# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Reference: https://twitter.com/ViriBack/status/1023286939858939906 http://5.8.88.25 # Reference: https://www.bleepingcomputer.com/news/security/azorult-trojan-serving-aurora-ransomware-by-malactor-oktropys/ lulaaura.top # Reference: https://samples.vx-underground.org/APTs/2010/2010.01.27/Paper/Operation%20Aurora%20Detect%20Diagnose%20Respond.pdf 33iqst.com 360.homeunix.com blog1.serverbeer.com demo1.ftpaccess.cc ftp2.homeunix.com s11.homelinux.org update.ourhobby.com # Reference: https://www.virustotal.com/gui/file/5e449a2664be9d024e78d660e9cad4099c64bb7d91fb40d08459dec274de02dc/detection a0653691.xsph.ru /AuroraLoader/check.txt /AuroraLoader/CheckAccount.php?jopa= /AuroraLoader/LoaderVersion.php?jopa= /AuroraNEW/check.txt /AuroraNEW/CheckAccount.php?jopa= /AuroraNEW/LoaderVersion.php?jopa= # Reference: https://twitter.com/crep1x/status/1592270231585816576 # Reference: https://www.virustotal.com/gui/file/0878bfc99e884abac4cba8339944045ccf16c99c942dc681729b152a3a9e6f25/detection 45.15.156.97:8081 # Reference: https://blog.sekoia.io/aurora-a-rising-stealer-flying-under-the-radar/#h-aurora-c2 # Reference: https://otx.alienvault.com/pulse/637baa6081d4bafd9cb4afec 138.201.92.44:8081 146.19.24.118:8081 167.235.233.95:9865 185.173.36.94:8081 185.209.22.98:8081 193.233.48.15:9865 37.220.87.2:8081 45.137.65.190:8081 45.144.30.146:8081 45.15.156.115:8081 45.15.156.22:8081 45.15.156.33:8081 45.15.156.80:8081 45.15.157.137:8081 49.12.222.119:8081 49.12.97.28:8081 5.9.85.111:8081 65.108.253.85:8081 65.109.25.109:8081 78.153.144.31:8081 81.19.140.21:8081 82.115.223.218:8081 85.192.63.114:8081 89.208.104.160:8081 95.214.55.225:8081 cheatcloud.info winsoft.cloud # Reference: https://twitter.com/James_inthe_box/status/1594750999759310849 # Reference: https://twitter.com/ViriBack/status/1594758845297229824 # Reference: https://app.any.run/tasks/241b198d-622a-4d57-989c-84690b82d99b/ 37.220.87.2:8081 # Reference: https://twitter.com/malwrhunterteam/status/1595119413384314880 # Reference: https://www.virustotal.com/gui/file/533d6c8a642edd24cd046a6749655e7463548adfa3585ef0a7efe63515090d8f/detection 212.86.108.41:7000 212.86.108.41:8081 # Reference: https://twitter.com/idclickthat/status/1595082222851481600 # Reference: https://tria.ge/221122-s1r7wscd21/behavioral6 # Reference: https://www.virustotal.com/gui/file/04b2edcc9d62923a37ef620f622528d70edab52ccd340981490046ad3aa255e5/detection 79.137.195.171:8081 mividajugosa.com # Reference: https://twitter.com/ViriBack/status/1597746330830794752 http://45.137.65.190 http://45.15.156.24 http://45.15.156.33 http://45.15.157.137 http://49.12.222.119 http://65.108.225.214 http://82.115.223.218 # Reference: https://twitter.com/malwrhunterteam/status/1599001245804814339 # Reference: https://www.virustotal.com/gui/file/15a24027de069f52e9ad493901e91e110e5ca64630ac30a57ba07a827fca832a/detection 85.192.63.42:8081 # Reference: https://twitter.com/0xToxin/status/1600510379586719746 # Reference: https://tria.ge/221204-rtkc2agc97/behavioral2 185.17.0.138:8081 # Reference: https://www.virustotal.com/gui/file/d8e22530aa884e9e742a102f9acb53a2727b749dac4489c72b37782e2ec6383e/detection # Reference: https://www.virustotal.com/gui/file/af1f5335d497726e81237f3049d3918c32f8ac999b9ca21cf3535a57162f0fc9/detection 62.204.41.3:8081 # Reference: https://www.virustotal.com/gui/file/02074294a16b02d4deb61f85f16c2ef3847f47cf5c53c5c15c011a854486f1ef/detection 89.107.10.175:8081 # Reference: https://www.virustotal.com/gui/file/911ad4d55923322ce584ffe2478a37e9d39875611f09b1059592376f1d2f87bb/detection 37.139.129.125:8081 # Reference: https://twitter.com/0xrb/status/1607255904831037443 # Reference: https://threatfox.abuse.ch/browse/tag/Aurora%20Stealer/ (26 Dec 2022) 103.179.143.146:8081 116.203.236.141:8081 135.181.197.26:8081 152.89.247.30:8081 172.86.122.46:8081 176.124.216.38:8081 185.106.93.245:8081 185.106.93.246:8081 185.106.93.251:8081 191.101.130.41:8081 193.42.33.110:8081 193.42.33.176:8081 193.42.33.5:8081 194.113.106.228:8081 195.123.217.171:8081 195.43.142.218:8081 20.68.243.166:8081 213.239.213.187:8081 23.88.97.138:8081 3.238.130.38:8081 45.10.40.246:8081 45.138.74.160:8081 45.15.156.140:8081 45.15.156.26:8081 45.15.156.83:8081 45.15.157.142:8081 45.32.79.170:8081 49.12.245.165:8081 5.75.160.178:8081 65.109.12.241:8081 77.73.131.156:8081 77.73.134.10:8081 77.73.134.27:8081 77.73.134.57:8081 77.73.134.7:8081 78.47.192.53:8081 79.137.206.138:8081 82.115.223.138:8081 82.115.223.249:8081 85.192.63.158:8081 87.251.77.59:8081 89.23.100.223:8081 95.179.187.111:8081 # Reference: https://threatfox.abuse.ch/browse/malware/win.aurora_stealer/ (29 Dec 2022) http://103.179.143.146 http://116.203.236.141 http://135.181.197.26 http://152.89.247.30 http://172.86.122.46 http://176.124.216.38 http://185.106.93.245 http://185.106.93.246 http://191.101.130.41 http://193.42.33.110 http://193.42.33.176 http://193.42.33.5 http://194.113.106.228 http://195.123.217.171 http://195.43.142.218 http://213.239.213.187 http://23.88.97.138 http://45.10.40.246 http://45.138.74.160 http://45.15.156.135 http://45.15.156.140 http://45.15.156.184 http://45.15.156.22 http://45.15.156.67 http://45.15.156.70 http://45.15.157.142 http://45.32.79.170 http://49.12.245.165 http://5.75.160.178 http://65.109.12.241 http://77.73.131.156 http://77.73.134.57 http://77.73.134.7 http://78.47.222.65 http://79.137.206.138 http://82.115.223.138 http://82.115.223.249 http://89.107.10.180 http://89.23.100.223 http://95.179.187.111 129.146.9.178:8081 147.124.212.238:8081 167.235.141.208:8081 185.246.220.16:8081 194.87.31.137:777 2.232.150.231:8081 217.195.155.154:8081 37.220.87.13:8081 45.15.156.130:8081 45.15.156.135:8081 45.15.156.184:8081 45.15.156.59:8081 45.15.156.67:8081 45.15.156.70:8081 45.86.86.197:8081 49.12.190.58:8081 5.199.169.19:8081 65.108.225.214:8081 77.73.133.57:8081 77.73.134.55:9865 78.47.222.65:8081 89.107.10.180:8081 allsoftware.store kvitochka.store # Reference: https://twitter.com/1ZRR4H/status/1615029840520032256 # Reference: https://www.virustotal.com/gui/file/3d242f0d9a6e40018c226e162c1b70c3cfdeb25b20d42d8f05e107070040f5b2/detection 195.123.218.52:8081 ahydk.click # Reference: https://isc.sans.edu/diary/rss/29448 # Reference: https://otx.alienvault.com/pulse/63c8222df2bcbec18baaf78f 79.137.133.225:8081 notopod-plos-plus.com obsqroject.com # Reference: https://twitter.com/DonPasci/status/1616461046360805382 # Reference: https://www.virustotal.com/gui/ip-address/104.21.74.62/relations # Reference: https://tria.ge/230120-sy37daaf9t/behavioral1 45.15.156.210:8081 battlenet-install.top driver-updates.site kodfem.hemsida.eu # Reference: https://tria.ge/230122-ffpj2sha8z 45.15.156.242:8081 # Reference: https://tria.ge/230121-yzzhgadg24/behavioral1 2.232.150.231:8081 servicestarting.hopto.org # Reference: https://tria.ge/230121-vddgbsdb36/behavioral2 95.217.235.8:8081 # Reference: https://tria.ge/230118-llkqyaaf9t/static1 85.209.135.29:8081 # Reference: https://twitter.com/Artilllerie/status/1618980737679765504 notepad-setup.top # Reference: https://twitter.com/Artilllerie/status/1620018615725735936 # Reference: https://twitter.com/Artilllerie/status/1620094871515316224 # Reference: https://twitter.com/JAMESWT_MHT/status/1620062867860111361 # Reference: https://twitter.com/DonPasci/status/1620059736837361666 # Reference: https://tria.ge/230130-q5gkvaaf39 notepad-editor.space notepad-install.top rocketpool-net.website goverment.duckdns.org # Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Aurora_Stealer/Aurora_C2s_09_02_2023.txt http://167.235.60.69 http://176.124.214.54 http://185.106.93.132 http://185.106.93.199 http://185.106.93.203 http://193.188.23.177 http://45.15.156.153 http://45.15.156.172 http://45.15.156.175 http://45.15.156.187 http://45.15.156.206 http://45.15.156.210 http://45.15.156.219 http://45.15.156.220 http://45.15.156.234 http://45.15.156.246 http://45.15.156.250 http://45.9.74.11 http://79.137.133.225 http://89.22.227.50 http://94.142.138.14 http://94.142.138.15 http://94.142.138.18 http://94.142.138.22 http://94.142.138.23 http://94.142.138.28 http://94.142.138.30 http://94.142.138.32 http://94.142.138.34 http://94.142.138.36 http://94.142.138.38 http://94.142.138.6 # Reference: https://twitter.com/TrackerC2Bot/status/1612428317814128640 82.115.223.77:8081 # Reference: https://twitter.com/ULTRAFRAUD/status/1625557844371144707 download-nwidia.website # Reference: https://twitter.com/abuse_ch/status/1625755033085087744 # Reference: https://www.virustotal.com/gui/ip-address/104.21.2.12/relations driver-nvidia.site nvidia.services nvidia1.top # Reference: https://twitter.com/AnFam17/status/1625990921488674816 # Reference: https://www.virustotal.com/gui/ip-address/45.9.74.21/relations # Reference: https://www.virustotal.com/gui/file/aa349ad45bb48e85b5cd1b55308ae835353859219f28ece9685c8ae552e8e63a/detection 185.106.93.135:8081 app-python.com pyithon.com python-acc.com python-app-software.com python-application.com # Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Aurora_Stealer/Aurora_Panel_scan_16-02-2023_01-01-07.txt http://159.69.108.164 http://45.15.157.130 http://94.142.138.29 http://94.142.138.60 # Reference: https://twitter.com/spicy_bear_/status/1628473821878534144 http://85.192.63.49 http://9.152.217.95 # Reference: https://twitter.com/0xrb/status/1628611690274385922 