq.blogspot.com
smyun0272.blogspot.com
t22a44es.atwebpages.com
tvrbmkxqstbouzq0twk0ee9uaz0.blogspot.com
tvrfekxqrtvpqzr5tvrfdu5evt0.blogspot.com
tvrfeuxqrtfnqzr4t0m0ee5utt0.blogspot.com
twpbekxqsxpoqzr4txpvdu1uyzu.blogspot.com
vev4tkrrpq.blogspot.com
vgn5tvrrpq.blogspot.com
vgt5tvrnpq.blogspot.com

# Reference: https://twitter.com/h2jazi/status/1465402736996933640

3a8f846675194d779198.blogspot.com
0knw2300.mypressonline.com
faust22.mypressonline.com

# Reference: https://www.virustotal.com/gui/file/cb88d365011dce926afb1c04e6973f3d3db7135dd67d738e281f3690b8d9e6ef/detection

kr3753.atwebpages.com

# Reference: https://twitter.com/souiten/status/1473862308132651011

jinu1353.scienceontheweb.net

# Reference: https://twitter.com/souiten/status/1457946934623150090
# Reference: https://www.virustotal.com/gui/file/0cfa89348dc6007c89852907e464f3e91060e83665d6d62243be225c0e2e44a9/detection

gosiweb.gosiclass.com/m/gnu/convert/default/8ef014a/list.php

# Reference: https://twitter.com/Timele9527/status/1425640885811777542

helpnid.com

# Reference: https://twitter.com/cyberwar_15/status/1478572625291276291

com-trace.space
confirm-pw.link
navers.online
navers.store
navers.website
net-pass.store

# Reference: https://twitter.com/souiten/status/1472757875839619079
# Reference: https://www.virustotal.com/gui/file/2ef30a004e68213faa8cfef567af2292ff03f8ea9f273ae1c9c2b7845ba6ea87/detection

zippe.myartsonline.com

# Reference: https://blog.alyac.co.kr/3228?category=957259 (Korean)

pingguo2.atwebpages.com
ramble.myartsonline.com

# Reference: https://asec.ahnlab.com/ko/26183/
# Reference: https://otx.alienvault.com/pulse/6110fe0ab195f83ceb72fcff

dkekftks.atwebpages.com
dktkglrkshqhfn.atwebpages.com
tktlal2.atwebpages.com
tktlal3.atwebpages.com
tksRpdl.atwebpages.com

# Reference: https://twitter.com/ShadowChasing1/status/1482976392958865413

gooeglle.mypressonline.com

# Reference: https://twitter.com/cyberwar_15/status/1485607323154644999

bigfilemail.net
cmaildown.lovestoblog.com
msgbugreporting.lovestoblog.com
/wwwppp/index2.php

# Reference: https://twitter.com/ShadowChasing1/status/1489054323946319876
# Reference: https://www.virustotal.com/gui/file/5d25e53b59bd2dcf234c6819f8cd294efe6d943d04625b9d575002362794e74a/detection

com-info.store
ms-work.com-info.store

# Reference: https://twitter.com/jaydinbas/status/1493522324011851776
# Reference: https://www.virustotal.com/gui/file/3ca7067d60ee47be7448da74be7dab23699cda64cac7ed0cd7a2d219875cb902/detection

asenal.medianewsonline.com

# Reference: https://twitter.com/s1ckb017/status/1493907536117964802
# Reference: https://www.virustotal.com/gui/file/1fa38bd7a3d6a7b73ac4893bb7edc04fb3f56dcfad3b3e6b3fa6d4729add22e2/detection

byusunity.000webhostapp.com

# Reference: https://twitter.com/ShadowChasing1/status/1500778382966939653
# Reference: https://www.virustotal.com/gui/ip-address/161.97.100.171/relations

com-checking.link
com-pass.online
com-password.link
com-silver.site
jp-check.online
naver-active.online
certificate.medis.navers.store
com.com-pass.online
daum.confirm-pw.link
downfile.mybox.com-password.link
downfile.naver.com-pass.online
medis.navers.store
moue.naver-active.online
ms-work.com-pass.online
ms-work.com.com-pass.online
mybox.com-password.link
myetherwallet.com-checking.link
naver.com-pass.online
naver.com-silver.site
navers.com-checking.link
navers.com-silver.site
naverwebs.com-password.link
navrenewal.confirm-pw.link
neaply.naver-active.online
nib.com-checking.link
nic.navers.com-checking.link
nid.moue.naver-active.online
nid.naver-active.online
nid.navers.com-checking.link
nid.navers.confirm-pw.link
nid.navrenewal.confirm-pw.link
nid.neaply.naver-active.online
nld.naverwebs.com-password.link
nld.neaply.naver-active.online
nld.thus.navers.com-checking.link
nood.navers.jp-check.online
thus.navers.com-checking.link
uid.navers.com-silver.site

# Reference: https://www.virustotal.com/gui/file/0b2db410c50d9e4eb7e88177c463be3da5fff5527d9dc2ae10fa26ebe2721ef1/detection

healerboy.000webhostapp.com

# Reference: https://twitter.com/cyberwar_15/status/1507270188882067460

mailnotification.xyz
naveruser.com
nid.naver.com.pe
pay.naver.com.pe
report.mailnotification.xyz
star.mailnotification.xyz

# Reference: https://twitter.com/s1ckb017/status/1507316584079142915
# Reference: https://www.virustotal.com/gui/file/af6b98cabdaf0e3f12fd32509c6b99c141ce59bd73019730d85f66f41ca399da/detection

hannarng.kro.kr
update.hannarng.kro.kr

# Reference: https://twitter.com/souiten/status/1514440361887690753
# Reference: https://www.virustotal.com/gui/file/f28d087adb5f959c62e318d0a3c4639df5513781587aa46bb8df2521f7970ac5/detection

manage-box.com

# Reference: https://twitter.com/souiten/status/1519167359918911488
# Reference: https://www.virustotal.com/gui/file/2f7f3a86a868f6c5a85fb12fe028fd254cd9622075b179923187461c72d6aea0/detection

dusieme.com

# Reference: https://twitter.com/ShadowChasing1/status/1519514517465485312

uekaf.myartsonline.com

# Reference: https://twitter.com/InQuest/status/1521136176530436098
# Reference: https://www.virustotal.com/gui/file/5ed36771ac803408325326322f6909e8f768ed9a4c9e98217a82a66f71e7627d/detection

leehr36.mypressonline.com

# Reference: https://twitter.com/jaydinbas/status/1521408843774844929

weworld59.myartsonline.com

# Reference: https://twitter.com/h2jazi/status/1521906180553068546
# Reference: https://www.virustotal.com/gui/file/0e9689ea8056e3016ccc7fbfed31d8566403f394b68aceb69fb1a3dfec6b6f09/detection
# Reference: https://www.virustotal.com/gui/file/4b0202a8452fe202d25fc5c75aabef3ae52083d2edb7f57cbde02a1bca02a028/detection

attach.mail.daum.net/bigfile/v1/urls/d/exeuQzisacbcTtb5my1snadAn5Q/8nrA37fWtx1JOg3Vo6Jufg
attach.mail.daum.net/bigfile/v1/urls/d/6akA_Jg1Chbl_TcCTytJJQk4mfE/-z8Vw6BjxQC7ds4lmMKxpA

# Reference: https://twitter.com/BlackLotusLabs/status/1524012722622386176
# Reference: https://twitter.com/BlackLotusLabs/status/1524012726133178374
# Reference: https://www.virustotal.com/gui/file/99e58217d03645fe15ae19476554965e93e3d5f50deb85b515eb5543573f9007/detection

trueliebe.com

# Reference: https://asec.ahnlab.com/en/34694/
# Reference: https://twitter.com/malwrhunterteam/status/1525046722120097798
# Reference: https://twitter.com/ShadowChasing1/status/1525070825480949761
# Reference: https://www.virustotal.com/gui/file/2c20ac485fd55bd1a5c4b75c5ba521e5b19912325737617178dfcb5a4e408aef/detection

mc.pzs.kr/themes/mobile/images/about/temp/attach
mc.pzs.kr/themes/mobile/images/about/temp/upload
mc.pzs.kr/themes/mobile/images/about/temp/upload/lib.php
mc.pzs.kr/themes/mobile/images/about/temp/upload/list.php
mc.pzs.kr/themes/mobile/images/about/temp/attach/attach.docx

# Reference: https://asec.ahnlab.com/ko/34883/
# Reference: https://otx.alienvault.com/pulse/629714934cca82a7351d5254

fedra.p-e.kr
leomin.dothome.co.kr
printware2.000webhostapp.com

# Reference: https://twitter.com/blackorbird/status/1534127714336055296

ielsems.com
worldinfocontact.club

# Reference: https://twitter.com/cyberwar_15/status/1536865901899022336

cloudfiles.epizy.com
clouds.great-site.net
fils.clouds.great-site.net
joongang.epizy.com
daum.cloudfiles.epizy.com
kakao.cloudfiles.epizy.com
khu.cloudfiles.epizy.com
konkuk.cloudfiles.epizy.com
naver.cloudfiles.epizy.com
snu.cloudfiles.epizy.com

# Reference: https://twitter.com/cyberwar_15/status/1550740560033779713
# Reference: https://twitter.com/cyberwar_15/status/1547107301949308928

cdndaum.online
marsus.online
navecom.website
naveos.online
naveos.tokyo
naver-sec.site
navow.website
nonghyup.website
oneearthfuture.online 
private-banking-group.com
sslnaver.online
unifiedworldwideexpress.com
cood.nonghyup.website
nid.nonghyp.com-checking.link
nld.naveos.tokyo
noid.naveos.online
nong.navow.website

# Reference: https://twitter.com/h2jazi/status/1551566274664300544
# Reference: https://www.virustotal.com/gui/file/e59f0aa13e2da2a0cd5c07e882014d9b37927b9bd9a493f83c2bcb103e5a739c/detection

asssambly.mywebcommunity.org

# Reference: https://twitter.com/blackorbird/status/1552846355613097984
# Reference: https://www.volexity.com/blog/2022/07/28/sharptongue-deploys-clever-mail-stealing-browser-extension-sharpext/
# Reference: https://github.com/volexity/threat-intel/blob/main/2022/2022-07-28%20SharpTongue%20SharpTongue%20Deploys%20Clever%20Mail-Stealing%20Browser%20Extension%20SHARPEXT/indicators.csv

gonamod.com
siekis.com
worldinfocontact.club

# Reference: https://twitter.com/Des00464472/status/1550410336364527616

aire.us.to

# Reference: https://twitter.com/Des00464472/status/1529321196231487488

naverauthority.com

# Reference: https://twitter.com/Des00464472/status/1408013493358391296

preledd.club

# Reference: https://twitter.com/Des00464472/status/1554308879139618817

protect-team.n-e.kr
mail.protect-team.n-e.kr

# Reference: https://twitter.com/cyberwar_15/status/1559744857023062017

net-all.website
daum.net-all.website
kakao.net-all.website
onedrive.net-all.website
yahodrive.net-all.website
yandex.net-all.website

# Reference: https://twitter.com/PhantomXSec/status/1561490582513496064

bybitesupport.com
drivergooogles.com
kakaosupport.com

# Reference: https://twitter.com/PhantomXSec/status/1561738109884059649
# Reference: https://www.virustotal.com/gui/ip-address/51.195.155.36/relations

navericorp.com
nid.navericorp.com
avlinkt.online
avlinkx.online
avlinky.online
avlinkz.online
cutalink.store
cutblink.store
cutclink.shop
cutdlink.shop
linkurla.online
linkurlb.online
linkurlc.online
linkurld.online
midalink.live
midamain.shop
midaurl.site
midaurl.tech
midblink.xyz
midbmain.shop
midburl.site
midburl.tech
midclink.xyz
midcmain.click
middmain.click
movelinka.online
movelinkb.online
movelinkc.online
movelinkd.online
navurla.tech
netalink.space
netblink.space
netclink.store
netdlink.store
nilinks.online
nilinkt.online
nilinku.online
nlinka.link
nlinka.online
nlinkb.link
nlinkb.online
nlinkc.link
nlinkc.online
nlinkd.link
nlinkd.online
nlinke.link
nredia.tech
nredib.link
nredic.link
nredid.link
nredie.link
nredif.link
nredif.live
nredig.link
nredirea.live
nredireb.live
nredirec.live
nredirecti.tech
nredirectj.tech
nredirectk.tech
nredired.live
nserva.link
nserva.live
nservb.link
nservb.live
nservc.link
nservc.live
nservd.link
nservd.live
nserve.live
nshortlinka.live
nshortlinkb.live
nshortlinkc.live
nshortlinkd.live
nshortlinke.live
nurla.link
nvurli.online
nvurlu.online
nvurly.online
reashow.live
rebshow.live
recshow.live
redalink.xyz
redclink.xyz
redelink.tech
redflink.tech
redireact.online
redirebct.online
redirecct.online
rediurla.live
rediurlb.live
rediurlc.live
rediurld.live
redomain.info
redombin.info
redserva.online
redservb.online
redservc.online
redservd.online
redshow.live
shortacut.tech
shortanet.click
shortaurl.site
shortbcut.tech
shortbnet.click
shortburl.site
shortccut.info
shortcurl.site
shortcuta.online
shortcuta.xyz
shortcutb.online
shortcutb.xyz
shortcutc.online
shortcutc.xyz
shortcutd.online
shortcutd.xyz
shortdcut.info
shortdurl.site
shortlinka.xyz
shortlinkb.xyz
urlalink.info
urlblink.info
urlclink.info
urldlink.info
help.nredid.link
port.movelinkb.online
port.nredig.link
port.nservc.link
port.nservc.live
port.nshortlinke.live
port.redserva.online
postgres.nlinkd.online

# Reference: https://twitter.com/RedDrip7/status/1562282889693126659
# Reference: https://www.virustotal.com/gui/file/6a435e2aab6dce39d626eacb39fc964967e35e94abf513da0f6511ab7b1f826e/detection

uppgrede.scienceontheweb.net

# Reference: https://securelist.com/kimsukys-golddragon-cluster-and-its-c2-operations/107258/

225b4d3c305f43e1a590.blogspot.com
3a8f846675194d779198.blogspot.com
c52ac2f8ac0693d8790c.blogspot.com
leejong-sejong.blogspot.com
21nari.getenjoyment.net
21nari.mypressonline.com
21nari.scienceontheweb.net
attach.42web.io
attachment.a0001.net
bigfile.totalh.net
chmguide.atwebpages.com
chunyg21.sportsontheweb.net
clouds.rf.gd
glib-warnings.000webhostapp.com
global.onedriver.epizy.com
global.web1337.net
hochdlincheon.mypressonline.com
hochuliasdfasfdncheon.mypressonline.com
hochulidncheon.mypressonline.com
hochulincddheon.mypressonline.com
hochulincheon.mypressonline.com
hochulindcheon.mypressonline.com
hochulindddcheon.mypressonline.com
hochulinsfdgasdfcheon.mypressonline.com
koreajjjjj.atwebpages.com
koreajjjjj.sportsontheweb.net
kpsa20201.getenjoyment.net
leehr24.mywebcommunity.org
weworld78.atwebpages.com
weworld79.mygamesonline.org
yulsohnyonsei.atwebpages.com
yulsohnyonsei.atwewbpages.com
yulsohnyonsei.medianewsonline.com

