# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: darkcrystalrat, LightStone

# Reference: https://www.mandiant.com/resources/blog/analyzing-dark-crystal-rat-backdoor
# Reference: https://twitter.com/James_inthe_box/status/1178275531692756992
# Reference: https://app.any.run/tasks/01a715ca-6a34-4350-b3ba-d1daae1e3d16/

domalo.online
/ksezblxlvou3kcmbq8l7hf3f4cy5xgeo4udla91dueu3qa54/46kqbjvyklunp1z56txzkhen7gjci3cyx8ggkptx25i74mo6myqpx9klvv3/akcii239myzon0xwjlxqnn3b34w
/ksezblxlvou3kcmbq8l7hf3f4cy5xgeo4udla91dueu3qa54/46kqbjvyklunp1z56txzkhen7gjci3cyx8ggkptx25i74mo6myqpx9klvv3/
/ksezblxlvou3kcmbq8l7hf3f4cy5xgeo4udla91dueu3qa54
/46kqbjvyklunp1z56txzkhen7gjci3cyx8ggkptx25i74mo6myqpx9klvv3
/akcii239myzon0xwjlxqnn3b34w

# Reference: https://twitter.com/wwp96/status/1331059269089816581
# Reference: https://app.any.run/tasks/442534bd-e3db-4ba0-97c2-152d3a16c137/

http://91.240.84.166

# Reference: https://tccontre.blogspot.com/2019/10/dcrat-malware-evades-sandbox-that-use.html
# Reference: https://www.virustotal.com/gui/file/8d41d5131fac719cc11823fb57bef9ef1ea063dbb8f52b235a3948bece039d95/detection

80.87.202.63:25998
178.21.11.90:25998
hfjdhfgrhfnghvng.ru

# Reference: https://twitter.com/JAMESWT_MHT/status/1214876191699681280
# Reference: https://app.any.run/tasks/0a749c4f-0aad-40ab-9bbe-2a703f180eef/

bores.xyz

# Reference: https://app.any.run/tasks/e053d130-71e5-4a7d-936b-ac5b9d2b0129/

oxijoinedsite.site

# Reference: https://app.any.run/tasks/afef48e7-1724-4e27-95c6-580bf1a4c9a4/

city-pub-crawl.su

# Reference: https://app.any.run/tasks/eb847bb3-9a46-4401-992c-85e6f0b0e70f/

changer-esp.ml

# Reference: https://app.any.run/tasks/337e173e-b66c-4a94-96cd-5416c9322e28/

qiwi-api.site

# Reference: https://app.any.run/tasks/0017619a-c449-4827-9595-a781e34a295d/

kkkwdfea.tk

# Reference: https://app.any.run/tasks/7c5d1379-6d4a-495b-8dc1-3fc0b057fa65/

nistrype.fun

# Reference: https://app.any.run/tasks/41df6b91-87a2-4e07-8b4b-3b0afafff205/

never-project.hhos.ru

# Reference: https://app.any.run/tasks/6661b475-c9d1-42b4-bb6a-f864aa086973/

a0365369.xsph.ru

# Reference: https://app.any.run/tasks/346f1108-88cc-4374-bcf4-e613759e111e/

flextem.000webhostapp.com

# Reference: https://app.any.run/tasks/dea60c48-0c60-4338-ba69-9b858760ad68/

beepn.pw

# Reference: https://app.any.run/tasks/23a59334-0db7-40fa-922a-81eab53a20d9/

f0313002.xsph.ru

# Reference: https://app.any.run/tasks/53d78c4b-a003-4af6-9bf0-e3e1155b8ee0/

a0388296.xsph.ru

# Reference: https://app.any.run/tasks/58136f06-a6ed-403e-b16f-9076f37f9ec3/

a0387063.xsph.ru
myhostforlic.ucoz.ru

# Reference: https://app.any.run/tasks/dc26d9b1-dd74-4cc4-8d0e-ef4f3e0e9adf/

vkgroup.tk

# Reference: https://app.any.run/tasks/c97cf5dd-781d-4eb9-8d95-a8829393f80d/

a0315266.xsph.ru

# Reference: https://app.any.run/tasks/f09df457-25de-454e-b10a-5073b48989a3/

sdfsdgafghaetg.tk

# Reference: https://twitter.com/jorgemieres/status/1255866190771167236
# Reference: https://www.virustotal.com/gui/domain/logins.kl.com.ua/relations
# Reference: https://app.any.run/tasks/8696e015-2f09-4d96-b6eb-ef6df4dabfee/

logins.kl.com.ua

# Reference: https://app.any.run/tasks/ee26c21e-b96c-4533-993f-9d91ffb2a514/

cv36917.tmweb.ru

# Reference: https://www.fireeye.com/blog/threat-research/2020/05/analyzing-dark-crystal-rat-backdoor.html
# Reference:https://www.virustotal.com/gui/file/98d0e41701388f1fe202fbabac1fa628a110e8db27737009014774a9e761463c/detection

dcrat.ru

# Reference: https://app.any.run/tasks/cb6c1c2e-40e3-424c-9e4e-85125736d328/

ajci.tk

# Reference: https://app.any.run/tasks/f98f9ffa-6ece-4185-a3eb-0d33d5ed0449/

a0457406.xsph.ru

# Reference: https://app.any.run/tasks/2272828d-9756-44f6-afa1-c87913bcddd5/

http://212.109.221.247

# Reference: https://www.virustotal.com/gui/file/c1e705ce5ea1f84af3557d0bd10eefbbdd81fa4ddf6b4c0a51de1a34ab59e327/detection

a0461492.xsph.ru

# Reference: https://www.virustotal.com/gui/file/1fe6f6deb80bff8019cf443e4c0be1fe9c9cf585404428cbe145b673441b9598/detection

tereshyd.beget.tech

# Reference: https://www.virustotal.com/gui/file/220713be75f67da3ee73406c8a4c2f53b3a92126d5ef73b3dd193017f3826e94/detection

web75.craft-host.ru

# Reference: https://www.virustotal.com/gui/file/73dc0dcdf3a15bfefb1c438fff7ee729f4e35d7ecfab2b76558eabfd7944fc6f/detection

srv166785.hoster-test.ru

# Reference: https://www.virustotal.com/gui/file/203cf853c60be3985c25ce7798e155210a2b128185e5715322eb43171b25c4fa/detection

srv164667.hoster-test.ru

# Reference: https://app.any.run/tasks/535fce56-9ae0-4d8c-a033-ef78e03d2ef9/

ct10840.tmweb.ru

# Reference: https://app.any.run/tasks/289ab4e6-5a3e-46c6-8d29-49098990a9b7/

/eej32n40olfi20gqv0apdzk5x3wecwc2576rorvdmpsyt61rxmmgr6qp/

# Reference: https://app.any.run/tasks/c40ac2ec-986f-4b17-a83f-684149c31038/

/2jvhfu93ja1n5ef28yjwh8197xp0tbm6zegu2en75wti6hta/

# Reference: https://app.any.run/tasks/5f9bd8e6-6910-4216-95ba-7ad1af291b74/

/pgofzftnelhu53gj7qbwil2vo/
laserink.beget.tech

# Reference: https://twitter.com/wwp96/status/1335668703967539202
# Reference: https://app.any.run/tasks/d5eb72ee-af60-45c0-9ec2-17f0c34adc01/

http://185.189.12.125
/m1tjns1b229pczehyub8swfc3kzugkrrqbt6yx3c4xa8snig212irqznd90h9d6w6vjvu1m0yal4/
/wpz36jbvcq4syjrqjprito1r8ck12ui20ib5a40k8fmy7p49xk5yqxgnz/
/2e70bbdf534a47f9cc68a16122290cad65b3ed05.php

# Reference: https://twitter.com/wwp96/status/1335690053482405889
# Reference: https://app.any.run/tasks/8cb6c05f-a11e-40b4-9e7a-2ac14f04cd22/

http://212.109.216.114
/wmu7nzj48bdc5sfsivxxqwbhwvytre7ez/
/ramh92gnmgzspukfiow6z3w4k0syktrjibaovdmcgqze53rv3d1h85hs16t5jnjdcbefq1qi76n4poo8cf/
/dcbb3f0abca3117648fdcab13b68e1162ddbc275.php

# Reference: https://app.any.run/tasks/a6cff01f-a7aa-4180-b155-54ed2bd998be/

http://62.109.27.122
/ecxhnnthpytusqif0j9x7534rmz/
/nbszeoiml6wssgfpdtjbla9r8q59xcgphsft1cks7ru041oe9u5vijm0zclyz64eh2rdj7/
/1272d9d3e244604153265cb97db3c19ba1f2d7f5.php

# Reference: https://app.any.run/tasks/c19f8094-f2ff-4e49-98e3-ef1430e152e9/

http://82.146.57.28
/1841jr7loo9itlriycjs137kkurmub6gy4fgve85wej6p9cwzht/
/6nai20vl9ol9cpx4ugfqtzpgnh2q/
/53e88c7cd6f237543ef0b0cb52d775b7d583f83a.php

# Reference: https://app.any.run/tasks/8132aeef-11ed-443d-ae37-e61746e4e643/

a0501919.xsph.ru

# Reference: https://app.any.run/tasks/84288362-9f98-408c-b148-99b6d1aa0c2b/

http://94.250.255.110
/92axhgmxpdkezsc8o7utb4coqyop9ls4r8ynuqp05g22/
/92axhgmxpdkezsc8o7utb4coqyop9ls4r8ynuqp05g22/x3n9o/b88e556bffd877877e03b181174f5d55dd654e9e.php
/b88e556bffd877877e03b181174f5d55dd654e9e.php

# Reference: https://app.any.run/tasks/5433b35a-7ff2-414d-824e-4d4a73a3cce7/

cu24886.tmweb.ru
/xo8destofsad1yy0o0pj9rgjj4mqt5by2b8a9ktibk9z1h68npcffaorwp3/
/mjdpbwao3xfihlspr01mxeuj8ujcmv4i1pswkv6vja0so55dz2o4sgf5wqi9bnvi6h3dc4qd6gyf8/
/5f7b65221ba9f26a68dbe40cd557a10da5c41c17.php

# Reference: https://www.virustotal.com/gui/file/2e2dbb104e1a170651a42f2e739440719fea74360416cd6945d7a9e2eefa01bb/detection

sss.lyuk.fun
/lubacmytkmhh5d338wi4sub7av44bzkyzugl1mccx2q98qjf6cjna9g295gwrwjafoziul6apfep/65dc8f3f8e19a8822548a9b139852b2ae510a7f9.php
/lubacmytkmhh5d338wi4sub7av44bzkyzugl1mccx2q98qjf6cjna9g295gwrwjafoziul6apfep/
/65dc8f3f8e19a8822548a9b139852b2ae510a7f9.php

# Reference: https://www.virustotal.com/gui/file/84c1cd5e95673fca1444b5879e83857e0513b3985a8e9152b45f6ad6e688971d/detection

sdam-oge.xyz
/u2l4eq1htsg0u8ktp6ybv1arcxmoax/4j0oidz6tcdbp2oex8/04107c5846d99adc0ccece6ba32e8daa52346d3b.php
/u2l4eq1htsg0u8ktp6ybv1arcxmoax/
/04107c5846d99adc0ccece6ba32e8daa52346d3b.php

# Reference: https://www.virustotal.com/gui/file/c9a1d56e05b593d77541650c1424eeeb4c18ff948436f2c1e1ceffff61e424d4/detection
# Reference: https://www.virustotal.com/gui/file/f42a09edcf9d7745925cd56d498f57104329b10dcd221c99dd07df3fae4d6c64/detection
# Reference: https://www.virustotal.com/gui/file/30ca126420741c189cf4bf0cdb236c5ae863bb0cc705d3fcb45dc2b502652819/detection
# Reference: https://www.virustotal.com/gui/file/2bf90f9564d31ceec8f61908e8de2594082b1eb8622355b3436608559c5ce68a/detection
# Reference: https://www.virustotal.com/gui/file/c9a1d56e05b593d77541650c1424eeeb4c18ff948436f2c1e1ceffff61e424d4/detection

changer-esp.ml
/agpo589w2hro33u3uwsrw551cmq9d1h8ua/ekfkmfzlcgtyckndd184itb7b9a6sj6voa4a475b15epzy3voxns7mf9qb9t5wr/f287097c7ea3f9c96305e3c6d2b24a0492b2e42c.php
/agpo589w2hro33u3uwsrw551cmq9d1h8ua/
/ekfkmfzlcgtyckndd184itb7b9a6sj6voa4a475b15epzy3voxns7mf9qb9t5wr/
/f287097c7ea3f9c96305e3c6d2b24a0492b2e42c.php
/jpep63pj8f5k0956dofx1kr7kbmhtnkg3pjlcqqbc9tev86y0u6w3zxujcn1/lr8bs3n8dwzekz95t7g5290ynb1xguo1tc02wv3kmp0e96yrlr4406uirfsnp/810a818d2e046901cbf4685b2447bf5eced209d3.php
/jpep63pj8f5k0956dofx1kr7kbmhtnkg3pjlcqqbc9tev86y0u6w3zxujcn1/
/lr8bs3n8dwzekz95t7g5290ynb1xguo1tc02wv3kmp0e96yrlr4406uirfsnp/
/810a818d2e046901cbf4685b2447bf5eced209d3.php
/wrrk41xugrucxw8bmia1luo3ndykspkqxowev4qyn2vlt204gyes/ux3phf0o9efk052qntnlsiwxj1a6i1s9le0pukz6gg17got3h5n5ocjgr/524276db2008bc5a31cfab16b20e3f57a04e33d0.php
/wrrk41xugrucxw8bmia1luo3ndykspkqxowev4qyn2vlt204gyes/
/ux3phf0o9efk052qntnlsiwxj1a6i1s9le0pukz6gg17got3h5n5ocjgr/524276db2008bc5a31cfab16b20e3f57a04e33d0.php
/ux3phf0o9efk052qntnlsiwxj1a6i1s9le0pukz6gg17got3h5n5ocjgr/
/524276db2008bc5a31cfab16b20e3f57a04e33d0.php
/jqa220bvl8yxsdgmhki3fmjgo4alngtje10p3crfnl6bx3szk2dyis7x05v2xqw7huuawfu94crk/f730cf4f95e8c4974e9e354f14e192a209410810.php
/jqa220bvl8yxsdgmhki3fmjgo4alngtje10p3crfnl6bx3szk2dyis7x05v2xqw7huuawfu94crk/
/f730cf4f95e8c4974e9e354f14e192a209410810.php
/agpo589w2hro33u3uwsrw551cmq9d1h8ua/ekfkmfzlcgtyckndd184itb7b9a6sj6voa4a475b15epzy3voxns7mf9qb9t5wr/f287097c7ea3f9c96305e3c6d2b24a0492b2e42c.php
/agpo589w2hro33u3uwsrw551cmq9d1h8ua/
/ekfkmfzlcgtyckndd184itb7b9a6sj6voa4a475b15epzy3voxns7mf9qb9t5wr/f287097c7ea3f9c96305e3c6d2b24a0492b2e42c.php
/ekfkmfzlcgtyckndd184itb7b9a6sj6voa4a475b15epzy3voxns7mf9qb9t5wr/
/f287097c7ea3f9c96305e3c6d2b24a0492b2e42c.php

# Reference: https://www.virustotal.com/gui/file/c569b600936870c0205b6992fca7a3d98adc5d6d90206392bb29445bc04fdd9f/detection
# Reference: https://www.virustotal.com/gui/file/fc63cd606cf3be19778fc8a599565f466bace3ea413397b9207571cf90ee4d70/detection

trtrk.tk
/8sk7wdukztor4gv6sscgcbsfom672xgdl8hwn5slhhvn/9w78z41vd65tnev2dbg6xn7ifnthlum1lesjeybeh10ipcg568q/40511eac9a18da158d2524bf42b8099db23a7198.php
/8sk7wdukztor4gv6sscgcbsfom672xgdl8hwn5slhhvn/
/9w78z41vd65tnev2dbg6xn7ifnthlum1lesjeybeh10ipcg568q/
/40511eac9a18da158d2524bf42b8099db23a7198.php
/hb6z5e4vtf7s7xant1ymggp/0y6trz8p796z3l9un1bmkoryqt8jb7q0zno0m0cxrelxrbwvwssek2n3/94fdeb52381c8578b3fe82a4da27d8843a71254f.php
/hb6z5e4vtf7s7xant1ymggp/
/0y6trz8p796z3l9un1bmkoryqt8jb7q0zno0m0cxrelxrbwvwssek2n3/
/94fdeb52381c8578b3fe82a4da27d8843a71254f.php

# Reference: https://www.virustotal.com/gui/file/0c08183ca7d7511a0fb5ca3ab11d74b066c38427912220e963c4ceafe87350ed/detection
# Reference: https://www.virustotal.com/gui/file/11accc9b0cd6f1bcff495f7a3ec2b9ebc7acfaa15f5bf88160c4ae724eeb0269/detection
# Reference: https://www.virustotal.com/gui/file/19293bab3f8d1598dff122142f0641aeaf5c7b63d9692d565e4b4b5ae2fea82d/detection
# Reference: https://www.virustotal.com/gui/file/b505454ac5e35abf59bfd6d039d07348a309b4903f5679c10168215f8f4566f9/detection

big-chlen.ml
/zcc4wy82hc9sk351nf51xrzjmeqeisfnjwrw0nagso7z2mnb72aac1iqe3lv/ul86hhzpxz2terk/a06763f99577add4361c8f382e94b1d384d0eae2.php
/zcc4wy82hc9sk351nf51xrzjmeqeisfnjwrw0nagso7z2mnb72aac1iqe3lv/
/a06763f99577add4361c8f382e94b1d384d0eae2.php
/81ly4nh50jk0n43ze2fq6svhtp1x2ddrulymihx2qkkrgapah0a9l1w7lm79r3c1r8t1/5add562f05b70b54786e15b898eade52720a0304.php
/81ly4nh50jk0n43ze2fq6svhtp1x2ddrulymihx2qkkrgapah0a9l1w7lm79r3c1r8t1/
/5add562f05b70b54786e15b898eade52720a0304.php
/eb6ce1l2uf1lcdxiutpsskg4q22u4tt0mqfydf63n43chv8ts9zq6y5jre8zlpabz9f/o42p885c1967jdwl3wmfb3fi8msmyzz0se12yt1b2kuiou5v9ogc/461d319af8a6a131a055d1fbc3587d7e081534b5.php
/eb6ce1l2uf1lcdxiutpsskg4q22u4tt0mqfydf63n43chv8ts9zq6y5jre8zlpabz9f/
/o42p885c1967jdwl3wmfb3fi8msmyzz0se12yt1b2kuiou5v9ogc/461d319af8a6a131a055d1fbc3587d7e081534b5.php
/o42p885c1967jdwl3wmfb3fi8msmyzz0se12yt1b2kuiou5v9ogc/
/461d319af8a6a131a055d1fbc3587d7e081534b5.php
/4e3twf02xyx7uk3nlzuc/cbanirg43pfycp0098lxcoq7xsef2h8o/06aca9cb7ae3a7ae747899d9d5db60d066937d79.php
/4e3twf02xyx7uk3nlzuc/
/cbanirg43pfycp0098lxcoq7xsef2h8o/
/cbanirg43pfycp0098lxcoq7xsef2h8o/06aca9cb7ae3a7ae747899d9d5db60d066937d79.php
/06aca9cb7ae3a7ae747899d9d5db60d066937d79.php

# Reference: https://www.virustotal.com/gui/file/7738ad1029f1709ec86c8ba24e04b3f71edf671b64681b884ccd70725a1674a5/detection

f0332298.xsph.ru
khxclhpyxach.000webhostapp.com
tedrbavrjrvl.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/78d3657bc6632a7894975a120f3e3cba24a31c1be98d703ebd455ec3eb1b443f/detection

fthtrhtht.xyz.swtest.ru

# Reference: https://www.virustotal.com/gui/file/b0587a32f9dcd1918883354db87376bafaebfed10359228540e57372c2410eb9/detection

borodach2643890.online.swtest.ru
/stl8ldqmfrrfel0p6w5pfloceixidn3dg2qzitsb56ghwkefgbq4zg/1s1tqx4nad15jp7m36/2d1465a3505530413d71f7c5643c8f5f53f832bf.php
/stl8ldqmfrrfel0p6w5pfloceixidn3dg2qzitsb56ghwkefgbq4zg/1s1tqx4nad15jp7m36/
/stl8ldqmfrrfel0p6w5pfloceixidn3dg2qzitsb56ghwkefgbq4zg/
/1s1tqx4nad15jp7m36/
/2d1465a3505530413d71f7c5643c8f5f53f832bf.php

# Reference: https://www.virustotal.com/gui/file/79821a8e903d54162bd27f98e998056bdd86f9fb65fdfe6d2eb2db93d23d9e00/detection

joboykoya2.temp.swtest.ru
/dsa9bezkgbouxklfgtsj28jyu8mpiparwxcdwvqkwzuw4e4imtvhpq5odqz626wy103/zsoa7fq/c76977934cb8179863e8dcc6877b78f9eaa2c2f0.php
/dsa9bezkgbouxklfgtsj28jyu8mpiparwxcdwvqkwzuw4e4imtvhpq5odqz626wy103/
/c76977934cb8179863e8dcc6877b78f9eaa2c2f0.php

# Reference: https://www.virustotal.com/gui/file/dd2e16f51093a9e1f219dbbb9ed9170969e6d5f82fd75e9ffb14100a60b00944/detection

xibefoc467.temp.swtest.ru
/jr362ixublms04ceyi7zfnntmea9so8e51/mtzkbzxvmgzja977vh5cy2iea9ynrdku/ca9a1b6af82a14cc6367351fd09e28d59e3cf499.php
/jr362ixublms04ceyi7zfnntmea9so8e51/mtzkbzxvmgzja977vh5cy2iea9ynrdku/
/jr362ixublms04ceyi7zfnntmea9so8e51/
/mtzkbzxvmgzja977vh5cy2iea9ynrdku/
/ca9a1b6af82a14cc6367351fd09e28d59e3cf499.php

# Reference: https://app.any.run/tasks/fc618299-4cef-4e89-b5c0-4d2efb519054/

cu31892.tmweb.ru

# Reference: https://app.any.run/tasks/875036f3-5d0f-4197-bee5-3760f7e8dd95/

oneway-exe.ru

# Reference: https://app.any.run/tasks/6fd6f53a-609f-41f3-adf5-e2d47c6af95b/

ch71531.tmweb.ru

# Reference: https://www.virustotal.com/gui/file/5e92f42622ff84d9e7924fd77d203daae58dbf09da9b2bcab7474cf051820740/detection

exempal.cf
/dps7t752hgory13y2703rrpgxsw6owmmli8acdo9azm1v0q2b7lenn9w3kciuzn87zr4jvnz6f8lk30/6uooe4ipdagnerdwo8h5kh2txam1njqcx7j/87df5a86f678b2f61f9e2fae37a1c758737a0e99.php
/dps7t752hgory13y2703rrpgxsw6owmmli8acdo9azm1v0q2b7lenn9w3kciuzn87zr4jvnz6f8lk30/6uooe4ipdagnerdwo8h5kh2txam1njqcx7j/
/dps7t752hgory13y2703rrpgxsw6owmmli8acdo9azm1v0q2b7lenn9w3kciuzn87zr4jvnz6f8lk30/
/6uooe4ipdagnerdwo8h5kh2txam1njqcx7j/87df5a86f678b2f61f9e2fae37a1c758737a0e99.php
/6uooe4ipdagnerdwo8h5kh2txam1njqcx7j/
/87df5a86f678b2f61f9e2fae37a1c758737a0e99.php

# Reference: https://www.virustotal.com/gui/file/4826fb45c88d5e352c330de2c76612baed1eb94c58bc58929ffcd9df5b0b5213/detection

a0315442.xsph.ru
/8vrpgqblltuiasb3pavt/cas5qc1ukntde7mnk4z88isab2jl3pv845auzfvzh5krdwoxpwoe5vn8btgi7ucqvfjtuh/a82e98ad62625d64cf0aac8ff970f101f0b8dbdd.php
/8vrpgqblltuiasb3pavt/cas5qc1ukntde7mnk4z88isab2jl3pv845auzfvzh5krdwoxpwoe5vn8btgi7ucqvfjtuh/
/8vrpgqblltuiasb3pavt/
/cas5qc1ukntde7mnk4z88isab2jl3pv845auzfvzh5krdwoxpwoe5vn8btgi7ucqvfjtuh/a82e98ad62625d64cf0aac8ff970f101f0b8dbdd.php
/8vrpgqblltuiasb3pavt/cas5qc1ukntde7mnk4z88isab2jl3pv845auzfvzh5krdwoxpwoe5vn8btgi7ucqvfjtuh/
/a82e98ad62625d64cf0aac8ff970f101f0b8dbdd.php

