# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/
# Reference: https://www.virustotal.com/gui/file/277d7f450268aeb4e7fe942f70a9df63aa429d703e9400370f0621a438e918bf/detection

http://144.76.173.247
http://195.123.226.91

# Reference: https://twitter.com/Ishusoka/status/1614028229307928582

http://157.90.248.179
http://213.252.244.62
http://77.73.134.68

# Reference: https://twitter.com/ULTRAFRAUD/status/1620158819023323137

videolan-web.org

# Reference: https://twitter.com/Gi7w0rm/status/1631756650234167299
# Reference: https://twitter.com/MalwareSearcher/status/1638096508686925824
# Reference: https://tria.ge/230303-y6p8daag4w/behavioral1

http://82.118.23.50
pcworldgetin.net

# Reference: https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown

walmart.lc
marketplace.walmart.lc

# Reference: https://twitter.com/Ishusoka/status/1645048767484239872

http://23.254.225.133
http://82.117.255.127
http://82.117.255.128

# Reference: https://twitter.com/Ishusoka/status/1649716132822089728

http://109.105.198.114
http://185.99.132.51
http://192.236.233.253
http://79.137.203.190

# Reference: https://twitter.com/Ishusoka/status/1652670103404544006

http://85.239.62.218

# Reference: https://twitter.com/Ishusoka/status/1655156071168655361

http://185.99.133.246
http://45.8.146.130
http://45.8.146.213

# Reference: https://twitter.com/g0njxa/status/1658488606485540865

http://195.123.227.138
anysoft.live
virtualbox-vb.com

# Reference: https://www.virustotal.com/gui/file/2dc0f50fa7eb53be17b578fbcb66a5ec8c40d250fd9be7b2b96663624fa4dba8/detection

gstatic-node.io

# Reference: https://www.virustotal.com/gui/file/9ee6c9be68204aea85dce08e6ba8c9395f827f22e5f3ee430172abe9ea5fbd0b/detection

aloowforest.xyz

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/

http://168.119.4.83
http://217.12.206.230
http://217.25.91.15
http://45.15.25.190
http://89.116.255.182
http://94.142.138.78
http://94.158.244.69
1private.pro
91.215.85.210:48237
agustfreeday-my.xyz
clonecloud-my.xyz
crazypictures.xyz
demomoves.xyz
extrasofts.org
fastcloudlife-my.xyz
flowers-my.xyz
gservice-node.io
kellmda.click
many-verses.xyz
private-cloud-server.pro
skicloud-my.xyz
speedtestip.xyz
stoppublick.xyz
vipcloud-my.xyz
worldofpoetry.xyz

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2023-07-27)

dodgeavay.xyz
gbbsoft.xyz
jonesleming.xyz
jornesfree.xyz
laynchcontrol.xyz
modifesistem.xyz
privategame.xyz
promocar.xyz
promomilk.xyz
scandimyth.xyz
slading.xyz
traftech.pro
viemon.xyz
westwork-my.xyz

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2023-08-01)

colomndead.xyz
fingerstile.xyz
sloumotion.xyz
trapmusics.xyz

# Reference: https://twitter.com/1ZRR4H/status/1686659981389463552

http://107.172.0.180

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2023-08-03)

exitfile.xyz
flaydoor.xyz
sinopticday.xyz

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2023-08-11)

acecnouwglass.xyz
acexoss.xyz
balancelag.xyz
beerword.xyz
blockigro.xyz
booxshistr.xyz
boxhappines.xyz
cloudsaled.xyz
colomna.xyz
coolvtf.xyz
costexcise.xyz
coursenote.xyz
dashminimaltokens.xyz
deadpip.xyz
doorblu.xyz
elitewin.xyz
exfillrar.xyz
exitlife.xyz
fibrodoorsbig.xyz
fileforex.xyz
fisholl.xyz
freeace.xyz
frogswordsale.xyz
gapi-node.io
gitarlessonfinger.xyz
glitchmoon.xyz
glowesbrons.xyz
goldenwalstk.xyz
grossvp.xyz
kpsshistoryone.xyz
kudoflowers.xyz
linesroom.xyz
lowwesprion.xyz
lpsserversonlene.xyz
marketsale.xyz
netforyou.xyz
phonevronlene.xyz
programmbox.xyz
proxyindex.xyz
quotamoney.xyz
scoollovers.xyz
seobrokerstv.xyz
sieratools.xyz
simesmile.xyz
singlesfree.xyz
sonyabest.xyz
starold.xyz
stormwumen.xyz
survviv.xyz
usdseancer.xyz
woodcat.xyz

