# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: ostap, sload

# Reference: https://www.proofpoint.com/us/threat-insight/post/sload-and-ramnit-pairing-sustained-campaigns-against-uk-and-italy

maleass.eu

# Reference: https://twitter.com/VK_Intel/status/1021453551975817217

wjcqsstycdujc.eu

# Reference: https://twitter.com/reecdeep/status/1136581953770205185

casasmocambique.com

# Reference: https://twitter.com/reecdeep/status/1138006570934185987

consciousrevolutionist.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1167351884367237120

/angola/mabutu.php

# Reference: https://twitter.com/reecdeep/status/1172122826251415552

cvrwe.eu
ijve.eu
rdtber.eu
uilomiku.eu

# Reference: https://twitter.com/reecdeep/status/1185090113929388032

bohuffsite.com

# Reference: https://twitter.com/reecdeep/status/1186179780468719617

howeconsultingsf.com
nvroe.eu
rtexo.eu

# Reference: https://app.any.run/tasks/b6f6bfe1-c483-46c5-8abc-899c1e08f5d5/
# Reference: https://www.virustotal.com/gui/file/148d74e453e49bc21169b7cca683e5764d0f02941b705aaa147977ffd1501376/detection

dempoloka.com

# Reference: https://twitter.com/reecdeep/status/1192094807470030848

avs.bohuffsite.com
bohuffsite.com

# Reference: https://twitter.com/reecdeep/status/1216640918067056640

clubdeajedrezmatamoros.com

# Reference: https://twitter.com/reecdeep/status/1216659090941915137

hnerert2.eu
nweryh2.eu

# Reference: https://twitter.com/reecdeep/status/1221703060256325633
# Reference: https://twitter.com/reecdeep/status/1221708126824562689
# Reference: https://twitter.com/CertPa/status/1221774114446368774
# Reference: https://www.virustotal.com/gui/ip-address/185.197.74.169/relations

cramelcorp.com
delight-plus.com
hnerert.eu
hnerert1.eu
hnerert3.eu
nweryh.eu
oilkjhg.eu
turthgr.eu
tuyukj.eu
uybwer.eu
uyikjtn2.eu

# Reference: https://www.proofpoint.com/us/threat-insight/post/sload-and-ramnit-pairing-sustained-campaigns-against-uk-and-italy

cflfuppn.cn
ellapod.eu
xityeksmwi.eu

# Reference: https://twitter.com/reecdeep/status/1252531768462319617

nephemp.com/neplod/02581650393.jpg
joplock.eu
zarwrite.eu

# Reference: https://twitter.com/guelfoweb/status/1252552464651468801
# Reference: https://twitter.com/malwrhunterteam/status/1253347810537353217

zoomovers.com/momo/
woodlandislamiccenter.com/disop/

# Reference: https://twitter.com/VirITeXplorer/status/1259752786599829504

ptankers.com
bilkas.eu
tarfros.eu
illionback.eu
zapforyou.eu

# Reference: https://twitter.com/reecdeep/status/1277921837146652673

hnmrtew.eu
nerfvbg.eu

# Reference: https://twitter.com/reecdeep/status/1282637448699416577
# Reference: https://twitter.com/rootella_/status/1282570904539738112

lwyhef.eu
mzgotech.com
ponmer.eu

# Reference: https://www.virustotal.com/gui/file/3e9720f20d45daddeffbdff3a6543d0e12a75f323b5172c30bb2b7b16c277319/detection
# Note: ```/.well-known/pki-validation/w.php``` belongs to ```lokibot.txt``` trail

/.well-known/pki-validation/2c.jpg

# Reference: https://twitter.com/reecdeep/status/1305399383911997441

cvbyti.eu
uykjhfgn.eu

# Reference: https://twitter.com/JAMESWT_MHT/status/1305480728684232704
# Reference: https://www.virustotal.com/gui/file/147e1d26153de7bd5033968d64104bb9df597d1913f237f4f5b172f06414b775/detection

alkwti.com
designologyng.com
devopotamus.com
idrivehrcenter.com
innerearthartistry.com
sapphireloading.com
unequipoganador.com
weavehairstyle.com

# Reference: https://www.virustotal.com/gui/domain/geundik.com/relations
# Reference: https://www.virustotal.com/gui/file/6cc54a52311cd07394327c4e1b4f6aee3797665200f215abfaf4607b71829757/detection

geundik.com

# Reference: https://twitter.com/VirITeXplorer/status/1348551960941776896
# Reference: https://twitter.com/JAMESWT_MHT/status/1348569630449790978
# Reference: https://www.virustotal.com/gui/ip-address/185.156.172.108/relations
# Reference: https://www.virustotal.com/gui/file/cac189a5012b3ca0c2b420d5dcbadd0b20d377514baf4450219e37e19363e2ae/detection
# Reference: https://www.virustotal.com/gui/file/d61754005944686cef24924802bd7c192ee11f3e222f3f2b4a321a2cebc61dc6/detection
# Reference: https://www.virustotal.com/gui/file/f4e443285e418182fe8f11f755957ca096db495c94a1946bca1d69f0e29e8de1/detection
# Reference: https://www.virustotal.com/gui/file/d1e8b81e6f2874db743397c4fe0346a886b8539c4e0bb9a67a1ec4e2866fd678/detection
# Reference: https://www.virustotal.com/gui/file/d5ff868de414488362507dfc8a20f3df47114da6c5518ac0be9bd216bee01e59/detection

antivirucidal.com
belfetproduction.com
cxminute.com
ladiesincode.com
letonguesc.com
univirtek.com
ryunrth1.eu

# Reference: https://twitter.com/VirITeXplorer/status/1412000658698477568

opoietj.eu
sertyty.eu

# Reference: https://www.virustotal.com/gui/file/7f0195a75477d51b4f28d8509cbda22c2611d75e877276859498b074b773c322/detection

chinghsiang.com

# Reference: https://www.virustotal.com/gui/file/9655ea42cd676422eca02ae2c81c9caa7f1d7667d7c6e37d47733be16bda0045/detection

floridaprotiles.com

# Reference: https://www.virustotal.com/gui/ip-address/146.70.35.206/relations

compucema.com
jrsawesomebuilds.com
laserunlimitedindia.com

# Reference: https://www.virustotal.com/gui/ip-address/185.80.53.202/relations

bthfdr.eu
bthfdr1.eu
dgrtj.eu
erthgyrteh.eu
fgjusatik.eu
gjyke.eu
gyoin.eu
hjrdsyj.eu
hjui.eu
kuyikryf.eu
kuyikryf1.eu
rebnow1.eu
reybve.eu
rtyht.eu
ryunrth.eu
tytrgv.eu
tytrgv1.eu

# Reference: https://www.virustotal.com/gui/file/b23d4059edb249e79913e27a7e166017d4a50bb6f1220ef175830826d9b484a4/detection

http://195.123.241.180
/kiytrscuvbuytnkudjvt/

# Reference: https://www.virustotal.com/gui/file/81404cb0efe62dd91dbf7259d34fa1577cd2d74c353a4cc1a9b7eede24720592/detection

tuktuk24.pw

# Reference: https://twitter.com/vinopaljiri/status/1481707473534951428
# Reference: https://bazaar.abuse.ch/sample/e39c7edbd6d906a8c2c3b5bd2825dd11b7e0ca57a80802da11c202f9a5154c13/#comments
# Reference: https://www.virustotal.com/gui/file/7e1f267168a9c065009aedae592610e35c37eb59a04167bb5d982ca54fab2536/detection
# Reference: https://www.virustotal.com/gui/file/62128124274283114c9e1a4ee695bdbb3ef9892d8588830820dd2049bcb054d7/detection

http://193.56.146.34
193.56.146.34:6666
193.56.146.34:7777

# Reference: https://twitter.com/reecdeep/status/1490667104705650688
# Reference: https://www.virustotal.com/gui/ip-address/185.117.91.147/relations

hgjui.eu
hkjt.eu

# Reference: https://www.virustotal.com/gui/file/affe48775d86f29b81657a2d916ea72d9ea313286487df3f455523db1abc4992/detection
# Reference: https://www.virustotal.com/gui/file/d863704583bd135ddb01295ec8df0d7e23b7d036dd29205433f976c447b31ea4/detection

energyreviews.info

# Reference: https://www.virustotal.com/gui/file/84c88c3462ce8586c3123bbf0eb330e7ede6cc334ca29eccfd593ac54a612f89/detection

hostlan.ddns.net

# Reference: https://www.virustotal.com/gui/file/701a3bea607466d8695b0529154db8ad8f612079cc387e170a379df22fd26423/detection

documentfiles.org

# Reference: https://www.virustotal.com/gui/file/862f90934b1e70fcba4d100ec6a2525e72fc9f5564ca578f8b638144995d98f4/detection

culiacanmexapp.com

# Reference: https://twitter.com/malwrhunterteam/status/1505117542284673029
# Reference: https://www.virustotal.com/gui/file/8b78abdcbf1f920e48cd6b2f0f98f054722aeed85dad2156510c7345dc79adb1/detection
# Reference: https://www.virustotal.com/gui/file/eaf65589091d918eed715bfdcdc58693003bde48ebbb251a7bc4e55a52ba83a5/detection

webtenders.top
39eedg.webtenders.top
86eiwv.webtenders.top

# Reference: https://www.virustotal.com/gui/file/fc95c2c59d3abdff84fbf0bae9f65a24e2f3b27096134a425f58ff9bf9eca9ea/detection

md2022.3utilities.com

# Reference: https://twitter.com/reecdeep/status/1506170018437992453
# Reference: https://www.virustotal.com/gui/ip-address/185.117.91.152/relations

nmhholiut2.eu
pluner.eu
trehge1.eu
yjtyhm2.eu

# Reference: https://twitter.com/reecdeep/status/1513468470041661442

tyhretj.pw
tutyjk.eu

# Reference: https://www.virustotal.com/gui/file/45fbcd97f558df487706a5efee45fcd56a53d6d0225c4da2b3f5e07f44d6573c/detection

199.102.48.251:1433
sql8001.site4now.net

# Reference: https://twitter.com/f3d__/status/1526134628993716225
# Reference: https://www.virustotal.com/gui/file/04c5bd98c76723f2dc52ed506de1aadcd9c523655ee290954ded5064557a79b3/detection

jopkerto.tech

# Reference: https://www.virustotal.com/gui/file/013ad204ea94407ae80f99de9d790b1dc4881a228b841ff2a7edafe327971891/detection

powerdust.digital
restoreuseroffers-api.com

# Reference: https://www.virustotal.com/gui/file/49b6d7bcd5df2820a565cb74d420aa9bebca88a5ef77e5cb512996a064be33ec/detection

http://54.254.255.10

# Reference: https://www.virustotal.com/gui/file/a2bc4705df30cf44e95978b9ae8f48b5a79b2d43e42a87ad3e7bfdad23aad5fe/detection

199.102.48.248:1433
sql8003.site4now.net

# Reference: https://lists.emergingthreats.net/pipermail/emerging-sigs/2022-May/030669.html

truecolor8.xyz

# Reference: https://www.virustotal.com/gui/file/b20f82311894af0f53a50b90959503676f95ccea983a331acc4ef23a300c5383/detection
# Reference: https://www.virustotal.com/gui/file/4e0c08afd422a68d4908cd18f47694e089f916e81d53e05adfb2ddf689be5927/detection

http://170.187.237.76

# Reference: https://www.virustotal.com/gui/file/0926c663a25cbea1ce98b2ec061c31b7493ab6494f5c6c6c765576da139d5896/detection

5.206.224.233:445

# Reference: https://www.virustotal.com/gui/file/d9d32cc03cd04e5b2bd3f1158424451b253880d139c0309e13170f353d1ab51a/detection

sanggap.vn

# Reference: https://cert-agid.gov.it/wp-content/uploads/2022/06/sLoad_09-06-2022.json_.txt

bertfhop.eu
bertfhop1.eu
bertfhop10.eu
bertfhop11.eu
bertfhop12.eu
bertfhop13.eu
bertfhop14.eu
bertfhop15.eu
bertfhop16.eu
bertfhop17.eu
bertfhop18.eu
bertfhop19.eu
bertfhop2.eu
bertfhop20.eu
bertfhop3.eu
bertfhop4.eu
bertfhop5.eu
bertfhop6.eu
bertfhop7.eu
bertfhop8.eu
bertfhop9.eu

# Reference: https://www.virustotal.com/gui/file/3a4356af5c91c4e46877dacb2b88502763dfc1af0064339fa7f2b9bdad11cf78/detection

supportcheck-dns14.ga
wilkino.ml

# Reference: https://twitter.com/malwrhunterteam/status/1536428969188261890
# Reference: https://www.virustotal.com/gui/file/20d194fe98e33e152bd6a652188bb0da42e243780e718f88999fa1d4029b0f81/detection

coalminners.shop

# Reference: https://www.virustotal.com/gui/file/2e9fe6cb074abe9e4d34ca1ce2ab1e4da5f55d70ceaa349a96df00a6e2502379/detection

liveonedgessprinkle.xyz

# Reference: https://www.virustotal.com/gui/file/ab790bf86be272ed47cd9c13f060a8bf28e4d424d7716780f9e8fb27301212bd/detection

riquepuge.xyz

# Reference: https://www.virustotal.com/gui/file/12eb1cec67cb261d33c202f79ba0fad5468aaa3fcfc76f663b1618f3a7ece58c/detection

heltayokke.temp.swtest.ru

# Reference: https://twitter.com/malwrhunterteam/status/1539331504081453057
# Reference: https://www.virustotal.com/gui/file/d5fc8f42b8ec97ce6ae6007b994c855dd2b07e98697d0c2d2990d9b080d044c1/detection

http://185.66.88.250

# Reference: https://cert-agid.gov.it/wp-content/uploads/2022/06/sLoad_30-06-2022.json_.txt

caretui.eu
hgrtjutyik.eu

# Reference: https://tria.ge/201130-hvly2vhsjs/behavioral1

estebankott.com

# Reference: https://tria.ge/201123-tcqt2tttye/behavioral1

fhivelifestyle.online

# Reference: https://tria.ge/201123-m56x24578n/behavioral1

owensii.com

# Reference: https://cert-agid.gov.it/wp-content/uploads/2022/08/sLoad_01-08-2022.json_.txt

fdhtyi.eu
fredcoi.eu

# Reference: https://twitter.com/StopMalvertisin/status/1567358749672902659
# Reference: https://twitter.com/ffforward/status/1567405904240181248
# Reference: https://www.virustotal.com/gui/file/c08ba7c0297cd515c5a24918f6e1ec705b72cdeea40078494d8b51de447b6b8c/detection
# Reference: https://www.virustotal.com/gui/file/c43dfda63e6e534776eb24d284d0bdf21115181b49d6e31091de795d957cb5fc/detection

azure-company.net
cloud.azure-company.net
d.azure-company.net
secure.azure-company.net
word.azure-company.net
world.azure-company.net

# Reference: https://www.virustotal.com/gui/file/dc6c402f9d2caa06d694279015602cb4731015b11ac44abeec9c093bed198b7d/detection

88.151.101.56:8889
s2mail.hu
blowjob.silentsignal.hu

# Reference: https://www.virustotal.com/gui/file/d36e6effd2db4d5a34016d492a08142994fafdc24dd65631c240efa3cc7fa56a/detection
# Reference: https://www.virustotal.com/gui/file/77af67e929da5ffb9cbec2effb7aa30d2af75d6bef2a5aff82501d86792605fa/detection
# Reference: https://www.virustotal.com/gui/file/60c152156f1f993f8aa4ab6b7266afe086f843a369f3253b87452f1b4ffbc795/detection
# Reference: https://www.virustotal.com/gui/file/187e9e08f1237fbfe27e7c60efb24aeb110e1d2747a612dff900d5729cfc1c42/detection

raysend.ddns.net
/1100914_cgmh
/1110804_promate
/1110915_tcbbank
/1100914_cgmh/
/1110804_promate/
/1110915_tcbbank/
/1100914_cgmh/att.php
/1110804_promate/att.php
/1110915_tcbbank/att.php

# Reference: https://www.virustotal.com/gui/file/29b3cf17d3b9bbfc858e027f988bd7077c67b1dc2d9fc240892e868b5097f4f2/detection

