# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: http://www.microsoft.com/security/portal/threat/Encyclopedia/Entry.aspx?Name=Ransom%3aWin32%2fNymaim.F#tab=2

afkkcfjjg.biz
gefesosexwithjimmy.org
oiksixvj.net
rvebpzja.net
ykbjkuu.ru

# Reference: https://www.symantec.com/security_response/writeup.jsp?docid=2014-012318-0146-99&tabid=2

apddtww.biz
bxsupbag.com
corfbsvdvz.biz
dngnpdcy.org
dpmqvjay.net
fajcgzyorp.com
fgghxchil.net
gewvogefqz.biz
gjzylv.ru
jdtwesjab.biz
jileyiixx.com
jvaankz.org
ldkguw.biz
lumlereou.com
lxawamilwkt.com
mcgmzfqe.ru
mjfzkdlztr.org
ntstghst.ru
opkcubj.biz
oxhdlsha.com
peqxhhwgigy.biz
qtvoabrx.net
rvthbcuxd.biz
sexopartynow.org
sweetbabydolly.org
tdkdgivar.biz
vyerhmyh.info
wbezwedfhd.info
wouhysd.info
xbetcic.org
xslxrdhn.net
yvbhniagt.biz
zdlxqk.com
zfeherttbiv.net

# Reference: https://researchcenter.paloaltonetworks.com/2017/08/unit42-the-curious-case-of-notepad-and-chthonic-exposing-a-malicious-infrastructure/
  
amellet.bit
danrnysvp.com
ejtmjealr.com
firop.com
gefinsioje.com
gesofgamd.com
ponedobla.bit
unoset.com

# Reference: https://twitter.com/James_inthe_box/status/1048241429342896128

deusfegsonfe.com
geisbfreco.com
/8o31k/index.php

# Reference: https://www.cert.pl/en/news/single/nymaim-revisited/

carvezine.com
/qpqhv.php

# Reference: https://twitter.com/VK_Intel/status/1021979643988127752

elvodgeus.com
fenusfhhnex.com
/inwsgo2pl7/index.php

# Reference: https://twitter.com/VK_Intel/status/1019780320386838528

fenrsiofue.com
sgjvxwerion.com
/dbqhh0e/index.php

# Reference: http://www.broadanalysis.com/2016/10/31/compromised-site-redirects-to-rig-exploit-kit-delivering-kronos-and-nymaim/

quilaine.com
/04edp/index.php
/amh.php
/ayfajf.php
/btgevp.php
/iec.php
/oyxobaf.php
/sdcfe.php
/xhvriphu.php
/xmoikl.php
/xuqcmeqz.php
/yvla.php
/yxxijeq.php

# Reference: https://twitter.com/anyrun_app/status/1041554467215302656

deustresgen.com
fesishineds.com

# Reference: https://www.welivesecurity.com/2016/07/12/nymaim-rides-2016-reaches-brazil/

gafbqvx.com
/xyg9rwlq/index.php

# Reference: https://twitter.com/malware_traffic/status/770384857209958400
# Reference: http://malware-traffic-analysis.net/2016/08/29/index2.html

obzvbpslwd.com
/ayt5b7dosy/index.php

# Reference: https://twitter.com/malware_traffic/status/1041580226457681920
# Reference: https://www.malware-traffic-analysis.net/2018/09/17/index.html

/wqjhwl2jk/index.php

# Reference: https://twitter.com/Mesiagh/status/1022580530410225664
# Reference: https://pastebin.com/wKWwGFmz

lobby.dhl-biznes.com
store.dhl-xxl.com
library.dhl-xom.com
maps.dhl-glob.com
dhl-inform.com
source.dhl-logistic.com
gstat.dhl-pol.com
statistic.dhl-ttl.com
goostat.dhl-ok.com
statistics.dhl-ttl.com

arlfbqcc.com
biedisestinge.com
bswhrknfk.com
denwelloset.com
desgercoms.com
eegiudifens.com
esirsgenovs.com
fenusfhhnex.com
hengediseu.com
ichcmozcow.com
ihalbom.com
iqhkhitgfqzu.com
iuzngzhl.com
jauudedqnm.com
jestionefen.com
sgjvxwerion.com
sifersgiode.com
translationdoor.com
ufurvyreh.com
vpvqskazjvco.com