http://107.182.129.73 http://109.172.45.197 http://135.181.107.76 http://147.124.212.238 http://157.245.55.151 http://157.90.232.2 http://157.90.241.140 http://159.69.80.167 http://162.55.126.111 http://163.172.13.53 http://167.235.134.202 http://167.235.147.73 http://167.235.18.89 http://176.124.201.212 http://176.124.210.153 http://185.106.93.135 http://185.17.0.138 http://185.181.10.117 http://185.197.160.20 http://185.219.220.239 http://185.219.80.224 http://185.239.239.194 http://185.62.56.10 http://193.233.20.134 http://193.29.62.24 http://193.42.33.157 http://194.104.136.143 http://199.247.24.79 http://2.232.150.231 http://212.192.31.29 http://37.220.87.13 http://45.128.234.60 http://45.144.30.146 http://45.15.156.147 http://45.15.156.221 http://45.15.156.224 http://45.15.156.249 http://45.15.156.59 http://45.15.156.86 http://45.151.144.19 http://45.61.139.86 http://45.84.1.87 http://46.105.147.137 http://5.75.144.249 http://5.75.175.231 http://77.83.173.136 http://77.91.77.67 http://80.92.204.59 http://82.115.223.135 http://82.115.223.190 http://82.115.223.51 http://82.115.223.64 http://85.192.63.77 http://85.209.135.29 http://87.251.77.59 http://89.23.97.58 http://94.130.27.94 http://94.142.138.100 http://94.142.138.50 http://94.142.138.64 http://94.142.138.73 http://94.142.138.88 http://94.142.138.94 http://95.215.108.15 http://95.217.152.9 http://95.217.193.56 http://95.217.235.8 107.182.129.73:8081 109.172.45.197:8081 135.181.107.76:8081 145.239.202.13:8081 157.90.232.2:8081 157.90.241.140:8081 159.69.80.167:8081 163.172.13.53:8081 167.235.134.202:8081 167.235.147.73:8081 167.235.18.89:8081 167.235.60.69:8081 176.124.201.212:8081 176.124.210.153:8081 176.124.214.54:8081 185.106.93.132:8081 185.106.93.193:8081 185.106.93.199:8081 185.106.93.203:8081 185.106.93.247:8081 185.181.10.117:8081 185.219.220.239:8081 185.219.80.224:8081 185.62.56.10:8081 193.188.23.177:8081 193.233.20.134:8081 193.29.62.24:8081 195.123.217.108:8081 199.247.24.79:8081 212.113.106.47:8081 212.162.152.199:8081 212.192.31.29:8081 213.166.71.21:8081 45.128.234.60:8081 45.132.106.77:8081 45.144.31.252:8081 45.15.156.147:8081 45.15.156.151:8081 45.15.156.153:8081 45.15.156.172:8081 45.15.156.175:8081 45.15.156.182:8081 45.15.156.187:8081 45.15.156.206:8081 45.15.156.209:8081 45.15.156.219:8081 45.15.156.220:8081 45.15.156.221:8081 45.15.156.224:8081 45.15.156.234:8081 45.15.156.246:8081 45.15.156.249:8081 45.15.156.250:8081 45.15.156.54:8081 45.15.156.7:8081 45.15.156.86:8081 45.15.157.130:8081 45.151.144.19:8081 45.61.139.86:8081 45.84.1.87:8081 45.9.74.11:8081 45.9.74.87:8081 46.105.147.137:8081 49.12.203.54:8081 5.34.180.208:8081 5.75.144.249:8081 5.75.175.231:8081 65.109.216.5:8081 77.83.173.136:8081 77.91.124.12:8081 77.91.68.46:8081 77.91.77.67:8081 79.20.32.223:8081 82.115.223.135:8081 82.115.223.51:8081 82.115.223.64:8081 85.192.63.77:8081 87.251.77.225:8081 89.22.227.50:8081 89.22.237.237:8081 89.23.97.58:8081 94.130.27.94:8081 94.142.138.100:8081 94.142.138.14:8081 94.142.138.18:8081 94.142.138.22:8081 94.142.138.23:8081 94.142.138.29:8081 94.142.138.32:8081 