# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: BumbleBee, Hisoka, Snugy, TriFive, huntxspy

# Reference: https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
# Reference: https://github.com/pan-unit42/iocs/blob/master/xHunt/xHunt_IOCs.csv
# Reference: https://www.virustotal.com/gui/file/892d5e8e763073648dfebcfd4c89526989d909d6189826a974f17e2311de8bc4/detection

google-update.com
learn-service.com
microsofte-update.com
woxmma.microsofte-update.com

# Reference: https://unit42.paloaltonetworks.com/more-xhunt-new-powershell-backdoor-blocked-through-dns-tunnel-detection/
# Reference: https://twitter.com/Voulnet/status/1014951078364876801
# Reference: https://otx.alienvault.com/pulse/5da0d8dc27a2ad4cc8864283

firewallsupports.com
windows64x.com
winx64-microsoft.com
windows-updates.com

# Reference: https://unit42.paloaltonetworks.com/xhunt-campaign-backdoors/
# Reference: https://otx.alienvault.com/pulse/5fa97823e94863569cf1fdbe

sharepoint-web.com

# Reference: https://unit42.paloaltonetworks.com/xhunt-campaign-backdoors/
# Reference: https://otx.alienvault.com/pulse/5fa97823e94863569cf1fdbe

deman1.icu
hotsoft.icu
lidarcc.icu
uplearn.top

# Reference: https://unit42.paloaltonetworks.com/bumblebee-webshell-xhunt-campaign/
# Reference: https://otx.alienvault.com/pulse/5ffcbc5b19a30849ecd2ab78

142.11.211.79:8080
142.11.211.79:8081
192.119.110.194:8083
91.92.109.59:1234
91.92.109.59:1255
91.92.109.59:1288
91.92.109.59:1289
backendloop.online
bestmg.info
windowsmicrosofte.online

# Reference: https://www.cynet.com/orion-threat-alert-flight-of-the-bumblebee/
# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-04-05-IOCs-for-Bumblebee-and-Cobalt-Strike.txt

192.236.198.63:443
23.82.19.208:443
45.147.229.177:433

# Reference: https://twitter.com/r0ny_123/status/1515939792034230272

108.62.12.12:443

# Reference: https://twitter.com/Max_Mal_/status/1516352309311246339

199.80.55.44:443
209.141.59.96:433
23.106.160.120:433

# Reference: https://twitter.com/k3dg3/status/1516819204200091655
# Reference: https://tria.ge/220420-t3m7dsechn/behavioral2

184.29.205.132:443

# Reference: https://twitter.com/phage_nz/status/1519207039968313344

104.168.236.99:443
172.241.29.169:443
23.82.141.184:443
messerota.com

# Reference: https://twitter.com/Max_Mal_/status/1519323650062753792

108.62.118.56:443
185.33.87.53:443
28.11.143.222:443
49.12.241.35:443
71.1.188.122:443
89.222.221.14:443

# Reference: https://tria.ge/220428-tx94zafbc7

209.141.59.96:443
23.106.160.120:443

# Reference: https://twitter.com/Max_Mal_/status/1521449204106862592

138.201.190.52:443
23.83.134.136:443

# Reference: https://twitter.com/1ZRR4H/status/1521822196150067201
# Reference: https://github.com/CronUp/Malware-IOCs/blob/main/2022-05-03_Bumblebee

103.175.16.45:443
103.175.16.46:443
103.175.16.49:443
108.62.118.236:443
108.62.118.56:443
108.62.118.61:443
108.62.118.62:443
108.62.118.64:443
138.201.190.52:443
23.106.160.120:443
23.106.160.39:443
23.106.160.40:443
23.81.246.187:443
23.83.134.110:443
23.83.134.133:443
23.83.134.136:443
45.147.229.177:443
45.147.229.23:443
49.12.241.35:443

# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-05-03-IOCs-for-Contact-Forms-Bumblebee-and-Cobalt-Strike.txt

45.153.243.93:443

# Reference: https://twitter.com/k3dg3/status/1521899597462966273
# Reference: https://twitter.com/pr0xylife/status/1521901280771416066

figesoyuzo.com
/usda29ksagh12/

# Reference: https://twitter.com/James_inthe_box/status/1521956984941019139

108.62.12.203:443
23.82.128.149:443

# Reference: https://twitter.com/petrovic082/status/1522951977445081089
# Reference: https://www.virustotal.com/gui/file/e90c7d64377f397f556feaf056d0319c8338311d44e320541207a362b683196a/detection

45.140.146.244:443

# Reference: https://twitter.com/1ZRR4H/status/1530746956619857920
# Reference: https://twitter.com/pr0xylife/status/1530842662072467456
# Reference: https://twitter.com/pr0xylife/status/1530842864187494403
# Reference: https://isc.sans.edu/diary/rss/28636
# Reference: https://otx.alienvault.com/pulse/627bcbb336db3754603b5c38
# Reference: https://www.virustotal.com/gui/file/02dce7f57e4933edf84cbe525d8115defd5ecafd5b2b203be6a2ec7aa0099bc7/detection

banytul.com
barkunode.com
baronrtal.com
birobixt.com
bunadist.com
curanao.com
glicefud.com
goranism.com
kurabas.com
marebust.com
maudaris.com
olodaris.com
omnimature.com
parashane.com
vorkinal.com

# Reference: https://twitter.com/malware_traffic/status/1524564009034334210
# Reference: https://www.virustotal.com/gui/file/d08c8c165c0ca480ef40df7b9f7107524dbcc51e5e49fe013cbc16d91f18cef1/detection

154.56.0.218:443
serverjarvis.sytes.net

# Reference: https://tria.ge/220509-ygys8agghn

146.70.106.92:443
23.227.198.195:443
23.227.203.120:443
51.83.253.244:443

# Reference: https://twitter.com/ESETresearch/status/1524971448892366880
# Reference: https://twitter.com/ESETresearch/status/1524971459248066560

194.33.40.181:443
23.88.117.246:443
91.213.8.18:443

# Reference: https://isc.sans.edu/diary/28664
# Reference: https://otx.alienvault.com/pulse/62864c5e786571c438628fd6

194.135.33.144:443
southerncompanygas.co
wolsleyindustrialgroup.co
wolsleyindustrialgroup.com

