# Copyright (c) 2014-2023 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Note: Continuation of /malware/apt_gamaredon.txt trail

# Reference: https://www.virustotal.com/gui/ip-address/168.100.10.184/relations

637753378561125274.mmrbjh5aksr8xcod3.moolin.ru
spcbkrndcwmwqoehn.gl1rqkipy7qgs5wn.moolin.ru
spcbkrndcwmwqoehn.mmrbjh5aksr8xcod3.moolin.ru
yegjatclcoyvxc.mmrbjh5aksr8xcod3.moolin.ru
zqm0ohac1uy.mmrbjh5aksr8xcod3.moolin.ru

# Reference: https://www.virustotal.com/gui/ip-address/162.33.178.84/relations

1enm5ltozgs.jolotras.ru
637851914820617583.jolotras.ru
637854543329144226.jolotras.ru
637856208618736747.jolotras.ru
637856496966819649.jolotras.ru
637857210652488396.jolotras.ru
637857240727359534.jolotras.ru
637857424251842757.jolotras.ru
elg9dhikreg.jolotras.ru
hfkiicwlqwzm.jolotras.ru
hvq3vxvsers3.jolotras.ru
jukmdudxk095.jolotras.ru
oxdajw1v.metanat.ru
wzl4picb0ghkvwm5n.jolotras.ru

# Reference: https://www.virustotal.com/gui/ip-address/147.182.232.150/relations

10decrepit.mexv.ru

# Reference: https://www.virustotal.com/gui/ip-address/45.95.232.71/relations

13definite.kyamalgo.shop
67delay.kyamalgo.shop
redim39.bayramgo.ru

# Reference: https://www.virustotal.com/gui/ip-address/165.22.55.231/relations

51declined.kyamalgo.shop
71deliver.kyamalgo.shop
asc27.kyanango.shop
each95.kyanango.shop
then59.kyanango.shop

# Reference: https://www.virustotal.com/gui/ip-address/164.92.117.117/relations

deliver.kyamalgo.shop

# Reference: https://www.virustotal.com/gui/ip-address/139.180.186.210/relations

deliberate.kyamalgo.shop

# Reference: https://scpc.gov.ua/api/docs/19b0a96e-8c31-44bf-863e-cd3e0b651f22/19b0a96e-8c31-44bf-863e-cd3e0b651f22.pdf

http://157.245.75.124
http://185.163.45.5
http://195.189.96.64
http://84.32.131.61
/09.01_otck/quicker.rtf
/09.01_otck/

# Reference: https://twitter.com/malwrhunterteam/status/1622655333100359686
# Reference: https://www.virustotal.com/gui/file/3c6218f32fb724603c96fed99bc9880462f9dc3c420fac01acf9c921fb08b319/detection

http://45.8.98.186
/03.02/GU/deaf.DjVu

# Reference: https://twitter.com/oneinthewild/status/1622608702061568000
# Reference: https://twitter.com/oneinthewild/status/1622647861673353216

http://137.184.101.158
http://139.59.30.132
http://140.82.56.186
http://157.230.252.20
http://159.203.164.194
http://159.223.203.36
http://161.35.93.177
http://165.232.90.200
http://45.95.232.34
http://45.95.232.35
http://5.44.42.83
http://64.227.182.62

# Reference: https://twitter.com/ThreatBookLabs/status/1622555337470672897

artashd.xyz

# Reference: https://twitter.com/oneinthewild/status/1622845785627889667

http://134.122.60.67
http://139.59.209.145
http://140.82.47.181
http://146.190.117.209
http://157.230.15.82
http://64.227.113.173

# Reference: https://twitter.com/Cyber0verload/status/1622843745300357122
# Reference: https://twitter.com/Cyber0verload/status/1622843807493414915
# Reference: https://twitter.com/Cyber0verload/status/1622843862451462144
# Reference: https://twitter.com/Cyber0verload/status/1622843903123628045
# Reference: https://twitter.com/Cyber0verload/status/1622843941388255232

bahadurdi.ru
bahtiyardi.ru
balabekdi.ru
balakshidi.ru
balasst.ru
ballydi.ru
baloglandi.ru
balusa.ru
bamdaddi.ru
bashaardi.ru
davudho.ru
gachagdo.ru
gachaydo.ru
gadirdo.ru
gadzhido.ru
gahramando.ru
galibdo.ru
gamiddo.ru
gaplando.ru
garibdo.ru
gasando.ru
gashkaydo.ru
gasyrdo.ru
gayado.ru
gedimdo.ru
geydardo.ru
giyamdo.ru
giyasdo.ru
gochagdo.ru
goshgardo.ru
malawit.ru
maxmud.ru
noiyze.ru
poladx.ru
rascol.ru
tukals.ru
vahabgo.ru
valiullago.ru
vasifgo.ru
vasimgo.ru
vatango.ru
vazirgo.ru
veligo.ru
velihango.ru
vezirgo.ru
vidadigo.ru
vilayatgo.ru
vugargo.ru
vurgungo.ru
vusalgo.ru
vuvura.ru
xamala.ru
zaskol.ru

# Reference: https://www.virustotal.com/gui/file/602a970c272a4d6710a86792906ccad8e608115fcd46ed4740df7ec2c1b0cbe9/detection

http://45.8.98.144
/07.02/ss/sensation.DjVu

# Reference: https://twitter.com/StopMalvertisin/status/1622823002286206976
# Reference: https://www.virustotal.com/gui/file/1f034ea47fcd8ffa60de37ab3dfb4c7ca981d5830b6927320b4fa966066e4dca/detection

http://188.225.31.186
/06.02/mil/never.DjVu

# Reference: https://twitter.com/Cyber0verload/status/1623008687311708160
# Reference: https://www.virustotal.com/gui/ip-address/149.28.187.38/relations
# Reference: https://www.virustotal.com/gui/file/201d5f869a952a0ebf5b63c92adb3e1a767a90bf010f0065cbd1a16285d7e4d2/detection

glove38.gayado.ru
penny.glove38.gayado.ru

# Reference: https://www.virustotal.com/gui/ip-address/61.60.41.62/relations

mirzago.shop
validgo.ru

# Reference: https://twitter.com/oneinthewild/status/1623052819350822913

http://104.248.208.144
http://128.199.42.98
http://139.180.131.10
http://146.190.150.34

# Reference: https://www.virustotal.com/gui/ip-address/170.64.154.39/relations

11delay.bamdaddi.ru
12departure.vatango.ru
13december.amasiyagi.ru
14departure.vatango.ru
16delivery.vatango.ru
16departure.vatango.ru
18departure.vatango.ru
1demonstration.artavazd.xyz
21delicate.artavazd.xyz
23depths.artavazd.xyz
26delivery.vatango.ru
26departure.vatango.ru
27departure.vatango.ru
28delicate.artavazd.xyz
28departure.vatango.ru
29delivery.vatango.ru
2departure.vatango.ru
30departure.vatango.ru
31delivery.vatango.ru
31demonstration.artavazd.xyz
31departure.vatango.ru
32delivery.vatango.ru
33degrade.bamdaddi.ru
35departure.vatango.ru
36delivery.vatango.ru
36departure.vatango.ru
36descendant.artavazd.xyz
37delivery.vatango.ru
38delivery.vatango.ru
39delicate.artavazd.xyz
39departure.vatango.ru
3demonstration.artavazd.xyz
42departure.vatango.ru
44dense.artavazd.xyz
44departure.vatango.ru
44depths.artavazd.xyz
46delicate.artavazd.xyz
46descendant.artavazd.xyz
47departure.vatango.ru
49departure.vatango.ru
54delivery.vatango.ru
59departure.vatango.ru
5delicate.artavazd.xyz
60departure.vatango.ru
61december.amasiyagi.ru
61delivery.vatango.ru
61descendant.artavazd.xyz
62depths.artavazd.xyz
63departure.vatango.ru
64departure.vatango.ru
64descendant.artavazd.xyz
65delivery.vatango.ru
66delivery.vatango.ru
67delivery.vatango.ru
67departure.vatango.ru
69delay.bamdaddi.ru
69delivery.vatango.ru
72departure.vatango.ru
74delivery.vatango.ru
74delusion.amasiyagi.ru
74depths.artavazd.xyz
75demonstration.artavazd.xyz
77defective.amasiyagi.ru
78departure.vatango.ru
79delivery.vatango.ru
7delivery.vatango.ru
80departure.vatango.ru
84defective.amasiyagi.ru
84delivery.vatango.ru
85delivery.vatango.ru
85departure.vatango.ru
86delay.bamdaddi.ru
86delivery.vatango.ru
87departure.vatango.ru
88delivery.vatango.ru
88departure.vatango.ru
88descendant.artavazd.xyz
89december.amasiyagi.ru
89delivery.vatango.ru
90departure.vatango.ru
91delivery.vatango.ru
93depths.artavazd.xyz
94delivery.vatango.ru
94departure.vatango.ru
95departure.vatango.ru
96demonstration.artavazd.xyz
97delivery.vatango.ru
97departure.vatango.ru
98delay.bamdaddi.ru
98delivery.vatango.ru
99departure.vatango.ru
9delivery.vatango.ru
9demonstration.artavazd.xyz
chr38.balabekdi.ru
close25.balabekdi.ru
getfile69.artashd.xyz
lapwork.akinot.ru
loop14.balabekdi.ru
loop56.balabekdi.ru
penobscot.soputh.ru
pigbelly.ulitron.ru
redim100.mansurgo.ru
slitter.billyhot.ru
to36.artashd.xyz
type57.mansurgo.ru
type59.mansurgo.ru
type72.mansurgo.ru
type91.mansurgo.ru
ucayale.bismutumo.ru
unapparent.bismutumo.ru
unconservative.dedspac.ru
while2.balabekdi.ru
wscript30.mansurgo.ru
wscript61.mansurgo.ru
wscript68.mansurgo.ru
wscript77.mansurgo.ru

# Reference: https://twitter.com/oneinthewild/status/1623328456967696384

http://134.209.197.124
http://134.209.33.42
http://146.190.38.123
http://188.166.220.176
http://31.129.22.25
http://45.82.13.22

# Reference: https://twitter.com/Cyber0verload/status/1623417388556328964
# Reference: https://twitter.com/Cyber0verload/status/1623417462992818176

auxza.ru
barabux.ru
dadashho.ru
daniyarho.ru
danizho.ru
dashgynrho.ru
deyanetho.ru
dilaverho.ru
dostaliho.ru
dovlatho.ru
dzharasatho.ru
dzhavadho.ru
erfanho.ru
gapolsa.ru
ruxanu.ru

# Reference: https://twitter.com/oneinthewild/status/1623422557096493062

http://137.184.189.215
http://165.232.90.224
http://178.128.127.134
http://178.128.64.143
http://68.183.200.0
http://84.32.34.69

# Reference: https://twitter.com/oneinthewild/status/1623559225497763840

http://146.190.140.96
http://146.190.60.230
http://158.247.212.220
http://165.232.78.69
http://45.82.13.23
http://45.82.13.32

# Reference: https://twitter.com/Cyber0verload/status/1623665580296269825

pldbr.com
zafirgo.online

# Reference: https://twitter.com/oneinthewild/status/1623729517058576386

http://138.68.48.251
http://146.190.150.240
http://157.245.56.218
http://207.148.108.196
http://209.250.235.75
http://84.32.188.171

# Reference: https://twitter.com/StopMalvertisin/status/1623941786665365505
# Reference: https://www.virustotal.com/gui/file/220764c59224630d91caeadfbbaadd25b3f06e69e33dc5cbf3541c288fc2455a/detection
# Reference: https://www.virustotal.com/gui/file/884d0b2753927bad6a57c3191ca5def96b2006ffe5d5924726b1f6d1aefb4bb6/detection

http://81.200.154.192
/08.02/mils/guidance.dll
/08.02/mils/preliminary.dll

# Reference: https://twitter.com/oneinthewild/status/1623941722077286401

http://143.110.166.19
http://159.89.44.189
http://165.232.73.240
http://195.133.88.27
http://206.189.2.10
http://68.183.106.61

