#
# LOKI C2 IOCs
# This file contains C2 server and decription
#
# FORMAT -----------------------------------------------------------------------
# 
# # COMMENT
# c2-server.tld
# ip-address
#

# FireEye Operation Snowman https://goo.gl/x1v7mT
suroot.com
58.64.143.244
effers.com
118.99.60.142
58.64.200.178
58.64.200.179
103.20.192.4
58.64.199.22
58.64.199.25
180.150.228.102
111.118.21.105
me.scieron.com
cht.blankchair.com
ali.blankchair.com
dll.freshdns.org
rt.blankchair.com
book.flnet.org

# Sofacy report Dec 2015 https://goo.gl/WSvEM8
drivres-update.info
intelnetservice.com
intelsupport.net
softupdates.info

# Mofang report by FoxIT https://goo.gl/t3uUTG
video.today-nytimes.com
api.officeonlinetool.com
ie.update-windows-microsoft.com
travel.tripmans.com
dns.undpus.com
secure2.sophosrv.com
update.nfkllyuisyahooapis.com
www.go-gga.com
images.defexpoindia14.com
update.micrdsoft.com
support.f--secure.com
store.outlook-microsoft.net
b.support.outlook-microsoft.net
logon.had-one-job.com
www.avgfree.us
mail.upgoogle.com
wbmail.city-library.com
library.cpgcorp.org
103.229.124.1
103.39.78.131
107.191.61.105
112.213.117.52
116.251.210.77
116.251.216.165
116.251.216.227
116.251.216.72
116.251.219.142
117.17.10.10
151.236.14.53
176.31.220.160
178.209.51.164
178.209.52.72
192.157.229.164
198.98.103.7
210.245.85.83
23.89.200.128
23.89.201.173
38.109.190.55
49.213.18.15
50.117.47.66
50.117.47.67
61.250.92.79

# Project Sauron https://goo.gl/eFoP4A
185.78.64.121
rapidcomments.com
81.4.108.168
bikessport.com
178.211.40.117
176.9.242.188
www.myhomemusic.com
flowershop22.110mb.com
wildhorses.awardspace.info
217.160.176.157
5.196.206.166

# Threat actors leverage EternalBlue exploit to deliver non-WannaCry payloads https://goo.gl/OOB3mH
hackqz.f3322.org
120.209.40.157
bj6po.a1free9bird.com

# Black Oasis IOC https://goo.gl/jhJWRp
89.45.67.107

# Sofacy activity https://researchcenter.paloaltonetworks.com/2018/02/unit42-sofacy-attacks-multiple-government-entities/
cdnverify.net