# Reference: https://twitter.com/RedDrip7/status/1563074487452848128
# Reference: https://www.virustotal.com/gui/ip-address/216.189.154.6/relations
# Reference: https://www.virustotal.com/gui/file/7903bdf0976d5c6f3c28abf40c41414380f4494a8bf72af9e27ff810599faaf2/detection
# Reference: https://www.virustotal.com/gui/file/f63ff642e7025db96d6ebbd6da26aa9cece4f132891ce2a8385d7c034a7ead25/detection
# Reference: https://www.virustotal.com/gui/file/db18e23bebb8581ba5670201cea98ccf71ecea70d64856b96c56c63c61b91bbe/detection

accountverify.hmail.us
office.pushitlive.net
qwert.mine.bz

# Reference: https://twitter.com/Jup1a/status/1562720823869583360
# Reference: https://www.virustotal.com/gui/file/a0fddbb638fc4f3ba4cefc0707226e8c01eefd98f78d6a9b4fbca1ba74b21adf/detection

sectionss.scienceontheweb.net

# Reference: https://twitter.com/Des00464472/status/1564151538553352193
# Reference: https://www.virustotal.com/gui/ip-address/210.16.120.163/relations

xxdzts.com
autoconfig.xxdzts.com
autodiscover.xxdzts.com
mail.xxdzts.com

# Reference: https://twitter.com/ShadowChasing1/status/1568061411011760129

aasssambly.mywebcommunity.org

# Reference: https://twitter.com/PhantomXSec/status/1567738114638237697
# Reference: https://twitter.com/PhantomXSec/status/1567733296083398656
# Reference: https://www.virustotal.com/gui/ip-address/27.255.81.84/relations
# Reference: https://virustotal.com/gui/ip-address/61.97.251.247/relations

daum-master.com
daum-security.com
daurn.net
help-naver.com
naver-edoc.com
naver-edocu.com
naveradmin.center
naverc0rp.com
navercorp.date
navernail.eu
naverscenter.com
naverssl.com
sec-naver.com
6xv2abhu1nc0.help-naver.com
6xv2abhu1nc0.sec-naver.com
7nv42j9qxt140.help-naver.com
7nv42j9qxt140.sec-naver.com
ad.daurn.net
cafe.daurn.net
gud2abhu1nc0.help-naver.com
gud2abhu1nc0.sec-naver.com
m.cafe.daurn.net
nid.naverssl.com
nidiogin.naverc0rp.com
nidlogin.naverc0rp.com
nidlogin.navercorp.date
nids.naverscenter.com
ns.naverssl.com
rcaptcha.help-naver.com
rcaptcha.sec-naver.com
sks1.smartvpn.pe.kr
smartvpn.pe.kr
static.help-naver.com
static.sec-naver.com
uns.naverssl.com
wat.ad.daurn.net

# Reference: https://twitter.com/cyberwar_15/status/1567828108790890498

certuser.info
koreailmin.com

# Reference: https://twitter.com/PhantomXSec/status/1566863825999400960
# Reference: https://www.virustotal.com/gui/ip-address/38.132.122.162/relations

accounts-kakao.date
cds.naver2.info
com2.space
com3.top
hello.naver2.info
help2.top
help2.xyz
member2.download
naver-corp.top
naver-corp.xyz
naver.com3.top
naver.help2.xyz
naver.member2.download
naver2.eu
naver2.info
naver2.space
naver2.top
naver2.xyz
naver3.space
naver3.xyz
naver4.info
navercorp.top
navercorp.world
navercorp1.xyz
navercorp2.space
navercorp2.top
navercorp2.xyz
navercorp3.xyz
naverpwd.space
naverpwd.top
naverpwd.world
naverpwd.xyz
nid-naver.top
ro.naver2.info
sync-t1.naver2.info
tm.naver2.info
us7lb-cdn.naver2.info

# Reference: https://twitter.com/Des00464472/status/1568885820031135744
# Reference: https://www.virustotal.com/gui/ip-address/104.128.239.16/relations

hiworks.ga
insopack.mcsoft.org
myclouds.r-e.kr
office.hiworks.ga
softmail.kro.kr
app.softmail.kro.kr
office.myclouds.r-e.kr

# Reference: https://twitter.com/ShadowChasing1/status/1570601703598338049
# Reference: https://www.virustotal.com/gui/file/d3930b2494f45bb2c169124d4a39308303b9e8e87043afc54327c1e2a378e4e0/detection

cuts.dothome.co.kr
napoyo.mypressonline.com

# Reference: https://twitter.com/Des00464472/status/1570558688267739138

navers.tech
confluence.navers.tech
myboxs.navers.tech
myboxes.navers.tech
nied.navers.tech
techmyboxes.navers.tech

# Reference: https://twitter.com/ShadowChasing1/status/1576944331050471425
# Reference: https://www.virustotal.com/gui/file/f03a7a96e3ce5e35dd52ce026266b68aa35301828f1d909d858658051371473d/detection

krinnsnail.sportsontheweb.net/file/upload/list.php

# Reference: https://twitter.com/ShadowChasing1/status/1580001848211410944
# Reference: https://www.virustotal.com/gui/file/e1c09e045af8b7301390cd9619e3cca7a96d9d2bba2b5fc3385a093f3d69b6b4/detection

wayna.myartsonline.com

# Reference: https://twitter.com/cyberwar_15/status/1585965668054073345

docxpcgle.epizy.com
imhyoj8.myartsonline.com

# Reference: https://twitter.com/souiten/status/1592758204198719488
# Reference: https://www.virustotal.com/gui/file/2e1aca8c86562cc52b8bee6ecc45dabb1c11ebba94c81b059d8859a1b263f1e7/detection

yundy.mypressonline.com

# Reference: https://twitter.com/cyberwar_15/status/1575476579639078913

attachnents.epizy.com
cloud.kcrea.rf.gd
ewha-cloud.epizy.com
clouds.kvongnum.rf.gd
files.khu.rf.gd

# Reference: https://asec.ahnlab.com/ko/42163/ (Korean)
# Reference: https://otx.alienvault.com/pulse/63766a570640a9c4b0bd052d

jojoa.mypressonline.com
okihs.mypressonline.com

# Reference: https://twitter.com/ThreatBookLabs/status/1593523949664493568

quickedit.o-r.kr
www1.quickedit.o-r.kr

# Reference: https://twitter.com/souiten/status/1603398380687790080
# Reference: https://www.virustotal.com/gui/file/b9dcf7fe7e8ba30d363a19c2c43fc3eea93d281b10f6ee89cffe2a3e533af442/detection

infotechkorea.com

# Reference: https://twitter.com/ThreatBookLabs/status/1607989665487032320

m6.p-e.kr

# Reference: https://asec.ahnlab.com/en/44680/
# Reference: https://otx.alienvault.com/pulse/63a5a4e0a2d0a650343cda1c

3.supports.o-r.kr
conf.simpleedit.n-e.kr
configment.p-e.kr
dashboard.quikveoriy.o-r.kr
digital.pepperbank.kro.kr
foward.viewpropile.p-e.kr
heungkukfire.p-e.kr
inglife.kro.kr
k-bank.o-r.kr
k-bank1.kro.kr
kakaosaving.kro.kr
kamco.kbloan.kro.kr
kamco.kbloan.r-e.kr
kamco.webs.kro.kr
kbank.o-r.kr
kbloan.r-e.kr
naver.o-r.kr
naver65.n-e.kr
nhlife.kro.kr
pepperbank.kro.kr
quikveoriy.o-r.kr
secure-edit.n-e.kr
simpleedit.n-e.kr
smartshinhan.kro.kr
supports.o-r.kr
tos.p-e.kr
user2list.kro.kr
viewpropile.p-e.kr
w1.user2list.kro.kr
w3.secure-edit.n-e.kr
webs.kro.kr
wvw1.user2list.kro.kr
wvw3.secure-edit.n-e.kr
wwv3.supports.o-r.kr
www2.configment.p-e.kr

# Reference: https://twitter.com/souiten/status/1614811574119849989
# Reference: https://www.virustotal.com/gui/file/4e5ef5933078edeb09fd7d44f90843f4a221c1754d9d15a39aded79416b40779/detection

ielsd.myartsonline.com

# Reference: https://asec.ahnlab.com/en/45658/
# Reference: https://otx.alienvault.com/pulse/63c81a99d295f5fc0e67b465

lifehelper.kr

# Reference: https://twitter.com/StopMalvertisin/status/1622820104236077056

hydrotec.co.kr/bbs/img/cmg/upload2/
hydrotec.co.kr/bbs/img/cmg/upload3/

# Reference: https://twitter.com/StopMalvertisin/status/1621390517249654785
# Reference: https://www.virustotal.com/gui/file/a2e6e833947a1d5c526c0c2d6943e35bad9cbe22b52a6f7013ab8c1de0aa2d31/detection

jooshineng.com
/gnuboard4/adm/img/ghp/up/

# Reference: https://twitter.com/StopMalvertisin/status/1620651498014404608
# Reference: https://www.virustotal.com/gui/file/38640d508c137d0e05c6d34d6bf5618095baed364482baef908fe1d7b2310e15/detection

hkisc.co.kr/gnuboard4/bbs/img/upload/list.php
/gnuboard4/bbs/img/upload/

# Reference: https://twitter.com/StopMalvertisin/status/1626528455289610241
# Reference: https://www.virustotal.com/gui/file/97516e5250e44461a479de391daa0538b9714346263577bcb61961c1991efb27/detection

globalinbest.com
/src/bbs/sec/img3/

# Reference: https://twitter.com/fmc_nan/status/1635537014891372545
# Reference: https://www.virustotal.com/gui/file/8ac8eedfc8a155066915aed214dbf78c1f200124e5663b35f1935f31576fb71e/detection
# Reference: https://www.virustotal.com/gui/file/cd127b2f17e686c77898d0ed8b5325503fcbc9dbc4c9b63c7ae8722089db7564/detection

nideso.mywebcommunity.org

# Reference: https://twitter.com/StopMalvertisin/status/1635933718618734593
# Reference: https://www.virustotal.com/gui/file/451f50db8bc6719f3d34abc3ee3b907ac999c4139b58cab91066248d3b04c80f/detection

eum-it.co.kr/gnuboard4/bbs/img/upload/
/gnuboard4/bbs/img/upload/

# Reference: https://asec.ahnlab.com/en/49295/
# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2023-03-14-v10267/358
# Reference: https://otx.alienvault.com/pulse/64120cb4ea4bae2a4dbdf8d8

ria.monster
mp_eval_r.ria.monster
mpevalr.ria.monster
mpevlar.ria.monster
viewfile.ria.monster
/SmtInfo/show.php

# Reference: https://twitter.com/asdasd13asbz/status/1636173992695582720
# Reference: https://www.virustotal.com/gui/file/d0ec6d91cf9e7c64cf11accadf18f8b5a18a10efbecb28f797b3dbbf74ae846d/detection

http://172.93.193.158

# Reference: https://twitter.com/ShadowChasing1/status/1636391606592094208
# Reference: https://www.virustotal.com/gui/file/4e9d8f2d6bd17f71ed2a6c356deebc87801e413aad931b7ae1a70a8aa431d007/detection

breezyhost.net

# Reference: https://twitter.com/fmc_nan/status/1636667175913287680

delps.scienceontheweb.net/ital/info/list.php
delps.scienceontheweb.net/ital/info/sample.hwp

# Reference: https://asec.ahnlab.com/ko/50394/ (Korean)
# Reference: https://www.virustotal.com/gui/file/7a45a529b275cfaa6ebde88bf00413a11c0f701bf9e1e7e93ef27423fd17e3f5/detection

zetaros.000webhostapp.com

# Reference: https://twitter.com/BridewellCTI/status/1640376166858063874
# Reference: https://twitter.com/MichalKoczwara/status/1640393007382904851
# Reference: https://www.bridewell.com/insights/news/detail/bridewell-intelligence-report-kimsuky-apt-group---key-insights-for-uk-energy-cisos

aontechu.com
bsconvid.info
cdn-smtp.com
cereoni.org
cgui.eu
cmember.info
daumblog.eu
dmrxcloud.com
dreamhosregister.eu
edronium.com
gmember.eu
gmember.info
innovace.info
kakao-privacy.com
kakao-security.com
msn-imap.com
ncop.info
onkrdot.info
ontechvip.eu
publishhostmap.shop
umember.info
wordpress1s.xyz
_tls.publishhostmap.shop
accountc.gmember.eu
fqdn.nid.sslnaver.online
kr4.wordpress1s.xyz
logins.cdndaum.online
mail.cdndaum.online
nid.sslnaver.online
tls.publishhostmap.shop
web.publishhostmap.shop
web.sslnaver.online
webmail.dreamhosregister.eu

# Reference: https://twitter.com/ni_fi_70/status/1566770766389149696
# Reference: https://www.verfassungsschutz.de/SharedDocs/publikationen/EN/prevention/2023-03-20-joint-cyber-security-advisory.pdf
# Reference: https://otx.alienvault.com/pulse/641dd2ad4310d178a4c6766e

navernnail.com

# Reference: https://twitter.com/souiten/status/1645307251903840257
# Reference: https://www.virustotal.com/gui/file/0d663b9907a34604f120963b64a763c472e7e896857728199d3df912c93208a0/detection

messydoan.000webhostapp.com
mvix.xn--oi2b61z32a.xn--3e0b707e

# Reference: https://twitter.com/suyog41/status/1647956514005450752
# Reference: https://www.virustotal.com/gui/file/b92cb632535fd8b5c3863635b980611deae61420d76158fc6e7b307518302490/detection
# Reference: https://www.virustotal.com/gui/file/9fcd77ff9ec8a0b701316c3d45d4e6f7a0f012f5c2254a77628d233045839a7d/detection
# Reference: https://www.virustotal.com/gui/file/4f1081d688ba2477e097ebbbf0cce4048dbe9134da526949ae6e729f7b0494de/detection
# Reference: https://www.virustotal.com/gui/file/35cb65a70e8296aafd09b7550b13da2255bed9c30d6f284cce395e8e4532804c/detection

ibsq.co.kr/config/demo.txt
ibsq.co.kr/m.layouts/demo.txt
ibsq.co.kr/config
ibsq.co.kr/m.layouts

