# Copyright (c) 2014-2023 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: darkcrystalrat, LightStone

# Reference: https://www.mandiant.com/resources/blog/analyzing-dark-crystal-rat-backdoor
# Reference: https://twitter.com/James_inthe_box/status/1178275531692756992
# Reference: https://app.any.run/tasks/01a715ca-6a34-4350-b3ba-d1daae1e3d16/

domalo.online
/ksezblxlvou3kcmbq8l7hf3f4cy5xgeo4udla91dueu3qa54/46kqbjvyklunp1z56txzkhen7gjci3cyx8ggkptx25i74mo6myqpx9klvv3/akcii239myzon0xwjlxqnn3b34w
/ksezblxlvou3kcmbq8l7hf3f4cy5xgeo4udla91dueu3qa54/46kqbjvyklunp1z56txzkhen7gjci3cyx8ggkptx25i74mo6myqpx9klvv3/
/ksezblxlvou3kcmbq8l7hf3f4cy5xgeo4udla91dueu3qa54
/46kqbjvyklunp1z56txzkhen7gjci3cyx8ggkptx25i74mo6myqpx9klvv3
/akcii239myzon0xwjlxqnn3b34w

# Reference: https://twitter.com/wwp96/status/1331059269089816581
# Reference: https://app.any.run/tasks/442534bd-e3db-4ba0-97c2-152d3a16c137/

http://91.240.84.166

# Reference: https://tccontre.blogspot.com/2019/10/dcrat-malware-evades-sandbox-that-use.html
# Reference: https://www.virustotal.com/gui/file/8d41d5131fac719cc11823fb57bef9ef1ea063dbb8f52b235a3948bece039d95/detection

80.87.202.63:25998
178.21.11.90:25998
hfjdhfgrhfnghvng.ru

# Reference: https://twitter.com/JAMESWT_MHT/status/1214876191699681280
# Reference: https://app.any.run/tasks/0a749c4f-0aad-40ab-9bbe-2a703f180eef/

bores.xyz

# Reference: https://app.any.run/tasks/e053d130-71e5-4a7d-936b-ac5b9d2b0129/

oxijoinedsite.site

# Reference: https://app.any.run/tasks/afef48e7-1724-4e27-95c6-580bf1a4c9a4/

city-pub-crawl.su

# Reference: https://app.any.run/tasks/eb847bb3-9a46-4401-992c-85e6f0b0e70f/

changer-esp.ml

# Reference: https://app.any.run/tasks/337e173e-b66c-4a94-96cd-5416c9322e28/

qiwi-api.site

# Reference: https://app.any.run/tasks/0017619a-c449-4827-9595-a781e34a295d/

kkkwdfea.tk

# Reference: https://app.any.run/tasks/7c5d1379-6d4a-495b-8dc1-3fc0b057fa65/

nistrype.fun

# Reference: https://app.any.run/tasks/41df6b91-87a2-4e07-8b4b-3b0afafff205/

never-project.hhos.ru

# Reference: https://app.any.run/tasks/6661b475-c9d1-42b4-bb6a-f864aa086973/

a0365369.xsph.ru

# Reference: https://app.any.run/tasks/346f1108-88cc-4374-bcf4-e613759e111e/

flextem.000webhostapp.com

# Reference: https://app.any.run/tasks/dea60c48-0c60-4338-ba69-9b858760ad68/

beepn.pw

# Reference: https://app.any.run/tasks/23a59334-0db7-40fa-922a-81eab53a20d9/

f0313002.xsph.ru

# Reference: https://app.any.run/tasks/53d78c4b-a003-4af6-9bf0-e3e1155b8ee0/

a0388296.xsph.ru

# Reference: https://app.any.run/tasks/58136f06-a6ed-403e-b16f-9076f37f9ec3/

a0387063.xsph.ru
myhostforlic.ucoz.ru

# Reference: https://app.any.run/tasks/dc26d9b1-dd74-4cc4-8d0e-ef4f3e0e9adf/

vkgroup.tk

# Reference: https://app.any.run/tasks/c97cf5dd-781d-4eb9-8d95-a8829393f80d/

a0315266.xsph.ru

# Reference: https://app.any.run/tasks/f09df457-25de-454e-b10a-5073b48989a3/

sdfsdgafghaetg.tk

# Reference: https://twitter.com/jorgemieres/status/1255866190771167236
# Reference: https://www.virustotal.com/gui/domain/logins.kl.com.ua/relations
# Reference: https://app.any.run/tasks/8696e015-2f09-4d96-b6eb-ef6df4dabfee/

logins.kl.com.ua

# Reference: https://app.any.run/tasks/ee26c21e-b96c-4533-993f-9d91ffb2a514/

cv36917.tmweb.ru

# Reference: https://www.fireeye.com/blog/threat-research/2020/05/analyzing-dark-crystal-rat-backdoor.html
# Reference:https://www.virustotal.com/gui/file/98d0e41701388f1fe202fbabac1fa628a110e8db27737009014774a9e761463c/detection

dcrat.ru

# Reference: https://app.any.run/tasks/cb6c1c2e-40e3-424c-9e4e-85125736d328/

ajci.tk

# Reference: https://app.any.run/tasks/f98f9ffa-6ece-4185-a3eb-0d33d5ed0449/

a0457406.xsph.ru

# Reference: https://app.any.run/tasks/2272828d-9756-44f6-afa1-c87913bcddd5/

http://212.109.221.247

# Reference: https://www.virustotal.com/gui/file/c1e705ce5ea1f84af3557d0bd10eefbbdd81fa4ddf6b4c0a51de1a34ab59e327/detection

a0461492.xsph.ru

# Reference: https://www.virustotal.com/gui/file/1fe6f6deb80bff8019cf443e4c0be1fe9c9cf585404428cbe145b673441b9598/detection

tereshyd.beget.tech

# Reference: https://www.virustotal.com/gui/file/220713be75f67da3ee73406c8a4c2f53b3a92126d5ef73b3dd193017f3826e94/detection

web75.craft-host.ru

# Reference: https://www.virustotal.com/gui/file/73dc0dcdf3a15bfefb1c438fff7ee729f4e35d7ecfab2b76558eabfd7944fc6f/detection

srv166785.hoster-test.ru

# Reference: https://www.virustotal.com/gui/file/203cf853c60be3985c25ce7798e155210a2b128185e5715322eb43171b25c4fa/detection

srv164667.hoster-test.ru

# Reference: https://app.any.run/tasks/535fce56-9ae0-4d8c-a033-ef78e03d2ef9/

ct10840.tmweb.ru

# Reference: https://app.any.run/tasks/289ab4e6-5a3e-46c6-8d29-49098990a9b7/

/eej32n40olfi20gqv0apdzk5x3wecwc2576rorvdmpsyt61rxmmgr6qp/

# Reference: https://app.any.run/tasks/c40ac2ec-986f-4b17-a83f-684149c31038/

/2jvhfu93ja1n5ef28yjwh8197xp0tbm6zegu2en75wti6hta/

# Reference: https://app.any.run/tasks/5f9bd8e6-6910-4216-95ba-7ad1af291b74/

/pgofzftnelhu53gj7qbwil2vo/
laserink.beget.tech

# Reference: https://twitter.com/wwp96/status/1335668703967539202
# Reference: https://app.any.run/tasks/d5eb72ee-af60-45c0-9ec2-17f0c34adc01/

http://185.189.12.125
/m1tjns1b229pczehyub8swfc3kzugkrrqbt6yx3c4xa8snig212irqznd90h9d6w6vjvu1m0yal4/
/wpz36jbvcq4syjrqjprito1r8ck12ui20ib5a40k8fmy7p49xk5yqxgnz/
/2e70bbdf534a47f9cc68a16122290cad65b3ed05.php

# Reference: https://twitter.com/wwp96/status/1335690053482405889
# Reference: https://app.any.run/tasks/8cb6c05f-a11e-40b4-9e7a-2ac14f04cd22/

http://212.109.216.114
/wmu7nzj48bdc5sfsivxxqwbhwvytre7ez/
/ramh92gnmgzspukfiow6z3w4k0syktrjibaovdmcgqze53rv3d1h85hs16t5jnjdcbefq1qi76n4poo8cf/
/dcbb3f0abca3117648fdcab13b68e1162ddbc275.php

# Reference: https://app.any.run/tasks/a6cff01f-a7aa-4180-b155-54ed2bd998be/

http://62.109.27.122
/ecxhnnthpytusqif0j9x7534rmz/
/nbszeoiml6wssgfpdtjbla9r8q59xcgphsft1cks7ru041oe9u5vijm0zclyz64eh2rdj7/
/1272d9d3e244604153265cb97db3c19ba1f2d7f5.php

# Reference: https://app.any.run/tasks/c19f8094-f2ff-4e49-98e3-ef1430e152e9/

http://82.146.57.28
/1841jr7loo9itlriycjs137kkurmub6gy4fgve85wej6p9cwzht/
/6nai20vl9ol9cpx4ugfqtzpgnh2q/
/53e88c7cd6f237543ef0b0cb52d775b7d583f83a.php

# Reference: https://app.any.run/tasks/8132aeef-11ed-443d-ae37-e61746e4e643/

a0501919.xsph.ru

# Reference: https://app.any.run/tasks/84288362-9f98-408c-b148-99b6d1aa0c2b/

http://94.250.255.110
/92axhgmxpdkezsc8o7utb4coqyop9ls4r8ynuqp05g22/
/92axhgmxpdkezsc8o7utb4coqyop9ls4r8ynuqp05g22/x3n9o/b88e556bffd877877e03b181174f5d55dd654e9e.php
/b88e556bffd877877e03b181174f5d55dd654e9e.php

# Reference: https://app.any.run/tasks/5433b35a-7ff2-414d-824e-4d4a73a3cce7/

cu24886.tmweb.ru
/xo8destofsad1yy0o0pj9rgjj4mqt5by2b8a9ktibk9z1h68npcffaorwp3/
/mjdpbwao3xfihlspr01mxeuj8ujcmv4i1pswkv6vja0so55dz2o4sgf5wqi9bnvi6h3dc4qd6gyf8/
/5f7b65221ba9f26a68dbe40cd557a10da5c41c17.php

# Reference: https://www.virustotal.com/gui/file/2e2dbb104e1a170651a42f2e739440719fea74360416cd6945d7a9e2eefa01bb/detection

sss.lyuk.fun
/lubacmytkmhh5d338wi4sub7av44bzkyzugl1mccx2q98qjf6cjna9g295gwrwjafoziul6apfep/65dc8f3f8e19a8822548a9b139852b2ae510a7f9.php
/lubacmytkmhh5d338wi4sub7av44bzkyzugl1mccx2q98qjf6cjna9g295gwrwjafoziul6apfep/
/65dc8f3f8e19a8822548a9b139852b2ae510a7f9.php

# Reference: https://www.virustotal.com/gui/file/84c1cd5e95673fca1444b5879e83857e0513b3985a8e9152b45f6ad6e688971d/detection

sdam-oge.xyz
/u2l4eq1htsg0u8ktp6ybv1arcxmoax/4j0oidz6tcdbp2oex8/04107c5846d99adc0ccece6ba32e8daa52346d3b.php
/u2l4eq1htsg0u8ktp6ybv1arcxmoax/
/04107c5846d99adc0ccece6ba32e8daa52346d3b.php

# Reference: https://www.virustotal.com/gui/file/c9a1d56e05b593d77541650c1424eeeb4c18ff948436f2c1e1ceffff61e424d4/detection
# Reference: https://www.virustotal.com/gui/file/f42a09edcf9d7745925cd56d498f57104329b10dcd221c99dd07df3fae4d6c64/detection
# Reference: https://www.virustotal.com/gui/file/30ca126420741c189cf4bf0cdb236c5ae863bb0cc705d3fcb45dc2b502652819/detection
# Reference: https://www.virustotal.com/gui/file/2bf90f9564d31ceec8f61908e8de2594082b1eb8622355b3436608559c5ce68a/detection
# Reference: https://www.virustotal.com/gui/file/c9a1d56e05b593d77541650c1424eeeb4c18ff948436f2c1e1ceffff61e424d4/detection

changer-esp.ml
/agpo589w2hro33u3uwsrw551cmq9d1h8ua/ekfkmfzlcgtyckndd184itb7b9a6sj6voa4a475b15epzy3voxns7mf9qb9t5wr/f287097c7ea3f9c96305e3c6d2b24a0492b2e42c.php
/agpo589w2hro33u3uwsrw551cmq9d1h8ua/
/ekfkmfzlcgtyckndd184itb7b9a6sj6voa4a475b15epzy3voxns7mf9qb9t5wr/
/f287097c7ea3f9c96305e3c6d2b24a0492b2e42c.php
/jpep63pj8f5k0956dofx1kr7kbmhtnkg3pjlcqqbc9tev86y0u6w3zxujcn1/lr8bs3n8dwzekz95t7g5290ynb1xguo1tc02wv3kmp0e96yrlr4406uirfsnp/810a818d2e046901cbf4685b2447bf5eced209d3.php
/jpep63pj8f5k0956dofx1kr7kbmhtnkg3pjlcqqbc9tev86y0u6w3zxujcn1/
/lr8bs3n8dwzekz95t7g5290ynb1xguo1tc02wv3kmp0e96yrlr4406uirfsnp/
/810a818d2e046901cbf4685b2447bf5eced209d3.php
/wrrk41xugrucxw8bmia1luo3ndykspkqxowev4qyn2vlt204gyes/ux3phf0o9efk052qntnlsiwxj1a6i1s9le0pukz6gg17got3h5n5ocjgr/524276db2008bc5a31cfab16b20e3f57a04e33d0.php
/wrrk41xugrucxw8bmia1luo3ndykspkqxowev4qyn2vlt204gyes/
/ux3phf0o9efk052qntnlsiwxj1a6i1s9le0pukz6gg17got3h5n5ocjgr/524276db2008bc5a31cfab16b20e3f57a04e33d0.php
/ux3phf0o9efk052qntnlsiwxj1a6i1s9le0pukz6gg17got3h5n5ocjgr/
/524276db2008bc5a31cfab16b20e3f57a04e33d0.php
/jqa220bvl8yxsdgmhki3fmjgo4alngtje10p3crfnl6bx3szk2dyis7x05v2xqw7huuawfu94crk/f730cf4f95e8c4974e9e354f14e192a209410810.php
/jqa220bvl8yxsdgmhki3fmjgo4alngtje10p3crfnl6bx3szk2dyis7x05v2xqw7huuawfu94crk/
/f730cf4f95e8c4974e9e354f14e192a209410810.php
/agpo589w2hro33u3uwsrw551cmq9d1h8ua/ekfkmfzlcgtyckndd184itb7b9a6sj6voa4a475b15epzy3voxns7mf9qb9t5wr/f287097c7ea3f9c96305e3c6d2b24a0492b2e42c.php
/agpo589w2hro33u3uwsrw551cmq9d1h8ua/
/ekfkmfzlcgtyckndd184itb7b9a6sj6voa4a475b15epzy3voxns7mf9qb9t5wr/f287097c7ea3f9c96305e3c6d2b24a0492b2e42c.php
/ekfkmfzlcgtyckndd184itb7b9a6sj6voa4a475b15epzy3voxns7mf9qb9t5wr/
/f287097c7ea3f9c96305e3c6d2b24a0492b2e42c.php

# Reference: https://www.virustotal.com/gui/file/c569b600936870c0205b6992fca7a3d98adc5d6d90206392bb29445bc04fdd9f/detection
# Reference: https://www.virustotal.com/gui/file/fc63cd606cf3be19778fc8a599565f466bace3ea413397b9207571cf90ee4d70/detection

trtrk.tk
/8sk7wdukztor4gv6sscgcbsfom672xgdl8hwn5slhhvn/9w78z41vd65tnev2dbg6xn7ifnthlum1lesjeybeh10ipcg568q/40511eac9a18da158d2524bf42b8099db23a7198.php
/8sk7wdukztor4gv6sscgcbsfom672xgdl8hwn5slhhvn/
/9w78z41vd65tnev2dbg6xn7ifnthlum1lesjeybeh10ipcg568q/
/40511eac9a18da158d2524bf42b8099db23a7198.php
/hb6z5e4vtf7s7xant1ymggp/0y6trz8p796z3l9un1bmkoryqt8jb7q0zno0m0cxrelxrbwvwssek2n3/94fdeb52381c8578b3fe82a4da27d8843a71254f.php
/hb6z5e4vtf7s7xant1ymggp/
/0y6trz8p796z3l9un1bmkoryqt8jb7q0zno0m0cxrelxrbwvwssek2n3/
/94fdeb52381c8578b3fe82a4da27d8843a71254f.php

# Reference: https://www.virustotal.com/gui/file/0c08183ca7d7511a0fb5ca3ab11d74b066c38427912220e963c4ceafe87350ed/detection
# Reference: https://www.virustotal.com/gui/file/11accc9b0cd6f1bcff495f7a3ec2b9ebc7acfaa15f5bf88160c4ae724eeb0269/detection
# Reference: https://www.virustotal.com/gui/file/19293bab3f8d1598dff122142f0641aeaf5c7b63d9692d565e4b4b5ae2fea82d/detection
# Reference: https://www.virustotal.com/gui/file/b505454ac5e35abf59bfd6d039d07348a309b4903f5679c10168215f8f4566f9/detection

big-chlen.ml
/zcc4wy82hc9sk351nf51xrzjmeqeisfnjwrw0nagso7z2mnb72aac1iqe3lv/ul86hhzpxz2terk/a06763f99577add4361c8f382e94b1d384d0eae2.php
/zcc4wy82hc9sk351nf51xrzjmeqeisfnjwrw0nagso7z2mnb72aac1iqe3lv/
/a06763f99577add4361c8f382e94b1d384d0eae2.php
/81ly4nh50jk0n43ze2fq6svhtp1x2ddrulymihx2qkkrgapah0a9l1w7lm79r3c1r8t1/5add562f05b70b54786e15b898eade52720a0304.php
/81ly4nh50jk0n43ze2fq6svhtp1x2ddrulymihx2qkkrgapah0a9l1w7lm79r3c1r8t1/
/5add562f05b70b54786e15b898eade52720a0304.php
/eb6ce1l2uf1lcdxiutpsskg4q22u4tt0mqfydf63n43chv8ts9zq6y5jre8zlpabz9f/o42p885c1967jdwl3wmfb3fi8msmyzz0se12yt1b2kuiou5v9ogc/461d319af8a6a131a055d1fbc3587d7e081534b5.php
/eb6ce1l2uf1lcdxiutpsskg4q22u4tt0mqfydf63n43chv8ts9zq6y5jre8zlpabz9f/
/o42p885c1967jdwl3wmfb3fi8msmyzz0se12yt1b2kuiou5v9ogc/461d319af8a6a131a055d1fbc3587d7e081534b5.php
/o42p885c1967jdwl3wmfb3fi8msmyzz0se12yt1b2kuiou5v9ogc/
/461d319af8a6a131a055d1fbc3587d7e081534b5.php
/4e3twf02xyx7uk3nlzuc/cbanirg43pfycp0098lxcoq7xsef2h8o/06aca9cb7ae3a7ae747899d9d5db60d066937d79.php
/4e3twf02xyx7uk3nlzuc/
/cbanirg43pfycp0098lxcoq7xsef2h8o/
/cbanirg43pfycp0098lxcoq7xsef2h8o/06aca9cb7ae3a7ae747899d9d5db60d066937d79.php
/06aca9cb7ae3a7ae747899d9d5db60d066937d79.php

# Reference: https://www.virustotal.com/gui/file/7738ad1029f1709ec86c8ba24e04b3f71edf671b64681b884ccd70725a1674a5/detection

f0332298.xsph.ru
khxclhpyxach.000webhostapp.com
tedrbavrjrvl.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/78d3657bc6632a7894975a120f3e3cba24a31c1be98d703ebd455ec3eb1b443f/detection

fthtrhtht.xyz.swtest.ru

# Reference: https://www.virustotal.com/gui/file/b0587a32f9dcd1918883354db87376bafaebfed10359228540e57372c2410eb9/detection

borodach2643890.online.swtest.ru
/stl8ldqmfrrfel0p6w5pfloceixidn3dg2qzitsb56ghwkefgbq4zg/1s1tqx4nad15jp7m36/2d1465a3505530413d71f7c5643c8f5f53f832bf.php
/stl8ldqmfrrfel0p6w5pfloceixidn3dg2qzitsb56ghwkefgbq4zg/1s1tqx4nad15jp7m36/
/stl8ldqmfrrfel0p6w5pfloceixidn3dg2qzitsb56ghwkefgbq4zg/
/1s1tqx4nad15jp7m36/
/2d1465a3505530413d71f7c5643c8f5f53f832bf.php

