# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Aliases: aggha, dtloader, haggah, negasteal, pretoria # Reference: https://twitter.com/James_inthe_box/status/1040718336173137920 host2.azaronline.com # Reference: https://twitter.com/avman1995/status/1039929322612641792 mail.efx.net.nz # Reference: https://twitter.com/James_inthe_box/status/1039878859007569920 # Reference: https://www.virustotal.com/#/ip-address/37.59.117.243 http://37.59.117.243 # Reference: https://twitter.com/avman1995/status/1040493935234371584 ftp://ftp.fasttradeco.com # Reference: https://twitter.com/MalwareHunterBR/status/1016486687059402752 herosoup.org # Reference: https://twitter.com/ViriBack/status/983011333506588672 # Reference: https://pastebin.com/nwWHHFe0 # Reference: http://tracker.viriback.com/dump.php (# 2019-11-04, AgentTesla) http://190.97.166.194 190.97.166.194:8080 aaatechh.com agent.rooderoofing.com.au arbistars.com bobby.ziraat-helpdesk.com brther-group.com callvaxglobal.com captainbugattiautos.com ceoinboxs.com chibu.ziraat-helpdesk.com chisom.ziraat-helpdesk.com dashi-dashi.ziraat-helpdesk.com data-startssllink.com eizzy.haoldd.com elb.haoldd.com emaaiil-163.com emy.agrillcs.com etvidanueva.com excelaires.com ezeoma.agrillcs.com figure.agrillcs.com files.ziraat-helpdesk.com flopdlsofrd.com forteol.com free.agrillcs.com grindtreu.online haoldd.com ike.agrillcs.com isa.haoldd.com jboy.agrillcs.com jizzy.ziraat-helpdesk.com joe.ziraat-helpdesk.com kc.ziraat-helpdesk.com kelvin.agrillcs.com kodarkalaris.com magnaki.com marchforward.usa.cc mi.haoldd.com milonestlevevy.com oceantrading-jp.co okey.haoldd.com pounds.ngrok.io prominienttec.com shileniniliv.com siamzime.com sindevil.com sm.rooderoofing.com.au small-kelly.agrillcs.com tonishl.ga tonishl.ml uccftl.org valedein.com workupdates.net yg.haoldd.com zomcnxbilo.com # Reference: https://twitter.com/James_inthe_box/status/1046070749138735110 shahrproject.ir/wp--admin/ # Reference: https://twitter.com/James_inthe_box/status/1044198938847244289 moranhq.duckdns.org # Reference: https://twitter.com/Jan0fficial/status/1047023512383311873 venividivici.host # Reference: https://twitter.com/Jan0fficial/status/1047051546851254272 etvidanueva.com/photos/images/WebPanel/login.php etvidanueva.com/photos/images/fulls/WebPanel/login.php # Reference: https://twitter.com/Jan0fficial/status/1047053960689987584 allpeople.cc/WebPanel/ # Reference: https://twitter.com/James_inthe_box/status/1047495498867728384 hp-compoundlng.com/zuniga/zuniga.php # Reference: https://twitter.com/avman1995/status/1046620646137102336 repoyochar2u.ddns.net repoyochar2u.hopto.org # Generic callback path /zuniga.php # Reference: https://twitter.com/Racco42/status/1055370151984537602 ftp.dolphins-gb.com # Reference: https://twitter.com/casual_malware/status/1107441450415992832 rat8882018.bounceme.net # Reference: https://twitter.com/ItsReallyNick/status/925754844706689024 regiusersme63.com twendekazi.co.ke # Reference: https://twitter.com/JAMESWT_MHT/status/1111231704847581185 server15.thcservers.com # Reference: https://twitter.com/JAMESWT_MHT/status/1117787548787597313 # Reference: https://app.any.run/tasks/a7f299b3-0b84-4403-a75f-7fb45700e14e severeweatheralerts02.severeweatheralerts.net # Reference: https://otx.alienvault.com/pulse/5cb636d8706621055e694e0a # Reference: https://twitter.com/_cpresearch_/status/1118201474809462784 checkoutspace.com # Reference: https://twitter.com/dvk01uk/status/1137669359273435138 # Reference: https://app.any.run/tasks/318a9aa9-8c2e-4d21-9a4c-aa023de19d74/ mail.trezaexim.com # Reference: https://twitter.com/Lvanoel/status/1140500849904537600 # Reference: https://app.any.run/tasks/b4361590-d24e-4a4d-a273-5776ee377b08/ mail.jyotistrips.com # Reference: https://twitter.com/JAMESWT_MHT/status/1142020465063538689 # Reference: https://app.any.run/tasks/1f643b34-6d92-4bb6-88e1-2aa21e524d20/ mail.crypy.top # Reference: https://twitter.com/killamjr/status/1143288308300013568 vr9519.club # Reference: https://twitter.com/B1naryG/status/1143818690040860673 # Reference: https://app.any.run/tasks/3b4e7470-3144-47e3-8caf-ad069c4a5419/ algadeed-com.ga mail.sweeddehacklord.us # Reference: https://github.com/pan-unit42/iocs/edit/master/agenttesla/agenttesla_panels.txt 123.makologg.website 13020.vhost.myvirtualserver.de 13140.vhost.myvirtualserver.de a-work.info addmehosts.com admin.downloadtip.club agenttesla.com agentteslapanel.site airnicoltd.biz appleconnect.online blasternoon.ru blockchian.us bossbadoo123.000webhostapp.com brunam90.me cellularwizard.biz china-smi.biz classicfllters.com cloud9files.net coleweinman1.000webhostapp.com combinaparts.com comebackto.info compassiwater.com cp.gonerallying.com csgoshuffle.trade cyberfreakz.cf daalkha.com darkmat3r-v3nom.lawcost.com davcandle.life defaomfg.com diplomaticcourier.net dongabito.com douglascellings.com dovemessengers.com dropped.cf e-paymentonline.online egoigwe.date elihanss.ru emailaccountsupdate.com emybeks.diplomaticsecurityservicelondon.com essentialsupdate.com exam2quiz.com.ng eyeover.it fash2v.com fbillion.essentialtechsolutions.com frank.diplomaticsecurityservicelondon.com franklinpanel.xyz frankpanel.xyz friendfinances.com fundz1st.fav.al futurarice.com graficafolha.com.br halifacxz.com helofitsol.com hiflowwing.com hopewordnlos.info hoplikes.com hp.gonerallying.com hugoslyltd.com hummerenergyinc.com hustle.paneltesla.net ibouz.co.business icoud.online iiltd.xyz januoey.com jerelpacks.com jpoffice2017.xyz karmakintra.com kf3nqetgl3p3qlvnl4ze.ru kidertalerz.com killatenderz.com kolapharma.com koloongroupinc.ru lakhakaidea.com libazo.com magosnegt.net maxibrainz.net mctagents.ml mgelectroncs.com miloill.com mitch.sudimex.ml mnbvcxzus.com mogosan.com mqbearing.club mrabengo.com nckportugal.com nellsonn.com newseuro2015.org nexuscoltd.com notifuls.com onlinesypoi.com optifinecapes.us panel.profitstakers.com panelci.xyz panelone.xyz panelp.xyz paneltesla.net pansha.regworldmail.com pegeng-ch.com petush32.beget.tech picasuminion.com plasdic.com pron.wonkarima.ru robphish.xyz rootjoy20.net roperspump.com saintahotel.com secpolicy.info senator1st.fav.al sender.agenttesla.com shalla.eyeofbangladesh.com shingrela.com signaturehealthcarltd.com smartmanber.com someshitejob.ru sosignshome.com steamstatus.pw stlmre.xyz suabepga.net suchsuggestions.com sweed-office.comie.ru syncav.ms-sync.com t1st.fav.al t2st.fav.al t3st.fav.al t4st.fav.al t5st.fav.al tecomou1d.com tesla.dailyawamitime.com tesla.lawcost.com teslalogs.club toke.paneltesla.net tokimecltd.ru tomfill.xyz trade-accounts.com transfoffer.com transstates.us u-nyx.ru ugo.diplomaticsecurityservicelondon.com upgr-serv.com vacanzaimmobiliare.it vimeostream.com viprecycleresourcesltd.com vivaasindustry.com weviio.com wlttraco.com womensmuseumca.org wonkarima.ru xbool.ru xboolean.com xz2dtd11bm97h36.host yeubiope.com you.paneltesla.net yyyxyyxxyxxx.xyz zjxhqd.com # Reference: https://twitter.com/killamjr/status/1145131854984556545 spellsove.duckdns.org # Reference: https://blog.talosintelligence.com/2019/07/sweed-agent-tesla.html Oralbdentaltreatment.tk aelna.com aiaininsurance.com aidanube.com anernostat.com blssleel.com bwayachtng.com cablsol.com candqre.com catalanoshpping.com cawus-coskunsu.com crosspoiimeri.com dougiasbarwick.com erieil.com etqworld.com evegreen-shipping.com gufageneys.com hybru.com intermodaishipping.net jltqroup.com jyexports.com kayneslnterconnection.com kn-habour.com leocouriercompany.com lnnovalues.com mglt-mea.com mti-transt.com profbuiiders.com quycarp.com regionaitradeinspections.com repotc.com rsaqencies.com samhwansleel.com serec.us snapqata.com spedaqinterfreight.com sukrltiv.com supe-lab.com sweed-office.comie.ru sweed-viki.ru sweeddehacklord.us sweedoffice-bosskobi.duckdns.org sweedoffice-chuks.duckdns.org sweedoffice-goodman.duckdns.org sweedoffice-kc.duckdns.org sweedoffice-olamide.duckdns.org sweedoffice.duckdns.org usarmy-mill.com virdtech.com willistoweswatson.com wlttraco.com worldjaquar.com xlnya-cn.com zarpac.us zurieh.com # Reference: https://twitter.com/stoerchl/status/1157237675302240257 serverstresstestgood.duckdns.org # Reference: https://twitter.com/dvk01uk/status/1159391837553090560 server1.monovm.com # Reference: https://any.run/report/3c240ee0a740b57daea65b81faa99b951731f23c694bb5b6964b553152ee8d6c/1561dcbd-2a96-469a-8822-7cf9d495441e helsanaa.com # Reference: https://app.any.run/tasks/ab36a3dc-063e-41ee-8077-dc501f4d1403/ # Reference: https://brica.de/alerts/alert/public/1263301/agenttesla-keylogger-and-binary-options-scam/ mail.tendertradeforex.co.uk # Reference: https://app.any.run/tasks/c1c8ad7a-f1d0-4ddf-b1d7-648d8f097ef8/ smtp.odogwugroup.icu # Reference: https://app.any.run/tasks/d4aff5ad-9b44-42f0-8165-74731e1114c4/ smtp.rexsativa.com # Reference: https://app.any.run/tasks/df208288-e4f1-4efd-99ee-12c2e37905c4/ mail.interflow.com.pk tfvn.com.vn # Reference: https://app.any.run/tasks/8b18fd2b-2610-49b0-9dea-55b45742adc5/ smtp.iconic-qrp.com # Reference: https://app.any.run/tasks/8b668f18-5854-43ef-a2af-f4e8ee9b9b55/ server1.monovm.com # Reference: https://twitter.com/dvk01uk/status/1171723427138420738 # Reference: https://app.any.run/tasks/fef429fb-bec4-4368-9b3e-9e37866221c7/ mail.appliedfuturevison.com # Reference: https://twitter.com/wwp96/status/1173611784743378944 # Reference: https://app.any.run/tasks/948a6bd8-0cfb-4a82-a3f9-1e631965900b/ workbigfinetonychuckgoodallarefinezynovaexploitgood.warzonedns.com Reference: https://app.any.run/tasks/43064ac6-b617-44c8-8942-bacf12288dfc/ smtp.uml-db.com # Reference: https://app.any.run/tasks/7545bb05-60f9-4995-b6ee-e5b32a8783ec/ smtp.nifl.icu # Reference: https://twitter.com/Lvanoel/status/1173838721201922048 # Reference: https://app.any.run/tasks/1b86cdd7-f235-4159-ab74-127bd0d0912a/ 5.9.3.218:26 mail.siicegypt.com # Reference: https://twitter.com/reecdeep/status/1174270764461244417 # Reference: https://app.any.run/tasks/f3372717-35fb-43fc-aa1e-073bc762c39e/ 198.187.29.188:26 mail.cjcurrent.com # Reference: https://twitter.com/wwp96/status/1176581010554793984 # Reference: https://twitter.com/JAMESWT_MHT/status/1461271475000946688 # Reference: https://app.any.run/tasks/ed1bc8c6-d83b-4dfd-9b6e-2b3ad128c83a/ server240.web-hosting.com server263.web-hosting.com # Reference: https://twitter.com/wwp96/status/1178661072993173504 smtp.kobitek-tr.com # Reference: https://www.virustotal.com/gui/url/752918f8cfbeff0e6bbb5f0c62edc1bedca657b5eb659ab07d610260e3b7a48d/details # Reference: https://urlhaus.abuse.ch/url/235725/ # Reference: https://any.run/report/2ff7a5b19dbf914d2607623b255fc392b20e86a61109cac6de96cf214e88f963/2a188e52-c397-4805-b62a-faefe02c9d8f wirelord.us # Reference: https://precisionsec.com/threat-intelligence-feeds/agenttesla/ khotawa.com xdzzs.com demo.shopping.co.mz # Reference: https://urlhaus.abuse.ch/url/236622/ decodes.in # Reference: https://urlhaus.abuse.ch/url/236510/ cafe-milito.com # Reference: https://urlhaus.abuse.ch/url/235644/ mpsoren.cc # Reference: https://urlhaus.abuse.ch/url/235546/ alhaji.top # Reference: https://twitter.com/0xFrost/status/1179459193662853120 smtp.alliadintl.com # Reference: https://app.any.run/tasks/5434da4e-e090-4642-be8d-a0117eaeb143/ smtp.alfe-eng.net # Reference: https://twitter.com/MrGlaive/status/987780707551469569 # Reference: https://www.virustotal.com/gui/file/281053cbe38ffb8634e33d8a42ab772fb334de9e0a94af370a2426e00a502d6b/detection mail.crosspolimeri-com.ga # Reference: https://twitter.com/wwp96/status/1188897624776216576 # Reference: https://www.virustotal.com/gui/ip-address/79.134.225.125/relations olodofries.ddns.net victoryinkings.ddns.net # Reference: https://twitter.com/ViriBack/status/1189329887074619395 # Reference: https://app.any.run/tasks/4fb9044e-3ab4-4475-94d0-0070bef4acdc/ 52.15.102.232:16654 # Reference: https://twitter.com/wwp96/status/1189564875040788480 smtp.krisorigin.top # Reference: https://twitter.com/JAMESWT_MHT/status/1192365857810341888 ftp.kassetiabi.ee # Reference: https://app.any.run/tasks/ab049db9-c6b6-4fc5-9052-1e27dd897f18 crilod.com # Reference: https://twitter.com/P3pperP0tts/status/1193202523974389760 eastbrightness.com # Reference: https://twitter.com/James_inthe_box/status/1193965109552406528 webtoall.in/men/inc/c7afb5603b20fe.php # Reference: https://twitter.com/w3ndige/status/1194263536572207104 ftp.hotnails.ee # Reference: https://www.virustotal.com/gui/file/88195f6db022c6008fb958dffcb3ab7bfcb2cab063ea4af0e228fc33abab7e7b/detection 192.3.24.147:5200 # Reference: https://www.virustotal.com/gui/file/94ec08ac699040cca3bd81024e2ae842dec93146e066ea8332a4c990b9db5726/detection 192.69.169.25:54901 dboy.duckdns.org # Reference: https://twitter.com/wwp96/status/1203003462746804225 smtp.tkbill.biz # Reference: https://twitter.com/wwp96/status/1203003008822452225 mail.garlascontrol.com # Reference: https://twitter.com/wwp96/status/1203006028998205442 smtp.juili-tw.com # Reference: https://www.virustotal.com/gui/file/d80bd95f435fc2b41a60a4412ec3c38cc2024c57048047c1e679e4df2d93a88c/detection 91.193.75.181:90 lexdemall.duckdns.org # Reference: https://www.virustotal.com/gui/file/5229dd43528a6fedaa89771dfcac9789fc0ac6f3297b83f9a5d15e4f55ebe9bd/detection 46.85.239.38:1994 79.134.225.42:1994 sandra.hopto.org # Reference: https://www.virustotal.com/gui/file/bfc6098802823eaf83b3f49cba4b515076ce4889c192f7961bd0d55bcde4c83e/detection 79.134.225.121:5288 # Reference: https://www.virustotal.com/gui/file/40ebfd1d5b2e140d8d147f8cd304f6f3f5795591b4883cf21012a350f1b941c5/detection 79.134.225.7:8152 # Reference: https://www.virustotal.com/gui/file/9f750443a7f48cbdb29cf846bba9fe467233e6f11a9f7c70215c7eaeea38b6fb/detection 151.106.56.110:3606 moneytrade.trade # Reference: https://twitter.com/JayTHL/status/1214332738167287810 # Reference: https://pastebin.com/raw/c2JsbUeh adoptfashions.tk agatamodels.ml ahphaeg.ml ahphaeg.tk aldohawater.tk allinkenya.ml allinkenya.tk alojobs.ml andreyhosting.com archiself.tk artateknik.tk avjrggs.ml bargainsnyc.ml baristageek.ml bedrocktire.tk blazonjewelry.ml blazonjewelry.tk bodyfitny.ml boisegmc.ml boisegmc.tk bokkhao.ml bokkhao.tk bounuspornos.ml brazosvalleypts.ml bunnyby.ml buyshares.ga buyshares.ml carriven.tk casualfiber.tk chefport.tk chenfqi.tk citjunta.ml clanliqr.ml coffeeod.tk conanandjasmine.ml cpajwood.ml cpajwood.tk cpanel.sunlitcars.tk demonm.tk destaquefitness.tk dlskoda.ml dombasticknas.tk drysupplies.tk dwgdhfy.tk ecuacentauro.ml ecuacentauro.tk eleganteclub.ml eleganteclub.tk endzoneswagger.ml endzoneswagger.tk ezmoneymyteam.ml fanbcanton.ml finddrives.ml finddrives.tk fllwme.ml fourwheller.tk gbbpestcontrol.tk greatpurity.ml greatpurity.tk hemorroidehq.ml hemorroidehq.tk henriquepneus.tk hostarctic.ml ilovesweetie.ml ilovesweetie.tk imagoindia.ml instantqual.ml interoutesme.tk itechcity.ga itechcity.ml jademodern.tk kedaisuki.ml kedaisuki.tk kinofkenefret.ml laluney.ml layingday.tk lebanonoil.ml lebanonoil.tk litse.ml lscucusc.tk lvmotorsports.ml lvmotorsports.tk # Reference: https://twitter.com/wwp96/status/1214939236195086337 # Reference: https://app.any.run/tasks/fa148110-1474-4c52-b9f7-264bca3a41a1/ limmergarden.com/pa/webpanel/inc/5d54ff24322827.php # Reference: https://app.any.run/tasks/3403cffd-adef-40bd-ac59-53edab63a0e1/ ftp.myloginoffice3.com # Reference: https://www.virustotal.com/gui/file/7d8909c7fcb490c98941f17d30179cf932231f0a82ce25c8343fd8904fea802a/detection 185.38.151.11:50472 # Reference: https://www.virustotal.com/gui/file/31644ce7e514cdf426d1ab3e36d2ebd37068d66eb164f0d6d6ab87ab0471f897/detection 185.38.151.11:56769 185.38.151.11:61321 # Reference: https://www.virustotal.com/gui/file/da09ac88b81d53207f01371dacc653437e95b9da05ea982d397fce8c033c2ce6/detection 185.38.151.11:61628 185.38.151.11:63603 # Reference: https://www.virustotal.com/gui/file/d7eb28958866d10626c0a7f5974e32da9a7e1ad988fe09dc48ac01d103da6ace/detection 185.38.151.11:50041 # Reference: https://www.virustotal.com/gui/file/682fbcd0f7299831baca107e58095772cb425437c7d4f1cd08d81ba4d4d353a4/detection 185.27.134.11:36951 # Reference: https://www.virustotal.com/gui/file/d02569687c55976dc1fea3fbfb031a821d4072cac3971b3bf97cb6877b72e32a/detection 185.27.134.11:32281 # Reference: https://www.virustotal.com/gui/file/cffed6d9add784bf2951db23c55fb44c201535cf0417b46ced760cbf05cccbda/detection 185.27.134.11:14908 185.27.134.11:24257 # Reference: https://www.virustotal.com/gui/file/5657b7923550dc5e89b5048c7a74f665cb29aaa923ba8fe114f98bc449e81d1b/detection 185.27.134.11:21389 185.27.134.11:29037 185.27.134.11:49162 # Reference: https://twitter.com/malwrhunterteam/status/1486088221968715776 # Reference: https://www.virustotal.com/gui/file/d0bf3e6e894721d27d7bc6c25e214505c597213c68832a09019fd49306318b8f/detection 185.27.134.11:41201 # Reference: https://twitter.com/wwp96/status/1219614957416873984 # Reference: https://app.any.run/tasks/c510f521-e3c2-45d9-98a9-b6c329189db1/ kironofer.com/webpanel/inc/d380803e561db4.php kironofer.com/webpanel/login.php # Reference: https://twitter.com/JAMESWT_MHT/status/1219902709882662912 # Reference: https://app.any.run/tasks/cb6f47d6-61b4-4298-a0cf-117eea65dca0/ 91.82.85.66:21 91.82.85.66:33132 ftp.metris3d.hu # Reference: https://www.virustotal.com/gui/file/434ee3a7d5f1d23b7d2a2ca22bbf197b1275ff1bd11b03c11cfc45a6cae5fd11/detection 45.74.1.8:1122 # Reference: https://twitter.com/_lockhum/status/1220774737435074561 limmergarden.com/pa/webpanel/login.php # Reference: https://www.virustotal.com/gui/file/4202c3c6970a870ce7fb6826dc69422c83de9da2462e28e2162a237579ff5192/detection # Reference: https://www.virustotal.com/gui/file/8e9a4181cfd63b6d2a32352882d7022670236a5bdd0b824b547e69fde5b20c13/detection nortonlilly.info # Reference: https://www.virustotal.com/gui/file/67e30c288e1025728c58ad7093e34ea97d7f1e5f3c4450859e9de775e49f4dca/detection 185.244.30.53:4782 # Reference: https://twitter.com/cocaman/status/1222227693099462656 # Reference: https://app.any.run/tasks/193b764b-c408-4226-9a66-8400d1b1f4f9/ # Reference: https://www.virustotal.com/gui/ip-address/1.217.125.148/relations 1.217.125.148:8080 web.riderit.com # Reference: https://twitter.com/wwp96/status/1222261603028152326 # Reference: https://app.any.run/tasks/227edd93-0480-404d-a7b8-0da81c2b3ce7/ 78.142.19.101:587 # Reference: https://twitter.com/wwp96/status/1222262561296519168 smtp.xyzdomain.us # Reference: https://app.any.run/tasks/3d1f67f1-6384-4980-a2e7-20ea0c0c8523/ smtp.dynamics-id.com # Reference: https://twitter.com/wwp96/status/1222569538094534656 # Reference: https://app.any.run/tasks/6782cb3d-bd47-4351-977e-7b0bb14ae649/ effetka.com # Reference: https://twitter.com/wwp96/status/1222575075028807681 # Reference: https://app.any.run/tasks/b71139f8-e198-4ebc-8b72-7e6399442199/ 67.215.224.83:21 # Reference: https://twitter.com/wwp96/status/1223258955989815301 dkjpipnigproducts.com # Reference: https://www.virustotal.com/gui/file/e9ae77ff1f9146e6c5296dfafb93c43ce062348136a4091d74087d603e2a18b8/detection 185.148.241.50:4782 23.105.131.230:4782 # Reference: https://www.virustotal.com/gui/file/f92ffc14ebc9ea2be74f7a6f73fa2055e345a42428171cee6491e6903816dce3/detection varancha.com # Reference: https://twitter.com/wwp96/status/1228359538505658371 dembal.com # Reference: https://www.virustotal.com/gui/file/6fe5eed4b01642b919c7670f09548bce679233d8d522b20c36c29ed6fad0614d/detection 176.57.209.21:31177 # Reference: https://www.virustotal.com/gui/file/cb3534e092ee89bb8c1c4adb12a7a42a46629f0f939c13ad12be001ac1f7bb94/detection 176.57.209.21:46975 # Reference: https://app.any.run/tasks/24809127-df0b-4e16-9c94-35450bd9f283/ cydelink.com officearchives.duckdns.org # Reference: http://tracker.viriback.com/dump.php (# snapshot 2020-02-23) 190.97.166.194:80 190.97.166.194:8080 79.134.225.77:44 aaatechh.com agent.rooderoofing.com.au arbistars.com bauremediaus.com bawsymoney.ga brther-group.com callvaxglobal.com captainbugattiautos.com ceoinboxs.com credoaz.com data-startssllink.com deveinsun.com emaaiil-163.com emtelakproperties.com eqtweb.com etvidanueva.com excelaires.com flopdlsofrd.com forteol.com goldenfuturepower5.com grindtreu.online groupbizconsulting.com impulsefittness.info ipblasta.com kironofer.com kodarkalaris.com limmergarden.com magnaki.com milonestlevevy.com milux-my.com mshhmasvx.com nortonlilly.info oceantrading-jp.co pounds.ngrok.io prominienttec.com shileniniliv.com siamzime.com sindevil.com sm.rooderoofing.com.au softtouchcollars.com speedfolks.com.ng svmarketingindia.com telewire.online uccftl.org usarmyvacations.info valedein.com varancha.com wieda-mc.com workupdates.net zomcnxbilo.com # Reference: https://www.virustotal.com/gui/file/ae5d91ffad3a752a7568bc1197770f0ba06f33ba567740c4a18ca7bf0be6dc85/detection 168.235.111.253:1078 # Reference: https://twitter.com/wwp96/status/1232323995933929474 hitek-pk.com # Reference: https://app.any.run/tasks/4630ac10-0749-4c13-ab1b-90f2c27c9c14/ prodiggy.xyz # Reference: https://app.any.run/tasks/510f53d6-553e-4dae-a629-ae24c10e19ca/ office-cleaner-commander.com # Reference: https://www.virustotal.com/gui/file/0a25a76d3b998edf56357790356abac4dd2d275c144e8d640f0c4bb4249d03a7/detection 79.134.225.75:1717 indigo22.publicvm.com # Reference: https://www.virustotal.com/gui/file/25623344c636700823f0927a1c784b06a016b73dfa5083dc2d92baf1b40c2b71/detection 79.134.225.74:7688 # Reference: https://app.any.run/tasks/2e8a87dc-28e5-466d-8b48-772962c5515e/ # Reference: https://www.cert.hr/PhishCoviD # Reference: https://www.virustotal.com/gui/ip-address/77.83.117.234/relations 77.83.117.234:587 aodeindustry.icu deepsaeemirates.com emmannar.com bisol.icu bkfglobal.icu allcare-in.icu # Reference: https://www.virustotal.com/gui/file/daf5e6207242777ec4cf6defdb9783ee4a109784de6e4be0dab7795eb8e3fd3b/detection 178.124.140.148:9955 # Reference: https://www.virustotal.com/gui/file/809f119816b9937ddc40b8821a8256373b1acfb029c9d1a226a0a402bb901e3c/detection 178.124.140.144:9955 # Reference: https://www.virustotal.com/gui/file/53f46d8f5cb827c8fd27acdb2ae47babc71a7bc9189dca78f759bb222972a06f/detection 185.19.85.172:9955 # Reference: https://www.virustotal.com/gui/file/c21528cb1bc34467b51f355d2a5ab00e5c93dc85daa288f758cb32b62c70d247/detection 129.56.115.44:9955 # Reference: https://www.virustotal.com/gui/file/c56ed81b368a4569017dc1fa62d66aa09bae779079db07e6d37057979553fb88/detection 185.19.85.158:9955 # Reference: https://www.virustotal.com/gui/file/6fc77a77ea8a0f5b9159cb397fbce10ad9db993bec824da3607d887763a4d84d/detection 129.56.24.87:9955 # Reference: https://www.virustotal.com/gui/file/22f01bda2127d3ae0a430f926e03f2fb91077f1df236de440e896cfb808e6571/detection 91.189.180.211:9955 # Reference: https://app.any.run/tasks/b46ab76d-67c1-4446-8e46-cb06ba4b56b9/ ehbsd.ueuo.com # Reference: https://app.any.run/tasks/e7c0011c-965c-4f60-882d-c1635524d592/ mujhedilsena.com # Reference: https://twitter.com/gorimpthon/status/1242842075202109440 http://216.170.114.99 # Reference: https://www.virustotal.com/gui/domain/goldenlion.sg/relations goldenlion.sg/file01/ goldenlion.sg/blacky2/ goldenlion.sg/white/ # Reference: https://www.virustotal.com/gui/domain/getegroup.com/relations getegroup.com # Reference: https://app.any.run/tasks/50fefae3-86a8-463f-b73f-30b4578255fb/ easydatatransfercleansystemprofessional.duckdns.org # Reference: https://app.any.run/tasks/fff397ba-c5b8-4db0-91ea-49a10e5ac00d/ sterilizationvalidation.com # Reference: https://twitter.com/James_inthe_box/status/1245706675266306049 proyectomontvento.com/img/files/class/webp/ # Reference: https://twitter.com/James_inthe_box/status/1247162504293179392 # Reference: https://twitter.com/JayTHL/status/1247163058071523328 pussyclub88.com # Reference: https://csirt.bank.gov.ua/news-ioc/78 (Ukrainian) # Reference: https://www.virustotal.com/gui/domain/unlimitedimportandexport.com/detection # Reference: https://app.any.run/tasks/21ca8f99-92aa-47a5-8787-846ab59f5841/ unlimitedimportandexport.com # Reference: https://twitter.com/James_inthe_box/status/1252657380807938049 nabionov.net # Reference: https://www.virustotal.com/gui/domain/rabok.io/relations rabok.io # Reference: https://www.virustotal.com/gui/file/0cc36114a155515acdf192cbde8cc6f2eb5bfc833920075ee5deb156944371eb/detection 185.140.53.129:8323 xacnsnva.bounceme.net # Reference: https://unit42.paloaltonetworks.com/silverterrier-covid-19-themed-business-email-compromise/ coffiices.com # Reference: https://www.virustotal.com/gui/file/fdd40bcfba668b785d404214fd35db117b186e21944b24f16540cce86f7bec78/detection 103.133.109.74:3050 # Reference: https://yoroi.company/research/cyber-criminal-espionage-operation-insists-on-italian-manufacturing/ # Reference: https://otx.alienvault.com/pulse/5ecebea5f3c7fdfd2f5f9cd9 atn-com.pw # Reference: https://www.virustotal.com/gui/domain/mechnicsde.dp.ua/relations mechnicsde.dp.ua # Reference: https://www.virustotal.com/gui/file/29d2c857add67db5ea4fa1265d6799f72436443ef37ebe6b552884f7f08c99ba/detection 209.58.144.239:1738 dimitriv.duckdns.org # Reference: https://twitter.com/benkow_/status/1270278177336803331 bpoxnet.com # Reference: https://twitter.com/JAMESWT_MHT/status/1270997007180730368 # Reference: https://app.any.run/tasks/4dede486-355d-4e84-874c-d9318532db23/ http://193.42.96.111 # Reference: https://twitter.com/Bl4ng3l/status/1272531788678729732 spdodoma.com/jss/1156000032.jpg # Reference: https://app.any.run/tasks/de803f92-9a35-43b2-a84b-53b596893de4/ mail.marpx.website # Reference: https://twitter.com/JAMESWT_MHT/status/1273562883578880000 strahovka-osago.com/coer/2031777055.jpg # Reference: https://twitter.com/James_inthe_box/status/1273983069435789316 http://180.214.236.98 # Reference: https://www.virustotal.com/gui/file/183112cc344d1629e2d63bde89fee8fd7040a70b53c695e843e6892dfb4c4c63/detection 185.244.30.14:20391 papauwa.ddns.net # Reference: https://app.any.run/tasks/7d8686b5-5caa-481b-ba4a-d4c6822db49c/ # Reference: https://app.any.run/tasks/a2eb93fc-69f0-4188-b679-5031e0e7c7ed/ mangero.xyz arnoldz.xyz admaris.ir # Reference: https://pastebin.com/Hc73BzJT alconalu.com cotextrucking.com # Reference: https://app.any.run/tasks/b11c3add-4e16-4213-a6ab-ccbecf96b09b/ # Reference: https://app.any.run/tasks/581eaa08-bc27-486f-a9d4-602c7ae9eec9/ # Reference: https://twitter.com/James_inthe_box/status/1283032875311366144 terminal6.veeblehosting.com # Reference: https://twitter.com/jorgemieres/status/1286664575094489088 capurgol20.duckdns.org # Reference: https://twitter.com/Circuitous__/status/1276560882538098690 # Reference: https://urlhaus.abuse.ch/url/408906/ biz9holdings.com # Reference: https://app.any.run/tasks/cfc6df5f-b76c-4605-9778-f96726605e99/ nilemixitupd.biz.pl ftp.skibokshotell.no # Reference: https://twitter.com/FewAtoms/status/1290349522519035912 # Reference: https://www.virustotal.com/gui/file/d4f8eae80bb2920ec10ea6e90d791fc0f76f314aac007bc38b83135953dbc103/detection mcmegypt.com # Reference: https://www.virustotal.com/gui/file/f8399ec31dccdddd06367504c0c6d331dacff38ec3d1f1645568f1bff9d4a0c1/detection 