## hosts-blocklists
## domains-ips-hashes

## blocklists-cyble
## https://blog.cyble.com/


# https://cyble.com/blog/brokewell-a-new-android-banking-trojan-targeting-users-in-germany/

fsb.operationvenetic.ru
makingitorut.com
mi6.operationanonrecoil.ru

91.92.247.182

0360fb17d1e7a9d9bf3197508323c156
4eb2573387c0c1bb248cbfb0f1f8936f
8932768daaa490e27c7049ba772c8713
a3dcd9c20ab80f0ebf20dc2f447e9388
de1ab49d5ce82fd4f250579cf16df28a

3d88ba457dc75e29381213a38ebcf0ebfa59a406
4a870447d1ade26822f4ad03e21b9fdc3b3a658e
8ae5196842dee3ba85dfc6a5e8d4e9aa40caa5e0
b9f55f4cb8ba6a4529ad955b4bdad36faf6b7476
f5e24d031edf0ec9c67d98c9294d5904dae34394  

00d35cf5af2431179b24002b3a4c7fb115380ebda496d78849bf3d10055d8a88
2ac038c44f1be53a1b652cafa4eba23af29831c7ebb75aaa00743b11c33665ea
5ebb9e5cfe091ee8e00aa67c50a4aff2da90ce9eb6aa2b703a6e0bb3364359ce
99f263fa87f13c7e6829dff73cc9c018d5f8165a5a7af3af8bc5ca6d52762ea9
d807070973bde0d85f260950dc764e46a0ba486f62da3e62f3b29ca3ea322f1

# https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

d54bae930b038950c2947f5397c13f84

e164bbaf848fa5d46fa42f62402a1c55330ef562 

1250ba6f25fd60077f698a2617c15f89d58c1867339bfd9ee8ab19ce9943304b

# https://cyble.com/blog/threat-actor-profile-transparenttribe/

5.189.145.248
103.2.232.82
153.92.220.59

# https://cyble.com/blog/critical-d-link-nas-vulnerability-under-active-exploitation/

8.134.81.86
14.116.254.172
14.225.53.162
35.229.184.234
39.98.218.14
47.94.155.169
51.79.19.53
80.94.92.60
91.215.85.61
112.111.0.102
114.67.183.11
115.220.2.96
116.62.192.107
116.198.40.76
120.79.250.151
120.196.56.220
121.41.56.249
171.244.23.11
182.253.115.123
183.56.199.229
186.251.21.234
202.79.171.107

# https://cyble.com/blog/fatalrats-new-prey-cryptocurrency-users-in-the-crosshairs/

1-8.qq-weixin.org
1-27.qq-weixin.org
1-31.qq-weixin.org
exodue.com

38.181.70.178

03e8610b95753eee43179b1ccc3fb72c8595a7d76e9b0290ea765f8e6372d4f9
0555ba582ffdb07a3e93a4d936d2d0d2bd506040f12e5b55e042e82d4bc169ad
1b6ab4d69332a041109c9a8b7bc1d12dd28566a0614363f7887d9044e4345a2e
8b0fde6e42ba17b0b475bb8dd54b8554cc6682d81b9e632f8890daa9ceefd48d
47835bbb98d4660ffa225000797e22c3cfd48ae43af8ccf0999a760b8c3a92ba
715138e6cb30bd18cc6afad6322e35f6f1a3d40ac135a1a9bc76cb884508c686
149271557eec7f5b17cd046d1f9936dca1654be1edd7835f005fbba145d65b8c
a5ca7b8af70d6e483007c6c9c60b0a2002e150b0f479744989fdd58ad2fc62d3
b3c47e48facfb1d6e4f93b1e9b91c1a931f5e491c5ab4aa0fc5c10ed077674b4
c03a524b4e0561141012a6dc17f09bc8d0bf772cf2c94731971a50d67dccb2f4
d56471adbfd095d1be1d4b8288d14283efbf6414912064a97423751a69c1427f
e1368e893c44b29acfe7e9e190bbe448deda18d1847ed697b01c17a373207053
efc27a42e520918f83b041f81975e8dbca9916d159dfc41380112c20b43bcd39
f80f8a725028bcc09639f7b1ff9439436d974f0bf92871048092eaec5d7458f0
fba1b353b063a068bd8a191ce699d335158028a6c94282a27f86b784cd4e94e5