# Reference: https://www.virustotal.com/gui/file/79821a8e903d54162bd27f98e998056bdd86f9fb65fdfe6d2eb2db93d23d9e00/detection

joboykoya2.temp.swtest.ru
/dsa9bezkgbouxklfgtsj28jyu8mpiparwxcdwvqkwzuw4e4imtvhpq5odqz626wy103/zsoa7fq/c76977934cb8179863e8dcc6877b78f9eaa2c2f0.php
/dsa9bezkgbouxklfgtsj28jyu8mpiparwxcdwvqkwzuw4e4imtvhpq5odqz626wy103/
/c76977934cb8179863e8dcc6877b78f9eaa2c2f0.php

# Reference: https://www.virustotal.com/gui/file/dd2e16f51093a9e1f219dbbb9ed9170969e6d5f82fd75e9ffb14100a60b00944/detection

xibefoc467.temp.swtest.ru
/jr362ixublms04ceyi7zfnntmea9so8e51/mtzkbzxvmgzja977vh5cy2iea9ynrdku/ca9a1b6af82a14cc6367351fd09e28d59e3cf499.php
/jr362ixublms04ceyi7zfnntmea9so8e51/mtzkbzxvmgzja977vh5cy2iea9ynrdku/
/jr362ixublms04ceyi7zfnntmea9so8e51/
/mtzkbzxvmgzja977vh5cy2iea9ynrdku/
/ca9a1b6af82a14cc6367351fd09e28d59e3cf499.php

# Reference: https://app.any.run/tasks/fc618299-4cef-4e89-b5c0-4d2efb519054/

cu31892.tmweb.ru

# Reference: https://app.any.run/tasks/875036f3-5d0f-4197-bee5-3760f7e8dd95/

oneway-exe.ru

# Reference: https://app.any.run/tasks/6fd6f53a-609f-41f3-adf5-e2d47c6af95b/

ch71531.tmweb.ru

# Reference: https://www.virustotal.com/gui/file/5e92f42622ff84d9e7924fd77d203daae58dbf09da9b2bcab7474cf051820740/detection

exempal.cf
/dps7t752hgory13y2703rrpgxsw6owmmli8acdo9azm1v0q2b7lenn9w3kciuzn87zr4jvnz6f8lk30/6uooe4ipdagnerdwo8h5kh2txam1njqcx7j/87df5a86f678b2f61f9e2fae37a1c758737a0e99.php
/dps7t752hgory13y2703rrpgxsw6owmmli8acdo9azm1v0q2b7lenn9w3kciuzn87zr4jvnz6f8lk30/6uooe4ipdagnerdwo8h5kh2txam1njqcx7j/
/dps7t752hgory13y2703rrpgxsw6owmmli8acdo9azm1v0q2b7lenn9w3kciuzn87zr4jvnz6f8lk30/
/6uooe4ipdagnerdwo8h5kh2txam1njqcx7j/87df5a86f678b2f61f9e2fae37a1c758737a0e99.php
/6uooe4ipdagnerdwo8h5kh2txam1njqcx7j/
/87df5a86f678b2f61f9e2fae37a1c758737a0e99.php

# Reference: https://www.virustotal.com/gui/file/4826fb45c88d5e352c330de2c76612baed1eb94c58bc58929ffcd9df5b0b5213/detection

a0315442.xsph.ru
/8vrpgqblltuiasb3pavt/cas5qc1ukntde7mnk4z88isab2jl3pv845auzfvzh5krdwoxpwoe5vn8btgi7ucqvfjtuh/a82e98ad62625d64cf0aac8ff970f101f0b8dbdd.php
/8vrpgqblltuiasb3pavt/cas5qc1ukntde7mnk4z88isab2jl3pv845auzfvzh5krdwoxpwoe5vn8btgi7ucqvfjtuh/
/8vrpgqblltuiasb3pavt/
/cas5qc1ukntde7mnk4z88isab2jl3pv845auzfvzh5krdwoxpwoe5vn8btgi7ucqvfjtuh/a82e98ad62625d64cf0aac8ff970f101f0b8dbdd.php
/8vrpgqblltuiasb3pavt/cas5qc1ukntde7mnk4z88isab2jl3pv845auzfvzh5krdwoxpwoe5vn8btgi7ucqvfjtuh/
/a82e98ad62625d64cf0aac8ff970f101f0b8dbdd.php

# Reference: https://www.virustotal.com/gui/file/c79c8b52c8e06c77e068bf2d7798490ae3fbb596d798a3232011f0acbf322d9a/detection 

a0472136.xsph.ru
/434a17mvckf19dxf83nl84jcsgkqj6tkfpa152ec8/
/011afb0749904eed1c837350cda0a7aea10f84c9.php

# Reference: https://www.virustotal.com/gui/file/26bb89fed1eb8544bf3e70fdac8713d7201cd3b36962738aa23f42371779c100/detection

f0452627.xsph.ru
/d0wpfpdwqcvri7hikj0honbqlg60vkld/ec7i7ylhvupxp1jpdah68mzigqxyat0nuw9spok3ywfql52ct5nv5k419/52d126a457c70dcf8f15c863f1e7eb6318f28152.php
/d0wpfpdwqcvri7hikj0honbqlg60vkld/ec7i7ylhvupxp1jpdah68mzigqxyat0nuw9spok3ywfql52ct5nv5k419/
/d0wpfpdwqcvri7hikj0honbqlg60vkld/
/ec7i7ylhvupxp1jpdah68mzigqxyat0nuw9spok3ywfql52ct5nv5k419/
/52d126a457c70dcf8f15c863f1e7eb6318f28152.php

# Reference: https://www.virustotal.com/gui/file/ccb4673eba9fc6523366bfe8a0dfaa8cf4c4aa3f5c5edccc3c98dd4b28356fe0/detection

f0471995.xsph.ru

# Reference: https://www.virustotal.com/gui/file/21b703742ded5a6ac2d580ccbe1fadc3113e6c01750658c93204e5cb3c4797e7/detection

a0486179.xsph.ru
/0ewhm8n8kba1grvga073qjtu7lq/
/ccba8a2e3755c5123325a7f2e766975b0ad70363.php

# Reference: https://www.virustotal.com/gui/file/89c0578b862c36d099744f435c97e3d64cefc29a3705dfa61735ab9d7939c83e/detection

cy59724.tmweb.ru
/fhouqsip6grypvxr4gvoeu5s/6h56e8do29cj71emx2wxop90l6ms6b0n03ys1v34m9c4ffqfymjeslku1nt4zxrzpe/e6eca0e86c3ff6c5f5ce3b597946a8466c9a5e49.php
/6h56e8do29cj71emx2wxop90l6ms6b0n03ys1v34m9c4ffqfymjeslku1nt4zxrzpe/e6eca0e86c3ff6c5f5ce3b597946a8466c9a5e49.php
/fhouqsip6grypvxr4gvoeu5s/
/6h56e8do29cj71emx2wxop90l6ms6b0n03ys1v34m9c4ffqfymjeslku1nt4zxrzpe/
/e6eca0e86c3ff6c5f5ce3b597946a8466c9a5e49.php

# Reference: https://www.virustotal.com/gui/file/c3832621e8b001e0d9c67a2eb87df480794160ba88dad28611e3fbd1019e382f/detection

pcsovet.5k5.ru
/4r8sb3nl87wc75w9rh3ffhu6w5che/bltcxwg89mid9szec5tojjm79ls6kh1rom74d71n3hvepefuiylji0rffa5n62l56wsuk28bcw978agtu1y/d1e916594122bd471161b2701ccd8b16c7d56f06.php
/4r8sb3nl87wc75w9rh3ffhu6w5che/bltcxwg89mid9szec5tojjm79ls6kh1rom74d71n3hvepefuiylji0rffa5n62l56wsuk28bcw978agtu1y/
/4r8sb3nl87wc75w9rh3ffhu6w5che/
/bltcxwg89mid9szec5tojjm79ls6kh1rom74d71n3hvepefuiylji0rffa5n62l56wsuk28bcw978agtu1y/
/d1e916594122bd471161b2701ccd8b16c7d56f06.php

# Reference: https://twitter.com/c3rb3ru5d3d53c/status/1366076714653212676
# Reference: https://www.virustotal.com/gui/file/50444a618ccea3cc6b93088378260b2fab89b5b92d4b06f27fc2e8a58b950c79/detection

cg94871.tmweb.ru
/ipq342neycw2vemr137rhq3u1lsggre8hk4enbicwwb7hdfzrtpla4kyufmto/avldwf/11d3d498af0fd072d4bbc98f8a2273b235c27adb.php
/ipq342neycw2vemr137rhq3u1lsggre8hk4enbicwwb7hdfzrtpla4kyufmto/
/11d3d498af0fd072d4bbc98f8a2273b235c27adb.php

# Reference: https://www.virustotal.com/gui/file/6ac9d0949e78f75adb767797d2e8f456b9bfc19cf85ce0f6fe4fe2e2678ae020/detection

a0484572.xsph.ru
/0ongi8hxo7yarpcd65ellx53/cwc80amx0pz2qbb7j75ew4h3mtreckxau7203jofqsdgqekrx0a924p21lv95n58fl69v54an/0e776a6139e804b26561001e727cd021217e5558.php
/cwc80amx0pz2qbb7j75ew4h3mtreckxau7203jofqsdgqekrx0a924p21lv95n58fl69v54an/0e776a6139e804b26561001e727cd021217e5558.php
/0e776a6139e804b26561001e727cd021217e5558.php
/0ongi8hxo7yarpcd65ellx53/
/cwc80amx0pz2qbb7j75ew4h3mtreckxau7203jofqsdgqekrx0a924p21lv95n58fl69v54an/

# Reference: https://www.virustotal.com/gui/file/0db9b3287dbda591372414623e67ed65e19145656ec7270c545e33ec8dcf7359/detection

f0438395.xsph.ru
f0446323.xsph.ru
/y4owmffza4zbl/vay92fnfwidomnmj2ati1/ce35e0ff1e1d2c8b81e3deee715d223b27132874.php
/y4owmffza4zbl/vay92fnfwidomnmj2ati1/
/y4owmffza4zbl/
/vay92fnfwidomnmj2ati1/
/ce35e0ff1e1d2c8b81e3deee715d223b27132874.php

# Reference: https://www.virustotal.com/gui/file/0bc8f7c32c038195ec0a00142e6a497a85740044b6c7f58f140d8bd084aa4c7d/detection

f0478615.xsph.ru
/zli0hx3rb7l5motetc6rq/m50qy39ordpa8n7ags3r1jmhv4441kibchpvujqu1c67lz54wdhn41etky0p0mjfruxx/bf8bde4aecac1785475ed63563972416621c91d2.php
/zli0hx3rb7l5motetc6rq/m50qy39ordpa8n7ags3r1jmhv4441kibchpvujqu1c67lz54wdhn41etky0p0mjfruxx/
/zli0hx3rb7l5motetc6rq/
/m50qy39ordpa8n7ags3r1jmhv4441kibchpvujqu1c67lz54wdhn41etky0p0mjfruxx/
/bf8bde4aecac1785475ed63563972416621c91d2.php

# Reference: https://www.virustotal.com/gui/file/10308a424c6d9abfc703efc49ab5d0840766ebf51ac4b03269a1f98ef0a66aec/detection

f0463306.xsph.ru
/dnc43rncghchlzne9ifqkgvkz/w1d6njsup/5bea1966ae5a874168cf125971b3ea99cedb7df7.php
/dnc43rncghchlzne9ifqkgvkz/
/5bea1966ae5a874168cf125971b3ea99cedb7df7.php

# Reference: https://www.virustotal.com/gui/file/cd6e3b60a429bbf3dd571ac9bcb953f378433264550325139b1535c79b434e86/detection

f0475486.xsph.ru
/tq2jahdsfa5g9y3w1wjcio6r48zu6qvp7o92omin3etbfwh5uad8p/bv426i0urvvb71p1ecoum8rsozplify7glwhxk97w/fc0de89767fa4fb6ceb846e92428d4a917d24c31.php
/tq2jahdsfa5g9y3w1wjcio6r48zu6qvp7o92omin3etbfwh5uad8p/bv426i0urvvb71p1ecoum8rsozplify7glwhxk97w/
/tq2jahdsfa5g9y3w1wjcio6r48zu6qvp7o92omin3etbfwh5uad8p/
/bv426i0urvvb71p1ecoum8rsozplify7glwhxk97w/
/fc0de89767fa4fb6ceb846e92428d4a917d24c31.php

# Reference: https://www.virustotal.com/gui/file/0c797645b62f0d5262d2db462218c9f0ad064858bfe206f02d99541c7bc762dd/detection

f0457573.xsph.ru
/5a7tuwel9087f50z2wu42oyf8sbjeztvg785xrn/gh7r8ky9sp/8661ba6a5e0db20f23382c8ecb1af46b4af13638.php
/5a7tuwel9087f50z2wu42oyf8sbjeztvg785xrn/
/8661ba6a5e0db20f23382c8ecb1af46b4af13638.php

# Reference: https://www.virustotal.com/gui/file/3507728820cc00598364f740bc8bd661b3ea2217d3292f17b20f8d9093fda25e/detection

f0494736.xsph.ru
/q3vuzcny1grdz47l019ksvl7g5kla6tq1johbifung5j617s82dd2oyf/og4rzao3yh3z48er5eh8y3lju1dwtcntz9xw6jfo9pf5807xk2ffvup5402w4kj/sryg3ha98v02qow3rp/dc8c5ce9e6004966bf6ad5e7499b507b.php
/q3vuzcny1grdz47l019ksvl7g5kla6tq1johbifung5j617s82dd2oyf/og4rzao3yh3z48er5eh8y3lju1dwtcntz9xw6jfo9pf5807xk2ffvup5402w4kj/
/q3vuzcny1grdz47l019ksvl7g5kla6tq1johbifung5j617s82dd2oyf/
/og4rzao3yh3z48er5eh8y3lju1dwtcntz9xw6jfo9pf5807xk2ffvup5402w4kj/
/fbd557434528cbf66b6d4edaaf8c7c68f5b17c75.php
/sryg3ha98v02qow3rp/dc8c5ce9e6004966bf6ad5e7499b507b.php

# Reference: https://www.virustotal.com/gui/file/0c973ee7d91878f4db5d0044ecb43f508df4013d85d85b33f5a58ff3ee1a58a0/detection

f0493264.xsph.ru
/piks3hwokuzpinvf1sifaqvlezh0/
/f3924bcd353a8e1f603f95309fa65ca3f8dcfceb.php
/piks3hwokuzpinvf1sifaqvlezh0/zc8bt0r4pk3m9ql8c6dc9xlnyl0tk5bok42soa5j1o68pg20t/283314aaecfe5dd34e232939e1218999.php
/piks3hwokuzpinvf1sifaqvlezh0/zc8bt0r4pk3m9ql8c6dc9xlnyl0tk5bok42soa5j1o68pg20t/
/zc8bt0r4pk3m9ql8c6dc9xlnyl0tk5bok42soa5j1o68pg20t/
/283314aaecfe5dd34e232939e1218999.php

# Reference: https://www.virustotal.com/gui/file/040a25f63a9c6fb1703a1039488a0eba849588a054b5e603cd19792707d2ef32/detection

f0503470.xsph.ru

# Reference: https://www.virustotal.com/gui/file/d50d9f271cf93d53fe6d1f1a00546e12c04f00e6546158a389c99a201b281231/detection

f0515589.xsph.ru
/34voq2emqal4bp5any671hzf9lm3ij839zrxw2gzhl6ttih4ewum0ply6omxcfus08wn14ib/03ryscvohzllc76/ea5efdbfcf64407f0133129dc50e9decb86eddc2.php
/34voq2emqal4bp5any671hzf9lm3ij839zrxw2gzhl6ttih4ewum0ply6omxcfus08wn14ib/03ryscvohzllc76/
/34voq2emqal4bp5any671hzf9lm3ij839zrxw2gzhl6ttih4ewum0ply6omxcfus08wn14ib/
/ea5efdbfcf64407f0133129dc50e9decb86eddc2.php

# Reference: https://www.virustotal.com/gui/file/357b1770262a0b0f33f56f8fece9e1e35f4918acf72d36bb3cae719fde9bc18b/detection

f0510538.xsph.ru
/u3s904w2ibcgouhmgk4bcxx1a2vetdp7/
/7db32d0d111d8e8d56501876d36930c7da4bbda7.php

# Reference: https://www.virustotal.com/gui/file/8c0a2621bdd862a767aea8ac6c8721a07f11232db5b16a60cd868341355a3e07/detection

f0491418.xsph.ru
/jbouypul6170z295czg/9esptzen95oqo1qj4mmd7fbuo63xp2pnv1c8wizr6bjlkf2da4a4u6axfv3uhex36wludrvoec5ykywq/103eeb3716f4deeefafd758ba7c991b6b88dd11e.php
/jbouypul6170z295czg/9esptzen95oqo1qj4mmd7fbuo63xp2pnv1c8wizr6bjlkf2da4a4u6axfv3uhex36wludrvoec5ykywq/
/jbouypul6170z295czg/
/9esptzen95oqo1qj4mmd7fbuo63xp2pnv1c8wizr6bjlkf2da4a4u6axfv3uhex36wludrvoec5ykywq/
/103eeb3716f4deeefafd758ba7c991b6b88dd11e.php

# Reference: https://www.virustotal.com/gui/file/33291a6e72594047c17a796a081f09883550a219846dccd5ed3cfc8451b5a135/detection

f0509824.xsph.ru

# Reference: https://www.virustotal.com/gui/file/424917f137c2dba0a9dbbac18076aee314780dfccedc31883b1cbe7ce914298d/detection

f0515589.xsph.ru
/34voq2emqal4bp5any671hzf9lm3ij839zrxw2gzhl6ttih4ewum0ply6omxcfus08wn14ib/03ryscvohzllc76/ea5efdbfcf64407f0133129dc50e9decb86eddc2.php
/34voq2emqal4bp5any671hzf9lm3ij839zrxw2gzhl6ttih4ewum0ply6omxcfus08wn14ib/
/ea5efdbfcf64407f0133129dc50e9decb86eddc2.php

# Reference: https://www.virustotal.com/gui/file/be2cc2d4877f79dcb0cbef9a42d114544a135f2c1f8bd96ed06cb01c0defae60/detection

f0515572.xsph.ru

# Reference: https://www.virustotal.com/gui/file/14df9469961f7a159651587e0a4afc78d06e3d7247c9d9ccb47b840c71bfb792/detection

f0517366.xsph.ru
/3s66rm0tcvofycuvdqqdlhaoi0i7560bwkxgq97drftbf4m4l04nea9ugzt/wh97lg5i0mnw6rfzrg/d5501495d336c46495f9b8e54386c8bf5ac0cc5e.php
/3s66rm0tcvofycuvdqqdlhaoi0i7560bwkxgq97drftbf4m4l04nea9ugzt/wh97lg5i0mnw6rfzrg/
/3s66rm0tcvofycuvdqqdlhaoi0i7560bwkxgq97drftbf4m4l04nea9ugzt/
/wh97lg5i0mnw6rfzrg/
/d5501495d336c46495f9b8e54386c8bf5ac0cc5e.php

# Reference: https://app.any.run/tasks/3ca79d1f-03ef-4215-b587-082334de1ed7/

filmix.space
/s3l2w44ni0au767y00lrxlbkesye5cot4zund7ju9t3k65niw1msvh/g7o4lqch3nkt0p08/20eb5bca358665727c4c5ac112fb96afb9757028.php
/s3l2w44ni0au767y00lrxlbkesye5cot4zund7ju9t3k65niw1msvh/g7o4lqch3nkt0p08/
/s3l2w44ni0au767y00lrxlbkesye5cot4zund7ju9t3k65niw1msvh/
/20eb5bca358665727c4c5ac112fb96afb9757028.php

# Reference: https://www.virustotal.com/gui/file/a8b88f7751da32956991d5a6bed4bb5fe788696188a04b951f304e5035d1c5b0/detection

f0517233.xsph.ru
/7njihfv0a/kz5cfx173w93hd3eizzct6gy1gx8dj5ioy/5e150948e707791422070434d2fa55363f18c867.php
/7njihfv0a/kz5cfx173w93hd3eizzct6gy1gx8dj5ioy/
/5e150948e707791422070434d2fa55363f18c867.php
/kz5cfx173w93hd3eizzct6gy1gx8dj5ioy/db9hfgvbx/edc301e834c038e30c4f9fc52b979a12.php
/kz5cfx173w93hd3eizzct6gy1gx8dj5ioy/
/edc301e834c038e30c4f9fc52b979a12.php

# Reference: https://www.virustotal.com/gui/file/e7bc06eedb8600ef3a3a168e04260e2aa2c1bffa1eec3ab256deb866bed7b1d1/detection

f0519071.xsph.ru
/1lua73k3rf9/ag07622pc1uspjsulyin3gz3ywv8btbe0jx5tmkild45o88qfgt6v23keb1rdcnsfaz1fma09vns6rhtrghk37/2da79cb2b31cd83770333991b6d72e6823f7120d.php
/ag07622pc1uspjsulyin3gz3ywv8btbe0jx5tmkild45o88qfgt6v23keb1rdcnsfaz1fma09vns6rhtrghk37/
/2da79cb2b31cd83770333991b6d72e6823f7120d.php