# Reference: https://twitter.com/StopMalvertisin/status/1624040846785134592
# Reference: https://www.virustotal.com/gui/ip-address/158.247.194.46/relations
# Reference: https://www.virustotal.com/gui/file/f46bf2a1b8a6d333b73c355ee463d4dc6c55ef66bb99c2717e3a211d49b4c07d/detection

dzheyhunho.ru
soul70.dzheyhunho.ru
neck.soul70.dzheyhunho.ru
wwww.dzheyhunho.ru
wwww.soul70.dzheyhunho.ru
wwww.neck.soul70.dzheyhunho.ru
/USER-/perfectly/perfectly/beyond/perfectly/perfectly.png
/USER-/perfectly/perfectly/beyond/perfectly/
/USER-/perfectly/perfectly/beyond/
/USER-/perfectly/perfectly/
/USER-/perfectly/

# Reference: https://twitter.com/oneinthewild/status/1624037169592508416

http://158.247.194.46
http://165.22.188.144
http://5.44.42.63
http://5.44.42.81
http://64.225.79.177
http://64.227.77.123

# Reference: https://www.virustotal.com/gui/ip-address/81.19.140.42/relations

http://81.19.140.42
71.ganara.ru

# Reference: https://www.virustotal.com/gui/ip-address/66.42.55.53/relations

1386276378.ganara.ru
1431715375.pafamar.ru

# Reference: https://www.virustotal.com/gui/ip-address/108.61.192.203/relations

42358526.ganara.ru

# Reference: https://www.virustotal.com/gui/ip-address/155.138.141.211/relations

870017326.ganara.ru

# Reference: https://www.virustotal.com/gui/ip-address/84.32.190.250/relations

1204209173.hakold.ru
1440993535.pafamar.ru
1748457329.pafamar.ru
181510461.pafamar.ru
2055427177.pafamar.ru
683969564.kacep.ru

# Reference: https://www.virustotal.com/gui/ip-address/178.128.119.199/relations

1043550017.wicksl.ru
1057389483.wicksl.ru
1104029195.boraza.ru
1176266654.wicksl.ru
1224898390.wicksl.ru
1264400207.boradi.ru
1265796603.harasm.ru
1382969500.wicksl.ru
1434877464.wicksl.ru
1499231909.wicksl.ru
1526078706.wicksl.ru
1687888889.boradi.ru
1969771041.wicksl.ru
2039560734.wicksl.ru
346592704.wicksl.ru
399300951.lopasts.ru
419154341.wicksl.ru
55771717.wicksl.ru
583021842.wicksl.ru
599985847.wicksl.ru
675210863.lopasts.ru
6824204.wicksl.ru
691364703.wicksl.ru
692072180.wicksl.ru
701012767.pafamar.ru
748245639.boraza.ru
764978826.boradi.ru
875836479.wicksl.ru
894351309.wicksl.ru
930865769.wicksl.ru
956509908.wicksl.ru
login.kifales.ru
mail.kacep.ru

# Reference: https://www.virustotal.com/gui/ip-address/45.76.254.179/relations

71deployment.rhodiumo.ru
deliberate.lotorgas.ru

# Reference: https://www.virustotal.com/gui/ip-address/194.67.71.65/relations

depth.deliberate.lotorgas.ru

# Reference: https://twitter.com/peterkruse/status/1625042214920286209
# Reference: https://www.virustotal.com/gui/ip-address/211.231.29.180/relations
# Reference: https://www.virustotal.com/gui/ip-address/68.196.191.5/relations

erfango.ru
zafirgo.ru
zahidgo.ru
zakirgo.ru
zamango.ru
ziyafatgo.ru
gk.zamango.ru
ns.zamango.ru
ot.zamango.ru
xu.zamango.ru

# Reference: https://twitter.com/StopMalvertisin/status/1625031614983188482
# Reference: https://www.virustotal.com/gui/ip-address/185.143.223.190/relations
# Reference: https://www.virustotal.com/gui/file/c6f6838afcb177ea9dda624100ce95549cee93d9a7c8a6d131ae2359cabd82c8/detection

interbase11.zakirgo.ru
interbase6.zakirgo.ru
interbase9.zakirgo.ru
interbase96.zakirgo.ru
goat.interbase6.zakirgo.ru
goat.interbase11.zakirgo.ru
goat.interbase9.zakirgo.ru
goat.interbase96.zakirgo.ru
wwww.goat.interbase11.zakirgo.ru
wwww.interbase11.zakirgo.ru
wwww.zakirgo.ru

# Reference: https://mrtiepolo.medium.com/russian-apt-gamaredon-exploits-hoaxshell-to-target-ukrainian-organizations-173427d4339b

141.8.192.151:4000
141.8.197.42:4000
a0728173.xsph.ru
f0559838.xsph.ru

# Reference: https://www.virustotal.com/gui/ip-address/19.138.242.170/relations

damirho.ru

# Reference: https://twitter.com/peterkruse/status/1626458999267663872

dzhavidho.ru

# Reference: https://www.virustotal.com/gui/ip-address/137.184.189.215/relations
# Reference: https://www.virustotal.com/gui/ip-address/178.128.127.134/relations

12deploy.valiullago.ru
27degrade.valiullago.ru
28delighted.dzhavidho.ru
2dependent.valiullago.ru
36delighted.dzhavidho.ru
41depart.valiullago.ru
41departure.valiullago.ru
45delighted.dzhavidho.ru
50delighted.dzhavidho.ru
52delighted.dzhavidho.ru
53defeated.valiullago.ru
53departure.valiullago.ru
54deprive.valiullago.ru
63delete.valiullago.ru
66delighted.dzhavidho.ru
69delicacy.vatango.ru
71departure.valiullago.ru
72demonstration.valiullago.ru
77dense.vatango.ru
81dependent.valiullago.ru
85delighted.dzhavidho.ru
91depth.valiullago.ru
99dependant.vatango.ru
all70.gochagdo.ru
all76.gochagdo.ru
altitude46.ibragimo.ru
altitude47.logmango.ru
amiable74.andranikgi.ru
amiable78.andranikgi.ru
bible49.gachagdo.ru
bible50.gachagdo.ru
bicycle.council67.garibdo.ru
billion23.vasifgo.ru
clamour.altitude47.logmango.ru
clap3.vasifgo.ru
clap70.vasifgo.ru
council67.garibdo.ru
count26.vasifgo.ru
count41.vasifgo.ru
count56.vasifgo.ru
createobject83.gedimdo.ru
dim99.vurgungo.ru
elephantidae.akinot.ru
encyclopedia10.amayakgi.ru
endurance30.gaplando.ru
energy80.gayado.ru
faithfully.all70.gochagdo.ru
faithfully.all76.gochagdo.ru
false28.gayado.ru
false53.gayado.ru
false8.gayado.ru
false81.gayado.ru
false92.gayado.ru
false95.gayado.ru
fileexists28.vidadigo.ru
for79.vurgungo.ru
function74.gedimdo.ru
glow.need94.gadzhido.ru
glow33.masudgo.shop
glow80.masudgo.shop
god79.galibdo.ru
integral.low19.gayado.ru
intellectual.altitude46.ibragimo.ru
intelligence34.gayado.ru
intelligence56.gayado.ru
interdependent.energy80.gayado.ru
interference.shone10.ibragimo.ru
interference.shone100.ibragimo.ru
interference.shone32.ibragimo.ru
interference.shone33.ibragimo.ru
interference.shone40.ibragimo.ru
interference.shone43.ibragimo.ru
interference.shone45.ibragimo.ru
interference.shone6.ibragimo.ru
interference.shone67.ibragimo.ru
interference.shone71.ibragimo.ru
interference.shone85.ibragimo.ru
interference.shone9.ibragimo.ru
interference.shone92.ibragimo.ru
interference.shone93.ibragimo.ru
low19.gayado.ru
lowered94.andranikgi.ru
necklace.stooped100.ziyafat.ru
necklace.stooped16.ziyafat.ru
necklace.stooped22.ziyafat.ru
necklace.stooped23.ziyafat.ru
necklace.stooped4.ziyafat.ru
necklace.stooped7.ziyafat.ru
nectareous.bernadetti.ru
ned.bible49.gachagdo.ru
ned.bible50.gachagdo.ru
need94.gadzhido.ru
penny.glove38.gayado.ru
performance.stopper23.gochagdo.ru
perfume6.veligo.ru
pressure.false28.gayado.ru
pressure.false53.gayado.ru
pressure.false8.gayado.ru
pressure.false81.gayado.ru
pressure.false92.gayado.ru
pressure.false95.gayado.ru
priceless.intelligence34.gayado.ru
priceless.intelligence56.gayado.ru
regions72.vasifgo.ru
salary.sorry54.gahramando.ru
salvation.god79.galibdo.ru
sample.glow33.masudgo.shop
sample.glow80.masudgo.shop
savetofile97.vidadigo.ru
setrequestheader39.vidadigo.ru
shone10.ibragimo.ru
shone100.ibragimo.ru
shone32.ibragimo.ru
shone33.ibragimo.ru
shone40.ibragimo.ru
shone43.ibragimo.ru
shone45.ibragimo.ru
shone6.ibragimo.ru
shone67.ibragimo.ru
shone71.ibragimo.ru
shone85.ibragimo.ru
shone9.ibragimo.ru
shone92.ibragimo.ru
shone93.ibragimo.ru
sleep65.mansurgo.ru
sleep78.mansurgo.ru
sorry54.gahramando.ru
stooped100.ziyafat.ru
stooped16.ziyafat.ru
stooped22.ziyafat.ru
stooped23.ziyafat.ru
stooped4.ziyafat.ru
stooped7.ziyafat.ru
stopper23.gochagdo.ru
then89.vurgungo.ru
to50.gedimdo.ru
umbrose.soputh.ru
until18.gedimdo.ru
until23.gedimdo.ru
visible44.vurgungo.ru
wscript73.mansurgo.ru
wscript98.mansurgo.ru

# Reference: https://www.virustotal.com/gui/ip-address/89.185.84.79/relations

allow37.bahtiyardi.ru

# Reference: https://twitter.com/h2jazi/status/1628061981260320779

http://94.198.220.136

# Reference: https://www.virustotal.com/gui/ip-address/165.22.196.38/relations

altitude84.ibragimo.ru
altitude92.ibragimo.ru
ambiguous.could4.akpar.ru
ambition.prick55.ibragimo.ru
beverley95.ambarcumgi.ru
could4.akpar.ru
countless.endure5.ibragimo.ru
endure5.ibragimo.ru
enemies32.mamnungo.ru
fame.relate94.logmango.ru
gloves.enemies32.mamnungo.ru
goal51.ambarcumgi.ru
intellectual.altitude84.ibragimo.ru
intellectual.altitude92.ibragimo.ru
lovers.stops50.mehmango.shop
lucius.pride60.ibragimo.ru
lucius.pride63.ibragimo.ru
navy.shoe19.avvadbi.ru
needle54.avvadbi.ru
price8.ambarcumgi.ru
prick55.ibragimo.ru
prickly33.koroglugo.shop
pride60.ibragimo.ru
pride63.ibragimo.ru
princess.needle54.avvadbi.ru
relate94.logmango.ru
shoe19.avvadbi.ru
stops50.mehmango.shop

# Reference: https://www.virustotal.com/gui/ip-address/84.32.248.148/relations

primary40.agvanbi.ru

# Reference: https://twitter.com/Cyber0verload/status/1628673516177596417
# Reference: https://www.virustotal.com/gui/ip-address/208.33.106.251/relations
# Reference: https://www.virustotal.com/gui/ip-address/45.82.13.68/relations

balabac.ru
idrakbi.ru
kainatbi.ru
logmando.ru
lyutfido.ru
malikdo.ru
manafdo.ru
mansurdo.ru
mazhddo.ru
nbwfq.ru
teftons.ru
zardushtgo.ru

# Reference: https://twitter.com/Cyber0verload/status/1628683582649638913

bajax.ru
ibadbi.ru
ibragimbi.ru
ihsanbi.ru
ihtiyarbi.ru
ikrimabi.ru
ilchinbi.ru
ilkinbi.ru

# Reference: https://twitter.com/Cyber0verload/status/1628689600959979522
# Reference: https://twitter.com/Cyber0verload/status/1628689657079685120

ilmazbi.ru
inalbi.ru
intigambi.ru
iskanderbi.ru
kamranbi.ru
kamshadbi.ru
karimbi.ru
kasymbi.ru
kirmanbi.ru
komekbi.ru
lachindo.ru
madzhiddo.ru
maksuddo.ru
mamduhdo.ru
naturac.ru
paramants.ru
quados.ru
yylmazbi.ru
zaydgo.ru
zohrabgo.ru
zyakigo.ru

