# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Aliases: azorachin, azorult, dt-stealer, moksteal # Reference: https://www.proofpoint.com/us/threat-insight/post/new-version-azorult-stealer-improves-loading-features-spreads-alongside briancobert.com # Reference: http://cybercrime-tracker.net/index.php?search=AZORult 00v.xyz 0131.ga 4max.xyz accqweqweazo.com ad.icab.pk aimnawnt.beget.tech akingu.bit.md-98.webhostbox.net alexblog24.p-host.in among3919.com andreimolchanov.siteme.org art4.xyz asdfz.ru azorneutrino.com banckofamerica.info benchadcrd.nl bitcoalko.com bitscoinsme.com blackexploitz.net bmagikleak.website bucscrup.ru cc33782.tmweb.ru ch.baskpower.com coinbitbot.ru cresbuy.ga crypto-e.org cryptopiabot.cc cryptopiasupport.co cryptotrust.today.md-35.webhostbox.net defaultbrowser.xyz donperenion.com doueven.click druvan.xyz elowpuki.com elysium-inc.pro elysium-ltd.pro ernazar.tk eualube.com fde4.tk fdsv.ml feamleys.com flash-piayer-update.com.md-90.webhostbox.net fsdf.ga gmx7.com gob.grantflaskparty.com gohithatsandrof.win grantflaskparty.com hallojab.co.ua hellojab.com hhamay.website holidey.pw hondobakr.top hotbest-apps.com iddqdp.pw imbaxqxq.org inc0de.gq kalakhomes.club kamyn9ka.com keyar12f.beget.tech l2fog.ru lelllnn.com lers.xyz levonside.space loveyouneed.pw mcgau2.bit.md-100.webhostbox.net methodist.sch.id mike.rivalserver.com mix1456465.com.cp-47.webhostbox.net mobwerpingthis.com mopw.men mybigfish.stream myxamop.com needmorelogs.club nervozn.tk nimerstat.ru ninjatrader.life npromo.world ogabosworld.com ortaksistem.com panamera.site pchel8.tk poloniex.spb.ru pornhospital.net port.so.tl preramet123.name ps4akk.ru qers.xyz rar-lab.ru rotkit.tk sads.ml scat01.tk scat.cf sepprod.com sharfik.club sinutinu.com skyroot.ru solimetalspa.com sondomax.co sskyokker256.bit.md-89.webhostbox.net sslwmi.top sumocloud.club svchost.pw sysplugins.com taskdata.gq trimasjaya.com ubmwuyq.com ultimaspots.co.uk usa-bank.info.md-91.webhostbox.net videocommercialsforyou.com videopopups.com vm239011.had.su vsd1.net wattmeter.win www.alkratrad.com www.antonskoritskii.com www.asdasdq.com www.azghost888.com www.benchadcrd.nl www.cryptopiasupport.co www.elowpuki.com www.ghost888abc.com www.gopety.cc www.grandmasson.pw www.rar-lab.ru x7x.xyz zevs3.xyz zevs5.xyz # Reference: https://twitter.com/SevenLayerJedi/status/950761083509313536 macpay.pw # Reference: https://twitter.com/James_inthe_box/status/1039250061065039873 microsoft-update-server.bit securityupdateserver4.com # Reference: https://twitter.com/ViriBack/status/983011333506588672 # Reference: https://pastebin.com/nwWHHFe0 fdos.tk genri.ga gfcv.tk gfsd.ga grlo.tk qpzm.gq suka1.tk vfsv.tk # Reference: https://cert.gov.ua/news/44 # Reference: https://www.virustotal.com/#/ip-address/192.198.87.130 # Reference: https://www.virustotal.com/#/ip-address/185.193.38.78 http://185.193.38.78/ cashouts.tk vitani.tk # Reference: https://twitter.com/JAMESWT_MHT/status/1046755632299352064 columbusfunnybone.com/images/drop.php # Reference: https://twitter.com/ViriBack/status/1050032466164154368 bigchlen.tk # Reference: https://www.malware-traffic-analysis.net/2018/10/12/index.html bitdotz.top # Reference: https://twitter.com/avman1995/status/1052426452187185153 qe.igg.biz/gate.php # Reference: https://research.checkpoint.com/the-emergence-of-the-new-azorult-3-3/ certipin.top infolocalip.com tohertgopening.com # Reference: https://twitter.com/james_inthe_box/status/1022866075493355520 kenkelord.gq # Reference: https://blog.minerva-labs.com/azorult-now-as-a-signed-google-update s63.bit # Reference: https://unit42.paloaltonetworks.com/analysis-of-smoke-loader-in-new-tsunami-campaign/ /java/java9356/index.php # Reference: https://twitter.com/James_inthe_box/status/1106558836171632642 /027-xcv-j/index.php # Reference: https://twitter.com/James_inthe_box/status/1106551689132138497 llkty.gq/8s/index.php # Reference: https://twitter.com/James_inthe_box/status/1105124840501989378 # Reference: https://twitter.com/James_inthe_box/status/1110196027338817538 /simbi/index.php # Reference: https://twitter.com/VK_Intel/status/1108604579938131968 google-analutics.com # Reference: https://twitter.com/Racco42/status/1103435627343822848 directdns.duckdns.org httsdomainset.ddns.net # Reference: https://twitter.com/Racco42/status/1101131815216168961 myprepaidfiles.ddns.net directdns.cc # Reference: https://twitter.com/Racco42/status/1095444880749481986 maxmini.duckdns.org newconnect.duckdns.org # Reference: https://securelist.ru/azorult-analysis-history/93645/ (Russian) # Reference: https://securelist.com/azorult-analysis-history/89922/ (English) daticho.ac.ug ravor.ac.ug # Reference: https://twitter.com/luc4m/status/1107680285834006528 gsutekardookay.com # Reference: https://twitter.com/luc4m/status/1078691595111878657 sherkseafoods.com # Reference: https://twitter.com/ps66uk/status/1108295117826387969 /cz/cjin3/index.php # Reference: https://twitter.com/James_inthe_box/status/1109120289604931584 /azrt/index.php # Reference: https://twitter.com/James_inthe_box/status/1109835474493829120 # Reference: https://pastebin.com/tvn8EMyS ymad.ug/1/index.php # Reference: https://twitter.com/ViriBack/status/1069965350442283009 # Reference: https://pastebin.com/PTkLE0se /panel632541/admin.php /io213b5obo/admin.php # Reference: https://twitter.com/albertzsigovits/status/1110124808572948482 a.helps.site azmarterroos.com hellacademy.com horseliker.ac.ug justflux.org/webupl.php parnakol.ug stelfeshor.ru zelner.info # Reference: https://twitter.com/albertzsigovits/status/1110124941356212224 dragonfire.ac.ug frupidgi.cn hostname.vip roninan.ac.ug tembumgo.pw # Reference: https://twitter.com/James_inthe_box/status/1110915814725550080 http://78.142.29.208/real/index.php # Reference: https://twitter.com/Racco42/status/1111189949712420864 armasglass.com/oni/index.php # Reference: https://twitter.com/James_inthe_box/status/1111666754604789760 recordsforsmssent.xyz/jeff/index.php # Reference: https://twitter.com/x42x5a/status/1112693567103868928 http://92.63.192.72/index.php # Reference: https://twitter.com/James_inthe_box/status/1113510502439616513 0x234.com/index.php # Reference: https://twitter.com/thlnk3r/status/1113658517544550401 gamingserversplus.life/index.php # Reference: https://twitter.com/ViriBack/status/1094261293693972480 ibrandworld.com/jsl.php # Reference: https://twitter.com/takerk734/status/1113851637292920832 /Qw2XbN3/index.php # Reference: https://twitter.com/angel11VR/status/1115343202167533568 # Reference: https://pastebin.com/0bX17LaY cubaworts.gq # Reference: https://twitter.com/x42x5a/status/1115651159388246016 cryptofaze.com # Reference: https://twitter.com/VK_Intel/status/982346117298843649 balepinos.com # Reference: https://twitter.com/LEICHAO_init/status/1118910795675521030 lestonline.gq # Reference: https://twitter.com/pancak3lullz/status/1085591305269460992 /robb/index.php # Reference: https://twitter.com/OttoScav/status/1080485559787835392 freetalksa.xyz # Reference: https://twitter.com/James_inthe_box/status/1121047649459642369 mintyoctopus.com # Reference: https://twitter.com/avman1995/status/1120893763977658369 # Reference: https://app.any.run/tasks/80464c35-e9f8-44ed-a346-50bf0642cec9 http://95.179.189.49/CC/index.php # Reference: https://twitter.com/x42x5a/status/1121094286613852162 klyaksa.xyz # Reference: https://twitter.com/x42x5a/status/1121523221432500225 asahi-tankar.com # Reference: https://twitter.com/x42x5a/status/1121702655464751104 huanopkey.site # Reference: https://twitter.com/Racco42/status/1122797588120592384 # Reference: https://app.any.run/tasks/ae52cc1b-f2d5-4d6d-a93c-8c15dff0132f geu.life millanplaners.duckdns.org # Reference: https://twitter.com/Racco42/status/1123953925831446529 izone.duckdns.org # Reference: https://twitter.com/James_inthe_box/status/1124625622913806336 lusectech.eu # Reference: https://twitter.com/x42x5a/status/1125467728406548481 istats.club # Reference: https://twitter.com/JAMESWT_MHT/status/1126092095465381888 formigations.world # Reference: https://twitter.com/James_inthe_box/status/1126182590153515009 prolificwealth.ml/wp-content/mee/32/index.php # Reference: https://twitter.com/James_inthe_box/status/1126846840060571648 /nedu/32/index.php # Reference: https://twitter.com/JAMESWT_MHT/status/1128675913728700416 dawanepondi.com # Reference: https://twitter.com/ViriBack/status/1128826571010260994 doomaal.ac.ug # Reference: https://twitter.com/James_inthe_box/status/1129460760076115969 http://77.222.55.225/index.php # Reference: https://twitter.com/x42x5a/status/1130816960315498496 mikmuncen.ac.id # Reference: https://twitter.com/P3pperP0tts/status/1131607738457513989 evaglobal.eu # Reference: https://twitter.com/nao_sec/status/1132588323262742528 # Reference: https://app.any.run/tasks/27aec731-68a6-4bdf-9feb-55c413acd9f0/ getsee-soft.xyz # Reference: https://twitter.com/P3pperP0tts/status/1133520317341753347 arispedservices.eu # Reference: https://twitter.com/SethKingHi/status/1133564418355163136 aramkaaz14.temp.swtest.ru bigsuper.rocks bloomsolutions.top i2kq82kd.cn lary-pages.com narcos.3utilities.com qepxc.ga witatto.co # Reference: https://twitter.com/jorgemieres/status/1130863029573312512 privacytool.ru # Reference: https://twitter.com/James_inthe_box/status/1134149799601553408 begurtyut.info # Reference: https://twitter.com/James_inthe_box/status/1134464016095383552 veegoo.com.sg # Reference: https://twitter.com/ViriBack/status/1134662952898965504 # Reference: https://pastebin.com/pkZ0TBnc arispedservices.eu binnatto.de binatech.eu kmgroup.pw yogh.eu lexaalkash.temp.swtest.ru # Reference: https://twitter.com/JAMESWT_MHT/status/1135515112121540609 # Reference: https://app.any.run/tasks/a470917e-fb77-4f53-945a-109804624e8b/ http://185.79.156.18/jam/index.php # Reference: https://twitter.com/JAMESWT_MHT/status/1136204624342503425 cd57063.tmweb.ru # Reference: https://twitter.com/Racco42/status/1136602289953746944 visionscape.duckdns.org # Reference: https://twitter.com/James_inthe_box/status/1139630548626751488 http://185.62.190.23/index.php # Reference: https://twitter.com/DbgShell/status/1142257921889316870 # Reference: https://www.virustotal.com/gui/file/72288ab34ee508d0f65e7ebf884b21e94ee191e96de5931dd68288fcc8bfcf7f/detection dotbit.me/a/ # Reference: https://twitter.com/malware_traffic/status/1143662206099365890 # Reference: https://app.any.run/tasks/4365c9b9-7ea6-4d90-897c-8302410c9234/ # Reference: https://twitter.com/JAMESWT_MHT/status/1144239446759563265 # Reference: https://app.any.run/tasks/61f4998e-27bf-4429-80c6-e23c694e6c65/ http://51.15.241.96/1/3D890117-1CEB-4558-BA94-0C64E21A9504/index.php http://51.15.231.96/4/3AFDF4A3-33B5-4028-B8B8-E66616F1CBA7/index.php # Reference: https://twitter.com/James_inthe_box/status/1144227200209580032 lusecproducts.top # Reference: https://twitter.com/Paladin3161/status/1144341515428196352 # Reference: https://pastebin.com/i6Gfxs0q http://185.164.72.241/wogor/index.php # Reference: https://twitter.com/P3pperP0tts/status/1144868292525461504 stanendybiz.top # Reference: https://app.any.run/tasks/dee05de9-4286-45b5-8b0d-7291e09f6c16/ vh64.timeweb.ru # Reference: https://twitter.com/malware_traffic/status/1145749834923696129 lucknowww.top # Reference: https://twitter.com/MisterCh0c/status/1145598683997724673 69.kl.com.ua # Reference: https://twitter.com/P3pperP0tts/status/1146398222904152066 http://92.63.192.127/index.php # Reference: https://twitter.com/benkow_/status/1147442492046020608 brain.ac.ug jopa.ac.ug nobrain.ac.ug # Reference: https://twitter.com/ps66uk/status/1148876602727653376 http://103.133.106.156/july/index.php # Reference: https://twitter.com/ps66uk/status/1148876604296368129 http://103.125.191.69/donserly/index.php # Reference: https://twitter.com/adrian__luca/status/1149689208405221378 # Reference: https://app.any.run/tasks/333bda58-5a37-4543-8492-d3b7d2d85361/ # Reference: https://twitter.com/nao_sec/status/1160878626688008195 vh308850.eurodir.ru vh307870.eurodir.ru vh314957.eurodir.ru vh[0-9]{6}\.eurodir\.ru # Reference: https://twitter.com/malware_traffic/status/1090366374772383745 http://51.15.241.168/AEDD77D05-A028-477C-B013-04F33F1385C3/index.php # Reference: https://twitter.com/James_inthe_box/status/1150418960464039936 timekeeper.ug hjkg456hfg.ru # Reference: https://twitter.com/James_inthe_box/status/1151222412890927104 k.icf-fx.kz # Reference: https://twitter.com/Paladin3161/status/1151447962058465282 dottybiz.top mrjbis.top # Reference: https://twitter.com/James_inthe_box/status/1151583038087655424 7wereareyou.icu # Reference: https://app.any.run/tasks/15240364-844c-4489-9b74-c6f28a9d72d1 /.well-known/backup/index.php # Reference: https://twitter.com/Paladin3161/status/1152645058434338816 asicivilsurvey.com # Reference: https://twitter.com/x42x5a/status/1153208780714369025 dfghdfghhffd.ru timebound.ug # Reference: https://twitter.com/Racco42/status/1153297037791760385 savana.duckdns.org xchange.duckdns.org # Reference: https://twitter.com/Racco42/status/1154713892314066944 edirect.duckdns.org irila1.duckdns.org # Reference: https://twitter.com/Artilllerie/status/1155851644262920199 free-bitcoin-earnings.tk # Reference: https://twitter.com/Paladin3161/status/1156509693872758784 http://185.136.171.122/russia/index.php # Reference: https://twitter.com/Paladin3161/status/1157069487662723072 http://137.74.181.121/index.php http://184.164.137.183/index.php # Reference: https://twitter.com/romonlyht/status/1157190035868807169 warnning-accounts-recovery-appleid-apple.com # Reference: https://twitter.com/Paladin3161/status/1158527567411871744 trafficaddicts.ru # Reference: https://twitter.com/Lvanoel/status/1159335174838083584 # Reference: https://app.any.run/tasks/6340754c-5c71-4690-877f-55cb33e480e9/ firemetrics.com.au # Reference: https://twitter.com/Paladin3161/status/1159984827124162560 lycos.top modexcommunications.eu # Reference: https://twitter.com/Paladin3161/status/1160640437272469504 program.zadc.ru # Reference: https://twitter.com/Paladin3161/status/1160887839770284033 http://185.11.146.158/index.php # Reference: https://twitter.com/Paladin3161/status/1161226389476929536 http://185.11.146.144/index.php # Reference: https://twitter.com/Paladin3161/status/1160892405760966656 # Reference: https://www.virustotal.com/gui/domain/myihor.ru/relations ih[0-9]{7}\.myihor\.ru # Reference: https://twitter.com/Paladin3161/status/1161420183124058112 bazar-top4ik.best # Reference: https://twitter.com/gorimpthon/status/1163616173860122624 modcloudserver.eu # Reference: https://unit42.paloaltonetworks.com/newly-registered-domains-malicious-abuse-by-bad-actors/ soroog.xyz # Reference: https://malwarebreakdown.com/2017/07/24/the-seamless-campaign-drops-ramnit-follow-up-malware-azorult-stealer-smoke-loader-etc/ http://103.253.27.234/teststeal/gate.php parking-services.us # Reference: https://twitter.com/Paladin3161/status/1163788023005208577 http://185.222.56.163/index.php # Reference: https://twitter.com/Paladin3161/status/1163997644898750465 normpost.club testaztest.xyz # Reference: https://twitter.com/James_inthe_box/status/1164898833500798976 losjardinesdejavier.com/admin/32/index.php # Reference: https://twitter.com/DynamicAnalysis/status/1165720711219929088 # Reference: https://pastebin.com/wHV90Sc2 http://151.80.8.23/panel/index.php http://185.222.56.163/index.php http://23.227.201.16/gidi/index.php http://92.63.192.119/index.php a0327852.xsph.ru a0329841.xsph.ru cdl24885oq.temp.swtest.ru kilangsprcoket.tk latiso.ru modcloudserver.eu roberto.ac.ug testaztest.xyz testieng.kl.com.ua u4504124br.ha003.t.justns.ru lakeshoreintegrated.com/ch/index.php xcvcdgfg.ru # Reference: https://twitter.com/P3pperP0tts/status/1166320996640419841 http://87.98.166.117 # Reference: https://twitter.com/Paladin3161/status/1166341820533497856 hellhounds713.ddnsking.com # Reference: https://twitter.com/smica83/status/1166348627025039360 craft-holdings.duckdns.org westernautoweb.duckdns.org # Reference: https://twitter.com/Paladin3161/status/1166480667992936449 opengopro.live # Reference: https://twitter.com/Paladin3161/status/1166665502803890176 dell2.ug # Reference: https://twitter.com/P3pperP0tts/status/1167083511385378816 new-credit.space # Reference: https://twitter.com/Paladin3161/status/1167411656122519552 wasserettederoos.nl # Reference: https://twitter.com/P3pperP0tts/status/1168068329027694594 gdfdfv.ru # Reference: https://twitter.com/benkow_/status/1168598376977448960 twooo.cn # Reference: https://twitter.com/killamjr/status/1168904634498502656 dooo74.imparisystems.com # Reference: https://twitter.com/Paladin3161/status/1169585589420580864 # Reference: https://pastebin.com/CWzW2L5U http://45.76.87.43 absetup7.icu # Reference: https://twitter.com/JAMESWT_MHT/status/1169911257987780608 http://170.130.205.86 # Reference: https://twitter.com/James_inthe_box/status/1171154845908140038 http://192.95.56.53/index.php # Reference: https://twitter.com/Paladin3161/status/1172235296223584256 http://83.97.20.170/index.php # Reference: https://twitter.com/Paladin3161/status/1172252192054661122 bruxara.com # Reference: https://twitter.com/SolutionsXnotes/status/1173236541092556807 bloggingmarks.ga # Reference: https://twitter.com/James_inthe_box/status/1174336699112906752 geohotw.com # Reference: https://threatvector.cylance.com/en_us/home/threat-spotlight-analyzing-azorult-infostealer-malware.html jma-go.jp ivanoffol3.temp.swtest.ru mockerton.top nagoyashi.chimkent.su # Reference: https://blog.talosintelligence.com/2019/09/odt-malware-twist.html # Reference: https://otx.alienvault.com/pulse/5d92273c5bc9b66ef6ef87a7 amibas8722.ddns.net wh-32248.portmap.io # Reference: https://twitter.com/P3pperP0tts/status/1178989832380518401 flozzy.uk/wp-admin/file/32/panel/admin.php flozzy.uk/wp-includes/admin/32/panel/admin.php worldmasterclass.com/wp-admin/file/32/panel/admin.php # Reference: https://blog.prevailion.com/2019/10/mastermana-botnet.html http://216.170.126.146/2ky/index.php http://216.170.126.146/ahsan/index.php http://23.249.163.135/index.php # Reference: https://twitter.com/eramirezgc/status/1179519997057667073 http://170.130.205.86/index.php # Reference: https://twitter.com/P3pperP0tts/status/1181170339675553793 testieng.kl.com.ua # Reference: https://twitter.com/P3pperP0tts/status/1181504485685899264 superlatinradio.com/edu/32/panel/admin.php superlatinradio.com/nons/32/panel/admin.php # Reference: https://twitter.com/P3pperP0tts/status/1181526309438185473 gstfast.tk/wp-content/cii/32/panel/admin.php # Reference: https://app.any.run/tasks/2c1d5942-b788-4316-952b-320f61494fd2/ http://5.188.231.19/index.php # Reference: https://twitter.com/Racco42/status/1183676828910804992 1990.duckdns.org c1e86f3506cfe05a6738ea6893ff7e.duckdns.org # Reference: https://twitter.com/P3pperP0tts/status/1184082484050518019 riascos.org/cjay/32/panel/admin.php # Reference: https://app.any.run/tasks/fc2c8026-c40c-493d-aadc-4b701bdc516b/ http://81.177.6.14/index.php # Reference: https://twitter.com/wwp96/status/1188830383401504768 http://185.250.240.237 # Reference: https://twitter.com/DrStache_/status/1188917585540276224 rsk.co.tz # Reference: https://twitter.com/P3pperP0tts/status/1189107385341743105 http://18.216.84.23 # Reference: https://twitter.com/P3pperP0tts/status/1190217928949534720 sylvaclouds.eu # Reference: https://twitter.com/P3pperP0tts/status/1191014883028062211 waresystem.com # Reference: http://tracker.viriback.com/dump.php (# 2019-11-04) http://103.207.36.97 http://151.80.8.23 http://172.86.120.238 http://185.62.190.23 http://185.79.156.15 http://185.79.156.18 http://185.79.156.23 http://193.56.28.224 http://23.227.201.16 http://23.249.167.183 http://23.254.224.104 http://23.254.226.244 http://45.67.14.181 http://5.8.88.71 http://81.177.6.14 http://92.63.192.127 http://92.63.192.140 http://92.63.197.102 a0311644.xsph.ru a0327852.xsph.ru a0329841.xsph.ru abzac.in ahus.duckdns.org ak3indonesia.com alhaidarylawfirm.com analniy4ervyak.zzz.com.ua arabkrobo.duckdns.org arispedservices.eu azor.saloed.pp.ua b1wr1337.zzz.com.ua begurtyut.info binatech.eu binnatto.de bluecornerblog.tk c1e86f3506cfe05a6738ea6893ff7e.duckdns.org cd57063.tmweb.ru check-time.ru corpcougar.com corpcougar.in cssime.com darktool.org dgkhj.ru doosamnt.com efore.info emmex.duckdns.org evaglobal.eu exploitz.duckdns.org fikus.zzz.com.ua ghfdfghj324.ru gloodin.com godsave.tk govrvid.com grindtruex.online himdeal.xyz hodrika13.myjino.ru huejjdhs.xyz idealindustries.us indexdoll.top jefjqjfqfq.temp.swtest.ru jesunaememma.icu jinyuanlightings.com julaly.ml justritepharmacy.com kitchenraja.com kmgroup.pw lakeshoreintegrated.com latiso.ru lexaalkash.temp.swtest.ru lusecproducts.top mikeservers.eu mmaju.top modcloudserver.eu modestclouds.eu mybogeyman.com nunuraw.apishealth.org posnxqmp.ru powent.net puruntis.ug qlibasketball.com quecik.com riascos.org richmoreworld.top rsk.co.tz senseint.info sesawulandari.com slipcentral.com stanendybiz.top stastports.com steelclik.us stirgh.com superlatinradio.com sylvaclouds.eu taleohio.cf taleohio.gq tblasta.us testieng.kl.com.ua theartistpixie.com timacker3423dsdf54dgf.ru time-check.ru timeattacker3423dsdf54dgf.ru timebound.ug timecheck.ug timekeeper.ug tren-zbs.info trj6rwk.beget.tech ttcopy.ru tutvids.ir unitedshopbd.com uuid.thetrancoe.com uzocoms.eu venzatechi.online visionscape.duckdns.org waresystem.com wupx.ml yogh.eu zrozelos.com zzzmen99.had.su # Reference: https://twitter.com/Paladin3161/status/1191430198350082049 # Reference: https://pastebin.com/1X9xdfJT mvbtfgdsf.ru sdfgdsf.ru sylvaclouds.eu waresystem.com # Reference: https://twitter.com/James_inthe_box/status/1191483501314334720 # Reference: https://app.any.run/tasks/394a2b26-d6d0-4182-a4ee-731b3762ea7b/ 9kbgftfr82z4.space # Reference: https://twitter.com/killamjr/status/1191923979549921280 http://155.94.136.188 # Reference: https://www.virustotal.com/gui/file/4cc116c6b06609d44c458a657ac146a01786c99df10316f86409c9fa11387a2c/detection xcapdatap.capetown # Reference: https://twitter.com/KanbeWorks/status/1196639129812881408 # Reference: https://app.any.run/tasks/cbe4e301-eb32-4c63-8455-96656930db8a/ http://164.68.107.60 amazingkanye.bit # Reference: https://app.any.run/tasks/0d441a52-ede7-4f4c-a801-f3b7f1200b19/ xp1lht2kd6h.icu # Reference: https://twitter.com/James_inthe_box/status/1199707661945593862 algo.empirehempmarket.com # Reference: https://twitter.com/killamjr/status/1200943745367248896 http://185.222.57.75 # Reference: https://pastebin.com/DrVftnBR http://185.125.59.74 http://2.56.215.211 http://92.63.107.154 mm5132645.xyz # Reference: https://any.run/malware-trends/azorult (Note: as seen on 2019-12-04) worldatdoor.in kitchenraja.in performancehaelth.com granuphos-tn.com secure04b-inet.com dwkhel.com mail.yuzhani-group.com cycleplansx.com kholdinq.com secure1-inet.com centuryarns.com lookoutcraamp.com tradmets.co.uk # Reference: https://any.run/malware-trends/azorult (Note: as seen on 2020-01-05) kathbowling.ru winapp24.pl enodablork.ru constructioninc.zzz.com.ua 56c8.zzz.com.ua kapkin2121.zzz.com.ua influg.zzz.com.ua steller2020.zzz.com.ua # Reference: https://pastebin.com/h3YjZwW7 degavu.esy.es # Reference: https://pastebin.com/pYhfzidr http://5.34.177.120 go-clean.tech # Reference: https://twitter.com/James_inthe_box/status/1203297994222624768 sgtltd.com/wp-content/uploads/2019/11/2cb.php # Reference: https://pastebin.com/63w4JXts superlatinradio.com # Reference: https://twitter.com/Vishnyak0v/status/1204312402306752513 http://185.203.117.232 # Reference: https://twitter.com/Paladin3161/status/1205111995378237440 sailent.store # Reference: https://research.checkpoint.com/2019/decypherit-all-eggs-in-one-basket/ # Reference: https://www.virustotal.com/gui/file/90f8b87a516308e1acbc92175cf4b5459302c3883be6fc03822438fc8e1047e6/detection blockchain-news.info # Reference: https://www.virustotal.com/gui/file/08bf71ef253f7fe7681d82b10b8293e28207ca32bb2609498d4b0225962c0d86/detection tubehuyube.tk # Reference: https://www.virustotal.com/gui/file/dc50ff09cb46a522d7222627349f3e835159bbfda8e271d6214c869e585f033b/detection # Reference: https://www.virustotal.com/gui/file/8ba566a04dcbb6aacf87c9fadd74e9343da9826383ef7e21288b1aa8997c13d4/detection 5.188.232.211:80 95.181.178.80:80 185.178.45.193:80 klubirsik.info # Reference: https://www.virustotal.com/gui/file/73329e3f83c16d89d4a148fd55879ab3b6e29a565ded704212d8664eeefcd391/detection 185.244.219.115:80 fitings.ac.ug # Reference: https://pastebin.com/H6MNzpM3 johida7397.xyz # Reference: https://twitter.com/James_inthe_box/status/1207439117866291200 # Reference: https://app.any.run/tasks/d6440cc9-7338-4b5d-b800-9a79773c021e/ 511431mnogoznaallevangel16194.space # Reference: https://pastebin.com/dkNYSKW6 kjsdtrfuyhgxcv.ru mardjdf.ug nsabeau.com.my # Reference: https://pastebin.com/VXAQ6N69 http://194.33.45.71 # Reference: https://twitter.com/DrStache_/status/1210522035627139073 hack4you.ru # Reference: https://twitter.com/wwp96/status/1212807385493975047 http://23.249.165.196 # Reference: https://otx.alienvault.com/pulse/5e11d0f18d61568e3086efa9 klickus.in lootchem.com nokiahuyviyphone.com sendi118.hostlife.link # Reference: https://twitter.com/makflwana/status/1214430313599754240 http://23.106.160.1 # Reference: https://app.any.run/tasks/4d347c70-17e9-4e34-b71f-bf5ae96fbef3/ sendi118.hostlife.link 185.43.220.19:80 # Reference: https://pastebin.com/APiGq28W drjones88ave.com # Reference: https://twitter.com/DrStache_/status/1217069620114468865 http://144.217.105.118 # Reference: https://www.virustotal.com/gui/file/1dc7af344f9f992a9b2dd87f2b11c816e1e10d19c7e63bb692301315f8bb9fca/relations http://185.11.146.210 # Reference: https://app.any.run/tasks/536cea79-48bf-464b-879b-f4fb4a6b50d0/ spartltd.com # Reference: https://twitter.com/wwp96/status/1219343269513125889 http://35.158.92.3 # Reference: https://app.any.run/tasks/5b92871e-75f6-40db-bd79-0419866304c6/ http://45.32.207.9 # Reference: https://twitter.com/killamjr/status/1219675115937550337 smartlinktelecom.top # Reference: https://app.any.run/tasks/0e36a72e-93a1-4823-aec7-0bf48462f22e/ # Reference: https://app.any.run/tasks/c5f72165-7c42-4c5b-a5b6-255f6257e926/ juletta.pro # Reference: https://twitter.com/JAMESWT_MHT/status/1220660269116022784 # Reference: https://app.any.run/tasks/35ca85b2-cd39-4a64-8886-d0e95db4caa3/ xmode.duckdns.org # Reference: https://www.virustotal.com/gui/file/97c2312e4ceed112798356889ce6a3faedfb707ef49adc1be126330f2c0de5f4/detection jdjjegellowd.duckdns.org # Reference: https://www.virustotal.com/gui/file/222a8bb1b3946ff0569722f2aa2af728238778b877cebbda9f0b10703fc9d09f/detection stcubegames.netxi.in # Reference: https://www.virustotal.com/gui/file/c868b9b966fa9b732493f53cd51166219f155a70895115c6006d924b324d449f/detection traffichunter21.xyz # Reference: https://www.virustotal.com/gui/file/f789e97471a2a877d26ab4fc2fb82a61856b8968d33f4e62311c5bda186be558/detection margaery.club # Reference: https://www.virustotal.com/gui/file/932759b7b78a2e02d3d185c51f85a68000b14ac72ac5f0ef75bdef49a4c11370/detection pnumbrero3.ru # Reference: https://app.any.run/tasks/6dc3cc9b-807f-4c5a-8c3c-b334646cbfde/ 23.106.124.196:80 # Reference: https://twitter.com/wwp96/status/1222975496981557257 farzanatradings.com # Reference: https://twitter.com/James_inthe_box/status/1224372409504976903 198.23.200.241:80 # Reference: https://app.any.run/tasks/81c645c9-26a5-4e05-b89b-dc60c28278b5/ 185.244.150.165:80 # Reference: https://twitter.com/_lockhum/status/1225719271046701056 107.189.10.150:80 # Reference: https://www.virustotal.com/gui/domain/besfdooorkoora.com/relations # Reference: https://www.virustotal.com/gui/file/520fcf300b616c51fa49731fbb77732d853584448af1683493becc7f9f308228/detection 85.204.74.152:80 besfdooorkoora.com # Reference: https://twitter.com/wwp96/status/1226915477286531078 borrdrillling.com # Reference: https://app.any.run/tasks/fa7cd86e-2149-4038-bde3-663d44c3f87e/ j6g3fzp.5k5.ru # Reference: https://app.any.run/tasks/e1ab75b5-5f51-4ee7-81c3-f6d8cb3720c8/ 23.83.134.109:80 # Reference: https://app.any.run/tasks/c4dcf884-4633-4c14-a974-b1ba7d4b712d/ duglazo.info # Reference: https://app.any.run/tasks/61e769d0-3a50-4052-8cce-884627d90048/ hyperlan.xyz # Reference: https://twitter.com/_lockhum/status/1228772084001669121 vovagaka.myjino.ru # Reference: https://twitter.com/James_inthe_box/status/1226930186655916032 system-update.us # Reference: https://pastebin.com/rzYwJXP3 vitya01.xyz # Reference: https://app.any.run/tasks/5a492b38-7ce5-4f08-929e-c9bc013656a2/ sadhate.zzz.com.ua # Reference: https://securelist.com/azorult-spreads-as-a-fake-protonvpn-installer/96261/ # Reference: https://otx.alienvault.com/pulse/5e4c44ee78e30307e4058616 # Reference: https://blog.team-cymru.com/2020/02/19/azorult-what-we-see-using-our-own-tools/ account.protonvpn.store accounts.protonvpn.store # Reference: https://app.any.run/tasks/effe443e-efe4-4b7d-812e-0d5f1f46fb5e/ neoneo.site atest001.site # Reference: https://twitter.com/wwp96/status/1230543129708761088 194.5.177.120:80 # Reference: https://app.any.run/tasks/e1ef3645-0d4f-4893-b539-7425e06af63d/ abyng.com # Reference: https://www.virustotal.com/gui/url/4d1b7cbbdc63340416cdafc897140772d76b6975abcc7fde84e38448850f197f/detection insuncos.com # Reference: https://twitter.com/KorbenD_Intel/status/1232026591712034816 zantechcorp.online # Reference: https://www.virustotal.com/gui/domain/yx1.duckdns.org/relations yx1.duckdns.org # Reference: http://tracker.viriback.com/dump.php (2020-02-29, Azorult) http://103.207.36.97 http://104.168.99.168 http://107.175.150.73 http://149.28.199.128 http://151.80.8.23 http://155.138.222.174 http://172.86.120.238 http://185.11.146.210 http://185.219.81.127 http://185.222.57.75 http://185.62.190.23 http://185.79.156.15 http://185.79.156.18 http://185.79.156.23 http://193.56.28.224 http://194.180.224.10 http://195.245.112.235 http://207.246.67.4 http://216.170.114.11 http://23.106.160.1 http://23.227.201.16 http://23.249.165.196 http://23.249.167.183 http://23.254.224.104 http://23.254.226.244 http://35.158.92.3 http://45.32.161.249 http://45.32.207.9 http://45.67.14.181 http://5.8.88.71 http://51.83.200.164 http://67.215.224.101 http://70.35.200.77 http://81.177.6.14 http://82.165.18.207 http://92.63.192.127 http://92.63.192.140 http://92.63.197.102 http://93.185.105.43 a0311644.xsph.ru a0327852.xsph.ru a0329841.xsph.ru a84bl82rni.ru absoluteloh.zzz.com.ua abyng.com abzac.in aglfreight.com.my ahus.duckdns.org ak3indonesia.com albion.zzz.com.ua algo.empirehempmarket.com alhaidarylawfirm.com analniy4ervyak.zzz.com.ua apexelectronics-au.com appeq.000webhostapp.com arabkrobo.duckdns.org arispedservices.eu atest001.site auxinity.000webhostapp.com azor.saloed.pp.ua azorult2410.000webhostapp.com b1wr1337.zzz.com.ua begurtyut.info binatech.eu binnatto.de bluecornerblog.tk c1e86f3506cfe05a6738ea6893ff7e.duckdns.org cantecme.xyz castmart.ga cd57063.tmweb.ru check-time.ru cococo.zzz.com.ua corpcougar.com corpcougar.in cssime.com d2575423ur.temp.swtest.ru darktool.org debianflexibles.info december.zzz.com.ua dgkhj.ru didxbooks.com doosamnt.com efore.info emmex.duckdns.org enodablork.ru evaglobal.eu exploitz.duckdns.org f0371887.xsph.ru f0387404.xsph.ru fentq.org fikus.zzz.com.ua flashcatmage.ru fssshipping.com ghfdfghj324.ru gloodin.com godsave.tk govrvid.com grindtruex.online gta-fast.pro himdeal.xyz hodrika13.myjino.ru homieshing.temp.swtest.ru huejjdhs.xyz idealindustries.us incorporatebelize.org indexdoll.top infeeble.zzz.com.ua infos2020com.fr insuncos.com iruta.ru ivchenkosv.online j1019443.myjino.ru j6g3fzp.5k5.ru jdjjegellowd.duckdns.org jefjqjfqfq.temp.swtest.ru jesunaememma.icu jinyuanlightings.com julaly.ml jusqit.com justritepharmacy.com kitchenraja.com kitchenraja.in klickus.in kmgroup.pw ksk36139ev.temp.swtest.ru lakeshoreintegrated.com latiso.ru lexaalkash.temp.swtest.ru liweff.eu lusecproducts.top marinov.zzz.com.ua mfekm.club mikeservers.eu mixaton.000webhostapp.com mmaju.top modcloudserver.eu modestclouds.eu moneta44.zzz.com.ua mr10.duckdns.org mybogeyman.com networkboardspinof.com newnewnew228.su.swtest.ru newworld.zzz.com.ua ntrcgroup.com nunuraw.apishealth.org perca.ir performancehaelth.com pom4ekk.myjino.ru posnxqmp.ru powent.net puruntis.ug qlibasketball.com quecik.com rgmechanics.fun riascos.org richmoreworld.top rsk.co.tz s-steal.kl.com.ua sdfsd.zzz.com.ua senseint.info sesawulandari.com sh1000816.had.su sinkable-ingredient.000webhostapp.com slipcentral.com smartlinktelecom.top stanendybiz.top stastports.com stcubegames.netxi.in steelclik.us stirgh.com strarwars.zzz.com.ua superlatinradio.com sw6jshf91sdqg.duckdns.org sylvaclouds.eu taleohio.cf taleohio.gq tblasta.us testieng.kl.com.ua theartistpixie.com tillivilli.website timacker3423dsdf54dgf.ru time-check.ru timeattacker3423dsdf54dgf.ru timebound.ug timecheck.ug timekeeper.ug tranpip.com tren-zbs.info trimasjaya.com trj6rwk.beget.tech tslserver.duckdns.org ttcopy.ru tutvids.ir tylblasta.pw unitedshopbd.com uuid.thetrancoe.com uzocoms.eu vademics.com venzatechi.online visionscape.duckdns.org vware.duckdns.org waresystem.com worldatdoor.in wupx.ml wwe23pro.myjino.ru xmode.duckdns.org yogh.eu zozylya5565.zzz.com.ua zrozelos.com zzzmen99.had.su # Reference: https://twitter.com/hexlax/status/1053780496579248130 k3x.xyz # Reference: https://twitter.com/drok3r/status/1124017680439181313 cc01213.tmweb.ru # Reference: https://pastebin.com/PTkLE0se bingobongo.space gafigaf.in # Reference: https://github.com/stamparm/maltrail/pull/7116#issuecomment-593117654 paklabourercare-gov.ml # Reference: https://twitter.com/wwp96/status/1234509116455997441 itsallaboutthetubmans.com # Reference: https://twitter.com/malwrhunterteam/status/1234850871936274435 # Reference: https://app.any.run/tasks/f3b8f694-0878-4bd1-8e93-0038834725aa/ coronavirusstatus.space # Reference: https://pastebin.com/aXrJwaiD marroiq.com # Reference: https://app.any.run/tasks/91c8414c-663d-4af6-984f-611ad2263bbe/ invalid666.zzz.com.ua # Reference: https://twitter.com/wwp96/status/1237132225675755523 http://195.245.112.115 softnet.duckdns.org # Reference: https://pastebin.com/q4qr42ti jfghhwscxsa.ug uzoclouds.eu # Reference: https://twitter.com/wwp96/status/1237462869404508161 hwsrv-688863.hostwindsdns.com # Reference: https://www.virustotal.com/gui/ip-address/8.208.8.99/relations lspo01.top lspo02.top myy01.top perrr01.pro zam02.top # Reference: https://pastebin.com/h6MW55pz freeelscghf.ug # Reference: https://twitter.com/James_inthe_box/status/1239573037097209856 xratfrd.duckdns.org # Reference: https://www.virustotal.com/gui/file/444cc81f219ebc02dbaa89e8e0f17a7c36f0be6f6c98de7a9a108c2c46d91821/detection http://151.80.8.23 # Reference: https://www.virustotal.com/gui/file/be3cfbf10a732af9965dab5b769ef622233eeca26dc1a3e541326e7ce6788bab/detection http://149.202.29.73 # Reference: https://app.any.run/tasks/77fd66e5-424a-4fbf-b215-61c0991622e2/ francearefrogs.xyz # Reference: https://twitter.com/cyber__sloth/status/1241733283060297728 # Reference: https://twitter.com/daphiel/status/1241811019095330819 # Reference: https://otx.alienvault.com/pulse/5e7913b232c26fa54ea031f5 http://185.62.188.204 http://195.130.73.229 # Reference: https://twitter.com/Artilllerie/status/1242443063626252293 cashbackfb.com # Reference: https://app.any.run/tasks/7879aebd-82f2-4ebb-936e-c7c723af50bc/ ovdoker.myjino.ru # Reference: https://www.virustotal.com/gui/file/2b35aa9c70ef66197abfb9bc409952897f9f70818633ab43da85b3825b256307/detection 51.68.178.28:65233 coronavirusstatus.space # Reference: https://www.virustotal.com/gui/file/acd9ade38ec0b73ea1f84dd82b5eaf78df04687472f8be462b186ba3bb96c581/detection tiloxsykabla.hopto.org # Reference: https://www.virustotal.com/gui/file/9f96160e842f6641451f8ab28a3163a7fffa311e8c7e5be3405b8e904d092d72/detection 176.195.137.101:7777 sh1035797.a.had.su # Reference: https://www.virustotal.com/gui/file/05cb4709348a14bc500316acdbe7932d79c556cd62755fbe141f2146d6524d48/detection /azor/index.php # Reference: https://www.virustotal.com/gui/file/517ee76fd17ae8ee2ca4052d2e4d3fad9a2f97e4c45e9f0b4aeabf9de8614b46/detection d3c00.duckdns.org # Reference: https://twitter.com/Racco42/status/1244649301030113280 blastforcleaningservices.com/webfonts/PL341/index.php # Reference: https://pastebin.com/EscWd1Cx boec.ubksg.ru vzlomvimeworldv3.000webhostapp.com # Reference: https://app.any.run/tasks/4b15391f-7cc7-47da-a03f-e55f35dc02ba/ latum666.kl.com.ua # Reference: https://twitter.com/James_inthe_box/status/1245342936834822144 emails-blockchain.com # Reference: https://blog.talosintelligence.com/2020/04/azorult-brings-friends-to-party.html # Reference: https://otx.alienvault.com/pulse/5e8798226278e890b02ca96d http://195.123.234.33 answerstedhctbek.onion answerstedhctbek.onion.pet d6shiiwz.pw darkfailllnkf4vf.onion.pet dfgdgertdvdf.online dfgdgertdvdf.xyz dreadditevelidot.onion.pet fhcwk4q.xyz jthnx5wyvjvzsxtu.onion.pet memedarka.xyz qlqd5zqefmkcr34a.onion.pet r77vh0.pw runionv62ul3roit.onion.pet rutorc6mqdinc4cz.onion.pet thehub7xbw4dc5r2.onion.pet torgatedga35slsu.onion torgatedga35slsu.onion.pet torrentzwealmisr.onion.pet uj3wazyk5u4hnvtk.onion.pet vkphotofqgmmu63j.onion.pet xmh57jrzrnw6insl.onion.pet zqktlwiuavvvqqt4ybvgvi7tyo4hjl5xgfuvpdf6otjiycgwqbym2qad.onion.pet zzz.onion.pet # Reference: https://twitter.com/makflwana/status/1247133939501658112 kaso.cf # Reference: https://twitter.com/malwrhunterteam/status/1247916517888610304 # Reference: https://app.any.run/tasks/0ffe1cae-f25b-4a64-887c-0f57fbd95b30/ bibrpenal.xyz # Reference: https://www.virustotal.com/gui/file/f3b05b353fab09a7b67b1049ed0a3511b0d109d6e7a8f3ab4898316b85082326/detection razvalina.xyz # Reference: https://twitter.com/pancak3lullz/status/1248331847425314816 http://54.37.78.107 # Reference: https://twitter.com/James_inthe_box/status/1248722896681234433 http://38.68.39.209 # Reference: https://pastebin.com/FLxNqzpc aurumboy.com ghbjdfvbxc.ru # Reference: https://app.any.run/tasks/c58ae060-8cf2-4535-a16c-0715809fdd03/ a0417340.xsph.ru # Reference: https://twitter.com/MBThreatIntel/status/1250165322516054018 # Reference: https://www.virustotal.com/gui/ip-address/54.37.131.204/relations