# Reference: https://www.virustotal.com/gui/file/514227515d4d8d80d19bb27b92182154fefc8f016be0c86c8016ec9a0cad7c6a/detection

f0519034.xsph.ru
/gxb17nqb13togzcoj6w2wbvdamxwsgmvdmqxk74pz7iaetdzd08z1j7rak6ujptlgy/b55vlmrnyp/80501efbfd7a3a3302bf2aa2aeda671587c06f3c.php
/gxb17nqb13togzcoj6w2wbvdamxwsgmvdmqxk74pz7iaetdzd08z1j7rak6ujptlgy/
/80501efbfd7a3a3302bf2aa2aeda671587c06f3c.php

# Reference: https://www.virustotal.com/gui/file/84ae6fe4cd4f1357409af9eeea51b0ceb8385242c1e67b1f22a51a9475f3ce01/detection

cs51919.tmweb.ru
/jah3b5q3hkt4v8iuj47724umkygr1gsctnp3p1ukmio9ixwfcnflh76esg5fv4qnxlsm/sg2dmj1k5lzzxrtchs6omubpixuk3a1dqmb8rn/1b58f49e15eeb98754ad22cdd55072e27b160ca2.php
/jah3b5q3hkt4v8iuj47724umkygr1gsctnp3p1ukmio9ixwfcnflh76esg5fv4qnxlsm/sg2dmj1k5lzzxrtchs6omubpixuk3a1dqmb8rn/
/jah3b5q3hkt4v8iuj47724umkygr1gsctnp3p1ukmio9ixwfcnflh76esg5fv4qnxlsm/
/sg2dmj1k5lzzxrtchs6omubpixuk3a1dqmb8rn/
/1b58f49e15eeb98754ad22cdd55072e27b160ca2.php

# Reference: https://www.virustotal.com/gui/file/6e2c565e36ca5fd95af9f7a0d1a2fa6b9ec50caef4290e9eb9abe53ab3b8e70b/detection

a0404851.xsph.ru
/stwc3br2iynbmx8wlv054g1c9nyqq7eumxrb1t0u5d9znkez8jip10f4ap95ja94aabro1kxzxpq708/av4yi982qnv743qpxk/4b15077fafc5c905a0a10493de237bd680a0de80.php
/av4yi982qnv743qpxk/4b15077fafc5c905a0a10493de237bd680a0de80.php
/stwc3br2iynbmx8wlv054g1c9nyqq7eumxrb1t0u5d9znkez8jip10f4ap95ja94aabro1kxzxpq708/av4yi982qnv743qpxk/
/stwc3br2iynbmx8wlv054g1c9nyqq7eumxrb1t0u5d9znkez8jip10f4ap95ja94aabro1kxzxpq708/
/av4yi982qnv743qpxk/
/4b15077fafc5c905a0a10493de237bd680a0de80.php

# Reference: https://www.virustotal.com/gui/file/be4f2bc98517755200485163d8f7734702f9fc072fef2df4e6250f679151070c/detection

a0405963.xsph.ru
/smx039rtaq99eh0guby5copi4ml698dyb0k3acwg0czni6vbzat75bt/4cenvfizboennpdqih0avfwitbb3j4m4f4forilbg7/16e350e36f5328bd301a257515f4e3fd5b680305.php
/4cenvfizboennpdqih0avfwitbb3j4m4f4forilbg7/16e350e36f5328bd301a257515f4e3fd5b680305.php
/smx039rtaq99eh0guby5copi4ml698dyb0k3acwg0czni6vbzat75bt/4cenvfizboennpdqih0avfwitbb3j4m4f4forilbg7/
/smx039rtaq99eh0guby5copi4ml698dyb0k3acwg0czni6vbzat75bt/
/4cenvfizboennpdqih0avfwitbb3j4m4f4forilbg7/
/16e350e36f5328bd301a257515f4e3fd5b680305.php

# Reference: https://www.virustotal.com/gui/file/9c91b43d243ac9adfdabcf848069b08b9117c6380d4805729d06836fdc10a74c/detection

a0525835.xsph.ru
/oqk743prn86ycil1soeb99aqy0epzj6utcxrw30c23o86kif7gscmld/aih52uhn1u0prqmd5vckdleh246a8p2b9dq7o0k7htcq1w/30650a8f98a447ec28b175ffd31214d7d94eb991.php
/oqk743prn86ycil1soeb99aqy0epzj6utcxrw30c23o86kif7gscmld/aih52uhn1u0prqmd5vckdleh246a8p2b9dq7o0k7htcq1w/
/oqk743prn86ycil1soeb99aqy0epzj6utcxrw30c23o86kif7gscmld/
/aih52uhn1u0prqmd5vckdleh246a8p2b9dq7o0k7htcq1w/
/aih52uhn1u0prqmd5vckdleh246a8p2b9dq7o0k7htcq1w/30650a8f98a447ec28b175ffd31214d7d94eb991.php
/30650a8f98a447ec28b175ffd31214d7d94eb991.php

# Reference: https://twitter.com/K_N1kolenko/status/1377902418839678976
# Reference: https://twitter.com/K_N1kolenko/status/1377902531641237505
# Reference: https://twitter.com/James_inthe_box/status/1377967403611480070

http://195.54.33.24
/jsserverwindows.php

# Reference: https://www.virustotal.com/gui/file/29df0b984e959c856c2cc8d45dbd407301567d1f8deb962f350b8789f5a9a1f8/detection

cc50835.tmweb.ru
/pipebigloadbaseWindowstest.php

# Reference: https://www.virustotal.com/gui/file/89fa4b96824cff45d631aba001e6ea4873bdc50133149489453e1930f93061db/detection

ch30249.tmweb.ru
/CpulongpollAsync.php

# Reference: https://www.virustotal.com/gui/file/b353f0b1f05df11cd8d4a9d5e32b175bf52795d4571da48347c8d367767c7f2c/detection

cx55949.tmweb.ru
/linePipepacketmultilinux.php

# Reference: https://www.virustotal.com/gui/file/e2c0f6c339713ba63202f13e1f788997d87b4d8ce38cb6bb8f214bc92020b77d/detection

cm51492.tmweb.ru
/ProviderLongpoll.php

# Reference: https://www.virustotal.com/gui/file/e46a16ade0a00728c59210acdcd131a5bab46470d9acb07afb58917a1e287456/detection

ck02342.tmweb.ru
/JavascriptjsProcessorProtectFlower.php

# Reference: https://www.virustotal.com/gui/file/4b032a536e842694ebbf6152c16484e01dd3c786d028cd535bd75b74c2e1e75c/detection

ct53551.tmweb.ru
/php_updateLongpoll.php

# Reference: https://www.virustotal.com/gui/file/56739e49de52e250f4a3eca5675917fe3cda4d3c40903e7f9d2b79e18bec9999/detection

cg15251.tmweb.ru

# Reference: https://www.virustotal.com/gui/file/7055d783414b106fe0cf64d48298626a77800e0b8dcdc8eb861d63b72ae8f8fa/detection

cf09397.tmweb.ru
/multiDefaultFlower.php

# Reference: https://www.virustotal.com/gui/file/76878896e452310544b7935243156babb347549bf8f7c57dcd809d9d9cc7273c/detection

cu32668.tmweb.ru
/pipelowprocessmultiBase.php

# Reference: https://www.virustotal.com/gui/file/353e71b1f29f2a127d199fd7b936805a6181a1d81fb83b818b5628d1ab424e17/detection

ch08518.tmweb.ru

# Reference: https://www.virustotal.com/gui/file/32acd16ac1f0ceda43528df2401e91212338f58a16b0446e564174a9c840721c/detection

cq64286.tmweb.ru
/HttpcpuupdateauthApi.php

# Reference: https://www.virustotal.com/gui/file/20adaedcd00cb34d5ff9f6840a171bae738b7acdee4ab320724fcceb3218cda4/detection

cn25255.tmweb.ru
/AsentusEncoded.php

# Reference: https://www.virustotal.com/gui/file/4ed2b9056a1141a2d92ee8c0b5e4b94bd59a1d84784f5bffc487575f1f98b88e/detection

cr39615.tmweb.ru
/imagesecurePacket.php

# Reference: https://www.virustotal.com/gui/file/3d3326dd0a2dade47a2b5ad966fdebbd09fa15ff67ec18a8b8f8323ca481e70f/detection

dyeee.tmweb.ru
/longpollTraffic.php

# Reference: https://www.virustotal.com/gui/file/72362d62cf50c249dee90fa062a9a382572d67997da05608ef3f79a1292a43e1/detection

cf79984.tmweb.ru
/secureGeoauthflower.php

# Reference: https://www.virustotal.com/gui/file/544d2ce0cdc40c01dad1b0c0e8c6040d9252ff9c5edac8c73a212e8210c44473/detection

cq38242.tmweb.ru

# Reference: https://www.virustotal.com/gui/file/96aea8e31880f1a37353a47c962de1f59755abea5bb12a2abd62ae1bf694231c/detection
# Reference: https://www.virustotal.com/gui/file/edfbfcbb103f5b69bcf2a9b3cc6e01750744bdc84a882f929c3f9cefef42cecb/detection

cj09837.tmweb.ru
vh366.timeweb.ru

# Reference: https://www.virustotal.com/gui/file/bf6e3cf654738116a14be298176fc12524154ee51f9a2424fa117ee5b47be53a/detection

cw51552.tmweb.ru
/pythonlowupdateprotectdefault.php

# Reference: https://www.virustotal.com/gui/file/f0690112624bffc927f19e8cc0d8af4f46656a354212bc234e9cc3d1c33c4993/detection

sk1tzz.beget.tech
/kef8wewmagh6vs3rbm5jqhi29dkn7y96gp1ou9i7d4pw14c9rlc46uur3fvlzgjiehh/h7otaleclm238j1szeb/9753eb7181919647609843743199a5f58a01a37c.php
/kef8wewmagh6vs3rbm5jqhi29dkn7y96gp1ou9i7d4pw14c9rlc46uur3fvlzgjiehh/h7otaleclm238j1szeb/
/kef8wewmagh6vs3rbm5jqhi29dkn7y96gp1ou9i7d4pw14c9rlc46uur3fvlzgjiehh/
/h7otaleclm238j1szeb/
/h7otaleclm238j1szeb/9753eb7181919647609843743199a5f58a01a37c.php
/9753eb7181919647609843743199a5f58a01a37c.php

# Reference: https://www.virustotal.com/gui/file/fb3914e5fb9bbae88d31177071dd6465bc4ae46f05c71f3a72b086483d65e066/detection

http://135.181.235.118

# Reference: https://www.virustotal.com/gui/file/1a1971d70f3879a8fb9cb656c3afe487760454b1caf139cf2d3b87330f3e77ff/detection

datasines.ru
/vmasyncTrack.php

# Reference: https://www.virustotal.com/gui/file/1294a91cd45ed0dc87531245654e961b6aa1b399ca32a33048a04ab7993b16b7/detection
# Reference: https://www.joesandbox.com/analysis/444364?idtype=analysisid

http://185.246.65.192
/pythonsecurelowcpuGame.php

# Reference: https://www.virustotal.com/gui/file/3d49374f76096e055f31a9e83d0bdd15a349aa85041a9f827fef376011913d05/detection
# Reference: https://www.virustotal.com/gui/file/55c68474cc02e4834e61a80980679f364f3fb1d012e8aab3bb3bd254967e5514/detection

http://82.146.57.148
/tracedemosupportphp/demo/mobilegenerator/support/cpucamphp/prefprefmathcore/djangoplugin/searchercpuprefrecord/demohtopphptrace/limitdatalog/imageprocesslongpolltraffic.php

# Reference: https://www.virustotal.com/gui/file/a0f4c92db2cfda9c338306c1b12f71c15416196ed593f0aa28ca5add785d426a/detection
# Reference: https://www.virustotal.com/gui/file/fac11dc010c0a36ccacc3a5438af9bd5182b7b94be16d5758f78c6b89100dbf9/detection

u102494.test-handyhost.ru
/cf56ixqm4hmo9mco4un456azr94f7rsa6xkusidqjs2bg7lsvak1lbz1xl3xp0yq5p6eyykeju8rjzpzjw2a/f4gcpek23jbc0nadh6spye3fiujv9m6nyq2gwihz6ctth8d37hdajp/cf1d9bc56e0d85baf1d1e7e49e0db80d9b047230.php
/cf56ixqm4hmo9mco4un456azr94f7rsa6xkusidqjs2bg7lsvak1lbz1xl3xp0yq5p6eyykeju8rjzpzjw2a/
/f4gcpek23jbc0nadh6spye3fiujv9m6nyq2gwihz6ctth8d37hdajp/
/cf1d9bc56e0d85baf1d1e7e49e0db80d9b047230.php

# Reference: https://www.virustotal.com/gui/file/5ad69de9fdcb9ae92c756236de868bf963d04b6cad241d418c62f06e7332c13c/detection

http://82.146.42.205
/httptraffic.php

# Reference: https://www.virustotal.com/gui/file/ac5690010ad06525c90e0d604403e9169f2698d82f5a4e89d328343d59ead472/detection

bigwins.ddns.net
/ExternalphpPoll.php

# Reference: https://www.virustotal.com/gui/file/ca0c5b278fc4a2fd0d71019429789248453779143404ff909964807facba6b20/detection

http://212.109.199.108
/HttpBigloadsqllinux.php

# Reference: https://www.virustotal.com/gui/file/9c7cb7bc7443f2f35c6804ca5aca69df5b21327b96428c31cb1cea12b3b94d1e/detection

http://79.174.13.146
/linuxAsync.php

# Reference: https://www.virustotal.com/gui/file/679bec4906c57d7637bd04824f1d3fc26a75e4dac0aff833f9b86a3f0bdd7b24/detection

a0553951.xsph.ru
/apiBigloadDbtrack.php

# Reference: https://www.virustotal.com/gui/file/92b9803da13558ef311fe025ec74a0ada01b1c95b499985d51d4c4bd01f11129/detection

a0548637.xsph.ru
/javascript_geoserver.php

# Reference: https://www.virustotal.com/gui/file/8801faeab21ac37b1785a78c635cba75f914d2056f1b74ddefbcc1b17f836edc/detection

a0555497.xsph.ru
/eternalsecurelinux.php
/ImageProcessordb.php

# Reference: https://www.virustotal.com/gui/file/061fa38282c2f86c3a5e9e0c87e63c6d1e7e9404d3dd212b51515d254a2254ee/detection

cn36102.tmweb.ru
/o40ypy0hwwr6x7tycm55w6pgmkftd/r0m1j2e3zgfazhs6r8x2w603/4057ff4bb273cce3b7c60daac775421c5bf03a7e.php
/o40ypy0hwwr6x7tycm55w6pgmkftd/r0m1j2e3zgfazhs6r8x2w603/
/o40ypy0hwwr6x7tycm55w6pgmkftd/
/r0m1j2e3zgfazhs6r8x2w603/
/4057ff4bb273cce3b7c60daac775421c5bf03a7e.php
/r0m1j2e3zgfazhs6r8x2w603/4057ff4bb273cce3b7c60daac775421c5bf03a7e.php

# Reference: https://www.virustotal.com/gui/file/4cacca33e4823519cffa51e6d0f0226ef3b581024f57d8acc444427a636cb95e/detection

http://194.226.139.141
http://94.103.80.73
/Packetbasetraffic.php

# Reference: https://tria.ge/210731-v2zwybkdfs/behavioral1

http://94.250.248.166
/external_Packetupdatemulti.php

# Reference: https://www.virustotal.com/gui/file/e0dbdf3dbc3203ede5b14a38d80f53203d6c14cda083f81f498fdbe394cdbcf3/detection

cf99125.tmweb.ru
/providerSecureWindows.php

# Reference: https://www.virustotal.com/gui/file/60bd11a9eb239a95fa07a879822b4e4cc4b971f57971387c7c65542b48acb099/detection

cv53487.tmweb.ru
/defaultFlowerAsync.php

# Reference: https://blog.talosintelligence.com/2021/10/crimeware-targets-afghanistan-india.html
# Reference: https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/649/original/network_iocs_for_detection.txt

95.111.241.233:4563
95.111.241.233:8848
AbdaalRuhaani-27733.portmap.host

# Reference: https://www.virustotal.com/gui/file/012fa663e73b01b030d4283bd6d1d23250e47ab6180fe6d1c0efc289a45af710/detection

cq28540.tmweb.ru
/lineToGeomultidb.php

# Reference: https://www.virustotal.com/gui/file/dfb38282ee9f6bc18b4e9c6f0406e00dabc2fe57d76a4eec9722f9e0e7e07928/detection

bitrix386.timeweb.ru
cu85891.tmweb.ru

# Reference: https://www.virustotal.com/gui/file/6718c04021467956503e7c53e7a6597fad77eafe88b080442d4168ab1081f32c/detection

a0560022.xsph.ru

# Reference: https://www.virustotal.com/gui/file/6dfc2ded144d897f001f26e050a1abb54d661b9fd9e855199caf41246cd0649b/detection

a0480057.xsph.ru
/dg6kx49844do2wpbwfc5s75x1y7rj8ig0sqnfxn1w0wceftcj8ijcvlvlj3q42sd5eloze2u68aktlra/fmph5agvjxo/c69cd7ffb036451638f1c24db25a0515740d8125.php
/dg6kx49844do2wpbwfc5s75x1y7rj8ig0sqnfxn1w0wceftcj8ijcvlvlj3q42sd5eloze2u68aktlra/fmph5agvjxo/
/dg6kx49844do2wpbwfc5s75x1y7rj8ig0sqnfxn1w0wceftcj8ijcvlvlj3q42sd5eloze2u68aktlra/
/c69cd7ffb036451638f1c24db25a0515740d8125.php
/fmph5agvjxo/

# Reference: https://www.virustotal.com/gui/file/887f455ee655af59acf845a6f7eec88be53d3e39aff9f3b09cb8e89d9e2c3726/detection

a0524006.xsph.ru
/hepac3jv5bkh5ycvi0d1ewjacma0xgd/wn21g8tolwy8n63qki92hcu82wxutf5dgq239jfp6ghb3008r5/34fa085d5cd7e6f47a1a85493422af8a14f97a19.php
/hepac3jv5bkh5ycvi0d1ewjacma0xgd/wn21g8tolwy8n63qki92hcu82wxutf5dgq239jfp6ghb3008r5/
/hepac3jv5bkh5ycvi0d1ewjacma0xgd/
/wn21g8tolwy8n63qki92hcu82wxutf5dgq239jfp6ghb3008r5/
/34fa085d5cd7e6f47a1a85493422af8a14f97a19.php

# Reference: https://www.virustotal.com/gui/file/90256b8d51135779431b9a7d02944d79e0c8b7f6a00ba19a5d08d4e252f39964/detection

a0549308.xsph.ru
/providerlongpollasync.php

# Reference: https://www.virustotal.com/gui/file/a01d51b821fc25d9909c74771287e7782cf607a69c01e29037860e1e32399a0b/detection

a0600399.xsph.ru

# Reference: https://www.virustotal.com/gui/file/c6cabb4109dca04a0d3493c4dd00861f5dc727606e5fe9120d2fd3ebadbb476c/detection
# Reference: https://www.virustotal.com/gui/file/ced32aa25118e81a5b12ad187f9372239eb440327f96f5c28a6ca7dd483b38a7/detection

a0454147.xsph.ru
/bdytbxyzt28mr240noe4rrg093adguvi02oc6/
/srxotvy8z6jic7vy7ah4oudisalxsdmkwfksgbennps3g6fd4u1zh26ojvzw3xucp4pz275y39bj89k8intmkl11/
/0226cf1a5d9ff16d620618544626a30aadc83dc5.php

# Reference: https://www.virustotal.com/gui/file/752a2b36c51e70a340394df673dba33a6e4731629b1e624f9246030d80fa3003/detection

a0429276.xsph.ru
/3t5v7d7pegualb068qsj0nmxfghl0fuoh418iz6cinatqfor4v9akdq37rx9ycwvyee8ubs4swlgiac585m0/
/pdzkcqf0x4dyr2f2vlaf7e4rmrh72yr1bm6mhyue2zim1j4z0u6/
/a30a7e8d446e07feb3edd0a0387878b922679121.php