# Reference: https://twitter.com/malwrhunterteam/status/1648601223245725696
# Reference: https://www.virustotal.com/gui/file/6bab11d9561482777757f16c069ebef3f1cd6885dbef55306ffde30037a41d48/detection

xn--vn4b27hka971hbue.kr

# Reference: https://www.virustotal.com/gui/file/1ec4d60738a671f00089a86eeba6cb13750bce589e84fd177707718a4cc7d8f1/detection

partybbq.co.kr

# Reference: https://twitter.com/malwrhunterteam/status/1653682472163368960
# Reference: https://www.virustotal.com/gui/file/8cc66e4069a30885202b0328407ff167671133a1a539808c48f12928348744e0/detection

inspa.studioguy.com/bbs/data/bbs15/context.php
inspa.studioguy.com/bbs/data/bbs15/inquire.php
/bbs/data/bbs15/context.php
/bbs/data/bbs15/inquire.php

# Reference: https://www.sentinelone.com/labs/kimsuky-evolves-reconnaissance-capabilities-in-new-global-campaign/

mitmail.tech
newshare.online
rfa.ink
yonsei.lol
/bio234567890rtyui/
/bio433ertgd12/

# Reference: https://twitter.com/h2jazi/status/1658133904618934272
# Reference: https://www.virustotal.com/gui/file/76b2f8df4578d65d5b6d57af8784584c1bcf86402d964b567db58e63723b636c/detection
# Reference: https://www.virustotal.com/gui/file/bbcfcc719190f0a2c687778d5d2fd5c6e345d64f44a01b26d33b7df20e099d6f/detection

com-port.space
file.com-port.space

# Reference: https://www.virustotal.com/gui/ip-address/61.195.126.150/relations

blog.de-file.online
cf-health.click
com-def.asia
com-otp.click
com-people.click
com-port.space
com-price.space
com-www.click
de-file.online
kr-angry.click
kr-me.click
mid.navers.blog.de-file.online
navers.blog.de-file.online
navers.com-otp.click
navers.com-price.space
navers.de-file.online
nld.navers.de-file.online
uid.navers.com-price.space
uld.navers.com-otp.click

# Reference: https://www.virustotal.com/gui/ip-address/157.7.184.26/relations

bid.cyberestate.de-bat.click
bld.cyberestate.de-bat.click
blog.mpevalr.com-def.asia
com-coffee.click
com-def.asia
com-port.space
cyberestate.de-bat.click
de-bat.click
de-two.website
k-ac.net
logins.nlfty.com-coffee.click
mpevalr.com-def.asia
navers.blog.mpevalr.com-def.asia
nld.navers.blog.mpevalr.com-def.asia
nlfty.com-coffee.click
point.com-def.asia
smart.com-coffee.click
smart.de-bat.click
sniperman.click
view.sniperman.click

# Reference: https://www.virustotal.com/gui/file/fd63e26bd09fd13d86d4505d9aa53c4bf599f9de954e7bccfa01179fd644d218/detection

trusteer.ink

# Reference: https://twitter.com/malwrhunterteam/status/1656946771053150208
# Reference: https://www.virustotal.com/gui/file/42f76f37742103bd599a68ef508b515efeb9e9ffddbfdcc43eb552b70b2440e9/detection
# Reference: https://www.virustotal.com/gui/file/cca4e9fc00647b644d334b2bab03d1a9acb23f7492c7c5aa2d283be78b87d67d/detection

jeannecampos.com/wp-includes/certificates/ca-bundle.php

# Reference: https://twitter.com/StopMalvertisin/status/1669259390237708291
# Reference: https://www.virustotal.com/gui/file/de2fd62fafe61f46ad967c84dd7fbca80d31ad4729fed051d527d9ba45857fd6/detection

sendlucky.scienceontheweb.net

# Reference: https://twitter.com/StopMalvertisin/status/1669379338691837953
# Reference: https://twitter.com/StopMalvertisin/status/1669379341820792832
# Reference: https://www.virustotal.com/gui/file/2763ddf592130cd80198fb60546dfb28de5f647df34522e4ab58a8bf5e63b769/detection
# Reference: https://www.virustotal.com/gui/file/0d19cf462bd2b5f84a7525575031de032db6df30925ef86ac1a9f4441ecce9f3/detection

greenspace1.com
html.gethompy.com
well-story.co.kr
/gnuboard4/bbs/pnger/
/gnuboard4/bbs/pnger/main.php
/gnuboard4/bbs/pnger/stdio.php

# Reference: https://asec.ahnlab.com/en/55145/

getara1.mygamesonline.org
pikaros2.r-e.kr

# Reference: https://twitter.com/0x0v1/status/1683434522413547521

bandi.tokyo
one.bandi.tokyo

# Reference: https://www.virustotal.com/gui/file/928e61590b2c4acf3991bd4327c5107c1cfd2604d992647c4e63bd1d620ff636/detection

partner24.kr/mokozy/hope/kk.php
/mokozy/hope/kk.php

# Reference: https://twitter.com/tiresearch1/status/1686258180819730432

3group-view.click
3group-view.space
appfile.click
com-file.space
db-wine.click
direct-million.online
file-hide.click
file-vip.space
go-wt.space
mi-eve.click
mufg.wiki
nr-token.space
otp-kr.space
toss-tree.click
wide-org.click

# Reference: https://twitter.com/ThreatBookLabs/status/1686363399679029249

com-in.asia
file-mango.space
ne-point.space
value-domain-com.site

# Reference: https://www.sentinelone.com/labs/kimsuky-new-social-engineering-campaign-aims-to-steal-credentials-and-gather-strategic-intelligence/
# Reference: https://otx.alienvault.com/pulse/64805aad021906141c79aec0

nknews.pro
staradvertiser.store

# Reference: https://twitter.com/tiresearch1/status/1688552033245409280

mz-ftp.online
net-doc.click

# Reference: https://twitter.com/tiresearch1/status/1691131020517707776

do-can.click
mz-follia.space

# Reference: https://twitter.com/ginkgo_g/status/1692029899094274388
# Reference: https://www.virustotal.com/gui/file/470027cf8dd33b201b465b109a9876d0a75667be907af770eb76ff5798496ae4/detection

grekop.online

# Reference: https://twitter.com/ginkgo_g/status/1692068693113737630
# Reference: https://www.virustotal.com/gui/file/c676e9b009913bf55372fc756c6d7a19b51528e2f20ff598be2f953e5f78c754/detection

steeringsvr.online

# Reference: https://asec.ahnlab.com/en/54678/
# Reference: https://otx.alienvault.com/pulse/649304a4045008836f16efac

vndjgheruewy1.com

# Reference: https://twitter.com/tiresearch1/status/1694250245486748033

no-one.click

# Reference: https://twitter.com/souiten/status/1697515866148270249
# Reference: https://www.virustotal.com/gui/file/821b43f3151e568ebf436a05928909968ace706049e09feeec448a3efe9af67c/detection

http://43.201.69.58
43.201.69.58:8080

# Reference: https://twitter.com/ginkgo_g/status/1702242436632945025
# Reference: https://www.virustotal.com/gui/file/1426269940ef6036941ccfbf68b0b65259bc72918f30481465a11d8b97250f07/detection

isujeil.co.kr/pg/adm/img/upload1/list.php

# Reference: https://www.virustotal.com/gui/ip-address/104.168.219.12/relations
# Reference: https://www.virustotal.com/gui/ip-address/142.11.205.109/relations

navemorp.cloud
naver-centre.com
naver-email.report
navercorp.tech
navercorpv2.email
naverhelp.cloud
naverquery.host

# Reference: https://twitter.com/ginkgo_g/status/1703583960461402223
# Reference: https://www.virustotal.com/gui/file/59a0b32c22c79e7e48614add0e5cdf846f50d38d46201077309534a093a723ac/detection

00701111.000webhostapp.com

# Reference: https://twitter.com/tiresearch1/status/1703715668368240708
# Reference: https://twitter.com/tiresearch1/status/1703811837719142890

com-atw.click
com-bss.click
com-cbw.fun
com-condor.click
com-condor.website
com-cyb-seed.click
com-data.click
com-final.click
com-first.click
com-gpt.click
com-mns.click
com-mns.fun
com-nfi.click
com-nft.click
com-nfw.space
com-ntw.site
com-renewal.click
com-second.click
com-seoul.website
com-share.click
com-smt.click
com-will.click
com-will.online
com-will.pw
medicert.click
navers.site
navserves.com
net-off.online

# Reference: https://twitter.com/tiresearch1/status/1708511711878340625

ad-naver.com
navercorps24.com

# Reference: https://twitter.com/tiresearch1/status/1708528528344670643

naver-clouds.com
naver-drives.com
naver-notices.com

# Reference: https://asec.ahnlab.com/en/57873/

5.61.59.53:2086
onessearth.online
powsecme.co
/up/upload_dotm.php

# Reference: https://twitter.com/tiresearch1/status/1717799289198674086

co-eu.info
com-log.in.net
com-mode.in.net
invoice.navers.com-mode.in.net
mn-tr.click
navers.com-log.in.net
navers.com-mode.in.net
nid.navers.com-log.in.net

# Reference: https://twitter.com/MichalKoczwara/status/1718637997002809395
# Reference: https://www.virustotal.com/gui/ip-address/27.255.75.154/relations
# Reference: https://www.virustotal.com/gui/ip-address/27.255.81.108/relations
# Reference: https://www.virustotal.com/gui/ip-address/27.255.81.120/relations
# Reference: https://www.virustotal.com/gui/ip-address/27.255.81.82/relations

arakyaly.eu
cloudown.store
cnnail.info
hummedaroundput.com
kakaocorp.info
kakaodownload.eu
kakaomail.site
kakaomailer.eu
kakaon.store
kakaopaey.info
mailcorp.eu
namcho.homes
navemail.space
navercrop.com
navercrp.com
navermail.click
navermail.live
naveroriae.eu
naverpwd.com
naverscorp.info
orsiu.online
uansilne.site
usage.store
usance.online
voanews.store
weekbootseey.com
0vym.mailcorp.eu
8fkn.mailcorp.eu
accountsbinance.navermail.click
accountseoke.cookiemanager.online
accountserok.usance.online
accountseuoe.naveroriae.eu
accountseuok.kakaopaey.info
activedirectory.msoffic.homes
airwatch.msoffic.homes
aw.msoffic.homes
book.mailcorp.eu
campaign.mailcorp.eu
client.msoffic.homes
cloud.msoffic.homes
com.mailcorp.eu
community.msoffic.homes
configmgrenroll.msoffic.homes
console.msoffic.homes
cookiemanager.online
cs.mailcorp.eu
delivery.msoffic.homes
dnerok.usance.online
emv1.cookiemanager.online
enrollment.msoffic.homes
find.msoffic.homes
fsvoa.voanews.store
hadoop.msoffic.homes
help.navercrop.com
helpids.ncookieclear.homes
helpnaver.msoffic.homes
helpsec.ncookieclear.homes
jenkins.msoffic.homes
jira.msoffic.homes
link.msoffic.homes
logingns.arakyaly.eu
maillo.arakyaly.eu
mailpo.arakyaly.eu
mdmds.msoffic.homes
media.weekbootseey.com
mi.msoffic.homes
mobility.msoffic.homes
mon.msoffic.homes
msoffic.homes
mta2.msoffic.homes
ncookieclear.homes
nid.navercrop.com
nid.naverpwd.com
nidcl.kakaopaey.info
nidlgn.namcho.homes
nidnaver.msoffic.homes
nidpos.namcho.homes
nidroue.naveroriae.eu
nids.ncookieclear.homes
nidsess.ncookieclear.homes
nlgin.ncookieclear.homes
ns4.msoffic.homes
nsec.ncookieclear.homes
nsight.navercrop.com
nuid.navermail.click
oct.msoffic.homes
onedrive.msoffic.homes
origin-www.msoffic.homes
outlook.msoffic.homes
owa.msoffic.homes
p.msoffic.homes
pdu.msoffic.homes
public.hummedaroundput.com
resource.msoffic.homes
sslids.ncookieclear.homes
sslnaver.msoffic.homes
sslsec.ncookieclear.homes
stat_tiaraerok.usance.online
stg-www.msoffic.homes
stream.msoffic.homes
t1_daumcdnerok.usance.online
transfer.msoffic.homes
www1.msoffic.homes
wwwcorpids.ncookieclear.homes
wwwcorpnaver.msoffic.homes
wwwcorpsec.ncookieclear.homes
wwwlgin.ncookieclear.homes
wwwsec.ncookieclear.homes
wwwsess.ncookieclear.homes
zenworks.msoffic.homes

# Reference: https://asec.ahnlab.com/en/57873/
# Reference: https://otx.alienvault.com/pulse/65312ede507158b7c49f8e87

superpcparts.com

# Reference: https://twitter.com/tiresearch1/status/1719617997168660766

xn--3e0b39ycvbh9d.p-e.kr
xn--939a1gynmpm0ukuoxtbq59g.r-e.kr
eid.xn--939a1gynmpm0ukuoxtbq59g.r-e.kr
mood.xn--3e0b39ycvbh9d.p-e.kr

