# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: darkcrystalrat, LightStone

# Reference: https://www.mandiant.com/resources/blog/analyzing-dark-crystal-rat-backdoor
# Reference: https://twitter.com/James_inthe_box/status/1178275531692756992
# Reference: https://app.any.run/tasks/01a715ca-6a34-4350-b3ba-d1daae1e3d16/

domalo.online
/ksezblxlvou3kcmbq8l7hf3f4cy5xgeo4udla91dueu3qa54/46kqbjvyklunp1z56txzkhen7gjci3cyx8ggkptx25i74mo6myqpx9klvv3/akcii239myzon0xwjlxqnn3b34w
/ksezblxlvou3kcmbq8l7hf3f4cy5xgeo4udla91dueu3qa54/46kqbjvyklunp1z56txzkhen7gjci3cyx8ggkptx25i74mo6myqpx9klvv3/
/ksezblxlvou3kcmbq8l7hf3f4cy5xgeo4udla91dueu3qa54
/46kqbjvyklunp1z56txzkhen7gjci3cyx8ggkptx25i74mo6myqpx9klvv3
/akcii239myzon0xwjlxqnn3b34w

# Reference: https://twitter.com/wwp96/status/1331059269089816581
# Reference: https://app.any.run/tasks/442534bd-e3db-4ba0-97c2-152d3a16c137/

http://91.240.84.166

# Reference: https://tccontre.blogspot.com/2019/10/dcrat-malware-evades-sandbox-that-use.html
# Reference: https://www.virustotal.com/gui/file/8d41d5131fac719cc11823fb57bef9ef1ea063dbb8f52b235a3948bece039d95/detection

80.87.202.63:25998
178.21.11.90:25998
hfjdhfgrhfnghvng.ru

# Reference: https://twitter.com/JAMESWT_MHT/status/1214876191699681280
# Reference: https://app.any.run/tasks/0a749c4f-0aad-40ab-9bbe-2a703f180eef/

bores.xyz

# Reference: https://app.any.run/tasks/e053d130-71e5-4a7d-936b-ac5b9d2b0129/

oxijoinedsite.site

# Reference: https://app.any.run/tasks/afef48e7-1724-4e27-95c6-580bf1a4c9a4/

city-pub-crawl.su

# Reference: https://app.any.run/tasks/eb847bb3-9a46-4401-992c-85e6f0b0e70f/

changer-esp.ml

# Reference: https://app.any.run/tasks/337e173e-b66c-4a94-96cd-5416c9322e28/

qiwi-api.site

# Reference: https://app.any.run/tasks/0017619a-c449-4827-9595-a781e34a295d/

kkkwdfea.tk

# Reference: https://app.any.run/tasks/7c5d1379-6d4a-495b-8dc1-3fc0b057fa65/

nistrype.fun

# Reference: https://app.any.run/tasks/41df6b91-87a2-4e07-8b4b-3b0afafff205/

never-project.hhos.ru

# Reference: https://app.any.run/tasks/6661b475-c9d1-42b4-bb6a-f864aa086973/

a0365369.xsph.ru

# Reference: https://app.any.run/tasks/346f1108-88cc-4374-bcf4-e613759e111e/

flextem.000webhostapp.com

# Reference: https://app.any.run/tasks/dea60c48-0c60-4338-ba69-9b858760ad68/

beepn.pw

# Reference: https://app.any.run/tasks/23a59334-0db7-40fa-922a-81eab53a20d9/

f0313002.xsph.ru

# Reference: https://app.any.run/tasks/53d78c4b-a003-4af6-9bf0-e3e1155b8ee0/

a0388296.xsph.ru

# Reference: https://app.any.run/tasks/58136f06-a6ed-403e-b16f-9076f37f9ec3/

a0387063.xsph.ru
myhostforlic.ucoz.ru

# Reference: https://app.any.run/tasks/dc26d9b1-dd74-4cc4-8d0e-ef4f3e0e9adf/

vkgroup.tk

# Reference: https://app.any.run/tasks/c97cf5dd-781d-4eb9-8d95-a8829393f80d/

a0315266.xsph.ru

# Reference: https://app.any.run/tasks/f09df457-25de-454e-b10a-5073b48989a3/

sdfsdgafghaetg.tk

# Reference: https://twitter.com/jorgemieres/status/1255866190771167236
# Reference: https://www.virustotal.com/gui/domain/logins.kl.com.ua/relations
# Reference: https://app.any.run/tasks/8696e015-2f09-4d96-b6eb-ef6df4dabfee/

logins.kl.com.ua

# Reference: https://app.any.run/tasks/ee26c21e-b96c-4533-993f-9d91ffb2a514/

cv36917.tmweb.ru

# Reference: https://www.fireeye.com/blog/threat-research/2020/05/analyzing-dark-crystal-rat-backdoor.html
# Reference:https://www.virustotal.com/gui/file/98d0e41701388f1fe202fbabac1fa628a110e8db27737009014774a9e761463c/detection

dcrat.ru
cdn.dcrat.ru

# Reference: https://app.any.run/tasks/cb6c1c2e-40e3-424c-9e4e-85125736d328/

ajci.tk

# Reference: https://app.any.run/tasks/f98f9ffa-6ece-4185-a3eb-0d33d5ed0449/

a0457406.xsph.ru

# Reference: https://app.any.run/tasks/2272828d-9756-44f6-afa1-c87913bcddd5/

http://212.109.221.247

# Reference: https://www.virustotal.com/gui/file/c1e705ce5ea1f84af3557d0bd10eefbbdd81fa4ddf6b4c0a51de1a34ab59e327/detection

a0461492.xsph.ru

# Reference: https://www.virustotal.com/gui/file/1fe6f6deb80bff8019cf443e4c0be1fe9c9cf585404428cbe145b673441b9598/detection

tereshyd.beget.tech

# Reference: https://www.virustotal.com/gui/file/220713be75f67da3ee73406c8a4c2f53b3a92126d5ef73b3dd193017f3826e94/detection

web75.craft-host.ru

# Reference: https://www.virustotal.com/gui/file/73dc0dcdf3a15bfefb1c438fff7ee729f4e35d7ecfab2b76558eabfd7944fc6f/detection

srv166785.hoster-test.ru

# Reference: https://www.virustotal.com/gui/file/203cf853c60be3985c25ce7798e155210a2b128185e5715322eb43171b25c4fa/detection

srv164667.hoster-test.ru

# Reference: https://app.any.run/tasks/535fce56-9ae0-4d8c-a033-ef78e03d2ef9/

ct10840.tmweb.ru

# Reference: https://app.any.run/tasks/289ab4e6-5a3e-46c6-8d29-49098990a9b7/

/eej32n40olfi20gqv0apdzk5x3wecwc2576rorvdmpsyt61rxmmgr6qp/

# Reference: https://app.any.run/tasks/c40ac2ec-986f-4b17-a83f-684149c31038/

/2jvhfu93ja1n5ef28yjwh8197xp0tbm6zegu2en75wti6hta/

# Reference: https://app.any.run/tasks/5f9bd8e6-6910-4216-95ba-7ad1af291b74/

/pgofzftnelhu53gj7qbwil2vo/
laserink.beget.tech

# Reference: https://twitter.com/wwp96/status/1335668703967539202
# Reference: https://app.any.run/tasks/d5eb72ee-af60-45c0-9ec2-17f0c34adc01/

http://185.189.12.125
/m1tjns1b229pczehyub8swfc3kzugkrrqbt6yx3c4xa8snig212irqznd90h9d6w6vjvu1m0yal4/
/wpz36jbvcq4syjrqjprito1r8ck12ui20ib5a40k8fmy7p49xk5yqxgnz/
/2e70bbdf534a47f9cc68a16122290cad65b3ed05.php

# Reference: https://twitter.com/wwp96/status/1335690053482405889
# Reference: https://app.any.run/tasks/8cb6c05f-a11e-40b4-9e7a-2ac14f04cd22/

http://212.109.216.114
/wmu7nzj48bdc5sfsivxxqwbhwvytre7ez/
/ramh92gnmgzspukfiow6z3w4k0syktrjibaovdmcgqze53rv3d1h85hs16t5jnjdcbefq1qi76n4poo8cf/
/dcbb3f0abca3117648fdcab13b68e1162ddbc275.php

# Reference: https://app.any.run/tasks/a6cff01f-a7aa-4180-b155-54ed2bd998be/

http://62.109.27.122
/ecxhnnthpytusqif0j9x7534rmz/
/nbszeoiml6wssgfpdtjbla9r8q59xcgphsft1cks7ru041oe9u5vijm0zclyz64eh2rdj7/
/1272d9d3e244604153265cb97db3c19ba1f2d7f5.php

# Reference: https://app.any.run/tasks/c19f8094-f2ff-4e49-98e3-ef1430e152e9/

http://82.146.57.28
/1841jr7loo9itlriycjs137kkurmub6gy4fgve85wej6p9cwzht/
/6nai20vl9ol9cpx4ugfqtzpgnh2q/
/53e88c7cd6f237543ef0b0cb52d775b7d583f83a.php

# Reference: https://app.any.run/tasks/8132aeef-11ed-443d-ae37-e61746e4e643/

a0501919.xsph.ru

# Reference: https://app.any.run/tasks/84288362-9f98-408c-b148-99b6d1aa0c2b/

http://94.250.255.110
/92axhgmxpdkezsc8o7utb4coqyop9ls4r8ynuqp05g22/
/92axhgmxpdkezsc8o7utb4coqyop9ls4r8ynuqp05g22/x3n9o/b88e556bffd877877e03b181174f5d55dd654e9e.php
/b88e556bffd877877e03b181174f5d55dd654e9e.php

# Reference: https://app.any.run/tasks/5433b35a-7ff2-414d-824e-4d4a73a3cce7/

cu24886.tmweb.ru
/xo8destofsad1yy0o0pj9rgjj4mqt5by2b8a9ktibk9z1h68npcffaorwp3/
/mjdpbwao3xfihlspr01mxeuj8ujcmv4i1pswkv6vja0so55dz2o4sgf5wqi9bnvi6h3dc4qd6gyf8/
/5f7b65221ba9f26a68dbe40cd557a10da5c41c17.php

# Reference: https://www.virustotal.com/gui/file/2e2dbb104e1a170651a42f2e739440719fea74360416cd6945d7a9e2eefa01bb/detection

sss.lyuk.fun
/lubacmytkmhh5d338wi4sub7av44bzkyzugl1mccx2q98qjf6cjna9g295gwrwjafoziul6apfep/65dc8f3f8e19a8822548a9b139852b2ae510a7f9.php
/lubacmytkmhh5d338wi4sub7av44bzkyzugl1mccx2q98qjf6cjna9g295gwrwjafoziul6apfep/
/65dc8f3f8e19a8822548a9b139852b2ae510a7f9.php

# Reference: https://www.virustotal.com/gui/file/84c1cd5e95673fca1444b5879e83857e0513b3985a8e9152b45f6ad6e688971d/detection

sdam-oge.xyz
/u2l4eq1htsg0u8ktp6ybv1arcxmoax/4j0oidz6tcdbp2oex8/04107c5846d99adc0ccece6ba32e8daa52346d3b.php
/u2l4eq1htsg0u8ktp6ybv1arcxmoax/
/04107c5846d99adc0ccece6ba32e8daa52346d3b.php

# Reference: https://www.virustotal.com/gui/file/c9a1d56e05b593d77541650c1424eeeb4c18ff948436f2c1e1ceffff61e424d4/detection
# Reference: https://www.virustotal.com/gui/file/f42a09edcf9d7745925cd56d498f57104329b10dcd221c99dd07df3fae4d6c64/detection
# Reference: https://www.virustotal.com/gui/file/30ca126420741c189cf4bf0cdb236c5ae863bb0cc705d3fcb45dc2b502652819/detection
# Reference: https://www.virustotal.com/gui/file/2bf90f9564d31ceec8f61908e8de2594082b1eb8622355b3436608559c5ce68a/detection
# Reference: https://www.virustotal.com/gui/file/c9a1d56e05b593d77541650c1424eeeb4c18ff948436f2c1e1ceffff61e424d4/detection

changer-esp.ml
/agpo589w2hro33u3uwsrw551cmq9d1h8ua/ekfkmfzlcgtyckndd184itb7b9a6sj6voa4a475b15epzy3voxns7mf9qb9t5wr/f287097c7ea3f9c96305e3c6d2b24a0492b2e42c.php
/agpo589w2hro33u3uwsrw551cmq9d1h8ua/
/ekfkmfzlcgtyckndd184itb7b9a6sj6voa4a475b15epzy3voxns7mf9qb9t5wr/
/f287097c7ea3f9c96305e3c6d2b24a0492b2e42c.php
/jpep63pj8f5k0956dofx1kr7kbmhtnkg3pjlcqqbc9tev86y0u6w3zxujcn1/lr8bs3n8dwzekz95t7g5290ynb1xguo1tc02wv3kmp0e96yrlr4406uirfsnp/810a818d2e046901cbf4685b2447bf5eced209d3.php
/jpep63pj8f5k0956dofx1kr7kbmhtnkg3pjlcqqbc9tev86y0u6w3zxujcn1/
/lr8bs3n8dwzekz95t7g5290ynb1xguo1tc02wv3kmp0e96yrlr4406uirfsnp/
/810a818d2e046901cbf4685b2447bf5eced209d3.php
/wrrk41xugrucxw8bmia1luo3ndykspkqxowev4qyn2vlt204gyes/ux3phf0o9efk052qntnlsiwxj1a6i1s9le0pukz6gg17got3h5n5ocjgr/524276db2008bc5a31cfab16b20e3f57a04e33d0.php
/wrrk41xugrucxw8bmia1luo3ndykspkqxowev4qyn2vlt204gyes/
/ux3phf0o9efk052qntnlsiwxj1a6i1s9le0pukz6gg17got3h5n5ocjgr/524276db2008bc5a31cfab16b20e3f57a04e33d0.php
/ux3phf0o9efk052qntnlsiwxj1a6i1s9le0pukz6gg17got3h5n5ocjgr/
/524276db2008bc5a31cfab16b20e3f57a04e33d0.php
/jqa220bvl8yxsdgmhki3fmjgo4alngtje10p3crfnl6bx3szk2dyis7x05v2xqw7huuawfu94crk/f730cf4f95e8c4974e9e354f14e192a209410810.php
/jqa220bvl8yxsdgmhki3fmjgo4alngtje10p3crfnl6bx3szk2dyis7x05v2xqw7huuawfu94crk/
/f730cf4f95e8c4974e9e354f14e192a209410810.php
/agpo589w2hro33u3uwsrw551cmq9d1h8ua/ekfkmfzlcgtyckndd184itb7b9a6sj6voa4a475b15epzy3voxns7mf9qb9t5wr/f287097c7ea3f9c96305e3c6d2b24a0492b2e42c.php
/agpo589w2hro33u3uwsrw551cmq9d1h8ua/
/ekfkmfzlcgtyckndd184itb7b9a6sj6voa4a475b15epzy3voxns7mf9qb9t5wr/f287097c7ea3f9c96305e3c6d2b24a0492b2e42c.php
/ekfkmfzlcgtyckndd184itb7b9a6sj6voa4a475b15epzy3voxns7mf9qb9t5wr/
/f287097c7ea3f9c96305e3c6d2b24a0492b2e42c.php

# Reference: https://www.virustotal.com/gui/file/c569b600936870c0205b6992fca7a3d98adc5d6d90206392bb29445bc04fdd9f/detection
# Reference: https://www.virustotal.com/gui/file/fc63cd606cf3be19778fc8a599565f466bace3ea413397b9207571cf90ee4d70/detection

trtrk.tk
/8sk7wdukztor4gv6sscgcbsfom672xgdl8hwn5slhhvn/9w78z41vd65tnev2dbg6xn7ifnthlum1lesjeybeh10ipcg568q/40511eac9a18da158d2524bf42b8099db23a7198.php
/8sk7wdukztor4gv6sscgcbsfom672xgdl8hwn5slhhvn/
/9w78z41vd65tnev2dbg6xn7ifnthlum1lesjeybeh10ipcg568q/
/40511eac9a18da158d2524bf42b8099db23a7198.php
/hb6z5e4vtf7s7xant1ymggp/0y6trz8p796z3l9un1bmkoryqt8jb7q0zno0m0cxrelxrbwvwssek2n3/94fdeb52381c8578b3fe82a4da27d8843a71254f.php
/hb6z5e4vtf7s7xant1ymggp/
/0y6trz8p796z3l9un1bmkoryqt8jb7q0zno0m0cxrelxrbwvwssek2n3/
/94fdeb52381c8578b3fe82a4da27d8843a71254f.php

# Reference: https://www.virustotal.com/gui/file/0c08183ca7d7511a0fb5ca3ab11d74b066c38427912220e963c4ceafe87350ed/detection
# Reference: https://www.virustotal.com/gui/file/11accc9b0cd6f1bcff495f7a3ec2b9ebc7acfaa15f5bf88160c4ae724eeb0269/detection
# Reference: https://www.virustotal.com/gui/file/19293bab3f8d1598dff122142f0641aeaf5c7b63d9692d565e4b4b5ae2fea82d/detection
# Reference: https://www.virustotal.com/gui/file/b505454ac5e35abf59bfd6d039d07348a309b4903f5679c10168215f8f4566f9/detection

big-chlen.ml
/zcc4wy82hc9sk351nf51xrzjmeqeisfnjwrw0nagso7z2mnb72aac1iqe3lv/ul86hhzpxz2terk/a06763f99577add4361c8f382e94b1d384d0eae2.php
/zcc4wy82hc9sk351nf51xrzjmeqeisfnjwrw0nagso7z2mnb72aac1iqe3lv/
/a06763f99577add4361c8f382e94b1d384d0eae2.php
/81ly4nh50jk0n43ze2fq6svhtp1x2ddrulymihx2qkkrgapah0a9l1w7lm79r3c1r8t1/5add562f05b70b54786e15b898eade52720a0304.php
/81ly4nh50jk0n43ze2fq6svhtp1x2ddrulymihx2qkkrgapah0a9l1w7lm79r3c1r8t1/
/5add562f05b70b54786e15b898eade52720a0304.php
/eb6ce1l2uf1lcdxiutpsskg4q22u4tt0mqfydf63n43chv8ts9zq6y5jre8zlpabz9f/o42p885c1967jdwl3wmfb3fi8msmyzz0se12yt1b2kuiou5v9ogc/461d319af8a6a131a055d1fbc3587d7e081534b5.php
/eb6ce1l2uf1lcdxiutpsskg4q22u4tt0mqfydf63n43chv8ts9zq6y5jre8zlpabz9f/
/o42p885c1967jdwl3wmfb3fi8msmyzz0se12yt1b2kuiou5v9ogc/461d319af8a6a131a055d1fbc3587d7e081534b5.php
/o42p885c1967jdwl3wmfb3fi8msmyzz0se12yt1b2kuiou5v9ogc/
/461d319af8a6a131a055d1fbc3587d7e081534b5.php
/4e3twf02xyx7uk3nlzuc/cbanirg43pfycp0098lxcoq7xsef2h8o/06aca9cb7ae3a7ae747899d9d5db60d066937d79.php
/4e3twf02xyx7uk3nlzuc/
/cbanirg43pfycp0098lxcoq7xsef2h8o/
/cbanirg43pfycp0098lxcoq7xsef2h8o/06aca9cb7ae3a7ae747899d9d5db60d066937d79.php
/06aca9cb7ae3a7ae747899d9d5db60d066937d79.php

# Reference: https://www.virustotal.com/gui/file/7738ad1029f1709ec86c8ba24e04b3f71edf671b64681b884ccd70725a1674a5/detection

f0332298.xsph.ru
khxclhpyxach.000webhostapp.com
tedrbavrjrvl.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/78d3657bc6632a7894975a120f3e3cba24a31c1be98d703ebd455ec3eb1b443f/detection

fthtrhtht.xyz.swtest.ru

# Reference: https://www.virustotal.com/gui/file/b0587a32f9dcd1918883354db87376bafaebfed10359228540e57372c2410eb9/detection

borodach2643890.online.swtest.ru
/stl8ldqmfrrfel0p6w5pfloceixidn3dg2qzitsb56ghwkefgbq4zg/1s1tqx4nad15jp7m36/2d1465a3505530413d71f7c5643c8f5f53f832bf.php
/stl8ldqmfrrfel0p6w5pfloceixidn3dg2qzitsb56ghwkefgbq4zg/1s1tqx4nad15jp7m36/
/stl8ldqmfrrfel0p6w5pfloceixidn3dg2qzitsb56ghwkefgbq4zg/
/1s1tqx4nad15jp7m36/
/2d1465a3505530413d71f7c5643c8f5f53f832bf.php

# Reference: https://www.virustotal.com/gui/file/79821a8e903d54162bd27f98e998056bdd86f9fb65fdfe6d2eb2db93d23d9e00/detection

joboykoya2.temp.swtest.ru
/dsa9bezkgbouxklfgtsj28jyu8mpiparwxcdwvqkwzuw4e4imtvhpq5odqz626wy103/zsoa7fq/c76977934cb8179863e8dcc6877b78f9eaa2c2f0.php
/dsa9bezkgbouxklfgtsj28jyu8mpiparwxcdwvqkwzuw4e4imtvhpq5odqz626wy103/
/c76977934cb8179863e8dcc6877b78f9eaa2c2f0.php

# Reference: https://www.virustotal.com/gui/file/dd2e16f51093a9e1f219dbbb9ed9170969e6d5f82fd75e9ffb14100a60b00944/detection

xibefoc467.temp.swtest.ru
/jr362ixublms04ceyi7zfnntmea9so8e51/mtzkbzxvmgzja977vh5cy2iea9ynrdku/ca9a1b6af82a14cc6367351fd09e28d59e3cf499.php
/jr362ixublms04ceyi7zfnntmea9so8e51/mtzkbzxvmgzja977vh5cy2iea9ynrdku/
/jr362ixublms04ceyi7zfnntmea9so8e51/
/mtzkbzxvmgzja977vh5cy2iea9ynrdku/
/ca9a1b6af82a14cc6367351fd09e28d59e3cf499.php

# Reference: https://app.any.run/tasks/fc618299-4cef-4e89-b5c0-4d2efb519054/

cu31892.tmweb.ru

# Reference: https://app.any.run/tasks/875036f3-5d0f-4197-bee5-3760f7e8dd95/

oneway-exe.ru

# Reference: https://app.any.run/tasks/6fd6f53a-609f-41f3-adf5-e2d47c6af95b/

ch71531.tmweb.ru

# Reference: https://www.virustotal.com/gui/file/5e92f42622ff84d9e7924fd77d203daae58dbf09da9b2bcab7474cf051820740/detection

exempal.cf
/dps7t752hgory13y2703rrpgxsw6owmmli8acdo9azm1v0q2b7lenn9w3kciuzn87zr4jvnz6f8lk30/6uooe4ipdagnerdwo8h5kh2txam1njqcx7j/87df5a86f678b2f61f9e2fae37a1c758737a0e99.php
/dps7t752hgory13y2703rrpgxsw6owmmli8acdo9azm1v0q2b7lenn9w3kciuzn87zr4jvnz6f8lk30/6uooe4ipdagnerdwo8h5kh2txam1njqcx7j/
/dps7t752hgory13y2703rrpgxsw6owmmli8acdo9azm1v0q2b7lenn9w3kciuzn87zr4jvnz6f8lk30/
/6uooe4ipdagnerdwo8h5kh2txam1njqcx7j/87df5a86f678b2f61f9e2fae37a1c758737a0e99.php
/6uooe4ipdagnerdwo8h5kh2txam1njqcx7j/
/87df5a86f678b2f61f9e2fae37a1c758737a0e99.php

# Reference: https://www.virustotal.com/gui/file/4826fb45c88d5e352c330de2c76612baed1eb94c58bc58929ffcd9df5b0b5213/detection

a0315442.xsph.ru
/8vrpgqblltuiasb3pavt/cas5qc1ukntde7mnk4z88isab2jl3pv845auzfvzh5krdwoxpwoe5vn8btgi7ucqvfjtuh/a82e98ad62625d64cf0aac8ff970f101f0b8dbdd.php
/8vrpgqblltuiasb3pavt/cas5qc1ukntde7mnk4z88isab2jl3pv845auzfvzh5krdwoxpwoe5vn8btgi7ucqvfjtuh/
/8vrpgqblltuiasb3pavt/
/cas5qc1ukntde7mnk4z88isab2jl3pv845auzfvzh5krdwoxpwoe5vn8btgi7ucqvfjtuh/a82e98ad62625d64cf0aac8ff970f101f0b8dbdd.php
/8vrpgqblltuiasb3pavt/cas5qc1ukntde7mnk4z88isab2jl3pv845auzfvzh5krdwoxpwoe5vn8btgi7ucqvfjtuh/
/a82e98ad62625d64cf0aac8ff970f101f0b8dbdd.php

# Reference: https://www.virustotal.com/gui/file/c79c8b52c8e06c77e068bf2d7798490ae3fbb596d798a3232011f0acbf322d9a/detection 

a0472136.xsph.ru
/434a17mvckf19dxf83nl84jcsgkqj6tkfpa152ec8/
/011afb0749904eed1c837350cda0a7aea10f84c9.php

# Reference: https://www.virustotal.com/gui/file/26bb89fed1eb8544bf3e70fdac8713d7201cd3b36962738aa23f42371779c100/detection

f0452627.xsph.ru
/d0wpfpdwqcvri7hikj0honbqlg60vkld/ec7i7ylhvupxp1jpdah68mzigqxyat0nuw9spok3ywfql52ct5nv5k419/52d126a457c70dcf8f15c863f1e7eb6318f28152.php
/d0wpfpdwqcvri7hikj0honbqlg60vkld/ec7i7ylhvupxp1jpdah68mzigqxyat0nuw9spok3ywfql52ct5nv5k419/
/d0wpfpdwqcvri7hikj0honbqlg60vkld/
/ec7i7ylhvupxp1jpdah68mzigqxyat0nuw9spok3ywfql52ct5nv5k419/
/52d126a457c70dcf8f15c863f1e7eb6318f28152.php

# Reference: https://www.virustotal.com/gui/file/ccb4673eba9fc6523366bfe8a0dfaa8cf4c4aa3f5c5edccc3c98dd4b28356fe0/detection

f0471995.xsph.ru

# Reference: https://www.virustotal.com/gui/file/21b703742ded5a6ac2d580ccbe1fadc3113e6c01750658c93204e5cb3c4797e7/detection

a0486179.xsph.ru
/0ewhm8n8kba1grvga073qjtu7lq/
/ccba8a2e3755c5123325a7f2e766975b0ad70363.php

# Reference: https://www.virustotal.com/gui/file/89c0578b862c36d099744f435c97e3d64cefc29a3705dfa61735ab9d7939c83e/detection

cy59724.tmweb.ru
/fhouqsip6grypvxr4gvoeu5s/6h56e8do29cj71emx2wxop90l6ms6b0n03ys1v34m9c4ffqfymjeslku1nt4zxrzpe/e6eca0e86c3ff6c5f5ce3b597946a8466c9a5e49.php
/6h56e8do29cj71emx2wxop90l6ms6b0n03ys1v34m9c4ffqfymjeslku1nt4zxrzpe/e6eca0e86c3ff6c5f5ce3b597946a8466c9a5e49.php
/fhouqsip6grypvxr4gvoeu5s/
/6h56e8do29cj71emx2wxop90l6ms6b0n03ys1v34m9c4ffqfymjeslku1nt4zxrzpe/
/e6eca0e86c3ff6c5f5ce3b597946a8466c9a5e49.php

# Reference: https://www.virustotal.com/gui/file/c3832621e8b001e0d9c67a2eb87df480794160ba88dad28611e3fbd1019e382f/detection

pcsovet.5k5.ru
/4r8sb3nl87wc75w9rh3ffhu6w5che/bltcxwg89mid9szec5tojjm79ls6kh1rom74d71n3hvepefuiylji0rffa5n62l56wsuk28bcw978agtu1y/d1e916594122bd471161b2701ccd8b16c7d56f06.php
/4r8sb3nl87wc75w9rh3ffhu6w5che/bltcxwg89mid9szec5tojjm79ls6kh1rom74d71n3hvepefuiylji0rffa5n62l56wsuk28bcw978agtu1y/
/4r8sb3nl87wc75w9rh3ffhu6w5che/
/bltcxwg89mid9szec5tojjm79ls6kh1rom74d71n3hvepefuiylji0rffa5n62l56wsuk28bcw978agtu1y/
/d1e916594122bd471161b2701ccd8b16c7d56f06.php

# Reference: https://twitter.com/c3rb3ru5d3d53c/status/1366076714653212676
# Reference: https://www.virustotal.com/gui/file/50444a618ccea3cc6b93088378260b2fab89b5b92d4b06f27fc2e8a58b950c79/detection

cg94871.tmweb.ru
/ipq342neycw2vemr137rhq3u1lsggre8hk4enbicwwb7hdfzrtpla4kyufmto/avldwf/11d3d498af0fd072d4bbc98f8a2273b235c27adb.php
/ipq342neycw2vemr137rhq3u1lsggre8hk4enbicwwb7hdfzrtpla4kyufmto/
/11d3d498af0fd072d4bbc98f8a2273b235c27adb.php

# Reference: https://www.virustotal.com/gui/file/6ac9d0949e78f75adb767797d2e8f456b9bfc19cf85ce0f6fe4fe2e2678ae020/detection

a0484572.xsph.ru
/0ongi8hxo7yarpcd65ellx53/cwc80amx0pz2qbb7j75ew4h3mtreckxau7203jofqsdgqekrx0a924p21lv95n58fl69v54an/0e776a6139e804b26561001e727cd021217e5558.php
/cwc80amx0pz2qbb7j75ew4h3mtreckxau7203jofqsdgqekrx0a924p21lv95n58fl69v54an/0e776a6139e804b26561001e727cd021217e5558.php
/0e776a6139e804b26561001e727cd021217e5558.php
/0ongi8hxo7yarpcd65ellx53/
/cwc80amx0pz2qbb7j75ew4h3mtreckxau7203jofqsdgqekrx0a924p21lv95n58fl69v54an/

# Reference: https://www.virustotal.com/gui/file/0db9b3287dbda591372414623e67ed65e19145656ec7270c545e33ec8dcf7359/detection

f0438395.xsph.ru
f0446323.xsph.ru
/y4owmffza4zbl/vay92fnfwidomnmj2ati1/ce35e0ff1e1d2c8b81e3deee715d223b27132874.php
/y4owmffza4zbl/vay92fnfwidomnmj2ati1/
/y4owmffza4zbl/
/vay92fnfwidomnmj2ati1/
/ce35e0ff1e1d2c8b81e3deee715d223b27132874.php

# Reference: https://www.virustotal.com/gui/file/0bc8f7c32c038195ec0a00142e6a497a85740044b6c7f58f140d8bd084aa4c7d/detection

f0478615.xsph.ru
/zli0hx3rb7l5motetc6rq/m50qy39ordpa8n7ags3r1jmhv4441kibchpvujqu1c67lz54wdhn41etky0p0mjfruxx/bf8bde4aecac1785475ed63563972416621c91d2.php
/zli0hx3rb7l5motetc6rq/m50qy39ordpa8n7ags3r1jmhv4441kibchpvujqu1c67lz54wdhn41etky0p0mjfruxx/
/zli0hx3rb7l5motetc6rq/
/m50qy39ordpa8n7ags3r1jmhv4441kibchpvujqu1c67lz54wdhn41etky0p0mjfruxx/
/bf8bde4aecac1785475ed63563972416621c91d2.php

# Reference: https://www.virustotal.com/gui/file/10308a424c6d9abfc703efc49ab5d0840766ebf51ac4b03269a1f98ef0a66aec/detection

f0463306.xsph.ru
/dnc43rncghchlzne9ifqkgvkz/w1d6njsup/5bea1966ae5a874168cf125971b3ea99cedb7df7.php
/dnc43rncghchlzne9ifqkgvkz/
/5bea1966ae5a874168cf125971b3ea99cedb7df7.php

# Reference: https://www.virustotal.com/gui/file/cd6e3b60a429bbf3dd571ac9bcb953f378433264550325139b1535c79b434e86/detection

f0475486.xsph.ru
/tq2jahdsfa5g9y3w1wjcio6r48zu6qvp7o92omin3etbfwh5uad8p/bv426i0urvvb71p1ecoum8rsozplify7glwhxk97w/fc0de89767fa4fb6ceb846e92428d4a917d24c31.php
/tq2jahdsfa5g9y3w1wjcio6r48zu6qvp7o92omin3etbfwh5uad8p/bv426i0urvvb71p1ecoum8rsozplify7glwhxk97w/
/tq2jahdsfa5g9y3w1wjcio6r48zu6qvp7o92omin3etbfwh5uad8p/
/bv426i0urvvb71p1ecoum8rsozplify7glwhxk97w/
/fc0de89767fa4fb6ceb846e92428d4a917d24c31.php

# Reference: https://www.virustotal.com/gui/file/0c797645b62f0d5262d2db462218c9f0ad064858bfe206f02d99541c7bc762dd/detection

f0457573.xsph.ru
/5a7tuwel9087f50z2wu42oyf8sbjeztvg785xrn/gh7r8ky9sp/8661ba6a5e0db20f23382c8ecb1af46b4af13638.php
/5a7tuwel9087f50z2wu42oyf8sbjeztvg785xrn/
/8661ba6a5e0db20f23382c8ecb1af46b4af13638.php

# Reference: https://www.virustotal.com/gui/file/3507728820cc00598364f740bc8bd661b3ea2217d3292f17b20f8d9093fda25e/detection

f0494736.xsph.ru
/q3vuzcny1grdz47l019ksvl7g5kla6tq1johbifung5j617s82dd2oyf/og4rzao3yh3z48er5eh8y3lju1dwtcntz9xw6jfo9pf5807xk2ffvup5402w4kj/sryg3ha98v02qow3rp/dc8c5ce9e6004966bf6ad5e7499b507b.php
/q3vuzcny1grdz47l019ksvl7g5kla6tq1johbifung5j617s82dd2oyf/og4rzao3yh3z48er5eh8y3lju1dwtcntz9xw6jfo9pf5807xk2ffvup5402w4kj/
/q3vuzcny1grdz47l019ksvl7g5kla6tq1johbifung5j617s82dd2oyf/
/og4rzao3yh3z48er5eh8y3lju1dwtcntz9xw6jfo9pf5807xk2ffvup5402w4kj/
/fbd557434528cbf66b6d4edaaf8c7c68f5b17c75.php
/sryg3ha98v02qow3rp/dc8c5ce9e6004966bf6ad5e7499b507b.php