# Reference: https://tria.ge/220519-sh1rbagge9

192.236.198.116:443
79.110.52.53:443

# Reference: https://twitter.com/pr0xylife/status/1527356211053547529

103.175.16.117:443
154.56.0.221:443
64.44.101.250:443

# Reference: https://tria.ge/220520-mxt97aaef5

176.107.177.124:443
192.236.160.254:443
192.236.192.85:443

# Reference: https://twitter.com/pr0xylife/status/1528787494711578625

192.236.194.136:443
193.239.84.247:443
63.141.248.253:443

# Reference: https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_25.05.2022.txt

192.119.64.21:443
64.44.102.6:443
79.110.52.56:443

# Reference: https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_26.05.2022.txt

103.175.16.121:443
64.44.135.250:443
68.233.238.105:443

# Reference: https://twitter.com/k3dg3/status/1529868442391674881
# Reference: https://tria.ge/220526-t3xe3ahack

23.254.229.131:443
51.75.62.99:443
79.110.52.71:443

# Reference: https://tria.ge/220528-fh5n2sdfhm
# Reference: https://tria.ge/220527-w8yanagch4

101.88.16.100:443
107.90.225.1:443
108.16.90.159:443
108.174.195.253:443
121.15.221.97:443
121.175.62.199:443
146.70.78.21:443
154.0.119.28:443
154.56.0.228:443
170.32.109.77:443
18.127.96.221:443
185.156.172.8:443
185.62.56.12:443
19.71.13.153:443
21.175.22.99:443
22.175.0.90:443
38.12.57.131:443
49.12.153.53:443
51.68.146.200:443
73.214.29.52:443
77.121.49.161:443
78.112.52.91:443
8.12.181.20:443
84.119.1.64:443

# Reference: https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_09.06.2022.txt

103.175.16.107:443
103.175.16.108:443
103.175.16.122:443
145.239.135.155:443
146.19.173.139:443
146.19.253.49:443
146.70.104.250:443
146.70.125.82:443
149.255.35.134:443
154.56.0.241:443
185.156.172.123:443
185.62.58.133:443
185.62.58.169:443
192.236.161.191:443
192.236.249.68:443
193.233.203.156:443
193.239.84.254:443
194.135.33.148:443
194.135.33.149:443
212.114.52.46:443
23.254.201.97:443
37.120.198.248:443
45.147.229.101:443
45.147.229.50:443
46.21.153.145:443
54.38.136.187:443

# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-06-09-IOCs-from-TA578-Bumblebee-with-Cobalt-Strike.txt

145.239.30.26:443

# Reference: https://twitter.com/ankit_anubhav/status/1536773306358976512
# Reference: https://tria.ge/220614-wfjlssgcgq/behavioral1

103.175.16.108:443
104.168.219.94:443
107.44.53.47:330
111.99.39.11:387
115.109.212.139:461
123.67.113.210:483
133.57.116.243:424
135.253.243.175:300
142.182.181.207:450
145.239.135.155:443
146.70.125.82:443
15.209.19.148:466
154.56.0.252:443
157.17.142.85:406
158.35.83.74:332
160.70.24.228:486
167.28.27.185:467
171.78.101.85:258
172.244.110.160:367
185.62.58.133:443
188.104.94.69:348
188.57.4.52:357
188.6.218.149:317
193.233.203.156:443
194.135.33.148:443
21.29.238.98:209
216.254.58.191:443
22.83.186.45:201
221.106.84.123:307
223.243.46.133:147
235.126.132.170:106
244.6.154.71:111
246.20.199.100:175
33.145.184.132:240
34.229.154.31:235
39.57.152.217:440
45.153.241.187:443
47.58.200.234:159
48.165.175.199:316
48.209.106.172:357
57.240.143.90:256
67.136.243.43:323
68.227.158.172:411
69.161.201.181:382
78.89.31.86:229
80.156.1.202:305
80.26.101.48:372
80.9.246.19:338
90.81.8.16:370

# Reference: https://tria.ge/220614-w277aagfcl/behavioral1

103.175.16.106:443
104.124.14.244:197
105.137.48.127:156
112.143.55.233:256
115.200.5.214:467
117.75.94.181:456
12.236.242.155:211
122.247.231.47:117
128.44.54.202:493
13.218.205.215:309
134.247.186.104:233
145.239.28.110:443
146.19.173.186:443
148.70.67.206:267
170.24.243.46:441
171.227.174.67:108
172.117.69.12:366
177.96.182.180:213
182.10.38.85:198
185.62.57.27:443
187.247.16.193:308
192.107.100.31:298
192.205.3.12:235
193.233.203.243:443
2.211.111.213:125
20.150.149.28:415
201.249.37.165:420
204.1.81.223:110
207.90.225.187:369
211.22.161.225:196
24.57.185.167:317
243.91.103.106:246
243.92.11.201:387
247.23.37.74:155
29.64.0.111:122
4.165.175.212:387
40.72.17.141:326
45.142.214.167:443
45.147.231.202:443
45.84.0.13:443
51.68.145.54:443
57.132.248.83:391
66.160.230.114:370
67.194.32.32:367
69.235.89.243:366
76.96.116.176:190
77.49.189.77:103
78.202.137.116:271
89.52.115.119:444

