# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Aliases: bokbot, icedid # CERT-UA: UAC-0041 # Reference: https://otx.alienvault.com/pulse/5fb042c8c8bc52fd36438c9d # Reference: https://github.com/JR0driguezB/malware_configs/tree/master/IcedID arcadyflyff.com atlanimeday.com binncu.net camorata.com comeontrk.com csuwbru.net cupicratings.com daliyudin.net debonointl.net dorothyle.net expling.net firebbernank.net freegameshacks.net fzlajsf.net gordondeen.net jefchinloans.com joronda.com jumpsworks.com medicalciferol.com miraquebolsis.com nobleduty.com timmasanz.net tradequel.net wbgjds.net youaboard.com # Reference: https://blog.talosintelligence.com/2018/04/icedid-banking-trojan.html efoijowufjaowudawd.com # Reference: https://securityintelligence.com/new-banking-trojan-icedid-discovered-by-ibm-x-force-research/ lik0sa1.com nejokexulang.example.com payfinance.net # Reference: https://www.crowdstrike.com/blog/bokbots-man-in-the-browser-overview/ # Reference: https://otx.alienvault.com/pulse/5c99fb543acc7f5eb0e7e933 acquistic.space ambusted.space coultra.space exhausines.space exterine.space haractice.space hospirit.com overein.space parchick.space portened.space resurround.pw segregory.com stocracy.space stradition.space subsquire.com tybalties.com ugrigo.space waharactic.com yorubal.space # Reference: https://twitter.com/James_inthe_box/status/1110564181021908993 mathedro.com # Reference: https://blog.fox-it.com/2018/08/09/bokbot-the-rebirth-of-a-banker/ zonefb.com # Reference: https://twitter.com/malware_traffic/status/1123458651434434563 marakusta.at saudienter.pw # Reference: https://twitter.com/CapeSandbox/status/1123605348466741249 # Reference: https://cape.contextis.com/analysis/70719/ forsynanchyv.com hipponexunam.org # Reference: https://twitter.com/CapeSandbox/status/1121084063903821824 # Reference: https://cape.contextis.com/analysis/68966/ arguerns.top extenterms.top minental.top # Reference: https://twitter.com/malware_traffic/status/1136690489757974538 37.59.68.215:443 goodinzone.at mozambiquest.pw # Reference: https://twitter.com/James_inthe_box/status/1136950895986429954 albarthurst.pro hipponexunam.org # Reference: https://twitter.com/malware_traffic/status/1147303805115162624 germakhya.xyz # Reference: https://www.fortinet.com/blog/threat-research/icedid-malware-analysis-part-two.html albarthurst.pro carlsbadenomise.top chardiop.club ethracial.pw exchangests.xyz forsynanchyv.com goodinzone.at hipponexunam.org hydrylater.online mechangerous.space mozambiquest.pw parenessed.icu ransmittend.club saudienter.pw summerch.xyz wagenstead.xyz # Reference: https://twitter.com/takerk734/status/1135955547310632960 # Reference: https://app.any.run/tasks/13d6d9f9-7033-4ce7-9ad4-76591f15274c/ http://195.123.234.12 http://95.213.217.139 http://54.36.218.96 185.143.145.90:443 maidcafeyoyo.fun simbaooshi.space summerch.xyz wagenstead.xyz # Reference: https://twitter.com/James_inthe_box/status/1163512836930199552 # Reference: https://pastebin.com/rcwZmSu0 bumpsitting.pro diplomainter.pro duffered.pro existination.pro hahashow67.bit pitfields.pro # Reference: https://twitter.com/SoulRage6/status/1168171341998149637 casternsinc.com casternsblog.com # Reference: https://github.com/silence-is-best/c2db#icedid memphase.com # Reference: https://twitter.com/SoulRage6/status/1184141516534702081 # Reference: https://www.virustotal.com/gui/file/6f72987e323aa2d0a81c74e45851b62c1f415f703be20afb662748bc709f9361/detection # Reference: https://twitter.com/JasonMilletary/status/1184201998381522944 # Reference: https://pastebin.com/vnwHadJk # Reference: https://twitter.com/JasonMilletary/status/1190286207751733248 # Reference: https://pastebin.com/cz2HePMS amongolia.com bavariousltc.com bhagavana.com biorexis.top builtitute.com contrmved.com corposted.com coujtried.com demonike.com demonsoon.com dioneras.top eurobable.com founddhog.com honolfogy.com jjanuatu.com leonopic.top lionerat.top magnwnce.com mastroga.top memphase.com molinaro.top nopelrod.top pidronog.top piloresi.top presifered.com sacrecope.com semistor.top sheaffic.com sheaffic.net sheaffic.nl sheaffic.org tadpoleonilc.com tidesore.top wentinueqhcr.com whyeelong.com # Reference: https://twitter.com/OttoScav/status/1186356752406724609 gfthwards.net # Reference: https://twitter.com/JAMESWT_MHT/status/1187390560384049155 gfthwards.com gfthwards.eu piloresi.top presifered.com # Reference: https://twitter.com/wwp96/status/1189244489472319489 kbtseafood.com # Reference: https://twitter.com/malware_traffic/status/1190026665952497667 # Reference: https://www.virustotal.com/gui/ip-address/217.182.188.118/relations 217.182.188.118:443 demonsoon.com emperimen.com magnwnce.com moreogramlfgt.com orsement.net orsement.org resultiplrt.com # Reference: https://twitter.com/malware_traffic/status/1068570263732789248 govenian.host suprecien.host # Reference: https://twitter.com/malware_traffic/status/1068281897346838528 freshwallet.at labadegmc.com listmyfloor.com modelssohn.website # Reference: https://twitter.com/pollo290987/status/996471190221983746 3200bpm.com autozpolisy.pl tagamol.com # Reference: https://twitter.com/JR0driguezB/status/978937668921970688 # Reference: https://github.com/JR0driguezB/malware_configs/blob/master/IcedID/C2.txt arcadyflyff.com atlanimeday.com binncu.net camorata.com comeontrk.com csuwbru.net cupicratings.com daliyudin.net debonointl.net dorothyle.net expling.net firebbernank.net freegameshacks.net fzlajsf.net gordondeen.net jefchinloans.com joronda.com jumpsworks.com medicalciferol.com miraquebolsis.com nobleduty.com timmasanz.net tradequel.net wbgjds.net youaboard.com # Reference: https://twitter.com/Paladin3161/status/1156867967260303360 bumpsitting.pro heinless.pro mainly.pro # Reference: https://twitter.com/Paladin3161/status/1156632752260648960 diplomainter.pro existination.pro forsynanchyv.com stalitic.pro # Reference: https://twitter.com/JAMESWT_MHT/status/1194631881007910921 aginia.net aginia.top leonopic.top nopelrod.top sacrecope.com telected.xyz # Reference: https://twitter.com/stecar792/status/1194745611377135616 # Reference: https://pastebin.com/FhbU27vC # Reference: https://pastebin.com/if2VpJJg bhagavana.com eurobable.com leonopic.top lionerat.top memphase.com mirkolkdb.com mirkolkdb.eu mirkolkdb.net mirkolkdb.nl nopelrod.top pidronog.top sacrecope.com semistor.top tadpoleonilc.com telected.com telected.eu telected.in telected.net telected.nl telected.one telected.org telected.tel telected.top telected.xyz wentinueqhcr.com whyeelong.com # Reference: https://twitter.com/JasonMilletary/status/1177323562425815049 # Reference: https://pastebin.com/XF980VrW bhagavana.com biorexis.top centrash.com duffice.com eurobable.com fallium.com gioredoh.top kenoted.com leonopic.top lionerat.top mamerona.top mastroga.top memphase.com molinaro.top nopelrod.top pidronog.top samioner.top scatholics.com semistor.top tidesore.top uniresio.top vulcate.com # Reference: https://twitter.com/JasonMilletary/status/1176934514414759936 genepbisulphite.nl yavagumchewer.com # Reference: https://twitter.com/JasonMilletary/status/1174026442100940800 eonopic.top ionerat.top ioredoh.top mamerona.top olinaro.top samioner.top uniresio.top # Reference: https://www.f5.com/labs/articles/threat-intelligence/de-icing-icedid--decompression-and-decryption-methods-explained-? ygrenevresed.fun # Reference: https://twitter.com/CapeSandbox/status/1168607522795790337 # Reference: https://twitter.com/SoulRage6/status/1168171341998149637 casternsblog.com casternsclub.com casternsinc.com casternssite.com rankrns.com staterns.com webcasterns.com # Reference: https://twitter.com/JasonMilletary/status/1197209873294999553 # Reference: https://pastebin.com/964KsuMx bhagavana.com dioleg.top eurobable.com fioure.top goidiom.top guiertr.top hiolne.top leonopic.top lionerat.top memphase.com mirkolkdb.com mirkolkdb.eu mirkolkdb.net mirkolkdb.nl monerto.top nopelrod.top pidronog.top riopwe.top sacrecope.com semistor.top tadpoleonilc.com tierton.top tyuerse.top wentinueqhcr.com whyeelong.com ziones.top # Reference: https://twitter.com/JasonMilletary/status/1197541828402143233 37.48.83.137:80 37.48.83.137:443 # Reference: https://twitter.com/JasonMilletary/status/1197593565863518208 # Reference: https://app.any.run/tasks/30cb7b07-6cff-4ff0-88eb-e69c6d60397a/ berrydom.top # Reference: https://twitter.com/Kostastsale/status/1199604381751988225 # Reference: https://app.any.run/tasks/b3f60bc6-c821-4921-b4e4-221e32b2d7e7/ # Reference: https://app.any.run/tasks/6e5996c2-81b1-45ac-bdd0-3ec9517608ce/ astenitral.club desreona.top gerrredona.top nedisona.top # Reference: https://any.run/malware-trends/icedid (Note: as seen on 2019-12-04) dirosad.top jikolis.top monerto.top ziones.top tierton.top ddos.dnsnb8.net semistor.top guiertr.top tyuerse.top thuocnam.tk desreona.top nedireob.top gerrredona.top nameseorin.top # Reference: https://pastebin.com/ErESEBNy herrasei.top # Reference: https://twitter.com/killamjr/status/1203183444127354880 # Reference: https://www.virustotal.com/gui/domain/colonisfg.com/relations # Reference: https://www.virustotal.com/gui/file/5cfbcfac6faea9055f9c7bebc1974aac0ec445f4d08900100b5a3a389ec02610/detection colonisfg.com derilopa.top dezaredo.top gerontos.top netionax.top seniorex.top # Reference: https://twitter.com/luc4m/status/1204861411010207744 certifacto.com beaderza.top gertuko.top hiperdom.top modestog.top nonedore.top # Reference: https://twitter.com/malware_traffic/status/1208205022925860865 b99vxjju.com jlb81hdvernon.com v60yuuu1415.com # Reference: https://app.any.run/tasks/5e1ba7ba-4a11-44d0-a80b-ea188041fd76/ # Reference: https://pastebin.com/higQqzwD arkanacarszoom.pro arkanacarszoom.red arkanaways.pro arkanaways.red baberdon.top bavariousltc.com bavidopa.top beaderza.top berrydom.top bilopans.top biodeser.top bladisuka.red brekatrinado.red carensod.top certifacto.com colonisfg.com containerfirearms.com copiresd.top coridef.top cowspidzu.pro demandary.com desreona.top dioledoe.top dioleg.top dirosad.top elabortin.com exceptionalsanta.pro fanisder.top fidonau.top fioure.top foxitone.top geropil.top gertuko.top giretona.top golitope.top goredoma.top goresoin.top herdomo.top hiolne.top hiperdom.top hironmen.com hovernor.com jikolis.top kololokoip.red korendor.top kuskusnamnam.icu loperdon.top manyloaddss.red maredosa.top maxikolo.top modestog.top monerto.top moreogramlfgt.com muratinue.com nedisona.top newyeardocs.pro newyearfreaks.pro nikolopu.top nonedore.top owspidzu.pro piterdos.top redilok.top renaultarkana.pro renaultarkana.red resultiplrt.com riopwe.top rubonder.top santaclausdriver.red serkolo.top sionerde.top sisipiciliko.pro skachkiiloady.pro stata.link succine.com systemory.com thrushmore.com tierton.top transityfade.pro transityfade.top viderson.top vilokilofilo.pro viterex.top voperdom.top xyuvuugadali.info xyuvuugadali.pro ziones.top # Reference: https://pastebin.com/VniAbG5k ecowis.com exceptionalsanta.red fmjstorage.com happysantacows.red # Reference: https://twitter.com/SoulRage6/status/1215259274055704577 letsgotopluto.best plutomylove.monster plutoisaplanet.best plutomylove.monster plutusforpluto.best saveplutoplanet.xyz # Reference: https://twitter.com/JAMESWT_MHT/status/1215260222832463873 # Reference: https://app.any.run/tasks/47590dc6-e93a-49e9-b053-974230cf8d3c/ hillenincopenhagen.best willenhillen.xyz # Reference: https://app.any.run/tasks/36d30924-4064-4288-a4e3-bc3ea44bda3e/ venusplanet.best # Reference: https://twitter.com/JasonMilletary/status/1227975671282118657 # Reference: https://pastebin.com/kVWnJkaC 4success8.pro creativedevelopment.xyz developme.best fridgehealth.best geminichair.xyz imreherzog.xyz kinuplayer.info langlawer.pro nasafridge.xyz spacecable.best starofporn.xyz thefeelingsapple.xyz # Reference: https://twitter.com/Paladin3161/status/1228359000359501824 # Reference: https://pastebin.com/GUGbsQxE appleparkca.best bigbonmax.best firedoggy.xyz laroshelle.best stamptowns.best stsseriesdilemma.xyz # Reference: https://twitter.com/James_inthe_box/status/1228452446978002944 applethecompany.best bulbulmeni.best # Reference: https://app.any.run/tasks/e7fb661a-6968-4367-9cd4-2077419a702d/ jagerteam.top bibliophil.club happyhunters.pw bibliophil.pw # Reference: https://twitter.com/malware_traffic/status/1243645177245380610 # Reference: https://www.malware-traffic-analysis.net/2020/03/27/index.html # Reference: https://app.any.run/tasks/16c7bbfb-1c6a-40be-a625-bf8bc870354b # Reference: https://app.any.run/tasks/9f2e532c-24d9-42d5-9be2-7ce9a8920980 conceptinteriors.ae karantino.xyz pravizzillo.club projectfatty.club # Reference: https://sysopfb.github.io/malware,/icedid/2020/04/28/IcedIDs-updated-photoloader.html # Reference: https://app.any.run/tasks/d092cd7a-3e1c-479f-93e0-6494e464f44e/ hxxp://45.147.231.107 customscripts.us hinkaly.club karantino.xyz zajjizev.club # Reference: https://twitter.com/malware_traffic/status/1256297802948399104 ghefgekil.club obratapres.pw smallhole.club severeconditions.xyz # Reference: https://twitter.com/James_inthe_box/status/1257418677760282624 knockaddress.xyz # Reference: https://pastebin.com/vCfWusnR lokolojazz.club # Reference: https://twitter.com/SBousseaden/status/1258564579463921665 # Reference: https://app.any.run/tasks/c98c5585-ad28-4744-8156-476efa30674e/ turtlesfun.fun # Reference: https://twitter.com/James_inthe_box/status/1262856956613554176 connuwedro.xyz # Reference: https://bazaar.abuse.ch/sample/837f40c12fc476d81d0741da2ab0bc0ee5c9857fe9623f2dfa33fb9f9d20f6ce/ bividilli.xyz # Reference: https://app.any.run/tasks/6b57fda7-dd83-44c9-a8d0-3befecb7c4c6/ # Reference: https://bazaar.abuse.ch/sample/df0b5d6ca7ba81e22d98e1f4dafe4d222ce496c31299e4189d8d773d9b70d6ec # Reference: https://www.virustotal.com/gui/file/df0b5d6ca7ba81e22d98e1f4dafe4d222ce496c31299e4189d8d773d9b70d6ec/detection cryptocrio.pw cryptocrio.top # Reference: https://twitter.com/abuse_ch/status/1265989591628238848 3chickens.pw # Reference: https://pastebin.com/bUzE4Df6 fordthunderbirth.site gotofresno.xyz luxcarlegend.top nicebirththunder.cloud poloturtles.top robertogunez.xyz totheocean.pw # Reference: https://twitter.com/James_inthe_box/status/1268985862173257728 porkon3stuff.top # Reference: https://twitter.com/Artilllerie/status/1270013362194219008 makindra.xyz pohindra.best prostokilo.top # Reference: https://twitter.com/malware_traffic/status/1270158384738770951 trythisrandom.top ziddat.com/registration.doc # Reference: https://twitter.com/malware_traffic/status/1271588921168867329 musicapuntocero.com wloppyload.top # Reference: https://github.com/f0wl/deICEr/blob/master/README.md boldidiotruss.xyz nizaoplov.xyz 153ishak.best ilu21plane.xyz # Reference: https://blogs.juniper.net/en-us/threat-research/covid-19-and-fmla-campaigns-used-to-install-new-icedid-banking-malware # Reference: https://pastebin.com/Sz16iU57 2pillsofhunderts.pw 30miles.xyz 3chickens.pw 3glanzepages.top antivarevare.club antivarevare.pw bavadivaclub.club beradocolon.top bividilli.xyz bluekit.pw bonwes.bid bredretre.uno carpetkisa.xyz carztesla.xyz chumocarz.club citytrallbus.xyz colocarantino.xyz connuwedro.xyz cosacasa.top costacolonel.club costamustero.pw coucarachiz.top cozyappt.club crossbones.email cryptocrio.pw cryptocrio.top cucumberz99.club dayafterthe.xyz dezisenkor.club docccutime.xyz emergencytoolz.pw extraordinarycurc.club fekilopol.xyz feminization.xyz fidelliware.pw filacolonel.site filacolonel.xyz filteroggy.pw fishmak.pw flighfinder.xyz flightslots.online forwardnogi.pw fredoferodo.top frenchfries8.top fullplainefares.club gerenada.club ghefgekil.club gigakolors.club glassyradua.xyz goodcolonell.xyz goodservers.top groggypirogy.top herekeder.best hinkaly.club instarobotics.club karantino.xyz kassadesada.top knockaddress.xyz knockdomain.xyz loacorecoder.club lokolojazz.club menosmeno.best millogorillo.top nadalia.top northdestrickt.top oggytarakan.club oggythecoucca.xyz polymorphis.top pravizzillo.club pravizzillo.email presserdresser.best pyramide33.pw pythonfinder.top safebanktest.top seguridadcolonel.club sharedocar.xyz siffersniffer.best silkycow.pw smallhole.club stuffed8tomatoes.club svaerossi.pw testermeisterz.top tourdayly.top tryfreder.xyz trythisone2.best uxozhuki.pw vereseptem.pw vodkahater.xyz withoutemblems.top yahzdaje2.website zajjizev.club # Reference: https://twitter.com/ffforward/status/1275364648091557889 # Reference: https://app.any.run/tasks/f4945f71-1327-43d4-b948-326bcc730033/ khaliel.com/load/ loadthird.casa # Reference: https://twitter.com/abuse_ch/status/1275526243404972034 # Reference: https://bazaar.abuse.ch/sample/921138bc2b28d01a51e6673c6e61ba3237592d08875180e0b3749d8e47fdfd6d/ germana-arad.ro/tds.php redbrookconservatories.com/wp-content/themes/genesis/tds.php # Reference: https://twitter.com/abuse_ch/status/1278373790054076417 ldrbasketball.net # Reference: https://twitter.com/baberpervez2/status/1279177216249733120 lotusabloom.com # Reference: https://twitter.com/James_inthe_box/status/1282793500325498881 # Reference: https://app.any.run/tasks/0a4d263a-75d7-4e10-8129-4b260141ebcf/ neptuneloadz.casa # Reference: https://twitter.com/JAMESWT_MHT/status/1283450384061800453 # Reference: https://www.virustotal.com/gui/domain/ldrglobal.casa/relations # Reference: https://www.virustotal.com/gui/ip-address/104.248.62.43/relations ldrglobal.casa ldrgreecehome.casa # Reference: https://pastebin.com/raw/DZNj1XQ6 circleoccupy.best ldrtango.casa mramoritto.top # Reference: https://twitter.com/JAMESWT_MHT/status/1285210383557558273 # Reference: https://www.virustotal.com/gui/ip-address/157.230.17.102/relations loadberlin.casa loadprague.casa # Reference: https://www.virustotal.com/gui/file/502268717d5b2e7c70d800f09daaebb861d0c05baf66f96f698215107bcf82d3/detection # Reference: https://www.virustotal.com/gui/file/4794fc23f8b61badab67099a5f31ab20a1864a061fabd89d60695c5cefe2a29b/detection citytrallbus.xyz cluebullet.best conspiracylegal.xyz freekolobanga.top kolobanga.press mannycoder.top # Reference: https://twitter.com/malware_traffic/status/1285669899696775175 # Reference: https://www.virustotal.com/gui/ip-address/178.128.195.34/relations # Reference: https://www.virustotal.com/gui/ip-address/89.105.198.105/relations againstrocket.top androsandro.top blmfuck.best blmfuck.top changewinds.top fegmetozza.top helicopterstarted.top italyvenice.top newwildtuna.top overthewater.top plainlanded.top shopunderwater.top venicefood.best venicefood.top loaderprototype.casa # Reference: https://app.any.run/tasks/d52f66be-14f1-47fc-ad3b-77c89c0e2b77/ loadhnichar.co # Reference: https://pastebin.com/raw/bfTG05My # Reference: https://www.virustotal.com/gui/ip-address/194.5.249.122/relations betafrosner.best foztrotalphatester.xyz gigaholliver.top iskuliokilo.pw loadkanoe.casa passiopersio.top # Reference: https://pastebin.com/a5rqv7c7 ldrfoxtrot.casa ldrvals.casa loadproto.co # Reference: https://pastebin.com/NvzmauW1 ldrgopak.casa loadbudapest.casa # Reference: https://github.com/tsale/Kostas_Yara-Rules/blob/master/Malware/IcedID_loader.yar requiregreen.com # Reference: https://twitter.com/0bfusCat/status/1243213416837402624 monoplanebis.xyz # Reference: https://www.virustotal.com/gui/ip-address/95.174.65.224/relations banconchle.live blackbullhorns.pro blackcowlegs.best boldidiotruss.xyz bullhorns.xyz bullyhorn.xyz cargoship.top cargovan.top colocalzz.xyz daretohaveyours.xyz freeclubcargo.club freeshippingto.top hornybull.best landoffarming.xyz landstorages.best nizaoplov.xyz propanballoon.club propanballoon.pw propanballoon.top selectedship.top servantstat.best shalomgashish.best shalomisrael.xyz shalomshabatt.best shishashalom.pro sizhinpin.best spinnertrousers.best sportspotlandfarm.xyz trustedcommand.top venomnewsite.club verticalzz.pro # Reference: https://www.virustotal.com/gui/file/79723cbc2234e26aae3111b8c7b6711da68a46d01e5808598a1492e49c331f60/detection mexicanfoodinmiami.pro exceptionalsanta.pro happysantacows.red # Reference: https://twitter.com/0bfusCat/status/1209421391910645760 santaclausdriver.pro # Reference: https://twitter.com/0bfusCat/status/1059084917756301318 # Reference: https://www.virustotal.com/gui/file/199351acf7947ed415f6b4ed0049757fba0b0111aed1cfc20030efebe5af5005/detection alldo.club office365.bit specialnan.date # Reference: https://twitter.com/reecdeep/status/1290260109260595200 # Reference: https://app.any.run/tasks/dbf04eb6-35c7-4a8c-b311-67f6ffc1b54f/ ldrflippo.co # Reference: https://twitter.com/p5yb34m/status/1290408585273344001 # Reference: https://www.virustotal.com/gui/ip-address/134.209.191.228/relations # Reference: https://www.virustotal.com/gui/file/677fd9bc5ee34b4e171897fc07082a7fa14854d2f881cd62a23cb0c2181fa240/detection ldrneptuno.net loadagent.casa loaderclass3.casa # Reference: https://twitter.com/James_inthe_box/status/1290773214520434690 # Reference: https://tccontre.blogspot.com/2020/08/learning-from-iceid-loader-including.html # Reference: https://app.any.run/tasks/b4beb108-60c8-4ae5-8f7b-4f21ffa5da7a/ loadfreeman.casa # Reference: https://isc.sans.edu/forums/diary/TA551+Shathak+Word+docs+push+IcedID+Bokbot/26438/ # Reference: https://otx.alienvault.com/pulse/5f2d7028f25fbdc6daa1b016 # Reference: https://www.virustotal.com/gui/ip-address/94.100.18.58/relations 31goalsyaher.co atalantaclub.co juveperdhue.top leaderfreeder.co northkorisla.co qazyaquanauti.co # Reference: https://twitter.com/reecdeep/status/1292828204445696001 # Reference: https://app.any.run/tasks/59666532-c5e3-4080-9266-7812f337a104/ nothingtodo.co # Reference: https://twitter.com/p5yb34m/status/1292886770246225920 soldkorean.top # Reference: https://pastebin.com/raw/Ye7MrSqV # Reference: https://www.virustotal.com/gui/ip-address/45.66.250.145/relations debuggerhelper.top discsnooker.best felliohreffer.co jallioradio.co youmecube.top # Reference: https://twitter.com/0bfusCat/status/1293218539684401154 # Reference: https://www.virustotal.com/gui/ip-address/159.203.184.41/relations # Reference: https://www.virustotal.com/gui/file/d99c8340e0a0c65212465e36ea184e48b16136ccda77dcf2b2a0865b154f70c6/detection accentio.online boxeschannel.co dassentrio.top ulanudeo.online zalkipamat.top # Reference: https://twitter.com/reecdeep/status/1295399848569712642 # Reference: https://app.any.run/tasks/26ef48a4-c45b-48f3-8a63-c5b02f7467b4/ # Reference: https://www.virustotal.com/gui/ip-address/134.122.73.8/relations loadlisboa.casa loadofficer.casa # Reference: https://pastebin.com/raw/4tgby2qV # Reference: https://www.virustotal.com/gui/file/9ba8f41f73a563796c021dbe89d3bd9a8d3a2d0226425e43efc271536f5f376b/detection # Reference: https://www.virustotal.com/gui/ip-address/165.227.41.66/relations loadrome.directory crypnotes.co ghererrafleur.co helindraold.co hwakiraklir.top mahindranew.co staerfraer.co # Reference: https://twitter.com/reecdeep/status/1295727323052945411 # Reference: https://app.any.run/tasks/c33bd52b-f56e-486f-9b7f-55ac112e8554/ firstava.top fourthava.club secava.best # Reference: https://twitter.com/Unit42_Intel/status/1296500515065536515 # Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-08-18-TA551-IOCs-for-IcedID.txt apparatto.top babafirst.top babafourth.club cheapoilz.best mintrillion.club musorru.top rolifo23.top thirdava.cyou # Reference: https://twitter.com/reecdeep/status/1296809596351283200 # Reference: https://www.virustotal.com/gui/ip-address/138.197.137.215/relations ballsinluza.co ferhalirish.co ldralfa.casa ldrbeta.casa ldrcharlie.casa lifregal.co snookermaster.co spplohh.co trazzhres.best truckycustom.pw # Reference: https://twitter.com/reecdeep/status/1300432198135418880 # Reference: https://twitter.com/reecdeep/status/1301159068279746561 # Reference: https://app.any.run/tasks/f3c7a321-bead-4914-b780-bd9e1dca32a2/ # Reference: https://app.any.run/tasks/f312482a-bf13-4f05-ac58-9bf0a91ef132/ # Reference: https://www.virustotal.com/gui/ip-address/64.227.95.68/relations classified.best customrecustom.top deskofreserve.top dissdoorg.top explodevices.top huhunadekil.top ldrtugi.casa niggpigs.best piggyniga.pw programmelexc.club singleperson.pw terminpolg.top # Reference: https://www.virustotal.com/gui/file/2a9fe9fdc49ae22a691d027f721bab70a430136559b2207b528e905c390343f6/detection 195.69.187.86:443 93.189.149.176:443 ignorepairs.pro # Reference: https://pastebin.com/QSqT99xJ albarthurst.pro ambiguing.net anothese.xyz answerved.net bandstreat.pro berlingbowman.pro bugandonesis.club camishniacing.pw carlsbadenomise.top centrastroyer.club charactic.pro chardiop.club consequencycle.pw contempty.club demandymedes.xyz dorentmeofts.com egainvisit.pw ettestinbalt.com exchangests.xyz forsynanchyv.com germakhya.xyz goodinzone.at harbournal.club hipponexunam.org hornformance.pro hydrylater.online ichthererbob.org ignorepairs.pro importional.com maiowforecto.org massentern.pw mechangerous.space meiyardionsa.org minoriticipal.pw monkeyflowed.pro mozambiquest.pw murderinal.pro parenessed.icu ransmittend.club rolescene.xyz runethern.pro seconominist.com seeminism.pw stimateurs.club summerch.xyz talogue.pw teautotaillhurneg.org therlanding.xyz thracial.pw thussailled.pw tracroadsmendisan.org tradication.pw wagenstead.xyz writtee.pro # Reference: https://twitter.com/p5yb34m/status/1303408866483290112 # Reference: https://twitter.com/p5yb34m/status/1304108801860071424 # Reference: https://www.virustotal.com/gui/ip-address/194.113.34.92/relations eurisiuri.top kilogoncha.casa ldflipper.casa ldfolkland.casa ldklippers.casa loadbejing.casa loadgermy.casa loadlondon.casa loadnewjersey.casa loadperventin.casa loadseoul.casa loadxiniang.casa repofinlsnd.casa sleepymaxer.cyou vbikdemokk.casa vloppiloker.cyou zasudaproteet.casa # Reference: https://twitter.com/reecdeep/status/1304051067093692422 # Reference: https://twitter.com/reecdeep/status/1304071658521669632 # Reference: https://app.any.run/tasks/c0d6f2fb-ad34-4ce8-9a87-ee2c9ac94055/ # Reference: https://app.any.run/tasks/0db6cb2f-b477-4e8a-8b7e-a7911fcfc8f0/ # Reference: https://www.virustotal.com/gui/ip-address/159.65.137.90/relations # Reference: https://twitter.com/reecdeep/status/1305523915054354433 # Reference: https://app.any.run/tasks/2c48723a-6803-4f9d-a330-63d546408b9d/ 9dayscitadel.co biglosses.top ldleadflip.top ldrfatty.casa ldrglass.casa ldrplastic.casa loadbiofill.casa loadbooker.casa loadhooker.casa loadnavycomp.casa loadspanny.casa roofallkilo.co waysoflibis.best # Reference: https://www.virustotal.com/gui/ip-address/51.210.73.176/relations fikilederes.club ldjersey.casa ldrapollo.casa ldrglass.casa ldrinsertion.casa ldrpanel.casa ldrporollon.casa loaderooker.casa loadflooker.casa loadfrooker.casa loadgooker.casa loadsite2.casa loadsite4.casa pussiageorge.cyou starterdewakilo.best # Reference: https://pastebin.com/Z4kWrhSF 10hesadety.pw 85vumbut.best asnerkifa.cyou aspellino.cyou bcertyuo.cyou gastellino.top hurmaniut.cyou matrossinio.xyz povoliporillio.xyz zopenret.top # Reference: https://twitter.com/malware_traffic/status/1304507387957608450 # Reference: https://pastebin.com/bRT1y6rv # Reference: https://www.virustotal.com/gui/ip-address/68.183.47.194/relations # Reference: https://www.virustotal.com/gui/ip-address/164.90.153.241/relations budagent.cyou castrovillage.cyou daswerbworse.best delegatoz.xyz jheckler.top malgs.best patriwifecis.cyou saqerisation.best tatarovers.best tizersincluded.best # Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-09-14-TA551-IOCs-for-IcedID.txt # Reference: https://www.virustotal.com/gui/ip-address/134.122.55.164/relations 77hertykol.club 90nesokret.top astrafrodo.asia bcertyou.cyou bettercontact.co downdomino.click examoplerevo.pw ldrdropper.casa ldrpaperkoz.casa ldrpitcher.casa ldrruble.casa ldrshekel.casa ldrstar.casa ldruniverse.casa loadgo2.casa loadro3.casa loadwe4.casa trapotorio.best # Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-07-14-TA551-IOCs-for-IcedID.txt # Reference: https://www.virustotal.com/gui/ip-address/194.5.249.158/relations circleoccupy.best corporotto.top mramoritto.top papuanewguinew.club portivitto.top slizilinno.top # Reference: https://www.virustotal.com/gui/ip-address/45.153.240.223/relations loadwarsaw.casa # Reference: https://www.virustotal.com/gui/ip-address/79.141.171.183/relations allpikoloserdzwe.cyou gaagachelo.cyou obnaprimezert.cyou odnovoennbundes.cyou sipmptomsledy.top sprbumazna.club uragapediculez.top # Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-07-20-TA551-IOCs-for-IcedID.txt # Reference: https://www.virustotal.com/gui/ip-address/161.35.148.20/relations ldrplutos.casa loaderoverlord.casa # Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-07-31-TA551-IOCs-for-IcedID.txt # Reference: https://www.virustotal.com/gui/ip-address/165.22.120.138/relations ldrpolka.casa # Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-08-03-TA551-IOCs-for-IcedID.txt # Reference: https://www.virustotal.com/gui/ip-address/161.35.207.41/relations houssio45.co littlehomies.cyou radicaltreppo.co transferhouse.cyou twoloftscats.cyou # Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-08-14-TA551-IOCs-for-IcedID.txt # Reference: https://www.virustotal.com/gui/ip-address/89.105.198.114/relations atombody.best blholove.best blholove.co coverbeacon.top cutbroken.club lostinbush.best # Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-08-20-TA551-IOCs-for-IcedID.txt # Reference: https://www.virustotal.com/gui/ip-address/104.131.13.31/relations ldrfewa.casa ldrgeo.casa ldrnuri.casa ldrpopi.casa # Reference: https://www.virustotal.com/gui/ip-address/159.203.35.240/relations gugafirst.top gugasecond.cyou ldrfohill.casa womindo.co # Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-08-27-TA551-IOCs-for-IcedID.txt # Reference: https://www.virustotal.com/gui/ip-address/89.105.194.231/relations chinadedoing.best feretraidsouth.cyou musiciange.club pommiopeo.cyou rightsaqua.cyou # Reference: https://www.virustotal.com/gui/ip-address/128.199.121.86/relations balancesheets.pw destroyerspussan.top stryjerefer.buzz swedenstats.best tank50.top xixoloadr.casa # Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-08-28-TA551-IOCs-for-IcedID.txt # Reference: https://www.virustotal.com/gui/ip-address/67.205.166.105/relations dluizz.top ldrloki.casa nothingtodo.co shammunani.top situator.best sleepstops.club # Reference: https://www.virustotal.com/gui/ip-address/185.147.15.25/relations kajakracer.top sequoejak.club statuator.pw swedenstats.best withmar.club # Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-09-01-TA551-IOCs-for-IcedID.txt # Reference: https://www.virustotal.com/gui/ip-address/167.71.229.185/relations gigacouckarach.xyz ldrulmio.casa piggyniga.top # Reference: https://www.virustotal.com/gui/ip-address/159.89.226.226/relations dissdoorg.top explodevices.top trazzhres.top # Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-09-08-TA551-IOCs-for-IcedID.txt loudnavycomp.casa # Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-09-17-TA551-IOCs-for-IcedID.txt # Reference: https://www.virustotal.com/gui/ip-address/142.93.218.110/relations astedolo.asia ldrcantimo.casa ldrearth.casa ldrkrona.casa ldrmercury.casa ldrpanel.casa ldrpeso.casa ldrphound.casa ldrporollon.casa ldrspace.casa ldrsuede.casa ldrvenus.casa vragafraga.beer wertigohol.click # Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-09-21-TA551-IOCs-for-IcedID.txt # Reference: https://www.virustotal.com/gui/ip-address/134.122.101.157/relations 10hesadety.pw 85vumbut.best bcertyuo.cyou doremifasol.online likofedo.club # Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-09-23-TA551-IOCs-for-IcedID.txt # Reference: https://www.virustotal.com/gui/ip-address/206.81.11.50/relations andronicakopianz.top assfingerz.club droidattac.cyou geraldiconews.cyou spacerevodron.pw # Reference: https://www.virustotal.com/gui/ip-address/46.101.10.119/relations antologymaster.pw headtroller.pw lokopotio.pw smavellpolia.cyou # Reference: https://www.malware-traffic-analysis.net/2020/10/06/index.html # Reference: https://www.virustotal.com/gui/ip-address/161.35.111.71/detection # Reference: https://www.virustotal.com/gui/ip-address/91.235.116.132/relations # Reference: https://www.virustotal.com/gui/file/58708f4f20813442260ac0983ad6edb8666c4173606debef497d546bec2b1a2a/detection america2020.cyou donmekyrm.top figatrummpper.cyou fikilederes.club firstava.top flathommy.top holubicoklire.top huliosmall.cyou huntinglon.com islandfighters.top ldraccumuu.fit ldrautos.fit ldrcalifa.click ldreuro.casa ldrforce.click ldrjersey.beer ldrpeset.casa loadbmw.click loadgiga.click loadmercedes.beer loadpascal.asia loadwater.casa lobechess.cyou placestostart.club realparallel.top rufepuksuka.cyou sepneretyiu.cyou softcornerz47.top uzhokpidarok.cyou # Reference: https://twitter.com/malware_traffic/status/1313952618948030464 # Reference: https://pastebin.com/raw/Dv6edvut # Reference: https://www.virustotal.com/gui/ip-address/178.62.243.45/relations donmekrym.top grablihuiz.cyou holubicoklire.top obnulenush.cyou sepneretyiu.cyou # Reference: https://isc.sans.edu/diary/rss/26674 # Reference: https://www.virustotal.com/gui/ip-address/134.209.25.122/relations huntysmally.top jazzcity.top ldrdifference.casa ldrright.beer loadfelicio.fit loadmarcello.beer smalleryurta.club whiskeybravo.xyz # Reference: https://www.virustotal.com/gui/ip-address/143.110.176.28/relations minishtab.cyou novemberdejudge.cyou sryvplanrespublican.cyou suddekaster.best xoxofuck.cyou # Reference: https://www.virustotal.com/gui/ip-address/104.131.38.173/relations ldrengineer.casa ldrk50.casa sadawerty.link # Reference: https://twitter.com/malware_traffic/status/1317238281554317313 # Reference: https://www.malware-traffic-analysis.net/2020/10/16/index.html engisilo.best likoncar.cyou phauballistic.club skrepamulan.cyou weaponreich.pw # Reference: https://www.virustotal.com/gui/ip-address/206.189.179.174/relations japansoldat.asia kommyplete.cyou loadcuhel.beer loadhelico.asia rusoldat.click smallplaces.shop spaceprogramm.cloud spehanemzu.top zomboboxer.top # Reference: https://www.virustotal.com/gui/ip-address/46.101.0.125/relations americansoldat.link anklavartefact.cyou greerknees.top ideaofplet.club isolatedglobus.top kleeslikreff.top konzsered.best ldrleft.asia loadbombardier.beer loadcessna.asia loaddyna.fit loadnelliko.click ostiriozhio.top qapoloki.cyou seaforrest.asia startcapital.top vernerfonbraun.pw voairtaxetion.xyz wasserherehiller.club # Reference: https://www.virustotal.com/gui/ip-address/159.65.114.23/relations 8mopazuredolit.best couretplodaserq.cyou familyfromforrest.club fihokiliopo.pw filopipilo.top millogorillo.pw mishagrisha.top # Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-10-19-TA551-IOCs-for-IcedID.txt # Reference: https://www.virustotal.com/gui/ip-address/68.183.125.188/relations awemvngktyl.club cowsmilky.top defthebest.club entroerdogany.pw fishechi3.pw fourblaizers.xyz gigamazers.club isolatedglubus.top kolopoedre.best kracherregimme.pw luxcarlegend.club pizzaeaters.top posipako.top reraspomonob.cyou simpliefire.best touchification.pw # Reference: https://twitter.com/malware_traffic/status/1321211578113511425 # Reference: https://pastebin.com/raw/Szm0xFwr # Reference: https://www.virustotal.com/gui/ip-address/188.166.82.172/relations 34ortiz.pw bowlinglocombina.pw careerquaterb.pw dpvtrans.cyou finulipor.pw fodsijjire.cyou hdfouter.pw inforesuaremedown.club maseratipirosh.top mosquitollio.pw nesutrebbe.pw noviewnorussia.club rivercoockinh.cyou tsalkshower.cyou tyrek87.cyou wassilerepiom.top # Reference: https://twitter.com/58_158_177_102/status/1321583599485820928 # Reference: https://twitter.com/58_158_177_102/status/1323420403277033472 # Reference: https://app.any.run/tasks/4e842de4-2dee-4f8c-ab25-d52a0c7bc4c0/ # Reference: https://app.any.run/tasks/2bbc6d3e-f0ca-42cd-8cac-f3af5296eea5/ # Reference: https://app.any.run/tasks/dbc926f6-eb68-43af-9a55-bc307b781754/ # Reference: https://app.any.run/tasks/deebf118-abe7-4ea5-9e33-81bce557d426/ # Reference: https://app.any.run/tasks/f64b9924-6022-428e-a0d7-4bd8ed3a3f01/ # Reference: https://app.any.run/tasks/8beff69c-0c5c-4ea2-9205-8b7ca7ade6f7/ # Reference: https://www.virustotal.com/gui/ip-address/167.99.248.130/relations argentinocapuccho.cyou covercinemo.club detecvasquez.cyou hobburussye.top klopperflitter.cyou konzsered.best likrodetective.best loaddyna.fit loadhighertop.fit loadrescuerer.casa loadtwomoretimes.fit ostiriozhio.top papararazzi.cyou redicilious.online rekreations.cyou voairtaxetion.xyz zarubanonce.top # Reference: https://twitter.com/MBThreatIntel/status/1321963911365586944 # Reference: https://www.virustotal.com/gui/ip-address/188.166.103.231/relations # Reference: https://www.virustotal.com/gui/file/4d3c594e119e5137a2baafc1174d57b08f7b8bbd8e9116331abf8063837c0222/detection anthekarabach.top heredeire.xyz loadpillar.casa newbieshanna.pw vesaporedik.club zenit20112020.top # Reference: https://twitter.com/malware_traffic/status/1323766476541775874 # Reference: https://pastebin.com/kHXmMhQQ # Reference: https://www.virustotal.com/gui/ip-address/104.248.90.150/relations 0349ssss.cyou 3422jelle.best 9485pele.cyou blokaddio.top defeodallio.cyou grekilioliplane.best nawserty8.club pelefootball40.best quaddroporrte4.top rewetiolo.xyz # Reference: https://www.virustotal.com/gui/ip-address/46.101.7.77/relations # Reference: https://www.virustotal.com/gui/ip-address/157.245.106.220/relations alotthinlayers.best gridplates8.pw loadatlantic.fit loadhonda.asia loadricky.fit loadrover.beer loadsite2.casa # Reference: https://twitter.com/malware_traffic/status/1326680201208717315 # Reference: https://www.virustotal.com/gui/ip-address/143.110.191.95/relations 2018starnpz.cyou 2solovushka8.cyou aerofighters.co angarakolessi.top anyactions.best armanepozy.top armennewerria.top aslokodebillo.best astrapresa.top aswepori.club awelipo7.club awertyutilo.pw balkimraklire.cyou belowragi.pw beradocolon.top besoputinnioputa.cyou bigconsequences.top bomberfiller.cyou budaberlin44.top bulutuso.club casadekilo.best cderete.pw ckkpuliopo.best closeroads.cyou conretullio.best consistan.xyz coshmaputuxuylo.xyz dasikloti.club daysarecommitee.top ddekilocasa.top defencesystem.xyz defreind.best deliveryeating.best derivoclition.club dilibobiol.top dosyllitu.top durkapsycho.best eastzrada.club fcbarca.top fdelopoh.club federesursy.best fekoliture.cyou fellazillio.co ferekilocasa.pw findscrinder.pw firstpartmotor.cyou fodsijjire.cyou footbalgoalkeeper.club footballillemarcelle.best freekolobanga.top freemonter.top geliopeople.cyou gelipeterria.cyou gettokolo.club ghosternew.casa gigikilo.xyz gliokisser.best glovercasa.club goblinsdown.top goloploroto.best hdfouter.pw hilloritopo.club hongkonger.best hzlkfb.xyz jacksonwennik.pw jare4.pw jeteame.press jijikolo.uno kileder8.cyou klopoprigozh.best kolobanga.press ledasopiret.best lezasopedrill.cyou likercasserio.top likoncar.cyou malselsilo.pw maseratipirosh.top moldovsky.club moldovsky.top moneocurva.top motordotor.cyou multiplecities.co nekillosa.co nithingmore.top northvietnam.top nothingknown.co novoport16045.best nullnadum.cyou oldeney.xyz operswagner.club panrights.pw parrondon.xyz passsmennelio.top phauballistic.club pipulosha.cyou piska.win plainia.xyz polisyl.top postsovok.cyou prevampion.icu rankaraoh.xyz rasolpewsitr.club recidiver.best rerozvi.best reshitixa.cyou retainthecolour.co revorevonove.pw rurulukashi.pw sanoradad.club sillivilkous.top skisliz.club sositezaporebrik.top stilstol.pw stopfurusputo.cyou swerlillio.co tarabarov.online transmissons.pw trebletta.top trolliroses.cyou tyrek87.cyou ultimatulebe.cyou unodostres.top uppernapitki.club uralshuja.club velocarsderev.co vergilliostar.top vesaporedik.club villedasilpo.best visiondesicion.casa werikiloty.best whiterange.top winthebrit.pw zaborder.pw zedebobo.top # Reference: https://www.virustotal.com/gui/ip-address/198.211.99.24/relations 12demuslims.top aslokodebillo.best besoputinnioputa.cyou compactmuslimsdeport.pw experrementummo.pw jacksonwennik.pw nomoremigration.cyou timerdisclaimer.pw # Reference: https://twitter.com/58_158_177_102/status/1329591778635235328 # Reference: https://twitter.com/58_158_177_102/status/1329591782519177218 # Reference: https://app.any.run/tasks/9a6231ad-313a-4dff-a22a-e087f99edbb4/ # Reference: https://app.any.run/tasks/383862d8-66f5-4de9-b013-1d99f8bde04f/ # Reference: https://www.virustotal.com/gui/ip-address/143.110.185.84/relations deretter.club futuduramatios.best kamastos.cyou kennethinstitute.xyz lowbudget.top marinesnotarmy7.cyou rasolpewsitr.club suitecasecourt.cyou sweetporto.cyou zoperawekil8.top # Reference: https://twitter.com/reecdeep/status/1329761384842792961 # Reference: https://app.any.run/tasks/89819e81-b694-42d2-9cd1-fa0b8e6bd9c8/ # Reference: https://www.virustotal.com/gui/ip-address/159.89.6.165/relations 4tankers8.cyou aweragiprooslk.cyou formerglommer.best linedefragmentatiom.best psycotrest33.cyou revopilte3.club transferblog.top # Reference: https://twitter.com/malware_traffic/status/1329934246249697280 # Reference: https://www.malware-traffic-analysis.net/2020/11/20/index.html # Reference: https://www.virustotal.com/gui/ip-address/165.232.104.85/relations agrivcultureintegra.club coupper3.cyou desinforma.cyou emoposawe.cyou okrufedikol29.club plumbum44.cyou realisationdelimitation.top store4famly.xyz # Reference: https://www.virustotal.com/gui/ip-address/161.35.152.178/relations # Reference: https://www.virustotal.com/gui/file/26101626e9e57de6271161f6929922bdc46ba4c71a98161cebf4e3199b82e58d/detection bolopedasrty.club desatopillo.best klopperflitter.cyou m103tank.cyou minerdorf.top shermannlow.best /laband162/main.php # Reference: https://twitter.com/malware_traffic/status/1331259415022825473 # Reference: https://pastebin.com/BR3dZTNU # Reference: https://www.virustotal.com/gui/ip-address/68.183.54.143/relations 9seeallcars.best afromadness.club astroglippers.club billeriubin.club crypetecranch.best dawessigriggio.pw dnaislatoler.pw egedemaer.cyou fuckingkremlin.pw grabberputinoyd.best initiativeuntimed.cyou lawofthechanges.cyou noagreforisla.pw nonormsinsla.pw oligophreneoligarchi.club oxxoboats.top pochkapechenka.cyou proissvollio.club reraspomonob.cyou # Reference: https://www.virustotal.com/gui/ip-address/167.71.224.39/relations 0349ssss.cyou 100thdollars.cyou 1911drink.best 49vodysf.club 54asplane.top 9485pele.cyou aretulopetega.cloud asertuyo.pw asskniferd.best avilablehelp.top colombosuede.club colosssueded.top decorunbelieveble.best delokijio.pw desertpw.pw driverapmassive.pw durablad.shop evroparlamiko.cyou falsivikirigizy.pw fihokiliopo.pw fufuarmenja.xyz golddisco.top gromhitputi.cyou hotelindivire.cyou jajaelecto.club june85.cyou kniferbellir.cyou kultimulti.top laskiopowert56.club layerfatfek.club miamia.club millogorillo.pw mishagrisha.top netochstatic.club olloterponeik.pw pareomedeo.club pelefootball40.best propellerregis.top rarejawelleryz.cyou refakolun.best ruwedolki.pw selekilleque.best servepeolor.top shakerdrinker.top stubbornbilo.xyz supremecourt.cyou tatataryk.pw wasserwoman.top wertigoterrio.online wheelssp.top yorkykukri24.top # Reference: https://twitter.com/malware_traffic/status/1331720027188441088 # Reference: https://pastebin.com/raw/43E0C8w3 # Reference: https://www.virustotal.com/gui/ip-address/68.183.89.248/relations aslopoer45.cyou bonvemrt.cyou desloporty8.top ujkiol45.cyou vopilo49.best # Reference: https://www.virustotal.com/gui/ip-address/64.227.88.71/relations 21pointsframe.cyou acci54.cyou casaderassa.cyou defillionew.cyou fikolopore.cyou froplays.top winasession.cyou # Reference: https://www.virustotal.com/gui/ip-address/37.252.1.57/relations basebusebise.red bseballpro.pro countrylandlords.info geroiconnect.info kostafootball.info kostanards.red selefromeconnect.pro simpletransit.red successkali.red # Reference: https://www.virustotal.com/gui/file/e5f928160acd53a19b7de681b32b61fb36e1a7b13e9e8c1f3b5be66bc36496b3/detection embassyecuador.ca executiveteams.biz maelloussa.red malumaricky.info mekillomelloussa.info raeggyricky.pro # Reference: https://www.virustotal.com/gui/ip-address/188.127.227.76/relations arkanacarszoom.pro arkanacarszoom.red arkanaways.pro arkanaways.red bezzuhikali.info custommegane.info indianfoodinmiami.pro kalistands.info kasialinia.info koreanfoodinmiami.pro kostaboxing.pro kostacardsplayer.pro landiscloudlord.red landlordscloud.pro malayanfoodinmiami.pro meganrenaultforjoe.red mexicanfoodinmiami.pro renaultarkana.pro renaultarkana.red russianfoodinmiami.pro serejitykaty.pro sisipiciliko.pro thaifoodinmiami.pro # Reference: https://twitter.com/malware_traffic/status/1333485185841713157 # Reference: https://pastebin.com/x9iiCjGH # Reference: https://www.virustotal.com/gui/ip-address/167.71.138.137/relations # Reference: https://www.virustotal.com/gui/ip-address/185.135.82.225/detection 1952warrior.xyz 8mopazuredolit.best allthemeanings.top asderator.cyou azomorinno.best crysys70th.cyou fewboys.cyou folopotress.top heavytankmarines.best kamastos.cyou m41tank.best marinesnotarmy7.cyou middletankbattalion.club morenthechief.xyz oldaquafrsh.cyou outgrade.club rotapetek.cyou symplyfireteller.best t34tank.club tatarinanaboskuto.cyou woodenbruus.cyou # Reference: https://www.virustotal.com/gui/ip-address/206.189.56.140/relations 8andmack.cyou moviecastle.club philadelphiagirl.top rockercastle.best wendi4kcash.top # Reference: https://twitter.com/malware_traffic/status/1337471320339177475 # Reference: https://twitter.com/reecdeep/status/1337458646754729986 # Reference: https://app.any.run/tasks/6749761d-4922-4b3f-be99-609aae866aeb/ # Reference: https://app.any.run/tasks/95e1dda9-37a1-460e-9e46-e53d45194211/ # Reference: https://www.virustotal.com/gui/ip-address/188.166.88.45/relations 14katok.cyou aluditos.top awertino.xyz berringheavy.best cosmokosmo.best djordanobruno.best eastpomeranija.top energydefrost.top firstpetja.top fislatriller.best franciscointelle.club glicolikop.best holeretopolo.club kastrillobromwich.cyou killwaterkolonn.cyou lockdowngunni.club millipillio.best milliship.top modulbelongs.club neasdutr55.top neferetiti.top pedezrkken.xyz pilotflights.club portugalloindostan.top proorbital.best razunimorep.online retechnolodgy.top rpoznahu.top terpepillio.casa tsarabsolutely.top # Reference: https://www.virustotal.com/gui/ip-address/5.149.254.27/relations fiscalclub.top ottepel.biz reshailam.biz t3476.top vollhafer.top # Reference: https://www.virustotal.com/gui/ip-address/185.38.185.103/relations chainoftheapril.cyou localallcases.xyz lukapedrilla.cyou unproffesional.club xilophones.best # Reference: https://otx.alienvault.com/pulse/5fcf6bf143bf8362603727ec # Reference: https://www.virustotal.com/gui/ip-address/45.153.240.101/relations 80frontluzkher.xyz bruzilovv.top heavyselfartillery.best killicher.best kolotiloher.buzz # Reference: https://www.virustotal.com/gui/ip-address/139.59.101.19/relations aviaaero.pw likishino.pw missigloves.best orsibataan.pw phillifighters.cyou # Reference: https://www.malware-traffic-analysis.net/2020/12/11/index.html # Reference: https://www.virustotal.com/gui/ip-address/161.35.57.202/relations autohoffer.club dorogaway.best joelubber.shop marcingranio.cyou marzingranocny.top # Reference: https://twitter.com/infosecfu/status/1337486196193243137 # Reference: https://app.any.run/tasks/edf32891-5b39-4673-9a25-e575c14a5aac/ manusderci.top /weqre779/index.php # Reference: https://www.virustotal.com/gui/domain/romelonda.top/relations # Reference: https://www.virustotal.com/gui/file/68729a7f6faed84d68f85eeb04058d9f53271f30edc3c6585276e05f4f11ccaf/detection # Reference: https://www.virustotal.com/gui/file/b112abf8ea2013cf70b5e32f0ac30a9aa938ddb3d3e3a71403afbb94a6a52ba5/detection romelonda.top /koreto937/index.php # Reference: https://www.virustotal.com/gui/ip-address/178.62.242.234/relations 16centurys.cyou balanseer.top dastoperasder.cyou duellolineup.top fulofutobrille.top newfleet.best oldesttrjapka.cyou oldmanner.cyou portoweapon.club rusishipbuilder.cyou # Reference: https://twitter.com/infosecfu/status/1339238803475718147 perosink.top zapachastillo.best /kolpe100/index.php /kolpe100/main.php # Reference: https://www.virustotal.com/gui/ip-address/178.62.217.217/relations 10thevoliko.best cameraoshkosh.cyou heweruty.club loadaroma.casa vesaporedik.club # Reference: https://www.virustotal.com/gui/ip-address/188.166.126.25/relations chinadopiller.cyou defliportor.cyou dewallerion.club januarydiscoverry.cyou premierre.cyou satiscropertio.cyou tajkillo.best worldofcdor.best # Reference: https://www.virustotal.com/gui/ip-address/91.235.116.134/relations # Reference: https://www.virustotal.com/gui/file/69d0511d19b40f86ccc004a5172b9b1d0978dbd2cba47800f0e690a0a9a074e5/detection addyourplanet.pw balticgrindex.top balticpagesyellow.best balticpagesyellow.top baltpeople.top besitxavier.best bestspacer.pw buygrindex.top habanadash.top hispanuredesk.pw mermateria.cyou moonwalkerz.pw morganholes.cyou nazifestivo.best vellifilliok.best vermaxt.top vilnusgrindex.best vilnusgrindex.top williher.buzz # Reference: https://www.virustotal.com/gui/ip-address/146.0.72.170/relations 20yearsofhappy.top 2posutiu.top 3rasstrium.top 4closium.top balticpagesyellow.best balticpagesyellow.top britford.top bundesplumber.pw chinalapsha.top comherehlopp.best deactivationlima.pw dereferederefrost.pw finderway.pw firebrighter.club fitterglitter.best flightrewards.best floppysyncty.best forfillo.top gigakiloframe.club grrjeibneder.top hidethetrooper.top historyfireclose.online ididallthis.best kremlinpidar.pw lokihiliilo.pw patrium5.top physicaldissapear.xyz pilafirefighter.top qwebrester.club seattingiron.club seculitura.top severade.casa sittingbytes.pw sittingbytes.top smokebreather.best sportunism.xyz tastition.icu teoreticaldanger.pw thesisted.icu thoughout.icu thyrstypup.best topolanger.best tyreprize.best uxanlabchina.top wassaby.cyou weneedmiracle.club # Reference: https://www.virustotal.com/gui/ip-address/185.156.172.55/relations alforitn.pw asertigo.best asrehillo.best delkiolllo.club ferejillo.top inonumax.pw planeplan.top removember.icu zarinnader.pw # Reference: https://www.virustotal.com/gui/ip-address/188.119.149.77/relations bluebook.pw caserelation.top demondedemon.cyou deretopol.top dogawaydered.top flipperauto.top followthemusic.top glasssmoothest.best gokaserilo.pw hallfinaleuro.cyou helopoderurban.pw hillitrumper.cyou inocontacts.top istredestre.cyou kylerdog.cyou makeallbetter.top march44redflag.top maynotneed.top molliksawer.cyou okliogiokol.online proig748vybo.cyou rezultatexit.best rossafloor.top servethe.cyou shiopwarrior.club udarrihroup.top uneslokutaz.top unofighter.top voiliwerty.best wakeupearly.club # Reference: https://www.virustotal.com/gui/ip-address/134.209.182.58/relations bloadypupper.best puppybloder.pw # Reference: https://www.virustotal.com/gui/ip-address/161.35.10.43/relations brillianto.pw dramboldorritto.top goulittioma.top onixxyto.top postifitto.top # Reference: https://www.virustotal.com/gui/ip-address/68.183.147.106/relations balticgrindex.best filomante.top grafomante.top grepotufe.top homelandjapan.top hreopofreopo.top japanmiduej.top judgessur.top myxel.best myxel.top pyxel.pw pyxel.top rigagrindex.club rigagrindex.top sedorozza.top wedikolitures.top weliomanter.best weliomanter.top # Reference: https://www.virustotal.com/gui/ip-address/165.22.27.128/relations neffritto.top # Reference: https://www.virustotal.com/gui/ip-address/159.65.117.225/relations 48greedstrocks.best 60stepsofhonor.club andropsoshyls.top asformeded.best chinamania.cyou controllerdoppler.club countrysinger.club crespofootball.best disgerdefer.club dominotopper.top draggerbreather.top flemmingyogan.top icehockeyplayer.best loadcaramboll.top loadpool.top loadsnooker.top lovemesong.cyou minutemanner.cyou neverminded.club playedwilliams.cyou plockerdocker.top prokladvpsder.cyou protorilla.best rebuilder.cyou respondishot.cyou shotofframe.top # Reference: https://www.virustotal.com/gui/ip-address/194.5.249.156/relations boatergrip.top carduirtitor.top equipmentkess.top felixheater.top footlegger.cyou gigafilliopot.pw gilotriatior.top halfkilo.uno hereandnow.uno heroimonroy.xyz kissavorob.best klopolopo.co kompozitt.club lagunaway.top miracleisnearby.pw mostuiretitor.top planeplan.pw planoftheplane.best pullhimoutrightnow.top rebondianer.top responsekesson.top shitdownout.top sorryworry.pw spacefutures.club tangodelfuma.club tangodelfuma.top thurstygrep.club vosshodo.best watercityv.top williher.buzz # Reference: https://www.virustotal.com/gui/ip-address/194.113.34.203/relations 45hlopokk.cyou 75meterspenny.best agreemanrajon.top analogrostter.cyou asnuternou.top aspertilo.pw astrogonk.top bennansouth.best boltwinelter.top caloporedeiuy.top chinaamer.co closeddoors.pw confliccto.cyou coopergordon.top dasaewqaz.pw destroycruiser.cyou dewardsdom.top doprorayny.best efficientsys.cyou eishtoss.best ekipueqe.best englishjill.top factoryoccupied.pw faloppoitu.best fifthorange.uno fluckservlet.cyou gasopenuty.cyou grabberuno.top greattemple.cyou greedyserver.cyou gregoryhaskey.top harderpytok.cyou headcaliber.top hillerfloppy.best hongcontrol.best hrenuevo.top huilojilo.pw instadomain.top integrproject.pw internalchanges.cyou kinginoffrance.best kirewefere.club kissmobo8.top krachemore.cyou lieinthecourt.xyz litiernode.cyou longnerrion.cyou lunat.top mihabrexa.top newskrefake.top niiloporef.top notoseeing.top oppponaval.pw plantstopped.top politicosite.top quantummilio.cyou racerasismus.website rumeokilobravo.top saintplaces.top sellehopolo.cyou semiofficial.pw shepperdhlino.top shopunderwater.club sincotul.top socialexpert.top startluna.club strangekidnapping.cyou stratergoicour.club threefili.cyou tuksvata.cyou whiteclub.uno zipperpocket.cyou # Reference: https://www.virustotal.com/gui/ip-address/128.199.46.99/relations 250krmilvod.xyz dnatamdere.top filopipilo.top kravynolu.cyou lostciviliz.top mustangleverage.top nikushotomo.cyou reerwheels.top singlepizza.club vladygoofy.top # Reference: https://www.virustotal.com/gui/ip-address/209.97.178.88/relations 344povja.cyou docotorre.pw ecodeberzew.best eurospirtus.pw kilokubok.best klopwedir.pw longprjob.xyz modellomatematico.pw novemberpanda.pw profitdolores.cyou shmellioretry.pw spiritusprom.cyou stationoxxy.club valueimporto.xyz # Reference: https://www.virustotal.com/gui/ip-address/68.183.92.152/relations damagedhelicopter.top destrickthelio.top niggazilla.best niggazilla.top vtaplanes.top # Reference: https://www.virustotal.com/gui/ip-address/64.227.48.220/relations 2001williams.best defreabral.top ldfranny.top ldnails.casa ldrsitting.casa ldwikita.casa loadgranny.top loadhorit.casa olleggiomuch.cyou pollogreffi.cyou sewellia.top # Reference: https://www.virustotal.com/gui/ip-address/194.5.249.201/relations 100ranhut.casa 12herruio.cyou areadati.site assficioklo.cyou dewellerfive.top grabberderekilo.cyou hulioferere.cyou hunlokiol.best koliokilio.cyou lukapidarillo.club oppokandida88.top paratraxer.cyou poloplayerrin.cyou poreadse.cyou qafewillian.cyou qwellerz.cyou redavenue.pw redstreet.pw rewrite.best selicawand.cyou susiporo.top utochkafes.cyou vemenadra.cyou vilnovlada.top wasalerfourth.top wenjalutto.cyou # Reference: https://www.virustotal.com/gui/ip-address/142.93.192.37/relations carantinium.top jaredetiuo.top kaiffero.top kvazideruptura.top rfparasha.top # Reference: https://www.virustotal.com/gui/ip-address/128.199.1.118/relations docktorthird.top rooferfirst.top troopersecond.top # Reference: https://www.virustotal.com/gui/ip-address/161.35.15.124/relations 1208272020.club daswerty.uno folokihuradio.top gibbelspidar.top kloppertrainer.top niochem.cyou patokolsti.cyou pechedesilla.top pooltrap.cyou rebuild.best redraw.best saliopok.cyou sdarrinutulopo.club suxirakili.top tesfrentu.club tixoluka.top # Reference: https://www.virustotal.com/gui/ip-address/178.62.41.69/relations asdeliocarlo.uno australiatrible.best australiatrible.top bremenmusician.best chinatrible.best chinatrible.top genry50years.top motorscollege.top racerflawer.top racinghills.top # Reference: https://www.virustotal.com/gui/ip-address/161.35.29.30/relations killerturbo.top # Reference: https://www.virustotal.com/gui/ip-address/5.39.222.254/relations antiquepariss.top fresnoviews.top # Reference: https://www.virustotal.com/gui/ip-address/45.66.250.104/relations fortunefish.best millitower.co ollorett.cyou pzawert.best sillimotor.co # Reference: https://www.virustotal.com/gui/ip-address/194.113.34.204/relations centralliniom.best dictatnotwin.cyou idolszillo.club inrinterest.cyou mountlunnar.top naryty.top nylonwhell.xyz pillermarket.club steelmoker.xyz suverenguardia.pw varetoukolit.club wheelformforsu.top # Reference: https://www.virustotal.com/gui/ip-address/45.66.250.247/relations # Reference: https://www.virustotal.com/gui/file/41d94230aaaff4d4b14233efaf0f106bff0519ac0c5420bf46d3210c33cb3e27/detection # Reference: https://www.virustotal.com/gui/file/644ce7b8b00378237f12523c452bd0177390d43dc392bf6f679e49dfcfb4338f/detection glostercrabs.top placeishidden.best speedyarmyjp.top tunahunters.top