# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: vidar stealer, mars stealer, lumma, stealerc, fdjskfdsjibdbot, snegmeetbot, sneprivate24

# Reference: https://twitter.com/malware_traffic/status/1112776731331620865

hospitaleco.com

# Reference: https://twitter.com/malware_traffic/status/1103717653590482944

gettorrent.ac.ug

# Reference: https://twitter.com/malware_traffic/status/1101164760647847936

capitalinvest.ac.ug

# Reference: https://twitter.com/malware_traffic/status/1083771485997670400

tepingost.ug

# Reference: https://twitter.com/K_N1kolenko/status/1116263090562183168
# Reference: https://pastebin.com/jFhkBu32

bokolavrstos.com
newagenias.com
binacoirel.com
malansio.com
jamaliensor.com
kolobkoproms.ug
bastionprofi.ug
tepingost.ug
startolete-vn.ug
bestchope.ug
fashionhub.ug
mytradecrypto.ug
applezone.ug
travelups.co.ug
travelforyou.ac.ug
einvestment.ac.ug
newphone.ac.ug
newstoday.ug
globalcoin.ac.ug
yourseo.ac.ug
cryptoshop.ac.ug
capitalinvest.ac.ug
onlineinvestment.ac.ug
allcashbacks.ac.ug
getpayment.ac.ug
gettorrent.ac.ug
proshop.ac.ug
yandex.ac.ug
yandex.ug
google.ac.ug
search.ac.ug
hospitaleco.com
oldspicebest.com
refenansoro.com

# Reference: https://twitter.com/x42x5a/status/1121094286613852162

santaluisa.top

# Reference: https://twitter.com/VK_Intel/status/1125549719885893633

golenirose.com

# Reference: https://app.any.run/tasks/6faf55b6-9675-4c23-acf6-e165e1938e43/
# Reference: https://twitter.com/raby_mr/status/1136498987890925569

crypto-widget.live
penthausebrones.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1166604400489639936

eroomia.com

# Reference: https://twitter.com/malware_traffic/status/1169727825823354880

xhth516682.com

# Reference: https://twitter.com/ActorExpose/status/1176782301222658048
# Reference: https://app.any.run/tasks/6d880837-3ba9-439c-b67b-ee6d2837b645/

aaenyhostel.org

# Reference: https://github.com/silence-is-best/c2db#vidar-stealer

weimachel.net

# Reference: https://twitter.com/0xFrost/status/1182973846208598017
# Reference: https://app.any.run/tasks/d498ebc5-51cd-446f-9d98-7e43628b56b5/

garbage-barabage.top

# Reference: https://app.any.run/tasks/52656d24-b866-416c-b703-ee0fae0e3f78/

klegrandlichgrum.com

# Reference: https://twitter.com/James_inthe_box/status/1191695072032460800

qubert.org

# Reference: https://pastebin.com/xwT2gAgE

acrelop.com
martinlloyd.net
pineloseesrae.com
qubert.org

# Reference: https://app.any.run/tasks/42a9a425-d8f8-4504-8bbf-63c0c10c4bda/

gebrauchlichtal.com

# Reference: https://twitter.com/Paladin3161/status/1162320397368381441

villadubois.org

# Reference: https://twitter.com/P3pperP0tts/status/1178820466917675008

lanokhasd.com

# Reference: https://twitter.com/P3pperP0tts/status/1196440836852125698

steerdemens.com

# Reference: https://twitter.com/P3pperP0tts/status/1197178756068257795
# Reference: https://www.virustotal.com/gui/ip-address/209.141.33.126/relations

http://209.141.33.126
steerdemens.com
starlikespace.org
longvoyages.com
xd.botnet.services