101.99.90.117:8080

# Reference: https://www.virustotal.com/gui/file/66b9071271d849ed6168a0987d3f1a626926fee7b6031b3868d8da0b344c1f95/detection

http://45.77.248.204

# Reference: https://www.virustotal.com/gui/file/eedb863078dbdbd83a0d52d86dd779f27115360e17676e539602f4e1a8c9437c/detection

http://195.133.18.63

# Reference: https://www.virustotal.com/gui/file/9c8d007d755dc44d07bf97acf187252a5a3691fc91e3810b7d1d4710dbbdf886/detection
# Reference: https://www.virustotal.com/gui/file/bccdf089864bc3a209ee2e659952905904a963945e5b52a515f88f9556145228/detection

tahtsaasdasdasdawedw234135asdsadsadsadsadasyeetwebhoost000.com
/yeet/thatsthek3253255435inglu345345435211343243232432432234er.html
/thatsthek3253255435inglu345345435211343243232432432234er.html

# Reference: https://www.virustotal.com/gui/file/eeaa829e42e608e845c8d0a048d8e57ddbf56ed9c86733dc8af47a244a7fd3ec/detection
# Reference: https://www.virustotal.com/gui/file/c9f0a470c33a36cc76ebe89ef9055dca4cebb217735ca1564f9aaa435bb6fb5c/detection
# Reference: https://www.virustotal.com/gui/file/2b6f03e06241154c2ef9f527da05250f7ae280ce8bcc54b4bfad70977cdc48ab/detection

tahtsayeetwebhoost000.com
/thatsthekinglucifer.html

# Reference: https://www.virustotal.com/gui/file/1acc2cd58dc3088174722758ae80c643badaec512af4b847b89d8fd9354af224/detection

konyahaberler.xyz
dicomm-001-site35.ctempurl.com
/anesrq/
/hxjxxwav/
/nlbzyhfs/
/pmslsda/
/tfbgl/

# Reference: https://www.virustotal.com/gui/file/17f597ac79d80d40d89530d14ef9e1128e11ea0f9521c18b2808d74c91c5ee85/detection

w67270es.beget.tech

# Reference: https://www.virustotal.com/gui/file/056b316197c959d0f8af89dcd0940b6aa3dd9679bf6776adf27d2d130303493a/detection

i92951pr.beget.tech

# Reference: https://twitter.com/h2jazi/status/1583462430780182529
# Reference: https://gist.github.com/usualsuspect/2daa864841a06f50e199930e5898611b
# Reference: https://www.virustotal.com/gui/file/e58103f462174deb92790c59d4e412f032818651b703c84c3ee38e70cc49511d/detection
# Reference: https://www.virustotal.com/gui/file/eac98b403ca300e25f9bbcca474f39ca7495c61a4c86b259e4e0df2bfabd565e/detection

http://64.44.135.5
/online_998212.php
/register_219921.php
/upload_887741.php

# Reference: https://www.virustotal.com/gui/file/673883ceb7adf30ad980e5e51b7515414becba3b5f6b96068dc4d35b092799fe/detection

apitucariamod.tk

# Reference: https://lists.emergingthreats.net/pipermail/emerging-sigs/2022-November/030797.html

download.agency

# Reference: https://twitter.com/1ZRR4H/status/1590745721783087104
# Reference: https://www.joesandbox.com/analysis/1110451#iocs
# Reference: https://www.virustotal.com/gui/ip-address/162.0.232.115/relations

ad-sweden.com
easynsecureinvest.com
sunat-mail.xyz
sunat-pe.store
sunat-pe.xyz
gringox1.chickenkiller.com

# Reference: https://www.virustotal.com/gui/file/18a93ea98b124495d6bd81df64b1871d461f90f1c895b291238e233f87720707/detection
# Reference: https://www.virustotal.com/gui/file/457f1b161cd8b64b34f83155815f4e521c35395d9c1192ae21df5ce8784e6982/detection
# Reference: https://www.virustotal.com/gui/file/d053fc782cf5ebd34469ac390c557eb24394cb9efdf06b542e9da9ce23b99635/detection
# Reference: https://www.virustotal.com/gui/file/132e9fd665e88ab0884befa3c3ca6bd75ec788dbe9499b99c1246ea22a4140b0/detection
# Reference: https://www.virustotal.com/gui/file/18a93ea98b124495d6bd81df64b1871d461f90f1c895b291238e233f87720707/detection
# Reference: https://www.virustotal.com/gui/file/ae6189de6a562bdfcb338fdbcce6da8529e997e8f76be6daf865f7fdf895d9c1/detection

trock2.xyz
trock3.xyz
trock4.xyz
zairtaz.com

# Reference: https://www.virustotal.com/gui/ip-address/45.61.136.68/relations
# Reference: https://www.virustotal.com/gui/file/ceb0b6871855e86846c8a8f41d1aac362461bf6f7a35bb62edd5e362e45a85f3/detection
# Reference: https://www.virustotal.com/gui/file/39e9ca4f263b9b58cf62a8dc422184b9737448e7a281d41d6315a596b4ae3e96/detection

45.61.136.68:8443

# Reference: https://www.virustotal.com/gui/file/3730f842e22fb8208fc2b2e7ae2a50e51bd1eada82257172076cb16ddf99fc62/detection

necrobod.top

# Reference: https://twitter.com/malwrhunterteam/status/1597924083899170822
# Reference: https://twitter.com/malwrhunterteam/status/1597935776381423616
# Reference: https://www.virustotal.com/gui/file/8e195903baa4f7d5f30c20f95706a1cd669e49a73a300f270304abe996e511a6/detection

enoclima-001-site1.htempurl.com
systemspro-001-site1.etempurl.com

# Reference: https://twitter.com/malwrhunterteam/status/1620853142077456384
# Reference: https://www.virustotal.com/gui/file/bd743e9e8171a8a0feea98e293ea372cfd5b328e6bec9e534f210bd7f94fbe1c/detection

comfort-001-site1.dtempurl.com
roniltd-001-site1.ftempurl.com

# Reference: https://www.virustotal.com/gui/file/6f21b0d86f14bfc37b67da2377ba5836eff98ed12ccfc65c0a772ed9782e9122/detection

http://54.39.233.130

# Reference: https://twitter.com/k3yp0d/status/1601883693131468800
# Reference: https://www.virustotal.com/gui/file/ae532935a45eb3637d5346d5e6b3a4645863d2d27e557f90457c5fa3c7429ade/detection

http://185.97.118.249

# Reference: https://twitter.com/malwrhunterteam/status/1602395550975918113
# Reference: https://twitter.com/malwrhunterteam/status/1602420210711105536
# Reference: https://www.virustotal.com/gui/file/34f2970bbb70a0f2efa74c4614cfd002a58433b5178b98b194969871ddee050f/detection
# Reference: https://www.virustotal.com/gui/file/94c41f453c2755b682fbcdd807061f753c5cf2ba5a14aafe251e565f938a797e/detection

188.120.235.227:443
62.109.25.230:443

# Reference: https://www.virustotal.com/gui/file/413d45477384c1461ca6f84a771479ee91a12474ccfe35d051f184785c2d9362/detection

nacimbio.com.ru

# Reference: https://twitter.com/malwrhunterteam/status/1603734566660882432
# Reference: https://www.virustotal.com/gui/file/5db4afa2773dc7fe62fbad37f966a292065d39990678a2a481264c91e8674f15/detection

fernandagomes.mom
meaa2v.fernandagomes.mom
p6agz.fernandagomes.mom
w8uenr.fernandagomes.mom

# Reference: https://www.virustotal.com/gui/file/a132d8b608ed740dbc38d8f79a785935fd9d209153b187b85842c0ebbbd779b2/detection
# Reference: https://www.virustotal.com/gui/file/95920d7b8adb29f59731ceb6aa8d69799875a398fa7814983a86be66c85cc087/detection

form-results.net

# Reference: https://www.virustotal.com/gui/file/079bf93dcaacbf1bb3ce5b5318157414f3cb65fc9a72312c700311caf752880c/detection

stronghoodserver.xyz

# Reference: https://www.virustotal.com/gui/file/8a5c880b1bdc4499d827536d67c5905553a138de27e780a4ef1d5c0dafeaf311/detection

http://185.20.186.53

# Reference: https://twitter.com/VirITeXplorer/status/1605208471586086912
# Reference: https://www.virustotal.com/gui/file/0e87250ee492e4380e288ef7f8f7a66d5b764578bbbe74eaff738a81045d5e38/detection

nibpur.com

# Reference: https://twitter.com/SBousseaden/status/1605893068045144066
# Reference: https://twitter.com/SBousseaden/status/1605898074454429702
# Reference: https://isc.sans.edu/diary/29376
# Reference: https://www.virustotal.com/gui/ip-address/31.41.244.53/relations
# Reference: https://www.virustotal.com/gui/ip-address/31.41.244.54/relations
# Reference: https://www.virustotal.com/gui/ip-address/31.41.244.55/relations
# Reference: https://otx.alienvault.com/pulse/63a5b253fafdcb6eb69c5c7d
# Reference: https://www.virustotal.com/gui/file/029210065e177399d8e84248e30e6edea12a6f8a80ac9f42a97c308d48599294/detection

http://185.163.45.221
http://195.133.196.230
http://195.2.81.70
http://46.151.24.226
acehphonnajaya.com
dogotungtam.com
israelifrenchbulldogs.com
aerjlakerl.online
aerrkaler.online
ajerlakerl.online
aseroqpwrrtl.online
baherlakerl.online
boleriaae.online
cklicverto.space
cklicverto.website
coldcreekranch.com
daerkalero.online
daeroqioalerk.online
daeroqpwrola.online
erqowwela.online
erquipoe.online
gaherlaler.online
getherkae.online
hetriaelr.online
oferialerkal.online
qweiaoer.online
reajksrltr.online
therkaler.online
tyaerahger.online
zaeroalerk.online
bandaiosk.site
bolumbernar.site
casanistent.site
clovenant.site
coronentask.site

# Reference: https://twitter.com/fr0s7_/status/1605908087562436611
# Reference: https://asec.ahnlab.com/en/46865/
# Reference: https://otx.alienvault.com/pulse/63dd0dfabe956f4746fa7816
# Reference: https://app.any.run/tasks/43bd77b6-f553-41f3-b134-ef39e420c39a/

fastfilestore.com
filecompact.com
filetodownload.com
filedowns.net
the-fast-file.com
naver.filetodownload.com
naver.filedowns.net

# Reference: https://www.virustotal.com/gui/file/1af9b6d0955fce9f86d7874dea1f63ddd3dd7abe774430a555703457b5c04ca8/detection

8llc.net

# Reference: https://www.virustotal.com/gui/file/13834a3234d31cb5d15bafaa76fe496756abd2c742c27b317a834b8ba2fd1c31/detection

1otal.com

# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-12-28-IOCs-for-NetSupport-RAT-infection.txt

http://79.137.202.132

# Reference: https://twitter.com/sakaijjang/status/1609072061691068416
# Reference: https://wezard4u.tistory.com/6314 (Korean)

http://162.202.12.69

# Reference: https://twitter.com/StopMalvertisin/status/1612686998380367872
# Reference: https://www.virustotal.com/gui/file/d93914b0a18ba85eb17b8b9ac2fff89af58671b9291d86d85b799fd9f1c5f37f/detection

donew-order.com
wintop-rus.com

# Reference: https://twitter.com/malwrhunterteam/status/1613974272929562648

2hook2hook.tk

# Reference: https://www.virustotal.com/gui/file/8574472a406c42402e4ccc2d1130a243267421787052e2bf308184860735e4b0/detection

justatmeis.life

# Reference: https://www.virustotal.com/gui/file/ff94d073b6b56b97b73e0e4b41fd391a8a341ef55c699b1cceee2363de817bdc/detection

141.95.84.40:3000

# Reference: https://www.virustotal.com/gui/file/f80699c3fd7eaeeb520e30674bd728d2050e61735c8202bfdafab115529318c2/detection

141.95.84.40:6666

# Reference: https://www.virustotal.com/gui/file/b70e128727f97cf565488c4ec88fbf441e756708c45a9a00d4e0a03a00270a79/detection

141.95.84.40:3080

# Reference: https://www.virustotal.com/gui/file/a4b62b658e2f2bf3c2325549d400e09f17afd8b30482aef6355e93adc71ae534/detection

141.95.84.40:1111

# Reference: https://www.virustotal.com/gui/file/57a4f08b3418d83dea03950e0278dba7e3d43de03d6f34d76ad5dd66ca5dc5c5/detection

141.95.84.40:8880

# Reference: https://www.virustotal.com/gui/file/51827193b9913cf02906d5a816b7a623795d2b2e3c7573398d625365e9264bca/detection

141.95.84.40:4783

# Reference: https://www.virustotal.com/gui/file/28023f9c0eefe5e47193e2980e06f93c3e50d2e64273a54cabe47f3011702036/detection

teams.root.sx

# Reference: https://www.virustotal.com/gui/file/75177399e434689c236cb7341b30de17b7f98e301023eadcad1ebb4df93ec968/detection

5.3.139.29:12000
5.3.139.29:8020
9bit.root.sx

# Reference: https://www.virustotal.com/gui/file/0857a8d13d35ce4155c3bf20d43ca5417642dba1fa9cd62a6826156db83509f4/detection

http://172.174.176.153

# Reference: https://www.virustotal.com/gui/file/01ebbab4f468bbdec6d537ee0cfd16a99f635e71697e5d93772a6da0fa49c351/detection

lesav-m.keenetic.pro

# Reference: https://twitter.com/malwrhunterteam/status/1620544434822877184
# Reference: https://www.virustotal.com/gui/file/fa96d202d7d709fa13f5ee0810d03c85ec66b1a842938582de0286da9302194c/detection

http://3.127.208.155

# Reference: https://www.virustotal.com/gui/file/0ca5123f5eda465db9f90003f8ff8bc77afaa88034a0b64564bcd4d96718e573/detection
# Reference: https://www.virustotal.com/gui/file/dd70cde84fe271d20c2ddd38445f58004f3f07ab49960f7d7d9da6f43c9cf107/detection

20.100.173.74:6102

# Reference: https://twitter.com/JAMESWT_MHT/status/1626246267142651906
# Reference: https://app.any.run/tasks/52c2a12d-980f-42d4-b6b9-01ef797afa88/
# Reference: https://www.virustotal.com/gui/file/02c0287ef7e582ab40149de264782b6e6d8aaa853aaf773b25749fa41e056a2b/detection

lijosa.com
uqeu7tir7m4k1lz0phdr.com

# Reference: https://www.virustotal.com/gui/file/9efd9ba4ed7a9f2f5861bff81547c53d1b70e0c0ecfa1ccc9610a75a761681ce/detection
# Reference: https://www.joesandbox.com/analysis/993278#iocs

kzeaqky6axif3jukzx7jj7ylhfgtytpb3xeojsfigogriyv6bv3cimyd.onion

# Reference: https://www.virustotal.com/gui/file/e390d6e193c5d42632c920a7e57002b6f54b80ccfafd0a75c86738fa47e4a737/detection

sll.li
app.sll.li

# Reference: https://www.virustotal.com/gui/file/9a6542e7da5c82465fd053f020d82161a8995c3353b58ac9b3e085d70d9ecf8d/detection

http://62.197.136.3

# Reference: https://www.virustotal.com/gui/file/523918f3bcbecc4b5e87175a83055849780b0e52c7e846a028722b8b35461fe7/detection
# Reference: https://www.virustotal.com/gui/file/8532a585baee116f9dda34ee3cf73c3dd50ba510bcd242a48dd113f23c512280/detection

20.187.104.130:3849
20.187.104.130:3857

# Reference: https://www.virustotal.com/gui/file/91039f60586fb846a6139fd5f1d6ce353c677b3776029494783d52d13c72d4fc/detection

20.164.207.94:1020

# Reference: https://www.virustotal.com/gui/ip-address/79.124.8.24/relations
# Reference: https://www.virustotal.com/gui/file/84868d405a26268627b642c3affc62595f9b45ab31e60df6e50a98bce70e1dc6/detection
# Reference: https://www.virustotal.com/gui/file/697bc999409c87f4ef4c5310764f8a129bbf35757540fc2a696020a34e0fecd8/detection
# Reference: https://www.virustotal.com/gui/file/b87af77c70fa7eeb039a0469ec2ed2a782f193c39459d851428d68377f328d30/detection

newinsurancejob.ru
newinsurancejob1.ru
newmakingmoney2.ru
newmakingmoney3.ru
serverdard.ru
serverdard1.ru
serverdard3.ru
stubuploadbykukuru.ru
stubuploadbykukuru1.ru