# Reference: https://www.virustotal.com/gui/file/c79c8b52c8e06c77e068bf2d7798490ae3fbb596d798a3232011f0acbf322d9a/detection 

a0472136.xsph.ru
/434a17mvckf19dxf83nl84jcsgkqj6tkfpa152ec8/
/011afb0749904eed1c837350cda0a7aea10f84c9.php

# Reference: https://www.virustotal.com/gui/file/26bb89fed1eb8544bf3e70fdac8713d7201cd3b36962738aa23f42371779c100/detection

f0452627.xsph.ru
/d0wpfpdwqcvri7hikj0honbqlg60vkld/ec7i7ylhvupxp1jpdah68mzigqxyat0nuw9spok3ywfql52ct5nv5k419/52d126a457c70dcf8f15c863f1e7eb6318f28152.php
/d0wpfpdwqcvri7hikj0honbqlg60vkld/ec7i7ylhvupxp1jpdah68mzigqxyat0nuw9spok3ywfql52ct5nv5k419/
/d0wpfpdwqcvri7hikj0honbqlg60vkld/
/ec7i7ylhvupxp1jpdah68mzigqxyat0nuw9spok3ywfql52ct5nv5k419/
/52d126a457c70dcf8f15c863f1e7eb6318f28152.php

# Reference: https://www.virustotal.com/gui/file/ccb4673eba9fc6523366bfe8a0dfaa8cf4c4aa3f5c5edccc3c98dd4b28356fe0/detection

f0471995.xsph.ru

# Reference: https://www.virustotal.com/gui/file/21b703742ded5a6ac2d580ccbe1fadc3113e6c01750658c93204e5cb3c4797e7/detection

a0486179.xsph.ru
/0ewhm8n8kba1grvga073qjtu7lq/
/ccba8a2e3755c5123325a7f2e766975b0ad70363.php

# Reference: https://www.virustotal.com/gui/file/89c0578b862c36d099744f435c97e3d64cefc29a3705dfa61735ab9d7939c83e/detection

cy59724.tmweb.ru
/fhouqsip6grypvxr4gvoeu5s/6h56e8do29cj71emx2wxop90l6ms6b0n03ys1v34m9c4ffqfymjeslku1nt4zxrzpe/e6eca0e86c3ff6c5f5ce3b597946a8466c9a5e49.php
/6h56e8do29cj71emx2wxop90l6ms6b0n03ys1v34m9c4ffqfymjeslku1nt4zxrzpe/e6eca0e86c3ff6c5f5ce3b597946a8466c9a5e49.php
/fhouqsip6grypvxr4gvoeu5s/
/6h56e8do29cj71emx2wxop90l6ms6b0n03ys1v34m9c4ffqfymjeslku1nt4zxrzpe/
/e6eca0e86c3ff6c5f5ce3b597946a8466c9a5e49.php

# Reference: https://www.virustotal.com/gui/file/c3832621e8b001e0d9c67a2eb87df480794160ba88dad28611e3fbd1019e382f/detection

pcsovet.5k5.ru
/4r8sb3nl87wc75w9rh3ffhu6w5che/bltcxwg89mid9szec5tojjm79ls6kh1rom74d71n3hvepefuiylji0rffa5n62l56wsuk28bcw978agtu1y/d1e916594122bd471161b2701ccd8b16c7d56f06.php
/4r8sb3nl87wc75w9rh3ffhu6w5che/bltcxwg89mid9szec5tojjm79ls6kh1rom74d71n3hvepefuiylji0rffa5n62l56wsuk28bcw978agtu1y/
/4r8sb3nl87wc75w9rh3ffhu6w5che/
/bltcxwg89mid9szec5tojjm79ls6kh1rom74d71n3hvepefuiylji0rffa5n62l56wsuk28bcw978agtu1y/
/d1e916594122bd471161b2701ccd8b16c7d56f06.php

# Reference: https://twitter.com/c3rb3ru5d3d53c/status/1366076714653212676
# Reference: https://www.virustotal.com/gui/file/50444a618ccea3cc6b93088378260b2fab89b5b92d4b06f27fc2e8a58b950c79/detection

cg94871.tmweb.ru
/ipq342neycw2vemr137rhq3u1lsggre8hk4enbicwwb7hdfzrtpla4kyufmto/avldwf/11d3d498af0fd072d4bbc98f8a2273b235c27adb.php
/ipq342neycw2vemr137rhq3u1lsggre8hk4enbicwwb7hdfzrtpla4kyufmto/
/11d3d498af0fd072d4bbc98f8a2273b235c27adb.php

# Reference: https://www.virustotal.com/gui/file/6ac9d0949e78f75adb767797d2e8f456b9bfc19cf85ce0f6fe4fe2e2678ae020/detection

a0484572.xsph.ru
/0ongi8hxo7yarpcd65ellx53/cwc80amx0pz2qbb7j75ew4h3mtreckxau7203jofqsdgqekrx0a924p21lv95n58fl69v54an/0e776a6139e804b26561001e727cd021217e5558.php
/cwc80amx0pz2qbb7j75ew4h3mtreckxau7203jofqsdgqekrx0a924p21lv95n58fl69v54an/0e776a6139e804b26561001e727cd021217e5558.php
/0e776a6139e804b26561001e727cd021217e5558.php
/0ongi8hxo7yarpcd65ellx53/
/cwc80amx0pz2qbb7j75ew4h3mtreckxau7203jofqsdgqekrx0a924p21lv95n58fl69v54an/

# Reference: https://www.virustotal.com/gui/file/0db9b3287dbda591372414623e67ed65e19145656ec7270c545e33ec8dcf7359/detection

f0438395.xsph.ru
f0446323.xsph.ru
/y4owmffza4zbl/vay92fnfwidomnmj2ati1/ce35e0ff1e1d2c8b81e3deee715d223b27132874.php
/y4owmffza4zbl/vay92fnfwidomnmj2ati1/
/y4owmffza4zbl/
/vay92fnfwidomnmj2ati1/
/ce35e0ff1e1d2c8b81e3deee715d223b27132874.php

# Reference: https://www.virustotal.com/gui/file/0bc8f7c32c038195ec0a00142e6a497a85740044b6c7f58f140d8bd084aa4c7d/detection

f0478615.xsph.ru
/zli0hx3rb7l5motetc6rq/m50qy39ordpa8n7ags3r1jmhv4441kibchpvujqu1c67lz54wdhn41etky0p0mjfruxx/bf8bde4aecac1785475ed63563972416621c91d2.php
/zli0hx3rb7l5motetc6rq/m50qy39ordpa8n7ags3r1jmhv4441kibchpvujqu1c67lz54wdhn41etky0p0mjfruxx/
/zli0hx3rb7l5motetc6rq/
/m50qy39ordpa8n7ags3r1jmhv4441kibchpvujqu1c67lz54wdhn41etky0p0mjfruxx/
/bf8bde4aecac1785475ed63563972416621c91d2.php

# Reference: https://www.virustotal.com/gui/file/10308a424c6d9abfc703efc49ab5d0840766ebf51ac4b03269a1f98ef0a66aec/detection

f0463306.xsph.ru
/dnc43rncghchlzne9ifqkgvkz/w1d6njsup/5bea1966ae5a874168cf125971b3ea99cedb7df7.php
/dnc43rncghchlzne9ifqkgvkz/
/5bea1966ae5a874168cf125971b3ea99cedb7df7.php

# Reference: https://www.virustotal.com/gui/file/cd6e3b60a429bbf3dd571ac9bcb953f378433264550325139b1535c79b434e86/detection

f0475486.xsph.ru
/tq2jahdsfa5g9y3w1wjcio6r48zu6qvp7o92omin3etbfwh5uad8p/bv426i0urvvb71p1ecoum8rsozplify7glwhxk97w/fc0de89767fa4fb6ceb846e92428d4a917d24c31.php
/tq2jahdsfa5g9y3w1wjcio6r48zu6qvp7o92omin3etbfwh5uad8p/bv426i0urvvb71p1ecoum8rsozplify7glwhxk97w/
/tq2jahdsfa5g9y3w1wjcio6r48zu6qvp7o92omin3etbfwh5uad8p/
/bv426i0urvvb71p1ecoum8rsozplify7glwhxk97w/
/fc0de89767fa4fb6ceb846e92428d4a917d24c31.php

# Reference: https://www.virustotal.com/gui/file/0c797645b62f0d5262d2db462218c9f0ad064858bfe206f02d99541c7bc762dd/detection

f0457573.xsph.ru
/5a7tuwel9087f50z2wu42oyf8sbjeztvg785xrn/gh7r8ky9sp/8661ba6a5e0db20f23382c8ecb1af46b4af13638.php
/5a7tuwel9087f50z2wu42oyf8sbjeztvg785xrn/
/8661ba6a5e0db20f23382c8ecb1af46b4af13638.php

# Reference: https://www.virustotal.com/gui/file/3507728820cc00598364f740bc8bd661b3ea2217d3292f17b20f8d9093fda25e/detection

f0494736.xsph.ru
/q3vuzcny1grdz47l019ksvl7g5kla6tq1johbifung5j617s82dd2oyf/og4rzao3yh3z48er5eh8y3lju1dwtcntz9xw6jfo9pf5807xk2ffvup5402w4kj/sryg3ha98v02qow3rp/dc8c5ce9e6004966bf6ad5e7499b507b.php
/q3vuzcny1grdz47l019ksvl7g5kla6tq1johbifung5j617s82dd2oyf/og4rzao3yh3z48er5eh8y3lju1dwtcntz9xw6jfo9pf5807xk2ffvup5402w4kj/
/q3vuzcny1grdz47l019ksvl7g5kla6tq1johbifung5j617s82dd2oyf/
/og4rzao3yh3z48er5eh8y3lju1dwtcntz9xw6jfo9pf5807xk2ffvup5402w4kj/
/fbd557434528cbf66b6d4edaaf8c7c68f5b17c75.php
/sryg3ha98v02qow3rp/dc8c5ce9e6004966bf6ad5e7499b507b.php

# Reference: https://www.virustotal.com/gui/file/0c973ee7d91878f4db5d0044ecb43f508df4013d85d85b33f5a58ff3ee1a58a0/detection

f0493264.xsph.ru
/piks3hwokuzpinvf1sifaqvlezh0/
/f3924bcd353a8e1f603f95309fa65ca3f8dcfceb.php
/piks3hwokuzpinvf1sifaqvlezh0/zc8bt0r4pk3m9ql8c6dc9xlnyl0tk5bok42soa5j1o68pg20t/283314aaecfe5dd34e232939e1218999.php
/piks3hwokuzpinvf1sifaqvlezh0/zc8bt0r4pk3m9ql8c6dc9xlnyl0tk5bok42soa5j1o68pg20t/
/zc8bt0r4pk3m9ql8c6dc9xlnyl0tk5bok42soa5j1o68pg20t/
/283314aaecfe5dd34e232939e1218999.php

# Reference: https://www.virustotal.com/gui/file/040a25f63a9c6fb1703a1039488a0eba849588a054b5e603cd19792707d2ef32/detection

f0503470.xsph.ru

# Reference: https://www.virustotal.com/gui/file/d50d9f271cf93d53fe6d1f1a00546e12c04f00e6546158a389c99a201b281231/detection

f0515589.xsph.ru
/34voq2emqal4bp5any671hzf9lm3ij839zrxw2gzhl6ttih4ewum0ply6omxcfus08wn14ib/03ryscvohzllc76/ea5efdbfcf64407f0133129dc50e9decb86eddc2.php
/34voq2emqal4bp5any671hzf9lm3ij839zrxw2gzhl6ttih4ewum0ply6omxcfus08wn14ib/03ryscvohzllc76/
/34voq2emqal4bp5any671hzf9lm3ij839zrxw2gzhl6ttih4ewum0ply6omxcfus08wn14ib/
/ea5efdbfcf64407f0133129dc50e9decb86eddc2.php

# Reference: https://www.virustotal.com/gui/file/357b1770262a0b0f33f56f8fece9e1e35f4918acf72d36bb3cae719fde9bc18b/detection

f0510538.xsph.ru
/u3s904w2ibcgouhmgk4bcxx1a2vetdp7/
/7db32d0d111d8e8d56501876d36930c7da4bbda7.php

# Reference: https://www.virustotal.com/gui/file/8c0a2621bdd862a767aea8ac6c8721a07f11232db5b16a60cd868341355a3e07/detection

f0491418.xsph.ru
/jbouypul6170z295czg/9esptzen95oqo1qj4mmd7fbuo63xp2pnv1c8wizr6bjlkf2da4a4u6axfv3uhex36wludrvoec5ykywq/103eeb3716f4deeefafd758ba7c991b6b88dd11e.php
/jbouypul6170z295czg/9esptzen95oqo1qj4mmd7fbuo63xp2pnv1c8wizr6bjlkf2da4a4u6axfv3uhex36wludrvoec5ykywq/
/jbouypul6170z295czg/
/9esptzen95oqo1qj4mmd7fbuo63xp2pnv1c8wizr6bjlkf2da4a4u6axfv3uhex36wludrvoec5ykywq/
/103eeb3716f4deeefafd758ba7c991b6b88dd11e.php

# Reference: https://www.virustotal.com/gui/file/33291a6e72594047c17a796a081f09883550a219846dccd5ed3cfc8451b5a135/detection

f0509824.xsph.ru

# Reference: https://www.virustotal.com/gui/file/424917f137c2dba0a9dbbac18076aee314780dfccedc31883b1cbe7ce914298d/detection

f0515589.xsph.ru
/34voq2emqal4bp5any671hzf9lm3ij839zrxw2gzhl6ttih4ewum0ply6omxcfus08wn14ib/03ryscvohzllc76/ea5efdbfcf64407f0133129dc50e9decb86eddc2.php
/34voq2emqal4bp5any671hzf9lm3ij839zrxw2gzhl6ttih4ewum0ply6omxcfus08wn14ib/
/ea5efdbfcf64407f0133129dc50e9decb86eddc2.php

# Reference: https://www.virustotal.com/gui/file/be2cc2d4877f79dcb0cbef9a42d114544a135f2c1f8bd96ed06cb01c0defae60/detection

f0515572.xsph.ru

# Reference: https://www.virustotal.com/gui/file/14df9469961f7a159651587e0a4afc78d06e3d7247c9d9ccb47b840c71bfb792/detection

f0517366.xsph.ru
/3s66rm0tcvofycuvdqqdlhaoi0i7560bwkxgq97drftbf4m4l04nea9ugzt/wh97lg5i0mnw6rfzrg/d5501495d336c46495f9b8e54386c8bf5ac0cc5e.php
/3s66rm0tcvofycuvdqqdlhaoi0i7560bwkxgq97drftbf4m4l04nea9ugzt/wh97lg5i0mnw6rfzrg/
/3s66rm0tcvofycuvdqqdlhaoi0i7560bwkxgq97drftbf4m4l04nea9ugzt/
/wh97lg5i0mnw6rfzrg/
/d5501495d336c46495f9b8e54386c8bf5ac0cc5e.php

# Reference: https://app.any.run/tasks/3ca79d1f-03ef-4215-b587-082334de1ed7/

filmix.space
/s3l2w44ni0au767y00lrxlbkesye5cot4zund7ju9t3k65niw1msvh/g7o4lqch3nkt0p08/20eb5bca358665727c4c5ac112fb96afb9757028.php
/s3l2w44ni0au767y00lrxlbkesye5cot4zund7ju9t3k65niw1msvh/g7o4lqch3nkt0p08/
/s3l2w44ni0au767y00lrxlbkesye5cot4zund7ju9t3k65niw1msvh/
/20eb5bca358665727c4c5ac112fb96afb9757028.php

# Reference: https://www.virustotal.com/gui/file/a8b88f7751da32956991d5a6bed4bb5fe788696188a04b951f304e5035d1c5b0/detection

f0517233.xsph.ru
/7njihfv0a/kz5cfx173w93hd3eizzct6gy1gx8dj5ioy/5e150948e707791422070434d2fa55363f18c867.php
/7njihfv0a/kz5cfx173w93hd3eizzct6gy1gx8dj5ioy/
/5e150948e707791422070434d2fa55363f18c867.php
/kz5cfx173w93hd3eizzct6gy1gx8dj5ioy/db9hfgvbx/edc301e834c038e30c4f9fc52b979a12.php
/kz5cfx173w93hd3eizzct6gy1gx8dj5ioy/
/edc301e834c038e30c4f9fc52b979a12.php

# Reference: https://www.virustotal.com/gui/file/e7bc06eedb8600ef3a3a168e04260e2aa2c1bffa1eec3ab256deb866bed7b1d1/detection

f0519071.xsph.ru
/1lua73k3rf9/ag07622pc1uspjsulyin3gz3ywv8btbe0jx5tmkild45o88qfgt6v23keb1rdcnsfaz1fma09vns6rhtrghk37/2da79cb2b31cd83770333991b6d72e6823f7120d.php
/ag07622pc1uspjsulyin3gz3ywv8btbe0jx5tmkild45o88qfgt6v23keb1rdcnsfaz1fma09vns6rhtrghk37/
/2da79cb2b31cd83770333991b6d72e6823f7120d.php

# Reference: https://www.virustotal.com/gui/file/514227515d4d8d80d19bb27b92182154fefc8f016be0c86c8016ec9a0cad7c6a/detection

f0519034.xsph.ru
/gxb17nqb13togzcoj6w2wbvdamxwsgmvdmqxk74pz7iaetdzd08z1j7rak6ujptlgy/b55vlmrnyp/80501efbfd7a3a3302bf2aa2aeda671587c06f3c.php
/gxb17nqb13togzcoj6w2wbvdamxwsgmvdmqxk74pz7iaetdzd08z1j7rak6ujptlgy/
/80501efbfd7a3a3302bf2aa2aeda671587c06f3c.php

# Reference: https://www.virustotal.com/gui/file/84ae6fe4cd4f1357409af9eeea51b0ceb8385242c1e67b1f22a51a9475f3ce01/detection

cs51919.tmweb.ru
/jah3b5q3hkt4v8iuj47724umkygr1gsctnp3p1ukmio9ixwfcnflh76esg5fv4qnxlsm/sg2dmj1k5lzzxrtchs6omubpixuk3a1dqmb8rn/1b58f49e15eeb98754ad22cdd55072e27b160ca2.php
/jah3b5q3hkt4v8iuj47724umkygr1gsctnp3p1ukmio9ixwfcnflh76esg5fv4qnxlsm/sg2dmj1k5lzzxrtchs6omubpixuk3a1dqmb8rn/
/jah3b5q3hkt4v8iuj47724umkygr1gsctnp3p1ukmio9ixwfcnflh76esg5fv4qnxlsm/
/sg2dmj1k5lzzxrtchs6omubpixuk3a1dqmb8rn/
/1b58f49e15eeb98754ad22cdd55072e27b160ca2.php

# Reference: https://www.virustotal.com/gui/file/6e2c565e36ca5fd95af9f7a0d1a2fa6b9ec50caef4290e9eb9abe53ab3b8e70b/detection

a0404851.xsph.ru
/stwc3br2iynbmx8wlv054g1c9nyqq7eumxrb1t0u5d9znkez8jip10f4ap95ja94aabro1kxzxpq708/av4yi982qnv743qpxk/4b15077fafc5c905a0a10493de237bd680a0de80.php
/av4yi982qnv743qpxk/4b15077fafc5c905a0a10493de237bd680a0de80.php
/stwc3br2iynbmx8wlv054g1c9nyqq7eumxrb1t0u5d9znkez8jip10f4ap95ja94aabro1kxzxpq708/av4yi982qnv743qpxk/
/stwc3br2iynbmx8wlv054g1c9nyqq7eumxrb1t0u5d9znkez8jip10f4ap95ja94aabro1kxzxpq708/
/av4yi982qnv743qpxk/
/4b15077fafc5c905a0a10493de237bd680a0de80.php

# Reference: https://www.virustotal.com/gui/file/be4f2bc98517755200485163d8f7734702f9fc072fef2df4e6250f679151070c/detection

a0405963.xsph.ru
/smx039rtaq99eh0guby5copi4ml698dyb0k3acwg0czni6vbzat75bt/4cenvfizboennpdqih0avfwitbb3j4m4f4forilbg7/16e350e36f5328bd301a257515f4e3fd5b680305.php
/4cenvfizboennpdqih0avfwitbb3j4m4f4forilbg7/16e350e36f5328bd301a257515f4e3fd5b680305.php
/smx039rtaq99eh0guby5copi4ml698dyb0k3acwg0czni6vbzat75bt/4cenvfizboennpdqih0avfwitbb3j4m4f4forilbg7/
/smx039rtaq99eh0guby5copi4ml698dyb0k3acwg0czni6vbzat75bt/
/4cenvfizboennpdqih0avfwitbb3j4m4f4forilbg7/
/16e350e36f5328bd301a257515f4e3fd5b680305.php

# Reference: https://www.virustotal.com/gui/file/9c91b43d243ac9adfdabcf848069b08b9117c6380d4805729d06836fdc10a74c/detection

a0525835.xsph.ru
/oqk743prn86ycil1soeb99aqy0epzj6utcxrw30c23o86kif7gscmld/aih52uhn1u0prqmd5vckdleh246a8p2b9dq7o0k7htcq1w/30650a8f98a447ec28b175ffd31214d7d94eb991.php
/oqk743prn86ycil1soeb99aqy0epzj6utcxrw30c23o86kif7gscmld/aih52uhn1u0prqmd5vckdleh246a8p2b9dq7o0k7htcq1w/
/oqk743prn86ycil1soeb99aqy0epzj6utcxrw30c23o86kif7gscmld/
/aih52uhn1u0prqmd5vckdleh246a8p2b9dq7o0k7htcq1w/
/aih52uhn1u0prqmd5vckdleh246a8p2b9dq7o0k7htcq1w/30650a8f98a447ec28b175ffd31214d7d94eb991.php
/30650a8f98a447ec28b175ffd31214d7d94eb991.php