# Reference: https://twitter.com/P3pperP0tts/status/1198935640664133644

crarepo.com

# Reference: https://twitter.com/P3pperP0tts/status/1198984250420269057
# Reference: https://app.any.run/tasks/60002c6f-65b1-4597-a011-1b2de844e56f/
# Reference: https://app.any.run/tasks/16784961-e95f-403d-8726-ad04d37c7b8a/
# Reference: https://www.virustotal.com/gui/file/1223da902b1525073ad6a4a71214b1c1b062fa61ce23138dcea4e7c7bfe9b8ab/detection

agent1.icu
agent2.icu
amdsetup4.icu
amdsetup5.icu
juhubeachn.com
legion17.icu
toplegions1.icu
updateinfo3.top
updateinfo4.top

# Reference: https://pastebin.com/iDrBJG8j

fastupdate1.top
fastupdate2.top
fastupdate3.top
fastupdate4.top
foxupdate1.me
foxupdate2.me
homeporno228.com
legion17.com
thepleasurelive.com

# Reference: https://pastebin.com/x2qLz9FJ

voyagephoshop.org

# Reference: https://twitter.com/ViriBack/status/1202413165482409984

http://195.133.1.170
ahmatokomaro.pw
bestdead.pw
petordementyev.pw

# Reference: https://pastebin.com/HBSmJ4wb

789456123.monster
legion17.net
lowupdate3.top
lowupdate4.top
softupdate1.me
softupdate2.me
xylolle.com
ybookfli.net

# Reference: https://app.any.run/tasks/45b54b0e-6de2-4975-b640-779026655f7c/

grelkafestivales.com

# Reference: https://twitter.com/MBThreatIntel/status/1225917125493018624

naumokukea.com
porosnter55.xyz

# Reference: https://www.virustotal.com/gui/file/48c34dd8345ab24ac203e3efc7f46643c4817a42b12fcd7c8a62211b4f4fc02d/detection

gyeonggidoo.com

# Reference: https://twitter.com/P3pperP0tts/status/1228775071260594176

greenlandsurround.com

# Reference: https://app.any.run/tasks/2e1aa0da-69b6-4f5f-847b-243cfaaabd4a/

gewe.tech

# Reference: https://www.virustotal.com/gui/file/2ca7597f7b6a1227c6bace9b1441f2b439935f02a35ffa2a2562f5ccc6cff8e4/detection

maineacadia.com

# Reference: https://www.virustotal.com/gui/domain/paparazzis.pw/relations

paparazzis.pw

# Reference: https://twitter.com/malwrhunterteam/status/1242355604477423617

whoer-vpn.net

# Reference: https://www.virustotal.com/gui/ip-address/161.117.177.248/relations

verifiedomg.top

# Reference: https://twitter.com/JAMESWT_MHT/status/1246056096055406592
# Reference: https://app.any.run/tasks/d75d4f69-8381-46c7-9f0e-ce5ba2eb1ac1/

etips.fun

# Reference: https://app.any.run/tasks/fe00595d-b20e-4f2e-9c47-9f1cb79a63b3/

wrangellse.com

# Reference: https://twitter.com/James_inthe_box/status/1248964446505947136
# Reference: https://app.any.run/tasks/4cc95d8b-f2c7-457d-97d2-991d0115c1b4/

yrhealth.life

# Reference: https://app.any.run/tasks/d8a2ef38-b0a0-4619-ab21-918d7e6eefcf/
# Reference: https://www.virustotal.com/gui/domain/mastercard.ru.com/relations

mastercard.ru.com

# Reference: https://twitter.com/petrovic082/status/1257619785707393034
# Reference: https://app.any.run/tasks/a3380ace-5f86-4240-a986-f244231c05cc/

archessee.com

# Reference: https://app.any.run/tasks/93596f59-77f9-4b55-af25-3939594ed913/

repitoperano.pw

# Reference: https://www.virustotal.com/gui/domain/waterpocketfold.com/relations
# Reference: https://app.any.run/tasks/b7d1ca5f-e49f-4d50-b4b0-690e6b8b7783/

