# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Aliases: raccoon, pycoon, mohazo, legion, racealer, recordbreaker, xocreator # Reference: https://twitter.com/ViriBack/status/1120072762305990663 # Reference: https://twitter.com/James_inthe_box/status/1119282322895855618 http://176.223.143.5 http://80.88.90.110 raccoon-gate.site raccoon-storage.site # Reference: https://twitter.com/x42x5a/status/1124062134378409992 http://94.177.213.34 # Reference: https://twitter.com/James_inthe_box/status/1151583038087655424 http://35.246.139.134 # Reference: https://twitter.com/nao_sec/status/1175779553211379720 http://34.90.238.61 # Reference: https://twitter.com/P3pperP0tts/status/1176118878553956354 http://35.228.240.181 # Reference: https://app.any.run/tasks/80750e99-21d6-4fd4-b245-0312fa3908ab/ http://35.228.79.212 # Reference: https://www.cybereason.com/blog/hunting-raccoon-stealer-the-new-masked-bandit-on-the-block # Reference: https://www.cybereason.com/hubfs/Indicators%20of%20Compromise/Raccoon%20-%20Indicators%20of%20Compromise.pdf # Reference: https://otx.alienvault.com/pulse/5db2e20e8d6c8e510174fa05 adsymbol.com advertserv25.world advexmail2d.world aegohaohuoruitiiee.top aegohaohuoruitiiek.su aegohaohuoruitiiel.cc aegohaohuoruitiieo.io aegohaohuoruitiiep.co aeifaeifhutuhuhuse.top aeifaeifhutuhuhusk.su aeifaeifhutuhuhusl.cc aeifaeifhutuhuhuso.io aeifaeifhutuhuhusp.co aeoughaoheguaoehde.top aeoughaoheguaoehdk.su aeoughaoheguaoehdl.cc aeoughaoheguaoehdo.io aeoughaoheguaoehdp.co aeufuaehfiuehfuhfe.top aeufuaehfiuehfuhfk.su aeufuaehfiuehfuhfl.cc aeufuaehfiuehfuhfo.io aeufuaehfiuehfuhfp.co afaeigaifgsgrhhafe.top afaeigaifgsgrhhafk.su afaeigaifgsgrhhafl.cc afaeigaifgsgrhhafo.io afaeigaifgsgrhhafp.co afaigaeigieufuifie.top afaigaeigieufuifik.su afaigaeigieufuifil.cc afaigaeigieufuifio.io afaigaeigieufuifip.co avgcommunity.info beahero4u.com befaheaiudeuhughge.top befaheaiudeuhughgk.su befaheaiudeuhughgl.cc befaheaiudeuhughgo.io befaheaiudeuhughgp.co bfagzzezgaegzgfaie.top bfagzzezgaegzgfaik.su bfagzzezgaegzgfail.cc bfagzzezgaegzgfaio.io bfagzzezgaegzgfaip.co bitcoinwinery.com daedagheauehfuuhfe.top daedagheauehfuuhfk.su daedagheauehfuuhfl.cc daedagheauehfuuhfo.io daedagheauehfuuhfp.co dualup.top eaeuafhuaegfugeude.top eaeuafhuaegfugeudk.su eaeuafhuaegfugeudl.cc eaeuafhuaegfugeudo.io eaeuafhuaegfugeudp.co eguaheoghouughahse.top eguaheoghouughahsk.su eguaheoghouughahsl.cc eguaheoghouughahso.io eguaheoghouughahsp.co fingers1.ddns.net firstbankhome.com fusaazor6.icu gaghpaheiafhjefije.top gaghpaheiafhjefijk.su gaghpaheiafhjefijl.cc gaghpaheiafhjefijo.io gaghpaheiafhjefijp.co gaoehuoaoefhuhfuge.top gaoehuoaoefhuhfugk.su gaoehuoaoefhuhfugl.cc gaoehuoaoefhuhfugo.io gaoehuoaoefhuhfugp.co gaoheeuofhefefhute.top gaoheeuofhefefhutk.su gaoheeuofhefefhutl.cc gaoheeuofhefefhuto.io gaoheeuofhefefhutp.co gaohrhurhuhruhfsde.top gaohrhurhuhruhfsdk.su gaohrhurhuhruhfsdl.cc gaohrhurhuhruhfsdo.io gaohrhurhuhruhfsdp.co gaouehaehfoaeajrse.top gaouehaehfoaeajrsk.su gaouehaehfoaeajrsl.cc gaouehaehfoaeajrso.io gaouehaehfoaeajrsp.co geauhouefheuutiiie.top geauhouefheuutiiik.su geauhouefheuutiiil.cc geauhouefheuutiiio.io geauhouefheuutiiip.co getmycash4u.com ggcleaner.space huaeokaefoaeguaehe.top huaeokaefoaeguaehk.su huaeokaefoaeguaehl.cc huaeokaefoaeguaeho.io huaeokaefoaeguaehp.co lookmodeusa.com luckymonkey.net.in mailserv85m.world mybetterdl.com nothinginterestinghere.com paarlprecision.com rubthemoneybear.xyz rzhsudhugugfugugse.top rzhsudhugugfugugsk.su rzhsudhugugfugugsl.cc rzhsudhugugfugugso.io rzhsudhugugfugugsp.co thaus.top urusurofhsorhfuuhk.su urusurofhsorhfuuhl.cc urusurofhsorhfuuho.io urusurofhsorhfuuhp.co usd.odysseus-nua.com # Reference: https://twitter.com/killamjr/status/1192788604508131333 http://34.77.135.60 # Reference: https://app.any.run/tasks/bc644345-46a2-4c9f-b9d3-edc050aa462f/ http://34.89.185.248 # Reference: https://twitter.com/James_inthe_box/status/1199338236633481216 http://34.76.145.229 # Reference: https://twitter.com/0xCARNAGE/status/1199700157127892992 http://34.77.197.252 # Reference: https://twitter.com/tkanalyst/status/1204442400023646208 http://35.246.108.168 # Reference: https://twitter.com/nao_sec/status/1213283648969093120 http://35.228.121.96 # Reference: https://twitter.com/killamjr/status/1217636352155500544 http://35.228.239.183 # Reference: https://app.any.run/tasks/5b92871e-75f6-40db-bd79-0419866304c6/ http://35.246.8.131 # Reference: https://www.virustotal.com/gui/file/696985a0b8af5dc318af712c410410c86df46eac80aa15b65e1b9d7a6801b0d6/detection http://35.228.183.206 # Reference: https://twitter.com/benkow_/status/1222539585542066176 35.228.215.155:80 api-update1.biz legions17.biz oberonapps.org # Reference: https://twitter.com/James_inthe_box/status/1223006972674314240 34.65.176.45:80 # Reference: https://www.virustotal.com/gui/ip-address/34.76.55.103/relations 34.76.55.103:80 # Reference: https://twitter.com/FaLconIntel/status/1230488503290449920 104.155.44.42:80 # Reference: https://app.any.run/tasks/f7171b62-b0f1-4c2e-afe6-58e99bd8c509/ 35.228.57.136:80 # Reference: https://app.any.run/tasks/d8073674-fd7e-4401-93f8-e5fbe6d4b314/ corp1.site http://35.205.213.237 # Reference: https://app.any.run/tasks/b988bd16-422e-42f6-9902-6b6699f85906/ http://35.228.28.245 # Reference: https://www.virustotal.com/gui/file/1d8412b53630ad72db53a579352a7aecf818f0bf52647eea6633ac9c67506e1d/detection http://34.76.15.247 # Reference: https://app.any.run/tasks/6b6e39bd-902a-4bfa-91fb-585fdd3ff99e/ http://35.228.60.178 # Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/raccoon-stealers-abuse-of-google-cloud-services-and-multiple-delivery-techniques/ # Reference: https://otx.alienvault.com/pulse/5e8607ef75f928497d0780e4 http://34.77.125.60 http://35.228.215.155 # Reference: https://twitter.com/James_inthe_box/status/1248964446505947136 # Reference: https://app.any.run/tasks/4cc95d8b-f2c7-457d-97d2-991d0115c1b4/ http://34.89.159.33 # Reference: https://twitter.com/nao_sec/status/1253902651172851712 # Reference: https://app.any.run/tasks/6fd01600-9f05-457a-8225-3cb55099c4a6/ http://34.65.18.19 # Reference: https://twitter.com/3xp0rtblog/status/1250415892451569666 # Reference: https://app.any.run/tasks/2df933f8-2c84-4e80-b15b-ae8a9940ab97/ http://35.240.36.208 # Reference: https://app.any.run/tasks/077dcfe0-ac26-4890-8ca5-9204f7195eed/ http://35.228.86.146 # Reference: https://www.virustotal.com/gui/file/07cc49bd763e65ed456c5f2103c3cdd6d265d13013066a92394c1dc2d29d23cf/detection # Reference: https://www.virustotal.com/gui/ip-address/193.110.3.190/relations 10022020newfolder1002002231-service1002.space 10022020newfolder33417-01242510022020.space # Reference: https://app.any.run/tasks/51a2865e-01f4-4bec-8e9a-a23dddf27f00/ http://34.89.178.133 # Reference: https://app.any.run/tasks/54da143a-b666-4001-be17-84aed6283be6/ http://34.107.22.206 # Reference: https://twitter.com/yusaerguven/status/1270670436406308864 private-virtual.online # Reference: https://app.any.run/tasks/450fda6e-0c7c-4f88-9857-0f1d8ebc14fa/ http://35.226.139.169 # Reference: https://twitter.com/iamwinstonm/status/1279529808188366848 # Reference: https://www.virustotal.com/gui/file/393ad8b8dd5fb5359b1057eae2394cac9cfd12bab98115a4056e5954c5c70aa2/detection http://35.198.88.195 cloud-server-updater1.co.za microsoft-cloud1.co.za # Reference: https://twitter.com/iamwinstonm/status/1282295968512311297 http://35.242.170.60 # Reference: https://www.virustotal.com/gui/file/fb5ce30c1aeed408a453f1df09843e223b77e2b19885a7365f8b2b8e4dafc77b/detection # Reference: https://www.virustotal.com/gui/file/106558ec5566588454181097777bb38aa0f173a6f5312fad139be1ac547d7fc3/detection http://34.65.10.107 # Reference: https://twitter.com/nao_sec/status/1287755458153869312 http://35.228.248.188 # Reference: https://www.virustotal.com/gui/file/a36dbfc2856e660e0d9dfbe78e1973ec8fee31ffd2762b062b61a9fe93c67edc/detection marashmara.info # Reference: https://www.virustotal.com/gui/domain//relations megagemes.info # Reference: https://app.any.run/tasks/8f9931d5-7b31-4032-89cd-634985450354/ http://35.228.58.123 # Reference: https://github.com/pan-unit42/tweets/blob/master/2020-09-01-raccoon-stealer-IOCs.txt http://34.89.241.53 # Reference: https://twitter.com/theDark3d/status/1303091496816697345 # Reference: https://app.any.run/tasks/f0aefc25-feb9-45f9-ae97-6d51cd3bb87e/ chinadevmonster.top # Reference: https://blog.malwarebytes.com/social-engineering/2020/09/malvertising-campaigns-come-back-in-full-swing/ # Reference: https://otx.alienvault.com/pulse/5f59270f9f09e5c82665a7b3 http://34.105.147.92 # Reference: https://twitter.com/ViriBack/status/1303829357551669248 # Reference: https://twitter.com/DrStache_/status/1303974362660429824 # Reference: https://app.any.run/tasks/781f94db-7374-46cc-b030-be0335064853/ btncc.com.br eto-ne-stealer.com # Reference: https://twitter.com/JAMESWT_MHT/status/1314113271864139778 # Reference: https://www.virustotal.com/gui/file/e126b73a5cde8febdab5ce300346a98af6487b3bb95d548950f2ea7ea6c9dbba/detection rsttrs.site # Reference: https://www.virustotal.com/gui/file/724ce0d8ca978f9bb9004c2252fb51b44f96c87721d68582ec67268cbd8f13a5/detection # Reference: https://www.virustotal.com/gui/file/927f8cc27c5cfbb255cf599760ba6c55fe93797289d024086fac767ade678e0c/detection http://195.54.167.51 j3cytza2m2.pw on-offtrack.biz # Reference: https://www.virustotal.com/gui/file/0637626dbefbbb0dc8732e099cf5cfbd3413f264b6342b91734c0bc2a273d84a/detection http://78.141.215.0 # Reference: https://www.proofpoint.com/us/blog/threat-insight/malware-masquerades-privacy-tool # Reference: https://tria.ge/210615-9ncxxbrjg2 # Reference: https://otx.alienvault.com/pulse/60df0c7c5e03d145c6a38652 # Reference: https://www.virustotal.com/gui/file/aee8a95953aeef3346036ad7c6ef4ed810d7d7b3300c00de31c4d032313519b4/detection # Reference: https://www.virustotal.com/gui/file/ed1674efc8259df33767cd32fb7853e9bc957a43cddd8364e6553a0e7846b422/detection # Reference: https://www.virustotal.com/gui/file/25681de7e02857c21c6d3ffed80354333751a7fc7c3a07b8ae7be45c93307ab2/detection 10022020besttest971-service1002012510022020.ru 10022020clubtest561-service1002012510022020.ru 10022020est213531-service100201242510022020.ru 10022020infotest341-service1002012510022020.ru 10022020kupitest451-service1002012510022020.ru 10022020megatest251-service1002012510022020.ru 10022020mytest151-service100201242510022020.ru 10022020newfolder1002-01252510022020.ml 10022020newfolder1002-01262510022020.ga 10022020newfolder1002-01272510022020.cf 10022020newfolder1002-01282510022020.gq 10022020newfolder1002-01292510022020.com 10022020newfolder1002-0130251002202035.site 10022020newfolder1002-0131251002202035.site 10022020newfolder1002-0132251002202035.site 10022020newfolder1002-0133251002202035.site 10022020newfolder1002-0134251002202035.site 10022020newfolder1002-0135251002202035.site 10022020newfolder1002-0136251002202035.site 10022020newfolder1002-0137251002202035.site 10022020newfolder1002-0138251002202035.site 10022020newfolder1002-0139251002202035.site 10022020newfolder1002-0140251002202035.site 10022020newfolder1002-0141251002202035.site 10022020newfolder1002-0142251002202035.site 10022020newfolder1002-0143251002202035.site 10022020newfolder1002-0144251002202035.site 10022020newfolder1002-0145251002202035.site 10022020newfolder1002-0146251002202035.site 10022020newfolder1002-0147251002202035.site 10022020newfolder1002-0148251002202035.site 10022020newfolder1002-0149251002202035.site 10022020newfolder1002-0150251002202035.site 10022020newfolder1002-0151251002202035.site 10022020newfolder1002-0152251002202035.site 10022020newfolder1002-0153251002202035.site 10022020newfolder1002-service100201blog2510022020.ru 10022020newfolder1002-service100201life2510022020.ru 10022020newfolder1002-service100201shop2510022020.ru 10022020newfolder1002002131-service1002.space 10022020newfolder1002002231-service1002.space 10022020newfolder1002002431-service1002.space 10022020newfolder1002002531-service1002.space 10022020newfolder100221-service1022020.ru 10022020newfolder100231-service1022020.ru 10022020newfolder100241-service1002010022020.ru 10022020newfolder100251-service2510022020.ru 10022020newfolder241-service1002012510022020.ru 10022020newfolder3100231-service1002.space 10022020newfolder33417-01242510022020.space 10022020newfolder351-service1002012510022020.ru 10022020newfolder4561-service1002012510022020.ru 10022020newfolder471-service1002012510022020.ru 10022020newfolder481-service1002012510022020.ru 10022020newfoldert161-service100201242510022020.ru 10022020oopoest361-service1002012510022020.ru 10022020proftest981-service1002012510022020.ru 10022020rest21-service1002012510022020.eu 10022020rustest213-service1002012510022020.ru 10022020shoptest871-service1002012510022020.ru 10022020test11-service1002012510022020.press 10022020test125831-service1002012510022020.space 10022020test12671-service1002012510022020.online 10022020test13461-service1002012510022020.net 10022020test134831-service1002012510022020.space 10022020test13561-service1002012510022020.su 10022020test136831-service1002012510022020.space 10022020test146831-service1002012510022020.space 10022020test14781-service1002012510022020.info 10022020test147831-service1002012510022020.space 10022020test15671-service1002012510022020.tech 10022020test231-service1002012510022020.fun 10022020test261-service1002012510022020.space 10022020test281-service1002012510022020.ru 10022020test391-service1002012510022020.ru 10022020test41-service100201pro2510022020.ru 10022020test461-service1002012510022020.host 10022020test481-service1002012510022020.ru 10022020test51-service1002012510022020.xyz 10022020test571-service1002012510022020.pro 10022020test61-service1002012510022020.website 10022020tostest371-service1002012510022020.ru 10022020uest71-service100201dom2510022020.ru 10022020utest1341-service1002012510022020.ru 10022020yes1t3481-service1002012510022020.ru 10022020yest31-service100201rus2510022020.ru 10022020yirtest231-service1002012510022020.ru 10022020yomtest251-service1002012510022020.ru 999080321besttest971-service10020125999080321.ru 999080321clubtest561-service10020125999080321.ru 999080321est213531-service1002012425999080321.ru 999080321infotest341-service10020125999080321.ru 999080321kupitest451-service10020125999080321.ru 999080321megatest251-service10020125999080321.ru 999080321mytest151-service1002012425999080321.ru 999080321newfolder1002-012525999080321.ml 999080321newfolder1002-012625999080321.ga 999080321newfolder1002-012725999080321.cf 999080321newfolder1002-012825999080321.gq 999080321newfolder1002-012925999080321.com 999080321newfolder1002-01302599908032135.site 999080321newfolder1002-01312599908032135.site 999080321newfolder1002-01322599908032135.site 999080321newfolder1002-01332599908032135.site 999080321newfolder1002-01342599908032135.site 999080321newfolder1002-01352599908032135.site 999080321newfolder1002-01362599908032135.site 999080321newfolder1002-01372599908032135.site 999080321newfolder1002-01382599908032135.site 999080321newfolder1002-01392599908032135.site 999080321newfolder1002-01402599908032135.site 999080321newfolder1002-01412599908032135.site 999080321newfolder1002-01422599908032135.site 999080321newfolder1002-01432599908032135.site 999080321newfolder1002-01442599908032135.site 999080321newfolder1002-01452599908032135.site 999080321newfolder1002-01462599908032135.site 999080321newfolder1002-01472599908032135.site 999080321newfolder1002-01482599908032135.site 999080321newfolder1002-01492599908032135.site 999080321newfolder1002-01502599908032135.site 999080321newfolder1002-01512599908032135.site 999080321newfolder1002-01522599908032135.site 999080321newfolder1002-01532599908032135.site 999080321newfolder1002-01542599908032135.site 999080321newfolder1002-01552599908032135.site 999080321newfolder1002-service100201blog25999080321.ru 999080321newfolder1002-service100201life25999080321.ru 999080321newfolder1002-service100201shop25999080321.ru 999080321newfolder1002002131-service1002.space 999080321newfolder1002002231-service1002.space 999080321newfolder1002002431-service1002.space 999080321newfolder1002002531-service1002.space 