# https://cyble.com/blog/elevating-the-stakes-the-enhanced-arsenal-of-the-fake-e-shop-campaign/

easyshop-global.com
ecart-global.com
everydaystore-global.com
goshop-global.com
jimmyserv.online
myshopping-global.com
mystore-global.com
onlineshop-global.com
shopbox-global.com
shopcenter-global.com
superbunapp.com
weshop-global.com
worldshopping-global.com

4d147c9e5fdb943d31f5458e2b9bc3fe
620e450b2ee36010939106e7a036d442

51c9f273670a0a454119e1bb772986b230fa0133
b83cb9b308d0423599d7bd815efb73a5992f419b

776f98f55e19b5b3f79124415796511703c96633505d6a1cae4614e9a1a70163
cc3ca9738777afa55bbf0aa340cb41a6f547c50e9a19b6ff0ab498243033104d

# https://cyble.com/blog/solana-drainers-source-code-saga-tracing-its-lineage-to-the-developers-of-ms-drainer/

dflow.life
wondera.app

05bc32a2589c3784970e71d549268e2d832cd51a61ecbdc912e9d527444e9b09
7bc6e936176a03e719d55d7597ed47fc72ce63eeca20470cad94a66f9f3b3ae7

# https://cyble.com/blog/warzonerat-returns-with-multi-stage-attack-post-fbi-seizure/

1287123hjdfsdyu8923748394234234234.duckdns.org
l34d3r.duckdns.org
textbin.net

31cb3c2da4ee918adfa97168db6b565a
6306dcae34a5eec8a6264e82c93e0f21
5940164749679a23816e355582de084c
ab948b1b43223abb9f8196a544949aea
b17c5823c4e6a91173c2d063f1d09dc5
bc1705db6ccc60784390e7ae66887148
dd94249831862f21373a8f17bed2e8bf
e74edf0e25243707b521025e35581273
eaf8f799d9b31afd8569f7e272249868

03f9287ac8b560df6f88ab047042ee421ac6aa3c
6ff6a0ed3412f944b2a74479993b7e5dc56773d9
47d2e84d8cbe09a83e29ad52da9cc88b77766664
61037e709b30fab28f52de0d6489f3f3433c7146
aa25a3d22e94063ddb749376ac87b8ab5fcd93b4
ab2e86e25dcf119ad390e93e65230549add93c30
ccf35f0a944ca5e80caa4e2f56065aa3e089638f
dceb0090befd7cd7edaee548cf042e85da2ce69e
f803c161ff438054eb513e43237fa1b2901b7757

0176aa357685dee1cd9f32e77d2b3c4d89dc9983d41fcd27df455d2045777d6c
3d7c57fd5e035b159d4f1460989924756a725db772787cf8ad67d543c510fe54
39e67f25b0fa660db0541bf37e315fb4def772bd3b6d67991b64a5a85914477d
55d1b2bf357d28efba4e5b130624c9de4a2afd0b5868275e506887f95ca17c48
70e7b2dcae22dd61babfb82eb1691cbe2d3c699099a9ec5d14a510a14c235b36
74ad9efa572449669893947c6eca7696280def08da3413f9635ab5b1ee91adf4
2971e7072c7dfb85a344902662efb86f785a2d728104124bf4abef5d44be9e72
b57ee4991cd5316fe47a382db879dc0ae784c2f974f395939987ae174c1a48a7
b87676d267712ec64e015c7a1aa689cd951a581841db4208a758aa1c0b16b68f
 	
# https://cyble.com/blog/cgsi-probes-shadowsyndicate-groups-possible-exploitation-of-aiohttp-vulnerability-cve-2024-23334/

81.19.136.251
103.151.172.28
143.244.188.172
157.230.143.100
170.64.174.95

# https://cyble.com/blog/xehook-stealer-evolution-of-cinoshis-project-targeting-over-100-cryptocurrencies-and-2fa-extensions/

nc1337.online
trecube.com

45.15.156.174

a3882ac90190c7ccbea744dde58f0a107b67e3eea0024b12d18e72faf9a55b1c
daea71a3094e0c90554a77e95b0b354d1515f99e70fa5013f09302a5bb04dde0
fa7f5300459c71d70f1f7b0d0c96aa245fad2a98d55d39a53455d2a7191d8cc9

# https://cyble.com/blog/the-spreading-wave-of-pig-butchering-scams-in-india/

app.panth-ss.vip
app.yongljt.com
giottusmh.com
giottusmk.com
inueyd.com

34.131.1.213 

a522af373e24042e4b1995a186cfed6a
e1b935f23c49ac0b1176c3b650e5bc12
ecce84056298bc3bcc8c17d6ed12a29b