# Reference: https://www.virustotal.com/gui/file/0c973ee7d91878f4db5d0044ecb43f508df4013d85d85b33f5a58ff3ee1a58a0/detection

f0493264.xsph.ru
/piks3hwokuzpinvf1sifaqvlezh0/
/f3924bcd353a8e1f603f95309fa65ca3f8dcfceb.php
/piks3hwokuzpinvf1sifaqvlezh0/zc8bt0r4pk3m9ql8c6dc9xlnyl0tk5bok42soa5j1o68pg20t/283314aaecfe5dd34e232939e1218999.php
/piks3hwokuzpinvf1sifaqvlezh0/zc8bt0r4pk3m9ql8c6dc9xlnyl0tk5bok42soa5j1o68pg20t/
/zc8bt0r4pk3m9ql8c6dc9xlnyl0tk5bok42soa5j1o68pg20t/
/283314aaecfe5dd34e232939e1218999.php

# Reference: https://www.virustotal.com/gui/file/040a25f63a9c6fb1703a1039488a0eba849588a054b5e603cd19792707d2ef32/detection

f0503470.xsph.ru

# Reference: https://www.virustotal.com/gui/file/d50d9f271cf93d53fe6d1f1a00546e12c04f00e6546158a389c99a201b281231/detection

f0515589.xsph.ru
/34voq2emqal4bp5any671hzf9lm3ij839zrxw2gzhl6ttih4ewum0ply6omxcfus08wn14ib/03ryscvohzllc76/ea5efdbfcf64407f0133129dc50e9decb86eddc2.php
/34voq2emqal4bp5any671hzf9lm3ij839zrxw2gzhl6ttih4ewum0ply6omxcfus08wn14ib/03ryscvohzllc76/
/34voq2emqal4bp5any671hzf9lm3ij839zrxw2gzhl6ttih4ewum0ply6omxcfus08wn14ib/
/ea5efdbfcf64407f0133129dc50e9decb86eddc2.php

# Reference: https://www.virustotal.com/gui/file/357b1770262a0b0f33f56f8fece9e1e35f4918acf72d36bb3cae719fde9bc18b/detection

f0510538.xsph.ru
/u3s904w2ibcgouhmgk4bcxx1a2vetdp7/
/7db32d0d111d8e8d56501876d36930c7da4bbda7.php

# Reference: https://www.virustotal.com/gui/file/8c0a2621bdd862a767aea8ac6c8721a07f11232db5b16a60cd868341355a3e07/detection

f0491418.xsph.ru
/jbouypul6170z295czg/9esptzen95oqo1qj4mmd7fbuo63xp2pnv1c8wizr6bjlkf2da4a4u6axfv3uhex36wludrvoec5ykywq/103eeb3716f4deeefafd758ba7c991b6b88dd11e.php
/jbouypul6170z295czg/9esptzen95oqo1qj4mmd7fbuo63xp2pnv1c8wizr6bjlkf2da4a4u6axfv3uhex36wludrvoec5ykywq/
/jbouypul6170z295czg/
/9esptzen95oqo1qj4mmd7fbuo63xp2pnv1c8wizr6bjlkf2da4a4u6axfv3uhex36wludrvoec5ykywq/
/103eeb3716f4deeefafd758ba7c991b6b88dd11e.php

# Reference: https://www.virustotal.com/gui/file/33291a6e72594047c17a796a081f09883550a219846dccd5ed3cfc8451b5a135/detection

f0509824.xsph.ru

# Reference: https://www.virustotal.com/gui/file/424917f137c2dba0a9dbbac18076aee314780dfccedc31883b1cbe7ce914298d/detection

f0515589.xsph.ru
/34voq2emqal4bp5any671hzf9lm3ij839zrxw2gzhl6ttih4ewum0ply6omxcfus08wn14ib/03ryscvohzllc76/ea5efdbfcf64407f0133129dc50e9decb86eddc2.php
/34voq2emqal4bp5any671hzf9lm3ij839zrxw2gzhl6ttih4ewum0ply6omxcfus08wn14ib/
/ea5efdbfcf64407f0133129dc50e9decb86eddc2.php

# Reference: https://www.virustotal.com/gui/file/be2cc2d4877f79dcb0cbef9a42d114544a135f2c1f8bd96ed06cb01c0defae60/detection

f0515572.xsph.ru

# Reference: https://www.virustotal.com/gui/file/14df9469961f7a159651587e0a4afc78d06e3d7247c9d9ccb47b840c71bfb792/detection

f0517366.xsph.ru
/3s66rm0tcvofycuvdqqdlhaoi0i7560bwkxgq97drftbf4m4l04nea9ugzt/wh97lg5i0mnw6rfzrg/d5501495d336c46495f9b8e54386c8bf5ac0cc5e.php
/3s66rm0tcvofycuvdqqdlhaoi0i7560bwkxgq97drftbf4m4l04nea9ugzt/wh97lg5i0mnw6rfzrg/
/3s66rm0tcvofycuvdqqdlhaoi0i7560bwkxgq97drftbf4m4l04nea9ugzt/
/wh97lg5i0mnw6rfzrg/
/d5501495d336c46495f9b8e54386c8bf5ac0cc5e.php

# Reference: https://app.any.run/tasks/3ca79d1f-03ef-4215-b587-082334de1ed7/

filmix.space
/s3l2w44ni0au767y00lrxlbkesye5cot4zund7ju9t3k65niw1msvh/g7o4lqch3nkt0p08/20eb5bca358665727c4c5ac112fb96afb9757028.php
/s3l2w44ni0au767y00lrxlbkesye5cot4zund7ju9t3k65niw1msvh/g7o4lqch3nkt0p08/
/s3l2w44ni0au767y00lrxlbkesye5cot4zund7ju9t3k65niw1msvh/
/20eb5bca358665727c4c5ac112fb96afb9757028.php

# Reference: https://www.virustotal.com/gui/file/a8b88f7751da32956991d5a6bed4bb5fe788696188a04b951f304e5035d1c5b0/detection

f0517233.xsph.ru
/7njihfv0a/kz5cfx173w93hd3eizzct6gy1gx8dj5ioy/5e150948e707791422070434d2fa55363f18c867.php
/7njihfv0a/kz5cfx173w93hd3eizzct6gy1gx8dj5ioy/
/5e150948e707791422070434d2fa55363f18c867.php
/kz5cfx173w93hd3eizzct6gy1gx8dj5ioy/db9hfgvbx/edc301e834c038e30c4f9fc52b979a12.php
/kz5cfx173w93hd3eizzct6gy1gx8dj5ioy/
/edc301e834c038e30c4f9fc52b979a12.php

# Reference: https://www.virustotal.com/gui/file/e7bc06eedb8600ef3a3a168e04260e2aa2c1bffa1eec3ab256deb866bed7b1d1/detection

f0519071.xsph.ru
/1lua73k3rf9/ag07622pc1uspjsulyin3gz3ywv8btbe0jx5tmkild45o88qfgt6v23keb1rdcnsfaz1fma09vns6rhtrghk37/2da79cb2b31cd83770333991b6d72e6823f7120d.php
/ag07622pc1uspjsulyin3gz3ywv8btbe0jx5tmkild45o88qfgt6v23keb1rdcnsfaz1fma09vns6rhtrghk37/
/2da79cb2b31cd83770333991b6d72e6823f7120d.php

# Reference: https://www.virustotal.com/gui/file/514227515d4d8d80d19bb27b92182154fefc8f016be0c86c8016ec9a0cad7c6a/detection

f0519034.xsph.ru
/gxb17nqb13togzcoj6w2wbvdamxwsgmvdmqxk74pz7iaetdzd08z1j7rak6ujptlgy/b55vlmrnyp/80501efbfd7a3a3302bf2aa2aeda671587c06f3c.php
/gxb17nqb13togzcoj6w2wbvdamxwsgmvdmqxk74pz7iaetdzd08z1j7rak6ujptlgy/
/80501efbfd7a3a3302bf2aa2aeda671587c06f3c.php

# Reference: https://www.virustotal.com/gui/file/84ae6fe4cd4f1357409af9eeea51b0ceb8385242c1e67b1f22a51a9475f3ce01/detection

cs51919.tmweb.ru
/jah3b5q3hkt4v8iuj47724umkygr1gsctnp3p1ukmio9ixwfcnflh76esg5fv4qnxlsm/sg2dmj1k5lzzxrtchs6omubpixuk3a1dqmb8rn/1b58f49e15eeb98754ad22cdd55072e27b160ca2.php
/jah3b5q3hkt4v8iuj47724umkygr1gsctnp3p1ukmio9ixwfcnflh76esg5fv4qnxlsm/sg2dmj1k5lzzxrtchs6omubpixuk3a1dqmb8rn/
/jah3b5q3hkt4v8iuj47724umkygr1gsctnp3p1ukmio9ixwfcnflh76esg5fv4qnxlsm/
/sg2dmj1k5lzzxrtchs6omubpixuk3a1dqmb8rn/
/1b58f49e15eeb98754ad22cdd55072e27b160ca2.php

# Reference: https://www.virustotal.com/gui/file/6e2c565e36ca5fd95af9f7a0d1a2fa6b9ec50caef4290e9eb9abe53ab3b8e70b/detection

a0404851.xsph.ru
/stwc3br2iynbmx8wlv054g1c9nyqq7eumxrb1t0u5d9znkez8jip10f4ap95ja94aabro1kxzxpq708/av4yi982qnv743qpxk/4b15077fafc5c905a0a10493de237bd680a0de80.php
/av4yi982qnv743qpxk/4b15077fafc5c905a0a10493de237bd680a0de80.php
/stwc3br2iynbmx8wlv054g1c9nyqq7eumxrb1t0u5d9znkez8jip10f4ap95ja94aabro1kxzxpq708/av4yi982qnv743qpxk/
/stwc3br2iynbmx8wlv054g1c9nyqq7eumxrb1t0u5d9znkez8jip10f4ap95ja94aabro1kxzxpq708/
/av4yi982qnv743qpxk/
/4b15077fafc5c905a0a10493de237bd680a0de80.php

# Reference: https://www.virustotal.com/gui/file/be4f2bc98517755200485163d8f7734702f9fc072fef2df4e6250f679151070c/detection

a0405963.xsph.ru
/smx039rtaq99eh0guby5copi4ml698dyb0k3acwg0czni6vbzat75bt/4cenvfizboennpdqih0avfwitbb3j4m4f4forilbg7/16e350e36f5328bd301a257515f4e3fd5b680305.php
/4cenvfizboennpdqih0avfwitbb3j4m4f4forilbg7/16e350e36f5328bd301a257515f4e3fd5b680305.php
/smx039rtaq99eh0guby5copi4ml698dyb0k3acwg0czni6vbzat75bt/4cenvfizboennpdqih0avfwitbb3j4m4f4forilbg7/
/smx039rtaq99eh0guby5copi4ml698dyb0k3acwg0czni6vbzat75bt/
/4cenvfizboennpdqih0avfwitbb3j4m4f4forilbg7/
/16e350e36f5328bd301a257515f4e3fd5b680305.php

# Reference: https://www.virustotal.com/gui/file/9c91b43d243ac9adfdabcf848069b08b9117c6380d4805729d06836fdc10a74c/detection

a0525835.xsph.ru
/oqk743prn86ycil1soeb99aqy0epzj6utcxrw30c23o86kif7gscmld/aih52uhn1u0prqmd5vckdleh246a8p2b9dq7o0k7htcq1w/30650a8f98a447ec28b175ffd31214d7d94eb991.php
/oqk743prn86ycil1soeb99aqy0epzj6utcxrw30c23o86kif7gscmld/aih52uhn1u0prqmd5vckdleh246a8p2b9dq7o0k7htcq1w/
/oqk743prn86ycil1soeb99aqy0epzj6utcxrw30c23o86kif7gscmld/
/aih52uhn1u0prqmd5vckdleh246a8p2b9dq7o0k7htcq1w/
/aih52uhn1u0prqmd5vckdleh246a8p2b9dq7o0k7htcq1w/30650a8f98a447ec28b175ffd31214d7d94eb991.php
/30650a8f98a447ec28b175ffd31214d7d94eb991.php

# Reference: https://twitter.com/K_N1kolenko/status/1377902418839678976
# Reference: https://twitter.com/K_N1kolenko/status/1377902531641237505
# Reference: https://twitter.com/James_inthe_box/status/1377967403611480070

http://195.54.33.24
/jsserverwindows.php

# Reference: https://www.virustotal.com/gui/file/29df0b984e959c856c2cc8d45dbd407301567d1f8deb962f350b8789f5a9a1f8/detection

cc50835.tmweb.ru
/pipebigloadbaseWindowstest.php

# Reference: https://www.virustotal.com/gui/file/89fa4b96824cff45d631aba001e6ea4873bdc50133149489453e1930f93061db/detection

ch30249.tmweb.ru
/CpulongpollAsync.php

# Reference: https://www.virustotal.com/gui/file/b353f0b1f05df11cd8d4a9d5e32b175bf52795d4571da48347c8d367767c7f2c/detection

cx55949.tmweb.ru
/linePipepacketmultilinux.php

# Reference: https://www.virustotal.com/gui/file/e2c0f6c339713ba63202f13e1f788997d87b4d8ce38cb6bb8f214bc92020b77d/detection

cm51492.tmweb.ru
/ProviderLongpoll.php

# Reference: https://www.virustotal.com/gui/file/e46a16ade0a00728c59210acdcd131a5bab46470d9acb07afb58917a1e287456/detection

ck02342.tmweb.ru
/JavascriptjsProcessorProtectFlower.php

# Reference: https://www.virustotal.com/gui/file/4b032a536e842694ebbf6152c16484e01dd3c786d028cd535bd75b74c2e1e75c/detection

ct53551.tmweb.ru
/php_updateLongpoll.php

# Reference: https://www.virustotal.com/gui/file/56739e49de52e250f4a3eca5675917fe3cda4d3c40903e7f9d2b79e18bec9999/detection

cg15251.tmweb.ru

# Reference: https://www.virustotal.com/gui/file/7055d783414b106fe0cf64d48298626a77800e0b8dcdc8eb861d63b72ae8f8fa/detection

cf09397.tmweb.ru
/multiDefaultFlower.php

# Reference: https://www.virustotal.com/gui/file/76878896e452310544b7935243156babb347549bf8f7c57dcd809d9d9cc7273c/detection

cu32668.tmweb.ru
/pipelowprocessmultiBase.php

# Reference: https://www.virustotal.com/gui/file/353e71b1f29f2a127d199fd7b936805a6181a1d81fb83b818b5628d1ab424e17/detection

ch08518.tmweb.ru

# Reference: https://www.virustotal.com/gui/file/32acd16ac1f0ceda43528df2401e91212338f58a16b0446e564174a9c840721c/detection

cq64286.tmweb.ru
/HttpcpuupdateauthApi.php

# Reference: https://www.virustotal.com/gui/file/20adaedcd00cb34d5ff9f6840a171bae738b7acdee4ab320724fcceb3218cda4/detection

cn25255.tmweb.ru
/AsentusEncoded.php

# Reference: https://www.virustotal.com/gui/file/4ed2b9056a1141a2d92ee8c0b5e4b94bd59a1d84784f5bffc487575f1f98b88e/detection

cr39615.tmweb.ru
/imagesecurePacket.php

# Reference: https://www.virustotal.com/gui/file/3d3326dd0a2dade47a2b5ad966fdebbd09fa15ff67ec18a8b8f8323ca481e70f/detection

dyeee.tmweb.ru
/longpollTraffic.php

# Reference: https://www.virustotal.com/gui/file/72362d62cf50c249dee90fa062a9a382572d67997da05608ef3f79a1292a43e1/detection

cf79984.tmweb.ru
/secureGeoauthflower.php

# Reference: https://www.virustotal.com/gui/file/544d2ce0cdc40c01dad1b0c0e8c6040d9252ff9c5edac8c73a212e8210c44473/detection

cq38242.tmweb.ru

# Reference: https://www.virustotal.com/gui/file/96aea8e31880f1a37353a47c962de1f59755abea5bb12a2abd62ae1bf694231c/detection
# Reference: https://www.virustotal.com/gui/file/edfbfcbb103f5b69bcf2a9b3cc6e01750744bdc84a882f929c3f9cefef42cecb/detection

cj09837.tmweb.ru
vh366.timeweb.ru

# Reference: https://www.virustotal.com/gui/file/bf6e3cf654738116a14be298176fc12524154ee51f9a2424fa117ee5b47be53a/detection

cw51552.tmweb.ru
/pythonlowupdateprotectdefault.php

# Reference: https://www.virustotal.com/gui/file/f0690112624bffc927f19e8cc0d8af4f46656a354212bc234e9cc3d1c33c4993/detection

sk1tzz.beget.tech
/kef8wewmagh6vs3rbm5jqhi29dkn7y96gp1ou9i7d4pw14c9rlc46uur3fvlzgjiehh/h7otaleclm238j1szeb/9753eb7181919647609843743199a5f58a01a37c.php
/kef8wewmagh6vs3rbm5jqhi29dkn7y96gp1ou9i7d4pw14c9rlc46uur3fvlzgjiehh/h7otaleclm238j1szeb/
/kef8wewmagh6vs3rbm5jqhi29dkn7y96gp1ou9i7d4pw14c9rlc46uur3fvlzgjiehh/
/h7otaleclm238j1szeb/
/h7otaleclm238j1szeb/9753eb7181919647609843743199a5f58a01a37c.php
/9753eb7181919647609843743199a5f58a01a37c.php

# Reference: https://www.virustotal.com/gui/file/fb3914e5fb9bbae88d31177071dd6465bc4ae46f05c71f3a72b086483d65e066/detection

http://135.181.235.118

# Reference: https://www.virustotal.com/gui/file/1a1971d70f3879a8fb9cb656c3afe487760454b1caf139cf2d3b87330f3e77ff/detection

datasines.ru
/vmasyncTrack.php

# Reference: https://www.virustotal.com/gui/file/1294a91cd45ed0dc87531245654e961b6aa1b399ca32a33048a04ab7993b16b7/detection
# Reference: https://www.joesandbox.com/analysis/444364?idtype=analysisid

http://185.246.65.192
/pythonsecurelowcpuGame.php

# Reference: https://www.virustotal.com/gui/file/3d49374f76096e055f31a9e83d0bdd15a349aa85041a9f827fef376011913d05/detection
# Reference: https://www.virustotal.com/gui/file/55c68474cc02e4834e61a80980679f364f3fb1d012e8aab3bb3bd254967e5514/detection

http://82.146.57.148
/tracedemosupportphp/demo/mobilegenerator/support/cpucamphp/prefprefmathcore/djangoplugin/searchercpuprefrecord/demohtopphptrace/limitdatalog/imageprocesslongpolltraffic.php

# Reference: https://www.virustotal.com/gui/file/a0f4c92db2cfda9c338306c1b12f71c15416196ed593f0aa28ca5add785d426a/detection
# Reference: https://www.virustotal.com/gui/file/fac11dc010c0a36ccacc3a5438af9bd5182b7b94be16d5758f78c6b89100dbf9/detection

u102494.test-handyhost.ru
/cf56ixqm4hmo9mco4un456azr94f7rsa6xkusidqjs2bg7lsvak1lbz1xl3xp0yq5p6eyykeju8rjzpzjw2a/f4gcpek23jbc0nadh6spye3fiujv9m6nyq2gwihz6ctth8d37hdajp/cf1d9bc56e0d85baf1d1e7e49e0db80d9b047230.php
/cf56ixqm4hmo9mco4un456azr94f7rsa6xkusidqjs2bg7lsvak1lbz1xl3xp0yq5p6eyykeju8rjzpzjw2a/
/f4gcpek23jbc0nadh6spye3fiujv9m6nyq2gwihz6ctth8d37hdajp/
/cf1d9bc56e0d85baf1d1e7e49e0db80d9b047230.php

# Reference: https://www.virustotal.com/gui/file/5ad69de9fdcb9ae92c756236de868bf963d04b6cad241d418c62f06e7332c13c/detection

http://82.146.42.205
/httptraffic.php

# Reference: https://www.virustotal.com/gui/file/ac5690010ad06525c90e0d604403e9169f2698d82f5a4e89d328343d59ead472/detection

bigwins.ddns.net
/ExternalphpPoll.php

# Reference: https://www.virustotal.com/gui/file/ca0c5b278fc4a2fd0d71019429789248453779143404ff909964807facba6b20/detection

http://212.109.199.108
/HttpBigloadsqllinux.php

# Reference: https://www.virustotal.com/gui/file/9c7cb7bc7443f2f35c6804ca5aca69df5b21327b96428c31cb1cea12b3b94d1e/detection

http://79.174.13.146
/linuxAsync.php

# Reference: https://www.virustotal.com/gui/file/679bec4906c57d7637bd04824f1d3fc26a75e4dac0aff833f9b86a3f0bdd7b24/detection

a0553951.xsph.ru
/apiBigloadDbtrack.php

# Reference: https://www.virustotal.com/gui/file/92b9803da13558ef311fe025ec74a0ada01b1c95b499985d51d4c4bd01f11129/detection

a0548637.xsph.ru
/javascript_geoserver.php

# Reference: https://www.virustotal.com/gui/file/8801faeab21ac37b1785a78c635cba75f914d2056f1b74ddefbcc1b17f836edc/detection

a0555497.xsph.ru
/eternalsecurelinux.php
/ImageProcessordb.php

# Reference: https://www.virustotal.com/gui/file/061fa38282c2f86c3a5e9e0c87e63c6d1e7e9404d3dd212b51515d254a2254ee/detection

cn36102.tmweb.ru
/o40ypy0hwwr6x7tycm55w6pgmkftd/r0m1j2e3zgfazhs6r8x2w603/4057ff4bb273cce3b7c60daac775421c5bf03a7e.php
/o40ypy0hwwr6x7tycm55w6pgmkftd/r0m1j2e3zgfazhs6r8x2w603/
/o40ypy0hwwr6x7tycm55w6pgmkftd/
/r0m1j2e3zgfazhs6r8x2w603/
/4057ff4bb273cce3b7c60daac775421c5bf03a7e.php
/r0m1j2e3zgfazhs6r8x2w603/4057ff4bb273cce3b7c60daac775421c5bf03a7e.php

# Reference: https://www.virustotal.com/gui/file/4cacca33e4823519cffa51e6d0f0226ef3b581024f57d8acc444427a636cb95e/detection

http://194.226.139.141
http://94.103.80.73
/Packetbasetraffic.php

# Reference: https://tria.ge/210731-v2zwybkdfs/behavioral1

http://94.250.248.166
/external_Packetupdatemulti.php

# Reference: https://www.virustotal.com/gui/file/e0dbdf3dbc3203ede5b14a38d80f53203d6c14cda083f81f498fdbe394cdbcf3/detection

cf99125.tmweb.ru
/providerSecureWindows.php

# Reference: https://www.virustotal.com/gui/file/60bd11a9eb239a95fa07a879822b4e4cc4b971f57971387c7c65542b48acb099/detection

cv53487.tmweb.ru
/defaultFlowerAsync.php

# Reference: https://blog.talosintelligence.com/2021/10/crimeware-targets-afghanistan-india.html
# Reference: https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/649/original/network_iocs_for_detection.txt

95.111.241.233:4563
95.111.241.233:8848
AbdaalRuhaani-27733.portmap.host

# Reference: https://www.virustotal.com/gui/file/012fa663e73b01b030d4283bd6d1d23250e47ab6180fe6d1c0efc289a45af710/detection

cq28540.tmweb.ru
/lineToGeomultidb.php

# Reference: https://www.virustotal.com/gui/file/dfb38282ee9f6bc18b4e9c6f0406e00dabc2fe57d76a4eec9722f9e0e7e07928/detection

bitrix386.timeweb.ru
cu85891.tmweb.ru

# Reference: https://www.virustotal.com/gui/file/6718c04021467956503e7c53e7a6597fad77eafe88b080442d4168ab1081f32c/detection

a0560022.xsph.ru

# Reference: https://www.virustotal.com/gui/file/6dfc2ded144d897f001f26e050a1abb54d661b9fd9e855199caf41246cd0649b/detection

a0480057.xsph.ru
/dg6kx49844do2wpbwfc5s75x1y7rj8ig0sqnfxn1w0wceftcj8ijcvlvlj3q42sd5eloze2u68aktlra/fmph5agvjxo/c69cd7ffb036451638f1c24db25a0515740d8125.php
/dg6kx49844do2wpbwfc5s75x1y7rj8ig0sqnfxn1w0wceftcj8ijcvlvlj3q42sd5eloze2u68aktlra/fmph5agvjxo/
/dg6kx49844do2wpbwfc5s75x1y7rj8ig0sqnfxn1w0wceftcj8ijcvlvlj3q42sd5eloze2u68aktlra/
/c69cd7ffb036451638f1c24db25a0515740d8125.php
/fmph5agvjxo/

# Reference: https://www.virustotal.com/gui/file/887f455ee655af59acf845a6f7eec88be53d3e39aff9f3b09cb8e89d9e2c3726/detection

a0524006.xsph.ru
/hepac3jv5bkh5ycvi0d1ewjacma0xgd/wn21g8tolwy8n63qki92hcu82wxutf5dgq239jfp6ghb3008r5/34fa085d5cd7e6f47a1a85493422af8a14f97a19.php
/hepac3jv5bkh5ycvi0d1ewjacma0xgd/wn21g8tolwy8n63qki92hcu82wxutf5dgq239jfp6ghb3008r5/
/hepac3jv5bkh5ycvi0d1ewjacma0xgd/
/wn21g8tolwy8n63qki92hcu82wxutf5dgq239jfp6ghb3008r5/
/34fa085d5cd7e6f47a1a85493422af8a14f97a19.php

# Reference: https://www.virustotal.com/gui/file/90256b8d51135779431b9a7d02944d79e0c8b7f6a00ba19a5d08d4e252f39964/detection

a0549308.xsph.ru
/providerlongpollasync.php

# Reference: https://www.virustotal.com/gui/file/a01d51b821fc25d9909c74771287e7782cf607a69c01e29037860e1e32399a0b/detection

a0600399.xsph.ru

# Reference: https://www.virustotal.com/gui/file/c6cabb4109dca04a0d3493c4dd00861f5dc727606e5fe9120d2fd3ebadbb476c/detection
# Reference: https://www.virustotal.com/gui/file/ced32aa25118e81a5b12ad187f9372239eb440327f96f5c28a6ca7dd483b38a7/detection

a0454147.xsph.ru
/bdytbxyzt28mr240noe4rrg093adguvi02oc6/
/srxotvy8z6jic7vy7ah4oudisalxsdmkwfksgbennps3g6fd4u1zh26ojvzw3xucp4pz275y39bj89k8intmkl11/
/0226cf1a5d9ff16d620618544626a30aadc83dc5.php

# Reference: https://www.virustotal.com/gui/file/752a2b36c51e70a340394df673dba33a6e4731629b1e624f9246030d80fa3003/detection

a0429276.xsph.ru
/3t5v7d7pegualb068qsj0nmxfghl0fuoh418iz6cinatqfor4v9akdq37rx9ycwvyee8ubs4swlgiac585m0/
/pdzkcqf0x4dyr2f2vlaf7e4rmrh72yr1bm6mhyue2zim1j4z0u6/
/a30a7e8d446e07feb3edd0a0387878b922679121.php

# Reference: https://www.virustotal.com/gui/file/dacce09fd5829213606cef3f45d5bc43d4522183e54422eb4a5c7a404c69a6c2/detection

rodik2020m.temp.swtest.ru

# Reference: https://www.virustotal.com/gui/file/44f3eb01406921d5605933abce49e5fe04cfe6a73f3fcb7380dc99765043ea2a/detection

cheff2019m.temp.swtest.ru

# Reference: https://www.virustotal.com/gui/file/cacd507c94ebe53ab72ec0ca9352069e09f8b8dcfba64abd2054f227ad16e0b2/detection

testedpo11.temp.swtest.ru

# Reference: https://www.virustotal.com/gui/file/4bf6ec0d9ab95d7d7d4e1e7453a83ed731c9188fbe6d007834025f00791cdcb9/detection

jlauka2018.temp.swtest.ru

# Reference: https://www.virustotal.com/gui/file/41dcb2cb400c656826db00e368c5ddc4d254d69d5d9ab0cd6a63fd68bba2fb5f/detection

a0439723.xsph.ru

# Reference: https://www.virustotal.com/gui/file/b9024622a0e5c982db8b533e6c3a736d65d5c02bf01b4ff15d3fd770f4632443/detection

a0439698.xsph.ru

# Reference: https://www.virustotal.com/gui/file/e6af686fbb16722033095116708e650d4dc8094069d2047291e7fb374cc5edc1/detection

a0438890.xsph.ru

# Reference: https://www.virustotal.com/gui/file/b1ce6bb28fac9c93b1eec761dfcabcc7f37ea3ef8ef9fd388f42cb41ba2d8dc0/detection

a0439294.xsph.ru

# Reference: https://www.virustotal.com/gui/file/02a8462c5578ac09bd2c6657167a5103b0e91ad759b05f6d63e415b47cbcdcfb/detection

a0440066.xsph.ru

# Reference: https://www.virustotal.com/gui/file/9f66780f03e00ce6852d2bbb9ae2496b875871ae3cf8fd2a578596431ac3346f/detection

a0523644.xsph.ru
/c29bwyj1xuov8fe73uqhp09la6kkaphj7gm/x9ahvg1kp8jvucilm9rwee4ich/8e4fcd4fc1806a68c3bd06d79ba1b48b1ebe08b1.php
/c29bwyj1xuov8fe73uqhp09la6kkaphj7gm/x9ahvg1kp8jvucilm9rwee4ich/
/c29bwyj1xuov8fe73uqhp09la6kkaphj7gm/
/x9ahvg1kp8jvucilm9rwee4ich/
/8e4fcd4fc1806a68c3bd06d79ba1b48b1ebe08b1.php

# Reference: https://www.virustotal.com/gui/file/c8db435b9a380579b7ccf477a0030f6d8d143ff32df9148f6ed82407c5f86813/detection

a0530848.xsph.ru
/imageLinepipeGame.php

# Reference: https://www.virustotal.com/gui/file/da2d2ccffac5d4877096cb5b787e10ac0817b5a56c3ff67f640ec80d47dfd258/detection

a0550213.xsph.ru
/Vmpacketbigload.php

# Reference: https://www.virustotal.com/gui/file/8a55211db06abc570a3f0e6bc612d42a67f1face07d82a65cdcbac9a56c64923/detection

a0552459.xsph.ru
/CpuApisqltrack.php

# Reference: https://www.virustotal.com/gui/file/6c231312fac958bb547368ae896a4e763d97d176eee5223f365c81ce3ffc3211/detection

a0550354.xsph.ru
/PollGeoprocessdefaultflower.php

# Reference: https://www.virustotal.com/gui/file/17cb5a4dec6b16c87fa481f4d2e1cea4ed3c24a790dae776ba83fa5320f98ee2/detection

a0615946.xsph.ru

# Reference: https://www.virustotal.com/gui/file/34e8a3b9532e5475b8c62a21f836682bbe1e2479089bcc2a0b6646e66362d573/detection

cb81657.tmweb.ru
/pipeHttpAuthbasewordpress.php

# Reference: https://www.virustotal.com/gui/file/5e40c4e18338a01645611f11f2caeb4eb5353bda96175f96c20526e16a5d3e14/detection

cy50210.tmweb.ru
/VideoVmJavascriptCentralTemporary.php

# Reference: https://www.virustotal.com/gui/file/5e4f320e663b58088d396ca3c9a32bfcf3ef0fb0f26d21f70e3f4e0ef9c6a5a5/detection

cu44809.tmweb.ru

# Reference: https://www.virustotal.com/gui/file/a8b815767cc06b4e4c73c0ffaa73eda2d9bef6ba1da8fc62950c6b7b1343c160/detection

http://80.78.240.210
/imageVideoupdateauthApi.php

# Reference: https://www.virustotal.com/gui/file/7700b39073a305e9b3ae9e64e36dc507ff13caf82e3f0b8a812e76bbfabfc36d/detection
# Reference: https://www.virustotal.com/gui/file/064e47140735631b988516748b833330b5c0844d6016b1c3d80c83c5c326cba2/detection

http://92.63.106.112
/JavascriptauthMultibase.php
/javascriptdefaultbase.php

# Reference: https://threatfox.abuse.ch/ioc/315762/

http://176.126.103.126
/pythonjavascriptprotectFlowerDatalife.php

# Reference: https://www.virustotal.com/gui/file/a1a4171c888bb45ba62753af9d69469a6eba3d9bffdc8ea46b6f37c61faa0c86/detection

bigrussianfloppa.duckdns.org
/externalbaseGeneratorTempdownloads.php

# Reference: https://www.virustotal.com/gui/file/00603531bcf1c4db7431140d656e57a43887fe1103bbac67c91141804084f50e/detection

allakorovi.temp.swtest.ru
/Vm_processasync.php

# Reference: https://www.virustotal.com/gui/file/5f615615c250fe6757004187cc0a1de547fbbb0fb922ea7d11838da7d98593be/detection

15.235.13.122:3000

# Reference: https://tria.ge/220209-d5xwlshba2/behavioral2

http://37.46.135.124

# Reference: https://tria.ge/220130-13xt6abccq/behavioral2

http://62.109.2.159

# Reference: https://tria.ge/220125-f2kszshddn/behavioral2

http://37.46.130.225

# Reference: https://tria.ge/220120-qjy8rsabdk/behavioral2

http://149.154.70.169

# Reference: https://www.virustotal.com/gui/file/f441ea0832309aa62b60882b28fbd5f4685fd75c0c188a1e4668237c5d0b30b9/detection
# Reference: https://www.virustotal.com/gui/file/0e748d0654f213eb61a27174cf40a102b38d241185d49cb348cde07350b85c50/detection

154.16.248.110:8848
154.16.248.223:8848
172.83.152.101:8848
23.237.25.128:8848
23.237.25.226:8848
23.237.25.232:8848
79.101.204.213:8848
zerocool888.duckdns.org

# Reference: https://www.virustotal.com/gui/file/d3d8c9bca1efbecedaa23e64e662214517926d481cc59edebc60145aabbf7730/detection

http://192.236.192.143

# Reference: https://www.virustotal.com/gui/file/0be0e32f4f1dfcd37a3afdb938d27345cd42a3512fbe1ae0b1c209dbe060bf12/detection