# Reference: https://pastebin.com/bST3CZAx

1.32.39.22:459
100.93.33.185:487
102.109.16.255:445
103.175.16.106:443
103.175.16.107:443
103.175.16.108:443
103.175.16.117:443
103.175.16.121:443
103.175.16.122:443
103.175.16.59:443
104.124.14.244:197
104.135.8.250:417
104.168.156.224:443
104.168.219.94:443
105.137.48.127:156
107.44.53.47:330
108.28.254.44:399
109.108.10.35:386
111.99.39.11:387
112.110.146.153:349
112.143.55.233:256
112.81.173.199:399
114.9.152.233:402
115.103.22.1:153
115.109.212.139:461
115.16.153.155:459
115.200.5.214:467
115.239.67.202:380
117.50.181.41:373
117.75.94.181:456
119.177.224.146:124
12.236.242.155:211
120.237.172.163:343
122.247.231.47:117
123.67.113.210:483
124.243.81.221:274
126.68.7.249:422
127.87.0.227:339
128.44.54.202:493
13.218.205.215:309
132.44.27.212:299
133.133.249.24:204
133.57.116.243:424
134.247.186.104:233
135.142.208.39:298
135.253.243.175:300
135.36.13.40:427
137.253.55.69:235
138.65.77.29:391
140.208.107.161:360
141.98.168.70:443
142.11.216.143:443
142.182.181.207:450
143.117.20.123:425
144.52.138.51:193
145.239.135.155:443
145.239.28.110:443
145.239.30.26:443
146.19.173.105:443
146.19.173.116:443
146.19.173.139:443
146.19.173.186:443
146.19.173.195:443
146.19.173.202:443
146.19.173.224:443
146.19.253.15:443
146.19.253.49:443
146.19.253.6:443
146.70.104.250:443
146.70.124.77:443
146.70.125.122:443
146.70.125.82:443
146.70.86.254:443
148.70.67.206:267
149.255.35.134:443
149.255.35.183:443
149.57.112.159:122
15.209.19.148:466
154.56.0.100:443
154.56.0.102:443
154.56.0.199:443
154.56.0.219:443
154.56.0.221:443
154.56.0.231:443
154.56.0.240:443
154.56.0.241:443
154.56.0.242:443
154.56.0.252:443
155.113.182.180:324
157.17.142.85:406
158.35.83.74:332
158.69.98.105:443
160.20.147.191:443
160.70.24.228:486
162.144.249.150:239
165.158.204.41:469
167.235.245.35:443
167.28.27.185:467
168.20.103.16:132
170.107.238.10:276
170.24.243.46:441
171.227.174.67:108
171.78.101.85:258
172.117.69.12:366
172.244.110.160:367
174.150.214.40:426
174.58.225.25:420
176.107.177.124:443
177.231.94.146:410
177.96.182.180:213
178.255.155.53:108
18.215.29.142:436
18.8.71.243:176
180.184.129.160:223
180.23.251.29:230
182.10.38.85:198
182.62.4.186:282
183.37.64.159:220
185.156.172.123:443
185.250.148.136:443
185.62.56.186:443
185.62.56.201:443
185.62.56.202:443
185.62.57.162:443
185.62.57.182:443
185.62.57.27:443
185.62.58.133:443
185.62.58.169:443
185.62.58.209:443
185.62.58.222:443
185.62.58.238:443
185.94.100.232:189
187.247.16.193:308
188.104.94.69:348
188.57.4.52:357
188.6.218.149:317
190.123.237.229:261
192.107.100.31:298
192.119.64.21:443
192.205.3.12:235
192.21.12.118:231
192.236.160.254:443
192.236.161.191:443
192.236.192.85:443
192.236.194.136:443
192.236.249.68:443
193.233.203.156:443
193.233.203.243:443
193.239.84.247:443
193.239.84.254:443
193.43.251.231:312
194.135.33.148:443
194.135.33.149:443
194.135.33.16:443
194.37.97.135:443
198.98.57.91:443
198.98.62.156:443
2.190.89.140:236
2.211.111.213:125
2.97.24.126:148
20.150.149.28:415
201.249.37.165:420
203.138.139.122:404
204.1.81.223:110
207.90.225.187:369
208.151.241.134:362
208.231.162.191:266
208.84.180.22:146
209.141.52.25:443
21.29.238.98:209
210.163.58.211:385
210.251.188.194:228
211.22.161.225:196
212.114.52.46:443
212.234.34.219:148
213.115.131.233:186
213.203.201.199:307
213.26.162.157:477
216.254.58.191:443
218.199.149.25:415
22.83.186.45:201
221.106.84.123:307
221.218.33.190:154
221.238.146.116:272
222.62.166.76:206
223.243.46.133:147
224.255.62.16:414
224.49.28.61:214
228.127.34.30:316
228.78.147.191:253
229.139.73.188:287
23.227.202.179:443
23.254.201.97:443
23.254.227.144:443
23.254.227.53:443
23.254.229.131:443
231.169.5.102:403
233.82.38.10:391
235.126.132.170:106
238.42.54.122:171
239.100.121.57:329
24.57.185.167:317
241.112.226.151:197
241.41.90.117:181
241.54.78.154:269
242.165.212.79:339
242.30.221.68:198
243.91.103.106:246
243.92.11.201:387
244.234.60.83:386
244.6.154.71:111
246.20.199.100:175
247.23.37.74:155
249.222.51.70:286
249.241.29.24:181
251.143.69.150:395
251.210.76.59:335
253.174.222.210:447
255.11.235.99:426
26.6.83.53:219
28.78.74.145:427
29.64.0.111:122
3.172.226.46:189
30.65.48.152:239
31.215.170.180:431
32.181.245.23:191
33.145.184.132:240
34.229.154.31:235
35.17.203.69:268
37.120.198.248:443
37.64.220.2:332
37.72.174.23:443
39.57.152.217:440
4.165.175.212:387
40.72.17.141:326
45.138.172.22:443
45.142.214.167:443
45.147.229.101:443
45.147.229.50:443
45.147.231.202:443
45.153.241.187:443
45.153.241.234:443
45.3.236.177:312
45.84.0.13:443
46.21.153.145:443
47.58.200.234:159
48.165.175.199:316
48.209.106.172:357
49.57.156.149:228
51.210.158.156:443
51.68.144.94:443
51.68.145.54:443
51.75.62.15:443
51.75.62.99:443
51.83.250.240:443
53.96.32.99:333
54.37.130.77:443
54.38.136.187:443
54.38.139.20:443
55.14.133.44:292
57.132.248.83:391
57.156.134.113:446
57.240.143.90:256
58.10.55.201:382
60.27.170.3:463
63.122.120.151:268
63.141.248.253:443
64.250.120.4:406
64.44.101.250:443
64.44.102.6:443
64.44.135.230:443
64.44.135.250:443
65.254.82.66:498
65.95.20.151:232
66.160.230.114:370
66.23.70.38:168
67.136.243.43:323
67.194.32.32:367
68.227.158.172:411
68.233.238.105:443
69.161.201.181:382
69.235.89.243:366
70.77.209.88:224
76.96.116.176:190
77.49.189.77:103
78.174.92.106:151
78.202.137.116:271
78.244.227.62:462
78.79.38.95:496
78.89.31.86:229
78.90.18.29:383
79.110.52.104:443
79.110.52.236:443
79.110.52.56:443
79.110.52.71:443
79.133.212.60:211
79.198.114.179:442
80.156.1.202:305
80.241.131.170:311
80.26.101.48:372
80.9.246.19:338
83.142.26.147:465
83.47.40.251:306
89.52.115.119:444
9.240.112.25:411
90.81.8.16:370
91.167.137.83:421
92.204.160.92:443
95.29.177.99:462
98.84.87.52:353

# Reference: https://tria.ge/220625-h96rjabbdr

101.8.100.194:131
103.175.16.47:443
103.200.32.188:492
106.120.29.13:489
13.2.200.200:338
133.209.39.126:217
138.114.199.166:316
146.19.173.202:443
146.19.173.207:443
152.38.148.148:494
168.120.139.16:273
172.110.248.55:203
173.77.219.120:201
186.150.217.235:221
187.210.45.242:299
192.119.77.241:443
193.239.152.108:242
204.181.129.183:248
204.233.101.71:459
206.103.180.253:205
207.6.99.3:471
211.131.243.77:112
215.48.4.118:123
224.239.200.236:443
228.194.82.251:473
239.11.133.48:421
24.121.25.160:346
246.232.135.28:477
246.47.222.240:216
247.224.208.140:372
25.170.215.18:456
28.53.120.108:270
49.179.166.100:235
50.167.186.112:239
50.41.225.93:478
54.38.136.111:443
69.120.31.126:408
74.135.94.210:347
74.57.128.223:112
82.20.113.198:446
86.91.101.57:221
89.172.3.185:315
97.194.155.116:446
98.28.11.39:201

# Reference: https://www.cybereason.com/blog/threat-analysis-report-bumblebee-loader-the-high-road-to-enterprise-domain-control
# Reference: https://otx.alienvault.com/pulse/6306320477c9993c7fc3a2c0

185.62.56.129:443

# Reference: https://www.malware-traffic-analysis.net/2022/08/30/index.html

142.11.234.238:443

# Reference: https://twitter.com/BroadAnalysis/status/1567586542276775938

103.144.139.135:443

# Reference: https://twitter.com/pr0xylife/status/1571899501455048704
# Reference: https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_19.09.2022.txt

