## hosts-blocklists
## domains-ips-hashes

## blocklists-yoroi
## https://yoroi.company/blog/


# https://yoroi.company/en/research/innovation-in-cyber-intrusions-the-evolution-of-ta544/

center.onthewifi.com
datastream.myvnc.com
gservicese.com
listpoints.click
listpoints.online
retghrtgwtrgtg.bounceme.net

6e5db2efcad7fbacc72f1db53741d342a2524a481c4835885fe6c3a46e9036b3
2289f5e6c2e87cf4265ed7d05ef739d726ebd82614a1b856d4b5964834d307c9
dd277db4beda582c70402c9163491da27fde7cba2906f15e5beb8b2a394c400b
e02471f33d07a4f9046be6e7b15de68093bb72fdd15b61f3033aea57d9940108

# https://yoroi.company/en/research/unveiling-vetta-loader-a-custom-loader-hitting-italy-and-spread-through-infected-usb-drives/

bobsmith.apiworld.cf
captcha.grouphelp.top
captcha.tgbot.it
eu1.microtunnel.it
evinfeoptasw.dedyn.io
geraldonsboutique.altervista.org
lucaespo.altervista.org
luke.compeysonp.eu.org
monumental.ga
ncnskjhrbefwifjhww.tk
studiofotografico35mm.altervista.org
wjecpujpanmwm.tk

060882f97ace7cb6238e714fd48b3448939699e9f085418af351c42b401a1227
4f05f962f321aa294e8dd185c6c86891183d175f54863e49e0151c1237287eb8
5dcbfc437c20e2e5e25a717017fd525cbe4834ce888c47002001c28cf85c20b8
8a492973b12f84f49c52216d8c29755597f0b92a02311286b1f75ef5c265c30d
8c25b73245ada24d2002936ea0f3bcc296fdcc9071770d81800a2e76bfca3617
8eff1963dbfb05c51be299ca74fb40cc8b4ddf204c94f508173744466fdb8749
15d977dae1726c2944b0b4965980a92d8e8616da20e4d47d74120073cbc701b3
39ae5ca001383b9bd0e97eb6877279a9f366935a49f511e3a51b1aefdc85ee7e
90cb376fba68978a556af5861c5b8084c18ad62c75d08ac29dd768ad1029c150
180b12a5f16ff2269d640b5a28d0b1d46013f3f163ee8b3c3b34166905c78e0c
218a819360df70ecc4cdbdfac4fbc0e49be3f4cadbad04d591a3de992617dac2
686a6fe6db2b8510555559f05132d5f9776051c74d91d96f0ac7eed1a33f8d4d
81875a13eded6ccf4ea0a41cdcf62f62287aba9fb2cd80d2e7444fae6340882b
84674ae8db63036d1178bb42fa5d1b506c96b3b22ce22a261054ef4d021d2c69
742170a2102136e2d96dfe1ce9c2a41a6c049777b541723ea6d90dc22c48503b
664194273245a994abf929898d9ca5ec5cfb594d4b024935050dd9f6a1a42b67
a4f20b60a50345ddf3ac71b6e8c5ebcb9d069721b0b0edc822ed2e7569a0bb40
a47e7b940c6387b21ad32181c85a7972c43d2568e26f35c28f8ea9fde0cb3cea
b9ffba378d4165f003f41a619692a8898aed2e819347b25994f7a5e771045217
ca0ec4e1dde27b42c0df0cd9278289dce950adbad32dc178f058c503fa939381
d9ebb6958afcd1907651487062108ec56a2af9eb935f2437156584081cb56b2f
e78f9fc1df1295c561b610de97b945ff1a94c6940b59cdd3fcb605b9b1a65a0d

# https://yoroi.company/en/warning/vulnerabilita-su-sysaid-attivamente-sfruttata-in-the-wild/

45.155.37.105
45.182.189.100
81.19.138.52
179.60.150.34

2035a69bc847dbad3b169cc74eb43fc9e6a0b6e50f0bbad068722943a71a4cca
b5acf14cdac40be590318dee95425d0746e85b1b7b1cbd14da66f21f2522bf4d 

# https://yoroi.company/en/research/how-an-apt-technique-turns-to-be-a-public-red-team-project/

193.37.254.27

2d866ccf2b24e3b922abb3d3980c2ed752d86b6c017bc2bf7a1c209aa9464643
5e352c8f55ed9be1142b09e13df7b3efac7ea9e6173b6792d9a5c44dedc3a4ee
6f08ce39072bdacf4a98578ca6b508b68b2c78ed2a378c73a1c87595f9d0c591
664b8fbd825db53ccfc5712f7cd54c71bf53f0791b1bd42af8517729653ae7ae
17494a7687c8e57be6fcd486bc34aaa120105729196474ccffd078d8aa256f87
4240201a9d957a01676ab7165d112d03c7dbdba7b34778407e7b73344b3fd158
a855012a9e198837eae04295de56d28e9258da1e933c56805b39b1f8d0d03c56
bcc7c41209afcf67858b3ef80f0afa1eabf2e4faadcaa23bacc9aa5d57b9d836
c8ca2199aabae9af5c59e658d11a41f76af4576204c23bf5762825171c56e5e8
dda686d6fda52c6ab3c084b7024cfc68dba60ae2143a1095659b795f84cf2329
f62e0ec08b15f9a4f3178c77ad540bd7369d1341472fdcbc88aecc0ed29c0387
ffd5114ffb3a2f66757cecb2fb0079cceaa42a4b42ded566e76b7d58b4effac5