# APT10 C2 IOCs - Source: AlienVault OTX
acsocietyy.com
anvprn.com
anycal1.com
appeal.ml
belowto.com
bridgeluxlightmadness.com
catholicmmb.com
ccfchrist.com
chibashiri.com
childrenstow.com
ckusshani.com
cloud-kingl.com
cloud-maste.com
companieshousesearch.com
duosay.com
emyta.com
essashi.com
fastmail2.com
geetkculture.net
gmpcw.com
goodsampjp.com
googlemeail.com
gostudymbaa.com
gotourisma.com
gt4study.com
gtsofta.com
hg8fmv.racing
hkhzhz.com
hotma11.com
hotma11.net
hotmai.info
icfeds.cf
ijica.in
incloud-obert.com
innov-tec.com.ua
ixrayeye.com
jica-go-jp.bike
jica-go-jp.biz
jimin-jp.biz
jimintokoy.com
jmuroran.com
jxsuyuisyahooapis.com
kimospace.com
lianhuaxinwen.com
mailcarriage.co.uk
mailserever.com
mailvserver.com
meltegorniesto.com
microhotmail.com
microsoften.com
missbc.ca
mofa-go-jp.com
nokia1umia.com
oipbl.com
osaka-jpgo.com
osce-press.org
poulsenv.com
radiorig.com
salvaiona.com
sapporot.com
scholz-versand.com
siteinit.info
skypecommunications.net
stevenlf.com
thinkofnews.com
tokyo-gojp.com
tor-projects.org
ubuntusofta.com
unhamj.com
urearapetsu.com
veryhuai.info
vscue.com
wdsupdates.com
woyaofanwen.com
wthelpdesk.com
xsince.tk
yah000rg.com
yahooadmin.net
yahoorigist.com
zafronecromien.com
zccw.cc
zhousafe.com
002562066559681.r3u8.com
031168053846049.r3u8.com
0625.have8000.com
1.gadskysun.com
11.usyahooapis.com
19518473326.r3u8.com
1960445709311199.r3u8.com
1j.www1.biz
1z.itsaol.com
2014.zzux.com
202017845.r3u8.com
2139465544784.r3u8.com
2789203959848958.r3u8.com
3q.wubangta.info
3q.wubangtu.info
5590428449750026.r3u8.com
5q.niushenghuo.info
6r.suibian2010.info
a.wubangtu.info
a1.suibian2010.info
ab.4pu.com
abc.wikaba.com
abcd100621.3322.org
abcd120719.6600.org
abcd120807.3322.org
acc.emailfound.info
acc.lehigtapp.com
ad.getfond.info
ad.webbooting.com
additional.sexidude.com
af.zyns.com
afc.https443.org
ako.ddns.us
algorithm.ddnsgeek.com
amos.2288.org
amxil.opmuert.org
androidmusicapp.onmypc.us
announcements.toythieves.com
aotuo.9966.org
apec.qtsofta.com
app.lehigtapp.com
apple.cmdnetview.com
apple.defensewar.org
apple.ikwb.com
appledownload.ourhobby.com
appleimages.itemdb.com
appleimages.longmusic.com
applelib120102.9966.org
applemirror.organiccrap.com
applemirror.squirly.info
applemusic.isasecret.com
applemusic.itemdb.com
applemusic.wikaba.com
applemusic.xxuz.com
applemusic.zzux.com
apples.sytes.net
appleupdate.itemdb.com
area.wthelpdesk.com
army.xxuz.com
art.p6p6.net
asfzx.x24hr.com
av.ddns.us
availab.wikaba.com
availability.justdied.com
ba.my03.com
baby.macforlinux.net
baby.myie12.com
baby.usmirocomney.net
babyprintf.2288.org
back.jungleheart.com
back.mofa.dynamic-dns.net
bak.have8000.com
bak.ignorelist.com
bak.un.dnsrd.com
balance1.wikaba.com
balk.n7go.com
banana.cmdnetview.com
barrybaker.3322.org
barrybaker.6600.org
bbs.jungleheart.com
be.mrslove.com
be.yourtrap.com
bethel.webhop.net
bexm.cleansite.biz
bezu.itemdb.com
bk56.twilightparadox.com
blaaaaaaaaaaaa.windowsupdate.3-a.net
blitzmediaplayer02.blitzmediaplayer.com
blog.defensewar.org
bluecoat.isasecret.com
brand.fartit.com
bulletproof.squirly.info
cao.p6p6.net
cata.qtsofta.com
cc.dynamicdns.co.uk
ccupdatedata.authorizeddns.net
cd.usyahooapis.com
cdaets-my.sharepoint.com
cdn.incloud-go.com
cdn.sanecat.com
center.shenajou.com
cgei493860.r3u8.com
cia.ezua.com
cia.toh.info
ciaoci.chickenkiller.com
civilwar123.authorizeddns.org
civilwar520.onmypc.org
cloudns.8800.org
club.personanddog.info
cms.sindeali.com
cnnews.mylflv.com
cnnews.mylftv.com
commissioner.shenajou.com
commons.onedumb.com
contactus.myddns.com
contactus.onmypc.us
contract.4mydomain.com
contractus.qpoe.com
contractus.zzux.com
coreck.suayay.com
cpu.4pu.com
cs.lflink.com
ctdl.windowsupdate.itsaol.com
ctdl.windowsupdate.nsatcdns.com
ctldl.appledownload.ourhobby.com
ctldl.applemusic.itemdb.com
ctldl.itunesmusic.jkub.com
ctldl.microsoftmusic.onedumb.com
ctldl.microsoftupdate.qhigh.com
ctldl.windowsupdate.authorizeddns.org
ctldl.windowsupdate.authorizeddns.us
ctldl.windowsupdate.dnset.com
ctldl.windowsupdate.esmtp.biz
ctldl.windowsupdate.ezua.com
ctldl.windowsupdate.fartit.com
ctldl.windowsupdate.gettrials.com
ctldl.windowsupdate.itsaol.com
ctldl.windowsupdate.lflinkup.com
ctldl.windowsupdate.mrface.com
ctldl.windowsupdate.nsatcdns.com
ctldl.windowsupdate.organiccrap.com
ctldl.windowsupdate.x24hr.com
cvnx.zyns.com
daddy.gostudyantivirus.com
dcc.jimingroup.com
dd.ddns.us
de.onmypc.info
dear.loveddos.com
dec.seyesb.acmetoy.com
dedydns.ns01.us
department.shenajou.com
desktopweatheralerts02.desktopweatheralerts00.desktopweatheralerts.com
details.squirly.info
development.shenajou.com
devilcase.acmetoy.com
dfgwerzc.3322.org
dick.ccfchrist.com
digsby.ourhobby.com
disruptive.https443.net
dlmix.ourdvs.com
dns.snakesearch.info
dnspoddwg.authorizeddns.org
do.ddns.ms
document.methoder.com
document.shenajou.com
domainnow.yourtrap.com
download.applemusic.itemdb.com
download.microsoftmusic.onedumb.com
download.windowsupdate.authorizeddns.org
download.windowsupdate.dedgesuite.net
download.windowsupdate.dnset.com
download.windowsupdate.itsaol.com
download.windowsupdate.lflinkup.com
download.windowsupdate.nsatcdns.com
download.windowsupdate.x24hr.com
downloadlink.mypicture.info
dreamsture.iego.cn
drives.methoder.com
dst.1dumb.com
dutchbros.apps.playnetwork.com
dyncojinf.6600.org
dynsbluecheck.7766.org
ea.onmypc.info
ea.rebatesrule.net
edgar.ccfchrist.com
ehshiroshima.mylftv.com
eric-averyanov.wha.la
eservake.jetos.com
eu.acmetoy.com
eu.wha.la
eu.zzux.com
ewe.toshste.com
eweek.2waky.com
ewms.6600.org
express.lflinkup.com
extraordinary.dynamic-dns.net
fabian.ccfchrist.com
fastemail.dnsrd.com
fbi.sexxxy.biz
fbi.zyns.com
fcztqbg.zj.r3u8.com
feasot.4pu.com
feed.jungleheart.com
fg.v4.download.windowsupdates.dnsrd.com
fgipv6.download.windowsupdate.com.mwcname.com
file.zzux.com
files.architectisusa.com
fileshare.serveftp.com
film.everydayfilmlink.com
filmlist.everydayfilmlink.com
findme.epac.to
fire.mrface.com
firefoxcomt.arkouowi.com
fish.toh.info
fiveavmersi.websegoo.net
fjs.wikaba.com
flea.poulsenv.com
flynews.edns.biz
fo.mysecondarydns.com
foal.wchildress.com
follow.wha.la
foo.shenajou.com
for.ddns.mobi
fr.wikaba.com
franck.demoones.com
freeright.10dig.net
friendlysupport.giize.com
ftp.2014.zzux.com
ftp.additional.sexidude.com
ftp.afc.https443.org
ftp.announcements.toythieves.com
ftp.apple.ikwb.com
ftp.appledownload.ourhobby.com
ftp.appleimages.itemdb.com
ftp.appleimages.longmusic.com
ftp.appleimages.organiccrap.com
ftp.applemirror.organiccrap.com
ftp.applemirror.squirly.info
ftp.applemusic.isasecret.com
ftp.applemusic.itemdb.com
ftp.applemusic.wikaba.com