# Reference: https://twitter.com/tiresearch1/status/1719985431687917799

kakaoaccouts.store

# Reference: https://asec.ahnlab.com/wp-content/uploads/2023/10/20231101_Kimsuky_OP.-Covert-Stalker.pdf

1-z.never.com.ru
a1ive.info
aa.goooglesecurity.com
aadcdnmsauthdose.certuser.info
aadcdnmsauthmicrosoftharvard.certuser.info
aadcdnmsftauthdose.certuser.info
aadcdnmsftauthmicrosoftharvard.certuser.info
accdaum.login.mail.pl
account.googlernails.com
account.goooglesecurity.com
accountdose.certuser.info
accountmicrosoftharvard.certuser.info
accounto.afgvillage.eu
accounts.daums.pro
accounts.googlernails.com
accounts.goooglesecurity.com
accounts.guser.eu
accounts.navernnail.com
accountseuok.kakaocore.eu
accountskakao.login.mail.pl
accountskakao.navernnail.com
accountsleu.kakaoreug.info
accountsmil.kakaoreug.info
accountsmt.certuser.info
ads-twitterbybit.navernnail.com
afgvillage.eu
aire.p-e.kr
analyticsbybit.navernnail.com
apisbybit.navernnail.com
app.cjphoto.ga
app.firmware.o-r.kr
app.iptimes.o-r.kr
app.saferzone.ml
app.tookit.r-e.kr
assambly.atwebpages.com
assambly.mypressonline.com
assambly.mywebcommunity.org
auth.worksmobile.kro.kr
blog.nidcorp.site
bluemotion.co.kr/cheditor4/insert_link.php
bstill.kr/gnuboard4/bbs/view_coma.php
cadorg.p-e.kr
cc.navernnail.com
cc.never.com.ru
cc.nidcorp.site
cc.weataxs.site
cclg.never.com.ru
cclogin.navernnail.com
cdnbybit.goooglesecurity.com
cdnbybit.navernnail.com
cengroup.kro.kr
cimoon.ga
cjphoto.ga
client.coreavpn.kro.kr
cmonunt.online
connectfacebookbybit.goooglesecurity.com
connectfacebookbybit.navernnail.com
coreavpn.kro.kr
csma.certuser.info
da.infocheck.cf
dadrollbybit.navernnail.com
daum.otp-system.p-e.kr
daum.otpsystem.p-e.kr
daum.protect-mail.p-e.kr
daum.protectmail.p-e.kr
daums.pro
dmail.p-e.kr
dnleu.kakaoreug.info
dstent04.co.kr/wp-includes/SimplePie/Items.php
extparts.info
firmware.o-r.kr
g00gledrive.atwebpages.com
g00gledrive.mywebcommunity.org
g00gledrive.sportsontheweb.net
generalparts.info
github.ne.kr
goaffecbybit.navernnail.com
googlernails.com
goooglesecurity.com
guser.eu
gw.yottatech.r-e.kr
hao.lantian.p-e.kr
hellosnbybit.navernnail.com
hi.ncgncg.p-e.kr
hiwi.o-r.kr
hiwi.p-e.kr
hotlook.jonga.ml
huitadfsharvard.certuser.info
hyper.cadorg.p-e.kr
iishtt.p-e.kr
infoauth.shop
infocheck.cf
infrabybit.goooglesecurity.com
infrabybit.navernnail.com
iptimes.o-r.kr
it-ace.r-e.kr
joongang.site
jsadsrvrbybit.navernnail.com
june.lovelyclient.ml
kakaocore.eu
kakaoreug.info
keyharvard.certuser.info
koreaglobal.atwebpages.com
koreaglobal.mypressonline.com
koreaglobal.mywebcommunity.org
koreailmin.atwebpages.com
koreailmin.mypressonline.com
koreailmin.mywebcommunity.org
krhome.ga
lantian.p-e.kr
lcs.navernnail.com
lcs.never.com.ru
lcs.nidcorp.site
lcs.weataxs.site
lcslogin.navernnail.com
listmember.info
live.com.cm
logcheck.ga
login.microsftonline.tk
login.org.ro
logindose.certuser.info
loginmicrosoftharvard.certuser.info
logins.daums.pro
loginsdose.certuser.info
loginsma.certuser.info
loginsmicrosoftharvard.certuser.info
lovelyclient.ml
m1ma.certuser.info
m2_daumcdnmt.certuser.info
mail.it-ace.r-e.kr
mail.masters-login.r-e.kr
mail.masterslogin.r-e.kr
mail.never.com.ru
mail.nidcorp.site
mail.yoonseul.kro.kr
maildose.certuser.info
mailis.extparts.info
mailis.walock.info
mailma.certuser.info
mailmicrosoftharvard.certuser.info
mailnts.goooglesecurity.com
mailsr.walock.info
mailweb.afgvillage.eu
managerbybit.navernnail.com
masterslogin.r-e.kr
matchbybit.goooglesecurity.com
matchbybit.navernnail.com
mcyandexbybit.navernnail.com
memberma.certuser.info
mi.never.com.ru
microsftonline.tk
mlcrst.p-e.kr
msoharvard.certuser.info
mxndu.r-e.kr
myinfo.nsupport.ml
naver-logs.r-e.kr
naver.nidcorp.site
naver.weataxs.site
navercopr.co
navercopr.ml
navercopr.tk
naverlogs.r-e.kr
ncgncg.p-e.kr
never.com.ru
ngrok.p-e.kr
nid.logcheck.ga
nid.navercopr.co
nid.navercopr.ml
nid.navercopr.tk
nid.navernnail.com
nid.never.com.ru
nidcorp.site
nidlog.never.com.ru
nidlogin.navernnail.com
nidm.navernnail.com
nihaiji.p-e.kr
nmail.p-e.kr
objects.n-e.kr
omtom.r-e.kr
osupdate.r-e.kr
otp-system.p-e.kr
otp.r-e.kr
otpsystem.p-e.kr
outlookdose.certuser.info
outlookmicrosoftharvard.certuser.info
peer.o-r.kr
playnto.afgvillage.eu
playnts.googlernails.com
playnts.goooglesecurity.com
policyma.certuser.info
preview.p-e.kr
protect-mail.p-e.kr
protectmail.p-e.kr
proxy.ngrok.p-e.kr
qingli.o-r.kr
regular.winupdate.kro.kr
rok.my.to
sadrollbybit.navernnail.com
sadxiobybit.navernnail.com
saferzone.ml
sdfwerwer.sbs
servicebybit.navernnail.com
sftp.r-e.kr
signaler.goooglesecurity.com
sire.r-e.kr
sjkdfuiowe.p-e.kr
smart-alyac.r-e.kr
snaplicdnbybit.navernnail.com
spi_mapsmt.certuser.info
ss_mt.certuser.info
sslnts.goooglesecurity.com
stat_tiaraleu.kakaoreug.info
stat_tiaramt.certuser.info
stat_tiaraosi.kakaoreug.info
static-sg.goooglesecurity.com
staticbybit.navernnail.com
staticnid.navernnail.com
staticnid.never.com.ru
support.github.n-e.kr
support.github.ne.kr
syncoutbrainbybit.goooglesecurity.com
synctaboolabybit.goooglesecurity.com
t1_daumcdneuok.kakaocore.eu
t1_daumcdnkakao.navernnail.com
t1_daumcdnleu.kakaoreug.info
t1_daumcdnmt.certuser.info
t1ma.certuser.info
test.mydomainisok.kro.kr
tookit.r-e.kr
topfwz1mailbybit.navernnail.com
track_tiara_daummt.certuser.info
track_tiara_kakaomt.certuser.info
ucmdjwer.lol
uieosdj.r-e.kr
update-online.p-e.kr
update.naver-logs.r-e.kr
update.naverlogs.r-e.kr
update.p-e.kr
usesignal.info
vitual.p-e.kr
vlnk.ga
voanews.one
waesme.shop
walock.info
weataxs.site
webmail.cellivery.ml
webmail.cengroup.kro.kr
wetaxces.online
wgbybit.goooglesecurity.com
wgbybit.navernnail.com
wgsnto.afgvillage.eu
winupdate.kro.kr
worksmobile.kro.kr
wwkakao.goooglesecurity.com
wwmt.certuser.info
wwwbybit.goooglesecurity.com
wwwbybit.navernnail.com
wwwdose.certuser.info
wwwma.certuser.info
wwwmicrosoftharvard.certuser.info
wwwnto.afgvillage.eu
wwwnts.googlernails.com
wwwnts.goooglesecurity.com
xinzhong.r-e.kr
xx.navernnail.com
y-cloud.never.com.ru
yoonseul.kro.kr
yottatech.r-e.kr
youtubnts.goooglesecurity.com
/ewf43fewfwf4tfw4/
/ewf43fewfwf4tfw4/wf7weyr892hfwogewgsfg3.php
/tygygvftsfx8g68Gu8x7s78gsvseidj6.php
/tygygvftsfx8g68Gu8x7s78gsx6.php
/tygygvftsfx8g68Gu8x7s78gsx6519.php
/tygygvftsfx8g68Gu8x7s78gsxueidj6.php
/wf7weyr892hfwogewgsfg3.php

# Reference: https://app.validin.com/axon?find=27.102.106.48&type=ip

governments.pro
nidnaver.space
nidscorp.site
nps-home.store
nps-news.store
nps-service.store
nps-services.store
weataxc.site

# Reference: https://app.validin.com/axon?find=27.10.16.4&type=ip

wetax-io.store

# Reference: https://www.virustotal.com/gui/ip-address/141.164.50.204/relations
# Reference: https://app.validin.com/axon?find=141.164.50.204&type=ip

applc.site
bilfstakecooke.site
chainsflix.net
check-youtube.info
check-youtube.online
confirmes-youtebu.com
documentviews.com
drivesgooglce.site
emv1.documentviews.com
emv1.securiteams.info
emv1.sharedboxview.online
exchange-birances.com
ftc-home.space
gocgle.site
googlc.site
googlces.site
googlcs.site
homestex.info
kftc-cert.site
linekdin.online
linkdlin.ink
little-stars.site
myidentifitesrv.site
nlvdcp9p2d.sharedboxview.online
nps-alert.site
nps-services.info
post-binarianse.info
rememberapp.site
rememberapps.info
s1.documentviews.com
s1.securiteams.info
s1.sharedboxview.online
sarnsung-mail.info
sarnsung.store
securecenters.site
securiteams.info
service.documentviews.com
service.securiteams.info
service.sharedboxview.online
services-dosi.world
sharedboxview.online
wetac.store
weatacs.site
wetacx.store
wetaxs.lol
wetacx.xyz
wetaczx.lol
wetaczx.site
wetaczx.xyz
wetaex.site
wetax-io.xyz
wetaxce.online
wetaxcs.site
wetaxs.xyz
wetaxz.xyz
wetazx.space
weteax.site
xn--policy-linkedn-dmb.com
youtube-ex.site
youtube-in.site

# Reference: https://app.validin.com/axon?find=141.164.52.102&type=ip

bilfstakecooke.site
check-lnkedin.site
check-youtuibe.site
confirms-linkeclein.info
confirrns-linkeclin.site
extend-gooqlie.site
goooleclouds.site
goooleclrive.online
goooleclrive.site
goooleclrives.site
goooledrivs.com
goooledrivs.info
gooqle.site
govenment24.site
hornestax.site
linkeclein.site
linkecleins.site
myacountsinfo.com
niclvaldates.site
rememberapp.fun
rememberapp.online
sarnsung.store
seumtax.website
vve-tax.site
vvetax.store
we-tax.site
xn--check-linkedn-7ib.com

# Reference: https://app.validin.com/axon?find=158.247.227.83&type=ip

belluster.com
homestax.info
exchange-dosi.world
kakaologins.com
rimbacell.store

# Reference: https://twitter.com/asdasd13asbz/status/1725337231949459834
# Reference: https://www.virustotal.com/gui/file/97df5304f53fec6a5d2d2bd75b9310a3747b681520fe45d2961bc4df86e556d7/detection

rscnode.dothome.co.kr

# Reference: https://twitter.com/asdasd13asbz/status/1727856931635872121
# Reference: https://www.virustotal.com/gui/ip-address/84.32.131.87/relations
# Reference: https://www.virustotal.com/gui/file/b6e1351f1767a2cacb3fc7515f0a67691bbd8b9274a26c2953ba898ba879ebea/detection

offlinedocument.site
nav.offlinedocument.site

# Reference: https://asec.ahnlab.com/ko/59460/ (# RftRAT)

152.89.247.57:52390
172.93.201.248:52390
172.93.201.248:8083
192.236.154.125:50108
209.127.37.40:52390
23.236.181.108:52390
91.202.5.80:52030
brhosting.net
splitbusiness.com
techgolfs.com
theservicellc.com
topspace.org

# Reference: https://twitter.com/tiresearch1/status/1734110501008024064
# Reference: https://app.validin.com/axon?source=DNS&limit=100&type=ip&find=141.164.60.65

blockmedia.site
dewhales-capital.website
gocgles.com
linkcline.info
linkdeln.site
linkdien.site
linkdien.store
linkdien.website
moiss.site
notify-linkcldines.com
nps-center.space
nps-ebook.site
nps-ebook.space
nps-ebook.store
nps-emails.site
nps-main.store
nps-notice.site
nps-notice.space
nps-notice.store
nps-notify.site
nps-notify.space
nps-notify.store
nps-post.space
nps-posts.site
nps-posts.space
nps-posts.store
nps-report.site
nps-views.site
nps-views.space
nps-views.store
npsmsg.space
nts-go.site
nts-go.store
nts-home.space
nts-home.store
nts-inform.site
nts-msg.site
nts-post.site
nts-post.store
ntsemail.site
ntshome.site
ntshome.space
ntsmails.site
ntsnews.site
private-center.site
qoooqle.site
qoooqledrive.site
naver.moiss.site
naver.nps-posts.store
naver.nps-views.space
naver.nps-views.store
naver.nts-email.store
naver.ntshome.site
naver.private-center.site

# Reference: https://twitter.com/tiresearch1/status/1734887415633060265
# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=185.160.27.92

binarice.info
dosi-info.world
fanaticsretailgroup.site
identitychecks.info
ir-service.online
ir-service.site
irspost.site
naverhelps.info
naverscorp.com
naversystem.autos
nft-dosi.world
nidmembnscorp.site
nidnaver.club
nidusrnacorp.site
nidusrshcorp.site
nidusrsncorp.site
nidusrsvcorp.site
nidusrszcorp.online
nidvenify.site
notice-dosi.world
nps-inform.site
nts-email.space

# Reference: https://twitter.com/tiresearch1/status/1735211111123923345

aceenign.click
arakte.click
auridab.click
clindoc.link
inklmo.click
iaxevar.click
kakaologin.info
kkruelo.link
leurnteke.link
natelogin.homes
natelogin.info
natelogin.site
nates.lat
nates.store
natesign.site
ntsinfo.space
pelmpusse.link
rpriseber.click
scenaeco.click
scourt-kr.site
strutute.click
wetax.site