# Reference: https://www.malwarebytes.com/blog/threat-intelligence/2023/08/old-exploit-kits-still-kicking-around-in-2023
# Reference: https://www.virustotal.com/gui/file/07e06e8277980a60e595da9cd9e03a4ecd2e8f8bdbd3cf5c930ab878ac5b0836/detection

solopodvip-my.xyz

# Reference: https://www.virustotal.com/gui/file/113627a5c1f4faf1e6010c36abfa0b2acefb5632bd827b13444f6d69a387c15e/detection

update-regb-service.com

# Reference: https://twitter.com/1ZRR4H/status/1692149286048616567

checkgoods.xyz

# Reference: https://www.virustotal.com/gui/ip-address/194.87.31.176/relations
# Reference: https://www.virustotal.com/gui/file/c9094685ae4851fd5a5b886b73c7b07efd9b47ea0bdae3f823d035cf1b3b9e48/detection

lazagrc2cnk.xyz
ocmtancmi2c5t.xyz
update-vinc.in.net

# Reference: https://twitter.com/petrovic082/status/1694264617772458363
# Reference: https://www.virustotal.com/gui/file/51925d36298a3d9ceac6067fdc1ba1f799ef5c53553be95d6827192df0700d80/detection

randsoms.click
hopvibestravel.co.za

# Reference: https://www.virustotal.com/gui/ip-address/206.233.128.77/relations

51doudian.xyz
aidoudian.xyz
diyidd.xyz
dodiam.asia
dodiam.live
dodiam.ltd
dodiam.monster
dodiam.one
dodiam.online
dodiam.shop
dodiam.xyz
dodiamhub.xyz
doyoudian.com
wpshub.xyz

# Reference: https://twitter.com/g0njxa/status/1694754823378227312

selfmicrosoft.com

# Reference: https://threatfox.abuse.ch/ioc/1152241/

fullppc.xyz

# Reference: https://www.rapid7.com/blog/post/2023/08/31/fake-update-utilizes-new-idat-loader-to-execute-stealc-and-lumma-infostealers/
# Reference: https://otx.alienvault.com/pulse/64f1e91a2dd9db4bd3af8ce4

buyerbrand.xyz
lazagrc3cnk.xyz

# Reference: https://twitter.com/1ZRR4H/status/1701296924471529508

acsfoodthegood.fun
activlessor.fun
adavefrees.xyz
artificialleath.fun
arvimon.fun
assacurajob.fun
astrolco.fun
bakedmatela.fun
balancebordrt.xyz
bearboll.fun
blessdeckite.fun
blockall-my.xyz
bloomhome.xyz
boothroundupdow.fun
bottlewattoh.fun
brockerby.xyz
campphotos.xyz
castomdroms.xyz
cfgy8uj.click
choserowboatfly.fun
cleanvr.xyz
closhemone.fun
coinflore-my.xyz
coldwinded.fun
coolfingers.xyz
coolworks.xyz
curtainjors.fun
cvadrobox.xyz
damageagio.xyz
demanddeal.xyz
dermrtv.fun
diavellipromo-my.xyz
divineservicecity.fun
doggyguffy.fun
downloadfiles-my.xyz
dropfiles-my.xyz
ellifotolive.xyz
equestrianjumpingfrog.fun
faircoupon.xyz
fartyfun.fun
feathspacesaf.fun
fiancejiveimp.fun
fibrodoorsbig.fun
findyhuman.fun
fireworld.fun
flashpool.xyz
follovertv.fun
footfetishlol.xyz
footslou.fun
formiklass.fun
freesco.xyz
freesoftportal.xyz
funnycox.fun
gamefoods.xyz
gaspatchommm.fun
glowesbrones.xyz
gogobad.fun
goldsboxss.xyz
goldtokensool.xyz
gougeflying.fun
gunstormonl.fun
hedgedecay.xyz
jobsvac.xyz
kneesockrod.fun
labourcakefrt.fun
leaseagent.xyz
liveswords.xyz
lockguard.xyz
loufuelscom.fun
loufuelscom.xyz
luidelyator.xyz
magaway.fun
malenursenect.fun
markuschop.fun
mensmoment.xyz
microflawersj.xyz
milkwithlacto.fun
momsikret.xyz
morefilmsfree.fun
morevita-my.xyz
mrcrubsaf.fun
mycollection-my.xyz
noisemakjelly.fun
ollfiles-my.xyz
petsgamess.xyz
piplexm.xyz
pizzasison.xyz
potatomeatball.fun
productionbio.fun
reconphotocolor.xyz
recordbell.fun
resistangroupee.fun
rovengold.fun
satanakop.fun
seededraisinlilinglov.fun
seobrokerstv.fun
sevenzk.xyz
shoppervik.fun
slimtvsocico.fun
sloumitionvideos.xyz
statehaller.fun
stoptme.xyz
superyupp.fun
svaproot.fun
thuspulllig.fun
titanaquaplus.xyz
toastmastone.fun
tobeornottobe.fun
toysforchild.fun
tritonbody.fun
usdseancer.fun
valleydod.fun
vipmusic-my.xyz
warnger.xyz
weaselplacerif.fun
welcometv.fun
xwomencalor.xyz
yachtracingopt.fun
zetmountsqr.fun

