# Copyright (c) 2014-2022 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: vidar stealer, mars stealer, lumma

# Reference: https://twitter.com/malware_traffic/status/1112776731331620865

hospitaleco.com

# Reference: https://twitter.com/malware_traffic/status/1103717653590482944

gettorrent.ac.ug

# Reference: https://twitter.com/malware_traffic/status/1101164760647847936

capitalinvest.ac.ug

# Reference: https://twitter.com/malware_traffic/status/1083771485997670400

tepingost.ug

# Reference: https://twitter.com/K_N1kolenko/status/1116263090562183168
# Reference: https://pastebin.com/jFhkBu32

bokolavrstos.com
newagenias.com
binacoirel.com
malansio.com
jamaliensor.com
kolobkoproms.ug
bastionprofi.ug
tepingost.ug
startolete-vn.ug
bestchope.ug
fashionhub.ug
mytradecrypto.ug
applezone.ug
travelups.co.ug
travelforyou.ac.ug
einvestment.ac.ug
newphone.ac.ug
newstoday.ug
globalcoin.ac.ug
yourseo.ac.ug
cryptoshop.ac.ug
capitalinvest.ac.ug
onlineinvestment.ac.ug
allcashbacks.ac.ug
getpayment.ac.ug
gettorrent.ac.ug
proshop.ac.ug
yandex.ac.ug
yandex.ug
google.ac.ug
search.ac.ug
hospitaleco.com
oldspicebest.com
refenansoro.com

# Reference: https://twitter.com/x42x5a/status/1121094286613852162

santaluisa.top

# Reference: https://twitter.com/VK_Intel/status/1125549719885893633

golenirose.com

# Reference: https://app.any.run/tasks/6faf55b6-9675-4c23-acf6-e165e1938e43/
# Reference: https://twitter.com/raby_mr/status/1136498987890925569

crypto-widget.live
penthausebrones.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1166604400489639936

eroomia.com

# Reference: https://twitter.com/malware_traffic/status/1169727825823354880

xhth516682.com

# Reference: https://twitter.com/ActorExpose/status/1176782301222658048
# Reference: https://app.any.run/tasks/6d880837-3ba9-439c-b67b-ee6d2837b645/

aaenyhostel.org

# Reference: https://github.com/silence-is-best/c2db#vidar-stealer

weimachel.net

# Reference: https://twitter.com/0xFrost/status/1182973846208598017
# Reference: https://app.any.run/tasks/d498ebc5-51cd-446f-9d98-7e43628b56b5/

garbage-barabage.top

# Reference: https://app.any.run/tasks/52656d24-b866-416c-b703-ee0fae0e3f78/

klegrandlichgrum.com

# Reference: https://twitter.com/James_inthe_box/status/1191695072032460800

qubert.org

# Reference: https://pastebin.com/xwT2gAgE

acrelop.com
martinlloyd.net
pineloseesrae.com
qubert.org

# Reference: https://app.any.run/tasks/42a9a425-d8f8-4504-8bbf-63c0c10c4bda/

gebrauchlichtal.com

# Reference: https://twitter.com/Paladin3161/status/1162320397368381441

villadubois.org

# Reference: https://twitter.com/P3pperP0tts/status/1178820466917675008

lanokhasd.com

# Reference: https://twitter.com/P3pperP0tts/status/1196440836852125698

steerdemens.com

# Reference: https://twitter.com/P3pperP0tts/status/1197178756068257795
# Reference: https://www.virustotal.com/gui/ip-address/209.141.33.126/relations

http://209.141.33.126
steerdemens.com
starlikespace.org
longvoyages.com
xd.botnet.services

# Reference: https://twitter.com/P3pperP0tts/status/1198935640664133644

crarepo.com

# Reference: https://twitter.com/P3pperP0tts/status/1198984250420269057
# Reference: https://app.any.run/tasks/60002c6f-65b1-4597-a011-1b2de844e56f/
# Reference: https://app.any.run/tasks/16784961-e95f-403d-8726-ad04d37c7b8a/
# Reference: https://www.virustotal.com/gui/file/1223da902b1525073ad6a4a71214b1c1b062fa61ce23138dcea4e7c7bfe9b8ab/detection

agent1.icu
agent2.icu
amdsetup4.icu
amdsetup5.icu
juhubeachn.com
legion17.icu
toplegions1.icu
updateinfo3.top
updateinfo4.top

# Reference: https://pastebin.com/iDrBJG8j

fastupdate1.top
fastupdate2.top
fastupdate3.top
fastupdate4.top
foxupdate1.me
foxupdate2.me
homeporno228.com
legion17.com
thepleasurelive.com

# Reference: https://pastebin.com/x2qLz9FJ

voyagephoshop.org

# Reference: https://twitter.com/ViriBack/status/1202413165482409984

http://195.133.1.170
ahmatokomaro.pw
bestdead.pw
petordementyev.pw

# Reference: https://pastebin.com/HBSmJ4wb

789456123.monster
legion17.net
lowupdate3.top
lowupdate4.top
softupdate1.me
softupdate2.me
xylolle.com
ybookfli.net

# Reference: https://app.any.run/tasks/45b54b0e-6de2-4975-b640-779026655f7c/

grelkafestivales.com

# Reference: https://twitter.com/MBThreatIntel/status/1225917125493018624

naumokukea.com
porosnter55.xyz

# Reference: https://www.virustotal.com/gui/file/48c34dd8345ab24ac203e3efc7f46643c4817a42b12fcd7c8a62211b4f4fc02d/detection

gyeonggidoo.com

# Reference: https://twitter.com/P3pperP0tts/status/1228775071260594176

greenlandsurround.com

# Reference: https://app.any.run/tasks/2e1aa0da-69b6-4f5f-847b-243cfaaabd4a/

gewe.tech

# Reference: https://www.virustotal.com/gui/file/2ca7597f7b6a1227c6bace9b1441f2b439935f02a35ffa2a2562f5ccc6cff8e4/detection

maineacadia.com

# Reference: https://www.virustotal.com/gui/domain/paparazzis.pw/relations

paparazzis.pw

# Reference: https://twitter.com/malwrhunterteam/status/1242355604477423617

whoer-vpn.net

# Reference: https://www.virustotal.com/gui/ip-address/161.117.177.248/relations

verifiedomg.top

# Reference: https://twitter.com/JAMESWT_MHT/status/1246056096055406592
# Reference: https://app.any.run/tasks/d75d4f69-8381-46c7-9f0e-ce5ba2eb1ac1/

etips.fun

# Reference: https://app.any.run/tasks/fe00595d-b20e-4f2e-9c47-9f1cb79a63b3/

wrangellse.com

# Reference: https://twitter.com/James_inthe_box/status/1248964446505947136
# Reference: https://app.any.run/tasks/4cc95d8b-f2c7-457d-97d2-991d0115c1b4/

yrhealth.life

# Reference: https://app.any.run/tasks/d8a2ef38-b0a0-4619-ab21-918d7e6eefcf/
# Reference: https://www.virustotal.com/gui/domain/mastercard.ru.com/relations

mastercard.ru.com

# Reference: https://twitter.com/petrovic082/status/1257619785707393034
# Reference: https://app.any.run/tasks/a3380ace-5f86-4240-a986-f244231c05cc/

archessee.com

# Reference: https://app.any.run/tasks/93596f59-77f9-4b55-af25-3939594ed913/

repitoperano.pw

# Reference: https://www.virustotal.com/gui/domain/waterpocketfold.com/relations
# Reference: https://app.any.run/tasks/b7d1ca5f-e49f-4d50-b4b0-690e6b8b7783/

waterpocketfold.com

# Reference: https://app.any.run/tasks/d6a32934-daf9-4b83-9a2a-9f5a5feb4b64/

barddistocor.com

# Reference: https://app.any.run/tasks/32e30b47-f656-4505-af07-7e3f7c0c3b93/

http://213.226.114.54

# Reference: https://twitter.com/malwrhunterteam/status/1264259160918671363
# Reference: https://www.virustotal.com/gui/domain/sumliomicna.com/relations

sumliomicna.com

# Reference: https://www.virustotal.com/gui/file/ffc9319863cf7efe7575c36357ecd7102f99c99758ed94e97d31d78c7e1966a3/detection

headborro.com

# Reference: https://twitter.com/vigilantbeluga/status/1257891038582067200
# Reference: https://www.virustotal.com/gui/domain/chumashpeople.com/relations

chumashpeople.com

# Reference: https://www.virustotal.com/gui/file/13f8e88a6f37b999c12513887752d7a03637e32106ef4109e11a9a8f260ccfab/detection

piedmontteem.com

# Reference: https://www.virustotal.com/gui/file/aecddb3a9656759f5681708172573f435c3db0539d6a7a0230ec93b4e3f131a1/detection
# Reference: https://www.virustotal.com/gui/file/e0830aec7a5737f0558860a3ff192c6270bf57b2bc1c01ad514c012f7d039bae/detection
# Reference: https://www.virustotal.com/gui/file/87dac3be0edd3b599b3d50eec0edbe751e6d2951b22182a85b017acf26d485f7/detection

backgrounds.pk
jamshed.pk
karimgousa.ug
karimgouss.ug
levitt.ug
levitts.ug
marcakass.ug
tribunal.ug
zaragoza.co.ug

# Reference: https://www.virustotal.com/gui/file/f1d7ea9dcf7abe22f07f3d14fb21636e47bb0def2f766632a547d20f7d258aa5/detection

http://37.252.5.111

# Reference: https://www.virustotal.com/gui/file/f2a0fdf6caf5be2b84dcc0efb0c59082fa67350d49a1f2951b451df6f1d2bb21/detection

tomasisa.ug

# Reference: https://www.virustotal.com/gui/file/51b82ddc8786bdd8a0805baebaa243df7910711d422aad9f5fa867f46c7fcc71/detection
# Reference: https://www.virustotal.com/gui/file/cd8751bd47174dbae36c414383ca789d6d23062d528a34eaa81924cb3c0bfaf5/detection
# Reference: https://www.virustotal.com/gui/file/30ff25b4a60bd0e1f46e544dc44138aa3cf59ef87a84f1eafae990c61f1e5266/detection
# Reference: https://www.virustotal.com/gui/file/1969bcde226f3b3bcfb67912b5ff6efd8038383dc2655980a6f51730e8361d09/detection
# Reference: https://www.virustotal.com/gui/file/c81ae80ffb2e2a3af8c2b5ae405f848ed094e3f4112a501c4bb773d5f494239d/detection

lkjhgfdsa4.ru
zver.tech

# Reference: https://www.virustotal.com/gui/file/5282290d0d6e2b1add3d298052c4f607afa58e12559ddcf99da3a242d8329cf8/detection

sl9XA73g7u3EO07WT42n7f4vIn5fZH.biz

# Reference: https://www.virustotal.com/gui/file/bc275cd76478e4d3387740dd955d9b9b5b36f064656ecb1e1cea9b8649eec57d/detection

smarteyecare.in

# Reference: https://www.virustotal.com/gui/file/eb496b85f98f8b3f2b4f4150295b490c04b6b710818b9ebf592272b5dd3005c0/detection

precambrianera.com

# Reference: https://app.any.run/tasks/4b8bd5e5-b60d-45ee-9fa1-e631e591987b/

likeanimals.net

# Reference: https://www.virustotal.com/gui/file/50d214d5c28d4fe7980d89449aed8714b12285ec9f7e21e3bf21c66d3f2797d0/detection

nextgentoolkit.com

# Reference: https://www.virustotal.com/gui/ip-address/217.8.117.77/relations
# Reference: https://app.any.run/tasks/3b0bd018-731d-493c-a4d3-9a58a97e03ff/
# Reference: https://www.virustotal.com/gui/file/aba9f9d6904d1474f7a0693e80d182eff9cb8a1c185f0090876cf8eb83914cbb/detection
# Reference: https://www.virustotal.com/gui/file/c08958f222a52901aade88ebe2c3636a8bca3bf9fb6874ffbae93261ebfec86f/detection

agentt.ac.ug
agenttt.ac.ug
andreas.ac.ug
andres.ac.ug
courtneyhones.ac.ug
courtneyjjones.ac.ug
courtneyjones.ac.ug
courtneysdv.ac.ug
ferreira.ac.ug
ferreiranadii.ac.ug
foundsomebo.ac.ug
iloveyoubabu.ac.ug
iloveyoubaby.ac.ug
jamesrlongacre.ac.ug
jonescourtney.ac.ug
letitburnsf.ac.ug
malarcvgs.ac.ug
morasergio.ac.ug
morasergiov.ac.ug
nadia.ac.ug

