## hosts-blocklists
## domains-ips-hashes

## blocklists-symantec
## https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence


# https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ransomware-data-exfiltration

0d068a6aa2df88613e1c5c7ba412a5a5bc3cadc3f3ab4b76d10035ba8eec27bf
0f4fa41c4ab2ac238cbe92438cb71d139a7810c6c134b16b6c6005c4c5b984e4
00be065f405e93233cc2f0012defdcbb1d6817b58969d5ffd9fd72fc4783c6f4
0242c29a20e19a4c19ff1e5cc7f28a8af3c13b6ec083d0569b3ba15a02c898b6
0244b889e1928a51b8552ab394f28b6419c00542a1bbc2366e661526790ec0a7
040f59f7e89787ee8db7ba44a11d7ed2ce9065ac938115933ca8cb37bb99abc5
2cbe4368f75f785bf53cbc52b1b357d6281dc41adc1a1aa1870e905a7f07ed5e
2e64bf8ca66e4363240e10dd8c85eabbf104d08aba60b307435ff5760d425a92
3a3fe8352e0a2bca469dba0dc5922976d6ba4dc8b744ac36056bfb25dbf7fc68
3cc56d5b79877a8ee6d15f0109d1c59937d6555ae656924686cafeee36ec0d57
3e2bda57454efa2e87ae4357f5c6c04edafa6b1efcda8093cbfd056a211d0f39
3f0256ae16587bf1dbbd3b25a50f972883ae41bce1d77f464b2a5c77fd736466
4de898c139fb5251479ca6f9ec044cac4d83a2f5d1113b7a4b8f13468a130c97
5adfef3f7721d6616650711d06792c087fd909f52435c8124c5f940f7acbdb48
5b70972c72bf8af098350f8a53ec830ddbd5c2c7809c71649c93f32a8a3f1371
5cc2c563d89257964c4b446f54afe1e57bbee49315a9fc001ff5a6bcb6650393
5d8f9cf481d72c53438cdfff72d94b986493e908786e6a989acad052d1939399
6ad342fbfe679c66ecf31b7da1744cbf78c3dc9f4dbc61f255af28004e36a327
6c5338d84c208b37a4ec5e13baf6e1906bd9669e18006530bf541e1d466ba819
6cf60c768a7377f7c4842c14c3c4d416480a7044a7a5a72b61ff142a796273ec
6f88fb88ffb0f1d5465c2826e5b4f523598b1b8378377c8378ffebc171bad18b
7bcff667ab676c8f4f434d14cfc7949e596ca42613c757752330e07c5ea2a453
7c20393e638d2873153d2873f04464d4bad32a4d40eabb48d66608650f7d4494
7d531afcc1a918df73f63579ca8d1a5c8048d8ac77917674c6805f31c8c9890f
7ef2cc079afe7927b78be493f0b8a735a3258bc82801a11bc7b420a72708c250
8a878d4c2dff7ae0ec4f20c9ddbbe40b1d6c801d07b9db04597e46b852ea2dc5
8b23414492ebf97a36d53d6a9e88711a830cbfb007be756df4819b8989140c2d
8cd552392bb25546ba58e73d63c4b7c290188ca1060f96c8abf641ae9f5a8383
8d6a398f97d734412de03340bbb8237d00c519479649af8933afb8fb4fa2f695
8e21c680dab06488014abca81348067753be97fd0413def630701019dea00980
9a7c58bd98d70631aa1473f7b57b426db367d72429a5455b433a05ee251f3236
9b5d1f6a94ce122671a5956b2016e879428c74964174739b68397b6384f6ee8b
9b78a7d8fd95fe9275c683f8cca54bc6c457b2cb90c549de227313a50da4fc41
9bbc9784ce3c818a127debfe710ec6ce21e7c9dd0daf4e30b8506a6dba533db4
9e3c618873202cd6d31ea599178dd05b0ab9406b44c13c49df7a2cbc81a5caa4
33f6acd3dfeda1aadf0227271937c1e5479c2dba24b4dca5f3deccc83e6a2f04
35e6742e840490ee8ccfbbccacd5e7e61a1a28a2e23fb7b5083a89271a5fd400
40c81a953552f87de483e09b95cbc836d8d6798c2651be0beba3b1a072500a15
64dd55e1c2373deed25c2776f553c632e58c45e56a0e4639dfd54ee97eab9c19
64e0322e3bec6fb9fa730b7a14106e1e59fa186096f9a8d433a5324eb6853e01
89a09433e0a57d8c01d5bab4ef4e6def979d2bc8e1ffad47ee6eadd3b85d09e9
99abf0d33e2372521384da3c98fd4a3534155ad5b6b7852ebe94e098aa3dc9b8
109b03ffc45231e5a4c8805a10926492890f7b568f8a93abe1fa495b4bd42975
265b69033cea7a9f8214a34cd9b17912909af46c7a47395dd7bb893a24507e59
270c888f8fbeb3bdc2dbcf8a911872791e05124d9bd253932f14dc4de1d2aed2
355faa21f35d4a15c894445f09af97b2ad90604425b9a4b9076e293dbd4504ab
366f5d5281f53f06fffe72f82588f1591191684b6283fb04102e2685e5d8e95c
461ba29d9386de39071d8f2f7956be21fb4fa06df8dd1db6dec3da0982e42f9f
486b2c2b0ca934ab63a9cf9f4b660768ad34c8df85e6f070aec0b6a63f09b0d8
523dcd9d9b971a8b4c53b5cfd9a003d7fcc0e6a4e0a06039db7f87ba7fb0a167
580f6a285c6c3b7238bd16e1aeb62a077ae44b5061a2162e9fd6383af59028bb
664bb48bf3e8a7d7036e4b0029fa10e1a90c2562ad9a09a885650408d00dea1b
734f3577aa453fe8e89d6f351a382474a5dab97204aff1e194eee4e9fdff0a4a
837fa64038a1e46494b581020606c386fbd79898aab9f38f90df8cfa7d4599ec
840e1f9dc5a29bebf01626822d7390251e9cf05bb3560ba7b68bdb8a41cf08e3
935c1861df1f4018d698e8b65abfa02d7e9037d8f68ca3c2065b6ca165d44ad2
5157d2c1759cb9527d780b88d7728dc4ba5c9ce5fddff23fb53c0671febb63bc
5778bf9e4563a80ec48e975eaa81fd6fe2f4b504ffcd61fcfbceb65a45eb8345
8258756c2e0ca794af527258e8a3a4f7431fbd7df44403603b94cb2a70cb1bdf
91605641a4c7e859b7071a9841d1cd154b9027e6a58c20ec4cadafeaf47c9055
9242846351a65655e93ed2aeaf36b535ff5b79ddf76c33d54089d9005a66265b
a7f477021101837696f27159031c27afec16df0a92355dfe0eb06e8b23bff7f6
a8611c0befdb76e8453bc36e1c5cfea04325e57dffb21c88760c6e0316319b36
aaa647327ba5b855bedea8e889b3fafdc05a6ca75d1cfd98869432006d6fecc9
af61905129f377f5934b3bbf787e8d2417901858bb028f40f02200e985ee62f6
b1e7851bd2edae124dc107bec66af79febcb7bc0911022ac31b3d24b36b3f355
b9ef2e948a9b49a6930fc190b22cbdb3571579d37a4de56564e41a2ef736767b
b53f3c0cd32d7f20849850768da6431e5f876b7bfa61db0aa0700b02873393fa
b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450
bbbedd933ac156b476e1b3edb3e09501c604a79c4ff1a917df779a9f1bec5cca
bc866cfcdda37e24dc2634dc282c7a0e6f55209da17a8fa105b07414c0e7c527
bcaa3d8dcba6ba08bf20077eadd0b31f58a1334b7b9c629e475694c4eeafd924
c4753ca743f0bfa82590e9838ad48af862814052e5c90a6dab97c651942a9d61
cd37a69b013336637a1ee722a6c7c8fd27439cf36ac8ed7e29374bbe4a29643e
cdb82be1b9dd6391ed068124cfdf2339d71dd70f6f76462a7e4a0fdadd5a208a
cef987a587faded1a497d37cf8d1564a287ef509338dbd956ea36c8e6aa9a68e
d0ceb18272966ab62b8edff100e9b4a6a3cb5dc0f2a32b2b18721fea2d9c09a5
d3b125f6441485825cdf3e22e2bfdeda85f337e908678c08137b4e8ef29303db
d4e9986e9ad85daae7fabd935f021b26d825d693209bed0c9084d652feef0d77
d5e01c86dab89a0ecbf77c831e4ce7e0392bea12b0581929cace5e08bdd12196
d6c1e30368d7ed406f0a6c6519287d589737989e8ff1297b296054b64b646b3f
d40ae98a7d18c2c35c0355984340b0517be47257c000931093a4fc3ccc90c226
d551b4f46ad7af735dfa0e379f04bdb37eda4a5e0d9fe3ea4043c231d034176c
d1144b0fb4e1e8e5104c8bb90b54efcf964ce4fca482ee2f00698f871af9cb72
d7267fe13e073dcfe5b0d319e41646a3eb855444d25c01d52d6dab9de695e1b1
d928708b944906e0a97f6a375eb9d85bc00de5cc217d59a2b60556a3a985df1e
de96a6e69944335375dc1ac238336066889d9ffc7d73628ef4fe1b1b160ab32c
df69dc5c7f62c06b0a64c9b065c3cbe7d034af6ba14131f54678135c33806f3e
df28158ea229ab67f828328fc01ea7629f3b743ecea8c0b88fba80cd7efc3a75
e2a5fb1ca722474b76d6da5c5b1d438a1e58beca52864862555c9ab1b533e72d
e69f82a00ab0e15d2d5d9f539c70406cbfaffd2d473e09aab47036d96b6a1bc1
e94901809ff7cc5168c1e857d4ac9cbb339ca1f6e21dcce95dfb8e28df799961
ea38cff329692f6b4c8ade15970b742a9a8bb62a44f59227c510cb2882fa436f
ec33d8ee9c3881b8fcea18f9f862d5926d994553aec1b65081d925afd3e8b028
ec436aeee41857eee5875efdb7166fe043349db5f58f3ee9fc4ff7f50005767f
eea7d9af6275c1cbf009de73a866eac4bc5d0703078ffe73b0d064cca4029675
f6c9532e1f4b66be96f0f56bd7c3a3c1997ea8066b91bfcc984e41f072c347ba
f63ff9c6f31701c1dca42d47ca4d819645e8d47586cf375db170503ce92b777e
fc19f3275d02764cf249dc6fe8962e06b83a4f5769cc369bc4f77b90c567df18
ff79d3c4a0b7eb191783c323ab8363ebd1fd10be58d8bcc96b07067743ca81d5

