# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Reference: https://twitter.com/MaelSecurity/status/1039752010713718785 endbars.co readact.co # Reference: https://twitter.com/K_N1kolenko/status/1109030275395342336 # Reference: https://twitter.com/PhishFindR/status/1184743844962803712 kaosjdoaaf6.pw kadosjdoafa.pw kadosjdoaaf6.pw hostyourhe.xyz offerswides.xyz /fk/f2.php /hc/f2.php # Reference: https://twitter.com/0x1xday/status/1115541156434202624 deluxemattress.ca # Reference: https://twitter.com/K_N1kolenko/status/1098500517272137728 cba.demdex.uk.com hegorevent.online /googleads # Reference: https://twitter.com/K_N1kolenko/status/1097488279279226881 businesmol.pw hegorevent.club # Reference: https://twitter.com/K_N1kolenko/status/1095997980614770688 unilear.pw 236.16.27.121:443 158.95.73.22:443 185.92.222.238:443 212.11.167.110:443 242.5.247.180:443 64.34.94.27:443 134.90.213.11:443 72.125.213.163:443 237.236.131.48:443 192.71.249.51:443 # Reference: https://twitter.com/malware_traffic/status/1119331956217585664 business4good.eu # Reference: https://twitter.com/devnullek/status/1097871459752599552 driverssoftware.info messagesupport.info softwaresearch.info traderssoftware.info # Reference: https://twitter.com/James_inthe_box/status/1122156673299173377 frezyderm-orders.gr/sites/all/notused/not/ponto.php # Reference: https://twitter.com/devnullek/status/1123208253566005248 # Reference: https://app.any.run/tasks/a86516d1-07c3-4417-b4ad-bd8ce026acee piosnoksld.info zaratoons.info 212.73.150.207:443 # Reference: https://twitter.com/0xE9FBFFFFFF/status/1140946344137416704 fiuiert.xyz lulipcxulci.info statusnim.info # Reference: https://otx.alienvault.com/pulse/5d0b9cbf63180da44379580a # Reference: https://research.checkpoint.com/danabot-demands-a-ransom-payment/ braksiolsa.top brekwinarew.site brukaisloap.club brukiloapos.xyz bruksialopws.icu goskilindad.site gousikolka.space guksuoiew.top gustemiaksa.icu gustokiloe.xyz jklfsdkfjhwefjosdf.top jklfsdkfjhwefjosdf.xyz kadosjdoaaf6.pw kadosjdoaf6.pw kadosjdoafa.pw kadosjdoiafa.pw kaosjdoaaf6.pw kaosutdoaaf.pw kaosutdoaaf6.pw kdguwoewpew.pw kdosjdoiafa.pw kduwouewpew.pw kipokahynr.top kipokahynr.xyz lidaskiheg.site lidaskiheg.space lindakiski.top lnet4-data.com mon-sta.com muabolksae.club muoklaiow.xyz nautorern.xyz net4-data.com okjauwbueiws.top okjauwbueiws.xyz oneuisopeweh.icu onueilsndsuywe.xyz sfjskdjfwoiewwegroup.tech thegiksjoute.online thenautorern.tech # Reference: https://twitter.com/Bank_Security/status/1146296727349157888 # Reference: https://pastebin.com/QyYHnKMH derikaosos.info sinoposdssf.info statusnim.info tefidnsops.info # Reference: https://twitter.com/w3ndige/status/1164148967413878788 # Reference: https://app.any.run/tasks/5b6c027d-dc71-4d67-9dff-9343e8095969/ http://74.118.138.146 109.202.103.170:8733 213.152.161.229:8733 114.26.195.117:443 146.229.67.12:443 154.94.158.126:443 5.188.86.20:443 66.165.187.11:443 gazgrsrto.xyz # Reference: https://research.checkpoint.com/danabot-demands-a-ransom-payment/ encrypter.webfoxsecurity.com