# Reference: https://twitter.com/JAMESWT_MHT/status/1328290554912903169
# Reference: https://app.any.run/tasks/34c3a80a-83a1-476e-80ce-2ce62e40e0b7/
# Reference: https://www.virustotal.com/gui/file/0ea95746928602fad4896c1085ee0125dbeb29145dea813ad3444f648c9db2c8/detection
# Reference: https://www.virustotal.com/gui/file/95268ee22cb09ca871b56ede8eca4a1655490ef02ad14bbd2c02b60eea19481c/detection
# Reference: https://www.virustotal.com/gui/file/9dd08cf2672502db217f9772affb88657f8559d8f4d946af25c4b22428ea336a/detection
# Reference: https://www.virustotal.com/gui/file/a6dbfda2fe88b1f7e1184f3ab5fd3e206aece25707fb55d25b1fda513bf93007/detection

buydating.co.ug
gomisacar.com
rineialav.com
swiloodex.com

# Reference: https://www.virustotal.com/gui/file/9a5e8b3e5929b50b2ac4c44587fb01153ad9377681c3ca5c2dfee11830a2caec/detection

sbershit.com

# Reference: https://www.virustotal.com/gui/file/76ce130d2447f71bea8ed902959fd7e0aeac86b55f9e44a327c1f1c1bd73ba3f/detection

molothunsen.com

# Reference: https://www.virustotal.com/gui/file/9f7708675b4cb733db4405d8c42f54828d7069e990bc8238f74abe8222425037/detection

whoicehkestes.com

# Reference: https://www.virustotal.com/gui/file/628a9c97a55155f60d3b5ae29bc64f1dca5a6baf2b4f6a1a1de5e836cd4fb73f/detection

desperate.website

# Reference: https://www.virustotal.com/gui/file/95bf761c12eba2be84e29c60e31017bc60007ed0f38fcdf261d5fef34e8e4f2f/detection

badlandsparks.com

# Reference: https://www.virustotal.com/gui/file/0af341a92c789bd37e8d7d029f0c225f66f5137f678ea8082426bb565261e740/detection

paunsaugunt.com

# Reference: https://www.virustotal.com/gui/file/7b5a9d6119e910f5c0441ae27293b0367718a4257062f29ec8ef27342a0b8de8/detection

biscayneinn.com

# Reference: https://app.any.run/tasks/4ec40ce2-3250-47c5-96d8-07bcb4c4d1b9/

realmengame.com

# Reference: https://app.any.run/tasks/2c8c2f47-e965-4ca7-ab5f-bf8bcefd74b2/

marianne.ac.ug

# Reference: https://www.virustotal.com/gui/file/2953c2448667bc21d451fce8747513bfaaf0df312df1e0a47604ea49a2bbbda4/detection

prosecuredata.top

# Reference: https://www.virustotal.com/gui/file/b25e4f3d4cfb1ade5d4d68469d6f9b365dddc0296f4a66b2e60f29d476889db9/detection

altmessager.com

# Reference: https://www.virustotal.com/gui/file/3d4b459e2a4a78a2c693876b548b248acf9bb3278fb87ec66b5e4cf204a42cf9/detection
# Reference: https://www.virustotal.com/gui/file/b2ca76052b184c69881e79f3f7549ae884f38a57f50f5801fa40aa953f20b11b/detection

kenutduk.duckdns.org

# Reference: https://app.any.run/tasks/030e7573-8696-417e-8741-b8f80e43caa6/

goodssogood.com

# Reference: https://app.any.run/tasks/5a354632-e77c-42ab-8ff0-87bcad5c78fc/

/a/a/www/

# Reference: https://www.virustotal.com/gui/file/240a264d7565a846f6b1a1d83fbec957351de24e6096cf325e6fb24f229e81a1/detection

paperone.co.ug

# Reference: https://www.virustotal.com/gui/file/54976d4745f4fe0b1492cdecdfdb465a81b8acfe305e210d3e2a39b945889082/detection

hydrakupi.co.ug

# Reference: https://www.virustotal.com/gui/file/899940dfc0c21fb132d23ffb7f8bd4bfbef3bd52b741f1da49834dbcd4ac0578/detection

fastkisel.co.ug

# Reference: https://www.virustotal.com/gui/file/477c7d30787de3f979707583bdfae90fb84bd070003c2ccfd260cba2aed08234/detection

didntreadlol.com

# Reference: https://www.virustotal.com/gui/file/7a48e7fad9485df2316249060c7820a56ddb1b0c2841718744e31fe9b5b18786/detection

duckclack.com

# Reference: https://twitter.com/pmmkowalczyk/status/1369275271011041281
# Reference: https://www.virustotal.com/gui/file/d466ef9698569363af4f08b64235817c7838c726c1faee300582aab3d90f5683/detection

/lancer/getm.php?pid=

# Reference: https://www.virustotal.com/gui/file/0a98dfea9758a2d86facdd37086aae816688386cb897957d72ce95fe2c12093f/detection

zockzock.top

# Reference: https://www.virustotal.com/gui/file/802f2e368248bf75bb83af798f562f9fb2bf07227500b0986abc16a0b42d3ebb/detection
# Reference: https://www.virustotal.com/gui/file/6039cff3d4e528c47b3cd505d14ba6645b4056aa139a06150a0ace56c9cd402f/detection

test.adegokecollege.com

# Reference: https://www.virustotal.com/gui/file/2f4dc31023ec39356b3aa220863cba0ac8b25770641423bccf79ee2b10d77278/detection

nmorbertomo.ac.ug

# Reference: https://www.virustotal.com/gui/file/2e99c313e0c650e1550099cda6493a1896741c8ca294b201d2f2edd5238cdb7a/detection

http://45.147.198.62

# Reference: https://app.any.run/tasks/377e6816-2765-4384-bf2a-4818f84b2b8d/

cache.krishgarden.com

# Reference: https://www.virustotal.com/gui/file/764574a80f1738d589a165cb5fecc7840220c7e72ffe795be772ccf58a0f7ceb/detection

static.parafia-strumiany.pl

# Reference: https://www.virustotal.com/gui/file/0e55e17532909ad5ad34eb4e35d791b27c6951dd15a8baba34c29ae572c884d0/detection

ciaociaoline.com

# Reference: https://twitter.com/c3rb3ru5d3d53c/status/1380870829932744707
# Reference: https://app.any.run/tasks/edc50f68-7088-439e-8993-b6bf2fbb4cde/

data.parafia-strumiany.pl

# Reference: https://app.any.run/tasks/0273000c-ebf5-4a51-a89e-3d0159ff5bb3/

http://45.85.90.86

# Reference: https://twitter.com/fr0s7_/status/1384855677659660288
# Reference: https://app.any.run/tasks/210dcd67-5096-4f79-9cb7-21502ca24854/

stealer.xxxy.biz

# Reference: https://twitter.com/reecdeep/status/1387777010097852426

http://203.159.80.206

# Reference: https://www.virustotal.com/gui/file/e5686e76056d1a4ac0a3120e1de3e3ab9aca585fb151881e76885d36a6621092/detection

lotomoto.info

# Reference: https://twitter.com/James_inthe_box/status/1389233811251073033
# Reference: https://app.any.run/tasks/4a9b349d-ade4-4723-ac41-40415532e8bc/
# Reference: https://app.any.run/tasks/3e24fd12-9eed-4e6a-9b49-dfd3d8341a87/

http://31.210.21.181

# Reference: https://www.virustotal.com/gui/file/bbd4dd21dde67a96ac02aa9795ce662fa36d4edb90d13f2ffbdeee0d4aea5050/detection

vtqt.xyz

# Reference: https://www.virustotal.com/gui/file/3be583104ac2df031993b4f1bcbca40c01cefc5282050bc70b74e6e428291aba/detection

http://31.210.20.228

# Reference: https://www.virustotal.com/gui/file/55f1a2084fd1c1d5477519f06b02aa4fa4d917aaceffd116fc45820dc49a7795/detection

osiq.xyz

# Reference: https://www.virustotal.com/gui/file/7d449aa7f0c8097671688a2636f7b2d748f5ee3e4e63de3447d903fd371533f0/detection

http://45.144.225.173

# Reference: https://www.virustotal.com/gui/file/fa1b210bdfaa9d9ed60eeee1196af0a697ed9bb1b6fbcc7108ebf43b55a313a5/detection

http://159.69.87.239

# Reference: https://www.virustotal.com/gui/ip-address/188.34.193.205/relations
# Reference: https://www.virustotal.com/gui/file/83422a63a67f69382eb8b0770a89d1841b43aac04beb7ae14429d35ce4b77a3f/detection

http://188.34.193.205

# Reference: https://www.virustotal.com/gui/file/8209fcebdc81bc471b8abd57c07a18a7f222803f625028e26e343fde63183fda/detection

http://78.142.29.63

# Reference: https://www.virustotal.com/gui/file/1fa6a1833e1fe0875ea6f0ddf0dab47659a5a9cc8db80e6496177215bfbff498/detection

worstyear2020.com

# Reference: https://www.virustotal.com/gui/file/dfe963eae24c412b410f879df4f8fdec5b1a4fa8e20f44ab4eea4af4f811cf19/detection

dollartikuda.xyz
ys-gay.net

# Reference: https://www.virustotal.com/gui/file/c41aa6d6eeac57851b0a00a619609ed764072881b85b7dad25ac30f2856eda43/detection

support121.ddns.net

# Reference: https://www.virustotal.com/gui/file/f7a75dfb71ae46a4d6732100359c7d1b6fb5bb65338d6d1b702871ca492d3d54/detection

sefagusten.top

# Reference: https://www.virustotal.com/gui/file/cdeda69bc5ed54e292430a0e7017a66472ef4a1a25e3ebc125785fa2f9dc2bd9/detection

siwirnes.top

# Reference: https://www.virustotal.com/gui/file/573ac5d6b60b2965407c8fbf5c9d0f82067a19c27db420c4f5e9067798bcf6f9/detection

http://162.55.189.102

# Reference: https://www.virustotal.com/gui/file/835c8f02b83dd9bf4b3bf34f7e786b9b37c22924977eab54c6be9f69f1fefc69/detection

