# Copyright (c) 2014-2022 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: BumbleBee, Hisoka, Snugy, TriFive, huntxspy

# Reference: https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
# Reference: https://github.com/pan-unit42/iocs/blob/master/xHunt/xHunt_IOCs.csv
# Reference: https://www.virustotal.com/gui/file/892d5e8e763073648dfebcfd4c89526989d909d6189826a974f17e2311de8bc4/detection

google-update.com
learn-service.com
microsofte-update.com
woxmma.microsofte-update.com

# Reference: https://unit42.paloaltonetworks.com/more-xhunt-new-powershell-backdoor-blocked-through-dns-tunnel-detection/
# Reference: https://twitter.com/Voulnet/status/1014951078364876801
# Reference: https://otx.alienvault.com/pulse/5da0d8dc27a2ad4cc8864283

firewallsupports.com
windows64x.com
winx64-microsoft.com
windows-updates.com

# Reference: https://unit42.paloaltonetworks.com/xhunt-campaign-backdoors/
# Reference: https://otx.alienvault.com/pulse/5fa97823e94863569cf1fdbe

sharepoint-web.com

# Reference: https://unit42.paloaltonetworks.com/xhunt-campaign-backdoors/
# Reference: https://otx.alienvault.com/pulse/5fa97823e94863569cf1fdbe

deman1.icu
hotsoft.icu
lidarcc.icu
uplearn.top

# Reference: https://unit42.paloaltonetworks.com/bumblebee-webshell-xhunt-campaign/
# Reference: https://otx.alienvault.com/pulse/5ffcbc5b19a30849ecd2ab78

142.11.211.79:8080
142.11.211.79:8081
192.119.110.194:8083
91.92.109.59:1234
91.92.109.59:1255
91.92.109.59:1288
91.92.109.59:1289
backendloop.online
bestmg.info
windowsmicrosofte.online

# Reference: https://www.cynet.com/orion-threat-alert-flight-of-the-bumblebee/
# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-04-05-IOCs-for-Bumblebee-and-Cobalt-Strike.txt

192.236.198.63:443
23.82.19.208:443
45.147.229.177:433

# Reference: https://twitter.com/r0ny_123/status/1515939792034230272

108.62.12.12:443

# Reference: https://twitter.com/Max_Mal_/status/1516352309311246339

199.80.55.44:443
209.141.59.96:433
23.106.160.120:433

# Reference: https://twitter.com/k3dg3/status/1516819204200091655
# Referecne: https://tria.ge/220420-t3m7dsechn/behavioral2

184.29.205.132:443

# Reference: https://twitter.com/phage_nz/status/1519207039968313344

104.168.236.99:443
172.241.29.169:443
23.82.141.184:443
messerota.com

# Reference: https://twitter.com/Max_Mal_/status/1519323650062753792

108.62.118.56:443
185.33.87.53:443
28.11.143.222:443
49.12.241.35:443
71.1.188.122:443
89.222.221.14:443

# Reference: https://tria.ge/220428-tx94zafbc7

209.141.59.96:443
23.106.160.120:443

# Reference: https://twitter.com/Max_Mal_/status/1521449204106862592

138.201.190.52:443
23.83.134.136:443

# Reference: https://twitter.com/1ZRR4H/status/1521822196150067201
# Reference: https://github.com/CronUp/Malware-IOCs/blob/main/2022-05-03_Bumblebee

103.175.16.45:443
103.175.16.46:443
103.175.16.49:443
108.62.118.236:443
108.62.118.56:443
108.62.118.61:443
108.62.118.62:443
108.62.118.64:443
138.201.190.52:443
23.106.160.120:443
23.106.160.39:443
23.106.160.40:443
23.81.246.187:443
23.83.134.110:443
23.83.134.133:443
23.83.134.136:443
45.147.229.177:443
45.147.229.23:443
49.12.241.35:443

# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-05-03-IOCs-for-Contact-Forms-Bumblebee-and-Cobalt-Strike.txt

45.153.243.93:443

# Reference: https://twitter.com/k3dg3/status/1521899597462966273
# Reference: https://twitter.com/pr0xylife/status/1521901280771416066

figesoyuzo.com
/usda29ksagh12/

# Reference: https://twitter.com/James_inthe_box/status/1521956984941019139

108.62.12.203:443
23.82.128.149:443

# Reference: https://twitter.com/petrovic082/status/1522951977445081089
# Reference: https://www.virustotal.com/gui/file/e90c7d64377f397f556feaf056d0319c8338311d44e320541207a362b683196a/detection