53c40428b48050ecd851f58b020629f58b6bd18f
2288add2292e026cb32933943d2c9f105e57ed8d
87196e5cda572d63c43d52df200e823a9811e33a

0a2fffb84d58dbf3cb2a50fd15d3cda9b3998c85c0424e29bf0964cc6bbda920
52c36d2e1c5df64b96e017625fdd2d1c07e2a0b741c155735d09c068b23d54ad
faf7a001250ef1dbd2d6eaf8eabbd8d589c0960e871325808a7a1a76619c4b4f

# https://cyble.com/blog/jetbrains-teamcity-authentication-bypass-vulnerability-under-active-exploitation/

24.144.82.64
45.55.194.62
143.198.150.42
157.230.15.25
165.22.159.187
167.99.48.60
170.64.155.123
170.64.157.36
170.64.220.72
188.166.148.243
192.34.62.65

# https://cyble.com/blog/sapphirestealer-sneaks-in-deceptive-legal-documents-prey-on-russians/

govermentu.ru 

193.39.185.4 

5c025a9e86a125bf2f2ca5c1b29b42a6
55bb772aea4303ca373fd8940663b6bd

6b44ab6c246c077ee0e6f51300654b3eec2fddc7
b396a8d5e30fb179f3139d28b843b57bb8ae3f47

850a99d2039dadb0c15442b40c90aa4dac16319114455ab5904aa51e062fe6e1
c816d0be8d180573d14d230b438a22d7dda6368b1ef1733754eda9804f295a2f 

# https://cyble.com/blog/ongoing-phishing-campaign-targets-healthcare-and-cryptocurrency-users-via-screenconnect/

addonswallet.lat
claimbloacks.xyz
cloudmine.online
instance-anbr85-relay.screenconnect.com
instance-b5lwpw-relay.screenconnect.com
instance-oisw57-relay.screenconnect.com
minerclouds.xyz
rollecoin.online
sgacor.kenparkmdpllc.com

03b9ee39f5316efe71b0c915374da7d3d4b393ed402d4fe6b57cbc38ac60783b 	 	
e594dc53d2bf4518632e9ca4308a11a0b10409f035554255bbdc7e3f577fe585 	 	
afd0c82318a32f3a82bbc8320e03e33ee84e3fb3c8a64b3fe06a48fc37682dae 

# https://cyble.com/blog/asukastealer-a-revamped-version-of-the-observerstealer-advertised-as-malware-as-a-service/

freemsk.org
simplyavailable.com

5.42.66.25

2d2b66d90495c1236f2e557172bf0f1c
2de37ffcae86c673de3cd2ee5e2ad3b1
7ce0bd101d349bc88b668e380093e1a9
9ce2a046a0698212c2963f2df91ff2e1
75c79796fa147bf3f4d569b544ee0547
371e14f7e146ff22cb9ebe2f78cbfb7f
1494c8bc32576cb008c33d6f0fd1e842
20017810fba85ef8ac6e4230d0e67a07
e9dda8ccde5385e8d0a7f0bdc361e51d

09f2187f0228eed3df41c76c69d94da789c0f2f1
2fde663b31a46e83f3034464674ad3f3a85f6972
4b3cdfbeaa9f8dc3554a0f9a54fc0d16334a46ed
5c6a4cd4b9271410cc45ccda00a2531631f35136
45fc72df60f39ebe77d4012f34a10e73eb2fd485
69a2d82f13246761e6d5159efb78b8fa91856380
863734caf0cb94dce610fe49eeebe438a7096dfb
a06d203ae9cbe26a3c2e389f1c361ac49ef54c08
d7b6530a4c7d685e9ee6765231bab14fecdadeba
fc33fe3deb280d9ed94e3add58134660433bdb18