braksiolsa.top brekwinarew.site brukaisloap.club brukiloapos.xyz bruksialopws.icu goskilindad.site gousikolka.space guksuoiew.top gustemiaksa.icu gustokiloe.xyz jklfsdkfjhwefjosdf.top jklfsdkfjhwefjosdf.xyz kadosjdoaaf6.pw kadosjdoaf6.pw kadosjdoafa.pw kadosjdoiafa.pw kaosjdoaaf6.pw kaosutdoaaf.pw kaosutdoaaf6.pw kdguwoewpew.pw kdosjdoiafa.pw kduwouewpew.pw kipokahynr.top kipokahynr.xyz lidaskiheg.site lidaskiheg.space lindakiski.top lnet4-data.com maintrump.org mon-sta.com muabolksae.club muoklaiow.xyz nautorern.xyz net4-data.com okjauwbueiws.top okjauwbueiws.xyz oneuisopeweh.icu onueilsndsuywe.xyz sfjskdjfwoiewwegroup.tech thegiksjoute.online thenautorern.tech # Reference: https://www.virustotal.com/gui/file/baa1a65fc9c1e7e68cd39efd486275b306c5f25a440bc06f9c0adfbd7ede22b6/detection # Reference: https://app.any.run/tasks/5a323554-ea21-4a2d-a1d6-adff379b8ef9/ # Reference: https://twitter.com/Artilllerie/status/1168539710769303552 149.154.159.213:443 151.236.14.84:443 168.248.43.207:443 172.237.125.185:443 184.98.44.103:443 195.123.246.209:443 # Reference: https://twitter.com/ostinjohn/status/1169603418211737601 # Reference: https://app.any.run/tasks/5d945c76-26aa-45bb-8c6d-07cf2a635bdd/ 139.113.48.33:443 149.154.159.213:443 149.53.185.172:443 187.198.70.207:443 195.123.246.209:443 2.255.189.191:443 222.175.52.161:443 58.58.210.181:443 81.63.70.192:443 # Reference: https://twitter.com/JAMESWT_MHT/status/1174239640011845638 # Reference: https://app.any.run/tasks/63239269-d5a9-478c-8314-6d67cae2c786/ fepolomokmmas.xyz mustve.site seioooi.xyz # Reference: https://twitter.com/Mesiagh/status/1184533873545359360 bluewaters.space djeudnsj.xyz eroutks.co euiobol.xyz gontaseesl.website gontaseonar.site gontaseopa.site gontaseopa.website heuirnst.space heuirnst.website jeudnsjkd.xyz jeudnsju.xyz jeuisjr.xyz joskaejw.club loperatys.site loreteo.xyz loretoi.xyz ujaioep.site ujaioep.website # Reference: https://app.any.run/tasks/9c77ec66-4d42-48be-ae11-2c97a9d2e528/ avgsupport.info esetsupport.info # Reference: https://twitter.com/w3ndige/status/1189301539535556614 everythingtogeta.xyz # Reference: https://any.run/malware-trends/danabot (Note: as seen on 2019-12-04) qxq.ddns.net thuocnam.tk # Reference: https://twitter.com/VK_Intel/status/1020236244020867072 http://176.119.1.112 farzona.co /injj/777.php # Reference: https://twitter.com/0xFrost/status/1205187802629070853 # Reference: https://www.virustotal.com/gui/file/995378f5a47357f7dc2dab638263cf42ab67f800b82df29d23ab29bb985cd80d/detection digidimag.com # Reference: https://twitter.com/K_N1kolenko/status/1209733370013519872 145.249.107.168:443 145.249.107.201:443 145.249.107.78:443 199.247.16.30:443 209.250.243.55:443 luxurylive.org # Reference: https://twitter.com/Racco42/status/1217763274537754625 # Reference: https://twitter.com/Racco42/status/1217764284383596545 64.188.22.122:443 64.188.22.153:443 64.188.22.154:443 64.188.22.33:443 64.188.23.155:443 # Reference: https://www.virustotal.com/gui/ip-address/89.144.25.174/relations # Reference: https://www.virustotal.com/gui/file/d37ed2e77d73875a20605a198986b008eb8b4c8bcfb84783b7b0f329ec1a5384/detection 113.102.102.121:443 186.174.47.177:443 89.144.25.243:443 # Reference: https://twitter.com/K_N1kolenko/status/1237322223586852865 # Reference: https://pastebin.com/2HbabLQa formaulist.com # Reference: https://twitter.com/K_N1kolenko/status/1240553870633336833 # Reference: https://www.virustotal.com/gui/ip-address/195.123.225.167/relations digidonaud.com finburgers.com # Reference: https://twitter.com/K_N1kolenko/status/1209733370013519872 signin.luxurylive.org # Reference: https://twitter.com/casual_malware/status/1239687496692387841 # Reference: https://app.any.run/tasks/0473bb63-11bc-4b98-864d-df00082d60cb/ # Reference: https://twitter.com/malwrhunterteam/status/1239628249136758786 # Reference: https://urlhaus.abuse.ch/host/corona-virus-map.net/ corona-virus-map.net corona-map-data.com 202.195.34.6:443 /map1.jnlp /map.jar /mapdata.jar # Reference: https://twitter.com/luc4m/status/1245750938465378304 # Reference: https://app.any.run/tasks/0f31129d-a473-4cd7-92fa-1ea817950f9e/ 123.236.244.164:443 129.255.179.202:443 177.40.161.5:443 185.181.8.49:443 187.237.21.167:443 27.109.5.166:443 28.63.88.50:443 64.188.12.140:443 64.188.19.39:443 78.103.173.2:443 # Reference: https://twitter.com/w3ndige/status/1258128183527956487 # Reference: https://app.any.run/tasks/9448b002-1b67-48f5-beb7-f4ee357abb46/ 172.81.129.196:443 192.236.179.73:443 192.99.219.207:443 23.82.140.201:443 45.147.228.92:443 51.255.134.130:443 54.38.22.65:443 # Reference: https://www.virustotal.com/gui/file/adc20c4626d99f2a35d7d58043b9b57946b21485ece1356e223d0b661824d9de/detection sfsdfpizdatrtu.space # Reference: https://app.any.run/tasks/e54dcc1c-ff39-41e4-a164-15d15c94414b/ 2.56.213.39:443 5.61.56.192:443 5.61.58.130:443 # Reference: https://twitter.com/reecdeep/status/1261206870037008385 post-990094.at 172.81.129.196:443 192.236.179.73:443 192.99.219.207:443 23.82.140.201:443 45.147.228.92:443 51.255.134.130:443 54.38.22.65:443 # Reference: https://app.any.run/tasks/91d61bf3-e8a8-4df6-9c4f-ed087b0563e6/ post-990094.at # Reference: https://twitter.com/w3ndige/status/1262652047884779521 belayedd.at # Reference: https://app.any.run/tasks/93bccdd5-3204-4daf-aa30-26cf49722e45/ http://137.74.64.245 45.153.240.84:443 # Reference: https://app.any.run/tasks/3590ee62-eae7-4d2b-802c-2d02281ed82c/ 45.153.240.84:443 192.236.161.25:443 93.115.21.108:443 173.234.155.181:443 2.56.212.137:443 # Reference: https://urlscan.io/result/13a9e931-a88e-43ec-8744-ee00294a7d98/ # Reference: https://www.virustotal.com/gui/ip-address/47.90.210.107/relations impresscop.xyz # Reference: https://twitter.com/killamjr/status/1351893396726624256 # Reference: https://app.any.run/tasks/177367bc-5d4c-498b-b54f-332e0548e39f/ 47.254.174.158:1024 # Reference: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot # Reference: https://otx.alienvault.com/pulse/60108cc47e31884e434c0258 # Reference: https://www.virustotal.com/gui/file/c0eb802f394e758da4feb0d6c3b817bf1f64880ab9bc851937d5ef774161585d/detection 