# Reference: https://twitter.com/K_N1kolenko/status/1377902418839678976
# Reference: https://twitter.com/K_N1kolenko/status/1377902531641237505
# Reference: https://twitter.com/James_inthe_box/status/1377967403611480070

http://195.54.33.24
/jsserverwindows.php

# Reference: https://www.virustotal.com/gui/file/29df0b984e959c856c2cc8d45dbd407301567d1f8deb962f350b8789f5a9a1f8/detection

cc50835.tmweb.ru
/pipebigloadbaseWindowstest.php

# Reference: https://www.virustotal.com/gui/file/89fa4b96824cff45d631aba001e6ea4873bdc50133149489453e1930f93061db/detection

ch30249.tmweb.ru
/CpulongpollAsync.php

# Reference: https://www.virustotal.com/gui/file/b353f0b1f05df11cd8d4a9d5e32b175bf52795d4571da48347c8d367767c7f2c/detection

cx55949.tmweb.ru
/linePipepacketmultilinux.php

# Reference: https://www.virustotal.com/gui/file/e2c0f6c339713ba63202f13e1f788997d87b4d8ce38cb6bb8f214bc92020b77d/detection

cm51492.tmweb.ru
/ProviderLongpoll.php

# Reference: https://www.virustotal.com/gui/file/e46a16ade0a00728c59210acdcd131a5bab46470d9acb07afb58917a1e287456/detection

ck02342.tmweb.ru
/JavascriptjsProcessorProtectFlower.php

# Reference: https://www.virustotal.com/gui/file/4b032a536e842694ebbf6152c16484e01dd3c786d028cd535bd75b74c2e1e75c/detection

ct53551.tmweb.ru
/php_updateLongpoll.php

# Reference: https://www.virustotal.com/gui/file/56739e49de52e250f4a3eca5675917fe3cda4d3c40903e7f9d2b79e18bec9999/detection

cg15251.tmweb.ru

# Reference: https://www.virustotal.com/gui/file/7055d783414b106fe0cf64d48298626a77800e0b8dcdc8eb861d63b72ae8f8fa/detection

cf09397.tmweb.ru
/multiDefaultFlower.php

# Reference: https://www.virustotal.com/gui/file/76878896e452310544b7935243156babb347549bf8f7c57dcd809d9d9cc7273c/detection

cu32668.tmweb.ru
/pipelowprocessmultiBase.php

# Reference: https://www.virustotal.com/gui/file/353e71b1f29f2a127d199fd7b936805a6181a1d81fb83b818b5628d1ab424e17/detection

ch08518.tmweb.ru

# Reference: https://www.virustotal.com/gui/file/32acd16ac1f0ceda43528df2401e91212338f58a16b0446e564174a9c840721c/detection

cq64286.tmweb.ru
/HttpcpuupdateauthApi.php

# Reference: https://www.virustotal.com/gui/file/20adaedcd00cb34d5ff9f6840a171bae738b7acdee4ab320724fcceb3218cda4/detection

cn25255.tmweb.ru
/AsentusEncoded.php

# Reference: https://www.virustotal.com/gui/file/4ed2b9056a1141a2d92ee8c0b5e4b94bd59a1d84784f5bffc487575f1f98b88e/detection

cr39615.tmweb.ru
/imagesecurePacket.php

# Reference: https://www.virustotal.com/gui/file/3d3326dd0a2dade47a2b5ad966fdebbd09fa15ff67ec18a8b8f8323ca481e70f/detection

dyeee.tmweb.ru
/longpollTraffic.php

# Reference: https://www.virustotal.com/gui/file/72362d62cf50c249dee90fa062a9a382572d67997da05608ef3f79a1292a43e1/detection

cf79984.tmweb.ru
/secureGeoauthflower.php

# Reference: https://www.virustotal.com/gui/file/544d2ce0cdc40c01dad1b0c0e8c6040d9252ff9c5edac8c73a212e8210c44473/detection

cq38242.tmweb.ru

# Reference: https://www.virustotal.com/gui/file/96aea8e31880f1a37353a47c962de1f59755abea5bb12a2abd62ae1bf694231c/detection
# Reference: https://www.virustotal.com/gui/file/edfbfcbb103f5b69bcf2a9b3cc6e01750744bdc84a882f929c3f9cefef42cecb/detection

cj09837.tmweb.ru
vh366.timeweb.ru

# Reference: https://www.virustotal.com/gui/file/bf6e3cf654738116a14be298176fc12524154ee51f9a2424fa117ee5b47be53a/detection

cw51552.tmweb.ru
/pythonlowupdateprotectdefault.php

# Reference: https://www.virustotal.com/gui/file/f0690112624bffc927f19e8cc0d8af4f46656a354212bc234e9cc3d1c33c4993/detection

sk1tzz.beget.tech
/kef8wewmagh6vs3rbm5jqhi29dkn7y96gp1ou9i7d4pw14c9rlc46uur3fvlzgjiehh/h7otaleclm238j1szeb/9753eb7181919647609843743199a5f58a01a37c.php
/kef8wewmagh6vs3rbm5jqhi29dkn7y96gp1ou9i7d4pw14c9rlc46uur3fvlzgjiehh/h7otaleclm238j1szeb/
/kef8wewmagh6vs3rbm5jqhi29dkn7y96gp1ou9i7d4pw14c9rlc46uur3fvlzgjiehh/
/h7otaleclm238j1szeb/
/h7otaleclm238j1szeb/9753eb7181919647609843743199a5f58a01a37c.php
/9753eb7181919647609843743199a5f58a01a37c.php

# Reference: https://www.virustotal.com/gui/file/fb3914e5fb9bbae88d31177071dd6465bc4ae46f05c71f3a72b086483d65e066/detection

http://135.181.235.118

# Reference: https://www.virustotal.com/gui/file/1a1971d70f3879a8fb9cb656c3afe487760454b1caf139cf2d3b87330f3e77ff/detection

datasines.ru
/vmasyncTrack.php

# Reference: https://www.virustotal.com/gui/file/1294a91cd45ed0dc87531245654e961b6aa1b399ca32a33048a04ab7993b16b7/detection
# Reference: https://www.joesandbox.com/analysis/444364?idtype=analysisid

http://185.246.65.192
/pythonsecurelowcpuGame.php

# Reference: https://www.virustotal.com/gui/file/3d49374f76096e055f31a9e83d0bdd15a349aa85041a9f827fef376011913d05/detection
# Reference: https://www.virustotal.com/gui/file/55c68474cc02e4834e61a80980679f364f3fb1d012e8aab3bb3bd254967e5514/detection

http://82.146.57.148
/tracedemosupportphp/demo/mobilegenerator/support/cpucamphp/prefprefmathcore/djangoplugin/searchercpuprefrecord/demohtopphptrace/limitdatalog/imageprocesslongpolltraffic.php

# Reference: https://www.virustotal.com/gui/file/a0f4c92db2cfda9c338306c1b12f71c15416196ed593f0aa28ca5add785d426a/detection
# Reference: https://www.virustotal.com/gui/file/fac11dc010c0a36ccacc3a5438af9bd5182b7b94be16d5758f78c6b89100dbf9/detection

u102494.test-handyhost.ru
/cf56ixqm4hmo9mco4un456azr94f7rsa6xkusidqjs2bg7lsvak1lbz1xl3xp0yq5p6eyykeju8rjzpzjw2a/f4gcpek23jbc0nadh6spye3fiujv9m6nyq2gwihz6ctth8d37hdajp/cf1d9bc56e0d85baf1d1e7e49e0db80d9b047230.php
/cf56ixqm4hmo9mco4un456azr94f7rsa6xkusidqjs2bg7lsvak1lbz1xl3xp0yq5p6eyykeju8rjzpzjw2a/
/f4gcpek23jbc0nadh6spye3fiujv9m6nyq2gwihz6ctth8d37hdajp/
/cf1d9bc56e0d85baf1d1e7e49e0db80d9b047230.php

# Reference: https://www.virustotal.com/gui/file/5ad69de9fdcb9ae92c756236de868bf963d04b6cad241d418c62f06e7332c13c/detection

http://82.146.42.205
/httptraffic.php

# Reference: https://www.virustotal.com/gui/file/ac5690010ad06525c90e0d604403e9169f2698d82f5a4e89d328343d59ead472/detection

bigwins.ddns.net
/ExternalphpPoll.php

# Reference: https://www.virustotal.com/gui/file/ca0c5b278fc4a2fd0d71019429789248453779143404ff909964807facba6b20/detection

http://212.109.199.108
/HttpBigloadsqllinux.php

# Reference: https://www.virustotal.com/gui/file/9c7cb7bc7443f2f35c6804ca5aca69df5b21327b96428c31cb1cea12b3b94d1e/detection

http://79.174.13.146
/linuxAsync.php

# Reference: https://www.virustotal.com/gui/file/679bec4906c57d7637bd04824f1d3fc26a75e4dac0aff833f9b86a3f0bdd7b24/detection

a0553951.xsph.ru
/apiBigloadDbtrack.php

# Reference: https://www.virustotal.com/gui/file/92b9803da13558ef311fe025ec74a0ada01b1c95b499985d51d4c4bd01f11129/detection

a0548637.xsph.ru
/javascript_geoserver.php

# Reference: https://www.virustotal.com/gui/file/8801faeab21ac37b1785a78c635cba75f914d2056f1b74ddefbcc1b17f836edc/detection

a0555497.xsph.ru
/eternalsecurelinux.php
/ImageProcessordb.php

# Reference: https://www.virustotal.com/gui/file/061fa38282c2f86c3a5e9e0c87e63c6d1e7e9404d3dd212b51515d254a2254ee/detection

cn36102.tmweb.ru
/o40ypy0hwwr6x7tycm55w6pgmkftd/r0m1j2e3zgfazhs6r8x2w603/4057ff4bb273cce3b7c60daac775421c5bf03a7e.php
/o40ypy0hwwr6x7tycm55w6pgmkftd/r0m1j2e3zgfazhs6r8x2w603/
/o40ypy0hwwr6x7tycm55w6pgmkftd/
/r0m1j2e3zgfazhs6r8x2w603/
/4057ff4bb273cce3b7c60daac775421c5bf03a7e.php
/r0m1j2e3zgfazhs6r8x2w603/4057ff4bb273cce3b7c60daac775421c5bf03a7e.php

# Reference: https://www.virustotal.com/gui/file/4cacca33e4823519cffa51e6d0f0226ef3b581024f57d8acc444427a636cb95e/detection

http://194.226.139.141
http://94.103.80.73
/Packetbasetraffic.php

# Reference: https://tria.ge/210731-v2zwybkdfs/behavioral1

http://94.250.248.166
/external_Packetupdatemulti.php

# Reference: https://www.virustotal.com/gui/file/e0dbdf3dbc3203ede5b14a38d80f53203d6c14cda083f81f498fdbe394cdbcf3/detection

cf99125.tmweb.ru
/providerSecureWindows.php

# Reference: https://www.virustotal.com/gui/file/60bd11a9eb239a95fa07a879822b4e4cc4b971f57971387c7c65542b48acb099/detection

cv53487.tmweb.ru
/defaultFlowerAsync.php

# Reference: https://blog.talosintelligence.com/2021/10/crimeware-targets-afghanistan-india.html
# Reference: https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/649/original/network_iocs_for_detection.txt

95.111.241.233:4563
95.111.241.233:8848
AbdaalRuhaani-27733.portmap.host

# Reference: https://www.virustotal.com/gui/file/012fa663e73b01b030d4283bd6d1d23250e47ab6180fe6d1c0efc289a45af710/detection

cq28540.tmweb.ru
/lineToGeomultidb.php

# Reference: https://www.virustotal.com/gui/file/dfb38282ee9f6bc18b4e9c6f0406e00dabc2fe57d76a4eec9722f9e0e7e07928/detection

bitrix386.timeweb.ru
cu85891.tmweb.ru

# Reference: https://www.virustotal.com/gui/file/6718c04021467956503e7c53e7a6597fad77eafe88b080442d4168ab1081f32c/detection

a0560022.xsph.ru

# Reference: https://www.virustotal.com/gui/file/6dfc2ded144d897f001f26e050a1abb54d661b9fd9e855199caf41246cd0649b/detection

a0480057.xsph.ru
/dg6kx49844do2wpbwfc5s75x1y7rj8ig0sqnfxn1w0wceftcj8ijcvlvlj3q42sd5eloze2u68aktlra/fmph5agvjxo/c69cd7ffb036451638f1c24db25a0515740d8125.php
/dg6kx49844do2wpbwfc5s75x1y7rj8ig0sqnfxn1w0wceftcj8ijcvlvlj3q42sd5eloze2u68aktlra/fmph5agvjxo/
/dg6kx49844do2wpbwfc5s75x1y7rj8ig0sqnfxn1w0wceftcj8ijcvlvlj3q42sd5eloze2u68aktlra/
/c69cd7ffb036451638f1c24db25a0515740d8125.php
/fmph5agvjxo/

# Reference: https://www.virustotal.com/gui/file/887f455ee655af59acf845a6f7eec88be53d3e39aff9f3b09cb8e89d9e2c3726/detection

a0524006.xsph.ru
/hepac3jv5bkh5ycvi0d1ewjacma0xgd/wn21g8tolwy8n63qki92hcu82wxutf5dgq239jfp6ghb3008r5/34fa085d5cd7e6f47a1a85493422af8a14f97a19.php
/hepac3jv5bkh5ycvi0d1ewjacma0xgd/wn21g8tolwy8n63qki92hcu82wxutf5dgq239jfp6ghb3008r5/
/hepac3jv5bkh5ycvi0d1ewjacma0xgd/
/wn21g8tolwy8n63qki92hcu82wxutf5dgq239jfp6ghb3008r5/
/34fa085d5cd7e6f47a1a85493422af8a14f97a19.php

# Reference: https://www.virustotal.com/gui/file/90256b8d51135779431b9a7d02944d79e0c8b7f6a00ba19a5d08d4e252f39964/detection

a0549308.xsph.ru
/providerlongpollasync.php

# Reference: https://www.virustotal.com/gui/file/a01d51b821fc25d9909c74771287e7782cf607a69c01e29037860e1e32399a0b/detection

a0600399.xsph.ru

# Reference: https://www.virustotal.com/gui/file/c6cabb4109dca04a0d3493c4dd00861f5dc727606e5fe9120d2fd3ebadbb476c/detection
# Reference: https://www.virustotal.com/gui/file/ced32aa25118e81a5b12ad187f9372239eb440327f96f5c28a6ca7dd483b38a7/detection

a0454147.xsph.ru
/bdytbxyzt28mr240noe4rrg093adguvi02oc6/
/srxotvy8z6jic7vy7ah4oudisalxsdmkwfksgbennps3g6fd4u1zh26ojvzw3xucp4pz275y39bj89k8intmkl11/
/0226cf1a5d9ff16d620618544626a30aadc83dc5.php

# Reference: https://www.virustotal.com/gui/file/752a2b36c51e70a340394df673dba33a6e4731629b1e624f9246030d80fa3003/detection

a0429276.xsph.ru
/3t5v7d7pegualb068qsj0nmxfghl0fuoh418iz6cinatqfor4v9akdq37rx9ycwvyee8ubs4swlgiac585m0/
/pdzkcqf0x4dyr2f2vlaf7e4rmrh72yr1bm6mhyue2zim1j4z0u6/
/a30a7e8d446e07feb3edd0a0387878b922679121.php

# Reference: https://www.virustotal.com/gui/file/dacce09fd5829213606cef3f45d5bc43d4522183e54422eb4a5c7a404c69a6c2/detection

rodik2020m.temp.swtest.ru

# Reference: https://www.virustotal.com/gui/file/44f3eb01406921d5605933abce49e5fe04cfe6a73f3fcb7380dc99765043ea2a/detection

cheff2019m.temp.swtest.ru

# Reference: https://www.virustotal.com/gui/file/cacd507c94ebe53ab72ec0ca9352069e09f8b8dcfba64abd2054f227ad16e0b2/detection

testedpo11.temp.swtest.ru

# Reference: https://www.virustotal.com/gui/file/4bf6ec0d9ab95d7d7d4e1e7453a83ed731c9188fbe6d007834025f00791cdcb9/detection

jlauka2018.temp.swtest.ru

# Reference: https://www.virustotal.com/gui/file/41dcb2cb400c656826db00e368c5ddc4d254d69d5d9ab0cd6a63fd68bba2fb5f/detection

a0439723.xsph.ru

# Reference: https://www.virustotal.com/gui/file/b9024622a0e5c982db8b533e6c3a736d65d5c02bf01b4ff15d3fd770f4632443/detection

a0439698.xsph.ru

# Reference: https://www.virustotal.com/gui/file/e6af686fbb16722033095116708e650d4dc8094069d2047291e7fb374cc5edc1/detection

a0438890.xsph.ru

# Reference: https://www.virustotal.com/gui/file/b1ce6bb28fac9c93b1eec761dfcabcc7f37ea3ef8ef9fd388f42cb41ba2d8dc0/detection

a0439294.xsph.ru

# Reference: https://www.virustotal.com/gui/file/02a8462c5578ac09bd2c6657167a5103b0e91ad759b05f6d63e415b47cbcdcfb/detection

a0440066.xsph.ru

# Reference: https://www.virustotal.com/gui/file/9f66780f03e00ce6852d2bbb9ae2496b875871ae3cf8fd2a578596431ac3346f/detection

a0523644.xsph.ru
/c29bwyj1xuov8fe73uqhp09la6kkaphj7gm/x9ahvg1kp8jvucilm9rwee4ich/8e4fcd4fc1806a68c3bd06d79ba1b48b1ebe08b1.php
/c29bwyj1xuov8fe73uqhp09la6kkaphj7gm/x9ahvg1kp8jvucilm9rwee4ich/
/c29bwyj1xuov8fe73uqhp09la6kkaphj7gm/
/x9ahvg1kp8jvucilm9rwee4ich/
/8e4fcd4fc1806a68c3bd06d79ba1b48b1ebe08b1.php

# Reference: https://www.virustotal.com/gui/file/c8db435b9a380579b7ccf477a0030f6d8d143ff32df9148f6ed82407c5f86813/detection

a0530848.xsph.ru
/imageLinepipeGame.php

# Reference: https://www.virustotal.com/gui/file/da2d2ccffac5d4877096cb5b787e10ac0817b5a56c3ff67f640ec80d47dfd258/detection

a0550213.xsph.ru
/Vmpacketbigload.php

# Reference: https://www.virustotal.com/gui/file/8a55211db06abc570a3f0e6bc612d42a67f1face07d82a65cdcbac9a56c64923/detection

a0552459.xsph.ru
/CpuApisqltrack.php

# Reference: https://www.virustotal.com/gui/file/6c231312fac958bb547368ae896a4e763d97d176eee5223f365c81ce3ffc3211/detection

a0550354.xsph.ru
/PollGeoprocessdefaultflower.php

# Reference: https://www.virustotal.com/gui/file/17cb5a4dec6b16c87fa481f4d2e1cea4ed3c24a790dae776ba83fa5320f98ee2/detection

a0615946.xsph.ru

# Reference: https://www.virustotal.com/gui/file/34e8a3b9532e5475b8c62a21f836682bbe1e2479089bcc2a0b6646e66362d573/detection

cb81657.tmweb.ru
/pipeHttpAuthbasewordpress.php

# Reference: https://www.virustotal.com/gui/file/5e40c4e18338a01645611f11f2caeb4eb5353bda96175f96c20526e16a5d3e14/detection

cy50210.tmweb.ru
/VideoVmJavascriptCentralTemporary.php

# Reference: https://www.virustotal.com/gui/file/5e4f320e663b58088d396ca3c9a32bfcf3ef0fb0f26d21f70e3f4e0ef9c6a5a5/detection

cu44809.tmweb.ru

# Reference: https://www.virustotal.com/gui/file/a8b815767cc06b4e4c73c0ffaa73eda2d9bef6ba1da8fc62950c6b7b1343c160/detection

http://80.78.240.210
/imageVideoupdateauthApi.php

# Reference: https://www.virustotal.com/gui/file/7700b39073a305e9b3ae9e64e36dc507ff13caf82e3f0b8a812e76bbfabfc36d/detection
# Reference: https://www.virustotal.com/gui/file/064e47140735631b988516748b833330b5c0844d6016b1c3d80c83c5c326cba2/detection

http://92.63.106.112
/JavascriptauthMultibase.php
/javascriptdefaultbase.php

# Reference: https://threatfox.abuse.ch/ioc/315762/

http://176.126.103.126
/pythonjavascriptprotectFlowerDatalife.php

# Reference: https://www.virustotal.com/gui/file/a1a4171c888bb45ba62753af9d69469a6eba3d9bffdc8ea46b6f37c61faa0c86/detection

bigrussianfloppa.duckdns.org
/externalbaseGeneratorTempdownloads.php

# Reference: https://www.virustotal.com/gui/file/00603531bcf1c4db7431140d656e57a43887fe1103bbac67c91141804084f50e/detection

allakorovi.temp.swtest.ru
/Vm_processasync.php

# Reference: https://www.virustotal.com/gui/file/5f615615c250fe6757004187cc0a1de547fbbb0fb922ea7d11838da7d98593be/detection

15.235.13.122:3000

# Reference: https://tria.ge/220209-d5xwlshba2/behavioral2

http://37.46.135.124

# Reference: https://tria.ge/220130-13xt6abccq/behavioral2

http://62.109.2.159

# Reference: https://tria.ge/220125-f2kszshddn/behavioral2

http://37.46.130.225

# Reference: https://tria.ge/220120-qjy8rsabdk/behavioral2

http://149.154.70.169

# Reference: https://www.virustotal.com/gui/file/f441ea0832309aa62b60882b28fbd5f4685fd75c0c188a1e4668237c5d0b30b9/detection
# Reference: https://www.virustotal.com/gui/file/0e748d0654f213eb61a27174cf40a102b38d241185d49cb348cde07350b85c50/detection

154.16.248.110:8848
154.16.248.223:8848
172.83.152.101:8848
23.237.25.128:8848
23.237.25.226:8848
23.237.25.232:8848
79.101.204.213:8848
zerocool888.duckdns.org

# Reference: https://www.virustotal.com/gui/file/d3d8c9bca1efbecedaa23e64e662214517926d481cc59edebc60145aabbf7730/detection

http://192.236.192.143

# Reference: https://www.virustotal.com/gui/file/0be0e32f4f1dfcd37a3afdb938d27345cd42a3512fbe1ae0b1c209dbe060bf12/detection

51.81.142.111:7979
pearvh.ddns.net

# Reference: https://www.virustotal.com/gui/file/0e8c253c11e409898c0c547c9fe47c6aa4441726061d8df6f7de32e7b6eb3f78/detection

cf47501.tmweb.ru

# Reference: https://www.virustotal.com/gui/file/ad2ef315d1e12b4f973eb23529f6c332fe67db210b59b588d6f1636003b240c1/detection

cd86823.tmweb.ru
/VmPythonserverTrafficdle.php

# Reference: https://www.virustotal.com/gui/file/ff7db454e5873e61727042bb37d5359ef5c8e4e5510fced6f4e21c9f442c7c14/detection

cy70433.tmweb.ru

# Reference: https://www.virustotal.com/gui/file/8f831441d0959368d3ee7d27441fc1156d77e3bc0ea443760e98b8c54c068178/detection

cr85089.tmweb.ru
/imageBigloadDefaultDleLocal.php

# Reference: https://www.virustotal.com/gui/file/aa255b75541e4e8163684cacedde6741f32e2622a0f6876a11caa4c9edb60c98/detection
# Reference: https://www.virustotal.com/gui/file/3aa22c46f786e2718696a5916e7f494d16ac51f51aa5c7d36439642fc93bdbe9/detection

197.210.227.5:3428
197.210.55.176:3428
frank.ddnsking.com

# Reference: https://www.virustotal.com/gui/file/ff3139e35eec5df931d732988e7a6b5612bb9f965ebb38708e4edbf1bebe2280/detection

a0613874.xsph.ru
/externaleternalApiTemporary.php

# Reference: https://www.virustotal.com/gui/file/fa682ed24f520200484355c5fc07427103d1c53a6db60f96d059855bc1ccef7c/detection

a0653333.xsph.ru
/ExternalJavascriptProcessTraffic.php

# Reference: https://www.virustotal.com/gui/file/f7dcbcdc69dc9091b4a243e43cbb020f45e3ec177bc8a375c61ec98615bf402f/detection

a0643628.xsph.ru

# Reference: https://www.virustotal.com/gui/file/ebcb5ce8775baac48a3211fc6a665b92ba5025cb9f37512ece0ca8fd28a70707/detection

a0643626.xsph.ru
/ToSqllinux.php

# Reference: https://www.virustotal.com/gui/file/ded5891b6f8f7dffa6ca268fb1c686c1f2017af2473cada96c99401baa8c1c32/detection

a0613505.xsph.ru
/requestGeoProtectflower.php

# Reference: https://www.virustotal.com/gui/file/dc11ec7791f71753d03cb63ed0c9ced53cb2e250a5413ccd8ec9ed609e2780ae/detection

a0604955.xsph.ru
/imageBaseTemptemporary.php

# Reference: https://www.virustotal.com/gui/file/d8f25d4e26a04cbfb40a44650503e944c2a628ae255bbf7aa3e3a6ed38a16bb2/detection

a0636388.xsph.ru
/processauthDleTemporary.php

# Reference: https://www.virustotal.com/gui/file/d67c934f491416949ea2f884dd92e1df963842b782883e7d2fcd3722e40b3051/detection

a0615272.xsph.ru

# Reference: https://www.virustotal.com/gui/file/d0ae81400fd405312a1f6e59846d9f494abc72f8075e592b4e63f227b2178ba4/detection

a0605075.xsph.ru

# Reference: https://www.virustotal.com/gui/file/d078590e47634128542985f434513e843c967b9097c6581c31b6c2bf704296f6/detection

a0640235.xsph.ru
/multiBasegeneratorPublicprivate.php

# Reference: https://www.virustotal.com/gui/file/12e6398f73e2b6945d16b3d64ae0d905b06be81e208ebc37f47001fe6186352b/detection

cv67410.tmweb.ru
/45cztqral1d4n7tbl6l58ivvuctd6v05rfncjtl9y17hdjefk/h72y35q4jeb9tmr8r3us68aomn9p4eix2hh5vyp5eumkciwn4udxkkw0v3q8k/f597d04c819c3ce4e2ce6278ae7bb73632e22455.php
/45cztqral1d4n7tbl6l58ivvuctd6v05rfncjtl9y17hdjefk/
/h72y35q4jeb9tmr8r3us68aomn9p4eix2hh5vyp5eumkciwn4udxkkw0v3q8k/
/f597d04c819c3ce4e2ce6278ae7bb73632e22455.php

