# Copyright (c) 2014-2023 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Note: Continuation of /malware/apt_gamaredon.txt trail

# Reference: https://www.virustotal.com/gui/ip-address/168.100.10.184/relations

637753378561125274.mmrbjh5aksr8xcod3.moolin.ru
spcbkrndcwmwqoehn.gl1rqkipy7qgs5wn.moolin.ru
spcbkrndcwmwqoehn.mmrbjh5aksr8xcod3.moolin.ru
yegjatclcoyvxc.mmrbjh5aksr8xcod3.moolin.ru
zqm0ohac1uy.mmrbjh5aksr8xcod3.moolin.ru

# Reference: https://www.virustotal.com/gui/ip-address/162.33.178.84/relations

1enm5ltozgs.jolotras.ru
637851914820617583.jolotras.ru
637854543329144226.jolotras.ru
637856208618736747.jolotras.ru
637856496966819649.jolotras.ru
637857210652488396.jolotras.ru
637857240727359534.jolotras.ru
637857424251842757.jolotras.ru
elg9dhikreg.jolotras.ru
hfkiicwlqwzm.jolotras.ru
hvq3vxvsers3.jolotras.ru
jukmdudxk095.jolotras.ru
oxdajw1v.metanat.ru
wzl4picb0ghkvwm5n.jolotras.ru

# Reference: https://www.virustotal.com/gui/ip-address/147.182.232.150/relations

10decrepit.mexv.ru

# Reference: https://www.virustotal.com/gui/ip-address/45.95.232.71/relations

13definite.kyamalgo.shop
67delay.kyamalgo.shop
redim39.bayramgo.ru

# Reference: https://www.virustotal.com/gui/ip-address/165.22.55.231/relations

51declined.kyamalgo.shop
71deliver.kyamalgo.shop
asc27.kyanango.shop
each95.kyanango.shop
then59.kyanango.shop

# Reference: https://www.virustotal.com/gui/ip-address/164.92.117.117/relations

deliver.kyamalgo.shop

# Reference: https://www.virustotal.com/gui/ip-address/139.180.186.210/relations

deliberate.kyamalgo.shop

# Reference: https://scpc.gov.ua/api/docs/19b0a96e-8c31-44bf-863e-cd3e0b651f22/19b0a96e-8c31-44bf-863e-cd3e0b651f22.pdf

http://157.245.75.124
http://185.163.45.5
http://195.189.96.64
http://84.32.131.61
/09.01_otck/quicker.rtf
/09.01_otck/

# Reference: https://twitter.com/malwrhunterteam/status/1622655333100359686
# Reference: https://www.virustotal.com/gui/file/3c6218f32fb724603c96fed99bc9880462f9dc3c420fac01acf9c921fb08b319/detection

http://45.8.98.186
/03.02/GU/deaf.DjVu

# Reference: https://twitter.com/oneinthewild/status/1622608702061568000
# Reference: https://twitter.com/oneinthewild/status/1622647861673353216

http://137.184.101.158
http://139.59.30.132
http://140.82.56.186
http://157.230.252.20
http://159.203.164.194
http://159.223.203.36
http://161.35.93.177
http://165.232.90.200
http://45.95.232.34
http://45.95.232.35
http://5.44.42.83
http://64.227.182.62

# Reference: https://twitter.com/ThreatBookLabs/status/1622555337470672897

artashd.xyz

# Reference: https://twitter.com/oneinthewild/status/1622845785627889667

http://134.122.60.67
http://139.59.209.145
http://140.82.47.181
http://146.190.117.209
http://157.230.15.82
http://64.227.113.173

