## hosts-blocklists
## domains-ips-hashes

## blocklists-eset
## https://www.welivesecurity.com
## https://github.com/eset/malware-ioc


# https://www.welivesecurity.com/en/eset-research/exotic-visit-campaign-tracing-footprints-virtual-invaders/
# https://github.com/eset/malware-ioc/tree/master/virtual_invaders

3.tcp.ngrok.io
chitchat.ngrok.io
letchitchat.info
phpdownload.ngrok.io
wetalk.ngrok.io
zee.xylonn.com

0b92cc8983c11f70b03583b06c9b8bc2
0741ee71e3bc70f886f87f97a1b318de
3e6e301babf013e822b35824d5969fbe
4dd159ff4243d02dd43043860af9691f
5c8380938a0873db6881d0360fbaad4c
6e4f7120c5ca4821ab7c9b07638ff0b0
8ec65d0c4ae47a2a7107bffe21f94b2f
9a8c6c14bf6fe1aac7f71c49bd999a09
339e72f89490326fc2f8b4e875a639ba
1327adc8542aa962a6de2796ccfe84eb
68393416c094b2851c24661549c05f36
a8eaf787c006f8775f275bce1f6ef176
bfd34f23dd31f4e74bab71a0aa2172e1
d7c7c477738fa1dd723dc3161a765cd9
deba43a71712c3a501970e3fc5ab1ced
e1f1a9966523f673d13cd859c83f1ade
e5a3a1b379fa3d861aa5518e34c54e6a
e55980951ba288a70f5ae2266f895a76
ea19f32573cc0d6d254f71ae3d2b4ee4
eccb8868e7a2f57e7f07ed79b6b6c115

0D9F42CE346090F7957CA206E5DC5A393FB3513F
0d9f42ce346090f7957ca206e5dc5a393fb3513f
3F0D58A6BA8C0518C8DF1567ED9761DC9BDC6C77
3f0d58a6ba8c0518c8df1567ed9761dc9bdc6c77
4B8D6B33F3704BDA0E69368C18B7E218CB7970EE
4b8d6b33f3704bda0e69368c18b7e218cb7970ee
6B71D58F8247FFE71AC4EDFD363E79EE89EDDC21
6b71d58f8247ffe71ac4edfd363e79ee89eddc21
7C7896613EB6B54B9E9AAD5C19ACC7BF239134D4
7c7896613eb6b54b9e9aad5c19acc7bf239134d4
7D50486C150E9E4308D76A6BF81788766292AE55
7d50486c150e9e4308d76a6bf81788766292ae55
9A92224A0BEF9EFED0278B70300C8ACC4F7E0D8E
9a92224a0bef9efed0278b70300c8acc4f7e0d8e
17FCEE9A54AD174AF9713E39C187C91E31162A2F
17fcee9a54ad174af9713e39c187c91e31162a2f
50B896E999FA96B5AEBDA7FE8E28E116B1760ED5
50b896e999fa96b5aebda7fe8e28e116b1760ed5
706E4E701A9A2D42EF35C08975C79204A73121DC
706e4e701a9a2d42ef35c08975c79204a73121dc
991E820274AA02024D4531581EA7EC6A801C38FA
991e820274aa02024d4531581ea7ec6a801c38fa
7282AED684FB1706F026AA85461FB852891C8849
7282aed684fb1706f026aa85461fb852891c8849
89109BCC3EC5B8EC1DC9C4226338AECDBE4D8DA4
89109bcc3ec5b8ec1dc9c4226338aecdbe4d8da4
A7AB289B61353B6322272C4E7A4C19F49CB799D7
a7ab289b61353b6322272c4e7a4c19f49cb799d7
A17F77C0F98613BF349B038B9BC353082349C7AA
a17f77c0f98613bf349b038b9bc353082349c7aa
A92E3601328CD9AF3A697B5B09E7EF20EDC79F8E
a92e3601328cd9af3a697b5b09e7ef20edc79f8e
B58C18DB32B72E6C005494DE166C291761518E54
b58c18db32b72e6c005494de166c291761518e54
BB28CE23B3387DE43EFB08575650A23E32D861B6
bb28ce23b3387de43efb08575650a23e32d861b6
C9AE3CD4C3742CC3353AF353F96F5C9E8C663734
c9ae3cd4c3742cc3353af353f96f5c9e8c663734
FA6624F80BE92406A397B813828B9275C39BCF75
fa6624f80be92406a397b813828b9275c39bcf75