108.177.235.29:443
23.106.160.117:443
23.106.215.133:443
meeronixt.com

# Reference: https://twitter.com/k3dg3/status/1575173131198558208

/ASUYfdhjsQx/

# Reference: https://research.checkpoint.com/2022/bumblebee-increasing-its-capacity-and-evolving-its-ttps/

104.168.201.219:443
142.11.234.230:443
152.89.247.79:443
185.17.40.189:443
185.62.58.175:443
205.185.122.143:443
205.185.123.137:443
209.141.46.50:443
209.141.58.141:443
51.68.146.186:443
51.68.147.233:443
51.83.251.245:443
51.83.253.131:443
54.37.130.166:443
54.37.131.14:443
54.38.138.94:443

# Reference: https://twitter.com/BroadAnalysis/status/1577816261823795200

51.83.250.102:443

# Reference: https://twitter.com/ESETresearch/status/1577963080096555008
# Reference: https://twitter.com/ESETresearch/status/1577963091295453184

103.144.139.158:443
145.239.28.55:443
146.70.147.39:443
146.70.149.48:443
192.119.74.28:443
45.141.58.37:443
54.38.138.5:443

# Reference: https://twitter.com/pr0xylife/status/1583595706148741120

146.59.116.146:443
172.93.193.220:443
23.106.160.112:443
ralepijo.com
/grasbly.dll

# Reference: https://www.microsoft.com/en-us/security/blog/2022/10/27/raspberry-robin-worm-part-of-larger-ecosystem-facilitating-pre-ransomware-activity/
# Reference: https://otx.alienvault.com/pulse/635bcc619768c0b6cb3e9677

guteyutur.com
dsfdsfgb.azureedge.net

# Reference: https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_27.06.2022.txt

103.25.51.23:388
12.75.186.131:263
122.50.173.112:157
124.79.186.17:245
135.36.57.27:157
135.79.221.116:303
14.155.143.74:191
141.69.161.34:281
145.250.252.150:418
146.19.253.56:443
149.197.87.217:409
150.37.37.18:112
151.233.218.244:192
154.171.215.86:169
155.180.101.133:318
156.151.142.100:123
156.165.161.82:298
159.117.143.69:265
168.113.169.88:428
175.90.216.232:197
179.4.178.202:339
19.32.56.182:487
192.119.77.100:443
194.120.202.95:468
194.129.76.203:490
199.61.79.119:346
21.21.141.32:133
212.107.138.109:287
218.122.217.28:234
224.110.0.53:105
227.12.148.222:270
227.233.79.54:327
234.248.206.141:176
24.4.68.32:418
241.0.19.171:313
245.245.176.160:137
253.13.70.127:340
254.230.180.37:486
28.107.38.196:269
29.122.243.158:226
31.228.253.114:427
33.93.97.183:112
35.120.155.220:262
41.28.188.77:212
51.199.209.83:290
64.157.160.42:207
68.121.248.35:464
68.14.88.177:143
76.81.225.65:337
78.24.136.181:493
78.74.20.180:433

# Reference: https://www.cynet.com/blog/orion-threat-alert-flight-of-the-bumblebee/

192.236.198.63:433

# Reference: https://twitter.com/tosscoinwitcher/status/1590084982193913857
# Reference: https://tria.ge/221108-zhe8yahgbp/behavioral1

146.19.253.28:443
146.70.149.38:443
176.223.165.108:443

# Reference: https://www.malware-traffic-analysis.net/2022/11/07/index.html

http://134.209.118.141
http://87.251.67.176
103.144.139.156:443
144.173.110.28:115
155.182.198.198:402
183.125.56.150:459
188.172.189.108:163
193.211.15.111:229
208.226.164.254:152
212.48.233.55:446
220.193.225.180:148
39.65.8.170:443
4.167.227.222:325
56.50.75.119:423
73.13.11.238:338
86.184.196.254:214
95.254.227.139:451

# Reference: https://twitter.com/malwrhunterteam/status/1592249538802511873
# Reference: https://www.virustotal.com/gui/file/48d585ca3a477ef7e8f0983735903335d9a5327f5fc434c222b6f551f7c0dc68/detection

1.3.49.41:116
126.214.148.137:194
132.236.194.230:315
133.135.205.124:197
157.195.106.206:250
191.208.255.91:175
215.55.4.215:483
25.166.31.10:427
33.15.138.183:236
33.187.124.30:114
64.44.135.140:443
78.86.12.112:410
cruds-club.com

# Reference: https://twitter.com/malware_traffic/status/1592268760924450816
# Reference: https://tria.ge/221114-vt7p4sha5y/behavioral5

107.189.13.247:443
54.37.130.24:443
64.44.102.241:443

# Reference: https://twitter.com/Unit42_Intel/status/1593636233212739584

193.200.16.175:443

# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-12-07-IOCs-for-Bumblebee-infection-with-Cobalt-Strike.txt

139.177.146.137:443
81.77.212.213:118
88.52.50.98:452

# Reference: https://tria.ge/230208-x8dfxseb8w

103.175.16.104:443
172.86.120.111:443
205.185.113.34:443
23.254.167.63:443

# Reference: https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_21.02.2023.txt

104.168.140.145:443
108.62.118.170:443
108.62.141.20:443
192.119.72.133:443
23.108.57.201:443
51.68.145.171:443

# Reference: https://twitter.com/Artilllerie/status/1628349460966215682
# Reference: https://0paste.com/443087.txt

103.175.16.13:443
104.168.157.253:443
146.19.173.86:443
157.254.194.117:443
160.20.147.242:443
173.234.155.246:443
185.17.40.138:443
185.173.34.35:443
192.111.146.178:443
194.135.33.184:443
195.20.17.75:443
23.82.140.155:443
51.68.144.43:443
51.75.62.204:443
86.106.131.105:443
91.206.178.234:443

# Reference: https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/bumblebee-docusign-campaign

107.189.5.17:443
114.70.235.72:357
122.125.104.16:475
138.133.49.46:211
140.157.121.40:433
141.161.143.136:272
146.29.236.141:457
150.18.156.130:256
174.72.94.173:309
177.232.32.155:257
179.55.218.145:322
181.87.160.175:479
194.135.33.85:443
196.224.200.10:482
207.12.58.212:419
209.141.40.19:443
210.38.79.54:319
214.77.93.215:263
216.73.114.69:379
24.64.127.190:229
241.163.228.200:362
246.6.106.79:340
254.65.104.229:127
255.115.3.251:370
32.234.39.72:191
38.174.252.233:131
44.184.236.94:128
58.249.161.153:350
6.66.255.6:433
60.231.88.20:422
72.204.201.249:374
73.73.80.51:127
93.216.14.249:213

# Reference: https://twitter.com/Max_Mal_/status/1636365861681496068

12.100.159.196:261
138.5.60.195:103
152.151.165.105:252
175.103.114.28:154
210.154.128.203:164
41.82.217.82:340
43.231.64.55:493
45.61.187.225:433