# Reference: https://twitter.com/malPileDiver/status/1628893586308710402
# Reference: https://www.virustotal.com/gui/ip-address/39.202.20.197/relations

muayidpo.ru
mubarizpo.ru
munzirpo.ru
muvafakpo.ru

# Reference: https://twitter.com/malPileDiver/status/1629184400163237889
# Reference: https://www.virustotal.com/gui/ip-address/23.191.178.238/relations

murtuzpo.ru
navidgo.ru

# Reference: https://twitter.com/Cyber0verload/status/1629213253703180289

funimine.ru

# Reference: https://twitter.com/malPileDiver/status/1629511889427259394
# Reference: https://www.virustotal.com/gui/ip-address/15.232.123.105/relations

baclanas.ru
baralif.ru
dzhabrailho.ru
jofar.ru
vafikgo.ru
vahidgo.ru

# Reference: https://twitter.com/malPileDiver/status/1630288768484687875

muazpo.ru
muntasirpo.ru
murtuzago.ru
trwzwq.ru

# Reference: https://twitter.com/Cyber0verload/status/1630312277332115456
# Reference: https://www.virustotal.com/gui/ip-address/170.64.146.162/relations
# Reference: https://www.virustotal.com/gui/ip-address/174.236.130.129/relations
# Reference: https://www.virustotal.com/gui/ip-address/39.202.20.197/relations

fanatas.site
mirzapo.ru
mohsenpo.ru
muhtadigo.ru
murtadipo.ru
muslimgo.ru
mutazgo.ru
nadzhigo.ru
getfile71.mirzapo.ru

# Reference: https://www.virustotal.com/gui/ip-address/195.133.88.46/relations

interference27.ambarcumgi.ru
pepper12.veligo.ru

# Reference: https://www.virustotal.com/gui/ip-address/137.184.131.188/relations

openastextstream71.muhtadigo.ru

# Reference: https://twitter.com/Cyber0verload/status/1630548770675998721
# Reference: https://www.virustotal.com/gui/ip-address/89.23.107.153/relations
# Reference: https://www.virustotal.com/gui/file/e7985ef38485466debc941a747f47739f014d5b43be2100b45535fa8364ff48b/detection

goat11.gochagdo.ru
prevail35.miltras.ru
ambiguous.goat11.gochagdo.ru
endanger.prevail35.miltras.ru
/OHORONAPRAVLYUD/amongst.ma

# Reference: https://www.virustotal.com/gui/ip-address/81.19.140.122/relations

30declared.geydardo.ru
31declared.geydardo.ru
ambiguous11.gahramando.ru
classic49.gayado.ru
decisive.hungzo.ru
energy70.gochagdo.ru
fileexists42.dovlatho.ru
fileexists92.dovlatho.ru
function66.dovlatho.ru
sounding32.gayado.ru
endlessly.ambiguous11.gahramando.ru
perfection.sounding32.gayado.ru
print.energy70.gochagdo.ru
rehearsal.classic49.gayado.ru

# Reference: https://twitter.com/malPileDiver/status/1630612030121033741

muhtargo.ru

# Reference: https://twitter.com/malPileDiver/status/1630961827860414467
# Reference: https://www.virustotal.com/gui/ip-address/65.163.236.87/relations

goodide.ru
kuycon.shop
medyn.shop
naasimgo.ru
nrtdsz.ru

# Reference: https://twitter.com/malPileDiver/status/1631370220471197696

asdcq.ru
ervcxq.ru
novruzpi.ru
nurlanpi.ru
omeyrpi.ru
omranpi.ru
osmanpi.ru
tukalaf.ru

# Reference: https://twitter.com/h2jazi/status/1631389446640640192
# Reference: https://www.virustotal.com/gui/file/ce16cbefe48f83bef0ef4f708a82b98ab9862d161d9ea2147b58605681dd8318/detection

http://81.200.156.77

# Reference: https://twitter.com/h2jazi/status/1631720818546991105
# Reference: https://www.virustotal.com/gui/file/f56e11c2a8bbfeb7f5eab1b47ee150865e358a6db9f7bb9142e3ae13570418ab/detection

http://128.199.99.145
http://89.185.84.85
2deserved.komekbi.ru
26deserved.komekbi.ru
28deserved.komekbi.ru
/snfer51/index.html
/snstance2/index.html
/snstance51/index.html

# Reference: https://twitter.com/h2jazi/status/1631720820010516481
# Reference: https://www.virustotal.com/gui/file/57b73d822558f142b73b0d52f3cca2e8c3124728b3abbe24785d1888f4f8fd7a/detection

http://143.110.176.60
http://158.247.192.235
http://164.92.211.243
/snterposed63/index.html
/snhabitant77/index.html
/snherent77/index.html

# Reference: https://twitter.com/h2jazi/status/1631723163603148804
# Reference: https://www.virustotal.com/gui/ip-address/140.82.50.201/relations
# Reference: https://www.virustotal.com/gui/file/39f30dff6e397c0c1a11e2cd3bb8f840c93627ceb0ee75fe00df2aa482d83295/detection

http://149.248.2.160
http://5.44.42.84
13description.mubarizpo.ru
52description.mubarizpo.ru
60description.mubarizpo.ru
71description.mubarizpo.ru
/srresistible13/index.html
/srresistible27/index.html
/srresistible52/index.html
/srresistible94/index.html

# Reference: https://www.virustotal.com/gui/ip-address/5.199.173.245/relations

35.kasymbi.ru
55dedicate.mardango.ru
deceived100.burhan.shop
openastextstream17.kasymbi.ru
openastextstream79.kasymbi.ru
openastextstream98.kasymbi.ru
stream35.kasymbi.ru

# Reference: https://www.virustotal.com/gui/ip-address/84.32.191.212/relations

100degree.daglarho.ru
do5.vidadigo.ru
do8.vidadigo.ru
function60.dovlatho.ru

# Reference: https://www.virustotal.com/gui/ip-address/89.185.84.85/relations

nearby15.ibragimo.ru

# Reference: https://www.virustotal.com/gui/ip-address/31.129.22.35/relations

71deserved.komekbi.ru
relate54.logmango.ru
fame.relate54.logmango.ru
prickly99.koroglugo.shop

# Reference: https://twitter.com/malPileDiver/status/1631733362460164105

nureddinpi.ru
nurgyunpi.ru
osmanpi.ru

# Reference: https://twitter.com/malPileDiver/status/1632117910746415105
# Reference: https://www.virustotal.com/gui/ip-address/217.38.66.205/relations

naturap.ru
peymanpo.ru
rabahpo.ru
ragibpo.ru
vannos.ru

# Reference: https://twitter.com/malPileDiver/status/1632447537767501826

osmanpo.ru
payampo.ru

# Reference: https://twitter.com/Cyber0verload/status/1632479604945428484

muhsingo.ru
myuridgo.ru
ogtaypi.ru
orduhanpi.ru

# Reference: https://twitter.com/malPileDiver/status/1632812089650675713

omeyrpo.ru
pudzhmanpo.ru
punhanpo.ru

# Reference: https://twitter.com/Cyber0verload/status/1633122380171051009
# Reference: https://www.virustotal.com/gui/ip-address/45.80.128.87/relations
# Reference: https://www.virustotal.com/gui/ip-address/84.32.188.157/relations
# Reference: https://www.virustotal.com/gui/file/9f01c93e9756bac770f8e9b1186fb3af2b0a61654d0a151c18a75f2d1f9ef06b/detection

ambiguous35.azzamsa.ru
openastextstream46.kasymbi.ru
could.ambiguous35.azzamsa.ru

# Reference: https://twitter.com/malPileDiver/status/1633178137914646529

golowa.ru
ragifla.ru
rasimla.ru
ratibla.ru
rieturs.ru

# Reference: https://twitter.com/Cyber0verload/status/1633534875595595777
# Reference: https://www.virustotal.com/gui/ip-address/181.202.232.81/relations
# Reference: https://www.virustotal.com/gui/ip-address/64.227.12.148/relations

omranpo.ru
orduhanpo.ru
fileexists71.omranpo.ru

# Reference: https://twitter.com/malPileDiver/status/1633858760992071683
# Reference: https://www.virustotal.com/gui/ip-address/103.152.63.89/relations
# Reference: https://www.virustotal.com/gui/ip-address/45.225.171.152/relations

golovaq.ru
lafata.ru
ramalla.ru
ramizla.ru
aaa.ramizla.ru
1094098050.lafata.ru
1961692646.golovaq.ru
35destitute.ramalla.ru
638154522.golovaq.ru
expandenvironmentstrings58.ramizla.ru
expandenvironmentstrings8.ramizla.ru
loop21.ramizla.ru
loop71.ramizla.ru
loop75.ramizla.ru
mid49.ramizla.ru
mid58.ramizla.ru
mid71.ramizla.ru
until64.ramizla.ru
xor37.ramizla.ru

# Reference: https://app.validin.com/axon?find=31.129.22.48

aristakes.xyz
arutyund.xyz
kirmango.shop
mahirgo.shop
muayidgo.shop
muvafakgo.shop

# Reference: https://www.virustotal.com/gui/ip-address/137.184.2.98/relations
# Reference: https://www.virustotal.com/gui/ip-address/64.227.48.39/relations

eval71.autometrics.pro
mid71.autometrics.pro
responsebody71.autometrics.pro
run71.aristakes.xyz

# Reference: https://www.virustotal.com/gui/ip-address/45.82.13.84/relations

42delight.daglarho.ru
63defined.daglarho.ru
86demonstration.daglarho.ru
deletefile53.dzhafarho.ru
delight20.basamdi.ru
deliver66.basamdi.ru
deny18.basamdi.ru
designed79.basamdi.ru
destroy23.basamdi.ru
destroy55.basamdi.ru
destroy92.basamdi.ru
enemy38.valefgo.ru
loop62.dzhafarho.ru
read74.dzhafarho.ru

# Reference: https://www.virustotal.com/gui/ip-address/164.90.238.95/relations

71.autometrics.pro
for54.mahirgo.shop

# Reference: https://www.virustotal.com/gui/ip-address/146.190.152.16/relations

visible175.autometrics.pro
xor71.autometrics.pro

# Reference: https://www.virustotal.com/gui/ip-address/164.90.208.183/relations

71deliver.muhtargo.ru
82deliver.muhtargo.ru
anbiguous.goat11.gochagdo.ru

# Reference: https://www.virustotal.com/gui/ip-address/45.95.233.68/relations

52deliver.muhtargo.ru
97deliver.muhtargo.ru
counsel81.navidgo.ru

# Reference: https://www.virustotal.com/gui/ip-address/195.133.88.54/relations

vagifgo.ru
100departed.daglarho.ru
15departed.daglarho.ru
17.deduction.pikh.ru
17desirable.daglarho.ru
17desire.intigambi.ru
19departed.daglarho.ru
19descent.mexv.ru
1deluge.intigambi.ru
22deck.daglarho.ru
42delusion.daglarho.ru
43departed.daglarho.ru
48demonstration.daglarho.ru
50desirable.daglarho.ru
6delight.daglarho.ru
71departed.daglarho.ru
79desirable.daglarho.ru
82descendant.daglarho.ru
95demonstration.daglarho.ru
98delusion.daglarho.ru
9departed.daglarho.ru
decisive1.basamdi.ru
declare16.basamdi.ru
deduction.pikh.ru
defeat42.basamdi.ru
defeat56.basamdi.ru
defeat72.basamdi.ru
delete59.basamdi.ru
delete67.basamdi.ru
deletefile92.dzhafarho.ru
delight94.basamdi.ru
deliver10.basamdi.ru
deliver34.basamdi.ru
desert19.basamdi.ru
designed56.basamdi.ru
designed71.basamdi.ru
designed80.basamdi.ru
destroy16.basamdi.ru
destroy54.basamdi.ru
ended100.zyakigo.ru
enemy19.valefgo.ru
fairy30.detroito.ru
fileexists71.vadzhih.shop
goat100.detroito.ru
goat6.valefgo.ru
if44.dzhafarho.ru
intelligence17.valefgo.ru
loop3.dzhafarho.ru
loop5.dzhafarho.ru
loop77.dzhafarho.ru
navigation.ended100.zyakigo.ru
prior66.manafdo.ru
to10.dzhafarho.ru
to22.dzhafarho.ru
to33.dzhafarho.ru
to35.dzhafarho.ru
to44.dzhafarho.ru
to66.dzhafarho.ru
to78.dzhafarho.ru
to79.dzhafarho.ru
to85.dzhafarho.ru
to92.dzhafarho.ru
to94.dzhafarho.ru
to98.dzhafarho.ru