# Reference: https://twitter.com/wwp96/status/1628126394487300096
# Reference: https://app.any.run/tasks/bcf7055c-4d1a-4cc6-a7c1-a3656b61627a/
# Reference: https://www.virustotal.com/gui/file/2c814c61891a1b3b9067b82b5357d13505b4ced6fd827fdde4c3116efb3f9cef/detection

http://104.156.149.6
mandalorecnote.com

# Reference: https://twitter.com/malwrhunterteam/status/1628415758156931074
# Reference: https://www.virustotal.com/gui/ip-address/193.42.33.121/detection
# Reference: https://www.virustotal.com/gui/file/19994528fd5ed4e5dde591bbd4c10ea69449596a75d7102c1335fa21a94f3998/detection

http://193.42.33.121

# Reference: https://www.virustotal.com/gui/file/2040a00e8ecb93a33ee59b9b9b2837225f9121280fc74f565de524c61b2c220c/detection

http://103.147.185.18

# Reference: https://www.virustotal.com/gui/file/08f49df7f9f25682078b77213fc10969ee007fe236dcf70263114d0986aa33e3/detection

178.175.142.195:54878
entropy.group
update.entropy.group

# Reference: https://www.virustotal.com/gui/file/0e4f63bdaadc18c2a261aa7524209978986266094539abbbe2f7f0e55c0aa064/detection

171.244.57.196:222

# Reference: https://twitter.com/malwrhunterteam/status/1630559634963480577
# Reference: https://www.virustotal.com/gui/file/644d41773f6bf13819d1e2c6f26f759538bf1e9ec07ae995cd166beb5cfcb907/detection

osjovanmikic.edu.rs

# Reference: https://twitter.com/h2jazi/status/1630983583727747085
# Reference: https://www.virustotal.com/gui/file/8dfedb354b4d23fb31c24d449dae841a40759d8ed04a904bbb271f08dfa6e006/detection

nationalweatherserviceapp.com
sc.nationalweatherserviceapp.com

# Reference: https://twitter.com/malwrhunterteam/status/1630881334582210560
# Reference: https://www.virustotal.com/gui/file/d3bea31897d661a7f0d134e82292de2082e660f34d22f9247480738dce70976c/detection

karena.info

# Reference: https://twitter.com/doc_guard/status/1630909953639579648
# Reference: https://www.virustotal.com/gui/file/c6cf98ecfc06b5f5fe496b81d0cae90b93ce1dbf6e4c10efd03bedb8e67f005a/detection

wealthcapital.digital

# Reference: https://twitter.com/0xToxin/status/1631281875195949056
# Reference: https://tria.ge/230302-qbdbbscf6y/behavioral2
# Reference: https://www.virustotal.com/gui/file/27ecfa00b539c43909201151775ddfdfb7dc6f86556e13a41ea10efb2e8d76f3/detection

http://176.124.217.20
http://212.113.116.147

# Reference: https://www.virustotal.com/gui/file/f706e65275fa8d0bfc5254d0814dad695c0aba0acfee5d54f2f946bef074055d/detection

realizeimeusonho.co
uiuahm.realizeimeusonho.co
xgiaww.realizeimeusonho.co

# Reference: https://twitter.com/malwrhunterteam/status/1632806055133495298
# Reference: https://www.virustotal.com/gui/file/e72dc71684d57785129e128b05212467e528912106c8fe63c25baacbf0340ea5/detection

http://5.8.8.100

# Reference: https://twitter.com/wwp96/status/1635316522355945472
# Reference: https://www.virustotal.com/gui/file/f8726f2d5b6138a617a48118eafa412cc488b0142ed3031c5eda33244765182b/detection

45.80.158.65:222
macmax13.dynalias.org

# Reference: https://twitter.com/embee_research/status/1635613492232486918
# Reference: https://www.virustotal.com/gui/ip-address/47.252.45.173/relations
# Reference: https://www.virustotal.com/gui/file/80aad667f60f6283a3195a937fca2591299bbcecfd3c76ad4215a40961718b01/detection
# Reference: https://www.virustotal.com/gui/file/19efed6c9d1af91c5c11b6fb44a4fd06e9d418c8b294d78734524df7b6c7e71d/detection

gurnard.sbs
mbantilanda.top
mbenza.top
boston.gurnard.sbs
colorado.gurnard.sbs
denver.gurnard.sbs
montana.gurnard.sbs
dick2.mbenza.top
dick4.mbenza.top
dick6.mbenza.top
dick8.mbenza.top
file.goosenecks.sbs
fun.goosenecks.sbs
job.goosenecks.sbs
nensi1.mbantilanda.top
nensi3.mbantilanda.top
nensi5.mbantilanda.top
nensi7.mbantilanda.top
work.goosenecks.sbs

# Reference: https://twitter.com/malwrhunterteam/status/1636480630350331910
# Reference: https://www.virustotal.com/gui/file/c6cbe381d581107b6531067e9108febd3016c9335c1d773e1b1e0ee435525111/detection

csl-invest.com
sony.csl-invest.com

# Reference: https://twitter.com/malwrhunterteam/status/1637072764174585856
# Reference: https://www.virustotal.com/gui/file/388e1f36d35dcbe4675821f4104514f66bcefdee33752acad874e45bdf44499a/detection

meubooking.com.br/2023/reservations.php?file=

# Reference: https://www.virustotal.com/gui/file/20ca052bc52642c405973b7085edbb40b22aa28d7e781dddc43760097ea58722/detection

a0745450.xsph.ru

# Reference: https://www.virustotal.com/gui/domain/skynetx.com.br/detection
# Reference: https://www.virustotal.com/gui/file/32100b2bece73242da58c2bfd1e8e335e3616c6346c54464e9c0d3453bfd1f6a/detection

skynetx.com.br

# Reference: https://twitter.com/jaydinbas/status/1637806949931577354
# Reference: https://www.virustotal.com/gui/file/b54853a58dbd27ba8dfa978cdcd28327b66ba7359d4b14a3a3f105b63595809d/detection

http://149.28.140.122
techvibeo.com

# Reference: https://twitter.com/doc_guard/status/1637932033765769220
# Reference: https://www.virustotal.com/gui/file/58e6856571868d55dbfd636710ac2590c574589c7609402d5f7cdba17ba78653/detection

gripaco.gr

# Reference: https://twitter.com/StopMalvertisin/status/1638202950928703490
# Reference: https://www.virustotal.com/gui/file/1a0dbaef78cc34c9d60972aec1f89e20ea9cbddad07ce897a2552a719919d8db/detection

http://35.177.182.187

# Reference: https://twitter.com/jaydinbas/status/1638532960595898368
# Reference: https://www.virustotal.com/gui/file/56425e7b644e91d929186a11704b92a657f970b1e3ea32c249b0d2ab95f83fd4/detection

ntc-netpk.serveftp.com

# Reference: https://twitter.com/malwrhunterteam/status/1639320109130063872
# Reference: https://www.virustotal.com/gui/file/783d6753583a5d4a01fdd93d242e29f76324625d3b1c701a3fac161aa325bfce/detection

grconstdesign.com

# Reference: https://app.any.run/tasks/39a97065-c83c-472c-9976-78601a55ffde/

185.12.45.26:41043

# Reference: https://twitter.com/r3dbU7z/status/1639938724711616512
# Reference: https://www.virustotal.com/gui/file/4f74acef6d7c54e20e37dc1023dbf0e16af6e942ac6b401be6dc24ae4f1079ee/detection

http://103.123.242.104

# Reference: https://twitter.com/sicehice/status/1640160970994753537

185.225.74.72:8000

# Reference: https://twitter.com/sicehice/status/1640172761594335232
# Reference: https://www.virustotal.com/gui/file/7b67e609cebf71e73de96164e0aab3f119167d5857b51393c22c5f68e0eb147b/detection

http://18.218.30.74
flb.itplushost.com

# Reference: https://twitter.com/sicehice/status/1639251947332194305

http://45.33.88.161

# Reference: https://twitter.com/sicehice/status/1639090824540749824

http://45.137.207.151

# Reference: https://twitter.com/sicehice/status/1639052756093743104

35.162.248.7:8000

# Reference: https://twitter.com/sicehice/status/1640816987113762817

141.147.4.146:10000
141.147.4.146:8081

# Reference: https://www.virustotal.com/gui/file/4cd96a6edbd8b5d526a34d6c4bf4396d2d94fd30e2e4d22a7364bf6f6214dbbc/detection

sleda.eu
sleda.sleda.eu

# Reference: https://www.virustotal.com/gui/file/ec56d42e349c438158f5a7f619da9fbf301a22cca63c9332b7323d7f18ebb868/detection

helpachildinukraine.one

# Reference: https://twitter.com/jstrosch/status/1643626772632678402

naostech.org

# Reference: https://twitter.com/shaybt12/status/1644593596690038784

134.209.113.185:8000
206.189.151.223:8000

# Reference: https://twitter.com/0xToxin/status/1645076370685411333

http://45.88.67.75

# Reference: https://twitter.com/jstrosch/status/1645461105039253505

54.224.107.126:8080

# Reference: https://twitter.com/sicehice/status/1645494638285922322

http://3.129.51.198
3.129.51.198:443

# Reference: https://twitter.com/sicehice/status/1645500578758369307

23.95.222.225:8989

# Reference: https://twitter.com/suyog41/status/1646145074244321282
# Reference: https://twitter.com/suyog41/status/1646145077016666118
# Reference: https://www.virustotal.com/gui/file/e61ad1ca19a69d4c85b91d8b7b69cf08413fd78fd7df1c878a10a4c5b4497b9e/detection
# Reference: https://www.virustotal.com/gui/file/063edf9cb113941eb73b3db4a34ac0c9f82a756ded9b0dc974dc9a85b466c169/detection

http://146.190.207.64
http://167.71.11.62
146.190.207.64:8080
167.71.11.62:8080

# Reference: https://blogs.jpcert.or.jp/ja/2023/04/parallax-rat.html (Japanese)
# Reference: https://www.virustotal.com/gui/file/1973d7b2bf9877208fc751868aadd2810fbd72693f7fe090c926505714284cec/detection

http://171.22.30.220
http://179.43.154.184

# Reference: https://www.fortinet.com/blog/threat-research/malware-disguised-as-document-ukraine-energoatom-delivers-havoc-demon-backdoor
# Reference: https://otx.alienvault.com/pulse/6438008e68e96dc4eb0c9506

ukrtatnafta.org

# Reference: https://twitter.com/malwrhunterteam/status/1646609191568658458
# Reference: https://www.virustotal.com/gui/file/6fdfb56033dd92edfde1461cab42042d38ce43b8f2cb75872e7435e62ed744ca/detection

http://37.220.87.53

# Reference: https://www.virustotal.com/gui/file/26db654aae8f2a5e149ad19d76f6e6762613b211261dd47267c90f3476f3d5c4/detection

fvia.app

# Reference: https://twitter.com/malwrhunterteam/status/1648632414053310469
# Reference: https://www.virustotal.com/gui/file/3bc92870934e54ac014d8e8b4b33db27b4cbc4bd3d6a0f4ce659c36b110a138b/detection

207.246.123.37:8000
207.246.123.37:8880

# Reference: https://www.virustotal.com/gui/file/af9977c76770b364ea633569bee7e8da713028fadfee1b6dd7a96884e110bfe8/detection

hardcore-mountain-97323.pktriot.net

# Reference: https://twitter.com/malwrhunterteam/status/1649049054540886020
# Reference: https://www.virustotal.com/gui/file/b88eb7ca0239f6d67531d33459415b8d1d0fa6db72293b5b6cf722a366ae660c/detection
# Reference: https://www.virustotal.com/gui/file/e67048add2dcbb9758bd5443b546786a9153ad39e5e467743b43fb5035747f60/detection

uk-leninsky.ru

# Reference: https://twitter.com/k3yp0d/status/1649047745813164032
# Reference: https://www.virustotal.com/gui/file/67fec790c36ca34844e6a0ba9c49e1ab1f150905ff412cd9ece72608997a15d3/detection

platform-intranet.com

# Reference: https://twitter.com/sicehice/status/1649226590507638784

173.208.220.134:8080

# Reference: https://twitter.com/sicehice/status/1649228136448507911

31.220.76.24:9000

# Reference: https://twitter.com/0xperator/status/1650252120736579587

179.43.141.100:444

# Reference: https://twitter.com/sicehice/status/1650306036434100227

136.244.84.50:8022

# Reference: https://twitter.com/sicehice/status/1650287853606248448

42.2.155.80:8080

# Reference: https://twitter.com/ULTRAFRAUD/status/1650604698141859853

jiayi-luxury.com

# Reference: https://twitter.com/sicehice/status/1650692593175470080

42.194.164.247:1234
42.194.164.247:8000

# Reference: https://twitter.com/sicehice/status/1650684759314518017

http://152.228.175.85

# Reference: https://twitter.com/sicehice/status/1650682009923072001

http://185.193.125.34

# Reference: https://twitter.com/sicehice/status/1650678836399316994

198.58.102.19:9030

# Reference: https://www.virustotal.com/gui/file/9e9cdb82750b93e9e14fbb09e25cd9ee84d74b8383362cba8f66c3cfed99b9ec

bibutik.com.tr

# Reference: https://www.virustotal.com/gui/file/7f482c7d24e7191746061169e8bb9d329026638be072bf4526a2509b34ccf32c/detection

http://45.82.69.203

# Reference: https://twitter.com/MichalKoczwara/status/1650887693402882050

167.172.44.218:8090

# Reference: https://www.virustotal.com/gui/file/0a8616d62d28ed7d8ef580784dee2fc816f8d5200e339e69f925078b288a6d7b/detection

http://45.82.71.119
45.82.71.119:443

# Reference: https://www.virustotal.com/gui/file/2d9f0179595ba0a74803c5d3446a1d63c0769f2356632ee55ba2095b6fbfcd1b/detection

http://45.67.228.48

# Reference: https://twitter.com/doc_guard/status/1651554422974021632

http://149.102.255.183

# Reference: https://twitter.com/malwrhunterteam/status/1653055096295399425

http://46.175.149.13

# Reference: https://twitter.com/malwrhunterteam/status/1654021997762949120
# Reference: https://www.virustotal.com/gui/file/e6f07bf2d3a44eefe22b64ecb5513a6cad5039df5fe055afff6a5c5098750265/detection

corporacionhardsoft.com/x/file.html

# Reference: https://www.virustotal.com/gui/file/b6ba28cd7e6152eca49b060e78ae19121f9b3d4cb9c87743843a076d73f191a1/detection

http://109.206.240.64

# Reference: https://twitter.com/malwrhunterteam/status/1656221999411101696

http://185.225.69.226
/Zhongguos8/bnghjrtytyyu6666.png
/bnghjrtytyyu6666.png
/Zhongguos8/

# Reference: https://twitter.com/sicehice/status/1656865587874725893

43.226.26.60:8000

# Reference: https://twitter.com/WhichbufferArda/status/1657110430806953999

http://51.79.241.228
51.79.241.228:8008

# Reference: https://twitter.com/ULTRAFRAUD/status/1657404232809496577

http://198.13.56.131

# Reference: https://twitter.com/r3dbU7z/status/1657789649329299460
# Reference: https://www.virustotal.com/gui/ip-address/5.135.199.12/detection

npmrepos.com

# Reference: https://threatfox.abuse.ch/ioc/1087357/

http://138.197.96.208
/BVvzsHfP/Uni.bat
/BVvzsHfP/

# Reference: https://www.virustotal.com/gui/file/63ddb34c0196ad0597464fcc39667e2410bbfcd51ffb5d52e69081bb342531ca/detection

http://107.189.11.87
http://149.102.225.1
pel63.bio
/bShxYysy/

# Reference: https://twitter.com/suyog41/status/1660893657623347200
# Reference: https://www.virustotal.com/gui/file/459d3d75db323b230afc26b1f5bf2ea40591eeb7bb3d4927f87f302b71108e24/detection
# Reference: https://www.virustotal.com/gui/file/42f3651063202a8fd42021a1ffc27bd1b9709779ec10654368ea34d8f047d08b/detection

