# Copyright (c) 2014-2023 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: ostap, sload

# Reference: https://www.proofpoint.com/us/threat-insight/post/sload-and-ramnit-pairing-sustained-campaigns-against-uk-and-italy

maleass.eu

# Reference: https://twitter.com/VK_Intel/status/1021453551975817217

wjcqsstycdujc.eu

# Reference: https://twitter.com/reecdeep/status/1136581953770205185

casasmocambique.com

# Reference: https://twitter.com/reecdeep/status/1138006570934185987

consciousrevolutionist.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1167351884367237120

/angola/mabutu.php

# Reference: https://twitter.com/reecdeep/status/1172122826251415552

cvrwe.eu
ijve.eu
rdtber.eu
uilomiku.eu

# Reference: https://twitter.com/reecdeep/status/1185090113929388032

bohuffsite.com

# Reference: https://twitter.com/reecdeep/status/1186179780468719617

howeconsultingsf.com
nvroe.eu
rtexo.eu

# Reference: https://app.any.run/tasks/b6f6bfe1-c483-46c5-8abc-899c1e08f5d5/
# Reference: https://www.virustotal.com/gui/file/148d74e453e49bc21169b7cca683e5764d0f02941b705aaa147977ffd1501376/detection

dempoloka.com

# Reference: https://twitter.com/reecdeep/status/1192094807470030848

avs.bohuffsite.com
bohuffsite.com

# Reference: https://twitter.com/reecdeep/status/1216640918067056640

clubdeajedrezmatamoros.com

# Reference: https://twitter.com/reecdeep/status/1216659090941915137

hnerert2.eu
nweryh2.eu

# Reference: https://twitter.com/reecdeep/status/1221703060256325633
# Reference: https://twitter.com/reecdeep/status/1221708126824562689
# Reference: https://twitter.com/CertPa/status/1221774114446368774
# Reference: https://www.virustotal.com/gui/ip-address/185.197.74.169/relations

cramelcorp.com
delight-plus.com
hnerert.eu
hnerert1.eu
hnerert3.eu
nweryh.eu
oilkjhg.eu
turthgr.eu
tuyukj.eu
uybwer.eu
uyikjtn2.eu

# Reference: https://www.proofpoint.com/us/threat-insight/post/sload-and-ramnit-pairing-sustained-campaigns-against-uk-and-italy

cflfuppn.cn
ellapod.eu
xityeksmwi.eu

# Reference: https://twitter.com/reecdeep/status/1252531768462319617

nephemp.com/neplod/02581650393.jpg
joplock.eu
zarwrite.eu

# Reference: https://twitter.com/guelfoweb/status/1252552464651468801
# Reference: https://twitter.com/malwrhunterteam/status/1253347810537353217

zoomovers.com/momo/
woodlandislamiccenter.com/disop/

# Reference: https://twitter.com/VirITeXplorer/status/1259752786599829504

ptankers.com
bilkas.eu
tarfros.eu
illionback.eu
zapforyou.eu

# Reference: https://twitter.com/reecdeep/status/1277921837146652673

hnmrtew.eu
nerfvbg.eu

# Reference: https://twitter.com/reecdeep/status/1282637448699416577
# Reference: https://twitter.com/rootella_/status/1282570904539738112

lwyhef.eu
mzgotech.com
ponmer.eu

# Reference: https://www.virustotal.com/gui/file/3e9720f20d45daddeffbdff3a6543d0e12a75f323b5172c30bb2b7b16c277319/detection
# Note: ```/.well-known/pki-validation/w.php``` belongs to ```lokibot.txt``` trail

/.well-known/pki-validation/2c.jpg

# Reference: https://twitter.com/reecdeep/status/1305399383911997441

cvbyti.eu
uykjhfgn.eu

# Reference: https://twitter.com/JAMESWT_MHT/status/1305480728684232704
# Reference: https://www.virustotal.com/gui/file/147e1d26153de7bd5033968d64104bb9df597d1913f237f4f5b172f06414b775/detection

alkwti.com
designologyng.com
devopotamus.com
idrivehrcenter.com
innerearthartistry.com
sapphireloading.com
unequipoganador.com
weavehairstyle.com