westportmorsby.best # Reference: https://www.virustotal.com/gui/ip-address/94.100.18.53/relations placeishidden.top # Reference: https://www.virustotal.com/gui/ip-address/194.187.249.152/relations allthereal.top # Reference: https://www.virustotal.com/gui/ip-address/45.147.230.95/relations applewrangler.club asberperger.cyou aswerger.club awerymotor.co cucumberproto.cyou dedalikar.club devidedsnooze.co fasseipolot.cyou fillerdriver.co fillerwinner.best fishofgloster.pw fleightfreight.best fourgoun.co freebilliard.best gegeluza.xyz gigamonkey.top greatwheelsdiscs.cyou hillerfderec.best howwescottish.co hrefferlikol.cyou inetcable.top jeepwrangler.cyou joasoosda.club kliolkiol.best klursson.best linkerstar.top lookatamerica.best momentaljeep.cyou newwheels.cyou newxrocket.top ninetiten.club qalufrikili.cyou saderillo.best sinaloacity.top thaiplant.cyou towermotor.co wilverhampton.club # Reference: https://www.virustotal.com/gui/ip-address/194.113.34.116/relations 10steps.top 12spended.cyou 23dfuere.top allthehole.pw asdpergerz.top asthenesosto.top autofiller.top awerymotor.co beloviator.top boatliker.top daserwerty.top defulliopo.xyz dewastradio.top diktator.cyou druidzero.pw formulapilot.top forrestserviceusa.top frelossko.top halfpastsix.pw hnjkiloer4.xyz holopourer.cyou infoillario.icu klioterrify.top klosafelli.top lightshot.pw messiliving.top mullioflavio.best nextflight.top popondeou.top prodo22exrad.top quietcountry.cyou rarealience.uno rezinrubber.cyou seatgreews.top ser88protu.cyou show39prit.top trusteepilot.pw warriordos.top warrioruno.top # Reference: https://www.virustotal.com/gui/ip-address/159.65.146.96/relations gerermotor.best kilomotorr.cyou messagehistory.pw samadviga.cyou sederevillio.top # Reference: https://www.virustotal.com/gui/ip-address/185.245.84.144/relations dancegirlls.top hlipolioklass.top oldformer.top # Reference: https://www.virustotal.com/gui/ip-address/167.71.73.106/relations doctryna.xyz ekxortsisto.best gabushev.top kilmentostar.best netutto.best # Reference: https://www.virustotal.com/gui/ip-address/159.203.30.45/relations swibstoca.xyz # Reference: https://www.virustotal.com/gui/ip-address/45.66.250.110/relations avadevatop.top balkonnydiva.top fansboysband.club flagmanduty.top gerefaller.top goodperiod.top goodplay.top hulioflagger.club hummondgrande.co icebreakerz.best klarksonfresh.best nicedays.pw parrapper.top parratropper.top pilliows.top reactionspeed.club warriortres.top willigilli.top wordsayd.co # Reference: https://www.virustotal.com/gui/ip-address/79.110.52.195/relations bitemouzert.cyou readerchater.top vasellifred.best warending.top # Reference: https://www.virustotal.com/gui/ip-address/37.120.222.46/relations artificialterminal.club deltaoilprice.stream enterprizealco.top oiltechno.top qwelloprice.best symplerincomes.cyou teacherfat.top tightende.cyou traxxer.xyz tresfighter.top valusepromo.cyou wazzaruti.top # Reference: https://www.virustotal.com/gui/ip-address/206.189.140.201/relations 10yonkitchen.cyou 20yearshotel.best asperhotels.cyou berendik.top billionhorob.pw bishkekeskul.online bounapartismo.xyz butunkyrgyzston.pw chillichemodan.xyz degradationrus.pw ebanutyechina.best favouriteho.cyou furggonn.cyou gorokrysa.club grabbelinno.top gripperboat.best kukarachaluka.cyou maskborts.club muxxikoma.pw plitsupperboin.top rivertrier.top roofmaplejeep.co sterevjatnikko.top tarakanoluka.top waterzlynulo.cyou zenithrequired.best # Reference: https://www.virustotal.com/gui/ip-address/165.232.110.48/relations chinatrades.best mufootreve.top # Reference: https://www.virustotal.com/gui/ip-address/159.89.18.27/relations # Reference: https://www.virustotal.com/gui/file/8d12f1e1265315d45481a955155f56a3c35a229adf35105bf730a495cfa1332b/detection nomoreislamy.xyz parisbarbara.top ramzanahmat.cyou # Reference: https://www.virustotal.com/gui/ip-address/159.89.27.147/relations 2020jaccky.shop cybersecurito.pw highestscream.pw icercream.pw kremlinvorona.pw linvorodana.cyou razadrava.pw vaccicybertheft.pw # Reference: https://www.virustotal.com/gui/ip-address/194.113.34.94/relations kazluxraritet.club # Reference: https://www.virustotal.com/gui/ip-address/188.166.120.59/relations apatiaredopia.cyou artsteerlingwheel.top astahastalavista.cyou decracoffe.best konchitaebuchka.top kumurazh.pw littyfahren.club lookatnice.top middleposition.cyou nazamoskaotp.xyz tenpounds.top wheelsreels.best workerspickuper.club # Reference: https://otx.alienvault.com/pulse/602911fab6ba07fc0d8b1a70 # Reference: https://www.virustotal.com/gui/ip-address/206.189.161.224/relations # Reference: https://www.virustotal.com/gui/file/8c5c92e1545b49d6d45c4f14a5414f437f94d1fe628fc656df9154386955f23d/detection azarewetete.best honoluluo.club lawernios9248.top masfiatto.best redession.cyou # Reference: https://twitter.com/MrsYisWhy/status/1360499999415689216 austriarch.xyz gigagregory.xyz urgentyattention.cyou # Reference: https://otx.alienvault.com/pulse/602fa970591aa64fed643c2c # Reference: https://www.virustotal.com/gui/file/69efa5acfe8ee79871251f01a779e9f1b8458983fce9a32c4b032836f4b947da/detection willizoo.website # Reference: https://www.virustotal.com/gui/ip-address/159.203.116.96/relations # Reference: https://www.virustotal.com/gui/ip-address/167.99.187.112/relations derrickolop.online gomotorcycles.site kraseipolo.space zaxhasshira.uno # Reference: https://www.virustotal.com/gui/ip-address/64.227.119.213/relations artilleryin.online bowepripos.uno caliberunity.club kastellira3.space pexxota.space shrapnell.space snproti.cyou timerework.fun # Reference: https://www.virustotal.com/gui/ip-address/206.189.10.247/relations berxion9.online chinavillage.uno deregojikulo.uno emanielepolikutuo1.website gommadrilla.space oskolko.uno prolomstenn.fun # Reference: https://twitter.com/malware_traffic/status/1364999361902469127 14yeara.fun georrohero3.space livekossa.fun positionpererost.space pulemashinegun.online # Reference: https://github.com/pan-unit42/tweets/blob/master/2021-03-01-IcedID-IOCs.txt # Reference: https://www.virustotal.com/gui/ip-address/159.203.6.195/detection awerityubfer.club cleantheplace.top reworktopper.top wellernaft.top # Reference: https://otx.alienvault.com/pulse/603f7b7498567421ddbc2ca0 whisperingstar.com # Reference: https://twitter.com/reecdeep/status/1369357573686779905 # Reference: https://app.any.run/tasks/ab0acd15-b09d-4ff2-bf88-a1e55c7d4f76/ # Reference: https://www.virustotal.com/gui/ip-address/143.198.2.53/relations 22bogotacapoital.online 2tomorrowcaholo.fun 44glovesmoliuy.uno errehra.club faeswerderioytt4.fun gioloporazirt.uno newandnewers.website ponchilizza9.website serpedfiler.uno warcorrective.online zcqqdur.uno # Reference: https://twitter.com/ps66uk/status/1370026963604099081 # Reference: https://tria.ge/210311-k6mbf6fwna # Reference: https://www.virustotal.com/gui/ip-address/143.198.25.214/relations apouvtios2.uno awefoplou5.site chajkovsky.space daserwewlollipop.club dastemodaste.fun emanielepolikutuo1.website klicjop9.fun ohbluebennihill.website seconwowa.cyou violonchelistto.space zomonedu3.website # Reference: https://twitter.com/p5yb34m/status/1370091615918776320 # Reference: https://www.virustotal.com/gui/ip-address/164.90.143.105/relations barmaafmaodd.space fedlopesazillo9.site kitchenbiggy.best klicka2.online laworzbuio77.space # Reference: https://www.virustotal.com/gui/ip-address/165.227.28.47/relations agitopinaholop.uno dedupomoshi.space iporumuski.fun twotoiletsr.space # Reference: https://www.virustotal.com/gui/ip-address/178.128.243.14/relations 217roteben.online 320glazhuk.fun 529pqexirvy.uno 630mordorebiter.website 723salikoper.site 801cvcaller.online apoxiolazio55.space asforthemines99.uno awefoplou5.site calldivorce.fun fekiop3.space fiollofiorro.uno gaubizza.cyou georoworro5.website georrohero3.space hiolop4.fun oceanwaterfree34.xyz shuttlesojuzo2.space turkairlonomelette.space zomonedu3.website # Reference: https://www.virustotal.com/gui/ip-address/167.99.212.207/relations bulktrumpbun.top capittolijar.cyou epitete435.cyou jailedtrump.club prioriteteinsider.top # Reference: https://www.virustotal.com/gui/ip-address/139.59.168.175/relations 520horsepower.top allhealthis.top antibioticoroto.club asianpacificregion.cyou chassche.top eventheren.club kikanefiga.space klikaclicker.website solovjevo.uno tifferoi.top vovocolo.cyou vozloteolot.space wallagolla.cyou wasserduster.website weatherbaddyly.website westerrossa.website # Reference: https://www.virustotal.com/gui/ip-address/138.68.52.94/relations alltheout.space asperragirro.top awerinosillo.website bethehere9.site childparafer.space countryhero.site dadavipoliop.site deprivemeer.space derrickolop.online fredtrampovich.site gomotorcycles.site goodywelli.uno gsalliperioptol.online hodokiblacky.uno kraseipolo.space limergreek.cyou loporewendia.website mastercalmarro.club middeterraniendishes.cyou nighterdevu.website noknowfish.fun poertico.website rajoplaca.top rossija.online somythoghi.club speakingfrog.uno teherani.uno urkourga.online vendingwendigo.xyz willizoo.website zaxhasshira.uno # Reference: https://twitter.com/reecdeep/status/1371794991614398466 33nachoscocso.website # Reference: https://twitter.com/peterkruse/status/1371806755756335107 berxion9.online cikawemoret34.space emanielepolikutuo1.website gommadrilla.space prolomstenn.fun # Reference: https://twitter.com/reecdeep/status/1372511120502759424 # Reference: https://app.any.run/tasks/d46b7411-f9ec-4fd0-ac24-bc9424a5671e/ 188criolaserz.space # Reference: https://www.virustotal.com/gui/file/7b0290fdb87e425a869defb681c5fbbed330a000c0cdb6e8c9c52b0e8b1b5492/detection lightopridum2.website # Reference: https://twitter.com/reecdeep/status/1374295280309444610 vodostocksstand.uno # Reference: https://www.virustotal.com/gui/ip-address/138.197.197.35/relations 0384smaturned.uno 34trully.xyz 439tzxtixrex.space aimmnight.website alotderedreamhome.fun biigkrodivza.fun earthdirespao.website goodsnara.space inowaserr.top nenepepe.pro otreincomsal.space polopemoskow.xyz rakovinnae.website zawemofu4.website # Reference: https://www.virustotal.com/gui/ip-address/167.172.240.248/relations 40yrjobberz.space 912caporers.fun azorropulseee.fun biigkrodivza.fun descruppted8.xyz dodoflightvogel.xyz feaser2347.club fivetonnbobavia.uno islanddeazorro.top longarmhighsta.xyz missimokotov.space opuhuilo3.uno perfeck42.uno perplace8234.space pozharra.space skolziko.uno stoikoplot.xyz tvorartificialnature.xyz vodostocksstand.uno willhouseforus.top # Reference: https://www.virustotal.com/gui/ip-address/207.154.234.212/relations # Reference: https://www.virustotal.com/gui/file/7b0290fdb87e425a869defb681c5fbbed330a000c0cdb6e8c9c52b0e8b1b5492/detection allthemilliplastini.space # Reference: https://www.virustotal.com/gui/ip-address/165.227.219.125/relations aplowzerrio.club friendfrondo.uno twocookiess.website zopewifeisda.uno # Reference: https://thedfirreport.com/2021/03/29/sodinokibi-aka-revil-ransomware/ # Reference: https://otx.alienvault.com/pulse/60620612447fce2d8297e899 cloudmetric.online nomovee.website smalleststores.com # Reference: https://www.virustotal.com/gui/ip-address/161.35.109.168/relations aspergerr.top kneelklil.uno newstationcosmo8.space # Reference: https://www.virustotal.com/gui/ip-address/159.203.6.250/relations blindpilotr.xyz starorienta.uno usaaforced.fun wordstream12.tk # Reference: https://twitter.com/teamcymru_S2/status/1380233063238602768 # Reference: https://www.virustotal.com/gui/ip-address/159.89.146.79/relations andninediugh.space bronntanko.top dellikodebillo.uno japanrusso.uno laugvnipha.club livekossa.fun minotransporter.biz navessystrel.club neprijaki.space nester.website orudjuioplik.top plaskikali.space polkopushka.cyou positionpererost.space pulemashinegun.online skorossoter.biz strelkopolk.cyou thoughzine.website yukrepoderevo.biz # Reference: https://twitter.com/teamcymru_S2/status/1380233063238602768 # Reference: https://www.virustotal.com/gui/ip-address/165.22.216.113/relations 22percentcatholic.top 23greems.best 2solovushka8.cyou 35monthmy.top 49spartantroll.top 88trooper.top 8whitehizhi.best 9judgessupreme.top abutilo.pw adeserekilo.best affalyaffala.press allarmenlos.pw angarakolessi.top asqerty.cyou asuterklot.cyou aswepori.club aviacoverage.best awerrigechess.top awertyutilo.pw awseredet.top ayzerwin.club balkimraklire.cyou bellebekeriver.pw benderlive.club besoputinnioputa.cyou beuatyhill.pw botobotopod.cyou boxeschannel.co bychulukboto.top casalifter3.best casaverde.top cassiopea.pw cassiopeaplanet.top castingsvillage.cloud cderete.pw classifiedz.best clownstopper.top colonelbiden.top cosilituchi.club costacolonel.club creatortopdog.co cresserok.pw dalobecu.xyz dancerplancer.co dasterfroster.shop daysarecommitee.top ddiesells.xyz deactivate.best definitor.co delicatomano.cyou deputilop.best desinfect.pw detkazatka.top dowhatiwant.top ecolonized.xyz ekxortsisto.best enterbezzu.pw eterasies.best euroledre.top fastcolonel.top fediko.xyz financesromma.club finnikulus.xyz fivefili.xyz fivejudgescatholic.cyou flawioretta.club fodsijjire.cyou footerloe.pw fraunas.xyz fretocasa.club froretta.top fukingdron.xyz goblinsdown.top gobotoplobot.top golichi.best golo5309va.cyou googmusi.cyou granittishal.pw grazioballet.pw grewekillopol.best gsusand.xyz guesspredat.cyou helopotucasa.top herience.xyz highplane.club hiiiet.cloud historyz.top hloporotokilo.best horisonship.cyou howitsmade.club hreglikoli.cyou immobilli.co insuedebright.pw ironcontra.cyou italyshopping.best jacksonwennik.pw jijigolo.best jpjapan88.pw kekukurux.top kidssovoll.pw kilmentostar.best kilokiolthree.top kisslolo.shop klioporeder.club kodjakskoda.club lawepofib.cyou levede80rus.pw lifeshopping.pw lokolikolo.top luckygoal.co lukabotol.cyou menmengogo.shop meropivedo.xyz millistore.online motorrrewun.co mrevitocration.best nafrewsa.club netutto.best newbokadoors.pw newtonmaster.xyz noconnection.cyou oilcheaper.top oppogloppo.cyou palattinograbber.top patriaheretria.best peresillo.club podvaloknowunder.top politukilo.top powelrio.best putinium.pw qawerutto.best quantumtime.cyou refuelingspace.best regionrus.xyz renovationclub.club reshalaraxan.club resonanse.cyou reuniondowding.best salliokory.best sank99.pw santiselli.club setivody400.best shmylvaro.pw speedfire.top terrifitotrible.top timetopython.club towercomission.club traglamat.cyou tresgrabber.club trillions.cyou tuttogowillings.best twofili.best tyrek87.cyou ulanudeo.online underwaters.top velessioauto.top vesselmaker.co vvpprocentum.top warmachine.cyou wasent.cyou wassermanika.top watchrights.pw watermellowen.top werightcars.best xaserviolbotopob.cyou zalopiterkiff.pw zaporedik.xyz zassterpolli.pw # Reference: https://twitter.com/teamcymru_S2/status/1380233063238602768 # Reference: https://www.virustotal.com/gui/ip-address/167.99.189.26/relations albanallahacrab.club almostthere.uno askzaderopol.top astroperger.uno aweritynmer.club bawepotru.club chiperwhittness.cyou daskolermasha.club debillotrussion.best dewellop.top erdoorproble.cyou gerekillo.fit haloporetopor.club korytothealien.top masskwearing.cyou newwashitropl.uno notimenodead.cyou padishahmurrka.best pollter.uno psaderinki.top ratatuiler.club reloadgreece.cyou resbulling.pw retaziloper.top shnake.top spyter.top strwemmillion.casa takilerito.best ultimatuum.cyou uragusexgre.club # Reference: https://www.virustotal.com/gui/ip-address/206.189.147.24/relations 2weekslockdowd.website asweullio.xyz cjgsggo.cloud domankiy2.uno grenademetto.uno hedoilir1.website smartinsights21.cf # Reference: https://www.virustotal.com/gui/ip-address/83.97.20.176/relations ameripermanentno.website chajkovsky.space daserwewlollipop.club mazzappa.fun odichaly.space ohbluebennihill.website seconwowa.cyou vaccnavalcod.website violonchelistto.space # Reference: https://www.virustotal.com/gui/ip-address/104.131.53.120/relations celocsoptico.uno provokordino.space samostoja3.space # Reference: https://github.com/pan-unit42/tweets/blob/master/2021-04-12-IcedID-IOCs.txt # Reference: https://www.virustotal.com/gui/ip-address/83.97.20.176/relations ameripermanentno.website banusdona.top chajkovsky.space daserwewlollipop.club mazzappa.fun momenturede.fun odichaly.space ohbluebennihill.website seconwowa.cyou vaccnavalcod.website violonchelistto.space # Reference: https://twitter.com/malware_traffic/status/1382868770486513665 # Reference: https://twitter.com/malware_traffic/status/1382869298809475073 185.92.73.147:8080 # Reference: https://www.malware-traffic-analysis.net/2021/04/23/index.html stereozek.top # Reference: https://www.virustotal.com/gui/ip-address/167.99.163.235/relations classicfucup.top hidethisfact.top rangstatepol.top ultimarulle.top # Reference: https://www.virustotal.com/gui/file/18be9d0088dcf0f1ebb1f070927fe1ba07d3c5d1275d99f54459c2a51f70c18b/detection federallissimus.casa # Reference: https://otx.alienvault.com/pulse/603dd3d59d4aa6f57829577e 023943.top 107pushh.fun 10thousandop.website 122milli.site 152fugasso.online 18minutes.xyz 200pounds29.top 213podellkk.website 234tvgro.space 234willkids.uno 23rinninz.space 24savetonnofmaoney.xyz 2toserextended.space 30bisdestroyer.club 3204usexport.club 34tankdetank.website 39gefrost.cyou 400orudi33.cyou 60profit.website 68criuser.top 760maur.top 89shmurufo.pw 90stepsklick.site aborigencredit.xyz actorz.site adinaporter.uno aerospacefleet.uno afdeserutil32.website agrippinio.website aircoverage.cyou alkoshaffer.space allmywill.pw aloki20sottka.uno alterdepressio.uno alvaspace.cyou amnewzel.cyou androgender.xyz anewknowwhere.website antimatercrymea.top aperdioret.top aposlwarlir.club areakilia.best aristinmonsitin.uno armahelper87.xyz armyguerro.top artesystemsssr.club artiellerhow.space ascjntukzv.buzz asertinofase.top asewter.site asforthema.xyz asquireter.uno asredetollo.space asreterharet.top assinogrissino.website asterhalogabry.website astraracertlip.cyou attacjollup.top aviatechholding.uno azarrdovertikal.top azertuioploe.top bejingexporto.space benzeemo.pw beregoaerodro.uno bestcamalla.space bloshiryn.cyou brewed.space brian.koinrobo.com bridgershina.uno buriooursqa.ml buydeslone.work camillodeprillo.top capitoli.club cardinalfirstwar.site catchallmoments.pw chernen.space chertsheat.top classicfucup.top classikwarrattempt.uno coallitsia.uno cognakcola.fun collonnellter.club contreliteaction.cyou cosidervariants.pw cserdas.club dasfilkoler.fun daskurilla.pw dasserenity.space dastinhoklomann.pw deblacker.best demorespurde.space destroyerattacker.xyz detachingbolt.pw dictorecovery.cyou diggadance.top diswurede.top doktrinalli.club dolasendoever.host dolchegubanni.fun dostostrelko.space dromdron.cyou easterpolletr.top eeshraplen.club elcamzigod.fun erdoganno.top escalateduttu.space eurostabiller.top evenedopolligo.host everyonemustbe.pw exitaports.website expertulthima.club exsprezzo.top eyhodtvbm.cloud fallelected.casa fantasmagory.club fasterforrest.site federallissimus.casa fellinimover.xyz firstsentenceliberal.top flagchipdase.top forkftriosilly.space forwardstrickt.website fredekiltyresder.uno frontierpilots.club fsikiolker.uno fullhamon.pw gaaga923.website gabry4saver.website geasgeolander.fun getallopeerk3.host getoutofcontroll.xyz gimnodopingo.space gladdisfliop.xyz googdykey.bond gopoloto8.best grandeprunto.casa greedert56.cyou greenpeoplokhoma.fun grizzionedaser.xyz guteyahgewish.website heavyoildevelop2.fun hedpolifiko.fun hellernotureik.space helpiscomming.cyou hesolkiol.top hidethisfact.top hitthuracellio.uno hoeruruuki.space holkaxlopot.space hommyfloppy.best hondurasto.fun house34vegas.uno howergooverz.uno hubannedillih.top ideology8cum.top idiomaflopper.website importantoteme.uno italianongrata.website jasvamaheolop.website jilliokedr.space josseliender.website jrburnit.website juikole2.club justiceminister.best justinreich.net kawepotriv.space kdbploxokrocks.uno kedlopzawutu.uno kilkolper.space killofrillio.space kimyfrenotsure.uno kinderz.online kledoapkd.website klintonkiagered.top kolochaidomo.website konstrolo.top kontoshare.top kosmolitopor.space krasskipaint.cyou kripotopliv.website krizgorod.website kuazavia.space laloflanerry.website lapoedjkeo.top lazioperdovo.space lightbombers.uno lissikopopo.fun listofounishments.xyz littledeselect.club littleflager.uno littleshitthu.space littliwoerdete.xyz lkiokilogartes.uno lopokedraito.xyz mazaksaedr23.space mealspleasures.xyz mechaniclaphet.biz medicinotero.website melatallhugoboss.space mhb877.top middle20.cyou monno29lizzo.space moohammeddu9.club moschner.top moskomosto.top mtownkrut.top nadovodokora.top nanologicinfo.cyou nazio9033.cyou nedalskdsert.website nedopuumerra.fun needforslower.uno netmoscito2.uno newzolind.cyou nikakuraguio.xyz noblackwhiter.fun nobohlboudy.website nomassbo.cyou nomorefails.pw noscream.club novoloserto.fun numerroipolo.space obaitrumbama.website obldedistrickt.fun occupiedcherchill.website oktavius34flo.website olavrochki.uno oppenheimerrizo.top oprorra.best orrigatrade.club orrypansion.top oxythuler.cyou pasegroup.website pasqualle.top petelbomber.xyz pidasnowerneever.top pisdidsukkin.uno planesdifferent.club plannodoxho.xyz plashkadertop.space polevalight.space politycodess.uno pollibatter.best poloniumqueen.pw porkaporckuy.uno porthole.top premwendegardem.top productionvolume.online prohibition34gazza.website provokewhyder.top publicoaddio.club putixuloy.website quantisranti.xyz quantuulim.uno qwerylebedlake.uno rangstatepol.top rasterniomno.space readyformerambassa0.uno repodepositt.top repostsubscrypt.club reweretquanto.space rfeveefo.fun roesuwelt.top romanstores4.best rudellaito.fun rudolphtheoeln.club rusubberserve.club ruswashi2.uno sachinsahel.club sadammanopore.cyou sadertweller.club sadervbenitere.fun sakiloirania.fun salvadrillo.club samedime.pw sanankiti44.website sanctionshere2.xyz sattelitekrebljad.top secondpilots.space sedakloid.top sellygloper34.uno shadeheada9.space shaxtugel.fun shelbyflannery.space shturmann.space silliorop.top silloflippo.casa sligslishki.top snaruzho.website solsnaker.xyz sophiak.site sosistopililo.top soufredevous.host soviwashirouse.uno stallipoverr.xyz strannopopolo88.website submarineubot.xyz superhaskey.best suttepromi.top suttohowmake.top swiftreloadert.xyz tankoavis.cyou tasyateles.club teaboxes.pw teacupshotter.space technicallanallythizz.top terrikonfere.cyou thousakilor.top thulleultinn.club timedeveloper.website train348.fun trefferwasted.top trend100series.website tridentscaeder.uno tromboastrashield.space truffelpodomain.website tuashoutting.website turneedarroundedd.website twotimercvac.uno ubotmarinerz.top uglevodorodo.top ugolkuzjaspace.website ulevvinterop.top ultimarulle.top unilievercity.uno urramoskower.top usser234dopper.space vaclicinni.xyz velospok.xyz veryatlasglanz.best voighteltinlee.uno wallerik.xyz warmpoller.top warniweder.space wasserwaster.xyz wasszerkeater.website whyfoyouneedthis.cyou xiolodiogo.club yeahnowneede.website zagrotypressure.fun zaheadd.cyou zakharymiddi.fun zakkider2.website zapatiryesa.fun zapokorrdo.fun zapolitudoporetu.website zaprosso.cyou zarathabnkgiv.club zaseflopir.website zeleydoby9.fun zenithartillery.top zhirafatty.host zlokichinn.space # Reference: https://www.virustotal.com/gui/ip-address/83.97.20.126/relations # Reference: https://www.virustotal.com/gui/file/585229377732e8e8b26e4a4ea5ea805b5f6a655de5dd45d6a6ef821f2211a6c3/detection ferrelosaakolo.top icouldmakeyoubelieve.top jikkiaderwa.top makeyoubelieve.top refolloprello.top zasertiokil.top # Reference: https://www.virustotal.com/gui/ip-address/194.5.249.85/relations barcafokliresd.top desagreelokilo.top desazasilkor.top dsedertyhuiokle.top zasertolofolom.top # Reference: https://www.virustotal.com/gui/ip-address/83.97.20.254/relations defliressisto.top luppotuppo.top weighteroperter.top zasatava.top # Reference: https://twitter.com/malware_traffic/status/1390061477739048964 # Reference: https://www.virustotal.com/gui/ip-address/139.60.161.89/relations bestdecision.agency redetillu.casa rojjoness.digital sporticyber.bid # Reference: https://github.com/pan-unit42/tweets/blob/master/2021-05-10-IOCs-for-TA551-pushing-IcedID.txt # Reference: https://www.virustotal.com/gui/ip-address/194.5.249.103/relations dupperawergo.top # Reference: https://twitter.com/TheDFIRReport/status/1392443465540280322 38.135.122.194:8080 # Reference: https://www.virustotal.com/gui/ip-address/194.5.249.86/relations elligoes.top everysil.uno tukituchiundo.uno # Reference: https://www.virustotal.com/gui/ip-address/194.5.249.87/relations asisas.site buklaka.top cheptovgon.top dronoplon.site formenalina.top frealinamov.top gepuzeum.club kisekyusn.club letakyanm.club lotototok.top moretok.top # Reference: https://www.virustotal.com/gui/ip-address/194.5.249.97/relations fimlubindu.xyz fungitomik.buzz hillerfolding.fun lorrobrama.digital nostroporto.casa # Reference: https://www.virustotal.com/gui/ip-address/194.5.249.81/relations 2tothepollo.top allnezokila.cyou daserekolut.top scupiol.top # Reference: https://www.virustotal.com/gui/ip-address/194.5.249.72/relations chispublic.cyou emotilnal.top fresder34.top gorrodorro.top servizibancari.website # Reference: https://www.virustotal.com/gui/ip-address/185.33.85.35/relations fimlubindu.club fimlubindu.top kilodaser4.fit tournamento3.online # Reference: https://twitter.com/malware_traffic/status/1395110158292893698 mexidorna.top # Reference: https://otx.alienvault.com/pulse/60ac3ca5c7a4a34cd42f2c2b oonnewretrieve.top aspotube8.top delorevo54.cyou 73burned.xyz glibberklised.cyou referezhu.cyou aziretedefertyu.space fourthwireblue.top saloporitili.uno davethecat.club hihitressikol.xyz mentokiller.top 2timesperhour.cyou rentedhouses.top milanotopallo.website junkkers.cyou excellent.pw 60kilobig.top waserutlo.best dudefromme.pw regardlessnotice.top antropometrics2.best hreffpoz.uno pasquelle.pw negrotheanima.top beslopred8.best bleepingtrolling.pw decarrige.top airtopolos.best ferrolikosy.best beedinthecorner.cyou chaseltd.top detopobot.best tranmigrust.club trueisouthere.top qazzy44.top stairparliament.xyz glioclio.top colleagues.space dailyselections.space conretullio.top namalnu.cyou demofuisla.top shampaolir.club lsiuprz.club duckdiliogio.pw mazsertoph.site blackermagickl.online casablancos.top titannicus.club quadrogorrila.casa worsterrio.cyou zapahzhivot.best quatrograbber.best skodacar.top ludebiliomosso.cyou ds349onmo.online 1800whyskey.club jikoloridoro.online gleeserfer.fun radioosobble.top zasityre.fun politicopaper.cyou worknigger.best testthehalf.top tellernefer.cyou zoorezerg.pw muslerafootball.best burningkuzja.xyz beavare.top wegoingforward.top falalalala.online nexttimeflopper.top vyoturehik.top dowblegroup.top paserilloterrra.top berrowernew.casa ins34devicci.top marsbasecolonisation.cyou oplotyholly.top embassyatt.co blomdiranus.top lysterpad.top blastserriout.space yozafmail.xyz bulkikachalki.xyz ishigishili.top horseswood.best winrarzip.top ereferokiro.club jillio55tibet.cyou thetrainz2.fun heffertopper.best holdzakreppo.best konnokaraconfli.club hamdurget.cyou enemyplanes.cyou crprotoper.best buygassa.cyou maseratti.co greatlongitude.top ezopolanguage.club ope99wah.top kontextkassa.xyz radarinformation.club bluewhiteblue.top sparkasse.icu fillercasser.top smallerfilterr.pw asezmbot.pw aswqazxjf854.uno freeactivities.pw aszaertiolki.top sadwqseria.cyou awsedc8.cyou neverfewer.top britishsuddoku.best herecasa.top mousefinger.best soldierplays.uno centristovogel.cyou illioredesazerro.top cozyfrozzy.club futterrr04.top pacificoceanposi.cyou xerrrload03.top tanksprunks.co mdpoter02.top cheeferichai.top feleciagelicia.best tigerslysanka.shop 12wandera.space gigicasa.top politicosifilli.pw 2kiljiondo.cyou deliioppoe.site daseratioklippa.cyou washercarefull.best cryingru.top asitrepo45.best asforkaterz.club refiouthg.uno responsedolo.cyou bilbobulbinz.cyou casfer.space agriartificial.cyou 90volizmu.pw tribleafgany.pw pundikalo.top tourtogreexce.space firstcovo.pw tyrefolo.cyou 20athenanight.space specihero.top kasernium.top encredibleluck.top lightcost.top xzcvcvxvxcvxfx.top bundeswear.club ledikopaswer.cyou linkorwship.top aspergillio.top feder5ru.club futterrr06.top plizzerino.best freshdelivered.club pakistanytrible.top niduaej.co hueabattle.co foreversuccess.cyou lyfterzambija.cyou kunalamala.site lokkinkolins.cyou listentoljah.xyz futterrr07.top divisionjungle.top xerrrload09.top su25parasha.cyou dasweruoutl.best sistersbrothers.top possipilotmission.top pushtutrible.top passacorarocket.cyou nifrittilo.pw reloadagun.top brenttheoil.top horrortravel.best rozathetroll.pw