3.67.12.158:4444

# Reference: https://twitter.com/1ZRR4H/status/1662273718251401217

http://139.99.155.76

# Reference: https://www.virustotal.com/gui/file/05ed683ee4ff09df5c1d3b9a504465630c26a33621feaa546eb12c79bd6d719c/detection

http://159.65.42.223

# Reference: https://twitter.com/malwrhunterteam/status/1662035432748507136
# Reference: https://www.virustotal.com/gui/ip-address/172.93.179.29/relations
# Reference: https://www.virustotal.com/gui/file/1e12506f7967910d6edad3eb0488edbcdc2566067ad6c2697c5d36b2becb62f3/detection

jaic-vc.co.in
crypto.jaic-vc.co.in

# Reference: https://twitter.com/d1savow3d/status/1658184832118059008

http://143.198.179.233
http://157.230.81.104

# Reference: https://twitter.com/d1savow3d/status/1656389039543517186

http://143.198.167.100
http://147.182.215.193
http://198.211.103.229

# Reference: https://twitter.com/d1savow3d/status/1656022810496573455

http://137.184.136.226
http://204.48.20.36

# Reference: https://twitter.com/d1savow3d/status/1598741744304017409

http://45.32.88.76

# Reference: https://twitter.com/d1savow3d/status/1583537021334659072

http://146.190.213.228

# Reference: https://twitter.com/d1savow3d/status/1582840515061436416

http://142.93.113.157

# Reference: https://twitter.com/d1savow3d/status/1582425215602110464

http://165.22.5.227

# Reference: https://twitter.com/d1savow3d/status/1582500814832050176

http://137.184.152.116

# Reference: https://twitter.com/d1savow3d/status/1582102016087953408

http://165.22.180.224

# Reference: https://twitter.com/d1savow3d/status/1579929145689395201

http://137.184.77.141

# Reference: https://twitter.com/d1savow3d/status/1578479921030389766

http://67.205.172.95

# Reference: https://twitter.com/0xToxin/status/1661766093566771201
# Reference: https://gist.github.com/kirk-sayre-work/2fff45b0e07b37a59dcf4cff423440be

http://159.203.143.66
vincentnicotra.com

# Reference: https://twitter.com/malwrhunterteam/status/1669663265171947525
# Reference: https://www.virustotal.com/gui/file/2627c86fd8f42d1d6fee45550e3fc9c6e0d4cd02a2d16d599d333b4cc25b3e3b/detection

rsvydaaqhgw.workers.dev
twilight-silence-6b2f.rsvydaaqhgw.workers.dev

# Reference: https://www.virustotal.com/gui/file/c149b95c4ff79668ca124cb218bf2f2b5fc8bf90372848370450ca94644d876d/detection

http://103.131.56.71

# Reference: https://www.virustotal.com/gui/file/c148a834aae7a530a727075b67a54ecb477224b2caffa6416ae622c2485be063/detection

103.149.46.177:22
htaturnerforlifeboyyy.duckdns.org

# Reference: https://twitter.com/malwrhunterteam/status/1679891135068614671
# Reference: https://www.virustotal.com/gui/file/dfdb1fb94f77d5c84b1f5095dcb23999f5b105ac9c83bff13a02159b8ba77151/detection

185.209.31.133:8889

# Reference: https://www.virustotal.com/gui/file/05d926f3a1c691ee095a7b8fab6487ae1c7d6266a81d8c2ff9b441883055fa20/detection

http://194.147.84.197

# Reference: https://www.virustotal.com/gui/file/24da2c24a97e13c3fd164b441d6a7116bffb56b691b9165ae53583db5bd70c6e/detection

http://217.195.203.216
cpufan.club
d.cpufan.club

# Reference: https://www.trellix.com/en-us/about/newsroom/stories/research/beyond-file-search-a-novel-method.html

http://172.245.244.118
balkancelikdovme.com
bridgefieldapartmentsapp.ie
cargopattern.shop
chemaxes.com
designwebexpress.com
dhqid3b4b9u6ecv6jcxva0f.webdav.drivehq.com
dhqid45r064utd5gygt2jy6.webdav.drivehq.com
dhqid5neul4wc9w74pynlrs.webdav.drivehq.com
dhqid9pjapv63d8xvji8g4s.webdav.drivehq.com
dhqidctjo3ugevk9u5sev1r.webdav.drivehq.com
dhqidee98lja03f52atdmii.webdav.drivehq.com
dhqidfvyxawy0du9akl2ium.webdav.drivehq.com
dhqidgnmst61lc8gboy0qu4.webdav.drivehq.com
dhqidhhva53s2qvmxwxtkrm.webdav.drivehq.com
dhqidhx2c2f2oc8lccg38tx.webdav.drivehq.com
dhqidk9oi3yuhf43sb05xgn.webdav.drivehq.com
dhqidlnsxx2qigisdvn7x2f.webdav.drivehq.com
dhqidlu10mna2tuk2qfoaew.webdav.drivehq.com
dhqido7gy8hiehwprjhli16.webdav.drivehq.com
dhqidoakoljbb9jnbssiau2.webdav.drivehq.com
dhqidqot3k8sh7ve2ns9nry.webdav.drivehq.com
dhqidvdosqx8tu0vq1h1d1g.webdav.drivehq.com
dhqidvjn6bfvi00cb0834a3.webdav.drivehq.com
dhqidvooruijtwg0lyucl5s.webdav.drivehq.com
dhqidwhws4rkw80f312lkpm.webdav.drivehq.com
efghij.za.com
fashionstylist.za.com
internetshortcuts.link
landtours.rs
lfomessi.za.com
pdf-readonline.website
reasypay.sa.com
seductivewomen.co.uk

# Reference: https://www.virustotal.com/gui/file/685d08cf7ea497dfc2d06d7ef5e1adecb2e8716c318426941fe7af6af34e9030/detection

ntihk.net

# Reference: https://www.virustotal.com/gui/file/2750db58bd94b97aa33fb563461c528c54eb3f08f3315b0648291842576e6857/detection

http://192.3.243.146

# Reference: https://www.virustotal.com/gui/file/05f3c3043ce59ea4711d0a090e69382370be2a8ad4f2526260c57eafe305e1fc/detection

http://192.3.243.148

# Reference: https://www.virustotal.com/gui/file/7836e87fff64da8f169c2253b9fa7bbc0ce8b52b3fb398a56ee1df7dea262818/detection
# Reference: https://www.virustotal.com/gui/file/2311d9faffb1402345d8998e421e39807ae349677a61008e0452c232951eeca0/detection

http://192.3.243.150
serverftp.online

# Reference: https://www.virustotal.com/gui/file/2a80e7804960d16a1b89bd8e46ba60cc697a396926edba4d3ca0ea0653b90fdd/detection

http://192.3.243.151

# Reference: https://www.virustotal.com/gui/file/8c4bc6ed9991809c5bd70ebd6b31ac467b7a994e023f4442a1330f97d8b7181b/detection

http://192.3.243.152
http://31.42.186.198

# Reference: https://www.virustotal.com/gui/file/17cc77dc779d4556755a6ca45a26565eb7c3efbeff7d973b9aeb9d167ebfe27f/detection

http://107.175.202.15

# Reference: https://twitter.com/sicehice/status/1675999361585786880

20.94.82.221:8000

# Reference: https://twitter.com/sicehice/status/1675282674108317696

45.77.124.153:8081

# Reference: https://twitter.com/sicehice/status/1668834356444446722

http://174.49.101.134

# Reference: https://twitter.com/sicehice/status/1658975084973903873

http://3.112.222.230

# Reference: https://twitter.com/sicehice/status/1658227388117839874

http://95.179.206.132

# Reference: https://twitter.com/sicehice/status/1658223115564982273

http://144.126.159.195

# Reference: https://www.virustotal.com/gui/file/487f11c0edc0c2e9450bc3c9b55394d697465c02a2c27baeddd9809f7e1775b4/detection

facturacionmx.click

# Reference: https://www.virustotal.com/gui/file/152c6aa91bc274a0662811c5671f952e44f4f0c72378f667d91a9b4c93a5e4c8/detection

http://91.212.166.12

# Reference: https://twitter.com/c_APT_ure/status/1687562895914041344
# Reference: https://www.virustotal.com/gui/file/1bf287baf71f2a0872005e73399685df6b3a2b27cb2f27511deb4bdf566fbe67/detection

hiqsolution.com/line.exe
thanhancompany.com/ta/line.hta

# Reference: https://www.virustotal.com/gui/file/5cfffe09ec2b4ba2dc5dd6367ad383f95906be1982b0fe3aee1f4d9263b17485/detection

namesilo.my.id

# Reference: https://cert-agid.gov.it/wp-content/uploads/2023/08/agenttesla_07-08-2023.json

http://80.76.51.248

# Reference: https://twitter.com/StopMalvertisin/status/1689649264421691392
# Reference: https://threatfox.abuse.ch/ioc/1149430/
# Reference: https://www.virustotal.com/gui/file/00a7657105d9f67c04078a68eff41d222930564b4e48ce5afd18c5540ea54646/detection
# Reference: https://www.virustotal.com/gui/file/027dd65b1a4a9f4df605cc18d9e5a9fdbbfea4decb81d012a97ee4734cbc67b8/detection

http://38.165.12.236
38.55.185.75:6000
juechen.ddo.jp

# Reference: https://www.virustotal.com/gui/file/2566790bc205591858b7158178dc89f117629b9f3fe382dd1d678a0f2e598c1c/detection

http://23.94.239.89

# Reference: https://twitter.com/sicehice/status/1689849369464279040

68.233.113.39:8000
68.233.113.39:8001

# Reference: https://www.virustotal.com/gui/file/3bdcf101c47a72ac3adee9c56bf0165db266cf23d7699219e64a6a8f22c21451/detection

vuagame.store

# Reference: https://www.virustotal.com/gui/file/75c73628f84e13167d9dda78c47e8a7b49545dd278ec9a721d4b08e2a0253fdb/detection

clear.merseine.com

# Reference: https://www.virustotal.com/gui/file/0031733395abd0d1501148b1ff45fd2c831869a6150aee65ba70f01f08029459/detection

http://195.123.226.82

# Reference: https://twitter.com/fr0s7_/status/1691781672511909893
# Reference: https://www.virustotal.com/gui/file/db16d611b7536210a3198e49da828a2092147bf7dee70a66b52e39cd87322389/detection

microsoftdnsserver.xyz

# Reference: https://www.virustotal.com/gui/file/e8114ee5b7d3ccaa7bd6dfaeeea775c3628ea88b96cd496136f7f11bcc4a400e/detection

abkedjypdnbntud.website
fhuapy.abkedjypdnbntud.website

# Reference: https://twitter.com/doc_guard/status/1692569242153955688
# Reference: https://www.virustotal.com/gui/file/476fc61aa532b9bf4cd2742d187c88c09ab72b46b456a732c358df004c8e0e68/detection

18.231.172.130:14666

# Reference: https://twitter.com/1ZRR4H/status/1692651633854079229
# Reference: https://www.virustotal.com/gui/file/d3a293b206d36b03a3cdd24daf32559717577b2bb1daee36182083ba52f5650b/detection

sdocsus.top

# Reference: https://twitter.com/r3dbU7z/status/1692907294478987559
# Reference: https://www.virustotal.com/gui/file/18ae27a2832341b12e039b37a48cd1d59d1b2529b02c7713e292bf88942ca93a/detection

http://185.106.93.147

# Reference: https://twitter.com/Gi7w0rm/status/1693432581583184029
# Reference: https://tria.ge/230821-bb4qysaa78/behavioral2
# Reference: https://tria.ge/230821-bcdwxsaa79/behavioral1
# Reference: https://www.virustotal.com/gui/file/b1c0cde97930bbfd18ca72f10db85ab335e87a72b685f59ded5f34f3476397ce/detection

45.159.249.119:443

# Reference: https://twitter.com/Gi7w0rm/status/1693604866185117912

139.99.32.95:8000

# Reference: https://blogs.jpcert.or.jp/ja/2023/08/maldocinpdf.html
# Reference: https://otx.alienvault.com/pulse/64ee05533831ae24210ee53d
# Reference: https://www.virustotal.com/gui/ip-address/179.60.147.105/relations
# Reference: https://www.virustotal.com/gui/ip-address/179.60.147.117/relations
# Reference: https://www.virustotal.com/gui/file/ef59d7038cfd565fd65bae12588810d5361df938244ebad33b71882dcf683058/detection
# Reference: https://www.virustotal.com/gui/file/098796e1b82c199ad226bff056b6310262b132f6d06930d3c254c57bdf548187/detection
# Reference: https://www.virustotal.com/gui/file/5b677d297fb862c2d223973697479ee53a91d03073b14556f421b3d74f136b9d/detection

cloudmetricsapp.com
web365metrics.com

# Reference: https://twitter.com/doc_guard/status/1693950989064093968
# Reference: https://app.docguard.io/16c72e6b9b5c0dbe5bc34b97aad5159e642bce43071ce7c81472ff3f8346be40/results/dashboard
# Reference: https://www.virustotal.com/gui/file/16c72e6b9b5c0dbe5bc34b97aad5159e642bce43071ce7c81472ff3f8346be40/detection

paynet.group
support-microsoft.paynet.group
vendor-compliance.paynet.group
work-from-home-survey.paynet.group

# Reference: https://twitter.com/milannshrestga/status/1694571988227117442
# Reference: https://tria.ge/230824-ge513sbh5y/behavioral1

businessai.cfd
businessai.click

# Reference: https://unit42.paloaltonetworks.com/threat-brief-citrix-cve-2023-3519/
# Reference: https://otx.alienvault.com/pulse/64c80a42487c59686ed640a3
# Reference: https://www.virustotal.com/gui/file/293fe23849cffb460e8d28691c640a5292fd4649b0f94a019b45cc586be83fd9/detection

http://216.41.162.172
http://216.51.171.17

# Reference: https://www.virustotal.com/gui/file/e3602d0eb7149004ae6cf4befec8c6d61ac391189122744fff4a1de2cdad4aa3/detection

http://85.208.139.229

# Reference: https://www.virustotal.com/gui/file/37df15fbc780ef089ffffb6be8a98dfd8f3cb189b1e2a21d3bb223b81332d49e/detection
# Reference: https://www.virustotal.com/gui/file/9b67faeed1ff38ac5a56953393a435fcab6361d63c7d8a506f79b9bf73fb8b39/detection

136.144.41.183:7003
dswa.1337.cx
kjjjk.3dxtras.com

# Reference: https://www.virustotal.com/gui/file/003ee41e4d27f0bf81525803dd60574b1f549bb1c3bf0cf5e0562509db9615aa/detection

contador5xm.hopto.org

# Reference: https://twitter.com/ThreatBookLabs/status/1695424354341814283

speeed.zapto.org

# Reference: https://www.virustotal.com/gui/file/c6259991c47586a6faa18f9c6a27da350f21d71f5f302e7225ee1b20592f2c26/detection
# Reference: https://www.virustotal.com/gui/file/5b59f275972284a4055169924527cb8819644a070a7332d9063c03ce9184863d/detection

thisinhthanhlichh.io.vn

# Reference: https://www.virustotal.com/gui/file/59f96d0f56ac5457e684aae0fd3479969e68878f3ad222661e484931a65877ed/detection

http://153.127.35.128

# Reference: https://www.virustotal.com/gui/file/2d5751825043ca6cd2d3faf768a23dba6496e3cf304a6dde3fe380c17911377b/detection

aselectricalpvt.com/wp-content/themes/porto/css/Porto-Font/sserv.jpg
belfort24.com/wp-content/themes/Newspaper/images/demo/sserv.jpg

# Reference: https://twitter.com/fr0s7_/status/1696633267552751992
# Reference: https://www.virustotal.com/gui/file/443f05d26f6c05ad62a45b0fc5fe620e006702cff3b28606fcfc08fffd762a40/detection

185.244.51.134:6600
instructsia.zip

# Reference: https://twitter.com/Dkavalanche/status/1697244028331581684

empersamx01.lifehealthcares.com
refsat100236.lifehealthcares.com

# Reference: https://twitter.com/souiten/status/1697552282613948615
# Reference: https://www.virustotal.com/gui/file/5e914133503e60491b445e5a06f3fa8144463340a3c9dc6d875bbfdcd6ff7f55/detection

http://54.71.250.16

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/commit/e9038b523a2787127643bec36e30377c44d92927

/work/Elpuxpkilck
/Elpuxpkilck

# Reference: https://twitter.com/0x6rss/status/1699023755668828231
# Reference: https://twitter.com/noexceptcpp/status/1699116561120817630

change-infos.com
fr-address.com
post-infos.com
mailgo24.sbs
newall-getrenew.digital
pr24note.info
wholeadress-renew.digital

# Reference: https://twitter.com/malwrhunterteam/status/1699115395989271035
# Reference: https://www.virustotal.com/gui/file/02190852aa191c4ff6d22136cabf24d3b396c6a776187fcde523d38b9a33e13b/detection