# https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/alpha-netwalker-ransomware

0bad18cb64b14a689965540126e0adbc952f090f1fb7b6447fe897a073860cdb
1c12ff296e7d9f90391e45f8a1d82d8140edf98d616a7da28741094d60d4779d
2d07f0425dc465b3a1267a672c1293f9a3d0cd23106b7be490807fea490978ea
5f3bf9c07eedde053f19ce134caa7587f8fb6c466e33256e1253f3a9450b7110
6e204e39121109dafcb618b33191f8e977a433470a0c43af7f39724395f1343e
9c71500a9472814f7bf97a462fe9822cf93dc41e2e34cc068734586d5e5146ef
9d6ed8396ee79ae92a5e6cef718add321226def3461711cf585e0fd302c961ae
89bfcbf74607ad6d532495de081a1353fc3cf4cd4a00df7b1ba06c10c2de3972
480cf54686bd50157701d93cc729ecf70c14cd1acd2cb622b38fc25e23dfbc26
6462b8825e02cf55dc905dd42f0b4777dfd5aa4ff777e3e8fe71d57b7d9934e7
46569bf23a2f00f6bac5de6101b8f771feb972d104633f84e13d9bc98b844520
a8d350bbe8d9ccfbb0c3e9c2dd9251c957d18ce13ae405ceb2f2d087c115db15
ab317c082c910cfe89214b31a0933eaab6c766158984f7aafb9943aef7ec6cbb
b2adf8ec7ab5193c7358f6acb30b003493466daee33ea416e3f703e744f73b7d
b7ca6d401b051712cb5b1a388a2135921a4420db8fe41842d51d2ec27380b479
c00fbf3fb992e7f237c396d69081246570cbd60d6c7a2262c01ae4d8e6f17ddd
c5f7492a3e763b4456afbb181248fdb8e652575cea286db7861e97ffcd1b72e4
df15266a9967320405b3771d0b7353dc5a4fb1cbf935010bc3c8c0e2fe17fb94
e43b1e06304f39dfcc5e59cf42f7a17f3818439f435ceba9445c56fe607d59ea
e68dd7f20cd31309479ece3f1c8578c9f93c0a7154dcf21abce30e75b25da96b
e573d2fec8731580ab620430f55081ceb7153d0344f2094e28785950fb17f499
f5d25777331ba55d80e064dea72240c1524ffcd3870555a8c34ff5377def3729
f3858d29073ae90f90c9bb284913752533fe1a6437edd6536e4b1775fc8f6db4

# https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/iran-apt-seedworm-africa-telecoms

45.67.230.91
45.150.64.39
94.131.3.160
94.131.98.14
94.131.109.65
95.164.38.99
95.164.46.199
146.70.124.102

1a0827082d4b517b643c86ee678eaa53f85f1b33ad409a23c50164c3909fdaca
25b985ce5d7bf15015553e30927691e7673a68ad071693bf6d0284b069ca6d6a
3916ba913e4d9a46cfce437b18735bbb5cc119cc97970946a1ac4eab6ab39230
eac8e7989c676b9a894ef366357f1cf8e285abde083fbdf92b3619f707ce292f

# https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/crambus-middle-east-government

78.47.218.106
91.132.92.90
151.236.19.91
192.121.22..46

4d04ad9d3c3abeb61668e52a52a37a46c1a60bc8f29f12b76ff9f580caeefba8
5a803bfe951fbde6d6b23401c4fd1267b03f09d3907ef83df6cc25373c11a11a
6b9f60dc91fbee3aecb4a875e24af38c97d3011fb23ace6f34283a73349c4681
6bad09944b3340947d2b39640b0e04c7b697a9ce70c7e47bc2276ed825e74a2a
7e107fdd6ea33ddc75c1b75fdf7a99d66e4739b4be232ff5574bf0e116bc6c05
22df38f5441dec57e7d7c2e1a38901514d3f55203b2890dc38d2942f1e4bc100
23db83aa81de19443cafe14c9c0982c511a635a731d6df56a290701c83dae9c7
41ff7571d291c421049bfbd8d6d3c51b0a380db3b604cef294c1edfd465978d9
159b07668073e6cd656ad7e3822db997d5a8389a28c439757eb60ba68eaff70f
497e1c76ed43bcf334557c64e1a9213976cd7df159d695dcc19c1ca3d421b9bc
661c9535d9e08a3f5e8ade7c31d5017519af2101786de046a4686bf8a5a911ff
1698f9797f059c4b30f636d16528ed3dd2b4f8290e67eb03e26181e91a3d7c3b
6964f4c6fbfb77d50356c2ee944f7ec6848d93f05a35da6c1acb714468a30147
41672b08e6e49231aedf58123a46ed7334cafaad054f2fd5b1e0c1d5519fd532
497978a120f1118d293906524262da64b15545ee38dc0f6c10dbff3bd9c0bac2
927327bdce2f577b1ee19aa3ef72c06f7d6c2ecd5f08acc986052452a807caf2
75878356f2e131cefb8aeb07e777fcc110475f8c92417fcade97e207a94ac372
a1a633c752be619d5984d02d4724d9984463aa1de0ea1375efda29cadb73355a
a6365e7a733cfe3fa5315d5f9624f56707525bbf559d97c66dbe821fae83c9e9
ba620b91bef388239f3078ecdcc9398318fd8465288f74b4110b2a463499ba08
be6d631fb2ff8abe22c5d48035534d0dede4abfd8c37b1d6cbf61b005d1959c1
c3ac52c9572f028d084f68f6877bf789204a6a0495962a12ee2402f66394a918
c488127b3384322f636b2a213f6f7b5fdaa6545a27d550995dbf3f32e22424bf
d0bfdb5f0de097e4460c13bc333755958fb30d4cb22e5f4475731ad1bdd579ec
d884b3178fc97d1077a13d47aadf63081559817f499163c2dc29f6828ee08cae
db1cbe1d85a112caf035fd5d4babfb59b2ca93411e864066e60a61ec8fe27368 