kalldereprostudo.top slobrewelo.pw glisserpolot.club ballelisa.icu 400prettyboy.best hireowe.cyou marcelle2020.top populationrivals.best tyvasolo.club hdedkilo.top avitalion.online opareomfre.best virtyvaldauj.club fertiggbox.co tunyhouser.cyou deflaggedteam.cyou gelevandren.cyou greenwhite.top russalino.cyou hokkerhurricane.xyz aslillefc.cyou aswerillio.top aswenedo.space ererdivisia8.uno walirede.top asgokillpro.pw bigmotordetax.cyou xoxolillia.xyz xerrrload02.top polterheist.xyz 1timeperminute.top clackson.club sissioferrigo.cyou webhosting.club xexxds01.top goodbeach.top spingland.top formgotobig.top ameritrainer.cyou daweci9.uno pickuprtvi.cyou evtoporojk.top postyu200.best univmaryland.co zalupafedor.cyou orelresh.cyou opusdeiorden.cyou pidortelling.cyou mlokiolopo.top sleepyputani.top klanamistress.best fasederro.site moriiikk04.top sneguriko.cyou retaerdoig.club greenflopper.best huyprofitarmane.best stvoller.casa thruthicer.best follerring.best 23ktradell.club biggarderoub.cyou fedenio.best dranyjvatnik.cyou bottlefresko.top deactivate.pw saygoodbauy.cyou tribleafgany.top wastedfekol34.club softlanding.top selfitrigger.top nffiiload06.top ifitislovenosad.cyou kagozeltabs.xyz thirdfeder.top fereoplo.club xrt10devi.top qassertolik.top texasfresnos.top boughtscreezy.space 37squ75tho.casa 11hearallsongs.cyou deklafimonum.top cereberetour.club noisladominate.cyou gulliverro.top felpojdhf8980.cyou quadrattokolo.club agraminam.club azoperfdeoti85.xyz 2kilowestern.club exisulfur.icu kukkriop.cyou babinos.space quantumoftupik.xyz landingforced.co hythereandhere.top asplikottor1.best flagoncitadel.co backtothegrey.co christmasdealz.space azpergerlio.best heretanky34.top fmourtarito.best otherpartofpazl.top kloppertripper59.cyou weakreal.top 09lawersz.club lakirjen8.xyz dirtyfloppy.cyou welleater.best spartap.cyou businessrutuom.cyou lasdomain.xyz awerypidary.top test.xyz bomminollio.co servepoint.space delportio.top pozzidlio.top ajdzoovgjg.cloud intimerjoel.top 10meterscamping.best androginner.cyou agencyiono.uno solidstreamer.top slavernigger.club ocordero.site intensemisha.cyou karamarabach.best aquesetu.top grettaconfetta.top kengurutrible.top thirdbiggest.xyz selfresponcible8.club azeryforza.cyou fucknigro.cyou hilioherta.top ahalfilomius.top zilliporilli.cyou loadamerican.top oilrereder.top leverlights.top orangeisgreen.top klioperillo.top drugston.icu anotherone.space ameriplatoons.co clubbyterry.top gooseloft.club dastermordaster8.site declinesuites.top yammupiro.top newwest.uno lonelover.best wastefropp5.top santafranta.top azerasupra5.cyou virulinnafre.pw kilohardtostop.pw greedyfopolo.best totalitariusto.top kderetillopo.online 81batallion.top klopirtop.best femaleremale.top zappazappos.top delimanotrousers.best jamaguchi.top 128germanni.cyou pasparadise.cyou peoplewasserwar.casa jiko455.club wassermannshop.club geroees.club zaswerlito.top rokonalo.cyou villewerro.co segamega.top 20bottledvine.top restpost8.cloud 7metersforcamping.best firsterchisel.cyou allayzerawill.pw 45prinilop.xyz 27armybester.best amehistonew.cyou kjndawjdaw.xyz monomonster.top delemano.online dedakolon.club dekkiliop10.cyou 69cicopainterconti.cyou hypergroup.best lopotilliout.top bantustan.club likofeaswe.club 3gelepowagenokilio.online bubudegert.best ater78.cyou roscosblows.top pohindra.online heavyfalkonz.top hoistory.club wlissywater.top asqwertigo.club ploasdemvnty3.top hybridrerere.space gioretta.best mokkaleriol45.cyou konto.top garrbidge.club eveningstarz.top sawerememo.top lastsallways.cyou 200senthomemuslims.cyou havalebba.cyou midaero.space pfizer.space zatulinzalupin.pw newkolobanga.press defilliporeit.xyz chandleshi.top vinchanger.xyz funuionals.best twogrands200.club democrajikorespo.best moveforward8.top sedolawep.top wasserquasser.best turkeylokiol.pw auctibox.club zyjbohhmza.club noacceptable.best despedollig.top awekiretlon.cyou 3boardeux.best southattac.co zhiganno.best severewinter.co leprasson.space longlowbus.top politifision.top dollarsotke.website hockeymanshajba.club uppervolta.cyou asterioidglowo.club zovniokovpoxo.club felliniferro.club dronarmanni.top streetbattles.xyz fewdozenspeople.pw millionworkers.top eurochrysty.cyou defenceshift.pw fusbalspieler.best prostokilo.club germankjil.shop aezakmiv52.top christmasgiftstore.space austration.icu aderneillio.online understandingtroll.cyou floisthere.club srvgame.top muughpickt.xyz spectacoers.online ihcyryx.cyou playerchess.cyou helokido.top thaimumbai.cyou counterwinn.space naturolinf.top nffiiload08.top oneinamillion.cyou chacagrabsterston.top loadpilotfly.top greatdefbritain.top asertypolo.cyou zastepolity.cyou belovedbygod.cyou anerdtut.website amrmaninaxuy.best gorpokryshka.club redislocated.top outtvmarquise.club scoutedevirro.space perfectland.icu keepacod.space zahopaloterra.cyou zambeziklop.top differentcountries.top visitgeece.space klomperklimpon.fun aswerellipol.top webbio.best dlopesazillop.fun seduced.top arahiss.top rumunumoldo.casa voldovan.top puxuloblows.top fedretiol.space minibillino.top piterkoller.cyou panduspending.uno lookupup.uno avi.top snakesofausrtalia.top 3498gladdios.top dkilipoaswer.top muvludturki.top islapoliliders.best revoluelectionusa.cyou ninxuxu.top meinkontopcypal.top wifigrederlow.top gekiloger43.best forwardmoving.xyz revoerdoganno.pw ploreniutre3.best feloporo.top delicioustresh.cyou neccessarywires.top agropereprawwo.best allways.cyou nffiiload04.top macphillipo.pw wesselfront77.club cwertoposler.cyou zhirikpizdobollish.cyou gogopizduny.cyou supportayzer.shop masigokret.cyou fevizionn.best vpngood.best overzicht.top mazafakkura.club ceosin.space nffiiload02.top australianpenguin.pw loveandflowers.pw divautop038.cyou negroexplu.club rusiputipidrilo.best belodebilo.pw stoptheplanet.co shenderovka.top aspirinustrollus.top onpixel.site psgparis.best sauartillery.club march42.pw tradplatgo.xyz ameriplanes.co bratvrututy.top storegijoe.best alcobottle.best gladysshow.cyou writingmessage.fun ihrearbeit.top firevilliowok.best dasterholler.cyou dastinumnan.cyou batterygazzi.club beerpubs.xyz ecoproggy.club franceswedenres.cyou grandefirmio.cyou gigakolobanga.press kilokanistro.uno munomudillo.top whitelifesmatt.top dohrepollitu.top newgooddream.top 45broqngray.cyou brightsunny.best ilikedeskerlino.club oligophrenejan.top bonussokilo.online pickuppzz.best gravitazillio.co poorbritain.best 2394rabbo.cyou sderlopoilli.top noprospective.club 11calikarotelo.fun budnisjopper.cyou reramolo.cyou watergoingiz.top monolablanic.top seemslightpor.club mlkieu.xyz # Reference: https://www.virustotal.com/gui/ip-address/91.193.19.170/relations girongasokli.top malkomaricsad.top timeculfing.top # Reference: https://www.virustotal.com/gui/ip-address/165.232.185.3/relations clusterzhima.live # Reference: https://www.virustotal.com/gui/ip-address/152.89.247.60/relations dukdonogirorlish.top giraredeson.top nativnefil.top pakeduvistalik.top ponduroviga.top # Reference: https://www.malware-traffic-analysis.net/2021/05/27/index.html # Reference: https://www.virustotal.com/gui/ip-address/45.147.228.198/relations bediloper.top bigeront.top devicescout.space disponfirules.top garrozalibbo.click lascakatheather.top marslayot.top roponavi.online trinaa3.fun twistcolseza.top ytoptila.website # Reference: https://research.checkpoint.com/2021/melting-ice-tracking-icedid-servers-with-a-few-simple-steps/ backtotop.top prepercentu.agency francolodok.casa gallsoweller.club esaquell.website saintgermaincluff.agency tusdumifigov.top buzzinmaster.live pewazutior.fun francelosterr.fun mislinororv.top vindurualeg.top iraquyidlok.golf extravnene3.top wazakulpa.casa bilbotor.space vinchanger.top zaporedi.club bigdogbifmur.top confidermaf.top jackshanter.top fungitomik.top coronanovirus.top extrimesuofki.top dekoloeo.space gontudovingiy.top smokeinhabds.website moresifoliatu.top flipperdesar.digital 90poltuiltu.casa shiptospace.space klosterrion.casa hesteklobum.online sosista.casa extrimefigim.top chiefier.website naviconscs.bid dimetriadit.top browserupdate.online nonprofitwerde.top instformtosu.club contocontinue.agency tututvmore.fit frshfriend200.casa extrimebigim.top musicmuskolino.top hinsilipinguo.top fighterdesert.golf frangimingi.top 23mozzgoscanne.top gegemocotoro.top feelakey.top folikkuloge.top xenaxklio.fit siberiaposlire.top inkarhanter.top gonsikolika.top todykaser.fit nomorer.casa piklindaurum.top planidogat.top minimulibery.bid vilkodsare.top nobadynovoy.top beggings.top fertillonoatro.agency poedkoloed.top desantogambito.agency collaborranto.casa yousarenotrew.top hartromboblood.club nositkarta2.top 12horroser.fun woodabeg.fun tendaronifulik.top phoenixsenaks.golf royallik.uno vindurualeg.art hobbitza.website zaqeurepto.casa ujoshui.top starginogil.top quantokilofresh.fit hlugoposs.top wenettoauto.golf brrammannen.fun saamosuumo.bid supnoviklon.top boalietr.website colsezarain.top miglokinewss.top killynavi.space mikugivetonik.top kakecupckake.online sillkolo.space unifaestbigbog.top planeppilot.digital consoloursullo.casa goldtograbb.pw feelingsfreshr.space 10yofcris.casa fiziturongis.top dacadece.fit erlozimadam.top torbinsb.uno nuuuaaaretobe.top peravolicherov.top kindsoftpron.top russoful.space laquasil.top furnifutolinka.top ventuaustria.digital biopewaz.fun aspessilo.fit ameriglo.uno bigcostarikas.top glooverdoover.top faeartofaer.top supplementik.top bumisuevralek.top formgotobig.xyz vindurualeg.club illuziontime.top tradplatgo.top veritylo.uno moldorunumu.digital agalere.club saredurostef.top idiomore.website highertrully.top gambitsniper.digital tverrotordo.space xantummassacre.golf goringavizi.bid wukuchuk.space zoktalivensia.top kaizerrotsosa.casa dassauldblame.fun lostdexsation.top prizedassault.golf luchinuginfi.top grennader.space ggbetcode.golf captakomanda.top litefilipiness.top deerevula.club durvindigo.top nighterlikorew.casa fiflosnurenst.top finalllolubo.space asralissralis.online brokletwistzz.top arhannexa5.top mirducolivech.top catanirogof.top drannirusso.casa darkfoxmarket.link ginreworess.top zakuppilo.fun extrimedomino.top backpackgrey.online # Reference: https://gist.github.com/myrtus0x0/12b088ab863c5ffc56d84e76712c5f3b # Reference: https://www.virustotal.com/gui/ip-address/45.142.215.229/relations # Reference: https://www.virustotal.com/gui/file/b4f8da4dadd6a3f18b98cd39b3d6202d0afcc46db01fbcf792daf0cd36dbd85c/detection # Reference: https://www.virustotal.com/gui/file/af23d4b7238e7c34710202627722c7d2bb02645380f13066b16d6d8352545e35/detection # Reference: https://www.virustotal.com/gui/file/d2bc8d2ed345e62138546ba148598641bbf2fe93e9749dad262bf4dcb9117305/detection # Reference: https://www.virustotal.com/gui/file/81b3ef4c1b47b1f4376b5e887c2c0ff26443cb7204a92d4e815ce1bd88d4e2b5/detection dilmopozira.top # Reference: https://gist.github.com/myrtus0x0/e8b191faa086c9b05e3978c3836fca51 # Reference: https://www.virustotal.com/gui/ip-address/193.203.202.108/relations # Reference: https://www.virustotal.com/gui/file/b5f54359c7ea11c5cece6fb2420b392ed8b7f84e2351e31fe687fa7c03ded5d6/detection # Reference: https://www.virustotal.com/gui/file/5f035283ef433b5a12b51c7f3157ce9a720df74b192080b465db277341bfed4d/detection # Reference: https://www.virustotal.com/gui/file/c57f1c661a21b7d160633f48c45a5a3eb9272762f9e88996a488a3d6362928f4/detection potimomainger.top # Reference: https://gist.github.com/myrtus0x0/d860787abe5580600835182a70f50412 # Reference: https://www.virustotal.com/gui/file/c3cfec44f342c82d31689da86150710b21a25492a9ce1ad634d700f0e4a8ae5f/detection calciumasta.top # Reference: https://gist.github.com/myrtus0x0/835bc1bba8688587f37c25ea2cd09bb5 # Reference: https://www.virustotal.com/gui/file/defcc722a2816c05bd0331858b3a4f51735ff7cf89f4f35649c48cc09f36aa2a/detection dietarydog.top zverrokodo.live # Reference: https://gist.github.com/myrtus0x0/68fd792038380ba4e334b28ff9325d4f # Reference: https://www.virustotal.com/gui/file/c2e8e316fd877dca1e06fadbda3fd01ae4dbc6d2d1eb8a8ad3eff6ca7f8f56a4/detection lascakatheather.shop # Reference: https://gist.github.com/myrtus0x0/c4863c504e76d45f35f4517c644506da # Reference: https://www.virustotal.com/gui/file/39dde7049b772424639030d139edf59fb1f227604c6a3a16218868f9c64cbee5/detection immotransfer.top # Reference: https://gist.github.com/myrtus0x0/408f68a8df12fbadcf5a9d122de06ce4 # Reference: https://www.virustotal.com/gui/file/30f9f6b1b6e37477070d73bb964e95df8ae10b358a72c240ca3f2cc9e56992ec/detection mappingmorrage.top # Reference: https://www.virustotal.com/gui/file/66cd46fecdfc361be5c9c75c51b4c84cebc82030da79b219de59e968aca61209/detection fintopikasling.top # Reference: https://tria.ge/210621-pd63fl26fn # Reference: https://www.virustotal.com/gui/file/3839ea5f86c4ebc8036ab26cfee2b0e05893a6b276d39ba23b75980c4db4c8a4/detection bethehill.trade # Reference: https://labs.sentinelone.com/evasive-maneuvers-massive-icedid-campaign-aims-for-stealth-with-benign-macros/ # Reference: https://otx.alienvault.com/pulse/60d584d46294b971bc361a14 epicprotovir.download essoandmobilcards.com immotransfer.top kickersflyers.bid mappingmorrage.top momenturede.fun provokordino.space quadrogorrila.casa vaclicinni.xyz vikolifer.top # Reference: https://www.virustotal.com/gui/file/f611aa0d43e504d3542d9533fbdff4c29d552d4aa57b64b63f63ba869f449e3e/detection http://45.90.59.28 goateyeball.xyz # Reference: https://www.virustotal.com/gui/ip-address/185.81.114.9/relations # Reference: https://www.virustotal.com/gui/ip-address/195.123.233.17/relations # Reference: https://www.virustotal.com/gui/ip-address/54.197.173.238/relations compozitiminass.top dakestoci.top expinodarver.top ladvsa.club livungomer.top piramidionno.life pronews.icu revedanstvy.bid selenaserena.today tukolanichka.club wokitoki.top zacepeneni.bid # Reference: https://gist.github.com/myrtus0x0/23ceaa099b5ad11d9586e6c2bd119844 amanekjacks.top clinoridaf.club dopplercripper.top feedbackportal.pro ispaniolla.top latevanthave.top libereftornia.top makeeris.top odinom.bid # Reference: https://gist.github.com/myrtus0x0/4bb17522271df974a6285b42214c4622 akapuliaka.top canicomfinfera.club ceracallones.top lookdebreser.press mestarimopillaf.club piramidionno.life venozzoleaker.space # Reference: https://gist.github.com/myrtus0x0/5451ca8df04cd9508d7a4ec1d0d9e52b akapuliaka.top astrocycle.download ceracallones.top galoneskil.top iserunifish.top lidclimmon.top parkinihol.top rengadomist.top souldeppen.today # Reference: https://www.virustotal.com/gui/file/785bb011059028a6612df7f56f67ec3685374dc1f529470c013bc1e7b052bfa6/detection meronekis.space # Reference: https://www.virustotal.com/gui/file/e3c147716e64c815e5dc014d3b16f90be4d9c6a11809561283825e6377ce8487/detection miterinader.space # Reference: https://twitter.com/James_inthe_box/status/1417509107309760517 # Reference: https://twitter.com/James_inthe_box/status/1417520502248148992 # Reference: https://app.any.run/tasks/2c864a76-aa26-4dcb-b946-757bdce06a29/ # Reference: https://www.virustotal.com/gui/ip-address/139.59.66.245/relations # Reference: https://www.virustotal.com/gui/ip-address/37.1.195.84/relations # Reference: https://www.virustotal.com/gui/file/08b05618d409cddfec04ae19319e929e3568fce467fbb14bf9f11429c51f7041/detection feedbackportal.download aldebaranz.fun dongandge.fun engivesci.top erisvenus.top fooldinort.top maxifilorihi.top orhinosementris.club oscanonamik.buzz legangraffer.life morevigpekiulin.top survoning.top # Reference: https://twitter.com/fr0s7_/status/1421136378210013186 gilinsbigtop.com # Reference: https://www.virustotal.com/gui/ip-address/5.61.46.164/relations kastfiron.top perincikies.club # Reference: https://www.virustotal.com/gui/file/0b14383f52be57815dd216e13c3fabccfa05b3e5e382045fbaed210f8188549a/detection 72years.fun # Reference: https://gist.github.com/myrtus0x0/8c4b64bfcb192a451260a1d3288d9b45 bilopernolifa.club humadiscifil.buzz mosvilenralina.fun # Reference: https://twitter.com/malware_traffic/status/1420105986312921089 munardis.space # Reference: https://www.virustotal.com/gui/ip-address/8.208.88.252/relations 365cashl.com desk-infomno.work milbankllp.net poyerl.com # Reference: https://www.virustotal.com/gui/file/99b33d046b950bfe1d39e73d6ca0a1c071a0653b979094a8680da8ad22604e90/detection menoiras.space # Reference: https://www.virustotal.com/gui/file/9140fd537bf5f86928a95b306d11831a8e59717206767aae991c8331ebcf7bb2/detection moigoran.space # Reference: https://www.virustotal.com/gui/file/ca6d2c89e020068722d1509a6e77ceb3b1b821682018206e2a0e28876f9ed2f6/detection tovubey.info # Reference: https://www.virustotal.com/gui/file/fe4d4eced33ae01a282646bb1c9ea572f97816d0487648c817bdfbfe35d8f6db/detection tagutyy.info # Reference: https://www.virustotal.com/gui/file/ae93a0e0085bcae5ec9f21cb71df0b7d3a6682fa5c8ac4e763f70884cb7bf5c6/detection denazao.info # Reference: https://twitter.com/teamcymru_S2/status/1423643504723603457 hamaderoning.club haumeaquaoar.top vickimirovit.top venuscera.top remiginuedsal.top yankisnop.top astrallis.fit morevigpekiulin.club lemendioz.top nexaamanek.top humadiscifil.club inifastkolin.club filinrgincost.club cookfidapis.top 2s1.top popolojogilni.top melbourneangelika.fit westopiseres.top grandopoop.top livertom.top iserunifish.club havakf7.bid lingreskoginuchia.club dilorefinhoch.top katgichiniad.top parksoliteram.club indigogo.website derefilosvato.fun eudimalinka.top nocelmozzvi.top amenigmals.club aloporeftio.club filinrgincost.buzz glipwilson.top dumarilovelaga.top grandopoop.club bresonimagifiy.top obizizafun.top akapuliaka.club payanattention.download gvadamaxala.top materialsuncovered.press hanonedika.club operovishionshi.top hilogrilim.club mysteginga.top bivemidoorning.top quaoarmakemake.top topyotanesla.top ymiraymiradil.club weakstart.bid iylifeshunia.top restprodefine3.bid filshilkamira.club wazoploretmbir.online spinoschirkovni.buzz fInGoPAsKILEM.buzz eoeohopehope.club vindurualeg.xyz courtrecordingz.online tatwithsac.club combozpazom.online zilivibez.top nurofenexpressfortetabs.website 2.top modewater.top grandopoop.buzz djeniforikam.top undorepair.click natihoresilimi.top yachtbooking.xyz deservethis.fun eudimalinka.club indifigatualim.top operinogildan.top randgraze.club fingopaskilem.buzz maksilenoviresta.top afrisumiliman.club silinsekraft.top wiskotoniks.club asverilim.club gazzetto.press geogeooppe.club thishishigov.top zilinfed.top gvadamaxala.club duvinodigatomia.bid megafangchain.fun salaciahaumea.top timesilgeren.top zincforward.top mideliidalgo.top gerimoling.club simboul.fit caminingco.club ymiraymiradil.top silawatergim.club bigimigiriven.top gonhooupe.fun himilimlika.club tranmigrust.xyz gsterangsic.buzz mergeotiska.club nanahanafi.top wiskotoniks.buzz rainkarrigan.top exmailsixtry.top somefildrea.club plutosalacia.top rangbanksolstot.club islandimeron.club domigilamorov.xyz oscanonamik.club elbigiddim.xyz magicolipka.top pistols.fit instformtosu.top kalcimeroni.top dirstovesiy.top nikonexa8.top gonggongtouze.top solgarstat.top waserfootgled.club flourayder.club westburgim.club ispaniolla.club srikeoffsil.top humadiscifil.top xhinedralliok.top filipinekaus.top haunliberty.top dugilonimaska.club perincikies.buzz wamosforza.bid kontokonih.top bryanfilogistar.top perfundilin.top eitherwayinc.buzz oscanonamik.top angleeherma.download porvimmount.top newgeneradete.uno teamfinfintop.club kerberrtennis.download sukilomenfi.top comaseuou.top riferelclin.top danemarkneutral.fit dikloferdbred.top himolinga.top astrallizz.agency mideliidalgo.club pobunwestrou.top toldopened.press 9847germany.bid filshilkamira.top riderskop.top silidervinga.club stornihivesturaf.club hanterniko.top # Reference: https://twitter.com/Max_Mal_/status/1426167519358894087 bigben-soft-down.com # Reference: https://twitter.com/StopMalvertisin/status/1438603577568595986 # Reference: https://www.virustotal.com/gui/file/f0d20ffd85cb4c09f65f2a7bce9768b4c7cae0720dafcde846528a3711a9e1cc/detection mulenoras.space # Reference: https://twitter.com/phage_nz/status/1446236115342487555 mopuketo.space # Reference: https://twitter.com/seguridadyredes/status/1450733984636448769 vagenor.space # Reference: https://www.hybrid-analysis.com/sample/ca56b35917e49868e70ba5e3fc328c776de8c9af361e4b3fc5010762c9e68e67/60d9ed1b27d48c1af94d9d0d moriovalex.space # Reference: https://www.virustotal.com/gui/file/23c37ad86e5ff11652d28bf0c5a49c7bdcbffbcc109a6037ca9b30bf81ae6eab/detection vanordast.top # Reference: https://www.virustotal.com/gui/file/67621214101cdc9e82be2f0e6ae523213f221612d5ef3bd74799bfe1680f9cfe/detection moseronado.top # Reference: https://www.virustotal.com/gui/file/c6491ea496c4ad11d6d29560621430eabf05c74a0bb29b3b5c605e6363f67dde/detection mazeba.space # Reference: https://www.virustotal.com/gui/file/ddfce90a7b4db3ebb535327a24e9519884cd8427e2e8de27274f0fc6113ef5d4/detection miniotis.space # Reference: https://www.virustotal.com/gui/file/d301a4aa9f908055a96db590e94efa81e65b3f7acee7ec29d626f09ade86efc1/detection meshura.space # Reference: https://twitter.com/ffforward/status/1457689811872006145 # Reference: https://www.virustotal.com/gui/ip-address/188.130.139.215/relations # Reference: https://www.virustotal.com/gui/ip-address/62.173.154.193/relations # Reference: https://www.virustotal.com/gui/file/08d35cdc49c5c313592172dd5911c117080b30c3f0ccc91e4a69ecd7399e310b/detection # Reference: https://www.virustotal.com/gui/file/d807d8a8c2bdfd731e24d56fc33398a86a553c927ca8237b223ccbab7eba93d3/detection agenziaentrate.bar centrale.bar centrale.casa connecter.bar contenente.com direzione.bar direzione.casa interline.bar securelights.co liquidaz.bar statsgo.bar statslink.casa # Reference: https://github.com/hpthreatresearch/iocs/blob/main/IcedID/domains.txt aboutbest.top accessfin.top adjacentlim.top airportslim.top aisinlipfo.top anothersok.top appeartin.top arizonabig.top articipanttin.top bandwidthmas.top belowilin.top centrallim.top commamas.top commerciallim.top considerbest.top consistentin.top containsbest.top contibig.top controlsit.top counteredilin.top creaslipfo.top databasfin.top defaultsbest.top dependssok.top describedsit.top differentsit.top domalipfo.top dredgedlim.top ebsitiofilin.top eceivedilin.top ectionilin.top emergesit.top emotefin.top emporfilin.top encounterilin.top encryptionfin.top enhancetin.top ependinilin.top eptemlipfo.top erformedilin.top ermanenerilin.top erraizinbig.top essagenerilin.top examplesok.top featuretin.top fieldsmas.top functiofin.top functionssit.top generatedmas.top gistratiofilin.top guesssok.top hangetilin.top hardwarebest.top ignatedorilin.top inistratorilin.top installinfin.top instantlytin.top intuitivelysit.top istederilin.top landinglim.top listedbest.top machinebest.top manytin.top menisotabig.top menkitostbig.top ncreaslipfo.top networkbest.top nnelforwfin.top northwestlim.top numericmas.top obviouslsok.top olesalelipfo.top omainlipfo.top ongoingsit.top operatingbest.top optionsok.top otherwisesit.top parametermas.top previouslylim.top pricelipfo.top primarylim.top principallim.top psycopfin.top purgingsok.top querymas.top raisinglipfo.top ransfelipfo.top ransferlipfo.top rathersok.top readabilitytin.top removingsok.top requiremas.top requiringsit.top returnedmas.top revisiontin.top rivatefin.top rocesdilin.top runningbest.top runningfin.top rwarderfin.top seaplaneslim.top seekssit.top separatemas.top servicelim.top shouldbest.top shouldfin.top shouldmas.top simplifiedtin.top somebodysok.top sometimestin.top specifymas.top structuresit.top successilin.top surroundbest.top temberlipfo.top thousandssit.top tinanbig.top tomeredorilin.top towigetibig.top tructuretin.top undertin.top ustomerilin.top usuallyfin.top usuallysit.top vailablfilin.top valuemas.top vironmenfin.top whensok.top whichmas.top wholeslipfo.top wikitexttin.top wilasgenetibig.top wildlipfo.top wilnusbig.top withoutilin.top writtensit.top zhesezetibig.top # Reference: https://www.virustotal.com/gui/file/7636d563c16a37aa05fdbe2b29e65c934f3f25d08b48d5ce91f3023e6f2e5729/detection mosteplo.top # Reference: https://isc.sans.edu/diary/28092 # Reference: https://otx.alienvault.com/pulse/61aa07f043e4aceac901d572 # Reference: https://www.virustotal.com/gui/file/47e775bff0696d3f49ad26e602a55c327c07083029a35ab26f5c8f330c2f17e9/detection baeswea.com bersaww.com normyils.com # Reference: https://www.virustotal.com/gui/file/e4f7dcb2a4dcf96c89f7b2cd36694d160c4b090f84cd5ad7a7eee3eb299a6a48/detection enricowilli.top # Reference: https://twitter.com/pr0xylife/status/1467832306899501057 # Reference: https://www.virustotal.com/gui/file/cd31327b2c7b3d8e90a06c1194f847c81c51ac72d0f16db9aec520a594b84507/detection # Reference: https://www.virustotal.com/gui/file/f05e9edc503214f7826d228b888ddcfd5d78e922d540968eaf20c5cc03b8f2f3/detection vopnoz.com # Reference: https://twitter.com/ConfiantIntel/status/1468268331631521792 # Reference: https://www.virustotal.com/gui/file/f75415ca82c111ef1070c5f3ab47cd099d8ecf2681c2ee3fc51ed5d9d2a95fa6/detection # Reference: https://www.virustotal.com/gui/file/600a21358e2cc2d5d50b014c4a4df03435b136bec0ee7903eb88d4368fe37647/detection braveapp-browser.com panyinth.top # Reference: https://tria.ge/211209-wj1dqaeedq/behavioral1 # Reference: https://www.virustotal.com/gui/file/33fd2f2b2053150f21129807c381d38874c7622d207a8d036782db82cc61455b/detection nchestothe.ink # Reference: https://twitter.com/pr0xylife/status/1469294797466877957 # Reference: https://www.virustotal.com/gui/file/bbc7fdaf1d7c5886d564096f7923c75235a373230d60a40a20670be117f860dd/detection # Reference: https://www.virustotal.com/gui/file/f9f62722ff249e8219d4864dc46a1bbb3871b1b3f9c4139ffe2726b8f6f27ad0/detection # Reference: https://www.virustotal.com/gui/file/cdaed6e6cdcbde86a775f0fa3be338b4dd9e11a6bb418464287ed8a28fb7c429/detection jeliskvosh.com # Reference: https://twitter.com/Unit42_Intel/status/1470778363254128651 asrspoe.com # Reference: https://twitter.com/malware_traffic/status/1470943087589576713 foeldans.top mordister.top # Reference: https://github.com/ti-research-io/ti/blob/main/ioc_extender/HP_IcedID.json 4gerulit.pw 7pliopre.pw 9zlopout.pw accessfin.top additionalsupport.fun airportslim.top allegrinno.website alofisolokay.fun alphaselested.quest anuonuribids.store anystemmin.top aszepolityu.fun ativestob.top augustfinished.online awesillo.live azerqwe7.pw bafikalop.top bandwidthmas.top bansoffgo.rest befederehop.fun behappyterr.rest billiwilli.top billobully.space bounappetid.fun bouncedsar.site brasecaps.work bravoizzy.space brieven-post.nl burgomustopr.rest byfekaxo.rest centrallim.top chats1s.org chinabejing.cyou commamimubebe.site commerciallim.top confidermaf.top coolandprofit.business coscoplayer.top counteredilin.top creaslipfo.top crumiaopozzit.fun dasreropolo.quest dassaretillop.fun databasfin.top deltasdoklir.club dockslim.top doestomtell.rest domalipfo.top durvindigo.top duvinodigatomia.bid ebsitiofilin.top eceivedilin.top echobendol.fun ectionilin.top eitherwayinc.buzz emotefin.top emporfilin.top encounterilin.top environmentbest.top ependinilin.top erandtheresult.top erformedilin.top ermanenerilin.top essagenerilin.top essaipienure.space essarovidnure.space ewhopsilind.top extrimebigim.top fallelected.casa felixsaz.site feretiop.top ferfreenights.site ferroparromo.fun festworfs.site fighterdesert.golf financeexactly.site firzittoser.site flipperdesar.digital flipperzillo.quest follytresh.co gabbyhaddy.site gcl-gb.biz ghttoolsandtrai.top gistratiofilin.top gitancea.com godjenkli.top golfvillok.space grimesfunds.com guesssok.top hangetilin.top haseoploer.live headwayndred.rest healthythat.top hedorret.one heywanted.top highbigdeaz.top huavertion.bond hulebotetatet.online hulojipo.store icehokkfer.online ignatedorilin.top infocorp.hu inistratorilin.top interesmmingnstr.fun inthedecision.top intongettingr.rest intonghundred.rest intonthsnstr.rest intrusidril.fun istederilin.top jackshanter.top junepackage.site juristaklio.store kaferbigmirems.top kiloveliks.club kingflipp.online klosterrion.casa kostopilogreezy.top kummamemybaby.rest ladeytreh.top lagafiatnil.top lakogrefop.rest laomdpsolaszas.site lasticjugs.top leaguensuti.top liderphildom.rest lobotomyfelixo.space loboudelima.fun lokidasterreno.site lokiwaderty.space lopokihoiop.online loppidoaster.site macroniislami.top mainfilduenigra.top minimike.quest minnideviju.online miterb.casa moawimmingnstr.fun monstraview.fun motioarketplctly.site mynokolop.fun naffalno.site ndmarkrepo.top nighterlikorew.casa nlmain11.email nnelforwfin.top nobadynovoy.top numereshka.top obviouslsok.top odinom.bid oecipienure.space omersure.space omingnut.top onmentalsocio.top orgfunine.live