# Reference: https://twitter.com/1ZRR4H/status/1701141801401299268

documents.notificationsapps.com

# Reference: https://www.virustotal.com/gui/file/45d9b1765bb06ead1abbc6f8817c009fc3d15ebe1f71d3289f2c10e1e1afb343/detection

qptr.ru

# Reference: https://twitter.com/JAMESWT_MHT/status/1701832039995949127
# Reference: https://app.any.run/tasks/ae7fbdf2-f5e3-44c6-8718-f18eddf05c54/

gapi-alpha.io

# Reference: https://twitter.com/karol_paciorek/status/1701592162155327720
# Reference: https://www.virustotal.com/gui/file/10edcd9c40ca57679c78fc5a8a08bf7554d5e41f58f2aa19f299551c7c601601/detection

18866-32530.bacloud.info
sisadmin-my.xyz

# Reference: https://twitter.com/g0njxa/status/1702262724414050537

blockbeerman.fun
gaspatchommm.fun

# Reference: https://twitter.com/g0njxa/status/1702444978503360989

dedoxtrone.fun

# Reference: https://twitter.com/Jane_0sint/status/1702479372261683399
# Reference: https://app.any.run/tasks/409f5138-3853-4910-80d4-3c380b969274/

gasfpa.click

# Reference: https://www.virustotal.com/gui/file/301432e6053a0f092e8f5137a97ef3543934e0f8e200bd0c7844886e4c72e7e9/detection

treepledeeple.fun

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2023-09-16)

glinkgik-7.com
hinkli-5.com
jlinkjk-6.com
link-45gik.com
link234-33.com
link43897.com
link5467.com
link76h.com
linked-42.com
linked-66.com
linked-88.com
linkers-92.com
linkhj764.com
linkjshw-4.com
linkll-11.com
linkll-2.com
linko8457y.com
linkqksi-3.com
notion-download.pro
notions-download.com
webex-download.com

# Reference: https://www.virustotal.com/gui/file/fe37f6971c59e02cfb250532fa1862bc58ce6aea100fbde5a7be91586eca2aad/detection

parrotorsk.fun

# Reference: https://twitter.com/1ZRR4H/status/1706747262993350752
# Reference: https://www.virustotal.com/gui/file/6a096c8158da4e2453ba68fe0f780c2e4181c01f125d7831fc5d58a77faf792c/detection