# https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/grayling-taiwan-cyber-attacks

d3ktcnc1w6pd1f.cloudfront.net

3.0.93.185
45.148.120.23
172.245.92.207

1b72410e8e6ef0eb3e0f950ec4ced1be0ee6ac0a9349c8280cd8d12cc00850f9
1ed1b6a06abbab98471d5af33e242acc76d17b41c6e96cce0938a05703b58b91
1f15c3ae1ce442a67e3d01ed291604bfc1cb196454b717e4fb5ac52daa37ecce
3acfe90afa3cbb974e219a5ab8a9ee8c933b397d1c1c97d6e12015726b109f1b
4c44efc7d9f4cd71c43c6596c62b91740eb84b7eb9b8cf22c7034b75b5f432d9
4fbe8b69f5c001d00bd39e4fdb3058c96ed796326d6e5e582610d67252d11aba
5ed10f2564cd60d02666637e9eac36db36f3a13906b851ec1207c7df620d8970
5ef2e36a53c681f6c64cfea16c2ca156cf468579cc96f6c527eca8024bfdc581
6a8c39e4c543e94f6e4901d0facee7793f932cd2351259d8054981cf2b4da814
6e5d840ddeedc3b691e11a286acd7b6c087a91af27c00044dd1d951da5893068
7c1b20de1f170cfaf3e75ebc7e81860378e353c84469795a162cd3cfd7263ba2
7ea706d8da9d68e1214e30c6373713da3585df8a337bc64fcc154fc5363f5f1f
8b6c559cd145dca015f4fa06ef1c9cd2446662a1e62eb51ba2c86f4183231ed2
9bad71077e322031c0cf7f541d64c3fed6b1dc7c261b0b994b63e56bc3215739
23e5dfaf60c380837beaddaaa9eb550809cd995f2cda99e3fe4ca8b281d770ae
74cbde4d4b4ac4cae943831035bff90814fa54fd21c3a6a6ec16e7e3fb235f87
79b0e6cd366a15848742e26c3396e0b63338ead964710b6572a8582b0530db17
87a7e428d08ecc97201cc8f229877a6202545e562de231a7b4cab4d9b6bbc0f8
90de98fa17294d5c918865dfb1a799be80c8771df1dc0ec2be9d1c1b772d9cf0
803d0d07d64010b102413da61bbf7b4d378891e2a46848b88ef69ca9357e3721
971ab5d4f0ec58fa1db61622a735a51e14e70ee5d99ab3cd554e0070b248eb1f
6725e38cbb15698e957d50b8bc67bd66ece554bbf6bcb90e72eaf32b1d969e50
30130ea1ab762c155289a32db810168f59c3d37b69bcbedfd284c4a861d749d6
245016ace30eda7650f6bb3b2405761a6a5ff1f44b94159792a6eb64ced023aa
525417bdd5cdd568605fdbd3dc153bcc20a4715635c02f4965a458c5d008eba9
667624b10108137a889f0df8f408395ae332cc8d9ad550632a3501f6debc4f2c
752018c117e07f5d58eed35622777e971a5f495184df1c25041ff525ca72acea
a180e67fcaf2254b18eafdc95b83038e9a4385b1a5c2651651d9d288fa0500fe
ab09e8cac3f13dea5949e7a2eaf9c9f98d3e78f3db2f140c7d85118b9bc6125f
af26d07754c8d4d1cb88195f7dc53e2e4ebee382c5b84fc54a81ba1cee4d0889
b19ccfa8bc75ce4cf29eb52d4afe79fe7c3819ac08b68bd87b35225a762112ba
ba8a7af30e02bd45e3570de20777ab7c1eec4797919bfcd39dde681eb69b9faf
bf1665c949935f3a741cfe44ab2509ec3751b9384b9eda7fb31c12bfbb2a12ec
c2a714831d8a7b0223631eda655ce62ff3c262d910c0a2ed67c5ca92ef4447e3
c24b19e7ccd965dfeed553c94b093533e527c55d5adbc9f0e87815d477924be5
c76ba3eb764706a32013007c147309f0be19efff3e6a172393d72d46631f712e
d0e1724360e0ae11364d3ac0eb8518ecf5d859128d094e9241d8e6feb43a9f29
d522bf1fb3b869887eaf54f6c0e52d90514d7635b3ff8a7fd2ce9f1d06449e2c
da670d5acf3648b0deaecb64710ae2b7fc41fc6ae8ab8343a1415144490a9ae9
dcadcac4c57df4e31dd7094ae96657f54b22c87233e8277a2c40ba56eafcf548
de500875266fd18c76959839e8c6b075e4408dcbc0b620f7544f28978b852c1c
e75f2cee98c4b068a2d9e7e77599998196fd718591d3fa23b8f684133d1715c3
f2aaedb17f96958c045f2911655bfe46f3db21a2de9b0d396936ef6e362fea1b
f3e8f2ef4ad949a0ada037f52f4c0e6000d111a4ac813e64138f0ded865e6e31
f1764f8c6fc428237ffafeb08eb0503558c68c6ccf6f2510a2ef8c574ba347e0

# https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/budworm-tool-update-telecoms-govt

551397b680da0573a85423fbb0bd10dac017f061a73f2b8ebc11084c1b364466
c4f7ec0c03bcacaaa8864b715eb617d5a86b5b3ca6ee1e69ac766773c4eb00e6
c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37
c501203ff3335fbfc258b2729a72e82638719f60f7e6361fc1ca3c8560365a0e
df571c233c3c10462f4d88469bababe4c57c21a52cca80f2b1e1af848a2b4d23
ee9dfcea61282b4c662085418c7ad63a0cbbeb3a057b6c9f794bb32455c3a79e
f157090fd3ccd4220298c06ce8734361b724d80459592b10ac632acc624f455e

# https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/3am-ransomware-lockbit

85.159.229.62
185.202.0.111
212.18.104.6

079b99f6601f0f6258f4220438de4e175eb4853649c2d34ada72cce6b1702e22
307a1217aac33c4b7a9cd923162439c19483e952c2ceb15aa82a98b46ff8942e
991ee9548b55e5c815cc877af970542312cff79b3ba01a04a469b645c5d880af
680677e14e50f526cced739890ed02fc01da275f9db59482d96b96fbc092d2f4
ecbdb9cb442a2c712c6fb8aee0ae68758bc79fa064251bab53b62f9e7156febc

# https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/critical-infrastructure-attacks

websencl.com

01f4e6f32070234b4203507be22cfb9d3d73b4bbd5100f62271e2161ec8813b7
2e642afdd36c129e6b50ae919ca608ac0006ce337f2a5a7a6fb1eef6a4ad99e7
8dbc8b756cb724e2d6dc9c7c40f22c48022a8ee48da6685c4ccf580c6b5183cf
16f413862efda3aba631d8a7ae2bfff6d84acd9f454a7adaa518c7a8a6f375a5
32d709d8d41e4ede6861ce27c9e2bb86d83be8336b45a17f567bab1869c6600a
231d21ceefd5c70aa952e8a21523dfe6b5aae9ae6e2b71a0cdbe4e5430b4f5b3
656582bf82205ac3e10b46cbbcf8abb56dd67092459093f35ce8daa64f379a2c
ac6938e03f2a076152ee4ce23a39a0bfcd676e4f0b031574d442b6e2df532646
d9438cd2cdc83e8efad7b0c9a825466efea709335b63d6181dfdc57fb1f4a4e3

# https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/carderbee-software-supply-chain-certificate-abuse

cdn.ofo.ac
cdn.stream-amazon.com
githubassets.akamaixed.net
gobay.info
ms-f7-sites-prod-cdn.akamaixed.net
ms-g9-sites-prod-cdn.akamaixed.net
tjj.active-microsoft.com

45.76.179.209
103.151.28.11
104.238.151.104
111.231.100.228

1ff7b55dde007b7909f43dd47692f7c171caa2897d663eb9db01001062b1fe9d
2f714aaf9e3e3e03e8168fe5e22ba6d8c1b04cbfa3d37ff389e9f1568a80cad4
7e6d0f14302662f52e4379eb5b69a3749d8597e8f61266aeda74611258972a3d
8bd40da84c8fa5f6f8e058ae7e36e1023aca1b9a9c8379704934a077080da76f
8ca135b2f4df6a714b56c1a47ac5baa80a11c6a4fcc1d84a047d77da1628f53f
9e96f70ce312f2638a99cfbd3820e85798c0103c7dc06fe0182523e3bf1e2805
9fc49d9f4b922112c2bafe3f1181de6540d94f901b823e11c008f6d1b2de218c
19a6a404605be964ab87905d59402e2890460709a1d9038c66b3fbeedc1a2343
47b660bbaacb2a602640b5e2c589a3adc620a0bfc9f0ecfb8d813a803d7b75e2
85fc7628c5c7190f25da7a2c7ee16fc2ad581e1b0b07ba4ac33cff4c6e94c8af
2400d8e66c652f4f8a13c99a5ffb67cb5c0510144b30e93122b1809b58614936
5467e163621698b38c2ba82372bac110cea4121d7c1cec096958a4d9eaa44be7
96170614bbd02223dc79cec12afb6b11004c8edb8f3de91f78a6fc54d0844622
b7b8ea25786f8e82aabe4a4385c6142d9afe03f090d1433d0dc6d4d6ccc27510
b84f68ab098ce43f9cb363d0a20a2267e7130078d3d2d8408bfb32bbca95ca37
b5159f8ae16deda7aa5d55100a0eac6e5dacd1f6502689b543513a742353d1ea
f64267decaa982c63185d92e028f52c31c036e85b2731a6e0bccdb8f7b646e97