45.140.146.244:443

# Reference: https://twitter.com/1ZRR4H/status/1530746956619857920
# Reference: https://twitter.com/pr0xylife/status/1530842662072467456
# Reference: https://twitter.com/pr0xylife/status/1530842864187494403
# Reference: https://isc.sans.edu/diary/rss/28636
# Reference: https://otx.alienvault.com/pulse/627bcbb336db3754603b5c38
# Reference: https://www.virustotal.com/gui/file/02dce7f57e4933edf84cbe525d8115defd5ecafd5b2b203be6a2ec7aa0099bc7/detection

banytul.com
barkunode.com
baronrtal.com
birobixt.com
bunadist.com
curanao.com
glicefud.com
goranism.com
kurabas.com
marebust.com
maudaris.com
olodaris.com
omnimature.com
parashane.com
vorkinal.com

# Reference: https://twitter.com/malware_traffic/status/1524564009034334210
# Reference: https://www.virustotal.com/gui/file/d08c8c165c0ca480ef40df7b9f7107524dbcc51e5e49fe013cbc16d91f18cef1/detection

154.56.0.218:443
serverjarvis.sytes.net

# Reference: https://tria.ge/220509-ygys8agghn

146.70.106.92:443
23.227.198.195:443
23.227.203.120:443
51.83.253.244:443

# Reference: https://twitter.com/ESETresearch/status/1524971448892366880
# Reference: https://twitter.com/ESETresearch/status/1524971459248066560

194.33.40.181:443
23.88.117.246:443
91.213.8.18:443

# Reference: https://isc.sans.edu/diary/28664
# Reference: https://otx.alienvault.com/pulse/62864c5e786571c438628fd6

194.135.33.144:443
southerncompanygas.co
wolsleyindustrialgroup.co
wolsleyindustrialgroup.com

# Reference: https://tria.ge/220519-sh1rbagge9

192.236.198.116:443
79.110.52.53:443

# Reference: https://twitter.com/pr0xylife/status/1527356211053547529

103.175.16.117:443
154.56.0.221:443
64.44.101.250:443

# Reference: https://tria.ge/220520-mxt97aaef5

176.107.177.124:443
192.236.160.254:443
192.236.192.85:443

# Reference: https://twitter.com/pr0xylife/status/1528787494711578625

192.236.194.136:443
193.239.84.247:443
63.141.248.253:443

# Refereence: https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_25.05.2022.txt

192.119.64.21:443
64.44.102.6:443
79.110.52.56:443

# Reference: https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_26.05.2022.txt

103.175.16.121:443
64.44.135.250:443
68.233.238.105:443

# Reference: https://twitter.com/k3dg3/status/1529868442391674881
# Reference: https://tria.ge/220526-t3xe3ahack

23.254.229.131:443
51.75.62.99:443
79.110.52.71:443

# Reference: https://tria.ge/220528-fh5n2sdfhm
# Reference: https://tria.ge/220527-w8yanagch4

101.88.16.100:443
107.90.225.1:443
108.16.90.159:443
108.174.195.253:443
121.15.221.97:443
121.175.62.199:443
146.70.78.21:443
154.0.119.28:443
154.56.0.228:443
170.32.109.77:443
18.127.96.221:443
185.156.172.8:443
185.62.56.12:443
19.71.13.153:443
21.175.22.99:443
22.175.0.90:443
38.12.57.131:443
49.12.153.53:443
51.68.146.200:443
73.214.29.52:443
77.121.49.161:443
78.112.52.91:443
8.12.181.20:443
84.119.1.64:443

# Reference: https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_09.06.2022.txt

103.175.16.107:443
103.175.16.108:443
103.175.16.122:443
145.239.135.155:443
146.19.173.139:443
146.19.253.49:443
146.70.104.250:443
146.70.125.82:443
149.255.35.134:443
154.56.0.241:443
185.156.172.123:443
185.62.58.133:443
185.62.58.169:443
192.236.161.191:443
192.236.249.68:443
193.233.203.156:443
193.239.84.254:443
194.135.33.148:443
194.135.33.149:443
212.114.52.46:443
23.254.201.97:443
37.120.198.248:443
45.147.229.101:443
45.147.229.50:443
46.21.153.145:443
54.38.136.187:443

# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-06-09-IOCs-from-TA578-Bumblebee-with-Cobalt-Strike.txt

145.239.30.26:443

# Reference: https://twitter.com/ankit_anubhav/status/1536773306358976512
# Reference: https://tria.ge/220614-wfjlssgcgq/behavioral1

103.175.16.108:443
104.168.219.94:443
107.44.53.47:330
111.99.39.11:387
115.109.212.139:461
123.67.113.210:483
133.57.116.243:424
135.253.243.175:300
142.182.181.207:450
145.239.135.155:443
146.70.125.82:443
15.209.19.148:466
154.56.0.252:443
157.17.142.85:406
158.35.83.74:332
160.70.24.228:486
167.28.27.185:467
171.78.101.85:258
172.244.110.160:367
185.62.58.133:443
188.104.94.69:348
188.57.4.52:357
188.6.218.149:317
193.233.203.156:443
194.135.33.148:443
21.29.238.98:209
216.254.58.191:443
22.83.186.45:201
221.106.84.123:307
223.243.46.133:147
235.126.132.170:106
244.6.154.71:111
246.20.199.100:175
33.145.184.132:240
34.229.154.31:235
39.57.152.217:440
45.153.241.187:443
47.58.200.234:159
48.165.175.199:316
48.209.106.172:357
57.240.143.90:256
67.136.243.43:323
68.227.158.172:411
69.161.201.181:382
78.89.31.86:229
80.156.1.202:305
80.26.101.48:372
80.9.246.19:338
90.81.8.16:370

# Reference: https://tria.ge/220614-w277aagfcl/behavioral1

103.175.16.106:443
104.124.14.244:197
105.137.48.127:156
112.143.55.233:256
115.200.5.214:467
117.75.94.181:456
12.236.242.155:211
122.247.231.47:117
128.44.54.202:493
13.218.205.215:309
134.247.186.104:233
145.239.28.110:443
146.19.173.186:443
148.70.67.206:267
170.24.243.46:441
171.227.174.67:108
172.117.69.12:366
177.96.182.180:213
182.10.38.85:198
185.62.57.27:443
187.247.16.193:308
192.107.100.31:298
192.205.3.12:235
193.233.203.243:443
2.211.111.213:125
20.150.149.28:415
201.249.37.165:420
204.1.81.223:110
207.90.225.187:369
211.22.161.225:196
24.57.185.167:317
243.91.103.106:246
243.92.11.201:387
247.23.37.74:155
29.64.0.111:122
4.165.175.212:387
40.72.17.141:326
45.142.214.167:443
45.147.231.202:443
45.84.0.13:443
51.68.145.54:443
57.132.248.83:391
66.160.230.114:370
67.194.32.32:367
69.235.89.243:366
76.96.116.176:190
77.49.189.77:103
78.202.137.116:271
89.52.115.119:444