# Reference: https://twitter.com/Cyber0verload/status/1622843745300357122
# Reference: https://twitter.com/Cyber0verload/status/1622843807493414915
# Reference: https://twitter.com/Cyber0verload/status/1622843862451462144
# Reference: https://twitter.com/Cyber0verload/status/1622843903123628045
# Reference: https://twitter.com/Cyber0verload/status/1622843941388255232

bahadurdi.ru
bahtiyardi.ru
balabekdi.ru
balakshidi.ru
balasst.ru
ballydi.ru
baloglandi.ru
balusa.ru
bamdaddi.ru
bashaardi.ru
davudho.ru
gachagdo.ru
gachaydo.ru
gadirdo.ru
gadzhido.ru
gahramando.ru
galibdo.ru
gamiddo.ru
gaplando.ru
garibdo.ru
gasando.ru
gashkaydo.ru
gasyrdo.ru
gayado.ru
gedimdo.ru
geydardo.ru
giyamdo.ru
giyasdo.ru
gochagdo.ru
goshgardo.ru
malawit.ru
maxmud.ru
noiyze.ru
poladx.ru
rascol.ru
tukals.ru
vahabgo.ru
valiullago.ru
vasifgo.ru
vasimgo.ru
vatango.ru
vazirgo.ru
veligo.ru
velihango.ru
vezirgo.ru
vidadigo.ru
vilayatgo.ru
vugargo.ru
vurgungo.ru
vusalgo.ru
vuvura.ru
xamala.ru
zaskol.ru

# Reference: https://www.virustotal.com/gui/file/602a970c272a4d6710a86792906ccad8e608115fcd46ed4740df7ec2c1b0cbe9/detection

http://45.8.98.144
/07.02/ss/sensation.DjVu

# Reference: https://twitter.com/StopMalvertisin/status/1622823002286206976
# Reference: https://www.virustotal.com/gui/file/1f034ea47fcd8ffa60de37ab3dfb4c7ca981d5830b6927320b4fa966066e4dca/detection

http://188.225.31.186
/06.02/mil/never.DjVu

# Reference: https://twitter.com/Cyber0verload/status/1623008687311708160
# Reference: https://www.virustotal.com/gui/ip-address/149.28.187.38/relations
# Reference: https://www.virustotal.com/gui/file/201d5f869a952a0ebf5b63c92adb3e1a767a90bf010f0065cbd1a16285d7e4d2/detection

glove38.gayado.ru
penny.glove38.gayado.ru

# Reference: https://www.virustotal.com/gui/ip-address/61.60.41.62/relations

mirzago.shop
validgo.ru

# Reference: https://twitter.com/oneinthewild/status/1623052819350822913

http://104.248.208.144
http://128.199.42.98
http://139.180.131.10
http://146.190.150.34

# Reference: https://www.virustotal.com/gui/ip-address/170.64.154.39/relations

11delay.bamdaddi.ru
12departure.vatango.ru
13december.amasiyagi.ru
14departure.vatango.ru
16delivery.vatango.ru
16departure.vatango.ru
18departure.vatango.ru
1demonstration.artavazd.xyz
21delicate.artavazd.xyz
23depths.artavazd.xyz
26delivery.vatango.ru
26departure.vatango.ru
27departure.vatango.ru
28delicate.artavazd.xyz
28departure.vatango.ru
29delivery.vatango.ru
2departure.vatango.ru
30departure.vatango.ru
31delivery.vatango.ru
31demonstration.artavazd.xyz
31departure.vatango.ru
32delivery.vatango.ru
33degrade.bamdaddi.ru
35departure.vatango.ru
36delivery.vatango.ru
36departure.vatango.ru
36descendant.artavazd.xyz
37delivery.vatango.ru
38delivery.vatango.ru
39delicate.artavazd.xyz
39departure.vatango.ru
3demonstration.artavazd.xyz
42departure.vatango.ru
44dense.artavazd.xyz
44departure.vatango.ru
44depths.artavazd.xyz
46delicate.artavazd.xyz
46descendant.artavazd.xyz
47departure.vatango.ru
49departure.vatango.ru
54delivery.vatango.ru
59departure.vatango.ru
5delicate.artavazd.xyz
60departure.vatango.ru
61december.amasiyagi.ru
61delivery.vatango.ru
61descendant.artavazd.xyz
62depths.artavazd.xyz
63departure.vatango.ru
64departure.vatango.ru
64descendant.artavazd.xyz
65delivery.vatango.ru
66delivery.vatango.ru
67delivery.vatango.ru
67departure.vatango.ru
69delay.bamdaddi.ru
69delivery.vatango.ru
72departure.vatango.ru
74delivery.vatango.ru
74delusion.amasiyagi.ru
74depths.artavazd.xyz
75demonstration.artavazd.xyz
77defective.amasiyagi.ru
78departure.vatango.ru
79delivery.vatango.ru
7delivery.vatango.ru
80departure.vatango.ru
84defective.amasiyagi.ru
84delivery.vatango.ru
85delivery.vatango.ru
85departure.vatango.ru
86delay.bamdaddi.ru
86delivery.vatango.ru
87departure.vatango.ru
88delivery.vatango.ru
88departure.vatango.ru
88descendant.artavazd.xyz
89december.amasiyagi.ru
89delivery.vatango.ru
90departure.vatango.ru
91delivery.vatango.ru
93depths.artavazd.xyz
94delivery.vatango.ru
94departure.vatango.ru
95departure.vatango.ru
96demonstration.artavazd.xyz
97delivery.vatango.ru
97departure.vatango.ru
98delay.bamdaddi.ru
98delivery.vatango.ru
99departure.vatango.ru
9delivery.vatango.ru
9demonstration.artavazd.xyz
chr38.balabekdi.ru
close25.balabekdi.ru
getfile69.artashd.xyz
lapwork.akinot.ru
loop14.balabekdi.ru
loop56.balabekdi.ru
penobscot.soputh.ru
pigbelly.ulitron.ru
redim100.mansurgo.ru
slitter.billyhot.ru
to36.artashd.xyz
type57.mansurgo.ru
type59.mansurgo.ru
type72.mansurgo.ru
type91.mansurgo.ru
ucayale.bismutumo.ru
unapparent.bismutumo.ru
unconservative.dedspac.ru
while2.balabekdi.ru
wscript30.mansurgo.ru
wscript61.mansurgo.ru
wscript68.mansurgo.ru
wscript77.mansurgo.ru