# Reference: https://tria.ge/230318-bzrfjacg81/behavioral1

103.175.16.15:443
107.189.12.129:443
157.254.194.119:443
192.111.146.184:443
192.254.79.101:443
195.133.192.10:443
209.141.53.174:443
23.254.225.130:443
37.28.155.36:443
51.83.248.92:443

# Reference: https://twitter.com/0xToxin/status/1649131620383825923

103.175.16.150:443
146.70.155.82:443
149.3.170.179:443

# Reference: https://twitter.com/k3dg3/status/1659619906919251979
# Reference: https://tria.ge/230519-wbzgfsfa73/behavioral1

103.175.16.151:443
192.198.82.59:443
194.135.33.160:443
32.54.188.44:443
92.119.178.40:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.bumblebee/

http://103.175.16.13
100.166.114.2:231
100.221.98.138:443
100.62.116.119:471
102.189.132.75:411
103.144.139.137:443
103.144.139.139:443
103.144.139.145:443
103.144.139.146:443
103.144.139.150:443
103.144.139.154:443
103.144.139.159:443
103.144.139.164:443
103.144.139.166:443
103.175.16.105:443
103.175.16.10:443
103.175.16.119:443
103.175.16.133:443
103.175.16.149:443
103.175.16.208:443
103.175.16.25:443
103.175.16.58:443
103.175.16.60:443
104.109.81.90:359
104.168.136.137:443
104.168.144.212:443
104.168.151.120:443
104.168.162.242:443
104.168.171.159:443
104.168.171.189:443
104.168.171.97:443
104.168.172.195:443
104.168.174.148:443
104.168.175.78:443
104.168.175.81:443
104.168.200.192:443
104.168.202.54:443
104.168.203.190:443
104.168.204.115:443
104.168.218.224:443
104.168.218.74:443
104.168.243.123:443
104.168.243.178:443
104.168.243.204:443
104.168.244.96:443
104.219.233.101:443
104.219.233.107:443
104.219.233.113:443
104.219.233.120:443
104.219.233.125:443
104.219.233.127:443
104.219.233.129:443
104.219.233.130:443
104.219.233.133:443
104.219.233.145:443
104.219.233.30:443
104.219.233.38:443
104.219.233.41:443
104.219.233.42:443
104.244.72.215:443
104.244.75.253:443
104.244.77.61:443
104.37.20.148:152
104.86.43.102:455
105.111.222.244:485
105.45.26.251:205
106.30.10.152:200
107.189.1.123:443
107.189.1.156:443
107.189.1.219:443
107.189.13.201:443
107.189.14.8:443
107.189.30.231:443
107.189.5.45:443
107.189.6.147:443
107.189.8.58:443
107.204.201.53:264
107.219.151.119:244
108.174.194.151:443
108.25.105.234:166
108.62.118.108:443
108.62.118.177:443
108.62.118.219:443
108.62.118.235:443
108.62.118.53:443
108.62.118.59:443
108.62.118.70:443
108.62.118.81:443
108.62.12.19:443
108.62.12.202:443
108.62.141.221:443
108.62.141.38:443
108.62.141.52:443
108.62.141.98:443
109.140.220.255:121
109.251.149.213:421
112.242.91.221:407
113.4.33.142:138
113.56.104.34:443
113.98.120.85:440
116.151.146.123:341
116.204.18.170:113
116.205.234.96:247
116.241.116.41:410
117.17.41.72:459
117.172.191.115:471
118.64.27.23:475
118.89.112.82:338
119.50.18.190:134
12.194.222.34:380
120.181.249.142:177
121.164.36.213:396
121.37.185.77:358
124.131.180.3:215
124.76.30.34:476
124.9.134.87:426
125.81.24.187:397
126.76.167.19:201
126.99.238.54:447
127.200.198.38:363
128.79.29.175:298
129.125.121.145:133
129.250.70.54:276
129.51.68.80:196
13.234.171.104:461
130.173.49.173:107
130.242.219.205:423
131.136.57.50:384
131.220.159.133:200
132.11.130.225:224
132.180.150.102:379
133.99.126.202:263
134.179.38.71:422
135.125.241.35:443
135.15.5.19:411
136.179.9.50:318
137.219.255.218:446
137.31.59.180:443
138.141.158.45:217
139.177.146.230:443
139.177.146.25:443
139.177.146.26:443
139.177.146.27:443
14.11.77.37:138
14.128.51.19:412
14.195.237.81:451
142.11.193.243:443
142.11.194.198:443
142.11.195.231:443
142.11.196.174:443
142.11.199.235:443
142.11.206.112:443
142.11.210.50:443
142.11.211.32:443
142.11.212.144:443
142.11.213.56:443
142.11.216.12:443
142.11.234.228:443
142.11.238.7:443
142.11.245.185:443
142.118.138.85:402
142.32.211.156:157
142.93.12.251:443
143.27.231.233:335
144.136.57.11:443
145.239.135.16:443
145.239.29.119:443
145.239.30.219:443
145.239.30.242:443
145.239.30.73:443
145.239.31.136:443
146.158.114.155:467
146.19.173.120:443
146.19.173.137:443
146.19.173.141:443
146.19.173.148:443
146.19.173.173:443
146.19.173.25:443
146.19.173.26:443
146.19.173.31:443
146.19.173.33:443
146.19.173.34:443
146.19.173.45:443
146.19.173.61:443
146.19.173.71:443
146.19.173.76:443
146.19.253.102:443
146.19.253.41:443
146.19.253.53:443
146.59.116.127:443
146.59.116.131:443
146.59.116.185:443
146.59.116.196:443
146.59.116.242:443
146.59.116.25:443
146.59.116.49:443
146.59.116.4:443
146.59.116.54:443
146.59.116.64:443
146.59.116.77:443
146.59.116.79:443
146.59.117.200:443
146.70.100.126:443
146.70.100.80:443
146.70.102.73:443
146.70.106.163:443
146.70.106.76:443
146.70.124.116:443
146.70.124.117:443
146.70.125.80:443
146.70.125.93:443
146.70.135.135:443
146.70.139.252:443
146.70.143.133:443
146.70.143.140:443
146.70.143.183:443
146.70.147.16:443
146.70.147.57:443
146.70.147.7:443
146.70.149.11:443
146.70.149.14:443
146.70.149.32:443
146.70.149.40:443
146.70.149.42:443
146.70.149.43:443
146.70.149.45:443
146.70.149.58:443
146.70.152.221:443
146.70.161.59:443
146.70.161.82:443
146.70.53.139:443
146.70.53.142:443
146.70.86.47:443
147.79.237.123:354
149.255.35.138:443
149.255.35.163:443
149.28.84.215:443
149.3.170.185:443
149.3.170.196:443
149.3.170.213:443
149.3.170.236:443
149.3.170.62:443
149.3.170.94:443
15.248.60.137:220
151.218.16.201:462
152.89.247.225:443
152.89.247.241:443
153.30.97.227:163
154.56.0.101:443
154.56.0.110:443
154.56.0.114:443
154.56.0.115:443
154.56.0.196:443
154.56.0.197:443
155.98.234.36:412
157.254.194.104:443
157.254.194.150:443
158.208.5.127:269
158.67.156.68:380
159.107.119.196:466
159.113.48.85:385
159.191.39.179:386
159.248.192.111:424
