# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Reference: https://www.virustotal.com/en/domain/madh0use8.no-ip.org/information/ # Reference: https://www.virustotal.com/gui/file/347687813e6c14e190fa3545f088555b241bc63bb1a5796d672747a7303d276b/detection madh0use8.no-ip.org madh0use8.no-ip.org.ovh.net # Reference: https://www.virustotal.com/en/domain/vajityu.club/information/ vajityu.club # Reference: http://www.bug.hr/forum/topic/sigurnosni-softver/ransomware-napada/223333.aspx aepahphahv.co.vu aisohcaehi.co.vu anothertembr.cf anothertembr.ga anothertembr.gq anothertembr.ml chughaiquu.co.vu eewujoopai.co.vu faeceedaba.co.vu iewohpotae.co.vu kladara.ml meicashala.co.vu rooniebohl.co.vu sheibohchu.co.vu sootateiso.co.vu xooseishoh.co.vu # Reference: https://www.virustotal.com/en/ip-address/184.172.251.98/information/ facetwop.ru rulething.ru montirose.com # Reference: https://www.hybrid-analysis.com/sample/f9beaa7e7668b80b5119d9c80d5f590598380b60eaa5f09baeb87503e55d42c7?environmentId=100 server2.bjdnxbgp3.ru bogerando.ru # Reference: https://twitter.com/pr0xylife/status/1438440151865298945 qrextechnologies.com # Misc (incidents) devomchart.com getmyhouse.net ginbig.com moksaduqqovlof.net observatorystarsoh.net runningwayforsun.net locatedforporternok.net addressbooklocater.net alarg53.ddns.net kiliposturgy22.no-ip.biz beatyourmeatwhileweeat.com qibrasob.ru zibravopl.ru forgiveme.workisboring.com 75ulqnwb.ru i7gd9ultgx.ru v99ay4wuo.ru gd14hp0u6x.ru qsqjeuno53.ru # Reference: https://www.virustotal.com/en/ip-address/93.189.40.244/information/ lightsmokesky.net segateslondo.ru devomchart.com lemotgraph.com wittersphere.net monitmock.su monitnear.ru zapoio.com napalmstories.su jabberstorm.su photohubchart.com thoughtdog.net # Reference: https://otx.alienvault.com/pulse/5689784767db8c057c6fc000/ wanmeishua.com # Reference: https://www.threatcrowd.org/domain.php?domain=alsblueshelpt.nl alsblueshelpt.nl # Reference: https://www.virustotal.com/en/ip-address/46.166.165.114/information/ # Reference: https://cymon.io/46.166.165.114 46.166.165.114 committeedub.com 09h3rhh4zy.kuwxg7esmv.toxq93ljct.aze.link cekmakasabasa.com 0oers58juxhcm7e.aze.link yadakbloghesaplar.link aze.link fsafakfskane.net cclamarablog.xyz cutecatworldhappy.website # Reference: https://www.virustotal.com/en/ip-address/181.174.164.3/information/ # Reference: https://cymon.io/181.174.164.3 adobeflashplayernew.com adobeflashplayernew.org adobeplayerdownload.com adobeuploadplayer.com adobeflashplaayer.com flashplayeerupdate.com adobeupdateplayer.com adobeupdateplayeer.com adobeupdateflash11.com update-flash-player.org adobeflashupdate.org updateflashplayer11.com alarkamaravaas.pw lin.kim cutecatworldhappy.website abaza.ninja shoppet.net aze.link q0a2wqepvhz8ame.aze.link samaravablog.pw weightloss-secrets-revealed.net gomen.ninja # Reference: https://www.snort.org/rule_docs/1-30285 palauone.com # Reference: https://marc.info/?l=emerging-sigs&m=135207116130028 whatandwhyeh.com manymanyd.com traindiscover.com # Reference: http://comments.gmane.org/gmane.comp.security.ids.snort.emerging-sigs/17617 bktwenty.com adbullion.com sleeveblouse.com # Reference: https://www.threatcrowd.org/malware.php?md5=86f8834b945bbb2968260d6fcf26b951 meherdelam.com fordulak.com germerand.com # Reference: https://www.virustotal.com/en/ip-address/185.73.240.74/information/ meherdelam.com royalbankofcanadahelp.com dns8.ffv3.ru dns9.ffv3.ru royalbankservicescheck.com # Reference: http://www.urlvoid.com/scan/recenthosts.ru/ recenthosts.ru # Reference: https://www.siteadvisor.com/sites/intelcorpsg.com intelcorpsg.com # Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Inject-CHS/detailed-analysis.aspx cyber7.bit # Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Agent-AVRS/detailed-analysis.aspx fionades.com # Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Mdrop-HUO/detailed-analysis.aspx cgi.dubkill.com # Reference: https://www.hybrid-analysis.com/sample/20c61a9e16451777aae431cce15960e9b690c7d70b27384d0f4b3305c4cf10db?environmentId=120 fina.online # Reference: https://blog.talosintelligence.com/2018/08/threat-roundup-0817-0824.html blooping.ovh.net salako.net # Reference: https://www.nao-sec.org/2018/09/hello-fallout-exploit-kit.html himynameisnoah.su ichockealotkrug.com idontlikeitwhenyoudoit.ru iliketopunchnoah.com justreggitifyouknowit.ru karnevallizdageil.com merhabaslm.su wheniseeyourdedows.com # Reference: https://blog.talosintelligence.com/2018/08/threat-roundup-0817-0824.html joaosgk03.sytes.net spectrun2008.no-ip.org # Reference: https://twitter.com/ps66uk/status/1037866649435729921 widewiderangers.fun # Reference: https://blog.talosintelligence.com/2018/09/threat-roundup-0831-0907.html (Win.Dropper.Generickdz-6671833-0 section) http://122.14.210.142 http://198.46.86.224 http://43.230.143.219 americasculturalstudies.net danhbaviet.com kegodanang.com sevbizleadservices.com siyaghasourccing.com vhecha.com www970234.com # Reference: https://twitter.com/pancak3lullz/status/1040343104564473865 beladoces.online # Reference: https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html (Doc.Downloader.Powload-6681541-0) amniyatgostariranian.ir # Reference: https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html (Win.Dropper.Johnnie-6681665-0) ducklife.ddns.net homersides.duckdns.org wandersongay.ddns.net # Reference: https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html 2bunny.com # Reference: https://citizenlab.ca/2012/06/spoofing-the-european-parliament/ vv338.com # Reference: https://twitter.com/malwrhunterteam/status/1045622528541151232 laserjetpro.com # Reference: https://twitter.com/malwrhunterteam/status/1044928108359495680 manapowermta.us # Reference: https://twitter.com/jonaha92/status/1045344161690505217 11m.online # Reference: https://twitter.com/blu3_team/status/1046054098884349953 images.laofamilymerce.com # Reference: https://twitter.com/blu3_team/status/1037854618477383681 tub.gotomental.com /bin/page/hpsrv.tmp # Reference: https://twitter.com/blu3_team/status/1033356637543825408 nhatbao.chatpacific.com # Reference: https://twitter.com/blu3_team/status/1030263686001246210 v2.buydiamond.hk # Reference: https://twitter.com/blu3_team/status/993121509643378688 fb-dn.net/disrt/ ap12.ms-update-server.net # Reference: https://twitter.com/blu3_team/status/981659638776115200 unnews.freetcp.com # Reference: https://twitter.com/blu3_team/status/968588888867393536 news.voteandreahorwath.com /polar-beer/election2018/info.html # Reference: https://twitter.com/blu3_team/status/964324749106130944 zero-emissioncar.org # Reference: https://twitter.com/blu3_team/status/958573054052978688 weather.gbaycruise.com # Reference: https://twitter.com/blu3_team/status/956144807554043906 teredo-update.com # Reference: https://twitter.com/blu3_team/status/951658055858622464 mktnplace.com # Reference: https://twitter.com/blu3_team/status/950126294137819136 thestar.live # Reference: https://twitter.com/blu3_team/status/950124083332689920 newmysticvision.com # Reference: https://twitter.com/FewAtoms/status/1045358651307962369 lse-my.asia # Reference: https://twitter.com/sidq_ahmad/status/1045998305312997376 firefox-addons.com # Reference: https://twitter.com/James_inthe_box/status/1046844087469391872 kgpvkzwksvgvmpopesdtjuwjosbrameegopiyyyg.xyz # Reference: https://twitter.com/JaromirHorejsi/status/1047084277920411648 docs.herobo.com/in/ docs.herobo.com/mr/ # Reference: https://twitter.com/FewAtoms/status/1047533778665660425 americanxdrive.gq # Reference: https://twitter.com/FewAtoms/status/1047514168105082881 uchservers.ga # Reference: https://twitter.com/virqdroid/status/1047419271662505985 bibonado.com # Reference: https://pastebin.com/AasLyArF monochromestr.site motiondev.com.br studio2321.com # Reference: https://twitter.com/James_inthe_box/status/1047495498867728384 alangudiagroindia.com # Reference: https://twitter.com/dvk01uk/status/1047797297835397121 tokovio.com /kfjvbdrlq # Reference: https://twitter.com/ScumBots/status/1035348180903321601 23ace.site # Reference: https://twitter.com/avman1995/status/1047354322974064640 yoacafpshlcz.de # Reference: https://twitter.com/Dashowl/status/1047924040026001409 noipppl-online.com # Reference: https://twitter.com/James_inthe_box/status/1047907038582304768 alsafeeradvt.com/m/ # Reference: https://twitter.com/nullcookies/status/1048030992320143360 h2hphotography.com # Reference: https://twitter.com/pr3wtd/status/1044651674974015488 faktura24.ml przelewy24.tk # Reference: https://twitter.com/Techhelplistcom/status/1048640558309285888 # Reference: https://pastebin.com/raw/fLf15eVp 1drivemail.ml aghightile.ml atlasglb.tk bengusi.ga britwind.tk capt.ga cmfgen.cf cpseeds.ml dajjuooltd.ga foodpro.cf generationgrowth.ml illumin8blinds.ml inmailadmin.cf inmailadmin.ga inmailadmin.gq inmailadmin.ml inmailadmin.tk onedrivemail.cf onedrivemail.ga onedrivemail.gq onedrivemail.ml onedrivemail.tk onmailadmin.cf onmailadmin.ga onmailadmin.gq onmailadmin.ml onmailadmin.tk italamp.tk itc-co.cf kooshkan.ml kwangshin-co.tk nsewyainc.ml potoflogz.tk premiumchemical.ga pseaways.tk pvtechuae.cf rathot.ml ritter.gq rivonka.ga royalgroup.ga safetexgroup.tk salturchltd.ga sebbeninternational.ml sense-eng.ml sercer.tk siti-bt.ml torrecid.ml ultramarinepigments.ml utehaltd.tk veritasoverseas.ga vip163.cf yuan-fa.tk # Reference: https://blog.talosintelligence.com/2018/10/threat-roundup-0928-1005.html (Doc.Malware.Emooodldr-6699885-0) q0fpkblizxfe1l.com # Reference: https://twitter.com/ViriBack/status/950478648150282240 0m0.in # Reference: https://twitter.com/FewAtoms/status/1048982479783309314 capt.ga italamp.tk nsewyainc.ml sense-eng.ml sercer.tk # Reference: https://twitter.com/FewAtoms/status/1048978792931368960 britwind.tk dajjuooltd.ga illumin8blinds.ml kooshkan.ml potoflogz.tk siti-bt.ml torrecid.ml ultramarinepigments.ml veritasoverseas.ga vip163.cf # Reference: https://twitter.com/James_inthe_box/status/1049445992808890369 viswavsp.com/newworld/ # Reference: https://twitter.com/malware_traffic/status/1049407739619880961 23.249.161.109/extrum/ # Reference: https://twitter.com/JaromirHorejsi/status/1049601706630283264 readyteam.org # Reference: https://www.malware-traffic-analysis.net/2018/10/12/index.html guarana.pw marryjane.club names34.top safi.co.za # Reference: https://twitter.com/nullcookies/status/1050907886392623104 dirajrakhbhae.com # Reference: https://twitter.com/FewAtoms/status/1050457033810558976 akznqw.com # Reference: https://twitter.com/JaromirHorejsi/status/1050663483346280448 wemusthammer.com # Reference: https://twitter.com/FewAtoms/status/1051099620020035585 msmapparelsourcing.com/directory/ msmapparelsourcing.com/wp-admin/users/ # Reference: https://twitter.com/nullcookies/status/1051321548634804226 ghrelokamkaj.com # Reference: https://twitter.com/JaromirHorejsi/status/1050665509941698560 globamachines.com # Reference: https://twitter.com/FewAtoms/status/1050802529498525697 plus1interactive.com/bots/ # Reference: https://twitter.com/olihough86/status/1050722705740304384 wheelnet.ca # Reference: https://twitter.com/ximo2006/status/1050331166597758976 93.174.93.149:21 # Reference: https://www.cyren.com/blog/articles/new-scarab-ransomware-using-necurs-as-a-service hard-grooves.com hellonwheelsthemovie.com miamirecyclecenters.com # Reference: https://twitter.com/nullcookies/status/1051244629704740865 daduhinnawmaz.com # Reference: https://www.malware-traffic-analysis.net/2018/10/12/index.html datingittlive.info # Reference: https://twitter.com/nullcookies/status/1030243288677277696 mayorel.website # Reference: https://researchcenter.paloaltonetworks.com/2018/10/unit42-fake-flash-updaters-push-cryptocurrency-miners/ osdsoft.com # Reference: https://twitter.com/pr3wtd/status/1051874732008767488 faktura24.cf przelewy24.ml # Reference: https://twitter.com/MaelSecurity/status/1051900926078922753 adobe-reader.site # Reference: https://twitter.com/avman1995/status/1052023584187719680 elektroklinika.pl/wp-content/languages/plugins/includes/ # Reference: https://twitter.com/ulexec/status/1051959861964169217 alprazolam.rip # Reference: https://twitter.com/nullcookies/status/1052339217056129026 grafmx.com # Reference: https://twitter.com/olihough86/status/1052607058883870720 yootbe.org # Reference: https://twitter.com/KorbenD_Intel/status/1052652297279459329 holisticxox.com # Reference: https://twitter.com/james_inthe_box/status/1022866075493355520 cuezo.tk # Reference: https://twitter.com/avman1995/status/1052879462449274880 ondasolution.ga # Reference: https://twitter.com/Techhelplistcom/status/1053054566957285382 # Reference: https://pastebin.com/raw/v7XN8dZS alfredbusinessltd.flu.cc citytrading.usa.cc # Reference: https://twitter.com/FewAtoms/status/1053365757197860864 hnmseminar.aamraresources.com/dotcom/ # Reference: https://twitter.com/JaromirHorejsi/status/990936083537039360 loggerz.xyz # Reference: https://twitter.com/ViriBack/status/971430374919122944 acctspayable.com # Reference: https://twitter.com/executemalware/status/999034066258284545 theipgenerators.com # Reference: https://twitter.com/malware_traffic/status/1053494383708844032 # Reference: https://www.malware-traffic-analysis.net/2018/10/19/index.html 2019bracket.com 2069brackets.com activenavy.com adomesticworld.com allpurplehandling.com anilmoni.com answermanagementgroup.com antinomics.com bluestarpaymentsolutions.com boobfanclub.com borderlands3.com brickell100.com bubsware.com cactopelli.com careercoachingbusiness.com cclawsuit.com crosspeenpress.com crystalhotel.com dehionsgbes.com dmknott.com docswitch.com expertsjourney.com farminginthefloodplain.com geziyurdu.com gloria-glowfish.com gnosmij.com gokceozagar.com greatwp.com ieltsonlinetest.com indiangirlsnude.com indicasativas.com inmotionframework.com internationalboardingandpetservicesassociation.com intimateimagery.com iptechnologysolutions.com iscanhome.com # Reference: https://twitter.com/ps66uk/status/1053632722667794433 dWUJncxxb.sh-master02.com qixjd277g3621166.impressoxpz97367.com # Reference: https://twitter.com/DissectMalware/status/1042276512886599680 exxxwrtw1111111.kloudghtlp.com # Reference: https://twitter.com/ni_fi_70/status/1053207719291879424 84.38.130.139/pk/office/ # Reference: https://twitter.com/xxdesmus/status/1053440011289280512 123.249.71.250:666 89.34.237.210/ikahedbts/ # Reference: https://twitter.com/nullcookies/status/1054185582467993600 daxiu678.com lianyebo1.com # Reference: https://twitter.com/FewAtoms/status/1054419759511547904 guideofgeorgia.org/doc/ # Reference: https://twitter.com/FewAtoms/status/1054762247405424642 nabato.org # Reference: https://www.proofpoint.com/us/threat-insight/post/sload-and-ramnit-pairing-sustained-campaigns-against-uk-and-italy davidharvill.org hotkine.com informanetwork.com invasivespecies.us lookper.eu maleass.eu schwerdt.org # Reference: https://twitter.com/KorbenD_Intel/status/1054857588695683072 6cameronr.ga # Reference: https://twitter.com/FewAtoms/status/1055149939456688133 linetrepanier.com/wp-data/ # Reference: https://twitter.com/avman1995/status/1055360237484552192 ponti-int.com/a/ # Reference: https://twitter.com/yvesago/status/1055362284569145344 84.38.130.139/pk/office/ # Reference: https://twitter.com/FewAtoms/status/1055477161577115648 192.3.162.102/out/ # Reference: https://report.any.run/59855140193f0b0c10a15b7eb7c70bbb2ff94fa49e93d64d14c74cb1fcc589ff/50fa8a2f-1052-476a-8b1f-1d305d867ffb#network # Reference: https://report.any.run/28b1efe63d1e97d42bc8809ef106c6496344860e6bec90e040a2aae8853deb9d/9e7eab49-a552-4bf2-9cab-8714f757e3c6 officesales2.com # Reference: https://blog.en.elevenpaths.com/2019/01/chrome-extension-card-cybersecurity.html fbsgang.info # Reference: https://ti.360.net/blog/articles/upgrades-in-winrar-exploit-with-social-engineering-and-encryption/ manage-shope.com local-update.com conloap.linkin.tw # Reference: https://twitter.com/blu3_team/status/1053669632438099970 # Reference: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0802 pus.inter.cloudns.cc # Reference: https://unit42.paloaltonetworks.com/analysis-of-smoke-loader-in-new-tsunami-campaign/ bite-me.wz.cz jma-go.jp mountainhigh.at racemodel.at thunderbolt-price.com sungmap.at # Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/fileless-banking-trojan-targeting-brazilian-banks-downloads-possible-botnet-capability-info-stealers/ chadikaysora.com lt99.ddns.net http://35.227.52.26 # Reference: https://twitter.com/ScumBots/status/1094811119154356224 gxbjugb.xyz # Reference: https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html (Win.Malware.Autoit-6877140-0) # Reference: https://www.virustotal.com/#/file/028914f9d3455b44d9186d218874047530a367cb1d20cbc7d9b047a42faf1774/detection kuangdl.com # Reference: https://www.virustotal.com/#/url/0d8185a9bf6eb842a7e07758882d86a33f090d7572efd61d1b296382c2af4a7a/detection j0mla.sytes.net # Reference: https://news.drweb.com/show/?i=12955&c=23&lng=en&p=0 # Reference: https://github.com/DoctorWebLtd/malware-iocs/tree/master/Trojan.Click3.27430 # Reference: https://app.any.run/tasks/0a0be637-4950-4727-bfaa-8eaa05563262 barmash.ru dnsip.ru dns-free.com # Reference: https://twitter.com/ScumBots/status/1105495431864303616 flowerstick.net # Reference: https://blog.talosintelligence.com/2019/03/threat-roundup-0308-0315.html mokoaehaeihgiaheih.ru # Reference: https://twitter.com/James_inthe_box/status/1106551689132138497 llkty.gq # Reference: https://twitter.com/James_inthe_box/status/1105124840501989378 dsmbil.ml # Reference: https://www.virustotal.com/#/domain/cloudnetwork.kz # Reference: https://twitter.com/James_inthe_box/status/1101548458090016768 cloudnetwork.kz # Reference: https://twitter.com/bad_packets/status/1104313051166068737 methaddict.xyz # Reference: https://twitter.com/VK_Intel/status/1044631042454249473 mintsbox.website # Reference: https://twitter.com/JAMESWT_MHT/status/1107662516824535041 xqzuua1594.com # Reference: https://twitter.com/JAMESWT_MHT/status/1107932063209017344 /gr.mpwq # Reference: https://twitter.com/James_inthe_box/status/1107977083123204102 brokenway.cf # Reference: https://twitter.com/James_inthe_box/status/1108085222317289473 goldchainsblue.com validcc.ch # Reference: https://twitter.com/ActorExpose/status/1108113213164523521 vocational-age.000webhostapp.com # Reference: https://twitter.com/dvk01uk/status/1108204451309981697 alta-brasiil.com # Reference: https://twitter.com/dvk01uk/status/1106429454736388096 fast4elev.gq # Reference: https://twitter.com/dvk01uk/status/1105718483118108672 remenelectricals.com # Reference: https://twitter.com/dvk01uk/status/1105736132908720128 morningfresh.ga # Reference: https://twitter.com/dvk01uk/status/1105819049831862278 chemisoli.com # Reference: https://twitter.com/dvk01uk/status/1105437702999166976 goodlord.cf # Reference: https://twitter.com/dvk01uk/status/1103507380892061696 evaglobal.eu # Reference: https://twitter.com/dvk01uk/status/1103259569013305344 mamaknowyourname.gq # Reference: https://twitter.com/dvk01uk/status/1103257149508075520 modexcommunications.eu # Reference: https://twitter.com/dvk01uk/status/1102820682713522176 ruga.africa # Reference: https://twitter.com/dvk01uk/status/1099697529409671168 maheshshukla.com # Reference: https://twitter.com/dvk01uk/status/1098244837374070786 findouttheway.gq # Reference: https://twitter.com/dvk01uk/status/1097767868874264576 etruht.ml # Reference: https://twitter.com/dvk01uk/status/1093734309947719680 etruht.ga # Reference: https://twitter.com/dvk01uk/status/1097357708246896640 tanerm.ug # Reference: https://twitter.com/dvk01uk/status/1096445096306921472 xvirginieyylj.city # Reference: https://twitter.com/dvk01uk/status/1095633303758127104 joshdghd.cf # Reference: https://twitter.com/dvk01uk/status/1094924981971107840 geepaulcast.com # Reference: https://twitter.com/dvk01uk/status/1092780337434947584 lightmusic.cocomet-china.com # Reference: https://twitter.com/dvk01uk/status/1092685964743503872 imtooltest.com # Reference: https://twitter.com/dvk01uk/status/1088793739223539713 sulphurrnills.com # Reference: https://twitter.com/dvk01uk/status/1088391308849434629 pornhouse.mobi # Reference: https://app.any.run/tasks/fe58bf2c-065f-4505-a644-6baeeb7ee4cf bhrserviceaps.dk # Reference: https://twitter.com/fletchsec/status/1108144401530978304 86818.prohoster.biz # Reference: https://twitter.com/killamjr/status/1108455343816916992 quiltyfabricsorders.xyz # Reference: https://twitter.com/nao_sec/status/1108388558539087873 dogfunnyviedeos.xyz # Reference: https://twitter.com/JayTHL/status/1108402913938935808 mansoura.co root-mrx.tk # Reference: https://twitter.com/Racco42/status/1107351502878842880 angel-aristizabal.com.co # Reference: https://twitter.com/Racco42/status/1106547527334154240 thinknik.ca # Reference: https://twitter.com/Racco42/status/1106225615705948167 ministere-elshaddai.org # Reference: https://twitter.com/Racco42/status/1106201029127880704 tiemokodoumbia.com # Reference: https://twitter.com/Racco42/status/1105504898525917184 mincare.vn sharegroup.info # Reference: https://twitter.com/Racco42/status/1102896181011795969 wearewhatwesay.com # Reference: https://twitter.com/Racco42/status/1102869794502705152 fm.radio.googlemenow.org # Reference: https://twitter.com/Racco42/status/1102590512228388866 handbuiltapps.com luxdecor.co.il # Reference: https://twitter.com/Racco42/status/1101142170663354370 loh-tech.com # Reference: https://twitter.com/Racco42/status/1100855213668421632 oppws.cn skity.hk # Reference: https://twitter.com/Racco42/status/1100733716995944448 aviatorssm.bit # Reference: https://twitter.com/Racco42/status/1098979285443006465 burcutekstil.online # Reference: https://twitter.com/JAMESWT_MHT/status/1108668614742368261 mkatarina7094maybelle.email # Reference: https://twitter.com/JAMESWT_MHT/status/1108683102187110400 # Reference: https://app.any.run/tasks/7d5fcd3a-9d57-45f4-8616-f867ee76f765 nuovilod.icu wwikrrtt.info # Reference: https://twitter.com/malwrhunterteam/status/1108689191326625794 bigassbabyart.com # Reference: https://twitter.com/anyrun_app/status/1108695731530055680 # Reference: https://app.any.run/tasks/f9c9b7ed-ac6b-454f-86c6-8bbc7c3b8d1f n48lxj5097.email wyideegb.city # Reference: https://twitter.com/JAMESWT_MHT/status/1103983033307271168 brandin.nu servicemanager.icu # Reference: https://twitter.com/luc4m/status/1103952276132192256 splitbiin.co # Reference: https://twitter.com/JAMESWT_MHT/status/1100698122563567616 mi88karine.company # Reference: https://twitter.com/avman1995/status/1094181713121558529 fpetraardella.band # Reference: https://twitter.com/benkow_/status/1088009157733683200 uni-full.com # Reference: https://twitter.com/James_inthe_box/status/1076673889701224448 tollzwork.ru # Reference: https://twitter.com/CryptoInsane/status/1074048007912464389 ooxxzzvv.com # Reference: https://twitter.com/Racco42/status/1067027684906151936 pdf-compare.site pdf-compare.space # Reference: https://twitter.com/benkow_/status/1057977911607783425 osxmacservice.com # Reference: https://twitter.com/Racco42/status/1040144285453180928 emailerservo.science # Reference: https://twitter.com/James_inthe_box/status/1108727176038236166 fnutdue.ru # Reference: https://twitter.com/dvk01uk/status/1108706531636326400 lovliygtyu.ml # Reference: https://twitter.com/dvk01uk/status/1108745052686307328 hytexxi.xyz # Reference: https://twitter.com/pollo290987/status/1108755025604591622 tarhona-libya.com # Reference: https://twitter.com/Jan0fficial/status/988318117532176384 mlhxyz.ml # Reference: https://twitter.com/fumik0_/status/973504037999075329 win-dows.net # Reference: https://twitter.com/dvk01uk/status/1109045863664533504 zentacher3.ga # Reference: https://twitter.com/JAMESWT_MHT/status/1109085932949590018 u1a2zlzeuya.company # Reference: https://app.any.run/tasks/7dff8b86-1cff-4d38-9264-aa5a217eca0e interruption.ru # Reference: https://twitter.com/JAMESWT_MHT/status/1109089319871004673 r414525xw.band # Reference: https://app.any.run/tasks/b853927b-ff78-4744-81db-789e8592bda2 realdealhouse.eu # Reference: https://twitter.com/casual_malware/status/1107101098714656768 elec-tb.com # Reference: https://twitter.com/JAMESWT_MHT/status/1106579701290672129 abhicoupon.com # Reference: https://twitter.com/JaromirHorejsi/status/1105806463468036096 awdmiami.com # Reference: https://twitter.com/James_inthe_box/status/1100793529595383809 freedomate.ga # Reference: https://twitter.com/ViriBack/status/1093994913249853440 cocomet-china.com naceco.com qai-abb.com # Reference: https://twitter.com/nullcookies/status/1029173962595598336 appgosecurity.com # Reference: https://twitter.com/FewAtoms/status/1109119034082103298 shannai.us # Reference: https://twitter.com/James_inthe_box/status/1109120289604931584 zjnewdan.us # Reference: https://twitter.com/ClearskySec/status/1001833343581900800 stcinet.com stcnet.ddns.net # Reference: https://twitter.com/guelfoweb/status/1109103783571795970 mit-gov-it.icu # Reference: https://twitter.com/Racco42/status/1109591919561187330 alph.staroundi.com # Reference: https://twitter.com/FewAtoms/status/1109773299985379329 ruih.co.uk # Reference: https://twitter.com/James_inthe_box/status/1104730265442631680 oteam.io # Reference: https://twitter.com/James_inthe_box/status/1079727395161104384 amsi.co.za # Reference: https://twitter.com/James_inthe_box/status/1109832439700971520 # Reference: https://app.any.run/tasks/f435d89d-30a5-465b-8a8d-b7a042665e0e a-7763.com davidich.life domekan.ru doshimotai.ru kifge43.ru /MatherFuckerAv.dll # Reference: https://twitter.com/James_inthe_box/status/1108789993923723264 gmltdprocrop.com # Reference: https://twitter.com/4chr4f2/status/1103316628245164032 mulenrooj.adygeya.su # Reference: https://twitter.com/avman1995/status/1090972632261029891 monstercartune.club # Reference: https://twitter.com/dms1899/status/1070382435148447745 ph0en1x.tk # Reference: https://twitter.com/avman1995/status/1035723902612324352 botsphere.biz # Reference: https://twitter.com/Racco42/status/1110098645263810561 bzios.info # Reference: https://docs.google.com/document/d/1oYX3uN6KxIX_StzTH0s0yFNNoHDnV8VgmVqU5WoeErc (2018-10-22: Ukrainian telcos fake domains on servers with Metasploit and Cobalt Strike) 24tv.agency 2mdns.org a-msedge.org ads1-msn.com ads1-msn.net akadns-ms.net api-p001-1drv.com apostrophe-news.biz appex-bing.net appex-bing.org bigmir.email blob-weather.com cdn-onenote.net censornews.org client-googledns.com cnn-metanews.biz compatexchange-cloudapp.com corpext-datamart.net delometaua.biz diagnostics-support-microsoft.net diagnostics-support.com dns-msftncsi.com eizvestia-news.org espreso.today feedback-google.net feedback-google.org feedback-windows.com feedback-windows.org foxnewsmeta.biz fwdcdn.org gateway-telemetry.net gateway-telemetry.org gazetaua-news.org gismeteo.city img-s-msn-com-akamaized.net interfax-globalnews.com ipv4-microsoft.net ipv4-microsoft.org ipv6-google.net ipv6-google.org ipv6-microsoft.org kyivstar-ip.com ls2web-redmond-corp.com microsoft-com-nsatc.org microsoft-metaservices.com microsoft-nsatc.org ms-akadns.org news-liga.net newska-uanews.biz nod-update.org ns0-ukrpack.net ns0-volia.net ns1-datagroup.com ns1-datagroup.org ns1-volia.net ns2-datagroup.com ns2-datagroup.org ns2-ukrtel.com ns3-datagroup.org ns4-datagroup.org obozrevatel-news.com officeclient-microsoft.com paypal-com1.com paypal-com2.com pppoe-infocom.com pppoe-kyivstar.com pppoe-ukrtel.com preview-msn.org redir-metaservices.com redir-metaservices.org reports-telemetry-microsoft.com rian-ua.org sandbox-cloudapp.com sandbox-cloudapp.org search-msn.net search-msn.org secure-telemetry.net secure-telemetry.org securenod32.com segodnya-news.org services-glbdns2.com services-glbdns2.org services-google.org serving-sys-windows.net serving-windows.net social-msn.net social-msn.org ssw-live.org statototalitario.com support-cloudapp.net support-microsoft.biz telecommand-microsoft.net telecommand-microsoft.org telegraf-news.biz telemetry-akadns.org uatimes-meta.biz ubr-news.org ui-skype.net ukrfreshnews.com unian-search.com urs-microsoft.net watson-microsoft.org win-msecnd.com win-msecnd.org win10-telemetry.net # Reference: https://twitter.com/James_inthe_box/status/1056920457218125826 mypanell.online # Reference: https://twitter.com/Racco42/status/1029986121286074369 atcproje.com # Reference: https://twitter.com/JAMESWT_MHT/status/1110147918995091457 # Reference: https://app.any.run/tasks/8e80d6b5-507a-40ab-98bd-2dfd73d313ab klub046.co # Reference: https://twitter.com/Racco42/status/1110160140962066432 zaczvk.pl # Reference: https://twitter.com/Racco42/status/1110170198005436417 # Reference: https://app.any.run/tasks/30775d98-c3a7-4de0-b4e1-5ae6db7fece9 space.bajamelide.ch # Reference: https://twitter.com/malware_traffic/status/1110176575922864128 zabenkot.top # Reference: https://twitter.com/angel11VR/status/1109075153114279936 # Reference: https://app.any.run/tasks/37b99bb8-a81b-4298-bc78-b19ecc0adb0f 185.25.50.168:4444 # Reference: https://twitter.com/James_inthe_box/status/1104730265442631680 89.105.202.62:1080 # Reference: https://twitter.com/James_inthe_box/status/1110196027338817538 erimbil.ml # Reference: https://twitter.com/ScumBots/status/1110265736029712384 safetimes.biz # Reference: https://twitter.com/ScumBots/status/1110265564428226565 wite.biz # Reference: https://twitter.com/ScumBots/status/1110265483264167939 s3rpfish.biz # Reference: https://blog.talosintelligence.com/2019/03/threat-roundup-0315-0322.html (Win.Malware.Autoit-6897734-0) charlesprofile.website # Reference: https://twitter.com/Racco42/status/1110450502087725057 kozol.info # Reference: https://twitter.com/JAMESWT_MHT/status/1110470611137114112 fubuy60w.email # Reference: https://twitter.com/JAMESWT_MHT/status/1110533916279128071 24forejungl.site # Reference: https://twitter.com/James_inthe_box/status/1110563590950445056 lattempted.pw # Reference: https://twitter.com/James_inthe_box/status/1110560151977623552 conamylups.com # Reference: https://twitter.com/FewAtoms/status/1110578385011519489 accpais.com # Reference: https://twitter.com/avman1995/status/951077991966064640 itgpll.com # Reference: https://twitter.com/ViriBack/status/950469147976257536 m3ss4g3rtesla.com # Reference: https://twitter.com/ViriBack/status/950354442917990400 dominica2.com # Reference: https://twitter.com/cocaman/status/909339498445705216 iemnnyanmar.com # Reference: https://twitter.com/58_158_177_102/status/1110814561500708864 onbraker.com podertan.com # Reference: https://twitter.com/Racco42/status/1110844776075706368 zolik.info # Reference: https://twitter.com/ClearskySec/status/1110941180106366976 /D2_de2o@sp0/ # Reference: https://twitter.com/ClearskySec/status/1062026777604820994 disw.top jobk.info ktis.club kotb.top lupx.info # Reference: https://twitter.com/Racco42/status/1111189949712420864 armasglass.com # Reference: https://twitter.com/dvk01uk/status/1111218416227102720 babamaturu.cf # Reference: https://twitter.com/0_1_0_1_0_0_0_0/status/1111223066137448449 bambamdumer.ml kodjdsjsdjf.tk lookatmenaaaa.tk # Reference: https://twitter.com/ps66uk/status/1111309717664604162 poperjffd.gq zentacher.cf # Reference: https://otx.alienvault.com/pulse/5c9d13987ec3ed127b3175a5 crypt24.in clean.crypt24.in zani.streghettaincucina.com midgnighcrypt.com yinhbygrm.com 4uland.com favoritfile.in img.martatovaglieri.com # Reference: https://twitter.com/James_inthe_box/status/1111371723092299776 edjsqvg.ua # Reference: https://twitter.com/FewAtoms/status/1110578385011519489 accpais.com # Reference: https://twitter.com/JayTHL/status/1111497469937045504 brynn.ink # Reference: https://twitter.com/DissectMalware/status/1111511953061621760 onbraker.com # Reference: https://twitter.com/JAMESWT_MHT/status/1111623245965545473 justpony.xyz warezpony.ga # Reference: https://twitter.com/JAMESWT_MHT/status/1111623824695611392 myloki.icu # Reference: https://twitter.com/ViriBack/status/1111646690233192449 pamthasion.pw # Reference: https://twitter.com/Racco42/status/1111651759276072961 zerio.info # Reference: https://twitter.com/James_inthe_box/status/1111666754604789760 recordsforsmssent.xyz # Reference: https://twitter.com/ViriBack/status/1067995331810549760 oceanicproducts.eu jesseworld.eu modexdeals.xyz modecloudserver.eu # Reference: https://twitter.com/ekamioka/status/1111658931624001540 nanowopsite.club # Reference: https://docs.google.com/document/d/1oYX3uN6KxIX_StzTH0s0yFNNoHDnV8VgmVqU5WoeErc (2018-01-16: New Order PO) /buchi/i/fred.php # Reference: https://twitter.com/ViriBack/status/971430374919122944 carolp1.xyz # Reference: https://twitter.com/malware_traffic/status/1111049259305046016 ultimateyahoo.top # Reference: https://twitter.com/jfslowik/status/1112010565742788609 download-updates-comp.com get-updates-ms.com # Reference: https://twitter.com/benkow_/status/1112046921303113729 gcleaner.info # Reference: https://twitter.com/ps66uk/status/1112172657729044480 00399a4.netsolhost.com # Reference: https://twitter.com/Racco42/status/1112623595459612673 zesis.info # Reference: https://twitter.com/malware_traffic/status/1101164760647847936 not-my-guilty.com onlinedattingforlife.info russkistandart.info # Reference: https://twitter.com/malware_traffic/status/1083771485997670400 datingforllives.info # Reference: https://twitter.com/malwrhunterteam/status/1112969094322683904 danhuaile.net # Reference: https://twitter.com/packet_Wire/status/1112802915650027520 ordernow.cf # Reference: https://twitter.com/James_inthe_box/status/1113102849313988611 sorna.at rivier.at # Reference: https://twitter.com/KorbenD_Intel/status/1113151983030943744 vilamax.home.pl # Reference: https://twitter.com/James_inthe_box/status/1113114356714168321 bluewales.ml worldatdoor.in # Reference: https://twitter.com/albertzsigovits/status/1113096573284728839 powellpablooo.myjino.ru fnsss77.ru darbl.icu # Reference: https://twitter.com/illegalFawn/status/1113336529433374721 4fallingstar.info esurf.info childrensliving.com # Reference: https://twitter.com/malware_traffic/status/1113586907655680001 tytalrecoverysolutions.com zakromanoff.com # Reference: https://twitter.com/JAMESWT_MHT/status/1113747351405985792 bobbobb1z.com # Reference: https://twitter.com/dvk01uk/status/1094130931596701696 liqurestore.cf # Reference: https://twitter.com/benkow_/status/1090564148184924160 dfgdfgghjghfshfgh.ru # Reference: https://twitter.com/JayTHL/status/1036810959644438528 dvpont.com itwsaelants.com kmnnl.com tekinkgroup.com # Reference: https://twitter.com/James_inthe_box/status/1113888371204472832 smart.cloudnetwork.kz nicru.supermicrotransapi.ru mel.cloudcontentsmak.com js.securetopdevelopment.kz secure.jsc0nten1maker.com secure.jscontentmaker.kz tel.jsapisettings.kz # Reference: https://twitter.com/malware_traffic/status/1113975722773831680 med.ufro.cl top.sineadholly.com # Reference: https://twitter.com/K_N1kolenko/status/1113818032248430593 waorveled.com hegutceper.ru dintroprula.ru # Reference: https://twitter.com/takerk734/status/1113851637292920832 artdefensive.com # Reference: https://twitter.com/takerk734/status/1113852021579206658 ceaningthe.com hosttrade.ru letsdoitquick.site # Reference: https://twitter.com/Racco42/status/1114080917402861568 pasios.info # Reference: https://www.bromium.com/mapping-malware-distribution-network/ # Reference: https://otx.alienvault.com/pulse/5ca7142dd898276082584a58 l-jaxx.com monkeyinferno.net # Reference: https://twitter.com/smica83/status/1114099330628096000 echuhnova.digital # Reference: https://twitter.com/smica83/status/1114101564648689664 daidaowu.com # Reference: https://twitter.com/JAMESWT_MHT/status/1114103736731951104 vip-163.cc # Reference: https://twitter.com/Bank_Security/status/1114122727080771585 g53lois51bruce.company # Reference: https://twitter.com/James_inthe_box/status/1114150925218639872 11totalzaelooop11.club # Reference: https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html (Win.Malware.Autoit-6919193-0) jfnutts.com jamesxx.dynu.net # Reference: https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html (Win.Malware.Vobfus-6919817-0) backdates[0-9]{1,2}\.(com|net) # Reference: https://imgur.com/a/8mFGk # Reference: https://otx.alienvault.com/pulse/5a49115f93199b171b90a212 conectionapis.com # Reference: https://twitter.com/JayTHL/status/1115077956781715456 # Reference: https://pastebin.com/raw/HggkKKVu awazpeople25.com.pl awazpeople25.net.pl awazpeople25.pl awazpeople25.waw.pl e-helpingcenterxg.pl egalleryimagesas.pl ehelpingcentervh.pl estoremkg.pl everificationaccountls.pl galleryimagesas.com.pl galleryimagesas.net.pl galleryimagesas.pl galleryimagesas.waw.pl helpingcentervh.com.pl helpingcentervh.net.pl helpingcentervh.pl helpingcentervh.waw.pl helpingcenterxg.com.pl helpingcenterxg.net.pl helpingcenterxg.pl helpingcenterxg.waw.pl hypemediahdy.com.pl hypemediahdy.net.pl hypemediahdy.pl hypemediahdy.waw.pl i-awazpeople25.pl i-mzenjdfu.pl ihypemediahdy.pl make-upvalleyusastoread.pl mzenjdfu.com.pl mzenjdfu.pl mzenjdfu.waw.pl storemkg.com.pl storemkg.net.pl storemkg.pl storemkg.waw.pl verificationaccountls.com.pl verificationaccountls.net.pl verificationaccountls.pl verificationaccountls.waw.pl # Reference: https://twitter.com/smica83/status/1115174343288545280 etechnocrat.us # Reference: https://twitter.com/Racco42/status/1115216282670989313 hallos.info # Reference: https://twitter.com/MisterCh0c/status/1115001122673102848 yolodice.icu # Reference: https://twitter.com/James_inthe_box/status/1115258819473317888 vapeegy.com # Reference: https://twitter.com/Racco42/status/1115259915877146625 e-mailupgrade.com # Reference: https://twitter.com/malwrhunterteam/status/1115289020421025792 bestpage1.com # Reference: https://twitter.com/BroadAnalysis/status/731653488443305985 khamsanphukhoa.com.vn # Reference: https://twitter.com/angel11VR/status/1115343202167533568 # Reference: https://pastebin.com/0bX17LaY gingerandcoblog.com # Reference: https://twitter.com/illegalFawn/status/1115537607256150016 logger-keyz.tk # Reference: https://twitter.com/Artilllerie/status/1115556048243437568 subby.xyz # Reference: https://twitter.com/James_inthe_box/status/1115591879586795521 hot-mail.online # Reference: https://twitter.com/slayersecurity/status/1115599512758697984 bobbobb1z.com # Reference: https://twitter.com/pollo290987/status/1115613838689341440 nicholaspring.xyz # Reference: https://twitter.com/slayersecurity/status/1115902366686031878 klis.icu notz.icu qgb.us shortener.icu shortit.icu zvb.us # Reference: https://twitter.com/JAMESWT_MHT/status/1115926996582830081 nemelyu871.info s1591e46.xyz # Reference: https://twitter.com/JAMESWT_MHT/status/1115928599792640000 instant-payments.ru # Reference: https://twitter.com/makflwana/status/1115953092090941440 vman23.com # Reference: https://twitter.com/x42x5a/status/1115980225127571456 freelim.cf # Reference: https://app.any.run/tasks/34e6fb84-9c9f-4839-8c08-a2db34280b72 younglybae.tk # Reference: https://twitter.com/KorbenD_Intel/status/1115987185206013953 b02aee36.ngrok.io # Reference: https://twitter.com/James_inthe_box/status/1116302275335475201 a.uchi.moe # Reference: https://twitter.com/tkanalyst/status/1116370690444124160 adpop.xyz # Reference: https://twitter.com/58_158_177_102/status/1116608652985585670 aupa.xyz azedizayn.com aussiescanners.com fumicolcali.com sundarbonit.com # Reference: https://twitter.com/Racco42/status/1116787155710500866 yassra.com # Reference: https://twitter.com/LukasStefanko/status/1116700836032331778 # Reference: https://www.virustotal.com/gui/domain/appboxlive.host/relations appboxlive.host # Reference: https://twitter.com/JAMESWT_MHT/status/1095672902232477697 cytotan.xyz fatando.pw srv18427.microhost.com.pl # Reference: https://twitter.com/devnullek/status/1073159905480183808 favbaby.com # Reference: https://twitter.com/malware_traffic/status/767852827200761856 ahgsuy3829.top best-remit.com hybypi.xyz nerdcommunity.top reballancefreestyle.win # Reference: https://twitter.com/BroadAnalysis/status/815211105664565248 chebersto.com chelkibot.com jejefolso.com kalambint.com karachark.com kerukiron.com kurtillon.com markrelso.com nintedrer.com reregaton.com # Reference: https://twitter.com/BroadAnalysis/status/788400179091214336 arabicdessert.co prmhohzsl.top # Reference: https://twitter.com/BroadAnalysis/status/782996903025844224 badbigbearr.com bearbigger.top beargrizzler.win dxzvkr.top # Reference: https://twitter.com/malware_traffic/status/766412267063607296 lowashemterle.top yfyke.xyz # Reference: https://twitter.com/x42x5a/status/1117697750886428672 ahsantiago.pt # Reference: https://twitter.com/dvk01uk/status/1117752424331190273 licenses-renewal.com # Reference: https://twitter.com/killamjr/status/1117776513288503296 # Reference: https://www.virustotal.com/gui/domain/netlux.in/relations # Reference: https://www.virustotal.com/gui/domain/vitalmania.eu/relations netlux.in vitalmania.eu # Reference: https://twitter.com/FewAtoms/status/952884418733072384 gg.usdipc.com # Reference: https://twitter.com/DynamicAnalysis/status/1117833770332303365 ridihaagroup.com # Reference: https://twitter.com/FewAtoms/status/1117824449670209536 annaviyar.com # Reference: https://twitter.com/malware_traffic/status/1117811800395767808 shahkara.com.tr # Reference: https://twitter.com/HONKONE_K/status/1118035160362913792 new2019.mine.nu # Reference: https://twitter.com/JAMESWT_MHT/status/1118102912549433345 fineiksus.com # Reference: https://cofense.com/latest-software-functionality-abuse-url-internet-shortcut-files-abused-deliver-malware/ buyviagraoverthecounterusabb.net # Reference: https://twitter.com/James_inthe_box/status/1118146373361078272 tshukwasolar.com # Reference: https://twitter.com/Racco42/status/1118476901876674561 vreau-relatie.eu # Reference: https://twitter.com/FewAtoms/status/1118588045312368641 http://188.209.52.180 # Reference: https://twitter.com/FewAtoms/status/1118893063219372034 krosnovunderground.se # Reference: https://twitter.com/ViriBack/status/1119019674006687744 deuor.info/index.php # Reference: https://twitter.com/ActorExpose/status/1118914631609794561 kulsofttech.net # Reference: https://blog.talosintelligence.com/2019/04/threat-source-april-18-new-attacks.html plenoils.com sharedrive.top alkzonobel.com web2prox.com webxpo.us office.webxpo.us sunny-displays.com modernizingforeignassistance.net # Reference: https://twitter.com/malware_traffic/status/1119021844416405504 sunmeter.eu # Reference: https://twitter.com/ViriBack/status/1119592527106072576 http://185.79.156.15 # Reference: https://twitter.com/James_inthe_box/status/1119758368858468352 gbchb.com # Reference: https://twitter.com/pancak3lullz/status/1117825748583243776 esko7.cf # Reference: https://twitter.com/pancak3lullz/status/1092804207252525065 benelll.com # Reference: https://twitter.com/pancak3lullz/status/1085189158866378754 liftocean.us # Reference: https://twitter.com/The_d0c_T0R/status/1120184484312354816 bbkac.com # Reference: https://twitter.com/James_inthe_box/status/1120693994428567552 get.extra-files.com # Reference: https://twitter.com/malwrhunterteam/status/1120969169233690624 187.ip-54-36-162.eu # Reference: https://twitter.com/devnullek/status/1120708504619290624 news-medias.ru # Reference: https://reaqta.com/2019/04/ave_maria-malware-part1/ icbegypt.com # Reference: https://twitter.com/makflwana/status/1121063810289238018 newfield-us.info # Reference: https://twitter.com/James_inthe_box/status/1120752034829856768 alspi.cf # Reference: https://twitter.com/smii_mondher/status/962702751762468866 centropesquisabit.com.br # Reference: https://twitter.com/x42x5a/status/1121094286613852162 baldorclip.icu # Reference: https://twitter.com/malwrhunterteam/status/1121095736299597824 geraldgore.com/news/ # Reference: https://twitter.com/malware_traffic/status/1121097028426194944 iblservicosonline.com # Reference: https://twitter.com/MisterCh0c/status/1121125682032119808 noda-8879.cf # Reference: https://twitter.com/malware_traffic/status/1061039473448734722 po0o0o0o.com # Reference: https://twitter.com/coldshell/status/936173677854580736 # Reference: https://pastebin.com/9JfkQ1FX accessyouraudience.com alucmuhendislik.com awholeblueworld.com bit-chasers.com datenhaus.info hexacam.com mh-service.ru # Reference: https://twitter.com/coldshell/status/936588497216995328 # Reference: https://pastebin.com/LRTA7NSn basedow-bilder.de centralbaptistchurchnj.org highlandfamily.org motifahsap.com pdj.co.id pragmaticinquiry.org schwellenwertdaten.de shamanic-extracts.biz team-bobcat.org troyriser.com # Reference: https://twitter.com/coldshell/status/894908561855307776 # Reference: https://pastebin.com/dZXyvmvL adelaidemotorshow.com.au apositive.be autoecoleathena.com autoecoleboisdesroches.com autoecoledufrene.com beansviolins.com cipemiliaromagna.cateterismo.it firstonetelecom.com fly2.com.tw harristeavn.com heathrowestudios.com hydronetinfo.com melting-potes.com microsom.com modemagazine.net new.intranet.wem.fr patrickreeves.com potamitis.gr rosascomendador.com scoot-mail.net sixty-six.org telesolutionsconsultants.com trombositting.org # Reference: https://twitter.com/tmmalanalyst/status/891998398462566400 luczki.pl # Reference: https://twitter.com/x42x5a/status/1121702655464751104 payeer-coin.icu # Reference: https://twitter.com/FewAtoms/status/1121751424096845831 http://216.170.120.137 # Reference: https://twitter.com/JAMESWT_MHT/status/1121755894511960064 # Reference: https://app.any.run/tasks/c18ca904-42a7-4cda-89ca-8960f38ff406 gcleaner.info melbettyge.top refpagdcmr.top salosvodkoi.ru # Reference: https://twitter.com/FewAtoms/status/1121780178676527104 # Reference: https://twitter.com/FewAtoms/status/1121096964869959682 http://80.82.66.58 # Reference: https://twitter.com/neonprimetime/status/1121800377727426561 hlggregoriazl.xyz # Reference: https://twitter.com/QuaestioQuestio/status/1121777747834155012 gatiropimonita.website updateservice.work # Reference: https://twitter.com/x42x5a/status/1122096731800375296 fin18.org # Reference: https://twitter.com/slayersecurity/status/1122137824076148736 basaso.mobi dpyfo.mobi enchanted.mobi ghtc.mobi hfik.mobi mobisad.mobi nefal.mobi nkdyo.xyz professional.mobi rhggy.mobi # Reference: https://twitter.com/DbgShell/status/1121583280145543168 http://84.200.43.124 # Reference: https://twitter.com/jpcert_ac/status/1121701529847603202 officecrack.gi2.cc # Reference: https://twitter.com/ViriBack/status/1122527363772887044 90551.prohoster.biz # Reference: https://twitter.com/hexlax/status/988881472403763200 untorsnot.in # Reference: https://twitter.com/0x13fdb33f/status/1122544651628576768 # Reference: https://www.kernelmode.info/forum/viewtopic.php?p=32871 # Reference: https://otx.alienvault.com/pulse/5cc6ca1e69cc6cfee80974a7 fusu.icu keke.icu letask.me luru.icu qoqo.icu susu.icu zqfgy.app # Reference: https://twitter.com/dvk01uk/status/1122803607269773312 findrew.gq # Reference: https://twitter.com/makflwana/status/1122818381856555010 http://91.243.83.154 # Reference: https://twitter.com/James_inthe_box/status/1122861244023656453 anticcolonial.cf # Reference: https://twitter.com/x42x5a/status/1122863171222560768 h-drums.cf # Reference: https://twitter.com/dvk01uk/status/1122702052482846720 ayakkokulari.com # Reference: https://twitter.com/ScumBots/status/1122874459432599555 s0ft3r.ru # Reference: https://twitter.com/Racco42/status/1122966809924329472 iceslyt.ru # Reference: https://twitter.com/Sm0k10/status/1123018192228626443 quo75fbm.club # Reference: https://twitter.com/dave_daves/status/1123143230852358145 mail-tools.info # Reference: https://twitter.com/JaromirHorejsi/status/1095328020028628992 nim3.xyz # Reference: https://twitter.com/FewAtoms/status/1123154922562678784 http://23.249.163.113 # Reference: https://twitter.com/avman1995/status/1035033720489734145 kangnaterayna.com # Reference: https://twitter.com/x42x5a/status/1123191255679291392 sellingproducts.club # Reference: https://twitter.com/JAMESWT_MHT/status/1123209767135141889 cliniquevoyage.com # Reference: https://twitter.com/JAMESWT_MHT/status/1123214806251646977 # Reference: https://www.virustotal.com/gui/domain/digital-studio.org/details # Reference: https://app.any.run/tasks/27874df0-5ed8-469e-8a53-0741bb8fca58 digital-studio.org # Reference: https://twitter.com/x42x5a/status/1123250026883497985 lovemepls.com # Reference: https://twitter.com/malwrhunterteam/status/1123262864029040641 nathanklebe.com # Reference: https://blog.talosintelligence.com/2019/04/sodinokibi-ransomware-exploits-weblogic.html http://188.166.74.218 http://45.55.211.79 # Reference: https://twitter.com/makflwana/status/1123465749027225600 http://5.188.231.210 # Reference: https://twitter.com/abuse_ch/status/1123520051599085570 auzonet.net # Reference: https://twitter.com/FewAtoms/status/1123563237084024832 http://155.138.134.133 # Reference: https://twitter.com/ScumBots/status/1122705081953132549 bitwhites.top # Reference: https://twitter.com/James_inthe_box/status/1099365566928760834 frameupds.info # Reference: https://twitter.com/James_inthe_box/status/1079757827030142976 hbr0.icu # Reference: https://twitter.com/BroadAnalysis/status/967357851520897024 teleduck.de zaremedspa.com # Reference: https://www.virustotal.com/gui/ip-address/5.45.73.63/relations individualkipitera.site individualkipitera24.site intimorg.xyz prostitutkivoronezha24.bid prostitutkiyaroslavlya76.men prostitutkisoy.com prostitutki-adlera.xyz prostitutki-sterlitamaka.xyz prostitutki-vologdy.xyz prostitutki-tomska.xyz prostitutkisochi24.xyz prostitutki-magnitogorska.xyz prostitutki-tveri.xyz prostitutki-kaliningrada.xyz prostitutki.soy prostitutkimoskvy.surf prostitutkiyaroslavlya.xyz prostitutki-surguta.xyz prostitutki-izhevska.xyz prostitutki-permi.xyz prostitutkikazani.xyz prostitutkikrasnoyarska.xyz prostitutkiomska.xyz prostitutkirostova.xyz prostitutkiufy.xyz prostitutkivoronezha.xyz prostitutki-arhangelska.xyz prostitutki-biyska.xyz prostitutki-taganroga.xyz prostitutki-tambova.xyz prostitutkipitera.soy prostitutkivologdy.win # Reference: https://twitter.com/JayTHL/status/1123591741347704832 92.222.151.63:36437 # Reference: https://twitter.com/JayTHL/status/1123829087913508865 leon-l-atkinson.club # Reference: https://app.any.run/tasks/29a96490-8160-4cf6-b458-38023c0a8220 vman23.com # Reference: https://otx.alienvault.com/pulse/5ccab2b0769cdc85663c84b9 747f9d59.ngrok.io # Reference: https://twitter.com/x42x5a/status/1123914216665174016 # Reference: https://twitter.com/JAMESWT_MHT/status/1126420676427096065 ccleaner.host ccleaner.top # Reference: https://twitter.com/Racco42/status/1123953925831446529 41.231.120.138:7700 # Reference: https://twitter.com/Racco42/status/1123974086970019840 fjlryd.com # Reference: https://twitter.com/drok3r/status/1124018831444385794 http://185.79.156.23 # Reference: https://twitter.com/x42x5a/status/1124062134378409992 a-7763.com # Reference: https://twitter.com/SickPeaSec/status/1124078107617574912 http://42.51.65.7 # Reference: https://www.virustotal.com/gui/domain/heheda.tk/relations heheda.tk # Reference: https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html (# Win.Malware.Tovkater-6956309-0) dicier.ru triobol.ru walforder.ru # Reference: https://twitter.com/TheMan___TheMan/status/1124526444955295744 http://3.14.6.4 # Reference: https://twitter.com/slayersecurity/status/1124605083554078720 ckssplcom.ga # Reference: https://twitter.com/FewAtoms/status/1124624471548149761 megaklik.top # Reference: https://twitter.com/James_inthe_box/status/1124634464447950848 hamriadhurai1.com # Reference: https://twitter.com/James_inthe_box/status/1124648077627838465 http://106.13.96.196 # Reference: https://twitter.com/VK_Intel/status/1124826957764603905 ghostru.biz # Reference: https://twitter.com/ViriBack/status/1125145578638389248 umc-tech.com # Reference: https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html (#Win.Malware.Shadowbrokers-6958490-0) # Reference: https://www.virustotal.com/gui/domain/sex.kuai-go.com/relations teetah.com thmqyo.com iadaef.com yvyqyr.com yyhhwt.com yoiupy.com abvyoh.com evoyci.com nzooyn.com niulzo.com meadgz.com yxpwly.com cberyk.com xuvvie.com nfgesv.com rjodmz.com ygjuju.com iauany.com zopkpn.com ubnuov.com kroqzu.com uxmaie.com # Reference: https://any.run/report/0159364dc4a13deea8595d019b3c1e44ca100690b3d7f2df7d79cfd86d4b36ce/03c9c9b6-a7fc-41fc-a6d1-6f35ec60f94a romelulukaku.tk # Reference: https://any.run/report/ff2824a9281b5e0ecd4b90b7779a66dfa4453b143b1115e4a9019a2f859083e0/b6a22489-c558-44f8-92b7-c6f90b8c0920 liverfook.ml # Reference: https://twitter.com/JAMESWT_MHT/status/1125358634979012613 polaroil.me # Reference: https://twitter.com/JAMESWT_MHT/status/1125388900862767105 halanis21yi84alycia.top hvkbvmichelfd.info # Reference: https://twitter.com/pmelson/status/1125070087218659330 anyconnect.stream bigip.stream fortiweb.download kaspersky.science microtik.stream owa365.bid symanteclive.download windowsdefender.win # Reference: https://twitter.com/angel11VR/status/1125765188370731009 # Reference: https://app.any.run/tasks/8bee6450-d92c-4a21-8b8e-6dbec1e777e5 joeing2.duckdns.org # Reference: https://twitter.com/RickyLafleur1/status/1054730525653508096 neperepahano.top # Reference: https://twitter.com/Jan0fficial/status/1093123191504031746 scanjet.tk # Reference: https://twitter.com/P3pperP0tts/status/979416398932905985 mdolk.ru # Reference: https://twitter.com/P3pperP0tts/status/980426489802960897 ponysolution.tk # Reference: https://twitter.com/x0rz/status/763396946371436544 andmabi.com redidfe.ru undwohed.ru # Reference: https://twitter.com/hexlax/status/740548297723678720 cussocarve.net # Reference: https://twitter.com/hexlax/status/777967707601895424 tortonrcommt.pw # Reference: https://twitter.com/hexlax/status/905947662595366913 detrogoldenmayer.com # Reference: https://twitter.com/teoseller/status/674601023076462596 beamtech-tw.com # Reference: https://twitter.com/teoseller/status/790919712909697024 zjibingfeng.com # Reference: https://twitter.com/hexlax/status/803324541858627584 ru-id21387192837.com # Reference: https://twitter.com/bomccss/status/1125902307030265856 donersonma.com # Reference: https://twitter.com/executemalware/status/1125818675519459328 58.218.66.168:32221 # Reference: https://twitter.com/VirITeXplorer/status/1126015303312396288 samuelkerns.com # Reference: https://www.virustotal.com/gui/ip-address/90.103.111.117/relations iamahackeur.servehttp.com jesuisunhackeur.servehttp.com # Reference: https://twitter.com/051R15/status/984704059109093382 jcgloball.org # Reference: https://twitter.com/dvk01uk/status/1126064949212721152 carlostevez.ga carlostevez.ml # Reference: https://twitter.com/JAMESWT_MHT/status/1126109441651245057 # Reference: https://app.any.run/tasks/004e0cf9-8b5c-41eb-a7af-d048dcb80608 green.nogel.tech safa.205dundas.com ssw.138front.com # Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/dharma-ransomware-uses-av-tool-to-distract-from-malicious-activities/ link.fivetier.com # Reference: https://twitter.com/MisterCh0c/status/1126214464334979074 ftp://computernewb.ml # Reference: https://twitter.com/VirITeXplorer/status/1126382269646741505 zuisarch.top # Reference: https://twitter.com/x42x5a/status/1126402234676404225 abscete.info fopstudios.com # Reference: https://twitter.com/x42x5a/status/1126395015566102528 bluedahab.ga # Reference: https://blog.yoroi.company/warning/campagna-gootkit-verso-pec-italiane/ effe-erre.es sigaingegneria.com # Reference: https://twitter.com/JayTHL/status/1126254567568695301 fuckchriscollingsworth.com # Reference: https://twitter.com/DissectMalware/status/1126384963497205762 http://51.89.0.134 # Reference: https://otx.alienvault.com/pulse/5cd3f89df12b501c477a6fba vision2030.cf vision2030.tk # Reference: https://twitter.com/malwrhunterteam/status/1126438072047099905 # Reference: https://twitter.com/malwrhunterteam/status/1126443181879459842 # Reference: https://twitter.com/malwrhunterteam/status/1126450000425361408 abidefr.com ambertut.com profile.sandoct.com sagdao.com # Reference: https://twitter.com/JAMESWT_MHT/status/1126435324530503680 binnatto.de megaklik.top uzocoms.eu venzatechi.online # Reference: https://twitter.com/ActorExpose/status/1126448541637984256 can25.000webhostapp.com # Reference: https://twitter.com/JAMESWT_MHT/status/1126476203253280773 ezeada.site # Reference: https://twitter.com/James_inthe_box/status/1126487574317490179 aotiahua.com # Reference: https://twitter.com/James_inthe_box/status/1126590019269840896 farmfit.ru # Reference: https://twitter.com/dvk01uk/status/1126726101055574016 xzhch.ml # Reference: https://app.any.run/tasks/b9d22ade-b917-421b-a117-e514d56fefd5 # Reference: https://www.virustotal.com/gui/domain/ndtst.com/details ndtst.com # Reference: https://twitter.com/dvk01uk/status/1121281997643636736 # Reference: https://app.any.run/tasks/653e0ec4-396d-4930-b91c-9b110debf1cf nxgenbiz.us # Reference: https://twitter.com/dvk01uk/status/1118559250471628800 terryhill.top # Reference: https://twitter.com/JAMESWT_MHT/status/1126803185753047040 gcleaner.info # Reference: https://twitter.com/malwrhunterteam/status/1126808002986639361 rapport.lcto.lu # Reference: https://twitter.com/x42x5a/status/1126832160936214529 soksanhotels.com # Reference: https://twitter.com/dave_daves/status/1126840642485784576 mecharniser.com # Reference: https://twitter.com/James_inthe_box/status/1126846840060571648 vasinvestment.tk # Reference: https://twitter.com/ViriBack/status/1126992620310470656 iujoaqstqiywertgpu.club # Reference: https://twitter.com/ViriBack/status/1127224259837878273 phumyhunggiatot.com # Reference: https://twitter.com/daphiel/status/1123927542149328896 blanki-shabloni24.ru icq.chatovod.info medialeaks.icu superjob.icu women-history.me # Reference: https://twitter.com/malware_traffic/status/810966197881671680 # Reference: http://malware-traffic-analysis.net/2016/12/19/index.html talhanterbutres.top srugbah.com # Reference: https://twitter.com/pancak3lullz/status/1022845906041929728 asterixenergy.in # Reference: https://twitter.com/pancak3lullz/status/746337709774430208 camera-test.hi2.ro summerr554fox.su # Reference: https://twitter.com/FewAtoms/status/1127531654019334144 222.187.238.16:2020 # Reference: https://twitter.com/ActorExpose/status/1127565211832135681 webarconet.000webhostapp.com # Reference: https://twitter.com/JAMESWT_MHT/status/1127927901725306881 rabbitscafenyc.com rerplan.tk ttreface.tk # Reference: https://twitter.com/malware_traffic/status/1128019457966735360 dhlexpress.club # Reference: https://twitter.com/ActorExpose/status/1128018026673131521 double-minded-elect.000webhostapp.com # Reference: https://twitter.com/ActorExpose/status/1128004155673542657 ryselis.xyz # Reference: https://twitter.com/ActorExpose/status/1128017378518892544 aquilesarocaltda.000webhostapp.com # Reference: https://twitter.com/P3pperP0tts/status/1128214459334500353 sonofgraceoffice.website # Reference: https://twitter.com/dvk01uk/status/1128239904402694144 modipond.gq # Reference: https://twitter.com/dvk01uk/status/1128286894553489408 terryhill.top # Reference: https://twitter.com/JayTHL/status/1128405725888307200 maketheswitch.ca # Reference: https://twitter.com/58_158_177_102/status/1128310206327283713 mondayis.info # Reference: https://twitter.com/virusbtn/status/1128556881079930881 ezinebachelor.top # Reference: https://twitter.com/ViriBack/status/1128828811796242433 187.ip-54-36-162.eu # Reference: https://twitter.com/Racco42/status/1128955163023171584 myscs.ca # Reference: https://twitter.com/JAMESWT_MHT/status/1128974517144031232 ybtvmt.info # Reference: https://twitter.com/x42x5a/status/1128995801286492162 tandf.xyz # Reference: https://twitter.com/pancak3lullz/status/1129392247924035584 brsystem1000k33.com # Reference: https://twitter.com/James_inthe_box/status/1129452679250321408 officeboss.xyz # Reference: https://app.any.run/tasks/4a96e0a9-8b6a-46ac-8e31-5d7d6a417720/ asnkar.me # Reference: https://twitter.com/dave_daves/status/1129401061696036864 http://13.58.74.46 # Reference: https://twitter.com/James_inthe_box/status/1129514888148086784 botonbot.net ruit.live # Reference: https://twitter.com/malware_traffic/status/1129758980585283584 alimstores.com # Reference: https://twitter.com/Jouliok/status/1129662977664274432 microsoft-products.com 228276216.net # Reference: https://twitter.com/ActorExpose/status/1130119521770102791 thenewsystemsetup.online # Reference: https://www.virustotal.com/gui/url/a23b74470167c11d15f0ece4f0859c10f411a21f895836a7df383a87ce857930/detection android-fanatics.xyz # Reference: https://twitter.com/JAMESWT_MHT/status/1130401062710648832 # Reference: https://app.any.run/tasks/e4f79fa5-1908-4791-8e49-bd966a4ff139/ maso.at # Reference: https://twitter.com/x42x5a/status/1130421342782857217 ethclick.live # Reference: https://twitter.com/dave_daves/status/1130465690740232193 gdres.tk # Reference: https://twitter.com/FewAtoms/status/1130496077759746050 mnsoorysoemsystems.com # Reference: https://twitter.com/James_inthe_box/status/1130541505356095488 # Reference: https://pastebin.com/LFHR1XX1 absentselection.icu chargement-pro.icu commande.icu commandeapp.icu commandehq.icu commandehub.icu commandelabs.icu continentaltourist.icu document-joint.icu documentpro.icu emaillabs.icu emailly.icu opencommande.icu proapp.icu prohq.icu standardpopulation.icu # Reference: https://twitter.com/ActorExpose/status/1130199745287413760 mywegsite.com # Reference: https://twitter.com/dvk01uk/status/1130735131793207296 handuruz.cf handuruz.ga # Reference: https://twitter.com/JAMESWT_MHT/status/1130797257375330304 office365-cloud5.com office365-cloud5.space # Reference: https://twitter.com/ViriBack/status/1130814960517427201 carsitxal.tk # Reference: https://twitter.com/James_inthe_box/status/1130882574853632002 http://82.221.139.139 # Reference: https://twitter.com/ViriBack/status/1131000954613108737 http://54.37.141.202 # Reference: https://twitter.com/FewAtoms/status/1131234678550220805 faqshub.xyz # Reference: https://twitter.com/ViriBack/status/1131318550759641088 lucid44.xyz # Reference: https://twitter.com/ViriBack/status/1131542334850699264 modestworld.top # Reference: https://twitter.com/James_inthe_box/status/1131717489824428032 # Reference: https://www.virustotal.com/gui/domain/baihes.com/relations # Reference: https://www.virustotal.com/gui/domain/coipip.com/relations baihes.com coipip.com # Reference: https://twitter.com/blackorbird/status/1131790385884278784 asia-kunsthandwea1-online.com kkrudy.com # Reference: https://twitter.com/x42x5a/status/1131822281452380160 # Reference: https://twitter.com/James_inthe_box/status/1131855420073496576 airliness.info donaldcity.club nevernews.club # Reference: https://twitter.com/James_inthe_box/status/1131927201496961024 tryfast-v52.cf # Reference: https://twitter.com/FewAtoms/status/1131961073219899394 http://82.221.139.139 eyeseepotential.com # Reference: https://twitter.com/Racco42/status/1132056583293329408 eurogov.pw # Reference: https://twitter.com/BroadAnalysis/status/880488094277009408 batbetorzen.com # Reference: https://citizenlab.ca/2019/05/burned-after-reading-endless-mayflys-ephemeral-disinformation-campaign/ 51.255.101.144:4444 twitter.com-users.info # Reference: https://twitter.com/HONKONE_K/status/1132892192719101952 naiei-aldiel.16mb.com # Reference: https://twitter.com/x42x5a/status/1130421342782857217 ethclicks.live # Reference: https://twitter.com/JAMESWT_MHT/status/1133024098542604288 ethchain.live # Reference: https://twitter.com/x42x5a/status/1133025211606077440 ethmoney.live ethcrypto.live ethpromo.live ethmoney.club ethmoney.club # Reference: https://twitter.com/jorgemieres/status/1133052016568274950 vbtz.cf # Reference: https://twitter.com/FewAtoms/status/1133059049887604737 vaddesobhanadri.com # Reference: https://twitter.com/cybsecbot/status/1133275353349316610 gettyimages-okta.com harpercollins-okta.com login-hulu.com dropbox-apps.com webmail-premierpr.com # Reference: https://twitter.com/dvk01uk/status/1133294737006518272 oliver-khan.tk # Reference: https://twitter.com/HONKONE_K/status/1133205335877885952 ip1.qqww.eu # Reference: https://twitter.com/Racco42/status/1133330864216133632 secureserverftp.xyz # Reference: https://twitter.com/ActorExpose/status/1133339071630204928 ntexplorerlite.com # Reference: https://twitter.com/MalwarePatrol/status/1133417154009870337 banner.poker.williamhill.com # Reference: https://twitter.com/MalwarePatrol/status/1133054765573844993 attachments.goapk.com # Reference: https://twitter.com/MalwarePatrol/status/1132692376848281600 img2.img.9xiu.com # Reference: https://twitter.com/tkanalyst/status/1133505361145556993 makemoneyeasy.live # Reference: https://app.any.run/tasks/324f1dc9-5cce-42b4-bec0-f572b37bedfa/ kentona.su # Reference: https://twitter.com/raby_mr/status/1133347073154097153 # Reference: https://app.any.run/tasks/7e23f973-5f69-4ef0-af26-427e975e308d/ # Reference: https://www.virustotal.com/gui/file/272e25e3aa9d792281a282c2f6cd40d59c5b8fe432ae93bb5015899ceb173dd1/behavior/Dr.Web%20vxCube # Reference: https://www.virustotal.com/gui/ip-address/185.142.97.228/relations # Reference: https://www.virustotal.com/gui/ip-address/217.182.200.111/relations 185.142.97.228:65233 217.182.200.111:21 217.182.200.111:35046 217.182.200.111:35579 217.182.200.111:35829 217.182.200.111:35348 http://217.182.200.111 # Reference: https://twitter.com/SickPeaSec/status/1133660498023501824 129.204.248.16:65534 # Reference: https://twitter.com/JAMESWT_MHT/status/1133701006238375937 anmcousa.xyz # Reference: https://twitter.com/JAMESWT_MHT/status/1133691719348830208 bobbyworld.top # Reference: https://twitter.com/P3pperP0tts/status/1133897358402564096 http://193.32.161.77 # Reference: https://twitter.com/dvk01uk/status/1133950202233200640 amanihackz.com # Reference: https://twitter.com/SoulRage6/status/1133994359987277831 http://84.38.135.164 # Reference: https://twitter.com/JAMESWT_MHT/status/1134050405430808577 # Reference: https://app.any.run/tasks/f1a352c4-1174-41bb-809f-ab4ed0b6be7c/ redinqtongvlftadf.xyz # Reference: https://twitter.com/MalwarePatrol/status/1134141928541446146 tripdownload.com # Reference: https://twitter.com/FewAtoms/status/1134146787953000449 moonday-v54.tk # Reference: https://twitter.com/SickPeaSec/status/1134180182544093186 190.37.209.37:3569 # Reference: https://twitter.com/JAMESWT_MHT/status/1134438287358271489 sj81helmer.top # Reference: https://twitter.com/BleepinComputer/status/1134227276101554176 up-date.to # Reference: https://twitter.com/VK_Intel/status/1134606562180382720 li888-183.members.linode.com # Reference: https://www.virustotal.com/gui/domain/swtest.ru/relations [a-z0-9]{10}\.temp\.swtest\.ru # Reference: https://twitter.com/ViriBack/status/1134912329597050880 sm.rooderoofing.com.au # Reference: https://app.any.run/tasks/09c0bd11-864d-41d5-85b2-9344baa1d360/ big-partynew.ru # Reference: https://twitter.com/MalwarePatrol/status/1135410287992025088 www8.piaodown.com # Reference: https://twitter.com/securiteoff/status/740562516699447296 # Reference: https://www.virustotal.com/gui/domain/lasersteam178.ru/relations lasersteam178.ru # Reference: https://twitter.com/pancak3lullz/status/748146742571372544 # Reference: https://www.virustotal.com/gui/domain/19891108.info/relations 19891108.info # Reference: https://twitter.com/Jouliok/status/1135293849314693126 http://82.221.139.139 # Reference: https://twitter.com/dms1899/status/1135693930492829696 proapp.icu # Reference: https://twitter.com/JAMESWT_MHT/status/1135825545038401536 ar-energyservice.com # Reference: https://www.virustotal.com/gui/domain/yourdocument.biz/relations yourdocument.biz # Reference: https://twitter.com/eComscan/status/1136181192796061697 dns-forwarding.com # Reference: https://speakerdeck.com/ashley920/into-the-fog-the-return-of-icefog-apt?slide=35 dnsedc.com # Reference: https://speakerdeck.com/ashley920/into-the-fog-the-return-of-icefog-apt?slide=35 dellnewsup.net # Reference: https://twitter.com/0xrb/status/1135869164239769601 (# root domain) yiffgallery.xyz # Reference: https://www.virustotal.com/gui/domain/sportsnewsa.net/relations sportsnewsa.net # Reference: https://twitter.com/58_158_177_102/status/1136162140283236352 firedron.top # Reference: https://app.any.run/tasks/6faf55b6-9675-4c23-acf6-e165e1938e43/ bazar.services ds38.test-hf.su # Reference: https://twitter.com/James_inthe_box/status/1136631137571237888 mysecrethope.com # Reference: https://twitter.com/benkow_/status/1136623836936495104 china-hql.com # Reference: https://twitter.com/FewAtoms/status/1136672182967439361 yonghonqfurniture.com # Reference: https://twitter.com/malware_traffic/status/1136682537005305858 flash2019.xyz # Reference: https://twitter.com/ViriBack/status/1136695799818215424 cvbt.ml # Reference: https://twitter.com/malware_traffic/status/1136690489757974538 http://209.141.46.175 http://54.36.218.96 # Reference: https://twitter.com/KorbenD_Intel/status/1136765613412671488 ddl7.data.hu # Reference: https://twitter.com/dave_daves/status/1137001089088315392 http://212.73.150.157 # Reference: https://twitter.com/VK_Intel/status/1137003147887566848 gstestat.com # Reference: https://twitter.com/MalwarePatrol/status/1137041033609584640 vilamax.home.pl # Reference: https://twitter.com/James_inthe_box/status/1137067993739943937 http://45.76.37.123 melirossa-shop.xyz zipmatchpost.net # Reference: https://www.malware-traffic-analysis.net/2017/12/22/index.html regwide.club streetsave.club # Reference: https://twitter.com/anyrun_app/status/1138078003815206912 # Reference: https://app.any.run/tasks/2aa81217-cd73-41af-901b-d578b5bbf041/ keuhne-negal.com # Reference: https://myonlinesecurity.co.uk/it-looks-like-another-dns-compromise-hack-happening/ # Reference: https://www.virustotal.com/gui/ip-address/176.103.48.228/relations http://176.103.48.228 baranevents.com baranweddings.com ctifsouteni.icu etapportert.icu ffrirbesoin.icu hrhuae.com ielassocier.icu ourmazdcompany.net samaste.net sarahelizabethjewelry.com # Reference: https://twitter.com/P3pperP0tts/status/1138360072168509440 # Reference: https://twitter.com/P3pperP0tts/status/1138373736187518977 # Reference: https://app.any.run/tasks/d9984618-81f4-48e5-883e-ee5591d73483/ qxyl.date 148.70.57.37:878 148.70.57.37:3 # Reference: https://twitter.com/P3pperP0tts/status/1138352249007222784 # Reference: https://twitter.com/P3pperP0tts/status/1140603446921433090 47.112.130.235:258 47.112.130.235:280 # Reference: https://twitter.com/James_inthe_box/status/1138411458830655488 http://176.105.252.168 # Reference: https://otx.alienvault.com/pulse/5cff9b9b7a111ab1f15d7819 # Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/cve-2019-2725-exploited-and-certificate-files-used-for-obfuscation-to-deliver-monero-miner/ 139.180.199.167:1012 45.32.28.187:1012 # Reference: https://twitter.com/FewAtoms/status/1138477829434351624 2be431d7.ngrok.io niggalife.5gbfree.com sheddy.5gbfree.com # Reference: https://twitter.com/James_inthe_box/status/1138478169755754496 46fordhamavenue-camberwell.com haveahealthy.life homepage-iclouds.com # Reference: https://twitter.com/bomccss/status/1138620211140030464 elievarsen.ru # Reference: https://twitter.com/HarioMenkel/status/1138725169323790336 bluecornerblog.xyz # Reference: https://www.virustotal.com/gui/ip-address/121.41.39.145/relations 121.41.39.145:7149 http://121.41.39.145 # Reference: https://twitter.com/James_inthe_box/status/1138930135548157952 http://5.206.226.15 # Reference: https://twitter.com/FewAtoms/status/1139177275977555970 sripipat.com # Reference: https://twitter.com/James_inthe_box/status/1139206166385348613 138.68.16.227:8080 # Reference: https://twitter.com/yvesago/status/1139209832014274562 fujielectric.cf # Reference: https://twitter.com/P3pperP0tts/status/1139277669575659529 182.254.220.148:88 # Reference: https://twitter.com/gorimpthon/status/1139351204540977152 # Reference: https://app.any.run/tasks/51d14dec-d0de-4718-b5f1-3ae489013df9/ 185.106.122.120:80 185.140.248.17:80 # Reference: https://twitter.com/58_158_177_102/status/1139369225863065602 185.164.72.213:80 # Reference: https://twitter.com/dave_daves/status/1139509798926467073 # Reference: https://twitter.com/FewAtoms/status/1139608798119768065 adl-groups.com deluxerubber.com greatmischiefdesign.com # Reference: https://twitter.com/MalwarePatrol/status/1139758944224731141 a0310625.xsph.ru # Reference: https://twitter.com/FewAtoms/status/1139841634655277056 check511.duckdns.org # Reference: https://twitter.com/P3pperP0tts/status/1140333563319128064 222.186.172.44:9 # Reference: https://twitter.com/P3pperP0tts/status/1140335879493492737 785sou.xyz # Reference: https://twitter.com/JAMESWT_MHT/status/1140525091110998017 mondaydrem.ru # Reference: https://twitter.com/x42x5a/status/1140530422172045312 storage.alfaeducation.mk # Reference: https://twitter.com/JAMESWT_MHT/status/1140603897523949568 # Reference: https://app.any.run/tasks/7555c697-f2af-42e5-8a14-ae19d7657aa9/ sventiskai.lt 45.67.14.157:80 # Reference: https://twitter.com/nullcookies/status/1140780769914302467 belllflight.com # Reference: https://twitter.com/VirITeXplorer/status/1140875655955079168 btta.xyz # Reference: https://twitter.com/papa_anniekey/status/1140825590632570880 blogmason.mixh.jp # Reference: https://twitter.com/luc4m/status/1140928778799124482 http://185.230.161.116 # Reference: https://twitter.com/malware_traffic/status/1141083006574178304 tor2net.com # Reference: https://twitter.com/58_158_177_102/status/1141226169720815616 bibicity.ru # Reference: https://twitter.com/James_inthe_box/status/1141326136212766720 http://185.158.248.80 # Reference: https://twitter.com/James_inthe_box/status/1141429831688605697 joeing.duckdns.org # Reference: https://twitter.com/SecurityGuyPhil/status/1141466335592869888 # Reference: https://twitter.com/ItsReallyNick/status/1141517097991835648 # Reference: https://otx.alienvault.com/pulse/5d0aeb6260c8332e03da9063 89.34.111.113:443 185.49.69.210:80 # Reference: https://www.fireeye.com/blog/threat-research/2019/03/winrar-zero-day-abused-in-multiple-campaigns.html http://185.162.131.92 http://185.49.71.101 # Reference: https://twitter.com/P3pperP0tts/status/1141611364953337856 94.191.94.149:8080 # Reference: https://twitter.com/P3pperP0tts/status/1141961999796113408 # Reference: https://twitter.com/FewAtoms/status/1144567670555254787 103.45.174.46:81 103.45.174.46:8080 # Reference: https://twitter.com/James_inthe_box/status/1142005711808765952 jplymell.com # Reference: https://twitter.com/JAMESWT_MHT/status/1142020465063538689 # Reference: https://app.any.run/tasks/1f643b34-6d92-4bb6-88e1-2aa21e524d20/ crypy.top # Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/cryptocurrency-mining-botnet-arrives-through-adb-and-spreads-through-ssh/ # Reference: https://www.virustotal.com/gui/ip-address/45.67.14.179/relations http://45.67.14.179 # Reference: https://twitter.com/peterkruse/status/1141993808105811968 proyectobasevirtual.com # Reference: https://twitter.com/JAMESWT_MHT/status/1142065672387792896 makemoneyeasywith.me # Reference: https://twitter.com/James_inthe_box/status/1140768910465101824 aeg.tmc.mybluehost.me # Reference: https://twitter.com/FewAtoms/status/1142143526165073920 http://185.82.200.189 # Reference: https://twitter.com/P3pperP0tts/status/1142248371631140867 http://149.202.29.67 # Reference: https://twitter.com/executemalware/status/1141882448063737857 blogmason.mixh.jp # Reference: https://twitter.com/DissectMalware/status/1142979828339150850 aesculapius.000webhostapp.com # Reference: https://twitter.com/P3pperP0tts/status/1143142047987195904 baidu.wookhost.me # Reference: https://myonlinesecurity.co.uk/more-agenttesla-keylogger-and-nanocore-rat-in-one-bundle/ mechanicaltools.club # Reference: https://twitter.com/killamjr/status/1110889738653913089 valdez.pw # Reference: http://vxcube.com/tools/domain/mailsa-qau.com/relate_iocs 153-66-11-33.com 154-65-22-26.com 154-65-22-29.com 154-66-11-33.com 154-66-21-29.com 154-66-21-30.com 154-66-21-33.com 154-66-22-29.com anima-sana.cz askdrthomas.com beetfeetlife.bit btoaspa.xyz canadianposcorp.com chaibuckz.com checkmyurls.com cognitionclassroom.com dual-it.com fastandup.co.in fin-plcukltd.com gracesandoval.com id-19190249012904912904190249129490219049129419.pro intecwi.org internettenparakazanma.org istanbulside.net ivanajankovic.com jointings.org kitcross.ca llkty.gq masee.info mcnconstruction.net mincoindia.com onlinemail.kz ox2ybk1nf4muo3.net pekip-und-mehr.de pilarrakyat.com propertiesfirst.com rencontres-idf.fr sewardsfollybarandgrill.net shawneklassen.com theevanescense.com tiltangeomatics.tk trafficartspace.com unlaca.info unlaca.net unlaca.org # Reference: https://twitter.com/killamjr/status/1143498263892582402 deserv.ie/gunie/ # Reference: https://twitter.com/JAMESWT_MHT/status/1143514933646245889 up-dates.to svarog-jez.com # Reference: https://www.lacework.com/cve-2019-3396-poc-deep-dive/ # Reference: https://otx.alienvault.com/pulse/5d12356ce0b0b1db4062231e http://37.44.212.223 51.15.56.161:201 68.183.164.16:2121 jukesbrxd.xyz # Reference: https://twitter.com/KorbenD_Intel/status/1143539589849767936 selly.duckdns.org # Reference: https://twitter.com/OttoScav/status/1143567557649154048 birthdayeventdxb.com cscuniversal.com # Reference: https://twitter.com/malware_traffic/status/1143624752956940288 kooovaqas.biz naaleazas.net rogojaob.info vaxeiayas.mobi oltaeazas.mobi amlivaias.us ijcaiatas.name ufayubja.me # Reference: https://twitter.com/luc4m/status/1143808322430218241 aeg.tmc.mybluehost.me/xx/ # Reference: https://twitter.com/MalwarePatrol/status/1140664914417205249 cloud.xenoris.fr # Reference: https://twitter.com/neonprimetime/status/1116754139281805317 eventricity.biz # Reference: https://twitter.com/FewAtoms/status/1144223806195716098 mikejesse.top # Reference: https://twitter.com/h4ckak/status/1144173749056315392 http://217.163.23.19 # Reference: https://twitter.com/JAMESWT_MHT/status/1144238644460433408 qwerty123456.space # Reference: https://twitter.com/sniko_/status/1144454852698705924 digidick.xyz # Reference: https://twitter.com/x42x5a/status/1144554536809435136 42.51.194.10:81 # Reference: https://twitter.com/x42x5a/status/1144559810123370496 http://114.118.80.241 114.118.80.241:8081 # Reference: https://twitter.com/James_inthe_box/status/1144604109103722496 natchotuy.com # Reference: https://twitter.com/FewAtoms/status/1144636921437655041 http://123.207.143.211 # Reference: https://twitter.com/The_d0c_T0R/status/1144640214293520385 http://47.95.252.24 # Reference: https://twitter.com/Paladin3161/status/1144641457992556546 119.188.250.55:8080 # Reference: https://twitter.com/dineshdina04/status/1008621004896198657 # Reference: https://app.any.run/tasks/a8c1f660-71ae-4ab1-a217-11256fd6a158/ 111.73.46.110:2233 # Reference: https://twitter.com/ViriBack/status/970443789234929664 cajo.com.au # Reference: https://twitter.com/TelecomixSyria/status/301863376395587584 # Reference: https://www.virustotal.com/gui/domain/syrian-martyrs.com/details syrian-martyrs.com # Reference: https://twitter.com/ViriBack/status/1145040024297181186 mimiplace.top # Reference: https://github.com/pan-unit42/iocs/blob/master/rarog/c2_w_timestamps.csv (# root domains) 0100.name 111orion.xyz 1gq.ru 4spirin.pw 5max.xyz 7bog.ru abibletit.ru accbmosol.com admina.xyz adminbtc.ru albertsrun.xyz badboy.pw banddos.ru bcjsoinlsidun3.eu bdwiki.ru bfvvsdfvjbvcdg.pw billionaireboys.pw bitcoin.lisx.ru bitoklg.ru bizmailcon.ru bjkdfhbvvr.pw bldimablog.xyz bnknw.pw bsdfbsadjfb.pw bsdfksbdfj.pw bsdfvsh.pw btc-db.com btchash777.ru btcminergate.ru bvjhsdvbfjsd.pw centralfargo.com checkingsite.site checkmeout.ru chvpobidno.com cryptongram.org cryptopoly.pw csgotrade.vip csobik.xyz dcr048dd.ru dedpanel.xyz def397.pw dfgsfdkj3jk4h5.ru dfsfgsdfg.pw digital-game.ru dismay.pw doomed.cf dratuti.info drujbanu.pw enable.pw enigma-top.bid euirterhgt.pw f1eriya.pw fl-god.pw games-revi.ru getdownload4812.ru ghjdthrf.tk googleanalistics7431.ru gopanel.ru gslll.ru hfyljv.ru highwrite.ru hjbkfwejhkfbj2334f.pw hjdskyewljfdn.pw hlebb.pw how-to-how.club hsnqy2no.host ibsmoney.ru igogos.ga incor.xyz itemsbet.com itsmydomain.xyz jackblack.pw jisec.xyz kdjsnbfgkjdf.pw kefirsports.xyz kevyank.ru kiras.kz kolokolchik.info kopilka.io kwam.gdn land-seo.ru lkasdjfklhngn.pw m234.xyz macadmin.xyz mainivent.xyz malmine.ru maxpinezzz.ru microtrend.xyz min2rarllsknfoeihe.ru minerarog.xyz minergood.ru minerhash.pw minetbot.online money-exchanger.info mousehous.gdn moy-mayner.ru mrgap.pw mybblog.xyz mynebo7.xyz mysuperprojectnumone.xyz nbvnfuyjft567uygvhgfc.pw nebuchadnezzar.xyz newmine.ru norfest1x.win o4kobati.xyz odmenarmi9z.site plastileen.pw poiwebm.ru rand0msh1tm1n3r.xyz rar740.xyz rarog-cobetchik.ru raznospower.ru realbarbos.life realtek.website recheckmail24.ru rikimaru7.pw rrealstats.ru rublikzarabotok.com sadating.xyz sanya330.pro sdbfhjbsdfjh.pw sdfbdsfjhkbgdf.pw sdfvbshgdvf.pw shilo.ml soft-portal.kz spaceman07.ru spiridus.pw staglion.pro stingtek.com sychost.com system-analyse.win tapblackmoney.pw tiberious.xyz torprojectonioncheck.com tyha84.info ugrym.pw vergames.ru webbserfer.ru wilhost.com wolframalpha.pw wwqrwwwreewrqwer.xyz xgames.su xyw.space zerstoren.pro zloki.pw # Reference: https://www.virustotal.com/gui/ip-address/23.234.51.104/relations 11fhfh.com 11xhxh.com 11xjxj.com 123dmdm.com 123fhfh.com 123hyhy.com 123jjyy.com 123kbkb.com 123xhxh.com 123xjxj.com 123xmxm.com 123xxbb.com 123yybb.com 22ctct.com 22fhfh.com 22hyhy.com 33dmdm.com 33jjyy.com 33xjxj.com 33xxaa.com 44ctct.com 44dmdm.com 44fhfh.com 44jjyy.com 44qxqx.com 44xhxh.com 44xjxj.com 44xmxm.com 44xxaa.com 44xxpp.com 520dmdm.com 520fhfh.com 520qxqx.com 520ssbb.com 520xhxh.com 520xjxj.com 520xmxm.com 55dmdm.com 55fhfh.com 55jjyy.com 55qxqx.com 55sdsd.com 55xhxh.com 55xjxj.com 55xxaa.com 55xxpp.com 628ai.com 6688cdn.com 66bbmm.com 66dmdm.com 66fhfh.com 66hyhy.com 66jjyy.com 66qxqx.com 66xhxh.com 66xjxj.com 66xxaa.com 66xxpp.com 6ctct.com 77dmdm.com 77hyhy.com 77xhxh.com 77xxaa.com 7ctct.com 7ufuf.com 888dmdm.com 888fhfh.com 888hbhb.com 888kbkb.com 888mbmb.com 888xhxh.com 888xjxj.com 888xmxm.com 88cscs.com 88ctct.com 88dmdm.com 88fhfh.com 88jjyy.com 88mkmk.com 88xhxh.com 88xjxj.com 88xxpp.com 890ai.com 898ai.com 999dmdm.com 999fhfh.com 999kbkb.com 999xhxh.com 999xjxj.com 999xmxm.com 99bbmm.com 99dmdm.com 99fhfh.com 99jjyy.com 99ppss.com 99xhxh.com 99xjxj.com 99xxpp.com avav99.com bcbc11.com bcbc22.com btbt33.com btbt44.com btbt77.com didi22.com gbgb11.com gbgb66.com mbmb55.com mbmb99.com nbnb33.com # Reference: https://www.virustotal.com/gui/ip-address/23.234.51.106/relations 5444666.com lh590.com lh65.com lh660.com lh993.com # Reference: https://www.virustotal.com/gui/ip-address/23.234.51.105/relations 1122sb.com 1188sb.com 629k.com yh558877.com # Reference: https://twitter.com/FewAtoms/status/1145357973579083778 securefilesdatas23678842nk.cf # Reference: https://app.any.run/tasks/8df63024-05d4-4d67-bea9-ecdb1b9884a7/ nixtin.us # Reference: https://twitter.com/ViriBack/status/1145366573898747905 http://190.97.166.189 # Reference: https://twitter.com/JayTHL/status/1145425745315008516 flavorizedjuice.de # Reference: https://twitter.com/0bfusCat/status/1145269019374698496 http://31.207.34.129 # Reference: https://twitter.com/luc4m/status/1145650430476783617 http://23.249.167.147 # Reference: https://twitter.com/malware_traffic/status/1145793372126416897 http://31.184.252.188 cellfom.com chungfamily.us # Reference: https://twitter.com/david_jursa/status/1146014269940609025 beahero4u.com # Reference: https://twitter.com/ps66uk/status/1146090626498347009 holahospice.org john1715.com # Reference: https://twitter.com/CNMF_VirusAlert/status/1146130046127681536 (# CVE-2017-11774) # Reference: https://twitter.com/obiwanblee/status/1146152208976584704 # Reference: https://otx.alienvault.com/pulse/5d1bb4b9a3f21fdc4d509f47 customermgmt.net # Reference: https://twitter.com/James_inthe_box/status/1146183202467303424 xyxyxyxyxyxyxywkworkforworldwifewide.duckdns.org # Reference: https://www.virustotal.com/gui/file/4c10f8881ab7b1b47a4db73fb9052e23efbfcecf4b2b28c569c01faba944d482/community rainbowtrade.net # Reference: https://twitter.com/James_inthe_box/status/1146446614367576065 bonus-ssl.com # Reference: https://twitter.com/malware_traffic/status/1146503887215636480 cohen-nicoleau.com mkzd.ru # Reference: https://twitter.com/alex_lanstein/status/1146073296502501376 http://185.222.58.151 # Reference: https://twitter.com/killamjr/status/1146521318503964678 equipmnts.com # Reference: https://www.virustotal.com/gui/domain/alcatelupd.xyz/relations alcatelupd.xyz # Reference: https://www.virustotal.com/gui/domain/symcorp.xyz/relations symcorp.xyz # Reference: https://twitter.com/FewAtoms/status/1146804894785056768 http://35.230.88.182 # Reference: https://twitter.com/James_inthe_box/status/1146896227000209408 http://92.119.113.32 xzshadows13.icu # Reference: https://twitter.com/anyrun_app/status/1147040289300910080 ciber1250.gleeze.com # Reference: https://twitter.com/VK_Intel/status/1147276748331081728 # Reference: https://www.virustotal.com/gui/domain/jsc0nten1maker.com/details jsc0nten1maker.com # Reference: https://twitter.com/benkow_/status/1147443642728103936 trading-secrets1.ru # Reference: https://twitter.com/FewAtoms/status/1147484142218752002 janavenanciomakeup.com.br # Reference: https://twitter.com/P3pperP0tts/status/1147540932490719233 58.218.66.92:1990 xdzzt.cn # Reference: https://twitter.com/pancak3lullz/status/748521146321035264 htver.com # Reference: https://twitter.com/FewAtoms/status/953966104887676928 gaming4life.org # Reference: https://twitter.com/p5yb34m/status/1147269466293592064 servicess.online # Reference: https://twitter.com/FewAtoms/status/1147829136146219009 bizimedebiyatimiz.com # Reference: https://www.virustotal.com/gui/domain/metoristrontgui.info/relations metoristrontgui.info # Reference: https://www.virustotal.com/gui/domain/forstraus.co/relations forstraus.co # Reference: https://twitter.com/seguridadyredes/status/1054112048559329282 printnow.club # Reference: https://twitter.com/P3pperP0tts/status/1148122871883030528 http://118.89.185.104 111.231.142.229:9921 # Reference: https://twitter.com/david_jursa/status/1148199946618732544 # Reference: https://app.any.run/tasks/839a2d29-1bf5-4d54-bd12-e179f9d1154f/ 104.203.92.254:8080 # Reference: https://twitter.com/vigilantbeluga/status/1148118035581960193 expressdatings.info herasimaonline.biz ohso.site # Reference: https://twitter.com/jeromesegura/status/1006616151118397440 feelingsdi.xyz # Reference: https://twitter.com/DynamicAnalysis/status/1148316218199334912 fpayyhh.com # Reference: https://twitter.com/malware_traffic/status/1148330383634812933 sgbzw12y.club hlilaf44erick.xyz kherthax0yua.info # Reference: https://twitter.com/JayTHL/status/1118595885208866819 # Reference: https://twitter.com/JayTHL/status/1118650213084872705 helplog[0-9]{3,4}\.(ml|ga|gq|tk|cf) # Reference: https://twitter.com/FewAtoms/status/1148623685412110336 creativecompetitionawards.gq # Reference: https://twitter.com/x42x5a/status/1148603527444480000 obichereu.website # Reference: https://twitter.com/P3pperP0tts/status/1148511098724933632 111.30.107.131:228 # Reference: https://twitter.com/James_inthe_box/status/1148598156109799425 http://34.214.24.187 # Reference: https://twitter.com/James_inthe_box/status/1148652274727575558 apertona.com # Reference: https://twitter.com/benkow_/status/1128639735960875010 abovethecrowd.site # Reference: https://twitter.com/benkow_/status/1148658101463203841 ubercoupon.site # Reference: https://twitter.com/nao_sec/status/1148799237049552896 # Reference: https://app.any.run/tasks/dcae4160-a76a-483c-ae4c-788eed561103/ # Reference: https://www.virustotal.com/gui/ip-address/195.154.255.174/relations http://194.109.206.212 http://195.154.255.174 http://46.165.250.224 http://162.247.74.200 http://178.17.171.78 http://188.138.88.42 http://204.85.191.9 http://23.129.64.207 http://91.203.146.126 # Reference: https://twitter.com/Ledtech3/status/1148883757094645760 http://5.56.133.137 # Reference: https://twitter.com/mrmolley/status/1149120144305729536 177.37.79.206:3000 http://35.193.98.140 http://78.201.31.9 # Reference: https://twitter.com/1ZRR4H/status/1149282913751617536 # Reference: https://www.virustotal.com/gui/ip-address/91.209.70.21/relations accesso-cupo-de-tarjeta-cl.cf accesso-cupo-de-tarjeta-cl.gq activacion-aumento-tarjeta-cl.cf activacion-aumento-tarjeta-cl.gq active-cupo-de-2-millones-avance-cl.cf active-cupo-de-2-millones-avance-cl.gq active-cupo-de-avances-cl.cf active-cupo-de-avances-cl.gq aprobacion-cupo-web-cl.cf aprobacion-cupo-web-cl.gq aprobado-cupo-de-avance-cl.cf aprobado-cupo-de-avance-cl.gq aumento-activo.cf aumento-activo.gq aumento-aprobado.cf aumento-aprobado.gq aumento-cupo-aprobacion-cl.cf aumento-cupo-diferido-cl.cf aumento-cupo-diferido-cl.gq aumento-para-clientes.cf aumento-servicios.cf aumento-servicios.gq aumento-validacion-cupo-de-avance-en-tarjeta-cl.cf aumento-validacion-cupo-de-avance-en-tarjeta-cl.gq aumento-verificado-de-tarjeta-cl.cf aumento-web-activado.cf aumento-web-activado.gq avance-activo-en-cuotas-cl.cf avance-aprobado-cl.cf avance-aprobado-cl.gq avance-cupo-diferido-cl.cf avance-cupo-diferido-cl.gq avance-cupo-diferido-personas-cl.cf avance-cupo-diferido-personas-cl.gq avance-cupo-informacion-cl.cf avance-cupo-informacion-cl.gq avance-cupo-simulador-web.cf avance-cupo-simulador-web.gq avance-de-aumento-cl.cf avance-de-aumento-cl.gq avance-de-confimacion-web-cl.cf avance-de-confimacion-web-cl.gq avance-de-cupo-en-linea-personal-cl.cf avance-de-cupo-en-linea-personal-cl.gq avance-en-linea-diferido-web-cl.cf avance-en-linea-diferido-web-cl.gq avance-en-linea-verificado-cl.cf avance-en-linea-verificado-cl.gq avance-en-linea-web-simulador-cl.cf avance-en-linea-web-simulador-cl.gq avance-online-cl.cf avance-online-cl.gq avance-personas-cuotas-diferido-cl.cf avance-personas-cuotas-diferido-cl.gq avance-solicitud-cupo.cf avance-solicitud-cupo.gq avance-web-activo-simulador-cl.cf avance-web-aprobado-cl.cf avance-web-aprobado-cl.gq avance-web-confirmacion-cl.cf avance-web-confirmacion-cl.gq avance-web-servicios-cl.cf avance-web-servicios-cl.gq avances-cuotas-diferido-promo-cl.cf avances-cuotas-diferido-promo-cl.gq avances-online-asignado-cl.cf avances-online-asignado-cl.gq consulta-activacion-de-avance-cl.cf consulta-activacion-de-avance-cl.gq cupo-avance-credito-en-linea-cl.cf cupo-avance-credito-en-linea-cl.gq cupo-avance-online-cl.cf cupo-avance-online-cl.gq cupo-de-avance-online-cl.cf cupo-de-avance-online-cl.gq cupo-disponible-avance-cl.cf cupo-disponible-avance-cl.gq cupo-financiado-cl.cf cupo-financiado-cl.gq cupo-prestamo-cl.cf cupo-prestamo-cl.gq cupo-tarjeta-activo-cl.cf cupo-tarjeta-activo-cl.gq cupo-tarjeta-aumento.cf cupo-tarjeta-aumento.gq cupo-tarjeta-cuotas-diferido-cl.cf cupo-tarjeta-cuotas-diferido-cl.gq cupo-tarjeta-linea-de-credito-cl.cf cupo-tarjeta-linea-de-credito-cl.gq cupo-web-avance-cl.cf cupo-web-avance-cl.gq cupo-web-para-avance-cl.cf cupo-web-para-avance-cl.gq incremento-avance-en-tarjeta-cl.cf incremento-avance-en-tarjeta-cl.gq ingreso-cupo-de-tarjeta-cl.cf ingreso-para-avance-cl.cf ingreso-para-avance-cl.gq ingreso-verificacion-cupo-de-avance-cl.cf ingreso-verificacion-cupo-de-avance-cl.gq ingreso-verificacion-de-avance-cl.cf ingreso-verificacion-de-avance-cl.gq login-avance-incremento-web-cl.cf login-avance-incremento-web-cl.gq login-web-avances-cl.cf login-web-avances-cl.gq obten-cupo-enlinea-cl.cf obten-cupo-enlinea-cl.ga obten-cupo-enlinea-cl.gq obten-cupo-enlinea.cf obten-cupo-enlinea.ga obten-cupo-enlinea.gq obten-validacion-cupo-web.cf obten-validacion-cupo-web.gq obtener-avance.cf obtener-avance.ga obtener-avance.gq portal-avances-de-cupo-cl.cf portal-avances-de-cupo-cl.gq portal-para-avance-activado-cl.cf portal-para-avance-activado-cl.gq registro-de-avance-cl.cf registro-de-avance-cl.gq revision-cupo-tarjeta.cf revision-cupo-tarjeta.gq servicio-de-avance-cl.cf servicio-de-avance-cl.gq servicio-web-activacion-avance-cl.cf servicio-web-activacion-avance-cl.gq solicitud-avance-cupo-en-linea-cl.cf solicitud-avance-cupo-en-linea-cl.gq solicitud-cupo-de-avance-personal-cl.cf solicitud-cupo-de-avance-personal-cl.gq validacion-aumento-cupo.cf validacion-aumento-cupo.gq validacion-incremento.cf validacion-incremento.gq verificacion-de-aumento.cf verificacion-de-aumento.gq verificacion-de-avance-cl.cf verificacion-de-avance-cl.gq web-avance-de-tarjeta-cl.cf web-avance-en-linea-cl.cf web-avance-en-linea-cl.gq web-avance-para-personas-scotia-cl.cf web-avance-para-personas-scotia-cl.gq www-aumento-de-avance-cl.cf www-aumento-de-avance-cl.gq www-avances-online-cl.cf www-avances-online-cl.gq www-login-retiro-de-avance-web-cl.cf www-login-retiro-de-avance-web-cl.gq # Reference: https://twitter.com/coderippers/status/1149312700205416448 vman22.com # Reference: https://twitter.com/JAMESWT_MHT/status/1149574068435218432 dgkhj.ru fdghfghdfghjhgjkgfgjh234569.ru hjkg456hfg.ru # Reference: https://twitter.com/Paladin3161/status/1149456134622863360 # Reference: https://www.virustotal.com/gui/file/a46358caac50799c82a9cdc45a3718bf519ffe5d32527fdc94843cf7bee487d8/detection aol.vready.cn v2api.v6.cn 118.25.165.228:443 134.175.107.117:80 # Reference: https://twitter.com/1ZRR4H/status/1121146391127044096 http://163.172.84.54 # Reference: https://twitter.com/James_inthe_box/status/1149640703082815489 # Reference: https://app.any.run/tasks/9bb12825-d6d8-4c82-9491-c6a460196bad/ 43.254.217.67:443 # Reference: https://twitter.com/KorbenD_Intel/status/1146463851526938625 http://34.68.116.148 # Reference: https://twitter.com/stvemillertime/status/1142593479966691333 http://45.32.89.133 # Reference: https://www.virustotal.com/gui/domain/pre23sence.club/relations pre23sence.club # Reference: https://twitter.com/RedDrip7/status/1145877272945025029 http://43.254.217.67 # Reference: https://twitter.com/killamjr/status/1150218238573404160 pictureviewerpro.hopto.org # Reference: https://twitter.com/P3pperP0tts/status/1150378625268666370 218.61.16.142:886 # Reference: https://twitter.com/P3pperP0tts/status/1150389146185342976 # Reference: https://app.any.run/tasks/d9edfd31-3526-4a6e-9657-0037a9c3ec43/ # Reference: https://twitter.com/James_inthe_box/status/1150402589449568257 82.202.221.61:4015 justdoits.pw russianbase.ru # Reference: https://twitter.com/P3pperP0tts/status/1150419408197693442 # Reference: https://app.any.run/tasks/bd7ea7cd-d94f-4e21-b809-864653ae59e7/ dircon88.bit 185.126.200.39:4000 185.126.200.39:4158 # Reference: https://twitter.com/JAMESWT_MHT/status/1150688427307929600 balances.duckdns.org # Reference: https://twitter.com/nao_sec/status/1149273164058222592 # Reference: https://app.any.run/tasks/b2f81922-c7cf-4974-8a02-570ac3f440c1/ http://45.12.215.157 # Reference: https://twitter.com/James_inthe_box/status/1150794193494630401 mis.us # Reference: https://twitter.com/James_inthe_box/status/1059087094612602881 jobs.samref.com.sa # Reference: https://twitter.com/malware_traffic/status/856924240158896128 chaggma.com hurtmehard.net # Reference: https://twitter.com/Zerophage1337/status/854883694905098241 red.5efinance.net.in # Reference: https://twitter.com/tmmalanalyst/status/796650651631505408 http://151.248.116.32 o61ulk.top # Reference: https://twitter.com/BroadAnalysis/status/796379886738874368 di8dzlz.top whitaker-detail.com # Reference: https://twitter.com/oppimaniac/status/1151113181751906304 zerodayv3startedexploitpcwithexcelgreat.duckdns.org # Reference: https://twitter.com/James_inthe_box/status/1151156619733921792 http://5.56.133.137 # Reference: https://twitter.com/James_inthe_box/status/1151222412890927104 icf-fx.kz # Reference: https://twitter.com/FewAtoms/status/1151220766337167360 jessecom.top # Reference: https://twitter.com/jeromesegura/status/1148289957716344832 http://213.227.154.121 azera.club # Reference: https://twitter.com/dvk01uk/status/1151351846411390976 mrjbiz.top # Reference: https://twitter.com/sugimu_sec/status/1151463058138525696 woeiuyfgowe.xyz # Reference: https://twitter.com/fletchsec/status/1151553862110720006 danmaxexpress.com # Reference: https://twitter.com/James_inthe_box/status/1151583038087655424 4wereareyou.icu # Reference: https://twitter.com/ViriBack/status/1151644173302456320 http://5.252.192.117 # Reference: https://twitter.com/ViriBack/status/1151642872778776581 http://172.86.120.238 # Reference: https://twitter.com/anyrun_app/status/1151747662011674624 charest-orthophonie.ca # Reference: https://twitter.com/reecdeep/status/1151756075407945729 onholyland.com # Reference: https://www.symantec.com/blogs/threat-intelligence/targeted-ransomware-threat # Reference: https://otx.alienvault.com/pulse/5d30c84b82e46bd810cb4957 http://37.252.15.241 http://89.105.198.28 http://185.202.174.44 http://199.189.108.71 # Reference: https://twitter.com/FewAtoms/status/1152182269454499840 baladefarms-com.ga baladefarms.ga # Reference: https://twitter.com/x42x5a/status/1152203190898778112 sxhts-group.com # Reference: https://twitter.com/HerbieZimmerman/status/1152207191962767360 f72f7994.green.mattingsolutions.co # Reference: https://twitter.com/Paladin3161/status/1151809951762964480 zhujb.cn # Reference: https://twitter.com/P3pperP0tts/status/1152231737583271936 103.118.221.190:38888 111.6.76.54:959 # Reference: https://twitter.com/P3pperP0tts/status/1152538885974634496 granportale.com.br # Reference: https://twitter.com/SBousseaden/status/1152532262589800448 78sh68279.atspace.eu # Reference: https://twitter.com/DGAFeedAlerts/status/1151931732725293060 # Reference: https://www.virustotal.com/gui/ip-address/63.251.106.22/relations 404mobi.com 51ginkgo.com adqwozlzb.info aszzfjwuzngkao.com brokenpiano.ru ceuflaxurxy.info down.heheelibom.com gatherreceive.net haprtwfitgylgiivvcaunvealzqcfq.com heheelibom.com kibertuz.site m8374.net nzizemese.info oymjiasojevof.com plsskq.com ponka.biz qicswtcvvxnmv.info sernak.xyz sr57mj1bcvng4yqf2y41cep8d5.com storyhave.net system-internals.com systembooster.info thisborn.net tpyntpcnxwvsjqow.com windows-pcrepair.com xrjlmyhds.info # Reference: https://twitter.com/FewAtoms/status/1152611531890331648 climapro-africa.com # Reference: https://twitter.com/Xylit0l/status/1152980561943760896 wwkkss.com # Reference: https://twitter.com/bad_packets/status/1153089384884736000 silynigr.xyz # Reference: https://twitter.com/reecdeep/status/1153248954911514625 karysmarie.me # Reference: https://twitter.com/P3pperP0tts/status/1153257218780909568 enc-tech.com # Reference: https://twitter.com/James_inthe_box/status/1153385401278771201 novocontador.club thenewsystemsetup.online # Reference: https://twitter.com/FewAtoms/status/1153714739324829696 adityebirla.com # Reference: https://twitter.com/JayTHL/status/1153744085737512962 africanmobilenetworks.com cxgtgdf.com forteol.com onwamay.in # Reference: https://twitter.com/killamjr/status/1153760441056845824 100puntos.com # Reference: https://twitter.com/gorimpthon/status/1153476585736925184 dellbankyzaj.com # Reference: https://twitter.com/James_inthe_box/status/1154036514600308737 fomoportugal.com # Reference: https://twitter.com/FewAtoms/status/1154065536596107264 http://185.62.189.153 comforitgreel.ml jbssa.one # Reference: https://twitter.com/luc4m/status/1154390964045254656 rgalldmn.duckdns.org # Reference: https://twitter.com/ViriBack/status/1155093166841892864 alldayever231.su # Reference: https://twitter.com/DissectMalware/status/1069507395448184833 cxvbilladsoi-legal.1gb.ru dttmasterpropriv.ml # Reference: https://www.virustotal.com/gui/ip-address/173.231.184.61/relations http://173.231.184.61 # Reference: https://twitter.com/FewAtoms/status/1155496035461947392 u700222964.hostingerapp.com # Reference: https://twitter.com/MisterCh0c/status/1155725091214372864 tjcyint.ml razorcrypter.com systemswift.group oymmadencilik.com.tr # Reference: https://twitter.com/Racco42/status/1155790202306211841 http://23.81.246.28 # Reference: https://twitter.com/stvemillertime/status/1155896477195091971 s2lol.com # Reference: https://twitter.com/James_inthe_box/status/1155845641949442048 serverstresstestgood.duckdns.org # Reference: https://twitter.com/James_inthe_box/status/1155945383048011777 robertogowin.com # Reference: https://twitter.com/Artilllerie/status/1155851644262920199 protest-01262505.ga # Reference: https://twitter.com/ninoseki/status/1156110479028133889 fatmazpharmc.com # Reference: https://twitter.com/p5yb34m/status/1155956248681930755 modexcommunications.eu # Reference: https://twitter.com/FewAtoms/status/1156156572747390977 creativecompetitionawards.ga # Reference: https://twitter.com/p5yb34m/status/1156420680725831680 anthasoft.mx # Reference: https://twitter.com/pulsedive/status/1156474611015528448 103.243.26.251:8988 # Reference: https://www.virustotal.com/gui/domain/rigneda.ru/relations # Reference: https://www.virustotal.com/gui/file/4466e9258c00ecb4783001c678af6da8682fac36e5dd542a59f28a29245e5efa/detection kuitrafes.ru # Note: found on infected machine rigneda.ru # Reference: https://www.virustotal.com/gui/file/27e68e5e547860a9312d751381127ac85e89eeb40d74fa04aa4ca7fbc5498e51/detection green5news.org # Reference: https://twitter.com/malware_traffic/status/1157037634167984128 81.171.31.247:4567 # Reference: https://twitter.com/P3pperP0tts/status/1157196635207847938 kmxxw8.com # Reference: https://twitter.com/alex_lanstein/status/1157261034521939968 122.114.173.174:3306 # Reference: https://twitter.com/James_inthe_box/status/1157406598769213440 zywuqcxtmqtz.000webhostapp.com # Reference: https://twitter.com/Paladin3161/status/1157425240948920321 # Reference: https://www.virustotal.com/gui/file/1223da902b1525073ad6a4a71214b1c1b062fa61ce23138dcea4e7c7bfe9b8ab/detection legion17.icu vidardeep4.icu # Reference: https://twitter.com/bad_packets/status/1157720176487329792 fxxxxxxk.me # Reference: https://twitter.com/fatihsirinnnn/status/1158440148696293376 http://23.95.212.108 # Reference: https://twitter.com/ps66uk/status/1158456891623792647 http://149.202.110.2 # Reference: https://twitter.com/DynamicAnalysis/status/1158406596533338118 fomoportugal.com # Reference: https://twitter.com/James_inthe_box/status/1158484189685010432 http://165.22.201.28 # Reference: https://twitter.com/P3pperP0tts/status/1158666213960179712 198.44.228.10:665 # Reference: https://twitter.com/Racco42/status/1158729618389643264 gsm-security-solutions.com # Reference: https://twitter.com/wwp96/status/1158716438598836224 aspsensewiretransfergoogle.duckdns.org # Reference: https://twitter.com/pancak3lullz/status/1158812093786857475 http://23.82.128.23 # Reference: https://twitter.com/425A_/status/1158824075676069889 # Reference: https://twitter.com/JayTHL/status/1158839203884650499 # Reference: https://www.virustotal.com/gui/ip-address/94.237.40.127/relations 1dct.ru 3dface-nn.ru 4pplus.ru aleksvip.ru alienss.ru anson-lkz.ru ariosgroup.ru aurora-mind.ru balakhonov-yuriy.ru bet-club.ru business-in.ru child-time.ru clean24world.ru csgo-fun.ru douballkoreshy.com douballkoreshy.info douballkoreshy.net douballkoreshy.org downloadjimm.ru e-engenering.ru elneemrrtorithum.com elneemrrtorithum.info elneemrrtorithum.net elneemrrtorithum.org favoritklg.ru films-smotret-online.ru flashsgame.ru foleco.ru fondafon.ru fso29.ru gocpro.ru grozovoy-pereval.ru hbazcfsder.com hbazcfsder.org hbazcfsderonline.com hbazcfsdershop.com hbazcfsderweb.com hochu-shoping.ru invest-alliance.ru irkomp.ru jnazcfert.com jnazcfert.org jnazcfertonline.com jnazcfertshop.com jnazcfertweb.com jnazmertsw.com jnazmertsw.info jnazmertsw.net jnazmertsw.org jnazxertw.com jnazxertw.info jnazxertw.net jnazxertw.org jotdesks.ru kartofelmoptom.ru kmazvertx.com kmazvertx.info kmazvertx.net kmazvertx.org kmsxnertqa.com kmsxnertqaonline.com kmsxnertqashop.com kmsxnertqaweb.com kopenbar.ru kormboellamayy.com kormboellamayy.info kormboellamayy.net kormboellamayy.org krugosvet-ap.ru ksmxnerqs.com lenobl-primorsk.ru leorex-super.ru lifeofbeer.ru limo69.ru lizoblyudnichat.ru mix-zarabotok.ru nazarovdesign.ru okovci.ru oleg-boyko.ru parustaxi.ru plaksa-bdsm.ru prazd-pack.ru protest22.ru pu97.ru rabotasuper.ru retro-cinema.ru richelle-mead.ru rock2.ru rosmedpravo.ru rostov-shops.ru rulezzwarez.ru sabreeelrefaay.com sabreeelrefaay.info sabreeelrefaay.net sabreeelrefaay.org salon-na-domu.ru sam-go.ru shooting-portal.ru soft-arhiv.ru spstav.ru srf48.ru srkbelayareka.ru storeprint.ru story-toy.ru strekozafitness.ru stroydvor-kanev.ru sunkom.ru super-boost.ru svet-lustra.ru ta4ila.ru tancemaster.ru tatnadzor.ru trialanet.ru triumf18.ru tvoyabezopasnost.ru tvz2.ru ukspravedlivost.ru ulitka-plitka.ru valchenco.ru vedyshiy-na-svadby.ru vip-xost.ru visiohelp.ru vorkutasport.ru vradujnom.ru vs-clab.ru vseorake.ru waple.ru warabase.ru web2kochanova.ru webpartizan.ru winx-clubs.ru withmychild.ru wmspb.ru wsasxzertw.com wsasxzertw.info wsasxzertw.net wsasxzertw.org bikton43.ru douballkoreshy.com douballkoreshy.info douballkoreshy.net douballkoreshy.org elneemrrtorithum.com elneemrrtorithum.info elneemrrtorithum.net elneemrrtorithum.org hbazcfsder.com hbazcfsder.org hbazcfsderonline.com hbazcfsdershop.com hbazcfsderweb.com jnazcfert.com jnazcfert.org jnazcfertonline.com jnazcfertshop.com jnazcfertweb.com jnazmertsw.com jnazmertsw.info jnazmertsw.net jnazmertsw.org jnazxertw.com jnazxertw.info jnazxertw.net jnazxertw.org kmazvertx.com kmazvertx.info kmazvertx.net kmazvertx.org kmsxnertqa.com kmsxnertqaonline.com kmsxnertqashop.com kmsxnertqaweb.com kormboellamayy.com kormboellamayy.info kormboellamayy.net kormboellamayy.org ksmxnerqs.com lizoblyudnichat.ru richelle-mead.ru sabreeelrefaay.com sabreeelrefaay.info sabreeelrefaay.net sabreeelrefaay.org sam-go.ru spstav.ru web2kochanova.ru wsasxzertw.com wsasxzertw.info wsasxzertw.net wsasxzertw.org xvehpuabh.icu yourub.ru yzbobdl.space zaimable.ru zentrstroy.ru # Reference: https://twitter.com/FewAtoms/status/1159155277695819776 dhlexpressdeliver.com # Reference: https://www.fortinet.com/blog/threat-research/chinese-targeted-trojan-analysis.html http://154.222.140.49 # Reference: https://twitter.com/DynamicAnalysis/status/1159564232469417988 karlvilles.com # Reference: https://twitter.com/FewAtoms/status/1159490383350587392 # Reference: https://twitter.com/KorbenD_Intel/status/1163929665230299137 # Reference: https://www.virustotal.com/gui/file/e7b190ae876b10d0a216b8475eec078990da4ea07020b0e8a1d8b55b3baa1e4e/detection u700222964.hostingerapp.com # Reference: https://twitter.com/FewAtoms/status/1159482237513064449 http://13.67.107.73 # Reference: https://twitter.com/FewAtoms/status/1159473273870196736 http://13.75.76.78 # Reference: https://twitter.com/nao_sec/status/1159484498569863169 fasttransfer-trafficads.xyz # Reference: https://twitter.com/Timele9527/status/1159673642332016640 fateh.aba.ae # Reference: https://twitter.com/James_inthe_box/status/1159834709209128961 master712.duckdns.org # Reference: https://twitter.com/reecdeep/status/1159833486817034241 lnkexploit.com # Reference: https://twitter.com/James_inthe_box/status/1159861664960749569 beastmas.club # Reference: https://twitter.com/James_inthe_box/status/1159916671055757312 http://40.117.61.41 americanaspromocoes.ga # Reference: https://twitter.com/James_inthe_box/status/1160150821830418432 3prokladkaeu.com setseta.com # Reference: https://twitter.com/FewAtoms/status/1160195673054015488 rubthemoneybear.xyz # Reference: https://twitter.com/FewAtoms/status/1160543075372032006 sevenj.club # Reference: https://www.zscaler.com/blogs/research/saefko-new-multi-layered-rat # Reference: https://otx.alienvault.com/pulse/5d517a359da59958f72dc6c8 aeconex.com # Reference: https://www.virustotal.com/gui/ip-address/89.17.225.163/relations americanexpresscardconfirmationsystemservice.com americanexpressesitz.com americanexpressfeedback.com associatedbnking.com badaprutus.pw biboressurection.info blaerck.xyz bozem.co carolambasola.co carrefour-moncompte.info chaseonlinebusinesssolution.com chaseonlinei.com chaseonlinenotifier.com chasesonliines.com chasessonline.com cloudresemblao.top co-operative-bank.com contributionsthroughy.net csh0p.ru dranidepod.org flowjob.top formasnetoyvnastrchine.com garizzlas.top hudsonenorincludes.com igjqwnedjgqwnqwemnta.net instant-payments.ru jumpinghouse.org kerbitsallor.us kunden-contact-5126351253252.icu kunden-contact-6478585764.top landoftools.ru manfam.co moikopoli.com mymoneywallets.com nettubex.top paysell.org pooiukjadnqwdjnqasdne.com portfos.org postedecretosecure.info posteitalianedecreto.top posteitalianesicurezzadecreto.info potomuchtosrazuskazaleb.com quickbooks-intuits.com scottfranch.org siruksazon.us thefreshstuffs.org thefreshstuffs.ru thefreshstuffs.to tiamos.co toperdona.com topwarenhub.top trading-secrets.ru try2swipe.ws tuyngsdnfwefwef.com ukmarket.su usaa-communication.com usaa-urgentrequest.com usaacominetentproofproofingeventactioninitevent.com usaadbfeedback.com usaamemberservices1.com usaamembersupports.com vaslbntr.ru verificadeidatipostali.com verify-konto-326351323.icu wellsfargosz.com withadvertisingthe.net zxciuniqhweizsds.com # Reference: https://twitter.com/malware_traffic/status/1160988600391086081 http://107.173.90.141 # Reference: https://www.virustotal.com/gui/domain/orderbox-dns.com/details # Reference: https://app.any.run/tasks/68c8f400-eba5-4d6c-b1f1-8b07d4c014a4/ # Reference: https://www.virustotal.com/gui/file/17901948c9c9f2f0d47f66bbac70592a7740d181f5404bf57c075ed6fa165b67/detection # Reference: https://www.virustotal.com/gui/ip-address/176.119.29.14/relations http://176.119.29.14 bbouble.xyz mtcunlocker.info # Reference: https://twitter.com/stoerchl/status/1161159995217653761 zerosugaraddonexploit.duckdns.org # Reference: https://twitter.com/p5yb34m/status/1161323938313457665 dk-rc.com/js/ # Reference: https://twitter.com/FewAtoms/status/1161981277815410688 asdklgb.ga forconfirmation.gq xingyang-glove.com # Reference: https://twitter.com/chen_erlich/status/1162009562674843649 # Reference: https://www.virustotal.com/gui/ip-address/185.99.133.219/relations http://185.99.133.219 earphorialofts.net urbanholidaylo.net wrigleychicago.org # Reference: https://twitter.com/_jsoo_/status/1162039650791198720 a.ycwave.cn # Reference: https://twitter.com/w3ndige/status/1162331454233370624 # Reference: https://app.any.run/tasks/c374d548-02b0-4419-9551-d8800388af42/ http://23.106.215.95 114.221.16.192:443 154.149.31.37:443 64.77.134.20:443 # Reference: https://twitter.com/killamjr/status/1162360718395658240 http://195.123.243.210 # Reference: https://twitter.com/FewAtoms/status/1162667333573390337 http://156.238.3.105 59.188.255.217:6320 # Reference: https://twitter.com/0xrb/status/1162955576927670272 # Reference: https://www.virustotal.com/gui/ip-address/216.224.181.16/relations 99bcare.com apacbizpartner.com apacsfsolutions.com apactechbiz.com asiapacsolution.com b2janitorial.com bitmailpost.com bizventuresgroup.com bizvertical.com bpsservices.org bpswired.com bsnprotocol.com cbxsystematics.com cliquedasia.com comcleanserv.com connexionweb.net csbizsolution.com csbprofile.com cstechnology.org directitsolutions.com enterpriselevelsolutions.com expressstrategy.net file-keeps.com firstclassit.net fluxserveasia.com globalitbuilder.com great-tec.com idealprospecting.com infotechsoln.com innovationtech-asia.com insidesalesinc.com intellibiz.net istglobal.net it-salesmktg.com kickstartsalesforce.com knitgeek.com lamultispecialty.com mail-bounce.com medassistforte.com medsolutionscare.com merchadvisors.com multichannelmktg.com realtech-international.com rhipecloud.com secureditgroup.net sf-apac.com softbizsoln.com softitcare.net softstreams.com softtechenterprise.com technocloudxpert.com techpacific-international.com tecnevo.com tecqna.com thebusinessdrift.com thesoftwareenterprise.com thewisesoln.com thunderlinkz.com tradespecialistgroup.com ultimateintelligence.net universalitbiz.com vitrexa.com wallstreetguru.info worldsfinestservice.com xpresstrategy.net zenbitsolution.com zenithnetworxs.com # Reference: https://twitter.com/FewAtoms/status/1163043154628624385 # Reference: https://www.virustotal.com/gui/file/94543f02145c8cbc924fe6a4229b16f3b1d2988c6db4b66df5cd766322982f93/detection # Reference: https://www.virustotal.com/gui/file/5e505f7876fbde8e323f698982f189b12be25569113a2426d6f6f8dda0e7d8be/detection # Reference: https://www.virustotal.com/gui/file/300ece5931709d15dfd9a5ddce2f69ec6aa7466277a0a0edba134375bf2c20be/detection # Reference: https://www.virustotal.com/gui/file/4ed245f6ae78a3a39543d865c0660c5dab39bcee18ee1abb212d8a3893e6584a/detection http://193.112.160.173 193.112.160.173:33221 193.112.160.173:55421 # Reference: https://twitter.com/tkanalyst/status/1163084043832872961 # Reference: https://app.any.run/tasks/ee0e55e6-84dd-4576-a32c-153629cffcc7/ sexshops.site sreex.info sygicstyle.xyz # Reference: https://twitter.com/James_inthe_box/status/1163565834343632897 # Reference: https://app.any.run/tasks/04a0a774-dd16-43bd-a966-2a35ca66fe70/ # Reference: https://pastebin.com/Lv0KAQ0k dogware.pw cy91219.tmweb.ru # Reference: https://twitter.com/JAMESWT_MHT/status/1163736730371022848 nainyet.casa # Reference: https://twitter.com/gorimpthon/status/1163616173860122624 evaglobal.eu # Reference: https://malwarebreakdown.com/2017/07/24/the-seamless-campaign-drops-ramnit-follow-up-malware-azorult-stealer-smoke-loader-etc/ http://194.58.38.50 http://194.58.58.70 # Reference: https://unit42.paloaltonetworks.com/newly-registered-domains-malicious-abuse-by-bad-actors/ halanis21yi84alycia.top hvkbvmichelfd.info # Reference: https://twitter.com/James_inthe_box/status/1163880851236462592 bulehero2019.club kingminer.club oiwcvbnc2e.stream # Reference: https://twitter.com/WarlordLestat/status/1164118573872271360 malikom.xyz mrtcom.space rainit.xyz sauronn.host sidom.online # Reference: https://twitter.com/JAMESWT_MHT/status/1164140106095177731 # Reference: https://app.any.run/tasks/0c5278c0-d505-4873-b612-9318dbbc2733/ 101legit.com legitville.com moskaumoskau.com savemax.store # Reference: https://twitter.com/n0p1shing/status/1164150184517033986 akudobia.com # Reference: https://twitter.com/VK_Intel/status/1164194019930497025 vregbqeg.com # Reference: https://twitter.com/dms1899/status/1164699178527842304 dngerpppsa.xyz # Reference: https://twitter.com/bad_packets/status/1165041748772438016 fuckingmy.life # Reference: https://twitter.com/JAMESWT_MHT/status/1165942869359759361 xyskyewhitedevilexploitgreat.duckdns.org # Reference: https://twitter.com/P3pperP0tts/status/1166243679058694145 statexadver3552mn12.club # Reference: https://twitter.com/JAMESWT_MHT/status/1166252297124552704 collinsserver.duckdns.org # Reference: https://twitter.com/gorimpthon/status/1166278659629408257 # Reference: https://app.any.run/tasks/acaedaa7-fbe2-4139-b190-edaebc601c08/ http://45.76.113.195 # Reference: https://twitter.com/FewAtoms/status/1166319332051128320 http://161.202.40.99 # Reference: https://twitter.com/malware_traffic/status/1166114783676051456 statexadver3552mn12.club # Reference: https://twitter.com/DynamicAnalysis/status/1166433211548913668 filebase.duckdns.org # Reference: https://twitter.com/P3pperP0tts/status/1166491923911184385 owak-kmyt.ru pdofan.ru # Reference: https://twitter.com/JAMESWT_MHT/status/1166721502579974146 curly-bar-8ce5.myloaders.workers.dev young-bonus-b8e4.myloaders.workers.dev # Reference: https://twitter.com/James_inthe_box/status/1166683407943794688 chernovik55.ru # Reference: https://twitter.com/P3pperP0tts/status/1166782653623918592 brizy5.ru # Reference: https://app.any.run/tasks/b79f8f2f-d8d9-4f39-ad9c-4feae85babdf/ mailadvert19.world # Reference: https://twitter.com/FewAtoms/status/1167070059010953218 background.pt # Reference: https://twitter.com/bad_packets/status/1167336978041303040 stresser.cc # Reference: https://twitter.com/JAMESWT_MHT/status/1167443194033901568 i03kf0g2bd9papdx.com # Reference: https://twitter.com/JayTHL/status/1167666533260304385 azuremoonentertainment.mobi # Reference: https://twitter.com/nao_sec/status/1167797188363055105 (CVE-2018-15982) # Reference: https://app.any.run/tasks/49618924-ee31-4ed7-9669-17e0816f59a4/ http://82.146.59.230 gw.brownsine.com # Reference: https://twitter.com/P3pperP0tts/status/1167890224644362241 # Reference: https://www.virustotal.com/gui/domain/k1ristri.ru/relations k1ristri.ru 2nud.k1ristri.ru 551t.k1ristri.ru c.k1ristri.ru jl.k1ristri.ru k2.k1ristri.ru mq.k1ristri.ru p6.k1ristri.ru un0.k1ristri.ru v2w.k1ristri.ru w1g.k1ristri.ru ycl.k1ristri.ru # Reference: https://twitter.com/FewAtoms/status/1168131803560984577 accoun2-sign1-secur-ace324490748.com # Reference: https://www.virustotal.com/gui/file/7d48a6706013036266dbcd44aa7528d9e9331de0e9214b564255b96b5767b282/detection absetup5.icu # Reference: https://twitter.com/Paladin3161/status/1168863588015935488 sebains.kozow.com # Reference: https://twitter.com/DynamicAnalysis/status/1168991384457699329 farnbrands.com # Reference: https://twitter.com/JayTHL/status/1169000377120935941 rdmapperels.com # Reference: https://twitter.com/angel11VR/status/1169155232447762437 ukr1.net # Reference: https://twitter.com/malware_traffic/status/1169312743956066305 http://45.142.212.25 # Reference: https://twitter.com/FewAtoms/status/1169333693325946880 macvin.5gbfree.com # Reference: https://twitter.com/DynamicAnalysis/status/1169336301818130432 fomoportugal.com # Reference: https://twitter.com/malware_traffic/status/1169358788748615680 http://179.43.169.43 wyyjacky.club # Reference: https://twitter.com/P3pperP0tts/status/1169642311942397954 brizy5.ru ho3fty.ru j990981.ru seraph15.ru valerana44.ru ww2rai.ru # Reference: https://twitter.com/malwrhunterteam/status/1169638468647096321 http://10.103.2.247 # Reference: https://twitter.com/JayTHL/status/1169688507700457472 waymahikatudor.com # Reference: https://twitter.com/blackorbird/status/1169859337709207552 http://220.158.216.134 # Reference: https://www.virustotal.com/gui/domain/tomx.xyz/relations tomx.xyz # Reference: https://twitter.com/SecSome/status/1169972222439690241 # Reference: https://app.any.run/tasks/21339218-b4fd-4084-95d5-5c42fed4c71d/ 204.152.219.82:9008 jobmalawi.com # Reference: https://twitter.com/Zerophage1337/status/1007645365133246464 http://199.192.19.133 http://91.210.104.247 # Reference: https://twitter.com/FewAtoms/status/1170323745195663360 aagaeyarintz.com # Reference: https://twitter.com/James_inthe_box/status/1170641393875742720 # Reference: https://www.virustotal.com/gui/domain/educationaltools.info/relations educationaltools.info # Reference: https://twitter.com/tkanalyst/status/1170688633172443139 # Reference: https://app.any.run/tasks/fd9a41e5-4768-4ab0-afd3-83988feb49c8/ digimonex.host mailadvert917dx.world umbr.online # Reference: https://twitter.com/JAMESWT_MHT/status/1170726870519824384 pp-back.info # Reference: https://twitter.com/ViriBack/status/1170731470039789568 fiscalia.ga # Reference: https://twitter.com/FewAtoms/status/1171076098244919297 http://23.106.124.142 # Reference: https://app.any.run/tasks/1765b64a-78f0-4360-afaf-6ba886a6d72f/ http://195.123.242.175 # Reference: https://twitter.com/tkanalyst/status/1171572121648033792 starserver715km.world # Reference: https://twitter.com/reecdeep/status/1171365416180080640 bobbychiz.top # Reference: https://twitter.com/trungduc751995/status/1171693318117281793 # Reference: https://otx.alienvault.com/pulse/5d78e9388461b273c265778e http://35.224.233.140 # Reference: https://twitter.com/killamjr/status/1171849775911772165 globalpaymentportal.co # Reference: https://twitter.com/sugimu_sec/status/1172058813177851904 aliiydr.xyz # Reference: https://twitter.com/gigafio/status/1172102628546924545 alhaji.top # Reference: https://twitter.com/Paladin3161/status/1171954425780289542 qeeeeewwswsweerwwerwerwrwerwerwerwere.warzonedns.com # Reference: https://twitter.com/JAMESWT_MHT/status/1172122495652155392 mewahgroup.pw # Reference: https://twitter.com/rpsanch/status/1172548993177522176 # Reference: https://app.any.run/tasks/f24e56fa-c8b8-4b7d-99b0-2975e04429fa/ # Reference: https://otx.alienvault.com/pulse/5d921f7a6ff5154cba005284 213.252.246.80:448 213.252.246.80:80 213.252.246.80:8888 8933-16423.bacloud.info mtcareers.myftp.org mantechcareers.serveftp.com ngcareers.myvnc.com northropgrumman.sytes.net # Reference: https://www.virustotal.com/gui/domain/lalitmumbai.net/relations # Reference: https://app.any.run/tasks/086e4aa9-1ece-441a-a5c3-eb8879d26e2e/ lalitmumbai.net # Reference: https://twitter.com/Racco42/status/1173547031979278336 fomoportugal.com # Reference: https://twitter.com/struppigel/status/1173883825333706752 # Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/spam-campaign-targets-colombian-entities-with-custom-proyecto-rat-email-service-yopmail-for-cc/ # Reference: https://documents.trendmicro.com/assets/Appendix_Spam_Campaign_Targets_Colombian_Entities_with_Custom_made_Proyecto_RAT_Uses_Email_Service_YOPmail_for_C&C.pdf # Reference: https://www.virustotal.com/gui/file/f8bf2120bdec3da240bf4a56760ee42d045e42ec4ae1d261774ff13fc2cb7cc0/detection http://95.179.168.23 http://144.202.19.31 diangovcomuiscia.com eltiempocomco.com medicosempresa.com # Reference: https://twitter.com/FewAtoms/status/1173982410951839745 http://185.250.240.84 # Reference: https://twitter.com/reecdeep/status/1174270764461244417 indta.co.id # Reference: https://twitter.com/wwp96/status/1174311496639221760 this-a22.tk # Reference: https://twitter.com/James_inthe_box/status/1174336699112906752 hushpan.icu # Reference: https://twitter.com/FewAtoms/status/1174350146768965636 http://34.87.96.249 # Reference: https://twitter.com/blackorbird/status/1174894127378358272 http://141.98.213.198 # Reference: https://twitter.com/DbgShell/status/1174997242425565185 xozidazatibotiko.ddns.net # Reference: https://twitter.com/JayTHL/status/1175248668502437888 discribechnl.com menukndimilo.com raatphailihai.com # Reference: https://app.any.run/tasks/ce52b6fb-5444-4d4d-9071-aa4a3d4d0f52/ http://185.206.212.65 # Reference: https://twitter.com/illegalFawn/status/1176077657311764480 sicurezzaonline.info # Reference: https://twitter.com/luc4m/status/1176045112469725184 http://216.170.126.139 # Reference: https://twitter.com/P3pperP0tts/status/1176831679106826240 systemgooglegooglegooglegooglegooglegoole.warzonedns.com # Reference: https://twitter.com/ActorExpose/status/1176782301222658048 redmoscow.info # Reference: https://twitter.com/h4ckak/status/1112953627478351874 # Reference: https://app.any.run/tasks/72dd9d2e-5d7d-412a-830b-d2bd59f98760/ # Reference: https://www.virustotal.com/gui/file/f99cb5b099030834f84c5053b1610e911727673767dd9a6a938a13f1da9d6a33/detection 88.80.144.9:9987 exchangeser.com # Reference: https://twitter.com/FewAtoms/status/1177940330655543302 202.168.151.38:3880 # Reference: https://twitter.com/tkanalyst/status/1177952093287530496 whoil.club # Reference: https://twitter.com/Edgespot_io/status/1069690604198682624 34.227.171.221:8080 # Reference: https://threatvector.cylance.com/en_us/home/threat-spotlight-analyzing-azorult-infostealer-malware.html cindysonam.org # Reference: https://twitter.com/James_inthe_box/status/1178692652700590085 kiskakisska.xyz xyxyxoooo.com # Reference: https://twitter.com/0xFrost/status/1179128508817260545 # Reference: https://app.any.run/tasks/c08c12cc-4a9f-44f4-9aa7-ef11900a8bc8/ wirelord.us # Reference: https://twitter.com/tkanalyst/status/1179174693963587584 # Reference: https://app.any.run/tasks/a2ef7bde-fc71-4f7e-9246-1af8f16b5e6b/ crasyhost.com # Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2018/2018-03-19-ransomware-takes-open-source-path-encrypts-gnu-privacy-guard%0D/ransomware-takes-open-source-path-encrypts-gnu-privacy-guard%0D.csv 62.152.47.251:8000 # Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2018/2018-08-14-microsoft-cortana-allows-browser-navigation-without-login-cve-2018-8253/microsoft-cortana-allows-browser-navigation-without-login-cve-2018-8253.csv missaruba.aw # Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2011/2011-05-04-drive-by-downloads-attack-adobe-zero-day-flaw/drive-by-downloads-attack-adobe-zero-day-flaw.csv jeentern.dyndns.org # Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2011/2011-12-14-inside-adobe-reader-zero-day-exploit-cve-2011-2462/inside-adobe-reader-zero-day-exploit-cve-2011-2462.csv # Reference: https://www.virustotal.com/gui/file/c6072e6446c1641d35e1e471adf4ce533f0615a0365168728bcefe4df2d213ff/detection prettylikeher.com # Reference: https://twitter.com/James_inthe_box/status/1180128778229444608 # Reference: https://twitter.com/P3pperP0tts/status/1180141309685837825 corpcougar.com corpcougar.in # Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2014/2014-04-03-rtf-attack-takes-advantage-of-multiple-exploits/rtf-attack-takes-advantage-of-multiple-exploits.csv aulbbiwslxpvvphxnjij.biz invoice-accounts.org # Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2015/2015-05-18-malware-spreads-facebook-tag-scam/malware-spreads-facebook-tag-scam.csv exusers.com # Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2018/2018-03-19-ransomware-takes-open-source-path-encrypts-gnu-privacy-guard%0D/ransomware-takes-open-source-path-encrypts-gnu-privacy-guard%0D.csv 62.152.47.251:8000 # Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2018/2018-03-02-hackers-bypassed-adobe-flash-protection-mechanism/hackers-bypassed-adobe-flash-protection-mechanism.csv korea-tax.info # Reference: https://twitter.com/YttriumSec/status/1180101251855343616 http://115.159.87.251 # Reference: https://twitter.com/FewAtoms/status/1180819300476755969 http://34.87.19.73 # Reference: https://twitter.com/jishuzhain/status/1181201933714911232 103.99.2.65:1010 # Reference: https://twitter.com/ecarlesi/status/1181522701195849728 downloadtg4.website # Reference: https://twitter.com/P3pperP0tts/status/1181547444837986304 http://43.255.241.160 # Reference: https://twitter.com/JAMESWT_MHT/status/1181616566024183809 http://209.141.42.23 # Reference: https://twitter.com/0xFrost/status/1182037064344322053 5571875.info # Reference: https://twitter.com/P3pperP0tts/status/1182225501387141120 http://31.44.184.123 goji-actives.net # Reference: https://twitter.com/benkow_/status/1182604054742085632 wisecleaner.cleaning # Reference: https://twitter.com/JAMESWT_MHT/status/1182613351425368066 # Reference: https://app.any.run/tasks/14b5c38b-0d39-4c99-9934-998491019487/ # Reference: https://www.virustotal.com/gui/domain/taskhostw.com/relations taskhostw.com # Reference: https://twitter.com/James_inthe_box/status/1182703889012813824 http://198.23.202.49 # Reference: https://twitter.com/P3pperP0tts/status/1182968741283454977 madnik.beget.tech # Reference: https://twitter.com/ViriBack/status/1183098116263858176 taxjustice-usa.org # Reference: https://twitter.com/ViriBack/status/1183157722348433413 gayaju.com # Reference: https://www.virustotal.com/gui/domain/paletoxyz.com/relations paletoxyz.com # Reference: https://twitter.com/ecarlesi/status/1183415444612485120 inationnetwork.xyz # Reference: https://twitter.com/w3ndige/status/1171159313865465856 http://108.62.118.233 # Reference: https://twitter.com/w3ndige/status/1168437823193669632 posqit.net # Reference: https://www.virustotal.com/gui/domain/accessheler.com/relations accessheler.com # Reference: https://app.any.run/tasks/52656d24-b866-416c-b703-ee0fae0e3f78/ http://45.114.8.161 # Reference: https://app.any.run/tasks/5ea9c799-eb73-4854-903a-a4a080659af0/ http://167.114.95.127 # Reference: https://twitter.com/ffforward/status/1184379075642773505 show-qo13.tk # Reference: https://twitter.com/P3pperP0tts/status/1184405805648564226 qisqholden.com # Reference: https://twitter.com/James_inthe_box/status/1185191156168065024 fbigov.website # Reference: https://twitter.com/FewAtoms/status/1185249656235843588 afrimarinecharter.com # Reference: https://twitter.com/JayTHL/status/1185303303892033536 thekukuaproject.com # Reference: https://twitter.com/FewAtoms/status/1185980535497207808 collierymines.com # Reference: https://twitter.com/albertzsigovits/status/1186255610163187714 logover.su # Reference: https://blog.sucuri.net/2019/10/cryptominers-backdoors-found-in-fake-plugins.html # Reference: https://otx.alienvault.com/pulse/5dadb6fad17367c025d25421 abcxyz.stream # Reference: https://twitter.com/James_inthe_box/status/1186363546155663360 0b8a67f7.ngrok.io # Reference: https://twitter.com/wwp96/status/1186365682520338434 granuphos-tn.com # Reference: https://twitter.com/smica83/status/1186520175467810817 # Reference: https://www.virustotal.com/gui/domain/taamgol.com/relations taamgol.com # Reference: https://twitter.com/wwp96/status/1186637571876630529 46.183.220.10:1010 # Reference: https://twitter.com/JAMESWT_MHT/status/1186641478996639745 cloudown.icu # Reference: https://app.any.run/tasks/83bf663d-6020-4186-970e-3c50b842510c/ newandupdates1234.blogspot.com # Reference: https://twitter.com/FewAtoms/status/1186676588013899776 http://151.80.8.7 # Reference: https://twitter.com/ANeilan/status/1186847142113173504 diporpef.com # Reference: https://twitter.com/j_rom_/status/1184880435219849218 amz-syndication.com # Reference: https://twitter.com/fatihsirinnnn/status/1186938514845380608 acmestoolsmfg.com # Reference: https://twitter.com/P3pperP0tts/status/1186988588656934913 tourscentralasian.com # Reference: https://twitter.com/wwp96/status/1187023690636152832 romanceobsessed.com # Reference: https://twitter.com/JAMESWT_MHT/status/1187296372833357825 http://5.188.9.33 # Reference: https://twitter.com/dms1899/status/1187270160220147712 modexcourier.eu # Reference: https://www.virustotal.com/gui/ip-address/161.117.41.54/relations # Reference: https://www.virustotal.com/gui/ip-address/161.117.8.4/relations abs-glt.com akinsab.ru app-comercialex.top aucklandcustom-nz.com avgsupport.info bkam.tech capeplcinc.com.ua casmagnat.rocks clinefr12.com clotiahs.info cremeroloe.com doosamnt.com dotmpegjdj.com echaintool.info efore.info esetsupport.info famoosonutt.com fueda.info gidnik.com gihf2.com gracetime.tech grindtreue.online grindtruex.online gunmak-com.tk higomanga.info jajar.ru jer23.com jobttast.com kaburto.info knt73.com kord23.com mikeservers.eu modcloudserver.eu modexcommunications.eu nestp11.com niiqata-power.com offsolo-gbb.tech oker1.com oldendroff.com pache22.com paramountemporium.vip peaches19.com posqit.net priv112.com qoqip.com quecik.com rnuganbank.com roumines.com saturatix.top siiigroup.com smart-net.rocks sun-clear.net sylvaclouds.eu torresansrl-it.com tr0nsf01.org tr30nfs01.com tsep13.com tyler14.com uloego.info vcmcompanys.com vinaprio.com wgeise4.com xinblasta.us yuxinproteins.com zhchlt.com # Reference: https://twitter.com/petrovic082/status/1187762565969043457 # Reference: https://app.any.run/tasks/03afa5cb-2d8d-4cd0-a7ab-4e1bd7464db6/ neroolive.org # Reference: https://www.virustotal.com/gui/domain/aklianfa.com/relations aklianfa.com # Reference: https://twitter.com/JAMESWT_MHT/status/1188005690130026498 http://193.26.217.230 # Reference: https://twitter.com/DissectMalware/status/1006784787854581760 111.73.46.110:7717 # Reference: https://twitter.com/InQuest/status/1188373526622941186 lritck.tk # Reference: https://twitter.com/JayTHL/status/1188801316417687552 http://37.1.219.172 # Reference: https://app.any.run/tasks/24cc7183-7345-46f6-b26e-1e173d9c98a9/ d1c56b05.ngrok.io # Reference: https://twitter.com/JAMESWT_MHT/status/1188856141633261570 blockchainblogger.club # Reference: https://twitter.com/FewAtoms/status/1188858041686466561 enkaypastri.com # Reference: https://twitter.com/DrStache_/status/1188917585540276224 torishima-qa.com # Reference: https://twitter.com/david_jursa/status/1189155057834647552 thekokokoupd.online # Reference: https://app.any.run/tasks/4c6e0f94-e147-47ca-9467-c3864047439f/ lkdff.com # Reference: https://twitter.com/wwp96/status/1189236233613889538 frenddizoni.org # Reference: https://twitter.com/OttoScav/status/1189220259842187264 213.152.160.146:1010 # Reference: https://app.any.run/tasks/986f65f5-5208-4133-b9af-c993edcc1e34/ http://199.195.254.187 # Reference: https://twitter.com/James_inthe_box/status/1189287512684019714 oz-dn.org # Reference: https://twitter.com/w3ndige/status/1189301536691752960 http://74.118.138.167 # Reference: https://twitter.com/ViriBack/status/1189329887074619395 arbistars.com # Reference: https://twitter.com/wwp96/status/1189536892322304002 uzojesse.top # Reference: https://twitter.com/P3pperP0tts/status/1188946654768091136 http://185.193.125.135 # Reference: https://twitter.com/killamjr/status/1189717599040528386 esascom.com # Reference: https://twitter.com/InvertedLina/status/1189940700311379968 amana-agro.com # Reference: https://twitter.com/malware_traffic/status/1190026665952497667 http://107.181.175.118 http://149.154.67.19 # Reference: https://twitter.com/unmaskparasites/status/1184973893225865222 dropboxfiles.net mydropboxfiles.com # Reference: https://twitter.com/killamjr/status/1190087811803815936 http://51.89.163.174 # Reference: ttps://twitter.com/pmelson/status/1190419506620981248 azuredatabox.azureedge.net # Reference: https://pastebin.com/29uSdMAk chinalarnpbase.com # Reference: https://twitter.com/MalwareTechBlog/status/1190730471321112577 # Reference: https://otx.alienvault.com/pulse/5dbdf437299aea7cd396cd26 5.100.251.106:443 5.100.251.106:80 # Reference: https://app.any.run/tasks/2be23d42-242b-47bc-8d0f-76a5b80e7a4b/ 1xv4.com # Reference: https://app.any.run/tasks/e15b03be-14d2-49c0-b6c1-04249d0783f1/ # Reference: https://www.virustotal.com/gui/domain/stroytrest19.by/details stroytrest19.by # Reference: https://twitter.com/tkanalyst/status/1190975614766833664 # Reference: https://otx.alienvault.com/pulse/5dc1a88e1cf7281dc5c4ed5b http://107.167.244.67 http://138.68.15.227 http://198.199.104.8 blockchainblog.club # Reference: https://twitter.com/wwp96/status/1191013406175830017 racetech.club # Reference: https://twitter.com/ViriBack/status/1062544747062050817 web-bancadigitalbod.com # Reference: https://twitter.com/ViriBack/status/989663475445190656 pf-pv.xyz # Reference: https://twitter.com/fumik0_/status/968070745766154240 updatecenter.ru # Reference: https://twitter.com/FewAtoms/status/1191349702920474625 http://35.247.253.206 # Reference: https://www.reddit.com/r/sysadmin/comments/aswr03/anyone_identify_this_miner_or_malware/ # Reference: https://app.any.run/tasks/daddea03-d06c-42ce-a539-516b5173467f 185.112.156.92:8092 http://173.247.239.186 # Reference: https://app.any.run/tasks/02fc860e-cb3b-4ed4-84c5-95ee52d7e96a/ http://45.147.229.149 # Reference: https://twitter.com/w3ndige/status/1191752055012122625 mostfirstandnow.site # Reference: https://twitter.com/FewAtoms/status/1191751916570763264 mjnalha.ml # Reference: https://www.virustotal.com/gui/ip-address/185.212.128.189/relations http://185.212.128.189 # Reference: https://twitter.com/QW5kcmV3/status/1191441479467708417 # Reference: https://otx.alienvault.com/pulse/5dc190575e635818231a16d9 ms-audit-server.club ms-dll-com.info ms-dll-service.site # Reference: https://twitter.com/wwp96/status/1191754793737428993 http://66.154.103.133 # Reference: https://twitter.com/tccontre18/status/1191638837136633856 # Reference: https://app.any.run/tasks/dc833ad4-508a-42eb-9bc2-cef42a558e89/ http://47.240.70.20 47.240.70.20:8080 # Reference: https://twitter.com/P3pperP0tts/status/1191862832360501249 http://192.3.247.119 # Reference: https://twitter.com/killamjr/status/1191923979549921280 admin-578472.serveo.net # Reference: https://twitter.com/JAMESWT_MHT/status/1192034769011388417 http://78.47.36.215 # Reference: https://twitter.com/wwp96/status/1192102384819933185 megatraffik.com # Reference: https://twitter.com/pancak3lullz/status/1192132907277733889 http://162.218.210.202 # Reference: https://twitter.com/FewAtoms/status/1192129351871082496 http://185.102.122.2 # Reference: https://twitter.com/KorbenD_Intel/status/1192147546086498311 http://47.102.114.62 # Reference: https://twitter.com/lazyactivist192/status/1192458664407392256 http://185.12.29.38 # Reference: https://twitter.com/dave_daves/status/1192472618261254145 # Reference: https://app.any.run/tasks/74221158-9b70-43ab-9a59-df368ff001ed/ http://18.229.155.115 socios20199.webcindario.com # Reference: https://twitter.com/ccxsaber/status/1191916749630783489 # Reference: https://otx.alienvault.com/pulse/5dc4b4c2bada09c6a58dd516 http://192.119.111.4 # Reference: https://twitter.com/coderippers/status/1192746152514469888 phltimberwarehouse.co.uk # Reference: https://twitter.com/killamjr/status/1192788604508131333 http://181.143.146.58 # Reference: https://twitter.com/FewAtoms/status/1192847054130831360 soldi.duckdns.org # Reference: https://app.any.run/tasks/e89ec46a-0637-4b24-9802-08cc19459bef/ og-funds.net # Reference: https://twitter.com/rpsanch/status/1181455677920829440 plazatiles.sytes.net # Reference: https://app.any.run/tasks/90e9809c-d3c5-4e93-b364-6ec4911c2e3e/ exe-3.icu # Reference: https://twitter.com/mszustak/status/1159824933171544064 hobby-l0bby.com # Reference: https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html (# Win.Dropper.Remcos-7376444-0) # Reference: https://www.virustotal.com/gui/domain/proyectobasevirtualcol.com/relations # Reference: https://www.virustotal.com/gui/ip-address/179.33.68.255/relations proyectobasevirtualcol.com recuperaciondecartera.website # Reference: https://zerophagemalware.com/2018/01/23/maldoc-rtf-drop-loda-logger/ # Reference: https://www.virustotal.com/gui/domain/humiconfort.com/relations humiconfort.com # Reference: https://twitter.com/malware_traffic/status/988589136163622912 plumberspro.us # Reference: https://twitter.com/HSAFTeam/status/1189557108498485248 http://111.90.150.133 filabella.ga # Reference: https://twitter.com/James_inthe_box/status/1193539893000986624 35.247.208.129:4748 # Reference: https://community.rsa.com/community/products/netwitness/blog/2018/01/12/malspam-delivers-njrat-1-11-2018 # Reference: https://www.virustotal.com/gui/ip-address/162.144.63.238/relations eagleepcisocks.com # Reference: http://broadanalysis4.rssing.com/chan-65366183/latest.php vjro.biacap.com # Reference: https://twitter.com/wwp96/status/1193942503864651776 zinkobeauty.com # Reference: https://twitter.com/jcarndt/status/1194305779634970625 office365.firewall-gateway.net # Reference: https://twitter.com/James_inthe_box/status/1194358787513077766 # Reference: https://www.virustotal.com/gui/file/fcdf29266f3508bd91d2446f20a73a811f53e27ad1f3e9c1f822458f1f30b5c9/detection # Reference: https://twitter.com/James_inthe_box/status/1194367229879472129 bitbucket.org/anatoliisaharoff/rep/downloads/ # Reference: https://twitter.com/KorbenD_Intel/status/1194361467660836864 http://217.73.62.206 # Reference: https://twitter.com/w3ndige/status/1194889495868592130 dubem.top # Reference: https://twitter.com/Rmy_Reserve/status/1194944079076835333 # Reference: https://app.any.run/tasks/bca1d42d-ea10-4a7b-b98c-4d645ba1e204/ # Reference: https://www.virustotal.com/gui/domain/n-trip.com/relations n-trip.com # Reference: https://twitter.com/pmelson/status/1195009552921616386 # Reference: https://www.virustotal.com/gui/domain/008ex.com/relations 008ex.com bill.008ex.com download.008ex.com jan.008ex.com slay.008ex.com # Reference: https://twitter.com/ItsReallyNick/status/1195233697630445569 d1lkxepo6u8zf.cloudfront.net # Reference: https://twitter.com/FewAtoms/status/1195313326500327424 alg0sec.com # Reference: https://app.any.run/tasks/b7103ff0-18bb-431e-8175-f1274a17de18 andrewharmon.x10host.com # Reference: https://www.virustotal.com/gui/file/2b2697a0a26e746b6dd27d3aee7b126f6b72a09d8bf52961203a849b043d8fbd/relations longvoyages.com # Reference: https://twitter.com/KorbenD_Intel/status/1195341394132525056 http://35.181.60.96 # Reference: https://app.any.run/tasks/8da10f37-1e46-4c71-88bb-e72c40c99e24/ harmonyfacility.com # Reference: https://www.virustotal.com/gui/file/5a9deafa8e6837307213369aa2e64287fa1bedd3dd2b4e9c6c2f7f44629f8a35/detection # Reference: https://www.virustotal.com/gui/ip-address/185.217.1.190/relations apkauto.xyz every1sad.club # Reference: https://twitter.com/FewAtoms/status/1195727132112150529 sktinds.com # Reference: https://blog.netlab.360.com/mykings-the-botnet-behind-multiple-active-spreading-botnets/ nb.ruisgood.ru pc.5b6b7b.ru # Reference: https://www.virustotal.com/gui/ip-address/23.249.165.218/relations http://23.249.165.218 # Reference: https://app.any.run/tasks/10beb62e-cbee-4661-90b1-5a3d4509da3a/ # Reference: https://twitter.com/JayTHL/status/1195824602498437128 ocean-v.com/wp-content/1.txt ocean-v.com/wp-content/1.exe # Reference: https://twitter.com/benkow_/status/1196016846841012224 # Reference: https://www.virustotal.com/gui/file/2d6e42c8aed0b6e23d809d8010e9bc72f0eb59aa1249b97c10f8f15097c4a777/detection donkixota.com loodd01.xyz loodd02.xyz prioritywireless.club # Reference: https://twitter.com/tkanalyst/status/1196033182694379527 kfaxyl.com # Reference: https://twitter.com/FewAtoms/status/1196079049157808128 realgauthier.com # Reference: https://twitter.com/_re_fox/status/1196122304138399745 vulpss.net/696969crpty/ # Reference: https://twitter.com/SoulRage6/status/1196392449318494209 mac-mmanuel.com # Reference: https://twitter.com/FewAtoms/status/1196453357008957440 http://13.54.13.60 # Reference: https://twitter.com/KanbeWorks/status/1196639129812881408 http://54.36.139.1 # Reference: https://twitter.com/ANeilan/status/1196748994728333313 feguhkejwfkgwvfjhkbevcgh.cf # Reference: https://twitter.com/trotsky57271861/status/1196765541014224896 kitchenraja.in # Reference: https://twitter.com/FewAtoms/status/1197921095250300928 http://217.73.60.123 # Reference: https://twitter.com/James_inthe_box/status/1197917197324058624 http://23.254.228.211 # Reference: https://twitter.com/FewAtoms/status/1198574338036969474 uloab.com # Reference: https://twitter.com/H_Miser/status/1198907447534067712 dlfact.club # Reference: https://twitter.com/FewAtoms/status/1199015111794536455 yakusgewe.xyz # Reference: https://twitter.com/wwp96/status/1199000890541256704 milliemefford.com # Reference: https://twitter.com/wwp96/status/1199056486460207106 # Reference: https://app.any.run/tasks/25229a32-2a2b-4bd3-b1ca-046fafb192f5/ http://193.70.124.48 # Reference: https://twitter.com/James_inthe_box/status/1199078758298206208 skjhjl.xyz # Reference: https://twitter.com/FewAtoms/status/1199331943348867072 new-year-packages.com # Reference: https://twitter.com/wwp96/status/1199412245857484813 http://45.137.22.59 # Reference: https://twitter.com/Jouliok/status/1199582844751941635 gsa.co.in/work/ # Reference: https://www.virustotal.com/gui/ip-address/54.202.202.94/relations http://54.202.202.94 # Reference: https://app.any.run/tasks/112fd54b-a113-4484-88db-b59b26dce809/ tfortytimes.com # Reference: https://twitter.com/FewAtoms/status/1200079922959699968 ihs-usa.com/doocs/ # Reference: https://app.any.run/tasks/78fb71f7-e32b-4ab4-9871-5d46465ee886/ # Reference: https://www.virustotal.com/gui/ip-address/182.50.135.88/relations http://182.50.135.88 # Reference: https://twitter.com/VK_Intel/status/1200706216256843776 # Reference: https://www.virustotal.com/gui/file/dbd1d88ea93e26a4a52dd4180a5f2eb461822e3f5a2dcc0e61a5fc31d8c77f75/detection 141.193.6.84 # Reference: https://www.virustotal.com/gui/file/2de81be5ccb948ebadfbf8f469bb3ea749d23a33a203267ef78b07b496da8052/detection http://185.61.138.111 # Reference: https://www.virustotal.com/gui/file/377cb36c07f059e3e46752e56a9fcf79aa673d453272edaa30a2fa83ecbf5780/detection http://185.62.188.169 # Reference: https://www.virustotal.com/gui/file/dbfe4a369975251fd14e5d160f2edde33942723a9bb3b4e6b5f445dd5b9dc549/detection http://66.154.103.133 # Reference: https://twitter.com/smii_mondher/status/1201820356694163457 # Reference: https://www.virustotal.com/gui/ip-address/83.136.106.208/relations http://83.136.106.208 # Reference: https://twitter.com/cyber__sloth/status/1202274774342406144 http://89.40.12.19 # Reference: https://twitter.com/killamjr/status/1202386355378098177 # Reference: https://app.any.run/tasks/a5aa519c-9739-4096-8549-6f5af5af3290/ # Reference: https://app.any.run/tasks/b480973a-0b99-46ad-9a74-6fab20fc206e/ http://198.23.202.33 http://64.188.27.121 # Reference: https://twitter.com/ViriBack/status/1202767892518883329 panel222.info # Reference: https://twitter.com/VK_Intel/status/1202844659908825088 # Reference: https://www.virustotal.com/gui/file/18501a9284b2160d17a9ec5f6fcfdc094e036b7d8c7b84594351129472ac925c/detection 176.122.130.199:8080 # Reference: https://twitter.com/malwrhunterteam/status/1202919436912603137 http://217.8.117.61 # Reference: https://twitter.com/ecarlesi/status/1202360981449531392 audanmon.com # Reference: https://twitter.com/notajungman/status/1203034991858466817 worldwidetechsecurity.com # Reference: https://twitter.com/GrujaRS/status/1203413394642161664 http://185.222.202.218 # Reference: https://twitter.com/GrujaRS/status/1197290398810542081 manage-invoices.info # Reference: https://app.any.run/tasks/927fdec0-3dd3-4da8-8e4e-3fd632c5589f/ iphm.info # Reference: https://twitter.com/VK_Intel/status/1203941934869438464 # Reference: https://www.virustotal.com/gui/file/10d46ea95b9168c93f05fe617c83763dcd734c69efd454512a46c9f225712119/detection 7.24.136.88 # Reference: https://pastebin.com/63w4JXts meitao886.com # Reference: https://twitter.com/James_inthe_box/status/1204063774933581824 http://141.255.164.13 http://146.185.195.20 # Reference: https://twitter.com/wwp96/status/1204112610096009218 globalfbdnsaddressgoogle.duckdns.org # Reference: https://www.virustotal.com/gui/file/30b3e5e0f5fe6b2209d8bf77f36794faf7aa99989016e2cefea820ef1f507d4f/detection http://216.170.126.11 # Reference: https://twitter.com/cyber__sloth/status/1204366146389958656 http://5.255.63.12 # Reference: https://www.virustotal.com/gui/ip-address/89.35.178.104/relations http://89.35.178.104 # Reference: https://twitter.com/JAMESWT_MHT/status/1204410470574125058 http://34.217.107.238 # Reference: https://twitter.com/silascutler/status/1204422133780242434 http://205.185.115.72 # Reference: https://twitter.com/midnight_comms/status/1204429816956620807 205.185.115.72:9801 # Reference: https://app.any.run/tasks/18af3b1c-d5b4-4727-a06e-8c2aa9d2daac/ http://192.236.155.17 # Reference: https://twitter.com/James_inthe_box/status/1205177628623130624 xmr-services.tk # Reference: https://www.virustotal.com/gui/file/a98b22bb93491a53434640c0f89cac49c12de89fea28c5f84caaccd7961f1b06/detection white-hita-3339.but.jp # Reference: https://twitter.com/KorbenD_Intel/status/1205620725526208513 drmarciavila.com.br # Reference: https://twitter.com/0xFrost/status/1116608057268527105 toothless28.pw # Reference: https://www.virustotal.com/gui/ip-address/94.73.32.235/relations http://94.73.32.235 # Reference: https://www.virustotal.com/gui/domain/greatmischiefdesign.com/relations greatmischiefdesign.com # Reference: https://twitter.com/malwrhunterteam/status/1205942062610141185 http://45.128.133.37 # Reference: https://www.virustotal.com/gui/domain/urbanvillager.xyz/relations urbanvillager.xyz # Reference: https://twitter.com/Rmy_Reserve/status/1206596674920972288 newcontest.xyz # Reference: https://twitter.com/VK_Intel/status/1206643330488184832 # Reference: https://www.virustotal.com/gui/file/570768d139c2ed7f75c792746a13247dea897baac575b8faf62452d37399aab0/detection 47.107.136.247:8080 # Reference: https://twitter.com/wwp96/status/1206662163869380608 l500c.com # Reference: https://twitter.com/FewAtoms/status/1206986920036896769 http://133.18.202.74 # Reference: https://twitter.com/mal_share/status/1206691868639141888 http://161.246.67.165 # Reference: https://twitter.com/James_inthe_box/status/1206952335764795392 masabikpanel.top # Reference: https://www.virustotal.com/gui/file/6929d2d74fa9846394f03ba2639480b920cb614fff4698316507237161c9600e/detection 185.147.15.13:443 # Reference: https://twitter.com/david_jursa/status/1207631642988298240 mainsourceoffreeupdate.best # Reference: https://twitter.com/SaudiDFIR/status/1207621069227614208 # Reference: https://app.any.run/tasks/bb422434-c9c8-4e89-bf95-7e44b9f0bf98/ lizen-pierre.be # Reference: https://twitter.com/James_inthe_box/status/1207678562712637441 bhraman.org # Reference: https://twitter.com/James_inthe_box/status/1207379438179999747 (# mailerbot) http://185.174.173.152 /rkeurewvfgo4/cmd.php # Reference: https://app.any.run/tasks/157ab2e2-f469-415d-9288-f7fe304704d7/ http://80.93.182.219 # Reference: https://www.virustotal.com/gui/ip-address/45.142.213.167/relations http://45.142.213.167 45.142.213.167:443 # Reference: https://twitter.com/Jesse_V_Burke/status/1207878795430109186 185.122.59.78:443 # Reference: https://twitter.com/VK_Intel/status/1208340410331996160 # Reference: https://www.virustotal.com/gui/ip-address/101.132.43.162/relations http://101.132.43.162 # Reference: https://twitter.com/prsecurity_/status/1208950830918860800 # Reference: https://www.virustotal.com/gui/ip-address/176.99.11.209/relations 176.99.11.209:80 176.99.11.209:443 5025026.ru avito.cm avito.vg deffender.website drunk-ac.ru engineer-s.ru exploits.pro getsees.website gryphs.ru lapaz.ru legenda.casa money-match.ru muhosransk.site mymoneycontrol.site photobattle.ru popyti.com securepay.cm strastimardasti.club telegrambillionaire.top tinkoff.llc yourluck.pro yourluck.xyz # Reference: https://twitter.com/James_inthe_box/status/1209150941661810690 http://185.216.35.21 # Reference: https://twitter.com/malware_traffic/status/1209638262970748929 # Reference: https://www.virustotal.com/gui/ip-address/45.72.3.132/relations # Reference: https://www.virustotal.com/gui/ip-address/79.174.12.130/details 45.72.3.132:80 45.72.3.132:443 79.174.12.130:80 alertactivityonaccwellslockedacconholdwf.host alertkaccountwellsblockedverifyidacconholdwf.host alertnoticealertlockedwellsaccessblockedacconholdwf.host alertnoticealertwellsaccblockedacconholdcheckwf.host alertonlinebankaccesswellsblockedacconholdwf.host alertsecuritybrokenaccesswellsblockedacconholdwf.host # Reference: https://www.virustotal.com/gui/ip-address/5.149.248.134/relations http://5.149.248.134 # Reference: https://twitter.com/tkanalyst/status/1209829485643612160 earlyace55.com infocarnames.ru # Reference: https://twitter.com/James_inthe_box/status/1209833422832558081 imaginemix.ru # Reference: https://twitter.com/killamjr/status/1210215114407735296 armantraders.net # Reference: https://www.virustotal.com/gui/ip-address/37.46.135.58/relations momo33333.fvds.ru # Reference: https://twitter.com/FewAtoms/status/1210646032780070914 http://94.158.245.73 # Reference: https://www.virustotal.com/gui/file/c04548d4218739cba4b320b75c8cc58f8cc1d18996226344b892e0140e273798/detection http://52.47.207.162 52.47.207.162:82 # Reference: https://www.virustotal.com/gui/file/946e6abf72126a942cfb63916e6ec2e2b597a6c7beba04d76c4213a0e51ce97d/detection 3.17.202.129:80 35aad9f7.ngrok.io # Reference: https://www.virustotal.com/gui/file/db58265db4c657a02cc16ae7efc62f288c97af3b6734b3a891f7bcf105eff802/detection 18.223.41.243:443 3.14.212.173:443 f9e7020b.ngrok.io # Reference: https://www.virustotal.com/gui/file/a3dcc3c8b03f6c5602c95b83864c69d8f0255b44a62f16cc79a22c963dbcf870/detection 3.17.202.129:443 af721e3a.ngrok.io # Reference: https://www.virustotal.com/gui/file/38f55a06ce1abdbba07acb14aaca0fd7f8f5cfa017f9ae6519455cc35f36efdb/detection 18.188.14.65:443 1d9f0a85.ngrok.io # Reference: https://www.virustotal.com/gui/file/4d4bd13f171d0a9fd7a71285bd90cacd4b2f00a15cbf374af0937cbafffb7674/detection 3.17.202.129:22 # Reference: https://www.virustotal.com/gui/domain/capeturk.com/relations capeturk.com # Reference: https://www.virustotal.com/gui/domain/goldenshoponline.us/relations goldenshoponline.us # Reference: https://app.any.run/tasks/76423975-6bd1-48f0-9758-89ceb126bf48/ lifesuporte.site # Reference: https://twitter.com/FewAtoms/status/1211992847643238400 http://133.18.201.42 # Reference: https://www.virustotal.com/gui/file/80fe44438b4d25301a09e6b14a8e746980d858191319e8970617b7ffb7cb29de/detection 193.161.193.99:443 193.161.193.99:80 # Reference: https://twitter.com/malwrhunterteam/status/1212337904892207106 # Reference: https://www.virustotal.com/gui/ip-address/119.3.232.159/relations 119.3.232.159 # Reference: https://twitter.com/ps66uk/status/1212730450432679936 newyearddnsaddressupdatelink.duckdns.org # Reference: https://twitter.com/malware_traffic/status/1210343558705795074 http://66.85.173.6 # Reference: http://plok1.blogspot.com/2018/02/a-new-spreader-with-mimikatz.html # Reference: https://www.virustotal.com/gui/domain/kishi73.com.br/relations kishi73.com.br # Reference: https://twitter.com/Jouliok/status/1212682749452148736 # Reference: https://www.virustotal.com/gui/ip-address/100.43.136.34/relations 100.43.136.34:1717 100.43.136.34:80 # Reference: https://www.virustotal.com/gui/file/a260de9672842bfc45f9335a7d405b64d53815d7d1b8ec8f3e0768c422e73a30/detection http://194.36.191.245 # Reference: https://twitter.com/pancak3lullz/status/1212781520483758083 http://133.18.169.9 # Reference: https://www.virustotal.com/gui/file/6291a9f4ac7dbb741f317c61b7f60bb5d9bc064abeb47e66292ededbfcb38966/detection http://185.234.218.210 # Reference: https://www.virustotal.com/gui/file/14843438836afd53d256e4e71b57365ba2e7fd3a9631c377fe6e5a0aca3e45a1/detection sweethome11.tk # Reference: https://www.virustotal.com/gui/file/e0b416bd9da9580632cf8b56021a7f132f3f305a52e1facde9243df1dd7aaaf8/detection werfcdxv.ru # Reference: https://www.virustotal.com/gui/file/85f350b9d26c0a7c79558237ececfaa2c3472b2fe5ade88c0147eb3ec38fc991/detection solex.duckdns.org systic.duckdns.org # Reference: https://www.virustotal.com/gui/file/4e94d2474092220738319eece43e0c959a34339ab0871ccbd620f0366b4faf5c/detection ecstay.website # Reference: https://www.virustotal.com/gui/domain/sergiormo.duckdns.org/relations sergiormo.duckdns.org # Reference: https://app.any.run/tasks/1c4d20f3-d267-4176-9a2b-1a35656aa4c6/ recoverydata.merehosting.com # Reference: https://twitter.com/JayTHL/status/1213530066065526784 lokigoblinoppd.com simnlpedezir.com # Reference: https://twitter.com/c3rb3ru5d3d53c/status/1213831684791123969 http://23.227.207.185 # Reference: https://www.virustotal.com/gui/file/cbf1a3f24d6fb4c163cdc540dc6df98779b16e491017c9534c58a9f23df47941/detection pinkpanda.pw # Reference: https://www.virustotal.com/gui/file/c7b6e9095074b013ff9e5f9f1b3a7a15493b8b4f099deda31f2cffc308cdfa61/detection bc2rymcehnrb.gq zpu5mahtuq3t.tk # Reference: https://twitter.com/securitydoggo/status/1214185262160457728 maxtraders.net # Reference: https://twitter.com/James_inthe_box/status/1214176338040410112 davespack.top # Reference: https://twitter.com/FewAtoms/status/1214258688980062208 l500c.com # Reference: https://twitter.com/SecSome/status/1214606873665650688 dyessar.buzz # Reference: https://www.virustotal.com/gui/file/27b2c05614676616e8e3b62658c6dabd603ab8e4d135a9384871166998753f42/detection portofino.ug # Reference: https://twitter.com/0_1_0_1_0_0_0_0/status/1215267911666950145 http://3.84.5.126 # Reference: https://twitter.com/reecdeep/status/1215666445264224256 buzztrends.club # Reference: https://twitter.com/malwrhunterteam/status/1215689657880662018 # Reference: https://twitter.com/James_inthe_box/status/1215706026302824449 http://178.128.215.46 # Reference: https://twitter.com/killamjr/status/1216571369892139008 # Reference: https://www.virustotal.com/gui/domain/bobbitopedia.com/relations bobbitopedia.com # Reference: https://app.any.run/tasks/7492c122-a646-468c-9531-50d40a2da425/ dsi-info.fr # Reference: https://twitter.com/FewAtoms/status/1216753032504975362 aaagpsovot.com # Reference: https://twitter.com/malware_traffic/status/1216882597789360134 cheklre4.xyz # Reference: https://twitter.com/dave_daves/status/1217021709498363904 uptodateread.ddns.net # Reference: https://twitter.com/reecdeep/status/1217101781563584513 http://185.159.82.39 # Reference: https://twitter.com/James_inthe_box/status/1217123673502445573 http://45.77.173.124 # Reference: https://twitter.com/3XS0/status/1217144032591257600 alldayever231.su # Reference: https://app.any.run/tasks/35c35367-58e4-46bc-ac62-4052ce7689ed/ http://191.239.243.112 # Reference: https://twitter.com/James_inthe_box/status/1217481969581219840 youaernedit.com # Reference: https://twitter.com/JAMESWT_MHT/status/1217739290270191616 interpremier1998.ru # Reference: https://twitter.com/James_inthe_box/status/1217781646717419520 mellle.com # Reference: https://twitter.com/malware_traffic/status/1217791790423650304 turnkeycre.com # Reference: https://twitter.com/securitydoggo/status/1217802812769349633 fajr.com # Reference: https://twitter.com/nao_sec/status/1217834630612647946 # Reference: https://app.any.run/tasks/c5f307eb-4389-4713-83a4-67ee331409f9/ easy-web-weight-loss.com # Reference: https://twitter.com/unmaskparasites/status/1217866836324339713 http://45.83.122.65 # Reference: https://www.virustotal.com/gui/file/e92ba8c91051a2491c7b0c7a6310a3381734c11e54045e687c1591e2d757d8ab/detection http://144.217.83.43 http://5.206.225.104 # Reference: https://www.virustotal.com/gui/ip-address/5.2.70.145/relations http://5.2.70.145 # Reference: https://app.any.run/tasks/e9d670ed-e84c-4bf6-8fa2-2b1b7310d827/ down.onefast.cc mprrpt.hjkl45678.xyz cltrpt.vbnm34567.xyz 8xxjezfm.slt.cdntip.com zhaobin.byc.580.bydj2019.com byd.580.bydj2019.com yun3.6fenkj.com # Reference: https://www.virustotal.com/gui/file/e6e69be7d884b4bde7505593a450153a67c51eab8e46a75419e2610edf947076/detection 185.38.151.11:80 fl4shg4m35.com # Reference: https://intezer.com/blog-linux-rekoobe-operating-with-new-undetected-malware-samples # Reference: https://otx.alienvault.com/pulse/5e25cfbcd7e22ce9b7d4ea71 # Reference: https://www.virustotal.com/gui/domain/bitscan.win/relations bitscan.win # Reference: https://twitter.com/Jouliok/status/1219337071405477890 buildyourownbotnet.com # Reference: https://twitter.com/wwp96/status/1219363482031861760 achpanel.top # Reference: https://twitter.com/JAMESWT_MHT/status/1219555398266605568 alphaputin.duckdns.org # Reference: https://twitter.com/JayTHL/status/1219848952239050754 mobile-lot.org # Reference: https://twitter.com/JAMESWT_MHT/status/1219906163875221504/photo/1 http://46.183.218.248 # Reference: https://www.virustotal.com/gui/domain/fd6fq54s6df541q23sdxfg.eu/relations fd6fq54s6df541q23sdxfg.eu # Reference: https://www.virustotal.com/gui/domain/fflyy.su/relations fflyy.su # Reference: https://www.virustotal.com/gui/domain/emedtutor.com/relations emedtutor.com # Reference: https://app.any.run/tasks/50c91d01-3e7b-40b3-a6e2-2ada1de3c2b9/ alphaenergyeng.com # Reference: https://www.exposedbotnets.com/2012/08/bbqcto-irc-botnets-hosted-by-france.html bb.qc.to # Reference: https://www.exposedbotnets.com/2013/04/x01bkr2biz-snk-asper-mod-irc-botne.html x01bkr2.biz zr0x1b9.biz xkzykxb.biz xeyaz.biz # Reference: https://www.exposedbotnets.com/2013/05/srv5su-snk-asper-mod-irc-botnet-hosted.html srv5.su srv50.su # Reference: https://www.exposedbotnets.com/2013/03/x1x4x0su-snk-asper-mod-irc-botne.html x1x4x0.su # Reference: https://www.malekal.com/bossabotv2-another-linux-backdoor-irc/ ircqfrum.com ka3ek.com nadnadzzz.info srv5050.co saudicool.org x01bkr2.biz zerx-virus.biz lebanonbt.info # Reference: https://www.exposedbotnets.com/2018/07/bticoinsumonero-miner.html bticoin.su # Reference: https://www.exposedbotnets.com/2017/10/bullguard09wm01toinjectordsce-hosted-in.html bullguard09.wm01.to # Reference: https://www.virustotal.com/gui/ip-address/5.182.211.76/relations 5.182.211.76:80 # Reference: https://www.virustotal.com/gui/ip-address/185.251.39.251/relations 185.251.39.251:80 # Reference: https://www.virustotal.com/gui/ip-address/46.173.219.17/relations 46.173.219.17:80 # Reference: https://app.any.run/tasks/a3d578ef-0492-4ec2-b640-de38ab8eed74/ askarindo.or.id/js/ # Reference: https://twitter.com/James_inthe_box/status/1220818460235583489 alwasl-syria.com # Reference: https://www.virustotal.com/gui/file/593828a9c502d47eca5c58b474c3f559a437d7545b8b98d5b4b9084599abb39d/detection http://216.83.52.40 http://45.139.236.14 silvergeoa.com # Reference: https://www.virustotal.com/gui/file/1eb6c25406ed155d70cc2e5df02f6327458ac48542e1d633532e444ac6f97065/detection http://109.169.89.117 # Reference: https://www.virustotal.com/gui/file/706d442630e1505c69f1ccd33e74ae87a5a228cea5dd3de1337f38157e1915c3/detection http://23.92.211.212 # Reference: https://twitter.com/Rmy_Reserve/status/1221030155088318466 cnamel.com # Reference: https://www.virustotal.com/gui/domain/lanjayn.ga/relations lanjayn.ga # Reference: https://twitter.com/JohnLaTwC/status/1221111943387209730 # Reference: https://www.virustotal.com/gui/domain/insurance-statistics.com/relations insurance-statistics.com # Reference: https://www.virustotal.com/gui/domain/morganjeff.com/relations morganjeff.com # Reference: https://www.virustotal.com/gui/domain/sasill.com/relations sasill.com # Reference: https://www.virustotal.com/gui/file/b4161c6001b0e97db2f134f8bb9095ee809b47c8e1a2ed5021d081838b33d5cb/detection unitedwebpay.co # Reference: https://www.virustotal.com/gui/file/918c1f5862dd56d81876b83d2846eaac2c64ac00004e3b4ccae48a2ead77088c/detection ancrout.info # Reference: https://twitter.com/SBousseaden/status/1221562146573758472 # Reference: https://app.any.run/tasks/2f64ab4f-b405-4462-830c-03cbdf475216/ # Reference: https://www.virustotal.com/gui/ip-address/87.57.141.215/relations # Reference: https://www.virustotal.com/gui/file/082eff8046385cb9233ddd792d4e118c9834a8a11cf4d980b4279ec5aeb53968/detection # Reference: https://www.virustotal.com/gui/file/aaa246dfe7122fcb872ec5298b9fd53aa50486bfb4107db70c1fbfca112218c4/detection # Reference: https://www.virustotal.com/gui/file/f26ecee1261cb0732b0b84bc4802c3828a57c53906c1c6d283675e28f097b515/detection # Reference: https://www.virustotal.com/gui/file/994bdaa56ca8652f249cfae35d6726edfcd324fe8524144e06bf3b6e542f00d9/detection 87.57.141.215:443 87.57.141.215:80 mine.fortipower.com # Reference: https://www.virustotal.com/gui/ip-address/198.46.190.14/relations 198.46.190.14:80 # Reference: https://www.virustotal.com/gui/ip-address/193.26.217.230/relations 193.26.217.230:80 # Reference: https://twitter.com/JayTHL/status/1221880058995970049 5.45.71.32:443 5.45.71.32:80 # Reference: https://twitter.com/wwp96/status/1221889989346320385 # Reference: https://www.virustotal.com/gui/ip-address/142.93.64.230/relations 142.93.64.230:443 belflax.pt eclipsagr.site ordernow.site transferorder.xyz webbelflax.pt webeclipsagr.site webordernow.site webtransferorder.xyz webwestfieldindustries.tk webwetrans.xyz westfieldindustries.tk wetrans.xyz # Reference: https://app.any.run/tasks/23fa0ea9-a950-48d1-9134-7f4ef49eadc6/ 0.le4net00.net 0.weathdata.nu # Reference: https://twitter.com/benkow_/status/1221862063888314368 # Reference: https://www.virustotal.com/gui/domain/exee.space/relations exee.space # Reference: https://twitter.com/FewAtoms/status/1222240268944125954 metaseed.duckdns.org # Reference: https://twitter.com/unmaskparasites/status/1222248365666250755 hypanis.ru # Reference: https://www.virustotal.com/gui/ip-address/209.141.59.245/relations 209.141.59.245:80 # Reference: https://www.virustotal.com/gui/domain/flkjnoijoljoioli21.top/relations flkjnoijoljoioli21.top # Reference: https://www.virustotal.com/gui/domain/dafadeewewwzzzz.website/relations dafadeewewwzzzz.website # Reference: https://twitter.com/laskow26/status/1222332258092105729 sophosdefence.com # Reference: https://www.virustotal.com/gui/ip-address/141.8.192.153/relations dark-team.pw # Reference: https://www.virustotal.com/gui/file/2377a5c17179b5284b7abb170fbdb900d98dfd72131dd4e37438c8688074c378/detection fateh-news.my-firewall.org # Reference: https://www.virustotal.com/gui/ip-address/3.112.246.37/relations 3.112.246.37:80 # Reference: https://twitter.com/phishunt_io/status/1222960636780597249 # Reference: https://www.virustotal.com/gui/domain/amazongifts.org/relations amazongifts.org # Reference: https://twitter.com/benkow_/status/1223234991678787584 greyrockland.com spineyes.club # Reference: https://twitter.com/DynamicAnalysis/status/1223303076100169730 seobrooke.com # Reference: https://medium.com/@quoscient/the-chicken-keeps-laying-new-eggs-uncovering-new-gc-maas-tools-used-by-top-tier-threat-actors-531d80a6b4e9 # Reference: https://otx.alienvault.com/pulse/5e35b7da3cd07e55edf22c8c cdn-line.kz crewtyxz.biz faxtoweb.org gcdn.kz gstatic.kz hotmail.org.kz maildomain.kz msf.org.kz nexfail.com office.com.kz oneppdatemicro.com outlook.kz regsvr32.kz webfax.org yahoo.org.kz # Reference: https://twitter.com/FewAtoms/status/1224372841786855425 http://13.234.231.211 http://178.218.222.185 http://www.pedrojorge.pt/cypher/ # Reference: https://twitter.com/OttoScav/status/1224359600352301056 # Reference: https://www.virustotal.com/gui/file/42fe3715f6197416ff34c99a0fbcf5a8fe4757c3080a4518f2ac54e94a05251c/detection 194.36.188.132:443 # Reference: https://twitter.com/James_inthe_box/status/1224398473065189376 evalogs.top # Reference: https://twitter.com/ScumBots/status/1224442375088435200 46.28.205.87:80 # Reference: https://www.virustotal.com/gui/ip-address/199.19.226.33/relations 199.19.226.33:80 # Reference: https://twitter.com/ScumBots/status/1224527205759438850 iexploreservice.com # Reference: https://twitter.com/ScumBots/status/1224529580444221440 40.114.116.10:80 # Reference: https://twitter.com/wwp96/status/1224382200218603521 impulsefittness.info # Reference: https://app.any.run/tasks/1f6ecf5b-ce20-430e-b319-e4a695fab823/ merkez.tk # Reference: https://twitter.com/Rmy_Reserve/status/1224878446565683201 # Reference: https://www.virustotal.com/gui/ip-address/172.86.75.211/relations # Reference: https://app.any.run/tasks/1362c931-b93e-41c1-8497-4a7132ce7459/ 172.86.75.211:80 dentalmatrix.net # Reference: https://twitter.com/FewAtoms/status/1225072383087841281 palmiericurtains.com # Reference: https://twitter.com/JayTHL/status/1225117583898218496 aluminum.dyndns.dk maios12.dyndns.dk # Reference: https://app.any.run/tasks/36f61504-d0ce-4bfe-be53-3f4a21817677/ 185.253.99.100:80 185.51.203.211:80 # Reference: https://twitter.com/FewAtoms/status/1226175723775258624 45.141.86.18:80 # Reference: https://twitter.com/ViriBack/status/1226223550387933184 pentestblog.xyz # Reference: https://www.virustotal.com/gui/domain/niggacumyafacenet.xyz/relations niggacumyafacenet.xyz # Reference: https://twitter.com/K_N1kolenko/status/1226769404274335744 104.211.165.111:1942 # Reference: https://www.virustotal.com/gui/file/a1b4597019f73f54d3981468c9bbe0ca1e144f06bda349d8baa2f607d90f4fb1/detection # Reference: https://www.virustotal.com/gui/file/8c6cc35529e440cbccb7e33019d7a0ccea0db9f30d2035cad4e66a0d47341b79/detection # Reference: https://www.virustotal.com/gui/ip-address/77.83.172.136/relations # Reference: https://www.virustotal.com/gui/ip-address/185.158.113.232/relations 185.158.113.232:7777 77.83.172.136:7777 kiras.hk manip2.hk bgpaio75egqvqigekt5bqfppzgth72r22f7vhm6xolzqd6ohroxs7pqd.onion jr2jjfxgklthlxh63cz3ajdvh7cj6boz3c3fbhriklk7yip4ce4vzsyd.onion rcjndzwubq5zbay5xoqk4dnc23gr4ifseqqsmbw5soogye6yysc7nkyd.onion uovyniuak3w4d3yzs4z4hfgx2qa6l2u6cx4wqsje4pmnmygc6vfddwqd.onion # Reference: https://twitter.com/ANeilan/status/1226957261697843200 dotcfmkc.cf # Reference: https://twitter.com/ANeilan/status/1226943927430848512 cdfolkme.cf # Reference: https://twitter.com/ANeilan/status/1226941630722322434 adnmya.tk # Reference: https://twitter.com/Arkbird_SOLG/status/1226977494215077888 marcuskirol.online # Reference: https://twitter.com/reecdeep/status/1227158430013677569 185.195.237.17:80 # Reference: https://github.com/stamparm/maltrail/pull/6726#issuecomment-585133462 185.27.134.11:21 ftpupload.net # Reference: http://cybercrime-tracker.net/index.php?search=Stealer (as seen on 2018-09-01) alessa-kw.com alrayyanplastics.com ambliglobal.nut.cc annapoliscrabtownphotos.com bclm-es.info binousgroup.nut.cc bitgetglobal.club briiskgroup.com cliten.microdoctor.com.br cyberfreakz.cf deffanogroup.co.id emiretas.com gazeboindonesia.com gg.net.co goldenalhaji.com gpt.sa.com gruopcor.com gtneifnsyrf.tk handsomelaw.id hectords.us ieejotex.com imsa.com.au iykepc.com jasonetworks.com kantanka.com kiiey.ga kindomstar.com kwe-za.com l2cc9521.justinstalledpanel.com lacasonadelcartero.cl lwis.cf mahgoubsons.ml owenscorming.com owerri.usa.cc richweva.com ronjustthetrebho.net sellychukwu.ru sentrinonline.com sepprod.com spearsrnfq.net stealerpanel.usa.cc toddstretinc.com trafficxx.com u19982p14980.web0119.zxcs.nl u19982p14983.web0119.zxcs.nl untorsnot.in wahuiilopi.club webapp-mpp2.com work.chukzenter.tk # Reference: https://twitter.com/petrovic082/status/1145373440230273024 # Reference: https://pastebin.com/SCsbLU1n theridgeatdanbury.com/wp-admin/network/server/login.php # Reference: https://twitter.com/serhack_/status/1147795722215022592 electrumportal.com # Reference: https://bitcointalk.org/index.php?topic=5133490.0 (Russian) btc-electrum.com btcelectrum.org downloadelectrum.com downloadelectrum.org eiectrum.net electrum.bz electrumapp.org electrumapps.com electrumbase.com electrumbase.net electrumbase.org electrumbitcoin.org electrumbtc.org electrumbuild.com electrumcircle.com electrumclient.org electrumcore.com electrumcore.net electrumdownload.com electrumdownload.org electrume.com electrume.org electrumfix.com electrumget.com electrumget.com electrumhub.com electrumnet.com electrumofficial.com electrumopen.org electrumpgrade.com electrumsafe.org electrumsite.com electrumsource.org electrumstart.org electrumtxn.com electrumupdate.com electrumupgrade.com electrumupgrade.org electrumware.com electrumware.org electrumweb.net getelectrum.com getelectrum.live getelectrum.org goelectrum.com myelectrum.org electro1wallet.info electrodwallet.info digi-wallet.info jotubhsbn.website zpvuvcf.xyz # Reference: https://twitter.com/0xFrost/status/1188458586453745664 # Reference: https://pastebin.com/JDecBDpM btc-electrum.net btcelectrum.com electrum-btc.net electrum.ink electrum.media electrum.tools electrum.zone electrumapp.info electrumapps.info electrumball.com electrumbase.online electrumbase.sh electrumbin.com electrumbit.net electrumbitcoin.club electrumbitcoin.co electrumbitcoin.info electrumblocks.com electrumboard.com electrumbtc.info electrumbtc.live electrumbtc.me electrumcoin.com electrumeasy.net electrumfiles.com electrumflow.com electruminstall.info electruminstall.org electrumpack.com electrumpack.net electrumpack.org electrumpass.com electrumpatch.com electrumpath.com electrumpath.org electrumpin.com electrumportal.net electrumportal.org electrumsecure.com electrumserver.info electrumset.com electrumsite.org electrumstar.com electrumtech.me # Reference: https://twitter.com/andsyn1/status/1271513659718668288 xn--elctrum-u8a.com # Reference: https://twitter.com/Racco42/status/1148877632412487682 # Reference: https://app.any.run/tasks/698e5d3b-7080-4e00-a827-aabb132a8821/ /PostaSatanas.php # Reference: https://twitter.com/ItsReallyNick/status/1150058573671665665 # Reference: https://www.virustotal.com/gui/file/5fb6d259f04a202d9d73110b568370a0eabbc24ce08d8416a85c2e718b7b8721/detection 52.90.226.47:443 # Reference: https://twitter.com/James_inthe_box/status/1159202555961851904 sd346.zzz.com.ua # Reference: https://blog.malwarebytes.com/threat-analysis/2018/04/fakeupdates-campaign-leverages-multiple-website-platforms/ (# C2 section) my.gobiox.com login3.kimbrelelectric.com # Reference: https://twitter.com/sniko_/status/1165293103655333888 wwwelectrum.org # Reference: https://twitter.com/P3pperP0tts/status/1166493391263358976 rtsdyfucgj.temp.swtest.ru # Reference: https://twitter.com/PRODAFT/status/1154016659868409856 undergrounddynamics.site # Reference: https://twitter.com/VK_Intel/status/1171782155581689858 66.42.76.46:21 # Reference: https://twitter.com/sS55752750/status/1173668868784644105 s2.abcvg.ovh # Reference: https://twitter.com/JAMESWT_MHT/status/1177109960309858304 # Reference: https://app.any.run/tasks/947e97aa-fb67-4856-bcc7-297b4d14c9cd/ http://112.175.138.213 # Reference: https://twitter.com/JAMESWT_MHT/status/1182597039105941504 nfe-fazenda.myftp.org # Reference: https://twitter.com/James_inthe_box/status/1184519173268897792 9f249.f249724.96.lt # Reference: https://twitter.com/iocsvault/status/1176144857284395009 jaster24h.biz tviewer.ga # Reference: https://twitter.com/James_inthe_box/status/1187689326353600512 luckykey.tk # Reference: https://twitter.com/angel11VR/status/1189135390655078402 212.47.208.135:21 # Reference: https://twitter.com/unmaskparasites/status/1190016192511131655 # Reference: https://www.virustotal.com/gui/domain/saleforyou.org/details 1.saleforyou.org/tong/pa/newpw/pass.php bingstyle.com/tong/pa/pass.php # Reference: https://twitter.com/cyber__sloth/status/1182395650752892928 # Reference: https://www.virustotal.com/gui/file/7e3a8eda2a3c53b4e169db8b11d344c0308ede32884b18b2f225baf8bcb30aa5/detection 195.50.7.214:43231 # Reference: https://twitter.com/darienhuss/status/1192736459167588353 (# Cyber Agent) # Reference: https://www.virustotal.com/gui/file/04d70bb249206a006f83db39bbe49ff6e520ea329e5fbb9c758d426b1c8dec30/detection # Reference: http://benkow.cc/wp_prezo.pdf chrome-update-center.com geolocation-sys.com # Reference: https://twitter.com/GlaCiuS_/status/1192772160881868801 # Reference: https://www.virustotal.com/gui/file/ebddf88ffdf3cea966a66aa7337e5fdf7e2579db486521a869e7c12c40bb1916/detection gregoirius2015.000webhostapp.com # Reference: https://twitter.com/JAMESWT_MHT/status/1168894993160974336 # Reference: https://app.any.run/tasks/d2b6177d-e257-49ce-bc82-e1dc31321c64/ # Reference: https://www.virustotal.com/gui/file/a0f75184426976dfe0603507b99f87ce63ad79a5af10de935439576f0c48f47f/detection gamebooster.pro lokicode.had.su # Reference: https://twitter.com/DbgShell/status/1197996130585460737 4aeoewr91oas1.anomalix.ml lka177m3agc.37xia484cnd499x.ga wa5to7naa1.a01mt584zk32sw1.ml # Reference: https://twitter.com/JayTHL/status/1199021248417861632 45.137.151.95:21 # Reference: https://twitter.com/i/status/1199127438435012608 finabisope.xyz happysitesworld.xyz timenotbesea.xyz # Reference: https://twitter.com/James_inthe_box/status/1200431694307684352 # Reference: https://www.virustotal.com/gui/file/00a1237e8faa646219744517b24cb4c8ebdbaa10d62e2b56fc25dffca832583c/detection 18.220.85.117:27000 # Reference: https://twitter.com/pancak3lullz/status/748631479144452096 ctr1p.com # Reference: https://www.virustotal.com/gui/file/c180f56cf3d571352a7ea36c968000d61e543347d64a063bf2dcac26b1afe5df/detection gf1433.f3322.net # Reference: https://twitter.com/0_1_0_1_0_0_0_0/status/1204447068321964032 # Reference: https://twitter.com/0_1_0_1_0_0_0_0/status/1204503912092446730 # Reference: https://www.virustotal.com/gui/file/1da250bbb5fbbe268ca2b919a8c2621237a1debda5bb42492b640b8e4f178818/detection 5.188.9.24:9171 # Reference: https://twitter.com/James_inthe_box/status/1204606741947666433 # Reference: https://app.any.run/tasks/768e34db-2ef1-41ed-ad8d-30a9ac7f35a4/ browserlootar.xtreme-apis.top # Reference: https://twitter.com/MBThreatIntel/status/1208135822261637120 193.35.50.253:443 193.35.50.253:80 cardspay.xyz interpaykabinet.cf interpaykabinet.ga interpaykabinet.gq interpaykabinet.ml interpaykabinet.tk interpayoffice.cf interpayoffice.ga interpayoffice.gq interpayoffice.ml interpayoffice.tk kibermansuladu.cf kibermansuladu.ga kibermansuladu.gq kibermansuladu.ml kibermansuladu.tk luckipasdretop.cf luckipasdretop.ga luckipasdretop.gq luckipasdretop.ml luckipasdretop.tk offensepayinter.cf offensepayinter.ga offensepayinter.gq offensepayinter.ml offensepayinter.tk paycards.xyz pireulwiterykam.cf pireulwiterykam.ga pireulwiterykam.gq pireulwiterykam.ml pireulwiterykam.tk zaemaropiteds.cf zaemaropiteds.ga zaemaropiteds.gq zaemaropiteds.ml zaemaropiteds.tk # Reference: https://twitter.com/MBThreatIntel/status/1213201167838089216 # Reference: https://www.virustotal.com/gui/ip-address/193.35.50.250/relations 193.35.50.250:443 193.35.50.250:80 paygooloffice.cf paygooloffice.ga paygooloffice.gq paygooloffice.ml paygooloffice.tk paygoolofficearabi.cf paygoolofficearabi.ga paygoolofficearabi.gq paygoolofficearabi.ml paygoolofficearabi.tk # Reference: https://www.virustotal.com/gui/ip-address/193.35.50.252/relations 193.35.50.252:443 193.35.50.252:80 arabianpayclub.cf arabianpayclub.ga arabianpayclub.gq arabianpayclub.ml arabianpayclub.tk freepayinterkom.cf freepayinterkom.ga freepayinterkom.gq freepayinterkom.ml freepayinterkom.tk interkomarabipay.cf interkomarabipay.ga interkomarabipay.gq interkomarabipay.ml interkomarabipay.tk payarabionmany.cf payarabionmany.ga payarabionmany.gq payarabionmany.ml payarabionmany.tk # Reference: https://twitter.com/unmaskparasites/status/1214266385003495424 http://200.63.40.60 # Reference: https://www.virustotal.com/gui/file/3c154dc2e1eaab82e28934368e05e125787d748b27f90d4dea2265fbde1f6997/detection 179.180.82.144:80 # Reference: https://www.virustotal.com/gui/file/3eea2a5d7d5b692179500b8c6e6edb40454538fd8593bc6d4be042c744af0b1e/detection 185.140.53.134:443 # Reference: https://www.virustotal.com/gui/file/1a49dc441d93c44de5fe946e14f8f06464680cf9d9e537fb36d3535003a1a1b1/detection 95.182.122.184:80 # Reference: https://twitter.com/reecdeep/status/1220256702722977793 # Reference: https://app.any.run/tasks/45fa3d27-2f55-44de-914c-f93af54234c9/ toratoratora.altervista.org # Reference: https://www.virustotal.com/gui/file/593828a9c502d47eca5c58b474c3f559a437d7545b8b98d5b4b9084599abb39d/detection installsilver.com confirmssystems.com passwordkernel.online 123321123.fun myprintscreen.com budison-oklarly.com termscenter.com cleand8yv0m6g.top newbook-t.info # Reference: https://www.virustotal.com/gui/domain/pix-fix.net/relations pix-fix.net # Reference: https://www.virustotal.com/gui/ip-address/161.117.225.32/relations ddtupdate1.top ddtupdate4.top legion17.com mypandacleaner.info rrudate1.top rrudate2.top slupdate1.top slupdate2.top slupdate3.top ssdupdate1.top ssdupdate2.top ssdupdate3.top statistics-pro.best # Reference: https://www.virustotal.com/gui/ip-address/52.59.77.115/relations http://52.59.77.115 # Reference: https://twitter.com/ni_fi_70/status/1227561744702283776 deadrick-812.tk # Reference: https://twitter.com/JAMESWT_MHT/status/1227982693889183744 # Reference: https://app.any.run/tasks/967c009c-cfaa-411f-b804-69bc23bb5814/ 13.72.105.98:443 13.72.105.98:80 # Reference: https://www.virustotal.com/gui/file/267c20b0295420c2638bd6b6087ab7e82f1e10341a8a957a3c28c69fd3bf2890/detection docxuploads.com # Reference: https://www.virustotal.com/gui/ip-address/23.224.179.28/relations o076un.com sggl1527.top sggl6527.top dlytw.com # Reference: https://www.virustotal.com/gui/file/c64a96098559189d85c0e59c4a45740db8cae250520beeff1ff5556e211850d8/detection 23.224.179.28:8008 # Reference: https://www.virustotal.com/gui/file/7be2ec6b3b8190f56c62d44e98b7a8e8fb9404b381d53ddadd43fde622b08206/detection 23.224.179.28:7788 # Reference: https://www.virustotal.com/gui/file/0a94d90a3b91b117741ca0dd37ab14828a59a10c71b27be803480be7d2542ea2/detection 23.224.179.28:8888 # Reference: https://www.virustotal.com/gui/file/2d694ba25af171e61a2cb9b5a8b9588e0c149e691ded7796542ba97449a0b4cb/detection 23.224.179.28:9666 # Reference: https://www.virustotal.com/gui/file/b8d7a2d94c30947e7983961d490143bce7ae677a126320a14457cd96d47f7cbf/detection 23.224.179.28:4131 # Reference: https://www.virustotal.com/gui/file/4181e87462a5913e73f09cdf61a464718a15d17df519ee25dd05f1bd9c93cf97/detection 23.224.179.28:8552 # Reference: https://www.virustotal.com/gui/file/2daad3f8ac834067c85ea75889b388e381f25fab6c2c5c988dfd84c63956842d/detection 23.224.179.28:8180 # Reference: https://www.virustotal.com/gui/file/94c758666acc50035e0028cfcd26d669e6e8fb11ffbd384802b90b5e07b094f2/detection 23.224.179.28:9888 # Reference: https://twitter.com/ps66uk/status/1228268374649659392 # Reference: https://app.any.run/tasks/9be4f8eb-e828-4ca5-ba76-6f8db7f1627a/ 107.189.7.176:80 # Reference: https://www.virustotal.com/gui/domain/breda.vanhiele.nl/relations breda.vanhiele.nl # Reference: https://www.virustotal.com/gui/domain/linkomember.info/relations linkomember.info # Reference: https://urlhaus.abuse.ch/url/314830/ # Reference: https://www.virustotal.com/gui/ip-address/111.90.149.246/relations 111.90.149.246:80 # Reference: https://twitter.com/ScumBots/status/1229284924450123776 # Reference: https://www.virustotal.com/gui/file/beec8fc6ea45f0862fa13107b05a4d92cc2fc3c6f1c0c23fd2f04c3d3988c8c1/detection 62.108.37.42:1013 # Reference: https://twitter.com/vikas891/status/1229360459830087680 jomamba.best # Reference: https://twitter.com/JAMESWT_MHT/status/1222152295724593152 aisioy.xyz # Reference: https://twitter.com/reecdeep/status/1229390645355261953 joeing.rapiddns.ru # Reference: https://www.virustotal.com/gui/domain/bhatner.com/detection bhatner.com # Reference: https://www.virustotal.com/gui/domain/store.nvprivateoffice.com/relations store.nvprivateoffice.com # Reference: https://twitter.com/DynamicAnalysis/status/1229458649694769155 69.87.219.49:80 # Reference: https://twitter.com/Bl4ng3l/status/1229687760279293952 gali.keipta.us # Reference: https://twitter.com/James_inthe_box/status/1229509229267972097 # Reference: https://app.any.run/tasks/6fc45ad8-8993-4fc6-8e60-c437d66593e3/ ba97b047bd6aa1e4f76f84fd6ec96bd8.gq # Reference: https://app.any.run/tasks/a12db284-e0a7-4834-bc94-21debc6ea72b/ rifat02.info # Reference: https://app.any.run/tasks/3440bfb4-736c-4a27-8f63-ea82988bbd67/ rifat01.info # Reference: https://twitter.com/wwp96/status/1229838934563225600 # Reference: https://app.any.run/tasks/4e12a96e-3a18-45a8-8965-8ee6bd3fbb77/ http://34.253.184.43 # Reference: https://twitter.com/Jouliok/status/1230009062810628097 worldatdoor.in # Reference: https://twitter.com/DynamicAnalysis/status/1230171498670886924 gm-adv.com # Reference: https://twitter.com/FewAtoms/status/1230168466142978053 mi.ceceliansanders.us # Reference: https://app.any.run/tasks/e6427a49-7a93-451a-9342-27948f7a0cef/ http://syncode.com.br/forum.php?xmapnawaykkfc=3748139090763247 http://redfinance.pl/forum.php?xmapnawaykkfc=14678699031243286 http://spaxman.com/forum.php?xmapnawaykkfc=586795938240767 # Reference: https://app.any.run/tasks/f4ebed77-6d4c-40fb-a73c-37cae62ca33e/ 78.42.70.24:2214 # Reference: https://twitter.com/KorbenD_Intel/status/1230504991191793664 youalmost.gotdns.com # Reference: https://twitter.com/wwp96/status/1230504598852526080 111.90.146.27:80 # Reference: https://twitter.com/baberpervez2/status/1230606469101477902 # Reference: https://www.virustotal.com/gui/ip-address/185.158.249.22/relations 185.158.249.22:80 # Reference: https://app.any.run/tasks/8ed48f9c-38b7-4f70-bd1a-3bb44a403122/ 0x0.best yaprostopopitalsyaoboitietosrannoeav.club # Reference: https://twitter.com/D3LabIT/status/1230756245511917570 zekelliott.com/ams/amsweb.php # Reference: https://www.virustotal.com/gui/ip-address/217.8.117.64/relations # Reference: https://www.virustotal.com/gui/file/e20b3ae04270e83b45f08235d3f8e9ad1dcc8f6966a2dc03aaeddfc8982090cc/detection 217.8.117.64:80 217.8.117.64:443 185.224.128.41:80 # Reference: https://twitter.com/FewAtoms/status/1231201262944882688 bt-design.org # Reference: https://twitter.com/FewAtoms/status/1231994766398717954 13.95.31.136:80 # Reference: https://twitter.com/FewAtoms/status/1232274564262105088 1579850.xyz # Reference: https://twitter.com/wwp96/status/1232326236636090370 185.112.250.168:80 # Reference: https://twitter.com/FewAtoms/status/1232358875472461829 portermedicals.com # Reference: https://app.any.run/tasks/92f686b8-9cdf-4070-ae98-96cfd34a78ef/ alaziz.in # Reference: https://twitter.com/DynamicAnalysis/status/1232426353766563840 docxuploads.com pacieinco.com # Reference: https://app.any.run/tasks/34e48272-ccf9-4ace-805d-6cedfce263b5/ mitelcelfact-spain.com # Reference: https://twitter.com/James_inthe_box/status/1232764239321845760 ironbigpanel.com # Reference: https://twitter.com/MBThreatIntel/status/1232828557040029696 http://92.63.197.190 # Reference: https://twitter.com/ScumBots/status/1233042331072421892 firsttus.com # Reference: https://twitter.com/0xAmit/status/1224369244797796352 # Reference: https://www.virustotal.com/gui/domain/serralheriacic.com.br/relations serralheriacic.com.br # Reference: https://twitter.com/DynamicAnalysis/status/1233209872889602048 http://8.3.29.166 # Reference: https://app.any.run/tasks/ae89227d-182e-46c6-8dea-dc4275eb859c/ jumpingjetz.net # Reference: https://twitter.com/KorbenD_Intel/status/1233498740914294784 http://13.92.226.218 # Reference: https://www.virustotal.com/gui/domain/cureprm.com/relations cureprm.com # Reference: https://twitter.com/dave_daves/status/1119185135646195712 hijaiyh.net # Reference: https://twitter.com/RickyLafleur1/status/1054730525653508096 mx.neperepahano.top # Reference: https://twitter.com/stecar792/status/1034858782990512128 wasabbybomba.space # Reference: https://twitter.com/illegalFawn/status/1177557065742594048 illegalfawn.com # Reference: https://twitter.com/MisterCh0c/status/1154056708806848515 g.icab.pk # Reference: https://twitter.com/phishunt_io/status/1234095925246689280 userauth-appleid.ddns.net # Reference: https://twitter.com/jorgemieres/status/1233964775748636673 a-d.me # Reference: https://twitter.com/Vishnyak0v/status/1234457104347430915 http://92.119.160.145 /gate4e56d5415700.php # Reference: https://www.virustotal.com/gui/domain/dynamicrosoft.com/relations dynamicrosoft.com # Reference: https://twitter.com/FewAtoms/status/1234893577362210825 http://109.169.89.118 # Reference: https://twitter.com/KorbenD_Intel/status/1234931931168542723 http://78.128.92.24 # Reference: https://twitter.com/malwrhunterteam/status/1235179767604924416 alphastore.store # Reference: https://twitter.com/KorbenD_Intel/status/1235256882048073728 http://109.201.143.181 # Reference: https://twitter.com/baberpervez2/status/1235253914724962309 bigtrading.ga edauto.ga # Reference: https://www.virustotal.com/gui/domain/workshop002.duckdns.org/relations workshop002.duckdns.org # Reference: https://pastebin.com/uveiJed9 gm-adv.com # Reference: https://www.virustotal.com/gui/domain/umeed.app/relations umeed.app # Reference: https://twitter.com/GlaCiuS_/status/1234991709223735296 http://217.8.117.76 # Reference: https://www.virustotal.com/gui/domain/quiet-goto-7536.penne.jp/relations quiet-goto-7536.penne.jp # Reference: https://twitter.com/KorbenD_Intel/status/1235313936091746305 http://111.90.149.212 # Reference: https://twitter.com/wwp96/status/1235587667393269767 hmmrr.com # Reference: https://app.any.run/tasks/2eeeb372-d6ba-4f9f-add7-8b1532f938ec/ # Reference: https://www.virustotal.com/gui/domain/alrazi-pharrna.com/relations alrazi-pharrna.com # Reference: https://twitter.com/killamjr/status/1235727868040077312 http://216.189.145.11 # Reference: https://twitter.com/Artilllerie/status/1235879088944033792 seekersme.com # Reference: https://twitter.com/ps66uk/status/1235959155980210178 18655.aqq.ru # Reference: https://twitter.com/James_inthe_box/status/1236318055203889158 # Reference: https://www.virustotal.com/gui/domain/casaconceitoltda.info/relations casaconceitoltda.info # Reference: https://www.virustotal.com/gui/ip-address/117.78.50.197/relations http://117.78.50.197 # Reference: https://www.virustotal.com/gui/ip-address/112.74.75.143/relations http://112.74.75.143 # Reference: https://www.virustotal.com/gui/ip-address/210.222.25.223/relations http://210.222.25.223 # Reference: https://www.virustotal.com/gui/ip-address/113.214.1.34/relations http://113.214.1.34 # Reference: https://www.virustotal.com/gui/ip-address/37.72.171.98/relations http://37.72.171.98 # Reference: https://twitter.com/0xCARNAGE/status/1236650024601374720 bigtrading.ga # Reference: https://twitter.com/Jouliok/status/1236904231568846849 http://155.94.185.68 # Reference: https://twitter.com/JayTHL/status/1237025355212431361 dubriah.com # Reference: https://twitter.com/VK_Intel/status/1237039891365625856 http://45.11.181.17 # Reference: https://twitter.com/malware_traffic/status/1237070035841175562 # Reference: https://app.any.run/tasks/b799a194-ff60-465f-b781-2914d50d3696/ posqit.net # Reference: https://twitter.com/malware_traffic/status/1237109406288011264 http://64.110.24.130 # Reference: https://www.virustotal.com/gui/domain/trufco.com/relations trufco.com # Reference: https://www.virustotal.com/gui/domain/limos-us.com/relations limos-us.com # Reference: https://twitter.com/James_inthe_box/status/1237362183828209666 sercon.com.mx # Reference: https://twitter.com/JayTHL/status/1237384903181897729 hindold.com # Reference: https://twitter.com/JayTHL/status/1237398536687362048 sulainul.com # Reference: https://twitter.com/wwp96/status/1237796218773831680 cutox.info lolel.best omalll.com # Reference: https://twitter.com/HeavyMetalAdmin/status/1237380963564498944 uzoclouds.eu # Reference: https://twitter.com/AdAstra247/status/1230131129216380928 iopaos.dyndns.dk # Reference: https://twitter.com/FewAtoms/status/1237432289451298822 http://51.81.29.60 # Reference: https://twitter.com/JayTHL/status/1237422040052875269 abctvlive.ru adrakwalichae.com cyanobac.com frekishalm.com joekelpanel.com khitlinphoto.ru kindleedxded.ru lahkaycentz.com lhawarlaw.com live-en-us.ml lowcostpower.ru minmindough.com muabancaoocwnet.ru noreplyinfo-office.com onedrivenoreply.com pinkeyesaure.com prairietruckx.ru rlabinsahab.com savedbyangelsworg.ru swanbleck.com tilsmiangotha.com tutijae.com vitaminepowed.ru wpsitebuilder.ru yanarascla.com yepi2eco.ru yetehoga.com zalmips.com zucikni.com # Reference: https://twitter.com/FewAtoms/status/1237798224221667328 gdrintl.com # Reference: https://twitter.com/IntezerLabs/status/1238090332639842304 jave.xyz # Reference: https://twitter.com/KorbenD_Intel/status/1238102354320166912 http://93.65.162.134 # Reference: https://twitter.com/malwrhunterteam/status/1238113568442265602 trynda.xyz # Reference: https://twitter.com/JayTHL/status/1238182874223910915 vonty.best # Reference: https://www.virustotal.com/gui/domain/pulid.net/relations pulid.net # Reference: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/more-excel-4-0-macro-malspam-campaigns/ # Reference: https://otx.alienvault.com/pulse/5e6a65de61606ee5b177c86f paypeted.com # Reference: https://twitter.com/JAMESWT_MHT/status/1238421963347054594 # Reference: https://www.virustotal.com/gui/file/ca1641bb37075d73a357e454753ab038962d04b7465ac32c4b5675eb2cffff92/detection w1750996.ferozo.com/content/archivos/tarjetas/server.php # Reference: https://twitter.com/James_inthe_box/status/1238606200154886144 maildrive.icu # Reference: https://twitter.com/FewAtoms/status/1238821505171107840 arkallsaintsacademy.com # Reference: https://www.virustotal.com/gui/file/d81122f9d8a55ac1a0b607e321520df3dad2d69959acc99d2ee4e17219cbe4f5/detection http://185.94.191.35 # Reference: https://twitter.com/FewAtoms/status/1239179323266957314 symriseltd.com # Reference: https://www.virustotal.com/gui/file/64551b04da5c87e5ecaa8e315cdd186fac570fbf47ad3cf5eb3daf4b1138859d/detection http://216.170.123.111 # Reference: https://twitter.com/bad_packets/status/1239693959330287616 ero.bckl.ir # Reference: https://twitter.com/reecdeep/status/1239843956424409089 fibare.com # Reference: https://www.virustotal.com/gui/domain/brupas.com/relations brupas.com # Reference: https://twitter.com/casual_malware/status/1239760321021128706 http://94.242.59.225 # Reference: https://twitter.com/Bl4ng3l/status/1240188476789788672 http://209.141.54.161 # Reference: https://twitter.com/malwrhunterteam/status/1240195163265421312 omecanism2.sslblindado.com # Reference: https://www.virustotal.com/gui/file/eb88393fc02fdab866b43176c03eb1fc27073c62033a7a51fcdd9f79fcb8882c/detection transvale.sslblindado.com # Reference: https://twitter.com/nmatte90/status/1240231606297788416 c0vidupdate.xyz # Reference: https://twitter.com/ViriBack/status/1240249046280912896 # Reference: https://app.any.run/tasks/473692f1-73e5-4996-a1b3-2a497938cc58/ http://95.181.178.156 # Reference: https://www.virustotal.com/gui/file/602e17d3aada73b0be2bd791237b3bc4340980d9e14b53dbf6d437e69738afb1/detection http://103.102.44.83 # Reference: https://app.any.run/tasks/dcd48517-ad5f-4f16-a6d0-8d12463ee3a2/ lxj.vvn.mybluehost.me # Reference: https://app.any.run/tasks/5279381c-b255-482a-ae64-02ed6177bc12/ savannahhoney.co.ke/wp-content/uploads/ # Reference: https://github.com/silence-is-best/c2db#unknowns 103.136.43.131:9998 185.222.202.29:9998 nicholaspring.xyz smartwaay.xyz # Reference: https://www.virustotal.com/gui/ip-address/95.101.200.87/relations http://95.101.200.87 # Reference: https://twitter.com/ScumBots/status/1240677572612104192 thesawmeinrew.net # Reference: https://otx.alienvault.com/pulse/5e72b54ff5ee7b31653e7192 cdn-01.anonfiles.com cdn-13.anonfiles.com darkload.cf # Reference: https://www.virustotal.com/gui/file/fa5f120243a4f0569df10aa04e6581a38ac28a8d07c059aeb80424cf982b6a0b/detection braincarney.hopto.org # Reference: https://twitter.com/malwrhunterteam/status/1240935138537676800 # Reference: https://twitter.com/pancak3lullz/status/1240983894461231104 corona-virus2019.us coronavirus2019.us # Reference: https://twitter.com/malwrhunterteam/status/1240996072425652224 http://185.242.104.197 # Reference: https://twitter.com/malware_traffic/status/1241072162750029825 # Reference: https://www.virustotal.com/gui/ip-address/37.1.212.70/relations http://37.1.212.70 # Reference: https://twitter.com/malwrhunterteam/status/1241106612737228800 redeturismbrasil.com/marco/ # Reference: https://blog.talosintelligence.com/2020/03/threat-roundup-0313-0320.html (# Win.Worm.Barys-7617456-0) altincopps.com l33t-milf.info tuntu.info tut0r1allsvu.info x01bkr2.biz xsaudix.net yeh7292ahyssozananan.com # Reference: https://twitter.com/malwrhunterteam/status/1241328902343188481 # Reference: https://twitter.com/malwrhunterteam/status/1241332425491468288 # Reference: https://www.virustotal.com/gui/ip-address/68.183.199.205/relations aguiws.com ajisanjoseairport.com ajisjc.com arizonastatekwos.com haduhabankaemasalahteh.com haduhayawaemasalahteh.com jalanbebekjos.com r2techsystems.com youngllpcnbstrs.com # Reference: https://twitter.com/FewAtoms/status/1241813291460067329 http://77.73.70.28 # Reference: https://www.virustotal.com/gui/file/e60b0b0e57ca395709aeae6016e39f4114c84272e32cf040f5d972372f212f08/detection youtube4kprod.xyz # Reference: https://www.virustotal.com/gui/domain/duleal.com/detection duleal.com # Reference: https://www.virustotal.com/gui/ip-address/46.105.155.114/relations http://46.105.155.114 # Reference: https://clickallthethings.wordpress.com/2020/03/23/avemaria-rat-xls-ads-and-eqnedt32/ # Reference: https://app.any.run/tasks/ce33bea3-9f2d-4507-ae43-2a96bb814bc5/ http://5.199.143.127 # Reference: https://app.any.run/tasks/e89173e6-eabc-44f5-899a-69945b914773/ newmarchess.com # Reference: https://twitter.com/James_inthe_box/status/1242507257574719488 # Reference: https://www.virustotal.com/gui/file/c7e7638b84b5f2803bfc41cc5833110f90fd32eaf8ba8f3c31288222a67f9574/detection http://64.44.57.65 # Reference: https://www.virustotal.com/gui/domain/blockchainglobal.cf/relations blockchainglobal.cf # Reference: https://twitter.com/KorbenD_Intel/status/1242571675738071040 http://35.192.198.16 # Reference: https://www.virustotal.com/gui/file/683844d7a032bb668c23f85020338451f43f4d9a19885d246459fd5f2e6b64d2/detection skyxdata.ddns.net # Reference: https://twitter.com/CyberCapta1n/status/1242865927185674245 la42.website masry-corona.com # Reference: https://twitter.com/jorgemieres/status/1242906665395027976 mwrc.ca/a/ # Reference: https://www.virustotal.com/gui/domain/m0bile.net/relations m0bile.net # Reference: https://twitter.com/bryceabdo/status/1243168325443690500 amdchecker.com comwoman.com developmasters.com newservicehelper.com powerlifterr.com servicemonsterr.com superservicee.com # Reference: https://twitter.com/VK_Intel/status/1243230686858878981 wizardside.club # Reference: https://www.virustotal.com/gui/domain/ikdarkhawast.com/relations ikdarkhawast.com # Reference: https://www.virustotal.com/gui/domain/ashkokatroma.com/relations ashkokatroma.com # Reference: https://twitter.com/KorbenD_Intel/status/1243231484212736000 vigilanciaepdemiologica.com # Reference: https://twitter.com/FewAtoms/status/1243579932590161930 http://185.242.104.78 # Reference: https://twitter.com/FewAtoms/status/1243583843942182915 http://45.88.110.171 # Reference: https://www.virustotal.com/gui/domain/deadnig.ga/detection deadnig.ga # Reference: https://www.virustotal.com/gui/ip-address/193.135.12.22/relations awaken1337.xyz digicert-global-root.site # Reference: https://www.virustotal.com/gui/domain/panellogs.ml/relations panellogs.ml # Reference: https://www.virustotal.com/gui/domain/api-dns1-e.xyz/relations api-dns1-e.xyz # Reference: https://www.virustotal.com/gui/domain/api-oberonapps.org/relations api-oberonapps.org # Reference: https://twitter.com/Jouliok/status/1244494861362962441 asgardia.cl # Reference: https://twitter.com/malwrhunterteam/status/1244616242641735681 pay4ever.xyz # Reference: https://twitter.com/malwrhunterteam/status/1244684201653415940 # Reference: https://www.virustotal.com/gui/domain/ws09ku66vbu31pka.tk/relations ws09ku66vbu31pka.tk # Reference: https://twitter.com/JayTHL/status/1245245851661983746 friendsacrossthepasefika.buzz # Reference: https://blog.cloudmark.com/2020/03/27/covid-19-sms-spam-attacks-shift-from-panic-to-stimulus/ # Reference: https://otx.alienvault.com/pulse/5e821ee9f9dc1acdaaef68b8 aircovid19virus.com clearcovid19virus.com coronabreath.com covidflix19.xyz covidflix20.xyz # Reference: https://info.phishlabs.com/blog/covid-19-phishing-update-threat-actors-target-cdc-who # Reference: https://otx.alienvault.com/pulse/5e8242f59b8b637793daf071 cdchealth.org # Reference: https://twitter.com/FewAtoms/status/1245337912889262085 jotunireq.com # Reference: https://twitter.com/FewAtoms/status/1245693287140413440 boken-jjne0.tk # Reference: https://twitter.com/FewAtoms/status/1245695682385715200 centrehotel.vn/js/ # Reference: https://twitter.com/w3ndige/status/1245783409781362688 ococococ.xyz # Reference: https://twitter.com/yvesago/status/1245588527380717573 expertswebservices.com # Reference: https://twitter.com/KorbenD_Intel/status/1245104618213748737 http://185.208.211.67 # Reference: https://twitter.com/FewAtoms/status/1246423618474647552 parasvijay.com/wp-includes/css/dist/list-reusable-blocks/dir/ # Reference: https://www.virustotal.com/gui/domain/dr-cold.com/relations dr-cold.com/wp-content/uploads/2019/11/1223/ dr-cold.com/wp-content/uploads/2019/11/12261/ # Reference: https://twitter.com/FewAtoms/status/1246789609192816640 birthdaytrend.top # Reference: https://twitter.com/VK_Intel/status/1239934124212785154 # Reference: https://www.virustotal.com/gui/file/81003dc976fa06b15142d1b0541e0f60adf295a06a188f81e9458b32970a8a87/detection # Reference: https://www.virustotal.com/gui/ip-address/31.44.184.50/relations http://31.44.184.50 # Reference: https://twitter.com/James_inthe_box/status/1233128596165685248 munesdon.top # Reference: https://twitter.com/bryceabdo/status/1247550103205875717 orange-vpn.com orangeyouglad.xyz # Reference: https://app.any.run/tasks/d30d1c49-05e8-4767-ade8-66a3204f8821/ microsoft-hohm.space # Reference: https://app.any.run/tasks/c4aa1b6e-a92c-4a19-a5c0-b644bd415374/ quickmaildrive.com # Reference: https://twitter.com/JayTHL/status/1247971248291880962 medicacademic.com/aza/ # Reference: https://twitter.com/pancak3lullz/status/1247985242092326920 hallmarkherbals.com # Reference: https://twitter.com/MBThreatIntel/status/1248412024305897475 # Reference: https://www.virustotal.com/gui/ip-address/198.12.66.107/relations http://198.12.66.107 # Reference: https://www.virustotal.com/gui/file/b9626de5d7262ab3985c0a064e3855f7a40fb9a6a941a29f55c2cb67df503fcf/detection http://45.95.168.62 # Reference: https://app.any.run/tasks/eb87c335-fe94-477f-b6e5-01e75b74673e/ gulf-builders.com # Reference: https://app.any.run/tasks/3ebea34f-7c85-41e5-983e-810ac1f43ab1/ http://193.168.3.93 # Reference: https://www.virustotal.com/gui/ip-address/74.208.13.22/relations http://74.208.13.22 # Reference: https://twitter.com/JAMESWT_MHT/status/1249641912136617984 # Reference: https://www.virustotal.com/gui/domain/1podcast.best/relations 1podcast.best # Reference: https://twitter.com/FewAtoms/status/1250412878781431810 bovientix.com # Reference: https://twitter.com/bryceabdo/status/1250420225008259072 at-2.com f-db.info # Reference: https://twitter.com/stecar792/status/1250845389340774400 http://217.8.117.60 # Reference: https://twitter.com/YouMayBeHacked/status/1251161689812131841 igrejayhwh.com/wo/ # Reference: https://twitter.com/ydklijnsma/status/1251166858797101057 fileserveravast.com # Reference: https://twitter.com/fr0s7_/status/1251445876398194690 mitsui-jyuku.mixh.jp/uploads/ # Reference: https://twitter.com/FewAtoms/status/1251574078965723136 mindrey.co/docu/ # Reference: https://twitter.com/malwrhunterteam/status/1251562811257507841 coronavirusmaps.pro # Reference: https://twitter.com/JAMESWT_MHT/status/1251824300539219970 # Reference: https://www.virustotal.com/gui/domain/fasttads.com/relations # Reference: https://www.virustotal.com/gui/domain/updateplayer.to/relations # Reference: https://twitter.com/Arkbird_SOLG/status/1251827928134045696 fasttads.com updateplayer.to /pixel/install/?e= /pixel/log/?e= /pixel/update/?e= # Reference: https://twitter.com/ReBensk/status/1252200857753382912 riversouthhomes.com/wp-includes/SimplePie/Net/ # Reference: https://twitter.com/FewAtoms/status/1252232647339720705 http://162.213.255.176 # Reference: https://twitter.com/James_inthe_box/status/1252249689811857408 http://167.114.85.125 # Reference: https://twitter.com/cyber__sloth/status/1252879669558312960 13pope.com/wrd/ # Reference: https://www.virustotal.com/gui/domain/gbud.webd.pl/relations gbud.webd.pl # Reference: https://twitter.com/MBThreatIntel/status/1253088809677320192 martner.com/sym/ # Reference: https://app.any.run/tasks/bd29f951-1fe7-4ce8-b26a-c440121d6fac/ wsdyanaekppyinitalymedicalconsultant3.duckdns.org # Reference: https://www.virustotal.com/gui/domain/toliku.com/relations toliku.com # Reference: https://twitter.com/p5yb34m/status/1253473594631286785 apbfiber.com/openme/ # Reference: https://twitter.com/JayTHL/status/1253891233296060416 alkalabs.cf # Reference: https://twitter.com/malwrhunterteam/status/1253984108109324288 http://117.50.106.161 # Reference: https://twitter.com/nao_sec/status/1254023052100120582 # Reference: https://app.any.run/tasks/d9f04401-83b4-4a83-8880-e82750d8b030/ # Reference: https://www.virustotal.com/gui/domain/yourfuturewin.online/relations yourfuturewin.online /grhcwZ?source= /T33sBb?source= /tpQpXh?source= # Reference: https://www.virustotal.com/gui/ip-address/185.234.218.68/relations http://185.234.218.68 # Reference: https://www.virustotal.com/gui/file/78ed52fd5cdeeeccaf079c7fd7c90ed7dc99664310c75e8829163546b2ce83cb/detection http://185.242.104.98 # Reference: https://twitter.com/Jouliok/status/1254707467570774017 anjelo-directhelp.de/fotos/ # Reference: https://twitter.com/jstrosch/status/1254787385587572736 ttkplc.com/office/ # Reference: https://twitter.com/KorbenD_Intel/status/1254920769731063808 http://23.96.112.43 # Reference: https://twitter.com/KorbenD_Intel/status/1254912377130110977 # Reference: https://www.virustotal.com/gui/domain/properrty.co/relations properrty.co/files/ # Reference: https://twitter.com/benkow_/status/1255423719037702144 http://213.226.100.140 # Reference: https://twitter.com/baberpervez2/status/1255581708189085696 # Reference: https://www.virustotal.com/gui/domain/dongiln.co/relations dongiln.co # Reference: https://app.any.run/tasks/7f13ba75-4ae3-4a33-8a0a-ac5a659b9c12/ http://84.38.134.120 # Reference: https://twitter.com/bry_campbell/status/1255786478480822272 http://45.147.228.245 # Reference: https://www.virustotal.com/gui/domain/elievarsen.ru/relations elievarsen.ru # Reference: https://www.virustotal.com/gui/domain/gobigonbig.info/relations gobigonbig.info # Reference: https://twitter.com/James_inthe_box/status/1255856345175044096 rockersdolphin.co.za # Reference: https://twitter.com/KorbenD_Intel/status/1255979526925869056 # Reference: https://www.virustotal.com/gui/ip-address/185.22.153.166/relations ajzconsulting.pw kokoshi.website # Reference: https://twitter.com/KorbenD_Intel/status/1255970615372079104 http://185.227.82.72 # Reference: https://twitter.com/bryceabdo/status/1256256516430143488 # Reference: https://www.virustotal.com/gui/ip-address/93.190.138.35/relations http://93.190.138.35 93.190.138.35:8080 popeyesbox.org # Reference: https://twitter.com/malwrhunterteam/status/1256263426441125888 # Reference: https://www.virustotal.com/gui/domain/9sg.me/relations 9sg.me # Reference: https://twitter.com/bit_dam/status/1256311982992633862 maringareservas.com.br # Reference: https://www.virustotal.com/gui/file/72663c3c01ba82e498550d5b6710f02353adb277903f5b588e49a847f6040e05/detection hlde1.online # Reference: https://www.virustotal.com/gui/file/44c3366e1c09d45096ae06709cf7edcc66e088c6f35b465f3fbfb2d81eb9460d/detection 149.248.37.246:10000 fasterpdfdashboard.top /api/anonymous/cookie/post # Reference: https://www.virustotal.com/gui/file/ec71cafeba96b9e9b15e9dd917a5d90ad0888dcea7d329d6ab00e66f69c503a9/detection 66.42.100.151:10000 bhtaifvu.com easyzipperlab.site luckyoneday01.top fohgo.bhtaifvu.com # Reference: https://twitter.com/petrovic082/status/1256537423166791680 http://63.250.42.34/~bulght/ # Reference: https://twitter.com/JayTHL/status/1256668154383785986 http://45.9.148.123 # Reference: https://twitter.com/jorgemieres/status/1255243161099735046 273625612.netxi.in # Reference: https://www.virustotal.com/gui/domain/prepaidgift.co/relations prepaidgift.co # Reference: https://twitter.com/jstrosch/status/1256705024241086464 ozz.su # Reference: https://twitter.com/petrovic082/status/1256861192481538049 invoice7mukszq9nbpa7online.ru # Reference: https://twitter.com/James_inthe_box/status/1256929937178517505 invoice9kat5ggmml0c6online.ru # Reference: https://app.any.run/tasks/d8a2ef38-b0a0-4619-ab21-918d7e6eefcf/ # Reference: https://www.virustotal.com/gui/domain/google.nov.su/relations google.nov.su # Reference: https://twitter.com/3xp0rtblog/status/1257189013699657728 # Reference: https://app.any.run/tasks/ef44292d-3b2e-4571-8b68-fb49c1db1b1a/ geroipanel.site # Reference: https://twitter.com/malwrhunterteam/status/1257264743775076353 # Reference: https://twitter.com/malwrhunterteam/status/1258281482805796865 # Reference: https://twitter.com/malwrhunterteam/status/1258663175806992384 # Reference: https://twitter.com/malwrhunterteam/status/1259724745907613696 # Reference: https://twitter.com/malwrhunterteam/status/1260812454294061057 kremlin-malwrhunterteam.info nitro-malwrhunterteams.com screw-malwrhunterteam.com skidware-malwrhunterteams.com putin-malwrhunterteams.com # Reference: https://twitter.com/500mk500/status/1257300194984509444 # Reference: https://www.virustotal.com/gui/file/a3fb31d5f00d84fe35edb1e43acfa64a6d77fca443d49e67e6728cd33373bd29/detection # Reference: https://app.any.run/tasks/de4c7c53-60c9-4f0d-9920-ff756532a28d/ http://185.183.76.32/Oq8d # Reference: https://app.any.run/tasks/6a77f6f2-50fb-4a3e-ad20-e0bdd2ba7031/ http://185.141.27.131 # Reference: https://twitter.com/petrovic082/status/1257373903292432387 mitonegbh.xyz # Reference: https://app.any.run/tasks/6a448b87-5f8a-493b-927c-09439f8e652a/ http://205.185.122.246 # Reference: https://twitter.com/bryceabdo/status/1257407631368519681 dl-microsoft.com kaspernsky.com # Reference: https://twitter.com/pmelson/status/1257474730703101959 56ed6ae9.ngrok.io # Reference: https://urlhaus.abuse.ch/browse.php?search=web.lavishsupplystore.com lavishsupplystore.com # Reference: https://twitter.com/petrovic082/status/1257665271831113728 adamtcarruthers.com/sb/img/ # Reference: https://twitter.com/FewAtoms/status/1257685823711055875 adamtcarruthers.com/bottest/node_modules/files/ # Reference: https://twitter.com/felixaime/status/1257699061488070656 # Reference: https://www.virustotal.com/gui/domain/coramap.site/relations coramap.sit # Reference: https://twitter.com/KorbenD_Intel/status/1257792636292698112 # Reference: https://www.virustotal.com/gui/ip-address/183.131.80.72/relations # Reference: https://www.virustotal.com/gui/ip-address/207.246.106.233/relations # Reference: https://www.virustotal.com/gui/ip-address/58.49.59.139/relations http://183.131.80.72 http://207.246.106.233 http://58.49.59.139 183.131.80.72:16950 207.246.106.233:17470 58.49.59.139:13187 # Reference: https://twitter.com/ReBensk/status/1257902089411256321 linktodown.com # Reference: https://twitter.com/PRODAFT/status/1257957444887744512 # Reference: https://www.virustotal.com/gui/ip-address/193.187.173.112/relations # Reference: https://www.virustotal.com/gui/file/6d3a2dd3bd042a0484ba076f7ae7de39fb39d3aa7decc1809266c7e9b36dbb5a/detection http://193.187.173.112 # Reference: https://twitter.com/FewAtoms/status/1258097048257265666 pocketfsa.com/m/ # Reference: https://twitter.com/James_inthe_box/status/1258099799066243072 medlinee.com # Reference: https://twitter.com/James_inthe_box/status/1258117201610944514 # Reference: https://www.virustotal.com/gui/domain/rititi.com/relations rititi.com # Reference: https://twitter.com/ScumBots/status/1258145657514332161 freepics.bezatraud.me # Reference: https://twitter.com/ScumBots/status/1258148818404679681 cloud.falconoasisdubai.com # Reference: https://twitter.com/ReBensk/status/1258349048903266304 c9f44961.ngrok.io # Reference: https://twitter.com/James_inthe_box/status/1258390247341043712 ec2.amazzed.top # Reference: https://twitter.com/KorbenD_Intel/status/1258508684159619073 colovilla.top # Reference: https://twitter.com/KorbenD_Intel/status/1258514599436902401 http://5.206.224.216 # Reference: https://twitter.com/Circuitous__/status/1258467178141138944 # Reference: https://twitter.com/tkanalyst/status/1258744515977854977 theclinicabarros.com/a.jpg theclinicabarros.com/ab.jpg # Reference: https://www.virustotal.com/gui/file/259596170a1e0fb6e75d30cef5258005f1a2ddf7330baac54bab65e92310a750/detection websolution.vipwell.org # Reference: https://twitter.com/petrovic082/status/1259039290505519105 http://77.73.69.137 # Reference: https://twitter.com/FewAtoms/status/1258753855426306049 alphauniforms.ae/collinxx/ alphauniforms.ae/huss/ alphauniforms.ae/wetransfers/ # Reference: https://twitter.com/malwrhunterteam/status/1259208656819798017 outletdemakeup.ro # Reference: https://twitter.com/petrovic082/status/1259446499353620480 http://40.89.185.52 # Reference: https://www.virustotal.com/gui/file/f1e753cf6e66c7ced7ac61aa4bc6646d8f772cec9ed513ae8bfc056cb4070ba3/detection ad-repack.ddns.net # Reference: https://twitter.com/James_inthe_box/status/1259916041431343104 http://94.158.245.25 # Reference: https://twitter.com/petrovic082/status/1260202592195543040 gossip-candy.stars.bz # Reference: https://twitter.com/petrovic082/status/1260204809644277766 # Reference: https://twitter.com/petrovic082/status/1260205055866699776 aarontveit.net/doc/ aarontveit.net/zy/ # Reference: https://twitter.com/James_inthe_box/status/1260356146335899648 temp.news # Reference: https://twitter.com/FewAtoms/status/1260610055151509504 http://37.59.90.90 # Reference: https://twitter.com/KorbenD_Intel/status/1260714876525256707 159.65.133.180:81 # Reference: https://twitter.com/executemalware/status/1260947413474381824 orlandovoicestudio.com/new/ # Reference: https://twitter.com/FewAtoms/status/1260979618716225536 http://194.26.29.128 id-929734532482.com # Reference: https://twitter.com/abuse_ch/status/1261191304182206464 polaaadetadf.org # Reference: https://twitter.com/KorbenD_Intel/status/1261369088229720065 http://79.124.8.122 # Reference: https://twitter.com/JAMESWT_MHT/status/1261484589035458560 # Reference: https://app.any.run/tasks/41685b2e-fa5b-444a-8948-8580e0c49ef4/ lightning.dns-cloud.net # Reference: https://twitter.com/JAMESWT_MHT/status/1261702858216558592 # Reference: https://app.any.run/tasks/44eac201-23e0-42cc-ae03-189ae1e9c430/ apkelites10.com # Reference: https://twitter.com/malwrhunterteam/status/1262278709752578050 members.westnet.com.au/~marioncraig/ # Reference: https://app.any.run/tasks/efb52b8d-464c-4378-959f-0a4c12016dc7/ rough-grass-45e9.poecdjusb.workers.dev # Reference: https://twitter.com/ScumBots/status/1262695833629274114 holy-shit.ubuntu.workers.dev # Reference: https://twitter.com/FewAtoms/status/1262775320001814529 skdwre-mhteam.best # Reference: https://twitter.com/KorbenD_Intel/status/1262859931717234689 http://185.62.188.26 # Reference: https://app.any.run/tasks/51a2865e-01f4-4bec-8e9a-a23dddf27f00/ http://35.198.146.176 http://64.225.73.172 http://185.236.231.222 pirscupper.club regapi.gamigo.com # Reference: https://twitter.com/Vishnyak0v/status/1263110496347140098 strongapt.ga strongapt.life # Reference: https://twitter.com/James_inthe_box/status/1263179511123685376 pagamentos.rensz.com.br/craftbrew/ # Reference: https://twitter.com/petrovic082/status/1263413662569594880 ideaomar.net # Reference: https://twitter.com/yusaerguven/status/1263470947706773504 vpn-dragon.com # Reference: https://twitter.com/FewAtoms/status/1263510144819908610 learnteachweb.ru/ikt/filter/algebra/tests/test/ # Reference: https://twitter.com/w3ndige/status/1263515049978626049 # Reference: https://app.any.run/tasks/91b1966a-7d29-44fc-834e-3666fbd0367a/ tani-klucz.pl/2/ # Reference: https://twitter.com/petrovic082/status/1263768808105402369 http://45.141.86.137 # Reference: https://twitter.com/James_inthe_box/status/1263863548418994178 wikiapply.ir # Reference: https://twitter.com/malwrhunterteam/status/1263772532194205696 # Reference: https://twitter.com/VK_Intel/status/1264191430068711426 # Reference: https://www.virustotal.com/gui/file/f8cbdb2369a642d07a944f6fea135bc6c6755dbcf3e984b3f170b03d586ce053/detection 39.104.67.122:453 # Reference: https://twitter.com/petrovic082/status/1264193721836408833 tayga.mx/wp-content/themes/twentytwenty/assets/fonts/ # Reference: https://www.virustotal.com/gui/file/3d3351726f3b5cd848ad58cabcc33c9dcd1c601cc1664f197f10b8b1adf7038b/detection tavukkement.tk # Reference: https://www.virustotal.com/gui/domain/kiss58.org/relations kiss58.org # Reference: https://app.any.run/tasks/3a99ae00-8cdc-43fc-b0d0-cfef5c5fc65b/ craghoppers.icu # Reference: https://twitter.com/FewAtoms/status/1264929672166506497 conveyancing.pro/wp-admin/js/widget/ # Reference: https://twitter.com/JAMESWT_MHT/status/1264828072001495041 fofl.it # Reference: https://twitter.com/DynamicAnalysis/status/1265346721795715073 http://185.205.209.166 # Reference: https://twitter.com/James_inthe_box/status/1265390063203975168 http://185.177.59.184 # Reference: https://twitter.com/ScumBots/status/1265610032487563264 striker.work # Reference: https://twitter.com/_re_fox/status/1266917702435835904 goodhk.azurewebsites.net # Reference: https://www.virustotal.com/gui/file/cbcbf58f7d5df41edaef663f74519ce633d326de0705ab22dee43fe6726e956a/detection kiglskfws.serveminecraft.net # Reference: https://twitter.com/reecdeep/status/1267328903846207494 http://45.76.126.209 http://45.77.50.112 # Reference: https://twitter.com/p5yb34m/status/1267971830301601795 # Reference: https://pastebin.com/hbCT919x westuatrans.com/storage/ # Reference: https://twitter.com/James_inthe_box/status/1268190189794426880 manguifajas.com/admin/ # Reference: https://www.virustotal.com/gui/domain/anyeddos.com/relations anyeddos.com # Reference: https://twitter.com/JAMESWT_MHT/status/1268837262516727809 # Reference: https://app.any.run/tasks/fbce704e-e748-4898-b36a-0cab2ecd5105/ freekzvideo.cloud # Reference: https://twitter.com/jstrosch/status/1268961202778116096 thugesh.cf # Reference: https://twitter.com/jcarndt/status/1268585900969283585 hizmetotomotiv.com # Reference: https://app.any.run/tasks/2b9c3175-8d4c-4030-8ba7-0ec2b6591dc6/ mainwhile.com # Reference: https://twitter.com/nao_sec/status/1269422460362870784 http://192.241.208.221 # Reference: https://www.virustotal.com/gui/file/c38e150306fbbe4ea692c3f4b76dcd39d8ebdd97d58dcdad7d70b8be88d79278/detection (# Aliases: disbuk, socelars) # Reference: https://twitter.com/MBThreatIntel/status/1280960714773983232 # Reference: https://threatfox.abuse.ch/browse/malware/win.socelars/ allinfo.pw asdgain.xyz assassinsx.com biohazardgraphics.com channelinfo.pw chosenncrowned.com clinkccaddress.com createinfo.pw eceinfos.top ecgbg.com fidgetiesout.com frivoloument.com gaintt.pw hhgenice.top influenceted.com infoanalysiser.com infokscents.com irritabletion.com kvubgc.com likewisemeticulous.com mkpmc.com nicekkk.pw nvdmzf.com sblinfo.pw sokoinfo.pw tendenctioned.com tpyyf.com wgqpw.com wygexde.xyz y101ad34452096.xyz zhxxjs.pw zzhlike.pw # Reference: https://www.virustotal.com/gui/ip-address/155.138.226.36/relations channelinfo.pw downcleardown.xyz exeinfo.pw goodvisit.pw jsxjbxx.pw nextinfo.pw sjjscenter.pw smartpdfreader.com wbinstall.pw # Reference: https://twitter.com/abuse_ch/status/1269863589382369282 bluechippropertyexperts.com/autorenew/ # Reference: https://twitter.com/reecdeep/status/1269911390141190144 # Reference: https://www.virustotal.com/gui/domain/szn.services/relations szn.services # Reference: https://twitter.com/James_inthe_box/status/1270007086978486272 transgear.in/ssc/ # Reference: https://twitter.com/FewAtoms/status/1270030123480289281 boasteel.us # Reference: https://twitter.com/FewAtoms/status/1270038201533632514 eurostudiescy.com/putttty/ # Reference: https://www.virustotal.com/gui/file/29d2c857add67db5ea4fa1265d6799f72436443ef37ebe6b552884f7f08c99ba/detection majia.pw # Reference: https://twitter.com/yusaerguven/status/1269373995197042688 irsupd.com # Reference: https://twitter.com/FewAtoms/status/1270765647182663681 http://5.152.203.117 # Reference: https://twitter.com/FewAtoms/status/1270754951380205569 ivobrandao.com/wp-admin/maint/files/ ivobrandao.com/wp-admin/includes/files/ ivobrandao.com/wp-admin/images/files/ # Reference: https://twitter.com/malwrhunterteam/status/1271160638342127618 social-turnips.xyz # Reference: https://app.any.run/tasks/bbf298e2-3f58-4702-80ff-eb0b742f5a6a/ http://176.57.208.130 # Reference: https://twitter.com/bad_packets/status/1271568773867204608 http://107.189.11.170 # Reference: https://twitter.com/FewAtoms/status/1272132057901273091 http://43.229.151.135 # Reference: https://www.virustotal.com/gui/file/acb6fe32500a2a116c9a56bc4cc897ecad4d38839cd73d09b5904d7ebe29d047/detection webewr.com # Reference: https://twitter.com/1ZRR4H/status/1272311078148550656 # Reference: https://app.any.run/tasks/f95e4b61-946c-45c2-91dd-3bbbcacd56cf/ small-business-solutions.biz # Reference: https://twitter.com/ScumBots/status/1272445067232530433 microsoft.dtgsiam.pw # Reference: https://twitter.com/malware_traffic/status/1272973262788734977 pops.works/manahet/ # Reference: https://app.any.run/tasks/fa7cb330-07b2-4366-a9a1-03984fe05c1d/ office-service-secs.com # Reference: https://twitter.com/James_inthe_box/status/1273271196298080258 asmreekasounds.com/upfiles/up_down/ # Reference: https://twitter.com/benkow_/status/1273205562122153984 # Reference: https://www.virustotal.com/gui/domain/covidbase.info/detection # Reference: https://www.virustotal.com/gui/file/0d98e0007c97324e37dbaceadd478378b1e803ade4bac2e2642603d2ed709b9e/detection covidbase.info faithohp2pohm1einee5.youtubecom.watch # Reference: https://twitter.com/mz_malhunt/status/1272844728950652928 # Reference: https://twitter.com/p5yb34m/status/1273415760052805632 # Reference: https://twitter.com/FewAtoms/status/1273664376470462464 microtechnology.hk/fidex/ microtechnology.hk/wapdast/ # Reference: https://twitter.com/jstrosch/status/1273077060303454209 gpt.alarmasystems.ru/wp-content/themes/twentysixteen/inc/ # Reference: https://twitter.com/reecdeep/status/1273576796735377408 playthefinancialgame.com/createfoldernow/ # Reference: https://twitter.com/JAMESWT_MHT/status/1273922229865234433 # Reference: https://app.any.run/tasks/21a85887-bcb6-4733-b3fa-17137886052e/ http://137.74.137.211 http://45.125.66.95 # Reference: https://twitter.com/reecdeep/status/1273935123910713346 http://45.139.236.5 # Reference: https://twitter.com/jstrosch/status/1274009131603472385 omeubebexxs.org/storage/app/files/ # Reference: https://www.virustotal.com/gui/domain/admindepartment.ir/detection admindepartment.ir # Reference: https://twitter.com/JAMESWT_MHT/status/1275338252531249152 office-services-sec.com # Reference: https://pastebin.com/5QKdKvZH http://80.76.42.107 real-chat.website # Reference: https://twitter.com/cyber__sloth/status/1275339899789553666 89.248.168.197:443 # Reference: https://twitter.com/RobbieWhite98/status/1275781443063623680 aravindweb.in/my_files/others/ # Reference: https://twitter.com/James_inthe_box/status/1275831258216411136 http://37.49.230.204 # Reference: https://twitter.com/_re_fox/status/1275887920910610432 aquacare2.com # Reference: https://app.any.run/tasks/764bc39b-9b3d-4e12-a7e6-4f1f905e7891/ ahjuric.si/Code.txt office-service-tech.info # Reference: https://twitter.com/bryceabdo/status/1275153235620347904 # Reference: https://www.virustotal.com/gui/file/4c9a53b3cc66aef4e9e58e84bc2a873ce2e1ae8a39ac44323aae5c5ac5f443cd/detection 144.202.98.198:8443 # Reference: https://www.virustotal.com/gui/file/65fa0b682baabead9786a6b7d540af673155d32394424e64c77e0ccd509567ae/detection 45.77.249.92:443 # Reference: https://www.virustotal.com/gui/ip-address/81.16.141.208/relations http://81.16.141.208 # Reference: https://app.any.run/tasks/8473c16b-cbb5-4885-a48b-8952654d5031/ blackl1vesmatter.org # Reference: https://twitter.com/BlackonIntel/status/1276166654980956161 http://202.146.222.249 # Reference: https://twitter.com/BlackonIntel/status/1276399848586014720 http://47.112.99.43 # Reference: https://twitter.com/BlackonIntel/status/1276398237868408834 http://194.87.18.147 # Reference: https://twitter.com/FewAtoms/status/1276582665366441984 lont.co.in # Reference: https://www.virustotal.com/gui/domain/akhbarrecords.com/detection akhbarrecords.com # Reference: https://blacklist.cyberthreatcoalition.org/vetted/url.txt 0022a601.pphost.net children.ru.com # Reference: https://twitter.com/p5yb34m/status/1277003721893834752 http://88.119.174.241 # Reference: https://www.virustotal.com/gui/domain/valencaagora.com.br/relations valencaagora.com.br # Reference: https://www.virustotal.com/gui/file/2430b443aa2f97bf06ce3a60d328c379bf8f0df540dbb68523eff1f23cb254af/detection 184.168.221.59:444 50.63.202.34:444 haoqing.me # Reference: https://bazaar.abuse.ch/sample/de5648abf555a4574df8ebf2d2b75dde4ea73639662ae62bf62a109a54f14fd4/ http://170.130.55.135 # Reference: https://www.virustotal.com/gui/ip-address/101.99.90.91/detection http://101.99.90.91 # Reference: https://twitter.com/reecdeep/status/1277510958647250945 # Reference: https://app.any.run/tasks/1077f681-1dce-4232-a044-1d31f7b56a5f/ itsmeyourfriendhi.ga # Reference: https://twitter.com/malware_traffic/status/1277619624243314688 feedingyourhealth.com/oprawilson/ # Reference: https://app.any.run/tasks/5142bb13-4b23-49fa-9312-175979c96ab4/ lotusabloom.com # Reference: https://twitter.com/bryceabdo/status/1277762546414620674 microsoft-ml.ml # Reference: https://twitter.com/JAMESWT_MHT/status/1277866602634059777 http://198.144.176.137 # Reference: https://app.any.run/tasks/031b55bd-61ec-400f-af64-21ac5b79e367/ 838495sd.duckdns.org # Reference: https://twitter.com/JAMESWT_MHT/status/1280123075946844162 83848has.duckdns.org # Reference: https://twitter.com/FewAtoms/status/1280174155955154944 members.westnet.com.au/~perthglory81/ # Reference: https://twitter.com/RobbieWhite98/status/1280518052560412675 excelofficeonline.com # Reference: https://twitter.com/Dr_N0b0dyh/status/1280820643899101185 greattastesmb.ca/wp-content/plugins/duplicator/files/ # Reference: https://www.virustotal.com/gui/domain/seedwellresources.xyz/relations seedwellresources.xyz # Reference: https://twitter.com/InQuest/status/1280938328494346241 cattelenitalia.icu # Reference: https://twitter.com/James_inthe_box/status/1280893749099290624 # Reference: https://app.any.run/tasks/39bc7028-ac54-433f-b776-4a715bdd4906/ 162.244.81.87:443 # Reference: https://twitter.com/MaelSecurity/status/1281258899652456448 altechsolutions.sg # Reference: https://app.any.run/tasks/3b8c15b9-9846-4aec-a414-5014faeebfaf/ http://45.32.111.52 # Reference: https://twitter.com/Dr_N0b0dyh/status/1281563732963885056 comawhimplet.com # Reference: https://twitter.com/Dr_N0b0dyh/status/1281592784407990273 our20203.duckdns.org # Reference: https://www.virustotal.com/gui/file/a5d8bd3aea834c9bc0fb8b0a4853e75eeae28f0581cc0c90ca53dfc57128eb43/detection mschatting.r-e.kr # Reference: https://twitter.com/James_inthe_box/status/1282690108605427712 z.zz.ht # Reference: https://www.virusradar.com/en/Win32_TrojanClicker.Clidak.A/description # Reference: https://www.virustotal.com/gui/file/980ef75a800eba45c7cb64b4c1bcc61a3b0cdf92854c24dbf1ea0f3fe4cad944/detection # Reference: https://www.virustotal.com/gui/ip-address/65.254.51.42/relations http://65.254.51.42 dhj.serveftp.com phk.serveblog.net # Reference: https://twitter.com/cyber__sloth/status/1282967458727559173 141.98.213.151:443 # Reference: https://twitter.com/James_inthe_box/status/1283030572604874752 anythingbilliest.com # Reference: https://twitter.com/KorbenD_Intel/status/1282805567661019136 http://5.206.224.211 # Reference: https://twitter.com/James_inthe_box/status/1283032087298072576 bloomcareltd.co.uk/wp-content/uploads/2020/06/files/ # Reference: https://www.virustotal.com/gui/ip-address/81.177.141.11/relations # Reference: https://www.virustotal.com/gui/domain/frefou.ru/relations # Reference: https://www.virustotal.com/gui/domain/tokyofunkowildvaley.ru/detection # Reference: https://www.virustotal.com/gui/file/ba8d3d5d0d4b0d2178ea3ed1ff72e49ac8f6b608aac2718c6cf9904390dbeb80/detection 81.177.141.11:443 chokun.ru frefou.ru tokyofunkowildvaley.ru # Reference: https://twitter.com/luc4m/status/1283438173020803072 offthewall.top # Reference: https://twitter.com/_re_fox/status/1283486522981974017 # Reference: https://www.virustotal.com/gui/ip-address/185.172.110.210/relations http://185.172.110.210 # Reference: https://www.virustotal.com/gui/file/14a0b3003b983e26096094b066c6488b21850f7d379244492affa602655b9d94/detection dueuekekdd833234.publicvm.com # Reference: https://app.any.run/tasks/09e4db88-e007-45df-b7b7-9d485249d0a3/ 185.99.2.49:443 185.99.2.49:80 45.148.120.142:443 45.148.120.142:80 78.108.216.13:443 78.108.216.13:80 # Reference: https://www.virustotal.com/gui/domain/ntro.fr/detection ntro.fr # Reference: https://twitter.com/pancak3lullz/status/1283791016588451842 http://198.46.198.118 # Reference: https://twitter.com/Bl4ng3l/status/1283853966795780097 http://51.77.225.87 # Reference: https://twitter.com/jcarndt/status/1283799735065862144 http://185.14.31.56 # Reference: https://twitter.com/Dr_N0b0dyh/status/1284155801813372930 insightout-me.com/backup/ # Reference: https://www.virustotal.com/gui/domain/ramukakaonline.com/relations # Reference: https://www.virustotal.com/gui/domain/shubhinfoways.com/relations # Reference: https://www.virustotal.com/gui/file/475d81dda1f6fd4e8fe7038d406b874519986a94832a51fbafafe023dd5c5ad2/detection ramukakaonline.com test2.cxyw.net shubhinfoways.com sustainableandorganicgarments.com # Reference: https://pastebin.com/Hc73BzJT francehayon.fr # Reference: https://www.virustotal.com/gui/ip-address/185.11.167.190/detection http://185.11.167.190 # Reference: https://app.any.run/tasks/49ebad37-e6e0-4e82-9a1f-3d88e1c90a4e/ madibarohilala.ddnsgeek.com # Reference: https://app.any.run/tasks/097bbd0b-74c4-47b4-9f4d-201ee4c38a4a/ salesforce-ibmcloud.kozow.com speedfinance-cloud.gleeze.com # Reference: https://twitter.com/James_inthe_box/status/1285294414475087872 thirdchidet.com # Reference: https://www.virustotal.com/gui/file/5fb20cca77d85fedf3653f24c8109d985c946955ad50ffd18bff9e33d64bc5ef/detection http://124.160.126.238 # Reference: https://www.virustotal.com/gui/domain/22ssh.com/detection 22ssh.com # Reference: https://www.virustotal.com/gui/file/5d05b5938fc802c4e22f5b85cbf5b332297cc63800f2eb0fb4e667035587a6af/detection 361com.com # Reference: https://www.virustotal.com/gui/file/7456e451f3c209fda2c5dd276acbb84e6c6055c48c28773396c87355c027ec4f/detection 4i7i.com # Reference: https://twitter.com/InQuest/status/1285686606276562946 allmedicalpro.com # Reference: https://twitter.com/jorgemieres/status/1285681527666483200 # Reference: https://twitter.com/jorgemieres/status/1284213293712838657 stationery.best stationery.link # Reference: https://www.virustotal.com/gui/file/72a908033a308ec5da4e384c2c6efb33405afc50688033849783267e6fb1bddc/detection office-supply.top # Reference: https://twitter.com/malwrhunterteam/status/1285910669238382592 # Reference: https://twitter.com/bryceabdo/status/1285925420890824706 # Reference: https://otx.alienvault.com/pulse/5f187f5e30e61988f5d51a52 facbeookloggin.com facebokloggin.com faecbooklogin.com fireeyee.com kasparksy.com microsotflogin.com # Reference: https://twitter.com/emirca_/status/1286037814380044294 # Reference: https://www.virustotal.com/gui/file/a4aa745edd8032f8fa45ca76262dcf218322ee4e715addea5bb6545ba2e229a9/detection http://70.37.67.191 briendmaster.duckdns.org bustvch.com # Reference: https://twitter.com/JAMESWT_MHT/status/1286268666431123456 penir.net # Reference: https://www.virustotal.com/gui/file/d72133df3fee1d91fcab0adb532459b6c0044e7f8b4ca542fa3f6ae470b42be1/detection http://185.146.157.171 # Reference: https://twitter.com/KorbenD_Intel/status/1286767861348753409 http://88.150.221.122 # Reference: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/lockscreen-ransomware-phishing-leads-to-google-play-card-scam/ # Reference: https://otx.alienvault.com/pulse/5f1b43526f61f735c9560f23 whoawareness.com # Reference: https://twitter.com/FewAtoms/status/1287010471283953665 class.britishonline.co/admin/user/ class.britishonline.co/tag/tests/ # Reference: https://twitter.com/malwrhunterteam/status/1287094489149059073 cannoninstrument.co ecowasloan.com # Reference: https://www.virustotal.com/gui/domain/payeermine.com/relations payeermine.com # Reference: https://www.virustotal.com/gui/file/98917be41e446698aaf1dcb464bfc27ca686c56e2636e2801e6e8c46929e5f71/detection office-files.pw # Reference: https://www.virustotal.com/gui/file/65002536a1187a53bc90956d2b73079d4319b3ca6ad3150f02394efcf64e56bd/detection onlinesnotes.top usamailnet.top # Reference: https://www.virustotal.com/gui/ip-address/47.241.145.99/relations office-supply.top # Reference: https://twitter.com/FewAtoms/status/1288527091936497666 royerconseil-finances.ch/js/tiny_mce/temp/ # Reference: https://twitter.com/IronNetTR/status/1288506810748538892 8hebrew.website # Reference: https://www.virustotal.com/gui/file/c63401a07c3e4c8d8658413c437c7c77d7b7543f8f5a6227b524ed06bf4fcc21/detection auxmalishoes.ga # Reference: https://www.virustotal.com/gui/file/dd77e1f820bd2a57c943f806f628e803708652142e6b691ae3495a39d9a297d2/detection ecoshore.ga # Reference: https://twitter.com/malware_traffic/status/1288968378951106560 marketingstrategiesinc.com/eblast/ # Reference: https://twitter.com/KorbenD_Intel/status/1289274346561708032 http://40.125.65.33 # Reference: https://twitter.com/jaimeblascob/status/1289649571463798784 # Reference: https://github.com/stamparm/maltrail/pull/10155/commits/a7f67c994a26b0191f07af4f29e089fa5c471891 # Reference: https://www.virustotal.com/gui/file/4c6a7aabb3a1d45a0d1cc7d2251178521737f5b34c1c9c477665e81c539addc9/detection http://63.250.34.191 # Reference: https://twitter.com/0bfusCat/status/1247497286051139584 http://5.231.144.2 # Reference: https://twitter.com/0bfusCat/status/1181529470475362304 # Reference: https://app.any.run/tasks/f6d7cc92-3215-4103-baeb-eb424016f885/ http://3.86.56.191 # Reference: https://www.virustotal.com/gui/file/a38216166e363d752f37bdf0419d2e2694279beab8df66d40f56c679563e7a4f/detection http://185.173.26.156 # Reference: https://www.virustotal.com/gui/domain/becommodal.com/detection becommodal.com # Reference: https://app.any.run/tasks/6bcce7b0-611d-4d44-865d-7ca0765f9bff/ epyorke.edu.bz # Reference: https://app.any.run/tasks/27f1e600-b8fc-4c18-a6f0-b35799393cdc/ # Reference: https://www.virustotal.com/gui/file/6f8fcaac6fd0664838ccfe07924cf97af5056b3868aaaf8fd12560c3a9e8ac41/detection fugitdeacasa.ro # Reference: https://twitter.com/VK_Intel/status/1291649978574741509 # Reference: https://www.virustotal.com/gui/file/d54b73a94d481ee2917e42ba3d4ea3b70f368bb13cebf5b8824257907ac84ff1/detection 103.103.130.120:8888 # Reference: https://www.virustotal.com/gui/file/504f8f447c30f65aa2b327e856c246269eb7586eead1a158b19dfc71d24989ac/detection http://122.51.171.161 http://198.71.233.197 # Reference: https://www.virustotal.com/gui/file/9b55ac5adb1d3b28f19a6dd755071a0ee815c5bd633d3c8065d038fd9b5142e0/detection crackpoint.xyz # Reference: https://www.virustotal.com/gui/file/11871e6ef76854545dde5d56a380f7de9e65dcd59209026649d1430f8a6444f8/detection http://113.160.165.75 # Reference: https://twitter.com/_re_fox/status/1292831232368271362 # Reference: https://app.any.run/tasks/a8411930-8d61-4e8a-84ef-945ccbbec943/ 022802bcfcb3dbcd1a224f29537f6ac0.host # Reference: https://twitter.com/James_inthe_box/status/1292824016827199489 sandiegoseaworldtickets.com/baba/ # Reference: https://twitter.com/James_inthe_box/status/1291360398294175744 evolutionpublicidad.com/wp-admin/js/bgn/ # Reference: https://twitter.com/KorbenD_Intel/status/1292902929586728960 http://106.53.29.114 # Reference: https://twitter.com/ANeilan/status/1292939552085233664 # Reference: https://www.virustotal.com/gui/ip-address/217.182.54.208/relations kalihost.ml kalihost.tk # Reference: https://twitter.com/reecdeep/status/1293089692418822145 fswaeste.co.uk # Reference: https://unit42.paloaltonetworks.com/script-based-malware/ crypterfile.com # Reference: https://www.virustotal.com/gui/file/1e316de8fb7ffb3f0e77c754207aa3b5ea96e82b631b79bbe3be0ab77c077511/detection http://167.99.221.195 # Reference: https://twitter.com/jorgemieres/status/1293231216301408258 jmmstore.ae # Reference: https://www.virustotal.com/gui/file/cc4fc1e56d9fc9c525fd6a1880dc806f26b1c5022f60e30de4e974f06d1e85e9/detection # Reference: https://www.virustotal.com/gui/file/f3ebeeeba13c82daef9731a5f3e8dbe535e963f83e531918ba1a8904b094d3b8/detection http://176.121.14.231 176.121.14.231:443 # Reference: https://twitter.com/malwrhunterteam/status/1293916383491710979 # Reference: https://www.virustotal.com/gui/ip-address/80.82.67.190/relations http://80.82.67.190 80.82.67.190:443 quikview-update.com # Reference: https://twitter.com/abuse_ch/status/1294160873259438083 http://185.172.110.214 # Reference: https://www.virustotal.com/gui/file/b8243f7f5b2200dd1b76005d430b4bcdfdaffffb2115dba344fceb7f0c8fd4b1/detection bazhar.site # Reference: https://twitter.com/reecdeep/status/1294282579718406148 # Reference: https://app.any.run/tasks/940319f1-4184-49f8-aa22-9b761e480458/ http://176.96.238.127 176.96.238.128:443 # Reference: https://twitter.com/theDark3d/status/1294668801804468225 fedexmanager.com # Reference: https://www.virustotal.com/gui/domain/skyht.cf/relations skyht.cf # Reference: https://www.virustotal.com/gui/file/ceb511a06d37b33b7891b152a4386c27f06abdea66a6ed6edbfc6af307e9ef34/detection update-prog.com # Reference: https://twitter.com/angel11VR/status/1295662209729781760 privatnidoktoricacak.com/Q9.jpg # Reference: https://www.virustotal.com/gui/file/209cff063a1c0e90c2ae817a39860cf93c804a1e67ebd000eaa11c5431799be6/detection # Reference: https://www.virustotal.com/gui/file/7d51151b82ffb39df5a11c7cb49703dce78d499452946464e42327dcc4355f19/detection # Reference: https://www.virustotal.com/gui/file/0687165c7a9b105319ada7d1ea051a4852a5b2f32c81a322e6af98d0db9d9257/detection iwithu.ru # Reference: https://www.virustotal.com/gui/file/c07ee098c29a441865ec85b7fe00855a4ad4fed128511f0ab1fa48ee11d42c83/detection tokugava.top # Reference: https://twitter.com/James_inthe_box/status/1295889244662059011 a50625ja.beget.tech # Reference: https://www.virustotal.com/gui/domain/winnpxx.info/relations winnpxx.info # Reference: https://www.virustotal.com/gui/domain/winnpxxx.ru/relations winnpxxx.ru # Reference: https://www.virustotal.com/gui/file/897e1dc64f7632acdf64f0efa052b2deffda66e500bdb663087a5a5b44ad7291/detection a0349318.xsph.ru # Reference: https://www.virustotal.com/gui/file/cc92c164b525956380a944af0c50d89236b92bdfd50bcf9533a4e31793207132/detection http://195.123.241.51 # Reference: https://www.virustotal.com/gui/file/ba0e3a2b8390285537e5b47a1d45ad3731347c0f95298797e580b82d1f10f9cc/detection simplex.team # Reference: https://twitter.com/ItsReallyNick/status/1098415667756351489 # Reference: https://www.virustotal.com/gui/file/7248db253aaf79a6092ac429596bab9928b1b0383b7a33141ca72817adb8f30b/detection http://5.206.225.246 # Reference: https://www.virustotal.com/gui/file/238c5ccb8b85f196df27bacd94d7f46609ffe108685dff924cc308f97dde8b78/detection tsunami.hopto.org # Reference: https://www.virustotal.com/gui/file/b742903e8923a24f0afe84f82a01b1034185fa8c803750cb6d878e4dcac802ef/detection project98.ddns.net # Reference: https://www.virustotal.com/gui/file/0ec631602280b59f5818fccc2e3f3a28fed3f9cb69c28703e0d6f20757e65813/detection # Reference: https://www.virustotal.com/gui/file/80745b342289d766b3534502bc03da11a2df77faf58a4e1c2e11ae6923f3cdea/detection # Reference: https://www.virustotal.com/gui/file/f339e7112e5a4484387c4d09d59564d6bf418900da14aaee4025b27139e3c5af/detection 198.54.115.141:443 ethereumcashpr0.com # Reference: https://www.virustotal.com/gui/domain/securedownload2.duckdns.org/relations securedownload2.duckdns.org # Reference: https://twitter.com/InQuest/status/1297920171936567297 http://45.32.112.92 # Reference: https://twitter.com/bryceabdo/status/1297930380549464068 http://62.108.35.95 162.244.80.177:8443 # Reference: https://twitter.com/VirITeXplorer/status/1298199149985312769 http://51.255.155.2 # Reference: https://twitter.com/KorbenD_Intel/status/1298414421455147009 laopermanentmission-jakarta.gov.la/pxy/ # Reference: https://twitter.com/Dr_N0b0dyh/status/1299007006737653762 btcxchange.online # Reference: https://www.virustotal.com/gui/file/a02d30733cb3a332d01c4bf973cf10fd01215df0e6294b6db62c0766ddc8fd38/detection gufjan855.p-t.hk # Reference: https://twitter.com/James_inthe_box/status/1299458240812445696 nakkufoodsafetyconsults.org/bkb/ # Reference: https://www.virustotal.com/gui/file/a089d77a6beadc16977f5683238a7f4d327697ad92a9e4b904ea9472e833f121/detection hfexpres.net # Reference: https://twitter.com/threatinsight/status/1298350560190529538 # Reference: https://www.virustotal.com/gui/domain/tagsmarkt.com/detection tagsmarkt.com # Reference: https://twitter.com/James_inthe_box/status/1300406357753917440 cama.it # Reference: https://twitter.com/p5yb34m/status/1300507364911542272 http://62.108.35.164 # Reference: https://twitter.com/p5yb34m/status/1300547270547369984 http://62.108.35.26 # Reference: https://twitter.com/theDark3d/status/1300665267031355392 sunleafvacations.com # Reference: https://www.virustotal.com/gui/file/1c3d30d7637b1a6fb648b1cf1de6c7a8375337327cd243f87d525c109554db7d/detection http://193.56.29.251 # Reference: https://twitter.com/reecdeep/status/1301137977331060736 thezencon.com # Reference: https://www.virustotal.com/gui/file/d359b6152b5e1077ebcb76adccc7acdb517cc94db18b750a526d27468f8cd9d9/detection ebayapp.tk # Reference: https://twitter.com/JAMESWT_MHT/status/1301456108058533888 poliziadistato.club # Reference: https://www.virustotal.com/gui/file/86b6d966cce450b27df34968190ef979f05da76d7ef5eb9af26ced602dc0ab65/detection # Reference: https://app.any.run/tasks/e27317be-db62-4822-bbcf-4751bf8cc8a2/ elanstudio.hu googlchrm.online # Reference: https://app.any.run/tasks/31076788-db3b-4caa-89de-105c3e389aef/ 4de6fdfe.ts.ctmay.club 4de6fdfe.win.ctmay.club # Reference: https://www.virustotal.com/gui/file/863432a075e8d97467ee4c88f7c66f2c687a5c5a4cbd7602315ca30859f001a0/detection 123pcloud.com # Reference: https://www.virustotal.com/gui/file/6909b629652ab36b09bfd7e3229a6eafe1591c0d6f18b2004a094216ee97ece4/detection infikuje.freevnn.com # Reference: https://twitter.com/jstrosch/status/1301718677419700224 oficina24.online # Reference: https://www.virustotal.com/gui/file/35e01a26ed27259c14fac961c16ab5457d49f93c5e5fb05e9cdbff6a21242e7d/detection http://193.38.55.92 deliverynice.club # Reference: https://www.virustotal.com/gui/domain/fedex-tracking.press/detection fedex-tracking.press # Reference: https://www.virustotal.com/gui/file/ec8a885e2a0e087a6b7b244bcf8bf9034ebc8c5ac48cd78981f119040d153b2d/detection shoolman.ca/config.dll # Reference: https://twitter.com/InQuest/status/1301899838666289155 bestbuywindow.com # Reference: https://twitter.com/ViriBack/status/1302412584000401414 http://162.255.117.6 # Reference: https://twitter.com/lawwait/status/1301408767351894016 seguridadactive.eastus.cloudapp.azure.com # Reference: https://www.virustotal.com/gui/domain/n77568zi.beget.tech/relations n77568zi.beget.tech # Reference: https://twitter.com/ANeilan/status/1302966150108712961 erktay-71.ga # Reference: https://twitter.com/theDark3d/status/1303091496816697345 reg4718182-com.preview-domain.com # Reference: https://www.virustotal.com/gui/file/7663660c3b41d3ec9f8b34ee013a9994851b0bff483ea92a702e08dc9bd86770/detection nvidia.pcriot.com # Reference: https://www.virustotal.com/gui/file/d697907fc8f52925819becd089578023988c5dd7c7a92512b83c2467b9693477/detection ciuj.ir gooddns.ir # Reference: https://www.virustotal.com/gui/file/de99657582ac0f366bb07b95055b1afd1f4967bba5c44f08ca6d6620f5744941/detection cryptotabs.ru # Reference: https://twitter.com/James_inthe_box/status/1304056838200070150 dinosaurdiscovery.co.nz/css/ # Reference: https://www.virustotal.com/gui/file/094ae61b55cd43858e4e2177a16d7154e4c44728a3904681a03b9f30b446312e/detection http://31.28.24.137 # Reference: https://twitter.com/InQuest/status/1304170972363325445 # Reference: https://www.virustotal.com/gui/file/0cf7372d368892af52c430238573396bfd3e628bf53079f5463b57673f1c785e/detection koomj.ru tugunhey.ru # Reference: https://www.virustotal.com/gui/file/3e986ef03b637b87981831279985a0d85f171b65adbc86cb292a64ac10e42ac9/detection babsitef.com # Reference: https://www.virustotal.com/gui/file/932deabfadc89bf8041ed4badf09785cf71ebc1a9959ae156b8c157dbd4b8d1d/detection nusumu.ga nusumu.wtf # Reference: https://twitter.com/JaromirHorejsi/status/1101065746090807297 colompna-youm.ga # Reference: https://twitter.com/jorgemieres/status/1304138405719298052 notafade.top # Reference: https://www.virustotal.com/gui/file/558d74af3a97c63780a28a949407c0d7849a2c5fdb766368f4ed7059e413cd00/detection sttsts.ru # Reference: https://twitter.com/ReBensk/status/1305531443922247680 42seminare.de # Reference: https://twitter.com/jorgemieres/status/1305502984336543744 linkedliqht.com # Reference: https://www.virustotal.com/gui/ip-address/193.37.212.6/relations http://193.37.212.6 # Reference: https://www.virustotal.com/gui/domain/fantasticvilla.xyz/relations fantasticvilla.xyz # Reference: https://twitter.com/Dashowl/status/1307027849719754752 cdn-41111111217-ms-telemetry.net cdn-4111111217-ms-telemetry.net # Reference: https://www.virustotal.com/gui/file/c6e6ca2ddc2c1941bf6285f3ba6aefa2e906ce90b23b02e9d6718b36db8ad243/detection trustedhealthgroup.com # Reference: https://twitter.com/_re_fox/status/1306964495101722636 # Reference: https://www.virustotal.com/gui/file/dff9e0c81264c85b435e4e10db0ac6ae03c05e58b4ce852406cef81d964ea605/detection huimeng.live # Reference: https://twitter.com/malwrhunterteam/status/1310512869394526208 # Reference: https://twitter.com/malwrhunterteam/status/1310515180539908096 # Reference: https://www.virustotal.com/gui/file/375830ba011b666133bd43d01e337aee492db575623263b6a771e68be8955e67/detection 185.224.168.130:3563 185.224.168.130:80 telegram-vip.com # Reference: https://twitter.com/jorgemieres/status/1310572969861754881 # Reference: https://www.virustotal.com/gui/file/70a6f31fa41581e00a0f1e7f95377f48e3a859a8b80096b913b9035c8c6a4628/detection http://60.169.77.137 666.myddns.me # Reference: https://www.virustotal.com/gui/file/f0da35c0d68e20d63d70d48fdab09702709b2809a3c2b3782143235abe956abe/detection mamaxa.xyz # Reference: https://twitter.com/KorbenD_Intel/status/1311054656341266432 kh5vf9vv.com # Reference: https://twitter.com/James_inthe_box/status/1311297127386021888 officestore.co.id # Reference: https://www.virustotal.com/gui/file/83ed45abd2fefc68d1f5fbabbdf566a90f66f76108a315964a30030a14c243b6/detection http://94.156.174.7 # Reference: https://twitter.com/jstrosch/status/1311359445021134848 104.161.77.84:444 # Reference: https://twitter.com/jfslowik/status/1311691210088542208 office-pulgin.com # Reference: https://twitter.com/IronNetTR/status/1311752801844895746 westrasde.com # Reference: https://twitter.com/jorgemieres/status/1304130606222188544 http://103.141.138.133 # Reference: https://twitter.com/FewAtoms/status/1312073100473884677 http://103.125.191.229 http://103.140.251.164 http://103.141.138.130 http://103.141.138.131 http://13.211.173.236 # Reference: https://www.virustotal.com/gui/file/0d06226fdab0976e9d78cc8dc20888f098037815feaa355de99d28bbb9a5d9d9/detection http://108.170.55.202 # Reference: https://www.virustotal.com/gui/file/9ecc42201beb37c82c61e6f7cc41914b8b5eaa0fb19b90f3b3c9dfa9f91406a0/detection teelam9.com # Reference: https://www.virustotal.com/gui/file/ab63a3d0b9a8ca47c8012ba18b8e47466547b8755761abf6a78d49e9bd093000/detection tracebizcomplex.com # Reference: https://www.virustotal.com/gui/file/bc21b8ead78c175ec04e618cb1266d022686e33a8197ff110b32ef283ef187af/detection espera-de.com # Reference: https://www.virustotal.com/gui/file/f7402c16ad79a761c3870e7be5cb9970c7f15d1f135d7c5da1b6188509d5afc7/detection algreno.com # Reference: https://www.virustotal.com/gui/file/da1cb6e49f53ec9338d99436ab398decf38d301adae3a5c897dd5dc7179a0aaf/detection 108.170.55.202:55704 108.170.55.202:55889 kpatelbyes.com # Reference: https://www.virustotal.com/gui/file/aa891ab053d1fa4f3df767cc44e4ca6b783151279d6267dd40c5e8ef4ee3dd0f/detection powerlogs.top # Reference: https://www.virustotal.com/gui/file/7a77a40eb9667194f4d936933970ca798c191636fb57e988afb3cfeb768b2e19/detection uwadiuto.com # Reference: https://www.virustotal.com/gui/file/4bea14f68342a4007d1d1ddc28bb110f7ac2788619eca97742c2ef35b7c9bb08/detection nws-cn.in # Reference: https://www.virustotal.com/gui/file/ba08544bdd05340e7579d144a51cd39cea176fefc83a1110f7664becb69ec43f/detection nwheilcopter.com # Reference: https://twitter.com/IronNetTR/status/1312119323389960193 gov-live-cases-update.xyz # Reference: https://www.virustotal.com/gui/file/9c79b09774aba468bd3cd6a73830bfec78011d68565f57bbd73a798dfc26e22d/detection podsden.com victoryrespect.com # Reference: https://www.virustotal.com/gui/file/b7e3c86a346b49b2eadc4bceb1348270e690568a113a0ecc461c99f58ed61a56/detection only-humans.xyz # Reference: https://www.virustotal.com/gui/file/eebf62940926ad91f7bbf4e127b8e1d75f404536ef25e8ef12f84ace96b6526d/detection qualitycontrols.mx # Reference: https://www.virustotal.com/gui/file/f9a2ff01e3964dd922d47caed20ac0bfa39f5d1f96fd8f3003f68236acd738d9/detection avpabcefjil.com krasnojarski.com # Reference: https://www.virustotal.com/gui/file/f76fca83e19560fbacc25d9e7475c9aec15cc4490bcda636cd0c514b59ea1c1c/detection 81.38.132.197:3502 83.39.116.30:3502 83.47.188.96:3502 543874163.ddns.net # Reference: https://twitter.com/win32kid/status/1312550937047625729 # Reference: https://app.any.run/tasks/2ec6942e-b688-4590-a9bc-34942d13ff57/ # Reference: https://www.virustotal.com/gui/file/b3455d9d3bf50da0762a0d2aa57f4041af76b86024376af1a07b774bb7166ffc/detection httpz.tech lyric-library.000webhostapp.com # Reference: https://twitter.com/malwrhunterteam/status/1313023627177193472 http://45.79.237.92 # Reference: https://www.virustotal.com/gui/file/62cbbf68eb9555bca069893a3daa6621aaf7b43604fd511cc11c5fe038ed9845/detection # Reference: https://www.virustotal.com/gui/ip-address/101.99.90.39/detection donsinout.info invcloud.info # Reference: https://twitter.com/James_inthe_box/status/1313173649642332162 nitrixserver.com # Reference: https://twitter.com/JAMESWT_MHT/status/1313448219964252163 # Reference: https://www.virustotal.com/gui/file/fd68aa2465ae2f9753474773b36d50804cffdf541c851d4ef42b2ae77f701b9a/detection # Reference: https://www.virustotal.com/gui/file/dd2b8ca97ba5a68e3ea5819e9292a5ff8d43a2a33056eb1f755f5c2c5a63947f/detection # Reference: https://www.virustotal.com/gui/file/d104b823ce5e390c264f36b9727b58d0a4602dc6ddae305d01dbff24de5560ec/detection # Reference: https://www.virustotal.com/gui/file/7f5f68e3163fd4aae367b129dc4d519000905b78d66e6933e7b091053eadd98f/detection amvotech.com/wp-admin/images/wpcloud.php # Reference: https://twitter.com/FewAtoms/status/1313513688972828674 altcbs.com # Reference: https://twitter.com/malwrhunterteam/status/1314121888772259845 # Reference: https://www.virustotal.com/gui/file/e8002fbc4bd5e57fd317fb99e3bb2bc8965e94761e37757aed51f3f21486c0ad/detection verifiedad.website # Reference: https://blogs.juniper.net/en-us/threat-research/new-pastebin-like-service-used-in-multiple-malware-campaigns # Reference: https://otx.alienvault.com/pulse/5f7df280cd3c95f0aad5a1fb http://198.12.66.108 italake.com/assets/css/0022.exe # Reference: https://twitter.com/KorbenD_Intel/status/1314251628959076353 sorwatheltd.rw # Reference: https://www.virustotal.com/gui/ip-address/162.0.235.138/relations punneli.com # Reference: https://twitter.com/James_inthe_box/status/1314677701538508800 # Reference: https://www.virustotal.com/gui/domain/helmut01.tech017.net.in/relations helmut01.tech017.net.in # Reference: https://www.virustotal.com/gui/file/51054b5f32ba02c12a8e141f5b522d1457785f9f17d04ba25aeb6f0627525545/detection http://193.53.126.217 # Reference: https://www.virustotal.com/gui/file/3fa9dfafba34b885683809041fd908bc7495e09a2b5cd8d1c2059b1204709d00/detection http://91.198.220.225 # Reference: https://twitter.com/_re_fox/status/1314972578231070720 http://103.133.139.17 # Reference: https://www.virustotal.com/gui/file/d4f2e466297be77e0f8efee83099f3e782877a1cba72c292cfd93d07f760dd5a/detection asc6.kozow.com clockdoplannow.hopto.org egreetcards942.servehttp.com # Reference: https://www.virustotal.com/gui/domain/conf1g.com/detection conf1g.com # Reference: https://twitter.com/k3yp0d/status/1315599772502364161 # Reference: https://www.virustotal.com/gui/file/8e0f6621c094066b2a0e5cf36c156a26366e72cfae3eb8b145d691b6f225e1b5/detection # Reference: https://www.virustotal.com/gui/file/fa115fb6499783cabc60f6b0b893a5b622ba45e6f85fa02de5e6af1a547dbb4b/detection # Reference: https://app.any.run/tasks/5843b866-5082-4d2b-aec0-2803017d727d/ ceeskophishingcampaignAPT1337.com # Reference: https://www.virustotal.com/gui/file/9ea05b312e68099c4adf672f151b4c7a1a97017ddb5762b165c873dd2789a099/detection 69.170.237.82:20 jejakdesa.com # Reference: https://twitter.com/neonprimetime/status/1315767665244483586 # Reference: https://app.any.run/tasks/68a58306-6eec-4773-9bfc-cde1407a5d43/ # Reference: https://www.virustotal.com/gui/file/45b6fb787435620e362685fbc8d323b07810b6fc8188e8fe22b8d0427b56332e/detection http://64.188.21.219 # Reference: https://www.virustotal.com/gui/file/838a8c1b12270b248fd13d1f110998a79ee9442d19fb3f3562dfe734d7033367/detection millsmiltinon.com # Reference: https://twitter.com/KorbenD_Intel/status/1315764616044048386 groups.us.to # Reference: https://www.virustotal.com/gui/domain/org-help.com/detection org-help.com # Reference: https://www.virustotal.com/gui/domain/gd-sirve.com/detection # Reference: https://www.virustotal.com/gui/file/572a24faa8570e3669a2b67aa7600865e9b5538ce8294c6e9557fee659592e9b/detection gd-sirve.com # Reference: https://twitter.com/jstrosch/status/1315993559359684608 elit.com.mx/xls/ # Reference: https://www.virustotal.com/gui/file/57f0fc9a3aee0bc95dd54a22ce66bdf850b3ba28498e57cfe5f28a95bae3faaf/detection http://31.42.186.166 # Reference: https://www.virustotal.com/gui/file/e23cdad77fa6de90822e92ae19f17abc833bb38685b415f5813d280fa1a6a590/detection http://107.173.219.56 # Reference: https://www.virustotal.com/gui/file/8813f733b2fdebca664bd770f002cee35a1c8670a7af78c24bd764185fcf81b7/detection http://94.156.189.248 # Reference: https://app.any.run/tasks/7e41dd5c-ac10-4032-81f5-034c985f26d6/ http://101.99.91.165 # Reference: https://www.virustotal.com/gui/file/b451b884612f400dca31813c295539306ae32b86b558e64e39b07f881bfbe3a4/detection http://178.62.19.66 # Reference: https://twitter.com/FewAtoms/status/1316438791280832513 mscni.org # Reference: https://www.virustotal.com/gui/file/231e243eb10755413f784acf5cfd793bdd4e88f0898a342c0c6c30a527548d8d/detection http://5.39.221.49 # Reference: https://www.virustotal.com/gui/file/8258ff36cc4bf39ce407adee123e866c8880ee0153cb3497a493c769aac19757/detection http://185.212.131.241 # Reference: https://www.virustotal.com/gui/file/2eb1dea1a8d085d871ae834fee4864079371c3c7c199336319ed8cf291e2623e/detection http://109.230.217.13 http://109.230.246.66 # Reference: https://www.virustotal.com/gui/file/6705824b8c2fc43fd8e6c8999b638c39ea11a79e8614e75b8b1f9451a93e005b/detection littlegreenhands.org # Reference: https://twitter.com/Marco_Ramilli/status/1317074873064239108 # Reference: https://twitter.com/James_inthe_box/status/1317088059641319424 alternasaludspa.com/1/ melonco.com/1/ # Reference: https://www.virustotal.com/gui/file/c0a7dfca7eda9d3f170e318428984c17b9737d4e53c291a227f97863ea30827e/detection salesgroup.top # Reference: https://www.virustotal.com/gui/file/34d1451c8ac71d3eb9582092492d4b50a4202b962d8a7cff5cce9c93823aec5d/detection http://217.8.117.77 # Reference: https://twitter.com/malwrhunterteam/status/1317504898309697541 cmtdevwp.com # Reference: https://www.virustotal.com/gui/file/1964db2e767cbecc8aedad70f84974da81e88c9ce47210abd6c115cfbaa80222/detection vds2018.space # Reference: https://www.virustotal.com/gui/domain/zi-chem.co/relations zi-chem.co # Reference: https://twitter.com/James_inthe_box/status/1318923060762701824 escas-lk.com # Reference: https://twitter.com/malwrhunterteam/status/1318900812094066693 http://5.34.178.103 # Reference: https://www.virustotal.com/gui/file/f50b95b06989cbfd7009c6e5638f9636d9b19218952e14b874488f036338fe33/detection yassinebolard.tk # Reference: https://twitter.com/malwrhunterteam/status/1319218507154939905 # Reference: https://www.virustotal.com/gui/file/67418cd16e3b672ab0759bb72c2e056da27c433b16dc1a29c13b55f68204e1c6/detection com-net.site modal-agency.info # Reference: https://twitter.com/malwrhunterteam/status/1319351207350181888 file-downloads.club # Reference: https://twitter.com/malwrhunterteam/status/1319640676850671616 fjetsam.com # Reference: https://www.virustotal.com/gui/file/cf1927ab098bdaace7eabc39ae410f39e47433a993ef602eb59dee5923bef042/detection # Reference: https://www.virustotal.com/gui/file/e7baae3067f928b48fbfc5ff6101d8ae15e17021b03d2c45a0cc147a181ef79b/detection 09.justcounter.com bighyip-monitor.com brazauskas.info # Reference: https://ideone.com/CYMY4 http://115.68.2.15 http://116.127.121.27 http://117.21.224.2 07tqqwem.ru 0uon.com 0up.ir 0uw.ru 1140.co.kr 1.153.cc 1-box.ru 1.cramssdeleviesor.co.cc 1.duote.net 12.duote.org # Reference: https://twitter.com/ninoseki/status/1320190516466569217/photo/2 ssddtg.icu toterh.pw # Reference: https://twitter.com/FewAtoms/status/1320356668367114241 http://145.239.35.192 # Reference: https://www.virustotal.com/gui/file/5a7c4c3e157d060b2fde02428557b1ba0c3d7c96181ead704ccc7a19bfc51582/detection updateadober.viewdns.net # Reference: https://www.virustotal.com/gui/file/58089bdd548b2f5075e5baab7dc7045d62561d811d9cb2f27e0c4defcb34e1ed/detection http://66.70.188.115 # Reference: https://twitter.com/FewAtoms/status/1320791439610122245 redesuperpops.com.br/kalidoc/ redesuperpops.com.br/spike/ redesuperpops.com.br/trends/ # Reference: https://twitter.com/InQuest/status/1321043053218566146 http://216.170.114.73 # Reference: https://twitter.com/InQuest/status/1321062576063762433 http://192.3.152.134 # Reference: https://twitter.com/InQuest/status/1321114421347913729 http://23.249.162.110 # Reference: https://twitter.com/InQuest/status/1321414392630620160 http://107.173.219.115 # Reference: https://twitter.com/InQuest/status/1321354871749156866 # Reference: https://www.virustotal.com/gui/domain/duracom.ga/relations duracom.ga # Reference: https://www.virustotal.com/gui/domain/dimaopdb.beget.tech/relations dimaopdb.beget.tech # Reference: https://twitter.com/FewAtoms/status/1321171900438032385 http://45.141.84.184 # Reference: https://twitter.com/FewAtoms/status/1321180474283380741 http://209.141.35.239 # Reference: https://twitter.com/malware_traffic/status/1321182175916679168 http://69.30.232.138 # Reference: https://twitter.com/InQuest/status/1321447024227737601 http://216.170.114.73 # Reference: https://twitter.com/InQuest/status/1321443374273056769 http://216.170.126.109 # Reference: https://twitter.com/InQuest/status/1321529831318761473 http://75.127.1.211 # Reference: https://twitter.com/InQuest/status/1321574093204979714 http://78.128.92.94 # Reference: https://twitter.com/InQuest/status/1321735654318002183 http://192.3.141.134 # Reference: https://twitter.com/InQuest/status/1321887102716596231 