## hosts-blocklists
## blocklists-eset

## https://www.welivesecurity.com
## https://github.com/eset/malware-ioc

# https://www.welivesecurity.com/2022/04/27/lookback-ta410-umbrella-cyberespionage-ttps-activity/
# https://github.com/eset/malware-ioc/tree/master/ta410
cahe.microsofts.com
dlaxpcmghd.com
dlmum.com
ffca.caibi379.com
smtp.nsfwgo.com

# https://github.com/eset/malware-ioc/tree/master/kimsuky/hotdoge_donutcat_case
31e27735-43a4-4a42-ba59-0b3cbe6efb21.usrfiles.com
525ea21c-e821-4bb7-a7e9-24cb6c8a891a.usrfiles.com
ausq.inaver.org
hsjj.inaver.org
wix.navercloud.me
wnqd.navercloud.org
ybnm.navercloud.org

# https://www.welivesecurity.com/2021/11/16/strategic-web-compromises-middle-east-pinch-candiru/
# https://github.com/eset/malware-ioc/tree/master/swc-candiru
addthis.events
almasirahnews.com
bit-ly.site
bitly.bz
bitly.tel
bitly.tw
bitly.zone
bootstrapcdn.net
casi.gov.sy
clickcease.app
code-afsanalytics.com
customs.gov.ye
cuturl.app
cuturl.space
doubleclick.ac
engagebaay.app
engagebay.app
fonts-gstatic.net
hotjar.net
instagrarn.co
livesesion.bid
livesession.bid
llink.link
manartv.com.lb
medica-tradefair.co
mmy.ye
moatads.co
moe.gov.sy
mof.gov.ye
piwiks.com
rebrandly.site
saba.ye
scs-net.org
sherathis.com
shortlinkcut.link
site-improve.net
sitei-mprove.net
smc.gov.ye
static-doubleclick.net
thesaudireality.com
tinyurl.bz
tinyurl.ist
tinyurl.one
tinyurl.photos
tinyurl.plus
url-tiny.co
useproof.cc
visitortrack.net
webfex.bz
webffx.bz
webfx.bz
yektenet.com
yemen.net.ye
yemenparliament.gov.ye
yemenvision.gov.ye

# https://www.welivesecurity.com/2021/10/07/fontonlake-previously-unknown-malware-family-targeting-linux/
# https://www.welivesecurity.com/wp-content/uploads/2021/10/eset_fontonlake.pdf
ekubhtlgnjndrmjbsqitdvvewcgzpacy.name
esnoptdkkiirzewlpgmccbwuynvxjumf.name
etzndtcvqvyxajpcgwkzsoweaubilflh.com
hkxpqdtgsucylodaejmzmtnkpfvojabe.com
hm2.yrnykx.com
nfcomizsdseqiomzqrxwvtprxbljkpgd.name
pdjwebrfgdyzljmwtxcoyomapxtzchvn.com
ruciplbrxwjscyhtapvlfskoqqgnxevw.name
wcmbqxzeuopnvyfmhkstaretfciywdrl.name
yhgrffndvzbtoilmundkmvbaxrjtqsew.com
ywbgrcrupasdiqxknwgceatlnbvmezti.com

# https://www.welivesecurity.com/2021/10/05/uefi-threats-moving-esp-introducing-especter-bootkit/
# https://github.com/eset/malware-ioc/tree/master/especter
crystalnba.com
server.microsoftassistant.com
swj02.gicp.net
yspark.justdied.com

# https://www.welivesecurity.com/2021/09/30/eset-threat-report-t22021/
# https://github.com/eset/malware-ioc/tree/master/quarterly_reports/2021_T2
library-update.com
online-affiliate-mon.com
online-source-validate.com
service-deamon.com

# https://www.welivesecurity.com/2021/09/23/famoussparrow-suspicious-hotel-guest/
# https://github.com/eset/malware-ioc/tree/master/famoussparrow
credits.offices-analytics.com

# https://www.welivesecurity.com/2021/09/17/numando-latam-banking-trojan/
# https://github.com/eset/malware-ioc/tree/master/numando
enjoyds.s3.us-east-2.amazonaws.com
lksluthe.s3.us-east-2.amazonaws.com
procjdcals.s3.us-east-2.amazonaws.com
rmber.s3.ap-southeast-2.amazonaws.com
sucessmaker.s3.us-east-2.amazonaws.com
trbnjust.s3.us-east-2.amazonaws.com
webstrage.s3.us-east-2.amazonaws.com

# https://www.welivesecurity.com/2021/09/07/bladehawk-android-espionage-kurdish/
a.top4top.io
apkup.xyz
b.top4top.io
d.top4top.io
f.top4top.io
j.top4top.io
k.top4top.io
l.top4top.io
up4net.com