# Reference: https://www.virustotal.com/gui/ip-address/208.73.209.42/relations

1stsufi.click
5bioresearch.click
aboladmi.click
abortionnc.click
abourned.click
absadvi.click
accesssof.click
accianc.click
accounem.click
ackexpertsope.click
ackiloverrd.click
activequic.click
additioeak.click
adeciil.click
admissiph.click
adopouch.click
adsparc.click
aemoyoi.click
aerobook.click
aeropetsc.click
aevofim.click
affsimi.click
afterioi.click
ageegigi.click
ahldjwa.click
aiantarprisasa.click
airpetrom.click
airstate.click
aldirectorygem.click
alestechnic.click
algebraagei.click
algebraheroi.click
algebraquizi.click
alpalob.click
alphastateibi.click
althmoexch.click
amafixlog.click
amawturk.click
amayok.click
amplappe.click
anbint7.click
angeadventurec.click
anglpoc.click
anywireul.click
aokpag.click
appeypak.click
aratedc.click
aresahiai.click
argmenidi.click
arppacktheexce.click
arrangpateh.click
arrayexi.click
arroganth.click
arrowrfe.click
arsgeostra.click
artauctiondi.click
artknowledgef.click
asokesf.click
aspectvec.click
asylumba.click
ataptwatuhi.click
attiavi.click
autocoachi.click
autoopenmore.click
avenuevi.click
avexehe.click
awareta.click
awortak.click
azkidorsal.click
azphatigeri.click
backghea.click
bairlif.click
balcarve.click
bariak.click
barkkom.click
bdusted.click
belongad.click
benmetl.click
bestelipite.click
betttiveagei.click
biigband.click
biizinc.click
biopiilyred.click
birmerricdi.click
bisgasc.click
bisysofta.click
bitdepotma.click
bizardall.click
bizconsulting.click
bizfirmmobil.click
bizkingdom.click
blastave.click
bliogfull.click
bloegiresearch.click
bloodipl.click
bollehe.click
bonusistream.click
booekifreak.click
bookcatssim.click
bookexpertbl.click
bookurde.click
bouskaji.click
bouzeik.click
bramovieexperience.click
brazome.click
breakfpti.click
breeermi.click
brellaish.click
brendmeg.click
bringji.click
bronzcke.click
buitroa.click
bunzscape.click
burstna.click
businessball.click
busiyspace.click
butwzl.click
calculateenergyi.click
calculatelofti.click
camerical.click
canceba.click
candire.click
carvfan.click
casrbel.click
casthec.click
censubi.click
chaneel.click
changinc.click
chaoticpci.click
cheaplookturrearle.click
cheessil.click
chemisacc.click
chiefhad.click
choimark.click
choioesiefund.click
choocomi.click
choosegram.click
choosehea.click
choosqua.click
chorcem.click
cinewif.click
circlewarehouse.click
circzeshowsi.click
cleavoice.click
clinoffi.click
cloudityhall.click
cloudrack.click
clpueze.click
clubing.click
clubpurei.click
comepe.click
comforfiguh.click
commandpackage.click
commibri.click
communund.click
compaief.click
compchal.click
compleioki.click
complexpartyi.click
comuterul.click
conditmem.click
confineuna.click
confusedpublishingi.click
confusedtubei.click
confusionactivei.click
conteete.click
cooeliguide.click
cooktri.click
coolkick.click
coozjengzei.click
cottahine.click
cottgoa.click
coununda.click
couragsi.click
coutescea.click
covoxidel.click
creamsna.click
creativepalace.click
creditvid.click
credworm.click
creepsa.click
creradi.click
critcire.click
criteic.click
criticcom.click
criticorb.click
crosswrea.click
cryptoomiidebugi.click
culaesc.click
cumclube.click
cunnincha.click
curvebra.click
cutebybeh.click
dangersib.click
darkblind.click
dataedusoul.click
delayfil.click
deletea.click
denarye.click
depaipre.click
depraveline.click
descenoffsc.click
detairepl.click
detaoffi.click
detecsel.click
detewell.click
develtfie.click
deviatdib.click
dgteltdeete.click
dialecte.click
dichagh.click
didefronti.click
difficra.click
digiibyte.click
digiimed.click
directepe.click
directspeak.click
direigamei.click
dirtegai.click
discefe.click
discovedia.click
dishush.click
dismcia.click
disminic.click
distinctall.click
diveduf.click
dividefe.click
doiriectfield.click
domesund.click
doorsym.click
dramnte.click
drawerf.click
dreammartope.click
drienced.click
drwatche.click
dugatte.click
duperlifedrylei.click
ealmatuppa.click
ealunitedi.click
earchhireanyti.click
earthmaj.click
eartnci.click
easiysafe.click
eastode.click
easyrech.click
ebearmobil.click
ebtaicb.click
eceskid.click
ecrueza.click
editlash.click
eenetierprise.click
eenhide.click
eginspi.click
eisable.click
ejedavi.click
elbmrbj.click
electroni.click
elemdeca.click
elemenhemd.click
elimnaed.click
emasjab.click
embomri.click
emgradee.click
emotscra.click
enagcal.click
encpttonei.click
encrypttonei.click
enestintale.click
enigmaminei.click
enlaara.click
enlsuse.click
ensenzavala.click
ependhirri.click
epictrecki.click
eprodra.click
equaedi.click
erbavaa.click
erfectbearmag.click
errellzimme.click
ervaaie.click
etamole.click
ethscra.click
etifcem.click
euthemi.click
euthymul.click
evereduca.click
excesfi.click
excharec.click
execam.click
exileped.click
exishave.click
expanntc.click
expartrank.click
experala.click
experibel.click
experipdata.click
expertbea.click
expertsthereal.click
explenfi.click
explodte.click
exquisitelittle.click
extreti.click
factnsi.click
fallmeile.click
fastse.click
feeliite.click
feelinine.click
feetelevisionfractiong.click
fenceoje.click
feverom.click
fieblind.click
figureove.click
fillpolla.click
financte.click
findpictarese.click
finidengine.click
finistrike.click
firsttaxi.click
flekene.click
fleuota.click
flexipre.click
flooddiag.click
flourcumi.click
flowerfie.click
flyftra.click
flyimobile.click
flywayfoodca.click
foirwarmerce.click
foodoldcloud.click
foodprotecti.click
footbanic.click
fopassyoudock.click
forbidna.click
formaga.click
formalyci.click
formulpri.click
forrice.click
freezismil.click
frequeian.click
freshcare.click
fullhousefeature.click
fulllifte.click
furspeede.click
gaffeicl.click
gaffesodi.click
gamingcool.click
gapetog.click
gaworem.click
geimrich.click
geograpick.click
geokeeiwantunited.click
geowayini.click
getaidventure.click
getyoarplaunch.click
getyoningneatme.click
getyoualthwinra.click
giababk.click
glessel.click
globetra.click
goaletck.click
gocapital.click
goiodsmith.click
goldchicg.click
golidwork.click
goodcloud.click
goterriek.click
gotowesk.click
gotriek.click
gownpuh.click
gratefjul.click
gravelem.click
greeaitjournal.click
greeisd.click
grieatdeck.click
grieatspeak.click
grimacpeanh.click
gtilrla.click
guejova.click
guestfem.click
gulomaze.click
hallhal.click
hallmode.click
hapepiyom.click
harassmi.click
harbcalm.click
hardratingsi.click
harnessmag.click
headlanch.click
heallfci.click
helliowealth.click
hellipee.click
higginstessawe.click
hirllolock.click
hirllorircord.click
histessicietese.click
histstudiosa.click
horoscnab.click
horsackl.click
horseresi.click
hotdognec.click
hoveora.click
hseiref.click
humorface.click
ibusine.click
ickbymoregram.click
icrotracksanytim.click
ideapacbetterlook.click
ideaspring.click
ideavilla.click
ightresource.click
iglanedatati.click
ikebuddiesmrme.click
ilightite.click
ilikeinfoini.click
imagera.click
imagetpack.click
imaguff.click
importood.click
impossibleservei.click
impulssha.click
incapacom.click
incssure.click
indiibl.click
indrecodc.click
infoboxi.click
infodowersmile.click
injefasc.click
inkimpalace.click
inkstandmappa.click
insisteca.click
insitsd.click
inspunch.click
insuraeka.click
insureesc.click
intecti.click
internetcollectiveibi.click
internetoff.click
investream.click
ionfioscape.click
irenmta.click
isolaticre.click
isquaid.click
issystem.click
itjungnwheel.click
itmeeid.click
iwaenittable.click
iwanittrade.click
izapi.click
izetnb.click
jelldra.click
jeweihb.click
jezvila.click
jobifue.click
jobreytalre.click
joystslab.click
jumbleclocki.click
jumblehandi.click
jumblemenui.click
justzene.click
karmafzighti.click
kentara.click
keyireai.click
killwha.click
kitstopone.click
klfask.click
kloedil.click
kmestick.click
knehole.click
knifatte.click
knotmastersi.click
kolinic.click
kreitivepine.click
labbanki.click
labirol.click
labislandi.click
labotic.click
lackrobotsnapg.click
ladatoi.click
lageing.click
langible.click
lariga.click
lawyeagra.click
layyoung.click
ldenintpopdem.click
leadeach.click
leadicafe.click
leadunive.click
leaireniunited.click
lealarmexpe.click
leascng.click
lefebank.click
lentcol.click
lesabul.click
liabiland.click
licatia.click
lifefan.click
lifeigarage.click
lifetrgem.click
lifiboerd.click
limitock.click
linarti.click
linenorre.click
linkferulle.click
linkfood.click
livefriend.click
lngonib.click
lobburi.click
locaaac.click
locatfire.click
locatnsid.click
logicchampi.click
lossachusettle.click
loudkickwhatsc.click
loverpri.click
lozavrb.click
lsajaba.click
lutisul.click
machoodcodeg.click
macwiracepulse.click
magicdata.click
magichcomactive.click
magssing.click
mairketid.click
maiurizai.click
maixsuite.click
mallwife.click
mantheme.click
marcrice.click
markeei.click
marketramail.click
marksfacecapitali.click
markspre.click
markstele.click
mastertane.click
maxiilaunch.click
mbersei.click
mebiebaucte.click
meexperti.click
megaipark.click
megatruth.click
megefectirye.click
menalwh.click
messvague.click
metnrfishi.click
micbuag.click
midostaff.click
migcorc.click
milofastik.click
minodra.click
minuterme.click
mirsinak.click
miserabnea.click
mislata.click
mispa.click
missucage.click
miwabwaya.click
mixturre.click
mocruernch.click
momenlend.click
moothbrothersa.click
moregsri.click
morganold.click
morscirc.click
morselbasic.click
motorrea.click
movieraceibi.click
mrlighting.click
mubifurlifae.click
muboom.click
mudsea.click
muipboti.click
mybistsuli.click
nanioclub.click
nanoconsultini.click
nblride.click
ncekeytui.click
ndgoldhotswitc.click
neatcatsi.click
needletra.click
neopanelh.click
netgood.click
nextsafetye.click
nfoforceprojec.click
ngesera.click
niathawka.click
niceconceptse.click
nicenatione.click
nicererhse.click
niiceb.click
nityadace.click
nivloyli.click
normnowh.click
notebooil.click
nowicei.click
nshineack.click
nuancma.click
numbsif.click
nypagesrepad.click
obesepai.click
obistandmcacc.click
objectiiti.click
occupoff.click
octemal.click
odeesupb.click
oeponam.click
oextrae.click
officreal.click
ogamparee.click
olidconsultadm.click
olidinsura.click
oliwrsm.click
ollchollenwe.click
olrunshare.click
omgaimagi.click
omrufozi.click
oncngial.click
onestopsee.click
onetoeprice.click
ongndoc.click
onilylaunch.click
onlineboxa.click
onlinesell.click
onliytravel.click
onlyikid.click
onlyvienture.click
onovaheywheel.click
ontinihotdingsi.click
onwardbounce.click
oodpollwintwee.click
opdigitallif.click
openwde.click
operaele.click
opposnih.click
orditing.click
orkmojoknowle.click
osumcek.click
ouracge.click
ourneatboutique.click
ourradiosi.click
outeventuitui.click
outhmrepic.click
outimag.click
outsidential.click
overcha.click
overeahe.click
overeai.click
overwhacc.click
ovesna.click
oviehutmediach.click
owconsulti.click
owerfullsearch.click
passwheal.click
passwordhunteri.click
passwordinteractivei.click
patiefool.click
pauseoh.click
pcmobforum.click
peakpage.click
peaktouch.click
pecomnce.click
percencl.click
perfectqeazityi.click
perigri.click
permansta.click
personalizedtoalied.click
pesonde.click
pettyfra.click
photomispla.click
pickcrunch.click
pickkidsibi.click
picklehati.click
picnarrol.click
pillartwe.click
pissgrid.click
pitraki.click
pittgromi.click
pitydel.click
planaic.click
planeinc.click
planirtzoom.click
planstimetraffici.click
playwordsim.click
pleerate.click
plugreg.click
plumicoak.click
pluscompl.click
plusrantil.click
pneuerf.click
poetryab.click
poianituniverse.click
politetpa.click
polleag.click
pollmoanywhere.click
pollutkta.click
polprog.click
popitag.click
posique.click
posittone.click
postgodele.click
poweand.click
poweraste.click
powertera.click
powlarida.click
ppguystopm.click
ppodeliask.click
pptisfa.click
presscypresslea.click
privateexamsurrive.click
procraftth.click
prodpa.click
profanwebking.click
profitgeb.click
projectiqi.click
promori.click
prosewallated.click
protrigh.click
provuai.click
psitesmarketb.click
purpnteruniversityi.click
puzzlelocatori.click
qeuivul.click
quemsol.click
queueti.click
quieghf.click
quotaia.click
rachaad.click
raciserda.click
radoimi.click
ragaece.click
rancaugh.click
randrepea.click
rassoficiel.click
raveleyesi.click
ravelised.click
ravocloudsinwa.click
readerti.click
rearach.click
reatnote.click
rebeffai.click
receeti.click
receptipai.click
recommape.click
recommcul.click
recopack.click
recruirea.click
recyclebea.click
redeeski.click
redsptspace.click
refertc.click
refuseaca.click
refuste.click
regitce.click
reheasm.click
rekongse.click
relatehe.click
remesla.click
reminpi.click
replacka.click
repponse.click
reprtic.click
reptitle.click
requesdiffb.click
resciorg.click
resortda.click
revedyb.click
revengwi.click
reviseal.click
revoude.click
rezrak.click
rhackerunilog.click
riceadd.click
richaracteria.click
ridtutori.click
rigahf.click
rightstora.click
rilokid.click
ritualma.click
rmfirearmdefenc.click
rokcvze.click
romeetnetable.click
roprofessi.click
routita.click
rpoieha.click
rrshesf.click
ruerentaltrue.click
runeventc.click
sabinte.click
safarhie.click
saftmind.click
saiami.click
salvatira.click
sboetome.click
schoolth.click
scobadi.click
seasonta.click
sefeheree.click
sellecha.click
sellorge.click
sensitgre.click
senspab.click
sepacati.click
serconsulting.click
seriteci.click
sessabb.click
severframe.click
shamenc.click
shapeick.click
sharmki.click
shattish.click
shiftove.click
sicetite.click
signbtai.click
siliverpie.click
silverya.click
simplyhqa.click
sisterdig.click
sitadvi.click
skredel.click
sloganngd.click
smartmemill.click
smilemark.click
smilepi.click
snaipguide.click
snowrealha.click
sociaiosredpanel.click
solidware.click
sotapa.click
sourpean.click
spacefue.click
spacemueateauean.click
sparkbag.click
speechri.click
spitzag.click
sporool.click
spricra.click
spyseload.click
squabare.click
ssivcla.click
staffnicema.click
standtrea.click
stanuba.click
starlfirstled.click
starseasoc.click
starstpad.click
startsitei.click
startstaff.click
steakrec.click
steseva.click
stnereti.click
stormcod.click
storodi.click
stortui.click
straian.click
straifad.click
strencom.click
studiorock.click
sufferra.click
summertef.click
sunfcksm.click
sunmayond.click
suntalil.click
supircontocti.click
survunre.click
suspdomi.click
sycaresunnybla.click
symbolbazaari.click
symbolck.click
symbolutc.click
syndrtre.click
tablemacfood.click
tamarob.click
tapecook.click
tdiiamb.click
teamsomelead.click
technologiesab.click
techsavera.click
teemaid.click
teenici.click
telerdi.click
teletowna.click
telllead.click
tendalue.click
testcha.click
tfulzendb.click
theririrm.click
thevill.click
thienikmine.click
thinkace.click
thinkjiob.click
thinkssi.click
thratelec.click
thrutfe.click
tiablaa.click
timeatch.click
timeeaoptionsi.click
timerental.click
tiomuntimitidi.click
tipsmobiwell.click
tjasme.click
tkarmaedudi.click
tlinetirte.click
tmekede.click
tongdiff.click
tooacc.click
topchtoname.click
topisteam.click
topresearc.click
traceasa.click
tradedquote.click
trapslime.click
trearefe.click
trendded.click
tripgha.click
trobeli.click
trodrome.click
truieresource.click
tryweeklye.click
ttrendimball.click
tuscome.click
tvtheoybestactive.click
twistskillsi.click
twitgca.click
txticec.click
uaafixi.click
udesaeye.click
ueregeedi.click
ukenata.click
ulltrustle.click
ultancyitbee.click
umbresta.click
unfairlel.click
uniforpe.click
uniirank.click
unilird.click
uningclubb.click
unonlinecloudh.click
unpopulating.click
uoneati.click
uoptxe.click
urbanfilesibi.click
ureraiam.click
urgencynoe.click
usaseaid.click
ushoppang.click
usmoprice.click
ustonteage.click
ustweetbonuspa.click
uthondemandsa.click
utoavesideawi.click
vguaceli.click
videomate.click
vingcre.click
vruvesui.click
vusimbi.click
wandereh.click
wanthsaveya.click
waterele.click
wayssafesec.click
weareckl.click
webabc.click
weforeveril.click
weiglre.click
welcweig.click
wellgraph.click
wesomestatepea.click
whiphei.click
whohicsolidcase.click
whynerd.click
winnpref.click
withtiff.click
wkritie.click
worilde.click
wowcaveskillsi.click
wowprice.click
wowrojecti.click
wreswide.click
writegra.click
writoma.click
wupemstrenc.click
xjoufeg.click
xpibeh.click
yandafe.click
ycreatoristyl.click
yinmine.click
ypidnve.click
yvistaquickfl.click
zariagonf.click
zerkine.click
zmezate.click
zonezid.click