999080321newfolder100221-service1022020.ru 999080321newfolder100231-service1022020.ru 999080321newfolder100241-service10020999080321.ru 999080321newfolder100251-service25999080321.ru 999080321newfolder241-service10020125999080321.ru 999080321newfolder3100231-service1002.space 999080321newfolder33417-012425999080321.space 999080321newfolder351-service10020125999080321.ru 999080321newfolder4561-service10020125999080321.ru 999080321newfolder471-service10020125999080321.ru 999080321newfolder481-service10020125999080321.ru 999080321newfoldert161-service1002012425999080321.ru 999080321oopoest361-service10020125999080321.ru 999080321proftest981-service10020125999080321.ru 999080321rest21-service10020125999080321.eu 999080321rustest213-service10020125999080321.ru 999080321shoptest871-service10020125999080321.ru 999080321test11-service10020125999080321.press 999080321test125831-service10020125999080321.space 999080321test12671-service10020125999080321.online 999080321test13461-service10020125999080321.net 999080321test134831-service10020125999080321.space 999080321test13561-service10020125999080321.su 999080321test136831-service10020125999080321.space 999080321test146831-service10020125999080321.space 999080321test14781-service10020125999080321.info 999080321test147831-service10020125999080321.space 999080321test15671-service10020125999080321.tech 999080321test231-service10020125999080321.fun 999080321test261-service10020125999080321.space 999080321test281-service10020125999080321.ru 999080321test391-service10020125999080321.ru 999080321test41-service100201pro25999080321.ru 999080321test461-service10020125999080321.host 999080321test481-service10020125999080321.ru 999080321test51-service10020125999080321.xyz 999080321test571-service10020125999080321.pro 999080321test61-service10020125999080321.website 999080321tostest371-service10020125999080321.ru 999080321uest71-service100201dom25999080321.ru 999080321utest1341-service10020125999080321.ru 999080321yes1t3481-service10020125999080321.ru 999080321yest31-service100201rus25999080321.ru 999080321yirtest231-service10020125999080321.ru 999080321yomtest251-service10020125999080321.ru cozanostra.best jg5.5aef.pw naritouzina.net # Reference: https://www.virustotal.com/gui/domain/analyticsonline.top/relations # Reference: https://twitter.com/FaLconIntel/status/1247895934127591426 # Reference: https://twitter.com/malwrhunterteam/status/1327616871043133441 # Reference: https://www.virustotal.com/gui/file/8c842be9d93e2ada204da0ad0981b572e1de9d8ae3148d53af657c5aa147d877/detection # Reference: https://www.virustotal.com/gui/file/3266f6c72939e2c376af2a25529aa92500b4e4e9776f7ede132746b47ea7549a/detection analyticsonline.top /popunder_exe.php?id-user= /qwascx.php?name-pc= /work.php?id-user= # Reference: https://twitter.com/wwp96/status/1328341500699299841 # Reference: https://app.any.run/tasks/f58bd996-a019-4007-be4e-4d92d5644fa4/ http://35.198.141.22 # Reference: https://twitter.com/nao_sec/status/1332115770009034752 # Reference: https://app.any.run/tasks/c32ee8a3-ce61-4836-ac99-68337b254a1f/ # Reference: https://app.any.run/tasks/da45e6da-5dc7-4eee-a402-7642539ed9a6/ centralwestofbankoffice.cyou puffpuff423.top # Reference: https://www.virustotal.com/gui/file/9850bb21544a0375948ab304014fbad4d3a9bbd7289c5ca42de9447298ff8bce/detection # Reference: https://otx.alienvault.com/indicator/ip/45.82.68.166 proload.info # Reference: https://www.virustotal.com/gui/file/d920f89a4d8ae2f2cc597779c57e515c0f9451a66ecdaeef35169f6d0a43a35d/detection # Reference: https://www.virustotal.com/gui/domain/ultraspeed.info/relations ultraspeed.info # Reference: https://www.virustotal.com/gui/file/e7111acd60f1fbe98eac7e7ff9215b34758257a9badf2fe02ce8d39a1d0a3b73/detection watado.xyz # Reference: https://twitter.com/nao_sec/status/1334289601125445633 # Reference: https://app.any.run/tasks/daf21461-db00-47b7-a33e-a61e864ddc1a/ recyclecycle.top # Reference: https://www.virustotal.com/gui/file/8825eebf3e19804f89d438aa971ccf8335cb70724e76057c70f0a5cc3257d72c/detection hellousa.info superload24.info # Reference: https://www.virustotal.com/gui/file/8e61d7a623bdf6b531bdf7fc2fc20c14707b7e13f86773aa19badc56e0cb1ab6/detection chinarobotics2020.top # Reference: https://www.group-ib.com/blog/fakesecurity_raccoon azure-cloud1.co.za azure-cloud1.web.za azure-cloud2.co.za azure-cloud2.web.za azure-cloud3.co.za azure-cloud3.web.za azure-cloud4.co.za cloud-server-updater.co.za cloud-server-updater1.co.za cloud-server-updater10.co.za cloud-server-updater11.co.za cloud-server-updater12.co.za cloud-server-updater13.co.za cloud-server-updater14.co.za cloud-server-updater15.co.za cloud-server-updater16.co.za cloud-server-updater17.co.za cloud-server-updater18.co.za cloud-server-updater19.co.za cloud-server-updater2.co.za cloud-server-updater20.co.za cloud-server-updater21.co.za cloud-server-updater22.co.za cloud-server-updater23.co.za cloud-server-updater24.co.za cloud-server-updater25.co.za cloud-server-updater26.co.za cloud-server-updater27.co.za cloud-server-updater28.co.za cloud-server-updater3.co.za cloud-server-updater4.co.za cloud-server-updater5.co.za cloud-server-updater6.co.za cloud-server-updater7.co.za cloud-server-updater8.co.za cloud-server-updater9.co.za cloudupdate.co.za cloudupdates.co.za code-cloud1.co.za code-cloud2.co.za code-cloud3.co.za code-cloud4.co.za code-cloud5.co.za code-cloud6.co.za documents-cloud-server.co.za documents-cloud-server1.co.za documents-cloud-server2.co.za documents-cloud-server3.co.za documents-cloud-server4.co.za documents-cloud-server6.co.za documents-cloud-server7.co.za documents-cloud-server8.co.za documents-cloud-server9.co.za download-plugin.co.za download-plugins.co.za downloadplugins.co.za google-document.co.za microsoft-cloud1.co.za microsoft-cloud10.co.za microsoft-cloud11.co.za microsoft-cloud12.co.za microsoft-cloud13.co.za microsoft-cloud14.co.za microsoft-cloud15.co.za microsoft-cloud6.co.za microsoft-cloud7.co.za microsoft-cloud8.co.za microsoft-cloud9.co.za msupdater.co.za oneupdateadobe.co.za oneupdateadobe.org.za oneupdateadobe2.co.za oneupdateadobe2.org.za oneupdateadobe3.co.za oneupdateadobe3.com oneupdateadobe3.org.za oneupdateadobe4.co.za securitycloudserver.co.za updateadobeonline.co.za updateforadobenew.co.za # Reference: https://www.virustotal.com/gui/file/9428e5edade393b0c6a79b3232141428b970350b27b088d1bf235f6c15f7198d/detection # Reference: https://tria.ge/201220-ydzzbnfhze/behavioral1#report # Reference: https://app.any.run/tasks/09226a36-b84b-4c28-9a59-346f376fc337/ tripsafe.fun # Reference: https://www.virustotal.com/gui/file/366537de61541a69e63922342da061ce9cabbb92a8634553b098888a8f33c6dd/detection # Reference: https://www.virustotal.com/gui/file/8b43c9b2b93dfbf3732b6a9f40b391f0fe7ac0194a470c8b9a2c7cb71d5617ad/detection # Reference: https://www.virustotal.com/gui/file/988396426d899ee2029bc88f2d2c915ac3a3f4557f91bd2a170942e03de1ca2c/detection # Reference: https://app.any.run/tasks/347daeea-65cf-4313-9f27-9fc8b801bf47/ sibernetix.fr madrasdarbar.com/wp-admin/fw1.php madrasdarbar.com/wp-admin/fw2.php madrasdarbar.com/wp-admin/fw3.php madrasdarbar.com/wp-admin/fw4.php madrasdarbar.com/wp-admin/fw5.php madrasdarbar.com/wp-admin/fw6.php madrasdarbar.com/wp-admin/fw7.php madrasdarbar.com/wp-admin/fw8.php madrasdarbar.com/wp-admin/fw9.php madrasdarbar.com/wp-content/plugins/img1.php?id= madrasdarbar.com/wp-content/plugins/img2.php?id= madrasdarbar.com/wp-content/plugins/img3.php?id= madrasdarbar.com/wp-content/plugins/img4.php?id= madrasdarbar.com/wp-content/plugins/img5.php?id= madrasdarbar.com/wp-content/plugins/img6.php?id= madrasdarbar.com/wp-content/plugins/img7.php?id= madrasdarbar.com/wp-content/plugins/img8.php?id= madrasdarbar.com/wp-content/plugins/img9.php?id= /plugins/fw1.exe /plugins/fw2.exe /plugins/fw3.exe /plugins/fw4.exe /plugins/fw5.exe /plugins/fw6.exe /plugins/fw7.exe /plugins/fw8.exe /plugins/fw9.exe /plugins/fw1.php /plugins/fw2.php /plugins/fw3.php /plugins/fw4.php /plugins/fw5.php /plugins/fw6.php /plugins/fw7.php /plugins/fw8.php /plugins/fw9.php /wp-admin/fw1.exe /wp-admin/fw2.exe /wp-admin/fw3.exe /wp-admin/fw4.exe /wp-admin/fw5.exe /wp-admin/fw6.exe /wp-admin/fw7.exe /wp-admin/fw8.exe /wp-admin/fw9.exe /wp-admin/fw1.php /wp-admin/fw2.php /wp-admin/fw3.php /wp-admin/fw4.php /wp-admin/fw5.php /wp-admin/fw6.php /wp-admin/fw7.php /wp-admin/fw8.php /wp-admin/fw9.php /plugins/img1.php?id= /plugins/img2.php?id= /plugins/img3.php?id= /plugins/img4.php?id= /plugins/img5.php?id= /plugins/img6.php?id= /plugins/img7.php?id= /plugins/img8.php?id= /plugins/img9.php?id= # Reference: https://twitter.com/h2jazi/status/1341805802760364036 # Reference: https://www.virustotal.com/gui/file/f89ac1672d0ef466d78613257fe2735509afb9cb4aca81ceb1be8a288f1eb0d6/detection http://45.15.143.230/Raccoon/ /Raccoon/iencli32.dot /Raccoon/iencli32dot /Raccoon/Purchase.exe /iencli32dot /iencli32.dot # Reference: https://app.any.run/tasks/56c71276-54c1-447f-818c-decd01fe8cc0/ morasergiox.ac.ug taenaiaa.ac.ug helpsavedogs.top # Reference: https://app.any.run/tasks/56931149-9db8-43c0-8fae-8b6cd50ef4e4/ blacksmokegun.top # Reference: https://www.virustotal.com/gui/file/d23a96b27a385fec7eef04f0b312feda253e24275c160d8cc38c2b1c39e9c5b1/detection mynameisalfred.top /jbitchsucks # Reference: https://twitter.com/AvastThreatLabs/status/1362787975201886212 # Reference: https://www.virustotal.com/gui/file/5bb23670b1fd229c3ba9ab0b25839e715a90af8f01654f4b92134f7692e117fb/detection # Reference: https://app.any.run/tasks/12e02693-6660-452e-921e-414994a8335f/ yearofthepig.top # Reference: https://www.virustotal.com/gui/file/a285ef3f4162d1b869844edf63c3d1b88c3a0b296cacf6234835eafc9d674252/detection globalsalespartscn.top # Reference: https://www.virustotal.com/gui/file/a14fb42ce0bb182cfbaf6319ae29a96c81ba4ac195cba646ad899f63085e205c/detection 178.20.40.83:81 vaxton.club # Reference: https://www.virustotal.com/gui/file/38e9eda271a1bbf27d7486fb5ebf88da22a92711ffb19a43b9519e512c336252/detection pilinno.info pubload.info # Reference: https://twitter.com/McAfee_Labs/status/1364609358710136841 # Reference: https://app.any.run/tasks/d3bf337d-a795-484b-be3b-b9b7d38e875c/ mariofart8.top # Reference: https://www.virustotal.com/gui/file/5b77ec829dda6e8850db5e1bb0e7f77392aa9daf8313b8950a987993a3f5f8f8/detection f0491609.xsph.ru # Reference: https://www.virustotal.com/gui/file/4cbf92c3d4529f29269b2b00747d624859d7040f32091ede2d7386efb8983318/detection # Reference: https://www.virustotal.com/gui/file/0f4bca305be1d8b7c9f7c87311279e213cc04220f4f21907b2f976449ca185ac/detection gb-cleans.tech gucciworldcommunity.com takeshykurosavabest.com # Reference: https://twitter.com/JAMESWT_MHT/status/1368837298868129793 thereisnoscheme.top # Reference: https://twitter.com/pmmkowalczyk/status/1369034284246437888 # Reference: https://www.virustotal.com/gui/file/26156edb64b5cc30c393ec4e05ef7313134ca5f9ce4a057bb4130dcef1c1c9ec/detection againstpolicebrutality.top # Reference: https://twitter.com/pmmkowalczyk/status/1369234428267012113 # Reference: https://www.virustotal.com/gui/file/59efc85fe1524abbaf2f8dd1dbbfb6af070372ca1de0c43e4b4f9960ecc5d79a/detection nyqualitypizza.top # Reference: https://twitter.com/pmmkowalczyk/status/1369655824797360133 # Reference: https://www.virustotal.com/gui/file/bb50134057186ffb3de02361a670bbc405a1fe289ffb4f3b1e44abcffe80c592/detection hitfromthebong.top # Reference: https://www.virustotal.com/gui/file/00b737e6875f5c41cb05581c56330b220601e98cd54e4f5ba43e745762df23f9/detection 93.115.18.77:81 http://93.115.18.77 # Reference: https://twitter.com/pmmkowalczyk/status/1370802182761644032 # Reference: https://app.any.run/tasks/c8b972a9-60e1-4296-859e-d5b0fd41342e/ mynameischarliebrown.top # Reference: https://twitter.com/wwp96/status/1372012259904487428 http://93.190.138.2 # Reference: https://www.virustotal.com/gui/file/c2e8a322d8d5a837934556bd1b6c951a411581c2b8196c3be086fe0d43297300/detection http://45.139.236.6 # Reference: https://twitter.com/c3rb3ru5d3d53c/status/1377584138442641410 # Reference: https://app.any.run/tasks/42af693c-f1d9-46b9-ac3c-6c2fb1696a42/ duckduckstop.top # Reference: https://www.virustotal.com/gui/file/78271642776efafec0e3a1d3c808249bc44731a2595309e842c06bd3ca5e3965/detection youareperfect2day.top # Reference: https://www.virustotal.com/gui/file/a97f38db5b3a04a89eb0ca0fc744333e3118102fd355891505857e5016b54eab/detection minorleage.top # Reference: https://www.virustotal.com/gui/file/365c4d412d538e3308c77cac58204ce5e596d0baa7788215368fb4495e4b4232/detection # Reference: https://tria.ge/210507-8mfadfbjpe/behavioral1 miranore.top number1g.top # Reference: https://www.virustotal.com/gui/file/40e74935dd9135e38e3fd3e99aa361c87cee569664fce16660501ea617bd9d93/detection nuderono.top # Reference: https://www.virustotal.com/gui/ip-address/146.0.72.86/relations marunok.top # Reference: https://www.virustotal.com/gui/ip-address/146.0.72.89/relations secureim.top # Reference: https://twitter.com/petrovic082/status/1391394902911631369 # Reference: https://app.any.run/tasks/3d45121d-8f5a-470a-aa2a-e3e16de0350c/ http://34.89.59.109 # Reference: https://app.any.run/tasks/45f040e8-f0ee-4987-9504-d6b03200a0d2/ # Reference: https://tria.ge/210521-c4n3kxtnkx/behavioral1 http://45.142.212.182 # Reference: https://www.virustotal.com/gui/file/9cfc3729c9a4afd9d868185a9358866e83e63a01663aaadea46e631f7c97bb8b/detection http://34.105.230.174 # Reference: https://www.virustotal.com/gui/ip-address/34.88.222.181/relations # Reference: https://www.virustotal.com/gui/file/ab7a25c9c3b06601eed37969c1038920a5445a061fd8350fd564745911e79ce2/detection # Reference: https://www.virustotal.com/gui/file/b12fa69671aa80f206ecbeb8e52af324ff5f6ba3e4dcc789f412827d64bfb2a0/detection http://34.88.222.181 # Reference: https://www.virustotal.com/gui/file/79bbdb8009278ba629dae626b86f4447a81333ef9535e2a9341d5728571e4ae1/detection http://159.69.20.131 # Reference: https://twitter.com/nao_sec/status/1403322564580020227 # Reference: https://app.any.run/tasks/f00d7529-d2b7-4ad8-86ea-3d3bd256d8c3/ http://34.88.52.57 # Reference: https://www.virustotal.com/gui/file/73c74e428e5944013aac76cb54505d11616ae7d9fa13afb0beb4b2a7c29f8633/detection # Reference: https://www.virustotal.com/gui/file/6bde10caf2a906e88ab47ee8a0ff14e94a2dafa6f740bb8ab4bd21bc1fe234ea/detection # Reference: https://www.virustotal.com/gui/file/1aaedf67e498d2421c1afc740447f00dc7bf1a96a4b73cb9601a33b8594a5ff2/detection akadns9.net gate.akadns9.net test.akadns9.net # Reference: https://www.virustotal.com/gui/file/dcf436f1a886d5e07fb6029c2c2a0a87cc43b70626d4a35acadf975e08a9c55b/detection http://34.65.79.5 # Reference: https://bazaar.abuse.ch/sample/c54228f797eb663e6a223ecf20f225f91bc2e1dfbea5ac84687ff87513a0dad5 http://35.246.76.29 # Reference: https://www.virustotal.com/gui/file/84a790b8c39b4658e68f43ea5b61c22ae42bf92c5aeeb704eff40ff0820e5f3f/behavior/VirusTotal%20Jujubox http://185.157.162.75 bakercost.gq bravestone.ru # Reference: https://www.virustotal.com/gui/file/a9cd85d14daa44ea4e634d14c7225b73b7b82138b624bbf53222b6084acf5502/detection http://34.88.33.218 # Reference: https://www.virustotal.com/gui/ip-address/8.209.80.200/relations dopehope.top greenbook.top oldfinerecord.top simpleplan.top # Reference: https://www.virustotal.com/gui/file/2a92d81d45296a37dab3b61c3e26af03b680043205eae14acda1131302b61046/detection http://34.141.84.7 # Reference: https://tria.ge/210722-hf3hkgcyax/behavioral1 http://94.228.114.197 # Reference: https://tria.ge/210722-psafrxqafn/behavioral1 http://188.119.112.73 # Reference: https://tria.ge/210731-pdc5qrte6n # Reference: https://www.virustotal.com/gui/file/f778cca4f1de43b854a2ca78733215ea18a8eceaa94431e5b8c19cf4002ad893/detection # Reference: https://www.virustotal.com/gui/file/18a630378f7b892e5b1a1fe3c1d92ba702fcaac354fa09a175ed039851cf6dbb/detection readinglistforaugust1.club readinglistforaugust1.site readinglistforaugust1.xyz readinglistforaugust10.site readinglistforaugust10.xyz readinglistforaugust2.club readinglistforaugust2.site readinglistforaugust2.xyz readinglistforaugust3.club readinglistforaugust3.site readinglistforaugust3.xyz readinglistforaugust4.club readinglistforaugust4.site