http://54.37.131.204 # Reference: https://pastebin.com/KM6AZKJ9 hvhcsgo.000webhostapp.com # Reference: https://pastebin.com/dtR7uD4k http://35.226.8.173 f0420740.xsph.ru mrkennylove.myjino.ru strtesr4.beget.tech t3lson.myjino.ru # Reference: https://twitter.com/DrStache_/status/1252724838801735682 samwellgs.com # Reference: https://blog.talosintelligence.com/2020/04/threat-roundup-0417-0424.html dfgdgertdvdf.site gfaefskfht.xyz obrpenal.xyz # Reference: https://twitter.com/James_inthe_box/status/1255496095586713606 nicecars.com.ar/surep/32/index.php # Reference: https://www.virustotal.com/gui/domain/grepolis-download.space/relations grepolis-download.space # Reference: https://www.virustotal.com/gui/domain/kadzimagenius.com/relations kadzimagenius.com # Reference: https://azorult-tracker.net/api/list/domain?format=plain 0-800-email.com 0300ssm0300.xyz 23strong58.xyz 2c15b6d719.myjino.ru 430lodsposlok.site 430lodsposlok.store 511431mnogoznaallevangel16194.space 57d3e30e.duckdns.org 5infall.zzz.com.ua 777hustle777.info 7imperial7sosat7.cloudpower.me 88futur.xyz 8989898989.000webhostapp.com a0298423.xsph.ru a0371219.xsph.ru a0386457.xsph.ru a0392617.xsph.ru a0394307.xsph.ru a0395941.xsph.ru a0402552.xsph.ru a0403929.xsph.ru a0407571.xsph.ru a0411983.xsph.ru a0417340.xsph.ru a0422199.xsph.ru a84bl82rni.ru aboutworld.info absorbent-spokes.000webhostapp.com abyng.com account.protonvpn.store adnoc.biz adtechsolutions.in aerobicsfit.com aglfreight.com.my agressor.beget.tech agxcvxc.ru akkauntmax4.myjino.ru alexkraskrasnov.myjino.ru algo.empirehempmarket.com aljubab.com allenservice.ga alvaros.beget.tech amushknm.beget.tech anorelier.hk apexelectronics-au.com app.beepn.pw appeq.000webhostapp.com arizonawindowtinting.com arvindsinghyadav.xyz asdasfff2.beget.tech asdjsdfgvbxc.ru asdnbcv.ru atest001.site aurumboy.com auxinity.000webhostapp.com av4.website av7.online ayamng.com azik11.top azik22.top azor.lordgame.ru azor.saloed.pp.ua azor2020.space azorult2410.000webhostapp.com babkastilak.000webhostapp.com basest-rooms.000webhostapp.com batka228.000webhostapp.com baxinyo.000webhostapp.com bbmalayalam.000webhostapp.com bendetta.online benjam1ine0013.xyz benzemahaha.000webhostapp.com bestlogs.myjino.ru betprognoz.pro bfxuknchdic.duckdns.org bhs404.site blastforcleaningservices.com blog.gruzotaxi.dn.ua boec.ubksg.ru boomcoins.ml bores.xyz borrdrillling.com botheist.xyz buythebest.pw by1337.000webhostapp.com c1yag2b1er.xyz camillemarielle.com cantecme.xyz cashbackfb.com castmart.ga cb98944.tmweb.ru cbmyrw.beget.tech cbn-cargo.co.id ccilfov.ro ceaee16e53.myjino.ru cheap9xxxx.beget.tech checkcheck.pk coronavirusstatus.space corpcougar.com corpcougar.in crackhahanono.000webhostapp.com cryptotest.beget.tech cxvbdsfgxvc.ug cy62976.tmweb.ru d0lphin1337.xyz d2575423ur.temp.swtest.ru d3c00.duckdns.org dalall.beget.tech damvdolgdayn.com danladen4.000webhostapp.com davidosik228.000webhostapp.com deathskins.ru deathsun1337.000webhostapp.com debianflexibles.info deciduate-pot.000webhostapp.com defeax123g.temp.swtest.ru degavu.esy.es desperoz.myjino.ru deviceful-errors.000webhostapp.com dfcworldcompany.com dgfdgdgkjkghhfgdfsdgtyuuuyiuoutredfsdfgfgfhbbnmcvxcxcvf.ac.ug diakovpro.ru didxbooks.com directmalta.com discaredforftp.000webhostapp.com dnraviations.com doohs.000webhostapp.com doohs1111.000webhostapp.com dreamkr.com.ua dthorn2a.myjino.ru dubeysurya2468.xyz dublingeek.xyz duglazo.info dyslexic-picture.000webhostapp.com e90677op.beget.tech eas1tlink.xyz easymoney-cc.com eleon-crypto.site elien123.000webhostapp.com emails-blockchain.com emdholdings.co.za emells.ir engman.ac.ug engranesfinos.com enodablork.ru ensaenerji.com eptablyaym.temp.swtest.ru erkmuhval.ru ewges38c.beget.tech f0362146.xsph.ru f0367026.xsph.ru f0371188.xsph.ru f0371578.xsph.ru f0371887.xsph.ru f0374667.xsph.ru f0377252.xsph.ru f0378370.xsph.ru f0383643.xsph.ru f0386279.xsph.ru f0386817.xsph.ru f0387181.xsph.ru f0387404.xsph.ru f0388335.xsph.ru f0390199.xsph.ru f0390547.xsph.ru f0390746.xsph.ru f0391270.xsph.ru f0394067.xsph.ru f0396130.xsph.ru f0396733.xsph.ru f0400435.xsph.ru f0400620.xsph.ru f0401036.xsph.ru f0401354.xsph.ru f0401703.xsph.ru f0403892.xsph.ru f0405203.xsph.ru f0406543.xsph.ru f0406552.xsph.ru f0409474.xsph.ru f0411256.xsph.ru f0412066.xsph.ru f0412189.xsph.ru f0414238.xsph.ru f0420740.xsph.ru f0421164.xsph.ru f0425296.xsph.ru f0429316.xsph.ru fakesitexbait.000webhostapp.com farzanatradings.com fdbvcdffd.ug felicombo.club fentq.org fesfesfsefes.000webhostapp.com fiasyfssa.mywps.me filess2.000webhostapp.com fiodar2003.myjino.ru firefox.ac.ug fjoersm.beget.tech flashcatmage.ru fludocio.mcdir.ru followgf.myjino.ru foutbolchannnels.com francearefrogs.xyz fredmartinz.com fredokrug2.temp.swtest.ru freeelscghf.ug freycinetvista.com.au fssshipping.com fullappz.pk funpay1.000webhostapp.com fyvittyo.mywps.me gamervordl.000webhostapp.com gamesenser.000webhostapp.com gatertayer.xyz gatsby.best geggegegegegeg.000webhostapp.com gemateknindoperkasa.co.id get-free-btc.000webhostapp.com ghbjdfvbxc.ru ghost250960.worldhosts.ru gineuter.info glom-2019.com golder.hk gpsindia.biz grabberweter.000webhostapp.com gravyshop111.000webhostapp.com gravyshop228.000webhostapp.com gravyshops.000webhostapp.com greenzo.xyz groysman.club gta-fast.pro gtxlpfirefly.000webhostapp.com gwinxx.com gyjn.000webhostapp.com h145197.s27.test-hf.su ha4cker.000webhostapp.com hack4you.ru heddguardian.website heryantosaleh.xyz hodrika13.myjino.ru hohrn.myjino.ru hojokk.com homieshing.temp.swtest.ru homiletic-submarine.000webhostapp.com hustdomains.host hvhboss.000webhostapp.com hvhcsgo.000webhostapp.com hvhlegendpro.000webhostapp.com hyperlan.xyz id8053.com ignatsuhac.temp.swtest.ru ignovikovo.temp.swtest.ru ikemturkey.eu3.biz imlubu.myjino.ru inboxindexwin.kebapkokorec.com incorporatebelize.org infos2020com.fr insuncos.com iruta.ru it-ha.ru itsallaboutthetubmans.com ivanover.beget.tech ivchenkosv.online iwkvndkkasfsd.ug j1019443.myjino.ru j1019553.myjino.ru j1034033.myjino.ru j1036203.myjino.ru j1041445.myjino.ru j1047544.myjino.ru j6g3fzp.5k5.ru jayrolzcashout.000webhostapp.com jcvksdf.ug jddjj4j4j.000webhostapp.com jdjjegellowd.duckdns.org jehard.000webhostapp.com jerichoconstructioncompany.com jiemoh13.000webhostapp.com jjjaya.zadc.ru jlckey.000webhostapp.com johida7397.xyz jonas1athan.xyz jordinoalebri4.myjino.ru josephgrief.000webhostapp.com josephgrief228.000webhostapp.com junkjorejacke.space jusqit.com jzvhzmu.duckdns.org k90177j3.beget.tech kahtamarkalar.com kakawevich.temp.swtest.ru karamelka1.000webhostapp.com karamlol.000webhostapp.com kaso.cf kecid.ru keklolymai.temp.swtest.ru khaliddib398.xyz khjbndgvbxc.ru killersam.beget.tech kino-dom.pro kitchenraja.in klickus.com klickus.in krork.xyz ksk36139ev.temp.swtest.ru l2c9b1d0.justinstalledpanel.com l2orion.beget.tech lamefrp.xyz lasinka.000webhostapp.com lasvegas.beget.tech lerteco.ug lexentaazor.me lifeisbetternow.ml littlebarbar.online livdecor.pt liweff.eu logiakk1i.000webhostapp.com logroom.top m11necraft.000webhostapp.com marashmara.dx.am marroiq.com marsksfdgdf.ug martinicos.had.su massivedynamics.pe mcxlxad.ug medireab.ga memotech.cf menylead.xyz mez.kl.com.ua mfekm.club microsft.beget.tech mikeservers.eu minerkg.myjino.ru mixaton.000webhostapp.com mmuell.com mnjkoug.ug mociwanf.beget.tech modcloudserver.eu moonman.beget.tech moquite.ga morhenshtern.com morsee1337.beget.tech mr10.duckdns.org mrkennylove.myjino.ru musicwwv.beget.tech mvhgjvbn.ug mybogeyman.com mzaky.com narkoman1337.000webhostapp.com nazarvitalik.000webhostapp.com networkboardspinof.com newazo.info newnewnew228.su.swtest.ru newplug.monster news.gruzotaxi.dn.ua newsize.in newwave.host newworld.zzz.com.ua newxico.kl.com.ua nextbridge.info nicecars.com.ar nikitaakimenkoklass.000webhostapp.com nokiahuyviyphone.com nootpositivo.xyz noratting.xyz nothing.monster nsabeau.com.my nsgvcxzcv.ug ntrcgroup.com nunugurl.xyz nvutionefasfsa.000webhostapp.com obimmaa.ir officelog.org ogzetmailc.temp.swtest.ru olgaa.ir online3130.000webhostapp.com onlygodem.com opera3773.000webhostapp.com opira.000webhostapp.com ovdoker.myjino.ru ovz3.skazkatut2222.px7zm.vps.myjino.ru partnercoin.ml patayka.000webhostapp.com pate1k.000webhostapp.com pathofexile.host patrilinear-mixture.000webhostapp.com paufx.000webhostapp.com pavaroy5.beget.tech paypasecureservice.com perca.ir performancehaelth.com petr555.beget.tech petrovasik.beget.tech pickel666.000webhostapp.com pizdaruly.000webhostapp.com pizzamazz.000webhostapp.com planktondavid.000webhostapp.com pnumbrero3.ru polarisp0laris.000webhostapp.com pom4ekk.myjino.ru pom4ekoffi.temp.swtest.ru prmcsdgs.ug pssa.000webhostapp.com purity.monster qiwi-api.site qlibasketball.com qukz.000webhostapp.com razlockas.beget.tech referral-casino.club reliancectg.com rentfare.com rgmechanics.fun rhaeecetbsgmpbulkfz4rhmw.xyz roling.000webhostapp.com rollscar.pk romasshved41.000webhostapp.com rqx10504bc.temp.swtest.ru rrgodshsf.ug rulletedonut.000webhostapp.com rupoc.beget.tech russellipm-storedproductsinsects.com ryiew.beget.tech ryvan000.xyz sadhukha1n.xyz sakataexpl.temp.swtest.ru samaaj.org.pk samperbbcash.000webhostapp.com samwellgs.com sashavpisdu.000webhostapp.com sber-host.000webhostapp.com scogcs.000webhostapp.com sdadsfdfsf.temp.swtest.ru sdfg34av.beget.tech sdfsdfv.ru sdn003kaubun.sch.id seijs.site selftasarim.com sendi118.hostlife.link server20.duckdns.org sespipilmu.myjino.ru sh1000816.had.su sh1007969.had.su sh1035797.a.had.su sharjoff.000webhostapp.com sinkable-ingredient.000webhostapp.com sisse.site smartlinktelecom.top smddd.monster snowagainfearfreezesagainagainitfeelslikeiceisinmyhands.space sosatsuki.000webhostapp.com sostupid.ac.ug spartltd.com spartvishltd.com spede.000webhostapp.com spherewinner.ga st11llers.000webhostapp.com stalker098.000webhostapp.com stalkeronline1.000webhostapp.com stalkershops111.000webhostapp.com standartjuke.info starf1.000webhostapp.com stcubegames.netxi.in steallog.tk stephir.ug stilakk.mcdir.ru stirgh.com stodfm34.ug strarwars.zzz.com.ua strtesr4.beget.tech sufficientblessing.com sukaponic.com superoleggamer.000webhostapp.com sw6jshf91sdqg.duckdns.org swandersd.000webhostapp.com sylvaclouds.eu t3lson.myjino.ru tacsi4niym.temp.swtest.ru tarasov.ac.ug tatle.net tawiwa6455.temp.swtest.ru tdsjkh42.ug techxim.com tenntechs.com terminal75.temp.swtest.ru test9812.site thori.xyz tiberton.top tillivilli.website tokorankoscr.000webhostapp.com tomylee.xyz topik07.mcdir.ru topsaller31213.000webhostapp.com tragee.000webhostapp.com tranpip.com transcendem.com trasjhsdf.ug trepeth3.beget.tech tribunitial-impulse.000webhostapp.com trimasjaya.com tslserver.duckdns.org tutvids.ir tylblasta.pw u0929560.cp.regruhosting.ru u0945186.cp.regruhosting.ru u4429322ee.ha003.t.justns.ru umka.elitkom.uz unitedshopbd.com updateapiweb.com uploadsnew.site uraganhokino222.000webhostapp.com user2332.royal-hosting.ru uzoclouds.eu v174990.hosted-by-vdsina.ru v178903.hosted-by-vdsina.ru v200235.hosted-by-vdsina.ru v200598.hosted-by-vdsina.ru v201750.hosted-by-vdsina.ru v202207.hosted-by-vdsina.ru v204306.hosted-by-vdsina.ru v205557.hosted-by-vdsina.ru v205579.hosted-by-vdsina.ru v205588.hosted-by-vdsina.ru v207213.hosted-by-vdsina.ru v207249.hosted-by-vdsina.ru vacompany.co.za vademics.com vc.kunwersachdev.com verifycrash.mcdir.ru veritynova.com vh332705.eurodir.ru video-ld.ru viebyvieby.ru vincecamutogiftcard.com vipmas15.beget.tech visitcolumbia.xyz vitya01.xyz vlad-kharin-2000.myjino.ru vovagaka.myjino.ru vplserv.duckdns.org vplserver.duckdns.org vware.duckdns.org vzlomvimeworldv3.000webhostapp.com wannabyby.000webhostapp.com warfik2020.temp.swtest.ru webpanell.website wedro228.000webhostapp.com weilbrain01.000webhostapp.com wertyddd.dx.netxi.in westbeast.monster whyuneedcrackfakesitehaha.000webhostapp.com wlcmyanmar.tk worldatdoor.in ww6.000webhostapp.com xcvfghfds.ug xenicolnc.mskhost.pro xinchaocacchau.000webhostapp.com xmode.duckdns.org xpologistics.ga xratfrd.duckdns.org xvcvhgnfdg.ug xxffornikationxz.duckdns.org xxl.fatedlove888.com xxpollacoxx.xyz xzcvuipofjgh.icu yandibiotech.com.vn yaroslavdimitriev.000webhostapp.com yoflccv.ug youtubinstall.website yuidfgxcvbxc.ru yuioph.beget.tech yx1.duckdns.org zantechcorp.online zenben.site zg-hose.xyz zidrekilta.myjino.ru ziggeroff.000webhostapp.com zxvcm.ug гала-про.