# Reference: https://www.virustotal.com/gui/file/dacce09fd5829213606cef3f45d5bc43d4522183e54422eb4a5c7a404c69a6c2/detection

rodik2020m.temp.swtest.ru

# Reference: https://www.virustotal.com/gui/file/44f3eb01406921d5605933abce49e5fe04cfe6a73f3fcb7380dc99765043ea2a/detection

cheff2019m.temp.swtest.ru

# Reference: https://www.virustotal.com/gui/file/cacd507c94ebe53ab72ec0ca9352069e09f8b8dcfba64abd2054f227ad16e0b2/detection

testedpo11.temp.swtest.ru

# Reference: https://www.virustotal.com/gui/file/4bf6ec0d9ab95d7d7d4e1e7453a83ed731c9188fbe6d007834025f00791cdcb9/detection

jlauka2018.temp.swtest.ru

# Reference: https://www.virustotal.com/gui/file/41dcb2cb400c656826db00e368c5ddc4d254d69d5d9ab0cd6a63fd68bba2fb5f/detection

a0439723.xsph.ru

# Reference: https://www.virustotal.com/gui/file/b9024622a0e5c982db8b533e6c3a736d65d5c02bf01b4ff15d3fd770f4632443/detection

a0439698.xsph.ru

# Reference: https://www.virustotal.com/gui/file/e6af686fbb16722033095116708e650d4dc8094069d2047291e7fb374cc5edc1/detection

a0438890.xsph.ru

# Reference: https://www.virustotal.com/gui/file/b1ce6bb28fac9c93b1eec761dfcabcc7f37ea3ef8ef9fd388f42cb41ba2d8dc0/detection

a0439294.xsph.ru

# Reference: https://www.virustotal.com/gui/file/02a8462c5578ac09bd2c6657167a5103b0e91ad759b05f6d63e415b47cbcdcfb/detection

a0440066.xsph.ru

# Reference: https://www.virustotal.com/gui/file/9f66780f03e00ce6852d2bbb9ae2496b875871ae3cf8fd2a578596431ac3346f/detection

a0523644.xsph.ru
/c29bwyj1xuov8fe73uqhp09la6kkaphj7gm/x9ahvg1kp8jvucilm9rwee4ich/8e4fcd4fc1806a68c3bd06d79ba1b48b1ebe08b1.php
/c29bwyj1xuov8fe73uqhp09la6kkaphj7gm/x9ahvg1kp8jvucilm9rwee4ich/
/c29bwyj1xuov8fe73uqhp09la6kkaphj7gm/
/x9ahvg1kp8jvucilm9rwee4ich/
/8e4fcd4fc1806a68c3bd06d79ba1b48b1ebe08b1.php

# Reference: https://www.virustotal.com/gui/file/c8db435b9a380579b7ccf477a0030f6d8d143ff32df9148f6ed82407c5f86813/detection

a0530848.xsph.ru
/imageLinepipeGame.php

# Reference: https://www.virustotal.com/gui/file/da2d2ccffac5d4877096cb5b787e10ac0817b5a56c3ff67f640ec80d47dfd258/detection

a0550213.xsph.ru
/Vmpacketbigload.php

# Reference: https://www.virustotal.com/gui/file/8a55211db06abc570a3f0e6bc612d42a67f1face07d82a65cdcbac9a56c64923/detection

a0552459.xsph.ru
/CpuApisqltrack.php

# Reference: https://www.virustotal.com/gui/file/6c231312fac958bb547368ae896a4e763d97d176eee5223f365c81ce3ffc3211/detection

a0550354.xsph.ru
/PollGeoprocessdefaultflower.php

# Reference: https://www.virustotal.com/gui/file/17cb5a4dec6b16c87fa481f4d2e1cea4ed3c24a790dae776ba83fa5320f98ee2/detection

a0615946.xsph.ru

# Reference: https://www.virustotal.com/gui/file/34e8a3b9532e5475b8c62a21f836682bbe1e2479089bcc2a0b6646e66362d573/detection

cb81657.tmweb.ru
/pipeHttpAuthbasewordpress.php

# Reference: https://www.virustotal.com/gui/file/5e40c4e18338a01645611f11f2caeb4eb5353bda96175f96c20526e16a5d3e14/detection

cy50210.tmweb.ru
/VideoVmJavascriptCentralTemporary.php

# Reference: https://www.virustotal.com/gui/file/5e4f320e663b58088d396ca3c9a32bfcf3ef0fb0f26d21f70e3f4e0ef9c6a5a5/detection

cu44809.tmweb.ru

# Reference: https://www.virustotal.com/gui/file/a8b815767cc06b4e4c73c0ffaa73eda2d9bef6ba1da8fc62950c6b7b1343c160/detection

http://80.78.240.210
/imageVideoupdateauthApi.php

# Reference: https://www.virustotal.com/gui/file/7700b39073a305e9b3ae9e64e36dc507ff13caf82e3f0b8a812e76bbfabfc36d/detection
# Reference: https://www.virustotal.com/gui/file/064e47140735631b988516748b833330b5c0844d6016b1c3d80c83c5c326cba2/detection

http://92.63.106.112
/JavascriptauthMultibase.php
/javascriptdefaultbase.php

# Reference: https://threatfox.abuse.ch/ioc/315762/

http://176.126.103.126
/pythonjavascriptprotectFlowerDatalife.php

# Reference: https://www.virustotal.com/gui/file/a1a4171c888bb45ba62753af9d69469a6eba3d9bffdc8ea46b6f37c61faa0c86/detection

bigrussianfloppa.duckdns.org
/externalbaseGeneratorTempdownloads.php

# Reference: https://www.virustotal.com/gui/file/00603531bcf1c4db7431140d656e57a43887fe1103bbac67c91141804084f50e/detection

allakorovi.temp.swtest.ru
/Vm_processasync.php

# Reference: https://www.virustotal.com/gui/file/5f615615c250fe6757004187cc0a1de547fbbb0fb922ea7d11838da7d98593be/detection

15.235.13.122:3000

# Reference: https://tria.ge/220209-d5xwlshba2/behavioral2

http://37.46.135.124

# Reference: https://tria.ge/220130-13xt6abccq/behavioral2

http://62.109.2.159

# Reference: https://tria.ge/220125-f2kszshddn/behavioral2

http://37.46.130.225

# Reference: https://tria.ge/220120-qjy8rsabdk/behavioral2

http://149.154.70.169

# Reference: https://www.virustotal.com/gui/file/f441ea0832309aa62b60882b28fbd5f4685fd75c0c188a1e4668237c5d0b30b9/detection
# Reference: https://www.virustotal.com/gui/file/0e748d0654f213eb61a27174cf40a102b38d241185d49cb348cde07350b85c50/detection

154.16.248.110:8848
154.16.248.223:8848
172.83.152.101:8848
23.237.25.128:8848
23.237.25.226:8848
23.237.25.232:8848
79.101.204.213:8848
zerocool888.duckdns.org

# Reference: https://www.virustotal.com/gui/file/d3d8c9bca1efbecedaa23e64e662214517926d481cc59edebc60145aabbf7730/detection

http://192.236.192.143

# Reference: https://www.virustotal.com/gui/file/0be0e32f4f1dfcd37a3afdb938d27345cd42a3512fbe1ae0b1c209dbe060bf12/detection

51.81.142.111:7979
pearvh.ddns.net

# Reference: https://www.virustotal.com/gui/file/0e8c253c11e409898c0c547c9fe47c6aa4441726061d8df6f7de32e7b6eb3f78/detection

cf47501.tmweb.ru

# Reference: https://www.virustotal.com/gui/file/ad2ef315d1e12b4f973eb23529f6c332fe67db210b59b588d6f1636003b240c1/detection

cd86823.tmweb.ru
/VmPythonserverTrafficdle.php

# Reference: https://www.virustotal.com/gui/file/ff7db454e5873e61727042bb37d5359ef5c8e4e5510fced6f4e21c9f442c7c14/detection

cy70433.tmweb.ru

# Reference: https://www.virustotal.com/gui/file/8f831441d0959368d3ee7d27441fc1156d77e3bc0ea443760e98b8c54c068178/detection

cr85089.tmweb.ru
/imageBigloadDefaultDleLocal.php

# Reference: https://www.virustotal.com/gui/file/aa255b75541e4e8163684cacedde6741f32e2622a0f6876a11caa4c9edb60c98/detection
# Reference: https://www.virustotal.com/gui/file/3aa22c46f786e2718696a5916e7f494d16ac51f51aa5c7d36439642fc93bdbe9/detection

197.210.227.5:3428
197.210.55.176:3428
frank.ddnsking.com

# Reference: https://www.virustotal.com/gui/file/ff3139e35eec5df931d732988e7a6b5612bb9f965ebb38708e4edbf1bebe2280/detection

a0613874.xsph.ru
/externaleternalApiTemporary.php

# Reference: https://www.virustotal.com/gui/file/fa682ed24f520200484355c5fc07427103d1c53a6db60f96d059855bc1ccef7c/detection

a0653333.xsph.ru
/ExternalJavascriptProcessTraffic.php

# Reference: https://www.virustotal.com/gui/file/f7dcbcdc69dc9091b4a243e43cbb020f45e3ec177bc8a375c61ec98615bf402f/detection

a0643628.xsph.ru

# Reference: https://www.virustotal.com/gui/file/ebcb5ce8775baac48a3211fc6a665b92ba5025cb9f37512ece0ca8fd28a70707/detection

a0643626.xsph.ru
/ToSqllinux.php

# Reference: https://www.virustotal.com/gui/file/ded5891b6f8f7dffa6ca268fb1c686c1f2017af2473cada96c99401baa8c1c32/detection

a0613505.xsph.ru
/requestGeoProtectflower.php

# Reference: https://www.virustotal.com/gui/file/dc11ec7791f71753d03cb63ed0c9ced53cb2e250a5413ccd8ec9ed609e2780ae/detection

a0604955.xsph.ru
/imageBaseTemptemporary.php

# Reference: https://www.virustotal.com/gui/file/d8f25d4e26a04cbfb40a44650503e944c2a628ae255bbf7aa3e3a6ed38a16bb2/detection

a0636388.xsph.ru
/processauthDleTemporary.php

# Reference: https://www.virustotal.com/gui/file/d67c934f491416949ea2f884dd92e1df963842b782883e7d2fcd3722e40b3051/detection

a0615272.xsph.ru

# Reference: https://www.virustotal.com/gui/file/d0ae81400fd405312a1f6e59846d9f494abc72f8075e592b4e63f227b2178ba4/detection

a0605075.xsph.ru

# Reference: https://www.virustotal.com/gui/file/d078590e47634128542985f434513e843c967b9097c6581c31b6c2bf704296f6/detection

a0640235.xsph.ru
/multiBasegeneratorPublicprivate.php

# Reference: https://www.virustotal.com/gui/file/12e6398f73e2b6945d16b3d64ae0d905b06be81e208ebc37f47001fe6186352b/detection

cv67410.tmweb.ru
/45cztqral1d4n7tbl6l58ivvuctd6v05rfncjtl9y17hdjefk/h72y35q4jeb9tmr8r3us68aomn9p4eix2hh5vyp5eumkciwn4udxkkw0v3q8k/f597d04c819c3ce4e2ce6278ae7bb73632e22455.php
/45cztqral1d4n7tbl6l58ivvuctd6v05rfncjtl9y17hdjefk/
/h72y35q4jeb9tmr8r3us68aomn9p4eix2hh5vyp5eumkciwn4udxkkw0v3q8k/
/f597d04c819c3ce4e2ce6278ae7bb73632e22455.php

# Reference: https://www.virustotal.com/gui/file/fd54ce3addfbcd79126599cb8b8cb9b140dd9defde04058f16b633a004f8c5d5/detection

ci40763.tmweb.ru
/ek5o644jb1mblccz2keb7qypfo3oxnx8hvfs8crzzd02ek2jsmufgr4i9p3xuq6qhwr2838co7ihehmtn0m9u/wyxtdmxpgxg94nxdieqsmok7p68lo0mj7w5tlbwe1rvhf80drwl4nvhriip2vtf656jpbuzapzyi1gerejz3h5r/fdbccf8d3c2e2a0b76ff89809ce571594dcdcb70.php
/ek5o644jb1mblccz2keb7qypfo3oxnx8hvfs8crzzd02ek2jsmufgr4i9p3xuq6qhwr2838co7ihehmtn0m9u/wyxtdmxpgxg94nxdieqsmok7p68lo0mj7w5tlbwe1rvhf80drwl4nvhriip2vtf656jpbuzapzyi1gerejz3h5r/fdbccf8d3c2e2a0b76ff89809ce571594dcdcb70.php
/ek5o644jb1mblccz2keb7qypfo3oxnx8hvfs8crzzd02ek2jsmufgr4i9p3xuq6qhwr2838co7ihehmtn0m9u/
/wyxtdmxpgxg94nxdieqsmok7p68lo0mj7w5tlbwe1rvhf80drwl4nvhriip2vtf656jpbuzapzyi1gerejz3h5r/
/fdbccf8d3c2e2a0b76ff89809ce571594dcdcb70.php

# Reference: https://www.virustotal.com/gui/file/f55a233ea31b463466defa5d5b3941699e76835a48d94ff8430a7ade30dbeddf/detection

193.161.193.99:59618
daddycitrix-59618.portmap.io

# Reference: https://blogs.blackberry.com/en/2022/05/dirty-deeds-done-dirt-cheap-russian-rat-offers-backdoor-bargains
# Reference: https://www.virustotal.com/gui/file/ae97918f7e22be53b7eb9778c11dec8d873989a2b798617a60b2d448fac5dc89/detection

co44089.tmweb.ru
/9rsk8lug9peq4f23cjhyo3fz2q7j81vhnvil6c6tjdc7adzbia1ki04d9p65b5wfe4ronb0rtm/4vsyc5bajheyp1gt5i63igklh15828uwuwsek0x0p9frsqy1l2boc3l936aratwc7jddw2djzm40u83r6f/d9475980a348412b6a890000bd9ece3a022be2e8.php
/9rsk8lug9peq4f23cjhyo3fz2q7j81vhnvil6c6tjdc7adzbia1ki04d9p65b5wfe4ronb0rtm/
/9rsk8lug9peq4f23cjhyo3fz2q7j81vhnvil6c6tjdc7adzbia1ki04d9p65b5wfe4ronb0rtm/4vsyc5bajheyp1gt5i63igklh15828uwuwsek0x0p9frsqy1l2boc3l936aratwc7jddw2djzm40u83r6f/
/4vsyc5bajheyp1gt5i63igklh15828uwuwsek0x0p9frsqy1l2boc3l936aratwc7jddw2djzm40u83r6f/d9475980a348412b6a890000bd9ece3a022be2e8.php
/4vsyc5bajheyp1gt5i63igklh15828uwuwsek0x0p9frsqy1l2boc3l936aratwc7jddw2djzm40u83r6f/
/d9475980a348412b6a890000bd9ece3a022be2e8.php

# Reference: https://www.virustotal.com/gui/file/00dca02ce6a738439634bf9794859f7fbb40e9e62e6701743e32c786f8269f23/detection

a0504029.xsph.ru
/adao541rcdh52c1u906nlakpjbwh21p47fejgvlrbka4w7vuut63sm9/10jrzpo8v95hjxexofgi2kabmhbwb9xlgu27uwlplsenpz6bccts2nq2424gmtv3ykp74/694e9a452a200fae5d4a04b05733dbdbac6fef75.php
/adao541rcdh52c1u906nlakpjbwh21p47fejgvlrbka4w7vuut63sm9/10jrzpo8v95hjxexofgi2kabmhbwb9xlgu27uwlplsenpz6bccts2nq2424gmtv3ykp74/
/10jrzpo8v95hjxexofgi2kabmhbwb9xlgu27uwlplsenpz6bccts2nq2424gmtv3ykp74/694e9a452a200fae5d4a04b05733dbdbac6fef75.php
/10jrzpo8v95hjxexofgi2kabmhbwb9xlgu27uwlplsenpz6bccts2nq2424gmtv3ykp74/
/adao541rcdh52c1u906nlakpjbwh21p47fejgvlrbka4w7vuut63sm9/
/694e9a452a200fae5d4a04b05733dbdbac6fef75.php

# Reference: https://www.virustotal.com/gui/file/0193945a5e4c654ae765e311a7bb0a5c1344ec3d5e7cf57f81620c6186d21841/detection

a0635613.xsph.ru
/SqlwindowsUniversalcdntemporary.php

# Reference: https://www.virustotal.com/gui/file/fd949b25fcc548aac88535151d8f8ad7302307c56357d90d0aa1a01fc55c7956/detection

a0501990.xsph.ru
/1jajffbp8t6k71fa9icrwylrgp4udpd7z62oz7bgp87x9finxn/ke0ide6s5hf7zokwe/e776f8f27539e2705547b02779c1b90b8b204984.php
/1jajffbp8t6k71fa9icrwylrgp4udpd7z62oz7bgp87x9finxn/ke0ide6s5hf7zokwe/
/ke0ide6s5hf7zokwe/e776f8f27539e2705547b02779c1b90b8b204984.php
/1jajffbp8t6k71fa9icrwylrgp4udpd7z62oz7bgp87x9finxn/
/ke0ide6s5hf7zokwe/
/e776f8f27539e2705547b02779c1b90b8b204984.php

# Reference: https://www.virustotal.com/gui/file/fc75f0331334f23072247d9eb4746e0c692b4bd724c6dc0bbf9f3093bb87105f/detection

/f6sct0q3lp/f7btjg0za5k069v46cxllp8vh93bw8wc23y5l2ue3tergt0us4qzq2bi5w1gb0lpn4/49832f0846f8d279cad20b836d78b599e2c668da.php
/f6sct0q3lp/f7btjg0za5k069v46cxllp8vh93bw8wc23y5l2ue3tergt0us4qzq2bi5w1gb0lpn4/
/f7btjg0za5k069v46cxllp8vh93bw8wc23y5l2ue3tergt0us4qzq2bi5w1gb0lpn4/49832f0846f8d279cad20b836d78b599e2c668da.php
/f6sct0q3lp/
/f7btjg0za5k069v46cxllp8vh93bw8wc23y5l2ue3tergt0us4qzq2bi5w1gb0lpn4/
/49832f0846f8d279cad20b836d78b599e2c668da.php

# Reference: https://www.virustotal.com/gui/file/f638a72eec11f20c56d6863b048f8f2d1a69cbb43512486454b48d0598a915d0/detection

a0620849.xsph.ru
/To_requestsqlgenerator.php

# Reference: https://www.virustotal.com/gui/file/f3910b4183705723698873055e2b8808ea4066ab9cbe0a65e65aed6f8027c287/detection

a0547090.xsph.ru

# Reference: https://www.virustotal.com/gui/file/f2a111bdc9a0fcff64c138c71e88cce5a2af06fdb323d6837d2449f377eb6b1b/detection

a0511040.xsph.ru
/ukntk5p5n3tkgyaa0kbzjqix6j82bc537oszjacooeung0v0f792fgoylh8zy3acp4r15j8p4i4e1vlusgl3pe/ia0g7rcp5ce07fq5shkvr462bvc8mwltmotn501xr65whdvcoq9tbslfwo1g7onfqye81qwi/b7594eb1766c3f4c49239eb927b936bfae118dc4.php
/ukntk5p5n3tkgyaa0kbzjqix6j82bc537oszjacooeung0v0f792fgoylh8zy3acp4r15j8p4i4e1vlusgl3pe/ia0g7rcp5ce07fq5shkvr462bvc8mwltmotn501xr65whdvcoq9tbslfwo1g7onfqye81qwi/
/ia0g7rcp5ce07fq5shkvr462bvc8mwltmotn501xr65whdvcoq9tbslfwo1g7onfqye81qwi/b7594eb1766c3f4c49239eb927b936bfae118dc4.php
/ia0g7rcp5ce07fq5shkvr462bvc8mwltmotn501xr65whdvcoq9tbslfwo1g7onfqye81qwi/
/ukntk5p5n3tkgyaa0kbzjqix6j82bc537oszjacooeung0v0f792fgoylh8zy3acp4r15j8p4i4e1vlusgl3pe/
/b7594eb1766c3f4c49239eb927b936bfae118dc4.php

# Reference: https://www.virustotal.com/gui/file/ea6fc1630a4ed56abe7d83529ce0c1ae122c11bde401048871d0513510e50f8e/detection

a0547138.xsph.ru

# Reference: https://www.virustotal.com/gui/file/e851b030549e4e022b46ec88fdec6a8aaf4ff41184332be8ac4cfeb8d4c7ec17/detection

a0506233.xsph.ru
/xjq3mmrkeov8cn4ydhcd/j4h220yu1ohi57exxz4dhsa3t7znjumbe5nmvw3rdgwga/80dc5955c8bef80ffc6828492786eb8ca61f8997.php
/xjq3mmrkeov8cn4ydhcd/j4h220yu1ohi57exxz4dhsa3t7znjumbe5nmvw3rdgwga/
/j4h220yu1ohi57exxz4dhsa3t7znjumbe5nmvw3rdgwga/80dc5955c8bef80ffc6828492786eb8ca61f8997.php
/j4h220yu1ohi57exxz4dhsa3t7znjumbe5nmvw3rdgwga/
/xjq3mmrkeov8cn4ydhcd/
/80dc5955c8bef80ffc6828492786eb8ca61f8997.php