# Reference: https://twitter.com/devnullek/status/1021752530911551488

/askqm.php
/eentese.php
/list598.php

# Reference: https://www.malware-traffic-analysis.net/2018/09/28/index.html

/buslurgw/index.php

# Reference: https://twitter.com/pr3wtd/status/1044651674974015488

fishstory.cf

# Reference: https://twitter.com/pr3wtd/status/1031994804169781253

globallibrary.ru

# Reference: https://twitter.com/pr3wtd/status/1027237972419248128

globalstatistics.ru

# Reference: https://twitter.com/pr3wtd/status/1051874732008767488

bilagoong.tk

# Reference: https://twitter.com/ps66uk/status/1052853678695219201
# Reference: https://app.any.run/tasks/defe1b39-b4b6-4573-ba46-de2c425f670f

/slqua/index.php

# Reference: https://twitter.com/pollo290987/status/1053291973942095872

/wbdvs/index.php

# Reference: https://twitter.com/Techhelplistcom/status/1053335971910074369

/xfi7wapy/index.php

# Reference: https://twitter.com/Racco42/status/1097228699127238657

streetfood2you.com/show208.php

# Reference: https://www.proofpoint.com/us/threat-insight/post/nymaim-config-decoded

duewosgems.com
fiosbewos.com
/pkbn74is/index.php

# Reference: https://twitter.com/pr3wtd/status/1039938591680614405

zolloholl.cf

# Reference: https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html (# Win.Dropper.Nymaim-6956636-0)

otmqa.in
nuyfyp.in
omctebl.pw
qxqdslcvhs.pw
eyhwvkyswsts.in
lqeyztwnmqw.pw
tgkddewbn.in
bibmbkjvelox.net
mpoghxb.net
zglevl.net
cixhrfbok.com
yqxpvvbvncxr.com
vhmfwvrbln.net
pyioepars.com
iwxbgsvj.net

# Reference: https://blog.talosintelligence.com/2019/06/threat-roundup-0607-0614.html (# Win.Dropper.Nymaim-6992731-0)

jexzc.in
nenpzs.com

# Reference: https://blog.talosintelligence.com/2019/06/threat-roundup-0614-0621.html (# Win.Dropper.Nymaim-6996892-0)

bkbyvpcgbcnc.net
bqdkoibgkrw.in
clbnstusmu.net
deueijrnywe.pw
dlycu.net
fjfrix.pw
gxmxojjk.com
hlexdsgcio.com
kttasj.in
mmyuf.in
nefhn.in
nnhquzhcvm.in
olmcehndmyhb.in
oxkkvlewktdt.in
qthupu.net
rakacljgisdb.in
rqpdg.com
sqbxpxuhgs.in
tazhibvbczf.com
thxwvxr.pw
wjztocdw.net
wmimqpx.pw
xabzrrutxu.com
yayksuheo.net
yckmgwft.com

# Reference: https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html (# Win.Dropper.Nymaim-7011878-0)

bjgouvf.net
bybxug.pw
chavpayztnex.net
cspflbgtpwxg.com
emuakrgqzg.pw
fwceecdhnnph.net
hnmkptaybcf.pw
ilqmz.com
mzpgaccm.in
mzutglz.com
octvwlg.net
pcarbnracpll.in
rerbitzfyff.in
rinzevlc.net
ucwwhvxji.com
ulgug.in
utgwcrp.com
uwsmf.net
vncya.in
wnckjojra.net
xlwzoffpooo.com
xunveu.in
xyiubkksjo.pw
ypgfnvixxaw.in
zdlvqrnmf.net

# Reference: https://blog.talosintelligence.com/2019/07/threat-roundup-0712-0719.html (# Win.Malware.Nymaim-7057729-0)

atetgyy.com
aydvw.pw
dojtzsiroyjb.in
efonzybmsdtj.net
fplraqgdaq.com
jnnovcv.com
jvomazzl.pw
kdnbfzdvpkqa.net
kicxjtaec.pw
kpskawv.pw
kzqcbtrpvq.net
lmhfg.com
mxjhz.net
mytjbj.pw
qyaqzy.pw
rkxamsqbnnd.pw
rwaxyme.com
rzcbj.in
sviwlpnp.in
uiimknpsaft.net
wurecaigfse.com
wztiqm.com
zcbiptlc.com
zeqyucrzmoa.net
ztpmqpsid.com