104.144.64.163:443 108.62.141.152:443 # Reference: https://twitter.com/wwp96/status/1365401963974828033 # Reference: https://twitter.com/wwp96/status/1365402205432541189 # Reference: https://app.any.run/tasks/aefe1a14-684e-4dae-bacf-52876bd4f630/ 192.161.48.5:443 arizonacruz.com # Reference: https://www.virustotal.com/gui/file/36f82bc3bcd30f18bb210cd10881cfe13e9a22e06e26930828bb6c8a951bfafe/detection # Reference: https://tria.ge/210211-8wd7dd262x 104.168.156.222:443 134.119.186.199:443 172.93.201.39:443 192.236.192.241:443 # Reference: https://www.virustotal.com/gui/ip-address/34.90.236.200/relations # Reference: https://www.virustotal.com/gui/ip-address/8.208.88.231/relations breasuala32.top breasuala57.top breasuala63.top breasualb24.top breasualb27.top breasualc17.top breasuald52.top breasuald74.top breasuale31.top breasualf37.top breasualf62.top breasualf64.top breasualg54.top breasualg72.top breasuali12.top breasuali45.top breasuall73.top breasualm44.top breasualn34.top breasualp22.top breasualq11.top breasualr41.top breasuals42.top breasualt15.top breasualt47.top breasualt51.top breasualu35.top breasualu67.top breasualu71.top breasualv14.top breasualw21.top breasualx77.top breasualy25.top breasualy61.top cotraresa09.top cotraresd11.top cotraresf12.top cotraresi07.top cotraresm01.top cotraresp08.top cotraresq02.top cotraresr04.top cotraress10.top cotrarest05.top cotraresu06.top cotraresw03.top eressedb36.top ewsjasea09.top ewsjasei07.top ewsjasep08.top ewsjases10.top fhjweheed74.top fhjweheee75.top fhjweheef62.top fhjweheef64.top fhjweheeg72.top fhjweheeh13.top fhjweheej23.top fhjweheek33.top fhjweheel43.top fhjweheeu67.top fhjweheeu71.top fhjweheew65.top fhjweheex77.top fhjweheey61.top lorearsb24.top lorearsi12.top lorearsp22.top lorearsq11.top lorearst15.top lorearsv14.top lorearsy25.top luspaserg13.xyz luspaserh14.xyz luspaserj15.xyz morfagrtem01.top morteisati07.top morteisatm01.top morteisatq02.top morteisatr04.top morteisatt05.top morteisatu06.top morteisatw03.top morteqabi07.top morteqabu06.top petroscm01.top petroscq02.top petroscw03.top seetsaysaw03.top # Reference: https://www.virustotal.com/gui/file/67f34083ebd237d33065f1f31f1cf09d9b6a051b97bc7db08d5237139f081e80/detection torinboo.com # Reference: https://tria.ge/210412-tsf6alc8ka 192.3.26.107:443 23.106.123.141:443 23.106.123.185:443 23.81.246.201:443 # Reference: https://twitter.com/ESETresearch/status/1420734522581295106 # Reference: https://twitter.com/ESETresearch/status/1420734529468256261 142.11.206.50:443 142.11.244.124:443 152.89.247.31:443 173.254.204.95:443 192.52.166.169:443 192.52.166.92:443 192.52.167.44:443 192.52.167.45:443 23.254.201.233:443 37.220.31.27:443 45.146.164.24:443 coinsupport.ml # Reference: https://twitter.com/MBThreatIntel/status/1425952093936947205 bonusesfound.ml # Reference: https://twitter.com/ffforward/status/1461417895129501701 34.125.68.94:443 34.129.21.53:443 34.72.122.178:443 kittencloud.top parrotcloud.top rabbitcloud.top turtlecloud.top puppycloud.top # Reference: https://twitter.com/1ZRR4H/status/1456355831470071809 185.106.123.228:443 185.117.90.36:443 192.119.110.73:443 192.236.192.201:443 192.236.147.206:443 193.42.36.59:443 193.56.146.53:443 citationsherbe.at pastorcryptograph.at /3/sdd.dll # Reference: https://tria.ge/220106-qkhmeabcd2 142.11.244.223:443 192.119.110.4:443 192.236.194.72:443 # Reference: https://www.virustotal.com/gui/file/03cb517c97a50b60f46329dedde33f7580062db8531fbceb159928d573490b26/detection 185.45.193.50:443 193.34.166.247:443 92.204.160.54:443 # Reference: https://www.virustotal.com/gui/file/08a5e977a2e5b6041adcc87e2ee4bf6858da93b39ce0abe498dbf24e122c991d/detection 185.238.168.174:443 185.238.168.83:443 2.56.213.39:443 5.61.58.130:443 93.115.20.183:443 93.115.20.189:443 # Reference: https://twitter.com/th3_protoCOL/status/1503731559718797312 cyst.online goldfishcloud.top mousecloud.top qmap.club moneyunclaimed.net unclaimed2.com unclaimedfinders.com unclaimedexperts.com unclaimedhq.com # Reference: https://twitter.com/Abjuri5t/status/1521352577677512712 192.236.147.212:443 192.236.154.150:443 192.236.160.249:443 192.236.176.108:443 # Reference: https://tria.ge/210101-gnf7dwq5wx 104.144.64.163:443 108.62.141.152:443 23.106.123.249:443 23.226.132.92:443 # Reference: https://tria.ge/201203-p9cfx4whpa 104.227.34.227:443 23.254.118.230:443 23.254.215.116:443 51.195.73.129:443 # Reference: https://twitter.com/abuse_ch/status/1545677016665673728 # Reference: https://bazaar.abuse.ch/sample/68027593e9c91fe4f0e1412ed861dcd1d70b4bf1e101d907fd32d58fa95d3c04/ 26.18.10.2:5662 58.50.42.34:13886 60.52.44.36:14400 aquaprodive.com/images/main/index.php # Reference: https://tria.ge/220709-jnnt9sfee9 139.60.163.160:443 139.60.163.37:443 5.39.222.5:443 5.39.222.7:443 # Reference: https://tria.ge/220716-we61psebel 142.44.224.16:443 192.236.146.203:443 192.3.26.107:443 193.34.167.88:443 # Reference: https://tria.ge/220728-v24y7aachk/behavioral1 aktualizieren-wolke.de # Reference: https://www.virustotal.com/gui/file/3d9270024568518b9ff1f4ce9759338a3ac7b3ee8829256285e1e9b6334d39b8/detection # Reference: https://www.virustotal.com/gui/file/ae6388c4444a409c22290c69b36fc683ca22945b92adbefe6413553136be4304/detection 139.60.163.159:443 139.60.163.160:443 139.60.163.161:443 139.60.163.37:443 # Reference: https://twitter.com/TrackerC2Bot/status/1603379298148171782 109.205.214.18:443 # Reference: https://twitter.com/TrackerC2Bot/status/1604961099656450048 13.53.234.226:443 134.122.53.241:443 167.114.188.34:443 172.86.120.215:443 176.126.113.94:443 181.63.44.194:443 # Reference: https://twitter.com/TrackerC2Bot/status/1605270548518412310 182.79.116.126:443 187.172.230.151:443 # Reference: https://twitter.com/TrackerC2Bot/status/1604961103280328723 # Reference: https://www.virustotal.com/gui/file/00ca19356b887112f25a9107aee67bd741860545ba11951192b74fdcf77fec08/detection 185.243.114.28:443 192.236.192.238:443 23.106.124.171:443 35.182.95.170:443 45.77.40.71:443 54.250.13.251:443 66.85.147.23:443 68.48.87.153:443 79.124.78.236:443 95.179.168.37:443 # Reference: https://twitter.com/TrackerC2Bot/status/1608893796497952771 192.236.161.79:443 # Reference: https://sector7.computest.nl/post/2023-04-technical-analysis-genesis-market/ # Reference: https://otx.alienvault.com/pulse/642ec73594ef9d46722639a6 http://194.135.33.96 g3n3sis.org g3n3sis.pro genesis.market ifpstools.net ng3n3sis.org ng3n3sis.pro tchk-1.com you-rabbit.com # Reference: https://twitter.com/x3ph1/status/1682140863919529984 # Reference: https://www.virustotal.com/gui/ip-address/47.253.165.1/relations akongo.top alatangana.top amadioha.top anansi.top anyanwu.top arebati.top kiikala.top koumbasara.top lewru.top libanza.top lotuko.top lugbara.top lusunzi.top maasai.top mbundu.top naagara.top njambe.top back10.amadioha.top back12.amadioha.top back14.amadioha.top back2.amadioha.top back4.amadioha.top back6.amadioha.top back8.amadioha.top cp1.anansi.top cp2.anansi.top cp3.anansi.top cp4.anansi.top cp5.anansi.top cp6.anansi.top cp7.anansi.top cp8.anansi.top cp9.anansi.top fff11.alatangana.top fff22.alatangana.top fff33.alatangana.top fff44.alatangana.top fff55.alatangana.top fff66.alatangana.top fff77.alatangana.top lp1.libanza.top lp2.libanza.top lp3.libanza.top lp4.libanza.top lp5.libanza.top lp6.libanza.top lp7.libanza.top qz1.njambe.top qz11.njambe.top qz13.njambe.top qz3.njambe.top qz5.njambe.top qz7.njambe.top qz9.njambe.top zero1.arebati.top zero2.arebati.top zero3.arebati.top zero4.arebati.top zero5.arebati.top zero6.arebati.top zero7.arebati.top zzz1.akongo.top zzz2.akongo.top zzz3.akongo.top zzz4.akongo.top zzz5.akongo.top zzz6.akongo.top zzz7.akongo.top # Reference: https://github.com/pan-unit42/tweets/blob/master/2023-08-03-IOCs-for-malicious-ad-to-Danabot.txt 167.88.166.193:443 45.61.169.91:443 # Reference: https://twitter.com/TrackerC2Bot/status/1694412382053777472 159.89.114.62:443 23.254.144.209:443 23.254.227.74:443 38.68.50.179:443 # Reference: https://twitter.com/TrackerC2Bot/status/1696134033564946581 142.11.192.232:443 192.236.194.86:443 # Reference: https://twitter.com/TrackerC2Bot/status/1702293715987955777 172.86.121.218:443 172.86.97.119:443 173.214.169.17:443 213.252.245.80:443 195.123.224.82:443 45.61.160.115:443 91.212.166.96:443 # Reference: https://threatfox.abuse.ch/browse/malware/win.danabot/ 103.144.139.105:443 104.168.148.6:443 104.168.167.51:443 104.234.11.33:443 104.234.147.45:443 106.137.226.19:443 117.83.162.13:54068 125.67.68.19:54068 134.119.186.198:443 142.11.242.31:443 142.167.76.43:443 149.255.35.125:443 155.120.247.148:443 157.64.238.1:443 164.109.193.8:54068 167.114.188.38:443 172.93.201.242:443 178.209.51.211:443 179.43.133.35:443 185.112.83.26:443 185.62.58.191:443 185.62.58.85:443 188.191.106.71:443 192.236.146.173:443 192.236.146.39:443 192.236.160.244:443 192.236.161.4:443 192.236.199.175:443 192.236.236.83:443 192.3.26.98:443 195.123.220.45:443 215.212.21.6:443 23.106.122.14:443 23.254.129.180:443 23.254.133.7:443 23.254.134.53:443 23.254.164.106:443 23.254.201.147:443 23.254.217.192:443 23.254.226.136:443 23.254.228.176:443 233.175.187.96:443 