readinglistforaugust4.xyz readinglistforaugust5.site readinglistforaugust5.xyz readinglistforaugust6.site readinglistforaugust6.xyz readinglistforaugust7.site readinglistforaugust7.xyz readinglistforaugust8.site readinglistforaugust8.xyz readinglistforaugust9.club readinglistforaugust9.site readinglistforaugust9.xyz readinglistforjuly1.club readinglistforjuly1.site readinglistforjuly1.xyz readinglistforjuly10.club readinglistforjuly10.site readinglistforjuly10.xyz readinglistforjuly2.club readinglistforjuly2.site readinglistforjuly2.xyz readinglistforjuly3.club readinglistforjuly3.site readinglistforjuly3.xyz readinglistforjuly4.club readinglistforjuly4.site readinglistforjuly4.xyz readinglistforjuly5.club readinglistforjuly5.site readinglistforjuly5.xyz readinglistforjuly6.club readinglistforjuly6.site readinglistforjuly6.xyz readinglistforjuly7.club readinglistforjuly7.site readinglistforjuly7.xyz readinglistforjuly8.club readinglistforjuly8.site readinglistforjuly8.xyz readinglistforjuly9.club readinglistforjuly9.site readinglistforjuly9.xyz # Reference: https://tria.ge/210731-zmz5ynbcl6/behavioral1 # Reference: https://www.virustotal.com/gui/file/bf38a6555a9742fc97a6efbb662f2cda03cb5156c22e56417d74c06e4ebecce1/detection http://185.234.247.148 # Reference: https://www.virustotal.com/gui/file/2b5421fe219ccf463ddcd933739f038948f411e264ff8485589114a92c34b2c7/detection prof1t-crypt0.xyz # Reference: https://news.sophos.com/en-us/2021/08/03/trash-panda-as-a-service-raccoon-stealer-steals-cookies-cryptocoins-and-more/ cheapdealnow.top f0473248.xsph.ru aun3xk17k.space aun3xk18k.space aun3xk19k.space bbhmnn778.fun donotspace.pw # Reference: https://www.virustotal.com/gui/file/b96fe7672bb7f8bb93a34afa0cddb8adca26b29d37ad6177428e03a6f5decf19/detection http://35.205.249.65 # Reference: https://www.virustotal.com/gui/file/9ca59ba1030b3aacfb700c7a5315b2f507ff7aa4d9952c74eab76db232ce91c3/detection annafraudy.pw # Reference: https://www.virustotal.com/gui/file/6df4625a2800e03824bdbd634656e7a5eb36c800c6137510427e9ce5a6006868/detection avorlen.xyz # Reference: https://www.virustotal.com/gui/file/13d89de097dbbf41822ed9d024e53b8c934cd724c77ab9cfaeeff29fd98e6f5f/detection letsmakesome.fun # Reference: https://www.virustotal.com/gui/file/a0a50284a627570c96cf3ed3d05835bed9fe27d4732034c535a082f727db8660/detection youaresoslow.top # Reference: https://www.virustotal.com/gui/file/2a5fcaa841cb812407cb3bfa0bc2e304e71b0b081a4aaf38360dcf949e4ae2f0/detection http://91.214.124.126 bbbs7n5n2kohfwn4rlp4zozaqjue2batn26pblf3f.xyz # Reference: https://www.virustotal.com/gui/file/032ee9b7a4037c20fe7afab73c5dbdf36724d7a5e38dcc7e89ee5356a473716d/detection youcanfindmeonthe.top # Reference: https://www.virustotal.com/gui/file/e3cb68c0fc9640e1f84456d17837a14681991a0f2479215c14a62cfa731ad45e/detection videomart.top # Reference: https://www.virustotal.com/gui/file/62ae35bf94183248e227e5197f3d0e03de10ae80a02c054c90380b04aebd9d5f/detection belochkaneprihoditodna.top # Reference: https://www.virustotal.com/gui/file/e61886846ec468de3e977cfbb68e2f26df9fd3bef014dc17d8db8736e7b30dd3/detection mynameisjamesbrown.top # Reference: https://www.virustotal.com/gui/file/823a661a806d45ed15b0c501fa049efad049b1f4b230965eed8e37adcdd4c560/detection http://35.228.60.103 # Reference: https://www.virustotal.com/gui/file/8752f73ad02750730501bb8b87e164deeaba0a6ac81cf27ed7285dd3a3e9314f/detection number2g.top # Reference: https://www.virustotal.com/gui/file/42d7f38a0939dd15cc3ffd2ed9cc6be3a88120081cddc062275f105821920e83/detection genericalphabet.top # Reference: https://www.virustotal.com/gui/file/d4e62831f539ad067210308f28c5e93faec48b920038e340908e2e88c3fb0ca3/detection http://34.76.8.115 # Reference: https://www.virustotal.com/gui/file/dbba731937d435681ed98af6e42ab52d53af4f9ebe8db955a2b4b9ab63b4b06c/detection 135.148.139.222:33569 # Reference: https://twitter.com/abuse_ch/status/1449632874848792586 http://5.181.156.229 telegatt.top telemirror.top tgmirror.top # Reference: https://twitter.com/pr0xylife/status/1458056136565927939 # Reference: https://twitter.com/pr0xylife/status/1458056336961425415 # Reference: https://www.virustotal.com/gui/file/05a4d26a9ad8eec047a1cbc268e8bdad7cb3b62f8661cbc0d271208fd6485eed/detection http://138.68.162.128 http://185.163.47.176 http://188.166.1.115 http://193.38.54.238 http://194.180.174.145 http://74.119.192.122 http://91.219.236.133 http://91.219.236.162 http://91.219.236.240 /baldandbankrupt1 /bimboDinotrex /elonstack12 /jdiamond13 /nixsmasterbaks2 /ogaollebro1 /rino115sipsip /takecareandkeepitup # Reference: https://www.virustotal.com/gui/file/9b939d6792be4814bae998d6c757674730b32ce5f56e37e6b1d16968e3e9bf24/detection warmbeddy.top # Reference: https://www.virustotal.com/gui/file/60d20bdbfff1e73f1b1cca0f5b34a19b70fa855c470b2f382980dfb03d819d6d/behavior/Microsoft%20Sysinternals # Reference: https://www.virustotal.com/gui/file/60d20bdbfff1e73f1b1cca0f5b34a19b70fa855c470b2f382980dfb03d819d6d/behavior/Microsoft%20Sysinternals 91.243.32.23:12780 # Reference: https://www.virustotal.com/gui/file/f98b232e826f4a0a4f1aca5c1d704c964d82bd562d3bdab1d69baaa63e2f5891/behavior/Microsoft%20Sysinternals 23.88.109.42:55961 # Reference: https://www.virustotal.com/gui/file/d57e7380837a4cc5bf20d4134aa30c68c34d42c4517b6906b812b00cd72f9461/behavior/Microsoft%20Sysinternals # Reference: https://www.virustotal.com/gui/file/c00878138c8dd2df6ec39b436568b9c56b9c1fdde5878e50d9faa2eed87125e5/behavior/Microsoft%20Sysinternals ce27084.tmweb.ru 185.215.113.57:50723 # Reference: https://www.virustotal.com/gui/file/f859429e880efdc4ca45dccd04f16d167d6369b19e84ab91ab8be5ea85d496c5/behavior/Microsoft%20Sysinternals 194.58.69.100:37026 # Reference: https://www.virustotal.com/gui/file/9ffb47d819051a27ce0ed198a22c18f49f9e47c4ad19a7578aa84322ab4140e9/behavior/Lastline 164.132.202.23:35481 # Reference: https://www.virustotal.com/gui/file/96a2923ef8d971498bd84cfa20a4cad3329624f5cc9a10c17840927bc4cec3bf/behavior/Microsoft%20Sysinternals 95.181.152.14:46927 # Reference: https://www.virustotal.com/gui/file/2392f52588a43a91fbe330d046e5263272e100acb2f79193d788696ef9f2613d/behavior/Microsoft%20Sysinternals 185.215.113.109:44059 # Reference: https://www.virustotal.com/gui/file/39a9cd5cdd897d4c78294fbdd13c5114191ca378f2bb83c62b2a45dc744206ae/behavior/Microsoft%20Sysinternals 185.215.113.109:44059 # Reference: https://twitter.com/Racco42/status/1468371119170375682 # Reference: https://twitter.com/Racco42/status/1468371121309421569 http://185.225.19.18 http://91.219.236.207 http://91.219.237.227 /bigboomfish # Reference: https://twitter.com/MBThreatIntel/status/1471960582370721793 http://178.62.232.173 # Reference: https://twitter.com/benkow_/status/1476886648818384902 # Reference: https://dpaste.org/Nx77/raw (# Raccoon) actcake.xyz avisitorfromanotherworldy.xyz captivaterelated.xyz citizenmonopoly.xyz distortionvegetation.xyz grandfathertriangle.xyz headquartersplay.xyz mosquecreed.xyz polarrphotoeditor.net poloainstall.com predatorcarry.xyz trackinstall.xyz visitoralohasocietyofhawaiiy.xyz visitoranalyticsy.xyz visitorapplicationy.xyz visitorarrivalshawaiiy.xyz visitorattractionsy.xyz welcomethreshold.xyz windarm.xyz # Reference: https://www.virustotal.com/gui/file/0326d2a630429308a4b21861b6df55441d273385630180f3ba32e8b606ef956e/detection rowlingimpala.top tripsafe.fun # Reference: https://www.virustotal.com/gui/file/5a962e6116bde82aa809719f0b1872fa7b1d6a477cc915528ee5d06cea4c1b75/detection http://5.181.156.4 # Reference: https://www.virustotal.com/gui/file/d8ed836fecea80be2e62b4e0e75916671bcf7e81ad516a3cb2dc8249340a2a90/detection http://35.228.124.70 # Reference: https://www.virustotal.com/gui/file/fc5759a7c228d99dbd12e085feb5d17d845320df9fcbf44cc55f1af25bd3d423/detection l0lz.co # Reference: https://twitter.com/MBThreatIntel/status/1480681882668785665 http://185.163.204.22 http://185.163.204.24 /nixsmasterbaks2 # Reference: https://www.virustotal.com/gui/ip-address/212.224.105.79/relations alasshrilm.xyz ciathilyra.xyz deverreybl.xyz frerylystt.xyz ierinapu.xyz jonaianell.xyz kalamaivig.xyz prazubeina.xyz uspeelayla.xyz uzananobor.xyz xariebelal.xyz yabelesatg.xyz zellerncet.xyz # Reference: https://news.sophos.com/en-us/2021/08/03/trash-panda-as-a-service-raccoon-stealer-steals-cookies-cryptocoins-and-more/ # Reference: https://github.com/sophoslabs/IoCs/blob/master/raccoonstealer.csv # Reference: https://otx.alienvault.com/pulse/611390ac90bfcc235bfac828 darkwebs.ws # Reference: https://www.virustotal.com/gui/file/1854b148b78af64e8210f928a4a6185d60e820ce7dfc3edad01d721f94f894f2/detection http://91.219.236.49 telegin.top telegka.top /agrybirdsgamerept # Reference: https://www.virustotal.com/gui/file/84dc1aac57ee73c1a6115d5abdaf369ee91827ee6d6906c3404cc84a51e792b8/detection # Reference: https://www.virustotal.com/gui/file/8d03d7e009a1f39d1e0f089bf633007bce0f8ac64e5322e762a1d6091fcb8640/detection cert-mail.org mail-input.info charlie.mail-input.info # Reference: https://www.virustotal.com/gui/file/01a46fe5d3f043fe1b45548a36b63edfd841c1841ec5b6878d10ecab36d81d88/detection http://194.180.174.53 /jredmankun # Reference: https://twitter.com/BushidoToken/status/1487051192324825088 raccoonstealer.com # Reference: https://www.virustotal.com/gui/ip-address/47.88.17.74/relations # Reference: https://www.virustotal.com/gui/file/8f27a981e44cc3595009f7e78dde8ed1a13f1404b266d8277dab71237384d2a9/detection mageronad.top mentoribai.top moreinored.top newtonanddiana.top # Reference: https://www.virustotal.com/gui/file/ec3c0afccfef11f753a408c859d98bbba4841e87f7f1a48573270c0d82252b03/detection 8003659902.site 8003659902.space # Reference: https://www.cyberark.com/resources/threat-research-blog/raccoon-the-story-of-a-typical-infostealer # Reference: https://lp.cyberark.com/rs/316-CZP-275/images/CyberArk-Labs-Racoon-Malware-wp.pdf # Reference: https://www.virustotal.com/gui/file/a57e1f3217b993476c594570095d28b6c287731a005325e5f64a332a86cb7878/detection http://35.189.105.242 # Reference: https://www.virustotal.com/gui/file/019a364b08251e4318c4db82d00955f218b6641ca09f4d49efd85a4db508eb0e/detection http://194.180.174.41 http://91.219.236.148 http://91.219.236.18 # Reference: https://www.malware-traffic-analysis.net/2022/01/27/index2.html http://188.166.1.115 http://91.219.236.139 http://91.219.236.153 endoftheendi.com /kumchakl1 # Reference: https://www.virustotal.com/gui/ip-address/35.205.249.65/relations http://35.205.249.65 # Reference: https://www.virustotal.com/gui/file/03d48529d57b75b44a708262dba0caef92bef0dcd72d37b161b5a5276c9b525a/detection yarinefatt.xyz # Reference: https://www.virustotal.com/gui/file/0ea436c47fea3602536925f013ffd815a2f82cac16e03c190d571b41aa06f4b3/detection http://139.162.146.59 http://185.163.204.119 /cksuitegu # Reference: https://twitter.com/LixaH_CL/status/1494050209613107206 # Reference: https://www.virustotal.com/gui/file/f54ec287f5ce5da75fe3a255d601528d96172f09868a20458cb723de39073e8d/detection http://139.162.146.59 http://185.163.204.119 http://194.180.191.234 http://194.180.191.3 http://206.189.100.203 /sibiusio # Reference: https://www.virustotal.com/gui/file/2aa88269507cd63f9688a091af13da0d8f5bed5185335ea9010a0edd3c6aee7e/detection http://139.162.157.205 http://194.180.191.124 /wavesf # Reference: https://www.virustotal.com/gui/file/00f8eb4b23da98cf64beffa201cf519461193af881fda0b31acf376fe766e4b6/detection http://91.219.236.27 http://94.158.245.137 http://94.158.245.147 http://94.158.245.167 /h_smurf1kman_1 # Reference: https://www.virustotal.com/gui/file/018f187b5d0caed4c805ed066dcb0615c151cd52c0865ce85e3e7ec3f4069dd0/detection http://185.225.19.238 http://185.163.204.230 /borderxra # Reference: https://www.virustotal.com/gui/file/05cb839e6fe936257e42ce28f65469f0d421651b0ffdc8f74808845ed3552427/detection http://185.163.204.216 http://185.163.204.218 /duglassa1 # Reference: https://www.virustotal.com/gui/file/0bc1a8cdf1c963118f4d1d31c14175e6aad0bfa2fb38d431d8578602f39c323b/detection /derbasasa # Reference: https://www.virustotal.com/gui/file/0c1609590f4335e4365c07e767ca381954948767998d5da4a226929b8036678a/detection /hellobyegain # Reference: https://www.virustotal.com/gui/file/1704bfdf2f3cafdf218ec1171ae27a22f7c4727b278e3f6648420c2466335457/detection http://185.225.19.238 http://194.180.174.140 /wentexza # Reference: https://www.virustotal.com/gui/file/d24d2b6f33fe7df641f5f7f4ebaff22e5e2d036a33269121e6322ccabf946208/detection teletele.top ttmirror.top # Reference: https://www.virustotal.com/gui/file/034e8e297165eeb14372eea7a7e68756e561df39b84c5be924e542a36dee7418/detection /brikitiki # Reference: https://www.virustotal.com/gui/file/887ea929be30f19844dde144e5b1babdc38f8436e216c7d01b45ae602ed9d1c2/detection http://178.62.127.193 http://185.215.113.78 # Reference: https://lists.emergingthreats.net/pipermail/emerging-sigs/2021-November/030496.html # Reference: https://www.virustotal.com/gui/file/0e2fc097ab85ac49639d49d80a72d5d1a2bed3921f3621541866ac7fbdc62ac0/detection livetelive.top teleger.top teleghost.top teleliver.top telemir.top teleroom.top telestrong.top teletelo.top tgrampro.top # Reference: https://www.virustotal.com/gui/ip-address/194.87.196.220/relations boertilsar.top buioltran.top maladaro.top marodraf.top vuilodersa.top # Reference: https://www.virustotal.com/gui/file/077a7cc94f5b88dba69fee80250006a2fb3b5f5bdea612910d143ac188800f67/detection algrcabel.ru elsaunny.com go-piratia.ru hangxachtaythodoan.com korphoto.com pelangiqq99.com piratia.su pjure.at pkodev.net puffersweiven.com # Reference: https://www.virustotal.com/gui/file/00554453043d823beed8079d6dadbcffd036a031878aee5f9591e9c3157756ff/detection # Reference: https://www.virustotal.com/gui/file/70dab5c1df261f4df8dec4f2d5f83d83ccab1567dff8337a453823a9bcc933a4/detection http://178.79.174.111 http://206.189.100.203 /bi4s4eal /cashins /jeffreemazui3 /jjbadb0y /pus5nut # Reference: https://www.virustotal.com/gui/file/7f6b5298f9ed023b9d1210727318b9b97858ebeebedabbea4607ff3dcc5d90a1/detection ckrddvcveumq.ru # Reference: https://twitter.com/JaromirHorejsi/status/1534533988429271044 # Reference: https://twitter.com/James_inthe_box/status/1534587919410683904 # Reference: https://www.virustotal.com/gui/ip-address/5.252.22.88/relations # Reference: https://app.any.run/tasks/631b83d3-0f5d-4766-9b84-c35919fc4db0/ # Reference: https://medium.com/s2wblog/raccoon-stealer-is-back-with-a-new-version-5f436e04b20d bear-found.xyz load-brain.xyz really-software.xyz retro-rave.xyz vibe-soft.xyz # Reference: https://tria.ge/220611-3nvgladbhm http://5.252.22.62 # Reference: https://tria.ge/220612-fsjjkabga7 http://167.235.245.75 # Reference: https://tria.ge/220614-kybs5adadq http://2.58.56.247 # Reference: https://www.virustotal.com/gui/file/06c6a6cfe3900af0484501582befeb70ffe4d013b70a9ce5d2240292fa69dc94/detection proxyww.com # Reference: https://www.virustotal.com/gui/file/00c88d8947b2a24b5eec98b7a5b9ebfb0afa0ee6366b1c3af2d34418e0710dbf/detection http://37.0.8.39 # Reference: https://www.virustotal.com/gui/file/f7b1aaae018d5287444990606fc43a0f2deb4ac0c7b2712cc28331781d43ae27/detection http://51.195.166.201 # Reference: https://www.virustotal.com/gui/file/47f3c8bf3329c2ef862cf12567849555b17b930c8d7c0d571f4e112dae1453b1/detection http://51.195.166.184 http://94.158.247.24 # Reference: https://www.virustotal.com/gui/file/27e02b973771d43531c97eb5d3fb662f9247e85c4135fe4c030587a8dea72577/detection http://85.202.169.112 # Reference: https://tria.ge/220610-y6vg4afbgj http://185.106.94.148 # Reference: https://tria.ge/220610-qc14sabdaq http://185.227.111.81 # Reference: https://www.virustotal.com/gui/file/00b114eaad7c08764581dec3597d729aef386550e505ac8d9d0cdec6bcc3d89d/detection cafegreenvalley.com esmic.at # Reference: https://www.virustotal.com/gui/file/04099e26a13254f342682e06dba06168523f4b7e93fa40b801b89451300e8eaa/detection astrani.com diewebseite.at # Reference: https://app.any.run/tasks/2abb44b0-86f5-4e6c-a805-63c58f6a5186/ http://159.69.102.192 # Reference: https://twitter.com/0xDanielLopez/status/1545686578617630720 # Reference: https://twitter.com/1ZRR4H/status/1545777193535537152 # Reference: https://raw.githubusercontent.com/CronUp/EnAnalisis/main/2022-07-09_Racoon_C2_comms