94.142.138.34:8081 94.142.138.36:8081 94.142.138.38:8081 94.142.138.4:8081 94.142.138.50:8081 94.142.138.60:8081 94.142.138.64:8081 94.142.138.6:8081 94.142.138.73:8081 94.142.138.88:8081 94.142.138.94:8081 95.215.108.15:8081 95.217.152.9:8081 95.217.193.56:8081 java-download1.space java-download2.space java-download3.space miracleapps.store notepad-download.online notepad-plus-plus-setup.top nvidia-geforce1.space nvidia-geforce2.space nvidia-geforce3.space nvidia.agency nvidia.best nvidio-geforce.info nvidio-geforce.site nvidio-geforce.us nvidio-geforce.website nvidio-qeforce.info nvidio-qeforce.site nvidio-qeforce.us nvidio-qeforce.website nvldio-geforce.info nvldio-geforce.site nvldio-geforce.us nvldio-geforce.website python-official.xyz software-planet.ru # Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Aurora_Stealer/txt/Aurora_Panel_scan_02-03-2023_19-30-23.txt http://116.203.245.173 http://157.90.239.70 http://82.115.223.9 # Reference: https://otx.alienvault.com/pulse/63e3def42a1475e6733f2b1d # Reference: https://www.virustotal.com/gui/ip-address/37.220.83.95/relations # Reference: https://www.virustotal.com/gui/ip-address/5.178.2.159/relations # Reference: https://www.virustotal.com/gui/file/002369fd9eec709ae250b39a46ce21ec64c586249e610145f9beca933b302efe/detection advert-panel.ru advert-panel.site annemarieotey.com anyfisolusi.com awesomemainer.top black-socks.org bluecentury.org cgminer.top coinsupport-online.com comm-agentsupport.com confirmation-setup.com cryptowat.top cryptowatch.top duinvest.info duncan-technologies.net enigma-soft.com expresswebstores.com fgpprlaw.com footballmeta.com gfcitservice.net listfoo.org master-yoga.top metatrader.top mikefaw.com msi-afterburner.top online-securesetup.com otameyshan.com peak-pjv.com repossessionheadquarters.org samsontech.mobi shiptrax24.com southfirstarea.com styleselect.com sublimetext.top thebtcrevolution.com virtualmediaoffice.com # Reference: https://twitter.com/1ZRR4H/status/1631718258431729673 # Reference: https://virustotal.com/gui/ip-address/31.31.196.67/relations anydesk-anydesk.org anydeskdestkop.com bitcoin-futur.com bittorrent-download.me bittorrent-download.net bittorrent-download.xyz bittorrent.icu bittorrent.live bittorrentdownload.net bittorrentdownloadfree.com bittorrentfree.com blluestack.me bluaestack.club bluastaack.app bluastacks.biz bluastacks.com bluasteaks.com bluasteaks.net bluastec.org bluastec.xyz bluastecks.icu bluelivestock.com bluepilesoft.com blueshock.app blueshock5.com blueshockapp.com blueshockget.com blueshocksetup.com blueslack.com blueslacks.net blueslacksoft.com bluestack-app.net bluestack-get.com bluestack-get.net bluestack-install.com bluestack-setup.com bluestack-soft.com bluestack-soft.net bluestack-software.com bluestack.cloud bluestack.club bluestack.fun bluestackapps.com bluestackapps.net bluestackaps.net bluestackfive.com bluestackget.com bluestackget.net bluestackgroupup.com bluestackinstall.com bluestackios.com bluestacks-5.net bluestacks-game.net bluestacks-games.com bluestacks-games.org bluestacks-setup.net bluestacks-soft.com bluestacks-software.com bluestacks10.net