# Reference: https://twitter.com/oneinthewild/status/1623328456967696384

http://134.209.197.124
http://134.209.33.42
http://146.190.38.123
http://188.166.220.176
http://31.129.22.25
http://45.82.13.22

# Reference: https://twitter.com/Cyber0verload/status/1623417388556328964
# Reference: https://twitter.com/Cyber0verload/status/1623417462992818176

auxza.ru
barabux.ru
dadashho.ru
daniyarho.ru
danizho.ru
dashgynrho.ru
deyanetho.ru
dilaverho.ru
dostaliho.ru
dovlatho.ru
dzharasatho.ru
dzhavadho.ru
erfanho.ru
gapolsa.ru
ruxanu.ru

# Reference: https://twitter.com/oneinthewild/status/1623422557096493062

http://137.184.189.215
http://165.232.90.224
http://178.128.127.134
http://178.128.64.143
http://68.183.200.0
http://84.32.34.69

# Reference: https://twitter.com/oneinthewild/status/1623559225497763840

http://146.190.140.96
http://146.190.60.230
http://158.247.212.220
http://165.232.78.69
http://45.82.13.23
http://45.82.13.32

# Reference: https://twitter.com/Cyber0verload/status/1623665580296269825

pldbr.com
zafirgo.online

# Reference: https://twitter.com/oneinthewild/status/1623729517058576386

http://138.68.48.251
http://146.190.150.240
http://157.245.56.218
http://207.148.108.196
http://209.250.235.75
http://84.32.188.171

# Reference: https://twitter.com/StopMalvertisin/status/1623941786665365505
# Reference: https://www.virustotal.com/gui/file/220764c59224630d91caeadfbbaadd25b3f06e69e33dc5cbf3541c288fc2455a/detection
# Reference: https://www.virustotal.com/gui/file/884d0b2753927bad6a57c3191ca5def96b2006ffe5d5924726b1f6d1aefb4bb6/detection

http://81.200.154.192
/08.02/mils/guidance.dll
/08.02/mils/preliminary.dll

# Reference: https://twitter.com/oneinthewild/status/1623941722077286401

http://143.110.166.19
http://159.89.44.189
http://165.232.73.240
http://195.133.88.27
http://206.189.2.10
http://68.183.106.61

