# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Aliases: apt-c-35, donot, stealjob # Reference: https://ti.360.net/blog/articles/latest-activity-of-apt-c-35/ # Reference: https://community.riskiq.com/article/6f60db72 qwe.drivethrough.top qwe.sessions4life.pw aoc.sessions4life.pw mon.sesions4life.pw tes.sessions4life.pw drivethrough.top trendzs.club sessions4life.club sesions4life.pw sessions4life.pw # Reference: https://ti.360.net/blog/articles/analysis-of-donot-andriod-sample/ godspeed.geekgalaxy.com jasper.drivethrough.top drivethrough.top geekgalaxy.com # Reference: https://asert.arbornetworks.com/donot-team-leverages-new-modular-malware-framework-south-asia/ conf.serviceupdateres.com upload.cloudsekurity.online abodeupdater.com qmails.org serviceupdateres.com serviceupports.com thebangladeshtoday.net sundayobserver.net # Reference: https://ti.360.net/blog/articles/donot-group-is-targeting-pakistani-businessman-working-in-china-en/ databig.akamaihub.stream bigdata.akamaihub.stream unique.fontsupdate.com akamaihub.stream fontsupdate.com # Reference: https://twitter.com/blackorbird/status/1111159128775249920 # Reference: https://www.netscout.com/blog/asert/lucky-elephant-campaign-masquerading account-sign-in-security.ga account-update-com.tk account-updates-team.ga afd-gov-bd.gq baf-mil-bd.tk checkbox.gq cyber-net-pk.cf fwo-com.tk g00gle-com.cf googlemail-com.gq live-com-owa.gq live-com.gq live-com.ml live-service.cf login-live-com.cf login-yah00-com.tk login-yahoo-com.ga mail-account-security-com.cf mail-accounts-verify-com.cf mail-intl-ja-mail-about.gq mail-nepalarmymil-np.gq mail-ntc-net-pk.tk mail-outlook-support-team.tk mail-paf-gov.cf mail-sign-alert-notification.cf mail-update-task.ga mail-update-team.ga mail-updates-systems.ga mail-yahoo-com.tk mail-yahoo-task.tk micorsoft-outlook-update.ml mofa-gov-bh.ml mofa-gov-eg.co mofa-gov-gh.com mofa-gov-kw.info mofa-gov-mm.ml mofa-gov-np.cf mofa-gov-pk.online mofa-gov-pk.org mofa-gov-pk.tk mofagov-np.cf molaw-gov-pk.cf outlook-com.cf outlook-live-com.cf outlook-live-com.ga outlook-live-com.tk outlook-livecom.cf outlooklive-com.ml outlookmail-com.tk paec-gov-pk-taskmail.tk paec-gov-pk.ga paecgov-pk.cf paecweb-gov.gq paecwebmail.gq paf-gov-pk.cf paf-gov-pk.ga paf-gov-pk.tk paknavy-pk.gq pmo-gov-pk.tk pnra-org.gq pof-gov-pk.tk rab-gov-bd.gq sco-gov-pk.tk sharepoint-google.ml slaf-gov-lk.ml super-net-pk.cf super-net-pk.tk test-updates.ga yahoo-com.ga yahoo-mail-com.ml yahoomail-com.cf yahoomail.cf # Reference: https://twitter.com/blackorbird/status/1116263262524362753 unique.fontsupdate.com # Reference: https://otx.alienvault.com/pulse/5cb620d626b619048ca7b344 # Reference: https://ti.360.net/blog/articles/stealjob-new-android-malware-used-by-donot-apt-group-en/ 139.180.135.59:4233 bike.drivethrough.top car.drivethrough.top guide.domainoutlet.site param.drivethrough.top justin.drinkeatgood.space genwar.drivethrough.top alter.drivethrough.top qwe.drivethrough.top digest.drinkeatgood.space jasper.drivethrough.top ground.domainoutlet.site help.domainoutlet.site guild.domainoutlet.site domainoutlet.site drinkeatgood.space drivethrough.top # Reference: https://twitter.com/blackorbird/status/1122493860859432960 data-backup.online # Reference: https://twitter.com/sudosev/status/1123303891062460419 mystrylust.pw new.listenmusic.pw # Reference: https://twitter.com/Timele9527/status/1130673924193128448 servicejobs.life # Reference: https://twitter.com/blackorbird/status/1132951652896350208 rightapps.net/sms//images/files/nbp_request.php # Reference: https://twitter.com/h2jazi/status/1414062099756634113 # Reference: https://twitter.com/h2jazi/status/1414062101384007683 # Reference: https://www.virustotal.com/gui/file/c1923226d58186c7e0735e058be80022a57e7e819e1e41b4c6e03065252be11f/detection rightapps.net/web/images/adobe.pdf # Reference: https://twitter.com/sudosev/status/1143562610492760064 # Reference: https://github.com/faisalusuf/ThreatIntelligence/blob/main/APT%20DONOT%20TEAM/Tracking-DONOT-IOCs.csv new.transportfun.pw strings.guitarshop.space guitarshop.space transportfun.pw # Reference: https://twitter.com/RedDrip7/status/1145539943323717632 151.236.11.222:50240 # Reference: https://twitter.com/RedDrip7/status/1170896437229445120 mangasiso.top # Reference: https://mp.weixin.qq.com/s/pJ-rnzB7VMZ0feM2X0ZrHA ezeescan.com # Reference: https://m.threatbook.cn/detail/1924 # Reference: https://otx.alienvault.com/pulse/5d7f7deb8cdf93013777cbad # Reference: https://www.secrss.com/articles/13726 # Reference: https://otx.alienvault.com/pulse/5d93295e8526be516a05f369 # Reference: https://twitter.com/ArielJT/status/1183064542869381121 bsodsupport.icu en-content.com mscheck.icu msplugin.icu windowserver.site worldupdate.live # Reference: https://twitter.com/RedDrip7/status/1188662662734893056 officeupdater.org # Reference: https://twitter.com/ccxsaber/status/1195175943087616000 stylesheet.xyz # Reference: https://www.ptsecurity.com/ru-ru/research/pt-esc-threat-intelligence/issleduem-aktivnost-kibergruppirovki-donot-team/ (Russian) burningforests.com cloud-storage-service.com skillsnew.top # Reference: https://twitter.com/Rmy_Reserve/status/1206596674920972288 full.newcontest.xyz # Reference: https://twitter.com/ccxsaber/status/1213050724403167238 mimestyle.xyz # Reference: https://twitter.com/Arkbird_SOLG/status/1214146144177197058 comodo.world # Reference: https://twitter.com/Arkbird_SOLG/status/1214146146563698689 # Reference: https://app.any.run/tasks/2907c2bd-a00d-4742-9467-01b8058e734a/ testypoha.top # Reference: https://twitter.com/Timele9527/status/1253165991351119872 supportsession.live # Reference: https://twitter.com/Youngs0xff/status/1254959731338178560 rythemsjoy.club # Reference: https://twitter.com/ShadowChasing1/status/1260881015133753345 spectronet.pw # Reference: https://twitter.com/AnonySecAgency/status/1263046236652728324 mailsession.online # Reference: https://twitter.com/ShadowChasing1/status/1267834418942492672 advancesearch.xyz # Reference: https://twitter.com/Timele9527/status/1271098267590221824 covidpk.uno datasecure.icu filepage.icu meflying.xyz remindme.top yourcontents.xyz # Reference: https://twitter.com/ccxsaber/status/1274978583463649281 dnsresolve.live # Reference: https://twitter.com/ccxsaber/status/1275611268192145408 tampotrust.top # Reference: https://twitter.com/ccxsaber/status/1279958779388297216 securecon.top # Reference: https://twitter.com/ShadowChasing1/status/1287039040038952960 coronotest.xyz filedata.top # Reference: https://twitter.com/ShadowChasing1/status/1289083580514107394 # Reference: https://twitter.com/500mk500/status/1289100860254027776 # Reference: https://www.virustotal.com/gui/file/f5432e3a4184baf3957035ded89916310f3a7f791b3bcf3e2e92c3dba4682d26/detection # Reference: https://www.virustotal.com/gui/file/124f2f71d658fdbeacaf648ec6811589ef01b4154471378839724a79de0edd48/detection sparc.org.in/wp-content/uploads/2020/06/now/rt.rtf http://164.68.108.22 164.68.108.22:4140 164.68.108.22:6102 /cruisers/beacon.php # Reference: https://twitter.com/ShadowChasing1/status/1289198158669443078 apifile.xyz # Reference: https://twitter.com/ShadowChasing1/status/1286504871416360961 filecopying.xyz # Reference: https://threatconnect.com/blog/research-roundup-recent-probable-charming-kitten-infrastructure/ # Reference: https://otx.alienvault.com/pulse/5f2c73733fc6956731644a7d # Reference: https://twitter.com/kyleehmke/status/1290613021992255488 accounts.googel.email app-view-support.club cmailco.xyz cnnnews-app.xyz control-user-activity.club control-view-sharing.club cover-home-page.site email-checker.xyz fatservice.site g-shorturl.com gmail-com.xyz googel.email hinbox-drive.info inbox-drive.info login-gov.info mail-instgram.com mailco.xyz mailerdaemon.me name-file-support.best on-dr.com page-support-view.club preview-control-support.club reload-cover-page.live reload-page-cover.site support-following-page.club support-myservice.com support-viewing-page.club verify-identity-service.best verifychecking.com view-control-page.club view-control-support.club view-external-page.best view-panel-control.club # Reference: https://twitter.com/ShadowChasing1/status/1292286043874455552 # Reference: https://www.virustotal.com/gui/file/addf78fe59b2b0f45c3c448caee35c206ecae5a51a5c0e0f71ef361ea5fae6e0/detection 142.93.12.211:4233 # Reference: https://twitter.com/ShadowChasing1/status/1302882266910253056 checkinternet.icu # Reference: https://twitter.com/ShadowChasing1/status/1304968566114975745 msfonts.live word-dnld.com # Reference: https://s.tencent.com/research/report/951.html # Reference: https://community.riskiq.com/article/6f60db72 # Reference: https://twitter.com/voodoodahl1/status/1267571622732578816 # Reference: https://otx.alienvault.com/pulse/5f74ce39f8419e27addbd726 advancesearch.xyz apkfreeware.xyz appie.host bitiy.info brightnew.xyz bulk.fun carefile.icu covidapp.icu dnsrevanche.xyz domainoutlet.site drivethrough.top fiddaz.club inapfirst.top inapscnd.top inapturst.top lowlilght.xyz mangasiso.top mimestyle.xyz mimeversion.top myappshare.xyz mypersonaldrive.icu n9cl.xyz newbulb.xyz phovonel.icu ppadaolnwod.xyz qwertykeypad.host rythemsjoy.club seahome.top spectronet.pw trakfind.buzz verisign.monster whynotworkonit.top # Reference: https://twitter.com/malwrhunterteam/status/1314236986018988035 # Reference: https://twitter.com/bl4ckh0l3z/status/1314252380867899393 # Reference: https://www.virustotal.com/gui/file/70df22a25cbb8715f1d3dd693123ac92203b3a27dfc6c7fa0e48239cf15cbf02/detection 45.147.229.93:4233 joy-trends.xyz qwertykeypad.host trendsjoy.biz webchat.life # Reference: https://twitter.com/_re_fox/status/1315388450414227467 # Reference: https://twitter.com/RedDrip7/status/1320568526730477571 # Reference: https://www.virustotal.com/gui/file/19321da02763a73eda1cdff7d073f7da18b5f32121fbddcee8eab60ac13d418a/detection # Reference: https://www.virustotal.com/gui/file/c9c2f68074bafb0885c8f3ace3e3188f38471e0710caefa50192ecd05edecac2/detection soundvista.club # Reference: https://blog.talosintelligence.com/2020/10/donot-firestarter.html # Reference: https://otx.alienvault.com/pulse/5f9ad41f97b945d0a6797baa apkv6.endurecif.top bulk.fun fif0.top inapturst.top seahome.top # Reference: https://twitter.com/ShadowChasing1/status/1324694029620006913 # Reference: https://www.virustotal.com/gui/file/ab6c34abe0d42dc0b93213661e24257b504b8d8973f4f5993d64e6631bd1358d/detection createlist.xyz # Reference: https://twitter.com/malwrhunterteam/status/1325782688062693376 # Reference: https://www.virustotal.com/gui/file/449979f1b1a9db98dad92de3f3af7045f0dc470085b9640b77f27675feaeefd8/detection 167.99.190.44:8090 latertime.icu # Reference: https://twitter.com/ShadowChasing1/status/1328980811102654465 # Reference: https://twitter.com/midnight_comms/status/1329043473635307522 # Reference: https://www.virustotal.com/gui/file/8885752384e54f65c7bd94982fadfa016f906960e9a53492a908eda12335f5aa/detection 45.138.172.7:4233 pvtchat.live # Reference: https://twitter.com/cyberwar_15/status/1331490166473519106 hometaxcenter.web.app # Reference: https://twitter.com/malwrhunterteam/status/1336980863272308742 namearch.xyz yourlsd.xyz # Reference: https://twitter.com/ShadowChasing1/status/1336997657865175040 sportfunk.xyz # Reference: https://twitter.com/ShadowChasing1/status/1337256313831604225 instantinfo.buzz # Reference: https://twitter.com/malwrhunterteam/status/1348575001109286913 # Reference: https://twitter.com/bl4ckh0l3z/status/1348575976196866048 # Reference: https://www.virustotal.com/gui/file/f1772de5062571ab63518595a36daf12203bcbc13f530a10ebc382e89220c840/detection 167.99.130.191:8090 transp.link # Reference: https://twitter.com/_re_fox/status/1315467764656726017 # Reference: https://twitter.com/ShadowChasing1/status/1359479141146365952 # Reference: https://www.virustotal.com/gui/ip-address/5.135.199.23/detection # Reference: https://www.virustotal.com/gui/file/18cfe54cf4a92d1757ee471cd09c20b5aea8578b9db660239de5ba8208cc8be8/detection # Reference: https://www.virustotal.com/gui/file/9d216202b7718a9a8b99ead16685790283992c1f41981c1b862762abda17b4cd/detection # Reference: https://www.virustotal.com/gui/file/36b8af9e7eade60304cce874c383c6c68f37ea4fa69fcf36095f993b69c8786f/detection networkspeed.live resolverequest.live # Reference: https://twitter.com/malwrhunterteam/status/1359512197911699457 # Reference: https://twitter.com/bl4ckh0l3z/status/1360157297734004739 # Reference: https://www.virustotal.com/gui/file/c5c50a2a600c6372e8757f9371fe475a7041d448a96f7361c0eda1b9951301d2/detection 135.181.198.146:8099 fatchinfo.xyz mobilelink.buzz # Reference: https://twitter.com/ShadowChasing1/status/1364448144323342338 # Reference: https://twitter.com/ShadowChasing1/status/1368945187230257154 # Reference: https://twitter.com/ShadowChasing1/status/1369944378584690688 # Reference: https://www.virustotal.com/gui/file/dc1bd94c1941dcfa69c5561959cec64c3f5b1c3c0738f66a33c320c0c4217030/detection # Reference: https://www.virustotal.com/gui/file/03730cdc23a3d10c8752ad1464ff2e68a64c69f8310b0ceea4d52b1db0215dfc/detection # Reference: https://www.virustotal.com/gui/file/e82a17c9c0936de0c50267a296b801d1d7073293ad93b444eb63f336ebb46330/detection tplinkupdates.space firm.tplinkupdates.space /8ujdfuyer8d8f7d98jreerje /8ujdfuyer8d8f7d98jreerje.doc /8ujdfuyer8d8f7d98jreerje.dot /bikuyteftgyheujdike11ygeyg /bikuyteftgyheujdike11ygeyg.doc /bikuyteftgyheujdike11ygeyg.dot /ujhsygdhgtsygbuehdthd /ujhsygdhgtsygbuehdthd.doc /ujhsygdhgtsygbuehdthd.dot # Reference: https://twitter.com/ShadowChasing1/status/1364536619353575429 # Reference: https://www.virustotal.com/gui/file/79b6fd53fc676089d691ddbbf54da0855abd23d91c2325555d258eaca2c1dfb6/detection flickry.xyz # Reference: https://twitter.com/ShadowChasing1/status/1365304023775989761 # Reference: https://www.virustotal.com/gui/file/c1aa62da6cbb8656741d88a4c30c9620188b7045d0b0d271065464fdfbcab76f/detection printerupdates.online info.printerupdates.online # Reference: https://twitter.com/ShadowChasing1/status/1366672088241606658 # Reference: https://twitter.com/ShadowChasing1/status/1366688956088131584 requireplugin.xyz worxbox.xyz /AaTCm1uhEJlKxjeAvwltK5pkzRasnhXo /AaTCm1uhEJlKxjeAvwltK5pkzRasnhXo.dat /AaTCm1uhEJlKxjeAvwltK5pkzRasnhXo.doc /AaTCm1uhEJlKxjeAvwltK5pkzRasnhXo.dot # Reference: https://twitter.com/malwrhunterteam/status/1366839536890900482 # Reference: https://twitter.com/bl4ckh0l3z/status/1366866811455684612 # Reference: https://www.virustotal.com/gui/file/80151e5971821b1f0abb13b049efb0eeb9b1626b2f5501fc9ac21918935a6c3e/detection shortler.xyz # Reference: https://twitter.com/malwrhunterteam/status/1370400639155589132 # Reference: https://www.virustotal.com/gui/file/680681423d5007030bd3fe577b88f4c5df6dc423cdaa6aa415ecae01bd83b0d7/detection 178.63.172.2:4233 bismi.club # Reference: https://twitter.com/ShadowChasing1/status/1379048935969316871 paperflies.buzz worldfronts.xyz /h9i341lDMiztxAqrWsaOwHfUkSrAFWuI /h9i341lDMiztxAqrWsaOwHfUkSrAFWuI.dat /h9i341lDMiztxAqrWsaOwHfUkSrAFWuI.doc /h9i341lDMiztxAqrWsaOwHfUkSrAFWuI.dot # Reference: https://twitter.com/ShadowChasing1/status/1380555450433728513 # Reference: https://www.virustotal.com/gui/file/f18aba837e86025dfb9bd3fd2c4bf161f679ff1f3d10e7a480d682178051a9b9/detection instadownload.buzz # Reference: https://twitter.com/ShadowChasing1/status/1384825247061331980 # Reference: https://www.virustotal.com/gui/file/81b4a8f6ff2489e01f6b09126583673d3df922a0bbf7ff2cbcef2bcf6102b951/detection loadingmessage.info # Reference: https://twitter.com/ShadowChasing1/status/1387026581453893635 # Reference: https://www.virustotal.com/gui/file/e82d1f4f2960aef4142c32d7920b97700f2b5957bb4807bfcd59e586e71a33c0/detection nextra.buzz # Reference: https://twitter.com/ShadowChasing1/status/1387309759217365000 # Reference: https://twitter.com/ShadowChasing1/status/1387309762132336647 # Reference: https://www.virustotal.com/gui/file/694d433a729b65993dae758e862077c2d82c92018e8e310e121e1fa051567dba/detection idmquick.xyz wserves.xyz /IvGRnMiDzgderQQteqNjNgKoIYqaLW6C /IvGRnMiDzgderQQteqNjNgKoIYqaLW6C.dat /IvGRnMiDzgderQQteqNjNgKoIYqaLW6C.doc /IvGRnMiDzgderQQteqNjNgKoIYqaLW6C.dot # Reference: https://twitter.com/fuuuing_/status/1387958339569479683 # Reference: https://www.virustotal.com/gui/file/edd590c343570f7576aca83da58967e058585c6ba861682dca2fc987c713ee3a/detection edgevista.live files.edgevista.live /abjhdueuhkuclli78jfkdfj /abjhdueuhkuclli78jfkdfj.dat /abjhdueuhkuclli78jfkdfj.doc /abjhdueuhkuclli78jfkdfj.dot # Reference: https://twitter.com/r3dbU7z/status/1388510523579305988 # Reference: https://twitter.com/r3dbU7z/status/1388937495677743104 # Reference: https://www.virustotal.com/gui/file/08d7ec323925fa1de26d49c0dc414acb8ef3f876fd4b173673895465a27eda46/detection 66.23.225.108:8001 # Reference: https://twitter.com/Circuitous__/status/1390290226090754058 # Reference: https://www.virustotal.com/gui/file/3d63156060c7568b2c3065820f698fdadb6e48910ec82593a61c306c13f5692c/detection venturelabo.co cloud.venturelabo.co # Reference: https://twitter.com/ShadowChasing1/status/1391383866347331590 # Reference: https://www.virustotal.com/gui/file/89d357d9731a046d4ba671e67bf0b4b300302a137a76e1e7ab3675fcd5b922ac/detection icuttly.buzz # Reference: https://twitter.com/ShadowChasing1/status/1393718569507069953 # Reference: https://www.virustotal.com/gui/file/7e8a0f71d52ce23e2ac0bb23795df7bc56d9166eb39f042d75226f01b4203749/detection imageview.xyz # Reference: https://twitter.com/ShadowChasing1/status/1397892294599081988 # Reference: https://www.virustotal.com/gui/file/ea5cff131dda16855a4a6f89e25728ac970ee342df9f496ab616c646f8e7b433/detection webservice.buzz # Reference: https://twitter.com/malwrhunterteam/status/1398672382626304006 # Reference: https://twitter.com/ShadowChasing1/status/1398800211988803586 # Reference: https://www.virustotal.com/gui/file/41322bfef851e2ff973be411fa8cb5360a95b1dbc9004d96c19b62419810d138/detection yoururl.icu # Reference: https://twitter.com/360CoreSec/status/1400726492389146625 # Reference: https://twitter.com/ShadowChasing1/status/1402417052426522626 credmg.xyz frontcheck.buzz getsr.xyz nelog.buzz plugindownload.buzz solutionsroof.xyz /YsiNqNecL9cNFZv144OWCjioAQukPtyy /YsiNqNecL9cNFZv144OWCjioAQukPtyy.dat /YsiNqNecL9cNFZv144OWCjioAQukPtyy.doc /YsiNqNecL9cNFZv144OWCjioAQukPtyy.dot # Reference: https://twitter.com/ShadowChasing1/status/1404610201194360832 # Reference: https://www.virustotal.com/gui/file/a3c020bf50d39a58f5345b671c43d790cba0e2a3f631c5182437976adf970633/detection microsoft-updates.servehttp.com # Reference: http://blog.talosintelligence.com/2022/02/whats-with-shared-vba-code.html # Reference: https://www.virustotal.com/gui/ip-address/46.30.188.222/relations linux-stable.sytes.net microsoft-docs.myftp.org nucleusvision.sytes.net webmail-org.servehttp.com # Reference: https://twitter.com/ShadowChasing1/status/1407636259367899138 # Reference: https://www.virustotal.com/gui/file/0a456bd773d6eb0a479f3bb43fe88e7b781dae310e56dbe001eaa68273e326ee/detection winxpo.live # Reference: https://twitter.com/fuuuing_/status/1409327487985745920 # Reference: https://www.virustotal.com/gui/ip-address/51.195.211.91/relations # Reference: https://www.virustotal.com/gui/file/a59195a5a87b6d6e4275e01a2360003bf55bcc72772e92b07f22e59aaa7b3cad/detection biteupdates.site dataupdates.live /BcX21DKixeXs44skdqqD /BcX21DKixeXs44skdqqD.dat /BcX21DKixeXs44skdqqD.doc /BcX21DKixeXs44skdqqD.dot # Reference: https://twitter.com/ShadowChasing1/status/1410030175362850818 # Reference: https://www.virustotal.com/gui/file/aadaf88e315592aae5c2255ad9acbc175a6b5eec5c69ab0c81099b84e66e04f8/detection nextgent.top # Reference: https://twitter.com/ShadowChasing1/status/1410930643446353924 # Reference: https://www.virustotal.com/gui/file/b7b3a3a9274541246e8a3f330b8a2e594fadf5281652c4490b68f4e5f77e8858/detection domhub.live # Reference: https://twitter.com/c3rb3ru5d3d53c/status/1413500787502706691 # Reference: https://twitter.com/h2jazi/status/1412819829925593089 # Reference: https://www.virustotal.com/gui/file/4678c0e3a563119790dc1f77dee974af8151c833bfbaf1ae86ebc74569fa1f47/detection akamaifast.club submitonline.club request.submitonline.club update.akamaifast.club # Reference: https://twitter.com/blackorbird/status/1416963499658338304 # Reference: https://mp.weixin.qq.com/s/v62AeG6vNcQTm1-zc4nXBQ (Chinese) designerzebra.com realworld.sytes.net # Reference: https://twitter.com/ShadowChasing1/status/1417296126852567049 tinyshort.icu # Reference: https://twitter.com/ShadowChasing1/status/1419299952069464065 # Reference: https://www.virustotal.com/gui/file/a38cce6ee4ab232f259d98818fa1cd06d7784dac21d42fc41eac4ad26f5bd63e/detection # Reference: https://www.virustotal.com/gui/file/3a7e30efd0a283ef764dfa5762fcb1aacca031b18084b49b993ae7b20ec31dd0/detection picarts.xyz # Reference: https://twitter.com/h2jazi/status/1420414156155596804 # Reference: https://www.virustotal.com/gui/file/8cb4ed2d3f3f466f2417b95856ac0eb268a578e6bfd26c615b2a4adc0094ecd2/detection # Reference: https://www.virustotal.com/gui/file/3bbae53fc00449166fd9255b3f3192deba0b81b41b6e173d454c398a857b5094/detection microsoft-patches.servehttp.com # Reference: https://twitter.com/ShadowChasing1/status/1420768191505002501 # Reference: https://www.virustotal.com/gui/file/5948c9539e1f843a350fda27bd97bb9dd1c6427a3f9b45ac95032319f844bb32/detection bitdo.xyz # Reference: https://twitter.com/ShadowChasing1/status/1421481147389812736 # Reference: https://www.virustotal.com/gui/file/75fcff78f5c71315fb54cf244f681e27b3480510042b3dd406b88ca65d6ccce4/detection 88.150.227.96:4233 omegas.site # Reference: https://www.virustotal.com/gui/file/07ebe38795cfe0388975fd1a07c179a5f8abe8539de2ee575c55fb2d38c03e87/detection pvttchat.live # Reference: https://twitter.com/malwrhunterteam/status/1446115320087801862 # Reference: https://www.virustotal.com/gui/file/b184aaf786ed7e9e1fa2fc9fc77a574c8b6d8e3ea431bb5bd76fab5e949731e2 jarshare.live # Reference: https://twitter.com/s1ckb017/status/1461610955587178500 # Reference: https://www.virustotal.com/gui/ip-address/81.17.30.41/relations # Reference: https://www.virustotal.com/gui/file/091cde4c9a8e7dd2bfcb6d1854f724f5ec4e47159ec04b8311f44d30a996e5a3 digitalresolve.live printersolutions.live /ekcvilsrkjiasfjkikiakik # Reference: https://twitter.com/GGGGh0st/status/1461632762721542146 # Reference: https://www.virustotal.com/gui/file/268fa6131f57de67d554cedf7f1abbd7cba1660a30fddfb07ebf3e1b5d650205/detection # Reference: https://www.virustotal.com/gui/file/b0af54f01f4c3157d4ef5ff72a628574ed4f4aa9ada89eff319715765e175765/detection svhservice.xyz wordfile.live # Reference: https://twitter.com/GGGGh0st/status/1439120967612002309 # Reference: https://www.virustotal.com/gui/ip-address/54.38.212.184/relations # Reference: https://www.virustotal.com/gui/file/32dbb7c9afde7e9acd3a13ac97a09ae8cacde69c4a51c38e6ea4a61d301c54eb/detection edgevista.live soundedge.live files.edgevista.live request.edgevista.live request.soundedge.live /access/vicosijoxsdf # Reference: https://twitter.com/HONKONE_K/status/1462653781485576194 # Reference: https://twitter.com/GGGGh0st/status/1463033122665213953 # Reference: https://www.virustotal.com/gui/file/cf0bc5361919e166253c35e4efb3c6288fd5bec4211b4bb31a0a7b4d1fd54de5 getzarvis.xyz /9zxd7eXLBiMT6m4w/U7h25bSTybOFjNe1.php /9zxd7eXLBiMT6m4w/ /U7h25bSTybOFjNe1.php # Reference: https://twitter.com/ShadowChasing1/status/1463498326481932289 /BXRi3EE06i5IES2k/rns63jefark0bRQf.php /BXRi3EE06i5IES2k/ /rns63jefark0bRQfxxc6qM8l5tmR16vi2pTahsP7MWVZAOl8 /rns63jefark0bRQfxxc6qM8l5tmR16vi2pTahsP7MWVZAOl8.rtf /rns63jefark0bRQf.php # Reference: https://www.virustotal.com/gui/file/2db9c7a14de6c58b46f41b9519f56b813baa05d825b09a1c7096101c44670076/detection /goHULMS9jXVytbJi/LUPQwf50wsIPdiei.php /goHULMS9jXVytbJi/ /LUPQwf50wsIPdieiJjMb9nV4g5WlDRTzL00cZ3y7PXsdRdQN /LUPQwf50wsIPdieiJjMb9nV4g5WlDRTzL00cZ3y7PXsdRdQN.rtf /LUPQwf50wsIPdiei.php # Reference: https://twitter.com/h2jazi/status/1463937730036051975 # Reference: https://www.virustotal.com/gui/file/5cff3f8205d5d6991185a1650b9fb1ff31dea5e750be2e62e59e1c96701c47c8 /AuC8S7jmqLYSYHyb/8MSN6hJJJ4tyVbDz.php /AuC8S7jmqLYSYHyb/ /8MSN6hJJJ4tyVbDz.php # Reference: https://www.proofpoint.com/us/blog/threat-insight/injection-new-black-novel-rtf-template-inject-technique-poised-widespread # Reference: https://www.virustotal.com/gui/file/df203b04288af9e0081cd18c7c2daec2bc4686e2e21dcaf415bb70bbd12169a0/detection traveltriangle.cc # Reference: https://twitter.com/HONKONE_K/status/1469175567228760067 # Reference: https://www.virustotal.com/gui/ip-address/146.70.80.105/relations # Reference: https://www.virustotal.com/gui/file/2d55cf612a33672948fdd7ea027fcd5ab065123dda7baefb01fbb1ec80a45aeb/detection stickme.live # Reference: https://twitter.com/BaoshengbinCumt/status/1470661161129766914 # Reference: https://www.virustotal.com/gui/file/bbb8f961bf36d702f7ed494576481c70fd09bda7f6daf9085130482a17e00f45/detection appview.buzz # Reference: https://www.virustotal.com/gui/file/a6b5dac9b67da3c2b96c13f3513ca1463f3d05096bf3a8083efea4eee0e11266/detection app-palace.live # Reference: https://twitter.com/malwrhunterteam/status/1478069767810527235 # Reference: https://twitter.com/bl4ckh0l3z/status/1478365182653042693 # Reference: https://www.virustotal.com/gui/file/e1c24030653d15ee673627bf28f165d1a30be5027b8cd4186ac6bfd9809e8cb8/detection appstringfy.xyz # Reference: https://twitter.com/malwrhunterteam/status/1483433924986650626 # Reference: https://twitter.com/midnight_comms/status/1483511201543995397 # Reference: https://www.virustotal.com/gui/file/e180e607ece9b29674ded20b9948fb512c1f953f58c1124bb0251c35d6771e59/detection trialdocs.xyz # Reference: https://twitter.com/ShadowChasing1/status/1485599591873810434 # Reference: https://www.virustotal.com/gui/file/715ea2906434f021110515606a941d72315b8997384c1fa3e93e176f1e90886c/detection # Reference: https://www.virustotal.com/gui/file/773a4aa92659e30f1ffd89f74968876dc258783f55d4bf5128bd620fa4993f94/detection worldfile.xyz /269LPtq84u4pLqye/jnj3GFBTIGohYrCQ.php /269LPtq84u4pLqye/ /jnj3GFBTIGohYrCQ.php # Reference: https://twitter.com/ShadowChasing1/status/1485599594306469903 easycldshare.xyz files.easycldshare.xyz /jnj3GFBTIGohYrCQHMzQ9gJ3sHXFBrlgU5sHI6scYl86Xm4W /jnj3GFBTIGohYrCQHMzQ9gJ3sHXFBrlgU5sHI6scYl86Xm4W.rtf # Reference: https://twitter.com/malwrhunterteam/status/1489591376840957952 # Reference: https://www.virustotal.com/gui/file/5588f6fab387133c21b06f6248259c64260435898edd61866fad50312c2d3b25/detection pam-beesly.site /J2FWAHfmgH573SUB/CbvktaN6f8qTMJ26/CbvktaN6f8qTMJ26 /J2FWAHfmgH573SUB/tJhhBk8Cb5DLmBBq /CbvktaN6f8qTMJ26 /tJhhBk8Cb5DLmBBq # Reference: https://twitter.com/ShadowChasing1/status/1489732370093654016 # Reference: https://www.virustotal.com/gui/file/49ede2937a565ffe13f1212c8c67a8a7828b4ce7ede51b7753d597ec21855d6e/detection 131.153.22.218:4233 zaqxswcdevfrbgtnhymjukilop.online chat.zaqxswcdevfrbgtnhymjukilop.online # Reference: https://twitter.com/__0XYC__/status/1494639713361268740 # Reference: https://twitter.com/ShadowChasing1/status/1494670929116295176 # Reference: https://twitter.com/GGGGh0st/status/1497057272354451456 # Reference: https://www.virustotal.com/gui/ip-address/158.69.30.207/relations # Reference: https://www.virustotal.com/gui/file/e18609f62b9f420474ac4543d326455a5dfb0e95da7c3e88b388c9244490f150/detection # Reference: https://www.virustotal.com/gui/file/2f9174eff646bc08557b2f05cdc149e87c9b5c83f23c3a7a34db061a81280a2a/detection latestsyn.xyz backup.latestsyn.xyz /smtpmail/mnijuakurjhjajbcakjd /dcneikirki1290534lo /mnijuakurjhjajbcakjd # Reference: https://twitter.com/malwrhunterteam/status/1494602480948236288 # Reference: https://twitter.com/bl4ckh0l3z/status/1494771703209201674 # Reference: https://www.virustotal.com/gui/file/ae3342fca635f2e8ad3e4222b319e742eafb0b74df2a531424350a60806b7232/detection