197.210.227.183:9090 79.134.225.72:9090 xinpincompany.hopto.org # Reference: https://twitter.com/malware_traffic/status/1298294672037687298 proofbookonline.com # Reference: https://www.virustotal.com/gui/file/449bdfca4b826617cead9ace5d890474da8b93ea6f0db80748ed22e58dc7fc3e/detection 185.244.30.18:2130 storyofpadi.ddns.net # Reference: https://www.virustotal.com/gui/file/b1764510611e4e9c5be024338e1bb63b817069026ff7b996a3dff043e6d8d211/detection paypalonlineservicesupport.com # Reference: https://twitter.com/JAMESWT_MHT/status/1303621011754176514 hnyuosun.com # Reference: https://twitter.com/Racco42/status/1314272782210011136 # Reference: https://app.any.run/tasks/53148132-2406-43d9-a26c-fa1617632caa/ smtp.redan-co.xyz # Reference: https://www.virustotal.com/gui/file/c857aa386c8aded608ace202e5600221a141a24e88475fa328a686e6e0f75a40/detection # Reference: https://www.virustotal.com/gui/file/f6eab127647b1a3d51f9599db90ab31b53f7b9fdb5d30d18dada555019d16abc/detection 185.165.153.140:1942 atu042.hopto.org # Reference: https://twitter.com/Racco42/status/1317228045581910017 # Reference: https://app.any.run/tasks/b13e5a82-35ce-4213-bf4f-1079436eabb5/ smtp.pharco--corp.com # Reference: https://twitter.com/Racco42/status/1317232384006291457 # Reference: https://app.any.run/tasks/df756035-0ec2-428e-87fd-fa2f4f36f438/ smtp.millacfood.com # Reference: https://www.virustotal.com/gui/file/a68f82eeab67310e50631899bb57fdac1e81c6b2d04db87c8aa564ff2cc18748/detection ebop.website # Reference: https://twitter.com/JAMESWT_MHT/status/1319932531039404032 # Reference: https://www.virustotal.com/gui/file/cb684c1c98ba73f221a21ae1641011a67ae0d70022278b9136a9bb43b33ea593/detection http://75.127.1.211 # Reference: https://twitter.com/James_inthe_box/status/1321088232512106502 # Reference: https://twitter.com/Racco42/status/1321232006424989699 # Reference: https://www.virustotal.com/gui/file/4fbea091009ae3c79eae3794ef4477055b3e8902e08a8565ef25f90489a2f08c/detection # Reference: https://www.virustotal.com/gui/file/eb706251924a534e026bfbe209d235c134402c6d12512dca0e0ae14212e715fa/detection # Reference: https://app.any.run/tasks/33299243-9f66-4a81-a222-9d0dc5e130d4/ ahgwqrq.xyz /getrandombase64.php # Reference: https://twitter.com/JAMESWT_MHT/status/1322176161326182401 # Reference: https://www.virustotal.com/gui/domain/efiigbo9.duckdns.org/relations # Reference: https://www.virustotal.com/gui/file/7406e77d7cbbc5344697900906c5a5930330dcdfba382b22181b41494ace670e/detection efiigbo9.duckdns.org # Reference: https://www.virustotal.com/gui/file/4d956c02c96695cf1535084515e37263c5391ea36802b1100d9809aa3759e4e7/detection 105.112.25.62:1970 francovibes.hopto.org # Reference: https://www.virustotal.com/gui/file/f6dae5ff37232524f545d43bc3de780c98b0ad6ccdc2058b5e7b35c046a1bd8a/detection 185.140.53.187:4284 # Reference: https://www.virustotal.com/gui/file/f9dfd82d610e342a0d0a21dad1df689c979f863ee1b9f978c56dee49c5bfbb69/detection 79.134.225.109:1985 # Reference: https://twitter.com/wwp96/status/1328340118579654656 # Reference: https://app.any.run/tasks/97a9483e-5c62-46e2-9b78-fefd1dff32de/ aarque.co /inc/4b1cea4932c6b7.php # Reference: https://twitter.com/ViriBack/status/1330309562990211073 http://103.207.39.131 # Reference: https://twitter.com/ffforward/status/1334115405825236997 # Reference: https://pastebin.com/raw/ZgDtALAD # Reference: https://bazaar.abuse.ch/sample/ac84fce48dc5fc0ece582c6cd8f5486d044f48f2923e949d27c5ea44cb0a80a0/ abualrejall.com adempolsoya.com adikoss.com ahrran.com al-babtainsa.com andms-kr.com aprco-eg.com arisstoncavi.com bellaphavma-kamph.com cbm-lb.com ccppmde.com cerafluxx.com chinetychemical.com chplubb.com contactmail-office.com de-oculus.com decescoter.com ebankinghbl.com eccolabb.com eexxonmobil.com energy-tubor.com eversaillogisttics.com fehemco.com fermson.com flamengo-importexport.com forrebright.com fuhennei.com gj-de.com glud-marsstrand.com hschain-cn.com hzdjjm.com inter-chamie.com jvlphar.net ka-mann.com kimiarra.com kulinichi-ua.com lesanor.com luboccc.com mecckey.com milllefood.com oceanstars-my.com praaj.net praticompeny.com rsships.net specsccorp.com ssecop.com td-tubor.com technology-visions.com tsakerr.com tyimble.com ullusoyun-tr.com unishipss.net vs-vossloh-schwabe.com wiillow.com ximyiopal.com y1ss-tw.com yuballes.com # Reference: https://twitter.com/wwp96/status/1337109603151122432 # Reference: https://www.virustotal.com/gui/file/cd508affafb2152aa3511774518e1a4a150eb68f62d65208b0d477e83d0306a2/detection # Reference: https://www.virustotal.com/gui/file/21c51bed18906fb1c167adb68146e2765d7a901f19f59029f3e58218b3ac1c37/detection http://69.174.99.26 # Reference: https://twitter.com/wwp96/status/1339011510480351232 http://103.145.254.114 # Reference: https://twitter.com/ffforward/status/1339129811810324483 http://103.207.39.131 # Reference: https://www.virustotal.com/gui/file/838d8a1b9095168c1c0c24449b62ab0c9eece8211381e59c5f1b8889d1c618af/detection 193.109.78.38:53285 viceka.duckdns.org # Reference: https://www.virustotal.com/gui/file/8d1fd0a9544e74bfec387ed16ade3f9ec6b334476f0ef0e984420b4923c8f624/detection megad.cc # Reference: https://www.virustotal.com/gui/file/111ef2f9f0ede9903cc9382a92a3c4273c306900e8cb576de0b7730db52a7e85/detection adobelink.me # Reference: https://www.virustotal.com/gui/file/73a6e350cb3935c52e604e48831e708851373419f08ac128d1a8c7c5b17ed872/detection 95.72.66.155:1313 port15e.zapto.org # Reference: https://www.virustotal.com/gui/file/40699c32fb147942f1d06f3520793f8a7f516f1d5bb03ab8e3c5c78f821cf425/detection megaplast.co.rs/zin/WebPanel/api.php # Reference: https://twitter.com/James_inthe_box/status/1349360887186874371 http://64.188.18.218 # Reference: https://twitter.com/James_inthe_box/status/1352326755348955137 # Reference: https://www.virustotal.com/gui/ip-address/193.239.147.103/relations http://193.239.147.103 # Reference: https://www.virustotal.com/gui/file/6d02531e14e00f91302c4c7ff8141a1576c1da976e97d2367f828ef3248ac3c3/detection 0ffice365-seccure-email.bid # Reference: https://app.any.run/tasks/a6789a42-f9eb-45be-a2e6-a0d939ba28fd/ http://193.56.28.231 # Reference: https://twitter.com/James_inthe_box/status/1313832984303157250 # Reference: https://app.any.run/tasks/5ddfb57a-bc6b-42bb-a042-f906e5a2cabb/ # Reference: https://www.virustotal.com/gui/file/bc7900c1440c578c0dc0de73889755bbbf9e43026d8beafe83dbdc5d76dd6a62/detection http://193.56.28.228 # Reference: https://www.virustotal.com/gui/file/8175783100320f5dba70e2af0005134d2b85d7c5c26e97f438248112fd7a4d93/detection 194.5.98.98:3850 nanopc.linkpc.net # Reference: https://twitter.com/JAMESWT_MHT/status/1357260178635243520 # Reference: https://app.any.run/tasks/a2fe9cdb-7af6-44e5-99ca-d924c96d2b72/ http://103.133.105.179 mylundisfarbigthenyouthink.blogspot.com tumlundlynikyho.blogspot.com # Reference: https://app.any.run/tasks/247c3559-47e7-4734-9c5d-aa6bda2b1cc0/ papagunnakjllidmc.blogspot.com titupatiyannala-myrynaal.blogspot.com # Reference: https://twitter.com/reecdeep/status/1357641303404785668 hera.lt/Alpha8.jpg # Reference: https://twitter.com/reecdeep/status/1359048494716223488 # Reference: https://app.any.run/tasks/fee7ff1c-30a0-4105-a1fe-e1a51b854e5b/ 131.153.50.170:21 131.153.50.170:53008 hera.lt/Delta2.jpg takumacakrajaya.com # Reference: https://www.joesandbox.com/analysis/271782/0/html # Reference: https://www.virustotal.com/gui/file/800b9a74773f65fcc72d5247cae562f48a58f89b2ff4b4dcddd909f5a241512b/detection 191.101.158.161:19900 obereagujnr.hosters.xyz # Reference: https://www.virustotal.com/gui/file/84f10aaf283d608045856ac47832e5fe0daf99c14c0a9d0b06c8a55eba871489/detection stermacos.com smtp.stermacos.com # Reference: https://app.any.run/tasks/f0463337-7b01-4b6a-b29c-5cb10c90fb7d/ # Reference: https://www.virustotal.com/gui/file/26c1c6119602bc2ceac63642f79552150b4d017c76608759ede90c2d169f7aee/relations f0514607.xsph.ru # Reference: https://twitter.com/reecdeep/status/1361260530766393344 # Reference: https://www.virustotal.com/gui/domain/elit-tehnica-md.com/detection elit-tehnica-md.com smtp.elit-tehnica-md.com # Reference: https://twitter.com/reecdeep/status/1361590430513721344 electro-plomb.cf mail.electro-plomb.cf # Reference: https://app.any.run/tasks/ddf138f6-fc15-423e-af69-a752d4331bd8/ uhbddr.hr/J12.jpg 192.254.234.35:21 192.254.234.35:33912 # Reference: https://www.virustotal.com/gui/file/d6ab2482f2cc150b157f0cb92cc5a7a335ca739bb54236260bc7149b04731986/detection http://192.236.147.189 # Reference: https://www.virustotal.com/gui/file/794122575d9d6cbd27ac687debab80f93f018f4b6aeb86a3fcaa397196e8f91b/detection http://86.105.252.11 86.105.252.11:30003 # Reference: https://www.virustotal.com/gui/file/442d4d7d0a01819d30b20234bc6ae1d0d1978408055424c298b7902be978c7c5/detection f0512634.xsph.ru deffind.xyz investment-properties.xyz yrhealth.xyz # Reference: https://twitter.com/whitehoodie4/status/1362731135411830786 # Reference: https://tria.ge/210219-q5bg7eq2ge/behavioral1 grupocolors.xyz # Reference: https://twitter.com/JAMESWT_MHT/status/1363844361419698176 2yhLxjzcOr.com # Reference: https://app.any.run/tasks/5a2a50a5-87ea-4ff1-a50a-decd569257ec/ coroloboxorozor.com # Reference: https://twitter.com/wato_dn/status/1366259334955499524 # Reference: https://tria.ge/210301-7z5cpr6z82/behavioral1 tumharimaakachodamarunmaine.blogspot.com # Reference: https://twitter.com/James_inthe_box/status/1366397526761345026 # Reference: https://app.any.run/tasks/5758e658-cf48-46dd-9863-e97a64e9e484/ # Reference: https://www.virustotal.com/gui/file/01b0b39d33017efb3ff557717b7fa2890f255eef89fcbcc5e824f5df9adc9300/detection osndjdjjjdjshgaggdkf.com # Reference: https://www.virustotal.com/gui/file/1458e55e8b7800f8a2dc372e725451619f74f0fb90a3331ca48477e0439b4ef9/detection casadointercabio.com # Reference: https://twitter.com/reecdeep/status/1367775820199174149 greatdeck.co liverpoolofcfanclub.com # Reference: https://www.virustotal.com/gui/file/bc18b4ebadebcd99e132e8a5cc420450c9ba077ba94c8c9a014e614707b5b6de/detection 31.220.4.216:7009 async.3utilities.com # Reference: https://www.virustotal.com/gui/file/0d9826e88c7debfc212d3023500e1bf09f456cc29ffe1bfaba7dbdddc1afa20c/detection # Reference: https://www.virustotal.com/gui/file/0d9826e88c7debfc212d3023500e1bf09f456cc29ffe1bfaba7dbdddc1afa20c/detection 31.220.4.216:18253 1.18253.date 1.18253.loan # Reference: https://twitter.com/reecdeep/status/1370289498093989890 # Reference: https://app.any.run/tasks/e0781546-757c-4178-bc9a-5b8efa795645/ irtec-irrigetion.com # Reference: https://twitter.com/pmmkowalczyk/status/1370814727912308740 stdyrmtcntlenverpfbi.dns.army # Reference: https://twitter.com/reecdeep/status/1371423263126065152 # Reference: https://app.any.run/tasks/ce3b9d6e-048f-43dd-b854-a30e7ceab70a/ classicsteelengineering.com liverpooldabestteamoftheworld.com # Reference: https://twitter.com/fr0s7_/status/1371383578488098818 # Reference: https://app.any.run/tasks/1228a454-1a45-47fa-bd8a-200eb2398fec/ tumharimaakachodamarunmain.blogspot.com # Reference: https://twitter.com/pmmkowalczyk/status/1371918255242280965 miratechs.gq # Reference: https://twitter.com/reecdeep/status/1372111826662608896 snow-whyperlimited.com # Reference: https://www.virustotal.com/gui/file/45ba43813271c0c4d377338c381992cd5b0220b80c00cffc0b284f84cc0aee66/detection 79.134.225.13:7771 # Reference: https://www.virustotal.com/gui/file/130c76c60f44867be9e8986dbff2d2f035837a15f00d00d2976bc230e0070128/detection 79.134.225.13:8763 # Reference: https://www.virustotal.com/gui/file/0cd598c06841affaf7389f5a3cec84e4da0d7515f3da40b450f2dc7c7ae12938/detection 79.134.225.43:58103 strongodss.ddns.net # Reference: https://www.virustotal.com/gui/file/990df8e02a4bb9340ab3303a87f2939847653652d9b78819a253c8dde0ed056c/detection 0k10dk21kkeok2e.online # Reference: https://twitter.com/reecdeep/status/1373906756628283393 # Reference: https://app.any.run/tasks/ab09b467-a977-4536-ac5e-455e904513fb/ 107.180.26.185:21 107.180.26.185:50329 107.180.26.185:50538 # Reference: https://twitter.com/pmmkowalczyk/status/1374000718194077698 # Reference: https://www.virustotal.com/gui/file/9664740123170b912430759af6cfad9ff784ccd266fe93909022093beff051c7/detection jiratane.com specfloors.net/dev/ # Reference: https://twitter.com/JAMESWT_MHT/status/1373998230455848968 curidesigner.com # Reference: https://twitter.com/jorgemieres/status/1375161202716868613 surestdysbonescagexc.dns.army # Reference: https://otx.alienvault.com/pulse/605c7c7cba2960e10fea8007 seno.ddns.net # Reference: https://www.virustotal.com/gui/file/f083c3c1f115a2674dff82d859f3d67faca6e9c8e971f7164caf99954376a0cc/detection 194.5.97.7:6060 bohemianbenz.ddns.net # Reference: https://twitter.com/James_inthe_box/status/1377261276674490368 # Reference: https://app.any.run/tasks/f41044b0-c0b7-40f7-ab07-38c274036efc/ humtotmharyhain.blogspot.com # Reference: https://twitter.com/reecdeep/status/1377624305400438787 # Reference: https://www.virustotal.com/gui/domain/lfsqatar.com/detection lfsqatar.com # Reference: https://www.virustotal.com/gui/file/e7f4a5644698b66fd28ca7f0e4fcdc06fb1d09b0e29977d887854a5fec6cfc8b/detection 209.127.18.121:3918 uhie.hopto.org # Reference: https://www.virustotal.com/gui/file/352c3aac62d88e75e1655d9d67facd8ac7823b619f6c7e527437821b8ec42bfd/detection giftbizz.com patlod.com wwwjinsha937.com # Reference: https://www.virustotal.com/gui/file/8e15f76149baa634caba6bcb021a5793f9b86c6290247d62a3f9628e5e147c7f/detection x11fdf4few8f41f.com # Reference: https://twitter.com/dms1899/status/1244596518402785280 # Reference: https://twitter.com/FewAtoms/status/1245700149952872448 # Reference: https://twitter.com/James_inthe_box/status/1245706266464288775 # Reference: https://twitter.com/p5yb34m/status/1252660135408750597 # Reference: https://www.group-ib.com/blog/rats_nigeria # Reference: https://www.virustotal.com/gui/file/281896c20c9ae01b1a4ddc590c5cec454865cd95aaa7e53aac436a3b89889486/detection # Reference: https://www.virustotal.com/gui/file/2b43e9f848b8f0db1cce7da920fb3d970a47d61d3250f87419d1bdbb980d9d18/detection office-archive-index.com office-archive-reserve.com office-cleaner-commander.com office-cleaner-indexes.com office-cloud-reserve.com office-updates-index.com # Reference: https://twitter.com/ps66uk/status/1379408490960130048 # Reference: https://app.any.run/tasks/6abf3b2c-9e92-4f76-81d5-06898cfb3f3e/ http://193.56.29.192 # Reference: https://twitter.com/ps66uk/status/1379467933932519436 # Reference: https://www.virustotal.com/gui/file/53dcc6b98d2356c9a5f68b314edb8b819b99cec4ef2f6db0cfba72fb86a55d25/detection newblogheresee.blogspot.com # Reference: https://www.virustotal.com/gui/file/7aeaa9cbabc54c36844d5852172c449865bf4c524693ae7aa9909b87627052fa/detection myliverpoolnews.cf # Reference: https://www.virustotal.com/gui/file/9c4baba8ae680070c8ef4afaa7fd5fd41b5828f94581f4e228dd6439b9a5aaa7/detection 23.105.131.188:1605 frlumi.ddns.net # Reference: https://twitter.com/reecdeep/status/1382247034091155456 # Reference: https://www.virustotal.com/gui/domain/cometshippings.com/detection cometshippings.com # Reference: https://twitter.com/58_158_177_102/status/1382254845659291650 # Reference: https://tria.ge/210414-aqahkvar82/behavioral2 http://193.56.29.110 ajmeinthakahowahun.blogspot.com # Reference: https://twitter.com/fr0s7_/status/1382582635239723011 # Reference: https://www.virustotal.com/gui/domain/murjatumanhus.fun/relations murjatumanhus.fun # Reference: https://twitter.com/avman1995/status/1384742543133339653 # Reference: https://app.any.run/tasks/68d2c9b5-3ffb-40e0-8f1c-269353da0bfd/ # Reference: https://www.virustotal.com/gui/domain/mesco-midhco.com/detection mesco-midhco.com # Reference: https://twitter.com/reecdeep/status/1384844628478898181 # Reference: https://app.any.run/tasks/d5ae94e7-f656-455c-a039-9ebf7f8ac9e5/ alramzpakistan.com # Reference: https://twitter.com/TeamDreier/status/1384236371787669507 # Reference: https://bazaar.abuse.ch/sample/87bb35a04c91b5005806b4893ad4dc594c8b73d228150597cde89b39f79af9b0/ # Reference: https://app.any.run/tasks/9024ab96-72f5-492b-83b3-b28adf4f949f/ mmwrlridbhmibnr.ml # Reference: https://www.virustotal.com/gui/file/037ec548399a3c68670044bf3a0154940e0d6597b1576a68f7172bb14a3c28c2/detection annyms2stdygeneratga.dns.army # Reference: https://twitter.com/James_inthe_box/status/1386676931354058753 # Reference: https://app.any.run/tasks/f219d3f9-546d-429f-9110-9805ef69357e/ # Reference: https://www.virustotal.com/gui/domain/s-handels-gmhb.com/detection s-handels-gmhb.com # Reference: https://www.virustotal.com/gui/file/dff471fd645f164bf8759605546dfef1f74b95929c028ef1e14e2786ac7a3ef2/detection 91.109.176.9:3762 # Reference: https://app.any.run/tasks/5758e658-cf48-46dd-9863-e97a64e9e484/ chelseafc.com/base/dOVkcmMWSJnEtaXdENzqlBWragOdo.html liverpoolfc.com/base/dOVkcmMWSJnEtaXdENzqlBWragOdo.html mancity.com/base/dOVkcmMWSJnEtaXdENzqlBWragOdo.html manutd.com/base/dOVkcmMWSJnEtaXdENzqlBWragOdo.html realmadrid.com/base/dOVkcmMWSJnEtaXdENzqlBWragOdo.html /base/dOVkcmMWSJnEtaXdENzqlBWragOdo.html # Reference: https://www.virustotal.com/gui/file/0b0ae0604da1b3d48393ae594610c5a93d7e45e3d6e6c302e04c2bcc878ff485/detection # Reference: https://otx.alienvault.com/pulse/5db6734a077f7acc6698e6bc osasmail.xyz # Reference: https://twitter.com/KorbenD_Intel/status/1387795001388711944 kgift.kozow.com # Reference: https://twitter.com/58_158_177_102/status/1387779300749938695 yahameinhunbusorkoinai.blogspot.com # Reference: https://www.virustotal.com/gui/file/b4fe1a5d89c5f0e19c6db5b460ad93df2006fc3b62f5ae748e416750c6a890eb/detection # Reference: https://www.virustotal.com/gui/file/44e857aa5103c72bb638310b4c20fc9be367b55d7f8e6dd324170183a727b5bd/detection 197.210.85.24:54888 79.134.225.48:54888 celebrity.hopto.org # Reference: https://gist.github.com/silence-is-best/852a1c7c7dcf29fdc8d5df73433e7676 p8hj.blogspot.com # Reference: https://www.virustotal.com/gui/file/ed5cd113b4ddbcad39f3537fc84910227304e41599b89bd9dd0115b499bdb207/detection tr1.hostgator.com.tr # Reference: https://www.virustotal.com/gui/file/9861e34bd20a94000ac5c06ef9fce446a4e5decb41f27d579e2e35620dc8dde3/detection clicklenderz.com /mynewapi.php # Reference: https://www.virustotal.com/gui/file/50da4e2f7fd094921570faaa6834e1d5fcc61f5e1eadce59d151885c150e84e1/detection # Reference: https://www.virustotal.com/gui/file/a2edbc3290d45107090ad4e2a5dfea2de5d1286ae04c5c5c995a7bcf02d57bed/detection 141.255.152.11:21212 crowminer.duckdns.org huginodinmunin.ddns.net # Reference: https://www.virustotal.com/gui/file/0bb31a305b6b16a94fe83f388d8fa7a1a72c648ff5441768d33508365a2930b2/detection # Reference: https://www.virustotal.com/gui/file/b00589191bd96a88aa489c1222d1f42dfe1647adb1f529a12ed93725f98aa78f/detection 185.140.53.138:7077 185.140.53.175:7077 79.134.225.74:7077 7077life.myq-see.com # Reference: https://www.virustotal.com/gui/file/f26a629ef6ef3753876a8b72e4863d67a550afe8579a6bffcd864c6c572d6f0a/detection hbnboz.com # Reference: https://www.virustotal.com/gui/file/534407733556dc9a993d73261613e4713d0a1b3c9b7f61ec5983e39a0641815e/detection ldvamlwhdpetnyn.ml # Reference: https://www.virustotal.com/gui/file/7c18130345c95d1cd852af2bbf0fad2d72d4097725dbd334f1d0ab66720c43c6/detection jejendjcjfhh.com # Reference: https://www.virustotal.com/gui/file/fc08332ad4efc478a9d79a342e433935d10e72b6f7868ec7e8708a365bd2d607/detection 179.43.140.164:53855 179.43.140.185:53855 88.214.207.96:53855 greencodeteam.top # Reference: https://www.virustotal.com/gui/file/2e81ce0a08b7e6ad6210b1068d6583628d8ebb11d93ce4f1b424fede249a39df/detection xwjhdjylqeypyltby.ml # Reference: https://www.virustotal.com/gui/file/c841bc4893813d54a5b6d044bafa4d50bc508a8d0ff0eafa1f395cd1db98ee6e/detection mmwrlridbhmibnr.ml # Reference: https://twitter.com/gorimpthon/status/1394600529469210624 # Reference: https://tria.ge/210518-hpxbx989hs http://103.151.125.220 /mastermana/black/login.php /mastermana/black/inc/ # Reference: http://tracker.viriback.com/dump.php (# Agenttesla) http://216.170.123.125 http://216.170.123.13 http://217.138.205.178 http://34.223.60.188 http://46.183.221.44 http://63.250.45.177 2020bill.com # Reference: https://www.virustotal.com/gui/file/52ddff83875d402cf2affb82aff8ca1d3a7e96cbd689e638578f6d0d44ecbdca/detection 197.210.226.215:1880 wiz121.ddns.net # Reference: https://twitter.com/JAMESWT_MHT/status/1399689971401900036 http://103.114.107.28 /me/web10/inc/ # Reference: https://twitter.com/pmmkowalczyk/status/1397516983994826756 # Reference: https://www.virustotal.com/gui/file/fe4d94656809accd8f12c53c3c2a572c22beefd0c10914bcbe2b0f4566a88b31/detection rdnsanom.xyz # Reference: https://www.virustotal.com/gui/file/21a80acf73e3f20e162bcd9e70aafa28681be230056a51bd92677a554e6d3ad9/detection 51.222.195.7:33750 rainboyant.ddns.net # Reference: https://www.fortinet.com/blog/threat-research/phishing-malware-hijacks-bitcoin-addresses-delivers-new-agent-tesla-variant # Reference: https://otx.alienvault.com/pulse/60be05932c2ce1ef655b0bb5 p8hj.blogspot.com # Reference: https://otx.alienvault.com/pulse/60c1fff1d997ae68cafccd5b ergerge.top # Reference: https://twitter.com/tosscoinwitcher/status/1403434626224300039 mail-wagruhyoja.xyz # Reference: https://www.virustotal.com/gui/file/62a342d89280c6964e64997fa0bc97a5812181f0f22d93740d7196a96c81f769/detection aquilarysalas.com # Reference: https://app.any.run/tasks/f371191d-7049-49c8-96b8-fa4c7ee5de68/ apdocroto.gq # Reference: https://tria.ge/210428-jdbysa1gks/behavioral1 extendonetwork.com/puZyLuatL0W/04.html jarettwalen.com/vspeL07tgk5F/04.html # Reference: https://tria.ge/210505-rcetwslzqn justverify.online/ZKrubZZn5V/04.html thersnyc.com/fxcS6exSJr0/04.html # Reference: https://twitter.com/pollo290987/status/1415214033767182336 # Reference: https://www.virustotal.com/gui/file/fd7e560247eb18e1a27cfd3c46f10c06bcae05562df4b2862ec53caa76e80422/detection ahrend-cz.com # Reference: https://www.virustotal.com/gui/file/16b8f5725e675be307e5a806d5b5aadacb77c0c293c87da09b61d5e18816907d/detection cepedaa.linkpc.net # Reference: https://www.virustotal.com/gui/file/8e4c30a1d9a3f0f9163ca6e7d0b0d4d3c97a5dd2cc9c02b2b84505314d34c0ce/detection 176.15.131.47:6666 # Reference: https://twitter.com/ps66uk/status/1417047970848116736 # Reference: https://www.virustotal.com/gui/domain/arcaz-azcuba.com/detection # Reference: https://www.virustotal.com/gui/file/48589adb930165c4dfbc611fbefb8d1dfbd7a49d3b07c1fdae6c0b9b7a253e82/detection arcaz-azcuba.com # Reference: https://twitter.com/James_inthe_box/status/1417475970571718660 # Reference: https://app.any.run/tasks/89cbc676-ffc6-4fdb-bc81-509206e8a0ba/ kinkolulu.blogspot.com # Reference: https://www.virustotal.com/gui/file/aff192a434386997a7fca5519af294e9601da33cce30ba8feecce12418e900d1/detection 5.226.138.94:6621 # Reference: https://www.virustotal.com/gui/file/1677e0afc52a9166c9a433e5db3864f71fe5816a98784f6ee3e86540827da084/detection greenco2020.top greenco2021.top greenco2022.top greencodeteam.ddns.net # Reference: https://www.virustotal.com/gui/file/23668413a1cff07de7c539ce9dee7468ef08ca0b25454d7407112793ff9bc86f/detection milax.ml # Reference: https://www.virustotal.com/gui/file/08ccfac8e650b690f0905577c60a4fb3afa62d51efb4275bd5e4359499e22beb/detection dizv.at # Reference: https://twitter.com/lazyactivist192/status/1421108546998095882 # Reference: https://app.any.run/tasks/370d4248-2d56-42e0-9fbc-4de209f30021/ meriqismathiteknaihai.blogspot.com /kingnewhdjksadhkasbdasvj.html # Reference: https://www.virustotal.com/gui/file/7a4bdfc933073cdd60f64006052c09b78ecc24cb82c440486a611f0f0fd0ac3f/detection 141.255.158.36:4444 # Reference: https://twitter.com/killamjr/status/1421328093113982977 # Reference: https://isc.sans.edu/forums/diary/Infected+With+a+reg+File/27692/ # Reference: https://app.any.run/tasks/3685ac5a-3dcd-463a-b71c-16072f7f3ec0/ 94.187.0.247:4444 # Reference: https://otx.alienvault.com/pulse/61068df1c0077c916899b4fa # Reference: https://www.virustotal.com/gui/file/80ff3b2e975fb6233ee814f26dd5daa731c699bf7dbb6bb6bdb752c5a430f772/detection 90.73.117.144:8888 googleupdate.hopto.org xzitnoip.duckdns.org # Reference: https://www.virustotal.com/gui/file/518ce0b301ad35ba12b1ef840f349debd48721b0f173ea7f0bb7ceef19dc1332/detection kakosidobrosam.gq # Reference: https://www.virustotal.com/gui/file/839b47514911a2a692dc4d1f3b7edcfa16e4331b6318470ff4e53eb9da899ce8/detection 185.140.53.142:8999 night90.ddns.net # Reference: https://twitter.com/James_inthe_box/status/1423632214172991488 # Reference: https://app.any.run/tasks/43cb89b5-8bba-4623-ac27-4e31f9ddb36b/ sukmaduck.blogspot.com kukukajadoolunnd.blogspot.com machearkalonikahdi.blogspot.com # Reference: https://twitter.com/tosscoinwitcher/status/1423697561475436544 kinkolulukakkaasd.blogspot.com # Reference: https://www.virustotal.com/gui/file/cb4a93864a19fc14c1e5221912f8e7f409b5b8d835f1b3acc3712b80e4a909f1/detection 45.146.164.37:8080 # Reference: https://www.virustotal.com/gui/file/0871f15e262ec3621c10c25a4486d35f14ee642ae6ff0d473995565006329615/detection quas101.duckdns.org # Reference: https://www.virustotal.com/gui/file/e824c67c7012e7db46cf00e9e4b3d91e77cc725fcaff99a0828e6a91e0ad3301/detection 194.5.97.62:3390 egobuike.wikaba.com # Reference: https://twitter.com/reecdeep/status/1438424467601084420 # Reference: https://app.any.run/tasks/cbe1ed0c-5168-4172-bec0-ee638f3578f4/ budgetn.xyz # Reference: https://twitter.com/James_inthe_box/status/1445508345117380618 # Reference: https://app.any.run/tasks/056603f9-a869-476c-8581-554abc31a464/ bot.statusupdate.one kyahogysammajhnailagrahiat1.blogspot.com # Reference: https://www.virustotal.com/gui/file/007528e712993f7ce266fd65b244f7c527614135ad0fc90845367fc0ca8c490d/detection netjul.club # Reference: https://twitter.com/reecdeep/status/1446043373350043649 # Reference: https://www.virustotal.com/gui/domain/rettberrg.com/relations rettberrg.com # Reference: https://www.virustotal.com/gui/file/505821500697793ddef2fbf8c37d56846459d63bf3de87e5232b2740e3019239/detection cleveropame.ydns.eu # Reference: https://twitter.com/JAMESWT_MHT/status/1446327506538225664 muccaconsult.eu # Reference: https://twitter.com/58_158_177_102/status/1447855243778162692 # Reference: https://www.virustotal.com/gui/file/1d2b1f7a4cae7784f01aadc1d8ff8b26d05e5e4b916cb3d2ca088502aba08cdf hogyartohonathajhnailagrahiat1.blogspot.com # Reference: https://twitter.com/pr0xylife/status/1450047080089759745 http://103.125.190.248 # Reference: https://twitter.com/reecdeep/status/1450453705296318464 ajsidjasidwxoxwkwjddududjf.blogspot.com # Reference: https://twitter.com/James_inthe_box/status/1457709661801496581 # Reference: https://app.any.run/tasks/0032c1f8-af31-43ba-bb4f-caf15023d05a/ http://69.174.99.181 johogahokraesdasdaoga.blogspot.com # Reference: https://twitter.com/ankit_anubhav/status/1450725653465088000 kumakahchachi.blogspot.com # Reference: https://www.virustotal.com/gui/file/35b3d524a28e9cec4bdfe144ef2710a3d13121a8e006f4c68a41998e893849c5/detection 141.255.158.20:4785 