# Reference: https://threatmon.io/beyond-bullets-and-bombs-an-examination-of-armageddon-groups-cyber-warfare-against-ukraine/

http://162.33.178.129
ambiguous.azzamsa.ru
cloud.ambiguous.azzamsa.ru

# Reference: https://twitter.com/malPileDiver/status/1635713029261099022

balatu.ru
gokols.ru
paratai.ru

# Reference: https://twitter.com/malPileDiver/status/1636041827441688576

barakal.ru
ravaet.ru
takyygi.ru
talehgi.ru
talgatgi.ru
taysirgi.ru

# Reference: https://twitter.com/malPileDiver/status/1636432010787864580

homovos.ru
rakinla.ru
raulla.ru
taahirgi.ru

# Reference: https://www.virustotal.com/gui/ip-address/64.226.84.229/relations

100desirable.daglarho.ru
23delusion.daglarho.ru
23demonstration.daglarho.ru
24deck.daglarho.ru
24desirable.daglarho.ru
26departed.daglarho.ru
30demand.intigambi.ru
31detachment.intigambi.ru
33degrade.intigambi.ru
34define.intigambi.ru
36delusion.daglarho.ru
38deity.intigambi.ru
45demonstration.daglarho.ru
5deck.daglarho.ru
60delight.daglarho.ru
7demonstration.daglarho.ru
92delusion.daglarho.ru
ambiguouos.azzamsa.ru
cloud.ambiguouos.azzamsa.ru
createobject33.dzhafarho.ru
defeat13.basamdi.ru
defeat31.basamdi.ru
delight18.basamdi.ru
deliver35.basamdi.ru
descended55.basamdi.ru
designed13.basamdi.ru
designed51.basamdi.ru
designed6.basamdi.ru
destroy52.basamdi.ru
destroy91.basamdi.ru
fairy75.valefgo.ru
loop30.dzhafarho.ru
loop44.dzhafarho.ru
loop78.dzhafarho.ru
sleep97.dzhafarho.ru
stoop33.valefgo.ru
to25.dzhafarho.ru
to81.dzhafarho.ru

# Reference: https://twitter.com/malPileDiver/status/1636806289773989888

raminla.ru

# Reference: https://www.virustotal.com/gui/domain/dzhafarho.ru/relations

each38.dzhafarho.ru
each7.dzhafarho.ru
getfile68.dzhafarho.ru
loop1.dzhafarho.ru
loop49.dzhafarho.ru
loop64.dzhafarho.ru
loop71.dzhafarho.ru
loop76.dzhafarho.ru
loop85.dzhafarho.ru
properties_76.dzhafarho.ru
to1.dzhafarho.ru
to100.dzhafarho.ru
to11.dzhafarho.ru
to2.dzhafarho.ru
to37.dzhafarho.ru
to38.dzhafarho.ru
to43.dzhafarho.ru
to57.dzhafarho.ru
to64.dzhafarho.ru
to72.dzhafarho.ru
to74.dzhafarho.ru
to8.dzhafarho.ru
to83.dzhafarho.ru
to99.dzhafarho.ru
visible31.dzhafarho.ru

# Reference: https://www.virustotal.com/gui/ip-address/161.35.118.86/relations

chr88.artashd.xyz

# Reference: https://twitter.com/malPileDiver/status/1637202283292131330

baralap.ru
gojoxa.ru
makasd.ru
rasulla.ru

# Reference: https://twitter.com/malPileDiver/status/1638596457979682832

raidla.ru
rufatpo.ru
ruzipo.ru
saadipo.ru
sabirpo.ru

# Reference: https://twitter.com/Cyber0verload/status/1638985769628090368
# Reference: https://www.virustotal.com/gui/ip-address/255.181.142.5/relations

http://81.200.155.124
royalpo.ru
sabitpo.ru
asc71.sabitpo.ru
deletefile71.sabitpo.ru

# Reference: https://www.virustotal.com/gui/ip-address/45.80.128.72/relations

71destruction.clipperso.ru

# Reference: https://www.virustotal.com/gui/ip-address/195.133.88.52/relations

71deceive.clipperso.ru
alone63.detroito.ru

# Reference: https://www.virustotal.com/gui/ip-address/45.95.233.80/relations

asc71.sabitpo.ru
deletefile71.sabitpo.ru

# Reference: https://www.virustotal.com/gui/ip-address/217.69.7.171/relations

getobject71.sabitpo.ru

# Reference: https://www.virustotal.com/gui/ip-address/45.63.122.179/relations

77defect.mansurdo.ru
prey2.bishoten.ru
presumably.prey2.bishoten.ru

# Reference: https://twitter.com/Cyber0verload/status/1640378988555018245

baoris.ru
caramelas.ru
cumbersome.ru
heartbreaking.ru
highfalutin.ru
narama.ru
narutasx.ru
parsimonious.ru
quizzical.ru
vohod.ru

# Reference: https://www.virustotal.com/gui/ip-address/170.64.132.3/relations

dim71.heartbreaking.ru

# Reference: https://www.virustotal.com/gui/ip-address/137.184.6.77/relations

dim100.heartbreaking.ru
dim53.heartbreaking.ru
dim54.heartbreaking.ru
dim61.heartbreaking.ru
dim86.heartbreaking.ru
run3.heartbreaking.ru
run63.heartbreaking.ru
run98.heartbreaking.ru

# Reference: https://twitter.com/malPileDiver/status/1640431005973479428

hueglotiki.ru
lamentable.ru
ruslanpo.ru
rustampo.ru
sabihpo.ru
savalanpo.ru
tightfisted.ru
unsuitable.ru

# Reference: https://twitter.com/Cyber0verload/status/1641096737694547970
# Reference: https://www.virustotal.com/gui/file/cb0dedfe45e2815974984b5e2ac6cdfd9d63bcc707ff1ed5ad95c919497b5efb/detection

gleaming8.battleras.ru
same.gleaming8.battleras.ru

# Reference: https://twitter.com/suyog41/status/1641434640375513090
# Reference: https://www.virustotal.com/gui/file/78323880df7324a3e614c8d4c8057deb002959ff65d4fa8cf49a9fb7a738f441/detection

/call/network/22.03/guide.jpeg
/call/network/22.03/

# Reference: https://twitter.com/Cyber0verload/status/1641811233820102657

hctntmc.ru
vesterac.ru

# Reference: https://twitter.com/malPileDiver/status/1642289458530725891

agonizing.ru
materialistic.ru
stereotyped.ru

# Reference: https://twitter.com/malPileDiver/status/1642610928842670080

haramq.ru
jafata.ru
krtkrt.ru
varials.ru
capricious.ru
glistening.ru
overjoyed.ru
statuesque.ru
undesirable.ru

# Reference: https://twitter.com/malPileDiver/status/1642953669309079552

aydynpo.ru
disagreeable.ru
earsplitting.ru

# Reference: https://twitter.com/malPileDiver/status/1643388727962501122

agakiypo.ru
agastanpo.ru
baharas.ru
lefant.ru

# Reference: https://www.virustotal.com/gui/ip-address/45.61.136.56/relations

0wlxbqv4pfbm.celticso.ru
hatwwkhoysku.celticso.ru
hdllmmsubbky.celticso.ru
irykcfezcgsh.celticso.ru
qralfxig6mlr.celticso.ru
unpqaq3qraqo.celticso.ru
vnzsc903fhll.celticso.ru

# Reference: https://twitter.com/malPileDiver/status/1643683264786309147

altamishpo.ru
aychobanpo.ru
aykutpo.ru
ayzakpo.ru

# Reference: https://twitter.com/malPileDiver/status/1644013583871737856

aktanpo.ru
aydoganpo.ru
aytashpo.ru
aytyurkpo.ru
nalogw.ru

# Reference: https://twitter.com/h2jazi/status/1644384355509477377
# Reference: https://www.virustotal.com/gui/ip-address/165.232.125.213/relations
# Reference: https://www.virustotal.com/gui/file/c62dd5b6036619ced5de3a340c1bb2c9d9564bc5c48e25496466a36ecd00db30/detection
# Reference: https://www.virustotal.com/gui/file/5926f707d51268721fef89c0218cfe0034da08503efefb95d00ed6c7a62684e6/detection

37delicate.ramalla.ru
71delicate.ramalla.ru
clamp46.bashaardi.ru
expandenvironmentstrings71.ramizla.ru
lucius80.lamentable.ru
fake.clamp46.bashaardi.ru

# Reference: https://twitter.com/malPileDiver/status/1644445710761205762

adempo.ru
agasypo.ru
ayrympo.ru
uranic.ru

# Reference: https://twitter.com/Cyber0verload/status/1644688600833851393
# Reference: https://www.virustotal.com/gui/ip-address/89.185.84.99/relations

disillusioned.ru
superficial.ru
big59.superficial.ru
responsebody71.disillusioned.ru
send71.disillusioned.ru

# Reference: https://twitter.com/Cyber0verload/status/1645769331500802049
# Reference: https://www.virustotal.com/gui/ip-address/104.156.231.44/relations
# Reference: https://www.virustotal.com/gui/ip-address/64.226.94.136/relations
# Reference: https://www.virustotal.com/gui/file/284803a0435ea310b028092934783a9b71d6ea67e46c115d6b4a43d3ca955ce7/detection

http://64.226.94.136
21desire.aytashpo.ru
32desire.aytashpo.ru
68desire.aytashpo.ru
71degrade.aytashpo.ru
71desire.aytashpo.ru
75desire.aytashpo.ru
78desire.aytashpo.ru
85desire.aytashpo.ru

# Reference: https://www.virustotal.com/gui/ip-address/5.44.42.81/relations

intense60.dilaverho.ru
lover.intense60.dilaverho.ru
lower.intense60.dilaverho.ru

# Reference: https://www.virustotal.com/gui/ip-address/45.32.88.90/relations

position71.mahirgo.shop
responsebody71.zardushtgo.ru
stopped24.detroito.ru
until15.mahirgo.shop

# Reference: https://twitter.com/malPileDiver/status/1645901665545908225

agshinpo.ru
akyuldizpo.ru
alpaslanpo.ru
altugpo.ru
garame.ru
velevas.ru

# Reference: https://twitter.com/Cyber0verload/status/1646200848333127708
# Reference: https://www.virustotal.com/gui/ip-address/178.128.123.193/relations
# Reference: https://www.virustotal.com/gui/file/0d60bd4cd33f8b52315125d9d95e7a5b2377aea94be5ba3281678d4935d8e63f/detection

lunch21.danizho.ru
reliable19.danizho.ru
run71.heartbreaking.ru
sand6.danizho.ru
sand81.danizho.ru

# Reference: https://www.virustotal.com/gui/ip-address/5.44.42.59/relations

reliable19.danizho.ru

# Reference: https://twitter.com/malPileDiver/status/1646301875426193410

addzhobo.ru
aydinpo.ru
azibobo.ru

# Reference: https://twitter.com/StopMalvertisin/status/1646492908600840193
# Reference: https://twitter.com/Cyber0verload/status/1646588006495670286
# Reference: https://www.virustotal.com/gui/ip-address/137.184.59.142/relations
# Reference: https://www.virustotal.com/gui/ip-address/81.19.140.45/relations
# Reference: https://www.virustotal.com/gui/file/0e7e2929a51696d8851d8c5f9f6f6b10919ab61e829d16215f89fa0671edec10/detection
# Reference: https://www.virustotal.com/gui/file/28746b8010329eaefd2d815732f8f111ba45e3774ead290ea42f5ce68a996837/detection

delight30.takyygi.ru
delight48.takyygi.ru
delight86.takyygi.ru
gloom37.zahidgo.ru
sanction83.raidla.ru
sound.gloom37.zahidgo.ru