# Reference: https://www.virustotal.com/gui/domain/geundik.com/relations
# Reference: https://www.virustotal.com/gui/file/6cc54a52311cd07394327c4e1b4f6aee3797665200f215abfaf4607b71829757/detection

geundik.com

# Reference: https://twitter.com/VirITeXplorer/status/1348551960941776896
# Reference: https://twitter.com/JAMESWT_MHT/status/1348569630449790978
# Reference: https://www.virustotal.com/gui/ip-address/185.156.172.108/relations
# Reference: https://www.virustotal.com/gui/file/cac189a5012b3ca0c2b420d5dcbadd0b20d377514baf4450219e37e19363e2ae/detection
# Reference: https://www.virustotal.com/gui/file/d61754005944686cef24924802bd7c192ee11f3e222f3f2b4a321a2cebc61dc6/detection
# Reference: https://www.virustotal.com/gui/file/f4e443285e418182fe8f11f755957ca096db495c94a1946bca1d69f0e29e8de1/detection
# Reference: https://www.virustotal.com/gui/file/d1e8b81e6f2874db743397c4fe0346a886b8539c4e0bb9a67a1ec4e2866fd678/detection
# Reference: https://www.virustotal.com/gui/file/d5ff868de414488362507dfc8a20f3df47114da6c5518ac0be9bd216bee01e59/detection

antivirucidal.com
belfetproduction.com
cxminute.com
ladiesincode.com
letonguesc.com
univirtek.com
ryunrth1.eu

# Reference: https://twitter.com/VirITeXplorer/status/1412000658698477568

opoietj.eu
sertyty.eu

# Reference: https://www.virustotal.com/gui/file/7f0195a75477d51b4f28d8509cbda22c2611d75e877276859498b074b773c322/detection

chinghsiang.com

# Reference: https://www.virustotal.com/gui/file/9655ea42cd676422eca02ae2c81c9caa7f1d7667d7c6e37d47733be16bda0045/detection

floridaprotiles.com

# Reference: https://www.virustotal.com/gui/ip-address/146.70.35.206/relations

compucema.com
jrsawesomebuilds.com
laserunlimitedindia.com

# Reference: https://www.virustotal.com/gui/ip-address/185.80.53.202/relations

bthfdr.eu
bthfdr1.eu
dgrtj.eu
erthgyrteh.eu
fgjusatik.eu
gjyke.eu
gyoin.eu
hjrdsyj.eu
hjui.eu
kuyikryf.eu
kuyikryf1.eu
rebnow1.eu
reybve.eu
rtyht.eu
ryunrth.eu
tytrgv.eu
tytrgv1.eu

# Reference: https://www.virustotal.com/gui/file/b23d4059edb249e79913e27a7e166017d4a50bb6f1220ef175830826d9b484a4/detection

http://195.123.241.180
/kiytrscuvbuytnkudjvt/

# Reference: https://www.virustotal.com/gui/file/81404cb0efe62dd91dbf7259d34fa1577cd2d74c353a4cc1a9b7eede24720592/detection

tuktuk24.pw

# Reference: https://twitter.com/vinopaljiri/status/1481707473534951428
# Reference: https://bazaar.abuse.ch/sample/e39c7edbd6d906a8c2c3b5bd2825dd11b7e0ca57a80802da11c202f9a5154c13/#comments
# Reference: https://www.virustotal.com/gui/file/7e1f267168a9c065009aedae592610e35c37eb59a04167bb5d982ca54fab2536/detection
# Reference: https://www.virustotal.com/gui/file/62128124274283114c9e1a4ee695bdbb3ef9892d8588830820dd2049bcb054d7/detection

http://193.56.146.34
193.56.146.34:6666
193.56.146.34:7777

# Reference: https://twitter.com/reecdeep/status/1490667104705650688
# Reference: https://www.virustotal.com/gui/ip-address/185.117.91.147/relations

hgjui.eu
hkjt.eu

# Reference: https://www.virustotal.com/gui/file/affe48775d86f29b81657a2d916ea72d9ea313286487df3f455523db1abc4992/detection
# Reference: https://www.virustotal.com/gui/file/d863704583bd135ddb01295ec8df0d7e23b7d036dd29205433f976c447b31ea4/detection

energyreviews.info

# Reference: https://www.virustotal.com/gui/file/84c88c3462ce8586c3123bbf0eb330e7ede6cc334ca29eccfd593ac54a612f89/detection

hostlan.ddns.net

# Reference: https://www.virustotal.com/gui/file/701a3bea607466d8695b0529154db8ad8f612079cc387e170a379df22fd26423/detection

documentfiles.org

# Reference: https://www.virustotal.com/gui/file/862f90934b1e70fcba4d100ec6a2525e72fc9f5564ca578f8b638144995d98f4/detection

