# Copyright (c) 2014-2023 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Note: Continuation of /malware/apt_gamaredon.txt trail # Reference: https://www.virustotal.com/gui/ip-address/168.100.10.184/relations 637753378561125274.mmrbjh5aksr8xcod3.moolin.ru spcbkrndcwmwqoehn.gl1rqkipy7qgs5wn.moolin.ru spcbkrndcwmwqoehn.mmrbjh5aksr8xcod3.moolin.ru yegjatclcoyvxc.mmrbjh5aksr8xcod3.moolin.ru zqm0ohac1uy.mmrbjh5aksr8xcod3.moolin.ru # Reference: https://www.virustotal.com/gui/ip-address/162.33.178.84/relations 1enm5ltozgs.jolotras.ru 637851914820617583.jolotras.ru 637854543329144226.jolotras.ru 637856208618736747.jolotras.ru 637856496966819649.jolotras.ru 637857210652488396.jolotras.ru 637857240727359534.jolotras.ru 637857424251842757.jolotras.ru elg9dhikreg.jolotras.ru hfkiicwlqwzm.jolotras.ru hvq3vxvsers3.jolotras.ru jukmdudxk095.jolotras.ru oxdajw1v.metanat.ru wzl4picb0ghkvwm5n.jolotras.ru # Reference: https://www.virustotal.com/gui/ip-address/147.182.232.150/relations 10decrepit.mexv.ru # Reference: https://www.virustotal.com/gui/ip-address/45.95.232.71/relations 13definite.kyamalgo.shop 67delay.kyamalgo.shop redim39.bayramgo.ru # Reference: https://www.virustotal.com/gui/ip-address/165.22.55.231/relations 51declined.kyamalgo.shop 71deliver.kyamalgo.shop asc27.kyanango.shop each95.kyanango.shop then59.kyanango.shop # Reference: https://www.virustotal.com/gui/ip-address/164.92.117.117/relations deliver.kyamalgo.shop # Reference: https://www.virustotal.com/gui/ip-address/139.180.186.210/relations deliberate.kyamalgo.shop # Reference: https://scpc.gov.ua/api/docs/19b0a96e-8c31-44bf-863e-cd3e0b651f22/19b0a96e-8c31-44bf-863e-cd3e0b651f22.pdf http://157.245.75.124 http://185.163.45.5 http://195.189.96.64 http://84.32.131.61 /09.01_otck/quicker.rtf /09.01_otck/ # Reference: https://twitter.com/malwrhunterteam/status/1622655333100359686 # Reference: https://www.virustotal.com/gui/file/3c6218f32fb724603c96fed99bc9880462f9dc3c420fac01acf9c921fb08b319/detection http://45.8.98.186 /03.02/GU/deaf.DjVu # Reference: https://twitter.com/oneinthewild/status/1622608702061568000 # Reference: https://twitter.com/oneinthewild/status/1622647861673353216 http://137.184.101.158 http://139.59.30.132 http://140.82.56.186 http://157.230.252.20 http://159.203.164.194 http://159.223.203.36 http://161.35.93.177 http://165.232.90.200 http://45.95.232.34 http://45.95.232.35 http://5.44.42.83 http://64.227.182.62 # Reference: https://twitter.com/ThreatBookLabs/status/1622555337470672897 artashd.xyz # Reference: https://twitter.com/oneinthewild/status/1622845785627889667 http://134.122.60.67 http://139.59.209.145 http://140.82.47.181 http://146.190.117.209 http://157.230.15.82 http://64.227.113.173 # Reference: https://twitter.com/Cyber0verload/status/1622843745300357122 # Reference: https://twitter.com/Cyber0verload/status/1622843807493414915 # Reference: https://twitter.com/Cyber0verload/status/1622843862451462144 # Reference: https://twitter.com/Cyber0verload/status/1622843903123628045 # Reference: https://twitter.com/Cyber0verload/status/1622843941388255232 bahadurdi.ru bahtiyardi.ru balabekdi.ru balakshidi.ru balasst.ru ballydi.ru baloglandi.ru balusa.ru bamdaddi.ru bashaardi.ru davudho.ru gachagdo.ru gachaydo.ru gadirdo.ru gadzhido.ru gahramando.ru galibdo.ru gamiddo.ru gaplando.ru garibdo.ru gasando.ru gashkaydo.ru gasyrdo.ru gayado.ru gedimdo.ru geydardo.ru giyamdo.ru giyasdo.ru gochagdo.ru goshgardo.ru malawit.ru maxmud.ru noiyze.ru poladx.ru rascol.ru tukals.ru vahabgo.ru valiullago.ru vasifgo.ru vasimgo.ru vatango.ru vazirgo.ru veligo.ru velihango.ru vezirgo.ru vidadigo.ru vilayatgo.ru vugargo.ru vurgungo.ru vusalgo.ru vuvura.ru xamala.ru zaskol.ru # Reference: https://www.virustotal.com/gui/file/602a970c272a4d6710a86792906ccad8e608115fcd46ed4740df7ec2c1b0cbe9/detection http://45.8.98.144 /07.02/ss/sensation.DjVu # Reference: https://twitter.com/StopMalvertisin/status/1622823002286206976 # Reference: https://www.virustotal.com/gui/file/1f034ea47fcd8ffa60de37ab3dfb4c7ca981d5830b6927320b4fa966066e4dca/detection http://188.225.31.186 /06.02/mil/never.DjVu # Reference: https://twitter.com/Cyber0verload/status/1623008687311708160 # Reference: https://www.virustotal.com/gui/ip-address/149.28.187.38/relations # Reference: https://www.virustotal.com/gui/file/201d5f869a952a0ebf5b63c92adb3e1a767a90bf010f0065cbd1a16285d7e4d2/detection glove38.gayado.ru penny.glove38.gayado.ru # Reference: https://www.virustotal.com/gui/ip-address/61.60.41.62/relations mirzago.shop validgo.ru # Reference: https://twitter.com/oneinthewild/status/1623052819350822913 http://104.248.208.144 http://128.199.42.98 http://139.180.131.10 http://146.190.150.34 # Reference: https://www.virustotal.com/gui/ip-address/170.64.154.39/relations 11delay.bamdaddi.ru 12departure.vatango.ru 13december.amasiyagi.ru 14departure.vatango.ru 16delivery.vatango.ru 16departure.vatango.ru 18departure.vatango.ru 1demonstration.artavazd.xyz 21delicate.artavazd.xyz 23depths.artavazd.xyz 26delivery.vatango.ru 26departure.vatango.ru 27departure.vatango.ru 28delicate.artavazd.xyz 28departure.vatango.ru 29delivery.vatango.ru 2departure.vatango.ru 30departure.vatango.ru 31delivery.vatango.ru 31demonstration.artavazd.xyz 31departure.vatango.ru 32delivery.vatango.ru 33degrade.bamdaddi.ru 35departure.vatango.ru 36delivery.vatango.ru 36departure.vatango.ru 36descendant.artavazd.xyz 37delivery.vatango.ru 38delivery.vatango.ru 39delicate.artavazd.xyz 39departure.vatango.ru 3demonstration.artavazd.xyz 42departure.vatango.ru 44dense.artavazd.xyz 44departure.vatango.ru 44depths.artavazd.xyz 46delicate.artavazd.xyz 46descendant.artavazd.xyz 47departure.vatango.ru 49departure.vatango.ru 54delivery.vatango.ru 59departure.vatango.ru 5delicate.artavazd.xyz 60departure.vatango.ru 61december.amasiyagi.ru 61delivery.vatango.ru 61descendant.artavazd.xyz 62depths.artavazd.xyz 63departure.vatango.ru 64departure.vatango.ru 64descendant.artavazd.xyz 65delivery.vatango.ru 66delivery.vatango.ru 67delivery.vatango.ru 67departure.vatango.ru 69delay.bamdaddi.ru 69delivery.vatango.ru 72departure.vatango.ru 74delivery.vatango.ru 74delusion.amasiyagi.ru 74depths.artavazd.xyz 75demonstration.artavazd.xyz 77defective.amasiyagi.ru 78departure.vatango.ru 79delivery.vatango.ru 7delivery.vatango.ru 80departure.vatango.ru 84defective.amasiyagi.ru 84delivery.vatango.ru 85delivery.vatango.ru 85departure.vatango.ru 86delay.bamdaddi.ru 86delivery.vatango.ru 87departure.vatango.ru 88delivery.vatango.ru 88departure.vatango.ru 88descendant.artavazd.xyz 89december.amasiyagi.ru 89delivery.vatango.ru 90departure.vatango.ru 91delivery.vatango.ru 93depths.artavazd.xyz 94delivery.vatango.ru 94departure.vatango.ru 95departure.vatango.ru 96demonstration.artavazd.xyz 97delivery.vatango.ru 97departure.vatango.ru 98delay.bamdaddi.ru 98delivery.vatango.ru 99departure.vatango.ru 9delivery.vatango.ru 9demonstration.artavazd.xyz chr38.balabekdi.ru close25.balabekdi.ru getfile69.artashd.xyz lapwork.akinot.ru loop14.balabekdi.ru loop56.balabekdi.ru penobscot.soputh.ru pigbelly.ulitron.ru redim100.mansurgo.ru slitter.billyhot.ru to36.artashd.xyz type57.mansurgo.ru type59.mansurgo.ru type72.mansurgo.ru type91.mansurgo.ru ucayale.bismutumo.ru unapparent.bismutumo.ru unconservative.dedspac.ru while2.balabekdi.ru wscript30.mansurgo.ru wscript61.mansurgo.ru wscript68.mansurgo.ru wscript77.mansurgo.ru # Reference: https://twitter.com/oneinthewild/status/1623328456967696384 http://134.209.197.124 http://134.209.33.42 http://146.190.38.123 http://188.166.220.176 http://31.129.22.25 http://45.82.13.22 # Reference: https://twitter.com/Cyber0verload/status/1623417388556328964 # Reference: https://twitter.com/Cyber0verload/status/1623417462992818176 auxza.ru barabux.ru dadashho.ru daniyarho.ru danizho.ru dashgynrho.ru deyanetho.ru dilaverho.ru dostaliho.ru dovlatho.ru dzharasatho.ru dzhavadho.ru erfanho.ru gapolsa.ru ruxanu.ru # Reference: https://twitter.com/oneinthewild/status/1623422557096493062 http://137.184.189.215 http://165.232.90.224 