# Reference: https://www.virustotal.com/gui/file/fd54ce3addfbcd79126599cb8b8cb9b140dd9defde04058f16b633a004f8c5d5/detection

ci40763.tmweb.ru
/ek5o644jb1mblccz2keb7qypfo3oxnx8hvfs8crzzd02ek2jsmufgr4i9p3xuq6qhwr2838co7ihehmtn0m9u/wyxtdmxpgxg94nxdieqsmok7p68lo0mj7w5tlbwe1rvhf80drwl4nvhriip2vtf656jpbuzapzyi1gerejz3h5r/fdbccf8d3c2e2a0b76ff89809ce571594dcdcb70.php
/ek5o644jb1mblccz2keb7qypfo3oxnx8hvfs8crzzd02ek2jsmufgr4i9p3xuq6qhwr2838co7ihehmtn0m9u/wyxtdmxpgxg94nxdieqsmok7p68lo0mj7w5tlbwe1rvhf80drwl4nvhriip2vtf656jpbuzapzyi1gerejz3h5r/fdbccf8d3c2e2a0b76ff89809ce571594dcdcb70.php
/ek5o644jb1mblccz2keb7qypfo3oxnx8hvfs8crzzd02ek2jsmufgr4i9p3xuq6qhwr2838co7ihehmtn0m9u/
/wyxtdmxpgxg94nxdieqsmok7p68lo0mj7w5tlbwe1rvhf80drwl4nvhriip2vtf656jpbuzapzyi1gerejz3h5r/
/fdbccf8d3c2e2a0b76ff89809ce571594dcdcb70.php

# Reference: https://www.virustotal.com/gui/file/f55a233ea31b463466defa5d5b3941699e76835a48d94ff8430a7ade30dbeddf/detection

193.161.193.99:59618
daddycitrix-59618.portmap.io

# Reference: https://blogs.blackberry.com/en/2022/05/dirty-deeds-done-dirt-cheap-russian-rat-offers-backdoor-bargains
# Reference: https://www.virustotal.com/gui/file/ae97918f7e22be53b7eb9778c11dec8d873989a2b798617a60b2d448fac5dc89/detection

co44089.tmweb.ru
/9rsk8lug9peq4f23cjhyo3fz2q7j81vhnvil6c6tjdc7adzbia1ki04d9p65b5wfe4ronb0rtm/4vsyc5bajheyp1gt5i63igklh15828uwuwsek0x0p9frsqy1l2boc3l936aratwc7jddw2djzm40u83r6f/d9475980a348412b6a890000bd9ece3a022be2e8.php
/9rsk8lug9peq4f23cjhyo3fz2q7j81vhnvil6c6tjdc7adzbia1ki04d9p65b5wfe4ronb0rtm/
/9rsk8lug9peq4f23cjhyo3fz2q7j81vhnvil6c6tjdc7adzbia1ki04d9p65b5wfe4ronb0rtm/4vsyc5bajheyp1gt5i63igklh15828uwuwsek0x0p9frsqy1l2boc3l936aratwc7jddw2djzm40u83r6f/
/4vsyc5bajheyp1gt5i63igklh15828uwuwsek0x0p9frsqy1l2boc3l936aratwc7jddw2djzm40u83r6f/d9475980a348412b6a890000bd9ece3a022be2e8.php
/4vsyc5bajheyp1gt5i63igklh15828uwuwsek0x0p9frsqy1l2boc3l936aratwc7jddw2djzm40u83r6f/
/d9475980a348412b6a890000bd9ece3a022be2e8.php

# Reference: https://www.virustotal.com/gui/file/00dca02ce6a738439634bf9794859f7fbb40e9e62e6701743e32c786f8269f23/detection

a0504029.xsph.ru
/adao541rcdh52c1u906nlakpjbwh21p47fejgvlrbka4w7vuut63sm9/10jrzpo8v95hjxexofgi2kabmhbwb9xlgu27uwlplsenpz6bccts2nq2424gmtv3ykp74/694e9a452a200fae5d4a04b05733dbdbac6fef75.php
/adao541rcdh52c1u906nlakpjbwh21p47fejgvlrbka4w7vuut63sm9/10jrzpo8v95hjxexofgi2kabmhbwb9xlgu27uwlplsenpz6bccts2nq2424gmtv3ykp74/
/10jrzpo8v95hjxexofgi2kabmhbwb9xlgu27uwlplsenpz6bccts2nq2424gmtv3ykp74/694e9a452a200fae5d4a04b05733dbdbac6fef75.php
/10jrzpo8v95hjxexofgi2kabmhbwb9xlgu27uwlplsenpz6bccts2nq2424gmtv3ykp74/
/adao541rcdh52c1u906nlakpjbwh21p47fejgvlrbka4w7vuut63sm9/
/694e9a452a200fae5d4a04b05733dbdbac6fef75.php

# Reference: https://www.virustotal.com/gui/file/0193945a5e4c654ae765e311a7bb0a5c1344ec3d5e7cf57f81620c6186d21841/detection

a0635613.xsph.ru
/SqlwindowsUniversalcdntemporary.php

# Reference: https://www.virustotal.com/gui/file/fd949b25fcc548aac88535151d8f8ad7302307c56357d90d0aa1a01fc55c7956/detection

a0501990.xsph.ru
/1jajffbp8t6k71fa9icrwylrgp4udpd7z62oz7bgp87x9finxn/ke0ide6s5hf7zokwe/e776f8f27539e2705547b02779c1b90b8b204984.php
/1jajffbp8t6k71fa9icrwylrgp4udpd7z62oz7bgp87x9finxn/ke0ide6s5hf7zokwe/
/ke0ide6s5hf7zokwe/e776f8f27539e2705547b02779c1b90b8b204984.php
/1jajffbp8t6k71fa9icrwylrgp4udpd7z62oz7bgp87x9finxn/
/ke0ide6s5hf7zokwe/
/e776f8f27539e2705547b02779c1b90b8b204984.php

# Reference: https://www.virustotal.com/gui/file/fc75f0331334f23072247d9eb4746e0c692b4bd724c6dc0bbf9f3093bb87105f/detection

/f6sct0q3lp/f7btjg0za5k069v46cxllp8vh93bw8wc23y5l2ue3tergt0us4qzq2bi5w1gb0lpn4/49832f0846f8d279cad20b836d78b599e2c668da.php
/f6sct0q3lp/f7btjg0za5k069v46cxllp8vh93bw8wc23y5l2ue3tergt0us4qzq2bi5w1gb0lpn4/
/f7btjg0za5k069v46cxllp8vh93bw8wc23y5l2ue3tergt0us4qzq2bi5w1gb0lpn4/49832f0846f8d279cad20b836d78b599e2c668da.php
/f6sct0q3lp/
/f7btjg0za5k069v46cxllp8vh93bw8wc23y5l2ue3tergt0us4qzq2bi5w1gb0lpn4/
/49832f0846f8d279cad20b836d78b599e2c668da.php

# Reference: https://www.virustotal.com/gui/file/f638a72eec11f20c56d6863b048f8f2d1a69cbb43512486454b48d0598a915d0/detection

a0620849.xsph.ru
/To_requestsqlgenerator.php

# Reference: https://www.virustotal.com/gui/file/f3910b4183705723698873055e2b8808ea4066ab9cbe0a65e65aed6f8027c287/detection

a0547090.xsph.ru

# Reference: https://www.virustotal.com/gui/file/f2a111bdc9a0fcff64c138c71e88cce5a2af06fdb323d6837d2449f377eb6b1b/detection

a0511040.xsph.ru
/ukntk5p5n3tkgyaa0kbzjqix6j82bc537oszjacooeung0v0f792fgoylh8zy3acp4r15j8p4i4e1vlusgl3pe/ia0g7rcp5ce07fq5shkvr462bvc8mwltmotn501xr65whdvcoq9tbslfwo1g7onfqye81qwi/b7594eb1766c3f4c49239eb927b936bfae118dc4.php
/ukntk5p5n3tkgyaa0kbzjqix6j82bc537oszjacooeung0v0f792fgoylh8zy3acp4r15j8p4i4e1vlusgl3pe/ia0g7rcp5ce07fq5shkvr462bvc8mwltmotn501xr65whdvcoq9tbslfwo1g7onfqye81qwi/
/ia0g7rcp5ce07fq5shkvr462bvc8mwltmotn501xr65whdvcoq9tbslfwo1g7onfqye81qwi/b7594eb1766c3f4c49239eb927b936bfae118dc4.php
/ia0g7rcp5ce07fq5shkvr462bvc8mwltmotn501xr65whdvcoq9tbslfwo1g7onfqye81qwi/
/ukntk5p5n3tkgyaa0kbzjqix6j82bc537oszjacooeung0v0f792fgoylh8zy3acp4r15j8p4i4e1vlusgl3pe/
/b7594eb1766c3f4c49239eb927b936bfae118dc4.php

# Reference: https://www.virustotal.com/gui/file/ea6fc1630a4ed56abe7d83529ce0c1ae122c11bde401048871d0513510e50f8e/detection

a0547138.xsph.ru

# Reference: https://www.virustotal.com/gui/file/e851b030549e4e022b46ec88fdec6a8aaf4ff41184332be8ac4cfeb8d4c7ec17/detection

a0506233.xsph.ru
/xjq3mmrkeov8cn4ydhcd/j4h220yu1ohi57exxz4dhsa3t7znjumbe5nmvw3rdgwga/80dc5955c8bef80ffc6828492786eb8ca61f8997.php
/xjq3mmrkeov8cn4ydhcd/j4h220yu1ohi57exxz4dhsa3t7znjumbe5nmvw3rdgwga/
/j4h220yu1ohi57exxz4dhsa3t7znjumbe5nmvw3rdgwga/80dc5955c8bef80ffc6828492786eb8ca61f8997.php
/j4h220yu1ohi57exxz4dhsa3t7znjumbe5nmvw3rdgwga/
/xjq3mmrkeov8cn4ydhcd/
/80dc5955c8bef80ffc6828492786eb8ca61f8997.php

# Reference: https://www.virustotal.com/gui/file/e7589f12f5f6bd06cb353809cae963730aaac1829327474793f0c8028a5d6548/detection

a0499458.xsph.ru
/mjcstx05nas5guqmw74orf9aue1eqvlexi469bpjprkg30ezp8boa0hg2u29w3tdifq6more/sd9fzlf0mzptv876giu43a8o8c6n7ygq8jz19ext452cyyaren36whfix1jpug46ki5s/3853f5654eb40f9911242115ee8218fff8de6ae8.php
/mjcstx05nas5guqmw74orf9aue1eqvlexi469bpjprkg30ezp8boa0hg2u29w3tdifq6more/sd9fzlf0mzptv876giu43a8o8c6n7ygq8jz19ext452cyyaren36whfix1jpug46ki5s/
/sd9fzlf0mzptv876giu43a8o8c6n7ygq8jz19ext452cyyaren36whfix1jpug46ki5s/3853f5654eb40f9911242115ee8218fff8de6ae8.php
/mjcstx05nas5guqmw74orf9aue1eqvlexi469bpjprkg30ezp8boa0hg2u29w3tdifq6more/
/sd9fzlf0mzptv876giu43a8o8c6n7ygq8jz19ext452cyyaren36whfix1jpug46ki5s/
/3853f5654eb40f9911242115ee8218fff8de6ae8.php

# Reference: https://www.virustotal.com/gui/file/e34ac32e1ed63dbac5f1ea54b05aa670339db0ddd786ae4fd3c484c22091d86b/detection

a0512913.xsph.ru
/s81o2tn5p605rt71m6u3jghhb0b03qsa44oddlsjaytzt4paz2pq7a7oj7biqe39/528mdec649upg6f2ra5ytesid3dvl9nh45b4pwlanpm7biqaaqrvqxgx0gtug31n7bt9e4ml77f3w6/1942c9b90273e2f2fa8a022e10535d3d226e3d07.php
/s81o2tn5p605rt71m6u3jghhb0b03qsa44oddlsjaytzt4paz2pq7a7oj7biqe39/528mdec649upg6f2ra5ytesid3dvl9nh45b4pwlanpm7biqaaqrvqxgx0gtug31n7bt9e4ml77f3w6/
/528mdec649upg6f2ra5ytesid3dvl9nh45b4pwlanpm7biqaaqrvqxgx0gtug31n7bt9e4ml77f3w6/1942c9b90273e2f2fa8a022e10535d3d226e3d07.php
/528mdec649upg6f2ra5ytesid3dvl9nh45b4pwlanpm7biqaaqrvqxgx0gtug31n7bt9e4ml77f3w6/
/s81o2tn5p605rt71m6u3jghhb0b03qsa44oddlsjaytzt4paz2pq7a7oj7biqe39/
/1942c9b90273e2f2fa8a022e10535d3d226e3d07.php

# Reference: https://www.virustotal.com/gui/file/dd6a597309522bf6cd51cdbbf7a17a3148f2b1367ea87aa5b54a4cda76d12e24/detection

a0509262.xsph.ru
/hb1gymx2f7szz1rahc7jn5x4fu943e0k4te0y/36fll0sqbzxn79ia7wdc/1db7cb52a48c5e4b186a7ab240d346d4d5c54eda.php
/hb1gymx2f7szz1rahc7jn5x4fu943e0k4te0y/36fll0sqbzxn79ia7wdc/
/36fll0sqbzxn79ia7wdc/1db7cb52a48c5e4b186a7ab240d346d4d5c54eda.php
/36fll0sqbzxn79ia7wdc/
/hb1gymx2f7szz1rahc7jn5x4fu943e0k4te0y/
/1db7cb52a48c5e4b186a7ab240d346d4d5c54eda.php

# Reference: https://www.virustotal.com/gui/file/d98b8c3e36db621aea1b70e30290c8df7ed5f16585285c8af3e83bac6121ed44/detection

a0636042.xsph.ru

# Reference: https://www.virustotal.com/gui/file/d720cd83354d772ed43d388ca6117257b4e77c74550f9140a8311fc564c8c0ad/detection

a0636235.xsph.ru

# Reference: https://www.virustotal.com/gui/file/d4a3c8464081d0f33ddc2d954f35f678c9da896f1ea14a5ca5c21e3fab34635e/detection

a0607571.xsph.ru
/javascriptsecureauthGameuniversal.php

# Reference: https://www.virustotal.com/gui/file/d379acd0508f62cd1074da129c2a1d6478fae5c10ae0de05005b05e268ae779e/detection

a0512176.xsph.ru
/47hcq7zohwim1npp2lf3x16dq4ue/yyiq8nqjfxjxl7r7ttgodhimeln9wp55alx9ujrvikb2ba33w/8be8b684d4f6852a286a4b2b0ae48476765c4d4e.php
/47hcq7zohwim1npp2lf3x16dq4ue/yyiq8nqjfxjxl7r7ttgodhimeln9wp55alx9ujrvikb2ba33w/
/yyiq8nqjfxjxl7r7ttgodhimeln9wp55alx9ujrvikb2ba33w/8be8b684d4f6852a286a4b2b0ae48476765c4d4e.php
/47hcq7zohwim1npp2lf3x16dq4ue/
/yyiq8nqjfxjxl7r7ttgodhimeln9wp55alx9ujrvikb2ba33w/
/8be8b684d4f6852a286a4b2b0ae48476765c4d4e.php

# Reference: https://www.virustotal.com/gui/file/cd22545cd8815721dd36621d53c0a759a9a7db32e9709b9810cddfe320f54bce/detection

a0505523.xsph.ru
/rxrz942aiuu4l8pz911zftk80r96wapccjubcecid2dnukfb1l7vkft3vyy07gao6txs5v5dxil5/olvsy92ekms4xtegh8ut2uaglv9sx3c80fng5kdqe8jn6itjnc18qlnjuiw31zro2xao327x46c5w34/3444644e44c1647371bd5dfb1f4c154e2628a7d9.php
/rxrz942aiuu4l8pz911zftk80r96wapccjubcecid2dnukfb1l7vkft3vyy07gao6txs5v5dxil5/olvsy92ekms4xtegh8ut2uaglv9sx3c80fng5kdqe8jn6itjnc18qlnjuiw31zro2xao327x46c5w34/
/olvsy92ekms4xtegh8ut2uaglv9sx3c80fng5kdqe8jn6itjnc18qlnjuiw31zro2xao327x46c5w34/3444644e44c1647371bd5dfb1f4c154e2628a7d9.php
/olvsy92ekms4xtegh8ut2uaglv9sx3c80fng5kdqe8jn6itjnc18qlnjuiw31zro2xao327x46c5w34/
/rxrz942aiuu4l8pz911zftk80r96wapccjubcecid2dnukfb1l7vkft3vyy07gao6txs5v5dxil5/
/3444644e44c1647371bd5dfb1f4c154e2628a7d9.php

# Reference: https://www.virustotal.com/gui/file/c9799f909a0bf09ef5fab57929cd0de349aad34c2456e8dd076a878921427a43/detection

a0502373.xsph.ru
/95d8wtybliyy4c6xga0vs1uzc9/qrle8kye8zrfk7b4iz7m25gyxpioon3nz23wm32t26zcds0ve6szgcemt2a9fsbp5n85s6avj3bwvc1amj5guh47d/1689e55ee8d0b7689e40485576d1d8903252a398.php
/95d8wtybliyy4c6xga0vs1uzc9/qrle8kye8zrfk7b4iz7m25gyxpioon3nz23wm32t26zcds0ve6szgcemt2a9fsbp5n85s6avj3bwvc1amj5guh47d/
/qrle8kye8zrfk7b4iz7m25gyxpioon3nz23wm32t26zcds0ve6szgcemt2a9fsbp5n85s6avj3bwvc1amj5guh47d/1689e55ee8d0b7689e40485576d1d8903252a398.php
/95d8wtybliyy4c6xga0vs1uzc9/
/qrle8kye8zrfk7b4iz7m25gyxpioon3nz23wm32t26zcds0ve6szgcemt2a9fsbp5n85s6avj3bwvc1amj5guh47d/
/1689e55ee8d0b7689e40485576d1d8903252a398.php

# Reference: https://www.virustotal.com/gui/file/c010d0c7128593451922c1513c9b4afa3453e3c9f73e3eb164689cdaf246b372/detection

a0615320.xsph.ru
/EternalGeneratorwordpressprivate.php

# Reference: https://www.virustotal.com/gui/file/c00bda11c896a535e69e122d9727f19346bf75bc601e4f599abba928c94a5c1b/detection

a0509427.xsph.ru
/0mqeh34ok06sgd36e5t/dp6mhcfn80s3jnls9hhje7q9i74e8fnotkr5zkg9354fbqj57xyjbkrd9god5mm68/f32ab53a4e9a006cb78f5151fe42a10eb173f34b.php
/0mqeh34ok06sgd36e5t/dp6mhcfn80s3jnls9hhje7q9i74e8fnotkr5zkg9354fbqj57xyjbkrd9god5mm68/
/dp6mhcfn80s3jnls9hhje7q9i74e8fnotkr5zkg9354fbqj57xyjbkrd9god5mm68/f32ab53a4e9a006cb78f5151fe42a10eb173f34b.php
/0mqeh34ok06sgd36e5t/
/dp6mhcfn80s3jnls9hhje7q9i74e8fnotkr5zkg9354fbqj57xyjbkrd9god5mm68/
/f32ab53a4e9a006cb78f5151fe42a10eb173f34b.php

# Reference: https://www.virustotal.com/gui/file/b76d4d55a77e60335c601937e5640e9340d81958c0fe3d7589200437114ee289/detection

a0530235.xsph.ru

# Reference: https://www.virustotal.com/gui/file/b6e5eb6c4977b9d2fc3450f329df3d278520113b7f4971957e3fe6d298087fec/detection

a0507655.xsph.ru
/tgm1bkvusaettq/25ke48f4rznl2/e911ccbf80878043841ae566261d6d088e7b9f76.php
/tgm1bkvusaettq/25ke48f4rznl2/
/25ke48f4rznl2/e911ccbf80878043841ae566261d6d088e7b9f76.php
/25ke48f4rznl2/
/tgm1bkvusaettq/
/e911ccbf80878043841ae566261d6d088e7b9f76.php

# Reference: https://www.virustotal.com/gui/file/0058b8d9c8c1158938c5cb6bb8812d745720df7d930f922ff62503ec64c016f9/detection

f0489337.xsph.ru
/4co6nkvlyzq7nnxoghatiyygje7dvtis5i4rkcil1/daqvp0s8mjwvvt95z7311j2qc3po9qsxe0eyhf6ryaktqute8248i1f5ru822hjnjt4zbkivjakrr40tl/fc8ba6c59d8743c977012be26c9b31afc585846a.php
/4co6nkvlyzq7nnxoghatiyygje7dvtis5i4rkcil1/daqvp0s8mjwvvt95z7311j2qc3po9qsxe0eyhf6ryaktqute8248i1f5ru822hjnjt4zbkivjakrr40tl/
/daqvp0s8mjwvvt95z7311j2qc3po9qsxe0eyhf6ryaktqute8248i1f5ru822hjnjt4zbkivjakrr40tl/fc8ba6c59d8743c977012be26c9b31afc585846a.php
/4co6nkvlyzq7nnxoghatiyygje7dvtis5i4rkcil1/
/daqvp0s8mjwvvt95z7311j2qc3po9qsxe0eyhf6ryaktqute8248i1f5ru822hjnjt4zbkivjakrr40tl/
/fc8ba6c59d8743c977012be26c9b31afc585846a.php

# Reference: https://www.virustotal.com/gui/file/819a6e842b7837d2b08acaf4fe967fbe5773d508ac7942edcd78813138184c77/detection

http://149.154.70.81
/zb71wvnuncm5g37hb4doz0gkhfy6rxo1fscb6u9uudo2yp6rp9q0vsj28/3lc4qki7n2954yke05xqzvlfp48v59novo4fg88h4fzmtfwa8cbkrmxji1hbo9smr6l7ppgle/5a2194a364aeae82c34648c9543e8ee7725f5bb5.php
/zb71wvnuncm5g37hb4doz0gkhfy6rxo1fscb6u9uudo2yp6rp9q0vsj28/3lc4qki7n2954yke05xqzvlfp48v59novo4fg88h4fzmtfwa8cbkrmxji1hbo9smr6l7ppgle/
/3lc4qki7n2954yke05xqzvlfp48v59novo4fg88h4fzmtfwa8cbkrmxji1hbo9smr6l7ppgle/5a2194a364aeae82c34648c9543e8ee7725f5bb5.php
/3lc4qki7n2954yke05xqzvlfp48v59novo4fg88h4fzmtfwa8cbkrmxji1hbo9smr6l7ppgle/
/zb71wvnuncm5g37hb4doz0gkhfy6rxo1fscb6u9uudo2yp6rp9q0vsj28/
/5a2194a364aeae82c34648c9543e8ee7725f5bb5.php

# Reference: https://www.virustotal.com/gui/file/003ffe92e0586bdfc75e35fce3d959a2be1f1003a6f60591ffe671fa7bad632a/detection

cg38346.tmweb.ru
/06qd02/4k4fu7wdr8yn18sfc4imxod979kt3jmtzad4vrpbz5vvul5wpom/65c42b42653fba838f215c3150f7a59527ad3b3c.php
/4k4fu7wdr8yn18sfc4imxod979kt3jmtzad4vrpbz5vvul5wpom/65c42b42653fba838f215c3150f7a59527ad3b3c.php
/4k4fu7wdr8yn18sfc4imxod979kt3jmtzad4vrpbz5vvul5wpom/
/65c42b42653fba838f215c3150f7a59527ad3b3c.php

# Reference: https://www.virustotal.com/gui/file/0a66fab23fc185a17155e98e68315898fbab45bf6a5120d40734f1d0e17ed0bf/detection

ct51793.tmweb.ru
/vmpolllowprotect.php

# Reference: https://tria.ge/220513-1c14wsbhb8/behavioral1
# Reference: https://tria.ge/220513-epmldaccb8/behavioral1

http://31.148.99.171

# Reference: https://www.virustotal.com/gui/file/eed1a9f0ec43c5ae892d3405db010421f0961d53a0728c5f298d45baa31f9e92/detection

a0679997.xsph.ru

# Reference: https://www.virustotal.com/gui/file/6db9070ee1d70e0d24eee9794c461f7bc8be994f7fe7ad721ade2fe3b09bde42/detection

a0662376.xsph.ru
/providersecureApiLinux.php

# Reference: https://www.virustotal.com/gui/file/73583b83b0864479a0731f3d7aa8986f20415ce961774b13029ada8b778790ac/detection