http://51.195.166.175 microstrategygivesbtc.com # Reference: https://www.virustotal.com/gui/file/44b865cbb4e178e013d37cdf330f726a99dac6a8bcc9a6ebc8002ccecdd2c69a/detection http://51.195.166.174 # Reference: https://www.virustotal.com/gui/file/5e614758b6344d6aa9619a75c110b9af4ea2dc1b1103c542e5d10e8d5fc2d66a/detection http://51.195.166.171 http://94.158.247.44 # Reference: https://www.virustotal.com/gui/file/fba1005e8c248ec460e6c13cb38759bd70d9db4882f88f651b194ab1800e656c/detection http://51.195.166.176 # Reference: https://www.virustotal.com/gui/file/0e24a0c019fc8b4ec43e4cf15e268607dbdbc23ea314145502f81d03c39a421f/detection http://51.195.166.178 # Reference: https://www.virustotal.com/gui/file/00c750cd38d99194ed9f19540f3a7668a8e88a317694d926a95351db00466121/detection http://51.195.166.181 # Reference: https://www.virustotal.com/gui/file/ca16432d519f2dfd1e5ca4216c861cce7895178aeb9e7e5d925d2ec28e4df0b1/detection http://51.195.166.183 # Reference: https://twitter.com/idclickthat/status/1547954303486218241 keystool.com # Reference: https://app.any.run/tasks/65885b80-bf6b-47e7-9e52-bca0f1d27413/ http://45.159.249.5 # Reference: https://tria.ge/220716-thc6padfel http://45.8.145.243 http://78.159.97.21 # Reference: https://tria.ge/220715-c8rnbsfhb6 http://162.33.179.100 # Reference: https://app.any.run/tasks/5fced4fd-b798-4344-b951-b8fa45fbb923/ http://116.202.178.170 # Reference: https://bazaar.abuse.ch/sample/494ab44bb96537fc8a3e832e3cf032b0599501f96a682205bc46d9b7744d52ab/ http://193.56.146.177 # Reference: https://twitter.com/idclickthat/status/1557714370297298945 # Reference: https://tria.ge/220811-p5k3lafddp # Reference: https://www.virustotal.com/gui/ip-address/45.153.35.20/relations http://185.53.46.156 http://45.140.147.73 http://45.159.251.140 ledgdown.com ledgrestartings.com legdreons.com wallet-ladger.com # Reference: https://twitter.com/MBThreatIntel/status/1560453584172421121 # Reference: https://www.virustotal.com/gui/file/2694222cb3dd3e186a014e5575065b29d9f2656735d35406761bb94293944da8/detection http://176.124.212.169 vpn-express-vpn.com # Reference: https://tria.ge/220822-vh3xsaafek/behavioral1 http://168.100.10.238 http://77.75.230.25 /W9H1B8P3F2J2H2K7U1Y7G5N4C0Z4B/ # Reference: https://www.virustotal.com/gui/file/6a895c7bff68fb8d532d13231f7e4237fda44b6eb7c541a3cb292101d8ecc5d2/detection http://45.150.67.175 # Reference: https://www.virustotal.com/gui/file/3af78a671cda535b18df772857f3008dcb1bf95ba3c087293f86185b860d0598/detection http://45.159.251.164 http://94.158.244.119 /wK6nO2iM9lE7pN7e/ # Reference: https://blog.sucuri.net/2022/08/fake-ddos-pages-on-wordpress-lead-to-drive-by-downloads.html bitttab.net # Reference: https://www.virustotal.com/gui/file/d8f4a974a2d65cc7e7e93a456896efbe804dad011c3e8ba8a3be71834e269105/detection http://213.252.244.230 # Reference: https://www.virustotal.com/gui/file/9d66a6a6823aea1b923f0c200dfecb1ae70839d955e11a3f85184b8e0b16c6f8/detection http://45.140.146.169 /aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/ # Reference: https://twitter.com/abuse_ch/status/1630111198036348928 # Reference: https://www.virustotal.com/gui/file/40ac4d8ee624e824ca4b6fe0cc01df13a36d31ca53036c1e0f963cefa7ed8948/detection # Reference: https://www.virustotal.com/gui/file/0c78984cd2afe869307aca9d8dc9d257f650616b12fa45a2a79a83821f1e7b37/detection # Reference: https://www.virustotal.com/gui/file/82d54b01efce5dd7f9cc36e77e9663a545c834a89981e71be1ca1ae1ffc4fc66/detection http://179.43.140.174 http://179.43.140.229 http://179.43.141.116 ultra-cheat.ru.net /BEBRA.php /BEBRIK.php /DLCGHOUL.php /DLEBEBRA2.php /DLIMSORRY.php /SOSORRY.php /VERBORROV.php # Reference: https://twitter.com/faisalusuf/status/1565577100228263936 # Reference: https://app.any.run/tasks/d3caf7ce-316a-45df-a4a7-95594b68b26c/ http://116.203.105.117 http://174.138.15.216 # Reference: https://www.virustotal.com/gui/file/0a7682c0607e0fcb3580d28aec0e3439d6eae0cde1ab3359832046f7f33cdb0f/detection http://62.204.41.192 # Reference: https://www.virustotal.com/gui/file/32d081287ed11af4a7cec2a17e44885fd80d8770a4b1ef21da009e68f97bf9b6/detection http://212.193.30.115 http://45.133.1.107 http://45.133.1.182 # Reference: https://twitter.com/idclickthat/status/1572265426440323073 # Reference: https://tria.ge/220920-t1wezsdgc2 # Reference: https://app.any.run/tasks/9f262d66-d29f-4f68-a549-a27568a1664a/ http://89.185.85.53 appshigh.com # Reference: https://www.virustotal.com/gui/file/6e032bb49d967ed134440ff43ea7ab2ffb3166e62fcc9cbedabbb51bafe9d116/detection beastmode-1.xyz # Reference: https://tria.ge/220914-2yaphafcdl/behavioral1 http://102.130.114.185 # Reference: https://twitter.com/WhichbufferArda/status/1571125906856620034 # Reference: https://www.virustotal.com/gui/file/28a833907c5f992bda6d3973437bba07b5e990adcd21970590c8ec7c39cf9405/detection http://94.131.106.116 # Reference: https://twitter.com/WhichbufferArda/status/1571527103761518593 # Reference: https://www.virustotal.com/gui/file/582980ba975d2510ff4ec9c0b501b0db08373aa53f9ff040bdfbdb16dda0369c/detection http://193.149.129.144 http://45.67.229.149 http://94.131.104.18 /rgd4rgrtrje62iuty/ # Reference: https://twitter.com/Iamdeadlyz/status/1572261545299836929 # Reference: https://www.virustotal.com/gui/file/7b0d940175c7c440f5bc5b54bf72b899fc5cef36ff62e65c2f52856e75d0b05b/detection http://91.201.25.172 # Reference: https://twitter.com/idclickthat/status/1572280867577528325 # Reference: https://tria.ge/220920-v3wdfahfcp http://168.100.9.109 # Reference: https://www.virustotal.com/gui/file/60009a057bc8cbf7bf6577f516a26e23487909791ddda210687236af448224f9/detection http://193.149.185.192 http://45.89.55.113 /Z2J8J3N2S2Z6X2V3S0B5/ # Reference: https://app.any.run/tasks/3a72e567-33b0-4843-98e3-9615cc09b007/ http://116.202.179.139 # Reference: https://twitter.com/pollo290987/status/1574396187377106945 http://20.163.204.239 # Reference: https://twitter.com/JAMESWT_MHT/status/1574626812466180096 http://80.92.205.35 http://94.131.107.206 # Reference: https://tria.ge/220829-n4kvrsggek http://45.67.35.151 # Reference: https://www.virustotal.com/gui/file/0b7410c41dd49a7a43487fa0e56f5b336951609e67b873d5cdd70632a954b4a8/detection http://185.225.19.55 # Reference: https://twitter.com/idclickthat/status/1578893652625018880 # Reference: https://tria.ge/221008-3k1jfafhh4/behavioral1 http://15.235.89.55 http://167.114.45.110 http://51.68.28.146 zoomsoftware.info # Reference: https://tria.ge/221014-wdxewadhg3/behavioral2 http://168.100.9.234 /oko84pgIrymhc7w/ # Reference: https://www.virustotal.com/gui/file/35ad6f7ca469732908cb3c2f4777589baa74b189b2efa3b891f53765fe52f881/detection http://193.149.180.210 /GdjrtfHETyier5rfVMD/ # Reference: https://www.virustotal.com/gui/file/fcf421952d84ded2ae3c64d60e404be047df6bbf7c126286d673301ea9639296/detection http://94.131.97.129 # Reference: https://www.virustotal.com/gui/file/eeb5ee631e4e3dea3a6faf8fc70bf52d1814db8f5c6a6ebe729ae23df71879e5/detection http://116.202.186.42 http://116.203.10.3 http://45.89.55.198 # Reference: https://www.virustotal.com/gui/file/c834c1de44e284183d5a90eda6835c4d5b4da809ea513b22876422865ae5fa90/detection http://45.8.147.4 # Reference: https://www.virustotal.com/gui/file/ae2c3f918a302dcc08de5830ee6b57c7aee99855ff45e28b82502f2d92fe8940/detection http://195.201.251.151 # Reference: https://www.joesandbox.com/analysis/700916/0/html http://116.203.167.5 # Reference: https://twitter.com/SquiblydooBlog/status/1584143778637455360 # Reference: https://tria.ge/221022-rlh51adea4/behavioral2 http://185.25.51.202 soft-portal.shop # Reference: https://www.virustotal.com/gui/file/01a5005f3ad75fd7073b3eaccbc3dfc7b5a3fe71653abd9e811b9da3d3edda76/detection http://194.37.80.221 # Reference: https://twitter.com/crep1x/status/1584256833962749954 http://5.255.103.158 # Reference: https://twitter.com/0xLEZOS/status/1584581005175705601 # Reference: https://www.virustotal.com/gui/file/695099e4dd37db1f66b01bb0b5bccee6c37b80e2d9fe4985053e35c19b032ace/detection http://94.158.247.30 notion.bz # Reference: https://www.virustotal.com/gui/file/ad006450f536033f61832ec050467f9331ba94a22e7239a319893415fccf7b5d/detection http://45.15.156.72 # Reference: https://twitter.com/l205306/status/1560987822839832576 # Reference: https://www.virustotal.com/gui/file/08df76e878ce7055f3aa2e264432bb3a775ff01e42ca8c95a7fd8ce50a5b621a/detection http://77.73.133.0 sky-soft.space # Reference: https://twitter.com/l205306/status/1555575473434152960 http://78.159.103.195 http://78.159.103.196 software-catalog.space # Reference: https://twitter.com/l205306/status/1553727224989503489 http://172.86.75.27 x4webs.com # Reference: https://blog.cyble.com/2022/10/25/dual-malware-infection-targets-cryptocurrency-users/ 179.43.140.174 s457516.ha003.t.justns.ru # Reference: https://www.virustotal.com/gui/file/d4b8c8e5ccc02be55f8c742257178df24c66ef4ac7a98273467c73046f9e655a/detection http://84.32.188.31 # Reference: https://www.virustotal.com/gui/file/2991a8a3c36383f0d24c316254005053f91249590e74f96265e416f82b7326d3/detection http://159.69.241.241 # Reference: https://twitter.com/Gi7w0rm/status/1586776595469041664 # Reference: https://www.virustotal.com/gui/file/ad695e274df8ad2e8dc99c2b9184680c0a3f52afb5bf91717d921a1e5807326b/detection http://178.62.211.84 http://5.45.66.129 # Reference: https://twitter.com/abuse_ch/status/1586787216227012631 # Reference: https://urlhaus.abuse.ch/browse.php?search=%2FaN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK http://146.70.86.136 http://176.124.203.182 http://176.124.207.141 http://185.143.223.72 http://193.233.48.6 http://193.33.195.39 http://31.41.244.153 http://45.8.144.183 http://51.68.28.231 http://88.119.169.78 http://88.119.171.205 http://89.185.85.151 http://89.208.103.222 http://94.131.109.53 # Reference: https://www.virustotal.com/gui/ip-address/192.42.116.41/relations # Reference: https://www.virustotal.com/gui/file/008c499fe866366e3156bdf7319d4540ed89b9571f01ea39133155d8aabaa933/detection apowkfeeifin21.site blodinetisha15.site cusanthana12.site cytheriata4.xyz danniemusoa7.store dmunaavank10.store ersyglhjkuij7.xyz ewoijioewoif27.club fazanaharahe1.xyz fwenmfioewnjo26.club fwjenfuihew28.club fwkejnfuiewn29.club fwkjenfuewnh30.club gfyufuhhihioh17.site ggiergionard5.xyz gilmandros11.site iefhuiehruiu23.site mewmofinoine22.site nastanizab8.store nsgiuwrevi18.site oiureveiuv19.site ovrnevnriuen20.site readinglistforaugust10.club readinglistforaugust5.club readinglistforaugust6.club readinglistforaugust7.club readinglistforaugust8.club roimvnnvwniov25.club ustiassosale3.xyz vjrnnvinerovn24.club willietjeana13.site wnlonevkiju16.site xandelissane2.xyz ximusokall14.site # Reference: https://www.team-cymru.com/post/inside-the-v1-raccoon-stealer-s-den dq7shlx5o67t64ljuzisyp34s3n7vepnhc5ijt5hjh433qzaatyj5bid.onion # Reference: https://www.virustotal.com/gui/file/237e88f7f9445399fbda4b9a82942309fe272077883d00397ffa2e5c0ca6dd08/detection http://45.147.231.4 # Reference: https://www.virustotal.com/gui/file/3242b1d64d7ab9792dfce067d4d670f37277dc7825e45ee1e17ff70fb9809022/detection http://185.238.168.190 http://5.61.50.161 http://5.61.51.73 # Reference: https://blog.cyble.com/2022/11/08/massive-youtube-campaign-targeting-over-100-applications-to-deliver-info-stealer/ http://51.255.211.253 http://91.213.50.70 # Reference: https://twitter.com/th3_protoCOL/status/1590493788635824128 # Reference: https://twitter.com/1ZRR4H/status/1590514594497581058 # Reference: https://tria.ge/221110-anef6afadk/behavioral1 http://146.70.86.46 freesoftwar.com soft-cloud.org # Reference: https://twitter.com/AuCyble/status/1590694320264601600 download-torrent-pro.com # Reference: https://www.virustotal.com/gui/file/1e14063f58c7141ce18cf6aa97357217dbff6b5a4ff21df20ca13c9baa0ba512/detection http://193.106.191.150 # Reference: https://www.virustotal.com/gui/file/0994292bbec307e21f6f4c2d45fb8258fef8abe1611a5d611e98062f29e0ad16/detection http://193.106.191.155 /WYyJf5noB6.php # Reference: https://www.virustotal.com/gui/file/36bd02986dce2eed41c7de5ba2fad40054dc7c3afa853837eca3e5aec8c97cd0/detection http://185.225.17.198 http://193.106.191.162 http://193.106.191.223 http://5.252.176.62 # Reference: https://www.virustotal.com/gui/file/048ff2c2d619d58ace213fe63487b76681ce386c0f234a04f1db5b36e96bf323/detection http://5.253.19.133 http://5.253.19.61 # Reference: https://twitter.com/MichalKoczwara/status/1591117083961884673 # Reference: https://tria.ge/221111-t63q9abh2s http://213.252.247.230 http://213.252.247.23 # Reference: https://twitter.com/crep1x/status/1592270229190881280 # Reference: https://www.virustotal.com/gui/file/7e4371101f788c3f31179a2d0ee6fdb933367f21cc9dc28a65928373d2253d2f/detection http://45.153.230.92 http://45.8.144.148 http://81.19.140.3 http://91.213.50.70 http://94.131.109.157 # Reference: https://twitter.com/idclickthat/status/1593321833742434307 # Reference: https://tria.ge/221117-xr9g2afd26 http://193.47.61.188 star-link.app # Reference: https://twitter.com/1ZRR4H/status/1593377638504087553 http://45.15.156.105 http://45.15.156.116 http://45.15.156.120 http://45.15.156.122 http://45.15.156.2 http://45.15.156.36 http://45.15.156.38 http://45.15.156.40 http://45.15.156.42 http://45.15.156.65 http://45.15.156.90 http://45.15.156.94 http://45.15.156.95 # Reference: https://twitter.com/idclickthat/status/1594350316266422276 # Reference: https://twitter.com/BushidoToken/status/1594374268057522180 # Reference: https://tria.ge/221120-sldqysdd5s http://193.149.180.60 http://193.149.185.171 http://193.149.187.34 cloudsintheslack.com cloudsslack.com slack-download.net slackicorp.com slackuk.com # Reference: https://threatfox.abuse.ch/browse.php?search=malware%3Arecordbreaker http://107.152.42.43 http://107.152.44.45 http://109.107.175.28 http://111.90.143.220 http://116.202.0.25 http://116.203.214.248 http://135.148.104.11 http://135.181.103.91 http://135.181.104.145 http://135.181.168.157 http://135.181.185.150 http://144.76.31.117 http://146.19.173.87 http://146.19.247.151 http://146.70.139.240 http://146.70.86.235 http://151.236.1.121 http://152.89.196.234 http://152.89.218.79 http://157.90.154.157 http://159.69.101.181 http://164.92.186.156 http://167.172.152.136 http://167.235.133.31 http://167.235.134.14 http://167.235.135.253 http://167.235.234.131 http://168.100.10.253 http://168.100.9.214 http://172.111.36.191 http://172.86.120.142 http://172.86.120.42 http://172.86.121.106 http://176.113.115.217 http://176.124.210.131 http://176.124.211.205 http://179.43.162.97 http://179.43.163.117 http://185.106.92.14 http://185.106.92.25 http://185.215.113.26 http://185.225.17.100 http://185.225.17.101 http://185.225.17.16 http://185.225.19.229 http://185.25.51.125 http://185.253.96.120 http://185.51.247.192 http://185.51.247.56 http://188.119.112.230 http://188.127.227.51 http://188.212.125.115 http://188.215.229.203 http://188.93.233.101 http://188.93.233.33 http://193.106.191.199 http://193.149.129.109 http://193.149.129.96 http://193.149.185.168 http://193.149.187.118 http://193.201.126.64 http://193.233.193.56 http://193.33.194.176 http://193.38.55.180 http://193.38.55.82 http://193.43.146.80 http://193.43.147.159 http://193.43.147.242 http://193.43.147.6 http://194.104.136.99 http://194.180.174.102 http://194.180.174.117 http://194.180.174.118 http://194.180.174.72 http://194.36.177.117 http://194.87.216.139 http://195.201.255.175 http://20.39.251.171 http://206.166.251.166 http://206.166.251.254 http://206.188.196.200 http://212.118.36.128 http://212.118.39.74 http://213.170.133.159 http://213.170.133.189 http://213.252.244.27 http://213.252.245.214 http://213.252.247.104 http://213.252.247.130 http://213.252.247.97 http://217.182.36.132 http://23.229.117.245 http://23.229.117.249 http://23.88.58.125 http://31.41.244.137 http://31.41.244.88 http://37.1.206.174 http://45.10.20.248 http://45.11.19.99 http://45.138.74.104 http://45.138.74.152 http://45.140.147.122 http://45.140.147.223 http://45.140.147.76 http://45.142.214.212 http://45.144.29.146 http://45.144.29.235 http://45.147.228.210 http://45.147.231.141 http://45.15.156.102 http://45.15.156.16 http://45.15.156.27 http://45.15.156.56 