# Reference: https://www.virustotal.com/gui/file/e7589f12f5f6bd06cb353809cae963730aaac1829327474793f0c8028a5d6548/detection

a0499458.xsph.ru
/mjcstx05nas5guqmw74orf9aue1eqvlexi469bpjprkg30ezp8boa0hg2u29w3tdifq6more/sd9fzlf0mzptv876giu43a8o8c6n7ygq8jz19ext452cyyaren36whfix1jpug46ki5s/3853f5654eb40f9911242115ee8218fff8de6ae8.php
/mjcstx05nas5guqmw74orf9aue1eqvlexi469bpjprkg30ezp8boa0hg2u29w3tdifq6more/sd9fzlf0mzptv876giu43a8o8c6n7ygq8jz19ext452cyyaren36whfix1jpug46ki5s/
/sd9fzlf0mzptv876giu43a8o8c6n7ygq8jz19ext452cyyaren36whfix1jpug46ki5s/3853f5654eb40f9911242115ee8218fff8de6ae8.php
/mjcstx05nas5guqmw74orf9aue1eqvlexi469bpjprkg30ezp8boa0hg2u29w3tdifq6more/
/sd9fzlf0mzptv876giu43a8o8c6n7ygq8jz19ext452cyyaren36whfix1jpug46ki5s/
/3853f5654eb40f9911242115ee8218fff8de6ae8.php

# Reference: https://www.virustotal.com/gui/file/e34ac32e1ed63dbac5f1ea54b05aa670339db0ddd786ae4fd3c484c22091d86b/detection

a0512913.xsph.ru
/s81o2tn5p605rt71m6u3jghhb0b03qsa44oddlsjaytzt4paz2pq7a7oj7biqe39/528mdec649upg6f2ra5ytesid3dvl9nh45b4pwlanpm7biqaaqrvqxgx0gtug31n7bt9e4ml77f3w6/1942c9b90273e2f2fa8a022e10535d3d226e3d07.php
/s81o2tn5p605rt71m6u3jghhb0b03qsa44oddlsjaytzt4paz2pq7a7oj7biqe39/528mdec649upg6f2ra5ytesid3dvl9nh45b4pwlanpm7biqaaqrvqxgx0gtug31n7bt9e4ml77f3w6/
/528mdec649upg6f2ra5ytesid3dvl9nh45b4pwlanpm7biqaaqrvqxgx0gtug31n7bt9e4ml77f3w6/1942c9b90273e2f2fa8a022e10535d3d226e3d07.php
/528mdec649upg6f2ra5ytesid3dvl9nh45b4pwlanpm7biqaaqrvqxgx0gtug31n7bt9e4ml77f3w6/
/s81o2tn5p605rt71m6u3jghhb0b03qsa44oddlsjaytzt4paz2pq7a7oj7biqe39/
/1942c9b90273e2f2fa8a022e10535d3d226e3d07.php

# Reference: https://www.virustotal.com/gui/file/dd6a597309522bf6cd51cdbbf7a17a3148f2b1367ea87aa5b54a4cda76d12e24/detection

a0509262.xsph.ru
/hb1gymx2f7szz1rahc7jn5x4fu943e0k4te0y/36fll0sqbzxn79ia7wdc/1db7cb52a48c5e4b186a7ab240d346d4d5c54eda.php
/hb1gymx2f7szz1rahc7jn5x4fu943e0k4te0y/36fll0sqbzxn79ia7wdc/
/36fll0sqbzxn79ia7wdc/1db7cb52a48c5e4b186a7ab240d346d4d5c54eda.php
/36fll0sqbzxn79ia7wdc/
/hb1gymx2f7szz1rahc7jn5x4fu943e0k4te0y/
/1db7cb52a48c5e4b186a7ab240d346d4d5c54eda.php

# Reference: https://www.virustotal.com/gui/file/d98b8c3e36db621aea1b70e30290c8df7ed5f16585285c8af3e83bac6121ed44/detection

a0636042.xsph.ru

# Reference: https://www.virustotal.com/gui/file/d720cd83354d772ed43d388ca6117257b4e77c74550f9140a8311fc564c8c0ad/detection

a0636235.xsph.ru

# Reference: https://www.virustotal.com/gui/file/d4a3c8464081d0f33ddc2d954f35f678c9da896f1ea14a5ca5c21e3fab34635e/detection

a0607571.xsph.ru
/javascriptsecureauthGameuniversal.php

# Reference: https://www.virustotal.com/gui/file/d379acd0508f62cd1074da129c2a1d6478fae5c10ae0de05005b05e268ae779e/detection

a0512176.xsph.ru
/47hcq7zohwim1npp2lf3x16dq4ue/yyiq8nqjfxjxl7r7ttgodhimeln9wp55alx9ujrvikb2ba33w/8be8b684d4f6852a286a4b2b0ae48476765c4d4e.php
/47hcq7zohwim1npp2lf3x16dq4ue/yyiq8nqjfxjxl7r7ttgodhimeln9wp55alx9ujrvikb2ba33w/
/yyiq8nqjfxjxl7r7ttgodhimeln9wp55alx9ujrvikb2ba33w/8be8b684d4f6852a286a4b2b0ae48476765c4d4e.php
/47hcq7zohwim1npp2lf3x16dq4ue/
/yyiq8nqjfxjxl7r7ttgodhimeln9wp55alx9ujrvikb2ba33w/
/8be8b684d4f6852a286a4b2b0ae48476765c4d4e.php

# Reference: https://www.virustotal.com/gui/file/cd22545cd8815721dd36621d53c0a759a9a7db32e9709b9810cddfe320f54bce/detection

a0505523.xsph.ru
/rxrz942aiuu4l8pz911zftk80r96wapccjubcecid2dnukfb1l7vkft3vyy07gao6txs5v5dxil5/olvsy92ekms4xtegh8ut2uaglv9sx3c80fng5kdqe8jn6itjnc18qlnjuiw31zro2xao327x46c5w34/3444644e44c1647371bd5dfb1f4c154e2628a7d9.php
/rxrz942aiuu4l8pz911zftk80r96wapccjubcecid2dnukfb1l7vkft3vyy07gao6txs5v5dxil5/olvsy92ekms4xtegh8ut2uaglv9sx3c80fng5kdqe8jn6itjnc18qlnjuiw31zro2xao327x46c5w34/
/olvsy92ekms4xtegh8ut2uaglv9sx3c80fng5kdqe8jn6itjnc18qlnjuiw31zro2xao327x46c5w34/3444644e44c1647371bd5dfb1f4c154e2628a7d9.php
/olvsy92ekms4xtegh8ut2uaglv9sx3c80fng5kdqe8jn6itjnc18qlnjuiw31zro2xao327x46c5w34/
/rxrz942aiuu4l8pz911zftk80r96wapccjubcecid2dnukfb1l7vkft3vyy07gao6txs5v5dxil5/
/3444644e44c1647371bd5dfb1f4c154e2628a7d9.php

# Reference: https://www.virustotal.com/gui/file/c9799f909a0bf09ef5fab57929cd0de349aad34c2456e8dd076a878921427a43/detection

a0502373.xsph.ru
/95d8wtybliyy4c6xga0vs1uzc9/qrle8kye8zrfk7b4iz7m25gyxpioon3nz23wm32t26zcds0ve6szgcemt2a9fsbp5n85s6avj3bwvc1amj5guh47d/1689e55ee8d0b7689e40485576d1d8903252a398.php
/95d8wtybliyy4c6xga0vs1uzc9/qrle8kye8zrfk7b4iz7m25gyxpioon3nz23wm32t26zcds0ve6szgcemt2a9fsbp5n85s6avj3bwvc1amj5guh47d/
/qrle8kye8zrfk7b4iz7m25gyxpioon3nz23wm32t26zcds0ve6szgcemt2a9fsbp5n85s6avj3bwvc1amj5guh47d/1689e55ee8d0b7689e40485576d1d8903252a398.php
/95d8wtybliyy4c6xga0vs1uzc9/
/qrle8kye8zrfk7b4iz7m25gyxpioon3nz23wm32t26zcds0ve6szgcemt2a9fsbp5n85s6avj3bwvc1amj5guh47d/
/1689e55ee8d0b7689e40485576d1d8903252a398.php

# Reference: https://www.virustotal.com/gui/file/c010d0c7128593451922c1513c9b4afa3453e3c9f73e3eb164689cdaf246b372/detection

a0615320.xsph.ru
/EternalGeneratorwordpressprivate.php

# Reference: https://www.virustotal.com/gui/file/c00bda11c896a535e69e122d9727f19346bf75bc601e4f599abba928c94a5c1b/detection

a0509427.xsph.ru
/0mqeh34ok06sgd36e5t/dp6mhcfn80s3jnls9hhje7q9i74e8fnotkr5zkg9354fbqj57xyjbkrd9god5mm68/f32ab53a4e9a006cb78f5151fe42a10eb173f34b.php
/0mqeh34ok06sgd36e5t/dp6mhcfn80s3jnls9hhje7q9i74e8fnotkr5zkg9354fbqj57xyjbkrd9god5mm68/
/dp6mhcfn80s3jnls9hhje7q9i74e8fnotkr5zkg9354fbqj57xyjbkrd9god5mm68/f32ab53a4e9a006cb78f5151fe42a10eb173f34b.php
/0mqeh34ok06sgd36e5t/
/dp6mhcfn80s3jnls9hhje7q9i74e8fnotkr5zkg9354fbqj57xyjbkrd9god5mm68/
/f32ab53a4e9a006cb78f5151fe42a10eb173f34b.php

# Reference: https://www.virustotal.com/gui/file/b76d4d55a77e60335c601937e5640e9340d81958c0fe3d7589200437114ee289/detection

a0530235.xsph.ru

# Reference: https://www.virustotal.com/gui/file/b6e5eb6c4977b9d2fc3450f329df3d278520113b7f4971957e3fe6d298087fec/detection

a0507655.xsph.ru
/tgm1bkvusaettq/25ke48f4rznl2/e911ccbf80878043841ae566261d6d088e7b9f76.php
/tgm1bkvusaettq/25ke48f4rznl2/
/25ke48f4rznl2/e911ccbf80878043841ae566261d6d088e7b9f76.php
/25ke48f4rznl2/
/tgm1bkvusaettq/
/e911ccbf80878043841ae566261d6d088e7b9f76.php

# Reference: https://www.virustotal.com/gui/file/0058b8d9c8c1158938c5cb6bb8812d745720df7d930f922ff62503ec64c016f9/detection

f0489337.xsph.ru
/4co6nkvlyzq7nnxoghatiyygje7dvtis5i4rkcil1/daqvp0s8mjwvvt95z7311j2qc3po9qsxe0eyhf6ryaktqute8248i1f5ru822hjnjt4zbkivjakrr40tl/fc8ba6c59d8743c977012be26c9b31afc585846a.php
/4co6nkvlyzq7nnxoghatiyygje7dvtis5i4rkcil1/daqvp0s8mjwvvt95z7311j2qc3po9qsxe0eyhf6ryaktqute8248i1f5ru822hjnjt4zbkivjakrr40tl/
/daqvp0s8mjwvvt95z7311j2qc3po9qsxe0eyhf6ryaktqute8248i1f5ru822hjnjt4zbkivjakrr40tl/fc8ba6c59d8743c977012be26c9b31afc585846a.php
/4co6nkvlyzq7nnxoghatiyygje7dvtis5i4rkcil1/
/daqvp0s8mjwvvt95z7311j2qc3po9qsxe0eyhf6ryaktqute8248i1f5ru822hjnjt4zbkivjakrr40tl/
/fc8ba6c59d8743c977012be26c9b31afc585846a.php

# Reference: https://www.virustotal.com/gui/file/819a6e842b7837d2b08acaf4fe967fbe5773d508ac7942edcd78813138184c77/detection

http://149.154.70.81
/zb71wvnuncm5g37hb4doz0gkhfy6rxo1fscb6u9uudo2yp6rp9q0vsj28/3lc4qki7n2954yke05xqzvlfp48v59novo4fg88h4fzmtfwa8cbkrmxji1hbo9smr6l7ppgle/5a2194a364aeae82c34648c9543e8ee7725f5bb5.php
/zb71wvnuncm5g37hb4doz0gkhfy6rxo1fscb6u9uudo2yp6rp9q0vsj28/3lc4qki7n2954yke05xqzvlfp48v59novo4fg88h4fzmtfwa8cbkrmxji1hbo9smr6l7ppgle/
/3lc4qki7n2954yke05xqzvlfp48v59novo4fg88h4fzmtfwa8cbkrmxji1hbo9smr6l7ppgle/5a2194a364aeae82c34648c9543e8ee7725f5bb5.php
/3lc4qki7n2954yke05xqzvlfp48v59novo4fg88h4fzmtfwa8cbkrmxji1hbo9smr6l7ppgle/
/zb71wvnuncm5g37hb4doz0gkhfy6rxo1fscb6u9uudo2yp6rp9q0vsj28/
/5a2194a364aeae82c34648c9543e8ee7725f5bb5.php

# Reference: https://www.virustotal.com/gui/file/003ffe92e0586bdfc75e35fce3d959a2be1f1003a6f60591ffe671fa7bad632a/detection

cg38346.tmweb.ru
/06qd02/4k4fu7wdr8yn18sfc4imxod979kt3jmtzad4vrpbz5vvul5wpom/65c42b42653fba838f215c3150f7a59527ad3b3c.php
/4k4fu7wdr8yn18sfc4imxod979kt3jmtzad4vrpbz5vvul5wpom/65c42b42653fba838f215c3150f7a59527ad3b3c.php
/4k4fu7wdr8yn18sfc4imxod979kt3jmtzad4vrpbz5vvul5wpom/
/65c42b42653fba838f215c3150f7a59527ad3b3c.php

# Reference: https://www.virustotal.com/gui/file/0a66fab23fc185a17155e98e68315898fbab45bf6a5120d40734f1d0e17ed0bf/detection

ct51793.tmweb.ru
/vmpolllowprotect.php

# Reference: https://tria.ge/220513-1c14wsbhb8/behavioral1
# Reference: https://tria.ge/220513-epmldaccb8/behavioral1

http://31.148.99.171

# Reference: https://www.virustotal.com/gui/file/eed1a9f0ec43c5ae892d3405db010421f0961d53a0728c5f298d45baa31f9e92/detection

a0679997.xsph.ru

# Reference: https://www.virustotal.com/gui/file/6db9070ee1d70e0d24eee9794c461f7bc8be994f7fe7ad721ade2fe3b09bde42/detection

a0662376.xsph.ru
/providersecureApiLinux.php

# Reference: https://www.virustotal.com/gui/file/73583b83b0864479a0731f3d7aa8986f20415ce961774b13029ada8b778790ac/detection

154.12.230.109:8848

# Reference: https://www.virustotal.com/gui/file/06ad34aa4dc9bdef0a3bc023060110d6f879774411ed397caf07f00d5d6f2a4f/detection

a0684770.xsph.ru

# Reference: https://cert.gov.ua/article/405538 (# Ukrainian, UAC-0113)
# Reference: https://www.virustotal.com/gui/file/2b2438aa8da7c23e714f2d7a196d82ed52914c9353ef9fded01448216bd858ff/detection

plexbd.net/MSCommondll.exe
plexbd.net/MSCommonDriver.exe
datagroup.ddns.net
/PythonHttpGeolongpolldefault.php

# Reference: https://www.fortinet.com/blog/threat-research/ukraine-targeted-by-dark-crystal-rat

star-cz.ddns.net

# Reference: https://www.virustotal.com/gui/file/0007015ce9090fc52712bc0148a974c643fc570b56d8d78765a6fbde9953639d/detection

hyuihyuihyuihyuihyuihyuihyuihyuihyuihyuihyu.site

# Reference: https://www.virustotal.com/gui/file/b64e011891245dfd504c35145c073ab37a7298ca12ba7c0b40190f83bfba5566/detection

http://149.154.70.91
/phprequestApiuniversalpublic.php

# Reference: https://www.virustotal.com/gui/file/1f97e20f092479de14e6ecc4debcbc835528a0de8d75c5f2ac36d9c24d08555b/detection

http://149.154.70.79

# Reference: https://www.virustotal.com/gui/file/1e1ddbd0db9aeff25d220aaa65a1118c38b90e6ad3d268fd4b47ec898bf3d17a/detection

http://87.236.146.23
/Temp5To/HttpPollUniversalgame/sql/02Httpcdn/httpLinux.php

# Reference: https://www.virustotal.com/gui/file/ced36829a9dcff10487b26b9c931c399f4dba93ae3a226c0174426ee02b0c8f9/behavior/VirusTotal%20Jujubox

http://185.46.10.74
/Vm_Servercentral.php

# Reference: https://github.com/ti-research-io/ti/blob/main/ioc_extender/ET_DCRat_Related.json

bomber.dcrat.ru

# Reference: https://www.virustotal.com/gui/file/ba532af8694c6cb7ed64a3967366e9356082f1038e7983f7829ad94f55bb0cf6/detection
# Reference: https://www.virustotal.com/gui/file/f5e5848f11cb330a78ae2c4177ba72a229a7298894061436abcf5bec3c70b752/detection

a0698769.xsph.ru

# Reference: https://www.virustotal.com/gui/file/00671603a647502a53d1fea47406952e22d1de35151f6f3aa187e209da5f1793/detection

a0546152.xsph.ru
/lowUpdategameflower.php

# Reference: https://www.virustotal.com/gui/file/180bdaa12e54e3cc55aec3b80ef124626b997145c520125e96ed750c0a815857/detection

clmonth.nyashteam.ml
1002.clmonth.nyashteam.ml
1006.clmonth.nyashteam.ml
1007.clmonth.nyashteam.ml
1008.clmonth.nyashteam.ml
1648.clmonth.nyashteam.ml
2069.clmonth.nyashteam.ml
2255.clmonth.nyashteam.ml
23457.clmonth.nyashteam.ml
2765.clmonth.nyashteam.ml
28958.clmonth.nyashteam.ml
2945.clmonth.nyashteam.ml
3587.clmonth.nyashteam.ml
3598.clmonth.nyashteam.ml
5422.clmonth.nyashteam.ml
5687.clmonth.nyashteam.ml
61633.clmonth.nyashteam.ml
7485.clmonth.nyashteam.ml
7539.clmonth.nyashteam.ml
7865.clmonth.nyashteam.ml
7885.clmonth.nyashteam.ml
7935.clmonth.nyashteam.ml
9076.clmonth.nyashteam.ml

# Reference: https://www.virustotal.com/gui/file/9fd9b29ea8b6c727dcf1853272ce5b8e4a18ed109e38b0c4857a601e41f81b13/detection

eternity.fbkw.ru
/supersecret/getlatestversionnnncnnnnnnnnnnnnnnnnnnnnannnnnnnnnnnnnnnnnnnnnnnnannnaaa.php
/secretet/vZGOpKmEUkU7BDMvGUZ97QNikJvrOmXSGsjWZ8g0kbT4Nv.php
/getlatestversionnnncnnnnnnnnnnnnnnnnnnnnannnnnnnnnnnnnnnnnnnnnnnnannnaaa.php
/vZGOpKmEUkU7BDMvGUZ97QNikJvrOmXSGsjWZ8g0kbT4Nv.php

# Reference: https://twitter.com/MBThreatIntel/status/1556683337258782720
# Reference: https://www.virustotal.com/gui/file/c90bd7b3e642eba0ab5a1153dde46a1c01131a773956f54801c7380ba037e6b6/detection

sublimetext.me
h925402f.beget.tech
/ServerDefaultBasedatalifedownloads.php

# Reference: https://www.virustotal.com/gui/file/0fd56384d2b39661d2a81b16bd5aa72ae4deb023dda532796acc94516fc1b9de/detection
# Reference: https://app.any.run/tasks/ccecbcd8-f578-40c7-be8a-8bf59e751e0e/

a0682132.xsph.ru
narzieo9.beget.tech
/SecurebaseTraffic.php
/updateapidbCentral.php

# Reference: https://www.virustotal.com/gui/file/03d2ea4dd1ce66403b7977dfdf6fc2a9708425fee1d9b4792ac465578788c61d/detection

a0521453.xsph.ru
/voir02dspjj3azy9xnvqpidhtx1ih6ymcnf7qk7nbjm3gg4lrqpukwjr8twctg5rt297dx6eg5/p7v8ksbrt61jpbbemgmk6wzh6n/c62e14ab2c403943c7e5f1f40282c9a92a2d1d0c.php
/voir02dspjj3azy9xnvqpidhtx1ih6ymcnf7qk7nbjm3gg4lrqpukwjr8twctg5rt297dx6eg5/
/p7v8ksbrt61jpbbemgmk6wzh6n/c62e14ab2c403943c7e5f1f40282c9a92a2d1d0c.php
/p7v8ksbrt61jpbbemgmk6wzh6n/
/c62e14ab2c403943c7e5f1f40282c9a92a2d1d0c.php