# Reference: https://www.virustotal.com/gui/ip-address/95.179.144.161/relations

allocation92.osmanpo.ru
glimpse54.raidla.ru
loop9.hoanzo.ru
needlework15.raminla.ru

# Reference: https://twitter.com/malPileDiver/status/1646938719453077504

akenatenbo.ru
akiikibo.ru
amenemhatbo.ru
anubisbo.ru
azizibo.ru

# Reference: https://twitter.com/malPileDiver/status/1647683310498332675
# Reference: https://www.virustotal.com/gui/ip-address/95.179.215.81/relations

12deceive.murtuzago.ru
15deceive.murtuzago.ru
32deceive.murtuzago.ru
43deceive.murtuzago.ru
71deceive.murtuzago.ru
77delicacy.murtuzago.ru
79delicacy.murtuzago.ru
81deceive.murtuzago.ru
87delicacy.murtuzago.ru
88deceive.murtuzago.ru
deceive.murtuzago.ru

# Reference: https://twitter.com/malPileDiver/status/1647683310498332675
# Reference: https://www.virustotal.com/gui/ip-address/141.164.62.153/relations
# Reference: https://www.virustotal.com/gui/ip-address/68.183.224.97/relations

11describe.aytashpo.ru
16depart.aytashpo.ru
18declaration.aytashpo.ru
1definition.aytashpo.ru
37departed.daglarho.ru
38deck.daglarho.ru
38demonstration.daglarho.ru
3decide.aytashpo.ru
40demonstration.daglarho.ru
41deceive.intigambi.ru
41declaration.aytashpo.ru
44decidedly.intigambi.ru
45decide.aytashpo.ru
46defensive.nureddinpi.ru
46demonstration.daglarho.ru
47demonstration.daglarho.ru
48delusion.daglarho.ru
56deputy.aytashpo.ru
59.deer.apaturinae.ru
59delusion.daglarho.ru
63departments.aytashpo.ru
64decisive.nureddinpi.ru
68declined.aytashpo.ru
70descendant.daglarho.ru
74describe.aytashpo.ru
77dejected.manafgo.ru
78defence.intigambi.ru
79demonstration.daglarho.ru
84depths.aytashpo.ru
85deserved.komekbi.ru
8detachment.intigambi.ru
90departed.daglarho.ru
90detach.intigambi.ru
91desirable.daglarho.ru
92deck.daglarho.ru
96descendant.daglarho.ru
99delusion.daglarho.ru
9decidedly.intigambi.ru
abear.adalatsa.ru
anything.ulitron.ru
createobject.jecura.ru
deer.apaturinae.ru
defeat34.basamdi.ru
defeat63.basamdi.ru
defender37.muazpo.ru
delight20.takyygi.ru
delight40.takyygi.ru
delight71.takyygi.ru
deliver17.basamdi.ru
deliver25.basamdi.ru
deliver71.basamdi.ru
deluge97.basamdi.ru
depart93.basamdi.ru
designed8.basamdi.ru
desolate54.basamdi.ru
desolate74.basamdi.ru
destroy19.basamdi.ru
destroy39.basamdi.ru
destroy69.basamdi.ru
destroy97.basamdi.ru
each.jecura.ru
each71.myuridgo.ru
fairy15.valefgo.ru
fairy76.valefgo.ru
fileexists54.kainatbi.ru
getobject23.lachindo.ru
getobject75.lachindo.ru
getobject77.lachindo.ru
globe44.detroito.ru
glove38.ziyafat.ru
intentional94.allaverdysa.ru
loop50.balabekdi.ru
position71.myuridgo.ru
redim13.lachindo.ru
redim28.lachindo.ru
redim4.lachindo.ru
redim43.lachindo.ru
redim46.lachindo.ru
redim51.lachindo.ru
redim54.lachindo.ru
redim55.lachindo.ru
redim57.lachindo.ru
redim59.lachindo.ru
redim65.lachindo.ru
redim71.kainatbi.ru
redim77.lachindo.ru
redim80.lachindo.ru
redim84.lachindo.ru
redim94.lachindo.ru
redim97.lachindo.ru
regret64.gachagdo.ru
sleep.jecura.ru
squeeze.ulitron.ru
to71.myuridgo.ru
allocation.allow33.sniportas.ru
class.regret64.gachagdo.ru
engage.intentional94.allaverdysa.ru
expandenvironmentstrings72.mazhddo.ru
expandenvironmentstrings73.ramizla.ru
wlunch.reins69.ziyafat.ru
wneck.soul70.dzheyhunho.ru

# Reference: https://twitter.com/fr0s7_/status/1647947820576436224
# Reference: https://www.virustotal.com/gui/ip-address/81.19.141.106/relations
# Reference: https://www.virustotal.com/gui/file/0b50546d3eb0387a7f3cbf4e92d7fca5ac9e3c8358a41ad606ba3ec6546c9c9d/detection

lover18.aychobanpo.ru

# Reference: https://twitter.com/malPileDiver/status/1648048178971701252
# Reference: https://www.virustotal.com/gui/ip-address/194.87.45.26/relations

akenatonbo.ru
aktaypo.ru
amonbo.ru
anumbo.ru
asheypi.ru
atonpi.ru
intense55.aychobanpo.ru
low53.ayzakpo.ru
necklace61.aychobanpo.ru
necklace75.aychobanpo.ru

# Reference: https://twitter.com/MavericksInt/status/1648246438982287360
# Reference: https://www.virustotal.com/gui/file/7232f8c8300efb1b5120765cc9b4a8ad153123707a80286dc2c41d9a5e860ce7/detection
# Reference: https://www.virustotal.com/gui/file/7d90ed946ee71f34c0b35c7bed2c034839e1f002f8dd0b5fca3ab481f10cd589/detection
# Reference: https://www.virustotal.com/gui/file/59c408f738be2a0905a658471e96742a0b5c7b4841b041526361cfbcf5181d0b/detection

http://134.209.153.179
http://81.200.157.206
http://91.200.151.231

# Reference: https://twitter.com/ET_Labs/status/1648382027522080783
# Reference: https://www.virustotal.com/gui/ip-address/128.199.75.108/relations
# Reference: https://www.virustotal.com/gui/file/9ddbcf76e880d148425098bfb424ddb5ca2e746337ab32d152a579d4ae35ca18/detection

http://216.128.128.163
http://31.129.22.68
11decline.ramalla.ru
19decline.ramalla.ru
20delicate.ramalla.ru
23decline.ramalla.ru
2decline.ramalla.ru
2delicate.ramalla.ru
57delicate.ramalla.ru
71decline.ramalla.ru
97decline.ramalla.ru

# Reference: https://twitter.com/malPileDiver/status/1648407500457222146

ahmozpi.ru
badrupi.ru
bakaripi.ru
barakapi.ru

# Reference: https://www.virustotal.com/gui/ip-address/64.226.98.185/relations

xor77.ahmozpi.ru

# Reference: https://www.virustotal.com/gui/ip-address/128.199.83.71/relations

claimed75.badrupi.ru
counteract35.barakapi.ru
stops62.barakapi.ru
stops75.barakapi.ru

# Reference: https://twitter.com/malPileDiver/status/1649216747256389636
# Reference: https://www.virustotal.com/gui/ip-address/216.155.157.161/relations

22defeated.ayrympo.ru
52.demand.dafilas.ru
9defeated.ayrympo.ru
demand.dafilas.ru
descent42.disagreeable.ru

# Reference: https://blog.eclecticiq.com/exposed-web-panel-reveals-gamaredon-groups-automated-spear-phishing-campaigns
# Reference: https://www.virustotal.com/gui/ip-address/194.180.191.56/relations

http://109.200.159.40
http://109.200.159.46
http://109.200.159.59
http://151.236.30.50
http://192.121.87.11
http://194.180.191.56
mail.daniyarho.ru

# Reference: https://twitter.com/malPileDiver/status/1649484287161389084
# Referecne: https://www.virustotal.com/gui/ip-address/194.58.112.174/relations

anherpi.ru
apispi.ru
bankoulpi.ru
barutipi.ru
fushiguro.ru

# Reference: https://twitter.com/malPileDiver/status/1649776814850555905
# Reference: https://www.virustotal.com/gui/ip-address/157.230.59.102/relations
# Reference: https://www.virustotal.com/gui/file/31e60a361509b60e7157756d6899058213140c3b116a7e91207248e5f41a096b/detection
# Reference: https://www.virustotal.com/gui/file/7de1f3fef12c1a7c954edb6f62ead13adb8c0b198b49e0d22e93b4cd385fed04/detection

http://216.155.157.161
http://45.32.68.240
71defeated.ayrympo.ru
shoe81.badrupi.ru

# Reference: https://twitter.com/malPileDiver/status/1650570899454672896

ayarimar.ru
boraito.ru
dussaut.ru
enokida.ru
fortunyzo.ru
kaigitang.ru
nutriag.ru
ruizchris.ru
samiseto.ru
valasati.ru
vilaverde.ru

# Reference: https://twitter.com/StopMalvertisin/status/1650745109519175680
# Reference: https://www.virustotal.com/gui/ip-address/178.128.121.37/relations
# Reference: https://www.virustotal.com/gui/file/f7a6ae1b3a866b7e031f60d5d22d218f99edfe754ef262f449ed3271d6306192/detection

1delusion.daglarho.ru
26desirable.daglarho.ru
49desirable.daglarho.ru
4demonstration.daglarho.ru
51deck.daglarho.ru
52departed.daglarho.ru
53deck.daglarho.ru
68delight.daglarho.ru
6deck.daglarho.ru
95desirable.daglarho.ru
97deck.daglarho.ru
aaa.ulitron.ru
penny26.raidla.ru

# Reference: https://twitter.com/malPileDiver/status/1650968985947471876

adjoining.ru
lokalut.ru
maniacal.ru
suizibel.ru
unequaled.ru
unwieldy.ru

# Reference: https://twitter.com/malPileDiver/status/1651374098415534080
# Reference: https://www.virustotal.com/gui/ip-address/195.133.88.49/relations
# Reference: https://www.virustotal.com/gui/ip-address/195.133.88.63/relations

baraslx.ru
nahalx.ru
84defeated.ayrympo.ru
enny26.raidla.ru
oe81.badrupi.ru
send.vilaverde.ru
sleep71.talehgi.ru

# Reference: https://twitter.com/malPileDiver/status/1651728614394675200
# Reference: https://www.virustotal.com/gui/ip-address/139.59.62.248/relations

decorous.ru
judicious.ru
succinct.ru
position71.succinct.ru
send71.vilaverde.ru

# Reference: https://www.virustotal.com/gui/ip-address/5.44.42.116/relations
# Reference: https://www.virustotal.com/gui/file/81b6cc6a1e06e8824a4dc54bfb44afb6da175e2ab19502e9c969599ce3999f84/detection

alternative44.decorous.ru
famine39.judicious.ru
famine64.judicious.ru
perfume9.decorous.ru

# Reference: https://twitter.com/malPileDiver/status/1652057352785330186

scattered.ru
squeamish.ru
stupendous.ru

# Reference: https://twitter.com/StopMalvertisin/status/1652217199271243777
# Reference: https://www.virustotal.com/gui/file/4bd5ed5fa1b3f026ac0544457c7c3775a895236ccd1125332bb4cf840a6a24ac/detection
# Reference: https://www.virustotal.com/gui/file/98de4142829d62815a2e07a130c2e41d0af28967c986ef0621752cfc18e67965/detection

http://81.200.156.171
/mo.28.04.gif/
/mo.28.04.gif/barely/deceptive.jpeg

# Reference: https://twitter.com/malPileDiver/status/1652392995432329220
# Reference: https://www.virustotal.com/gui/ip-address/170.64.174.17/relations

115502077.ganara.ru
1787445433.lahatas.ru
980136632.kurapat.ru
buwukynakn.zaskol.ru
f09v6kswrl.nodcmo.ru
w4rk3sceek.nodcmo.ru