рф # Reference: https://azorult-tracker.net/api/list/loaders?format=plain http://107.155.162.15 http://18.218.130.236 http://185.219.81.127 http://188.120.245.179 http://195.54.162.123 http://23.247.102.120 http://23.247.102.125 http://23.247.102.18 http://23.247.102.23 http://23.249.165.196 http://3.120.37.138 http://35.226.8.173 http://35.245.148.20 http://38.68.47.61 http://51.83.200.164 http://51.83.210.201 http://87.251.76.122 http://94.103.84.71 2c15b6d719.myjino.ru 8989898989.000webhostapp.com a0395941.xsph.ru a0403929.xsph.ru a0411983.xsph.ru a0417340.xsph.ru agxcvxc.ru alfreseamarine.com alvaros.beget.tech asdjsdfgvbxc.ru asdnbcv.ru avp.ie blastforcleaningservices.com blog.gruzotaxi.dn.ua blurstationcloud.com bores.xyz bot.lordgame.ru cashbackfb.com castmart.ga cd92647.tmweb.ru ceaee16e53.myjino.ru cheap9xxxx.beget.tech deathskins.ru deathsun1337.000webhostapp.com egtch.com emedtutor.com f0377252.xsph.ru f0400620.xsph.ru f0411256.xsph.ru f0420740.xsph.ru fdbvcdffd.ug ghost250960.worldhosts.ru infos2020com.fr innovarce.com jcvksdf.ug jjjaya.zadc.ru jlckey.000webhostapp.com lodergord.com manedina.top marsksfdgdf.ug martin-burboeck.com mcxlxad.ug mnjkoug.ug morsee1337.beget.tech mvhgjvbn.ug narkoman1337.000webhostapp.com nsabeau.com.my ovdoker.myjino.ru planktondavid.000webhostapp.com platform.clubpetnyc.com prmcsdgs.ug redmoscow.info regalo-beauty.com rrgodshsf.ug scooptek.com sdfsdfv.ru sdn003kaubun.sch.id seijs.site siddharthagroup.co.in sosatsuki.000webhostapp.com stodfm34.ug strtesr4.beget.tech tdsjkh42.ug tenntechs.com tiberton.top trasjhsdf.ug tribunitial-impulse.000webhostapp.com umka.elitkom.uz v200598.hosted-by-vdsina.ru vputin.pk wlcmyanmar.tk xxxgame.su yandibiotech.com.vn yip.su yoflccv.ug youtubinstall.website yuidfgxcvbxc.ru zxvcm.ug # Reference: https://app.any.run/tasks/ec033058-32fe-4e1a-81fc-ccd0ca4ba971/ http://kkarakas.com/wp-includes/css/mde/ http://gargiulo.com.ar/wp-content/file/ # Reference: https://pastebin.com/LRahpy2C annetka012.temp.swtest.ru # Reference: https://twitter.com/ninoseki/status/1260399404726415360 account-support.dynamic-dns.net # Reference: https://twitter.com/malware_traffic/status/1260685460113948674 # Reference: https://app.any.run/tasks/fdc5e34f-1f77-4043-bf0d-08de95051433/ sorrentino.ug vincenzos.ug # Reference: https://pastebin.com/izB7hkv0 bigassprod.ug caleromartinez.ug vjhscvbncv.ru # Reference: https://app.any.run/tasks/a1c1090f-9ce7-4576-b2ed-a8742528e378/ up908.viewdns.net # Reference: https://pastebin.com/0j1kCxhK http://195.245.112.115 http://217.8.117.45 http://34.105.129.68 aaronthompson.ug zaragoza.ug # Reference: https://pastebin.com/KZ24bymJ barcla.ug gadem.ug # Reference: https://pastebin.com/5Duq4yMm http://165.22.238.167 # Reference: https://www.virustotal.com/gui/file/d15893db9be633c577f9c696d02d939a980884f9a7808f884f1a7e74c4296c03/detection mypanel.pw # Reference: https://twitter.com/theDark3d/status/1281626092063862784 # Reference: https://bazaar.abuse.ch/sample/86be98c5baa52cf4df40a61ef4dba40a30fcbfb72b9bf1159440ca88ef382252/ # Reference: https://app.any.run/tasks/a1885401-aac9-4cc4-8a85-12c5b5ac679b/ mguy2934.duckdns.org # Reference: https://www.virustotal.com/gui/file/0de68f892f90bbaeca2655a2c55dafeae86a394e847187e56f335e0f596d76a9/detection voda.bit # Reference: https://www.virustotal.com/gui/file/ba8d3d5d0d4b0d2178ea3ed1ff72e49ac8f6b608aac2718c6cf9904390dbeb80/detection http://217.23.12.211 # Reference: https://pastebin.com/Hc73BzJT fdg44.zzz.com.ua h839492.duckdns.org hotelavlokan.com iktrit485.duckdns.org nesk.zzz.com.ua rememberu3.zzz.com.ua samp-shop.zzz.com.ua # Reference: https://www.virustotal.com/gui/file/7f24e120c406640f03e0c9ef4f531da03e49fef943b1066d8a9031a3f0ca7a54/detection bbxrxbe.vip bbxtlbe.vip bbxtsto.vip bbxwrto.vip bbxzkbe.vip bbybdbe.vip bbybgbe.vip bbyblbe.vip bbycxbe.vip bbyjlbe.vip bbykbbe.vip bbyknbe.vip bbyktbe.vip bbylhbe.vip bbympbe.vip bbymqto.vip bbyprto.vip bbyqkbe.vip bbyqmto.vip bbyrpto.vip bbyrqbe.vip bbyrwbe.vip bbysjbe.vip bbyslbe.vip bbywqbe.vip bbzbwbe.vip bbzbzbe.vip bbzczbe.vip bbzdjbe.vip bbzdyto.vip bbzfnbe.vip bbzggbe.vip bbzgmbe.vip bbzgqbe.vip bbzgrbe.vip bbzgwto.vip bbzhnbe.vip bbzhtbe.vip bbzllto.vip bbzmsbe.vip bbzmzto.vip bbznfbe.vip bbzymbe.vip bbzrjbe.vip bbztwbe.vip bbzwsbe.vip bbzxnbe.vip bcbxxbe.vip bcdnnbe.vip bchddbe.vip bchqqbe.vip bcjttbe.vip bcpnnbe.vip bcpzzto.vip bcqkkbe.vip bcrrrbe.vip bcsmmbe.vip bctkkbe.vip bcyhhbe.vip bcyjjbe.vip bczppbe.vip bdbdbbe.vip bdbmmbe.vip bdbrrbe.vip bdjccbe.vip bdjjjbe.vip bdlrrto.vip bdmhhbe.vip bdooobe.vip bdqzzbe.vip bdrnnto.vip bdryyto.vip bdsssbe.vip bdsxxbe.vip bduuube.vip bdxssbe.vip bdyjjbe.vip bebbbbe.vip becccbe.vip beecity.vip beeooto.vip bemmmbe.vip betetbe.vip bfbfebe.vip bfbftbe.vip bfbfxbe.vip bfbqqbe.vip bfczzto.vip bfdppto.vip bfdwwto.vip bffbbto.vip bffllbe.vip bfgddbe.vip bfgmmbe.vip bfgxxbe.vip bfhfhbe.vip bfjqqbe.vip bfjttto.vip bfjwwbe.vip bflflbe.vip bfmjjbe.vip bfmrrbe.vip bfpccto.vip bfpjjbe.vip bfqrrbe.vip bfqssbe.vip bfrfrbe.vip bfsnnbe.vip bfsqqbe.vip bfsssbe.vip bftggbe.vip bftssto.vip bfvfvbe.vip bfwllto.vip bfwrrbe.vip bfyppto.vip bfzqqbe.vip bgcffbe.vip bgdffbe.vip bgdkkbe.vip bgfnnbe.vip bggkkbe.vip bggwwbe.vip bgjllbe.vip bgjmmbe.vip bgkjjbe.vip bgmhhbe.vip bgnppbe.vip bgqggbe.vip bgsjjbe.vip bgsllbe.vip bgsyybe.vip bgtbbto.vip bgyggbe.vip bgyttbe.vip bgzbbbe.vip bhbccbe.vip bhbmmto.vip bhbttbe.vip bhdbbbe.vip bhdnnbe.vip bhjttbe.vip bhkmmbe.vip bhmxxto.vip bhnqqbe.vip bhphhbe.vip bhpmmbe.vip caranunjohnthet.com # Reference: https://www.virustotal.com/gui/file/449b653beca8c7b3765f140570931124d0b7012c91a66f8e3db3b70c0976b2cb/detection http://193.25.101.198 # Reference: https://www.virustotal.com/gui/file/e093ff4debcc037ff6e52e9afd4e068ab6230932372fedbfc8cdddb0539bdd77/detection a0451296.xsph.ru # Reference: https://www.virustotal.com/gui/file/de6d83f952fbcf923350a1431533862bfd089627406a9b0d349a6a8075648f02/detection hgfjhfs.ru # Reference: https://www.virustotal.com/gui/file/18fcf4bc4ea2b84ba7cb30afe4a9e9aff27bde0f4fcf4893181845ab5a4b7be3/detection 141.255.144.149:1604 # Reference: https://www.virustotal.com/gui/file/3354a1d18aa861de2e17eeec65fc6545bc52deebe86c3ef12ccb372c312d8af8/detection http://51.15.196.30 # Reference: https://unit42.paloaltonetworks.com/unit42-new-wine-old-bottle-new-azorult-variant-found-findmyname-campaign-using-fallout-exploit-kit/ plugin-update.space # Reference: https://www.virustotal.com/gui/file/521e94b46a1f09d09622da1ec81f90bbe9b5a8d43d8f9fb78bbd7bd591927a8b/detection 185.50.25.35:20906 m9530297.beget.tech ozperdfcgdeuufjgobmn.000webhostapp.com # Reference: https://twitter.com/JAMESWT_MHT/status/1297915252961685505 # Reference: https://www.virustotal.com/gui/file/ba72a26e3dce2e9b8eed40b0f9a639e045bba96a3f6e6bdcc55bc48b64ee5c1b/detection andreas.ac.ug markopas.ug # Reference: https://www.virustotal.com/gui/file/23740791b259a3651e60a6d1de32ca87d8eb77f53716866f70ccef2dedfa9486/detection shum33.beget.tech # Reference: https://www.virustotal.com/gui/file/b9635e1cc8769d196d0411b2e5ec89c7b198ad74e03f3d84d9c559fbf0c6e20e/detection o96482z0.beget.tech # Reference: https://www.virustotal.com/gui/file/33d7ca3aaf4d2a8e6385238aab284aadb2f68cbb6e6dccb4eb6ff9ce0df79a98/detection srv165574.hoster-test.ru # Reference: https://www.virustotal.com/gui/file/21904a7836d84eba0404ac2653a8bb389938f25b54fe0e6bc69397912887efea/detection troyan1845.beget.tech # Reference: https://twitter.com/James_inthe_box/status/1303686207658840070 donandgino.com/broom/PL341/index.php # Reference: https://www.virustotal.com/gui/file/de99657582ac0f366bb07b95055b1afd1f4967bba5c44f08ca6d6620f5744941/detection ch63610.tmweb.ru # Reference: https://twitter.com/DrStache_/status/1311976984935903232 (# Covid Stealer) # Reference: https://www.virustotal.com/gui/file/d7d7ee33a95fb43312bf1ebe4e7a106ddfb5ef80097137cc2c87a014acc7e629/detection 888security.ru /c0visteal/ # Reference: https://github.com/pan-unit42/tweets/blob/master/2020-10-05-AZORult-IOCs.txt # Reference: https://www.virustotal.com/gui/file/bded178ace7d6b0dbe7a052affed96368d3842d265633b127ac0e03f6c38f170/detection # Reference: https://www.virustotal.com/gui/file/b2fe9bcc932ea65ec98318fd983e862172123cab111e728d97c23258749521c7/detection http://192.236.178.80 books.myscriptcase.com # Reference: https://www.zscaler.com/blogs/research/targeted-attacks-oil-and-gas-supply-chain-industries-middle-east # Reference: https://otx.alienvault.com/pulse/5f7df7e1199943dafd83119d aljaber-llc.com crevisoft.net nsseinc.com # Reference: https://twitter.com/DrStache_/status/1317844075735896064 # Reference: https://app.any.run/tasks/55a45d1c-70b3-41a9-9af2-c260b06ae0b3/ # Reference: https://www.virustotal.com/gui/file/326facf2ef38debffa4f5ab8ef88cab11e24e9ea652c07040c6ffe13a3c07393/detection # Reference: https://www.virustotal.com/gui/file/bbdff451894fb80c2715bd3fe8a13e69f907a713414712fd75c1d731c9b9c82b/detection azor.vds2018.space /panel/html/serverinfo.html /panel/html/fullpage.html /panel/html/crypto.html /panel/html/menu.html # Reference: https://www.virustotal.com/gui/file/dd668abafa9cbdf937e710f2e2e7f6228ca99c7a226b507d43f887c03dff8509/detection http://45.95.168.162 # Reference: https://www.virustotal.com/gui/file/cf1d71883d710476545480cb10cf74a91509834cf343e7240d83d9e6a0339528/detection http://5.9.239.131 /azorme/ # Reference: https://app.any.run/tasks/f00c7f82-788e-4966-8db5-a54621bdcfab/ http://45.137.22.58 # Reference: https://twitter.com/James_inthe_box/status/1318923060762701824 shakeelgroup-bh.com # Reference: https://app.any.run/tasks/84b9fae1-a859-4722-a8a2-73a65f6fd0d9/ # Reference: https://www.virustotal.com/gui/file/6694708c90096d931f17698f94d8c48b56d419e67d2362501bedfd7b94362cf3/behavior/Tencent%20HABO # Reference: https://www.virustotal.com/gui/file/240f55fafb81c3086ccd7208babddd8ed96e114709db24b99034053ac73a6f38/behavior/Dr.Web%20vxCube justritepharmacy.com/mad/FTP/ # Reference: https://twitter.com/MBThreatIntel/status/1321156864487297024 skilldrivinget.com # Reference: https://www.virustotal.com/gui/file/67a129ce4d73f234cec10177cd4a891de11fb737c23b385c44ea2232640adbe1/detection # Reference: https://www.virustotal.com/gui/file/0e27ae0c23a66b4259c6804ba4201843735f0022e0e354f2e854100140a4482c/detection # Reference: https://www.virustotal.com/gui/file/34f9cb62eafb28d58915139a0d3f1c0738b373fa9331411740f6d4392de23916/detection # Reference: https://www.virustotal.com/gui/file/6f7c6e57f6ed202870fdc848165d2b9f528139b5c33659a41049284714d79355/detection # Reference: https://www.virustotal.com/gui/file/f92e59b92af516cb41377eb8ed63143e7f728a00271a6a15a7e53c32caedc210/detection # Reference: https://www.virustotal.com/gui/file/e7e8c8e52b0b709ab8815c4f6b47318aef2a871b9a031da22fd382a151fbc57e/detection 52pojiedilidili.ddns.net # Reference: https://www.virustotal.com/gui/file/93929bd2d140ca638594136ff62a34082c293ccd527a31b6fc34e1d2c1530f6f/detection bprbalidananiaga.co.id # Reference: https://blog.sucuri.net/2020/11/css-js-steganography-in-fake-flash-player-update-malware.html techvita.biz # Reference: https://twitter.com/JAMESWT_MHT/status/1323630002697576448 # Reference: https://www.virustotal.com/gui/file/ff3e2f2fe988d10c72aa056a9220a32e6ed9db7204df93713aa9451682c2c630/detection alhelli.com/babtest/temp/mem/index.php # Reference: https://twitter.com/wwp96/status/1325859445679779840 # Reference: https://app.any.run/tasks/edcc5ed8-fd1a-4524-87e3-203534d64cdb/ exportersgateway.com/scr/em/index.php # Reference: https://www.virustotal.com/gui/file/6499b3ecff1d79dbab7cccc698a1062f0f297031d02996a5f1bebf992653a18d/detection # Reference: https://app.any.run/tasks/c7095708-8135-48a1-8260-39f2de2401fc/ http://185.208.182.54 # Reference: https://www.virustotal.com/gui/file/aee8a95953aeef3346036ad7c6ef4ed810d7d7b3300c00de31c4d032313519b4/detection kosmixworld.com # Reference: https://www.virustotal.com/gui/file/30cdf7ffc71fa22cb1f35a23a165ae98e75a4664f765c2ff7e35cba94fcd93d1/detection # Reference: https://www.virustotal.com/gui/file/9b66422ac25306c2b693976c3e8dc8498a93c79e8677d059b8828fd32a309601/detection askjhdaskdhshjfhf.ru checkerrors.ug # Reference: https://www.virustotal.com/gui/file/c3599c311742c2a72482671222344ee20dd3361a40c71a2c7b7aa2e26ae7eefb/detection backgrounds.pk jamshed.pk karimgousa.ug karimgouss.ug # Reference: https://www.virustotal.com/gui/file/d8fe3bb90f0968d3456c582b2352a6d59ad36f35481cc8d2a67313393890a488/detection puffpuff421.top # Reference: https://www.virustotal.com/gui/ip-address/217.8.117.77/relations aaron.ug albertoj.ug aleaiasko.ug alexliasko.ug andres.ug bilbosaquet.ug blockme.ug bnixons.ug fineme.ug jamesrlon.ug jamesrlongacre.ug leatherlites.ug letitburns.ug levitt.ug levitts.ug limjerome.ug lubancx.ug lucab.ug ludivineemery.ug ludivineemeryx.ug mantis.ug marcakass.ug marcapslsa.ug marckapiksa.ug markopas.ug marksidfgs.ug michaeldiamantis.ug morasegio.ug myhostest.ug myhostiger.ug nicolas.ug nvbcdfsvxcs.ug opesjk.ug opsdjs.ug pablito.ug pabloq.ug parajiti.ug playwell.ug projectx.ug projecty.ug projectz.ug singaporeunited.ug singsing.ug time234wa234rper346465432.ug timebound.ug timecheck.ug timekeeper.ug tomasisa.ug