ocmtancmi2c5t.website
orkograkula.fun
stable4download.ocmtancmi2c5t.website

# Reference: https://asec.ahnlab.com/ko/57276/

holdbox.xyz

# Reference: https://twitter.com/g0njxa/status/1707079932977774661

firmpanacewa.fun

# Reference: https://www.silentpush.com/blog/lummac2

2flowers-my.xyz
blockspam-my.xyz
bondappeal.xyz
boxclod.xyz
catfoodbio.xyz
chocomeat.fun
cloudsnike-my.xyz
coolworkss.xyz
cosmosvr3d.xyz
culturalevenings.xyz
deeppoetry.xyz
dogshanter.xyz
downloaddedattre.fun
dromautocar.xyz
ducklingibises.fun
glaziercarde.fun
housegrommy.fun
jomanboy.fun
jumperstad.fun
lackbasinmu.fun
pearlbarleyhit.fun
politicuseles.fun
portlandcor.fun
pregnantflowers.fun
rarefood.fun
rosaryconbo.fun
royalpantss.fun
sausagerollraisin.fun
scruffymapleflat.fun
sendcyniaforeign.fun
socialmadness.fun
sodafountainpr.fun
startablekor.fun
talkinwhitepod.fun
tuberoseprod.fun
veinsmoter.fun
waterparkedone.fun
withdrawlecterns.fun
wolffunny.fun

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2023-09-29)

erorblackday.xyz
rarefood.fun
rollbeamone.fun
rosaryconbo.fun
royalpantss.fun
woldwidesage.fun

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2023-10-07)

begonblom.fun
blingaspireojhau.online
bytecloudasa.website
cameponceowa.site
decorhighsa.pw
destroyevensusp.fun
npskudlu.com
nursepridespan.fun
pedigreeprotone.fun

# Reference: https://twitter.com/JAMESWT_MHT/status/1710940736177238046
# Reference: https://app.any.run/tasks/2576c42c-072a-4914-bfa9-196a54940f21/
# Reference: https://www.virustotal.com/gui/file/5c7a5c97cb1ffcc16367dd9f43192485ec2f2d043fa83c69ada31235f3a464f3/detection

cystnovor.fun

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2023-10-08)
# Reference: https://www.virustotal.com/gui/file/8b73f81b3dc549b0afd9f1147afa70c92cdf326e7b5a7b7b95ef60ecbc58d194/detection
# Reference: https://www.virustotal.com/gui/file/f8412c9a8d210409888fb0aed2120d12b4be1cb480cf24ed66b13ccbfef6d928/detection

http://172.67.163.21
aivoicechanger.cc
aivoicechanger.xyz
allcentrlizeqweq.fun
amerloun.fun
archipelagocelly.fun
arrogantcatfishef.pw
athwartchannelly.pw
babacloud.pw
bankedbaroloak.site
barbecueappledos.pw
bezstpool.pw
bloockflad.pw
bluepablo.fun
bluesaks.fun
bobbycloud.pw
boddyshow.fun
boldaus.fun
bookgames.pw
booudbras.pw
buggubucks.fun
builaos.fun
bulletforx.fun
casioblue.pw
castomarmor.xyz
ckylake.fun
cleansoft.fun
cleansoft.xyz
clearcracksoft.fun
clearcracksoft.xyz
codeofconducrasa.pw
comperssw.fun
consoles.pw
crossmuchscandta.pw
dannyleagy.fun
dayzilons.pw
defrosscrappeo.pw
diamondcrystal.fun
discussiowardder.website
doooldues.pw
duhodown.fun
ebalkayiu.fun
engrousf.pw
enouselr.pw
feedsuudenli.fun
fenduqs.fun
funnyorgos.site
funpayns.fun
gachimychi.fun
gonberusha.fun
goodmpore.pw
grasialoud.pw
gravellyroadhunge.pw
gursgars.pw
hawsteamjoak.fun
hellouts.fun
helpfulsteepyi.pw
herioteeakl.pw
hokagef.fun
hollconsole.pw
hoodblor.pw
hoooldanos.pw
hovelpubtrav.fun
howlcars.fun
inosthome.fun
interplaychoske.pw
jomjolse.pw
jooshorks.pw
kambuchaorjireji.website
keewoolas.pw
killredls.pw
knittinprophec.pw
koludsa.pw
kowersize.fun
kusmanin.fun
lemoney.fun
loobrain.pw
loodwork.fun
makrsides.pw
mambergame.fun
manguvorpmi.pw
membaers.fun
micelock.fun
momalua.fun
moneywel.fun
moomagou.pw
moonsterd.pw
moskhoods.pw
mouseblock.pw
mouseoiet.fun
mouskules.pw
musicallyageop.pw
naamberso.pw
namegames.fun
netovrema.pw
newsproks.fun
noladuer.pw
nshdpoud.pw
numpersb.fun
nusaproble.pw
oluaskaz.pw
onlyblack.fun
orgstekomnw.pw
osesuppor.fun
outsiderus.pw
oxygendwelli.fun
paintpeasmou.fun
paratositologis.fun
peersneaps.fun
plengreg.fun
proogreso.pw
pruvles.fun
quoolser.pw
realinghuhuhmund.pw
revivalsecularas.pw
ritzytaxypigefow.pw
robolorunerushe.pw
sensfixlook.pw
servkitchin.fun
skinnychattyfur.pw
softaipro.fun
softonyxx.com
spreadbytile.fun
staircompletemil.pw
steycools.pw
suppliepackas.pw
suprafox.fun
susohudan.pw
taretool.pw
teleportfilmona.online
tellindeedcurt.fun
temoolda.pw
tenselwhoevery.pw
terninadeshi.pw
tfestv.fun
tipsydulljaui.website
tirechinecarpett.pw
traillit.fun
turankil.pw
volkels.fun
volkstera.fun
voloknus.pw
vporanu.fun
wakeupperion.site
whethergaseoatra.pw
willowa.fun
willywilk.fun
zamesblack.fun
zoolboues.pw
en.softaipro.fun