# Reference: https://pastebin.com/bST3CZAx

1.32.39.22:459
100.93.33.185:487
102.109.16.255:445
103.175.16.106:443
103.175.16.107:443
103.175.16.108:443
103.175.16.117:443
103.175.16.121:443
103.175.16.122:443
103.175.16.59:443
104.124.14.244:197
104.135.8.250:417
104.168.156.224:443
104.168.219.94:443
105.137.48.127:156
107.44.53.47:330
108.28.254.44:399
109.108.10.35:386
111.99.39.11:387
112.110.146.153:349
112.143.55.233:256
112.81.173.199:399
114.9.152.233:402
115.103.22.1:153
115.109.212.139:461
115.16.153.155:459
115.200.5.214:467
115.239.67.202:380
117.50.181.41:373
117.75.94.181:456
119.177.224.146:124
12.236.242.155:211
120.237.172.163:343
122.247.231.47:117
123.67.113.210:483
124.243.81.221:274
126.68.7.249:422
127.87.0.227:339
128.44.54.202:493
13.218.205.215:309
132.44.27.212:299
133.133.249.24:204
133.57.116.243:424
134.247.186.104:233
135.142.208.39:298
135.253.243.175:300
135.36.13.40:427
137.253.55.69:235
138.65.77.29:391
140.208.107.161:360
141.98.168.70:443
142.11.216.143:443
142.182.181.207:450
143.117.20.123:425
144.52.138.51:193
145.239.135.155:443
145.239.28.110:443
145.239.30.26:443
146.19.173.105:443
146.19.173.116:443
146.19.173.139:443
146.19.173.186:443
146.19.173.195:443
146.19.173.202:443
146.19.173.224:443
146.19.253.15:443
146.19.253.49:443
146.19.253.6:443
146.70.104.250:443
146.70.124.77:443
146.70.125.122:443
146.70.125.82:443
146.70.86.254:443
148.70.67.206:267
149.255.35.134:443
149.255.35.183:443
149.57.112.159:122
15.209.19.148:466
154.56.0.100:443
154.56.0.102:443
154.56.0.199:443
154.56.0.219:443
154.56.0.221:443
154.56.0.231:443
154.56.0.240:443
154.56.0.241:443
154.56.0.242:443
154.56.0.252:443
155.113.182.180:324
157.17.142.85:406
158.35.83.74:332
158.69.98.105:443
160.20.147.191:443
160.70.24.228:486
162.144.249.150:239
165.158.204.41:469
167.235.245.35:443
167.28.27.185:467
168.20.103.16:132
170.107.238.10:276
170.24.243.46:441
171.227.174.67:108
171.78.101.85:258
172.117.69.12:366
172.244.110.160:367
172.67.34.170:443
174.150.214.40:426
174.58.225.25:420
176.107.177.124:443
177.231.94.146:410
177.96.182.180:213
178.255.155.53:108
18.215.29.142:436
18.8.71.243:176
180.184.129.160:223
180.23.251.29:230
182.10.38.85:198
182.62.4.186:282
183.37.64.159:220
185.156.172.123:443
185.250.148.136:443
185.62.56.186:443
185.62.56.201:443
185.62.56.202:443
185.62.57.162:443
185.62.57.182:443
185.62.57.27:443
185.62.58.133:443
185.62.58.169:443
185.62.58.209:443
185.62.58.222:443
185.62.58.238:443
185.94.100.232:189
187.247.16.193:308
188.104.94.69:348
188.57.4.52:357
188.6.218.149:317
190.123.237.229:261
192.107.100.31:298
192.119.64.21:443
192.205.3.12:235
192.21.12.118:231
192.236.160.254:443
192.236.161.191:443
192.236.192.85:443
192.236.194.136:443
192.236.249.68:443
193.233.203.156:443
193.233.203.243:443
193.239.84.247:443
193.239.84.254:443
193.43.251.231:312
194.135.33.148:443
194.135.33.149:443
194.135.33.16:443
194.37.97.135:443
198.98.57.91:443
198.98.62.156:443
2.190.89.140:236
2.211.111.213:125
2.97.24.126:148
20.150.149.28:415
201.249.37.165:420
203.138.139.122:404
204.1.81.223:110
207.90.225.187:369
208.151.241.134:362
208.231.162.191:266
208.84.180.22:146
209.141.52.25:443
21.29.238.98:209
210.163.58.211:385
210.251.188.194:228
211.22.161.225:196
212.114.52.46:443
212.234.34.219:148
213.115.131.233:186
213.203.201.199:307
213.26.162.157:477
216.254.58.191:443
218.199.149.25:415
22.83.186.45:201
221.106.84.123:307
221.218.33.190:154
221.238.146.116:272
222.62.166.76:206
223.243.46.133:147
224.255.62.16:414
224.49.28.61:214
228.127.34.30:316
228.78.147.191:253
229.139.73.188:287
23.227.202.179:443
23.254.201.97:443
23.254.227.144:443
23.254.227.53:443
23.254.229.131:443
231.169.5.102:403
233.82.38.10:391
235.126.132.170:106
238.42.54.122:171
239.100.121.57:329
24.57.185.167:317
241.112.226.151:197
241.41.90.117:181
241.54.78.154:269
242.165.212.79:339
242.30.221.68:198
243.91.103.106:246
243.92.11.201:387
244.234.60.83:386
244.6.154.71:111
246.20.199.100:175
247.23.37.74:155
249.222.51.70:286
249.241.29.24:181
251.143.69.150:395
251.210.76.59:335
253.174.222.210:447
255.11.235.99:426
26.6.83.53:219
28.78.74.145:427
29.64.0.111:122
3.172.226.46:189
30.65.48.152:239
31.215.170.180:431
32.181.245.23:191
33.145.184.132:240
34.229.154.31:235
35.17.203.69:268
37.120.198.248:443
37.64.220.2:332
37.72.174.23:443
39.57.152.217:440
4.165.175.212:387
40.72.17.141:326
45.138.172.22:443
45.142.214.167:443
45.147.229.101:443
45.147.229.50:443
45.147.231.202:443
45.153.241.187:443
45.153.241.234:443
45.3.236.177:312
45.84.0.13:443
46.21.153.145:443
47.58.200.234:159
48.165.175.199:316
48.209.106.172:357
49.57.156.149:228
51.210.158.156:443
51.68.144.94:443
51.68.145.54:443
51.75.62.15:443
51.75.62.99:443
51.83.250.240:443
53.96.32.99:333
54.37.130.77:443
54.38.136.187:443
54.38.139.20:443
55.14.133.44:292
57.132.248.83:391
57.156.134.113:446
57.240.143.90:256
58.10.55.201:382
60.27.170.3:463
63.122.120.151:268
63.141.248.253:443
64.250.120.4:406
64.44.101.250:443
64.44.102.6:443
64.44.135.230:443
64.44.135.250:443
65.254.82.66:498
65.95.20.151:232
66.160.230.114:370
66.23.70.38:168
67.136.243.43:323
67.194.32.32:367
68.227.158.172:411
68.233.238.105:443
69.161.201.181:382
69.235.89.243:366
70.77.209.88:224
76.96.116.176:190
77.49.189.77:103
78.174.92.106:151
78.202.137.116:271
78.244.227.62:462
78.79.38.95:496
78.89.31.86:229
78.90.18.29:383
79.110.52.104:443
79.110.52.236:443
79.110.52.56:443
79.110.52.71:443
79.133.212.60:211
79.198.114.179:442
80.156.1.202:305
80.241.131.170:311
80.26.101.48:372
80.9.246.19:338
83.142.26.147:465
83.47.40.251:306
89.52.115.119:444
9.240.112.25:411
90.81.8.16:370
91.167.137.83:421
92.204.160.92:443
95.29.177.99:462
98.84.87.52:353