# Reference: https://www.virustotal.com/gui/file/21cb6213795cabdcb33cd3102017a9e2a4ad31395976edf02311423ad0f622af/detection

a0703775.xsph.ru

# Reference: https://www.virustotal.com/gui/file/09342b36eeaad27a94f1fd6817bf161cf1c9194709ce8fe869afccd4239f4db3/detection

a0554670.xsph.ru
/PacketgamemultiFlowerTraffic.php

# Reference: https://www.virustotal.com/gui/file/005cc836619526899f69218adb2a46f51f4847d8b43c36a7821c3c9a1abc1110/detection

http://86.110.212.29

# Reference: https://www.virustotal.com/gui/file/2aebe64ad1d7e84b2111b0571276c760eeabd6b641c89c09ba2d9ef95cd883c8/detection

a0710769.xsph.ru
/externalCdntemporary.php

# Reference: https://www.virustotal.com/gui/file/03d0857d5817b72bd95ebb768b41c8d0bd819ad041289ff378dbac621bee2597/detection

asdfadawdawd.ru
/externalauthdbwpPrivate.php

# Reference: https://www.virustotal.com/gui/file/07dd506c59ad8f994f52611247eed8275201d0acb24c1341e33ffd75cceaac85/detection

a0521182.xsph.ru
/ac80iuazteg5lj5e610udcmw3t2xlqrf8oy0pi2/iryj0onjpw3m3xchqsi9zi5k1ghin9p6tk41ers9ejlkmbg60vbhj4hkxlr/kor3vehmv2ztwnlzxsqpgzp8p6haj3coqm6qd54clt61n9fuohygfwmixdi/d96da147ddc7c66170035f82a42d9c2f.php
/ac80iuazteg5lj5e610udcmw3t2xlqrf8oy0pi2/iryj0onjpw3m3xchqsi9zi5k1ghin9p6tk41ers9ejlkmbg60vbhj4hkxlr/kor3vehmv2ztwnlzxsqpgzp8p6haj3coqm6qd54clt61n9fuohygfwmixdi/
/ac80iuazteg5lj5e610udcmw3t2xlqrf8oy0pi2/iryj0onjpw3m3xchqsi9zi5k1ghin9p6tk41ers9ejlkmbg60vbhj4hkxlr/
/iryj0onjpw3m3xchqsi9zi5k1ghin9p6tk41ers9ejlkmbg60vbhj4hkxlr/kor3vehmv2ztwnlzxsqpgzp8p6haj3coqm6qd54clt61n9fuohygfwmixdi/
/ac80iuazteg5lj5e610udcmw3t2xlqrf8oy0pi2/
/iryj0onjpw3m3xchqsi9zi5k1ghin9p6tk41ers9ejlkmbg60vbhj4hkxlr/
/kor3vehmv2ztwnlzxsqpgzp8p6haj3coqm6qd54clt61n9fuohygfwmixdi/
/d96da147ddc7c66170035f82a42d9c2f.php

# Reference: https://www.virustotal.com/gui/file/3c167c067abc30c62d2d74e7409d65cc84ae051a868ce55ee0a1f4de0a3059fb/detection

cw85895.tmweb.ru

# Reference: https://www.virustotal.com/gui/file/000f3f7a71b10f42d32371c5dff7b974300a45fa35f9a7d8024a4ec4fcabab41/detection

a0709015.xsph.ru
/pollFlowerAsyncwordpress.php

# Reference: https://www.virustotal.com/gui/file/00775bf2d98db532ca754489e9f262bbead5f19e6a5b2114e9f3fc989e70dde9/detection

a0706820.xsph.ru

# Reference: https://www.virustotal.com/gui/file/035e94c3897695d24524b01e141f8c904034e15bf0d6492d8005b81d8c1e1424/detection

asos.bar
/bigloadMultiBase.php

# Reference: https://www.virustotal.com/gui/file/2a833361299f6bd61506cf3ac29e25fa960467657cc92f23a6d36bd65a4aabd5/detection

a0685116.xsph.ru

# Reference: https://www.virustotal.com/gui/file/d4d8519fb5cb89f65a29db531034be71cb4c41188c512e01eb48c0ff9e9175f7/detection

a0715881.xsph.ru

# Reference: https://www.virustotal.com/gui/file/7aa907117d7dc41bcf159506536af6d2b76f2ac49adbacbb9748ac09917310ef/detection

a0715314.xsph.ru

# Reference: https://twitter.com/MisterCh0c/status/1123890895605194752
# Reference: https://app.any.run/tasks/39dc7c95-2f60-4a0f-b962-5abb688817ba

darkcrystalrat29.000webhostapp.com
uproxies.myarena.ru

# Reference: https://www.virustotal.com/gui/file/b88b12d7dc8c791383f11a7f2083b0f16d353c6e47615b10bc533c36ef893e96/detection

mamont1337.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/b4d86cc2a6d1417ab614fd759cadbdd03750511cda2cd4d063b92b1daae6cffe/detection

pwnova.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/0f1611211d77702a6f7dd5f1110afdf85bd3d6d2d0d2f569fe2a4962acec2de8/detection

payloads-poison.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/3f17bcfc62559226df10d47eb9769b32c7c2ef5ad44889f0c253e1fcc5d68dea/detection

zorgehnajamn.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/ef486eaf9407e020a911c8795e334b6be98cf84386ac3eeaa25488c975b47227/detection

ponchikgribov.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/c0741e25484d3ed9ab786a852564500602186b59638397ffbe37eab9182a7512/detection

holohololo.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/561f3702f2bc11607012f82894475da814052c925d7d2afd242a95dc5f5a7363/detection

mabuch.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/ebb67c781269d75cc4aa1c5aacdc4ab1289a603dc5532ccc2fb7dbbed284d786/detection

0x01f1.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/bbde4f9a20c30515c9c163709e7fb670d296e087f486278a3017fdaeea282114/detection

supercraftalex.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/0783ad7db9e4f015a8c4a2100da925c43e9197996463f03194519aa8a70d6328/detection

silentscanner.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/de622b50da9fad14bee683c2d46ffa167a453d8cd0d31f7a86d72d2cf5de8b13/detection

thedonserver2.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/a69604b7a62ff5eab64e011fbe653d83b0d7e854633528aedb98a27a300e9cdb/detection

vanityss0.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/fa76b811f2ea98f5c356bac7d2c27cca58c7db23729307fed74650c7ee95075f/detection

allopathic-trays.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/6ad0fb9af26cd895584d71f89186754ab9263c6034126f8ae2be9a85a8ea3482/detection

fritroser.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/9c370e4919315bd7b718e4ccdf605f2332ab672b53209c12dfdd22ebd5bf63b6/detection

cuberdragon.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/7bb559915ee54376af490aec3354df9d024f4c80878eb5c976caf98aff430d7e/detection

spikerr.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/50d8c57679ebf98a325f0cca86309fbd757964accd8e694cc31553c792551c5b/detection

hkmksmsjn.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/fcf3dd30c43dbd3fb8db46ffbd90aa898f821acd5f77c79b0f22da4ef824010e/detection

eliseyhaise1488.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/1c7fbedcbbe92c3c00c58d75ed8f02ddc79ce3af209f68305758a785200b09a9/detection

nosky777.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/f0bd98484d599b26d067ae42c5baf4cacf88170d397b5bf805c3cb8fb558aaa2/detection

zorgehnajamn.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/eb94e806bfd7e5e3aa1a5aee781150cc7e1e83af22a6c0194c6138673a006fb0/detection

jssh.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/92e6d7a6e8e9bdf59d8c92f54ef8f076b04ea31d62e20e83add00d70f53f0373/detection

superacute-barrier.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/d1f9e8d2c091a5ec29a0420ed3a2002209689799ec7babcf1e1ff81775234d53/detection

filesfloader.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/d4a47a202068cf51c8b10381cbdd414f24af4a7c7562b97472540d7a02646d09/detection

diversionary-turbul.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/f3261eab08f0316d237bb474734674acd4a8eeb183331ce689d1cee57de94218/detection

hkmksmsjn.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/873baf17585637276230e7c7b358321ac0e7f9c1e64878b708a030104836e7d6/detection

rat21212121.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/769609d8870d14efe8688affabf153dd287dd7ca97ea81b921704bab1752c150/detection

nikotsu.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/f8eda3c1be8522ab6afd7e8f259ec592292b7940a7f9ee189ecdd5b9ccee2eb9/detection

labscreenshare.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/c3309c40ed05075598d9a44d06be2a5eea0c25ce11e2741e5e1e5239b0f0259e/detection

kasumeauth.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/a8d4bfcf4a966ac593f31cf8fe82b8f133034066859acb8bb54fc19577b35d14/detection

denotable-guide.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/aff3a5987ebd22e6bab2845e8b5f033149d9f6fd38c1c19f63a9b666a78cda84/detection

wolfgt.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/7def4faac6dca29bd03a5b4bcd3e5ead02fdb6318a0b308f88d9cc16065c729c/detection

ratfunpay.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/5ce86179014d6b741a6be05600151c2cf7f6140dc4115e05e3f2261484e677c1/detection

testforpurp.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/b8850467013fa029a51489ee66554fd70296690713a07d80eef978f8871ae8e4/detection

telenor-location-setup.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/47b664ab4e3913721c25763104d534a2585a9f3464b20d5a0b3604b877543ece/detection

hutech123.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/71a5ced54a8792c354b729bbbdd97a132ee32acc332e7cc2136d5fd158bd0dca/detection

dcrettting.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/6fb1b51833dd0eea891ea931b2b4d54835f5b19791b4065babea5538c4d982a6/detection

masha1488.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/1ea8e7c9a99f93222159b00b3713de60ab6364a93a62b18fc24f572922edef86/detection

asbfbzvfhsebh.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/04f0cbef22ec452eb8024aabe693157d03a1d6ff488600b541483d11895eba90/detection

asdasd1010.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/46667d51bd5a6cf6bb93ea291a95ac66fe65459f17d001c40b9a2978bb0fe1ca/detection

mrbigg.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/282cb1832225f49f62850ea57f5227dfadf7a118a609d7ea1488cae8c1029990/detection

mrbiggg.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/ab8f00944d1323c75dedce595036a16765ada233648e247afc30bc76e7ec1914/detection

zorgehnajamn.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/49d323809906bf0326d5cd2e721c301672dfb9e5832bb7470d3693b6cc7c973d/detection

organner.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/7d13019882ad60fc65881d607360a8b1441cb6dde43d1f92e120940f791701d7/detection

kiwihook228.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/f0c5303a8a8713f4c73f9b04debfde6387a37fb0fdab0fd3dba68b4ac9388181/detection

kdwahjdklawhflahywfilyhaw.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/0012c370f4fe5384a99e4041530a76f14518ebf1fa79e2569eae21044f25ca74/detection

moralfag228.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/32d69753f2cfdf76427e497f6798fd10fff58c0b6bfdb3fda5eaf510b1890511/detection

matvey2207api.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/1689209fe6dab791b4d7eedee0ac05cd1119328b9217ae1f2b48f66a6b7f1ef4/detection

icursos.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/8ff34b12b7a065fcb4b75e55b4ca06cfc5b40aa51afa763e881f522a534ade7b/detection

huongtra899.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/e1f53c1783e59c5a3ea7d28ceac7c74b2eb81ac850a74c1e90bd82a0314024f2/detection

frogmezserver.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/37d8371c4d5db0701605f647dda2482ae2c0383793544caaa6ac218d630e8cb4/detection

diyspecial.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/d7c16df73304c6d7c166200b0e5bf8cc0cf0701d3f49539e95efd4078a12fd44/detection

wannatalk.000webhostapp.com

# Reference: https://twitter.com/James_inthe_box/status/1435345484139286530
# Reference: https://app.any.run/tasks/46d1eb68-c229-4263-bf3f-207dbcd5d896/

http://178.250.158.47

# Reference: https://twitter.com/James_inthe_box/status/1448751827046985746
# Reference: https://app.any.run/tasks/66fad0a4-789c-4d09-bb1c-12f9ff2bb92e/

http://82.146.34.178

# Reference: https://www.virustotal.com/gui/file/4b4a3839ecf1b4103a231af600a029d5b315cedd359ec3bdfaf61bb243ae7297/detection

7539.clmonth.nyashteam.ru

# Reference: https://www.virustotal.com/gui/file/02177431b0825bf9f3d7c7d887c82494a3d1fd89f3e24d9128f126dd56f06a73/detection

95892.clmonth.nyashteam.ru

# Reference: https://www.virustotal.com/gui/file/e50d7c1551535c94387091a653d18f5ecc26b6a15c04392523fde82df61f310c/detection

f0531789.xsph.ru

# Reference: https://twitter.com/WhichbufferArda/status/1581332837814636545
# Reference: https://www.virustotal.com/gui/file/72a3dffc4708d9e9eedffd81cc26ca19df813db423e848bbaf092540d9e36eab/detection

bayraktar.fun

# Reference: https://twitter.com/pmelson/status/1585699881905451008
# Reference: https://www.virustotal.com/gui/file/49a59c92e9c1876828015fa1985132058e1ac023a196c2942ebef409789bb356/detection

141.255.147.241:8973

# Reference: https://twitter.com/tosscoinwitcher/status/1586061272197476352
# Reference: https://www.virustotal.com/gui/file/005ca7fcb95236a3ae86e744c9d9b41ad97e74205ca5c2151e60abd4676fbd66/detection

http://188.120.244.159
/lineCentralTo0/Voiddb0Request8/7centralPrivate/
/Request1/0/universalDefaulthttp/
/Request9Multi6/ApigeotempProtect/GeneratorLineServer/
/Request9Multi6/
/Voiddb0Request8/

# Reference: https://www.virustotal.com/gui/file/02dd2d41ea02bee1d7a6505fa299cacb41024a6c6a1b2eb9e43597bc1b5854b1/detection

a0724321.xsph.ru
/PythonprotectLinuxAsync.php

# Reference: https://www.virustotal.com/gui/file/041bd486fefe872019f748d66a7d5dee4b097d4b222c320ce94f89133b6860a6/detection

http://194.58.98.53
/ExternalRequestpollsqlasync.php

# Reference: https://www.virustotal.com/gui/file/053f31bae67a9d04b92b11e54981618f7da49b9d4b77344babaebd7773fc76b1/detection

a0571604.xsph.ru
/imageApiDefaultflower.php

# Reference: https://www.virustotal.com/gui/file/0051ad484af03c603e1c10dd3b70f700faee7d46e86fe3467ed393bf18249a7b/detection

malenkybabejon.xyz

# Reference: https://www.virustotal.com/gui/file/08b2434fa33b35c428fb85e938fed0d6d715b5e46806bbe2d130ebb0ed2df614/detection

http://13.90.128.253

# Reference: https://www.virustotal.com/gui/file/ae3b4897a288a41ec73e1a6b94ce89b982a35e4ee754208e035877ed27ad17a8/detection

103.151.123.121:8890
toff7857.duckdns.org

# Reference: https://www.virustotal.com/gui/file/a6f9c3a7f821cad5b2095915c015fce09729cb2f4637c1ee002dd8f3ec951a81/detection

103.151.123.121:8895
moneyinthemaking33.duckdns.org

# Reference: https://www.virustotal.com/gui/file/1e01bacfc305cac510024cfd91980e72f7f162f3feb017637d43b013195e13ee/detection

dthaurs.duckdns.org
gdbsty.duckdns.org
makingthomas9.duckdns.org
medelinemellinger.duckdns.org
morningb006.duckdns.org

# Reference: https://www.virustotal.com/gui/file/05c5855645215f25843fb116d4ad622331599e6823c1ac08e26b3ec016462c00/detection

a0642773.xsph.ru
/processoruniversalpublic.php

# Reference: https://www.virustotal.com/gui/file/0fb1da58743a6a21376c4d513e4e8dd39e176719b9f89551c94a88e21b58922d/detection

a0654793.xsph.ru
/trafficdatalifewpdlepublic.php

# Reference: https://www.virustotal.com/gui/file/d4b5239cf81c54d406e6f208359145d7ea1fb429a3a245e2c805161d761737de/detection

a0740712.xsph.ru

# Reference: https://www.virustotal.com/gui/file/04d48912fee541a1dcec802ac9065a91cfb75114fdea1edd43b8a4a9d538299d/detection

193.149.3.239:1938
liteshare.co
one.liteshare.co

# Reference: https://www.virustotal.com/gui/file/0000ad0538e40f2c6a61df90552b1603a05556a620dd5e09d07c0d4cf6b329d2/detection

a0741693.xsph.ru

# Reference: https://www.virustotal.com/gui/file/23fda5b36c96f2c2e7e5ae8a0ba46eee0b898fa97c95b522bef284134b78e21b/detection

a0751745.xsph.ru

# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-12-29-IOCs-for-malware-from-fake-Adobe-Reader-page.txt
# Reference: https://www.joesandbox.com/analysis/775734?idtype=analysisid
# Reference: https://www.virustotal.com/gui/file/37082f0b757d6c249b870c29872a9bf8e38e344150735d9b6d2a64364b18b226/detection

78.47.195.75:4448
78.47.195.75:4449
adobereaders.co
bravebrowsers.cc
system-checki.com

# Reference: https://twitter.com/suyog41/status/1612421819646226432
# Reference: https://www.virustotal.com/gui/file/aa7329f9d3c9b4c1620182c9697b905ce03819a6b538d8c5e70142a6aad4e712/detection

http://149.154.68.247
/PollProcessvoiddb/Cpu5js/lowserverflowerCdn.php
/PollProcessvoiddb/Cpu5js/
/PollProcessvoiddb/
/lowserverflowerCdn.php

# Reference: https://www.virustotal.com/gui/file/2f2d38c73fd78cfbb16fe47b098400197de6021d58038fdc49679a4b756463e3/detection

18.228.115.60:11104
18.229.146.63:11104
18.229.248.167:11104
18.229.94.15:11104
18.231.93.153:11104
52.67.169.190:11104
52.67.76.246:11104
54.94.248.37:11104

# Reference: https://www.virustotal.com/gui/file/4a8ccf53b785ab0ee93db39aaa6d656c19a7705d5a38f298a6bc5fa8250995f3/detection

http://135.181.83.211
/cpugamedefaultsqlDatalife.php

# Reference: https://www.virustotal.com/gui/file/b2d97d507306f7abbed7ca882340f456a17cdf176488faa8f8e0741019300d78/detection

http://212.113.106.79

# Reference: https://twitter.com/ScumBots/status/1621223797071175682
# Reference: https://www.virustotal.com/gui/file/4f23c0742d9a19732acdcc777b4168366d4762b7f9fa553d1dbc62b68378cc97/detection