# Reference: https://twitter.com/James_inthe_box/status/1711390043821232196

http://172.86.98.101

# Reference: https://twitter.com/r3dbU7z/status/1712335701541257565
# Reference: https://www.virustotal.com/gui/file/50c61ca23c68af02c0146978409a60912ba6cfe4ee31d5d6be736a92f4f0c8d7/detection

signalknockrio.site

# Reference: https://twitter.com/malwrhunterteam/status/1716517330602033659
# Reference: https://www.virustotal.com/gui/file/a42303a1baa0b48a95f6eaf6cfba9cef523492d078692cb2a1ab4889337624a6/detection

senpaireek.fun

# Reference: https://www.virustotal.com/gui/file/b13ce6179417dddff91e37fa3fed298f046a1cc2786a0f5c834f71d2b84751d0/detection

erikskite.fun
nasaprodu.fun
gcdnbabl3png.erikskite.fun

# Reference: https://www.intrinsec.com/wp-content/uploads/2023/10/TLP-CLEAR-Lumma-Stealer-EN-Information-report.pdf
# Reference: https://otx.alienvault.com/pulse/6531428c62ae987b76cc3191

gstatic-service.io
lumma.online
lumma.site

# Reference: https://www.virustotal.com/gui/file/493c87f0fd2fd648d190520b293db61ca612965b6d446352dbf1072164b4e8a7/detection
# Reference: https://www.virustotal.com/gui/file/0796818dc3510e88a966f0aaacd201ba162c46e0bc0f7c670ffbd43df485f5a7/detection

http://85.209.11.204
hackermania.org
/api/files/client/s51
/api/files/client/s52
/api/files/client/s53
/api/files/client/s54

# Reference: https://www.virustotal.com/gui/file/318b4327dcbdff36cb1b5bd2eaa1b08e6f3da93a136656cd301fd6967f790f9e/detection

http://135.181.11.36

# Reference: https://twitter.com/gothburz/status/1727652849008472312
# Reference: https://app.any.run/tasks/dd323037-05ea-4581-9a95-e22519ecc05e/

africathrillthes.pw

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2023-12-01-v10477/1174
# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2023-12-03)