bluestacksgame.com bluestacksget.com bluestacksinstall.com bluestacksinstallation.com bluestacksinternet.com bluestacksinternet.net bluestacksoftware.com bluestackssoft.com bluestackssoftware.com bluestacksweb.com bluestackweb.com bluestacsoft.com bluestak.biz bluestask-app.com bluestaskapp.com bluestockapp.com bluestockinstate.com bluestockinstone.com bluestockst.com bluestocktank.com bluslack.com blustacksoft.com blustackst.com bluustackapp.com bluustacks-app.com bluustacks.com blyestack.one chat-gpt-app.net chat-gpt-get.com chat-gpt-portable.com chat-gpt-soft.com chat-gpt.run chat-gpt.studio chat-gtp.icu chatgpt-2023.com chatgpt-2023.online chatgpt-app.art chatgpt-desktop.com chatgpt-download.com chatgpt-download.me chatgpt-download.xyz chatgpt-downloads.com chatgpt-install.com chatgpt-login.net chatgpt-login.xyz chatgpt-official.com chatgpt-online.me chatgpt-online.xyz chatgpt-portable.com chatgpt-setup.com chatgpt-setup.net chatgpt-software.com chatgptdesktop.net chatgptdesktop.org chatgptdownload.net chatgptget.com chatgptlog.org chatgptlow.com chatgptportable.com chatgptsetup.com chatgtp.icu chatgtpget.com crypto-trends2022.com desktop-chatgpt.com desktopchatgpt.com downstacks.com downstacksoft.com fastchap-gpt.com fastchapgpt.com gpt-chat-instal.com gpt-chat.icu gpt-chat.live gpt-chat.me gptchat-portable.com gptchat.tools gptchatai.net gptchatai.org gptchatcom.icu gptchatinstal.com gptchatlogin.com gptchatlogin.org gptchatportable.com gptchatstock.com gptonlinechat.xyz gpuz-tech.com gpuz-tech.org installchatgpt.net installchatgptapp.com java-login.com java-official.com java-official.org java-pc.cloud java-pc.live java-sc.net java-script.space java-script.xyz java-site.com java-text.com javaapp.xyz javacomp.xyz javadestkop.com javafistofficial.com javalog.net javaofficial.com javaofficial.site javasc.net javascriptofficial.com javascriptofficialsite.dev javasetup.com javasite.org javatext.info js-get.com kmspico-2023.net kmspico-activator.org kmspico2023-official.com kmspico2023official.com kmspico2023official.net kmspicoofficial2023.net kmspicoofficialsite.com meta-tradler5.com metatradler5.com official-bluestack.com official-bluestacks.com officialbitcoin-up.com officialbluestack.com officialbluestacks.com phyton.site phytonsite.xyz python-desktop.com python-official.com python-official.site python-official.space pythonofficial.info pythonofficial.net pythonofficial.org roboterra.one roboterra.xyz robottera.one robottera.xyz signai.org signal-download.com signal-download.org signal-login.com signal-official.com signal-setup.com signaldownload.info signalofficial.net signalsetup.com signalsetup.net signalsignin.com slkype-app.com slkypeapp.com stargate-financing.net stargatefinancenews.com stargatefinancial.net stargatefinancing.com stargateofinances.com stargateofinancing.com teamgram.pro # Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Aurora_Stealer/txt/Aurora_Panel_scan_10-03-2023_23-35-20.txt http://103.184.97.117 http://116.203.245.147 http://195.201.230.5 http://37.220.87.8 http://45.9.74.87 http://94.131.112.108 http://94.142.138.132 http://94.142.138.137 