shadhk.duckdns.org # Reference: https://www.virustotal.com/gui/file/f36d8a41a02e62f440bb279927ee75b8cf680345d59cff1692b20e7b97d7c952/detection 103.133.109.121:1664 kkk4rem.ddns.net # Reference: https://twitter.com/JAMESWT_MHT/status/1463125357951860741 f7secure.000webhostapp.com hdhdshdhdhgds.000webhostapp.com # Reference: https://app.any.run/tasks/6a4bdba0-6f75-4a06-9891-35a7f1950027/ thethingsidontheoneday.blogspot.com # Reference: https://www.virustotal.com/gui/file/40bbf80145952cb3e9f51980a95eabca0d174b72ca383232ff9c239b6084f690/detection 205.185.118.52:5740 googleservers.org # Reference: https://twitter.com/1ZRR4H/status/1464289306399420419 tecnomedica.com.py # Reference: https://tria.ge/211127-kw6kqacgg8/behavioral1 sqlserviceazure.blogspot.com # Reference: https://www.virustotal.com/gui/file/ac92c3624d18d93ce431e08fca64cc1a223acc2e9223e3069babe26e049351df/detection 135.125.21.72:60976 51.222.98.71:60976 # Reference: https://www.virustotal.com/gui/file/0718c62465bbeacc7e35f2dff28f0361104037ed3bc4a05b63a61f42f98f2694/detection 51.161.104.181:60976 # Reference: https://www.virustotal.com/gui/file/85fd6ce192054a81246927f2337c687187b518225239f80c462fbb998a52f81c/detection 135.125.21.74:60976 # Reference: https://www.virustotal.com/gui/file/cde9a8b81d70c72d73d6d79c32e662618b5d65f720c5b86ac0955a1dd9660f38/detection 152.89.160.131:60976 # Reference: https://www.virustotal.com/gui/file/3f905af3a6dfe8fccae9a665a8755a18a8f4db48de83bcb9d516f70d73261303/detection 213.152.162.84:60976 # Reference: https://www.virustotal.com/gui/file/a76bb4f4d209af5479630a2ba37be0f8d09e2ffaf332fd885d02bf6590b66ee1/detection 213.152.186.163:60976 # Reference: https://www.virustotal.com/gui/file/1c7a23332b0140f0eab4995fe837520cae7126d09e2aa2d24d31245427036314/detection 213.152.186.168:60976 # Reference: https://www.virustotal.com/gui/file/8ac32b7faa79aabd51156f6503e624a53ee5d355d602784273376ad45e7dbdbf/detection katchobinnas.duckdns.org # Reference: https://twitter.com/JAMESWT_MHT/status/1467721110326231040 # Reference: https://www.virustotal.com/gui/ip-address/103.147.185.68/relations # Reference: https://app.any.run/tasks/0ae22943-4364-4fa3-b4db-8cadf104de20/ bakuzamokxxxala.duckdns.org ccnewcdt.duckdns.org microsoftazyresql.duckdns.org # Reference: https://www.virustotal.com/gui/file/3500a7fae58fab0fd34eb0e3fcd4c3a011ccdcf04f50f25ea28876b2a255cbd8/detection http://185.239.242.107 /base/AF491AED10360862D4D7C85877D8E92E.html # Reference: https://www.virustotal.com/gui/file/4545f3fd9dff0e6fe7978dcf4ee01d68385a8124673f8db81dd369fc16e30f1e/detection /base/16FBAADD78329B384AC1CCA7EFBCAFE3.html /base/66057BDE3BE35BDCE9735F8BF8DCEA19.html # Reference: https://www.virustotal.com/gui/file/7420427135cfdeb9f84ab13b03960ac09ce662901a809eafbf1a2df548891731/detection /liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal- # Reference: https://otx.alienvault.com/pulse/61c708fac04867d280290abd cedsxoisslv2nim.club kimyen.info kimyen.net pmfiryhhkin98px.xyz usd7o88wemlutx5.xyz # Reference: https://www.virustotal.com/gui/file/1b01ba4823940dc5b45f6719e479de102058ab4ab2b422b319b1857abff4e51d/detection 185.153.198.216:8010 # Reference: https://twitter.com/ViriBack/status/1475566467810840580 # Reference: https://www.virustotal.com/gui/file/d09b04c79e6e8fbffc7075871c7b03f2ef102cd0d0b294d31ea595ff06830bb6/detection proc-dotgov.us # Reference: https://www.virustotal.com/gui/file/effc3924c84a1a63cbe0e1b96415abc8bdc48a6f4785cf98c5a5487e345aeef8/detection archbal.sbs # Reference: https://www.virustotal.com/gui/file/23f9c173d48cec3b0eeed12b633816565df405021b46941deb407c2c85638372/detection 93.115.28.195:1122 # Reference: https://www.virustotal.com/gui/file/aea1d441f7ad2e9323416ada7629e6bf0ace11c0e983a0b6aaf08917294bf180/detection 108.61.210.74:1122 # Reference: https://www.virustotal.com/gui/file/5d1674729fe6eeddaa488bc0f79a1cc942e635efd4c22480bae65fd4b0ef66f8/detection 185.141.62.35:1122 # Reference: https://www.joesandbox.com/analysis/534672?idtype=analysisid carbinz.ml # Reference: https://www.virustotal.com/gui/file/db0d62482f5e1d8a2e1732604d43a74d9641d4f56e7d14492560bb2ce76c7d33/detection 91.243.59.18:17890 95.143.179.186:32095 95.143.179.186:4633 elew3le3lanle.freeddns.org f0616071.xsph.ru f0616073.xsph.ru kent0mushinec0n3t.casacam.net # Reference: https://twitter.com/James_inthe_box/status/1478746497948663808 # Reference: https://app.any.run/tasks/eaa7e1d3-4df8-4536-bbb2-0168e99d6682/ http://103.151.122.110 # Reference: https://www.virustotal.com/gui/file/c60e4ea99ca2ebf51e8f0a2e4d839f93842eade69fe8615b37e172f973588da7/detection rdcrd.ddns.net # Reference: https://www.virustotal.com/gui/file/cbdf8d2be76d288a514989e1f28d3337bb534fb2646f097a7c079b5077a7062f/detection cdinow.com.br # Reference: https://www.virustotal.com/gui/file/d914d5cdd15e0506a7c0ba73d91f7d3413d77f615c04f6edcf326652755f9271/detection 79.134.225.79:6553 asddskfjjer.duckdns.org berryttttiere.duckdns.org # Reference: https://www.virustotal.com/gui/file/b04d28283ec49de3e279ebe143d7e70f1cc50751c070c703e2d46d4f542963c2/detection 185.140.53.129:7575 futurist2.ddns.net # Reference: https://www.virustotal.com/gui/file/6d6572ebea765cec047ca16e8789071f1f4f65af04e66b154c63cc6d5eb66b38/detection citotest.co mail.citotest.co # Reference: https://twitter.com/James_inthe_box/status/1481993249615056899 # Reference: https://twitter.com/Arkbird_SOLG/status/1481998550565208067 # Reference: https://app.any.run/tasks/bd261b33-c8aa-462a-8024-7a6d68f3eef5/ 72.11.157.208:8080 hogyajohonathaabkuchnaihosakta.blogspot.com thankforeverythingeheheh.blogspot.com # Reference: https://www.virustotal.com/gui/file/248ce8f51907aa4a7ce3ae5f9c947a30a7844340bae4a3621d4e0234ba18dc22/detection mgbless.in # Reference: https://twitter.com/tosscoinwitcher/status/1483496083535785992 dhuidwyqhdbvjasdhogyatohonathawarnameinmargya.blogspot.com # Reference: https://threatfox.abuse.ch/ioc/298466/ 207.32.217.137:8081 # Reference: https://tria.ge/220119-t2pzlabeh4 http://185.215.113.45 # Reference: https://app.any.run/tasks/255ab451-e195-401f-91e2-0190d785bc09/ p30oopp.blogspot.com # Reference: https://www.virustotal.com/gui/file/210df80a70b520b2be5f410ed4db5591fbc2f9a1617b358bde7ed270d5246d29/detection moregrace.duckdns.org # Reference: https://www.virustotal.com/gui/file/2044315e18cafe186d26d64d90caf0f4eb2cebe8b6e282d3b53a6f8604678c81/detection udskhhkdsjdjskjdds.000webhostapp.com # Reference: https://twitter.com/KyleKrejci/status/1488556020863578117 69.174.99.181:8080 72.11.157.208:8080 newbotv4.monster update.newbotv4.monster # Reference: https://github.com/executemalware/Malware-IOCs/commit/50f99cd6f12f7ea7234eb68984d783750d814091 http://192.154.226.47 # Reference: https://www.virustotal.com/gui/file/dd9ca7b43413a889f21414425fa2b9fc72dd1a2d19a4693d8b071b2611e5fe84/detection 181.141.42.35:2299 192.169.69.26:2299 asycoctubre20212021.duckdns.org segundaversionasyc20212021.duckdns.org # Reference: https://www.virustotal.com/gui/file/cc7d7321cd0e93fb312ea39c0124256fa60b3335cd6632ec0e83ffb4bf2b3dc9/detection 3.91.91.127:3071 # Reference: https://www.virustotal.com/gui/file/285a61210326ff7f555c101bd70e19297a0eae42d1cb60a054c9b3827476920a/detection agusanplantation.com # Reference: https://twitter.com/pr0xylife/status/1494027121672572934 p21oiuun.blogspot.com p41wwew.blogspot.com # Reference: https://twitter.com/InQuest/status/1494020539282857999 # Reference: https://twitter.com/Finch39487976/status/1494025631377633280 /awsafddfhdgfhklskalskasr # Reference: https://twitter.com/TeamDreier/status/1498267807536099328 glassqot.xyz # Reference: https://www.virustotal.com/gui/file/ee612a035e325de9d6d515bd4eebf8f7ba759ce34f2b0741e2da1e8e0bbb8f2d/detection 13.79.186.107:12724 13.79.186.107:1338 13.79.186.107:1604 sikis.ddnsking.com # Reference: https://www.virustotal.com/gui/file/d65a5ac78a2cbb2fdb9f12f751400e5c5fda1ae22de67c6c6dc2df8cafca4684/detection 194.5.98.12:1984 vncnew1984.duckdns.org # Reference: https://www.virustotal.com/gui/file/7e16922c0da011c35c92ff5b1619d44add3df00232664cb7a22a19fd47a64f3e/detection 23.105.131.161:1337 # Reference: https://www.virustotal.com/gui/file/3b31d99396f9a664c739d1b666b57b19d47fd02e47619dffc313725408f1ed69/detection 185.247.69.130:3060 # Reference: https://www.virustotal.com/gui/file/16170cdb184356d800771aafaa7eb965464c2429bb66566c4762709bd3da494c/detection 2.56.57.129:7600 papakamzy.ddns.net # Reference: https://twitter.com/pr0xylife/status/1501538557302906881 tromdx.quest # Reference: https://twitter.com/0xrb/status/1501811448481468418 # Reference: https://www.virustotal.com/gui/file/e420d90738208a061aaca7b310bedf7efb56e89451c19d5049649621283ec583/detection fhelandsb.xyz # Reference: https://twitter.com/0xrb/status/1504363330651451395 # Reference: https://www.virustotal.com/gui/file/96c94753d9c4e21e9b27234517b36a2e3dd20492e2b112df8424de6e4f3971ce/detection luc4e.xyz # Reference: https://twitter.com/KorbenD_Intel/status/1504852684049981441 # Reference: https://www.virustotal.com/gui/file/50f4e6cf993b3cff47a2d0beaf2dfc897d00b5a220673cc47512f6795820ee13/detection basicsoveradoandsqls.blogspot.com # Reference: https://www.virustotal.com/gui/file/1aa74e2dbe9ad559a1f647046473767a890af31fa2490ee60adbe5103ed249bb/detection 103.147.185.68:777 kdaoskdokaodkwldld.blogspot.com starinxxxgkular.duckdns.org # Reference: https://twitter.com/JAMESWT_MHT/status/1506652188654850050 http://2.58.149.41 # Reference: https://twitter.com/0xrb/status/1508384289574252544 http://18.179.111.240 http://31.210.20.150 # Reference: https://www.virustotal.com/gui/file/7a9cd326adf37a9b48788b4106f94ef9e624a85c7e6c9e68db5aefd0f07fa31c/detection inestone.info # Reference: https://www.virustotal.com/gui/file/188043fd28084b04cafd0f5a2103e26f3b95bb0ae4911b1ec4c7dae9cca51f5e/detection # Reference: https://www.virustotal.com/gui/file/454014b8d0a97800035504e0dd36e7717c21b8022a7c06a8d133c1afabf107cf/detection lookupworm.mbplc.xyz # Reference: https://www.virustotal.com/gui/file/b67205df267d03b58c2371687df9e3353d2d6408daf97cc8c45d980ea7a528dc/detection 194.5.98.208:4422 lookupnjblack.mbplc.xyz lookuprdcra.mbplc.xyz njblookup.mbplc.xyz # Reference: https://www.virustotal.com/gui/file/3a0dcd4a3bf18d9665ba283db37a2bb3b77616822fb95da920ab894f88fa1fb5/detection 79.134.225.89:2233 lookupnanor.mbplc.xyz # Reference: https://www.virustotal.com/gui/file/ff594d970ac8400ceba8d2e396b6183f9e7c09d002aa4a6d1361c72634e3ea2e/detection 116.62.200.72:47722 tonghua2021.ticp.vip # Reference: https://www.virustotal.com/gui/file/ab476ce105370135bc45ee9b3d946f99647203d61396f8c626139de16cfbcf84/detection http://18.156.82.84 # Reference: https://www.virustotal.com/gui/file/e0c14c8a1ace5e434b25250b28580b6f9e657f59c69ed1af1ccff135593ce9e7/detection http://18.193.102.232 212.192.241.50:1010 # Reference: https://www.virustotal.com/gui/file/c2145acbab68ac8a0c33194cbab2f3a48dcff7d7804842f80620191fee0c2fb6/detection http://52.59.234.180 # Reference: https://www.virustotal.com/gui/file/8744857085a019e8dd048176fa47a5f34aa80a7a1a26d00528c047316612522d/detection 52.59.234.180:33127 # Reference: https://www.virustotal.com/gui/file/af880994009ae32acf2ac7f09f2c7ce28abe8aa20580ef6d5248690698601077/detection tromdx.sbs # Reference: https://www.virustotal.com/gui/file/c2c910a12958213c5942d23bd6c2b70aef94b3c9971216af866c36a0ca328024/detection http://185.222.57.209 # Reference: https://www.fortinet.com/blog/threat-research/phishing-campaign-targeting-korean-to-deliver-agent-tesla-new-variant # Reference: https://otx.alienvault.com/pulse/61b75c2915050cf6e811fef9 onedayiwillloveyouforever.blogspot.com madarbloghogya.blogspot.com # Reference: https://app.any.run/tasks/c1872210-cc81-434c-beae-21f74c8ea83a/ http://3.110.216.64 # Reference: https://asec.ahnlab.com/ko/29133/ # Reference: https://otx.alienvault.com/pulse/61a8dfe2a333faf90e50f7b3 minpowpoin.duckdns.org # Reference: https://www.anomali.com/blog/aggah-using-compromised-websites-to-target-businesses-across-asia-including-taiwan-manufacturing-industry # Reference: https://otx.alienvault.com/pulse/611612574ba8f1bd5de5e8d6 dlsc.af/jango/1.html dlsc.af/jango/2.html dlsc.af/jango/3.html dlsc.af/jango/4.html dlsc.af/jango/7.html dlsc.af/wp-admin/buy/5.html dlsc.af/wp-admin/buy/8.html elmerfloyd.com/ru/ elmerfloyd.com/ru/Server.txt elmerfloyd.com/ru/Server2.txt elmerfloyd.com/ru/doc elmerfloyd.com/ru/doc/Server.txt elmerfloyd.com/ru/doc/ex/ALL.txt elmerfloyd.com/ru/doc/ex/Encoding.txt elmerfloyd.com/ru/doc/server.txt elmerfloyd.com/ru/st/ALL.txt elmerfloyd.com/ru/st/Server.txt elmerfloyd.com/wp/4.txt mail.hoteloscar.in/images/5.html # Reference: https://www.virustotal.com/gui/file/fe07fc5d6f56e9126ba4035f7465eb4c9ec5ec6427568c507f2cfc5f5023aabf/detection eb-bonker.com smtp.eb-bonker.com # Reference: https://www.virustotal.com/gui/file/ec974ca6242aa652bd3072ee8bac2d1e20d538835fe98ecf67b45289c4a5c168/detection zoll-bund.com smtp.zoll-bund.com # Reference: https://www.virustotal.com/gui/file/fa916026f2fcab4826e44ffc4a1601f8ffefc15f4788125ec22c0301a388c60a/detection 79.134.225.115:84 # Reference: https://www.virustotal.com/gui/file/4c6ee3e7b8435f5710ec2f97861e81d6bed5e618209b9af55f45022cbda51c93/detection 37.46.150.105:1109 37.46.150.105:1235 service.mozillaupdater.com # Reference: https://www.virustotal.com/gui/file/e73d5449c96c2b696fba508fc10aed6fb5c816cad4c6052dc8d3a972add1eeb1/detection http://185.222.57.155 # Reference: https://www.virustotal.com/gui/file/ed374e0b094ff23907497ed79a603e0b20bdfc268ea5fc1fabbf559cf0fab235/detection http://136.144.41.76 