oscarnextweeg.store oubteditwouldw.top oughthepla.top pambabama.site parradocorradu.top pawemilokder.website pedrosimanez.fun pervisolniy.top planidogat.top playstation-5.shop plodaserkilo.store plovdovdiw.space polokilopohu.fun pozaludasun.fun ppointingoptio.top priorodur.site privnelistka.top problemsok.top programsexactly.site propatientactly.site raisinglipfo.top ransferlipfo.top rapkloew.shop regulatorrie.website remiginuedsal.top reteredelete.top returnedmas.top ribedexperi.top roadswendy.top rocesdilin.top rowncommu.top runedomerki.space sadfor.top saintgermaincluff.agency salvadrillo.club sartanian.site sattelitekrebljad.top seaplanelim.top sedefijiko.space septembergloved.fun shouldfin.top shouldmas.top sigmentinj.top sirovincher.top soliverhone.top sosistopililo.top spinoschirkovni.buzz stenion.bond successilin.top surfgoklub.surf temberlipfo.top thesreiste.site tomeredorilin.top ubotmarinerz.top undertin.top uszpoyem.rest viewsketplctly.fun vikollaser.space washingtonkulli.online wassertulip.store watercilk.top wenettoauto.golf wertigofighter.fun westvirjin.space wheregreen.top winuvinnosluk.club xantiokisa.surf youngsupporter.store ytredesa.store zasewalli.fun zixermacher.surf zokawero.fun zolawetyup.website # Reference: https://www.virustotal.com/gui/file/241589089e32610bf1d0620cec1d1b6905b0426d3125e7047bb275d962f226cf/detection hipnoguard.com # Reference: https://www.virustotal.com/gui/file/7e0e44c6eebb41fde83f2bf22ce3d2f922700a95516bd54e5cdcda2ba0fff984/detection carpricegoods.com # Reference: https://twitter.com/1ZRR4H/status/1478051871608737797 setup6.com # Reference: https://www.virustotal.com/gui/file/ea6a267897a57adb46981d707b6b9426f9e13513240bb1c78521d20744ade6fd/detection greshman.xyz # Reference: https://github.com/pan-unit42/tweets/blob/master/2022-01-05-IOCs-for-TA551-IcedID-with-Cobalt-Strike.txt xijsry.com # Reference: https://www.virustotal.com/gui/file/ee23c428b222722444fafe6bffcfc77283f3fecfa0946a44e35041ca732fa78f/detection joikarendal.com # Reference: https://www.malware-traffic-analysis.net/2022/01/06/index.html landofrayz.com upperdown.eu # Reference: https://thedfirreport.com/2021/10/18/icedid-to-xinglocker-ransomware-in-24-hours/ # Reference: https://otx.alienvault.com/pulse/616d8a397ff2ac1abbc9d7e6 calseled.bond feedbackfileweb.club # Reference: https://twitter.com/executemalware/status/1481048885284020230 # Reference: https://twitter.com/ffforward/status/1481053245728505858 # Reference: https://tria.ge/220111-3wq45sadan # Reference: https://www.virustotal.com/gui/ip-address/159.89.171.14/relations heyintrodu.top ildrenmightf.top olerantand.top ovedfromasi.top reverdoome.top teredaroundcarb.top # Reference: https://github.com/pan-unit42/tweets/blob/master/2022-01-12-IOCs-for-IcedID-with-Cobalt-Strike-and-DarkVNC.txt charliedeffer.store hashingold.top lasticjugs.top namerikode.uno ouldmakeithapp.top # Reference: https://www.virustotal.com/gui/ip-address/185.70.184.59/relations beltypolon.xyz delegator.top gorrilazada.top trainfaressite.top # Reference: https://www.virustotal.com/gui/ip-address/174.138.59.117/relations severecouckarachi.top trafficgigabest.best trainfaressite.top # Reference: https://www.virustotal.com/gui/ip-address/89.105.202.54/relations aviasale.club hillerkiller.top pentestfile.pw # Reference: https://www.virustotal.com/gui/ip-address/149.255.36.159/relations 2020miners.best # Reference: https://www.virustotal.com/gui/file/0b0b92a625911a7065cf0e48d470acac71290c6832363a715b1f46aff01fe4c8/detection instarobotics.club instarobotics.pw # Reference: https://twitter.com/mojoesec/status/1483471457346854912 fusingcity.top nicagreenco.top thehandof.top # Reference: https://twitter.com/mojoesec/status/1485646686940803082 # Reference: https://www.virustotal.com/gui/ip-address/143.198.229.198/relations # Reference: https://www.virustotal.com/gui/ip-address/159.223.167.251/relations # Reference: https://www.virustotal.com/gui/ip-address/164.92.214.108/relations artiminiduska.live demicthatmo.top domigilamorov.xyz filomosoliv.live ginwhiskye.top greatwhen.top hisbacteriu.top recpitanium.bond thishishigov.top vulcuntulin.top youfomeclin.top # Reference: https://www.virustotal.com/gui/ip-address/195.123.233.52/relations moskowfloppy.host omenalostiganing.top surinoaminon.top # Reference: https://www.virustotal.com/gui/ip-address/185.123.53.132/relations moskmono.fun thezikest.bond zinozenned.site # Reference: https://www.virustotal.com/gui/ip-address/185.186.246.147/relations dilimoregration.top iterrationobj.site mousetopdiming.top plovvored.rest readyplovi.store roundcludiska.top ulencpiegelhost.quest whoisthisa.site # Reference: https://www.virustotal.com/gui/ip-address/159.65.84.9/relations filovgosti.fun grizlimaunt.top moapprovednstr.fun motionaentactly.site # Reference: https://www.virustotal.com/gui/ip-address/5.39.222.193/relations heroesdininh.top ferropitollo.space foxfulderlend.bond westcostrimer.top # Reference: https://twitter.com/ScarletSharkSec/status/1486086933122011148 # Reference: https://app.any.run/tasks/c72d33cd-fe12-4652-bc80-342c18926360/ daferton.top /30fdh3fdh/update.dll /30fdh3fdh/update1.dll /30fdh3fdh/update2.dll /30fdh3fdh/ # Reference: https://www.virustotal.com/gui/ip-address/172.67.146.72/relations mosserdau.top # Reference: https://www.virustotal.com/gui/ip-address/104.21.6.161/relations xulokapis.top # Reference: https://github.com/pan-unit42/tweets/blob/master/2022-01-27-IOCs-for-Contact-Forms-IcedID-with-Cobalt-Strike.txt # Reference: https://www.virustotal.com/gui/file/b646d0f1fb4b580c6d1465049bc0108b2d6ac78d2405dee00dc641f38fa16631/detection # Reference: https://www.virustotal.com/gui/file/1b9c356da9b2c510d1f78b421b6b2f560c35b2e4c2400a5f5afa281c753292ac/detection asoperdo.com coolbearblunts.com cooldogblunts.com karunamanke.com/wp-content/plugins/elementor/modules/admin-bar/png/picture.dll /alt1/1.dll /alt1/2.dll /alt1/3.dll /sddk2fe09/1.dll /sddk2fe09/2.dll /sddk2fe09/3.dll /sddk2fe09/ # Reference: https://www.virustotal.com/gui/file/45ab30436c5ef0c3efd2716f60600b1fbfa149e533dd34b00803d56315ffb0b1/detection hdtrenity.com # Reference: https://twitter.com/JAMESWT_MHT/status/1488511090090721280 # Reference: https://www.virustotal.com/gui/file/c5b2f6184f9ffbffbc4d1b1ff9755790d06619bde2c82ff08148397b751b241d/detection cleverballs.com vipinbiz.com # Reference: https://www.virustotal.com/gui/ip-address/198.244.181.229/relations # Reference: https://www.virustotal.com/gui/file/7389ce92adff4756d4d46ccf5f04e2c8fdaaf4774055eeeabce70991265b9834/detection keepfootbal.com # Reference: https://isc.sans.edu/forums/diary/Stolen+Images+Evidence+Campaign+Continues+Pushing+BazarLoader+Malware/27816/ # Reference: https://www.virustotal.com/gui/file/5a22e9bde5aaed03b323e5c933c473e9ba3831f4473790a3d4394baefe809d8a/detection mabiorex.space zvanij.space # Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-01-19%20IcedID%20IOCs statmorte.top /stat8112.php # Reference: https://twitter.com/JAMESWT_MHT/status/1493948743770644482 carziano.com/box.php # Reference: https://twitter.com/JAMESWT_MHT/status/1493971547413008386 abouthemes.com # Reference: https://twitter.com/D3LabIT/status/1495694866214526977 # Reference: https://twitter.com/reecdeep/status/1495696814460313603 adnmarketing.ec/robostar.php expovivienda.ec/rockys.php # Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_08.03.2022.txt golinisye.top # Reference: https://twitter.com/C0ryInTheHous3/status/1501310367607115779 byteguess.top dilinorenka.top erminasarav.top fikasterwer.top filimaslika.top javcomics.top jevejosader.top loniferast.top opertinulag.top qwesteresiler.top silinifarma.top timalerinastel.top topcomic.top vilivadertum.top # Reference: https://twitter.com/felixw3000/status/1502282160203608067 # Reference: https://www.virustotal.com/gui/file/101b6b6bec4ae6e698d793d1f9d1a905c03bac2da987ba68033a16fed414a95c/detection oceriesfornot.top # Reference: https://www.virustotal.com/gui/file/e82bade1258a56f6f6850665759a682ffeeaaf57d62200687ebcb110deea75b9/detection yourgroceries.top # Reference: https://www.virustotal.com/gui/ip-address/164.90.198.40/relations # Reference: https://www.virustotal.com/gui/file/7a6c42343b3d422c9f6f5c72763645b8f1b4931c609c320e60816aee55e4ae8a/detection arelyevennot.top emicthatmov.top # Reference: https://twitter.com/C0ryInTheHous3/status/1502311804172705795 sapp.top upmax.top # Reference: https://github.com/pan-unit42/tweets/blob/master/2022-03-21-IOCs-for-Cobalt-Strike-from-IcedID-infection.txt antnosience.com # Reference: https://www.virustotal.com/gui/ip-address/103.208.86.139/relations otectagain.top # Reference: https://www.virustotal.com/gui/ip-address/188.166.154.118/relations # Reference: https://www.virustotal.com/gui/file/98b3471ac865e7cc6cc5712ab0db76c476fd861828267284a6aa40c802737b2e/detection # Reference: https://www.virustotal.com/gui/file/16641647772f6572cdf8554198279560e98ce8e686f4433ca64e2031b8ffabdc/detection # Reference: https://www.virustotal.com/gui/file/9082c327ecf9c7bd9bd98c62a82e235165e8e11272998b63a66771da49be75f0/detection # Reference: https://www.virustotal.com/gui/file/08d30d6646117cd96320447042fb3857b4f82d80a92f31ee91b16044b87929c0/detection http://66.150.66.167 ertimadifa.com ritionalvalueon.top rivertimad.com # Reference: https://www.fortinet.com/blog/threat-research/spoofed-invoice-drops-iced-id # Reference: https://otx.alienvault.com/pulse/62443e7a14b711f66588af60 ssddds1ssd2.com # Reference: https://www.virustotal.com/gui/ip-address/172.105.27.36/relations demandingsok.top detreville.top docupolotrew.one dolinawestby.top dudilifonika.top eriumyers.top logithechimka.top pealinimor.top restonfreeon.uno rtofmethough.top tsasafuelsou.top # Reference: https://www.virustotal.com/gui/ip-address/164.90.204.224/relations bidilisimo.top dilinostarenashik.top krestilife.top versonizonkil.top # Reference: https://www.virustotal.com/gui/file/baeb13eea3a71cfaba9d20ef373dcea69cf31f2ec21f45b83f29f699330cb3e3/detection guguchrome.com # Reference: https://www.virustotal.com/gui/ip-address/147.182.222.62/relations applesflying.com balliordan.com biglaneat.com firstdatachannel.click flourmat.com grandtexen.com helloshoplegs.com northspaceline.co oprenfirst.com upperdown.eu # Reference: https://www.virustotal.com/gui/file/f1dcb3697e577e8e6bb142895901d864a05b33254e1f4b548b2be6e0dada36a3/detection hdgravity.com # Reference: https://isc.sans.edu/forums/diary/How+the+Contact+Forms+campaign+tricks+people/28142/ # Reference: https://otx.alienvault.com/pulse/61bb31bceb547f7142333d49 maruadix.top # Reference: https://www.virustotal.com/gui/ip-address/185.236.202.192/relations # Reference: https://www.virustotal.com/gui/file/880758a1cead6e79acd46b54beae951c7502bd999d9206653ffea10ef26f6195/detection gawanacool.pw # Reference: https://cert.gov.ua/article/39609 (Ukrainian) # Reference: https://www.virustotal.com/gui/file/de7bcc556dde40d347b003d891f36c2a733131593ce2b9382f0bd9ade123d54a/detection http://168.100.8.42 dogiraftig.com ndlestomak.top rresteraftin.com # Reference: https://twitter.com/fr0s7_/status/1514714765377028102 # Reference: https://www.virustotal.com/gui/file/d4b2f91ae5c196d6b21e2a5eef18a319b27208aab834630b381afec32ea9455f/detection http://212.224.118.163 # Reference: https://thedfirreport.com/2022/04/25/quantum-ransomware/ # Reference: https://www.virustotal.com/gui/ip-address/138.68.42.130/relations # Reference: https://otx.alienvault.com/pulse/6267bb8eb8865618367f89eb # Reference: https://otx.alienvault.com/pulse/627a7e1ce34132677bd27640 http://188.166.154.118 dilimoretast.com seaskysafe.com # Reference: https://twitter.com/phage_nz/status/1524206904733364225 olodaris.com yolneanz.com # Reference: https://github.com/pan-unit42/tweets/blob/master/2022-05-10-IOCs-for-Contact-Forms-IcedID-with-Cobalt-Strike.txt callbackhubs.com eldingdayl.com ganjicow.com meanforthen.com # Reference: https://twitter.com/felixw3000/status/1529023673700700161 # Reference: https://www.virustotal.com/gui/ip-address/159.223.41.31/relations laryqera.com kregxuls.com speratinda.com # Reference: https://www.malware-traffic-analysis.net/2022/05/23/index.html attemptersnext.site sawertinoit.site # Reference: https://www.virustotal.com/gui/file/132590d988d7d66b093c3f7b2821229925609e7f277bb4e0f05a212beebc366c/detection # Reference: https://www.virustotal.com/gui/file/455acb2ee4276f73a08bff5dbc759f44d06e728efad0bc587b92006bd92efefa/detection blockchaincapital.space crypto.blockchaincapital.space # Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_27.05.2022.txt reapetzold.com # Reference: https://twitter.com/mojoesec/status/1530166268388683778 # Reference: https://www.virustotal.com/gui/ip-address/64.227.182.2/relations # Reference: https://www.virustotal.com/gui/file/9ed5d51e93871fc54737ac7c641b74769cab2cc06ea5afbbd2b33ff486392d7f/detection ilekvoyn.com pearsqiizy.com # Reference: https://twitter.com/JAMESWT_MHT/status/1531553106256875522 # Reference: https://www.virustotal.com/gui/ip-address/51.89.190.220/relations pillalerted.com uleoballs.com # Reference: https://twitter.com/malwrhunterteam/status/1531957313032052736 # Reference: https://www.virustotal.com/gui/file/df4190f1b39f60c2e898d51cb43fec4f2ff50bd54b83b2ab22f4bf3567bcd558/detection http://194.31.150.173 # Reference: https://otx.alienvault.com/pulse/629755f6649ad51ea41dc343 # Reference: https://www.virustotal.com/gui/file/d9ae3e15b1ae3d616a03cb3cbf8e3fecc83aa0739c04c360a8dab26b6ed50bd3/detection # Reference: https://www.virustotal.com/gui/file/d95d64e94d9b6489ab23ce8196b2375582a06aa8adc0326c12a410ca7ef076a1/detection # Reference: https://www.virustotal.com/gui/file/b15ac3658243a89c6f56b1504b6634130a2ad244da44ebf1ea7b41859d6a99b2/detection calgama.com newsgrover.com spitaly.com unescene.com # Reference: https://www.virustotal.com/gui/file/aefe38ae0c15286b82cca13e2f1033471b4917128313c11193515ddebb767ba4/detection answersegeoge2022.ru # Reference: https://www.virustotal.com/gui/file/38a1d181f0f8d3ce3ac7a39559627f899a8fb51783df1223bbd7d8b15b3c2dc3/detection arxipdedsh.com # Reference: https://gist.github.com/myrtus0x0/06848be2267c3d06b33bcbd51fb0b07e akernilon.com leatyeals.com vadgeatemoz.com westdudil.com # Reference: https://twitter.com/TheDFIRReport/status/1535264269612220416 # Reference: https://www.virustotal.com/gui/ip-address/94.140.114.240/relations mlidaxeraza.com pnovajim.com # Reference: https://gist.github.com/myrtus0x0/8a96d35196f0725101d4a47c27909a15 # Reference: https://gist.github.com/myrtus0x0/cdbf5318b878f88aeb6089866e6aea54 # Reference: https://www.virustotal.com/gui/ip-address/185.150.117.97/relations # Reference: https://www.virustotal.com/gui/ip-address/45.147.231.164/relations # Reference: https://www.virustotal.com/gui/ip-address/84.32.188.223/relations # Reference: https://www.virustotal.com/gui/ip-address/94.140.114.40/relations # Reference: https://www.virustotal.com/gui/ip-address/94.140.115.109/relations adfinawxol.com blandafearz.com cukliosario.com didojanza.com goodfealan.com needmomslearn.com pleashurehott.com plocganga.com quuenkrauz.com tekacuanm.com # Reference: https://gist.github.com/myrtus0x0/af3f6e4c8c70137fe1661af550767151 # Reference: https://www.virustotal.com/gui/ip-address/174.138.59.14/relations # Reference: https://www.virustotal.com/gui/ip-address/91.134.219.111/relations blueyerskumy.com coolnexoz.com ilzenhwery.com # Reference: https://twitter.com/ankit_anubhav/status/1539858168611610624 # Reference: https://www.virustotal.com/gui/ip-address/178.62.194.122/relations aniogarphianeo.com bredofenction.com carbrownleger.com # Reference: https://twitter.com/TheDFIRReport/status/1541428641275334657 # Reference: https://www.virustotal.com/gui/ip-address/179.43.156.144/relations floppyfgreed.fun fruakij.com implementalyhiol.rest nilkomadik.com piolsneeds.com qipanzero.com # Reference: https://gist.github.com/myrtus0x0/34a3f552dd75e5aa7f1d3fcef52a1b3a # Reference: https://www.virustotal.com/gui/ip-address/91.234.254.234/relations quenndazden.com trinityasos.com # Reference: https://gist.github.com/myrtus0x0/34a3f552dd75e5aa7f1d3fcef52a1b3a # Reference: https://www.virustotal.com/gui/ip-address/94.140.115.91/relations # Reference: https://www.virustotal.com/gui/ip-address/94.158.244.115/relations merodlein.com montycrack.com # Reference: https://gist.github.com/myrtus0x0/79ec1f0eff068a46774736e7153ad214 # Reference: https://www.virustotal.com/gui/ip-address/5.199.162.166/relations # Reference: https://www.virustotal.com/gui/ip-address/91.238.50.93/relations allesborn.com blaskmirror.com dogdreror.com feelsgear.com # Reference: https://www.virustotal.com/gui/ip-address/165.232.157.41/relations # Reference: https://www.virustotal.com/gui/file/b7dcbb82cb674265b75afb54c2a614c9652bdd399e48c8cfe60845dd28e37ee3/detection alionavon.com carismortht.com # Reference: https://github.com/pan-unit42/tweets/blob/master/2022-06-28-IOCs-for-TA578-IcedID-Cobalt-Strike-and-DarkVNC.txt mioshaltikaz.com plomiberka.com # Reference: https://gist.github.com/myrtus0x0/05cae3e972d9dbe685ff359b5ad233f1 # Reference: https://www.virustotal.com/gui/ip-address/188.93.233.247/relations dgogyfuul.com yankyhoni.com # Reference: https://www.virustotal.com/gui/file/219d1bd045d7c3328184aba4842cc0d36acae7e835564d84ee2d8ffea94e4317/detection ciaontroni.com # Reference: https://www.virustotal.com/gui/file/70a6dbcff1c00d28da208cc9778af6eb7f609540fb0000ed316bbd003c7841e3/detection momskakeshop.com # Reference: https://www.virustotal.com/gui/ip-address/84.32.190.32/relations akelammira.com bloodhimwat.com chaeological.com # Reference: https://www.virustotal.com/gui/ip-address/94.140.114.61/relations createbinori.com zondbrunner.com # Reference: https://www.virustotal.com/gui/ip-address/103.208.86.57/relations apchenxuz.com feldaxxxx.com zloapenden.com # Reference: https://www.virustotal.com/gui/ip-address/85.239.55.250/relations qazillo.com # Reference: https://www.virustotal.com/gui/ip-address/217.199.103.37/relations mauraxinus.com trionyball.com # Reference: https://gist.github.com/myrtus0x0/26874290d4d31a9ea5318ed4a2301362 # Reference: https://www.virustotal.com/gui/ip-address/134.209.107.62/relations # Reference: https://www.virustotal.com/gui/ip-address/51.89.62.193/relations # Reference: https://www.virustotal.com/gui/ip-address/94.158.247.18/relations carismorth.com plorinnoult.com uytricmpreprom.com # Reference: https://twitter.com/TheDFIRReport/status/1544667489774313478 # Reference: https://www.virustotal.com/gui/ip-address/91.238.50.94/relations clearhotbeafc.com zalontrackei.com # Reference: https://twitter.com/k3dg3/status/1544747167751065601 # Reference: https://tria.ge/220706-wl7wkshgg2/behavioral1 comradespoon.com # Reference: https://www.virustotal.com/gui/ip-address/164.92.253.181/relations aldatepools.com greenfairsaid.com vneastruzz.com # Reference: https://gist.github.com/myrtus0x0/be956b90dab25c928ae7fe10bb6c2f6e # Reference: https://www.virustotal.com/gui/ip-address/155.94.208.135/relations # Reference: https://www.virustotal.com/gui/ip-address/45.86.229.94/relations # Reference: https://www.virustotal.com/gui/ip-address/89.44.9.207/relations jizzyploy.com khondiroda.com ointisthat.top olkanizad.com vondenay.com # Reference: https://www.virustotal.com/gui/ip-address/165.227.65.47/relations # Reference: https://www.virustotal.com/gui/file/e01ff083657629f0a1ce756551fbd5b3dbbdd3eae0905d669f73a741c6da675a/detection # Reference: https://www.virustotal.com/gui/file/6146d45df34ee16ece29200aae157cb87a918cb12822232d92046103ba8ce318/detection loadjoma.casa loadnike.casa # Reference: https://twitter.com/peterkruse/status/1548221048193093636 # Reference: https://www.virustotal.com/gui/ip-address/46.101.137.169/relations # Reference: https://www.virustotal.com/gui/ip-address/46.21.153.211/relations # Reference: https://www.virustotal.com/gui/file/0cc56595aa5e676ca94e8c746ecc22300321531ecec980b803267fc393c8ef8f/detection # Reference: https://www.virustotal.com/gui/file/a2a864ed64fa8da7f159510bb3bcd56de45cf0d613be2063ffb9f8b249526ab8/detection blionarywesta.com bransfortrionaf.com lifelightnilsa.com peranistaer.top trendmisolaf.com wiandukachelly.com # Reference: https://www.virustotal.com/gui/ip-address/159.223.23.127/relations # Reference: https://www.virustotal.com/gui/file/f3719dd8c4a3507f180bb285d637230457f48d0180a6ade83f1de7fe2c7696bf/detection alldogsedag.com # Reference: https://www.virustotal.com/gui/file/ce9b6c707d7ea1e1945660ffacab4d345bd06c274d625d9769eb0ece3aa3953f/detection aftersunicox.com # Reference: https://twitter.com/k3dg3/status/1549455457533796352 # Reference: https://www.virustotal.com/gui/ip-address/134.209.170.133/relations cootembrast.com # Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_20.07.2022.txt # Reference: https://www.virustotal.com/gui/ip-address/165.22.201.70/relations explorblins.com # Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-07-18%20IcedID%20IOCs # Reference: https://www.virustotal.com/gui/ip-address/142.93.169.99/relations garbagewellduno.com # Reference: https://github.com/pan-unit42/tweets/blob/master/2022-07-21-IOCs-for-IcedID-with-DarkVNC-and-Cobalt-Strike.txt brebdaalizan.com cleverchaosname.com izzicarat.com weolaneocar.com # Reference: https://twitter.com/k3dg3/status/1551992175294091265 # Reference: https://twitter.com/k3dg3/status/1551992300745768961 # Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-07-26%20IcedID%20IOCs tritehairs.com # Reference: https://github.com/pan-unit42/tweets/blob/master/2022-07-25-IOCs-for-IcedID-with-Cobalt-Strike.txt cleverchaosname.com eventbloodd.com wronigrabs.com # Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_25.07.2022.txt plorinnoult.com uytricmpreprom.com # Reference: https://twitter.com/reecdeep/status/1551568491538530308 # Reference: https://www.virustotal.com/gui/ip-address/159.89.122.109/relations # Reference: https://www.virustotal.com/gui/file/c352a8ec3029c110859ff526a9bc8c4c681420f1e59eafe24d3613197212526e/detection floatascentry.com wennectbwzy.com # Reference: https://gist.github.com/myrtus0x0/f101ea892ceec84f70b69ce4dd7d670c # Reference: https://www.virustotal.com/gui/ip-address/178.33.187.139/relations alohasockstaina.com gruvihabralo.nl # Reference: https://www.virustotal.com/gui/file/508ed66c9cfde35940f75f3bc8e77087dda1a571e53619420b550ee634e21162/detection handsquestiona.com # Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-07-27%20IcedID%20IOCs # Reference: https://www.virustotal.com/gui/file/f3a554330a7ca966b101c16a602f835eb2c0b1859a8ea92b7771d9739ec59be6/detection cansugperpetu.com # Reference: https://gist.github.com/myrtus0x0/e2a6b94a851437331ad2c49369cde203 deficulintersun.com nokainptisarda.com # Reference: https://twitter.com/James_inthe_box/status/1554142760994689024 # Reference: https://app.any.run/tasks/25796d58-1067-4f19-b5c6-26b6257a56ce/ sortswiminboard.com # Reference: https://twitter.com/James_inthe_box/status/1554461085037498368 # Reference: https://app.any.run/tasks/778ce3ef-1d3f-4557-b22d-84c72983714f/ # Reference: https://www.virustotal.com/gui/ip-address/165.232.147.248/relations keyseaysnice.com # Reference: https://www.virustotal.com/gui/ip-address/5.199.173.162/relations azzimbuffy.com mobicustomfees.com # Reference: https://www.virustotal.com/gui/ip-address/185.99.133.184/relations villshomedrane.com # Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_03.08.2022.txt # Reference: https://www.virustotal.com/gui/ip-address/159.89.43.72/relations getmeaninwurz.com # Reference: https://twitter.com/mojoesec/status/1555197269372182530 advenstravel.com alohabrunda.com appercoarvies.com bluemoonfranki.com bucjattecha.com carynicenur.com demobehairns.com dogifasterbigs.com festicrumps.com sciencesmurvill.com seatforillosa.com # Reference: https://twitter.com/mojoesec/status/1555567458018263040 autohemidno.com brumedane.com dromfiregreti.com ginersaer.top golimansire.top kerenshowblack.com migaresko.top ulaxtitolo.com vilasanitasa.com # Reference: https://www.virustotal.com/gui/file/c51bd77c55acd65a2e1e44d19a87b4cd038898ee9fd5f91c79f1cc7d0440ac33/detection abegelkunic.com # Reference: https://gist.github.com/myrtus0x0/0f924e99d0c631a55ae289ff9e0628fe klareqvino.com ultomductingbig.pro # Reference: https://github.com/pan-unit42/tweets/blob/master/2022-08-10-IOCs-for-IcedID-and-Cobalt-Strike.txt qropalhouse.com # Reference: https://github.com/0xToxin/Malware-IOCs/blob/main/IcedID/IcedID%2010082022 # Reference: https://tria.ge/220811-vhmwkacbd2/ # Reference: https://www.virustotal.com/gui/file/afefe1432f4a3ab3278c0a9090c2195fc2f3ac022397e5d0190f2ad48cd21992/detection alexbionka.com # Reference: https://tria.ge/220811-s1wkbaghhr/behavioral1 http://45.8.146.139 /fhfty/O7M1FTZXNP3SW5W21KH-_840WLA_ZB8D/loader_p3_dll_64_n3_crypt_x64_asm_clone_n163.dll /fhfty/O7M1FTZXNP3SW5W21KH-_840WLA_ZB8D/ /O7M1FTZXNP3SW5W21KH-_840WLA_ZB8D/ # Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_15.08.2022.txt # Reference: https://www.virustotal.com/gui/ip-address/5.255.100.207/relations # Reference: https://www.virustotal.com/gui/ip-address/5.255.100.8/relations blumzillapex.com cleanmagoza.com lenodraid.cyou yotrakeoksa.com # Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_18.08.2022.txt heldosant.com microark.org waterintoairi.com # Reference: https://twitter.com/pr0xylife/status/1561737165255725057 # Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_22.08.2022.txt # Reference: https://www.virustotal.com/gui/ip-address/164.92.65.3/relations satisfyammyz.com # Reference: https://gist.github.com/myrtus0x0/7673e29c837bbd733ca260c65927d97a dayzabazenb.com # Reference: https://www.virustotal.com/gui/file/de33097468c9926dbcc45323d556a120bd94b4b0636728849025723d87dee58e/detection dullthingpur.com # Reference: https://gist.github.com/myrtus0x0/fd29430b7aef7218235b7dc2e7ce2b75 # Reference: https://www.virustotal.com/gui/ip-address/179.43.154.179/relations # Reference: https://www.virustotal.com/gui/ip-address/193.239.84.229/relations bredhairnos.shop carprisesr.com crunerato.com hidozwerav.com iionadred.com ipolaternouse.com kiodareipa.com tranblackyn.com wetdrharis.club # Reference: https://www.virustotal.com/gui/ip-address/209.97.134.125/relations # Reference: https://www.virustotal.com/gui/file/5de273ceebdd3c8d617970ec0a0b5f2bb5b5d78e3f903ba1796449009ec28b27/detection # Reference: https://www.virustotal.com/gui/file/d9220b5d3c27ac7445b5ee81f1a3841c3a2c815413bb0711954ab939a8d8fbae/detection blazzerneumi.com # Reference: https://gist.github.com/myrtus0x0/febef39d74b8fdc546bae5dac8e0c960 crabsbolt.art # Reference: https://gist.github.com/myrtus0x0/68d5d7cc409801ce50a3bf8ec96a7767 alcoheyteri.click godenfasternow.com # Reference: https://gist.github.com/myrtus0x0/c025d1e7feacc403cbb6923dd43b86a5 assigdedrigme.cyou autobrag.cloud cmbaindesureshure.com colorsuckbeh.com empladeefly.wiki ferdianbanga.com lionafuyesas.com # Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_31.08.2022.txt # Reference: https://www.virustotal.com/gui/ip-address/94.103.93.13/relations maskatier.com moxisoma.com # Reference: https://www.virustotal.com/gui/file/fd46ad3ef89011b4ec6eb3709f903f5212d94c98ab81296d5664b82e7f9d6493/detection donorcabr.com # Reference: https://twitter.com/fr0s7_/status/1565657665350541312 # Reference: https://www.virustotal.com/gui/ip-address/79.110.52.48/relations bodilycar.quest # Reference: https://www.virustotal.com/gui/ip-address/164.92.176.20/relations # Reference: https://www.virustotal.com/gui/file/6a1ba492984c630ad274b2943b37a697c35a9147f367ddd83b42a229d7e1c27a/detection # Reference: https://www.virustotal.com/gui/file/eb7649af98573b5fcf29393e9d1ecc9a8991d69a3a8db687de7d93766009eb11/detection # Reference: https://www.virustotal.com/gui/file/f42ed736153af39769160d35134978d63fdf95cdfc9a7a5ab88a29fd09cf2bd4/detection http://164.92.176.20 academfleedalas.com # Reference: https://twitter.com/phage_nz/status/1567639090077790209 # Reference: https://twitter.com/malware_traffic/status/1567643669372485633 # Reference: https://www.virustotal.com/gui/ip-address/198.244.193.166/relations # Reference: https://app.any.run/tasks/33d0b2c7-35eb-4c48-a307-cb8aacb5b484/ # Reference: https://www.virustotal.com/gui/file/05b9b3805e5be9d68a08874e8c0ac73ea66c8a71ede76de9f5d6aacba4d8cc4e/detection # Reference: https://www.virustotal.com/gui/file/4a028d361295fc1d63c7e824458b64dde1811eece179f76922802ab63e0a74a8/detection # Reference: https://www.virustotal.com/gui/file/9a420055fcfec727fa5afe0d5879d9a815f32db3699b88efa574b258079d70f5/detection banuscip.com iscasbase.cyou kbreedfin.fun leonyelloswen.com # Reference: https://www.virustotal.com/gui/file/d2f972298617ea53b01060ca7cdb62cb2daf7328427e30cbeae865e681aeef54/detection trakonicwe.com # Reference: https://www.virustotal.com/gui/file/2fb562fe7681a7da1ec642787447dad2b7dab24081b4cbb99c15d535d136e901/detection kolinandod.com # Reference: https://www.virustotal.com/gui/ip-address/134.209.97.90/relations # Reference: https://www.virustotal.com/gui/file/6377b9e47ebc9d912741a21a15750387c84e00863890b140d8c61454800404c3/detection qvantumbrakesz.com # Reference: https://www.virustotal.com/gui/ip-address/188.166.169.40/relations # Reference: https://www.virustotal.com/gui/file/2a261577318c408e73e1c6459514197efa58cfe6053d03be092e2c2ff3f6179c/detection allozelkot.com # Reference: https://gist.github.com/myrtus0x0/da43fbcf5303a32dfe35a9e415da4ffe blenderbraunmae.club brendyhalfid.com evagelawelder.com trendmaycrot.com # Reference: https://twitter.com/0xToxin/status/1570435177549275137 # Reference: https://www.virustotal.com/gui/ip-address/142.93.44.94/relations # Reference: https://www.virustotal.com/gui/file/df0028f0f52840a24f13ae6bdd327da4b2baab19ba72771ddd93a80c2b2d73c9/detection pildofraften.com # Reference: https://gist.github.com/myrtus0x0/1f524fc3ae39683799fa649ef8dd13ed blackleaded.tattoo crhonofire.info curioasshop.pics frogtableoreno.click # Reference: https://www.virustotal.com/gui/file/55491ff800b385703b0660f899bf3bc4cbc58504a9708415d4017f8cdad292b5/detection zalikomanperis.com # Reference: https://gist.github.com/myrtus0x0/33b25df59427a826fecff66f9994f5d7 backrunda.beauty pippleweld.hair sexualpoid.me # Reference: https://twitter.com/malware_traffic/status/1573471048699346954 # Reference: https://www.malware-traffic-analysis.net/2022/09/23/index.html # Reference: https://www.virustotal.com/gui/ip-address/137.184.114.20/relations # Reference: https://www.virustotal.com/gui/file/fd26652f44780a2e4245e3d391b9ef53e4ef03a01c1176f0eb759262ac509bdd/detection # Reference: https://www.virustotal.com/gui/file/5037e5517bdc8c3af195a2d66cb74451010aba466e68d451f5d1d2f12ab4c9ff/detection algerat.cyou considerf.info sebdgoldingor.com trallfasterinf.com # Reference: https://twitter.com/embee_research/status/1573601757845807104 antiflamez.bar erinindiaka.quest # Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_26.09.2022.txt # Reference: https://www.virustotal.com/gui/ip-address/165.227.187.5/relations # Reference: https://www.virustotal.com/gui/file/abc0382a20c86144086e39ccf107bb7702bde07dcc66a06967a01bc15f6a1432/detection # Reference: https://www.virustotal.com/gui/file/768ae10d748df22e799a878c2bd5eebddd0cd331196d28e26b1a9b2e0ca989c2/detection scainznorka.com # Reference: https://twitter.com/James_inthe_box/status/1574791975366455296 # Reference: https://app.any.run/tasks/5ae84f39-0d13-47f0-bee8-02268c8b0ff9/ # Reference: https://www.virustotal.com/gui/file/5a866cb8e80bdd4659ec8fe0a70f85eaf665560a74ff1a45b5e6b5f41cb56b4a/detection # Reference: https://www.virustotal.com/gui/file/02347fb46156e8f43f223791ee37944c1cfc3ed729a97316ec2922308b577a57/detection tezycronam.com # Reference: https://www.virustotal.com/gui/file/5e932751c4dea799d69e1b4f02291dc6b06200dd4562b7ae1b6ac96693165cea/detection marualosa.top # Reference: https://www.virustotal.com/gui/ip-address/141.8.199.113/relations # Reference: https://app.validin.com/axon?source=DNS&type=ip&find=45.143.136.123 # Reference: https://www.virustotal.com/gui/file/d3e69a33913507c80742a2d7a59c889efe7aa8f52beef8d172764e049e03ead5/detection guardns.biz localdns.biz muelgadr.top whoerssl.biz wikidreamers.com # Reference: https://twitter.com/James_inthe_box/status/1575138079853060097 # Reference: https://app.any.run/tasks/bbf1a19b-4bad-4627-95e0-14c65c3f1ed6/ alockajilly.com # Reference: https://twitter.com/teamcymru_S2/status/1575553504499752960 # Reference: https://twitter.com/teamcymru_S2/status/1575553520253935616 # Reference: https://www.virustotal.com/gui/ip-address/164.90.174.6/relations # Reference: https://www.virustotal.com/gui/ip-address/46.101.19.119/relations opiransiuera.com saxonbinka.lol zoomersoidfor.com # Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_30.09.2022.txt # Reference: https://www.virustotal.com/gui/file/ba9481130c405679401696134cc2b17673d5a064bb0131dfd99c6e74405cc862/detection triskawilko.com # Reference: https://twitter.com/teamcymru_S2/status/1576997553169522689 sofkinlasersop.com # Reference: https://twitter.com/James_inthe_box/status/1577688801211666432 # Reference: https://www.virustotal.com/gui/ip-address/68.183.184.0/relations # Reference: https://app.any.run/tasks/411aac18-9025-4db4-84f6-c0a8cda14097/ fireskupigar.com # Reference: https://github.com/pan-unit42/tweets/blob/master/2022-10-04-IOCs-for-IcedID-infection-with-Cobalt-Strike.txt dietappli.shop frabigwin.info gropcropila.com trainbondarexil.com # Reference: https://twitter.com/reecdeep/status/1577979717717721088 # Reference: https://www.virustotal.com/gui/ip-address/159.65.169.200/relations # Reference: https://www.virustotal.com/gui/ip-address/91.213.50.43/relations # Reference: https://www.virustotal.com/gui/file/eb84a283ff58906786d63ffe43a8ff2728584428f5f7d9972c664f63f8790113/detection # Reference: https://www.virustotal.com/gui/file/34ac27459b6ee01fe98d574cfca00c32182a52cd02bdb457f0113b1978d84893/detection # Reference: https://www.virustotal.com/gui/file/1b47cff101a0b05fb2f1bd7d92825f73226767fbb32d705b05723941056ad431/detection # Reference: https://www.virustotal.com/gui/file/a86cc4b853e8b263ddc7e215bd1dec71360f411448b2fc79bbfce022d92d80cd/detection kicknocisd.com simipimi.com # Reference: https://malware-traffic-analysis.net/2022/10/06/index.html didociskal.com dietappli.shop # Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_10.10.2022.txt # Reference: https://www.virustotal.com/gui/file/526bc77ae68c541368d045aaf06f38f124b0898eb454f2101421a66e53edb16c/detection hoftpaeers.com # Reference: https://twitter.com/k3dg3/status/1580215977006206976 # Reference: https://gist.github.com/myrtus0x0/30eeaeb9cd051ba9250600cf69eff36f # Reference: https://www.virustotal.com/gui/ip-address/104.248.81.57/relations balderdash.beauty carshardeniom.com cotanantirrri.com egatamopew.com tracksupernova.com # Reference: https://www.virustotal.com/gui/file/5ae69d06d17c532b90cdb6163510f2b710dfa95429e5f97d8cec297c8ddfeb2a/detection alicenegord.com # Reference: https://twitter.com/Unit42_Intel/status/1580245166744821760 zlohasukula.com # Reference: https://twitter.com/malware_traffic/status/1580668932108582913 plethuirda.com trackofers.lol # Reference: https://twitter.com/teamcymru_S2/status/1579794732414554113 # Reference: https://twitter.com/netresec/status/1580491700581019649 137.74.104.108:8080 # Reference: https://www.malware-traffic-analysis.net/2022/10/12/index.html alohabrunda.com chattyprettyhot.com plenomils.homes trilwiqya.com vilasanitasa.com zlohasukula.com ohenv.shop k13sditmc.mutiaracendekia.sch.id # Reference: https://twitter.com/k3dg3/status/1582046535910424577 # Reference: https://www.virustotal.com/gui/ip-address/66.63.168.75/relations # Reference: https://www.virustotal.com/gui/ip-address/94.140.114.103/relations # Reference: https://github.com/pan-unit42/tweets/blob/master/2022-10-17-IOCs-for-IcedID-with-Cobalt-Strike.txt airsaintol.beauty axilapodiumz.com correctinomind.com pipsolik.art yeloypod.hair # Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_19.10.2022.txt tablearmestion.com # Reference: https://twitter.com/malware_traffic/status/1582850206797680641 pikchayola.pics questdisar.com # Reference: https://www.virustotal.com/gui/ip-address/167.99.201.14/relations # Reference: https://www.virustotal.com/gui/file/043f5a3b3e6c99a20685f85cf6dfe79e58481b83e6543b5e8f90f2693262f09a/detection salimjizita.com # Reference: https://tria.ge/221022-1a114seha7 ettermangusta.com # Reference: https://tria.ge/221020-wxap8ahbap seddkomaautomat.com # Reference: https://twitter.com/embee_research/status/1584344164824555520 # Reference: https://www.virustotal.com/gui/ip-address/185.236.231.73/relations # Reference: https://www.virustotal.com/gui/ip-address/45.147.229.191/relations dporfluerus.lol feeldarcked.com nealgruzding.com yelshardiro.com # Reference: https://cert-agid.gov.it/wp-content/uploads/2022/10/iceid_AdER_24-10-2022.json_.txt # Reference: https://www.virustotal.com/gui/file/e05fe5026485aec688c19ebca312e79cf06bd08c9e2182f25195cc49571ec7c4/detection # Reference: https://www.virustotal.com/gui/file/d3b4b33a20ad1c231d6955526e6282711eac8cc2d6fb89c9f7b353d0f9c574dc/detection # Reference: https://www.virustotal.com/gui/file/2d8bd8eb56bff74bac7927a865cfa25d9f6a0113e347c4fc647c7862640f31c9/detection # Reference: https://www.virustotal.com/gui/file/18bf4b5c8afb52369a5a851d1cab2c314ebc8ed7f78fc06c6dbab3929dd1747f/detection fortihook.com rulescvosher.com # Reference: https://twitter.com/malware_traffic/status/1584596554987757568 # Reference: https://www.virustotal.com/gui/ip-address/158.255.212.179/relations # Reference: https://www.virustotal.com/gui/file/865207a90709b4b0d7fd232e1ae0fe2cedc80919c239458fb2bcc12c6d142c17/detection ambifuserity.com nipsontaz.com melleraw.homes troskanribus.com # Reference: https://www.virustotal.com/gui/ip-address/167.99.220.73/relations # Reference: https://www.virustotal.com/gui/file/52ecf29aed6b1f9b5143d744200ea2ead8852333cf22923a3d4bb8c621b28f82/detection seedhlumening.com # Reference: https://twitter.com/teamcymru_S2/status/1584983941823737859 aucircly.skin bitherws.wiki grechinta.buzz herubroatern.com kunidplishar.com oppolanium.info ytleropa.homes # Reference: https://twitter.com/teamcymru_S2/status/1584967043472044032 198.251.84.61:8080 # Reference: https://www.virustotal.com/gui/ip-address/172.105.27.36/relations atommonga.art azuretron.wiki cantfluing.autos carsoveraho.pics cermerchees.lol choifejuce.lol coercedesult.quest coperhils.cloud croakbadgu.shop dilopmeska.top dkbillly.run fathecomel.lol fghermaast.top gigamerolini.top pricehistory.website qaderation.top trionallocatio.club xqertansi.gay # Reference: https://www.microsoft.com/en-us/security/blog/2022/10/27/raspberry-robin-worm-part-of-larger-ecosystem-facilitating-pre-ransomware-activity/ # Reference: https://otx.alienvault.com/pulse/635bcc619768c0b6cb3e9677 # Reference: https://www.virustotal.com/gui/ip-address/67.205.169.96/relations # Reference: https://www.virustotal.com/gui/file/a199c57ac97ec3ec8c62d811b5fee76ffb0ca5787e41db241dd0a206d41a7817/detection # Reference: https://www.virustotal.com/gui/file/beec379598ac2e4d3d36ff84a449b91b6c7f3ba2199b4bdf446ab2057d6c34c6/detection aviadronazhed.com # Reference: https://gist.github.com/myrtus0x0/71568fdb0df0cacb98c0693bbcb6cec0 vgiragdoffy.com # Reference: https://twitter.com/0xToxin/status/1587174760701632512 # Reference: https://tria.ge/221031-ytt1ssddfm trentonkaizerfak.com # Reference: https://github.com/pan-unit42/tweets/blob/master/2022-10-31-IOCs-for-IcedID-with-DarkVNC-and-Cobalt-Strike.txt ringashopsu.com sainforgromset.com # Reference: https://isc.sans.edu/diary/29210 194.5.249.150:8080 51.89.201.236:443 # Reference: https://github.com/pan-unit42/tweets/blob/master/2022-11-03-IOCs-for-Emotet-with-IcedID.txt bayernbadabum.com newscommercde.com nrwmarkettoys.com spkdeutshnewsupp.com /botpack.dat # Reference: https://www.netresec.com/?page=Blog&month=2022-10&post=IcedID-BackConnect-Protocol # Reference: https://github.com/pan-unit42/tweets/blob/master/2022-10-04-IOCs-for-IcedID-infection-with-Cobalt-Strike.txt http://188.40.30.100 51.89.201.236:8080 # Reference: https://twitter.com/N3utralZ0ne/status/1497027766893486081 # Reference: https://tria.ge/220224-z1aq6sehfl http://45.61.136.232 blinkenx.com # Reference: https://gist.github.com/myrtus0x0/084603f1548c0df3433e7173c474b4e2 3aseruty.pw attemptssok.top bookmaker.bid dollinopole.uno gmverasconstruction.com hanonedika.top mammucity.fun pozityv3.pw vertigiodust.top wuilburrtennant.site xanderboghart.cyou # Reference: https://twitter.com/Max_Mal_/status/1432725064311623686 safiliti-load.com # Reference: https://twitter.com/Max_Mal_/status/1433456034824302598 fusuri-solt-down.com triste-mega-down.com # Reference: https://twitter.com/teamcymru_S2/status/1589574164507426816 176.31.136.226:8080 # Reference: https://twitter.com/k3dg3/status/1589680664890462210 # Reference: https://twitter.com/threatinsight/status/1589733762010853378 # Reference: https://tria.ge/221107-whz2kaagd2/behavioral6 anisamnatyrel.com downloadfastfile.top downloadtyoufile.buzz fastyoudownload.top file-youupload.buzz # Reference: https://www.virustotal.com/gui/file/c58b13dc51e572ec288d97aa255d55884d7418466b8381afd1a4278a0be87427/detection # Reference: https://www.virustotal.com/gui/file/05a3a84096bcdc2a5cf87d07ede96aff7fd5037679f9585fee9a227c0d9cbf51/detection germanysupportspk.com # Reference: https://twitter.com/1ZRR4H/status/1589807390752665602 uoplasser.online # Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-11-07%20IcedID%20(Bokbot)%20IOCs fileyourupload.one youfile-upload.top # Reference: https://twitter.com/reecdeep/status/1589946217546424320 # Reference: https://app.any.run/tasks/2cb8e940-2242-45b2-ac46-5e16564b9cbc/ irdudetrusthill.com # Reference: https://twitter.com/k3dg3/status/1590424949839499265 gromsdaxert.com # Reference: https://gist.github.com/myrtus0x0/c66f9714dba3c4541d41a2ff94701b4c dremkalifcarsis.com likamsun.tattoo quavok.lol qurafleuncen.com # Reference: https://twitter.com/reecdeep/status/1590664451614658561 # Reference: https://twitter.com/VirITeXplorer/status/1590644700037644288 # Reference: https://app.any.run/tasks/dd7e5c24-d0eb-468c-a72a-be73c5c7d1c0/ bluamus.pics frendliuer.pics scinetkoshir.com # Reference: https://twitter.com/luigi_martire94/status/1590711341060222976 # Reference: https://tria.ge/221110-rkq48acdcl aerbuschartint.com # Reference: https://twitter.com/tosscoinwitcher/status/1590806161967972353 # Reference: https://www.virustotal.com/gui/ip-address/188.166.213.163/relations # Reference: https://tria.ge/221110-y1tzdafecl/behavioral2 ahilacarstrupert.com # Reference: https://twitter.com/MichalKoczwara/status/1591117083961884673 185.25.51.182:8000 5.199.168.23:8000 # Reference: https://twitter.com/k3dg3/status/1592230699524030464 # Reference: https://tria.ge/221114-xg9eaada24/behavioral1 trolspeaksunt.com # Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_16.11.2022.txt # Reference: https://www.virustotal.com/gui/ip-address/143.110.176.101/relations aurasantisflork.com # Reference: https://tria.ge/221118-xexbyacb95 # Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-11-18%20IcedID%20(Bokbot)%20IOCs sciiultaelinoza.com # Reference: https://www.virustotal.com/gui/file/c6aafa6b32ac91908ee37207c6feb4cef74aa8e9b82e70c1e58e5691a9319c60/detection starnaddplenumsak.com # Reference: https://twitter.com/fr0s7_/status/1595344900937203712 # Reference: https://www.virustotal.com/gui/ip-address/91.213.50.67/relations # Reference: https://www.virustotal.com/gui/file/fe0e830bcdd85026da34ac02ed73d4cb1cc3bdfd3336a33849eeb98e936060fc/detection # Reference: https://www.virustotal.com/gui/file/9c2c79d85e402b09deb43dc230c9b9c7fe7c1345f59e5e31881d2ff8fd2129bc/detection # Reference: https://www.virustotal.com/gui/file/97f7e8809cb74cb87f7f03e7196d60db63d07ae36d4e02f3821ef0464288af58/detection # Reference: https://www.virustotal.com/gui/file/448b35ad2bfeb1353a5b668b7cbb140d9ad958d5f9ab7a426f9eb8e1a6e8b545/detection mederaogs.com # Reference: https://twitter.com/samson2655/status/1598375365348573184 # Reference: https://twitter.com/ian_kenefick/status/1599864494695403520 # Reference: https://twitter.com/HaoZhixiang/status/1600791369853075459 # Reference: https://www.virustotal.com/gui/ip-address/165.227.104.80/relations # Reference: https://www.virustotal.com/gui/file/0d544614b47400768cf210c2e4d1a298e5cae36820c7b1b6327bb67b8e3ea8cb/detection # Reference: https://www.virustotal.com/gui/file/de81ef356acc2e199252f8fe2a894c36c6e327d5efd3abaaa7df477f3942e33b/detection # Reference: https://www.virustotal.com/gui/file/99dfb7baafec050861e152a036af86fc0c7663f3c719d58a56dfd9f06f4b8cef/detection babysoftletirs.com broskabrwaf.com ewgahskoot.com firestansinbox.com kamintrewftor.com oilcardirtoz.com # Reference: https://twitter.com/Max_Mal_/status/1600433862710267910 aslowigza.com kastoyarki.com opraadeadiwenna.com saintrefunda.com # Reference: https://twitter.com/malware_traffic/status/1600944054610821120 # Reference: https://www.virustotal.com/gui/ip-address/5.230.68.22/relations 51.195.169.87:8080 bloodharvi.buzz trimordaf.homes # Reference: https://twitter.com/crep1x/status/1602026802611982337 va-zum.com # Reference: https://twitter.com/k3dg3/status/1602763938869006337 # Reference: https://www.virustotal.com/gui/ip-address/143.198.92.88/relations # Reference: https://tria.ge/221213-y4rcnaae7x/behavioral1 # Reference: https://tria.ge/221219-1dpggsbc7w/behavioral2 # Reference: https://www.virustotal.com/gui/file/8007332d51621d56b951813e51c5cde13adb23b577c4d51ca2aea497f428fb6f/detection # Reference: https://www.virustotal.com/gui/file/772550abf2601834380fdaf3a82d81d8414bfa256d55efdd0a6a9ab3745ac1fe/detection # Reference: https://www.virustotal.com/gui/file/75c398d3a87e736ece65f10550519590a991f02990accf7d28cd52ac453a0a67/detection # Reference: https://www.virustotal.com/gui/file/05adcd44c155d9bde8704c6f886889127769f6f3a5b1af23d78e95d9cd402afb/detection estrabornhot.com klepdrafooip.com lilsakainrot.com trbiriumpa.com # Reference: https://isc.sans.edu/diary/rss/29344 # Reference: https://otx.alienvault.com/pulse/639c251cccbd8ca49a40f4e5 oferialerkal.online onyxinnov.lol primsenetwolk.com trashast.wiki wwwanydesk.top # Reference: https://twitter.com/MichalKoczwara/status/1603726554831282176 # Reference: https://twitter.com/MichalKoczwara/status/1603730522483691521 # Reference: https://www.virustotal.com/gui/ip-address/94.140.112.173/relations blerkatrosb.com kuachaech.click # Reference: https://twitter.com/MichalKoczwara/status/1603726554831282176 # Reference: https://twitter.com/MichalKoczwara/status/1603730522483691521 # Reference: https://www.virustotal.com/gui/ip-address/94.140.112.194/relations meaninggods.com trekbisekl.homes # Reference: https://twitter.com/MichalKoczwara/status/1603726554831282176 # Reference: https://twitter.com/MichalKoczwara/status/1603730522483691521 # Reference: https://www.virustotal.com/gui/ip-address/94.140.115.159/relations firespoot.lol taynerfork.homes # Reference: https://twitter.com/MichalKoczwara/status/1603726554831282176 # Reference: https://twitter.com/MichalKoczwara/status/1603730522483691521 # Reference: https://www.virustotal.com/gui/ip-address/94.140.115.209/relations aplikashion.lol imorendaset.com tmaliopak.com vrobreadcom.com # Reference: https://twitter.com/MichalKoczwara/status/1603726554831282176 # Reference: https://twitter.com/MichalKoczwara/status/1603730522483691521 # Reference: https://www.virustotal.com/gui/ip-address/193.37.69.106/relations aluidein.com # Reference: https://twitter.com/MichalKoczwara/status/1603747456369496064 bernkiy.com ca-ref73280.co console-red.com solar2023.net trndinbolda.com # Reference: https://gist.github.com/myrtus0x0/65b623f1e736594a1896a4e53277c971 aozakefir.com # Reference: https://twitter.com/ian_kenefick/status/1604932621091364866 # Reference: https://twitter.com/DavidTy03461965/status/1607784735723655168 burnaoqa.top cryptobrowser.top dlscordcom.top enhet-bekrefte-no.top fortlnet.top germogenborya.top irs-forms.top irsform.top irsforms.top irsgov.top llbreoffice.top llbreofflce.top moralaz.top mosxinale.top postbox-inc.top sandboxie-plus.top seregeox.top thunderbird.top thunderblrd.top torberone.top www-adobe.top www-anydesk.top www-brave.top www-chase.top www-discord.top www-discordcom.top www-dlscord.top www-fortinet.top www-goto.top www-irs.top www-obsproject.top www-ringcentral.top www-teamviewer.top www-torproject.top www-vmware.top www-webex.top www-whatsapp.top wwwadobe.top wwwchase.top wwwdiscordcom.top wwwebex.top wwwfortinet.top wwwfortlnet.top wwwslack.top wwwteamviewer.top wwwvmware.top wwww-anydesk.top wwww-discord.top wwww-discordcom.top wwww-dlscord.top wwwwadobe.top wwwwebex.top # Reference: https://www.trendmicro.com/en_us/research/22/l/icedid-botnet-distributors-abuse-google-ppc-to-distribute-malware.html # Reference: https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/l/icedid-botnet-distributors-abuse-google-ppc-to-distribute-malware/IOCs-IcedID-Botnet-Actors-Abuse-Google-PPC-to-Distribute-Malware.txt # Reference: https://otx.alienvault.com/pulse/63ac1b17661299228f6393e0 microsoft-teams.top sandboxieplus.top webeex.top www-basecamp.top www-citrix.top www-docker.top www-fortlnet.top www-irs-forms.top www-libreofflce.top www-realvnc.top www-teamvlewer.top www-thunderblrd.top wwww-adobe.top wwww-dlscordcom.top wwww-irs-forms.top wwwwanydesk.top wwwwslack.top # Reference: https://twitter.com/AuCyble/status/1605452226968711168 # Reference: https://www.virustotal.com/gui/file/9108e1d22d74bc5397b8886edc4f0a84b8906436a648ef8a86f30cf7e08978dd/detection explorezoom.com # Reference: https://www.virustotal.com/gui/ip-address/172.86.122.22/relations jinodomenta.com sekanurd.wiki # Reference: https://www.virustotal.com/gui/ip-address/45.86.230.103/relations finaxallif.com hlomshopen.com ipirazer.com jinodomenta.com polarverdezz.com proskefiola.com teensviolet.com # Reference: https://www.team-cymru.com/post/inside-the-icedid-backconnect-protocol 135.125.242.223:8080 185.156.172.97:8080 198.244.187.242:8080 # Reference: https://github.com/pan-unit42/tweets/blob/master/2022-12-20-IOCs-for-IcedID-infection-with-Cobalt-Strike.txt artiwal.pics thinkiwond.skin # Reference: https://gist.github.com/myrtus0x0/8876c9c3d5e31a9faaf562026cccb258 alimat.cloud gronnyreapiter.com # Reference: https://twitter.com/ian_kenefick/status/1606626852659154944 joyzibrakzi.com owisportlittle.com # Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_28.12.2022.txt # Reference: https://www.virustotal.com/gui/ip-address/192.153.57.8/relations whothitheka.com # Reference: https://twitter.com/k3dg3/status/1612495824369471488 # Reference: https://twitter.com/Myrtus0x0/status/1612505963319418880 # Reference: https://www.virustotal.com/gui/ip-address/162.33.179.231/relations # Reference: https://gist.github.com/myrtus0x0/e11b1fcf5fac005b67fd4a902f3b72ab apretakert.com grooviuno.art likasertik.shop pkusamain.cloud rilsoft.cyou topwarizda.com tranimor.lol wagringamuk.com # Reference: https://twitter.com/mojoesec/status/1612544085281181696 # Reference: https://twitter.com/mojoesec/status/1612544087399464960 airanavityulet.com alkinsan.art asolawera.click blumstrkiso.com craftisiykoff.com fdiromkant.cyou getnidderton.pics hightingsoul.hair mosatrap.art onionafrizdan.com plemkanorf.wiki scifiturnio.com smostluxi.com tginbota.cyou trainellia.one tristacarsfor.com turelomi.hair werdalcaribza.com zlokasma.com # Reference: https://twitter.com/k3dg3/status/1612860949773389835 # Reference: https://bazaar.abuse.ch/sample/1796aef0940e800bcb2556782f92a7874422bbdfdda24e6658e43db4b0916850/ ebothlips.com # Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_12.01.2023.txt # Reference: https://github.com/pan-unit42/tweets/blob/master/2023-01-12-IOCs-from-IcedID-and-Cobalt-Strike-infection.txt # Reference: https://www.virustotal.com/gui/ip-address/162.33.177.186/relations allertmnemonkik.com lezhidov.cloud qzmeat.cyou # Reference: https://twitter.com/ian_kenefick/status/1614254597945671681 # Reference: https://twitter.com/ian_kenefick/status/1614254599875235843 brigottafkor.com elcapolis.com ertusaporf.com felzater.lol ijoyzymama.com jozzinafkae.com kaesanor.homes pleoweld.homes quelasoup.homes skaiortalop.com startevopadra.com tailwera.cloud # Reference: https://twitter.com/ian_kenefick/status/1614293229272465408 needzolapa.com plumxeto.pics swertoolsken.com wcollopracket.com # Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_16.01.2023.txt dgormiugatox.com # Reference: https://gist.github.com/myrtus0x0/1132f5375f8cd92b9cbed4948c7e449d feriposloshops.com magazinto.one nindaxloart.com noncionicum.beauty qaqpcook.com siantdarik.lol zlokaregat.com # Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_17.01.2023.txt # Reference: https://gist.github.com/myrtus0x0/ad7163a3d7e9f2e55e53a5d1e1e72313 monkestad.mom plivetrakoy.com skanpiskar.one # Reference: https://twitter.com/malware_traffic/status/1615785311736315915 # Reference: https://www.virustotal.com/gui/ip-address/46.173.218.229/relations acridpanel.com martubad.com microsofteamscom.top miiwes.top mlcrosofteamscom.top onenote-com.top recoverybinfund.com tracking-orders.link vvv-irsforms.top vvv-libreofflce.top vvw-adobe.top vwv-adobe.top vwv-citrlx.top vwv-irsforms.top vwvirsforms.top wvv-libreofflce.top wvv-llbreofflce.top wvvmlcrosofteams.top wvvonenote.top wvvslack-us.top wvvslack.top wvvteamviewer.top wvw-microsofteams.top wvw-slack.top wvwonenote.top wvwonenotes.top wvwslack.top wvwteamviewer.top wvwwanydesk-com.top wvwwanydeskcom.top wwv-citrlx.top www-adobe.xyz www-citrlx.top www-irsforms-us.top www-mlcrosofteams.top www-teamviewer-com.top wwwteamviewer-com.top wwwteamvlewer.top # Reference: https://twitter.com/CSICCybersecur1/status/1615794289719808000 # Reference: https://threatresearch.ext.hp.com/adverts-mimicking-popular-software-leads-to-malware/ microsofteams.top microsoftteams.top vvv-discord.top vwv-discord.top vwvv-discord.top wvvw-citrix.top wvw-adobe.top wvw-discord.top wvw-irs-forms.top wwv-discord.top wwv-slack.top www-adobecom.top www-anydeskcom.top www-discordc.top www-lbreofflce.top www-llbreofflce.top www-microsofteams.top www-microsoftteams.top www-onenote.top wwww-citrix.top wwww-irs-form.top wwww-slack.top wwww-teamvlewer.top wwwwdiscord.top # Reference: https://gist.github.com/myrtus0x0/05cbc12632667f77e13b425c03bc7d9a avoymratax.com brakudafear.pics marmelokpa.com nigaragusoups.com pahtafinlund.com qsertopinajil.com skafiparod.com stillprunnert.com tonikantos.one trinazhkoma.club wendypior.ink # Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_19.01.2023.txt # Reference: https://gist.github.com/myrtus0x0/9ea040e1c31b474b4c20464ae31c3b73 klayerziluska.com # Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_20.01.2023.txt # Reference: https://www.virustotal.com/gui/ip-address/193.149.176.55/relations umousteraton.com # Reference: https://twitter.com/DonPasci/status/1616455525863915520 teamviewerr.life teamviewerr.online teamviewerr.site teamviewerr.top # Reference: https://twitter.com/ian_kenefick/status/1617510411015684096 # Reference: https://twitter.com/ian_kenefick/status/1617510412744003588 # Reference: https://twitter.com/ian_kenefick/status/1617583844705566723 abigelofraj.com headertolz.com iskopila.com nomaeradiur.com pleylqox.com rolewzullo.com scanproluet.com spotifrezise.com swordnifhing.com tibloautonef.com trastbaki.com trotimera.com trustopaj.com ulrtonemio.com # Reference: https://twitter.com/ian_kenefick/status/1617831936533368832 birungor.com jucypokers.com neaachar.com smarticaino.com startinghpot.com # Reference: https://twitter.com/teamcymru_S2/status/1617832079676395521 5.196.196.252:8080 # Reference: https://twitter.com/embee_research/status/1617728548034457605 # Reference: https://www.virustotal.com/gui/ip-address/5.206.227.5/relations # Reference: https://www.virustotal.com/gui/ip-address/5.255.106.240/relations # Reference: https://www.virustotal.com/gui/ip-address/94.140.114.235/relations needfradka.com neelrocap.com pleasurtika.com polirieta.com trustyox.cloud # Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_24.01.2023.txt plitspiritnox.com # Reference: https://www.virustotal.com/gui/ip-address/85.239.61.92/relations alijhaborta.com windmencherser.com # Reference: https://threatfox.abuse.ch/ioc/1075360/ # Reference: https://twitter.com/abuse_ch/status/1620152896724803584 sajimadurop.com tthunderbir.space us-thunderbird-soft.com # Reference: https://twitter.com/teamcymru_S2/status/1620733039176466434 135.148.217.85:8080 # Reference: https://twitter.com/abuse_ch/status/1620850766247518208 # Reference: https://www.virustotal.com/gui/ip-address/185.26.122.80/relations # Reference: https://www.virustotal.com/gui/ip-address/206.188.196.136/relations # Reference: https://www.virustotal.com/gui/ip-address/46.151.26.131/relations # Reference: https://www.virustotal.com/gui/file/3a585be7037b0dd24dbc719e8a05d1a1502108bb6e0fea62d6b90980be75a7d9/detection mlcrosofteams-us.top restorahlith.com siitributario.top teams-mss.online ww-citrixcom.top www-adobeus.top www-onenote-us.top # Reference: https://twitter.com/k3dg3/status/1623333951069646857 # Reference: https://www.virustotal.com/gui/ip-address/80.66.88.143/relations # Reference: https://www.virustotal.com/gui/file/2b317f6a1ffc33b390ef0f9ca4c7227c250dc6e46e9eb198e2ef56ce00e0d360/detection ehonlionetodo.com noosaerty.com palasedelareforma.com renomesolar.com # Reference: https://www.virustotal.com/gui/file/6e494eb76d75ee02b28e370ab667bcbcdc6f5143ad522090f4b8244eb472d447/detection bbpline.com # Reference: https://www.virustotal.com/gui/ip-address/158.255.211.174/relations qoipaboni.com yelsopotre.com # Reference: https://www.virustotal.com/gui/ip-address/185.236.231.223/relations leftcatrheringg.com # Reference: https://twitter.com/malwrhunterteam/status/1620166640209133569 bassecanp.space wvv-basecamp-us.com # Reference: https://github.com/pan-unit42/tweets/blob/master/2023-02-13-IOCs-for-IcedID-infection-from-fake-Microsoft-Teams-page.txt # Reference: https://www.virustotal.com/gui/ip-address/45.61.139.138/relations # Reference: https://www.virustotal.com/gui/ip-address/85.193.93.125/relations # Reference: https://www.virustotal.com/gui/ip-address/94.140.112.54/relations 7-zip-com.top adobeusa.top adobeuscom.top alishabrindeader.com basecampus-com.top basecampusa.top blender-org.top blenderusa.top citrixusa.top citrixuscom.top covimars.com dockerus-com.top dockerusa.top irsform-online.top irsforms-online.top martubad.com microsofteamsus.top mlcrosofteamsus.top onenoteus-com.top onenoteusa.top portaconexao8.top qonavlecher.com thunderbirdus-software.top thunderbirdusa.top treylercompandium.com visual-studio-usa.top visual-studio.top www-irsform-us.top ns8.miiwes.top # Reference: https://twitter.com/1ZRR4H/status/1625870720629604354 bestsdealofworld.com besttestbrend.com breakshoulder.com breakyboost.com cloudzippe.com greatjbook.com loktelnotes.com magneticjspt.com ninjahmake.com objectiveusers.com olivnakercheast.com omegaweth.com resetpswdr.com tempsolutionsde.com waojernote.com # Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-02-16%20IcedID%20IOCs # Reference: https://www.virustotal.com/gui/ip-address/162.33.177.93/relations azergapolak.com # Reference: https://twitter.com/1ZRR4H/status/1627085493023424512 germogenborya.at # Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_21.02.2023.txt aerilaponawki.com alishaskainz.com alohaplinayagot.com # Reference: https://twitter.com/teamcymru_S2/status/1629186902011138049 80.66.88.71:8080 # Reference: https://twitter.com/teamcymru_S2/status/1630216181218164736 45.61.137.220:8080 # Reference: https://www.team-cymru.com/post/from-chile-with-malware aixjobsonline.net rmbonlineshop.com # Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2023-02-28-v10255/336 neonmilkustaers.com svoykbragudern.com # Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_28.02.2023.txt hrowerknifi.com # Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_02.03.2023.txt # Reference: https://www.virustotal.com/gui/ip-address/162.33.177.91/relations aproillionsgif.com # Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_02.03.2023.txt almileniomf.com # Reference: https://www.virustotal.com/gui/file/4d413030a194ff44334cc00660edc31f7c10cffb28c24fb529b0d4790127b152/detection olifamagaznov.com # Reference: https://twitter.com/k3dg3/status/1634252661053870085 # Reference: https://www.virustotal.com/gui/ip-address/46.173.218.184/relations # Reference: https://www.virustotal.com/gui/file/befeb1ab986fae9a54d4761d072bf50fdbff5c6b1b89b66a6790a3f0bfc4243f/detection ariopolanetyoa.com segurda.top shisyatnic.top sntnder.top # Reference: https://www.malware-traffic-analysis.net/2023/03/08/index.html daybeds.xyz gyxplonto.com lifeinsurancequotes.xyz pichervoip.com statifaronta.com # Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-03-16%20IcedID%20(Bokbot)%20IOCs # Reference: https://www.virustotal.com/gui/ip-address/176.119.147.36/relations # Reference: https://www.virustotal.com/gui/ip-address/80.66.64.199/relations # Reference: https://www.virustotal.com/gui/file/8a2604cafa51f55c680e29b0aa090c1c359959c5ca1fe985331c8bffc352d6e6/detection # Reference: https://www.virustotal.com/gui/file/b160d088b1e3dae04dff4e286381e5b648b36393fe43a6188eee1f66791f5cab/detection # Reference: https://www.virustotal.com/gui/file/4acedf813aaf351826a6616bb43146e4d9f6821e31cfa0aeb1e4a1558124320e/detection acridpanel.top aproshak.top borasga.top burisman.top momidor.top russiancl.top applicatwindomz.com avroralikhaem.com skanfordiporka.com villageskaier.com /dll/loader_p1_dll_64_n1_x64_inf.dll28.dll /loader_p1_dll_64_n1_x64_inf.dll28.dll # Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_17.03.2023.txt # Reference: https://www.virustotal.com/gui/ip-address/176.124.193.25/relations # Reference: https://www.virustotal.com/gui/ip-address/185.173.38.133/relations # Reference: https://www.virustotal.com/gui/ip-address/80.78.24.30/relations conalom.top dexteroa.top allowpedartun.com auronavtimor.com breakolitro.com brendastics.com canserprite.com deadwinston.com ewyersbetter.com greendayzy.com halinshopyelo.com hechizuops.com ituitem.net klindriverfor.com kokphiladefvoid.com kondarimno.com lomviolxenus.com nikertimeshaft.com panamaplanert.com pingwiskot.com plehvioda.com quelopaskal.com sexyneolded.com shoterqana.com skigimeetroc.com smockalifatori.com statikfootbol.com stimulspitrauk.com sumnutrionm.com systimjoyzy.com thingssouthal.com trastmoreplanet.com umoxlopator.com utorsabegot.com viskocompetr.com wazxlerasta.com zoomersoidfor.com # Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_24.03.2023.txt # Reference: https://www.virustotal.com/gui/ip-address/206.166.251.62/relations http://173.44.141.213 liguspotforsit.com # Reference: https://twitter.com/Unit42_Intel/status/1639371567900798977 # Reference: https://www.virustotal.com/gui/ip-address/195.20.17.21/relations # Reference: https://www.virustotal.com/gui/ip-address/89.117.89.197/relations 193.239.85.16:8080 gabrikxuira.com keyzishaptu.com # Reference: https://www.proofpoint.com/us/blog/threat-insight/fork-ice-new-era-icedid # Reference: https://otx.alienvault.com/pulse/64220246fe8791e38ac9c2f0 http://94.131.11.141 akermonixalif.com guidassembler.com halicopnow.com handsinworld.com helthbrotthersg.com lepriconloots.com oilbookongestate.com samoloangu.com sanoradesert.com steepenmount.com # Reference: https://www.bleepingcomputer.com/news/security/new-icedid-variants-shift-from-bank-fraud-to-malware-delivery/ # Reference: https://www.virustotal.com/gui/ip-address/5.61.34.46/relations tourdeworldsport.com # Reference: https://twitter.com/teamcymru_S2/status/1641440140428967936 162.33.179.145:8080 46.21.153.153:8080 # Reference: https://twitter.com/Unit42_Intel/status/1645851799427874818 # Reference: https://twitter.com/malware_traffic/status/1645862110931611649 193.149.176.100:443 45.61.137.159:443 alishakainz.com deadwinston.com sithoparka.com villagekaier.com # Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2023-04-14-v10298/480 askamoshopsi.com beepkauftagers.com tadernost.com troffyfrutlot.com yhorneedminf.com # Reference: https://twitter.com/k3dg3/status/1648755072648503322 # Reference: https://www.virustotal.com/gui/file/5f5f78266fddd18f3db7791b4980df2d13184de9d1c5ac39c49751e25f83ca17/detection # Reference: https://www.virustotal.com/gui/file/bd24b6344dcde0c84726e620818cb5795c472d9def04b259bf9bff1538e5a759/detection skigimeetroc.com # Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ 104.168.198.16:443 104.168.236.183:443 104.168.250.197:443 104.168.59.69:443 104.168.70.14:443 104.248.223.35:443 108.174.196.120:443 134.122.62.178:443 138.197.146.18:443 139.59.73.85:443 140.99.159.159:443 151.236.9.57:443 161.35.166.97:443 162.33.177.137:443 162.33.179.218:443 167.99.248.131:443 168.100.10.149:443 168.100.10.28:443 168.100.11.100:443 168.100.11.128:443 168.100.9.230:443 172.86.75.233:443 176.124.32.10:443 185.121.168.152:443 185.99.132.16:8080 185.99.133.58:443 192.119.68.151:443 192.153.57.172:443 193.149.129.50:443 193.149.129.53:443 193.149.129.59:443 193.149.176.198:443 193.149.187.158:443 193.149.189.7:443 193.168.143.119:443 209.38.220.183:443 209.54.96.100:443 213.59.118.120:443 38.180.8.107:443 45.61.139.144:443 45.92.163.233:443 5.61.37.224:443 64.227.48.93:443 66.63.188.18:443 74.201.30.84:443 80.66.88.148:443 87.251.67.56:443 91.235.234.217:443 91.238.50.105:443 94.140.114.48:443 94.232.41.107:443 abigeyzolla.com afrakonla.com africnouzor.com afrodizajoy.com ahilopadra.com aitoblelorn.com akwoyawoyezh.com alconafnizswr.com alefwizador.com alicaskotchers.com aliensaiot.wiki aliopiwert.com alistokusta.com alsomibtrop.com amercand.one anniforsa.art animamagaznaf.com aoureskindzet.com aplinormalde.com apoligazanattions.com apsoalskd.xyz architrinm.com ariadioda.click aromaydensor.com artoboxnapi.com ascorifatka.com asiksliopakt.com astrawwinzo.homes auronegas.art autohouzepick.com autokoza.tattoo autovropsanti.com avianeikop.com awesocaerigrot.com aytomerilnaz.com bandseventi.com bedlyklaif.info biglygirle.com bizonexpressyet.com blickwost.quest boordopad.com boyangprofit.com breakolitro.com brisharten.lol brocoko.lol buchiersnair.com cheryhotlene.com cloaissap.art codiciikunfu.wiki colsnife.art cubinger.homes dadiortnavil.hair daprable.hair debinatorforka.com deelstokty.cloud delarossa.net dendrapa.tattoo dismaycars.com dockeerw.site dockeruscom.top dollarsbink.com doockerq.site dreoditn.pics dtreetbenks.com eatiomnus.com entercasta.com farelfif.com fdronisatis.com fightsmtimor.pics flimonikadarchoz.com flipasunam.nl flixstotpy.com folkriferknauf.com frechezup.com freddomnad.com futerimek.com gerbatoilst.com ginzatiquella.com gliinjoyae.com gravsatrisd.com grilkavok.com grixuma.com grofertnaz.com grozilur.com grundatera.com hannoverplus.com hardenpasedaken.com hazertofichamda.com homeonestrafgnoum.com hretbornshops.com ikopaeronafti.com ilioskajyzi.com illinousnachez.com imageabroidkal.cloud innolarenta.com iratoubus.com irosjoyzinax.com isdernoupe.lol iskazorety.com italinakaret.com itfirhialonat.com jeanharimop.com jilosrawet.com jinofroyka.com jinowera.com kajsolakxy.top kalimboosta.com keyzibord.homes kicksoftnuclpark.com kingsoftingskaiyd.com komarpleausfa.com kraftifoodwest.com kropnagursa.com lasernofkaret.com lirepraqueen.com lldapqoaaosp.xyz loliapitudet.com lsonubir.skin magsashkedfold.com mashaliop.com meanxazer.lol meettofad.hair milkasofti.click milkberka.skin momtretaskan.com moontraps.com mrassociattes.com murlakoperre.com mybagsukcsfutre.com naturechese.com naturetrtwentond.com needgueachat.com neefolkrd.com neelsquelo.com negerotar.com netswaerty.com nextpozziotions.com nexttinexazerd.com nigerodmanko.com nixbachinga.com nizanigrola.com nizzapizzakor.com nothithoeredum.com nozhidfajip.com nydkaalis.com oaskalsaoskdxzx.xyz obrovasikul.cloud offetknauzhad.com oiurkastarting.com olponetox.com ondorobo.shop paesoitalon.com pcahaelko.com peargodva.lol pikcherstoka.com piktojillyq.com pilamilko.com pinchersoftqum.com pingwiskot.com pinitosaki.com pintoolonamon.com piolareiu.pics plintarueza.com plotinchizz.com postrangecarscity.com prahmatorn.com procompeser.com pxoirita.com qertoplast.com qiratrontyssy.com qwevinaj.lol rbcverif.com rbcverif.link reaperossslo.com ridikto.buzz rinosekawer.com rutapaapps.com saecoprofintad.com salipjuino.com sanovkablumd.com sarenmarki.pics satifayban.com saydoglemoomy.com scafendertroopers.com scaniahelfideret.com scaspeedhamer.com sciense.buzz scikeranovan.com scoulnafirtajoy.com senioraskaf.cyou sentinorkaber.com serdtacoolte.com sevenfrogsx.com sexearicjeh.com sexyneolded.com skafruedaktor.com skalk.info skanerhavio.com skechingouz.com sketchar.art sketiopaag.com skevapluif.com skilom.homes slaqot.com smacktoloapert.com smplemente.net snidjafail.com snilpmagazfor.com snofermild.com softwinmeod.com sporteatinom.com staikfuetures.com stakingmask.com stanpyerdx.com stapcovert.com staringgeipod.com statiskalreon.com statoparkof.com stdtplast.com stefilockjiza.com stegaporto.com strindcommer.com stringspakert.com stronpilor.com swatihoodi.com sweetyzdufyp.com systimjoyzy.com taisaautodorf.com team-viewercom.top thondorbird.com thunnderbilp.space thuunderbilb.space thuunderbils.space tiulycon.com tradicop.com transpilion.lol tranzitpiert.com trasewpatyuska.com trctorsfabricue.com trodaviatrokaw.com trollmustfishto.com tromkalkadio.com tronkaprofa.com troscant.one troslaiet.com truchvols.homes tthunderbilp.space tuslounech.com us-thunderbird-soft.top vertyfag.cloud viskocompetr.com vroomtolkena.com vvv-docker-us.com vvv-docker-us.top vvw-dlscord.top vvwdlscord.top vwv-irs-forms.top wazxlerasta.com wendoqolta.com weranaelliots.com werandotrek.com wistaropa.com wlonkabeadinga.com wnoykaaloha.com woezxmioasla.top workedstarcop.com worrtekbor.com wrinatabloq.cloud wvv-basecamp-us.top wvw-docker-us.com wvw-mlcrosofteams.top wvw-webex-us.top wvw-whalsapp-us.top wvwmlcrosofteams.top wwwwanydeskcom.top xopdaroad.beauty yozadading.com zeroportozoo.com znoatefif.lol zoppwet.pics zoykolmena.com zulanuca.shop zusmodert.com # Reference: https://twitter.com/k3dg3/status/1650579691978252328 # Reference: https://www.virustotal.com/gui/ip-address/193.149.129.152/relations # Reference: https://tria.ge/230424-xxcp9afg4s/behavioral1 ewyersbetter.com # Reference: https://www.virustotal.com/gui/file/90aeafc90be26a167104b5fde10a44ee61b06fcb2bd3760949de50872039d4b2/detection auronavtimor.com # Reference: https://www.virustotal.com/gui/file/277a97a2dd85bc8f404e58e28410e2d742eb4714e5a6fbbbbc2471d5e3e79a37/detection klonpiparf.com # Reference: https://twitter.com/k3dg3/status/1651686244781289496 yewopeuropaus.com # Reference: https://twitter.com/k3dg3/status/1652001968783601665 # Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_28.04.2023.txt # Reference: https://www.virustotal.com/gui/ip-address/5.61.37.224/relations # Reference: https://www.virustotal.com/gui/file/371c2cdb76692d1f4db02a946607bc69d768a8acad42c7e96014eaf18e51e599/detection aeloderton.com alomegodarks.com fdorepolass.com miolicelis.com # Reference: https://www.virustotal.com/gui/file/dbe20431bd0fe298357c1bc3df57dfb803b6cb77e078c17c48c0a5da3feab6bf/detection alepscoking.com # Reference: https://www.virustotal.com/gui/file/08b62d9687a20192887eecc20d86fa794d8fb1871dd78a2d3e7445931dc6fb70/detection bgreenglobus.com # Reference: https://www.virustotal.com/gui/file/f6153ad86d31b9b83c4093e7bf1f0402dd19ba144f8785ca566b292ca4363fca/detection xairdone.com # Reference: https://www.virustotal.com/gui/file/c12d0d30e6b1b5567ceafab35f60f0ce7893f75c29bcaf8021a32035131b9d05/detection joysaketshops.com # Reference: https://twitter.com/k3dg3/status/1656352426507530245 # Reference: https://tria.ge/230510-v3vf5sbb8y/behavioral1 nedgogolinh.com # Reference: https://twitter.com/0xBurgers/status/1656928911840907264 domsubuuu.buzz flekaspino.buzz germscleaner.store givesunshine.info pexpoline.buzz sprinklerest.buzz teamentroof.buzz workdiskleft.buzz # Reference: https://threatfox.abuse.ch/browse/malware/win.icedid_downloader/ actuallyobligat.info actuallyobligat.ink alconauytor.com amarilloporeder.pw anisiderblomm.com asredetyr.site aucespoo.ink audifastinggip.com bedogilas.top blackferrow.com bleizcarsgood.com blompompad.com dekeoipsi.top driophizter.com druidfenixis.com eholeyear.bid endofyour.ink enjoyednot.top enticationmetho.ink firehwost.com firstdatachannel.art fisherslipkom.com fucherwindo.com gadverjo.com gintoonafa.com gochihochkiz.fun grendafolz.com grizdrolendino.com guaracheza.pics harrisonnenda.com hevciak.com hftpaeers.com houghthepl.ink illinoismusichall.com libre-offlce.top likoportio.fun loremurs.com matesedoulta.com meeruboot.space microsoft-teamscom.top monowhell.com munipalis.top nermorell.com oceanmeer.site onedollarmax.com onlyadheres.com onokdaynekti.top orangegrande.com overpasta.ink owesureoma.top pastwestbi.top placingapie.ink plutoheadingo.com porimoksin.ink portedauthenticati.ink preomondaka.com qvenzizshop.com sauceson.ink showsyouthe.top sincaplox.com sipfierqaz.com smallbadcity.com stayersa.art tiplifid.top toughflatlying.com tyretclaster.club ultraxreroxx.com vvw-irs-forms.top vww-discord.top vww-dlscord.top wasthuliok.live whoreviki.top wvw-llbreofflce.top wvw-onenote.top www-adobe-com.top www-discord-com.top www-onenote-com.top wwwanydesk-com.top wwwirsforms-com.top wwwmlcrosofteams.top wwwslackcom.top wwwteamviewercom.top zanokiryq.com zasewartefiko.top zlinderfaid.com zojecurf.store # Reference: https://twitter.com/Unit42_Intel/status/1657014096200343554 139.59.33.128:443 # Reference: https://thedfirreport.com/2023/05/22/icedid-macro-ends-in-nokoyawa-ransomware/ belliecow.wiki curabiebarristie.com # Reference: https://twitter.com/FarghlyMal/status/1661844844476612608 153ishak.best boldidiotruss.xyz ilu21plane.xyz nizaoplov.xyz # Reference: https://twitter.com/ian_kenefick/status/1673629443766534144 # Reference: https://twitter.com/ian_kenefick/status/1677236366575296514 # Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ aflercoopert.com akedhorrorr.com aloowpromis.com amirkofeefour.com anscowerbrut.com arliapples.com atoryshapsn.com dolscapche.com eloasammer.com fletchersgroop.com fleurdetarbs.com frutmossert.com hloyagorepa.com jinoparterves.com jizzynaf.com kojgimagi.com natursaker.com necgatinh.com nemchaprues.com nerfgamesarche.com palesreapor.com piomasocks.com seahloperd.com skayfingertawr.com skepartisol.com stathorrientd.com tracautomatitspow.com trofpokertak.com voesallientak.com yellorquli.com # Reference: https://twitter.com/k3dg3/status/1679585047450464257 # Reference: https://bazaar.abuse.ch/sample/517e2852fe933c6f1713d648707dc0b3c677329c4078145095ce140691388928/ # Reference: https://www.virustotal.com/gui/file/517e2852fe933c6f1713d648707dc0b3c677329c4078145095ce140691388928/detection http://45.11.182.118 # Reference: https://www.virustotal.com/gui/ip-address/80.66.64.154/relations beerang.top boronia.top ginomar.top irsformsusa.top jiveleta.top musarga.top mutalis4hello45.top russiathecrown.top semorqa.top slack-usa.top sntdr.site www-adobe-reader.top www-webex-us.top zoom-usa.top zoomusa.top # Reference: https://www.virustotal.com/gui/file/aa8138d2fd97003e534e36c9961e1a105b13ea24ccf7db1059ea4026b28b5247/detection skofilldrom.com # Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 14 Jul 2023) http://104.21.7.13 http://170.130.55.140 http://170.130.55.187 http://170.130.55.195 http://170.130.55.199 http://170.130.55.228 http://45.11.182.114 http://45.11.182.115 http://45.11.182.117 http://45.11.182.119 http://45.11.182.120 http://45.11.182.121 http://45.11.182.61 http://77.83.196.189 104.168.152.22:443 104.168.53.11:443 104.219.233.149:443 104.223.118.109:443 104.248.21.165:443 104.248.81.48:443 108.174.196.152:443 138.197.138.46:443 138.68.244.54:443 139.59.186.140:443 139.59.72.105:443 140.99.3.12:443 151.236.30.214:443 151.236.30.222:443 151.236.9.101:443 151.236.9.187:443 151.236.9.205:443 157.245.104.223:443 159.89.116.11:443 168.100.8.203:443 176.124.32.116:443 192.153.57.109:443 192.3.76.146:443 193.149.129.12:443 193.149.129.231:443 193.149.129.25:443 193.149.129.87:443 193.168.143.131:443 193.168.143.138:443 193.43.104.28:443 206.166.251.101:443 206.188.196.238:443 206.188.197.120:443 206.188.197.251:443 207.154.203.203:443 38.180.34.14:443 45.144.178.236:443 45.61.137.119:443 45.61.139.196:443 5.230.57.30:443 5.230.68.190:443 5.255.115.226:443 5.255.122.79:443 5.255.124.55:443 5.255.99.21:443 64.227.146.71:443 68.183.198.18:443 68.183.77.223:443 74.201.30.4:443 80.66.88.162:443 85.239.63.218:443 87.251.64.211:443 87.251.67.49:443 91.193.18.205:443 94.232.46.201:443 boomstortyil.com groowstatb.com gualazaskanti.com # Reference: https://twitter.com/powershellcode/status/1680293518995226625 http://80.77.23.154 http://80.77.23.155 http://80.77.23.170 http://80.77.23.176 http://80.77.23.64 http://91.240.202.190 http://91.240.202.195 # Reference: https://twitter.com/ian_kenefick/status/1681777219251716096 airnaftokampa.com archiparist.com brakoairnis.com elokijjonaut.com jizzygamgp.com krepradoshaps.com nedromeagi.com nezgoakker.com pearuchemilk.com plurescandistika.com prasketfostert.com speedfatoppam.com trainpolkstaet.com # Reference: https://www.virustotal.com/gui/file/c41b62c08150340a18b6fc1a3acde0b8496441497b1a2af9b8f3c7ea4d2b573e/detection # Reference: https://www.virustotal.com/gui/file/cb8cb60629d7d85aa621d611a45462dd4e385b65df06b0116763a456e102a841/detection officialk2spice.com wiraofise.com # Reference: https://twitter.com/JAMESWT_MHT/status/1681221724753240065 testserbia.com/wp-content/out/k.php # Reference: https://twitter.com/k3dg3/status/1683544196341219341 # Reference: https://twitter.com/ian_kenefick/status/1683549956584382486 # Reference: https://tria.ge/230724-w1dlaaha6w/behavioral1 # Reference: https://www.virustotal.com/gui/file/8b5529d29aeaf195889ebad68f2c3a390845e173edfec923acaf25fed824a529/detection autokamertos.com childhauster.com erailopaf.com filtaferamoza.com findertoues.com flarkonafaero.com gravitoperka.com lasergathe.com lergochatep.com lohmotarufos.com magiketchinn.com magizanqomo.com miniprukerw.com nechgoper.com nimezidhalxa.com rinotrackingg.com silmofaid.com skazifrant.com spakernakurs.com sucksonouch.com villysnapsy.com wgamershyh.com # Reference: https://twitter.com/THIR_Sec/status/1676962063082737677 # Reference: https://www.virustotal.com/gui/file/163b06edcd4986d554e5a64df9c53de700a769543053f8d191a63ec444e396f5/detection safeworld.cl/out/d.php # Reference: https://twitter.com/reecdeep/status/1673652535360454656 bestholidaysdestinations.com/out/sal.php rankboss.com/out/sal.php springandyouth.com/out/sal.php # Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 2023-07-25) http://170.130.165.246 http://170.130.165.247 http://170.130.165.250 http://170.130.165.89 http://173.232.146.10 atomaresto.com pitrinoaoil.com # Reference: https://www.virustotal.com/gui/ip-address/38.180.0.182/relations # Reference: https://www.virustotal.com/gui/file/4871d83c32ce40c24171ec40c4548dd320fe183a58d3866aa88c0b12d2d7b3ae/detection # Reference: https://www.virustotal.com/gui/file/9e741bbca30380dd6f62954ca9e1c9d2a6270e00c92ce11ff18956dfe0ff2f20/detection foasseropgh.net /botpackn1.dat /botpackn2.dat /botpackn3.dat /botpackn4.dat /botpackn5.dat /botpackn6.dat /botpackn7.dat /botpackn8.dat /botpackn9.dat # Reference: https://twitter.com/ian_kenefick/status/1683812491514486785 kechizlarey.com # Reference: https://twitter.com/ian_kenefick/status/1684175591082188800 fireplotcann.com vrondafarih.com # Reference: https://twitter.com/ian_kenefick/status/1684519844656340993 mineskateroff.com needsomsital.com # Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 2023-07-28) http://134.122.75.104 http://143.110.209.116 http://159.203.20.194 http://164.90.238.94 http://165.227.104.80 http://167.99.255.146 http://170.130.165.61 http://170.130.165.62 http://170.130.165.83 http://173.44.141.224 http://206.188.196.136 103.208.85.14:443 103.208.85.216:443 103.208.85.42:443 103.208.86.118:443 103.68.108.10:443 104.168.132.147:443 104.168.144.138:443 104.168.53.13:443 104.168.53.18:443 104.168.59.73:443 128.199.3.164:443 134.122.75.104:443 134.209.109.146:443 134.209.144.24:443 134.209.157.203:443 137.184.164.28:443 137.184.172.23:443 138.197.177.26:443 138.197.64.163:443 139.59.26.99:443 139.59.32.97:443 139.59.67.109:443 139.59.89.80:443 140.99.221.138:443 140.99.32.203:443 140.99.32.219:443 140.99.4.3:443 142.11.206.160:443 142.93.217.201:443 143.110.209.116:443 143.110.210.71:443 143.110.250.186:443 143.244.141.126:443 144.126.226.88:443 149.154.152.217:443 149.154.152.58:443 149.154.153.110:443 149.154.154.214:443 149.202.29.169:443 151.236.13.44:443 151.236.30.131:443 151.236.30.192:443 151.236.30.246:443 151.236.8.73:443 151.236.9.107:443 151.236.9.206:443 158.255.211.133:443 158.255.211.62:443 158.255.211.85:443 158.255.212.150:443 158.255.212.175:443 158.255.212.81:443 159.203.20.194:443 159.203.86.86:443 159.223.216.52:443 159.89.120.183:443 159.89.124.188:443 162.33.177.47:443 162.33.178.40:443 162.33.179.202:443 162.33.179.33:443 162.33.179.35:443 164.90.238.94:443 165.22.217.33:443 165.232.175.216:443 168.100.10.214:443 168.100.10.51:443 168.100.11.123:443 168.100.11.167:443 168.100.8.213:443 168.100.9.109:443 168.100.9.203:443 168.100.9.218:443 169.239.128.143:443 172.86.75.157:443 172.86.75.159:443 172.86.75.189:443 172.86.75.50:443 172.86.75.64:443 176.31.90.131:443 185.123.53.211:443 185.161.70.195:443 185.161.70.44:443 185.161.70.6:443 185.73.124.161:443 185.73.124.8:443 185.99.132.18:443 185.99.133.122:443 185.99.133.164:443 185.99.133.17:443 185.99.133.84:443 192.119.110.253:443 192.153.57.110:443 192.153.57.134:443 192.153.57.157:443 192.153.57.233:443 192.153.57.24:443 192.153.57.82:443 192.153.57.96:443 192.236.146.34:443 192.236.154.108:443 192.236.162.108:443 192.236.193.209:443 192.236.198.7:443 193.149.129.152:443 193.149.129.177:443 193.149.129.191:443 193.149.129.238:443 193.149.129.48:443 193.149.180.16:443 193.149.187.7:443 193.149.189.254:443 193.168.143.106:443 193.168.143.111:443 193.168.143.121:443 195.20.17.133:443 195.20.17.176:443 195.20.17.21:443 195.20.17.62:443 195.20.17.64:443 2.56.177.122:443 206.166.251.62:443 206.188.197.91:443 206.189.138.24:443 207.154.221.213:443 213.59.118.207:443 216.73.159.132:443 216.73.159.134:443 216.73.159.29:443 216.73.159.44:443 216.73.159.53:443 216.73.159.57:443 216.73.159.63:443 217.199.103.232:443 217.199.121.211:443 217.199.121.56:443 23.254.202.234:443 23.254.224.148:443 23.254.226.152:443 37.235.56.30:443 37.235.56.37:443 37.235.56.94:443 37.252.6.77:443 38.180.0.89:443 38.180.8.169:443 45.12.109.136:443 45.12.109.195:443 45.12.109.221:443 45.12.139.90:443 45.15.161.254:443 45.61.136.193:443 45.61.136.6:443 45.61.138.171:443 45.61.138.175:443 45.61.138.181:443 45.61.138.227:443 45.61.139.138:443 45.61.139.179:443 45.61.139.235:443 45.61.139.243:443 45.66.248.7:443 45.82.247.121:443 45.82.247.148:443 45.82.247.87:443 45.82.251.36:443 45.82.251.44:443 45.86.230.141:443 45.88.221.211:443 45.89.98.138:443 45.92.162.84:443 45.92.163.123:443 45.92.163.238:443 46.149.75.148:443 46.151.29.201:443 5.144.132.47:443 5.206.224.239:443 5.206.227.5:443 5.230.57.194:443 5.230.66.157:443 5.230.67.227:443 5.230.68.48:443 5.230.68.66:443 5.230.70.135:443 5.230.70.140:443 5.230.70.57:443 5.230.72.37:443 5.230.73.139:443 5.230.73.157:443 5.230.73.172:443 5.230.73.244:443 5.230.73.61:443 5.230.74.202:443 5.230.74.203:443 5.230.74.223:443 5.230.75.11:443 5.230.75.134:443 5.230.75.188:443 5.230.75.247:443 5.230.76.198:443 5.230.76.44:443 5.230.78.208:443 5.252.178.142:443 5.255.100.32:443 5.255.100.65:443 5.255.101.68:443 5.255.102.167:443 5.255.102.88:443 5.255.103.108:443 5.255.103.75:443 5.255.104.11:443 5.255.104.145:443 5.255.104.153:443 5.255.104.233:443 5.255.104.45:443 5.255.105.239:443 5.255.105.55:443 5.255.106.136:443 5.255.106.240:443 5.255.106.72:443 5.255.106.78:443 5.255.107.149:443 5.255.109.175:443 5.255.109.46:443 5.255.110.177:443 5.255.111.220:443 5.255.113.157:443 5.255.119.21:443 5.255.120.33:443 5.255.98.126:443 5.255.99.51:443 5.61.61.35:443 64.227.131.33:443 64.94.214.200:443 66.151.51.32:443 68.183.175.39:443 77.243.86.137:443 80.66.88.145:443 80.66.88.40:443 81.19.141.20:443 84.54.47.75:443 85.239.52.234:443 86.38.217.131:443 87.251.64.208:443 87.251.67.166:443 87.251.67.175:443 87.251.67.181:443 87.251.67.219:443 87.251.67.75:443 89.117.88.249:443 89.117.89.105:443 89.23.107.26:443 89.23.107.39:443 89.31.123.14:443 89.44.9.157:443 91.193.18.49:443 91.235.234.135:443 91.235.234.72:443 91.238.50.101:443 91.238.50.26:443 91.238.50.30:443 91.238.50.32:443 91.238.50.79:443 94.140.112.152:443 94.140.112.173:443 94.140.112.194:443 94.140.112.61:443 94.140.112.97:443 94.140.114.102:443 94.140.114.109:443 94.140.114.121:443 94.140.114.54:443 94.140.114.96:443 94.140.115.159:443 94.140.115.224:443 94.140.115.57:443 94.158.244.111:443 94.158.244.79:443 94.158.247.58:443 94.158.247.65:443 94.232.46.217:443 94.232.46.63:443 94.232.46.65:443 98.142.251.189:443 aerobrabusvoc.com appkasnofert.com priklosta.com rsescolumbus.org webprimosloja.shop # Reference: https://www.team-cymru.com/post/inside-the-icedid-backconnect-protocol-part-2 104.248.21.165:8080 104.248.21.165:8082 104.248.21.165:8083 104.248.21.165:8101 104.248.223.35:8080 104.248.223.35:8082 104.248.223.35:8083 104.248.223.35:8101 116.203.30.206:443 116.203.30.206:8080 116.203.30.206:8082 116.203.30.206:8083 116.203.30.206:8101 134.122.62.178:8080 134.122.62.178:8082 134.122.62.178:8083 134.122.62.178:8101 135.148.217.85:443 135.148.217.85:8082 135.148.217.85:8083 135.148.217.85:8101 138.197.146.18:8080 