# Reference: https://blog.talosintelligence.com/2019/07/threat-roundup-0719-0726.html (# Win.Malware.Nymaim-7077794-1)

ahvcnjqki.in
djxexguecx.com
dobra.in
euharm.net
euvee.com
fzfpwupqpryc.com
gobezj.in
gxeiohsixfc.com
gyxsvdvcilju.net
icschqdjwq.com
jgpazdzh.com
jqmxfop.in
klwrihhgj.pw
ldssmbugesb.in
lqtcrom.net
nfoojzpdtsl.in
oincxxqtdbh.net
otqfoi.in
pmxwbnpc.pw
qxeejy.pw
ticfwfen.pw
txvzjzoosogn.in
wglcpwdbg.net
wyftxsolryia.in
yeqmndxtavuf.in

# Reference: https://twitter.com/DGAFeedAlerts/status/1159617671010430977

gxlllgs.com

# Reference: https://blog.talosintelligence.com/2019/10/threat-roundup-1018-1025.html (# Win.Malware.Nymaim-7348211-1)

bwapyvznpflh.pw
ezgouisk.pw
gpkoz.pw
istpmxnf.net
jeajlfdtoua.in
klspisvji.in
kwchhgmla.in
ofiracujrsdy.net
onubkqstb.com
oxfab.pw
qjgtlozoh.com
ryron.com
sdghuwtwxsm.com
sianowq.pw
uslrspq.pw
voszetuy.in
ysxmebrfyg.net

# Reference: https://blog.talosintelligence.com/2019/11/threat-roundup-1115-1122.html (# Win.Downloader.Nymaim-7391562-0)

aanpolaayjm.net
amkqrprvei.com
bsztb.in
cejwtluei.com
dhcfsfxgb.net
fpmuefeozs.in
futzruakw.pw
gmznk.com
grnorxacnw.com
jiwlzenl.com
lmgsmlhidh.net
rdipde.com
rejfedtcd.net
scwafgfxlr.net
sqmgdts.net
sqwpuwoq.net
srbhfbemi.pw
tjjqmo.net
uktldpj.com
wjpbf.net
wneeuc.in
wqjlwcnqbe.com
yfuoixdwjxpy.pw
yoekgdnoyej.in
zgzaztmi.com

# Reference: https://blog.talosintelligence.com/2020/01/threat-roundup-0117-0124.html (# Win.Packed.Nymaim-7542552-1)

bfeqxicrqaxp.pw
caojbfvum.net
csuaibcneix.net
dkzexx.net
eqbrnmigl.in
fxcskhwr.in
fzncuowwstw.pw
hcjihn.in
juxrdizkivk.net
klcbberl.com
ljhafrwlf.in
lnulxvsvvl.pw
mrbhs.pw
nokuznpxbypo.com
npdcqoxaepfz.net
ochirxt.net
omcbnlos.net
szthbpsn.pw
tthzpuipne.pw
vauordi.com
voxrdn.net
vpbcco.net
wawrgrtjcdr.com
wiztdyzp.com
zbztpauc.pw

# Reference: https://blog.talosintelligence.com/2020/02/threat-roundup-0131-0207.html (# Win.Malware.Nymaim-7569940-0)

adulvwixq.in
eeiheou.in
elnqzs.net
ffincb.com
gnmhtaguavi.com
gphvrtnt.in
hcozsjtscf.pw
hgbcdxmjm.net
icbwujv.pw
jknqnrpjgdgo.in
lcque.com
llrgmivfnqee.pw
mnhtemsicp.in
nknbtl.pw
odouzwyaw.in
ohxozfvoxg.com
papuzvj.net
pvwdgii.pw
rnhrlupcs.com
sxrzdfil.net
upkbwykuchtb.net
vkerdawjo.in
vlddqnhkoxei.com
wfbimtogx.pw
zvsrc.pw

# Reference: https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html (# Win.Malware.Nymaim-7586870-1)

apdkokb.net
bfjtkee.in
bjeuewe.pw
cawugh.pw
cdnnoeem.net
cxtuswfapphv.net
gxdawu.net
gxvim.com
jwieiuggex.com
kniqbngezi.net
neawce.in
njzcxk.in
nkkzhqqslod.com
ozbpuhdibrq.in
pbgtihnv.com
qlqywqinnnof.net
rpwecn.net
tiuzomycjp.com
upfqangse.net
vgazbwj.net
wcafbjwj.com
wzfhxytur.net
xirvjdkza.pw
xknfwgwvcut.net
xnexvlnlm.in