energyr.xyz # Reference: https://twitter.com/ShadowChasing1/status/1496054996177240068 # Reference: https://twitter.com/ShadowChasing1/status/1496055001159983108 # Reference: https://twitter.com/ShadowChasing1/status/1497125739568660481 # Reference: https://twitter.com/ShadowChasing1/status/1497125743125413892 # Reference: https://www.virustotal.com/gui/file/e010ca233178440ae92c7e3bd045fd1d5724ee865748322c3125cd7dc6f96871/detection # Reference: https://www.virustotal.com/gui/file/1deea32da9923887482d6950ffffbb490d92e3dcbe4a39152b92da74285d1277/detection beetelson.xyz tobaccosafe.xyz /NreAZyhcftItfyH6/tDM1PLu22kdd47p9.php /NxbFhYGLXQ1DhZYY/Bt0CmBR6dVoWhbYd.php /NreAZyhcftItfyH6/ /NxbFhYGLXQ1DhZYY/ /Bt0CmBR6dVoWhbYd.php /tDM1PLu22kdd47p9.php /Bt0CmBR6dVoWhbYd0MysWuV5LKOmpypn8E01oi16ES4qOo3d /Bt0CmBR6dVoWhbYd0MysWuV5LKOmpypn8E01oi16ES4qOo3d.rtf /tDM1PLu22kdd47p9KkHr26X5ZHWA0svGK6lctkM1SzxHZk90 /tDM1PLu22kdd47p9KkHr26X5ZHWA0svGK6lctkM1SzxHZk90.rtf # Reference: https://twitter.com/malwrhunterteam/status/1496129802239201289 # Reference: https://www.virustotal.com/gui/file/38f4b6dd84e5e31fc5b84fe8098ee180a64725af8c716a015c8b7a99c7994005/detection # Reference: https://www.virustotal.com/gui/file/a49bb6f6be5b597cd7ac592faa01f857060f3694c1bed69f8c8c0cc029b70069/detection # Reference: https://www.virustotal.com/gui/file/541575054a7c0b48bc364444ed5402426dd934f777f05e8e22fabe302a190e15/detection backuplogs.xyz srvrfontsdrive.xyz font.backuplogs.xyz /jiuTeOjl3XBvhWzc/sERtJRTb9aBbiGe3KmbZpxYParKXhzKqxc1KzKGU6aTAoGcC.ico /jiuTeOjl3XBvhWzc/sERtJRTb9aBbiGe3KmbZpxYParKXhzKqxc1KzKGU6aTAoGcC.mp3 /jiuTeOjl3XBvhWzc/ /sERtJRTb9aBbiGe3KmbZpxYParKXhzKqxc1KzKGU6aTAoGcC.ico /sERtJRTb9aBbiGe3KmbZpxYParKXhzKqxc1KzKGU6aTAoGcC.mp3 # Reference: https://twitter.com/s1ckb017/status/1499688182794829827 # Reference: https://www.virustotal.com/gui/file/16f7cf28fdb412147a818ba21f70200c7230432a8b929d208e06b93590ee961a/detection # Reference: https://www.virustotal.com/gui/file/69d3b199547198bbbc397a0980274df00c1eda6b631a19552324ec37ccb36718/detection computerupdates.digital # Reference: https://twitter.com/ShadowChasing1/status/1504412533989396481 # Reference: https://www.virustotal.com/gui/file/2d6ced810b45358b89ee180f69697569723f54d28872e4d4451766407295d59b/detection deathstroke.xyz /WRLm4mYD0p6iWCta/CoETln2BYtPHtY9W.php /WRLm4mYD0p6iWCta/ /CoETln2BYtPHtY9W.php # Reference: https://lists.emergingthreats.net/pipermail/emerging-sigs/2022-January/030557.html oceansurvey.club printerjobs.xyz seasonsbackup.xyz # Reference: https://twitter.com/GGGGh0st/status/1514516619699306501 # Reference: https://www.virustotal.com/gui/file/a9c7c187202e8b08c00a73f95c15735b2571a962e3c76d1f43e07ef07e994c36/detection request.resolverequest.live # Reference: https://twitter.com/_re_fox/status/1517173649568149504 # Reference: https://www.virustotal.com/gui/file/5b6c10c35cab002750ba16aa8eba4f46d8e7267ae7c40c9e610add6da01ba3fd/detection hibiscus.live records.hibiscus.live /NDnD7RdekyhSrhPE/KOighzucGWiCq6hR.php /NDnD7RdekyhSrhPE/ /KOighzucGWiCq6hR.php # Reference: https://twitter.com/ShadowChasing1/status/1517445025788956673 # Reference: https://twitter.com/ShadowChasing1/status/1517445027923824640 # Reference: https://twitter.com/ShadowChasing1/status/1588151726338494464 # Reference: https://www.virustotal.com/gui/file/8eb9e93adb4e5e6bf5fac0d0b9de5897aa7274ef451b84854a0da38db61a502a/detection # Reference: https://www.virustotal.com/gui/file/75f028ddcc894b2105365d17b228292c9fbfea1e14fcf87f3cc0d940ba628001/detection worldbook65.xyz wrldfronts.xyz /SLsLNcQ54gVvWOAV/9Qmq09QX0CYns496.php /SLsLNcQ54gVvWOAV/ /9Qmq09QX0CYns496.php /SLsLNcQ54gVvWOAV/9Qmq09QX0CYns496Y8xnO41X7QOnMxNTj0Ng2KahqH9ua6Cc /9Qmq09QX0CYns496Y8xnO41X7QOnMxNTj0Ng2KahqH9ua6Cc /9Qmq09QX0CYns496Y8xnO41X7QOnMxNTj0Ng2KahqH9ua6Cc.rtf /WuipHdzLYzJsn2y5/M19bb5xJs6rAFBij.php /WuipHdzLYzJsn2y5/ /M19bb5xJs6rAFBij.php # Reference: https://twitter.com/ShadowChasing1/status/1522217116937596929 # Reference: https://www.virustotal.com/gui/file/635ad590116dc390141f58b4dded72d9d6d51d83c10cb60ca6e0d7e00b1ef4d4/detection 23.83.133.141:4233 uniqueupdatesfrtetheupdateing.live # Reference: https://twitter.com/__0XYC__/status/1522183055703687171 # Reference: https://twitter.com/h2jazi/status/1522233728306712576 # Reference: https://twitter.com/_re_fox/status/1526997863611486210 # Reference: https://www.virustotal.com/gui/file/e793f991f7efc2dc49a1e43165bd64a01e0ce35f0f529171f7fefff3cf994f54/detection # Reference: https://www.virustotal.com/gui/file/15e2a10772575e77d1041394191a4db7a665da96889346da0d2e7b6a3aa455b3/detection # Reference: https://www.virustotal.com/gui/file/e793f991f7efc2dc49a1e43165bd64a01e0ce35f0f529171f7fefff3cf994f54/detection bookservices.xyz hplservices.xyz log.bookservices.xyz pre.hplservices.xyz /Ods9Z6420zj7Y9H3/OsVoOaari3CP2x4i.php /Ods9Z6420zj7Y9H3/ /OsVoOaari3CP2x4i.php # Reference: https://twitter.com/ShadowChasing1/status/1522454663735382016 # Reference: https://www.virustotal.com/gui/file/7952c02ea6c90e29370ee0e80b754156a2e5b1f473b2a469fdde3426a20e9356/detection kokoo.live /D7yrtjdcjjd3jjw2jdj7vvNsso0oR/5trT0o0oOO0retnRKKLmM /D7yrtjdcjjd3jjw2jdj7vvNsso0oR/ /5trT0o0oOO0retnRKKLmM # Reference: https://twitter.com/ShadowChasing1/status/1526783834410598400 # Reference: https://twitter.com/ShadowChasing1/status/1526783836507754496 # Reference: https://www.virustotal.com/gui/file/3342d74ec2b0c7324d6cc94a6e9989f002ec02b43927fe6b0951e160829843be/detection intector.xyz suppservices.xyz esr.suppservices.xyz wrd.intector.xyz /39Hq4vSPhlIwdUP9/naLhrcrCK8cV8Imf.php /39Hq4vSPhlIwdUP9/ /naLhrcrCK8cV8Imf.php # Reference: https://twitter.com/ShadowChasing1/status/1532619301437734912 # Reference: https://twitter.com/__0XYC__/status/1532618235647885312 # Reference: https://www.virustotal.com/gui/ip-address/64.190.113.91/relations # Reference: https://www.virustotal.com/gui/file/e55fd48dcfc37f5f810b4d16c1b6498ba5501c9beb80fe0a475badad9834e525/detection househomess.xyz # Reference: https://twitter.com/Jirehlov/status/1535110745649983488 # Reference: https://www.virustotal.com/gui/file/28a0f79c1c18a9cf6beb8d93ac9cb523ee83c92aeb2bc83e69e87a1d6e3df748/detection http://42.192.53.5 42.192.53.5:443 # Reference: https://twitter.com/RedDrip7/status/1539556990183100416 # Reference: https://www.virustotal.com/gui/file/ba60ae1347a7e4f385177fc92aaa21eef0682ed52b6359c4be58036e5d74c291/detection # Reference: https://www.virustotal.com/gui/file/486f772d81a3b90ba76617fd5f49d9ca99dac1051a9918222cfa25117888a1d5/detection feedpolicy.xyz logupdates.xyz mak.logupdates.xyz rus.feedpolicy.xyz /DWqYVVzQLc0xrqvt/HG5HlDPqsnr3HBwO.php /gDAr2QJr4cw1BSZe/GigPXrnLQs173vv9.php /DWqYVVzQLc0xrqvt/ /gDAr2QJr4cw1BSZe/ /GigPXrnLQs173vv9.php /HG5HlDPqsnr3HBwO.php # Reference: https://twitter.com/malwrhunterteam/status/1540335442922446848 # Reference: https://twitter.com/midnight_comms/status/1540339283751346176 # Reference: https://www.virustotal.com/gui/file/80b4141c007a5b9ea87388bb29744d7473572784819423e5d77b9dce8370fe88/detection flashnotederby.xyz gamz.flashnotederby.xyz /xoboleyncs # Reference: https://twitter.com/h2jazi/status/1540402245866377216 # Reference: https://www.virustotal.com/gui/file/58856004b837e45898e3621439ce69dc6f562c4f4c72867a66faad030a4c237a/detection rebutuoy.xyz # Reference: https://twitter.com/ShadowChasing1/status/1541354249246089216 # Reference: https://www.virustotal.com/gui/file/41c221c4f14a5f93039de577d0a76e918c915862986a8b9870df1c679469895c/detection worksolution.buzz who.worksolution.buzz /pq7uzPUMBBQpn8ub/HZNnKZmaMsQMFGX3YtjSkvyumPAsnckh5SZGE7nlj7WSghAI.rtf /pq7uzPUMBBQpn8ub/HZNnKZmaMsQMFGX3YtjSkvyumPAsnckh5SZGE7nlj7WSghAI /pq7uzPUMBBQpn8ub/HZNnKZmaMsQMFGX3.php /pq7uzPUMBBQpn8ub/ /HZNnKZmaMsQMFGX3YtjSkvyumPAsnckh5SZGE7nlj7WSghAI /HZNnKZmaMsQMFGX3YtjSkvyumPAsnckh5SZGE7nlj7WSghAI.rtf /HZNnKZmaMsQMFGX3.php # Reference: https://twitter.com/GGGGh0st/status/1541972277260320768 # Reference: https://www.virustotal.com/gui/file/afb19eb6db9bb2f6a3485621436651698b5f163aefc01ca0591758a1c27e17cd/detection # Reference: https://www.virustotal.com/gui/file/35caef919f8b86cab5aa4793154866096bdd724030292ba7cfcf652d03e2feaa/detection fitnesscheck.xyz /KmOHnVfM2ezSTrwA/cHm4se5gLU8sN0Bx.php /llbtvrDnl44nc6in/EZ8nVMIXNjBPh9Tx.php /KmOHnVfM2ezSTrwA/ /llbtvrDnl44nc6in/ /cHm4se5gLU8sN0Bx.php /EZ8nVMIXNjBPh9Tx.php # Reference: https://twitter.com/__0XYC__/status/1544210021780684801 # Reference: https://www.virustotal.com/gui/file/0c3babbf3794ba2410ab24ac799e487be210b8b0269efb542c01c9cc0538c08f/detection # Reference: https://www.virustotal.com/gui/file/d63a030ff50d7d5fce5ef504721c39384b7714badf1129c16667ce789a23c3ca/detection captainamericass.top eatsleepgymrepeat.top /evE2zElho4y7AzAF/NxqYCGYBF580YjQX.php /evE2zElho4y7AzAF/ /NxqYCGYBF580YjQX.php # Reference: https://twitter.com/Des00464472/status/1552853622907895813 # Reference: https://twitter.com/ShadowChasing1/status/1552940431541170176 # Reference: https://twitter.com/ShadowChasing1/status/1552940433734762497 # Reference: https://www.virustotal.com/gui/file/44c9470ff220f615ccada6d872fbd6709b223659a6865de393731ccfe006a9ab/detection doctorstrange.buzz germsandwaterbro.buzz /eEDHEY0NniPFL5sV/xocCILTXZGptLQvk.php /eEDHEY0NniPFL5sV/ /xocCILTXZGptLQvk.php # Reference: https://twitter.com/Des00464472/status/1551405914640359425 calvya.xyz # Reference: https://twitter.com/Des00464472/status/1547091840960430080 # Reference: https://www.virustotal.com/gui/file/564998443151c9bed9500d9cced9b97d6d9c22fe3b73bb23ee22d7e4cb857276/detection http://168.100.8.124 # Reference: https://twitter.com/Des00464472/status/1528614842365779968 dermlogged.xyz searchindexservices.xyz inf.searchindexservices.xyz ser.dermlogged.xyz # Reference: https://twitter.com/StopMalvertisin/status/1554010985610227712 # Reference: https://www.virustotal.com/gui/file/28c71461ac5cf56d4dd63ed4a6bc185a54f28b2ea677eee5251a5cdad07077b8/detection worldpro.buzz /TJlykfjzaxWYwUZB/TX2lAKnMf4BvVgeY.php /TJlykfjzaxWYwUZB/ /TX2lAKnMf4BvVgeY.php # Reference: https://twitter.com/malwrhunterteam/status/1554562169861193728 # Reference: https://twitter.com/ni_fi_70/status/1554778318611808256 # Reference: https://www.virustotal.com/gui/file/6119d2bfb7549fa7d2c1e90ffc5236c60e15e0d8372f1f497a84f64cd0680d44/detection sap2010-b6458.firebaseio.com # Reference: https://blog.morphisec.com/apt-c-35-new-windows-framework-revealed # Reference: https://otx.alienvault.com/pulse/62f648b31fe2879c2b77729a clipboardgames.xyz globalseasurfer.xyz kotlinn.xyz # Reference: https://twitter.com/StopMalvertisin/status/1558480933397082116 # Reference: https://www.virustotal.com/gui/ip-address/64.52.80.45/relations # Reference: https://www.virustotal.com/gui/file/394c97cc9d567e556a357f129aea03f737cbd2a1761df32146ef69d93afc73dc/detection # Reference: https://www.virustotal.com/gui/file/87b03fe7a29a2619d59c32aaa01a8901202476c414cdd9455bab0ad69090ba6f/detection worldoptions.buzz worldoptions.top /agE7nqQLgssuVeUY/OGHAYZZFhfCtspqo.php /agE7nqQLgssuVeUY/ /OGHAYZZFhfCtspqo.php # Reference: https://twitter.com/Des00464472/status/1557209806603436034 rauflaker.xyz # Reference: https://twitter.com/Des00464472/status/1564862170117967872 rrak.buzz # Reference: https://twitter.com/Des00464472/status/1565281948099940352 knocktock.buzz # Reference: https://twitter.com/StopMalvertisin/status/1565927395185799170 # Reference: https://www.virustotal.com/gui/file/1d60f3000a74ce2fb8f43058e08d3b28a6305b10b0e5e6b7e0e92e0ce58b46e7/detection wordclips.buzz /uE2rDaf9CdHcauDS/4oXCFBqnnxeb7vIM.php /uE2rDaf9CdHcauDS/ /4oXCFBqnnxeb7vIM.php # Reference: https://twitter.com/StopMalvertisin/status/1570385341282131969 # Reference: https://www.virustotal.com/gui/file/d954ea1d832d4ac5e14c284b4ca6370905d9bb262d71945acef44d2b41a65903/detection worldexplore.buzz worldexplore.top /uzyTXv2dwjvQxr2L/Ycc5LdyVlzE4fGyf.php /uzyTXv2dwjvQxr2L/ /Ycc5LdyVlzE4fGyf.php # Reference: https://twitter.com/Des00464472/status/1570393972572561409 # Reference: https://www.virustotal.com/gui/ip-address/45.61.136.199/relations ydizz.buzz # Reference: https://twitter.com/ShadowChasing1/status/1572533006237331456 # Reference: https://www.virustotal.com/gui/file/06870463d9a00b05839e7e8de379702aefccc47cf48b0b511c76da2cb8c13e50/detection # Reference: https://www.virustotal.com/gui/file/d0cfc50cb1c85baec1f9bb66f0b0134606b160df99b523e9618489c99bc10ddd/detection spacequery.live furnish.spacequery.live # Reference: https://twitter.com/Des00464472/status/1572870417362329600 # Reference: https://www.virustotal.com/gui/ip-address/99.83.154.118/relations printerjobs.xyz share.printerjobs.xyz # Reference: https://twitter.com/h2jazi/status/1576760151276605441 # Reference: https://twitter.com/h2jazi/status/1576760154120683520 # Reference: https://www.virustotal.com/gui/file/99ce3db108f0b980f34f3ca870261bebd0b5e8c8a7c6c79ee620f3cfb2fc1f93/detection # Reference: https://www.virustotal.com/gui/file/c465328dad8f8b306dec10b51498b3ba3add7d1e9c824982079d0b2420f3b67d/detection # Reference: https://www.virustotal.com/gui/file/ae8744592d681132bf1046f95b2279aa14f3deaf6fe9d7a6d2a2d7dfc40ac441/detection 185.224.83.16:443 # Reference: https://twitter.com/ShadowChasing1/status/1576970209327738880 # Reference: https://www.virustotal.com/gui/file/ea530601309c29a8667682c553888e0511512b88791d53611c75c61bfaf8f515/detection ovonel.buzz /oPe/moa.php # Reference: https://www.virustotal.com/gui/ip-address/188.34.181.5/relations # Reference: https://www.virustotal.com/gui/file/d4d86fc91e4fec9b1d9de30aa22a70cdc3509726bffeee61d526fdfc243081b5/detection # Reference: https://www.virustotal.com/gui/file/f117e1de177a48dd71de29e9e4b26dda992d07d7d1e575476fd4f36b3cca19f2/detection srtreg.xyz # Reference: https://twitter.com/Des00464472/status/1577983311418376192 # Reference: https://www.virustotal.com/gui/ip-address/64.52.80.88/relations breatleytaker.buzz playst0re.buzz # Reference: https://www.virustotal.com/gui/ip-address/162.33.179.239/relations # Reference: https://www.virustotal.com/gui/file/db40d8d531d7ed88c85a9aab488ef86123a80aa0e0ca9779db9ab8867481c141/detection # Reference: https://www.virustotal.com/gui/file/d8286133d3d21b7e2b83a6c071147b8ef993e963ad6bdb0f95d665869557a444/detection stokpro.buzz cim.stokpro.buzz dim.stokpro.buzz rim.stokpro.buzz # Reference: https://twitter.com/StopMalvertisin/status/1580107310583554048 # Reference: https://www.virustotal.com/gui/file/cfe8644653bbe7f359cc99594073c93c01417a60fb9774f59998ebc1be344399/detection zxaveirprox.buzz /5z2HIQ6wFLTjw7cd/PwsrXs6OCDDelyq8.php /5z2HIQ6wFLTjw7cd/ /PwsrXs6OCDDelyq8.php # Reference: https://twitter.com/Des00464472/status/1580439923932680192 petsale.shop favourite.petsale.shop # Reference: https://twitter.com/Des00464472/status/1584471980300197888 # Reference: https://www.virustotal.com/gui/ip-address/64.52.80.107/relations homeparty.buzz # Reference: https://twitter.com/t3ft3lb/status/1589559824240369664 # Reference: https://www.virustotal.com/gui/ip-address/193.149.129.192/relations # Reference: https://www.virustotal.com/gui/file/26cdb167e972ffd83173f5937bf66cf4685220fd87f0de642d3418fb0e550c1e/detection getupdates.buzz /C9K7T9KFqQlKcrOz/dN2x6b0jOq51N61l.php /C9K7T9KFqQlKcrOz/ /dN2x6b0jOq51N61l.php # Reference: https://twitter.com/t3ft3lb/status/1591770561558052864 # Reference: https://www.virustotal.com/gui/ip-address/45.61.136.68/relations # Reference: https://www.virustotal.com/gui/file/47d85be42bfbcaa9f04381788ecd6c3ac25cd8036fed185887b2629b90384101/detection encureyou.buzz /QuINNYN6nvc9ZFW6/A04ih06yN8255rXL.php /QuINNYN6nvc9ZFW6/ /A04ih06yN8255rXL.php # Reference: https://twitter.com/Des00464472/status/1593132541472837638 firelive.pics blogs.firelive.pics # Reference: https://twitter.com/Timele9527/status/1597955256423309312 # Reference: https://www.virustotal.com/gui/file/ab5cc990a6f4a196daa73bf655286900e7c669b2a37c32f92cbb54631bc3a565/detection # Reference: https://www.virustotal.com/gui/file/56e60b355d08abe961ea28977472ae50aca3628e96b5f9f558737b884484f070/detection grapehister.buzz localsurfer.buzz one.localsurfer.buzz # Reference: https://twitter.com/Des00464472/status/1598189851605864448 # Reference: https://www.virustotal.com/gui/ip-address/193.149.180.71/relations mygtaeper.buzz # Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2022-11-30-v10185/185 orangeholister.buzz # Reference: https://twitter.com/Des00464472/status/1600685448002928642 # Reference: https://www.virustotal.com/gui/ip-address/64.190.113.97/relations # Reference: https://www.virustotal.com/gui/file/8d4bd6c0c79aaa392f80e58b2b5448abf3d890f23cdeea024ee30fd0d840fa1e/detection bloggerboy.buzz # Reference: https://twitter.com/StopMalvertisin/status/1600717489507225600 /DoPstRgh512nexcvv.php /kolexretriya78ertdcxmega895200.php # Reference: https://twitter.com/malwrhunterteam/status/1601699458739503104 # Reference: https://twitter.com/midnight_comms/status/1601988066813435904 # Reference: https://www.virustotal.com/gui/ip-address/193.149.176.48/relations # Reference: https://www.virustotal.com/gui/ip-address/95.217.22.3/relations # Reference: https://www.virustotal.com/gui/file/44f4662c4a5c5660c00e410f30eecb3a4d49e41d1ce30c13df2a487d82f679ab/detection brilient.buzz playstoree.xyz presencee.buzz /mokwerdcti # Reference: https://twitter.com/t3ft3lb/status/1605950531171717121 # Reference: https://www.virustotal.com/gui/file/d17f86c4d6fdfda38d50ecfac53cda41457488a34b5909b5e08aa76ca0901321/detection orangevisitorss.buzz ydnmovers.buzz sky.ydnmovers.buzz /QcM8y7FsH12BUbxY/ /XNJxFhZdMSJzq1tRyF47ZXLIdqNGRqiHQQHL6DJIjl2IoxUA.ico /XNJxFhZdMSJzq1tRyF47ZXLIdqNGRqiHQQHL6DJIjl2IoxUA.png /XNJxFhZdMSJzq1tRyF47ZXLIdqNGRqiHQQHL6DJIjl2IoxUA.mp3 /XNJxFhZdMSJzq1tRyF47ZXLIdqNGRqiHQQHL6DJIjl2IoxUA.mp4 # Reference: https://twitter.com/JVPv5sIM3eFmGyi/status/1606118049626693634 # Reference: https://www.virustotal.com/gui/file/f27531bf7c2848414d40191283616d1f24048288791f517d5ef229a50e64b349/detection # Reference: https://www.virustotal.com/gui/file/7e48e5fcb92f834ce338fb4a78387559341ca380f1c84b671481ac07b723af19/detection windowslive.pics products.windowslive.pics # Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2023-01-05-v10212/248 biteupdates.live lovingallupdates.life packetbite.live # Reference: https://twitter.com/malwrhunterteam/status/1614251113204563969 # Reference: https://www.virustotal.com/gui/file/dd3dd724a250b6b4837138527ccc436d00d9a53d698b714d976a26ebb59b3816/detection # Reference: https://www.virustotal.com/gui/file/d819abb9d317868f977bc17a36ee60fcb361d98616ce4df2a2d62d7490869920/detection # Reference: https://www.virustotal.com/gui/file/7d6bfb34b4ad591ab38ee72884edc284812a99c4d184fea150b5835644fde2c4/detection # Reference: https://www.virustotal.com/gui/file/2829d134d8ab58e48faa6ccf9ffbb630919a1784cb07ffd569a621cc8668ecbd/detection updatemyweb.pics # Reference: https://twitter.com/ThreatBookLabs/status/1615238584050814976 revivespecialist.buzz screenreader.buzz # Reference: https://twitter.com/t3ft3lb/status/1617807142635077633 # Reference: https://www.virustotal.com/gui/ip-address/162.33.178.22/detection # Reference: https://www.virustotal.com/gui/file/83fe4fb0c944aa210ab2af579155ccee4612c6ca09117babbf1f50fadaed2467/detection morphylogz.buzz # Reference: https://twitter.com/jaydinbas/status/1617853748063383552 # Reference: https://www.virustotal.com/gui/file/18e4a499e11b3fe1691b627aebb330fcafc656d9b9505178f832697cda5f1eae/detection flashmoblive.live # Reference: https://twitter.com/t3ft3lb/status/1618208417285562370 # Reference: https://www.virustotal.com/gui/file/468df06adb851ed1e59363ca163d279089928b4d200bf7bd333eeb45b07a83b1/detection # Reference: https://www.virustotal.com/gui/file/5fa15fb15a66487b8365386701c9a6ff76685f012edf5d00de75837847555800/detection itygreyhound.buzz # Reference: https://www.welivesecurity.com/2022/01/18/donot-go-do-not-respawn/ # Reference: https://otx.alienvault.com/pulse/63d2fbc0d659d53d46c07fee manage.biteupdates.site # Reference: https://twitter.com/ThreatBookLabs/status/1621386410698870784 # Reference: https://www.virustotal.com/gui/ip-address/193.149.189.223/relations # Reference: https://www.virustotal.com/gui/ip-address/45.61.136.63/relations lifewear.buzz magazinesizzler.buzz orpit.buzz # Reference: https://twitter.com/StopMalvertisin/status/1624033048940642310 # Reference: https://www.virustotal.com/gui/file/84ff3cc715c4e408ddd71f15319a3034d70b7dd7c317e516ab2561618a42f609/detection libutires.info records.libutires.info /loproiaoroaspdrjro/reoriaweoprdpoi /loproiaoroaspdrjro/ /reoriaweoprdpoi # Reference: https://twitter.com/jaydinbas/status/1625133287361355776 # Reference: https://www.virustotal.com/gui/ip-address/193.149.185.134/relations # Reference: https://www.virustotal.com/gui/file/a7083fe0bb8ae9a951b49443dba55184a91e4a9b4333dd860c805ed6807997af/detection crezdlack.buzz # Reference: https://twitter.com/osipov_ar/status/1625535551045615627 # Reference: https://www.virustotal.com/gui/ip-address/45.61.136.52/relations # Reference: https://www.virustotal.com/gui/file/e3cb6720510d0b4df4104fbe36ca7e01cab6915cc546f630d715c847f0fdfea2/detection mayosasa.buzz servicemakerss.xyz surfacecleaninst.buzz # Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2023-02-14-v10243/313 libraryutilitis.live tasterschoice.shop tourseasons.xyz best.tasterschoice.shop blogs.libraryutilitis.live blogs.tourseasons.xyz # Reference: https://twitter.com/ThreatBookLabs/status/1627669622337204225 # Reference: https://twitter.com/DmitriyMelikov/status/1708771323340603431 # Reference: https://twitter.com/t3ft3lb/status/1718982477140951312 # Reference: https://www.virustotal.com/gui/ip-address/37.120.222.145/relations # Reference: https://www.virustotal.com/gui/file/9b808789a88144a32f8fd036138403a7235c834f3b3bf5ebbcd22ac4610d32cf/detection # Reference: https://www.virustotal.com/gui/file/40e43aac9888c433d796e106c03846f48a1422d0950f27e0a2b793261e9f9e08/detection idealxyz.live mindef.live records.mindef.live /bjhruhukuru/rkuahruhueike /bjhruhukuru /oiporoioqk/lporurkiqjffqe /oiporoioqk /lporurkiqjffqe /rjllk43kkl/k3kjl3kddlj8j /rjllk43kkl /rkuahruhueike /k3kjl3kddlj8j /sk72d61kk0daj6gkfd32/bioproaporoidorer /bioproaporoidorer /sk72d61kk0daj6gkfd32 # Reference: https://twitter.com/t3ft3lb/status/1628076214308032514 # Reference: https://www.virustotal.com/gui/file/3849a295e808290bf709b6531c8585211ad926c88c088c6db0184bc425b88dd5/detection winterhero.buzz # Reference: https://twitter.com/ThreatBookLabs/status/1628398506682748930 sparklingbreath.buzz toxiclock.buzz visited.buzz # Reference: https://twitter.com/SethKingHi/status/1629106884069425154 # Reference: https://twitter.com/t3ft3lb/status/1651951113732771873 # Reference: https://www.virustotal.com/gui/file/73ce6803c13786e02d3bdbaad610a67a0092f6e24186b681a081ffb52faba712/detection # Reference: https://www.virustotal.com/gui/file/6a9711aa1dfc99046ff0008f8fcfb0794a457b8ec744d77f62525ca0f73cc136/detection winidowtech.info forum.winidowtech.info /iouoiuqwoeryuru/bnmrerqwrasdre /jilmvldfhqohcqhog/ntbahoghbhcghqo /jkdegqgegcqegog/hfogrcgegdhpgdgeq /poporioiepro/wsauyriyurerier /iouoiuqwoeryuru/ /jilmvldfhqohcqhog/ /jkdegqgegcqegog/ /poporioiepro/ /bnmrerqwrasdre /hfogrcgegdhpgdgeq /ntbahoghbhcghqo /wsauyriyurerier # Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2023-02-28-v10255/336 briefdeal.buzz # Reference: https://twitter.com/ThreatBookLabs/status/1630933168328167428 # Reference: https://www.virustotal.com/gui/file/b5d8736bec449e3463ad6f0460782453ed69bb81a1b4a78847815b4fb64bfe94/detection crushter.info madefrindly.info /m4k1doWVqrvvbjsc/ /AOg9AQ2SVeHsiL61tkS53q02NnMToZuOb8s5yUe8jEcBxAs0.ico /AOg9AQ2SVeHsiL61tkS53q02NnMToZuOb8s5yUe8jEcBxAs0.mp3 /AOg9AQ2SVeHsiL61tkS53q02NnMToZuOb8s5yUe8jEcBxAs0.mp4 /AOg9AQ2SVeHsiL61tkS53q02NnMToZuOb8s5yUe8jEcBxAs0.png /Testoresisty/kolimekatares # Reference: https://twitter.com/StopMalvertisin/status/1631222638541692928 # Reference: https://www.virustotal.com/gui/file/9f7324518de5725a6b162954d355291fc3775c17c8d96d8f570b7ebdffabf5d3/detection goldliney.buzz monitoriing.buzz /3fHYKahOXhkVV3Uj/dqyWpAfXBcyQkTkzoamk25hn3cbTbeuhImfJO08uTOFCkhIa.ico /3fHYKahOXhkVV3Uj/dqyWpAfXBcyQkTkzoamk25hn3cbTbeuhImfJO08uTOFCkhIa.mp3 /3fHYKahOXhkVV3Uj/dqyWpAfXBcyQkTkzoamk25hn3cbTbeuhImfJO08uTOFCkhIa.mp4 /3fHYKahOXhkVV3Uj/dqyWpAfXBcyQkTkzoamk25hn3cbTbeuhImfJO08uTOFCkhIa.png /Lomiapekaso/texadikkomanapel # Reference: https://twitter.com/t3ft3lb/status/1631626934810562561 # Reference: https://www.virustotal.com/gui/file/6863edff3663f155dd208b967e18666d87b21708fd7d947fd142ffa969283157/detection # Reference: https://www.virustotal.com/gui/file/a0db0e478d82a418d352234ded604c1ba8f1472cc3832c830012a8829766ebcc/detection seasurfer.buzz m.seasurfer.buzz /33lhGEeiVe57s8gY/ /GMOdLGq3cD2dyrjb/ /kW4WcheFTdyHEmRBaSsEiGNHdZebaBJUZlvzfk0EMf6JCRQV.ico /kW4WcheFTdyHEmRBaSsEiGNHdZebaBJUZlvzfk0EMf6JCRQV.mp3 /kW4WcheFTdyHEmRBaSsEiGNHdZebaBJUZlvzfk0EMf6JCRQV.mp4 /kW4WcheFTdyHEmRBaSsEiGNHdZebaBJUZlvzfk0EMf6JCRQV.png /nmEVLghL0B5dMtBiZMAgeIVniuP4bVFETWfsZqQ2jZ1bMJYd.ico /nmEVLghL0B5dMtBiZMAgeIVniuP4bVFETWfsZqQ2jZ1bMJYd.mp3 /nmEVLghL0B5dMtBiZMAgeIVniuP4bVFETWfsZqQ2jZ1bMJYd.mp4 /nmEVLghL0B5dMtBiZMAgeIVniuP4bVFETWfsZqQ2jZ1bMJYd.png # Reference: https://twitter.com/ThreatBookLabs/status/1633749503856758785 # Reference: https://www.virustotal.com/gui/ip-address/45.61.137.233/relations mfglogged.buzz # Reference: https://twitter.com/ThreatBookLabs/status/1636305553189396482 # Reference: https://www.virustotal.com/gui/ip-address/64.190.113.227/relations spotingcheck.buzz # Reference: https://twitter.com/RedDrip7/status/1636693076650647554 # Reference: https://www.virustotal.com/gui/file/e26cd08114a3e47a35f60dde2e236997c23d8017b68f0d315e9e490c8cd69164/detection roosterguy.online /bioproaporoidorer /rajkrjkekjdlrkjlrfa # Reference: https://twitter.com/ThreatBookLabs/status/1638372054776041472 # Reference: https://www.virustotal.com/gui/ip-address/193.149.176.5/relations taskcheap.buzz # Reference: https://twitter.com/StopMalvertisin/status/1638804488638332928 # Reference: https://www.virustotal.com/gui/ip-address/64.52.80.49/detection # Reference: https://www.virustotal.com/gui/file/9b2327e87c2c4c60943c7ee61ee97ef12a0383ea42a4cb740f21bd88718a4dac/detection feedlack.buzz /Romexicarto/terokanama # Reference: https://ti.qianxin.com/blog/articles/Heavy-Shadows:-Summary-of-Recent-Attack-Techniques-Used-by-Donot-Group-EN/ # Reference: https://otx.alienvault.com/pulse/642319f5f57d7b39508d3ff4 balancelogs.buzz repidyard.buzz salcomp.buzz # Reference: https://twitter.com/ThreatBookLabs/status/1643083621753053184 # Reference: https://www.virustotal.com/gui/file/a37f37a467a691fbcb9b77170d4815a0daa868b90c4dba0f6ca38ff894ce9935/detection # Reference: https://www.virustotal.com/gui/file/fc18f6cfdd40ecff669a0f620188d59c9d8d3c69bcdbc795975bd0f491ff7ac1/detection retroservices.buzz blue.retroservices.buzz /Kolpt523ytcserstrew/torel /Kolpt523ytcserstrew/ # Reference: https://twitter.com/ThreatBookLabs/status/1643623912654209027 # Reference: https://www.virustotal.com/gui/ip-address/45.61.136.164/relations elegenthook.buzz # Reference: https://twitter.com/josh_penny/status/1644251163028516865 cheaper.buzz cheaplate.info denimbluesshirto.com disgney.buzz energyhost.buzz gymchecktaker.buzz lvoverseas.buzz mencoyouth.buzz recorded.buzz ruoyenilion.buzz lemon.lvoverseas.buzz # Reference: https://twitter.com/StopMalvertisin/status/1645734562264399872 /xF0JN21nfgngXLAg/ /xF0JN21nfgngXLAg/cFnUhRx46tKkU2K3t2mqTz1FmyAUvyjPrhdaB61gwomXBtRd.ico /xF0JN21nfgngXLAg/cFnUhRx46tKkU2K3t2mqTz1FmyAUvyjPrhdaB61gwomXBtRd.mp3 /xF0JN21nfgngXLAg/cFnUhRx46tKkU2K3t2mqTz1FmyAUvyjPrhdaB61gwomXBtRd.mp4 /xF0JN21nfgngXLAg/cFnUhRx46tKkU2K3t2mqTz1FmyAUvyjPrhdaB61gwomXBtRd.png # Reference: https://twitter.com/ThreatBookLabs/status/1646176620401795072 # Reference: https://www.virustotal.com/gui/ip-address/193.149.187.131/relations dripgift.live