http://45.153.230.205 http://45.153.230.5 http://45.153.240.208 http://45.153.241.202 http://45.153.242.180 http://45.159.189.41 http://45.159.248.118 http://45.61.137.163 http://45.61.138.131 http://45.67.229.220 http://45.67.231.142 http://45.67.231.202 http://45.67.231.93 http://45.67.35.17 http://45.67.35.251 http://45.8.144.151 http://45.8.144.153 http://45.8.144.53 http://45.8.145.174 http://45.8.145.198 http://45.8.145.203 http://45.8.145.21 http://45.8.145.222 http://45.8.146.190 http://45.8.146.34 http://45.87.3.111 http://45.89.54.95 http://45.89.55.178 http://45.95.11.158 http://46.249.35.162 http://46.249.58.152 http://49.12.5.43 http://5.182.39.76 http://5.2.70.65 http://5.252.177.20 http://5.252.177.64 http://5.252.21.28 http://5.252.23.112 http://5.253.19.142 http://5.45.67.19 http://5.61.42.196 http://51.104.40.109 http://51.140.255.32 http://51.195.166.180 http://51.79.211.202 http://62.113.255.110 http://64.44.102.116 http://64.44.102.241 http://65.108.20.194 http://65.108.20.41 http://65.108.240.126 http://65.109.13.85 http://65.21.183.166 http://65.21.186.115 http://74.119.194.185 http://77.220.215.14 http://77.220.215.34 http://77.232.39.101 http://77.73.132.74 http://77.73.133.1 http://77.73.133.23 http://77.73.133.49 http://77.73.133.7 http://77.73.133.92 http://77.73.134.31 http://77.75.230.68 http://77.75.230.93 http://77.91.102.246 http://77.91.123.97 http://77.91.73.213 http://78.153.144.98 http://78.159.103.214 http://78.47.191.142 http://79.137.192.29 http://79.137.195.225 http://79.137.197.212 http://79.137.205.87 http://80.66.87.23 http://80.66.87.28 http://80.66.87.43 http://80.92.205.130 http://80.92.206.126 http://80.92.206.215 http://82.115.223.5 http://84.246.85.144 http://84.246.85.153 http://84.246.85.28 http://84.246.85.43 http://84.32.188.111 http://85.192.63.175 http://85.192.63.46 http://87.120.254.71 http://87.236.161.20 http://87.251.77.253 http://87.251.77.27 http://88.119.161.159 http://88.119.169.24 http://88.119.169.27 http://88.119.169.49 http://88.119.169.51 http://88.119.169.55 http://88.119.170.105 http://88.119.170.241 http://88.119.171.176 http://88.119.171.62 http://88.119.171.79 http://88.119.174.185 http://88.119.175.136 http://88.210.6.78 http://89.185.85.175 http://89.185.85.230 http://89.208.103.4 http://89.208.103.56 http://89.208.104.165 http://89.208.104.46 http://89.208.104.89 http://89.208.107.42 http://89.22.226.85 http://89.58.0.206 http://91.234.254.126 http://91.240.118.160 http://92.204.160.116 http://92.38.240.8 http://93.115.21.96 http://93.185.166.43 http://93.185.166.95 http://94.131.100.111 http://94.131.100.147 http://94.131.106.183 http://94.131.106.184 http://94.131.106.196 http://94.131.106.225 http://94.131.106.59 http://94.131.106.92 http://94.131.107.214 http://94.131.107.23 http://94.131.107.238 http://94.131.107.239 http://94.131.107.59 http://94.131.109.18 http://94.131.109.56 http://94.131.97.157 http://94.131.97.33 http://94.158.247.25 http://95.141.41.13 http://95.216.177.153 http://95.216.178.91 http://95.216.251.186 http://95.216.252.180 http://95.217.187.116 http://95.217.241.175 filetick.pro inexu.top o3shuzjrnpzf2aiq.online shettester1000.com # Reference: https://threatfox.abuse.ch/browse.php?search=malware%3Araccoon http://101.99.95.192 http://101.99.95.5 http://103.155.93.229 http://103.155.93.70 http://136.244.65.99 http://138.197.179.146 http://139.162.210.29 http://140.82.52.55 http://142.132.180.233 http://142.132.225.253 http://142.132.229.12 http://146.19.247.28 http://146.19.247.91 http://146.70.124.71 http://146.70.125.95 http://146.70.160.4 http://149.202.65.236 http://159.223.25.220 http://164.92.172.4 http://176.58.125.121 http://176.58.98.13 http://178.128.94.180 http://178.62.198.37 http://178.79.160.84 http://178.79.161.18 http://179.43.154.171 http://185.163.204.20 http://185.163.204.212 http://185.163.204.219 http://185.163.204.229 http://185.163.204.32 http://185.163.204.47 http://185.163.204.62 http://185.163.204.9 http://185.163.47.175 http://185.225.19.128 http://185.225.19.190 http://185.225.19.198 http://185.246.220.214 http://185.62.56.113 http://188.166.49.196 http://188.40.147.166 http://192.248.184.34 http://193.149.176.204 http://193.233.193.50 http://193.38.54.50 http://193.43.146.17 http://193.43.146.26 http://193.43.147.132 http://194.180.158.174 http://194.180.174.104 http://194.180.174.161 http://194.180.174.181 http://194.180.174.182 http://194.180.174.40 http://194.180.174.55 http://194.180.174.97 http://194.87.31.186 http://195.201.248.58 http://206.166.251.218 http://206.188.197.116 http://206.189.234.222 http://207.154.195.173 http://212.118.38.177 http://213.226.100.106 http://23.88.55.150 http://31.13.195.44 http://45.133.216.145 http://45.133.216.170 http://45.133.216.249 http://45.142.212.100 http://45.142.214.247 http://45.142.215.50 http://45.142.215.92 http://45.144.30.91 http://45.15.156.31 http://45.150.67.85 http://45.152.86.98 http://45.153.230.183 http://45.153.240.247 http://45.153.241.28 http://45.182.189.196 http://45.61.138.121 http://45.67.34.234 http://45.84.0.80 http://45.9.148.139 http://46.101.30.175 http://5.181.156.242 http://5.181.156.62 http://5.181.156.92 http://5.252.22.107 http://5.252.22.66 http://5.253.19.65 http://51.195.166.185 http://51.195.166.186 http://51.195.166.204 http://51.210.87.110 http://65.108.20.64 http://65.108.216.10 http://77.73.132.84 http://77.73.133.69 http://77.91.102.115 http://77.91.102.44 http://77.91.73.162 http://77.91.74.67 http://82.202.172.185 http://83.149.87.220 http://84.246.85.178 http://85.159.212.113 http://88.119.171.225 http://89.108.102.157 http://89.185.84.7 http://89.185.85.173 http://91.194.11.43 http://91.219.236.143 http://91.219.236.212 http://91.219.236.69 http://91.219.236.97 http://91.219.237.226 http://91.242.229.166 http://93.115.19.194 http://93.115.28.51 http://94.131.107.132 http://94.131.97.56 http://94.158.244.21 http://94.158.245.199 http://94.158.247.13 http://95.216.88.185 https://45.144.29.146 cdnofficecloud.net game4486.worldhosts.fun robloxscript.site roll-rave.site telegalive.top telegraf.top toptelete.top # Reference: https://twitter.com/idclickthat/status/1597260362705145857 # Reference: https://tria.ge/221128-s2tr4sdg38/ http://185.173.34.39 fajaspieldeangel.co trial-autodesk.com # Reference: https://twitter.com/l205306/status/1597928917775503360 all-soft.space gldfreesofts.site mixsoftware.org selfw4re.net trustgamesoft.com # Reference: https://twitter.com/James_inthe_box/status/1598351953246900228 # Reference: https://app.any.run/tasks/62b03113-07e9-4fd5-a371-634e022e50c8/ http://88.210.9.212 # Reference: https://www.virustotal.com/gui/file/85317946bf51e7c6080c6607f18c05e587647aeafdad2f77316c6addaf474f2d/detection download-serv-463256.xyz youtubedonwload4.xyz youwebmaster.net # Reference: https://twitter.com/idclickthat/status/1602358835322261518 # Reference: https://tria.ge/221212-v6evvscb23/behavioral2 http://88.119.169.120 amdicat.com infamousmails.com # Reference: https://twitter.com/crep1x/status/1603739742910169088 # Reference: https://tria.ge/221216-pzp5cseg23 http://94.131.98.162 chrone-intsall.com # Reference: https://www.virustotal.com/gui/file/1443b2fa3ece332d66836172ff5c75237fd064300f3c8c1754c319935ed44797/detection http://179.43.142.85 # Reference: https://twitter.com/crep1x/status/1604561875949199373 # Reference: https://tria.ge/221218-mljz3sbe86/behavioral2 http://213.252.247.188 # Reference: https://twitter.com/Gi7w0rm/status/1606330240351051777 http://94.131.98.99 http://94.131.98.100 # Reference: https://www.virustotal.com/gui/file/8de8b2295a85d4817c4da8ca24a438ada4edb5e80ef93ae48646ff5d918ddeac/detection http://212.118.38.57 # Reference: https://twitter.com/r3dbU7z/status/1607028963980754945 # Reference: https://www.virustotal.com/gui/file/5fa1c3ddf64efe1a1c7482987bcd03b32bdbebbb5ca7adeca2f5615d24790811/detection http://94.131.100.85 # Reference: https://twitter.com/r3dbU7z/status/1607803057672421376 # Reference: https://www.virustotal.com/gui/file/14d0ab048470cf65ec844ce0a841204c8120c190a5838bc5bcdb85a1ea9f56fa/detection http://193.3.23.11 aircompany.site slakosuoyoliusdd.ru tinunlomitedwastan.ru # Reference: https://twitter.com/malware_traffic/status/1608690081178750976 http://146.70.102.99 # Reference: https://www.virustotal.com/gui/file/3dc8685a50a7899e1edb038851f791a992a558213a376bd1494d7be86f8a3935/detection http://94.131.98.103 http://94.131.98.177 # Reference: https://www.virustotal.com/gui/ip-address/161.117.231.217/relations # Reference: https://www.virustotal.com/gui/ip-address/161.117.83.93/relations # Reference: https://www.virustotal.com/gui/file/00264ad58c30937544a5e3ce096bd3dcab52f18a2b8554a0ec8634526ecc42b7/detection # Reference: https://www.virustotal.com/gui/file/2f87741b700ead4acc6ed82d781626d389c71fd17f50666ab6a978ea4a101831/detection # Reference: https://www.virustotal.com/gui/file/32fcf602c79e06547233ab22eca1d6979d8739bec9ae9cc7bffcf494631c16f9/detection # Reference: https://www.virustotal.com/gui/file/6b9ba9d6bddecf83a47f18d8f7c747b14747107c6b6bd5e94da46779cef341ed/detection asmupdate1.top asmupdate2.top asmupdate3.top asmupdate4.top fasmupdate1.top fasmupdate2.top fasmupdate3.top fasmupdate4.top idaupdate1.top idaupdate2.top idaupdate3.top idaupdate4.top lastupdate1.top lastupdate2.top lastupdate3.top lastupdate4.top rockupdate1.top rockupdate2.top rockupdate3.top rockupdate4.top # Reference: https://mobile.twitter.com/0xrb/status/1610512844222763008 http://104.234.147.80 http://109.107.173.210 http://116.203.105.175 http://138.124.180.91 http://146.70.86.243 http://147.135.62.201 http://147.135.62.202 http://152.89.247.84 http://154.7.253.54 http://172.86.122.234 http://176.124.212.149 http://179.43.163.110 http://185.234.247.220 http://188.34.203.37 http://193.38.55.43 http://194.15.216.23 http://194.4.49.101 http://194.87.216.120 http://195.133.75.104 http://212.114.52.79 http://212.114.52.89 http://212.192.31.175 http://37.220.87.12 http://37.220.87.25 http://37.220.87.34 http://37.220.87.38 http://45.11.19.199 http://45.11.19.40 http://45.130.151.120 http://45.140.146.74 http://45.144.31.115 http://45.15.156.151 http://45.15.156.168 http://45.15.156.169 http://45.15.156.179 http://45.15.156.75 http://45.67.228.98 http://45.67.35.164 http://45.77.137.243 http://45.8.147.239 http://5.252.118.177 http://5.252.178.86 http://51.255.211.170 http://51.81.254.14 http://77.73.133.123 http://77.73.133.45 http://77.73.133.51 http://77.73.134.30 http://79.137.196.11 http://79.137.202.214 http://80.92.205.177 http://83.220.171.29 http://83.97.20.99 http://84.246.85.98 http://86.105.252.165 http://88.119.161.188 http://88.119.161.195 http://88.119.161.198 http://88.119.169.187 http://88.119.169.193 http://88.119.170.115 http://89.40.206.86 http://91.215.85.146 http://93.185.166.49 http://94.131.100.83 http://94.131.105.198 http://94.131.98.102 http://95.217.102.106 exsolution-softs.com nextgen-game.com respekt5567.com softeasy.org softeasy.pro softwareofficial.site vipsoft.store # Reference: https://twitter.com/teamcymru_S2/status/1610320609531285504 # Reference: https://twitter.com/0xrb/status/1610519952829845504 http://74.119.195.225 http://88.119.161.199 http://88.119.169.153 http://88.119.169.154 http://88.119.171.143 http://88.119.175.111 # Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Raccoon_v2/C2_IPs_found_05_01_2023.txt http://103.214.4.110 http://103.219.154.161 http://135.181.157.133 http://138.124.183.122 http://141.98.169.173 http://141.98.169.180 http://146.19.173.72 http://146.19.207.20 http://146.70.106.171 http://146.70.106.93 http://146.70.131.213 http://146.70.86.238 http://152.89.247.174 http://152.89.247.216 http://159.69.180.81 http://160.20.147.173 http://160.20.147.205 http://160.20.147.64 http://162.19.206.3 http://168.100.9.166 http://185.163.45.250 http://185.163.45.254 http://185.225.19.29 http://185.225.70.145 http://185.229.65.197 http://185.242.86.140 http://185.242.86.141 http://185.242.86.142 http://185.242.86.143 http://185.25.50.200 http://185.25.50.4 http://185.25.51.38 http://185.5.250.167 http://188.119.112.179 http://193.149.180.124 http://194.37.97.188 http://194.4.49.73 http://206.166.251.126 http://213.252.245.203 http://213.252.246.220 http://213.252.247.41 http://213.252.247.48 http://23.134.168.143 http://23.134.168.173 http://37.220.87.29 http://37.220.87.35 http://37.220.87.36 http://37.220.87.47 http://37.220.87.7 http://45.130.43.77 http://45.138.74.231 http://45.140.147.138 http://45.144.29.18 http://45.15.156.79 http://45.15.159.197 http://45.153.230.216 http://45.66.230.38 http://45.67.228.180 http://45.8.144.61 http://45.8.144.73 http://45.84.0.219 http://45.84.0.222 http://45.84.0.239 http://45.84.121.40 http://45.84.121.46 http://45.89.54.61 http://46.3.199.79 http://49.12.211.76 http://5.181.159.66 http://5.181.159.86 http://5.182.36.75 http://5.182.37.217 http://5.252.118.36 http://5.252.177.22 http://5.252.23.27 http://5.255.97.178 http://5.75.186.33 http://51.195.166.179 http://64.52.80.224 http://65.109.131.183 http://65.20.114.202 http://74.119.195.134 http://77.73.133.111 http://77.73.133.112 http://77.73.133.118 http://77.73.133.119 http://77.73.133.127 http://77.73.133.20 http://77.73.133.81 http://77.91.122.57 http://78.153.130.102 http://79.137.198.122 http://79.137.207.148 http://80.92.204.30 http://84.246.85.137 http://84.246.85.61 http://84.32.191.242 http://85.192.63.204 http://85.192.63.21 http://85.239.63.228 http://87.120.37.253 http://87.236.146.172 http://88.119.169.183 http://88.119.169.188 http://88.210.11.158 http://89.185.85.109 http://89.208.103.77 http://89.208.106.154 http://89.23.103.4 http://91.213.50.19 http://94.131.98.154 http://94.131.98.156 http://94.131.98.157 http://94.131.98.176 http://94.131.98.90 http://94.131.98.91 http://94.131.98.93 http://94.131.98.98 http://95.216.251.188 # Reference: https://twitter.com/felixaime/status/1611268354722897920 # Reference: https://blog.sekoia.io/unveiling-of-a-large-resilient-infrastructure-distributing-information-stealers/ # Reference: https://github.com/SEKOIA-IO/Community/blob/main/IOCs/infra_seo_crack_stealers/infra_seo_crack_stealers_iocs_20230106.csv http://134.122.115.190 http://137.184.159.42 http://137.184.227.198 http://137.184.43.153 http://143.198.164.102 http://143.244.212.228 http://146.190.12.4 http://157.230.87.146 http://159.223.97.209 http://162.243.164.175 http://18.144.113.48 http://34.203.142.179 http://44.198.126.45 aboxwithfilez.xyz allactivationkey.com allcracker.com allcracker.comallsoftwarepro.com allsoftwarepro.com asperhost.xyz audioplugins.net bdomicfilez.xyz binaryfile.cfd bitloservx.click blakbooot.click bnr45iqly.cfd bokywodzfa.xyz bottlecap1.click brownrabr.click bubl-filez.xyz ceedohostzcomi.xyz chondimahiy.xyz cl0nytig.xyz comallsoftwarepro.com comcrackzsoft.com completecrack.com comprocracklink.com corokeralama.xyz corpyfoxiy.xyz crack-line.com crack-warez.com crack-win.com crackask.com crackcow.com crackedfilez.com cracker01.com crackexe.net crackeyfree.com crackfaqs.com crackglobal.com crackinges.com crackist.com cracklet.com crackmyapps.com crackmykeys.com crackname.com cracknkeys.com cracknpc.com crackny.com crackpcpro.com crackproduct.com crackre.com crackregister.com crackrepack.com cracks-full.com cracks11.com cracksbuddy.com crackservices.com cracksfree.net crackspromax.com cracksroom.com crackstores.com cracktera.com cracktera.comcrackzsoft.com crackwebs.com crackwindow.com crackzero.com crackzsoft.com crookhost.cfd crop18king.xyz ctmouzecla.click dailycracks.com dikshaappforpc.com ditlivhostz.xyz dll-crack.com dllcrackz.com easywindowsactivator.com entry4hide.cyou eros0hostz.xyz evosurver.click exitlocat.cyou fiiezofcloude.xyz find2sitrox.xyz fishsurver.click fitcrack.com fizzzhost.xyz forevercrack.com free-crack.com freefiles22.xyz freewindowsactivator.com full-crack.com full-cracked.com full-softwares.com fullcrackapp.com fullcrackfile.com fullkeypro.com fullportable.com giantcrack.com gooddata.xyz greenbottz.xyz hdstreamzforpcdl.com heifan2survr.xyz hersiz00d.xyz hft76yu.cfd hificellfon.click hitcrackspc.com