51.81.142.111:7979
pearvh.ddns.net

# Reference: https://www.virustotal.com/gui/file/0e8c253c11e409898c0c547c9fe47c6aa4441726061d8df6f7de32e7b6eb3f78/detection

cf47501.tmweb.ru

# Reference: https://www.virustotal.com/gui/file/ad2ef315d1e12b4f973eb23529f6c332fe67db210b59b588d6f1636003b240c1/detection

cd86823.tmweb.ru
/VmPythonserverTrafficdle.php

# Reference: https://www.virustotal.com/gui/file/ff7db454e5873e61727042bb37d5359ef5c8e4e5510fced6f4e21c9f442c7c14/detection

cy70433.tmweb.ru

# Reference: https://www.virustotal.com/gui/file/8f831441d0959368d3ee7d27441fc1156d77e3bc0ea443760e98b8c54c068178/detection

cr85089.tmweb.ru
/imageBigloadDefaultDleLocal.php

# Reference: https://www.virustotal.com/gui/file/aa255b75541e4e8163684cacedde6741f32e2622a0f6876a11caa4c9edb60c98/detection
# Reference: https://www.virustotal.com/gui/file/3aa22c46f786e2718696a5916e7f494d16ac51f51aa5c7d36439642fc93bdbe9/detection

197.210.227.5:3428
197.210.55.176:3428
frank.ddnsking.com

# Reference: https://www.virustotal.com/gui/file/ff3139e35eec5df931d732988e7a6b5612bb9f965ebb38708e4edbf1bebe2280/detection

a0613874.xsph.ru
/externaleternalApiTemporary.php

# Reference: https://www.virustotal.com/gui/file/fa682ed24f520200484355c5fc07427103d1c53a6db60f96d059855bc1ccef7c/detection

a0653333.xsph.ru
/ExternalJavascriptProcessTraffic.php

# Reference: https://www.virustotal.com/gui/file/f7dcbcdc69dc9091b4a243e43cbb020f45e3ec177bc8a375c61ec98615bf402f/detection

a0643628.xsph.ru

# Reference: https://www.virustotal.com/gui/file/ebcb5ce8775baac48a3211fc6a665b92ba5025cb9f37512ece0ca8fd28a70707/detection

a0643626.xsph.ru
/ToSqllinux.php

# Reference: https://www.virustotal.com/gui/file/ded5891b6f8f7dffa6ca268fb1c686c1f2017af2473cada96c99401baa8c1c32/detection

a0613505.xsph.ru
/requestGeoProtectflower.php

# Reference: https://www.virustotal.com/gui/file/dc11ec7791f71753d03cb63ed0c9ced53cb2e250a5413ccd8ec9ed609e2780ae/detection

a0604955.xsph.ru
/imageBaseTemptemporary.php

# Reference: https://www.virustotal.com/gui/file/d8f25d4e26a04cbfb40a44650503e944c2a628ae255bbf7aa3e3a6ed38a16bb2/detection

a0636388.xsph.ru
/processauthDleTemporary.php

# Reference: https://www.virustotal.com/gui/file/d67c934f491416949ea2f884dd92e1df963842b782883e7d2fcd3722e40b3051/detection

a0615272.xsph.ru

# Reference: https://www.virustotal.com/gui/file/d0ae81400fd405312a1f6e59846d9f494abc72f8075e592b4e63f227b2178ba4/detection

a0605075.xsph.ru

# Reference: https://www.virustotal.com/gui/file/d078590e47634128542985f434513e843c967b9097c6581c31b6c2bf704296f6/detection

a0640235.xsph.ru
/multiBasegeneratorPublicprivate.php

# Reference: https://www.virustotal.com/gui/file/12e6398f73e2b6945d16b3d64ae0d905b06be81e208ebc37f47001fe6186352b/detection

cv67410.tmweb.ru
/45cztqral1d4n7tbl6l58ivvuctd6v05rfncjtl9y17hdjefk/h72y35q4jeb9tmr8r3us68aomn9p4eix2hh5vyp5eumkciwn4udxkkw0v3q8k/f597d04c819c3ce4e2ce6278ae7bb73632e22455.php
/45cztqral1d4n7tbl6l58ivvuctd6v05rfncjtl9y17hdjefk/
/h72y35q4jeb9tmr8r3us68aomn9p4eix2hh5vyp5eumkciwn4udxkkw0v3q8k/
/f597d04c819c3ce4e2ce6278ae7bb73632e22455.php

# Reference: https://www.virustotal.com/gui/file/fd54ce3addfbcd79126599cb8b8cb9b140dd9defde04058f16b633a004f8c5d5/detection

ci40763.tmweb.ru
/ek5o644jb1mblccz2keb7qypfo3oxnx8hvfs8crzzd02ek2jsmufgr4i9p3xuq6qhwr2838co7ihehmtn0m9u/wyxtdmxpgxg94nxdieqsmok7p68lo0mj7w5tlbwe1rvhf80drwl4nvhriip2vtf656jpbuzapzyi1gerejz3h5r/fdbccf8d3c2e2a0b76ff89809ce571594dcdcb70.php
/ek5o644jb1mblccz2keb7qypfo3oxnx8hvfs8crzzd02ek2jsmufgr4i9p3xuq6qhwr2838co7ihehmtn0m9u/wyxtdmxpgxg94nxdieqsmok7p68lo0mj7w5tlbwe1rvhf80drwl4nvhriip2vtf656jpbuzapzyi1gerejz3h5r/fdbccf8d3c2e2a0b76ff89809ce571594dcdcb70.php
/ek5o644jb1mblccz2keb7qypfo3oxnx8hvfs8crzzd02ek2jsmufgr4i9p3xuq6qhwr2838co7ihehmtn0m9u/
/wyxtdmxpgxg94nxdieqsmok7p68lo0mj7w5tlbwe1rvhf80drwl4nvhriip2vtf656jpbuzapzyi1gerejz3h5r/
/fdbccf8d3c2e2a0b76ff89809ce571594dcdcb70.php

# Reference: https://www.virustotal.com/gui/file/f55a233ea31b463466defa5d5b3941699e76835a48d94ff8430a7ade30dbeddf/detection

193.161.193.99:59618
daddycitrix-59618.portmap.io

# Reference: https://blogs.blackberry.com/en/2022/05/dirty-deeds-done-dirt-cheap-russian-rat-offers-backdoor-bargains
# Reference: https://www.virustotal.com/gui/file/ae97918f7e22be53b7eb9778c11dec8d873989a2b798617a60b2d448fac5dc89/detection

co44089.tmweb.ru
/9rsk8lug9peq4f23cjhyo3fz2q7j81vhnvil6c6tjdc7adzbia1ki04d9p65b5wfe4ronb0rtm/4vsyc5bajheyp1gt5i63igklh15828uwuwsek0x0p9frsqy1l2boc3l936aratwc7jddw2djzm40u83r6f/d9475980a348412b6a890000bd9ece3a022be2e8.php
/9rsk8lug9peq4f23cjhyo3fz2q7j81vhnvil6c6tjdc7adzbia1ki04d9p65b5wfe4ronb0rtm/
/9rsk8lug9peq4f23cjhyo3fz2q7j81vhnvil6c6tjdc7adzbia1ki04d9p65b5wfe4ronb0rtm/4vsyc5bajheyp1gt5i63igklh15828uwuwsek0x0p9frsqy1l2boc3l936aratwc7jddw2djzm40u83r6f/
/4vsyc5bajheyp1gt5i63igklh15828uwuwsek0x0p9frsqy1l2boc3l936aratwc7jddw2djzm40u83r6f/d9475980a348412b6a890000bd9ece3a022be2e8.php
/4vsyc5bajheyp1gt5i63igklh15828uwuwsek0x0p9frsqy1l2boc3l936aratwc7jddw2djzm40u83r6f/
/d9475980a348412b6a890000bd9ece3a022be2e8.php

# Reference: https://www.virustotal.com/gui/file/00dca02ce6a738439634bf9794859f7fbb40e9e62e6701743e32c786f8269f23/detection

a0504029.xsph.ru
/adao541rcdh52c1u906nlakpjbwh21p47fejgvlrbka4w7vuut63sm9/10jrzpo8v95hjxexofgi2kabmhbwb9xlgu27uwlplsenpz6bccts2nq2424gmtv3ykp74/694e9a452a200fae5d4a04b05733dbdbac6fef75.php
/adao541rcdh52c1u906nlakpjbwh21p47fejgvlrbka4w7vuut63sm9/10jrzpo8v95hjxexofgi2kabmhbwb9xlgu27uwlplsenpz6bccts2nq2424gmtv3ykp74/
/10jrzpo8v95hjxexofgi2kabmhbwb9xlgu27uwlplsenpz6bccts2nq2424gmtv3ykp74/694e9a452a200fae5d4a04b05733dbdbac6fef75.php
/10jrzpo8v95hjxexofgi2kabmhbwb9xlgu27uwlplsenpz6bccts2nq2424gmtv3ykp74/
/adao541rcdh52c1u906nlakpjbwh21p47fejgvlrbka4w7vuut63sm9/
/694e9a452a200fae5d4a04b05733dbdbac6fef75.php

# Reference: https://www.virustotal.com/gui/file/0193945a5e4c654ae765e311a7bb0a5c1344ec3d5e7cf57f81620c6186d21841/detection

a0635613.xsph.ru
/SqlwindowsUniversalcdntemporary.php

# Reference: https://www.virustotal.com/gui/file/fd949b25fcc548aac88535151d8f8ad7302307c56357d90d0aa1a01fc55c7956/detection

a0501990.xsph.ru
/1jajffbp8t6k71fa9icrwylrgp4udpd7z62oz7bgp87x9finxn/ke0ide6s5hf7zokwe/e776f8f27539e2705547b02779c1b90b8b204984.php
/1jajffbp8t6k71fa9icrwylrgp4udpd7z62oz7bgp87x9finxn/ke0ide6s5hf7zokwe/
/ke0ide6s5hf7zokwe/e776f8f27539e2705547b02779c1b90b8b204984.php
/1jajffbp8t6k71fa9icrwylrgp4udpd7z62oz7bgp87x9finxn/
/ke0ide6s5hf7zokwe/
/e776f8f27539e2705547b02779c1b90b8b204984.php

# Reference: https://www.virustotal.com/gui/file/fc75f0331334f23072247d9eb4746e0c692b4bd724c6dc0bbf9f3093bb87105f/detection

/f6sct0q3lp/f7btjg0za5k069v46cxllp8vh93bw8wc23y5l2ue3tergt0us4qzq2bi5w1gb0lpn4/49832f0846f8d279cad20b836d78b599e2c668da.php
/f6sct0q3lp/f7btjg0za5k069v46cxllp8vh93bw8wc23y5l2ue3tergt0us4qzq2bi5w1gb0lpn4/
/f7btjg0za5k069v46cxllp8vh93bw8wc23y5l2ue3tergt0us4qzq2bi5w1gb0lpn4/49832f0846f8d279cad20b836d78b599e2c668da.php
/f6sct0q3lp/
/f7btjg0za5k069v46cxllp8vh93bw8wc23y5l2ue3tergt0us4qzq2bi5w1gb0lpn4/
/49832f0846f8d279cad20b836d78b599e2c668da.php

# Reference: https://www.virustotal.com/gui/file/f638a72eec11f20c56d6863b048f8f2d1a69cbb43512486454b48d0598a915d0/detection

a0620849.xsph.ru
/To_requestsqlgenerator.php

# Reference: https://www.virustotal.com/gui/file/f3910b4183705723698873055e2b8808ea4066ab9cbe0a65e65aed6f8027c287/detection

a0547090.xsph.ru

# Reference: https://www.virustotal.com/gui/file/f2a111bdc9a0fcff64c138c71e88cce5a2af06fdb323d6837d2449f377eb6b1b/detection

a0511040.xsph.ru
/ukntk5p5n3tkgyaa0kbzjqix6j82bc537oszjacooeung0v0f792fgoylh8zy3acp4r15j8p4i4e1vlusgl3pe/ia0g7rcp5ce07fq5shkvr462bvc8mwltmotn501xr65whdvcoq9tbslfwo1g7onfqye81qwi/b7594eb1766c3f4c49239eb927b936bfae118dc4.php
/ukntk5p5n3tkgyaa0kbzjqix6j82bc537oszjacooeung0v0f792fgoylh8zy3acp4r15j8p4i4e1vlusgl3pe/ia0g7rcp5ce07fq5shkvr462bvc8mwltmotn501xr65whdvcoq9tbslfwo1g7onfqye81qwi/
/ia0g7rcp5ce07fq5shkvr462bvc8mwltmotn501xr65whdvcoq9tbslfwo1g7onfqye81qwi/b7594eb1766c3f4c49239eb927b936bfae118dc4.php
/ia0g7rcp5ce07fq5shkvr462bvc8mwltmotn501xr65whdvcoq9tbslfwo1g7onfqye81qwi/
/ukntk5p5n3tkgyaa0kbzjqix6j82bc537oszjacooeung0v0f792fgoylh8zy3acp4r15j8p4i4e1vlusgl3pe/
/b7594eb1766c3f4c49239eb927b936bfae118dc4.php

# Reference: https://www.virustotal.com/gui/file/ea6fc1630a4ed56abe7d83529ce0c1ae122c11bde401048871d0513510e50f8e/detection

a0547138.xsph.ru

# Reference: https://www.virustotal.com/gui/file/e851b030549e4e022b46ec88fdec6a8aaf4ff41184332be8ac4cfeb8d4c7ec17/detection

a0506233.xsph.ru
/xjq3mmrkeov8cn4ydhcd/j4h220yu1ohi57exxz4dhsa3t7znjumbe5nmvw3rdgwga/80dc5955c8bef80ffc6828492786eb8ca61f8997.php
/xjq3mmrkeov8cn4ydhcd/j4h220yu1ohi57exxz4dhsa3t7znjumbe5nmvw3rdgwga/
/j4h220yu1ohi57exxz4dhsa3t7znjumbe5nmvw3rdgwga/80dc5955c8bef80ffc6828492786eb8ca61f8997.php
/j4h220yu1ohi57exxz4dhsa3t7znjumbe5nmvw3rdgwga/
/xjq3mmrkeov8cn4ydhcd/
/80dc5955c8bef80ffc6828492786eb8ca61f8997.php

# Reference: https://www.virustotal.com/gui/file/e7589f12f5f6bd06cb353809cae963730aaac1829327474793f0c8028a5d6548/detection

a0499458.xsph.ru
/mjcstx05nas5guqmw74orf9aue1eqvlexi469bpjprkg30ezp8boa0hg2u29w3tdifq6more/sd9fzlf0mzptv876giu43a8o8c6n7ygq8jz19ext452cyyaren36whfix1jpug46ki5s/3853f5654eb40f9911242115ee8218fff8de6ae8.php
/mjcstx05nas5guqmw74orf9aue1eqvlexi469bpjprkg30ezp8boa0hg2u29w3tdifq6more/sd9fzlf0mzptv876giu43a8o8c6n7ygq8jz19ext452cyyaren36whfix1jpug46ki5s/
/sd9fzlf0mzptv876giu43a8o8c6n7ygq8jz19ext452cyyaren36whfix1jpug46ki5s/3853f5654eb40f9911242115ee8218fff8de6ae8.php
/mjcstx05nas5guqmw74orf9aue1eqvlexi469bpjprkg30ezp8boa0hg2u29w3tdifq6more/
/sd9fzlf0mzptv876giu43a8o8c6n7ygq8jz19ext452cyyaren36whfix1jpug46ki5s/
/3853f5654eb40f9911242115ee8218fff8de6ae8.php

# Reference: https://www.virustotal.com/gui/file/e34ac32e1ed63dbac5f1ea54b05aa670339db0ddd786ae4fd3c484c22091d86b/detection

a0512913.xsph.ru
/s81o2tn5p605rt71m6u3jghhb0b03qsa44oddlsjaytzt4paz2pq7a7oj7biqe39/528mdec649upg6f2ra5ytesid3dvl9nh45b4pwlanpm7biqaaqrvqxgx0gtug31n7bt9e4ml77f3w6/1942c9b90273e2f2fa8a022e10535d3d226e3d07.php
/s81o2tn5p605rt71m6u3jghhb0b03qsa44oddlsjaytzt4paz2pq7a7oj7biqe39/528mdec649upg6f2ra5ytesid3dvl9nh45b4pwlanpm7biqaaqrvqxgx0gtug31n7bt9e4ml77f3w6/
/528mdec649upg6f2ra5ytesid3dvl9nh45b4pwlanpm7biqaaqrvqxgx0gtug31n7bt9e4ml77f3w6/1942c9b90273e2f2fa8a022e10535d3d226e3d07.php
/528mdec649upg6f2ra5ytesid3dvl9nh45b4pwlanpm7biqaaqrvqxgx0gtug31n7bt9e4ml77f3w6/
/s81o2tn5p605rt71m6u3jghhb0b03qsa44oddlsjaytzt4paz2pq7a7oj7biqe39/
/1942c9b90273e2f2fa8a022e10535d3d226e3d07.php

# Reference: https://www.virustotal.com/gui/file/dd6a597309522bf6cd51cdbbf7a17a3148f2b1367ea87aa5b54a4cda76d12e24/detection

a0509262.xsph.ru
/hb1gymx2f7szz1rahc7jn5x4fu943e0k4te0y/36fll0sqbzxn79ia7wdc/1db7cb52a48c5e4b186a7ab240d346d4d5c54eda.php
/hb1gymx2f7szz1rahc7jn5x4fu943e0k4te0y/36fll0sqbzxn79ia7wdc/
/36fll0sqbzxn79ia7wdc/1db7cb52a48c5e4b186a7ab240d346d4d5c54eda.php
/36fll0sqbzxn79ia7wdc/
/hb1gymx2f7szz1rahc7jn5x4fu943e0k4te0y/
/1db7cb52a48c5e4b186a7ab240d346d4d5c54eda.php

# Reference: https://www.virustotal.com/gui/file/d98b8c3e36db621aea1b70e30290c8df7ed5f16585285c8af3e83bac6121ed44/detection

a0636042.xsph.ru

# Reference: https://www.virustotal.com/gui/file/d720cd83354d772ed43d388ca6117257b4e77c74550f9140a8311fc564c8c0ad/detection

a0636235.xsph.ru

# Reference: https://www.virustotal.com/gui/file/d4a3c8464081d0f33ddc2d954f35f678c9da896f1ea14a5ca5c21e3fab34635e/detection

a0607571.xsph.ru
/javascriptsecureauthGameuniversal.php

# Reference: https://www.virustotal.com/gui/file/d379acd0508f62cd1074da129c2a1d6478fae5c10ae0de05005b05e268ae779e/detection

a0512176.xsph.ru
/47hcq7zohwim1npp2lf3x16dq4ue/yyiq8nqjfxjxl7r7ttgodhimeln9wp55alx9ujrvikb2ba33w/8be8b684d4f6852a286a4b2b0ae48476765c4d4e.php
/47hcq7zohwim1npp2lf3x16dq4ue/yyiq8nqjfxjxl7r7ttgodhimeln9wp55alx9ujrvikb2ba33w/
/yyiq8nqjfxjxl7r7ttgodhimeln9wp55alx9ujrvikb2ba33w/8be8b684d4f6852a286a4b2b0ae48476765c4d4e.php
/47hcq7zohwim1npp2lf3x16dq4ue/
/yyiq8nqjfxjxl7r7ttgodhimeln9wp55alx9ujrvikb2ba33w/
/8be8b684d4f6852a286a4b2b0ae48476765c4d4e.php

# Reference: https://www.virustotal.com/gui/file/cd22545cd8815721dd36621d53c0a759a9a7db32e9709b9810cddfe320f54bce/detection

a0505523.xsph.ru
/rxrz942aiuu4l8pz911zftk80r96wapccjubcecid2dnukfb1l7vkft3vyy07gao6txs5v5dxil5/olvsy92ekms4xtegh8ut2uaglv9sx3c80fng5kdqe8jn6itjnc18qlnjuiw31zro2xao327x46c5w34/3444644e44c1647371bd5dfb1f4c154e2628a7d9.php
/rxrz942aiuu4l8pz911zftk80r96wapccjubcecid2dnukfb1l7vkft3vyy07gao6txs5v5dxil5/olvsy92ekms4xtegh8ut2uaglv9sx3c80fng5kdqe8jn6itjnc18qlnjuiw31zro2xao327x46c5w34/
/olvsy92ekms4xtegh8ut2uaglv9sx3c80fng5kdqe8jn6itjnc18qlnjuiw31zro2xao327x46c5w34/3444644e44c1647371bd5dfb1f4c154e2628a7d9.php
/olvsy92ekms4xtegh8ut2uaglv9sx3c80fng5kdqe8jn6itjnc18qlnjuiw31zro2xao327x46c5w34/
/rxrz942aiuu4l8pz911zftk80r96wapccjubcecid2dnukfb1l7vkft3vyy07gao6txs5v5dxil5/
/3444644e44c1647371bd5dfb1f4c154e2628a7d9.php

# Reference: https://www.virustotal.com/gui/file/c9799f909a0bf09ef5fab57929cd0de349aad34c2456e8dd076a878921427a43/detection

a0502373.xsph.ru
/95d8wtybliyy4c6xga0vs1uzc9/qrle8kye8zrfk7b4iz7m25gyxpioon3nz23wm32t26zcds0ve6szgcemt2a9fsbp5n85s6avj3bwvc1amj5guh47d/1689e55ee8d0b7689e40485576d1d8903252a398.php
/95d8wtybliyy4c6xga0vs1uzc9/qrle8kye8zrfk7b4iz7m25gyxpioon3nz23wm32t26zcds0ve6szgcemt2a9fsbp5n85s6avj3bwvc1amj5guh47d/
/qrle8kye8zrfk7b4iz7m25gyxpioon3nz23wm32t26zcds0ve6szgcemt2a9fsbp5n85s6avj3bwvc1amj5guh47d/1689e55ee8d0b7689e40485576d1d8903252a398.php
/95d8wtybliyy4c6xga0vs1uzc9/
/qrle8kye8zrfk7b4iz7m25gyxpioon3nz23wm32t26zcds0ve6szgcemt2a9fsbp5n85s6avj3bwvc1amj5guh47d/
/1689e55ee8d0b7689e40485576d1d8903252a398.php

# Reference: https://www.virustotal.com/gui/file/c010d0c7128593451922c1513c9b4afa3453e3c9f73e3eb164689cdaf246b372/detection

a0615320.xsph.ru
/EternalGeneratorwordpressprivate.php

# Reference: https://www.virustotal.com/gui/file/c00bda11c896a535e69e122d9727f19346bf75bc601e4f599abba928c94a5c1b/detection

a0509427.xsph.ru
/0mqeh34ok06sgd36e5t/dp6mhcfn80s3jnls9hhje7q9i74e8fnotkr5zkg9354fbqj57xyjbkrd9god5mm68/f32ab53a4e9a006cb78f5151fe42a10eb173f34b.php
/0mqeh34ok06sgd36e5t/dp6mhcfn80s3jnls9hhje7q9i74e8fnotkr5zkg9354fbqj57xyjbkrd9god5mm68/
/dp6mhcfn80s3jnls9hhje7q9i74e8fnotkr5zkg9354fbqj57xyjbkrd9god5mm68/f32ab53a4e9a006cb78f5151fe42a10eb173f34b.php
/0mqeh34ok06sgd36e5t/
/dp6mhcfn80s3jnls9hhje7q9i74e8fnotkr5zkg9354fbqj57xyjbkrd9god5mm68/
/f32ab53a4e9a006cb78f5151fe42a10eb173f34b.php

# Reference: https://www.virustotal.com/gui/file/b76d4d55a77e60335c601937e5640e9340d81958c0fe3d7589200437114ee289/detection

a0530235.xsph.ru

# Reference: https://www.virustotal.com/gui/file/b6e5eb6c4977b9d2fc3450f329df3d278520113b7f4971957e3fe6d298087fec/detection

a0507655.xsph.ru
/tgm1bkvusaettq/25ke48f4rznl2/e911ccbf80878043841ae566261d6d088e7b9f76.php
/tgm1bkvusaettq/25ke48f4rznl2/
/25ke48f4rznl2/e911ccbf80878043841ae566261d6d088e7b9f76.php
/25ke48f4rznl2/
/tgm1bkvusaettq/
/e911ccbf80878043841ae566261d6d088e7b9f76.php

# Reference: https://www.virustotal.com/gui/file/0058b8d9c8c1158938c5cb6bb8812d745720df7d930f922ff62503ec64c016f9/detection

f0489337.xsph.ru
/4co6nkvlyzq7nnxoghatiyygje7dvtis5i4rkcil1/daqvp0s8mjwvvt95z7311j2qc3po9qsxe0eyhf6ryaktqute8248i1f5ru822hjnjt4zbkivjakrr40tl/fc8ba6c59d8743c977012be26c9b31afc585846a.php
/4co6nkvlyzq7nnxoghatiyygje7dvtis5i4rkcil1/daqvp0s8mjwvvt95z7311j2qc3po9qsxe0eyhf6ryaktqute8248i1f5ru822hjnjt4zbkivjakrr40tl/
/daqvp0s8mjwvvt95z7311j2qc3po9qsxe0eyhf6ryaktqute8248i1f5ru822hjnjt4zbkivjakrr40tl/fc8ba6c59d8743c977012be26c9b31afc585846a.php
/4co6nkvlyzq7nnxoghatiyygje7dvtis5i4rkcil1/
/daqvp0s8mjwvvt95z7311j2qc3po9qsxe0eyhf6ryaktqute8248i1f5ru822hjnjt4zbkivjakrr40tl/
/fc8ba6c59d8743c977012be26c9b31afc585846a.php

# Reference: https://www.virustotal.com/gui/file/819a6e842b7837d2b08acaf4fe967fbe5773d508ac7942edcd78813138184c77/detection

http://149.154.70.81
/zb71wvnuncm5g37hb4doz0gkhfy6rxo1fscb6u9uudo2yp6rp9q0vsj28/3lc4qki7n2954yke05xqzvlfp48v59novo4fg88h4fzmtfwa8cbkrmxji1hbo9smr6l7ppgle/5a2194a364aeae82c34648c9543e8ee7725f5bb5.php
/zb71wvnuncm5g37hb4doz0gkhfy6rxo1fscb6u9uudo2yp6rp9q0vsj28/3lc4qki7n2954yke05xqzvlfp48v59novo4fg88h4fzmtfwa8cbkrmxji1hbo9smr6l7ppgle/
/3lc4qki7n2954yke05xqzvlfp48v59novo4fg88h4fzmtfwa8cbkrmxji1hbo9smr6l7ppgle/5a2194a364aeae82c34648c9543e8ee7725f5bb5.php
/3lc4qki7n2954yke05xqzvlfp48v59novo4fg88h4fzmtfwa8cbkrmxji1hbo9smr6l7ppgle/
/zb71wvnuncm5g37hb4doz0gkhfy6rxo1fscb6u9uudo2yp6rp9q0vsj28/
/5a2194a364aeae82c34648c9543e8ee7725f5bb5.php

# Reference: https://www.virustotal.com/gui/file/003ffe92e0586bdfc75e35fce3d959a2be1f1003a6f60591ffe671fa7bad632a/detection

cg38346.tmweb.ru
/06qd02/4k4fu7wdr8yn18sfc4imxod979kt3jmtzad4vrpbz5vvul5wpom/65c42b42653fba838f215c3150f7a59527ad3b3c.php
/4k4fu7wdr8yn18sfc4imxod979kt3jmtzad4vrpbz5vvul5wpom/65c42b42653fba838f215c3150f7a59527ad3b3c.php
/4k4fu7wdr8yn18sfc4imxod979kt3jmtzad4vrpbz5vvul5wpom/
/65c42b42653fba838f215c3150f7a59527ad3b3c.php

# Reference: https://www.virustotal.com/gui/file/0a66fab23fc185a17155e98e68315898fbab45bf6a5120d40734f1d0e17ed0bf/detection

ct51793.tmweb.ru
/vmpolllowprotect.php

# Reference: https://tria.ge/220513-1c14wsbhb8/behavioral1
# Reference: https://tria.ge/220513-epmldaccb8/behavioral1

http://31.148.99.171

# Reference: https://www.virustotal.com/gui/file/eed1a9f0ec43c5ae892d3405db010421f0961d53a0728c5f298d45baa31f9e92/detection

a0679997.xsph.ru

# Reference: https://www.virustotal.com/gui/file/6db9070ee1d70e0d24eee9794c461f7bc8be994f7fe7ad721ade2fe3b09bde42/detection

a0662376.xsph.ru
/providersecureApiLinux.php

# Reference: https://www.virustotal.com/gui/file/73583b83b0864479a0731f3d7aa8986f20415ce961774b13029ada8b778790ac/detection

154.12.230.109:8848

# Reference: https://www.virustotal.com/gui/file/06ad34aa4dc9bdef0a3bc023060110d6f879774411ed397caf07f00d5d6f2a4f/detection

a0684770.xsph.ru

# Reference: https://cert.gov.ua/article/405538 (# Ukrainian, UAC-0113)
# Reference: https://www.virustotal.com/gui/file/2b2438aa8da7c23e714f2d7a196d82ed52914c9353ef9fded01448216bd858ff/detection

plexbd.net/MSCommondll.exe
plexbd.net/MSCommonDriver.exe
datagroup.ddns.net
/PythonHttpGeolongpolldefault.php

# Reference: https://www.fortinet.com/blog/threat-research/ukraine-targeted-by-dark-crystal-rat

star-cz.ddns.net

# Reference: https://www.virustotal.com/gui/file/0007015ce9090fc52712bc0148a974c643fc570b56d8d78765a6fbde9953639d/detection

hyuihyuihyuihyuihyuihyuihyuihyuihyuihyuihyu.site

# Reference: https://www.virustotal.com/gui/file/b64e011891245dfd504c35145c073ab37a7298ca12ba7c0b40190f83bfba5566/detection

http://149.154.70.91
/phprequestApiuniversalpublic.php

# Reference: https://www.virustotal.com/gui/file/1f97e20f092479de14e6ecc4debcbc835528a0de8d75c5f2ac36d9c24d08555b/detection

http://149.154.70.79

# Reference: https://www.virustotal.com/gui/file/1e1ddbd0db9aeff25d220aaa65a1118c38b90e6ad3d268fd4b47ec898bf3d17a/detection

http://87.236.146.23
/Temp5To/HttpPollUniversalgame/sql/02Httpcdn/httpLinux.php

# Reference: https://www.virustotal.com/gui/file/ced36829a9dcff10487b26b9c931c399f4dba93ae3a226c0174426ee02b0c8f9/behavior/VirusTotal%20Jujubox

http://185.46.10.74
/Vm_Servercentral.php

# Reference: https://github.com/ti-research-io/ti/blob/main/ioc_extender/ET_DCRat_Related.json

bomber.dcrat.ru

# Reference: https://www.virustotal.com/gui/file/ba532af8694c6cb7ed64a3967366e9356082f1038e7983f7829ad94f55bb0cf6/detection
# Reference: https://www.virustotal.com/gui/file/f5e5848f11cb330a78ae2c4177ba72a229a7298894061436abcf5bec3c70b752/detection

a0698769.xsph.ru

# Reference: https://www.virustotal.com/gui/file/00671603a647502a53d1fea47406952e22d1de35151f6f3aa187e209da5f1793/detection

a0546152.xsph.ru
/lowUpdategameflower.php

# Reference: https://www.virustotal.com/gui/file/180bdaa12e54e3cc55aec3b80ef124626b997145c520125e96ed750c0a815857/detection

clmonth.nyashteam.ml
1002.clmonth.nyashteam.ml
1006.clmonth.nyashteam.ml
1007.clmonth.nyashteam.ml
1008.clmonth.nyashteam.ml
1648.clmonth.nyashteam.ml
2069.clmonth.nyashteam.ml
2255.clmonth.nyashteam.ml
23457.clmonth.nyashteam.ml
2765.clmonth.nyashteam.ml
28958.clmonth.nyashteam.ml
2945.clmonth.nyashteam.ml
3587.clmonth.nyashteam.ml
3598.clmonth.nyashteam.ml
5422.clmonth.nyashteam.ml
5687.clmonth.nyashteam.ml
61633.clmonth.nyashteam.ml
7485.clmonth.nyashteam.ml
7539.clmonth.nyashteam.ml
7865.clmonth.nyashteam.ml
7885.clmonth.nyashteam.ml
7935.clmonth.nyashteam.ml
9076.clmonth.nyashteam.ml

# Reference: https://www.virustotal.com/gui/file/9fd9b29ea8b6c727dcf1853272ce5b8e4a18ed109e38b0c4857a601e41f81b13/detection

eternity.fbkw.ru
/supersecret/getlatestversionnnncnnnnnnnnnnnnnnnnnnnnannnnnnnnnnnnnnnnnnnnnnnnannnaaa.php
/secretet/vZGOpKmEUkU7BDMvGUZ97QNikJvrOmXSGsjWZ8g0kbT4Nv.php
/getlatestversionnnncnnnnnnnnnnnnnnnnnnnnannnnnnnnnnnnnnnnnnnnnnnnannnaaa.php
/vZGOpKmEUkU7BDMvGUZ97QNikJvrOmXSGsjWZ8g0kbT4Nv.php

# Reference: https://twitter.com/MBThreatIntel/status/1556683337258782720
# Reference: https://www.virustotal.com/gui/file/c90bd7b3e642eba0ab5a1153dde46a1c01131a773956f54801c7380ba037e6b6/detection

sublimetext.me
h925402f.beget.tech
/ServerDefaultBasedatalifedownloads.php

# Reference: https://www.virustotal.com/gui/file/0fd56384d2b39661d2a81b16bd5aa72ae4deb023dda532796acc94516fc1b9de/detection
# Reference: https://app.any.run/tasks/ccecbcd8-f578-40c7-be8a-8bf59e751e0e/

a0682132.xsph.ru
narzieo9.beget.tech
/SecurebaseTraffic.php
/updateapidbCentral.php

# Reference: https://www.virustotal.com/gui/file/03d2ea4dd1ce66403b7977dfdf6fc2a9708425fee1d9b4792ac465578788c61d/detection

a0521453.xsph.ru
/voir02dspjj3azy9xnvqpidhtx1ih6ymcnf7qk7nbjm3gg4lrqpukwjr8twctg5rt297dx6eg5/p7v8ksbrt61jpbbemgmk6wzh6n/c62e14ab2c403943c7e5f1f40282c9a92a2d1d0c.php
/voir02dspjj3azy9xnvqpidhtx1ih6ymcnf7qk7nbjm3gg4lrqpukwjr8twctg5rt297dx6eg5/
/p7v8ksbrt61jpbbemgmk6wzh6n/c62e14ab2c403943c7e5f1f40282c9a92a2d1d0c.php
/p7v8ksbrt61jpbbemgmk6wzh6n/
/c62e14ab2c403943c7e5f1f40282c9a92a2d1d0c.php