# https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/syssphinx-fin8-backdoor

104-168-237-21.sslip.io
api-cdn.net
api-cdnw5.net
git-api.com

37.10.71.215

0e11a050369010683a7ed6a51f5ec320cd885128804713bb9df0e056e29dc3b0
05236172591d843b15987de2243ff1bfb41c7b959d7c917949a7533ed60aafd9
0980aa80e52cc18e7b3909a0173a9efb60f9d406993d26fe3af35870ef1604d0
1d3e573d432ef094fba33f615aa0564feffa99853af77e10367f54dc6df95509
2cd2e79e18849b882ba40a1f3f432a24e3c146bb52137c7543806f22c617d62c
2d39a58887026b99176eb16c1bba4f6971c985ac9acbd9e2747dd0620548aaf3
4db89c39db14f4d9f76d06c50fef2d9282e83c03e8c948a863b58dedc43edd31
4e73e9a546e334f0aee8da7d191c56d25e6360ba7a79dc02fe93efbd41ff7aa4
5b8b732d0bb708aa51ac7f8a4ff5ca5ea99a84112b8b22d13674da7a8ca18c28
6cba6d8a1a73572a1a49372c9b7adfa471a3a1302dc71c4547685bcbb1eda432
8cfb05cde6af3cf4e0cb025faa597c2641a4ab372268823a29baef37c6c45946
48e3add1881d60e0f6a036cfdb24426266f23f624a4cd57b8ea945e9ca98e6fd
64f8ac7b3b28d763f0a8f6cdb4ce1e5e3892b0338c9240f27057dd9e087e3111
72fd2f51f36ba6c842fdc801464a49dce28bd851589c7401f64bbc4f1a468b1a
307c3e23a4ba65749e49932c03d5d3eb58d133bc6623c436756e48de68b9cc45
356adc348e9a28fc760e75029839da5d374d11db5e41a74147a263290ae77501
78109d8e0fbe32ae7ec7c8d1c16e21bec0a0da3d58d98b6b266fbc53bb5bc00e
827448cf3c7ddc67dca6618f4c8b1197ee2abe3526e27052d09948da2bc500ea
e4e3a4f1c87ff79f99f42b5bbe9727481d43d68582799309785c95d1d0de789a
e7175ae2e0f0279fe3c4d5fc33e77b2bea51e0a7ad29f458b609afca0ab62b0b
ede6ca7c3c3aedeb70e8504e1df70988263aab60ac664d03995bce645dff0935
edfd3ae4def3ddffb37bad3424eb73c17e156ba5f63fd1d651df2f5b8e34a6c7

# https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/microsoft-zeroday-exploit

3a3138c5add59d2172ad33bc6761f2f82ba344f3d03a2269c623f22c1a35df97
a61b2eafcf39715031357df6b01e85e0d1ea2e8ee1dfec241b114e18f7a1163f
d3263cc3eff826431c2016aee674c7e3e5329bebfb7a145907de39a279859f4a
e7cfeb023c3160a7366f209a16a6f6ea5a0bc9a3ddc16c6cba758114dfe6b539

# https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/flea-backdoor-microsoft-graph-apt15

beltsymd.org
cyclophilit.com
cyprus-villas.org
perusmartcity.com
verisims.com

50.116.3.164
172.104.244.187

02e8ea9a58c13f216bdae478f9f007e20b45217742d0fbe47f66173f1b195ef5
07fc745c29db1e2db61089d8d46299078794d7127120d04c07e0a1ea6933a6df
2b60e49e85b21a439855b5cb43cf799c1fb3cc0860076d52e41d48d88487e6d8
2da9a09a14c52e3f3d8468af24607602cca13bc579af958be9e918d736418660
4b78b1a3c162023f0c14498541cb6ae143fb01d8b50d6aa13ac302a84553e2d5
7aa10e5c59775bfde81d27e63dfca26a1ec38065ddc87fe971c30d2b2b72d978
7d3f6188bfdde612acb17487da1b0b1aaaeb422adc9e13fd7eb61044bac7ae08
7d93862c021d56b4920cab5e6cb30a2d5fb21478e7158f104e520cc739a1678d
7fa350350fc1735a9b6f162923df8d960daffb73d6f5470df3c3317ae237a4e6
8d2af0e2e755ffb2be1ea3eca41eebfcb6341fb440a1b6a02bfc965fe79ad56b
9a94483a4563228cb698173c1991c7cf90726c2c126a3ce74c66ba226040f760
17a63ccd749def0417981c42b0765f7d56e6be3092a1f282b81619ca819f82ef
44c1c5c92771c0384182f72e9866d5fed4fda896d90c931fe8de363ed81106cf
177c4722d873b78b5b2b92b12ae2b4d3b9f76247e67afd18e56d4e0c0063eecf
548ce27996e9309e93bf0bd29c7871977530761b2c20fc7dc3e2c16c025eb7bc
617af8e063979fe9ca43479f199cb17c7abeab7bfe904a2baf65708df8461f6d
819d0b70a905ae5f8bef6c47423964359c2a90a168414f5350328f568e1c7301
865c18480da73c0c32a5ee5835c1cfd08fa770e5b10bc3fb6f8b7dce1f66cf48
5600a7f57e79acdf711b106ee1c360fc898ed914e6d1af3c267067c158a41db6
9829c86fab4cbccb5168f98dcb076672dc6d069ddb693496b463ad704f31722e
31529b8b86d4b6a99d8f3b5f4b1f1b67f3c713c11b83b71d8df7d963275c5203
42379bb392751f6a94d08168835b67986c820490a6867c28a324a807c49eda3b
65436d5646c2dbb61607ed466132302f8c87dab82251f9e3f20443d5370b7806
617589fd7d1ea9a228886d2d17235aeb4a68fabd246d17427e50fb31a9a98bcd
858818cd739a439ac6795ff2a7c620d4d3f1e5c006913daf89026d3c2732c253
18560596e61eae328e75f4696a3d620b95db929bc461e0b29955df06bc114051
a6cad2d0f8dc05246846d2a9618fc93b7d97681331d5826f8353e7c3a3206e86
a78cc475c1875186dcd1908b55c2eeaf1bcd59dedaff920f262f12a3a9e9bfa8
af4a10cbe8c773d6b1cfb34be2455eb023fb1b0d6f0225396920808fefb11523
b42f9571d486a8aef5b36d72c1c8fff83f29cac2f9c61aece3ad70537d49b222
bf4ed3b9a0339ef80a1af557d0f4e031fb4106a04b0f72c85f7f0ff0176ebb64
bff65d615d1003bd22f17493efd65eb9ffbfe9a63668deebe09879982e5c6aa8
c559eb7e2068e39bd26167dd4dca3eea48e51ad0b2c7631f2ed6ffcba01fb819
d30ace69d406019c78907e4f796e99b9a0a51509b1f1c2e9b9380e534aaf5e30
d21797e95b0003d5f1b41a155cced54a45cd22eec3f997e867c11f6173ee7337
dc2423e21752f431ce3ad010ce41f56914e414f5a88fd3169e78d4cc08082f7b
df6a740b0589dbd058227d3fcab1f1a847b4aa73feab9a2c157af31d95e0356f
e7a6997e32ca09e78682fc9152455edaa1f9ea674ec51aecd7707b1bbda37c2f
e25cc57793f0226ff31568be1fce1e279d35746016fc086a6f67734d26e305a0
ed2f501408a7a6e1a854c29c4b0bc5648a6aa8612432df829008931b3e34bf56
f06692b482d39c432791acabb236f7d21895df6f76e0b83992552ab5f1b43c8d
f6f57fc82399ef3759dcbc16b7a25343dea0b539332dacdf0ed289cc82e900db
f98bd4af4bc0e127ae37004c23c9d14aa4723943edb4622777da8c6dcf578286
f653e93adf00cf2145d4bfa00153ae86905fe2c2d3c1f63e8f579e43b7069d51
f4575af8f42a1830519895a294c98009ffbb44b20baa170a6b5e4a71fd9ba663
fd21a339bf3655fcf55fc8ee165bb386fc3c0b34e61a87eb1aff5d094b1f1476	

# https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-russia-ukraine-military


 5.199.161.29
24.199.84.132
24.199.107.218
31.129.22.46
31.129.22.48
31.129.22.50
45.32.41.115
45.32.62.100
45.32.88.90
45.32.94.58
45.32.101.6
45.32.117.62
45.32.158.96
45.32.184.140
45.76.141.166
45.76.202.102
45.77.115.67
45.82.13.22
45.82.13.23
45.82.13.84
45.95.232.29
45.95.232.33
45.95.232.51
45.95.232.74
45.95.232.92
45.95.233.80
46.101.127.147
64.226.84.229
64.227.64.163
64.227.72.210
66.42.104.158
66.42.126.121
68.183.200.0
78.141.238.136
78.141.239.24
78.153.139.7
81.19.140.147
84.32.34.69
84.32.128.239
84.32.131.38
84.32.131.47
84.32.185.136
84.32.188.13
84.32.188.69
84.32.190.31
84.32.190.137
84.32.191.147
88.216.210.3
89.185.84.32
89.185.84.45
89.185.84.48
89.185.84.50
95.179.144.161
95.179.245.185
104.156.230.193
104.248.54.250
104.248.86.158
108.61.211.250
134.122.43.175
134.122.51.47
134.209.0.136
134.209.33.42
134.209.182.221
136.244.65.253
137.184.178.46
138.68.110.19
138.68.174.177
139.59.60.191
139.59.109.100
140.82.11.60
140.82.16.120
140.82.18.48
140.82.47.181
140.82.50.37
140.82.56.186
142.93.108.1
143.110.180.68
143.198.50.118
143.198.53.203
143.198.135.132
143.198.152.232
143.244.190.199
146.190.60.230
146.190.117.209
146.190.127.238
146.190.212.239
147.182.240.58
147.182.250.33
149.28.98.149
149.28.125.56
149.28.130.189
149.28.181.232
155.138.194.244
157.245.69.118
157.245.176.123
158.247.204.242
159.65.176.121
159.65.248.0
159.203.164.194
159.223.23.23
159.223.102.109
159.223.112.245
161.35.95.47
161.35.232.118
161.35.238.148
164.92.72.212
164.92.185.60
164.92.222.8
164.92.245.246
165.22.72.74
165.227.48.59
165.227.76.84
165.227.121.87
165.232.77.197
165.232.120.169
165.232.165.42
167.71.67.58
167.99.215.50
167.172.20.159
167.172.58.96
167.172.69.123
167.172.144.127
170.64.136.186
170.64.138.138
170.64.140.214
170.64.146.194
170.64.150.90
170.64.156.98
170.64.168.228
170.64.188.146
173.199.70.238
178.128.16.170
178.128.86.43
178.128.213.177
178.128.228.252
178.128.231.180
188.166.4.128
188.166.7.140
188.166.176.39
192.248.154.154
193.149.176.26
195.133.88.19
195.133.88.55
199.247.8.115
202.182.98.100
202.182.116.135
206.81.28.5
206.189.0.134
206.189.14.94
206.189.80.216
206.189.128.172
206.189.149.103
206.189.154.168
207.148.72.173
207.148.74.68
209.97.175.128
216.128.140.45
216.128.178.248

