# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Aliases: pterodo, primitive bear # MITRE: https://attack.mitre.org/groups/G0047/ # Reference: http://researchcenter.paloaltonetworks.com/2017/02/unit-42-title-gamaredon-group-toolset-evolution/ admin-ru.ru adobe.update-service.net apploadapp.webhop.me brokbridge.com cat.gotdns.ch check-update.ru childrights.in.ua conhost.myftp.org docdownload.ddns.net downloads.email-attachments.ru downloads.file-attachments.ru dyndownload.serveirc.com e.muravej.ua email-attachments.ru file-attachments.ru freefiles.myftp.biz getmyfile.webhop.me googlefiles.serveftp.com grom56.ddns.net grom90.ddns.net hrome-update.ru hrome-updater.ru loaderskypetm.webhop.me loadsoulip.serveftp.com mail.file-attachments.ru mails.redirectme.net mars-ru.ru msrestore.ru oficialsite.webhop.me parkingdoma.webhop.me poligjong.webhop.me polistar.ddns.net proxy-spread.ru rms.admin-ru.ru samotsvety.com.ua skypeemocache.ru skypeupdate.ru spbpool.ddns.net spread-service.ru spread-ss.ru spread-updates.ru stor.tainfo.com.ua tortilla.sytes.net ukrnet.serveftp.com ukrway.galaktion.ru umachka.ua update-service.net updatesp.ddns.net updateviber.sytes.net webclidie.webhop.me win-restore.ru winloaded.sytes.net winupdateloader.ru yfperoliz.webhop.me # Reference: https://arstechnica.com/information-technology/2018/11/ukraine-detects-new-pterado-backdoor-malware-warns-of-russian-cyberattack/ updates-spreadwork.pw dataoffice.zapto.org bitsadmin.ddns.net # Reference: https://cert.gov.ua/news/46 natos-drp.ddns.net nato-drp.ddns.net ukraine-news.ddns.net ukraina-drp.ddns.net tovar-es.ddns.net start-usb.ddns.net sovetkirov.ddns.net singles-office.ddns.net single-office.ddns.net yousister.ddns.net wq03.ddns.net wq02.ddns.net wq01.ddns.net werdikt.ddns.net wareface.ddns.net vnc-new.ddns.net ut03.ddns.net ut02.ddns.net ut01.ddns.net us03.ddns.net us02.ddns.net us01.ddns.net topline.myftp.org sushi-bar.ddns.net po03.ddns.net po02.ddns.net po01.ddns.net pk03.ddns.net pk02.ddns.net pk01.ddns.net orizoh88.ddns.net optima-se.ddns.net new-club.ddns.net mykarina.ddns.net microsoft-single.ddns.net metro-exodus.ddns.net marishka.ddns.net macdocs.ddns.net karasto01.ddns.net gr03.ddns.net gr02.ddns.net gr01.ddns.net connect-updates.ddns.net chrome-update.ddns.net # Reference: https://blog.threatstop.com/russian-apt-gamaredon-group splin-body.site torrent-stel.space torent-updates.ddns.net torrent-updates.ddns.net splin-upd.site splin-upd1.site torrent-supd.space # Reference: https://cert.gov.ua/news/42 http://95.142.45.58 single-office.ddns.net # Reference: https://cert.gov.ua/news/46 bitsadmin.ddns.net dataoffice.zapto.org updates-spreadwork.pw # Reference: https://twitter.com/VK_Intel/status/1084955795358330880 spread-system.info # Reference: https://twitter.com/VK_Intel/status/1080919080616439808 torrent-supd.space # Reference: https://twitter.com/ClearskySec/status/1065267794474950657 chrome-update.ddns.net connect-updates.ddns.net gr01.ddns.net gr02.ddns.net gr03.ddns.net karasto01.ddns.net macdocs.ddns.net marishka.ddns.net metro-exodus.ddns.net microsoft-single.ddns.net mykarina.ddns.net natos-drp.ddns.net nato-drp.ddns.net new-club.ddns.net orizoh88.ddns.net optima-se.ddns.net pk01.ddns.net pk02.ddns.net pk03.ddns.net po01.ddns.net po02.ddns.net po03.ddns.net singles-office.ddns.net single-office.ddns.net sovetkirov.ddns.net start-usb.ddns.net sushi-bar.ddns.net topline.myftp.org tovar-es.ddns.net ukraina-drp.ddns.net ukraine-news.ddns.net us01.ddns.net us02.ddns.net us03.ddns.net ut01.ddns.net ut02.ddns.net ut03.ddns.net vnc-new.ddns.net wareface.ddns.net werdikt.ddns.net wq01.ddns.net wq02.ddns.net wq03.ddns.net yousister.ddns.net # Reference: https://twitter.com/CSIRTCV/status/1083420779486855169 errors-analyses.ddns.net spr-files.ddns.net spr-updates.ddns.net # Reference: https://unit42.paloaltonetworks.com/unit-42-title-gamaredon-group-toolset-evolution/ admin-ru.ru adobe.update-service.net apploadapp.webhop.me brokbridge.com cat.gotdns.ch check-update.ru childrights.in.ua conhost.myftp.org docdownload.ddns.net downloads.email-attachments.ru downloads.file-attachments.ru dyndownload.serveirc.com e.muravej.ua email-attachments.ru file-attachments.ru freefiles.myftp.biz getmyfile.webhop.me googlefiles.serveftp.com grom56.ddns.net grom90.ddns.net hrome-update.ru hrome-updater.ru loaderskypetm.webhop.me loadsoulip.serveftp.com mail.file-attachments.ru mails.redirectme.net mars-ru.ru msrestore.ru oficialsite.webhop.me parkingdoma.webhop.me poligjong.webhop.me polistar.ddns.net proxy-spread.ru rms.admin-ru.ru samotsvety.com.ua skypeemocache.ru skypeupdate.ru spbpool.ddns.net spread-service.ru spread-ss.ru spread-updates.ru stor.tainfo.com.ua tortilla.sytes.net ukrnet.serveftp.com ukrway.galaktion.ru umachka.ua update-service.net updatesp.ddns.net updateviber.sytes.net webclidie.webhop.me win-restore.ru winloaded.sytes.net winupdateloader.ru yfperoliz.webhop.me # Reference: https://twitter.com/ClearskySec/status/1065267790943268865 dropdrop.ddns.net drop-new.ddns.net drop-news.ddns.net google-drive.ddns.net google-drp.ddns.net google-drop.ddns.net # Reference: https://twitter.com/VK_Intel/status/1117303080545079296 winroutes.ddns.net # Reference: https://twitter.com/h4ckak/status/1117234914158530560 winrouts.ddns.net # Reference: https://twitter.com/h4ckak/status/1117789601765007360 lisingrout.ddns.net # Reference: https://twitter.com/Timele9527/status/1118331760612388864 word-service.site # Reference: https://twitter.com/Timele9527/status/1118343183971360769 libre4.space # Reference: https://twitter.com/zlab_team/status/1121013394251948036 # Reference: https://blog.yoroi.company/research/the-russian-shadow-in-eastern-europe-ukrainian-mod-campaign/ bitwork.ddns.net librework.ddns.net # Reference: https://twitter.com/ThreatBookLabs/status/1123149311573815297 # Reference: https://x.threatbook.cn/nodev4/vb4/article?threatInfoID=1417 (Chinese) # Reference: https://otx.alienvault.com/pulse/5cc80eba055a4f569561dad5 # Reference: https://www.virustotal.com/gui/ip-address/185.200.241.88/relations advansed-template.site alenko.site attach.website beercraft.fun beercraft.space bits-mars.fun bits-mars.site bits-mars.space bits-tor.fun bits-tor.site bits-tor.space bits-tor.website bitsadmin.space bitsadmin1.space bitsadmin10.space bitsadmin2.space bitsadmin3.space bitsadmin4.space bitsadmin5.space bitsadmin6.space bitsadmin7.space bitsadmin8.space bitsadmin9.space bitsbitsa.space bitsbitsb.space bitsbitsc.space bitsbitsd.space bitsbitsf.space bitsbitsg.space bitsbitsh.space bitsbitsi.space bitsbitsk.space bitsbitsl.space cleaners.fun cornelius.website cyberworld.host cyberworld.website demiurg.site demiurg.space demiurg.website dilana.space drivegoogle.site drovka.space dwn-files.site fix-template.site gameland.host gameland.space gameland.website gameworld.website google-drive.site haker.fun haker.host haker.space haker.website immortals.site immortals.space immortals.website lebrederm.space lebreman.space libda.site libdab.site libdad.site libdadi.site libdado.site libdaf.site libdag.site libdah.site libdak.site libdal.site libdam.site libdan.site libdas.site libre-360.site libre-exel.site libre-office.site libre-ppt.site libre-word.site libre1.space libre2.space libre3.space libre4.space libre5.space librerty.space libres.space libressimo.space macros1.space macros2.space macros3.space macros4.space macros5.space masseffect.fun masseffect.site masseffect.space masseffect.website microsoft-analise.site microsoft-bits.site microsoft-macros.site microsoft-office.site microsoft-usb.site mirkwood.space mototo.fun mototo.site mototo.space mototo.website new-template.site niam.space normal-template.site normandia.website ogmar.fun ogmar.site ogmar.website ogremage.site ogremage.space ogremage.website old-template.site overload.space overload.website rainak.space riki.space rud.ddns.net saprit.fun saprit.site saprit.space saprit.website sheppard.fun sheppard.website skymage.fun skymage.space skymage.website sorg.space ssu-gov.site ssu-gov.website stan-stana.site stan-stana.space stan-stana.website stereo-bit.fun stereo-bit.space termit.space termit.website termits.fun watcher.host wayto.host wayto.website wifa.site wifa.space wifa.website wifb.site wifb.space wifc.host wifc.site wifc.space wifc.website wifo.host wifo.space wifo.website wifu.site wifu.space wifu.website wify.space wify.website word-checker.site word-online.site word-proxy.site word-service.site word-update.site wordmacros.space xakep.fun xakep.site zanzar.space bitqueshions.ddns.net gamework.ddns.net telemetriya.hopto.org torrent-videos.ddns.net usbqueshions.ddns.net wordqueshion.ddns.net workan.ddns.net workusb.ddns.net # Reference: https://twitter.com/JAMESWT_MHT/status/1131226380694413312 bitvers.ddns.net tor-file.ddns.net wincreator.ddns.net # Reference: https://twitter.com/Timele9527/status/1139816501869871104 templates.hopto.org # Reference: https://twitter.com/HONKONE_K/status/1143725710340587520 curt.hopto.org # Reference: https://twitter.com/VK_Intel/status/1143696009261932544 bit-rnbo.ddns.net rnbo-ua.ddns.net # Reference: https://twitter.com/VK_Intel/status/1147021849567617026 barathrum.space zombieland.info # Reference: https://thehackernews.com/2019/07/linux-gnome-spyware.html clsass.ddns.net kotl.space # Reference: https://twitter.com/Timele9527/status/1154570300635303937 # Reference: https://www.virustotal.com/gui/ip-address/5.252.193.204/relations # Reference: https://www.virustotal.com/gui/file/79fd962eb0c256f32786dab4d42cb416f6c1e6766bf0e2dcafdf5ffa2c5e61c1/detection # Reference: https://otx.alienvault.com/pulse/5d3ac45e3bc2987b3b0031dc # Reference: https://app.any.run/tasks/dee82850-9e19-4a53-b9b4-e5d88df913be/ advansed-template.site bits-tor.fun bits-tor.host bits-tor.site bits-tor.space bits-tor.website bitsadmin10.space bitsadmin2.space bitsadmin3.space bitsadmin4.space bitsadmin5.space bitsadmin6.space bitsadmin7.space bitsadmin8.space bitsadmin9.space bitsbitsa.space bitsbitsb.space bitsbitsc.space bitsbitsi.space bitsbitsk.space bitsbitsl.space certificate-verif.ddns.net cyberworld.host cyberworld.website dilana.space drovka.space fix-template.site furion.space gameland.space gameland.website gameworld.space gameworld.website haker.fun haker.host haker.space haker.website libda.site libdab.site libdac.site libdad.site libdade.site libdadi.site libdado.site libdaf.site libdag.site libdah.site libdak.site libdal.site libdam.site libdan.site libdas.site libre-360.site libre-exel.site libre-office.site libre-ppt.site libre-word.site libre1.space libre2.space libre3.space libre4.space libre5.space librerty.space libressimo.space macros1.space macros2.space macros3.space macros4.space macros5.space niam.space orlean.space overload.space overload.website overwatch.host rainak.space redict.ddns.net riki.space wayto.host wifa.site wifa.space wifa.website wifb.site wifb.space wifb.website wifc.host wifc.site wifc.space wifc.website wifo.host wifo.site wifo.space wifo.website wifu.site wifu.space wifu.website wifx.site wify.space wify.website wordmacros.space xakep.fun xakep.website zombieland.host zombieland.info # Reference: https://twitter.com/Timele9527/status/1157458188792262656 shell-create.ddns.net # Reference: https://twitter.com/Timele9527/status/1158554492746383361 # Reference: https://www.virustotal.com/gui/file/96f9f7a5c6a7452f385727708c69bf158e2d9461ad1bc683ba9082306b210e0e/detection libre-templates.ddns.net # Reference: https://twitter.com/spider_girl22/status/1171262839295635457 office-constructor.ddns.net # Reference: https://twitter.com/Rmy_Reserve/status/1174592994395054080 weeklite.ddns.net # Reference: https://twitter.com/spider_girl22/status/1192276592522776576 inbox-office.ddns.net # Reference: https://twitter.com/spider_girl22/status/1192638857478463488 micro-set.ddns.net office-crash.ddns.net # Reference: https://twitter.com/ccxsaber/status/1192630060513136640 