# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/
# Reference: https://www.virustotal.com/gui/file/277d7f450268aeb4e7fe942f70a9df63aa429d703e9400370f0621a438e918bf/detection

http://144.76.173.247
http://195.123.226.91

# Reference: https://twitter.com/Ishusoka/status/1614028229307928582

http://157.90.248.179
http://213.252.244.62
http://77.73.134.68

# Reference: https://twitter.com/ULTRAFRAUD/status/1620158819023323137

videolan-web.org

# Reference: https://twitter.com/Gi7w0rm/status/1631756650234167299
# Reference: https://twitter.com/MalwareSearcher/status/1638096508686925824
# Reference: https://tria.ge/230303-y6p8daag4w/behavioral1

http://82.118.23.50
pcworldgetin.net

# Reference: https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown

walmart.lc
marketplace.walmart.lc

# Reference: https://twitter.com/Ishusoka/status/1645048767484239872

http://23.254.225.133
http://82.117.255.127
http://82.117.255.128

# Reference: https://twitter.com/Ishusoka/status/1649716132822089728

http://109.105.198.114
http://185.99.132.51
http://192.236.233.253
http://79.137.203.190

# Reference: https://twitter.com/Ishusoka/status/1652670103404544006

http://85.239.62.218

# Reference: https://twitter.com/Ishusoka/status/1655156071168655361

http://185.99.133.246
http://45.8.146.130
http://45.8.146.213

# Reference: https://twitter.com/g0njxa/status/1658488606485540865

http://195.123.227.138
anysoft.live
virtualbox-vb.com

# Reference: https://www.virustotal.com/gui/file/2dc0f50fa7eb53be17b578fbcb66a5ec8c40d250fd9be7b2b96663624fa4dba8/detection

gstatic-node.io

# Reference: https://www.virustotal.com/gui/file/9ee6c9be68204aea85dce08e6ba8c9395f827f22e5f3ee430172abe9ea5fbd0b/detection

aloowforest.xyz

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/

http://168.119.4.83
http://217.12.206.230
http://217.25.91.15
http://45.15.25.190
http://89.116.255.182
http://94.142.138.78
http://94.158.244.69
1private.pro
91.215.85.210:48237
agustfreeday-my.xyz
clonecloud-my.xyz
crazypictures.xyz
demomoves.xyz
extrasofts.org
fastcloudlife-my.xyz
flowers-my.xyz
gservice-node.io
kellmda.click
many-verses.xyz
private-cloud-server.pro
skicloud-my.xyz
speedtestip.xyz
stoppublick.xyz
vipcloud-my.xyz
worldofpoetry.xyz

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2023-07-27)

dodgeavay.xyz
gbbsoft.xyz
jonesleming.xyz
jornesfree.xyz
laynchcontrol.xyz
modifesistem.xyz
privategame.xyz
promocar.xyz
promomilk.xyz
scandimyth.xyz
slading.xyz
traftech.pro
viemon.xyz
westwork-my.xyz

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2023-08-01)

colomndead.xyz
fingerstile.xyz
sloumotion.xyz
trapmusics.xyz

# Reference: https://twitter.com/1ZRR4H/status/1686659981389463552

http://107.172.0.180

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2023-08-03)

exitfile.xyz
flaydoor.xyz
sinopticday.xyz

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2023-08-11)

acecnouwglass.xyz
acexoss.xyz
balancelag.xyz
beerword.xyz
blockigro.xyz
booxshistr.xyz
boxhappines.xyz
cloudsaled.xyz
colomna.xyz
coolvtf.xyz
costexcise.xyz
coursenote.xyz
dashminimaltokens.xyz
deadpip.xyz
doorblu.xyz
elitewin.xyz
exfillrar.xyz
exitlife.xyz
fibrodoorsbig.xyz
fileforex.xyz
fisholl.xyz
freeace.xyz
frogswordsale.xyz
gapi-node.io
gitarlessonfinger.xyz
glitchmoon.xyz
glowesbrons.xyz
goldenwalstk.xyz
grossvp.xyz
kpsshistoryone.xyz
kudoflowers.xyz
linesroom.xyz
lowwesprion.xyz
lpsserversonlene.xyz
marketsale.xyz
netforyou.xyz
phonevronlene.xyz
programmbox.xyz
proxyindex.xyz
quotamoney.xyz
scoollovers.xyz
seobrokerstv.xyz
sieratools.xyz
simesmile.xyz
singlesfree.xyz
sonyabest.xyz
starold.xyz
stormwumen.xyz
survviv.xyz
usdseancer.xyz
woodcat.xyz

# Reference: https://www.malwarebytes.com/blog/threat-intelligence/2023/08/old-exploit-kits-still-kicking-around-in-2023
# Reference: https://www.virustotal.com/gui/file/07e06e8277980a60e595da9cd9e03a4ecd2e8f8bdbd3cf5c930ab878ac5b0836/detection

solopodvip-my.xyz

# Reference: https://www.virustotal.com/gui/file/113627a5c1f4faf1e6010c36abfa0b2acefb5632bd827b13444f6d69a387c15e/detection

update-regb-service.com

# Reference: https://twitter.com/1ZRR4H/status/1692149286048616567

checkgoods.xyz

# Reference: https://www.virustotal.com/gui/ip-address/194.87.31.176/relations
# Reference: https://www.virustotal.com/gui/file/c9094685ae4851fd5a5b886b73c7b07efd9b47ea0bdae3f823d035cf1b3b9e48/detection

lazagrc2cnk.xyz
ocmtancmi2c5t.xyz
update-vinc.in.net

# Reference: https://twitter.com/petrovic082/status/1694264617772458363
# Reference: https://www.virustotal.com/gui/file/51925d36298a3d9ceac6067fdc1ba1f799ef5c53553be95d6827192df0700d80/detection

randsoms.click
hopvibestravel.co.za

# Reference: https://www.virustotal.com/gui/ip-address/206.233.128.77/relations

51doudian.xyz
aidoudian.xyz
diyidd.xyz
dodiam.asia
dodiam.live
dodiam.ltd
dodiam.monster
dodiam.one
dodiam.online
dodiam.shop
dodiam.xyz
dodiamhub.xyz
doyoudian.com
wpshub.xyz

# Reference: https://twitter.com/g0njxa/status/1694754823378227312

selfmicrosoft.com

# Reference: https://threatfox.abuse.ch/ioc/1152241/

fullppc.xyz

# Reference: https://www.rapid7.com/blog/post/2023/08/31/fake-update-utilizes-new-idat-loader-to-execute-stealc-and-lumma-infostealers/
# Reference: https://otx.alienvault.com/pulse/64f1e91a2dd9db4bd3af8ce4

buyerbrand.xyz
lazagrc3cnk.xyz

# Reference: https://twitter.com/1ZRR4H/status/1701296924471529508

acsfoodthegood.fun
activlessor.fun
adavefrees.xyz
artificialleath.fun
arvimon.fun
assacurajob.fun
astrolco.fun
bakedmatela.fun
balancebordrt.xyz
bearboll.fun
blessdeckite.fun
blockall-my.xyz
bloomhome.xyz
boothroundupdow.fun
bottlewattoh.fun
brockerby.xyz
campphotos.xyz
castomdroms.xyz
cfgy8uj.click
choserowboatfly.fun
cleanvr.xyz
closhemone.fun
coinflore-my.xyz
coldwinded.fun
coolfingers.xyz
coolworks.xyz
curtainjors.fun
cvadrobox.xyz
damageagio.xyz
demanddeal.xyz
dermrtv.fun
diavellipromo-my.xyz
divineservicecity.fun
doggyguffy.fun
downloadfiles-my.xyz
dropfiles-my.xyz
ellifotolive.xyz
equestrianjumpingfrog.fun
faircoupon.xyz
fartyfun.fun
feathspacesaf.fun
fiancejiveimp.fun
fibrodoorsbig.fun
findyhuman.fun
fireworld.fun
flashpool.xyz
follovertv.fun
footfetishlol.xyz
footslou.fun
formiklass.fun
freesco.xyz
freesoftportal.xyz
funnycox.fun
gamefoods.xyz
gaspatchommm.fun
glowesbrones.xyz
gogobad.fun
goldsboxss.xyz
goldtokensool.xyz
gougeflying.fun
gunstormonl.fun
hedgedecay.xyz
jobsvac.xyz
kneesockrod.fun
labourcakefrt.fun
leaseagent.xyz
liveswords.xyz
lockguard.xyz
loufuelscom.fun
loufuelscom.xyz
luidelyator.xyz
magaway.fun
malenursenect.fun
markuschop.fun
mensmoment.xyz
microflawersj.xyz
milkwithlacto.fun
momsikret.xyz
morefilmsfree.fun
morevita-my.xyz
mrcrubsaf.fun
mycollection-my.xyz
noisemakjelly.fun
ollfiles-my.xyz
petsgamess.xyz
piplexm.xyz
pizzasison.xyz
potatomeatball.fun
productionbio.fun
reconphotocolor.xyz
recordbell.fun
resistangroupee.fun
rovengold.fun
satanakop.fun
seededraisinlilinglov.fun
seobrokerstv.fun
sevenzk.xyz
shoppervik.fun
slimtvsocico.fun
sloumitionvideos.xyz
statehaller.fun
stoptme.xyz
superyupp.fun
svaproot.fun
thuspulllig.fun
titanaquaplus.xyz
toastmastone.fun
tobeornottobe.fun
toysforchild.fun
tritonbody.fun
usdseancer.fun
valleydod.fun
vipmusic-my.xyz
warnger.xyz
weaselplacerif.fun
welcometv.fun
xwomencalor.xyz
yachtracingopt.fun
zetmountsqr.fun

# Reference: https://twitter.com/1ZRR4H/status/1701141801401299268

documents.notificationsapps.com

# Reference: https://www.virustotal.com/gui/file/45d9b1765bb06ead1abbc6f8817c009fc3d15ebe1f71d3289f2c10e1e1afb343/detection

qptr.ru

# Reference: https://twitter.com/JAMESWT_MHT/status/1701832039995949127
# Reference: https://app.any.run/tasks/ae7fbdf2-f5e3-44c6-8718-f18eddf05c54/

gapi-alpha.io

# Reference: https://twitter.com/karol_paciorek/status/1701592162155327720
# Reference: https://www.virustotal.com/gui/file/10edcd9c40ca57679c78fc5a8a08bf7554d5e41f58f2aa19f299551c7c601601/detection