159.89.22.59:443
16.249.204.133:158
16.86.113.88:226
160.20.147.91:443
160.20.62.151:124
161.207.51.170:397
162.0.209.131:443
163.158.2.201:265
164.254.139.199:210
164.29.3.97:443
164.52.201.153:443
164.90.179.108:443
165.132.190.127:368
165.15.183.148:458
165.84.157.60:302
167.77.156.226:482
168.160.250.76:159
169.197.227.201:474
169.246.230.158:489
17.147.212.14:276
17.29.249.188:264
170.160.24.88:267
170.36.34.111:203
170.66.154.71:361
170.88.0.154:120
170.95.167.18:496
172.241.27.116:443
172.241.27.120:443
172.86.120.141:443
172.86.121.123:443
172.86.121.56:443
172.86.121.59:443
172.86.121.61:443
172.86.122.167:443
172.86.123.111:443
172.86.123.150:443
172.86.123.217:443
172.86.123.231:443
172.93.193.149:443
172.93.193.3:443
172.93.193.42:443
172.93.193.46:443
172.93.193.74:443
172.93.193.95:443
172.93.201.138:443
172.93.201.207:443
172.93.201.244:443
172.93.201.2:443
173.200.61.240:100
173.234.155.124:443
173.234.155.133:443
173.234.155.143:443
173.62.170.155:484
176.111.174.65:443
176.111.174.66:443
176.111.174.67:443
176.111.174.70:443
176.111.174.73:443
176.223.165.119:443
176.223.165.125:443
178.63.172.12:443
179.174.90.170:108
179.5.59.188:228
179.88.25.130:348
18.141.105.98:293
18.151.45.13:359
18.210.196.217:178
180.160.133.46:486
180.175.236.161:293
180.220.100.51:127
181.33.49.44:164
182.121.202.27:373
182.206.137.152:214
183.194.177.52:219
184.167.112.126:440
184.34.86.128:233
184.56.33.232:129
184.83.49.115:179
185.123.53.173:443
185.123.53.248:443
185.145.97.141:443
185.165.82.120:182
185.227.82.15:443
185.62.57.202:443
185.62.57.94:443
185.69.113.39:124
186.190.32.221:102
189.167.167.132:443
189.215.92.254:209
19.128.78.21:190
190.165.163.67:285
190.238.244.214:117
191.65.54.76:181
192.111.146.181:443
192.111.146.185:443
192.111.146.186:443
192.111.146.189:443
192.119.120.146:443
192.119.120.22:443
192.119.64.249:443
192.119.65.175:443
192.119.66.138:443
192.119.74.194:443
192.119.77.44:443
192.119.81.86:443
192.119.87.45:443
192.129.129.20:443
192.129.129.53:443
192.155.197.15:315
192.198.82.51:443
192.198.82.56:443
192.198.82.60:443
192.198.82.62:443
192.236.146.147:443
192.236.155.219:443
192.236.155.47:443
192.236.161.44:443
192.236.161.50:443
192.236.178.253:443
192.236.179.104:443
192.236.193.215:443
192.236.194.101:443
192.236.194.104:443
192.236.198.181:443
192.236.199.191:443
192.236.199.61:443
192.236.208.19:443
192.236.233.8:443
192.254.79.100:443
192.254.79.106:443
192.254.79.120:443
192.254.79.122:443
192.254.79.124:443
192.255.188.11:443
192.49.26.26:156
193.109.120.156:443
193.109.120.252:443
193.109.120.71:443
194.13.72.84:438
194.135.33.127:443
194.135.33.139:443
194.135.33.151:443
194.135.33.182:443
194.135.33.40:443
194.135.33.90:443
194.15.216.113:443
194.15.216.247:443
194.162.246.66:284
194.59.183.30:443
195.133.192.103:443
195.133.192.117:443
195.133.192.26:443
195.133.192.4:443
195.20.17.210:443
195.20.17.233:443
195.20.17.76:443
195.24.93.69:140
196.168.84.24:372
196.205.170.142:344
196.229.162.29:498
197.100.127.145:468
198.176.96.204:443
198.230.60.229:465
198.84.123.61:443
198.98.48.141:443
198.98.48.231:443
198.98.49.201:443
198.98.50.15:443
198.98.50.197:443
198.98.51.235:443
198.98.51.250:443
198.98.51.75:443
198.98.52.145:443
198.98.52.241:443
198.98.52.246:443
198.98.55.214:443
198.98.56.242:443
198.98.56.9:443
198.98.57.185:443
198.98.58.184:443
198.98.59.245:443
198.98.59.39:443
198.98.59.54:443
198.98.59.64:443
198.98.60.196:443
199.195.249.106:443
199.195.249.67:443
199.195.249.74:443
199.195.251.244:443
199.195.253.39:443
2.126.13.36:272
2.240.132.127:273
2.50.39.29:308
2.56.10.16:443
200.154.18.124:356
200.97.188.60:309
201.101.156.173:443
201.19.223.122:395
202.77.46.110:494
203.48.139.140:482
204.172.178.183:443
204.223.28.129:424
205.160.222.15:274
205.185.113.181:443
205.185.114.107:443
205.185.114.241:443
205.185.115.138:443
205.185.116.99:443
205.185.119.60:443
205.185.121.162:443
205.185.121.173:443
205.185.123.115:443
205.185.126.42:443
205.185.127.176:443
206.219.40.88:120
206.245.228.10:133
206.8.75.126:347
207.146.147.151:430
207.206.225.56:376
207.232.34.49:443
208.115.216.246:443
209.141.35.185:443
209.141.35.21:443
209.141.41.251:443
209.141.41.46:443
209.141.42.230:443
209.141.46.65:443
209.141.46.67:443
209.141.48.117:443
209.141.48.135:443
209.141.48.221:443
209.141.49.203:443
209.141.49.72:443
209.141.51.187:443
209.141.51.65:443
209.141.54.211:443
209.141.57.123:443
209.141.57.151:443
209.141.57.29:443
209.141.58.129:443
209.198.142.251:182
209.244.102.105:112
211.138.66.214:245
211.30.22.66:156
212.114.52.124:443
212.128.221.184:268
212.46.38.231:443
213.227.154.19:443
213.232.235.90:443
213.80.235.165:443
213.9.245.43:177
215.158.14.90:210
215.52.248.60:351
216.247.106.59:282
217.246.42.10:346
217.60.200.139:240
217.8.253.10:398
218.155.13.204:130
218.77.185.92:266
219.110.187.248:435
219.169.113.48:428
219.192.196.111:289
22.39.164.0:452
221.131.148.148:357
221.184.92.249:392
221.225.254.105:363
222.183.74.213:469
222.202.140.206:438
223.187.26.169:105
226.2.161.184:368
227.129.109.91:341
227.172.55.184:399
228.25.115.64:494
228.41.85.117:115
229.155.90.63:264
23.106.124.154:443
23.106.124.23:443
23.106.160.137:443
23.106.160.141:443
23.106.160.52:443
23.106.160.82:443
23.106.215.141:443
23.106.215.165:443
23.106.215.225:443
23.106.215.230:443
23.106.215.233:443
23.106.215.60:443
23.106.215.82:443
23.106.223.144:443
23.106.223.14:443
23.106.223.182:443
23.106.223.197:443
23.106.223.1:443
23.106.223.209:443
23.106.223.219:443
23.106.223.222:443
23.108.57.200:443
23.108.57.250:443