# Reference: https://blog.talosintelligence.com/2020/03/threat-roundup-0228-0306.html (# Win.Malware.Nymaim-7602109-1)

aonibtaatpb.in
cuxpehneqok.com
dsnquebpv.net
ehigsgoht.in
esqxhtdjfsy.net
fhcbczook.com
hpneu.com
kbicwcs.com
klrjxmici.pw
kmwiwxxhst.net
kunygnck.in
kvowzwz.in
meeidu.in
mofmwfsocpdd.com
msmumcsogb.com
nzkmud.com
owirepdi.net
sasrqtpipjfa.pw
scsutgsikbf.com
stspxcbi.pw
vkeumq.net
vsnoaue.net
wkrpqmneiaq.pw
xoisb.com
zaljqgpthcoh.pw

# Reference: https://blog.talosintelligence.com/2020/03/threat-roundup-0306-0313.html (# Win.Malware.Nymaim-7615052-1)

bvlgsvhj.net
dhlvdxugyo.com
dnhlpemupjc.net
dyhrvl.net
gqmaztf.in
hkeucj.pw
ifgkwqmqhph.net
iirandx.net
iobmasbcd.pw
knhausn.net
kzdvq.in
lnibjvv.net
nfaqzajrpxj.com
nkjed.in
orukxxgc.in
pzerd.in
qmotexhwaj.net
qouatnrg.net
qshwuerhzuaz.in
qssnxj.net
satdu.in
sdyhxawrvxae.in
towufmzxq.in
uwmbqu.com
zotsvo.pw

# Reference: https://app.any.run/tasks/8e6cf466-e642-4b06-a49d-71dc793d8e5d/

slnwph.net
ugsugvfbbxo.com

# Reference: https://blog.talosintelligence.com/2020/04/threat-roundup-0326-0403.html (# Win.Malware.Nymaim-7641270-0)

ajljbppf.net
axpriqtir.net
bxcjvnzlbp.net
djqhml.com
fejdgb.net
flbesem.net
fruujwytgt.in
gkaruil.in
gljaani.in
gmwsgcts.com
kukpofdgbro.pw
laodzbcfxzup.net
ldipwmsiagjz.pw
lleyspfgwrj.net
mglelytvhbsf.com
nsglg.pw
nyfmbsagdy.com
oaeicag.com
ouksqgh.net
pafzzf.net
qklojedx.in
qzepi.pw
rchyfiw.net
siayzmgvi.com
tkegtqmqz.pw
udaqndimrbq.com

# Reference: https://blog.talosintelligence.com/2020/05/threat-roundup-0424-0501.html (# Win.Packed.Nymaim-7683937-0)

bcwbeoyp.in
hwzkyadomjg.net
jtmuapq.in
lmajnkhq.pw
nhyriuyahve.com
rscrhvlfkbs.in
vdodmwmxvi.pw
zlzefe.in

# Reference: https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html (# Win.Packed.Nymaim-7725807-1)

fcmkzoky.com
iobjtokfa.in
lsfne.in
nmzenk.in
pzrbbhfepzgg.pw
rnfgwzeehqb.net
ruatstyzxnlh.pw

# Reference: https://blog.talosintelligence.com/2020/12/threat-roundup-1127-1204.html (# Win.Packed.Nymaim-9800769-1)

avrorcxzym.com
crhecbeaw.com
dljaw.com
ebanqeg.com
erewkzl.net
fllbvddhachj.pw
fytvfeseoxi.com
ggybj.in
gktrgoolwdhh.net
gqpazmml.pw
hdkearo.com
jbwyh.com
jmzkplg.in
josdjhjzv.net
juqnnxinzqn.in
kzkhxc.in
nhjtwfy.pw
nioxrmocwnar.com
njwkcve.net
pbjqn.com
rbxbkz.pw
rnbwbb.pw
rxxbrghmrnts.in
wvrpfnjpcxee.in
zpriveljzsge.com