# Reference: https://twitter.com/asdasd13asbz/status/1735180272000475366

namsouth.com/access-darrell/Access%20Denied.php
namsouth.com/access-timothy/Access%20Denied.php
namsouth.com/access-weidner/Access%20Denied.php

# Reference: https://asec.ahnlab.com/en/59590/
# Reference: https://otx.alienvault.com/pulse/6579b3e780b08a7717b8e895

ciso2ciso.com
prohomepage.net

# Reference: https://twitter.com/tiresearch1/status/1736447996139798978
# Reference: https://www.virustotal.com/gui/ip-address/27.102.134.69/relations
# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=27.102.134.69
# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=85.239.53.121

ctp-forms.site
dewhales-capital.online
nps-ctrl.site
nps-email.store
nps-form.site
nps-host.site
nps-inform.store
nps-main.site
nps-messages.info
nps-post.site
nps-report.online
nts-email.site
nts-emails.site
nts-home.site
nts-info.site
nts-info.store
nts-mail.info
nts-mail.site
nts-mail.store
nts-message.info
nts-news.site
nts-news.space
nts-news.store
nts-notice.info
ntsmail.site

# Reference: https://www.virustotal.com/gui/ip-address/158.247.246.192/relations
# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=158.247.246.192

kepco.site
npscom.site
npsnews.space
nts-mails.site
nts-mails.space
nts-msg.space
ntsemail.space
ntsinf.space
ntsmails.space
ntsmsg.site
ntsnews.space

# Reference: https://www.virustotal.com/gui/ip-address/75.2.0.44/detection

1636.site
1661-0241-call.site
1666-7797.site
1800-7804-call.site
1800-7804-callcenter.site
1person-corperation.site
79artproject-part79.site
85tech-yoon.site
85yoons-channel.site
absofficial.site
aiactuary.site
all-pass.site
annainfo.site
antichilgok.site
antiseongju.site
aportal.site
artproject-part79.site
artproject79-part79.site
batterymonster.site
bisiness.site
bongbongmall.site
bookmaker-korea.site
brightedu.site
busineess.site
businness.site
buybit-cafe33.site
cafe-cahrtlab.site
cafe-chartcoin70.site
cafe-chartcoin82.site
cafe-coinchart80.site
cafe-coinchart90.site
cafe-ffree.site
cafe-ffreedom.site
cafe-investminjok.site
cafe-minjok8003.site
cafe-moneylab.site
cafe-naver-jyp.site
cafe-success.site
cafe-teamkim.site
cafe-tech25financial.site
cafe-winners-cu.site
cafe-winners.site
cafenaver-public.site
cafenaver-richbangbang.site
cashad.site
ch-kakao-jsi.site
chart-yoojinportfoli.site
chart119-portfolio.site
chart58-number58.site
chart72-portfolio73.site
cheongung.site
co-ex.site
coinwolrd100.site
comodono.site
coway1004.site
csj-kakao.site
csj-katalk.site
csj24-kakao.site
dcinside.site
decentraland.site
dogcatkalma24.site
drumdays.site
dukk.site
eamest-project.site
ehvvv.site
endlesspools.site
enrui.site
ethnic-invest.site
everyday-chekpoint.site
fianlss.site
fiestaholdings.site
finalasset.site
finance-yooneyportfolio.site
financial-factory.site
financial-navercafe.site
firegin.site
first-coin100.site
flower-portfolio77.site
fr-kakao.site
gkausehos.site
goldclass-sj.site
goldclassss.site
goldclassss79.site
goseoul.site
hallyu.site
hanjinboryeong.site
healstory.site
health-letter.site
healthguardiangel.site
healthinfor.site
healthinform.site
healthinformation.site
healthletter.site
healtytech-2011.site
heathletter.site
hletter.site
hodorl1988-tech.site
holroog.site
holybible.site
iberico.site
investing-life.site
investor-onepick.site
investor-people.site
jelq.site
jennieheo.site
jlcoupasmall.site
johnyoon.site
juanbandoubora.site
jypf.site
kakao-channel85yoon.site
kakao-coin2021.site
kakao-coinchart.site
kakao-cyj.site
kakao-goldgold.site
kakao-justit.site
kakao-mb365.site
kakao-mtk.site
kakao-sj.site
kakaotalk-br.site
kakaotalk-ch2020317.site
kimsoyeon.site
klip.site
kosdaq-portfolio.site
kospi-yusuhn.site
kospi3000-magazine.site
ksy-kakao.site
ksy-kakaotalk.site
ksy-katalk.site
l2loyal.site
leaserent.site
leehana-investment.site
leesj-kospicheck.site
limseong.site
littlekorea.site
liveing.site
lofni.site
lolproteam.site
lovvy.site
lqeiu.site
masksale.site
matched.site
maybeyo.site
metaplatform.site
miso-smartinvest.site
misojtec-magazine.site
misostock.site
mom-kakaotalk.site
moneychart33.site
moneyproject.site
naiver.site
naver-cafe2ace.site
navercafe-no1.site
navercafe-public.site
neever.site
neiver.site
newmisojt-rich.site
nolround.site
para10.site
paragon05.site
paragon10.site
pds79.site
pf-kakaotalk-cu.site
pf-kakaotalk-ku.site
pf-kakaotalk.site
pf1-kakaotalk.site
phallosan.site
pnguf.site
pokerace.site
powergin.site
prugio.site
rntpsxl.site
scrooge-coin.site
scrooge-finacial.site
sentmusic.site
sercont.site
shop-portfolio.site
sj-kakao.site
sj12-kakao.site
sj123-kakao.site
sj24-kakao.site
sj321-kakao.site
sj365-kakao.site
sjsj-kakao.site
snore.site
source-in25.site
success-tech.site
tam24.site
teamwork-upandup.site
tech-chartlist2000.site
tech-coinlist3000.site
tech-yhc85school.site
tech119sj-2017.site
techking.site
tfgse.site
totalrental.site
trandnjob.site
up-kakaotalk.site
volume-chartyoon.site
webcctv.site
winners-naver.site
wisdomwood.site
wonnetwork-asset.site
worldbit365.site
yeahaea.site
yoari.site
yooilhan.site
yooneymoney-coin.site
yooneymoney-investment.site
yoosuhyeonproject.site
zigum.site

# Reference: https://twitter.com/tiresearch1/status/1737044959780647342
# Reference: https://www.virustotal.com/gui/ip-address/27.102.106.60/relations

nhis-news.store
nps-alert.space
nps-alert.store
nps-center.site
nps-center.store
nps-co.site
nps-co.store
nps-ctrl.space
nps-email.site
nps-home.site
nps-host.store
nps-inf.store
nps-io.space
nps-lib.site
nps-lib.store
nps-msg.site
nps-msg.store
nps-notices.site
nps-or.site

# Reference: https://www.virustotal.com/gui/ip-address/27.102.118.96/relations

nps-inf.site
nps-src.site
npsmsg.site

# Reference: https://www.virustotal.com/gui/ip-address/27.102.107.122/relations

naverzcope.com
nhis-news.site
upbits.site
naver.nhis-news.site
naver.nps-center.store
naver.upbits.site

# Reference: https://www.virustotal.com/gui/ip-address/141.164.58.132/relations

disquiet.site
gocgler.com
nts-alert.space
nts-emails.space
nts-homes.site
nts-homes.space
nts-homes.store
nts-mails.store
nts-tax.site
nts-tax.store
nts-views.space
ntsinf.site
ntsinfo.site
ntsmsg.space

# Reference: https://www.virustotal.com/gui/ip-address/141.164.43.213/relations
# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=141.164.43.213

npshome.site
npsmsgs.site
npsnews.site
npstax.site
ntsgov.site
wetax-mail.site

# Reference: https://www.virustotal.com/gui/ip-address/158.247.242.154/relations
# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=158.247.242.154

npsalert.site
npshomes.site
npsnew.site
npsnew.space
nts-inf.website
nts-mail.website
ntsboard.space
ntsemail.homes
ntsgo.site
ntshomes.space
ntsinf.website
ntsinfo.store
ntsmailer.homes
ntsmailer.website
ntsmailing.store
ntspost.homes
ntspost.space
ntspost.website
ntsposting.homes
ntsreport.homes
ntsreport.store
ntsview.website

# Reference: https://www.virustotal.com/gui/ip-address/158.247.224.52/relations
# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=158.247.224.52

nts-alert.website
nts-home.website
nts-new.website
nts-poster.store
ntsinforms.website

# Reference: https://www.virustotal.com/gui/ip-address/141.164.60.65/relations
# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=141.164.60.65

nts-alert.site
nts-email.store
nts-go.space
nts-inf.site
nts-info.space
nts-inform.space
nts-inform.store
nts-mail.space
nts-youtueb.site

# Reference: https://www.virustotal.com/gui/ip-address/27.102.118.140/relations

nts-inf.space
naver.nts-inf.space
naver.nts-inform.space
naver.nts-mail.space

# Reference: https://www.virustotal.com/gui/ip-address/158.247.222.75/relations

nts-notice.site
mid.nidscorp.site
naver.nts-tax.site

# Reference: https://www.virustotal.com/gui/ip-address/158.247.255.171/relations

nts-alert.store
nts-inf.store
nts-notice.store
naver.nts-inf.store
naver.nts-tax.store

# Reference: https://www.virustotal.com/gui/ip-address/27.102.129.79/relations

flyasianer.info
nps-view.site

# Reference: https://www.virustotal.com/gui/ip-address/27.102.130.51/relations

haishang.site
nps-news.site
nps-server.site
nps-service.site
nps-services.site
nps-view.store
weataxs.store

# Reference: https://www.virustotal.com/gui/ip-address/27.102.128.40/relations

navercorpe.com
nps-news.info
nps-post.store
uniteogram.live
webuniteogram.live

# Reference: https://www.virustotal.com/gui/ip-address/27.102.115.86/relations

nps-info.space

# Reference: https://www.virustotal.com/gui/ip-address/27.102.128.244/relations

fss-info.site
nhis-info.site
nps-info.site
nps-news.space
nps-service.xyz
weataxes.site
weataxs.space
youtubein.store
naver.nps-services.info
naver.weataxs.space

# Reference: https://www.virustotal.com/gui/ip-address/27.102.114.69/relations

crosscert.site
epeople.space
govenments24.site
haeshang.store
niduserunzcorp.site
weatax.site
weatecs.store
wetacs.site
wetacxs.online
wetacxs.site
wetaxc.store
wetaxces.site
wetazx.online

# Reference: https://www.virustotal.com/gui/ip-address/27.102.128.230/relations

ftcs.store
haeshang.site
linkedlri.site
wetacx.lol
wetacxs.club
wetax-home.lol
wetaxc.homes
wetaxce.store
wetazx.xyz
youtubein.online
youtubs.site
naver.check-youtube.info
naver.wetacxs.club
naver.wetaczx.lol
naver.youtubein.online
naver.youtubs.site

# Reference: https://www.virustotal.com/gui/ip-address/27.102.128.231/relations

wetax-home.space
wetax-io.space
wetaxc.beauty
wetaxcs.store
wetaxe.site
wetaxs.store
wetazx.website