culiacanmexapp.com

# Refereence: https://twitter.com/malwrhunterteam/status/1505117542284673029
# Reference: https://www.virustotal.com/gui/file/8b78abdcbf1f920e48cd6b2f0f98f054722aeed85dad2156510c7345dc79adb1/detection
# Reference: https://www.virustotal.com/gui/file/eaf65589091d918eed715bfdcdc58693003bde48ebbb251a7bc4e55a52ba83a5/detection

webtenders.top
39eedg.webtenders.top
86eiwv.webtenders.top

# Reference: https://www.virustotal.com/gui/file/fc95c2c59d3abdff84fbf0bae9f65a24e2f3b27096134a425f58ff9bf9eca9ea/detection

md2022.3utilities.com

# Reference: https://twitter.com/reecdeep/status/1506170018437992453
# Reference: https://www.virustotal.com/gui/ip-address/185.117.91.152/relations

nmhholiut2.eu
pluner.eu
trehge1.eu
yjtyhm2.eu

# Reference: https://twitter.com/reecdeep/status/1513468470041661442

tyhretj.pw
tutyjk.eu

# Reference: https://www.virustotal.com/gui/file/45fbcd97f558df487706a5efee45fcd56a53d6d0225c4da2b3f5e07f44d6573c/detection

199.102.48.251:1433
sql8001.site4now.net

# Reference: https://twitter.com/f3d__/status/1526134628993716225
# Reference: https://www.virustotal.com/gui/file/04c5bd98c76723f2dc52ed506de1aadcd9c523655ee290954ded5064557a79b3/detection

jopkerto.tech

# Reference: https://www.virustotal.com/gui/file/013ad204ea94407ae80f99de9d790b1dc4881a228b841ff2a7edafe327971891/detection

powerdust.digital
restoreuseroffers-api.com

# Reference: https://www.virustotal.com/gui/file/49b6d7bcd5df2820a565cb74d420aa9bebca88a5ef77e5cb512996a064be33ec/detection

http://54.254.255.10

# Reference: https://www.virustotal.com/gui/file/a2bc4705df30cf44e95978b9ae8f48b5a79b2d43e42a87ad3e7bfdad23aad5fe/detection

199.102.48.248:1433
sql8003.site4now.net

# Reference: https://lists.emergingthreats.net/pipermail/emerging-sigs/2022-May/030669.html

truecolor8.xyz

# Reference: https://www.virustotal.com/gui/file/b20f82311894af0f53a50b90959503676f95ccea983a331acc4ef23a300c5383/detection
# Reference: https://www.virustotal.com/gui/file/4e0c08afd422a68d4908cd18f47694e089f916e81d53e05adfb2ddf689be5927/detection

http://170.187.237.76

# Reference: https://www.virustotal.com/gui/file/0926c663a25cbea1ce98b2ec061c31b7493ab6494f5c6c6c765576da139d5896/detection

5.206.224.233:445

# Reference: https://www.virustotal.com/gui/file/d9d32cc03cd04e5b2bd3f1158424451b253880d139c0309e13170f353d1ab51a/detection

sanggap.vn

# Reference: https://cert-agid.gov.it/wp-content/uploads/2022/06/sLoad_09-06-2022.json_.txt

bertfhop.eu
bertfhop1.eu
bertfhop10.eu
bertfhop11.eu
bertfhop12.eu
bertfhop13.eu
bertfhop14.eu
bertfhop15.eu
bertfhop16.eu
bertfhop17.eu
bertfhop18.eu
bertfhop19.eu
bertfhop2.eu
bertfhop20.eu
bertfhop3.eu
bertfhop4.eu
bertfhop5.eu
bertfhop6.eu
bertfhop7.eu
bertfhop8.eu
bertfhop9.eu

# Reference: https://www.virustotal.com/gui/file/3a4356af5c91c4e46877dacb2b88502763dfc1af0064339fa7f2b9bdad11cf78/detection

supportcheck-dns14.ga
wilkino.ml

# Reference: https://twitter.com/malwrhunterteam/status/1536428969188261890
# Reference: https://www.virustotal.com/gui/file/20d194fe98e33e152bd6a652188bb0da42e243780e718f88999fa1d4029b0f81/detection

coalminners.shop

# Reference: https://www.virustotal.com/gui/file/2e9fe6cb074abe9e4d34ca1ce2ab1e4da5f55d70ceaa349a96df00a6e2502379/detection