# Reference: https://twitter.com/StopMalvertisin/status/1624040846785134592
# Reference: https://www.virustotal.com/gui/ip-address/158.247.194.46/relations
# Reference: https://www.virustotal.com/gui/file/f46bf2a1b8a6d333b73c355ee463d4dc6c55ef66bb99c2717e3a211d49b4c07d/detection

dzheyhunho.ru
soul70.dzheyhunho.ru
neck.soul70.dzheyhunho.ru
wwww.dzheyhunho.ru
wwww.soul70.dzheyhunho.ru
wwww.neck.soul70.dzheyhunho.ru
/USER-/perfectly/perfectly/beyond/perfectly/perfectly.png
/USER-/perfectly/perfectly/beyond/perfectly/
/USER-/perfectly/perfectly/beyond/
/USER-/perfectly/perfectly/
/USER-/perfectly/

# Reference: https://twitter.com/oneinthewild/status/1624037169592508416

http://158.247.194.46
http://165.22.188.144
http://5.44.42.63
http://5.44.42.81
http://64.225.79.177
http://64.227.77.123

# Reference: https://www.virustotal.com/gui/ip-address/81.19.140.42/relations

http://81.19.140.42
71.ganara.ru

# Reference: https://www.virustotal.com/gui/ip-address/66.42.55.53/relations

1386276378.ganara.ru
1431715375.pafamar.ru

# Reference: https://www.virustotal.com/gui/ip-address/108.61.192.203/relations

42358526.ganara.ru

# Reference: https://www.virustotal.com/gui/ip-address/155.138.141.211/relations

870017326.ganara.ru

# Reference: https://www.virustotal.com/gui/ip-address/84.32.190.250/relations

1204209173.hakold.ru
1440993535.pafamar.ru
1748457329.pafamar.ru
181510461.pafamar.ru
2055427177.pafamar.ru
683969564.kacep.ru

# Reference: https://www.virustotal.com/gui/ip-address/178.128.119.199/relations

1043550017.wicksl.ru
1057389483.wicksl.ru
1104029195.boraza.ru
1176266654.wicksl.ru
1224898390.wicksl.ru
1264400207.boradi.ru
1265796603.harasm.ru
1382969500.wicksl.ru
1434877464.wicksl.ru
1499231909.wicksl.ru
1526078706.wicksl.ru
1687888889.boradi.ru
1969771041.wicksl.ru
2039560734.wicksl.ru
346592704.wicksl.ru
399300951.lopasts.ru
419154341.wicksl.ru
55771717.wicksl.ru
583021842.wicksl.ru
599985847.wicksl.ru
675210863.lopasts.ru
6824204.wicksl.ru
691364703.wicksl.ru
692072180.wicksl.ru
701012767.pafamar.ru
748245639.boraza.ru
764978826.boradi.ru
875836479.wicksl.ru
894351309.wicksl.ru
930865769.wicksl.ru
956509908.wicksl.ru
login.kifales.ru
mail.kacep.ru

# Reference: https://www.virustotal.com/gui/ip-address/45.76.254.179/relations

71deployment.rhodiumo.ru
deliberate.lotorgas.ru

# Reference: https://www.virustotal.com/gui/ip-address/194.67.71.65/relations

depth.deliberate.lotorgas.ru

# Reference: https://twitter.com/peterkruse/status/1625042214920286209
# Reference: https://www.virustotal.com/gui/ip-address/211.231.29.180/relations
# Reference: https://www.virustotal.com/gui/ip-address/68.196.191.5/relations

erfango.ru
zafirgo.ru
zahidgo.ru
zakirgo.ru
zamango.ru
ziyafatgo.ru
gk.zamango.ru
ns.zamango.ru
ot.zamango.ru
xu.zamango.ru

# Reference: https://twitter.com/StopMalvertisin/status/1625031614983188482
# Reference: https://www.virustotal.com/gui/ip-address/185.143.223.190/relations
# Reference: https://www.virustotal.com/gui/file/c6f6838afcb177ea9dda624100ce95549cee93d9a7c8a6d131ae2359cabd82c8/detection

interbase11.zakirgo.ru
interbase6.zakirgo.ru
interbase9.zakirgo.ru
interbase96.zakirgo.ru
goat.interbase6.zakirgo.ru
goat.interbase11.zakirgo.ru
goat.interbase9.zakirgo.ru
goat.interbase96.zakirgo.ru
wwww.goat.interbase11.zakirgo.ru
wwww.interbase11.zakirgo.ru
wwww.zakirgo.ru