ftp.applemusic.xxuz.com
ftp.applemusic.zzux.com
ftp.appleupdate.itemdb.com
ftp.architectisusa.com
ftp.asfzx.x24hr.com
ftp.availab.wikaba.com
ftp.availability.justdied.com
ftp.back.jungleheart.com
ftp.balance1.wikaba.com
ftp.be.mrslove.com
ftp.brand.fartit.com
ftp.bulletproof.squirly.info
ftp.cia.ezua.com
ftp.cia.toh.info
ftp.civilwar123.authorizeddns.org
ftp.civilwar520.onmypc.org
ftp.cloudfileserverbs.dynamicdns.co.uk
ftp.cnnews.mylftv.com
ftp.commons.onedumb.com
ftp.contractus.qpoe.com
ftp.cvnx.zyns.com
ftp.de.onmypc.info
ftp.details.squirly.info
ftp.devilcase.acmetoy.com
ftp.disruptive.https443.net
ftp.domainnow.yourtrap.com
ftp.ea.onmypc.info
ftp.ehshiroshima.mylftv.com
ftp.eric-averyanov.wha.la
ftp.eu.acmetoy.com
ftp.eu.wha.la
ftp.eu.zzux.com
ftp.fbi.sexxxy.biz
ftp.file.zzux.com
ftp.findme.epac.to
ftp.fire.mrface.com
ftp.fjs.wikaba.com
ftp.fr.wikaba.com
ftp.fuck.ikwb.com
ftp.fuckmm.dns-dns.com
ftp.generat.almostmy.com
ftp.goldtoyota.com
ftp.goodmusic.justdied.com
ftp.helpus.ddns.info
ftp.hii.qhigh.com
ftp.innocent-isayev.sexidude.com
ftp.invoices.sexxxy.biz
ftp.iphone.vizvaz.com
ftp.itlans.isasecret.com
ftp.itunesdownload.jkub.com
ftp.itunesdownload.wikaba.com
ftp.itunesimages.itemdb.com
ftp.itunesimages.itsaol.com
ftp.itunesimages.qpoe.com
ftp.itunesmirror.fartit.com
ftp.itunesmirror.itsaol.com
ftp.itunesmusic.ikwb.com
ftp.itunesmusic.jetos.com
ftp.itunesmusic.jkub.com
ftp.itunesmusic.zzux.com
ftp.itunesupdate.itsaol.com
ftp.itunesupdates.organiccrap.com
ftp.japanfilmsite.ikwb.com
ftp.jimin.mymom.info
ftp.jp.serveuser.com
ftp.key.zzux.com
ftp.knowledge.sellclassics.com
ftp.lan.dynssl.com
ftp.latestnews.epac.to
ftp.latestnews.organiccrap.com
ftp.leedong.longmusic.com
ftp.macfee.mrface.com
ftp.maffc.mrface.com
ftp.malware.dsmtp.com
ftp.manager.jetos.com
ftp.martin.sellclassics.com
ftp.mason.vizvaz.com
ftp.mediapath.organiccrap.com
ftp.microsoft.got-game.org
ftp.microsoft.mrface.com
ftp.microsoftimages.organiccrap.com
ftp.microsoftmusic.mrbasic.com
ftp.microsoftqckmanager.pcanywhere.net
ftp.microsoftupdate.mrbasic.com
ftp.microsoftupdate.qhigh.com
ftp.micrsoftware.dsmtp.com
ftp.mircsoft.compress.to
ftp.mmy.ddns.us
ftp.mod.jetos.com
ftp.mofa.dynamic-dns.net
ftp.mofa.ns01.info
ftp.moscowdic.trickip.org
ftp.msg.ezua.com
ftp.musicfile.ikwb.com
ftp.musicjj.zzux.com
ftp.mymusicbox.vizvaz.com
ftp.myphpwebsite.itsaol.com
ftp.myrestroomimage.isasecret.com
ftp.na.americanunfinished.com
ftp.na.onmypc.org
ftp.newsdata.jkub.com
ftp.newsroom.cleansite.info
ftp.no.authorizeddns.org
ftp.nsa.mefound.com
ftp.nt.mynumber.org
ftp.nttdata.otzo.com
ftp.nz.compress.to
ftp.ol.almostmy.com
ftp.oracleupdate.dns04.com
ftp.portal.mrface.com
ftp.portal.sendsmtp.com
ftp.portalser.dynamic-dns.net
ftp.praskovya-matveyeva.mefound.com
ftp.praskovya-ulyanova.dumb1.com
ftp.products.almostmy.com
ftp.products.cleansite.us
ftp.products.serveuser.com
ftp.purchase.lflinkup.org
ftp.recent.dns-stuff.com
ftp.recent.fartit.com
ftp.referred.gr8domain.biz
ftp.referred.yourtrap.com
ftp.register.ourhobby.com
ftp.registration2.instanthq.com
ftp.registrations.4pu.com
ftp.registrations.organiccrap.com
ftp.remeberdata.iownyour.org
ftp.reserveds.onedumb.com
ftp.rethem.almostmy.com
ftp.sdmsg.onmypc.org
ftp.se.toythieves.com
ftp.secertnews.mrbasic.com
ftp.senseye.ikwb.com
ftp.senseye.mrbonus.com
ftp.septdlluckysystem.jungleheart.com
ftp.seraphim-yurieva.justdied.com
ftp.serv.justdied.com
ftp.server1.proxydns.com
ftp.seyesb.acmetoy.com
ftp.shugiin.jkub.com
ftp.singed.otzo.com
ftp.sstday.jkub.com
ftp.support1.mrface.com
ftp.supportus.mefound.com
ftp.svc.dynssl.com
ftp.synssl.dnset.com
ftp.tamraj.fartit.com
ftp.tfa.longmusic.com
ftp.thunder.wikaba.com
ftp.ticket.instanthq.com
ftp.ticket.serveuser.com
ftp.tokyofile.2waky.com
ftp.tophost.dynamicdns.co.uk
ftp.transfer.lflinkup.org
ftp.transfer.mrbasic.com
ftp.transfer.vizvaz.com
ftp.ugreen.itemdb.com
ftp.uk.dynamicdns.org.uk
ftp.un.ddns.info
ftp.un.dnsrd.com
ftp.usa.itsaol.com
ftp.well.itsaol.com
ftp.well.mrbasic.com
ftp.wike.wikaba.com
ftp.windowfile.itemdb.com
ftp.windowsimages.itemdb.com
ftp.windowsimages.qhigh.com
ftp.windowsmirrors.vizvaz.com
ftp.windowsupdate.2waky.com
ftp.windowsupdate.3-a.net
ftp.windowsupdate.authorizeddns.us
ftp.windowsupdate.dns05.com
ftp.windowsupdate.esmtp.biz
ftp.windowsupdate.ezua.com
ftp.windowsupdate.fartit.com
ftp.windowsupdate.gettrials.com
ftp.windowsupdate.instanthq.com
ftp.windowsupdate.jungleheart.com
ftp.windowsupdate.lflink.com
ftp.windowsupdate.mrface.com
ftp.windowsupdate.mylftv.com
ftp.windowsupdate.rebatesrule.net
ftp.windowsupdate.sellclassics.com
ftp.windowsupdate.serveusers.com
ftp.yandexr.sellclassics.com
fu.chromeenter.com
fu.epac.to
fuck.ikwb.com
fuckdd.8800.org
fuckmm.8800.org
fuckmm.dns-dns.com
fukuoka.cloud-maste.com
gavin.ccfchrist.com
generat.almostmy.com
generousd.hopto.org
gensuzuki.6600.org
gh.mysecondarydns.com
gifuonlineshopping.mynumber.org
glicense.shenajou.com
globalnews.wikaba.com
gmail.com.mailsserver.com
gold.polopurple.com
goodmusic.justdied.com
gooesdataios.instanthq.com
google.macforlinux.net
google.usrobothome.com
hamiltion.catholicmmb.com
happy.workerisgood.com
helpus.ddns.info
helshellfucde.8866.org
hii.qhigh.com
hk-china.485445bd7ac73d726fd60eef9f7f1044.pw
hk-china.d8a4d1bc0af4b49721b10b7a6cb6bb29.pw
hk.2012yearleft.com
hk.cmdnetview.com
hk.have8000.com
hk.loveddos.com
home.trickip.org
hotmail.com.mailsserver.com
hukuoka.cloud-maste.com
iamges.itunesmusic.jkub.com
ibmmsg.strangled.net
idpmus.hostport9.net
im.suibian2010.info
image.laoscript.org
image.websago.info
images.itunesmusic.jkub.com
images.thedomais.info
images.tokyo-gojp.com
images.tyoto-go-jp.com
images.windowsupdate.organiccrap.com
imap.architectisusa.com
imap.dnset.com
imap.lflink.com
imap.onmypc.net
imap.ygto.com
img.microtoo.info
img.station155.com
inbox.webmailgoogle.com
ingemar.catholicmmb.com
innocent-isayev.sexidude.com
inspgon.re26.com
interpreter.shenajou.com
invoices.sexxxy.biz
io.jkub.com
iphone.vizvaz.com
ipv4.applemusic.itemdb.com
ipv4.itunesmusic.jkub.com
ipv4.japanenvnews.qpoe.com
ipv4.microsoftmusic.onedumb.com
ipv4.microsoftupdate.mrbasic.com
ipv4.microsoftupdate.qhigh.com
ipv4.windowsupdate.3-a.net
ipv4.windowsupdate.authorizeddns.org
ipv4.windowsupdate.authorizeddns.us
ipv4.windowsupdate.dnset.com
ipv4.windowsupdate.esmtp.biz
ipv4.windowsupdate.ezua.com
ipv4.windowsupdate.fartit.com
ipv4.windowsupdate.gettrials.com
ipv4.windowsupdate.itsaol.com
ipv4.windowsupdate.lflink.com
ipv4.windowsupdate.lflinkup.com
ipv4.windowsupdate.mrface.com
ipv4.windowsupdate.mylftv.com
ipv4.windowsupdate.nsatcdns.com
ipv4.windowsupdate.x24hr.com