http://168.119.226.10

# Reference: https://www.virustotal.com/gui/file/326bebb9e00419c94b901a4597b8d8b1b56ac6ca9cbb96fc8f40df4d85d588cb/detection

http://176.123.4.140

# Reference: https://www.virustotal.com/gui/file/f4a1b439d5d5dcda842507571335e05665dfddc1cec1690d2fa66480c84d3e50/detection

http://185.99.133.218

# Reference: https://www.virustotal.com/gui/file/addabc3e06c8044f4eb4dfc9b63c0d40c4c3e628761ac097a8647d105376051c/detection

http://188.34.193.205

# Reference: https://www.virustotal.com/gui/file/dc466832b1cfeb541df94d49aea4de357c034f78bf70480c27fe265e440010bf/detection

http://159.69.87.239

# Reference: https://www.virustotal.com/gui/file/49b3c1cea44676e46f5dd2d99db7810d3e09d256318be8429d1faa25a53d80b6/detection

http://195.201.94.135

# Reference: https://www.virustotal.com/gui/file/8d2dbbfd60c93fa6faf7f7b3bcfe4ac73dc6c2870911fe8f2c1c4e14bff90499/detection

http://49.12.77.13

# Reference: https://www.virustotal.com/gui/file/d17da61df61aace32659d4c00fd886a6115c893ce48b84c1a819ed6cb7fc1a61/detection

http://198.98.55.103

# Reference: https://www.virustotal.com/gui/file/00bebbc8e8adec6a7133ea0b83663d072b50cdab673d6b4d42b41d0a3fd61bc7/detection

djalil.top

# Reference: https://www.virustotal.com/gui/file/cc981c93093a992a27a48072beda1ebeefd2c23d1e961fd427995d389960890b/detection

lookluck.net

# Reference: https://www.virustotal.com/gui/file/3436be047261b75482542deb4e22e89927e89f60b6061fa32d72043ef8e4afad/detection

http://205.185.127.90

# Reference: https://www.virustotal.com/gui/file/6d68a55fc9958ed4e1e38eb44159f7ef87c434f91c78ae5c8bc58a979526f0da/detection

http://116.203.140.224
http://78.47.81.226

# Reference: https://www.virustotal.com/gui/file/dccba229de62bcbd976968e97f5c2febecf9408e339c553371563e43e8f7be48/detection

http://78.47.87.144

# Reference: https://www.virustotal.com/gui/file/bf9be8425f9523539e9fadbd7b96ced4fc65eaabb1006996a6974c6da8041a7e/detection

http://88.198.106.10

# Reference: https://www.virustotal.com/gui/file/a439026408378e73e65afe890e517d9fd78ed55739840cd0eec1e0d83056dd33/detection

http://94.130.58.199

# Reference: https://medium.com/s2wlab/deep-analysis-of-vidar-stealer-ebfc3b557aed
# Reference: https://otx.alienvault.com/pulse/60b10fc3cf96ed70dad3bc07

bittracker.co.ug
blockbock.com
bockbock.top
bocksmoke.com
brainstormer.co.ug
cache.krishgarden.com
centos8lts.com
centoswiki.co.ug
choohchooh.com
ciaociaoline.com
ciaociaoline.top
customkitchaid.com
data.parafia-strumiany.pl
didntreadlol.com
djalil.top
dockclock.pro
duckclack.com
fastkisel.co.ug
flinstonehouse.co.ug
ftp.dwysokinski.me
fuckspha.com
gate.akadns9.net
goodssogood.com
guilmettemoron.com
hydrakupi.co.ug
juhjuh.com
kenutduk.duckdns.org
kiselev.co.ug
lookluck.net
mail.kiselev.co.ug
paperone.co.ug
promo.parafia-strumiany.pl
protestbonjer.ml
shirleyhorn.com
smtp.omplcement.com
static.accelerator-introlab.ml
static.helpmybusiness.ga
static.parafia-strumiany.pl
upload.krishgarden.com
yourpro.top
zockzock.top

# Reference: https://www.virustotal.com/gui/ip-address/185.215.113.114/relations
# Reference: https://www.virustotal.com/gui/file/4b17367ca1fa965f3e4c89a58c7f0325157c224eb80d3344490c7f368f12a833/detection

bilederina.top
binoders.top
cerolipak.top
manusorg.top
mutaleson.top
tenorimp.top
veribuman.top
cleardatass.com
datastatscl.com
statsdatacl.com

# Reference: https://www.virustotal.com/gui/file/c54b414ff7ca8ec5843b3944a53b63fd1a904be8423be677a738060fb1546ff2/detection

http://103.155.81.167

# Reference: https://tria.ge/210710-kzbnpe2rbx

sergeevih43.tumblr.com

# Reference: https://www.virustotal.com/gui/file/ec763b65e400b9caaf560db4f26600251bd0971c7202a799dc7c3ce732a3717b/detection

http://162.55.223.232

# Reference: https://www.virustotal.com/gui/file/b32eb85e201ed5cb4bdef0f43882da7c32807d9be2dc9412aae0db3162d46fb2/detection

http://5.34.178.48

# Reference: https://twitter.com/pollo290987/status/1415925808766623744

sslamlssa1.tumblr.com

# Reference: https://www.virustotal.com/gui/file/a94a56609fd846b118788f9b003adecbdf47b06380cc9d9af5bd403fc5362941/detection
# Reference: https://www.virustotal.com/gui/file/f83d5140698073bdaa2e907ee6cbe025256b5796ce18f0d2cbc8efff4e9962cb/detection

http://116.202.183.50
xeronxikxxx.tumblr.com

# Reference: https://tria.ge/210726-6jdmkdfwcs

shpak125.tumblr.com

# Reference: https://twitter.com/reecdeep/status/1422191780833988616
# Reference: https://www.virustotal.com/gui/file/6c67e1ccf77b872b1f3cf257a257d75c4995dc079945080f578b51357ccdbe55/detection

himarkh.xyz

# Reference: https://twitter.com/Racco42/status/1422961309012930564
# Reference: https://app.any.run/tasks/b295d801-8643-4b42-a848-55c8fa5c22a1/

irkark.xyz

# Reference: https://www.virustotal.com/gui/file/7e04a5f055b6ea1d3402465c4bc96f89b660b82c494b860832f5b7540608bb70/detection
# Reference: https://www.virustotal.com/gui/file/aa1dc867430200195ec34624c58bce2dec6bcda1f837529c564b7cfab0ee978f/detection
# Reference: https://www.joesandbox.com/analysis/454005?idtype=analysisid

anqwcvaaq.xyz
/8GzIpNiHlc.php
/Fl26aoXOqL.php

# Reference: https://www.virustotal.com/gui/ip-address/188.130.139.107/relations

indiacas.xyz
indiamed.xyz
indianot.xyz
kazced.site
kazfds.xyz
kazkef.site
kazksc.xyz
kaznas.site
kazopz.xyz
kazxzs.xyz

# Reference: https://twitter.com/benkow_/status/1443189560024969226
# Reference: https://tria.ge/210929-pd2k9sfacl/behavioral1

http://79.124.78.139

# Reference: https://twitter.com/benkow_/status/1447835812050112516
# Reference: https://tria.ge/211012-jzgv4abhb7/behavioral1

gurums.online

# Reference: https://twitter.com/InQuest/status/1450099115258486784

http://136.144.41.229
searcer.x24hr.com
/gJCbU1V9y2.php

# Reference: https://twitter.com/benkow_/status/1457786964191571977
# Reference: https://tria.ge/211108-xpsfqschd6/behavioral1

http://65.108.80.190

# Reference: https://tria.ge/211117-lb4q3aehak/behavioral1

http://159.69.92.223

# Reference: https://twitter.com/Jane_0stin/status/1463981701596598272
# Reference: https://app.any.run/tasks/762741f6-b2d4-4fde-bf1c-111caf124379/

die-grausamste-herrin.at

# Reference: https://www.virustotal.com/gui/file/1ac64c5db03f0fc9729de68be00e2eff7a59f8e10d2ec50c5d348029de745ba4/detection

http://185.215.113.22
/E2vacMBpWA.php

# Reference: https://twitter.com/ViriBack/status/1476718496218324993
# Reference: https://tria.ge/211231-a19g3aehhj/behavioral1

main2.flashysoft.me

# Reference: https://www.virustotal.com/gui/file/baf599abab1d6969e1ba455f83375cbc9643bbe5049189729d3ce60be08e4a58/detection

http://188.34.200.103

# Reference: https://github.com/ti-research-io/ti/blob/main/ioc_extender/TF_vidar.json

derxblog.de
milktr.uk

# Reference: https://www.virustotal.com/gui/file/c3e725df442abe93e1d1d5ca01fc8105521c82e8e5f86d07171d8f95562c59a5/detection

http://49.12.198.69

# Reference: https://twitter.com/crep1x/status/1478361605394116612

http://116.202.186.120

# Reference: https://twitter.com/crep1x/status/1475535929985187846
# Reference: https://tria.ge/211227-sfrevsbcfq/behavioral1
# Reference: https://www.virustotal.com/gui/file/12f67b777aa65271b2e5773b042cbf8bc1c0bf8cabaf356aa05b583a1e581b94/detection

http://116.202.188.27

# Reference: https://www.virustotal.com/gui/file/42e77b0c32a2e1d98bb7e45198c83f92cad7f33b1369bc61c38ceab0ec2cd4f3/detection

http://167.86.127.231

# Reference: https://twitter.com/crep1x/status/1480574856265711618

http://78.46.160.87

# Reference: https://www.virustotal.com/gui/file/01a46fe5d3f043fe1b45548a36b63edfd841c1841ec5b6878d10ecab36d81d88/detection

http://65.108.180.72

# Reference: https://www.virustotal.com/gui/file/15bd912b0e66bf88fc6dbae28754cb085bfa199b7f7e0d4989ab39a747053be6/detection

hjggvbc.ru

# Reference: https://www.virustotal.com/gui/file/00706aeb7422cf62dbcf72342b913d32e85a68d025629d9ea464162ece67bcc2/detection

http://116.203.165.54

# Reference: https://www.virustotal.com/gui/file/005d0cbf83fcceb2657b56711cc56a4144d9c58a8393d3d1ae052db880b60269/detection

boombangers00666999.sc
/gate2233.php

# Reference: https://twitter.com/ViriBack/status/1487421178557964292
# Reference: https://app.any.run/tasks/49b5dee3-f179-4d8d-8000-0a7cde350c1e/
# Reference: https://www.virustotal.com/gui/file/2c35ee480e2ea480624011857326defe537063bb383824013a8f8a0b9182e3b1/detection

anydesk.computer
panel.computer

# Reference: https://www.virustotal.com/gui/file/27afc8d7727c80c934d73e4aa021ab138b99149023dbc1625c8d4ba867981652/detection

banlobora2.temp.swtest.ru

# Reference: https://www.virustotal.com/gui/file/2d299fcdf7562306634b74f187b445ad17ca07495d2a36ffca86c7425a7982db/detection

opmos.temp.swtest.ru

# Reference: https://www.virustotal.com/gui/file/7da3029263bfbb0699119a715ce22a3941cf8100428fd43c9e1e46bf436ca687/detection

cookreceipts.fun

# Reference: https://www.virustotal.com/gui/file/3c81b46f9c2fd6871f6844585c9d835eea672e1e0c8e26e667ce8049579e3245/detection