18866-32530.bacloud.info
sisadmin-my.xyz

# Reference: https://twitter.com/g0njxa/status/1702262724414050537

blockbeerman.fun
gaspatchommm.fun

# Reference: https://twitter.com/g0njxa/status/1702444978503360989

dedoxtrone.fun

# Reference: https://twitter.com/Jane_0sint/status/1702479372261683399
# Reference: https://app.any.run/tasks/409f5138-3853-4910-80d4-3c380b969274/

gasfpa.click

# Reference: https://www.virustotal.com/gui/file/301432e6053a0f092e8f5137a97ef3543934e0f8e200bd0c7844886e4c72e7e9/detection

treepledeeple.fun

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2023-09-16)

glinkgik-7.com
hinkli-5.com
jlinkjk-6.com
link-45gik.com
link234-33.com
link43897.com
link5467.com
link76h.com
linked-42.com
linked-66.com
linked-88.com
linkers-92.com
linkhj764.com
linkjshw-4.com
linkll-11.com
linkll-2.com
linko8457y.com
linkqksi-3.com
notion-download.pro
notions-download.com
webex-download.com

# Reference: https://www.virustotal.com/gui/file/fe37f6971c59e02cfb250532fa1862bc58ce6aea100fbde5a7be91586eca2aad/detection

parrotorsk.fun

# Reference: https://twitter.com/1ZRR4H/status/1706747262993350752
# Reference: https://www.virustotal.com/gui/file/6a096c8158da4e2453ba68fe0f780c2e4181c01f125d7831fc5d58a77faf792c/detection

ocmtancmi2c5t.website
orkograkula.fun
stable4download.ocmtancmi2c5t.website

# Reference: https://asec.ahnlab.com/ko/57276/

holdbox.xyz

# Reference: https://twitter.com/g0njxa/status/1707079932977774661

firmpanacewa.fun

# Reference: https://www.silentpush.com/blog/lummac2

2flowers-my.xyz
blockspam-my.xyz
bondappeal.xyz
boxclod.xyz
catfoodbio.xyz
chocomeat.fun
cloudsnike-my.xyz
coolworkss.xyz
cosmosvr3d.xyz
culturalevenings.xyz
deeppoetry.xyz
dogshanter.xyz
downloaddedattre.fun
dromautocar.xyz
ducklingibises.fun
glaziercarde.fun
housegrommy.fun
jomanboy.fun
jumperstad.fun
lackbasinmu.fun
pearlbarleyhit.fun
politicuseles.fun
portlandcor.fun
pregnantflowers.fun
rarefood.fun
rosaryconbo.fun
royalpantss.fun
sausagerollraisin.fun
scruffymapleflat.fun
sendcyniaforeign.fun
socialmadness.fun
sodafountainpr.fun
startablekor.fun
talkinwhitepod.fun
tuberoseprod.fun
veinsmoter.fun
waterparkedone.fun
withdrawlecterns.fun
wolffunny.fun

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2023-09-29)

erorblackday.xyz
rarefood.fun
rollbeamone.fun
rosaryconbo.fun
royalpantss.fun
woldwidesage.fun

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2023-10-07)

begonblom.fun
blingaspireojhau.online
bytecloudasa.website
cameponceowa.site
decorhighsa.pw
destroyevensusp.fun
npskudlu.com
nursepridespan.fun
pedigreeprotone.fun

# Reference: https://twitter.com/JAMESWT_MHT/status/1710940736177238046
# Reference: https://app.any.run/tasks/2576c42c-072a-4914-bfa9-196a54940f21/
# Reference: https://www.virustotal.com/gui/file/5c7a5c97cb1ffcc16367dd9f43192485ec2f2d043fa83c69ada31235f3a464f3/detection

cystnovor.fun

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2023-10-08)
# Reference: https://www.virustotal.com/gui/file/8b73f81b3dc549b0afd9f1147afa70c92cdf326e7b5a7b7b95ef60ecbc58d194/detection
# Reference: https://www.virustotal.com/gui/file/f8412c9a8d210409888fb0aed2120d12b4be1cb480cf24ed66b13ccbfef6d928/detection

http://172.67.163.21
aivoicechanger.cc
aivoicechanger.xyz
allcentrlizeqweq.fun
amerloun.fun
archipelagocelly.fun
arrogantcatfishef.pw
athwartchannelly.pw
babacloud.pw
bankedbaroloak.site
barbecueappledos.pw
bezstpool.pw
bloockflad.pw
bluepablo.fun
bluesaks.fun
bobbycloud.pw
boddyshow.fun
boldaus.fun
bookgames.pw
booudbras.pw
buggubucks.fun
builaos.fun
bulletforx.fun
casioblue.pw
castomarmor.xyz
ckylake.fun
cleansoft.fun
cleansoft.xyz
clearcracksoft.fun
clearcracksoft.xyz
codeofconducrasa.pw
comperssw.fun
consoles.pw
crossmuchscandta.pw
dannyleagy.fun
dayzilons.pw
defrosscrappeo.pw
diamondcrystal.fun
discussiowardder.website
doooldues.pw
duhodown.fun
ebalkayiu.fun
engrousf.pw
enouselr.pw
feedsuudenli.fun
fenduqs.fun
funnyorgos.site
funpayns.fun
gachimychi.fun
gonberusha.fun
goodmpore.pw
grasialoud.pw
gravellyroadhunge.pw
gursgars.pw
hawsteamjoak.fun
hellouts.fun
helpfulsteepyi.pw
herioteeakl.pw
hokagef.fun
hollconsole.pw
hoodblor.pw
hoooldanos.pw
hovelpubtrav.fun
howlcars.fun
inosthome.fun
interplaychoske.pw
jomjolse.pw
jooshorks.pw
kambuchaorjireji.website
keewoolas.pw
killredls.pw
knittinprophec.pw
koludsa.pw
kowersize.fun
kusmanin.fun
lemoney.fun
loobrain.pw
loodwork.fun
makrsides.pw
mambergame.fun
manguvorpmi.pw
membaers.fun
micelock.fun
momalua.fun
moneywel.fun
moomagou.pw
moonsterd.pw
moskhoods.pw
mouseblock.pw
mouseoiet.fun
mouskules.pw
musicallyageop.pw
naamberso.pw
namegames.fun
netovrema.pw
newsproks.fun
noladuer.pw
nshdpoud.pw
numpersb.fun
nusaproble.pw
oluaskaz.pw
onlyblack.fun
orgstekomnw.pw
osesuppor.fun
outsiderus.pw
oxygendwelli.fun
paintpeasmou.fun
paratositologis.fun
peersneaps.fun
plengreg.fun
proogreso.pw
pruvles.fun
quoolser.pw
realinghuhuhmund.pw
revivalsecularas.pw
ritzytaxypigefow.pw
robolorunerushe.pw
sensfixlook.pw
servkitchin.fun
skinnychattyfur.pw
softaipro.fun
softonyxx.com
spreadbytile.fun
staircompletemil.pw
steycools.pw
suppliepackas.pw
suprafox.fun
susohudan.pw
taretool.pw
teleportfilmona.online
tellindeedcurt.fun
temoolda.pw
tenselwhoevery.pw
terninadeshi.pw
tfestv.fun
tipsydulljaui.website
tirechinecarpett.pw
traillit.fun
turankil.pw
volkels.fun
volkstera.fun
voloknus.pw
vporanu.fun
wakeupperion.site
whethergaseoatra.pw
willowa.fun
willywilk.fun
zamesblack.fun
zoolboues.pw
en.softaipro.fun

# Reference: https://twitter.com/James_inthe_box/status/1711390043821232196

http://172.86.98.101

# Reference: https://twitter.com/r3dbU7z/status/1712335701541257565
# Reference: https://www.virustotal.com/gui/file/50c61ca23c68af02c0146978409a60912ba6cfe4ee31d5d6be736a92f4f0c8d7/detection

signalknockrio.site

# Reference: https://twitter.com/malwrhunterteam/status/1716517330602033659
# Reference: https://www.virustotal.com/gui/file/a42303a1baa0b48a95f6eaf6cfba9cef523492d078692cb2a1ab4889337624a6/detection

senpaireek.fun

# Reference: https://www.virustotal.com/gui/file/b13ce6179417dddff91e37fa3fed298f046a1cc2786a0f5c834f71d2b84751d0/detection

erikskite.fun
nasaprodu.fun
gcdnbabl3png.erikskite.fun

# Reference: https://www.intrinsec.com/wp-content/uploads/2023/10/TLP-CLEAR-Lumma-Stealer-EN-Information-report.pdf
# Reference: https://otx.alienvault.com/pulse/6531428c62ae987b76cc3191

gstatic-service.io
lumma.online
lumma.site

# Reference: https://www.virustotal.com/gui/file/493c87f0fd2fd648d190520b293db61ca612965b6d446352dbf1072164b4e8a7/detection
# Reference: https://www.virustotal.com/gui/file/0796818dc3510e88a966f0aaacd201ba162c46e0bc0f7c670ffbd43df485f5a7/detection

http://85.209.11.204
hackermania.org
/api/files/client/s51
/api/files/client/s52
/api/files/client/s53
/api/files/client/s54