waterpocketfold.com

# Reference: https://app.any.run/tasks/d6a32934-daf9-4b83-9a2a-9f5a5feb4b64/

barddistocor.com

# Reference: https://app.any.run/tasks/32e30b47-f656-4505-af07-7e3f7c0c3b93/

http://213.226.114.54

# Reference: https://twitter.com/malwrhunterteam/status/1264259160918671363
# Reference: https://www.virustotal.com/gui/domain/sumliomicna.com/relations

sumliomicna.com

# Reference: https://www.virustotal.com/gui/file/ffc9319863cf7efe7575c36357ecd7102f99c99758ed94e97d31d78c7e1966a3/detection

headborro.com

# Reference: https://twitter.com/vigilantbeluga/status/1257891038582067200
# Reference: https://www.virustotal.com/gui/domain/chumashpeople.com/relations

chumashpeople.com

# Reference: https://www.virustotal.com/gui/file/13f8e88a6f37b999c12513887752d7a03637e32106ef4109e11a9a8f260ccfab/detection

piedmontteem.com

# Reference: https://www.virustotal.com/gui/file/aecddb3a9656759f5681708172573f435c3db0539d6a7a0230ec93b4e3f131a1/detection
# Reference: https://www.virustotal.com/gui/file/e0830aec7a5737f0558860a3ff192c6270bf57b2bc1c01ad514c012f7d039bae/detection
# Reference: https://www.virustotal.com/gui/file/87dac3be0edd3b599b3d50eec0edbe751e6d2951b22182a85b017acf26d485f7/detection

backgrounds.pk
jamshed.pk
karimgousa.ug
karimgouss.ug
levitt.ug
levitts.ug
marcakass.ug
tribunal.ug
zaragoza.co.ug

# Reference: https://www.virustotal.com/gui/file/f1d7ea9dcf7abe22f07f3d14fb21636e47bb0def2f766632a547d20f7d258aa5/detection

http://37.252.5.111

# Reference: https://www.virustotal.com/gui/file/f2a0fdf6caf5be2b84dcc0efb0c59082fa67350d49a1f2951b451df6f1d2bb21/detection

tomasisa.ug

# Reference: https://www.virustotal.com/gui/file/51b82ddc8786bdd8a0805baebaa243df7910711d422aad9f5fa867f46c7fcc71/detection
# Reference: https://www.virustotal.com/gui/file/cd8751bd47174dbae36c414383ca789d6d23062d528a34eaa81924cb3c0bfaf5/detection
# Reference: https://www.virustotal.com/gui/file/30ff25b4a60bd0e1f46e544dc44138aa3cf59ef87a84f1eafae990c61f1e5266/detection
# Reference: https://www.virustotal.com/gui/file/1969bcde226f3b3bcfb67912b5ff6efd8038383dc2655980a6f51730e8361d09/detection
# Reference: https://www.virustotal.com/gui/file/c81ae80ffb2e2a3af8c2b5ae405f848ed094e3f4112a501c4bb773d5f494239d/detection

lkjhgfdsa4.ru
zver.tech

# Reference: https://www.virustotal.com/gui/file/5282290d0d6e2b1add3d298052c4f607afa58e12559ddcf99da3a242d8329cf8/detection

sl9XA73g7u3EO07WT42n7f4vIn5fZH.biz

# Reference: https://www.virustotal.com/gui/file/bc275cd76478e4d3387740dd955d9b9b5b36f064656ecb1e1cea9b8649eec57d/detection

smarteyecare.in

# Reference: https://www.virustotal.com/gui/file/eb496b85f98f8b3f2b4f4150295b490c04b6b710818b9ebf592272b5dd3005c0/detection

precambrianera.com

# Reference: https://app.any.run/tasks/4b8bd5e5-b60d-45ee-9fa1-e631e591987b/

likeanimals.net

# Reference: https://www.virustotal.com/gui/file/50d214d5c28d4fe7980d89449aed8714b12285ec9f7e21e3bf21c66d3f2797d0/detection