liveonedgessprinkle.xyz

# Reference: https://www.virustotal.com/gui/file/ab790bf86be272ed47cd9c13f060a8bf28e4d424d7716780f9e8fb27301212bd/detection

riquepuge.xyz

# Reference: https://www.virustotal.com/gui/file/12eb1cec67cb261d33c202f79ba0fad5468aaa3fcfc76f663b1618f3a7ece58c/detection

heltayokke.temp.swtest.ru

# Reference: https://twitter.com/malwrhunterteam/status/1539331504081453057
# Reference: https://www.virustotal.com/gui/file/d5fc8f42b8ec97ce6ae6007b994c855dd2b07e98697d0c2d2990d9b080d044c1/detection

http://185.66.88.250

# Reference: https://cert-agid.gov.it/wp-content/uploads/2022/06/sLoad_30-06-2022.json_.txt

caretui.eu
hgrtjutyik.eu

# Reference: https://tria.ge/201130-hvly2vhsjs/behavioral1

estebankott.com

# Reference: https://tria.ge/201123-tcqt2tttye/behavioral1

fhivelifestyle.online

# Reference: https://tria.ge/201123-m56x24578n/behavioral1

owensii.com

# Reference: https://cert-agid.gov.it/wp-content/uploads/2022/08/sLoad_01-08-2022.json_.txt

fdhtyi.eu
fredcoi.eu

# Reference: https://twitter.com/StopMalvertisin/status/1567358749672902659
# Reference: https://twitter.com/ffforward/status/1567405904240181248
# Reference: https://www.virustotal.com/gui/file/c08ba7c0297cd515c5a24918f6e1ec705b72cdeea40078494d8b51de447b6b8c/detection
# Reference: https://www.virustotal.com/gui/file/c43dfda63e6e534776eb24d284d0bdf21115181b49d6e31091de795d957cb5fc/detection

azure-company.net
cloud.azure-company.net
d.azure-company.net
secure.azure-company.net
word.azure-company.net
world.azure-company.net

# Reference: https://www.virustotal.com/gui/file/dc6c402f9d2caa06d694279015602cb4731015b11ac44abeec9c093bed198b7d/detection

88.151.101.56:8889
s2mail.hu
blowjob.silentsignal.hu

# Reference: https://www.virustotal.com/gui/file/d36e6effd2db4d5a34016d492a08142994fafdc24dd65631c240efa3cc7fa56a/detection
# Reference: https://www.virustotal.com/gui/file/77af67e929da5ffb9cbec2effb7aa30d2af75d6bef2a5aff82501d86792605fa/detection
# Reference: https://www.virustotal.com/gui/file/60c152156f1f993f8aa4ab6b7266afe086f843a369f3253b87452f1b4ffbc795/detection
# Reference: https://www.virustotal.com/gui/file/187e9e08f1237fbfe27e7c60efb24aeb110e1d2747a612dff900d5729cfc1c42/detection

raysend.ddns.net
/1100914_cgmh
/1110804_promate
/1110915_tcbbank
/1100914_cgmh/
/1110804_promate/
/1110915_tcbbank/
/1100914_cgmh/att.php
/1110804_promate/att.php
/1110915_tcbbank/att.php

# Reference: https://www.virustotal.com/gui/file/29b3cf17d3b9bbfc858e027f988bd7077c67b1dc2d9fc240892e868b5097f4f2/detection

101.99.90.117:8080

# Reference: https://www.virustotal.com/gui/file/66b9071271d849ed6168a0987d3f1a626926fee7b6031b3868d8da0b344c1f95/detection

http://45.77.248.204

# Reference: https://www.virustotal.com/gui/file/eedb863078dbdbd83a0d52d86dd779f27115360e17676e539602f4e1a8c9437c/detection

http://195.133.18.63

# Reference: https://www.virustotal.com/gui/file/9c8d007d755dc44d07bf97acf187252a5a3691fc91e3810b7d1d4710dbbdf886/detection
# Reference: https://www.virustotal.com/gui/file/bccdf089864bc3a209ee2e659952905904a963945e5b52a515f88f9556145228/detection

tahtsaasdasdasdawedw234135asdsadsadsadsadasyeetwebhoost000.com
/yeet/thatsthek3253255435inglu345345435211343243232432432234er.html
/thatsthek3253255435inglu345345435211343243232432432234er.html