# Reference: https://www.virustotal.com/gui/ip-address/27.102.132.182/relations

naverscope.com
nps-docs.space
nps-look.space
nps-report.space
naver.nps-docs.space
naver.nps-posts.store

# Reference: https://www.virustotal.com/gui/ip-address/95.164.44.60/relations

acountcorp.info
rememberapp.website

# Reference: https://www.virustotal.com/gui/ip-address/27.102.102.245/relations

nidconfirmes.site
nidnavescorp.online
nidvenify.online
userchecks.info
cc.nidvenify.online
lcs.nidvenify.online
myinfo.nidvenify.online

# Reference: https://www.virustotal.com/gui/ip-address/27.102.127.156/relations

drivesview.site
homtax.info
minwons24.info
nidnavecenter.info
nidnaver.homtax.info
niduserae.site
niduseran.site
niduseren.site
nidusernd.site
nidusernv.site
nidusracorp.site
nidusrnvcorp.site
nidusrsurcorp.site
xn--googls-7ua.com
lcs.niduseran.site
naver.niduseran.site
naver.niduseren.site
naver.nidusrsurcorp.site

# Reference: https://www.virustotal.com/gui/ip-address/27.102.102.67/relations

kakaoviwer.com
navearsuser.info
naveasuser.help
naverascorp.help
navrascorp.info
nidnaveainfo.help
nidnaverscorp.com
nidusernavers.help
accountkkcdn.kakaoviwer.com
accounts.kakaoviwer.com
ccountkkcdn.kakaoviwer.com
ibasrugpiah.kakaoviwer.com
lcs.naverascorp.help
nid.naverascorp.help
nid.nidnaveainfo.help
nid.nidnaverscorp.com
stat_tiarakakao.kakaoviwer.com
t1_daumcdnkakao.kakaoviwer.com

# Reference: https://www.virustotal.com/gui/ip-address/210.92.18.184/relations

gatensign.com
kakaosecure.com
natelogin.com
homemail.natelogin.com

# Reference: https://www.virustotal.com/gui/ip-address/61.97.251.243/relations

nate.com.ro
naver-settings.com
simcard-korea.com
mail.naver-settings.com
mgrkrpreview.naver-settings.com
mvideo.naver-settings.com
nklqnremote.naver-settings.com
preview.naver-settings.com
remote.naver-settings.com
srv.simcard-korea.com

# Reference: https://www.virustotal.com/gui/ip-address/27.102.67.154/relations

naveare.com
nid.naveare.com

# Reference: https://www.virustotal.com/gui/ip-address/27.102.102.237/relations

noticenate.com

# Reference: https://www.virustotal.com/gui/ip-address/165.154.230.146/relations

check-click.com
cookeechck.com
naver-url.com
noticeurl.com
redir-dns.com
sessionchck.com
sireonwar9.info

# Reference: https://www.virustotal.com/gui/ip-address/165.154.230.211/relations

driversgoogle.com
haenmaii.net

# Reference: https://www.virustotal.com/gui/ip-address/27.102.127.115/relations

chinakoreanews.com
driverqooqle.com
mybox-navers.com
naversinfo.help

# Reference: https://www.virustotal.com/gui/ip-address/27.102.106.109/relations

drivergoogles.com
exchange-bybit.com
kakaologin.com
kakaotearn.com
naveraecorp.online
nidnaverauser.help
nidnavescorp.help
account.kakaologin.com
cc.naveasuser.help
cc.nidnaverauser.help
lcs.naveasuser.help
lcs.nidnaverauser.help
lcs.nidnavescorp.help
nid.naveasuser.help
nid.naveraecorp.online
nid.nidnaverauser.help
nid.nidnavescorp.help
rcaptchanid.nidnaverauser.help

# Reference: https://www.virustotal.com/gui/ip-address/27.102.130.113/relations

infonavera.com
naeverscorp.com

# Reference: https://www.virustotal.com/gui/ip-address/27.102.66.162/relations

global-bybit.com
gooogledocsview.com

# Reference: https://www.virustotal.com/gui/ip-address/108.177.235.15/detection
# Reference: https://www.virustotal.com/gui/ip-address/172.93.201.25/relations

acc-center.site
corpnavcenter.site
corprsecurity.tech
corpseccenter.site
havcorp.site
havecorp.link
havecorp.tech
haveecorp.site
haveorcorp.tech
havercorp.tech
havercorpteam.site
haverocorp.link
havoocorp.online
havoocorp.tech
havorcorp.link
havorcorp.online
havorcorp.site
havorcorp.tech
mailcorpcenter.online
mailcorpcenter.site
mailportalcenter.online
mailscropcenter.site
mailservicecenter.site
mailservicecenters.site
nauercorp.website
nauercorpteam.website
navaccountcenter.online
navcenter.xyz
navcorp.host
navcorp.link
navcorp.space
navcorp.website
navcorpctr.site
navcorpmanage.site
navcorpmanager.website
navcorpportal.xyz
navcorps.site
navcorpservice.site
navcorpservice.website
navcorpteam.website
navcrtr.online
navctrv.site
navcvcorp.online
naveacorp.tech
naveccorp.link
navecorp.online
navecorp.website
naveeccorp.tech
naveecorp.link
naveecorp.online
naveecorp.site
naveecorp.xyz
naveeecorp.site
naveeoocorp.link
naveeorcorp.tech
naveeoteam.site
naveercorp.online
naveloga.online
navelosa.host
naveoccorp.link
naveoccorp.online
naveocenter.link
naveocop.link
naveocorp.link
naveocorp.online
naveocorp.site
naveocorp.tech
naveoecorp.tech
naveogains.tech
naveologs.online
naveooccorp.online
naveoocorp.link
naveoocorp.online
naveoocorp.site
naveoocorp.xyz
naveorcorp.link
naveorcorp.online
naveorcorp.site
naveorcorp.tech
naveorteam.site
naveoscorp.link
naveoteam.online
naveoteam.site
naverocorp.online
naverocorp.tech
naveroocorp.link
naveroocorp.site
naverooteam.site
naverooteam.tech
naverorteam.online
naveroscope.tech
naveroteam.online
naveroteam.tech
navevcorp.link
navevcorp.online
navevcorp.site
navmailcenter.site
navocorp.link
navocorp.site
navocorp.tech
navoercorp.site
navoocorp.link
navoocorp.online
navoocorp.site
navoorcorp.link
navoorcorp.online
navoorcorp.site
navorcorp.link
navorcorp.xyz
navovcorp.online
navovcorp.site
navovcorp.tech
navpcenter.online
navpcenter.site
navportalcorp.site
navportalsec.site
navportalservice.site
navrcenter.site
navrcorp.tech
navrcorp.xyz
navrpcenter.site
navrrcorp.tech
navseccorp.link
navsecncenter.site
navsecnet.online
navsecorg.tech
navsecportal.tech
navsecportals.tech
navsecsite.tech
navsecteam.tech
navsecuritycenter.site
navsecuritycenter.tech
navsecuritycorp.link
navsecuritycorp.site
navsecurityportal.online
navsecvcorp.online
navservicecenter.xyz
navservicescenter.online
navserviceteam.site
navserviceucenter.site
navservicevcenter.site
navsvcorp.tech
navvccenter.online
navvcorp.host
navvcorp.link
navvcorp.online
navvcorp.site
navvctr.link
navveoocorp.online
navvocorp.online
navvrcorp.site
navvsecurity.site
navvtrs.site
nevercorp.site
nidnavcenter.site
nidseccenter.host
seccenter.online
secnavportal.digital
secportal.digital
secportal.link
securitycenter.link
securitycenter.space
setcenter.store

# Reference: https://www.virustotal.com/gui/ip-address/108.177.235.82/relations

aswxvn.site
cnnav.site
docnav.site
documentmanager.site
docvcenter.site
docvmanager.site
docvnac.site
gnasxa.site
mwnoer.tech
nanw.tech
nasverteam.tech
nasvwx.site
naswner.tech
nasws.site
nasxn.site
nasxws.site
navccteam.site
navcctr.online
navcerteam.site
navcestr.site
navcnx.site
navcorps.link
navcreteam.site
navcrtvr.site
navcrvrteam.site
navcrvsteam.site
navcstr.online
navcsvrr.site
navcsvteam.site
navcsvteam.tech
navcteam.online
navcteam.site
navctr.tech
navcvtr.site
navdoc.site
navectr.site
naveeteam.tech
naveocorps.link
naveocorpteam.tech
naveorrcorp.site
naveosteam.site
naverocorp.link
naverocorp.site
naverocteam.site
naverosteam.site
navevvteam.site
navewteam.tech
navmgr.site
navnrteam.site
navnteam.site
navnvrteam.tech
navoercorp.link
navoewcorp.online
navorcop.site
navrcorpteam.site
navrctrv.site
navreteam.tech
navsctr.site
navsdoc.site
navsecportal.site
navser.tech
navseteam.online
navsrteam.site
navssecurity.store
navstvr.site
navvnteam.site
navvocorp.site
navvrteam.site
navvsctr.site
navvsecurity.tech
navvteam.online
navvteam.tech
navxna.online
navxteam.tech
nawerteam.tech
nawsnx.site
nawxr.site
naxver.tech
ncwer.tech
neaver.tech
nevercorp.online
nevercorp.tech
neverrcorp.tech
newner.tech
nexwna.online
ngsxna.site
nidnavocorp.site
nresxn.xyz
nrexas.tech
nrexva.site
nrsxaw.site
nsverteam.tech
nsvn.tech
nswner.site
nswxn.site
nsxangs.online
nsxawsx.tech
nsxes.site
ntwsx.site
nvctr.tech
nvnana.site
nvnanmx.site
nvnans.site
nvnateam.site
nvnaxv.site
nvnnans.site
nvns.tech
nvnxa.tech
nvnxr.tech
nvswa.site
nvwna.online
nvwnna.site
nvwns.site
nvwxvr.site
nvwxwa.site
nwaener.tech
nwaxana.site
nwener.tech
nwner.tech
nwnsn.site
nwnsn.tech
nwnsna.site
nwnwer.tech
nwnx.site
nwnxn.tech
nwnxr.tech
nwnxs.site
nwrnr.tech
nwsax.site
nwscn.tech
nwsvxn.site
nwsvxn.tech
nwsxa.site
nwsxasdv.site
nwsxca.tech
nwsxn.site
nwsxns.site
nwxcvsa.online
nwxns.tech
nwxnvs.tech
nwxnw.site
nwxve.site
nwxxna.site
nxana.site
nxmnv.site
nxwener.tech
nxwesx.site
nxwn.tech
snwasdc.online
tksnxa.online
vmwna.site
vnwxna.site
vsxna.site
vvwsaman.site
vwxns.site
wasxxv.site
wnawx.site
wnvnxs.site
wredxas.site
wsaxns.site
wsnvx.site
wsxena.site
wsxna.site
wsxnxa.site
wsxvx.site
wxnsav.site
nid.navcctr.online
nid.navcter.site
nid.navcvtr.site
nid.navvrctr.site
ns.navscr.site

# Reference: https://www.virustotal.com/gui/ip-address/108.62.12.95/relations

anxines.tech
boxmcorp.tech
boxnavteam.tech
cloudalarm.space
cloudalarm.tech
cloudalarm.xyz
corpcenternav.site
corpsecnav.site
docnco.online
docnscorp.site
mailportalcenter.site
mvsenwas.tech
nacersa.tech
nacmnr.tech
nacner.xyz
naconavcenter.tech
nacsmr.site
nacsner.online
nacsnvr.online
nacsxr.online
nacxma.online
namcner.tech
namnr.online
namnvcr.xyz
namsnr.site
nanscr.tech
naoneos.site
naosnr.site
naosoner.online
naovser.online
nascver.online
nascxnr.online
nasmnar.site
nasmnr.online
nasmnsar.online
nasncar.site
nasvnr.site
naswnas.xyz
naswxnas.online
nasxmna.online
nasxnar.online
nasxnas.site
nasxne.online
nasxners.site
nasxnos.online
nasxnw.tech
nasxnwsa.online
nasxvnw.site
navcenterportal.site
navcmr.site
navcnsr.tech
navconr.site
navcorpcenter.site
navcorpctr.online
navcorpscenter.site
navcorpsecurity.site
navcorpserver.site
navcorpsite.online
navcorpssec.tech
navcorpsuppot.site
navcos.online
navcter.site
navcveteam.site
navcvteam.site
navcxna.site
naveccorp.site
navecorp.host
navecter.site
naveecorp.tech
navemr.online
navensv.tech
naveolink.online
naveoorcorp.link
naveoorteam.site
naveorrcorp.online
naveorrcorp.tech
naverorcorp.tech
naverovocorp.site
naverteam.tech
naverves.online
naverves.site
navfteam.site
navlinkcorp.online
navmailserver.site
navmser.xyz
navnxnr.xyz
navocsop.online
navoercorp.host
navorcorp.online
navportalcenter.site
navportalvcenter.link
navscvvr.site
navseccenter.site
navseccorp.online
navseccorp.site
navserveportal.site
navservicecenter.site
navsnnda.xyz
navsop.xyz
navswnsd.tech
navswnteam.online
navsxnw.online
navsxnws.xyz
navteamcorp.site
navvctr.tech
navvtr.site
navvtrr.site
navvtrw.site
navwsxn.online
nawmr.xyz
naxsmr.online
ncxmas.xyz
neasomr.xyz
necmas.tech
necomos.xyz
necxna.tech
nemrner.site
nemxna.site
nensoner.xyz
neocsr.tech
neodocteam.site
neomsa.tech
neoner.site
neonons.online
neonosa.tech
neonso.site
neoscope.site
neosmar.xyz
neosmn.site
neosmr.tech
neosn.online
neosn.xyz
neosnamr.tech
neosncr.online
neosner.site
neosnow.site
neosnr.online
neosnr.site
neosvn.site
nermner.online
neromr.site
neronr.site
nerosma.online
nerosma.tech
nerosmar.xyz
nerosmwr.tech
nerosn.site
nerosno.online
nerosno.xyz
neroso.site
nerosv.tech
nersmn.site
nersmw.site
nersnor.xyz
nersxna.online
nersxnas.online
nervesa.online
nesam.site
nesamar.site
nesamr.xyz
nesamw.site
nesamws.tech
nesans.site
nesansa.tech
nesanw.site
nesanx.tech
nesawos.site
nescoop.online
nesmar.site
nesmnaw.online
nesmnr.site
nesmnsr.xyz
nesmvr.online
nesmwsn.tech
nesnoas.site
nesnonr.tech
nesnop.site
nesnor.online
nesnor.xyz
nesnxma.tech
nesomar.xyz
nesomer.site
nesomnr.online
nesomnr.site
nesomwn.online
nesonor.xyz
nesvnx.site
neswmar.site
nesxamw.site
nesxga.site
nesxmos.site
nesxnar.online
nesxnas.online
nesxnw.online
nevesvr.tech
nevonr.online
nevosn.site
nevoxs.site
nevsoma.online
newnmr.site
newoner.online
nexams.online
nexmso.tech
nexner.tech
nexomo.online
nexoms.online
nexvnr.tech
ngnsxm.online
ngoner.tech
ngsxna.tech
nidcenter.online
nidnaverco.com
nidnavercorp.com
nidnavportal.site
nioner.online
nocmer.site
nocomer.tech
noesnas.xyz
noewrsxa.tech
nomaser.tech
nomasner.tech
nomoer.site
nomsna.tech
nomsner.xyz
nomvnr.tech
nomxn.tech
nomxna.online
nonosnas.online
nooconer.site
noosavo.xyz
noosxna.online
normer.xyz
norner.tech
nornvs.site
norosor.site
norosr.xyz
nosamer.tech
nosano.site
nosaomr.xyz
nosawner.online
nosdocvcorp.online
nosmaner.tech
nosmaner.xyz
nosmanr.tech
nosmer.site
nosmner.online
nosmnr.online
nosmoa.online
nosmoner.site
nosodmer.online
nosomr.xyz
nosvmer.site
noswms.site
nosxmo.site
nosxmoa.online
nouers.site
noumer.site
noumsr.online
nouonos.tech
nousmer.site
nownas.tech
noxmer.tech
nresxnas.site
nrexnas.online
nrnaror.online
nrosmw.online
nrosunr.xyz
nrsoma.tech
nrsxna.site
nrsxona.site
nsamnvar.site
nsaoner.tech
nsaonx.site
nscvcoop.online
nsmner.online
nsmwas.tech
nsnaso.tech
nsnmer.online
nsoma.online
nsomer.online
nsomer.tech
nsomor.site
nsvcorp.site
nswnexa.site
nsxndaas.site
nsxnso.online
nsxomar.online
nsxoner.online
nvacse.site
nvcxnz.tech
nvmsnw.online
nvnxer.tech
nvswsna.site
nvxner.xyz
nvxnos.xyz
nwnams.xyz
nwnerans.online
nwsnar.online
nwsxnas.site
nwxma.site
nxcnas.tech
nxmsiner.site
nxnnosna.online
scientisttest.digital
secmanageteam.site
secportaslnav.site
sndaxnds.tech
wsxnasv.online