get-icons.ddns.net # Reference: https://twitter.com/ccxsaber/status/1192630027847950338 micro-office.ddns.net # Reference: https://twitter.com/spider_girl22/status/1193731348239773698 office-lite.ddns.net # Reference: https://twitter.com/MalCrawler/status/1192796411752042496 # Reference: https://www.virustotal.com/gui/ip-address/2.59.41.5/relations bitread.ddns.net bitvers.ddns.net checkhurl.fun checkhurl.info checkhurl.site checkhurl.space checkhurl.website const-gov.ddns.net constructor-word.ddns.net creative-office.ddns.net document-listing.ddns.net document-write.ddns.net duktas-dde.ddns.net get-icons.ddns.net kornet-ua.ddns.net kristo-ua.ddns.net l3ccd25c.justinstalledpanel.com libre-boot.ddns.net libresoft.ddns.net list-sert.ddns.net lookups.ddns.net message-office.ddns.net micro-office.ddns.net military-ua.ddns.net my-certificates.ddns.net network-crash.ddns.net rnbo-ua.ddns.net shell-sertificates.ddns.net suipost.ddns.net sv-menedgment.ddns.net templates.hopto.org tempwook.ddns.net tesla-pos.ddns.net underlord.fun underlord.site underlord.space unhcr.ddns.net # Reference: https://twitter.com/angel11VR/status/1196488408652275712 # Reference: https://pastebin.com/Vhb4KF5L win-apu.ddns.net # Reference: https://twitter.com/Rmy_Reserve/status/1199105567379402752 paparije.ddns.net win-gu.ddns.net # Reference: https://twitter.com/Rmy_Reserve/status/1198992468244455430 brousework.ddns.net yotaset.ddns.net # Reference: https://twitter.com/DeadlyLynn/status/1196769711557447681 win-ss.ddns.net # Reference: https://twitter.com/DeadlyLynn/status/1199310720971628544 korneliuswork.ddns.net # Reference: https://twitter.com/TippedMyCows/status/1201966780727607298 kavkazwork.ddns.net reklama-network.ddns.net # Reference: https://twitter.com/DeadlyLynn/status/1210785247039635462 document-out.hopto.org libcrash.ddns.net # Reference: https://twitter.com/WaChinYu1/status/1215292666776313857 # Reference: https://twitter.com/JAMESWT_MHT/status/1215580348853170176 listenwork.ddns.net pasive.ddns.net # Reference: https://twitter.com/TippedMyCows/status/1215376917047775232 document-out.ddns.net # Reference: https://twitter.com/DeadlyLynn/status/1217805735070822400 dominikanos.hopto.org kreps.hopto.org # Reference: https://twitter.com/Rmy_Reserve/status/1217064837051645954 dochlist.hopto.org skrembler.hopto.org # Reference: https://twitter.com/TippedMyCows/status/1217514381866688517 susget.hopto.org # Reference: https://twitter.com/DeadlyLynn/status/1194869515173019648 office-out.ddns.net # Reference: https://twitter.com/dewan202/status/1194004664716541954 word-gread.ddns.net # Reference: https://twitter.com/KorbenD_Intel/status/1065018358075146240 # Reference: https://www.virustotal.com/gui/ip-address/185.231.155.209/relations dr01.ddns.net dr02.ddns.net dropper.crimea.com dropper01.crimea.com # Reference: https://twitter.com/DrunkBinary/status/1019904469155368960 realy.ddns.net # Reference: https://twitter.com/VK_Intel/status/1220238381319323648 masseffect.space # Reference: https://twitter.com/MarsFacebook/status/1219183410289102849 perdector.hopto.org # Reference: https://twitter.com/WaChinYu1/status/1221897054693228545 kastoget.hopto.org papir.hopto.org # Reference: https://www.virustotal.com/gui/ip-address/141.8.195.60/relations feodosh.hopto.org ironiya.ddns.net karab.hopto.org kastoget.hopto.org kentes.hopto.org kutan.ddns.net lobanus.hopto.org office-carambol.ddns.net provansales.ddns.net selena.myftp.biz stive.hopto.org zariks.ddns.net # Reference: https://www.virustotal.com/gui/ip-address/188.225.25.50/details # Reference: https://app.any.run/tasks/6bf01afd-9d07-47df-88be-ad4b388e31a1/ babir.bounceme.net bitupd.ddns.net honvoi.hopto.org kara.3utilities.com livas.3utilities.com sakira.3utilities.com scr-out.ddns.net sonik.hopto.org tele.3utilities.com tempget.ddns.net tesla-fun.ddns.net tesla-getro.ddns.net tesla-opt.ddns.net tesla-preat.ddns.net tesla-tehno.ddns.net tesla-ufis.ddns.net tesla-unit.ddns.net # Reference: https://www.virustotal.com/gui/ip-address/176.57.215.22/relations bitclass.ddns.net cretors.ddns.net getclass.ddns.net wizartopen.ddns.net # Reference: https://www.virustotal.com/gui/ip-address/188.225.24.161/details internetcreate.ddns.net # Reference: https://www.virustotal.com/gui/ip-address/141.8.192.153/relations carambol-oru.ddns.net down-vv.ddns.net librebooton.ddns.net office-menedgment.ddns.net sambiras.myftp.org tempcr.ddns.net temppost.ddns.net # Reference: https://www.virustotal.com/gui/ip-address/195.88.208.81/relations device-update.ddns.net flash01.ddns.net fsu01.ddns.net katalisto01.ddns.net my-update.ddns.net office-updates.ddns.net service-device.ddns.net # Reference: https://www.virustotal.com/gui/ip-address/142.93.110.250/relations # Reference: https://www.virustotal.com/gui/file/baacc7aaf686dc4b18febe921932f10f6ebbca0e0ebb06c777d5c4b0a5449058/detection # Reference: https://www.virustotal.com/gui/file/baa16cd5609e2412e985223912929644694a82231a6b9b76c994be5768f73def/detection # Reference: https://www.virustotal.com/gui/file/706fbc3610c4cde404cff9a5038ad290d0a3cdab87d63fe29fa9cee4496b889d/detection # Reference: https://www.virustotal.com/gui/file/8d0c90707ab27c47ddc7ccb91c1016f948c7405073fedea9b59517442920b29c/detection armaruru.ddns.net device-update.ddns.net droper-sp.ddns.net droper-spr.ddns.net droper.ddns.net dropius.ddns.net spr-d1.ddns.net spr-d2.ddns.net spr-d3.ddns.net spr-d4.ddns.net spr-d5.ddns.net spr-d6.ddns.net spr-u.ddns.net telo-spread.ddns.net # Reference: https://twitter.com/Zhx_8885/status/1228178125151850496 # Reference: https://www.virustotal.com/gui/ip-address/141.8.194.74/relations # Reference: https://app.any.run/tasks/b5d0290e-5355-4568-b702-1a0390495902/ # Reference: https://app.any.run/tasks/c0063d98-84d1-4ed9-94eb-9397302a1887/ # Reference: https://app.any.run/tasks/bc0e9a03-2742-4ad6-acb6-e43a290e5db7/ # Reference: https://app.any.run/tasks/a2e4d04d-17ff-499a-b78d-b655a221fe3c/ error-office.myftp.biz error-word.myftp.biz kasimovschmuck.hopto.org mikhailkasimov.myftp.biz mikhailkasimov.myftp.org schmuckkasim.3utilities.com writedoc.bounceme.net # Reference: https://twitter.com/Zhx_8885/status/1227471901028646912 solod.bounceme.net # Reference: https://www.virustotal.com/gui/ip-address/185.200.241.88/relations cron-redic.ddns.net crons.ddns.net # Reference: https://twitter.com/DeadlyLynn/status/1229702371732623360 # Reference: https://www.virustotal.com/gui/ip-address/176.57.215.115/relations # Reference: https://app.any.run/tasks/b5e39e8d-8a94-4c69-9140-8015114a35c3/ # Reference: https://app.any.run/tasks/ea5d835d-43a3-4996-9767-3d0069d8ca70/ # Reference: https://app.any.run/tasks/58ad6333-96c4-4616-bba6-c0acc7c1500c/ hedriks.bounceme.net kristoffer.hopto.org kristom.hopto.org livas.3utilities.com miragena.xyz sabdja.3utilities.com samson.3utilities.com violina.space violina.website voyaget.myftp.biz 100hit.ru 288706-ce34203.tmweb.ru decos.hopto.org fangimen.xyz fingra.xyz firran.xyz frondo.xyz liard.bounceme.net niso.gotdns.ch olida.xyz orlani.xyz safer.3utilities.com shokoda.xyz sonik.hopto.org tesla-iu.ddns.net tesla-ny.ddns.net tesla-res.ddns.net tesla-rt.ddns.net tesla-tui.ddns.net tesla-uos.ddns.net totilla.xyz uidertu.myddns.me upokan.xyz vois.gotdns.ch # Reference: https://twitter.com/WaChinYu1/status/1230865020764000262 bbtt.space himym.space himym.xyz underlord.fun underlord.site underlord.space # Reference: https://twitter.com/w3ndige/status/1234574732730753025 # Reference: https://app.any.run/tasks/4622fd63-97dc-433a-b859-9be099f37e20/ # Reference: https://app.any.run/tasks/6401f328-c80f-48f7-95a9-b3b981111e94/ # Reference: https://app.any.run/tasks/a013b184-4d5b-40d6-8cfb-0661ade38657/ # Reference: https://app.any.run/tasks/dade1db1-f1fe-42e9-a48b-b1d28b9584e9/ # Reference: https://app.any.run/tasks/9e666611-5151-4889-858e-4f5797d64e2a/ # Reference: https://gist.github.com/W3ndige/d2eb1969497f65a8f7e572d0299afdb9 bbtt.site himym.site # Reference: https://twitter.com/TippedMyCows/status/1235605583404859392 # Reference: https://www.virustotal.com/gui/ip-address/176.119.147.225/relations # Reference: https://app.any.run/tasks/e41fc213-f939-4de4-936e-a7971f9a2e19/ # Reference: https://app.any.run/tasks/5022d054-250f-41fa-93ad-b0cc1c4aba6a/ # Reference: https://app.any.run/tasks/8050341f-0602-4aae-9a7a-e114152ced89/ # Reference: https://app.any.run/tasks/afc1eea3-75e0-4aec-9b50-d1a6a0eecd41/ # Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/gamaredon-apt-group-use-covid-19-lure-in-campaigns/ bambinos.bounceme.net bbtt.website birbas.hopto.org forestac.site forestac.website forestac.xyz harpa.site harpa.space harpa.website melos.myftp.biz midos.hopto.org saja.myftp.biz seliconos.3utilities.com varas.myftp.biz voyager.myftp.biz # Reference: https://twitter.com/DeadlyLynn/status/1242727456563269632 # Reference: https://www.virustotal.com/gui/ip-address/141.8.198.69/relations # Reference: https://app.any.run/tasks/85d62624-8153-482d-a8e7-26e746510eb3/ # Reference: https://app.any.run/tasks/761c45e0-83e1-4068-b7e3-ae40c06547e9/ # Reference: https://app.any.run/tasks/008c9df0-96b2-4616-9b75-d6a95ee74457/ asdfaws.myddns.me bizavto.myftp.org federeal.3utilities.com jikoltew.myftp.biz kolidus.gotdns.ch kolyuwer.bounceme.net liboot.myftp.biz lopaverus.3utilities.com milosetuder.myftp.biz outfish.bounceme.net redukos.bounceme.net salioert.3utilities.com samsorud.myftp.biz satkower.3utilities.com wertlook.hopto.org # Reference: https://twitter.com/Zhx_8885/status/1242857013048012804 koliorew.hopto.org # Reference: https://twitter.com/Zhx_8885/status/1242859749965627392 teriosad.myftp.org # Reference: https://twitter.com/WaChinYu1/status/1249752181051478017 # Reference: https://app.any.run/tasks/62e67bce-1c3f-4262-a3b4-93fc7aab8190/ getyuawer.myftp.biz pankratios.myftp.org # Reference: https://twitter.com/Zhx_8885/status/1250110743778717696 hirodomus.hopto.org # Reference: https://www.virustotal.com/gui/ip-address/109.68.213.102/relations saveriutew.3utilities.com # Reference: https://www.virustotal.com/gui/ip-address/188.225.79.97/relations heristomuk.hopto.org perastyuer.myftp.biz poizader.hopto.org # Reference: https://www.virustotal.com/gui/ip-address/188.225.46.94/relations redisman.ddns.net reklamgroup.ddns.net # Reference: https://www.virustotal.com/gui/file/59bef9935d5dae8c0c1f05dd4faf15b642b93baaff3555b02387f49c2153d256/detection bits-mars.info # Reference: https://www.virustotal.com/gui/file/fffe5cb20a950f29e462bc04d1662343dc8019c44748a26d39cf604c594b8313/detection restors.ddns.net # Reference: https://www.virustotal.com/gui/ip-address/5.23.55.101/relations myimage.host # Reference: https://twitter.com/ShadowChasing1/status/1250592142034001921 # Reference: https://www.virustotal.com/gui/ip-address/185.248.100.121/relations # Reference: https://www.virustotal.com/gui/ip-address/195.88.208.196/relations splin-body.site splin-body1.site splin-upd.site splin-upd1.site # Reference: https://twitter.com/ShadowChasing1/status/1250592542090878976 # Reference: https://www.virustotal.com/gui/file/1be87dd137ff211e0e2334e053f78c8f9ba00c0c59ea044488a74b9b77270f4a/detection musik-lis.ddns.net # Reference: https://www.virustotal.com/gui/ip-address/91.210.170.72/relations actor-tv.ddns.net addova.xyz alastari.xyz amarillio.space area-tv.hopto.org baby-tv.ddns.net borzoy-tv.ddns.net druweal.xyz fartiny.xyz ferranot.xyz filkos-tv.ddns.net fulo-tv.ddns.net geters-tv.ddns.net gorgopa.xyz hilos-tv.ddns.net hres-tv.ddns.net hudos-tv.ddns.net huncea.xyz itango.space joka-tv.ddns.net jontap.xyz kiodas.xyz kistas-tv.ddns.net koleran.xyz liqutan.xyz lustra-tv.ddns.net marmari.space mersi-tv.ddns.net musik-dreg.ddns.net musik-erta.ddns.net musik-file.ddns.net musik-klo.ddns.net musik-kreps.ddns.net musik-lio.ddns.net musik-lis.ddns.net musik-lk.ddns.net musik-pit.ddns.net musik-qas.ddns.net musik-sa.ddns.net onyxi.xyz orteasd-tv.ddns.net