http://178.128.127.134 http://178.128.64.143 http://68.183.200.0 http://84.32.34.69 # Reference: https://twitter.com/oneinthewild/status/1623559225497763840 http://146.190.140.96 http://146.190.60.230 http://158.247.212.220 http://165.232.78.69 http://45.82.13.23 http://45.82.13.32 # Reference: https://twitter.com/Cyber0verload/status/1623665580296269825 pldbr.com zafirgo.online # Reference: https://twitter.com/oneinthewild/status/1623729517058576386 http://138.68.48.251 http://146.190.150.240 http://157.245.56.218 http://207.148.108.196 http://209.250.235.75 http://84.32.188.171 # Reference: https://twitter.com/StopMalvertisin/status/1623941786665365505 # Reference: https://www.virustotal.com/gui/file/220764c59224630d91caeadfbbaadd25b3f06e69e33dc5cbf3541c288fc2455a/detection # Reference: https://www.virustotal.com/gui/file/884d0b2753927bad6a57c3191ca5def96b2006ffe5d5924726b1f6d1aefb4bb6/detection http://81.200.154.192 /08.02/mils/guidance.dll /08.02/mils/preliminary.dll # Reference: https://twitter.com/oneinthewild/status/1623941722077286401 http://143.110.166.19 http://159.89.44.189 http://165.232.73.240 http://195.133.88.27 http://206.189.2.10 http://68.183.106.61 # Reference: https://twitter.com/StopMalvertisin/status/1624040846785134592 # Reference: https://www.virustotal.com/gui/ip-address/158.247.194.46/relations # Reference: https://www.virustotal.com/gui/file/f46bf2a1b8a6d333b73c355ee463d4dc6c55ef66bb99c2717e3a211d49b4c07d/detection dzheyhunho.ru soul70.dzheyhunho.ru neck.soul70.dzheyhunho.ru wwww.dzheyhunho.ru wwww.soul70.dzheyhunho.ru wwww.neck.soul70.dzheyhunho.ru /USER-/perfectly/perfectly/beyond/perfectly/perfectly.png /USER-/perfectly/perfectly/beyond/perfectly/ /USER-/perfectly/perfectly/beyond/ /USER-/perfectly/perfectly/ /USER-/perfectly/ # Reference: https://twitter.com/oneinthewild/status/1624037169592508416 http://158.247.194.46 http://165.22.188.144 http://5.44.42.63 http://5.44.42.81 http://64.225.79.177 http://64.227.77.123 # Reference: https://www.virustotal.com/gui/ip-address/81.19.140.42/relations http://81.19.140.42 71.ganara.ru # Reference: https://www.virustotal.com/gui/ip-address/66.42.55.53/relations 1386276378.ganara.ru 1431715375.pafamar.ru # Reference: https://www.virustotal.com/gui/ip-address/108.61.192.203/relations 42358526.ganara.ru # Reference: https://www.virustotal.com/gui/ip-address/155.138.141.211/relations 870017326.ganara.ru # Reference: https://www.virustotal.com/gui/ip-address/84.32.190.250/relations 1204209173.hakold.ru 1440993535.pafamar.ru 1748457329.pafamar.ru 181510461.pafamar.ru 2055427177.pafamar.ru 683969564.kacep.ru # Reference: https://www.virustotal.com/gui/ip-address/178.128.119.199/relations 1043550017.wicksl.ru 1057389483.wicksl.ru 1104029195.boraza.ru 1176266654.wicksl.ru 1224898390.wicksl.ru 1264400207.boradi.ru 1265796603.harasm.ru 1382969500.wicksl.ru 1434877464.wicksl.ru 1499231909.wicksl.ru 1526078706.wicksl.ru 1687888889.boradi.ru 1969771041.wicksl.ru 2039560734.wicksl.ru 346592704.wicksl.ru 399300951.lopasts.ru 419154341.wicksl.ru 55771717.wicksl.ru 583021842.wicksl.ru 599985847.wicksl.ru 675210863.lopasts.ru 6824204.wicksl.ru 691364703.wicksl.ru 692072180.wicksl.ru 701012767.pafamar.ru 748245639.boraza.ru 764978826.boradi.ru 875836479.wicksl.ru 894351309.wicksl.ru 930865769.wicksl.ru 956509908.wicksl.ru login.kifales.ru mail.kacep.ru # Reference: https://www.virustotal.com/gui/ip-address/45.76.254.179/relations 71deployment.rhodiumo.ru deliberate.lotorgas.ru # Reference: https://www.virustotal.com/gui/ip-address/194.67.71.65/relations depth.deliberate.lotorgas.ru # Reference: https://twitter.com/peterkruse/status/1625042214920286209 # Reference: https://www.virustotal.com/gui/ip-address/211.231.29.180/relations # Reference: https://www.virustotal.com/gui/ip-address/68.196.191.5/relations erfango.ru zafirgo.ru zahidgo.ru zakirgo.ru zamango.ru ziyafatgo.ru gk.zamango.ru ns.zamango.ru ot.zamango.ru xu.zamango.ru # Reference: https://twitter.com/StopMalvertisin/status/1625031614983188482 # Reference: https://www.virustotal.com/gui/ip-address/185.143.223.190/relations # Reference: https://www.virustotal.com/gui/file/c6f6838afcb177ea9dda624100ce95549cee93d9a7c8a6d131ae2359cabd82c8/detection interbase11.zakirgo.ru interbase6.zakirgo.ru interbase9.zakirgo.ru interbase96.zakirgo.ru goat.interbase6.zakirgo.ru goat.interbase11.zakirgo.ru goat.interbase9.zakirgo.ru goat.interbase96.zakirgo.ru wwww.goat.interbase11.zakirgo.ru wwww.interbase11.zakirgo.ru wwww.zakirgo.ru # Reference: https://mrtiepolo.medium.com/russian-apt-gamaredon-exploits-hoaxshell-to-target-ukrainian-organizations-173427d4339b 141.8.192.151:4000 141.8.197.42:4000 a0728173.xsph.ru f0559838.xsph.ru # Reference: https://www.virustotal.com/gui/ip-address/19.138.242.170/relations damirho.ru # Reference: https://twitter.com/peterkruse/status/1626458999267663872 dzhavidho.ru # Reference: https://www.virustotal.com/gui/ip-address/137.184.189.215/relations # Reference: https://www.virustotal.com/gui/ip-address/178.128.127.134/relations 12deploy.valiullago.ru 27degrade.valiullago.ru 28delighted.dzhavidho.ru 2dependent.valiullago.ru 36delighted.dzhavidho.ru 41depart.valiullago.ru 41departure.valiullago.ru 45delighted.dzhavidho.ru 50delighted.dzhavidho.ru 52delighted.dzhavidho.ru 53defeated.valiullago.ru 53departure.valiullago.ru 54deprive.valiullago.ru 63delete.valiullago.ru 66delighted.dzhavidho.ru 69delicacy.vatango.ru 71departure.valiullago.ru 72demonstration.valiullago.ru 77dense.vatango.ru 81dependent.valiullago.ru 85delighted.dzhavidho.ru 91depth.valiullago.ru 99dependant.vatango.ru all70.gochagdo.ru all76.gochagdo.ru altitude46.ibragimo.ru altitude47.logmango.ru amiable74.andranikgi.ru amiable78.andranikgi.ru bible49.gachagdo.ru bible50.gachagdo.ru bicycle.council67.garibdo.ru billion23.vasifgo.ru clamour.altitude47.logmango.ru clap3.vasifgo.ru clap70.vasifgo.ru council67.garibdo.ru count26.vasifgo.ru count41.vasifgo.ru count56.vasifgo.ru createobject83.gedimdo.ru dim99.vurgungo.ru elephantidae.akinot.ru encyclopedia10.amayakgi.ru endurance30.gaplando.ru energy80.gayado.ru faithfully.all70.gochagdo.ru faithfully.all76.gochagdo.ru false28.gayado.ru false53.gayado.ru false8.gayado.ru false81.gayado.ru false92.gayado.ru false95.gayado.ru fileexists28.vidadigo.ru for79.vurgungo.ru function74.gedimdo.ru glow.need94.gadzhido.ru glow33.masudgo.shop glow80.masudgo.shop god79.galibdo.ru integral.low19.gayado.ru intellectual.altitude46.ibragimo.ru intelligence34.gayado.ru intelligence56.gayado.ru interdependent.energy80.gayado.ru interference.shone10.ibragimo.ru interference.shone100.ibragimo.ru interference.shone32.ibragimo.ru interference.shone33.ibragimo.ru interference.shone40.ibragimo.ru interference.shone43.ibragimo.ru interference.shone45.ibragimo.ru interference.shone6.ibragimo.ru interference.shone67.ibragimo.ru interference.shone71.ibragimo.ru interference.shone85.ibragimo.ru interference.shone9.ibragimo.ru interference.shone92.ibragimo.ru interference.shone93.ibragimo.ru low19.gayado.ru lowered94.andranikgi.ru necklace.stooped100.ziyafat.ru necklace.stooped16.ziyafat.ru necklace.stooped22.ziyafat.ru necklace.stooped23.ziyafat.ru necklace.stooped4.ziyafat.ru necklace.stooped7.ziyafat.ru nectareous.bernadetti.ru ned.bible49.gachagdo.ru ned.bible50.gachagdo.ru need94.gadzhido.ru penny.glove38.gayado.ru performance.stopper23.gochagdo.ru perfume6.veligo.ru pressure.false28.gayado.ru pressure.false53.gayado.ru pressure.false8.gayado.ru pressure.false81.gayado.ru pressure.false92.gayado.ru pressure.false95.gayado.ru priceless.intelligence34.gayado.ru priceless.intelligence56.gayado.ru regions72.vasifgo.ru salary.sorry54.gahramando.ru salvation.god79.galibdo.ru sample.glow33.masudgo.shop sample.glow80.masudgo.shop savetofile97.vidadigo.ru setrequestheader39.vidadigo.ru shone10.ibragimo.ru shone100.ibragimo.ru shone32.ibragimo.ru shone33.ibragimo.ru shone40.ibragimo.ru shone43.ibragimo.ru shone45.ibragimo.ru shone6.ibragimo.ru shone67.ibragimo.ru shone71.ibragimo.ru