0da4f4ab01a1a53088d2cb063e198621dc1bf50f6642af37aa0329778233650c
06a253cddba6ac9686939527075e2235b7741ea6903349d86a1a33543af7fcfa
2bd35e28962b854ff213f6ee2f36d28ec367b114203c3c8b17b40946acd9b317
3ca65a5a16d66ec8a36f57fc9165abb8c3c1e0d711452eb12bf82142dcb5e404
3db0d587001285f306fbdd73d29ad62ee826a0c27585ebaaf1d993504fdacc5f
4f7eee2e2e2c64c786677a0aed5f39e8da8c62a2315b4ddf1c0c53c43b1a3e83
19d54faff4f2ac450e4578109dc1e85325edecee8532214154784eca6806f7bf
36bfcc34b706c0fb9b6d38e079a1cbf89d759095def7686aea403d79328c4e49
39a49e1d6dae0e85984a2599b141db386e44c74509646987d9ff31f3bc60af0f
47d6d9b52bfed7481c9db51712e4a81c6f773efa1d96ac2c0d71dc0f6f6ddd6a
52fc9ac07372ac3faf3cb6d65f0033712e90f0fe6a2ac04005af15c69e277185
81fda588a2a326ce29b2001d5a230de571ce447e4d6c36c7998cc9afc8d0437a
859c71b6d505dccf6f4f790539fcd14829749d18ef41fac46d9528a09598aab8
179901656b458bf84fa3ed2c7a77d3c2bbead4ab77d178cde0f3a3e6e43147f4
a01b61ad2187772c386a682711a15b7717bdc5b7f513c82228cf9b0568e5eabb
b2b5ee9304c935694d1ec1276e98ad1ef8f04ecf8df5d8a999059b720c441419
cc5a38e4514526e17d089423b754b8e421e1f4a3bc947c72d4bbe75871e63dc7
da2cf85100b27f0d063bcc495e850bb8d4ee831aa2fd2b92649f8119cdfe6b9e
f24e0d1adab53f144a5da3550f2a30d5bb98c45fe20e38b9938c8aa26fe7df53
fce91a190adcfdc4efb13f40869d20afc36935eb84fee169e8654045f99fde39

# https://www.welivesecurity.com/en/eset-research/rescoms-rides-waves-acecryptor-spam/
# https://github.com/eset/malware-ioc/tree/master/ace_cryptor

0a4479f7ab080e8504c4f00b29a67068
2a2e7fcb543a1bc5450a064443b859f9
6c90215b8a560ecb2f5f2430b1f2e016
6e48cac4d3c77d28baa0af812fcfa14d
7e1d6a44d1cf118a3752e17972a4d69c
8b9b33a5183fde571a18583844432eb3
9d5512a57dfdc484cb7ee15668ab6e22
10a08ec8fd17e9b73e62568d5ab8a9b3
26ba1146f36c3703f94ce7e5602cd3da
47bf6bfc52defe05b87d0e04e3d92c45
57b96ee6816786701cf48f14c4879246
59eec747286f1e89ce96fef39f9de3e5
132ecf2b880c66b69420a9bcee3e1837
634b1183d01be4d8ffb806a4827ed879
8741c48f70c18d6337558bbd676f5a0d
bae6af6c2c189ad4bf7d0262e4cec9c7
e1304008377fc7543623fa074332f9ea