52.147.196.140:9000

# Reference: https://twitter.com/malwrhunterteam/status/1699125348510699957
# Reference: https://www.virustotal.com/gui/file/8cdfa4962c2acf5912d41f3f748b066966d273b4c898e1e3a5b78fba3eb20a84/detection

ckvjn0w2vtc0000jnq7ggj73ktyyyyyyb.oast.fun

# Reference: https://twitter.com/malwrhunterteam/status/1699310236534727142
# Reference: https://www.virustotal.com/gui/ip-address/144.91.112.240/relations
# Reference: https://www.virustotal.com/gui/ip-address/185.192.96.184/relations
# Reference: https://www.virustotal.com/gui/file/b08c9c6416ab236fa3ca56b53994cea8fdb8a4123601b75f368e6ed2b67a705a/detection
# Reference: https://www.virustotal.com/gui/file/c4a78c5bab3902724a58731290ed549ae675793084f2f06bcf18fa10e8d38590/detection
# Reference: https://www.virustotal.com/gui/file/e3a8160483749aeab36cc52e221a65cde7aa1e1c58e7085226b962b8a736f3c9/detection
# Reference: https://www.virustotal.com/gui/file/ee6fc963e2c18daede818638bcfdf5f4f09b1ddee17d156f4e9785f1562865a7/detection

avkeyfinder.shop
avkeyfinder.store
downloadalpha.store
invoicedownload.info
payorderreceipt.info
revmail.one
scandocument.online
tautvydastijunaitis.com
zzlsteel.cc
/invoicep/scandavn2281728191
/scandavn2281728191

# Reference: https://www.virustotal.com/gui/file/41a652807b0e7c4b8c726fe70850c57b0897da1c96a105dcdb48a76566f434b9/detection

clk-info.ru

# Reference: https://www.virustotal.com/gui/file/0190e867668e9be091e3d52261b62ef9b65059565ec17168813f82e7693af2fd/detection

prkl-ads.ru

# Reference: https://www.virustotal.com/gui/file/108989044c7cd9e9740131a0644d3dc639ea0503cd5cd24c4cea6f724cc1e2e0/detection

prkl-ads.site

# Reference: https://www.virustotal.com/gui/file/963915492c0b0cfff08133e7ff349ac12f87bac5cb0b2e409c41ac957b531fdd/detection
# Reference: https://www.virustotal.com/gui/file/a4503f116394ceace2824dc1ee93819f3361b310c2576e03bdb2b8250fc377f9/detection

mookmook.online
zoolzool.online
trust-flare.ru

# Reference: https://twitter.com/1ZRR4H/status/1699930507276882240

2478dotfarm.site
mega378-fon.site
super-mega378.site
super56fall.online
top789market.online
top789market.site
trill-gone123.site
true-storm89.online

# Reference: https://twitter.com/doc_guard/status/1700182765717618802
# Reference: https://www.virustotal.com/gui/file/8f6ef41f653c7f01a5105f48277e683727470996d9f53dd245c8aa3a102bb6a3/detection

cn3.site

# Reference: https://www.virustotal.com/gui/file/01280c214895175d13b04a2c0437bf73c859a6a48199b91618d1a0adb886b6c5/detection

185.154.14.5:30000

# Reference: https://urlhaus.abuse.ch/browse/tag/exe/

185.209.230.21:8080
192.236.199.167:4256

# Reference: https://twitter.com/malwrhunterteam/status/1700105820644462736
# Reference: https://www.virustotal.com/gui/file/e11f0b388f00b177ee036de39d352b503408d9b313307848f1cdd4d9b11c6733/detection

http://104.168.204.165

# Reference: https://www.virustotal.com/gui/file/1788f34dfd88047906a12007c9f7870d23656ba85c186bba00821879c4276b2a/detection

cristinaamaro.com
lintingdaun.com

# Reference: https://www.virustotal.com/gui/file/037ea773b9fb5ebd2db940df9141f566bc4651d9d718440ee52b716cf479af17/detection

invertirenmercados.com

# Reference: https://twitter.com/Jane_0sint/status/1701545803741905182
# Reference: https://www.virustotal.com/gui/file/2941a93ff5c576dd0c1a26065eb7f373c6a8a1899aea54c325afee59b22187be/detection

106.14.149.15:88
47.100.240.250:6900

# Reference: https://www.virustotal.com/gui/file/04dc1b7849b83258ee101df7f1ee50900d18c2a598a59e08bcedbaa5629cd763/detection

http://45.144.136.14
/1337/loader

# Reference: https://www.virustotal.com/gui/file/b9bebbc0c45cbc87124ba497cb7b7f15fbac6e39535869ae006a950ac04ea285/detection

issue.homes

# Reference: https://www.virustotal.com/gui/file/08ccb639d18f192ab8120a9c5e2b9eb1499ab6e948aa25d8f108ed49228366ce/detection

http://193.42.33.63

# Reference: https://www.trendmicro.com/en_us/research/23/i/redline-vidar-first-abuses-ev-certificates.html
# Reference: https://www.virustotal.com/gui/ip-address/193.106.175.107/relations

12301230.co
40031.co
abccba.co
adaytriana.co
almaliam.co
chloemario.co
danielamanuela.co
helenaasier.co
isabelmartin.co
laiamia.co
martaafrica.co
martinpol.co
ola007.co
samuelelena.co
santiagocarlos.co
terms2023.co
uno230.co
updated-2023.co
updated-terms.co
updatedterms2023.co
violetavera.co

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-09-15%20AsyncRAT%20IOCs

49dprq8p.r.eu-west-1.awstrack.me
tax-form-docoments.blogspot.com
labradorinblack.com/.do/
labradorinblack.com/.f/

# Reference: https://threatfox.abuse.ch/browse/tag/UNAM/

http://129.151.135.50
http://145.131.31.175
http://15.188.54.35
http://155.248.230.159
http://172.104.103.158
http://178.124.176.209
http://185.225.75.76
http://34.125.225.70
http://45.143.147.184
http://5.181.80.113
http://51.38.81.65
http://78.85.121.201
https://193.105.135.135
https://45.67.230.182
https://47.87.145.154
https://87.254.9.5
https://95.214.24.45
14.225.8.224:8080
212.64.217.73:4000
5.135.50.76:8080
64.225.66.198:18080

# Reference: https://twitter.com/0x6rss/status/1703520178691084410
# Reference: https://www.virustotal.com/gui/file/1c0e4f0434fd44820a9ae3521c2e2d42008b081835300fefb52830b6542950d2/detection

159.69.11.30:7000
159.69.11.30:8080

# Reference: https://twitter.com/r3dbU7z/status/1703747280208298334

primeworldwide.org/PostOnce/

# Reference: https://www.virustotal.com/gui/file/64411e51808db35eb23325b25eb8559a0b9b035c21984276b62dc99e9ea726c2/detection
# Reference: https://www.virustotal.com/gui/file/96577c22329073d0846f6911b0e72d9bf414b8cdce96a93231a15878fe67b117/detection
# Reference: https://www.virustotal.com/gui/file/12783152a098c1af9f23f0c802f5a4f94c67402224c3003dbe26367695ffd1f1/detection

http://173.44.141.131

# Reference: https://twitter.com/malwrhunterteam/status/1704142716941066346
# Reference: https://www.virustotal.com/gui/file/0fb7f966b968c944157309a1a742a5574b481686dc8b9b3e6655dc71bef84fa3/detection
# Reference: https://www.virustotal.com/gui/file/6ce6307f7b5d6c5760c85f36465fffb2b56c66518dfbf2ab37b2a2cf8b3725f2/detection

akteam.team
5bU6zqih3rLtAT.sce1.user.computer.computer.b.akteam.team
5bu6zqih3rltat.sce1.azure.azure-pc.azure-pc.b.akteam.team
5bu6zqih3rltat.sce1.george.desktop-b0t93d6.desktop-b0t93d6.b.akteam.team

# Reference: https://twitter.com/malwrhunterteam/status/1704231060865778097
# Reference: https://www.virustotal.com/gui/file/97240a5b528433677bee9cc89e4f9fd7896bd77a30b0903b20bd6c9e3b23f694/detection

http://45.154.98.209

# Reference: https://www.virustotal.com/gui/file/b406ace674e14a74ec32869f7a143d53e812ff5713eec7513871dc2ed51cf65e/detection

cornbascet.site
wjriehl.com

# Reference: https://twitter.com/malwrhunterteam/status/1704483766461173984
# Reference: https://www.virustotal.com/gui/file/3af0a90d9a3cd77aa0353ec59bd8129fb799ee72daa6e61555c6228219385d43/detection
# Reference: https://www.virustotal.com/gui/file/64e733d51b0e03957003f0b5e424efd1068f331226880e0c212de2c29b2a38d6/detection
# Reference: https://www.virustotal.com/gui/file/1169c5ba2feae0192d2d8d45ce2fc3456bca1d6633d46b0f219bd62fddcca922/detection

http://89.23.100.222

# Reference: https://twitter.com/0xToxin/status/1698972467555889532
# Reference: https://twitter.com/JAMESWT_MHT/status/1699053975490949208
# Reference: https://twitter.com/JAMESWT_MHT/status/1705109356956574079
# Reference: https://twitter.com/JAMESWT_MHT/status/1705205457483350444
# Reference: https://www.virustotal.com/gui/file/717c6d49e4df554a386191492a5b0096dc3d07000de5ed58d2862872ef3b83cc/detection
# Reference: https://www.virustotal.com/gui/file/4babca7c722f8a15f744e27075ddeb2d541940211bf945031e6cced27f60f4bd/detection
# Reference: https://www.virustotal.com/gui/file/5ca151c69317137a321c909fd075091f575b71f170413aa474228ba5a60fe6cd/detection
# Reference: https://www.virustotal.com/gui/file/8684d345cdc78cc9460541d0924440087e6d47814b1485e0736fcc68077bce12/detection

247info.click
hide04.xyz
reshuld247.click
instance-m73xwc-relay.screenconnect.com
instance-sjnih6-relay.screenconnect.com
instance-v6ojw1-relay.screenconnect.com

# Reference: https://twitter.com/malwrhunterteam/status/1704961734149046441
# Reference: https://www.virustotal.com/gui/file/6dfb5bfb256efe7f2952f8c21f08e6a2bbbba7022e6317b80acc12b6841b1264/detection

kads.kr/plugin/sns/facebook/src/update/

# Reference: https://www.virustotal.com/gui/file/fa406c532ea3d7cae05411df0ed5a541630a07f26a247a22d907f424397c72ce/detection

sahmanapah.sns.am

# Reference: https://twitter.com/ULTRAFRAUD/status/1705209115000070206
# Reference: https://www.virustotal.com/gui/file/60ba10a5bdafa65987f36aa9ba884f686e36788bea22a7f6a7026fa18cbbab1d/detection

46.151.24.25:8000
46.151.24.25:8080

# Reference: https://twitter.com/r3dbU7z/status/1704468416491409784

http://198.74.110.88

# Reference: https://www.fortinet.com/blog/threat-research/new-midgedropper-variant
# Reference: https://otx.alienvault.com/pulse/650815eae6309eba75a1d6a2
# Reference: https://www.virustotal.com/gui/file/4345a92dfbb18d66609ab445df9d4cdd8dfb972d1872c5817c3556371a05301c/detection

http://185.225.68.37

# Reference: https://www.virustotal.com/gui/file/5fe0500266860557912ff1d77ed5e386f4c849bf21891e46dedabad62d78d328/detection

http://2.56.57.147

# Reference: https://www.virustotal.com/gui/file/3b4113baf10a48f03cf288abc2953e183d3990fcaa11e416fedc6815823a139b/detection

hitech.instanthq.com

# Reference: https://www.virustotal.com/gui/file/24826c443e96f3f424198cf9b00bb5649595113307632d69b92e3d8070e6d525/detection

170.178.190.213:25075
maggie-greene.instanthq.com
vmjudf58h.maggie-greene.instanthq.com

# Reference: https://twitter.com/R3dHash/status/1705381311861661828

http://5.252.22.56

# Reference: https://www.virustotal.com/gui/file/22b0640066bf4746059b7e6057520776160a4c0fbb3dbdd5ac39f8ca9b1b860b/detection
# Reference: https://www.virustotal.com/gui/file/372198d2d295710f68d8894514d8c2b9e66655b7ede190a5dd02423bc7d0ab0f/detection

213.152.160.142:5401
23.227.206.142:5401

# Reference: https://www.virustotal.com/gui/file/0e7ac22489f0f0bbaf026cb56b0012ebdf18eb0b176d3655d5a245507e4313aa/detection

http://185.228.72.8

# Reference: https://www.virustotal.com/gui/file/0d3d678e767b06171022cdb1d9997257078f75de7070b7e9fa620eea7629647d/detection

http://79.110.49.55

# Reference: https://www.virustotal.com/gui/file/ce9afd85592a8a55ee6d020b3582644e0e1249571a0443757cc31d7214597a78/detection

http://45.88.66.43
/meemmmeemmee.txt

# Reference: https://twitter.com/0x6rss/status/1706641285329703155
# Reference: https://www.virustotal.com/gui/file/100f8ee11d41f374890b20af724154977405b23983a66b18f9728daf3211c3ae/detection
# Reference: https://www.virustotal.com/gui/file/7829789bb0290ad34295531e1fb55c2bcedf839062fddd1ddaf98852ad5a5419/detection

http://103.38.236.46
103.38.236.46:443
recipemedical.com
cynical-drink.aeza.network

# Reference: https://twitter.com/James_inthe_box/status/1706655766709768273

66.94.97.98:8080

# Reference: https://www.virustotal.com/gui/file/6925b7c34ad3c1bf662370fa0b5e6fdad8e37f28736c27bef74c5835971d2ea7/detection

aflomusic.com
credit-volta.com

# Reference: https://twitter.com/malwrhunterteam/status/1706690313975136529

http://116.203.121.140

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-09-27%20SocGholish_Lumma%20IOCs

xxxmir.info

# Reference: https://twitter.com/r3dbU7z/status/1707677528100368591

http://45.150.67.7

# Reference: https://tria.ge/210926-r8qtcsfac3/behavioral2

shellloader.top

# Reference: https://twitter.com/malwrhunterteam/status/1707679371270721618

one-clickr.icu

# Reference: https://blogs.blackberry.com/en/2023/09/silent-skimmer-online-payment-scraping-campaign-shifts-targets-from-apac-to-nala

http://4.216.137.19
http://52.253.105.171

# Reference: https://twitter.com/doc_guard/status/1709557264250495203
# Reference: https://www.virustotal.com/gui/file/3e090a3f20ab44f4efec21a7896198035f9076a9badc8764e4a0bd2fe68c45f5/detection

http://172.86.76.208

# Reference: https://twitter.com/1ZRR4H/status/1709989527303979476
# Reference: https://www.virustotal.com/gui/file/0f84c0223414a84ccaae529c25147153a7c12b6427bb9e00d2f2219118657baf/detection

egov-cambodia.com
files.egov-cambodia.com

# Reference: https://twitter.com/Merlax_/status/1710072519795896676
# Reference: https://pastebin.com/ZuX2jtsV

http://104.131.7.178
http://104.131.7.183
http://104.131.7.184
http://104.131.7.92
http://104.248.20.148
http://104.248.6.108
http://137.184.146.225
http://137.184.156.181
http://137.184.156.55
http://137.184.30.149
http://137.184.72.202
http://137.184.74.92
http://138.197.102.160
http://138.197.102.98
http://138.197.108.60
http://138.197.110.113
http://138.197.110.87
http://138.197.28.194
http://138.197.28.197
http://138.197.72.36
http://142.93.233.33
http://146.185.219.57
http://147.182.178.123
http://159.223.15.20
http://159.223.15.35
http://161.35.83.173
http://161.35.93.230
http://164.90.194.79
http://164.90.195.222
http://164.90.197.37
http://164.90.197.7
http://164.90.203.10
http://165.22.214.82
http://167.172.18.102
http://167.71.82.135
http://167.99.78.77
http://178.128.85.57
http://178.62.206.18
http://178.62.209.228
http://178.62.213.189
http://178.62.213.222
http://178.62.213.232
http://180.149.37.12
http://180.149.37.15
http://180.149.37.6
http://180.149.37.62
http://180.149.37.66
http://180.149.37.67
http://185.244.210.144
http://209.97.146.124
http://209.97.146.198
http://209.97.146.210
http://209.97.146.226
http://209.97.146.248
http://45.135.229.117
http://45.80.209.26
http://5.181.27.14
http://5.181.27.211
http://5.181.27.215
http://5.181.27.226
http://5.181.27.23
http://5.181.27.233
http://5.181.27.31
http://5.181.77.145
http://5.181.77.155
http://5.181.77.168
http://5.181.77.197
http://5.181.77.199
http://5.181.77.211
http://5.181.77.213
http://5.181.77.214
http://5.181.77.218
http://5.181.77.226
http://5.181.77.227
http://5.181.77.234
http://5.181.77.242
http://5.181.77.245
http://5.181.77.246
http://5.181.77.77
http://5.188.168.245
http://5.188.228.121
http://5.188.34.92
http://5.8.33.49
http://5.8.33.90
http://5.8.41.242
http://5.8.95.118
http://51.15.8.116
http://51.15.8.34
http://64.225.4.86
http://67.222.10.0
http://67.222.10.1
http://89.44.194.141
http://91.236.169.229
http://92.223.30.44
http://92.38.135.141
http://92.38.149.30
http://95.85.72.245
best-national-movers.com
crs.10fw.net
demarcusjtong.icu
dmvcashoffer.org
goldraw188.com
harshsrivastava.online
hktoyexpo.com
kebaikanminyakbidara.com
lifeming.com
min20-finance.com
min20oonline.com
pecahteros.shop
protectiveworlswide.com
pyzikypin.justdied.com
ridesharerevenue.com
southernwealthadvisors.com
sugahicus.com
sugahicuw.com
thehandmadebusinesses.com
thelushdollar.com
thewaystowealthy.com
tigrinhoapp.online
vacantlandreport.com
viablelandreport.com
vividfr.com
weightlossdietcapsule.com