2aee8bb2a953124803bc42e5c42935c92f87030b65448624f51183bf00dd1581
7d6264ce74e298c6d58803f9ebdb4a40b4ce909d02fd62f54a1f8d682d73519a
31e60a361509b60e7157756d6899058213140c3b116a7e91207248e5f41a096b
91d42a959c5e4523714cc589b426fa83aaeb9228364218046f36ff10c4834b86
3393fbdb0057399a7e04e61236c987176c1498c12cd869dc0676ada859617137
3458cec74391baf583fbc5db3b62f1ce106e6cffeebd0978ec3d51cebf3d6601
28358a4a6acdcdfc6d41ea642220ef98c63b9c3ef2268449bb02d2e2e71e7c01
a615c41bcf81dd14b8240a7cafb3c7815b48bb63842f7356731ade5c81054df5
acc2b78ce1c0fc806663e3258135cdb4fed60682454ab0646897e3f240690bb8
c6f6838afcb177ea9dda624100ce95549cee93d9a7c8a6d131ae2359cabd82c8
c62dd5b6036619ced5de3a340c1bb2c9d9564bc5c48e25496466a36ecd00db30
dbd03444964e9fcbd582eb4881a3ff65d9513ccc08bd32ff9a61c89ad9cc9d87
f7a6ae1b3a866b7e031f60d5d22d218f99edfe754ef262f449ed3271d6306192

# https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware

81.161.229.120
91.215.85.183

01b09b554c30675cc83d4b087b31f980ba14e9143d387954df484894115f82d4
063fcedd3089e3cea8a7e07665ae033ba765b51a6dc1e7f54dde66a79c67e1e7
4dc407b28474c0b90f0c5173de5c4f1082c827864f045c4571890d967eadd880
5b3627910fe135475e48fd9e0e89e5ad958d3d500a0b1b5917f592dc6503ee72
7eabd3ba288284403a9e041a82478d4b6490bc4b333d839cc73fa665b211982c
8b2cf6af49fc3fb1f33e94ad02bd9e43c3c62ba2cfd25ff3dfc7a29dde2b20f2
8b5c261a2fdaf9637dada7472b1b5dd1d340a47a00fe7c39a79cf836ef77e441
9b8adde838c8ea2479b444ed0bb8c53b7e01e7460934a6f2e797de58c3a6a8bf
9f0c35cc7aab2984d88490afdb515418306146ca72f49edbfbd85244e63cfabd
18a79c8a97dcfff57e4984aa7e74aa6ded22af8e485e807b34b7654d6cf69eef
22e74756935a2720eadacf03dc8fe5e7579f354a6494734e2183095804ef19fe
32e815ef045a0975be2372b85449b25bd7a7c5a497c3facc2b54bcffcbb0041c
65c91e22f5ce3133af93b69d8ce43de6b6ccac98fc8841fd485d74d30c2dbe7b
287c07d78cafc97fb4b7ef364a228b708d31e8fe8e9b144f7db7d986a1badd52
898d57b312603f091ff1a28cb2514a05bd9f0eb55ace5d6158cc118d1e37070a
8041b82b8d0a4b93327bc8f0b71672b0e8f300dc7849d78bb2d72e2e0f147334
97378d58815a1b87f07beefb24b40c5fb57f8cce649136ff57990b957aa9d56a
515777b87d723ebd6ffd5b755d848bb7d7eb50fc85b038cf25d69ca7733bd855
bdfac069017d9126b1ad661febfab7eb1b8e70af1186a93cb4aff93911183f24
c33e56318e574c97521d14d68d24b882ffb0ed65d96203970b482d8b2c332351
ca6abfa37f92f45e1a69161f5686f719aaa95d82ad953d6201b0531fb07f0937
d59df9c859ccd76c321d03702f0914debbadc036e168e677c57b9dcc16e980cb
d259be8dc016d8a2d9b89dbd7106e22a1df2164d84f80986baba5e9a51ed4a65
d65225dc56d8ff0ea2205829c21b5803fcb03dc57a7e9da5062cbd74e1a6b7d6
de052ce06fea7ae3d711654bc182d765a3f440d2630e700e642811c89491df72
e5d65e826b5379ca47a371505678bca6071f2538f98b5fef9e33b45da9c06206
eda0328bfd45d85f4db5dbb4340f38692175a063b7321b49b2c8ebae3ab2868c 