7d99e7ad21b54f07e857fc06e54425cd17de3003
7db6780a1e09aec6146ed176bd6b9df27f85cfc1
7ed3efda8fc446182792339aa14bc7a83a272f85
9a6c731e96572399b236da9641be904d142f1556
57e4eb244f3450854e5b740b95d00d18a535d119
178c054c5370e0dc9df8250ca6efbcded995cf09
394cfa4150e7d47bbda1450bc487fc4b970edb35
3734bc2d9c321604fea11bf550491b5fda804f70
71076bd712c2e3bc8ca55b789031be222cfdeea7
667133feba54801b0881705ff287a24a874a400b
af021e767e68f6ce1d20b28aa1b36b6288afffa5
bb6a9fb0c5da4972efab14a629adba5f92a50eac
d2ff84892f3a4e4436bedc221102adbcac3e23dc
db87aa88f358d9517eeb69d6faee7078e603f23c
ef2106a0a40bb5c1a74a00b1d5a6716489667b4c
fad97ec6447a699179b0d2509360ffb3dd0b06bf
fb8f64d2fec152d2d135bbe9f6945066b540fde5

002cabcc5160af1fb3e23e8c2c89bda3c773bf6af3901fdf5673183409ef8117
1ad214c7a188b50c50c3d4ac61f585f4729485d63afa6bf329c4ec822dc5cddc
3c95313e7537e34a0d4768c454f8ae474c937b31180e32e89793245b51717289
3e47bc039536fdde102ffd0b6e2785a16e55dec8a28069d13f55f9c5f6ac789f
3eb3c9a05a7a46d96793bfeb8aa95dcac424ffed9d662d6cea60828c6839b894
3f5dd7545c99bcf08650604b817c63b67b3e0aeed7700f2911cfef4e02a543ae
4a58722029155feac5cceee06dbe869dfb495af9c41224c55eab78c4479facea
11c5cf012fdfe562bdc1b359253ad4eb8f47593ad92b39cdcd02bd5eddef8795
13ea04c99d351f5707e9c43cd9cba13edb16e4aa0698958f33009c0b0234dd4e
17be35730795242b3ccbb75a5f702ecfc55fca387c931f1b939bdf34c208b222
48f520de6420af5e67f24cb74847a6ad8a07ab5653834cd214c81e12c420f1f6
75ded6cea5018981129b651267a75e833e6eda35e0c06cf7c5b60b0b6045fb13
88e371504802325c9a958048d88c635b20db9a86c468b5591d7e5395433309c0
1653098ad824f3efb7afc6f54a34a563a2550acb0e3597b343b73cff5a41b925
a157203488d0977c265080060e584cd94691165f2db82572d192192ca022a198
b2e1aedbc5683962754b820671db8b6def5d886597b14af34aefeadd5cdbc90a
e51b22d7a34f2b2b6e7ede4b3c25a3ef0d302672d2b309c9305cfc2bfdbbee79

# https://www.welivesecurity.com/en/eset-research/evasive-panda-leverages-monlam-festival-target-tibetans/

tibetpost.net
monlamit.com
update.devicebug.com
	
1.145.30.0/24
1.169.65.0/24
14.98.12.0/24
14.202.220.0/24
27.60.20.0/24
36.230.119.0/24
36.237.104.0/24
36.237.128.0/24
36.237.189.0/24
36.238.185.0/24
42.78.14.0/24
43.247.41.0/24
45.113.1.0/24
45.120.162.0/24
45.248.28.0/24
49.36.185.0/24
49.36.224.0/24
59.89.161.0/24
59.89.176.0/24
59.89.177.0/24
61.216.48.0/24
103.195.253.0/24
103.198.173.0/24
103.198.174.0/24
103.210.33.0/24
103.212.145.0/24
103.214.118.0/24
103.248.94.0/24
106.64.121.0/24
106.196.24.0/24
106.196.25.0/24
114.43.219.0/24
114.44.214.0/24
114.45.2.0/24
117.207.48.0/24
117.207.51.0/24
117.207.57.0/24
117.239.1.0/24
117.255.44.0/24
117.255.45.0/24
118.163.73.0/24
118.167.21.0/24
122.100.113.0/24
122.161.240.0/24
122.161.241.0/24
122.161.243.0/24
122.162.147.0/24
123.243.114.0/24
124.171.71.0/24
125.209.157.0/24
128.61.64.0/24
162.158.48.0/24
162.158.191.0/24
162.158.227.0/24
162.158.235.0/24
169.149.224.0/24
169.149.226.0/24
169.149.227.0/24
169.149.229.0/24
169.149.231.0/24
172.68.39.0/24
172.69.87.0/24
172.70.191.0/24
172.70.219.0/24
172.70.237.0/24
172.71.198.0/24
175.181.134.0/24
182.64.251.0/24
185.93.229.0/24
188.208.141.204
193.119.100.0/24
216.66.111.0/24
220.129.70.0/24
223.188.237.0/24
223.189.252.0/24