# Reference: https://www.virustotal.com/gui/file/eeaa829e42e608e845c8d0a048d8e57ddbf56ed9c86733dc8af47a244a7fd3ec/detection
# Reference: https://www.virustotal.com/gui/file/c9f0a470c33a36cc76ebe89ef9055dca4cebb217735ca1564f9aaa435bb6fb5c/detection
# Reference: https://www.virustotal.com/gui/file/2b6f03e06241154c2ef9f527da05250f7ae280ce8bcc54b4bfad70977cdc48ab/detection

tahtsayeetwebhoost000.com
/thatsthekinglucifer.html

# Reference: https://www.virustotal.com/gui/file/1acc2cd58dc3088174722758ae80c643badaec512af4b847b89d8fd9354af224/detection

konyahaberler.xyz
dicomm-001-site35.ctempurl.com
/anesrq/
/hxjxxwav/
/nlbzyhfs/
/pmslsda/
/tfbgl/

# Reference: https://www.virustotal.com/gui/file/17f597ac79d80d40d89530d14ef9e1128e11ea0f9521c18b2808d74c91c5ee85/detection

w67270es.beget.tech

# Reference: https://www.virustotal.com/gui/file/056b316197c959d0f8af89dcd0940b6aa3dd9679bf6776adf27d2d130303493a/detection

i92951pr.beget.tech

# Reference: https://twitter.com/h2jazi/status/1583462430780182529
# Reference: https://gist.github.com/usualsuspect/2daa864841a06f50e199930e5898611b
# Reference: https://www.virustotal.com/gui/file/e58103f462174deb92790c59d4e412f032818651b703c84c3ee38e70cc49511d/detection
# Reference: https://www.virustotal.com/gui/file/eac98b403ca300e25f9bbcca474f39ca7495c61a4c86b259e4e0df2bfabd565e/detection

http://64.44.135.5
/online_998212.php
/register_219921.php
/upload_887741.php

# Reference: https://www.virustotal.com/gui/file/673883ceb7adf30ad980e5e51b7515414becba3b5f6b96068dc4d35b092799fe/detection

apitucariamod.tk

# Reference: https://lists.emergingthreats.net/pipermail/emerging-sigs/2022-November/030797.html

download.agency

# Reference: https://twitter.com/1ZRR4H/status/1590745721783087104
# Reference: https://www.joesandbox.com/analysis/1110451#iocs
# Reference: https://www.virustotal.com/gui/ip-address/162.0.232.115/relations

ad-sweden.com
easynsecureinvest.com
sunat-mail.xyz
sunat-pe.store
sunat-pe.xyz
gringox1.chickenkiller.com

# Reference: https://www.virustotal.com/gui/file/18a93ea98b124495d6bd81df64b1871d461f90f1c895b291238e233f87720707/detection
# Reference: https://www.virustotal.com/gui/file/457f1b161cd8b64b34f83155815f4e521c35395d9c1192ae21df5ce8784e6982/detection
# Reference: https://www.virustotal.com/gui/file/d053fc782cf5ebd34469ac390c557eb24394cb9efdf06b542e9da9ce23b99635/detection
# Reference: https://www.virustotal.com/gui/file/132e9fd665e88ab0884befa3c3ca6bd75ec788dbe9499b99c1246ea22a4140b0/detection
# Reference: https://www.virustotal.com/gui/file/18a93ea98b124495d6bd81df64b1871d461f90f1c895b291238e233f87720707/detection
# Reference: https://www.virustotal.com/gui/file/ae6189de6a562bdfcb338fdbcce6da8529e997e8f76be6daf865f7fdf895d9c1/detection

trock2.xyz
trock3.xyz
trock4.xyz
zairtaz.com

# Reference: https://www.virustotal.com/gui/ip-address/45.61.136.68/relations
# Reference: https://www.virustotal.com/gui/file/ceb0b6871855e86846c8a8f41d1aac362461bf6f7a35bb62edd5e362e45a85f3/detection
# Reference: https://www.virustotal.com/gui/file/39e9ca4f263b9b58cf62a8dc422184b9737448e7a281d41d6315a596b4ae3e96/detection