shone85.ibragimo.ru shone9.ibragimo.ru shone92.ibragimo.ru shone93.ibragimo.ru sleep65.mansurgo.ru sleep78.mansurgo.ru sorry54.gahramando.ru stooped100.ziyafat.ru stooped16.ziyafat.ru stooped22.ziyafat.ru stooped23.ziyafat.ru stooped4.ziyafat.ru stooped7.ziyafat.ru stopper23.gochagdo.ru then89.vurgungo.ru to50.gedimdo.ru umbrose.soputh.ru until18.gedimdo.ru until23.gedimdo.ru visible44.vurgungo.ru wscript73.mansurgo.ru wscript98.mansurgo.ru # Reference: https://www.virustotal.com/gui/ip-address/89.185.84.79/relations allow37.bahtiyardi.ru # Reference: https://twitter.com/h2jazi/status/1628061981260320779 http://94.198.220.136 # Reference: https://www.virustotal.com/gui/ip-address/165.22.196.38/relations altitude84.ibragimo.ru altitude92.ibragimo.ru ambiguous.could4.akpar.ru ambition.prick55.ibragimo.ru beverley95.ambarcumgi.ru could4.akpar.ru countless.endure5.ibragimo.ru endure5.ibragimo.ru enemies32.mamnungo.ru fame.relate94.logmango.ru gloves.enemies32.mamnungo.ru goal51.ambarcumgi.ru intellectual.altitude84.ibragimo.ru intellectual.altitude92.ibragimo.ru lovers.stops50.mehmango.shop lucius.pride60.ibragimo.ru lucius.pride63.ibragimo.ru navy.shoe19.avvadbi.ru needle54.avvadbi.ru price8.ambarcumgi.ru prick55.ibragimo.ru prickly33.koroglugo.shop pride60.ibragimo.ru pride63.ibragimo.ru princess.needle54.avvadbi.ru relate94.logmango.ru shoe19.avvadbi.ru stops50.mehmango.shop # Reference: https://www.virustotal.com/gui/ip-address/84.32.248.148/relations primary40.agvanbi.ru # Reference: https://twitter.com/Cyber0verload/status/1628673516177596417 # Reference: https://www.virustotal.com/gui/ip-address/208.33.106.251/relations # Reference: https://www.virustotal.com/gui/ip-address/45.82.13.68/relations balabac.ru idrakbi.ru kainatbi.ru logmando.ru lyutfido.ru malikdo.ru manafdo.ru mansurdo.ru mazhddo.ru nbwfq.ru teftons.ru zardushtgo.ru # Reference: https://twitter.com/Cyber0verload/status/1628683582649638913 bajax.ru ibadbi.ru ibragimbi.ru ihsanbi.ru ihtiyarbi.ru ikrimabi.ru ilchinbi.ru ilkinbi.ru # Reference: https://twitter.com/Cyber0verload/status/1628689600959979522 # Reference: https://twitter.com/Cyber0verload/status/1628689657079685120 ilmazbi.ru inalbi.ru intigambi.ru iskanderbi.ru kamranbi.ru kamshadbi.ru karimbi.ru kasymbi.ru kirmanbi.ru komekbi.ru lachindo.ru madzhiddo.ru maksuddo.ru mamduhdo.ru naturac.ru paramants.ru quados.ru yylmazbi.ru zaydgo.ru zohrabgo.ru zyakigo.ru # Reference: https://twitter.com/malPileDiver/status/1628893586308710402 # Reference: https://www.virustotal.com/gui/ip-address/39.202.20.197/relations muayidpo.ru mubarizpo.ru munzirpo.ru muvafakpo.ru # Reference: https://twitter.com/malPileDiver/status/1629184400163237889 # Reference: https://www.virustotal.com/gui/ip-address/23.191.178.238/relations murtuzpo.ru navidgo.ru # Reference: https://twitter.com/Cyber0verload/status/1629213253703180289 funimine.ru # Reference: https://twitter.com/malPileDiver/status/1629511889427259394 # Reference: https://www.virustotal.com/gui/ip-address/15.232.123.105/relations baclanas.ru baralif.ru dzhabrailho.ru jofar.ru vafikgo.ru vahidgo.ru # Reference: https://twitter.com/malPileDiver/status/1630288768484687875 muazpo.ru muntasirpo.ru murtuzago.ru trwzwq.ru # Reference: https://twitter.com/Cyber0verload/status/1630312277332115456 # Reference: https://www.virustotal.com/gui/ip-address/170.64.146.162/relations # Reference: https://www.virustotal.com/gui/ip-address/174.236.130.129/relations # Reference: https://www.virustotal.com/gui/ip-address/39.202.20.197/relations fanatas.site mirzapo.ru mohsenpo.ru muhtadigo.ru murtadipo.ru muslimgo.ru mutazgo.ru nadzhigo.ru getfile71.mirzapo.ru # Reference: https://www.virustotal.com/gui/ip-address/195.133.88.46/relations interference27.ambarcumgi.ru pepper12.veligo.ru # Reference: https://www.virustotal.com/gui/ip-address/137.184.131.188/relations openastextstream71.muhtadigo.ru # Reference: https://twitter.com/Cyber0verload/status/1630548770675998721 # Reference: https://www.virustotal.com/gui/ip-address/89.23.107.153/relations # Reference: https://www.virustotal.com/gui/file/e7985ef38485466debc941a747f47739f014d5b43be2100b45535fa8364ff48b/detection goat11.gochagdo.ru prevail35.miltras.ru ambiguous.goat11.gochagdo.ru endanger.prevail35.miltras.ru /OHORONAPRAVLYUD/amongst.ma # Reference: https://www.virustotal.com/gui/ip-address/81.19.140.122/relations 30declared.geydardo.ru 31declared.geydardo.ru ambiguous11.gahramando.ru classic49.gayado.ru decisive.hungzo.ru energy70.gochagdo.ru fileexists42.dovlatho.ru fileexists92.dovlatho.ru function66.dovlatho.ru sounding32.gayado.ru endlessly.ambiguous11.gahramando.ru perfection.sounding32.gayado.ru print.energy70.gochagdo.ru rehearsal.classic49.gayado.ru # Reference: https://twitter.com/malPileDiver/status/1630612030121033741 muhtargo.ru # Reference: https://twitter.com/malPileDiver/status/1630961827860414467 # Reference: https://www.virustotal.com/gui/ip-address/65.163.236.87/relations goodide.ru kuycon.shop medyn.shop naasimgo.ru nrtdsz.ru # Reference: https://twitter.com/malPileDiver/status/1631370220471197696 asdcq.ru ervcxq.ru novruzpi.ru nurlanpi.ru omeyrpi.ru omranpi.ru osmanpi.ru tukalaf.ru # Reference: https://twitter.com/h2jazi/status/1631389446640640192 # Reference: https://www.virustotal.com/gui/file/ce16cbefe48f83bef0ef4f708a82b98ab9862d161d9ea2147b58605681dd8318/detection http://81.200.156.77 # Reference: https://twitter.com/h2jazi/status/1631720818546991105 # Reference: https://www.virustotal.com/gui/file/f56e11c2a8bbfeb7f5eab1b47ee150865e358a6db9f7bb9142e3ae13570418ab/detection http://128.199.99.145 http://89.185.84.85 2deserved.komekbi.ru 26deserved.komekbi.ru 28deserved.komekbi.ru /snfer51/index.html /snstance2/index.html /snstance51/index.html # Reference: https://twitter.com/h2jazi/status/1631720820010516481 # Reference: https://www.virustotal.com/gui/file/57b73d822558f142b73b0d52f3cca2e8c3124728b3abbe24785d1888f4f8fd7a/detection http://143.110.176.60 http://158.247.192.235 http://164.92.211.243 /snterposed63/index.html /snhabitant77/index.html /snherent77/index.html # Reference: https://twitter.com/h2jazi/status/1631723163603148804 # Reference: https://www.virustotal.com/gui/ip-address/140.82.50.201/relations # Reference: https://www.virustotal.com/gui/file/39f30dff6e397c0c1a11e2cd3bb8f840c93627ceb0ee75fe00df2aa482d83295/detection http://149.248.2.160 http://5.44.42.84 13description.mubarizpo.ru 52description.mubarizpo.ru 60description.mubarizpo.ru 71description.mubarizpo.ru /srresistible13/index.html /srresistible27/index.html /srresistible52/index.html /srresistible94/index.html # Reference: https://www.virustotal.com/gui/ip-address/5.199.173.245/relations 35.kasymbi.ru 55dedicate.mardango.ru deceived100.burhan.shop openastextstream17.kasymbi.ru openastextstream79.kasymbi.ru openastextstream98.kasymbi.ru stream35.kasymbi.ru # Reference: https://www.virustotal.com/gui/ip-address/84.32.191.212/relations 100degree.daglarho.ru do5.vidadigo.ru do8.vidadigo.ru function60.dovlatho.ru # Reference: https://www.virustotal.com/gui/ip-address/89.185.84.85/relations nearby15.ibragimo.ru # Reference: https://www.virustotal.com/gui/ip-address/31.129.22.35/relations 71deserved.komekbi.ru relate54.logmango.ru fame.relate54.logmango.ru prickly99.koroglugo.shop # Reference: https://twitter.com/malPileDiver/status/1631733362460164105 nureddinpi.ru nurgyunpi.ru osmanpi.ru # Reference: https://twitter.com/malPileDiver/status/1632117910746415105 # Reference: https://www.virustotal.com/gui/ip-address/217.38.66.205/relations naturap.ru peymanpo.ru rabahpo.ru ragibpo.ru vannos.ru # Reference: https://twitter.com/malPileDiver/status/1632447537767501826 osmanpo.ru payampo.ru # Reference: https://twitter.com/Cyber0verload/status/1632479604945428484 muhsingo.ru myuridgo.ru ogtaypi.ru orduhanpi.ru # Reference: https://twitter.com/malPileDiver/status/1632812089650675713 omeyrpo.ru pudzhmanpo.ru punhanpo.ru # Reference: https://twitter.com/Cyber0verload/status/1633122380171051009 # Reference: https://www.virustotal.com/gui/ip-address/45.80.128.87/relations # Reference: https://www.virustotal.com/gui/ip-address/84.32.188.157/relations # Reference: https://www.virustotal.com/gui/file/9f01c93e9756bac770f8e9b1186fb3af2b0a61654d0a151c18a75f2d1f9ef06b/detection ambiguous35.azzamsa.ru openastextstream46.kasymbi.ru could.ambiguous35.azzamsa.ru # Reference: https://twitter.com/malPileDiver/status/1633178137914646529 golowa.ru ragifla.ru rasimla.ru ratibla.ru rieturs.ru # Reference: https://twitter.com/Cyber0verload/status/1633534875595595777 # Reference: https://www.virustotal.com/gui/ip-address/181.202.232.81/relations # Reference: https://www.virustotal.com/gui/ip-address/64.227.12.148/relations omranpo.ru orduhanpo.ru fileexists71.omranpo.ru # Reference: https://twitter.com/malPileDiver/status/1633858760992071683 # Reference: https://www.virustotal.com/gui/ip-address/103.152.63.89/relations # Reference: https://www.virustotal.com/gui/ip-address/45.225.171.152/relations golovaq.ru lafata.ru ramalla.ru ramizla.ru aaa.ramizla.ru 1094098050.lafata.ru 1961692646.golovaq.ru 35destitute.ramalla.ru 638154522.golovaq.ru expandenvironmentstrings58.ramizla.ru expandenvironmentstrings8.ramizla.ru loop21.ramizla.ru loop71.ramizla.ru loop75.ramizla.ru mid49.ramizla.ru mid58.ramizla.ru mid71.ramizla.ru until64.ramizla.ru xor37.ramizla.ru # Reference: https://app.validin.com/axon?find=31.129.22.48 aristakes.xyz arutyund.xyz kirmango.shop mahirgo.shop muayidgo.shop muvafakgo.shop # Reference: https://www.virustotal.com/gui/ip-address/137.184.2.98/relations # Reference: https://www.virustotal.com/gui/ip-address/64.227.48.39/relations eval71.autometrics.pro mid71.autometrics.pro responsebody71.autometrics.pro run71.aristakes.xyz # Reference: https://www.virustotal.com/gui/ip-address/45.82.13.84/relations 42delight.daglarho.ru 63defined.daglarho.ru 86demonstration.daglarho.ru deletefile53.dzhafarho.ru delight20.basamdi.ru deliver66.basamdi.ru deny18.basamdi.ru designed79.basamdi.ru destroy23.basamdi.ru destroy55.basamdi.ru destroy92.basamdi.ru enemy38.valefgo.ru loop62.dzhafarho.ru read74.dzhafarho.ru # Reference: https://www.virustotal.com/gui/ip-address/164.90.238.95/relations 71.autometrics.pro for54.mahirgo.shop # Reference: https://www.virustotal.com/gui/ip-address/146.190.152.16/relations visible175.autometrics.pro xor71.autometrics.pro # Reference: https://www.virustotal.com/gui/ip-address/164.90.208.183/relations 71deliver.muhtargo.ru 82deliver.muhtargo.ru anbiguous.goat11.gochagdo.ru # Reference: https://www.virustotal.com/gui/ip-address/45.95.233.68/relations 52deliver.muhtargo.ru 97deliver.muhtargo.ru counsel81.navidgo.ru # Reference: https://www.virustotal.com/gui/ip-address/195.133.88.54/relations vagifgo.ru 100departed.daglarho.ru 15departed.daglarho.ru 17.deduction.pikh.ru 17desirable.daglarho.ru 17desire.intigambi.ru 19departed.daglarho.ru 19descent.mexv.ru 1deluge.intigambi.ru 22deck.daglarho.ru 42delusion.daglarho.ru 43departed.daglarho.ru 48demonstration.daglarho.ru 50desirable.daglarho.ru 6delight.daglarho.ru 71departed.daglarho.ru 79desirable.daglarho.ru 82descendant.daglarho.ru 95demonstration.daglarho.ru 98delusion.daglarho.ru 9departed.daglarho.ru decisive1.basamdi.ru declare16.basamdi.ru deduction.pikh.ru defeat42.basamdi.ru defeat56.basamdi.ru defeat72.basamdi.ru delete59.basamdi.ru delete67.basamdi.ru deletefile92.dzhafarho.ru delight94.basamdi.ru deliver10.basamdi.ru deliver34.basamdi.ru desert19.basamdi.ru designed56.basamdi.ru designed71.basamdi.ru designed80.basamdi.ru destroy16.basamdi.ru destroy54.basamdi.ru ended100.zyakigo.ru enemy19.valefgo.ru fairy30.detroito.ru fileexists71.vadzhih.shop goat100.detroito.ru goat6.valefgo.ru if44.dzhafarho.ru intelligence17.valefgo.ru loop3.dzhafarho.ru loop5.dzhafarho.ru loop77.dzhafarho.ru navigation.ended100.zyakigo.ru prior66.manafdo.ru to10.dzhafarho.ru to22.dzhafarho.ru to33.dzhafarho.ru to35.dzhafarho.ru to44.dzhafarho.ru to66.dzhafarho.ru to78.dzhafarho.ru to79.dzhafarho.ru to85.dzhafarho.ru to92.dzhafarho.ru to94.dzhafarho.ru to98.dzhafarho.ru # Reference: https://threatmon.io/beyond-bullets-and-bombs-an-examination-of-armageddon-groups-cyber-warfare-against-ukraine/ http://162.33.178.129 ambiguous.azzamsa.ru cloud.ambiguous.azzamsa.ru # Reference: https://twitter.com/malPileDiver/status/1635713029261099022 balatu.ru gokols.ru paratai.ru # Reference: https://twitter.com/malPileDiver/status/1636041827441688576 barakal.ru ravaet.ru takyygi.ru talehgi.ru talgatgi.ru taysirgi.ru # Reference: https://twitter.com/malPileDiver/status/1636432010787864580 homovos.ru rakinla.ru raulla.ru taahirgi.ru # Reference: https://www.virustotal.com/gui/ip-address/64.226.84.229/relations 100desirable.daglarho.ru 23delusion.daglarho.ru 23demonstration.daglarho.ru 24deck.daglarho.ru 24desirable.daglarho.ru 26departed.daglarho.ru 30demand.intigambi.ru 31detachment.intigambi.ru 33degrade.intigambi.ru 34define.intigambi.ru 36delusion.daglarho.ru 38deity.intigambi.ru 45demonstration.daglarho.ru 5deck.daglarho.ru 60delight.daglarho.ru 7demonstration.daglarho.ru 92delusion.daglarho.ru ambiguouos.azzamsa.ru cloud.ambiguouos.azzamsa.ru createobject33.dzhafarho.ru defeat13.basamdi.ru defeat31.basamdi.ru delight18.basamdi.ru deliver35.basamdi.ru descended55.basamdi.ru designed13.basamdi.ru designed51.basamdi.ru designed6.basamdi.ru destroy52.basamdi.ru destroy91.basamdi.ru fairy75.valefgo.ru loop30.dzhafarho.ru loop44.dzhafarho.ru loop78.dzhafarho.ru sleep97.dzhafarho.ru stoop33.valefgo.ru to25.dzhafarho.ru to81.dzhafarho.ru # Reference: https://twitter.com/malPileDiver/status/1636806289773989888 raminla.ru # Reference: https://www.virustotal.com/gui/domain/dzhafarho.ru/relations each38.dzhafarho.ru each7.dzhafarho.ru getfile68.dzhafarho.ru loop1.dzhafarho.ru loop49.dzhafarho.ru loop64.dzhafarho.ru loop71.dzhafarho.ru loop76.dzhafarho.ru loop85.dzhafarho.ru properties_76.dzhafarho.ru to1.dzhafarho.ru to100.dzhafarho.ru to11.dzhafarho.ru to2.dzhafarho.ru to37.dzhafarho.ru to38.dzhafarho.ru to43.dzhafarho.ru to57.dzhafarho.ru to64.dzhafarho.ru to72.dzhafarho.ru to74.dzhafarho.ru to8.dzhafarho.ru to83.dzhafarho.ru to99.dzhafarho.ru visible31.dzhafarho.ru # Reference: https://www.virustotal.com/gui/ip-address/161.35.118.86/relations chr88.artashd.xyz # Reference: https://twitter.com/malPileDiver/status/1637202283292131330 baralap.ru gojoxa.ru makasd.ru rasulla.ru # Reference: https://twitter.com/malPileDiver/status/1638596457979682832 raidla.ru rufatpo.ru ruzipo.ru saadipo.ru sabirpo.ru # Reference: https://twitter.com/Cyber0verload/status/1638985769628090368 # Reference: https://www.virustotal.com/gui/ip-address/255.181.142.5/relations http://81.200.155.124 royalpo.ru sabitpo.ru asc71.sabitpo.ru deletefile71.sabitpo.ru # Reference: https://www.virustotal.com/gui/ip-address/45.80.128.72/relations 71destruction.clipperso.ru # Reference: https://www.virustotal.com/gui/ip-address/195.133.88.52/relations 71deceive.clipperso.ru alone63.detroito.ru # Reference: https://www.virustotal.com/gui/ip-address/45.95.233.80/relations asc71.sabitpo.ru deletefile71.sabitpo.ru # Reference: https://www.virustotal.com/gui/ip-address/217.69.7.171/relations getobject71.sabitpo.ru # Reference: https://www.virustotal.com/gui/ip-address/45.63.122.179/relations 77defect.mansurdo.ru prey2.bishoten.ru presumably.prey2.bishoten.ru # Reference: https://twitter.com/Cyber0verload/status/1640378988555018245 baoris.ru caramelas.ru cumbersome.ru heartbreaking.ru highfalutin.ru narama.ru narutasx.ru parsimonious.ru quizzical.ru vohod.ru # Reference: https://www.virustotal.com/gui/ip-address/170.64.132.3/relations dim71.heartbreaking.ru # Reference: https://www.virustotal.com/gui/ip-address/137.184.6.77/relations dim100.heartbreaking.ru dim53.heartbreaking.ru dim54.heartbreaking.ru dim61.heartbreaking.ru dim86.heartbreaking.ru run3.heartbreaking.ru run63.heartbreaking.ru run98.heartbreaking.ru # Reference: https://twitter.com/malPileDiver/status/1640431005973479428 hueglotiki.ru lamentable.ru ruslanpo.ru