hitpcgames.com hosngclowz.cyou hy3srver.xyz hyphnhostn.xyz icrackpro.com icracx.com iee2kolmoz.xyz iglo0host.click inshotforpc.com itforhost.xyz jytibarose.xyz keygen4u.com keygenguru.net kihygenvc.xyz kinbo112.xyz kinemasterforpcdl.com king-host.xyz kitefly.xyz kitlybitli44.xyz klimyteioz2b.xyz komikata.click koptikbaj4.xyz krimikomrew4.xyz license4softs.com lowfeedo1.xyz loyabonzy.xyz lvihostng.click macapps-download.com macdownloadpro.com macgamers.net macsoftwarepro.com massraphost.xyz masterforpc.com mattservrz.xyz mikavika.click minghost.cfd minicrack.com mo21srver.xyz mobilelegendsforpc.com mocrack.com moyakanj0.xyz myclotb0e.xyz myhasrnga.xyz myloster2v1.xyz mypklboy3.xyz mysite-servrz.xyz mytallphon.click naswarlobi.xyz neonhost.click newactivationkey.com newcracksoft.com newlicensekeys.com nikuserver.xyz nomanpc.com nysicforma.xyz odibolngup.click offsebike.cyou onecracks.com ooxyzhost.xyz opcracks.com opetafruith.xyz osr1file.xyz ovacrack.com pandacracks.com patchzip.com pccrackspro.com pcgamesguru.com pcsoftkit.com pepatoniyac.click ping-host.xyz pingatinga.click pinkbotts2.xyz pirtibox.click plugin-torrent.com pozitfiiezi.xyz premiumcrack.com primrvils.click procrackapp.com procrackapp.comprocracklink.com procracklink.com procracksfile.com procracksoftware.com purplbogi.click purplebot21.xyz qcellphone.click qoli-filez.xyz quy32-filez.xyz ridsosurver1.xyz rizonfoggy.xyz roizohozt19.xyz safehand.xyz setserverfile.xyz sharemeforpc.com sid4time.xyz sigmarole.cyou sigrat4hyp.xyz singlwirre.click sitka-pyrok.xyz sixcozrevoli.xyz slom0wise4.xyz slugmefilehos.xyz softkeygenpro.com softs32.com softskeygen.com softwarekeygen.com surbexdillx.xyz survrhostngs.xyz tekken3forpc.com thecrackfiles.com thecracksoftware.com thepccrack.com tocracks.com tolby-file.xyz toloserverz.click top3hostngc.xyz torrdroidforpc.com totalcracks.com trollhost.xyz trycracks.com unacademyforpc.com uploadpk.com urconsolest.click urcracks.net urhandups.xyz urstolupzo.xyz uscracks.com vig0boat.click vst-crack.com vst-torrent.net vysorforpc.com wecracks.com whitr0sez.xyz windowsactivatorpro.com windowscrack.com woldcup20.cyou wowcracks.com ww16.ping-host.xyz ww16.tolby-file.xyz ww25.qoli-filez.xyz ww38.tolby-file.xyz xo-xohost.xyz ycracks.com yell0wssroz.xyz yellokomput.xyz yourcracks.com # Reference: https://twitter.com/0xrb/status/1613768173375082497 http://135.181.202.232 http://146.19.233.206 http://146.70.125.93 http://146.70.145.201 http://152.89.247.59 http://170.75.173.215 http://185.106.94.254 http://185.218.3.131 http://185.223.93.181 http://185.242.87.199 http://185.242.87.203 http://193.149.187.95 http://194.104.136.49 http://194.104.136.68 http://20.115.112.33 http://213.252.247.68 http://45.15.156.208 http://46.3.199.85 http://77.73.134.67 http://77.91.122.78 http://77.91.78.44 http://78.47.114.228 http://88.119.169.205 http://89.23.96.13 http://91.107.147.251 http://91.90.192.72 http://94.131.100.203 http://94.131.100.41 http://94.131.98.82 http://94.131.98.89 http://95.217.219.204 # Reference: https://threatfox.abuse.ch/browse/malware/win.raccoon/ http://101.99.93.178 http://102.130.113.39 http://103.219.154.115 http://103.219.154.161 http://103.219.154.247 http://104.40.27.143 http://109.107.175.155 http://109.172.45.16 http://109.230.215.138 http://109.234.39.45 http://111.90.143.111 http://116.203.145.50 http://116.203.199.122 http://116.203.35.117 http://116.203.57.132 http://130.0.234.116 http://134.209.88.114 http://135.181.123.170 http://135.181.187.248 http://135.181.241.165 http://135.181.251.158 http://135.181.68.23 http://138.201.119.9 http://141.94.55.61 http://142.132.167.230 http://142.132.191.50 http://142.132.226.252 http://142.132.236.51 http://146.0.74.79 http://146.19.170.164 http://146.19.207.163 http://146.70.100.89 http://146.70.101.78 http://146.70.104.186 http://146.70.106.55 http://146.70.143.138 http://146.70.152.214 http://146.70.161.70 http://146.70.20.241 http://146.70.24.132 http://146.70.86.141 http://146.70.86.253 http://146.70.86.27 http://146.70.86.4 http://146.70.88.38 http://147.78.47.232 http://152.89.196.234 http://152.89.247.188 http://152.89.247.203 http://152.89.247.63 http://152.89.247.92 http://157.254.195.130 http://157.254.195.56 http://157.254.195.57 http://157.90.145.118 http://157.90.172.182 http://159.203.177.90 http://159.69.196.191 http://162.33.177.9 http://162.33.178.237 http://162.33.178.37 http://162.55.37.54 http://165.232.118.86 http://167.235.131.221 http://167.235.233.181 http://167.235.240.184 http://167.235.29.56 http://167.235.53.255 http://168.100.11.62 http://168.100.11.85 http://168.100.8.188 http://168.100.9.125 http://168.119.60.182 http://170.75.160.9 http://170.75.167.33 http://172.81.180.176 http://172.86.75.81 http://176.10.111.93 http://179.43.140.137 http://179.43.142.103 http://179.43.154.206 http://179.43.155.213 http://179.43.162.53 http://185.10.68.210 http://185.106.92.101 http://185.106.92.135 http://185.106.92.151 http://185.106.92.17 http://185.106.92.20 http://185.106.92.27 http://185.106.92.48 http://185.106.92.51 http://185.106.92.62 http://185.106.92.84 http://185.106.92.89 http://185.106.92.93 http://185.106.94.194 http://185.106.94.215 http://185.106.94.4 http://185.106.94.71 http://185.121.139.45 http://185.125.206.245 http://185.158.251.192 http://185.163.204.16 http://185.173.34.208 http://185.173.34.29 http://185.173.34.40 http://185.173.34.73 http://185.181.10.208 http://185.193.126.104 http://185.203.117.113 http://185.206.215.35 http://185.225.115.112 http://185.225.73.102 http://185.225.73.151 http://185.246.220.203 http://185.25.51.5 http://185.25.51.6 http://185.253.96.110 http://185.253.96.116 http://185.62.58.61 http://185.73.202.78 http://188.116.34.196 http://188.119.113.237 http://188.121.97.140 http://188.34.188.246 http://188.34.194.236 http://188.34.199.86 http://190.14.37.156 http://192.153.57.193 http://192.153.57.230 http://192.236.154.227 http://193.149.129.12 http://193.149.176.45 http://193.149.185.13 http://193.149.185.159 http://193.149.187.230 http://193.149.187.53 http://193.149.189.174 http://193.149.189.212 http://193.149.189.239 http://193.176.29.199 http://193.233.20.128 http://193.233.20.134 http://193.233.20.137 http://193.233.20.138 http://193.233.20.140 http://193.233.20.142 http://193.233.20.143 http://193.233.20.195 http://193.233.20.238 http://193.233.232.250 http://193.233.232.5 http://193.233.233.32 http://193.38.54.38 http://193.38.55.131 http://194.104.136.194 http://194.104.136.55 http://194.15.216.219 http://194.15.216.226 http://194.163.177.109 http://194.4.51.202 http://194.4.51.203 http://194.5.177.193 http://194.87.199.101 http://194.87.199.196 http://194.87.216.106 http://194.87.219.115 http://194.87.31.171 http://194.87.62.51 http://195.123.217.217 http://195.123.217.247 http://195.123.241.57 http://195.133.40.111 http://195.133.40.221 http://195.20.17.190 http://195.201.124.92 http://195.211.96.217 http://195.54.174.35 http://195.85.250.67 http://20.166.60.250 http://206.166.251.126 http://206.166.251.136 http://206.166.251.230 http://206.188.196.18 http://206.188.197.110 http://206.189.179.153 http://208.85.19.93 http://212.113.106.116 http://212.113.106.17 http://212.113.106.211 http://212.113.106.216 http://212.113.106.218 http://212.113.116.1 http://212.113.116.46 http://212.113.116.47 http://212.113.119.101 http://212.113.119.153 http://212.113.119.25 http://212.113.119.35 http://212.113.119.48 http://212.113.119.69 http://212.113.119.73 http://212.113.119.8 http://212.118.36.51 http://212.118.41.216 http://212.86.102.98 http://212.86.109.24 http://213.252.244.5 http://213.252.246.235 http://217.114.43.217 http://217.138.215.68 http://217.138.215.83 http://217.196.96.11 http://217.196.96.19 http://23.134.168.112 http://23.19.58.152 http://37.1.208.22 http://37.1.212.243 http://37.120.238.179 http://37.220.87.17 http://37.220.87.18 http://37.220.87.22 http://37.220.87.25 http://37.220.87.26 http://37.220.87.48 http://37.220.87.49 http://37.220.87.63 http://37.220.87.66 http://37.220.87.67 http://37.220.87.68 http://37.220.87.69 http://37.220.87.86 http://37.49.230.54 http://43.130.118.228 http://45.132.1.159 http://45.137.65.37 http://45.138.74.192 http://45.140.146.217 http://45.142.215.180 http://45.143.223.133 http://45.147.228.200 http://45.147.229.105 http://45.147.229.205 http://45.15.156.143 http://45.15.156.144 http://45.15.156.145 http://45.15.156.164 http://45.15.156.226 http://45.15.156.227 http://45.15.156.239 http://45.15.156.251 http://45.15.156.50 http://45.15.156.62 http://45.15.156.75 http://45.15.156.87 http://45.15.156.96 http://45.15.157.7 http://45.15.159.199 http://45.15.159.249 http://45.153.230.189 http://45.153.241.202 http://45.153.243.78 http://45.61.136.194 http://45.61.138.12 http://45.61.138.130 http://45.61.139.2 http://45.67.35.52 http://45.8.146.72 http://45.82.13.17 http://45.82.71.192 http://45.82.73.28 http://45.82.73.60 http://45.84.121.41 http://45.9.74.119 http://45.9.74.133 http://45.9.74.140 http://45.9.74.151 http://45.9.74.152 http://45.9.74.160 http://45.9.74.165 http://45.9.74.166 http://45.9.74.170 http://45.9.74.171 http://45.9.74.172 http://45.9.74.173 http://45.9.74.174 http://45.9.74.175 http://45.9.74.176 http://45.9.74.21 http://45.9.74.22 http://45.9.74.34 http://45.9.74.35 http://45.9.74.36 http://45.9.74.50 http://45.9.74.54 http://45.9.74.56 http://45.9.74.6 http://45.9.74.60 http://45.9.74.68 http://45.9.74.69 http://45.9.74.70 http://45.9.74.71 http://45.9.74.81 http://45.9.74.82 http://45.9.74.90 http://45.9.74.97 http://45.9.74.99 http://45.90.59.19 http://45.91.203.172 http://46.151.24.154 http://46.151.27.83 http://46.151.31.129 http://46.151.31.216 http://46.18.107.197 http://49.12.197.60 http://49.12.203.54 http://49.12.210.141 http://49.12.210.249 http://5.252.118.139 http://5.252.118.232 http://5.252.177.22 http://5.252.177.50 http://5.252.177.71 http://5.252.178.139 http://5.252.178.5 http://5.254.118.211 http://5.254.118.254 http://5.255.100.41 http://5.255.111.137 http://5.39.117.99 http://5.75.129.114 http://5.75.138.1 http://5.75.159.229 http://5.75.182.199 http://5.75.186.50 http://5.75.225.209 http://5.75.242.235 http://5.75.243.212 http://5.75.251.66 http://5.78.75.80 http://51.178.186.12 http://51.81.143.171 http://51.81.160.184 http://51.81.160.185 http://51.81.254.18 http://51.89.124.197 http://54.38.218.228 http://62.204.41.115 http://62.204.41.124 http://62.204.41.125 http://62.204.41.134 http://62.204.41.250 http://62.204.41.7 http://64.190.113.112 http://64.190.113.31 http://64.44.139.110 http://65.108.156.39 http://65.108.241.85 http://65.109.131.223 http://65.109.139.29 http://65.109.169.111 http://65.109.2.154 http://65.109.205.198 http://77.105.146.86 http://77.246.96.7 http://77.73.131.33 http://77.73.133.79 http://77.73.133.90 http://77.73.134.0 http://77.73.134.11 http://77.73.134.25 http://77.73.134.43 http://77.73.134.49 http://77.73.134.81 http://77.73.134.82 http://77.91.123.116 http://77.91.123.135 http://77.91.123.139 http://77.91.124.79 http://77.91.68.33 http://77.91.78.44 http://77.91.78.46 http://77.91.78.50 http://77.91.78.69 http://77.91.84.20 http://77.91.84.46 http://77.91.84.68 http://77.91.85.172 http://77.91.86.187 http://77.91.86.231 http://77.91.87.126 http://78.153.130.123 http://78.153.130.127 http://78.153.130.132 http://78.153.130.148 http://78.153.130.157 http://78.153.130.226 http://78.153.130.242 http://78.153.130.247 http://78.153.130.54 http://78.153.130.86 http://78.47.92.58 http://79.132.137.39 http://79.137.194.178 http://79.137.195.240 http://79.137.196.41 http://79.137.197.160 http://79.137.198.18 http://79.137.199.211 http://79.137.199.215 http://79.137.199.216 http://79.137.202.139 http://79.137.202.245 http://79.137.203.199 http://79.137.203.5 http://79.137.205.138 http://79.137.206.143 http://79.137.206.151 http://79.137.206.189 http://79.137.206.195 http://79.137.206.22 http://79.137.206.76 http://79.137.207.152 http://79.137.207.160 http://79.137.207.168 http://79.137.207.4 http://79.137.207.53 http://79.137.207.59 http://79.137.248.123 http://79.137.248.197 http://79.137.248.245 http://79.137.248.73 http://80.66.89.194 http://80.71.157.79 http://80.78.25.110 http://80.85.139.150 http://80.85.139.245 http://80.85.241.20 http://80.85.241.83 http://80.89.228.162 http://80.92.206.186 http://81.19.140.95 http://81.19.141.119 http://81.19.141.163 http://81.19.141.6 http://82.115.223.13 http://82.115.223.208 http://82.115.223.215 http://83.217.11.10 http://83.217.11.11 http://83.217.11.12 http://83.217.11.13 http://83.217.11.14 http://83.217.11.16 http://83.217.11.17 http://83.217.11.18 http://83.217.11.19 http://83.217.11.20 http://83.217.11.22 http://83.217.11.23 http://83.217.11.25 http://83.217.11.26 http://83.217.11.27 http://83.217.11.28 http://83.217.11.31 http://83.217.11.32 http://83.217.11.33 http://83.217.11.34 http://83.217.11.35 http://83.217.11.36 http://83.217.11.4 http://83.217.11.6 http://83.217.11.9 http://84.247.51.113 http://84.247.51.117 http://84.32.190.128 http://85.192.40.253 http://85.192.63.154 http://85.192.63.161 http://85.192.63.185 http://85.192.63.243 http://85.192.63.51 http://85.206.172.171 http://85.206.172.172 http://85.208.107.18 http://85.208.107.89 http://85.217.144.18 http://85.239.41.190 http://86.105.18.13 http://87.120.254.239 http://87.251.77.45 http://88.119.161.37 http://88.119.170.121 http://88.119.174.133 http://88.119.174.136 http://88.119.175.213 http://88.119.175.232 http://88.198.125.205 http://89.107.10.138 http://89.107.10.20 http://89.185.84.86 http://89.185.85.186 http://89.185.85.248 http://89.23.107.5 http://89.23.97.130 http://89.238.170.254 http://89.238.185.17 http://89.44.9.71 http://91.107.180.190 http://91.107.192.138 http://91.107.250.226 http://91.201.113.12 http://91.201.115.148 http://91.207.173.122 http://91.213.50.104 http://91.215.85.146 http://91.219.236.123 http://91.234.254.143 http://91.234.254.208 http://91.234.254.228 http://91.235.234.210 http://91.235.234.230 http://91.235.234.235 http://91.240.84.153 http://92.204.160.102 http://94.131.107.176 http://94.131.11.222 http://94.131.115.5 http://94.131.98.88 http://94.142.138.10 http://94.142.138.102 http://94.142.138.109 http://94.142.138.122 http://94.142.138.123 http://94.142.138.124 http://94.142.138.133 http://94.142.138.135 http://94.142.138.136 http://94.142.138.140 http://94.142.138.155 http://94.142.138.158 http://94.142.138.159 http://94.142.138.160 http://94.142.138.162 http://94.142.138.166 http://94.142.138.168 http://94.142.138.169 http://94.142.138.174 http://94.142.138.175 http://94.142.138.177 http://94.142.138.181 http://94.142.138.19 http://94.142.138.191 http://94.142.138.194 http://94.142.138.195 http://94.142.138.196 http://94.142.138.200 http://94.142.138.208 http://94.142.138.210 http://94.142.138.211 http://94.142.138.213 http://94.142.138.214 http://94.142.138.216 http://94.142.138.221 http://94.142.138.239 http://94.142.138.241 http://94.142.138.246 http://94.142.138.3 http://94.142.138.37 http://94.142.138.40 http://94.142.138.43 http://94.142.138.53 http://94.142.138.54 http://94.142.138.74 http://94.142.138.79 http://94.142.138.85 http://94.142.138.86 http://94.142.138.89 http://94.142.138.9 http://94.142.138.90 http://94.142.138.99 http://94.158.244.36 http://95.179.182.231 http://95.216.153.86 http://95.217.10.109 http://95.217.181.255 http://95.217.191.113 http://95.217.65.66 # Reference: https://twitter.com/80vul/status/1614958062116442113 http://46.18.107.196 # Reference: https://twitter.com/0xrb/status/1615216442508709890 http://116.203.30.135 http://146.70.78.51 http://146.70.86.11 http://170.75.173.138 http://185.51.121.139 http://188.241.83.55 http://45.15.156.215 http://45.15.156.225 http://5.182.36.239 http://5.78.53.188 http://74.119.195.189 http://77.91.102.27 http://77.91.78.69 http://80.92.205.49 http://83.217.11.11 http://83.217.11.13 http://88.119.175.220 http://88.119.175.57 http://92.205.165.188 http://94.131.104.225 respekt5568.com # Reference: https://www.virustotal.com/gui/file/781befeda1c4a69d7d38355db70c44e8a0c4c620a4ec74d6ac78239a27fba929/detection