# Reference: https://blog.talosintelligence.com/2021/02/threat-roundup-0219-0226.html (# Win.Malware.Nymaim-9833164-0)

aiudzabvzp.in
bkyktgi.in
ccaqofkyvpz.net
dcrrkfcuq.pw
djvxzgguj.pw
eciimwrswhwq.pw
ecuhmpuhdoff.net
emvqxhipzz.net
hbomnx.net
hhqpe.in
jimnouitvsah.in
ljcafafzcz.net
mlgpku.pw
nkguoc.pw
onjytulzjho.net
qfdhb.com
qkolgzehfwc.com
swhuuebusn.pw
tqlwoqyjxwhx.in
usqkmt.net
vqncbn.in
xnqtr.com
ykdkhdytpcs.net

# Reference: https://blog.talosintelligence.com/2021/05/threat-roundup-0514-0521.html (# Win.Malware.Nymaim-9861140-1)

caezvdor.in
ckaambwsv.com
fwmpxkwb.in
gctdhul.com
grszyndf.com
ivguyoatfkv.net
ixrdcv.net
janoglhwa.net
knqblbzpx.com
kqlxsala.in
lfxkysr.pw
lnntjxfqxh.net
mjcvb.in
ovcqyq.pw
plndtmb.in
rdvtg.com
rtgddpedtts.pw
tyszy.net
uhawkmyyqufa.pw
vnhpqbkwgh.com
vnkeculmkee.net
wgbvouu.net
xmhicesjip.pw
yizbwryt.in
zrhniegwylrs.pw

# Reference: https://blog.talosintelligence.com/2021/05/threat-roundup-0521-0528.html (# Win.Malware.Nymaim-9863762-0)

axfcr.com
cqoodn.in
ffxoiqxtj.in
glpmczyn.in
gteezde.in
hfjzahvrbxfe.in
ksouer.net
ldmnuirtqbzk.net
lklbc.pw
nghrfzc.in
pfwtlegdenhd.net
ptxwa.net
qzipvlwdcjnj.in
shfdcsev.net
szgaoxo.net
uayabgnamb.pw
uhqqpsd.com
vejxhna.in
vslenfe.net
xhwbu.com
xywqu.net
zbxjurwwvsr.pw
zssqd.net

# Reference: https://blog.talosintelligence.com/2021/06/threat-roundup-0528-0604.html (# Win.Malware.Nymaim-9867802-1)

befekren.pw
dptutldzq.net
dpwteyrfydnb.net
dsfrgrcva.net
emwoy.in
fhogp.net
foiogpm.pw
jaawlybulwse.pw
kakobcq.net
kznaejcpk.pw
lukupgu.in
nmjbnr.in
nxunam.net
ovgmopokzko.pw
qaazcllx.net
qcobkflauih.com
rhhxx.net
rkmlqmzehtbz.in
sulwjhezi.com
uydfbjpthdtq.net
vgzpnpovynaw.pw
wpjbzmww.com
wzdcm.in
xzvuyfea.pw
zbypgqcam.net

# Reference: https://blog.talosintelligence.com/2021/07/threat-roundup-0625-0702.html (# Win.Malware.Nymaim-9874463-0)

exobfeswo.com

# Reference: https://blog.talosintelligence.com/2021/08/threat-roundup-0730-0806.html (# Win.Malware.Nymaim-9882470-0)

atmnjoted.com
cwfjj.pw
eafjh.pw
ehtsftixqw.pw
fincbuu.net
ggtwx.com
iukobk.net
luuypgmmlndq.in
modsbicfioxd.pw
mvtforxht.com
otjyzplh.net
ptudgjdocbd.pw
pylxcogkv.net
rarcraaisq.pw
rbtnpeutu.in
rsuamdj.in
ruqcdr.in
ryheqdimmr.in
twkzd.net
uudoonnyycw.net
vmpqvbrhlri.in
vrboynwrdl.net
ymqkldw.net
zfougwzcl.net
zzosavwbgu.in

# Reference: https://blog.talosintelligence.com/2021/09/threat-roundup-0903-0910.html (# Win.Packed.Nymaim-9890476-1)

blddoaulh.net
bqgafyypom.net
detyifhful.in
dgyfcmvpb.net
dltvpw.net
dpsvetjcnyq.com
fqghj.in
gvzhoqb.net
ihonp.in
jssqpehhro.in
kbpbwzrpa.com
kipftm.pw
lijxtd.com
nkzhzmnbsua.in
nlqepj.com
oililtzk.net
ovqnmgb.pw
qgklpx.net
ropdqukadxi.pw
tatwuej.com
tohjkk.in
wspvw.pw
wtuwmixd.pw
yiukmafs.com