# Reference: https://www.virustotal.com/gui/file/21cb6213795cabdcb33cd3102017a9e2a4ad31395976edf02311423ad0f622af/detection

a0703775.xsph.ru

# Reference: https://www.virustotal.com/gui/file/09342b36eeaad27a94f1fd6817bf161cf1c9194709ce8fe869afccd4239f4db3/detection

a0554670.xsph.ru
/PacketgamemultiFlowerTraffic.php

# Reference: https://www.virustotal.com/gui/file/005cc836619526899f69218adb2a46f51f4847d8b43c36a7821c3c9a1abc1110/detection

http://86.110.212.29

# Reference: https://www.virustotal.com/gui/file/2aebe64ad1d7e84b2111b0571276c760eeabd6b641c89c09ba2d9ef95cd883c8/detection

a0710769.xsph.ru
/externalCdntemporary.php

# Reference: https://www.virustotal.com/gui/file/03d0857d5817b72bd95ebb768b41c8d0bd819ad041289ff378dbac621bee2597/detection

asdfadawdawd.ru
/externalauthdbwpPrivate.php

# Reference: https://www.virustotal.com/gui/file/07dd506c59ad8f994f52611247eed8275201d0acb24c1341e33ffd75cceaac85/detection

a0521182.xsph.ru
/ac80iuazteg5lj5e610udcmw3t2xlqrf8oy0pi2/iryj0onjpw3m3xchqsi9zi5k1ghin9p6tk41ers9ejlkmbg60vbhj4hkxlr/kor3vehmv2ztwnlzxsqpgzp8p6haj3coqm6qd54clt61n9fuohygfwmixdi/d96da147ddc7c66170035f82a42d9c2f.php
/ac80iuazteg5lj5e610udcmw3t2xlqrf8oy0pi2/iryj0onjpw3m3xchqsi9zi5k1ghin9p6tk41ers9ejlkmbg60vbhj4hkxlr/kor3vehmv2ztwnlzxsqpgzp8p6haj3coqm6qd54clt61n9fuohygfwmixdi/
/ac80iuazteg5lj5e610udcmw3t2xlqrf8oy0pi2/iryj0onjpw3m3xchqsi9zi5k1ghin9p6tk41ers9ejlkmbg60vbhj4hkxlr/
/iryj0onjpw3m3xchqsi9zi5k1ghin9p6tk41ers9ejlkmbg60vbhj4hkxlr/kor3vehmv2ztwnlzxsqpgzp8p6haj3coqm6qd54clt61n9fuohygfwmixdi/
/ac80iuazteg5lj5e610udcmw3t2xlqrf8oy0pi2/
/iryj0onjpw3m3xchqsi9zi5k1ghin9p6tk41ers9ejlkmbg60vbhj4hkxlr/
/kor3vehmv2ztwnlzxsqpgzp8p6haj3coqm6qd54clt61n9fuohygfwmixdi/
/d96da147ddc7c66170035f82a42d9c2f.php

# Reference: https://www.virustotal.com/gui/file/3c167c067abc30c62d2d74e7409d65cc84ae051a868ce55ee0a1f4de0a3059fb/detection

cw85895.tmweb.ru

# Reference: https://www.virustotal.com/gui/file/000f3f7a71b10f42d32371c5dff7b974300a45fa35f9a7d8024a4ec4fcabab41/detection

a0709015.xsph.ru
/pollFlowerAsyncwordpress.php

# Reference: https://www.virustotal.com/gui/file/00775bf2d98db532ca754489e9f262bbead5f19e6a5b2114e9f3fc989e70dde9/detection

a0706820.xsph.ru

# Reference: https://www.virustotal.com/gui/file/035e94c3897695d24524b01e141f8c904034e15bf0d6492d8005b81d8c1e1424/detection

asos.bar
/bigloadMultiBase.php

# Reference: https://www.virustotal.com/gui/file/2a833361299f6bd61506cf3ac29e25fa960467657cc92f23a6d36bd65a4aabd5/detection

a0685116.xsph.ru

# Reference: https://www.virustotal.com/gui/file/d4d8519fb5cb89f65a29db531034be71cb4c41188c512e01eb48c0ff9e9175f7/detection

a0715881.xsph.ru

# Reference: https://www.virustotal.com/gui/file/7aa907117d7dc41bcf159506536af6d2b76f2ac49adbacbb9748ac09917310ef/detection

a0715314.xsph.ru

# Reference: https://twitter.com/MisterCh0c/status/1123890895605194752
# Reference: https://app.any.run/tasks/39dc7c95-2f60-4a0f-b962-5abb688817ba

darkcrystalrat29.000webhostapp.com
uproxies.myarena.ru

# Reference: https://www.virustotal.com/gui/file/b88b12d7dc8c791383f11a7f2083b0f16d353c6e47615b10bc533c36ef893e96/detection

mamont1337.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/b4d86cc2a6d1417ab614fd759cadbdd03750511cda2cd4d063b92b1daae6cffe/detection

pwnova.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/0f1611211d77702a6f7dd5f1110afdf85bd3d6d2d0d2f569fe2a4962acec2de8/detection

payloads-poison.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/3f17bcfc62559226df10d47eb9769b32c7c2ef5ad44889f0c253e1fcc5d68dea/detection

zorgehnajamn.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/ef486eaf9407e020a911c8795e334b6be98cf84386ac3eeaa25488c975b47227/detection

ponchikgribov.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/c0741e25484d3ed9ab786a852564500602186b59638397ffbe37eab9182a7512/detection

holohololo.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/561f3702f2bc11607012f82894475da814052c925d7d2afd242a95dc5f5a7363/detection

mabuch.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/ebb67c781269d75cc4aa1c5aacdc4ab1289a603dc5532ccc2fb7dbbed284d786/detection

0x01f1.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/bbde4f9a20c30515c9c163709e7fb670d296e087f486278a3017fdaeea282114/detection

supercraftalex.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/0783ad7db9e4f015a8c4a2100da925c43e9197996463f03194519aa8a70d6328/detection

silentscanner.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/de622b50da9fad14bee683c2d46ffa167a453d8cd0d31f7a86d72d2cf5de8b13/detection

thedonserver2.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/a69604b7a62ff5eab64e011fbe653d83b0d7e854633528aedb98a27a300e9cdb/detection

vanityss0.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/fa76b811f2ea98f5c356bac7d2c27cca58c7db23729307fed74650c7ee95075f/detection

allopathic-trays.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/6ad0fb9af26cd895584d71f89186754ab9263c6034126f8ae2be9a85a8ea3482/detection

fritroser.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/9c370e4919315bd7b718e4ccdf605f2332ab672b53209c12dfdd22ebd5bf63b6/detection

cuberdragon.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/7bb559915ee54376af490aec3354df9d024f4c80878eb5c976caf98aff430d7e/detection

spikerr.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/50d8c57679ebf98a325f0cca86309fbd757964accd8e694cc31553c792551c5b/detection

hkmksmsjn.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/fcf3dd30c43dbd3fb8db46ffbd90aa898f821acd5f77c79b0f22da4ef824010e/detection

eliseyhaise1488.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/1c7fbedcbbe92c3c00c58d75ed8f02ddc79ce3af209f68305758a785200b09a9/detection

nosky777.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/f0bd98484d599b26d067ae42c5baf4cacf88170d397b5bf805c3cb8fb558aaa2/detection

zorgehnajamn.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/eb94e806bfd7e5e3aa1a5aee781150cc7e1e83af22a6c0194c6138673a006fb0/detection

jssh.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/92e6d7a6e8e9bdf59d8c92f54ef8f076b04ea31d62e20e83add00d70f53f0373/detection

superacute-barrier.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/d1f9e8d2c091a5ec29a0420ed3a2002209689799ec7babcf1e1ff81775234d53/detection

filesfloader.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/d4a47a202068cf51c8b10381cbdd414f24af4a7c7562b97472540d7a02646d09/detection

diversionary-turbul.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/f3261eab08f0316d237bb474734674acd4a8eeb183331ce689d1cee57de94218/detection

hkmksmsjn.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/873baf17585637276230e7c7b358321ac0e7f9c1e64878b708a030104836e7d6/detection

rat21212121.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/769609d8870d14efe8688affabf153dd287dd7ca97ea81b921704bab1752c150/detection

nikotsu.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/f8eda3c1be8522ab6afd7e8f259ec592292b7940a7f9ee189ecdd5b9ccee2eb9/detection

labscreenshare.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/c3309c40ed05075598d9a44d06be2a5eea0c25ce11e2741e5e1e5239b0f0259e/detection

kasumeauth.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/a8d4bfcf4a966ac593f31cf8fe82b8f133034066859acb8bb54fc19577b35d14/detection

denotable-guide.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/aff3a5987ebd22e6bab2845e8b5f033149d9f6fd38c1c19f63a9b666a78cda84/detection

wolfgt.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/7def4faac6dca29bd03a5b4bcd3e5ead02fdb6318a0b308f88d9cc16065c729c/detection

ratfunpay.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/5ce86179014d6b741a6be05600151c2cf7f6140dc4115e05e3f2261484e677c1/detection

testforpurp.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/b8850467013fa029a51489ee66554fd70296690713a07d80eef978f8871ae8e4/detection

telenor-location-setup.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/47b664ab4e3913721c25763104d534a2585a9f3464b20d5a0b3604b877543ece/detection

hutech123.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/71a5ced54a8792c354b729bbbdd97a132ee32acc332e7cc2136d5fd158bd0dca/detection

dcrettting.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/6fb1b51833dd0eea891ea931b2b4d54835f5b19791b4065babea5538c4d982a6/detection

masha1488.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/1ea8e7c9a99f93222159b00b3713de60ab6364a93a62b18fc24f572922edef86/detection

asbfbzvfhsebh.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/04f0cbef22ec452eb8024aabe693157d03a1d6ff488600b541483d11895eba90/detection

asdasd1010.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/46667d51bd5a6cf6bb93ea291a95ac66fe65459f17d001c40b9a2978bb0fe1ca/detection

mrbigg.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/282cb1832225f49f62850ea57f5227dfadf7a118a609d7ea1488cae8c1029990/detection

mrbiggg.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/ab8f00944d1323c75dedce595036a16765ada233648e247afc30bc76e7ec1914/detection

zorgehnajamn.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/49d323809906bf0326d5cd2e721c301672dfb9e5832bb7470d3693b6cc7c973d/detection

organner.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/7d13019882ad60fc65881d607360a8b1441cb6dde43d1f92e120940f791701d7/detection

kiwihook228.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/f0c5303a8a8713f4c73f9b04debfde6387a37fb0fdab0fd3dba68b4ac9388181/detection

kdwahjdklawhflahywfilyhaw.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/0012c370f4fe5384a99e4041530a76f14518ebf1fa79e2569eae21044f25ca74/detection

moralfag228.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/32d69753f2cfdf76427e497f6798fd10fff58c0b6bfdb3fda5eaf510b1890511/detection

matvey2207api.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/1689209fe6dab791b4d7eedee0ac05cd1119328b9217ae1f2b48f66a6b7f1ef4/detection

icursos.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/8ff34b12b7a065fcb4b75e55b4ca06cfc5b40aa51afa763e881f522a534ade7b/detection

huongtra899.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/e1f53c1783e59c5a3ea7d28ceac7c74b2eb81ac850a74c1e90bd82a0314024f2/detection

frogmezserver.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/37d8371c4d5db0701605f647dda2482ae2c0383793544caaa6ac218d630e8cb4/detection

diyspecial.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/d7c16df73304c6d7c166200b0e5bf8cc0cf0701d3f49539e95efd4078a12fd44/detection

wannatalk.000webhostapp.com

# Reference: https://twitter.com/James_inthe_box/status/1435345484139286530
# Reference: https://app.any.run/tasks/46d1eb68-c229-4263-bf3f-207dbcd5d896/

http://178.250.158.47

# Reference: https://twitter.com/James_inthe_box/status/1448751827046985746
# Reference: https://app.any.run/tasks/66fad0a4-789c-4d09-bb1c-12f9ff2bb92e/

http://82.146.34.178

# Reference: https://www.virustotal.com/gui/file/4b4a3839ecf1b4103a231af600a029d5b315cedd359ec3bdfaf61bb243ae7297/detection

7539.clmonth.nyashteam.ru

# Reference: https://www.virustotal.com/gui/file/02177431b0825bf9f3d7c7d887c82494a3d1fd89f3e24d9128f126dd56f06a73/detection

95892.clmonth.nyashteam.ru

# Reference: https://www.virustotal.com/gui/file/e50d7c1551535c94387091a653d18f5ecc26b6a15c04392523fde82df61f310c/detection

f0531789.xsph.ru

# Reference: https://twitter.com/WhichbufferArda/status/1581332837814636545
# Reference: https://www.virustotal.com/gui/file/72a3dffc4708d9e9eedffd81cc26ca19df813db423e848bbaf092540d9e36eab/detection

bayraktar.fun

# Reference: https://twitter.com/pmelson/status/1585699881905451008
# Reference: https://www.virustotal.com/gui/file/49a59c92e9c1876828015fa1985132058e1ac023a196c2942ebef409789bb356/detection

141.255.147.241:8973

# Reference: https://twitter.com/tosscoinwitcher/status/1586061272197476352
# Reference: https://www.virustotal.com/gui/file/005ca7fcb95236a3ae86e744c9d9b41ad97e74205ca5c2151e60abd4676fbd66/detection

http://188.120.244.159
/lineCentralTo0/Voiddb0Request8/7centralPrivate/
/Request1/0/universalDefaulthttp/
/Request9Multi6/ApigeotempProtect/GeneratorLineServer/
/Request9Multi6/
/Voiddb0Request8/

# Reference: https://www.virustotal.com/gui/file/02dd2d41ea02bee1d7a6505fa299cacb41024a6c6a1b2eb9e43597bc1b5854b1/detection

a0724321.xsph.ru
/PythonprotectLinuxAsync.php

# Reference: https://www.virustotal.com/gui/file/041bd486fefe872019f748d66a7d5dee4b097d4b222c320ce94f89133b6860a6/detection

http://194.58.98.53
/ExternalRequestpollsqlasync.php

# Reference: https://www.virustotal.com/gui/file/053f31bae67a9d04b92b11e54981618f7da49b9d4b77344babaebd7773fc76b1/detection

a0571604.xsph.ru
/imageApiDefaultflower.php

# Reference: https://www.virustotal.com/gui/file/0051ad484af03c603e1c10dd3b70f700faee7d46e86fe3467ed393bf18249a7b/detection

malenkybabejon.xyz

# Reference: https://www.virustotal.com/gui/file/08b2434fa33b35c428fb85e938fed0d6d715b5e46806bbe2d130ebb0ed2df614/detection

http://13.90.128.253

# Reference: https://www.virustotal.com/gui/file/ae3b4897a288a41ec73e1a6b94ce89b982a35e4ee754208e035877ed27ad17a8/detection

103.151.123.121:8890
toff7857.duckdns.org

# Reference: https://www.virustotal.com/gui/file/a6f9c3a7f821cad5b2095915c015fce09729cb2f4637c1ee002dd8f3ec951a81/detection

103.151.123.121:8895
moneyinthemaking33.duckdns.org

# Reference: https://www.virustotal.com/gui/file/1e01bacfc305cac510024cfd91980e72f7f162f3feb017637d43b013195e13ee/detection

dthaurs.duckdns.org
gdbsty.duckdns.org
makingthomas9.duckdns.org
medelinemellinger.duckdns.org
morningb006.duckdns.org

# Reference: https://www.virustotal.com/gui/file/05c5855645215f25843fb116d4ad622331599e6823c1ac08e26b3ec016462c00/detection

a0642773.xsph.ru
/processoruniversalpublic.php

# Reference: https://www.virustotal.com/gui/file/0fb1da58743a6a21376c4d513e4e8dd39e176719b9f89551c94a88e21b58922d/detection

a0654793.xsph.ru
/trafficdatalifewpdlepublic.php

# Reference: https://www.virustotal.com/gui/file/d4b5239cf81c54d406e6f208359145d7ea1fb429a3a245e2c805161d761737de/detection

a0740712.xsph.ru

# Reference: https://www.virustotal.com/gui/file/04d48912fee541a1dcec802ac9065a91cfb75114fdea1edd43b8a4a9d538299d/detection

193.149.3.239:1938
liteshare.co
one.liteshare.co

# Reference: https://www.virustotal.com/gui/file/0000ad0538e40f2c6a61df90552b1603a05556a620dd5e09d07c0d4cf6b329d2/detection

a0741693.xsph.ru

# Reference: https://www.virustotal.com/gui/file/23fda5b36c96f2c2e7e5ae8a0ba46eee0b898fa97c95b522bef284134b78e21b/detection

a0751745.xsph.ru

# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-12-29-IOCs-for-malware-from-fake-Adobe-Reader-page.txt
# Reference: https://www.joesandbox.com/analysis/775734?idtype=analysisid
# Reference: https://www.virustotal.com/gui/file/37082f0b757d6c249b870c29872a9bf8e38e344150735d9b6d2a64364b18b226/detection

78.47.195.75:4448
78.47.195.75:4449
adobereaders.co
bravebrowsers.cc
system-checki.com

# Reference: https://twitter.com/suyog41/status/1612421819646226432
# Reference: https://www.virustotal.com/gui/file/aa7329f9d3c9b4c1620182c9697b905ce03819a6b538d8c5e70142a6aad4e712/detection

http://149.154.68.247
/PollProcessvoiddb/Cpu5js/lowserverflowerCdn.php
/PollProcessvoiddb/Cpu5js/
/PollProcessvoiddb/
/lowserverflowerCdn.php

# Reference: https://www.virustotal.com/gui/file/2f2d38c73fd78cfbb16fe47b098400197de6021d58038fdc49679a4b756463e3/detection

18.228.115.60:11104
18.229.146.63:11104
18.229.248.167:11104
18.229.94.15:11104
18.231.93.153:11104
52.67.169.190:11104
52.67.76.246:11104
54.94.248.37:11104

# Reference: https://www.virustotal.com/gui/file/4a8ccf53b785ab0ee93db39aaa6d656c19a7705d5a38f298a6bc5fa8250995f3/detection

http://135.181.83.211
/cpugamedefaultsqlDatalife.php

# Reference: https://www.virustotal.com/gui/file/b2d97d507306f7abbed7ca882340f456a17cdf176488faa8f8e0741019300d78/detection

http://212.113.106.79

# Reference: https://twitter.com/ScumBots/status/1621223797071175682
# Reference: https://www.virustotal.com/gui/file/4f23c0742d9a19732acdcc777b4168366d4762b7f9fa553d1dbc62b68378cc97/detection

20.197.196.201:7749
intrudernomercy.duckdns.org

# Reference: https://www.virustotal.com/gui/file/6cff73a9a97ff3955d44e35310ccec01847143a9e70678f685840d7c8ad25971/detection

ca22859.tw1.ru
/ProcessorauthTestLocal.php

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/

http://109.107.189.197
http://109.172.44.182
http://109.248.42.13
http://121.40.81.65
http://130.255.170.91
http://135.181.106.220
http://135.181.164.113
http://135.181.99.197
http://136.243.179.74
http://141.94.188.141
http://142.132.182.134
http://145.239.27.225
http://146.19.207.252
http://146.19.207.58
http://146.19.233.133
http://146.19.24.118
http://147.182.195.133
http://148.251.242.103
http://149.154.64.5
http://149.154.65.218
http://149.154.66.74
http://149.154.67.30
http://149.154.68.117
http://149.154.69.71
http://149.154.70.15
http://149.154.71.242
http://151.248.117.210
http://151.248.121.68
http://159.65.31.64
http://162.55.170.203
http://162.55.33.151
http://164.92.181.85
http://165.22.23.36
http://167.235.28.213
http://167.235.57.39
http://167.88.170.23
http://172.104.4.99
http://172.245.10.88
http://176.113.82.46
http://176.124.200.25
http://176.124.201.32
http://176.126.103.159
http://176.126.103.211
http://176.126.103.47
http://176.31.32.199
http://176.57.69.97
http://176.99.12.128
http://178.154.196.48
http://178.20.47.110
http://178.250.156.239
http://178.250.156.30
http://178.250.157.127
http://178.250.157.16
http://178.250.158.26
http://178.250.158.55
http://178.250.159.150
http://178.250.159.206
http://178.250.159.50
http://178.250.247.22
http://179.43.175.120
http://185.103.254.119
http://185.104.248.184
http://185.106.92.40
http://185.112.83.126
http://185.112.83.48
http://185.12.126.186
http://185.143.220.212
http://185.146.156.142
http://185.146.156.144
http://185.156.72.35
http://185.16.38.98
http://185.16.39.123
http://185.174.136.169
http://185.174.136.187
http://185.189.12.109
http://185.189.13.15
http://185.197.75.85
http://185.204.0.144
http://185.206.214.155
http://185.213.211.238
http://185.219.40.39
http://185.224.135.74
http://185.229.66.123
http://185.233.38.221
http://185.233.80.179
http://185.235.218.66
http://185.241.61.111
http://185.246.65.133
http://185.246.65.20
http://185.246.65.77
http://185.246.65.81
http://185.246.66.170
http://185.246.67.84
http://185.251.90.27
http://185.43.4.142
http://185.43.4.223
http://185.43.4.27
http://185.43.4.31
http://185.43.5.151
http://185.43.5.62
http://185.43.5.75
http://185.43.6.111
http://185.43.6.68
http://185.43.7.221
http://185.46.10.199
http://185.5.248.148
http://185.51.246.172
http://185.60.134.186
http://185.92.149.245
http://188.120.224.116
http://188.120.224.97
http://188.120.225.216
http://188.120.225.47
http://188.120.226.13
http://188.120.228.186
http://188.120.229.72
http://188.120.231.113
http://188.120.231.63
http://188.120.233.209
http://188.120.235.7
http://188.120.236.137
http://188.120.237.72
http://188.120.240.211
http://188.120.241.206
http://188.120.243.11
http://188.120.244.227
http://188.120.244.38
http://188.120.246.154
http://188.120.246.49
http://188.120.248.214
http://188.120.253.98
http://188.120.254.194
http://188.120.254.81
http://188.225.72.109
http://188.93.233.120
http://192.95.55.233
http://193.106.191.180
http://193.108.113.28
http://193.109.78.76
http://193.124.22.2
http://193.124.22.3
http://193.188.23.169
http://193.233.48.42
http://193.233.49.76
http://194.147.90.111
http://194.163.190.76
http://194.190.152.128
http://194.190.153.34
http://194.226.121.128
http://194.226.121.164
http://194.226.121.83
http://194.26.229.18
http://194.26.229.23
http://194.26.229.54
http://194.26.229.65
http://194.36.177.74
http://194.36.177.98
http://194.40.243.101
http://194.5.78.193
http://194.61.52.49
http://194.67.110.48
http://194.67.111.145
http://194.67.119.11
http://194.67.67.104
http://194.67.67.43
http://194.67.74.169
http://194.67.87.32
http://194.67.92.230
http://194.67.92.38
http://194.87.186.10
http://194.87.199.77
http://194.87.214.216
http://194.87.216.2
http://194.87.216.73
http://194.87.218.122
http://194.87.219.243
http://194.87.232.197
http://194.87.237.68
http://194.87.31.20
http://194.87.62.41
http://194.87.82.229
http://195.133.1.180
http://195.133.1.65
http://195.133.75.174
http://195.133.75.213
http://195.133.75.27
http://195.133.88.26
http://195.140.146.115
http://195.140.147.188
http://195.3.223.215
http://195.3.223.218
http://195.3.223.79
http://2.56.59.225
http://2.57.186.38
http://20.113.82.15
http://20.26.196.182
http://207.148.109.186
http://209.209.113.33
http://212.109.192.100
http://212.109.195.180
http://212.109.198.236
http://212.113.116.24
http://212.162.153.128
http://212.192.14.24
http://213.159.214.231
http://217.114.43.68
http://217.25.95.234
http://217.28.221.151
http://217.28.223.117
http://23.137.249.17
http://23.227.193.58
http://3.122.113.204
http://3.123.129.109
http://3.249.182.164
http://31.129.22.12
http://31.172.66.22
http://31.184.249.5
http://31.24.87.18
http://31.24.87.49
http://31.42.177.7
http://37.143.12.118
http://37.143.9.37
http://37.220.86.127
http://37.220.87.84
http://37.228.93.151
http://37.230.112.51
http://37.230.113.176
http://37.230.113.20
http://37.230.113.43
http://37.230.113.82
http://37.230.116.166
http://37.230.117.59
http://37.252.1.137
http://37.46.130.13
http://37.46.130.214
http://37.46.131.62
http://37.46.133.171
http://37.46.134.156
http://38.242.133.44
http://38.242.207.140
http://45.124.115.20
http://45.128.234.216
http://45.132.1.186
http://45.137.65.70
http://45.140.147.119
http://45.141.100.241
http://45.141.76.106
http://45.141.79.87
http://45.142.122.12
http://45.142.36.241
http://45.144.2.118
http://45.15.157.11
http://45.153.186.205
http://45.153.229.94
http://45.156.84.108
http://45.63.74.55
http://45.8.158.146
http://45.81.227.27
http://45.82.13.18
http://45.83.122.110
http://45.83.194.100
http://45.83.194.102
http://45.86.229.156
http://45.93.200.140
http://46.148.114.84
http://46.151.30.40
http://46.175.145.60
http://46.175.150.73
http://46.3.197.42
http://46.3.197.86
http://46.3.199.118
http://46.3.199.52
http://46.30.45.25
http://47.254.235.229
http://47.96.64.30
http://5.101.44.217
http://5.63.154.100
http://5.63.159.147
http://51.161.64.200
http://51.210.69.65
http://51.250.37.171
http://51.250.8.242
http://51.38.92.34
http://51.91.193.177
http://62.109.0.205
http://62.109.1.128
http://62.109.1.226
http://62.109.10.87
http://62.109.12.97
http://62.109.13.12
http://62.109.15.235
http://62.109.16.69
http://62.109.17.127
http://62.109.2.209
http://62.109.2.36
http://62.109.20.14
http://62.109.21.205
http://62.109.23.37
http://62.109.25.235
http://62.109.26.135
http://62.109.27.119
http://62.109.27.237
http://62.109.28.158
http://62.109.28.7
http://62.109.30.213
http://62.109.30.9
http://62.109.31.158
http://62.109.31.200
http://62.109.31.35
http://62.109.4.67
http://62.109.5.198
http://62.109.5.68
http://62.109.5.72
http://62.109.8.21
http://62.109.8.37
http://62.109.9.201
http://62.113.110.142
http://62.113.118.176
http://62.113.96.135
http://62.217.176.20
http://62.84.97.90
http://64.225.102.136
http://65.109.63.235
http://65.21.251.86
http://77.246.158.136
http://77.246.158.191
http://77.246.158.205
http://77.55.208.121
http://77.73.131.144
http://77.73.131.194
http://77.73.133.58
http://77.73.133.75
http://77.91.124.246
http://77.91.68.78
http://77.91.77.179
http://78.24.216.186
http://78.24.218.129
http://78.24.219.249
http://78.24.220.207
http://78.24.220.74
http://78.24.221.170
http://78.24.222.67
http://78.24.222.9
http://78.24.223.39
http://78.24.223.53
http://79.110.52.107
http://79.124.56.6
http://79.137.196.92
http://79.137.202.179
http://79.174.12.172
http://79.174.12.29
http://79.174.13.54
http://80.66.64.164
http://80.66.79.39
http://80.66.79.5
http://80.66.79.51
http://80.78.241.48
http://80.78.247.142
http://80.78.251.115
http://80.85.142.179
http://80.87.192.227
http://80.87.192.58
http://80.87.194.58
http://80.87.194.76
http://80.87.196.100
http://80.87.196.254
http://80.87.197.225
http://80.87.198.211
http://80.87.198.76
http://80.87.199.172
http://80.87.199.19
http://80.87.200.238
http://80.87.201.177
http://80.87.201.178
http://80.87.202.58
http://80.87.202.7
http://80.87.202.92
http://81.19.140.16
http://81.200.152.41
http://82.115.223.17
http://82.115.223.92
http://82.146.33.148
http://82.146.34.194
http://82.146.34.244
http://82.146.35.75
http://82.146.38.48
http://82.146.41.71
http://82.146.42.247
http://82.146.43.104
http://82.146.43.67
http://82.146.45.68
http://82.146.45.7
http://82.146.46.170
http://82.146.46.51
http://82.146.47.144
http://82.146.48.150
http://82.146.48.223
http://82.146.48.233
http://82.146.49.100
http://82.146.52.151
http://82.146.52.198
http://82.146.52.200
http://82.146.52.217
http://82.146.53.241
http://82.146.54.148
http://82.146.54.219
http://82.146.55.100
http://82.146.55.21
http://82.146.56.217
http://82.146.56.24
http://82.146.56.83
http://82.146.58.86
http://82.146.59.136
http://82.146.59.195
http://82.146.60.81
http://82.146.61.207
http://82.146.62.116
http://82.146.63.142
http://82.148.30.111
http://83.136.232.133
http://83.136.232.155
http://83.136.232.228
http://83.136.232.237
http://83.136.232.25
http://83.136.233.84
http://83.220.168.32
http://83.220.168.58
http://83.220.170.162
http://83.220.172.137
http://83.220.172.179
http://83.220.173.110
http://83.220.173.145
http://83.220.173.194
http://83.220.175.103
http://83.220.175.138
http://84.32.190.8
http://85.192.41.4
http://85.192.63.166
http://85.193.80.152
http://85.31.46.137
http://86.110.212.160
http://87.236.146.103
http://87.251.77.205
http://88.210.9.215
http://89.107.10.225
http://89.108.102.163
http://89.108.115.110
http://89.108.76.178
http://89.108.81.97
http://89.108.88.227
http://89.185.85.200
http://89.208.142.177
http://89.23.110.215
http://89.23.97.43
http://89.23.97.74
http://89.41.182.81
http://91.151.88.63
http://91.201.112.111
http://91.209.226.36
http://91.219.62.158
http://91.227.113.154
http://91.240.84.249
http://91.240.86.94
http://91.242.229.77
http://91.243.59.65
http://91.245.227.34
http://92.255.107.243
http://92.53.71.105
http://92.63.101.174
http://92.63.101.82
http://92.63.102.68
http://92.63.103.35
http://92.63.104.181
http://92.63.104.237
http://92.63.104.240
http://92.63.104.30
http://92.63.104.47
http://92.63.104.96
http://92.63.106.232
http://92.63.106.249
http://92.63.106.6
http://92.63.107.12
http://92.63.192.101
http://92.63.192.33
http://92.63.96.83
http://92.63.97.118
http://92.63.97.158
http://92.63.97.168
http://92.63.97.36
http://92.63.99.234
http://94.103.81.144
http://94.103.81.146
http://94.103.81.174
http://94.103.82.132
http://94.103.92.207
http://94.124.78.86
http://94.131.96.44
http://94.142.142.6
http://94.23.190.57
http://94.250.249.169
http://94.250.250.160
http://94.250.252.221
http://94.250.252.243
http://94.250.253.4
http://94.250.254.158
http://94.250.254.199
http://94.250.254.43
http://94.250.254.50
http://94.250.255.214
http://94.250.255.250
http://95.142.43.115
http://95.143.179.155
http://95.163.233.217
http://95.214.53.31
http://95.217.99.28
102.140.196.34:3851
103.133.105.61:1338
103.133.105.61:8848
185.70.104.53:3861
194.26.229.33:85
209.151.144.77:443
91.193.75.139:5900
91.193.75.152:7196
91.193.75.175:9217
91.193.75.235:5900
91.193.75.244:5900
042832.clmonth.nyashteam.top
043659.clmonth.nyashteam.top
077147.clmonth.nyashteam.top
101583.clmonth.nyashteam.top
12342.clmonth.nyashteam.ru
12418.clmonth.nyashteam.ru
12748.clmonth.nyashteam.ru
14888.clmonth.nyashteam.ru
151-248-118-14.cloudvps.regruhosting.ru
158447.clmonth.nyashteam.top
16530.clmonth.nyashteam.ru
171304.clmonth.nyashteam.top
188726.clmonth.nyashteam.top
191151.clmonth.nyashteam.top
191191.cllt.nyashteam.top
194-58-107-59.cloudvps.regruhosting.ru
194-67-90-137.cloudvps.regruhosting.ru
198939.clmonth.nyashteam.top
2030.clmonth.nyashteam.ru
22865.clmonth.nyashteam.ru
22866.clmonth.nyashteam.ru
23457.clmonth.nyashteam.ru
23558.clmonth.nyashteam.ru
24820.clmonth.nyashteam.ru
24824.clmonth.nyashteam.ru
248706.clmonth.nyashteam.top
25066.clmonth.nyasht.ml
26150.clmonth.nyashteam.ru
273709.clmonth.nyashteam.top
28049.clmonth.nyashteam.ru
281429.clmonth.nyashteam.top
286216.clmonth.nyashteam.top
28747.clmonth.nyashteam.ml
29035.clmonth.nyashteam.ru
310246.clmonth.nyashteam.top
32589.clmonth.nyashteam.ml
32589.clmonth.nyashteam.ru
32836.clmonth.nyashteam.ru
336522.clmonth.nyashteam.top
33811.clmonth.nyashteam.ru
33866.clmonth.nyashteam.ru
341560.clmonth.nyashteam.top
344968.clmonth.nyashteam.top
34843.clmonth.nyashteam.ru
34845.clmonth.nyashteam.ru
349733.clmonth.nyashteam.top
355969.clmonth.nyashteam.top
37-140-195-166.cloudvps.regruhosting.ru
372260.clmonth.nyashteam.top
384445.clmonth.nyashteam.top
39841.clmonth.nyashteam.ru
40211.clmonth.nyashteam.ru
403267.clmonth.nyashteam.top
41028.clmonth.nyashteam.ru
43425.clmonth.nyashteam.ml
456445.clmonth.nyashteam.top
468840.clmonth.nyashteam.top
471120.clmonth.nyashteam.top
481372.clmonth.nyashteam.top
48808.clmonth.nyashteam.ru
48944.cllt.nyashteam.top
49856.clmonth.nyashteam.ml
51165.clmonth.nyashteam.top
525803.clmonth.nyashteam.top
55441.clmonth.nyashteam.ru
55555.clmonth.nyashteam.ml
561706.clmonth.nyashteam.top
58261.clmonth.nyashteam.ru
583848.clmonth.nyashteam.top
58561.clmonth.nyashteam.ru
5b5t.servegame.com
618239.clmonth.nyashteam.top
61839.clmonth.nyashteam.ru
64198.clmonth.nyashteam.ml
64372.clmonth.nyashteam.ru
64714.clmonth.nyashteam.ru
66223.clmonth.nyashteam.ru
66444.cllt.nyashteam.top
669731.clmonth.nyashteam.top
670880.clmonth.nyashteam.top
677710.clmonth.nyashteam.top
684386.clmonth.nyashteam.top
686084.clmonth.nyashteam.top
707731.clmonth.nyashteam.top
71902.clmonth.nyashteam.ru
72606.clmonth.nyashteam.ru
75419.clmonth.nyashteam.ru
76427.clmonth.nyashteam.top
76429.clmonth.nyashteam.top
76834.clmonth.nyashteam.ml
777233.clmonth.nyashteam.top
7fc3460091094336a2af4e71b7590b6e.ru
802560.clmonth.nyashteam.top
802772.clmonth.nyashteam.top
809212.clmonth.nyashteam.top
81888.cllt.nyashteam.ru
81888.cllt.nyashteam.top
82607.clmonth.nyashteam.ru
82881.clmonth.nyashteam.ru
83107.clmonth.nyashteam.ru
834532.clmonth.nyashteam.top
852543.clmonth.nyashteam.top
871356.clmonth.nyashteam.top
87550.clmonth.nyashteam.ru
88225.cllt.nyashteam.ru
88300.clmonth.nyashteam.ru
88314.cllt.nyashteam.top
88730.clmonth.nyashteam.ru
888888.cllt.nyashteam.top
896447.clmonth.nyashteam.top
90465.clmonth.nyashteam.ml
904927.clmonth.nyashteam.top
91898.clmonth.nyashteam.ru
93404.clmonth.nyashteam.ru
947425.clmonth.nyashteam.top
948166.clmonth.nyashteam.top
956787.clmonth.nyashteam.top
95892.clmonth.nyashteam.site
982918.clmonth.nyashteam.top
9837.cllt.nyashteam.ru
98612.clmonth.nyashteam.ru
98765.clmonth.nyashteam.ru
98875.clmonth.nyashteam.ru
989673.clmonth.nyashteam.top
99099.clmonth.nyashteam.ml
99944.clmonth.nyashteam.ru
a-plague-tale.top
a0561607.xsph.ru
a0561978.xsph.ru
a0562386.xsph.ru
a0562792.xsph.ru
a0566780.xsph.ru
a0567317.xsph.ru
a0582236.xsph.ru
a0594391.xsph.ru
a0603308.xsph.ru
a0613321.xsph.ru
a0615510.xsph.ru
a0632115.xsph.ru
a0632804.xsph.ru
a0635682.xsph.ru
a0638710.xsph.ru
a0639268.xsph.ru
a0639896.xsph.ru
a0642012.xsph.ru
a0642085.xsph.ru
a0642285.xsph.ru
a0643725.xsph.ru
a0643994.xsph.ru
a0646475.xsph.ru
a0647213.xsph.ru
a0648010.xsph.ru
a0653501.xsph.ru
a0655106.xsph.ru
a0656330.xsph.ru
a0678146.xsph.ru
a0682348.xsph.ru
a0684190.xsph.ru
a0689393.xsph.ru
a0693837.xsph.ru
a0694489.xsph.ru
a0694602.xsph.ru
a0697183.xsph.ru
a0697279.xsph.ru
a0698517.xsph.ru
a0699063.xsph.ru
a0701472.xsph.ru
a0702131.xsph.ru
a0702220.xsph.ru
a0702895.xsph.ru
a0703811.xsph.ru
a0705512.xsph.ru
a0706778.xsph.ru
a0706896.xsph.ru
a0707468.xsph.ru
a0709203.xsph.ru
a0709573.xsph.ru
a0712169.xsph.ru
a0712674.xsph.ru
a0713666.xsph.ru
a0717143.xsph.ru
a0719318.xsph.ru
a0723621.xsph.ru
a0724768.xsph.ru
a0728179.xsph.ru
a0728273.xsph.ru
a0728298.xsph.ru
a0729054.xsph.ru
a0729543.xsph.ru
a0730110.xsph.ru
a0730393.xsph.ru
a0730546.xsph.ru
a0730923.xsph.ru
a0736143.xsph.ru
a0739347.xsph.ru
a0741539.xsph.ru
a0744037.xsph.ru
a0756235.xsph.ru
a0756488.xsph.ru
a0758190.xsph.ru
a0761206.xsph.ru
a0761701.xsph.ru
a0761996.xsph.ru
a0764072.xsph.ru
a0765835.xsph.ru
a0769200.xsph.ru
a0771106.xsph.ru
a0772555.xsph.ru
a0776567.xsph.ru
a0780562.xsph.ru
a0784310.xsph.ru
a0787727.xsph.ru
a0788683.xsph.ru
a0794138.xsph.ru
a0794203.xsph.ru
a0802004.xsph.ru
access.samp-loader.ru
app.squidgame.to
armannl5.beget.tech
barsukk676.duckdns.org
battletw.beget.tech
bigboxt5.beget.tech
bksdk.jsonwf.pw
blamblambla.cyberhost.ml
blockchainc.us
blockchainsync.us
bunkovb3.beget.tech
ca04510.tw1.ru
ca50999.tmweb.ru
ca69244.tw1.ru
cb93602.tw1.ru
cd44093.tmweb.ru
ce30512.tmweb.ru
ce48662.tmweb.ru
cf90664.tmweb.ru
ch14079.tmweb.ru
chamilqn.beget.tech
cheathub.space
cheatinghub.com
ck43536.tmweb.ru
ck44758.tw1.ru
cm07739.tmweb.ru
cm71694.tw1.ru
cm87547.tw1.ru
cm97018.tmweb.ru
cortez.cyberhost.ml
cp48625.tmweb.ru
cs78629.tmweb.ru
csomundibash.ru
cu59983.tw1.ru
cv44623.tw1.ru
cw31476.tw1.ru
cw55706.tw1.ru
cx15642.tmweb.ru
cz09685.tw1.ru
cz81401.tw1.ru
darksrystalryk.com.swtest.ru
david79t.beget.tech
dcbiorlov.shop
dcmobina.duckdns.org
dcrat.host
ddergaixyi.site
devil137.ru
domain2424242.ru.host1855822.serv80.hostland.pro
domdain2.co.vu
duhgfb6e.beget.tech
e908170j.beget.tech
era-paradise.ru
expl01t.tk
f0571616.xsph.ru
f0629544.xsph.ru
f0633137.xsph.ru
f0639494.xsph.ru
f0653783.xsph.ru
f0681920.xsph.ru
f0713677.xsph.ru
f0715481.xsph.ru
f0772589.xsph.ru
f0786544.xsph.ru
fioradro.cyberhost.cf
forusualworkwithpeople.space
funnym78.beget.tech
furiosgr.isp26.admintest.ru
g35hn83489.tmweb.ru
h158013.srv16.test-hf.su
h162295.srv13.test-hf.su
h162345.srv12.test-hf.su
haivo.co.zw
haskers.ru
hesoyam.space
imhaacja.beget.tech
jokerkqc.beget.tech
kadyeri.cyberhost.cf
kasikkar.beget.tech
kykelone.cyberhost.ml
kyrainkg.beget.tech
l96588w5.beget.tech
leshaed5.beget.tech
limfunsto.site
lkofkkkkfkjjsfh.drive-35.ru
lubluabobu.com
marspaste.com
metacryptobot.com
msmpeng.cyberhost.ml
n953700o.beget.tech
nestell.cyberhost.ml
neverchurka.ml
newdfhfgdjmfgjm.store
nftbanger.ru
nikitabon2.temp.swtest.ru
nulledgames.fun
pashkis.beget.tech
phoenass.cyberhost.ml
play-varryal.online
policefbr.linkpc.net
portfolioksk.xyz
rapidtestdr.com
rfewkfnr234.cf
s18senfg.beget.tech
sashaplays5.ru.com
sdwasdwads.tk
shrekforever.tk
softportal.tk
soubmaag.beget.tech
srv174492.hoster-test.ru
svinlasf.ru
tcp.viewdns.net
tomattolittle.su
trenbalon.cyberhost.ml
u1174726leb.ha004.t.justns.ru
u13794788m.ha003.t.justns.ru
u1638884.plsk.regruhosting.ru
u1721466.trial.reg.site
ulihkapc.beget.tech
universalwordpress.site
usehvhgf.beget.tech
vaynhaqt.beget.tech
vbhfghgfjjfgd.online
vkggttin.beget.tech
vlaadblp.beget.tech
whatipedia.org
windowsign.theworkpc.com
wp.banjaro.de
xxhdftgjftgkjfgk.site
y5z2870c.beget.tech
ya-ebal-reg-ru-v-rot.site
yadrochy.ru.com
ytdjfugjwtruykjhgf.sytes.net
zamineserver.online
zebra1987.fvds.ru
zorz1337.xyz