0d533b3902f1e50b8429a3383419197a
0e5b7dd17bea6fbb04d9372caa84f6e9
3f3a560d8ee98df9c63ddf5c25c3aa38
4c504e0ef91fc66a6d6c4e3d6b10fa18
4e1f5425d498d5088842ce4b7fe47529
8bd980204d5b27aec0f128fb6ad730ce
9c9d6a30bd4addf6ce5386c19bb234f3
9f9bfcc54f6310a807029f304d8ae0b3
9f27e0798271b590a01463d4543df2ea
437c8066b76978ee963883e137eef57e
652c96dd649c26b07752a6322056252f
678df4d276bea90b62036d47a7166a69
766bbadfce62075ab12b7cc5bbbf103a
13546e9d36effa74f971d90687b60ea6
60346e35e66e904ebedc8e7d67f5813d
a8af56bc10d0d5a481fd05ac4256da89
ae5d92ef69074050a822f6669fe267b6
b14d66dec5ab42df524739a168689be0
b75c6f0c5863c00baef1b4dba7498a43
bb3f710885a178523b284a5e07c0f37f
d5cd5877cdeef31a0a1631057a14fa45
d7a70062736c8d34823cfb835cf5c34c
d93af224d9e9a5172bb9ba5104e24a45
eef23748ed175760f9c70871252a11f3
f29e438050cf287c2018d3f78d473ce3
f553ea019b79742eabcbacd387231623
fe387599de816d6c8d7588bd18189930

0a88c3b4709287f70ca2549a29353a804681ca78
1c7df9b0023fb97000b71c7917556036a48657c5
2a96338bacce3bb687bdc274daad120f32668cf4
3eee78ede82f6319d094787f45afd9bfb600e971
5e5274c7d931c1165aa592cdc3bfceb4649f1ff7
7a3fc280f79578414d71d70609fbdb49ec6ad648
7c3fd8ee5d660bbf43e423818c6a8c3231b03817
8a389afe1f85f83e340ca9dfc0005d904799d44c
52fe3fd399ed15077106bae9ea475052fc8b4acc
57fd698ccb5cb4f90c014efc6754599e5b0fbe54
59aa9be378371183ed419a0b24c019ccf3da97ec
65b03630e186d9b6adc663c313b44ca122ca2079
70b743e60f952a1238a469f529e89b0eb71b5ef7
82b99ad976429d0a6c545b64c520be4880e1e4b8
944b69b5e225c7712604efc289e153210124505c
970babe49945b98efada72b2314b25a008f75843
5273b45c5eabe64edbd0b79f5d1b31e2e8582324
5748e11c87aeab3c19d13db899d3e2008be928ad
8591a7ee00fb1bb7cc5b0417479681290a51996e
22532a8c8594cd8a3294e68ceb56accf37a613b3
a942099338c946fc196c62e87942217bf07fc5b3
c0575af04850eb1911b000bf56e8d5e9362a61e4
d60ee17418cc4202bb57909bec69a76bd318eeb4
e5214ab93b3a1fc3993ef2b4ad04dfcc5400d5e2
f0f8f60429e3316c463f397e8e29e1cb2d925fc2
fa78e89ab95a0b49bc0663f7ab33aaf1a924c560
fa44028115912c95b5efb43218f3c7237d5c349f

