# CobaltStrike - Malware Domain Feed V2 # Source: Command and Control domains for malware known as CobaltStrike. These domains are extracted from malware sandbox reports using a Machine Learning model trained on a corpus of good and bad domains. # Source: https://otx.alienvault.com/user/otxrobottwo/pulses & https://otx.alienvault.com/user/BinaryDefense/pulses # # UPDATED 18-11-2022 # # Every link reported should be considered harmefull and could result in an unwanted malware download. Use this file carrefully. # # **** Therefor my advice is **** # **** If you experience sites that are being blocked **** # **** please double check your input in search field and **** # **** see if it's correct and verify that it is the correct page you **** # **** are going too! If it is correct then whitelist that site **** # # USE THIS LIST WITH CAUTION! # # # *****The list is released without any warranty to the end users.***** # # *** This list contains domains and hosts *** # ******************************************************************************************************************************************************************* #CobaltStrike - Malware Domain Feed V2 # Source: https://otx.alienvault.com/pulse/5cc69a4a6183f57187106f6b # Domains acurashu.com ad2003to.xyz adsmarketart.com aluminresources.com amajai-technologies.digital amajai-technologies.host amajai-technologies.industries amajai-technologies.network amajai-technologies.space amapai-technologies.site amazzone.gold asdft0m.ml charismatic-guy.me consultane.com corpcostco.com csrss.re displaychecks.com dsnetslekito.xyz fastucdn.com flashupdateapp.com forteupdate.com freesectest.ml fullwaf.com gogililutopikup.com iqio.net jetbarins.com junesdiophantine.com kernelupdate.xyz lesti.net losmapes.com lovectfer.top luasdyfaenflkjasdfh.com mailvivre.eu make-designer.com menustarten.com merssed.com microsoftmservices.com microsofts.network mitsubon.com ms8629-oscpsec.info mwebsoft.com news1010.net pinglis.com pinteslazluerdsz.com rainy-autumn.top repshd.com rewza.net sangfor.live sboiuoygiudcecnscfbcjshbdslkbjoodisuvo.com stargut.com starmyweb.com supercombinating.com t0ky0.com usahack.xyz videotalk.us wa2ber.com websitelistbuilder.com winupdate10pack2048.net womensnewsofafghanistan.com www-360-update-com.tk xtgo.xyz yten.xyz zbfgns.xyz # Hosts 0.0.0.0 6210.ns.lyt213.top 0.0.0.0 73670.newsroom.pwndrunk.com 0.0.0.0 73670.research.pwndrunk.com 0.0.0.0 99346.ns1.mast8800.com 0.0.0.0 99346.ns2.mast8800.com 0.0.0.0 aaa.stage.5614538.google.gydha.club 0.0.0.0 aaa.stage.10214756.bacs.cc 0.0.0.0 aaa.stage.11965376.360bug.net 0.0.0.0 aaa.stage.12915008.360bug.net 0.0.0.0 anquan.qianxin.com.dsa.dnsv1.com 0.0.0.0 app.hikvision.buzz 0.0.0.0 app.manilahotelservice.com 0.0.0.0 ase.cs-windows10.online 0.0.0.0 ass.cs-windows10.online 0.0.0.0 awasdqqqwxza.ddnsfree.com 0.0.0.0 aws-downloads.certauthv2.id 0.0.0.0 blog.chat5l88.com 0.0.0.0 c2.netsyncsolutions.com 0.0.0.0 c.dnm.one 0.0.0.0 c.virscan.xyz 0.0.0.0 cdn.task-mgr.tk 0.0.0.0 cmbchina.com.crnbchina.xyz 0.0.0.0 code.jquerys.xyz 0.0.0.0 codejquery.uk.to 0.0.0.0 cs313a.microsoftup.xyz 0.0.0.0 cs313b.microsoftup.xyz 0.0.0.0 cs313c.microsoftup.xyz 0.0.0.0 cs1001.bently2022.com 0.0.0.0 cs.mast8800.com 0.0.0.0 cs.usy7.cc 0.0.0.0 dafsdr4rffs.ddnsfree.com 0.0.0.0 