# Reference: https://www.virustotal.com/gui/file/544248eab18c06346bb6819c0763ba2ed7a7f89fc98ae37e7b74e21f2393dcbb/detection

a0684985.xsph.ru
/providerpollPackettemp.php

# Reference: https://twitter.com/crep1x/status/1638596454087368708
# Reference: https://www.virustotal.com/gui/file/7606edcf0491794b631f9aaf1a7e34fd0960e542d30614b562c8423afc86e2c1/detection

nyvhpww3.beget.tech
/dc/apiMultitemp.php

# Reference: https://www.virustotal.com/gui/file/04f46cc5cc7dfab4b587bedd1663d868b9c6c53998dccfbbff7594a8cab4bcf7/detection

http://37.46.130.3

# Reference: https://www.virustotal.com/gui/file/ebdf74f5b6e0b49bdb471dc9c908c5b741ed113049744328af8f73aec4f57b67/detection

http://195.123.246.86

# Reference: https://www.virustotal.com/gui/file/930261f96fe4393d9e4bef23d4eb932b33d1f0f957d9483f6da2dca3767f750b/detection
# Reference: https://www.virustotal.com/gui/file/8cafad64caf5dcac0117b5bd535782280375ea68eb28be0d8421f61b03e2c641/detection

/LinejavascriptDb.php

# Reference: https://www.virustotal.com/gui/file/0aca0b24374538efda88f17bbe3ed4d0adcb9c361552af5b45d83d858b253dbd/detection

http://62.109.15.166

# Reference: https://blog.bushidotoken.net/2023/05/fake-steam-desktop-authenticator-app.html

gllthub.com
glthub.org
gthub.org
steamauthenticator.net
steamdesktopauthenticator.net
steamdesktopauthenticator.org
steamdesktopauthenticator.ru

# Reference: https://www.virustotal.com/gui/file/2d2211d9266e7080e6e12d150829935a3f0794e4d499199f9c7480de02b458d7/detection

http://141.95.84.40

# Reference: https://www.virustotal.com/gui/file/b31c082dea750e9be6e1cf866efaef2c129e836c5db54198089a8745c79a4569/detection

173.44.50.86:7788
flugrekorder.duckdns.org

# Reference: https://www.virustotal.com/gui/file/6a8ea9c4a9200f1dc374e7a60ffaf6ac6399bccf17eeb3c0c7ebe047ee9e6843/detection
# Reference: https://www.virustotal.com/gui/file/a16465e149e3d655f042fe17721a93f54c9db0ce45cc09b7152fbd4710f71b78/detection
# Reference: https://www.virustotal.com/gui/file/aa44b193e2eb0046c55dc1a78fed298c361f06835256504ff42db39c5692df10/detection

20.200.63.2:2525
asegurarq.duckdns.org
envio2023junio.duckdns.org
hjgeuyiohfkjsdfhgiwe.duckdns.org

# Reference: https://www.virustotal.com/gui/file/f1e5829e0f9473127d72559e3f811dcb5158d22e09eb4925ef27c7ada864fe6f/detection

191.89.243.236:4242
moneymaker.dynuddns.net

# Reference: https://www.virustotal.com/gui/file/df7a8962331cc5a23cd13744420aa91547cfc085950d22ab1b7e4f298b2ee0ab/detection

179.13.3.110:2356
promotores14.duckdns.org

# Reference: https://www.virustotal.com/gui/file/7b1bb2682a37f2a3f5aa1de69eed5ba5b44debe322b0409ce261492751c01f5f/detection
# Reference: https://www.virustotal.com/gui/file/db56ca34b934ee56d33478d16413a49d78a7671fd92c9a7a9444c48469030520/detection

179.13.3.110:7575
neweraimporta1.duckdns.org
newroda2023.duckdns.org

# Reference: https://www.virustotal.com/gui/file/6c64cb817eb68c8fd0f051b00fcb20a0a28e26062d06eebe2502d8e8077c6116/detection

74.119.194.154:2060
distributework.theworkpc.com

# Reference: https://www.virustotal.com/gui/file/eb61309bd790110928277bed37961dbd7dfd8360286c670fbc100fd0c4623c32/detection

52.152.223.228:8848
newforting.duckdns.org

# Reference: https://www.virustotal.com/gui/file/b5a07ffef279e824561d2fb7c6f3f8f2ce86f8fd407fd091820fa35f4dc3a99a/detection

185.106.93.148:2020

# Reference: https://www.virustotal.com/gui/file/f0708715c7c8fbd9e77083048adf331c8be83a2049863a8e71cbf63353ab45a0/detection

154.29.75.191:2027
avsdefender.giize.com

# Reference: https://twitter.com/drb_ra/status/1683550086104489985

191.101.3.50:8848

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-07-25)

http://109.172.83.121
http://113.30.150.52
http://138.128.242.147
http://149.154.64.92
http://159.89.232.82
http://176.37.97.210:81
http://178.250.156.210
http://185.112.144.202
http://185.146.156.56
http://185.146.157.245
http://185.146.157.98
http://185.20.227.154
http://185.43.4.203
http://185.46.46.139
http://188.120.226.231
http://188.120.227.150
http://188.120.233.131
http://188.120.233.146
http://188.120.233.42
http://188.120.236.114
http://188.120.251.253
http://188.225.58.206
http://188.225.58.220
http://193.124.92.72
http://193.233.164.54
http://194.26.229.33:85
http://194.58.92.23
http://212.109.194.187
http://212.109.195.44
http://212.109.199.150
http://212.224.113.92
http://217.144.103.26
http://217.196.96.4
http://31.41.221.82
http://37.230.116.57
http://37.46.129.39
http://37.46.134.225
http://45.12.238.157
http://45.140.147.214
http://45.153.68.9
http://45.8.230.157
http://45.91.8.171
http://46.149.77.33
http://46.175.146.110
http://5.161.143.111
http://5.252.118.26
http://5.42.65.49
http://62.109.12.5
http://62.109.17.54
http://62.109.22.191
http://62.109.27.71
http://62.113.96.239
http://77.73.131.120
http://77.91.72.151
http://79.132.140.15
http://79.137.202.118
http://79.137.207.211
http://80.78.251.51
http://80.87.192.174
http://80.90.185.107
http://82.146.36.3
http://82.146.43.250
http://82.165.114.107
http://83.220.174.44
http://89.185.85.106
http://89.191.228.213
http://89.23.96.74
http://89.23.97.153
http://92.255.107.38
http://92.51.36.155
http://92.63.107.224
http://92.63.189.63
http://92.63.193.111
http://92.63.193.81
http://92.63.97.185
http://94.131.112.154
1.165.96.128:4480
1.242.139.44:8848
103.144.148.219:8080
103.146.78.130:8848
103.170.118.35:8848
103.186.108.229:14567
103.186.108.229:8848
104.219.234.167:8848
109.195.94.247:8848
111.229.139.47:8848
112.213.98.87:8848
120.78.151.171:7777
120.78.151.171:7788
124.72.246.78:6079
134.255.216.148:80
139.180.143.50:8848
141.95.84.40:112
142.202.242.168:8848
142.202.242.168:9898
144.126.230.14:102
144.126.230.14:1111
144.126.230.14:6666
154.53.42.53:8848
172.111.236.107:8848
172.94.103.171:8848
177.255.88.252:5022
179.43.154.184:8888
179.61.251.188:8848
185.225.18.110:2100
185.241.208.121:9898
185.246.222.117:8000
191.101.3.50:8848
192.99.10.207:8848
193.42.32.159:8848
194.26.192.203:5050
194.59.31.109:8848
194.87.218.64:8818
194.87.218.64:8828
194.87.218.64:8878
20.199.73.159:1024
20.216.162.185:1024
20.216.165.135:1024
20.216.178.113:1024
20.223.128.97:1337
206.238.221.30:8848
209.25.142.180:5569
3.6.30.85:10048
34.92.66.146:8848
37.18.62.18:8060
37.187.222.230:8848
38.242.139.217:8848
40.114.223.144:1337
40.87.50.159:1337
41.62.221.74:90
43.243.111.229:8848
45.144.154.62:1938
45.74.7.10:8848
45.77.175.130:8848
45.77.34.211:8686
45.77.34.211:8848
45.77.34.211:9999
45.92.1.155:8848
45.95.19.170:8848
45.95.19.172:8848
45.95.19.173:8848
45.95.19.174:8848
46.23.96.131:8848
47.106.131.255:8848
47.254.75.102:4444
5.178.3.191:8848
52.186.31.169:1337
64.176.43.239:8848
64.44.166.203:8848
77.92.154.211:1337
83.229.83.102:1337
87.121.221.220:8848
89.211.209.74:8080
89.23.101.37:1337
89.23.96.202:8838
91.227.113.154:12345
91.227.113.154:8848
94.124.192.220:8848
95.179.128.208:8080
95.179.128.208:8081
95.179.128.208:8089
95.214.26.63:6666
95.214.26.63:9595
001600.clmonth.nyashteam.top
055561.clmonth.nyashteam.top
067445.clmonth.nyashteam.top
073910.clmonth.nyashteam.top
080138.clmonth.nyashteam.top
089240.clmonth.nyashteam.top
100879.clmonth.nyashteam.top
109736.clmonth.nyashteam.top
140487.clmonth.nyashteam.top
149688.clmonth.nyashteam.top
181770.clmonth.nyashteam.top
204949.clmonth.nyashteam.top
2372261.clmonth.nyashteam.top
238533.clmonth.nyashteam.top
259773.clmonth.nyashteam.top
2681291.im499886.web.hosting-test.net
268669.clmonth.nyashteam.top
306806.clmonth.nyashteam.top
333201.clmonth.nyashteam.top
375099.clmonth.nyashteam.top
495315.clmonth.nyashteam.top
507447.clmonth.nyashteam.top
5103017.lmonth.whiteproducts.ru
510922.clmonth.nyashteam.top
521187.clmonth.nyashteam.top
531810.clmonth.nyashteam.top
562620.clmonth.nyashteam.top
63120m.dccr.ru
638041.clmonth.nyashteam.top
641309.clmonth.nyashteam.top
642838.clmonth.nyashteam.top
679449.clmonth.nyashteam.top
697484.clmonth.nyashteam.top
726267.clmonth.nyashteam.top
736036.cllt.nyashteam.top
744392.cllt.nyashteam.top
759053.clmonth.nyashteam.top
76428.clmonth.nyashteam.top
766698.clmonth.nyashteam.top
767884.clmonth.nyashteam.top
798839.clmonth.nyashteam.top
846901.clmonth.nyashteam.top
86120.clmonth.nyashteam.ru
867280.clmonth.nyashteam.top
870825.clmonth.nyashteam.top
882703.clmonth.nyashteam.top
892549.clmonth.nyashteam.top
9463949.clmonth.whiteproducts.ru
965092.clmonth.nyashteam.top
97528733.clmonth.whiteproducts.ru
976400.clmonth.nyashteam.top
999309.clmonth.nyashteam.top
999593.clmonth.nyashteam.top
999952.clmonth.nyashteam.top
a0574458.xsph.ru
a0578993.xsph.ru
a0689699.xsph.ru
a0761798.xsph.ru
a0784312.xsph.ru
a0797197.xsph.ru
a0806752.xsph.ru
a0818759.xsph.ru
a0828600.xsph.ru
a0837236.xsph.ru
a0839223.xsph.ru
askeas8d.beget.tech
bookintosh.com
cb38900.tw1.ru
cc69539.tw1.ru
cd67644.tw1.ru
cg56646.tw1.ru
cl30608.tw1.ru
cl80747.tmweb.ru
cn64382.tw1.ru
co73949.tw1.ru
cr48644.tw1.ru
cs20502.tw1.ru
cs33412.tw1.ru
cv57372.tw1.ru
cw52314.tw1.ru
cy34693.tw1.ru
cy87237.tw1.ru
cz61643.tw1.ru
cz82964.tw1.ru
cz89769.tw1.ru
dreadhack.ru
i93035tu.beget.tech
kapibarka1337.kriptnhosting.ru
legend92.beget.tech
pococox.cc
ssoo1451.ddns.net
tcp.viewdns.net
vikselr4.beget.tech
vm654.loyal.sclad.network
web3174.craft-host.ru

# Reference: https://www.virustotal.com/gui/file/995904e555328bd1cdb5d04a370140fe247a8d05aa6e5b150696a2bb503ebdac/detection

10788m.dccr.ru

# Reference: https://www.virustotal.com/gui/file/f4f3d7fb398aa690d3922b26560655e3f040d606c1afa7210d36ff289bee5ee6/detection

21102m.dccr.ru

# Reference: https://www.virustotal.com/gui/file/e61fe1036cbbbc67cdd99dc094b13f1f12c3b9c29dd5054f5a33587b00d68fb0/detection

41030m.dccr.ru
48576m.dccr.ru

# Reference: https://www.virustotal.com/gui/file/4577ac39b54ab8fc029612fa4331388a6d6ebff0a7807b2224f130382ee40376/detection

60154m.dccr.ru

# Reference: https://www.virustotal.com/gui/file/3ff4bdcdb466656d9acbef32f9c022ccd9585531c4ede71f6830492681036000/detection

84688m.dccr.ru

# Reference: https://www.virustotal.com/gui/file/201d813f62d133d4112916355c1b73a258f137ff86d1b5a2eb5fe3239d2b2c5f/detection

190.211.255.106:9049
60057m.dccr.ru

# Reference: https://www.virustotal.com/gui/file/7fc956e918b4b5c29acede00f02e8d4e3ceeafcb318bbe23727372c19d6324fb/detection

61462m.dccr.ru

# Reference: https://www.virustotal.com/gui/file/8d1690fa7843bce0c255dbe02e3927936d97d45424f33eefee876de06fbdfc07/detection

60894m.dccr.ru
61124m.dccr.ru

# Reference: https://www.virustotal.com/gui/file/fcdeb5ef7fd326bd5d6d34405eae0958d07e95ccf5c5dda01f0e60fdcb9c63ab/detection

emprendimientolaboral2.duckdns.org

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-07-28)

http://78.141.213.103
172.94.103.16:8848
188.132.197.104:8848
a0832838.xsph.ru
cm32236.tw1.ru
imhaacwo.beget.tech
/imagephpSqlgeneratortemporary.php
/Jsvoiddbrequestpipe/0http/Temporarytest6Cdn/RequestServerMultiDefaultcdn.php
/Jsvoiddbrequestpipe/0http/Temporarytest6Cdn/
/Jsvoiddbrequestpipe/0http/
/Jsvoiddbrequestpipe/
/Temporarytest6Cdn/
/RequestServerMultiDefaultcdn.php

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-07-30) 

103.38.83.176:8848
176.96.137.221:2000
216.83.38.252:8848
45.12.221.10:8848
45.32.74.105:8848
52.152.223.228:1080
nyashtyan.top
211450cm.nyashtyan.top
942980cm.nyashtyan.top
a0708223.xsph.ru
a0844030.xsph.ru
cr50765.tw1.ru

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-08-01)

http://37.46.128.31
http://5.63.159.156
http://91.228.155.244
114.96.73.0:8848
akamaitechcdns.com
nyashkoon.top
213897cm.nyashtyan.top
636695lm.nyashkoon.top
736786cm.nyashtyan.top
790199cm.nyashtyan.top
cg14313.tw1.ru

# Reference: https://threatfox.abuse.ch/ioc/1146724/

079471cm.nyashtyan.top

# Reference: https://threatfox.abuse.ch/ioc/1146725/

http://82.146.48.182

# Reference: https://threatfox.abuse.ch/ioc/1146787/

400277cm.nyashtyan.top

# Reference: https://threatfox.abuse.ch/ioc/1146808/

31.210.55.202:81

# Reference: https://threatfox.abuse.ch/ioc/1148429/

http://194.87.101.56

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-08-05)

http://45.67.231.91
141.95.11.145:81
172.94.103.112:8848
073545cm.nyashkoon.top
481679cm.nyashtyan.top
856401cm.nyashkoon.top
913432cm.nyashtyan.top
/nyashsupport.php

# Reference: https://www.virustotal.com/gui/file/f84cf07bba5377a0c9f5b21252abf585d4170c40310d2b38460c4d8394e20445/detection
# Reference: https://www.virustotal.com/gui/file/65f1c8480894798b2b6223b62984a6779720768a7885c6a49ddd8529902b988a/detection
# Reference: https://www.virustotal.com/gui/file/0ec4ecd50be7f47da972d3641aab816ab4bef93a9cc01da158aae5d878109166/detection

192.154.229.64:2368
22-23asyn.servemp3.com

# Reference: https://threatfox.abuse.ch/ioc/1148927/

982407cm.nyashkoon.top

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-08-08)

379038cm.nyashkoon.top
550098cm.nyashkoon.top
998357cm.nyashkoon.top

# Reference: https://threatfox.abuse.ch/ioc/1149140/

http://154.49.137.173
/request0flower/

# Reference: https://threatfox.abuse.ch/ioc/1149156/

http://195.3.223.35

# Reference: https://threatfox.abuse.ch/ioc/1149161/

kriptonhosting.store
iwithknife.kriptonhosting.store
volksilach.kriptonhosting.store
wiwieiwiissiwi.kriptonhosting.store

# Reference: https://www.virustotal.com/gui/file/772211f2e767f8d8daf6c5f721fae0b998539bc83843ff07530be7226fb8a62d/detection

skfjsfk.kriptonhosting.store

# Reference: https://threatfox.abuse.ch/ioc/1149180/

http://5.42.92.132

# Reference: https://threatfox.abuse.ch/ioc/1149204/

832932cm.nyashtyan.top

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-08-09)

http://212.109.195.187
http://82.146.52.24
45.32.74.105:8686
a0847744.xsph.ru
318145cm.nyashkoon.top
858925lm.nyashtyan.top

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-08-11)

http://185.161.251.195
http://188.120.242.207
154.12.254.215:46452

# Reference: https://twitter.com/drb_ra/status/1690255513303289856

82.156.141.121:8848

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-08-12)

826894cm.nyashkoon.top
857224cm.nyashkoon.top
933858cm.nyashkoon.top
945478cm.nyashtyan.top
cb66024.tw1.ru

# Reference: https://threatfox.abuse.ch/ioc/1149773/

http://188.120.224.186

# Reference: https://threatfox.abuse.ch/ioc/1149785/

a0827550.xsph.ru

# Reference: https://twitter.com/drb_ra/status/1690798633715707904

159.69.64.122:8848

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-08-14)

http://15.188.64.143
http://185.182.111.66

# Reference: https://twitter.com/drb_ra/status/1691161144537337857
# Reference: https://www.virustotal.com/gui/file/0a800c35a29e5105898ca274b12dda114e08f23da75dcec3b16a809f1d0109ad/detection

179.43.154.184:591
filetransrediremin.com
/cry/11Rota

# Reference: https://twitter.com/drb_ra/status/1691342424583331840

147.185.221.181:51638

# Reference: https://threatfox.abuse.ch/ioc/1150061/

179.43.154.184:8090

# Reference: https://threatfox.abuse.ch/ioc/1150041/

http://92.63.107.173

# Reference: https://twitter.com/drb_ra/status/1691523675944837121

46.246.14.20:5050

# Reference:  https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-08-16)

http://185.189.181.87
http://188.127.231.139
http://212.118.36.238
http://45.61.188.238
http://5.42.77.211
http://51.38.163.64
http://62.109.13.186
http://62.109.25.12
http://94.156.253.218
http://94.228.126.154
http://95.217.3.189
63.143.47.135:10443
091608cm.nyashkoon.top
467376m.dccrk.top
684896lm.nyashkoon.top
734537cm.nyashtyan.top
a0853356.xsph.ru
a0854153.xsph.ru
cb15953.tw1.ru
cn36459.tw1.ru
cs84335.tw1.ru
x96559rd.beget.tech
yaysem.ru.swtest.ru

# Reference: https://twitter.com/drb_ra/status/1693335496431222862

188.132.197.93:1337

# Reference: https://any.run/malware-trends/dcrat (# 2023-08-23)

http://212.113.106.125
http://82.147.85.228
175060m.dccrk.top
232161cm.nyashtyan.top
ch72917.tw1.ru

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-08-25)

http://193.37.71.142
http://77.246.107.91
http://94.156.102.214
071900cm.n9shteam1.top
221968cm.nyashkoon.top
351201cm.nyashtyan.top
388404cm.nyashkoon.top
533261cm.n9shteam1.top
775515cm.n9shteam1.top
898757cm.nyashkoon.top
993855cm.n9shteam1.top
a0567586.xsph.ru
a0840686.xsph.ru
a0855945.xsph.ru
chernobyl-hack.online
cb56823.tw1.ru
cq27523.tw1.ru

# Reference: https://threatfox.abuse.ch/ioc/1152366/

http://82.146.60.137

# Reference: https://threatfox.abuse.ch/ioc/1152367/

http://149.154.71.81

# Reference: https://threatfox.abuse.ch/ioc/1152374/

http://185.104.113.225

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-08-31)

http://103.231.254.144
http://149.154.69.62
http://185.149.146.185
http://217.144.103.11
194.156.88.152:8848
213.238.182.19:3131
95.214.26.88:9933
96074.clmonth.nyashteam.ru
cc75590.tw1.ru
dcrack.ru
f0856923.xsph.ru

# Reference: https://cert.gov.ua/article/5628441 (# UAC-0173)

barnsertr.com

# Reference: https://threatfox.abuse.ch/ioc/1152481/

http://79.137.203.186

# Reference: https://threatfox.abuse.ch/ioc/1152515/

95.214.26.89:9933

# Reference: https://twitter.com/drb_ra/status/1696958515649069237

95.214.26.66:9933

# Reference: https://twitter.com/drb_ra/status/1696958528731201785

95.214.26.67:9933

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-09-01)

http://178.250.159.46
http://213.159.208.46
http://45.8.159.53
http://82.146.57.75
119.91.99.194:8080
150.107.2.176:8848
172.162.233.190:8080
179.13.2.154:4444
179.43.142.36:591
180.12.159.131:64432
185.221.67.22:4444
223.26.57.45:8848
81.218.45.223:8848
91.134.150.156:8080
95.214.27.6:8848
95.222.241.139:8088
004727cm.n9shteam1.top
642541lm.nyashkoon.top
a0852402.xsph.ru
a0854644.xsph.ru
a0871177.xsph.ru
co54255.tw1.ru
ws896.castlehost.ru

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-09-05)

http://46.18.107.229
http://83.220.169.211
20.199.65.155:8848
868692cm.nyashkoon.top
a0856871.xsph.ru
ck39226.tw1.ru
cl08031.tw1.ru
cx11830.tw1.ru
/L1nc0In.php

# Reference: https://www.virustotal.com/gui/file/df09c7578388be896ad2f55e005d4ebb3700af89fe06fc73109847989452656d/detection
# Reference: https://www.virustotal.com/gui/file/d11bd86036bcd409096608ccfc76a098974f38c6802fce1eabc4fd83788f3c58/detection

207.32.218.112:9898
77.247.127.10:9898
93.123.118.74:9898
stylish4.duckdns.org

# Reference: https://threatfox.abuse.ch/ioc/1155391/

878535cm.n9shteam1.top

# Reference: https://threatfox.abuse.ch/ioc/1155706/

klopware.space
status.klopware.space

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-09-09)

012244cm.nyashtyan.top
375230cm.nyashnyash.top
419819cm.nyashkoon.top
604291cm.nyashkoon.top
a0859540.xsph.ru
cz14767.tw1.ru

# Reference: https://threatfox.abuse.ch/ioc/1155797/

http://5.42.85.163

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-09-20)

http://85.192.63.134
103.162.14.197:8686
103.162.14.197:8848
118.89.85.106:8848
150.107.2.178:8848
150.107.2.180:8848
166.88.209.105:8848
168.119.148.218:8848
185.158.251.88:8848
43.248.188.196:8848
51.120.245.251:1024
rocketchange.xyz
124014cm.nyashnyash.top
570264cm.nyashtyan.top
806171cm.n9shteam1.top
a0858699.xsph.ru

# Reference: https://www.virustotal.com/gui/file/0ecff04eedef75ad091b55d1cbdd6c2680b58a3ccb577154e0d1b0bab482c942/detection

access.samp-loader.ru
bot.samp-loader.ru

# Reference: https://www.virustotal.com/gui/file/092fa2ea4f6a254c38547b3b2cc7e22a153fa72b502849327946ca98f9aab839/detection

api.samp-loader.ru

# Reference: https://twitter.com/malwrhunterteam/status/1702212339443835078
# Reference: https://www.virustotal.com/gui/file/24e231bfa888bbb4ade49d3741cd1ad1c85ec2de47460a745a5bf5dea5f5e6e8/detection

505406lm.nyashkoon.top

# Reference: https://threatfox.abuse.ch/ioc/1164012/

http://185.63.191.134

# Reference: https://threatfox.abuse.ch/ioc/1164310/

a0860624.xsph.ru

# Reference: https://twitter.com/Jane_0sint/status/1704526449234096484
# Reference: https://app.any.run/tasks/7aebaa50-c790-438c-93a5-4602f3dcefa7/

http://5.42.84.144
/0LocalrequestCdn/
/dumpbetterProcessorWp/
/VoiddbmariadbCdnRequest/
/Wp5Cdnjavascript/

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-09-21)

nyashnyash.top
770670cm.nyashnyash.top
934062cm.nyashnyash.top
a0863208.xsph.ru

# Reference: https://www.virustotal.com/gui/file/7424f3e36da8d30ba3f88f0633d07e26631842e5ad20c51dc7c570f018faf2f7/detection

nyashteam.top
dc.nyashteam.top

# Reference: https://threatfox.abuse.ch/ioc/1165829/

makui.kriptonhosting.store

# Reference: https://threatfox.abuse.ch/ioc/1165658/

http://213.159.208.100

# Reference: https://threatfox.abuse.ch/ioc/1165974/

179.43.163.120:8008

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-09-23)

http://185.106.92.110
http://92.63.101.56
119.91.99.194:8081
179.43.163.120:8080
362764cm.nyashnyash.top
753139cl.nyashtop.top
co14383.tw1.ru
f0861908.xsph.ru