sl9XA73g7u3EO07WT42n7f4vIn5fZH.biz

# Reference: https://www.virustotal.com/gui/file/1e0608ba01db4c6a953d5a2bf144a944d5939790fd9e0acd7c06a37563470add/detection

f0457102.xsph.ru

# Reference: https://www.virustotal.com/gui/file/6e5bef09238ff67eb3c4765eed4a0d647a3b0d9be6e7604a3e9a0d509623c6fd/detection

admin.foa.ae

# Reference: https://www.virustotal.com/gui/file/c145a437ca06f644c48e37c597d6efc46f4a0e4d8b1bfb265a1d28ced7e8009b/detection

bergamot.nu

# Reference: https://www.virustotal.com/gui/file/4e842aade6a22d8efbcae4bd9cde73de26398f7f70a06fc09042ed72bb61465a/detection

cmd3490ghbdtn3.ru

# Reference: https://www.virustotal.com/gui/file/c48534128c907c63db7b3f995cbb17eb67a973a8abc7e567cac4229889df1535/detection

databasecontrol.xyz

# Reference: https://www.virustotal.com/gui/file/253a4539177c2e6617a98571a87211a364d1a9d6dee454589548a6413db23be5/detection

datamon.cc

# Reference: https://www.virustotal.com/gui/file/03830b7509fe6e46ea89d7fe60f732120cca1501473c5fc477e2d96b01f7f050/detection

gfxapanbnqd4jhf.pw

# Reference: https://www.virustotal.com/gui/file/64d7ba13bf3e525fc99988f742b751c9df4431af7b26a7d6cdb3191218648517/detection

ggtyyu.pw

# Reference: https://www.virustotal.com/gui/file/47019ee43e1682cdcdabda06ba450642be49b241416da1331917726cf6e565b8/detection

hostisgerhg.tk

# Reference: https://www.virustotal.com/gui/file/e677eb033d3676db1d9beae7fa1d392fef40cf0950f862108609ff25b25a4642/detection

kepler071.site

# Reference: https://www.virustotal.com/gui/file/c79a3bd6b7a37c9bf58d12a6c493e00df8413d6b68892f8c402fb34a8341aa5b/detection

lilldshar.space

# Reference: https://www.virustotal.com/gui/file/b2af96a978461c384d5efdb367b6d80028cee69d86b3cb3691b43e8a62721788/detection

masadproject.life

# Reference: https://www.virustotal.com/gui/file/02fc294d8a722633df5411062307978762ce56ed1b285cf1b388a5ca2df809f2/detection

onlinemseof.site

# Reference: https://www.virustotal.com/gui/file/0425eaee15de5550bb64838d9c3fb74071d83575362388c22d45e2385e996bbc/detection

pablopanuroere.pw

# Reference: https://www.virustotal.com/gui/file/0b3cf8e37e13a3100885a6a538da9244c72b0223501dc4f6b23929204c8d3361/detection

poiuytrewq2.site

# Reference: https://www.virustotal.com/gui/file/d1cf6edc0a27e9eadabbaacd1ec9650d6484f91556c5e81ed3b43923c4dfc1d0/detection

shlyapa.website

# Reference: https://www.virustotal.com/gui/file/9801abe4b5e3a68d376694c548d992fd1372df88299d3618b5d8c2b36c9530a4/detection

tgp.opcache.xyz

# Reference: https://www.virustotal.com/gui/file/e48514ff1736378e93832535b9c903655de96e48c5ae3ab2382ff3c8c016725c/detection

topteamover9000.fun

# Reference: https://www.virustotal.com/gui/file/d66df2e485a93c02470b99c6d4821f2f5a3bc7cde19d3ccec70d1f0dd874a66b/detection

travelgidblog.top

# Reference: https://www.virustotal.com/gui/file/fd991646249ed10695d429cac8df890dda694ba66df071469e047547df602a68/detection

watchmovie.life

# Reference: https://www.virustotal.com/gui/file/74465e9ad0ef9a1cce5f2e7485c20cb2f7d15cee1f224ac8629f68656febb39e/detection

xenicoln.gb.net

# Reference: https://www.virustotal.com/gui/file/169a4309780969168c4af528075bb4b1e2526f976ab572cdfa6ff3e13a009faa/detection

yrhealth.life

# Reference: https://github.com/cyberark/malware-research/blob/master/OskiStealer/IoCs.pdf

http://162.0.224.159
http://173.232.146.69
http://176.113.81.170
http://178.32.145.141
http://188.227.57.121
http://194.87.147.13
http://194.87.234.156
http://194.87.236.221
http://194.87.95.5
http://195.133.147.113
http://195.133.197.21
http://45.141.84.143
http://45.143.92.129
http://45.143.93.152
http://45.151.144.128
http://45.8.228.100
http://46.17.96.25
http://5.187.7.144
http://52.246.250.237
http://80.89.228.202
http://80.89.238.87
http://85.209.91.120
http://89.223.123.36
http://91.245.227.131
http://92.53.124.88

# Reference: https://app.any.run/tasks/1ba24008-9819-4fda-9098-d2e769715470/

http://65.108.155.192

# Reference: https://twitter.com/phishgalore/status/1490794416239489028
# Reference: https://twitter.com/JCyberSec_/status/1491008346505515015
# Reference: https://www.virustotal.com/gui/file/95573cc24f3901c938e84f9628359a9dcc816dd451809f5313a99fe8da2756b9/detection

bank-statement.xyz
freddomdomain.xyz
order-magento-admin.com
statement-scotiabank.com

# Reference: https://tria.ge/220202-w4cs6abagj/behavioral1

http://95.216.183.78

# Reference: https://tria.ge/220202-w4s55sbagl/behavioral1

uploaditem.xyz

# Reference: https://twitter.com/ViriBack/status/1492589247697719304
# Reference: https://www.virustotal.com/gui/domain/flashysoft.me/relations
# Reference: https://www.virustotal.com/gui/file/241d7ec7d8a462c1a9c4570be1ddcb744f38b9322635ed860219505054c7db25/detection

flashysoft.me
main.flashysoft.me

# Reference: https://app.any.run/tasks/75915cfb-9864-46c5-b673-20e0a8ec9409/

http://95.216.147.143

# Reference: https://www.virustotal.com/gui/ip-address/13.78.210.162/relations
# Reference: https://www.virustotal.com/gui/file/b9c74bca334747feac392bc96d57d870f1907ec6ec3062bd405c1df3ccc16b74/detection

bankkia.gq
dashgaa.tk
wellsfago.ga

# Reference: https://app.any.run/tasks/45ddee1d-5fc4-4c0a-859c-42b4fbc333d0/

http://94.130.174.62

# Reference: https://www.virustotal.com/gui/file/148c9a3fc02110a684dedd1af853b508bdab5eed766f9fadd15e910ae46b2b1f/detection

bestpolandhotels.com

# Reference: https://isc.sans.edu/diary/28468

bor4omkin.ru
dersed.com
sughicent.com

# Reference: https://www.virustotal.com/gui/file/0239bcbfae35cdefd367a9dc269287c92b666743018e45f6265495b43fbbb27c/detection

maurizio.ug

# Reference: https://www.virustotal.com/gui/file/034e8e297165eeb14372eea7a7e68756e561df39b84c5be924e542a36dee7418/detection

hubvera.ac.ug
prepepe.ac.ug

# Reference: https://www.virustotal.com/gui/ip-address/185.215.113.77/relations

agentt.ac.ug
agenttt.ac.ug
ailsom.ac.ug
andres.ac.ug
andres.ug
backgrounds.pk
bilbosaquet.ug
brice.ac.ug
colonna.ac.ug
colonna.ug
conthruian.ug
courtneyjones.ac.ug
cracksmsa.ug
cvae.ac.ug
dancedance.ac.ug
danielmax.ac.ug
danielmi.ac.ug
darkangel.ac.ug
ddlakava.ac.ug
erolasa.ac.ug
erolbasa.ac.ug
gordonas.ac.ug
gordonhk.ac.ug
gordons.ac.ug
hanxlas.ac.ug
hsagoi.ac.ug
imobiles.pk
jamshed.pk
jonescourtney.ac.ug
kode.ac.ug
kodekode.ac.ug
kullasa.ac.ug
lastimaners.ug
lizzard.ac.ug
lizzzqua.ac.ug
lucab.ug
macakslcaq.ug
malcacnba.ac.ug
mantata.ac.ug
marcapinyo.ru
marcyovcx.ru
marianne.ac.ug
marketprice.pk
mastitisa.ac.ug
matisaas.ac.ug
matiti.ug
maurizio.ac.ug
mazooyaar.ac.ug
mazoyer.ac.ug
milsom.ac.ug
milsom.ug
moreirawag.ac.ug
myfidlerpro.ug
myhostiger.ug
myproskxa.ac.ug
nicolas.ug
nikahuve.ac.ug
nmorbertomo.ac.ug
nothinglike.ac.ug
omomom.ug
pakxkvad.ac.ug
pdshcjvnv.ug
playwell.ug
pretorian.ac.ug
pretorian.ug
puritaaxa.ac.ug
qwerty12346.ru
regay.ac.ug
saba.ac.ug
scarsa.ac.ug
scarsxa.ug
scouragae.ac.ug
sergui.ac.ug
taurus.ug
triathlethe.ug
underdohag.ac.ug
veronika.ac.ug
veronikaa.ac.ug
veronikac.ac.ug
viniscav.ac.ug
wellplayed.ug
zxvbcrt.ug

# Reference: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/vidar-malware-launcher-concealed-in-help-file/
# Reference: https://otx.alienvault.com/pulse/623c985eb2d2a96857e9985b

http://95.216.181.231

# Reference: https://twitter.com/Cyber_O51NT/status/1508819570588459017
# Reference: https://blog.morphisec.com/threat-research-mars-stealer
# Reference: https://www.virustotal.com/gui/file/6670b60de348f134151d4911e9714ee1cb3a51dd9d0f008b0fa2d42c796d2cfb/detection
# Reference: https://www.virustotal.com/gui/file/6b18a223ce8f1f42880a54809880cd5c3a6890955d2469b10ea771dab333871e/detection
# Reference: https://www.virustotal.com/gui/file/ab7e7d8594befb5a7137ec323db87a4aacfa64260327d61eee30626a760c3d5b/detection
# Reference: https://www.virustotal.com/gui/file/77148020b07fa69f4c68596f3132186975d7e289cff617ae9f4dab6806709807/detection
# Reference: https://www.virustotal.com/gui/file/0f2edca4bfbbde781da5438b0dec6f91e701588b854d66561be0f2d9d5074a78/detection
# Reference: https://www.virustotal.com/gui/file/8f925aa659cdab2466d2860dfc06d14d1c384c7a449683813db8d9219ed333c9/detection

http://185.212.130.47
http://193.56.146.66
http://5.45.84.214
http://66.29.142.232
http://82.146.63.54
http://91.92.128.35
telemeetrydata.cn
tommytshop.com
tonyshop312.com
/SCmygye1LE/FTOauwvCfJ/
/FTOauwvCfJ/
/SCmygye1LE/
/2BxXIkoySb.php
/8cPynL7Va1.php
/eglkAa6HG1.php
/gfattee933.php
/KNOuG8qeID.php
/tytfu656i7kuydgsjdsdu.php
/umO0HLhYp5.php