# Reference: https://www.virustotal.com/gui/file/318b4327dcbdff36cb1b5bd2eaa1b08e6f3da93a136656cd301fd6967f790f9e/detection

http://135.181.11.36

# Reference: https://twitter.com/gothburz/status/1727652849008472312
# Reference: https://app.any.run/tasks/dd323037-05ea-4581-9a95-e22519ecc05e/

africathrillthes.pw

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2023-12-01-v10477/1174
# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2023-12-03)

http://5.42.92.179
http://95.217.74.243
2311forget.online
accouncementdivecane.site
acidevenstrisj.pw
activitymousetaitrwws.fun
admplous.pw
albumerrorregisetep.pw
analysisswellenterw.fun
angerprofeessoa.pw
assignmentfinalyy.pw
awareforcemouthwjji.fun
baitbillioledbel.pw
banananationalists.pw
baseballherdowf.fun
baseballleadrwio.pw
beachterminaldiff.fun
beenovelskilleoiw.pw
belongblowrelatefw.pw
betrareptileplas.pw
braidfadefriendklypk.site
brickabsorptiondullyi.site
buffettrickopsd.pw
cakecoldsplurgrewe.pw
carpetcupboardtejjerew.site
carvewomanflavourwop.site
castlesideopwas.pw 
chairtrainlineadju.pw
cherryopposedii.pw
cinemaretailermkw.fun
climbavantgardefe.fun
coldcoercekowja.fun
combpoplaurap.pw
communicationinchoicer.site
communicationpalaoow.pw
conceptcallewrige.pw
confineconcertjuuioa.fun
conservationsownk.pw
conventionleaflew.pw
cooperatecliqueobstac.site
crisisestimatehealtwh.site
cropfemininedynam.pw
crudeleavelegendew.fun
dancenegotiationffi.pw
dayfarrichjwclik.fun
declineconclusioniwo.pw
definefolkeloi.pw
deletefateoow.pw
delivernoteturnwjkl.fun
diagramfiremonkeyowwa.fun
discriminationcagerf.pw
dominantwidthwuiw.fun
downloads.media-talk.ru
drilledtonerconc.pw
droppicches.xyz
effluxcoltural.pw
eliminatechemistrywj.fun
ensurerecommendedd.pw
episodeterrifylat.pw
factorxharasswe.pw
fanlumpactiras.pw
fashionlazynavyresewg.site
flatmourningdressow.pw
fleetconsciousnessjuiw.site
floozielyhowevermist.pw
flowseasonallissoo.pw
formansnappybel.pw
fortunedomerussea.pw
fowlcirlenospp.pw
freckletropsao.pw
frighteninflatejuwi.pw
funeralmaximumjsju.pw
gatelistcoldyeisa.pw
gearboomchocolateowfs.site
geminiflattyord.pw
glovesslave.fun
godlawyerfeelkw.fun
gracecassettecretw.pw
healdieplayeriw.fun
hearpoundesweety.pw
hemispheredonkkl.pw
hotcowerrecoreeew.fun
idealruinrewardesw.fun
issuefightgreetw.fun
laborermemorandumjes.pw
lawitemymodelefr.pw
leaffountainla.fun
lendremindcenterpassew.site
likehulkinggera.pw
limitedconvertjiw.pw
linearcarerefs.pw
lingerescapecleanwja.fun
loogsporus.pw
macaronnicoccker.pw
magazineaccountantw.fun
makegreatagaintwwi.fun
managertraditionwjua.fun
massagemotipoole.pw
meayyammgaterre.pw
media-talk.ru
medicinebuckerrysa.pw
medicinefixlowop.pw
missileverdictwj.fun
moodanvoterowklam.fun
musclechannelnomi.pw
musclefarelongea.pw
neighborhoodfeelsa.fun
neutralpastureop.pw
nz.voicechangeai.pro
occupytapsessijk.pw
offerdelicateros.pw
onsciouosoepewmausj.site
opposesicknessopw.pw
ownerbuffersuperw.pw
payfrecklematurei.pw
perceivedomerusp.pw
personalpromiseo.fun
piggepawneillusio.pw
pinkipinevazzey.pw
platteryippejkomaf.pw
politefrightenpowoa.pw
portionetensioaw.pw
possibilitydespaw.pw
quitstrikesizeowo.pw
racerecessionrestrai.site
ratefacilityframw.fun
refereealivewhu.fun
referralpublicationjk.pw
refusemiserableofka.fun
resortredrobenris.pw
respectablegirlwfwa.fun
retainfactorypunishjkw.site
reviveincapablewew.pw
ribbonfolkcrownyy.pw
roomsodiumdependew.pw
rosemoonsleeptoe.pw
ruleborderdynamiciw.pw
saffronmontybrisk.pw
scanintegrutybatowss.pw
secondrailroadoikj.pw
sentimentprecisio.fun
settlehillcanne.pw
showerreigerniop.pw
showpumpkicartsl.pw
silveraquariumjwu.fun
skipflowposses.pw
slabbymenusportef.pw
slantrearperiosdew.pw
smoothawarescreenyo.pw
societylaboratoryuw.pw
sofacalendareffewx.fun
soupinterestoe.fun
speakeminoritetea.pw
spontaneouslightss.fun
stabsicknessord.pw
suburbmeetabuseowp.pw
suppresssectionje.pw
swarmseasonbuckoo.pw
tankqueueipjsh.pw
tarantulamalaguenrr.pw
territoryrequersp.pw
thinkroarseso.pw
tidecharityhouseow.fun
tidyrespectexpow.fun
tropicanimjrka.pw
troubleexemptioni.pw
turkeyjoystickesp.pw
unawarealarmtwinjje.pw
vesselspeedcrosswakew.site
wakereviewhuwee.pw
wantpiecesoftef.pw
willpoweragreebokkskiew.site
wriggleregisterycos.pw
xpencildiscussiio.pw

# Reference: https://twitter.com/RedDrip7/status/1734513423545720913
# Reference: https://ti.qianxin.com/blog/articles/UTG-Q-003-Supply-Chain-Poisoning-of-7ZIP-on-the-Microsoft-App-Store-EN/
# Reference: https://raw.githubusercontent.com/RedDrip7/APT_Digital_Weapon/master/UTG-Q-003/UTG-Q-003_hash.md
# Reference: https://otx.alienvault.com/pulse/657898bb7319baba70af7f94

50kmovie.com
alosevera.fun
azwin.top
bcca.kr
brolink2s.site
broworker7s.com
browserneedupdate.com
captionhost.net
creatologics.com
danesh-gah.sbs
deputadojoaodaniel.com.br
dns.gobobby.life
download7z-soft.xyz
exe.foxpro.top
foxpro.top
gendalf.top
gobobby.life
gry.gendalf.top
gusel.mom
imagefilestorage.top
jjj.ustrun.top
kar.azwin.top
leanbiome-leanbioome.com
linta.software
mazerah.fun
my.gusel.mom
nallcentrlizeqweq.fun
nalosevera.fun
nbakedmatela.fun
nbrolink2s.site
nbroworker7s.com
nbrowserneedupdate.com
nbulletforx.fun
nduhodown.fun
nexe.foxpro.top
nfeathspacesaf.fun
ngry.gendalf.top
nh2o.activebuy.top
nhawsteamjoak.fun
nhi.salam.monster
nhowlcars.fun
nimagefilestorage.top
njjj.ustrun.top
nkar.azwin.top
nmazerah.fun
nmy.gusel.mom
nnoo.egogol.top
nop.topina.top
nplengreg.fun
nrosaryconbo.fun
nsec.estimate.top
ntak.soydet.top
ntop.toppe.top
ntu.trainlove.monster
nvzz.skitech.top
op.topina.top
opwer.top
skitech.top
topina.top
ustrun.top
vzz.skitech.top
zuripvp.tk

# Reference: https://twitter.com/Syndikalist/status/1734493554691514586

enzvoiceaichanger.site

# Reference: https://twitter.com/g0njxa/status/1735571631789969411
# Reference: https://app.any.run/tasks/3ae62135-57be-4047-b5df-88beea8cae70/

voicechangeai.pro
dz.voicechangeai.pro
ns.voicechangeai.pro
nz.voicechangeai.pro

# Reference: https://twitter.com/g0njxa/status/1737123594054906114
# Reference: https://www.virustotal.com/gui/domain/sergiocostantino.com/relations

sergiocostantino.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2023-12-23)

http://91.92.253.220
absorbbiblowskinj.fun
advancefishexeedw.pw
advertiseshotdecaywi.pw
angerbumpyardee.pw
arresthorrodrw.fun
attachmentartikidw.fun
attyclaim.com
betstamprareempiewa.fun
blastechohackopeower.pw
bombertublestylebanws.fun
breakfastchanneljw.fun
caneclothesdriverhen.pw
captivatechimpanzeef.fun
carstirgapcheatdeposwte.pw
chincenterblandwka.pw
claimpassivedebatw.pw
coastperfumeoslan.fun
conferenctdressingshrw.site
combinethemepiggerygoj.site
copyrightspareddcitwew.site
couragedistributeoeo.pw
creepfleetconfusew.fun
cruelslumpeeris.pw
cupaffordcathedralk.fun
cuttingcoachrecovr.pw
differentliftwelanew.fun
dragonporterloudjettyw.site
dreamtelevisiongues.fun
driftpasssingeriuw.pw
ed.softaipro.fun
en.voiceaichanger.pro
ena.voiceaichanger.pro
ena.voiceaichanger.store
ens.voiceaichanger.site
enz.voiceaichanger.site
eternalchopflattyo.fun
evokenumberpottruckere.fun
expenditureddisumilarwo.site
falsifydisappearsoaeka.pw
familiardvotecheapw.pw
feedbackspidermate.fun
fitnescivilianquesw.pw
folkloreinviteex.pw
froggraduategravi.fun
goddirtybrilliancece.fun
groannysoapblockedstiw.site
illusionqualifiedj.fun
insertrichdedicatewa.pw
interactivetreadrel.fun
jewelassertivebop.fun
kitchenfootballkiw.fun
lipstructorymusclewow.fun
makeexpectentrypon.pw
maskmusicalproplemanw.pw
mixperiodfrienndy.fun
mountainlegislaturel.pw
muggymidnightleanuu.fun
necklacecasecauseowa.fun
nestpatchfillfavo.fun
ownerteztapplicatiow.pw
paperambiguonusphoterew.site
pedestriankididentityw.fun
pickbeatmoduleprefer.pw
playerweighmailydailew.pw
preferencesubwaywad.fun
premiums.voiceaichanger.pro
promo.voiceaichanger.pro
qualifiedbehaviorrykej.site
ranchguarrelguidewa.pw
rarevaluediscow.fun
realitysocialiolee.site
recessionconceptjetwe.pw
representrecyclere.pw
revivalconflictgrippe.site
ritualaccidentrepu.fun
sideindexfollowragelrew.pw
solutionoutlineplaint.fun
speedslumpachierew.fun
stereotypebushexch.fun
subwayspellprotiso.fun
surfsponsorjun.pw
tablesockartfinewa.pw
teardesertfreewo.fun
technologyprosecutiw.pw
testifypiecefarst.fun
theoristnationalprow.fun
tollactionancestorw.pw
transparenteunlawfullyp.site
twinconstellationjkal.fun
underlinefreeapearew.fun
vegatablebeacjinser.fun
viewconceivegiw.fun
virtuereplacerentj.fun
voiceai.attyclaim.com
voiceaichanger.pro
voiceaichanger.store
weedpairfolkloredheryw.site
winnerparagrapdierw.fun
winterrescueplwo.pw
worrystitchsounddywuwp.site
voice.k7pw.com
voiceai.linkedsl.com