# Reference: https://mrtiepolo.medium.com/russian-apt-gamaredon-exploits-hoaxshell-to-target-ukrainian-organizations-173427d4339b

141.8.192.151:4000
141.8.197.42:4000
a0728173.xsph.ru
f0559838.xsph.ru

# Reference: https://www.virustotal.com/gui/ip-address/19.138.242.170/relations

damirho.ru

# Reference: https://twitter.com/peterkruse/status/1626458999267663872

dzhavidho.ru

# Reference: https://www.virustotal.com/gui/ip-address/137.184.189.215/relations
# Reference: https://www.virustotal.com/gui/ip-address/178.128.127.134/relations

12deploy.valiullago.ru
27degrade.valiullago.ru
28delighted.dzhavidho.ru
2dependent.valiullago.ru
36delighted.dzhavidho.ru
41depart.valiullago.ru
41departure.valiullago.ru
45delighted.dzhavidho.ru
50delighted.dzhavidho.ru
52delighted.dzhavidho.ru
53defeated.valiullago.ru
53departure.valiullago.ru
54deprive.valiullago.ru
63delete.valiullago.ru
66delighted.dzhavidho.ru
69delicacy.vatango.ru
71departure.valiullago.ru
72demonstration.valiullago.ru
77dense.vatango.ru
81dependent.valiullago.ru
85delighted.dzhavidho.ru
91depth.valiullago.ru
99dependant.vatango.ru
all70.gochagdo.ru
all76.gochagdo.ru
altitude46.ibragimo.ru
altitude47.logmango.ru
amiable74.andranikgi.ru
amiable78.andranikgi.ru
bible49.gachagdo.ru
bible50.gachagdo.ru
bicycle.council67.garibdo.ru
billion23.vasifgo.ru
clamour.altitude47.logmango.ru
clap3.vasifgo.ru
clap70.vasifgo.ru
council67.garibdo.ru
count26.vasifgo.ru
count41.vasifgo.ru
count56.vasifgo.ru
createobject83.gedimdo.ru
dim99.vurgungo.ru
elephantidae.akinot.ru
encyclopedia10.amayakgi.ru
endurance30.gaplando.ru
energy80.gayado.ru
faithfully.all70.gochagdo.ru
faithfully.all76.gochagdo.ru
false28.gayado.ru
false53.gayado.ru
false8.gayado.ru
false81.gayado.ru
false92.gayado.ru
false95.gayado.ru
fileexists28.vidadigo.ru
for79.vurgungo.ru
function74.gedimdo.ru
glow.need94.gadzhido.ru
glow33.masudgo.shop
glow80.masudgo.shop
god79.galibdo.ru
integral.low19.gayado.ru
intellectual.altitude46.ibragimo.ru
intelligence34.gayado.ru
intelligence56.gayado.ru
interdependent.energy80.gayado.ru
interference.shone10.ibragimo.ru
interference.shone100.ibragimo.ru
interference.shone32.ibragimo.ru
interference.shone33.ibragimo.ru
interference.shone40.ibragimo.ru
interference.shone43.ibragimo.ru
interference.shone45.ibragimo.ru
interference.shone6.ibragimo.ru
interference.shone67.ibragimo.ru
interference.shone71.ibragimo.ru
interference.shone85.ibragimo.ru
interference.shone9.ibragimo.ru
interference.shone92.ibragimo.ru
interference.shone93.ibragimo.ru
low19.gayado.ru
lowered94.andranikgi.ru
necklace.stooped100.ziyafat.ru
necklace.stooped16.ziyafat.ru
necklace.stooped22.ziyafat.ru
necklace.stooped23.ziyafat.ru
necklace.stooped4.ziyafat.ru
necklace.stooped7.ziyafat.ru
nectareous.bernadetti.ru
ned.bible49.gachagdo.ru
ned.bible50.gachagdo.ru
need94.gadzhido.ru
penny.glove38.gayado.ru
performance.stopper23.gochagdo.ru
perfume6.veligo.ru
pressure.false28.gayado.ru
pressure.false53.gayado.ru
pressure.false8.gayado.ru
pressure.false81.gayado.ru
pressure.false92.gayado.ru
pressure.false95.gayado.ru
priceless.intelligence34.gayado.ru
priceless.intelligence56.gayado.ru
regions72.vasifgo.ru
salary.sorry54.gahramando.ru
salvation.god79.galibdo.ru
sample.glow33.masudgo.shop
sample.glow80.masudgo.shop
savetofile97.vidadigo.ru
setrequestheader39.vidadigo.ru
shone10.ibragimo.ru
shone100.ibragimo.ru
shone32.ibragimo.ru
shone33.ibragimo.ru
shone40.ibragimo.ru
shone43.ibragimo.ru
shone45.ibragimo.ru
shone6.ibragimo.ru
shone67.ibragimo.ru
shone71.ibragimo.ru
shone85.ibragimo.ru
shone9.ibragimo.ru
shone92.ibragimo.ru
shone93.ibragimo.ru
sleep65.mansurgo.ru
sleep78.mansurgo.ru
sorry54.gahramando.ru
stooped100.ziyafat.ru
stooped16.ziyafat.ru
stooped22.ziyafat.ru
stooped23.ziyafat.ru
stooped4.ziyafat.ru
stooped7.ziyafat.ru
stopper23.gochagdo.ru
then89.vurgungo.ru
to50.gedimdo.ru
umbrose.soputh.ru
until18.gedimdo.ru
until23.gedimdo.ru
visible44.vurgungo.ru
wscript73.mansurgo.ru
wscript98.mansurgo.ru