http://212.118.36.165 # Reference: https://www.virustotal.com/gui/file/77a369b0a94cda4f71f3a68d9a5d740d805e5e4bf793d3ee1389d6d78767155b/detection http://160.119.253.150 http://160.119.253.242 # Reference: https://www.virustotal.com/gui/file/4da00e7d529be457c914b085d66f012c070bf6e3f85675303aa41a7689c08c75/detection http://160.119.253.36 # Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Raccoon_v2/C2_IPs_found_27_01_2023.txt http://103.219.154.247 http://146.70.101.124 http://146.70.78.17 http://185.253.96.114 http://212.113.106.196 http://212.113.106.199 http://37.220.87.26 http://45.15.156.209 http://45.15.156.214 http://45.15.156.222 http://5.252.178.210 http://77.73.134.71 http://77.91.124.60 http://79.137.202.30 http://79.137.207.173 http://83.217.11.12 http://83.217.11.14 http://85.192.63.85 http://91.234.254.216 # Reference: https://www.virustotal.com/gui/file/2475b6b24c1117002dfdb64795080ea401a25a2a23e08f3e9f809dfaa01a05c1/detection http://94.142.138.3 # Reference: https://twitter.com/idclickthat/status/1620226482605010947 # Reference: https://www.virustotal.com/gui/ip-address/149.202.134.115/relations # Reference: https://www.virustotal.com/gui/ip-address/37.220.87.51/relations cheapsoftware.pro cryptobotcheck.xyz easy-ware.online evilsoft.pro evilsoftware.biz evilsoftware.pw evilsoftware.run evilsoftware.space evilsoftware.vip evilsoftware.website evilsoftware.xyz goldgames.vip goldsoftware.net goldsoftware.vip goldsware.app lead-soft.app lead-soft.pro lead-soft.top leadsoft.app leadsoft.vip mesoftwares.org mesoftwares.vip rippleqr.org soft-easy.vip trustcrypto.pro vipsoftware.vip # Reference: https://twitter.com/1ZRR4H/status/1623067548781539339 http://79.137.206.31 http://79.137.248.136 http://85.192.40.253 best-exp.org exp-pc.com soft-pro.site # Reference: https://twitter.com/gorimpthon/status/1623185188003155971 # Reference: https://www.virustotal.com/gui/ip-address/185.106.94.179/relations # Reference: https://tria.ge/230208-fc6n6ahc37/behavioral2 http://135.181.68.23 aida-64.com aida64extreme.com gimp-gnu.com gimp-info.com tor-company.com tor-vpn.com torbrowser.ink # Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Raccoon_v2/C2_IPs_found_06_02_2023.txt http://102.130.113.39 http://146.70.86.141 http://152.89.247.188 http://157.254.195.145 http://167.235.233.181 http://185.253.96.116 http://190.14.37.156 http://193.149.189.239 http://193.37.213.23 http://195.123.217.247 http://206.166.251.19 http://206.188.197.254 http://206.189.179.153 http://37.220.87.44 http://45.15.156.50 http://45.9.74.50 http://45.9.74.54 http://5.252.118.232 http://5.254.118.254 http://51.195.166.206 http://69.46.15.158 http://78.153.130.132 http://79.137.199.216 http://79.137.205.138 http://79.137.206.195 http://79.137.207.150 http://80.78.25.110 http://80.89.228.162 http://83.217.11.26 http://83.217.11.27 http://83.217.11.28 http://83.217.11.4 http://89.238.170.246 http://94.131.3.70 http://94.142.138.10 http://94.142.138.19 http://94.142.138.8 http://94.142.138.9 # Reference: https://twitter.com/TrackerC2Bot/status/1601297464379772935 http://157.90.132.182 http://160.20.147.114 http://168.100.8.160 http://172.86.75.144 http://5.182.36.233 http://77.91.103.191 http://88.119.169.53 http://88.119.169.56 http://94.131.104.15 # Reference: https://www.virustotal.com/gui/file/cf3e3f8d7e7a3ddedd579621c0be7286127384b43ccd2b8b6ea40314464f8854/detection http://160.20.147.172 # Reference: https://www.virustotal.com/gui/file/302b64e57a29e92a0436ab3b99770b9052498bda505c44f3cf6af36912fa9cd3/detection http://11.23.33.44 http://188.119.67.41 http://35.205.61.67 # Reference: https://www.virustotal.com/gui/file/ce7555b93204f3e724eafb8eb5a84418c3a446f57f47cc7a5e70e9e38cc68490/detection http://212.114.52.79 # Reference: https://www.virustotal.com/gui/file/04e95db9663cac79ec012fe52be0a8c25fad8ba3644acb0c179123da2504621e/detection http://146.19.170.157 # Reference: https://www.virustotal.com/gui/file/156c09e3cb827da350c1f3cb35f2ffe046d6a9e9089a1623cbf2ab07dfd2e46e/detection http://185.234.247.225 # Reference: https://twitter.com/TrackerC2Bot/status/1615152836274176003 http://146.19.170.153 http://185.53.46.76 # Reference: https://www.virustotal.com/gui/file/32cf0e4532d6617a76a22f45edfe5d10ecbaf10040cedffdb2cea5126b6ff053/detection http://45.153.230.19 # Reference: https://twitter.com/0xrb/status/1625412924511756288 http://109.172.45.16 http://109.230.215.138 http://135.181.241.165 http://138.201.119.9 http://142.132.191.50 http://142.132.236.51 http://146.70.161.70 http://146.70.20.241 http://146.70.86.27 http://152.89.247.92 http://170.75.167.33 http://179.43.140.137 http://179.43.142.103 http://179.43.154.206 http://185.106.94.4 http://185.121.139.45 http://185.225.73.151 http://192.153.57.193 http://192.236.154.227 http://193.233.20.140 http://193.233.20.238 http://195.211.96.217 http://206.166.251.230 http://208.85.19.93 http://212.113.116.46 http://212.113.116.47 http://212.86.102.98 http://23.19.58.152 http://37.220.87.66 http://45.138.74.192 http://45.84.121.41 http://45.9.74.119 http://45.91.203.172 http://49.12.210.249 http://5.252.177.71 http://5.254.118.211 http://5.78.75.80 http://62.204.41.115 http://62.204.41.124 http://62.204.41.125 http://62.204.41.134 http://62.204.41.250 http://65.109.139.29 http://65.109.169.111 http://65.109.2.154 http://77.73.134.0 http://77.91.68.33 http://77.91.78.50 http://78.153.130.226 http://78.47.92.58 http://79.137.197.160 http://79.137.203.199 http://79.137.206.143 http://79.137.206.189 http://79.137.207.53 http://79.137.248.73 http://80.66.89.194 http://80.85.139.150 http://80.85.241.20 http://80.85.241.83 http://82.115.223.215 http://83.217.11.31 http://83.217.11.32 http://83.217.11.33 http://83.217.11.34 http://83.217.11.35 http://83.217.11.36 http://89.185.85.248 http://89.238.170.254 http://94.142.138.37 http://94.142.138.43 http://94.142.138.53 http://94.142.138.54 # Reference: https://www.virustotal.com/gui/file/88aa85f63ddbcfa1204202633336d60f9ac6e37510794be230bcfc64a50f243f/detection http://185.180.199.215 # Reference: https://www.virustotal.com/gui/file/0ac45933bdfea3743c555dff9764ea2c0b9abf8d4841fde19011129918f15d30/detection http://79.137.197.190 # Reference: https://twitter.com/TrackerC2Bot/status/1619039699670122535 http://77.75.230.253 http://93.185.166.8 # Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Raccoon_v2/raccoonv2_found_16-02-2023_02-26-48.txt http://103.155.93.161 http://179.43.142.18 http://185.173.34.147 http://193.149.189.202 http://37.220.87.22 http://37.220.87.67 http://37.220.87.68 http://37.220.87.69 http://45.15.159.27 http://45.9.74.133 http://45.9.74.140 http://79.137.248.47 http://89.238.185.30 http://94.142.138.74 http://94.142.138.79 # Reference: https://twitter.com/idclickthat/status/1628828027294564352 # Reference: https://tria.ge/230223-w42ghsag3y/behavioral2 # Reference: https://www.virustotal.com/gui/file/c9eabbca8b54f8e4d794702f3e270150c9e0e765b0724e69c5ead0c091bce4ef/detection canva-download.com dnsbkss.club # Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Raccoon_v2/txt/raccoonv2_found_02-03-2023_21-26-27.txt http://168.100.8.14 http://179.43.162.53 http://185.203.117.113 http://185.242.86.32 http://193.233.20.137 http://193.233.20.195 http://194.87.31.171 http://212.113.116.223 http://212.113.119.146 http://212.113.119.147 http://212.113.119.148 http://45.143.223.133 http://45.61.137.162 http://49.12.210.141 http://5.75.129.114 http://5.75.182.199 http://5.75.242.235 http://64.44.139.110 http://77.73.134.11 http://77.73.134.25 http://77.73.134.43 http://77.73.134.49 http://77.91.123.116 http://77.91.78.46 http://77.91.84.20 http://77.91.84.68 http://78.153.130.148 http://83.217.11.6 http://91.107.192.138 http://91.234.254.208 http://95.217.10.109 http://95.217.65.66 # Reference: https://www.virustotal.com/gui/file/7cca46a03c94db1f18f725ff41cbb371771b904e8341aa0dd9f04e5f8da36e7b/detection http://142.93.132.67 http://79.137.203.5 /W0Y7W5I6N4S7M/ # Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Raccoon_v2/txt/raccoonv2_found_11-03-2023_05-47-43.txt http://185.106.94.194 http://185.106.94.215 http://78.153.130.157 http://94.142.138.118 http://94.142.138.122 http://94.142.138.123 http://94.142.138.124 http://94.142.138.140 http://94.142.138.160 http://94.142.138.99 # Reference: https://twitter.com/crep1x/status/1635034103597924352 http://146.70.106.55 http://79.137.202.245 http://91.201.113.12 # Reference: https://twitter.com/IronNetTR/status/1635662648262967297 http://179.43.175.10 http://37.28.157.52 # Reference: https://twitter.com/crep1x/status/1636352245913583619 # Reference: https://tria.ge/230316-pnwg1ada5y/behavioral2 http://34.159.167.20 /kundalini # Reference: https://www.virustotal.com/gui/file/015151bd2d2bfb88389899bfac44b0e17a28db00abc8e1463058d84de40b1925/detection http://193.233.20.145 # Reference: https://raw.githubusercontent.com/Gi7w0rm/MalwareConfigLists/main/Raccoon_v2/txt/raccoonv2_found_16-03-2023_23-36-50.txt http://212.113.119.8 http://45.15.159.199 http://45.15.159.249 http://45.9.74.69 http://45.9.74.71 http://45.9.74.81 http://45.9.74.82 http://85.192.63.185 http://94.142.138.195 http://94.142.138.200 http://94.142.138.210 http://94.142.138.211 # Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Raccoon_v2/txt/raccoonv2_found_23-03-2023_23-15-33.txt http://193.233.20.138 http://195.133.40.111 http://212.113.106.211 http://212.113.119.35 http://212.113.119.69 http://212.113.119.73 http://37.220.87.63 http://45.9.74.70 http://45.9.74.90 http://77.91.124.37 http://78.153.130.123 http://79.137.207.168 http://79.137.248.197 http://79.137.248.245 http://94.142.138.196 http://94.142.138.208 http://94.142.138.216 http://94.142.138.221 http://94.142.138.224 http://94.142.138.226 http://94.142.138.227 http://94.142.138.234 http://94.142.138.235 # Reference: https://www.virustotal.com/gui/file/13a0b3e462a014b605489df82b082618b64d7292140bbfdbb7b58e683cb80b3b/detection http://194.37.80.70 # Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Raccoon_v2/txt/raccoonv2_found_01-04-2023_07-31-16.txt http://135.181.187.248 http://193.149.176.45 http://45.15.156.143 http://45.15.156.144 http://45.15.156.145 http://5.75.159.229 http://51.89.124.197 http://78.153.130.242 http://79.137.207.160 http://82.115.223.208 http://83.217.11.25 http://91.201.115.148 http://94.142.138.239 http://94.142.138.24 http://94.142.138.241 http://94.142.138.252 http://94.142.138.253 # Reference: https://twitter.com/crep1x/status/1645535585115820033 http://45.15.156.233 # Reference: https://twitter.com/TLP_R3D/status/1646246721293520898 raccoon.biz stealer.app # Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Raccoon_v2/txt/raccoonv2_found_14-04-2023_01-13-25.txt http://146.70.86.33 http://172.86.75.242 http://172.86.75.59 http://192.153.57.170 http://193.149.189.93 http://45.15.156.159 http://45.15.156.177 http://45.15.156.178 http://45.15.156.192 http://45.15.156.198 http://45.15.156.201 http://45.15.156.238 http://45.15.159.95 http://79.137.206.158 http://83.217.11.38 http://85.192.63.83 http://91.215.85.225 http://91.215.85.226 http://94.142.138.103 # Reference: https://twitter.com/sicehice/status/1647645248288444418 195.201.40.91:8000 # Reference: https://twitter.com/James_inthe_box/status/1648072479980797954 (# Alias: LeftHook stealer) # Reference: https://app.any.run/tasks/40ff202b-33e9-4b9d-bf32-057dc39d06fa/ /gate/http_handler.php # Reference: https://twitter.com/g0njxa/status/1650903083486945280 # Reference: https://app.any.run/tasks/7c55087f-0438-4c47-90e5-174fca4bd357/ http://179.43.140.168 # Reference: https://twitter.com/g0njxa/status/1649481794465439755 kleencrack.us official-expert.com progtechguru.com # Reference: https://www.virustotal.com/gui/file/fc0fc538a848333faba37ff1d79388cdb890e9a236788d2fdd611f9f51bcc308/detection # Reference: https://www.virustotal.com/gui/file/8138cd34863ca9c42f1405c183a1834a2504fab03240a2bf73ee75033a3c2e3d/detection http://107.6.181.194 http://151.106.16.146 http://185.183.34.10 http://65.60.62.74 http://93.115.29.120 http://93.115.29.122 http://93.115.29.139 # Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Raccoon_v2/txt/raccoonv2_found_27-04-2023_22-20-19.txt http://45.138.74.99 http://79.137.197.14 http://94.142.138.141 http://94.142.138.143 # Reference: https://twitter.com/sicehice/status/1656030131431849990 188.34.196.33:8000 # Reference: https://twitter.com/g0njxa/status/1656021107810476089 http://94.142.138.107 crack-programs.site game.crack-programs.site # Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Raccoon_v2/txt/raccoonv2_found_11-05-2023_20-51-14.txt http://212.113.106.210 http://212.113.106.9 http://212.113.116.206 http://212.113.119.120 http://37.220.87.71 http://37.220.87.76 http://37.220.87.79 http://37.220.87.88 http://37.220.87.89 http://37.220.87.91 http://37.220.87.93 http://45.138.74.236 http://5.252.118.228 http://77.73.134.39 http://77.73.134.41 http://77.73.134.55 http://77.73.134.74 http://77.73.134.75 http://79.137.202.81 http://94.142.138.108 http://94.142.138.125 http://94.142.138.126 http://94.142.138.130 http://94.142.138.31 # Reference: https://github.com/Gi7w0rm/MalwareConfigLists/commit/d3aa3f28f72d68944d1331a0d3d044d043d664fc http://159.223.7.35 http://37.220.87.61 /S3J9X4E1U3X5U3/ # Reference: https://www.virustotal.com/gui/file/3710a9f6644af9e8a16d718257e5e2670c53d1042ddd3a97d38cd02320a73bf6/detection http://79.137.203.217 # Reference: https://twitter.com/nahamike01/status/1664595922360344578 # Reference: https://www.virustotal.com/gui/file/c01bcd2fee216131267cbaf603d48dfaf7647bba122674042739a10676a8e44c/detection 91.107.229.39:8999 # Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Raccoon_v2/additional_payloads/additional_payloads_16_06_2023.txt http://167.99.47.96 http://185.234.247.16 http://5.252.177.217 # Reference: https://threatfox.abuse.ch/browse/malware/win.raccoon/ (25 Jun 2023) http://107.148.52.29 http://121.127.33.24 http://128.140.90.181 http://135.181.195.222 http://138.201.159.88 http://146.19.233.209 http://146.70.20.198 http://146.70.86.20 http://146.70.86.53 http://149.255.35.140 http://159.69.123.169 http://162.33.178.181 http://167.71.2.47 http://168.100.8.241 http://176.124.199.103 http://185.174.137.120 http://185.46.46.38 http://193.149.180.192 http://194.116.172.152 http://212.118.43.80 http://217.138.215.104 http://217.138.215.87 http://217.196.96.237 http://37.120.237.242 http://37.27.3.21 http://45.137.64.170 http://45.144.28.189 http://45.67.35.241 http://46.175.150.167 http://5.252.177.36 http://5.255.127.159 http://5.42.64.10 http://5.42.64.11 http://5.42.64.12 http://5.42.64.13 http://5.42.64.17 http://5.42.64.6 http://5.42.64.7 http://5.42.64.8 http://5.42.64.9 http://5.42.65.12 http://5.42.65.14 http://5.42.65.15 http://5.42.65.16 http://5.42.65.17 http://5.42.65.18 http://5.42.65.62 http://5.42.65.69 http://5.42.66.1 http://5.42.66.6 http://5.42.66.8 http://5.42.94.204 http://5.78.85.103 http://51.161.130.122 http://65.108.80.36 http://65.109.162.179 http://74.119.193.27 http://77.105.140.199 http://77.91.73.11 http://78.46.187.251 http://78.46.248.198 http://79.137.207.36 http://80.85.241.133 http://85.209.134.122 http://88.119.168.254 http://88.119.171.66 http://89.23.101.21 http://89.23.107.207 http://91.103.252.3 http://91.107.235.35 http://91.107.239.231 http://92.204.160.84 http://94.130.226.235 http://94.131.106.224 http://94.228.168.16 http://94.228.169.84 http://95.164.17.219 http://95.164.47.109 http://95.216.218.191 138.201.88.153:8998 45.144.28.209:32200 5.78.74.115:8999 65.108.80.36:8089 # Reference: https://twitter.com/crep1x/status/1677268296398262279 65.109.11.253:3000 # Reference: https://www.virustotal.com/gui/file/017fdd70f40fb3a7782a2eca17cb5f08aa0589dbb5fbc4db54bb2a0e22eab566/detection http://179.43.170.241 # Reference: https://twitter.com/NexusFuzzy/status/1680929379910598657 # Reference: https://www.virustotal.com/gui/file/263b81e8cae2f8fe211900c7e7e926829e1d34014458bfb5c092a90bd5c0cfc0/detection 94.142.138.147:77 # Reference: https://threatfox.abuse.ch/browse/malware/win.raccoon/ (# 2023-07-23) http://154.49.137.149 