45.61.136.68:8443

# Reference: https://www.virustotal.com/gui/file/3730f842e22fb8208fc2b2e7ae2a50e51bd1eada82257172076cb16ddf99fc62/detection

necrobod.top

# Reference: https://twitter.com/malwrhunterteam/status/1597924083899170822
# Reference: https://twitter.com/malwrhunterteam/status/1597935776381423616
# Reference: https://www.virustotal.com/gui/file/8e195903baa4f7d5f30c20f95706a1cd669e49a73a300f270304abe996e511a6/detection

enoclima-001-site1.htempurl.com
systemspro-001-site1.etempurl.com

# Reference: https://twitter.com/malwrhunterteam/status/1620853142077456384
# Reference: https://www.virustotal.com/gui/file/bd743e9e8171a8a0feea98e293ea372cfd5b328e6bec9e534f210bd7f94fbe1c/detection

comfort-001-site1.dtempurl.com
roniltd-001-site1.ftempurl.com

# Reference: https://www.virustotal.com/gui/file/6f21b0d86f14bfc37b67da2377ba5836eff98ed12ccfc65c0a772ed9782e9122/detection

http://54.39.233.130

# Reference: https://twitter.com/k3yp0d/status/1601883693131468800
# Reference: https://www.virustotal.com/gui/file/ae532935a45eb3637d5346d5e6b3a4645863d2d27e557f90457c5fa3c7429ade/detection

http://185.97.118.249

# Reference: https://twitter.com/malwrhunterteam/status/1602395550975918113
# Reference: https://twitter.com/malwrhunterteam/status/1602420210711105536
# Reference: https://www.virustotal.com/gui/file/34f2970bbb70a0f2efa74c4614cfd002a58433b5178b98b194969871ddee050f/detection
# Reference: https://www.virustotal.com/gui/file/94c41f453c2755b682fbcdd807061f753c5cf2ba5a14aafe251e565f938a797e/detection

188.120.235.227:443
62.109.25.230:443

# Reference: https://www.virustotal.com/gui/file/413d45477384c1461ca6f84a771479ee91a12474ccfe35d051f184785c2d9362/detection

nacimbio.com.ru

# Reference: https://twitter.com/malwrhunterteam/status/1603734566660882432
# Reference: https://www.virustotal.com/gui/file/5db4afa2773dc7fe62fbad37f966a292065d39990678a2a481264c91e8674f15/detection

fernandagomes.mom
meaa2v.fernandagomes.mom
p6agz.fernandagomes.mom
w8uenr.fernandagomes.mom

# Reference: https://www.virustotal.com/gui/file/a132d8b608ed740dbc38d8f79a785935fd9d209153b187b85842c0ebbbd779b2/detection
# Reference: https://www.virustotal.com/gui/file/95920d7b8adb29f59731ceb6aa8d69799875a398fa7814983a86be66c85cc087/detection

form-results.net

# Reference: https://www.virustotal.com/gui/file/079bf93dcaacbf1bb3ce5b5318157414f3cb65fc9a72312c700311caf752880c/detection

stronghoodserver.xyz

# Reference: https://www.virustotal.com/gui/file/8a5c880b1bdc4499d827536d67c5905553a138de27e780a4ef1d5c0dafeaf311/detection

http://185.20.186.53

# Reference: https://twitter.com/VirITeXplorer/status/1605208471586086912
# Reference: https://www.virustotal.com/gui/file/0e87250ee492e4380e288ef7f8f7a66d5b764578bbbe74eaff738a81045d5e38/detection

nibpur.com

# Reference: https://twitter.com/SBousseaden/status/1605893068045144066
# Reference: https://twitter.com/SBousseaden/status/1605898074454429702
# Reference: https://isc.sans.edu/diary/29376
# Reference: https://www.virustotal.com/gui/ip-address/31.41.244.53/relations
# Reference: https://www.virustotal.com/gui/ip-address/31.41.244.54/relations
# Reference: https://www.virustotal.com/gui/ip-address/31.41.244.55/relations
# Reference: https://otx.alienvault.com/pulse/63a5b253fafdcb6eb69c5c7d
# Reference: https://www.virustotal.com/gui/file/029210065e177399d8e84248e30e6edea12a6f8a80ac9f42a97c308d48599294/detection

http://185.163.45.221
http://195.133.196.230
http://195.2.81.70
http://46.151.24.226
acehphonnajaya.com
dogotungtam.com
israelifrenchbulldogs.com
aerjlakerl.online
aerrkaler.online
ajerlakerl.online
aseroqpwrrtl.online
baherlakerl.online
boleriaae.online
cklicverto.space
cklicverto.website
coldcreekranch.com
daerkalero.online
daeroqioalerk.online
daeroqpwrola.online
erqowwela.online
erquipoe.online
gaherlaler.online
getherkae.online
hetriaelr.online
oferialerkal.online
qweiaoer.online
reajksrltr.online
therkaler.online
tyaerahger.online
zaeroalerk.online
bandaiosk.site
bolumbernar.site
casanistent.site
clovenant.site
coronentask.site