00cc1ef3d307750d5cdbe537da606101e90091b6020c71f696e454aee11c9a98
5b2b8a4d5b8375a3ac2ce68b93cdbfdc8fd13d1cf4ea1a6a61bd784aa495dbfb
5f2016f22935cea6fa5eafe1e185d6a9b4c14c4b2aa8619ec15a539358cac928
6b0e95d68da6d029a4af645a408c0608218e853f11c8ba70a14b06ec2a005424
9ac629ed8e07b6c99b05edd46b86e1795e5f96908ab1fe85a06282b0a982cd1b
24bb4fc117aa57fd170e878263973a392d094c94d3a5f651fad7528d5d73b58a
bb17d47f10fefcee4c883f93f2989e753b969298dd70262ae00696dd482dc9b4
c534f184b8ea3887161ec2b364de15e61ee9a4053f8902450383d3f4165fc818
dc723d302340d27529b8c3c880b4cf53534a02e2a71a68f39eec30f239c2c988
e6430183aa7bbaffa89ffbef7bfac3aa54481e904556ab71ea20ccf55dfce53f
 
# https://cyble.com/blog/the-fate-of-the-criminalmw-group-endgame-or-a-new-rebranding-journey/
  
criminalmw.fun
droidweb.net
playstoreapp.fun
  
30b7d1c865335266979e96f8ddbfb708
30f1be8974e018e6b293fe5de9515bcc
46a32cb1cabc99875143ca236f88d40e
d76dfc06a900d16db6ece278c6bec872
db47978be15209894180454f993ffbe6
de866b01d1b965a8b6423ab7c2ff2885
e827f0fb88ba829edd5050bdcc7fd5b0
  
032f679714248bc5681bd409df0ec1465f5d0e9d
90c7e739e6f06204d59c9b2cff217d4140a457f3
78415a24fe1bb9aa16761798274b196eebdf66d6
98358b77e01e11d024c618d129701546f1af1c14
950117f9ce18402a7072afc5593c667420141339
b4ab19d073644fb2a5f8b6123bedcb4385647c3c
e65e16bddfb024ed866485e93d4a52eed61e744e
 
03ae540c1b1eb419bc3607deb9abd378d7ba8df41b407e10b307ffee0616e7c4
2c7a1ad11469abe84cb7e378d814b79a3339bfcf1ccc598ea651ec0ab24bb3e0
2c354c891d3f24695943c50f866b400dad4e6bc18d1cc5cf1580b368ce859f48
5dbea04fa976dfdc36d3303aa627e5be71ddc7bf114818a300d3f454d8315ce9
152b3cda192f092160c2f4eaa6d696d20f63cf27e3b479328d2f392891dce87a
450d0e64814abffc854f3f55a2faffbbf8a1c13c8b8b67ac03f4e2bc85ec0d23
592d9fc0234f437972da1cc1cd20cb20a478b2ad7d07d0ded902a15ca94f2ade

# https://cyble.com/blog/new-go-based-jkwerlo-ransomware-poses-a-risk-to-french-and-spanish-users/

3bc2635ed259d5e18e675eab17611cd0
5da1d8c56eed0b7f134dfdb5ad873e6b
5eee11d64200cd689906b808de19eb06
5f03b82eeba39f5f6f486197c88dc2d2
9bf11fbb68aa89243519f50756ebf8d6
999f7b696318b2bf72bb61c54f6e4b74
19088d2799ba035319fba3666a1f0dac
e64179dfe73967b537ba49bf73d43cda

7fcd026b89748654661079c75b49a965ddf00492
9e1491669e493d2823a06e79091aa7ce539ccc0e
66fcb387d4743771732d10f023ddd3f41eccbfba
92bb57e09c87eba40c2ca43b1e2777b001832dd4
94e8d73d1222c2671f63abe1954735fe4e326a3a
631d3938ef96fdc6fd5df3ac566fa2872e1759c0
6898da0f162f80e4fe0572b91959d2480e78a2f2
cf867d3499ad672784b9654badd631fc041447cf

04162089fa92236bc9382a002f0a55d43856d696f448daf74f612987b6bb743a
5e458aec892522e12c7bfd0839bc7a5e0bdff203599aa27738c1be42f22068b0
86bcaace6f419ae44ef3aae297221ea59424de07cb11039f5547fba668a3870a
831cfc6e0d289364d1b2c9875a85bf76a536611b7308f14c3391b5a22e99f8bd
93080b42b479c652eb1a20a4c87ecc9d5d43783e480436f0e8006deebbc7c12c
c50b9ce8a3e2ce4c39ba8f7b881312303ead9daccab538cc2ad7aed10931e6f6
e0082832f7c8310b59b0445034fa731e06c307a9d2091efa66c5bd23361cbaae
e760fc461f348c9e390a4ce19f736bb6875aed1360ea3d247f64ca973cccd6a3