# Reference: https://www.virustotal.com/gui/file/8537e3492ed1da3a8c301853548e4ffb1e79906063e20ba237db9038121ae4a2/detection

http://45.9.20.31
/LD3F8IPgas.php

# Reference: https://www.virustotal.com/gui/file/56cf528c7b47eec296feb89c8314db85d81eaca55b96387360e0ec3e7b6caa1b/detection

f0649032.xsph.ru
f0649033.xsph.ru

# Reference: https://www.virustotal.com/gui/file/7e7b97d4785f8f237e996ba65d7369261071db6e66b796ad87a195d6caded887/detection

http://176.57.189.191

# Reference: https://www.virustotal.com/gui/file/1fc99227ff5f8d7548959ebabda2fdd4c9c51c3ee924e5494e70af307d8aafc5/detection

http://154.16.112.151

# Reference: https://twitter.com/0xrb/status/1511564992805761024
# Reference: https://www.virustotal.com/gui/file/4bcff4386ce8fadce358ef0dbe90f8d5aa7b4c7aec93fca2e605ca2cbc52218b/detection

http://194.87.218.39
/RyC66VfSGP.php

# Reference: https://twitter.com/0xrb/status/1511939521877000194
# Reference: https://www.virustotal.com/gui/file/813b776096fefc9a314814fc0a79019e50268ab598dd7257fc5f3cc438191d84/detection
# Reference: https://www.virustotal.com/gui/file/ff676d4c5f83c81b77d21b605866d45acde3e04f4cf9f2cf9180f154144a48b9/detection

250329.prohoster.biz

# Reference: https://www.virustotal.com/gui/file/f668f1ba25939689fb35e11e3c77f2824ede2373ebb48ec711bb99d11de3027b/detection

a0634004.xsph.ru

# Reference: https://twitter.com/fr0s7_/status/1512457923947114499
# Reference: https://www.virustotal.com/gui/file/ba981a94852325debf0e4b478266f6efd8e4e9c5b149fd9ad277be0be5045768/detection

http://95.217.244.41

# Reference: https://twitter.com/0xrb/status/1513739710765895681
# Reference: https://www.virustotal.com/gui/file/473c8b608a69a546da4510f610501bcac001e726699e75d8a15afd50ff66f460/detection

http://62.204.41.128
/81uBpsioYb.php

# Reference: https://twitter.com/0xrb/status/1513762639218118656
# Reference: https://www.virustotal.com/gui/file/309122794db2c8fd2ffd82c9770988297860a56116ce184be08da75b64d361f8/detection
# Reference: https://www.virustotal.com/gui/file/0f63b4b4659449eee766610af817b786e9cd7622743851cf7b71430613d7521b/detection

http://62.204.41.69
62.204.41.166:27688
/p8jG9WvgbE.php

# Reference: https://twitter.com/0xrb/status/1513747076714491905
# Reference: https://www.virustotal.com/gui/ip-address/2.57.186.176/relations
# Reference: https://www.virustotal.com/gui/file/455118a3a6c915e50ec4ff1133b51f24b1e080e3e591f42e41e144af0bdc7890/detection

cheapa.link
cheapb.link
cheapc.link
cheapd.link
cheape.link
cheapf.link
cheapg.link
cheaph.link
cheapi.link
cheapj.link
cheapk.link
cheapl.link
cheapm.link
cheapn.link
cheapo.link
cheapp.link
cheapq.link
cheapr.link
cheaps.link
cheapt.link
cheapu.link
cheapv.link
cheapw.link
cheapx.link
cheapy.link
cheapz.link

# Reference: https://twitter.com/Glacius_/status/1513861040605442052

http://195.242.111.168
/2s06lj04kybnr4ze.php

# Reference: https://twitter.com/0xrb/status/1515918645800882181
# Reference: https://www.virustotal.com/gui/ip-address/185.215.113.89/relations
# Reference: https://www.virustotal.com/gui/file/fd48ebb9c6da16d3f371ee0e1bd94c7027ffacb7b99d27e59c81c8504477fd60/detection

asdasgs.ug
beachwood.ug
courtneyjones.ac.ug
danwisha.ac.ug
hubvera.ac.ug
kodekode.ac.ug
ludivineemery.ac.ug
malayska.ug
marksidfgs.ug
marnersstyler.ug
mistitis.ug
rockphil.ac.ug
rockrock.ug
triathlethe.ug
underdohg.ac.ug
underdohg.ug

# Reference: https://twitter.com/0xrb/status/1516280842586566656
# Reference: https://twitter.com/0xrb/status/1517034682164334592
# Reference: https://www.virustotal.com/gui/ip-address/2.56.240.56/relations
# Reference: https://www.virustotal.com/gui/ip-address/2.57.187.224/relations
# Reference: https://www.virustotal.com/gui/ip-address/45.8.124.64/relations
# Reference: https://www.virustotal.com/gui/file/03989d0af03476f5611d18e2e8f6706be0d542707336c2b426035c78335f1328/detection
# Reference: https://www.virustotal.com/gui/file/c24d3ad6c8178c5066eea814986ce73e26d6ec2812fc6f56b0275eb68da0f6bb/detection
# Reference: https://www.virustotal.com/gui/file/6e304b4616eb9daa7da76d3c1894d5e62af10fe6dc3d6b2356518dbb1121d6b9/detection

jsdkca.link
jsdkcb.link
jsdkcc.link
jsdkcd.link
jsdkce.link
jsdkcf.link
jsdkcg.link
jsdkch.link
jsdkci.link
jsdkcj.link
jsdkck.link
jsdkcl.link
jsdkcm.link
jsdkcn.link
jsdkco.link
jsdkcp.link
jsdkcq.link
jsdkcr.link
jsdkcs.link
jsdkct.link
jsdkcu.link
jsdkcv.link
jsdkcw.link
jsdkcx.link
jsdkcy.link
jsdkcz.link

# Reference: https://twitter.com/0xrb/status/1516640874306088960
# Reference: https://www.virustotal.com/gui/file/18c7c5e7d5146bef12ead85598bf5d2c48ee5e6634d4769221d3e7712809f1ad/detection

xiskasment.com

# Reference: https://twitter.com/James_inthe_box/status/1517238542434414592
# Reference: https://app.any.run/tasks/f82a6efe-c21c-4949-8523-d3f2ad8be39c/

http://5.252.178.50

# Reference: https://twitter.com/James_inthe_box/status/1517262007795281920
# Reference: https://app.any.run/tasks/e6362786-dbeb-44ad-b62e-ddf6a6fe7c1c/

http://116.202.1.195

# Reference: https://www.virustotal.com/gui/file/9699bee0ae268555ceb77a02522f568229233284c9eb698209c03b05b1304b10/detection

http://139.177.176.177

# Reference: https://app.any.run/tasks/2bf3a7e1-f6a9-44dc-9d15-d9fa4f803e65/

http://195.201.250.209

# Reference: https://twitter.com/0xrb/status/1521717264311275520

http://185.104.114.24

# Reference: https://twitter.com/0xrb/status/1522455058520358912
# Reference: https://www.virustotal.com/gui/file/1fb1244bbc75553e090acf7f1dfc01f4283b428ac966364fad0d95bd1b967e61/detection

http://162.33.179.235
/gatero0m.php

# Reference: https://twitter.com/0xrb/status/1522450567473549313

micrwa.link
micrwb.link
micrwc.link
micrwd.link
micrwe.link
micrwf.link
micrwg.link
micrwh.link
micrwi.link
micrwj.link
micrwk.link
micrwl.link
micrwm.link
micrwn.link
micrwo.link
micrwp.link
micrwq.link
micrwr.link
micrws.link
micrwt.link
micrwu.link
micrwv.link
micrww.link
micrwx.link
micrwy.link
micrwz.link
/8sdd875.php

# Reference: https://www.virustotal.com/gui/file/0ed195ec728ae0cf1d028dfc6682e64f4355b3e33ce4de258f854701dce4ee61/detection
# Reference: https://tria.ge/220610-s2xtrshbb2/behavioral1

http://93.115.21.45
/gtaddress

# Reference: https://www.virustotal.com/gui/file/62a53b52eb3408052d19cace306452e9d3075618b4198e3e8c0beb7200da5886/detection

http://78.47.227.68

# Reference: https://twitter.com/c_APT_ure/status/1526268613367300096
# Reference: https://www.virustotal.com/gui/file/6852472f4d85443563b226cc8dd1adfc7b005d094071eb460681af0830d10a16/detection
# Reference: https://www.virustotal.com/gui/file/b9106d6ef93fa8f25f43b1fb0b4fe6e29b1afb44844159a22bd5fa23ddaebe1f/detection
# Reference: https://www.virustotal.com/gui/file/e106f33cb1f8c26b6211611bd22fcaced5d1c88700670c8b477827f9e00a8b3f/detection

http://23.95.52.191

# Reference: https://www.virustotal.com/gui/file/05a3028bc4f10ff3387b486c171178f7d5a4864de59f6693d2dcbdae035820d1/detection

http://95.217.244.73

# Reference: https://www.zscaler.com/blogs/security-research/vidar-distributed-through-backdoored-windows-11-downloads-and-abusing
# Reference: https://otx.alienvault.com/pulse/62876ce0115d3177c23d5d74

ms-teams-app.net
ms-win11.com
win11-serv.com
win11-serv4.com
win11install.com
ms-win11.midlandscancer.com

# Reference: https://www.virustotal.com/gui/file/00068c42aca308063416f2ab531c218bd8c6b960fe727064f03cfda101f9c746/detection

http://162.55.213.180

# Reference: https://www.virustotal.com/gui/file/0290fd4f9c7240911d9051f76167a75dd78834e6a03faf6b09aeae21ff3094db/detection

backgrounds.pk
gadem.ug
lcjvkdfas.ug
zaragoza.co.ug
zaragozsa.ug

# Reference: https://www.virustotal.com/gui/file/f6a58d46a92e7739388cd9e1c0df2800af70169a6df2a19b8c1b96defeed902e/detection

2tril.com

# Reference: https://app.any.run/tasks/67322566-fff2-4a64-a5b8-405599618c7d/

http://107.189.13.22

# Reference: http://lists.emergingthreats.net/pipermail/emerging-sigs/2022-May/030670.html
# Reference: https://www.virustotal.com/gui/file/7093aba8ae03275caab7372a7d56172df1716120d477dc276ee9f0b08816bd0c/detection

aztkiryhetxx.ru
ckrddvcveumq.ru
cugdwpnykghx.ru
dvizhdom.ru
dwrfqitgvmqn.ru
rhjebiuujydv.ru
rwwmefkauiaa.ru
sanlygeljek.ru
sinelnikovd.ru
wzqyuwtdxyee.ru
zpuxmwmwdxxk.ru
zyzkikpfewuf.ru