# Reference: https://twitter.com/fr0s7_/status/1605908087562436611
# Reference: https://asec.ahnlab.com/en/46865/
# Reference: https://otx.alienvault.com/pulse/63dd0dfabe956f4746fa7816
# Reference: https://app.any.run/tasks/43bd77b6-f553-41f3-b134-ef39e420c39a/

fastfilestore.com
filecompact.com
filetodownload.com
filedowns.net
the-fast-file.com
naver.filetodownload.com
naver.filedowns.net

# Reference: https://www.virustotal.com/gui/file/1af9b6d0955fce9f86d7874dea1f63ddd3dd7abe774430a555703457b5c04ca8/detection

8llc.net

# Reference: https://www.virustotal.com/gui/file/13834a3234d31cb5d15bafaa76fe496756abd2c742c27b317a834b8ba2fd1c31/detection

1otal.com

# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-12-28-IOCs-for-NetSupport-RAT-infection.txt

http://79.137.202.132

# Reference: https://twitter.com/sakaijjang/status/1609072061691068416
# Reference: https://wezard4u.tistory.com/6314 (Korean)

http://162.202.12.69

# Reference: https://twitter.com/StopMalvertisin/status/1612686998380367872
# Reference: https://www.virustotal.com/gui/file/d93914b0a18ba85eb17b8b9ac2fff89af58671b9291d86d85b799fd9f1c5f37f/detection

donew-order.com
wintop-rus.com

# Reference: https://twitter.com/malwrhunterteam/status/1613974272929562648

2hook2hook.tk

# Reference: https://www.virustotal.com/gui/file/8574472a406c42402e4ccc2d1130a243267421787052e2bf308184860735e4b0/detection

justatmeis.life

# Reference: https://www.virustotal.com/gui/file/ff94d073b6b56b97b73e0e4b41fd391a8a341ef55c699b1cceee2363de817bdc/detection

141.95.84.40:3000

# Reference: https://www.virustotal.com/gui/file/f80699c3fd7eaeeb520e30674bd728d2050e61735c8202bfdafab115529318c2/detection

141.95.84.40:6666

# Reference: https://www.virustotal.com/gui/file/b70e128727f97cf565488c4ec88fbf441e756708c45a9a00d4e0a03a00270a79/detection

141.95.84.40:3080

# Reference: https://www.virustotal.com/gui/file/a4b62b658e2f2bf3c2325549d400e09f17afd8b30482aef6355e93adc71ae534/detection

141.95.84.40:1111

# Reference: https://www.virustotal.com/gui/file/57a4f08b3418d83dea03950e0278dba7e3d43de03d6f34d76ad5dd66ca5dc5c5/detection

141.95.84.40:8880

# Reference: https://www.virustotal.com/gui/file/51827193b9913cf02906d5a816b7a623795d2b2e3c7573398d625365e9264bca/detection

141.95.84.40:4783

# Reference: https://www.virustotal.com/gui/file/28023f9c0eefe5e47193e2980e06f93c3e50d2e64273a54cabe47f3011702036/detection

teams.root.sx

# Reference: https://www.virustotal.com/gui/file/75177399e434689c236cb7341b30de17b7f98e301023eadcad1ebb4df93ec968/detection

5.3.139.29:12000
5.3.139.29:8020
9bit.root.sx

# Reference: https://www.virustotal.com/gui/file/0857a8d13d35ce4155c3bf20d43ca5417642dba1fa9cd62a6826156db83509f4/detection

http://172.174.176.153

# Reference: https://www.virustotal.com/gui/file/01ebbab4f468bbdec6d537ee0cfd16a99f635e71697e5d93772a6da0fa49c351/detection

lesav-m.keenetic.pro

# Reference: https://twitter.com/malwrhunterteam/status/1620544434822877184
# Reference: https://www.virustotal.com/gui/file/fa96d202d7d709fa13f5ee0810d03c85ec66b1a842938582de0286da9302194c/detection

http://3.127.208.155

# Reference: https://www.virustotal.com/gui/file/0ca5123f5eda465db9f90003f8ff8bc77afaa88034a0b64564bcd4d96718e573/detection
# Reference: https://www.virustotal.com/gui/file/dd70cde84fe271d20c2ddd38445f58004f3f07ab49960f7d7d9da6f43c9cf107/detection