23.108.57.29:443
23.108.57.57:443
23.108.57.59:443
23.108.57.5:443
23.108.57.65:443
23.108.57.66:443
23.108.57.79:443
23.108.57.87:443
23.136.208.76:136
23.19.58.176:443
23.229.117.229:443
23.254.142.159:443
23.254.161.46:443
23.254.167.143:443
23.254.204.109:443
23.254.204.210:443
23.254.225.249:443
23.254.229.210:443
23.254.247.48:443
23.29.115.164:443
23.81.246.171:443
23.81.246.17:443
23.81.246.205:443
23.81.246.22:443
23.82.128.116:443
23.82.128.11:443
23.82.128.127:443
23.82.140.100:443
23.82.140.14:443
23.82.140.180:443
23.82.19.119:443
230.134.37.163:248
231.118.141.159:352
231.217.204.87:289
231.228.102.246:186
233.102.116.211:431
233.184.55.151:193
233.91.193.248:176
234.181.138.54:339
235.25.215.60:162
235.93.186.127:353
236.195.236.23:291
24.183.132.242:376
240.116.151.154:188
240.77.2.4:372
242.232.106.206:162
243.81.43.209:318
243.87.105.138:281
244.137.147.69:367
244.23.55.232:297
244.76.41.194:324
246.134.183.74:364
247.207.208.18:239
247.34.180.239:377
249.112.226.98:243
249.250.158.148:322
249.57.205.117:166
25.131.252.242:253
25.169.42.242:443
250.4.46.84:202
251.19.57.54:112
251.198.165.196:117
252.187.191.102:223
252.47.83.163:103
252.56.37.128:177
252.75.45.182:365
252.90.109.242:351
253.1.163.108:274
253.165.60.220:288
253.21.192.23:231
255.99.94.68:100
27.31.180.123:139
28.23.200.103:366
29.15.120.102:455
29.203.98.166:376
3.215.24.1:346
30.140.193.246:341
30.225.24.243:414
31.135.71.34:258
31.232.16.192:443
33.191.119.32:366
34.1.180.202:108
34.119.95.6:249
34.2.221.48:450
34.34.152.166:165
36.150.76.13:147
36.201.196.202:367
37.1.214.229:443
37.1.214.72:443
37.221.67.104:443
37.221.67.122:443
37.28.156.24:443
37.28.157.29:443
37.42.62.77:427
38.180.25.111:443
38.180.25.71:443
38.180.4.165:443
38.48.147.152:349
4.177.13.86:289
4.236.88.115:131
41.15.71.157:274
41.7.15.180:116
41.70.42.112:452
42.179.23.39:452
42.63.100.82:129
43.184.255.110:182
44.224.48.159:123
44.94.75.93:103
45.11.19.208:443
45.11.19.252:443
45.11.19.70:443
45.11.19.86:443
45.132.180.49:420
45.141.58.139:443
45.147.229.47:443
45.147.230.179:443
45.147.230.233:443
45.147.230.245:443
45.147.231.156:443
45.147.231.232:443
45.153.240.94:443
45.153.241.209:443
45.153.241.245:443
45.153.242.183:443
45.153.242.184:443
45.153.242.242:443
45.153.242.61:443
45.153.243.111:443
45.153.243.126:443
45.153.243.130:443
45.153.243.222:443
45.32.37.109:443
45.61.184.227:443
45.61.184.24:443
45.61.184.8:443
45.61.185.227:443
45.61.185.65:443
45.61.186.18:443
45.61.186.51:443
45.61.187.10:443
45.61.187.123:443
45.61.187.160:443
45.61.187.170:443
45.61.187.204:443
45.61.187.225:443
45.61.187.40:443
45.66.151.142:443
45.66.151.193:443
45.66.248.156:443
45.66.248.216:443
45.66.248.61:443
45.66.248.64:443
45.84.240.87:443
46.142.186.28:443
46.142.187.27:443
46.142.187.96:443
46.214.226.37:368
46.240.5.92:298
46.249.38.114:443
46.249.38.141:443
47.26.53.19:195
48.194.62.179:122
5.141.46.137:379
5.237.231.132:443
5.45.54.50:412
5.53.19.66:164
50.44.183.176:440
51.68.144.13:443
51.68.145.174:443
51.68.145.40:443
51.68.147.63:443
51.68.157.245:443
51.75.63.193:443
51.75.63.234:443
51.77.41.141:443
51.77.41.66:443
51.81.134.202:443
51.83.225.143:443
51.83.248.182:443
51.83.248.28:443
51.83.249.204:443
51.83.250.153:443
51.83.250.168:443
51.83.252.171:443
51.83.253.18:443
51.83.254.164:443
51.83.254.187:443
51.83.254.3:443
51.83.254.9:443
51.83.255.232:443
51.83.255.85:443
52.40.0.232:170
54.108.3.223:465
54.37.130.121:443
54.37.130.195:443
54.37.131.107:443
54.37.131.10:443
54.37.131.158:443
54.37.131.164:443
54.37.131.232:443
54.38.136.144:443
54.38.136.209:443
54.38.136.39:443
54.38.137.14:443
54.38.139.94:443
54.66.60.129:229
58.184.81.243:122
6.10.249.12:377
60.248.37.104:413
61.147.148.44:325
62.113.238.72:443
62.113.238.73:443
62.160.169.2:232
62.22.48.195:239
62.82.188.190:234
64.44.101.102:443
64.44.101.123:443
64.44.101.25:443
64.44.102.140:443
64.44.102.202:443
64.44.102.224:443
64.44.102.239:443
64.44.102.36:443
64.44.102.85:443
64.44.135.134:443
64.44.135.197:443
64.44.135.198:443
64.44.97.138:443
64.44.97.56:443
64.44.97.58:443
64.44.98.157:443
64.44.98.213:443
66.15.189.146:122
66.9.9.138:154
67.17.64.18:478
67.28.24.164:451
68.63.126.83:102
69.114.87.193:408
69.128.111.23:128
69.164.203.147:443
69.46.15.158:443
7.12.29.221:249
7.71.244.186:411
74.17.237.225:370
74.219.241.225:481
74.230.15.244:376
75.115.238.135:394
76.134.233.76:443
76.26.104.26:249
77.38.240.57:172
78.0.144.134:330
79.143.87.103:443
79.172.113.34:443
79.196.23.192:106
8.126.95.33:443
8.219.132.142:443
8.222.182.83:443
8.222.227.103:443
8.253.171.67:308
8.76.233.176:318
80.17.127.251:110
80.187.122.238:295
80.85.142.45:443
81.215.251.28:357
82.104.34.104:373
82.4.190.155:413
85.143.223.165:148
85.239.52.113:443
85.239.52.15:443
85.239.52.179:443
85.239.52.29:443
85.239.52.71:443
85.239.54.134:443
85.239.54.145:443
85.239.54.178:443
85.239.54.192:443
85.239.54.2:443
85.58.120.124:184
86.105.1.108:443
86.106.87.135:443
88.139.160.72:326
89.159.155.176:455
89.41.26.77:443
89.44.9.153:443
89.44.9.204:443
91.206.178.167:443
91.206.178.179:443
91.206.178.204:443
91.206.178.68:443
91.206.178.81:443
91.235.234.107:443
91.235.234.199:443
91.245.253.76:443
91.245.254.101:443
91.245.254.107:443
91.245.254.41:443
91.245.254.96:443
91.245.254.97:443
91.43.99.217:268
92.204.160.44:443
93.212.145.203:443
93.212.159.189:443
94.103.188.112:443
94.88.121.46:403
94.98.129.174:197
95.168.191.134:443
95.168.191.248:443
95.249.6.218:443
97.85.151.94:372
98.18.89.105:425
98.254.212.235:127
99.253.242.138:390
ambronixt.com
irs.reviews