# Reference: https://www.virustotal.com/gui/file/8bf5a6be286efa5c7871d287a80120fc48a3744bd2a6a3764834082b95e68674/detection

cenlar.cc

# Reference: https://tria.ge/220602-rf2p6acaaj/behavioral1

http://107.189.11.124

# Reference: https://twitter.com/BlackLotusLabs/status/1532795523329052672
# Reference: https://www.virustotal.com/gui/file/78456112caae4c00fa66e6f9c7474331a2befe795a75a7313d4e0770196a0b35/detection

http://116.202.187.69

# Reference: https://www.virustotal.com/gui/file/005c0f50f1b90558975f0c63b23fc35b0493ea596a9c5e051c2f26dc3ca977e0/detection

http://185.9.41.83
http://212.110.132.195
http://77.232.41.206

# Reference: https://www.virustotal.com/gui/file/005c0f50f1b90558975f0c63b23fc35b0493ea596a9c5e051c2f26dc3ca977e0/detection

http://2.57.122.82

# Reference: https://tria.ge/220609-ztaslagec8/behavioral1

http://194.156.98.151

# Reference: https://www.virustotal.com/gui/file/12e81b998b37955c4e028a9f46378b8b664646e3cc5f177a867321c54af30ca3/detection

http://194.180.174.180

# Reference: https://www.virustotal.com/gui/file/ead121e4d007085adb42edd61c3328aa728fa2c1d7c78e77ceb64f999f7323e3/detection

ratinonanuere.pw

# Reference: https://www.virustotal.com/gui/file/037b340417857e618b37cfc3c6b4e6d01717ca0cedfaf57c4d98f368f432f10d/detection

recmaster.ru

# Reference: https://www.virustotal.com/gui/file/03d90fc0c0da8275035336d823f053a84ef50ab82aa0d2bba0722bb9e32a5627/detection

martinlloyd.net

# Reference: https://tracker.viriback.com/dump.php (2022-07-11)

http://13.58.70.215
http://185.4.65.70
http://188.212.124.14
http://193.203.238.120
http://194.233.168.238
http://194.87.218.26
http://195.242.110.71
http://45.130.104.128
http://45.138.157.227
http://62.204.41.103
http://62.204.41.179
http://62.204.41.223
http://80.79.114.182
http://91.243.44.99
http://94.142.141.235
a0626884.xsph.ru
anderd2w.beget.tech
blitzhost.ga
dashgaa.ml
ericfatima.beget.tech
f0623459.xsph.ru
ida-ayu.com
img.futanari-toons.com
mars.cryptominingpioneer.com
mars22.cryptominingpioneer.com
nationalspaceforceusaaainc.com
pashiudsa.com
share.softwareshare.me
tracey991.beget.tech
truehempbiz.com
zl3fh9x1.beget.tech
/5Ou97MmeyI/
/5Ou97MmeyI/login.php
/SCmtgye1LE/
/SCmtgye1LE/login.php
/c0XEaQ58yT/
/c0XEaQ58yT/login.php
/deAGgwt1R7/
/deAGgwt1R7/login.php
/yugYFTr5u6uytJgfj/
/yugYFTr5u6uytJgfj/login.php

# Reference: https://tria.ge/220531-s91kmafcgl/behavioral1

http://78.47.74.118

# Reference: https://tria.ge/220715-rnvltacbhl/behavioral2

http://45.144.29.243

# Reference: https://twitter.com/ViriBack/status/1549905970905612290

http://185.104.114.24
http://146.190.235.63
http://185.4.65.203
http://193.124.22.9
http://87.120.37.42
http://94.102.57.150
http://94.124.78.161
chicvvdon.lol
goldrushaw.ug
moneyd.link
renox.lol
superfilmes.cf
topababa.us
data.topababa.us

# Reference: https://twitter.com/idclickthat/status/1551249542783328257
# Reference: https://tria.ge/220724-ttq7paafbm/behavioral1

http://185.53.46.199
zidclouzby2.xyz

# Reference: https://app.any.run/tasks/da232c24-a63c-4378-ae30-f3305fd0334e/

http://95.217.244.216

# Reference: https://twitter.com/ViriBack/status/1554137490872799233
# Reference: https://tria.ge/220801-str9baahe3

atomic-wallet.net
/marsword/gate.php

# Reference: https://www.virustotal.com/gui/file/c1f6d80c29bdb4c6939dcd898e17d868859def5a9ed463044115728e193168d9/detection

lamol.ddns.net

# Reference: https://twitter.com/ViriBack/status/1555348941834698758

moneya.link
moneyb.link
moneyc.link
moneyd.link
moneye.link
moneyf.link
moneyg.link
moneyh.link
moneyi.link
moneyj.link
moneyk.link
moneyl.link
moneym.link
moneyn.link
moneyo.link
moneyp.link
moneyq.link
moneyr.link
moneys.link
moneyt.link
moneyu.link
moneyv.link
moneyw.link
moneyx.link
moneyy.link
moneyz.link
/8sd87v7.php

# Reference: https://www.virustotal.com/gui/file/75e886f21527f32fb230ba37cfef2271279a41c6b72e57a63223eb10367be928/detection

116.202.183.213:1080
95.217.246.200:1080

# Reference: https://twitter.com/0xrb/status/1557289524006293504
# Reference: https://www.virustotal.com/gui/file/246b27e609ebd8a1ec31b9667addf3b262d6487602209baa9b32c54539a28031/detection

http://193.106.191.146
194.5.98.107:6968
beachwood.top
beachwood.ug
charisma.ac.ug
goldrushaw.ug
kalskala.ac.ug
malayska.ug
mariah.pk
nikahuve.ac.ug
parthaha.ac.ug
safetygear.pk
safetygear.top
scientific.pk
tuekisaa.ac.ug
vsongs.pk
wiwirdo.ac.ug
/kanorgate.php

# Reference: https://twitter.com/fumik0_/status/1559474920152875008
# Reference: https://twitter.com/ViriBack/status/1559523902082224128
# Reference: https://www.virustotal.com/gui/file/9f90081674303197706584dd91a9b37dc9399c499b466ef7a4e5d55a8145f844/detection
# Reference: https://www.virustotal.com/gui/file/7873dddec4a46e7ad104de9b6bd68f590575b7680a1d20b9fe1329d1ad95348f/detection

safe-car.ru

# Reference: https://twitter.com/ViriBack/status/1562797767592136704
# Reference: https://tria.ge/220825-qn96tsdfap/behavioral1
# Reference: https://www.virustotal.com/gui/file/cdbbca5bc9428b5e403f4af071affbfe74b90c1b3244908bb0470d214f080205/detection
# Reference: https://www.virustotal.com/gui/file/a77d1a409ec71c1f9c90d1b632edb29c11a043bcb05ffef05c3ef5688e10cea5/detection

http://176.10.118.235
housewall.xyz
kanban.housewall.xyz
mars.housewall.xyz
n8n.housewall.xyz
traefik.housewall.xyz
trilium.housewall.xyz

# Reference: https://www.virustotal.com/gui/file/09fb6bb883ca633aa0aa3eea9735d8b041b3cdfa03a49fa12a32896968708d96/detection

kmwekek.link

# Reference: https://www.virustotal.com/gui/file/017c70f1af4f0b70d2b4aa5ae0b64c883d29aeb9a995cfe725b52c62a8cf3c0e/detection

werido.ug

# Reference: https://otx.alienvault.com/pulse/630cb63d30d8b469b2a6a1c7
# Reference: https://www.virustotal.com/gui/ip-address/45.143.201.4/relations

boundertime.ru
cointra.ac.ug
ftp.backgrounds.pk
ftp.nicoslag.ru
goldrush.ug
goldrushaw.ac.ug
hopeforhealth.com.ph
mail.charisma.ac.ug
mail.goldrush.ug
mail.goldrushaw.ac.ug
mail.goldrushaw.ug
mail.karimgousa.ug
mail.marnersstyler.ug
mail.mistitis.ug
mail.mofdold.ug
mail.opsdjs.ug
mail.partaususd.ru
mail.safetygear.pk
mail.scientific.pk
mail.wiwirdo.ac.ug
mofdold.ug
momomolastik.ug
movesc.top
nicoslag.ru
ns1.asdsadasrdc.ug
ns1.backgrounds.pk
ns1.goldrush.ug
ns1.karimgousa.ug
ns1.marnersstyler.ug
ns1.mistitis.ug
ns1.mofdold.ug
ns1.partaususd.ru
ns1.safetygear.pk
ns1.scientific.pk
ns1.triathlethe.ug
ns2.asdsadasrdc.ug
ns2.boundertime.ru
ns2.goldrush.ug
ns2.marnersstyler.ug
ns2.mistitis.ug
ns2.qwertzx.ru
ns2.safetygear.pk
ns2.scientific.pk
partadino.ac.ug
partaususd.ru
phila.ac.ug
pjjot.top
pop.backgrounds.pk
pop.cracksmsa.ug
pop.partaususd.ru
qd34gf23ewrfsd1233.ru
qwertasd.ru
raphaellasia.com
rbcxvnb.ug
smtp.backgrounds.pk
smtp.qwertzx.ru
thatstraveling.ac.ug
timebounder.ru
tugusino.ru
wewilltoptheearth.top

# Reference: https://www.virustotal.com/gui/file/f0b1c1bef9f65f6a69d2fa3211fffae43afdbb144bf24fd1d889a26fbcbcfafb/detection

http://116.202.180.202

# Reference: https://www.virustotal.com/gui/file/40ac4d8ee624e824ca4b6fe0cc01df13a36d31ca53036c1e0f963cefa7ed8948/detection

http://107.189.31.171

# Reference: https://www.virustotal.com/gui/file/01d692761b0698f1246ab16aaf09f74e7801a26a271405028c2771366008c363/detection

http://74.119.192.241

# Reference: https://www.virustotal.com/gui/file/0a7682c0607e0fcb3580d28aec0e3439d6eae0cde1ab3359832046f7f33cdb0f/detection

http://94.130.188.151

# Reference: https://www.virustotal.com/gui/file/616cfd724afe8376aae36c9f065ebdf0a17590c0d1b71c95d6b1d960091807a6/detection
# Reference: https://www.virustotal.com/gui/file/32d081287ed11af4a7cec2a17e44885fd80d8770a4b1ef21da009e68f97bf9b6/detection

brainstormvc.me
niemannbest.me
smkn3depok.com
topniemannpickshop.cc

# Reference: https://www.virustotal.com/gui/file/091ffa54f241270aea68cbb9fa0aea580ad3b800f544200b6908022cc3c28e4a/detection

opzspqwkz.ru

# Reference: https://twitter.com/WhichbufferArda/status/1569412764543713281
# Reference: https://www.virustotal.com/gui/file/bfd72bdd4ab311acd0e05211cb01f8671d358540201eb200f613fd80b62291f0/detection

http://5.161.155.121
evetesttech.net

# Reference: https://twitter.com/idclickthat/status/1569679280761626626
# Reference: https://twitter.com/idclickthat/status/1570399267977859074
# Reference: https://twitter.com/idclickthat/status/1570783889827983362
# Reference: https://twitter.com/1ZRR4H/status/1570626623241846787
# Reference: https://tria.ge/220916-enhk2aefa4/behavioral1

http://5.252.22.196
pdf-edit.online
pdf-editor.online
pdf-editor.top
zoom-us.top

# Reference: https://twitter.com/idclickthat/status/1569350142230204421

zoom-download.fun
zoom-download.host
zoom-download.space
zoomus.host
zoomus.tech
zoomus.website