# https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lancefly-merdoor-zxshell-custom-backdoor

0abc1d12ef612490e37eedb1dd1833450b383349f13ddd3380b45f7aaabc8a75
0dcfcdf92e85191de192b4478aba039cb1e1041b1ae7764555307e257aa566a7
009d8d1594e9c8bc40a95590287f373776a62dad213963662da8c859a10ef3b4
1ab4f52ff4e4f3aa992a77d0d36d52e796999d6fc1a109b9ae092a5d7492b7dd
1f09d177c99d429ae440393ac9835183d6fd1f1af596089cc01b68021e2e29a7
3ce38a2fc896b75c2f605c135297c4e0cddc9d93fc5b53fe0b92360781b5b94e
3e1c8d982b1257471ab1660b40112adf54f762c570091496b8623b0082840e9f
4c55f48b37f3e4b83b6757109b6ee0a661876b41428345239007882993127397
5f16633dbf4e6ccf0b1d844b8ddfd56258dd6a2d1e4fb4641e2aa508d12a5075
8d77fe4370c864167c1a712d0cc8fe124b10bd9d157ea59db58b42dea5007b63
8e98eed2ec14621feda75e07379650c05ce509113ea8d949b7367ce00fc7cd38
8f64c25ba85f8b77cfba3701bebde119f610afef6d9a5965a3ed51a4a4b9dead
8f64c25ba85f8b77cfba3701bebde119f610afef6d9a5965a3ed51a4a4b9dead –
9f00cee1360a2035133e5b4568e890642eb556edd7c2e2f5600cf6e0bdcd5774
10b96290a17511ee7a772fcc254077f62a8045753129d73f0804f3da577d2793
11bb47cb7e51f5b7c42ce26cbff25c2728fa1163420f308a8b2045103978caf5
13df2d19f6d2719beeff3b882df1d3c9131a292cf097b27a0ffca5f45e139581
14edb3de511a6dc896181d3a1bc87d1b5c443e6aea9eeae70dbca042a426fcf3
19ec3f16a42ae58ab6feddc66d7eeecf91d7c61a0ac9cdc231da479088486169
32d837a4a32618cc9fc1386f0f74ecf526b16b6d9ab6c5f90fb5158012fe2f8c
41d174514ed71267aaff578340ff83ef00dbb07cb644d2b1302a18aa1ca5d2d0
67ebc03e4fbf1854a403ea1a3c6d9b19fd9dc2ae24c7048aafbbff76f1bea675
79ae300ac4f1bc7636fe44ce2faa7e5556493f7013fc5c0a3863f28df86a2060
89e503c2db245a3db713661d491807aab3d7621c6aff00766bc6add892411ddc
90edb2c7c3ba86fecc90e80ac339a42bd89fbaa3f07d96d68835725b2e9de3ba
139c39e0dc8f8f4eb9b25b20669b4f30ffcbe2197e3a9f69d0043107d06a2cb4
341d8274cc1c53191458c8bbc746f428856295f86a61ab96c56cd97ee8736200
415f9dc11fe242b7a548be09a51a42a4b5c0f9bc5c32aeffe7a98940b9c7fc04
530c7d705d426ed61c6be85a3b2b49fd7b839e27f3af60eb16c5616827a2a436
592e237925243cf65d30a0c95c91733db593da64c96281b70917a038da9156ae
711a347708e6d94da01e4ee3b6cdb9bcc96ebd8d95f35a14e1b67def2271b2e9
750b541a5f43b0332ac32ec04329156157bf920f6a992113a140baab15fa4bd3
859e76b6cda203e84a7b234c5cba169a7a02bf028a5b75e2ca8f1a35c4884065
929b771eabef5aa9e3fba8b6249a8796146a3a4febfd4e992d99327e533f9798
947f7355aa6068ae38df876b2847d99a6ca458d67652e3f1486b6233db336088
5018fe25b7eac7dd7bc30c7747820e3c1649b537f11dbaa9ce6b788b361133bf
5655a2981fa4821fe09c997c84839c16d582d65243c782f45e14c96a977c594e
9584df964369c1141f9fc234c64253d8baeb9d7e3739b157db5f3607292787f2
9830f6abec64b276c9f327cf7c6817ad474b66ea61e4adcb8f914b324da46627
180970fce4a226de05df6d22339dd4ae03dfd5e451dcf2d464b663e86c824b8e
210934a2cc59e1f5af39aa5a18aae1d8c5da95d1a8f34c9cfc3ab42ecd37ac92
a1f9b76ddfdafc47d4a63a04313c577c0c2ffc6202083422b52a00803fd8193d
a5a4dacddfc07ec9051fb7914a19f65c58aad44bbd3740d7b2b995262bd0c09e
a9051dc5e6c06a8904bd8c82cdd6e6bd300994544af2eed72fe82df5f3336fc0
a6020794bd6749e0765966cd65ca6d5511581f47cc2b38e41cb1e7fddaa0b221
b0d25b06e59b4cca93e40992fa0c0f36576364fcf1aca99160fd2a1faa5677a2
c840e3cae2d280ff0b36eec2bf86ad35051906e484904136f0e478aa423d7744
d5df686bb202279ab56295252650b2c7c24f350d1a87a8a699f6034a8c0dd849
d8cc2dc0a96126d71ed1fce73017d5b7c91465ccd4cdcff71712381af788c16d
d62596889938442c34f9132c9587d1f35329925e011465c48c94aa4657c056c7
db5deded638829654fc1595327400ed2379c4a43e171870cfc0b5f015fad3a03
dc182a0f39c5bb1c3a7ae259f06f338bb3d51a03e5b42903854cdc51d06fced6
e94a5bd23da1c6b4b8aec43314d4e5346178abe0584a43fa4a204f4a3f7464b9
e244d1ef975fcebb529f0590acf4e7a0a91e7958722a9f2f5c5c05a23dda1d2c
eb3b4e82ddfdb118d700a853587c9589c93879f62f576e104a62bdaa5a338d7b
ee486e93f091a7ef98ee7e19562838565f3358caeff8f7d99c29a7e8c0286b28
ef08f376128b7afcd7912f67e2a90513626e2081fe9f93146983eb913c50c3a8
efa9e9e5da6fba14cb60cba5dbd3f180cb8f2bd153ca78bbacd03c270aefd894
f0003e08c34f4f419c3304a2f87f10c514c2ade2c90a830b12fdf31d81b0af57
f040a173b954cdeadede3203a2021093b0458ed23727f849fc4c2676c67e25db
f76e001a7ccf30af0706c9639ad3522fd8344ffbdf324307d8e82c5d52d350f2
f92cac1121271c2e55b34d4e493cb64cdb0d4626ee30dc77016eb7021bf63414
f3478ccd0e417f0dc3ba1d7d448be8725193a1e69f884a36a8c97006bf0aa0f4
fa5f32457d0ac4ec0a7e69464b57144c257a55e6367ff9410cf7d77ac5b20949
fae713e25b667f1c42ebbea239f7b1e13ba5dc99b225251a82e65608b3710be7
fcdec9d9b195b8ed827fb46f1530502816fe6a04b1f5e740fda2b126df2d9fd5
fe7a6954e18feddeeb6fcdaaa8ac9248c8185703c2505d7f249b03d8d8897104
ff4c2a91a97859de316b434c8d0cd5a31acb82be8c62b2df6e78c47f85e57740

# https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/xtrader-3cx-supply-chain

tradingtechnologies.com	
		
6e11c02485ddd5a3798bf0f77206f2be37487ba04d3119e2d5ce12501178b378
6e989462acf2321ff671eaf91b4e3933b77dab6ab51cd1403a7fe056bf4763ba
47a8e3b20405a23f7634fa296f148cab39a7f5f84248c6afcfabf5201374d1d1
900b63ff9b06e0890bf642bdfcbfcc6ab7887c7a3c057c8e3fd6fba5ffc8e5d6
19442d9e476e3ef990ce57b683190301e946ccb28fc88b69ab53a93bf84464ae
277119738f4bdafa1cde9790ec82ce1e46e04cebf6c43c0e100246f681ba184e
aa318070ad1bf90ed459ac34dc5254acc178baff3202d2ea7f49aaf5a055dd43
cb374af8990c5f47b627596c74e2308fbf39ba33d08d862a2bea46631409539f
cc4eedb7b1f77f02b962f4b05278fa7f8082708b5a12cacf928118520762b5e2
d937e19ccb3fd1dddeea3eaaf72645e8cd64083228a0df69c60820289b1aa3c0
e185c99b3d1085aed9fda65a9774abd73ecf1229f14591606c6c59e9660c4345
f8c370c67ffb3a88107c9022b17382b5465c4af3dd453e50e4a0bd3ae9b012ce

# https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/apt-attacks-telecoms-africa-mgbot

0bcdcc0515d30c28017fd7931b8a787feebe9ee3819aa2b758ce915b8ba40f99
017187a1b6d58c69d90d81055db031f1a7569a3b95743679b21e44ea82cfb6c7
03bc62bd9a681bdcb85db33a08b6f2b41f853de84aa237ae7216432a6f8f817e
1b8500e27edc87464b8e5786dc8c2beed9a8c6e58b82e50280cebb7f233bcde4
1cf04c3e8349171d907b911bc2a23bdb544d88e2f9b8fcc516d8bcf68168aede
2c0cfe2f4f1e7539b4700e1205411ec084cbc574f9e4710ecd4733fbf0f8a7dc
2dcf9e556332da2a17a44dfceda5e2421c88168aafea73e2811d65e9521c715c
2f4a97dc70f06e0235796fec6393579999c224e144adcff908e0c681c123a8a2
3f75818e2e43a744980254bfdc1225e7743689b378081c560e824a36e0e0a195
5a0976fef89e32ddcf62c790f9bb4c174a79004e627c3521604f46bf5cc7bea2
6d5be3e6939a7c86280044eebe71c566b48981a3341193aa3aff634a3a5d1bbd
7b945fb1bdeb27a35fab7c2e0f5f45e0e64df7821dd1417a77922c9b08acfdc3
7bcff667ab676c8f4f434d14cfc7949e596ca42613c757752330e07c5ea2a453
17dce65529069529bcb5ced04721d641bf6d7a7ac61d43aaf1bca2f6e08ead56
26d129aaa4f0f830a7a20fe6317ee4a254b9caac52730b6fed6c482be4a5c79d
29df6c3f7d13b259b3bc5d56f2cdd14782021fc5f9597a3ccece51ffac2010a0
53d2506723f4d69afca33e90142833b132ed11dd0766192a087cb206840f3692
90e15eaf6385b41fcbf021ecbd8d86b8c31ba48c2c5c3d1edb8851896f4f72fe
98b6992749819d0a34a196768c6c0d43b100ef754194308eae6aaa90352e2c13
585db6ab2f7b452091ddb29de519485027665335afcdb34957ff1425ecc3ec4b
632cd9067fb32ac8fbbe93eb134e58bd99601c8690f97ca53e8e17dda5d44e0e
706c9030c2fa5eb758fa2113df3a7e79257808b3e79e46869d1bf279ed488c36
22069984cba22be84fe33a886d989b683de6eb09f001670dbd8c1b605460d454
54198678b98c2094e74159d7456dd74d12ab4244e1d9376d8f4d864f6237cd79
a6ed16244a5b965f0e0b84b21dcc6f51ad1e413dc2ad243a6f5853cd9ac8da0b
a16a70b0a1ac0718149a31c780edb126379a0d375d9f6007a6def3141bec6810
ae39ced76c78e7c2043b813718e3cd610e1a8adac1f9ad5e69cf06bd6e38a5bd
b5c46c2604e29e24c6eb373a7287d919da5c18c04572021f20b8e1966b86d585
b45355c8b84b57ae015ad0aebfa8707be3f33e12731f7f8c282c8ee51f962292
c1e91a5f9cc23f3626326dab2dcdf4904e6f8a332e2bce8b9a0854b371c2b350
c31b409b1fe9b6387b03f7aedeafd3721b4ec6d6011da671df49e241394da154
c89316e87c5761e0fc50db1214beb32a08c73d2cad9df8c678c8e44ed66c1dab
cb7d9feda7d8ebfba93ec428d5a8a4382bf58e5a70e4b51eb1938d2691d5d4a5
cb8aede4ad660adc1c78a513e7d5724cac8073bea9d6a77cf3b04b019395979a
d9eec27bf827669cf13bfdb7be3fdb0fdf05a26d5b74adecaf2f0a48105ae934
db489e9760da2ed362476c4e0e9ddd6e275a84391542a6966dbcda0261b3f30a
e8be3e40f79981a1c29c15992da116ea969ab5a15dc514479871a50b20b10158
ea2be3d0217a2efeb06c93e32f489a457bdea154fb4a900f26bef83e2053f4fd
ee6a3331c6b8f3f955def71a6c7c97bf86ddf4ce3e75a63ea4e9cd6e20701024
f6f6152db941a03e1f45d52ab55a2e3d774015ccb8828533654e3f3161cfcd21