rustampo.ru sabihpo.ru savalanpo.ru tightfisted.ru unsuitable.ru # Reference: https://twitter.com/Cyber0verload/status/1641096737694547970 # Reference: https://www.virustotal.com/gui/file/cb0dedfe45e2815974984b5e2ac6cdfd9d63bcc707ff1ed5ad95c919497b5efb/detection gleaming8.battleras.ru same.gleaming8.battleras.ru # Reference: https://twitter.com/suyog41/status/1641434640375513090 # Reference: https://www.virustotal.com/gui/file/78323880df7324a3e614c8d4c8057deb002959ff65d4fa8cf49a9fb7a738f441/detection /call/network/22.03/guide.jpeg /call/network/22.03/ # Reference: https://twitter.com/Cyber0verload/status/1641811233820102657 hctntmc.ru vesterac.ru # Reference: https://twitter.com/malPileDiver/status/1642289458530725891 agonizing.ru materialistic.ru stereotyped.ru # Reference: https://twitter.com/malPileDiver/status/1642610928842670080 haramq.ru jafata.ru krtkrt.ru varials.ru capricious.ru glistening.ru overjoyed.ru statuesque.ru undesirable.ru # Reference: https://twitter.com/malPileDiver/status/1642953669309079552 aydynpo.ru disagreeable.ru earsplitting.ru # Reference: https://twitter.com/malPileDiver/status/1643388727962501122 agakiypo.ru agastanpo.ru baharas.ru lefant.ru # Reference: https://www.virustotal.com/gui/ip-address/45.61.136.56/relations 0wlxbqv4pfbm.celticso.ru hatwwkhoysku.celticso.ru hdllmmsubbky.celticso.ru irykcfezcgsh.celticso.ru qralfxig6mlr.celticso.ru unpqaq3qraqo.celticso.ru vnzsc903fhll.celticso.ru # Reference: https://twitter.com/malPileDiver/status/1643683264786309147 altamishpo.ru aychobanpo.ru aykutpo.ru ayzakpo.ru # Reference: https://twitter.com/malPileDiver/status/1644013583871737856 aktanpo.ru aydoganpo.ru aytashpo.ru aytyurkpo.ru nalogw.ru # Reference: https://twitter.com/h2jazi/status/1644384355509477377 # Reference: https://www.virustotal.com/gui/ip-address/165.232.125.213/relations # Reference: https://www.virustotal.com/gui/file/c62dd5b6036619ced5de3a340c1bb2c9d9564bc5c48e25496466a36ecd00db30/detection # Reference: https://www.virustotal.com/gui/file/5926f707d51268721fef89c0218cfe0034da08503efefb95d00ed6c7a62684e6/detection 37delicate.ramalla.ru 71delicate.ramalla.ru clamp46.bashaardi.ru expandenvironmentstrings71.ramizla.ru lucius80.lamentable.ru fake.clamp46.bashaardi.ru # Reference: https://twitter.com/malPileDiver/status/1644445710761205762 adempo.ru agasypo.ru ayrympo.ru uranic.ru # Reference: https://twitter.com/Cyber0verload/status/1644688600833851393 # Reference: https://www.virustotal.com/gui/ip-address/89.185.84.99/relations disillusioned.ru superficial.ru big59.superficial.ru responsebody71.disillusioned.ru send71.disillusioned.ru # Reference: https://twitter.com/FF1565166422/status/1645252984643932160 # Reference: https://www.virustotal.com/gui/file/ae2a3b4bc5c1c5b7419c9daa3e32e8896132b970ab3c46d059e1696896e86498/detection # Reference: https://www.virustotal.com/gui/file/a9279ccd0bfc953a8acc4b134235902debe7f2b5cbb8aaf5a5549752c416e542/detection 185.252.147.12:443 infovesty.ru # Reference: https://twitter.com/Cyber0verload/status/1645769331500802049 # Reference: https://www.virustotal.com/gui/ip-address/104.156.231.44/relations # Reference: https://www.virustotal.com/gui/ip-address/64.226.94.136/relations # Reference: https://www.virustotal.com/gui/file/284803a0435ea310b028092934783a9b71d6ea67e46c115d6b4a43d3ca955ce7/detection http://64.226.94.136 21desire.aytashpo.ru 32desire.aytashpo.ru 68desire.aytashpo.ru 71degrade.aytashpo.ru 71desire.aytashpo.ru 75desire.aytashpo.ru 78desire.aytashpo.ru 85desire.aytashpo.ru # Reference: https://www.virustotal.com/gui/ip-address/5.44.42.81/relations intense60.dilaverho.ru lover.intense60.dilaverho.ru lower.intense60.dilaverho.ru # Reference: https://www.virustotal.com/gui/ip-address/45.32.88.90/relations position71.mahirgo.shop responsebody71.zardushtgo.ru stopped24.detroito.ru until15.mahirgo.shop # Reference: https://twitter.com/malPileDiver/status/1645901665545908225 agshinpo.ru akyuldizpo.ru alpaslanpo.ru altugpo.ru garame.ru velevas.ru # Reference: https://twitter.com/Cyber0verload/status/1646200848333127708 # Reference: https://www.virustotal.com/gui/ip-address/178.128.123.193/relations # Reference: https://www.virustotal.com/gui/file/0d60bd4cd33f8b52315125d9d95e7a5b2377aea94be5ba3281678d4935d8e63f/detection lunch21.danizho.ru reliable19.danizho.ru run71.heartbreaking.ru sand6.danizho.ru sand81.danizho.ru # Reference: https://www.virustotal.com/gui/ip-address/5.44.42.59/relations reliable19.danizho.ru # Reference: https://twitter.com/malPileDiver/status/1646301875426193410 addzhobo.ru aydinpo.ru azibobo.ru # Reference: https://twitter.com/StopMalvertisin/status/1646492908600840193 # Reference: https://twitter.com/Cyber0verload/status/1646588006495670286 # Reference: https://www.virustotal.com/gui/ip-address/137.184.59.142/relations # Reference: https://www.virustotal.com/gui/ip-address/81.19.140.45/relations # Reference: https://www.virustotal.com/gui/file/0e7e2929a51696d8851d8c5f9f6f6b10919ab61e829d16215f89fa0671edec10/detection # Reference: https://www.virustotal.com/gui/file/28746b8010329eaefd2d815732f8f111ba45e3774ead290ea42f5ce68a996837/detection delight30.takyygi.ru delight48.takyygi.ru delight86.takyygi.ru gloom37.zahidgo.ru sanction83.raidla.ru sound.gloom37.zahidgo.ru # Reference: https://www.virustotal.com/gui/ip-address/95.179.144.161/relations allocation92.osmanpo.ru glimpse54.raidla.ru loop9.hoanzo.ru needlework15.raminla.ru # Reference: https://twitter.com/malPileDiver/status/1646938719453077504 akenatenbo.ru akiikibo.ru amenemhatbo.ru anubisbo.ru azizibo.ru # Reference: https://twitter.com/malPileDiver/status/1647683310498332675 # Reference: https://www.virustotal.com/gui/ip-address/95.179.215.81/relations 12deceive.murtuzago.ru 15deceive.murtuzago.ru 32deceive.murtuzago.ru 43deceive.murtuzago.ru 71deceive.murtuzago.ru 77delicacy.murtuzago.ru 79delicacy.murtuzago.ru 81deceive.murtuzago.ru 87delicacy.murtuzago.ru 88deceive.murtuzago.ru deceive.murtuzago.ru # Reference: https://twitter.com/malPileDiver/status/1647683310498332675 # Reference: https://www.virustotal.com/gui/ip-address/141.164.62.153/relations # Reference: https://www.virustotal.com/gui/ip-address/68.183.224.97/relations 11describe.aytashpo.ru 16depart.aytashpo.ru 18declaration.aytashpo.ru 1definition.aytashpo.ru 37departed.daglarho.ru 38deck.daglarho.ru 38demonstration.daglarho.ru 3decide.aytashpo.ru 40demonstration.daglarho.ru 41deceive.intigambi.ru 41declaration.aytashpo.ru 44decidedly.intigambi.ru 45decide.aytashpo.ru 46defensive.nureddinpi.ru 46demonstration.daglarho.ru 47demonstration.daglarho.ru 48delusion.daglarho.ru 56deputy.aytashpo.ru 59.deer.apaturinae.ru 59delusion.daglarho.ru 63departments.aytashpo.ru 64decisive.nureddinpi.ru 68declined.aytashpo.ru 70descendant.daglarho.ru 74describe.aytashpo.ru 77dejected.manafgo.ru 78defence.intigambi.ru 79demonstration.daglarho.ru 84depths.aytashpo.ru 85deserved.komekbi.ru 8detachment.intigambi.ru 90departed.daglarho.ru 90detach.intigambi.ru 91desirable.daglarho.ru 92deck.daglarho.ru 96descendant.daglarho.ru 99delusion.daglarho.ru 9decidedly.intigambi.ru abear.adalatsa.ru anything.ulitron.ru createobject.jecura.ru deer.apaturinae.ru defeat34.basamdi.ru defeat63.basamdi.ru defender37.muazpo.ru delight20.takyygi.ru delight40.takyygi.ru delight71.takyygi.ru deliver17.basamdi.ru deliver25.basamdi.ru deliver71.basamdi.ru deluge97.basamdi.ru depart93.basamdi.ru designed8.basamdi.ru desolate54.basamdi.ru desolate74.basamdi.ru destroy19.basamdi.ru destroy39.basamdi.ru destroy69.basamdi.ru destroy97.basamdi.ru each.jecura.ru each71.myuridgo.ru fairy15.valefgo.ru fairy76.valefgo.ru fileexists54.kainatbi.ru getobject23.lachindo.ru getobject75.lachindo.ru getobject77.lachindo.ru globe44.detroito.ru glove38.ziyafat.ru intentional94.allaverdysa.ru loop50.balabekdi.ru position71.myuridgo.ru redim13.lachindo.ru redim28.lachindo.ru redim4.lachindo.ru redim43.lachindo.ru redim46.lachindo.ru redim51.lachindo.ru redim54.lachindo.ru redim55.lachindo.ru redim57.lachindo.ru redim59.lachindo.ru