154.12.230.109:8848

# Reference: https://www.virustotal.com/gui/file/06ad34aa4dc9bdef0a3bc023060110d6f879774411ed397caf07f00d5d6f2a4f/detection

a0684770.xsph.ru

# Reference: https://cert.gov.ua/article/405538 (# Ukrainian, UAC-0113)
# Reference: https://www.virustotal.com/gui/file/2b2438aa8da7c23e714f2d7a196d82ed52914c9353ef9fded01448216bd858ff/detection

plexbd.net/MSCommondll.exe
plexbd.net/MSCommonDriver.exe
datagroup.ddns.net
/PythonHttpGeolongpolldefault.php

# Reference: https://www.fortinet.com/blog/threat-research/ukraine-targeted-by-dark-crystal-rat

star-cz.ddns.net

# Reference: https://www.virustotal.com/gui/file/0007015ce9090fc52712bc0148a974c643fc570b56d8d78765a6fbde9953639d/detection

hyuihyuihyuihyuihyuihyuihyuihyuihyuihyuihyu.site

# Reference: https://www.virustotal.com/gui/file/b64e011891245dfd504c35145c073ab37a7298ca12ba7c0b40190f83bfba5566/detection

http://149.154.70.91
/phprequestApiuniversalpublic.php

# Reference: https://www.virustotal.com/gui/file/1f97e20f092479de14e6ecc4debcbc835528a0de8d75c5f2ac36d9c24d08555b/detection

http://149.154.70.79

# Reference: https://www.virustotal.com/gui/file/1e1ddbd0db9aeff25d220aaa65a1118c38b90e6ad3d268fd4b47ec898bf3d17a/detection

http://87.236.146.23
/Temp5To/HttpPollUniversalgame/sql/02Httpcdn/httpLinux.php

# Reference: https://www.virustotal.com/gui/file/ced36829a9dcff10487b26b9c931c399f4dba93ae3a226c0174426ee02b0c8f9/behavior/VirusTotal%20Jujubox

http://185.46.10.74
/Vm_Servercentral.php

# Reference: https://github.com/ti-research-io/ti/blob/main/ioc_extender/ET_DCRat_Related.json

bomber.dcrat.ru

# Reference: https://www.virustotal.com/gui/file/ba532af8694c6cb7ed64a3967366e9356082f1038e7983f7829ad94f55bb0cf6/detection
# Reference: https://www.virustotal.com/gui/file/f5e5848f11cb330a78ae2c4177ba72a229a7298894061436abcf5bec3c70b752/detection

a0698769.xsph.ru

# Reference: https://www.virustotal.com/gui/file/00671603a647502a53d1fea47406952e22d1de35151f6f3aa187e209da5f1793/detection

a0546152.xsph.ru
/lowUpdategameflower.php

# Reference: https://www.virustotal.com/gui/file/180bdaa12e54e3cc55aec3b80ef124626b997145c520125e96ed750c0a815857/detection

clmonth.nyashteam.ml
1002.clmonth.nyashteam.ml
1006.clmonth.nyashteam.ml
1007.clmonth.nyashteam.ml
1008.clmonth.nyashteam.ml
1648.clmonth.nyashteam.ml
2069.clmonth.nyashteam.ml
2255.clmonth.nyashteam.ml
23457.clmonth.nyashteam.ml
2765.clmonth.nyashteam.ml
28958.clmonth.nyashteam.ml
2945.clmonth.nyashteam.ml
3587.clmonth.nyashteam.ml
3598.clmonth.nyashteam.ml
5422.clmonth.nyashteam.ml
5687.clmonth.nyashteam.ml
61633.clmonth.nyashteam.ml
7485.clmonth.nyashteam.ml
7539.clmonth.nyashteam.ml
7865.clmonth.nyashteam.ml
7885.clmonth.nyashteam.ml
7935.clmonth.nyashteam.ml
9076.clmonth.nyashteam.ml

# Reference: https://www.virustotal.com/gui/file/9fd9b29ea8b6c727dcf1853272ce5b8e4a18ed109e38b0c4857a601e41f81b13/detection

eternity.fbkw.ru
/supersecret/getlatestversionnnncnnnnnnnnnnnnnnnnnnnnannnnnnnnnnnnnnnnnnnnnnnnannnaaa.php
/secretet/vZGOpKmEUkU7BDMvGUZ97QNikJvrOmXSGsjWZ8g0kbT4Nv.php
/getlatestversionnnncnnnnnnnnnnnnnnnnnnnnannnnnnnnnnnnnnnnnnnnnnnnannnaaa.php
/vZGOpKmEUkU7BDMvGUZ97QNikJvrOmXSGsjWZ8g0kbT4Nv.php

# Reference: https://twitter.com/MBThreatIntel/status/1556683337258782720
# Reference: https://www.virustotal.com/gui/file/c90bd7b3e642eba0ab5a1153dde46a1c01131a773956f54801c7380ba037e6b6/detection

sublimetext.me
h925402f.beget.tech
/ServerDefaultBasedatalifedownloads.php

# Reference: https://www.virustotal.com/gui/file/0fd56384d2b39661d2a81b16bd5aa72ae4deb023dda532796acc94516fc1b9de/detection
# Reference: https://app.any.run/tasks/ccecbcd8-f578-40c7-be8a-8bf59e751e0e/

a0682132.xsph.ru
narzieo9.beget.tech
/SecurebaseTraffic.php
/updateapidbCentral.php

# Reference: https://www.virustotal.com/gui/file/03d2ea4dd1ce66403b7977dfdf6fc2a9708425fee1d9b4792ac465578788c61d/detection

a0521453.xsph.ru
/voir02dspjj3azy9xnvqpidhtx1ih6ymcnf7qk7nbjm3gg4lrqpukwjr8twctg5rt297dx6eg5/p7v8ksbrt61jpbbemgmk6wzh6n/c62e14ab2c403943c7e5f1f40282c9a92a2d1d0c.php
/voir02dspjj3azy9xnvqpidhtx1ih6ymcnf7qk7nbjm3gg4lrqpukwjr8twctg5rt297dx6eg5/
/p7v8ksbrt61jpbbemgmk6wzh6n/c62e14ab2c403943c7e5f1f40282c9a92a2d1d0c.php
/p7v8ksbrt61jpbbemgmk6wzh6n/
/c62e14ab2c403943c7e5f1f40282c9a92a2d1d0c.php

# Reference: https://www.virustotal.com/gui/file/21cb6213795cabdcb33cd3102017a9e2a4ad31395976edf02311423ad0f622af/detection

a0703775.xsph.ru

# Reference: https://www.virustotal.com/gui/file/09342b36eeaad27a94f1fd6817bf161cf1c9194709ce8fe869afccd4239f4db3/detection

a0554670.xsph.ru
/PacketgamemultiFlowerTraffic.php

# Reference: https://www.virustotal.com/gui/file/005cc836619526899f69218adb2a46f51f4847d8b43c36a7821c3c9a1abc1110/detection

http://86.110.212.29

# Reference: https://www.virustotal.com/gui/file/2aebe64ad1d7e84b2111b0571276c760eeabd6b641c89c09ba2d9ef95cd883c8/detection

a0710769.xsph.ru
/externalCdntemporary.php

# Reference: https://www.virustotal.com/gui/file/03d0857d5817b72bd95ebb768b41c8d0bd819ad041289ff378dbac621bee2597/detection

asdfadawdawd.ru
/externalauthdbwpPrivate.php

# Reference: https://www.virustotal.com/gui/file/07dd506c59ad8f994f52611247eed8275201d0acb24c1341e33ffd75cceaac85/detection

a0521182.xsph.ru
/ac80iuazteg5lj5e610udcmw3t2xlqrf8oy0pi2/iryj0onjpw3m3xchqsi9zi5k1ghin9p6tk41ers9ejlkmbg60vbhj4hkxlr/kor3vehmv2ztwnlzxsqpgzp8p6haj3coqm6qd54clt61n9fuohygfwmixdi/d96da147ddc7c66170035f82a42d9c2f.php
/ac80iuazteg5lj5e610udcmw3t2xlqrf8oy0pi2/iryj0onjpw3m3xchqsi9zi5k1ghin9p6tk41ers9ejlkmbg60vbhj4hkxlr/kor3vehmv2ztwnlzxsqpgzp8p6haj3coqm6qd54clt61n9fuohygfwmixdi/
/ac80iuazteg5lj5e610udcmw3t2xlqrf8oy0pi2/iryj0onjpw3m3xchqsi9zi5k1ghin9p6tk41ers9ejlkmbg60vbhj4hkxlr/
/iryj0onjpw3m3xchqsi9zi5k1ghin9p6tk41ers9ejlkmbg60vbhj4hkxlr/kor3vehmv2ztwnlzxsqpgzp8p6haj3coqm6qd54clt61n9fuohygfwmixdi/
/ac80iuazteg5lj5e610udcmw3t2xlqrf8oy0pi2/
/iryj0onjpw3m3xchqsi9zi5k1ghin9p6tk41ers9ejlkmbg60vbhj4hkxlr/
/kor3vehmv2ztwnlzxsqpgzp8p6haj3coqm6qd54clt61n9fuohygfwmixdi/
/d96da147ddc7c66170035f82a42d9c2f.php

# Reference: https://www.virustotal.com/gui/file/3c167c067abc30c62d2d74e7409d65cc84ae051a868ce55ee0a1f4de0a3059fb/detection

cw85895.tmweb.ru

# Reference: https://www.virustotal.com/gui/file/000f3f7a71b10f42d32371c5dff7b974300a45fa35f9a7d8024a4ec4fcabab41/detection

a0709015.xsph.ru
/pollFlowerAsyncwordpress.php

# Reference: https://www.virustotal.com/gui/file/00775bf2d98db532ca754489e9f262bbead5f19e6a5b2114e9f3fc989e70dde9/detection

a0706820.xsph.ru

# Reference: https://www.virustotal.com/gui/file/035e94c3897695d24524b01e141f8c904034e15bf0d6492d8005b81d8c1e1424/detection

asos.bar
/bigloadMultiBase.php

# Reference: https://www.virustotal.com/gui/file/2a833361299f6bd61506cf3ac29e25fa960467657cc92f23a6d36bd65a4aabd5/detection

a0685116.xsph.ru

# Reference: https://www.virustotal.com/gui/file/d4d8519fb5cb89f65a29db531034be71cb4c41188c512e01eb48c0ff9e9175f7/detection

a0715881.xsph.ru

# Reference: https://www.virustotal.com/gui/file/7aa907117d7dc41bcf159506536af6d2b76f2ac49adbacbb9748ac09917310ef/detection

a0715314.xsph.ru

# Reference: https://twitter.com/MisterCh0c/status/1123890895605194752
# Reference: https://app.any.run/tasks/39dc7c95-2f60-4a0f-b962-5abb688817ba

darkcrystalrat29.000webhostapp.com
uproxies.myarena.ru

# Reference: https://www.virustotal.com/gui/file/b88b12d7dc8c791383f11a7f2083b0f16d353c6e47615b10bc533c36ef893e96/detection

mamont1337.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/b4d86cc2a6d1417ab614fd759cadbdd03750511cda2cd4d063b92b1daae6cffe/detection

pwnova.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/0f1611211d77702a6f7dd5f1110afdf85bd3d6d2d0d2f569fe2a4962acec2de8/detection

payloads-poison.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/3f17bcfc62559226df10d47eb9769b32c7c2ef5ad44889f0c253e1fcc5d68dea/detection

zorgehnajamn.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/ef486eaf9407e020a911c8795e334b6be98cf84386ac3eeaa25488c975b47227/detection

ponchikgribov.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/c0741e25484d3ed9ab786a852564500602186b59638397ffbe37eab9182a7512/detection

holohololo.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/561f3702f2bc11607012f82894475da814052c925d7d2afd242a95dc5f5a7363/detection

mabuch.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/ebb67c781269d75cc4aa1c5aacdc4ab1289a603dc5532ccc2fb7dbbed284d786/detection

0x01f1.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/bbde4f9a20c30515c9c163709e7fb670d296e087f486278a3017fdaeea282114/detection

supercraftalex.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/0783ad7db9e4f015a8c4a2100da925c43e9197996463f03194519aa8a70d6328/detection

silentscanner.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/de622b50da9fad14bee683c2d46ffa167a453d8cd0d31f7a86d72d2cf5de8b13/detection

thedonserver2.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/a69604b7a62ff5eab64e011fbe653d83b0d7e854633528aedb98a27a300e9cdb/detection

vanityss0.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/fa76b811f2ea98f5c356bac7d2c27cca58c7db23729307fed74650c7ee95075f/detection

allopathic-trays.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/6ad0fb9af26cd895584d71f89186754ab9263c6034126f8ae2be9a85a8ea3482/detection

fritroser.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/9c370e4919315bd7b718e4ccdf605f2332ab672b53209c12dfdd22ebd5bf63b6/detection

cuberdragon.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/7bb559915ee54376af490aec3354df9d024f4c80878eb5c976caf98aff430d7e/detection

spikerr.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/50d8c57679ebf98a325f0cca86309fbd757964accd8e694cc31553c792551c5b/detection

hkmksmsjn.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/fcf3dd30c43dbd3fb8db46ffbd90aa898f821acd5f77c79b0f22da4ef824010e/detection

eliseyhaise1488.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/1c7fbedcbbe92c3c00c58d75ed8f02ddc79ce3af209f68305758a785200b09a9/detection

nosky777.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/f0bd98484d599b26d067ae42c5baf4cacf88170d397b5bf805c3cb8fb558aaa2/detection

zorgehnajamn.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/eb94e806bfd7e5e3aa1a5aee781150cc7e1e83af22a6c0194c6138673a006fb0/detection

jssh.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/92e6d7a6e8e9bdf59d8c92f54ef8f076b04ea31d62e20e83add00d70f53f0373/detection

superacute-barrier.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/d1f9e8d2c091a5ec29a0420ed3a2002209689799ec7babcf1e1ff81775234d53/detection

filesfloader.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/d4a47a202068cf51c8b10381cbdd414f24af4a7c7562b97472540d7a02646d09/detection

diversionary-turbul.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/f3261eab08f0316d237bb474734674acd4a8eeb183331ce689d1cee57de94218/detection

hkmksmsjn.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/873baf17585637276230e7c7b358321ac0e7f9c1e64878b708a030104836e7d6/detection

rat21212121.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/769609d8870d14efe8688affabf153dd287dd7ca97ea81b921704bab1752c150/detection

nikotsu.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/f8eda3c1be8522ab6afd7e8f259ec592292b7940a7f9ee189ecdd5b9ccee2eb9/detection

labscreenshare.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/c3309c40ed05075598d9a44d06be2a5eea0c25ce11e2741e5e1e5239b0f0259e/detection

kasumeauth.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/a8d4bfcf4a966ac593f31cf8fe82b8f133034066859acb8bb54fc19577b35d14/detection

denotable-guide.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/aff3a5987ebd22e6bab2845e8b5f033149d9f6fd38c1c19f63a9b666a78cda84/detection

wolfgt.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/7def4faac6dca29bd03a5b4bcd3e5ead02fdb6318a0b308f88d9cc16065c729c/detection

ratfunpay.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/5ce86179014d6b741a6be05600151c2cf7f6140dc4115e05e3f2261484e677c1/detection

testforpurp.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/b8850467013fa029a51489ee66554fd70296690713a07d80eef978f8871ae8e4/detection

telenor-location-setup.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/47b664ab4e3913721c25763104d534a2585a9f3464b20d5a0b3604b877543ece/detection

hutech123.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/71a5ced54a8792c354b729bbbdd97a132ee32acc332e7cc2136d5fd158bd0dca/detection

dcrettting.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/6fb1b51833dd0eea891ea931b2b4d54835f5b19791b4065babea5538c4d982a6/detection

masha1488.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/1ea8e7c9a99f93222159b00b3713de60ab6364a93a62b18fc24f572922edef86/detection

asbfbzvfhsebh.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/04f0cbef22ec452eb8024aabe693157d03a1d6ff488600b541483d11895eba90/detection

asdasd1010.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/46667d51bd5a6cf6bb93ea291a95ac66fe65459f17d001c40b9a2978bb0fe1ca/detection

mrbigg.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/282cb1832225f49f62850ea57f5227dfadf7a118a609d7ea1488cae8c1029990/detection

mrbiggg.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/ab8f00944d1323c75dedce595036a16765ada233648e247afc30bc76e7ec1914/detection

zorgehnajamn.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/49d323809906bf0326d5cd2e721c301672dfb9e5832bb7470d3693b6cc7c973d/detection

organner.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/7d13019882ad60fc65881d607360a8b1441cb6dde43d1f92e120940f791701d7/detection

kiwihook228.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/f0c5303a8a8713f4c73f9b04debfde6387a37fb0fdab0fd3dba68b4ac9388181/detection

kdwahjdklawhflahywfilyhaw.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/0012c370f4fe5384a99e4041530a76f14518ebf1fa79e2569eae21044f25ca74/detection

moralfag228.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/32d69753f2cfdf76427e497f6798fd10fff58c0b6bfdb3fda5eaf510b1890511/detection

matvey2207api.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/1689209fe6dab791b4d7eedee0ac05cd1119328b9217ae1f2b48f66a6b7f1ef4/detection

icursos.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/8ff34b12b7a065fcb4b75e55b4ca06cfc5b40aa51afa763e881f522a534ade7b/detection

huongtra899.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/e1f53c1783e59c5a3ea7d28ceac7c74b2eb81ac850a74c1e90bd82a0314024f2/detection

frogmezserver.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/37d8371c4d5db0701605f647dda2482ae2c0383793544caaa6ac218d630e8cb4/detection

diyspecial.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/d7c16df73304c6d7c166200b0e5bf8cc0cf0701d3f49539e95efd4078a12fd44/detection

wannatalk.000webhostapp.com

# Reference: https://twitter.com/James_inthe_box/status/1435345484139286530
# Reference: https://app.any.run/tasks/46d1eb68-c229-4263-bf3f-207dbcd5d896/

http://178.250.158.47

# Reference: https://twitter.com/James_inthe_box/status/1448751827046985746
# Reference: https://app.any.run/tasks/66fad0a4-789c-4d09-bb1c-12f9ff2bb92e/

http://82.146.34.178

# Reference: https://www.virustotal.com/gui/file/4b4a3839ecf1b4103a231af600a029d5b315cedd359ec3bdfaf61bb243ae7297/detection

7539.clmonth.nyashteam.ru

# Reference: https://www.virustotal.com/gui/file/02177431b0825bf9f3d7c7d887c82494a3d1fd89f3e24d9128f126dd56f06a73/detection

95892.clmonth.nyashteam.ru

# Reference: https://www.virustotal.com/gui/file/e50d7c1551535c94387091a653d18f5ecc26b6a15c04392523fde82df61f310c/detection

f0531789.xsph.ru

# Reference: https://twitter.com/WhichbufferArda/status/1581332837814636545
# Reference: https://www.virustotal.com/gui/file/72a3dffc4708d9e9eedffd81cc26ca19df813db423e848bbaf092540d9e36eab/detection

bayraktar.fun

# Reference: https://twitter.com/pmelson/status/1585699881905451008
# Reference: https://www.virustotal.com/gui/file/49a59c92e9c1876828015fa1985132058e1ac023a196c2942ebef409789bb356/detection

141.255.147.241:8973

# Reference: https://twitter.com/tosscoinwitcher/status/1586061272197476352
# Reference: https://www.virustotal.com/gui/file/005ca7fcb95236a3ae86e744c9d9b41ad97e74205ca5c2151e60abd4676fbd66/detection

http://188.120.244.159
/lineCentralTo0/Voiddb0Request8/7centralPrivate/
/Request1/0/universalDefaulthttp/
/Request9Multi6/ApigeotempProtect/GeneratorLineServer/
/Request9Multi6/
/Voiddb0Request8/

# Reference: https://www.virustotal.com/gui/file/02dd2d41ea02bee1d7a6505fa299cacb41024a6c6a1b2eb9e43597bc1b5854b1/detection

a0724321.xsph.ru
/PythonprotectLinuxAsync.php

# Reference: https://www.virustotal.com/gui/file/041bd486fefe872019f748d66a7d5dee4b097d4b222c320ce94f89133b6860a6/detection

http://194.58.98.53
/ExternalRequestpollsqlasync.php

# Reference: https://www.virustotal.com/gui/file/053f31bae67a9d04b92b11e54981618f7da49b9d4b77344babaebd7773fc76b1/detection

a0571604.xsph.ru
/imageApiDefaultflower.php

# Reference: https://www.virustotal.com/gui/file/0051ad484af03c603e1c10dd3b70f700faee7d46e86fe3467ed393bf18249a7b/detection

malenkybabejon.xyz

# Reference: https://www.virustotal.com/gui/file/08b2434fa33b35c428fb85e938fed0d6d715b5e46806bbe2d130ebb0ed2df614/detection

http://13.90.128.253

# Reference: https://www.virustotal.com/gui/file/ae3b4897a288a41ec73e1a6b94ce89b982a35e4ee754208e035877ed27ad17a8/detection

103.151.123.121:8890
toff7857.duckdns.org

# Reference: https://www.virustotal.com/gui/file/a6f9c3a7f821cad5b2095915c015fce09729cb2f4637c1ee002dd8f3ec951a81/detection

103.151.123.121:8895
moneyinthemaking33.duckdns.org

# Reference: https://www.virustotal.com/gui/file/1e01bacfc305cac510024cfd91980e72f7f162f3feb017637d43b013195e13ee/detection

dthaurs.duckdns.org
gdbsty.duckdns.org
makingthomas9.duckdns.org
medelinemellinger.duckdns.org
morningb006.duckdns.org

# Reference: https://www.virustotal.com/gui/file/05c5855645215f25843fb116d4ad622331599e6823c1ac08e26b3ec016462c00/detection

a0642773.xsph.ru
/processoruniversalpublic.php

# Reference: https://www.virustotal.com/gui/file/0fb1da58743a6a21376c4d513e4e8dd39e176719b9f89551c94a88e21b58922d/detection

a0654793.xsph.ru
/trafficdatalifewpdlepublic.php

# Reference: https://www.virustotal.com/gui/file/d4b5239cf81c54d406e6f208359145d7ea1fb429a3a245e2c805161d761737de/detection

a0740712.xsph.ru

# Reference: https://www.virustotal.com/gui/file/04d48912fee541a1dcec802ac9065a91cfb75114fdea1edd43b8a4a9d538299d/detection

193.149.3.239:1938
liteshare.co
one.liteshare.co

# Reference: https://www.virustotal.com/gui/file/0000ad0538e40f2c6a61df90552b1603a05556a620dd5e09d07c0d4cf6b329d2/detection

a0741693.xsph.ru

# Reference: https://www.virustotal.com/gui/file/23fda5b36c96f2c2e7e5ae8a0ba46eee0b898fa97c95b522bef284134b78e21b/detection

a0751745.xsph.ru

# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-12-29-IOCs-for-malware-from-fake-Adobe-Reader-page.txt
# Reference: https://www.joesandbox.com/analysis/775734?idtype=analysisid
# Reference: https://www.virustotal.com/gui/file/37082f0b757d6c249b870c29872a9bf8e38e344150735d9b6d2a64364b18b226/detection

78.47.195.75:4448
78.47.195.75:4449
adobereaders.co
bravebrowsers.cc
system-checki.com

# Reference: https://twitter.com/suyog41/status/1612421819646226432
# Reference: https://www.virustotal.com/gui/file/aa7329f9d3c9b4c1620182c9697b905ce03819a6b538d8c5e70142a6aad4e712/detection

http://149.154.68.247
/PollProcessvoiddb/Cpu5js/lowserverflowerCdn.php
/PollProcessvoiddb/Cpu5js/
/PollProcessvoiddb/
/lowserverflowerCdn.php

# Reference: https://www.virustotal.com/gui/file/2f2d38c73fd78cfbb16fe47b098400197de6021d58038fdc49679a4b756463e3/detection

18.228.115.60:11104
18.229.146.63:11104
18.229.248.167:11104
18.229.94.15:11104
18.231.93.153:11104
52.67.169.190:11104
52.67.76.246:11104
54.94.248.37:11104

# Reference: https://www.virustotal.com/gui/file/4a8ccf53b785ab0ee93db39aaa6d656c19a7705d5a38f298a6bc5fa8250995f3/detection

http://135.181.83.211
/cpugamedefaultsqlDatalife.php

# Reference: https://www.virustotal.com/gui/file/b2d97d507306f7abbed7ca882340f456a17cdf176488faa8f8e0741019300d78/detection

http://212.113.106.79

# Reference: https://twitter.com/ScumBots/status/1621223797071175682
# Reference: https://www.virustotal.com/gui/file/4f23c0742d9a19732acdcc777b4168366d4762b7f9fa553d1dbc62b68378cc97/detection