# Reference: https://threatfox.abuse.ch/browse/malware/win.bumblebee/ (# 2023-09-08)

104.199.38.224:443
34.77.116.45:443
35.239.11.197:443
52.211.87.95:443
95.214.56.243:443
3v1n35i5kwx.life
cmid1s1zeiu.life
itszko2ot5u.life
newdnq1xnl9.life

# Reference: https://threatfox.abuse.ch/ioc/1149948/

103.82.37.213:443

# Reference: https://threatfox.abuse.ch/ioc/1150215/

85.167.242.61:443

# Reference: https://threatfox.abuse.ch/ioc/1150544/

165.227.8.47:443

# Reference: https://twitter.com/k3dg3/status/1697373194972217715
# Reference: https://tria.ge/230831-1vmzzsba29/behavioral1

134.156.166.37:332

# Reference: https://threatfox.abuse.ch/ioc/1163465/

62.4.17.47:443

# Reference: https://threatfox.abuse.ch/ioc/1163901/

164.52.223.235:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.bumblebee/ (# 2023-09-19)

164.52.216.101:443
164.52.223.170:443
170.187.142.12:443
185.226.116.226:443
216.48.184.52:443
43.155.161.152:443
95.177.215.71:443

# Reference: https://twitter.com/Intrinsec/status/1709609529070010447
# Reference: https://www.virustotal.com/gui/ip-address/128.140.53.189/relations
# Reference: https://www.virustotal.com/gui/file/4ca01b4a13ae7673bd0e92aa999efc59c1614bb496e2274e8d552ed2fc6cfe00/detection
# Reference: https://www.virustotal.com/gui/file/60f4f1cd1eed873c414fb56441a3d76efbb469ee1312b3b73c0534eec1e082d3/detection

g7qf7ew5c.life

# Reference: https://twitter.com/k3dg3/status/1711509566934974785

186.85.54.111:149

# Reference: https://threatfox.abuse.ch/ioc/1198165/

20.22.18.80:443

# Reference: https://threatfox.abuse.ch/ioc/1204316/

149.28.109.119:443

# Reference: https://twitter.com/Artilllerie/status/1729182856625496184
# Reference: https://bazaar.abuse.ch/sample/4203f929fe8fab1c990e027216ef732955cc4fbfe598e9dc02dbf61fefd2e579/
# Reference: https://www.virustotal.com/gui/ip-address/62.133.61.203/relations
# Reference: https://app.validin.com/axon?find=62.133.61.203&type=ip
# Reference: https://tria.ge/231125-1cf4qach83
# Reference: https://www.virustotal.com/gui/file/790e47348ed361bcb1b2d5e3f5ab7c95f3fb7b53b94b54ea0dffd93d8d0f6e0e/detection

livmesilovess.pro
llvemewhateh.pro
02uhomlq.life
0oz7923s.life
0req10rd.life
0rlxan4o.life
0xtmu3tz.life
10ciy2hb.life
11ou1grl.life
1p24echu.life
1p34o0do.life
1q04n1r6.life
1qa3k743.life
2z2dl1og.life
37zi55wc.life
3jhcm6ou.life
3k8iq1nb.life
3nmeg5wa.life
3xqy6csn.life
43vtghfz.life
4huoqrsp.life
4r3inwrt.life
4soexc4m.life
54y2q50j.life
6a1fbhay.life
6o26tws0.life
6qwim2j8.life
6xhpschv.life
7564a2mg.life
7kmzys39.life
83b0leyy.life
8hxwl72r.life
8qwcvseh.life
9hh7hq5r.life
a9nhflze.life
aiv8bb2b.life
aqjjchti.life
aqnx9c9h.life
awr5omre.life
ay03u2te.life
az77sw77.life
b24f19ne.life
baunjh6t.life
bei9dppm.life
btycmaq0.life
c9l8ri53.life
cg4cuoyi.life
d0k4fdaa.life
dph3pby8.life
e97igyz6.life
ep0kbvph.life
et53yjoc.life
fra3xqrx.life
hjcbhzd8.life
hkgd9kar.life
hx0hysyg.life
i6n08gx7.life
i9f44mju.life
igak9l9s.life
is45ipqt.life
j57fzy12.life
jpngew6a.life
jwyxm0f3.life
kqn0zkig.life
luw8ubf2.life
m3vc2ce4.life
m4v4xq2f.life
mddoknvi.life
n64c2akw.life
o10qz4xe.life
ohwv1vpp.life
oq36weoi.life
p1p97dov.life
p5e68m36.life
pe6r5tzc.life
pyjijjlm.life
q65io756.life
qal55els.life
qhfoevow.life
r0ca080m.life
r5ue5rok.life
rbvsf6io.life
t31jn4t1.life
t99iv15x.life
tcjcv520.life
tvgco82h.life
uq034w07.life
vojg90l2.life
vv5sfo80.life
vxyojl27.life
w2hje2t7.life
wq6w8jkq.life
wykpnxcx.life
x698iah6.life
yqofro9q.life
yykdmh0r.life
z2tp7x2v.life
zdx0i18o.life
zefawfb0.life
zmlly8xo.life
zna5lybe.life
zpy1vssg.life
