# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Aliases: cageychameleon, cryptomimic, ta444, wslink # Reference: https://twitter.com/behindbreach/status/1287961015506927616 # Reference: https://www.clearskysec.com/wp-content/uploads/2020/06/CryptoCore_Group.pdf # Reference: https://otx.alienvault.com/pulse/5ef36f8f63a7d8a11972ca54 # Reference: https://vblocalhost.com/conference/presentations/unveiling-the-cryptomimic/ # Reference: https://vblocalhost.com/uploads/VB2020-Takai-etal.pdf # Reference: https://vblocalhost.com/uploads/VB2020-18.pdf # Reference: https://otx.alienvault.com/pulse/5f74bcb0be4abfe12d93d2bf 140.136.134.201:8080 41.85.145.164:8080 1driv.org 1drv.email 1drvmail.work amazonaws1.info amzonnews.club blockchaintransparency.institute bugscrowd.com cloudfiles.club cloudocs.space cloudsecure.space decurret.site digifincx.com drivegmail.top drivegoogle.org drivegooglshare.xyz euprotect.net fcloudshare.xyz filecloud.website financialmarketing.live gdriverfileshare.com gdrives.best gdrives.top gdriveshare.top gdriveshareslink.xyz gdriveupload.info gdriveupload.site gdrvauth.cloud gdrvcheck.co gdrvshare.site gdrvup.xyz gdrvupload.xyz gmaildrive.info gmaildrive.site gmaildriver.info gogleshare.xyz goglesheet.com googldocs.org googldrive.xyz googleapis.online googleauth.pro googlecloud.live googleclouddrive.com googlecstorage.com googledrive.download googledrive.email googledrive.network googledrive.online googledriver.info googledriver.net googledriver.xyz googledriveshare.com googledrv.com googleexplore.net googlefiledrive.com googlefileshare.com googleshare.org googleupload.info krypitalvc.com liveonedrvshare.xyz microsoftapp.life msupdatepms.xyz navicheck.xyz onedrivecloud.store onedriveglobal.com onedrivems.online onedrivrshares.xyz onedrvdn.co onedrvfile.site ownemail.me privacyshield.services provemail.net secureshares.online sendspace.buzz sharedrivegght.xyz sharegoogldrive.online sharesdown.xyz showprice.xyz uploadsfiles.xyz wechart.org armzon.onmypc.org blackwell.tekstar.us btcprime.itsaol.com chromeupdate.publicvm.com coindeck.onmypc.org coinnews.onmypc.org coinomic.itsaol.com connsec.publicvm.com ddsvr.itsaol.com drive.sharegoogldrive.online drivegoogle.publicvm.com drivegooogle.publicvm.com esosv.itemdb.com europegdprsec.onmypc.org eusharesrv.onmypc.org excinfo.itemdb.com gdrive.onmypc.org googledrive.dynu.net googledrive.linkpc.net googledrive.publicvm.com googleupdate.publicvm.com ledgerservice.itsaol.com matrixpartners.theworkpc.com mpksl.publicvm.com mskpupdate.publicvm.com msupdate.publicvm.com onedriveupdate.publicvm.com sevicebill.itemdb.com termsofservice.onmypc.org tokenomic.itsaol.com twosigma.publicvm.com vpset.onmypc.org vpsfree.linkpc.net windrvupdate.kozow.com # Reference: https://twitter.com/_re_fox/status/1280138335214804995 twosigmateam.info # Reference: https://twitter.com/_re_fox/status/1298281770597654529 drivegoogles.com # Reference: https://twitter.com/_re_fox/status/1232320036834025472 # Reference: https://app.any.run/tasks/8d5e66c9-3942-4e00-bfdf-8f2c24054a92/ 140.117.91.22:8080 blog.cloudsecure.space # Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2022-12-19-v10199/212 prosec.ink cloud.prosec.ink cloudprotect.us.org # Reference: https://www.proofpoint.com/us/blog/threat-insight/ta444-apt-startup-aimed-at-your-funds autoprotect.com.de autoprotect.gb.net azurehosting.co azureprotect.online azureprotection.cloud azuresecurity.online azuresecurity.site bankofamerica.offerings.cloud careers.bankofamerica.nyc careersbankofamerica.us cloud.globiscapital.co cloud.mufg.uk cloud.tptf.ltd cloud.wpic.ink docs.azurehosting.co globiscapital.co hoststudio.org ledgercloud.com mufg.ink mufg.uk mufg.us.org share.anobaka.info tptf.fund unchainedcapital.co updatezone.org # Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2023-02-09-v10240/306 autoprotect.com.se # Reference: https://twitter.com/C0ryInTheHous3/status/1630551018084737027 mufg.yokohama # Reference: https://twitter.com/C0ryInTheHous3/status/1630991590176030738 doc-view.cloud azure.doc-view.cloud # Reference: https://twitter.com/C0ryInTheHous3/status/1633897592806408192 daiwa.ventures cloud.daiwa.ventures # Reference: https://twitter.com/C0ryInTheHous3/status/1646159776177324044 # Reference: https://twitter.com/C0ryInTheHous3/status/1646161233458999297 # Reference: https://www.virustotal.com/gui/ip-address/104.168.167.88/relations arbordeck.co.in shared-document.cloud spirtblockchain.com deck.arbordeck.co.in safe.shared-document.cloud arborventures.capital autoupdatecheck.work.gd companydeck.cloud companydeck.online contract-research.blog contractresearch.blog crypto.contract-research.blog crypto.contractresearch.blog deck.arbordeck.online docs-send.cloud docupload.site file.docupload.site file.myfirmdocument.cloud file.myfirmdocument.online gunosis.global interalliancemediagroups.cloud mx.interalliancemediagroups.cloud myfirmdocument.cloud myfirmdocument.online safe.arborventures.capital safe.gunosis.global safe.job-description.online safe.nextera.capital safe.smart-contracts.blog securesmtp.interalliancemediagroups.cloud smtps.interalliancemediagroups.cloud webhostwatto.work.gd # Reference: https://storage.pardot.com/838563/1676629189Mljyft19/CTI_Advisory_Undetected_North_Korean_Malware_A_Looming_Threat_to_Finan.pdf http://104.255.172.56 cloud.azurehosting.co doc.gdocshare.one down.espcapital.co nbright.best ns1.trytiponlineresult.com ns2.trytiponlineresult.com safe.doc-share.pro safe.doc-share.top site.siteshare.me siteshare.me trytiponlineresult.com # Reference: https://twitter.com/TLP_R3D/status/1649147042680172571 # Reference: https://www.virustotal.com/gui/ip-address/104.255.172.52/relations 256ventures.us aidpartners.org altair-vc.co.uk altair-vc.com altair.linkpc.net deck.altair-vc.co.uk deck.altair-vc.com deck.toyota-ai.org deepcore.v.entures doc.256ventures.us docsend.me down.aidpartners.org down.protectedviewer.co inter.gpmtreit.co partner.deepcore.v.entures protectedviewer.co sarahbeery.docsend.me toyota-ai.org # Reference: https://twitter.com/C0ryInTheHous3/status/1661076239614918660 docupload.lat docupload.store getwebconnection.buzz last-report.online latest-report.cloud deck.latest-report.cloud file.docupload.lat file.docupload.store news.last-report.online ok.docupload.store # Reference: https://twitter.com/C0ryInTheHous3/status/1661075436783259649 docupload.bond els.docupload.bond # Reference: https://twitter.com/C0ryInTheHous3/status/1661756717355483137 # Reference: https://www.virustotal.com/gui/ip-address/104.168.167.88/relations dontdie.cfd getwebconnection.cfd latest-report.online file.latest-report.online sts.interalliancemediagroups.cloud # Reference: https://twitter.com/TLP_R3D/status/1664980484219084801 # Reference: https://www.virustotal.com/gui/ip-address/172.93.193.219/relations developcore.org gdrvcloud.com app.developcore.org # Reference: https://twitter.com/C0ryInTheHous3/status/1669422415309418496 downloadfile.icu getfilefrom.site getfilefrom.store interalliancemediagroups.cloud # Reference: https://twitter.com/TLP_R3D/status/1677617586349981696 # Reference: https://www.virustotal.com/gui/ip-address/192.119.64.43/relations floriventurescapital.linkpc.net floriventuresfinance.linkpc.net floriventuresfund.linkpc.net # Reference: https://www.virustotal.com/gui/file/0be79614938541a4cd85de1b6103f0fdeb3808aaba5856ba5bbd8ef6976cf8c3/detection obituary2.redirectme.net yorst.linkpc.net # Reference: https://twitter.com/TLP_R3D/status/1685581711139102720 # Reference: https://www.virustotal.com/gui/ip-address/23.254.204.173/relations # Reference: https://www.virustotal.com/gui/file/8949207761f3d09734aa716da1e6c182425bcde2a95dacb3320085f1fe66069c/detection espcap.fun pro-tokyo.top docsend-cloud.espcap.fun docsend.com-pro.apple.cloud.line.pm group.pro-tokyo.top # Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2023-09-05-v10410/921 cryptowave.capital datasend.fun internal-meeting.online video-meet.xyz # Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2023-09-20-v10421/970 tp-globa.xyz pre.alwayswait.site doc.apple.com.premienoe.aidl.eonw.line.pm # Reference: https://twitter.com/TLP_R3D/status/1705211957941240212 # Reference: https://www.virustotal.com/gui/ip-address/172.86.121.198/relations techopscentral.com # Reference: https://twitter.com/greglesnewich/status/1717963704828915988 internal-document-he-gr-me.run.place j-ic.co.internal-document-he-gr-me.run.place