# https://cyble.com/blog/doppelganger-dilemma-new-xphase-clippers-proliferation-via-deceptive-crypto-sites-and-cloned-youtube-videos/

coinsbot.space
cryptonotify.ru
lunoapp.space
metamaskapp.space
wazirxapp.space

31.31.198.206 

1a4e8c51f4673c52677707f42437a181572715719763ebd5e841e07bd78b6003
3bd57de116ae8a4f7dc69ac6fa73358e2063ea2b9c90fcb5886c3ccd35f5c524
6c8dc2c77bd5a4776348f7c63b81b3c9c1a521eda3099d19c3014db7a246bdde
8ba85e0f0b7edddb4c2facadfde7b25162481c24944fced9901f8a86c0df8d72
c69045a04115dabc6fe35ce6429f46f867eba680f3c863ff920daa9d1480e7a1
e6be2e040d1c7e3c745e3c53d85aa141b936a8269ca165daeb85dc49c06c07a
e116fa2900a6e0f1aa448be9dacd06ffa84f2adb48f03ad5c5b02fb1fb29f0b3
ef28d77d1719b65fffa8849b36e7f96ba239021b0a5eebf441af21cc7dabaa25

# https://cyble.com/blog/greenbean-latest-android-banking-trojan-leveraging-simple-realtime-server-srs-for-cc-communication/

antlercrypto.com
delown.s3.ap-east-1.amazonaws.com
hkccg.s3.ap-southeast-1.amazonaws.com

18.166.228.126

469b57ccab35a15cbdcdc68c0e0b1502
574e8c1327646f82d1e5663035e15391
b7d817e3f2e08877b0073df189fd2b42
bf22b7f3a2136314b330f66b82c46123

3f3e66485a4f02559f100e50002c654c68cb80b0
4dae0cb4fe371a2132e4550fb99aeaa0cbf0255a
5f92661116641f9fb210910c3f09fcf72eef90fe
3861237f6c60c563cc82388bf34bb56d5f691872

81255caecb159b0d39a2eda0421bae39394d5107e0bbd585dade9f9b0579967a
284845253395fc53a7a0af142535682515f579fe4dd28ebca453ab82490159c1
c6f966b7ba6cc5d98ca7a771ea87baa3393e559c54b00e527a1e7df2f3a6ed58
d221a8d19d112f34a097b4bdc825a1963f8180fa8b57855a232e9a15dc4f7153

# https://cyble.com/blog/exploitation-of-atlassian-confluence-rce-vulnerability-cve-2023-22527/

5.157.38.50
14.225.53.21
14.225.53.68
14.225.53.158
39.96.220.196
39.98.218.14
39.103.211.146
47.93.204.111
47.120.10.39
47.236.124.26
49.232.119.187
60.235.233.170
64.190.113.197
103.228.162.76
111.26.72.177
114.242.99.122
120.79.250.151
120.237.168.25
122.224.83.80
125.76.87.134
128.199.150.109
161.97.172.232
177.185.117.136
179.0.190.32
183.57.45.194
183.196.214.38
193.8.172.178
193.29.12.182
194.113.236.177
202.142.95.131
217.112.83.246
219.139.101.136
222.216.206.99
222.217.86.135

# https://cyble.com/blog/uncovering-atomic-stealer-amos-strikes-and-the-rise-of-dead-cookies-restoration/

arcbrowser.pro
cleanmymac.pro
parallelsdesktop.pro
pixelmator.pics

5.42.65.108

2bcf087a676ec992ef9652a87b4dbce1
ac1a958ea6449450fbfa5cb9a6bb197a
d4e2a4bace502bfc1b7449fee9c9ba28
e54ed20eee6bd88883adb71856e49595

0505a3b7683aaff50b9f4214e259b519bc27bc6c
27b6afc6f57850644f3ceffcb06406f5d699592e
34c66a2bb9e791dec6156f8bc7a41bf592cf47fd
a2db69f7015a25bc5776d1db9235c38b8246ecda

401c113bc24701e80468047974c19c3b7936e4d34a6625ce996c12d1639de3ba
705b899bcf83311187021a29369e5344bf4477579a3e7485055d1fe8e0efcbb3
3805cb7589da01a978e899fd4a051adec083c8543343ce637e448716cbbbcef1
59060a3cf38453225891c7c9871d867340f95d027c910ede1f14947dda983a19
f81f1dfc07e5b84cd158ed24ec60ac43a2d2427835d4d1a21b8f8622b7b706a6