mistergift.live truesuprise.live # Reference: https://threatbook.io/domain/informe.live # Reference: https://www.virustotal.com/gui/ip-address/45.61.139.98/relations informe.live informu.live # Reference: https://twitter.com/ThreatBookLabs/status/1648934486216957953 # Reference: https://app.validin.com/axon?type=ip&limit=100&find=168.100.11.152 # Reference: https://app.validin.com/axon?type=ip&find=5.199.168.207 # Reference: https://www.virustotal.com/gui/ip-address/168.100.11.152/relations # Reference: https://www.virustotal.com/gui/ip-address/5.199.168.207/relations donovinto.live financeto.live financeof.live regalovinto.live vintociao.live # Reference: https://twitter.com/ThreatBookLabs/status/1649066217146290178 # Reference: https://www.virustotal.com/gui/ip-address/45.61.136.22/relations driverunning.buzz # Reference: https://twitter.com/t3ft3lb/status/1649427493739216896 # Reference: https://www.virustotal.com/gui/ip-address/162.33.179.233/relations # Reference: https://www.virustotal.com/gui/ip-address/168.100.10.179/relations # Reference: https://www.virustotal.com/gui/file/61eeb6f444bfc11b718646ba4283fbaf3e0b6123c07f082cc59e884cb8934d30/detection epiczplus.buzz hovaupdates.buzz /9MBOzdRlUhSvqLmN/ /9MBOzdRlUhSvqLmN/b4MjHpJj3H2wBmWaJg5XGHC9FRQbU4lMQ3i55kDNyYU1NhQr.ico /9MBOzdRlUhSvqLmN/b4MjHpJj3H2wBmWaJg5XGHC9FRQbU4lMQ3i55kDNyYU1NhQr.mp3 /9MBOzdRlUhSvqLmN/b4MjHpJj3H2wBmWaJg5XGHC9FRQbU4lMQ3i55kDNyYU1NhQr.mp4 /9MBOzdRlUhSvqLmN/b4MjHpJj3H2wBmWaJg5XGHC9FRQbU4lMQ3i55kDNyYU1NhQr.png # Reference: https://www.virustotal.com/gui/ip-address/157.230.238.219/relations seacloud.buzz # Reference: https://twitter.com/StopMalvertisin/status/1650923515955249154 # Reference: https://www.virustotal.com/gui/file/8be504d853c2f85e9db232cd804aab21125e18f316e159bcd87631f98205c6a7/detection tourexplore.shop liberty.tourexplore.shop /rkljriasuriopakrkvfdf/czneygyru76jyfahj /czneygyru76jyfahj /rkljriasuriopakrkvfdf/ # Reference: https://twitter.com/StopMalvertisin/status/1651859711598403584 userlease.info mid.userlease.info /5boIzNxftM5WJvgO/CUWMZd0PwJX5elY7.php /5boIzNxftM5WJvgO/ /CUWMZd0PwJX5elY7.php # Reference: https://twitter.com/StopMalvertisin/status/1651859776610136065 # Reference: https://twitter.com/t3ft3lb/status/1651887661454614528 # Reference: https://www.virustotal.com/gui/file/f4bf2af544cce89a13bb73187e960bf30da0cfde9b067de25d696779c91a80af/detection driverunning.buzz lib.driverunning.buzz /Lomiapekaso/ertopikana /Lomiapekaso/texadikkomanapel /Lomiapekaso/ /ertopikana /texadikkomanapel # Reference: https://www.virustotal.com/gui/ip-address/45.61.138.186/relations # Reference: https://www.virustotal.com/gui/file/d966114f1f2d32af390ad4413647561c3182a7a8c1e3a55b75b1b860594623ac/detection onesolution.buzz pic.onesolution.buzz /Nptyerbcstedkyrdpste/lempp /Nptyerbcstedkyrdpste/ # Reference: https://www.virustotal.com/gui/ip-address/45.61.138.186/relations # Reference: https://www.virustotal.com/gui/file/aea1ebd23f693bffaab8bfbf509ba73aab6fa5b6f2218413ba48357161a72149/detection fontsloaders.xyz donotppi.fontsloaders.xyz ppi.fontsloaders.xyz www42.fontsloaders.xyz www70.fontsloaders.xyz /Pcb95ntr4umnb438ear5ky24/lkd874ters /Pcb95ntr4umnb438ear5ky24/olstv210rt/O/ku /Pcb95ntr4umnb438ear5ky24/ # Reference: https://twitter.com/suyog41/status/1654024491893248000 # Reference: https://www.virustotal.com/gui/file/551b15fbf9dbab46bf5a0529ad1abbcc89c58b2d936e75b120c17a81d4a9bff5/detection leasly.buzz # Reference: https://twitter.com/StopMalvertisin/status/1654031495860989954 # Reference: https://www.virustotal.com/gui/file/2ffd8e9fc1f91c6ce5570131ae5dc0607bfc283012e33db4f489db0ff1ccbaf5/detection shortdeserve.buzz /nc3bO91THkNG8ZJV/qOd7OFHNVbYvHf1TwqFjGYJSlndGJMFmXp5Fbo9AYupM9stS.ico /nc3bO91THkNG8ZJV/qOd7OFHNVbYvHf1TwqFjGYJSlndGJMFmXp5Fbo9AYupM9stS.mp3 /nc3bO91THkNG8ZJV/qOd7OFHNVbYvHf1TwqFjGYJSlndGJMFmXp5Fbo9AYupM9stS.mp4 /nc3bO91THkNG8ZJV/qOd7OFHNVbYvHf1TwqFjGYJSlndGJMFmXp5Fbo9AYupM9stS.png /nc3bO91THkNG8ZJV/ /qOd7OFHNVbYvHf1TwqFjGYJSlndGJMFmXp5Fbo9AYupM9stS.ico /qOd7OFHNVbYvHf1TwqFjGYJSlndGJMFmXp5Fbo9AYupM9stS.mp3 /qOd7OFHNVbYvHf1TwqFjGYJSlndGJMFmXp5Fbo9AYupM9stS.mp4 /qOd7OFHNVbYvHf1TwqFjGYJSlndGJMFmXp5Fbo9AYupM9stS.png # Reference: https://twitter.com/StopMalvertisin/status/1656583924880146433 # Reference: https://www.virustotal.com/gui/file/ffe60f49d81ac0ade1c1fe1f571a150b9c0b4d5803db773ffbd6af8fe50a9f60/detection lovebirdsshop.club # Reference: https://twitter.com/StopMalvertisin/status/1659156583715311617 # Reference: https://www.virustotal.com/gui/ip-address/162.33.177.214/relations # Reference: https://www.virustotal.com/gui/file/ef9919086110b0b3a85c9bd648c7308743f4342c10dd42cf35c7f87f6a0bcdca/detection preferbrowse.buzz /UykPk27JN5tMgfU1/xyaVHGO7apOzwMZzioiJU0TSlaUkQQfQ8WenNwla2S1bmz1r.ico /UykPk27JN5tMgfU1/xyaVHGO7apOzwMZzioiJU0TSlaUkQQfQ8WenNwla2S1bmz1r.mp3 /UykPk27JN5tMgfU1/xyaVHGO7apOzwMZzioiJU0TSlaUkQQfQ8WenNwla2S1bmz1r.mp4 /UykPk27JN5tMgfU1/xyaVHGO7apOzwMZzioiJU0TSlaUkQQfQ8WenNwla2S1bmz1r.png /UykPk27JN5tMgfU1/ /xyaVHGO7apOzwMZzioiJU0TSlaUkQQfQ8WenNwla2S1bmz1r.ico /xyaVHGO7apOzwMZzioiJU0TSlaUkQQfQ8WenNwla2S1bmz1r.mp3 /xyaVHGO7apOzwMZzioiJU0TSlaUkQQfQ8WenNwla2S1bmz1r.mp4 /xyaVHGO7apOzwMZzioiJU0TSlaUkQQfQ8WenNwla2S1bmz1r.png # Reference: https://twitter.com/RedDrip7/status/1659383591686766592 # Reference: https://www.virustotal.com/gui/ip-address/45.61.139.99/relations # Reference: https://www.virustotal.com/gui/file/0c3a4ea3a32ba45fef28af39f5529bd22d3b9b924ae8269103ea7d375bee0d4a/detection liketaker.xyz /9nk8DQS9dFhOAkjE/bwyPS94u0QGIgITe.php /9nk8DQS9dFhOAkjE/ /bwyPS94u0QGIgITe.php # Reference: https://twitter.com/t3ft3lb/status/1668525860222058497 # Reference: https://www.virustotal.com/gui/ip-address/64.52.80.59/detection # Reference: https://www.virustotal.com/gui/file/5d1dd3429cd64eb31bd98fd59dbef2954c7b3ecec51bcc693cbbcd754f901df8/detection superchess.buzz /HuOvbGawR8DSTWjC/LJZW8jVnAPaBkov1sEIhBi3EPjBnin9DdtZQcKTaagdw1yfH.ico /HuOvbGawR8DSTWjC/LJZW8jVnAPaBkov1sEIhBi3EPjBnin9DdtZQcKTaagdw1yfH.mp3 /HuOvbGawR8DSTWjC/LJZW8jVnAPaBkov1sEIhBi3EPjBnin9DdtZQcKTaagdw1yfH.mp4 /HuOvbGawR8DSTWjC/LJZW8jVnAPaBkov1sEIhBi3EPjBnin9DdtZQcKTaagdw1yfH.png /HuOvbGawR8DSTWjC/ /LJZW8jVnAPaBkov1sEIhBi3EPjBnin9DdtZQcKTaagdw1yfH.ico /LJZW8jVnAPaBkov1sEIhBi3EPjBnin9DdtZQcKTaagdw1yfH.mp3 /LJZW8jVnAPaBkov1sEIhBi3EPjBnin9DdtZQcKTaagdw1yfH.mp4 /LJZW8jVnAPaBkov1sEIhBi3EPjBnin9DdtZQcKTaagdw1yfH.png # Reference: https://twitter.com/malwrhunterteam/status/1676233125767020545 # Reference: https://www.virustotal.com/gui/ip-address/188.191.106.200/relations # Reference: https://www.virustotal.com/gui/file/951340643285e3102e2eed57f6850ff4ec0259f289bc5a673916b3c2689930bd/detection pluginauth.live # Reference: https://twitter.com/StopMalvertisin/status/1678693049344618496 # Reference: https://www.virustotal.com/gui/ip-address/37.220.31.59/relations # Reference: https://www.virustotal.com/gui/file/208f49194964faecf700e283e68d1d833542a88580f6739d3be2a173fed733c6/detection # Reference: https://www.virustotal.com/gui/file/6ca8be221bbec7da46ec7609baf4e5c1b1d65e6b3e41d0c305f21a7089db98d6/detection # Reference: https://www.virustotal.com/gui/file/d24d3b972bef8b9d6a1e5ddc345620ac1915937730728cc55271f1f487c56e3c/detection 37.220.31.59:443 kababonline.shop # Reference: https://twitter.com/Timele9527/status/1679324498162749440 servings.info # Reference: https://twitter.com/StopMalvertisin/status/1682071703558684673 # Reference: https://www.virustotal.com/gui/file/497c3c0024fe57822b86da7410b7c46bb35147535e9d4a43b4ee328bce22930c/detection aioupdates.buzz # Reference: https://twitter.com/StopMalvertisin/status/1682382945301016577 # Reference: https://www.virustotal.com/gui/file/f5770bba45da919565fa04c99bbd57480a1cb154473fe8be8f56658aaee872c2/detection yummycakes.online sales.yummycakes.online # Reference: https://twitter.com/ThreatBookLabs/status/1683826432848588800 beachupdates.live # Reference: https://twitter.com/peterkruse/status/1684134146560466952 firstbyte.club # Reference: https://twitter.com/ThreatBookLabs/status/1684373034529083392 dawnon.live # Reference: https://twitter.com/ThreatBookLabs/status/1686202265244155904 templevisit.live # Reference: https://twitter.com/ThreatBookLabs/status/1687097930535354368 toysgift.store shop.toysgift.store # Reference: https://twitter.com/ThreatBookLabs/status/1687295657458204672 updatepc.shop blogs.updatepc.shop # Reference: https://twitter.com/blackorbird/status/1692366590631948716 # Reference: https://mp.weixin.qq.com/s/WJji5Dr9OHSgwIaySetCfg # Reference: https://www.virustotal.com/gui/ip-address/64.52.80.141/relations sharelives.xyz storagedrive.buzz easy.sharelives.xyz lite.storagedrive.buzz lite.sharelives.xyz # Reference: https://www.cyfirma.com/outofband/donot-apt-elevates-its-tactics-by-deploying-malicious-android-apps-on-google-play-store/ # Reference: https://otx.alienvault.com/pulse/6491a5fd967508bd2c6e951e # Reference: https://www.virustotal.com/gui/file/8f56747b118f48e4a38a70be0e0c653fd4e452e2ce22c1ff35124ef1dc0f7c61/detection # Reference: https://www.virustotal.com/gui/file/86c415e5462d21196906a025b37e86413842771e39f73c75ddb50a80881a90e3/detection # Reference: https://www.virustotal.com/gui/file/3463083d0f22ee6c35cef6a603f985b6ba03fd6a85b0e8a40c6d3d22ac73294c/detection 193.149.176.226:4000 193.149.176.226:9090 