http://5.42.92.179
http://95.217.74.243
2311forget.online
accouncementdivecane.site
acidevenstrisj.pw
activitymousetaitrwws.fun
admplous.pw
albumerrorregisetep.pw
analysisswellenterw.fun
angerprofeessoa.pw
assignmentfinalyy.pw
awareforcemouthwjji.fun
baitbillioledbel.pw
banananationalists.pw
baseballherdowf.fun
baseballleadrwio.pw
beachterminaldiff.fun
beenovelskilleoiw.pw
belongblowrelatefw.pw
betrareptileplas.pw
braidfadefriendklypk.site
brickabsorptiondullyi.site
buffettrickopsd.pw
cakecoldsplurgrewe.pw
carpetcupboardtejjerew.site
carvewomanflavourwop.site
castlesideopwas.pw 
chairtrainlineadju.pw
cherryopposedii.pw
cinemaretailermkw.fun
climbavantgardefe.fun
coldcoercekowja.fun
combpoplaurap.pw
communicationinchoicer.site
communicationpalaoow.pw
conceptcallewrige.pw
confineconcertjuuioa.fun
conservationsownk.pw
conventionleaflew.pw
cooperatecliqueobstac.site
crisisestimatehealtwh.site
cropfemininedynam.pw
crudeleavelegendew.fun
dancenegotiationffi.pw
dayfarrichjwclik.fun
declineconclusioniwo.pw
definefolkeloi.pw
deletefateoow.pw
delivernoteturnwjkl.fun
diagramfiremonkeyowwa.fun
discriminationcagerf.pw
dominantwidthwuiw.fun
downloads.media-talk.ru
drilledtonerconc.pw
droppicches.xyz
effluxcoltural.pw
eliminatechemistrywj.fun
ensurerecommendedd.pw
episodeterrifylat.pw
factorxharasswe.pw
fanlumpactiras.pw
fashionlazynavyresewg.site
flatmourningdressow.pw
fleetconsciousnessjuiw.site
floozielyhowevermist.pw
flowseasonallissoo.pw
formansnappybel.pw
fortunedomerussea.pw
fowlcirlenospp.pw
freckletropsao.pw
frighteninflatejuwi.pw
funeralmaximumjsju.pw
gatelistcoldyeisa.pw
gearboomchocolateowfs.site
geminiflattyord.pw
glovesslave.fun
godlawyerfeelkw.fun
gracecassettecretw.pw
healdieplayeriw.fun
hearpoundesweety.pw
hemispheredonkkl.pw
hotcowerrecoreeew.fun
idealruinrewardesw.fun
issuefightgreetw.fun
laborermemorandumjes.pw
lawitemymodelefr.pw
leaffountainla.fun
lendremindcenterpassew.site
likehulkinggera.pw
limitedconvertjiw.pw
linearcarerefs.pw
lingerescapecleanwja.fun
loogsporus.pw
macaronnicoccker.pw
magazineaccountantw.fun
makegreatagaintwwi.fun
managertraditionwjua.fun
massagemotipoole.pw
meayyammgaterre.pw
media-talk.ru
medicinebuckerrysa.pw
medicinefixlowop.pw
missileverdictwj.fun
moodanvoterowklam.fun
musclechannelnomi.pw
musclefarelongea.pw
neighborhoodfeelsa.fun
neutralpastureop.pw
nz.voicechangeai.pro
occupytapsessijk.pw
offerdelicateros.pw
onsciouosoepewmausj.site
opposesicknessopw.pw
ownerbuffersuperw.pw
payfrecklematurei.pw
perceivedomerusp.pw
personalpromiseo.fun
piggepawneillusio.pw
pinkipinevazzey.pw
platteryippejkomaf.pw
politefrightenpowoa.pw
portionetensioaw.pw
possibilitydespaw.pw
quitstrikesizeowo.pw
racerecessionrestrai.site
ratefacilityframw.fun
refereealivewhu.fun
referralpublicationjk.pw
refusemiserableofka.fun
resortredrobenris.pw
respectablegirlwfwa.fun
retainfactorypunishjkw.site
reviveincapablewew.pw
ribbonfolkcrownyy.pw
roomsodiumdependew.pw
rosemoonsleeptoe.pw
ruleborderdynamiciw.pw
saffronmontybrisk.pw
scanintegrutybatowss.pw
secondrailroadoikj.pw
sentimentprecisio.fun
settlehillcanne.pw
showerreigerniop.pw
showpumpkicartsl.pw
silveraquariumjwu.fun
skipflowposses.pw
slabbymenusportef.pw
slantrearperiosdew.pw
smoothawarescreenyo.pw
societylaboratoryuw.pw
sofacalendareffewx.fun
soupinterestoe.fun
speakeminoritetea.pw
spontaneouslightss.fun
stabsicknessord.pw
suburbmeetabuseowp.pw
suppresssectionje.pw
swarmseasonbuckoo.pw
tankqueueipjsh.pw
tarantulamalaguenrr.pw
territoryrequersp.pw
thinkroarseso.pw
tidecharityhouseow.fun
tidyrespectexpow.fun
tropicanimjrka.pw
troubleexemptioni.pw
turkeyjoystickesp.pw
unawarealarmtwinjje.pw
vesselspeedcrosswakew.site
wakereviewhuwee.pw
wantpiecesoftef.pw
willpoweragreebokkskiew.site
wriggleregisterycos.pw
xpencildiscussiio.pw