# Reference: https://tria.ge/220625-h96rjabbdr

101.8.100.194:131
103.175.16.47:443
103.200.32.188:492
106.120.29.13:489
13.2.200.200:338
133.209.39.126:217
138.114.199.166:316
146.19.173.202:443
146.19.173.207:443
152.38.148.148:494
168.120.139.16:273
172.110.248.55:203
173.77.219.120:201
186.150.217.235:221
187.210.45.242:299
192.119.77.241:443
193.239.152.108:242
204.181.129.183:248
204.233.101.71:459
206.103.180.253:205
207.6.99.3:471
211.131.243.77:112
215.48.4.118:123
224.239.200.236:443
228.194.82.251:473
239.11.133.48:421
24.121.25.160:346
246.232.135.28:477
246.47.222.240:216
247.224.208.140:372
25.170.215.18:456
28.53.120.108:270
49.179.166.100:235
50.167.186.112:239
50.41.225.93:478
54.38.136.111:443
69.120.31.126:408
74.135.94.210:347
74.57.128.223:112
82.20.113.198:446
86.91.101.57:221
89.172.3.185:315
97.194.155.116:446
98.28.11.39:201

# Reference: https://www.cybereason.com/blog/threat-analysis-report-bumblebee-loader-the-high-road-to-enterprise-domain-control
# Reference: https://otx.alienvault.com/pulse/6306320477c9993c7fc3a2c0

185.62.56.129:443

# Reference: https://www.malware-traffic-analysis.net/2022/08/30/index.html

142.11.234.238:443

# Reference: https://twitter.com/BroadAnalysis/status/1567586542276775938

103.144.139.135:443

# Reference: https://twitter.com/pr0xylife/status/1571899501455048704
# Reference: https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_19.09.2022.txt

108.177.235.29:443
23.106.160.117:443
23.106.215.133:443
meeronixt.com

# Reference: https://twitter.com/k3dg3/status/1575173131198558208

/ASUYfdhjsQx/

# Reference: https://research.checkpoint.com/2022/bumblebee-increasing-its-capacity-and-evolving-its-ttps/

104.168.201.219:443
142.11.234.230:443
152.89.247.79:443
185.17.40.189:443
185.62.58.175:443
205.185.122.143:443
205.185.123.137:443
209.141.46.50:443
209.141.58.141:443
51.68.146.186:443
51.68.147.233:443
51.83.251.245:443
51.83.253.131:443
54.37.130.166:443
54.37.131.14:443
54.38.138.94:443