237.250.131.153:443 34.105.203.100:443 34.247.234.201:443 34.90.104.246:443 34.95.4.102:443 35.194.193.144:443 35.199.103.5:443 35.199.99.16:443 35.220.142.90:443 35.220.149.58:443 35.228.162.70:443 35.236.67.31:443 37.120.222.107:443 44.202.197.21:443 45.147.228.212:443 45.147.231.150:443 45.147.231.218:443 5.9.224.217:443 51.178.195.151:443 51.222.39.81:443 51.77.7.204:443 59.37.192.38:443 64.188.23.70:443 66.85.185.120:443 67.248.84.113:443 68.158.26.25:443 75.56.111.148:443 84.141.50.190:443 84.19.37.39:443 86.105.252.18:443 89.144.25.104:443 89.44.9.132:443 89.45.4.126:443 # Reference: https://www.esentire.com/blog/danabots-latest-move-deploying-icedid # Reference: https://www.virustotal.com/gui/file/c1c3344231922b4de253dd4000af8bf60a501379978c8dd06c19a596f91b4b53/deection 77.91.73.187:443 # Reference: https://twitter.com/crep1x/status/1737745977006493906 # Reference: https://gist.github.com/qbourgue/e88db6f25bb218ac2e157aee17b791c1 # Reference: https://www.virustotal.com/gui/file/18ccf5be5d8fbe4a40bb0dd60caa5181eb5500cdfbfb68ead58389e198963866/detection 185.225.69.230:433 185.225.69.33:443 adavanced-ip-scaner.com adavanced-ip-scanner.com adevancd-lp-scanner.com adevanced-ip-scans.com adevanced-lp-scaners.com adevanced-lp-scanner.net adevanced-lp-scanners.com adsvancd-lp-scanner.net adsvanced-ip-scanner.com advancd-ip-scanner.com advancd-ip-scanner.net advancd-lp-scanner.net advanced-ip-scan.net advanced-ip-scanned.com advanced-ip-scanning.com advanced-ip-scanning.net advanced-ipscan.com advanced-ipscanning.com advanced-lp-scan.com advanced-lp-scaners.com advanced-lp-scaners.net advanced-lp-scanned.com advanced-lp-scanned.net advanced-lp-scanner.com advanced-lp-scanners.com advanced-port-scanner.net advancede-ip-scanner.com advancedes-ip-scan.com advancedes-ip-scan.net advancedes-ip-scanner.com advancedes-ip-scanner.net advancedes-lp-scan.net advancedes-lp-scanner.com advancedes-lp-scanner.net advancedip-scanner.net advancedlpscanner.com advanceds-ip-scan.net advanceds-ip-scanner.net advanceds-lp-scanner.net advnced-ip-scan.com advnced-ip-scanner.com advnced-lp-scanner.com inductiveautomatlon.com inductiveoutomation.com inductlveautomation.com mycaase.com mycaase.net oldsfaq.com technorobo-life.com # Reference: https://twitter.com/TrackerC2Bot/status/1751306740140749216 192.210.198.12:443 35.226.27.224:443 37.220.31.94:443 # Reference: https://twitter.com/JAMESWT_MHT/status/1757694806950600780 # Reference: https://twitter.com/reecdeep/status/1757727745784557971 # Reference: https://app.any.run/tasks/a059217b-52e4-450a-882a-9b7720a2b401/ # Reference: https://www.virustotal.com/gui/file/f56efb5cda932a1c94e1e44b9e38f27a48f451053cb7faca4259194f954ffd4c/detection 195.133.88.98:443 31.41.244.38:443 91.201.67.85:443 soundata.top content.servepics.com portfolio.serveirc.com y3wg3owz34ybihfulzr4blznkb6g6zf2eeuffhqrdvwdp43xszjknwad.onion # Reference: https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2024-03-26-IOCs-for-Matanbuchus-infection-with-Danabot.txt 34.168.202.91:443 torontoclub.vip