# https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/play-ransomware-volume-shadow-copy

justiceukraine.com 

137.220.49.66

5ef9844903e8d596ac03cc000b69bbbe45249eea02d9678b38c07f49e4c1ec46
6f95f7f53b3b6537aeb7c5f0025dbca5e88e6131b7453cfb4ee4d1f11eeaebfc
86e4e23f9686b129bfb2f452acb16a4c0fda73cf2bf5e93751dcf58860c6598c
367d47ad48822caeedf73ce9f26a3a92db6f9f2eb18ee6d650806959b6d7d0a2
762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539
1409e010675bf4a40db0a845b60db3aae5b302834e80adeec884aebc55eccbf7
453257c3494addafb39cb6815862403e827947a1e7737eb8168cd10522465deb
a8a7fdbbc688029c0d97bf836da9ece926a85e78986d0e1ebd9b3467b3a72258
c59f3c8d61d940b56436c14bc148c1fe98862921b8f7bad97fbc96b31d71193c
f81bd2ac937ed9e254e8b3b003cc35e010800cbbce4d760f5013ff911f01d4f9
f706bae95a232402488d17016ecc11ebe24a8b6cb9f10ad0fa5cbac0f174d2e7
f71476f9adec70acc47a911a0cd1d6fea1f85469aa16f5873dd3ffd5146ccd6b

# https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/mantis-palestinian-attacks

chloe-boreman.com
criston-cole.com
jumpstartmail.com
paydayloansnew.com
picture-world.info
rnacgroup.com
salimafia.net
seomoi.net
soft-utils.com

5.182.39.44

0a6247759679c92e1d2d2907ce374e4d6112a79fe764a6254baff4d14ac55038
0fb4d09a29b9ca50bc98cb1f0d23bfc21cb1ab602050ce786c86bd2bb6050311
1b62730d836ba612c3f56fa8c3b0b5a282379869d34e841f4dca411dce465ff6
1d1a0f39f339d1ddd506a3c5a69a9bc1e411e057fe9115352482a20b63f609aa
3d649b84df687da1429c2214d6f271cc9c026eb4a248254b9bfd438f4973e529
4a25ca8c827e6d84079d61bd6eba563136837a0e9774fd73610f60b67dca6c02
5af853164cc444f380a083ed528404495f30d2336ebe0f2d58970449688db39e
5ea6bdae7b867b994511d9c648090068a6f50cb768f90e62f79cd8745f53874d
6a0686323df1969e947c6537bb404074360f27b56901fa2bac97ae62c399e061
7ae97402ec6d973f6fb0743b47a24254aaa94978806d968455d919ee979c6bb4
8d1c7d1de4cb42aa5dee3c98c3ac637aebfb0d6220d406145e6dc459a4c741b2
11b81288e5ed3541498a4f0fd20424ed1d9bd1e4fae5e6b8988df364e8c02c4e
82f734f2b1ccc44a93b8f787f5c9b4eca09efd9e8dcd90c80ab355a496208fe4
85b083b431c6dab2dd4d6484fe0749ab4acba50842591292fdb40e14ce19d097
211f04160aa40c11637782973859f44fd623cb5e9f9c83df704cc21c4e18857d
220eba0feb946272023c384c8609e9242e5692923f85f348b05d0ec354e7ac3c
5405ff84473abccc5526310903fcc4f7ad79a03af9f509b6bca61f1db8793ee4
21708cea44e38d0ef3c608b25933349d54c35e392f7c668c28f3cf253f6f9db8
411086a626151dc511ab799106cfa95b1104f4010fe7aec50b9ca81d6a64d299
4840214a7c4089c18b655bd8a19d38252af21d7dd048591f0af12954232b267f
624705483de465ff358ffed8939231e402b0f024794cf3ded9c9fc771b7d3689
58331695280fc94b3e7d31a52c6a567a4508dc7be6bdc200f23f5f1c72a3f724
b6a71ca21bb5f400ff3346aa5c42ad2faea4ab3f067a4111fd9085d8472c53e3
bb6fd3f9401ef3d0cc5195c7114764c20a6356c63790b0ced2baceb8b0bdac51
bc9a4df856a8abde9e06c5d65d3bf34a4fba7b9907e32fb1c04d419cca4b4ff9
c4b9ad35b92408fa85b92b110fe355b3b996782ceaafce7feca44977c037556b
cb765467dd9948aa0bfff18214ddec9e993a141a5fdd8750b451fd5b37b16341
d10a2dda29dbf669a32e4198657216698f3e0e3832411e53bd59f067298a9798
d420b123859f5d902cb51cce992083370bbd9deca8fa106322af1547d94ce842
f38ad4aa79b1b448c4b70e65aecc58d3f3c7eea54feb46bdb5d10fb92d880203
f98bc2ccac647b93f7f7654738ce52c13ab477bf0fa981a5bf5b712b97482dfb
f2168eca27fbee69f0c683d07c2c5051c8f3214f8841c05d48897a1a9e2b31f8	
		
# https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/3cx-supply-chain-attack

akamaicontainer.com
akamaitechcloudservices.com
azuredeploystore.com
azureonlinecloud.com
azureonlinestorage.com
dunamistrd.com
glcloudservice.com
journalide.org
msedgepackageinfo.com
msstorageazure.com
msstorageboxes.com
officeaddons.com
officestoragebox.com
pbxcloudeservices.com
pbxphonenetwork.com
pbxsources.com
qwepoi123098.com
sbmsa.wiki
sourceslabs.com
visualstudiofactory.com
zacharryblogs.com

2c9957ea04d033d68b769f333a48e228c32bcf26bd98e51310efd48e80c1789f
4e08e4ffc699e0a1de4a5225a0b4920933fbb9cf123cde33e1674fde6d61444f
8c0b7d90f14c55d4f1d0f17e0242efd78fd4ed0c344ac6469611ec72defa6b2d
11be1803e2e307b647a8a7e02d128335c448ff741bf06bf52b332e0bbf423b03
59e1edf4d82fae4978e97512b0331b7eb21dd4b838b850ba46794d9c7a2c0983
210c9882eba94198274ebc787fe8c88311af24932832a7fe1f1ca0261f815c3d
268d4e399dbbb42ee1cd64d0da72c57214ac987efbb509c46cc57ea6b214beca
2487b4e3c950d56fb15316245b3c51fbd70717838f6f82f32db2efcc4d9da6de
5407cda7d3a75e7b1e030b1f33337a56f293578ffa8b3ae19c671051ed314290
7986bbaee8940da11ce089383521ab420c443ab7b15ed42aed91fd31ce833896
92005051ae314d61074ed94a52e76b1c3e21e7f0e8c1d1fdd497a006ce45fa61
a64fa9f1c76457ecc58402142a8728ce34ccba378c17318b3340083eeb7acc67
a541e5fc421c358e0a2b07bf4771e897fb5a617998aa4876e0e1baa5fbb8e25c
aa4e398b3bd8645016d8090ffc77d15f926a8e69258642191deb4e68688ff973
aa124a4b4df12b34e74ee7f6c683b2ebec4ce9a8edcf9be345823b4fdcf5d868
b86c695822013483fa4e2dfdf712c5ee777d7b99cbad8c2fa2274b133481eadb
c13d49ed325dec9551906bafb6de9ec947e5ff936e7e40877feb2ba4bb176396
c62dce8a77d777774e059cf1720d77c47b97d97c3b0cf43ade5d96bf724639bd
c485674ee63ec8d4e8fde9800788175a8b02d3f9416d0e763360fff7f8eb4e02
d0f1984b4fe896d0024533510ce22d71e05b20bad74d53fae158dc752a65782e
d51a790d187439ce030cf763237e992e9196e9aa41797a94956681b6279d1b9a
d459aa0a63140ccc647e9026bfd1fccd4c310c262a88896c57bbe3b6456bd090
dde03348075512796241389dfea5560c20a3d2a2eac95c894e7bbed5e85a0acc
e059c8c8b01d6f3af32257fc2b6fe188d5f4359c308b3684b1e0db2071c3425c
e6bbc33815b9f20b0cf832d7401dd893fbc467c800728b5891336706da0dbcec
f1bf4078141d7ccb4f82e3f4f1c3571ee6dd79b5335eb0e0464f877e6e6e3182
f47c883f59a4802514c57680de3f41f690871e26f250c6e890651ba71027e4d3
fad482ded2e25ce9e1dd3d3ecc3227af714bdfbbde04347dbc1b21d6a3670405
fee4f9dabc094df24d83ec1a8c4e4ff573e5d9973caa676f58086c99561382d7