http://103.125.191.123 # Reference: https://twitter.com/InQuest/status/1321947723977936897 http://75.127.1.211 # Reference: https://twitter.com/InQuest/status/1333423214807146502 http://104.37.172.209 # Reference: https://twitter.com/InQuest/status/1326887249024331776 http://198.23.213.25 # Reference: https://twitter.com/InQuest/status/1328147418941157379 http://198.12.84.47 # Reference: https://twitter.com/InQuest/status/1333763922747416585 http://216.170.114.70 # Reference: https://twitter.com/InQuest/status/1333075764414177286 http://216.170.126.121 # Reference: https://twitter.com/InQuest/status/1333517270270812161 http://149.3.170.144 # Reference: https://twitter.com/InQuest/status/1330593315855740934 fancy-yoron-0802.boyfriend.jp # Reference: https://twitter.com/sarebour/status/1315625320976994304 # Reference: https://www.virustotal.com/gui/domain/bunkhouseventure.com/relations bunkhouseventure.com # Reference: https://www.virustotal.com/gui/ip-address/72.21.81.240/relations 72.21.81.240:80 # Reference: https://twitter.com/smica83/status/1321716870584672261 http://46.183.222.25 # Reference: https://twitter.com/_re_fox/status/1321922917496737795 judax.live # Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Chepvil-A/detailed-analysis.aspx http://109.94.220.52 # Reference: https://www.virustotal.com/gui/ip-address/23.223.200.195/relations 23.223.200.195:80 # Reference: https://www.virustotal.com/gui/file/d0d031cd3950c39950b082192a532c1ed2415ba01f33495113e611c08c8e9305/detection kozbot.xyz # Reference: https://blog.sucuri.net/2020/11/css-js-steganography-in-fake-flash-player-update-malware.html lopiax.us # Reference: https://www.virustotal.com/gui/file/91647ac947d5d5d3a0dc69e98070bfc2f9841d7839b579d69c524b02869a497f/detection http://91.92.128.201 ptc-latam.com # Reference: https://www.virustotal.com/gui/file/81940f757b93af4af9c146ed068abe089baaff3181863ba9e6ddae54ec5cb5d9/detection http://185.172.110.201 # Reference: https://www.virustotal.com/gui/domain/microsoft-shop.com/relations microsoft-shop.com # Reference: https://twitter.com/malwrhunterteam/status/1323947874602897408 # Reference: https://www.virustotal.com/gui/file/2d649a5a2ac07b53053c66c8007b939818629b757ff25a5d2bfa0b0f0c063857/detection flash-plays.com # Reference: https://www.virustotal.com/gui/domain/flsah.com.cm/detection flsah.com.cm # Reference: https://twitter.com/KorbenD_Intel/status/1323654449252872192 tethercloud.net # Reference: https://twitter.com/MBThreatIntel/status/1323671059090993153 http://103.153.79.195 # Reference: https://www.virustotal.com/gui/file/3c18438a9fc9aec1ce0e6d2be9f6f676424b4f8ffd844ac2d1a90b32a5bf0098/detection chrandinc.com # Reference: https://www.virustotal.com/gui/file/cca24cf66321e5b2f63bb52b5183e9cc437bf1b59d5f34043307dbd3ab02ae62/detection americanspecialtyinsurancegroup.com # Reference: https://www.virustotal.com/gui/domain/micorsoft.cc/relations micorsoft.cc # Reference: https://www.virustotal.com/gui/file/9693bcea91bc27b23f55193e3836711b53f0436ff7b6de48a50825d817e75f29/detection ultimatenutritiononline.com/good/ # Reference: https://twitter.com/KorbenD_Intel/status/1324491660848365568 http://34.91.240.51 # Reference: https://www.virustotal.com/gui/file/b5d95d5b099d97bb34b67c04edd6e58626d49eb0c234b71c58f06d6169741f39/detection offices-cloud.com # Reference: https://www.virustotal.com/gui/domain/microsoftupa.com/relations microsoftupa.com # Reference: https://twitter.com/InQuest/status/1324795639885111302 # Reference: https://labs.inquest.net/dfi/sha256/abac16a4ab770d5802686e27c3e13c62f26c1ddea5e8339f1f4e1b4d5d6600f7 kaf-public.s3-eu-west-1.amazonaws.com # Reference: https://twitter.com/ffforward/status/1324779832333488128 swalgrave.com # Reference: https://www.virustotal.com/gui/file/ca20e6d6fc14a5a1b07747c95d04fa6fa593fbeda1be5b0eb84495d60fc59e01/detection cp87128.tmweb.ru # Reference: https://www.virustotal.com/gui/domain/soloforminlink.org/detection soloforminlink.org # Reference: https://twitter.com/bad_packets/status/1325141763514798080 # Reference: https://www.virustotal.com/gui/file/69b7dfad97f3d224b75c511ea64f87cf635139b7db818d7a92ce2015a95b8519/detection 217.8.117.137:80 # Reference: https://www.virustotal.com/gui/file/2b50151658c526e8d5dd1eb2ccc989ead663b4c07792c903f0259a1cc9255959/detection 472924.selcdn.ru # Reference: https://www.virustotal.com/gui/file/533de57e0c74febc1a0ea781136511f2b4c03d6bf689919c97da0e03704fc2e9/detection mir.7jp.cn # Reference: https://www.virustotal.com/gui/file/eb9b9b5796b62c2b3006a221536629ab3cfc525c0261e7555ad5a686c47024e7/detection stresser.services # Reference: https://twitter.com/_re_fox/status/1325809653100539904 http://45.77.191.82 # Reference: https://twitter.com/James_inthe_box/status/1325809800068804609 zepham.com/file/ # Reference: https://www.virustotal.com/gui/file/f0135e7183050d119c2fdc82d6b3fe712a169ba0b74b6d689064e480214a33f3/detection specialtyaltruistic.com # Reference: https://www.virustotal.com/gui/file/6499b3ecff1d79dbab7cccc698a1062f0f297031d02996a5f1bebf992653a18d/detection # Reference: https://app.any.run/tasks/c7095708-8135-48a1-8260-39f2de2401fc/ http://151.80.220.125 # Reference: https://app.any.run/tasks/77f8bb6c-f055-4405-9438-c608ba947ebb/ tennysondonehue.com # Reference: https://twitter.com/FewAtoms/status/1326222282075811840 hechiceriadeamoryprosperidadisrael.com/imagenes/amarres/ # Reference: https://twitter.com/InQuest/status/1326258921833684992 msdn-updates.azureedge.net # Reference: https://www.virustotal.com/gui/file/aee8a95953aeef3346036ad7c6ef4ed810d7d7b3300c00de31c4d032313519b4/detection # Reference: https://www.virustotal.com/gui/file/71c9ae337a763e6df591080e34b439b7c927b3ef49315e10a04a91c30b5d98e4/detection ffdownload.online fffdownload.xyz freeprivacytools.ru privacytoolsfree.site stat-srv.network truckscales.com # Reference: https://www.virustotal.com/gui/file/50d214d5c28d4fe7980d89449aed8714b12285ec9f7e21e3bf21c66d3f2797d0/detection diqp.top wihumanld.com # Reference: https://www.virustotal.com/gui/file/eead77418d69043a8a2aff74fff2292890bca6d6cd26140800f1041f87867452/detection cjrmps.com fddnice.pw zxfc.pw # Reference: https://urlhaus.abuse.ch/host/cape-eye.co.za/ cape-eye.co.za # Reference: https://twitter.com/wwp96/status/1335680464993079297 # Reference: https://app.any.run/tasks/e72c08a0-1cb1-4691-b30c-5e94ee3d3802/ # Reference: https://www.virustotal.com/gui/file/d5ace9c31d5e44b58f4c73f014caec047fac79f4d5a44a9c3e20153c5e8045be/detection acetaldehydetoxicity.com/wordpress/chromium.exe web24host.com/a/a/www//1.jpg web24host.com/a/a/www//2.jpg web24host.com/a/a/www//3.jpg web24host.com/a/a/www//4.jpg web24host.com/a/a/www//5.jpg web24host.com/a/a/www//6.jpg web24host.com/a/a/www//7.jpg web24host.com/a/a/www//main.php # Reference: https://www.virustotal.com/gui/file/33a7196538a17da13cc67b31162c14d0f3f473816b98f75f01709eda2b1464a7/detection playwithme.emailonlinemoney.com # Reference: https://www.virustotal.com/gui/file/d0056dc81acbc4ea4fa63420e780f58beba75a1d5ad1111e3194689f9d241120/detection e8.ssigu.ru tb6fo.jumevty.ru # Reference: https://www.virustotal.com/gui/file/d0ef59cdc766a5abb2c652273bcd713aaf660c6631154f78c1fc028934ebd083/detection 2menu.mx/a1/ # Reference: https://www.virustotal.com/gui/domain/rsl-t-mobile.com/detection rsl-t-mobile.com # Reference: https://twitter.com/malwrhunterteam/status/1326798766293331970 http://45.141.84.182 # Reference: https://www.virustotal.com/gui/domain/sparepartiran.com/relations sparepartiran.com/js/ # Reference: https://www.virustotal.com/gui/ip-address/111.90.149.233/relations http://111.90.149.233 # Reference: https://www.virustotal.com/gui/ip-address/216.244.73.139/relations http://216.244.73.139 # Reference: https://www.virustotal.com/gui/file/f768df4d6a625f578a6ebb65f34ee6cb1279e28111f4dc5ba525827e8d9851cc/detection http://192.3.31.220 # Reference: https://urlhaus.abuse.ch/browse/tag/AveMariaRAT/ http://5.196.207.55 # Reference: https://twitter.com/FewAtoms/status/1326935534971785216 indiaohc.com/file/ # Reference: https://thedfirreport.com/2020/11/12/cryptominers-exploiting-weblogic-rce-cve-2020-14882/ # Reference: https://otx.alienvault.com/pulse/5fad78631749dbff71a31f55 # Reference: https://www.virustotal.com/gui/ip-address/178.128.242.134/relations # Reference: https://www.virustotal.com/gui/ip-address/185.92.222.223/relations # Reference: https://www.virustotal.com/gui/file/58bb90f11070a114442c4fa1cbbccefadcdf954510ae2b8d91c9b22b1a8a42d5/detection http://95.142.39.135 # Reference: https://twitter.com/jstrosch/status/1326934666209873920 elvbs.store # Reference: https://twitter.com/JAMESWT_MHT/status/1327198617560559618 http://45.138.72.84 # Reference: https://www.virustotal.com/gui/domain/cinemoolper.club/detection cinemoolper.club # Reference: https://twitter.com/FewAtoms/status/1327638169500741637 tastelaspices.com/ccss/ # Reference: https://www.virustotal.com/gui/domain/globalvehicleimports.com/relations globalvehicleimports.com # Reference: https://twitter.com/wwp96/status/1327892015468732416 dannexgh.com # Reference: https://www.virustotal.com/gui/file/b072c748e685183ae8265058fde6a93675029cc776130ce6eac047f13850de53/detection # Reference: https://www.virustotal.com/gui/file/d2f165674c38a737e83d2adeb8db6f200fba190afee7b8db49e37c39b3aa80d6/detection markalsf.ru markalsk.ru # Reference: https://www.virustotal.com/gui/file/b4ebbd4b3e5cb4427726ea3988d317ed086cd0a9a7e3febb24954047c31909fc/detection qwertzx.ru qwerkkc.ru qd34gf23.ru qd34g34ewdfsf23.ru # Reference: https://www.virustotal.com/gui/file/b11768cc2dee45a7d27a461de847066a3eea60892cbd53c1bff2e419ef17a347/detection marcapinyo.ru # Reference: https://twitter.com/wwp96/status/1327906357484392450 # Reference: https://www.virustotal.com/gui/file/d49fb51090347e5f2138a026b9a995e4d40ffee20ad0773c225c1b0e2043d104/detection http://45.153.243.122 pool090.telepuzz.net bestzip.space ismypanel.host nvidsame.com suomenen.com # Reference: https://twitter.com/wwp96/status/1327924803681079297 alc-ao.com # Reference: https://twitter.com/wwp96/status/1327921450280488960 # Reference: https://app.any.run/tasks/f31e4792-5a26-47db-a6d0-03c3c8b16cd9/ frgtmexiredirieofjhwdssda.australiaeast.cloudapp.azure.com # Reference: https://app.any.run/tasks/4240f9e5-1c31-4958-9f74-fc5256e669be/ n9vm.gotdns.ch # Reference: https://twitter.com/wwp96/status/1328087453392130052 http://45.129.2.137 # Reference: https://twitter.com/wwp96/status/1328090086693629955 liokhgtas.shop # Reference: https://www.virustotal.com/gui/file/776fd5585c4cae16f60f83e92b0c5b84c3796c3e269975794cb3258b1580163f/detection kakaxa.xyz # Reference: https://twitter.com/jstrosch/status/1328176684638539779 http://198.23.212.166 # Reference: https://twitter.com/wwp96/status/1328308638470066177 sparepartiran.com/js/ # Reference: https://twitter.com/wwp96/status/1328321984397185028 http://35.180.137.10 bals.gq # Reference: https://twitter.com/malwrhunterteam/status/1328322570928746496 http://172.104.63.157 # Reference: https://twitter.com/wwp96/status/1328325861456699394 http://185.239.242.76 # Reference: https://twitter.com/wwp96/status/1328339029021118465 # Reference: https://app.any.run/tasks/27a07edd-459f-47d7-895b-30be0fa69ccb/ # Reference: https://app.any.run/tasks/ecc90db0-667c-4848-a3a7-42763f7de0bd/ setupdnsbase.cc # Reference: https://twitter.com/_re_fox/status/1328363231870660608 # Reference: https://app.any.run/tasks/dec8ba07-aa92-4525-95cd-d4d62cc164e5/ # Reference: https://www.virustotal.com/gui/file/d5b652683b2859e650181b0c488c2cd84565ff01fd09dc811fc0b0166e32882a/detection # Reference: https://www.virustotal.com/gui/file/002d97585e2ea7b8c76a60bc576edc0d418b4b0847a011ff2c75615ab359eec6/detection logins.online updateld.xyz # Reference: https://twitter.com/wwp96/status/1328368970932645896 http://88.218.16.144 # Reference: https://twitter.com/jorgemieres/status/1328395087383064576 stoplyingme.com # Reference: https://twitter.com/Unit42_Intel/status/1328425382140387328 # Reference: https://github.com/pan-unit42/tweets/blob/master/2020-11-16-Cobalt-Strike-IOCs.txt 99promo.com # Reference: https://www.virustotal.com/gui/file/761ebbde90121cde57d219520adb891f0156862e4105e1fa2c81b6896ee80267/detection mofsetbay.ga # Reference: https://twitter.com/InQuest/status/1328606836677808128 sitesimobisis.com.br # Reference: https://www.virustotal.com/gui/domain/dnsfordomains.ru/detection dnsfordomains.ru # Reference: https://twitter.com/InQuest/status/1328767271632822274 piratesmoker.com # Reference: https://twitter.com/wwp96/status/1328857237452972032 http://185.239.242.117 # Reference: https://app.any.run/tasks/80903179-908a-4199-bc89-d3f1390a0bd3/ http://151.80.8.30 # Reference: https://www.virustotal.com/gui/ip-address/70.37.102.40/relations http://70.37.102.40 # Reference: https://twitter.com/jstrosch/status/1329484445750013952 # Reference: https://www.virustotal.com/gui/domain/dllth.com/relations dllth.com # Reference: https://www.virustotal.com/gui/domain/mangero.ga/relations # Reference: https://www.virustotal.com/gui/file/8b1fa0eb55cc733422402c4f0c8553b35d12c6223994014c7d1526b3f42d9dbd/detection mangero.ga # Reference: https://www.virustotal.com/gui/file/82b2e983181018e2f465f94ccc98f5eba6b1bcc05e995acd73581e0752901816/detection monetization.business # Reference: https://www.virustotal.com/gui/file/a3b724cb276a5554831a05c1a6bfe6117dcfc64f2156222a432a73a4433b4758/detection u4p9wo4kgybo.top # Reference: https://twitter.com/petrovic082/status/1331555043024236544 # Reference: https://twitter.com/petrovic082/status/1331555667891679235 neverstdywalkachinese2loneinlifekstfnp.ydns.eu plugstdytransportationalexpertsystpqb.ydns.eu # Reference: https://twitter.com/malwrhunterteam/status/1329854744429531143 http://52.30.22.138 # Reference: https://twitter.com/wwp96/status/1329958820865576967 http://198.23.212.152 # Reference: https://twitter.com/wwp96/status/1329982578846294022 http://192.236.178.121 # Reference: https://www.virustotal.com/gui/file/9bfa6dab8f626aae79e70d378eb393c96f3e247c7c4f6919b59167390cb8527c/detection http://188.165.56.102 # Reference: https://twitter.com/wwp96/status/1330326379041320960 http://194.147.115.117 # Reference: https://twitter.com/bad_packets/status/1330346587126632451 http://134.209.114.117 http://134.209.119.215 http://134.209.208.60 # Reference: https://twitter.com/ebotpoloskun/status/1279805930163576832 opera.tools # Reference: https://twitter.com/fr0s7_/status/1330828461196382215 45.138.172.81:443 # Reference: https://twitter.com/ffforward/status/1330909939607416840 wheresharrison.com # Reference: https://twitter.com/InQuest/status/1330810385834909701 d3727mhevtk2n4.cloudfront.net # Reference: https://twitter.com/Circuitous__/status/1330897299011203072 pars-science.ir # Reference: https://twitter.com/neonprimetime/status/1330905903562940427 madarjaaatresearchers.blogspot.com # Reference: https://www.virustotal.com/gui/domain/vicend.com/relations vicend.com # Reference: https://twitter.com/Racco42/status/1331002300295471111 productmusics.com/ru53332 thebabsite.com # Reference: https://www.virustotal.com/gui/file/47560bd7409f20782c6948159602e6427cb1a67e93a7f30ca040cce0445325ca/detection arvidarena.com # Reference: https://twitter.com/James_inthe_box/status/1331333447684485120 creditcollectionglobal.co # Reference: https://www.virustotal.com/gui/ip-address/192.3.141.160/relations http://192.3.141.160 # Reference: https://twitter.com/MBThreatIntel/status/1331324319482318850 http://104.236.3.116 # Reference: https://twitter.com/malware_traffic/status/1331634103591063552 wheredidmarkmakehismoney.com # Reference: https://twitter.com/malwrhunterteam/status/1331681023730528256 http://195.3.146.180 # Reference: https://www.virustotal.com/gui/file/a037c15659d91a7555fbd0ec17978c26f7974ea66909c8732629c4a1ec961f14/detection # Reference: https://twitter.com/0xrb/status/1333957965443842049 205.185.116.78:21 http://205.185.116.78 # Reference: https://www.virustotal.com/gui/domain/servjces.com/relations servjces.com # Reference: https://twitter.com/_re_fox/status/1332003798156455936 # Reference: https://www.virustotal.com/gui/file/5190a88dbb595012f2266d9d9a9988bd3d6223cb2283c0807eb13c1e8188bb97/detection hotfixssearch.com # Reference: https://www.virustotal.com/gui/file/b858e24eac464afd49d6bf782557f946b03e5e97431a1987b09b0203b5636c97/detection productsdetails.online prozipper.s3.eu-central-1.amazonaws.com # Reference: https://www.virustotal.com/gui/file/8cad0b2ebf1e7cb466414a1110a01cb41292dbbe51cd9eeac8a54934bafef850/detection pool090.telepuzz.net salebooks.xyz # Reference: https://twitter.com/FewAtoms/status/1332710068421324802 # Reference: https://www.virustotal.com/gui/domain/lgcreditdemo.qnotice.com/detection lgcreditdemo.qnotice.com # Reference: https://www.virustotal.com/gui/file/4b2870072af939ead1f2d9288b2375d7b4b162added4598336129661a5840494/detection # Reference: https://hybrid-analysis.com/sample/af52141206b33929b062784f02d56dd188d5d975f49ea17a5cc81824cdfda845 ahlehup.club chanchandomain.club office2010.000webhostapp.com windowservices9999.000webhostapp.com # Reference: https://twitter.com/jorgemieres/status/1333417189005799424 bananafish.hopto.org # Reference: https://twitter.com/jorgemieres/status/1333450508066021381 aogmphregion.org.za # Reference: https://blog.malwarebytes.com/threat-analysis/2020/02/domen-toolkit-gets-back-to-work-with-new-malvertising-campaign/ http://46.166.129.235 cq08462.tmweb.ru # Reference: https://www.virustotal.com/gui/file/9f7708675b4cb733db4405d8c42f54828d7069e990bc8238f74abe8222425037/detection semantrus.pw # Reference: https://twitter.com/malwrhunterteam/status/1333499691674329093 holisticgroup.com.pk # Reference: https://twitter.com/p5yb34m/status/1333553861617885184 starlitebaby.com # Reference: https://twitter.com/petrovic082/status/1333753970523779073 hml02.tompingescha.info # Reference: https://twitter.com/InQuest/status/1333774375452020739 http://149.3.170.235 # Reference: https://www.virustotal.com/gui/ip-address/198.23.212.224/relations http://198.23.212.224 # Reference: https://www.virustotal.com/gui/file/293d8e49687debac46ec1a4102b0d84df1ecb837ebe1e131e0362238c4063ff8/detection canadiantourismroundtable.com # Reference: https://www.virustotal.com/gui/file/d4b942eb004074adceefa560c30e0a239f5884016ea4fcb981b673099faae31f/detection wesleydonehue.org # Reference: https://www.virustotal.com/gui/domain/sertificatkey.com/detection sertificatkey.com # Reference: https://www.virustotal.com/gui/domain/update--microsoft.com/detection update--microsoft.com # Reference: https://www.virustotal.com/gui/file/87bd17f1e3fd93a6a38896c2a3442b51ccb26715ed411484d77d082cffb1af6e/detection 41ku.cn # Reference: https://www.virustotal.com/gui/domain/dsa5as.xyz/relations dsa5as.xyz # Reference: https://www.virustotal.com/gui/domain/2012yearleft.com/detection 2012yearleft.com # Reference: https://www.virustotal.com/gui/file/16ce4c75d5a67446000f5859610153e68d0fb2ac248370ee858c693147121ddd/detection /xccddhttps # Reference: https://otx.alienvault.com/pulse/5fcb77747ed85445c567eef4 0x21.in # Reference: https://twitter.com/FewAtoms/status/1335205379416920066 alimar.com.ar/wp-admin/css/files/ alimar.com.ar/wp-admin/js/cat/ alimar.com.ar/wp-admin/js/dev/ # Reference: https://twitter.com/wwp96/status/1335670395157032963 # Reference: https://app.any.run/tasks/5c601d8b-4496-4086-bdcc-f395cc23ada5/ http://142.202.205.28 portuproject.com/distribution/ # Reference: https://twitter.com/wwp96/status/1335674912539897858 http://3.1.221.201 # Reference: https://twitter.com/wwp96/status/1335676464247738375 http://185.172.110.230 http://193.239.147.76 # Reference: https://twitter.com/wwp96/status/1335689190705664001 up.av86.ru # Reference: https://twitter.com/wwp96/status/1335692396730986500 # Reference: https://app.any.run/tasks/24327b69-4727-4093-8418-3cc8a8080df4/ ddy7itsuemb9i.cloudfront.net # Reference: https://twitter.com/h2jazi/status/1335723656236904448 http://193.239.147.76 religonclothes.com # Reference: https://twitter.com/ffforward/status/1335965749681250314 myrilullimolullilomotmoti.blogspot.com # Reference: https://twitter.com/InQuest/status/1335991456427880450 defencedrod.in # Reference: https://twitter.com/wwp96/status/1336040234572713984 kalamiksndyonlinedeliverystoreservsnfqm.ydns.eu # Reference: https://twitter.com/wwp96/status/1336042331385032704 shgshgsndynationalobjindustrialatsngpx.ydns.eu # Reference: https://twitter.com/wwp96/status/1336046329387212805 tuandat-vn.com # Reference: https://twitter.com/wwp96/status/1336043695553048578 http://75.127.1.225 # Reference: https://www.virustotal.com/gui/ip-address/107.155.162.25/relations http://107.155.162.25 # Reference: https://twitter.com/wwp96/status/1336340777681756160 tradestarintl.com # Reference: https://twitter.com/wwp96/status/1336342382619598853 http://192.3.152.237 # Reference: https://twitter.com/wwp96/status/1336487441214091265 cedeko.ml # Reference: https://twitter.com/wwp96/status/1336489964343791617 actemviro.com # Reference: https://twitter.com/wwp96/status/1336833150618652674 http://192.3.146.194 # Reference: https://twitter.com/wwp96/status/1336830110050160640 http://111.90.149.229 http://216.170.126.123 # Reference: https://twitter.com/pancak3lullz/status/1166107213540331523 # Reference: https://app.any.run/tasks/7dff3403-2769-4edc-9452-d7b9745c67ab/ psix.tk minercoinbox.com # Reference: https://www.virustotal.com/gui/file/0c3fcc6d9ada66b51fae4890b3c9c5b886bf275a61c78ff3771a02989494ca3e/detection http://182.254.229.239 # Reference: https://twitter.com/InQuest/status/1336991741237489665 checkinglist.xyz # Reference: https://www.virustotal.com/gui/ip-address/13.66.50.148/relations http://13.66.50.148 # Reference: https://www.virustotal.com/gui/ip-address/51.195.53.27/relations http://51.195.53.27 # Reference: https://twitter.com/FewAtoms/status/1337476320310284288 validserver.com # Reference: https://tria.ge/201209-rn3xfe8h6x/behavioral1 12.ossmarcial.com # Reference: https://twitter.com/wwp96/status/1337526249531568129 # Reference: https://www.virustotal.com/gui/domain/m9b4s2.site/relations # Reference: https://www.virustotal.com/gui/file/51bfce0f95eead416c84e32bef67a407390a1f4147673d7970e9348c6ac4d123/detection a1711cf.com m9b4s2.site # Reference: https://www.virustotal.com/gui/file/992cf8ed168eed107c9cc982aa393c9505f0ff09f47020aa10491953fcfc10a8/detection lucian0lu1.freeheberg.org # Reference: https://www.virustotal.com/gui/file/1303a2d7876790af2cc196a816df2261506b157605006e603246b58f09408888/detection http://148.72.155.40 # Reference: https://twitter.com/wwp96/status/1338464902936207361 http://198.46.132.130 # Reference: https://twitter.com/InQuest/status/1338544013679407107 http://3.133.107.218 # Reference: https://twitter.com/Circuitous__/status/1338593685383024640 captafill.xyz # Reference: https://www.virustotal.com/gui/file/ca58a15c71c9af1e6df2ab08787e83b0b457366cec67325532cef64613585d9f/detection citygame.xyz hostas8.cf ickyud.pw # Reference: https://www.virustotal.com/gui/domain/777cd.info/relations 777cd.info # Reference: https://twitter.com/wwp96/status/1338890758011621381 http://149.3.170.53 # Reference: https://twitter.com/wwp96/status/1338891457634201600 http://88.119.170.242 # Reference: https://twitter.com/wwp96/status/1338890044346601473 http://88.119.171.197 # Reference: https://twitter.com/wwp96/status/1338891948443185154 rogatech.cf # Reference: https://twitter.com/wwp96/status/1338897626100617219 http://75.127.1.225 # Reference: https://twitter.com/wwp96/status/1338896638534971396 esquinerosaguilarlerma.com # Reference: https://twitter.com/wwp96/status/1338894502023585796 mkontakt.az # Reference: https://twitter.com/jstrosch/status/1338535056567115781 http://18.197.62.51/webdav/ # Reference: https://twitter.com/ffforward/status/1339129811810324483 zoomba619.blogspot.com # Reference: https://app.any.run/tasks/6b24ab8c-1626-41e1-aa32-39e96fd266d5/ lineagehusband.com/vomvom/ # Reference: https://twitter.com/wwp96/status/1339310314786058241 storeafh.com/cc/ # Reference: https://twitter.com/wwp96/status/1339309952083644416 http://54.169.136.76 # Reference: https://twitter.com/wwp96/status/1339311917337370625 wwwwwwwwwwwwwwwwwwwwww.000webhostapp.com # Reference: https://twitter.com/wwp96/status/1339312596621660167 gulshanti.com # Reference: https://twitter.com/wwp96/status/1339310657087418368 http://149.3.170.55 # Reference: https://app.any.run/tasks/26522454-b349-42db-9cbe-230b37a3c836/ girlisbad.com # Reference: https://twitter.com/K_N1kolenko/status/1339470245812170753 berlitz.co.rs/jay/ # Reference: https://www.trendmicro.com/en_us/research/20/l/stealth-credential-stealer-targets-us-canadian-bank-customers.html # Reference: https://twitter.com/Bank_Security/status/1339532785489481729 # Reference: https://pastebin.com/gRwiJH5U http://199.192.29.202 http://2.56.215.97 http://5.39.223.162 http://93.115.23.48 http://94.103.94.186 # Reference: https://www.virustotal.com/gui/file/34115f39a2b1db6239b2ff6d982ae78b275f061ddfcb0ff71117f154225021ef/detection http://103.68.251.31 # Reference: https://www.virustotal.com/gui/file/a28682ec43abaca0920ab4362392170aa3f6881c09026ccec0f8ded0814a8615/detection 103.68.251.31:443 # Reference: https://twitter.com/Jirehlov/status/1337736389199187970 # Reference: https://www.virustotal.com/gui/file/f13e31ec576bb65350a0bc5e357f4f6755bb2169e035774f63db00fa9a293552/detection # Reference: https://www.virustotal.com/gui/file/98246ce552da2a37b6b54cc34365c566e319799d9efabef3109d0143a6b13155/detection 103.242.135.138:8426 103.242.135.138:85 http://103.242.135.138 # Reference: https://www.virustotal.com/gui/file/c963869cee95668064ebe88b1cdd6fb0a71da04fa1e397320c6ba862e4a035f1/detection nik1002.myftp.org # Reference: https://www.virustotal.com/gui/file/40448a4c3c2fb6587b2b68735fab1137fd677d63e3e9806e4b619d0b9f4f38da/detection http://198.23.207.5 # Reference: https://www.virustotal.com/gui/file/c3d0c76d8f14f098528be4d1bacdafd4ef566fd10599656363bd9e5dea082200/detection kdfaty-71.cf # Reference: https://twitter.com/Abjuri5t/status/1296602545511641088 # Reference: https://www.virustotal.com/gui/domain/managed.oss-cn-beijing.aliyuncs.com/detection managed.oss-cn-beijing.aliyuncs.com # Reference: https://www.virustotal.com/gui/ip-address/13.231.151.34/relations http://13.231.151.34 # Reference: https://twitter.com/Abjuri5t/status/1296602546333720577 chinese2onlyywalkaloneinlifevwsdy17nfa.duckdns.org latox.ro # Reference: https://twitter.com/FewAtoms/status/1339961860448276482 http://37.46.150.60 # Reference: https://twitter.com/InQuest/status/1340008788607307778 pickleballreducer.com # Reference: https://twitter.com/dubstard/status/1340573308530683906 cryberpunk.download # Reference: https://twitter.com/InQuest/status/1340843122679574528 bb.realestateprivateportfolio.com/img/ # Reference: https://twitter.com/mdmck10/status/1340737115815030785 http://91.241.60.117 # Reference: https://twitter.com/reecdeep/status/1340956488416817152 http://192.227.129.4 # Reference: https://www.virustotal.com/gui/file/50c7c0dce8af82cf62d98e6d8ea3de29bc70969e6614f59c785f2d07c9c7b37b/detection 2ogo.com # Reference: https://twitter.com/malwrhunterteam/status/1341045175196540929 # Reference: https://www.virustotal.com/gui/domain/google-api-tools.com/relations # Reference: https://github.com/stamparm/maltrail/pull/13189/commits/507c2880cba1b25816f2b1c0a89b0b2cdc5e5d1b (# Note: Generic detection for root domain) google-api-tools.com # Reference: https://www.virustotal.com/gui/file/801a53e427a2c4a33c12a11a1fe78b86461d63efdebb66b1296b0579828ae2c4/detection 222.186.58.168:88 # Reference: https://twitter.com/wwp96/status/1341024457016692736 # Reference: https://app.any.run/tasks/a7a5fc2a-3c22-4c0c-ac75-4947e2de67e7/ http://45.15.143.142 # Reference: https://www.virustotal.com/gui/file/62f94ecca43ed5ba6fad04f5224fbfe0d205b7bc157d347d30023d4383d4d920/detection sexglam.ru # Reference: https://www.virustotal.com/gui/file/911b4b3f78de7bad2c9950e8a805cf4bfe9ca58fed213961de61ebd8f92f81ba/detection 19216801.usite.pro # Reference: https://twitter.com/makflwana/status/1267443715515092993 blaackjack.com # Reference: https://twitter.com/SolutionsXnotes/status/1173228101850894342 /exploit.c # Reference: https://twitter.com/makflwana/status/1160545539982647296 http://92.63.104.190 # Reference: https://www.virustotal.com/gui/domain/i.assmio.com/relations i.assmio.com # Reference: https://www.virustotal.com/gui/file/3d93f6a19c997ea7b797c2780f529966b5024628c90c87c653b86fa2086098dd/detection http://81.69.250.97 # Reference: https://isc.sans.edu/diary/26922 # Reference: https://www.virustotal.com/gui/file/3f4ce9fcbe40c1f445aa844e4561346e9ff1cb812a6d8937387a31be7fb88592/detection http://23.98.155.192 # Reference: https://www.virustotal.com/gui/file/785c2845af631f33fda47b5a0fe5ccb338389b15e028e1ae7fa418d991e2c38f/detection http://185.186.247.114 # Reference: https://www.virustotal.com/gui/ip-address/140.82.59.108/relations http://140.82.59.108 # Reference: https://www.virustotal.com/gui/domain/dbjustping.com/relations dbjustping.com # Reference: https://www.virustotal.com/gui/file/0f2023858e10724e1d81ebbfeffdef833fcebc3d607854b231cedf71c584e054/detection http://173.212.222.11 http://178.33.109.235 http://195.88.208.196 http://37.1.199.202 # Reference: https://www.virustotal.com/gui/domain/access-accounts1.com/detection access-accounts1.com # Reference: https://www.virustotal.com/gui/file/b42b33ffa4b45bc81b71f13d89dc1283b155204913aa8362e99e9aa44366bfb2/detection http://185.212.130.98 # Reference: https://twitter.com/r3dbU7z/status/1343477277762473989 149.28.70.34:8010 # Reference: https://www.virustotal.com/gui/file/d6d17e18c0f4b031ee76cf75aab7fda9d5b2ca56e1a6c7cf0449832da5846cac/detection excelcryptocurrency.com # Reference: https://www.virustotal.com/gui/file/b88f19f533c66e10b6dace4cff1291c048c896ab3a1d2223ace4bb5dcc8b6b60/detection digitalcurrencyexchane.com # Reference: https://twitter.com/mdmck10/status/1344031510161207308 # Reference: https://www.virustotal.com/gui/ip-address/91.241.60.119/relations http://91.241.60.119 # Reference: https://www.virustotal.com/gui/domain/servlce.store/relations # Reference: https://github.com/stamparm/maltrail/pull/13382/commits/e3caf1c2584a3ec123fdcc3d29915d063bd1a4d4 servlce.store # Reference: https://www.virustotal.com/gui/domain/facebook8abc.com/relations facebook8abc.com # Reference: https://www.virustotal.com/gui/file/cd889a03ea69d14e772e1f0996dedf7fd18cc927de21d40785f5942320e35cd1/detection http://149.248.6.193 # Reference: https://otx.alienvault.com/pulse/5ff06173bf924de2d1a2d2ca # Reference: https://www.virustotal.com/gui/domain/95hack.cn/relations 95hack.cn # Reference: https://twitter.com/reecdeep/status/1345411411829260289 ultimcontents.com # Reference: https://www.virustotal.com/gui/domain/apobypass.com/detection apobypass.com # Reference: https://twitter.com/n0p1shing/status/1345338929931825152 # Reference: https://app.any.run/tasks/85f16e5e-2a34-4519-95e3-ccc3308c1f41/ org-2fa.link org-2fa.org # Reference: https://www.virustotal.com/gui/ip-address/103.125.191.69/relations antoinesauvagesqcomcomantoinesauvagesqcomcom.ydns.eu bennergdfeeaueewwecomssfwbennergdfeeaueewwecomssfw.ydns.eu dgfiydfdhfjfjfrdgkjttiigifjfjgdehkgdrjcr.ydns.eu dhprasetyocontinenteightbizdhprasetyocontinenteightbiz.ydns.eu ehdjhgesydfgsswertdfehkshkslrnjlwneoedss.ydns.eu ethaisheksanegeusaheeeuahsnedhausenahsyel.ydns.eu gbisz44qi75kw2ygbisz44qi75kw2ygbisz44qi75kw2ygbisz44qi75kw2y.ydns.eu twitterlevelsecuritycheckingforwordfiletransferthroughfirewalls.ydns.eu # Reference: https://twitter.com/reecdeep/status/1346123602547122176 lancosi928.tech # Reference: https://www.virustotal.com/gui/file/2074ad2dc62a398d62ab1f91d446ca269a4bc1cb5cbd5a677904afbf2d3685e0/detection trustpilot-scam.com # Reference: https://twitter.com/malwrhunterteam/status/1346038126263865345 # Reference: https://www.virustotal.com/gui/file/9d09788543b16ee59c469199cb0ef78891d8c66981169f0a6720fda8d4eeff9a/detection spyinfo.ir # Reference: https://www.virustotal.com/gui/file/112121c5d7507c7d4fc60949a878cc5e8be7142ea619b7eb870935e67da8046e/detection kontrolcum.blogspot.com kontrolcum.blogspot.fr myjs.me # Reference: https://www.virustotal.com/gui/file/071d91e67c42811d96d15a4a6dff740cc5d704ca352d9bc03778a2a6abd552f4/detection rosgaz.pw # Reference: https://www.virustotal.com/gui/file/e73603c1b24b0962c8bf90b28fcce0b9966c5047b0464a06f506181b142cad5f/detection foyd.fulba.com # Reference: https://www.virustotal.com/gui/domain/mannylawfirm.no-ip.biz/detection mannylawfirm.no-ip.biz # Reference: https://www.virustotal.com/gui/domain/34jkldfs.no-ip.biz/detection 34jkldfs.no-ip.biz # Reference: https://www.virustotal.com/gui/domain/directxex.com/relations directxex.com # Reference: https://www.virustotal.com/gui/domain/directxex.net/relations directxex.net # Reference: https://twitter.com/r3dbU7z/status/1346566617614979073 http://45.78.65.155 # Reference: https://twitter.com/InQuest/status/1346741373014323205 # Reference: https://twitter.com/ShadowChasing1/status/1346747278279643137 # Reference: https://www.virustotal.com/gui/file/b9b5a9fa0ad7f802899e82e103a6c2c699c09390b1a79ae2b357cacc68f1ca8e/detection user-assist.site # Reference: https://www.virustotal.com/gui/file/68d9579fe9d947b15ed590ef5379ead4a16be340391927c8694f30fee9d3c796/detection outlookcalendar.accesscam.org # Reference: https://twitter.com/banxen/status/1347059388477960193 onedrive.serveblog.net # Reference: https://github.com/stamparm/maltrail/commit/733a4d2029755ad71c84caf07fc8dfb0e8332e60 # Reference: https://vulners.com/rst/RST:39486282-EB03-3581-9D54-457C2B361DE6 divinestresser.com divinestresser.info # Reference: https://github.com/stamparm/maltrail/commit/733a4d2029755ad71c84caf07fc8dfb0e8332e60 advwebs.com bassfredes.cl hola.besaba.com # Reference: https://twitter.com/Dr_N0b0dyh/status/1347144725871079425 firenzelavori.lt # Reference: https://twitter.com/_re_fox/status/1347195124887990276 lib2.md.chula.ac.th/files/ # Reference: https://github.com/stamparm/maltrail/commit/733a4d2029755ad71c84caf07fc8dfb0e8332e60 (# Ransomware) dweferfh.trickip.net mvdalleghenyriver.info neverbasrmm.com obession.co.ua # Reference: https://www.virustotal.com/gui/file/a31deefacf153cf77b115e15cc2904418c9d2cc7f690fc8033dfc9c64dd63ee4/detection http://94.156.174.121 # Reference: https://github.com/stamparm/maltrail/commit/733a4d2029755ad71c84caf07fc8dfb0e8332e60 (# Stealer) babysitter.gen.tr cast345.webege.com concordiaeefde.nl coolnewhairstyles.com cousintins.net84.net felixrankin.comlu.com konterk.com lmage1.com msf-supernova.net78.net uniteti.net update-silo.com wiknlon.comlu.com # Reference: https://github.com/stamparm/maltrail/commit/733a4d2029755ad71c84caf07fc8dfb0e8332e60 (# Unknown) 404.mysyncdns.com alsancakgaming.com arya-foundation.de avssync3357.com bluefile.biz bluegrassboardwalk.com brmasteragoravai.com.br cache.bsqlserver.com casamentoatualizado.com catracasepinos.com cleopatra-ugra.ru clientescadastrados.inf.br clockpunchposition.com comporationssoulll.com cuxheaveninvestmentltd.com czonainsit4e.com data-fold.org datascrambler.org decisiondock.com dnshkjashkd111.ru down.enumstate.co.kr drdigitalmd.com escolagarbi.com f1rst.name fcserbiaunited.com fredkcdekj.me healthwealthandlifestyle.net inessa-sweet.ru ivehtxenoe.ru jaycees.co.uk jeannedarc33.fr juatubatransparente.org kuept.biz lausina.org leakdetecta.com lecturehearball.com lion46.ru lojinha-deroupas.com.br lux.lv maschinen.be mob6d.com mydear.name neease.com netcomlist.com npp-mehzavod.ru odontobras.com.br posterminalworld.la pubbers.ru pwikalsel.org s17.37to.ru sailcoalition.org semimonster.net ss77.37to.ru surfband.info theedgeman.co.za toto39.zz.mu twink-img.cf webplayproduct.com winhelp.25u.com wireandwoods.ru wrstecnologia.16mb.com # Reference: https://github.com/stamparm/maltrail/commit/733a4d2029755ad71c84caf07fc8dfb0e8332e60 (# vbv grabber) injected.cc # Reference: https://github.com/stamparm/maltrail/commit/733a4d2029755ad71c84caf07fc8dfb0e8332e60 (# az7/az7v2) brigadiramoon170.com combonicer300.com # Reference: https://github.com/stamparm/maltrail/commit/733a4d2029755ad71c84caf07fc8dfb0e8332e60 (# carbon grabber) alliedmindstorm.com azfarsaffron.com cambraine.eu chipet01.tk eurotsl.com financesmanager.tk frostite.biz grabbah.biz icewire.info masterminder.in microsoftntdll.com rasakltd.biz rcheli.fh.net.nz sheried.com staboiobo.tk tatuajesudaka.com.ar turkeyfunds.org virontonic.com # Reference: https://github.com/stamparm/maltrail/commit/733a4d2029755ad71c84caf07fc8dfb0e8332e60 (# dendroid) aaictlogistics.com # Reference: https://github.com/stamparm/maltrail/commit/733a4d2029755ad71c84caf07fc8dfb0e8332e60 (# exodus) ursu.hol.es # Reference: https://github.com/stamparm/maltrail/commit/733a4d2029755ad71c84caf07fc8dfb0e8332e60 (# grid) onetimes27s.com # Reference: https://github.com/stamparm/maltrail/commit/733a4d2029755ad71c84caf07fc8dfb0e8332e60 (# jolly roger) # Reference: https://www.virustotal.com/gui/file/6cb4102b551dd0c4be7677afb44d45a470643569f60356d479f30ad89f549528/detection # Reference: https://www.virustotal.com/gui/file/30c1db5380e3d0eabbbc98743f383efdb81f5fc5e57cd0b33d966183fe02bb09/detection # Reference: https://www.virustotal.com/gui/file/1561602f741e66c11f6983e2d8bba0ae02f83254c417829e6ec76a209d7940ed/detection miluashikguer.ru veisturbharbo.com # Reference: https://github.com/stamparm/maltrail/commit/733a4d2029755ad71c84caf07fc8dfb0e8332e60 (# solar) # Reference: https://www.virustotal.com/gui/file/8967dcaa77c6fa973e98d90e59ad0537ccf3e707641d4713067c4fb94345eb99/detection # Reference: https://www.virustotal.com/gui/file/cd7820a08e7c82332ad4af643dd5fd76ddf7477792bea55f371969297655a7a9/detection beriwiwo.info dimoninfosys.org.in glavimar.com h63302.srv4.test-hf.ru icewire.info joker11.funpic.de kasvatus.org kvsvalves.com mylondon.hc0.me mysoul.olympe.in solar.olympe.in travelagentinbangkok.com viewbot4lyfe.info warface-aim.7jn.ru wildnativebulbs.co.uk # Reference: https://www.virustotal.com/gui/domain/fasunshi.com/relations fasunshi.com # Reference: https://www.threatcrowd.org/domain.php?domain=autoimagehosting.info # Reference: https://www.virustotal.com/gui/domain/autoimagehosting.info/detection autoimagehosting.info # Reference: https://twitter.com/jorgemieres/status/1347251993304305665 doggofallingwater.000webhostapp.com nk125srv.000webhostapp.com # Reference: https://twitter.com/jstrosch/status/1347225282290319361 # Reference: https://www.virustotal.com/gui/domain/file.discountmonumentcenter.com/detection file.discountmonumentcenter.com # Reference: https://twitter.com/r3dbU7z/status/1347527548977242116 # Reference: https://www.virustotal.com/gui/file/22cda3e68d6e09d3ba14b57b336dfc73c39d8dc86986aed3f90761da2cbc1637/detection 185.193.126.229:4430 185.193.126.229:81 # Reference: https://twitter.com/malwrhunterteam/status/1347995679419990017 hosting001.online # Reference: https://twitter.com/r3dbU7z/status/1348015427541151745 # Reference: https://www.virustotal.com/gui/file/f7a8d3fb89711f208f281c267ed8dd647cda207ecb514d37892b56a0ddafbe9a/relations 180.215.224.150:8800 211.23.167.155:8800 # Reference: https://www.virustotal.com/gui/file/0ef5cfcbaa05ba4beffc96127de3eb89ab2eb98bc5c8ee336dd2290391481e70/detection crypto-server-download.xyz crypto-server-download11.xyz crypto-server-download48.xyz # Reference: https://github.com/pan-unit42/tweets/blob/master/2021-01-08-IOCs-from-Ave-Maria-RAT.txt # Reference: https://www.virustotal.com/gui/domain/lankarecipes.com/detection lankarecipes.com # Reference: https://twitter.com/Jirehlov/status/1347855866473533442 http://124.132.153.147 # Reference: https://twitter.com/ANeilan/status/1348361310279503879 # Reference: https://www.virustotal.com/gui/file/a41e9786e52fb3009f9c3322bca19e600a7f46689f36893a0564e382555fe4c6/detection payment.unior.club # Reference: https://www.virustotal.com/gui/domain/abbtv.xyz/detection abbtv.xyz # Reference: https://www.virustotal.com/gui/domain/mmakd.xyz/relations mmakd.xyz # Reference: https://www.virustotal.com/gui/file/8bbd83f12f7804f61406c18fe7d6636a339bb165e641297d1f6cf9233adb5060/detection http://107.150.57.11 http://46.8.196.121 103.39.210.144:808 120.55.57.162:7890 154.8.232.200:4199 219.150.218.154:808 222.186.20.19:7777 222.187.239.147:23113 222.187.253.62:23001 39.98.228.46:2653 47.116.10.26:6663 61.150.60.243:6666 61.150.60.243:7777 # Reference: https://www.virustotal.com/gui/ip-address/47.52.143.174/relations http://47.52.143.174 # Reference: https://twitter.com/Timele9527/status/1348520495935746051 cdndownload.buzz # Reference: https://twitter.com/FewAtoms/status/1348676914681155586 http://217.12.208.14 # Reference: https://www.virustotal.com/gui/file/9b415dfdaf6474e998fc50015cad5d6934a3a04d142faa738154c259549617a9/detection # Reference: https://www.virustotal.com/gui/file/a8b69953479d28ee656a49ce845a537de65a3f0979f3a0ed8f942c98f4904bfe/detection # Reference: https://www.virustotal.com/gui/file/4f4bbf2e00eff20888ab3894cddd0162a9bc8b6b5f298a38ef2c954902018ca0/detection http://23.224.244.121 http://23.224.244.5 http://79.143.52.19 steam6.top steam7.top steamli.top # Reference: https://www.virustotal.com/gui/file/eaa14ff5cdf3ec428bd1b0c2689272996741a4c93f3c1289934057c3c5cafc78/behavior/VMRay xpackmx.com # Reference: https://www.virustotal.com/gui/file/4db81f8f21f532139ba706ae5fb908432a1e3e15aaecd04341e57fb93f3ef20f/detection http://46.17.98.51 # Reference: https://www.virustotal.com/gui/file/3be32a006912e45ce426ae829b8bbc6c752e3e07de138aaab40da0744e3b51ad/detection aitlsbh.com dreamtrips.cheap fasterpdfinstall.xyz fasterpdfreader.xyz gvkufab.com test-offer.best # Reference: https://www.virustotal.com/gui/file/a6264de41b4d2ad578a3ec5e082b621dcbf3b716e9bbe86f66682d785c7fc476/detection http://45.140.146.29 # Reference: https://www.virustotal.com/gui/file/54be747b380c5749630578aa34579ae6492ee28471facc97d8da0555510d0f46/detection vu505cluster.com # Reference: https://www.virustotal.com/gui/file/c4275b08193c896015c7bcda2a4e0d940331b0806c6b32a68e32acbf78988075/detection # Reference: https://www.virustotal.com/gui/file/55d904b83f04acb4118df9b2bd3ebbd44b9553b0aabcfff7b68d674ddb6052cc/detection # Reference: https://www.virustotal.com/gui/file/9c699791059e57ac887086c0673d47d1a81c587b2c16585c8e80d1a831857feb/detection vqvm656stem.com # Reference: https://www.virustotal.com/gui/ip-address/45.140.146.32/relations # Reference: https://www.virustotal.com/gui/file/36915aa4b4269e31b0ade1b4cb6df4c4edcd1554ecd5e886a0926e9437d676cd/detection # Reference: https://www.virustotal.com/gui/file/992dc59ba7124aae9761d280deed3ec381be7c1379538722687a40573a48f470/detection jih465flash.com xwfluid5.com # Reference: https://twitter.com/jstrosch/status/1349014099074691073 http://185.81.157.186 # Reference: https://www.virustotal.com/gui/file/f54ee6761ddbc05ab6245ee2afb2cc725ab60c9d3f32836709c4973b565d60f2/detection testedpo14.temp.swtest.ru # Reference: https://twitter.com/Circuitous__/status/1349388642704306182 computer-compare.com # Reference: https://twitter.com/ffforward/status/1349380856926887939 # Reference: https://www.virustotal.com/gui/file/288fdf9c64da0251107df7f1c3283f328279ad581710a9cf71f67e53b0b1684d/detection anabolicsteroidsbuy.info # Reference: https://twitter.com/ffforward/status/1349740103711690755 allanabolicsteam.net # Reference: https://twitter.com/FewAtoms/status/1349413756938412034 palettas.pe/docs/ # Reference: https://twitter.com/jorgemieres/status/1349410241218293760 http://18.195.87.136 # Reference: https://twitter.com/jorgemieres/status/1349408300006318081 http://198.23.207.63 # Reference: https://twitter.com/IronNetTR/status/1349830343105384451 aaavanca.xyz # Reference: https://twitter.com/malwrhunterteam/status/1349999369727188992 cronogare.it/backoffice/ # Reference: https://www.virustotal.com/gui/file/647d6ecbbe14fb46a87ae8bab37f55e9983232f484bb2b3ee94ed47834f5c437/detection # Reference: https://www.virustotal.com/gui/domain/c541f5d439a359.xyz/detection c541f5d439a359.xyz # Reference: https://s3.amazonaws.com/snort-org/www/rules/community/community-rules.tar.gz # Reference: https://snort-org-site.s3.amazonaws.com/production/release_files/files/000/012/156/original/snort3-community-rules.tar.gz # Reference: https://www.virustotal.com/gui/domain/infolooks.org/relations infolooks.org # Reference: https://www.virustotal.com/gui/domain/24131192124.com/relations # Reference: https://www.virustotal.com/gui/file/408e3af5590c712608c452b01b6eadea1f444dacbf080aac22e96b24a6e1696e/detection 24131192124.com # Reference: https://s3.amazonaws.com/snort-org/www/rules/community/community-rules.tar.gz # Reference: https://snort-org-site.s3.amazonaws.com/production/release_files/files/000/012/156/original/snort3-community-rules.tar.gz # Reference: https://www.virustotal.com/gui/domain/cantvenlinea.biz/detection cantvenlinea.biz # Reference: https://www.virustotal.com/gui/domain/handjobheats.com/detection handjobheats.com # Reference: https://www.virustotal.com/gui/file/02131c8c30c6852ea1094661960d8cd697e014c2327582b9bbfc8440100d08ef/detection http://198.61.176.52 diamondhostess.hu # Reference: https://www.virustotal.com/gui/domain/rekurigo.com/detection rekurigo.com # Reference: https://www.virustotal.com/gui/domain/ohtheigh.cc/detection ohtheigh.cc # Reference: https://s3.amazonaws.com/snort-org/www/rules/community/community-rules.tar.gz # Reference: https://snort-org-site.s3.amazonaws.com/production/release_files/files/000/012/156/original/snort3-community-rules.tar.gz allamericanservices.name cinnamyn.com commandcenteral.info elitemarketingworld.net enemydont.net givemefilesnow.info msnsolution.nicaze.net myharlemshake.info rsakillerforever.name saltsecond.net scari-elegante.ro sellsmall.net silobiancer.com southblood.net stylefun.info twinkcam.net wheelreply.net # Reference: https://www.virustotal.com/gui/file/e08fa2a4784d4a0382715aaf43974f39ad70148dc9526d2beef7bb7736c4f413/community http://67.23.226.179 # Reference: https://www.virustotal.com/gui/file/40e52901b36981803ed70fdb38a78537aa03658ecd8b17c9797f92b7b135d955/detection http://95.216.86.40 # Reference: https://www.virustotal.com/gui/file/b6a2ce88e1d3934095418787dddd851a4d5cd073cbcba575d5c7d707f612610e/behavior # Reference: https://mreza.bug.hr/upozorenje-iz-nacionalnog-cert-a/ dalitecnoimagen.cl # Reference: https://www.virustotal.com/gui/file/94378919a54c15a4600c728d4833ae00888b91cf15460789a475220875d7b804/detection alaminbank.com prism-photo.com/private/ # Reference: https://twitter.com/malware_traffic/status/1351631078549811203 # Reference: https://www.virustotal.com/gui/file/18cf2e39efca29316e84dab1be885a77c600c40d6bb65cd016b6de9d3fd0a6da/detection alumaicelodges.com # Reference: https://twitter.com/jorgemieres/status/1351522552733118466 stdyunitedkesokostri.dns.navy # Reference: https://twitter.com/jorgemieres/status/1351525948999524353 chthreemndyrecantict.dns.navy # Reference: https://twitter.com/r3dbU7z/status/1351651516806033415 http://106.12.103.181 # Reference: https://www.virustotal.com/gui/file/23d44019cd825eb28cafa67427f3588bd758f3cccca4db02e5e7fb151c1c8d2c/detection biggames.club dealbigdata.com souffity.com # Reference: https://twitter.com/jstrosch/status/1351927504739721217 cornelluniversityblog.com/docxx/ # Reference: https://twitter.com/jstrosch/status/1351925534582845441 k-t.icu # Reference: https://www.virustotal.com/gui/file/864d4f206e8dc5ece44c26f9b8718c1bfa6d28ea46db724aac90b56c8412da5e/detection fed58f43246844b18d00fb0177352546.download # Reference: https://twitter.com/FewAtoms/status/1352324221964320768 tunedinblog.com/wp-includes/ # Reference: https://labs.k7computing.com/?p=21489 # Reference: https://otx.alienvault.com/pulse/6009baded35a4f4b25a2ab13 ultracams12.club # Reference: https://twitter.com/James_inthe_box/status/1352351718172839939 http://207.148.110.29 # Reference: https://app.any.run/tasks/def4f45c-39c6-469f-9175-c32a858788a6/ toteteca.com/qzkiodlofm/ # Reference: https://twitter.com/James_inthe_box/status/1352628742137339904 ampcserver.fun # Reference: https://twitter.com/jstrosch/status/1352394044593344515 http://209.250.243.243 # Reference: https://twitter.com/FewAtoms/status/1352663042677469185 http://91.219.61.224 # Reference: https://twitter.com/FewAtoms/status/1352684696963076096 minishop.in # Reference: https://www.virustotal.com/gui/file/ed7605a922982e18877fd8c0624880b836ebc1ab190634a07a3cd7c397e856d0/detection 23.113.62.37:5050 bopper.myftp.biz # Reference: https://twitter.com/malwrhunterteam/status/1353614069970956289 testing001.online # Reference: https://www.virustotal.com/gui/domain/noabuseshere.top/relations noabuseshere.top # Reference: https://www.virustotal.com/gui/domain/radrile.xyz/detection radrile.xyz # Reference: https://www.virustotal.com/gui/domain/infoforip.ru/relations infoforip.ru # Reference: https://app.any.run/tasks/2c8c2f47-e965-4ca7-ab5f-bf8bcefd74b2/ http://185.215.113.77 # Reference: https://www.virustotal.com/gui/domain/oldhorse.info/relations oldhorse.info # Reference: https://www.virustotal.com/gui/domain/properrty.co/relations properrty.co # Reference: https://www.virustotal.com/gui/domain/anonfriendz.club/relations anonfriendz.club # Reference: https://twitter.com/James_inthe_box/status/1354089522192027650 workedgames.com # Reference: https://www.virustotal.com/gui/domain/br0vvnn.io/detection br0vvnn.io # Reference: https://twitter.com/jorgemieres/status/1354149316781338627 racoonestlehomia.myq-see.com # Reference: https://twitter.com/phage_nz/status/1354282467344011267 http://23.227.207.253 # Reference: https://www.virustotal.com/gui/domain/9dd.fun/detection 9dd.fun # Reference: https://www.virustotal.com/gui/domain/skiascripts.xyz/relations skiascripts.xyz # Reference: https://twitter.com/malwrhunterteam/status/1355168209360605184 # Reference: https://www.virustotal.com/gui/file/5a099571b1ff22edbe4621c60def5d597a644771a02f5c179c73596d33efb8ff/detection terminist-journal.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/a0dd2634f6aa14f23b98f638cd0c20968e958da8e871b2998c729d727cef96a9/detection f0507215.xsph.ru # Reference: https://www.virustotal.com/gui/domain/host-serv.xyz/detection host-serv.xyz # Reference: https://www.virustotal.com/gui/domain/axofiles.xyz/detection axofiles.xyz # Reference: https://www.virustotal.com/gui/file/baec9d73487e85c2bdd78b6ae43abaa6a7fec4b969d92b14427e8aca0510a24b/detection http://206.189.10.3 # Reference: https://twitter.com/InQuest/status/1355189037800296448 averagetry.com # Reference: https://twitter.com/ps66uk/status/1355324203935952906 maponlinedata.com # Reference: https://app.any.run/tasks/9f3895b5-6ae1-4ac1-b829-b50202985e3d/ http://108.61.166.11 # Reference: https://twitter.com/James_inthe_box/status/1354805574009929728 raybals.com # Reference: https://www.virustotal.com/gui/file/766f508d50681caad9a701739c6bd674f4d9a927fb456fbb31bb51339dc0a299/detection f0471847.xsph.ru fooolllmmmink.cf free-fililink.cf frhhjjkililink.cf frmnbcccclilink.cf # Reference: https://www.virustotal.com/gui/file/6267a0f2ff1e405781beb5dcc13edf5758b442a4ee3f2016c86fecd62d688984/detection a0147726.xsph.ru # Reference: https://www.virustotal.com/gui/file/7349a38e86e15451fd5824ad6c7cbb4e3f0c8a64b6c6ff87c37e8aeb44749291/detection a0015919.xsph.ru # Reference: https://www.virustotal.com/gui/file/62ce555d314f8a9fdfc98c301956a5e25a131f81683e9d2ef4feef6069c199c6/detection a0152338.xsph.ru # Reference: https://www.virustotal.com/gui/file/84ff0210b2a3dd67d3820f82f7097ae76675135f024079f63fb9f3d94cf1d874/detection a0015919.xsph.ru # Reference: https://www.virustotal.com/gui/file/0e0c098b2a80d96f20fe4e2c62340c0ed75c2824dcaae29101d6d18deb7b56b3/detection vanhook.re.xsph.ru # Reference: https://www.virustotal.com/gui/file/955ac138813f479f8967543a81a061ec6c7f59f03631e8b411b5fa43ff4e6841/detection f0174408.xsph.ru # Reference: https://www.virustotal.com/gui/file/65ef93a98ea402a80db39265b41d5b88d673cd11f777bca94c2f1c7efc167c02/detection a0088485.xsph.ru # Reference: https://www.virustotal.com/gui/file/e9ad54075ca514fbe5588b0d236bf655c136ba436867b9c2a8bd1938254b6203/detection f0468736.xsph.ru # Reference: https://twitter.com/FewAtoms/status/1355510402696810496 91.208.245.201:443 oooooooooo.ga # Reference: https://www.virustotal.com/gui/domain/uufjffff.com/detection uufjffff.com # Reference: https://www.virustotal.com/gui/domain/ujkhhss.com/detection ujkhhss.com # Reference: https://www.virustotal.com/gui/file/b6fb5968697e26a6830c75ec264b0ed8f5f9adc95539331312b22635ce450342/detection http://107.191.60.7 http://86.106.181.170 http://192.145.37.92 http://193.38.55.126 # Reference: https://www.virustotal.com/gui/domain/sinkhole.dynu.net/relations sinkhole.dynu.net # Reference: https://www.virustotal.com/gui/file/48dd0ff9cbcca03ff1457c3077fbba54d7f1d149a486810ae0ab5e8258dd6334/detection ct-fr.icu rohingyaedu.com vipmerchantclub.com # Reference: https://www.virustotal.com/gui/file/9fad915c3704ffb4cfb5e04759eab8249d12e95614d9aecc51d15f459e42d6ae/detection almanamatyping.com # Reference: https://www.virustotal.com/gui/file/49f0000f0f1f3369ae15766abc375a209fdddd10b5393c3cb046095f0673d077/detection 314809.linkpc.net # Reference: https://www.virustotal.com/gui/domain/lifamyminaylio.linkpc.net/detection lifamyminaylio.linkpc.net # Reference: https://www.virustotal.com/gui/file/6be15d873eae741bd6ffcc3ca63b4c63663b6dc56309a3a71fd31f4ba2503d06/detection f0491970.xsph.ru # Reference: https://twitter.com/FewAtoms/status/1355907013344157701 http://193.239.147.32 # Reference: https://twitter.com/James_inthe_box/status/1356280129433976833 http://213.252.244.176 # Reference: https://twitter.com/malwrhunterteam/status/1356609023903207425 http://185.96.204.96 # Reference: https://www.virustotal.com/gui/file/d23a96b27a385fec7eef04f0b312feda253e24275c160d8cc38c2b1c39e9c5b1/detection f0507215.xsph.ru # Reference: https://twitter.com/James_inthe_box/status/1356619450892443648 http://3.34.179.142 # Reference: https://twitter.com/FewAtoms/status/1357021854859481088 globalteamacademy.com/epl/ # Reference: https://twitter.com/malware_traffic/status/1357058816580403202 uzelkapi.com/de/getappsr.php # Reference: https://twitter.com/felixaime/status/1357266579197747202 telegram-desktop.org # Reference: https://app.any.run/tasks/ba7cf487-6808-46e0-b158-ef0ad557f564/ # Reference: https://www.virustotal.com/gui/file/c7549861d8f422becc0778bdf16abc1942f86980db9e5400da33e6b571c9d132/detection # Reference: https://www.virustotal.com/gui/file/a66300ce5da480b81f3eda678599ac02f61745f674e6aa4ecd5ac833414b2b6d/detection http://149.248.58.116/GruntHTTP.exe http://149.248.58.116/en-us/docs.html http://149.248.58.116/en-us/index.html 188.138.125.235:8001 candy.fairuse.org help.mm.my # Reference: https://twitter.com/InQuest/status/1357315169228054528 thephotographersworkflow.com # Reference: https://www.virustotal.com/gui/domain/waiiiu.myftp.biz/detection waiiiu.myftp.biz # Reference: https://twitter.com/malwrhunterteam/status/1357336725299687431 # Reference: https://www.virustotal.com/gui/file/3ef56060c529149b8f12a7a6e3f5ac8aa1ae62b75f440e4bb7bce54090995002/detection zapptelecom.ro/virusi/ # Reference: https://twitter.com/reecdeep/status/1357614966505938946 richelon.in/NewEx/ # Reference: https://twitter.com/petrovic082/status/1357635267209949186 http://185.215.150.204 # Reference: https://twitter.com/r3dbU7z/status/1357647150008717312 http://212.83.46.50 # Reference: https://www.virustotal.com/gui/domain/megaproxy.no-ip.biz/detection megaproxy.no-ip.biz # Reference: https://www.virustotal.com/gui/domain/iclox.no-ip.biz/detection iclox.no-ip.biz # Reference: https://www.virustotal.com/gui/domain/ozdmbn.no-ip.biz/detection ozdmbn.no-ip.biz # Reference: https://twitter.com/FewAtoms/status/1358124211244388352 http://91.214.124.206 # Reference: https://app.any.run/tasks/0f3512db-f11b-4695-b8c2-1df1132541c9/ f0511508.xsph.ru # Reference: https://twitter.com/FewAtoms/status/1358821174365536257 callonenergy.com # Reference: https://www.virustotal.com/gui/file/8132e2f1329ecad662612d43f8ad59efb63be955f142846da59b03c937c5d47d/detection # Reference: https://www.virustotal.com/gui/file/6a6644a4916a1ba1b7853e4a8caad85ce15fe5221d26be6ef64145cbf90554c4/detection blockfweb.xyz cryptobstar.xyz moneyohome.xyz # Reference: https://www.virustotal.com/gui/file/c0e1d62205f83706500559e74a4f8d151cade697ada9147339e1b558c1256152/behavior/Dr.Web%20vxCube jdcaip88.com # Reference: https://twitter.com/FewAtoms/status/1359179536177520642 morrislibraryconsulting.com/favicam/ # Reference: https://twitter.com/FewAtoms/status/1359576193931108353 hosting1.nl.hostsailor.com/~frostdel/miratechs.ml/ hosting1.nl.hostsailor.com/~frostdel/file/ miratechs.ml # Reference: https://twitter.com/malware_traffic/status/1359585588240875529 backupez.com # Reference: https://urlhaus.abuse.ch/url/987877/ devharry.cc # Reference: https://www.virustotal.com/gui/domain/ayehosting.online/detection ayehosting.online # Reference: https://www.virustotal.com/gui/ip-address/91.241.60.117/detection http://91.241.60.117 # Reference: https://www.virustotal.com/gui/ip-address/91.241.60.119/detection http://91.241.60.119 # Reference: https://twitter.com/James_inthe_box/status/1359606553251205123 # Reference: https://twitter.com/James_inthe_box/status/1359981854351233024 sec-doc-w.com secure-doc-reader.com # Reference: https://twitter.com/jstrosch/status/1359745151263010816 catuexpress.com/vendor/psy/psysh/.phan/346789/ # Reference: https://twitter.com/mz_malhunt/status/1359845176496119815 tunedinblog.com/wp-includes/ # Reference: https://twitter.com/jorgemieres/status/1359948105819512837 tienesganas.com # Reference: https://www.virustotal.com/gui/file/6441fa3baa187ec779d0a82c5ed64c432f0b919587ea9cfd5cf178cfd2525296/detection exceldoggy.ddns.net # Reference: https://twitter.com/r3dbU7z/status/1360099550770397186 154.222.26.86:8080 # Reference: https://twitter.com/r3dbU7z/status/1360088958315675650 35.180.24.224:8800 # Reference: https://twitter.com/FewAtoms/status/1360300953031868423 homefindersolutions.com/wp-includes/js/tinymce/themes/inlite/ # Reference: https://www.virustotal.com/gui/file/052bd14bbab4e77bd52086a405b30e8bfa210e6820549cb69217333e32184a28/detection kaceg.system-ns.org # Reference: https://www.virustotal.com/gui/file/fc90bce036ffeae2b9903efbd20738b66e62c1893db65f088896821f3bfc536a/detection dynacom.system-ns.org # Reference: https://twitter.com/jnzzzzzzzz/status/1360952141838483460 http://49.247.133.43 # Reference: https://www.virustotal.com/gui/domain/gatsoed9.beget.tech/relations gatsoed9.beget.tech # Reference: https://www.virustotal.com/gui/file/d0824c901433756206ef5f12dcef99d3f79c72b1fe39752431088ab501eacfb4/detection a0148155.xsph.ru # Reference: https://twitter.com/FewAtoms/status/1361362640837181442 http://103.124.106.203 # Reference: https://twitter.com/ffforward/status/1361387603405250570 http://45.153.203.54 # Reference: https://twitter.com/jorgemieres/status/1362047793825742857 bingoroll2.net # Reference: https://twitter.com/K_N1kolenko/status/1362335530554392577 tuckermolybdenum.com # Reference: https://twitter.com/r3dbU7z/status/1362325016411598850 # Reference: https://twitter.com/0xrb/status/1362383360614535173 http://209.141.40.190 http://212.114.52.24 # Reference: https://twitter.com/FewAtoms/status/1362460537544712192 http://65.0.55.192 # Reference: https://twitter.com/r3dbU7z/status/1362470073500336136 65.207.115.215:81 # Reference: https://twitter.com/InQuest/status/1362523760264413184 http://5.39.217.221 # Reference: https://www.virustotal.com/gui/file/1b21f8241014259f89da2bf1f1ed762f58ddfb965abd1081ca7a6c3b85a3bb73/detection http://91.212.150.4 # Reference: https://twitter.com/InQuest/status/1362997336058789891 http://202.182.97.102 # Reference: https://www.virustotal.com/gui/file/ee8242140b95b142635d71a6875f117a037750f944eca2593a2b333d0880c5c6/detection http://39.100.119.17 http://39.97.238.208 # Reference: https://www.virustotal.com/gui/file/b76e941ca7f16828d6c0b3ecd44cde7b56b9b3a73d590396e8917e773c4e872a/detection 123.129.162.4:92 # Reference: https://twitter.com/FewAtoms/status/1363158398364233736 http://54.238.74.62 # Reference: https://twitter.com/jfslowik/status/1363261947622264832 covidappcolumbia.co # Reference: https://www.virustotal.com/gui/file/9e081e12740f807d5b60f13ecb8c1a5d8ec6c287caf28438291bd75450eed207/detection astatech-cn.com # Reference: https://twitter.com/BushidoToken/status/1363179073514713091 bulletin-covid-19-21.gr8.com # Reference: https://twitter.com/whitehoodie4/status/1363815950915674114 # Reference: https://www.virustotal.com/gui/ip-address/185.56.81.52/detection http://185.56.81.52 # Reference: https://twitter.com/ANeilan/status/1364092577759301633 # Reference: https://www.virustotal.com/gui/ip-address/91.234.99.251/relations http://3.21.80.19/index.php onedrivedocumentserver.tk onedrivedocumentserver1.tk onedrivedocumentserver2.tk sharedocumentlogino.tk sharedocumentlogino1.tk sharedocumentlogino10.tk sharedocumentlogino11.tk sharedocumentlogino12.tk sharedocumentlogino13.tk sharedocumentlogino14.tk sharedocumentlogino15.tk sharedocumentlogino16.tk sharedocumentlogino2.tk sharedocumentlogino3.tk sharedocumentlogino4.tk sharedocumentlogino5.tk sharedocumentlogino6.tk sharedocumentlogino7.tk sharedocumentlogino8.tk sharedocumentlogino9.tk sharepointdocumentloginnnn.tk wqueiuqiwyeiuqhej.tk # Reference: https://twitter.com/wwp96/status/1364234421755400195 http://51.103.136.92 # Reference: https://twitter.com/wwp96/status/1364236730853908484 sn0w.xyz # Reference: https://twitter.com/malwrhunterteam/status/1364270785041477638 http://173.234.25.78 # Reference: https://twitter.com/TeamDreier/status/1364290892681670662 # Reference: https://www.virustotal.com/gui/domain/gcleaner.pro/detection gcleaner.pro # Reference: https://twitter.com/FewAtoms/status/1364301935344508929 http://35.158.240.78 # Reference: https://twitter.com/executemalware/status/1364373989049524226 bearcatpumps.com.cn/css/ # Reference: https://twitter.com/jorgemieres/status/1364597773547503619 http://198.46.132.132 # Reference: https://twitter.com/jorgemieres/status/1364605915689811976 http://35.158.240.78 # Reference: https://twitter.com/wwp96/status/1364610565977632774 angeloberger.com.br/foz/ # Reference: https://twitter.com/wwp96/status/1364615685368930312 http://192.227.228.31 # Reference: https://twitter.com/reecdeep/status/1364619740665290754 http://139.162.190.64 # Reference: https://twitter.com/jorgemieres/status/1364595653012250626 igbrusureweb.com # Reference: https://www.virustotal.com/gui/file/b2d39601b105baa7c00f67c4bf44005efa090acbab06566f2f06be092d9b9934/behavior/Rising%20MOVES # Reference: https://www.virustotal.com/gui/file/9d0713a2a2b239fa186e0efde12fa7ceb6c87f8bdda62f69de0b1f60c6c07062/behavior/QiAnXin%20RedDrip free-documents-hosting.com # Reference: https://twitter.com/mz_malhunt/status/1364903491559247874 lawsoncontractingco.com/feb/ # Reference: https://twitter.com/wwp96/status/1365401963974828033 # Reference: https://app.any.run/tasks/e54e94c6-88cd-48dd-928f-370b5f504725/ http://134.119.186.216 # Reference: https://twitter.com/malwrhunterteam/status/1365409338194620423 domen2domen.xyz # Reference: https://www.virustotal.com/gui/file/913bcc1d12ea2bc1bcda2e597a309cbf5dc0b5ed120d0522e8b4dc6e6a4bc36f/detection 208.100.26.242:5658 52eva.top # Reference: https://twitter.com/petrovic082/status/1365595109547507712 http://103.212.180.246 # Reference: https://www.virustotal.com/gui/file/559b4e5c518601cfad167c4097a54c4e19664f591828c316281c929f6933ea3e/detection http://209.99.64.76 # Reference: https://twitter.com/petrovic082/status/1366304689839628288 graficamos.cl/spurs/ # Reference: https://twitter.com/wwp96/status/1366427647023144963 # Reference: https://app.any.run/tasks/dd0eaf44-a938-483a-9321-562dde3f5e6d/ http://144.202.41.66 # Reference: https://twitter.com/wwp96/status/1366431371904835587 landing.yetiapp.ec/ID3/ # Reference: https://twitter.com/wwp96/status/1366435448751607812 telmed.cl/Img/ # Reference: https://twitter.com/InQuest/status/1366607930263560203 markets.kintengra.com # Reference: https://twitter.com/wwp96/status/1366840097719652359 hk-chemlab.com/plugin/ # Reference: https://www.virustotal.com/gui/file/899940dfc0c21fb132d23ffb7f8bd4bfbef3bd52b741f1da49834dbcd4ac0578/detection dream.pics # Reference: https://twitter.com/petrovic082/status/1367038533421195264 http://5.206.227.81 # Reference: https://www.virustotal.com/gui/domain/ns-plugin.site/relations ns-plugin.site # Reference: https://www.virustotal.com/gui/file/a39101be3baa880542bb0df63a7fec181abf8faa1f90070fe81e96ef07d9e205/detection dvr-zone1.accesscam.org reverse-zonev1.3utilities.com # Reference: https://www.virustotal.com/gui/file/0114db489995c0362d5dfde14f62aee3a2610db147e72ac3c77b1bcc270ef5f5/detection freefud.inf3rn0.com # Reference: https://twitter.com/InQuest/status/1367241459225747464 docs.healthmade.org # Reference: https://twitter.com/ViriBack/status/1367289094817128454 yertuit.club # Reference: https://twitter.com/InQuest/status/1367380952482279425 10feeds.com # Reference: https://twitter.com/JAMESWT_MHT/status/1367397951237160964 http://195.123.219.72 # Reference: https://twitter.com/reecdeep/status/1367445802096984064 http://91.235.129.235 # Reference: https://twitter.com/pmmkowalczyk/status/1367509082349912064 jsw.co.id/system2/ # Reference: https://twitter.com/pmmkowalczyk/status/1367503173200543747 http://46.21.153.231 # Reference: https://twitter.com/FewAtoms/status/1367540093569945602 covid19vaccine.hopto.org # Reference: https://www.virustotal.com/gui/file/a29b3da91b4ebfe9d0874b9b18e3f8b41cc33a79baf488b3255770e8fb4778b0/detection f0439583.xsph.ru # Reference: https://www.virustotal.com/gui/file/5f9956be22d0e2627be47340fc391d919bed1b319d5a0203a28423eb523bed1b/detection f0492922.xsph.ru # Reference: https://www.virustotal.com/gui/file/8484a7a2ead6abc20fae7bb2db2714fa0e9f5544dd1484e2774a472d4bae35e7/detection f0429164.xsph.ru # Reference: https://twitter.com/petrovic082/status/1368147317413584900 http://91.200.103.83 # Reference: https://twitter.com/petrovic082/status/1368148843645304835 http://46.21.153.231 # Reference: https://twitter.com/reecdeep/status/1367089557884272649 http://195.54.162.59 # Reference: https://www.virustotal.com/gui/domain/shalala.niex.cc/relations # Reference: https://www.virustotal.com/gui/file/6668d533afe1260195b5caae022b47e9ae9e0f39646e9be080298f07729ba533/detection shalala.niex.cc # Reference: https://www.virustotal.com/gui/file/2fed583d8acb67f3ea8523379d5cd7ba6ec0f627fb373a0e1f41af680437c3b2/detection bbrecords.niex.cc # Reference: https://www.virustotal.com/gui/file/b71d86990c45dc4e7d8c62f931d0e247b563145f7498803a05b788ca412ee3de/detection t0mvps.niex.cc # Reference: https://www.virustotal.com/gui/file/34a18ae9d2aa24dd390b8f03a21acce66583e090ee91f7351240aa825924039f/detection waresustems.com # Reference: https://www.virustotal.com/gui/file/9cac4d7af506a1d90ed922ad72bec2353c51fdb8137c80e8cad13d155d5b5671/detection exportdocs.biz # Reference: https://www.virustotal.com/gui/file/e8d16e82fb23285e6c1ae22dc3a40b1a42d897f124b18983c8710cc8c689c7b6/detection iaieqqo.review # Reference: https://twitter.com/r3dbU7z/status/1368893677658124290 http://194.5.159.236 # Reference: https://www.virustotal.com/gui/file/45404167e89a4e85efb1b916509bc33e1d28347597051926fd18bbc33a1e350a/detection http://185.153.199.102 # Reference: https://app.any.run/tasks/7cc67c66-3091-4dce-8487-c0eb4494baea/ # Reference: https://www.virustotal.com/gui/ip-address/188.127.254.61/relations # Reference: https://www.virustotal.com/gui/domain/apemailer.us/relations http://188.127.254.61 apemailer.us # Reference: https://www.virustotal.com/gui/domain/moneygain.work/relations moneygain.work # Reference: https://twitter.com/James_inthe_box/status/1368936190523502597 hygroscopicprecious.com/universe/ # Reference: https://www.virustotal.com/gui/domain/gogorv.net/relations gogorv.net # Reference: https://twitter.com/Circuitous__/status/1368982200214052866 # Reference: https://www.virustotal.com/gui/file/8540a9063411b6ec84acf96272080eb539ab49df9159b879d98e7321344656c8/detection gettraff.ru qadedela.com bonponon.com # Reference: https://twitter.com/FewAtoms/status/1368989249832423432 dialectindulge.com # Reference: https://twitter.com/pmmkowalczyk/status/1369234426765471749 http://91.212.150.195 # Reference: https://twitter.com/pmmkowalczyk/status/1369275271011041281 yual.top # Reference: https://twitter.com/wwp96/status/1369329418297094157 maiseficiencia.pt/who/ # Reference: https://twitter.com/wwp96/status/1369336755405590529 http://188.166.162.201 # Reference: https://twitter.com/wwp96/status/1369331837907140615 http://23.20.114.125 # Reference: https://twitter.com/p5yb34m/status/1369372927024594944 digitizedental.co.uk/apps/ # Reference: https://twitter.com/jstrosch/status/1369460970720989189 # Reference: https://app.any.run/tasks/4c84dfe9-fdc0-4a13-95d9-da2012fb2bbc/ aslambek.eu edgethefoundation.com osrsport.com samsung-drivers.xyz thehealthandwellbeingclub.com # Reference: https://twitter.com/wwp96/status/1369450095889022983 http://95.214.235.237 # Reference: https://twitter.com/wwp96/status/1369682619571572741 modellgroups.net/js/ # Reference: https://twitter.com/pmmkowalczyk/status/1369746549593538574 http://192.3.152.166 # Reference: https://twitter.com/pmmkowalczyk/status/1369748045097820162 http://15.165.235.203 # Reference: https://www.virustotal.com/gui/file/481a1337d57ab58484b994d1ce328393d72450115d278680fe72ee55b619f190/detection # Reference: https://www.virustotal.com/gui/file/5930d23ef2ea7ae8808d3b935e160f067316b690bae27d2b60d9c13078928462/detection # Reference: https://www.virustotal.com/gui/file/efe60e5c5fe261c1df4aae53d334151445fe27ea2302d78306bc3b4750fee43f/detection http://160.20.147.241 # Reference: https://www.virustotal.com/gui/file/a009bc840d74f5f7b450689e57aaba942cc8e474a4970f1d01ce38f3148163e5/detection # Reference: https://www.virustotal.com/gui/ip-address/101.99.90.200/relations 1eaf.pw 1faf.pw 2efs.pw 2qua.pw 3kvm.pw 3uag.pw 4igk.pw 4jaa.pw 5aef.pw 5hhftrw.pw 5ofj.pw 6asg.pw 6nbmytr.pw 6ydj.pw 7dfj.pw 7wjg.pw 8eus.pw 8qyu.pw 8yyngf.pw 9awi.pw 9ytrhgf.pw hhytew.pw mouni11.xyz note866.pw note8876.pw pytopm.pw # Reference: https://www.virustotal.com/gui/file/56265c1e88f67141d18bfa504aa9ae6f236ff20ef2caf832aeb2a2f2d90e6b63/detection cache.hjjse33.com static.tweerwy.com yzxjgr.com # Reference: https://twitter.com/FewAtoms/status/1370046170005975043 supernova-hostdns.us # Reference: https://www.virustotal.com/gui/domain/embrodownscience.su/detection # Reference: https://www.virustotal.com/gui/file/07dc515aadbd1a62cc510b9e2eea6297ba626119648419f9fe8f410a50e2779b/detection embrodownscience.su # Reference: https://www.virustotal.com/gui/file/30f90c90c5bbfc6dce289c827a9abb79bc5681de6214b99a0b1713352cde2110/detection cloud-reserve.info # Reference: https://www.virustotal.com/gui/file/250d5bc5b5e13353b807c36324de664552d16189ec55b97adde5c73251a883a7/detection # Reference: https://www.virustotal.com/gui/file/28a6826608ef18619c05ad28161993203c19ec0009a86399ca0b17680de9c6f1/detection http://74.118.138.254 # Reference: https://twitter.com/wwp96/status/1370612166152323077 216.83.57.228:7979 guduo.ga # Reference: https://twitter.com/nao_sec/status/1370665043906285570 pornohdmovie.com # Reference: https://www.virustotal.com/gui/file/518f03c42bd9c51cda4f62f45e31d00e6903a0553fa684a85931d7b304639d99/detection api.jwhss.com update.jwhss.com # Reference: https://twitter.com/r3dbU7z/status/1370839780678848514 http://5.102.153.140 # Reference: https://twitter.com/pmmkowalczyk/status/1370800929558118405 http://80.92.206.135 # Reference: https://www.virustotal.com/gui/ip-address/79.170.44.8/relations http://79.170.44.8 # Reference: https://twitter.com/FewAtoms/status/1371094459476230151 lms.login2.in # Reference: https://www.virustotal.com/gui/file/426b1d295991feb03744d5cd55219ad8f0333b5129b3e5d14e6aa74ff44a0a46/detection psnm4n1.multiservers.com # Reference: https://twitter.com/Circuitous__/status/1371528262934003716 # Reference: https://www.virustotal.com/gui/file/eacb9ecbd9fdbba1b27c48a03f7196c2d855cd6f46d49a5f667e14fac2699a33/detection ggtraff.ru # Reference: https://twitter.com/r3dbU7z/status/1371586139887386634 http://175.45.176.10 # Reference: https://twitter.com/wwp96/status/1371823839278211073 http://23.95.122.47 # Reference: https://twitter.com/pmmkowalczyk/status/1371918253874933760 mamax.tk # Reference: https://www.virustotal.com/gui/file/84854be4ee8490d0496cb37b2adf670af9ae6ee388a0e7e0e709d54a99127bf0/detection jenergy.tw # Reference: https://twitter.com/reecdeep/status/1372177891564347394 http://198.23.174.104 # Reference: https://twitter.com/InQuest/status/1372266749761101830 http://107.175.1.172 # Reference: https://twitter.com/InQuest/status/1372444606231687169 service-7pxel2bo-1304343953.gz.apigw.tencentcs.com # Reference: https://www.virustotal.com/gui/file/f85fbb731863de50e90906c29c3e6497cf049aa0b500f43ea4a22af10d321ef9/detection http://198.23.207.46 # Reference: https://twitter.com/pmmkowalczyk/status/1372900492918018056 http://198.46.201.76 # Reference: https://app.any.run/tasks/7168f23b-c1f1-40fa-8dea-132020b2bc17/ http://195.181.240.2 # Reference: https://twitter.com/FewAtoms/status/1372604516609224708 eurex.ps # Reference: https://twitter.com/fr0s7_/status/1373404924105666561 http://139.162.156.129 # Reference: https://twitter.com/InQuest/status/1373513106635231232 http://95.181.164.43 # Reference: https://twitter.com/FewAtoms/status/1373646415847641091 towme.services # Reference: https://twitter.com/JAMESWT_MHT/status/1373876583065391105 frtyhyyttrtrreee.xyz # Reference: https://twitter.com/wwp96/status/1374082815902507011 roshan.academy/ImE/ # Reference: https://twitter.com/wwp96/status/1374083446121893891 tridayacipta.com/images/ # Reference: https://blog.netlab.360.com/microsoft-exchange-vulnerability-cve-2021-26855-scan-analysis-3/ # Reference: https://www.virustotal.com/gui/file/5baa2022391d6339bcf49c28b85cc75373c9492d8b4a85796255e854e9dbe1a9/detection http://178.62.226.184 # Reference: https://twitter.com/xuy1202/status/1374694429911523333 # Reference: https://twitter.com/xuy1202/status/1377880725395939328 # Reference: https://www.virustotal.com/gui/file/764248595c14a9d1559aa5ef5b904f69affb345b702a32a9b76f05811838cd42/detection http://51.158.24.25 # Reference: https://twitter.com/Finch39487976/status/1375414044706869251 # Reference: https://app.any.run/tasks/48cad164-704d-459b-ae32-6be7365a23bd/ http://54.211.166.69 # Reference: https://twitter.com/Finch39487976/status/1375418869280612353 # Reference: https://app.any.run/tasks/70e46132-fee5-450d-85eb-98c73828c002/ http://13.56.11.148 # Reference: https://twitter.com/FewAtoms/status/1374431632699002884 travelwadi.com # Reference: https://twitter.com/wwp96/status/1374523517593550862 http://54.253.194.14 # Reference: https://twitter.com/wwp96/status/1376544197847711746 http://193.164.7.118 # Reference: https://twitter.com/InQuest/status/1376921178980376577 http://13.234.19.200 # Reference: https://twitter.com/InQuest/status/1377118039221489671 http://168.138.137.235 # Reference: https://twitter.com/wwp96/status/1377648526306459651 http://141.105.65.94 # Reference: https://twitter.com/FewAtoms/status/1377652225661562881 ioabc.wif.com.br # Reference: https://twitter.com/Helen03113766/status/1377437061884608518 45.125.56.80:81 # Reference: https://twitter.com/wwp96/status/1377648191198351367 http://198.23.251.121 # Reference: https://twitter.com/ShadowChasing1/status/1377912675867394049 londonkids.in/echoolz/assets/css/front/ # Reference: https://www.virustotal.com/gui/ip-address/85.10.254.98/relations http://85.10.254.98 # Reference: https://twitter.com/fr0s7_/status/1377994875426193413 # Reference: https://www.virustotal.com/gui/ip-address/94.140.115.225/relations # Reference: https://www.virustotal.com/gui/file/8fdbf5d103b20082f4cb62d8e9f20149278a8729d69352825b1147156d153a8c/detection # Reference: https://www.virustotal.com/gui/file/be60617a580845169a1588f46ea44bcb323aea2d0825471a5f531690f1af99dc/detection dreshiguard.com pikantojuice.com # Reference: https://www.virustotal.com/gui/domain/sediliny.info/detection sediliny.info # Reference: https://twitter.com/r3dbU7z/status/1379302191148720130 nicelister.net # Reference: https://www.virustotal.com/gui/ip-address/194.37.97.172/relations http://194.37.97.172 # Reference: https://twitter.com/FewAtoms/status/1379479833470713870 investigation-bureau.com/cry/ # Reference: https://twitter.com/jstrosch/status/1379797439125725188 solarparkcleaning.co.uk/js/ # Reference: https://twitter.com/jstrosch/status/1379801245741801480 loadbytes.tn # Reference: https://twitter.com/FewAtoms/status/1379865782847438849 khmerosja.net/wp-check/ # Reference: https://twitter.com/jorgemieres/status/1379811433530150914 work-desk.aysinturpoglucelik.com # Reference: https://twitter.com/jstrosch/status/1379994923286466565 # Reference: https://www.virustotal.com/gui/domain/greataccesstoserver.com/detection greataccesstoserver.com # Reference: https://tria.ge/210408-9h7wsybb7e http://23.95.122.24 # Reference: https://twitter.com/ps66uk/status/1379822498880106499 http://193.142.146.25 # Reference: https://www.virustotal.com/gui/file/b68f7a0dde3eb7ed27495775c905006ab97deaca14ed50d645695ef6bbb3beef/detection # Reference: https://www.virustotal.com/gui/file/daaff25db167319205da44fc2fea86f248b364a964e327b7a7b3a51a8c2f2706/detection el-muchachos14.com labsclub.com teter.info # Reference: https://twitter.com/jorgemieres/status/1380172488148140033 http://65.0.168.152 # Reference: https://www.virustotal.com/gui/file/192f2b24417da60d8d7d44bed6d1b025412e3b60fbce63b6566d4988bd3eb41e/detection siwirnes.top # Reference: https://twitter.com/FewAtoms/status/1380228295220953092 pazpus.com # Reference: https://www.virustotal.com/gui/file/5586f246927b7919970e70167c06dc30bc8bff1aaaf129f1462e5ced0e4fa666/detection funny-sell.tk # Reference: https://www.virustotal.com/gui/file/3ca73186b0be18c4514061b5e5b2f8ffb2078d5613a5ee605589556cb092ca44/detection tboy4real.tk # Reference: https://www.virustotal.com/gui/domain/officesharefile.online/detection # Reference: https://app.any.run/tasks/6bf48fb9-cd69-4153-8975-7a945972d59d/ officesharefile.online # Reference: https://twitter.com/reecdeep/status/1380479709016948740 http://45.134.225.191 # Reference: https://twitter.com/TeamDreier/status/1380504862044082177 sogecoenergy.com/ol/ # Reference: https://www.virustotal.com/gui/file/791cd98386ab2342e846c58e711748bbb345e3dc36bc8ca8f39f6fc0ddae1507/detection # Reference: https://www.virustotal.com/gui/file/483a1f54011dbe1635f0a6eaf8129c8b77557137ca640c494ddb97b138f03555/detection msnunion.com tyl123.cn # Reference: https://twitter.com/FewAtoms/status/1380929258181263370 http://34.126.93.163 # Reference: https://twitter.com/FewAtoms/status/1381254863946973185 216.83.57.208:7979 # Reference: https://www.virustotal.com/gui/file/05d38ac5460418b0aa813fc8c582ee5be42be192de10d188332901157c54287c/detection http://23.92.213.108 # Reference: https://www.virustotal.com/gui/domain/up.harajgulf.com/relations up.harajgulf.com # Reference: https://twitter.com/r3dbU7z/status/1381517028817825795 # Reference: https://www.virustotal.com/gui/url/026ec2ee22c5b8a04806a13701238e971565cd80d9ca10a0be85c80f4222fa9e/details http://39.107.141.48 # Reference: https://twitter.com/fr0s7_/status/1381581992236552194 # Reference: https://www.virustotal.com/gui/file/3770e4df4fcc545d5107f43db58e1819a4609e55cc5103ac7973f6987e288431/detection channel.sulekca.com # Reference: https://twitter.com/FewAtoms/status/1381662701458456579 http://3.82.54.111 # Reference: https://twitter.com/ANeilan/status/1381973168731082752 joinclubhousepc.com # Reference: https://twitter.com/FewAtoms/status/1381990355831230468 http://45.77.9.151 # Reference: https://twitter.com/FewAtoms/status/1382040219944419330 http://23.95.122.25 # Reference: https://twitter.com/r3dbU7z/status/1382237585586724867 http://54.212.20.151 # Reference: https://twitter.com/InQuest/status/1382213665181556738 http://107.173.219.80 # Reference: https://twitter.com/jstrosch/status/1382181770548760580 http://172.245.45.28 # Reference: https://www.virustotal.com/gui/file/29230c04b677b8f77e1d6bbb2f91ace810200ef376a9944b0390add92695f0ee/detection 8.142.58.112:777 # Reference: https://twitter.com/ps66uk/status/1382274063658258440 http://178.17.171.144 # Reference: https://www.virustotal.com/gui/file/7c8cf1e3ec35a6f604699f6481f3463e9ae19c93b8efd861b914c8260304d314/detection 4host.publicvm.com/api/cscript # Reference: https://www.virustotal.com/gui/file/18f64293b812ba5aac625afc9ad734bb8f024831f310db422c68bced7149e3d6/detection 202.107.193.243:8899 202.107.193.245:9528 # Reference: https://twitter.com/jorgemieres/status/1382418405790208000 http://45.15.143.191 # Reference: https://www.virustotal.com/gui/file/4d072fa8e79d41ce3a27c7a8815cef92be52af61e5326f956ad8adaf4b7ebf6f/detection http://185.20.185.59 http://80.92.204.19 # Reference: https://www.virustotal.com/gui/file/7b167ccd1690fc404cfb513ee00c39f968183d93d08c22f4d7c58fb1f3b4607d/detection http://45.15.143.191 # Reference: https://www.virustotal.com/gui/file/800371d8be5bcfb345c06c988c8734749549dc1f09d680639067478386c42f29/detection aretywer.xyz d0wnl0ads.online hacking101.net mytoolsprivacy.site # Reference: https://www.virustotal.com/gui/domain/ekkggr3.com/relations ekkggr3.com # Reference: https://www.virustotal.com/gui/file/5fceec9f222e808dcb49156ddf40fd0f6bdbe5a3c2640ab1e7cda3f83d634e1d/detection http://188.93.233.59 prooffers2021.website wertuest.xyz # Reference: https://twitter.com/sS55752750/status/1382683900355481606 # Reference: https://www.virustotal.com/gui/file/719211e8563cf31595583c892efbfb027e2f54b47ed813fc31963ec51de17191/detection 116.204.171.211:8000 216.118.225.86:7231 58.221.58.222:88 vvage.com # Reference: https://twitter.com/InQuest/status/1382892951093850112 files-quotecheck.xyz # Reference: https://twitter.com/r3dbU7z/status/1382937649053372417 frostycitadel.xyz # Reference: https://twitter.com/InQuest/status/1384149565587148809 user-privacy-center.com # Reference: https://www.virustotal.com/gui/domain/zytrox.tk/relations zytrox.tk # Reference: https://twitter.com/fr0s7_/status/1384822059801395200 http://192.3.26.118 # Reference: https://twitter.com/malwrhunterteam/status/1384859846823055366 http://121.5.160.231 # Reference: https://twitter.com/olihough86/status/1384438320902688768 ehs.co.zw/veron/ # Reference: https://twitter.com/MBThreatIntel/status/1384959606414323722 house118.ir/benito/ # Reference: https://twitter.com/jstrosch/status/1385075429090881537 yarpa.lt # Reference: https://twitter.com/jstrosch/status/1385079891444387852 quickbooks.thormobilemanagement.com # Reference: https://twitter.com/InQuest/status/1385288396235550721 armyscheme.sytes.net # Reference: https://www.virustotal.com/gui/file/8353b59b3461307224e06d006f8c5f5526c5827345bc8771f240c923d661b825/detection 8pines.com # Reference: https://www.virustotal.com/gui/file/3ed8f6b0602f48e61fff27383480d49a6a4a2646fed9859b4e98b4f0d41176ec/detection # Reference: https://www.virustotal.com/gui/file/b2a57daff9ec815df6862f028d0f915812f94b7257d23bbba249a9dbb87247a6/detection # Reference: https://www.virustotal.com/gui/file/babd9e7325f8ef744460df079f3f6046ca2c5c2cd07c38abc57dcab447d05cb8/detection x4z9arb.cn # Reference: https://www.virustotal.com/gui/domain/cyberx2013.no-ip.org/detection cyberx2013.no-ip.org # Reference: https://twitter.com/InQuest/status/1385579880612515848 lidamtour.com/masivo/ # Reference: https://twitter.com/wwp96/status/1385597373905137666 http://107.172.130.145 # Reference: https://twitter.com/TheDFIRReport/status/1384282544695177221 http://192.210.163.201 # Reference: https://twitter.com/petrovic082/status/1386632406245982210 windowcafe.biz/momo/ # Reference: https://twitter.com/petrovic082/status/1386657143126994949 theportcitynews.com/vc/ # Reference: https://twitter.com/petrovic082/status/1386693270659551235 pressivoire.com/tests/ # Reference: https://twitter.com/dimitribest/status/1386750996597166084 temp.lanka.com.uy # Reference: https://www.virustotal.com/gui/file/e62d5d03c66c9d4bfef592850e8e0589d3fe4bf81b582627d53fd9666eab4499/detection dekhan.info # Reference: https://twitter.com/jorgemieres/status/1387050353191911435 http://192.227.228.85 # Reference: https://twitter.com/FewAtoms/status/1387093531668459521 http://159.69.142.67 # Reference: https://twitter.com/ReBensk/status/1387298655028146183 # Reference: https://twitter.com/ReBensk/status/1387306767202209792 # Reference: https://www.virustotal.com/gui/file/34bec3b2747ed7531993c73f04968c56e79f05f3b26b91cad256c9bbd5cf1beb/detection bitcoingen.store # Reference: https://twitter.com/petrovic082/status/1387331622811443205 http://198.23.207.82 # Reference: https://twitter.com/petrovic082/status/1387332418894434304 http://185.63.189.50 # Reference: https://twitter.com/petrovic082/status/1387405545494171649 arcencieldeco.com.tn/admin/ # Reference: https://twitter.com/InQuest/status/1387443172448645120 http://107.173.191.48 # Reference: https://www.virustotal.com/gui/file/f23c26eb4c2ae048c113f2405b1fb91e04dc74b73a572df60b1b95d3ca1ccb57/detection jajoyeninigerialimited.com # Reference: https://www.virustotal.com/gui/file/e0bec90953771bef51cee8a33c728adf712a29d827264bdf9d14ca3e8a51329d/detection sjgue.com # Reference: https://www.virustotal.com/gui/file/5982816b4d99252efb5efd18b01e890da58a3e0cbd29b911c749315070cfe278/detection alkhashen.com depisce.com # Reference: https://twitter.com/FewAtoms/status/1387445813404741635 firas.alifares.org # Reference: https://twitter.com/FewAtoms/status/1387476103850250246 http://40.117.139.198 # Reference: https://twitter.com/petrovic082/status/1387492851110514692 monnimonitorcloudfiles.mangospot.net # Reference: https://www.virustotal.com/gui/file/3afac9ffd706efde8a68fbe78653b97fa5b5f2d815e00e05a4dd26cc3ceb9d64/detection scaladevelopments.scaladevco.com # Reference: https://twitter.com/InQuest/status/1387630316345561092 nta.hopto.org # Reference: https://twitter.com/petrovic082/status/1387737072052711427 exoticafurniture.com.np # Reference: https://twitter.com/petrovic082/status/1387735021730115593 swissprocesstointernail.mangospot.net # Reference: https://twitter.com/petrovic082/status/1387761020983136257 fpctool.xyz # Reference: https://twitter.com/jorgemieres/status/1387766567178493962 http://107.173.191.48 # Reference: https://www.virustotal.com/gui/file/c38063f954b8073f8f432599552612668b1f4657521a2e384e6c9c29a03d3579/detection http://157.55.173.72 # Reference: https://twitter.com/xuy1202/status/1388153194644074505 lexusbiscuit.com/cgi-bn/ # Reference: https://twitter.com/petrovic082/status/1388181844949078021 http://198.46.132.163 # Reference: https://twitter.com/petrovic082/status/1388181339745263617 arcencieldeco.com.tn/admin/ # Reference: https://twitter.com/petrovic082/status/1388180784448688132 ecomtrader.com/wp-includes/ # Reference: https://www.virustotal.com/gui/file/1057445e544bf78e5995a15bf36c7dca71b4310c05df784c9c0bebc468f094d1/detection # Reference: https://www.virustotal.com/gui/file/39c647277a5c66496efaa54879a7d83aeeecb96b0dc185a676150c27ddd21a3c/detection zola.store # Reference: https://app.any.run/tasks/f2034ead-e587-4eac-a992-9a59409ab127/ # Reference: https://www.virustotal.com/gui/file/4622e0560aaa02a43009773a1c42f8017cae6b63f0f7950b358c22d46c757e1c/detection nyc002.hawkhost.com # Reference: https://github.com/hardenedlinux/hardenedlinux-zeek-script/blob/master/scripts/frameworks/intel/OSINT/CYBERCRiME-03-03-19.txt # Reference: https://www.virustotal.com/gui/domain/kimorazcinfolap.com/detection kimorazcinfolap.com # Reference: https://github.com/hardenedlinux/hardenedlinux-zeek-script/blob/master/scripts/frameworks/intel/OSINT/CYBERCRiME-03-03-19.txt ddoser2.ohost.de # Reference: https://www.virustotal.com/gui/domain/korrrrrrnnnnqlmdzhnz.edns.biz/relations korrrrrrnnnnqlmdzhnz.edns.biz # Reference: https://github.com/hardenedlinux/hardenedlinux-zeek-script/blob/master/scripts/frameworks/intel/OSINT/CYBERCRiME-03-03-19.txt crucifixbotnet.servegame.com grabber.vv.si # Reference: https://www.virustotal.com/gui/domain/hitlerloco.xtrweb.com/relations hitlerloco.xtrweb.com # Reference: https://www.virustotal.com/gui/file/dbc996923312dc1ce38e6c5ed65cd79bc08b82a80b7ee8fa87f54940af27a3da/detection ddosit.us # Reference: https://www.virustotal.com/gui/file/a49f23aac652d63d1529338a12b3ba424d0b4eab637af8ffa7d9e557fb441a37/detection http://5.61.35.129 # Reference: https://twitter.com/TheDFIRReport/status/1389181495898693633 http://172.82.179.170 # Reference: https://twitter.com/InQuest/status/1389204746414796800 will.kasraz.com # Reference: https://twitter.com/ShadowChasing1/status/1389371024668463105 Servidorprueba.forensict.repl.co # Reference: https://www.trendmicro.com/en_us/research/21/d/water-pamola-attacked-online-shops-via-malicious-orders.html # Reference: https://www.virustotal.com/gui/domain/adobe-air.com/relations adobe-air.com # Reference: https://twitter.com/FewAtoms/status/1389222584030437379 cando--china.net # Reference: https://www.virustotal.com/gui/file/145c59fb52e782845dea2a90ad13d1484f6e9e1f8659fae1cd44ffc46255e4b5/detection ierinapu.xyz riftrebirth.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/802111bc7cf96b0c67c6925337aa4ef7f9ce28852f376909c4a56373cb6200ea/detection hhtool.ddns.net # Reference: https://twitter.com/Circuitous__/status/1389640638107471880 crophysi.ru gimoguvi.ru # Reference: https://twitter.com/InQuest/status/1389685307612729344 evamari.gr/eim/ # Reference: https://twitter.com/jfslowik/status/1387535189165838336 # Reference: https://twitter.com/ESETresearch/status/1388225090744164356 anydesk.s3-us-west-1.amazonaws.com anydeskstat.com zoomstatistic.com clamspit.com domohop.com zgnuo.com # Reference: https://twitter.com/James_inthe_box/status/1389927787495002118 madagascar-green-island-discovery.com/Img/ # Reference: https://twitter.com/malwrhunterteam/status/1390210483676921858 # Reference: https://twitter.com/ffforward/status/1390217998187773954 secure3d-update.com # Reference: https://twitter.com/petrovic082/status/1390277301196238849 worldhealthday.esiloc.com/doc/ # Reference: https://twitter.com/jorgemieres/status/1390304120104390658 http://45.138.157.144 # Reference: https://twitter.com/executemalware/status/1390331263043739648 # Reference: https://pastebin.com/PLCTxpAT http://192.119.171.206 # Reference: https://twitter.com/malware_traffic/status/1390373738084982786 http://54.185.172.76 # Reference: https://twitter.com/petrovic082/status/1390586216802889731 farm-finn.com/admin/ # Reference: https://twitter.com/petrovic082/status/1390589091503353857 47.104.153.31:7088 # Reference: https://www.virustotal.com/gui/domain/limesfile.com/relations limesfile.com # Reference: https://www.virustotal.com/gui/domain/global-sc-ltd.com/detection global-sc-ltd.com # Reference: https://www.virustotal.com/gui/domain/post-back-url.com/relations post-back-url.com # Reference: https://www.virustotal.com/gui/file/51929c3ab26fb6ad702929f577ff118dbe2b7f37d054740cc5697a278b01d125/detection getmyinfodistribute.me pretendwag.info integral.hacking101.net # Reference: https://www.virustotal.com/gui/file/14e7fdec6624ba60bfee6bf686060db46ad0052075664935fe69be63fb3ab467/detection 1eaf.pw # Reference: https://www.virustotal.com/gui/file/6cae92665b23b4bccccd25fad925b745ad83e700b1775a6cabae079b5741accd/detection uaalgee33.com # Reference: https://www.virustotal.com/gui/domain/static.tweerwy.com/detection tweerwy.com static.tweerwy.com # Reference: https://www.virustotal.com/gui/file/a204a5703b2b783d6d70f05704cf0c750d0c3d18c8501fde4de61984a5161f97/detection zandogia.com # Reference: https://twitter.com/K_N1kolenko/status/1391273433221279746 194.36.171.43:6969 # Reference: https://www.virustotal.com/gui/file/5f66d7ed7f8a35d92d53e0fc82c3f01c37cfc108d3f5da1a0016430c77e23303/detection coursebro.pw downkzvideo1.xyz imaginepic.xyz # Reference: https://www.virustotal.com/gui/domain/downkzvideo2.xyz/detection downkzvideo2.xyz # Reference: https://www.virustotal.com/gui/file/16bb9009629972f1ae07205be70309c381ef43e7ed7bbe786f9a3cf8ef45d85a/detection http://112.64.218.40 http://140.206.225.232 http://47.92.39.6 # Reference: https://www.virustotal.com/gui/file/1fa6a1833e1fe0875ea6f0ddf0dab47659a5a9cc8db80e6496177215bfbff498/detection sportucc.com yufjgg.com kkjgg.yufjgg.com # Reference: https://www.virustotal.com/gui/file/74f184e51ece45c56e58a55f7c5c97286bac05db2c39842924af0c6d2593e71e/detection kupijeftino.rs/s/ # Reference: https://www.virustotal.com/gui/domain/rainbirds.ac.ug/detection rainbirds.ac.ug # Reference: https://www.virustotal.com/gui/file/1be388f74d98754a616ec3265cf9dc7cf94383759fc0ed88eeff1267ad4efa16/detection jpnnybacj.ug myhostiger.ug ventillos.ug vjvcnbhscv.ru # Reference: https://www.threatweb.com/access/Malware-URLs-High_Confidence_BL.txt # Reference: https://www.virustotal.com/gui/domain/lookdesign.club/relations lookdesign.club # Reference: https://www.virustotal.com/gui/file/e4ed9fe31c2b19bafff204e41af9f99afafcfa0aca8c07ecdc840e5c92f4b10d/detection lookdesign.best # Reference: https://www.threatweb.com/access/Malware-URLs-High_Confidence_BL.txt api-246.org # Reference: https://www.virustotal.com/gui/file/c68fb88bcb80085c910d55c1314d43e60890d0769b9b17589cc21ff93d2b87aa/detection navltas.me # Reference: https://twitter.com/MBThreatIntel/status/1391798716399562758 http://31.210.20.6 # Reference: https://www.virustotal.com/gui/file/017d66a7e703fe76a2c02e4df9d88633eab4fcef0f678b8e596720df0099eb20/detection occurrent-fatigues.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/b296aaa167b19184295abc6bb32378cee4cba81a8c089ea46d6bc8eed7502e4c/detection cloudstroageofofficedocumenttransfer.mangospot.net # Reference: https://twitter.com/petrovic082/status/1392041842158575619 http://192.3.22.5 # Reference: https://twitter.com/petrovic082/status/1392041345263538177 http://91.218.113.67 # Reference: https://twitter.com/petrovic082/status/1392486409978662912 nyc008.hawkhost.com # Reference: https://www.fireeye.com/blog/threat-research/2021/05/shining-a-light-on-darkside-ransomware-operations.html # Reference: https://otx.alienvault.com/pulse/609c0ee81a709f9d805ce108 http://185.117.119.87 # Reference: https://twitter.com/James_inthe_box/status/1392839902593634313 seychelless.ml # Reference: https://twitter.com/ShadowChasing1/status/1392991935443324928 # Reference: https://twitter.com/ShadowChasing1/status/1392991937502728192 facextrade.com.br/wp-imcludes/ facextrade.com.br/z.mp3 facextrade.com.br/0C.txt facextrade.com.br/0A.txt facextrade.com.br/0B.txt # Reference: https://www.virustotal.com/gui/domain/u11035265mw.ha004.t.justns.ru/relations u11035265mw.ha004.t.justns.ru # Reference: https://www.virustotal.com/gui/file/dbfc0f6a14532b867334b38aa4789fe1da4267c72955f89e00811392df0bd42a/detection http://178.47.141.153 # Reference: https://twitter.com/_jnzer0/status/1393134068091457538 quickbooks.thormobilemanagement.com # Reference: https://www.virustotal.com/gui/file/7c18130345c95d1cd852af2bbf0fad2d72d4097725dbd334f1d0ab66720c43c6/detection http://179.43.140.185 # Reference: https://twitter.com/FewAtoms/status/1393241964334698497 http://3.36.53.50 # Reference: https://twitter.com/ShadowChasing1/status/1393478997829324800 ikiranastore.com/images/files/ist/doc/ # Reference: https://www.virustotal.com/gui/ip-address/194.5.249.84/relations # Reference: https://www.virustotal.com/gui/file/ec78fea23781fa418517d0f7772f8658889f6f6cd8026821c5c835ad82415480/detection ddm1.ru ddm2.ru ddm3.ru ijb1.ru ijb2.ru ijb3.ru nlemmy.ru nlenny.ru nlenny1.ru ruz2.ru # Reference: https://twitter.com/MaelSecurity/status/1393868340121280512 datenbank.mobi # Reference: https://twitter.com/jorgemieres/status/1394377578857877505 http://94.26.248.58 # Reference: https://twitter.com/jorgemieres/status/1394662863940292612 www-visaprepaid-verification.duckdns.org # Reference: https://twitter.com/FewAtoms/status/1394723737166045187 oauth-gateway.com # Reference: https://www.virustotal.com/gui/domain/lax007.hawkhost.com/relations lax007.hawkhost.com # Reference: https://www.virustotal.com/gui/file/d989f29a71e4537d7e7376c0612ff8bc28aa1db949493512a2f5e50bca4975b8/detection scrypto.store # Reference: https://twitter.com/Circuitous__/status/1395759480462249984 http://103.156.91.50 # Reference: https://twitter.com/petrovic082/status/1396798551838109702 http://54.179.110.114 # Reference: https://twitter.com/petrovic082/status/1396798934065025025 http://172.245.79.122 # Reference: https://twitter.com/FewAtoms/status/1396436948940693506 elmerfloyd.com/ru/ # Reference: https://twitter.com/InQuest/status/1396851520843436037 http://192.3.122.177 # Reference: https://www.virustotal.com/gui/file/53b7637945616f51b0ffa4de5c35685b87b2039473ebc4f69a1fb581c6236d19/detection http://188.244.63.241 # Reference: https://twitter.com/FewAtoms/status/1397258383837835270 http://45.133.1.53 # Reference: https://twitter.com/dark0pcodes/status/1397937746992320521 http://176.57.68.60 # Reference: https://www.virustotal.com/gui/domain/umber-mistrials.000webhostapp.com/detection umber-mistrials.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/40cf12da9f451816254ab4fcad6b987596b1696b23ae3b50f0d65e5982841947/detection versuspa.host # Reference: https://www.virustotal.com/gui/file/a439026408378e73e65afe890e517d9fd78ed55739840cd0eec1e0d83056dd33/detection download-serv-314432.xyz # Reference: https://www.virustotal.com/gui/ip-address/2.56.154.227/relations http://2.56.154.227 # Reference: https://www.virustotal.com/gui/file/269191362c407df28b23e56b6a68758cb112f9bb7582e064e7f7e5a41367c710/detection http://212.192.241.136 bandshoo.info # Reference: https://www.virustotal.com/gui/domain/bryexhsg.xyz/relations bryexhsg.xyz # Reference: https://www.virustotal.com/gui/domain/sandokan66.no-ip.info/detection sandokan66.no-ip.info # Reference: https://twitter.com/fr0s7_/status/1399060365460312069 # Reference: https://app.any.run/tasks/45342b20-2471-49e7-953f-09d27e1a3169/ chajoh92.dreamhosters.com # Reference: https://twitter.com/InQuest/status/1399223226459426816 http://103.133.106.72 # Reference: https://www.virustotal.com/gui/file/a47861eb94370a48bc6b4d99117b88c991fb199e300bd0cc24aa812c0ea2b3cb/detection http://46.21.153.209 # Reference: https://twitter.com/InQuest/status/1399336733817384961 http://79.110.52.186 # Reference: https://twitter.com/ShadowChasing1/status/1399641815737716744 # Reference: https://www.virustotal.com/gui/file/33bb84af45d19fc1240892df44ee58146ac395674c41d6402fd42219e47a4b67/detection cs1j.com # Reference: https://twitter.com/tosscoinwitcher/status/1399800310365704193 http://95.142.39.142 # Reference: https://twitter.com/InQuest/status/1399757603589210115 http://37.120.206.70 # Reference: https://twitter.com/FewAtoms/status/1399780057451843586 http://13.212.176.2 # Reference: https://twitter.com/ActorExpose/status/1399859014197035011 iqbuddys.com # Reference: https://twitter.com/James_inthe_box/status/1400097345539166211 http://149.28.255.25 # Reference: https://thedfirreport.com/2021/06/03/weblogic-rce-leads-to-xmrig/ # Reference: https://otx.alienvault.com/pulse/60b8a178a6e813e88be3181b http://191.252.219.71 # Reference: https://www.virustotal.com/gui/file/319dbb7e2f87b527ad4eba361a14fff5488105c39c04895eafc24399c62698fd/detection 83.166.247.185:443 # Reference: https://twitter.com/reecdeep/status/1400481387258552326 http://5.181.80.126 # Reference: https://twitter.com/FewAtoms/status/1400875352034009093 http://23.95.122.53 # Reference: https://twitter.com/FewAtoms/status/1400894965413298185 http://54.199.172.253 # Reference: https://twitter.com/InQuest/status/1401752373362561029 http://103.140.251.225 # Reference: https://twitter.com/InQuest/status/1401811163847999488 http://172.245.119.81 # Reference: https://twitter.com/jorgemieres/status/1401914199337484293 http://3.36.53.56 # Reference: https://twitter.com/InQuest/status/1402491028783915009 kabaka.ddns.net # Reference: https://twitter.com/malwrhunterteam/status/1402528954263670784 help-service.support # Reference: https://www.virustotal.com/gui/file/a6a1b66e1d7d31bfa37a6a591b30469b71c25a431096a9fc60bd072d7e9b1889/detection http://185.215.113.57 # Reference: https://www.virustotal.com/gui/file/d9f7cafec1b6f3d60c478035d5d24cd93ffe8732c2fc8495dd88c7786014444a/detection http://146.0.77.92 # Reference: https://twitter.com/malwrhunterteam/status/1403356371966435335 http://154.212.112.90 # Reference: https://twitter.com/r3dbU7z/status/1403399105142009864 # Reference: https://www.virustotal.com/gui/domain/rootkitsys.duckdns.org/relations rootkitsys.duckdns.org # Reference: https://twitter.com/bbeyzaasahinn/status/1403065333389406208 http://103.125.191.125 # Reference: https://www.virustotal.com/gui/file/288b416cd72d953a85995bf4abfec1487483362fd06270326e46f53a29cd8357/detection xxcss.mooo.com # Reference: https://twitter.com/FewAtoms/status/1404085512663617540 http://136.144.41.133 # Reference: https://twitter.com/reecdeep/status/1404695309599580161 # Reference: https://app.any.run/tasks/9bff6553-ceb7-40fe-abc7-d7da5cc2c895/ http://107.173.219.35 # Reference: https://www.virustotal.com/gui/file/a5101c0cb5d2e776785489f46d08e3c7e0f40004f5bbf872f03a2953360be6ee/detection http://158.247.226.251 # Reference: https://twitter.com/FewAtoms/status/1404521303684616205 cor-tips.com # Reference: https://www.virustotal.com/gui/domain/uaalgee33.com/relations uaalgee33.com # Reference: https://www.virustotal.com/gui/file/23ddb2789f556f68703104ef775449b74ab121e10f3c491253250f4ea3228e0a/detection 1oivviovidwopopin.info samegresites.live # Reference: https://twitter.com/alex_lanstein/status/1404809014370881540 http://1.14.61.188 # Reference: https://twitter.com/alex_lanstein/status/1404888867635933188 http://198.12.107.38 # Reference: https://www.virustotal.com/gui/file/789e58502db7458fefcde8f8f920dfbf9299461146828ddba1b57d191b07e9c9/detection http://176.111.174.89 # Reference: https://twitter.com/1ZRR4H/status/1405640356478259201 http://188.119.113.80 # Reference: https://twitter.com/FewAtoms/status/1405608473304383497 http://136.144.41.133 # Reference: https://twitter.com/FewAtoms/status/1405605102715654149 http://195.133.40.148 # Reference: https://twitter.com/FewAtoms/status/1405938115878047750 expotuxpan.com/ERqIdpqqhZTTVzgn/ # Reference: https://twitter.com/petrovic082/status/1404722427259719682 http://122.114.198.100 # Reference: https://twitter.com/petrovic082/status/1404723335188070401 http://103.155.82.236 # Reference: https://twitter.com/petrovic082/status/1404722924452524036 http://146.70.20.207 # Reference: https://twitter.com/petrovic082/status/1404724234111365124 http://107.173.219.35 # Reference: https://www.virustotal.com/gui/file/2fceade07a4a28f5da6cfefb7117f7094d872b9f4ef713feb84f82525fcb15bb/detection http://146.0.72.84 # Reference: https://www.virustotal.com/gui/file/782d45c66a3e812bf2a92337b7f6e3475eeec76f71b77d950ed92aff42fdaf87/detection practiceartist.com # Reference: https://www.virustotal.com/gui/file/4d5eefab900c634a2e481693be52b62aa195ffcd30952f010b7f9a1e6f024218/detection taylorddos.no-ip.info # Reference: https://twitter.com/ActorExpose/status/1406664112243982336 gdrfa.online # Reference: https://twitter.com/FewAtoms/status/1406967672110305280 wh890850.ispot.cc # Reference: https://twitter.com/petrovic082/status/1406971631784824836 http://192.3.141.146 # Reference: https://twitter.com/petrovic082/status/1406975300274114562 http://3.112.233.112 # Reference: https://www.virustotal.com/gui/file/bf9693d652143154404e9038f1648d9322b6e324387a0bc516b644e5c113a857/detection 6kf.me # Reference: https://twitter.com/petrovic082/status/1407102524478431233 broadtechnomat.in # Reference: https://www.virustotal.com/gui/file/68aab4d5d6d862bbf77cf836e80ea486a14ae11bc32cec46291a32834dd15045/detection http://136.144.41.152 http://185.20.227.194 beginnis.info # Reference: https://twitter.com/InQuest/status/1407817820679847937 updatewin32.xyz # Reference: https://twitter.com/MBThreatIntel/status/1408064073963429900 http://52.142.42.230 # Reference: https://www.virustotal.com/gui/file/dcf436f1a886d5e07fb6029c2c2a0a87cc43b70626d4a35acadf975e08a9c55b/detection http://185.212.129.54 # Reference: https://www.virustotal.com/gui/file/dcf436f1a886d5e07fb6029c2c2a0a87cc43b70626d4a35acadf975e08a9c55b/detection apiinformationsec.com cloudcontentsmak.com cloudnetwork.kz contentmakersbyakamai.ru jsapisettings.kz jsc0nten1maker.com securetopdevelopment.kz supermicrotransapi.ru js.securetopdevelopment.kz mel.cloudcontentsmak.com nicru.supermicrotransapi.ru noone.contentmakersbyakamai.ru secure.jsc0nten1maker.com tel.jsapisettings.kz smart.cloudnetwork.kz static.apiinformationsec.com # Reference: https://twitter.com/FewAtoms/status/1408142253722308608 vivazenergia.com.br/img/ # Reference: https://www.virustotal.com/gui/domain/s7flyradar.com/detection s7flyradar.com # Reference: https://twitter.com/FewAtoms/status/1408479849195397121 http://198.12.91.160 # Reference: https://twitter.com/petrovic082/status/1408739967493361666 http://198.12.110.183 # Reference: https://twitter.com/FewAtoms/status/1408472851879956490 docuserver1.com # Reference: https://twitter.com/FewAtoms/status/1408477403001856001 http://172.245.119.78 # Reference: https://twitter.com/petrovic082/status/1408503220389953536 http://89.40.14.62 # Reference: https://www.virustotal.com/gui/file/c91c110be85dea89dc873531eac8df2b0faa4fb6c5041416b873fdab7b15c45a/detection http://136.144.41.71 # Reference: https://www.virustotal.com/gui/file/926a3380c1a5a6964f08450d09074cb62e4d78c8f2fac51fee65b0f2aafd18c8/detection wotsapp.net # Reference: https://www.virustotal.com/gui/file/f5380da161d45e09115bf0eb392b979db161ec710294352e5cf10d78469aa5a9/detection cromdownload.com # Reference: https://www.virustotal.com/gui/file/dc8c2d326143ff4334a7bdbafcb821ee9a525eb3248e676e4940baab8d0626a9/detection hgastation.com # Reference: https://twitter.com/ffforward/status/1409240342533181442 usergtarca.com # Reference: https://twitter.com/alex_lanstein/status/1409503787803451395 ach-edi.xyz # Reference: https://twitter.com/pmmkowalczyk/status/1409830494158704641 http://103.89.90.94 # Reference: https://twitter.com/wwp96/status/1409916270720471040 sottb.com # Reference: https://twitter.com/wwp96/status/1410328605389905923 http://103.194.104.94 # Reference: https://www.virustotal.com/gui/domain/ccmd.website/relations ccmd.website # Reference: https://twitter.com/fr0s7_/status/1410253336390033409 # Reference: https://www.virustotal.com/gui/domain/ourfirm.com/detection ourfirm.com # Reference: https://twitter.com/InQuest/status/1410597489636347916 http://172.245.27.25 # Reference: https://twitter.com/malwrhunterteam/status/1410601147761528842 etherbonus.net # Reference: https://twitter.com/wwp96/status/1410613354037534725 http://103.145.253.94 # Reference: https://twitter.com/wwp96/status/1411210042834051072 grntexpresscourier.com/File/ # Reference: https://www.virustotal.com/gui/file/1f9381182aad4f9917a66438b10d69f62c1027e3e4d27477c48cdec6651bd0d8/detection http://192.227.158.111 # Reference: https://twitter.com/FewAtoms/status/1413915267294433283 i55fundraising.com # Reference: https://twitter.com/FewAtoms/status/1413191983938551809 lifestyledrinks.hu/wp-includes/cs2/ # Reference: https://twitter.com/MBThreatIntel/status/1412474445722173440 http://145.249.106.39 http://212.114.52.129 http://37.120.239.185 http://5.39.222.102 # Reference: https://twitter.com/FewAtoms/status/1412472209461940226 nz-prosthodontists.org.nz/ox/ # Reference: https://www.virustotal.com/gui/domain/fdfwefwefsdfwersdfegdfgre.com/relations fdfwefwefsdfwersdfegdfgre.com # Reference: https://twitter.com/InQuest/status/1414575240647254022 http://198.12.107.11 # Reference: https://twitter.com/petrovic082/status/1415189867592622080 http://23.95.13.151 # Reference: https://twitter.com/ShadowChasing1/status/1415524921011105797 cvd.koloss.online /?get_updates&download_updater /?updates&checksystemver # Reference: https://twitter.com/InQuest/status/1414967942748463113 http://188.166.41.131 # Reference: https://twitter.com/petrovic082/status/1415615378407968771 http://185.222.57.71 # Reference: https://twitter.com/petrovic082/status/1415614550934708226 http://136.144.41.14 # Reference: https://twitter.com/JAMESWT_MHT/status/1414503371143319553 http://107.167.89.175 # Reference: https://www.virustotal.com/gui/file/fd7221ed30c1e70660968257265500ffd60aea9ae2c85ee887b2608c1eaf2188/detection http://136.144.41.201 # Reference: https://twitter.com/h2jazi/status/1414638329488945154 # Reference: https://www.virustotal.com/gui/file/5c0c2f162ccbcc9043141bbb8a3ab22058bf7f107beb1a659b13517f0e0b74de/detection kong.re.kr/this_is_not_malware/ # Reference: https://twitter.com/FewAtoms/status/1416434806544609287 http://3.68.213.164 # Reference: https://twitter.com/360CoreSec/status/1417002780795949059 # Reference: https://www.virustotal.com/gui/file/aaeb6e6f44d20d0613e997c12e9b9fcdfcdcd8a205542adf510abfb906f64872/detection # Reference: https://www.virustotal.com/gui/file/e67fd8375b32b13cf4f3566d6b44b505683586d8f78430c1c4a0acfdfe2733b8/detection crabbier-airports.000webhostapp.com # Reference: https://twitter.com/K_N1kolenko/status/1417418369133858816 http://192.210.173.40 # Reference: https://twitter.com/FewAtoms/status/1417549762086117377 http://78.62.182.29 datarcha.ga # Reference: https://www.virustotal.com/gui/file/817ef5b799a0a73149989a2fa31cc83f94807887c3394f6e5a233eb9e72e20a2/detection http://84.252.121.17 # Reference: https://twitter.com/KorbenD_Intel/status/1418673471496892421 http://15.222.66.186 # Reference: https://twitter.com/ActorExpose/status/1417905081979179011 tanxi520.xyz # Reference: https://twitter.com/InQuest/status/1418168742337519617 http://198.46.201.115 /.........................................................wiz.wiz/ /wiz....wiz.wiz # Reference: https://www.virustotal.com/gui/file/4da3094705f1a281ceb9b4893c74ca568831706afde2c2444f175ed022335c73/detection gophish.izoaz.ru # Reference: https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords # Reference: https://otx.alienvault.com/pulse/60f92ab428e945a165d2f0d9 chrunlee.cn # Reference: https://www.virustotal.com/gui/file/a94a56609fd846b118788f9b003adecbdf47b06380cc9d9af5bd403fc5362941/detection http://188.34.163.98 # Reference: https://www.virustotal.com/gui/domain/old.cybers.com.ua/relations old.cybers.com.ua # Reference: https://twitter.com/r3dbU7z/status/1419285702374735877 http://167.114.77.19 # Reference: https://twitter.com/LittleRedBean2/status/1419182703392567296 # Reference: https://twitter.com/mojoesec/status/1419985509993095172 # Reference: https://www.virustotal.com/gui/file/2303b69f630d35d7eae22d30c5efeb76d6d89e80c7be9365b90db44e5ce5e94a/detection 103.60.165.104:2247 162.14.178.70:2247 27.159.65.61:2247 27.159.82.130:2247 43.248.191.71:2247 45.248.11.7:2247 /driverfile/1apEoaC4M5a.sys /1apEoaC4M5a.sys # Reference: https://twitter.com/FewAtoms/status/1419376268324360194 http://172.245.119.43 # Reference: https://twitter.com/r3dbU7z/status/1418433910057353217 http://62.182.158.226 # Reference: https://twitter.com/360CoreSec/status/1419626312503685126 govrn.xyz kavach.govrn.xyz # Reference: https://twitter.com/FewAtoms/status/1420091960912662529 cabinetrouvin.ma # Reference: https://www.virustotal.com/gui/file/1fab8a218587d0ea6715a9b9abf287f6d825709e091e0dd23193a6787496feff/detection impure.xyz # Reference: https://twitter.com/ni_fi_70/status/1106137518976700416 mobilecontractoffers.co.uk # Reference: https://twitter.com/FewAtoms/status/1420453315201179652 http://18.139.3.198 # Reference: https://twitter.com/InQuest/status/1420688618616655873 http://140.82.33.69 # Reference: https://twitter.com/FewAtoms/status/1420816172732358657 http://13.212.85.21 # Reference: https://www.virustotal.com/gui/file/deaab424c9a230e2acbfa3688a34c410240d7eed3a965c16e51905c34fae6390/detection qmumdjffuiocstjfmdqt.com # Reference: https://www.virustotal.com/gui/domain/counterslocal.com/relations counterslocal.com # Reference: https://www.virustotal.com/gui/file/cae7469e7f5dc88962b9993f4b415a46f60fcaeea494abb53d19b7d05f28525b/detection http://37.0.11.8 1freeprivacytoolsforyou.xyz # Reference: https://www.virustotal.com/gui/file/071231d29a8548be8cb0a8f48a4b23d12e08139fd8dba842781912a11dc7c5f6/detection softusa.info spolaect.info # Reference: https://www.virustotal.com/gui/file/5924fc526a80149a67117ba540a42db389f19bff30f919fb9c0950941e44b52c/detection installlcube.ru # Reference: https://twitter.com/ankit_anubhav/status/1422441880164323334 http://192.3.122.133 # Reference: https://www.virustotal.com/gui/domain/adsnative123.com/relations adsnative123.com # Reference: https://twitter.com/Racco42/status/1422922614348165122 http://2.56.59.228 # Reference: https://www.virustotal.com/gui/file/f0c643d2b297b3fd566aa953a2305b7dea60efb1d327e39e2522f8931245d21a/detection worldnit.com # Reference: https://unit42.paloaltonetworks.com/unit42-pulling-back-the-curtains-on-encodedcommand-powershell-attacks/ # Reference: https://www.virustotal.com/gui/ip-address/212.83.186.207/relations http://212.83.186.207 # Reference: https://twitter.com/Malwar3Ninja/status/1423229743860645892 googlecouponss.com # Reference: https://www.virustotal.com/gui/file/e6f3ef64b86604078ea707fc892f0912562bc8aa30fe6783edc2a0ff95d8c1eb/detection hiziiresim.com # Reference: https://twitter.com/CujoaiLabs/status/1423258390583812102 http://103.59.113.150 # Reference: https://twitter.com/k3yp0d/status/1423262663598034946 # Reference: https://twitter.com/k3yp0d/status/1423263227849359364 # Reference: https://www.virustotal.com/gui/file/3654e1e055ff7d8cc6f492b1894e731d126c339c4cff0aff4fde429e63917360/detection # Reference: https://www.virustotal.com/gui/file/55983832ede07e1db74bcf43a01bd56fc4639bec9efb632fe291a4441871b0a4/detection 193.40.147.36:8000 23.94.190.180:8000 azure365documents.com azurefilesupdates.com documents365updates.com office365onlinedocuments.com officeupdateonline.com # Reference: https://twitter.com/FewAtoms/status/1423299562026975234 http://13.250.41.54 # Reference: https://twitter.com/FewAtoms/status/1415004966591270914 lupasgroup.com # Reference: https://twitter.com/James_inthe_box/status/1423311821658681347 demo.usa-mycard.com/sql/ # Reference: https://twitter.com/jstrosch/status/1437857995292090371 suriyecastajanslari.bykmedya.com # Reference: https://www.virustotal.com/gui/file/d7d125932c112904d7485be8ca92338fbee3a80a01ce3ea5073606528755812b/detection http://185.161.208.194 # Reference: https://www.virustotal.com/gui/ip-address/185.161.208.194/relations alipayglobal.org amazonpmnt.com amzncldn.com checkpoint-ds.com cloudamazonft.com cloudhckpoint.com covidsrc.com covidsvcrc.com deuoffice.org global-imsec.com iteamates.com msftprintsvc.com printfiledn.com worldsiclock.com # Reference: https://twitter.com/pr0xylife/status/1445685832522690562 http://103.167.90.177 # Reference: https://www.virustotal.com/gui/file/7ffcb9f6daf4464de0fc3d659e47b76673c16c0f864ad0d2d1ac40f4b295ddfb/detection http://103.155.82.159 # Reference: https://twitter.com/reecdeep/status/1446030302934097921 http://3.70.52.8 # Reference: https://www.virustotal.com/gui/domain/statusupdate.one/detection statusupdate.one # Reference: https://twitter.com/pr0xylife/status/1446386683071586325 http://103.170.254.249 # Reference: https://twitter.com/pr0xylife/status/1446391370067980294 http://103.232.54.181 # Reference: https://twitter.com/MBThreatIntel/status/1447973920942952449 logue.my # Reference: https://twitter.com/netresec/status/1272787764765958145 # Reference: https://twitter.com/netresec/status/1272789544245637121 # Reference: https://app.any.run/tasks/d348af9e-1334-499a-b85f-66decc37e728/ sasakiguitarschool.com/v2/events # Reference: https://www.virustotal.com/gui/domain/testfood.ml/detection testfood.ml # Reference: https://www.virustotal.com/gui/domain/dujanadecfoods.ga/relations dujanadecfoods.ga # Reference: https://twitter.com/reecdeep/status/1459121655482040343 http://84.252.121.97 # Reference: https://www.virustotal.com/gui/file/42ff32fedd64a59278db988b8b702ff3252f7c2b747baaba6668aba386fb3760/detection http://194.147.32.53 cpitest.ru # Reference: https://twitter.com/1ZRR4H/status/1458856549535739904 # Reference: https://twitter.com/1ZRR4H/status/1458860861800398848 # Reference: https://twitter.com/1ZRR4H/status/1458861386092597258 http://13.250.40.196 http://173.82.151.182 http://18.237.162.188 # Reference: https://twitter.com/reecdeep/status/1460514950745579521 http://107.172.75.205 # Reference: https://twitter.com/1ZRR4H/status/1460576019597991946 gianninidesign.com # Reference: https://www.virustotal.com/gui/file/59662a6deb803ab0221ad1e79e3df698a2607b7ae064fe15dc12e2de71b483a3/detection http://185.165.29.48 # Reference: https://twitter.com/InQuest/status/1461528762978340864 http://103.167.93.37 # Reference: https://news.sophos.com/en-us/2021/11/18/new-ransomware-actor-uses-password-protected-archives-to-bypass-encryption-protection/ http://27.102.127.120 # Reference: https://twitter.com/pr0xylife/status/1450398699121750019 http://135.125.248.37 # Reference: https://twitter.com/Max_Mal_/status/1462201203601948683 http://89.41.182.71 # Reference: https://twitter.com/pr0xylife/status/1462722015786328069 http://198.23.207.36 # Reference: https://twitter.com/1ZRR4H/status/1462912034744549379 http://18.117.9.33 # Reference: https://twitter.com/pr0xylife/status/1463088448139579398 http://198.12.107.112 # Reference: https://twitter.com/pr0xylife/status/1463093186549714946 http://103.145.254.163 # Reference: https://twitter.com/r3dbU7z/status/1463763485880467457 http://134.209.200.69 http://157.245.66.75 # Reference: https://threatresearch.ext.hp.com/javascript-malware-dispensing-rats-into-the-wild/ # Reference: https://github.com/hpthreatresearch/iocs/blob/main/ratdispenser/urls.txt http://103.141.138.12 http://185.219.133.122 http://195.133.40.98 # Reference: https://www.virustotal.com/gui/file/dfae4a6d47c4e881aa5ede59d0edcd2ae913b65b129e950ea2ab097bff28ccb0/detection http://185.130.104.164 # Reference: https://twitter.com/InQuest/status/1464130004854448133 http://103.170.255.140 # Reference: https://twitter.com/InQuest/status/1464159010794491912 http://107.173.143.102 # Reference: https://twitter.com/pr0xylife/status/1464219627253342209 http://103.167.92.73 # Reference: https://twitter.com/InQuest/status/1464310001405767682 http://91.228.218.171 # Reference: https://www.virustotal.com/gui/file/0a8a1b80e189dcda3d05f8d4888468650368c5467be2db68720fd219217ed3b3/detection update9876.dnsd.me # Reference: https://twitter.com/pr0xylife/status/1465395752423804929 http://198.46.136.245 # Reference: https://www.virustotal.com/gui/file/ea0fa4b7c445a0b41dcc685eb30ff7eb3eb30bc40dbf12db96dcd5102d6f1359/detection http://103.167.92.133 # Reference: https://www.virustotal.com/gui/file/04cd1f95b865497975374e6fa29cb916694ea1899a0eaa2ede7365cc5b101d19/detection http://159.65.230.185 # Reference: https://twitter.com/ScarletSharkSec/status/1458085120502636544 http://198.46.132.212 # Reference: https://www.virustotal.com/gui/file/e81255ff6e0ed937603748c1442ce9d6588decf6922537037cf3f1a7369a8876/detection http://172.104.109.217 # Reference: https://twitter.com/pr0xylife/status/1468945134926675968 http://194.36.189.205 http://87.251.85.100 # Reference: https://www.virustotal.com/gui/ip-address/47.89.253.69/detection chrome-update-google.com critical-update-chrome.com # Reference: https://twitter.com/jstrosch/status/1469052651124006919 http://20.206.88.15 # Reference: https://app.any.run/tasks/e1a19a3b-4f71-41c0-8925-4062512325d4/ # Reference: https://www.virustotal.com/gui/file/731857a917a829491a03e5482433672fcff9cf33c1471459f23c666654a2ca4e/detection http://164.90.177.169 # Reference: https://twitter.com/InQuest/status/1468867983904751621 http://23.94.174.158 # Reference: https://www.virustotal.com/gui/file/32162670a5fe6a074491b83e2e631ebebd431dd821e7502f958bea3df4e14146/detection http://5.182.206.13 # Reference: https://twitter.com/IronNetTR/status/1466794475544616973 moet-rp.online # Reference: https://twitter.com/Unit42_Intel/status/1470778363254128651 http://149.91.89.17 # Reference: https://twitter.com/gwillem/status/1471143272353611785 divishka.ffox.site # Reference: https://www.virustotal.com/gui/file/efa22ab0015899c95aa6582cc90314de8d4cf2f52d3267eba50482b75d060ac5/detection http://103.253.43.214 # Reference: https://www.virustotal.com/gui/file/8c952cbf82718e661016b95979a210fe32bf87f2c5aaf28610db8d32268c7271/detection cloudjah.com # Reference: https://twitter.com/h2jazi/status/1472644426887487489 http://40.112.71.203 # Reference: https://twitter.com/FewAtoms/status/1457356476096421897 nofearsw.in # Reference: https://twitter.com/r3dbU7z/status/1468119168096612357 http://45.67.229.9 # Reference: https://twitter.com/FewAtoms/status/1440007318570143746 http://13.112.210.240 # Reference: https://www.virustotal.com/gui/file/4a4b6ec868a0f96afd0ce677eef87d118d2072d636181d7d24e5d29a963a5085/detection http://45.9.20.150 /windowshelper.bin # Reference: https://www.virustotal.com/gui/file/27548c9c3786d5906ecc3e283b4dac95271e88a378e16bc9e61c72be6d944879/detection ppgggb.com # Reference: https://www.virustotal.com/gui/file/d6d66f12ecdac2886547a0a49c0e49cfd5f8626aba2b8bc83535d7ad6aa96113/detection http://185.215.113.23 # Reference: https://twitter.com/jstrosch/status/1475977971039100934 http://8.209.107.30 # Reference: https://twitter.com/JAMESWT_MHT/status/1476105632751267840 http://179.43.187.131 # Reference: https://www.virustotal.com/gui/file/2f3c9975236c099013608ac9852e6c3b9b5677687e28c5683c1ecae38e02bb04/detection kukupingan.com # Reference: https://www.virustotal.com/gui/file/3f78e28650b8197835e115005d0f2a9e000d01384e55c15f15097bd86ca1e8e2/detection fantare.ru qqq.fantare.ru # Reference: https://twitter.com/benkow_/status/1476886648818384902 # Reference: https://dpaste.org/Nx77/raw http://176.111.174.69 http://185.215.113.208 http://193.135.12.27 http://193.38.55.144 http://193.38.55.83 http://193.38.55.84 http://194.61.120.8 http://45.84.179.2 # Reference: https://www.virustotal.com/gui/file/c9414f9e7ec6f3ba759335ac414092b357b131bda6c54f0ab0cee1e9a65eff3f/detection http://5.181.156.221 http://91.212.150.247 http://91.241.19.38 # Reference: https://www.virustotal.com/gui/file/3b2b4188e8cbac80e7e566dc84a9e49418e7d11a010e2b7e103aeb295cb59581/detection http://185.70.186.174 # Reference: https://www.virustotal.com/gui/file/9cbaafcc5fabe81105cbe09a869c1576dcb8c09c53386a6426ebead635502a67/detection http://193.150.70.6 http://45.142.215.144 http://45.159.188.186 http://93.157.62.185 # Reference: https://www.virustotal.com/gui/domain/liveme31.com/relations liveme31.com # Reference: https://www.virustotal.com/gui/domain/pplzy.pw/relations pplzy.pw # Reference: https://www.virustotal.com/gui/domain/the-flash-man.com/relations the-flash-man.com # Reference: https://www.virustotal.com/gui/domain/closedr.info/relations closedr.info # Reference: https://www.virustotal.com/gui/domain/mash2.info/relations mash2.info # Reference: https://www.virustotal.com/gui/domain/startupmart.bar/relations startupmart.bar # Reference: https://www.virustotal.com/gui/domain/spolaect.info/relations spolaect.info # Reference: https://www.virustotal.com/gui/domain/gavenetwork.bar/relations gavenetwork.bar # Reference: https://www.virustotal.com/gui/domain/get-europe-group.bar/relations get-europe-group.bar # Reference: https://www.virustotal.com/gui/domain/mysters.info/relations mysters.info # Reference: https://www.virustotal.com/gui/file/1022aed4c67e1fd0bc605d815bf9152d040a3288e91391f9637cbb55e54f0a03/detection http://91.243.44.130 # Reference: https://www.virustotal.com/gui/file/83c5af47ff7bccc6c1613bcb686b75f7f2c2c3c5f6a8af32decb00b459f799e8/detection http://45.142.212.196 # Reference: https://www.virustotal.com/gui/file/34ca4e801f564dcfb1127a5ae465dcc7d7d373cdc7e37100c35ad16674a55f7e/detection http://80.87.200.188 # Reference: https://twitter.com/TheDFIRReport/status/1479090547134455818 # Reference: https://blog.virustotal.com/2022/01/monitoring-malware-abusing-cve-2020-1599.html # Reference: https://research.checkpoint.com/2022/can-you-trust-a-files-digital-signature-new-zloader-campaign-exploits-microsofts-signature-verification-putting-users-at-risk/ commandaadmin.com teamworks455.com # Reference: https://twitter.com/1ZRR4H/status/1479298118915178496 # Reference: https://www.virustotal.com/gui/file/bb4ec7c0ef0967028461ba62b3acc5cf18e015f898deb6c85b543bb70745f95e/detection moneyinstall.us minecraftlead.ru stroymatkomplekt.ru # Reference: https://www.virustotal.com/gui/file/ba95d9a0ccf20be080f89d1be1cda6e1d9fb3600b4b2ac65b187e3ce0119d6c8/detection http://119.17.214.93 # Reference: https://www.virustotal.com/gui/file/2f3ab54b99c62db313f4a62dc674d71348a5b8d034ecd1a3418d618432e00817/detection http://119.17.214.92 # Reference: https://www.virustotal.com/gui/file/74f42688a1901d9d16bfb400fdc3918deba5c44c0fc847a03ac8ab473cb3d895/detection http://119.17.214.96 # Reference: https://twitter.com/James_inthe_box/status/1457745300123127811 http://103.124.106.149 # Reference: https://twitter.com/pr0xylife/status/1455094005914652673 http://202.55.133.79 # Reference: https://twitter.com/pr0xylife/status/1451463373091229716 http://103.167.84.138 # Reference: https://twitter.com/pr0xylife/status/1451466003460808705 http://192.227.158.101 # Reference: https://twitter.com/reecdeep/status/1451460263492849665 http://23.94.159.219 # Reference: https://twitter.com/pr0xylife/status/1450017891924029448 http://103.167.93.12 # Reference: https://twitter.com/InQuest/status/1450014272973586432 http://192.3.110.172 # Reference: https://twitter.com/pr0xylife/status/1447834700693782530 http://23.94.159.208 # Reference: https://twitter.com/InQuest/status/1447383680066990080 http://103.167.90.69 # Reference: https://twitter.com/InQuest/status/1447391470563041282 http://103.155.83.184 # Reference: https://twitter.com/InQuest/status/1447399272723386368 http://202.55.132.141 # Reference: https://twitter.com/r3dbU7z/status/1438962964703363075 http://3.127.222.135 # Reference: https://www.virustotal.com/gui/file/3859ba414a1e01ea8326302491d75c8015e4bc919ca0c7a04f0143b8b3412567/detection http://95.142.47.19 # Reference: https://www.virustotal.com/gui/file/5a962e6116bde82aa809719f0b1872fa7b1d6a477cc915528ee5d06cea4c1b75/detection http://185.186.142.166 http://37.49.230.237 # Reference: https://www.virustotal.com/gui/file/90585a2e93e20a3d84e5c28281936bb8503574956aee6dc93820226e604ec79f/detection http://91.243.44.128 # Reference: https://www.virustotal.com/gui/file/d312e2032ec1797161c4d85347063f8e49e250f100fa8f00c8614552bce87df3/detection beachbig.com # Reference: https://twitter.com/pr0xylife/status/1480494355177779202 http://107.173.229.131 # Reference: https://twitter.com/pr0xylife/status/1480841911019655171 http://103.153.79.104 # Reference: https://www.virustotal.com/gui/file/cc5a62e4984a28d010f9c4fad2307db1f156e25ca5e1d471bfae803f01dfb4e3/detection http://192.3.146.154 # Reference: https://www.virustotal.com/gui/file/c2ce066ae0423a870ecf4dbc36b73a0169f75ce8a0168ecfb81f78d0c3652ca6/detection http://45.138.72.43 # Reference: https://twitter.com/jstrosch/status/1481338605998067723 http://179.43.140.208 # Reference: https://blog.talosintelligence.com/2022/01/nanocore-netwire-and-asyncrat-spreading.html http://13.78.209.105 # Reference: https://www.virustotal.com/gui/file/d42e5f2e60b39e2aca3dd09a4dd5803a04b33821e6da8808ef9ef450d6771e30/detection http://137.135.65.29 # Reference: https://www.virustotal.com/gui/file/bdcaf31f882353b75031d1d7353085ff529612bec3a62e462fa3086d2a79bb85/detection http://52.150.26.35 # Reference: https://www.joesandbox.com/analysis/512154?idtype=analysisid#iocs http://40.85.140.7 # Reference: https://github.com/pan-unit42/tweets/blob/master/2022-01-12-IOCs-for-IcedID-with-Cobalt-Strike-and-DarkVNC.txt http://104.168.44.45 # Reference: https://www.virustotal.com/gui/file/80dcf447cef9dabc2f3ff03a318277ac06185ee7a3566cb48116f41a5c02801b/detection http://198.23.212.239 # Reference: https://twitter.com/reecdeep/status/1481997298326556677 http://20.51.217.113 # Reference: https://www.virustotal.com/gui/file/6fcf190d85dee62ab18a9bd36d8db98cadc10e75ec8aacd1093013a46e188db4/detection http://113.212.88.60 113.212.88.60:88 # Reference: https://twitter.com/1ZRR4H/status/1454885256436256779 http://1.234.83.196 http://113.212.88.135 http://113.212.88.60 http://185.254.240.239 # Reference: https://www.virustotal.com/gui/ip-address/37.1.209.213/relations http://37.1.209.213 # Reference: https://www.virustotal.com/gui/file/cf4e53b7758ebb9a9470cb6fd3a2c69fcd96e045534ab80a44eac752c09e50f0/detection marks397.co.za # Reference: https://twitter.com/pr0xylife/status/1483100182829019144 http://198.12.81.81 # Reference: https://twitter.com/felixaime/status/1483089929802498055 # Reference: https://twitter.com/felixaime/status/1483114131595186181 # Reference: https://www.virustotal.com/gui/file/0ddde6a23956364f828de2de1abdbf9fc6d4952683f777d03fe01fa0b367b2b2/detection http://104.168.32.66 http://20.51.217.113 # Reference: https://www.virustotal.com/gui/file/e14ea6085447b2c93ede3aa3151dd998f1831f782333372b711343d418cfb545/detection http://146.0.77.114 http://185.130.104.235 http://193.238.47.118 # Reference: https://twitter.com/MBThreatIntel/status/1483145128806129668 http://198.144.176.204 # Reference: https://twitter.com/reecdeep/status/1483348720120967171 http://185.237.206.163 # Reference: https://twitter.com/idclickthat/status/1482032319418535940 # Reference: https://www.virustotal.com/gui/domain/ghostappstore.com/relations 103.61.31.155:8666 99.83.191.53:8666 ghostappstore.com down.ghostappstore.com # Reference: https://www.virustotal.com/gui/ip-address/91.241.19.52/relations http://91.241.19.52 # Reference: https://twitter.com/pr0xylife/status/1483558099587842051 http://180.214.237.30 # Reference: https://www.virustotal.com/gui/file/f25a79f4767d6469e49d59fa050da7ecc7da6e2603ef1645b9ce1758960cb910/detection http://84.38.133.143 # Reference: https://www.virustotal.com/gui/file/6604c2874c051ea173e5a46d2045501441050ba6a553a8b4ab7164dbfdf95f46/detection http://35.87.49.226 # Reference: https://www.virustotal.com/gui/file/9fcda8bfa60b55886191c9a849f69092c57f384f55b9bddba78711bb51f1761d/detection http://45.88.3.236 # Reference: https://www.virustotal.com/gui/file/94766b7f5469168f24fe98d5b8a3bf6828a8a3ce13b4a3e372e9bbdf5efa984d/detection http://149.28.98.202 # Reference: https://twitter.com/s1ckb017/status/1484099242562101250 http://107.174.138.132 # Reference: https://twitter.com/r3dbU7z/status/1484172382684139530 http://135.148.74.241 # Reference: https://twitter.com/petrovic082/status/1484252860879618057 http://192.210.214.174 # Reference: https://www.virustotal.com/gui/file/e6508fcc221feaf48e4af7a66e74edd76edbf7e0c177a5b5c8d4e581a543ea02/detection http://172.241.27.208 # Reference: https://www.virustotal.com/gui/file/0291aad7b0fe24f5dc25ded98bf4ad1bf2604f3966abab3a2f262a4ff08721f5/detection http://185.237.206.185 # Reference: https://twitter.com/malwrhunterteam/status/1484545680077164549 # Reference: https://www.virustotal.com/gui/file/eed311ae1c342ed17301ccc1c93342e163dd1e016f4843ede7c09175e76be541/detection mynavytoday.com # Reference: https://twitter.com/cyber__sloth/status/1484465719542747137 http://192.99.190.34 # Reference: https://twitter.com/petrovic082/status/1484837128563474436 http://170.39.212.195 # Reference: https://inquest.net/blog/2022/01/24/analysis-remcos-rat-dropper http://104.223.119.167 http://64.188.19.241 # Reference: https://www.virustotal.com/gui/ip-address/162.244.32.133/relations http://162.244.32.133 # Reference: https://twitter.com/reecdeep/status/1485979072933117952 http://192.210.219.13 # Reference: https://twitter.com/malwrhunterteam/status/1486613791504842753 # Reference: https://www.virustotal.com/gui/file/9866573fcfb435c3032cad9ff6116d408bac12d24c9fcf524c280465ca9f2631/detection http://194.127.192.136 # Reference: https://www.virustotal.com/gui/file/2dd21ba18dede0cf4985b9ab6175898328eb60fca9f0cd3785020e7cc521054e/detection http://138.68.162.128 http://87.251.64.133 # Reference: https://www.virustotal.com/gui/domain/federguda.ru/relations federguda.ru # Reference: https://www.virustotal.com/gui/file/950bc90e32c3af6a835e4e84a966aa54caf81b18b38e46eaf2b94cc9ff214a5f/detection mikeloayza.com # Reference: https://www.virustotal.com/gui/file/e7cfe81d4e1f128d38629a9bc2be025f821bf8c001df14771e375b168cc5fe6f/detection bosslike.ct8.pl codingguydev.000webhostapp.com # Reference: https://www.virustotal.com/gui/domain/nxxxn.ga/relations nxxxn.ga d.nxxxn.ga g.nxxxn.ga r.nxxxn.ga t.nxxxn.ga x.nxxxn.ga # Reference: https://www.virustotal.com/gui/file/00fd0c27ccd389b33d9293b163b3d431cab6dfda9156273eb281a8ec9ae36d24/detection http://181.214.152.249 # Reference: https://www.virustotal.com/gui/file/1dca676f7e72738b4928d057d009880eab95bba1aec163abed9f2aef74909916/detection http://45.11.186.24 # Reference: https://www.virustotal.com/gui/file/045de5acd7f3b4b0a4d402c17f8779f68ee957e2323ae61b0d1907dcb1a7472c/detection http://5.255.100.31 # Reference: https://twitter.com/Dany74746320/status/1485042967811395587 viagramain.com # Reference: https://urlhaus.abuse.ch/url/2016124/ http://212.192.246.239 # Reference: https://twitter.com/s1ckb017/status/1488105648407601152 foohello.work # Reference: https://github.com/pr0xylife/Lokibot/blob/main/Lokibot_31.01.2022.txt http://104.168.32.36 # Reference: https://twitter.com/pr0xylife/status/1488236339283771399 http://192.210.218.119 # Reference: https://www.virustotal.com/gui/file/0275a7b7aa219043d31f1fe5741b5b02c43144ced65c5141badc4ce38581c6b3/detection http://193.56.146.36 bursakulis.com chickenwalas.com cllgxx.com luminati-china.net tweakballs.com tg8.cllgxx.com hb888.luminati-china.net testjndmtle.luminati-china.net # Reference: https://www.virustotal.com/gui/file/cbb1036b419a366580acf33e3279e192ad15635568fb7aea329487109145aa31/detection http://84.252.122.205 # Reference: https://www.virustotal.com/gui/domain/ddl8.data.hu/relations ddl8.data.hu # Reference: https://twitter.com/InQuest/status/1488977019698356230 http://84.38.132.24 # Reference: https://twitter.com/James_inthe_box/status/1489004195000688640 http://209.127.19.101 http://64.188.19.241 # Reference: https://twitter.com/malwrhunterteam/status/1489244181922865155 # Reference: https://www.virustotal.com/gui/ip-address/185.117.72.143/relations http://185.117.72.143 # Reference: https://twitter.com/1ZRR4H/status/1489286212313567237 http://206.188.196.166 # Reference: https://www.virustotal.com/gui/file/cc53402a8786978db2ff36ec45bd2c289bb204ac61c38a68b696ed96a12c494e/detection myhost.2zzz.ru # Reference: https://www.virustotal.com/gui/file/95beb72d6d3c5d7738338fd5c2d2edbf9fe035c8d518ec1fbbaa209fecbdf45f/detection ioadhost.2zzz.ru loadhost.2zzz.ru # Reference: https://www.virustotal.com/gui/file/7fde634192e6012c73e5f4e776de8e5749f12dc9f54e0779105055917d9d2485/detection files.2zzz.ru # Reference: https://github.com/pr0xylife/Lokibot/blob/main/Lokibot_07.02.2022.txt http://18.215.63.247 # Reference: https://www.virustotal.com/gui/file/04b2dc417dc419adc70b8d853142903f7da38511da4e90858d287ae7c016ebf5/detection http://104.168.5.57 # Reference: https://github.com/pr0xylife/nworm/blob/main/nworm_10.02.2022.txt http://103.151.125.186 http://54.235.58.2 # Reference: https://github.com/pr0xylife/Lokibot/blob/main/Lokibot_10.02.2022.txt http://107.173.219.30 http://198.46.132.195 # Reference: https://www.virustotal.com/gui/file/794bcfb84b20f5e74a85d54aa222cc580600a7a6f9ee90ad667989ee1f2f13a5/detection http://54.144.18.201 # Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-02-10%20Remcos%20IOCs http://209.127.20.130 # Reference: https://www.virustotal.com/gui/file/14afe589bfefb5b555aa0b824d995525bc8a41bef14586108c34540071b637c9/detection ggiimage.com # Reference: https://www.virustotal.com/gui/file/e78187122c899922fa5967bb3950dbbdf31608758de38e63d10976901f939a39/detection http://3.141.31.43 # Reference: https://www.virustotal.com/gui/file/3a88a0123189b10361e57739e572fcf7151f5021d1b7aaf2ccacd4559cd26e95/detection asia-south-36774.packetriot.net blissful-river-74383.pktriot.net # Reference: https://www.virustotal.com/gui/file/083c8ebec80a4a652972b5899c03e4a41711cfa6e1c030654d39dc0f2a4e15e8/detection boys4dayz.com duzlwewk2uk96.cloudfront.net # Reference: https://www.virustotal.com/gui/ip-address/111.90.146.149/relations # Reference: https://www.virustotal.com/gui/file/2684cbbbe4b27fe7bbf5c4918c9986ffe4052661d2ae0f41d8e1cc02876049b5/detection asdfk.pw aupw.pw choechal.pw chuizi.icu cnzzqo.pw egsa.pw findone.icu haikuy.pw hwuaee.icu jhuzw.pw jukaiop.pw menzbv.pw mnbuiy.pw mnbx.pw oppopp.icu papoo.pw papwli.pw pinguo.icu poasdl.pw pplzy.pw puhua.pw ticaus.pw ukcom.pw vivivovo.icu whzuix.pw yiyuli.pw yuyhmi.pw znytli.pw zuxjp.pw # Reference: https://www.virustotal.com/gui/file/000e5cefeb611d72332acd698462d8bf905caca5f7fc8df6fba36580da526ae9/detection atomtweaks.com glclick.com # Reference: https://www.virustotal.com/gui/file/5fec64545072154ae4165f7b1806e1984667ce1c64d5fb457f966c59727e4018/detection jackytpload.su # Reference: https://www.virustotal.com/gui/file/f0de5be449cfd7b81901ba08a7d9bab4fb6fb09bf23cead68a59118c23c920c4/detection hsl-pebble.cn s1-i47p.5588888.xyz /e/10363/shell.txt # Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2021-08-19%20Remcos%20RAT%20IOCs%202 http://198.23.251.110 # Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2021-09-15%20Remcos%20IOCs http://192.210.214.221 # Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-01-19%20Remcos%20IOCs http://167.160.166.228 # Reference: https://threatresearch.ext.hp.com/redline-stealer-disguised-as-a-windows-11-upgrade/ http://81.4.105.174 # Reference: https://www.virustotal.com/gui/file/5c7b06a1d59f2d6237bd858ccf1199528ff6879f1d4e4db197e6d58df7de87a0/detection http://115.159.154.82 # Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2021-11-08%20Vjw0rm%20IOCs http://179.61.237.75 # Reference: https://twitter.com/phage_nz/status/1493130615658479617 http://3.86.58.190 # Reference: https://twitter.com/th3_protoCOL/status/1492959950498193408 http://198.100.159.92 # Reference: https://twitter.com/r3dbU7z/status/1493263818222415879 http://5.2.76.43 # Reference: https://twitter.com/jstrosch/status/1493390004936134659 http://185.136.171.110 # Reference: https://twitter.com/MBThreatIntel/status/1493610043513712640 auto-falkanhahn.de # Reference: https://twitter.com/r3dbU7z/status/1493675446210281479 http://45.32.132.166 # Reference: https://twitter.com/jstrosch/status/1493799495007715329 159.89.55.248:8080 # Reference: https://www.virustotal.com/gui/file/1155c0a3ed4fff855d7638989626d70a34a9cd35c943d5899fce5fa8fb2a47e2/detection http://107.173.229.134 # Reference: https://www.virustotal.com/gui/domain/celestialcomet.cc/relations celestialcomet.cc # Reference: https://www.virustotal.com/gui/domain/cloudstorage.pm/relations cloudstorage.pm # Reference: https://www.virustotal.com/gui/domain/allendefarm.pl/relations allendefarm.pl # Reference: https://www.virustotal.com/gui/file/2965d4a8e0c8b61acaba9ac5c24424f5d2925ba658a9871553a1cff6cc5db56c/detection fastcomet.cc # Reference: https://twitter.com/dubstard/status/1494564720795582465 rari.fund # Reference: https://twitter.com/malwrhunterteam/status/1494996632005447681 travel-ag.com # Reference: https://twitter.com/adm1n_usa32/status/1495985775179186176 google247.xyz # Reference: https://twitter.com/pr0xylife/status/1495818338097844227 http://3.145.46.6 # Reference: https://asec.ahnlab.com/en/31811/ http://103.243.26.225 http://144.48.240.69 http://144.48.240.85 http://81.68.76.46 # Reference: https://twitter.com/malwrhunterteam/status/1489615424937472000 # Reference: https://twitter.com/malwrhunterteam/status/1496231014246621188 nude-photos.casacam.net nude-photo.giize.com # Reference: https://twitter.com/pr0xylife/status/1496565773803864068 # Reference: https://www.virustotal.com/gui/domain/aacqx.shop/relations aacqx.shop # Reference: https://twitter.com/malwrhunterteam/status/1497235270416097287 http://179.43.175.171 # Reference: https://twitter.com/Dashowl/status/1497620618216452098 http://45.67.230.104 # Reference: https://www.virustotal.com/gui/file/33d5edfef5ffcf3f32ecad4426a11a24069d8e37d3936d528bfb26ff34edbe99/detection zdert.xyz # Reference: https://twitter.com/TeamDreier/status/1498960798458298373 /sdfghj654hgfkc/ # Reference: https://twitter.com/MBThreatIntel/status/1499435864035934212 http://192.227.196.211 # Reference: https://twitter.com/reecdeep/status/1499668276149948416 http://107.172.13.168 # Reference: https://otx.alienvault.com/pulse/6222096d5505582bf113ccb7/ http://103.167.92.57 # Reference: https://www.virustotal.com/gui/file/001807f9c24cb224cc074f66a2c9ab8b86dde7c752a7a60632bd2b06080fafbd/detection duoproc.ru # Reference: https://www.virustotal.com/gui/file/11889b6adca11a7385d45ced048069c82540888811e5d3b08855e37c17782f73/detection http://192.3.247.134 # Reference: https://www.virustotal.com/gui/file/2978b63f597bcba76e4bc33311d013b56e170857021dc5154ff94861117d2694/detection kaaspersky.000webhostapp.com # Reference: https://twitter.com/pr0xylife/status/1500841191885217792 http://198.12.110.189 # Reference: https://github.com/pr0xylife/Lokibot/blob/main/Lokibot_08.03.2022.txt http://198.23.251.29 # Reference: https://www.virustotal.com/gui/file/c14c3e28aeede2cb2c195601336f9f44a8549b0a4f473a278c3431f19a05b67d/detection http://34.105.85.231 # Reference: https://twitter.com/pr0xylife/status/1501489251837427712 http://180.214.236.32 # Reference: https://twitter.com/pr0xylife/status/1501538557302906881 http://52.78.165.165 # Reference: https://twitter.com/malwrhunterteam/status/1501550442668507143 http://193.56.29.230 # Reference: https://twitter.com/InQuest/status/1501556259534872578 http://35.184.204.221 http://94.130.207.164 # Reference: https://twitter.com/malwrhunterteam/status/1501640601359503365 # Reference: https://www.virustotal.com/gui/file/391483124c214da2d00a0819a9097949d6dc30578f4c3722df78ca6693a127cc/detection http://45.149.128.129 # Reference: https://www.virustotal.com/gui/file/e420d90738208a061aaca7b310bedf7efb56e89451c19d5049649621283ec583/detection http://18.181.195.19 # Reference: https://twitter.com/petrovic082/status/1502943136611454978 ec2-34-229-64-131.compute-1.amazonaws.com # Reference: https://twitter.com/jstrosch/status/1504104392353624072 finec-microfinance.com/2/ # Reference: https://www.crowdstrike.com/blog/prophet-spider-exploits-citrix-sharefile/ http://188.119.149.160 188.119.149.160:443 45.61.136.39:443 # Reference: https://twitter.com/0xrb/status/1504337558452715527 controlparks.com/1/ # Reference: https://twitter.com/jstrosch/status/1504650708767109121 utterims.com # Reference: https://twitter.com/bad_packets/status/1504639326893731840 14.55.65.217:8080 # Reference: https://www.virustotal.com/gui/domain/adds-only.xyz/relations adds-only.xyz # Reference: https://www.virustotal.com/gui/file/e6224ff810cce2cbdab4b18591fbf810c12b3ebdc85121f1a56b3dfb36ac3bc3/detection stoic2019.shop # Reference: https://www.virustotal.com/gui/domain/cyt8t.com/relations cyt8t.com # Reference: https://twitter.com/malwrhunterteam/status/1505192978603823107 http://172.241.27.108 # Reference: https://blog.talosintelligence.com/2022/03/threat-roundup-0311-0318.html (# Win.Malware.Johnnie-9941227-0) # Reference: https://www.virustotal.com/gui/domain/api.boosting.online/relations # Reference: https://www.virustotal.com/gui/file/0b725f38337f41789472e3f61b37b425bc3ba2fb6a51a32fbaec219330eb88f7/detection boosting.online win3.online win3.ru api.boosting.online # Reference: https://twitter.com/BushidoToken/status/1505639071443570699 # Reference: https://otx.alienvault.com/pulse/6237878e4937d1bad108047f/ http://34.105.85.231 http://35.184.204.221 http://34.71.81.158 consular-thpass.com consulatelteamthailand.com teamconsulatelthailand.com ec2-34-229-64-131.compute-1.amazonaws.com microsoft.soundcast.me # Reference: https://twitter.com/tosscoinwitcher/status/1505784120927932418 http://84.38.135.159 # Reference: https://twitter.com/idclickthat/status/1505923827766865924 # Reference: https://www.virustotal.com/gui/file/9c7b2fabd58d70c0e348e23b6e2beac28e26e80566449fb5e5b10c2d6bef2b55/detection campus-art.com ledgrelive.com # Reference: https://twitter.com/James_inthe_box/status/1506680809880621066 http://51.210.78.57 # Reference: https://www.virustotal.com/gui/file/e93cc14c93709b38dc8d95fb58d70d1a8930576c7d16c64c3efbc4cc08d951ff/detection http://84.38.132.43 # Reference: https://www.virustotal.com/gui/file/03eb59205f453806754b1a677d5d4786431c902f045aef1115ee890b86e7e779/detection http://185.215.113.93 # Reference: https://www.virustotal.com/gui/file/1caad2746b5dad26d33c116a47aced816d050ff176b7314c99427ad4b03bfbf2/detection http://172.245.163.174 # Reference: https://www.virustotal.com/gui/file/16e587a78c6af7a68db2eee80ac40ccec784aeb261cfa7bab04c54608dc96324/detection http://185.215.113.77 # Reference: https://www.virustotal.com/gui/file/0d85bf6b36123e7da8daa9e7504f2b54db40d8d0e9eefa127b5e4c4fff16c53f/detection http://23.106.122.152 http://37.120.222.60 # Reference: https://www.virustotal.com/gui/file/0d8e031c65e57c9924aa28bb61871e136c52cc522e8b247d504808ae93d779a4/detection http://193.106.191.196 # Reference: https://twitter.com/malwrhunterteam/status/1508505771935473665 http://156.241.129.39 # Reference: https://twitter.com/0xrb/status/1508691938576576514 http://90.173.99.208 # Reference: https://www.virustotal.com/gui/domain/mbplc.xyz/relations mbplc.xyz # Reference: https://www.virustotal.com/gui/domain/igov-service.net/detection igov-service.net # Reference: https://blog.talosintelligence.com/2021/08/proxyware-abuse.html # Reference: https://otx.alienvault.com/pulse/6130ad0fa45240740e294965 ariesbee.com aurigabee.xyz bootesbee.com heartsbeat.gq xsvpn.cf r.honeygain.money # Reference: https://www.virustotal.com/gui/file/f32025e75c842a46fd3088b35dc64df4736cb41f8b08d6ba1706bb143ee16a3e/detection # Reference: https://www.virustotal.com/gui/file/22594c0c333f61a66000ddec797c0aec98ae9eeaf32d6a7fb8660ac73445d433/detection http://103.238.225.37 103.238.225.37:443 # Reference: https://twitter.com/malwrhunterteam/status/1509459212493070340 http://103.158.190.54 # Reference: https://www.virustotal.com/gui/domain/dev-com.sc/detection dev-com.sc api.dev-com.sc # Reference: https://www.virustotal.com/gui/domain/degengeneral.000webhostapp.com/relations degengeneral.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/a82d9e290498a9ba960a9118db0b68eee6934831e96bedc3799766851571c8b9/detection thiagoviado.com # Reference: https://twitter.com/jstrosch/status/1509874812503707665 http://50.87.194.40 # Reference: https://twitter.com/malwrhunterteam/status/1510262816057528327 lolo3443443.7m.pl # Reference: https://www.virustotal.com/gui/domain/zonasertaneja.com.br/relations zonasertaneja.com.br # Reference: https://twitter.com/malwrhunterteam/status/1511289543432957957 corncastt.net # Reference: https://twitter.com/malwrhunterteam/status/1511399876021690381 http://20.106.232.4 # Reference: https://twitter.com/malwrhunterteam/status/1511396879703158795 http://121.5.28.63 # Reference: https://www.virustotal.com/gui/file/3be429999574d121c9004caef1dc4ae73f50d899d4f73cea9fe0b4f166a05356/detection http://107.173.143.29 # Reference: https://twitter.com/Dashowl/status/1511771478152392711 185.25.50.239:8080 # Reference: https://www.virustotal.com/gui/file/e42f42aa0999285f9b0e1b159cb3778769447877cd3fa96f9dd06313375d8b9a/detection f0607393.xsph.ru # Reference: https://www.virustotal.com/gui/file/d8b6bd73a6fc1abb9cbbea7e17f9e38c07f5b2f096012b3df28deb5f0c3dde21/detection a0604050.xsph.ru # Reference: https://www.virustotal.com/gui/file/d695bc1bd1a2686198b21cb7e0e776fe29cddca13a858917771e0897d338cc4f/detection http://96.47.235.202 # Reference: https://twitter.com/Jirehlov/status/1512795466253357062 # Reference: https://www.virustotal.com/gui/file/9e283d465120e808898727d2331e64dea69be9e10e2f26298d6ac2330f07bdf1/detection telegram-cn.org tgzh.oss-cn-hongkong.aliyuncs.com # Reference: https://twitter.com/0xhido/status/1513501384729104385 http://209.127.91.101 # Reference: https://www.virustotal.com/gui/file/ec4debc52011a0e1cfdc28bfcad2fcd17a1ebb36aca7b0b139649463fdbed485/detection http://185.101.107.92 # Reference: https://www.virustotal.com/gui/file/fe45251115d45f4c6957cfe55c353b41419dd74eeae31dced6235ce5b8f45344/detection http://38.132.101.45 # Reference: https://twitter.com/pr0xylife/status/1513984415684345868 http://193.27.14.214 # Reference: https://twitter.com/JAMESWT_MHT/status/1514492777593294848 http://78.14.113.227 78.14.113.227:8080 # Reference: https://www.virustotal.com/gui/domain/atps-proximo.pt/relations atps-proximo.pt # Reference: https://www.virustotal.com/gui/file/0019c5250ed8b254a0dba743253806bdbd72c408decd1d2d53de03355a0f0f6a/detection http://107.189.6.214 xxx01xzb.beget.tech # Reference: https://www.trendmicro.com/en_us/research/21/k/campaign-abusing-rats-uses-fake-websites.html # Reference: https://otx.alienvault.com/pulse/61a7a4ab87dda2ec4c035c7e allincalisthenics.com bingoroll20.net bingoroll21.net bingoroll22.net bingoroll23.net bummerpost.com deiflo.com erin-nathaniel.com estateplanningcentral.com evvresponsefund.com faraipyro.com nathanfraser.com nationalinsuranceappraisersregistry.com neponsetflagfootballleague.com optimalfatmetabolism.com toa-ara.com # Reference: https://www.virustotal.com/gui/file/0d64fd162d94601ddd806df804103f3713c4aa43c201fffb9c92783c29d6094c/detection http://66.154.112.212 # Reference: https://www.microsoft.com/security/blog/2021/08/26/widespread-credential-phishing-campaign-abuses-open-redirector-links/ # Reference: https://otx.alienvault.com/pulse/612c8ea759d6287ad242b320 23moesian-10.com 23moesian-11.com 23moesian-15.com 23moesian-16.com 23moesian-17.com 23moesian-18.com 23moesian-19.com 23moesian-2.com 23moesian-20.com 23moesian-26.com 77support-update23-4.com a-cl.xyz account-info002.com account-info003.com account-info004.com account-info005.com account-info007.com account-info008.com account-info011.com account-info012.com accountservicealert002.com accountservicealert003.com adminmabuk103.com adminsecurity101.com adminsecurity102.com appgetbox10.com appgetbox3.com appgetbox5.com appgetbox6.com appgetbox7.com appgetbox8.com appgetbox9.com bas9oiw88remnisn-1.com bas9oiw88remnisn-10.com bas9oiw88remnisn-11.com bas9oiw88remnisn-12.com bas9oiw88remnisn-13.com bas9oiw88remnisn-14.com bas9oiw88remnisn-15.com bas9oiw88remnisn-16.com bas9oiw88remnisn-17.com bas9oiw88remnisn-19.com bas9oiw88remnisn-2.com bas9oiw88remnisn-20.com bas9oiw88remnisn-21.com bas9oiw88remnisn-22.com bas9oiw88remnisn-23.com bas9oiw88remnisn-24.com bas9oiw88remnisn-25.com bas9oiw88remnisn-26.com bas9oiw88remnisn-27.com bas9oiw88remnisn-3.com bas9oiw88remnisn-4.com bas9oiw88remnisn-5.com bas9oiw88remnisn-7.com bas9oiw88remnisn-8.com bas9oiw88remnisn-9.com berangberang-10.com berangberang-11.com berangberang-12.com berangberang-13.com berangberang-3.com berangberang-4.com berangberang-5.com berangberang-6.com berangberang-7.com berangberang-8.com berangberang-9.com bimspelitskalix-xuer2.com bimspelitskalix-xuer6.com bimspelitskalix-xuer7.com bimspelitskalix-xuer9.com c-hi.xyz c-tl.xyz care887-yyrtconsumer23-23.com care887-yyrtconsumer23-24.com care887-yyrtconsumer23-25.com care887-yyrtconsumer23-26.com care887-yyrtconsumer23-27.com cokils2ptys-1.com cokils2ptys-3.com cokils2ptys-6.com contackamazon1.com copris7-yearts-37.com copris7-yearts-38.com copris7-yearts-39.com copris7-yearts-4.com copris7-yearts-40.com copris7-yearts-5.com copris7-yearts-6.com copris7-yearts-7.com copris7-yearts-8.com copris7-yearts-9.com dak12shub-1.com dak12shub-10.com dak12shub-3.com dak12shub-4.com dak12shub-6.com dak12shub-8.com dak12shub-9.com f-io.online fasttuamz587-4.com fenranutc0x24ai-11.com fenranutc0x24ai-13.com fenranutc0x24ai-17.com fenranutc0x24ai-18.com fenranutc0x24ai-4.com gaplerr-xt5.com gets25-amz.net gets27-amz.net gets28-amz.net gets29-amz.net gets3-amz.net gets30-amz.net gets31-amz.net gets32-amz.net gets34-amz.net gets35-amz.net gxnhfghnjzh809.com hayalanphezor-1sit.com hayalanphezor-2sit.com hayalanphezor-3sit.com hayalanphezor-4sit.com hayalanphezor-6sit.com hayalanphezor-7sit.com hpk02h21yyts-6.com hvgjgj-shoes01.com hvgjgj-shoes08.com hvgjgj-shoes10.com hvgjgj-shoes11.com hvgjgj-shoes12.com hvgjgj-shoes13.com hvgjgj-shoes14.com hvgjgj-shoes15.com hvgjgj-shoes16.com hvgjgj-shoes18.com hvgjgj-shoes19.com hvgjgj-shoes20.com i-at.club irformainsition0971a8-net16.com j-on.xyz jgkxjhx-shoes02.com jgkxjhx-shoes03.com jgkxjhx-shoes04.com jgkxjhx-shoes05.com jgkxjhx-shoes08.com jgkxjhx-shoes09.com kenatipurecehkali-xt12.com kenatipurecehkali-xt13.com kenatipurecehkali-xt3.com kenatipurecehkali-xt4.com kenatipurecehkali-xt5.com kenatipurecehkali-xt6.com ketiak-muser13.com ketiak-muser14.com ketiak-muser15.com laser9078-ter10.com laser9078-ter11.com laser9078-ter17.com maills-activitymove01.com maills-activitymove02.com maills-activitymove04.com masihtidur-shoes01.com masihtidur-shoes02.com masihtidur-shoes04.com masihtidur-shoes07.com masihtidur-shoes08.com noticesumartyas-sc13.com noticesumartyas-sc15.com noticesumartyas-sc16.com noticesumartyas-sc17.com noticesumartyas-sc18.com noticesumartyas-sc19.com noticesumartyas-sc2.com noticesumartyas-sc20.com noticesumartyas-sc21.com noticesumartyas-sc22.com noticesumartyas-sc23.com noticesumartyas-sc24.com noticesumartyas-sc25.com noticesumartyas-sc29.com noticesumartyas-sc4.com noticesumartyas-sc5.com notoficationdeliveryamazon1.com notoficationdeliveryamazon10.com notoficationdeliveryamazon12.com notoficationdeliveryamazon13.com notoficationdeliveryamazon14.com notoficationdeliveryamazon16.com notoficationdeliveryamazon17.com notoficationdeliveryamazon18.com notoficationdeliveryamazon19.com notoficationdeliveryamazon2.com notoficationdeliveryamazon20.com notoficationdeliveryamazon23.com notoficationdeliveryamazon3.com notoficationdeliveryamazon4.com notoficationdeliveryamazon5.com notoficationdeliveryamazon6.com notoficationdeliveryamazon7.com notoficationdeliveryamazon8.com org77supp-minty662-10.com org77supp-minty662-7.com org77supp-minty662-8.com org77supp-minty662-9.com organix-xtc18.com organix-xtc21.com p-at.club posher876ffffff-25.com posher876ffffff-29.com posher876ffffff-30.com posher876ffffff-5.com posidma-posidjar01.com posidma-posidjar03.com posidma-posidjar05.com posidma-posidjar06.com ressstauww-6279-1.com ressstauww-6279-10.com ressstauww-6279-3.com ressstauww-6279-7.com rick845ko-1.com rick845ko-10.com rick845ko-2.com rick845ko-3.com rick845ko-5.com rick845ko-6.com romanseyilefreaserty0824r-1.com romanseyilefreaserty0824r-2.com romanseyilefreaserty0824r-3.com romanseyilefreaserty0824r-4.com romanseyilefreaserty0824r-5.com romanseyilefreaserty0824r-6.com romanseyilefreaserty0824r-7.com securemanageprodio-01.com securemanageprodio-02.com securemanageprodio-03.com securemanageprodio-04.com securemanageprodio-05.com securityaccount102.com service-account-374567.com service-account-5315.com service-account-7243.com service-account-7247.com service-account-7254.com service-account-735424.com service-account-762441.com service-account-76357.com service-account-764246.com service-account-8457845.com solution23-servviue-1.com solution23-servviue-10.com solution23-servviue-11.com solution23-servviue-12.com solution23-servviue-13.com solution23-servviue-14.com solution23-servviue-15.com solution23-servviue-16.com solution23-servviue-17.com solution23-servviue-18.com solution23-servviue-19.com solution23-servviue-20.com solution23-servviue-23.com solution23-servviue-24.com solution23-servviue-25.com solution23-servviue-26.com solution23-servviue-27.com solution23-servviue-30.com solution23-servviue-4.com solution23-servviue-5.com solution23-servviue-6.com solution23-servviue-7.com solution23-servviue-8.com solution23-servviue-9.com spammer-comingson01.com spammer-comingson02.com spammer-comingson04.com spammer-comingson05.com spammer-comingson07.com suppamz2-piryshj01-1.com suppamz2-piryshj01-3.com suppamz2-piryshj01-6.com suppamz2-piryshj01-9.com sux71a37-net1.com sux71a37-net10.com sux71a37-net11.com sux71a37-net12.com sux71a37-net13.com sux71a37-net14.com sux71a37-net15.com sux71a37-net17.com sux71a37-net18.com sux71a37-net19.com sux71a37-net2.com sux71a37-net20.com sux71a37-net21.com sux71a37-net25.com sux71a37-net26.com sux71a37-net27.com sytesss-tas7.com tembuslah-bandar01.com tembuslah-bandar02.com tembuslah-bandar03.com tembuslah-bandar04.com tembuslah-bandar05.com tembuslah-bandar06.com tembuslah-bandar07.com tembuslah-bandar08.com tembuslah-bandar09.com tembuslah-bandar10.com trashxn-euyr1.com trashxn-euyr10.com trashxn-euyr11.com trashxn-euyr12.com trashxn-euyr14.com trashxn-euyr15.com trashxn-euyr16.com trashxn-euyr17.com trashxn-euyr18.com trashxn-euyr19.com trashxn-euyr2.com trashxn-euyr20.com trashxn-euyr3.com trashxn-euyr5.com trashxn-euyr6.com trashxn-euyr7.com trashxn-euyr9.com winb2as-wwersd76-1.com winb2as-wwersd76-10.com winb2as-wwersd76-12.com winb2as-wwersd76-18.com winb2as-wwersd76-19.com winb2as-wwersd76-20.com winb2as-wwersd76-4.com winb2as-wwersd76-6.com winb2as-wwersd76-7.com wixclwardwual-updates1.com wixclwardwual-updates10.com wixclwardwual-updates5.com wixclwardwual-updates6.com wixclwardwual-updates7.com wixclwardwual-updates8.com wixclwardwual-updates9.com wtbwts-junet1.com xcfhjxfyxnhnjzh10.com zxcsaxb-good10.com zxcsaxb-good3.com zxcsaxb-good4.com zxcsaxb-good5.com zxcsaxb-good6.com zxcsaxb-good8.com # Reference: https://www.virustotal.com/gui/file/05c4ef24468ae00a47764f92984c36a6ca933dcdbd90fd409ba5327caf43b915/detection http://192.227.228.106 # Reference: https://www.virustotal.com/gui/file/135436cf2735f3fb5642711e7077e2642d4ce8d17aa1c7bbefaf44c938961db6/detection http://198.23.212.137 # Reference: https://news.sophos.com/en-us/2021/09/01/fake-pirated-software-sites-serve-up-malware-droppers-as-a-service/ # Reference: https://github.com/sophoslabs/IoCs/blob/master/Troj-DropperAsAService.csv # Reference: https://otx.alienvault.com/pulse/61374a4e59aeca8acb8bef82/ a3wella3a.club between3z.xyz centomor.xyz deferor2z.xyz dolihost.xyz earth00.xyz eroxyhost.xyz fiveyear3.club forendde76gn.shop freeprocrack.co freewarefiles.xyz frommost8z.xyz hokimxen.xyz ican3e.club imy4host.xyz infringem2ent.xyz interacti3ve.xyz introductioel.xyz intstallusd.online iswhy3z.xyz ksergyale.xyz lectroniccomb.xyz linkforge.xyz lp2soza865.xyz lp2wuza636.xyz microcodez.xyz mozense.xyz msitsbehe.xyz mswetshop.xyz mybravo.xyz perpetua9ted.xyz removed8.xyz rereferrme.xyz ridzfilez.xyz servewfr.xyz sincethe9s.xyz sometimez.xyz tersareu.xyz thatyoucan.website to3453.club toyourweb.club ttencomputterl.xyz ueyctgve.xyz undesirablez.xyz werenot3.xyz ybittrhost.xyz ybybfkegs.xyz zjnetdownloads.xyz ns1.intstallusd.online ns2.intstallusd.online # Reference: https://www.proofpoint.com/us/blog/threat-insight/advance-fee-fraud-emergence-elaborate-crypto-schemes # Reference:https://otx.alienvault.com/pulse/6138bfc48d45215cc40b98b5 coinmace.net coinomac.com coins45.com fortcoin.net securecoins.net # Reference: https://twitter.com/InQuest/status/1515803436129959942 http://20.69.97.31 # Reference: https://www.virustotal.com/gui/file/90bad6ae1557a40614230c7352eb1ba0924750e1e62ca94beb90b39657cc3514/detection free1121.host.od.ua # Reference: https://www.virustotal.com/gui/file/ee7d738d7011a4ae1f082461bfaa1c336006d848c0035dc297c5eef818786700/detection http://192.227.168.151 # Reference: https://twitter.com/malwrhunterteam/status/1514193002079690752 # Reference: https://www.virustotal.com/gui/file/eb557b06953a2d623143f8dda6fc26b5f87ab712c7707d8a72bbbb8eee795536/detection yibozf108.com # Reference: https://twitter.com/ps66uk/status/1518891820054458369 # Reference: https://www.virustotal.com/gui/file/f6a3c8585bb8996962de5fb9d1318694190e14221b0ca4cac71077a11d60b3c7/detection # Reference: https://www.virustotal.com/gui/file/593e39e5d52ebbb2c2786d05f0393e134514e37ece253056195782f11f6b20c4/detection bluecovertrading.com/kelllll/ bluecovertrading.com/NANA/ bluecovertrading.com/s/ # Reference: https://twitter.com/AltShiftPrtScn/status/1519840040637157378 http://134.122.188.206 # Reference: https://www.virustotal.com/gui/file/63966ff6a034c00524f19e2028b75cd66d22af18132847f002c743b38c90407c/detection http://217.73.66.1 # Reference: https://www.virustotal.com/gui/file/d8b694199e1006b68df340384d2ba14a092b32f8de531f9f9a38a4d4de0fc6dd/detection http://103.30.40.173 # Reference: https://www.virustotal.com/gui/file/639b0a2f9e13eb32355bcee5361e8b7a4c8af0052eb0b926488ee75b6e6e31ea/detection jipiao114ai.com # Reference: https://twitter.com/1ZRR4H/status/1521319670879600640 http://82.165.106.79 # Reference: https://www.virustotal.com/gui/file/69d989d818dc639f1c0a8963d7649164b105b12f9fd42f57f4a4eae269cd0541/detection http://103.141.137.109 # Reference: https://www.virustotal.com/gui/file/719395314e747db713ac8ff60ea55bc1db749dd3699bde255f57f5e1070fcbc0/detection http://141.136.27.220 # Reference: https://www.virustotal.com/gui/file/fb435d4b62b442b014052894bddf213d7526278e405567fa05440bd1312952e6/detection http://2.56.59.232 # Reference: https://twitter.com/pr0xylife/status/1523674058885267457 http://138.201.149.43 # Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-05-09%20Redline%20IOCs http://185.193.89.11 # Reference: https://twitter.com/malwrhunterteam/status/1523982005846917120 http://207.246.81.201 # Reference: https://twitter.com/pr0xylife/status/1524046080224096256 http://46.4.198.55 # Reference: https://www.virustotal.com/gui/file/cc2432775eaa346d07f04e076e614731b9456146997d2c0b1c0655b298e2534e/detection codeconline.biz player1523.com ns1.codeconline.biz ns1.player1523.com # Reference: https://twitter.com/b3ard3dav3ng3r/status/1525086110367764480 http://103.200.23.247 /~ggggggco/ # Reference: https://www.virustotal.com/gui/file/24ee20d7f254e1e327ecd755848b8b72cd5e6273cf434c3a520f780d5a098ac9/detection hectorcalle.com pilatylu.com # Reference: https://www.virustotal.com/gui/file/77c2b80009f8dbe9d42283b32bb93decbe26179a171c233c078c49bd629bef6c/detection http://85.202.169.85 # Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-05-19%20Remcos%20IOCs http://192.210.149.242 # Reference: https://twitter.com/silentpush_labs/status/1527348364915855366 dainikjeevan.com # Reference: https://www.virustotal.com/gui/file/05a3028bc4f10ff3387b486c171178f7d5a4864de59f6693d2dcbdae035820d1/detection http://193.106.191.190 http://193.124.22.8 http://193.233.48.74 http://193.233.48.98 # Reference: https://www.virustotal.com/gui/file/fbf53255c0a5a3c5f0010df3256462b5f3bfd4def9127808d8265ae4c0b0cb09/detection http://54.80.204.133 # Reference: https://asec.ahnlab.com/ko/34497/ # Reference: https://otx.alienvault.com/pulse/628ba84a4b309d17941a87a2 http://103.89.30.10 http://104.161.34.171 # Reference: https://twitter.com/tosscoinwitcher/status/1529350646847008768 http://180.214.238.224 # Reference: https://twitter.com/da_667/status/1530260199289798658 http://2.56.57.22 # Reference: https://www.virustotal.com/gui/file/79594030104f5ace4eba6d286194aad282a30376f9eb17a38cfb8ba929404112/detection manareoeyui.s3.ap-south-1.amazonaws.com # Reference: https://www.virustotal.com/gui/file/1223897eca4325cd7291ec4bd0ff77d8e8e13cd82347a037153b9acc052e1465/detection solro14.s3.ap-northeast-3.amazonaws.com # Reference: https://www.virustotal.com/gui/file/c9101201af9368c82269aba3c0c995acf31f30aa1e48dac6cbba8b01614dd8aa/detection sesk90.s3.ap-northeast-2.amazonaws.com # Reference: https://www.virustotal.com/gui/file/ec819177bde1a859a6104bfd95f2c89d28f281b36d872a52e3e627acf35ce5d5/detection salereport.org # Reference: https://www.virustotal.com/gui/file/163717d9ebe4ace6547c05ae5553b2c4d28a1090c8e904d66dee7278239a3b2e/detection http://86.106.131.132 # Reference: https://twitter.com/reecdeep/status/1531196537497391105 http://185.222.58.109 # Reference: https://lists.emergingthreats.net/pipermail/emerging-sigs/2022-June/030681.html kealkun.16mb.com ping.otwalkun.16mb.com # Reference: https://twitter.com/malwrhunterteam/status/1535593663383977986 # Reference: https://www.virustotal.com/gui/file/dbbe65f992e3e2351de15a0b7e56f6b1cf00b675ec436dfd99032b323e533336/detection protechnical.com/usbdrop/ # Reference: https://thedfirreport.com/2022/06/06/will-the-real-msiexec-please-stand-up-exploit-leads-to-data-exfiltration/ # Reference: https://otx.alienvault.com/pulse/629dd3e0c697010cdf9bb0fc http://23.81.246.84 # Reference: https://twitter.com/smica83/status/1536263039464382465 http://193.169.255.203 # Reference: https://twitter.com/James_inthe_box/status/1536418013691277312 # Reference: https://app.any.run/tasks/2d79a22c-84e3-4609-9436-3ceed9e36f36/ http://193.106.191.105 # Reference: https://www.virustotal.com/gui/file/5ed4ead30d4a769ef97c87fac7b1655f3a81b3b334b62647996c01786e340cce/detection http://188.225.72.105 # Reference: https://www.virustotal.com/gui/file/138d6b7c14089c460dac2f723c91acb6436fdcc1b9dd9f03e711e035d4bd6620/detection http://45.85.190.93 # Reference: https://twitter.com/JAMESWT_MHT/status/1536678912629129219 http://142.93.245.51 # Reference: https://www.virustotal.com/gui/file/01b4a9e7c4479cf0e72a55af192c151b08f96b8244805711dc8980d05f850e56/detection http://107.175.212.46 # Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-20%20Formbook%20IOCs http://180.214.236.4 # Reference: https://www.virustotal.com/gui/file/8f6bbb53f3f58a4c9cd9662705d3f07627f06b090aec79b68f89d67f4f8a1d4b/detection # Reference: https://www.virustotal.com/gui/file/861d147336d17e675fa6024f4337ed36c451975d887f2248848d5f5c78423295/detection ludieridecor.com.br/mmpo12.exe messageoflightchapel.org/pop2.exe mywebhost.vn/loal0.exe # Reference: https://www.virustotal.com/gui/file/2f0d53c60cb7822931ac3f7656afa63081e1bb90b1e2ff07d9bb0d6b8ba02e50/detection http://136.144.41.109 # Reference: https://twitter.com/1ZRR4H/status/1539729857399119873 http://81.71.163.70 # Reference: https://twitter.com/_Y000_/status/1539775526587420672 http://104.210.219.69 # Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-24%20AveMaria_Warzone%20RAT%20IOCs http://20.51.227.181 # Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-23%20Remcos%20IOCs http://104.168.32.43 http://198.46.132.217 # Reference: https://twitter.com/th3_protoCOL/status/1539261651722989569 http://176.113.115.107 http://193.27.228.127 # Reference: https://twitter.com/pr0xylife/status/1540304636388802560 http://198.12.81.50 # Reference: https://twitter.com/Ledtech3/status/1539977092338696197 http://192.227.173.33 # Reference: https://www.virustotal.com/gui/file/050e8470ec90cce777efccbd2e5ccc9919e1944965e6d1a83ccdee1da4de7e61/detection a0684980.xsph.ru # Reference: https://twitter.com/pr0xylife/status/1540303411387801600 http://107.172.76.188 # Reference: https://twitter.com/pr0xylife/status/1541399140424613891 http://35.177.103.98 # Reference: https://www.fortinet.com/blog/threat-research/ukraine-targeted-by-dark-crystal-rat # Reference: https://www.virustotal.com/gui/file/03700e0d02a6a1d76ecaa4d8307e40f76e07284646b3c45693054996f2e643d7/detection # Reference: https://www.virustotal.com/gui/file/24811e849a7a0e73788bc893bed81b88405883eb9114557eacd26a90c2a81c29/detection # Reference: https://www.virustotal.com/gui/file/c84bbfce14fdc65c6e738ce1196d40066c87e58f443e23266d3b9e542b8a583e/detection http://203.96.191.70 http://72.167.223.219 # Reference: https://app.any.run/tasks/23cb9fa3-e50c-40be-8480-f3a88cee66a0/ http://212.192.241.211 # Reference: https://www.virustotal.com/gui/file/ed47adb067f02b7d9aac66a0d2b4c8b4daee6f3e800aba23425a51e23d6820bb/detection http://192.3.13.67 # Reference: https://www.virustotal.com/gui/file/450011e609f9ffbaff1d163ea17f05f51546a0fb0372a0ae48286c0248acba91/detection http://192.227.129.26 # Reference: https://www.virustotal.com/gui/file/792941d598f1539d071142d92e4fb0ffc9e61b5e3570521fa50e67501ae6eadf/detection http://192.227.168.194 # Reference: https://twitter.com/pmmkowalczyk/status/1542097473283440640 http://103.207.39.127 # Reference: https://tria.ge/210101-ydatejtcj6/behavioral1 http://23.254.228.46 # Reference: https://tria.ge/201203-p9cfx4whpa http://23.254.229.20 # Reference: https://tria.ge/201203-p9cfx4whpa/behavioral1 http://185.243.113.10 # Reference: https://tria.ge/220617-w92pgachhm http://193.56.146.76 http://85.202.169.116 # Reference: https://www.virustotal.com/gui/file/01f187b666a8f17996e6446772b67aaef1de9ecbc573d2b043a007a3bedeaca6/detection http://192.3.245.147 # Reference: https://www.virustotal.com/gui/file/6b03d4b13d860421806b365dc1e04b53118523cf1eb6c0c17dfe69e1c7f3e0de/detection http://80.66.75.88 # Reference: https://www.virustotal.com/gui/file/0287ac2500cd06804c3264d535d6c78cf9f3bd8bfb7014a0c4658d60f887ee9b/behavior/Zenbox http://185.106.93.10 # Reference: https://twitter.com/malwrhunterteam/status/1543866954242473986 http://192.227.158.110 /--------_--------------_------------_----------------------------_---------------------_--------/ /--------_--------------_------------_----------------------------_---------------------_--------.doc # Reference: https://twitter.com/kienbigmummy/status/1544249520783265794 http://192.3.239.42 # Reference: https://twitter.com/InQuest/status/1544265974064549890 hotelconchadomar.com.br/booking/ # Reference: https://twitter.com/malwrhunterteam/status/1544691386011815936 http://64.190.113.166 # Reference: https://twitter.com/InQuest/status/1545328172358672384 http://45.130.138.253 # Reference: https://twitter.com/reecdeep/status/1546464045083103232 http://193.239.164.112 http://20.231.55.108 # Reference: https://twitter.com/kienbigmummy/status/1547444305689968640 http://107.172.73.133 # Reference: https://www.virustotal.com/gui/url/bb67fb9dc7a82f521047f3b9810d6031a4f84e95b1a4c8f9a93ad3466abc8550/detection http://52.90.94.229 # Reference: https://www.virustotal.com/gui/file/61a65f2ec30e97582a18bc66f8bdf51ffa83e3558d01d2ca7761e7e97ac582a4/detection http://194.87.45.38 # Reference: https://twitter.com/malwrhunterteam/status/1547857576359997440 http://185.102.170.157 # Reference: https://twitter.com/r3dbU7z/status/1548964165347430401 # Reference: https://www.virustotal.com/gui/ip-address/185.102.170.167/ http://185.102.170.167 # Reference: https://twitter.com/b3ard3dav3ng3r/status/1549315169352040449 http://47.100.221.171 # Reference: https://twitter.com/reecdeep/status/1549314159791202305 http://212.192.246.226 # Reference: https://twitter.com/James_inthe_box/status/1550120630602719232 http://154.127.53.242 # Reference: https://twitter.com/malwrhunterteam/status/1550400225176702976 http://163.123.143.34 # Reference: https://www.virustotal.com/gui/file/072e09c67cd5d534d2b3d168c8503d3ebf3bd06d3cab44426334afe41e5f7c79/detection ppz.devel.gns.com.br # Reference: https://twitter.com/tosscoinwitcher/status/1550573481309270018 http://102.37.220.234 # Reference: https://twitter.com/InQuest/status/1551963092275400706 http://89.38.225.138 # Reference: https://twitter.com/InQuest/status/1551953146108420096 http://23.95.52.140 # Reference: https://twitter.com/Ledtech3/status/1552026904064294912 http://96.30.192.132 # Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-07-26%20Remcos%20IOCs http://66.154.103.196 # Reference: https://www.virustotal.com/gui/file/4e1ee2596bc9fc6dc600ea9b39c5a7a0334497ccc142a4b55c24ebff3fd86e11/detection http://5.206.227.124 # Reference: https://www.virustotal.com/gui/file/e5718ad2c861eaa44324639cc6918b679155670fb92452878abecead76e24144/detection http://124.220.178.26 # Reference: https://www.virustotal.com/gui/file/c73e0b8a9141e1531a8a2ae1a96da5e89f5366c4dce94a514fe93a9565d51f18/detection http://5.252.23.65 # Reference: https://twitter.com/Gi7w0rm/status/1552583621692854275 http://103.114.106.120 # Reference: https://twitter.com/InQuest/status/1552577523174744064 http://192.3.110.133 # Reference: https://www.virustotal.com/gui/file/02c3dcb86a3ed2f46043d2bb427b0441e351c0f050709123d1de8afc9bfd1f1d/detection http://23.95.85.171 # Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-07-29%20Lokibot%20IOCs http://192.3.122.162 # Reference: https://twitter.com/malwrhunterteam/status/1552958115607363586 http://13.239.119.69 # Reference: https://twitter.com/InQuest/status/1554041345119080452 http://104.168.32.38 # Reference: https://twitter.com/InQuest/status/1554090812874625025 http://172.245.163.175 # Reference: https://twitter.com/InQuest/status/1554091006722772998 http://192.210.219.10 # Reference: https://twitter.com/malwrhunterteam/status/1554157800619745281 http://45.138.16.201 # Reference: https://twitter.com/InQuest/status/1554397574240653312 http://198.12.81.67 # Reference: https://twitter.com/jstrosch/status/1554302605697884160 ddrive.online # Reference: https://twitter.com/malwrhunterteam/status/1554728995261915137 http://146.70.24.168 # Reference: https://twitter.com/1ZRR4H/status/1555094224525197313 193.149.176.134:8000 # Reference: https://twitter.com/jstrosch/status/1555215249678237696 http://208.67.105.125 # Reference: https://twitter.com/JAMESWT_MHT/status/1555439241869631488 http://192.3.152.171 # Reference: https://twitter.com/jstrosch/status/1555212771251425280 http://107.182.129.251 # Reference: https://twitter.com/kienbigmummy/status/1555051973418045440 http://109.206.241.81 http://208.67.105.179 # Reference: https://www.virustotal.com/gui/file/a53036bee6e604897405f5e9064d05afa0a34901bad098219c85da36a2e002b1/detection http://193.56.146.131 # Reference: https://twitter.com/JAMESWT_MHT/status/1555439241869631488 http://192.3.152.171 # Reference: https://www.virustotal.com/gui/file/cfc7850f9752447ee7eecfe9f90c0fdc2709e9145a9061561a0538c8c013df28/detection http://185.45.192.234 # Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-08-02%20Remcos%20IOCs http://192.3.76.220 # Reference: https://twitter.com/James_inthe_box/status/1554213035614474240 http://212.192.246.234 # Reference: https://twitter.com/InQuest/status/1555575015231430656 http://107.173.192.130 http://192.3.152.171 http://198.23.207.54 # Reference: https://twitter.com/malwrhunterteam/status/1554522693512355840 kristinalhall.net/wm/ # Reference: https://www.virustotal.com/gui/file/1209e43a1ac72b78767d66cb9ed2cdefb763be3d60a2a9d5998ca39ca1009356/detection http://107.172.76.190 # Reference: https://github.com/pan-unit42/tweets/blob/master/2022-08-08-IOCs-for-IcedID-and-Cobalt-Strike.txt http://104.238.220.131 # Reference: https://twitter.com/JAMESWT_MHT/status/1557308965075034113 http://107.172.75.169 # Reference: https://www.virustotal.com/gui/file/07a30067b0e7518d38e94e9ddb31cd5982592d91a4af3f8ebbdd60d088196451/detection rotf.tk # Reference: https://www.virustotal.com/gui/file/7877f3670de5ac886083b986591e09ea84a8515ab5fa2cadd1237b492c49ce96/detection l-inky.com # Reference: https://www.virustotal.com/gui/ip-address/23.94.159.226/relations http://23.94.159.226 # Reference: https://twitter.com/malwrhunterteam/status/1557379854861058048 tax-irc.com # Reference: https://twitter.com/MBThreatIntel/status/1557433308803305474 chrome-update.com # Reference: https://mp.weixin.qq.com/s/cGS8FocPnUdBconLbbaG-g http://92.255.85.138 # Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-08-10%20NetWire%20IOCs http://192.3.194.246 # Reference: https://twitter.com/InQuest/status/1558027766456532992 http://192.210.149.222 # Reference: https://www.virustotal.com/gui/file/b40aa1b8da985a45319b3c543e1ee714ee0f44752048f3e34fbc4795365f0d41/detection a0700356.xsph.ru # Reference: https://twitter.com/James_inthe_box/status/1558094744906915842 http://171.22.30.211 # Reference: https://www.fortinet.com/blog/threat-research/smokeloader-using-old-vulnerabilities http://108.60.212.220 # Reference: https://twitter.com/tosscoinwitcher/status/1558136237566767104 # Reference: https://tria.ge/220812-t9qk4ahha9 # Reference: https://tria.ge/220812-vckt1sfefr http://23.95.106.126 # Reference: https://www.virustotal.com/gui/file/a814641ece58ba618155c9267474a575a6423b7bd086c7b534e267e40292e2ce/detection http://95.217.248.44 # Reference: https://twitter.com/WhichbufferArda/status/1558885857611993089 http://23.95.215.51 # Reference: https://twitter.com/SBousseaden/status/1558916870937395200 # Reference: https://www.virustotal.com/gui/file/1223897eca4325cd7291ec4bd0ff77d8e8e13cd82347a037153b9acc052e1465/detection solro14.s3.ap-northeast-3.amazonaws.com # Reference: https://twitter.com/StopMalvertisin/status/1559071063572873217 http://88.198.148.231 # Reference: https://www.virustotal.com/gui/file/fadcfd2f990a0f871a1834723d403a0598faf9f06ca75465c58b69d81342c08f/detection http://23.95.122.112 # Reference: https://github.com/0xToxin/Malware-IOCs/blob/main/Agent%20Tesla/AgentTesla-%2017082022 http://185.27.133.14 # Reference: https://twitter.com/InQuest/status/1560182408204492801 http://198.12.89.174 # Reference: https://www.virustotal.com/gui/file/064d71f2dce696c067d5a64379a31332c5471b2f74804d6fe1ed653749c20417/detection http://185.222.57.212 # Reference: https://twitter.com/StopMalvertisin/status/1560237970279759873 # Reference: https://www.virustotal.com/gui/file/6b5f70369a894fe033b349546cfe3cdf41e9fe5a247cf5d7a243de7163e9cea6/detection http://49.234.67.167 # Reference: https://twitter.com/doc_guard/status/1560615968270737414 http://23.95.34.121 # Reference: https://twitter.com/StopMalvertisin/status/1561438279647768577 http://193.56.146.131 # Reference: https://twitter.com/InQuest/status/1561793671049216003 http://198.23.154.169 # Reference: https://twitter.com/malwrhunterteam/status/1562181279101108224 # Reference: https://www.virustotal.com/gui/file/cb6e6a15e3fbbf893211abb16d9ce465c88b8ebc5feea4af2b0323559dafc18f/detection http://95.214.24.180 # Reference: https://github.com/0xToxin/Malware-IOCs/blob/main/Remcos%20RAT/Remcos%20-%2024082022 http://20.7.43.70 http://37.139.129.142 # Reference: https://twitter.com/MBThreatIntel/status/1562449846497267715 http://79.110.62.213 # Reference: https://twitter.com/TeamDreier/status/1562709380126355456 # Reference: https://twitter.com/ViriBack/status/1562800945490464768 # Reference: https://twitter.com/pmelson/status/1595119169963687936 # Reference: https://twitter.com/bryceabdo/status/1595122757003808768 # Reference: https://www.virustotal.com/gui/ip-address/23.227.202.214/relations # Reference: https://www.virustotal.com/gui/file/62ffc3caf75567a698381409efcbb85079fcce7ea9dc46e73689985a20cf24a3/detection http://193.47.61.182 http://23.227.202.28 fastaccesone.com fastaccestwo.com /load/powerDEF.bat # Reference: https://twitter.com/pollo290987/status/1563054806851194883 http://172.245.220.196 # Reference: https://www.virustotal.com/gui/file/983062aeeda99cea87f22fb07cb07b6394ace16f3c0fa75bafeb77dee7e6e70b/detection http://192.210.240.101 # Reference: https://twitter.com/Iamdeadlyz/status/1562821456492314625 cthulhu-world.com # Reference: https://twitter.com/James_inthe_box/status/1562797515249840128 http://172.245.142.35 http://198.12.89.73 198.12.89.73:443 # Reference: https://www.virustotal.com/gui/file/3500006bb33536ef2379f76afe8d70f57141c92025a0c6c14e80fba4a7a6bd9a/detection http://104.168.32.31 # Reference: https://www.virustotal.com/gui/file/6682fa6682bb8d582f604297cc51b88b0eb30d8f0daff3244d843c5ce1991971/detection http://192.3.223.201 # Reference: https://www.virustotal.com/gui/file/b45a8888d739677f68d55eaf305e8e00ba219115c60d16640318045e898c006d/detection csmdfrnd.com # Reference: https://www.virustotal.com/gui/file/27c50157c334c2a8528777ff4a8b72111ed99b64127aa0851a05e92cc6fba291/detection derioswinf.org # Reference: https://twitter.com/blueteamsec1/status/1563216592363978752 http://194.87.31.137 http://2.58.28.60 # Reference: https://twitter.com/James_inthe_box/status/1564613456774709254 http://107.172.4.183 # Reference: https://twitter.com/pollo290987/status/1564616597263847430 http://172.245.214.173 # Reference: https://www.virustotal.com/gui/file/06e2cfec7f1ddcbc35df9322838088535bf096e8f3ca991fa12e49634f1483b0/detection a0710963.xsph.ru # Reference: https://twitter.com/StopMalvertisin/status/1564841997810409473 # Reference: https://www.virustotal.com/gui/domain/buchserix.com/detection buchserix.com # Reference: https://twitter.com/pollo290987/status/1564875132354584576 http://172.245.142.47 http://185.246.220.130 # Reference: https://twitter.com/CMahalay/status/1564866575772966912 # Reference: https://twitter.com/Iamdeadlyz/status/1564878373889114112 metabloxel.com metastaxel.com # Reference: https://twitter.com/StopMalvertisin/status/1563729037671149568 # Reference: https://www.virustotal.com/gui/file/ed3ef87baf72ac521db91bbb0dbd78bb47fc4eb092b7941e6802ab1118c6603d/detection http://149.28.241.241 # Reference: https://twitter.com/James_inthe_box/status/1565362222682935298 http://81.161.229.110 # Reference: https://www.virustotal.com/gui/file/0495c0518c4d8f7cb71cdfdd10f4736e11d5d2c7bddbebdd735cf79a86390981/detection http://84.38.134.57 # Reference: https://twitter.com/ANeilan/status/1565424678033920004 http://192.144.227.177 # Reference: https://twitter.com/pr0xylife/status/1565354363765215238 http://193.178.210.58 # Reference: https://twitter.com/StopMalvertisin/status/1565568583597686784 eventorganizer.pk qaz.im # Reference: https://tria.ge/220904-sb53fsbhh6/behavioral1 kafei.528k.cn # Reference: https://www.virustotal.com/gui/file/616cfd724afe8376aae36c9f065ebdf0a17590c0d1b71c95d6b1d960091807a6/detection # Reference: https://www.virustotal.com/gui/file/32d081287ed11af4a7cec2a17e44885fd80d8770a4b1ef21da009e68f97bf9b6/detection http://5.255.103.154 http://62.204.41.123 http://94.26.226.51 http://95.214.24.96 # Reference: https://twitter.com/JAMESWT_MHT/status/1565690847441653760 http://5.252.118.33 http://89.208.104.172 # Reference: https://twitter.com/crep1x/status/1565673153090801665 elmad.my.id # Reference: https://twitter.com/r3dbU7z/status/1567190038751870977 http://34.133.9.10 # Reference: https://twitter.com/malware_traffic/status/1567296860439678980 http://107.72.61.136 # Reference: https://twitter.com/stoerchl/status/1568156960234639366 microsoft-security-updates.com # Reference: https://twitter.com/pollo290987/status/1568312064006815747 http://45.137.22.239 # Reference: https://www.virustotal.com/gui/file/1aa2d32ab883de5d4097a6d4fe7718a401f68ce95e0d2aea63212dd905103948/detection http://5.255.104.227 http://79.110.62.91 # Reference: https://twitter.com/r3dbU7z/status/1568952337837834245 47.242.182.71:8080 47.242.252.175:8080 47.242.67.116:8080 bitdoge.one rat.bitdoge.one a-ss.bitdoge.one e-ss.bitdoge.one f-ss.bitdoge.one rat.bitdoge.one # Reference: https://twitter.com/Jirehlov/status/1568773437799436289 genshincc.com # Reference: https://twitter.com/WhichbufferArda/status/1569078747067736070 http://146.70.40.230 # Reference: https://twitter.com/pmelson/status/1569134392668311556 # Reference: https://www.virustotal.com/gui/file/d8f0605cdefcc56a5ff25007ba2afca30e423dc2575510255a545d2a98dc059d/detection void.nfd.com.tr # Reference: https://twitter.com/tosscoinwitcher/status/1569372648811134977 http://107.172.61.136 # Reference: https://twitter.com/WhichbufferArda/status/1569404716873928707 http://216.189.145.246 # Reference: https://isc.sans.edu/diary/29052 http://107.172.44.187 # Reference: https://twitter.com/InQuest/status/1570166800956157952 http://188.227.57.46 # Reference: https://twitter.com/0xToxin/status/1570501991306231808 http://141.98.6.75 # Reference: https://twitter.com/r3dbU7z/status/1571118142549798912 http://46.30.189.221 burc-groups.com support.burc-groups.com # Reference: https://twitter.com/WhichbufferArda/status/1571541189798641666 http://45.79.117.96 /RubberDuckyPayload/ /RubberDucky/ # Reference: https://twitter.com/reecdeep/status/1570400714605608964 http://103.156.93.29 # Reference: https://twitter.com/reecdeep/status/1571863696615395329 http://103.207.39.154 # Reference: https://twitter.com/pollo290987/status/1571893053572452352 http://202.55.132.185 # Reference: https://twitter.com/pollo290987/status/1571900350583508993 http://81.161.229.7 # Reference: https://twitter.com/pollo290987/status/1570106972594126849 http://192.3.173.102 # Reference: https://twitter.com/pollo290987/status/1572232914464555014 http://20.13.18.40 # Reference: https://twitter.com/pollo290987/status/1572239659119575040 http://155.254.17.251 # Reference: https://twitter.com/pollo290987/status/1572628013489197058 http://193.106.191.223 # Reference: https://twitter.com/pollo290987/status/1572627967137792006 # Reference: https://www.virustotal.com/gui/file/6454523a7bb0aec9d2c66c43447ea65bfe8cff6659b4b4fea26d8919571de430/detection # Reference: https://www.virustotal.com/gui/file/a646ae729b3f8412fa1e2fd7fe6f4c5a592b3ff7446466c0258bee74f9ef2a62/detection http://45.137.22.42 # Reference: https://twitter.com/James_inthe_box/status/1572939464468729856 http://194.38.23.159 # Reference: https://twitter.com/r3dbU7z/status/1572735985586143236 http://147.135.210.135 # Reference: https://twitter.com/illegalFawn/status/1572242618817581056 # Reference: https://twitter.com/illegalFawn/status/1572247530141880320 klanthelpdesk.live abnamro.klanthelpdesk.live asnbank.klanthelpdesk.live ing.klanthelpdesk.live knab.klanthelpdesk.live regiobank.klanthelpdesk.live snsbank.klanthelpdesk.live triodos.klanthelpdesk.live vanlanschot.klanthelpdesk.live # Reference: https://twitter.com/tosscoinwitcher/status/1546717291726794752 http://107.172.13.154 # Reference: https://www.virustotal.com/gui/file/c22428ab1a13e2396b9994463a7f64d48002c71a4622263a1336c25ec825bd0d/detection http://190.14.242.242 0hh0.ru armyserver.myjino.ru # Reference: https://www.virustotal.com/gui/file/56bf00e13e932307adefa64750e27dc344c2f962deb45f01a359e5c02272b61e/detection myjerryblogs95.org # Reference: https://twitter.com/r3dbU7z/status/1574469536878923790 # Reference: https://bazaar.abuse.ch/sample/e785ef69f5e171c382c9cc8678b3bc26fdee971a70d8870d90e03b65aa3fade5/ http://52.221.14.194 http://54.254.144.12 php.ooo # Reference: https://www.virustotal.com/gui/file/a02a0d8e8fd14382339abf67a9e015849d8479ad58e82f9621b3d08ab287fb2e/detection mrlee.eu.org # Reference: https://twitter.com/0xToxin/status/1575574532676468736 http://172.245.214.173 # Reference: https://twitter.com/r3dbU7z/status/1575216278154858496 http://18.163.190.116 # Reference: https://twitter.com/k3dg3/status/1575173131198558208 http://45.153.243.98 # Reference: https://twitter.com/idclickthat/status/1575496131202535424 anydeskremote1.websiteseguro.com # Reference: https://www.virustotal.com/gui/file/9a4b452634bd83958db7d43c8f35afa8959dfb591174cf08da59e59055099f6b/detection bontiakhotel.net janiking.xyz # Reference: https://twitter.com/r3dbU7z/status/1576012593088516096 http://172.104.66.186 # Reference: https://twitter.com/petrovic082/status/1576888248818728960 http://171.22.30.79 # Reference: https://twitter.com/StopMalvertisin/status/1576927905652756485 justclickam.com # Reference: https://twitter.com/pollo290987/status/1576940529945747456 teqturn.com # Reference: https://twitter.com/pollo290987/status/1576940745344581632 http://207.167.64.122 # Reference: https://twitter.com/malwrhunterteam/status/1576984214351724546 # Reference: https://www.virustotal.com/gui/file/f97ee203a3dd08ac38d16295dbf9cb0c7476690ba03a05afefed34d7e8cfd44e/detection xn--screnshot-iib.net down.xn--screnshot-iib.net # Reference: https://securelist.com/uncommon-infection-and-malware-propagation-methods/107640/ d39d3ulzmek390.cloudfront.net # Reference: https://twitter.com/reecdeep/status/1577668826149306370 http://195.178.120.62 # Reference: https://twitter.com/pollo290987/status/1578047238969892864 http://23.94.163.106 # Reference: https://twitter.com/tosscoinwitcher/status/1578082771561390082 qdgric.tk # Reference: https://twitter.com/r3dbU7z/status/1578393003433017344 colombiatelecomunicaciones.duckdns.org # Reference: https://twitter.com/0xToxin/status/1579515632240164864 http://91.213.50.74 # Reference: https://twitter.com/pollo290987/status/1579485286127796226 http://103.133.110.140 # Reference: https://twitter.com/LixaH_CL/status/1579651446219616256 # Reference: https://www.virustotal.com/gui/file/ff1a3fec6f631304d0701838a0550252430dec072b30e1bf272ee8d32454e477/detection eve-rpg2d.netlify.app # Reference: https://twitter.com/pollo290987/status/1579485245178798080 http://85.31.46.76 # Reference: https://www.virustotal.com/gui/file/2b65688d3f9b8a03689bee92935c99928042bd18bc99a009a3e51d8bd7ca708e/detection http://81.3.188.179 # Reference: https://twitter.com/r3dbU7z/status/1580252386508955648 http://198.148.118.129 # Reference: https://twitter.com/James_inthe_box/status/1580575683390058496 http://41.216.183.175 # Reference: https://tria.ge/220810-txhpqacdfn/behavioral1 http://45.154.98.158 # Reference: https://www.virustotal.com/gui/file/00f452bcd981fcca980f2beeaef1d3e43b5ccc4c010ed0410eae5cd86a48c190/detection http://154.203.154.173 http://154.36.221.68 http://154.36.221.69 http://156.224.158.139 75625358935.com 79181531227.com 93533557591.com avased6.com kmrcum2.com kupfkc9.com kvkaa.com kvtaaa.top mjrvkv5.com n5632.com n6271.com ndhjtlgw.com taiwtp1.com # Reference: https://www.virustotal.com/gui/file/1009c900538dc157a378812cec6b2528219cf5133b59b4832456ad0bfa06c139/detection http://45.85.190.156 # Reference: https://www.virustotal.com/gui/file/3f6d866f09cfabb1aa2a0393d290533ed31705c87b85f77edc3fdd51b90f6e24/detection http://94.103.86.38 # Reference: https://twitter.com/Ma4j0r/status/1581325465247092736 # Reference: https://www.virustotal.com/gui/domain/huntingknives.shop/detection huntingknives.shop # Reference: https://www.malware-traffic-analysis.net/2022/10/12/index.html # Reference: https://www.virustotal.com/gui/domain/mutiaracendekia.sch.id/detection mutiaracendekia.sch.id # Reference: https://www.virustotal.com/gui/file/00c463a40ca66602686d4bc6dc4491a7a164220310d4cfafdfdda38c76df2962/detection http://45.155.165.132 # Reference: https://www.virustotal.com/gui/file/0051ba35f0d0516d15761054387afa74361607996d6ccd95b42dd53585afd715/detection http://179.43.163.115 http://45.138.74.230 # Reference: https://www.virustotal.com/gui/file/07cd9b79cb647b10f0118bfec4855f5be2d7fd471ec658f3637041e85b5eab72/detection http://94.131.107.60 # Reference: https://twitter.com/idclickthat/status/1578963362113007618 afterburner-sofware-download.com afterburner-msi-soft.com afterburner-msi-download.com afterbunrer.org fermia.online msiafterburns.online zmax-software.xyz # Reference: https://www.virustotal.com/gui/file/01e341771b750f95108335d60b83e483ff3e1aaecb5e34f9ef3e094ddae94c17/detection f0719334.xsph.ru # Reference: https://www.virustotal.com/gui/file/00aaedb32f5f4131f1728a4dcb5e9f7611c870a62ef456e2d4e3f429245ffae1/detection http://85.192.63.184 oovi.it # Reference: https://unit42.paloaltonetworks.com/malicious-newly-observed-domains/ asuna-sao.us intesa-sanpaola.ml zellesupport.info bakbitionb.com bsdybwo.tk bwafduj.tk createruler.com jxc786.com twtyowq.tk # Reference: https://twitter.com/idclickthat/status/1583099857543122944 # Reference: https://www.virustotal.com/gui/file/baf2a1e0c8cbd56b87cd54b34eff07881b0a234bde4c940608f8dd0f3cf1dec1/detection http://38.22.109.12 updates-install.com # Reference: https://www.virustotal.com/gui/file/14e8117a4efec6d2298a31032ac2ba259e40c9686664665754d3a67b456f815a/detection xn--c1adxo9c.xn--p1ai # Reference: https://twitter.com/MaelSecurity/status/1583848825407434752 crpalkecizman.duckdns.org # Reference: https://www.virustotal.com/gui/ip-address/91.212.166.11/relations http://91.212.166.11 # Reference: https://www.virustotal.com/gui/ip-address/94.158.247.34/relations http://94.158.247.34 # Reference: https://www.virustotal.com/gui/file/7997b9ad4b041a9179f0a2ab2ced00371607a241776d11cb7d2c020cf2ab229e/detection a0727074.xsph.ru gamesens.space # Reference: https://www.virustotal.com/gui/file/05a984953329e9ec26db0e36bf760ab71c2d0cad54d4762bef2752f39e56be5b/detection http://79.137.194.48 # Reference: https://twitter.com/ULTRAFRAUD/status/1584138905380564994 stripe-ipo.co.uk # Reference: https://twitter.com/jstrosch/status/1584342845493649408 http://180.214.237.34 # Reference: https://tria.ge/221024-qktdxaggc3/behavioral1 http://79.137.202.36 # Reference: https://twitter.com/JAMESWT_MHT/status/1584816141960372224 http://185.197.75.173 # Reference: https://twitter.com/r3dbU7z/status/1584710460737474560 http://163.123.142.183 # Reference: https://twitter.com/r3dbU7z/status/1584717499697754112 http://65.108.107.169 # Reference: https://twitter.com/jstrosch/status/1585280516030451715 pa-ksa.com # Reference: https://twitter.com/malwrhunterteam/status/1585963555584880641 # Reference: https://www.virustotal.com/gui/file/142cbad8b9d400380c78935e60db104ec080812b1a298f9753a41b2811c856be/detection http://188.34.187.110 # Reference: https://twitter.com/r3dbU7z/status/1586147609596809216 http://178.79.182.51 # Reference: https://twitter.com/milannshrestga/status/1586668568686436358 # Reference: https://www.virustotal.com/gui/file/f7541f50e183557aad108d1f8d92e5b13a7a0946fcf10d7ccc7550beaf7d3d51/detection xeonusapp.com # Reference: https://twitter.com/malwrhunterteam/status/1587176607919341576 http://52.165.43.215 # Reference: https://www.virustotal.com/gui/file/a041839327295fde3df12ea61374abd19c4499b87e211757c593179d6a6870d1/detection http://185.174.137.70 # Reference: https://www.virustotal.com/gui/file/929df8a15e583ad6b64698fb702cf44183f0d726d86cada07cf072d7f9f74913/detection