# Reference: https://www.virustotal.com/gui/ip-address/170.64.176.71/relations

43decent.stupendous.ru
88deserved.stupendous.ru

# Reference: https://twitter.com/Cyber0verload/status/1652705922332893188
# Reference: https://www.virustotal.com/gui/file/232b55aabd3301e6afa02df3a062c760f1105a0716047a582c1e714da9f0406d/detection

relation46.samiseto.ru

# Reference: https://twitter.com/Cyber0verload/status/1652712792435175424
# Reference: https://www.virustotal.com/gui/ip-address/159.223.56.214/relations
# Reference: https://www.virustotal.com/gui/file/724a0dcede84e6527d16318cc9c425ae8743be4d5c6b5f62aea0ba67ec6b5ac3/detection

http://159.223.56.214
20deserved.stupendous.ru
40deserved.stupendous.ru

# Reference: https://twitter.com/Cyber0verload/status/1653098342858063874
# Reference: https://www.virustotal.com/gui/ip-address/104.248.204.242/relations
# Reference: https://www.virustotal.com/gui/file/e0ca68717b92594cf3a0b265b846a491a38037e5f1af76479aa5a6e78ca9488b/detection

55deity.kyamalgo.shop
62detachment.highfalutin.ru
90departed.marzukgo.shop
deliver98.basamdi.ru
gloomy80.masudgo.shop
pressure53.payampo.ru
write.mohsengo.shop
globe.gloomy80.masudgo.shop

# Reference: https://twitter.com/malPileDiver/status/1653119670558269441

absorbeni.ru
boskatrem.ru
lopraner.ru
malived.ru
taramis.ru

# Reference: https://www.virustotal.com/gui/ip-address/134.209.115.37/detection
# Reference: https://www.virustotal.com/gui/ip-address/45.61.139.147/relations

86deserved.stupendous.ru
88deer.stupendous.ru

# Reference: https://twitter.com/Cyber0verload/status/1653325622356193280
# Reference: https://www.virustotal.com/gui/ip-address/143.198.78.253/relations
# Reference: https://www.virustotal.com/gui/file/572650c06d09715b17ba78db89fd323845c00133c483d7fc571ebe3e7b824bfe/detection

penholder89.decorous.ru

# Refereence: https://twitter.com/h2jazi/status/1653769493007695872
# Reference: https://www.virustotal.com/gui/file/c7921b6809d2ffd643258ff8f04590528ad68e9474635188003b40bff4a731a8/detection

bestupdater.com

# Reference: https://twitter.com/malPileDiver/status/1653846681266401280
# Reference: https://www.virustotal.com/gui/ip-address/165.232.148.157/relations
# Reference: https://www.virustotal.com/gui/ip-address/167.99.9.163/relations
# Reference: https://www.virustotal.com/gui/ip-address/194.87.45.49/relations

farukend.ru
zeraon.ru
41defender.stupendous.ru
58degree.farukend.ru
chr1.hoanzo.ru
chr2.hoanzo.ru
chr25.hoanzo.ru
chr34.hoanzo.ru
chr35.hoanzo.ru
chr46.hoanzo.ru
chr50.hoanzo.ru
chr57.hoanzo.ru
chr61.hoanzo.ru
chr70.hoanzo.ru
chr74.hoanzo.ru
chr84.hoanzo.ru
chr85.hoanzo.ru
chr87.hoanzo.ru
chr93.hoanzo.ru
chr96.hoanzo.ru
county42.badrupi.ru
designed79.aytyurkpo.ru
dim10.hoanzo.ru
dim13.hoanzo.ru
dim19.hoanzo.ru
dim35.hoanzo.ru
dim4.hoanzo.ru
dim48.hoanzo.ru
dim54.hoanzo.ru
dim63.hoanzo.ru
dim66.hoanzo.ru
dim70.hoanzo.ru
dim82.hoanzo.ru
eval1.hoanzo.ru
eval10.hoanzo.ru
eval100.hoanzo.ru
eval11.hoanzo.ru
eval12.hoanzo.ru
eval13.hoanzo.ru
eval15.hoanzo.ru
eval16.hoanzo.ru
eval17.hoanzo.ru
eval18.hoanzo.ru
eval19.hoanzo.ru
eval2.hoanzo.ru
eval20.hoanzo.ru
eval22.hoanzo.ru
eval23.hoanzo.ru
eval24.hoanzo.ru
eval27.hoanzo.ru
eval28.hoanzo.ru
eval29.hoanzo.ru
eval3.hoanzo.ru
eval30.hoanzo.ru
eval32.hoanzo.ru
eval33.hoanzo.ru
eval34.hoanzo.ru
eval35.hoanzo.ru
eval36.hoanzo.ru
eval37.hoanzo.ru
eval39.hoanzo.ru
eval4.hoanzo.ru
eval40.hoanzo.ru
eval41.hoanzo.ru
eval42.hoanzo.ru
eval43.hoanzo.ru
eval44.hoanzo.ru
eval45.hoanzo.ru
eval46.hoanzo.ru
eval47.hoanzo.ru
eval49.hoanzo.ru
eval50.hoanzo.ru
eval51.hoanzo.ru
eval52.hoanzo.ru
eval53.hoanzo.ru
eval54.hoanzo.ru
eval56.hoanzo.ru
eval57.hoanzo.ru
eval58.hoanzo.ru
eval6.hoanzo.ru
eval60.hoanzo.ru
eval61.hoanzo.ru
eval62.hoanzo.ru
eval63.hoanzo.ru
eval64.hoanzo.ru
eval65.hoanzo.ru
eval66.hoanzo.ru
eval68.hoanzo.ru
eval7.hoanzo.ru
eval70.hoanzo.ru
eval73.hoanzo.ru
eval74.hoanzo.ru
eval75.hoanzo.ru
eval76.hoanzo.ru
eval77.hoanzo.ru
eval78.hoanzo.ru
eval79.hoanzo.ru
eval8.hoanzo.ru
eval80.hoanzo.ru
eval81.hoanzo.ru
eval82.hoanzo.ru
eval83.hoanzo.ru
eval84.hoanzo.ru
eval85.hoanzo.ru
eval86.hoanzo.ru
eval87.hoanzo.ru
eval88.hoanzo.ru
eval89.hoanzo.ru
eval9.hoanzo.ru
eval90.hoanzo.ru
eval91.hoanzo.ru
eval92.hoanzo.ru
eval93.hoanzo.ru
eval94.hoanzo.ru
eval95.hoanzo.ru
eval97.hoanzo.ru
eval98.hoanzo.ru
expandenvironmentstrings96.ramizla.ru
mid71.hoanzo.ru
openastextstream92.hoanzo.ru
play.hoanzo.ru
redim1.hoanzo.ru
redim10.hoanzo.ru
redim100.hoanzo.ru
redim12.hoanzo.ru
redim13.hoanzo.ru
redim14.hoanzo.ru
redim15.hoanzo.ru
redim16.hoanzo.ru
redim17.hoanzo.ru
redim18.hoanzo.ru
redim21.hoanzo.ru
redim22.hoanzo.ru
redim23.hoanzo.ru
redim26.hoanzo.ru
redim29.hoanzo.ru
redim32.hoanzo.ru
redim33.hoanzo.ru
redim35.hoanzo.ru
redim36.hoanzo.ru
redim37.hoanzo.ru
redim39.hoanzo.ru
redim4.hoanzo.ru
redim44.hoanzo.ru
redim45.hoanzo.ru
redim46.hoanzo.ru
redim49.hoanzo.ru
redim51.hoanzo.ru
redim54.hoanzo.ru
redim57.hoanzo.ru
redim58.hoanzo.ru
redim59.hoanzo.ru
redim60.hoanzo.ru
redim63.hoanzo.ru
redim64.hoanzo.ru
redim65.hoanzo.ru
redim67.hoanzo.ru
redim68.hoanzo.ru
redim69.hoanzo.ru
redim70.hoanzo.ru
redim71.hoanzo.ru
redim73.hoanzo.ru
redim74.hoanzo.ru
redim76.hoanzo.ru
redim77.hoanzo.ru
redim78.hoanzo.ru
redim79.hoanzo.ru
redim8.hoanzo.ru
redim80.hoanzo.ru
redim81.hoanzo.ru
redim82.hoanzo.ru
redim83.hoanzo.ru
redim84.hoanzo.ru
redim87.hoanzo.ru
redim88.hoanzo.ru
redim89.hoanzo.ru
redim9.hoanzo.ru
redim90.hoanzo.ru
redim91.hoanzo.ru
redim92.hoanzo.ru
redim93.hoanzo.ru
redim94.hoanzo.ru
redim96.hoanzo.ru
redim97.hoanzo.ru
redim98.hoanzo.ru
redim99.hoanzo.ru
savetofile2.hoanzo.ru
savetofile48.hoanzo.ru
savetofile74.hoanzo.ru
send100.hoanzo.ru
send20.hoanzo.ru
send24.hoanzo.ru
send26.hoanzo.ru
send29.hoanzo.ru
send3.hoanzo.ru
send30.hoanzo.ru
send32.hoanzo.ru
send33.hoanzo.ru
send38.hoanzo.ru
send40.hoanzo.ru
send41.hoanzo.ru
send45.hoanzo.ru
send46.hoanzo.ru
send50.hoanzo.ru
send56.hoanzo.ru
send57.hoanzo.ru
send58.hoanzo.ru
send59.hoanzo.ru
send60.hoanzo.ru
send65.hoanzo.ru
send66.hoanzo.ru
send68.hoanzo.ru
send7.hoanzo.ru
send71.hoanzo.ru
send76.hoanzo.ru
send77.hoanzo.ru
send79.hoanzo.ru
send8.hoanzo.ru
send90.hoanzo.ru
send91.hoanzo.ru
send92.hoanzo.ru
send93.hoanzo.ru
send94.hoanzo.ru
send95.hoanzo.ru
send99.hoanzo.ru
sleep33.hoanzo.ru
sleep86.hoanzo.ru
sleep91.hoanzo.ru
to71.hoanzo.ru
write93.hoanzo.ru
write97.hoanzo.ru
wscript72.hoanzo.ru

# Reference: https://twitter.com/StopMalvertisin/status/1655103745083179011
# Reference: https://www.virustotal.com/gui/file/d68335308ec2e58bb8cf1fb63381fdd55b6338241a82a59517cb3211770e6036/detection

courage70.undesirable.ru
goat61.decorous.ru

# Reference: https://www.virustotal.com/gui/ip-address/159.223.198.3/relations

bike44.decorous.ru
sale60.judicious.ru

# Reference: https://twitter.com/malPileDiver/status/1655280554818826243

amoresa.ru
banrasac.ru
brudimar.ru
haramad.ru
lotgunok.ru
norasold.ru
saturnec.ru
vloperang.ru
weratas.ru

# Reference: https://www.virustotal.com/gui/ip-address/165.232.82.235/relations
# Reference: https://www.virustotal.com/gui/ip-address/217.78.239.212/relations

redim.norasold.ru
send71.norasold.ru

# Reference: https://twitter.com/souiten/status/1655410714721529856
# Reference: https://www.virustotal.com/gui/ip-address/46.101.114.106/relations
# Reference: https://www.virustotal.com/gui/file/dcbb432efd5f958e5a3881109c942c75514d0692b5bc1e712e910d220313ac66/detection

14defy.erinaceuso.ru
1deserved.stupendous.ru
27defeated.ayrympo.ru
85defeated.ayrympo.ru
endure32.ibragimo.ru
glimpse.ibragimo.ru
glimpse82.ibragimo.ru
interbase14.ibragimo.ru
stool44.ibragimo.ru
countless.endure32.ibragimo.ru

# Reference: https://twitter.com/malPileDiver/status/1655710112013594626
# Reference: https://www.virustotal.com/gui/ip-address/185.247.184.101/relations
# Reference: https://www.virustotal.com/gui/ip-address/185.247.184.103/relations
# Reference: https://www.virustotal.com/gui/ip-address/206.189.12.131/relations

108275726.wicksl.ru
17despite.farukend.ru
4dependent.farukend.ru
53destroyer.anumbo.ru
already39.brudimar.ru
if4.saturnec.ru
xor80.saturnec.ru

# Reference: https://twitter.com/suyog41/status/1655936062307602439
# Reference: https://www.virustotal.com/gui/file/f88bca443089c831c56f53147950bac19beaf7e804a0c5fe9da4018812ea6d4f/detection
# Reference: https://www.virustotal.com/gui/file/b36d9d6d07db7922cd2444314ff0b630ae6c1dc473371fbde133f4f03097086e/detection

http://170.64.152.130

# Reference: https://www.virustotal.com/gui/ip-address/165.22.53.191/relations
# Reference: https://www.virustotal.com/gui/ip-address/31.129.22.77/relations