papai-tv.ddns.net pardi-tv.ddns.net podr-tv.ddns.net pragma-tv.ddns.net predf-tv.ddns.net samak-tv.ddns.net siold-tv.ddns.net srarda.space syio-tv.ddns.net teris-tv.ddns.net trelial.xyz troubl.xyz vantalio.space veronis.space vinara.xyz virtuz.xyz wiilasto.website # Reference: https://www.virustotal.com/gui/ip-address/58.158.177.102/relations hanwha.hopto.org # Reference: https://app.any.run/tasks/dbfc2cb0-8527-45fb-9af0-ae70e87b03cf/ # Reference: https://app.any.run/tasks/6919cbfb-f193-4125-a282-f3cf7f835e66/ # Reference: https://app.any.run/tasks/dbfc2cb0-8527-45fb-9af0-ae70e87b03cf/ karpa.bounceme.net # Reference: https://www.anomali.com/files/white-papers/Anomali_Threat_Research-Gamaredon_TTPs_Target_Ukraine-WP.pdf office-constructor.ddns.net librebooton.ddns.net inbox-office.ddns.net libre-templates.ddns.net word-gread.ddns.net win-apu.ddns.net office-lite.ddns.net office-crash.ddns.net office-out.ddns.net micro-set.ddns.net win-ss.ddns.net get-icons.ddns.net network-crash.ddns.net constructor-word.ddns.net tempget.ddns.net bitclass.ddns.net bitlocker.ddns.net const-gov.ddns.net kornet-ua.ddns.net certificate-verif.ddns.net document-listing.ddns.net shell-create.ddns.net internet-create.ddns.net libresoft.ddns.net creative-office.ddns.net kristo-ua.ddns.net lookups.ddns.net rnbo-ua.ddns.net sv-menedgment.ddns.net document-write.ddns.net my-certificates.ddns.net bitwork.ddns.net military-ua.ddns.net bitupd.ddns.net internetcreate.ddns.net shell-sertificates.ddns.net wizartopen.ddns.net bitvers.ddns.net kavkazwork.ddns.net brousework.ddns.net paparije.ddns.net korneliuswork.ddns.net scr-out.ddns.net tesla-fun.ddns.net list-sert.ddns.net tempwook.ddns.net micro-office.ddns.net bit-rnbo.ddns.net bitread.ddns.net libre-boot.ddns.net win-gu.ddns.net office-menedgment.ddns.net d-o.ddns.net carambol-oru.ddns.net # Reference: https://twitter.com/ShadowChasing1/status/1264480951880441856 # Reference: https://www.virustotal.com/gui/file/6c7aa083ff8f4a33ecb485069b1fbd4f1a5fae780de18f52cbf4eb518a278c48/detection biotic.space biotic.website # Reference: https://www.virustotal.com/gui/file/5bc819f9a202951e68f31649dbd9bda1bb68c5b7065939f24a1e7c0deb7df0e2/detection barathrum.space zombieland.info # Reference: https://www.virustotal.com/gui/file/8d6829dd413eeb94c835f3c4474f48f8406b4f144e308f10ea50837710d200e7/detection barildan.space zombieland.space # Reference: https://www.virustotal.com/gui/file/e6f39725f54becb50f48c2ea56dcd5e8cb3126947c70929664766647043d0159/detection mapper.space furion.space # Reference: https://www.virustotal.com/gui/ip-address/188.225.33.164/relations # Reference: https://www.virustotal.com/gui/ip-address/188.225.34.160/relations # Reference: https://www.virustotal.com/gui/ip-address/92.53.124.153/relations barathrum.space barildan.space biotic.space biotic.website doctorrr.space furion.space kania-tau.space kinozavr.fun kinozavr.site kinozavr.space kinozavr.website liara.site liara.website m-upd.ddns.net mapper.space nellas.space rashta.space rulomins.world torrent-stel.space torrent-supd.space u-opt.ddns.net zombieland.fun zombieland.host zombieland.info zombieland.space zombieland.website # Reference: https://twitter.com/Circuitous__/status/1266339237839998976 # Reference: https://www.virustotal.com/gui/ip-address/141.8.198.56/relations fidel.freedynamicdns.org ip-server.freedynamicdns.net kasim.freedynamicdns.org kasting.freedynamicdns.org lisbek.freedynamicdns.org lodukat.freedynamicdns.org lodus.freedynamicdns.org mishail.freedynamicdns.org ncio.freedynamicdns.net polits.freedynamicdns.org # Reference: https://twitter.com/h2jazi/status/1270718708013387777 # Reference: https://www.virustotal.com/gui/file/b81056a989fefe54ef5b57f6cf60301d81436096f180df89112fa5fc48e0aab2/detection posateriu.myftp.org # Reference: https://github.com/eset/malware-ioc/tree/master/gamaredon # Reference: https://twitter.com/_re_fox/status/1352664215291654145 # Reference: https://www.virustotal.com/gui/file/f5e8b5bd2aadc07680e8923483a9985353b7c1c0508dc880106650a1f0db08bb/detection # Reference: https://www.virustotal.com/gui/file/2e2302808e9f778833c3e9c79b6a0f65bdf7093ddc9e8bd26f1c98bfc14d9654/detection abdurs.space abies.space actor-tv.ddns.net acutifolia.space addova.xyz advansed-template.site aganta.space alastari.xyz alenko.site alenko.website amarillio.space anadima.website apino.space araino.space arionda.space armita.space aromaticus.space atropoides.space aukci.space babitors.myftp.biz baby-tv.ddns.net baill.space barrigal.space batmeast.space bbtt.site bbtt.space bbtt.website beasty.space beepapa.space beercraft.fun beercraft.space beercraft.website benzoin.space bergius.space beriuatcj.hopto.org bernado.website birion.website bits-mars.fun bits-mars.info bits-mars.site bits-mars.space bits-mars.website bits-tor.fun bits-tor.site bits-tor.space bits-tor.website bitsadmin1.space bitsadmin10.space bitsadmin2.space bitsadmin3.space bitsadmin4.space bitsadmin5.space bitsadmin6.space bitsadmin7.space bitsadmin8.space bitsadmin9.space bitsbitsa.space bitsbitsb.space bitsbitsc.space bitsbitsd.space bitsbitsf.space bitsbitsg.space bitsbitsh.space bitsbitsi.space bitsbitsk.space bitsbitsl.space bizavto.myftp.org blackardi.space borigl.space bowira.website burago.space callitris.space caprjhjkqwer.hopto.org cartu.myftp.org caryophyllus.space casopruy.myftp.org cathartica.space centifolia.space cephaelis.space cerasus.space ceredukos.hopto.org cereffiopas.hopto.org certerasdfuj.hopto.org ceyudfg.hopto.org chachand.space chairada.space chamomilla.ru changato.space charika.website cioasdg.hopto.org cleaners.fun codfgsdf.hopto.org codfjert.myftp.org comedas.space copiran.space coprtyuqw.hopto.org cornelius.website corovana.space cosdfghdf.hopto.org cowtor.space cozsdv.hopto.org cozxcgbx.myftp.org cpasah.hopto.org cpozsxcgbxf.myftp.org crons.ddns.net ctert.myftp.org cubeba.space cudawer.hopto.org cudrg.myftp.org cufjdfge.myftp.org cuiasef.myftp.org cupana.space cyberworld.host cyberworld.website davaris.space delile.space deloperaw.bounceme.net demiurg.fun demiurg.site demiurg.space demiurg.website denovar.space derpenta.space deviar.space dilana.space dolori.website dorogavi.space dortama.space drovka.space dryand.space elecan.space entona.website eregorn.space error-word.myftp.biz erythrina.space europaea.ru excelsa.space fangimen.xyz farfara.space fartiny.xyz federeal.3utilities.com feodal.bounceme.net feridonutop.myftp.org ferranot.xyz fidel.freedynamicdns.org fillin.space firecor.space firestarters.site firran.xyz fix-template.site fizanta.space flackch.space foenum.space forestac.site forestac.website forestac.xyz fragrans.ru frangula.space frondo.xyz frostani.website fuagrado.space fulo-tv.ddns.net fuubara.space gameland.host gameland.space gameland.website gameworld.space gameworld.website gereston.gotdns.ch gerotron.gotdns.ch gerotumans.myftp.org gerusta.space get-icons.ddns.net geterotuks.hopto.org geters-tv.ddns.net getro.bounceme.net getyuawer.myftp.biz gochir.space godrick.space gogora.space gorgopa.xyz goronta.website gostio.website grandiora.website graveolens.space groover.fun groover.website guitin.space gulif.space haker.fun haker.host haker.space haker.website hariva.space harpa.site harpa.space harpa.website hasuduwert.hopto.org heartal.space heavar.space hedriks.bounceme.net hestomig.hopto.org himym.site hirodomus.hopto.org hispidus.space hottob.space houtt.ru hres-tv.ddns.net httpsnc.hopto.org humulusa.ru huncea.xyz huugara.space huvasi.website hyditta.space immortals.site immortals.space immortals.website imperatoria.space indicum.space inogri.space ip-server.freedynamicdns.net isoga.space itango.space jdaeus.space jeera.space jgnatii.space jikardo.myftp.org jogara.space jontap.xyz karapuls.3utilities.com karikatos.hopto.org katalisto01.ddns.net kelogir.myftp.biz kilazurus.hopto.org kilewqrt.hopto.org kilosadwert.hopto.org kiloster.bounceme.net kilotrace.myftp.org kiodas.xyz kirasto.website kistas-tv.ddns.net kokoni.space koleran.xyz kolidus.gotdns.ch kolinstro.space korogav.space krikorro.space kristol.space kristom.hopto.org kristomen.myftp.org krossin.website krugotto.space ksevada.space landraba.website laricio.space lebrederm.space lebreman.space leeri.space leronti.space leucadendron.ru libcrash.ddns.net libda.site libdab.site libdac.site libdad.site libdade.site libdadi.site libdado.site libdaf.site libdag.site libdah.site libdak.site libdal.site libdam.site libdan.site libdas.site liboot.myftp.biz libre1.space libre2.space libre3.space libre4.space librerty.space libres.space libressimo.space liferat.space lifista.space lindras.space lionello.website liqutan.xyz lodafert.hopto.org lodus.freedynamicdns.org loomand.space lopasir.bounceme.net lopaverus.3utilities.com louthi.space lycopodium.ru macros1.space macros2.space macros3.space macros4.space malaky.site malaky.website malaky.xyz malio-tv.hopto.org mallotus.ru maltikor.website mandicap.space mapper.space mardallo.space margatti.space margon.website marmari.space marrubium.ru masseffect.fun masseffect.site masseffect.space masseffect.website matricaria.ru mazdok.myftp.org mediacentr.space melos.myftp.biz melroses.space menyanthes.ru mersi-tv.ddns.net mestara.space miragena.xyz mirani.website mirkwood.space mishel.freedynamicdns.org mokushi.space mototo.fun mototo.site mototo.space mototo.website musata.space musik-dreg.ddns.net musik-file.ddns.net musik-jiolter.ddns.net musik-klo.ddns.net musik-kreps.ddns.net musik-lio.ddns.net musik-lis.ddns.net musik-lk.ddns.net musik-oretus.ddns.net musik-pit.ddns.net musik-qas.ddns.net musik-sa.ddns.net myristica.ru naligo.space naomat.space naveria.website ncio.freedynamicdns.net ncov-2020.hopto.org ncov-2020.site nebola.space nebora.space nenadi.space new-template.site niam.space nikao.website nikolosad.myftp.org normal-template.site normandia.fun normandia.website nubiran.space obendo.space oenanthe.ru office-constructor.ddns.net officinale.space ogmar.fun ogmar.site ogmar.space ogmar.website ogremage.site ogremage.space ogremage.website old-template.site olida.xyz onyxi.xyz opatusir.hopto.org operitors.myftp.org opitrqwer.3utilities.com oput.freedynamicdns.org orangae.space orlani.xyz orlean.space orlenndi.space orteasd-tv.ddns.net oteruiowert.ddns.net overload.space overload.website overwatch.host pankratios.myftp.org pannora.website paparitto.space papatti.space paperonni.space papir.hopto.org pardi-tv.ddns.net pasucoorew.hopto.org pasudukus.hopto.org patran.space patrici.space paullinia.space pennatifolius.space pennyal.space perafidors.hopto.org periaorew.hopto.org perlandi.space pestani.space petroselinum.space phellandrium.ru physostigma.space piantra.website picea.space pilocarpus.space pinus.space piscidia.space pistacia.space plotor.space poasdrwety.hopto.org podagenus.hopto.org podr-tv.ddns.net pointerra.space polandi.website poletton.space polindar.space polygala.space poporaca.website porilis.space poronoc.website potatin.space poyrag.space predf-tv.ddns.net pridafi.website primaver.space proponda.space pterocarpus.space punica.space purshiana.space quadrivalvis.space quarta.space quassia.space quercus.space quillaja.space rabio.website radonta.space raggina.space rainak.space rantai.space redukos.bounceme.net reiloster.hopto.org remeno.space rheum.space rhus.space ricinus.space riki.space risko.hopto.org roseum.space rosmarinus.space rossalt.space roundi.space rubus.space rud.ddns.net russic.website saazer.space sabdja.3utilities.com sabinar.website saccharum.space saijar.gotdns.ch salivar.space samail.space samak-tv.ddns.net samalo.space samarutus.hopto.org sambiras.myftp.org santalum.space saponaria.space saprit.fun saprit.site saprit.space saprit.website sarakinod.myftp.biz sarutnoum.hopto.org sativum.space satkower.3utilities.com saveriutew.3utilities.com savert-tv.hopto.org saxifraga.space scopolia.space sehadus.3utilities.com seletos.3utilities.com sendobin.space senega.space serpyllum.space