1bf43b48462ab6bf92989ba3b804df224c1d594fcecc99bc9f673f88c3698265
2c5e6ebbad199c28f1375841165bca0a310aa78ad11168bfdd53c13fff78733a
3e92f35c3818be05033b9f6716fe4fc30d5a68f6e412422ad7c68c85d4451ae4
9bbd602fb6e583832d309a293ae3a51bbaaab008655e18bf5082761c80bd8341
50abc37272a0579cd1636ba9db09feca76a06ff66fd84ead444c26fdb49d4a23
88b0ee7273a91d92c3570dbc67896e15b53ca118d2b45e49a3489605cc26bf24
88f29b4f7e23458da966553a637ef05a45869ec4df4fd3c19736ebb4449d19da
174a62201c7e2af67b7ad37bf7935f064a379f169cf257ca16e912a46ecc9841
539d0a317815953d0d0caaf2077251c4bb0107fd7af9dffc3dacef4428ff97b1
6248d68e6636d4769e66ec4be0b08e601b1a05c63bfa7457c508d7278c0d84a2
11714fb1750bac7a0e27137b8d912906501a8a82a516344ed9c0ea7f72be272a
19590e6e92dffaa21ccce3f4123f6f854361c699185d058ea929e7e441bddfe8
115036c379d083cde6f1ad89bd02a90cbc2ee046cb576b830c1dffb1cb0a7f1f
81044813cf55c2398d7e2179e75c06ed8bcbcfc0328f9e0e2cc0b67e2e3d2e4a
419311167faeee927763b67ce00dbd4491f18bb0dbac9236621faec9e6422fa9
866134587921cf465cf92fc9385239fadd27cd412c5eadf5ba017086630fc8b1
a0b5863db12d6a77d51909803b1b89b606df748a3f053b5f324e30900cdcdbf4
a0fe56ec6eb5cc433fdc9e3537e49b45c90ffe8df409a0f1b5844bc253d209ba
b32bbc5767cdfa8ff481f3523e391d2e6e025d549298617b79eaeb83f3612dd3
c449846edfd7dc49ca59e9c0af719c46eb73ee474ec18f9860db70599e50992e
d9eec27bf827669cf13bfdb7be3fdb0fdf05a26d5b74adecaf2f0a48105ae934
d91c95100288668e321bc04305f896c3038f46404b8ca7da4427f9bec4b25878
e2e3357dbcff03d8f0f3a5c5117ff7a25925f171e8757d6c720d5909bff66f9b
eb540cf9833ab8bd901b48ef258c0e14eb91fb3118fa967a40cd64d8ab417fa9
f021a0e571ead8d43b6d9bdd0e90424ccf399276ce0b3b5e33332d12be902236
f18bca0882958d243abd1939ff2c693392cf6fd6256367b47feb5a415d99030b
f92a60d772da631dd0e925e36be12c6632b23fad993e3d23f97967352e0cb05c

# https://www.welivesecurity.com/en/eset-research/operation-texonto-information-operation-targeting-ukrainian-speakers-context-war/

choicelive149200.com
infoattention.com
infonotifi.com
infonotification.com
login.microsoftidonline.com
minagroua.org
minuaregion.org
minuaregionbecareful.com
navalny-votes.net
navalny-votesmart.net
navalny-voting.net
stronginfo1.com
ua-minagro.com
uaminagro.com
uamtu.com

45.9.148.165
45.9.148.207
45.9.150.58
45.129.199.200
45.129.199.222
46.249.58.177
89.116.52.79
154.49.137.16
185.12.14.13
193.43.134.113
195.54.160.59

0335d2778acd347e8122a2112eea6a25
8ed64fc1197b562e1188b936592a7f83
56aaa12c50afcc9b89d2675a3ec67604
449f36437b57965d3879b407763c4a3b

3c201b2e40357996b3832c72ea305606f07477e3
15bf71a771256846d44e8cb3012ee6bc6f9e1532
960341b2c296c425821e4b42435a0618b89d4037
bb14153040608a4f559f48c20b98c1056c794a60

649d1629f082a27922df37e36d0226edc11776719338bf5c9ea566bcafa1d0e1
53005e23db5f5acb692e9165cbfd4adc341a140c67f9cf266de11bc4fe824fac
ca157f1a63e5427de0b0fb4ae71874d92dcad9bb7c1558974852241bb07e792d
febd200568254a33420f360096c7420ee93b0f5b4f409bbb0874789a4f630a28