# Reference: https://www.virustotal.com/gui/file/d2e659e7fcefcbbd51d6a78888f54c5745e8178385a8697ca3478a0e83d70f71/detection
# Reference: https://www.virustotal.com/gui/file/723bc3e3fe448223922702806b2edfbbb7b132879ae5021f01c55d9aac4d0af1/detection

49.12.227.111:8848
dcrat.vnh.wtf

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-09-26)

http://45.144.233.162
103.39.78.162:8088
20.199.64.106:8848
109888cm.nyashnyash.top
394776cl.nyashtop.top
398693cm.nyashnyash.top

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-10-01)

15.207.54.166:8848
177.255.90.40:8010
181.235.12.82:5000
20.199.18.38:1024
202.146.218.35:8848
77.91.124.111:5552
23872634cm.whiteproducts.ru
343848cm.nyashnyash.top
cp37626.tw1.ru
dccrk.top
766392m.dccrk.top
nukermij.beget.tech

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-10-02)

http://18.118.199.163
http://188.120.253.147
http://193.37.70.233
134.255.254.102:32400
154.38.113.75:8848
179.13.2.154:2323
179.13.2.154:9000
185.196.8.91:591
185.254.37.40:8899
186.169.68.32:5000
186.169.49.3:8000
186.169.49.3:9000
45.195.54.195:2828
a0868980.xsph.ru
a0871308.xsph.ru
cd21797.tw1.ru
cj77911.tw1.ru
cn56603.tw1.ru
cr78464.tw1.ru
firsovak.beget.tech

# Reference: https://twitter.com/smica83/status/1711047976238387549
# Reference: https://www.virustotal.com/gui/file/01f00b78503924bcb25ec6aedaaaf9200b68329e686e22fbdc85e0c28a51d4e2/detection

underical.cc

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-10-10)

http://77.91.124.41
http://91.107.120.136
14.233.244.57:7772
18.231.93.153:18161
194.36.177.94:9999
n9shteam2.top
/toJavascriptJsprocessorDatalifePublic.php

# Reference: https://twitter.com/Gi7w0rm/status/1711900442899149240
# Reference: https://twitter.com/Gi7w0rm/status/1718319435600019675
# Reference: https://twitter.com/Gi7w0rm/status/1719372490261012636

http://80.66.87.148
aaronestebancoaching.com
voice-ai.store
voiceaipro.com
ed.voice-ai.store
en.voice-ai.store
en.voiceaipro.com
us.voiceaipro.com
voice.2005thavenue.com
voice.aktivewebsitedesign.com
voiceai.aaronestebancoaching.com

# Reference: https://threatfox.abuse.ch/ioc/1187460/

185.196.9.95:8080

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-10-19)

http://46.17.104.60
http://82.146.39.98
112.213.101.35:1145
112.213.101.67:1145
112.213.101.73:1145
195.85.205.150:1337
20.199.16.204:1024
20.199.45.15:8848
20.90.46.68:8080
212.87.204.29:8080
52.186.179.225:1337
whiteproducts.ru
012315cm.n9shteam1.top
304588cm.nyashnyash.top
355212cm.nyashnyash.top
1097252cm.whiteproducts.ru
12785373cm.whiteproducts.ru
23872634cm.whiteproducts.ru
2895743cm.whiteproducts.ru
2918221licm.whiteproducts.ru
29959593cm.whiteproducts.ru
32425226cm.whiteproducts.ru
345727892cm.whiteproducts.ru
3857294cm.whiteproducts.ru
3857374cm.whiteproducts.ru
387374374cm.whiteproducts.ru
4859395cm.whiteproducts.ru
48758294cm.whiteproducts.ru
7355826cm.whiteproducts.ru
7862368cm.whiteproducts.ru
8187790licm.whiteproducts.ru
82957222cm.whiteproducts.ru
8361285cm.whiteproducts.ru
84625264cm.whiteproducts.ru
8476838cm.whiteproducts.ru
93473573cm.whiteproducts.ru
94868473cm.whiteproducts.ru
ci80904.tw1.ru

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-10-29)

http://100.25.110.137
http://141.255.152.88
http://141.255.153.99
http://172.86.66.137
http://188.120.235.51
http://193.37.71.22
http://5.182.86.156
http://5.42.86.60
http://77.91.124.101
http://78.24.216.97
http://78.47.204.48
http://85.215.218.19
103.144.240.21:6699
103.147.185.18:1604
106.14.153.130:8848
107.175.243.138:8848
107.189.169.135:8848
119.91.99.194:8088
119.91.99.194:8848
124.221.43.13:8848
141.98.10.132:8888
141.98.6.98:8848
154.23.182.73:8848
154.53.42.53:8845
156.240.108.109:8848
156.240.108.145:8848
156.240.108.178:8848
159.65.235.56:5555
164.92.246.58:9087
172.94.103.13:8848
185.196.8.91:8008
185.212.47.90:8843
185.241.208.27:2404
212.192.12.222:5000
223.26.57.5:1145
3.131.147.49:12994
38.181.35.175:8848
43.249.8.44:7070
43.249.8.44:7071
45.138.16.187:8848
45.138.16.187:9898
45.81.39.179:8848
5.181.80.69:8848
51.75.52.3:8848
65.109.56.26:8848
77.91.124.111:8848
81.161.229.91:6667
91.92.240.91:8848
foulertech.online
045885cm.nyashcrack.top
078374cm.nyashnyash.top
118821cm.nyashkoon.top
269818cm.nyashland.top
396388cm.nyashland.top
400886cm.nyashnyash.top
639538cm.nyashcrack.top
a0872673.xsph.ru
ci61682.tw1.ru
ck53254.tw1.ru
cm87784.tw1.ru
co99163.tw1.ru
ct46096.tw1.ru
ct70489.tw1.ru
cv59914.tw1.ru
cx51464.tw1.ru
f0885664.xsph.ru
simikkzd.beget.tech

# Reference: https://twitter.com/ScumBots/status/1720155763732091327
# Reference: https://www.virustotal.com/gui/file/c9c19f83c9f151bb29cd21779c0ade1f7363805d7e3c5b6d227e109973243d6e/detection

13.52.204.76:17680
13.52.62.53:17680
52.9.148.222:17680
52.9.153.64:17680
52.9.84.44:17680
54.219.47.216:17680
paste-bin.xyz

# Reference: https://www.virustotal.com/gui/ip-address/37.255.148.138/community

http://37.255.148.138

# Reference: https://threatfox.abuse.ch/ioc/1199125/

host1835875.hostland.pro

# Reference: https://threatfox.abuse.ch/ioc/1201607/

abobub-001-site1.etempurl.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-11-25)

http://141.255.152.24
http://197.113.236.128
http://197.114.177.145
http://197.115.207.45
http://77.91.124.202
http://82.146.33.89
http://82.146.59.131
http://83.147.245.42
103.243.26.65:8848
171.41.251.170:25565
078301cm.nyashland.top
12112.ru.swtest.ru
217196cm.nyashcrack.top
598194cm.nyashland.top
925823lm.nyashnyash.top
a0885630.xsph.ru
a0887556.xsph.ru

# Reference: https://www.virustotal.com/gui/file/76e3ae7e17cd4adc52519baa31226bbf032ac1ca7ac3947cd59c01f730f1c934/detection
# Reference: https://www.virustotal.com/gui/file/df74b225d403122d58eabeba3b2a8442d223df78d56f97e3ee81b6b4ede158ea/detection

77.127.86.54:4444
87.70.175.54:4443
123d.ddns.net

# Reference: https://www.virustotal.com/gui/file/8a9c1f6cbb3c007686dd49723babb95afc94933aabf1c2012e395ee3ecf3a65b/detection

46.246.86.3:2106

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-12-03)

http://141.255.144.167
http://141.255.146.60
http://141.255.151.123
http://154.242.81.6
http://154.246.141.162
http://154.246.25.204
http://154.247.11.93
http://154.247.87.209
http://185.234.247.107
http://188.127.227.49
http://188.127.229.238
http://188.127.242.156
http://195.20.16.116
http://213.159.208.250
http://37.220.86.210
http://46.8.29.132
http://80.66.89.123
http://89.23.101.188
http://89.23.101.210
http://89.23.99.83
http://94.131.112.229
http://95.164.22.193
167.94.158.156:8989
171.41.252.199:25565
172.208.93.32:1337
249782m.dccrk.top
306341cm.nyashland.top
491061cm.nyashland.top
740307cm.nyashland.top
766282cm.nyashland.top
767241cm.nyashland.top
a0840745.xsph.ru
a0888880.xsph.ru
a0889022.xsph.ru
a0889572.xsph.ru
a0890495.xsph.ru
cd75930.tw1.ru
celestinepanel.000webhostapp.com
ck49537.tw1.ru
cw11723.tw1.ru
evgenzow.beget.tech
gybin6gz.beget.tech
t3terncy.beget.tech

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-12-05)

http://141.255.145.130
http://154.246.105.39
http://185.242.86.164
http://213.159.214.92
http://82.146.62.215
004242cm.nyashland.top
302099cm.nyashland.top
666541cm.nyashland.top
cs58019.tw1.ru
f0888474.xsph.ru
hldnzeftm3.temp.swtest.ru
zubareff.site

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-12-07)

http://62.109.14.64
http://62.122.213.56
019214cm.nyashland.top
098452cm.nyashland.top
233584cm.nyashland.top
f0892247.xsph.ru
sinastallh.temp.swtest.ru
tool5245636476.000webhostapp.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-12-09)

http://185.221.198.229
http://188.120.233.136
http://195.85.250.175
http://5.42.92.212
http://62.109.10.76
http://79.174.94.41
20.199.26.211:8848
4.194.12.203:443
039030cm.nyashland.top
866280lm.nyashmyash.top
882394cm.nyashland.top
a0894385.xsph.ru
eukpukpup0.temp.swtest.ru
f0892975.xsph.ru
gorgodlm.beget.tech
krutnotupg.temp.swtest.ru

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-12-17)

http://141.255.153.13
http://141.255.156.189
http://154.246.109.167
http://154.247.199.149
http://154.247.95.30
http://188.120.254.27
http://92.63.97.182
185.187.170.127:9000
38.59.124.61:5555
38.59.124.61:6666
044574cm.nyashland.top
199618cl.nyashtop.top
546346346dod.whiteproducts.ru
650602cm.nyashtech.top
714745cm.nyashland.top
743823cm.nyashtech.top
8572975289cm.whiteproducts.ru
a0891158.xsph.ru
a0894367.xsph.ru
co57358.tw1.ru
crackdcptme.000webhostapp.com
f0894994.xsph.ru

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-12-24)

http://141.255.147.252
http://194.110.248.41
http://213.226.100.235
http://78.24.217.54
http://82.146.37.188
154.12.254.215:46450
8.219.4.230:8001
80.240.16.166:1337
012782m.dccrk.top
315615cm.nyashtech.top
324387cm.nyashtech.top
537201lm.nyashmyash.top
630956lm.nyashmyash.top
736134cm.nyashland.top
962855cm.nyashtech.top
a0896895.xsph.ru
cm53710.tw1.ru
dfhdjtujngtdj.atwebpages.com
f0898772.xsph.ru
fronzysb.beget.tech
fsdxda2eedasdc.atwebpages.com
injuuuste2.temp.swtest.ru
sosunsasun.temp.swtest.ru
zekhost.000webhostapp.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-01-01)

http://101.99.93.85
http://141.255.151.226
http://185.106.94.86
http://212.60.21.225
http://37.220.86.148
http://45.11.77.54
http://77.83.173.248
http://79.174.94.220
http://80.87.199.249
http://83.229.75.221
http://89.104.66.62
103.143.80.140:8848
103.17.185.70:5555
104.143.46.9:8848
107.148.13.223:8848
108.61.177.107:1337
111.173.89.100:8848
118.107.7.237:8848
120.78.139.3:8848
123.207.75.205:8848
124.220.49.140:8000
128.199.66.119:56789
139.155.92.118:8848
151.236.59.218:8888
156.245.19.71:8848
156.245.19.73:8848
156.245.19.81:8848
172.206.62.226:1337
179.43.163.120:8090
185.213.25.37:8848
192.99.152.153:4449
193.112.79.150:8848
193.143.1.136:8848
193.84.248.185:8848
20.217.81.50:8080
202.162.109.198:8848
27.102.134.120:8848
27.147.169.101:3333
38.59.124.16:5555
38.59.124.16:6666
38.59.124.49:5555
38.59.124.49:6666
40.66.41.222:1024
42.192.132.36:8848
45.11.47.195:8848
47.94.241.76:443
47.94.83.202:8848
64.176.217.187:5555
66.135.26.66:9095
67.205.154.243:48303
8.210.131.175:65503
87.251.67.215:8888
91.107.200.181:8890
91.198.66.47:2023
91.92.241.198:8848
91.92.242.235:8848
91.92.252.194:4449
010532cm.nyashcrack.top
137953cm.nyashtech.top
276721cm.nyashtech.top
718146m.dccrk.top
847702cm.nyashtech.top
882584cm.nyashtech.top
890113cm.nyashland.top
990489lm.nyashmyash.top
a0896387.xsph.ru
a0899050.xsph.ru
a0899944.xsph.ru
a0899956.xsph.ru
a0900918.xsph.ru
a0902024.xsph.ru
a0902362.xsph.ru
a0903379.xsph.ru
aguantemessi0234.000webhostapp.com
blackberryfn.duckdns.org
cj13214.tw1.ru
cw27296.tw1.ru
nemicata.beget.tech
wefwe23f2m.temp.swtest.ru

# Reference: https://www.virustotal.com/gui/file/e1974c4099cd21cc0b538bdce94f78165930fbfe1f79e7f0fcca3cd276d39bda/detection

fanumtax123.ddns.net
/sssssssss/68ce5b29.php

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-01-09)

http://185.251.91.215
http://83.220.169.42
http://89.23.112.15
028874lm.nyashmyash.top
045134cm.nyashtech.top
526775cm.nyashtech.top
glacial-liquor.000webhostapp.com
tiyeso4885.temp.swtest.ru

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-01-15)

http://109.107.182.163
http://147.45.196.103
http://176.123.168.238
http://188.120.226.211
http://20.161.72.166
http://45.87.246.118
http://62.109.28.71
http://82.97.243.114
http://89.185.84.52
http://89.23.115.8
http://95.163.228.74
147.135.85.114:4444
172.111.136.105:2016
179.13.3.199:8010
183.131.83.145:8000
75.119.138.31:8848
98.66.161.180:8848
009788cm.nyashtech.top
011781cm.nyashtech.top
837565cm.nyashtech.top
852377cm.nyashland.top
898082lm.nyashmyash.top
977789cm.nyashland.top
a0894373.xsph.ru
a0899768.xsph.ru
a0902645.xsph.ru
a0904422.xsph.ru
a0904877.xsph.ru
a0906284.xsph.ru
a0909123.xsph.ru
a0910594.xsph.ru
cf43561.tw1.ru
ck52959.tw1.ru
cm65543.tw1.ru
cw42035.tw1.ru
cz07639.tw1.ru
fwjfiwmail.temp.swtest.ru
yedar2on.beget.tech

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-01-24)

http://185.185.68.156
http://185.221.198.108
http://20.161.72.166
http://3.79.229.48
http://3.79.245.165
http://45.32.153.79
http://46.29.237.220
http://80.66.89.148
http://94.156.65.94
107.150.23.137:8010
40.112.134.176:1024
45.131.108.123:2003
45.131.108.123:22
45.74.7.87:8898
94.130.49.62:6214
nyashmyash.top
nyashtech.top
127895cm.nyashmyash.top
172969cm.nyashtech.top
192565cm.nyashtech.top
369023cm.nyashmyash.top
562173cm.nyashmyash.top
647249cm.nyashtech.top
691908cm.nyashtech.top
792487ll.nyashmyash.top
812285cm.nyashtech.top
852287cm.nyashland.top
984794727cm.whiteproducts.ru
a0903703.xsph.ru
a0907744.xsph.ru
a0908021.xsph.ru
cj23497.tw1.ru
ck70571.tw1.ru
cz17350.tw1.ru
edsfeejsdbfelefaubdiaslfedafd.000webhostapp.com
j6yla0n2hm.temp.swtest.ru

# Reference: https://www.virustotal.com/gui/file/5986afdabceec7308a5192491905fb44c1f7fb770c663d5a4718f3cc7f722108/detection

http://124.221.43.13

# Reference: https://www.virustotal.com/gui/file/00ef3e134c11cb7836a8fb11367a71e2526c62f088d9fda1b3b86ef193d83003/detection

483059cm.nyashtech.top

# Reference: https://www.virustotal.com/gui/ip-address/172.67.178.175/relations

104718cm.nyashtech.top
855212cm.nyashtech.top
744734cm.nyashtech.top
119313cm.nyashtech.top
867233cm.nyashtech.top
414712cm.nyashtech.top
943186cm.nyashtech.top
209226cm.nyashtech.top
324229cm.nyashtech.top
265003cm.nyashtech.top
326516cm.nyashtech.top
600127cm.nyashtech.top
378416cm.nyashtech.top
172969cm.nyashtech.top
076902cm.nyashtech.top
691908cm.nyashtech.top
678026cm.nyashtech.top
838536cm.nyashtech.top
647249cm.nyashtech.top
192565cm.nyashtech.top
906812cm.nyashtech.top
050909cm.nyashtech.top
718710cm.nyashtech.top
372451cm.nyashtech.top
348774cm.nyashtech.top
544557cm.nyashtech.top
201441cm.nyashtech.top
258640cm.nyashtech.top
151855cm.nyashtech.top
837565cm.nyashtech.top
997423cm.nyashtech.top
127562cm.nyashtech.top
685938cm.nyashtech.top
480193cm.nyashtech.top
907916cm.nyashtech.top
009788cm.nyashtech.top
011781cm.nyashtech.top
810413cm.nyashtech.top
654625cm.nyashtech.top
992152cm.nyashtech.top
951499cm.nyashtech.top
279306cm.nyashtech.top
532957cm.nyashtech.top
600225cm.nyashtech.top
526775cm.nyashtech.top
276721cm.nyashtech.top
744346cm.nyashtech.top
612098cm.nyashtech.top
640093cm.nyashtech.top
832325cm.nyashtech.top
045134cm.nyashtech.top
137953cm.nyashtech.top
218282cm.nyashtech.top
845900cm.nyashtech.top
965262cm.nyashtech.top
007330cm.nyashtech.top
678769cm.nyashtech.top
890801cm.nyashtech.top
882584cm.nyashtech.top
812285cm.nyashtech.top
315264cm.nyashtech.top
847702cm.nyashtech.top
304718cm.nyashtech.top
315615cm.nyashtech.top
364739cm.nyashtech.top
962855cm.nyashtech.top
921310cm.nyashtech.top
496493cm.nyashtech.top
324387cm.nyashtech.top
630004cm.nyashtech.top
870333cm.nyashtech.top
426899cm.nyashtech.top
494792cm.nyashtech.top
650602cm.nyashtech.top
955402cm.nyashtech.top
743823cm.nyashtech.top
694604cm.nyashtech.top

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-02-04)

http://141.255.146.46
http://141.255.159.135
http://141.255.159.87
http://154.246.107.125
http://154.246.204.6
http://154.247.197.111
http://154.247.243.232
http://183.105.191.36
http://185.185.68.50
http://185.195.27.26
http://185.244.51.120
http://185.87.199.10
http://193.187.172.13
http://194.36.209.243
http://20.215.193.147
http://46.174.52.97
http://5.35.80.183
http://77.222.54.18
http://77.91.124.159
http://85.209.9.184
111.92.243.131:8848
139.99.186.184:8848
154.204.178.170:8848
166.88.61.138:9898
171.41.199.216:25565
171.80.234.90:25565
171.80.235.121:25565
171.80.235.135:25565
171.80.251.240:25565
178.236.247.250:8848
186.169.69.242:8523
192.253.251.98:8848
198.13.49.217:8848
20.14.88.85:8447
210.56.49.4:8848
213.226.117.48:1337
38.181.35.232:8848
43.143.236.67:8080
45.76.12.238:5555
45.76.196.96:8848
47.242.73.99:8848
64.176.217.187:6666
85.209.176.79:8848
91.92.242.235:9898
91.92.249.225:2023
91.92.255.107:8848
94.102.148.42:1337
94.102.155.46:1337
94.156.65.19:1337
94.156.69.93:4444
95.72.172.97:9080
681428cm.nyashmyash.top
a0910130.xsph.ru
a0912235.xsph.ru
cm56126.tw1.ru
f0912091.xsph.ru
f0913347.xsph.ru
self-lighting-subpr.000webhostapp.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-02-11)

http://185.16.39.248
http://194.87.93.199
http://20.117.106.245
http://45.90.217.194
http://5.230.229.207
178.73.218.6:2222
178.73.218.9:2222
181.141.40.28:4433
193.111.248.167:2003
193.163.7.156:8008
40.66.42.165:1024
46.246.6.2:2121
46.246.84.13:2222
5.180.155.218:1337
91.92.241.121:2023
91.92.241.128:2023
91.92.241.39:2023
007017cm.nyashsens.top
103761cm.nyashsens.top
553689cm.nyashsens.top
837376cm.nyashsens.top
a0905211.xsph.ru
a0905554.xsph.ru
a0909872.xsph.ru
a0913447.xsph.ru
a0915620.xsph.ru
a0916186.xsph.ru
a0916535.xsph.ru
cd43986.tw1.ru
exhaustless-bracket.000webhostapp.com
f0915140.xsph.ru
hammiest-dependents.000webhostapp.com
lest1kkror.ru.swtest.ru
workonz7.beget.tech

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-02=12)

http://217.25.94.158
http://62.109.13.250
http://91.107.121.253
46.246.82.7:6000
a0914338.xsph.ru
bobrcurw.top
cr13705.tw1.ru
lilbabyfan.000webhostapp.com

# Reference: https://twitter.com/IronNetTR/status/1767991209065115925

206.238.43.147:65503

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-03-17)

http://147.45.197.82
http://159.89.17.81
http://176.123.169.110
http://185.104.113.237
http://185.130.46.46
http://185.195.24.252
http://185.246.67.26
http://185.87.199.107
http://188.120.229.213
http://188.120.241.126
http://193.233.255.228
http://195.2.84.94
http://195.43.142.35
http://20.117.169.244
http://20.26.126.28
http://45.9.73.82
http://5.182.87.104
http://51.142.10.24
http://62.109.11.10
http://62.109.7.175
http://77.91.124.57
http://79.137.207.120
http://79.174.94.173
http://80.66.89.102
http://80.78.243.170
http://80.85.246.217
http://81.200.146.58
http://82.115.223.136
http://82.146.60.218
http://86.110.194.110
http://89.23.97.121
http://89.23.98.146
http://91.107.121.93
http://91.220.109.66
http://95.142.35.43
106.53.186.12:8848
124.220.200.241:8848
147.135.85.114:8000
154.23.178.106:8848
154.23.178.139:8848
154.23.178.70:8848
166.88.61.138:8848
171.41.197.221:25565
171.41.198.240:25565
171.41.251.198:25565
171.80.216.99:25565
172.174.236.21:1337
178.73.192.11:5000
179.14.8.182:6606
179.14.9.152:4433
180.140.129.152:8848
181.141.40.47:4433
191.88.249.10:4433
191.88.249.121:4433
191.88.250.232:4433
194.147.140.242:2202
20.107.243.137:3000
20.19.32.59:1024
20.197.231.238:8848
212.192.12.222:5008
27.124.34.10:1145
27.124.34.14:1145
27.124.34.16:1145
27.156.108.198:6079
45.67.231.21:1337
46.246.12.2:6000
46.246.14.3:6000
46.246.14.6:6000
46.246.4.11:6000
46.246.4.16:6000
46.246.6.11:5000
46.246.6.6:6000
46.246.80.10:6000
46.246.80.13:6000
46.246.80.4:6000
46.246.80.7:6000
46.246.84.5:6000
46.246.86.12:6000
46.246.86.16:5000
46.246.86.9:6000
5.181.80.13:8848
5.42.92.25:8848
74.91.29.67:8848
78.46.191.105:6666
83.217.9.199:8848
88.153.94.39:4444
89.117.23.25:46450
91.202.233.133:8848
91.92.245.119:443
91.92.252.227:1000
95.165.99.74:8443
95.179.200.130:1024
058493cm.nyashsens.top
102822cm.nyashsens.top
113304cm.n9shteam2.top
113754cm.nyashtech.top
209374cm.nyashsens.top
27925375.whiteproducts.ru
356873cm.nyashtyan.top
386958cm.nyashsens.top
392065cm.n9shteam2.top
421820cm.n9shteam2.top
514885cm.nyashsens.top
597359lm.nyashsens.top
737165cm.nyashsens.top
739668cm.n9shteam2.top
767163cm.nyashsens.top
785319cm.nyashsens.top
825947295cm.whiteproducts.ru
88888cl.nyashtyan.top
969727cm.nyashsens.top
a0913701.xsph.ru
a0914958.xsph.ru
a0916462.xsph.ru
a0916796.xsph.ru
a0918108.xsph.ru
a0919021.xsph.ru
a0919167.xsph.ru
a0919334.xsph.ru
a0922009.xsph.ru
a0922245.xsph.ru
a0922949.xsph.ru
a0923143.xsph.ru
a0923400.xsph.ru
a0923769.xsph.ru
a0924648.xsph.ru
a0925146.xsph.ru
a0927241.xsph.ru
a0927657.xsph.ru
chromestartup.top
ck07725.tw1.ru
cm65198.tw1.ru
cs52010.tw1.ru
cs52256.tw1.ru
cy58784.tw1.ru
cz13602.tw1.ru
f0885058.xsph.ru
f0914549.xsph.ru
f0918974.xsph.ru
f0924067.xsph.ru
f0929508.xsph.ru
gafisezs.beget.tech
gaming7core.info
gp104995g2.temp.swtest.ru
h172956.srv11.test-hf.su
icanzuo.top
miwekahb.beget.tech
pipikaka-ggg.000webhostapp.com
rosalihi.beget.tech
vamknigi.mcdir.me
vilon.000webhostapp.com
watermjx.beget.tech

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-03-24)

http://185.173.36.217
http://195.20.16.119
http://212.109.193.246
http://80.78.243.49
103.165.81.207:8888
202.47.118.167:8080
38.59.124.61:8848
43.129.31.231:8848
46.246.12.4:5000
46.246.14.3:5000
46.246.4.5:5000
46.246.6.15:6000
46.246.6.21:6000
46.246.82.17:6000
46.246.82.24:6000
46.246.84.14:5000
46.246.84.16:5000
46.246.86.15:5000
82.66.185.138:4449
n9shteam3.top
onedrivepack.com
042506cm.n9shteam2.top
181571cm.n9shteam1.top
585196cm.n9shteam1.top
785654cm.n9shteam3.top
839860cm.n9shteam3.top
926388cm.n9shteam3.top
a0583448.xsph.ru
a0929875.xsph.ru
a0932103.xsph.ru
cf31000.tw1.ru
cq25511.tw1.ru
ct39024.tw1.ru

# Reference: https://twitter.com/IronNetTR/status/1772276171532611978

45.91.226.96:65503

# Reference: https://www.virustotal.com/gui/file/a89667a64a05760547dd5b7f8a87181fb145a48ed2492392918e653c7e5bb9a6/detection

179.13.0.175:7091
promesasalvaro1.duckdns.org

# Reference: https://www.virustotal.com/gui/file/7e81616c030fd562f23a4a6a6ce8f62d62e2db0673cbc1ecad826c400a67a69b/detection

185.81.157.105:333
186.169.52.181:7079
ivadici-18.duckdns.org

# Reference: https://www.virustotal.com/gui/file/483c26de4c47fb01964f83c8c23ea38e6ef25c62c1693d6f6e6b2f9597b1ecab/detection

186.169.47.122:9531

# Reference: https://www.virustotal.com/gui/file/472286992086f88eaba8d9bbdfe0a43df77c404df62202dd73601be65bb27d1c/detection

179.13.0.24:7079

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-04-10)

http://154.23.178.106
http://154.23.178.139
http://154.23.178.70
http://176.124.220.79
http://185.230.64.239
http://212.109.198.52
http://213.171.8.25
http://38.180.35.114
http://38.181.35.175
http://77.105.161.180
http://77.105.161.254
http://77.221.143.152
http://80.66.84.71
http://80.71.227.167
http://89.23.98.225
http://91.107.120.42
http://91.92.252.39
1.14.126.22:8848
103.165.81.103:1145
103.186.108.212:8848
103.209.129.94:1145
104.161.53.196:8848
106.53.186.12:8012
128.199.66.119:57411
144.91.127.15:4546
160.20.109.7:2003
171.41.198.122:25565
178.73.218.14:5000
179.13.2.154:2230
179.13.3.18:8010
188.126.90.3:5000
20.199.44.70:1024
20.199.87.153:8848
202.95.23.39:5555
206.233.128.142:65503
206.238.196.192:8090
211.101.247.89:8848
3.125.102.39:12853
34.92.107.200:8001
34.92.107.200:8002
34.92.107.200:8011
34.92.107.200:8012
38.147.172.16:443
39.101.177.68:8848
43.129.31.231:8858
45.76.142.33:1604
46.246.12.2:5000
46.246.14.15:6000
46.246.14.9:6000
46.246.4.6:6000
46.246.80.9:5000
46.246.82.12:7000
46.246.82.18:6000
46.246.82.4:5000
46.246.84.23:5000
46.246.84.3:6000
46.246.84.3:7000
46.246.84.8:5000
46.246.86.15:6000
46.246.86.15:7000
47.242.231.229:65503
47.242.64.202:65503
47.243.4.123:65503
47.76.41.68:65503
51.116.96.182:4000
51.68.169.77:443
58.87.70.252:8848
8.210.3.81:65503
8.217.225.19:65503
8.217.88.225:65503
8.218.27.81:65503
85.209.195.22:1337
88.214.59.115:8848
88.99.214.187:3232
89.105.201.158:4444
89.105.201.158:591
89.105.201.158:8080
89.105.201.158:8090
89.105.201.98:591
91.102.163.73:1024
91.92.250.207:8081
91.92.255.244:8845
91.92.255.244:8848
91.92.255.249:8845
91.92.255.249:8848
94.156.10.201:8848
94.156.71.184:8848
94.156.71.212:2222
95.172.23.98:8848
nyashland.top
nyashsens.top
131217cm.n9shteam3.top
267097cm.n9shteam1.top
490523cm.nyashland.top
531995cl.nyashtop.top
878497cm.nyashsens.top
93757283cm.whiteproducts.ru
a0869574.xsph.ru
a0881216.xsph.ru
a0917913.xsph.ru
a0933252.xsph.ru
a0933702.xsph.ru
a0934860.xsph.ru
a0935095.xsph.ru
a0935883.xsph.ru
a0936238.xsph.ru
a0938327.xsph.ru
a0938575.xsph.ru
a0938913.xsph.ru
ca87122.tw1.ru
cf73329.tw1.ru
ct22043.tw1.ru
f0934723.xsph.ru
fire-studio.000webhostapp.com
firerebbit.top
huinyao.hunamuna.ru
kuailianv.com
opratio.top

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-04-14)

http://109.107.182.28
http://45.195.54.195
http://77.221.158.35
http://79.174.94.153
107.167.92.76:8848
162.33.178.99:4567
172.94.39.213:2016
178.73.218.12:5000
45.195.54.195:8080
45.195.54.195:8888
46.246.14.2:5000
46.246.82.21:8000
46.246.82.6:6000
46.246.86.18:8000
52.185.161.226:8080
52.185.161.226:8848
a0917747.xsph.ru

# Reference: https://twitter.com/K_N1kolenko/status/1779794083990343939

276261cm.nyashkoon.top

# Reference: https://www.virustotal.com/gui/file/d79a750ee167a5091e3b3d72a7d0e818e4eb816d74cbf173bc65c54f8563f986/detection
# Reference: https://www.virustotal.com/gui/file/af15dba7febd481bc561896f504ca39da7856f28d33ae9d41968fc63b064fe15/detection

179.13.0.175:7095
186.169.60.250:7084
procesoexitos1.duckdns.org

# Reference: https://www.virustotal.com/gui/file/236831b10dd11048659f6ecedff1f2020e0158eb1dda70f9a3c114c6913faa20/detection

179.13.0.175:7092
companianuevoano.duckdns.org
newdcrat777.duckdns.org
newservices1.duckdns.org

# Reference: https://www.virustotal.com/gui/file/52074a60b7b1235c0688d7d923c80ecff27d1b19c7e1485d3bb0a8acd9460946/detection

srv416860.hstgr.cloud

# Reference: https://www.virustotal.com/gui/file/7c190a66de1e69720ea226dab36f86d3d26d15e60fe20a6b20cfbd20e548bc02/detection

185.161.209.155:8848

# Reference: https://www.virustotal.com/gui/file/fa244cc3fa7784bd21fc95a6e7a311686b6875ba0b770a1e6383481edc95973a/detection

179.13.0.175:7097
comercialnuevoan20.casacam.net

# Reference: https://twitter.com/naumovax/status/1788226040277484029
# Reference: https://tria.ge/240401-2sr2lahc7x/behavioral1
# Reference: https://www.virustotal.com/gui/file/20846a4d12bfec2dcada815d04167bb471a0e7b173c7ba1ca6a2bfad1573d5cf/detection

18.158.249.75:11097
3.125.102.39:11097

# Reference: https://www.virustotal.com/gui/file/15c37fc34c843c04dd97fdb40a9c767c0964a02ee7c0d9b22fd67a85fcf39a8a/detection