20.197.196.201:7749
intrudernomercy.duckdns.org

# Reference: https://www.virustotal.com/gui/file/6cff73a9a97ff3955d44e35310ccec01847143a9e70678f685840d7c8ad25971/detection

ca22859.tw1.ru
/ProcessorauthTestLocal.php

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/

http://109.107.189.197
http://109.172.44.182
http://109.248.42.13
http://121.40.81.65
http://130.255.170.91
http://135.181.106.220
http://135.181.164.113
http://135.181.99.197
http://136.243.179.74
http://141.94.188.141
http://142.132.182.134
http://145.239.27.225
http://146.19.207.252
http://146.19.207.58
http://146.19.233.133
http://146.19.24.118
http://147.182.195.133
http://148.251.242.103
http://149.154.64.5
http://149.154.65.218
http://149.154.66.74
http://149.154.67.30
http://149.154.68.117
http://149.154.69.71
http://149.154.70.15
http://149.154.71.242
http://151.248.117.210
http://151.248.121.68
http://159.65.31.64
http://162.55.170.203
http://162.55.33.151
http://164.92.181.85
http://165.22.23.36
http://167.235.28.213
http://167.235.57.39
http://167.88.170.23
http://172.104.4.99
http://172.245.10.88
http://176.113.82.46
http://176.124.200.25
http://176.124.201.32
http://176.126.103.159
http://176.126.103.211
http://176.126.103.47
http://176.31.32.199
http://176.57.69.97
http://176.99.12.128
http://178.154.196.48
http://178.20.47.110
http://178.250.156.239
http://178.250.156.30
http://178.250.157.127
http://178.250.157.16
http://178.250.158.26
http://178.250.158.55
http://178.250.159.150
http://178.250.159.206
http://178.250.159.50
http://178.250.247.22
http://179.43.175.120
http://185.103.254.119
http://185.104.248.184
http://185.106.92.40
http://185.112.83.126
http://185.112.83.48
http://185.12.126.186
http://185.143.220.212
http://185.146.156.142
http://185.146.156.144
http://185.156.72.35
http://185.16.38.98
http://185.16.39.123
http://185.174.136.169
http://185.174.136.187
http://185.189.12.109
http://185.189.13.15
http://185.197.75.85
http://185.204.0.144
http://185.206.214.155
http://185.213.211.238
http://185.219.40.39
http://185.224.135.74
http://185.229.66.123
http://185.233.38.221
http://185.233.80.179
http://185.235.218.66
http://185.241.61.111
http://185.246.65.133
http://185.246.65.20
http://185.246.65.77
http://185.246.65.81
http://185.246.66.170
http://185.246.67.84
http://185.251.90.27
http://185.43.4.142
http://185.43.4.223
http://185.43.4.27
http://185.43.4.31
http://185.43.5.151
http://185.43.5.62
http://185.43.5.75
http://185.43.6.111
http://185.43.6.68
http://185.43.7.221
http://185.46.10.199
http://185.5.248.148
http://185.51.246.172
http://185.60.134.186
http://185.92.149.245
http://188.120.224.116
http://188.120.224.97
http://188.120.225.216
http://188.120.225.47
http://188.120.226.13
http://188.120.228.186
http://188.120.229.72
http://188.120.231.113
http://188.120.231.63
http://188.120.233.209
http://188.120.235.7
http://188.120.236.137
http://188.120.237.72
http://188.120.240.211
http://188.120.241.206
http://188.120.243.11
http://188.120.244.227
http://188.120.244.38
http://188.120.246.154
http://188.120.246.49
http://188.120.248.214
http://188.120.253.98
http://188.120.254.194
http://188.120.254.81
http://188.225.72.109
http://188.93.233.120
http://192.95.55.233
http://193.106.191.180
http://193.108.113.28
http://193.109.78.76
http://193.124.22.2
http://193.124.22.3
http://193.188.23.169
http://193.233.48.42
http://193.233.49.76
http://194.147.90.111
http://194.163.190.76
http://194.190.152.128
http://194.190.153.34
http://194.226.121.128
http://194.226.121.164
http://194.226.121.83
http://194.26.229.18
http://194.26.229.23
http://194.26.229.54
http://194.26.229.65
http://194.36.177.74
http://194.36.177.98
http://194.40.243.101
http://194.5.78.193
http://194.61.52.49
http://194.67.110.48
http://194.67.111.145
http://194.67.119.11
http://194.67.67.104
http://194.67.67.43
http://194.67.74.169
http://194.67.87.32
http://194.67.92.230
http://194.67.92.38
http://194.87.186.10
http://194.87.199.77
http://194.87.214.216
http://194.87.216.2
http://194.87.216.73
http://194.87.218.122
http://194.87.219.243
http://194.87.232.197
http://194.87.237.68
http://194.87.31.20
http://194.87.62.41
http://194.87.82.229
http://195.133.1.180
http://195.133.1.65
http://195.133.75.174
http://195.133.75.213
http://195.133.75.27
http://195.133.88.26
http://195.140.146.115
http://195.140.147.188
http://195.3.223.215
http://195.3.223.218
http://195.3.223.79
http://2.56.59.225
http://2.57.186.38
http://20.113.82.15
http://20.26.196.182
http://207.148.109.186
http://209.209.113.33
http://212.109.192.100
http://212.109.195.180
http://212.109.198.236
http://212.113.116.24
http://212.162.153.128
http://212.192.14.24
http://213.159.214.231
http://217.114.43.68
http://217.25.95.234
http://217.28.221.151
http://217.28.223.117
http://23.137.249.17
http://23.227.193.58
http://3.122.113.204
http://3.123.129.109
http://3.249.182.164
http://31.129.22.12
http://31.172.66.22
http://31.184.249.5
http://31.24.87.18
http://31.24.87.49
http://31.42.177.7
http://37.143.12.118
http://37.143.9.37
http://37.220.86.127
http://37.220.87.84
http://37.228.93.151
http://37.230.112.51
http://37.230.113.176
http://37.230.113.20
http://37.230.113.43
http://37.230.113.82
http://37.230.116.166
http://37.230.117.59
http://37.252.1.137
http://37.46.130.13
http://37.46.130.214
http://37.46.131.62
http://37.46.133.171
http://37.46.134.156
http://38.242.133.44
http://38.242.207.140
http://45.124.115.20
http://45.128.234.216
http://45.132.1.186
http://45.137.65.70
http://45.140.147.119
http://45.141.100.241
http://45.141.76.106
http://45.141.79.87
http://45.142.122.12
http://45.142.36.241
http://45.144.2.118
http://45.15.157.11
http://45.153.186.205
http://45.153.229.94
http://45.156.84.108
http://45.63.74.55
http://45.8.158.146
http://45.81.227.27
http://45.82.13.18
http://45.83.122.110
http://45.83.194.100
http://45.83.194.102
http://45.86.229.156
http://45.93.200.140
http://46.148.114.84
http://46.151.30.40
http://46.175.145.60
http://46.175.150.73
http://46.3.197.42
http://46.3.197.86
http://46.3.199.118
http://46.3.199.52
http://46.30.45.25
http://47.254.235.229
http://47.96.64.30
http://5.101.44.217
http://5.63.154.100
http://5.63.159.147
http://51.161.64.200
http://51.210.69.65
http://51.250.37.171
http://51.250.8.242
http://51.38.92.34
http://51.91.193.177
http://62.109.0.205
http://62.109.1.128
http://62.109.1.226
http://62.109.10.87
http://62.109.12.97
http://62.109.13.12
http://62.109.15.235
http://62.109.16.69
http://62.109.17.127
http://62.109.2.209
http://62.109.2.36
http://62.109.20.14
http://62.109.21.205
http://62.109.23.37
http://62.109.25.235
http://62.109.26.135
http://62.109.27.119
http://62.109.27.237
http://62.109.28.158
http://62.109.28.7
http://62.109.30.213
http://62.109.30.9
http://62.109.31.158
http://62.109.31.200
http://62.109.31.35
http://62.109.4.67
http://62.109.5.198
http://62.109.5.68
http://62.109.5.72
http://62.109.8.21
http://62.109.8.37
http://62.109.9.201
http://62.113.110.142
http://62.113.118.176
http://62.113.96.135
http://62.217.176.20
http://62.84.97.90
http://64.225.102.136
http://65.109.63.235
http://65.21.251.86
http://77.246.158.136
http://77.246.158.191
http://77.246.158.205
http://77.55.208.121
http://77.73.131.144
http://77.73.131.194
http://77.73.133.58
http://77.73.133.75
http://77.91.124.246
http://77.91.68.78
http://77.91.77.179
http://78.24.216.186
http://78.24.218.129
http://78.24.219.249
http://78.24.220.207
http://78.24.220.74
http://78.24.221.170
http://78.24.222.67
http://78.24.222.9
http://78.24.223.39
http://78.24.223.53
http://79.110.52.107
http://79.124.56.6
http://79.137.196.92
http://79.137.202.179
http://79.174.12.172
http://79.174.12.29
http://79.174.13.54
http://80.66.64.164
http://80.66.79.39
http://80.66.79.5
http://80.66.79.51
http://80.78.241.48
http://80.78.247.142
http://80.78.251.115
http://80.85.142.179
http://80.87.192.227
http://80.87.192.58
http://80.87.194.58
http://80.87.194.76
http://80.87.196.100
http://80.87.196.254
http://80.87.197.225
http://80.87.198.211
http://80.87.198.76
http://80.87.199.172
http://80.87.199.19
http://80.87.200.238
http://80.87.201.177
http://80.87.201.178
http://80.87.202.58
http://80.87.202.7
http://80.87.202.92
http://81.19.140.16
http://81.200.152.41
http://82.115.223.17
http://82.115.223.92
http://82.146.33.148
http://82.146.34.194
http://82.146.34.244
http://82.146.35.75
http://82.146.38.48
http://82.146.41.71
http://82.146.42.247
http://82.146.43.104
http://82.146.43.67
http://82.146.45.68
http://82.146.45.7
http://82.146.46.170
http://82.146.46.51
http://82.146.47.144
http://82.146.48.150
http://82.146.48.223
http://82.146.48.233
http://82.146.49.100
http://82.146.52.151
http://82.146.52.198
http://82.146.52.200
http://82.146.52.217
http://82.146.53.241
http://82.146.54.148
http://82.146.54.219
http://82.146.55.100
http://82.146.55.21
http://82.146.56.217
http://82.146.56.24
http://82.146.56.83
http://82.146.58.86
http://82.146.59.136
http://82.146.59.195
http://82.146.60.81
http://82.146.61.207
http://82.146.62.116
http://82.146.63.142
http://82.148.30.111
http://83.136.232.133
http://83.136.232.155
http://83.136.232.228
http://83.136.232.237
http://83.136.232.25
http://83.136.233.84
http://83.220.168.32
http://83.220.168.58
http://83.220.170.162
http://83.220.172.137
http://83.220.172.179
http://83.220.173.110
http://83.220.173.145
http://83.220.173.194
http://83.220.175.103
http://83.220.175.138
http://84.32.190.8
http://85.192.41.4
http://85.192.63.166
http://85.193.80.152
http://85.31.46.137
http://86.110.212.160
http://87.236.146.103
http://87.251.77.205
http://88.210.9.215
http://89.107.10.225
http://89.108.102.163
http://89.108.115.110
http://89.108.76.178
http://89.108.81.97
http://89.108.88.227
http://89.185.85.200
http://89.208.142.177
http://89.23.110.215
http://89.23.97.43
http://89.23.97.74
http://89.41.182.81
http://91.151.88.63
http://91.201.112.111
http://91.209.226.36
http://91.219.62.158
http://91.227.113.154
http://91.240.84.249
http://91.240.86.94
http://91.242.229.77
http://91.243.59.65
http://91.245.227.34
http://92.255.107.243
http://92.53.71.105
http://92.63.101.174
http://92.63.101.82
http://92.63.102.68
http://92.63.103.35
http://92.63.104.181
http://92.63.104.237
http://92.63.104.240
http://92.63.104.30
http://92.63.104.47
http://92.63.104.96
http://92.63.106.232
http://92.63.106.249
http://92.63.106.6
http://92.63.107.12
http://92.63.192.101
http://92.63.192.33
http://92.63.96.83
http://92.63.97.118
http://92.63.97.158
http://92.63.97.168
http://92.63.97.36
http://92.63.99.234
http://94.103.81.144
http://94.103.81.146
http://94.103.81.174
http://94.103.82.132
http://94.103.92.207
http://94.124.78.86
http://94.131.96.44
http://94.142.142.6
http://94.23.190.57
http://94.250.249.169
http://94.250.250.160
http://94.250.252.221
http://94.250.252.243
http://94.250.253.4
http://94.250.254.158
http://94.250.254.199
http://94.250.254.43
http://94.250.254.50
http://94.250.255.214
http://94.250.255.250
http://95.142.43.115
http://95.143.179.155
http://95.163.233.217
http://95.214.53.31
http://95.217.99.28
102.140.196.34:3851
103.133.105.61:1338
103.133.105.61:8848
185.70.104.53:3861
194.26.229.33:85
209.151.144.77:443
91.193.75.139:5900
91.193.75.152:7196
91.193.75.175:9217
91.193.75.235:5900
91.193.75.244:5900
042832.clmonth.nyashteam.top
043659.clmonth.nyashteam.top
077147.clmonth.nyashteam.top
101583.clmonth.nyashteam.top
12342.clmonth.nyashteam.ru
12418.clmonth.nyashteam.ru
12748.clmonth.nyashteam.ru
14888.clmonth.nyashteam.ru
151-248-118-14.cloudvps.regruhosting.ru
158447.clmonth.nyashteam.top
16530.clmonth.nyashteam.ru
171304.clmonth.nyashteam.top
188726.clmonth.nyashteam.top
191151.clmonth.nyashteam.top
191191.cllt.nyashteam.top
194-58-107-59.cloudvps.regruhosting.ru
194-67-90-137.cloudvps.regruhosting.ru
198939.clmonth.nyashteam.top
2030.clmonth.nyashteam.ru
22865.clmonth.nyashteam.ru
22866.clmonth.nyashteam.ru
23457.clmonth.nyashteam.ru
23558.clmonth.nyashteam.ru
24820.clmonth.nyashteam.ru
24824.clmonth.nyashteam.ru
248706.clmonth.nyashteam.top
25066.clmonth.nyasht.ml
26150.clmonth.nyashteam.ru
273709.clmonth.nyashteam.top
28049.clmonth.nyashteam.ru
281429.clmonth.nyashteam.top
286216.clmonth.nyashteam.top
28747.clmonth.nyashteam.ml
29035.clmonth.nyashteam.ru
310246.clmonth.nyashteam.top
32589.clmonth.nyashteam.ml
32589.clmonth.nyashteam.ru
32836.clmonth.nyashteam.ru
336522.clmonth.nyashteam.top
33811.clmonth.nyashteam.ru
33866.clmonth.nyashteam.ru
341560.clmonth.nyashteam.top
344968.clmonth.nyashteam.top
34843.clmonth.nyashteam.ru
34845.clmonth.nyashteam.ru
349733.clmonth.nyashteam.top
355969.clmonth.nyashteam.top
37-140-195-166.cloudvps.regruhosting.ru
372260.clmonth.nyashteam.top
384445.clmonth.nyashteam.top
39841.clmonth.nyashteam.ru
40211.clmonth.nyashteam.ru
403267.clmonth.nyashteam.top
41028.clmonth.nyashteam.ru
43425.clmonth.nyashteam.ml
456445.clmonth.nyashteam.top
468840.clmonth.nyashteam.top
471120.clmonth.nyashteam.top
481372.clmonth.nyashteam.top
48808.clmonth.nyashteam.ru
48944.cllt.nyashteam.top
49856.clmonth.nyashteam.ml
51165.clmonth.nyashteam.top
525803.clmonth.nyashteam.top
55441.clmonth.nyashteam.ru
55555.clmonth.nyashteam.ml
561706.clmonth.nyashteam.top
58261.clmonth.nyashteam.ru
583848.clmonth.nyashteam.top
58561.clmonth.nyashteam.ru
5b5t.servegame.com
618239.clmonth.nyashteam.top
61839.clmonth.nyashteam.ru
64198.clmonth.nyashteam.ml
64372.clmonth.nyashteam.ru
64714.clmonth.nyashteam.ru
66223.clmonth.nyashteam.ru
66444.cllt.nyashteam.top
669731.clmonth.nyashteam.top
670880.clmonth.nyashteam.top
677710.clmonth.nyashteam.top
684386.clmonth.nyashteam.top
686084.clmonth.nyashteam.top
707731.clmonth.nyashteam.top
71902.clmonth.nyashteam.ru
72606.clmonth.nyashteam.ru
75419.clmonth.nyashteam.ru
76427.clmonth.nyashteam.top
76429.clmonth.nyashteam.top
76834.clmonth.nyashteam.ml
777233.clmonth.nyashteam.top
7fc3460091094336a2af4e71b7590b6e.ru
802560.clmonth.nyashteam.top
802772.clmonth.nyashteam.top
809212.clmonth.nyashteam.top
81888.cllt.nyashteam.ru
81888.cllt.nyashteam.top
82607.clmonth.nyashteam.ru
82881.clmonth.nyashteam.ru
83107.clmonth.nyashteam.ru
834532.clmonth.nyashteam.top
852543.clmonth.nyashteam.top
871356.clmonth.nyashteam.top
87550.clmonth.nyashteam.ru
88225.cllt.nyashteam.ru
88300.clmonth.nyashteam.ru
88314.cllt.nyashteam.top
88730.clmonth.nyashteam.ru
888888.cllt.nyashteam.top
896447.clmonth.nyashteam.top
90465.clmonth.nyashteam.ml
904927.clmonth.nyashteam.top
91898.clmonth.nyashteam.ru
93404.clmonth.nyashteam.ru
947425.clmonth.nyashteam.top
948166.clmonth.nyashteam.top
956787.clmonth.nyashteam.top
95892.clmonth.nyashteam.site
982918.clmonth.nyashteam.top
9837.cllt.nyashteam.ru
98612.clmonth.nyashteam.ru
98765.clmonth.nyashteam.ru
98875.clmonth.nyashteam.ru
989673.clmonth.nyashteam.top
99099.clmonth.nyashteam.ml
99944.clmonth.nyashteam.ru
a-plague-tale.top
a0561607.xsph.ru
a0561978.xsph.ru
a0562386.xsph.ru
a0562792.xsph.ru
a0566780.xsph.ru
a0567317.xsph.ru
a0582236.xsph.ru
a0594391.xsph.ru
a0603308.xsph.ru
a0613321.xsph.ru
a0615510.xsph.ru
a0632115.xsph.ru
a0632804.xsph.ru
a0635682.xsph.ru
a0638710.xsph.ru
a0639268.xsph.ru
a0639896.xsph.ru
a0642012.xsph.ru
a0642085.xsph.ru
a0642285.xsph.ru
a0643725.xsph.ru
a0643994.xsph.ru
a0646475.xsph.ru
a0647213.xsph.ru
a0648010.xsph.ru
a0653501.xsph.ru
a0655106.xsph.ru
a0656330.xsph.ru
a0678146.xsph.ru
a0682348.xsph.ru
a0684190.xsph.ru
a0689393.xsph.ru
a0693837.xsph.ru
a0694489.xsph.ru
a0694602.xsph.ru
a0697183.xsph.ru
a0697279.xsph.ru
a0698517.xsph.ru
a0699063.xsph.ru
a0701472.xsph.ru
a0702131.xsph.ru
a0702220.xsph.ru
a0702895.xsph.ru
a0703811.xsph.ru
a0705512.xsph.ru
a0706778.xsph.ru
a0706896.xsph.ru
a0707468.xsph.ru
a0709203.xsph.ru
a0709573.xsph.ru
a0712169.xsph.ru
a0712674.xsph.ru
a0713666.xsph.ru
a0717143.xsph.ru
a0719318.xsph.ru
a0723621.xsph.ru
a0724768.xsph.ru
a0728179.xsph.ru
a0728273.xsph.ru
a0728298.xsph.ru
a0729054.xsph.ru
a0729543.xsph.ru
a0730110.xsph.ru
a0730393.xsph.ru
a0730546.xsph.ru
a0730923.xsph.ru
a0736143.xsph.ru
a0739347.xsph.ru
a0741539.xsph.ru
a0744037.xsph.ru
a0756235.xsph.ru
a0756488.xsph.ru
a0758190.xsph.ru
a0761206.xsph.ru
a0761701.xsph.ru
a0761996.xsph.ru
a0764072.xsph.ru
a0765835.xsph.ru
a0769200.xsph.ru
a0771106.xsph.ru
a0772555.xsph.ru
a0776567.xsph.ru
a0780562.xsph.ru
a0784310.xsph.ru
a0787727.xsph.ru
a0788683.xsph.ru
a0794138.xsph.ru
a0794203.xsph.ru
a0802004.xsph.ru
access.samp-loader.ru
app.squidgame.to
armannl5.beget.tech
barsukk676.duckdns.org
battletw.beget.tech
bigboxt5.beget.tech
bksdk.jsonwf.pw
blamblambla.cyberhost.ml
blockchainc.us
blockchainsync.us
bunkovb3.beget.tech
ca04510.tw1.ru
ca50999.tmweb.ru
ca69244.tw1.ru
cb93602.tw1.ru
cd44093.tmweb.ru
ce30512.tmweb.ru
ce48662.tmweb.ru
cf90664.tmweb.ru
ch14079.tmweb.ru
chamilqn.beget.tech
cheathub.space
cheatinghub.com
ck43536.tmweb.ru
ck44758.tw1.ru
cm07739.tmweb.ru
cm71694.tw1.ru
cm87547.tw1.ru
cm97018.tmweb.ru
cortez.cyberhost.ml
cp48625.tmweb.ru
cs78629.tmweb.ru
csomundibash.ru
cu59983.tw1.ru
cv44623.tw1.ru
cw31476.tw1.ru
cw55706.tw1.ru
cx15642.tmweb.ru
cz09685.tw1.ru
cz81401.tw1.ru
darksrystalryk.com.swtest.ru
david79t.beget.tech
dcbiorlov.shop
dcmobina.duckdns.org
dcrat.host
ddergaixyi.site
devil137.ru
domain2424242.ru.host1855822.serv80.hostland.pro
domdain2.co.vu
duhgfb6e.beget.tech
e908170j.beget.tech
era-paradise.ru
expl01t.tk
f0571616.xsph.ru
f0629544.xsph.ru
f0633137.xsph.ru
f0639494.xsph.ru
f0653783.xsph.ru
f0681920.xsph.ru
f0713677.xsph.ru
f0715481.xsph.ru
f0772589.xsph.ru
f0786544.xsph.ru
fioradro.cyberhost.cf
forusualworkwithpeople.space
funnym78.beget.tech
furiosgr.isp26.admintest.ru
g35hn83489.tmweb.ru
h158013.srv16.test-hf.su
h162295.srv13.test-hf.su
h162345.srv12.test-hf.su
haivo.co.zw
haskers.ru
hesoyam.space
imhaacja.beget.tech
jokerkqc.beget.tech
kadyeri.cyberhost.cf
kasikkar.beget.tech
kykelone.cyberhost.ml
kyrainkg.beget.tech
l96588w5.beget.tech
leshaed5.beget.tech
limfunsto.site
lkofkkkkfkjjsfh.drive-35.ru
lubluabobu.com
marspaste.com
metacryptobot.com
msmpeng.cyberhost.ml
n953700o.beget.tech
nestell.cyberhost.ml
neverchurka.ml
newdfhfgdjmfgjm.store
nftbanger.ru
nikitabon2.temp.swtest.ru
nulledgames.fun
pashkis.beget.tech
phoenass.cyberhost.ml
play-varryal.online
policefbr.linkpc.net
portfolioksk.xyz
rapidtestdr.com
rfewkfnr234.cf
s18senfg.beget.tech
sashaplays5.ru.com
sdwasdwads.tk
shrekforever.tk
softportal.tk
soubmaag.beget.tech
srv174492.hoster-test.ru
svinlasf.ru
tcp.viewdns.net
tomattolittle.su
trenbalon.cyberhost.ml
u1174726leb.ha004.t.justns.ru
u13794788m.ha003.t.justns.ru
u1638884.plsk.regruhosting.ru
u1721466.trial.reg.site
ulihkapc.beget.tech
universalwordpress.site
usehvhgf.beget.tech
vaynhaqt.beget.tech
vbhfghgfjjfgd.online
vkggttin.beget.tech
vlaadblp.beget.tech
whatipedia.org
windowsign.theworkpc.com
wp.banjaro.de
xxhdftgjftgkjfgk.site
y5z2870c.beget.tech
ya-ebal-reg-ru-v-rot.site
yadrochy.ru.com
ytdjfugjwtruykjhgf.sytes.net
zamineserver.online
zebra1987.fvds.ru
zorz1337.xyz