# Reference: https://twitter.com/g0njxa/status/1738890509404238017
# Reference: https://app.any.run/tasks/0dedb8f0-0d83-4360-add0-129319875738/

agedelayglacierwe.pw

# Reference: https://www.virustotal.com/gui/file/3715487205bd663c45a2cd4cf85a0a73183a20960d126e8ed3a461ef837c4144/detection

ntdll-update-connect.com

# Reference: https://twitter.com/kienbigmummy/status/1744582708045717901
# Reference: https://www.virustotal.com/gui/file/92b768cf585a5fa46bb9b86e9acec71ad56e4b2b93cc0e77f88da2cdb852dd7c/detection
# Reference: https://www.virustotal.com/gui/file/aa5c2e2376a44428339d1a91f5a48129a15271bb344e46b23fc76468000af67f/detection

build-villa.io.vn

# Reference: https://twitter.com/Syndikalist/status/1744772300946170119

voicechangeai.online
promos.voicechangeai.online
voiceai.electronicweldingcolombia.com

# Reference: https://www.virustotal.com/gui/file/7f44b17f4d1437f97e80e7f372f7b11db0ab21a7658d8521622ac68014014bd7/detection

copyexpertisesausewaverw.site

# Reference: https://www.virustotal.com/gui/file/16d52767bb629f7e84e2c4d770c844987366e9f5d36b52c5e68dea53e6a350be/detection

contextsuffreintymore.fun

# Reference: https://www.virustotal.com/gui/file/e7583882961b541180ce58c3c839fb57e80e467407cd4b2cc7d3ec039a220b62/detection

demonstratorleasheropw.site

# Reference: https://twitter.com/g0njxa/status/1751329389994721780

voicechangeai.online
premiums.voicechangeai.online
promo.voicechangeai.online
promos.voicechangeai.online

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-01-30)

http://185.172.128.154
absentconvicsjawun.shop
acquisitionfinancej.shop
affordcharmcropwo.shop
alcojoldwograpciw.shop
assaultseekwoodywod.pw
associationokeo.shop
auctiondecadecontaii.shop
baketransparentadw.pics
banquetmasteryfailurw.site
beaturifuelministyuowwas.site
benddiscoleideasbridrew.site
birdvigorousedetertyw.shop
bleednumberrottern.homes
bordersoarmanusjuw.shop
brakesummitfiightre.pics
circulatejobspontane.shop
claimconcessionrebe.shop
cleartotalfisherwo.shop
colorfulequalugliess.shop
combinationconventiwov.shop
communicationgenerwo.shop
consciouosoepewmausj.site
controlopposedcallyo.shop
culturesketchfinanciall.shop
deadpanstupiddyjjuwk.shop
demonstationfukewko.shop
despairphtsograpgp.shop
detectordiscusser.shop
developmentalveiop.homes
diskretainvigorousiw.shop
dismissalcylinderhostw.shop
donorwifeconfusionstronko.site
doonwload.fun
doughmebinnybunio.shop
economicscreateojsu.shop
edurestunningcrackyow.fun
enthusiasimtitleow.shop
entitlementappwo.shop
essayinterventiondepof.site
evokeoutlooklits.shop
executivebrakeji.shop
exemptatmospherestingw.site
exitassumebangpastcone.shop
feturepoudbicchteo.shop
flexibleagttypoceo.shop
gemcreedarticulateod.shop
greetclassifytalk.shop
healthrankunderow.fun
hovermeatglacierrjuw.site
hunterstrawmersp.homes
incredibleextedwj.shop
inviteaccessiblesaltw.shop
joystickempiricalhirpw.site
knonkcdalfyhitt.shop
landgateindirectdangre.shop
lawwormroleveinn.mom
legislationdictater.mom
liabilityarrangemenyit.shop
liabilitynighstjsko.shop
lighterepisodeheighte.fun
mealplayerpreceodsju.shop
medalappearancerackw.shop
mercyaloofprincipleo.pics
modernizepledgeoi.shop
modestessayevenmilwek.shop
mosaicyoungoccasionnyej.site
muggierdragstemmio.fun
nationalistvetecanve.shop
negliganceassumeruew.site
offerimagefancine.shop
offsetundressdriveryjow.site
oneclickyporkeiw.fun
pavementpreferencewjiao.site
peasanthovecapspll.shop
pillowbrocccolipe.shop
pooreveningfuseor.pw
problemregardybuiwo.fun
productivelookewr.shop
publishfavorharbouroe.site
pushjellysingeywus.shop
radicalleafletmissfoxw.pw
reechoingkaolizationp.fun
rejectbettysmartws.shop
relevantvoicelesskw.shop
resergvearyinitiani.shop
sayleafletcamerakwov.site
scrapedirtyieoqk.shop
secretionsuitcasenioise.shop
sessionannoucemenwj.shop
shatterbreathepsw.shop
shortsvelventysjo.shop
smilesnugglemonstouseo.site
sofahuntingslidedine.shop
spokespersonunjuriwo.shop
stamprollabbeymemberw.site
suitcaseacanehalk.shop
technologyenterdo.shop
telldruggcommitetter.shop
theatergenerationju.shop
tolerateilusidjukl.shop
tonguehypnothesislan.shop
townsfolkhiwoeko.fun
triangleseasonbenchwj.shop
turkeyunlikelyofw.shop
tvoikcloud.pw
updaterootapplederjuios.site
vatleaflettrusteeooj.shop
wifeplasterbakewis.shop
worryfillvolcawoi.shop

# Reference: https://www.virustotal.com/gui/file/137aaf991507d90ad86343ea960b798f349504fcbdc3b004ffd9a50366b6c1b9/detection

fantasticabnormally.shop

# Reference: https://www.virustotal.com/gui/file/d83706c6ce5817a7d854e17b99d92d4027fa5b2c960fdb7886b46169ed1e3e06/detection

xm8wyk.site

# Reference: https://twitter.com/1ZRR4H/status/1763013383152976352

trendspider.dev

# Reference: https://www.virustotal.com/gui/file/cc153440791a534326d7c57871f9443b533b4cbeb4b693df58ce9b6ef137cc62/detection

decorousnumerousieo.shop

# Reference: https://www.virustotal.com/gui/file/13878fa249e211d6fe9a3fe49ad570829217e9a75f50fcdd268dc7a6bd1ab5c7/detection

herdbescuitinjurywu.shop
resergvearyinitiani.shop
wisemassiveharmonious.shop

# Reference: https://www.virustotal.com/gui/file/0cb6c879f21d799ecb3907bbe42f34ca7269881658217191f9ce002e74838d8f/detection

asleepfulltytarrtw.shop
colorfulequalugliess.shop
relevantvoicelesskw.shop

# Reference: https://www.virustotal.com/gui/file/9cf7055ad997b7e0371677517b350e69d6dc0500a60e0ca138630e3db496d89b/detection

prematuresolvehumoew.shop

# Reference: https://www.virustotal.com/gui/file/2ba044c9cb003579926f4bc9cb21d0e8e022665546b9fd7c17d9615c176e03d0/detection

wagechaircoupessaywu.shop

# Reference: https://www.virustotal.com/gui/file/2b1039f5409827b3452a6d2c98879b7b5be243f8943bc54237fd10d97af37399/detection

paintercrutcheniw.shop

# Reference: https://www.virustotal.com/gui/file/14090631957ac88ddf886e446d1dcbce90befa7cb8040bf0c858ae6211d5c738/detection

wagonglidemonkywo.shop

# Reference: https://www.virustotal.com/gui/file/0279f6fced0275c1da4efe62b25d58249e7f7748ce9363a1e01b5156c3a8b845/detection
# Reference: https://www.virustotal.com/gui/file/f619065e3de7a25c808af62b9c3a49934a6a93999361f9ad3e2fe9f50f73c2d6/detection

directorryversionyju.shop
respectpitchadopwo.shop

# Reference: https://www.virustotal.com/gui/file/7dbd19ece9d099c65970625b4b3b1b663d538a80da98ed49e05a71341c9f4e56/detection
# Reference: https://www.virustotal.com/gui/file/1bd1837f2fc67064877eb9391c44c3c6709fcf7301cabad0ad1c9b4cab840200/detection

awardlandscareposiw.shop
sailsystemeyeusjw.shop

# Reference: https://www.virustotal.com/gui/file/98f6ecc60e016311511ce920220598b33eb9671e7c71254e76d638d0f2a45883/detection

abuselinenaidwjuew.shop
birdpenallitysydw.shop
cinemaclinicttanwk.shop
colorprioritytubbew.shop
officiallongberyw.shop

# Reference: https://twitter.com/karol_paciorek/status/1780582512596566337
# Reference: https://tria.ge/240417-psw94afb88/behavioral1
# Reference: https://www.virustotal.com/gui/file/09ffc4188bf11bf059b616491fcb8a09a474901581f46ec7f2c350fbda4e1e1c/detection

http://85.239.53.219

# Reference: https://twitter.com/r3dbU7z/status/1782383162116436436
# Reference: https://www.virustotal.com/gui/file/24de10a6c677345b927d2c84f8f58a6fb3918ae9efe64504dc94da887fbed3cb/detection

meadowannivejrsary.shop

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-05-07)

auctiongutollyjkui.shop
democraticseekysiwo.shop
harassretunrstiwo.shop
hearthingdirecwi.shop
palmeventeryjusk.shop
peanuearthflaxes.shop
public-ftp.com
strollheavengwu.shop