# Reference: https://www.virustotal.com/gui/ip-address/89.185.84.79/relations

allow37.bahtiyardi.ru

# Reference: https://twitter.com/h2jazi/status/1628061981260320779

http://94.198.220.136

# Reference: https://www.virustotal.com/gui/ip-address/165.22.196.38/relations

altitude84.ibragimo.ru
altitude92.ibragimo.ru
ambiguous.could4.akpar.ru
ambition.prick55.ibragimo.ru
beverley95.ambarcumgi.ru
could4.akpar.ru
countless.endure5.ibragimo.ru
endure5.ibragimo.ru
enemies32.mamnungo.ru
fame.relate94.logmango.ru
gloves.enemies32.mamnungo.ru
goal51.ambarcumgi.ru
intellectual.altitude84.ibragimo.ru
intellectual.altitude92.ibragimo.ru
lovers.stops50.mehmango.shop
lucius.pride60.ibragimo.ru
lucius.pride63.ibragimo.ru
navy.shoe19.avvadbi.ru
needle54.avvadbi.ru
price8.ambarcumgi.ru
prick55.ibragimo.ru
prickly33.koroglugo.shop
pride60.ibragimo.ru
pride63.ibragimo.ru
princess.needle54.avvadbi.ru
relate94.logmango.ru
shoe19.avvadbi.ru
stops50.mehmango.shop

# Reference: https://www.virustotal.com/gui/ip-address/84.32.248.148/relations

primary40.agvanbi.ru

# Reference: https://twitter.com/Cyber0verload/status/1628673516177596417
# Reference: https://www.virustotal.com/gui/ip-address/208.33.106.251/relations
# Reference: https://www.virustotal.com/gui/ip-address/45.82.13.68/relations

balabac.ru
idrakbi.ru
kainatbi.ru
logmando.ru
lyutfido.ru
malikdo.ru
manafdo.ru
mansurdo.ru
mazhddo.ru
nbwfq.ru
teftons.ru
zardushtgo.ru

# Reference: https://twitter.com/Cyber0verload/status/1628683582649638913

bajax.ru
ibadbi.ru
ibragimbi.ru
ihsanbi.ru
ihtiyarbi.ru
ikrimabi.ru
ilchinbi.ru
ilkinbi.ru