ipv6microsoft.dlmix.ourdvs.com
itlans.isasecret.com
itunesdownload.jkub.com
itunesdownload.vizvaz.com
itunesdownload.wikaba.com
itunesimages.itemdb.com
itunesimages.itsaol.com
itunesimages.qpoe.com
itunesmirror.fartit.com
itunesmirror.itsaol.com
itunesmusic.ikwb.com
itunesmusic.jetos.com
itunesmusic.jkub.com
itunesmusic.zzux.com
itunesupdate.itsaol.com
itunesupdates.organiccrap.com
iw.mrslove.com
james.tffghelth.com
janpan.bigmoney.biz
janpun.americanunfinished.com
jap.japanmusicinfo.com
japan.fuckanti.com
japan.linuxforover.com
japan.loveddos.com
japanenvnews.qpoe.com
japanfilmsite.ikwb.com
japanfst.japanteam.org
jcie.mofa.ns01.info
jepsen.r3u8.com
jimin.jimindaddy.com
jimin.mymom.info
jiussharefiles.ddns.net
jj.mysecondarydns.com
josadae.ygto.com
jp.rakutenmusic.com
jp.serveuser.com
jp.virhub.biz
jpn.longmusic.com
jpnxzshopdata.authorizeddns.org
jpstarmarket.serveusers.com
kaka.lehigtapp.com
kawasaki.cloud-maste.com
kawasaki.unhamj.com
kbjr.zvgkbjj.com
kennedy.tffghelth.com
key.zzux.com
kikimusic.sellclassics.com
kmd.crabdance.com
knowledge.sellclassics.com
koala.acsocietyy.com
ktgmktanxgvn.r3u8.com
kxsbwappupdate.dhcp.biz
kztmusiclnk.dnsrd.com
lan.dynssl.com
last.p6p6.net
latestnews.epac.to
latestnews.organiccrap.com
leedong.longmusic.com
lennon.fftpoor.com
license.shenajou.com
lie.jetos.com
lion.wchildress.com
livehouse.myz.info
lizard.poulsenv.com
lottedfstravel.webbooting.com
lzf550.r3u8.com
ma.vizvaz.com
mac.goldtoyota.com
mac.methoder.com
macfee.mrface.com
maffc.mrface.com
mail.architectisusa.com
mail.cbppnews.com
mail.macforlinux.net
mailj.hostport9.net
mailowl.jkub.com
malcolm.fftpoor.com
malware.dsmtp.com
manager.architectisusa.com
manager.jetos.com
maofajapa.3322.org
markabcinfo.dynamicdns.me.uk
martin.sellclassics.com
mason.vizvaz.com
mbaby.macforlinux.net
medexplor.thedomais.info
mediapath.organiccrap.com
meibubaker.3322.org
mesjm.emailfound.info
message.emailfound.info
message.p6p6.net
messagea.emailfound.info
mf.ddns.info
microcnmlgb.3322.org
microdef.2288.org
microhome.wikaba.com
microsoft.got-game.org
microsoft.mrface.com
microsoftdownload.zzux.com
microsoftempowering.sendsmtp.com
microsoftgame.mrface.com
microsoftgetstarted.sexidude.com
microsoftimages.organiccrap.com
microsoftmirror.mrbasic.com
microsoftmusic.itemdb.com
microsoftmusic.mrbasic.com
microsoftmusic.onedumb.com
microsoftqckmanager.pcanywhere.net
microsoftstore.jetos.com
microsoftstore.onmypc.net
microsoftstores.itemdb.com
microsoftupdate.mrbasic.com
microsoftupdate.qhigh.com
microsoftupdates.vizvaz.com
micrsoftware.dsmtp.com
mircsoft.compress.to
mivsee.website0012.net
mmofoojap.2288.org
mmy.ddns.us
mobile.2waky.com
mocha.100fanwen.com
mod.jetos.com
mofa.dynamic-dns.net
mofa.ns01.info
mofa.strangled.net
mongoles.3322.org
monkey.2012yearleft.com
monkey.windowsupdate.nsatcdns.com
moscowstdsupdate.toythieves.com
mrsloveaqx.mrslove.com
ms.ecc.u-tokyo-ac-jp.com
mseupdate.ourhobby.com
msg.ezua.com
msn.incloud-go.com
mtonline0416.dyndns.org
muller.exprenum.com
music.acmetoy.com
music.applemusic.itemdb.com
music.cleansite.us
music.websegoo.net
musicfile.ikwb.com
musicinfo.everydayfilmlink.com
musicjj.zzux.com
musiclinker.jkub.com
musicsecph.squirly.info
mx.yetrula.eu
mymusicbox.lflinkup.org
mymusicbox.vizvaz.com
mynutrition2go.orderlunchesatwork.com
myphpwebsite.itsaol.com
myrestroomimage.isasecret.com
mytodaynews.publicvm.com
mytwhomeinst.sendsmtp.com
myurinikoreaaps.ninth.biz
na.americanunfinished.com
na.onmypc.org
nasa.xxuz.com
nec.website0012.net
newdata.ygto.com
news.100fanwen.com
news.japanteam.org
news.turkceil.tk
news.voanews.hk
newsdata.jkub.com
newsfile.toythieves.com
newsreport.justdied.com
newsroom.cleansite.info
nezwq.ezua.com
ngcc.8800.org
nk10.belowto.com
nk20.belowto.com
nlddnsinfo.https443.org
nmrx.mrbonus.com
nn.dynssl.com
no.authorizeddns.org
node.mofaess.com
nodns2.qipian.org
nposnewsinfo.qhigh.com
ns1.belowto.com
ns1.pickcars.net
ns1.tlchs2.ml
ns2.belowto.com
ns21.belowto.com
ns22.belowto.com
ns4.belowto.com
ns5.belowto.com
nsa.mefound.com
nt.mynumber.org
nttdata.otzo.com
nunluck.re26.com
nz.compress.to
officechoiceau-my.sharepoint.com
ol.almostmy.com
oms.sindeali.com
oop.jumpingcrab.com
openmofa.8866.org
oracleupdate.dns04.com
outlook.otzo.com
outlook.sindeali.com
owlmedia.mefound.com
peopleinfodata.3-a.net
phptecinfohelp.itemdb.com
pic.nicklockluckydog.org
pictures.everydayfilmlink.com
pj.qpoe.com
points.mofaess.com
pop.architectisusa.com
pop.loveddos.com
portal.mrface.com
portal.sendsmtp.com
portalser.dynamic-dns.net
praskovya-matveyeva.mefound.com
praskovya-ulyanova.dumb1.com
premium.redforlinux.com
procore.orderlunchesatwork.com
products.almostmy.com
products.cleansite.us
products.serveuser.com
program.acmetoy.com
prrmes4019.r3u8.com
purchase.lflinkup.org
q6.niushenghuo.info
qf.laoscript.org
qtds1979.3322.org
qtds1979.gicp.net
quick.oldbmwy.com
qwer9876.vicp.cc
rain.orctldl.windowsupdate.authorizeddns.us
rdns-4.infoproduto1.tk
read.xxuz.com
recent.dns-stuff.com
recent.fartit.com
record.hostport9.net
record.webssl9.info
record.wschandler.com
referred.gr8domain.biz
referred.yourtrap.com
register.ourhobby.com
registration2.instanthq.com
registrations.4pu.com
registrations.organiccrap.com
report.perrydale.com
reports.tomorrowforgood.com
reserveds.onedumb.com
resources.applemusic.itemdb.com
rethem.almostmy.com
rlbeiydn.hi.r3u8.com
rpt.perrydale.com
rtg.jrwr.space
saiyo.exprenum.com
sakai.unhamj.com
sappore.cloud-maste.com
sapporo.cloud-maste.com
sat.suayay.com
saverd.re26.com
sb.iffymonkey.com
sbuudd.webssl9.info
sc.weboot.info
scorpion.poulsenv.com
scripts.3-a.net
scrlk.exprenum.com
sdmsg.onmypc.org
se.toythieves.com
sea.websegoo.net
secertnews.mrbasic.com
secmicrosooo.6600.org
secserverupdate.toh.info
secure.orderlunchesatwork.com
sell.mofaess.com
sema.linuxsofta.com
send.have8000.com
send.mofa.ns01.info
sendmsg.jumpingcrab.com
senseye.ikwb.com
senseye.mrbonus.com
septdlluckysystem.jungleheart.com
seraphim-yurieva.justdied.com
serv.justdied.com
server1.micoosofts.com
server1.proxydns.com
severeweatheralerts02.severeweatheralerts.net
severeweatheralerts02.severeweatheralerts00.severeweatheralerts.net
seyesb.acmetoy.com
sh.chromeenter.com
sha.25u.com
sha.ikwb.com
shadowgolden.10dig.net
shoppingcentre.station155.com
shrimp.bdoncloud.com
shrimp.usffunicef.com
shugiin.jkub.com
signup.l3p95.net
singed.otzo.com
sky.oldbmwy.com
sma.jimindaddy.com
smartmediaconverter02.smartmediaconverter00.smartmediaconverter.com
smo.gadskysun.com
smtp.architectisusa.com
smtp.macforlinux.net
smtp230.toldweb.com
somthing.re26.com
sstday.jkub.com
start.usrobothome.com
stone.jumpincrab.com