# Reference: https://tria.ge/220922-vp5pysfgdn

mars.haksanlogistics.com

# Reference: https://tria.ge/220922-vqawzacac6

gemkan.online
gg.gemkan.online

# Reference: https://twitter.com/1ZRR4H/status/1575364121893158916
# Reference: https://www.virustotal.com/gui/file/06d1366df3628a010416384f7c77c493ac35f13ee05e010751708d681ebe5169/detection

http://116.202.2.236
http://5.161.21.185
/trampapanam

# Reference: https://tria.ge/220929-vejpqsbeb6/behavioral1

765mm.xyz

# Reference: https://tria.ge/220916-sgqjysbgdr

dimonbk83.tumblr.com

# Reference: https://www.virustotal.com/gui/file/0b7410c41dd49a7a43487fa0e56f5b336951609e67b873d5cdd70632a954b4a8/detection

ludivin.ac.ug
markinda.top
markinda.xyz
mckawwrsa.ac.ug
muylove.ac.ug
partiad.top
partiad.xyz
tuekisa.ac.ug
wishamag.ac.ug

# Reference: https://twitter.com/ViriBack/status/1575637648911192064

http://142.11.252.64
http://23.137.249.61
http://37.46.135.174
http://74.201.28.165
babycookie.net
linkappa.link
linkappb.link
menfkkf.link
xlsxexcelviewer.cf
banta.xlsxexcelviewer.cf

# Reference: https://twitter.com/Gi7w0rm/status/1575851139425177600
# Reference: https://tria.ge/220930-q699jsefbr/behavioral1

http://5.182.36.79
http://94.131.97.143

# Reference: https://www.virustotal.com/gui/file/371384518223a80ff5381a728ba1e4f846c93713bb39bc80fb2d95cdd8158241/detection
# Reference: https://www.virustotal.com/gui/file/487723e00df8d7f8bfdb57614fa32001f2addc6be9576005b04f1dff53710634/detection

o.oteqprojects.co.in
v.oteqprojects.co.in

# Reference: https://tria.ge/221014-wdxewadhg3/behavioral2

http://77.73.133.31

# Reference: https://www.virustotal.com/gui/file/fcf421952d84ded2ae3c64d60e404be047df6bbf7c126286d673301ea9639296/detection

http://5.161.120.43

# Reference: https://www.virustotal.com/gui/file/cb0fed1d298a0c7762cc0e97262788840d7d82f9f73b83832a1d61b16456bac1/detection

http://94.131.96.16

# Reference: https://www.virustotal.com/gui/file/c834c1de44e284183d5a90eda6835c4d5b4da809ea513b22876422865ae5fa90/detection

http://23.88.115.141

# Reference: https://twitter.com/idclickthat/status/1580635156016410624
# Reference: https://tria.ge/221013-t6pjmadfb3/behavioral2

exoduswallet.app

# Reference: https://twitter.com/idclickthat/status/1579245116296138752
# Reference: https://tria.ge/221009-2l4rtaacer/behavioral3

http://213.252.245.80
desktoptrading.store
tradingviewcheck.com
tredingveiws.com

# Reference: https://www.virustotal.com/gui/file/13c98b46764978f5261ed939fdc46c17f4fbc5eb382ab9ca795cb773c0e5bb55/detection

http://45.15.156.60
http://49.12.196.69
nanoplow.space

# Reference: https://tria.ge/221024-qapb7sgfe8

http://45.159.249.181
http://45.8.145.85
http://77.91.123.173

# Reference: https://twitter.com/idclickthat/status/1584541335415312384
# Reference: https://tria.ge/221024-qktdxaggc3/behavioral1

http://45.15.156.81
allbestcrack.pro

# Reference: https://twitter.com/idclickthat/status/1584584590982664193

garminexpress.art
garminexpress.homes
garminexpress.skin

# Reference: https://twitter.com/JAMESWT_MHT/status/1584595337339338752

logitech-ghub.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1584591876170330113

http://45.89.54.52

# Reference: https://twitter.com/l205306/status/1584569524137127936

allsofts.cloud
allsoftwarefou.com
byxdeoner.me
freesoft.digital
kokoasoft.com
winsofts.cloud

# Reference: https://twitter.com/idclickthat/status/1584586589598285825
# Reference: https://tria.ge/221024-th4zeahegn/behavioral1

http://167.235.62.106
baiaveloz.com
tensoft.org
tm.baiaveloz.com

# Reference: https://twitter.com/l205306/status/1584742172934688769

expertsoft.org
software-plus.space

# Reference: https://www.virustotal.com/gui/file/00221666dec1a50f08ed21af02c42150b8d75203e7b86f2a17080a8df5ea9af4/detection

http://195.201.255.186

# Reference: https://twitter.com/l205306/status/1584827015835680768

eazzysoft.com
newsoftman.com
nigmasoftware.site

# Reference: https://twitter.com/l205306/status/1584858330216173568

anysoft.site
wh1tesoftware.me

# Reference: https://twitter.com/l205306/status/1585064152166699008

byxdeoner.net
soft-pro.site
softwareplanet.website
teensoft.org

# Reference: https://twitter.com/r3dbU7z/status/1584714345153728512

http://135.181.168.27
http://144.24.197.26
http://162.247.152.190
/frBjrtz56Urt/
/tkK30UgdT6/
/17sh9j0q9nrz2iqj.php
/1kk52amkkoyzw9oq.php
/1xphi615sno1jmx9.php
/2xfc11rpcncdfk7z.php
/32xaywoipobq5v5v.php
/41szxukxx0vtv9ee.php
/jgkgugyfdftytf.php
/qtnqpx3zkscm0d8c.php
/uh9mbmc2i054omv6.php

# Reference: https://twitter.com/l205306/status/1585250164922814464
# Reference: https://twitter.com/JAMESWT_MHT/status/1585263428935073793

http://78.47.204.168
allsoftware.cloud
soft-exp.org
softlab.fun
softload.tech

# Reference: https://twitter.com/l205306/status/1585595687441661953

appshigha.com
cracked.guru
placeofreesoft.com
soft-free.space
softcloud.link
softwareorlando.com
unisoft.store
vexonex.com
windsoft.cloud

# Reference: https://twitter.com/SquiblydooBlog/status/1585940710007705602
# Reference: https://tria.ge/221028-l6wc6sfcd5/behavioral12

http://88.119.169.42
soft-portal.site

# Reference: https://www.virustotal.com/gui/file/6855c3be8f4527b0e7da660b812ed882474bb274583850c856121fd5e123b224/detection

http://5.252.178.82

# Reference: https://twitter.com/milannshrestga/status/1581662855203782656
# Reference: https://tria.ge/221016-sbkrhshfbm

decenlral-games.pro

# Reference: https://tria.ge/221030-a87y7sebf5/behavioral1

http://95.216.182.145

# Reference: https://twitter.com/SquiblydooBlog/status/1587122203375575053
# Reference: https://tria.ge/221031-tq57facccr/behavioral2

http://89.185.85.63

# Reference: https://www.virustotal.com/gui/file/03f732ed336f06dc381f0a60bee3a77905a073096eb7fb20fa45a56d37f7638c/detection

http://116.202.5.121

# Reference: https://www.virustotal.com/gui/file/a041839327295fde3df12ea61374abd19c4499b87e211757c593179d6a6870d1/detection

http://95.216.181.10

# Reference: https://twitter.com/1ZRR4H/status/1575364101148114944

fortinetq.com

# Reference: https://twitter.com/crep1x/status/1589721461882617857
# Reference: https://threatfox.abuse.ch/browse/tag/Vidar/

http://104.128.190.89
http://104.223.0.115
http://104.223.0.117
http://107.175.40.57
http://116.203.15.149
http://116.203.182.209
http://116.203.7.175
http://138.201.90.120
http://146.19.233.108
http://162.55.221.218
http://167.235.137.244
http://176.126.113.111
http://176.126.113.99
http://185.130.47.169
http://185.142.238.113
http://185.181.165.49
http://185.203.117.83
http://185.213.209.142
http://185.214.10.114
http://185.214.10.153
http://185.214.10.174
http://185.225.19.47
http://185.25.50.127
http://185.25.51.238
http://185.25.51.36
http://188.34.207.6
http://193.38.54.108
http://194.87.31.140
http://195.133.40.163
http://195.201.251.82
http://195.201.252.190
http://195.201.253.169
http://195.201.253.5
http://198.251.89.96
http://213.170.133.117
http://213.170.133.153
http://213.170.133.163
http://213.170.133.36
http://213.252.244.136
http://213.252.244.137
http://213.252.244.247
http://213.252.244.86
http://213.252.245.100
http://213.252.245.66
http://213.252.246.218
http://213.252.246.230
http://213.252.246.243
http://213.252.247.107
http://42.186.202.116
http://45.136.50.120
http://45.142.212.155
http://45.142.213.52
http://45.142.213.7
http://45.150.64.207
http://45.153.230.169
http://45.153.230.241
http://45.8.145.83
http://45.8.146.18
http://45.8.147.23
http://45.8.147.74
http://45.86.229.188
http://45.87.154.35
http://45.89.55.118
http://45.89.55.154
http://45.89.55.158
http://45.89.55.159
http://45.89.55.174
http://45.89.55.176
http://45.89.55.177
http://45.89.55.82
http://45.92.156.110
http://45.92.156.133
http://49.12.72.35
http://5.182.39.134
http://5.182.39.216
http://5.182.39.224
http://5.252.177.45
http://5.252.177.9
http://5.252.21.207
http://5.252.23.34
http://5.253.18.213
http://5.253.18.70
http://5.253.18.96
http://51.195.166.165
http://62.204.41.126
http://64.44.167.153
http://64.44.177.137
http://64.44.61.136
http://65.108.210.122
http://65.21.189.158
http://65.21.63.71
http://69.161.221.169
http://72.18.215.185
http://72.18.215.195
http://72.18.215.223
http://74.119.195.129
http://74.119.195.180
http://77.75.230.160
http://77.91.123.253
http://77.91.73.17
http://77.91.73.44
http://78.47.148.33
http://79.124.78.206
http://79.137.195.130
http://79.137.204.163
http://79.137.204.167
http://80.71.157.152
http://80.71.157.165
http://80.71.157.209
http://80.89.229.62
http://80.92.206.65
http://80.92.206.80
http://82.115.223.60
http://82.180.132.54
http://85.239.62.233
http://88.119.169.102
http://88.119.170.155
http://88.198.175.205
http://88.198.74.87
http://88.198.89.6
http://89.185.85.145
http://89.185.85.63/
http://94.131.100.124
http://94.131.107.124
http://94.131.107.38
http://94.131.109.10
http://94.131.109.112
http://94.131.109.113
http://94.131.109.139
http://94.131.109.217
http://94.131.109.35
http://94.131.109.45
http://94.131.109.46
http://94.131.110.20
http://94.131.110.42
http://94.131.97.111
http://94.131.97.119
http://94.131.97.136
http://94.131.97.153
http://94.131.98.4
http://94.158.244.125
http://94.158.244.79
http://95.216.174.64
http://95.216.180.168
http://95.216.181.211
http://95.216.181.82
http://95.216.182.219
http://95.216.182.38
http://95.217.102.102
http://95.217.214.231
http://95.217.242.151
http://95.217.242.155
http://95.217.244.42
http://95.217.245.107
http://95.217.245.254
http://95.217.246.41
http://95.217.27.155
http://95.217.27.160
http://95.217.29.33
http://95.217.31.129
12ewsdf.one
23ntrolandcon.cfd
4r8uhzs3e.click
5tfgbgf6yjhg.cfd
6ha7e7ws.cfd
6tgghf3ec2ws.cfd
7uhjedf3e.click
7uyh9i1qws4r.click
9d8pc33h.cfd
9ik4rfu85tg.cfd
ada09sch.cfd
arentsconti.cfd
arkableco.cfd
arytotheo.cfd
as45vfrt8.one
aswe45bju.one
azsdef7ujh.click
b7hk59vz.cfd
b86yht6.cfd
bg6buj3q.cfd
bgfd3w7uj.click
bgt5hy7ju87.cfd
bgy6trfdx.click
bitclandng.click
btiku5c6x.cfd
btr65kaq1.one
byrokilandn.xyz
c34f5tybc.one
casaufixco.click
cfr45tfg.cfd
d23c06na.one
ddrtg0oikt.click
de3bgt54.cfd
dea6e67jp.cfd
downloadish.us
dyacosm.cfd
edtoal.cfd
encfavestan.xyz
eri39fg.one
erseyata.cloud
f34g56y.one
fe34rfhg5tf.cfd
fezulandg4.click
fithsthef.cloud
g4rty6b.one
geclandz.click
get4pc.click
get4pcsoft.click
getpccrack.click
getpcsoft.click
gt5juy76u87.cfd
gtb7cd8x6.cfd
h45iuy7.one
hagxoferz.click
hu8jki8.cfd
ichitisthel.cfd
ijmnhxd5t.click
ikr2c8jw.cfd
ilandonserc.xyz
inneroft.cfd
isticdiversi.cfd
j5tg3ed.cfd
j8f7bgmm7.cfd
j9bvc1z.one
k56tyui.cfd
kitonestvo.xyz
kmnh6tg43ed.click
kuygvdt5tg.click
l9eg69oik.cfd
landkemoty.click
laodosmart4.xyz
ledoffamaj.cloud
loi87ygvcx3e.cfd
lsknf45vgh.click
mekaofland.click
mlwsx6ygh.click
monitorcrack.click
mqw60ct.cfd
mylandng00.click
myprob1go.click
mysolandg.click
mzhuto2j.cfd
n6j7ujhg.cfd
nhgfr7yh.click
nhgtr46t.cfd
nlondono.cfd
nthenorth.cfd
ntiquityan.cfd
nug5i3tv.cfd
nyt67dfa.one
oldlands1t.xyz
onwalloniai.cfd
p4pentsh0.click
pa12cqxe.one
pccracking.click
qa5nhg6tygh.cfd
qwvmgj82cvm.cfd
qyqevqvig.cfd
r6hsv2gxd.cfd
redirectwar.org
rerecorded.cfd
rfj87lmj.one
rtheidicona.xyz
s584d3v3s.cfd
sapported.xyz
sb244iuy.one
scribedth.cfd
securedownload7.xyz
securedownloadcheaker.xyz
semalop98w7.cfd
semarewwdw7.cfd
solsw98w7.cfd
sooswa8w7.cfd
ssu810der.one
sujghwdtb.cfd
sw2gt5.cfd
swqtglk8u.click
t1nkabyt.click
t2dwsm3v.cfd
taknoce11.click
tandflick.cfd
ther878ha.cfd
thismataln.click
tikalandof.click
tp4mtmoaj.cfd
tqbnb8c2f.cfd
trikbozm3.click
trolboatvasilyb.xyz
tsorequiva.cfd
ujhg6yhgdc.click
upfcraf.cfd
uralposition.cfd
v5tr6yfr.one
verei67gn.cfd
vfews23pl.click
vffgt67yu.cfd
volpsolkpas7.cfd
w34cf5t.one
weokd09rt.one
withylndng.click
x4rt45tgf5g.cfd
xg4x7yzy.cfd
xr45tyui.cfd
y29se10.one
youcolandrz.click
ysystemw.cfd
zxcv6yhg.cfd