nextgentoolkit.com

# Reference: https://www.virustotal.com/gui/ip-address/217.8.117.77/relations
# Reference: https://app.any.run/tasks/3b0bd018-731d-493c-a4d3-9a58a97e03ff/
# Reference: https://www.virustotal.com/gui/file/aba9f9d6904d1474f7a0693e80d182eff9cb8a1c185f0090876cf8eb83914cbb/detection
# Reference: https://www.virustotal.com/gui/file/c08958f222a52901aade88ebe2c3636a8bca3bf9fb6874ffbae93261ebfec86f/detection

agentt.ac.ug
agenttt.ac.ug
andreas.ac.ug
andres.ac.ug
courtneyhones.ac.ug
courtneyjjones.ac.ug
courtneyjones.ac.ug
courtneysdv.ac.ug
ferreira.ac.ug
ferreiranadii.ac.ug
foundsomebo.ac.ug
iloveyoubabu.ac.ug
iloveyoubaby.ac.ug
jamesrlongacre.ac.ug
jonescourtney.ac.ug
letitburnsf.ac.ug
malarcvgs.ac.ug
morasergio.ac.ug
morasergiov.ac.ug
nadia.ac.ug

# Reference: https://twitter.com/JAMESWT_MHT/status/1328290554912903169
# Reference: https://app.any.run/tasks/34c3a80a-83a1-476e-80ce-2ce62e40e0b7/
# Reference: https://www.virustotal.com/gui/file/0ea95746928602fad4896c1085ee0125dbeb29145dea813ad3444f648c9db2c8/detection
# Reference: https://www.virustotal.com/gui/file/95268ee22cb09ca871b56ede8eca4a1655490ef02ad14bbd2c02b60eea19481c/detection
# Reference: https://www.virustotal.com/gui/file/9dd08cf2672502db217f9772affb88657f8559d8f4d946af25c4b22428ea336a/detection
# Reference: https://www.virustotal.com/gui/file/a6dbfda2fe88b1f7e1184f3ab5fd3e206aece25707fb55d25b1fda513bf93007/detection

buydating.co.ug
gomisacar.com
rineialav.com
swiloodex.com

# Reference: https://www.virustotal.com/gui/file/9a5e8b3e5929b50b2ac4c44587fb01153ad9377681c3ca5c2dfee11830a2caec/detection

sbershit.com

# Reference: https://www.virustotal.com/gui/file/76ce130d2447f71bea8ed902959fd7e0aeac86b55f9e44a327c1f1c1bd73ba3f/detection

molothunsen.com

# Reference: https://www.virustotal.com/gui/file/9f7708675b4cb733db4405d8c42f54828d7069e990bc8238f74abe8222425037/detection

whoicehkestes.com

# Reference: https://www.virustotal.com/gui/file/628a9c97a55155f60d3b5ae29bc64f1dca5a6baf2b4f6a1a1de5e836cd4fb73f/detection

desperate.website

# Reference: https://www.virustotal.com/gui/file/95bf761c12eba2be84e29c60e31017bc60007ed0f38fcdf261d5fef34e8e4f2f/detection

badlandsparks.com

# Reference: https://www.virustotal.com/gui/file/0af341a92c789bd37e8d7d029f0c225f66f5137f678ea8082426bb565261e740/detection

paunsaugunt.com

# Reference: https://www.virustotal.com/gui/file/7b5a9d6119e910f5c0441ae27293b0367718a4257062f29ec8ef27342a0b8de8/detection

biscayneinn.com

# Reference: https://app.any.run/tasks/4ec40ce2-3250-47c5-96d8-07bcb4c4d1b9/

realmengame.com

# Reference: https://app.any.run/tasks/2c8c2f47-e965-4ca7-ab5f-bf8bcefd74b2/

marianne.ac.ug

# Reference: https://www.virustotal.com/gui/file/2953c2448667bc21d451fce8747513bfaaf0df312df1e0a47604ea49a2bbbda4/detection

prosecuredata.top

# Reference: https://www.virustotal.com/gui/file/b25e4f3d4cfb1ade5d4d68469d6f9b365dddc0296f4a66b2e60f29d476889db9/detection