http://94.142.138.144 http://94.142.138.164 http://94.142.138.185 http://94.142.138.93 http://94.142.138.95 # Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Aurora_Stealer/txt/Aurora_Panel_scan_16-03-2023_19-44-10.txt http://138.201.198.8 http://89.208.142.245 http://94.142.138.71 http://95.140.158.196 # Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Aurora_Stealer/txt/Aurora_Panel_scan_23-03-2023_19-18-41.txt http://45.88.106.253 http://5.75.171.250 http://94.142.138.176 http://95.217.44.147 # Reference: https://www.virustotal.com/gui/file/07b974442b53035b8d057a7b429c191fe71f149a698041b005ee85645a89c165/detection 212.87.204.93:8081 # Reference: https://threatfox.abuse.ch/browse/malware/win.aurora_stealer/ (25 Mar 2023) http://77.91.77.163 http://77.91.85.73 http://81.161.229.227 http://92.119.231.161 http://94.142.138.111 http://94.142.138.215 5.75.171.250:8081 77.91.77.163:8081 77.91.85.73:8081 81.161.229.227:8081 94.142.138.111:8081 94.142.138.29:456 95.217.44.147:8081 # Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Aurora_Stealer/txt/Aurora_Panel_scan_30-03-2023_19-38-36.txt http://167.235.148.216 http://212.87.204.93 http://37.220.87.50 http://45.15.156.237 http://77.91.77.236 http://79.137.204.106 http://94.142.138.236 # Reference: https://twitter.com/AlvieriD/status/1643597470012784641 http://79.137.197.61 # Reference: https://twitter.com/0xrb/status/1645684586746191873 # Reference: https://threatfox.abuse.ch/browse/malware/win.aurora_stealer/ (11 Apr 2023) http://116.203.69.241 http://135.181.89.118 http://141.255.162.222 http://141.98.6.253 http://168.119.234.111 http://176.124.200.101 http://176.126.85.210 http://185.106.93.153 http://185.216.13.190 http://37.220.87.58 http://41.216.182.181 http://45.15.156.158 http://45.15.156.165 http://45.15.156.176 http://45.15.156.182 http://45.9.74.156 http://77.91.84.147 http://79.137.203.193 http://79.137.205.173 http://82.115.223.34 http://84.54.50.28 http://91.107.231.13 http://94.131.112.184 http://94.142.138.147 http://94.142.138.151 http://94.142.138.84 http://95.216.154.91 103.184.97.117:8081 103.195.103.54:8081 104.248.91.138:8081 104.37.173.104:8081 116.203.245.147:8081 116.203.245.173:8081 116.203.69.241:8081 135.181.89.118:8081 138.201.198.8:8081 141.255.162.222:8081 141.98.6.253:8081 157.90.239.70:8081 159.69.108.164:8081 167.235.148.216:8081 168.119.234.111:8081 176.124.200.101:8081 176.126.85.210:8081 185.216.13.190:8081 195.201.230.5:8081 37.220.87.50:8081 37.220.87.8:8081 41.216.182.181:8081 45.15.156.158:8081 45.15.156.165:8081 45.15.156.174:8081 45.15.156.176:8081 45.15.156.237:8081 45.88.106.253:8081 65.108.142.123:8081 77.91.77.236:8081 77.91.84.147:8081 79.137.197.61:8081 79.137.203.193:8081 79.137.204.106:456 79.137.204.106:8081 79.137.205.173:8081 82.115.223.34:8081 82.115.223.9:8081 84.54.50.28:8081 89.208.142.245:8081 91.107.231.13:8081 92.119.231.161:8081 94.131.112.108:8081 94.131.112.184:8081 94.142.138.112:8081 94.142.138.132:8081 94.142.138.137:8081 94.142.138.144:8081 94.142.138.147:8081 94.142.138.151:8081 94.142.138.164:8081 94.142.138.176:8081 94.142.138.185:8081 