# Reference: https://twitter.com/SecureSh3ll/status/1710788954239193376
# Reference: https://www.virustotal.com/gui/file/fd03ea32f520aa57ee6b4e29eedf1c897857f9368933c2bb3367d2016dc27454/detection
# Reference: https://www.virustotal.com/gui/file/557e3ef6693e6ba4d93908f4fbd5eadee59ffce431f74c57b38718df75efc670/detection

http://154.82.85.42
154.82.85.42:1572
154.82.85.42:8080
fack58.com

# Reference: https://twitter.com/1ZRR4H/status/1711686844490936568 (# CVE-2023-3519, Citrix VPN, Netscaler VPN)
# Reference: https://twitter.com/ValidinLLC/status/1712535238998376611
# Reference: https://www.virustotal.com/gui/ip-address/85.209.11.134/relations
# Reference: https://securityintelligence.com/x-force/x-force-uncovers-global-netscaler-gateway-credential-harvesting-campaign/

cdnjs.live
cloud-js.cloud
cloudjs.live
cloudjs.us
js-cloud.us
jscdn.biz
jscdn.us
jscloud.biz
jscloud.ink
jscloud.live
jscript.live
jscript.us
jscriptcdn.biz
jscriptcdn.live
jscriptcdn.us
jscriptcloud.biz

# Reference: https://twitter.com/whichbuffer/status/1712200899869790319

138.68.162.162:8081

# Reference: https://twitter.com/naumovax/status/1712449056352444730
# Reference: https://www.virustotal.com/gui/file/ec175a771f670fe5c9f7a1756efa74a693254eaaa7a6c5d46fbd9dddbb34e34c/behavior
# Reference: https://www.virustotal.com/gui/file/be46b47e582414db4fe41ca45f4ad180b46ebb101e682a87808b32f2762f7cde/behavior
# Reference: https://www.virustotal.com/gui/file/ce5d3ec4169ff72ee9f164880f8c916ec93c8e409812b464744b91803eceec2c/behavior

http://118.190.154.23
http://121.36.219.126
117.89.178.176:6666
118.190.154.23:8088
119.3.126.15:800
120.24.48.197:8009
120.24.48.197:8047
120.27.22.83:5001
120.27.22.83:5002
120.27.22.83:5005
120.78.149.238:12368
121.36.203.84:800
121.36.219.126:8088
123.60.48.78:800
143.92.35.64:39990
202.124.250.84:8205
202.124.250.84:8219
202.124.250.84:8223
202.124.250.84:8229
202.124.250.84:8241
202.124.250.91:8000
202.124.250.91:8095
203.135.100.66:8024
203.135.100.66:8710
203.135.100.66:8712
43.241.17.49:3031
43.241.17.49:8080
43.248.184.246:8212
8.134.23.213:8500
abc.dahhh.cn
/api/ocrMozilla/5.0
/api/getcontenttitlevariableseparatornumberletterHanzistrco
/api/postcomplete/api/getcontenttitlevariableseparatornumberletterHanzistrco

# Reference: https://threatfox.abuse.ch/browse/malware/vbs.vbrevshell/
# Reference: https://threatfox.abuse.ch/browse/tag/Vshell/

1.12.221.190:4000
1.13.158.52:8082
101.200.161.116:8082
101.200.90.115:8082
101.201.57.139:8082
101.201.79.83:8082
101.35.219.93:8082
101.37.165.37:8082
101.43.129.115:8082
103.12.148.35:8088
103.252.119.151:8082
103.42.179.226:8082
103.42.179.227:8082
103.42.179.228:8082
103.42.179.229:8082
103.42.179.230:8082
103.57.228.100:8082
103.57.228.101:8082
103.57.228.102:8082
103.57.228.98:8082
103.57.228.99:8082
104.208.85.234:8082
106.14.196.216:8082
106.54.209.187:8082
107.148.160.198:8082
107.148.160.198:8087
107.148.160.198:8089
107.151.241.155:8082
107.175.221.48:8082
107.175.28.248:8082
110.40.156.244:8082
110.42.229.51:8082
110.42.64.204:8082
111.231.4.143:8082
112.126.68.27:8080
112.213.108.222:8088
114.115.220.199:8082
114.116.119.253:8082
117.18.7.49:8082
117.50.172.191:58888
117.50.177.128:8080
118.193.40.20:8082
118.195.226.22:8082
118.195.245.162:8082
118.99.32.174:8082
119.45.128.170:8082
119.45.171.202:8082
119.91.219.240:8082
119.91.89.203:8082
120.26.241.209:8082
120.27.223.80:8082
120.46.165.195:8082
120.53.86.130:8082
121.196.202.174:8082
121.229.36.89:8082
122.51.97.82:8082
123.249.100.157:8082
123.249.106.68:8082
123.57.74.206:8082
124.221.145.245:8082
124.222.111.174:8082
124.222.129.148:6001
124.70.202.212:8082
124.71.38.170:8082
128.14.75.45:8082
128.14.75.45:8087
128.14.75.45:8089
134.122.132.51:8082
134.122.132.52:8082
137.175.51.175:8082
139.198.115.86:8082
139.199.181.87:8082
139.224.17.133:8082
139.224.194.38:8082
139.224.216.109:8082
14.22.116.218:8082
142.171.173.188:8082
149.127.236.196:8082
154.201.75.13:8082
154.37.152.26:8082
154.8.204.75:8082
154.91.202.147:8082
155.94.163.251:8082
156.251.172.46:8082
16.171.112.33:18082
162.14.110.131:8082
164.155.206.126:8082
165.22.60.62:8082
171.115.221.205:8082
172.245.92.205:8084
172.247.35.240:8082
172.247.35.240:8087
172.247.35.240:8089
173.82.79.5:8082
175.178.147.242:8082
182.92.127.39:8082
182.92.77.74:8082
193.112.108.217:8082
193.42.32.71:8082
198.44.165.190:8082
198.52.97.143:8082
198.74.117.83:8082
207.148.101.73:8082
216.240.134.17:8082
216.83.44.138:8089
216.83.44.139:8089
216.83.44.140:8089
23.224.121.65:8082
23.224.132.179:8082
23.224.197.71:8082
23.251.32.24:8082
23.251.32.24:8089
27.124.47.147:8088
3.135.65.39:8082
37.44.244.226:8082
38.54.107.228:8082
38.55.144.26:8089
38.6.163.121:8082
38.6.172.245:8082
39.107.239.30:8082
42.193.108.137:8080
43.139.235.58:8082
43.143.225.146:8082
43.156.54.179:8082
43.228.91.222:8082
43.243.73.167:8088
43.254.216.226:8082
45.76.221.240:8082
45.77.176.118:8082
45.77.250.196:8082
45.8.159.17:8082
45.83.151.234:8082
47.103.80.231:8082
47.104.15.215:8082
47.104.241.90:8082
47.104.246.195:8082
47.104.73.41:8090
47.92.199.199:8082
47.93.101.161:8082
47.94.168.41:8082
47.95.156.195:8082
49.232.222.60:8082
61.174.60.155:8082
61.54.27.211:8082
64.176.182.6:8082
8.134.166.14:8082
8.142.104.78:8082
8.217.10.81:8082
8.217.5.132:8082
81.69.191.238:8082
81.71.162.183:8082
82.156.18.214:8082
83.229.67.75:8082
84.32.41.23:8082
96.43.86.12:8082
hfsax.com
hkwzxx.com
sdpwjcj.com
yrsdq.com

# Reference: https://twitter.com/r3dbU7z/status/1713604087520825699
# Reference: https://www.virustotal.com/gui/file/5ba80acd8c4fd67d42aec5c665d3934b7ecffca1b216e910279a1719f40dcdc1/detection

91.207.183.9:8000

# Reference: https://twitter.com/Gi7w0rm/status/1713853872660205585

http://167.99.214.15

# Reference: https://twitter.com/Gi7w0rm/status/1713702882594201975
# Reference: https://twitter.com/sloppy_bear/status/1713903156306870346

http://45.63.7.212
cvpaper.in

# Reference: https://twitter.com/Gi7w0rm/status/1713923723718238600

http://85.214.156.226

# Reference: https://twitter.com/malwrhunterteam/status/1714230086956732842
# Reference: https://www.virustotal.com/gui/file/1dc3418db90285df1aed8b120ad83874a7de713d8def7c30ac3d0c30f635163b/detection

http://89.23.96.63

# Reference: https://www.virustotal.com/gui/file/2827bbea71a2c90a1b3ef41239292c4803b78bd3bc18b7ef810d31bd9952d39c/detection

http://185.254.37.80

# Reference: https://twitter.com/g0njxa/status/1713646692699087328

http://95.181.173.155

# Reference: https://twitter.com/malwrhunterteam/status/1714261624192635237
# Reference: https://www.virustotal.com/gui/file/b9a4327c5d5e4b868ece53e9108cd34adae37992d17a272d56cddc1c343ce401/detection

anyvpns.com
cdn.anyvpns.com

# Reference: https://www.malwarebytes.com/blog/threat-intelligence/2023/10/the-forgotten-malvertising-campaign
# Reference: https://www.virustotal.com/gui/file/782dbaee36f386468646a765972bbcf2c625d690d922500ba63068fd9ed30934/detection

104.21.55.78:52054
104.234.147.61:52054
172.67.170.192:52054
85.208.107.200:52054
89.23.107.32:52054
jquerywins.com
karelisweb.com
mojenyc.com
mybigeye.icu
notepadxtreme.com
switcodes.com
/?JPBDu=wnAwy
/LXGZlAJgmvCaQfer/
/LXGZlAJgmvCaQfer/rWABCTDEqFVGdHIQ.html
/gYebt/?Buhmz=
/index.php?JPBDu=wnAwy
/rWABCTDEqFVGdHIQ.html

# Reference: https://cert-agid.gov.it/wp-content/uploads/2023/10/screenconnect_ultravnc_19-10-2023.json
# Reference: https://twitter.com/JAMESWT_MHT/status/1715187694135922878
# Reference: https://www.virustotal.com/gui/file/2b3006b181e2b12f611638000e355e0fda59c62930c3188739d029892188de34/detection

cryptoapex-invests.com
instance-a3g6br-relay.screenconnect.com
instance-ln8lsc-relay.screenconnect.com
server-nix5f911b27-relay.screenconnect.com

# Reference: https://www.virustotal.com/gui/domain/dr22.biz/relations

dr22.biz

# Reference: https://threatfox.abuse.ch/ioc/1191395/

47.115.230.18:8098

# Reference: https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2023-10-18-IOCs-from-IcedID-forked-variant-with-VNC-and-Cobalt-Strike.txt

instance-jc1vlj-relay.screenconnect.com

# Reference: https://twitter.com/1ZRR4H/status/1716290332885745949

http://163.123.143.17
http://81.19.140.150
163.123.143.17:445

# Reference: https://twitter.com/karol_paciorek/status/1716395306202358156
# Reference: https://twitter.com/g0njxa/status/1716401754068123784

http://139.59.113.146
b0ru70.github.io
research.plu.ac.th

# Reference: https://twitter.com/malwrhunterteam/status/1716517330602033659
# Reference: https://www.virustotal.com/gui/file/a42303a1baa0b48a95f6eaf6cfba9cef523492d078692cb2a1ab4889337624a6/detection

3pmapps.fun
gnupg.3pmapps.fun

# Reference: https://www.virustotal.com/gui/domain/ctl.sk/relations
# Reference: https://www.virustotal.com/gui/domain/jt-banka.eu/relations
# Reference: https://www.virustotal.com/gui/file/c81f61e669603b59e0b224cf0eb0f86a4d23b9cf050ca484ae87e22b64709a72/detection
# Reference: https://www.virustotal.com/gui/file/b9b0b9284f7db13fa27b7665dcab0482e2a439792e4ead52a4404820c1e5f698/detection

ctl.sk
jt.ctl.sk
mailin1.ctl.sk
mailin2.ctl.sk
jt-banka.eu
365sso.jt-banka.eu
sso365.jt-banka.eu

# Reference: https://twitter.com/Gi7w0rm/status/1716901758348521850

ogenki.com.my
/xsxlzx-shell/

# Reference: https://twitter.com/malwrhunterteam/status/1716907663181902131
# Reference: https://www.virustotal.com/gui/file/77d976b89ab6f65be7fc67673d4016735aafa3abbd33f2f958410d9d4d8d78f5/detection

genbtoomny.click

# Reference: https://twitter.com/r3dbU7z/status/1717062792589586859
# Reference: https://www.virustotal.com/gui/file/b4eb821c7e48bef8495bd3dd4ae9eb71cd2e64ffe098d8773d6efa57a2ebb3bc/detection

http://13.39.110.1

# Reference: https://www.virustotal.com/gui/file/5c34a701dfc8fed23b216a34bdb455e10bc965f29d21f85ece97ca7c74383bd6/detection

mega-z-upload.com
selenundlock.com

# Reference: https://twitter.com/karol_paciorek/status/1717460110627189013

http://47.88.79.56

# Reference: https://twitter.com/doc_guard/status/1717578836777308315
# Reference: https://www.virustotal.com/gui/file/4fabc888fa31352edf90330a5f8d3b75ea510b625c36ff45dee8287beb292c56/detection
# Reference: https://www.virustotal.com/gui/file/4274844d4e8d4337d45f75cf440a97d9c12b15be8ff61ef5cfea7545ce04b69c/detection
# Reference: https://www.virustotal.com/gui/file/40b79fcb5cfc3272ee8a59e223cc310b4d73aac238d3840acd283f801eda3e3a/detection

globaltimedns.top

# Reference: https://twitter.com/r3dbU7z/status/1717681468799844760

bankfcyprus.com

# Reference: https://twitter.com/fr0s7_/status/1717809713205985380

securepdfdocus.biz

# Reference: https://www.virustotal.com/gui/file/ebe0790a4e73314adbf63b910d4435c5a09cd028a606e417cf6f386d7cb7a05b/detection
# Reference: https://www.virustotal.com/gui/file/4cf218aec726274630dba16d9384544c72edc34d4288a1e3b0d786d829524413/detection
# Reference: https://www.virustotal.com/gui/file/ddfdd3542222a4d768bd72424b727474244a6e4b13f81befb9422866c7fdb2f0/detection
# Reference: https://www.virustotal.com/gui/file/c6dc04197194a659ca7906a08ab043307dbaee90ac1d4527529dcc92a2992e59/detection
# Reference: https://www.virustotal.com/gui/file/ad447395730eb6890cc386ba809b77d2a76e33d1b82ebaee1d05f2ee7b441de0/detection
# Reference: https://www.virustotal.com/gui/file/792ac74aff41ec6525b01bdd3a38c0dd7305de1ad94951a79731346fc88c21d1/detection
# Reference: https://www.virustotal.com/gui/file/5178b61c4db461b51537b9de98f59fe18a1b6baf0108e1478ac279a2db708088/detection

103.99.62.15:65422
206.238.199.51:65422
2hao2.oss-cn-hongkong.aliyuncs.com
adll.oss-cn-hongkong.aliyuncs.com
aexe.oss-cn-hongkong.aliyuncs.com
aomeikj.oss-cn-hongkong.aliyuncs.com
conkaikaizjderoujima.oss-cn-hongkong.aliyuncs.com
zhenlong363.oss-cn-hongkong.aliyuncs.com
jbpossa.oss-cn-hongkong.aliyuncs.com
thesonoftheforest.oss-cn-hongkong.aliyuncs.com

# Reference: https://cybersecuritynews.com/confluence-zero-day-vulnerability/ (# CVE-2023-22515, DarkShadow, Oro0lxy)
# Reference: https://otx.alienvault.com/pulse/652832b6f960f3f7421e6da9

http://104.128.89.92
http://192.69.90.31
http://199.193.127.231
http://23.105.208.154
104.128.89.92:443
192.69.90.31:443
199.193.127.231:443
23.105.208.154:443