http://3.68.158.237 # Reference: https://www.virustotal.com/gui/file/2123f1c10dac02ac6c2fe68531d4ac9f03b9dedf68bbf7988667c7938a1788f1/detection http://20.222.50.134 # Reference: https://www.fortinet.com/blog/threat-research/phishing-campaign-delivering-fileless-malware # Reference: https://otx.alienvault.com/pulse/627e55b58b63d7af57b8362f taxmogalupupitpamobitola.blogspot.com # Reference: https://www.virustotal.com/gui/file/12827476a9a580f9954c0d5f62bcbd570a3ebc688125ee7034075b4c4650fbf9/detection 94.198.40.11:4780 tyujfg55.ddns.net # Reference: https://www.virustotal.com/gui/file/098a60a2b91e1875ff1a3392f0952d0bf15ca6ea538bcf977d4779e979389ec7/detection 194.5.98.16:5743 tes4004.ddns.net # Reference: https://twitter.com/JAMESWT_MHT/status/1528989649133240321 sartco-ir.com smtp.sartco-ir.com # Reference: https://twitter.com/Computeus7/status/1531657197507297280 http://45.133.1.41 http://52.59.30.24 # Reference: https://www.virustotal.com/gui/file/4820df9a7a0f1eab0f8d67c6f66a770823fed3e00af12426982d24e96be6cce0/detection officedocuments.duckdns.org # Reference: https://www.virustotal.com/gui/file/028019f1c7740146ca887bbc2fd9249d16088adc376543e7c7464ad3e516e729/detection http://2.58.149.2 # Reference: https://twitter.com/KyleKrejci/status/1536440534335627264 # Reference: https://app.any.run/tasks/5ebb3c01-c250-4811-9241-5ce65e3a5550/ http://78.138.105.142 78.138.105.142:21 78.138.105.142:56152 78.138.105.142:56153 workflowstatus.live # Reference: https://www.virustotal.com/gui/file/47b2d4a36b13e444baf1cc93e53dc43f694bb2ddd8dc27cccb83358bdbec397d/detection 78.138.105.142:62174 78.138.105.142:62188 78.138.105.142:62335 78.138.105.142:62524 78.138.105.142:62728 78.138.105.142:62932 78.138.105.142:63133 # Reference: https://www.virustotal.com/gui/file/f48560ece84a9ce7712de673e824da2255c38c4aaac14f022fff31471d3fa2aa/detection 78.138.105.142:52901 # Reference: https://www.virustotal.com/gui/file/8aae21852d1307637f69490d55c5f3b62be9d4f0d1860236d8bce98edb3032a4/detection 78.138.105.142:55660 78.138.105.142:55665 # Reference: https://www.virustotal.com/gui/file/8a0609f4c968db4ce17d3db40186c95d5e83508903c7be4e7d9b66e6b1949a6a/detection 78.138.105.142:63035 78.138.105.142:63047 78.138.105.142:63143 78.138.105.142:63273 78.138.105.142:63420 78.138.105.142:63597 78.138.105.142:63802 78.138.105.142:63908 # Reference: https://www.virustotal.com/gui/file/614810c90a5351a452d452338c292d3eb637fae0b180c2695a652790757eb3d1/detection 78.138.105.142:52582 78.138.105.142:52583 # Reference: https://twitter.com/tosscoinwitcher/status/1537499839168032769 http://193.233.191.138 # Reference: https://twitter.com/malwrhunterteam/status/1538843577047973890 # Reference: https://www.virustotal.com/gui/file/d6eadfa5ca3a0a9910e9ff9d8c89cabf9417f74da30b31ac89e98c65716b6901/detection http://51.255.4.253 51.255.4.253:21 51.255.4.253:49722 51.255.4.253:49723 # Reference: https://www.virustotal.com/gui/file/7520049a8b7f13afb144b8cfb8061f7bc9dd6e5ef99f58869b1eacee7359b028/detection 51.255.4.253:49732 51.255.4.253:49734 51.255.4.253:49735 51.255.4.253:49736 51.255.4.253:49737 51.255.4.253:49738 # Reference: https://www.virustotal.com/gui/file/964ba4b1716c4c10e41efe3ab2e44dab4e6dfcc415282f2fe47f0c17549828ee/detection http://62.197.136.167 # Reference: https://www.virustotal.com/gui/file/0b1c3985cfe6fd26489cc745f60cf63e6bea52b410c099e3434befa2c6568b19/detection http://74.201.28.111 # Reference: https://www.virustotal.com/gui/file/03c9710a47d065da81d4321c06b9ccd9b48d9a9dc692a9df92c564b04eca7929/detection 102.89.2.247:1009 greataggy2.linkpc.net # Reference: https://twitter.com/reecdeep/status/1547582759543091202 51.210.113.204:21 51.210.113.204:587 parlakraj.com ftp.parlakraj.com mail.parlakraj.com # Reference: https://github.com/0xToxin/Malware-IOCs/blob/main/Agent%20Tesla/AgentTesla-%2017072022 # Reference: https://tria.ge/220717-f3fweshahl # Reference: https://www.virustotal.com/gui/domain/obynnehhhan.com/relations obynnehhhan.com smtp.obynnehhhan.com # Reference: https://www.virustotal.com/gui/file/bc92a5b1c4205ea1fbfec9144b8aab485e095142c7105c9d616b089ec668f198/detection onyangdol.site # Reference: https://www.virustotal.com/gui/file/bbf259ce41309be3f93aa4100d6a8bf2fd84b11d884143b01046ede50b49296c/detection 45.137.22.123:65 filli.fastestmaking.com # Reference: https://www.virustotal.com/gui/file/ce06d859d485847cca5b67656d6dd7d5450f68f8c92e4fdff6010f0cce3982be/detection bits.fastestmaking.com # Reference: https://www.virustotal.com/gui/file/09cd25675dfbb2f5f765acfaf5755b0b27b60d0e1bfd15921499799ff96c9583/detection 172.93.187.249:76 vst.fastestmaking.com # Reference: https://www.virustotal.com/gui/file/1c90c6941bb88cace359cccc81a15bbb966df702c09a53a460a178115e52d220/detection 172.93.166.240:82 signal.fastestmaking.com # Reference: https://twitter.com/1ZRR4H/status/1551271193579331584 testeee-d23ed.appspot.com /hfjghgjhgjhgjh.txt # Reference: https://twitter.com/ov3rflow1/status/1551994170801356800 greeeeeeeeeee-6cc16.appspot.com # Reference: https://twitter.com/JAMESWT_MHT/status/1552979829540126721 namaztrading.xyz # Reference: https://www.virustotal.com/gui/file/bf82e63a329df322601a0e89ee6bb266eef45e7c8ad21d18ec112a7b47ab4b21/detection 91.193.75.132:1660 phili01924.ddns.net # Reference: https://tria.ge/220815-f7pzwsheg4 smtp.valtronics-ae.com # Reference: https://twitter.com/reecdeep/status/1560189373865402368 alptamaracapital.org # Reference: https://github.com/0xToxin/Malware-IOCs/blob/main/Agent%20Tesla/AgentTesla-%2023082022 botswlogistics.com imap.botswlogistics.com smtp.botswlogistics.com # Reference: https://twitter.com/malwaremustd1e/status/1562419200676601856 dadabhoy.pk # Reference: https://twitter.com/0xhido/status/1564190784135593984 klarotecnologia.com.co/xx.txt # Reference: https://twitter.com/pollo290987/status/1565241508185399297 # Reference: https://www.virustotal.com/gui/ip-address/107.182.129.168/relations 107.182.129.168:21 # Reference: https://twitter.com/reecdeep/status/1567505037743607808 # Reference: https://www.virustotal.com/gui/file/b957fdda6bfbdb542996764b9e727533dd86194f6c34969cbbabd970ecee6ee8/detection botswlogistics.com imap.botswlogistics.com smtp.botswlogistics.com # Reference: https://www.virustotal.com/gui/file/c5fef5b2aa9ed0317a992428b220bd439e3ffe0263d27e2c30a088539c15a177/detection idtetangede.cf # Reference: https://twitter.com/James_inthe_box/status/1570073763525595141 # Reference: https://app.any.run/tasks/3af3d4dc-cd23-42ef-ac60-bc672ae03350/ 107.182.129.168:59769 107.182.129.168:59770 # Reference: https://twitter.com/0xToxin/status/1570084621907361792 pushkinfear.xyz # Reference: https://twitter.com/reecdeep/status/1572964195821359106 jubana.cam smtp.jubana.cam # Reference: https://www.virustotal.com/gui/file/6fc8c73f925cec7ad7e0b0123ee9a92a1b11166466f37a11ebc492e1eb3cfc44/detection http://194.145.227.242 /new_Iaaykfiq.png # Reference: https://unit42.paloaltonetworks.com/originlogger/ # Reference: https://otx.alienvault.com/pulse/6321cdc9ae733812be9b9331 0xfd3.com origindproducts.pw originlogger.com originpro.me originproducts.xyz # Reference: https://twitter.com/0xToxin/status/1574677346421862401 # Reference: https://www.virustotal.com/gui/file/b93acad3589d244513504bb4bedb0e1efff008a35347f7d5062cd44a6a70bb09/detection 185.216.71.84:21 # Reference: https://www.virustotal.com/gui/file/208456d77b3702b1b5ae05273327feca114be373ab54c8e26937e54a605ee2f5/detection 193.161.193.99:34463 retrixclix69-34463.portmap.host # Reference: https://www.virustotal.com/gui/file/989794eafbea5d4a419155e6ff0b7ab30eb8e45a4d220c64b40e65191e8419dc/detection 37.0.14.202:5050 # Reference: https://twitter.com/0xToxin/status/1583157689898573824 http://195.178.120.72 # Reference: https://www.virustotal.com/gui/file/626b980cc5556566f2d86f27e221529097057c14c5694f7b2f81e1575c0ebcaa/detection # Reference: https://www.virustotal.com/gui/file/2ab6d433562cd06c8abfd5063ebfcfb5c9b44cde063f53643379a97b64bdf1d1/detection 86.104.15.60:21 86.104.15.60:50573 86.104.15.60:50712 86.104.15.60:55808 86.104.15.60:57642 86.104.15.60:57885 86.104.15.60:58665 86.104.15.60:59037 86.104.15.60:59250 86.104.15.60:60743 86.104.15.60:62347 86.104.15.60:64263 86.104.15.60:65063 chinazhonghang.com ftp.chinazhonghang.com # Reference: https://www.virustotal.com/gui/file/68180cebba2d550b1dd946b86c48ebb3eaddf8589a4b0da769994667f2c20a81/detection 79.134.225.12:13432 waleweb.ddns.net # Reference: https://twitter.com/JAMESWT_MHT/status/1587028507888173058 http://194.180.48.246 # Reference: https://twitter.com/0xToxin/status/1587576617949446148 http://62.108.40.71 # Reference: https://www.virustotal.com/gui/file/04300ce07c309487107a7338ca86ad5ff7bd4364227767c643f77a692b901152/detection 23.105.131.236:2048 inforosi3m.hopto.org johnie3m.hopto.org micheal3m.hopto.org sheilabeltagy4m.hopto.org # Reference: https://twitter.com/th3_protoCOL/status/1590008450716962825 # Reference: https://www.virustotal.com/gui/file/46742d39d6b545f772a5e59fbb3473da920724bff3d44ddae1f31eab115ccaa8/detection microsoft-assistant.com # Reference: https://twitter.com/cr4shtest/status/1590073717736222720 http://62.204.41.235 # Reference: https://www.virustotal.com/gui/file/03bc0dd9fdc46ce607f1158fd4ed8d4e5c9b9f5dc67b49c67bf626ec4f2ef001/detection dorkedmail.shop # Reference: https://twitter.com/0xToxin/status/1591008859992502273 http://107.189.4.253 # Reference: https://urlhaus.abuse.ch/host/193.106.191.16/ # Reference: https://www.virustotal.com/gui/file/000f15928063325a1951917b34264a1b74a2a1a637808d38d708a2a9ef6bfabe/detection http://193.106.191.16 193.106.191.16:7766 /obf_AaAaaaBBBAAa.exe /obf_AAaaAaAaBAaAaBA.exe # Reference: https://www.virustotal.com/gui/file/d4079295508b31050776a08493fc0ad82f4dff60ed5757ccb1fb878a837f9331/detection 136.144.41.243:1111 95.214.24.140:1111 elektraal.duckdns.org # Reference: https://marcoramilli.com/2022/11/21/is-hagga-threat-actor-abusing-fsociety-framework/ http://4.204.233.44 /Dll/Dll.ppam /Rump/Rump.xls # Reference: https://www.virustotal.com/gui/file/4168b19c680ca6915af6fd3cff3e2a59f61a9e85d781aa903fff9d30f1a95dea/detection 79.134.225.31:3477 marionpreet.ddnsfree.com # Reference: https://twitter.com/souiten/status/1598551767985573890 http://20.238.8.87 # Reference: https://www.virustotal.com/gui/file/2feaed19066bd61d7d6995b69373271a65caa1aa55d040fa4234fe98268d0e72/detection http://185.246.220.249 # Reference: https://twitter.com/JAMESWT_MHT/status/1600778404164694017 # Reference: https://tria.ge/221208-kr54dscd6t tegzw-com.cf mail.tegzw-com.cf # Reference: https://twitter.com/HaoZhixiang/status/1602934666704474113 # Reference: https://www.virustotal.com/gui/file/130282c194b24451677eafe97cc7734217826a50469060f5120d82c0f3f89887/detection divmainbot.pages.dev # Reference: https://www.virustotal.com/gui/file/1710f5dc460e74baa34df04eaf632df8055b6497d8c18fc24572d3e53ed06e48/detection otogi-zensen.com # Reference: https://www.virustotal.com/gui/file/0420aee150550e0f46b0b5e918c6e17f2a48c32b31eb271eeea537e5e91ed544/detection 185.27.133.14:21 185.27.133.14:38501 # Reference: https://gist.github.com/kirk-sayre-work/32b6d6b788ad39008e5ec06f918d3ef1 http://185.136.170.209 http://195.178.120.24 http://5.42.199.41 /22todaoctob.txt /24thtodayjajdjdhdfhhf.txt /agdsjdfgfahjsdhgfsdgfjkagsdjh.txt /ajkgjshkgsgfskgasddsfsd.txt /ajsgashfgafajsgasjdqwdsvdsja.txt /emabiggggg.txt /fgfzfgdgdghjfhjfjh.txt /gdjsagjsgsadavdhjwes.txt /ghsjgjgjsjgdsgjgsgdj.txt /hajsfdsahjfgafgsfgdjsah.txt /hdsagsjskgsahjgsgasjgjsgdhf.txt /jsajgsjssgfskgfkgfssa.txt /ksbkjsakjdsbndkjakjbdsa.txt /nasdvbnnbdjsbbdhvshadhajsdsbdjnvd.txt /sjfhsdfjhdkfgjsdfkjkssgthurs.txt /yesyesbnononoyes.txt # Reference: https://twitter.com/reecdeep/status/1604833395057491968 http://103.171.1.58 /SssgRpjWU57.u32 # Reference: https://www.virustotal.com/gui/file/1a63ebf5ad49cfec1cbb99dc2e8fb863a7f7bb309373d1396b44114f161351b6/detection 185.140.53.9:1110 1110.hopto.org # Reference: https://www.virustotal.com/gui/file/444d9818dff6801ccf8ded476f2b76bbe9c9a6166656e22c58777751e57e8e75/detection 194.147.140.4:2202 2202hotfield.hopto.org # Reference: https://twitter.com/Unit42_Intel/status/1611379660029366273 # Reference: https://github.com/pan-unit42/tweets/blob/master/2023-01-05-IOCs-from-Agent-Tesla-variant-infection.txt # Reference: https://www.virustotal.com/gui/file/19a256a2a9bc0d7222511f9dff8941fc38f6bd9721265d554adec0c035dc8651/detection savory.com.bd/sav/ # Reference: https://twitter.com/James_inthe_box/status/1618647794050535424 # Reference: https://app.any.run/tasks/5907d10c-7691-4d53-ace6-c3b58ed08db8/ http://198.98.55.114 # Reference: https://www.virustotal.com/gui/file/01879e8322b8cc4a89bfa063e1072a689b09aafbca13657bac9462c253accafb/detection dropbuyinc.ga # Reference: https://www.virustotal.com/gui/file/6917d78000e1b9fc8a4b0bc49ad7a4458d5e61c29ca9ca2660479f65a3ce3d72/detection alpatrik.com # Reference: https://twitter.com/InQuest/status/1626758679843205120 billielishhui.blogspot.com urlpropogationintimitacy.blogspot.com # Reference: https://www.virustotal.com/gui/file/e2301b4f7c0ee56d2b75f25eaf25554ee12fa326f5a7abd5a93c7597b157cc5c/detection 142.202.191.242:2020 142.202.191.242:3040 142.202.191.242:4040 0pmboy.duckdns.org mxvssb.duckdns.org # Reference: https://twitter.com/wwp96/status/1627922823917486080 # Reference: https://app.any.run/tasks/ee706ee5-26a2-4cf9-b0dc-b18a9951ac94/ catknock.com # Reference: https://www.virustotal.com/gui/file/7ce6c3f269eefc0ab0e638a64f9d77d8e003aa7acb9f819310b614f7b09c155c/detection sekereoka.ddns.net # Reference: https://www.virustotal.com/gui/file/5b7354cfa06b92e03b0da28136787e7cb445923534f5ed225d7ab21a0d4a0752/detection 194.5.98.111:55720 sekereoka1.ddns.net # Reference: https://twitter.com/InQuest/status/1628304944381018113 doccallingupdate.blogspot.com # Reference: https://www.virustotal.com/gui/file/1202b3945fc4180dde14d70d30c462fceb63a997a39948890682860cb654bba0/detection http://107.175.202.151 # Reference: https://www.virustotal.com/gui/file/b0f43b5dfa96cdff8e48fccb2c5955822afc954f821bb51123dcc6bb03644317/detection plax.duckdns.org # Reference: https://mp.weixin.qq.com/s/rF4p-PHQrV33svltk44vOg # Reference: https://otx.alienvault.com/pulse/63fce762ed5bacb1a8ae2532 emilie.businessup.be portal-test.xperiorlist.com # Reference: https://twitter.com/wwp96/status/1633183691701899269 # Reference: https://app.any.run/tasks/b0d365ec-4c7a-43e2-a39c-0f11bd57c7b0/ emsgpo.info ori.ydns.eu # Reference: https://twitter.com/wwp96/status/1634293116995002369 http://107.172.4.169 # Reference: https://www.virustotal.com/gui/file/7711662adb3022ca0f778deb6ee91f9368e1066e046512ea11283767275c953b/detection 46.246.14.20:5670 paomarca.duckdns.org # Reference: https://tracker.viriback.com/dump.php (2023-03-12) http://103.141.138.110 http://103.147.185.68 http://103.153.76.164 http://104.144.198.78 http://107.182.129.59 http://142.132.185.172 http://149.28.210.77 http://163.123.142.161 http://180.214.239.67 http://185.117.90.36 http://185.225.74.69 http://185.246.220.133 http://192.210.214.146 http://193.233.187.19 http://208.67.106.111 http://37.0.8.144 http://37.0.8.76 http://45.141.84.146 http://69.174.100.168 http://79.134.225.77:44 http://80.85.156.9 http://85.202.169.159 http://85.31.46.78 http://95.181.164.213 ac4d2t1.xyz accountingdept.co adventuretoddler.com afunshy.duckdns.org akhskneya.org amidas-sec.com ankaragucluler.com apcontech.in arki.trusecudosdeslyinvoicsed.top bagavathimachines.com bakuzamokala.duckdns.org bayt-properties.com berryglobals21.xyz billaccountant.com bnpparis.co bohler-edelstahl-at.com bpi-business.live bqmbams.com calicheimpresores.com.co callatelogs.com.ng cherryblossom.fashion chestermachinetools.me clillozikoexx.pw cococlaw.com cookdupagetransportation.com coolhead.xyz coopalerj.com.br drfahimeshahrokhi.com duramesh.com ekmillerproductions.com ekonomski.ba expolinks.co.in fentibruks.xyz flood-protection.org fmg1.xyz fmg2.xyz forepointmachinery.com freespending.info freetheme.co gecfornmosa.com gharsyhndur.com gonbringlog.pw goodboxx.in greukrainy.duckdns.org gsi.net.vn gulfgrating.com hdfbank.in hfddsz3232d.top hosseinsoltani.ir hwapoa.com infocheckdetails.com investorzillion.com jacvim.com jober.pp.ua karatu.xyz khwahishpunjabi.com lab2e1.xyz lagrangegps.com lametopvxry.ydns.eu leylakaiser.com limo.trusecudosdeslyinvoicsed.top lku7.tk luc4g1.xyz marktinbet.pw maryduke.co.uk mediaboat.in microsoftiswear.duckdns.org mobibagugu.duckdns.org mobinomomuam.duckdns.org myservepanel.com newsandbooks.xyz nofearworld.xyz obclndolnogs.pw oko1e2.xyz onwaoct.xyz onyembu.pm ophtalmiccenter.com opt-outgoingemail.pw originweb.ga parkkavalayam.com people.servegame.com perfa.pk protoolschile.cl prt.obclndolnogs.pw pushkin231.mooo.com pushkinorigin.ydns.eu radiokerigma.com.br rajasthankiran.com rawpanels.com re-pos.in referralwx.com regattaxiamen.info regencyship.info salkic.co.ba samberii.com sandjsolutions.co.za seaviewbatroun.com securefileshared.com sharepointcrmtemplate.com shivsons.info sr.dammadixon.com successlink.co.vu supreme.servegame.com t1koma.com theremedycenter.com threahingweath.com tienthinhgroup.com trusecudosdeslyinvoicsed.top wellnesslifezone.com willyprocessequipments.com workpaymechuby.com wttxt.info yungchunsteel.com zacwon.com # Reference: https://twitter.com/kienbigmummy/status/1635195179933245441 # Reference: https://www.virustotal.com/gui/file/40ab3a8829f6a3b392c147c78a9780c5116dca9c49b381d5557cb7ea3b99b67b/detection http://167.114.163.232 # Reference: https://www.virustotal.com/gui/file/145a6111995b10d04ccf1d3689fc82d75f1d7526ade1e138788bec6a1f07ca9b/detection cs50.publicvm.com # Reference: https://www.virustotal.com/gui/file/0d138f074481ae773f460a2960fa260f1084acc4f0e30fdccbc1cdbe041141ac/detection downloadserver.duckdns.org # Reference: https://www.virustotal.com/gui/file/e8340421f6bfccc9590f760bb5d4a2a614c8bb1f30f6d6671395f2792d8bf6d6/detection justnormalsite.ddns.net # Reference: https://twitter.com/Gi7w0rm/status/1640051185632591872 http://91.228.197.168 /j/p10j/login.php # Reference: https://twitter.com/jstrosch/status/1641402601265668096 chasamloriger.su # Reference: https://www.virustotal.com/gui/file/c0da45f5778bea3893cd37ac93c2951e1b529c1fb9a21205dea021c28fc5ad53/detection 46.246.6.12:1028 blast012.duckdns.org # Reference: https://www.virustotal.com/gui/file/0ffb820a4545c18c38d7b7c22c456c53fb7e1135af380b32cc221e0d65a188e3/detection http://192.227.183.170 # Reference: https://twitter.com/Yeti_Sec/status/1648670765116522496 # Reference: https://www.virustotal.com/gui/file/25538b555cd4f041e589015b0a44f148c28d6e2ff13b6e04f48b2ca5b8e723c5/detection http://185.225.74.24 # Reference: https://twitter.com/0xperator/status/1655630579927248896 http://62.204.41.23 # Reference: https://twitter.com/James_inthe_box/status/1663586640101793793 http://185.252.179.22 # Reference: https://www.virustotal.com/gui/file/3fe32b6585d1b08c476c9d32be35debd2128d76780fb48558565a8d53ad71c34/detection http://23.95.122.102 # Reference: https://www.virustotal.com/gui/file/c7cbc6a6984555cf9c4d50922a8e234eb2b50c94e0d216ea1d840618bfc2d00a/detection simplmizer.duckdns.org # Reference: https://threatfox.abuse.ch/ioc/1140185/ # Reference: https://threatfox.abuse.ch/ioc/1140177/ jimbo.ydns.eu /jimboori/inc/ # Reference: https://threatfox.abuse.ch/ioc/1140405/ chibb.ydns.eu /chibbori/inc/ # Reference: https://twitter.com/James_inthe_box/status/1683938338246647808 # Reference: https://app.any.run/tasks/ef1a941b-9495-40ff-ad46-914e22f30236/ adoblupdate.blogspot.com ///////////////////////////////////////////////////////////////////atom.xml # Reference: https://twitter.com/James_inthe_box/status/1689005366250754048 # Reference: https://app.any.run/tasks/5ab5802c-a63a-4709-a213-115260f30b1b/ abodiopdate.blogspot.com /////////////////////////////////////////////////////////////atom.xml # Reference: https://www.virustotal.com/gui/file/5c4025099862f0c9269324f17c072bf287e1957631b25569a7e3b2e018a113df/detection evensayers.com.au # Reference: https://www.virustotal.com/gui/file/ad4d0ab6b7be1e9d1cf47790dc0644617987a156bc5e308ce7cbc359eef46ef1/detection # Reference: https://www.virustotal.com/gui/file/0454600278f00ed9f7324c314164f8399df71053c9f38c77841cd0a0329e8b43/detection db-private.ga db-usa.ga /wp/wp/api.php # Reference: https://threatfox.abuse.ch/ioc/1143987/ macarty.ydns.eu /macarty/inc/ # Reference: https://threatfox.abuse.ch/ioc/1143989/ caeser.ydns.eu /caeser/inc/ # Reference: https://www.virustotal.com/gui/file/f3e6621928875a322ee7230ccf186bdaa5609118c4a6d1c2f4026adfb8e88744/detection huskidkifklaoksikfkfijsju.blogspot.com # Reference: https://twitter.com/James_inthe_box/status/1687140503295565824 abhgzr.ma # Reference: https://twitter.com/petrovic082/status/1687338911452782593 /castrnewbaze64.txt # Reference: https://threatfox.abuse.ch/ioc/1148926/ upadte-reviewer-online.live # Reference: https://cert-agid.gov.it/wp-content/uploads/2023/08/agenttesla_07-08-2023.json worlorderbillions.top mail.worlorderbillions.top /nbvzfip.txt /nigazxbb.vbs # Reference: https://www.virustotal.com/gui/file/0b319d44ffd75de8bba5cc00409b2d9873f37956ce5a4f352e26b445f2e336a7/detection 91.193.75.133:54984 berlinb765.duckdns.org # Reference: https://www.virustotal.com/gui/file/c5cffd536a9cad1fc652d4916fd9b66b94cbf3a5ae1f0478a4f16c690b6bc188/detection 91.193.75.133:4335 nwokesienna.duckdns.org # Reference: https://www.virustotal.com/gui/file/03f98ca060ef7459937402940c3bf191a2bbff322e122c3561016fcc44a59ef1/detection 197.210.226.199:1119 1119.hopto.org # Reference: https://www.virustotal.com/gui/file/11352d20b19fc8333bc6f13a6056755198db7f369acff0f963561b217ab09276/detection 185.140.53.9:1121 1121.hopto.org # Reference: https://www.virustotal.com/gui/file/c806c71111c07686b4664fc0d31b4a6479fb606edc789e4c7bb022fc5da41575/detection 91.193.75.133:5754 knockoffs.camdvr.org # Reference: https://www.virustotal.com/gui/file/b561fbb12e457b373d4bb8e79dd2c7438e7e04142caa0a33ca4b65a5744446cc/detection 194.5.97.23:9997 nanduck.duckdns.org # Reference: https://www.virustotal.com/gui/file/72219e131476a429db3323631405429880f29bb3bbe655d31f1b3e37edd18303/detection cawp1.blogspot.com # Reference: https://twitter.com/smica83/status/1690414969169248257 # Reference: https://tria.ge/230812-vtn8rsch97/behavioral2 px13.blogspot.com # Reference: https://www.virustotal.com/gui/file/49526c1508b1cff277f839a1ba27b4b59d308e744c7f9ef4bdd107fe22de380a/detection 194.169.175.43:5050 amm.mine.nu # Reference: https://www.virustotal.com/gui/file/4b33a49ae0540f43c8357709841be70541d2cf162755e7649604b13740c5bad9/detection swissprint-online.ch # Reference: https://twitter.com/James_inthe_box/status/1691449399174664192 # Reference: https://app.any.run/tasks/1ac1126d-3c92-4d90-a640-cd9a302c3631/ http://94.156.161.167 # Reference: https://twitter.com/tosscoinwitcher/status/1691500186898407424 # Reference: https://tria.ge/230815-vmwn9scc67/behavioral1 http://88.209.206.90 # Reference: https://twitter.com/guelfoweb/status/1693556263513116989 # Reference: https://www.virustotal.com/gui/file/077063918d541317f3a7e19a812bf81acddd93eaa17a91179024e5067c8df3ce/detection 185.198.59.26:587 awelleh3.top mail.awelleh3.top # Reference: https://twitter.com/AvastThreatLabs/status/1694730035305783765 # Reference: https://www.virustotal.com/gui/file/1e512af2d4bc9aec5ead05d077c523a2eb88d29f58f96eab17f207c01e6dab54/detection aboudeupdater.blogspot.com # Reference: https://www.virustotal.com/gui/file/1cc4c731035f4c25866270e64dc1c8ae036bd373f924e080af7b0a588a019fd5/detection 23.105.131.228:1234 skysky.duckdns.org # Reference: https://twitter.com/jstrosch/status/1696896004597887088 # Reference: https://www.virustotal.com/gui/file/dfc4a0222fb2f69e65438196a7935f86c6e42e3005c136930506a37542f6a0f9/detection http://154.202.59.13 154.202.59.13:38834 154.202.59.157:38834 ddjm.top lvmay.top ttjm.xyz # Reference: https://www.virustotal.com/gui/file/1a6c79b3bcdc90f6b1515f76a0b25cd2a642cc27b15d640cc27d3d944d1b59b7/detection # Reference: https://www.virustotal.com/gui/file/2a852589c52954a54a1e658a114fb19e936443aaa85b4fed48b3c64ff1162b81/detection 193.42.24.214:38836 twoseconds.xyz t.twoseconds.xyz x.twoseconds.xyz # Reference: https://www.virustotal.com/gui/file/2293710fbf66e120d90e03f95a38b966da05d33ee0a1df2f14500e4811085494/detection sljm.top # Reference: https://www.virustotal.com/gui/file/1ad2936e4d510633259697d0e7d692131c88de79716228963b39eb128a0dd301/detection http://154.202.59.86 154.202.59.86:38834 # Reference: https://twitter.com/Jane_0sint/status/1697249874251813038 # Reference: https://app.any.run/tasks/76ef05d8-e143-4126-9bd1-e637aa06a764/ http://192.3.179.161 # Reference: https://twitter.com/JAMESWT_MHT/status/1697913019429192133 # Reference: https://app.any.run/tasks/72a87633-a275-4c79-b51f-5bf0a42faad7/ # Reference: https://app.any.run/tasks/779940b6-a41f-4a1b-84ab-4ff6d1d3fc35/ booking-com-details.blogspot.com pwhotelnew.blogspot.com hotelbackuppowaug.blogspot.com # Reference: https://www.virustotal.com/gui/file/25432e8e8f9af1add96454347275d3f7f0167b23212f8c33ee6db99f7eeedc1b/detection 79.110.49.161:4441 moonandbebe.ddns.net # Reference: https://www.virustotal.com/gui/file/3444d090e15e7c6614de5b5796e1fd6a0dc2b77eec63f732b2ea535664dc9a34/detection 2.59.254.111:54357 slucasanderson.ddns.net # Reference: https://www.fortinet.com/blog/threat-research/agent-tesla-variant-spread-by-crafted-excel-document # Reference: https://www.virustotal.com/gui/file/1f562669f05e0880a319399f6b750b1f6fdc10a8f9c54dcfcf5cb9f2224d718e/detection http://23.95.128.195 5.206.227.152:587 daymon.cc mail.daymon.cc # Reference: https://www.virustotal.com/gui/file/b1143ed4cbf60d189c02a47cc9370b587aa62ee3af51b5336a4bb4e6f8b224a9/detection 194.5.98.41:5498 alonso.ydns.eu # Reference: https://www.virustotal.com/gui/file/7ffed39d75c89f4a79d0437d18076ec1906cf0d928886b67c91d2300e16938b9/detection ansrt.duckdns.org # Reference: https://www.virustotal.com/gui/file/08ccb639d18f192ab8120a9c5e2b9eb1499ab6e948aa25d8f108ed49228366ce/detection 186.64.118.235:21 186.64.118.235:46692 ftp.aktivos.cl # Reference: https://www.virustotal.com/gui/file/171c707afb64b5ad621864968ce888af80401c2247b5b21a05f45985063d5b88/detection suchitanandanmahavidyalaya.org # Reference: https://www.virustotal.com/gui/file/b48656a73f039dfc48e237f13a15133739b2f26af136b9540f038e922f98b2c0/detection wjjiutia.com # Reference: https://twitter.com/JAMESWT_MHT/status/1703741629058732262 # Reference: https://twitter.com/JAMESWT_MHT/status/1725508031222333807 # Reference: https://app.any.run/tasks/4923f3d3-446f-44cd-b8b1-5c6266b4b8d1/ # Reference: https://app.any.run/tasks/82c1e27b-e661-41de-8870-60356eeda3d8/ # Reference: https://app.any.run/tasks/c80d9e95-cd8d-4b3c-ae9c-c0daac630a74/ # Reference: https://threatfox.abuse.ch/browse/malware/win.agent_tesla/ (# 2023-09-18) bookingcomdetails.blogspot.com busizinusa.blogspot.com buzalotr.blogspot.com cbasep23.blogspot.com hotelofficeewn.blogspot.com htlbookingnew.blogspot.com idropbux.blogspot.com otherbizzunus.blogspot.com