appnsure.com ikhfaavpn.com # Reference: https://twitter.com/t3ft3lb/status/1693909660678701448 # Reference: https://www.virustotal.com/gui/ip-address/45.61.136.107/detection # Reference: https://www.virustotal.com/gui/ip-address/162.33.177.3/relations # Reference: https://www.virustotal.com/gui/file/12334a40680a030287e4cea05814bd6ab05e3b2f2a62aec82fc6361cc829c702/detection cardlogical.info instantcap.info /bo1fdeNGuIiitis3/4JH0qYxTk53tul7xUZ4bmbj9nzb19Y9vMgBxfG0N4NhUJvYb.ico /bo1fdeNGuIiitis3/4JH0qYxTk53tul7xUZ4bmbj9nzb19Y9vMgBxfG0N4NhUJvYb.mp3 /bo1fdeNGuIiitis3/4JH0qYxTk53tul7xUZ4bmbj9nzb19Y9vMgBxfG0N4NhUJvYb.mp4 /bo1fdeNGuIiitis3/4JH0qYxTk53tul7xUZ4bmbj9nzb19Y9vMgBxfG0N4NhUJvYb.png /bo1fdeNGuIiitis3/ /4JH0qYxTk53tul7xUZ4bmbj9nzb19Y9vMgBxfG0N4NhUJvYb.ico /4JH0qYxTk53tul7xUZ4bmbj9nzb19Y9vMgBxfG0N4NhUJvYb.mp3 /4JH0qYxTk53tul7xUZ4bmbj9nzb19Y9vMgBxfG0N4NhUJvYb.mp4 /4JH0qYxTk53tul7xUZ4bmbj9nzb19Y9vMgBxfG0N4NhUJvYb.png # Reference: https://twitter.com/t3ft3lb/status/1694321508703928728 # Reference: https://www.virustotal.com/gui/file/6b7b1f151464bdce98c53f82a29541a6d90622892d94fecd0740be6642e6dd91/detection gizgashineson.buzz mentsele.info /XA3JOnMP01TenAuE/442WpoKwPlGlPBMPFMI1q5TzgOKfNQXZhkIKRv9rfAgEQfC6.ico /XA3JOnMP01TenAuE/442WpoKwPlGlPBMPFMI1q5TzgOKfNQXZhkIKRv9rfAgEQfC6.mp3 /XA3JOnMP01TenAuE/442WpoKwPlGlPBMPFMI1q5TzgOKfNQXZhkIKRv9rfAgEQfC6.mp4 /XA3JOnMP01TenAuE/442WpoKwPlGlPBMPFMI1q5TzgOKfNQXZhkIKRv9rfAgEQfC6.png /XA3JOnMP01TenAuE/ /442WpoKwPlGlPBMPFMI1q5TzgOKfNQXZhkIKRv9rfAgEQfC6.ico /442WpoKwPlGlPBMPFMI1q5TzgOKfNQXZhkIKRv9rfAgEQfC6.mp3 /442WpoKwPlGlPBMPFMI1q5TzgOKfNQXZhkIKRv9rfAgEQfC6.mp4 /442WpoKwPlGlPBMPFMI1q5TzgOKfNQXZhkIKRv9rfAgEQfC6.png # Reference: https://twitter.com/t3ft3lb/status/1699692448728154465 # Reference: https://www.virustotal.com/gui/ip-address/193.149.190.198/relations # Reference: https://www.virustotal.com/gui/ip-address/45.61.139.219/relations # Reference: https://www.virustotal.com/gui/file/683516912ba44027a1d5121d53f176e0ac12f24d6e7c135d5138fbcd9e4c71e4/detection # Reference: https://www.virustotal.com/gui/file/4bd7b3fa7e974323e1ccc8da9196bf7b7dc1cf62590f19decbbe246c931d7634/detection # Reference: https://www.virustotal.com/gui/file/4099830655dbc477365fca2886698ac9d2581b3e4b332aab7da277de0b16f090/detection adjusteble.info thanrole.buzz /Ur7AdyiXFB1VNNl8/rHhiHSQwiAkySF9iqJEoCk7SOHz8DHf8zosMprQQOEERSk10.ico /Ur7AdyiXFB1VNNl8/rHhiHSQwiAkySF9iqJEoCk7SOHz8DHf8zosMprQQOEERSk10.mp3 /Ur7AdyiXFB1VNNl8/rHhiHSQwiAkySF9iqJEoCk7SOHz8DHf8zosMprQQOEERSk10.mp4 /Ur7AdyiXFB1VNNl8/rHhiHSQwiAkySF9iqJEoCk7SOHz8DHf8zosMprQQOEERSk10.png /rHhiHSQwiAkySF9iqJEoCk7SOHz8DHf8zosMprQQOEERSk10.ico /rHhiHSQwiAkySF9iqJEoCk7SOHz8DHf8zosMprQQOEERSk10.mp3 /rHhiHSQwiAkySF9iqJEoCk7SOHz8DHf8zosMprQQOEERSk10.mp4 /rHhiHSQwiAkySF9iqJEoCk7SOHz8DHf8zosMprQQOEERSk10.png /Ur7AdyiXFB1VNNl8/ /LHgausZEKtauASHjSvfUU/rokoprexcobatrs /LHgausZEKtauASHjSvfUU/ /rokoprexcobatrs # Reference: https://twitter.com/ThreatBookLabs/status/1684190834097262592 # Reference: https://www.virustotal.com/gui/ip-address/167.71.195.202/relations box4box.online blogs.box4box.online # Reference: https://twitter.com/ThreatBookLabs/status/1659560539045994497 # Reference: https://www.virustotal.com/gui/ip-address/162.33.179.213/relations updateszeldya.buzz # Reference: https://twitter.com/t3ft3lb/status/1719316874079699383 # Reference: https://www.virustotal.com/gui/ip-address/162.33.178.148/relations # Reference: https://www.virustotal.com/gui/ip-address/38.180.44.254/relations # Reference: https://www.virustotal.com/gui/ip-address/64.52.80.24/relations # Reference: https://www.virustotal.com/gui/file/7328b1606c6158aba7ab33871941078b70a52202bbe0b919c2ca109bcf0742a2/detection bulkquantity.info harddive.info /hM2acgcg15KzzO9d/yErKU1yd97xzKdqmojnG9fMtjhAnu9dBrvXvBJJwbGqvxnxV.ico /hM2acgcg15KzzO9d/yErKU1yd97xzKdqmojnG9fMtjhAnu9dBrvXvBJJwbGqvxnxV.mp3 /hM2acgcg15KzzO9d/yErKU1yd97xzKdqmojnG9fMtjhAnu9dBrvXvBJJwbGqvxnxV.mp4 /hM2acgcg15KzzO9d/yErKU1yd97xzKdqmojnG9fMtjhAnu9dBrvXvBJJwbGqvxnxV.png /hM2acgcg15KzzO9d /yErKU1yd97xzKdqmojnG9fMtjhAnu9dBrvXvBJJwbGqvxnxV.ico /yErKU1yd97xzKdqmojnG9fMtjhAnu9dBrvXvBJJwbGqvxnxV.mp3 /yErKU1yd97xzKdqmojnG9fMtjhAnu9dBrvXvBJJwbGqvxnxV.mp4 /yErKU1yd97xzKdqmojnG9fMtjhAnu9dBrvXvBJJwbGqvxnxV.png # Reference: https://app.validin.com/axon?find=58.158.177.102&type=ip forestertop.online updatemtnlin.online # Reference: https://twitter.com/t3ft3lb/status/1727269773984354534 # Reference: https://www.virustotal.com/gui/ip-address/206.188.196.139/relations # Reference: https://www.virustotal.com/gui/file/e1329bf6e0daa6a2b4a68d14299515556ead58cac2d19e4f1c5e23a80d6978b1/detection speedrugg.info trigershop.info /WxporesjaTexopManor/ptomekasresdkolertys /ptomekasresdkolertys /WxporesjaTexopManor/ /ZKlVWfynYHjd1nm7/ /ZKlVWfynYHjd1nm7/aXFwQpdVsYmKbkoWi9y9ZBzIkFE6GHxv0ePSSilV3Ai6F2Ir.ico /ZKlVWfynYHjd1nm7/aXFwQpdVsYmKbkoWi9y9ZBzIkFE6GHxv0ePSSilV3Ai6F2Ir.mp3 /ZKlVWfynYHjd1nm7/aXFwQpdVsYmKbkoWi9y9ZBzIkFE6GHxv0ePSSilV3Ai6F2Ir.mp4 /ZKlVWfynYHjd1nm7/aXFwQpdVsYmKbkoWi9y9ZBzIkFE6GHxv0ePSSilV3Ai6F2Ir.png /aXFwQpdVsYmKbkoWi9y9ZBzIkFE6GHxv0ePSSilV3Ai6F2Ir.ico /aXFwQpdVsYmKbkoWi9y9ZBzIkFE6GHxv0ePSSilV3Ai6F2Ir.mp3 /aXFwQpdVsYmKbkoWi9y9ZBzIkFE6GHxv0ePSSilV3Ai6F2Ir.mp4 /aXFwQpdVsYmKbkoWi9y9ZBzIkFE6GHxv0ePSSilV3Ai6F2Ir.png # Reference: https://twitter.com/t3ft3lb/status/1737839842057408918 # Reference: https://www.virustotal.com/gui/ip-address/179.43.141.70/relations # Reference: https://www.virustotal.com/gui/file/4061254c893de6b78810afeec5e231948820e1be6e9579f32d07ef9c51ae42f7/detection # Reference: https://www.virustotal.com/gui/file/26a3d4584a8fb5c12182ddb5fc97d9c00527e1de11700fe25e9c2035fedd831a/detection natureplants.online life.natureplants.online # Reference: https://twitter.com/ginkgo_g/status/1739539260557172798 # Reference: https://www.virustotal.com/gui/ip-address/5.135.199.21/relations # Reference: https://www.virustotal.com/gui/file/04dd305a825ae57a1045cedcf61a7f7a0775434ad7706a56053ac2a42d71528c/detection # Reference: https://www.virustotal.com/gui/file/6448febcda625da9067b3ccbeeb348d33f88137f131e833ffeda3a5bc6f19168/detection bakedcakes.online stores.bakedcakes.online /bnkfuiehj/hrkauhr1jhre /hkruhruuhra/oiroeiariae /bnkfuiehj /hkruhruuhra /hrkauhr1jhre /oiroeiariae # Reference: https://www.virustotal.com/gui/ip-address/23.106.124.4/relations chatinsec.live private-chat.site privatechat.life pvtchat.online pvtchatway.online apps.privatechat.life # Reference: https://twitter.com/Cuser07/status/1746832513555931597 # Reference: https://www.virustotal.com/gui/file/6f5dd00b5003c0aad7733492efe6468e402fa6c8a1dc352d5be166410a192d57/detection safeena.onrender.com # Reference: https://twitter.com/malwrhunterteam/status/1753536383249985693 # Reference: https://twitter.com/malwrhunterteam/status/1755673303941861661 # Reference: https://www.virustotal.com/gui/ip-address/162.33.178.135/relations # Reference: https://www.virustotal.com/gui/ip-address/162.33.178.183/relations # Reference: https://www.virustotal.com/gui/file/818c9caa65a80706e8d1620fefcb163293327ed96026afe14699b723091f785e/detection # Reference: https://www.virustotal.com/gui/file/ecb9af8f1bbcea19e3930037042eefb1bceea0b439cd517e32ade121a80915f5/detection roofcap.info toolgpt.buzz updash.info # Reference: https://www.virustotal.com/gui/file/5761c2cd3985d74bf82d9c16e54a7ed69ffb5896c1325d9932d24265a6ffe3d0/detection blinkedeye.top chandhor.top vauxserv.top /~347g83yfighslfkjg3/~394ghbhjdksfhg.bin /~g385ygbrogbyrug/fhg34879gbhfdsv.php /~347g83yfighslfkjg3/ /~394ghbhjdksfhg.bin /~g385ygbrogbyrug/ /fhg34879gbhfdsv.php # Reference: https://twitter.com/RedDrip7/status/1768584497212297692 # Reference: https://www.virustotal.com/gui/ip-address/193.149.176.154/relations # Reference: https://www.virustotal.com/gui/file/6cf1e3c90a8f6e4a9d66a099af0bf33e8828e21481519f97619d5eb13f51c7dd/detection vectorindex.info # Reference: https://twitter.com/doc_guard/status/1777328001073471710 # Reference: https://twitter.com/ginkgo_g/status/1777256849030709560 # Reference: https://www.virustotal.com/gui/ip-address/38.180.140.199/relations # Reference: https://www.virustotal.com/gui/ip-address/38.180.2.75/relations # Reference: https://www.virustotal.com/gui/file/697e5c66b37dca99fc17ba919792e7429efbff1df26cea3c26866eff269b0055/detection # Reference: https://www.virustotal.com/gui/file/697e5c66b37dca99fc17ba919792e7429efbff1df26cea3c26866eff269b0055/detection # Reference: https://www.virustotal.com/gui/file/1c17d91086dfc536b655c29a654cf6f8daf22e74c6a0c6d55f5a0000b0ea081d/detection geographiclocation.info letentinfo.info /EKtauASHjLHgausZSvfUU/rokoprexcobatrs /MXGONOfJYVvQhrYT/lM7I0GJGfXak8mJgihDGOdg1qJP6rnO5XPiiU9S3D3glz89X.ico /MXGONOfJYVvQhrYT/lM7I0GJGfXak8mJgihDGOdg1qJP6rnO5XPiiU9S3D3glz89X.mp3 /MXGONOfJYVvQhrYT/lM7I0GJGfXak8mJgihDGOdg1qJP6rnO5XPiiU9S3D3glz89X.mp4 /MXGONOfJYVvQhrYT/lM7I0GJGfXak8mJgihDGOdg1qJP6rnO5XPiiU9S3D3glz89X.png /EKtauASHjLHgausZSvfUU/ /MXGONOfJYVvQhrYT/ /lM7I0GJGfXak8mJgihDGOdg1qJP6rnO5XPiiU9S3D3glz89X.ico /lM7I0GJGfXak8mJgihDGOdg1qJP6rnO5XPiiU9S3D3glz89X.mp3 /lM7I0GJGfXak8mJgihDGOdg1qJP6rnO5XPiiU9S3D3glz89X.mp4 /lM7I0GJGfXak8mJgihDGOdg1qJP6rnO5XPiiU9S3D3glz89X.png # APK /Bride-Fun.apk /Conion_Pro_V2q.apk /Embassy_Info_v23m1221ppmm.apk /Fire_chat_07.apk /Fly_Talk_1qq.apk /Go_chat_notf.apk /Zak_m.apk