# Reference: https://twitter.com/Cyber0verload/status/1628689600959979522
# Reference: https://twitter.com/Cyber0verload/status/1628689657079685120

ilmazbi.ru
inalbi.ru
intigambi.ru
iskanderbi.ru
kamranbi.ru
kamshadbi.ru
karimbi.ru
kasymbi.ru
kirmanbi.ru
komekbi.ru
lachindo.ru
madzhiddo.ru
maksuddo.ru
mamduhdo.ru
naturac.ru
paramants.ru
quados.ru
yylmazbi.ru
zaydgo.ru
zohrabgo.ru
zyakigo.ru

# Reference: https://twitter.com/malPileDiver/status/1628893586308710402
# Reference: https://www.virustotal.com/gui/ip-address/39.202.20.197/relations

muayidpo.ru
mubarizpo.ru
munzirpo.ru
muvafakpo.ru

# Reference: https://twitter.com/malPileDiver/status/1629184400163237889
# Reference: https://www.virustotal.com/gui/ip-address/23.191.178.238/relations

murtuzpo.ru
navidgo.ru

# Reference: https://twitter.com/Cyber0verload/status/1629213253703180289

funimine.ru

# Reference: https://twitter.com/malPileDiver/status/1629511889427259394
# Reference: https://www.virustotal.com/gui/ip-address/15.232.123.105/relations

baclanas.ru
baralif.ru
dzhabrailho.ru
jofar.ru
vafikgo.ru
vahidgo.ru

# Reference: https://twitter.com/malPileDiver/status/1630288768484687875

muazpo.ru
muntasirpo.ru
murtuzago.ru
trwzwq.ru

# Reference: https://twitter.com/Cyber0verload/status/1630312277332115456
# Reference: https://www.virustotal.com/gui/ip-address/170.64.146.162/relations
# Reference: https://www.virustotal.com/gui/ip-address/174.236.130.129/relations
# Reference: https://www.virustotal.com/gui/ip-address/39.202.20.197/relations

fanatas.site
mirzapo.ru
mohsenpo.ru
muhtadigo.ru
murtadipo.ru
muslimgo.ru
mutazgo.ru
nadzhigo.ru
getfile71.mirzapo.ru

# Reference: https://www.virustotal.com/gui/ip-address/195.133.88.46/relations

interference27.ambarcumgi.ru
pepper12.veligo.ru

# Reference: https://www.virustotal.com/gui/ip-address/137.184.131.188/relations

openastextstream71.muhtadigo.ru

# Reference: https://twitter.com/Cyber0verload/status/1630548770675998721
# Reference: https://www.virustotal.com/gui/ip-address/89.23.107.153/relations
# Reference: https://www.virustotal.com/gui/file/e7985ef38485466debc941a747f47739f014d5b43be2100b45535fa8364ff48b/detection

goat11.gochagdo.ru
prevail35.miltras.ru
ambiguous.goat11.gochagdo.ru
endanger.prevail35.miltras.ru
/OHORONAPRAVLYUD/amongst.ma

# Reference: https://www.virustotal.com/gui/ip-address/81.19.140.122/relations

30declared.geydardo.ru
31declared.geydardo.ru
ambiguous11.gahramando.ru
classic49.gayado.ru
decisive.hungzo.ru
energy70.gochagdo.ru
fileexists42.dovlatho.ru
fileexists92.dovlatho.ru
function66.dovlatho.ru
sounding32.gayado.ru
endlessly.ambiguous11.gahramando.ru
perfection.sounding32.gayado.ru
print.energy70.gochagdo.ru
rehearsal.classic49.gayado.ru

# Reference: https://twitter.com/malPileDiver/status/1630612030121033741

muhtargo.ru

# Generic

/LAPTOP-ATFIHP9Q/alternate.sis
/LAPTOP-ATFIHP9Q/alternate/penholder/previous.sis
/LAPTOP-ATFIHP9Q/alternate/penholder/
/LAPTOP-ATFIHP9Q/alternate/
/LAPTOP-ATFIHP9Q/previous/penholder/penholder/alternate.sis
/LAPTOP-ATFIHP9Q/previous/penholder/penholder/
/LAPTOP-ATFIHP9Q/previous/penholder/
/LAPTOP-ATFIHP9Q/previous/
/WIN-NKDT573S45D/needlework.vp