# Reference: https://blog.talosintelligence.com/active-exploitation-of-cisco-ios-xe-software/ (# CVE-2021-1435)
# Reference: https://otx.alienvault.com/pulse/652d723d05fd9cabcde27e54

http://154.53.56.231
http://154.53.63.93
http://5.149.249.74
154.53.56.231:443
154.53.63.93:443
5.149.249.74:443

# Reference: https://twitter.com/leak_ix/status/1719074800314859691
# Reference: https://www.shodan.io/host/38.60.199.10

http://38.60.199.10
38.60.199.10:22
38.60.199.10:443

# Reference: https://threatfox.abuse.ch/ioc/1196777/

116.204.110.99:8082

# Reference: https://threatfox.abuse.ch/browse/malware/win.empire_downloader/

http://164.92.246.33
http://18.221.226.193
http://20.102.61.215
http://23.96.53.135
http://45.32.81.149
http://45.77.79.14
13.52.36.101:8081

# Reference: https://www.virustotal.com/gui/ip-address/188.225.60.5/detection
# Reference: https://www.virustotal.com/gui/file/8888b13dca93c8fb63a8564900ec1c3e03bc10236c5049ec1d703235f50c0349/detection

sarcoma.space
spacatty.fun

# Reference: https://twitter.com/abuse_ch/status/1718890685166755920
# Reference: https://urlhaus.abuse.ch/url/2726600/

botfusion1-8f4913f37609.herokuapp.com

# Reference: https://twitter.com/Merlax_/status/1719112693473292571

http://186.64.113.61

# Reference: https://twitter.com/malwrhunterteam/status/1719104612714574309
# Reference: https://www.virustotal.com/gui/file/c2d3fc535e56c109478a742ec44c635c18845dc2e8fd27f13d1fa155588849f6/detection

taxfile.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/00162181a1c8cedc5f394638ae6d0814abc47608e36b06707b36424fb8f211d7/detection

appsmob.info
coinmaster.pw
coinmaster.gamescheatspot.com
/coinmasterhack

# Reference: https://www.virustotal.com/gui/ip-address/4.201.49.4/relations
# Reference: https://www.virustotal.com/gui/file/294c2571ae4d691c92f5946d47dbf78033947f4c2983a8e51564dcc94d0e649c/detection

assistance-aide.fr
assistance-service-clients.com
ca-assistance-clients.com
ca-assistance-clients.fr
ca-support-assistance.fr
google-assistance.fr
go-file.fr
support-assistance-clients-ca.fr

# Reference: https://twitter.com/doc_guard/status/1720030244516643274
# Reference: https://www.virustotal.com/gui/file/aee00173af3d3e8630696a72bd942522543734c26b37afeffbee6d2057285a9a/detection

http://85.195.105.97

# Reference: https://threatfox.abuse.ch/ioc/1198248/

82.157.154.37:8082

# Reference: https://threatfox.abuse.ch/ioc/1201259/

134.122.132.23:8082

# Reference: https://twitter.com/k3yp0d/status/1720471855432151417
# Reference: https://www.virustotal.com/gui/ip-address/146.70.145.168/relations
# Reference: https://www.virustotal.com/gui/file/24e10e8f98c36aa9fcfa63efa3cc45bfb53586bf82cd3a183c4a4edfeb942087/detection

http://146.70.145.168
fsb-uvedomlenie.ru
animalclub.net/dogs/puppy.png
animalclub.net/dogs/qz1
/000000000_OOOOOOOO_ooooooo_ooOOOOOOO_OOOOO/OOOOOOOOO_OOOOOOO_OOO.doc
/000000000_OOOOOOOO_ooooooo_ooOOOOOOO_OOOOO/
/OOOOOOOOO_OOOOOOO_OOO.doc

# Reference: https://twitter.com/g0njxa/status/1721444417586778207

http://138.68.134.18

# Reference: https://www.virustotal.com/gui/file/00043c767c113a4886f01c5c251ca8eb61653f8f4e8e98bca1a51b42f3f33e03/detection

mydrugdir.com
pimlm.com

# Reference: https://twitter.com/g0njxa/status/1722325422283567388

http://51.38.115.103
http://63.141.252.148
http://77.105.147.44
http://88.99.105.167

# Reference: https://www.sysaid.com/blog/service-desk/on-premise-software-security-vulnerability-notification

http://45.155.37.105
http://45.182.189.100
http://81.19.138.52

# Reference: https://twitter.com/malwrhunterteam/status/1723017726120149327

http://5.206.224.58

# Reference: https://www.virustotal.com/gui/domain/psp2111.ddns.net/relations
# Reference: https://www.virustotal.com/gui/file/3b6674fa7a6e0ec4cf1f397ea5daeaa23bbb7e24b51fe0be268aa1fd50568f5c/detection

psp2111.ddns.net

# Reference: https://www.virustotal.com/gui/domain/japanjoe1821.ddns.net/relations
# Reference: https://www.virustotal.com/gui/file/ac2ab2f22599a4c27c60001e274da3f29d487890a30a2761985a2f3f8c093246/detection

japanjoe1821.ddns.net

# Reference: https://twitter.com/doc_guard/status/1724397172366451198
# Reference: https://app.docguard.io/32587eb5fc64ea95bedeff63529ae09316832fe43ca9961e877f03b8428db250/results/dashboard
# Reference: https://www.virustotal.com/gui/file/5eee291b4252b66880c0e2dc3bb62bd3e6f1813320b839016f07ab2374a640f2/detection
# Reference: https://www.virustotal.com/gui/file/4202789483158024de2ce0a94a904d61c916923212237263d4d3d478a8d8fb5b/detection

http://172.245.33.131

# Reference: https://twitter.com/1ZRR4H/status/1725196037441110128
# Reference: https://twitter.com/malwrhunterteam/status/1724720871980368311
# Reference: https://www.virustotal.com/gui/file/02c7f90308e5fbe779514ef05ea002fcce91158c98c94cbc179417aa4c955d23/detection
# Reference: https://www.virustotal.com/gui/file/30457374df7ceb536593f72f6d3a31e1d8f81dfb5c76a9dfaaca34e8ce7ba528/detection

transportsd.shop
booshome.transportsd.shop
goosemx.z29.web.core.windows.net

# Reference: https://twitter.com/suyog41/status/1725500179829436655
# Reference: https://www.virustotal.com/gui/ip-address/52.221.191.170/relations
# Reference: https://www.virustotal.com/gui/file/dd2b2215977ca4822769a16487e4c22b331ac1fb09791cbde6ee98ae72408137/detection

bnbn.online
bnbnmdownl.tech
cbcbupdownload.tech
cvcv.online
cvcv.tech
datadown1.shop
dfdf.website
downloadfum.shop
downloadmar.online
loadfiledown.shop
logendownlaod.shop
markumin.shop
myclean.fun
myhappy.online
nbmndonwload.tech
nbnb.online
nldloggin.tech
nldnldlog.shop
nmnm.online
nmnmdown.tech
nsupersend.online
rtrtdown.online
samsungcoard.tech
utut.online
vbvbdownload.tech
vnvnupload.website
ytytdown.shop
yuyudownload.tech
zxzx.website

# Reference: https://www.virustotal.com/gui/file/728d3320582daca13297abb67e78b60e4cd6b3eb8c72d1d36f689750699bb681/detection

23.105.235.71:5555

# Reference: https://www.virustotal.com/gui/file/9581c8d4ecafe6c7a734ceb200d6da784b38e93535205501e090c9777f348498/detection
# Reference: https://www.virustotal.com/gui/file/89a0d72a57460815c7164f762d542bc52660d0ca500339c5e90523bd4e602d45/detection
# Reference: https://www.virustotal.com/gui/file/59f0780eff6333ae8b2e148781d94f152c2bd4b902bfde1f4bd9eae4de6e83a1/detection

46.86.250.102:8080
proxy.stephan.nrw

# Reference: https://www.virustotal.com/gui/file/06eb020c0b1dae3ca39f2e49f13a60ab19064eb4896ec759901f02d7ee4036cb/detection

bc1q22hp7n28whk5h94z93vm05hfx2zxs8.com
bc1qrju227jw2hs5zjm7ftn3xshgpdgpa2.com

# Reference: https://www.virustotal.com/gui/file/24d30f7df893a5491229b8526b488b7bdad0ad8494fa9e13bdfa2919cd131f1b/detection

khoadang50.repl.co
macro.khoadang50.repl.co

# Reference: https://www.virustotal.com/gui/file/49ab3c9dfe03ed9f93c19a4b2f48499bcf4304a0ee05864aab014dce04710790/detection

file.khoadang50.repl.co

# Reference: https://twitter.com/doc_guard/status/1727673206482301100
# Reference: https://www.virustotal.com/gui/file/8e55ab6c789595529e4e837536931e09c7d759f9df0e8905b1a67edb000b6981/detection

craftupdate.online
wild.craftupdate.online
/asdf/leiji1920kjfk
/leiji1920kjfk

# Reference: https://www.virustotal.com/gui/file/b29804b761d4eda0a6c7dfc9e4387431c82600cf462041096f7fec3c904151ac/detection

jkghfdt.xyz
mnojdk.xyz
nafsdwas.click

# Reference: https://twitter.com/1ZRR4H/status/1729196411843985530

http://109.107.190.43
http://217.197.107.49
109.107.190.43:445

# Reference: https://twitter.com/v0lundr_/status/1729409817578455234

http://46.246.12.11

# Reference: https://www.virustotal.com/gui/file/c3d2685e8a8925b3383cfea7800e3ae8fe45157e3b08b274575304be54bc8b90/detection
# Reference: https://www.virustotal.com/gui/file/fdb3c7545207d570fe7788b00d444975c7e28f5648b83db0a9908cc6dff65b08/detection

afbnrrxrjg.ru
abqmvo6wyp09h8n.afbnrrxrjg.ru
mxjac2qoiu7fyhd.afbnrrxrjg.ru

# Reference: https://www.virustotal.com/gui/file/1393f8e456d67f08932d134bb37ddd0e5a5011c7b92cec8456570f879d836939/detection

http://185.81.157.149

# Reference: https://twitter.com/nahamike01/status/1729811255282520446

wiireshark.org

# Reference: https://twitter.com/idclickthat/status/1730628513206526007

athelp.cc
cashapphelp3.us
cashapphelp5.us
cbhelp.live
cscare.us
fbhelp.live
gkhelp.info
help360.us
liveform.us
mhdesk.us
qscare.cc
qscare.info
qscare.live
qscare.online
qscare.us
qshelp.cc
qshelp.info
qshelp.live
qshelp.online
qshelp.us
sphelp.info

# Reference: https://twitter.com/doc_guard/status/1731649902818595202
# Reference: https://www.virustotal.com/gui/file/1354ec56e9bead8a7821e30f3b15578ca803359e9d19746bda9a23b62e1f471e/detection

http://172.245.208.126

# Reference: https://twitter.com/1ZRR4H/status/1731709473977160117

94.198.53.143:8000

# Reference: https://twitter.com/banthisguy9349/status/1731752367572263001

139.59.72.48:8000

# Reference: https://twitter.com/alex_lanstein/status/1732485636601319519
# Reference: https://www.virustotal.com/gui/file/88f64c6021b469a40d3d5bf6ab0f563313caafe5e5ba79854cc31f880636c152/detection

http://163.5.64.41

# Reference: https://twitter.com/malware_traffic/status/1732437588059832338

gamonosa.sa.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1732037072385630621
# Reference: https://twitter.com/br0pi/status/1732059287210316266
# Reference: https://cert.pl/en/posts/2023/05/powerdash-malspam/
# Reference: https://www.virustotal.com/gui/file/569130785d0fa06a39b269a5640e0e016f6393342a91608b5f0bdf8465a74d9f/detection

http://5.63.152.179
http://89.104.67.191
89.104.67.191:8000
/dash/post_data/
/dash/post_png/
/dash/post_txt/
/dash/post_zip/
/dash/bots/delete/
/dash/bots/update/

# Reference: https://twitter.com/alex_lanstein/status/1732514545011163268
# Reference: https://www.virustotal.com/gui/file/c5e0e26dd2e8b743188343871bc2cab02c966da49d25efddcaa8fdb8b876886b/detection

drecterion.com/wp-content/Miche.png

# Reference: https://twitter.com/JustWantToQ1/status/1732266534192496990
# Reference: https://www.virustotal.com/gui/file/f0b28f23eb9f436990412e43ad71d8216a2af7bbac1239103fb93ab0b67334b0/detection
# Reference: https://www.virustotal.com/gui/file/e60e796cb218a125e34ab82d1c851a4642d4f0a8582bf441522caa90da0cc9af/detection
# Reference: https://www.virustotal.com/gui/file/af2bd7b81008d0d7e0baae36f94a53a18c5e2c55016211784008d18b3f3e939b/detection

185.174.101.131:8081
hipop.info

# Reference: https://thedfirreport.com/2023/12/04/sql-brute-force-leads-to-bluesky-ransomware/
# Reference: https://otx.alienvault.com/pulse/65707ab6e66cbcb43bd4f250
# Reference: https://www.virustotal.com/gui/ip-address/83.97.20.81/relations

s7610rir.pw
somepools555.pw
swhw71un.pw
asd.s7610rir.pw
asq.d6shiiwz.pw
asq.r77vh0.pw
asq.swhw71un.pw
us1.somepools555.pw

# Reference: https://www.virustotal.com/gui/file/0c3affef7b7928a44cf5050ed0d38724bf182993db63f786eb926007bd135323/detection

dyjbb.dnset.com

# Reference: https://twitter.com/banthisguy9349/status/1734301694719050200

128.1.76.179:5566
128.1.76.180:443

# Reference: https://twitter.com/gothburz/status/1734526642251304973 (# CVE-2023-46604)

http://139.180.185.248
http://188.166.177.88

# Reference: https://twitter.com/0x3A44/status/1734640511628017904

http://46.246.80.13
46.246.80.13:443

# Reference: https://app.any.run/tasks/5fb71446-d9ef-4c31-ab32-b93c465a32cc/

dfhduh.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1735249295090106569
# Reference: https://www.virustotal.com/gui/file/3cdcea51cd516b777c10e81f58f05cab9f00b787a35402e11df49c05f692976c/detection

ref-media.net

# Reference: https://twitter.com/suyog41/status/1735584361255469349
# Reference: https://www.virustotal.com/gui/file/fcb97ac234876b962adf6f741aa9e7f25ca82ae0c7b7be2500c73f3b8b7cdbcf/detection

pfizer-careers.net

# Reference: https://twitter.com/JustWantToQ1/status/1735870555373355048

64.150.190.149:64

# Reference: https://www.virustotal.com/gui/file/e5147145099559ce6f573dec81b396061885afda8de998b765eee806d767bfd2/detection

542199235l.com

# Reference: https://www.virustotal.com/gui/file/8d20f09faf9f69e2064a949e9574a68aa6777746734de900d9369f28656fd1f9/detection

http://46.246.12.14

# Reference: https://twitter.com/doc_guard/status/1734938547881193574
# Reference: https://www.virustotal.com/gui/file/0f6832b333e43176dd26b84a4db536d345850162b86e88b8ede8a204836a1dae/detection

theannoyingsite.com
youareanidiot.cc
ve43.aadika.xyz

# Reference: https://twitter.com/doc_guard/status/1737494486295486473
# Reference: https://app.docguard.io/4bfc29dff0955937190a085c6114d5019555558ed4a79b4fcb75a18ed28a3252/results/dashboard
# Reference: https://www.virustotal.com/gui/file/4bfc29dff0955937190a085c6114d5019555558ed4a79b4fcb75a18ed28a3252/detection

micrgen.ru

# Reference: https://www.virustotal.com/gui/ip-address/37.143.129.182/relations
# Reference: https://www.virustotal.com/gui/file/b3b41a17736281bcdfaae96acb657e32811456430ecbf06730706d2c9e96b0e6/detection

idf.pics
idfinfo.pw
idfleaks.info

# Reference: https://twitter.com/banthisguy9349/status/1738120871850483887

http://195.35.25.136

# Reference: https://twitter.com/malwrhunterteam/status/1738178664477438094
# Reference: https://www.virustotal.com/gui/file/d4ccc58d8e30048a387153642dfa2ee78500b0e9dab6130370bf9576d3e6d1c6/detection

pdf-online.top
usaid.pm

# Reference: https://twitter.com/malwrhunterteam/status/1738254214353064420
# Reference: https://twitter.com/malwrhunterteam/status/1740146804073906343
# Reference: https://cert.gov.ua/article/6276988 (# UAC-0184)
# Reference: https://www.virustotal.com/gui/ip-address/46.249.58.40/relations
# Reference: https://www.virustotal.com/gui/file/bd871a2ccd6d7c4f89f9f5087e60cfdcc7ab35b670cfda7ddfd6dbbab8c8560c/detection
# Reference: https://www.virustotal.com/gui/file/ef6edacf6ee1e0dd2e53046a91ba84d10a8adda6918ca7aac6e96ead432efbbc/detection