# Reference: https://x.com/Threat_Down/status/1791912008746430748

stiffraspyofkwsl.shop
zocmstranslate.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-05-28)

acceptabledcooeprs.shop
appetitesallooonsj.shop
averageaattractiionsl.shop
babycandidateoswp.shop
boredimperissvieos.shop
buttockdecarderwiso.shop
civilianurinedtsraov.shop
employeedscratshj.shop
employhabragaomlsp.shop
femininiespywageg.shop
headraisepresidensu.shop
holicisticscrarws.shop
lineagelasserytailsd.shop
miniaturefinerninewjs.shop
minorittyeffeoos.shop
museumtespaceorsp.shop
obsceneclassyjuwks.shop
plaintediousidowsko.shop
prideconstituiiosjk.shop
roomabolishsnifftwk.shop
sloganprogrevidefkso.shop
smallelementyjdui.shop
sofaprivateawarderysj.shop
stalfbaclcalorieeis.shop
sweetsquarediaslw.shop
tendencyportionjsuk.shop
whispedwoodmoodsksl.shop
zippyfinickysofwps.shop

# Reference: https://www.virustotal.com/gui/file/e158171cee1cd932a42f0fc480644b6098e541108f0dab559d2b161a5daba63c/detection

slamcopynammeks.shop

# Reference: https://www.esentire.com/blog/fake-browser-updates-delivering-bitrat-and-lumma-stealer

accountasifkwosov.shop

# Reference: https://www.virustotal.com/gui/file/39345b9dc44db0aec3ceb63efa9f4b0bb74753da4fa421745acff9835f50debc/detection

considerrycurrentyws.shop
deprivedrinkyfaiir.shop
detailbaconroollyws.shop
horsedwollfedrwos.shop
messtimetabledkolvk.shop
patternapplauderw.shop
relaxtionflouwerwi.shop
understanndtytonyguw.shop

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-06-18)

additionmarriagefoewsv.shop
adoptionalbumgesw.shop
allowbloodythinkews.shop
antiuncontemporary.fun
appliedgrandyjuiw.shop
arrangementyforumekw.shop
assumptionflattyou.shop
audiencegafferokkow.shop
baresoakopiniocowe.fun
bettynoticecovej.shop
bicyclesunhygenico.fun
biographyfirmtrisie.shop
blastoporicwoff.fun
bowelunitrydoorsko.shop
breakdecisiveexpandw.fun
bremenessverdurewas.fun
brickbrothjorkyooe.shop
burnfamesoilratewo.shop
cassetteprodueiwo.shop
catlackjellyodwps.shop
cattilecodereowop.pw
chokepopilarvirusew.shop
chunkylopsidedwos.shop
churchemipircasowl.shop
clientgirlfrienddyjw.shop
comedyhorizonbedwus.shop
competitionpooleow.shop
computerfuneralljwu.shop
conceptionextortyosw.shop
concessionofsellerwo.shop
convictionpartyeokwi.shop
corruptioncrackywosp.shop
counterrailcrwu.shop
declarationlastyj.shop
declineforntyuekw.shop
demonstratedesighw.shop
descriptionappleoj.shop
diamondarrivallyowju.shop
disagreemenywyws.shop
disgustedsorryeedi.shop
distributopsuoprs.shop
divosrcemusemutati.shop
drilmoralwandreowpops.shop
economelogainyjusk.shop
elizgerls.pw
ensureclackexcatwi.shop
exceptionwillapews.shop
executrixrangedcoew.fun
explocommisiowsa.shop
explodesaildecksatt.shop
favourlegislatureduei.shop
fieldtrollyeowskwe.shop
fikkeropendorwiw.pw
fireplacecheckwi.shop
fishboatnurrybeauti.fun
fixturewordbakewos.shop
footflexibleacts.shop
forknegotationaow.shop
fossillandscapefewkew.site
fragmentyperspowp.shop
gameteamfinder.com
geneticsockkdwlsaw.shop
glossydecentjuskwos.shop
goodlocka.pw
grazeinnocenttyyek.shop
greenbowelsustainny.fun
guhomush.pw
handbreeadretwaiw.shop
hushedsombkereos.shop
improvisersmissionjuw.fun
interferencesandyshiw.shop
ironshottallinko.fun
isotrimorphicnongrasse.shop
jewelbasinfrankywoi.shop
jobbyshysinduksowp.shop
joblkessprosgeow.shop
kitchenreviewbewrwsa.shop
legatorypluralishrtw.shop
libertyliebindywv.shop
lightsecretatylattew.shop
likelysoarastonishiow.shop
listenmoutioncow.shop
marchsensedjurkey.shop
mazefearcontainujsy.shop
mazumaponyanthus.fun
mealroomrallpassiveer.shop
methodgreenglassdatw.shop
mutterunlikelyoo.shop
neddlepyramidfunnyjok.fun
negotitatiojdsuktoos.shop
newspaperpotatoju.shop
nimkishraddedrew.shop
noduscheatscake.fun
onebiogopwdsa.site
orbitpettystudio.fun
paininsrertymarshwke.shop
palacetilecomplew.shop
peanutclutchlowwow.shop
pearcyworkeronej.shop
penetratedworrsyw.shop
phobicgiddyfivverr.shop
pielumchalotpostwo.fun
pilothardwarreodsi.shop
pioneerframeoakchew.fun
plasterdaughejsijuk.shop
poledoverglazedkilio.shop
pollutiofactwoijk.shop
portaircoveragejsuk.shop
practicalcoherentt.shop
preachbusstyoiwo.shop
preciousenviouskakei.shop
premeritwallyoko.fun
preocucupationssk.shop
prescriptionstorageag.fun
presencewineonnyui.shop
princeaccessiblepo.shop
pumpedcalmdeadpannkow.shop
pumpkindribblewo.shop
punchtelephoneverdi.store
purefinishonerbrothsjke.shop
questbehavixoporpo.shop
questionconservawuts.shop
quitdigitalplatforwi.shop
rankrandomotherwjsui.shop
recognizestainsw.shop
refundemobxyyeols.shop
regardvelvettynerverf.site
revisedrinkslappyoowi.shop
rightchampionieo.shop
rocketmusclesksj.shop
roleprofittypleasw.shop
roundpolechildryowjv.shop
routinecontoradwjsk.shop
rugbysummerosodnwu.shop
samplepoisonbarryntj.shop
scandalbasketballoe.shop
scshemevalleywelferw.site
seasonaldemonstradojs.shop
sermonundressolcow.shop
simplicitynegotiatiw.shop
smallrabbitcrossing.site
snuggleapplicationswo.fun
souptapedentisttactiwe.shop
speedparticipatewo.shop
steadfastvaluabelywomo.shop
stingmisplacedelivrrw.shop
strainriskpropos.store
stripmarrystresew.shop
superiorhardwaerw.pw
surprisemakedjukenw.shop
surpriserangeloggypo.fun
survivalpersisttww.shop
sustentatorcoagulat.fun
syncarpiajanapiom.fun
tearfulbashfulow.shop
telephoneverdictyow.site
televisionstudiowmmj.shop
templecharteredowis.shop
textureshallodsjk.shop
theoryapparatusjuko.fun
thinrecordsunrjisow.pw
ticketgradiencomfj.shop
tigerrfunerlariro.shop
tropicalironexpressiw.shop
tubewelfaredopw.shop
uncertaintyrestsju.shop
unexaminablespectrall.fun
unhappytidydryypwto.shop
valuablestraigwhi.shop
varianntyfeecterd.shop
vehicledropliberwls.shop
villagemagneticcsa.fun
voicelighterrrepso.shop
warmstrawcounwyhj.shop
warningindicationsjw.shop
wastwfulldashiwnjs.shop
woodfeetumhblefepoj.shop

# Reference: https://www.virustotal.com/gui/file/9cf43d480f6319717934b1a3f97682a4454c1742e2409aa416ba719e606c34ca/detection
# Reference: https://www.virustotal.com/gui/file/c3a9ab0fbf5cbbec8e2c28a168d8f0c485f6cfa9fddd046c94f4704453ee85ee/detection

falseaudiencekd.shop
feighminoritsjda.shop
justifycanddidatewd.shop
marathonbeedksow.shop
pleasurenarrowsdla.shop
raiseboltskdlwpow.shop
richardflorespoew.shop
strwawrunnygjwu.shop

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-06-22)

accumulationeyerwos.shop
backcreammykiel.shop
bargainnygroandjwk.shop
computerexcudesp.shop
disappointcredisotw.shop
doughtdrillyksow.shop
facilitycoursedw.shop
injurypiggyoewirog.shop
leafcalfconflcitw.shop
publicitycharetew.shop

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-06-24-v10626/1760

ablesulkyfirstyews.shop
composepayyersellew.shop
quotakickerrywos.shop
sailorshelfquids.shop

# Reference: https://www.virustotal.com/gui/file/b299a5c40aaff914b314965d62efcf15417a0b55ef641e947e608159bd6c6f9f/detection
# Reference: https://www.virustotal.com/gui/file/15adb154e14f3368db25bce7e45b756391ad9982d2af0687f56cc9a99527cd98/detection

http://91.92.248.132

# Reference: https://x.com/vxremalware/status/1807287716188422443

77.105.135.107:3445
contintnetksows.shop
foodypannyjsud.shop
groundsmooors.shop
potterryisiw.shop
reinforcedirectorywd.shop

# Reference: https://www.virustotal.com/gui/file/004aba94049326997a5effb611dc3fd88b1669fe2a311630bc61138aa728698d/detection

professionalresources.pw

# Reference: https://www.virustotal.com/gui/file/b357c7f065b1cb7f07c91097794424d1aecb6356893798eb4a6ee138ee87bfa0/detection

affecthorsedpo.shop
answerrsdo.shop
bannngwko.shop
bargainnykwo.shop
benchillppwo.shop
bouncedgowp.shop
publicitttyps.shop
radiationnopp.shop
stationacutwo.shop
willingyhollowsk.shop