stone.jumpingcrab.com
storm-alerts02.storm-alerts00.storm-alerts.net
style.u-tokyo-ac-jp.com
support1.mrface.com
supportus.mefound.com
svc.dynssl.com
sxl1979.gicp.net
synssl.dnset.com
sz.thedomais.info
taipei.yourtrap.com
taipeifoodsite.ocry.com
tamraj.fartit.com
telegraph.mefound.com
test.usyahooapis.com
tfa.longmusic.com
tianshao007.vicp.cc
ticket.instanthq.com
ticket.jetos.com
ticket.serveuser.com
tidatacenter.shenajou.com
tisdatacenter.shenajou.com
tisupdateinfo.faqserv.com
tokyofile.2waky.com
tophost.dynamicdns.co.uk
toya.7766.org
transfer.lflinkup.org
transfer.mrbasic.com
transfer.vizvaz.com
trasul.mypicture.info
travelyokogawafz.fartit.com
trendmicroupdate.shenajou.com
trendsecurity.shenajou.com
trout.belowto.com
tv.goldtoyota.com
tw.2012yearleft.com
twmusic.proxydns.com
twnic.ignorelist.com
twpeoplemusicsite.my03.com
twsslpopservupro.dynssl.com
twtravelinfomation.toythieves.com
twx.mynumber.org
u1.fartit.com
u1.haoyujd.info
ugreen.itemdb.com
ui.hdcdui.com
uk.dynamicdns.org.uk
ukuoka.cloud-maste.com
ultimedia.vmmini.com
un.ddns.info
un.dnsrd.com
unspa.hostport9.net
update.arkouowi.com
update.dnsqaz.com
update.yourtrap.com
updatemirrors.fartit.com
updates.itsaol.com
ups.improvejpese.com
usa.got-game.org
usa.itsaol.com
usa.japanteam.org
usbage.gicp.net
usiness.vmmini.com
ut-portal-u-tokyo-ac-jp.tyoto-go-jp.com
uu.logon-live.com
uu.niushenghuo.info
ux.niushenghuo.info
v4.appledownload.ourhobby.com
v4.itunesmusic.jkub.com
v4.microsoftmusic.onedumb.com
v4.microsoftupdate.mrbasic.com
v4.windowsupdate.authorizeddns.org
v4.windowsupdate.dedgesuite.net
v4.windowsupdate.dnset.com
v4.windowsupdate.itsaol.com
v4.windowsupdate.lflinkup.com
v4.windowsupdate.mrface.com
v4.windowsupdate.nsatcdns.com
v4.windowsupdate.x24hr.com
v4.windowsupdates.dnsrd.com
video.vmdnsup.org
visualstudio.authorizeddns.net
vm.vmdnsup.org
vmyiersend.websago.info
vmyisan.website0012.net
voov.2288.org
wcxh.mynetav.net
web.dpp.rrims.org
web.paramerat.com
webdirectnews.dynamicdns.biz
webinfoseco.ygto.com
webjz.9966.org
webmailentry.jetos.com
webmonder.gicp.net
webposter.gicp.net
websiteboo.website0012.net
websqlnewsmanager.ninth.biz
webwxjz.3322.org
well.itsaol.com
well.mrbasic.com
whale.toshste.com
whellbuy.wschandler.com
whois.nictr.info
whyis.haoyujd.info
wike.wikaba.com
win7.myz.info
windowfile.itemdb.com
windowsimages.itemdb.com
windowsimages.qhigh.com
windowsmirrors.vizvaz.com
windowsstores.gettrials.com
windowsstores.organiccrap.com
windowsupdate.2waky.com
windowsupdate.3-a.net
windowsupdate.acmetoy.com
windowsupdate.authorizeddns.net
windowsupdate.authorizeddns.org
windowsupdate.authorizeddns.us
windowsupdate.com.mwcname.com
windowsupdate.dedgesuite.net
windowsupdate.dns05.com
windowsupdate.dnset.com
windowsupdate.esmtp.biz
windowsupdate.ezua.com
windowsupdate.fartit.com
windowsupdate.gettrials.com
windowsupdate.instanthq.com
windowsupdate.itsaol.com
windowsupdate.jungleheart.com
windowsupdate.lflink.com
windowsupdate.mrface.com
windowsupdate.mylftv.com
windowsupdate.nsatcdns.com
windowsupdate.organiccrap.com
windowsupdate.rebatesrule.net
windowsupdate.sellclassics.com
windowsupdate.serveusers.com
windowsupdate.vizvaz.com
windowsupdate.wcwname.com
windowsupdate.x24hr.com
windowsupdate.ygto.com
windowsupdates.dnset.com
windowsupdates.ezua.com
windowsupdates.ikwb.com
windowsupdates.itemdb.com
windowsupdates.proxydns.com
www-meti-go-jp.tyoto-go-jp.com
www.2014.zzux.com
www.97sm.com
www.9gowg.tech
www.abdominal.faqserv.com
www.additional.sexidude.com
www.afc.https443.org
www.aiisoo.com
www.androidmusicapp.onmypc.us
www.announcements.toythieves.com
www.anx-own-334.mrbasic.com
www.apple.ikwb.com
www.appledownload.ourhobby.com
www.appleimages.itemdb.com
www.appleimages.longmusic.com
www.appleimages.organiccrap.com
www.applejuice.itemdb.com
www.applemirror.organiccrap.com
www.applemirror.squirly.info
www.applemusic.isasecret.com
www.applemusic.itemdb.com
www.applemusic.wikaba.com
www.applemusic.xxuz.com
www.applemusic.zzux.com
www.appleupdate.itemdb.com
www.appleupdateurl.2waky.com
www.aprilmusic.com
www.architectisusa.com
www.army.xxuz.com
www.art.p6p6.net
www.asfzx.x24hr.com
www.availab.wikaba.com
www.availability.justdied.com
www.avasters.com
www.babymusicsitetr.mymom.info
www.back.jungleheart.com
www.balance1.wikaba.com
www.be.mrslove.com
www.belowto.com
www.billing.organiccrap.com
www.blaaaaaaaaaaaa.windowsupdate.3-a.net
www.bqcpu.com
www.brand.fartit.com
www.bulletproof.squirly.info
www.cabbage.iownyour.biz
www.cbppnews.com
www.ccupdatedata.authorizeddns.net
www.cdn.incloud-go.com
www.center.shenajou.com
www.chaindungeons.com
www.cia.ezua.com
www.cia.toh.info
www.civilwar123.authorizeddns.org
www.civilwar520.onmypc.org
www.cloud-maste.com
www.cnnews.mylftv.com
www.commissioner.shenajou.com
www.commons.onedumb.com
www.contractus.qpoe.com
www.corp-dnsonline.itsaol.com
www.courier.jetos.com
www.cress.mynetav.net
www.ctdl.windowsupdate.nsatcdns.com
www.ctldl.microsoftupdate.qhigh.com
www.ctldl.windowsupdate.authorizeddns.us
www.ctldl.windowsupdate.esmtp.biz
www.ctldl.windowsupdate.mrface.com
www.cwiinatonal.com
www.dasoftactivemodule.toythieves.com
www.dasonews.youdontcare.com
www.daughter.vizvaz.com
www.de.onmypc.info
www.details.squirly.info
www.development.shenajou.com
www.devilcase.acmetoy.com
www.disruptive.https443.net
www.dns-hinettw.25u.com
www.document.shenajou.com
www.domainnow.yourtrap.com
www.download.windowsupdate.nsatcdns.com
www.dreamsture.iego.cn
www.ea.onmypc.info
www.eddo.qpoe.com
www.ehshiroshima.mylftv.com
www.eric-averyanov.wha.la
www.eu.acmetoy.com
www.eu.wha.la
www.express.lflinkup.com
www.extraordinary.dynamic-dns.net
www.f068v.site
www.facefile.fartit.com
www.feed.jungleheart.com
www.fertile.authorizeddns.net
www.file.zzux.com
www.findme.epac.to
www.fire.mrface.com
www.firstnews.jkub.com
www.fjs.wikaba.com
www.foal.wchildress.com
www.fr.wikaba.com
www.freegamecenter.onedumb.com
www.fruit.qhigh.com
www.fuck.ikwb.com
www.fuckmm.dns-dns.com
www.fukuoka.cloud-maste.com
www.g3ypf.online
www.garlic.dyndns.pro
www.generat.almostmy.com
www.glicense.shenajou.com
www.goldtoyota.com
www.goodmusic.justdied.com
www.gooesdataios.instanthq.com
www.googlegemail.com
www.grammar.jkub.com
www.helpus.ddns.info
www.hii.qhigh.com
www.hinetonlinedns.dns05.com
www.hkdm688.com
www.home.trickip.org
www.incloud-go.com
www.innocent-isayev.sexidude.com
www.interpreter.shenajou.com
www.invoices.sexxxy.biz
www.iphone.vizvaz.com
www.ipv4.microsoftupdate.mrbasic.com
www.ipv4.windowsupdate.3-a.net
www.ipv4.windowsupdate.esmtp.biz
www.ipv4.windowsupdate.fartit.com
www.ipv4.windowsupdate.lflink.com