172.94.108.75:7786

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-05-27)

http://109.107.182.145
http://146.0.73.222
http://147.45.44.3
http://154.248.27.182
http://176.123.168.151
http://185.221.198.248
http://185.43.4.41
http://188.120.242.235
http://193.17.183.196
http://199.231.191.222
http://20.117.109.69
http://212.109.196.215
http://45.130.42.16
http://45.141.102.40
http://5.35.98.20
http://62.109.13.68
http://62.109.7.179
http://77.221.157.108
http://82.146.61.164
http://85.159.231.54
http://89.111.173.112
http://89.23.98.112
http://91.240.84.178
005514cm.n9shteam1.top
044913cm.n9shteam2.top
046408cm.n9shteam3.top
055442cm.n9shteam2.top
065963cm.nyashkoon.top
1.92.114.234:8000
101.43.186.30:8848
101.43.49.80:8848
103.187.4.53:8080
103.187.4.53:8848
103.195.236.62:6789
103.254.73.247:63305
103.254.73.248:63305
103.254.73.249:63305
103.45.173.142:4444
104.238.167.85:1024
107.167.18.2:7979
107.167.18.3:7979
107.167.18.4:7979
107.167.18.5:7979
107.167.18.6:7979
120.46.37.189:8848
123.207.198.252:8848
137.175.123.61:8848
137.175.123.62:8848
137.175.123.63:8848
137.175.123.64:8848
137.175.123.65:8848
137.175.68.193:8848
137.175.68.194:8848
137.175.68.195:8848
137.175.68.196:8848
137.175.68.197:8848
137.175.68.198:8848
137.175.68.199:8848
137.175.68.200:8848
137.175.68.201:8848
137.175.68.202:8848
137.175.68.203:8848
137.175.68.204:8848
137.175.68.205:8848
137.175.68.206:8848
137.175.68.207:8848
137.175.68.208:8848
137.175.68.209:8848
137.175.68.210:8848
137.175.68.211:8848
137.175.68.212:8848
137.175.68.213:8848
137.175.68.214:8848
137.175.68.215:8848
137.175.68.216:8848
137.175.68.217:8848
137.175.68.218:8848
137.175.68.219:8848
137.175.68.220:8848
137.175.68.221:8848
137.175.68.222:8848
137.175.68.223:8848
137.175.68.224:8848
137.175.68.225:8848
137.175.68.226:8848
137.175.68.227:8848
137.175.68.228:8848
137.175.68.229:8848
137.175.68.230:8848
137.175.68.231:8848
137.175.68.232:8848
137.175.68.233:8848
137.175.68.234:8848
137.175.68.235:8848
137.175.68.236:8848
137.175.68.237:8848
137.175.68.238:8848
137.175.68.239:8848
137.175.68.240:8848
137.175.68.241:8848
137.175.68.242:8848
137.175.68.243:8848
137.175.68.244:8848
137.175.68.245:8848
137.175.68.246:8848
137.175.68.247:8848
137.175.68.248:8848
137.175.68.249:8848
137.175.68.250:8848
137.175.68.251:8848
137.175.68.252:8848
137.175.68.253:8848
137.175.70.100:8848
137.175.70.101:8848
137.175.70.102:8848
137.175.70.103:8848
137.175.70.104:8848
137.175.70.105:8848
137.175.70.106:8848
137.175.70.107:8848
137.175.70.108:8848
137.175.70.109:8848
137.175.70.110:8848
137.175.70.111:8848
137.175.70.112:8848
137.175.70.113:8848
137.175.70.114:8848
137.175.70.115:8848
137.175.70.116:8848
137.175.70.117:8848
137.175.70.118:8848
137.175.70.119:8848
137.175.70.120:8848
137.175.70.121:8848
137.175.70.122:8848
137.175.70.123:8848
137.175.70.124:8848
137.175.70.125:8848
137.175.70.65:8848
137.175.70.66:8848
137.175.70.67:8848
137.175.70.68:8848
137.175.70.69:8848
137.175.70.70:8848
137.175.70.71:8848
137.175.70.72:8848
137.175.70.73:8848
137.175.70.74:8848
137.175.70.75:8848
137.175.70.76:8848
137.175.70.77:8848
137.175.70.78:8848
137.175.70.79:8848
137.175.70.80:8848
137.175.70.81:8848
137.175.70.82:8848
137.175.70.83:8848
137.175.70.84:8848
137.175.70.85:8848
137.175.70.86:8848
137.175.70.87:8848
137.175.70.88:8848
137.175.70.89:8848
137.175.70.90:8848
137.175.70.91:8848
137.175.70.92:8848
137.175.70.93:8848
137.175.70.94:8848
137.175.70.95:8848
137.175.70.96:8848
137.175.70.97:8848
137.175.70.98:8848
137.175.70.99:8848
137.175.73.100:8848
137.175.73.101:8848
137.175.73.102:8848
137.175.73.103:8848
137.175.73.104:8848
137.175.73.105:8848
137.175.73.106:8848
137.175.73.107:8848
137.175.73.108:8848
137.175.73.109:8848
137.175.73.110:8848
137.175.73.111:8848
137.175.73.112:8848
137.175.73.113:8848
137.175.73.114:8848
137.175.73.115:8848
137.175.73.116:8848
137.175.73.117:8848
137.175.73.118:8848
137.175.73.119:8848
137.175.73.120:8848
137.175.73.121:8848
137.175.73.122:8848
137.175.73.123:8848
137.175.73.124:8848
137.175.73.125:8848
137.175.73.65:8848
137.175.73.66:8848
137.175.73.67:8848
137.175.73.68:8848
137.175.73.69:8848
137.175.73.70:8848
137.175.73.71:8848
137.175.73.72:8848
137.175.73.73:8848
137.175.73.74:8848
137.175.73.75:8848
137.175.73.76:8848
137.175.73.77:8848
137.175.73.78:8848
137.175.73.79:8848
137.175.73.80:8848
137.175.73.81:8848
137.175.73.82:8848
137.175.73.83:8848
137.175.73.84:8848
137.175.73.85:8848
137.175.73.86:8848
137.175.73.87:8848
137.175.73.88:8848
137.175.73.89:8848
137.175.73.90:8848
137.175.73.91:8848
137.175.73.92:8848
137.175.73.93:8848
137.175.73.94:8848
137.175.73.95:8848
137.175.73.96:8848
137.175.73.97:8848
137.175.73.98:8848
137.175.73.99:8848
137.175.77.100:8848
137.175.77.101:8848
137.175.77.102:8848
137.175.77.103:8848
137.175.77.104:8848
137.175.77.105:8848
137.175.77.106:8848
137.175.77.107:8848
137.175.77.108:8848
137.175.77.109:8848
137.175.77.110:8848
137.175.77.111:8848
137.175.77.112:8848
137.175.77.113:8848
137.175.77.114:8848
137.175.77.115:8848
137.175.77.116:8848
137.175.77.117:8848
137.175.77.118:8848
137.175.77.119:8848
137.175.77.120:8848
137.175.77.121:8848
137.175.77.122:8848
137.175.77.123:8848
137.175.77.124:8848
137.175.77.125:8848
137.175.77.65:8848
137.175.77.66:8848
137.175.77.67:8848
137.175.77.68:8848
137.175.77.69:8848
137.175.77.70:8848
137.175.77.71:8848
137.175.77.72:8848
137.175.77.73:8848
137.175.77.74:8848
137.175.77.75:8848
137.175.77.76:8848
137.175.77.77:8848
137.175.77.78:8848
137.175.77.79:8848
137.175.77.80:8848
137.175.77.81:8848
137.175.77.82:8848
137.175.77.83:8848
137.175.77.84:8848
137.175.77.85:8848
137.175.77.86:8848
137.175.77.87:8848
137.175.77.88:8848
137.175.77.89:8848
137.175.77.90:8848
137.175.77.91:8848
137.175.77.92:8848
137.175.77.93:8848
137.175.77.94:8848
137.175.77.95:8848
137.175.77.96:8848
137.175.77.97:8848
137.175.77.98:8848
137.175.77.99:8848
139.162.178.159:2003
147.78.103.197:4443
149.88.82.88:8888
154.248.27.182:1024
154.248.27.182:10258
154.248.27.182:10298
154.248.27.182:11112
154.248.27.182:11261
154.248.27.182:1200
154.248.27.182:12881
154.248.27.182:13760
154.248.27.182:15284
154.248.27.182:15443
154.248.27.182:16501
154.248.27.182:17150
154.248.27.182:1723
154.248.27.182:18082
154.248.27.182:18084
154.248.27.182:18245
154.248.27.182:18260
154.248.27.182:18351
154.248.27.182:19181
154.248.27.182:20547
154.248.27.182:2077
154.248.27.182:20815
154.248.27.182:2096
154.248.27.182:222
154.248.27.182:22222
154.248.27.182:2281
154.248.27.182:23
154.248.27.182:23019
154.248.27.182:2323
154.248.27.182:2434
154.248.27.182:25290
154.248.27.182:26350
154.248.27.182:2762
154.248.27.182:28983
154.248.27.182:28987
154.248.27.182:29144
154.248.27.182:319
154.248.27.182:3306
154.248.27.182:3318
154.248.27.182:33389
154.248.27.182:34365
154.248.27.182:34540
154.248.27.182:35062
154.248.27.182:36161
154.248.27.182:389
154.248.27.182:41115
154.248.27.182:41909
154.248.27.182:4369
154.248.27.182:445
154.248.27.182:46829
154.248.27.182:4840
154.248.27.182:49152
154.248.27.182:49664
154.248.27.182:5000
154.248.27.182:502
154.248.27.182:5060
154.248.27.182:5061
154.248.27.182:51445
154.248.27.182:52101
154.248.27.182:52200
154.248.27.182:53151
154.248.27.182:53419
154.248.27.182:55295
154.248.27.182:56512
154.248.27.182:56670
154.248.27.182:5672
154.248.27.182:56910
154.248.27.182:58000
154.248.27.182:5900
154.248.27.182:5905
154.248.27.182:6000
154.248.27.182:6001
154.248.27.182:6005
154.248.27.182:6006
154.248.27.182:6009
154.248.27.182:61616
154.248.27.182:61753
154.248.27.182:62422
154.248.27.182:62757
154.248.27.182:6697
154.248.27.182:6699
154.248.27.182:7704
154.248.27.182:8008
154.248.27.182:8010
154.248.27.182:8080
154.248.27.182:8159
154.248.27.182:830
154.248.27.182:831
154.248.27.182:888
154.248.27.182:9024
154.248.27.182:9508
154.248.27.182:993
154.248.27.182:995
159.65.235.56:9005
171.80.235.140:25565
172.207.236.31:8080
172.207.236.31:8848
177.255.88.222:8000
178.73.192.14:5000
178546cm.n9shteam3.top
179.13.4.37:8000
179.13.4.37:8010
185.241.225.213:3389
185.94.29.85:2222
190.70.119.188:4859
20.240.192.104:80
203.189.234.25:65503
210.56.49.230:8848
211.194.139.155:8080
266026cm.n9shteam3.top
330745cm.nyashkoon.top
339380cm.n9shteam3.top
34844.clmonth.nyashteam.ru
37.235.56.182:5000
38.180.25.208:8000
38.59.124.16:8848
38.59.124.49:8848
45.195.54.195:2558
45.61.132.242:443
45.63.56.64:1024
45.74.46.58:8848
45.77.65.118:1024
46.246.12.25:6000
46.246.12.25:8000
46.246.12.25:9000
46.246.12.2:8000
46.246.12.3:9000
46.246.14.12:6000
46.246.14.12:9000
46.246.14.16:6000
46.246.14.19:9000
46.246.4.24:9000
46.246.4.7:6000
46.246.4.7:8000
46.246.6.23:6000
46.246.6.23:8000
46.246.6.23:9000
46.246.6.5:3000
46.246.6.6:8000
46.246.80.2:6000
46.246.80.2:8000
46.246.80.7:8000
46.246.80.8:6000
46.246.80.8:8000
46.246.82.10:6000
46.246.82.10:8000
46.246.82.10:9000
46.246.82.14:6000
46.246.82.14:9000
46.246.82.21:6000
46.246.84.12:6000
46.246.84.12:8000
46.246.84.8:6000
46.246.84.8:8000
46.246.86.14:6000
46.246.86.14:8000
46.246.86.15:8000
46.246.86.15:9000
46.246.86.16:6000
46.246.86.7:9000
47.208.30.4:2222
47.238.162.247:65503
47.98.97.75:8848
470927cm.n9shteam3.top
49.1.239.101:8080
51.68.169.120:443
52.155.97.150:8080
53473cm.easyswap.space
54.37.74.73:8848
550515cm.n9shteam2.top
579050cm.nyashkoon.top
642229cm.n9shteam3.top
65.109.22.155:7777
729231cm.n9shteam1.top
759931cm.n9shteam1.top
78.142.245.78:8443
78.40.117.167:4444
796367cm.n9shteam2.top
8.130.69.96:8001
8.138.108.192:8848
8.210.250.14:6603
8.217.113.1:65503
8.217.14.132:65503
8.218.163.207:8848
815622cm.n9shteam3.top
822987529cm.whiteproducts.ru
83.229.87.144:8080
842614cm.n9shteam2.top
85.159.231.54:80
85.192.63.194:7777
87.120.84.220:8848
87.121.105.212:8848
91.92.249.117:3232
937039cm.n9shteam3.top
94.156.10.208:8848
94.156.10.31:8848
95.179.165.102:1024
956330cm.n9shteam2.top
967183cm.nyashkoon.top
98.66.160.134:8848
994609cm.n9shteam2.top
a0804818.xsph.ru
a0835675.xsph.ru
a0929453.xsph.ru
a0938829.xsph.ru
a0940040.xsph.ru
a0941925.xsph.ru
a0941979.xsph.ru
a0942630.xsph.ru
a0942660.xsph.ru
a0943092.xsph.ru
a0943999.xsph.ru
a0944507.xsph.ru
a0945069.xsph.ru
a0945627.xsph.ru
a0946931.xsph.ru
a0947008.xsph.ru
a0947291.xsph.ru
a0947994.xsph.ru
a0948305.xsph.ru
a0948640.xsph.ru
a0949002.xsph.ru
a0949311.xsph.ru
a0949502.xsph.ru
a0949584.xsph.ru
a0950024.xsph.ru
a0950683.xsph.ru
a0950998.xsph.ru
a0951137.xsph.ru
a0951158.xsph.ru
a0951334.xsph.ru
a0951529.xsph.ru
a0952196.xsph.ru
a0974467.xsph.ru
a0980477.xsph.ru
a0981008.xsph.ru
a0981341.xsph.ru
a0981474.xsph.ru
a0981582.xsph.ru
a0982032.xsph.ru
a0982114.xsph.ru
a0982137.xsph.ru
a0982456.xsph.ru
a0982894.xsph.ru
a0983585.xsph.ru
a0984236.xsph.ru
a0984678.xsph.ru
a0984800.xsph.ru
a0984984.xsph.ru
a0985701.xsph.ru
a0985859.xsph.ru
aery-messages.000webhostapp.com
betabag.top
budding-knives.000webhostapp.com
cj32434.tw1.ru
clientright.top
cn80908.tw1.ru
co29474.tw1.ru
cq77272.tw1.ru
cv76387.tw1.ru
cx53027.tw1.ru
cz24519.tw1.ru
cz63343.tw1.ru
dist2118.duckdns.org
easyswap.space
esdjasd.maxkrnldc.online
fanskrairg.temp.swtest.ru
fghjdtgujkjdgkdettygdbnbbn.000webhostapp.com
golovkcc.beget.tech
intopart.top
jewokfweteto.skibiteamx.top
mikilo39.beget.tech
minecrafthyipixel.xyz
objectiveci.top
porpabor.top
preachy-multiplex.000webhostapp.com
reallysrv.top
remotetable.top
skibiteamx.top
softworker.top
taketa.top
vladiez8.beget.tech
whiteproducts.ru
ytere.elementfx.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-06-02)

103.1.40.82:8848
172.111.174.67:8081
20.199.91.184:1024
46.246.12.11:6000
46.246.6.4:9000
46.246.80.15:6000
46.246.80.15:9000
46.246.86.18:9000
434778cm.n9shteam1.top
501046cm.n9shteam3.top
a0913612.xsph.ru
a0982426.xsph.ru
a0985805.xsph.ru
a0986534.xsph.ru
a0986754.xsph.ru
a0987339.xsph.ru
a0987361.xsph.ru
a0987707.xsph.ru
a0988934.xsph.ru
chernobyl-cheat.fun
optimal-expert.000webhostapp.com

# Reference: https://cert.gov.ua/article/6279561 (# UAC-0200)
# Reference: https://www.virustotal.com/gui/file/02d657729837838d18bbe6b4bae44cab0e6d3a357836d7cd6a9bb7288543facb/detection

http://188.245.50.32

# Reference: https://x.com/ScumBots/status/1798710029673222193
# Reference: https://www.virustotal.com/gui/file/5eef5607e73cbe3b62c0c4adf6ea924acc471de57e86f3f0b66fe8320d3fcdc9/detection

cvbnhgjh.duckdns.org
gfhfdhutr.duckdns.org
hbvcmrwe.duckdns.org

# Reference: https://www.virustotal.com/gui/file/4b6ae15c7b22a1e0d0cad2676c4e78226e8d8e1ecbdbb51b9fe17697451287d5/detection

http://77.91.77.51

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-06-08)

http://103.145.191.123
179.13.2.154:2250
222.239.101.244:8888
46.246.14.21:9000
46.246.86.19:9000
46.246.86.8:3000
333376cm.n9shteam1.top
a0988327.xsph.ru
a0988419.xsph.ru

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-06-12)

http://103.30.78.218
http://185.180.231.214
http://37.46.130.54
http://38.147.186.117
http://38.180.165.153
203.104.42.92:2233
45.157.233.27:2222
46.246.6.17:9000
46.246.86.17:6000
505732cm.n9shteam2.top
901329cm.n9shteam2.top
972464cm.nyashkoon.top
a0988426.xsph.ru
a0991129.xsph.ru
a0991200.xsph.ru
a0991246.xsph.ru
a0991598.xsph.ru
a0991799.xsph.ru
a0992229.xsph.ru
a0992445.xsph.ru
bbill.freehostpro.com
d1namias.beget.tech
egorostroux.000webhostapp.com
f0992583.xsph.ru
securitytransfer.top

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-06-16)

http://5.42.104.243
46.246.12.14:9000
46.246.4.13:8000
46.246.4.3:6000
46.246.4.3:9000
a0992098.xsph.ru
a0992844.xsph.ru
a0993016.xsph.ru
a0993204.xsph.ru
a0993445.xsph.ru
a0993651.xsph.ru
a0994027.xsph.ru
cq83230.tw1.ru
n9shteam1.top
196844cm.n9shteam1.top
751120cm.n9shteam2.top
l0sscommun.temp.swtest.ru

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-06-22)

http://103.30.78.8
http://212.57.118.94
171.80.217.247:25565
46.246.12.19:8000
46.246.4.12:8000
46.246.4.17:8000
46.246.84.24:9000
46.246.84.3:9000
91.92.248.143:1011
235566cm.n9shteam2.top
424673cm.n9shteam2.top
951669cm.n9shteam1.top
a0986195.xsph.ru
a0986288.xsph.ru
a0987400.xsph.ru
a0992097.xsph.ru
a0993996.xsph.ru
a0994533.xsph.ru
a0994622.xsph.ru
a0994812.xsph.ru
a0994900.xsph.ru
a0995122.xsph.ru
a0995485.xsph.ru
a0995598.xsph.ru
a0995830.xsph.ru
cq11142.tw1.ru
cudohub.ru
cz61028.tw1.ru
f0996251.xsph.ru
gotsuspended.000webhostapp.com
host1871899.hostland.pro
j282895d.beget.tech

# Reference: https://x.com/lontze7/status/1810175784872489463
# Reference: https://www.virustotal.com/gui/file/1bf9f5d49df45385cd8df0f6cfebb3b380b30a6f97e3894fe2f60ec76dc679a8/detection

93.115.10.211:1604

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s.csv

http://51.103.218.125
http://74.241.248.254
103.147.185.18:8848
121.127.232.86:443
121.127.232.87:443
121.127.232.88:443
143.92.60.11:9999
143.92.60.20:9999
143.92.60.22:9999
147.189.168.82:6002
162.212.158.246:22
162.212.158.246:443
171.80.249.15:25565
172.111.151.128:8081
179.13.4.125:8008
179.13.4.125:8010
185.169.54.165:7331
20.19.32.238:1024
20.19.36.45:1024
20.199.84.103:1024
206.238.42.216:8848
216.83.46.43:8080
4.233.217.53:1024
46.246.12.12:8000
46.246.14.16:2222
46.246.14.3:9000
46.246.14.9:8000
46.246.14.9:9000
46.246.4.17:9000
46.246.4.19:2222
46.246.4.2:9000
46.246.6.12:9000
46.246.6.14:2222
46.246.6.14:8000
46.246.6.16:8000
46.246.6.18:9000
46.246.6.5:2222
46.246.80.11:2222
46.246.80.18:8000
46.246.82.15:2222
46.246.82.17:8000
46.246.82.21:2222
46.246.82.21:9000
46.246.82.4:2222
46.246.84.17:2222
46.246.84.22:5000
46.246.84.25:8000
46.246.84.26:8000
46.246.84.29:9000
46.246.84.4:9000
46.246.86.10:2222
46.246.86.6:8000
81.69.247.188:8848

# Reference: https://www.validin.com/blog/practical_malware_infrastructure_discovery_with_pdns/

nyashka.top
000366cm.nyashka.top
023119cm.nyashka.top
040179cm.nyashka.top
078519cm.nyashka.top
080099cm.nyashka.top
082650cm.nyashka.top
114591cm.nyashka.top
120747cm.nyashka.top
126433cm.nyashka.top
169833cm.nyashka.top
183050cm.nyashka.top
186014cm.nyashka.top
193046cm.nyashka.top
196419cm.nyashka.top
199719cm.nyashka.top
208659cm.nyashka.top
228282cm.nyashka.top
234671cm.nyashka.top
271910cm.nyashka.top
281363cm.nyashka.top
306577cm.nyashka.top
309245cm.nyashka.top
314957cm.nyashka.top
318239cm.nyashka.top
335980cm.nyashka.top
344958cm.nyashka.top
357473cm.nyashka.top
363476cm.nyashka.top
373292cm.nyashka.top
388876cm.nyashka.top
398730cm.nyashka.top
445798cm.nyashka.top
483130cm.nyashka.top
513971cm.nyashka.top
519487cm.nyashka.top
545267cm.nyashka.top
574056cm.nyashka.top
578603cm.nyashka.top
585213cm.nyashka.top
596530cm.nyashka.top
631597cm.nyashka.top
640740cm.nyashka.top
660256cm.nyashka.top
664732cm.nyashka.top
673304cm.nyashka.top
728023cm.nyashka.top
737397cm.nyashka.top
759442cm.nyashka.top
760859cm.nyashka.top
790009cm.nyashka.top
796646cm.nyashka.top
843427cm.nyashka.top
859520cm.nyashka.top
868920cm.nyashka.top
870331cm.nyashka.top
910741cm.nyashka.top
911628cm.nyashka.top
940499cm.nyashka.top
947438cm.nyashka.top
949542cm.nyashka.top
973845cm.nyashka.top

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-08-10)

http://146.19.128.52
http://149.154.66.1
http://172.187.227.79
http://178.208.86.27
http://178.250.158.121
http://185.146.157.164
http://185.177.59.141
http://185.244.219.53
http://194.26.232.193
http://194.58.103.90
http://194.58.42.154
http://194.87.145.83
http://213.159.64.146
http://217.28.222.194
http://5.42.104.244
http://62.109.18.87
http://62.109.22.14
http://87.251.77.55
http://89.208.14.64
http://89.23.97.228
http://92.63.101.139
http://92.63.193.127
http://94.156.67.121
http://94.228.166.75
101.43.47.165:4449
103.144.240.21:8888
103.244.226.241:65503
103.244.226.252:65503
104.156.247.38:9090
107.149.163.118:8080
117.18.12.93:8880
123.60.58.162:90
144.172.76.78:443
154.205.147.125:60000
154.212.146.156:65503
154.212.146.175:65503
156.251.137.156:8888
157.20.182.100:4449
157.20.182.101:4449
157.20.182.172:3232
165.154.224.19:4449
185.121.169.214:65503
192.197.113.223:65503
192.248.163.171:10066
20.205.58.253:8880
39.99.206.34:8880
46.246.12.22:5000
46.246.4.19:9090
46.246.6.11:9090
46.246.6.13:2121
46.246.6.13:5000
46.246.6.9:5000
46.246.82.24:8000
46.246.86.17:5000
47.148.68.129:8197
47.238.143.105:8443
47.238.183.60:65503
47.238.194.61:65503
47.238.38.102:65503
47.242.122.228:65503
47.243.187.196:65503
47.243.233.199:65503
47.76.105.152:65503
47.76.98.21:65503
51.89.253.9:7878
59.27.223.225:443
8.217.13.16:65503
8.217.215.116:65503
8.218.129.126:65503
8.218.235.124:65503
91.92.255.91:3232
94.156.79.231:2011
024460cm.n9shteam2.top
034928cm.n9shteam2.top
040943cm.n9shteam2.top
041018cm.n9shteam2.top
047138cm.n9shteam2.top
054717cm.n9shteam3.top
072212cm.nyashsens.top
080864cm.n9shteam2.top
096241cm.n9shteam2.top
112880cm.n9shteam2.top
113313cm.n9shteam2.top
115583cm.n9shteam2.top
118621cm.n9shteam2.top
126776cm.nyashsens.top
130727cm.n9shteam2.top
152810cm.nyashka.top
173920cm.n9shteam2.top
182785cm.n9shteam3.top
206481cm.n9shteam2.top
218629cm.n9shteam2.top
226037cm.n9shteam2.top
234540cm.n9shteam2.top
241622cm.n9shteam1.top
256435cm.n9shteam2.top
266468cm.nyashka.top
272450cm.n9shteam2.top
283743cm.nyashka.top
284739cm.n9shteam3.top
288583cm.n9shteam2.top
297037cm.n9shteam2.top
306003cm.n9shteam2.top
314172cm.n9shteam2.top
318907cm.n9shteam2.top
327882cm.nyashsens.top
338453cm.n9shteam2.top
351866cm.n9shteam2.top
356137cm.n9shteam2.top
367191cm.n9shteam2.top
373430cm.n9shteam2.top
378418cm.n9shteam2.top
382119cm.n9shteam2.top
411260cm.nyashka.top
415566cm.n9shteam2.top
417847cm.nyashsens.top
429517cm.nyashka.top
445443cm.n9shteam2.top
452132cm.n9shteam2.top
462708cm.n9shteam2.top
463281cm.n9shteam2.top
466037cm.n9shteam2.top
466329cm.n9shteam2.top
473366cm.n9shteam2.top
474452cm.n9shteam2.top
476258cm.n9shteam2.top
478925cm.n9shteam2.top
484997.prohoster.biz
485006.prohoster.biz
502647cm.n9shteam2.top
545735cm.n9shteam2.top
596048cm.n9shteam2.top
621287cm.n9shteam2.top
625492cm.n9shteam2.top
651186lm.nyashmyash.top
656709cm.n9shteam2.top
677846cm.n9shteam2.top
722659cl.nyashtop.top
741211cm.n9shteam2.top
782652cm.n9sh.top
784334cm.n9shteam2.top
791660cm.n9shteam2.top
797441cm.n9shteam2.top
800453cm.n9shteam2.top
810755cm.n9shteam2.top
812375cm.nyashkoon.top
815156cm.n9shteam2.top
826969cm.n9shteam2.top
849188cm.nyashka.top
851594cm.n9shteam2.top
865461cm.n9shteam2.top
913987cm.n9shteam2.top
918938cm.n9shteam2.top
931740cm.n9shteam2.top
93752cm.darkproducts.ru
946663cm.n9shteam2.top
a0798240.xsph.ru
a0988574.xsph.ru
a0988906.xsph.ru
a0990027.xsph.ru
a0990904.xsph.ru
a0992484.xsph.ru
a0994587.xsph.ru
a0995213.xsph.ru
a0995880.xsph.ru
a0996046.xsph.ru
a0996099.xsph.ru
a0996277.xsph.ru
a0996330.xsph.ru
a0996803.xsph.ru
a0996805.xsph.ru
a0997029.xsph.ru
a0997172.xsph.ru
a0997235.xsph.ru
a0997287.xsph.ru
a0997452.xsph.ru
a0997464.xsph.ru
a0997564.xsph.ru
a0997621.xsph.ru
a0997718.xsph.ru
a0998491.xsph.ru
a0998535.xsph.ru
a0998701.xsph.ru
a0998722.xsph.ru
a0998768.xsph.ru
a0998803.xsph.ru
a0998834.xsph.ru
a0998932.xsph.ru
a0999045.xsph.ru
a0999075.xsph.ru
a0999252.xsph.ru
a0999337.xsph.ru
a0999396.xsph.ru
a0999665.xsph.ru
a0999723.xsph.ru
a0999792.xsph.ru
a0999840.xsph.ru
a0999929.xsph.ru
a1000048.xsph.ru
a1000056.xsph.ru
a1000330.xsph.ru
a1000383.xsph.ru
a1000454.xsph.ru
a1000492.xsph.ru
a1001668.xsph.ru
a1002079.xsph.ru
a1002185.xsph.ru
a1002962.xsph.ru
a1003569.xsph.ru
a1003574.xsph.ru
a1004647.xsph.ru
a1005337.xsph.ru
a1005682.xsph.ru
a1005850.xsph.ru
a1005873.xsph.ru
a1006461.xsph.ru
a1006920.xsph.ru
a1007516.xsph.ru
a1008223.xsph.ru
a1008296.xsph.ru
a1008315.xsph.ru
a1008817.xsph.ru
a1008986.xsph.ru
a1009043.xsph.ru
a1009060.xsph.ru
a1009150.xsph.ru
a1009608.xsph.ru
a1010381.xsph.ru
a1010630.xsph.ru
a1010765.xsph.ru
a1011033.xsph.ru
a1011177.xsph.ru
a1011239.xsph.ru
a1011347.xsph.ru
a1011643.xsph.ru
a1011702.xsph.ru
a1011924.xsph.ru
a1012110.xsph.ru
a1012449.xsph.ru
a1013249.xsph.ru
a1013311.xsph.ru
a1013404.xsph.ru
a1013814.xsph.ru
abort.top
an.cloudto.ru
animefull.atwebpages.com
antivirusaway.top
article-coal.gl.at.ply.gg
bakusw0t.beget.tech
bedabeda.top
boldenis44.top
cb22792.tw1.ru
cb87290.tw1.ru
cc53534.tw1.ru
cd40479.tw1.ru
cf30785.tw1.ru
cg69956.tw1.ru
cg99620.tw1.ru
ci15096.tw1.ru
ck66916.tw1.ru
cl14041.tw1.ru
cl71096.tw1.ru
co30059.tw1.ru
co44847.tw1.ru
code-yandex.ru
coolray.top
cp34023.tw1.ru
cp57330.tw1.ru
cp57435.tw1.ru
cr47539.tw1.ru
cr55307.tw1.ru
cr94982.tw1.ru
ct54429.tw1.ru
cu12485.tw1.ru
cu82103.tw1.ru
cv10369.tw1.ru
cw35214.tw1.ru
cx76022.tw1.ru
cy61024.tw1.ru
cy70322.tw1.ru
cz28920.tw1.ru
cz36357.tw1.ru
cz41806.tw1.ru
cz45007.tw1.ru
cz61492.tw1.ru
f0979909.xsph.ru
f0999104.xsph.ru
f0999105.xsph.ru
f0999297.xsph.ru
f0999352.xsph.ru
f1002548.xsph.ru
f1003430.xsph.ru
f1006727.xsph.ru
f1007612.xsph.ru
f1010716.xsph.ru
f1011238.xsph.ru
fqq121.beget.tech
frrvoavx.beget.tech
fsin.top
hendai.top
kolasau6.beget.tech
loxlas.000webhostapp.com
main-although.gl.at.ply.gg
mortilove9.temp.swtest.ru
novatek.top
offsetupdater.top
ozero.top
papka.top
podval.top
romangw5.beget.tech
sogaz.top
testprogs.shop
unsight-pistons.000webhostapp.com
uwuerkz9.beget.tech
yenot.top

# Reference: https://x.com/banthisguy9349/status/1824132183889678795

http://147.45.44.145

# Reference: https://www.virustotal.com/gui/file/208d29a5abf1c101de44f416464e50a9c8bbe85fc2359e286b180b57e862d760/detection

n9sh.top
798167cm.n9sh.top
/providerVmpollServer.php

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-0818)

178.73.192.10:5000
178.73.192.6:5000
178.73.218.16:5000
179.13.4.125:8013
46.246.12.18:5000
46.246.12.19:5000
46.246.12.7:9000
46.246.14.17:5000
46.246.14.17:9000
46.246.14.21:9090
46.246.4.13:5000
46.246.4.14:9090
46.246.6.12:5000
46.246.6.7:2121
46.246.80.13:5000
46.246.80.14:8000
46.246.80.22:9000
46.246.82.24:4040
46.246.82.26:5000
46.246.84.13:5060
46.246.84.19:9000
46.246.84.20:5000
46.246.86.11:5000
46.246.86.13:9090
5.238.25.214:22

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-08-18)

149387cm.n9sh.top
376294cm.n9sh.top
396218cm.n9shteam1.top
423836cm.nyashsens.top
613761cm.n9shteam1.top
764337cm.nyashsens.top
a1013213.xsph.ru
a1017163.xsph.ru
cd45046.tw1.ru
cg01126.tw1.ru
ck93874.tw1.ru
knafi2hc.beget.tech

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-08-24)

http://20.90.89.160
http://210.126.67.141
http://4.235.120.231
147.45.44.58:7777
179.13.4.53:8081
188.126.90.26:5000
193.233.74.21:7777
193.233.74.94:7777
46.246.12.10:9000
46.246.14.15:3000
46.246.14.15:5000
46.246.4.16:9000
46.246.4.18:9090
46.246.80.20:9090
46.246.82.13:5000
46.246.82.14:5000
46.246.84.12:5000

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-08-25)

http://147.45.228.97
http://147.45.44.51
http://185.188.183.218
http://89.23.100.125
011949cm.n9sh.top
097430cm.n9sh.top
120555cm.n9sh.top
248810cm.n9sh.top
389075cm.n9sh.top
494375cm.n9sh.top
509349cm.n9sh.top
572335cm.n9sh.top
826430cl.nyashtop.top
941699cm.nyashsens.top
996175cm.nyashka.top
a0929423.xsph.ru
a1016039.xsph.ru
a1017117.xsph.ru
a1018296.xsph.ru
a1018688.xsph.ru
a1019243.xsph.ru
a1019427.xsph.ru
a1019796.xsph.ru
agusha.top
alp901g7.beget.tech
cb23294.tw1.ru
cb34021.tw1.ru
ce63117.tw1.ru
cf11739.tw1.ru
cg77726.tw1.ru
ci54113.tw1.ru
cj11210.tw1.ru
ck96248.tw1.ru
cl35792.tw1.ru
co74548.tw1.ru
cx46156.tw1.ru
cz23272.tw1.ru
dmitreku.beget.tech
dongga.beget.tech
f1009203.xsph.ru
f1019804.xsph.ru
f1020631.xsph.ru
fizika.top
gopfopj6.beget.tech
i3557434gm.temp.swtest.ru
leroplan.beget.tech
nekto2wj.beget.tech
pw190.castledev.ru
qfedorpmai.temp.swtest.ru
qweqwe9i.beget.tech
shizofrenia.top
volki.top