39.brudimar.ru
neglect92.vloperang.ru

# Reference: https://twitter.com/suyog41/status/1656649174920704000
# Reference: https://www.virustotal.com/gui/file/4e9d18ff14d4510f119418420d80c03b6246e64a6cb574d6ab8d75be3c78af9c/detection

http://159.223.54.203

# Reference: https://twitter.com/StopMalvertisin/status/1656587394018320385
# Reference: https://www.virustotal.com/gui/file/d4423d73bc08c0142431f35f0bd0f392e630c70c212a6f9b01735bea0dae7f78/detection

erceive21.badrupi.ru
gg.badrupi.ru
perceive21.badrupi.ru

# Reference: https://twitter.com/malPileDiver/status/1658187362273222680

dzhabaripa.ru
dzhahipa.ru
goruspa.ru
iknatonpa.ru
kahotepa.ru
kaziyapa.ru
zaherpa.ru
zuberipa.ru

# Reference: https://twitter.com/Cyber0verload/status/1658189500672008232

71delay.dzhahipa.ru
80delay.dzhabaripa.ru
openastextstream.zuberipa.ru

# Reference: https://twitter.com/malPileDiver/status/1658549641804238863

badarus.ru
butiram.ru
donkorpa.ru
kafiripa.ru
kemoziripa.ru
keymnvatipa.ru

# Reference: https://twitter.com/StopMalvertisin/status/1658747923759505408
# Reference: https://www.virustotal.com/gui/ip-address/185.143.223.118/relations
# Reference: https://www.virustotal.com/gui/ip-address/188.166.164.174/relations
# Reference: https://www.virustotal.com/gui/file/13aa44122e2e6d99a40a47c870142ac95dc250c3169c1cfab95ba9c6fe33f542/detection

14december.highfalutin.ru
16december.highfalutin.ru
21descent.mansurdo.ru
29deserter.mardango.ru
2dentist.mardango.ru
31defensive.mardango.ru
38december.highfalutin.ru
39descendant.anumbo.ru
42descent.mansurdo.ru
51december.highfalutin.ru
52delusion.ihtiyarbi.ru
54despair.ihtiyarbi.ru
57december.highfalutin.ru
61declare.mardango.ru
69den.mardango.ru
70december.highfalutin.ru
70deduction.mardango.ru
74deserter.mardango.ru
78despair.ihtiyarbi.ru
7defensive.mardango.ru
7dentist.mardango.ru
83december.highfalutin.ru
90deduction.mardango.ru
90depth.anubisbo.ru
92descent.mansurdo.ru
95december.highfalutin.ru
9december.highfalutin.ru
counsel69.boskatrem.ru
decrepit76.xopekar.ru
prey67.boskatrem.ru
then59.suizibel.ru
xor42.zuberipa.ru

# Reference: https://twitter.com/malPileDiver/status/1658928573892403203

dakareypa.ru
ishakpa.ru
karoanpa.ru

# Reference: https://twitter.com/malPileDiver/status/1659301640703209474

dzhibeydpa.ru
dzhumoukpa.ru
galofad.ru
idogbpa.ru
imenandpa.ru
kemnebipa.ru
knemuso.ru
mensaso.ru
porotad.ru

# Reference: https://twitter.com/StopMalvertisin/status/1659451403100897280
# Reference: https://www.virustotal.com/gui/file/a207059404bfea094d3c07ee456107f26e83fee9e235a84e8e23bb9db64eee6b/detection

allen99.buckso.ru
allocate15.buckso.ru
amazed40.buckso.ru
course45.buckso.ru
faith25.buckso.ru
lucius1.lamentable.ru
lucius88.lamentable.ru
registry2.buckso.ru
goats.amazed40.buckso.ru

# Reference: https://twitter.com/MavericksInt/status/1659850657182957570
# Reference: https://twitter.com/MavericksInt/status/1660658203833532421
# Reference: https://www.virustotal.com/gui/file/d19d979a27723fe440c6801ba93bc3e95a67983dcc35b0f22694118449579966/detection
# Reference: https://www.virustotal.com/gui/file/e93d0cf64a2486eeef192c8c6cf97242c131b459d64b9e4e237324b0e98f9d30/detection
# Reference: https://www.virustotal.com/gui/file/2eb66edbfbadcf5d02218d8fc9611ff650ac1532db73610de548335fbeee2119/detection
# Referecne: https://www.virustotal.com/gui/file/1e62d8099702b8e0976697975f57bb8b6e62e5a4d8dcb6c8f0d57f3e54e6b291/detection
# Reference: https://www.virustotal.com/gui/file/0863335519380e4d88f785ab13d978d1efd55869879fbdbc4708dbece755f881/detection

http://80.90.181.243
/ggh.12.05.gif
/ggh.12.05.gif/seized/presented.jpeg
/milSS.12.05.gif
/milSS.12.05.gif/dear/regards.jpeg
/mll.14.05.gif
/mll.14.05.gif/selected/barge.jpeg
/mll.14.05.gif/query/integer.jpeg
/mmo.10.05.gif
/mmo.10.05.gif/based/prefix.jpeg

# Reference: https://twitter.com/malPileDiver/status/1660749203650363392

kontarso.ru
koseyso.ru
kuaashiso.ru
lizimbaso.ru
maatso.ru
mbiziso.ru
menesso.ru

# Reference: https://www.virustotal.com/gui/ip-address/78.153.139.42/relations

1020178145.gokols.ru
1420104871.makasd.ru
1649627902.baralap.ru
1728259312.narutasx.ru
1795284560.gokols.ru
1841245068.gokols.ru
1979642691.narutasx.ru
2021007529.gokols.ru
2112733786.gokols.ru
230494973.vohod.ru
398145251.gokols.ru
518422979.baralap.ru
577106826.narutasx.ru
655824342.makasd.ru
665096125.makasd.ru
713696851.makasd.ru
881910787.gokols.ru
941470034.baralap.ru
xxx.acersa.ru

# Reference: https://www.virustotal.com/gui/ip-address/147.182.241.170/relations

58455773.lopasts.ru

# Reference: https://twitter.com/malPileDiver/status/1662212381559377921
# Reference: https://twitter.com/Cyber0verload/status/1662338631418146817
# Reference: https://www.virustotal.com/gui/file/83d3e19851b5864222972dac860e8e18a43acf8be3d228379e09c3383928194d/detection

luzidzhso.ru
mudadazi.ru
muhvanazi.ru
neythzi.ru
trulazek.ru
5destruction.trulazek.ru
16deliberate.trulazek.ru
20depart.trulazek.ru
70descendant.anumbo.ru
asc46.dovlatho.ru
asc59.dovlatho.ru
asc60.dovlatho.ru
asc64.dovlatho.ru
asc66.dovlatho.ru
asc7.dovlatho.ru
asc73.dovlatho.ru
asc74.dovlatho.ru
asc84.dovlatho.ru
chr56.dovlatho.ru
close32.dovlatho.ru
createobject56.dovlatho.ru
defend95.karoanpa.ru
definite49.karoanpa.ru
definite50.karoanpa.ru
definite56.karoanpa.ru
deletefile10.dovlatho.ru
deletefile17.dovlatho.ru
deluge77.karoanpa.ru
demanded10.karoanpa.ru
demanded14.karoanpa.ru
demanded25.karoanpa.ru
demanded30.karoanpa.ru
demanded38.karoanpa.ru
demanded42.karoanpa.ru
demanded77.karoanpa.ru
demanded81.karoanpa.ru
demanded87.karoanpa.ru
demanded92.karoanpa.ru
demanded97.karoanpa.ru
den100.karoanpa.ru
den15.karoanpa.ru
den20.karoanpa.ru
dependant22.agasibi.ru
destruction.trulazek.ru
eval55.mudadazi.ru
getobject71.kontarso.ru
regularly.percent20.plutoniumo.ru

# Reference: https://www.virustotal.com/gui/file/e567fcf99640e0c3e521abe6c29a467f74eb49fc170b8ffa26981587cb6d85b2/detection

25defect.mansurdo.ru

# Reference: https://twitter.com/StopMalvertisin/status/1663938140342718465
# Reference: https://www.virustotal.com/gui/file/b5a04e7f45c993f50320bd5beff5f709eb88e5782b0560497653edcff25967d6/detection
# Reference: https://www.virustotal.com/gui/file/2a00062de622d0f93c44392a9a0b92432ac9bb1852ce1984a2affb4617872e6d/detection

amazing84.vloperang.ru
countless20.vloperang.ru
countless64.vloperang.ru
countless7.absorbeni.ru
countless76.absorbeni.ru
countless77.absorbeni.ru
countless90.absorbeni.ru
fake73.vloperang.ru
fame73.vloperang.ru
neglect35.vloperang.ru
prickly26.vloperang.ru
prickly53.vloperang.ru
regret93.absorbeni.ru
rejoined49.absorbeni.ru

# Reference: https://twitter.com/Cyber0verload/status/1664621238671536132

mhotepzi.ru
minkazi.ru
naborzi.ru
nahtizi.ru
nebibizi.ru
nebtoizi.ru
neferzi.ru
panahaziso.ru
rashidiso.ru

# Reference: https://twitter.com/malPileDiver/status/1664994456976736256

fausts.ru
gustavas.ru

# Reference: https://twitter.com/Cyber0verload/status/1665036417683140610

gajasx.ru
itoram.ru
nalfas.ru
rvawc.ru
tulocal.ru

# Reference: https://twitter.com/Cyber0verload/status/1665076262191218690

blootundicht.ru
boptizol.ru
reposant.ru
viratuk.ru
yorisant.ru
15demanded.blootundicht.ru
71demanded.blootundicht.ru
deduction63.xopekar.ru
penholder92.viratuk.ru
visible38.yorisant.ru

# Reference: https://twitter.com/Cyber0verload/status/1665667765267562499

havxcq.ru
oddzhiso.ru
okparaso.ru
omariso.ru
ozaharso.ru
ozirisso.ru
remmaoso.ru

# Reference: https://twitter.com/Cyber0verload/status/1667482368234381319

agonepi.ru
albacorepi.ru
bladefishpi.ru
dumerilipi.ru
dzhabrailho.ru
gawcq.ru
gawsxc.ru
perccottuspi.ru
razuiso.ru
reyyfadsf.ru
spatulapi.ru
tispai.ru

# Reference: https://twitter.com/StopMalvertisin/status/1668671694112956416
# Reference: https://www.virustotal.com/gui/file/bb2dd0559d129ffa24189cf8db110c1e5cb7f8f7b853eb31d519107f5c3532b4/detection
# Reference: https://www.virustotal.com/gui/file/e08e7ca157feb7df5e5556295bb3f70ce7cd5ff1a02fd5d580f1d33f0886da21/detection

ally25.royalpo.ru
ally73.royalpo.ru
bdhu.royalpo.ru
ammunition58.royalpo.ru

# Reference: https://www.virustotal.com/gui/ip-address/31.129.22.31/relations

68deluge.nebibizi.ru

# Reference: https://www.virustotal.com/gui/ip-address/144.202.41.119/relations

bgfy.bdhu.royalpo.ru

# Reference: https://www.virustotal.com/gui/ip-address/89.185.84.106/relations

19necklace75.aychobanpo.ru

# Reference: https://twitter.com/Cyber0verload/status/1669312050542125058

logans.ru

# Reference: https://twitter.com/Cyber0verload/status/1670904054132756482

atacamabo.ru
barrimor.ru
gobibo.ru
rieturc.ru
tispai.ru
voscod.ru

# Reference: https://twitter.com/StopMalvertisin/status/1672194968520388609
# Reference: https://www.virustotal.com/gui/file/9f5a40df1bfdcc1dfe49d8398baf287fc849dbe34fb7a0b2f56200d26dba1a8c/detection
# Reference: https://www.virustotal.com/gui/file/dd60242a8852e34392d483d598609188cc29fc8b0e974de17948f670ecb7f97b/detection

http://45.82.14.15
/mou.05.05.gif/prayers/lose.jpeg
/mou.05.05.gif/regards/seeming.jpeg
/mou.05.05.gif