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-07-10)

applyzxcksdia.shop
arritswpoewroso.shop
arriveoxpzxo.shop
assignmentygassdyw.shop
begghurldids.shop
bindceasdiwozx.shop
bitchsafettyudjwu.shop
bittercoldzzdwu.shop
catchddkxozvp.shop
charmingtranskw.xyz
civilizzzationo.shop
conformfucdioz.shop
contemplateodszsv.shop
declaredczxi.shop
extorteauhhwigw.shop
invisibledovereats.shop
lyingchemicow.shop
piedsiggnycliquieaw.shop
replacedoxcjzp.shop
requestyex.shop
respectabledpcs.shop
unwielldyzpwo.shop

# Reference: https://x.com/malwrhunterteam/status/1814013663453581342
# Reference: https://www.virustotal.com/gui/file/22bcd32874d4c2b4be760f06820be1e02e97d886249a9b1db51c61a247cf685e/detection

callosallsaospz.shop
flydryszxo.shop
indexterityszcoxp.shop
lariatedzugspd.shop
liernessfornicsa.shop
outpointsozp.shop
shepherdlyopzc.shop
unseaffarignsk.shop
upknittsoappz.shop

# Reference: https://www.virustotal.com/gui/file/0a18067c173a7c4bdc24b8d3a847814b30733cecfdcc305c431a3d1fcc322536/detection

freezetdopzx.shop

# Reference: https://x.com/malwrhunterteam/status/1815460941791981820
# Reference: https://www.virustotal.com/gui/file/b7971b5d452939405cfb8db0ef47e5c83b6747c8a210d59637b0ac469c5ca5df/detection

accessibledpzp.shop
assetdistribution.info
pwarticles.xyz
contur2fa.assetdistribution.info
ctura.assetdistribution.info

# Reference: https://www.virustotal.com/gui/file/f101c64d3b5435c00af570e23a3ef274ec7a86bdc17e6a48b6e76b955c252db4/detection

enormousseop.shop

# Reference: https://x.com/9823f_/status/1815764911630258188
# Reference: https://x.com/9823f_/status/1815764966529536454

deal48441.shop
deal8382.shop
deal8409.shop
deal9401.shop
deliveconf.shop
eu-info.shop
evoga.shop
geetpaag.shop
holabueenoss.shop
neworders-351251.shop
offer-8231.shop
offer-secure.shop
offer5678.shop
offer5893.shop
offer7610.shop
offer7821.shop
offer78231.shop
offer8917.shop
offer8943.shop
ppulsepedlrr.shop
safeespanio.shop
saxzczx.shop
verificacion.shop
xcholasays.shop

# Reference: https://www.virustotal.com/gui/file/a18fb5ee523e9e8894fb9075b5fa0781f40140a6bf4605feb081c5de008b337c/detection

chapterrysopz.shop
wikifacts.pro
edal.wikifacts.pro

# Reference: https://www.virustotal.com/gui/file/6df0c27c9b7346fcfd227ace641a6bbc9f1a2a86e19a1f8c82813c55094cdcd2/detection

rightruesx.shop

# Reference: https://www.virustotal.com/gui/file/5aeed0daa0d8ec420c31282257c7cb8286eb5a150d53b60c7698949923c557be/detection

mundannetransuq.shop

# Reference: https://www.virustotal.com/gui/file/3881d55ece7ce708ff46ff227d2fc43f8346b698859d32a1ef688625148309e3/detection

condar.wikifacts.pro

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-07-23)

bigmouthudiop.shop
movedwithdrwiaso.shop
overshootsizx.shop
spackledzpxs.shop
whangeeeerodpz.shop

# Reference: https://x.com/1ZRR4H/status/1816022666232373649
# Reference: https://www.virustotal.com/gui/file/893ab38214561c3c6ce16587533a9053f18769db11a1a4b999cb4c0bf0f5552d/detection

warrantelespsz.shop

# Reference: https://www.virustotal.com/gui/file/2aa3c7ed83a905ab7161635b95e97ce757e4e1c74e6922c8f4bc0cfc8ac26995/detection
# Reference: https://www.virustotal.com/gui/file/b67dd604d01052c74a4f37160a7595d513c47f4974ccd4a35bdaecdaa38aeb34/detection

aplointexhausdh.xyz
compilecoppydkewsw.xyz
depositybounceddwk.xyz
exertcreatedadnndjw.xyz
gloomopiniosnforuw.xyz
manufactiredowreachhd.xyz
oventoolyeditiiow.xyz
panameradovkews.xyz
proffyrobharborye.xyz
slammyslideplanntywks.xyz

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-07-26)

beatablydoxzcop.shop
closedjuruwk.shop
importancedopz.shop
spliceszongsop.shop
trobulepcatoa.shop

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-07-26-v10654/1853

advertisedszp.shop
bravedreacisopm.shop
broccoltisop.shop
disappearsodsz.shop
effectivedoxzj.shop
grassytaisol.shop
horizonvxjis.shop
importancedopz.shop
parntorpkxzlp.shop
shellfyyousdjz.shop
spliceszongsop.shop
stimultaionsppzv.shop
teentytinyjeo.shop

# Reference: https://x.com/r3dbU7z/status/1817607423890231742
# Reference: https://www.virustotal.com/gui/file/dcd0823f72d6a145fb9acfbb6f2e4885b3e6fca6dc76f1476bd0c5431ae15ff4/detection
# Reference: https://www.virustotal.com/gui/file/9ef975e93768f270dfb2923e1848ac26d98789ffdf4fb7f9785e2a4260a32cdb/detection
# Reference: https://www.virustotal.com/gui/file/015a04303ee4a925095311e60593fa100951986713324c118d067684d6dd5787/detection

15.197.192.55:1775
185.172.129.25:1775
188.40.187.174:1775
ftpclienter.com
kgeyscaqeacwaccu.xyz
kmiigggyqiwkeeci.xyz
scqekwyoswaguuyo.xyz
skssoeqouussusyi.xyz
uamgayumeqmwemas.xyz
ugmkmoigiimgmaaw.xyz

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-07-30-v10656/1858

ammycanedpors.shop
chequedxmznp.shop
dividenntyss.shop
egorepetiiiosn.shop
faceddullinhs.shop
illnesmunxkza.shop
paradexjdoa.shop
shelterryujxo.shop
shootydowtqosm.shop
supportyattraos.shop
triallyforwhgh.shop

# Reference: https://research.checkpoint.com/2024/stargazers-ghost-network/

distincttangyflippan.shop
greentastellesqwm.shop
innerverdanytiresw.shop
lamentablegapingkwaq.shop
macabrecondfucews.shop
standingcomperewhitwo.shop
stickyyummyskiwffe.shop
sturdyregularrmsnhw.shop
vivaciousdqugilew.shop

# Reference: https://www.virustotal.com/gui/file/02a3c287a18f16c925ee19e4b13a4860b65fecb0d5e58b69b5f651e476f25ecf/detection

celosiapatroen.shop
flyyedreplacodp.shop
weaknessmznxo.shop

# Reference: https://www.virustotal.com/gui/file/087ca6e9485fd8fef25c435817ac6a42c0dccee7b2dbb84bd644183d6b11a768/detection

tenntysjuxmz.shop

# Reference: https://www.virustotal.com/gui/file/0ef487a74c9432e7664ac6dec0fe7227cef529f1f853f135551e77eb7ee1beb6/detection

toughsnxcmxz.shop

# Reference: https://x.com/malwrhunterteam/status/1821805570581508568
# Reference: https://www.virustotal.com/gui/file/a6d62490a4df493c01879c39214d91050885cedcdab2457d80da7cacf07d6f14/detection

assumedtribsosp.shop
boattyownerwrv.shop
budgetttysnzm.shop
chippyfroggsyhz.shop
creepydxzoxmj.shop
definitonizmnx.shop
empiredzmwnx.shop
rainbowmynsjn.shop
sulphurhsum.shop
ensetupoffice365.blob.core.windows.net
msoffice365help.blob.core.windows.net
setupmsoffice365.blob.core.windows.net

# Reference: https://www.virustotal.com/gui/file/25dd3a24daf65c9c3e8cdd6fe7d4e8e6b88c6dabd9dc5aeb486a628ec1250109/detection

unnaniomsuado.shop

# Reference: https://www.virustotal.com/gui/file/4d68bc04256f81a4997e189149a7185b2120828d918ade491a6428aaed3e6e48/detection

occurrmensipz.shop
outfittydadop.shop

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-08-10)

http://195.211.97.9
ballottynsjm.shop
bannertastylbaoeow.xyz
bannybottomskp.shop
bassizcellskz.shop
celebratioopz.shop
citizencenturygoodwk.shop
clouddycuiomsnz.shop
complaintsipzzx.shop
deallerospfosu.shop
demandlinzei.shop
deviationknzm.shop
dirtdrawingjsi.shop
elephanntys.shop
enfixxysdjsip.shop
erdefendkzov.shop
fiondationkvowos.xyz
harmfullyelobardek.shop
hookybeamngwskow.xyz
hugedearwaxxysu.shop
kaminiasbbefow.shop
languagedscie.shop
libarraryspzm.shop
mennyudosirso.shop
nobledpcowep.shop
outfittisozm.shop
palacecirwoos.shop
pallmusksopzm.shop
quialitsuzoxm.shop
scannedunsop.shop
shinyearthtwio.shop
singerreasonnbasldd.xyz
solutionpxmuzo.shop
spitechallengddwlsv.xyz
surprisedscaledowp.xyz
technologggisp.shop
templerrysjzkp.shop
transformatiwosp.shop
varitycookypowerw.xyz
voyagedprivillywk.xyz
whimiscallysmmzn.shop
writerospzm.shop

# Reference: https://x.com/banthisguy9349/status/1824354073916641543

cagedwifedsozm.shop
charecteristicdxp.shop
consciousourwi.shop
deicedosmzj.shop
enthusiandsi.shop
incentiospzxm.shop
interactiedovspm.shop
paperryszjxuo.shop
potentioallykeos.shop
southedhiscuso.shop
torubleeodsmzo.shop
unenviousdxep.shop
weiggheticulop.shop