# Reference: https://www.virustotal.com/gui/ip-address/23.82.128.163/relations

narrctr.site
nauermanager.website
navcen.site
navcorpvtr.site
navcrsteam.site
navcrteam.site
navcrvteam.site
navcsteam.tech
navcsvr.site
navcvr.site
navcvtr.online
naveteam.tech
navncenter.site
navrcteam.site
navrrteam.site
navrsteam.site
navscteam.site
navsecvrteam.site
navsecvteam.site
navsteam.site
navvctr.online
navvctr.site
navvctvr.site
navvrsctr.site
navvsctr.online
navvteam.site
navxteam.site
naxteam.site

# Reference: https://www.virustotal.com/gui/ip-address/23.106.124.4/relations

dmnscorp.xyz
nacnmcsa.tech
nacnvscorp.online
namcgmt.xyz
namcgst.link
namnscop.site
namvncgst.xyz
namvncs.site
namvncs.store
namvncst.xyz
nancsvcorp.tech
nanmsncorp.tech
nansamsncoasrp.site
nansamsncoassrp.site
napcorteam.site
navmncsas.online
navmncsas.site
navmncsavorp.online
navmncsavorps.online
navrnsvrp.online
nismnvcopa.shop
nismnvcorp.tech
nismnvscorp.tech
nismnvscorps.site
nismvnco.site
nmasncorp.online
nmnvcorp.site
nsmansps.xyz
nsmansva.xyz
nsmansvcorp.online
nsmansvcorp.site
nsmansvcorpav.online
nsmansvcorpavs.xyz
nsmncoteam.online
nsmnvsco.online
nsnvcorp.site

# Reference: https://www.virustotal.com/gui/ip-address/23.106.124.25/relations

namnvncorp.tech
nanmsncorp.site
navmncvorp.tech
navmnvcorp.online
navmonscorp.site
navmscorp.online
nismnvcop.shop
nismnvcop.tech
nisnavmco.tech
nsmanvcorp.site
nsmanvcorps.online
nsvmavcorp.online
nvnacorp.site
nvnacorp.tech
secportalnav.tech

# Reference: https://www.virustotal.com/gui/ip-address/23.106.124.26/relations

navnaver.com
nidnavern.com
nidnavero.com

# Reference: https://asec.ahnlab.com/ko/59933/
# Reference: https://otx.alienvault.com/pulse/658c565578c6361b0ed9617a

104.168.145.83:993
107.148.71.88:993
159.100.6.137:993
38.110.1.69:993
45.114.129.138:33890
45.114.129.138:5500
bitburny.kro.kr
bitthum.kro.kr
doma2.o-r.kr
my.topton.r-e.kr
nobtwoseb1.n-e.kr
octseven1.p-e.kr
tehyeran1.r-e.kr
update.ahnlaib.kro.kr
update.doumi.kro.kr
update.onedrive.p-e.kr
yes24.r-e.kr

# Reference: https://twitter.com/asdasd13asbz/status/1742105472466117032

http://122.155.191.33

# Reference: https://twitter.com/asdasd13asbz/status/1744279858778456325
# Reference: https://www.virustotal.com/gui/ip-address/216.189.159.197/relations
# Reference: https://app.validin.com/axon?source=DNS&limit=100&type=ip&find=216.189.159.197
# Reference: https://www.virustotal.com/gui/file/2e0ffaab995f22b7684052e53b8c64b9283b5e81503b88664785fe6d6569a55e/detection
# Reference: https://www.virustotal.com/gui/file/f8ab78e1db3a3cc3793f7680a90dc1d8ce087226ef59950b7acd6bb1beffd6e3/detection

aerosp.p-e.kr
bananat.p-e.kr
daysol.p-e.kr
ilnas.n-e.kr
kimyy.p-e.kr
kostin.p-e.kr
limsjo.p-e.kr
mexico.p-e.kr
negapa.p-e.kr
netup.p-e.kr
olixa.p-e.kr
ssungmin.p-e.kr
winters.r-e.kr
zosua.o-r.kr
sefud.csproject.org
shocloud.awiki.org
aa.olixa.p-e.kr
ai.kostin.p-e.kr
ai.limsjo.p-e.kr
ar.kostin.p-e.kr
ca.bananat.p-e.kr
ce.aerosp.p-e.kr
er.mexico.p-e.kr
li.ssungmin.p-e.kr
main.winters.r-e.kr
ol.negapa.p-e.kr
pe.daysol.p-e.kr
qi.limsjo.p-e.kr
sa.netup.p-e.kr
uo.zosua.o-r.kr
ve.kimyy.p-e.kr
vn.ilnas.n-e.kr

# Reference: https://twitter.com/malwrhunterteam/status/1745227981281231108
# Reference: https://twitter.com/asdasd13asbz/status/1746783476702158941
# Reference: https://www.virustotal.com/gui/file/84f4f2e77b6e59c1fe54360842821fbfc6cdab039f197147b30876ed7da3647c/detection

nmailapp.n-e.kr
sign.nmailapp.n-e.kr

# Reference: https://twitter.com/malwrhunterteam/status/1749549318766219485
# Reference: https://www.virustotal.com/gui/ip-address/173.214.164.75/relations
# Reference: https://www.virustotal.com/gui/ip-address/205.209.99.26/relations
# Reference: https://www.virustotal.com/gui/ip-address/79.133.51.174/relations
# Reference: https://www.virustotal.com/gui/file/35ddb63c0729a7e3019c026865ea195607a51943d8867607a26c006f0df6e594/detection

acopfvy.store
acrob.shop
binavers.site
bindeo.tech
bnlopdlc.shop
cmytfvga.shop
corenavered.site
docloakc.online
docpoc.online
fomhl.fun
kololphcnv.shop
lfpa.website
locslf.website
lopaswec.shop
lopdgv.fun
mailcorp.tech
malilsopx.fun
mclvhoc.shop
mlodkf.online
moldoep.website
molgono.tech
mollcocmd.tech
mollsovop.fun
molsycl.shop
motivenaver.site
navei.online
naverpro.online
necxo.tech
nicorps.website
nidcorp.fun
obmonspc.online
octos.store
olcocmsl.tech
ploslacv.website
poskoca.shop
proteco.fun
riavercorped.site
sedlco.online
socrpa.store
soduci.online
solep.online
supwlmall.online
wedwec.online
wobsodm.tech
xclosldp.shop
/pkg/qsuw.php
/pkg/qsuw.php?cgimo=
/pkg/xyce.php
/pkg/xyce.php?mtahp=

# Reference: https://www.virustotal.com/gui/ip-address/216.219.80.170/relations

btcstack.site
naver-config.site
naver-delivers.site
naverservice.site
nidcorp.online
nidnaver.info
nidnavercorp.site
mail.naverservice.site

# Reference: https://www.virustotal.com/gui/ip-address/27.255.75.153/relations

aderto.store
afixer.store
ahesus.store
aiaitu.store
akites.site
aluces.site
baconer.site
berysu.site
bolun.site
cafung.online
cedoras.store
civilarys.store
cutagor.store
dacrorns.store
decasy.store
ghosfun.site
navecorps.com
naveralarm.com
naveralert.com
navercafe.info
nhopess.com
nidnaver.help
nidnaver.info
api-talks.cedoras.store
emv1.akites.site
lcscorn.cedoras.store
mailcorn.cedoras.store
nid.cafung.online
nid.civilarys.store
nidcorn.cedoras.store
nidpilk.cedoras.store
nidpon.cedoras.store
sslcorn.cedoras.store
staticnidcorn.cedoras.store

# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=27.255.75.158

cananet.pe.kr
gfhyfhg.shop
ghosfun.site
heros.sbs
irony.cyou
ktsp3.cananet.pe.kr
logingmail.shop
navernail.com
naverscorp.shop
phealth.shop
ptighfeng.shop
pweicsd.shop
qbaby.shop
qecgfuteproas.shop
qweoifnc.shop

# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=61.97.251.248

activemq.usage.store
apache.activemq.usage.store
cocalex.store
dianers.store
docsuris.store
kakaoteam.site
makeverify.store
mofamail.homes
mofamail.shop
naverteam.center
org.apache.activemq.usage.store

# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=27.255.81.73

cawer.store
chosunmail.com
civilary.online
cogay.store
daurm.net
kakaoteam.site
navrcops.com
mail.daurm.net

# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=27.255.81.77

acnura.store
aehuji.store
asrto.store
fogray.cfd
navers.co

# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=61.97.251.246

ajoyable.store
busment.site
ducksale.store
naver.com.ro

# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=27.255.81.113

ajoyable.store
akaysun.store
alohery.store
bisus.site
eaches.online
havercorp.com
ladacy.site
lucase.site
lusbow.site
mail.havercorp.com
mail.navercom.org
mail.navercorp.ca
navercom.org
navercorp.ca
navers.cc
filter.nsync.r-e.kr
name.nprofi1e.kro.kr
ncore.o-r.kr
nprofi1e.kro.kr
nsync.r-e.kr
steps.ncore.o-r.kr

# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=165.154.240.117

check-vhost.com
host-cookie.com
host-session.com
mail-urls.com
mailurlck.com
naver-cert.com
naver-click.com
naver-proxy.com
sites-domain.com
taryxo8a9b.info

# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=210.92.18.165

naverdoc.com
navernotice.center
naverscan.com
oncloudvip.com

# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=210.92.18.188

daum.net.ru
navernotice.center
naverscan.in.net
naverteam.net
onnostore.eu

# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=61.97.251.235

kakaocop.eu
kr101483.in.net
kr410126.in.net
kr681730.in.net
navercop.eu
office8349.in.net
oksite.eu

# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=61.97.243.42

kakaoccrp.com
naver-defend.com
naver-filter.com
naver-pages.com
naver-publish.com
naver-security.center
naver-teams.com
naver-vhost.com
navercorp.com.co

# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=61.97.243.40

nate-files.com
naver-master.center
naver-profile.com
naver-protect.center
naverccrp.co
naverprivacy.center

# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=61.14.211.149

haenmail.net
naver-links.com
naver-pdf.com
navercenter.com
navercorq.com
nid-check.ml

# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=27.255.81.114

downloademaeil.com

# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=27.255.79.204

dlive.ga
mail.dlive.ga
member.nidlogin.kro.kr
naveradmin.com.co
navernotice.com
naverpolicy.pw
naversupport.com.co
navor.co.com
nidlogin.kro.kr

# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=211.104.160.81

cc.navermails.com
edaum.online
hostmaster.navermails.com
lcs.navermails.com
mail.naverccrp.org
mail.navermails.com
mail.naverteam.org
navar.co.cm
navar.com.co
naverccrp.org
navermails.com
naverpolicy.info
naverprotect.com
naversupport.net
naverteam.org
nid-otp.navermails.com
nid.navermails.com
nids.navermails.com
sslpstaticnet.navermails.com
staticnid-otp.navermails.com

# Reference: https://twitter.com/ArbaaWahidhamsa/status/1752346762759610558
# Reference: https://www.virustotal.com/gui/ip-address/45.58.52.104/relations

file-cloud.r-e.kr
file-sec.n-e.kr
goldmelon.n-e.kr
gomplay.n-e.kr
jeonpriter2.r-e.kr
nanymanda.n-e.kr
nestros1.n-e.kr
ostras1.p-e.kr
peras1.n-e.kr
whalenvapp.n-e.kr
sign.whalenvapp.n-e.kr
update.jeonpriter2.r-e.kr

# Reference: https://twitter.com/tiresearch1/status/1752713847033729176
# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=141.164.49.199

koreanair.website
nts-inform.website
npsnews.website
ntsalert.website
ntshomes.website
ntsinform.store
ntsinform.website
ntsmailing.homes
ntsnews.store
ntsnews.website
ntsview.homes
ntsviewer.homes
ntsviewer.store
ntsviews.homes

# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=158.247.197.219

nts-email.website
nts-homes.website
nts-msg.website
nts-viewer.website
ntsalert.space
ntshelp.space
ntsinform.space
ntsmailer.site
ntsmailing.space
ntsposter.space
ntsposting.website
ntsposts.store
ntsviewer.space

# APK

/Kisa%20Vaccine.apk
/KisaAndroidSecurity.apk