# https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/blackfly-espionage-materials

1cc838896fbaf7c1996198309fbf273c058b796cd2ac1ba7a46bee6df606900e
4ae2cb9454077300151e701e6ac4e4d26dc72227135651e02437902ac05aa80d
5e51bdf067e5781d2868d97e7608187d2fec423856dbc883c6f81a9746e99b9f
100cad54c1f54126b9d37eb8c9e426cb609fc0eda0e9a241c2c9fd5a3a01ad6c
192ef0dee8df73eec9ee617abe4b0104799f9543a22a41e28d4d44c3ad713284
452d08d420a8d564ff5df6f6a91521887f8b9141d96c77a423ac7fc9c28e07e4
498e8d231f97c037909662764397e02f67d0ee16b4f6744cf923f4de3b522bc1
560ea79a96dc4f459e96df379b00b59828639b02bd7a7a9964b06d04cb43a35a
714cef77c92b1d909972580ec7602b0914f30e32c09a5e8cb9cb4d32aa2a2196
88113bebc49d40c0aa1f1f0b10a7e6e71e4ed3ae595362451bd9dcebcf7f8bf4
a3acb9f79647f813671c1a21097a51836b0b95397ebc9cd178bc806e1773c864
a3078d0c4c564f5efb1460e7d341981282f637d38048501221125756bc740aac
b28456a0252f4cd308dfb84eeaa14b713d86ba30c4b9ca8d87ba3e592fd27f1c
caba1085791d13172b1bb5aca25616010349ecce17564a00cb1d89c7158d6459
cf6bcd3a62720f0e26e1880fe7ac9ca6c62f7f05f1f68b8fe59a4eb47377880a
d4e1f09cb7b9b03b4779c87f2a10d379f1dd010a9686d221c3a9f45bda5655ee
e1e0b887b68307ed192d393e886d8b982e4a2fd232ee13c2f20cd05f91358596
f138d785d494b8ff12d4a57db94958131f61c76d5d2c4d387b343a213b29d18f

# https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/clasiopa-materials-research

0550e1731a6aa2546683617bd33311326e7b511a52968d24648ea231da55b7e5
3aae54592fe902be0ca1ab29afe5980be3f96888230d5842e93b3ca230f8d18d
5b74b2176b8914b0c4e6215baab9e96d1e9a773803105cf50dac0427fac79c1b
8aa6612c95c7cef49709596da43a0f8354f14d8c08128c4cb9b1f37e548f083b
38f0f2d658e09c57fc78698482f2f638843eb53412d860fb3a99bb6f51025b07
95f76a95adcfdd91cb626278006c164dcc46009f61f706426b135cdcfa9598e3
940ab006769745b19de5e927d344c4a4f29cae08e716ee0b77115f5f2a2e3328
8023b2c1ad92e6c5fec308cfafae3710a5c47b1e3a732257b69c0acf37cb435b
1569074db4680a9da6687fb79d33160a72d1e20f605e661cc679eaa7ab96a2cd
c94c42177d4f9385b02684777a059660ea36ce6b070c2dba367bf8da484ee275
f93ddb2377e02b0673aac6d540a558f9e47e611ab6e345a39fd9b1ba9f37cd22

# https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/hydrochasma-asia-medical-shipping-intelligence-gathering

alidocs.dingtalk.com.wswebpic.com
csc.zte.com.cn.wswebpic.com
taoche.cn.wswebpic.com

39.101.194.61
47.92.138.241
106.14.184.148
180.119.234.147

02fe00ffd1b076983f3866c04ca95c56cef88c2564fabb586e11e54986e87ba7
084d1fc4236011d442801e423485c8e58f68dc14ec0a8b716fa0fd210de43dda
1d087f6a17227769bcebc799a2cdf1bb2a8fdf6ba560d21a88bb71f1c213a42c
5a62abc0a2208679e414cc71d1f36ffa14b48df2b73ac520e45d557ad77dd004
6cb815863088a0ad367b2a525a572323600596f6875a79536aee57202ef24fd5
6f017ad84d0d06f50b6213a0742838b5ec510f3d06f96e0300048f2da6a35c41
7b410fa2a93ed04a4155df30ffde7d43131c724cdf60815ee354988b31e826f8
7f0807d40e9417141bf274ef8467a240e20109a489524e62b090bccdb4998bc6
7f6a1d6950a9464f27d8651a267563d4630d223bf7ac66851917a57f8fac6550
8c0f0d1acb04693a6bdd456a6fcd37243e502b21d17c8d9256940fc7943b1e9a
8e32ea45e1139b459742e676b7b2499810c3716216ba2ec55b77c79495901043
9e8b5a84ad108a761619ca040788dcbf07996a9101cecc5c30ba61f9a06945c1
9ebd789e8ca8b96ed55fc8e95c98a45a61baea3805fd440f50f2bde5ffd7a372
9f5f7ba7d276f162cc32791bfbaa0199013290a8ac250eb95fd90bc004c3fd36
41b6d26926706bb68530ddff234f69757e3bbef91c47eb0255313ed86cb3f806
47d328c308c710a7e84bbfb71aa09593e7a82b707fde0fb9356fb7124118dc88
72bc8b30df3cdde6c58ef1e8a3eae9e7882d1abe0b7d4810270b5a0cc077bb1a
327fc116f8f48f97292184bb50cb3db418f368b3e2a0fb41267ba40254a35a89
409f89f4a00e649ccd8ce1a4a08afe03cb5d1c623ab54a80874aebf09a9840e5
553e0763cf3a938b5754c9d89939a118abe0b235e4be6920c34f562bd758e586
916b63b88de2549c4a5c8e13d51df4cf6996067ae30f24c8bb35c66db7c061df
968b28f7d6abb845f2cc7efa93cdcf7660585e22d589267695726de13afea260
981e5f7219a2f92a908459529c42747ac5f5a820995f66234716c538b19993eb
1744fac628262aa0cf3810bd5168375959be41764c8ca2fa41950a7b1f8f2fad
3516f94b0fb57e93c6659d813cbf5fb3617dea7a667c78cb70a1914306327906
6698a81e993363fab0550855c339d9a20a25d159aaa9c4b91f60bb4a68627132
6770f815480d7cfa0a6fc8599c08ca6013f608d257a2121233e77374e21c53f8
7229bd06cb2a4bbe157d72a3734ba25bc7c08d6644c3747cdc4bcc5776f4b5b9
7394ab0ed6d1f62e83fc5f8f1eb720ddd07cbd2bcdf6a00b9b63ef6018fa5f90
7800a4fb0cbdf29815c521ea8b00a23e28d7eb365653f2afcfb5572622727218
44223e5abd106c077908f03c93b8c8baee7d630f1718f9750f16b786cf88fd06
84502fbe3e5172c39e9a97734e6caac79255abffcb55c22752620d908ff33940
72885373e3e8404f1889e479b3d46dd8111280379c4065bfc1e62df093e42aba
a0f5966fcc64ce2d10f24e02ae96cdc91590452b9a96b3b1d4a2f66c722eec34
b5c4f420067499522b748a34161ad6e140a7f30ab0b8fa63feef760c5e631679
b53d0a43ea91b3c80bc6c87c0c6946816c38876b2cb2f6f772afe94c54d3ad30
cb03b5d517090b20749905a330c55df9eb4d1c6b37b1b31fae1982e32fd10009
d0ae66022929c17f31ddf98d88817f0aa70a56ce2ff2df9595b8889c2d3d7e31
d1c4968e7690fd40809491acc8787389de0b7cbc672c235639ae7b4d07d04dd4
d92c50a91bd5b2f06f41a9a5f9937e50b78658d46e3cd04bc3a85f270ce288c2
dc3b714fd6f93c0c0cd2685b6b8cd551896855474bdd09593b8c6b4b7ab6bac2
de01492b44372f2e4e38354845e7f86e0be5fb8f5051baafd004ec5c1567039f
e378d8b5a35d4ec75cae7524e64c1d605f1511f9630c671321ee46aa7c4d378b
e7684a4984d9d82115c5cc1b43b9f63a11e7ed333a4e2d92dc15b6e931634bf4
eba22f50eedfec960fac408d9e6add4b0bd91dd5294bee8cff730db53b822841
ebc3dabf0a2dafb0790be6dbb4d3509b5ce1259b955172910618a32627b3b668
ee9aefde33ed48d16ecb1c41256fc7d93ddfa8bedfa59b95e8810282ac164d0d
f35b206fe10ad3f57d9c4ecf71a2d2cc06d7c7fe905e567b989f72f147da99dc
f73738e6e33286657cda81f618a74b74745590915a8f4451e7c00473cbe89e1d
fc4b5f2ee9da1fe105bb1b7768754d48f798bf181cbc53583387578a5ebc7b56
fc8a67b80b0b0ecd10dfd90820ffc64923b94c32b04dbb6929a79b9ce027563c
ffdcf74968805e9cc897ca932e4da0f22ea7b3e9b96fcc9082c0c5300ae4cb0d