# https://www.welivesecurity.com/en/eset-research/vajraspy-patchwork-espionage-apps/

chatapp-6b96e-default-rtdb.firebaseio.com
chit-chat-e9053-default-rtdb.firebaseio.com
glowchat-33103-default-rtdb.firebaseio.com
hello-chat-c47ad-default-rtdb.firebaseio.com
letschat-5d5e3-default-rtdb.firebaseio.com
meetme-abc03-default-rtdb.firebaseio.com
privchat-6cc58-default-rtdb.firebaseio.com
quick-chat-1d242-default-rtdb.firebaseio.com
rafaqat-d131f-default-rtdb.asia-southeast1.firebasedatabase.app
tiktalk-2fc98-default-rtdb.firebaseio.com
wave-chat-e52fe-default-rtdb.firebaseio.com
yooho-c3345-default-rtdb.firebaseio.com

160.20.147.67

07f106d4ce4845ad26e89688d7ed2552
21e996e74ed60a618413c4d703906f74
40aeb61c0d88032005b1cb7f26791323
44c2b688516999ae61351988dbedd893
195a6f2c703375a90a614f7a25c962d4
666ca68e8a21ae09ed20722d06a06a0b
84504c2f077b1c73ec3a64bfa4429cf4
259035caab78d2f18fb022dc30552470
432316e6d85a3b4cec9cd196d7d79916
33859968406795496cc3df2cfc638104
b62e21c2a7091da95bd8c345b4e963bf
e95c7b7d33ffa747dc9dea6701fc1159
eb3e7d94069786eceb34b683e671eec2

1b61dc3c2d2c222f92b84242f6fcb917d4bc5a61
3b27a62d77c5b82e7e6902632da3a3e5ef98e743
5cfb6cf074ff729e544a65f2bcfe50814e4e1bd8
5f860d5201f9330291f25501505ebab18f55f8da
8ab01840972223b314bf3c9d9ed3389b420f717f
44e8f9d0cd935d0411b85409e146acd10c80bf09
94dc9311b53c5d9cc5c40cd943c83b71bd75b18a
137ba80e443610d9d733c160ccdb9870f3792fb8
846b83b7324dfe2b98264bafac24f15fd83c4115
235897bcb9c14eb159e4e74de2bc952b3ad5b63a
baf6583c54fc680aa6f71f3b694e71657a7a99d0
bcd639806a143bd52f0c3892fa58050e0eeef401
e0d73c035966c02df7bce66e6ce24e016607e62e

0c7afefe507ace767217dd91bdb68b06947ca668559f025425baae2afb4fff6c
0757de1fd165f72a084f955dc3fe45480a92b18b6153e116d1992586ca8ccd02
1e2c03876cb0a4dfb588be0de5bffd11aff57d556dbfb8a92793470ab3c66038
1f744fcc5b503328e8707c93f36904d17d2a71db3aa948803c98a5d54160b878
2fdb7c4430660cb49547ac2828a631810d4e3d245a6501ce00825faa169cb7d0
35f52cb5085cc58e8d005d249bfcaa17244f1be3147780e1ac64990006db2ccc
55dd05f02ead336c99d491fa7a9945cf8f113215c5147710874be68fde519cd5
64b2a100e8ca305d7362eeb4858694156d676989b8c6d6d8d01cdebe84dafc7b
5672e8d711be744869e811ebbf90b511abf025eb1dfe2372d2e60ac4b825d3d0
9115408ab7227f30cb6d3f785c208377b31da208171def1c3ec4d81c6f833585
ba9aeb87025ba26e7a54fe38f97bf28b72b1dac069e9fa6624a195a599c4b0ae
c06f8c3fd23ae7124cc06eb63c0411418715bf99d3c9fa66525790b2b4c61858
c547fc04afad7538be1c638019867145dabf630afc2eba1ece7f972892598a65