http://185.216.71.161 # Reference: https://twitter.com/idclickthat/status/1587436337468145667 evernoote.info # Reference: https://www.virustotal.com/gui/file/1152846f3b47d8179db8e911655ff2099ae8b93a61e7bcdba7fd811014809278/detection domenfireyes.com # Reference: https://www.virustotal.com/gui/file/e73830ba17d131a9d35aaacc3e9aedb1effcdd3b2c87fc31709bcb76cc8997cf/detection http://212.8.244.172 # Reference: https://twitter.com/StopMalvertisin/status/1587757089920716800 http://116.202.12.69 # Reference: https://twitter.com/malwrhunterteam/status/1587917878418079746 # Reference: https://www.virustotal.com/gui/file/349e948e8dce3c3831fc3aa6645228c379e1aad30ac488e9acf613540afe447a/detection # Reference: https://www.virustotal.com/gui/file/67f68fc797fbf0603d64a1b73ef30bb21613c85f5fe11ee8b40c474160fc7be8/detection coxms.com # Reference: https://twitter.com/Jirehlov/status/1478284171030446082 # Reference: https://www.virustotal.com/gui/file/43459add0078b6a62c05541b6c4c1c4b8447019635b1d3b2fe41f306fc149820/detection jerry888.com # Reference: https://www.virustotal.com/gui/file/123f0434ed8e6d0697642b11bfb143c7e2c78b4f2f7890232e90e5b1b33fde99/detection http://23.106.223.27 # Reference: https://www.virustotal.com/gui/file/2fb9a094b5d7336decc1eb8a339010bfa4882a710a459ab53566f4d50d9b4e9b/detection http://107.172.73.207 # Reference: https://www.virustotal.com/gui/file/006bb70c104711b4038ec023bbda0addfe2d23a4d3d07b438abd00dd059a1ab8/detection http://172.86.120.156 http://185.174.137.9 # Reference: https://twitter.com/r3dbU7z/status/1590273746530873344 http://45.137.64.40 # Reference: https://twitter.com/r3dbU7z/status/1590272786416955392 http://46.30.188.177 # Reference: https://lists.emergingthreats.net/pipermail/emerging-sigs/2022-November/030797.html zmsp.top # Reference: https://www.virustotal.com/gui/file/0416483ff64f2b592acae6fbd5ee529b0e32deb6f6fd1503d82c3f69052967af/detection http://77.73.134.248 # Reference: https://twitter.com/r3dbU7z/status/1590949646448611329 http://102.221.36.216 # Reference: https://twitter.com/MichalKoczwara/status/1591058266901032960 /inject.profile /.inject.profile # Reference: https://twitter.com/jaydinbas/status/1591077457863806976 # Reference: https://www.virustotal.com/gui/file/bf3941e87f57c82a2c1ccec1465e61c67d9465af3320df857e81c7d10e8da6f6/detection # Reference: https://www.virustotal.com/gui/file/9c086f242120be7a9e57e06b75d8ef6f051a77c6339deaeb574e80ee69590111/detection http://143.198.80.235 http://51.195.68.197 iacis.ru # Reference: https://twitter.com/milannshrestga/status/1591332278869069825 # Reference: https://bazaar.abuse.ch/sample/de6705a5123be501fd35e7025b439b07fb0f43227b0bf071ff2167927a418da9/ champcup.io freezywallet.com # Reference: https://www.virustotal.com/gui/file/f5f83324bd86872a7103e21c0e2539c75e3df05e85f682f10453e15cff5588dc/detection # Reference: https://www.virustotal.com/gui/file/22253965d84bef16f8026c0e76c58313a3b2fb1ce2aca2bc5b7cbda1f35297c8/detection http://193.106.191.102 http://193.106.191.193 # Reference: https://twitter.com/r3dbU7z/status/1591569830628712449 http://81.161.229.133 81.161.229.133:443 # Reference: https://www.virustotal.com/gui/file/75955b7ac0a8f601e7418041ba6e784c173218b97de9545e321cd87227e65fd4/detection http://138.99.216.227 # Reference: https://twitter.com/luc4m/status/1592176773722443785 # Reference: https://tria.ge/221114-lpyrzabe9s # Reference: https://www.virustotal.com/gui/file/0f5e16380f6c2bdaea3b5c833e5da76621bdffa2be6534ae137b0b9929f002ed/detection http://192.227.132.49 /_____________________________00___________00____/ /_00_______00__.doc # Reference: https://twitter.com/petrovic082/status/1592503743622172674 # Reference: https://app.any.run/tasks/d27c5040-96ed-43ba-ae12-be59c11ab8fd/ http://20.164.200.118 # Reference: https://twitter.com/r3dbU7z/status/1593267205701091335 http://134.255.216.90 134.255.216.90:443 # Reference: https://twitter.com/reecdeep/status/1593534143274549250 http://103.180.133.133 # Reference: https://www.virustotal.com/gui/file/c4b64ee801f4f189c9298086df861e4f49e4788c3b7c5d4bf236cd4f865a7152/detection http://45.90.217.58 # Reference: https://twitter.com/r3dbU7z/status/1594802805558091799 # Reference: https://www.virustotal.com/gui/file/7020e56bede921b07264a366af2ab6c2454ee3da1d56382636edad0e620889f0/detection http://34.102.26.38 34.102.26.38:1337 # Reference: https://www.virustotal.com/gui/ip-address/185.246.220.65/detection http://185.246.220.65 # Reference: https://twitter.com/malwrhunterteam/status/1594818792084971523 # Reference: https://www.virustotal.com/gui/file/0fa2e2f524101e9c5e911e193e7fb145463c0c2a72a5fb14f8f11a8ae3a18593/detection http://5.42.199.235 # Reference: https://twitter.com/Gi7w0rm/status/1594859059009662976 # Reference: https://www.virustotal.com/gui/file/e7767ba8bcff3242dd32f880cb59894c3ce5615a2557504db976803cd246354e/detection http://217.21.76.148 sincheats.com # Reference: https://www.virustotal.com/gui/file/00000416542b6ee3625cc1dd73e347181ac78f6ae7e2dcffaf4228356292ab7c/detection odomou.com # Reference: https://twitter.com/osipov_ar/status/1595361844956471300 http://85.209.134.86 # Reference: https://twitter.com/jstrosch/status/1596157041952727041 77.73.134.53:443 # Reference: https://twitter.com/r3dbU7z/status/1596097530697117697 http://20.26.198.137 http://47.201.235.126 # Reference: https://twitter.com/r3dbU7z/status/1596458980334833664 http://194.233.160.187 # Reference: https://twitter.com/kienbigmummy/status/1595997510639570944 http://92.52.217.11 # Reference: https://twitter.com/malwrhunterteam/status/1597325343026688000 http://79.220.199.151 # Reference: https://twitter.com/_brettfitz/status/1597315666658623488 68.183.185.207:8000 # Reference: https://twitter.com/r3dbU7z/status/1597228559608651776 # Reference: https://www.virustotal.com/gui/file/ba5ce65d728b5529fede411b5fb3b99e88a69c797e5bf8b89e18e42a9d6761ff/detection http://185.248.160.167 185.248.160.167:443 hj446nw23fpilgowvjfmwqqihosvbffwkg6zqdeoy3tqhwxfg7wsz5qd.onion # Reference: https://twitter.com/James_inthe_box/status/1597961049738981379 http://104.168.45.17 # Reference: https://twitter.com/r3dbU7z/status/1598335148566712320 http://4.233.216.133 # Reference: https://www.virustotal.com/gui/file/df243e0815db5a752647a6faf23e4d333dea48079b5c41ae7dab8bfbcb3a78ae/detection fortyclothingglobal.com # Reference: https://www.virustotal.com/gui/file/a7fc1e38349297186b90d7ee6a9a237e8bc4679b6874688cf6b79a7045fd3b47/detection http://89.208.107.122 # Reference: https://twitter.com/1ZRR4H/status/1598911165782183936 # Reference: https://www.virustotal.com/gui/ip-address/79.137.205.105/detection http://79.137.205.105 # Reference: https://twitter.com/idclickthat/status/1596533582218276864 pinainstallmentpaydayloans.com tor-browser.app torproject.space torprojekt.click torprojest.pro # Reference: https://www.virustotal.com/gui/file/b9162daa2de2470429818300461e77825874a24cd4fd64f8e420cb5a89ac52ae/detection http://137.74.151.42 # Reference: https://www.virustotal.com/gui/file/2666afc4946c89ed6fae860821ebbe0a0f0c0621b5f6f07ceccf5d390658205b/detection http://185.246.220.210 # Reference: https://twitter.com/HaoZhixiang/status/1599939493339205634 http://31.41.244.188 # Reference: https://www.virustotal.com/gui/file/199aecbee6d93aaf532c708921112523cb314931268b854ab30da597e2ac5626/detection garbagefender.site # Reference: https://cert-agid.gov.it/wp-content/uploads/2022/12/trojan.json_.txt http://116.203.19.97 # Reference: https://twitter.com/JAMESWT_MHT/status/1600568739598057493 shomesuntry.com # Reference: https://twitter.com/JAMESWT_MHT/status/1600820096628555776 http://103.232.53.228 # Reference: https://twitter.com/h2jazi/status/1600948637361922049 http://45.61.137.32 # Reference: https://twitter.com/malware_traffic/status/1600944054610821120 http://70.36.107.56 # Reference: https://www.virustotal.com/gui/file/005f72fdf502e02ee95ca7f47d328af5ee9e4970496e9dc0df109c9a625dc6dc/detection http://103.133.107.162 # Reference: https://twitter.com/r3dbU7z/status/1601279700919541761 http://140.82.34.147 # Reference: https://twitter.com/r3dbU7z/status/1601284174521827328 http://109.107.179.83 # Reference: https://www.virustotal.com/gui/file/05403f55b80ee7f5ae406ab0a828b62ec693a1e782792cc327e5dbb119fbd922/detection ahredoj.no-ip.com # Reference: https://www.virustotal.com/gui/file/8340c5e593146a65e1a36635858ed0f85683f1a8c38fa35fe3dc1809afd88558/detection bccs.no-ip.com # Reference: https://twitter.com/InQuest/status/1601664349810135045 nftuart.com # Reference: https://twitter.com/r3dbU7z/status/1602816478696595456 http://51.132.18.186 # Reference: https://www.virustotal.com/gui/file/18f31ac2d71ac144e713f11c2fdd14391962af4b0e77192d3e790a36aeae125d/detection http://45.87.61.103 # Reference: https://www.virustotal.com/gui/file/21bacedb5ab9b318e8e9c6712e575edaebc795b73aa7f4f2d0e8b9f6da5a738f/detection http://193.56.146.114 # Reference: https://www.virustotal.com/gui/file/48277f71025a2ab48ef76442a20110d19869736a60c101b0b7c3583680aec4a5/detection http://79.137.206.108 # Reference: https://www.virustotal.com/gui/file/1443b2fa3ece332d66836172ff5c75237fd064300f3c8c1754c319935ed44797/detection http://31.41.244.100 http://37.139.129.107 http://66.11.117.45 # Reference: https://twitter.com/SBousseaden/status/1603825679040028673 # Reference: https://www.virustotal.com/gui/file/4c364fdb7b16cc0341595dc5861542c1f1c70758df90a10fec41fb701f79a700/detection # Reference: https://www.virustotal.com/gui/file/7a491a8df3c38e90c8c7398b53b8772e08d0801629235f4a0713e7ab22245287/detection rfa.stoanews.com # Reference: https://www.virustotal.com/gui/file/7260966d2c686f00653db013c8236f9846c8a153203fa331bda98de97acc1068/detection http://31.41.244.228 # Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama230_19.12.2022.txt http://146.70.158.183 http://193.42.36.127 http://216.120.201.143 http://51.178.212.188 http://85.239.54.5 # Reference: https://twitter.com/tosscoinwitcher/status/1605264407302328320 # Reference: https://twitter.com/pr0xylife/status/1605266480483934222 http://85.192.49.106 saprefx.com # Reference: https://www.virustotal.com/gui/file/05e89787eba776d800d12da5e71a7a6a81a7724306ac2788dd8df4c6f9ac0c4a/detection http://34.80.59.191 # Reference: https://www.virustotal.com/gui/file/0a0889330501ee52ca5fe2b2f41fbcad7d26afce8bc430c7fe274e6ebe64c680/detection http://192.248.176.138 # Reference: https://twitter.com/jaydinbas/status/1606491508999442433 # Reference: https://www.virustotal.com/gui/file/2b433f5a2aa1b75d75460e6a22f142a47d9c0bc0a89035f767e10a8b571c7b28/detection http://45.61.137.32 185.181.165.188:443 # Reference: https://www.virustotal.com/gui/file/8f65de95fbd17d07e228fb12dd0902bc1a52ee4690178943f2b1b916ec9f16bd/detection http://168.100.9.86 # Reference: https://twitter.com/WhichbufferArda/status/1609604183535284224 3.33.188.186:8080 # Reference: https://www.virustotal.com/gui/file/2b077c09e3e5b9035d53cf73f0afc4455463dcb2289816f15f50f68f6b5f5df7/detection http://162.223.91.111 # Reference: https://www.virustotal.com/gui/file/54f791796231f7899d753f0ba44e7387bf7748dc7a28adbd28f2067c9ab88605/detection http://45.147.231.183 # Reference: https://twitter.com/ViriBack/status/1611366969998966785 http://95.111.230.118 # Reference: https://twitter.com/_montysecurity/status/1610169927637270528 http://188.68.58.174 # Reference: https://twitter.com/MalwarePotato/status/1612764382429351939 http://103.133.110.147 # Reference: https://www.virustotal.com/gui/file/00ba3f14f8b4ad6f6eef2c0419bca03382599c9f3ac0b2e197535e2dfdaf54a5/detection http://77.73.134.245 # Reference: https://twitter.com/silentpush/status/1614335072559312896 http://120.24.153.177 # Reference: https://www.virustotal.com/gui/file/000038604b8e6b73ab75246cfcda3d2130b3af2ee09aec9a0eda62ee15c351fb/detection http://93.184.220.29 # Reference: https://www.virustotal.com/gui/file/fc7229989aa3f9368f053f0a5f4d4e3bbb44b9ca7fa66e388413e288859c2642/detection http://193.149.129.151 # Reference: https://twitter.com/malware_traffic/status/1615824551686070278 http://64.227.8.75 # Reference: https://www.virustotal.com/gui/file/d57611140a6b1d73d7af71b20049fcea708f8cfa7df31cdca3130c34b8f34ef1/detection http://121.4.126.232 # Reference: https://www.virustotal.com/gui/file/812d4d9446b7962344e389b9498d08dabce1c9113bb18f554633da7e5992c4a3/detection http://193.168.49.8 http://62.217.181.4 /warubtt/payload # Reference: https://blog.talosintelligence.com/following-the-lnk-metadata-trail/ # Reference: https://otx.alienvault.com/pulse/63cc33d43b1e4ebfb2e79e74 2fgithub.com # Reference: https://twitter.com/jstrosch/status/1617549779122401280 # Reference: https://www.virustotal.com/gui/file/061ace491a55fef669780902bced1a7c87866a9894336ddf4bdbee1a753db530/detection http://185.246.220.121 # Reference: https://twitter.com/0xDAV1D/status/1617270925686177794 aquarentboats.com # Reference: https://www.virustotal.com/gui/file/e22dde0bf08c6cddafbc0f6630c2ca0185fdf929ca9239783bb7c17686c23122/detection http://202.55.132.154 # Reference: https://twitter.com/reecdeep/status/1617859175559888902 http://144.168.243.177 # Reference: https://www.virustotal.com/gui/file/7860121dca35cbc7cf2ac983a9672379cf86edc6cdaafd52f810e1e6b29e3f0b/detection http://13.38.70.27 # Reference: https://twitter.com/wdormann/status/1617919395174703106 homeforcutepets.com # Reference: https://twitter.com/doc_guard/status/1618226554882117633 198.27.82.39:8000 # Reference: https://twitter.com/doc_guard/status/1618251592733724673 # Reference: https://www.virustotal.com/gui/file/e57f1d74706b7c5dd7f2191a6abe13979884a470c0789a03dcc1e82deaab68ea/detection http://173.232.146.78 http://198.23.172.90 # Reference: https://twitter.com/1ZRR4H/status/1618290226409111553 ccbamf.com integr-all.com niktell.com # Reference: https://twitter.com/malwrhunterteam/status/1618200885359935490 openoceans.click download.openoceans.click # Reference: https://www.cisa.gov/uscert/ncas/alerts/aa23-025a # Reference: https://otx.alienvault.com/pulse/63d1b0c79e2757d3bd67106e 247secure.us deskcareme.live gscare.live hservice.live myhelpcare.cc myhelpcare.online nhelpcare.cc nhelpcare.info win01.xyz win03.xyz # Reference: https://twitter.com/r3dbU7z/status/1618941089834205184 http://103.146.23.112 http://157.90.51.195 # Reference: https://twitter.com/malwrhunterteam/status/1618928371211341828 http://185.254.96.226 # Reference: https://www.virustotal.com/gui/file/b7aa931994a9fb75317ffd6d3594adcab0316f2aa49dbe615969588a030877f8/detection dinghenbetrobsi.xyz # Reference: https://twitter.com/kienbigmummy/status/1622846995567382528 http://192.3.223.114 # Reference: https://twitter.com/malwrhunterteam/status/1622735242967584771 # Reference: https://www.virustotal.com/gui/file/6836e1446fc8dae5a7d8ab28c717dd4363f8970fbe11e41b7d67dc43736b2612/detection hx2covn34b3tb2m33hodc3ppvtih4vg6kbwsw5a4675ndoo2llo3auid.onion.church # Reference: https://www.virustotal.com/gui/file/08315c14733026ceeb5ba7cd22fc0b2a2f97cfafc56f17ac2f1a0e2a95630cb2/detection http://192.3.118.141 # Reference: https://www.virustotal.com/gui/file/001997f3e75c1e0e3857f79186bfc2af22a043a2e3bd9b640a22b9f59dbc9149/detection http://31.31.201.235 # Reference: https://www.virustotal.com/gui/file/04c559bb0be01415e957d3dafa1ed6730505e35736eaea8cb03b8b7d101998bb/detection http://198.46.136.246 # Reference: https://www.virustotal.com/gui/file/02214be7a1ec20e21ab4209575618bb2a5090f15b53c4aaaac9490634d6aa48b/detection http://134.0.115.76 # Reference: https://twitter.com/r3dbU7z/status/1624977660735528962 http://45.77.174.98 # Reference: https://twitter.com/r3dbU7z/status/1625159016228716546 http://170.64.137.73 # Reference: https://twitter.com/petrovic082/status/1625482662759608321 chegaacores.com/systems/ # Reference: https://www.virustotal.com/gui/file/c8be839ed95d6bcfd484ba7a9389ba0a56cfd8841c9fde04fe5651ed853bee1a/detection http://109.206.240.67 # Reference: https://twitter.com/kienbigmummy/status/1625792228340924416 http://195.133.40.108 # Reference: https://www.virustotal.com/gui/file/bd9854943c82e5c5fd424aa1dc9463108d5de7eb3cbde4fd964ef8cc42a4547e/detection http://95.216.194.51 # Reference: https://twitter.com/wwp96/status/1627709569324683264 rssh.li # Reference: https://twitter.com/wwp96/status/1627685160937463808 http://103.232.54.88 # Reference: https://twitter.com/1ZRR4H/status/1627793836213665794 http://104.168.32.152 # Reference: https://www.virustotal.com/gui/file/2cb755b44a07942f62c8e695520b7a2e23811430111527ba3c54eaf6cfeac013/detection http://212.87.204.200 # Reference: https://twitter.com/wwp96/status/1628275564938141699 http://192.3.27.140 # Reference: https://www.virustotal.com/gui/file/123886464f55b7e5dbb297e437c1569e4521c839a6b2ee643f09e28444ad4424/detection http://185.254.37.64 # Reference: https://www.virustotal.com/gui/file/d009d1247fc57b0da2da76fb93bb359b2d8e764218c96d47356c2329327eaa3e/detection http://103.189.202.84 # Reference: https://twitter.com/petrovic082/status/1628351556214042624 http://104.144.152.48 http://104.168.32.152 # Reference: https://twitter.com/ecarlesi/status/1628219729058865154 shaprek.shop # Reference: https://www.virustotal.com/gui/file/10caa63bd58b3bea1a03cf92db93a0395105bb43fecc4f7c66e583636f9a97cc/detection http://198.46.178.142 # Reference: https://twitter.com/wwp96/status/1628427131515555840 # Reference: https://www.virustotal.com/gui/domain/vashovskycorp.com/detection vashovskycorp.com # Reference: https://twitter.com/wwp96/status/1628520430737973248 http://92.52.217.50 # Reference: https://www.virustotal.com/gui/file/00cdc04cddfecc9aae1df6f0a404c6238fb58528ee3c8a0caefb89e6bfb44b10/detection http://35.176.170.110 # Reference: https://twitter.com/wwp96/status/1628842199570911234 http://3.23.186.85 # Reference: https://twitter.com/wwp96/status/1628838019200389126 http://157.245.157.93 # Reference: https://www.virustotal.com/gui/ip-address/85.119.149.127/relations ai-chatgptapp.com any-desk-remote.com any-dlesk.com anyd1esk.com anydesik.com anydesk-remote.com apps-chatgpt.com bittorrent-official.com chatgpt-ai-tool.com get-kms-pi-co.com get-kmspi-co.com gpuz-official-site.com gpuz-official.com gpuzzz.com k-mspico.com km-spico.com kms-pi-co-act.com kms-pi-co-activator.com kms-pi-co-download.com kms-pi-co-downloader.com kms-pi-co-downloader.org kms-pi-co-install.com kms-pi-co-installer.com kms-pi-co-net.com kms-pi-co-tool.com kms-pi-co-web.com kmsp1co.com kmspi-co-activator.com kmspi-co-tool.com lechpower-gpuz.com ltechpower-gpuz.com metatrader4-apps.com python-apps.com techpowerup-gpuz.com tool-chatgpt.com xn--anydsk-eva.com xn--zm-ckaa.com z00nn.com zoo-rn.com zoom-for-pc.com zoorn-us.com zoornus.com # Reference: https://twitter.com/InQuest/status/1628657217292365826 # Reference: https://www.virustotal.com/gui/file/591098cf0c9b44ac66ff2224e506451f30333ed53bf14de325041ded11867f3a/detection http://192.3.101.101 # Reference: https://twitter.com/petrovic082/status/1628752236430909441 http://185.29.8.109 http://23.94.148.10 http://23.94.99.5 # Reference: https://twitter.com/suyog41/status/1629053362653077505 http://103.182.17.195 # Reference: https://twitter.com/wwp96/status/1629124018761523200 http://185.246.221.126 # Reference: https://twitter.com/wwp96/status/1629138502473420800 revitape.com/gdy/ # Reference: https://www.virustotal.com/gui/file/96910d4cde5d93e92d937f4ef28057e61846a6d7e4aa569d719185b892c16bd0/detection http://185.246.220.34 http://45.15.159.15 http://62.204.41.245 # Reference: https://asec.ahnlab.com/en/47088/ # Reference: https://otx.alienvault.com/pulse/63e25c5cbc100230953c2d2e http://43.128.62.42 http://45.144.3.216 # Reference: https://www.virustotal.com/gui/file/23073f04696ea6bf57f802b1cab1652ebaba661bb051861dd3c07b8c7afd4482/detection http://104.168.45.119 # Reference: https://twitter.com/r3dbU7z/status/1630121537939308544 http://167.179.87.238 # Reference: https://twitter.com/drfabiocastro/status/1630237999798820866 # Reference: https://twitter.com/drfabiocastro/status/1630416230409555969 http://5.199.69.239 anydesk-appwindows.info winrarapp.info # Reference: https://blog.cyble.com/2023/02/22/the-growing-threat-of-chatgpt-based-phishing-attacks/ # Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2023-02-28-v10255/336 # Reference: https://otx.alienvault.com/pulse/63f678b56b50c0f7a4720626 chatgpt-go.online chat-gpt-online-pc.com chat-gpt-pc.online openai-pc-pro.online # Reference: https://twitter.com/James_inthe_box/status/1631333730055856138 http://198.46.174.170 # Reference: https://twitter.com/MichalKoczwara/status/1631623466658013184 http://193.117.208.109 # Reference: https://twitter.com/MichalKoczwara/status/1631683477648072706 http://170.250.131.155 # Reference: https://www.virustotal.com/gui/file/1754cecf1e1e48307e88fddb9a1dd0bee0aa9a5c4a1b2545b4f1922d0c402f2f/detection http://185.181.8.147 # Reference: https://www.virustotal.com/gui/file/62bfcd6ad96951af9bd54bc9f99fce2f8cd3fa58549c8c794cc567c2321220c9/detection http://79.137.206.102 # Reference: https://twitter.com/kienbigmummy/status/1632038253443575811 # Reference: https://www.virustotal.com/gui/file/cb87ec5825659ec1919ac6ffdec4b88e4336c0be420c726ceab1917689fdd161/detection # Reference: https://www.virustotal.com/gui/file/97ceffc6a9462c025e344a0b709c3470ff551a914cce1ed209e4ddd63b734182/detection http://107.175.212.18 # Reference: https://twitter.com/wwp96/status/1632898326453469184 http://195.123.247.87 # Reference: https://twitter.com/wwp96/status/1633187206830641152 http://192.227.162.28 # Reference: https://twitter.com/wwp96/status/1633571276622282753 # Reference: https://app.any.run/tasks/d4522b96-70dc-4c13-850f-3e6e498b85ab/ bdadvisors.ma # Reference: https://twitter.com/og_patate/status/1633925757947858944 http://191.101.2.199 # Reference: https://twitter.com/kienbigmummy/status/1635217184191549446 http://103.167.92.45 # Reference: https://www.virustotal.com/gui/file/de846ac791561337ffff910b091bb8bc10e5897c1a4fb76e2f32e52a3451495c/detection maqboolimpex.co/wp-admin/js/a1/ # Reference: https://app.any.run/tasks/4dcd6a63-3d44-4080-b38e-aa984191a5d3/ # Reference: https://otx.alienvault.com/pulse/64134c80df7e5abdb1f7699d # Reference: https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-074a http://104.225.129.102 http://137.184.130.162 http://137.184.130.164 http://144.96.103.245 http://149.28.85.24 http://184.168.104.171 http://185.186.245.72 http://193.8.172.113 http://193.8.172.13 http://216.120.201.12 http://37.184.130.162 http://45.77.212.12 http://5.34.178.246 http://79.133.124.242 http://92.38.169.193 http://92.38.176.109 http://92.38.176.130 104.225.129.102:443 137.184.130.162:443 137.184.130.164:443 144.96.103.245:443 149.28.85.24:443 184.168.104.171:443 185.186.245.72:443 193.8.172.113:443 193.8.172.13:443 216.120.201.12:443 37.184.130.162:443 45.77.212.12:443 5.34.178.246:443 79.133.124.242:443 92.38.169.193:443 92.38.176.109:443 92.38.176.130:443 hivnd.com/thumpxcache # Reference: https://www.virustotal.com/gui/file/0760ae9b4d7eaa7ba0d1d9442c82c9d6b9dcfd6329fa4222aa4fa3b47da78929/detection http://190.211.254.211 # Reference: https://twitter.com/crep1x/status/1636352248014946307 http://84.252.94.185 # Reference: https://twitter.com/r3dbU7z/status/1636728297777254401 http://194.62.1.199 # Reference: https://twitter.com/1ZRR4H/status/1637205517083856896 corpolevesuplementos.com.br/2022pws/ # Reference: https://twitter.com/vxremalware/status/1636863275395686401 http://179.43.141.100 # Reference: https://twitter.com/petrovic082/status/1638174842779467779 http://172.245.33.146 http://192.3.101.160 http://202.55.132.230 # Reference: https://twitter.com/sicehice/status/1638340952610725890 http://23.106.215.242 # Reference: https://twitter.com/sicehice/status/1638608121500168192 http://66.228.37.7 # Reference: https://twitter.com/sicehice/status/1638680582438699008 http://20.214.232.149 # Reference: https://www.virustotal.com/gui/file/04db053ddaf38c4d040e12c2ffdd19a98dbeb9cafb43e4ef397e95da97ba3036/detection http://103.232.53.25 # Reference: https://twitter.com/sicehice/status/1639256583975624704 http://185.238.3.205 # Reference: https://twitter.com/malwrhunterteam/status/1639324161431437312 http://52.230.106.137 # Reference: https://www.virustotal.com/gui/file/16ff551a19804e004b3306e612ebad6de2da70d8cd674b83cc5d530a928bc7ef/detection http://195.133.192.49 http://94.131.8.3 # Reference: https://twitter.com/sicehice/status/1639258283612545027 http://185.254.97.84 # Reference: https://twitter.com/sicehice/status/1638674378345832449 http://220.247.167.232 220.247.167.232:443 # Reference: https://twitter.com/sicehice/status/1638661695768862720 http://54.146.247.191 # Reference: https://twitter.com/sicehice/status/1638584956342476808 http://206.189.9.27 # Reference: https://twitter.com/idclickthat/status/1640733752966930433 # Reference: https://twitter.com/idclickthat/status/1640764717386924043 download-doucloud.cn download-doucloud.com doudou-tools.com # Reference: https://twitter.com/malwrhunterteam/status/1641007887127379968 # Reference: https://www.virustotal.com/gui/file/4f4125ae0d97bba152cf35399418e4f82f3998116770ce88e1cecb82ae738369/detection # Reference: https://www.virustotal.com/gui/file/0a01ed52800ae36de5179c399e7605c6f934d98a45ef8912bef7479e7b993b1c/detection # Reference: https://www.virustotal.com/gui/file/d6e9fffb7e83990e620839f3371ba13c79741e70290fc8d95f925dad5bddde54/detection bonnioad-mci.com # Reference: https://twitter.com/suyog41/status/1641038677504585728 # Reference: https://www.virustotal.com/gui/file/c632467f79992fca86b1bb62ceaac83583ac82fcc262ae5df5b61fd61eea4c08/detection worldpharmafze.com # Reference: https://twitter.com/petrovic082/status/1642912129211682817 http://43.137.10.95 # Reference: https://www.virustotal.com/gui/file/ba2848dd130c26176303690fd5a07e945dfbd20c59f253dc56cc64611409518d/detection oliwierlubianka.olmi.pl # Reference: https://twitter.com/malwrhunterteam/status/1643212405587976196 dev-javascript-support-enable.pantheonsite.io # Reference: https://twitter.com/malwrhunterteam/status/1642994177095942146 # Reference: https://twitter.com/malwrhunterteam/status/1642993019992387584 # Reference: https://isc.sans.edu/diary/rss/29708 # Reference: https://otx.alienvault.com/pulse/642bda624b63276eba73e5c1 channel-platform.s3.ap-east-1.amazonaws.com infoamanewonliag.online winwin.co.th/intro/ # Reference: https://twitter.com/sicehice/status/1643799396595777536 http://20.211.5.151 # Reference: https://www.virustotal.com/gui/ip-address/103.139.45.3/relations # Reference: https://www.virustotal.com/gui/file/470319dd9293eb6d6f05141e1e547b952b4c86d410ffc4a95453a27353837e26/detection http://103.139.45.3 # Reference: https://threatfox.abuse.ch/browse/malware/win.ave_maria/ http://104.223.19.96 http://212.83.46.109 # Reference: https://twitter.com/sicehice/status/1646155898010624001 http://172.81.61.224 172.81.61.224:443 # Reference: https://www.virustotal.com/gui/file/dcd0e43f175a2464788c2875137ac3f2987e1e3c3266f3295834fca4766ab779/detection http://179.43.142.201 http://179.43.155.247 # Reference: https://www.virustotal.com/gui/file/02de7dc70bed64b07d9556aed181e3d8ee811f86736684f69f3973e7e8fef104/detection # Reference: https://www.virustotal.com/gui/file/0191964e405347382178a7381117b0bea92a9f26c7ef5cee78d31473e0be34c2/detection # Reference: https://www.virustotal.com/gui/file/5e16d11733b3516e3efc69145980eae528a987ae7d46819dfb8e8328a6d876ec/detection http://23.184.48.143 http://45.15.157.136 http://45.61.187.67 http://79.137.194.132 http://79.137.194.41 # Reference: https://twitter.com/WhichbufferArda/status/1648788380744929282 # Reference: https://www.virustotal.com/gui/file/3013cff4c3e0feea59c67876526413c8d2bb2c6c9a13b76945a4ad624c1f9979/detection bienenstock.eastus.cloudapp.azure.com # Reference: https://twitter.com/malwrhunterteam/status/1650871512847593475 # Reference: https://www.virustotal.com/gui/file/3035ab2a9c83b4fb5159981c8ccd159b300a28b91e45e7b38793407d243dc9d3/detection lucaagostini.it/regallo/ # Reference: https://twitter.com/sicehice/status/1651029587961294848 http://64.226.78.9 # Reference: https://twitter.com/g0njxa/status/1652034044299714563 http://89.185.85.247 # Reference: https://twitter.com/0xperator/status/1653167477075918849 http://179.43.182.147 # Reference: https://www.virustotal.com/gui/file/fc5b9fd6ba61665c70694052bace9b21b1f962b6e929792024616287b33b17f6/detection http://185.215.113.105 # Reference: https://twitter.com/pollo290987/status/1654581586342338560 http://192.253.237.23 # Reference: https://www.virustotal.com/gui/file/db8b069ef0a46f4c5d85fb77e7df4a873ed5b5bc5b0eab38ef2374ddf6f94ad5/detection http://103.155.81.71 http://154.221.27.200 http://23.94.206.76 # Reference: https://www.virustotal.com/gui/file/ce4f4df08dda9778407122ddcef79796651032ee0b7442cfba708597e75e1e7d/detection http://62.109.13.77 # Reference: https://twitter.com/reecdeep/status/1655846018645147648 http://103.232.53.243 # Reference: https://www.virustotal.com/gui/file/48dd2330f418cf9019cd581fee1abcb5da6fe8ed353e0a2d067fea8dd0d3f285/detection http://62.204.41.169 # Reference: https://twitter.com/Gi7w0rm/status/1657342163628294145 http://77.91.77.6 # Reference: https://www.virustotal.com/gui/file/8e9c6b72a19705e65d654814d0770a67c7c4a2e52915f6115dc740ab254ed4a9/detection http://141.98.6.163 http://23.95.122.250 http://45.141.27.208 http://45.81.235.111 http://85.217.144.228 http://94.142.138.148 # Reference: https://twitter.com/malwrhunterteam/status/1663240885839044608 http://45.77.194.187 # Reference: https://twitter.com/doc_guard/status/1666756116288512003 http://45.83.140.48 # Reference: https://twitter.com/JAMESWT_MHT/status/1666757492347371523 http://84.54.50.31 # Reference: https://www.virustotal.com/gui/file/4ce73c379ff622c7be13a7b056fdbf4b677a7072af4a3baa5e5dd7535e78117f/detection http://83.97.73.134 # Reference: https://www.virustotal.com/gui/file/b0a609913a5b002f776efdb1eed4592dd3addf05b8dd90415ec8e897fe149dba/detection http://194.180.48.90 # Reference: https://www.virustotal.com/gui/file/714e2bba3ebbd40c0c85f4a73fca616b7bbe9ab6e4feedc195ac0885973dadca/detection http://103.116.15.39 http://103.131.57.119 http://103.57.130.116 http://107.175.113.210 http://141.98.6.99 http://185.252.179.100 http://185.252.179.254 http://192.3.101.139 http://192.3.109.146 http://192.3.193.194 http://20.22.239.93 http://217.196.96.158 http://23.94.148.6 http://45.66.230.149 http://45.81.39.192 http://5.42.64.15 http://77.105.146.74 http://77.91.68.16 http://77.91.68.30 http://81.177.143.184 http://83.97.73.129 http://83.97.73.183 http://95.214.25.239 # Reference: https://www.virustotal.com/gui/file/847a1d56185a69c2e30b44368c404bc91107463274fa66b260277b1c0616b66b/detection http://77.73.133.113 # Reference: https://www.virustotal.com/gui/file/061076cc209f95d32bcd4a38ab229551cf25de12e545d1c15939abf9529bb0d0/detection http://23.106.122.155 # Reference: https://twitter.com/Yeti_Sec/status/1681294210492669953 http://137.184.41.38 # Reference: https://www.virustotal.com/gui/file/db3faed8140a81bfeb2e70fc2d87412f7d1a1629b21f22a43783649eda2ef387/detection http://192.3.118.24 # Reference: https://www.virustotal.com/gui/file/0cc7883198df53af5b4e7d6b14204ea5ab51066a52031f8f814cedccc491bd9a/detection http://45.66.230.164 http://77.91.124.31 http://77.91.124.40 # Reference: https://www.virustotal.com/gui/file/005388ce01b74c5de11f70f3f082a93f6234577b4978a14f36864183fc3221a5/detection http://44.203.122.41 # Reference: https://www.virustotal.com/gui/file/2750db58bd94b97aa33fb563461c528c54eb3f08f3315b0648291842576e6857/detection http://103.16.215.29 # Reference: https://twitter.com/1ZRR4H/status/1684929856159518720 driversdocs.com downloadanexo07.page.link # Reference: https://app.any.run/tasks/07d48cef-8f74-4755-96c9-c793a8ede462/ http://45.15.156.229 http://87.120.88.198 # Reference: https://twitter.com/ULTRAFRAUD/status/1686473941307551744 http://4.233.216.133 # Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-07-24%20DarkGate%20IOCs http://162.243.71.6 # Reference: https://twitter.com/malwrhunterteam/status/1686846930138124288 # Reference: https://www.virustotal.com/gui/file/2be90f30f92197b61107ef9319bdec3e9535dcd4c65a6b59dcf08d111a4e679f/detection github-readme.com # Reference: https://twitter.com/James_inthe_box/status/1687092068160884738 http://23.94.148.61 # Reference: https://www.virustotal.com/gui/file/077c6e0a6a5df926dd7673d81f466faf5a11b8e04d3a5ecddf9d7951107e0026/detection http://103.6.248.9 http://192.3.189.179 http://194.180.49.153 http://198.46.176.189 http://2.59.254.18 http://23.95.122.94 # Reference: https://twitter.com/petrovic082/status/1679357685387476992 http://103.6.248.9 # Reference: https://www.virustotal.com/gui/file/76a7490d3f1b0685f60a417d1c9cf96927b473825a914221f092f82ea112b571/detection http://107.172.130.135 http://109.248.144.244 http://192.227.183.138 http://198.46.173.137 http://95.164.86.244 # Reference: https://twitter.com/reecdeep/status/1688812981881077760 http://185.161.211.81 # Reference: https://twitter.com/JustWantToQ1/status/1688990541852082177 http://155.94.129.4 # Reference: https://www.zscaler.com/blogs/security-research/statc-stealer-decoding-elusive-malware-threat http://95.217.5.87 # Reference: https://www.virustotal.com/gui/domain/sdkvm.site/detection sdkvm.site # Reference: https://twitter.com/sicehice/status/1689840704879509504 http://45.227.252.247 # Reference: https://twitter.com/sicehice/status/1689830829634023424 http://103.89.15.53 /BypassNeo-reGeorg/ /JEECMS-INJECT/ /CVE-2017-0213_x64.exe /CVE-2018-8120_x64.exe /CVE-2019-1458.exe /CVE-2012-1732.exe # Reference: https://www.virustotal.com/gui/file/bb53dabca138400f399a9fca9cef7d8377cbb958415c92b336a869911b33e6a7/detection pan.qianxin.com # Reference: https://www.virustotal.com/gui/file/113627a5c1f4faf1e6010c36abfa0b2acefb5632bd827b13444f6d69a387c15e/detection http://89.208.104.191 # Reference: https://app.any.run/tasks/698f65e2-2af2-4969-8d52-f388744af33b/ http://5.42.67.10 # Reference: https://twitter.com/reecdeep/status/1686309702278283264 http://23.95.60.83 # Reference: https://www.esentire.com/blog/stealc-delivered-via-deceptive-google-sheets # Reference: https://www.virustotal.com/gui/ip-address/195.123.241.141/relations annasom.com checonstruct.com chkonst.com gaccconstrust.com opentablesort.com pulbaw.com sectiondatas.com sheconstanta.com sheetsconstruct.com sheetsdataaccess.com # Reference: https://twitter.com/fr0s7_/status/1692906178110423221 http://35.246.28.111 # Reference: https://twitter.com/doc_guard/status/1693244869118963910 # Reference: https://www.virustotal.com/gui/file/d986c4d64650cdbb34bfbe5133846627db098f37f6c757d615f511d5a794507a/detection http://192.210.175.4 # Reference: https://twitter.com/Gi7w0rm/status/1693432581583184029 http://83.217.9.18 83.217.9.18:443 # Reference: https://www.virustotal.com/gui/file/3e8ac08892d633b002ebe862b10025b870e33a7a69435886c2203aa352fd2025/detection http://193.56.146.7 http://194.58.108.112 crazysheriff.com # Reference: https://twitter.com/nahamike01/status/1693914776462901515 http://60.204.140.244 /shika_beacon.bin # Reference: https://www.virustotal.com/gui/file/67b7a3c8418343b4726730196eb7c35b410f677636b158ff9e8b7603ee645cfe/detection http://103.16.225.211 http://193.109.85.112 http://193.233.255.9 # Reference: https://twitter.com/reecdeep/status/1694273196910899288 http://96.9.208.75 # Reference: https://twitter.com/sicehice/status/1694532065050468464 http://79.110.48.58 # Reference: https://www.virustotal.com/gui/file/a08c36812818618f44782c3677c8b8b8159a1beacbad66adbe232e694d91176e/detection http://65.109.160.103 # Reference: https://twitter.com/sicehice/status/1694549050584973690 http://188.68.242.169 # Reference: https://www.virustotal.com/gui/ip-address/192.3.223.26/detection http://192.3.223.26 # Reference: https://www.virustotal.com/gui/file/558fcfd3568b805c1f7d3c6f4469d1fd7e750b9cddae2e090da6acffe4f9dcb1/detection http://185.225.75.154 # Reference: https://www.virustotal.com/gui/file/ec8c114e9c0bd6154bd58396c72fabe79e2ffe70dea761cabc98b35186723360/detection http://103.37.60.77 # Reference: https://www.virustotal.com/gui/ip-address/217.12.206.218/detection http://217.12.206.218 # Reference: https://www.virustotal.com/gui/file/7a5efa51ae71f8a93dfb88504f5941bb7e46ea3b7b7c1859b8257d84106ee1ea/detection http://185.149.146.210 # Reference: https://github.com/Gi7w0rm/MalwareConfigLists/commit/2f951a74a5ba88b341ce63a29c0714bdd5c210a1 http://146.190.238.148 http://174.138.6.26 http://179.43.142.79 http://217.114.43.157 http://45.15.156.161 http://95.214.24.244 a0694046.xsph.ru # Reference: https://twitter.com/petrovic082/status/1699766482517798930 http://95.214.27.55 http://95.214.27.56 # Reference: https://urlhaus.abuse.ch/browse/tag/RedLineStealer/ http://103.16.215.196 http://103.170.118.35 http://103.180.134.66 http://103.250.79.174 http://103.29.3.236 http://103.37.60.36 http://103.57.130.167 http://103.74.104.213 http://104.168.46.25 http://104.208.85.234 http://107.175.202.150 http://107.175.202.170 http://109.206.243.208 http://109.207.171.30 http://137.184.177.170 http://142.132.234.53 http://143.42.126.67 http://143.92.48.59 http://149.50.129.58 http://159.223.216.123 http://16.171.47.83 http://163.123.143.201 http://172.245.191.101 http://176.113.115.176 http://176.113.115.183 http://179.43.162.122 http://185.106.93.138 http://185.154.14.167 http://185.161.248.175 http://185.161.248.25 http://185.161.248.37 http://185.225.73.56 http://185.225.73.86 http://185.225.75.194 http://185.252.179.228 http://192.210.255.49 http://192.3.108.47 http://192.3.109.135 http://192.3.109.162 http://192.3.193.171 http://192.3.216.144 http://192.3.23.247 http://192.3.26.168 http://193.142.59.113 http://193.142.59.172 http://193.201.9.240 http://193.233.20.16 http://193.233.20.18 http://193.233.20.21 http://193.233.20.22 http://193.3.19.157 http://193.3.19.158 http://193.3.19.251 http://193.42.33.216 http://193.56.146.10 http://193.56.146.210 http://194.169.175.138 http://194.180.48.72 http://194.50.153.183 http://194.55.224.13 http://194.59.218.151 http://198.23.187.135 http://198.46.177.160 http://20.234.58.62 http://209.145.51.44 http://212.113.106.252 http://217.182.46.178 http://217.196.96.98 http://23.94.148.51 http://23.94.37.197 http://23.95.122.126 http://31.41.244.202 http://34.101.154.50 http://45.144.66.232 http://45.15.159.174 http://45.15.159.230 http://45.15.159.69 http://45.80.29.139 http://45.81.39.190 http://45.95.67.38 http://47.111.23.242 http://5.206.227.115 http://5.252.177.91 http://5.255.105.147 http://5.42.199.124 http://5.75.199.27 http://62.204.41.112 http://62.204.41.119 http://62.204.41.248 http://62.204.41.251 http://62.204.41.90 http://65.109.165.65 http://65.21.3.192 http://77.91.124.231 http://77.91.124.47 http://77.91.124.5 http://77.91.68.157 http://77.91.77.241 http://77.91.77.53 http://77.91.78.166 http://77.91.84.172 http://79.110.49.136 http://79.137.194.203 http://79.137.206.226 http://80.85.241.84 http://80.85.241.98 http://83.97.73.126 http://83.97.73.128 http://83.97.73.130 http://83.97.73.131 http://84.54.50.77 http://85.208.139.242 http://87.121.221.176 http://87.121.221.58 http://88.218.61.38 http://89.185.85.189 http://89.208.104.62 http://91.103.252.189 http://91.103.252.204 http://91.210.224.40 http://93.183.72.7 http://93.183.73.20 http://94.130.228.214 http://94.156.253.108 http://94.228.169.191 http://95.179.197.56 http://95.214.27.254 http://95.216.143.153 # Reference: https://twitter.com/James_inthe_box/status/1701241082934092060 http://192.3.172.208 # Reference: https://twitter.com/James_inthe_box/status/1701228919410815190 http://23.95.122.91 # Reference: https://twitter.com/James_inthe_box/status/1701588159224840332 http://23.94.239.122 # Reference: https://twitter.com/g0njxa/status/1702041635343773759 http://171.22.28.208 # Reference: https://www.virustotal.com/gui/file/9f284bc1348a3f5e22dea564278f787eca8df824a9f8ded3dc6ec1cc8be6318e/detection http://179.43.162.96 # Reference: https://threatfox.abuse.ch/ioc/1163977/ http://64.188.13.135 # Reference: https://twitter.com/r3dbU7z/status/1703053664443945002 http://94.131.99.140 # Reference: https://twitter.com/ViriBack/status/1703386287405711630 motioncontorlshop.com # Reference: https://www.virustotal.com/gui/file/031daed402811261fd30ee19e846074bcb3bde5721c8024fb0d4631449159416/detection # Reference: https://www.virustotal.com/gui/file/72ab003512da5dfcd370a411011de59d202a8447acfa3f28fb9a267f4e4a3b71/detection http://8.218.169.130 # Reference: https://www.virustotal.com/gui/ip-address/47.74.51.220/relations # Reference: https://www.virustotal.com/gui/ip-address/8.208.22.78/relations newsoftup.com topupdatesoft.com # Reference: https://research.checkpoint.com/2023/unveiling-the-shadows-the-dark-alliance-between-guloader-and-remcos/ http://38.242.193.23 # Reference: https://twitter.com/jstrosch/status/1704273520421736771 http://195.3.223.234 # Reference: https://twitter.com/r3dbU7z/status/1704851480405295495 http://45.66.230.113 # Reference: https://twitter.com/r3dbU7z/status/1704854108455551274 http://89.58.44.125 # Reference: https://www.virustotal.com/gui/file/014797cac586da92f12bea4cda0d400105e0732e1403b51d794cde02c22beeb9/detection http://195.2.74.10 # Reference: https://www.virustotal.com/gui/ip-address/45.9.148.28/relations http://45.9.148.28 45.9.148.28:443 dlkfjdslkfjspofuoermeroivoirev.com # Reference: https://twitter.com/g0njxa/status/1707079932977774661 http://167.88.160.150 # Reference: https://twitter.com/malwrhunterteam/status/1710574202531496208 svo-nagrada.com # Reference: https://twitter.com/karol_paciorek/status/1712422451534045305 http://194.180.48.248 # Reference: https://twitter.com/1ZRR4H/status/1712597100876140616 http://217.196.96.217 # Reference: https://twitter.com/g0njxa/status/1715081804649046128 http://195.130.202.18 # Reference: https://www.virustotal.com/gui/file/19717024f0f46fdaae7ff1a61ea414f7ff84af8fb20203738beaf8d2d0a6e85a/detection http://171.22.28.213 http://185.216.70.222 # Reference: https://tria.ge/231030-hwtj2sbf4x/behavioral1 http://94.228.168.226 # Reference: https://twitter.com/karol_paciorek/status/1719257691086901347 http://124.223.55.73 # Reference: https://twitter.com/karol_paciorek/status/1719991069075534068 # Reference: https://tria.ge/231102-jhepeaba42/behavioral1 http://45.61.160.199 # Reference: https://twitter.com/banthisguy9349/status/1720106681336557608 http://146.190.168.240 # Reference: https://www.virustotal.com/gui/file/04fd3794814871b31fef000b51e51b6c20ad7646b3c74a585a668f95cf14fa06/detection http://91.215.85.15 # Reference: https://www.virustotal.com/gui/file/336bdd325de95e6ed91b86db85aaf99a673b681c2e4d7611675c04492f0edb81/detection # Reference: https://www.virustotal.com/gui/file/89a71662a8c7bb15d26bad72aded5d84af2670ec9dd7877105e4b8d6658e1178/detection lokefa.biz cc.lokefa.biz # Reference: https://twitter.com/karol_paciorek/status/1721423283323564531 http://206.189.20.127 # Reference: https://twitter.com/karol_paciorek/status/1721516368984461620 http://82.115.223.78 # Reference: https://www.virustotal.com/gui/ip-address/136.243.151.123/relations http://136.243.151.123 # Reference: https://www.virustotal.com/gui/domain/alldatadump.org/detection # Reference: https://www.virustotal.com/gui/file/0ef16bb45f1c63be6a920635827e5f873076103964c817a380d538caa9bc3976/detection alldatadump.org # Reference: https://www.virustotal.com/gui/file/2aa3c6dd94498a7a640f8c4aef123024be8edc16d77da79f84354339aff235b3/detection http://194.49.94.67 # Reference: https://twitter.com/karol_paciorek/status/1723024066112557542 http://54.90.216.100 # Reference: https://www.virustotal.com/gui/file/ee9735fac7826f59fa94510188bba3b1feac251cb5e2bda5d1263a06c2f3cf75/detection africatechs.com imagebengalnews.com marrakechfolkloredays.com/clips.exe skkassociates.com/5ea275.exe # Reference: https://www.virustotal.com/gui/file/fa90294c2cd7c12d68524c55cc5ed0e3276d0a7bbce8fedec1e0cf679e521298/detection http://5.42.92.93 # Reference: https://www.virustotal.com/gui/file/01c52fb377d59ee5c9ac7db9cbf58186f6470f3a5c78d378bc2a0cb79627c2fe/detection http://193.47.61.250 # Reference: https://www.virustotal.com/gui/file/024d4cc08b1badd5d5c72d09eb638fec489fec3953a14fd1a9208e11f88f85ac/detection http://216.108.230.28 # Reference: https://twitter.com/kddx0178318/status/1726565163107766513 http://159.89.50.225 # Reference: https://twitter.com/malwrhunterteam/status/1727243723065463101 http://82.147.85.169 # Reference: https://twitter.com/crep1x/status/1727970393237983640 # Reference: https://tria.ge/231124-j8b17shh91/behavioral2 http://185.172.128.160 # Reference: https://twitter.com/g0njxa/status/1729232608830394409 # Reference: https://twitter.com/g0njxa/status/1729235418825343406 # Reference: https://www.virustotal.com/gui/file/0808202fc3bd5e570b2106a4f991de5beeee739960b1167a590da92727b813a6/detection http://176.120.64.136 http://84.246.85.41 http://95.164.87.58 # Reference: https://twitter.com/k3yp0d/status/1729908135375020125 # Reference: https://www.virustotal.com/gui/file/ff0179442402fa306c85ba83a87df2cc46d13012a1e2819e73a6b3586c5c8dc3/detection # Reference: https://www.virustotal.com/gui/file/9745eaca508255646d2039383150952955f49196767a160968fcf83130ad9a90/detection # Reference: https://www.virustotal.com/gui/file/93988c13f8e6dc3cc6d9256992d417057e164785c1ad05f6984fc769af5b597a/detection # Reference: https://www.virustotal.com/gui/file/5901691afd331944b38939588b1ac7480c1ea76ba32c703bb61af1be4c72bb50/detection http://94.156.71.74 # Reference: https://www.virustotal.com/gui/file/8fe98ae573432ec9f94b3ad6ed10bef5f3a5308751842c3a5f8f4fcd1786028b/detection http://3.145.88.189 # Reference: https://twitter.com/1ZRR4H/status/1729989615795290612 http://37.48.108.40 # Reference: https://twitter.com/AlvieriD/status/1730331193676079512 http://51.255.46.245 # Reference: https://twitter.com/fmc_nan/status/1730473372667310343 publicpolicyfiles.info /YsadjhWEiusadWjha34g/ # Reference: https://www.virustotal.com/gui/file/c19b457db06b149c100dd8273757362f0dd2d972b82cda0c49eb849b748a9e35/detection # Reference: https://www.virustotal.com/gui/file/2c0b94ce8d181d6e70c050572ce521314ff2810494be61332513b3293a0ff04a/detection http://45.144.28.76 # Reference: https://twitter.com/karol_paciorek/status/1729070903936565401 http://122.144.6.226 # Reference: https://twitter.com/karol_paciorek/status/1730544154113913108 http://161.35.124.71 # Reference: https://app.any.run/tasks/f30a98fb-a904-46db-89e8-988b9bd1cdd5/ http://5.42.64.35 http://91.92.250.161 graspalace.com stim.graspalace.com # Reference: https://www.virustotal.com/gui/file/be0dc158152fc2de2e3552779884f45e7ac9cb1a62456d23d0a6ee78e357c757/detection http://5.181.80.172 # Reference: https://www.virustotal.com/gui/file/00d1f5a79ae5c2d5fe9125408473e2d3cf1bf2be593ffba52bb258b1b8ddbce3/detection http://185.196.8.238 # Reference: https://twitter.com/tosscoinwitcher/status/1735088307246338123 books.ttc.edu.sg # Reference: https://twitter.com/kienbigmummy/status/1736685822278320582 http://172.245.208.4 # Reference: https://www.virustotal.com/gui/file/2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce/detection http://89.23.101.11 # Reference: https://twitter.com/ULTRAFRAUD/status/1737156172967227718 # Reference: https://www.virustotal.com/gui/file/19e6bb8cc19a7d08f07bb2feb3ed68f83b6b7027a812b6e5cb7589f3721a81cd/detection acrobat-download.pages.dev # Reference: https://www.virustotal.com/gui/file/00331e30a238c216d8dafd37ccc46fbaecf71d6040c7ed490b769396dd06138d/detection jorjifornk.live # Reference: https://www.virustotal.com/gui/file/87b9a298088ed30406e897f152ad34f0e3e50bce09b317a50286a81cbc7913fd/detection http://62.84.96.105 # Reference: https://www.virustotal.com/gui/file/15a9668dd97b402ed3cfe390a61af803f076d4b3876086d26ab4c4211c145c7e/detection http://77.91.68.21 # Reference: https://twitter.com/malwrhunterteam/status/1748735466248028659 # Reference: https://www.virustotal.com/gui/file/b79bc27c296bc7360d1f7f9199af6266d58f4c1140d3e54a974b4cd990d9076c/detection http://51.210.106.154 # Reference: https://www.virustotal.com/gui/file/2a80fbf0919eaf7f46f8d84bc9657bbebb041a02d0e9b6a0cc66ed925dbfeff1/detection http://163.5.215.242 # Reference: https://www.virustotal.com/gui/file/6e67ad1a4aaf6373ca42ed195ff7a1bf1752bee36ac9d7c129f021a29ec2fab0/detection http://91.92.247.96 # Reference: https://www.virustotal.com/gui/file/006a32e2f235b193697cf1a5304530f5688ac362b5bcb38617d500e72b28375e/detection http://109.107.182.3 # Reference: https://twitter.com/ybspro_official/status/1736239437007450311 # Reference: https://www.virustotal.com/gui/file/69be02c5a5f62002a2210c37378b9bf6dc943640d88f4c6545c421c6bcc741e8/detection 0aczpd.top eg8ga8.com sjxshx.top whjsmdhum5.icu kkweb.sjxshx.top ssweb.0aczpd.top wss.eg8ga8.com # Reference: https://www.virustotal.com/gui/file/d35648979ad90bdd1f27896dd66d77e9972a6b5b86d3ae88c556dd7bbafbd7fa/detection http://91.92.252.194 # Reference: https://twitter.com/banthisguy9349/status/1752335418253566314 # Reference: https://twitter.com/banthisguy9349/status/1752333552006410496 http://193.35.18.17 http://193.35.18.38 # Reference: https://twitter.com/Jane_0sint/status/1752289153319051511 # Reference: https://twitter.com/malwrhunterteam/status/1755196841866522727 poisontoolz.com magic.poisontoolz.com power.poisontoolz.com # Reference: https://www.virustotal.com/gui/file/137aaf991507d90ad86343ea960b798f349504fcbdc3b004ffd9a50366b6c1b9/detection http://109.107.182.40 http://185.196.10.146 # Reference: https://twitter.com/banthisguy9349/status/1754214111863591389 http://5.42.64.3 # Reference: https://twitter.com/banthisguy9349/status/1755133340959625622 http://159.253.214.149 # Reference: https://twitter.com/banthisguy9349/status/1757036445045317687 # Reference: https://www.virustotal.com/gui/file/d58e9bf9a9580351f63b58f032835693845a3aab0db24791ba67eff6411b49f3/detection http://206.238.220.26 206.238.220.26:443 # Reference: https://twitter.com/banthisguy9349/status/1758125817115128160 # Reference: https://www.virustotal.com/gui/file/1fa0501aff8e0af858e612110c4f0f8caddde562c8ad6d8d48d446691eb45b27/detection http://5.181.80.99 cheatful.cc # Reference: https://twitter.com/Threat_Down/status/1758191703251472503 # Reference: https://www.virustotal.com/gui/ip-address/45.83.178.195/relations # Reference: https://www.virustotal.com/gui/ip-address/5.42.67.1/relations 2xcrypto.cc 2xeth.cc acrbrigde.io airdrop-enosys.global airdrop-injective.com airdrop-pendle.finance airdrop-zetablockchain.com allowlist-mavia.com astration.io bgtrade.gift bitmusk.co cealtis-app.com chainlink-treasury.com charschvwab.com citaexpress.mx claim-fairdesk.com claimdune.com claimmassa.com claims-matic.com claimsart.com claimsdune.com claimsquant.com claimsrlb.com claimsxen.com claimxspectar.com crypteriumplay.com crypteriumplay.io cryptmusk.com dinoerc.com earnis.xyz eligibility-layerzero.com eligible-layerzero.com enroll-wormhole.com eth2x.cc ethmusk.com ethmusk2x.cc event-manta.network form-beincrypto.com freecad-en.com freecad-en.net freecad-en.org freecad-eng.com freecad-eng.net freecad-eng.org freecadsft.com freecadsft.net freecadsft.org freecadtech.com freecadtech.net freecadtech.org freecadtechs.com freecadtechs.net freecadtechs.org freecadtecs.com freecadtecs.org gearupbooster.io insurancemao.com joins-neotokyo.codes jointhegrapes.xyz launchpad-starknet.io linea-claims.com mainnet-blast.io maskcrypto.cc maskx2.com matic-claim.com mint-neotokyocodes.com mint-synthtopia.world muskbtc.cc muskbtcx2.com muskdrop.cc musketh2x.cc muskx2.com ninjachetcs2.com oldworldstuffs.com paltform-ambire.org panterapolls.org parsec-en.com parsec-en.net parsec-en.org parsec-eng.com parsec-eng.net parsec-eng.org parsec-online.org parsecsft.com parsecsft.net parsecsft.org parsecsoft.net parsectechs.com parsectechs.net parsectechs.org parsecworks.net playcrypterium.com playcrypterium.io pools-friend.tech redirect-mavia.com redirect-wormhole.com saitamatokens.com sledgehammer-app.com solana-ambire.org space-invisiblefriends.com synthetixclaim.com token-saga.xyz voteambires.org winscp-en.com winscp-eng.com winscp-eng.net winscp-eng.org winscptechs.com winscptechs.net winscptechs.org worldcrypterium.com worldcrypterium.io x2eth.cc yggclaim.com zapper.gifts # Reference: https://twitter.com/karol_paciorek/status/1755939550881276136 http://103.175.16.55 # Reference: https://twitter.com/karol_paciorek/status/1756954512810524798 http://20.201.116.50 # Reference: https://twitter.com/banthisguy9349/status/1760298819713941667 http://194.48.250.71 # Reference: https://twitter.com/banthisguy9349/status/1764913875101606229 http://103.183.113.17 # Reference: https://twitter.com/banthisguy9349/status/1765361402103894197 http://91.92.247.179 http://91.92.248.21 # Reference: https://twitter.com/banthisguy9349/status/1765365349711581323 http://147.124.217.110 147.124.217.110:443 # Reference: https://twitter.com/banthisguy9349/status/1767128739962335640 http://94.156.69.140 # Reference: https://twitter.com/banthisguy9349/status/1767921346837680478 http://107.175.69.54 # Reference: https://twitter.com/banthisguy9349/status/1772665108419719561 http://185.196.9.191 # Reference: https://twitter.com/r3dbU7z/status/1773114422933737968 poltosnevopros.com # Reference: https://twitter.com/banthisguy9349/status/1773663691365306450 http://185.148.241.107 # Reference: https://twitter.com/r3dbU7z/status/1773776394670977304 # Reference: https://www.virustotal.com/gui/ip-address/193.143.1.178/relations findreaders.com idplays188.com notiontry.co protranslated.com rtpcuan138.com trynotion.ceo trynotion.org notion.findreaders.com notion.idplays188.com notion.protranslated.com notion.rtpcuan138.com # Reference: https://www.virustotal.com/gui/ip-address/194.116.214.225/relations # Reference: https://www.virustotal.com/gui/file/98f6ecc60e016311511ce920220598b33eb9671e7c71254e76d638d0f2a45883/detection drop-download.com # Reference: https://twitter.com/r3dbU7z/status/1777308083762384907 interrating.net # Reference: https://www.virustotal.com/gui/domain/packetinfo.com/relations packetinfo.com # Reference: https://www.virustotal.com/gui/domain/appxoxo.com/relations appxoxo.com # Reference: https://threatfox.abuse.ch/browse/tag/Nitrogen/ (# 2024-04-11) file-zilla-projectt.org infoputty.com pputy.com putt-get.com puttyy.ca puuty.org ssh-client.co # Reference: https://www.virustotal.com/gui/domain/micrisoftdrivers.com/relations micrisoftdrivers.com catalog.micrisoftdrivers.com # Reference: https://www.virustotal.com/gui/file/b75bcac5ec35390643667804d61f521bc5345291b9955319a44957c6b933dd90/detection http://45.41.241.41 # Reference: https://twitter.com/banthisguy9349/status/1780230441993125893 http://147.45.178.5 http://81.19.141.13 http://94.156.67.22 # Reference: https://twitter.com/malwrhunterteam/status/1780702428343808069 tceh.us # Reference: https://twitter.com/banthisguy9349/status/1782118382076088376 http://94.156.8.104 # Reference: https://twitter.com/ShanHolo/status/1779809614109856215 puttyy.com # Reference: https://twitter.com/ShanHolo/status/1781929665923350896 http://193.233.132.234 # Reference: https://twitter.com/banthisguy9349/status/1782378150313296012 http://87.120.84.140 # Reference: https://twitter.com/g0njxa/status/1782877937257087472 fortnitehack.download # Reference: https://twitter.com/BlinkzSec/status/1783197042707476990 http://124.241.30.45 http://195.130.202.79 # Reference: https://twitter.com/BlinkzSec/status/1783197039037460553 http://195.130.202.36 # Reference: https://twitter.com/banthisguy9349/status/1785245803453231385 http://85.239.238.79 # Reference: https://twitter.com/JustWantToQ1/status/1786693268576600211 # Reference: https://twitter.com/JustWantToQ1/status/1786693417059152088 # Reference: https://twitter.com/JustWantToQ1/status/1786693721343312007 # Reference: https://twitter.com/JustWantToQ1/status/1786694114169278790 # Reference: https://twitter.com/JustWantToQ1/status/1786694462032265404 # Reference: https://twitter.com/JustWantToQ1/status/1786695311794073946 # Reference: https://twitter.com/JustWantToQ1/status/1786697020008288623 # Reference: https://twitter.com/JustWantToQ1/status/1786697637221077099 # Reference: https://twitter.com/JustWantToQ1/status/1786699168074862787 # Reference: https://twitter.com/JustWantToQ1/status/1786699281056845939 # Reference: https://twitter.com/JustWantToQ1/status/1786699704840966147 # Reference: https://twitter.com/JustWantToQ1/status/1786700180403740732 http://103.127.83.1 http://103.84.90.148 http://107.151.244.248 http://111.230.103.58 http://124.220.200.241 http://128.223.51.19 http://134.122.132.30 http://140.143.187.51 http://154.12.86.164 http://154.91.195.27 http://154.91.228.225 http://193.168.145.240 http://20.234.166.219 http://206.238.115.168 http://38.6.153.10 http://45.157.69.179 http://54.233.141.78 http://66.42.43.179 103.158.37.94:8080 111.67.192.181:888 124.248.65.242:8899 144.48.223.202:5001 192.227.146.252:8080 211.101.247.89:9099 38.6.164.106:8080 43.248.101.146:8899 # Reference: https://twitter.com/JustWantToQ1/status/1786701139343212801 # Reference: https://www.virustotal.com/gui/ip-address/8.217.129.51/relations # Reference: https://www.virustotal.com/gui/file/2cc443c1b60701015116a7a80ed06f0f89a50c74fde4bf2476bcee7ccedf1af3/detection http://45.76.20.86 00281.cn 1523xh.cn 841ihg.cn cbpxfzo.cn dektyux.cn gfqfoqz.cn jaanxyk.cn news700.cn npfixcb.cn p48kxd.cn p9143i.cn pnpzvea.cn pssmgwc.cn qwzxqdl.cn anonymous.mobi anonymous.vin qizong.xyz youbi.co 888.anonymous.mobi quick.anonymous.vin tf.anonymous.mobi xs.anonymous.mobi yk.youbi.co # Reference: https://app.validin.com/detail?type=dom&find=payload.exe http://104.248.53.100 http://164.152.111.201 http://185.148.241.244 http://34.16.143.104 http://45.66.230.22 http://46.119.220.241 http://54.234.139.53 http://82.31.123.157 http://90.15.154.112 files.symo.dev server.nkcontabilidade.com.br # Reference: https://twitter.com/JustWantToQ1/status/1787075115823337564 http://43.156.247.227 http://45.204.80.87 http://46.23.108.251 http://85.203.4.146 # Reference: https://www.virustotal.com/gui/file/9138d498545eaa4fe2e96c37329014d1255ece8ba5130d45b1e0518be5600dfa/detection # Reference: https://www.virustotal.com/gui/file/edfd7a54e73d5c28b3f0838fd38ed7c689de8ca9ff962f4fb954348bb216cbec/detection dessinanime.org a.dessinanime.org b.dessinanime.org hostedsecurefileso.000webhostapp.com # Reference: https://x.com/r3dbU7z/status/1791427143890616353 # Reference: https://www.virustotal.com/gui/file/fa84b9a89565c6271b53d14cb706a8143869bb6b52919a7c299bcdfd0084bbed/detection mercado-seg.site # Reference: https://x.com/petrovic082/status/1792468229916336331 # Reference: https://app.any.run/tasks/aa740191-33b6-4bbb-bf58-ae302fa9b48e/ http://5.42.96.170 http://5.42.96.78 # Reference: https://x.com/banthisguy9349/status/1793311629087519142 http://94.16.119.223 # Reference: https://x.com/banthisguy9349/status/1792867290519687679 http://104.234.204.67 104.234.204.67:443 # Reference: https://x.com/lontze7/status/1795724219608916010 http://89.23.96.113 # Reference: https://www.virustotal.com/gui/file/e158171cee1cd932a42f0fc480644b6098e541108f0dab559d2b161a5daba63c/detection http://103.219.154.129 http://204.137.14.135 http://91.202.233.231 # Reference: https://www.virustotal.com/gui/file/2d8524c8b31583d8237455c7211f486667d4cd9ae7db7ac4bab3cbde6b9a5e7b/detection http://91.202.233.232 http://94.232.45.38 # Reference: https://x.com/ShanHolo/status/1791374709658927222 http://192.3.216.56 http://192.3.239.30 # Reference: https://x.com/banthisguy9349/status/1798435454641193460 http://94.156.64.91 # Reference: https://x.com/doc_guard/status/1804498032685170835 # Reference: https://www.virustotal.com/gui/file/07d66d5f867572bfbed2128def7e1aa43792de09f3d709c77241f0950295f579/detection http://91.92.120.127 hassanyaghtin.ru.com # Reference: https://x.com/c_APT_ure/status/1805572570323784114 # Reference: https://www.virustotal.com/gui/file/7bc2536f2b4f69cb20c0d7f996aaedafab15cf4d73f54792e74ac72be3ecf01f/detection http://104.194.134.68 # Reference: https://www.virustotal.com/gui/file/42cadc25aa22d894670084395c8e8d711a2d5f371888e6c9e46269cdf46fa719/detection http://45.59.118.51 # Reference: https://x.com/banthisguy9349/status/1808897135489757260 http://91.142.77.83 # Reference: https://x.com/James_inthe_box/status/1811143010777977010 http://57.180.253.244 # Reference: https://x.com/malwrhunterteam/status/1814742192830689546 officialphoenix.com/jadu/ # Reference: https://x.com/banthisguy9349/status/1814916027320291407 http://185.196.9.251 # Generic /-..-/ /.-.......................-/ /--------------.------------------.------------------.-----------/ /.-....................................................-....................................-/ /.-------.--.----------.--------------------.................--------/ /..----------..----------------.---------.--------/ /..---------..-----------.----.....----..----/ /..-.....----------------------.......---------------------------..---.....-----/ /...-.-.-....................................--/ /...-.-.-.-.-.........................-----------------/ /..-.-.-.-.-.-.-.-.-.-.-._---------_-------_-------....-.-/ /.----------------------.------------------------------.-/ /-................................................................................-/ /...--------------.....----------------............----------------/ /_--00_o______---0o0_00_0oo_0-o_o0-__________o0o-__________/ /______________00___________0____________00_________/ /..........document/ /...xxx........./ /xx...x...x/ /-..-/......dot /......dot /................................................................................dot /...............dot /................wbk /................................................w.wiz /---.---.--.-.--_-----------_------_-_--_-------wiz_...wiz /__________0__0_0________00__.doc /dDd_-----------D----------........d-----....dD--..-------....D-dDd--..-----.dothtml /.csrss.exe /0bsessbypass.bat /5555-meter.deb /5555-shell.deb /aaaaaaaaaaa.dll /ccccccccccc.dll /freeeeeeeee.dll /admin_Bot.exe /aes_cbc_shellcode.txt /avbypass.txt /b64_shellcode.txt /backd00r.exe /01BypassAV.exe /beacon_x64.exe /beacon_x64_amazon.exe /beacon_x64_cheches.exe /beacon_x64_dukes.exe /beacon_x64_emotet.exe /beacon_x64_formbook.exe /beacon_x64_gandcrab.exe /beacon_x64_hancitor.exe /beacon_x64_jaff.exe /beacon_x64_jasperloader.exe /beacon_x64_jq1.exe /beacon_x64_jq2.exe /beacon_x64_notion.exe /beacon_x64_office365.exe /beacon_x64_onedrive.exe /beacon_x64_quantloader.exe /beacon_x64_safeko.exe /beacon_x64_trick.exe /beacon_x64_ur_snif.exe /beacon_x64_xbash.exe /buildz.exe /byfronbypass.html /byfronbypass /bypassav-1.exe /bypassPS-CLM.exe /bypass.exe /bypass.txt /Bypass%20AV.exe /Bypass%20AV2.exe /BypassAV.exe /BypassAV_se.exe /bypassav-1.exe /bypassav_2.exe /bypassav_360.exe /bypass_iooolllllllllll.txt /bypass_iooollllllllll.txt /bypass_iooolllllllll.txt /bypass_iooollllllll.txt /bypass_iooolllllll.txt /bypass_iooollllll.txt /bypass_iooolllll.txt /bypass_iooollll.txt /bypass_iooolll.txt /bypass_ioooll.txt /bypass_ioool.txt /bypass_U_1232435467897654.txt /Bypass32.exe /BypassAV.txt /BypassUAC.exe /bypassvalue.exe /Bypass1.txt /bypassvalue.txt /iscsicpl_BypassUAC_x86.exe /Msf&Cs_Bypass_AV.exe /MyBypassAV.exe /newBypassAV.exe /CjojMi1rBOPnILx.exe /dasdzxccdsgfsdf /direct/MAPE_Form.dotm /downloadrShell /fuckingdllENCR.dll /Doc1.doc /Doc1.dot /Doc1.dotm /hack.exe /hkcmd/document.doc /vbc.exe /fullBatPayload.bin /GruntHTTP.exe /loader_exe_64.exe /loader_exe.exe /lsas.exe /payload.bin /payload_x64.bin /payload.exe /Rat/Domain.txt /webmailed/updates.exe /MemInjectJar.jar /newratexploitlink /BOTNET_HOST/ /bypass_20210428_0905/ /exploit /exploit.exe /loader.encrypted.bin /loader.encrypted.exe /zzz_exploit.exe /payload.exe /payload.txt /PrintSpoofer.dll /PrintSpoofer.exe /reverseshell.bin /reverseshell.exe /revshell.bin /revshell.exe /safe_shell.exe /safe_shell.shc.exe /SharpBypassUAC.exe /shell-x64.exe /shell_x64.exe /shell-x86.exe /shell_x86.exe /ShellCode_Loader.exe /shellcode_1.jpg /shellcode /shellcode.bin /shellcode.exe /shellcode01.exe /shellcodeAny.bin /ShellcodeInjector.exe /shell.exe /shellcode.txt /shellcode_test.txt /ShellWaitForProcess.exe /X64BypassAV.exe /bin/stub.exe /bins/stub.exe /stub.exe /plugins/keylogger.p /plugins/keylogger.php /wwww/ees.doc /loader.plg /pws.plg /xhack.exe /botupdate /getbotinjects /getkeyloggers /testbypass.exe /winshell.exe /Rat/Realrat/ /Realrat/ /RemoteShellcodeExec/ /WalletSteal.bin /loader/injection.dll /wp-imcludes/