46.249.49.148:3232
funedunet.com
new-tech-savvy.com

# Reference: https://twitter.com/malwrhunterteam/status/1745175988114247680

http://163.5.169.28

# Reference: https://twitter.com/malwrhunterteam/status/1739358047808454978
# Reference: https://www.virustotal.com/gui/file/487c77fe374d38a45f0c0b16deb3f0f113104e396eed88543a81dd2023720a9f/detection

winrar-lab.github.io

# Reference: https://twitter.com/Cuser07/status/1739476155491832275
# Reference: https://www.virustotal.com/gui/file/5c61ab46e64c8de31e03dd9c8f79f18bd86ecf57d980e36f0e877003d1def063/detection

minehidden.ru
microsoft-word-ru.github.io

# Reference: https://twitter.com/banthisguy9349/status/1738128525331251392

http://104.248.54.93
http://138.197.150.104
http://143.198.172.172
http://146.190.158.3
http://147.182.133.75
http://159.203.3.76
http://159.203.48.121
http://188.166.187.50
http://64.227.79.134
64.227.79.134:443

# Reference: https://www.virustotal.com/gui/file/9a4147fcc9d6561e1548496ef1759ad73d93e1743e93d3c57490333eb9681915/detection

sun876954.space

# Reference: https://twitter.com/banthisguy9349/status/1740356886615167260

http://91.92.253.192
91.92.253.192:443

# Reference: https://twitter.com/noexceptcpp/status/1740347631816122829

212.60.5.131:4433

# Reference: https://twitter.com/Cuser07/status/1741037664768512343
# Reference: https://twitter.com/threatinsight/status/1749494654293405942
# Reference: https://www.virustotal.com/gui/file/f9a6a9f0507c5eb6c8c53a33f8f294d1381ed250cfbce6e8bda45ee295ca260b/detection

http://64.52.80.221
64.52.80.221:445
/fCzQvTAP/ewrtnyu75473
/fCzQvTAP/
/ewrtnyu75473

# Reference: https://twitter.com/ClearskySec/status/1741482152280129889
# Reference: https://www.virustotal.com/gui/file/d84c39579e61c406380f37da7c2a6758ed9a4c9a0e7697c073e2ddbb563360cd/detection
# Reference: https://www.virustotal.com/gui/file/1b598c7c35f00d2c940dfd3745bd9e5d036df781d391b8f3603a2969c666761b/detection
# Reference: https://www.virustotal.com/gui/file/0429bdc6a302b4288aea1b1e2f2a7545731c50d647672fa65b012b2a2caa386e/detection

http://124.168.91.178
http://194.126.178.8
124.168.91.178:445
159.196.128.120:54763
159.196.128.120:55555
194.126.178.8:54763

# Reference: https://twitter.com/banthisguy9349/status/1742123105827344654
# Reference: https://www.virustotal.com/gui/file/23e4e812b985eb7f0dfe4440a281d290681d48292b564e95389472a44067f382/detection
# Reference: https://www.virustotal.com/gui/file/57bb1a9274ec2f2f65508b3eefd222b46f9c600c3352d80488d7f903937a409b/detection
# Reference: https://www.virustotal.com/gui/file/4c58578a87a0f032ac2fb2889565de0d40c9c358d4e48dbdbe8ce74f8ccb62b7/detection

91.92.240.152:1338
91.92.240.152:1339

# Reference: https://twitter.com/malwrhunterteam/status/1742200432217215049
# Reference: https://www.virustotal.com/gui/file/afe3cb9b582273ff47916f1c2cdc111b8bc58bd54e6d28f6a31fef4f663e3abc/detection

officesmicrosoft.com
mc.officesmicrosoft.com

# Reference: https://www.zscaler.com/blogs/security-research/threat-actors-exploit-cve-2017-11882-deliver-agent-tesla
# Reference: https://otx.alienvault.com/pulse/659590aec2e01294d509fc1e

http://193.42.33.51

# Reference: https://www.virustotal.com/gui/file/000044e47ee47ce1f18fea0a33e17da583cb25e174cc24e2fbdbf29c1c82ea92/detection

evacdir.com

# Reference: https://www.virustotal.com/gui/ip-address/164.90.149.198/relations

bkhnmeficinnhii.top
cibgbgfjcmlbmcd.top
cnbhhabgjabmfab.top
dfmnkgnidkadgcd.top
dififcihkccceik.top
edggnhnjdnmfljm.top
fdkidechlddhdbf.top
fnfihgcmjdiimii.top
gfecmamfejggbhm.top
hlbibfkimfelcja.top
iaidkcggfkhkabh.top
ijjbfhkjmicnhcj.top
jamnfbaffgdclbn.top
jjndidahgmibnic.top
leeegfhihnjflcl.top
mcmlkgijhdghcjg.top
mgmmcbdgaflejie.top
nbcmadlhbhmiibn.top
nnjeegbjibkjkjh.top

# Reference: https://www.virustotal.com/gui/ip-address/162.33.177.125/relations

bikhgghnjndnlmj.top
cnngkbijcmaclie.top
lfbmjjcanenfllj.top
mleknedjhckhlhe.top
nchjcmfebbhkldn.top
setorempresarial.online

# Reference: https://twitter.com/malwrhunterteam/status/1745199276056027435
# Reference: https://www.virustotal.com/gui/ip-address/141.8.193.27/relations
# Reference: https://www.virustotal.com/gui/file/4ac32148284e1b9710bca20bc8fae1ba8f831dda7921bf12b73041a715555a6f/detection

api-gate.xyz

# Reference: https://twitter.com/sicehice/status/1747030318924677353

http://85.31.205.231

# Reference: https://www.virustotal.com/gui/file/104db086fa0e7c362f6ea00f9c93852bf2476dedc8ee3bda074cdb237411e658/detection

boggaym1.hopto.org
jhonny1.hopto.org

# Reference: https://www.virustotal.com/gui/file/a1bd8fdc639b7e0f2b1343e0f0e7807d404aab4adcae6972752d189adebdc030/detection
# Reference: https://www.virustotal.com/gui/file/45a40d542def7819241bf68e0b6ba3374834446266393bd5d254a602e95ea681/detection

bbstudent2.com

# Reference: https://twitter.com/doc_guard/status/1747612590950240626
# Reference: https://www.virustotal.com/gui/file/b4492ba093f845b6fb37941af65635c5cf5095d415cca54cfeaa7231fa8d0c82/detection
# Reference: https://www.virustotal.com/gui/file/e570c9cbef39307361396ca601d5726d5cceadfbf9a39133654bf03b6eaf2156/detection

http://192.227.173.43
192.227.173.43:445

# Reference: https://twitter.com/alex_lanstein/status/1748359390736879820
# Reference: https://www.virustotal.com/gui/file/502d1efa5ff5403a5eed1caf375adc0fb4b038a3a0b3571e35270ff7a0cc3538/detection

pandoraleaks.org

# Reference: https://www.virustotal.com/gui/file/7ee503bade7073d8da987399701924596242b1e41e35f55884190a4fc4e00b9d/detection

khelrangfssa.org

# Reference: https://www.virustotal.com/gui/file/9605968addccaa2323334d501b99ab88cd0b879bc8a2b4c5dc1d27c4d27d5e53/detection

http://191.233.27.50

# Rference: https://twitter.com/malwrhunterteam/status/1748790038555451806

halalhotels.net/wp-content/uploads/

# Reference: https://twitter.com/malwrhunterteam/status/1750263043701776696
# Reference: https://twitter.com/doc_guard/status/1750511099328299392
# Reference: https://www.virustotal.com/gui/file/245fa95180f396ac41e757b3292edba9a6d2cd352ef3a9e3b946d32961fe5459/detection

http://37.120.222.148
entertainment-in-tenerife.com/wp-content/uploads/

# Reference: https://twitter.com/suyog41/status/1749692921237078090
# Reference: https://www.virustotal.com/gui/file/0bb98b450b35148c02826bf353afaaea82c8cbdbca5a1e76b8cd3704b8657b0f/detection

http://45.153.241.239

# Reference: https://twitter.com/ShanHolo/status/1750135335952990523
# Reference: https://www.virustotal.com/gui/file/3c00c886b8be39b8711f76cc7225c6941be5fd3336d0ffc939959e8c3b755bbc/detection

101.99.94.234:47001
101.99.94.234:5985
101.99.94.234:7070
101.99.94.234:8000
101.99.94.234:8090
148.163.93.51:47001
148.163.93.51:5985
148.163.93.51:8080
148.163.93.51:9090
172.86.96.111:47001
172.86.96.111:5985
172.86.96.111:7070
172.86.96.111:8080
172.86.96.111:8081

# Reference: https://www.virustotal.com/gui/file/9d88ecdd4dce40bea6c22e721b10b2e9e49650679734ca411f6232ea4097e83d/detection

http://51.79.244.21

# Reference: https://twitter.com/malwrhunterteam/status/1749905406703366614
# Reference: https://www.virustotal.com/gui/file/b79fc5448d47587c2d038f8a06e52d59b053aa5aab03a6aa884c3a113e31caf9/detection

frank-weekly-frog.ngrok-free.app

# Reference: https://twitter.com/1ZRR4H/status/1750261119216710029

http://148.163.93.51
148.163.93.51:445

# Reference: https://www.virustotal.com/gui/file/05df7a0c57ddb53db47daa1e23462221b9dcadf8ed43341a6722b16f4e5b9216/detection

http://181.41.200.209

# Reference: https://twitter.com/banthisguy9349/status/1749331670187040802
# Reference: https://www.virustotal.com/gui/file/4971112623eb9259a641b60f6416c1701ba02f08ed1c590948f5e487744bcf03/detection

http://185.81.157.123
http://185.81.157.150
http://185.81.157.160
http://185.81.157.24
185.81.157.123:999

# Reference: https://twitter.com/1ZRR4H/status/1751310603916882357
# Reference: https://www.virustotal.com/gui/ip-address/91.92.251.163/relations
# Reference: https://www.virustotal.com/gui/file/d576202174867dbed41a0dde9841b8deb1c4c3cb54bc3f3cb1311d97e0f1fd58/detection
# Reference: https://www.virustotal.com/gui/file/2986cab6e805bdeeedf6b815ee439417e2c861c33ef67c77b4c1ad57ad9d6169/detection
# Reference: https://www.virustotal.com/gui/file/ac702ccbd80c7f46d05ed6ecbbac34a930c0c1befe4dfc9e74bdcd7c7b4c09a4/detection
# Reference: https://www.virustotal.com/gui/file/861c39ed6c9c822297b546d05fc0c5ea6011a29fc8ed9afd8c2a34b07aa043b9/detection
# Reference: https://www.virustotal.com/gui/file/504be1f8bf80df47b6cbe74f1837864da5ec119e4ea91eae268e3652a626a4a9/detection

http://91.92.251.163
91.92.251.163:445
galaxe-team.info
protecionbbva.info

# Reference: https://twitter.com/malwrhunterteam/status/1750876407834501411
# Reference: https://www.virustotal.com/gui/file/1ff893e6dccc586fb6b2ef5ea58f0d9137b646e61b17c9aaf1eef4f1703831cc/detection
# Reference: https://www.virustotal.com/gui/file/052c9175ede58455ea20be0df7a0095a3a6645e2c3acf5b67411e7b18df69689/detection

5desconcertais.sa.com

# Reference: https://twitter.com/nahamike01/status/1751481757365629263

http://72.167.151.88
72.167.151.88:443
thebaut-avocats.store

# Reference: https://www.virustotal.com/gui/file/cdd069f6a4cebf0020343e7788b6bb9d6e0a276513c822d8db9edac428812167/detection
# Reference: https://www.virustotal.com/gui/file/84de49fc64eef65cba50df918817cd41328ac07bae39fd041a39d2f6d5d685ac/detection

http://147.50.253.30
/JEERADET/
/JEERADET/updater/getserverinfo.xml
/JEERADET/updater/wzupd.xml
/JEERADET/updater/
/updater/wzupd.xml

# Reference: https://twitter.com/cyber_ra1/status/1752035174408458561
# Reference: https://www.virustotal.com/gui/file/ea17ccf4bf55f23b8a93f8e17e470be440211f463d5b7e01958843c8c160f765/detection
# Reference: https://www.virustotal.com/gui/file/a0ed5dd1fe038a22bf5953c4d12ece80d09d0f58a991503dca3ce659455b8d4d/detection
# Reference: https://www.virustotal.com/gui/file/295aef7c1199c1f1ed7d487694e977ec858c5819140ed09808e175fcc49472f0/detection

http://139.144.212.135

# Reference: https://twitter.com/banthisguy9349/status/1752339128648122859

http://194.48.250.74
http://45.141.202.254
45.141.202.254:443

# Reference: https://twitter.com/doc_guard/status/1752343177896317394
# Reference: https://www.virustotal.com/gui/file/346d471bd9f585ac6a4a6b6e11a12004edffdccf92680d701935a7e653fb2b0d/detection
# Reference: https://www.virustotal.com/gui/file/f8cbeec0ed28a8828e727c4059fe0d3bf3b34abb3978cdaf112bc36eec83983e/detection

http://185.222.163.245

# Reference: https://blog.cluster25.duskrise.com/2024/01/30/russian-apt-opposition
# Reference: https://www.virustotal.com/gui/ip-address/158.160.129.176/relations

nasa.network
news4you.top
zdg.re
mta-sts.news4you.top

# Reference: https://twitter.com/banthisguy9349/status/1752424117511331865
# Reference: https://www.virustotal.com/gui/file/2027eb5ee4bc199f4a3a70331470db268f5d57474e469d4d4ad3986d5e51399e/detection

http://159.253.214.149
http://161.97.132.85
http://162.19.24.166
http://183.90.230.5
http://184.168.106.46
http://185.176.58.32
http://216.69.162.32
http://45.82.120.47
http://51.79.99.120
http://51.91.45.248
http://91.241.48.106
128.199.66.118:4001
128.199.66.118:88
159.253.214.149:8443
161.97.132.85:3000
161.97.132.85:3012
161.97.132.85:3020
161.97.132.85:3036
161.97.132.85:3045
161.97.132.85:4447
161.97.132.85:7080
161.97.132.85:7081
161.97.132.85:8443
161.97.132.85:8880
162.19.24.166:2100
162.19.24.166:3001
162.19.24.166:3002
162.19.24.166:3838
162.19.24.166:4330
162.19.24.166:8080
162.19.24.166:8126
162.19.24.166:8787
162.19.24.166:9090
162.19.24.166:44321
184.168.106.46:2077
184.168.106.46:2078
184.168.106.46:2082
184.168.106.46:2083
184.168.106.46:2095
184.168.106.46:2096
185.176.58.32:14118
185.176.58.32:14119
185.176.58.32:1515
185.176.58.32:3000
185.176.58.32:3333
185.176.58.32:5985
185.176.58.32:8054
185.176.58.32:8080
185.176.58.32:8090
185.176.58.32:8182
185.176.58.32:8183
185.176.58.32:8391
185.176.58.32:8888
185.176.58.32:8889
185.176.58.32:9090
185.176.58.32:9193
185.66.9.215:81
216.69.162.32:2077
216.69.162.32:2078
216.69.162.32:2082
216.69.162.32:2083
216.69.162.32:2095
216.69.162.32:2096
37.61.242.66:8080
37.61.242.66:8902
37.61.242.66:8903
37.61.242.66:8905
37.61.242.66:8907
37.61.242.66:8913
37.61.242.66:8914
37.61.242.66:8915
37.61.242.66:8916
37.61.242.66:8917
37.61.242.66:8918
45.82.120.47:2525
45.82.120.47:443
45.82.120.47:8088
45.82.120.47:9999
51.91.45.248:8083
51.91.45.248:8888
51.91.45.248:8889
67.205.139.23:8000
67.205.139.23:8001
67.205.139.23:8002
67.205.139.23:8003
91.241.48.106:8443
91.241.48.106:8880
91.241.48.106:943

# Reference: https://twitter.com/banthisguy9349/status/1752646985234931730

http://185.66.9.215
http://62.210.137.149
http://77.105.147.252
216.69.162.32:443