# Reference: https://www.virustotal.com/gui/file/70d06001f1172ce35fa5af56f7b6adb3800251ab9dfafcb8e1dc039300ff8952/detection

http://89.22.230.240

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-07)

http://20.151.56.117
http://4.204.24.194
http://4.248.59.179
119.91.157.193:8848
154.216.17.18:22078
178.73.192.20:5000
207.246.99.14:1024
23.237.106.58:9999
23.237.106.59:9999
23.237.106.60:9999
23.237.106.62:9999
27.124.45.77:8848
46.246.12.9:5000
46.246.4.10:5000
46.246.4.3:5000
46.246.4.4:5000
46.246.6.6:8080
46.246.6.6:9090
46.246.80.11:5000
46.246.80.16:4040
46.246.80.17:5000
46.246.80.7:5000
46.246.82.14:4040
46.246.84.12:8080
46.246.84.15:9000
46.246.84.4:5000
46.246.86.12:8000
46.246.86.16:8000
46.246.86.20:8080
46.246.86.2:9090
46.246.86.5:5000
94.156.68.149:25565

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-09-08)

http://121.199.58.53
http://185.106.93.197
http://188.120.227.56
http://193.233.203.181
http://45.14.165.5
http://45.93.9.248
http://91.214.78.75
http://92.63.98.227
http://94.158.244.70
101.99.94.128:3232
111.230.96.32:8848
123.249.104.74:8848
125.124.181.56:22
154.216.17.18:22077
154.44.26.105:8848
159.65.169.173:8181
176.96.138.192:2222
182.188.47.2:7777
185.146.88.217:1024
193.233.203.181:1194
193.233.203.181:443
202.228.199.54:2323
209.126.4.168:8848
43.199.93.110:4433
45.14.165.5:1194
45.14.165.5:443
45.93.9.248:1194
45.93.9.248:443
47.120.52.176:8848
47.242.234.131:8848
51.77.103.216:8520
51.81.168.153:2000
54.94.248.37:11978
78.135.83.58:6666
80.76.49.178:3232
857728cm.n9sh.top
89.105.201.98:4443
89.105.201.98:4444
89.105.201.98:8080
89.105.201.98:8090
91.193.18.135:1194
91.193.18.135:443
91.92.246.196:8080
222725cm.n9shka.top
290277cm.nyashkoon.top
304550cm.n9shka.top
334972cm.n9shka.top
380681cm.n9shka.top
426314cm.n9sh.top
438772cm.n9shka.top
621196cl.nyashtop.top
671893cm.n9shka.top
692143cm.n9shka.top
728996cm.n9sh.top
732376cm.nyashkoon.top
917166cm.n9shka.top
921773cm.n9sh.top
966193cm.n9shka.top
a1009742.xsph.ru
a1014692.xsph.ru
a1020713.xsph.ru
a1021235.xsph.ru
a1021266.xsph.ru
a1021292.xsph.ru
a1023624.xsph.ru
a1023737.xsph.ru
a1024319.xsph.ru
a1024868.xsph.ru
baevanbw.beget.tech
cb41196.tw1.ru
ce73945.tw1.ru
ce80336.tw1.ru
cm17453.tw1.ru
co60610.tw1.ru
cq96782.tw1.ru
cu14777.tw1.ru
cv30339.tw1.ru
cv79241.tw1.ru
cw67355.tw1.ru
cz38275.tw1.ru
did1.uebki.one
f1017118.xsph.ru
f1022242.xsph.ru
gugol.top
hvatit.top
ludocju4.beget.tech
mamka.top
mioww.uebki.one
moscowteslaclub.top
n9shka.top
okidoki.top
otkaz.top
rbgamer-filespro.ru
rtx4090.top
uebki.one

# Reference: https://www.virustotal.com/gui/file/3bdd649201ba70b2484745554f2f008fc76862312375e4913b1774dd29445ac9/detection

185.241.208.90:8848

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-14)

http://185.203.241.115
http://4.233.193.26
136.244.80.89:1024
148.113.165.11:4242
217.195.197.55:1604
45.77.179.49:8443
46.246.12.15:5000
46.246.12.5:5000
46.246.14.16:5000
46.246.80.13:8080
46.246.80.13:9090
46.246.80.22:9090
46.246.82.8:8000
46.246.84.17:9090
94.156.65.202:1337

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-22)

102.186.190.17:8080
124.221.231.247:8848
185.216.71.46:7777
188.126.90.5:5000
45.77.66.31:1024
46.246.12.23:9000
46.246.14.24:5000
46.246.4.17:9090
46.246.80.17:4040
46.246.82.10:5000
46.246.84.12:9000

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-09-22)

http://31.177.108.211
http://45.154.99.246
http://89.208.79.252
103.74.101.154:4449
124.221.231.247:8848
159.69.241.51:2011
185.216.71.46:7777
188.126.90.5:5000
197.60.80.16:4444
217.195.197.230:1604
39.50.160.221:6906
45.77.66.31:1024
46.246.12.23:9000
46.246.14.24:5000
46.246.4.17:9090
46.246.80.17:4040
46.246.82.10:5000
46.246.84.12:9000
65.38.120.76:8080
77.0.77.52:10000
20789cm.darkproducts.ru
292192cl.nyashtop.top
383852cm.n9shka.top
468198cl.nyashtop.top
598828cm.n9shka.top
696969cm.n9shka.top
a1017742.xsph.ru
a1028861.xsph.ru
a1030351.xsph.ru
a1031033.xsph.ru
cd73139.tw1.ru
cn54248.tw1.ru
cq36570.tw1.ru
f1019049.xsph.ru
govnos3z.beget.tech
naratnik888.whf.bz
/vm_httpUpdateAuthsqlWp.php

# Reference: https://x.com/Gi7w0rm/status/1838836517013233815
# Reference: https://www.virustotal.com/gui/file/e9450aa208965d3e3d5efccf2fd9ae3642abcdede294d5dee508a0ca626c039e/detection

190.9.223.135:8848
191.98.25.251:8848
192.169.69.26:8848
dcrat2024.duckdns.org

# Reference: https://www.virustotal.com/gui/file/677b4709af196f4218f038449bd9959a7fe63b2ee2554e69879c04bfaa7e191c/detection

209.105.248.135:6060
centrodecontrol2050.duckdns.org

# Reference: https://www.netskope.com/blog/dcrat-targets-users-with-html-smuggling
# Reference: https://github.com/netskopeoss/NetskopeThreatLabsIOCs/tree/main/Malware/DCRat/IOCs
# Reference: https://www.virustotal.com/gui/file/763c1f21d22b7215d36e2dbd52d141d71d9e540c19f631f63f151c283b91f0d8/detection

cr87986.tw1.ru

# Reference: https://www.virustotal.com/gui/ip-address/80.211.144.156/relations (# 2024-09-29)
# Reference: https://www.virustotal.com/gui/file/4f9c83cd1a87d23bee4377b34806e9fc669aac598db042f4b98bac1a00359a7d/detection

002806cm.nyashka.top
002944cm.nyashland.top
003958cm.nyashland.top
004649m.dccrk.top
005185cm.nyashsens.top
005334cm.nyashsens.top
005662cm.n9shteam3.top
005664cm.nyashnyash.top
006122cm.n9shka.top
006765cm.nyashkoon.top
010239cm.nyashland.top
011966cm.n9sh.top
012257cm.nyashnyash.top
012909cm.n9shka.top
013230cm.nyashland.top
016502cm.n9shteam1.top
017731cm.nyashsens.top
017766cm.nyashland.top
018910cm.n9shteam1.top
021473ll.nyashmyash.top
027243cm.nyashland.top
027582cm.n9shteam1.top
027715cm.n9shteam3.top
029179cm.nyashland.top
029604cm.n9shteam1.top
036108cm.n9shteam3.top
036935cm.nyashsens.top
040948cm.nyashcrack.top
041240cm.nyashkoon.top
041510cm.n9shteam1.top
041833lm.nyashmyash.top
043122cm.n9shteam1.top
043159cm.n9shteam1.top
043409cm.nyashkoon.top
043460cm.nyashcrack.top
044849lm.nyashkoon.top
045412lm.nyashmyash.top
046827cm.n9shteam1.top
048229cm.n9shteam3.top
048363cm.nyashka.top
049939cm.nyashcrack.top
054885cm.nyashsens.top
056446cm.nyashkoon.top
056618cm.nyashsens.top
056973lm.nyashnyash.top
058828cm.nyashcrack.top
059221cm.nyashcrack.top
061636cm.nyashnyash.top
061657cm.nyashkoon.top
063428cm.nyashsens.top
068166cm.n9sh.top
068654lm.nyashmyash.top
072585cm.n9shteam1.top
072638cm.nyashtyan.top
073218cm.n9shka.top
074212cm.nyashcrack.top
078417cm.nyashkoon.top
080456cm.nyashka.top
080467lm.nyashnyash.top
083053cm.nyashnyash.top
086192cm.nyashcrack.top
088312lm.nyashkoon.top
088347lm.nyashmyash.top
089429cm.n9shteam3.top
092152cm.nyashmyash.top
092655cm.n9shteam3.top
095414lm.nyashmyash.top
095845cm.nyashnyash.top
096931cm.nyashsens.top
098042cm.n9shteam1.top
099209cm.nyashcrack.top
101344cm.n9shteam3.top
103841cm.nyashka.top
105187cm.nyashtech.top
105833lm.nyashmyash.top
107364cm.nyashkoon.top
107683ll.nyashmyash.top
119719cm.nyashkoon.top
120706cm.nyashsens.top
123848cm.n9shka.top
124027m.dccrk.top
126613cm.nyashkoon.top
126810cm.n9sh.top
127733cm.nyashkoon.top
128293cm.n9shteam3.top
128441m.dccrk.top
128538cm.n9shteam3.top
128929lm.nyashmyash.top
133727cm.nyashnyash.top
134716lm.nyashnyash.top
136337cm.n9shteam3.top
141217cm.n9shteam3.top
142716cm.n9shka.top
146217cm.n9shteam1.top
146348cm.n9shteam1.top
14655m.dccrk.top
153039cm.nyashkoon.top
153912m.dccrk.top
155054cm.n9shteam1.top
155560cm.n9shteam1.top
156359cm.n9shka.top
156704cm.n9shteam1.top
157306cm.nyashkoon.top
157949cm.nyashmyash.top
159893lm.nyashnyash.top
165767cm.nyashka.top
166970cm.n9sh.top
167463cm.nyashsens.top
167731cm.n9shteam1.top
169394cm.n9shka.top
169981cm.n9shteam1.top
171470cm.nyashkoon.top
172454cm.nyashnyash.top
172515cm.nyashnyash.top
175353cm.nyashnyash.top
175635cm.nyashkoon.top
176706cm.n9shteam1.top
180495cm.nyashsens.top
186255m.dccrk.top
187368cm.nyashland.top
195007cm.n9shteam3.top
195015cm.nyashsens.top
197771cm.nyashkoon.top
197816m.dccrk.top
198908cm.n9shteam1.top
199058m.dccrk.top
200616cm.n9shteam3.top
205351cm.nyashnyash.top
206171cm.nyashcrack.top
206407cm.nyashmyash.top
207872cm.nyashsens.top
209730cm.nyashsens.top
209808cm.n9sh.top
211277cm.nyashland.top
211648cm.nyashsens.top
213695cm.nyashka.top
218200cm.nyashkoon.top
218772cm.nyashtyan.top
223233lm.nyashsens.top
226723cm.nyashnyash.top
229261cl.nyashtop.top
233416cm.n9shteam3.top
23412lm.aidvwbpa.top
234478cm.nyashland.top
234783cm.n9shteam3.top
238891cm.n9shteam1.top
241746cm.n9sh.top
242106cm.nyashtech.top
244576m.dccrk.top
245918cm.n9sh.top
246693cm.nyashkoon.top
250259cm.nyashcrack.top
250317cm.n9sh.top
251891cm.n9shteam3.top
253965m.dccrk.top
256705cm.nyashkoon.top
257270cm.nyashnyash.top
258345cm.nyashmyash.top
258414cm.n9shka.top
262155cm.nyashtyan.top
267581cm.nyashkoon.top
267991cm.n9shka.top
268064cm.n9shteam3.top
273604lm.nyashkoon.top
274249cm.n9shteam3.top
275877cm.n9sh.top
276067lm.nyashkoon.top
278375cm.nyashland.top
278494cm.nyashnyash.top
280023cm.n9shteam1.top
282697cm.nyashcrack.top
285935lm.nyashnyash.top
286420cm.nyashland.top
287013lm.nyashmyash.top
287327lm.nyashkoon.top
288263cm.n9shteam3.top
289259cm.nyashkoon.top
290693cm.nyashtyan.top
293709cm.n9sh.top
294401cm.n9shteam1.top
295615cm.nyashkoon.top
297701cm.n9shka.top
298518cm.n9shteam3.top
299962cm.nyashsens.top
300276cm.n9sh.top
301152cm.nyashkoon.top
303449cm.nyashka.top
305701cm.n9shteam1.top
306039cm.nyashcrack.top
310095cm.nyashkoon.top
311291cm.nyashcrack.top
314657lm.nyashmyash.top
315162cm.n9shteam3.top
316897cm.newnyash.top
317140cm.nyashkoon.top
318874cm.n9sh.top
319983cm.n9sh.top
322879lm.nyashmyash.top
322914cm.nyashland.top
328737cm.n9shteam1.top
330350cm.n9shteam1.top
330785cm.nyashtech.top
334188cm.n9sh.top
341549cm.n9shteam2.top
345435cm.nyashland.top
346560cm.nyashkoon.top
347760cm.nyashnyash.top
34897cm.nyashland.top
349786cl.nyashtop.top
350575cm.nyashland.top
351450cm.n9shteam3.top
353501cm.n9shteam1.top
353735lm.nyashmyash.top
353915cm.n9shteam3.top
354690cm.n9shka.top
356753cm.nyashkoon.top
360427cm.n9shka.top
365011cm.nyashnyash.top
365908m.dccrk.top
365939cm.n9shteam1.top
368031cm.nyashland.top
368271cm.nyashcrack.top
370270cm.n9shteam3.top
370946cm.nyashtyan.top
373563cm.nyashland.top
374286cm.n9shteam3.top
374865cm.nyashcrack.top
376136cm.nyashkoon.top
377950cm.n9shteam1.top
379803cm.nyashland.top
380905cm.nyashnyash.top
385725cm.nyashkoon.top
387617cm.nyashkoon.top
391369cm.nyashnyash.top
391685cm.nyashkoon.top
395882cm.nyashtyan.top
396046lm.nyashsens.top
396388cm.nyashcrack.top
398029cm.nyashkoon.top
399327lm.nyashsens.top
399491cm.nyashcrack.top
402523cm.nyashland.top
402951cm.nyashtyan.top
404705cm.n9shteam1.top
406577cm.n9shteam1.top
407575cm.nyashmyash.top
407916cm.n9shka.top
409728cm.nyashkoon.top
411434cm.nyashsens.top
413466cm.n9shteam2.top
413955cm.nyashtyan.top
414436cm.n9shteam3.top
414636cm.n9sh.top
414792cm.n9shteam3.top
415366cm.nyashka.top
417012lm.nyashmyash.top
417668cm.nyashka.top
418257cm.n9shteam1.top
423159cm.nyashsens.top
424983cm.nyashkoon.top
429625cm.nyashcrack.top
429680cm.n9shteam1.top
430236lm.nyashmyash.top
432581cm.nyashkoon.top
438288cl.nyashtop.top
439157cm.n9shteam1.top
439875cm.nyashnyash.top
441160cm.n9shka.top
442883cm.n9shka.top
443056cm.nyashtyan.top
445742cm.nyashsens.top
446068cm.nyashsens.top
449040cm.n9shteam1.top
450314cm.n9shteam1.top
451203cm.n9shka.top
452568lm.nyashmyash.top
454189cm.nyashkoon.top
454374cm.nyashsens.top
454431cm.n9sh.top
456424cm.n9sh.top
457041cm.nyashnyash.top
464287lm.nyashmyash.top
464701m.dccrk.top
465584cm.nyashnyash.top
468841cm.nyashkoon.top
469208m.dccrk.top
472704cm.n9shteam1.top
473941cm.n9shteam1.top
476072cm.nyashsens.top
477102cm.nyashkoon.top
478225cm.nyashnyash.top
478712cm.n9shteam1.top
479898cm.nyashsens.top
479926cm.n9shteam1.top
480666cm.n9sh.top
481374cm.nyashsens.top
484393cm.nyashtyan.top
486630lm.nyashnyash.top
488150cm.n9sh.top
488417cm.n9shteam1.top
491131cm.n9shteam1.top
492028lm.nyashsens.top
495626cm.nyashcrack.top
496238cm.nyashland.top
498288cm.nyashsens.top
498984cm.nyashland.top
499862cl.nyashmyash.top
503213m.dccrk.top
508474cm.nyashland.top
510061cm.nyashkoon.top
510978lm.nyashnyash.top
512325cm.nyashcrack.top
512795cm.n9sh.top
519519cm.n9sh.top
519600cl.nyashtop.top
522815cm.n9shteam1.top
523027lm.nyashmyash.top
523185cm.nyashtyan.top
525632cm.nyashsens.top
528238cm.nyashkoon.top
529258cm.n9shka.top
531054cm.nyashland.top
531423cm.nyashnyash.top
531481cm.nyashtyan.top
533577cm.nyashcrack.top
535700cl.nyashtop.top
539545m.dccrk.top
540137cm.nyashsens.top
541396cm.nyashnyash.top
542032cm.nyashcrack.top
543888cl.nyashtop.top
544147cm.nyashtyan.top
546474cm.nyashland.top
547186cm.n9shteam1.top
549578cm.n9sh.top
550074lm.nyashkoon.top
552906cm.n9shteam1.top
555661cm.nyashcrack.top
556462cm.nyashnyash.top
556822cm.n9shteam1.top
560135cm.n9shteam1.top
560216cm.n9shteam2.top
562581cm.n9shteam1.top
565138cm.n9shteam1.top
567146cm.nyashcrack.top
567331cm.n9shka.top
568547cm.nyashkoon.top
571019cm.n9shteam1.top
572810cm.nyashkoon.top
573932cm.nyashkoon.top
573936cm.nyashmyash.top
574565cm.renyash.top
576138cm.nyashkoon.top
576585cm.n9shteam1.top
576919cm.nyashcrack.top
577072cm.n9shteam1.top
583538cm.nyashsens.top
583784cm.n9shka.top
585362lm.nyashkoon.top
586238cm.n9shteam3.top
587986cm.n9shteam2.top
588842cl.nyashmyash.top
590908cm.nyashka.top
591416cm.n9shteam3.top
592065m.dccrk.top
592486cm.nyashka.top
593011cm.nyashsens.top
594712cm.nyashkoon.top
595506cm.n9shka.top
595918cm.nyashkoon.top
598239cm.n9shteam1.top
601693cm.nyashkoon.top
602463cm.nyashsens.top
604164cm.n9shteam3.top
607896cm.nyashsens.top
608901cm.nyashland.top
613809lm.nyashkoon.top
614818cm.n9shteam1.top
615994cm.nyashnyash.top
617866cm.nyashkoon.top
618628cm.nyashcrack.top
619697cm.n9sh.top
619757cm.nyashnyash.top
621756cm.n9shteam1.top
626299cm.nyashcrack.top
628902cm.nyashcrack.top
631047cm.n9shka.top
632976cm.n9shteam1.top
633618cm.n9shteam1.top
636906cm.nyashsens.top
637472cm.nyashcrack.top
638220cm.n9shteam1.top
638250cm.nyashnyash.top
641489cm.nyashcrack.top
644143cm.nyashkoon.top
644882lm.nyashsens.top
645446cm.n9shteam1.top
646667lm.nyashkoon.top
649987cm.nyashcrack.top
651949lm.nyashkoon.top
652739cm.nyashcrack.top
657001cm.nyashsens.top
657896cm.nyashkoon.top
658966cm.n9shka.top
659257cm.n9shteam1.top
659417cm.nyashka.top
661549cm.n9shteam3.top
662675cm.n9shteam3.top
663715cm.n9shteam2.top
664930cm.n9shka.top
666497cm.nyashnyash.top
668798cm.nyashsens.top
669630cm.n9shteam1.top
671550cm.n9shteam1.top
672971cm.nyashkoon.top
674341cm.n9shteam3.top
679335cm.n9shteam1.top
680690cm.n9shteam1.top
680736cm.n9sh.top
682036lm.nyashmyash.top
684248cm.nyashcrack.top
684288lm.nyashsens.top
686694m.dccrk.top
687155cm.n9shteam1.top
688096cm.nyashcrack.top
690000cm.n9shteam3.top
690038lm.nyashkoon.top
690769cm.nyashtyan.top
692215cm.n9sh.top
694478cm.n9shteam1.top
695776cm.nyashka.top
695867cm.nyashnyash.top
695928cm.nyashland.top
696588cm.nyashland.top
697028cm.nyashcrack.top
697469cm.nyashsens.top
698257cm.n9shteam1.top
699671cm.nyashnyash.top
699837cm.nyashtech.top
7007lc.nyashkoon.top
700908cm.nyashkoon.top
701541cm.nyashka.top
702684cm.n9shteam1.top
703115ll.nyashmyash.top
703506cm.n9shteam1.top
706391lm.nyashsens.top
706812ll.nyashmyash.top
707078cm.n9shteam1.top
707500cm.n9shteam1.top
710734m.dccrk.top
710998cm.n9shteam1.top
712600cm.nyashland.top
717182cm.nyashland.top
718244cm.nyashsens.top
720466cm.nyashnyash.top
724156cm.nyashland.top
724714cm.nyashnyash.top
729538lm.nyashnyash.top
730980cm.nyashland.top
730994cm.n9sh.top
731065cm.n9shteam3.top
736021cm.n9shteam1.top
737201cm.nyashsens.top
737484cm.nyashsens.top
741402cm.nyashkoon.top
742667cm.n9shteam1.top
743919cm.nyashtyan.top
749312cm.nyashnyash.top
749563cm.n9shka.top
750538cm.n9shka.top
752518cm.nyashmyash.top
756451cm.n9shteam1.top
756772cm.n9shteam3.top
757221cm.nyashkoon.top
758069cm.nyashka.top
758936cm.newnyash.top
761245cm.nyashcrack.top
762229cm.nyashkoon.top
762250cm.nyashkoon.top
762449cl.nyashmyash.top
763167cl.nyashmyash.top
763927cm.n9sh.top
764133cm.nyashkoon.top
767348cm.n9shteam3.top
767361m.dccrk.top
768237cm.nyashtyan.top
772131cm.nyashsens.top
773531cm.nyashsens.top
776854cm.nyashnyash.top
777019cm.nyashland.top
778617lm.nyashmyash.top
779642cm.nyashland.top
781919cm.n9shka.top
783640cm.nyashkoon.top
784323cm.nyashland.top
786029cm.n9shteam3.top
791009cm.n9shteam3.top
792288cm.nyashkoon.top
794480cm.nyashnyash.top
795467cm.nyashnyash.top
795748cm.nyashland.top
796027cm.n9shteam1.top
797918cm.nyashmyash.top
799761cm.nyashcrack.top
800935cl.nyashtop.top
803914cm.nyashtyan.top
808416cm.n9shteam1.top
809624cm.nyashland.top
809829lm.nyashmyash.top
812140cm.n9shka.top
812613cm.nyashland.top
812728lm.nyashsens.top
813882cm.nyashnyash.top
815983cm.n9shteam3.top
816056cm.nyashtyan.top
816600cm.nyashtyan.top
818328cm.nyashland.top
819956cm.n9shteam3.top
822243cm.nyashtyan.top
822797cm.n9shka.top
822817cm.nyashsens.top
826522cl.nyashmyash.top
827539m.dccrk.top
831199cm.nyashsens.top
831960cm.nyashcrack.top
834329cm.n9shteam3.top
841019cm.nyashnyash.top
842174cm.n9sh.top
847687cm.nyashland.top
847952ll.nyashmyash.top
848452cm.nyashkoon.top
848748lm.nyashkoon.top
853719cm.nyashland.top
854242cm.n9sh.top
856622cm.nyashsens.top
856918cm.n9shteam3.top
857377cm.nyashsens.top
858915cm.nyashtyan.top
860108cm.nyashka.top
860618cm.nyashkoon.top
866199cm.nyashkoon.top
867043lm.nyashsens.top
867059m.dccrk.top
868047cm.nyashnyash.top
871720cm.n9shteam3.top
872900cm.nyashsens.top
878926cm.n9shteam3.top
879315cm.nyashland.top
879618cm.nyashka.top
879747cl.nyashmyash.top
881783cm.nyashland.top
882574cm.nyashkoon.top
884050cm.n9shteam3.top
887953cm.n9shka.top
88888cl.n9shteam1.top
891483cm.nyashkoon.top
892188cm.nyashnyash.top
892534cm.nyashtyan.top
896389cm.n9shteam3.top
896906cm.nyashcrack.top
896933cm.nyashkoon.top
897270cm.nyashkoon.top
897712cm.n9shka.top
899848cm.n9shteam1.top
902241cm.nyashkoon.top
902893lm.nyashmyash.top
904130cm.n9shka.top
904908cm.nyashka.top
905533cm.n9shka.top
905719cm.nyashland.top
906597cm.n9sh.top
911520cm.nyashtyan.top
912308cm.n9shka.top
912729m.dccrk.top
915197cm.nyashtop.top
915651cm.n9shteam3.top
915932m.dccrk.top
918576cm.n9shteam1.top
924580cm.nyashcrack.top
931620cm.n9shteam1.top
933009cm.nyashkoon.top
934211cm.nyashsens.top
935056cm.nyashcrack.top
935913cm.nyashmyash.top
936699m.dccrk.top
937509cm.n9shteam1.top
941100lm.nyashkoon.top
941806cm.nyashsens.top
945197cl.nyashtop.top
945424cm.nyashsens.top
946576cm.n9shteam3.top
947044cm.nyashmyash.top
954354cl.nyashmyash.top
954591cm.nyashsens.top
955715cm.n9shteam3.top
956977cm.nyashsens.top
958647cm.n9shteam1.top
959719cm.nyashcrack.top
961760cm.n9shteam1.top
962045cl.nyashtop.top
962473cm.nyashkoon.top
964838cm.nyashtyan.top
966974cm.nyashland.top
967918cm.n9shteam1.top
968085cm.nyashkoon.top
968620cm.nyashkoon.top
971936lm.nyashkoon.top
973164cm.nyashsens.top
973800cm.nyashsens.top
975763cm.n9shteam1.top
976435cm.nyashtyan.top
978393cm.nyashnyash.top
981800cm.n9shka.top
981904ll.nyashmyash.top
984720lm.nyashsens.top
984746cm.nyashtyan.top
992894lm.nyashmyash.top
993485cm.nyashland.top
994110cm.n9shteam1.top
996506cm.nyashnyash.top
aezakmid.top
aidvwbpa.top
alphauser.top
alwaysupdate.top
animegame.top
ariarea.top
astonmartin.top
autovaz.top
balashiha.top
barashek.top
batya.top
bonedino.top
braindown.top
brainoclock.top
brokendus.top
bundlepro.top
campingtop.top
cartofheart.top
checkme.top
chenhuahua.top
codeproga.top
coneforest.top
controlreg.top
cpcontacts.securitycheck.top
cryptoaboba.top
d0k.top
dablyat.top
dc.dccr.ru
dc.dccrk.top
decription.top
desyatochek.top
devnyash.top
diksi.top
dirol.top
dmacard.top
domneed.top
doorplace.top
dotspace.top
durka.top
dvatri.top
easyanime.top
engupto.top
eternitysys.top
expectum.top
faceuptable.top
fbiopenup.top
finalbattle.top
flipupto.top
fls-fe.securitycheck.top
fls-na.securitycheck.top
freeputin.top
galochka.top
glagol.top
golenos.top
googlechromeportable.top
googlizamenya.top
goski.top
gosnarkocontrol.top
gpdwin.top
hardsystem.top
haval.top
healthya.top
hellokitty.top
hesoyam.top
housedown.top
hvhmovie.top
hypetrain.top
iddqd.top
images-na.securitycheck.top
ironres.top
jqueryui.top
katcut.top
kimonomagic.top
kitaets.top
kitekat.top
klodvandam.top
ladno.top
lapki.top
lgg6.top
liberalspawned.top
lk.sudorat.ru
localcdndownload.top
lololowka.top
lolzteam.top
m-media-amazon.securitycheck.top
magnit.top
marchapril.top
megaengine.top
megaforce.top
megapascal.top
megaphone.top
megaproject.top
memegen.top
memflow.top
merlion.top
mersedes.top
micropatch.top
mihoyolab.top
milasya.top
minedownload.top
mitsubishi.top
monitortraf.top
morzyanka.top
moskvich.top
mshta.top
multiofficial.top
mvdrf.top
mvidio.top
namesearch.top
nazvanie.top
neurokek.top
nixware.top
noburo.top
nogami.top
notactual.top
notbalbec.top
nothost.top
novolink.top
nukebomb.top
nyanya.top
offlinewas.top
ogurec.top
opensrc.top
orphanor.top
otval.top
patronusus.top
perepelka.top
perfecteasy.top
petuh.top
pohooy.top
porshe.top
porzhat.top
postpre.top
pphud.top
premiumultra.top
projectt.top
proprietary.top
prosti.top
prowaifu.top
prre.top
publicdata.top
pyaterochka.top
rabbitcsgo.top
ratelimit.top
razreshayu.top
rdponline.top
recoder.top
registratio.top
renyash.top
rlynottop.top
rollsroys.top
rosatom.top
rostelecom.top
rostex.top
royalmail.novatek.top
samsa.top
sanandreas.top
sardelka.top
sasok.top
secureupdate.top
securitycheck.top
seouptime.top
seroi.top
serviceworker.top
shto.top
shtuka.top
smartpaid.top
socksmy.top
softline.top
soglasen.top
spacexyz.top
sportloto.top
strepsils.top
subscribeme.top
supporthere.top
tagaz.top
tatneft.top
tavoetogo.top
tazik.top
tele2.top
teroborona.top
test.magnit.top
todoany.top
tonna.top
topnomer.top
tryagain.top
typebloom.top
uffyaa.top
ultratop.top
umvd.top
unagi-fe.securitycheck.top
vetka.top
virtualreal.top
vkontakt.top
vsratost.top
warpath.top
webrat.top
wentaway.top
whoisyou.top
whware.top
x5group.top
yeahnot.top
yetanotherpaste.top
yourwfu.top
zelenka.top
zelensky.top
/RequestlongpolllinuxTrafficlocalpublicUploads.php

# Generic trails

/DCRS/dsock/
/DCRS/index.php
/DCRS/main.php
/ExternalDbtesttrack.php
/externalLowgeotrack.php
/externalVideoBasetest.php
/lineTosecureapi.php
/packetlowcpuProtect.php
/PipePacketDbLinuxFlower.php
/PollGameServerUniversal.php
/videoToLowtest.php
/212bad81b4208a2b412dfca05f1d9fa7.php
/2d02004c59e9a1f5d7d2a313711996eaafd017e3.php
/56743785cf97084d3a49a8bf0956f2c744a4a3e0.php
/fd1845d9489997784fcdca5feff97ba2a4cb81e5.php
/akcii239myzon0xwjlxqnn3b34w/
/46kqbjvyklunp1z56txzkhen7gjci3cyx8ggkptx25i74mo6myqpx9klvv3/
/ksezblxlvou3kcmbq8l7hf3f4cy5xgeo4udla91dueu3qa54/
/98ylfy7k5pip6yuvr84qv7jb9v/
/r28anfb76lulvjxx7mdxcxa1yz7jfvt4pi5njv7ekeqrnmfh3vaic2y1rd3i488ah0uvo/
/jyba2srpuv77j5f41hv215o9m7czm84v8i9dt30tb2ntgrw45xoojrhukd606vtla3xdbx0xqppwczn/
/f5b75b6939d095db0eaf37fdfecac963030f7aa1.php
/g8vsjcvnifd9gvlbbyb1ucmozewmyptloe5coey74juv1p1r0s/
/wih70f23q9voven47mcjf9q/
/c596a246010ddf201f7264927e5c39b8d20eba79.php
/98ylfy7k5pip6yuvr84qv7jb9v/
/r28anfb76lulvjxx7mdxcxa1yz7jfvt4pi5njv7ekeqrnmfh3vaic2y1rd3i488ah0uvo/
/e59293a35848addcc181d5a0ab38266868d77ff4.php
/2nwsr5yiv4oi4zfjoduq2ettv6rwkao/
/e5qx69ffszv9vbudkm/
/d6d4cbd9296a555615601b85dedaceaffd7120b5.php
/9rf1tdedhn5u6lrzm79afxj0gl48tstycq2szp8/
/1ce78a902db7a61523b13afcb20d91f8.php
/rb7u7g360qkxfkhcd/
/8e6k8lyhijw1y8aehkxbkytcoligdz2xc6pzmg49frcndn2kd63ejjrfnqwf6xsw9mo74ly5tr5i15m0z1acma4/
/44ab0bfd824936290de450263b2aaa06b01412a9.php
/38ad2f43f6b9c1367674eb1b7f1db337.php
/hyhwe8lxnty/j07u3xb0zwfka8ohvggymgmz/8d62d1a2a79fe42b5a214943336f449f2c83f18d.php
/hyhwe8lxnty/j07u3xb0zwfka8ohvggymgmz/
/hyhwe8lxnty/
/j07u3xb0zwfka8ohvggymgmz/
/8d62d1a2a79fe42b5a214943336f449f2c83f18d.php
/c76ae15161b4078c040462271a89caa06686cf38.php
/twwhd4iu597yifaawuodsmuedbq3vm4754g8nko19l8rgk3f24jklz3ynngosa6q6jtx0gmb5l1vpps5zcit6pzt/
/og7th0bl0euzfxawae8yx/zm4lw7zacc7uxbb52b5p11up338yia5q6/207d160bdae62c6cd38c8d66bad1e59246befd46.php
/og7th0bl0euzfxawae8yx/zm4lw7zacc7uxbb52b5p11up338yia5q6/
/og7th0bl0euzfxawae8yx/
/zm4lw7zacc7uxbb52b5p11up338yia5q6/
/207d160bdae62c6cd38c8d66bad1e59246befd46.php
/7Voiddb8Image/VmToJsTrackCentral.php
/7Voiddb8Image/
/VmToJsTrackCentral.php