# Reference: https://twitter.com/crep1x/status/1590044609757220864

downloadadri.us
downloadbea.us
downloadcog.us
downloadex.us
fileaza.us
filebia.us
filecheck.us
filecore.us
filecyber.us
fileddev.us
filedigital.us
filedock.us
fileegy.us
fileella.us
fileex.us
fileflash.us
fileloop.us
filemodel.us
filenetwork.us
fileoperator.us
filespire.us
filetetra.us

# Reference: https://twitter.com/AuCyble/status/1590306688447709185

msi-afterburnerr.com

# Reference: https://twitter.com/AuCyble/status/1590304696576901120

meta-trader4.net

# Reference: https://twitter.com/AuCyble/status/1590305538335985667

tradingview10-download.top

# Reference: https://www.virustotal.com/gui/ip-address/193.106.191.169/relations

badhabits.ug
bratiop.ru
gorillaglue.ug
itomail.ug
marcaka.ac.ug
maripos.ac.ug
movescx.top
mylupaslc.ug
wewilltoptheworld.top

# Reference: https://cert.gov.ua/article/2724253 (Ukrainian, UAC-0118, FRwL, Z-Team)

http://185.96.163.102
http://193.43.146.42
advanced-ip-scanner.click
advanced-ip-scanner.site

# Reference: https://twitter.com/idclickthat/status/1593634378898296833
# Reference: https://twitter.com/1ZRR4H/status/1593636426234691590
# Reference: https://www.virustotal.com/gui/ip-address/116.202.5.101/relations

http://116.202.5.101
http://95.216.178.160
citrix-download.online
citrix-download.site
citrix-download.store
citrix-download.tech
citrix-download.website

# Reference: https://threatfox.abuse.ch/browse.php?search=malware%3Avidar

http://116.202.2.1
http://116.202.3.228
http://138.124.180.85
http://141.98.169.146
http://146.70.86.32
http://167.99.129.200
http://176.57.69.149
http://178.159.38.91
http://178.23.190.60
http://185.138.164.149
http://185.138.164.179
http://185.165.188.49
http://185.231.205.200
http://185.231.205.242
http://185.250.148.238
http://188.119.112.11
http://188.119.113.36
http://191.96.53.183
http://191.96.53.184
http://193.57.138.18
http://193.57.138.19
http://195.201.252.143
http://212.192.31.130
http://213.142.146.83
http://45.8.144.232
http://45.8.147.191
http://45.83.122.248
http://45.9.190.250
http://45.9.191.215
http://5.252.22.61
http://51.195.166.198
http://74.119.195.192
http://74.119.195.230
http://77.83.173.96
http://77.91.73.95
http://79.137.205.25
http://79.137.205.26
http://79.137.205.27
http://85.208.136.233
http://85.31.44.207
http://88.119.169.106
http://88.119.169.107
http://88.119.169.119
http://88.119.170.143
http://88.198.207.120
http://88.99.120.225
http://89.185.85.232
http://94.131.110.120
http://94.131.97.179
http://94.131.98.3
http://94.131.98.65
http://94.131.98.66
http://94.131.98.67
http://94.131.98.68
http://94.131.98.77
http://94.131.98.78
http://94.131.98.85
http://94.158.244.15
bebrasoft.com

# Reference: https://www.virustotal.com/gui/file/08b2434fa33b35c428fb85e938fed0d6d715b5e46806bbe2d130ebb0ed2df614/detection

mars1877.duckdns.org

# Reference: https://www.virustotal.com/gui/file/8864cd7cbc654d6a0abd75fe8152562f1a9837122bf829832fb4093be252b2e2/detection

http://88.198.106.9
http://95.217.29.31

# Reference: https://twitter.com/idclickthat/status/1597263364538789889
# Reference: https://tria.ge/221128-txx5eagh38/behavioral1

http://49.12.113.223
http://95.217.29.31
audacitya.org
autodeskst.com
bravebrwsr.com

# Reference: https://twitter.com/crep1x/status/1596960278859481088

http://95.217.31.208
mesoft.tech
selfware.net
tensoft.me
thepcworld.pro

# Reference: https://twitter.com/crep1x/status/1598012204233920513

http://153.92.221.169
http://178.23.190.20
http://213.226.100.34
anydesk.ltd
anykdesk.com
bravebrovvser.com
meegans.com
onytesk.com
teligrum.org

# Reference: https://www.virustotal.com/gui/ip-address/51.91.209.190/relations
# Reference: https://www.virustotal.com/gui/file/845e36305916034b608e82c5c4891112c1facfcd9151346e9abda8e0c1447fac/detection

arbetfroll.pw
arbetfrolli.pw
cheakendinner.xyz

# Reference: https://twitter.com/Gi7w0rm/status/1599702328558247937
# Reference: https://tria.ge/221130-n4s65sha45/behavioral1

http://88.198.77.204

# Reference: https://twitter.com/crep1x/status/1600129411629473792

http://195.201.250.87
http://195.201.255.246

# Reference: https://twitter.com/crep1x/status/1600839833114800129
# Reference: https://twitter.com/abuse_ch/status/1600855987946016768
# Reference: https://tria.ge/221208-p35zzsda5x

http://142.132.236.84
http://95.217.25.31
blendres.us
braveappbrowser.us
mslaftrebunrer.us
nvidiaexpirianse.us
obcproject.us

# Reference: https://twitter.com/l205306/status/1600861214485417985

coronasfree.com
freesoftwarelab.org
tensoft.store
x-soft.re

# Reference: https://twitter.com/idclickthat/status/1602678773236858882
# Reference: https://www.virustotal.com/gui/ip-address/31.31.196.171/relations

rufus-sootf.site
rufussootf.online
rufussootf.site
rufussootf.space

# Reference: https://twitter.com/crep1x/status/1603739742910169088
# Reference: https://twitter.com/crep1x/status/1603739749012738048
# Reference: https://tria.ge/221216-pvfecsef97
# Reference: https://tria.ge/221215-xs7ptsgb2x/behavioral2

http://116.202.6.49
http://168.119.243.28
http://94.131.98.49
http://95.217.24.210
amyldesk.com
anlmlydesk.com
bragwe.com
download-wallet.net
traldingveiw.com
traldlngview.com
zoow.us

# Reference: https://twitter.com/idclickthat/status/1603917198673805314
# Reference: https://www.virustotal.com/gui/file/decede09c564d8816cd6d5c9ef887adfc60e3880a47eca94e68de0179aa544a4/detection
# Reference: https://www.virustotal.com/gui/file/586923ff9e847ca568e3ee7a24897e02c5406c07c3f14ed33325d0a68ec9b5a2/detection

http://95.216.207.27
tradingapp.tech
tradingviewdownloads.com

# Reference: https://www.virustotal.com/gui/file/7006c4b851cbd7e8e97e7d9d94313c80e0be8cf12d7f814854b1a9cf7b3841b6/detection
# Reference: https://www.virustotal.com/gui/file/64cff0c222e7ed1fd41cddd842288c52c0ddd55a72a2276dd84c32d10111ca0d/detection

http://77.73.131.193

# Misc.

metatrader-5.net
metatrader-download.net

# Reference: https://twitter.com/jstrosch/status/1606045107970486272

http://152.89.218.27

# Reference: https://twitter.com/idclickthat/status/1607860641238323201

http://195.201.251.249
intuitquickbooks.space

# Reference: https://twitter.com/malware_traffic/status/1608690081178750976
# Reference: https://www.virustotal.com/gui/file/050ac31eccb687f01aa3ee0c16217d6d103b796bb606ddf4e3d0013af689e08c/detection

http://45.93.201.62
http://77.73.134.36

# Generic

/hsdf7w34rhdjsf.php
/smbfhrgc
/smbfupkuhrgc1