www.ipv4.windowsupdate.mrface.com
www.ipv4.windowsupdate.mylftv.com
www.ipv4.windowsupdate.nsatcdns.com
www.itlans.isasecret.com
www.itunesdownload.jkub.com
www.itunesdownload.vizvaz.com
www.itunesdownload.wikaba.com
www.itunesimages.itemdb.com
www.itunesimages.itsaol.com
www.itunesimages.qpoe.com
www.itunesmirror.fartit.com
www.itunesmirror.itsaol.com
www.itunesmusic.ikwb.com
www.itunesmusic.jetos.com
www.itunesmusic.jkub.com
www.itunesmusic.zzux.com
www.itunesupdate.itsaol.com
www.itunesupdates.organiccrap.com
www.jadl-or.com
www.japanenvnews.qpoe.com
www.japanteam.org
www.jd978.com
www.jimin.jimindaddy.com
www.jimin.mymom.info
www.jp.serveuser.com
www.jpnappstore.ourhobby.com
www.jpnewslogs.sendsmtp.com
www.jpnxzshopdata.authorizeddns.org
www.kawasaki.cloud-maste.com
www.kawasaki.unhamj.com
www.key.zzux.com
www.kimozone.com
www.knowledge.sellclassics.com
www.lan.dynssl.com
www.last.p6p6.net
www.latestnews.epac.to
www.latestnews.organiccrap.com
www.leedong.longmusic.com
www.leeks.mrbonus.com
www.leimeng.com.tw
www.liberty.acmetoy.com
www.license.shenajou.com
www.lion.wchildress.com
www.loveddos.com
www.macfee.mrface.com
www.macforlinux.net
www.maffc.mrface.com
www.malware.dsmtp.com
www.manager.jetos.com
www.markabcinfo.dynamicdns.me.uk
www.mason.vizvaz.com
www.mcafeea.cf
www.mediapath.organiccrap.com
www.meiji-ac-jp.com
www.messagea.emailfound.info
www.micoosofts.com
www.microsoft.got-game.org
www.microsoft.mrface.com
www.microsoftempowering.sendsmtp.com
www.microsoftgame.mrface.com
www.microsoftgetstarted.sexidude.com
www.microsoftimages.organiccrap.com
www.microsoftmirror.mrbasic.com
www.microsoftmusic.itemdb.com
www.microsoftmusic.mrbasic.com
www.microsoftqckmanager.pcanywhere.net
www.microsoftstore.onmypc.net
www.microsoftupdate.mrbasic.com
www.microsoftupdate.qhigh.com
www.micrsoftware.dsmtp.com
www.mircsoft.compress.to
www.mmy.ddns.us
www.mobile.2waky.com
www.mod.jetos.com
www.mofa.dynamic-dns.net
www.mofa.ns01.info
www.moonnightthse.zyns.com
www.moscowdic.trickip.org
www.moscowstdsupdate.toythieves.com
www.mseupdate.ourhobby.com
www.msg.ezua.com
www.msn.incloud-go.com
www.musicfile.ikwb.com
www.musicjj.zzux.com
www.musicsecph.squirly.info
www.mymusicbox.lflinkup.org
www.mymusicbox.vizvaz.com
www.myrestroomimage.isasecret.com
www.mytwhomeinst.sendsmtp.com
www.myurinikoreaaps.ninth.biz
www.n-fit-sub.com
www.na.americanunfinished.com
www.na.onmypc.org
www.networkjpnzee.mynetav.org
www.newcityoforward.rebatesrule.net
www.newdnssec-info.4mydomain.com
www.newsdata.jkub.com
www.newsfile.toythieves.com
www.newsroom.cleansite.info
www.nlddnsinfo.https443.org
www.nmrx.mrbonus.com
www.no.authorizeddns.org
www.nposnewsinfo.qhigh.com
www.nsa.mefound.com
www.nt.mynumber.org
www.nttdata.otzo.com
www.nuisance.serveusers.com
www.nz.compress.to
www.ol.almostmy.com
www.oldbmwy.com
www.onion.jkub.com
www.onlinednsserver.sendsmtp.com
www.oracleupdate.dns04.com
www.oyster.jkub.com
www.p6p6.net
www.packetsdsquery.dns05.com
www.paramerat.com
www.pepper.sexxxy.biz
www.phptecinfohelp.itemdb.com
www.pickled.myddns.com
www.polopurple.com
www.portal.mrface.com
www.portal.sendsmtp.com
www.portalser.dynamic-dns.net
www.praskovya-matveyeva.mefound.com
www.praskovya-ulyanova.dumb1.com
www.products.almostmy.com
www.products.cleansite.us
www.products.serveuser.com
www.purchase.lflinkup.org
www.rainbow.mypop3.org
www.re26.com
www.read.xxuz.com
www.recent.dns-stuff.com
www.recent.fartit.com
www.redflower.isasecret.com
www.referred.gr8domain.biz
www.referred.yourtrap.com
www.register.ourhobby.com
www.registration2.instanthq.com
www.registrations.4pu.com
www.registrations.organiccrap.com
www.remeberdata.iownyour.org
www.reserveds.onedumb.com
www.rethem.almostmy.com
www.rg197.win
www.sakai.unhamj.com
www.sakuranorei.com
www.sapporo.cloud-maste.com
www.sauerkraut.sellclassics.com
www.saverd.re26.com
www.sbuudd.webssl9.info
www.sdmsg.onmypc.org
www.se.toythieves.com
www.secertnews.mrbasic.com
www.secnetshit.com
www.secserverupdate.toh.info
www.senseye.ikwb.com
www.senseye.mrbonus.com
www.septdlluckysystem.jungleheart.com
www.seraphim-yurieva.justdied.com
www.serv.justdied.com
www.server1.proxydns.com
www.seyesb.acmetoy.com
www.showy.almostmy.com
www.shugiin.jkub.com
www.sindeali.com
www.singed.otzo.com
www.sojourner.mypicture.info
www.sstday.jkub.com
www.support1.mrface.com
www.supportus.mefound.com
www.svc.dynssl.com
www.sweetheart.sexxxy.biz
www.synssl.dnset.com
www.tamraj.fartit.com
www.telegraph.mefound.com
www.tendonsof.com
www.tfa.longmusic.com
www.thunder.wikaba.com
www.ticket.instanthq.com
www.ticket.serveuser.com
www.tisupdateinfo.faqserv.com
www.tokyofile.2waky.com
www.transfer.mrbasic.com
www.twgovernmentinfo.acmetoy.com
www.twmusic.proxydns.com
www.twsslpopservupro.dynssl.com
www.twx.mynumber.org
www.unhamj.com
www.usa.itsaol.com
www.usa.japanteam.org
www.usffunicef.com
www.ut-portal-u-tokyo-ac-jp.tyoto-go-jp.com
www.v4.windowsupdate.mrface.com
www.v4.windowsupdate.nsatcdns.com
www.visualstudio.authorizeddns.net
www.vmmini.com
www.wchildress.com
www.webdirectnews.dynamicdns.biz
www.webmailentry.jetos.com
www.websqlnewsmanager.ninth.biz
www.well.mrbasic.com
www.windowsimages.qhigh.com
www.windowsupdate.acmetoy.com
www.windowsupdate.authorizeddns.net
www.windowsupdate.authorizeddns.org
www.windowsupdate.dnset.com
www.windowsupdate.ezua.com
www.windowsupdate.fartit.com
www.windowsupdate.gettrials.com
www.windowsupdate.instanthq.com
www.windowsupdate.itsaol.com
www.windowsupdate.jungleheart.com
www.windowsupdate.lflink.com
www.windowsupdate.mrface.com
www.windowsupdate.mylftv.com
www.windowsupdate.nsatcdns.com
www.windowsupdate.organiccrap.com
www.windowsupdate.rebatesrule.net
www.windowsupdate.sellclassics.com
www.windowsupdate.serveusers.com
www.windowsupdate.x24hr.com
www.wordpress.zzux.com
www.yacooll.com
www.yahoo.incloud-go.com
www.yahooip.net
www.yahooprotect.com
www.yahooprotect.net
www.yandexr.sellclassics.com
www.yeahyeahyeahs.3322.org
www.yokohamajpinstaz.mrbonus.com
www.zaigawebinfo.rebatesrule.net
www.zebra.incloud-go.com
www2.qpoe.com
www2.zyns.com
www2.zzux.com
x7.usyahooapis.com
xc.chromeenter.com
xi.dyndns.pro
xi.sexxxy.biz
xread10821.9966.org
xt.dnset.com
xyrn998754.2288.org
yahoo.incloud-go.com
yallago.cu.cc
yandexr.sellclassics.com
yeahyeahyeahs.3322.org
yeap1.jumpingcrab.com
yfrfyhf.youdontcare.com
yo.acmetoy.com
yugoogless.3322.org
yunwu1.xicp.net
yz.chromeenter.com
za.myftp.info
zabbix.servercontrols.pw
zaigawebinfo.rebatesrule.net
zebra.bdoncloud.com
zebra.incloud-go.com
zebra.unhamj.com
zebra.usffunicef.com
zebra.wthelpdesk.com
zero.pcanywhere.net
zg.ns02.biz
zone.demoones.com