# Reference: https://twitter.com/RedDrip7/status/1734513423545720913
# Reference: https://ti.qianxin.com/blog/articles/UTG-Q-003-Supply-Chain-Poisoning-of-7ZIP-on-the-Microsoft-App-Store-EN/
# Reference: https://raw.githubusercontent.com/RedDrip7/APT_Digital_Weapon/master/UTG-Q-003/UTG-Q-003_hash.md
# Reference: https://otx.alienvault.com/pulse/657898bb7319baba70af7f94

50kmovie.com
alosevera.fun
azwin.top
bcca.kr
brolink2s.site
broworker7s.com
browserneedupdate.com
captionhost.net
creatologics.com
danesh-gah.sbs
deputadojoaodaniel.com.br
dns.gobobby.life
download7z-soft.xyz
exe.foxpro.top
foxpro.top
gendalf.top
gobobby.life
gry.gendalf.top
gusel.mom
imagefilestorage.top
jjj.ustrun.top
kar.azwin.top
leanbiome-leanbioome.com
linta.software
mazerah.fun
my.gusel.mom
nallcentrlizeqweq.fun
nalosevera.fun
nbakedmatela.fun
nbrolink2s.site
nbroworker7s.com
nbrowserneedupdate.com
nbulletforx.fun
nduhodown.fun
nexe.foxpro.top
nfeathspacesaf.fun
ngry.gendalf.top
nh2o.activebuy.top
nhawsteamjoak.fun
nhi.salam.monster
nhowlcars.fun
nimagefilestorage.top
njjj.ustrun.top
nkar.azwin.top
nmazerah.fun
nmy.gusel.mom
nnoo.egogol.top
nop.topina.top
nplengreg.fun
nrosaryconbo.fun
nsec.estimate.top
ntak.soydet.top
ntop.toppe.top
ntu.trainlove.monster
nvzz.skitech.top
op.topina.top
opwer.top
skitech.top
topina.top
ustrun.top
vzz.skitech.top
zuripvp.tk

# Reference: https://twitter.com/Syndikalist/status/1734493554691514586

enzvoiceaichanger.site

# Reference: https://twitter.com/g0njxa/status/1735571631789969411
# Reference: https://app.any.run/tasks/3ae62135-57be-4047-b5df-88beea8cae70/

voicechangeai.pro
dz.voicechangeai.pro
ns.voicechangeai.pro
nz.voicechangeai.pro

# Reference: https://twitter.com/g0njxa/status/1737123594054906114
# Reference: https://www.virustotal.com/gui/domain/sergiocostantino.com/relations

sergiocostantino.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2023-12-23)