20.100.173.74:6102

# Reference: https://twitter.com/JAMESWT_MHT/status/1626246267142651906
# Reference: https://app.any.run/tasks/52c2a12d-980f-42d4-b6b9-01ef797afa88/
# Reference: https://www.virustotal.com/gui/file/02c0287ef7e582ab40149de264782b6e6d8aaa853aaf773b25749fa41e056a2b/detection

lijosa.com
uqeu7tir7m4k1lz0phdr.com

# Reference: https://www.virustotal.com/gui/file/9efd9ba4ed7a9f2f5861bff81547c53d1b70e0c0ecfa1ccc9610a75a761681ce/detection
# Reference: https://www.joesandbox.com/analysis/993278#iocs

kzeaqky6axif3jukzx7jj7ylhfgtytpb3xeojsfigogriyv6bv3cimyd.onion

# Reference: https://www.virustotal.com/gui/file/e390d6e193c5d42632c920a7e57002b6f54b80ccfafd0a75c86738fa47e4a737/detection

sll.li
app.sll.li

# Reference: https://www.virustotal.com/gui/file/f854ee6b89136167029b67a2b53c55d438df3099530b352d3e7766daaba9369d/detection

http://194.180.48.211

# Reference: https://www.virustotal.com/gui/file/9a6542e7da5c82465fd053f020d82161a8995c3353b58ac9b3e085d70d9ecf8d/detection

http://62.197.136.3

# Reference: https://www.virustotal.com/gui/file/523918f3bcbecc4b5e87175a83055849780b0e52c7e846a028722b8b35461fe7/detection
# Reference: https://www.virustotal.com/gui/file/8532a585baee116f9dda34ee3cf73c3dd50ba510bcd242a48dd113f23c512280/detection

20.187.104.130:3849
20.187.104.130:3857

# Reference: https://www.virustotal.com/gui/file/91039f60586fb846a6139fd5f1d6ce353c677b3776029494783d52d13c72d4fc/detection

20.164.207.94:1020

# Reference: https://www.virustotal.com/gui/ip-address/79.124.8.24/relations
# Reference: https://www.virustotal.com/gui/file/84868d405a26268627b642c3affc62595f9b45ab31e60df6e50a98bce70e1dc6/detection
# Reference: https://www.virustotal.com/gui/file/697bc999409c87f4ef4c5310764f8a129bbf35757540fc2a696020a34e0fecd8/detection
# Reference: https://www.virustotal.com/gui/file/b87af77c70fa7eeb039a0469ec2ed2a782f193c39459d851428d68377f328d30/detection

newinsurancejob.ru
newinsurancejob1.ru
newmakingmoney2.ru
newmakingmoney3.ru
serverdard.ru
serverdard1.ru
serverdard3.ru
stubuploadbykukuru.ru
stubuploadbykukuru1.ru

# Reference: https://twitter.com/wwp96/status/1628126394487300096
# Reference: https://app.any.run/tasks/bcf7055c-4d1a-4cc6-a7c1-a3656b61627a/
# Reference: https://www.virustotal.com/gui/file/2c814c61891a1b3b9067b82b5357d13505b4ced6fd827fdde4c3116efb3f9cef/detection

http://104.156.149.6
mandalorecnote.com

# Reference: https://twitter.com/malwrhunterteam/status/1628415758156931074
# Reference: https://www.virustotal.com/gui/ip-address/193.42.33.121/detection
# Reference: https://www.virustotal.com/gui/file/19994528fd5ed4e5dde591bbd4c10ea69449596a75d7102c1335fa21a94f3998/detection

http://193.42.33.121

# Reference: https://www.virustotal.com/gui/file/2040a00e8ecb93a33ee59b9b9b2837225f9121280fc74f565de524c61b2c220c/detection

http://103.147.185.18

# Reference: https://www.virustotal.com/gui/file/08f49df7f9f25682078b77213fc10969ee007fe236dcf70263114d0986aa33e3/detection

178.175.142.195:54878
entropy.group
update.entropy.group

# Reference: https://www.virustotal.com/gui/file/0e4f63bdaadc18c2a261aa7524209978986266094539abbbe2f7f0e55c0aa064/detection

171.244.57.196:222

# Reference: https://www.virustotal.com/gui/file/fd25c643565fdd42bb9a9af7d965b2dcfd80a889b50526abc5e9a4fd1bab6542/detection

shoru.net

# Reference: https://twitter.com/malwrhunterteam/status/1630559634963480577
# Reference: https://www.virustotal.com/gui/file/644d41773f6bf13819d1e2c6f26f759538bf1e9ec07ae995cd166beb5cfcb907/detection

osjovanmikic.edu.rs