94.142.138.236:8081 94.142.138.30:8081 94.142.138.71:35774 94.142.138.71:8081 94.142.138.84:8081 94.142.138.93:8081 94.142.138.95:8081 95.140.158.196:8081 95.216.154.91:8081 # Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Aurora_Stealer/csv/Aurora_2023-04-13_16-48-41.csv http://94.142.138.104 http://94.142.138.198 http://94.142.138.245 # Reference: https://twitter.com/osipov_ar/status/1649087073738014723 # Reference: https://blog.morphisec.com/in2al5d-p3in4er # Reference: https://otx.alienvault.com/pulse/643eea91789e4a0752ffd25c 94.142.138.218:4561 all-free-software.online allfreesoftware.online chatgptex.us cv-builder.site mid-journey.org midj0urney.org siamaster.com.mx ai.midj0urney.org get.mid-journey.org # Reference: https://threatfox.abuse.ch/browse/malware/win.aurora_stealer/ (# 29 Apr 2023) http://65.109.157.119 http://89.208.103.78 http://94.130.176.65 http://94.142.138.165 http://94.142.138.173 104.248.91.138:12121 104.248.91.138:456 104.248.91.138:58010 185.106.93.153:456 185.106.93.153:8081 199.127.62.3:8081 65.109.157.119:8081 65.109.26.115:8081 89.208.103.78:8081 94.130.176.65:8081 94.142.138.165:8081 94.142.138.166:8081 94.142.138.173:8081 94.142.138.218:8081 94.142.138.25:8081 # Reference: https://www.virustotal.com/gui/file/8a39f1c4d26805b60ed234c2cf42e2fd33bcd81b0676a4c8f3cb1dddb0f76046/detection # Reference: https://www.virustotal.com/gui/file/09481f3647c184825e7de06bb592164c7d4c90b2720b007cbd54b2ef6e5980d3/detection http://185.106.93.237 185.106.93.237:56763 185.106.93.237:6378 # Reference: https://www.virustotal.com/gui/file/1d8a86f270c02120611baf7ad6a90c15d5d600b555e9584a0f0beea382324ea1/detection 185.106.93.237:21678 185.106.93.237:26777 185.106.93.237:44697 # Reference: https://www.virustotal.com/gui/file/0d7dc7413dd3f25fcd45de53fc5feebcb3eb5b5517ae1c07469c9072ef9eb9cf/detection 185.106.93.237:15744 185.106.93.237:17825 185.106.93.237:24638 185.106.93.237:25912 185.106.93.237:30763 # Reference: https://www.malwarebytes.com/blog/threat-intelligence/2023/05/fake-system-update-drops-new-highly-evasive-loader 103.195.103.54:443 # Reference: https://www.malwarebytes.com/blog/threat-intelligence/2023/05/fake-system-update-drops-new-highly-evasive-loader # Reference: https://otx.alienvault.com/pulse/645d079328a1ef668409ac53 04042023.ru activedebian.ru activehdd.ru activessd.ru activessd6.ru chistauyavoda.ru click7adilla.ru clickaineasdfer.ru evatds.ru grhfgetraeg6yrt.site moskovpizda.ru oled8kultra.ru oled8kultra.site pochelvpizdy.ru qqtube.ru shluhapizdec.ru xhamster-18.ru xxxxxxxxxxxxxxx.ru # Reference: https://www.esentire.com/blog/esentire-threat-intelligence-malware-analysis-aurora-stealer # Reference: https://otx.alienvault.com/pulse/64944b41915f5405ef355ef4 passcape.com # Reference: https://twitter.com/idclickthat/status/1782882684072526280 # Reference: https://www.virustotal.com/gui/file/fa546f0e69f544dfd517d91e795adcd6e092a448c609b9bd2940dfa0895b9cb8/detection bybitdesktop.com ohyoulookstupid.win api.ohyoulookstupid.win r2.ohyoulookstupid.win # Reference: https://x.com/banthisguy9349/status/1806736491097296979 http://45.88.91.74 45.88.91.74:443