serumondus.hopto.org sesamum.space sevena.space sheppard.fun sheppard.website shiodai.space shokoda.xyz shoppersi.space sidochan.space silenser.fun silenser.site silenser.space silenser.website silenser.xyz sinapis.space skymage.fun skymage.space skymage.website slonar.website solonra.space sonik.hopto.org sorg.space spirantra.space srarda.space stairu.space stan-stana.fun stan-stana.site stan-stana.space stan-stana.website statsinfo.space steinh.space stenama.space stereo-bit.fun stereo-bit.site stereo-bit.space stereo-bit.website stolina.website stonewa.space strychnos.space styrax.space succedanea.space sylvestris.ru symphytum.space tamarindus.space tarapi.space tclvds.site tekora.space terihorew.hopto.org teris-tv.ddns.net termit.site termit.space termit.website termits.fun terokitos.hopto.org tesla-getro.ddns.net tesla-opt.ddns.net tesla-preat.ddns.net tesla-res.ddns.net tesla-rt.ddns.net tesla-tehno.ddns.net tesla-ufis.ddns.net thymus.space tiamor.space tilia.space tinctorum.space toqq.website torrent-vnc.ddns.net toxifera.space traksa.space trelial.xyz trigonella.space triticum.space troubl.xyz tussilago.space tyctyc.ddns.net ulmifolia.space uncaria.space underlord.site underlord.space upokan.xyz urceola.space urginea.space usbqueshions.ddns.net usitatissimum.ru utilissima.ru vabalt.space valeriana.space vantalio.space venomart.space veratrum.space verbascum.space veronis.space vertigos.space vestak.space veterra.space vibraska.website victios.space vidika.website vinara.xyz vinifera.space violina.website virtuz.xyz viruanta.website viscum.space vitis.space volotin.space vomica.space voyaget.myftp.biz vratio.space vulgare.space watcher.host wavera.space wayto.host wayto.website weaman.space wertlook.hopto.org weweca.website wifa.site wifa.space wifa.website wifb.site wifb.space wifb.website wifc.host wifc.site wifc.space wifc.website wifo.host wifo.site wifo.space wifo.website wifu.site wifu.space wifu.website wifx.site wify.space wify.website wiilasto.website wildbar.space win-apu.ddns.net wordmacros.space wostrigo.website writedoc.bounceme.net xakep.fun xakep.site xakep.website yiorewasdf.myftp.org zanusson.website zanzar.space zaoeryuijas.hopto.org zareton.space zikoarew.myftp.biz zingiber.space # Reference: https://intezer.com/blog/linux/evilgnome-rare-malware-spying-on-linux-desktop-users/ # Reference: https://www.virustotal.com/gui/ip-address/185.158.115.44/relations # Reference: https://www.virustotal.com/gui/ip-address/185.158.115.154/relations b-class.ddns.net connets.ddns.net en-p.ddns.net # Reference: https://www.virustotal.com/gui/ip-address/188.225.57.152/relations # Reference: https://www.virustotal.com/gui/domain/inform.3utilities.com/detection # Reference: https://www.virustotal.com/gui/file/fe934cbb46e88f252ad327ac4735839afbf3b493378fecb7e1dcee961ff12d7c/detection # Reference: https://twitter.com/_re_fox/status/1273632793789181954 inform.3utilities.com inform.bounceme.net inform.gotdns.ch # Reference: https://twitter.com/_re_fox/status/1273355801013424128 # Reference: https://twitter.com/_re_fox/status/1286018850262339585 # Reference: https://www.virustotal.com/gui/ip-address/141.8.192.31/relations factos.freedynamicdns.org geros.freedynamicdns.org macros.freedynamicdns.org malofid.freedynamicdns.org opertos.freedynamicdns.org polk.freedynamicdns.org sekuso.freedynamicdns.org serakuz.freedynamicdns.org # Reference: https://twitter.com/h2jazi/status/1275476473680408578 # Reference: https://twitter.com/_re_fox/status/1276210660616142849 # Reference: https://twitter.com/_re_fox/status/1276699634623287296 # Reference: https://twitter.com/500mk500/status/1278259412386426880 # Reference: https://www.virustotal.com/gui/ip-address/141.8.196.56/relations basik.freedynamicdns.org debian.freedynamicdns.org document.freedynamicdns.org first.freedynamicdns.org history.freedynamicdns.org jiga.freedynamicdns.org kasimka.freedynamicdns.org krembo.freedynamicdns.org ktr.freedynamicdns.org ment.freedynamicdns.org operkot.freedynamicdns.org refox.freedynamicdns.org smt.freedynamicdns.org validat.freedynamicdns.org vilaged.freedynamicdns.org sarothamnus.xyz # Reference: https://www.virustotal.com/gui/ip-address/141.8.195.33/relations dopnet.freedynamicdns.org farket.freedynamicdns.org hotcat.freedynamicdns.org # Reference: https://www.virustotal.com/gui/ip-address/188.225.78.105/relations # Reference: https://www.virustotal.com/gui/file/422a90af5fc888f129e93ab69a0168e7714143c6bd20677b51136bb31625e5bf/detection # Reference: https://www.virustotal.com/gui/file/7d67ff753b9e56b0486dcbd56b50294be3b6405df5a301e80125e067d99fe77a/detection # Reference: https://www.virustotal.com/gui/file/2151073bc1d3adba7fc283291cb38984017ac7fa07d52e83bccc91d64298753a/detection 188.225.78.105:443 # Reference: https://mp.weixin.qq.com/s/MMH1eHXTtal7b9uFXrMF5Q (Chinese) # Reference: https://www.virustotal.com/gui/ip-address/89.223.125.229/relations 185.45.193.31:443 92.53.119.52:443 baillon.ru dekada.space dukawertus.hopto.org erecubas.hopto.org hewasukis.hopto.org inflata.ru jateorrhiza.ru krepsonid.hopto.org lacosa.space melilotus.ru musik-lopasur.ddns.net musik-qasdfer.ddns.net musik-sqr.ddns.net newryidzjk.hopto.org ortukatus.hopto.org stomarra.space woodstone.space # Reference: https://twitter.com/jorgemieres/status/1295748602996895746 # Reference: https://www.virustotal.com/gui/file/6cc711215898b2aebcde6c105297e280307a78db6bea8473d6cc8f1d08c3bc45/detection dep-esdh.kum.dk # Reference: https://twitter.com/TippedMyCows/status/1296494110581415936 # Reference: https://twitter.com/ShadowChasing1/status/1297735718421188608 # Reference: https://www.virustotal.com/gui/file/f021b79168daef8a6359b0b14c0002316e9a98dc79f0bf27e59c48032ef21c3d/detection # Reference: https://www.virustotal.com/gui/ip-address/193.164.150.34/relations # Reference: https://www.virustotal.com/gui/ip-address/78.40.217.167/relations # Reference: https://www.virustotal.com/gui/ip-address/92.53.105.64/relations # Reference: https://www.virustotal.com/gui/file/905b4bb0ac0289ac750811b2ec1c6e80e32388c99238cf1636dcfa0deb7d11cb/detection abdurs.space abies.space abrusa.xyz abyssinica.website acaciana.xyz acenov.space achilleas.xyz aconitum.xyz acorusis.xyz aculeatus.xyz acutifolia.space adblocked.space addova.xyz adonisi.xyz adonisis.xyz adscendens.xyz aethusas.xyz aganta.space alastari.xyz alburnus.ru alenko.site alenko.website alpiniar.xyz althaean.xyz amarillio.space amarus.xyz ammoniacum.xyz anacardium.xyz anadima.website anamirtat.xyz anguisa.xyz anisatum.ru anisum.space annuumar.xyz anthriscus.xyz apino.space apusi.xyz araino.space arborea.xyz arctostaphylos.xyz arenariat.xyz arionda.space armita.space aromaticus.space arvalis.xyz arvensis.xyz aspidium.xyz astragalus.xyz atropan.xyz atropoides.space auratus.xyz autumnale.xyz avratus.xyz awdrgyjilqse.online babylont.online baill.space baillon.ru balsamum.ru barbadense.space barbatulus.xyz barosma.xyz barrigal.space bartli.xyz batmeast.space bbtt.site bbtt.space bbtt.website beasty.space beercraft.fun beercraft.space beercraft.website benedictus.xyz benzoin.space bergius.space bernado.website berus.xyz bettar.xyz betulat.xyz betulina.xyz biotic.space biotic.website birion.website bitsadmin1.space bitsadmin10.space bitsadmin2.space bitsadmin3.space bitsadmin4.space bitsadmin5.space bitsadmin6.space bitsadmin7.space bitsadmin8.space bitsadmin9.space bitsbitsa.space bitsbitsb.space bitsbitsc.space bitsbitsd.space bitsbitsf.space bitsbitsg.space bitsbitsh.space bitsbitsi.space bitsbitsk.space bitsbitsl.space blackardi.space blockpost.site blockpost.website boiss.xyz boissy.xyz bombinator.xyz borigl.space boswellian.xyz bottava.space bowira.website brasiliensis.ru brasiliensis.xyz brasiliensisi.xyz brassicat.xyz browser-update.website bufol.xyz buhse.xyz burago.space caimana.xyz calamusi.xyz calamuss.xyz calendulas.xyz callichthys.xyz callitris.space calumba.ru camellian.xyz camphorat.xyz canadensis.website canarium.xyz capillaceum.website capillaceum.xyz capsicuma.xyz carassiusis.xyz carassiuss.xyz cardamomum.xyz carefulparents.ru carexy.xyz caricat.xyz carinatus.ru carteris.xyz caruman.xyz caryophyllus.space caspius.xyz castilloa.xyz catechu.xyz catechur.xyz cathartica.space centifolia.space cephaelis.space cephalotes.xyz ceragenixdiffusion.xyz cerasus.space cerebro.website chachand.space chaetodon.xyz chairada.space changato.space charika.website check-browser.site chillyt.space cichlasoma.online claviceps.xyz cleaners.fun cloustoni.ru clupeonella.online cnicus.xyz cochlearia.xyz colchicum.xyz cololabis.ru comedas.space communev.xyz conium.xyz convallaria.xyz convolvulus.xyz conyza.ru copaifera.xyz copiran.space coriandrum.xyz cornelius.website cotular.xyz covarra.space cowtor.space cristatus.xyz crocodilus.xyz crossobamon.xyz crotalus.xyz croton.xyz cubeba.space cuminum.xyz curcuma.xyz cydoniar.xyz cyminum.xyz cynapiuma.xyz darvini.xyz davaris.space decidua.ru dekada.space delile.space demiurg.fun demiurg.site demiurg.space demiurg.website denovar.space derpenta.space deviar.space dipterocarpus.xyz discouti.online discouti.ru dolori.website domarta.space dorema.xyz dortama.space dracod.xyz druweal.xyz dryand.space dwn-files.site elastican.xyz elasticum.xyz elecan.space elettaria.xyz eluteria.xyz entona.website eregorn.space erythrina.space erythroxylon.xyz eryxis.online eunectes.xyz euphorbia.xyz europaea.ru eversmanni.xyz excelsa.space extrado.online facetum.online fagus.xyz fangimen.xyz farfara.space fartiny.xyz ferranot.xyz ferrox.xyz ferula.space ferula.xyz fillin.space fingra.xyz fionar.xyz firestarters.site firran.xyz fixnight.xyz fizanta.space fluviatilis.xyz foeniculum.xyz foenum.space fomentarius.space fomentarius.xyz forestac.site forestac.website forestac.xyz fossilis.xyz fragilis.xyz frangula.space fraxinus.space frondo.xyz frostani.website fuagrado.space fuubara.space galbaniflua.website galbaniflua.xyz gameland.website gangeticus.xyz garcinia.space gastrotheca.xyz gaultheria.website gaultheria.xyz gavialis.xyz gelsemium.xyz gentiana.space gentiana.xyz geophagusi.xyz gerusta.space gibelio.xyz gigarina.website glabra.space glanisa.xyz glaziovii.ru globulus.xyz glycyrrhiza.xyz gochir.space godrick.space gogora.space gonolobus.ru gorgopa.xyz goronta.website gossypium.website gostio.website graeca.online graeca.ru grandiora.website graveolens.space griseus.xyz groover.fun groover.website guajacum.space guineensis.xyz gulif.space gymnodactylus.xyz hagenia.xyz haker.website hamamelis.website hancr.xyz haplochromis.online hariva.space harpa.site harpa.space harpa.website heartal.space heavar.space herpetodryas.online herpetodryas.ru hevea.space heveat.ru hiemalis.xyz himym.xyz hispidus.space hoffmi.xyz hookas.xyz horridus.xyz humulusa.ru huncea.xyz huugara.space huvasi.website hyditta.space hydrastis.ru hydrastis.xyz hylar.xyz hyoscyamus.ru hypogaeat.xyz igneus.xyz iguanas.xyz ilexan.ru immortals.site immortals.space immortals.website imperatoria.space impres.space indicum.space indigofera.ru inflata.ru inogri.space ipomoea.ru isoga.space itango.space jacare.xyz jaculus.ru jdaeus.space jeera.space jgnatii.space jogara.space jontap.xyz juncear.xyz kinozavr.fun kinozavr.site kinozavr.space kinozavr.website kiodas.xyz kirasto.website kokoni.space koleran.xyz kolinstro.space korogav.space krameria.ru krikorro.space kristol.space krossin.website krugotto.space ksevada.space lacosa.space lactuca.ru landolphia.ru landraba.website laricio.space latesa.ru lebetina.xyz leeri.space leeri.xyz leronti.space leucadendron.ru levisticum.ru liara.site liara.website libre1.space libre2.space libre3.space libre4.space libre5.space liferat.space lifista.space lindras.space lionello.website liquidambar.ru liqutan.xyz longar.xyz loomand.space lotari.xyz louthi.space lupulus.ru lusciniar.online lutea.space lutea.website lutea.xyz macropodus.xyz macros1.space macros2.space macros3.space macros4.space macrotomias.xyz maculatum.xyz