otherbusinesssep23.blogspot.com resutanur.blogspot.com /////////////////////////////atom.xml /////////////////////atom.xml # Reference: https://www.virustotal.com/gui/file/d975dba50f62eabd79d58afaab3bd2b258f723b9944df5ba1050195ea7279f03/detection http://80.76.51.237/ # Reference: https://twitter.com/James_inthe_box/status/1703870219687690660 http://198.46.178.152 # Reference: https://twitter.com/phage_nz/status/1706249304233672910 # Reference: https://www.virustotal.com/gui/file/8ecd6a4c049c61b21aab0e99341ce31b772a96c682402e3c031b9c5a6161d0d4/detection # Reference: https://www.virustotal.com/gui/file/53ed443459ccbd7a66690add22566691a9ce66ebfc51abaff42512ec041a3a68/detection # Reference: https://www.virustotal.com/gui/file/3689ddd7d45ea04f13e073f993afb1b52d576d455d9317f446a31cc282324213/detection http://193.42.33.91 # Reference: https://www.virustotal.com/gui/file/a338fe1eba5338f36bd95896bd18cef545549360f460a6e271367bebee1014b1/detection servidorarquivos.duckdns.org /cousin_GEF_BAS64dgfhjgfxzjgfzgfjzz.txt # Reference: https://twitter.com/THProfiler/status/1708277306073170357 http://107.175.113.216 # Reference: https://threatfox.abuse.ch/browse/malware/win.agent_tesla/ (# 2023-10-03) http://5.253.38.46 poituox.fr rakishev.org/ok.php rakishev.org/wp-load.php rakishev.org/wp-admin/admin-ajax.php # Reference: https://gist.github.com/silence-is-best/23738d87475d67d843bd79231b008e5a evantelamin.top # Reference: https://www.virustotal.com/gui/file/a350bcb4b9de71a8e59178ef490b0c52bf3f7c16525862c04d319f87196dee1c/detection http://94.156.253.128 179.43.183.46:587 royalcheckout.store mail.royalcheckout.store # Reference: https://twitter.com/josh_penny/status/1711820215728693316 http://192.3.176.153 # Reference: https://threatfox.abuse.ch/ioc/1186091/ http://141.98.6.154 # Reference: https://twitter.com/James_inthe_box/status/1712153226676752406 http://107.175.3.22 # Reference: https://threatfox.abuse.ch/ioc/1188877/ http://89.47.1.10 # Reference: https://www.virustotal.com/gui/file/1d4316b5e0e69055fa643f3d47b5ff1004623f20794db703736b45e69412d429/detection http://95.214.27.15 162.0.215.27:587 162.0.232.33:587 euenarji.com mail.euenarji.com # Reference: https://twitter.com/r3dbU7z/status/1716092936377581593 # Reference: https://www.virustotal.com/gui/file/40183148f52840484b1f6c2530b244957bef6b2c493109b52ff1b9e9e41eccde/detection http://141.98.6.91 # Reference: https://www.virustotal.com/gui/file/93896aa8bdee9e17a4c47e132bb0552f6ea7d3610d0791ef080f43148d8ceb85/detection http://192.3.64.154 # Reference: https://twitter.com/reecdeep/status/1717515712757932080 # Reference: https://app.any.run/tasks/53e43e09-0c75-41e8-9eb7-7004a283a3f9/ http://141.98.6.124 # Reference: https://twitter.com/DmitriyMelikov/status/1719271747487211850 http://146.70.78.28 # Reference: https://threatfox.abuse.ch/ioc/1199442/ http://91.92.255.16 # Reference: https://twitter.com/doc_guard/status/1722155230983274716 # Reference: https://www.virustotal.com/gui/file/bb6ee7c5a144c685cfc53ad94995ba0aac1058c850e6c87e24d656296c07d5ab/detection # Reference: https://www.virustotal.com/gui/file/f526ffc788eb36ca310e962831cfc94c5d833ce1be17f4bbccf273a7f874f085/detection http://91.92.241.54 67.212.175.162:21 67.212.175.162:61661 67.212.175.162:63026 # Reference: https://twitter.com/doc_guard/status/1723679910089159051 # Reference: https://app.docguard.io/757a22e465f5958edacf1c9115c3c401fd4cf4ce76108d961268b5c196f95650/results/dashboard # Reference: https://www.virustotal.com/gui/file/757a22e465f5958edacf1c9115c3c401fd4cf4ce76108d961268b5c196f95650/detection trackmoney.dynuddns.net # Reference: https://threatfox.abuse.ch/browse/malware/win.agent_tesla/ (# 2023-11-12) 43.230.131.138:21 43.230.131.138:57745 # Reference: https://www.virustotal.com/gui/file/dd869a09d23e367cbcfaeeb3795b54d043b561b299d5e9d367317f1dce7445f7/detection # Reference: https://www.virustotal.com/gui/file/8231ae50074ea3175aec0f30ab396d5971ae5185a4d9e9265eb596737a444fe5/detection 194.5.98.32:4545 197.210.226.89:4545 greenrem.ddns.net # Reference: https://twitter.com/doc_guard/status/1727291737922478235 # Reference: https://twitter.com/doc_guard/status/1730250707188527505 # Reference: https://www.virustotal.com/gui/file/91f7d692760bbadb48882e8a8d8abe9e6890bd4d5b735fad22b3247693da834e/detection # Reference: https://www.virustotal.com/gui/file/632f7e212cc149d81b322def328534953b979d1f1885140e2645e4ac41d0f56c/detection # Reference: https://www.virustotal.com/gui/file/3c756278503cd67e4ca18fa2acbba31c308153b5801f24b222a42b4b3331c780/detection http://192.3.179.133 http://192.3.179.162 188.241.222.22:21 188.241.222.22:38809 188.241.222.22:40665 tyny.to ftp.experthvac.ro # Reference: https://threatfox.abuse.ch/browse/malware/win.agent_tesla/ (# 2023-11-22) 162.144.23.32:21 185.80.2.120:21 192.185.152.133:21 87.121.87.143:6696 7070bc8.sytes.net # Reference: https://gist.github.com/silence-is-best/67adb7549211b3046f554044bcc5c151 sqsendy.shop server1.sqsendy.shop # Reference: https://www.virustotal.com/gui/file/8dcc02ff63771813eb9aaf20bb767f775e960c142a53442ff08442b6615ea9bd/detection http://88.209.206.215 192.185.16.97:21 192.185.16.97:39930 # Reference: https://www.virustotal.com/gui/file/1200b5470aa1f4185c483d8e0e7b51bfa90bad92e83bd9d8b4d5381985815849/detection 191.88.251.67:1014 torrecincodnremdn.duckdns.org # Reference: https://www.virustotal.com/gui/file/c3dae392cec9bd10ad4f2029a4f30642146b66584d6c0716ee6c8781164a145c/detection # Reference: https://www.virustotal.com/gui/file/90f29e5759915cdf22122f9ae8fe99da5e68b8c36b3db9a3ef295ebe7f81e9d8/detection 181.131.217.46:1013 mazdaallegoredn.duckdns.org # Reference: https://www.virustotal.com/gui/file/ec1a914884709e72303399d8078d3e92590d67cb5a43e9b60e5a22671c4a9534/detection 191.91.181.184:1014 dnparqueaderodnre.duckdns.org # Reference: https://www.virustotal.com/gui/file/064436bae6b72769b71f9fc0c5237c473caadc0edea0fc94e8413189fbcf250d/detection http://178.128.238.137 # Reference: https://www.virustotal.com/gui/file/ec17225fdc8beb40a5b9668d5f769ce01bb1164cc310951a7cbcdef676a7b90f/detection 213.152.161.234:9693 dico.is-saved.org # Reference: https://twitter.com/bofheaded/status/1732788654635126788 # Reference: https://www.virustotal.com/gui/file/78b939e31c2226b2795868115cea7603df1b2e3281864740dbee846778b81b6a/detection http://15.204.49.148 http://91.92.250.227 http://91.92.254.7 abedwpdata.000webhostapp.com # Reference: https://threatfox.abuse.ch/ioc/1211511/ http://107.175.221.154 # Reference: https://www.virustotal.com/gui/file/96e0e29bc08e5408ea75ee7aabee3c1192f0a8adfabdb8b9123f8fc8781db5d4/detection 46.246.84.18:1000 # Reference: https://www.virustotal.com/gui/file/2e2e035ece4accdee838ecaacdc263fa526939597954d18d1320d73c8bf810c2/detection http://217.196.98.10 http://91.92.253.29 164.155.231.101:16 # Reference: https://www.virustotal.com/gui/file/2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce/detection cream.hitsturbo.com needs.hitsturbo.com # Reference: https://twitter.com/James_inthe_box/status/1738233717083316634 # Reference: https://app.any.run/tasks/87f35396-902b-4073-b86b-2bbb72bfc215/ # Reference: https://app.any.run/tasks/3a6e270c-50fd-49d6-b028-65ca1947e06e/ blo0king.blogspot.com # Reference: https://threatfox.abuse.ch/ioc/1222975/ http://212.162.149.96 /jTUdENoc176.bin # Reference: https://twitter.com/JAMESWT_MHT/status/1743618987303317935 # Reference: https://app.any.run/tasks/54b1fc09-1482-4b1b-b79d-d65e5a0a5d35/ htloctmain25.blogspot.com # Reference: https://www.virustotal.com/gui/file/22b34ea4b059e690696323d441fa4fb797fdae1adb3b5ef32ea8cf256acbcea2/detection 104.254.90.195:42892 portcheck.airdns.org # Reference: https://www.virustotal.com/gui/file/cc8746614372f04897f441f269ec11796e78a3a60680ff8c7dd98ff4d69c31ae/detection spencerstuartllc.top fly.spencerstuartllc.top # Reference: https://twitter.com/tosscoinwitcher/status/1754339751275221483 # Reference: https://tria.ge/240205-c9qsesafdr/behavioral2 vitalikcreatedethereumtobethenewworldorderscurrency.shop # Reference: https://twitter.com/JAMESWT_MHT/status/1754411145870410108 # Reference: https://app.any.run/tasks/716315dc-bf30-4549-acd3-b456721ba60a/ htlbackfeb-03-24.com booking-c.blogspot.com booking-coms.blogspot.com htlfeb24.blogspot.com # Reference: https://threatfox.abuse.ch/browse/malware/win.agent_tesla/ (# 2024-02-11) http://91.92.250.136 merckllc.top ndbplus.rs # Reference: https://www.virustotal.com/gui/file/a430a60d9da2d2b9c0dd2bc28e71dd7c8f6944daacec6f4bc67800659e4c5b5b/detection yegfhdbcnxvzaheiopfhjd.ydns.eu # Reference: https://www.virustotal.com/gui/file/2221ac54239887df62a5f2fff01046ad81a159d842e2a4a26d4b0eee17791dd0/detection http://5.181.80.193 # Reference: https://www.virustotal.com/gui/file/a06366b0fa7d5744a507ef1afdafa02d81a4315bdba697993b7ee4fce76f1d7e/detection 194.36.191.196:587 odogwubig.info mail.odogwubig.info # Reference: https://www.virustotal.com/gui/file/c940e8a531e26ffdaed0a134574f5f9ff2e039c723fd79edfd58f44dbc251f4d/detection mnfhsgfhaioeuywgdbcva.ydns.eu # Reference: https://twitter.com/Gi7w0rm/status/1765155934899257552 aermecc.com aipusolibcontrol.com barrbi.com bbva-compass.biz betoplogixx.com buhlergrroup.com chrr-hansen.com cittroen-egypt.com crfreights.com euroslottpars.com falconoilgesequipment.com forrwel.net gatesway-group.com greemwell-eg.com happytours-al.com hiaexportss.com infoikittco.com itaka-pl.com jacquatbrossard.com koolorr.com lamiipak.biz leinweber-de.com maxwidalog.com mpdxb-ae.com nep-az.com petromeshaal.com philika.com pooonghanbd.com shinestarrsky.com tirlan-ie.com xiengming.com # Reference: https://twitter.com/Gi7w0rm/status/1765158167002915149 alwnapur.com angeis-face.com atv-cn.com cn-asn.com cordnepharma.com dragonfolis.com fastautodrive.com fufemg-group.com inabota.com inteligencia-adauneira.com jhgolfcrats.com jsandogroup.com koliber24.com ltervate.com makiswa.com maplelenalogistics.com merryynag.com nanosotfpolymers.com newyaselectronics.com rushenterprlses.com saitool.cam trentnoph.com unlmacts.com urrae.com vornoda.com vurayol.com yipln.com youwelchina.com yuxinmechanlcal.com zeondurgs.com zhnogli-lock.com # Reference: https://twitter.com/James_inthe_box/status/1772979442257629298 # Reference: https://app.any.run/tasks/d7fe276d-82e2-421c-92c5-8b0e4a9a65e5/ hotelmain26march.blogspot.com /////////////////////////////////hoho # Reference: https://twitter.com/James_inthe_box/status/1775513290426511642 # Reference: https://app.any.run/tasks/6e0e4947-fd2e-4d97-855a-a3b4cc9d819b/ htlmain2aprl.blogspot.com /////////////////////////////////////hoho # Generic /apama2aktivossssbas364444.txt /AVA/gate.php /AVA/libs/eve/r.png /AVA/libs/eve/x.png /custom/alien/html/base/ /jv/loader/uploads/ /k/p23ec/ /k/p22fz/ /k/p21sz/ /k/p20pa/ /k/p19lp/ /k/p18ui/ /k/p17yu/ /k/p16gw/ /k/p15hy/ /k/p14po/ /k/p13fr/ /k/p12sw/ /k/p11za/ /k/p10gt/ /k/p9fe/ /k/p6ty/ /k/p5fd/ /k/p4fd/ /k/p3fg/ /k/p2by/ /k/p1az/ /k/oo0/ /k/p40sl/ /k/p39pr/ /k/p38ur/ /k/p37tv/ /k/p36yc/ /k/p35ib/ /k/p34oi/ /k/p33rr/ /k/p32wo/ /k/p31en/ /k/p30pe/ /k/p29qm/ /k/p28od/ /k/p27ub/ /k/p26yn/ /k/p25ta/ /k/p24rz/ /b0ss/inc/ /maca/inc/ /maca/maca/ /n/p1za/ /n/p2yu/ /n/p3bc/ /n/p4we/ /n/p5jh/ /n/p6df/ /n/p7ka/ /n/p8is/ /n/p9oz/ /n/p10he/ /n/p11wv/ /n/p12fe/ /n/p13rg/ /n/p14pw/ /n/p15ty/ /n/p16yh/ /n/p17ih/ /n/p18uq/ /n/p19ig/ /n/p20ov/ /n/p21js/ /n/p22ws/ /n/p23rt/ /n/p24re/ /n/p25wl/ /n/p26yy/ /n/p27ed/ /n/p28ia/ /n/p29if/ /n/p30rn/ /n/p31uc/ /n/p32ja/ /n/p33as/ /n/p34xs/ /n/p35ta/ /n/p36gb/ /n/p37up/ /n/p38op/ /n/p39dp/ /n/p40dc/ /p1za/asshole/ /p2yu/asshole/ /p3bc/asshole/ /p4we/asshole/ /p5jh/asshole/ /p6df/asshole/ /p7ka/asshole/ /p8is/asshole/ /p9oz/asshole/ /p10he/asshole/ /p11wv/asshole/ /p12fe/asshole/ /p13rg/asshole/ /p14pw/asshole/ /p15ty/asshole/ /p16yh/asshole/ /p17ih/asshole/ /p18uq/asshole/ /p19ig/asshole/ /p20ov/asshole/ /p21js/asshole/ /p22ws/asshole/ /p23rt/asshole/ /p24re/asshole/ /p25wl/asshole/ /p26yy/asshole/ /p27ed/asshole/ /p28ia/asshole/ /p29if/asshole/ /p30rn/asshole/ /p31uc/asshole/ /p32ja/asshole/ /p33as/asshole/ /p34xs/asshole/ /p35ta/asshole/ /p36gb/asshole/ /p37up/asshole/ /p38op/asshole/ /p39dp/asshole/ /p40dc/asshole/ /p23ec/mawa/ /p22fz/mawa/ /p21sz/mawa/ /p20pa/mawa/ /p19lp/mawa/ /p18ui/mawa/ /p17yu/mawa/ /p16gw/mawa/ /p15hy/mawa/ /p14po/mawa/ /p13fr/mawa/ /p12sw/mawa/ /p11za/mawa/ /p10gt/mawa/ /p9fe/mawa/ /p6ty/mawa/ /p5fd/mawa/ /p4fd/mawa/ /p3fg/mawa/ /p2by/mawa/ /p1az/mawa/ /oo0/mawa/ /p40sl/mawa/ /p39pr/mawa/ /p38ur/mawa/ /p37tv/mawa/ /p36yc/mawa/ /p35ib/mawa/ /p34oi/mawa/ /p33rr/mawa/ /p32wo/mawa/ /p31en/mawa/ /p30pe/mawa/ /p29qm/mawa/ /p28od/mawa/ /p27ub/mawa/ /p26yn/mawa/ /p25ta/mawa/ /p24rz/mawa/ /p1a/mawa/ /p2b/mawa/ /p3c/mawa/ /p4d/mawa/ /p5e/mawa/ /p6f/mawa/ /p7g/mawa/ /p8as/mawa/ /p8h/mawa/ /p9j/mawa/ /p10k/mawa/ /p11l/mawa/ /p12m/mawa/ /p13n/mawa/ /p14o/mawa/ /p15p/mawa/ /p16q/mawa/ /p17r/mawa/ /p18s/mawa/ /p19t/mawa/ /p20u/mawa/ /p13nv/mawa/ /p20gj/mawa/ /p6tyasjdoaksdoaksd/ /flip/inc/ /jboy/inc/ /jimbo/inc/ /ma2on/inc/ /surgj/inc/ /poikmkjoiiou/ /poikmkjoiiou/inc/ /wikema/inc/ /webpanel-baddy /webpanel-blessed /webpanel-cent /webpanel-charles /webpanel-dawn /webpanel-divine /webpanel-donald /webpanel-ele /webpanel-essen /webpanel-ghul /webpanel-ice /webpanel-ice3 /webpanel-master /webpanel-muti /webpanel-nana /webpanel-oba /webpanel-og /webpanel-qwerty /webpanel-qwerty2 /webpanel-reza /webpanel-roth /webpanel-st /webpanel-street /webpanel-trade /0/loader/uploads/ /ting/0/loader/uploads/ /xiang/0/loader/uploads/ /yp/Ksycfxnfut.bmp /Ksycfxnfut.bmp