20.197.196.201:7749
intrudernomercy.duckdns.org

# Reference: https://www.virustotal.com/gui/file/6cff73a9a97ff3955d44e35310ccec01847143a9e70678f685840d7c8ad25971/detection

ca22859.tw1.ru
/ProcessorauthTestLocal.php

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/

http://109.107.189.197
http://109.172.44.182
http://109.248.42.13
http://121.40.81.65
http://130.255.170.91
http://135.181.106.220
http://135.181.164.113
http://135.181.99.197
http://136.243.179.74
http://141.94.188.141
http://142.132.182.134
http://145.239.27.225
http://146.19.207.252
http://146.19.207.58
http://146.19.233.133
http://146.19.24.118
http://147.182.195.133
http://148.251.242.103
http://149.154.64.5
http://149.154.65.218
http://149.154.66.74
http://149.154.67.30
http://149.154.68.117
http://149.154.69.71
http://149.154.70.15
http://149.154.71.242
http://151.248.117.210
http://151.248.121.68
http://159.65.31.64
http://162.55.170.203
http://162.55.33.151
http://164.92.181.85
http://165.22.23.36
http://167.235.28.213
http://167.235.57.39
http://167.88.170.23
http://172.104.4.99
http://172.245.10.88
http://176.113.82.46
http://176.124.200.25
http://176.124.201.32
http://176.126.103.159
http://176.126.103.211
http://176.126.103.47
http://176.31.32.199
http://176.57.69.97
http://176.99.12.128
http://178.154.196.48
http://178.20.47.110
http://178.250.156.239
http://178.250.156.30
http://178.250.157.127
http://178.250.157.16
http://178.250.158.26
http://178.250.158.55
http://178.250.159.150
http://178.250.159.206
http://178.250.159.50
http://178.250.247.22
http://179.43.175.120
http://185.103.254.119
http://185.104.248.184
http://185.106.92.40
http://185.112.83.126
http://185.112.83.48
http://185.12.126.186
http://185.143.220.212
http://185.146.156.142
http://185.146.156.144
http://185.156.72.35
http://185.16.38.98
http://185.16.39.123
http://185.174.136.169
http://185.174.136.187
http://185.189.12.109
http://185.189.13.15
http://185.197.75.85
http://185.204.0.144
http://185.206.214.155
http://185.213.211.238
http://185.219.40.39
http://185.224.135.74
http://185.229.66.123
http://185.233.38.221
http://185.233.80.179
http://185.235.218.66
http://185.241.61.111
http://185.246.65.133
http://185.246.65.20
http://185.246.65.77
http://185.246.65.81
http://185.246.66.170
http://185.246.67.84
http://185.251.90.27
http://185.43.4.142
http://185.43.4.223
http://185.43.4.27
http://185.43.4.31
http://185.43.5.151
http://185.43.5.62
http://185.43.5.75
http://185.43.6.111
http://185.43.6.68
http://185.43.7.221
http://185.46.10.199
http://185.5.248.148
http://185.51.246.172
http://185.60.134.186
http://185.92.149.245
http://188.120.224.116
http://188.120.224.97
http://188.120.225.216
http://188.120.225.47
http://188.120.226.13
http://188.120.228.186
http://188.120.229.72
http://188.120.231.113
http://188.120.231.63
http://188.120.233.209
http://188.120.235.7
http://188.120.236.137
http://188.120.237.72
http://188.120.240.211
http://188.120.241.206
http://188.120.243.11
http://188.120.244.227
http://188.120.244.38
http://188.120.246.154
http://188.120.246.49
http://188.120.248.214
http://188.120.253.98
http://188.120.254.194
http://188.120.254.81
http://188.225.72.109
http://188.93.233.120
http://192.95.55.233
http://193.106.191.180
http://193.108.113.28
http://193.109.78.76
http://193.124.22.2
http://193.124.22.3
http://193.188.23.169
http://193.233.48.42
http://193.233.49.76
http://194.147.90.111
http://194.163.190.76
http://194.190.152.128
http://194.190.153.34
http://194.226.121.128
http://194.226.121.164
http://194.226.121.83
http://194.26.229.18
http://194.26.229.23
http://194.26.229.54
http://194.26.229.65
http://194.36.177.74
http://194.36.177.98
http://194.40.243.101
http://194.5.78.193
http://194.61.52.49
http://194.67.110.48
http://194.67.111.145
http://194.67.119.11
http://194.67.67.104
http://194.67.67.43
http://194.67.74.169
http://194.67.87.32
http://194.67.92.230
http://194.67.92.38
http://194.87.186.10
http://194.87.199.77
http://194.87.214.216
http://194.87.216.2
http://194.87.216.73
http://194.87.218.122
http://194.87.219.243
http://194.87.232.197
http://194.87.237.68
http://194.87.31.20
http://194.87.62.41
http://194.87.82.229
http://195.133.1.180
http://195.133.1.65
http://195.133.75.174
http://195.133.75.213
http://195.133.75.27
http://195.133.88.26
http://195.140.146.115
http://195.140.147.188
http://195.3.223.215
http://195.3.223.218
http://195.3.223.79
http://2.56.59.225
http://2.57.186.38
http://20.113.82.15
http://20.26.196.182
http://207.148.109.186
http://209.209.113.33
http://212.109.192.100
http://212.109.195.180
http://212.109.198.236
http://212.113.116.24
http://212.162.153.128
http://212.192.14.24
http://213.159.214.231
http://217.114.43.68
http://217.25.95.234
http://217.28.221.151
http://217.28.223.117
http://23.137.249.17
http://23.227.193.58
http://3.122.113.204
http://3.123.129.109
http://3.249.182.164
http://31.129.22.12
http://31.172.66.22
http://31.184.249.5
http://31.24.87.18
http://31.24.87.49
http://31.42.177.7
http://37.143.12.118
http://37.143.9.37
http://37.220.86.127
http://37.220.87.84
http://37.228.93.151
http://37.230.112.51
http://37.230.113.176
http://37.230.113.20
http://37.230.113.43
http://37.230.113.82
http://37.230.116.166
http://37.230.117.59
http://37.252.1.137
http://37.46.130.13
http://37.46.130.214
http://37.46.131.62
http://37.46.133.171
http://37.46.134.156
http://38.242.133.44
http://38.242.207.140
http://45.124.115.20
http://45.128.234.216
http://45.132.1.186
http://45.137.65.70
http://45.140.147.119
http://45.141.100.241
http://45.141.76.106
http://45.141.79.87
http://45.142.122.12
http://45.142.36.241
http://45.144.2.118
http://45.15.157.11
http://45.153.186.205
http://45.153.229.94
http://45.156.84.108
http://45.63.74.55
http://45.8.158.146
http://45.81.227.27
http://45.82.13.18
http://45.83.122.110
http://45.83.194.100
http://45.83.194.102
http://45.86.229.156
http://45.93.200.140
http://46.148.114.84
http://46.151.30.40
http://46.175.145.60
http://46.175.150.73
http://46.3.197.42
http://46.3.197.86
http://46.3.199.118
http://46.3.199.52
http://46.30.45.25
http://47.254.235.229
http://47.96.64.30
http://5.101.44.217
http://5.63.154.100
http://5.63.159.147
http://51.161.64.200
http://51.210.69.65
http://51.250.37.171
http://51.250.8.242
http://51.38.92.34
http://51.91.193.177
http://62.109.0.205
http://62.109.1.128
http://62.109.1.226
http://62.109.10.87
http://62.109.12.97
http://62.109.13.12
http://62.109.15.235
http://62.109.16.69
http://62.109.17.127
http://62.109.2.209
http://62.109.2.36
http://62.109.20.14
http://62.109.21.205
http://62.109.23.37
http://62.109.25.235
http://62.109.26.135
http://62.109.27.119
http://62.109.27.237
http://62.109.28.158
http://62.109.28.7
http://62.109.30.213
http://62.109.30.9
http://62.109.31.158
http://62.109.31.200
http://62.109.31.35
http://62.109.4.67
http://62.109.5.198
http://62.109.5.68
http://62.109.5.72
http://62.109.8.21
http://62.109.8.37
http://62.109.9.201
http://62.113.110.142
http://62.113.118.176
http://62.113.96.135
http://62.217.176.20
http://62.84.97.90
http://64.225.102.136
http://65.109.63.235
http://65.21.251.86
http://77.246.158.136
http://77.246.158.191
http://77.246.158.205
http://77.55.208.121
http://77.73.131.144
http://77.73.131.194
http://77.73.133.58
http://77.73.133.75
http://77.91.124.246
http://77.91.68.78
http://77.91.77.179
http://78.24.216.186
http://78.24.218.129
http://78.24.219.249
http://78.24.220.207
http://78.24.220.74
http://78.24.221.170
http://78.24.222.67
http://78.24.222.9
http://78.24.223.39
http://78.24.223.53
http://79.110.52.107
http://79.124.56.6
http://79.137.196.92
http://79.137.202.179
http://79.174.12.172
http://79.174.12.29
http://79.174.13.54
http://80.66.64.164
http://80.66.79.39
http://80.66.79.5
http://80.66.79.51
http://80.78.241.48
http://80.78.247.142
http://80.78.251.115
http://80.85.142.179
http://80.87.192.227
http://80.87.192.58
http://80.87.194.58
http://80.87.194.76
http://80.87.196.100
http://80.87.196.254
http://80.87.197.225
http://80.87.198.211
http://80.87.198.76
http://80.87.199.172
http://80.87.199.19
http://80.87.200.238
http://80.87.201.177
http://80.87.201.178
http://80.87.202.58
http://80.87.202.7
http://80.87.202.92
http://81.19.140.16
http://81.200.152.41
http://82.115.223.17
http://82.115.223.92
http://82.146.33.148
http://82.146.34.194
http://82.146.34.244
http://82.146.35.75
http://82.146.38.48
http://82.146.41.71
http://82.146.42.247
http://82.146.43.104
http://82.146.43.67
http://82.146.45.68
http://82.146.45.7
http://82.146.46.170
http://82.146.46.51
http://82.146.47.144
http://82.146.48.150
http://82.146.48.223
http://82.146.48.233
http://82.146.49.100
http://82.146.52.151
http://82.146.52.198
http://82.146.52.200
http://82.146.52.217
http://82.146.53.241
http://82.146.54.148
http://82.146.54.219
http://82.146.55.100
http://82.146.55.21
http://82.146.56.217
http://82.146.56.24
http://82.146.56.83
http://82.146.58.86
http://82.146.59.136
http://82.146.59.195
http://82.146.60.81
http://82.146.61.207
http://82.146.62.116
http://82.146.63.142
http://82.148.30.111
http://83.136.232.133
http://83.136.232.155
http://83.136.232.228
http://83.136.232.237
http://83.136.232.25
http://83.136.233.84
http://83.220.168.32
http://83.220.168.58
http://83.220.170.162
http://83.220.172.137
http://83.220.172.179
http://83.220.173.110
http://83.220.173.145
http://83.220.173.194
http://83.220.175.103
http://83.220.175.138
http://84.32.190.8
http://85.192.41.4
http://85.192.63.166
http://85.193.80.152
http://85.31.46.137
http://86.110.212.160
http://87.236.146.103
http://87.251.77.205
http://88.210.9.215
http://89.107.10.225
http://89.108.102.163
http://89.108.115.110
http://89.108.76.178
http://89.108.81.97
http://89.108.88.227
http://89.185.85.200
http://89.208.142.177
http://89.23.110.215
http://89.23.97.43
http://89.23.97.74
http://89.41.182.81
http://91.151.88.63
http://91.201.112.111
http://91.209.226.36
http://91.219.62.158
http://91.227.113.154
http://91.240.84.249
http://91.240.86.94
http://91.242.229.77
http://91.243.59.65
http://91.245.227.34
http://92.255.107.243
http://92.53.71.105
http://92.63.101.174
http://92.63.101.82
http://92.63.102.68
http://92.63.103.35
http://92.63.104.181
http://92.63.104.237
http://92.63.104.240
http://92.63.104.30
http://92.63.104.47
http://92.63.104.96
http://92.63.106.232
http://92.63.106.249
http://92.63.106.6
http://92.63.107.12
http://92.63.192.101
http://92.63.192.33
http://92.63.96.83
http://92.63.97.118
http://92.63.97.158
http://92.63.97.168
http://92.63.97.36
http://92.63.99.234
http://94.103.81.144
http://94.103.81.146
http://94.103.81.174
http://94.103.82.132
http://94.103.92.207
http://94.124.78.86
http://94.131.96.44
http://94.142.142.6
http://94.23.190.57
http://94.250.249.169
http://94.250.250.160
http://94.250.252.221
http://94.250.252.243
http://94.250.253.4
http://94.250.254.158
http://94.250.254.199
http://94.250.254.43
http://94.250.254.50
http://94.250.255.214
http://94.250.255.250
http://95.142.43.115
http://95.143.179.155
http://95.163.233.217
http://95.214.53.31
http://95.217.99.28
102.140.196.34:3851
103.133.105.61:1338
103.133.105.61:8848
185.70.104.53:3861
194.26.229.33:85
209.151.144.77:443
91.193.75.139:5900
91.193.75.152:7196
91.193.75.175:9217
91.193.75.235:5900
91.193.75.244:5900
042832.clmonth.nyashteam.top
043659.clmonth.nyashteam.top
077147.clmonth.nyashteam.top
101583.clmonth.nyashteam.top
12342.clmonth.nyashteam.ru
12418.clmonth.nyashteam.ru
12748.clmonth.nyashteam.ru
14888.clmonth.nyashteam.ru
151-248-118-14.cloudvps.regruhosting.ru
158447.clmonth.nyashteam.top
16530.clmonth.nyashteam.ru
171304.clmonth.nyashteam.top
188726.clmonth.nyashteam.top
191151.clmonth.nyashteam.top
191191.cllt.nyashteam.top
194-58-107-59.cloudvps.regruhosting.ru
194-67-90-137.cloudvps.regruhosting.ru
198939.clmonth.nyashteam.top
2030.clmonth.nyashteam.ru
22865.clmonth.nyashteam.ru
22866.clmonth.nyashteam.ru
23457.clmonth.nyashteam.ru
23558.clmonth.nyashteam.ru
24820.clmonth.nyashteam.ru
24824.clmonth.nyashteam.ru
248706.clmonth.nyashteam.top
25066.clmonth.nyasht.ml
26150.clmonth.nyashteam.ru
273709.clmonth.nyashteam.top
28049.clmonth.nyashteam.ru
281429.clmonth.nyashteam.top
286216.clmonth.nyashteam.top
28747.clmonth.nyashteam.ml
29035.clmonth.nyashteam.ru
310246.clmonth.nyashteam.top
32589.clmonth.nyashteam.ml
32589.clmonth.nyashteam.ru
32836.clmonth.nyashteam.ru
336522.clmonth.nyashteam.top
33811.clmonth.nyashteam.ru
33866.clmonth.nyashteam.ru
341560.clmonth.nyashteam.top
344968.clmonth.nyashteam.top
34843.clmonth.nyashteam.ru
34845.clmonth.nyashteam.ru
349733.clmonth.nyashteam.top
355969.clmonth.nyashteam.top
37-140-195-166.cloudvps.regruhosting.ru
372260.clmonth.nyashteam.top
384445.clmonth.nyashteam.top
39841.clmonth.nyashteam.ru
40211.clmonth.nyashteam.ru
403267.clmonth.nyashteam.top
41028.clmonth.nyashteam.ru
43425.clmonth.nyashteam.ml
456445.clmonth.nyashteam.top
468840.clmonth.nyashteam.top
471120.clmonth.nyashteam.top
481372.clmonth.nyashteam.top
48808.clmonth.nyashteam.ru
48944.cllt.nyashteam.top
49856.clmonth.nyashteam.ml
51165.clmonth.nyashteam.top
525803.clmonth.nyashteam.top
55441.clmonth.nyashteam.ru
55555.clmonth.nyashteam.ml
561706.clmonth.nyashteam.top
58261.clmonth.nyashteam.ru
583848.clmonth.nyashteam.top
58561.clmonth.nyashteam.ru
5b5t.servegame.com
618239.clmonth.nyashteam.top
61839.clmonth.nyashteam.ru
64198.clmonth.nyashteam.ml
64372.clmonth.nyashteam.ru
64714.clmonth.nyashteam.ru
66223.clmonth.nyashteam.ru
66444.cllt.nyashteam.top
669731.clmonth.nyashteam.top
670880.clmonth.nyashteam.top
677710.clmonth.nyashteam.top
684386.clmonth.nyashteam.top
686084.clmonth.nyashteam.top
707731.clmonth.nyashteam.top
71902.clmonth.nyashteam.ru
72606.clmonth.nyashteam.ru
75419.clmonth.nyashteam.ru
76427.clmonth.nyashteam.top
76429.clmonth.nyashteam.top
76834.clmonth.nyashteam.ml
777233.clmonth.nyashteam.top
7fc3460091094336a2af4e71b7590b6e.ru
802560.clmonth.nyashteam.top
802772.clmonth.nyashteam.top
809212.clmonth.nyashteam.top
81888.cllt.nyashteam.ru
81888.cllt.nyashteam.top
82607.clmonth.nyashteam.ru
82881.clmonth.nyashteam.ru
83107.clmonth.nyashteam.ru
834532.clmonth.nyashteam.top
852543.clmonth.nyashteam.top
871356.clmonth.nyashteam.top
87550.clmonth.nyashteam.ru
88225.cllt.nyashteam.ru
88300.clmonth.nyashteam.ru
88314.cllt.nyashteam.top
88730.clmonth.nyashteam.ru
888888.cllt.nyashteam.top
896447.clmonth.nyashteam.top
90465.clmonth.nyashteam.ml
904927.clmonth.nyashteam.top
91898.clmonth.nyashteam.ru
93404.clmonth.nyashteam.ru
947425.clmonth.nyashteam.top
948166.clmonth.nyashteam.top
956787.clmonth.nyashteam.top
95892.clmonth.nyashteam.site
982918.clmonth.nyashteam.top
9837.cllt.nyashteam.ru
98612.clmonth.nyashteam.ru
98765.clmonth.nyashteam.ru
98875.clmonth.nyashteam.ru
989673.clmonth.nyashteam.top
99099.clmonth.nyashteam.ml
99944.clmonth.nyashteam.ru
a-plague-tale.top
a0561607.xsph.ru
a0561978.xsph.ru
a0562386.xsph.ru
a0562792.xsph.ru
a0566780.xsph.ru
a0567317.xsph.ru
a0582236.xsph.ru
a0594391.xsph.ru
a0603308.xsph.ru
a0613321.xsph.ru
a0615510.xsph.ru
a0632115.xsph.ru
a0632804.xsph.ru
a0635682.xsph.ru
a0638710.xsph.ru
a0639268.xsph.ru
a0639896.xsph.ru
a0642012.xsph.ru
a0642085.xsph.ru
a0642285.xsph.ru
a0643725.xsph.ru
a0643994.xsph.ru
a0646475.xsph.ru
a0647213.xsph.ru
a0648010.xsph.ru
a0653501.xsph.ru
a0655106.xsph.ru
a0656330.xsph.ru
a0678146.xsph.ru
a0682348.xsph.ru
a0684190.xsph.ru
a0689393.xsph.ru
a0693837.xsph.ru
a0694489.xsph.ru
a0694602.xsph.ru
a0697183.xsph.ru
a0697279.xsph.ru
a0698517.xsph.ru
a0699063.xsph.ru
a0701472.xsph.ru
a0702131.xsph.ru
a0702220.xsph.ru
a0702895.xsph.ru
a0703811.xsph.ru
a0705512.xsph.ru
a0706778.xsph.ru
a0706896.xsph.ru
a0707468.xsph.ru
a0709203.xsph.ru
a0709573.xsph.ru
a0712169.xsph.ru
a0712674.xsph.ru
a0713666.xsph.ru
a0717143.xsph.ru
a0719318.xsph.ru
a0723621.xsph.ru
a0724768.xsph.ru
a0728179.xsph.ru
a0728273.xsph.ru
a0728298.xsph.ru
a0729054.xsph.ru
a0729543.xsph.ru
a0730110.xsph.ru
a0730393.xsph.ru
a0730546.xsph.ru
a0730923.xsph.ru
a0736143.xsph.ru
a0739347.xsph.ru
a0741539.xsph.ru
a0744037.xsph.ru
a0756235.xsph.ru
a0756488.xsph.ru
a0758190.xsph.ru
a0761206.xsph.ru
a0761701.xsph.ru
a0761996.xsph.ru
a0764072.xsph.ru
a0765835.xsph.ru
a0769200.xsph.ru
a0771106.xsph.ru
a0772555.xsph.ru
a0776567.xsph.ru
a0780562.xsph.ru
a0784310.xsph.ru
a0787727.xsph.ru
a0788683.xsph.ru
a0794138.xsph.ru
a0794203.xsph.ru
a0802004.xsph.ru
access.samp-loader.ru
app.squidgame.to
armannl5.beget.tech
barsukk676.duckdns.org
battletw.beget.tech
bigboxt5.beget.tech
bksdk.jsonwf.pw
blamblambla.cyberhost.ml
blockchainc.us
blockchainsync.us
bunkovb3.beget.tech
ca04510.tw1.ru
ca50999.tmweb.ru
ca69244.tw1.ru
cb93602.tw1.ru
cd44093.tmweb.ru
ce30512.tmweb.ru
ce48662.tmweb.ru
cf90664.tmweb.ru
ch14079.tmweb.ru
chamilqn.beget.tech
cheathub.space
cheatinghub.com
ck43536.tmweb.ru
ck44758.tw1.ru
cm07739.tmweb.ru
cm71694.tw1.ru
cm87547.tw1.ru
cm97018.tmweb.ru
cortez.cyberhost.ml
cp48625.tmweb.ru
cs78629.tmweb.ru
csomundibash.ru
cu59983.tw1.ru
cv44623.tw1.ru
cw31476.tw1.ru
cw55706.tw1.ru
cx15642.tmweb.ru
cz09685.tw1.ru
cz81401.tw1.ru
darksrystalryk.com.swtest.ru
david79t.beget.tech
dcbiorlov.shop
dcmobina.duckdns.org
dcrat.host
ddergaixyi.site
devil137.ru
domain2424242.ru.host1855822.serv80.hostland.pro
domdain2.co.vu
duhgfb6e.beget.tech
e908170j.beget.tech
era-paradise.ru
expl01t.tk
f0571616.xsph.ru
f0629544.xsph.ru
f0633137.xsph.ru
f0639494.xsph.ru
f0653783.xsph.ru
f0681920.xsph.ru
f0713677.xsph.ru
f0715481.xsph.ru
f0772589.xsph.ru
f0786544.xsph.ru
fioradro.cyberhost.cf
forusualworkwithpeople.space
funnym78.beget.tech
furiosgr.isp26.admintest.ru
g35hn83489.tmweb.ru
h158013.srv16.test-hf.su
h162295.srv13.test-hf.su
h162345.srv12.test-hf.su
haivo.co.zw
haskers.ru
hesoyam.space
imhaacja.beget.tech
jokerkqc.beget.tech
kadyeri.cyberhost.cf
kasikkar.beget.tech
kykelone.cyberhost.ml
kyrainkg.beget.tech
l96588w5.beget.tech
leshaed5.beget.tech
limfunsto.site
lkofkkkkfkjjsfh.drive-35.ru
lubluabobu.com
marspaste.com
metacryptobot.com
msmpeng.cyberhost.ml
n953700o.beget.tech
nestell.cyberhost.ml
neverchurka.ml
newdfhfgdjmfgjm.store
nftbanger.ru
nikitabon2.temp.swtest.ru
nulledgames.fun
pashkis.beget.tech
phoenass.cyberhost.ml
play-varryal.online
policefbr.linkpc.net
portfolioksk.xyz
rapidtestdr.com
rfewkfnr234.cf
s18senfg.beget.tech
sashaplays5.ru.com
sdwasdwads.tk
shrekforever.tk
softportal.tk
soubmaag.beget.tech
srv174492.hoster-test.ru
svinlasf.ru
tcp.viewdns.net
tomattolittle.su
trenbalon.cyberhost.ml
u1174726leb.ha004.t.justns.ru
u13794788m.ha003.t.justns.ru
u1638884.plsk.regruhosting.ru
u1721466.trial.reg.site
ulihkapc.beget.tech
universalwordpress.site
usehvhgf.beget.tech
vaynhaqt.beget.tech
vbhfghgfjjfgd.online
vkggttin.beget.tech
vlaadblp.beget.tech
whatipedia.org
windowsign.theworkpc.com
wp.banjaro.de
xxhdftgjftgkjfgk.site
y5z2870c.beget.tech
ya-ebal-reg-ru-v-rot.site
yadrochy.ru.com
ytdjfugjwtruykjhgf.sytes.net
zamineserver.online
zebra1987.fvds.ru
zorz1337.xyz