138.197.146.18:8082 138.197.146.18:8083 138.197.146.18:8101 138.68.244.54:8080 138.68.244.54:8082 138.68.244.54:8083 138.68.244.54:8101 139.59.186.140:8080 139.59.186.140:8082 139.59.186.140:8083 139.59.186.140:8101 139.59.33.128:8080 139.59.33.128:8082 139.59.33.128:8083 139.59.33.128:8101 139.59.72.105:8080 139.59.72.105:8082 139.59.72.105:8083 139.59.72.105:8101 159.89.116.11:8080 159.89.116.11:8082 159.89.116.11:8083 159.89.116.11:8101 161.35.166.97:8080 161.35.166.97:8082 161.35.166.97:8083 161.35.166.97:8101 162.33.179.145:443 162.33.179.145:8082 162.33.179.145:8083 162.33.179.145:8101 162.33.179.218:8080 162.33.179.218:8082 162.33.179.218:8083 162.33.179.218:8101 167.99.235.95:443 167.99.235.95:8080 167.99.235.95:8082 167.99.235.95:8083 167.99.235.95:8101 167.99.248.13:443 167.99.248.13:8080 167.99.248.13:8082 167.99.248.13:8083 167.99.248.13:8101 185.99.132.16:443 185.99.132.16:8082 185.99.132.16:8083 185.99.132.16:8101 192.153.57.134:8080 192.153.57.134:8082 192.153.57.134:8083 192.153.57.134:8101 193.149.176.100:8080 193.149.176.100:8082 193.149.176.100:8083 193.149.176.100:8101 193.149.176.198:8080 193.149.176.198:8082 193.149.176.198:8083 193.149.176.198:8101 193.149.187.7:8080 193.149.187.7:8082 193.149.187.7:8083 193.149.187.7:8101 193.239.85.16:443 193.239.85.16:8082 193.239.85.16:8083 193.239.85.16:8101 207.154.203.203:8080 207.154.203.203:8082 207.154.203.203:8083 207.154.203.203:8101 209.38.220.183:8080 209.38.220.183:8082 209.38.220.183:8083 209.38.220.183:8101 45.61.137.159:8080 45.61.137.159:8082 45.61.137.159:8083 45.61.137.159:8101 45.61.137.220:443 45.61.137.220:8082 45.61.137.220:8083 45.61.137.220:8101 45.61.139.144:8080 45.61.139.144:8082 45.61.139.144:8083 45.61.139.144:8101 45.61.139.235:8080 45.61.139.235:8082 45.61.139.235:8083 45.61.139.235:8101 46.21.153.153:443 46.21.153.153:8082 46.21.153.153:8083 46.21.153.153:8101 5.196.196.252:443 5.196.196.252:8082 5.196.196.252:8083 5.196.196.252:8101 64.226.86.179:443 64.226.86.179:8080 64.226.86.179:8082 64.226.86.179:8083 64.226.86.179:8101 64.227.146.71:8080 64.227.146.71:8082 64.227.146.71:8083 64.227.146.71:8101 64.227.48.93:8080 64.227.48.93:8082 64.227.48.93:8083 64.227.48.93:8101 68.183.198.18:8080 68.183.198.18:8082 68.183.198.18:8083 68.183.198.18:8101 80.66.88.71:443 80.66.88.71:8082 80.66.88.71:8083 80.66.88.71:8101 # Reference: https://www.virustotal.com/gui/file/7f28c4bd1ac88ff3475365e3c77974fb99adc3a4ec9597e7bfeba6f1da51c24a/detection http://45.11.180.149 # Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ 104.248.242.189:443 138.197.168.142:443 139.59.29.151:443 176.124.32.124:443 185.205.187.140:443 193.168.143.109:443 2.56.177.14:443 bnreadgoning.com catnagulsk.com halifmagzoom.com illboardinj.com pertanezer.com shalwolonzy.com triopahom.com # Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 2023-07-31) groovetsan.com jiuzuzyew.com kimsoupg.com # Reference: https://twitter.com/ian_kenefick/status/1686356392674754560 skeletoheltha.com # Reference: https://threatfox.abuse.ch/ioc/1146915/ aoysnakert.com # Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 2023-08-05) http://206.189.15.112 http://46.101.194.92 104.168.59.9:443 128.199.99.24:443 139.59.30.28:443 143.198.36.172:443 151.236.9.111:443 157.245.147.16:443 164.92.190.54:443 165.227.31.225:443 176.124.32.108:443 193.109.120.119:443 193.168.141.15:443 195.85.115.188:443 206.189.15.112:443 46.101.194.92:443 archiboldon.com derhmajuzi.com ospertoolsbo.com perdimount.com pireltotus.com reraitper.com tytsoftikor.com ultrafoks.com # Reference: https://twitter.com/x3ph1/status/1687536724023377932 # Reference: https://www.virustotal.com/gui/ip-address/81.177.140.194/relations # Reference: https://www.virustotal.com/gui/file/c8fa87a63297851bb387a5a7d1202b785eb6eb99b9d4041397c90cb2db69d87a/detection 9sta9rt4.store 994super.site bigforest682.store screenrecorder.site global-app.space # Reference: https://www.virustotal.com/gui/file/c8f17882c567e27db7d850a3110d95e9bb907e03319156fa2f928ad079ea7d35/detection # Reference: https://www.virustotal.com/gui/file/b140f907a0cd693c4a5abfc5fa2214377716da7865a767d9d883a5b6163b3d31/detection # Reference: https://www.virustotal.com/gui/file/5068af522efbfa24c410c8f1d190225438b8c07efcb0b2ae45fb6260089ea019/detection cajaminoretino.ru promtrainmoping.com # Reference: https://www.virustotal.com/gui/file/10efcc11981279f9d3eaa7b58d5dacff11ee87acf5f1b051cfaf6f429a83ac58/detection skamusdeadin.com # Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 2023-08-05) http://104.168.152.22 http://104.168.59.73 http://104.168.59.9 http://104.219.233.41 http://128.199.99.24 http://134.209.109.146 http://137.184.164.28 http://138.197.177.26 http://139.59.30.28 http://140.99.221.138 http://142.93.217.201 http://143.198.36.172 http://149.202.29.169 http://151.236.30.131 http://151.236.30.222 http://151.236.9.111 http://157.245.147.16 http://164.92.190.54 http://165.227.31.225 http://176.124.32.108 http://176.124.32.124 http://176.31.90.131 http://185.123.53.211 http://185.73.124.8 http://192.236.146.34 http://193.109.120.119 http://193.109.120.27 http://193.168.141.15 http://193.168.143.15 http://195.133.52.11 http://195.85.115.188 http://2.56.177.122 http://2.56.177.14 http://2.56.177.183 http://80.66.88.162 http://80.66.88.72 http://89.117.88.249 http://91.193.18.49 193.109.120.27:443 66.63.188.6:443 # Reference: https://threatfox.abuse.ch/ioc/1148836/ dkepostnatures.com # Reference: https://threatfox.abuse.ch/ioc/1149067/ http://162.33.179.158 # Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 2023-08-08) http://143.244.140.238 http://193.168.141.76 affiksmaali.com kanomapsfuter.com # Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 2023-08-09) http://167.99.240.150 http://195.85.115.72 # Reference: https://github.com/pan-unit42/tweets/blob/master/2023-08-09-IOCs-from-IcedID-infection.txt podiumstrtss.com pokerstorstool.com smakizelkopp.com # Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 2023-08-11) http://128.199.151.179 http://143.110.241.178 http://159.223.95.82 http://164.92.144.116 http://167.71.35.189 http://176.124.32.164 http://185.153.182.156 http://5.181.159.39 http://5.181.159.41 http://5.181.159.51 http://5.181.159.54 http://5.181.159.55 http://94.158.245.178 # Reference: https://www.virustotal.com/gui/ip-address/137.74.104.108/detection 137.74.104.108:443 # Reference: https://www.virustotal.com/gui/file/010051aa8c323b920bc9ce0f635163ad74d5375bf9ccb307ea4b11ce797d44e4/detection conniterot.com cranetisti.com dicarkadar.com flagration.pw intesteron.com litellusef.com matchippsi.com mediaterki.com scotiation.pw # Reference: https://threatfox.abuse.ch/ioc/1150454/ mokililsan.com # Reference: https://threatfox.abuse.ch/ioc/1150809/ 143.110.245.38:443 # Reference: https://threatfox.abuse.ch/ioc/1150871/ http://159.203.8.183 # Reference: https://www.deepinstinct.com/blog/pindos-new-javascript-dropper-delivering-bumblebee-and-icedid # Reference: https://otx.alienvault.com/pulse/64a2e37e2ed3cb6e66de1d49 acsdxb.net adecoco.us carwashdenham.com egyfruitcorner.com intellectproactive.com logisticavirtual.org masar-alulaedu.com posao-austrija.at qaswrahc.com tech21africa.com tusaceitesesenciales.com # Reference: https://threatfox.abuse.ch/ioc/1151265/ http://168.100.9.127 # Reference: https://threatfox.abuse.ch/ioc/1151419/ 46.101.237.100:443 # Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 2023-08-22) http://104.168.59.4 http://140.99.32.199 http://151.236.30.57 http://151.236.9.237 http://159.203.5.115 http://168.100.11.144 http://193.109.120.30 http://206.166.251.139 http://85.192.40.160 167.71.35.189:443 167.99.240.150:443 168.100.11.144:443 168.100.9.127:443 ameliachoi.autos antwanpittman.autos carindeza.com cheenzocan.com fisheredwards.autos khalilhunter.autos krishalvarado.autos minesotkarpid.com playertinid.com skansnekssky.com snipelhafer.com stelkaret.com tremethaj.com ultrasnafpor.com wisthardem.wiki yelkafeelind.com # Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 2023-08-25) http://45.66.248.64 http://45.8.158.140 http://68.183.93.101 http://87.251.67.42 http://91.193.43.161 alishopelec.com carsmarcetwrld.com ewacootili.com kefsocksmag.com liopalsdrom.com magiraptoy.com manamagazano.com manderatapple.com rpgmagglader.com skrechelres.com tramikora.com tronpafet.com ultrascihictur.com zillafrogss.com zonanullpoker.com # Reference: https://threatfox.abuse.ch/ioc/1152240/ 164.92.241.101:443 # Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 2023-08-30) http://140.99.2.194 http://151.236.9.176 http://193.124.22.41 http://45.129.199.26 http://66.63.188.76 http://87.251.67.52 http://91.193.43.217 # Reference: https://threatfox.abuse.ch/ioc/1152421/ http://194.58.68.187 # Reference: https://threatfox.abuse.ch/browse/malware/win.icedid_downloader/ # Reference: https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2023-08-29-IOCs-for-IcedID-activity.txt # Reference: https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2023-08-31-IOCs-for-IcedID-activity.txt oopscokir.com avestainfratech.com/out/t.php moashraya.com/out/t.php # Reference: https://twitter.com/souiten/status/1697552282613948615 # Reference: https://www.virustotal.com/gui/file/2ef26042422e2cf48870e6d97921f8d916f6886457d013602623d06906f10fda/detection # Reference: https://www.virustotal.com/gui/file/380f5069a6d9b4689058ba53876b0571a9f81cf8d1388d71ee555118a0d967c8/detection 52.33.28.135:443 # Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 2023-09-02) http://151.236.9.166 http://151.236.9.24 http://165.22.220.20 http://192.236.162.26 http://87.251.67.168 http://94.232.46.225 fraktomaam.com patricammote.com # Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 2023-09-05) http://104.129.21.197 http://128.199.206.238 http://146.190.242.204 http://157.245.102.160 http://157.245.106.203 http://167.172.169.229 http://167.71.62.175 http://168.100.11.151 http://193.109.120.108 http://193.149.129.81 http://193.149.176.133 http://193.149.190.239 http://66.63.168.126 http://68.183.6.108 http://80.66.88.42 http://91.149.232.174 159.203.22.84:443 162.33.179.240:433 45.61.138.12:443 carsruitkan.com clainsrimauto.com dionaolesjob.com feekstokandy.com feeltravelstok.com fustindor.com gerkablop.com kaheshanpa.com kevinbrawiewu.com majzolimka.com maskarbloom.com mmaymsoffrter.com plastcmoont.com plesbrilllian.com shoopsihas.com snapservarior.com # Reference: https://threatfox.abuse.ch/ioc/1155931/ http//45.129.199.13 # Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 2023-09-13) http://104.168.59.68 http://139.59.29.78 http://139.59.29.86 http://45.129.199.13 http://94.232.46.231 139.59.19.114:443 allienhasiwert.com kaspimension.com skootershopenf.com trentimarsop.com # Reference: https://twitter.com/Tac_Mangusta/status/1701902120692166887 # Reference: https://twitter.com/JAMESWT_MHT/status/1701926130884727211 # Reference: https://tria.ge/230913-mhmxkadh63 restohalto.site # Reference: https://tria.ge/230909-c55e1sha28/behavioral1 # Reference: https://www.virustotal.com/gui/ip-address/81.177.140.69/relations ads-info.ru ads-info.site clk-brom.ru clk-brom.site clk-info.site fresh-prok.ru fresh-prok.site jizagaws.online new-prok.ru new-prok.site trust-flare.site # Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 2023-09-13) # Reference: https://www.virustotal.com/gui/file/448e07d0b17f3ffdb2f74c2a50effc29979b7a8d5c7d499fd1207bc84747e4a0/detection gurdubigoma.com scauditora.cl vocesdelatinoamerica.com # Reference: https://twitter.com/phage_nz/status/1702095851634704809 # Reference: https://tria.ge/230913-2nkfysaa45/behavioral1 minutozhart.online # Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 2023-09-20) http://103.208.86.81 http://104.129.21.254 http://104.168.53.70 http://134.209.110.138 http://149.248.77.53 http://172.86.75.236 http://176.124.32.30 http://185.123.53.150 http://193.124.22.170 http://193.124.46.116 http://193.37.69.113 http://216.73.159.20 http://46.101.16.86 http://87.251.67.46 http://91.235.234.233 146.190.28.193:443 strastkamenhoop.com # Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 2023-09-22) http://104.129.21.204 123.30.137.194:21 13.237.195.116:443 13.52.121.66:443 13.57.55.155:443 139.162.6.236:443 140.210.94.185:443 172.104.42.176:443 184.169.214.156:443 184.169.223.42:443 206.166.251.33:443 3.105.92.116:443 3.82.225.224:443 3.95.241.204:443 39.104.16.102:443 39.104.17.212:443 39.104.23.152:443 39.104.27.24:443 39.104.72.59:443 39.104.94.83:443 51.250.91.99:443 52.65.231.93:443 54.151.68.59:443 54.151.74.195:443 54.176.193.133:443 54.241.197.226:443 54.252.13.186:443 54.66.136.198:443 54.67.100.168:443 54.67.19.155:443 54.79.125.231:443 69.164.208.254:443 # Reference: https://twitter.com/Cryptolaemus1/status/1706635492224024765 # Reference: https://twitter.com/JAMESWT_MHT/status/1706646248604721643 # Reference: https://twitter.com/fr0s7_/status/1706651956184240460 # Reference: https://www.virustotal.com/gui/ip-address/157.245.102.160/relations # Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_09.26.2023.txt http://135.125.177.95 http://192.153.57.191 http://206.166.251.177 http://206.188.196.120 http://95.164.17.59 157.245.102.160:443 pantherradio.media skrgerona.com transautomanf.com # Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 2023-09-27) http://192.153.57.191 http://206.166.251.177 http://206.188.196.120 http://45.129.199.67 13.237.1.27:443 140.210.94.185:9000 172.86.75.88:433 178.77.217.61:443 185.140.231.8:2083 3.104.41.163:443 39.104.164.115:443 # Reference: https://www.virustotal.com/gui/ip-address/157.245.106.203/relations awindakizend.com # Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/IcedID/icedid_loader_domains_2020_to_2023.txt 1derrick.pw 2014connflikki.pw 2kilozhiraffe.club 2points.xyz 2sekillo.pw 5kilozhuto.top actuallycost.top adrescairhot.com adwerife.cyou aerogregipop.com aginia.in aginia.tel akasafaresla.com alkaliodplus.com almostcruze.best alsohavethis.top angiliaisland.best applecourt.online aristomosuga.top arrowcaps.top asperuguz.store aviospe.com blodwarstayed.com blomskavino.com bookoffathes.pw bromidnaus.com cementqbilly.com cloudsappert.best counrerro.club crackeden.com cutterfighter.club demicdefinite.ink derrillo.website deteresposito.club dilinfilino.top dilingomer.top dilinwestbig.top dkiloipr.xyz dondebaloon.pro eightoclock.email eliskapalu.com enamulat.me eriumhasappar.club estalipica.com estoptionicou.top eysneolissionsm.com fallhuma.top fastbtcshimp.top fechirtout.com feedbackfile.download filimistareg.top foolishsmile.club footballer.bid freeharritage.top frodupshopping.com gegemony4you.top gekatolic.top gigameters.top gladmitter.com gohoemmuzlimanz.best gravitation.pw greejoin.xyz gremlinkremlin.download gudweenten.com guversaksi.com heatwould.ink hereiswell.top hlansmagazine.com hlipolipol.top holniakea.com hoseonlin.top hreffgreff.club iboracarde.com illocloud.com imilarquestio.top indiahindi.top iningsessi.ink juniarhends.com karimorodrigo.pw lakebikerool.com ldrcreep.net ldrfeelings.casa ldrmars.casa ldrradio.casa letsfiaclub.top letsgivnina.com lhaerty.com limerugaf.top load5th.casa loadboeing.click loadfifth.com lopityr4.pw lusinobig.top magnesiumik.top makelifebetterdo.fun mchinamoz.com meincarton.top minnerbkajoy.com morginakolim.com motorindianz.top motorzz.top ncaakneebroken.best ndalldoma.ink nefitsonyo.xyz neonverdicto.com neverbiglik.top nikolandfantazy.com nothingnewhere.life novemberprosse.space nrncipalmoonw.com ovninaysozidu.top parkerrsberg.site pashamasha.top pimidorro22.top piponareatna.com pleasurefascoin.com pleasurepopug.cyou podepopulos.pw ponkdgenki.top proanaliz.top pronfasket.com pumaadscolor.com qrenasursa.com qwasterni.top radiationglass.pw ranmilokd.com registrant.top renewersilti.top reseptors.com rifyyoure.ink roomdetect.com roovehiuxe.com rotmistr.club rshysytover.com safiliti.top sellsold.pw sethisabelle.website silkydaily.top sinctuation.club singularitty.best sleepvotioka.com slimworkslose.top slowbtcfred.top sobaprivba.rest sprotakepatuz.com starpetralina.com stayhaslyey.com stooryallice.com subdibermarine.pw thoutilin.fun tocsicambar.xyz toloutsicnow.top tourryd.club turkeyakinchi.pw unkin4i.pw unodostres.uno upperdown.in viryigamaps.top vzaimrazv.cyou warfarehotconflickt.space worldcrysys.top xikolaman.com yellowpyrrol.com yellwells.com youandtherest.cyou ypothesisabo.top zmekiloder.site zodiakko.cyou zolerasiop.club zoplasure.top zroybalkane.com # Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 2023-09-30) http://104.223.118.109 http://151.236.9.203 http://206.53.55.5 http://45.61.139.232 http://66.63.188.5 http://80.66.88.67 http://91.149.221.245 185.140.231.8:8443 neelsmagofter.com # Reference: https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2023-09-28-IOCs-for-IcedID-with-KeyholeVNC-and-Cobalt-Strike.txt # Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_09.28.2023.txt # Reference: https://www.virustotal.com/gui/file/6dbeb28cbe80c26172002ea3b96b94b49cf6be226c4c56cd64bf9830a55e65d2/detection http://155.138.164.116 http://155.138.160.67 172.86.75.88:443 carsfootyelo.com # Reference: https://twitter.com/JAMESWT_MHT/status/1708779052918616346 # Reference: https://app.any.run/tasks/75368f55-0e1e-4a5d-8d00-d2c809509ac1/ mestorycallin.com # Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 2023-10-02) http://147.182.156.64 http://151.236.9.107 http://162.33.179.136 http://45.129.199.92 http://45.61.137.225 http://91.193.18.135 45.61.137.95:443 52.52.160.6:443 baskamioitali.com borkatrostys.com bronxadoskep.com everynght.org evinakortu.com fanclubsdcomics.com fliskmanon.com hellowwwday.co hofsaalos.com jerryposter.com jkbarmossen.com lolibong.xyz mintatrizza.com nbastione.org # Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 2023-10-03) http://104.248.81.48 http://167.71.197.217 http://167.99.180.17 http://174.138.15.211 http://206.189.128.12 http://64.226.104.11 http://64.227.134.130 168.100.8.204:443 boskajean.com gazeraftop.com joekairbos.com trizdriama.com trondisaup.com zikrammo.tech # Reference: https://www.virustotal.com/gui/ip-address/185.73.124.154/relations # Reference: https://www.virustotal.com/gui/ip-address/80.78.24.30/relations # Reference: https://www.virustotal.com/gui/file/76a56c8d14604cc77de9d30ff8efb7b123a9ff793aac402774e8e55040087c99/detection scismmw.com # Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 2023-10-11) http://139.59.15.110 http://172.86.75.130 http://185.235.137.45 http://195.54.160.114 http://23.164.240.130 http://91.149.203.143 45.61.137.158:443 # Reference: https://app.any.run/tasks/e317f71f-e746-4f48-85de-564d86cb2d23/ modalefastnow.com # Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 2023-10-13) http://151.236.30.167 http://5.255.98.45 192.153.57.141:443 # Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_16.10.2023.txt http://193.168.141.169 http://198.98.61.173 http://89.147.111.46 aptekoagraliy.com drignyaffk.com lazirusairnaf.com seedkraproboy.com aatiq.com/ee/ abhiyandainik.com/as/ abodeclime.com/eboe/ aceresidence.com.ng/tec/ advanceindia.in/lsn/ adysfrenchbulldogs.com/pnme/ agnisurakshas.com/daa/ agriformexico.com/squi/ airoutlaw.com/ur/ ajpglobalshopping.com/eix/ al7irak.com/cs/ alleplus.com/rmeu/ amanafunville.com/imao/ anishindiaexports.com/eqe/ anrtimes.com/iane/ appstopic.com/lmip/ aquila-services.bg/qtui/ arbitribe.com/mt/ asim3d.com/mi/ autumnagedcare.com.au/ivev/ axioworldwide.com/iiqo/ badgeglow.com/oumo/ bangladeshmulticarehospital.com/loa/ bankpinar.com/rie/ besevic.com.ng/nt/ bologna.epu.edu.iq/dn/ bombaycasuals.com/ot/ breederexports.com/od/ bridgingtherapists.com/sit/ candyads.pro/gta/ casababadenopal.com/aot/ casababadenopal.com/trod/ cetmar18.edu.mx/te/ ceylontextiles.lk/esn/ cienporcientopurosurf.cl/toi/ closebit.com/un/ cottoncrumbs.com/ivll/ creativekiwiz.co.nz/iosd/ currylounge.ca/rel/ custominteriorscanada.com/urpf/ dawnlineltd.com/ut/ diginetworks.online/eie/ dma24.com/prti/ donadesi.co/squn/ drsalustidmd.com/ut/ e-deshltd.com/ssi/ eaasee.com/mrtu/ eatzapizza.in/ra/ eazywebsolution.com/isq/ egyfarm-eg.com/aq/ ejlalacademy.com/qea/ epuit.net/eoi/ esteraviation.com/lcho/ expertendeavor.com/tdio/ expressioncomp.com/iasu/ factorychampionshiprings.com/oi/ feedax.net/nct/ flyhigroup.com/ainv/ frey2.com/eemo/ galaxyanet.com.br/ns/ gelsynergysolutions.com/errr/ getesolutions.com/niom/ getimmobilier.com/emi/ goldleaf-revenup.com/retr/ groupersgame.com/stii/ gyngojuice.com/si/ happymix-eg.com/mnti/ herebestpriceoftheday.com/en/ highlandofpeace.com/ehi/ housingphotography.com/iac/ idealdabsters.com/to/ idsaperu.com/mal/ ifgbiobio.cl/et/ igaaexportsltd.co.tz/essv/ igpastpapers.com/tu/ impeccableafricatour.com/coau/ ingoroyayezunyirimpuhweruhango.org/feii/ itr.works/uiet/ jamnavidyapeeth.com/voni/ jpbenterprise.com/ea/ kakee.pro/snq/ kbsacademy.info/dslo/ khanz.co.nz/rvm/ kntelecom.pro.br/mi/ lakerestaurant.co.za/mxt/ lider.fm/uer/ linkprotect.cudasvc.com/url locatemee.com/sae/ lowcostbeer.com/elpu/ malabsatfal.com/ao/ medheightsltd.com/esu/ merret.cl/nip/ methodistchurchkenya.org/im/ mhideals.com/iqi/ mhpropertiesltd.com/ltr/ miami-breeze.com/et/ milanoboutique-gruppo.com/mlt/ miracle-manufacturing.com/se/ mixit-sound.com/rrm/ mochilaeasas.com/osr/ mudardevidaja.com.br/unnt/ ndskm.com/ieei/ nepalonlinepatrika.com.np/alvl/ noraxsolutions.com/sip/ nupectogo.com/mre/ ofc.ai/uui/ onlinequranforkids.com/eut/ oqily.com/abm/ palpa.ps/nme/ parafusacos.com.br/ue/ paramountfiresafety.com/neuc/ payware.online/hi/ photosuite.in/eutq/ pictopara.com/ua/ pizzajagvar.ir/oo/ plasteritelfe.com/etq/ plserviceandsolutions.com/iaq/ prnts.cc/uiqq/ propertystock.co.in/ie/ prottasabd.com/ild/ ptbolaaman.com/asi/ purevitamina.com/uume/ rahatbaytak.com/ee/ rexlubs.com/co/ rileyfalconsecurity.co.ke/os/ rocknetwork.org/pnm/ rotarycluboftema.org/itls/ salantrollc.com/nrie/ shajaratlemon.com/sre/ sheflight.com/us/ shopatbazar.com/nod/ shubhshadi.co.in/qmun/ sightvape.com/eosd/ smechannels.com/me/ somoyerdarpon.com/mea/ sorkarshop.com/la/ southdotuw.com/ut/ spacetechnasa.site/stet/ splusassociates.com/sla/ splusassociates.com/ut/ sqacommunitybd.org/nucr/ stay2book.com/rs/ stjohnacroc.org/iod/ studiocamposdesign.com/tq/ supervagas.online/sdmi/ svhhealthcare.com/teea/ tabishaftab.com/nit/ tcnboso.com/uem/ technoscience-egy.com/tlr/ teiacs.com.br/rddt/ tennislifemag.com/tets/ tfciltd.com/dpea/ the-platformlab.com/drol/ thebabysense.ca/nu/ thejojostores.com/iro/ thekeyboard.co.in/auqo/ travel2deals.com/muei/ triple-o.pt/qumt/ triton.mn/sa/ ttc.edu.sg/om/ unanimousgoatcloting.com/msuo/ uwoya.or.tz/qua/ vanshads.com/tuon/ viacosmeticos.com/ii/ videfi.org/rmon/ viewhome.com.vn/xa/ vijayawadasrajugariruchulu.com/uam/ vlandvn.com/eo/ vodalink.ca/cuv/ vukamz.com/qiti/ wero.com.co/ae/ woodxestofados.com.br/tdes/ xirconhomes.com.au/ninp/ xpertmedianews.com/uqiu/ zahra-nejati.ir/aeo/ # Reference: https://www.malware-traffic-analysis.net/2023/10/16/index.html http://198.99.61.173 agriformexico.com/puae/ alpscoating.com/oarm/ axioworldwide.com/umu/ bombaycasuals.com/tmpr/ clautedomex.mx/iis/ flashnewsbensedira.com/el/ i9fqe.com/E/ infocuankerajaan.co/qu/ keramatfarm.net/tdei/ pakistan1.tv/sui/ ptbolaterbaik.com/ed/ talhaislam.com/saes/ # Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_19.10.2023.txt # Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 2023-10-17) http://128.140.120.227 http://134.122.36.32 http://193.168.141.167 http://193.42.36.243 http://23.88.37.159 http://64.227.174.149 http://88.99.82.67 http://91.235.234.249 188.94.232.111:443 3.90.105.242:443 51.38.135.67:443 54.84.166.239:443 mistulinno.com # Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 2023-10-24) http://103.214.68.39 http://107.189.5.112 http://138.197.162.131 http://143.244.137.221 http://165.22.212.20 http://168.100.11.109 http://172.86.75.90 http://193.109.120.249 http://193.149.187.189 http://193.168.141.39 http://193.168.141.50 http://213.139.205.123 http://45.61.137.97 http://5.182.27.71 http://83.243.122.151 http://83.243.122.82 http://87.251.67.169 http://91.242.163.237 http://91.242.163.238 178.208.87.21:443 194.61.53.185:8080 204.236.201.96:443 54.164.160.66:443 66.63.168.75:443 77.105.140.181:443 # Reference: https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2023-10-31-IOCs-for-IcedID-infection.txt asleytomafa.com brojizuza.com grafielucho.com manjuskploman.com qousahaff.com # Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 2023-11-03) http://168.100.10.217 http://168.100.11.107 http://172.86.75.163 http://172.86.75.66 http://193.149.185.196 http://193.168.141.215 http://193.168.141.69 http://193.168.141.81 http://206.188.197.206 http://206.188.197.52 http://213.139.205.136 http://213.139.205.14 http://45.129.199.158 http://45.129.199.172 http://45.129.199.75 http://45.155.121.151 http://45.85.117.196 http://5.180.114.52 http://5.180.114.165 http://5.189.253.223 http://77.72.85.32 http://77.72.85.57 http://79.141.171.240 http://83.243.122.245 109.111.185.225:443 130.193.51.15:443 146.59.12.132:443 149.248.79.55:443 15.236.140.116:9000 161.35.174.5:443 172.86.75.10:443 178.208.87.112:443 185.140.231.8:2087 185.164.163.105:443 193.149.129.245:443 206.188.196.156:443 206.188.196.49:443 45.61.138.149:443 54.91.93.203:443 iosninjafisk.com # Reference: https://threatfox.abuse.ch/ioc/1206407/ http://213.139.205.149 # Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_27.11.2023.txt mazdakrichest.com missisanjoup.shop mraskopal.link riverhasus.com # Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_28.11.2023.txt aprettopizza.world nimeklroboti.info peermangoz.me # Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 2023-12-03) http://138.197.137.42 http://168.100.10.244 http://168.100.10.60 http://168.100.11.156 http://168.100.11.29 http://168.100.8.83 http://168.100.9.55 http://185.174.135.12 http://193.149.129.202 http://193.149.129.86 http://193.168.141.119 http://193.42.36.174 http://194.5.249.103 http://206.166.251.52 http://213.139.205.167 http://45.129.199.169 http://45.129.199.250 http://5.180.114.88 http://64.227.147.152 139.99.149.74:443 167.71.4.44:443 178.208.87.96:443 3.89.127.205:443 35.212.196.32:443 39.104.57.145:443 5.146.45.129:443 52.205.82.255:443 aprilcharou.com arsimonopa.com lemonimonakio.com prikhapert.com # Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 2023-12-07) http://159.253.120.84 http://159.89.160.41 http://193.168.141.241 http://193.233.202.4 http://45.155.121.137 http://5.180.114.171 http://5.180.114.190 http://5.230.74.102 http://91.229.239.230 http://91.235.234.74 14.99.115.211:443 167.99.180.17:443 193.149.187.189:443 51.21.137.60:8009 64.227.134.130:443 89.23.118.243:443 hourmoneearti.com manorpolora.com poseicocoff.com qtargumanikar.com tinjamipesto.com # Reference: https://twitter.com/ShanHolo/status/1756696815611592879 # Reference: https://www.virustotal.com/gui/file/94b8ab735d503884585fdb5a735b3ea3485b6b19c1899939a5b2c0a80616400a/detection http://45.140.146.156 45.140.146.156:443 fluraresto.me mastralakkot.live # Reference: https://www.virustotal.com/gui/file/0e96cf6166b7cc279f99d6977ab0f45e9f47e827b8a24d6665ac4c29e18b5ce0/detection miistoria.com plwskoret.top # Reference: https://www.virustotal.com/gui/ip-address/45.147.228.138/relations exactlywhatgro.top hatecookin.top hotelsazilo.store inaandbeca.top istantaskedifi.top mentalprof.top mostalway.top whatgroceries.top xanderu5.pw zudditptrobl.store # Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 2024-03-24) 115.243.250.34:443 172.233.33.155:443 18.232.250.39:443 185.123.53.231:443 185.164.163.66:443 213.109.192.46:443 37.120.247.104:443 46.105.141.60:443 5.189.253.164:443 5.230.44.226:443 5.231.0.34:443 5.252.178.5:443 5.255.119.56:443 52.87.175.64:443 54.173.139.166:443 54.242.225.0:443 94.232.45.52:443 lovuterry.best merknegrok.me microbanafler.com # Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 2024-04-03) 103.180.186.144:443 3.92.185.192:443 47.120.14.97:443 54.226.31.121:443 # Reference: https://twitter.com/banthisguy9349/status/1780989839615156472 104.129.20.14:443 124.71.37.149:443 176.124.32.107:443 183.238.22.22:443 185.123.53.250:443 193.168.143.179:443 193.168.143.182:443 193.168.143.185:443 194.87.39.98:443 45.129.199.161:443 45.129.199.228:443 45.129.199.86:443 5.230.76.134:443 66.63.189.105:443 66.63.189.8:443 77.72.85.78:443 91.149.253.77:443 94.232.45.58:443 # Generic /034g100/index.php /034g100/main.php /034g100/stis.php /222g100/index.php /222g100/main.php /222g100/stis.php /333g100/index.php /333g100/main.php /333g100/stis.php /034g100/ /222g100/ /333g100/