mail-iua.site malaky.site malaky.website malaky.xyz malandi.space mallotus.ru maltikor.website mamillosa.space mamillosa.xyz mandicap.space manihot.ru mapper.space mardallo.space margatti.space margon.website marinus.xyz marmari.space marrubium.ru marsupiata.xyz marsupium.space masseffect.fun masseffect.site masseffect.space masseffect.website matricaria.ru mediacentr.space melilotus.ru melroses.space menyanthes.ru mesogonistius.xyz mestara.space mezereum.xyz millefolium.xyz mirani.website misgurnus.xyz mokushi.space montanar.xyz morella.website morella.xyz mototo.fun mototo.site mototo.space mototo.website mugil.ru murinus.xyz musata.space myoporoides.xyz myristica.ru myrrhan.xyz mystaceus.xyz najar.xyz naligo.space naomat.space napellus.xyz napus.xyz natrixy.online naveria.website ncov-2019.site ncov-2020.site nebola.space nebora.space nemachilus.xyz nenadi.space nervin.space newermin.space niam.space nikao.website niloticu.xyz nlmk.space normandia.fun normandia.website nowerti.space nubiran.space nucifera.xyz obendo.space obstetricans.xyz occidentale.xyz oenanthe.ru officinale.space officinalis.xyz ogmar.fun ogmar.site ogmar.space ogmar.website ogremage.site ogremage.space ogremage.website oleifera.xyz olida.xyz ononis.ru onyxi.xyz orangae.space orbicularis.online orbicularis.ru orlani.xyz orlean.space orlenndi.space ornus.xyz ostruthium.space overload.space oxycedrus.ru palaquium.ru pallida.ru pannora.website paparitto.space papatti.space papaver.space papayana.xyz paperonni.space paraguariensi.ru parthenium.space patran.space patrici.space paullinia.space payena.space pedicellata.xyz pennatifolius.space pennyal.space perca.xyz pereirae.ru perlandi.space persit.space pestani.space petroselinum.space phellandrium.ru philippensis.ru phyllomedusa.xyz physostigma.space piantra.website picea.space pilocarpus.space pinus.space pipasa.xyz piscidia.space pistacia.space plantora.online plotor.space polandi.website poletton.space polindar.space polygala.space polyporus.website polyporus.xyz poporaca.website porilis.space poronoc.website potatin.space poyrag.space precatoriusis.xyz pridafi.website procumbens.xyz progib.space proponda.space prunus.space pterocarpus.space punica.space purpurea.xyz purshiana.space pyrethrum.xyz quadrivalvis.space quarta.space quassia.space quercus.space quillaja.space rabio.website radonta.space raggina.space rainak.space ranar.xyz rantai.space repens.xyz resinifera.xyz restorg.space retusus.xyz rhamnus.space rheum.space rhinoderma.xyz rhodeus.xyz rhus.space ricinus.space roseum.space rosmarinus.space roundi.space rubus.space russic.website rutilus.xyz saazer.space sabinar.website saccharum.space salivar.space samail.space samalo.space santalum.space saponaria.space saprit.fun saprit.site saprit.space saprit.website sarothamnus.xyz sativara.xyz sativum.space sativum.xyz sativus.xyz sauryn.ru saxifraga.space schrenchi.xyz scincus.xyz sclerops.xyz scoparius.xyz scopolia.space scorodosma.xyz sebaer.xyz sempervirens.space sempervirens.xyz sendobin.space senega.space senegala.xyz serpyllum.space sesamum.space settings-meta-ua.site settings-ukr.net sevena.space shabal.space sheppard.fun sheppard.website shiodai.space shokoda.xyz shoppersi.space silenser.fun silenser.site silenser.space silenser.website silenser.xyz silvestris.xyz sinapis.space skymage.fun skymage.space skymage.website slonar.website smtpserver.site solonra.space somniferum.ru sorg.space spirantra.space sprengel.xyz squarosa.ru srarda.space stairu.space stan-stana.fun stan-stana.site stan-stana.space stan-stana.website staphisagria.xyz steinh.space stenama.space stereo-bit.fun stereo-bit.site stereo-bit.space stereo-bit.website stolina.website stomarra.space stonewa.space stramonium.xyz strigigena.ru strychnos.space styrax.space succedanea.space sylvatica.xyz sylvestris.ru symphytum.space tamarindus.space tarapi.space taraxacum.space tclvds.site tekora.space teratoscincus.xyz termit.site termit.space termit.website termits.fun testudos.ru thean.xyz theobroma.space thymus.space tiamor.space tiglium.xyz tigrinum.xyz tilia.space timewer.space tinctorum.space tinea.xyz toluifera.ru toqq.website totilla.xyz toxifera.space trelial.xyz treubii.ru triandra.ru trichogaster.xyz trichopodus.xyz trichopterus.xyz trifoliata.ru trigonatus.xyz trigonella.space triticum.space triticum.xyz triturus.xyz troubl.xyz tussilago.space ugorado.online ulmifolia.space uncaria.space upokan.xyz urceola.space urginea.space urostigma.xyz utilissima.ru vabalt.space valeriana.space vantalio.space varanus.xyz venomart.space veratrum.space verbascum.space vernalisa.xyz veronis.space vertigos.space vesea.xyz vestak.space veterra.space vibraska.website victios.space vidika.website vinara.xyz vinifera.space vipera.xyz virginiana.space viridiflorus.ru virtuz.xyz viscum.space vitis.space vomica.space vulgare.space vulgarisa.xyz wallich.xyz ward.fun watsonii.ru wavera.space weaman.space weweca.website wiilasto.website wildbar.space willder.xyz woodstone.space wordmacros.space wostrigo.website xakep.site xakep.website xn--delphnium-k5a.xyz zanusson.website zareton.space zaxscdvf.online zedoaria.xyz zingiber.space # Reference: https://twitter.com/ShadowChasing1/status/1296707738756501504 # Reference: https://www.virustotal.com/gui/ip-address/109.95.211.14/relations # Reference: https://www.virustotal.com/gui/file/c7123a57126e8e23f689f82ac8181245dc7a7ba57d110432b76a0cb8091e07fa/detection kopot.myftp.biz moris.hopto.org # Reference: https://twitter.com/ShadowChasing1/status/1300775186459893760 # Reference: https://twitter.com/ShadowChasing1/status/1301342236391608320 # Reference: https://www.virustotal.com/gui/ip-address/109.95.210.183/relations # Reference: https://www.virustotal.com/gui/file/17ac0f1084dd2456f9fd805843ccf3b2fc55b7bfb28b78a2f2434c4e470e99cf/detection # Reference: https://www.virustotal.com/gui/file/596ca34b5d6e66905c50aa5968bb0ec706cad4aa945e68315958ca2ecf33f250/detection belkus.bounceme.net hidfes.bounceme.net # Reference: https://twitter.com/ShadowChasing1/status/1302916313375940610 # Reference: https://twitter.com/ShadowChasing1/status/1303983487221788672 # Reference: https://www.virustotal.com/gui/ip-address/31.28.24.123/relations # Reference: https://www.virustotal.com/gui/ip-address/193.29.204.52/relations # Reference: https://www.virustotal.com/gui/file/4f9e9125e481b3d610305de2a2c1c5b6d4df369d407b3960307bef13fdffdd11/detection # Reference: https://www.virustotal.com/gui/file/2d33e4360829fc86ba8dca456ab38015e9bb5a3d54f153c75938c684c708e188/detection hiodus.bounceme.net numan.bounceme.net # Reference: https://twitter.com/ShadowChasing1/status/1304020722134597633 # Reference: https://twitter.com/_re_fox/status/1304424900942323717 # Reference: https://www.virustotal.com/gui/file/f03929f52932ccd3363310f95aacea8130331478b531d8989bcff9793e8516d7/detection # Reference: https://www.virustotal.com/gui/file/e2e7fc4c7b4712940e24046da566b8ccda9a7384e3265eac8cde11930cdea431/detection # Reference: https://www.virustotal.com/gui/ip-address/31.28.24.131/relations forkasimov.hopto.org hedim.myftp.biz hellokasimka.hopto.org kilsaduck.myftp.biz lodgetus.myftp.biz milovardi.myftp.org palodus.myftp.biz pankus.3utilities.com reverus.myftp.biz sangorits.hopto.org shadowchasergroup.hopto.org visla.myftp.org # Reference: https://twitter.com/ShadowChasing1/status/1302870884495978500 # Reference: https://www.virustotal.com/gui/file/7be1bac6321637f343555ad72ae2c061845c379ab26b33721bbc26f340a83acb/detection strigigena.ru testudos.ru # Reference: https://twitter.com/ShadowChasing1/status/1306159659326218240 # Reference: https://www.virustotal.com/gui/file/54a8e592c98f314a32757cacf3443ea86d2602251951add3927b27fdb924632b/detection # Reference: https://www.virustotal.com/gui/file/bf862f14e98529ed87dfad7a6fe003d8b306b8b86f5d193c07017737bc911397/detection discouti.ru jaculus.ru # Reference: https://twitter.com/_re_fox/status/1309182864416821248 # Reference: https://www.virustotal.com/gui/file/e94c15affa9180169b2affcf9baafe6c02c18470f8e833106715e758b70ad63b/detection sort.freedynamicdns.org # Reference: https://www.virustotal.com/gui/ip-address/31.28.24.124/relations # Reference: https://app.any.run/tasks/9fe1c422-f0f4-45be-8336-0ba860ec290e/ sakidus.myftp.org # Reference: https://www.virustotal.com/gui/ip-address/195.62.53.158/relations google-spread.hopto.org spread-notify.info supp.webhop.me uspread.webhop.me uspread2.webhop.me # Reference: https://www.virustotal.com/gui/file/6fa02e965c84eeabc1601263c203e1b524fd9500584e4ca08907d3b97cb963a0/detection srv166997.hoster-test.ru # Reference: https://twitter.com/DrunkBinary/status/1323286255636008965 # Reference: https://www.virustotal.com/gui/ip-address/185.231.155.69/relations # Reference: https://www.virustotal.com/gui/file/528bbb7584905898bde0d06c45be655b293a2346d1e93e743414191471e69f0d/detection nato-spr.ddns.net spread.crimea.com spread01.crimea.com # Reference: https://www.virustotal.com/gui/ip-address/185.158.115.137/relations droper-spread.ddns.net update-spread.ddns.net updates-spread.ddns.net # Reference: https://www.virustotal.com/gui/ip-address/78.40.219.213/relations # Reference: https://www.virustotal.com/gui/file/08c674f58b33ed1a3854b2df9b4eab5c87f96a5700bc901389aec609876cdad6/detection # Reference: https://www.virustotal.com/gui/file/b712459206fd9e35f92ec49fa06028074beabe20be106e25ba56a4a97d488b1e/detection herodukins.hopto.org microwords.3utilities.com microwords.bounceme.net word-help.3utilities.com word-lis.myftp.org word-web.gotdns.ch wordgroup.myftp.biz wordpress.gotdns.ch acantholyda.online acanthophis.ru achalinus.ru acridoxena.online alicui.ru antarcticus.online cichlasoma.ru clonorchis.online conscindere.online discedere.ru erythrocephala.ru formosanus.online fossor.ru goatfish.site hakena.online halibut.site herrings.site hewaniana.online hewaniana.ru limosa.ru mackereli.site mulletin.site nilesa.site perchi.site pilcharda.site pomfreti.ru proserpinus.ru rainak.space rainbowt.site salmoni.site soled.site spratan.online stealheada.site superfundi.ru tiglium.xyz tilapian.online tilapian.ru trouta.site tunara.online tunara.ru turgescere.ru variare.ru # Reference: https://www.virustotal.com/gui/ip-address/188.225.83.103/relations libre-crash.myftp.biz libre-setting.myddns.me word-office.myftp.biz boniton.site flatfish.site flounder.site goatfish.site hakena.online halibut.site mackereli.site netinsurance.site nilesa.site plaices.site rainbowt.site salmoni.site soled.site tilapian.ru trouta.site tunara.ru # Reference: https://twitter.com/Circuitous__/status/1329820564337414149 # Reference: https://www.virustotal.com/gui/file/4acfb73e121a49c20423a6d72c75614b438ec53ca6f84173a6a27d52f0466573/detection erythrocephala.online # Reference: https://www.virustotal.com/gui/file/fcea8c5e11d69d724cf7fd48ad67a837671aa66e4f7da1ecdc1889ca947628ca/detection # Reference: https://www.virustotal.com/gui/file/0fdbcc1ddc1941e21be206158db25bdb01c688a9af69e7e2675587f34450becd/detection # Reference: https://www.virustotal.com/gui/file/a3e24300ee419b26218ddba90d4dec90110dd5766b51ebbb1535c91bdcd8ace6/detection # Reference: https://www.virustotal.com/gui/file/64d74dac46258e2eeb0b37ed50f3b38f5b034300df965ec7a6651b67b7796e88/detection # Reference: https://www.virustotal.com/gui/ip-address/78.40.219.152/relations abrumpere.online abrumpere.ru alicui.online alicui.ru atlanticos.site conscindere.online conscindere.ru differre.ru difformis.ru discedere.ru discrepare.ru disjungere.ru diversiformis.ru labefactare.ru lacerare.ru mulletin.site petulans.online rumpere.online superventus.online # Reference: https://twitter.com/Circuitous__/status/1331609085838561281 # Reference: https://twitter.com/Circuitous__/status/1341401065053429760 # Reference: https://www.virustotal.com/gui/ip-address/195.161.114.130/relations # Reference: https://www.virustotal.com/gui/file/c6fe85f16ddb68f8244e8a6518f02b998e15cbd94a56ef756cf14c36c82a2e2b/detection # Reference: https://www.virustotal.com/gui/file/8350dfafd8621cd342fa3405adeed06d6089745e54e163ba11e50c33ea832a08/detection jikods.hopto.org karimatus.3utilities.com kasidvk.3utilities.com luser-kas.myftp.biz malikos.hopto.org mydinos.myddns.me # Reference: https://twitter.com/ShadowChasing1/status/1334071900004179968 # Reference: https://www.virustotal.com/gui/file/b58ef82901cb0c46ea62539e6e52951868e9e1275d24b435a186ab1bd5554a1c/detection # Reference: https://www.virustotal.com/gui/file/7f1df9d4fb027504c6025f73147b97be1ddb30ba780c7b28b1f8d39954ca0d95/detection # Reference: https://www.virustotal.com/gui/file/faae5fbbd9198ac903aeb45ada19e4e555c89cecba3ec89a78d97cc70293bae9/detection proserpinus.online # Reference: https://twitter.com/Nexus23_Labs/status/1334087485119492099 srv186-h-st.jino.ru # Reference: https://twitter.com/ShadowChasing1/status/1338459230412554242 # Reference: https://www.virustotal.com/gui/ip-address/188.225.85.180/detection # Reference: https://www.virustotal.com/gui/file/126073b4a22e7f42247c19be9dad1b0f5c01ab0de11eea99a4bee2f0f9a5fb4d/detection cash-libre.3utilities.com wordgroup.bounceme.net # Reference: https://ti.qianxin.com/blog/articles/Hackers-in-Eastern-Europe-Use-Harpoon-Mail-to-Target-Activities-in-Ukraine/ # Reference: https://otx.alienvault.com/pulse/5fd7a4c5ad06715cb8630ecb http://78.40.219.213/intimate.php http://78.40.219.213/interrupt.php cultiventris.online decursio.online testudos.ru vincula.online # Reference: https://twitter.com/ShadowChasing1/status/1348220217650946048 # Reference: https://www.virustotal.com/gui/file/13b780800c94410b3d68060030b5ff62e9a320a71c02963603ae65abbf150d36/detection sufflari.online # Reference: https://www.virustotal.com/gui/ip-address/188.225.82.216/relations dikolap.myftp.biz lisaduman.myddns.me alburnus.online alytes.xyz anolis.ru archaicus.online archiepiscopus.online asymmetria.online bombinators.xyz burhinus.online carinatus.online carolinensis.online ciconiat.online coeruleus.online cololabis.online differre.online difformis.online discedere.online discrepare.online disjungere.online diversiformis.online dividere.online emysi.online eurypterida.online exundare.online floridae.xyz fossor.online gasterosteus.xyz heterotypus.online hippoglossus.online hypochondralis.xyz incursio.online incursionibus.online incursus.online irritabilitas.online jordanella.xyz labefacere.online labefactare.online lacerare.online latesa.online lineolatum.xyz lovarinda.site mugil.online niloticus.online ophisaurus.xyz pestola.space phrynocephalus.xyz regionem.online regionem.ru rekarda.space ridibunda.xyz rufescens.online sairanat.online saltator.online saltator.ru sauryn.online scolopaxys.online sphaerion.online sprata.online suaveolens.online suffunditur.online superfluere.online superfundi.online taphrometopon.xyz testudos.online tuberculata.xyz turgescere.online # Reference: https://www.virustotal.com/gui/ip-address/185.119.57.195/relations libredrives.myftp.org libreint.hopto.org worddebuks.myftp.org worddrives.myftp.biz wordpress-id.hopto.org petulans.ru rumpere.ru saury.site sprata.site sufflari.online suffundi.online suffundi.ru suffunditur.ru superfluere.ru vincula.ru # Reference: https://www.virustotal.com/gui/file/b9aec383ba19e3955f4e18eb1feb4018a9aefcfa35cc3288503bbc7ad070f060/detection # Reference: https://www.virustotal.com/gui/file/c31a0f4f089c09d1357e437e257052f2fa0a592d6198c83d09bfed5d3b000c64/detection niloticus.ru # Reference: https://www.virustotal.com/gui/ip-address/185.104.114.215/relations lodurawer.bounceme.net # Reference: https://twitter.com/RedDrip7/status/1348821911979978753 # Reference: https://aaqeel01.wordpress.com/2021/01/18/docx-files-template-injection/ # Reference: https://app.any.run/tasks/26e685f3-9a76-45fa-ad70-dd61cb64812c/ # Reference: https://www.virustotal.com/gui/file/0b525e66587e564db10bb814495aefb5884d74745297f33503d32b1fec78343f/detection # Reference: https://www.virustotal.com/gui/file/105a1aa3ca1bffdfced9933ea374c5013f9ea9a4879afb890f883f08ea9298ea/detection # Reference: https://www.virustotal.com/gui/file/436d2e6da753648cbf7b6b13f0dc855adf51c014e6a778ce1901f2e69bd16360/detection http://188.225.82.216/index.html http://188.225.82.216/inspection.php http://188.225.82.216/inspection%5B.%5Dphp intumescere.online limosa.online # Reference: https://twitter.com/ShadowChasing1/status/1350053099835047938 # Reference: https://app.any.run/tasks/17575220-f087-4baa-bc96-3d9bdb0f10ed/ # Reference: https://www.virustotal.com/gui/ip-address/195.161.114.130/relations # Reference: https://www.virustotal.com/gui/file/499caf4558ca05440875a94d5e06663cc637f9c6acdaa7c1a89f889a025837f3/detection email-gov.site office360-expert.online mil-gov.site noreply-yandex.ru word-expert.online # Reference: https://twitter.com/ShadowChasing1/status/1351570565354541056 # Reference: https://www.virustotal.com/gui/ip-address/37.77.106.61/relations # Reference: https://www.virustotal.com/gui/file/a302e17a08443c3d14a0f877fb76ad30b36c5cf8e20edf90d935c508f4125163/detection asdik-ero.hopto.org cash-office.3utilities.com cash-word.3utilities.com kasdot.hopto.org pokis-to.hopto.org saradot.gotdns.ch valet-din.hopto.org acridoxena.ru campestri.online campestri.ru clonorchis.ru dionysi.online golintras.site gorimana.site hepatica.ru holodosiz.site mortivan.site pomfreti.online portunio.site sinensisa.ru viraglo.site vitrokaz.site # Reference: https://twitter.com/ShadowChasing1/status/1352264953663639559 # Reference: https://www.virustotal.com/gui/ip-address/185.119.56.5/relations # Reference: https://www.virustotal.com/gui/file/13daeeea4261ce15504e584c22c61d3b4e4d65f296dfded3dcae2fefaf025963/detection apoxipodes.online asilidae.ru chelicerata.online chelicerata.ru merostomata.online polyphemus.online scorpiones.online po-hg.freedynamicdns.org # Reference: https://www.virustotal.com/gui/ip-address/188.225.87.252/detection din-work.gotdns.ch # Reference: https://www.virustotal.com/gui/ip-address/46.229.215.169/relations # Reference: https://www.virustotal.com/gui/file/68c4ba9c72670e1dff7321a9b6c954cd9e3c3c6f59019a8e26625436e0a322b6/detection agaricusa.ru arachnidas.ru eurypterida.online fasciolas.online formosanus.ru gari-gt.gotdns.ch jikolad.hopto.org rufescens.ru sinensisa.online sufflari.ru xiphosura.online # Reference: https://www.virustotal.com/gui/ip-address/193.164.150.5/relations aidoona.online samerkiss.hopto.org upload-dot.hopto.org # Reference: https://www.virustotal.com/gui/ip-address/188.225.77.116/relations milrodus.myftp.biz wakrims.hopto.org # Reference: https://twitter.com/DrunkBinary/status/1354167067226812417 # Reference: https://www.virustotal.com/gui/ip-address/185.119.59.227/detection # Reference: https://www.virustotal.com/gui/file/262f2b7085ea5646a3713c400637237fe54eb535c6602ed41e030319173fccad/detection albatrellus.ru asilidae.online graphiuma.online incursio.ru incursionibus.ru irritabilitas.ru ovinus.online ovinus.ru panchax.ru scolopaxys.ru sprata.ru optica-rd.myftp.biz # Reference: https://www.virustotal.com/gui/ip-address/83.166.241.13/relations # Reference: https://www.virustotal.com/gui/file/211f5e86a3b88c0e313280dcc02afda3ee07bfaabae11f6be34ead120cc91933/detection http://83.166.241.13/insufficient.php acrididae.ru apaturinae.ru blattodea.ru cerambycidae.online coleopteras.online coliadinae.online cyrestinae.online cyrestinae.ru empusidae.online gonepteryx.online graphosoma.online graphosoma.ru hamadryas.online hamadryas.ru heliconiinae.ru hesperiidae.online heteroptera.online hierodula.online hierodula.ru homoptera.online homoptera.ru kallima.online maniola.online mantidae.ru # Reference: https://twitter.com/NinjaOperator/status/1354886010056962051 # Reference: https://www.virustotal.com/gui/file/f57469f74cc9f20f719ed0895f19df521fe4c6c3700430452006612d6277eb90/detection f0403793.xsph.ru # Reference: https://twitter.com/Circuitous__/status/1355190838998036486 # Reference: https://www.virustotal.com/gui/ip-address/91.210.169.194/relations acrididae.online antarcticus.ru arachnidas.online arctiidae.online asilidae.online asilidae.ru blaberidae.online # Reference: https://www.virustotal.com/gui/ip-address/217.25.88.126/relations # Reference: https://www.virustotal.com/gui/ip-address/37.77.104.60/relations facetum.ru heterotypus.ru jaculusan.ru sphaerion.ru karatel.3utilities.com vimpel.3utilities.com # Reference: https://www.virustotal.com/gui/file/aa3aefa7fd21fa68c207ff0539fd5fd76bc8e4db3d6fdb5542c61f45062c9989/detection http://83.166.240.180/plot.php polyphemus.ru # Reference: https://www.virustotal.com/gui/file/8b9f8909f07f7ca5a6eb72093f2cb7e5f0981fff809f06433f7ef968c4d0530d/detection apoxipodes.ru # Reference: https://www.virustotal.com/gui/ip-address/83.166.240.180/relations agaricusa.online albatrellus.online apaturinae.online apoxipodes.ru dionysi.ru dipteran.ru empusidae.ru fanniidae.online fanniidae.ru felineus.ru graphiuma.ru gromphadorhina.ru heteroptera.ru hymenoptera.online inachis.online merostomata.ru polyphemus.ru silvicol.online # Reference: https://twitter.com/ShadowChasing1/status/1357322289331638275 # Reference: https://www.virustotal.com/gui/file/81bdc709be19af44a1acc7c6289ed0212d214a7d0e5ffd4c35d3fa0b87401175/detection inula.ru # Reference: https://twitter.com/ShadowChasing1/status/1357324995194593281 # Reference: https://www.virustotal.com/gui/file/8fbea49a8b26889e9157ace2003334f56e3de7020cb099d3948df676539eb4a3/detection email-smtp.online # Reference: https://www.virustotal.com/gui/ip-address/188.225.58.175/relations # Reference: https://www.virustotal.com/gui/file/8c6a3df1398677c85a6e11982d99a31013486a9c56452b29fc4e3fc8927030ad/detection # Reference: https://www.virustotal.com/gui/file/55fa15372c2ec11c8e6b112713594bfc286d5af54fe654ecbb715ed7f64cf948/detection # Reference: https://www.virustotal.com/gui/file/5a152904a17a5c1660f807ba65d66bbed8db9fe002740473bdf9b708f3a520b4/detection http://188.225.58.175/ingenious_/28.01/ivan.php anisoptera.online biblidinae.online danainae.online dipteran.online gromphadorhina.online heliconiinae.online lepidopteras.ru libellulat.ru libellulidae.ru lodisak-gid.myddns.me maliko-dicto.myftp.biz maniola.ru oper-getor.gotdns.ch # Reference: https://www.virustotal.com/gui/ip-address/92.53.105.106/relations hunda.3utilities.com wordfix.myftp.org # Reference: https://www.virustotal.com/gui/ip-address/83.166.242.231/relations lepidopteras.online limenitis.online limenitis.ru lophacris.online megascolias.online nematoceras.ru # Reference: https://twitter.com/ShadowChasing1/status/1360234329591275521 # Reference: https://www.virustotal.com/gui/file/0600f4be4dc7fe5ba4e226b797888667f5dd6138734a6333da697346e897c216/detection mail-check.ru # Reference: https://www.virustotal.com/gui/ip-address/91.210.170.51/relations libellulat.online libellulidae.online limenitidinae.online limenitidinae.ru lycaenidae.online mantidae.online # Reference: https://www.virustotal.com/gui/ip-address/109.68.212.97/relations # Reference: https://www.rnbo.gov.ua/en/Diialnist/4823.html http://109.68.212.97/infant.php khpf.ru morphon.online sigma-oi.freedynamicdns.net # Reference: https://twitter.com/h2jazi/status/1362051799897759745 # Reference: https://www.virustotal.com/gui/file/6b2a77bbd4a8daa4be10c32ffb9212ef6464e313b8ccfe1bb8208f5d6071be74/detection acetica.online # Reference: https://twitter.com/h2jazi/status/1362838864633753601 # Reference: https://www.virustotal.com/gui/ip-address/83.166.244.174/relations # Reference: https://www.virustotal.com/gui/file/3455284a4cb88afa6da547fc3899d5063b59dcb25a4a1ed5b0161df841255b78/detection http://83.166.244.174/infant.php brucel.ru clostri.ru enterox.ru hpoi.online # Reference: https://www.virustotal.com/gui/ip-address/188.225.24.78/relations siwer-to.hopto.org lophacris.ru lycaenidae.ru meandrusas.online # Reference: https://twitter.com/ShadowChasing1/status/1363873714891202561 # Reference: https://www.virustotal.com/gui/ip-address/83.166.242.227/relations # Reference: https://www.virustotal.com/gui/file/e0a345e544f05450dc201db8215370a40c3011fe2d1a95a87dadc6c164a5ce77/detection mantodeas.online meandrusas.ru melitaeas.online morphinaes.online nymphalidaes.online # Reference: https://www.virustotal.com/gui/ip-address/193.164.150.29/relations archaicus.ru archiepiscopus.ru deltanermo.site incursus.ru superventus.ru kolodisad.3utilities.com panridaks.bounceme.net # Reference: https://www.virustotal.com/gui/ip-address/188.166.183.105/detection bolobolol.servehttp.com cukagempi.serveftp.com icikiwer.myftp.biz koyongene.myftp.biz nadeeen.servehttp.com susu-bendera.3utilities.com susukacang.3utilities.com # Reference: https://otx.alienvault.com/pulse/60352ce7950d179bd0aff18b/ apidaet.ru corvusi.ru intumescere.ru hippoglossus.ru noctuidaes.online babylont.ru haplochromis.ru google.site downloadfiles.website elaphe.xyz exundare.ru balderdash.fun blaberidae.ru cinada.xyz duboisia.xyz arnicad.xyz ambystoma.xyz emysi.ru assasysa.online balderdash.website gmail.online colisa.xyz botaurus.ru dividere.ru absinthiuma.xyz khpf.online extrado.ru info.online eurypterida.ru arctiidae.ru metcalfas.online sardanal.ru coliadinae.ru eryxis.ru googlefiles.site clupeonella.ru alligatori.xyz attach.pw attachments.pw emailinfo.site coluber.xyz balderdash.host fasciolas.ru gonepteryx.ru deadpool.pw tnoi.online anisoptera.ru ciconiat.ru balderdash.space blockpost.space cultiventris.ru kyiv.site burhinus.ru attach.pro acantholyda.ru constrictor.xyz opercularis.xyz ophisaurusis.xyz fnrn.online attachments.website agamat.xyz inbox.site apusa.xyz eyeofra.online nematoceras.online # Reference: https://twitter.com/h2jazi/status/1367170822973104143 # Reference: https://www.virustotal.com/gui/file/11e99664b7573bb2efb4d2d88c3c36cdb6e67f25a0644f744b59bf5badec036b/detection # Reference: https://www.virustotal.com/gui/ip-address/217.25.93.27/relations # Reference: https://www.virustotal.com/gui/ip-address/83.166.241.96/relations # Reference: https://www.virustotal.com/gui/ip-address/83.166.244.243/relations # Reference: https://www.virustotal.com/gui/ip-address/89.223.124.22/relations acteran.ru ariuma.ru bacteri.ru baryom.ru botulina.ru brevib.ru butyri.ru candidar.ru debarys.ru enterow.ru erwina.ru erwini.ru eschera.ru guill.ru herica.ru ichia.ru iermo.ru lipolys.ru mondii.ru omyce.ru perfrin.ru picalisy.ru ricuma.ru rificum.ru ryomy.ru robact.ru stearo.ru subterm.ru subtila.ru thermop.ru tropisti.ru winial.ru # Reference: https://www.virustotal.com/gui/file/4c7070a4ada6ed9a65df0dda79c4a3bb9296611ff94e51f5dd9514047e5c35fa/detection http://188.225.37.128/index.php # Reference: https://www.virustotal.com/gui/file/b8ae65f340dcf4406c01570a6da09cc764499cf67cb647287613313659d7ae72/detection http://83.166.241.96/striped # Reference: https://www.virustotal.com/gui/file/3455284a4cb88afa6da547fc3899d5063b59dcb25a4a1ed5b0161df841255b78/detection http://89.223.124.22/infant.php # Reference: https://www.virustotal.com/gui/ip-address/185.119.58.61/relations acetica.ru bacteriu.ru cereusi.ru escheri.ru fusari.ru fusaris.ru gluconid.ru gramine.ru hilus.ru ineari.ru klebsie.ru mesant.ru onoba.ru papiliot.ru riumo.ru sinia.ru spratan.ru tilapian.ru # Reference: https://www.virustotal.com/gui/ip-address/80.78.246.128/relations coagula.ru coeruleus.ru colista.ru earium.ru hkol.ru labefacere.ru natrixy.ru siella.ru stellarisa.ru ugorado.ru jk-rec.myftp.biz libre-word.myftp.org microwords.myftp.org milidot.myftp.org wordexucute.myftp.org wordgroup.myftp.org wordprestige.myftp.biz wordslowe.myftp.org # Reference: https://twitter.com/h2jazi/status/1369808549178671106 /LAB-PC_D06C2D4F/WindowsNewsense.php # Reference: https://www.virustotal.com/gui/file/70eb2f56fc524c0dc0d19528410def37c9dd0a183c7230fcff57cb31200ca6fc/detection /Q9IATRKPRH_8443A5AF/WindowsNewsense.php # Reference: https://twitter.com/ShadowChasing1/status/1373865939389747204 # Reference: https://www.virustotal.com/gui/file/b33f8924e499b6678ddf6356427a385fb2ac917127e3344bb11f28125ca869ab/detection acanthophis.online # Reference: https://www.virustotal.com/gui/ip-address/91.229.91.124/relations # Reference: https://www.virustotal.com/gui/file/6153d3563e1458ba840943c210ca3c7a14ebb5d5f65e7aca02f3f74f55ec91aa/detection http://188.225.76.97/schedule.php tridiuma.ru # Reference: https://www.virustotal.com/gui/ip-address/188.225.76.97/relations baryo.ru colidar.ru mucora.ru putrif.ru sporog.ru winialo.ru labzet.hopto.org melasid.hopto.org # Reference: https://twitter.com/ShadowChasing1/status/1376538338560122880 # Reference: https://www.virustotal.com/gui/file/4aa2c783ae3d2d58f12d5e89282069533a80a7ba6f7fe6c548c6230a9601e650/detection a0322810.xsph.ru # Reference: https://twitter.com/ShadowChasing1/status/1377250380732526598 # Reference: https://www.virustotal.com/gui/file/775ffa9f9ae3b9b07b368f38161d0a81d54d801f4ccb39e6957d1b3dfa2bf0c1/detection http://195.58.49.41 # Reference: https://twitter.com/ShadowChasing1/status/1377627463342247947 # Reference: https://www.virustotal.com/gui/file/45bfb0bc5f9e8a03e337065c2b5517ca032b2bbf62510f64b79a98796fb3f6e1/detection jobiden.site # Reference: https://twitter.com/ShadowChasing1/status/1377973764164476932 # Reference: https://twitter.com/ShadowChasing1/status/1377973769579360258 # Reference: https://www.virustotal.com/gui/file/301e819008e19b9803ad8b75ecede9ecfa5b11a3ecd8df0316914588b95371c8/detection http://91.234.33.108 # Reference: https://www.virustotal.com/gui/ip-address/83.166.244.172/relations http://83.166.244.172 # Reference: https://twitter.com/ShadowChasing1/status/1383068766771105795 # Reference: https://twitter.com/_re_fox/status/1383216911329071108 # Reference: https://twitter.com/_re_fox/status/1383484672433213445 # Reference: https://www.virustotal.com/gui/ip-address/194.87.215.141/relations # Reference: https://www.virustotal.com/gui/ip-address/194.87.68.169/relations # Reference: https://www.virustotal.com/gui/ip-address/45.129.2.187/relations # Reference: https://www.virustotal.com/gui/ip-address/5.63.159.221/relations # Reference: https://www.virustotal.com/gui/file/52756359d57cb60a5f0d2633ab054639e1571cd43a471c22553f3322481cc848/detection aerogenosa.ru camama.ru debary.ru fluoresc.ru fortias.ru mamberis.ru maniis.ru megatos.online mirabilisa.ru mycodar.ru oidium.ru propioni.ru proteug.ru pseudom.ru roquef.ru tubercur.ru nilias.ru erati.ru acterium.ru cterium.ru penicil.ru mishel.myftp.biz silves.3utilities.com # Reference: https://twitter.com/ShadowChasing1/status/1383413812187914252 # Reference: https://www.virustotal.com/gui/ip-address/195.133.52.247/relations # Reference: https://www.virustotal.com/gui/file/936b70e0babe7708eda22055db6021aed965083d5bc18aad36bedca993d1442a/detection http://195.133.52.247 cereusi.online mesant.online # Reference: https://twitter.com/h2jazi/status/1388920739345149960 # Reference: https://www.virustotal.com/gui/ip-address/83.166.246.59/relations # Reference: https://www.virustotal.com/gui/file/21324d499531ea1f573e0c33954286e6577893a03a90d9c278cf9aa942d50027/detection http://83.166.246.59 agarisi.ru acetobacter.online circulas.online # Reference: https://www.virustotal.com/gui/ip-address/83.166.244.85/relations rabilin.ru riumos.ru shermano.ru # Reference: https://www.virustotal.com/gui/ip-address/45.129.3.41/relations teriuma.ru # DOC/DOT patterns /aCxBBz.dot /ahWVID.dot /dCiBlGD.dot /EAuRvHK.dot /eEpEaH.dot /exusmq.dot /fACWjNTD.dot /fAlDCLaPBCoSJp.dot /FCgnOw.dot /FEzzSwLd.dot /FFBHL.dot /FGJoQCSzb.dot /fzPJir.dot /gaOwbtKJJ.dot /gJHEIw.dot /HIXOzc.dot /hjnerkXCXrc.dot /HkauzgNjTE.dot /HMAJAQsq.dot /IVCbXw.dot /IdmPyYVUudYaVF.dot /JEkSZWBgtH.dot /jJIBWJHI.dot /jtFqxxHzQAw.dot /kFEkds.dot /kgoDu.dot /KMBGwE.dot /KOBEko.dot /KyVJhg.dot /KzGdWvmSq.dot /LjPmKaq.dot /LuPNRY.dot /LwRoTct.dot /MAJGk.dot /MxDmFQ.dot /niGcEd.dot /NTKOdGyMIFgETz.dot /osasssecyqr.dot /OTLJNYMqMVxkpp.dot /OjSjBj.dot /OzLIyx.dot /pfJwhBY.dot /RbfwAlJtAwm.dot /rrdJqe.dot /SBuTcj.dot /TKvrzJNE.dot /Tooqvc.dot /TOppBw.dot /UBBscw.dot /VaFzplBF.dot /VhhJHnvBBFA.dot /wDewdIf.dot /yopWWB.dot /yZnuGSpFn.dot /ZBTFJUuEFSF.dot /360Templates/Notat.docx /almost/councilman/rejoice/clank.dot /band/selection/sequence.dot /BABY/heap/dearest.dot /BALANTAY/headline/grumble.dot /BANCOC/September/prefix.dot /BANCOC/intelligent/barefooted.dot /BANCOC/prediction/preparations.dot /BANCOC/prefer/regarded.dot /BANCOC/quest/precarious.dot /BANCOC/regions/quay.dot /BANCOC/see/barefooted.dot /BIMBA/bank/queer.dot /BIMBA/barbed/sense.dot /BIMBA/barren/decided.dot /BIMBA/decency/headphones.dot /BIMBA/decent/seen.dot /BIMBA/groups/grudge.dot /BIMBA/growing/barley.dot /BIMBA/integral/seed.dot /BIMBA/nephew/rejoined.dot /BIMBA/never/preach.dot /BIMBA/prepared/debris.dot /BIMBA/presented/haze.dot /BIMBA/queer/lot.dot /BIMBA/question/serious.dot /BIMBA/registration/guessing.dot /BIMBA/selection/regarding.dot /BINGO/luncheon.dot /BINGO/presumably.dot /BINGO/pry.dot /BLADE/insurance/quick.dot /CB/ambiguous.dot /countryside/countryside1/soul.dot /countryside/prevent/counter.dot /DESKTOP-28DO3Q8/clash/princess.dot /glitter/glitter1/salvage.dot /header/precaution/precisely.dot /IGOR/goats.dot /intent/sense/guarded.dot /intercourse/endure/stop.dot /luggage/princess/pretend.dot /neglect/glowing.dot /preliminary/guarantee/sequence.dot /preservation/quietly/seedlings.dot /quiet/precious/selling.dot /reliable/barefooted/seek.dot /S1/glide/glide.dot # HTM/HTML path # Reference: https://www.virustotal.com/gui/file/6fc61c8f07906b047e3828d0a1ace9c65e1c6d2a96fcf79a810d1db3b8cda3f8/detection /HmGzHUg/vwEqNrh/index.html /SeaBIOS-INTEL-1/index.html /WrIWhq/sREFsJ/HPtgOy.html # Reference: https://www.virustotal.com/gui/ip-address/45.135.134.139/relations megascolias.ru shermana.ru uconos.ru ckus.site kjoi.ru khjs.ru flavobac.ru cillium.ru cobact.ru mycoba.ru hakena.ru onili.ru apidaet.online silvicol.ru tnoi.ru hesperiidae.ru bercul.ru onibacter.ru limulusa.online felineus.online sporotri.ru nymphalidaes.ru iersin.ru xiphosura.ru ichiella.ru mantodeas.ru brachycera.online acidop.ru hepatica.online brevisi.ru hymenoptera.ru metcalfas.ru obacter.ru morphinaes.ru tuberci.ru morphon.ru carolinensis.ru noctuidaes.ru limulusa.ru erobact.ru acetobacter.ru blattodea.online sairanat.ru pseudon.ru melitaeas.ru senula.ru dophil.ru achalinus.online shaperi.ru hansenul.ru # Reference: https://twitter.com/h2jazi/status/1379843634716102661 # Reference: https://www.virustotal.com/gui/ip-address/83.166.240.126/relations # Reference: https://www.virustotal.com/gui/file/85e5e99c6cbfa403685661dd6cd7677a42e98b468b7163f273b3f129c32162dd/detection http://83.166.240.126 bertis.ru proteusa.ru # Reference: https://www.virustotal.com/gui/ip-address/83.166.241.17/relations http://83.166.241.17 bacterir.ru culosisa.ru mycobar.ru # Reference: https://twitter.com/ShadowChasing1/status/1384144868667101203 murders-dkr.ru # Reference: https://www.virustotal.com/gui/ip-address/83.166.241.215/relations candidum.ru # Reference: https://www.virustotal.com/gui/ip-address/83.166.248.181/relations coagula.online ermasa.ru oderas.ru papiliot.online phymateus.online teriuma.ru # Generic /17.02/inner.php /help_Om.php /mfareboot.php /posolreboot.php /rebootor.php /rnboreboot.php /zaderreboot.php /bitprog.waw /piTDaxD/GURSORUN.php /spr_files.php /spr_updates.php /TCGahjr/reinst.php /WindowsNewsense.php # Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/gamaredon-apt-group-use-covid-19-lure-in-campaigns/ # Reference: https://www.virustotal.com/gui/file/66b67a1f4032f717ee19009996adbe2c185be2ef2da462902a4703fca269709d/behavior/Rising%20MOVES /help_01_01.php /help_01_02.php /help_01_03.php /help_01_04.php /help_01_05.php /help_01_06.php /help_01_07.php /help_01_08.php /help_01_09.php /help_01_10.php /help_01_11.php /help_01_12.php /help_02_01.php /help_02_02.php /help_02_03.php /help_02_04.php /help_02_05.php /help_02_06.php /help_02_07.php /help_02_08.php /help_02_09.php /help_02_10.php /help_02_11.php /help_02_12.php /help_03_01.php /help_03_02.php /help_03_03.php /help_03_04.php /help_03_05.php /help_03_06.php /help_03_07.php /help_03_08.php /help_03_09.php /help_03_10.php /help_03_11.php /help_03_12.php /help_04_01.php /help_04_02.php /help_04_03.php /help_04_04.php /help_04_05.php /help_04_06.php /help_04_07.php /help_04_08.php /help_04_09.php /help_04_10.php /help_04_11.php /help_04_12.php /help_05_01.php /help_05_02.php /help_05_03.php /help_05_04.php /help_05_05.php /help_05_06.php /help_05_07.php /help_05_08.php /help_05_09.php /help_05_10.php /help_05_11.php /help_05_12.php /help_06_01.php /help_06_02.php /help_06_03.php /help_06_04.php /help_06_05.php /help_06_06.php /help_06_07.php /help_06_08.php /help_06_09.php /help_06_10.php /help_06_11.php /help_06_12.php /help_07_01.php /help_07_02.php /help_07_03.php /help_07_04.php /help_07_05.php /help_07_06.php /help_07_07.php /help_07_08.php /help_07_09.php /help_07_10.php /help_07_11.php /help_07_12.php /help_08_01.php /help_08_02.php /help_08_03.php /help_08_04.php /help_08_05.php /help_08_06.php /help_08_07.php /help_08_08.php /help_08_09.php /help_08_10.php /help_08_11.php /help_08_12.php /help_09_01.php /help_09_02.php /help_09_03.php /help_09_04.php /help_09_05.php /help_09_06.php /help_09_07.php /help_09_08.php /help_09_09.php /help_09_10.php /help_09_11.php /help_09_12.php /help_10_01.php /help_10_02.php /help_10_03.php /help_10_04.php /help_10_05.php /help_10_06.php /help_10_07.php /help_10_08.php /help_10_09.php /help_10_10.php /help_10_11.php /help_10_12.php /help_11_01.php /help_11_02.php /help_11_03.php /help_11_04.php /help_11_05.php /help_11_06.php /help_11_07.php /help_11_08.php /help_11_09.php /help_11_10.php /help_11_11.php /help_11_12.php /help_12_01.php /help_12_02.php /help_12_03.php /help_12_04.php /help_12_05.php /help_12_06.php /help_12_07.php /help_12_08.php /help_12_09.php /help_12_10.php /help_12_11.php /help_12_12.php /help_13_01.php /help_13_02.php /help_13_03.php /help_13_04.php /help_13_05.php /help_13_06.php /help_13_07.php /help_13_08.php /help_13_09.php /help_13_10.php /help_13_11.php /help_13_12.php /help_14_01.php /help_14_02.php /help_14_03.php /help_14_04.php /help_14_05.php /help_14_06.php /help_14_07.php /help_14_08.php /help_14_09.php /help_14_10.php /help_14_11.php /help_14_12.php /help_15_01.php /help_15_02.php /help_15_03.php /help_15_04.php /help_15_05.php /help_15_06.php /help_15_07.php /help_15_08.php /help_15_09.php /help_15_10.php /help_15_11.php /help_15_12.php /help_16_01.php /help_16_02.php /help_16_03.php /help_16_04.php /help_16_05.php /help_16_06.php /help_16_07.php /help_16_08.php /help_16_09.php /help_16_10.php /help_16_11.php /help_16_12.php /help_17_01.php /help_17_02.php /help_17_03.php /help_17_04.php /help_17_05.php /help_17_06.php /help_17_07.php /help_17_08.php /help_17_09.php /help_17_10.php /help_17_11.php /help_17_12.php /help_18_01.php /help_18_02.php /help_18_03.php /help_18_04.php /help_18_05.php /help_18_06.php /help_18_07.php /help_18_08.php /help_18_09.php /help_18_10.php /help_18_11.php /help_18_12.php /help_19_01.php /help_19_02.php /help_19_03.php /help_19_04.php /help_19_05.php /help_19_06.php /help_19_07.php /help_19_08.php /help_19_09.php /help_19_10.php /help_19_11.php /help_19_12.php /help_20_01.php /help_20_02.php /help_20_03.php /help_20_04.php /help_20_05.php /help_20_06.php /help_20_07.php /help_20_08.php /help_20_09.php /help_20_10.php /help_20_11.php /help_20_12.php /help_21_01.php /help_21_02.php /help_21_03.php /help_21_04.php /help_21_05.php /help_21_06.php /help_21_07.php /help_21_08.php /help_21_09.php /help_21_10.php /help_21_11.php /help_21_12.php /help_22_01.php /help_22_02.php /help_22_03.php /help_22_04.php /help_22_05.php /help_22_06.php /help_22_07.php /help_22_08.php /help_22_09.php /help_22_10.php /help_22_11.php /help_22_12.php /help_23_01.php /help_23_02.php /help_23_03.php /help_23_04.php /help_23_05.php /help_23_06.php /help_23_07.php /help_23_08.php /help_23_09.php /help_23_10.php /help_23_11.php /help_23_12.php /help_24_01.php /help_24_02.php /help_24_03.php /help_24_04.php /help_24_05.php /help_24_06.php /help_24_07.php /help_24_08.php /help_24_09.php /help_24_10.php /help_24_11.php /help_24_12.php /help_25_01.php /help_25_02.php /help_25_03.php /help_25_04.php /help_25_05.php /help_25_06.php /help_25_07.php /help_25_08.php /help_25_09.php /help_25_10.php /help_25_11.php /help_25_12.php /help_26_01.php /help_26_02.php /help_26_03.php /help_26_04.php /help_26_05.php /help_26_06.php /help_26_07.php /help_26_08.php /help_26_09.php /help_26_10.php /help_26_11.php /help_26_12.php /help_27_01.php /help_27_02.php /help_27_03.php /help_27_04.php /help_27_05.php /help_27_06.php /help_27_07.php /help_27_08.php /help_27_09.php /help_27_10.php /help_27_11.php /help_27_12.php /help_28_01.php /help_28_02.php /help_28_03.php /help_28_04.php /help_28_05.php /help_28_06.php /help_28_07.php /help_28_08.php /help_28_09.php /help_28_10.php /help_28_11.php /help_28_12.php /help_29_01.php /help_29_02.php /help_29_03.php /help_29_04.php /help_29_05.php /help_29_06.php /help_29_07.php /help_29_08.php /help_29_09.php /help_29_10.php /help_29_11.php /help_29_12.php /help_30_01.php /help_30_02.php /help_30_03.php /help_30_04.php /help_30_05.php /help_30_06.php /help_30_07.php /help_30_08.php /help_30_09.php /help_30_10.php /help_30_11.php /help_30_12.php /help_31_01.php /help_31_02.php /help_31_03.php /help_31_04.php /help_31_05.php /help_31_06.php /help_31_07.php /help_31_08.php /help_31_09.php /help_31_10.php /help_31_11.php /help_31_12.php /index_01_01.php /index_01_02.php /index_01_03.php /index_01_04.php /index_01_05.php /index_01_06.php /index_01_07.php /index_01_08.php /index_01_09.php /index_01_10.php /index_01_11.php /index_01_12.php /index_02_01.php /index_02_02.php /index_02_03.php /index_02_04.php /index_02_05.php /index_02_06.php /index_02_07.php /index_02_08.php /index_02_09.php /index_02_10.php /index_02_11.php /index_02_12.php /index_03_01.php /index_03_02.php /index_03_03.php /index_03_04.php /index_03_05.php /index_03_06.php /index_03_07.php /index_03_08.php /index_03_09.php /index_03_10.php /index_03_11.php /index_03_12.php /index_04_01.php /index_04_02.php /index_04_03.php /index_04_04.php /index_04_05.php /index_04_06.php /index_04_07.php /index_04_08.php /index_04_09.php /index_04_10.php /index_04_11.php /index_04_12.php /index_05_01.php /index_05_02.php /index_05_03.php /index_05_04.php /index_05_05.php /index_05_06.php /index_05_07.php /index_05_08.php /index_05_09.php /index_05_10.php /index_05_11.php /index_05_12.php /index_06_01.php /index_06_02.php /index_06_03.php /index_06_04.php /index_06_05.php /index_06_06.php /index_06_07.php /index_06_08.php /index_06_09.php /index_06_10.php /index_06_11.php /index_06_12.php /index_07_01.php /index_07_02.php /index_07_03.php /index_07_04.php /index_07_05.php /index_07_06.php /index_07_07.php /index_07_08.php /index_07_09.php /index_07_10.php /index_07_11.php /index_07_12.php /index_08_01.php /index_08_02.php /index_08_03.php /index_08_04.php /index_08_05.php /index_08_06.php /index_08_07.php /index_08_08.php /index_08_09.php /index_08_10.php /index_08_11.php /index_08_12.php /index_09_01.php /index_09_02.php /index_09_03.php /index_09_04.php /index_09_05.php /index_09_06.php /index_09_07.php /index_09_08.php /index_09_09.php /index_09_10.php /index_09_11.php /index_09_12.php /index_10_01.php /index_10_02.php /index_10_03.php /index_10_04.php /index_10_05.php /index_10_06.php /index_10_07.php /index_10_08.php /index_10_09.php /index_10_10.php /index_10_11.php /index_10_12.php /index_11_01.php /index_11_02.php /index_11_03.php /index_11_04.php /index_11_05.php /index_11_06.php /index_11_07.php /index_11_08.php /index_11_09.php /index_11_10.php /index_11_11.php /index_11_12.php /index_12_01.php /index_12_02.php /index_12_03.php /index_12_04.php /index_12_05.php /index_12_06.php /index_12_07.php /index_12_08.php /index_12_09.php /index_12_10.php /index_12_11.php /index_12_12.php /index_13_01.php /index_13_02.php /index_13_03.php /index_13_04.php /index_13_05.php /index_13_06.php /index_13_07.php /index_13_08.php /index_13_09.php /index_13_10.php /index_13_11.php /index_13_12.php /index_14_01.php /index_14_02.php /index_14_03.php /index_14_04.php /index_14_05.php /index_14_06.php /index_14_07.php /index_14_08.php /index_14_09.php /index_14_10.php /index_14_11.php /index_14_12.php /index_15_01.php /index_15_02.php /index_15_03.php /index_15_04.php /index_15_05.php /index_15_06.php /index_15_07.php /index_15_08.php /index_15_09.php /index_15_10.php /index_15_11.php /index_15_12.php /index_16_01.php /index_16_02.php /index_16_03.php /index_16_04.php /index_16_05.php /index_16_06.php /index_16_07.php /index_16_08.php /index_16_09.php /index_16_10.php /index_16_11.php /index_16_12.php /index_17_01.php /index_17_02.php /index_17_03.php /index_17_04.php /index_17_05.php /index_17_06.php /index_17_07.php /index_17_08.php /index_17_09.php /index_17_10.php /index_17_11.php /index_17_12.php /index_18_01.php /index_18_02.php /index_18_03.php /index_18_04.php /index_18_05.php /index_18_06.php /index_18_07.php /index_18_08.php /index_18_09.php /index_18_10.php /index_18_11.php /index_18_12.php /index_19_01.php /index_19_02.php /index_19_03.php /index_19_04.php /index_19_05.php /index_19_06.php /index_19_07.php /index_19_08.php /index_19_09.php /index_19_10.php /index_19_11.php /index_19_12.php /index_20_01.php /index_20_02.php /index_20_03.php /index_20_04.php /index_20_05.php /index_20_06.php /index_20_07.php /index_20_08.php /index_20_09.php /index_20_10.php /index_20_11.php /index_20_12.php /index_21_01.php /index_21_02.php /index_21_03.php /index_21_04.php /index_21_05.php /index_21_06.php /index_21_07.php /index_21_08.php /index_21_09.php /index_21_10.php /index_21_11.php /index_21_12.php /index_22_01.php /index_22_02.php /index_22_03.php /index_22_04.php /index_22_05.php /index_22_06.php /index_22_07.php /index_22_08.php /index_22_09.php /index_22_10.php /index_22_11.php /index_22_12.php /index_23_01.php /index_23_02.php /index_23_03.php /index_23_04.php /index_23_05.php /index_23_06.php /index_23_07.php /index_23_08.php /index_23_09.php /index_23_10.php /index_23_11.php /index_23_12.php /index_24_01.php /index_24_02.php /index_24_03.php /index_24_04.php /index_24_05.php /index_24_06.php /index_24_07.php /index_24_08.php /index_24_09.php /index_24_10.php /index_24_11.php /index_24_12.php /index_25_01.php /index_25_02.php /index_25_03.php /index_25_04.php /index_25_05.php /index_25_06.php /index_25_07.php /index_25_08.php /index_25_09.php /index_25_10.php /index_25_11.php /index_25_12.php /index_26_01.php /index_26_02.php /index_26_03.php /index_26_04.php /index_26_05.php /index_26_06.php /index_26_07.php /index_26_08.php /index_26_09.php /index_26_10.php /index_26_11.php /index_26_12.php /index_27_01.php /index_27_02.php /index_27_03.php /index_27_04.php /index_27_05.php /index_27_06.php /index_27_07.php /index_27_08.php /index_27_09.php /index_27_10.php /index_27_11.php /index_27_12.php /index_28_01.php /index_28_02.php /index_28_03.php /index_28_04.php /index_28_05.php /index_28_06.php /index_28_07.php /index_28_08.php /index_28_09.php /index_28_10.php /index_28_11.php /index_28_12.php /index_29_01.php /index_29_02.php /index_29_03.php /index_29_04.php /index_29_05.php /index_29_06.php /index_29_07.php /index_29_08.php /index_29_09.php /index_29_10.php /index_29_11.php /index_29_12.php /index_30_01.php /index_30_02.php /index_30_03.php /index_30_04.php /index_30_05.php /index_30_06.php /index_30_07.php /index_30_08.php /index_30_09.php /index_30_10.php /index_30_11.php /index_30_12.php /index_31_01.php /index_31_02.php /index_31_03.php /index_31_04.php /index_31_05.php /index_31_06.php /index_31_07.php /index_31_08.php /index_31_09.php /index_31_10.php /index_31_11.php /index_31_12.php /ingenious_/28.01/ivan.php