# Reference: https://www.virustotal.com/gui/file/544248eab18c06346bb6819c0763ba2ed7a7f89fc98ae37e7b74e21f2393dcbb/detection

a0684985.xsph.ru
/providerpollPackettemp.php

# Reference: https://twitter.com/crep1x/status/1638596454087368708
# Reference: https://www.virustotal.com/gui/file/7606edcf0491794b631f9aaf1a7e34fd0960e542d30614b562c8423afc86e2c1/detection

nyvhpww3.beget.tech
/dc/apiMultitemp.php

# Reference: https://www.virustotal.com/gui/file/04f46cc5cc7dfab4b587bedd1663d868b9c6c53998dccfbbff7594a8cab4bcf7/detection

http://37.46.130.3

# Reference: https://www.virustotal.com/gui/file/ebdf74f5b6e0b49bdb471dc9c908c5b741ed113049744328af8f73aec4f57b67/detection

http://195.123.246.86

# Reference: https://www.virustotal.com/gui/file/930261f96fe4393d9e4bef23d4eb932b33d1f0f957d9483f6da2dca3767f750b/detection
# Reference: https://www.virustotal.com/gui/file/8cafad64caf5dcac0117b5bd535782280375ea68eb28be0d8421f61b03e2c641/detection

/LinejavascriptDb.php

# Reference: https://www.virustotal.com/gui/file/0aca0b24374538efda88f17bbe3ed4d0adcb9c361552af5b45d83d858b253dbd/detection

http://62.109.15.166

# Reference: https://blog.bushidotoken.net/2023/05/fake-steam-desktop-authenticator-app.html

gllthub.com
glthub.org
gthub.org
steamauthenticator.net
steamdesktopauthenticator.net
steamdesktopauthenticator.org
steamdesktopauthenticator.ru

# Reference: https://www.virustotal.com/gui/file/2d2211d9266e7080e6e12d150829935a3f0794e4d499199f9c7480de02b458d7/detection

http://141.95.84.40

# Reference: https://www.virustotal.com/gui/file/b31c082dea750e9be6e1cf866efaef2c129e836c5db54198089a8745c79a4569/detection

173.44.50.86:7788
flugrekorder.duckdns.org

# Reference: https://www.virustotal.com/gui/file/6a8ea9c4a9200f1dc374e7a60ffaf6ac6399bccf17eeb3c0c7ebe047ee9e6843/detection
# Reference: https://www.virustotal.com/gui/file/a16465e149e3d655f042fe17721a93f54c9db0ce45cc09b7152fbd4710f71b78/detection
# Reference: https://www.virustotal.com/gui/file/aa44b193e2eb0046c55dc1a78fed298c361f06835256504ff42db39c5692df10/detection

20.200.63.2:2525
asegurarq.duckdns.org
envio2023junio.duckdns.org
hjgeuyiohfkjsdfhgiwe.duckdns.org

# Reference: https://www.virustotal.com/gui/file/f1e5829e0f9473127d72559e3f811dcb5158d22e09eb4925ef27c7ada864fe6f/detection

191.89.243.236:4242
moneymaker.dynuddns.net

# Reference: https://www.virustotal.com/gui/file/df7a8962331cc5a23cd13744420aa91547cfc085950d22ab1b7e4f298b2ee0ab/detection

179.13.3.110:2356
promotores14.duckdns.org

# Reference: https://www.virustotal.com/gui/file/7b1bb2682a37f2a3f5aa1de69eed5ba5b44debe322b0409ce261492751c01f5f/detection
# Reference: https://www.virustotal.com/gui/file/db56ca34b934ee56d33478d16413a49d78a7671fd92c9a7a9444c48469030520/detection

179.13.3.110:7575
neweraimporta1.duckdns.org
newroda2023.duckdns.org

# Reference: https://www.virustotal.com/gui/file/6c64cb817eb68c8fd0f051b00fcb20a0a28e26062d06eebe2502d8e8077c6116/detection

74.119.194.154:2060
distributework.theworkpc.com

# Reference: https://www.virustotal.com/gui/file/eb61309bd790110928277bed37961dbd7dfd8360286c670fbc100fd0c4623c32/detection

52.152.223.228:8848
newforting.duckdns.org

# Reference: https://www.virustotal.com/gui/file/b5a07ffef279e824561d2fb7c6f3f8f2ce86f8fd407fd091820fa35f4dc3a99a/detection

185.106.93.148:2020

# Reference: https://www.virustotal.com/gui/file/f0708715c7c8fbd9e77083048adf331c8be83a2049863a8e71cbf63353ab45a0/detection

154.29.75.191:2027
avsdefender.giize.com

# Reference: https://twitter.com/drb_ra/status/1683550086104489985

191.101.3.50:8848

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-07-25)

http://109.172.83.121
http://113.30.150.52
http://138.128.242.147
http://149.154.64.92
http://159.89.232.82
http://176.37.97.210:81
http://178.250.156.210
http://185.112.144.202
http://185.146.156.56
http://185.146.157.245
http://185.146.157.98
http://185.20.227.154
http://185.43.4.203
http://185.46.46.139
http://188.120.226.231
http://188.120.227.150
http://188.120.233.131
http://188.120.233.146
http://188.120.233.42
http://188.120.236.114
http://188.120.251.253
http://188.225.58.206
http://188.225.58.220
http://193.124.92.72
http://193.233.164.54
http://194.26.229.33:85
http://194.58.92.23
http://212.109.194.187
http://212.109.195.44
http://212.109.199.150
http://212.224.113.92
http://217.144.103.26
http://217.196.96.4
http://31.41.221.82
http://37.230.116.57
http://37.46.129.39
http://37.46.134.225
http://45.12.238.157
http://45.140.147.214
http://45.153.68.9
http://45.8.230.157
http://45.91.8.171
http://46.149.77.33
http://46.175.146.110
http://5.161.143.111
http://5.252.118.26
http://5.42.65.49
http://62.109.12.5
http://62.109.17.54
http://62.109.22.191
http://62.109.27.71
http://62.109.7.0
http://62.113.96.239
http://77.73.131.120
http://77.91.72.151
http://79.132.140.15
http://79.137.202.118
http://79.137.207.211
http://80.78.251.51
http://80.87.192.174
http://80.90.185.107
http://82.146.36.3
http://82.146.43.250
http://82.165.114.107
http://83.220.174.44
http://89.185.85.106
http://89.191.228.213
http://89.23.96.74
http://89.23.97.153
http://92.255.107.38
http://92.51.36.155
http://92.63.107.224
http://92.63.189.63
http://92.63.193.111
http://92.63.193.81
http://92.63.97.185
http://94.131.112.154
1.165.96.128:4480
1.242.139.44:8848
103.144.148.219:8080
103.146.78.130:8848
103.170.118.35:8848
103.186.108.229:14567
103.186.108.229:8848
104.219.234.167:8848
109.195.94.247:8848
111.229.139.47:8848
112.213.98.87:8848
120.78.151.171:7777
120.78.151.171:7788
124.72.246.78:6079
134.255.216.148:80
139.180.143.50:8848
141.95.84.40:112
142.202.242.168:8848
142.202.242.168:9898
144.126.230.14:102
144.126.230.14:1111
144.126.230.14:6666
154.53.42.53:8848
172.111.236.107:8848
172.94.103.171:8848
177.255.88.252:5022
179.43.154.184:8888
179.61.251.188:8848
185.225.18.110:2100
185.241.208.121:9898
185.246.222.117:8000
191.101.3.50:8848
192.99.10.207:8848
193.42.32.159:8848
194.26.192.203:5050
194.59.31.109:8848
194.87.218.64:8818
194.87.218.64:8828
194.87.218.64:8878
20.199.73.159:1024
20.216.162.185:1024
20.216.165.135:1024
20.216.178.113:1024
20.223.128.97:1337
206.238.221.30:8848
209.25.142.180:5569
3.6.30.85:10048
34.92.66.146:8848
37.18.62.18:8060
37.187.222.230:8848
38.242.139.217:8848
40.114.223.144:1337
40.87.50.159:1337
41.62.221.74:90
43.243.111.229:8848
45.144.154.62:1938
45.74.7.10:8848
45.77.175.130:8848
45.77.34.211:8686
45.77.34.211:8848
45.77.34.211:9999
45.92.1.155:8848
45.95.19.170:8848
45.95.19.172:8848
45.95.19.173:8848
45.95.19.174:8848
46.23.96.131:8848
47.106.131.255:8848
47.254.75.102:4444
5.178.3.191:8848
52.186.31.169:1337
64.176.43.239:8848
64.44.166.203:8848
77.92.154.211:1337
83.229.83.102:1337
87.121.221.220:8848
89.211.209.74:8080
89.23.101.37:1337
89.23.96.202:8838
91.227.113.154:12345
91.227.113.154:8848
94.124.192.220:8848
95.179.128.208:8080
95.179.128.208:8081
95.179.128.208:8089
95.214.26.63:6666
95.214.26.63:9595
001600.clmonth.nyashteam.top
055561.clmonth.nyashteam.top
067445.clmonth.nyashteam.top
073910.clmonth.nyashteam.top
080138.clmonth.nyashteam.top
089240.clmonth.nyashteam.top
100879.clmonth.nyashteam.top
109736.clmonth.nyashteam.top
140487.clmonth.nyashteam.top
149688.clmonth.nyashteam.top
181770.clmonth.nyashteam.top
204949.clmonth.nyashteam.top
2372261.clmonth.nyashteam.top
238533.clmonth.nyashteam.top
259773.clmonth.nyashteam.top
2681291.im499886.web.hosting-test.net
268669.clmonth.nyashteam.top
306806.clmonth.nyashteam.top
333201.clmonth.nyashteam.top
375099.clmonth.nyashteam.top
495315.clmonth.nyashteam.top
507447.clmonth.nyashteam.top
5103017.lmonth.whiteproducts.ru
510922.clmonth.nyashteam.top
521187.clmonth.nyashteam.top
531810.clmonth.nyashteam.top
562620.clmonth.nyashteam.top
63120m.dccr.ru
638041.clmonth.nyashteam.top
641309.clmonth.nyashteam.top
642838.clmonth.nyashteam.top
679449.clmonth.nyashteam.top
697484.clmonth.nyashteam.top
726267.clmonth.nyashteam.top
736036.cllt.nyashteam.top
744392.cllt.nyashteam.top
759053.clmonth.nyashteam.top
76428.clmonth.nyashteam.top
766698.clmonth.nyashteam.top
767884.clmonth.nyashteam.top
798839.clmonth.nyashteam.top
846901.clmonth.nyashteam.top
86120.clmonth.nyashteam.ru
867280.clmonth.nyashteam.top
870825.clmonth.nyashteam.top
882703.clmonth.nyashteam.top
892549.clmonth.nyashteam.top
9463949.clmonth.whiteproducts.ru
965092.clmonth.nyashteam.top
97528733.clmonth.whiteproducts.ru
976400.clmonth.nyashteam.top
999309.clmonth.nyashteam.top
999593.clmonth.nyashteam.top
999952.clmonth.nyashteam.top
a0574458.xsph.ru
a0578993.xsph.ru
a0689699.xsph.ru
a0761798.xsph.ru
a0784312.xsph.ru
a0797197.xsph.ru
a0806752.xsph.ru
a0818759.xsph.ru
a0828600.xsph.ru
a0837236.xsph.ru
a0839223.xsph.ru
askeas8d.beget.tech
bookintosh.com
cb38900.tw1.ru
cc69539.tw1.ru
cd67644.tw1.ru
cg56646.tw1.ru
cl30608.tw1.ru
cl80747.tmweb.ru
cn64382.tw1.ru
co73949.tw1.ru
cr48644.tw1.ru
cs20502.tw1.ru
cs33412.tw1.ru
cv57372.tw1.ru
cw52314.tw1.ru
cy34693.tw1.ru
cy87237.tw1.ru
cz61643.tw1.ru
cz82964.tw1.ru
cz89769.tw1.ru
dreadhack.ru
i93035tu.beget.tech
kapibarka1337.kriptnhosting.ru
legend92.beget.tech
pococox.cc
ssoo1451.ddns.net
tcp.viewdns.net
vikselr4.beget.tech
vm654.loyal.sclad.network
web3174.craft-host.ru

# Reference: https://www.virustotal.com/gui/file/995904e555328bd1cdb5d04a370140fe247a8d05aa6e5b150696a2bb503ebdac/detection

10788m.dccr.ru

# Reference: https://www.virustotal.com/gui/file/f4f3d7fb398aa690d3922b26560655e3f040d606c1afa7210d36ff289bee5ee6/detection

21102m.dccr.ru

# Reference: https://www.virustotal.com/gui/file/e61fe1036cbbbc67cdd99dc094b13f1f12c3b9c29dd5054f5a33587b00d68fb0/detection

41030m.dccr.ru
48576m.dccr.ru

# Reference: https://www.virustotal.com/gui/file/4577ac39b54ab8fc029612fa4331388a6d6ebff0a7807b2224f130382ee40376/detection

60154m.dccr.ru

# Reference: https://www.virustotal.com/gui/file/3ff4bdcdb466656d9acbef32f9c022ccd9585531c4ede71f6830492681036000/detection

84688m.dccr.ru

# Reference: https://www.virustotal.com/gui/file/201d813f62d133d4112916355c1b73a258f137ff86d1b5a2eb5fe3239d2b2c5f/detection

190.211.255.106:9049
60057m.dccr.ru

# Reference: https://www.virustotal.com/gui/file/7fc956e918b4b5c29acede00f02e8d4e3ceeafcb318bbe23727372c19d6324fb/detection

61462m.dccr.ru

# Reference: https://www.virustotal.com/gui/file/8d1690fa7843bce0c255dbe02e3927936d97d45424f33eefee876de06fbdfc07/detection

60894m.dccr.ru
61124m.dccr.ru

# Reference: https://www.virustotal.com/gui/file/fcdeb5ef7fd326bd5d6d34405eae0958d07e95ccf5c5dda01f0e60fdcb9c63ab/detection

emprendimientolaboral2.duckdns.org

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-07-28)

http://78.141.213.103
172.94.103.16:8848
188.132.197.104:8848
a0832838.xsph.ru
cm32236.tw1.ru
imhaacwo.beget.tech
/imagephpSqlgeneratortemporary.php
/Jsvoiddbrequestpipe/0http/Temporarytest6Cdn/RequestServerMultiDefaultcdn.php
/Jsvoiddbrequestpipe/0http/Temporarytest6Cdn/
/Jsvoiddbrequestpipe/0http/
/Jsvoiddbrequestpipe/
/Temporarytest6Cdn/
/RequestServerMultiDefaultcdn.php

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-07-30) 

103.38.83.176:8848
176.96.137.221:2000
216.83.38.252:8848
45.12.221.10:8848
45.32.74.105:8848
52.152.223.228:1080
211450cm.nyashtyan.top
942980cm.nyashtyan.top
a0708223.xsph.ru
a0844030.xsph.ru
cr50765.tw1.ru

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-08-01)

http://37.46.128.31
http://5.63.159.156
http://91.228.155.244
114.96.73.0:8848
akamaitechcdns.com
213897cm.nyashtyan.top
636695lm.nyashkoon.top
736786cm.nyashtyan.top
790199cm.nyashtyan.top
cg14313.tw1.ru

# Reference: https://threatfox.abuse.ch/ioc/1146724/

079471cm.nyashtyan.top

# Reference: https://threatfox.abuse.ch/ioc/1146725/

http://82.146.48.182

# Reference: https://threatfox.abuse.ch/ioc/1146787/

400277cm.nyashtyan.top

# Reference: https://threatfox.abuse.ch/ioc/1146808/

31.210.55.202:81

# Reference: https://threatfox.abuse.ch/ioc/1148429/

http://194.87.101.56

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-08-05)

http://45.67.231.91
141.95.11.145:81
172.94.103.112:8848
073545cm.nyashkoon.top
481679cm.nyashtyan.top
856401cm.nyashkoon.top
913432cm.nyashtyan.top
/nyashsupport.php

# Reference: https://www.virustotal.com/gui/file/f84cf07bba5377a0c9f5b21252abf585d4170c40310d2b38460c4d8394e20445/detection
# Reference: https://www.virustotal.com/gui/file/65f1c8480894798b2b6223b62984a6779720768a7885c6a49ddd8529902b988a/detection
# Reference: https://www.virustotal.com/gui/file/0ec4ecd50be7f47da972d3641aab816ab4bef93a9cc01da158aae5d878109166/detection

192.154.229.64:2368
22-23asyn.servemp3.com

# Reference: https://threatfox.abuse.ch/ioc/1148927/

982407cm.nyashkoon.top

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-08-08)

379038cm.nyashkoon.top
550098cm.nyashkoon.top
998357cm.nyashkoon.top

# Reference: https://threatfox.abuse.ch/ioc/1149140/

http://154.49.137.173
/request0flower/

# Reference: https://threatfox.abuse.ch/ioc/1149156/

http://195.3.223.35

# Reference: https://threatfox.abuse.ch/ioc/1149161/

kriptonhosting.store
iwithknife.kriptonhosting.store
volksilach.kriptonhosting.store
wiwieiwiissiwi.kriptonhosting.store

# Reference: https://www.virustotal.com/gui/file/772211f2e767f8d8daf6c5f721fae0b998539bc83843ff07530be7226fb8a62d/detection

skfjsfk.kriptonhosting.store

# Reference: https://threatfox.abuse.ch/ioc/1149180/

http://5.42.92.132

# Reference: https://threatfox.abuse.ch/ioc/1149204/

832932cm.nyashtyan.top

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-08-09)

http://212.109.195.187
http://82.146.52.24
45.32.74.105:8686
a0847744.xsph.ru
318145cm.nyashkoon.top
858925lm.nyashtyan.top

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-08-11)

http://185.161.251.195
http://188.120.242.207
154.12.254.215:46452

# Reference: https://twitter.com/drb_ra/status/1690255513303289856

82.156.141.121:8848

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-08-12)

826894cm.nyashkoon.top
857224cm.nyashkoon.top
933858cm.nyashkoon.top
945478cm.nyashtyan.top
cb66024.tw1.ru

# Reference: https://threatfox.abuse.ch/ioc/1149773/

http://188.120.224.186

# Reference: https://threatfox.abuse.ch/ioc/1149785/

a0827550.xsph.ru

# Reference: https://twitter.com/drb_ra/status/1690798633715707904

159.69.64.122:8848

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-08-14)

http://15.188.64.143
http://185.182.111.66

# Reference: https://twitter.com/drb_ra/status/1691161144537337857
# Reference: https://www.virustotal.com/gui/file/0a800c35a29e5105898ca274b12dda114e08f23da75dcec3b16a809f1d0109ad/detection

179.43.154.184:591
filetransrediremin.com
/cry/11Rota

# Reference: https://twitter.com/drb_ra/status/1691342424583331840

147.185.221.181:51638

# Reference: https://threatfox.abuse.ch/ioc/1150061/

179.43.154.184:8090

# Reference: https://threatfox.abuse.ch/ioc/1150041/

http://92.63.107.173

# Reference: https://twitter.com/drb_ra/status/1691523675944837121

46.246.14.20:5050

# Reference:  https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-08-16)

http://185.189.181.87
http://188.127.231.139
http://212.118.36.238
http://45.61.188.238
http://5.42.77.211
http://51.38.163.64
http://62.109.13.186
http://62.109.25.12
http://94.156.253.218
http://94.228.126.154
http://95.217.3.189
63.143.47.135:10443
091608cm.nyashkoon.top
467376m.dccrk.top
684896lm.nyashkoon.top
734537cm.nyashtyan.top
a0853356.xsph.ru
a0854153.xsph.ru
cb15953.tw1.ru
cn36459.tw1.ru
cs84335.tw1.ru
x96559rd.beget.tech
yaysem.ru.swtest.ru

# Reference: https://twitter.com/drb_ra/status/1693335496431222862

188.132.197.93:1337

# Reference: https://any.run/malware-trends/dcrat (# 2023-08-23)

http://212.113.106.125
http://82.147.85.228
175060m.dccrk.top
232161cm.nyashtyan.top
ch72917.tw1.ru

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-08-25)

http://193.37.71.142
http://77.246.107.91
http://94.156.102.214
071900cm.n9shteam1.top
221968cm.nyashkoon.top
351201cm.nyashtyan.top
388404cm.nyashkoon.top
533261cm.n9shteam1.top
775515cm.n9shteam1.top
898757cm.nyashkoon.top
993855cm.n9shteam1.top
a0567586.xsph.ru
a0840686.xsph.ru
a0855945.xsph.ru
chernobyl-hack.online
cb56823.tw1.ru
cq27523.tw1.ru

# Reference: https://threatfox.abuse.ch/ioc/1152366/

http://82.146.60.137

# Reference: https://threatfox.abuse.ch/ioc/1152367/

http://149.154.71.81

# Reference: https://threatfox.abuse.ch/ioc/1152374/

http://185.104.113.225

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-08-31)

http://103.231.254.144
http://149.154.69.62
http://185.149.146.185
http://217.144.103.11
194.156.88.152:8848
213.238.182.19:3131
95.214.26.88:9933
96074.clmonth.nyashteam.ru
cc75590.tw1.ru
dcrack.ru
f0856923.xsph.ru

# Reference: https://cert.gov.ua/article/5628441 (# UAC-0173)

barnsertr.com

# Reference: https://threatfox.abuse.ch/ioc/1152481/

http://79.137.203.186

# Reference: https://threatfox.abuse.ch/ioc/1152515/

95.214.26.89:9933

# Reference: https://twitter.com/drb_ra/status/1696958515649069237

95.214.26.66:9933

# Reference: https://twitter.com/drb_ra/status/1696958528731201785

95.214.26.67:9933

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-09-01)

http://178.250.159.46
http://213.159.208.46
http://45.8.159.53
http://82.146.57.75
119.91.99.194:8080
150.107.2.176:8848
172.162.233.190:8080
179.13.2.154:4444
179.43.142.36:591
180.12.159.131:64432
185.221.67.22:4444
223.26.57.45:8848
81.218.45.223:8848
91.134.150.156:8080
95.214.27.6:8848
95.222.241.139:8088
004727cm.n9shteam1.top
642541lm.nyashkoon.top
a0852402.xsph.ru
a0854644.xsph.ru
a0871177.xsph.ru
co54255.tw1.ru
ws896.castlehost.ru

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-09-05)

http://46.18.107.229
http://62.109.0.255
http://83.220.169.211
20.199.65.155:8848
868692cm.nyashkoon.top
a0856871.xsph.ru
ck39226.tw1.ru
cl08031.tw1.ru
cx11830.tw1.ru
/L1nc0In.php

# Reference: https://www.virustotal.com/gui/file/df09c7578388be896ad2f55e005d4ebb3700af89fe06fc73109847989452656d/detection
# Reference: https://www.virustotal.com/gui/file/d11bd86036bcd409096608ccfc76a098974f38c6802fce1eabc4fd83788f3c58/detection

207.32.218.112:9898
77.247.127.10:9898
93.123.118.74:9898
stylish4.duckdns.org

# Reference: https://threatfox.abuse.ch/ioc/1155391/

878535cm.n9shteam1.top

# Reference: https://threatfox.abuse.ch/ioc/1155706/

klopware.space
status.klopware.space

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-09-09)

012244cm.nyashtyan.top
375230cm.nyashnyash.top
419819cm.nyashkoon.top
604291cm.nyashkoon.top
a0859540.xsph.ru
cz14767.tw1.ru

# Reference: https://threatfox.abuse.ch/ioc/1155797/

http://5.42.85.163

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-09-20)

http://85.192.63.134
103.162.14.197:8686
103.162.14.197:8848
118.89.85.106:8848
150.107.2.178:8848
150.107.2.180:8848
166.88.209.105:8848
168.119.148.218:8848
185.158.251.88:8848
43.248.188.196:8848
51.120.245.251:1024
rocketchange.xyz
124014cm.nyashnyash.top
570264cm.nyashtyan.top
806171cm.n9shteam1.top
a0858699.xsph.ru

# Reference: https://www.virustotal.com/gui/file/0ecff04eedef75ad091b55d1cbdd6c2680b58a3ccb577154e0d1b0bab482c942/detection

access.samp-loader.ru
bot.samp-loader.ru

# Reference: https://www.virustotal.com/gui/file/092fa2ea4f6a254c38547b3b2cc7e22a153fa72b502849327946ca98f9aab839/detection

api.samp-loader.ru

# Reference: https://twitter.com/malwrhunterteam/status/1702212339443835078
# Reference: https://www.virustotal.com/gui/file/24e231bfa888bbb4ade49d3741cd1ad1c85ec2de47460a745a5bf5dea5f5e6e8/detection