# https://www.welivesecurity.com/en/eset-research/eset-takes-part-global-operation-disrupt-grandoreiro-banking-trojan/

3.144.135.247
18.215.238.53
20.120.249.43
20.151.89.252
20.237.166.161
52.161.154.239
54.219.169.167
62.84.100.225
66.70.160.251
77.246.96.204
167.114.4.175
167.114.138.249
185.228.72.38

f8932d95a0dc719ee24893747857a07a
c7e0b4ca6fe0ae4688db2e5f123a1ebf
09b3686d233d69ae96d460428c61b17d
019523190a3788836e891d7f6cd24f1d

a99a72d323ab5911ada7762fbc725665ae01fdf9
08c7453bd36de1b9e0d921d45aef6d393659fdf5
fb32344292ab36080f2d040294f17d39f8b4f3a8
4cdf7883c8a0a83eb381e935cd95a288505aa8b8

4f90de1a174397518c3ddc27fc9ac05c819d28513555a5e50555e10098971503
2c01734ff63d041a91d10acdb302ef4ffc400396e34140335e4faa2e3f002dbe
305e220e1f1cb506c32bb509f246515e3cba7ec1dabae95298f358d26654bfa6
bfaa9086b302e07877a3152460ef9c7faa0ee26afd4cfb22e40bd200dfe48934

# https://www.welivesecurity.com/en/eset-research/nspx30-sophisticated-aitm-enabled-implant-evolving-since-2005/

dl_dir.qq.com

104.193.88.123
183.134.93.171

3A8F4C376E923E077800023F649D948F
5E45D7A7324384EB42E65586D494F7BF
9A2DDBADFEED50A9837CD6B37501E871
19F71FEFE9439F3670E476DC1D054B78
41EF4F53DCE004763EC8D858943C1A79
491C6C21040BB6E3D285DF53B6AC95D6
BCB848A6CE33E136722EF6903E8A71FA
BD8459B3D4FAF69CF2D0E9F118A1D6CA
D8C80DC68E24A6B3C2AC31E1EF489612
D9575ED0F6A78638F2ECD8CD4C41A7C7
E316418EF3E844108F7B11A58239E789
F7EB86F60458EA8888B8DF86DD4BAF93
F8084ED1DC34852C32D06856784DCE4D

9D74FE1862AABAE67F9F2127E32B6EFA1BC592E9
44F50A81DEBF68F4183EAEBC08A2A4CD6033DD91
625BEF5BD68F75624887D732538B7B01E3507234
796D05F299F11F1D78FBBB3F6E1F497BC3325164
8296A8E41272767D80DF694152B9C26B607D26EE
8936BD9A615DD859E868448CABCD2C6A72888952
43622B9573413E17985B3A95CBE18CFE01FADF42
82295E138E89F37DD0E51B1723775CBE33D26475
240055AA125BD31BF5BA23D6C30133C5121147A5
308616371B9FF5830DFFC740318FD6BA4260D032
ACD6CD486A260F84584C9FF7409331C65D4A2F4A
AF85D79BC16B691F842964938C9619FFD1810C30
DB6AEC90367203CAAC9D9321FDE2A7F2FE2A0FB6

1DF78A0F282142FF7ECEF4C49BEEAC2F06C633515C5F0BA940C30902BC73C272
3AB6FA10E985BE4CD5A7874520DBD7B3C4F0C05AE8D22AC65ED2CD6DF5C8CC51
4C284478D4765CE049425D40F4B88E5A6ACABD1DFC68B6AC26394681CBE8A1B3
5BB9DCEC7DA0EDFC88C9F823D7AF0909D19B5D960EEE6C42948B6DFF709709D7
6A3210E40262A7990E3DB3575C1D496B11846902AF04C911D2F4FC4E1D4DD921
7CB1326D33CD9A84410411649F9159B6547750D6BFF90C6C268BDF27C6A88698
72B81424D6235F17B3FC393958481E0316C63CA7AB9907914B5A737BA1AD2374
477B226009F75FE1AB921BE3634CD54797A47E5807AAED7B25FDB8D83F09CC98
3166B84A4DD1B6A8CDCA2216848DDEC7EBCEFE3382234427FAF08DD3356C1753
AEA277EB7CD8383479D1E502D9E3EB76F8D17C4BE2DCAA63FDA444CAC6E96197
AFB9B1A9BB6DF4AE5B282A9D78B68EC733BEA11C78DC77566B8F3EA884071101
EE9627922F6CF2399C651C6F5095371E692F75C7D005F3E362EEF547751AEFB5
FA8E6F0094E9ADCAD61B80C75726BF6C7624C2B10A531F9C0F8A6FFB49B950BA