# Reference: https://x.com/BigDonTea/status/1824307613787410810
# Reference: https://www.virustotal.com/gui/file/8970909a790a15402cd11e7b737e2cd5c9b39b609bcd3e7122049f1665abc228/detection

cam-m1.b-cdn.net
campzips-v1.b-cdn.net
greetycruthsuo.shop

# Reference: https://www.virustotal.com/gui/file/02322c49b6a8cdffd4c65d22583f1ce3f9c5d0e20ff05fd413a362023ce64ee7/detection

pieddfreedinsu.shop

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-08-18)

buccketpyspm.shop
circullateiosn.shop
comediantes.org
deadpannsjzvn.shop
disappointypsm.shop
excavtaionps.shop
fisstyconsumerosp.shop
futureddospzmvq.shop
meiddlesrsnzop.shop
revivewronggykwos.xyz
riffledopspzio.shop
sleipnirbrowser.org
trickysymptommysqu.xyz

# Reference: https://www.virustotal.com/gui/file/44f3785a638a44fc304e73faec31f19a7afcf6f0c3da7b9cedd2b31bc4ab56d4/detection

revivewronggykwos.xyz

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-08-19-v10669/1904

abandonnyskop.shop
episodepspzmp.shop
guuynsqpwsima.shop
polyctendizxcop.shop
sensitivyitszv.shop

# Reference: https://x.com/g0njxa/status/1826214880539505095
# Reference: https://app.any.run/tasks/58551a68-796b-4605-a3cd-566db979e409

dlvideosfre.click
ch3.dlvideosfre.click
check.dlvideosfre.click
verif.dlvideosfre.click

# Reference: https://www.virustotal.com/gui/file/0a40d445fa8d83d2b7019d692542148c8f17f07e5afd998e3c422a49f4df7d97/detection

miracledzmnqwui.shop

# Reference: https://x.com/RacWatchin8872/status/1826917893457559782

pub-9c4ec7f3f95c448b85e464d2b533aac1.r2.dev

# Reference: https://www.virustotal.com/gui/file/67a0379932aa7f0fcd0544eec112c29632cb94c25026fb91f4660c9aa42d881d/detection

fictionnykwop.shop

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-08-25)

a1000128.xsph.ru
absentjuks.shop
acceptconvectiiw.shop
asdasdadskewk.shop
barebrilliancedkoso.shop
berserkydosom.shop
biiishowpmsqi.shop
boillingyskop.shop
caffegclasiqwp.shop
clearrypalsidn.shop
condedqpwqm.shop
conferencefreckewl.shop
convincecandpsuwm.shop
cooperatvassquaidmew.xyz
cottageaskyflolewk.shop
craackypotsis.shop
crisisrottenyjs.xyz
cycasisicio.shop
deadtrainingactioniw.xyz
dependancedkzxkj.shop
discountdkgozxc.shop
discoverymaidykew.shop
discreetdramatricop.shop
drinnkysoapmzv.shop
dueamuggyshkowsv.shop
edificedcampds.shop
edificedcampslzi.shop
enthusiasmmskaso.shop
excellentdiwdu.shop
explorationcoerwk.shop
exporttearryliveedko.shop
exuberanttjdkwo.xyz
femininedspzmhu.shop
flourhishdiscovrw.shop
forymsweeelsm.shop
froytnewqowv.shop
grandcommonyktsju.xyz
haltconcrenrsi.shop
handyxczos.shop
instructionpxjc.shop
jazztgratizecnagnek.xyz
juniirsoow.shop
knowwnysipm.shop
landdumpycolorwskfw.shop
latesttributedowps.shop
liabiliytshareodlkv.shop
locatedblsoqp.shop
markerryshewi.shop
meannypaintipp.shop
millyscroqwp.shop
notoriousdcellkw.shop
ohfantasyproclaiwlo.shop
onionoowzwqm.shop
parallelmercywksoffw.shop
partyyeisdo.shop
playerstomachbwlle.shop
prettilikeopwp.shop
qualificationjdwko.xyz
readdyloopyeow.shop
reluctancedopmxz.shop
salesperosominsid.shop
scenarriotdpq.shop
secretiveonnicuw.shop
separateedmsqj.shop
sinceregianntykuso.shop
snaillymarriaggew.shop
spinedpriceodqp.shop
spoortsiso.shop
stagedchheiqwo.shop
stamppreewntnq.shop
striphousdingkolewp.shop
stronggemateraislw.shop
survivedosaz.shop
sweetcalcutangkdow.xyz
swingcirculateblsdi.shop
thumbdriverrylinnw.shop
timetabledffiewi.shop
timetablepdodwp.shop
traineiwnqo.shop
universittsyos.shop
uttercarrigsno.shop
violanntyisopz.shop
violationsyxzb.shop
welfaredcattewd.xyz
wollfsoaisvz.shop
wordingnatturedowo.xyz

# Reference: https://x.com/r3dbU7z/status/1828177963562549637
# Reference: https://www.virustotal.com/gui/file/a8cc637d455d7e89c1adf34775eadc90a7c8e425fcbe6e5c74303220e50ad5ef/detection
# Reference: https://www.virustotal.com/gui/file/de6df199b5a727199f6540d216a6fa920105b7b2f254b165d63101011c0d178a/detection

computador.run
portalservicos-denatran-serpro-gov-br.org
view.portalservicos-denatran-serpro-gov-br.org
windows.computador.run

# Reference: https://www.virustotal.com/gui/file/0225ca9a6f4b5cee87d1d25b11cd445228f49ab13f65ed1ad104a8ff54702b46/detection

evoliutwoqm.shop

# Reference: https://www.ontinue.com/resource/obfuscated-powershell-leads-to-lumma-c2-stealer/
# Reference: https://www.virustotal.com/gui/file/e9457733ee1d946eb69cc9f7db756430d1d055012d26240cec24925aed498098/detection
# Reference: https://www.virustotal.com/gui/file/ee34b612ee13eea868b47c797863619075a28099285a61b1fa7376f72b06ff7a/detection
# Reference: https://www.virustotal.com/gui/file/b7f8be9ae0cde7d6233d50520d76b63474cc5f32f334160a7699a0e77a34d276/detection
# Reference: https://www.virustotal.com/gui/file/47656fd369a7ce08902875a7476a1889b7b770c2a1396bdfde3e5e093b7c79ee/detection

http://188.68.220.48
ufort.info
vamplersam.info

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-08-31)

abortionlaoep.shop
aggiledpozm.shop
applieddyooqnz.shop
approoverowps.shop
arsriefloxzm.shop
awwardwiqi.shop
bordjoyoust.shop
brasshroewwpm.shop
buddgetisozv.shop
burrydedmnzop.shop
calcuatllitwop.shop
cheerysyqsip.shop
chooopywsqu.shop
clerkpolicemandwusi.xyz
colleaguedopzm.shop
conservaitiwo.shop
consideratisiqw.shop
constructgeneratisa.xyz
demopartisom.shop
densitybragpwq.shop
dirreopcspzx.shop
economiicsosoq.shop
energgyosiwpp.shop
ensuredqsnjqk.shop
eternallysosm.shop
evaluateoqwp.shop
fashiiosuwq.shop
fearlessywqmn.shop
flinngyuqwqum.shop
glisteniingwiw.shop
guardeedwospq.shop
guerrillatoswz.shop
hardshippdiv.shop
innovationows.shop
integratedmwqo.shop
interdepmon.shop
iserjpcektoq.shop
ivrelmanitt.shop
largerryskwhq.shop
linedsipzmxo.shop
lunchindooip.shop
matterrydamagedowkds.xyz
muuudsaowis.shop
notairdropton.shop
noticcedospq.shop
ohmparadouio.shop
persiisstowqop.shop
ponintnykqwm.shop
producersosuz.shop
professinowpqqz.shop
projectaownqo.shop
provicnwiqmp.shop
provisionfusni.shop
racklilekwqp.shop
reagoofydwqioo.shop
reptiledqowm.shop
revenuedsozp.shop
scenariospzm.shop
securedosqpsn.shop
shadowqsnqop.shop
strideforuwqm.shop
suntanynwowqm.shop
tenseddrywsqio.shop
tibedowqmwo.shop
toothydsozp.shop
transtitiowo.shop
twilightsizp.shop
uniqueadowpqm.shop
upsettymsnqwk.shop

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-08-29-v10677/1924

deteriotraiwo.shop
diamonykeqpwm.shop

# Reference: https://x.com/DonPasci/status/1832705603526910141
# Reference: https://tria.ge/240907-yqxbravbkg

teachherwjw.shop

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-09-08)

appointwiymo.shop
axisdebtwoq.shop
ballettabek.shop
basedsymsotp.shop
bassicnuadnwi.shop
ceremonynekwqn.shop
charistmatwio.shop
chocolatedwq.shop
collonymtqn.shop
commisionipwn.shop
complainnykso.shop
cutesliprpepo.shop
dairyucoemwk.shop
dealleromwn.shop
druggywuop.shop
forummykwqpm.shop
glassestacwop.shop
grassemenwji.shop
ignoracndwko.shop
limitadmitiwo.shop
pensiontqiw.shop
powderquattterwso.shop
preachstrwnwjw.shop
puproceliveo.shop
sculpturedowqm.shop
sentistivowmi.shop
serveghaweqjm.shop
stitchmiscpaew.shop
technicaltip.shop
unawaredfostwp.shop
votteryloeq.shop
waiteralcohowl.shop

# Reference: https://www.virustotal.com/gui/file/331be5f895b0d2fcc92a4477c87c40d247665ac35375e4af85646d820e1b37c1/detection

proffoduwnuq.shop

# Reference: https://www.virustotal.com/gui/file/09af84877c333dfaf359e968337bfaaac06736c432f588829475702272e1cf37/detection

toolstechs.com

# Reference: https://x.com/g0njxa/status/1835393713465405810
# Reference: https://x.com/NDA0E/status/1835403830252748847
# Reference: https://x.com/RakeshKrish12/status/1838820115720061013
# Reference: https://x.com/lontze7/status/1838836764909117750

apilumma1.fun
domainlumm.fun
funlumma.fun
lummarket.fun
lumnew.fun
marketlumm.fun
newlumm.fun
oldlumm.fun
oldlumma.fun

# Reference: https://x.com/banthisguy9349/status/1835769382733017281
# Reference: https://urlscan.io/search/#filename:%22dober.css%22

http://45.134.26.107
gapi-service.io
lastcoms.fun
static.247.173.76.144.clients.your-server.de