505406lm.nyashkoon.top

# Reference: https://threatfox.abuse.ch/ioc/1164012/

http://185.63.191.134

# Reference: https://threatfox.abuse.ch/ioc/1164310/

a0860624.xsph.ru

# Reference: https://twitter.com/Jane_0sint/status/1704526449234096484
# Reference: https://app.any.run/tasks/7aebaa50-c790-438c-93a5-4602f3dcefa7/

http://5.42.84.144
/0LocalrequestCdn/
/dumpbetterProcessorWp/
/VoiddbmariadbCdnRequest/
/Wp5Cdnjavascript/

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-09-21)

nyashnyash.top
770670cm.nyashnyash.top
934062cm.nyashnyash.top
a0863208.xsph.ru

# Reference: https://www.virustotal.com/gui/file/7424f3e36da8d30ba3f88f0633d07e26631842e5ad20c51dc7c570f018faf2f7/detection

nyashteam.top
dc.nyashteam.top

# Reference: https://threatfox.abuse.ch/ioc/1165829/

makui.kriptonhosting.store

# Reference: https://threatfox.abuse.ch/ioc/1165658/

http://213.159.208.100

# Reference: https://threatfox.abuse.ch/ioc/1165974/

179.43.163.120:8008

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-09-23)

http://185.106.92.110
http://92.63.101.56
119.91.99.194:8081
179.43.163.120:8080
362764cm.nyashnyash.top
753139cl.nyashtop.top
co14383.tw1.ru
f0861908.xsph.ru

# Reference: https://www.virustotal.com/gui/file/d2e659e7fcefcbbd51d6a78888f54c5745e8178385a8697ca3478a0e83d70f71/detection
# Reference: https://www.virustotal.com/gui/file/723bc3e3fe448223922702806b2edfbbb7b132879ae5021f01c55d9aac4d0af1/detection

49.12.227.111:8848
dcrat.vnh.wtf

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-09-26)

http://45.144.233.162
103.39.78.162:8088
20.199.64.106:8848
109888cm.nyashnyash.top
394776cl.nyashtop.top
398693cm.nyashnyash.top

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-10-01)

15.207.54.166:8848
177.255.90.40:8010
181.235.12.82:5000
20.199.18.38:1024
202.146.218.35:8848
77.91.124.111:5552
23872634cm.whiteproducts.ru
343848cm.nyashnyash.top
cp37626.tw1.ru
dccrk.top
766392m.dccrk.top
nukermij.beget.tech

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-10-02)

http://18.118.199.163
http://188.120.253.147
http://193.37.70.233
134.255.254.102:32400
154.38.113.75:8848
179.13.2.154:2323
179.13.2.154:9000
185.196.8.91:591
185.254.37.40:8899
186.169.68.32:5000
186.169.49.3:8000
186.169.49.3:9000
45.195.54.195:2828
a0868980.xsph.ru
a0871308.xsph.ru
cd21797.tw1.ru
cj77911.tw1.ru
cn56603.tw1.ru
cr78464.tw1.ru
firsovak.beget.tech

# Reference: https://twitter.com/smica83/status/1711047976238387549
# Reference: https://www.virustotal.com/gui/file/01f00b78503924bcb25ec6aedaaaf9200b68329e686e22fbdc85e0c28a51d4e2/detection

underical.cc

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-10-10)

http://77.91.124.41
http://91.107.120.136
14.233.244.57:7772
18.231.93.153:18161
194.36.177.94:9999
n9shteam2.top
/toJavascriptJsprocessorDatalifePublic.php

# Reference: https://twitter.com/Gi7w0rm/status/1711900442899149240
# Reference: https://twitter.com/Gi7w0rm/status/1718319435600019675
# Reference: https://twitter.com/Gi7w0rm/status/1719372490261012636

http://80.66.87.148
aaronestebancoaching.com
voice-ai.store
voiceaipro.com
ed.voice-ai.store
en.voice-ai.store
en.voiceaipro.com
us.voiceaipro.com
voice.2005thavenue.com
voice.aktivewebsitedesign.com
voiceai.aaronestebancoaching.com

# Reference: https://threatfox.abuse.ch/ioc/1187460/

185.196.9.95:8080

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-10-19)

http://46.17.104.60
http://82.146.39.98
112.213.101.35:1145
112.213.101.67:1145
112.213.101.73:1145
195.85.205.150:1337
20.199.16.204:1024
20.199.45.15:8848
20.90.46.68:8080
212.87.204.29:8080
52.186.179.225:1337
whiteproducts.ru
012315cm.n9shteam1.top
304588cm.nyashnyash.top
355212cm.nyashnyash.top
1097252cm.whiteproducts.ru
12785373cm.whiteproducts.ru
23872634cm.whiteproducts.ru
2895743cm.whiteproducts.ru
2918221licm.whiteproducts.ru
29959593cm.whiteproducts.ru
32425226cm.whiteproducts.ru
345727892cm.whiteproducts.ru
3857294cm.whiteproducts.ru
3857374cm.whiteproducts.ru
387374374cm.whiteproducts.ru
4859395cm.whiteproducts.ru
48758294cm.whiteproducts.ru
7355826cm.whiteproducts.ru
7862368cm.whiteproducts.ru
8187790licm.whiteproducts.ru
82957222cm.whiteproducts.ru
8361285cm.whiteproducts.ru
84625264cm.whiteproducts.ru
8476838cm.whiteproducts.ru
93473573cm.whiteproducts.ru
94868473cm.whiteproducts.ru
ci80904.tw1.ru

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-10-29)

http://100.25.110.137
http://141.255.152.88
http://141.255.153.99
http://172.86.66.137
http://188.120.235.51
http://193.37.71.22
http://5.182.86.156
http://5.42.86.60
http://77.91.124.101
http://78.24.216.97
http://78.47.204.48
http://85.215.218.19
103.144.240.21:6699
103.147.185.18:1604
106.14.153.130:8848
107.175.243.138:8848
107.189.169.135:8848
119.91.99.194:8088
119.91.99.194:8848
124.221.43.13:8848
141.98.10.132:8888
141.98.6.98:8848
154.23.182.73:8848
154.53.42.53:8845
156.240.108.109:8848
156.240.108.145:8848
156.240.108.178:8848
159.65.235.56:5555
164.92.246.58:9087
172.94.103.13:8848
185.196.8.91:8008
185.212.47.90:8843
185.241.208.27:2404
212.192.12.222:5000
223.26.57.5:1145
3.131.147.49:12994
38.181.35.175:8848
43.249.8.44:7070
43.249.8.44:7071
45.138.16.187:8848
45.138.16.187:9898
45.81.39.179:8848
5.181.80.69:8848
51.75.52.3:8848
65.109.56.26:8848
77.91.124.111:8848
81.161.229.91:6667
91.92.240.91:8848
foulertech.online
045885cm.nyashcrack.top
078374cm.nyashnyash.top
118821cm.nyashkoon.top
269818cm.nyashland.top
396388cm.nyashland.top
400886cm.nyashnyash.top
639538cm.nyashcrack.top
a0872673.xsph.ru
ci61682.tw1.ru
ck53254.tw1.ru
cm87784.tw1.ru
co99163.tw1.ru
ct46096.tw1.ru
ct70489.tw1.ru
cv59914.tw1.ru
cx51464.tw1.ru
f0885664.xsph.ru
simikkzd.beget.tech

# Reference: https://twitter.com/ScumBots/status/1720155763732091327
# Reference: https://www.virustotal.com/gui/file/c9c19f83c9f151bb29cd21779c0ade1f7363805d7e3c5b6d227e109973243d6e/detection

13.52.204.76:17680
13.52.62.53:17680
52.9.148.222:17680
52.9.153.64:17680
52.9.84.44:17680
54.219.47.216:17680
paste-bin.xyz

# Reference: https://www.virustotal.com/gui/ip-address/37.255.148.138/community

http://37.255.148.138

# Reference: https://threatfox.abuse.ch/ioc/1199125/

host1835875.hostland.pro

# Reference: https://threatfox.abuse.ch/ioc/1201607/

abobub-001-site1.etempurl.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-11-25)

http://141.255.152.24
http://197.113.236.128
http://197.114.177.145
http://197.115.207.45
http://77.91.124.202
http://82.146.33.89
http://82.146.59.131
http://83.147.245.42
103.243.26.65:8848
171.41.251.170:25565
078301cm.nyashland.top
12112.ru.swtest.ru
217196cm.nyashcrack.top
598194cm.nyashland.top
925823lm.nyashnyash.top
a0885630.xsph.ru
a0887556.xsph.ru

# Reference: https://www.virustotal.com/gui/file/76e3ae7e17cd4adc52519baa31226bbf032ac1ca7ac3947cd59c01f730f1c934/detection
# Reference: https://www.virustotal.com/gui/file/df74b225d403122d58eabeba3b2a8442d223df78d56f97e3ee81b6b4ede158ea/detection

77.127.86.54:4444
87.70.175.54:4443
123d.ddns.net

# Reference: https://www.virustotal.com/gui/file/8a9c1f6cbb3c007686dd49723babb95afc94933aabf1c2012e395ee3ecf3a65b/detection

46.246.86.3:2106

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-12-03)

http://141.255.144.167
http://141.255.146.60
http://141.255.151.123
http://154.242.81.6
http://154.246.141.162
http://154.246.25.204
http://154.247.11.93
http://154.247.87.209
http://185.234.247.107
http://188.127.227.49
http://188.127.229.238
http://188.127.242.156
http://195.20.16.116
http://213.159.208.250
http://37.220.86.210
http://46.8.29.132
http://80.66.89.123
http://89.23.101.188
http://89.23.101.210
http://89.23.99.83
http://94.131.112.229
http://95.164.22.193
167.94.158.156:8989
171.41.252.199:25565
172.208.93.32:1337
249782m.dccrk.top
306341cm.nyashland.top
491061cm.nyashland.top
740307cm.nyashland.top
766282cm.nyashland.top
767241cm.nyashland.top
a0840745.xsph.ru
a0888880.xsph.ru
a0889022.xsph.ru
a0889572.xsph.ru
a0890495.xsph.ru
cd75930.tw1.ru
celestinepanel.000webhostapp.com
ck49537.tw1.ru
cw11723.tw1.ru
evgenzow.beget.tech
gybin6gz.beget.tech
t3terncy.beget.tech

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-12-05)

http://141.255.145.130
http://154.246.105.39
http://185.242.86.164
http://213.159.214.92
http://82.146.62.215
004242cm.nyashland.top
302099cm.nyashland.top
666541cm.nyashland.top
cs58019.tw1.ru
f0888474.xsph.ru
hldnzeftm3.temp.swtest.ru
zubareff.site

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-12-07)

http://62.109.14.64
http://62.122.213.56
019214cm.nyashland.top
098452cm.nyashland.top
233584cm.nyashland.top
f0892247.xsph.ru
sinastallh.temp.swtest.ru
tool5245636476.000webhostapp.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-12-09)

http://185.221.198.229
http://188.120.233.136
http://195.85.250.175
http://5.42.92.212
http://62.109.10.76
http://79.174.94.41
20.199.26.211:8848
4.194.12.203:443
039030cm.nyashland.top
866280lm.nyashmyash.top
882394cm.nyashland.top
a0894385.xsph.ru
eukpukpup0.temp.swtest.ru
f0892975.xsph.ru
gorgodlm.beget.tech
krutnotupg.temp.swtest.ru

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-12-17)

http://141.255.153.13
http://141.255.156.189
http://154.246.109.167
http://154.247.199.149
http://154.247.95.30
http://188.120.254.27
http://92.63.97.182
185.187.170.127:9000
38.59.124.61:5555
38.59.124.61:6666
044574cm.nyashland.top
199618cl.nyashtop.top
546346346dod.whiteproducts.ru
650602cm.nyashtech.top
714745cm.nyashland.top
743823cm.nyashtech.top
8572975289cm.whiteproducts.ru
a0891158.xsph.ru
a0894367.xsph.ru
co57358.tw1.ru
crackdcptme.000webhostapp.com
f0894994.xsph.ru

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-12-24)

http://141.255.147.252
http://194.110.248.41
http://213.226.100.235
http://78.24.217.54
http://82.146.37.188
154.12.254.215:46450
8.219.4.230:8001
80.240.16.166:1337
012782m.dccrk.top
315615cm.nyashtech.top
324387cm.nyashtech.top
537201lm.nyashmyash.top
630956lm.nyashmyash.top
736134cm.nyashland.top
962855cm.nyashtech.top
a0896895.xsph.ru
cm53710.tw1.ru
dfhdjtujngtdj.atwebpages.com
f0898772.xsph.ru
fronzysb.beget.tech
fsdxda2eedasdc.atwebpages.com
injuuuste2.temp.swtest.ru
sosunsasun.temp.swtest.ru
zekhost.000webhostapp.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-01-01)

http://101.99.93.85
http://141.255.151.226
http://185.103.101.0
http://185.106.94.86
http://212.60.21.225
http://37.220.86.148
http://45.11.77.54
http://77.83.173.248
http://79.174.94.220
http://80.87.199.249
http://83.229.75.221
http://89.104.66.62
103.143.80.140:8848
103.17.185.70:5555
104.143.46.9:8848
107.148.13.223:8848
108.61.177.107:1337
111.173.89.100:8848
118.107.7.237:8848
120.78.139.3:8848
123.207.75.205:8848
124.220.49.140:8000
128.199.66.119:56789
139.155.92.118:8848
151.236.59.218:8888
156.245.19.71:8848
156.245.19.73:8848
156.245.19.81:8848
172.206.62.226:1337
179.43.163.120:8090
185.213.25.37:8848
192.99.152.153:4449
193.112.79.150:8848
193.143.1.136:8848
193.84.248.185:8848
20.217.81.50:8080
202.162.109.198:8848
27.102.134.120:8848
27.147.169.101:3333
38.59.124.16:5555
38.59.124.16:6666
38.59.124.49:5555
38.59.124.49:6666
40.66.41.222:1024
42.192.132.36:8848
45.11.47.195:8848
47.94.241.76:443
47.94.83.202:8848
64.176.217.187:5555
66.135.26.66:9095
67.205.154.243:48303
8.210.131.175:65503
87.251.67.215:8888
91.107.200.181:8890
91.198.66.47:2023
91.92.241.198:8848
91.92.242.235:8848
91.92.252.194:4449
010532cm.nyashcrack.top
137953cm.nyashtech.top
276721cm.nyashtech.top
718146m.dccrk.top
847702cm.nyashtech.top
882584cm.nyashtech.top
890113cm.nyashland.top
990489lm.nyashmyash.top
a0896387.xsph.ru
a0899050.xsph.ru
a0899944.xsph.ru
a0899956.xsph.ru
a0900918.xsph.ru
a0902024.xsph.ru
a0902362.xsph.ru
a0903379.xsph.ru
aguantemessi0234.000webhostapp.com
blackberryfn.duckdns.org
cj13214.tw1.ru
cw27296.tw1.ru
nemicata.beget.tech
wefwe23f2m.temp.swtest.ru

# Reference: https://www.virustotal.com/gui/file/e1974c4099cd21cc0b538bdce94f78165930fbfe1f79e7f0fcca3cd276d39bda/detection

fanumtax123.ddns.net
/sssssssss/68ce5b29.php

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-01-09)

http://185.251.91.215
http://83.220.169.42
http://89.23.112.15
028874lm.nyashmyash.top
045134cm.nyashtech.top
526775cm.nyashtech.top
glacial-liquor.000webhostapp.com
tiyeso4885.temp.swtest.ru

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-01-15)

http://109.107.182.163
http://147.45.196.103
http://176.123.168.238
http://188.120.226.211
http://20.161.72.166
http://45.87.246.118
http://62.109.28.71
http://82.97.243.114
http://89.185.84.52
http://89.23.115.8
http://95.163.228.74
147.135.85.114:4444
172.111.136.105:2016
179.13.3.199:8010
183.131.83.145:8000
75.119.138.31:8848
98.66.161.180:8848
009788cm.nyashtech.top
011781cm.nyashtech.top
837565cm.nyashtech.top
852377cm.nyashland.top
898082lm.nyashmyash.top
977789cm.nyashland.top
a0894373.xsph.ru
a0899768.xsph.ru
a0902645.xsph.ru
a0904422.xsph.ru
a0904877.xsph.ru
a0906284.xsph.ru
a0909123.xsph.ru
a0910594.xsph.ru
cf43561.tw1.ru
ck52959.tw1.ru
cm65543.tw1.ru
cw42035.tw1.ru
cz07639.tw1.ru
fwjfiwmail.temp.swtest.ru
yedar2on.beget.tech

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-01-24)

http://185.185.68.156
http://185.221.198.108
http://20.161.72.166
http://3.79.229.48
http://3.79.245.165
http://45.32.153.79
http://46.29.237.220
http://80.66.89.148
http://94.156.65.94
107.150.23.137:8010
40.112.134.176:1024
45.131.108.123:2003
45.131.108.123:22
45.74.7.87:8898
94.130.49.62:6214
nyashmyash.top
nyashtech.top
127895cm.nyashmyash.top
172969cm.nyashtech.top
192565cm.nyashtech.top
369023cm.nyashmyash.top
562173cm.nyashmyash.top
647249cm.nyashtech.top
691908cm.nyashtech.top
792487ll.nyashmyash.top
812285cm.nyashtech.top
852287cm.nyashland.top
984794727cm.whiteproducts.ru
a0903703.xsph.ru
a0907744.xsph.ru
a0908021.xsph.ru
cj23497.tw1.ru
ck70571.tw1.ru
cz17350.tw1.ru
edsfeejsdbfelefaubdiaslfedafd.000webhostapp.com
j6yla0n2hm.temp.swtest.ru

# Reference: https://www.virustotal.com/gui/file/5986afdabceec7308a5192491905fb44c1f7fb770c663d5a4718f3cc7f722108/detection

http://124.221.43.13

# Reference: https://www.virustotal.com/gui/file/00ef3e134c11cb7836a8fb11367a71e2526c62f088d9fda1b3b86ef193d83003/detection

483059cm.nyashtech.top

# Reference: https://www.virustotal.com/gui/ip-address/172.67.178.175/relations

104718cm.nyashtech.top
855212cm.nyashtech.top
744734cm.nyashtech.top
119313cm.nyashtech.top
867233cm.nyashtech.top
414712cm.nyashtech.top
943186cm.nyashtech.top
209226cm.nyashtech.top
324229cm.nyashtech.top
265003cm.nyashtech.top
326516cm.nyashtech.top
600127cm.nyashtech.top
378416cm.nyashtech.top
172969cm.nyashtech.top
076902cm.nyashtech.top
691908cm.nyashtech.top
678026cm.nyashtech.top
838536cm.nyashtech.top
647249cm.nyashtech.top
192565cm.nyashtech.top
906812cm.nyashtech.top
050909cm.nyashtech.top
718710cm.nyashtech.top
372451cm.nyashtech.top
348774cm.nyashtech.top
544557cm.nyashtech.top
201441cm.nyashtech.top
258640cm.nyashtech.top
151855cm.nyashtech.top
837565cm.nyashtech.top
997423cm.nyashtech.top
127562cm.nyashtech.top
685938cm.nyashtech.top
480193cm.nyashtech.top
907916cm.nyashtech.top
009788cm.nyashtech.top
011781cm.nyashtech.top
810413cm.nyashtech.top
654625cm.nyashtech.top
992152cm.nyashtech.top
951499cm.nyashtech.top
279306cm.nyashtech.top
532957cm.nyashtech.top
600225cm.nyashtech.top
526775cm.nyashtech.top
276721cm.nyashtech.top
744346cm.nyashtech.top
612098cm.nyashtech.top
640093cm.nyashtech.top
832325cm.nyashtech.top
045134cm.nyashtech.top
137953cm.nyashtech.top
218282cm.nyashtech.top
845900cm.nyashtech.top
965262cm.nyashtech.top
007330cm.nyashtech.top
678769cm.nyashtech.top
890801cm.nyashtech.top
882584cm.nyashtech.top
812285cm.nyashtech.top
315264cm.nyashtech.top
847702cm.nyashtech.top
304718cm.nyashtech.top
315615cm.nyashtech.top
364739cm.nyashtech.top
962855cm.nyashtech.top
921310cm.nyashtech.top
496493cm.nyashtech.top
324387cm.nyashtech.top
630004cm.nyashtech.top
870333cm.nyashtech.top
426899cm.nyashtech.top
494792cm.nyashtech.top
650602cm.nyashtech.top
955402cm.nyashtech.top
743823cm.nyashtech.top
694604cm.nyashtech.top

# Generic trails

/DCRS/dsock/
/DCRS/index.php
/DCRS/main.php
/ExternalDbtesttrack.php
/externalLowgeotrack.php
/externalVideoBasetest.php
/lineTosecureapi.php
/packetlowcpuProtect.php
/PipePacketDbLinuxFlower.php
/PollGameServerUniversal.php
/videoToLowtest.php
/212bad81b4208a2b412dfca05f1d9fa7.php
/2d02004c59e9a1f5d7d2a313711996eaafd017e3.php
/56743785cf97084d3a49a8bf0956f2c744a4a3e0.php
/fd1845d9489997784fcdca5feff97ba2a4cb81e5.php
/akcii239myzon0xwjlxqnn3b34w/
/46kqbjvyklunp1z56txzkhen7gjci3cyx8ggkptx25i74mo6myqpx9klvv3/
/ksezblxlvou3kcmbq8l7hf3f4cy5xgeo4udla91dueu3qa54/
/98ylfy7k5pip6yuvr84qv7jb9v/
/r28anfb76lulvjxx7mdxcxa1yz7jfvt4pi5njv7ekeqrnmfh3vaic2y1rd3i488ah0uvo/
/jyba2srpuv77j5f41hv215o9m7czm84v8i9dt30tb2ntgrw45xoojrhukd606vtla3xdbx0xqppwczn/
/f5b75b6939d095db0eaf37fdfecac963030f7aa1.php
/g8vsjcvnifd9gvlbbyb1ucmozewmyptloe5coey74juv1p1r0s/
/wih70f23q9voven47mcjf9q/
/c596a246010ddf201f7264927e5c39b8d20eba79.php
/98ylfy7k5pip6yuvr84qv7jb9v/
/r28anfb76lulvjxx7mdxcxa1yz7jfvt4pi5njv7ekeqrnmfh3vaic2y1rd3i488ah0uvo/
/e59293a35848addcc181d5a0ab38266868d77ff4.php
/2nwsr5yiv4oi4zfjoduq2ettv6rwkao/
/e5qx69ffszv9vbudkm/
/d6d4cbd9296a555615601b85dedaceaffd7120b5.php
/9rf1tdedhn5u6lrzm79afxj0gl48tstycq2szp8/
/1ce78a902db7a61523b13afcb20d91f8.php
/rb7u7g360qkxfkhcd/
/8e6k8lyhijw1y8aehkxbkytcoligdz2xc6pzmg49frcndn2kd63ejjrfnqwf6xsw9mo74ly5tr5i15m0z1acma4/
/44ab0bfd824936290de450263b2aaa06b01412a9.php
/38ad2f43f6b9c1367674eb1b7f1db337.php
/hyhwe8lxnty/j07u3xb0zwfka8ohvggymgmz/8d62d1a2a79fe42b5a214943336f449f2c83f18d.php
/hyhwe8lxnty/j07u3xb0zwfka8ohvggymgmz/
/hyhwe8lxnty/
/j07u3xb0zwfka8ohvggymgmz/
/8d62d1a2a79fe42b5a214943336f449f2c83f18d.php
/c76ae15161b4078c040462271a89caa06686cf38.php
/twwhd4iu597yifaawuodsmuedbq3vm4754g8nko19l8rgk3f24jklz3ynngosa6q6jtx0gmb5l1vpps5zcit6pzt/
/og7th0bl0euzfxawae8yx/zm4lw7zacc7uxbb52b5p11up338yia5q6/207d160bdae62c6cd38c8d66bad1e59246befd46.php
/og7th0bl0euzfxawae8yx/zm4lw7zacc7uxbb52b5p11up338yia5q6/
/og7th0bl0euzfxawae8yx/
/zm4lw7zacc7uxbb52b5p11up338yia5q6/
/207d160bdae62c6cd38c8d66bad1e59246befd46.php
/7Voiddb8Image/VmToJsTrackCentral.php
/7Voiddb8Image/
/VmToJsTrackCentral.php