# https://yoroi.company/en/warning/campagna-operation-triangulation-che-sfruttano-vulnerabilita-0-day-di-tipo-0-click-su-dispositivi-mobili-apple/

addatamarket.net
ans7tv.net
anstv.net
backuprabbit.com
businessvideonews.com
cloudsponcer.com
datamarketplace.net
growthtransport.com
mobilegamerstats.com
snoweeanalytics.com
tagclick-cdn.com
topographyupdates.com
unlimitedteacup.com
virtuallaughing.com
web-trackers.com

063db86f015fe99fdd821b251f14446d 

1a321b77be6a523ddde4661a5725043aba0f037f 

fd9e97cfb55f9cfb5d3e1388f712edd952d902f23a583826ebe55e9e322f730f 

# https://yoroi.company/en/warning/n010623-dispositivi-barracuda-esg-email-security-gateway-compromessi/

1bbb32610599d70397adfdaf56109ff3
1fea55b7c9d13d822a64b2370d015da7
2ccb9759800154de817bf779a52d48f8
4b511567cfa8dbaa32e11baf3268f074
4cd0f3219e98ac2e9021b06af70ed643
5d6cba7909980a7b424b133fbac634ac
19ebfe05040a8508467f9415c8378f32
64c690f175a2d2fe38d3d7c0d0ddbb6e
82eaf69de710abdc5dea7cd5cb56cf04
177add288b289d43236d2dba33e65956
827d507aa3bde0ef903ca5dec60cdec8
881b7846f8384c12c7481b23011d8e45
a08a99e5224e1baf569fda816c991045
cd2813f0260d63ad5adf0446253c2172
e80a85250263d58cc1a1dc39d6cf3942
f5ab04a920302931a8bd063f27b745cc

# https://yoroi.company/en/research/money-ransomware-the-latest-double-extortion-group/

bbdac308d2b15a4724de7919bf8e9ffa713dea60ae3a482417c44c60012a654b

# https://yoroi.company/en/warning/supply-chain-attack-ai-danni-di-3cx-client-desktop-app/

akamaicontainer.com
akamaitechcloudservices.com
azuredeploystore.com
azureonlinecloud.com
azureonlinestorage.com
dunamistrd.com
glcloudservice.com
journalide.org
msedgepackageinfo.com
msstorageazure.com
msstorageboxes.com
officeaddons.com
officestoragebox.com
pbxcloudeservices.com
pbxphonenetwork.com
pbxsources.com
qwepoi123098.com
sbmsa.wiki
sourceslabs.com
visualstudiofactory.com
zacharryblogs.com

2c9957ea04d033d68b769f333a48e228c32bcf26bd98e51310efd48e80c1789f
4e08e4ffc699e0a1de4a5225a0b4920933fbb9cf123cde33e1674fde6d61444f
7c55c3dfa373b6b342390938029cb76ef31f609d9a07780772c6010a4297e321
8c0b7d90f14c55d4f1d0f17e0242efd78fd4ed0c344ac6469611ec72defa6b2d
11be1803e2e307b647a8a7e02d128335c448ff741bf06bf52b332e0bbf423b03
59e1edf4d82fae4978e97512b0331b7eb21dd4b838b850ba46794d9c7a2c0983
210c9882eba94198274ebc787fe8c88311af24932832a7fe1f1ca0261f815c3d
268d4e399dbbb42ee1cd64d0da72c57214ac987efbb509c46cc57ea6b214beca
2487b4e3c950d56fb15316245b3c51fbd70717838f6f82f32db2efcc4d9da6de
5407cda7d3a75e7b1e030b1f33337a56f293578ffa8b3ae19c671051ed314290
7986bbaee8940da11ce089383521ab420c443ab7b15ed42aed91fd31ce833896
92005051ae314d61074ed94a52e76b1c3e21e7f0e8c1d1fdd497a006ce45fa61
a64fa9f1c76457ecc58402142a8728ce34ccba378c17318b3340083eeb7acc67
a541e5fc421c358e0a2b07bf4771e897fb5a617998aa4876e0e1baa5fbb8e25c
aa4e398b3bd8645016d8090ffc77d15f926a8e69258642191deb4e68688ff973
aa124a4b4df12b34e74ee7f6c683b2ebec4ce9a8edcf9be345823b4fdcf5d868
b86c695822013483fa4e2dfdf712c5ee777d7b99cbad8c2fa2274b133481eadb
c13d49ed325dec9551906bafb6de9ec947e5ff936e7e40877feb2ba4bb176396
c62dce8a77d777774e059cf1720d77c47b97d97c3b0cf43ade5d96bf724639bd
c485674ee63ec8d4e8fde9800788175a8b02d3f9416d0e763360fff7f8eb4e02
d0f1984b4fe896d0024533510ce22d71e05b20bad74d53fae158dc752a65782e
d51a790d187439ce030cf763237e992e9196e9aa41797a94956681b6279d1b9a
d459aa0a63140ccc647e9026bfd1fccd4c310c262a88896c57bbe3b6456bd090
dde03348075512796241389dfea5560c20a3d2a2eac95c894e7bbed5e85a0acc
e059c8c8b01d6f3af32257fc2b6fe188d5f4359c308b3684b1e0db2071c3425c
e6bbc33815b9f20b0cf832d7401dd893fbc467c800728b5891336706da0dbcec
f1bf4078141d7ccb4f82e3f4f1c3571ee6dd79b5335eb0e0464f877e6e6e3182
f47c883f59a4802514c57680de3f41f690871e26f250c6e890651ba71027e4d3
fad482ded2e25ce9e1dd3d3ecc3227af714bdfbbde04347dbc1b21d6a3670405
fee4f9dabc094df24d83ec1a8c4e4ff573e5d9973caa676f58086c99561382d7

# https://yoroi.company/en/research/ducktail-dissecting-a-complex-infection-chain-started-from-social-engineering/