# Reference: https://blog.talosintelligence.com/2021/11/threat-roundup-1105-1112.html (# Win.Dropper.Nymaim-9906679-0)

afoctlamhq.in
arlllswc.com
emcqaelhfn.pw
gjlngkx.net
gjyttpvb.net
gpuxnhtdhztg.in
hdrqny.pw
hkzqekcz.net
iuojcbwlb.in
nckynkrjg.in
neolx.com
nlaoyufe.in
nmovreiit.in
phgrcrm.net
qbpqbucz.in
rqdptmnlyy.pw
syffllqlu.pw
xpbyti.pw
xxrwudfhbr.net
ytfalkcclaw.in
zrailjorqed.pw

# Reference: https://tria.ge/220621-m8jmtsfdd6
# Reference: https://www.virustotal.com/gui/file/0036ef9eca61e045fd34726758631c2cb26770471f91ec39daefd81bae1a3d2c/detection

http://203.159.80.49
http://31.210.20.149

# Reference: https://tria.ge/220621-m8jmtsfdd6
# Reference: https://www.virustotal.com/gui/file/008b29c28614ed0aa12424841650f4be29cbafc9108622b635031c40d35ac649/detection

http://212.192.241.16

# Reference: https://www.joesandbox.com/analysis/660967/0/html

http://45.141.237.38

# Reference: https://tria.ge/220804-sdvz9sgbd6

http://163.123.143.4
http://91.241.19.125

# Reference: https://www.virustotal.com/gui/file/616cfd724afe8376aae36c9f065ebdf0a17590c0d1b71c95d6b1d960091807a6/detection

http://208.67.104.97

# Reference: https://www.virustotal.com/gui/file/0003d39fdeaf2d242c347bc8bf5d8bebe911897349e1406cbb6e219d5c831cd7/detection

http://107.182.129.235
http://171.22.30.106
http://85.31.46.167

# Reference: https://www.joesandbox.com/analysis/721902/0/html
# Reference: https://www.virustotal.com/gui/file/0d5e3f08a17013bdcf882b9932f3f69a7ac1e869d70e1fdce94503543488c57b/detection

http://45.15.156.54
/itsnotmalware/count.php

# Reference: https://www.virustotal.com/gui/file/001279e7bbffee58af244a3a87c40f0aaa1b99d235390dabcba4a8b52ccfda7d/detection

http://45.139.105.171

# Reference: https://www.virustotal.com/gui/file/16fb8609cbf720e31b7850a02fc3a2951a44efcdaf1b5fb960160e7d15e7d009/detection

http://195.123.211.56

# Reference: https://www.virustotal.com/gui/file/7858bffea20cffd024d5132442c44feb6f6c68b3e0b60fc3622d83ddd2793923/detection
# Reference: https://www.virustotal.com/gui/file/4cdd84432b44fc5ccea5e8843a6d0f1ff1163e647e8d6c955f05f4b249e3531d/detection

http://45.12.253.74
/load.php?pub=mixinte
/pineapple.php?pub=mixinte

# Reference: https://twitter.com/James_inthe_box/status/1645539872441270272
# Reference: https://app.any.run/tasks/63ceea5c-4761-4e99-aec6-9477c885a178/
# Reference: https://www.virustotal.com/gui/file/0060769b8910f4216fdbf492915195eb7f82c7a19186f3fa358e342ee7b76d36/detection

/default/stuk.php
/default/puk.php

# Reference: https://twitter.com/ThreatBookLabs/status/1683459563998318597

wqvkifcqf.com

# Reference: https://www.virustotal.com/gui/file/fbde8a802f6d6f27d1539e0055cb8ffeec22b524c3a49fa72ba61d61b564ded2/detection

aersjckdsor.net
dtiud.pw
ekezswveip.net
jkuzmvoybmcw.in
jwxgj.net
mabbqgkmvpl.com
mjvsyzv.com
nyxseqexm.net
omeusrdzqx.pw
sivzbbdvmrfv.in
sqeudvmfw.in
ssnaleucy.pw
vkgjmnkv.in
ytosixwkpfm.pw
yvqbccipckaq.in

# Reference: https://www.virustotal.com/gui/file/006a32e2f235b193697cf1a5304530f5688ac362b5bcb38617d500e72b28375e/detection

http://185.172.128.90

# Generic

/powfhxhxcjzx/
/powfhxhxcjzx/ping.php