# Reference: https://twitter.com/BroadAnalysis/status/1577816261823795200

51.83.250.102:443

# Reference: https://twitter.com/ESETresearch/status/1577963080096555008
# Reference: https://twitter.com/ESETresearch/status/1577963091295453184

103.144.139.158:443
145.239.28.55:443
146.70.147.39:443
146.70.149.48:443
192.119.74.28:443
45.141.58.37:443
54.38.138.5:443

# Reference: https://twitter.com/pr0xylife/status/1583595706148741120

146.59.116.146:443
172.93.193.220:443
23.106.160.112:443
ralepijo.com
/grasbly.dll

# Reference: https://www.microsoft.com/en-us/security/blog/2022/10/27/raspberry-robin-worm-part-of-larger-ecosystem-facilitating-pre-ransomware-activity/
# Reference: https://otx.alienvault.com/pulse/635bcc619768c0b6cb3e9677

guteyutur.com
dsfdsfgb.azureedge.net

# Reference: https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_27.06.2022.txt

103.25.51.23:388
12.75.186.131:263
122.50.173.112:157
124.79.186.17:245
135.36.57.27:157
135.79.221.116:303
14.155.143.74:191
141.69.161.34:281
145.250.252.150:418
146.19.253.56:443
149.197.87.217:409
150.37.37.18:112
151.233.218.244:192
154.171.215.86:169
155.180.101.133:318
156.151.142.100:123
156.165.161.82:298
159.117.143.69:265
168.113.169.88:428
175.90.216.232:197
179.4.178.202:339
19.32.56.182:487
192.119.77.100:443
194.120.202.95:468
194.129.76.203:490
199.61.79.119:346
21.21.141.32:133
212.107.138.109:287
218.122.217.28:234
224.110.0.53:105
227.12.148.222:270
227.233.79.54:327
234.248.206.141:176
24.4.68.32:418
241.0.19.171:313
245.245.176.160:137
253.13.70.127:340
254.230.180.37:486
28.107.38.196:269
29.122.243.158:226
31.228.253.114:427
33.93.97.183:112
35.120.155.220:262
41.28.188.77:212
51.199.209.83:290
64.157.160.42:207
68.121.248.35:464
68.14.88.177:143
76.81.225.65:337
78.24.136.181:493
78.74.20.180:433

# Reference: https://www.cynet.com/blog/orion-threat-alert-flight-of-the-bumblebee/

192.236.198.63:433

# Reference: https://twitter.com/tosscoinwitcher/status/1590084982193913857
# Reference: https://tria.ge/221108-zhe8yahgbp/behavioral1

146.19.253.28:443
146.70.149.38:443
176.223.165.108:443

# Reference: https://www.malware-traffic-analysis.net/2022/11/07/index.html

http://134.209.118.141
http://87.251.67.176
103.144.139.156:443
144.173.110.28:115
155.182.198.198:402
183.125.56.150:459
188.172.189.108:163
193.211.15.111:229
208.226.164.254:152
212.48.233.55:446
220.193.225.180:148
39.65.8.170:443
4.167.227.222:325
56.50.75.119:423
73.13.11.238:338
86.184.196.254:214
95.254.227.139:451

# Reference: https://twitter.com/malwrhunterteam/status/1592249538802511873
# Reference: https://www.virustotal.com/gui/file/48d585ca3a477ef7e8f0983735903335d9a5327f5fc434c222b6f551f7c0dc68/detection

1.3.49.41:116
126.214.148.137:194
132.236.194.230:315
133.135.205.124:197
157.195.106.206:250
191.208.255.91:175
215.55.4.215:483
25.166.31.10:427
33.15.138.183:236
33.187.124.30:114
64.44.135.140:443
78.86.12.112:410
cruds-club.com

# Reference: https://twitter.com/malware_traffic/status/1592268760924450816
# Reference: https://tria.ge/221114-vt7p4sha5y/behavioral5

107.189.13.247:443
54.37.130.24:443
64.44.102.241:443

# Reference: https://twitter.com/Unit42_Intel/status/1593636233212739584

193.200.16.175:443

# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-12-07-IOCs-for-Bumblebee-infection-with-Cobalt-Strike.txt

139.177.146.137:443
81.77.212.213:118
88.52.50.98:452