# https://www.welivesecurity.com/2021/08/24/sidewalk-may-be-as-dangerous-as-crosswalk/
# https://github.com/eset/malware-ioc/tree/master/sparklinggoblin
cdn.cloudfiare.workers.dev
update.facebookint.workers.dev

# https://www.welivesecurity.com/2021/08/11/iiserpent-malware-driven-seo-fraud-service/
# https://github.com/eset/malware-ioc/tree/master/badiis
allsoulu.com
bj2.wzrpx.com
bj.whtjz.com
center.g666.org
cs.whtjz.com
df.e652.com
dfcp.yyphw.com
ee.allsoulu.com
es.csdsx.com
g666.org
hz.wzrpx.com
id.3323sf.com
m.goudie.in
m.pz8.in
now.asmkpo.com
pz9.in
qp.008php.com
qp.nmnsw.com
sb.qrfy.net
sc.300bt.com
sc.wzrpx.com
sf2223.com
speed.wlaspsd.com
sx.cmdxb.com
sz.ycfhx.com
tz.allsoulu.com
xinxx.allsoulu.com
xpq.0660sf.com
xsc.b1174.com
zz.allsoulu.com

# https://www.welivesecurity.com/2021/07/20/url-shortener-services-android-malware-banking-sms-trojans/
eaconhop.online
emanalyst.biz
fceptthis.biz
fjobiwouldli.biz
honeiwillre.biz
mmunitedaw.info
offeranda.biz
oftongueid.online
omeoneha.online
ommunite.top
ransociatelyf.info
rycovernmen.club
schemics.club
sityinition.top
ssedonthep.biz

# https://www.welivesecurity.com/2021/07/07/bandidos-at-large-spying-campaign-latin-america/
# https://github.com/eset/malware-ioc/tree/master/bandook
blueberry2017.com
d1.ngobmc.com
d1.p2020.club
d2.ngobmc.com
d2.p2020.club
dbclave.info
dianaojeil.hopto.org
hellofromtheotherside.club
j2.premiumdns.top
j3.newoneok.top
jhonny1.hopto.org
ladvsa.club
laraasaker.hopto.org
mayataboush.hopto.org
medialog.top
nahlabahla.hopto.org
nathashadarin.hopto.org
orange2017.com
p2020.xyz
panel.newoneok.top
pronews.icu
r2.panjo.club
s1.fikofiko.top
s1.megawoc.com
s2.fikofiko.top
s2.megawoc.com
s3.fikofiko.top
s3.megawoc.com
vdsm.xyz
watermelon2017.com

# https://www.welivesecurity.com/2021/06/10/backdoordiplomacy-upgrading-quarian-turian/
bill.microsoftbuys.com
buffetfactory.oicp.io
dnsupdate.dns2.us
dynsystem.imbbs.in
freedns02.dns2.us
icta.worldmessg.com
infoafrica.top
intelupdate.dns1.us
officeupdate.ns01.us
officeupdates.cleansite.us
pmdskm.top
systeminfo.cleansite.info
systeminfo.myftp.name
systeminfo.oicp.net
szsz.pmdskm.top
updateip.onmypc.net
web.vpnkerio.com
winupdate.ns02.us

# https://www.welivesecurity.com/2021/06/09/gelsemium-when-threat-actors-go-gardening/
# https://github.com/eset/malware-ioc/tree/master/gelsemium
4vw37z.cn
acro.ns1.name
domain.dns04.com
info.96html.com
microsoftservice.dns1.us
pctftp.otzo.com
sitesafecdn.dynamic-dns.net
sitesafecdn.hopto.org
travel.dns04.com
traveltime.hopto.org

# https://www.welivesecurity.com/2021/04/06/janeleiro-time-traveler-new-old-banking-trojan-brazil/
# https://github.com/eset/malware-ioc/tree/master/janeleiro
acessoriapremierfantasiafaturas.eastus.cloudapp.azure.com
arquivosemitidoscomsucesso.eastus.cloudapp.azure.com
checa-env.cf3tefmhmr.eu-north-1.elasticbeanstalk.com
comunicador.duckdns.org
dinamicoscontratosvencidos.brazilsouth.cloudapp.azure.com
eletronicadanfe.brazilsouth.cloudapp.azure.com
emissaocomprovanteatrasado.eastus.cloudapp.azure.com
emitidasfaturasfevereiro.brazilsouth.cloudapp.azure.com
fatura-digital-arquiv-lo.brazilsouth.cloudapp.azure.com
nota-eletronica-servicos.brazilsouth.cloudapp.azure.com
portalrotulosfechamento.eastus.cloudapp.azure.com
protocolo-faturamento-servico.brazilsouth.cloudapp.azure.com
recuperaglobaldanfeonline.eastus.cloudapp.azure.com
servicosemitidosglobalnfe.southcentralus.cloudapp.azure.com
slkvemnemim.us-east-1.elasticbeanstalk.com
tasoofile.us-east-1.elasticbeanstalk.com