# Turla Kazuar C2s https://www.epicturla.com/blog/sysinturla
echange-afrique-insa.fr
afci-newsoft.fr

# Lazarus Campaign targeting Security Researchers https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/
angeldonationblog.com
codevexillium.org
investbooking.de
krakenfolio.com
opsonew3org.sg
transferwiser.io
transplugin.io

# NOBELIUM C2s https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/
74d6b7b2.app.giftbox4u.com
aimsecurity.net
cdn.theyardservice.com
cdnappservice.firebaseio.com
cityloss.com
content.pcmsar.net
cross-checking.com
dailydews.com
dataplane.theyardservice.com
doggroomingnews.com
email.theyardservice.com
emergencystreet.com
enpport.com
eventbrite-com-default-rtdb.firebaseio.com
financialmarket.org
giftbox4u.com
hanproud.com
holescontracting.com
humanitarian-forum-default-rtdb.firebaseio.com
newsplacec.com
newstepsco.com
pcmsar.net
security-updater-default-rtdb.firebaseio.com
smtp2.theyardservice.com
static.theyardservice.com
stockmarketon.com
stsnews.com
supportcdn-default-rtdb.firebaseio.com
tacomanewspaper.com
techiefly.com
theadminforum.com
theyardservice.com
trendignews.com
usaid.theyardservice.com
worldhomeoutlet.com
139.99.167.177
185.158.250.239
195.206.181.169
37.120.247.135
45.135.167.27
51.254.241.158
51.38.85.225

# Monero Mining Pools 
pool.minexmr.com
fr.minexmr.com
de.minexmr.com
sg.minexmr.com
ca.minexmr.com
us-west.minexmr.com
pool.supportxmr.com
mine.c3pool.com
xmr-eu1.nanopool.org
xmr-eu2.nanopool.org
xmr-us-east1.nanopool.org
xmr-us-west1.nanopool.org
xmr-asia1.nanopool.org
xmr-jp1.nanopool.org
xmr-au1.nanopool.org
xmr.2miners.com
xmr.hashcity.org
xmr.f2pool.com
xmrpool.eu
pool.hashvault.pro