# Reference: https://www.virustotal.com/gui/file/544248eab18c06346bb6819c0763ba2ed7a7f89fc98ae37e7b74e21f2393dcbb/detection

a0684985.xsph.ru
/providerpollPackettemp.php

# Reference: https://twitter.com/crep1x/status/1638596454087368708
# Reference: https://www.virustotal.com/gui/file/7606edcf0491794b631f9aaf1a7e34fd0960e542d30614b562c8423afc86e2c1/detection

nyvhpww3.beget.tech
/dc/apiMultitemp.php

# Reference: https://www.virustotal.com/gui/file/04f46cc5cc7dfab4b587bedd1663d868b9c6c53998dccfbbff7594a8cab4bcf7/detection

http://37.46.130.3

# Reference: https://www.virustotal.com/gui/file/ebdf74f5b6e0b49bdb471dc9c908c5b741ed113049744328af8f73aec4f57b67/detection

http://195.123.246.86

# Reference: https://www.virustotal.com/gui/file/930261f96fe4393d9e4bef23d4eb932b33d1f0f957d9483f6da2dca3767f750b/detection
# Reference: https://www.virustotal.com/gui/file/8cafad64caf5dcac0117b5bd535782280375ea68eb28be0d8421f61b03e2c641/detection

/LinejavascriptDb.php

# Reference: https://www.virustotal.com/gui/file/0aca0b24374538efda88f17bbe3ed4d0adcb9c361552af5b45d83d858b253dbd/detection

http://62.109.15.166

# Reference: https://blog.bushidotoken.net/2023/05/fake-steam-desktop-authenticator-app.html

gllthub.com
glthub.org
gthub.org
steamauthenticator.net
steamdesktopauthenticator.net
steamdesktopauthenticator.org
steamdesktopauthenticator.ru

# Reference: https://www.virustotal.com/gui/file/2d2211d9266e7080e6e12d150829935a3f0794e4d499199f9c7480de02b458d7/detection

http://141.95.84.40

# Reference: https://www.virustotal.com/gui/file/b31c082dea750e9be6e1cf866efaef2c129e836c5db54198089a8745c79a4569/detection

173.44.50.86:7788
flugrekorder.duckdns.org

# Reference: https://www.virustotal.com/gui/file/6a8ea9c4a9200f1dc374e7a60ffaf6ac6399bccf17eeb3c0c7ebe047ee9e6843/detection
# Reference: https://www.virustotal.com/gui/file/a16465e149e3d655f042fe17721a93f54c9db0ce45cc09b7152fbd4710f71b78/detection
# Reference: https://www.virustotal.com/gui/file/aa44b193e2eb0046c55dc1a78fed298c361f06835256504ff42db39c5692df10/detection

20.200.63.2:2525
asegurarq.duckdns.org
envio2023junio.duckdns.org
hjgeuyiohfkjsdfhgiwe.duckdns.org

# Reference: https://www.virustotal.com/gui/file/f1e5829e0f9473127d72559e3f811dcb5158d22e09eb4925ef27c7ada864fe6f/detection

191.89.243.236:4242
moneymaker.dynuddns.net

# Reference: https://www.virustotal.com/gui/file/df7a8962331cc5a23cd13744420aa91547cfc085950d22ab1b7e4f298b2ee0ab/detection

179.13.3.110:2356
promotores14.duckdns.org

# Reference: https://www.virustotal.com/gui/file/7b1bb2682a37f2a3f5aa1de69eed5ba5b44debe322b0409ce261492751c01f5f/detection
# Reference: https://www.virustotal.com/gui/file/db56ca34b934ee56d33478d16413a49d78a7671fd92c9a7a9444c48469030520/detection

179.13.3.110:7575
neweraimporta1.duckdns.org
newroda2023.duckdns.org

# Reference: https://www.virustotal.com/gui/file/6c64cb817eb68c8fd0f051b00fcb20a0a28e26062d06eebe2502d8e8077c6116/detection

74.119.194.154:2060
distributework.theworkpc.com

# Reference: https://www.virustotal.com/gui/file/eb61309bd790110928277bed37961dbd7dfd8360286c670fbc100fd0c4623c32/detection

52.152.223.228:8848
newforting.duckdns.org

# Reference: https://www.virustotal.com/gui/file/b5a07ffef279e824561d2fb7c6f3f8f2ce86f8fd407fd091820fa35f4dc3a99a/detection

185.106.93.148:2020

# Reference: https://www.virustotal.com/gui/file/f0708715c7c8fbd9e77083048adf331c8be83a2049863a8e71cbf63353ab45a0/detection

154.29.75.191:2027
avsdefender.giize.com

# Reference: https://twitter.com/drb_ra/status/1683550086104489985

191.101.3.50:8848

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-07-25)

http://109.172.83.121
http://113.30.150.52
http://138.128.242.147
http://149.154.64.92
http://159.89.232.82
http://176.37.97.210:81
http://178.250.156.210
http://185.112.144.202
http://185.146.156.56
http://185.146.157.245
http://185.146.157.98
http://185.20.227.154
http://185.43.4.203
http://185.46.46.139
http://188.120.226.231
http://188.120.227.150
http://188.120.233.131
http://188.120.233.146
http://188.120.233.42
http://188.120.236.114
http://188.120.251.253
http://188.225.58.206
http://188.225.58.220
http://193.124.92.72
http://193.233.164.54
http://194.26.229.33:85
http://194.58.92.23
http://212.109.194.187
http://212.109.195.44
http://212.109.199.150
http://212.224.113.92
http://217.144.103.26
http://217.196.96.4
http://31.41.221.82
http://37.230.116.57
http://37.46.129.39
http://37.46.134.225
http://45.12.238.157
http://45.140.147.214
http://45.153.68.9
http://45.8.230.157
http://45.91.8.171
http://46.149.77.33
http://46.175.146.110
http://5.161.143.111
http://5.252.118.26
http://5.42.65.49
http://62.109.12.5
http://62.109.17.54
http://62.109.22.191
http://62.109.27.71
http://62.109.7.0
http://62.113.96.239
http://77.73.131.120
http://77.91.72.151
http://79.132.140.15
http://79.137.202.118
http://79.137.207.211
http://80.78.251.51
http://80.87.192.174
http://80.90.185.107
http://82.146.36.3
http://82.146.43.250
http://82.165.114.107
http://83.220.174.44
http://89.185.85.106
http://89.191.228.213
http://89.23.96.74
http://89.23.97.153
http://92.255.107.38
http://92.51.36.155
http://92.63.107.224
http://92.63.189.63
http://92.63.193.111
http://92.63.193.81
http://92.63.97.185
http://94.131.112.154
1.165.96.128:4480
1.242.139.44:8848
103.144.148.219:8080
103.146.78.130:8848
103.170.118.35:8848
103.186.108.229:14567
103.186.108.229:8848
104.219.234.167:8848
109.195.94.247:8848
111.229.139.47:8848
112.213.98.87:8848
120.78.151.171:7777
120.78.151.171:7788
124.72.246.78:6079
134.255.216.148:80
139.180.143.50:8848
141.95.84.40:112
142.202.242.168:8848
142.202.242.168:9898
144.126.230.14:102
144.126.230.14:1111
144.126.230.14:6666
154.53.42.53:8848
172.111.236.107:8848
172.94.103.171:8848
177.255.88.252:5022
179.43.154.184:8888
179.61.251.188:8848
185.225.18.110:2100
185.241.208.121:9898
185.246.222.117:8000
191.101.3.50:8848
192.99.10.207:8848
193.42.32.159:8848
194.26.192.203:5050
194.59.31.109:8848
194.87.218.64:8818
194.87.218.64:8828
194.87.218.64:8878
20.199.73.159:1024
20.216.162.185:1024
20.216.165.135:1024
20.216.178.113:1024
20.223.128.97:1337
206.238.221.30:8848
209.25.142.180:5569
3.6.30.85:10048
34.92.66.146:8848
37.18.62.18:8060
37.187.222.230:8848
38.242.139.217:8848
40.114.223.144:1337
40.87.50.159:1337
41.62.221.74:90
43.243.111.229:8848
45.144.154.62:1938
45.74.7.10:8848
45.77.175.130:8848
45.77.34.211:8686
45.77.34.211:8848
45.77.34.211:9999
45.92.1.155:8848
45.95.19.170:8848
45.95.19.172:8848
45.95.19.173:8848
45.95.19.174:8848
46.23.96.131:8848
47.106.131.255:8848
47.254.75.102:4444
5.178.3.191:8848
52.186.31.169:1337
64.176.43.239:8848
64.44.166.203:8848
77.92.154.211:1337
83.229.83.102:1337
87.121.221.220:8848
89.211.209.74:8080
89.23.101.37:1337
89.23.96.202:8838
91.227.113.154:12345
91.227.113.154:8848
94.124.192.220:8848
95.179.128.208:8080
95.179.128.208:8081
95.179.128.208:8089
95.214.26.63:6666
95.214.26.63:9595
001600.clmonth.nyashteam.top
055561.clmonth.nyashteam.top
067445.clmonth.nyashteam.top
073910.clmonth.nyashteam.top
080138.clmonth.nyashteam.top
089240.clmonth.nyashteam.top
100879.clmonth.nyashteam.top
109736.clmonth.nyashteam.top
140487.clmonth.nyashteam.top
149688.clmonth.nyashteam.top
181770.clmonth.nyashteam.top
204949.clmonth.nyashteam.top
2372261.clmonth.nyashteam.top
238533.clmonth.nyashteam.top
259773.clmonth.nyashteam.top
2681291.im499886.web.hosting-test.net
268669.clmonth.nyashteam.top
306806.clmonth.nyashteam.top
333201.clmonth.nyashteam.top
375099.clmonth.nyashteam.top
495315.clmonth.nyashteam.top
507447.clmonth.nyashteam.top
5103017.lmonth.whiteproducts.ru
510922.clmonth.nyashteam.top
521187.clmonth.nyashteam.top
531810.clmonth.nyashteam.top
562620.clmonth.nyashteam.top
63120m.dccr.ru
638041.clmonth.nyashteam.top
641309.clmonth.nyashteam.top
642838.clmonth.nyashteam.top
679449.clmonth.nyashteam.top
697484.clmonth.nyashteam.top
726267.clmonth.nyashteam.top
736036.cllt.nyashteam.top
744392.cllt.nyashteam.top
759053.clmonth.nyashteam.top
76428.clmonth.nyashteam.top
766698.clmonth.nyashteam.top
767884.clmonth.nyashteam.top
798839.clmonth.nyashteam.top
846901.clmonth.nyashteam.top
86120.clmonth.nyashteam.ru
867280.clmonth.nyashteam.top
870825.clmonth.nyashteam.top
882703.clmonth.nyashteam.top
892549.clmonth.nyashteam.top
9463949.clmonth.whiteproducts.ru
965092.clmonth.nyashteam.top
97528733.clmonth.whiteproducts.ru
976400.clmonth.nyashteam.top
999309.clmonth.nyashteam.top
999593.clmonth.nyashteam.top
999952.clmonth.nyashteam.top
a0574458.xsph.ru
a0578993.xsph.ru
a0689699.xsph.ru
a0761798.xsph.ru
a0784312.xsph.ru
a0797197.xsph.ru
a0806752.xsph.ru
a0818759.xsph.ru
a0828600.xsph.ru
a0837236.xsph.ru
a0839223.xsph.ru
askeas8d.beget.tech
bookintosh.com
cb38900.tw1.ru
cc69539.tw1.ru
cd67644.tw1.ru
cg56646.tw1.ru
cl30608.tw1.ru
cl80747.tmweb.ru
cn64382.tw1.ru
co73949.tw1.ru
cr48644.tw1.ru
cs20502.tw1.ru
cs33412.tw1.ru
cv57372.tw1.ru
cw52314.tw1.ru
cy34693.tw1.ru
cy87237.tw1.ru
cz61643.tw1.ru
cz82964.tw1.ru
cz89769.tw1.ru
dreadhack.ru
i93035tu.beget.tech
kapibarka1337.kriptnhosting.ru
legend92.beget.tech
pococox.cc
ssoo1451.ddns.net
tcp.viewdns.net
vikselr4.beget.tech
vm654.loyal.sclad.network
web3174.craft-host.ru

# Reference: https://www.virustotal.com/gui/file/995904e555328bd1cdb5d04a370140fe247a8d05aa6e5b150696a2bb503ebdac/detection

10788m.dccr.ru

# Reference: https://www.virustotal.com/gui/file/f4f3d7fb398aa690d3922b26560655e3f040d606c1afa7210d36ff289bee5ee6/detection

21102m.dccr.ru

# Reference: https://www.virustotal.com/gui/file/e61fe1036cbbbc67cdd99dc094b13f1f12c3b9c29dd5054f5a33587b00d68fb0/detection

41030m.dccr.ru
48576m.dccr.ru

# Reference: https://www.virustotal.com/gui/file/4577ac39b54ab8fc029612fa4331388a6d6ebff0a7807b2224f130382ee40376/detection

60154m.dccr.ru

# Reference: https://www.virustotal.com/gui/file/3ff4bdcdb466656d9acbef32f9c022ccd9585531c4ede71f6830492681036000/detection

84688m.dccr.ru

# Reference: https://www.virustotal.com/gui/file/201d813f62d133d4112916355c1b73a258f137ff86d1b5a2eb5fe3239d2b2c5f/detection

190.211.255.106:9049
60057m.dccr.ru

# Reference: https://www.virustotal.com/gui/file/7fc956e918b4b5c29acede00f02e8d4e3ceeafcb318bbe23727372c19d6324fb/detection

61462m.dccr.ru

# Reference: https://www.virustotal.com/gui/file/8d1690fa7843bce0c255dbe02e3927936d97d45424f33eefee876de06fbdfc07/detection

60894m.dccr.ru
61124m.dccr.ru

# Reference: https://www.virustotal.com/gui/file/fcdeb5ef7fd326bd5d6d34405eae0958d07e95ccf5c5dda01f0e60fdcb9c63ab/detection

emprendimientolaboral2.duckdns.org

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-07-28)

http://78.141.213.103
172.94.103.16:8848
188.132.197.104:8848
a0832838.xsph.ru
cm32236.tw1.ru
imhaacwo.beget.tech
/imagephpSqlgeneratortemporary.php
/Jsvoiddbrequestpipe/0http/Temporarytest6Cdn/RequestServerMultiDefaultcdn.php
/Jsvoiddbrequestpipe/0http/Temporarytest6Cdn/
/Jsvoiddbrequestpipe/0http/
/Jsvoiddbrequestpipe/
/Temporarytest6Cdn/
/RequestServerMultiDefaultcdn.php

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-07-30) 

103.38.83.176:8848
176.96.137.221:2000
216.83.38.252:8848
45.12.221.10:8848
45.32.74.105:8848
52.152.223.228:1080
211450cm.nyashtyan.top
942980cm.nyashtyan.top
a0708223.xsph.ru
a0844030.xsph.ru
cr50765.tw1.ru

# Generic trails

/DCRS/dsock/
/DCRS/index.php
/DCRS/main.php
/ExternalDbtesttrack.php
/externalLowgeotrack.php
/externalVideoBasetest.php
/lineTosecureapi.php
/packetlowcpuProtect.php
/PipePacketDbLinuxFlower.php
/PollGameServerUniversal.php
/videoToLowtest.php
/212bad81b4208a2b412dfca05f1d9fa7.php
/2d02004c59e9a1f5d7d2a313711996eaafd017e3.php
/56743785cf97084d3a49a8bf0956f2c744a4a3e0.php
/fd1845d9489997784fcdca5feff97ba2a4cb81e5.php
/akcii239myzon0xwjlxqnn3b34w/
/46kqbjvyklunp1z56txzkhen7gjci3cyx8ggkptx25i74mo6myqpx9klvv3/
/ksezblxlvou3kcmbq8l7hf3f4cy5xgeo4udla91dueu3qa54/
/98ylfy7k5pip6yuvr84qv7jb9v/
/r28anfb76lulvjxx7mdxcxa1yz7jfvt4pi5njv7ekeqrnmfh3vaic2y1rd3i488ah0uvo/
/jyba2srpuv77j5f41hv215o9m7czm84v8i9dt30tb2ntgrw45xoojrhukd606vtla3xdbx0xqppwczn/
/f5b75b6939d095db0eaf37fdfecac963030f7aa1.php
/g8vsjcvnifd9gvlbbyb1ucmozewmyptloe5coey74juv1p1r0s/
/wih70f23q9voven47mcjf9q/
/c596a246010ddf201f7264927e5c39b8d20eba79.php
/98ylfy7k5pip6yuvr84qv7jb9v/
/r28anfb76lulvjxx7mdxcxa1yz7jfvt4pi5njv7ekeqrnmfh3vaic2y1rd3i488ah0uvo/
/e59293a35848addcc181d5a0ab38266868d77ff4.php
/2nwsr5yiv4oi4zfjoduq2ettv6rwkao/
/e5qx69ffszv9vbudkm/
/d6d4cbd9296a555615601b85dedaceaffd7120b5.php
/9rf1tdedhn5u6lrzm79afxj0gl48tstycq2szp8/
/1ce78a902db7a61523b13afcb20d91f8.php
/rb7u7g360qkxfkhcd/
/8e6k8lyhijw1y8aehkxbkytcoligdz2xc6pzmg49frcndn2kd63ejjrfnqwf6xsw9mo74ly5tr5i15m0z1acma4/
/44ab0bfd824936290de450263b2aaa06b01412a9.php
/38ad2f43f6b9c1367674eb1b7f1db337.php
/hyhwe8lxnty/j07u3xb0zwfka8ohvggymgmz/8d62d1a2a79fe42b5a214943336f449f2c83f18d.php
/hyhwe8lxnty/j07u3xb0zwfka8ohvggymgmz/
/hyhwe8lxnty/
/j07u3xb0zwfka8ohvggymgmz/
/8d62d1a2a79fe42b5a214943336f449f2c83f18d.php
/c76ae15161b4078c040462271a89caa06686cf38.php
/twwhd4iu597yifaawuodsmuedbq3vm4754g8nko19l8rgk3f24jklz3ynngosa6q6jtx0gmb5l1vpps5zcit6pzt/
/og7th0bl0euzfxawae8yx/zm4lw7zacc7uxbb52b5p11up338yia5q6/207d160bdae62c6cd38c8d66bad1e59246befd46.php
/og7th0bl0euzfxawae8yx/zm4lw7zacc7uxbb52b5p11up338yia5q6/
/og7th0bl0euzfxawae8yx/
/zm4lw7zacc7uxbb52b5p11up338yia5q6/
/207d160bdae62c6cd38c8d66bad1e59246befd46.php
/7Voiddb8Image/VmToJsTrackCentral.php
/7Voiddb8Image/
/VmToJsTrackCentral.php