# Reference: https://twitter.com/StopMalvertisin/status/1672131699373936640
# Reference: https://www.virustotal.com/gui/file/bba350a2f217c1a15c6646a128f10c8ae325519ca2e2d39759ca3791d0ecfbd8/detection

prime97.unixoni.ru
stool.prime97.unixoni.ru
/perceive/beverley/beverley/beverley/perceive.reg
/perceive/beverley/beverley/beverley/
/perceive/beverley/beverley/
/perceive/beverley/

# Reference: https://twitter.com/Cyber0verload/status/1673271585678020608

bukatam.ru
durakam.ru
gutarax.ru
kyzylkumbo.ru
namibbo.ru
negevbo.ru
totalav.ru

# Reference: https://twitter.com/StopMalvertisin/status/1674460280900947970
# Reference: https://www.virustotal.com/gui/file/b1e5781f8cb500f306211a954bfe4a7bb19eeb8fa95b71f64052611bdfde30b1/detection

http://89.185.84.140
100delivery.remmaoso.ru
14delicious.remmaoso.ru
15decline.remmaoso.ru
24decline.remmaoso.ru
29deceptive.remmaoso.ru
39delicious.remmaoso.ru
53delicious.remmaoso.ru
59deep.remmaoso.ru
5descendant.remmaoso.ru
65delightful.remmaoso.ru
66delicious.remmaoso.ru
71decline.remmaoso.ru
71deduction.remmaoso.ru
71delivered.remmaoso.ru
71deluge.remmaoso.ru
71destruction.remmaoso.ru
74delicious.remmaoso.ru
77despise.remmaoso.ru
95delicious.remmaoso.ru
96decency.remmaoso.ru
97deliverance.remmaoso.ru

# Reference: https://twitter.com/Cyber0verload/status/1675954349745270784

hanotip.ru
ideolot.ru

# Reference: https://twitter.com/StopMalvertisin/status/1676106184343052288
# Reference: https://www.virustotal.com/gui/file/e7c290bbc729533e1cf05da1e70d1b3f7ad9db3998c37fc4d6fb5e11e263114c/detection

http://46.29.234.106
21deliverance.remmaoso.ru

# Reference: https://twitter.com/StopMalvertisin/status/1676198612349652994
# Reference: https://www.virustotal.com/gui/file/83a4ac741a6947a9e22124ae6162b91afe1f89f22ce8b4b16935b4edd6984404/detection

http://45.95.232.148
61deceptive.remmaoso.ru

# Reference: https://www.virustotal.com/gui/file/a01ff39c0ba0b341b5843dbe174d52d7df1f82d99d06d8e01971290fd4390c46/detection

utilsdownloader.com

# Reference: https://twitter.com/Cyber0verload/status/1678150909694443520
# Reference: https://twitter.com/Cyber0verload/status/1678151014459879432

iraty.ru
marginisbi.ru
opela.ru
orientalebi.ru
procellarumbi.ru
uteroma.ru
for30.procellarumbi.ru
for71.procellarumbi.ru
len61.procellarumbi.ru
loop71.procellarumbi.ru
to30.procellarumbi.ru

# Reference: https://twitter.com/Cyber0verload/status/1679757171469307904

anguisbi.ru
cresozoq.ru
humorumbi.ru
imbriumbi.ru
macda.ru
mojavebo.ru
nicsan.ru
patrios.ru
saharabo.ru
wadibo.ru
wahibabo.ru

# Reference: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
# Reference: https://www.virustotal.com/gui/file/3ead4cabb81ca458cb86206de574b6f82758c01cad3ee8fbafcf2b05f23f601f/detection

http://45.95.235.56
/sus.27.06/bandy/intended.jpeg
/sus.27.06/bandy/
/sus.27.06
/Teleg.23.06/guided/prayers.jpeg
/Teleg.23.06/guided/
/Teleg.23.06

# Reference: https://www.virustotal.com/gui/ip-address/185.143.223.228/relations
# Reference: https://www.virustotal.com/gui/file/00ca60e7ee2e6376379d7a320b94bab086e57de11d22616b3815f04c9cd2e106/detection
# Reference: https://www.virustotal.com/gui/file/285bf896997d7c9a62540ae6279602bd395c8794b5199c2e90263e7948d9a51a/detection

86deserted.minkazi.ru
95derived.fortunyzo.ru
am.soul29.antilopes.ru
bible67.dzheyhunho.ru
bicyclelist.god88.sagittariuso.ru
billion76.damirho.ru
courageous62.boskatrem.ru
deceived1.karoanpa.ru
delayed71.akenatenbo.ru
faithful.salary64.antilopes.ru
faithful.salary90.antilopes.ru
fancied.bible67.dzheyhunho.ru
god88.sagittariuso.ru
luggage83.ayzakpo.ru
luxury82.antilopes.ru
presume.luxury82.antilopes.ru
prevent.stool35.antilopes.ru
read52.kemnebipa.ru
responsebody14.dumerilipi.ru
responsebody31.dumerilipi.ru
responsebody39.dumerilipi.ru
responsebody60.dumerilipi.ru
salary64.antilopes.ru
salary90.antilopes.ru
savetofile71.bakaripi.ru
setrequestheader71.goruspa.ru
setrequestheader8.nebtoizi.ru
soul29.antilopes.ru
stool35.antilopes.ru
write16.dumerilipi.ru
write48.dumerilipi.ru
write59.dumerilipi.ru
write85.dumerilipi.ru

# Reference: https://www.virustotal.com/gui/domain/boskatrem.ru/relations

counsel29.boskatrem.ru
courageous15.boskatrem.ru
courageous18.boskatrem.ru
courageous3.boskatrem.ru
courageous34.boskatrem.ru
courageous44.boskatrem.ru
courageous50.boskatrem.ru
courageous67.boskatrem.ru
courageous72.boskatrem.ru
courageous8.boskatrem.ru
neatly39.boskatrem.ru
sanction60.boskatrem.ru
sanction66.boskatrem.ru
sanction93.boskatrem.ru

# Reference: https://twitter.com/Cyber0verload/status/1684235362170994689
# Reference: https://www.virustotal.com/gui/file/80bcacd8eb08caa7533f5acf245bdd2e2867cb72645a9099990b003f6c51923c/detection

need.cryptonas.ru
interface59.need.cryptonas.ru

# Reference: https://twitter.com/StopMalvertisin/status/1684604760576729088
# Reference: https://www.virustotal.com/gui/file/bfa0d90c18d10454ee5c09b12d63aa458b9f4de42087069b93df1a383698e43d/detection

enemy96.phoenixo.ru

# Generic

/1-/courageous/courageous.69alf
/1-/courageous/
/1-ПК/courageous/courageous.69alf
/1-ПК/courageous/
/27.12_otck/days.rtf
/6BNOTE/loyalty/bikes/endanger.drf
/6BNOTE/loyalty/bikes/
/6BNOTE/loyalty/
/ADMIN-%D0%9F%D0%9A/alternate.kdc
/AKADEMIK1211/clasped/globe/printing.61itdb
/AKADEMIK1211/clasped/globe/
/AKADEMIK1211/clasped/
/DESKTOP-0N5LDB0/altogether/alluded/allows/alluded/alluded.xaf
/DESKTOP-0N5LDB0/altogether/alluded/allows/alluded/
/DESKTOP-0N5LDB0/altogether/alluded/allows/
/DESKTOP-0N5LDB0/altogether/alluded/
/DESKTOP-0N5LDB0/altogether/
/DESKTOP-2078JBK/beyond/fancied.58shp
/DESKTOP-2078JBK/beyond/
/DESKTOP-90A1T3D/regular.83glf
/DESKTOP-DPHL39L/pretence/among/beverley/perform.m3d
/DESKTOP-DPHL39L/pretence/among/beverley/
/DESKTOP-DPHL39L/pretence/among/
/DESKTOP-DPHL39L/pretence/
/DESKTOP-J6T8PGG/sally/sounds/familiar/courageous.70xmf
/DESKTOP-J6T8PGG/sally/sounds/familiar/
/DESKTOP-J6T8PGG/sally/sounds/
/DESKTOP-J6T8PGG/sally/
/DESKTOP-JRQI4FJ/family/necessarily.18wet
/DESKTOP-JRQI4FJ/family/
/DESKTOP-KG04KH8/luck/luck/luck/relay.83ora
/DESKTOP-KG04KH8/luck/luck/luck/
/DESKTOP-KG04KH8/luck/luck/
/DESKTOP-KG04KH8/luck/
/DESKTOP-LQFDA6Q/soup/counter/soup/necklace.81tme
/DESKTOP-LQFDA6Q/soup/counter/soup/
/DESKTOP-LQFDA6Q/soup/counter/
/DESKTOP-LQFDA6Q/soup/
/DESKTOP-M8O7T07/prick.nff
/DESKTOP-T0FMFN4/principal83/principal/lunch.kdc
/DESKTOP-T0FMFN4/principal83/principal/
/DESKTOP-T0FMFN4/principal83/
/DESKTOP-UVHG99D/percy.46rra
/INV7/ally/ally.88wmdb
/KASA/bicycle.dbx
/KI12-463958/perceived/soup/intention/intention/soup.qc
/KI12-463958/perceived/soup/intention/intention/
/KI12-463958/perceived/soup/intention/
/KI12-463958/perceived/soup/
/KI12-463958/perceived/
/LAPTOP-ATFIHP9Q/alternate.sis
/LAPTOP-ATFIHP9Q/alternate/penholder/previous.sis
/LAPTOP-ATFIHP9Q/alternate/penholder/
/LAPTOP-ATFIHP9Q/alternate/
/LAPTOP-ATFIHP9Q/previous/penholder/penholder/alternate.sis
/LAPTOP-ATFIHP9Q/previous/penholder/penholder/
/LAPTOP-ATFIHP9Q/previous/penholder/
/LAPTOP-ATFIHP9Q/previous/
/LILA/between/shoe/ambitious/shoe/principle.21accdr
/LILA/between/shoe/ambitious/shoe/
/LILA/between/shoe/ambitious/
/LILA/between/shoe/
/MASTER-/negative78/claimed/soul.tri
/MASTER-/negative78/claimed/
/MASTER-/negative78/
/OHORONAPRAVLYUD/relay/perfection/classroom.sky
/OHORONAPRAVLYUD/relay/perfection/
/OHORONAPRAVLYUD/relay/
/PC/already/already/relate/all.thl
/PC/already/already/relate/
/PC/amazed/nearby/already.cgm
/PC/amazed/nearby/
/PROBOOK4540/bewail/bewail/sorry/bewail/cough.fcp
/PROBOOK4540/bewail/bewail/sorry/bewail/
/PROBOOK4540/bewail/bewail/sorry/
/PROBOOK4540/bewail/bewail/
/PROBOOK4540/bewail/
/R331-1/ambition/interesting/enforce.26die
/R331-1/ambition/interesting/
/R331-1/ambition/
/USER-PC/allowance/percent/soul.77meb
/USER-PC/allowance/percent/
/USER-PC/allowance/
/USER-PC/could/all/glowing.20mbx
/USER-PC/could/all/
/USER-PC/prey/allowance.90meb
/USER-PC/prey/percent/soul/prey/percent.7meb
/USER-PC/prey/percent/soul/prey/
/USER-PC/prey/percent/soul/
/USER-PC/prey/percent/
/USER-PC/soul/percent.76meb
/USER-PC/sally.64mbx
/WIN-NKDT573S45D/needlework.vp
/WIN-PJMU2R174AA/naughty/stool/luckily.89jas
/WIN-PJMU2R174AA/naughty/stool/
/WIN-PJMU2R174AA/naughty/
/ДЕЛОВОД-ПК/lover.dot
/ЮЛЯ-ПК/alongside/needle/needle.fbx
/ЮЛЯ-ПК/alongside/needle/
/ЮЛЯ-ПК/alongside/
/%D0%AE%D0%9B%D0%AF-%D0%9F%D0%9A/alongside/needle/needle.fbx
/%D0%AE%D0%9B%D0%AF-%D0%9F%D0%9A/alongside/needle/
/%D0%AE%D0%9B%D0%AF-%D0%9F%D0%9A/alongside/
/alongside/needle/