# NOBELIUM IOCs https://raw.githubusercontent.com/microsoft/mstic/master/Indicators/May21-NOBELIUM/May21NOBELIUMIoCs.csv
74d6b7b2.app.giftbox4u.com
aimsecurity.net
cdn.theyardservice.com
cdnappservice.firebaseio.com
cityloss.com
content.pcmsar.net
cross-checking.com
dailydews.com
dataplane.theyardservice.com
doggroomingnews.com
email.theyardservice.com
emergencystreet.com
enpport.com
eventbrite-com-default-rtdb.firebaseio.com
financialmarket.org
giftbox4u.com
hanproud.com
holescontracting.com
humanitarian-forum-default-rtdb.firebaseio.com
newsplacec.com
newstepsco.com
pcmsar.net
security-updater-default-rtdb.firebaseio.com
smtp2.theyardservice.com
static.theyardservice.com
stockmarketon.com
stsnews.com
supportcdn-default-rtdb.firebaseio.com
tacomanewspaper.com
techiefly.com
theadminforum.com
theyardservice.com
trendignews.com
usaid.theyardservice.com
worldhomeoutlet.com
139.99.167.177
185.158.250.239
195.206.181.169
37.120.247.135
45.135.167.27
51.254.241.158
51.38.85.225

# NOBELIUM IOCS - https://www.mandiant.com/resources/russian-targeting-gov-business
91.234.254.144
23.106.123.15
nordicmademedia.com
stonecrestnews.com

# NOBELIUM IOCS - https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-011/
139.99.167.177
185.158.250.239
185.243.215.198
188.68.250.182
190.183.61.30
192.99.221.77
194.135.81.18
195.206.181.169
31.42.177.114
37.120.247.135
37.59.225.51
45.135.167.27
45.179.89.37
45.80.148.166
51.254.241.158
51.38.85.225
51.89.50.153
54.38.137.218
79.143.87.166
81.17.30.46
83.171.237.173
91.234.254.144
alifemap.com
businesssalaries.com
cbdnewsandreviews.net
celebsinformation.com
cityloss.com
dailydews.com
doggroomingnews.com
enpport.com
giftbox4u.com
hanproud.com
ideasofbusiness.com
myexpertforum.com
newminigolf.com
newstepsco.com
rchosts.com
stockmarketon.com
stonecrestnews.com
tacomanewspaper.com
teachingdrive.com
theyardservice.com
trendignews.com
worldhomeoutlet.com

# MoonBounce APT https://securelist.com/moonbounce-the-dark-side-of-uefi-firmware/105468/
mb.glbaitech.com
ns.glbaitech.com
dev.kinopoisksu.com
st.kinopoisksu.com
188.166.61.146
172.107.231.236
193.29.57.161
136.244.100.127
217.69.10.104
92.38.178.246
m.necemarket.com
172.105.94.67
holdmem.dbhubspi.com
5.188.93.132
5.189.222.33
5.183.103.122
5.188.108.228
45.128.132.6
92.223.105.246
5.183.101.21
5.183.101.114
45.128.135.15
5.188.108.22
70.34.201.16

# Turla related IOCs https://twitter.com/ClearskySec/status/1484211260287815684?s=20
77.104.135.97
37.140.192.87
217.174.238.14
microtech.az
azecofarm.az
online.tm

# Hive Ransomware IOCs CISA Alert AA22-321A https://www.cisa.gov/uscert/ncas/alerts/aa22-321a
asq.r77vh0.pw
asq.d6shiiwz.pw
asq.swhw71un.pw
asd.s7610rir.pw

# ChamelGang C2 IOCs https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/new-apt-group-chamelgang/
softupdate-online.top
internet.softupdate-online.top
update.softupdate-online.top
download.softupdate-online.top
online.softupdate-online.top
downloads.softupdate-online.top
mcafee-service.us.com
cn.mcafee-service.us.com
en.mcafee-service.us.com
www.mcafee-service.us.com
mcafee-upgrade.com
tw.mcafee-upgrade.com
www.mcafee-upgrade.com
ssl.mcafee-upgrade.com
test.mcafee-upgrade.com
us.mcafee-upgrade.com
microsoft-support.net
www.microsoft-support.net
os.microsoft-support.net
docs.microsoft-support.net
tstartel.org
app.tstartel.org
mail.tstartel.org
www.tstartel.org
webmail.tstartel.org
newtrendmicro.com
auth.newtrendmicro.com
upgrade.newtrendmicro.com
contents.newtrendmicro.com
content.newtrendmicro.com
www.newtrendmicro.com
market.newtrendmicro.com
centralgoogle.com
app.centralgoogle.com
derbox.centralgoogle.com
content.centralgoogle.com
collector.centralgoogle.com
ibmlotus.net
appupdate.ibmlotus.net
www.ibmlotus.net
mail.ibmlotus.net
helpdisk.ibmlotus.net
upgrade.ibmlotus.net
search.ibmlotus.net
microsofed.com
api.microsofed.com
cdn-chrome.com
login.cdn-chrome.com
funding-exchange.org
snn1.mhysl.org
snn2.mhysl.org
snn3.mhysl.org
static.mhysl.org
kaspernsky.com
update.kaspernsky.com

# 3CX Compromise IOCs https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/
akamaicontainer.com
akamaitechcloudservices.com
azuredeploystore.com
azureonlinecloud.com
azureonlinestorage.com
dunamistrd.com
glcloudservice.com
journalide.org
msedgepackageinfo.com
msedgeupdate.net
msstorageazure.com
msstorageboxes.com
officeaddons.com
officestoragebox.com
pbxcloudeservices.com
pbxphonenetwork.com
pbxsources.com
qwepoi123098.com
sbmsa.wiki
sourceslabs.com
visualstudiofactory.com
zacharryblogs.com
msboxonline.com

# UNC4736 / APT43 related C2 Domains https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise
curvefinances.com
pbxphonenetwork.com
journalide.org
nxmnv.site
msedgepackageinfo.com
apollo-crypto.org.shilaerc20.com

# Papercut exploitation ZDI-CAN-19226 (CVE-2023-27351) and ZDI-CAN-18987 (CVE-2023-27350) https://www.huntress.com/blog/critical-vulnerabilities-in-papercut-print-management-software
upd488.windowservicecemter.com
upd488.windowservicecemter.com
upd488.windowservicecemter.com
upd488.windowservicecemter.com
anydeskupdate.com
anydeskupdates.com
netviewremote.com
updateservicecenter.com
windowcsupdates.com
windowservicecentar.com
windowservicecenter.com
winserverupdates.com

# MOVEit exploitation C2 IOCs https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
198.27.75.110
209.222.103.170
84.234.96.104
138.197.152.201
209.97.137.33
148.113.152.144
89.39.105.108
5.252.23.116
5.252.25.88
198.12.76.214
dojustit.mooo.com

# Lockbit Citrixbleed IOCs https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-325a
193.201.9.224
62.233.50.25
185.229.191.41
81.19.135.219
185.229.191.41
adobe-us-updatefiles.digital
172.67.129.176
104.21.1.180
81.19.135.219
81.19.135.220
81.19.135.226
168.100.9.137
206.188.197.22
141.98.9.137

# Citrixbleed IOCs BWKG https://www.bwkg.de/daten-fakten/downloads/verschiedenes/file/news/indikatoren-zu-aktueller-warnmeldung-der-polizei-zu-bereits-ausgenutzten-sicherheitsluecken-von-produ/
45.129.137.233
185.17.40.178


# Last Line