# https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/

188.114.96.2

00c64fee37813cf1f3c13ce420ac062a
2cd9a581370555f89506cba6e92511b0
3fda5ccad494a277765657617e34ac52
4ac0a1e66aa6b2eb9e9ec85d900d86bd
20e1f53afeedd12e2bd3c77d507db92b
28c1f9244fff221361cda5a4fd95abca
76ce1ff85387f3120f53c35e33d8b56b
158c129d63f414880f232cc02654a6bc
708c4aaf571fe6bf1a3cf6e90fe4bed6
1943c231137d55ff796189dc69f92bf8
8206bc505ee8d37c1f2b8c310d0c2274
82556a35051f620d18486dbc96589d05
182068a92e906d68ca88a13e7009b28c
74824410f4e59bb4e4967046a600c5e7
cc05cc07821ebedc7274781f8d03b218
eaa862e30afd13a4210a36222912c14a
f761bed74ea2d7fd68a79a14a09b055d

0f164894dc7d8256b66d0ebaa7afedcf5462f881
1b2fedd5f2a37a0152231ae4099a13c8d4b73c9e
3bf19ae7fb24fce2509623e7e0d03b5a872456d4
7e498b3366f54e936cb0af767bfc3d1f92d80687
8d84d32df5768b0d4d2ab8b1327c43f17f182001
13c209cdc754616a8d7a6ba78d1962353e78cc79
35e0e78ec35b68d3ee1805eeceea352c5fe62eb6
51b6ec5de852025f63740826b8edf1c8d22f9261
6001a008a3d3a0c672e80960387f4b10c0a7bd9b
a97f4b4519947785f66285b546e13e52661a6e6f
a56622a6ef926568d0bdd56fedbff14bd218ad37
aae958960657c52b848a7377b170886a34f4ae99
aef3140cd0ee6f49bfcc41f086b7051908b91bdd
ba439d2fc3298675f197c8b17b79f34485271498
c225e0b256edb9a2ea919bacc62f29319de6cb11
ddf0b7b509b240aab6d4ab096284a21d9a3cb910
e78830384ff14a58df36303602bc9a2c0334a2a4

0ca0febadb1024b0a8961f21edbf3f6df731ca4dd82702de3793e757687aefbc
4b412976381c9e31d5c9abef8eb7d1c78bb9826cd41824f12f8f04b2f93c499c
4e8f795969a249def74e684195980ed6191b574d4bc1ece048bfe24e0121200b
4fed4883c905b8d7b0fae17d9faef8bcb7cfd0348952b533bff6bae634a91634
9abbe2033415fc1a11f4d397fed82b9af0200d8a229faf6b2cb4514715901a01
49c44aa795b579fae718690793ca6639d946a047d1df6ca222f625aeefd3cbe8
65b0f8b417ed59ab581d811574242d91f76d99a7eafa949c412522c1efb59cfc
68d3b5e4d3cbd6eb48676fd27163ae6b434d44b253f248c41c57dce009e997ab
73b286d2ff89b79528b1ab1fa35ec3c20de8e95d5bf77aece15284dedd98381c
99dfa514ac1f85a27ee033a2b9fb2ebd789b18cbea474ad81a3184f2d3b195ee
99e49a06151d6f4db528b1a83aa9f9c0792aaa729baf47884344cd66cc3fee24
536f065acb8f453040f722d8e05afa96cfb75e1cf978a7804853ec0f69b85ed9
4356c8eb7f9da7bc4b9db68d674b222d3a81dcfd4a3b4955e2c897f60a88cac5
15214e9e89c382015c562c4d3baca09437c450bd8466587a5c6cc03ff33ef4e3
680249cd3468ae0c2ce00059163f0bac2349ab9f6b9363b39e78904276881126
9016319ecb5cfbe38f06ca10aba1cdc92da55a511e1ccc385ca63f6230444c21
aeeded660ce7936f52ce233c851f5eabd634c848f98ec5c6d66dba30d365b1c5