triathlethe.ug tribunal.ug uytgvhdfsdxc.ug vcxxzazxc.ug wellplayed.ug zaragozsa.ug # Reference: https://twitter.com/ANeilan/status/1328486336119140352 # Reference: https://www.virustotal.com/gui/file/8d696b65d4acb8a12602ddd00bc6ce8b60df2916b68d8d16b25c3d62295b16fe/detection redeem-offer.serveirc.com stonybuck.serveirc.com # Reference: https://twitter.com/Circuitous__/status/1328821152479899653 # Reference: https://app.any.run/tasks/80903179-908a-4199-bc89-d3f1390a0bd3/ hgygbgfazoruthyshbcfzjzkdgbzbdzzsddfxfsa.ydns.eu # Reference: https://twitter.com/JAMESWT_MHT/status/1331550156416757765 bazaarkonections.com feltongexp.com # Reference: https://twitter.com/MaelSecurity/status/1333312479129202688 # Reference: https://twitter.com/malwrhunterteam/status/1309044455018725381 securehost-verify-paypal.serveuser.com security-updates.duckdns.org # Reference: https://www.virustotal.com/gui/file/1120f826610d2b23d02bc7ea60a3ee7e15655ecc27037f293a21738c7559532e/detection # Reference: https://www.virustotal.com/gui/file/60bbcd4188e2c2cb6f77947817aef831d043403c55ce6f44ffad68ac03930857/detection http://185.68.93.10/index.php # Reference: https://www.virustotal.com/gui/file/d200ffaaa4a89b8e38b0d8c78efbbad75375ed3e6e9ed7537cc745bac59f71af/detection fastandprettycleaner.hk # Reference: https://twitter.com/wwp96/status/1336040234572713984 # Reference: https://www.virustotal.com/gui/file/f12392225fb5e02257c06b970cd03505f6a5b13926488a638c58f4b101c91747/detection paratuseventos.cl/doc/nov22/index.php # Reference: https://twitter.com/wwp96/status/1336340777681756160 # Reference: https://www.virustotal.com/gui/ip-address/158.101.98.57/relations http://158.101.98.57 # Reference: https://twitter.com/wwp96/status/1337521500157579271 enugeresult.com # Reference: https://app.any.run/tasks/250f844d-f588-4515-a388-db668279b365/ fullmilion.site # Reference: https://twitter.com/wwp96/status/1338894502023585796 http://18.184.52.107/index.php # Reference: https://twitter.com/K_N1kolenko/status/1339470245812170753 addaxgs.com/game1/PL341/index.php # Reference: https://twitter.com/JAMESWT_MHT/status/1339444182650413056 paratuseventos.cl/doc/nov16/index.php # Reference: https://www.virustotal.com/gui/file/c3d0c76d8f14f098528be4d1bacdafd4ef566fd10599656363bd9e5dea082200/detection tursaf.org.tr/temp/bb/index.php # Reference: https://www.virustotal.com/gui/file/411ba88c1f44e426daeb4540da4968a979fdf9405d36a0a9d24d509e6a4f89da/detection mmuell.com # Reference: https://www.virustotal.com/gui/file/d4183fbc4383736e89445cfe10bd8bd7b5a9f9f906fc404136f8ca6fed8869cb/detection docusign.bit # Reference: https://app.any.run/tasks/ff8f221e-116a-4d69-bb9f-dd13578138ef/ pdr-acn.com # Reference: https://www.virustotal.com/gui/file/09b5f51b6227d6e20d2abf42c7e815877a745bb479c14e9e1156a0ab5c4ecdc3/detection w4neszgmai.temp.swtest.ru # Reference: https://www.virustotal.com/gui/file/b543c53415186ccaf9417884dd2acf854e5b1581d0825a5309a49b1d690c4ebb/detection hellthrash.temp.swtest.ru # Reference: https://www.virustotal.com/gui/file/0cbe23d754a61c248882ce469e3db840e41485a819508219983ca4a07ba39e18/detection egorseledo.temp.swtest.ru # Reference: https://www.virustotal.com/gui/file/c61d73859b02ffc43aeaa56186d080eb8ea964bed028db2797215d30c97a1268/detection rusgusev34.temp.swtest.ru # Reference: https://app.any.run/tasks/806f2c56-309b-4dac-877b-0af4b9080db0/ kvaka.li # Reference: https://isc.sans.edu/forums/diary/Another+File+Extension+to+Block+in+your+MTA+jnlp/27018/ # Reference: https://otx.alienvault.com/pulse/600b381596cb873e98e49c0a sec-doc-v.com secured-doc-read.net # Reference: https://app.any.run/tasks/59c465f0-4539-478b-9487-02f1ab03f3e5/ gandokiblit.pw # Reference: https://app.any.run/tasks/2c8c2f47-e965-4ca7-ab5f-bf8bcefd74b2/ dancedance.ac.ug # Reference: https://app.any.run/tasks/e63f180e-d938-44fb-bc4f-79dccd82dba3/ azurolt.000webhostapp.com # Reference: https://app.any.run/tasks/5c6f7ada-3375-4fe9-926d-42e911bc6318/ http://168.119.250.13/index.php # Reference: https://www.virustotal.com/gui/file/167b4ea4aa3cfb345ed278c50d28caf1e143dec4980b2641135f0cf986dc7368/detection clicktraffick.info # Reference: https://twitter.com/danusminimus/status/1354360935733932033 # Reference: https://www.virustotal.com/gui/ip-address/168.119.251.131/relations http://168.119.251.131/index.php # Reference: https://www.virustotal.com/gui/file/b9e7de3da50e25c1fd21e44af50e3175deab9b41badab394efda196cf239aa10/detection a0305771.xsph.ru # Reference: https://www.virustotal.com/gui/file/f0b05ac7dded26ff449773b4f4bda5cab0a3f6ef6b26d0f34a11a6f146b15901/detection a0256746.xsph.ru # Reference: https://www.virustotal.com/gui/file/e4cdbeeb952389ff5c3e4160bfa66c687276ddd75ba4f657add1c734d7f4d135/detection f0367026.xsph.ru # Reference: https://twitter.com/James_inthe_box/status/1356260376774471681 # Reference: https://www.virustotal.com/gui/file/ac5d1899b4d35d58834345ec472f3f563acee876548573df81f920c5d3d0f17b/detection http://62.151.180.105/index.php # Reference: https://www.virustotal.com/gui/file/a719f129ee76ad51c30ddef01f9f4cf787c879fd52296f500e006505fee68e88/detection trixi777.org # Reference: https://www.virustotal.com/gui/file/d72f484fc3f9252652299646e7c92a9b3cc2d358ee40e3cd48e279d715cba40d/detection utkin.club # Reference: https://twitter.com/wwp96/status/1364234902665916421 # Reference: https://app.any.run/tasks/12d58fd5-2b10-4b2e-b3c7-f3bcdaa8f03b/ binatonezx.ml # Reference: https://www.virustotal.com/gui/file/fda7ae0764266f06a0ec09423b32b8f0baa6c9f749889ef1ca6b3a51e8eb8a9d/detection fredperryloveme.com # Reference: https://www.virustotal.com/gui/file/07c5ff057e60493775e93b0c24505da28e89c796d77b66acba7d0e461df80ca6/detection takeshykurosavabest.com # Reference: https://www.virustotal.com/gui/file/066d4cca37c52b8fdda42ea4dc3d6226f7e4181665332f4cfafaab128afaa91e/detection dik1agrg.xyz # Reference: https://www.virustotal.com/gui/file/041d02a3fa0e5b7cd67f20a4272a4efaa49988385cf6b309983a273d48b8ee91/detection http://74.118.138.204 upyourtext.com # Reference: https://www.virustotal.com/gui/file/05e478860c3429de7c28527ab3455a15c1adc1f13619cf7551f1b8f26f16c998/detection http://51.158.119.132 http://74.118.138.219 # Reference: https://www.virustotal.com/gui/file/2d632378e34539cfac5d733d7a44c3ca2f34a070fbd474af51347e53e189520e/detection http://45.85.90.188 # Reference: https://otx.alienvault.com/pulse/605c7c7e298ab79fcd48c1ea 00jn0.utsukushikaini.ru 2ozzu.kusaemai.ru 4apj41.asubeshi.ru 7zpngt.kusaemai.ru i8.asubeshi.ru l1.asubeshi.ru vabelian.xyz # Reference: https://www.virustotal.com/gui/file/cfc5438993ad3455523e9705d845a7f7353d3a7ec01ba1eb914019dac954da67/detection a0450603.xsph.ru # Reference: https://www.virustotal.com/gui/file/2676af0633e8f5013418b512e935fb6c0c6a40ed5424013b9a33f930167afec9/detection a0449910.xsph.ru # Reference: https://www.virustotal.com/gui/file/2f4dc31023ec39356b3aa220863cba0ac8b25770641423bccf79ee2b10d77278/detection moreirawag.ac.ug # Reference: https://www.virustotal.com/gui/file/5e4b05177d83103bfbdb68559483437f1f25d846286fe770dcd2ff7f320177d9/detection a0402617.xsph.ru # Reference: https://www.virustotal.com/gui/file/0d6feb7f770efa62c229f96f8725c404d9fc98be37f7087b4a39e928e25dbda1/detection a0397623.xsph.ru # Reference: https://www.virustotal.com/gui/file/b8afe40d8a49e471bf44e4cddab332bada19040c0e430e07d48070da32f6e5e2/detection a0406347.xsph.ru # Reference: https://www.virustotal.com/gui/file/60168a4fec279a4b7b550fa7a7a39940607bdbba75cf8b82f031db918b5c8dfa/detection a0406617.xsph.ru # Reference: https://www.virustotal.com/gui/file/80f5be3f2aa2c96faa515e1de4291a5a567a86561247ce1a9057c4c4668cd76f/detection relpek.site # Reference: https://www.virustotal.com/gui/file/74ab7b0f07de3de8583448c6cc24b2ca14f649190dae8cf1b759c6141fd9a902/detection hosting1328.pro realizeit.club # Reference: https://www.virustotal.com/gui/file/e8b05eac5500a70ab9cdcf55d3449d272977c6a93b217ea0abe14f92743179d2/detection 4zavr.com atvua.com detse.net dsdett.com dtabasee.com yeronogles.monster zynds.com # Reference: https://www.virustotal.com/gui/file/08c66630932fe1b3895ea2d94e73c6066ce5df8d75ada46424994ecb3b0dc7d5/detection dingobossin.com duda1.monster jamb2.monster oversun.monster oversun.net # Reference: https://twitter.com/ActorExpose/status/1378104282361237509 /AZORult%20stealer/ /AZORult%20stealer.zip # Reference: https://twitter.com/James_inthe_box/status/1379789805530140678 # Reference: https://www.virustotal.com/gui/file/9aee92df3530cb75fb37ffe332199dc0a61718a010d34fc48dbbe16fdd1b3154/detection staging.onyxa.pl # Reference: https://www.virustotal.com/gui/ip-address/83.166.244.163/relations # Reference: https://www.virustotal.com/gui/file/be8bbdc35051ed7a5a6559015576925da47d1c95484f43fd817c6fc8ac22870d/detection managemyshoes.tools mydolcegabbananewshoes.com newwavesshoes.tools # Reference: https://www.virustotal.com/gui/file/7b167ccd1690fc404cfb513ee00c39f968183d93d08c22f4d7c58fb1f3b4607d/detection tequlinersin.com # Reference: https://twitter.com/wwp96/status/1385599004294135815 # Reference: https://app.any.run/tasks/3612bf52-bf05-4b8a-bf1f-14314a89f50c/ smkn1cilegon.sch.id # Reference: https://twitter.com/h2jazi/status/1387194933904351234 # Reference: https://twitter.com/h2jazi/status/1387194935607185416 # Reference: https://www.virustotal.com/gui/file/9ef2d114c329c169e7b62f89a02d3f7395cb487fcd6cff4e7cac1eb198407ba6/detection 194.147.142.232:8080 # Reference: https://www.virustotal.com/gui/file/5ca2b5e15a95444a53f461e3bef21b9ffae1d7f4c4a679c591ff1ac67bda47cd/detection dsdfgdfshfgh.ru # Reference: https://www.virustotal.com/gui/file/bd6e50992b8d302359fd95c467681e74d8bf0754ebc87c5a654c7976e16ecb66/detection jatkit.gq # Reference: https://www.virustotal.com/gui/file/446afaa81b8501faa8ab3062d7971d3f78c1f48d06dae61848337dd8ef9041e2/detection a0273912.xsph.ru # Reference: https://www.virustotal.com/gui/file/827a26816eb8e12b5295f2cbcc16cf48a0047c774faf518970b2b09016beed68/detection microchiip.com # Reference: https://www.virustotal.com/gui/file/f8488eaf800c253ed79f6afbbc16e4182784c93263709a393767348ec096bfce/detection qick.icu # Reference: https://www.virustotal.com/gui/file/254b5bb22e3ecc2dc1d2b6899c63963bfb29c04318d642765956cb48e2418851/detection bixtoj.gq # Reference: https://www.virustotal.com/gui/file/2af35de504def07e913eca613675f1413473d47e66065211fabc974d591a2986/detection rgshops.ru # Reference: https://www.virustotal.com/gui/file/a5cba2e336746c42aff9164b6ae36b0f1ef926364ab0b9af6625a633f333f794/detection donp.online # Reference: https://www.virustotal.com/gui/file/dba5368c691f1836ba2b226e08f7248c187e50f3bcad22ff47f21d533589d1ed/detection n91836wz.beget.tech # Reference: https://www.virustotal.com/gui/file/bf9be331673ef37700a739a23a5d418f4fb97149a1893d93f530f5998a91fe78/detection cd63401.tmweb.ru # Reference: https://www.virustotal.com/gui/file/555433b782882e7cec13c02cbe498b2f44006b955e19ca045fe2fcba9c4660f0/detection googletime.ac.ug # Reference: https://www.virustotal.com/gui/file/a99a5a61543b771306687fb71ca86b27f28760c07a8e23a979d1bc39f090cedc/detection slesk.icu # Reference: https://www.virustotal.com/gui/domain/foarsite.ug/relations foarsite.ug # Reference: https://www.virustotal.com/gui/file/4d0976b216dddfbd1a49cf7e2eb242567c157a51e1cac15ee923c823f68a30b5/detection sery.ga # Reference: https://www.virustotal.com/gui/file/42939f3527ee13fc7c7da1df87493ae78c2f6c33438f96fe914f2fd662a7c77c/detection deciss.gq # Reference: https://github.com/hardenedlinux/hardenedlinux-zeek-script/blob/master/scripts/frameworks/intel/OSINT/CYBERCRiME-03-03-19.txt azor.pw azorul.tk # Reference: https://www.virustotal.com/gui/file/dbb17606fb37bde68bc8dbca8a1f3437d77d22194ab8cd50af4487c91d25cf02/detection 45.63.60.194:10000 fasterpdfeasy.xyz fasterpdfinstall.xyz fasterpdfreader.xyz fjghdkehg.com j4ms8d0ftrwi.com shar2345ewater.site # Reference: https://otx.alienvault.com/pulse/608bf27cd5f606858c41d371 # Reference: https://www.virustotal.com/gui/ip-address/82.148.19.199/relations # Reference: https://www.virustotal.com/gui/file/f9fe8c62e7382cd9b7b1a500ba6265eb14c66f16a0c1a0fac7b1b4f809f2269f/detection lexusbiscuit.com/OiuBn/index.php brokentree.top sodaandcoke.top thearcane.top wrongwindow.top # Reference: https://www.virustotal.com/gui/file/0d2302804b7f35ada52f7131786250304c3b1988e533b1b86ea8dafc71c84f9b/detection f0528018.xsph.ru # Reference: https://www.virustotal.com/gui/file/2d25d136b12c900209489988b87ec94520c0734f4f31d4497fa47dfefc551bb4/detection privatecyber.site # Reference: https://www.virustotal.com/gui/file/38806d8372f8465c4775009362b83b94024fc6a280e3c83c476dec3852bcd2e6/detection a0528438.xsph.ru # Reference: https://www.virustotal.com/gui/file/420f0b012feec215e574538efd8d286852dfc7dc382950c5bf9894ff84a2f6f0/detection updateinstall.xyz # Reference: https://www.virustotal.com/gui/file/1386dc0a3355043ae0ba45a52f1b3bb14a0f58151dcc3297b8a594fe9dfafb07/detection dalletenterprisesltd.com.md-hk-7.webhostbox.net # Reference: https://www.virustotal.com/gui/file/cf77e8248335b8c2c605568ba3cab1a17657bdbd765106675637c8d6fc893b16/detection http://51.15.243.101 # Reference: https://www.virustotal.com/gui/file/34fe204c799a050ea53654be35e0bdaa75734b02191ef3fd6c8284b791c34bcf/detection nailedpizza.top wialadyar.xyz # Reference: https://www.virustotal.com/gui/file/d4bd200c874c631fac478abe2b97cd4cca22804e2d79f0b0b4ba77fe030ea22e/detection ff4.zzz.com.ua # Reference: https://twitter.com/c3rb3ru5d3d53c/status/1392549513886375945 webcat.ir # Reference: https://twitter.com/Racco42/status/1394679713260523521 wetransfer-net.duckdns.org # Reference: https://otx.alienvault.com/pulse/60a8f36fa2f823b5fa1a7372 # Reference: https://www.virustotal.com/gui/file/a9d7457834c3b27e451d027c0242f23cdd61f3c1b9c496d010e0693d0b15f225/detection initsl.ru i.initsl.ru # Reference: http://tracker.viriback.com/dump.php (# Azorult) ukoooosmeheraa.top /xasra22341/xasv234111.php /xasra22341/ /xasv234111.php # Reference: https://twitter.com/c3rb3ru5d3d53c/status/1400433975072636934 # Reference: https://www.virustotal.com/gui/file/e901e2054019aebf7ceebc6d9ef3ed94b1428270df7824376a808f9d128f95f8/detection u108337.test-handyhost.ru # Reference: https://www.virustotal.com/gui/file/974e6e6007d79a9489d527922d8e6c2c9ea9319e069e6cb7cb1e9fcd575df15d/detection vet.hr/sql/udo/index.php # Reference: https://www.virustotal.com/gui/file/edb3c12660dc03e7d4ecb5cf7a930d6acab3f7b87afcba2237b95ec82e69b02e/detection sex-wife.info # Reference: https://www.virustotal.com/gui/file/b1b485016771b585d364c4696a9f7e565257e29508c1e8f7da94e0c7922b925f/detection # Reference: https://www.virustotal.com/gui/file/4c6240772603eff2d1c58bb948a8eb5afa24619d5ea2c715e8d80839a432e8c6/detection linksolex.duckdns.org xtrafetch.duckdns.org # Reference: https://www.virustotal.com/gui/file/d458e0b319f690fdbe809d9f5e1ad03ab251bc90689e61bfc1714484dcc96d96/detection ts3host.ddns.net /runetobv.html # Reference: https://www.virustotal.com/gui/file/869548684055a776daaf3f0076bdbd3cd512feaa219190a45fce2e0b1314dbd7/detection kabansekach.website # Reference: https://www.virustotal.com/gui/file/a60713886794a3e5cfdddee670a589c2d313353e0e11f7a3e71dd1917dc564b2/detection bronze2.hk # Reference: https://www.virustotal.com/gui/file/698b5388711ffee17a16b9c937f1edaf22a79e3448508a4d51e2f8ce2d088bbe/detection siberiangoddess.com # Reference: https://www.virustotal.com/gui/file/4c948aed6c5d1e44b0b3e7ba4a40b1742e451e78949db9c9842df930e5fd85eb/detection http://212.192.241.203 # Reference: https://twitter.com/sS55752750/status/1408576660035735552 magen-tracks.xyz # Reference: https://www.virustotal.com/gui/file/b84b2f748f0e05c63e0cae6207b3a9f0051146f4a00ce3759023766daa0a9902/detection uuusssaaa.ac.ug # Reference: https://www.virustotal.com/gui/file/be2a109b1b2fcce4bf144082fb6b51731161f728014b2eac1304b0d15779b89f/detection pouring.ac.ug # Reference: https://twitter.com/wwp96/status/1410612216424910852 # Reference: https://app.any.run/tasks/6e391e66-1ce6-4ea6-aa72-bc8c4f80a617/ http://46.183.221.10 # Reference: https://www.virustotal.com/gui/file/18581044dbdf0b557aeb81598217c07c29ad2e2cd6b7dd600fe0aa64997a3803/detection http://104.238.137.224 # Reference: https://www.virustotal.com/gui/file/0ce4f6e71e484cebce7f69ca5be2c4ad6af62a637c7aa1e303052e43e0355720/detection # Reference: https://www.virustotal.com/gui/file/11e6160d345211f27cde5c1d9b9c7ed07b10a8b749347eca0a5c3eccbc729b8a/detection http://108.61.161.76 # Reference: https://www.virustotal.com/gui/file/72d1e2cfaa93657623abdf4550549bc4fba31ef86c1e66fe8e8128b3eda44798/detection f0528671.xsph.ru # Reference: https://www.virustotal.com/gui/file/1ec60aaced1f41bd75fd22f58cd4f940690c0c2902ceea8f1e5e1f304dbffec2/detection frannn.duckdns.org # Reference: https://www.virustotal.com/gui/file/cd1fdb46f601a331366d5a5a9def0d60c0f930e6b0a89addc9e22b6842812b78/detection gdelogiblya.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/98c71b2a09aac619e6216958b003368bb896f8c7f18affe28a5756e0442f1096/detection host1714380.hostland.pro # Reference: https://www.virustotal.com/gui/file/fa34352f3aec8d28f7e9ebc21a01c3a32e98620790ca91e29ad385919c0e213d/detection preciousgoodness117.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/39dc50c1076080fd2bfb9e80eda6fc16d3fd22c8e8fc94375b5a93f6e2f7b1d3/detection mmeetalss.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/e8178770be826de7e8e192c6300db0c8ab50d42677462afa0ab4b58be6ae14c6/detection hakimkoke.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/50bd910698476cea1b75d0290d60445b8e6afb51e4fc1dbef0d11b16ef799357/detection legend0.ru # Reference: https://twitter.com/malware_traffic/status/1423417162702770176 # Reference: https://www.malware-traffic-analysis.net/2021/08/05/index.html georgeprapas.com/cem/ carolinascarpelini.com.br # Reference: https://www.virustotal.com/gui/file/f499737ba52afcebce201b592ed56da7f99e4ede21fada99b4b678bdf335b5d7/detection http://136.144.41.251 # Reference: https://www.virustotal.com/gui/file/b5690748da97b845cf070cadcf8ac95e58592c0d8b08354b7adebfe243d7c75a/detection http://185.130.104.156 # Reference: https://www.virustotal.com/gui/file/2fcac77c3336e2d69c78e88728a6c8d5e95d4a9acea4258c6fd9710c77b4594f/detection spartaqs.bit # Reference: https://www.virustotal.com/gui/file/661ff724b4795ebf8e1846291e0f47ad405cebd011f0d2b048fb7bbd23d8f7de/detection yyttrrrhhhffff.info # Reference: https://www.virustotal.com/gui/file/5addf306783fd52033282acec2192063b0e3f98163ec89c85a70c5964e49ab02/detection fmgt11.xyz # Reference: https://www.virustotal.com/gui/file/a46eb911249614a7aaee405b1cedafd1e4e600075c9445187a9295db280011cf/detection mokasanaoron.top /mokasanaoron.php # Reference: https://www.virustotal.com/gui/file/9ecc0acb4141f4a11a536b2715309d18376f39a0bb7bff369bf63fc05c2449ce/detection testyourmindlol.top /testyourmindlol.php # Reference: https://www.virustotal.com/gui/file/00059dd028c99478ad5e8349c24cc7b4910ad089d06f5019b7d64392e9c99d93/detection ggg-cl.biz # Reference: https://www.virustotal.com/gui/file/307a069ecd59369e9825b9e24d84d5a92f6e4273c7d1d463d03cad06497dbe09/detection gcl-gb.biz # Reference: https://www.virustotal.com/gui/file/5cc0b73af93b99bb1013eeea3d9a3970c61d4053988c7cc0170b97458cdc1df1/detection http://54.38.108.51 # Reference: https://www.virustotal.com/gui/file/e6685ccd6cad1e316ed0cf7d5fb570c8442fbfc9a9e799041086287eb8f3e16a/detection highart.top # Reference: https://otx.alienvault.com/pulse/61dc20fc864a424a49a7c9cf jasaseobe.my.id pretorian.ug underdohag.ac.ug # Reference: https://www.virustotal.com/gui/file/cbee3a2ab943816de40704ed266962b9d84d1a9b58a4a79f0200eb2a7258197f/detection guifenergy.co.ke # Reference: https://www.virustotal.com/gui/file/939043c3d9f8530a915e98c75c15a6883991ce6dc46fc36e9ddf33519aaecab9/detection adreylinkm.temp.swtest.ru # Reference: https://www.virustotal.com/gui/file/262e4e1241b277d121fe57a092e363af1b0a4893c5253bed2bd691ff85a40f31/detection site.2zzz.ru # Reference: https://www.virustotal.com/gui/file/60bd00555e130c04d1692bf5900ce39b03a73421d9852fc79e46c940d065a95d/detection soupe.2zzz.ru # Reference: https://www.virustotal.com/gui/file/8fa575aa4bd4583b7140b427174846ed46d8cf11556e238a75382170259cb89b/detection http://23.227.193.33 # Reference: https://github.com/pr0xylife/AZORult/blob/main/AZORult_14.02.2022.txt australiadish.bar # Reference: https://www.virustotal.com/gui/file/51bd81b5751aeed8bc6d23776e513b08664c678b7c99b416956502b9e2ac5c79/detection surestlogs.xyz # Reference: https://www.virustotal.com/gui/file/e400ed11b37d01c268834443411d187c0109bcd739a566720ecb0e54b80a9e5a/detection thedigimonex.host # Reference: https://www.virustotal.com/gui/file/e829609820fd487c9b71797e73deeefdb3daced1cf78e47315f26b1ac3b66524/detection getsee-soft.fun /kweku/index.php # Reference: https://www.virustotal.com/gui/file/148c9a3fc02110a684dedd1af853b508bdab5eed766f9fadd15e910ae46b2b1f/detection hapuget.host iloveyouneed.com # Reference: https://bazaar.abuse.ch/sample/e93cc14c93709b38dc8d95fb58d70d1a8930576c7d16c64c3efbc4cc08d951ff/ http://185.29.8.100 # Reference: https://www.virustotal.com/gui/file/1a6271699ab04f744b26945e7a84af554e2cd5288fcb9aa5e88f7c5efa33c201/detection http://203.159.80.136 # Reference: https://twitter.com/0xrb/status/1515918645800882181 http://185.215.113.89 # Reference: https://www.virustotal.com/gui/file/f6e364380d54ea2e5f8095c36129576f2088967dba1359b126f4a98570869efa/detection http://37.49.230.201 /mji/kio.php # Reference: https://www.virustotal.com/gui/file/0cd90e9449f75e955b65d5906c7e78164d66d3edd13c96cb64dc1fa9936329dd/detection http://193.142.59.115 http://212.192.246.121 hanfinvest.at # Reference: https://www.virustotal.com/gui/file/4a4a4c441355bbf90def9ab2aec89335f93237487e670df04b3d63c65b5be25a/detection http://136.144.41.124 /razor/index.php # Reference: https://www.virustotal.com/gui/file/43885249e4adb725fb4f909c6a9c2bfa0446bb2ec729c93216269fe230ecece0/detection freepassescrak.ug tuskslacx.ug # Reference: https://www.virustotal.com/gui/file/03ff2c3cb7faa8e3c5797328023a97158f2a132e08e8418d7645f9b65b1a7d9b/detection grupoautoshowgm.com.br # Reference: https://www.virustotal.com/gui/file/95bf35d9317de4a3ad0585e8831eee575b05bf31c08e5c92cfeae57975636718/detection xinchichon.co.ug # Reference: https://twitter.com/r3dbU7z/status/1556646438565814274 http://178.140.137.201 /fk32nOPxf/index.php /fk32nOPxf/ # Reference: https://twitter.com/0xToxin/status/1574683613651664896 # Reference: https://tria.ge/220927-kjxgaaeahj ble33n.shop # Reference: https://twitter.com/reecdeep/status/1574709212311158784 # Reference: https://www.virustotal.com/gui/file/d5d3b0111c816adcf54d9913228c28d4f0923f902fdb58a8a0410eb39145f06f/detection blsrs.shop # Reference: https://www.virustotal.com/gui/file/1dc756e129cf18fc15f8cf285ad72370193273750c5f39b687669c41152925d7/detection hyuifrfrfy.temp.swtest.ru # Reference: https://www.virustotal.com/gui/file/f0a25b2f346ae8c2d498d41e7cf0280a5de35a6312f2773b2c6baa6fabda7066/detection # Reference: https://www.virustotal.com/gui/file/2c4c53968b0844bfdedf92c1d22a10987d8e0817e47602c1bc0be74762d88ce2/detection blsrsr.shop # Reference: https://www.virustotal.com/gui/file/795288d5ee47df7efd55788fec6bfb27cab02fd89e3fb71b62c977055d314053/detection cinho.shop # Reference: https://twitter.com/pollo290987/status/1579485286127796226 huzcihna.shop # Reference: https://www.virustotal.com/gui/file/1cec75ebc6d345ef24c939d123f659f031ea02e329eda9aee76e6b137968d96e/detection a3815811ma.temp.swtest.ru # Reference: https://www.virustotal.com/gui/file/05a984953329e9ec26db0e36bf760ab71c2d0cad54d4762bef2752f39e56be5b/detection guluiiiimnstrannaer.net # Reference: https://www.virustotal.com/gui/file/0b84c49b443de473f89e3ddb03cbd8dae1f381328032b655c202fdc0d1e22e9f/detection http://212.192.246.99 # Reference: https://otx.alienvault.com/pulse/636b976f46d8541f21ad59ea gab0r1.shop # Reference: https://www.virustotal.com/gui/file/004f28d0f30256688b615417d39a96dc10e6208446ae2e64a4de190005f70741/detection jotunheim.name svartalfheim.top # Reference: https://malware.news/t/inside-view-of-brazzzersff-infrastructure/62431 http://5.182.39.4 mmakaronagre.xyz wildberriesqa.xyz /fsebkjfxbefxdrhvbrghjkvb/admin.php /fsebkjfxbefxdrhvbrghjkvb/ /asdsxgh423/asdnbgn32.php /bfsdcx451/fhdfv234.php /vccxxs22/vdasaaa222.php /asdsxgh423/ /bfsdcx451/ /vccxxs22/ /asdnbgn32.php /fhdfv234.php /vdasaaa222.php # Reference: https://www.virustotal.com/gui/file/b3b28d0642198a5ecf9947016cd18825c51a56072f66ce288ddec67c8b18093a/detection domcomp.info # Reference: https://twitter.com/Racco42/status/1631346260346118146 http://109.248.144.132 htp://84.38.130.165 # Reference: https://threatfox.abuse.ch/browse/malware/win.azorult/ # Reference: https://www.virustotal.com/gui/file/4dd710964bb7577921fff55993ac0f007e489bb609fcf6ea50f5f949baa8504b/detection http://104.168.153.39 http://109.248.144.228 http://109.248.150.151 http://129.146.140.127 http://13.127.215.254 http://13.233.97.208 http://136.144.41.135 http://136.144.41.23 http://136.144.41.34 http://139.162.75.17 http://139.59.36.90 http://144.202.83.182 http://149.248.35.254 http://149.28.226.192 http://157.230.46.114 http://158.101.17.239 http://159.65.165.243 http://165.227.220.7 http://167.71.75.96 http://167.71.90.81 http://173.230.150.192 http://176.10.119.115 http://178.79.155.150 http://18.157.168.193 http://18.197.52.125 http://185.142.236.220 http://185.189.151.50 http://185.212.128.68 http://185.225.73.49 http://185.29.10.106 http://185.29.11.112 http://185.29.8.14 http://185.29.8.30 http://185.29.9.113 http://185.29.9.47 http://185.63.191.220 http://185.92.73.185 http://188.68.208.172 http://193.151.89.76 