http://91.92.253.220
absorbbiblowskinj.fun
advancefishexeedw.pw
advertiseshotdecaywi.pw
angerbumpyardee.pw
arresthorrodrw.fun
attachmentartikidw.fun
attyclaim.com
betstamprareempiewa.fun
blastechohackopeower.pw
bombertublestylebanws.fun
breakfastchanneljw.fun
caneclothesdriverhen.pw
captivatechimpanzeef.fun
carstirgapcheatdeposwte.pw
chincenterblandwka.pw
claimpassivedebatw.pw
coastperfumeoslan.fun
conferenctdressingshrw.site
combinethemepiggerygoj.site
copyrightspareddcitwew.site
couragedistributeoeo.pw
creepfleetconfusew.fun
cruelslumpeeris.pw
cupaffordcathedralk.fun
cuttingcoachrecovr.pw
differentliftwelanew.fun
dragonporterloudjettyw.site
dreamtelevisiongues.fun
driftpasssingeriuw.pw
ed.softaipro.fun
en.voiceaichanger.pro
ena.voiceaichanger.pro
ena.voiceaichanger.store
ens.voiceaichanger.site
enz.voiceaichanger.site
eternalchopflattyo.fun
evokenumberpottruckere.fun
expenditureddisumilarwo.site
falsifydisappearsoaeka.pw
familiardvotecheapw.pw
feedbackspidermate.fun
fitnescivilianquesw.pw
folkloreinviteex.pw
froggraduategravi.fun
goddirtybrilliancece.fun
groannysoapblockedstiw.site
illusionqualifiedj.fun
insertrichdedicatewa.pw
interactivetreadrel.fun
jewelassertivebop.fun
kitchenfootballkiw.fun
lipstructorymusclewow.fun
makeexpectentrypon.pw
maskmusicalproplemanw.pw
mixperiodfrienndy.fun
mountainlegislaturel.pw
muggymidnightleanuu.fun
necklacecasecauseowa.fun
nestpatchfillfavo.fun
ownerteztapplicatiow.pw
paperambiguonusphoterew.site
pedestriankididentityw.fun
pickbeatmoduleprefer.pw
playerweighmailydailew.pw
preferencesubwaywad.fun
premiums.voiceaichanger.pro
promo.voiceaichanger.pro
qualifiedbehaviorrykej.site
ranchguarrelguidewa.pw
rarevaluediscow.fun
realitysocialiolee.site
recessionconceptjetwe.pw
representrecyclere.pw
revivalconflictgrippe.site
ritualaccidentrepu.fun
sideindexfollowragelrew.pw
solutionoutlineplaint.fun
speedslumpachierew.fun
stereotypebushexch.fun
subwayspellprotiso.fun
surfsponsorjun.pw
tablesockartfinewa.pw
teardesertfreewo.fun
technologyprosecutiw.pw
testifypiecefarst.fun
theoristnationalprow.fun
tollactionancestorw.pw
transparenteunlawfullyp.site
twinconstellationjkal.fun
underlinefreeapearew.fun
vegatablebeacjinser.fun
viewconceivegiw.fun
virtuereplacerentj.fun
voiceai.attyclaim.com
voiceaichanger.pro
voiceaichanger.store
weedpairfolkloredheryw.site
winnerparagrapdierw.fun
winterrescueplwo.pw
worrystitchsounddywuwp.site
voice.k7pw.com
voiceai.linkedsl.com

# Reference: https://twitter.com/g0njxa/status/1738890509404238017
# Reference: https://app.any.run/tasks/0dedb8f0-0d83-4360-add0-129319875738/

agedelayglacierwe.pw

# Reference: https://www.virustotal.com/gui/file/3715487205bd663c45a2cd4cf85a0a73183a20960d126e8ed3a461ef837c4144/detection

ntdll-update-connect.com

# Reference: https://twitter.com/kienbigmummy/status/1744582708045717901
# Reference: https://www.virustotal.com/gui/file/92b768cf585a5fa46bb9b86e9acec71ad56e4b2b93cc0e77f88da2cdb852dd7c/detection
# Reference: https://www.virustotal.com/gui/file/aa5c2e2376a44428339d1a91f5a48129a15271bb344e46b23fc76468000af67f/detection

build-villa.io.vn

# Reference: https://twitter.com/Syndikalist/status/1744772300946170119

voicechangeai.online
promos.voicechangeai.online
voiceai.electronicweldingcolombia.com

# Reference: https://www.virustotal.com/gui/file/7f44b17f4d1437f97e80e7f372f7b11db0ab21a7658d8521622ac68014014bd7/detection

copyexpertisesausewaverw.site

# Reference: https://www.virustotal.com/gui/file/16d52767bb629f7e84e2c4d770c844987366e9f5d36b52c5e68dea53e6a350be/detection

contextsuffreintymore.fun

# Reference: https://www.virustotal.com/gui/file/e7583882961b541180ce58c3c839fb57e80e467407cd4b2cc7d3ec039a220b62/detection

demonstratorleasheropw.site

# Reference: https://twitter.com/g0njxa/status/1751329389994721780

voicechangeai.online
premiums.voicechangeai.online
promo.voicechangeai.online
promos.voicechangeai.online

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-01-30)

http://185.172.128.154
acquisitionfinancej.shop
claimconcessionrebe.shop
culturesketchfinanciall.shop
gemcreedarticulateod.shop
liabilityarrangemenyit.shop
modestessayevenmilwek.shop
nationalistvetecanve.shop
negliganceassumeruew.site
secretionsuitcasenioise.shop
sofahuntingslidedine.shop
triangleseasonbenchwj.shop

# Generic

/c2conf
/c2sock