http://185.157.120.15 http://193.142.147.59 http://217.196.96.243 http://217.79.243.147 http://45.61.138.138 http://49.13.18.115 http://79.137.248.173 http://89.208.106.110 http://89.23.107.239 http://91.242.229.237 http://94.142.138.156 http://94.142.138.49 5.78.111.161:8088 5.78.98.26:8088 # Reference: https://threatfox.abuse.ch/browse/malware/win.recordbreaker/ (# 2023-07-23) http://102.130.115.199 http://102.130.119.173 http://107.152.42.243 http://109.172.45.80 http://111.90.147.133 http://134.209.196.186 http://135.181.123.25 http://135.181.147.255 http://135.181.7.173 http://146.19.170.100 http://146.19.170.52 http://146.19.247.96 http://146.19.253.125 http://146.70.86.45 http://149.154.67.234 http://157.254.195.187 http://162.33.179.159 http://168.100.11.23 http://170.75.168.118 http://172.86.121.100 http://176.124.218.249 http://176.126.103.55 http://178.23.190.30 http://185.106.92.38 http://185.106.92.43 http://185.198.167.165 http://185.231.205.221 http://185.234.247.68 http://185.247.184.58 http://185.25.51.122 http://185.53.46.103 http://185.53.46.137 http://185.53.46.77 http://185.77.96.237 http://188.119.112.157 http://188.119.112.206 http://188.119.112.93 http://193.109.120.2 http://193.149.185.227 http://193.178.210.56 http://193.38.54.165 http://193.43.146.190 http://193.43.146.192 http://193.43.146.213 http://193.43.147.135 http://194.104.136.102 http://194.180.191.81 http://194.87.216.22 http://2.56.10.122 http://206.166.251.138 http://206.166.251.156 http://212.114.52.165 http://213.170.133.151 http://213.170.133.190 http://213.226.100.108 http://213.252.244.167 http://213.252.245.59 http://213.252.245.64 http://213.252.246.241 http://213.252.246.27 http://213.252.247.152 http://213.252.247.214 http://31.41.244.139 http://37.27.3.211 http://37.49.230.139 http://45.133.216.198 http://45.133.216.71 http://45.142.212.215 http://45.142.212.223 http://45.142.212.228 http://45.142.215.197 http://45.142.215.91 http://45.144.31.31 http://45.147.231.42 http://45.153.241.104 http://45.153.243.16 http://45.159.251.144 http://45.67.231.11 http://45.8.144.152 http://45.8.144.227 http://45.84.240.72 http://45.87.154.214 http://45.89.54.25 http://45.89.55.114 http://45.89.55.117 http://45.89.55.20 http://45.89.55.21 http://45.9.74.90/ http://45.92.156.150 http://49.12.190.19 http://5.181.159.185 http://5.182.36.230 http://5.182.36.232 http://5.182.39.34 http://5.182.39.73 http://5.182.39.74 http://5.182.39.75 http://5.182.39.77 http://5.252.118.129 http://5.252.177.234 http://5.252.21.191 http://5.252.22.119 http://5.252.22.43 http://5.252.23.100 http://5.252.23.142 http://5.252.23.18 http://5.253.84.117 http://5.42.199.17 http://51.195.166.172 http://51.195.166.194 http://51.255.211.208 http://51.81.143.170 http://62.204.41.26 http://64.227.42.50 http://64.44.135.91 http://65.108.151.131 http://65.108.248.168 http://65.21.119.54 http://74.119.192.56 http://74.119.192.73 http://74.119.192.84 http://74.119.195.178 http://74.119.195.207 http://77.105.147.86 http://77.73.133.39 http://77.73.133.63 http://77.73.134.20 http://77.73.134.21 http://77.75.230.152 http://77.75.230.206 http://77.75.230.46 http://77.75.230.84 http://77.91.102.230 http://77.91.102.57 http://77.91.102.72 http://77.91.73.154 http://77.91.73.51 http://77.91.73.52 http://78.153.130.92 http://79.137.196.203 http://79.137.202.218 http://79.137.202.92 http://79.137.205.22 http://79.137.207.19 http://79.137.207.76 http://80.71.157.112 http://80.85.241.185 http://80.92.206.123 http://81.19.141.41 http://82.115.223.57 http://82.115.223.7 http://84.246.85.60 http://85.192.63.125 http://85.192.63.246 http://85.192.63.59 http://87.251.77.141 http://88.119.161.156 http://88.119.161.83 http://88.119.169.13 http://88.119.169.85 http://88.119.170.188 http://88.119.171.209 http://88.119.174.162 http://89.185.85.149 http://89.185.85.155 http://89.185.85.161 http://89.185.85.57 http://89.208.106.148 http://89.208.107.176 http://89.22.238.240 http://89.38.131.72 http://91.103.252.156 http://91.209.226.43 http://91.242.229.142 http://94.131.101.170 http://94.131.104.14 http://94.131.104.16 http://94.131.104.19 http://94.131.106.27 http://94.131.107.229 http://94.131.107.76 http://94.131.96.109 http://94.131.97.52 http://94.131.97.54 http://94.131.97.57 http://94.131.98.21 http://94.131.98.5 http://94.131.98.71 http://94.142.138.193 http://94.142.138.247 http://94.142.138.33 http://94.142.138.35 http://94.142.138.57 http://94.158.244.114 http://94.158.244.91 http://94.237.46.83 http://95.164.86.208 http://95.216.109.16 http://95.216.51.75 http://95.217.124.179 138.201.159.88:8089 5.161.202.109:8988 5.78.65.112:8988 5.78.78.150:8088 91.215.85.210:23015 95.217.163.56:8089 trastform.com # Reference: https://twitter.com/James_inthe_box/status/1683554486768500736 # Reference: https://app.any.run/tasks/484f9eee-5b39-4c44-b33d-06c0fb042717/ fgui87uj.click # Reference: https://threatfox.abuse.ch/browse/malware/win.recordbreaker/ (# 2023-07-27) http://107.152.41.214 http://107.152.46.84 http://178.23.190.46 http://77.73.133.68 http://84.246.85.83 http://88.119.174.146 20.122.41.213:99 37.27.3.211:8988 45.142.212.215:443 5.161.69.57:8088 65.108.151.131:90 broke-dreams.xyz # Reference: https://threatfox.abuse.ch/browse/malware/win.recordbreaker/ (# 2023-08-03) http://146.70.106.44 http://146.70.86.15 http://185.143.223.37 http://193.178.170.44 http://45.15.156.183 http://5.252.118.51 http://64.52.80.38 http://77.91.123.19 http://89.23.107.112 http://89.23.107.113 http://89.23.107.233 http://89.23.107.49 http://89.23.107.94 http://91.103.252.10 http://91.103.252.129 http://91.103.252.130 http://91.103.252.151 http://91.103.252.154 http://91.103.252.167 http://91.103.252.191 http://91.103.252.31 http://91.103.252.65 # Reference: https://otx.alienvault.com/pulse/648340f66e6baaa298b44a9d crackallsofts.com crackprogs.com expertstudiopro.com hotsoft.bio software.cc # Reference: https://twitter.com/g0njxa/status/1677297278371889153 # Reference: https://twitter.com/g0njxa/status/1677306836410683393 # Reference: https://twitter.com/g0njxa/status/1689685316062388247 http://94.142.138.97 bigbrainhousewall.com ripple-wells-2022.com # Reference: https://www.virustotal.com/gui/ip-address/194.50.153.20/relations # Reference: https://www.virustotal.com/gui/file/c52b6d58ded91cc16ab8d15fe50f30d080d5d263e5e158fe34752bd4ec8a2979/relations tvd-packages-download-file.online tvd-packages-download-file.pw tvd-packages-download-file.site # Reference: https://threatfox.abuse.ch/ioc/1149514/ http://91.103.252.140 # Reference: https://twitter.com/g0njxa/status/1691748179996184917 # Reference: https://app.any.run/tasks/698f65e2-2af2-4969-8d52-f388744af33b/ http://77.246.102.57 # Reference: https://threatfox.abuse.ch/browse/malware/win.raccoon/ (# 2023-08-16) http://144.217.220.122 http://167.235.245.116 http://185.235.129.137 http://185.38.142.246 http://194.213.18.158 http://195.2.80.198 http://45.61.136.46 http://46.249.35.133 http://5.206.224.181 http://5.35.32.180 http://5.78.89.116 http://80.76.51.232 http://91.103.252.217 http://91.103.252.230 http://91.103.252.231 http://91.103.252.49 http://91.103.252.50 http://91.103.252.51 http://91.103.252.52 http://94.131.102.29 # Reference: https://www.virustotal.com/gui/file/172998995b63bc4a4efc8f6d1d879e00822f6fe338f5bb04360b81e2b4c48473/detection tradersteampoggx.space # Reference: https://asec.ahnlab.com/en/54658/ # Reference: https://otx.alienvault.com/pulse/6491a6e32a98b2a257b87871 http://79.137.202.161 http://85.192.40.245 http://89.185.85.117 http://89.185.85.33 http://89.208.103.225 # Reference: https://twitter.com/g0njxa/status/1694453356788343241 # Reference: https://www.virustotal.com/gui/file/f1625a1adefaa41e5bf0f622d38fed109fb731c05a2c8f5c399ae3ce1763ba95/detection 89.23.107.169:4000 # Reference: https://threatfox.abuse.ch/browse/malware/win.raccoon/ (# 2023-09-18) http://185.11.61.186 http://185.149.146.253 http://185.253.96.117 http://193.168.141.152 http://195.2.80.198 http://217.138.215.98 http://23.227.199.27 http://45.8.145.219 http://45.9.149.237 http://49.13.51.185 http://5.42.67.7 http://5.75.248.141 http://62.113.114.102 http://65.109.2.42 http://80.66.79.14 http://91.103.252.229 http://91.103.252.241 http://91.103.252.245 http://94.103.93.160 http://95.164.17.125 http://95.179.149.59 5.78.94.201:56000 89.23.107.183:4000 # Reference: https://cyberint.com/blog/financial-services/raccoon-stealer/ # Reference: https://otx.alienvault.com/pulse/64dca4eb3f10605dbeff12ac telecut.in /antitantief3 /baudemars /bpa1010100102 /ch0koalpengold /jiocacossa /kokajakprozak # Reference: https://threatfox.abuse.ch/ioc/1152360/ http://91.103.252.249 # Reference: https://twitter.com/Gi7w0rm/status/1698660723616891025 # Reference: https://tria.ge/230903-2g47sach46 89.208.137.159:5200 # Reference: https://www.virustotal.com/gui/file/8d5f481be0bb03f0e59effda0fc86a0c9a7da2fb8964f2b4d00530f24231fc7c/detection 5.78.81.39:8088 # Reference: https://twitter.com/r3dbU7z/status/1701884223831875592 http://49.13.17.71 # Reference: https://threatfox.abuse.ch/ioc/1164082/ http://89.23.98.212 # Reference: https://twitter.com/malwrhunterteam/status/1704483766461173984 # Reference: https://www.virustotal.com/gui/file/3af0a90d9a3cd77aa0353ec59bd8129fb799ee72daa6e61555c6228219385d43/detection # Reference: https://www.virustotal.com/gui/file/64e733d51b0e03957003f0b5e424efd1068f331226880e0c212de2c29b2a38d6/detection # Reference: https://www.virustotal.com/gui/file/1169c5ba2feae0192d2d8d45ce2fc3456bca1d6633d46b0f219bd62fddcca922/detection http://91.103.252.209 # Reference: https://asec.ahnlab.com/ko/57276/ http://95.216.166.188 # Reference: https://tria.ge/210926-r8qtcsfac3/behavioral2 http://194.180.174.100 # Reference: https://threatfox.abuse.ch/ioc/1179751/ http://128.140.101.125 # Reference: https://www.virustotal.com/gui/file/3af52378a5017f27b864120b03dcae9103cc587a5b2e4bacc894d57d774bfd58/detection http://5.75.241.110 # Reference: https://www.virustotal.com/gui/file/84d1b1f0588cac4fb502da345ed7ee3bae4000b7f6b096a7bc797789c1fe8120/detection http://206.188.197.18 # Reference: https://threatfox.abuse.ch/ioc/1182651/ 5.78.80.43:8388 # Reference: https://threatfox.abuse.ch/browse/malware/win.recordbreaker/ (# 2023-10-24) http://149.248.79.83 http://178.20.47.114 http://193.168.141.10 http://194.15.216.72 http://62.113.119.179 http://65.20.77.120 http://85.203.26.94 http://85.209.11.78 http://94.142.138.114 157.90.161.111:8086 193.222.96.7:8787 # Reference: https://www.virustotal.com/gui/file/eed495aa2e979b528263e0a251333e0afbab8fbfddef1dbca3f0928fcfe8ba3c/detection 194.87.31.242:4000 challenging.zippityjava.fun # Reference: https://www.virustotal.com/gui/file/9e101940dbd206578c80cc81888c2698a36a12f533361de8dde57aaf2307a3b6/detection http://216.238.101.101 # Reference: https://threatfox.abuse.ch/ioc/1189572/ http://95.181.173.204 # Reference: https://threatfox.abuse.ch/ioc/1189808/ 194.87.31.58:8444 # Reference: https://twitter.com/suyog41/status/1714880422579196042 # Reference: https://www.virustotal.com/gui/file/826437c8fa913e5ae89a2b09beb5a748a7e1d766da6679a7c63686d58093f8cd/detection wizmail.lol # Reference: https://threatfox.abuse.ch/browse/malware/win.recordbreaker/ (# 2023-10-25) http://195.123.218.98 http://217.138.215.106 # Reference: https://threatfox.abuse.ch/browse/malware/win.raccoon/ (# 2023-10-25) http://172.86.97.180 http://176.113.115.213 http://185.211.5.34 http://195.10.205.31 http://195.85.115.26 http://31.192.237.75 http://37.49.230.152 http://45.61.138.198 http://45.61.166.46 http://5.181.159.31 http://5.255.111.183 http://5.42.65.26 http://5.45.85.201 http://68.169.43.35 http://77.105.146.87 http://77.91.68.37 http://79.110.48.140 http://85.203.26.95 http://85.209.11.169 http://89.208.107.10 http://91.103.252.193 http://91.103.252.35 http://91.219.237.205 http://94.103.93.33 http://94.142.138.80 http://95.181.161.144 # Reference: https://threatfox.abuse.ch/browse/malware/win.raccoon/ (# 2023-11-06) http://103.136.42.221 http://103.214.68.60 http://146.70.106.36 http://178.20.41.15 http://178.236.246.9 http://185.172.128.8 http://185.236.228.34 http://185.39.18.228 http://193.233.132.12 http://193.233.132.13 http://193.233.132.15 http://193.233.132.17 http://193.233.132.30 http://195.20.16.154 http://195.20.16.35 http://212.237.217.137 http://31.192.237.23 http://38.180.70.181 http://45.15.156.26 http://5.181.159.13 http://62.113.112.27 http://64.176.7.223 http://68.67.203.43 http://77.91.76.14 http://77.91.76.6 http://91.103.252.109 http://91.103.252.114 http://91.92.246.197 http://94.103.88.64 # Reference: https://www.virustotal.com/gui/file/60ed2e60a028ee6b744234a2c9961bbd94711686d48db15ff8dd32f062ba8ac0/detection http://5.42.65.13 # Reference: https://www.virustotal.com/gui/file/00fb9d3ea20805d4b650ecd38f87747f233489aac90ea1dc36bee763760bceca/detection http://5.42.64.16 # Reference: https://threatfox.abuse.ch/ioc/1202366/ http://195.20.16.93 # Reference: https://threatfox.abuse.ch/ioc/1206350/ http://195.20.16.40 # Reference: https://threatfox.abuse.ch/ioc/1206447/ http://5.42.65.58 # Reference: https://threatfox.abuse.ch/ioc/1209058/ http://89.208.107.12 # Reference: https://twitter.com/crep1x/status/1731638155109884014 http://23.227.196.198 http://94.103.93.70 # Reference: https://twitter.com/ULTRAFRAUD/status/1734531363938632041 # Reference: https://www.virustotal.com/gui/file/80cc6f567abdca7c986866e2f1cdafc954778cf4395514386573f3b420e6352c/detection 89.23.98.143:30020 89.23.98.143:8000 # Reference: https://twitter.com/1ZRR4H/status/1744072499908735128 # Reference: https://www.virustotal.com/gui/ip-address/5.182.36.242/relations rar-upload.com rar-uploaded.com rar-uploader.com rar-uploads.com rar-uploadz.com rars-upload.com rars-uploader.com rars-uploading.com rarz-upload.com # Reference: https://threatfox.abuse.ch/browse/malware/win.recordbreaker/ (# 2024-01-15) http://185.16.39.253 http://51.161.131.35 http://91.92.246.200 http://93.185.166.154 http://94.103.90.193 185.193.125.199:8787 # Reference: https://threatfox.abuse.ch/browse/malware/win.recordbreaker/ (# 2024-01-23) http://104.194.157.23 http://109.107.178.133 http://139.99.236.139 http://146.70.106.73 http://159.100.29.45 http://167.235.154.243 http://178.20.43.58 http://185.217.197.175 http://192.153.57.54 http://193.149.187.16 http://193.233.132.152 http://193.233.132.63 http://193.233.132.71 http://195.20.16.155 http://37.49.230.219 http://5.252.177.220 http://62.113.114.93 http://77.105.166.247 http://78.153.130.188 http://81.19.141.9 http://89.44.9.86 http://91.92.136.236 http://91.92.251.118 http://92.118.112.216 http://94.228.169.161 193.149.187.16:443 # Reference: https://www.virustotal.com/gui/file/ba14279dad6447cb86bd3591eb7307f97be89db095172e5074f10270c711fbba/detection # Reference: https://www.virustotal.com/gui/file/009f52c57b7cb874574915d8e7ebeff136eb2424408aaf2f9eed2a5120aa4fbf/detection 78.153.139.198:4000 # Reference: https://threatfox.abuse.ch/browse/malware/win.recordbreaker/ (# 2024-04-11) http://146.0.79.19 http://146.70.135.158 http://178.62.239.104 http://185.17.40.132 http://192.227.94.170 http://193.233.132.111 http://193.233.132.204 http://193.233.132.231 http://193.233.132.38 http://195.20.16.127 http://64.7.199.224 http://82.146.45.177 http://89.238.170.230 http://91.198.166.140 http://91.92.255.182 http://94.131.106.24 # Generic trails /file_handler/file.php /file_handler4/file.php /gate/log.php /gate/sqlite3.dll /gate/libs.zip /eueueuueueue.php /momomoomomom.php /ozozozozoz.php /us1jdskjdshfkjehr.php /usalamendallasu.php /usksdjqjwjoweidjcslkm.php /usuususususuusus.php /hgguf3YB4qmE47arMq9R/ /hhhuuulllliiiiii/ /rrrorororor/ /hhhuuulllliiiiii/rrrorororor/ /SwjBfXYB4qmE47art5oZ/ /function/v2tmp/ /l/f/2yIwFHgBuI_ccNKoZIni/ /l/f/3RS7onsBPvGyIjkLaQYk/ /l/f/7mVIyn0BZ2GIXa3qbA1/ /l/f/86W_IH0B3dP17SpzxSO3/ /l/f/AQi5QHsBPvGyIjkLlA5F/ /l/f/eGZv330BZ2GIX1a3nKb_/ /l/f/FRmrq3cBuI_ccNKom49o/ /l/f/KgUbOXsBPvGyIjkLDz0w/ /l/f/_5GVInwB3dP17SpzmEsB/ /_5GVInwB3dP17SpzmEsB/ /2yIwFHgBuI_ccNKoZIni/ /FRmrq3cBuI_ccNKom49o/ /ASHASHAShOWIWWWQQQ/gate.php /ASHASHAShOWIWWWQQQ/ /cvxzbczvbcvzbzcvb/ /FGHAREHAHARWHY/