http://193.239.147.212 http://193.247.144.107 http://193.247.144.115 http://193.247.144.123 http://193.247.144.166 http://193.247.144.18 http://194.31.98.112 http://194.31.98.183 http://194.55.186.10 http://195.133.40.176 http://195.133.40.191 http://195.133.40.5 http://195.133.40.62 http://198.251.65.112 http://198.71.50.125 http://198.71.63.209 http://2.56.57.50 http://2.56.59.196 http://2.56.59.31 http://2.56.59.36 http://2.56.59.45 http://2.58.149.120 http://2.58.149.59 http://203.159.80.118 http://203.159.80.182 http://203.159.80.211 http://203.159.80.31 http://203.159.80.40 http://203.159.80.91 http://203.159.80.93 http://208.167.239.179 http://208.67.104.152 http://209.208.65.177 http://212.192.241.112 http://212.192.241.149 http://212.192.241.165 http://212.192.241.190 http://212.192.246.176 http://212.192.246.242 http://212.192.246.7 http://212.192.246.93 http://212.193.30.181 http://212.193.30.228 http://216.128.151.72 http://216.250.126.108 http://23.146.242.85 http://23.229.29.56 http://31.210.20.121 http://31.210.20.16 http://31.210.20.160 http://31.210.20.167 http://31.210.20.196 http://31.210.20.76 http://31.210.21.194 http://31.210.21.203 http://31.210.21.252 http://31.210.21.39 http://31.42.191.50 http://37.0.10.102 http://37.0.10.115 http://37.0.10.118 http://37.0.10.179 http://37.0.10.210 http://37.0.10.25 http://37.0.10.99 http://37.0.11.128 http://37.0.11.174 http://37.0.11.198 http://37.0.11.56 http://37.0.8.14 http://37.0.8.169 http://37.0.8.215 http://37.0.8.36 http://37.0.8.80 http://37.46.150.191 http://37.46.150.24 http://45.133.1.13 http://45.133.1.191 http://45.133.1.20 http://45.137.117.222 http://45.137.22.102 http://45.144.225.103 http://45.144.225.131 http://45.153.203.81 http://45.180.172.235 http://45.56.119.148 http://45.63.54.115 http://45.76.167.250 http://45.76.21.114 http://45.76.27.130 http://45.77.188.26 http://45.77.87.250 http://45.79.153.245 http://45.79.88.208 http://46.183.220.111 http://46.183.222.115 http://46.183.223.116 http://46.183.223.118 http://47.251.26.10 http://5.161.106.206 http://5.161.134.83 http://5.161.82.171 http://51.15.219.86 http://51.15.229.127 http://51.15.247.8 http://51.15.62.59 http://51.38.178.155 http://51.68.125.34 http://51.75.30.200 http://52.25.126.192 http://54.215.194.254 http://62.151.180.76 http://62.197.136.120 http://62.197.136.176 http://64.52.171.230 http://66.175.232.221 http://66.228.39.174 http://66.70.218.54 http://70.35.203.53 http://74.208.108.87 http://74.208.130.238 http://74.208.151.219 http://74.208.252.67 http://74.208.88.51 http://80.85.136.155 http://82.165.119.177 http://84.38.129.126 http://84.38.129.36 http://84.38.133.52 http://85.202.169.121 http://85.202.169.147 http://85.202.169.21 http://85.31.45.29 http://85.31.46.24 http://92.63.192.57 http://93.95.97.67 66.151.174.10:443 21slg.xyz 23012002.com 4infall.zzz.com.ua 5gw4d.xyz admin.svapofit.com ahsanulalam.buet.ac.bd aka-mining.com akinseltv.com al-ifah.com alfawood.us allods-down.site allods-games.site andersonlegalltn.com antrakt.site archosk.xyz artediussh.com arthur.ac.ug ausvanlines.com.au aziri.xyz azobotupdatestea.duckdns.org babaiko.site balaborka.com bengalcement.com.bd bengallpg.com betterlate.onlinewebshop.net billi.webhop.me birthday-fact.cf bl1we4t.xyz bl2xyz.shop bl3ds2.shop bl3t1t2.shop bl4t1t2.shop blackserwer.3d.tc ble3ds2.shop blkgrupdoom.info bll2xyz.shop bll4t1t2.shop bllsl2.shop bllxyz1.shop blxyz1.shop bonanzacrek.com bopheloclub.org buterin-vitalik.fun bwealth1.xyz bwealth221.xyz caixa-sign.tvconnectbrasil.com.br cardrob.zzz.com.ua casabayshops.co casterbadger.online cc97560.tmweb.ru cihno.shop cripslayerx.com cskbtr.atspace.co.uk cupazo.co.in cwownola.org destrong.xyz do3ble.shop doub1e.shop drsbake.com durov.website dyndyn.duckdns.org e-pandemi-hemen-basvuru.xyz e4v5sa.xyz elovisboy.com elvincom.com epcdiagnostic.com evadex.duckdns.org ezman123123.000webhostapp.com f0673097.xsph.ru farie-europa.com favfav.xyz fhack.pw fineco-bank.co.uk finlzzm.com fortillinco.com fran.ac.ug frnr.duckdns.org globaltradersoption.com gojekpromo.com grekos.site gw1naz.shop gwinaz.pro hansol1.zzz.com.ua hise.us host1735935.hostland.pro hostfiles.net houseluxury-re.ch huizechina.co ichgh.com itthonfiatalon.hu j3493273.myjino.ru joemoore.dx.am joker9999y.temp.swtest.ru josebrazuca-44072.portmap.host kbinsure-preview.ml kdkg.h1n.ru kingtexs-com.xyz kinotoday.ru kngpdrp.shop kngppdp.shop kristinka.org kylestephensphd.com l3i.shop leig.shop lexusgx.tk localuyd.beget.tech logger.cfd lontor-tv.tk luffich.ru main.kebleflooring.co.uk main.protechsource.net makethebestservice.com mbstechnology.redirectme.net mideastclinicsea.us mymedpasstraining.com nagles.com.au nanaa.tech navanaweldings.xyz netmansoft.com nghfh.com ngoagency.org nnpcgruops.com norep-layamazoon.wootraining.certificacion.cl novacekjac.temp.swtest.ru outreach.zone pa-magelang.go.id pafospanel.zzz.com.ua panakva.com perocute.com petcf.com ppdb.smkn1cilegon.sch.id pysik.club rgcmgroup.com rodavivanoticias.com.br rogatech.gq rtt.kl.com.ua rubberdesign-nl.cam rungame.fun savacons.com siemens-energy.cam smdbaba.monster smdglo.xyz smtress.zzz.com.ua solsex.duckdns.org sparoid-oxide.000webhostapp.com sparrowxx.xyz spreadgoodfiles.xyz spursg.shop squerad.com suspam.com sw1.kl.com.ua sw4g.xyz swi01.xyz swi54.xyz systemwebanalytycs.com techregistrationapp.xyz treasurerauditor.com tuscano.ug u1219246ucr.ha004.t.justns.ru update.fhack.pw updserv.ga valhalla42.000webhostapp.com validation.wootraining.certificacion.cl vietchao-vn.cam waldo.ac.ug weilde.at whija2.xyz wingermany.duckdns.org winipose.duckdns.org wjnigh.myzen.co.uk workharder.club xakfor.net xtream-ui.tk xxfetch.duckdns.org zeell.xyz ziz.zzz.com.ua /micr05oft-0n1ine/ /webmai1pr0tected/ # Reference: https://twitter.com/powershellcode/status/1646277775031144448 # Reference: https://www.virustotal.com/gui/file/90bfffe7bfde826f6204ef3546d139b6293d37ef59dbf2cc9d685eb6bb6c8d23/detection # Reference: https://www.virustotal.com/gui/file/4130ce135fbfab00618f261a0397e88479d2f61e1ed0d09ebcde525439774f3e/detection marcapinyo.ac.ug marcapinyo.ug masontralacs.ug perfecto.ac.ug petronian.ac.ug platitinas.ac.ug turkie.ac.ug # Reference: https://www.virustotal.com/gui/file/0cff8404e73906f3a4932e145bf57fae7a0e66a7d7952416161a5d9bb9752fd8/detection icanda.ac.ug transal.ac.ug # Reference: https://gist.github.com/silence-is-best/d168f4c94f59e444a1081751e9dc79ca # Reference: https://www.virustotal.com/gui/ip-address/212.87.204.68/relations azla3e.shop bll5e.shop logit88.shop /dbkl/index.php # Reference: https://www.virustotal.com/gui/file/68c7261301cb03ea12c1ee34bc53c37b4255858b286d801903a6da008aef5c46/detection # Reference: https://www.virustotal.com/gui/file/4e406238f7d7faddc4f74cd7848b5016bba4903177d3fc1fc2634992045e3b03/detection lyashkolove.info noforcingcarttf.com usaglobaldns.at zaputina.info # Reference: https://threatfox.abuse.ch/browse/malware/win.azorult/ (# 2023-08-13) http://109.206.242.32 http://141.98.6.72 http://185.221.67.7 http://185.29.8.42 http://193.42.32.216 http://193.42.33.252 http://34.217.22.124 http://45.88.66.207 http://46.183.221.76 http://51.15.202.182 http://80.82.69.184 b1ll2.shop ble333n.shop bll1l.shop bll3fdg.shop bllsl3.shop bllsl4.shop blss8.shop cmaz4.shop cpinfo.sustainable-development-partners.com csbo1.shop cyc199.000webhostapp.com dblg023.shop dblxs.shop dbxt2.shop doble9.shop dou3ble.shop f0355889.xsph.ru falling.ug gkonekt.shop hhs2.000webhostapp.com hmbl1.shop kng4.shop lazo1t.shop madagaskar.site mcaz3.shop mchas.shop mcoaz.shop mk1ay.shop mkya2.shop mlch1.shop pcwizard.net sweatiest-clerk.000webhostapp.com valong.ug # Reference: https://threatfox.abuse.ch/ioc/1149938/ http://46.183.223.7 # Reference: https://threatfox.abuse.ch/ioc/1151523/ m1chs.shop # Reference: https://threatfox.abuse.ch/ioc/1152431/ plateaufoods.com.au/new/image/index.php # Reference: https://threatfox.abuse.ch/ioc/1154994/ mixz.shop /MI341/index.php # Reference: https://threatfox.abuse.ch/ioc/1155211/ lqr1.shop /LQ341/index.php # Reference: https://threatfox.abuse.ch/ioc/1155656/ br3dq.shop # Reference: https://threatfox.abuse.ch/browse/malware/win.azorult/ (# 2023-09-11) hoswell.shop m2ch.shop /HS341/index.php # Reference: https://www.virustotal.com/gui/file/4952caf9ae7f0c74251c186907e6c8f04cc594730c55411a308c041959866651/detection geronimosrvlx.nsupdate.info # Reference: https://twitter.com/James_inthe_box/status/1702325234618294544 # Reference: https://app.any.run/tasks/bcf96768-fb98-4ad0-9a63-aef24bc970df/ http://46.183.220.70 # Reference: https://threatfox.abuse.ch/browse/malware/win.azorult/ (# 2023-09-18) http://185.29.11.60 185.28.39.18:7777 asiamandarin.buzz ruiw.shop # Reference: https://threatfox.abuse.ch/ioc/1163871/ lrvsd.shop /MOP341/index.php # Reference: https://threatfox.abuse.ch/ioc/1182875/ bcl1.shop /BL821/index.php # Reference: https://threatfox.abuse.ch/ioc/1187350/ dbxo.shop # Reference: https://threatfox.abuse.ch/browse/malware/win.azorult/ (# 2023-10-19) dw4b.shop drivers573.byethost17.com /B01341/index.php /DBL341/index.php /DL432/index.php # Reference: https://threatfox.abuse.ch/ioc/1195965/ darkmago.ac.ug # Reference: https://threatfox.abuse.ch/browse/malware/win.azorult/ (# 2023-10-30) # Reference: https://www.virustotal.com/gui/file/48d571fb7d610995ca4eafe1dadf5a035d7b906fa096fbb488588da869fb7201/detection http://185.29.10.12 http://51.15.208.114 104.152.185.198:8080 104.171.121.51:8080 149.56.173.78:8080 178.216.50.18:8080 209.61.195.213:8080 37.72.175.157:8080 74.201.28.62:4444 5.188.231.99:8010 buuuzar.ru pois.in serviceadminwebmailboxupgrace.biz.wf tralapum.tk wrklantc.in work.wrklantc.in # Reference: https://threatfox.abuse.ch/ioc/1205076/ blazh.shop /ZH341/index.php # Reference: https://threatfox.abuse.ch/ioc/1205132/ d4gj.shop /GJ341/index.php # Reference: https://threatfox.abuse.ch/browse/malware/win.azorult/ (# 2023-12-04) diaymako.com globalcitydelivery.com gqc4.shop logt0.shop /C4341/index.php /LO341/index.php /RUT341/index.php # Reference: https://www.virustotal.com/gui/file/f379cf0c651f6f80b09d67004fed57fd2739bcc820a5fcb1ac131920383efd30/detection patatas.ac.ug poatiti.ug prakitik.ug # Reference: https://www.virustotal.com/gui/file/04a1ed7005f858a5a595baa924feb82e306d9a2868659ecd99bc6d4702829a88/detection marksidfg.ug # Reference: https://threatfox.abuse.ch/browse/malware/win.azorult/ (# 2023-12-09) m9re1.shop /M9341/index.php # Reference: https://threatfox.abuse.ch/browse/malware/win.azorult/ (# 2023-12-11) b1lea.shop b2i1.shop dbxq1.shop m1ftp.shop taliz-group.shop /B1341/index.php /Bll341/index.php /B2341/index.php /FT341/index.php # Reference: https://www.virustotal.com/gui/file/57561423590dd2334269cd4cdf22ffc267f202ff0e954cb49b73a292b4492172/detection # Reference: https://www.virustotal.com/gui/file/0081ec4836a7ecf5b428ba410dc9a86d679cb0d6ef8bb52dc7c8721efc3a4b3d/detection http://45.90.58.1 podologie-werne.de # Reference: https://threatfox.abuse.ch/browse/malware/win.azorult/ (# 2023-12-24) bblx1.shop btl1.shop dbxk.shop /BT341/index.php # Reference: https://cyble.com/blog/sneaky-azorult-back-in-action-and-goes-undetected/ # Reference: https://www.virustotal.com/gui/file/fd64e712eac0c7d5fdec9a1f47c1f384a67a181c13e3e98ff40ee122e9ff8347/detection nrgtik.mx/wp-content/uploads/ # Reference: https://threatfox.abuse.ch/browse/malware/win.azorult/ (# 2024-01-15) http://94.156.65.101 blbl1.shop chr1zx.shop ddbl.shop lxbn.shop /BL341/index.php /CH341/index.php /DD341/index.php /LX341/index.php # Reference: https://www.virustotal.com/gui/ip-address/194.147.140.196/relations sergio.ac.ug # Reference: https://twitter.com/pollo290987/status/1775405120001335404 # Reference: https://www.virustotal.com/gui/ip-address/161.22.46.148/relations kiona.online kionagranada.com kionaonline.com # Generic /32/panel/admin.php /gategate.php /az1/wuvc/index.php /azz/panel/admin.php /azz/panel/index.php /az/panel/admin.php /azo/mia/admin.php /azo/mia/index.php /azo/panel/admin.php /azor/panel/admin.php /azorme/panel/admin.php /az/panel/index.php /azo/panel/index.php /azor/panel/index.php /azorme/panel/index.php /azorult/admin.php /kanorpanel/admin.php /khalee/index.php /LB341/index.php /MnAew/index.php /NOV22/index.php /ocha/Panel/index.php /oews/xcvn/index.php /OiuBn/index.php /orss/index.php /oxxs/index.php /roth/Panel/index.php /PL333/admin.php /PL333/index.php /PL341/admin.php /PL341/index.php /PL342/admin.php /PL342/index.php /PL333/panel/admin.php /PL333/panel/index.php /PL341/panel/admin.php /PL341/panel/index.php /PL342/panel/admin.php /PL342/panel/index.php /relpek071/index.php /xcvn/index.php /XyuTr/index.php /AZORult%20stealer/ /AZORult/admin.php /AZORult/index.php /AZORult/gate.php /AZORult/ /AZORult2/