download.microsoft-updated.com 0.0.0.0 download.softupdate-online.top 0.0.0.0 en.flsah.cc 0.0.0.0 gengxin.poxiaowy.com 0.0.0.0 gf.topservice-masters.com 0.0.0.0 gglservice.hopto.org 0.0.0.0 hello.fitcomn.com 0.0.0.0 hn.hnkjjwc.ml 0.0.0.0 images.ganker.rocks 0.0.0.0 ims.trust-update.com 0.0.0.0 info.duck-json.ml 0.0.0.0 jeithe7eijeefohch3qu.probes.site 0.0.0.0 jquery.thinkphp.me 0.0.0.0 jquery.wstatic-cdn.com 0.0.0.0 lib2.md.chula.ac.th 0.0.0.0 mce.chrovnm.com 0.0.0.0 mphlabs.ddns.net 0.0.0.0 msazure-api-eu.arsvmcloud.com 0.0.0.0 msazure-api-us.arsvmcloud.com 0.0.0.0 oa.life-tsinghua.com 0.0.0.0 qq.cattom.buzz 0.0.0.0 redteam.laststanding4me.xyz 0.0.0.0 resources.healthmade.org 0.0.0.0 sb.flashfack.ren 0.0.0.0 ssl.getpostmessage.com 0.0.0.0 st.virlyeo.fun 0.0.0.0 studentedu.hk.appledaily.live 0.0.0.0 syncjquery.us.to 0.0.0.0 telemetry.spotify-web.com 0.0.0.0 test.googlearth.top 0.0.0.0 test.praetorian-threat-hunt.com 0.0.0.0 trendmicro.arsvmcloud.com 0.0.0.0 up.cloudflare.red 0.0.0.0 update.checkavail.space 0.0.0.0 update.cloud-microsft.xyz 0.0.0.0 update.netaphorb.com 0.0.0.0 update.securessl.xyz 0.0.0.0 update.webguardsecurity.xyz 0.0.0.0 w3.microsoftupdate-softwarecenter.ml 0.0.0.0 wap.yi567.xyz 0.0.0.0 windows.t0ky0.com 0.0.0.0 wiyyognaf4gni5gapuxfzy7izirez42d7vly2gjyx3r5zfi2tnsvxcad.onion.ws 0.0.0.0 worldsecurity.duckdns.org 0.0.0.0 www1.fuckyourserver.xyz 0.0.0.0 www2.completelyinnocuousdomain.com 0.0.0.0 www.0fflce.xyz 0.0.0.0 www.annjema.com 0.0.0.0 www.blliblli.tk 0.0.0.0 www.boldbre.com 0.0.0.0 www.darkhorseex.com 0.0.0.0 www.edinburgh-map.co.uk 0.0.0.0 www.fuckyourserver.xyz 0.0.0.0 www.geqwf231f1q.top 0.0.0.0 www.jiubie.tk 0.0.0.0 www.jpuery.com 0.0.0.0 www.jquery-corp.ga 0.0.0.0 www.kwwwing.com 0.0.0.0 www.lazha.xyz 0.0.0.0 www.micrsoft.org 0.0.0.0 www.mlaml.ml 0.0.0.0 www.nmlgb.cc 0.0.0.0 www.outlook.best 0.0.0.0 www.shellcode.tk 0.0.0.0 www.test-google.host 0.0.0.0 www.thehealthsite.org 0.0.0.0 www.virscan.xyz 0.0.0.0 xxx.vhvh.pw 0.0.0.0 yt.service-hel.com 0.0.0.0 zxcv201789.dynssl.com #-------------------------------------------------- # Group of Related Servers Including Several Cobalt Strike C2, by BinaryDefense # Source: https://otx.alienvault.com/pulse/60270132358b8b1ebf382635 # Domains backupupdonline.com bestalo.com bestampage.com bestheria.com bestriche.com bestserviceboost.com bestservicehelp.com bestserviceupdate.com bidendistry.com boosterant.com boosterion.com boostetits.com boostracea.com cheeservice.com everydaystaff.net fast1arrival.com firstaholic.com firstient.com ghafirst.com jeangame.com jobjean.com momenticide.com momentopic.com oldentistry.com redbullenergyshop.org serviceboulder.com servicext.com topbackupbackupupdonline.com topbackupupd.comupd.com #-------------------------------------------------- # Trickbot & CobaltStrike IOCs - 13 May 2020, by 343GuiltySpark # Source: https://otx.alienvault.com/pulse/5ebbb7e4cb805dd8a7d69829 # Domains asiasyncdb.com dnsskype.com # Hosts 0.0.0.0 6a661fba.dns2.dnsskype.com 0.0.0.0 6a661fba.dns.dnsskype.com 0.0.0.0 7be94b6.dns2.dnsskype.com 0.0.0.0 7be94b6.dns.dnsskype.com 0.0.0.0 22abecf2.dns2.dnsskype.com 0.0.0.0 22abecf2.dns.dnsskype.com 0.0.0.0 dns2.dnsskype.com 0.0.0.0 dns3.dnsskype.com 0.0.0.0 dns.dnsskype.com 0.0.0.0 eustylejssync.appspot.com 0.0.0.0 officeasiaupdate.appspot.com