redim65.lachindo.ru redim71.kainatbi.ru redim77.lachindo.ru redim80.lachindo.ru redim84.lachindo.ru redim94.lachindo.ru redim97.lachindo.ru regret64.gachagdo.ru sleep.jecura.ru squeeze.ulitron.ru to71.myuridgo.ru allocation.allow33.sniportas.ru class.regret64.gachagdo.ru engage.intentional94.allaverdysa.ru expandenvironmentstrings72.mazhddo.ru expandenvironmentstrings73.ramizla.ru wlunch.reins69.ziyafat.ru wneck.soul70.dzheyhunho.ru # Reference: https://twitter.com/fr0s7_/status/1647947820576436224 # Reference: https://www.virustotal.com/gui/ip-address/81.19.141.106/relations # Reference: https://www.virustotal.com/gui/file/0b50546d3eb0387a7f3cbf4e92d7fca5ac9e3c8358a41ad606ba3ec6546c9c9d/detection lover18.aychobanpo.ru # Reference: https://twitter.com/malPileDiver/status/1648048178971701252 # Reference: https://www.virustotal.com/gui/ip-address/194.87.45.26/relations akenatonbo.ru aktaypo.ru amonbo.ru anumbo.ru asheypi.ru atonpi.ru intense55.aychobanpo.ru low53.ayzakpo.ru necklace61.aychobanpo.ru necklace75.aychobanpo.ru # Reference: https://twitter.com/MavericksInt/status/1648246438982287360 # Reference: https://www.virustotal.com/gui/file/7232f8c8300efb1b5120765cc9b4a8ad153123707a80286dc2c41d9a5e860ce7/detection # Reference: https://www.virustotal.com/gui/file/7d90ed946ee71f34c0b35c7bed2c034839e1f002f8dd0b5fca3ab481f10cd589/detection # Reference: https://www.virustotal.com/gui/file/59c408f738be2a0905a658471e96742a0b5c7b4841b041526361cfbcf5181d0b/detection http://134.209.153.179 http://81.200.157.206 http://91.200.151.231 # Reference: https://twitter.com/ET_Labs/status/1648382027522080783 # Reference: https://www.virustotal.com/gui/ip-address/128.199.75.108/relations # Reference: https://www.virustotal.com/gui/file/9ddbcf76e880d148425098bfb424ddb5ca2e746337ab32d152a579d4ae35ca18/detection http://216.128.128.163 http://31.129.22.68 11decline.ramalla.ru 19decline.ramalla.ru 20delicate.ramalla.ru 23decline.ramalla.ru 2decline.ramalla.ru 2delicate.ramalla.ru 57delicate.ramalla.ru 71decline.ramalla.ru 97decline.ramalla.ru # Reference: https://twitter.com/malPileDiver/status/1648407500457222146 ahmozpi.ru badrupi.ru bakaripi.ru barakapi.ru # Reference: https://www.virustotal.com/gui/ip-address/64.226.98.185/relations xor77.ahmozpi.ru # Reference: https://www.virustotal.com/gui/ip-address/128.199.83.71/relations claimed75.badrupi.ru counteract35.barakapi.ru stops62.barakapi.ru stops75.barakapi.ru # Reference: https://twitter.com/malPileDiver/status/1649216747256389636 # Reference: https://www.virustotal.com/gui/ip-address/216.155.157.161/relations 22defeated.ayrympo.ru 52.demand.dafilas.ru 9defeated.ayrympo.ru demand.dafilas.ru descent42.disagreeable.ru # Reference: https://blog.eclecticiq.com/exposed-web-panel-reveals-gamaredon-groups-automated-spear-phishing-campaigns # Reference: https://www.virustotal.com/gui/ip-address/194.180.191.56/relations http://109.200.159.40 http://109.200.159.46 http://109.200.159.59 http://151.236.30.50 http://192.121.87.11 http://194.180.191.56 mail.daniyarho.ru # Reference: https://twitter.com/malPileDiver/status/1649484287161389084 # Referecne: https://www.virustotal.com/gui/ip-address/194.58.112.174/relations anherpi.ru apispi.ru bankoulpi.ru barutipi.ru fushiguro.ru # Reference: https://twitter.com/malPileDiver/status/1649776814850555905 # Reference: https://www.virustotal.com/gui/ip-address/157.230.59.102/relations # Reference: https://www.virustotal.com/gui/file/31e60a361509b60e7157756d6899058213140c3b116a7e91207248e5f41a096b/detection # Reference: https://www.virustotal.com/gui/file/7de1f3fef12c1a7c954edb6f62ead13adb8c0b198b49e0d22e93b4cd385fed04/detection http://216.155.157.161 http://45.32.68.240 71defeated.ayrympo.ru shoe81.badrupi.ru # Reference: https://twitter.com/malPileDiver/status/1650570899454672896 ayarimar.ru boraito.ru dussaut.ru enokida.ru fortunyzo.ru kaigitang.ru nutriag.ru ruizchris.ru samiseto.ru valasati.ru vilaverde.ru # Reference: https://twitter.com/StopMalvertisin/status/1650745109519175680 # Reference: https://www.virustotal.com/gui/ip-address/178.128.121.37/relations # Reference: https://www.virustotal.com/gui/file/f7a6ae1b3a866b7e031f60d5d22d218f99edfe754ef262f449ed3271d6306192/detection 1delusion.daglarho.ru 26desirable.daglarho.ru 49desirable.daglarho.ru 4demonstration.daglarho.ru 51deck.daglarho.ru 52departed.daglarho.ru 53deck.daglarho.ru 68delight.daglarho.ru 6deck.daglarho.ru 95desirable.daglarho.ru 97deck.daglarho.ru aaa.ulitron.ru penny26.raidla.ru # Reference: https://twitter.com/malPileDiver/status/1650968985947471876 adjoining.ru lokalut.ru maniacal.ru suizibel.ru unequaled.ru unwieldy.ru # Reference: https://twitter.com/malPileDiver/status/1651374098415534080 # Reference: https://www.virustotal.com/gui/ip-address/195.133.88.49/relations # Reference: https://www.virustotal.com/gui/ip-address/195.133.88.63/relations baraslx.ru nahalx.ru 84defeated.ayrympo.ru enny26.raidla.ru oe81.badrupi.ru send.vilaverde.ru sleep71.talehgi.ru # Reference: https://twitter.com/malPileDiver/status/1651728614394675200 # Reference: https://www.virustotal.com/gui/ip-address/139.59.62.248/relations decorous.ru judicious.ru succinct.ru position71.succinct.ru send71.vilaverde.ru # Reference: https://www.virustotal.com/gui/ip-address/5.44.42.116/relations # Reference: https://www.virustotal.com/gui/file/81b6cc6a1e06e8824a4dc54bfb44afb6da175e2ab19502e9c969599ce3999f84/detection alternative44.decorous.ru famine39.judicious.ru famine64.judicious.ru perfume9.decorous.ru # Reference: https://twitter.com/malPileDiver/status/1652057352785330186 scattered.ru squeamish.ru stupendous.ru # Reference: https://twitter.com/StopMalvertisin/status/1652217199271243777 # Reference: https://www.virustotal.com/gui/file/4bd5ed5fa1b3f026ac0544457c7c3775a895236ccd1125332bb4cf840a6a24ac/detection # Reference: https://www.virustotal.com/gui/file/98de4142829d62815a2e07a130c2e41d0af28967c986ef0621752cfc18e67965/detection http://81.200.156.171 /mo.28.04.gif/ /mo.28.04.gif/barely/deceptive.jpeg # Reference: https://twitter.com/malPileDiver/status/1652392995432329220 # Reference: https://www.virustotal.com/gui/ip-address/170.64.174.17/relations 115502077.ganara.ru 1787445433.lahatas.ru 980136632.kurapat.ru buwukynakn.zaskol.ru f09v6kswrl.nodcmo.ru w4rk3sceek.nodcmo.ru # Reference: https://www.virustotal.com/gui/ip-address/170.64.176.71/relations 43decent.stupendous.ru 88deserved.stupendous.ru # Reference: https://twitter.com/Cyber0verload/status/1652705922332893188 # Reference: https://www.virustotal.com/gui/file/232b55aabd3301e6afa02df3a062c760f1105a0716047a582c1e714da9f0406d/detection relation46.samiseto.ru # Reference: https://twitter.com/Cyber0verload/status/1652712792435175424 # Reference: https://www.virustotal.com/gui/ip-address/159.223.56.214/relations # Reference: https://www.virustotal.com/gui/file/724a0dcede84e6527d16318cc9c425ae8743be4d5c6b5f62aea0ba67ec6b5ac3/detection http://159.223.56.214 20deserved.stupendous.ru 40deserved.stupendous.ru # Reference: https://twitter.com/Cyber0verload/status/1653098342858063874 # Reference: https://www.virustotal.com/gui/ip-address/104.248.204.242/relations # Reference: https://www.virustotal.com/gui/file/e0ca68717b92594cf3a0b265b846a491a38037e5f1af76479aa5a6e78ca9488b/detection 55deity.kyamalgo.shop 62detachment.highfalutin.ru 90departed.marzukgo.shop deliver98.basamdi.ru gloomy80.masudgo.shop pressure53.payampo.ru write.mohsengo.shop globe.gloomy80.masudgo.shop # Reference: https://twitter.com/malPileDiver/status/1653119670558269441 absorbeni.ru boskatrem.ru lopraner.ru malived.ru taramis.ru # Reference: https://www.virustotal.com/gui/ip-address/134.209.115.37/detection # Reference: https://www.virustotal.com/gui/ip-address/45.61.139.147/relations 86deserved.stupendous.ru 88deer.stupendous.ru # Reference: https://twitter.com/Cyber0verload/status/1653325622356193280 # Reference: https://www.virustotal.com/gui/ip-address/143.198.78.253/relations # Reference: https://www.virustotal.com/gui/file/572650c06d09715b17ba78db89fd323845c00133c483d7fc571ebe3e7b824bfe/detection