# Reference: https://x.com/fam4r/status/1836497372454465628
# Reference: https://x.com/malwrhunterteam/status/1836498511598059879
# Reference: https://cert-agid.gov.it/wp-content/uploads/2024/09/github-scanner_lumma_18-09-2024.json
# Reference: https://www.virustotal.com/gui/ip-address/185.208.159.43/relations
# Reference: https://www.virustotal.com/gui/file/10d4e15b63a07368299f2245661d7a4626cd1a91a9950a3cbed5b4276d2dc31f/detection
# Reference: https://www.virustotal.com/gui/file/d737637ee5f121d11a6f3295bf0d51b06218812b5ec04fe9ea484921e905a207/detection

2x.si
github-scanner.com
github-scanner.shop
githubscanner.workers.dev
eemmbryequo.shop
keennylrwmqlw.shop
licenseodqwmqn.shop
reggwardssdqw.shop
relaxatinownio.shop
tendencctywop.shop
tesecuuweqo.shop
tryyudjasudqo.shop

# Reference: https://x.com/iam_rajhans/status/1836717049353019614
# Reference: https://www.virustotal.com/gui/ip-address/99.79.122.234/relations

http://43.205.115.44
http://99.79.122.234
pancakeswap-finance.linkpc.net
updatemail.publicvm.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-09-19)

absentcurtaino.shop
acqutiygwl.shop
addicitedoqowm.shop
assettywkwm.shop
aviatiiitwinq.shop
bulletiiitenw.shop
couppertoobaw.shop
cyrtainnywkos.shop
damagedowqm.shop
deaddynpangju.shop
dumpliportiwo.shop
eliminatedowpq.shop
empiredmnuowq.shop
frightennywj.shop
genedjestytw.shop
harassuwqom.shop
heirafairiwo.shop
hennyrelatie.shop
leftoversowmo.shop
managgerowkso.shop
modesttylitwo.shop
murderryewowp.shop
mushroomwiwop.shop
nationattwllwqm.shop
pang-scrooge-carnage.shop
panushciwracelp.shop
planntyitemiw.shop
polishuwqiwom.shop
predictionmq.shop
productedmwqki.shop
proudebenehcs.shop
publicevkwop.shop
punisshepuredo.shop
rafaelappps.shop
resstyeggeuo.shop
salvaitoynwo.shop
seemlyewdmsn.shop
steepycentnqopm.shop
stoolybootwmwn.shop
stryyridomwn.shop
sulphugruewoqm.shop
tabledchargwo.shop
taillymodwp.shop
thirstyywowmq.shop
tinnyauthorsi.shop
understagkedow.shop
vottermrkw.shop
whhhelewmni.shop
wrappyprotesp.shop

# Reference: https://x.com/banthisguy9349/status/1825110613850276035
# Reference: https://x.com/malwrhunterteam/status/1837383953776353526
# Reference: https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2024-09-19-IOCs-for-file-downloader-to-Lumma-Stealer.txt
# Reference: https://www.virustotal.com/gui/file/2764239db3813e1bbf031ac00531bc98befe0ade1de06cf8b47c811a189217b8/detection
# Reference: https://www.virustotal.com/gui/file/dd6f96d0d6f6ed2b83df7552f77523688f2a2272fce63564bc9ffdcb3157b70e/detection
# Reference: https://www.virustotal.com/gui/file/55663778a8c593b77a82ea1be072c73dd6a1d7a9567bbfbfad7d3dec9f672996/detection

http://45.156.25.126
access-htaccess.com
back-kurwa.com
chick-chick666.com
hit-8841.com
nhit66.com
pick-pick.com
root-head.com
software-license1.com
two-root.com
/cock/dick/169.bin
/little/bitch/239.exe

# Reference: https://blog.sekoia.io/webdav-as-a-service-uncovering-the-infrastructure-behind-emmenhtal-loader-distribution/

91.92.243.198:81

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-09-22)

achievenmtynwjq.shop
appleboltelwk.shop
bearrytankkewo.shop
captainynfanw.shop
carrtychaintnyw.shop
chickerkuso.shop
contractowno.shop
coursedonnyre.shop
fossillargeiw.shop
intelligenctjwi.shop
intoductionweoa.shop
metallygaricwo.shop
milldymarskwom.shop
opponnentduei.shop
presennttykwo.shop
puredoffustow.shop
questionmwq.shop
quotamkdsdqo.shop
steppyplantnw.shop
strappystyio.shop
superrcolellwe.shop
surveriysiop.shop
tearrybyiwo.shop
tendencerangej.shop
trolleyrreiwn.shop

# Reference: https://x.com/banthisguy9349/status/1837835850245136743
# Reference: https://urlscan.io/search/#domain%3Ashop%20AND%20page.url%3A%22%2Fapi%22

abledzovmposia.shop
analystuysowp.shop
bananadwidndewo.shop
candidaiteopwm.shop
chammypaswiqo.shop
compunnnyyioq.shop
deliveerkoqwmn.shop
depsairryosp.shop
discoveriwm.shop
insistytriro.shop
joystickkyjwq.shop
lisstyassicrown.shop
liversymbwqp.shop
muggudrowiwm.shop
obstacleosdsapq.shop
ohhyhousedmxznw.shop
optinewlip.shop
refrencireoi.shop
resindecdesjai.shop
runngerrybiwo.shop
samledwwekspzxp.shop
shareehodwnqm.shop
soliddywdwu.shop
sopranntkwow.shop
stretchedsqosqp.shop
talktaitoovee.shop
tellyqperoiqo.shop
thanngkwwqlm.shop

# Reference: https://www.virustotal.com/gui/file/f7d5e31a90a7a436fb88277e0920c9675b69fa37eee1b97120a27f792ea8ca1d/detection

abortinoiwiam.shop
covvercilverow.shop
deallyharvenw.shop
defenddsouneuw.shop
priooozekw.shop
pumpkinkwquo.shop
racedsuitreow.shop
surroundeocw.shop

# Reference: https://www.virustotal.com/gui/file/2c59d45d84dcffce87d7185ad1c335413ca8e06e37873f24e596a1dcf89fb396/detection

65.109.127.181:3333

# Reference: https://www.virustotal.com/gui/file/ee4b3ad0ab7aa01d1c44e47bf7515628770a6d2458e4ed8f98820c5ff1883fa6/detection

mizzerablekmo.shop

# Reference: https://www.virustotal.com/gui/file/6081b51cb35b877e585e65440539df92d4e8516d7ae087cb18b7a7ce87707185/detection

drawzhotdog.shop
fragnantbui.shop
ghostreedmnu.shop
gutterydhowi.shop
offensivedzvju.shop
performenj.shop
reinforcenh.shop
stogeneratmns.shop
vozmeatillu.shop

# Reference: https://www.virustotal.com/gui/file/eaa4f17fe2fdee87a403b0880fd1fa3bdca6a7d9f435c44b38ab2a3ec058a8bb/detection

swinngydisaosp.shop

# Reference: https://x.com/DaveLikesMalwre/status/1838937361612161315
# Reference: https://x.com/NDA0E/status/1838943185415836139
# Reference: https://app.validin.com/detail?find=185.255.122.133&type=ip4&ref_id=30e288367c9#tab=resolutions

http://185.255.122.133
185.255.122.133:443
finalstepgo.com
finalsteptogo.com

# Reference: https://x.com/iam_rajhans/status/1839224928270225591

91.214.78.177:5500

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-09-25-v10703/2006

literacyhangwk.shop
roaddrermncomplai.shop
tiddymarktwo.shop
trustterwowqm.shop
wallkedsleeoi.shop

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-09-30)

admissionfaccen.shop
agreedmeanynj.shop
articultattkwm.shop
ballotnwu.site
bommotmynwjq.shop
branchtriviawlek.shop
candleduseiwo.shop
chaptermusu.store
chlakkymagazi.shop
cittypillyekwo.shop
coinnyfrownwejr.shop
conctrajwi.shop
dosedcastrerwns.shop
famikyjdiag.site
fannydayywjwo.shop
fastidioudqmwo.shop
filetip.shop
invitedmwdnqi.shop
liedshorqwi.shop
lootebarrkeyn.shop
moduledfahhhiov.shop
mysteryedjw.site
oldenlumm.fun
patternucapri.shop
pianoswimen.shop
pilotyiess.shop
possiwreeste.site
ptramidermsnqj.shop
raciimoppero.shop
reliabledmwqj.shop
riderratttinow.shop
siegednwqu.shop
statuesquesiqow.shop
swipedbakkwo.shop
teenaggerwwysm.shop
teenylogicod.shop
underlinemdsj.site
videobenefdii.shop
wrisstytenewj.shop
younngpresseo.shop

# Reference: https://x.com/malwrhunterteam/status/1841063554637541521
# Reference: https://www.virustotal.com/gui/file/467af926472622448eb04925b9fa7351e8542f277f489ae792288829efa164dc/detection

agentyanlark.site
bellykmrebk.site
commandejorsk.site
delaylacedmn.site
offensivednsh.store
writekdmsnu.site

# Reference: https://x.com/malwrhunterteam/status/1841409205716066561
# Reference: https://www.virustotal.com/gui/file/6275fdc6cb613300c08ef09917a6dcd2da5eb1fef5e20bdd214fd9fefeafd8fb/detection

abnomalrkmu.site
absorptioniw.site
chorusarorp.site
gravvitywio.store
mysterisop.site
nurserrsjwuwq.shop
questionsmw.store
snarlypagowo.site
soldiefieop.site
treatynreit.site

# Reference: https://www.silentpush.com/blog/fin7-malware-deepfake-ai-honeypot/
# Reference: https://www.virustotal.com/gui/file/34cba2f6c710bb76d47f9fce2d8b5c462e11b35cd352751b6cdd453521d0a761/detection

fileworld.shop
privilegedkoq.shop
thesiszppdsmi.shop

# Generic

/c2conf
/c2sock
/lumma0805.exe
/lumma0207.exe
/lumma2406.exe
/lumma2606.exe
/lumma2806.exe
/lummnew.exe