penholder89.decorous.ru # Refereence: https://twitter.com/h2jazi/status/1653769493007695872 # Reference: https://www.virustotal.com/gui/file/c7921b6809d2ffd643258ff8f04590528ad68e9474635188003b40bff4a731a8/detection bestupdater.com # Reference: https://twitter.com/malPileDiver/status/1653846681266401280 # Reference: https://www.virustotal.com/gui/ip-address/165.232.148.157/relations # Reference: https://www.virustotal.com/gui/ip-address/167.99.9.163/relations # Reference: https://www.virustotal.com/gui/ip-address/194.87.45.49/relations farukend.ru zeraon.ru 41defender.stupendous.ru 58degree.farukend.ru chr1.hoanzo.ru chr2.hoanzo.ru chr25.hoanzo.ru chr34.hoanzo.ru chr35.hoanzo.ru chr46.hoanzo.ru chr50.hoanzo.ru chr57.hoanzo.ru chr61.hoanzo.ru chr70.hoanzo.ru chr74.hoanzo.ru chr84.hoanzo.ru chr85.hoanzo.ru chr87.hoanzo.ru chr93.hoanzo.ru chr96.hoanzo.ru county42.badrupi.ru designed79.aytyurkpo.ru dim10.hoanzo.ru dim13.hoanzo.ru dim19.hoanzo.ru dim35.hoanzo.ru dim4.hoanzo.ru dim48.hoanzo.ru dim54.hoanzo.ru dim63.hoanzo.ru dim66.hoanzo.ru dim70.hoanzo.ru dim82.hoanzo.ru eval1.hoanzo.ru eval10.hoanzo.ru eval100.hoanzo.ru eval11.hoanzo.ru eval12.hoanzo.ru eval13.hoanzo.ru eval15.hoanzo.ru eval16.hoanzo.ru eval17.hoanzo.ru eval18.hoanzo.ru eval19.hoanzo.ru eval2.hoanzo.ru eval20.hoanzo.ru eval22.hoanzo.ru eval23.hoanzo.ru eval24.hoanzo.ru eval27.hoanzo.ru eval28.hoanzo.ru eval29.hoanzo.ru eval3.hoanzo.ru eval30.hoanzo.ru eval32.hoanzo.ru eval33.hoanzo.ru eval34.hoanzo.ru eval35.hoanzo.ru eval36.hoanzo.ru eval37.hoanzo.ru eval39.hoanzo.ru eval4.hoanzo.ru eval40.hoanzo.ru eval41.hoanzo.ru eval42.hoanzo.ru eval43.hoanzo.ru eval44.hoanzo.ru eval45.hoanzo.ru eval46.hoanzo.ru eval47.hoanzo.ru eval49.hoanzo.ru eval50.hoanzo.ru eval51.hoanzo.ru eval52.hoanzo.ru eval53.hoanzo.ru eval54.hoanzo.ru eval56.hoanzo.ru eval57.hoanzo.ru eval58.hoanzo.ru eval6.hoanzo.ru eval60.hoanzo.ru eval61.hoanzo.ru eval62.hoanzo.ru eval63.hoanzo.ru eval64.hoanzo.ru eval65.hoanzo.ru eval66.hoanzo.ru eval68.hoanzo.ru eval7.hoanzo.ru eval70.hoanzo.ru eval73.hoanzo.ru eval74.hoanzo.ru eval75.hoanzo.ru eval76.hoanzo.ru eval77.hoanzo.ru eval78.hoanzo.ru eval79.hoanzo.ru eval8.hoanzo.ru eval80.hoanzo.ru eval81.hoanzo.ru eval82.hoanzo.ru eval83.hoanzo.ru eval84.hoanzo.ru eval85.hoanzo.ru eval86.hoanzo.ru eval87.hoanzo.ru eval88.hoanzo.ru eval89.hoanzo.ru eval9.hoanzo.ru eval90.hoanzo.ru eval91.hoanzo.ru eval92.hoanzo.ru eval93.hoanzo.ru eval94.hoanzo.ru eval95.hoanzo.ru eval97.hoanzo.ru eval98.hoanzo.ru expandenvironmentstrings96.ramizla.ru mid71.hoanzo.ru openastextstream92.hoanzo.ru play.hoanzo.ru redim1.hoanzo.ru redim10.hoanzo.ru redim100.hoanzo.ru redim12.hoanzo.ru redim13.hoanzo.ru redim14.hoanzo.ru redim15.hoanzo.ru redim16.hoanzo.ru redim17.hoanzo.ru redim18.hoanzo.ru redim21.hoanzo.ru redim22.hoanzo.ru redim23.hoanzo.ru redim26.hoanzo.ru redim29.hoanzo.ru redim32.hoanzo.ru redim33.hoanzo.ru redim35.hoanzo.ru redim36.hoanzo.ru redim37.hoanzo.ru redim39.hoanzo.ru redim4.hoanzo.ru redim44.hoanzo.ru redim45.hoanzo.ru redim46.hoanzo.ru redim49.hoanzo.ru redim51.hoanzo.ru redim54.hoanzo.ru redim57.hoanzo.ru redim58.hoanzo.ru redim59.hoanzo.ru redim60.hoanzo.ru redim63.hoanzo.ru redim64.hoanzo.ru redim65.hoanzo.ru redim67.hoanzo.ru redim68.hoanzo.ru redim69.hoanzo.ru redim70.hoanzo.ru redim71.hoanzo.ru redim73.hoanzo.ru redim74.hoanzo.ru redim76.hoanzo.ru redim77.hoanzo.ru redim78.hoanzo.ru redim79.hoanzo.ru redim8.hoanzo.ru redim80.hoanzo.ru redim81.hoanzo.ru redim82.hoanzo.ru redim83.hoanzo.ru redim84.hoanzo.ru redim87.hoanzo.ru redim88.hoanzo.ru redim89.hoanzo.ru redim9.hoanzo.ru redim90.hoanzo.ru redim91.hoanzo.ru redim92.hoanzo.ru redim93.hoanzo.ru redim94.hoanzo.ru redim96.hoanzo.ru redim97.hoanzo.ru redim98.hoanzo.ru redim99.hoanzo.ru savetofile2.hoanzo.ru savetofile48.hoanzo.ru savetofile74.hoanzo.ru send100.hoanzo.ru send20.hoanzo.ru send24.hoanzo.ru send26.hoanzo.ru send29.hoanzo.ru send3.hoanzo.ru send30.hoanzo.ru send32.hoanzo.ru send33.hoanzo.ru send38.hoanzo.ru send40.hoanzo.ru send41.hoanzo.ru send45.hoanzo.ru send46.hoanzo.ru send50.hoanzo.ru send56.hoanzo.ru send57.hoanzo.ru send58.hoanzo.ru send59.hoanzo.ru send60.hoanzo.ru send65.hoanzo.ru send66.hoanzo.ru send68.hoanzo.ru send7.hoanzo.ru send71.hoanzo.ru send76.hoanzo.ru send77.hoanzo.ru send79.hoanzo.ru send8.hoanzo.ru send90.hoanzo.ru send91.hoanzo.ru send92.hoanzo.ru send93.hoanzo.ru send94.hoanzo.ru send95.hoanzo.ru send99.hoanzo.ru sleep33.hoanzo.ru sleep86.hoanzo.ru sleep91.hoanzo.ru to71.hoanzo.ru write93.hoanzo.ru write97.hoanzo.ru wscript72.hoanzo.ru # Reference: https://twitter.com/StopMalvertisin/status/1655103745083179011 # Reference: https://www.virustotal.com/gui/file/d68335308ec2e58bb8cf1fb63381fdd55b6338241a82a59517cb3211770e6036/detection courage70.undesirable.ru goat61.decorous.ru # Reference: https://www.virustotal.com/gui/ip-address/159.223.198.3/relations bike44.decorous.ru sale60.judicious.ru # Reference: https://twitter.com/malPileDiver/status/1655280554818826243 amoresa.ru banrasac.ru brudimar.ru haramad.ru lotgunok.ru norasold.ru saturnec.ru vloperang.ru weratas.ru # Reference: https://www.virustotal.com/gui/ip-address/165.232.82.235/relations # Reference: https://www.virustotal.com/gui/ip-address/217.78.239.212/relations redim.norasold.ru send71.norasold.ru # Reference: https://twitter.com/souiten/status/1655410714721529856 # Reference: https://www.virustotal.com/gui/ip-address/46.101.114.106/relations # Reference: https://www.virustotal.com/gui/file/dcbb432efd5f958e5a3881109c942c75514d0692b5bc1e712e910d220313ac66/detection 14defy.erinaceuso.ru 1deserved.stupendous.ru 27defeated.ayrympo.ru 85defeated.ayrympo.ru endure32.ibragimo.ru glimpse.ibragimo.ru glimpse82.ibragimo.ru interbase14.ibragimo.ru stool44.ibragimo.ru countless.endure32.ibragimo.ru # Reference: https://twitter.com/malPileDiver/status/1655710112013594626 # Reference: https://www.virustotal.com/gui/ip-address/185.247.184.101/relations # Reference: https://www.virustotal.com/gui/ip-address/185.247.184.103/relations # Reference: https://www.virustotal.com/gui/ip-address/206.189.12.131/relations 108275726.wicksl.ru 17despite.farukend.ru 4dependent.farukend.ru 53destroyer.anumbo.ru already39.brudimar.ru if4.saturnec.ru xor80.saturnec.ru # Reference: https://twitter.com/suyog41/status/1655936062307602439 # Reference: https://www.virustotal.com/gui/file/f88bca443089c831c56f53147950bac19beaf7e804a0c5fe9da4018812ea6d4f/detection # Reference: https://www.virustotal.com/gui/file/b36d9d6d07db7922cd2444314ff0b630ae6c1dc473371fbde133f4f03097086e/detection http://170.64.152.130 # Reference: https://www.virustotal.com/gui/ip-address/165.22.53.191/relations # Reference: https://www.virustotal.com/gui/ip-address/31.129.22.77/relations 39.brudimar.ru neglect92.vloperang.ru # Reference: https://twitter.com/suyog41/status/1656649174920704000 # Reference: https://www.virustotal.com/gui/file/4e9d18ff14d4510f119418420d80c03b6246e64a6cb574d6ab8d75be3c78af9c/detection http://159.223.54.203 # Reference: https://twitter.com/StopMalvertisin/status/1656587394018320385 # Reference: https://www.virustotal.com/gui/file/d4423d73bc08c0142431f35f0bd0f392e630c70c212a6f9b01735bea0dae7f78/detection erceive21.badrupi.ru gg.badrupi.ru perceive21.badrupi.ru # Reference: https://twitter.com/malPileDiver/status/1658187362273222680 dzhabaripa.ru dzhahipa.ru goruspa.ru iknatonpa.ru kahotepa.ru kaziyapa.ru zaherpa.ru zuberipa.ru # Reference: https://twitter.com/Cyber0verload/status/1658189500672008232 71delay.dzhahipa.ru 80delay.dzhabaripa.ru openastextstream.zuberipa.ru # Reference: https://twitter.com/malPileDiver/status/1658549641804238863 badarus.ru butiram.ru donkorpa.ru kafiripa.ru kemoziripa.ru keymnvatipa.ru # Reference: https://twitter.com/StopMalvertisin/status/1658747923759505408 # Reference: https://www.virustotal.com/gui/ip-address/185.143.223.118/relations # Reference: https://www.virustotal.com/gui/ip-address/188.166.164.174/relations # Reference: https://www.virustotal.com/gui/file/13aa44122e2e6d99a40a47c870142ac95dc250c3169c1cfab95ba9c6fe33f542/detection 14december.highfalutin.ru 16december.highfalutin.ru 21descent.mansurdo.ru 29deserter.mardango.ru 2dentist.mardango.ru 31defensive.mardango.ru 38december.highfalutin.ru 39descendant.anumbo.ru 42descent.mansurdo.ru 51december.highfalutin.ru 52delusion.ihtiyarbi.ru 54despair.ihtiyarbi.ru 57december.highfalutin.ru 61declare.mardango.ru 69den.mardango.ru 70december.highfalutin.ru 70deduction.mardango.ru 74deserter.mardango.ru 78despair.ihtiyarbi.ru 7defensive.mardango.ru 7dentist.mardango.ru 83december.highfalutin.ru 90deduction.mardango.ru 90depth.anubisbo.ru 92descent.mansurdo.ru 95december.highfalutin.ru 9december.highfalutin.ru counsel69.boskatrem.ru decrepit76.xopekar.ru prey67.boskatrem.ru then59.suizibel.ru xor42.zuberipa.ru # Reference: https://twitter.com/malPileDiver/status/1658928573892403203 dakareypa.ru ishakpa.ru karoanpa.ru # Reference: https://twitter.com/malPileDiver/status/1659301640703209474 dzhibeydpa.ru dzhumoukpa.ru galofad.ru idogbpa.ru imenandpa.ru kemnebipa.ru knemuso.ru mensaso.ru porotad.ru # Reference: https://twitter.com/StopMalvertisin/status/1659451403100897280 # Reference: https://www.virustotal.com/gui/file/a207059404bfea094d3c07ee456107f26e83fee9e235a84e8e23bb9db64eee6b/detection allen99.buckso.ru allocate15.buckso.ru amazed40.buckso.ru course45.buckso.ru faith25.buckso.ru lucius1.lamentable.ru lucius88.lamentable.ru registry2.buckso.ru goats.amazed40.buckso.ru # Reference: https://twitter.com/MavericksInt/status/1659850657182957570 # Reference: https://twitter.com/MavericksInt/status/1660658203833532421 # Reference: https://www.virustotal.com/gui/file/d19d979a27723fe440c6801ba93bc3e95a67983dcc35b0f22694118449579966/detection # Reference: https://www.virustotal.com/gui/file/e93d0cf64a2486eeef192c8c6cf97242c131b459d64b9e4e237324b0e98f9d30/detection # Reference: https://www.virustotal.com/gui/file/2eb66edbfbadcf5d02218d8fc9611ff650ac1532db73610de548335fbeee2119/detection # Referecne: https://www.virustotal.com/gui/file/1e62d8099702b8e0976697975f57bb8b6e62e5a4d8dcb6c8f0d57f3e54e6b291/detection # Reference: https://www.virustotal.com/gui/file/0863335519380e4d88f785ab13d978d1efd55869879fbdbc4708dbece755f881/detection http://80.90.181.243 /ggh.12.05.gif /ggh.12.05.gif/seized/presented.jpeg /milSS.12.05.gif /milSS.12.05.gif/dear/regards.jpeg /mll.14.05.gif /mll.14.05.gif/selected/barge.jpeg /mll.14.05.gif/query/integer.jpeg /mmo.10.05.gif /mmo.10.05.gif/based/prefix.jpeg # Reference: https://twitter.com/malPileDiver/status/1660749203650363392 kontarso.ru koseyso.ru kuaashiso.ru lizimbaso.ru maatso.ru mbiziso.ru menesso.ru # Reference: https://www.virustotal.com/gui/ip-address/78.153.139.42/relations 1020178145.gokols.ru 1420104871.makasd.ru 1649627902.baralap.ru 1728259312.narutasx.ru 1795284560.gokols.ru 1841245068.gokols.ru 1979642691.narutasx.ru 2021007529.gokols.ru 2112733786.gokols.ru 230494973.vohod.ru 398145251.gokols.ru 518422979.baralap.ru 577106826.narutasx.ru 655824342.makasd.ru 665096125.makasd.ru 713696851.makasd.ru 881910787.gokols.ru 941470034.baralap.ru xxx.acersa.ru # Reference: https://www.virustotal.com/gui/ip-address/147.182.241.170/relations 58455773.lopasts.ru # Reference: https://twitter.com/malPileDiver/status/1662212381559377921 # Reference: https://twitter.com/Cyber0verload/status/1662338631418146817 # Reference: https://www.virustotal.com/gui/file/83d3e19851b5864222972dac860e8e18a43acf8be3d228379e09c3383928194d/detection luzidzhso.ru mudadazi.ru muhvanazi.ru neythzi.ru trulazek.ru 5destruction.trulazek.ru 16deliberate.trulazek.ru 20depart.trulazek.ru 70descendant.anumbo.ru asc46.dovlatho.ru asc59.dovlatho.ru asc60.dovlatho.ru asc64.dovlatho.ru asc66.dovlatho.ru asc7.dovlatho.ru asc73.dovlatho.ru asc74.dovlatho.ru asc84.dovlatho.ru chr56.dovlatho.ru close32.dovlatho.ru createobject56.dovlatho.ru defend95.karoanpa.ru definite49.karoanpa.ru definite50.karoanpa.ru definite56.karoanpa.ru deletefile10.dovlatho.ru deletefile17.dovlatho.ru deluge77.karoanpa.ru demanded10.karoanpa.ru demanded14.karoanpa.ru demanded25.karoanpa.ru demanded30.karoanpa.ru demanded38.karoanpa.ru demanded42.karoanpa.ru demanded77.karoanpa.ru demanded81.karoanpa.ru demanded87.karoanpa.ru demanded92.karoanpa.ru demanded97.karoanpa.ru den100.karoanpa.ru den15.karoanpa.ru den20.karoanpa.ru dependant22.agasibi.ru destruction.trulazek.ru eval55.mudadazi.ru getobject71.kontarso.ru regularly.percent20.plutoniumo.ru # Reference: https://www.virustotal.com/gui/file/e567fcf99640e0c3e521abe6c29a467f74eb49fc170b8ffa26981587cb6d85b2/detection 25defect.mansurdo.ru # Reference: https://twitter.com/StopMalvertisin/status/1663938140342718465 # Reference: https://www.virustotal.com/gui/file/b5a04e7f45c993f50320bd5beff5f709eb88e5782b0560497653edcff25967d6/detection # Reference: https://www.virustotal.com/gui/file/2a00062de622d0f93c44392a9a0b92432ac9bb1852ce1984a2affb4617872e6d/detection amazing84.vloperang.ru countless20.vloperang.ru countless64.vloperang.ru countless7.absorbeni.ru countless76.absorbeni.ru countless77.absorbeni.ru countless90.absorbeni.ru fake73.vloperang.ru fame73.vloperang.ru neglect35.vloperang.ru prickly26.vloperang.ru prickly53.vloperang.ru regret93.absorbeni.ru rejoined49.absorbeni.ru # Generic /1-/courageous/courageous.69alf /1-/courageous/ /27.12_otck/days.rtf /6BNOTE/loyalty/bikes/endanger.drf /6BNOTE/loyalty/bikes/ /6BNOTE/loyalty/ /AKADEMIK1211/clasped/globe/printing.61itdb /AKADEMIK1211/clasped/globe/ /AKADEMIK1211/clasped/ /DESKTOP-0N5LDB0/altogether/alluded/allows/alluded/alluded.xaf /DESKTOP-0N5LDB0/altogether/alluded/allows/alluded/ /DESKTOP-0N5LDB0/altogether/alluded/allows/ /DESKTOP-0N5LDB0/altogether/alluded/ /DESKTOP-0N5LDB0/altogether/ /DESKTOP-90A1T3D/regular.83glf /DESKTOP-DPHL39L/pretence/among/beverley/perform.m3d /DESKTOP-DPHL39L/pretence/among/beverley/ /DESKTOP-DPHL39L/pretence/among/ /DESKTOP-DPHL39L/pretence/ /DESKTOP-J6T8PGG/sally/sounds/familiar/courageous.70xmf /DESKTOP-J6T8PGG/sally/sounds/familiar/ /DESKTOP-J6T8PGG/sally/sounds/ /DESKTOP-J6T8PGG/sally/ /DESKTOP-JRQI4FJ/family/necessarily.18wet /DESKTOP-JRQI4FJ/family/ /DESKTOP-LQFDA6Q/soup/counter/soup/necklace.81tme /DESKTOP-LQFDA6Q/soup/counter/soup/ /DESKTOP-LQFDA6Q/soup/counter/ /DESKTOP-LQFDA6Q/soup/ /DESKTOP-M8O7T07/prick.nff /DESKTOP-T0FMFN4/principal83/principal/lunch.kdc /DESKTOP-T0FMFN4/principal83/principal/ /DESKTOP-T0FMFN4/principal83/ /DESKTOP-UVHG99D/percy.46rra /INV7/ally/ally.88wmdb /KASA/bicycle.dbx /LAPTOP-ATFIHP9Q/alternate.sis /LAPTOP-ATFIHP9Q/alternate/penholder/previous.sis /LAPTOP-ATFIHP9Q/alternate/penholder/ /LAPTOP-ATFIHP9Q/alternate/ /LAPTOP-ATFIHP9Q/previous/penholder/penholder/alternate.sis /LAPTOP-ATFIHP9Q/previous/penholder/penholder/ /LAPTOP-ATFIHP9Q/previous/penholder/ /LAPTOP-ATFIHP9Q/previous/ /LILA/between/shoe/ambitious/shoe/principle.21accdr /LILA/between/shoe/ambitious/shoe/ /LILA/between/shoe/ambitious/ /LILA/between/shoe/ /OHORONAPRAVLYUD/relay/perfection/classroom.sky /OHORONAPRAVLYUD/relay/perfection/ /OHORONAPRAVLYUD/relay/ /PC/already/already/relate/all.thl /PC/already/already/relate/ /PC/amazed/nearby/already.cgm /PC/amazed/nearby/ /R331-1/ambition/interesting/enforce.26die /R331-1/ambition/interesting/ /R331-1/ambition/ /USER-PC/allowance/percent/soul.77meb /USER-PC/allowance/percent/ /USER-PC/allowance/ /USER-PC/could/all/glowing.20mbx /USER-PC/could/all/ /USER-PC/prey/allowance.90meb /USER-PC/prey/percent/soul/prey/percent.7meb /USER-PC/prey/percent/soul/prey/ /USER-PC/prey/percent/soul/ /USER-PC/prey/percent/ /USER-PC/soul/percent.76meb /USER-PC/sally.64mbx /WIN-NKDT573S45D/needlework.vp /WIN-PJMU2R174AA/naughty/stool/luckily.89jas /WIN-PJMU2R174AA/naughty/stool/ /WIN-PJMU2R174AA/naughty/ /ЮЛЯ-ПК/alongside/needle/needle.fbx /ЮЛЯ-ПК/alongside/needle/ /ЮЛЯ-ПК/alongside/ /%D0%AE%D0%9B%D0%AF-%D0%9F%D0%9A/alongside/needle/needle.fbx /%D0%AE%D0%9B%D0%AF-%D0%9F%D0%9A/alongside/needle/ /%D0%AE%D0%9B%D0%AF-%D0%9F%D0%9A/alongside/ /alongside/needle/