altmessager.com

# Reference: https://www.virustotal.com/gui/file/3d4b459e2a4a78a2c693876b548b248acf9bb3278fb87ec66b5e4cf204a42cf9/detection
# Reference: https://www.virustotal.com/gui/file/b2ca76052b184c69881e79f3f7549ae884f38a57f50f5801fa40aa953f20b11b/detection

kenutduk.duckdns.org

# Reference: https://app.any.run/tasks/030e7573-8696-417e-8741-b8f80e43caa6/

goodssogood.com

# Reference: https://app.any.run/tasks/5a354632-e77c-42ab-8ff0-87bcad5c78fc/

/a/a/www/

# Reference: https://www.virustotal.com/gui/file/240a264d7565a846f6b1a1d83fbec957351de24e6096cf325e6fb24f229e81a1/detection

paperone.co.ug

# Reference: https://www.virustotal.com/gui/file/54976d4745f4fe0b1492cdecdfdb465a81b8acfe305e210d3e2a39b945889082/detection

hydrakupi.co.ug

# Reference: https://www.virustotal.com/gui/file/899940dfc0c21fb132d23ffb7f8bd4bfbef3bd52b741f1da49834dbcd4ac0578/detection

fastkisel.co.ug

# Reference: https://www.virustotal.com/gui/file/477c7d30787de3f979707583bdfae90fb84bd070003c2ccfd260cba2aed08234/detection

didntreadlol.com

# Reference: https://www.virustotal.com/gui/file/7a48e7fad9485df2316249060c7820a56ddb1b0c2841718744e31fe9b5b18786/detection

duckclack.com

# Reference: https://twitter.com/pmmkowalczyk/status/1369275271011041281
# Reference: https://www.virustotal.com/gui/file/d466ef9698569363af4f08b64235817c7838c726c1faee300582aab3d90f5683/detection

/lancer/getm.php?pid=

# Reference: https://www.virustotal.com/gui/file/0a98dfea9758a2d86facdd37086aae816688386cb897957d72ce95fe2c12093f/detection

zockzock.top

# Reference: https://www.virustotal.com/gui/file/802f2e368248bf75bb83af798f562f9fb2bf07227500b0986abc16a0b42d3ebb/detection
# Reference: https://www.virustotal.com/gui/file/6039cff3d4e528c47b3cd505d14ba6645b4056aa139a06150a0ace56c9cd402f/detection

test.adegokecollege.com

# Reference: https://www.virustotal.com/gui/file/2f4dc31023ec39356b3aa220863cba0ac8b25770641423bccf79ee2b10d77278/detection

nmorbertomo.ac.ug

# Reference: https://www.virustotal.com/gui/file/2e99c313e0c650e1550099cda6493a1896741c8ca294b201d2f2edd5238cdb7a/detection

http://45.147.198.62

# Reference: https://app.any.run/tasks/377e6816-2765-4384-bf2a-4818f84b2b8d/

cache.krishgarden.com

# Reference: https://www.virustotal.com/gui/file/764574a80f1738d589a165cb5fecc7840220c7e72ffe795be772ccf58a0f7ceb/detection

static.parafia-strumiany.pl

# Reference: https://www.virustotal.com/gui/file/0e55e17532909ad5ad34eb4e35d791b27c6951dd15a8baba34c29ae572c884d0/detection

ciaociaoline.com

# Reference: https://twitter.com/c3rb3ru5d3d53c/status/1380870829932744707
# Reference: https://app.any.run/tasks/edc50f68-7088-439e-8993-b6bf2fbb4cde/

data.parafia-strumiany.pl

# Reference: https://app.any.run/tasks/0273000c-ebf5-4a51-a89e-3d0159ff5bb3/

http://45.85.90.86

# Reference: https://twitter.com/fr0s7_/status/1384855677659660288
# Reference: https://app.any.run/tasks/210dcd67-5096-4f79-9cb7-21502ca24854/

stealer.xxxy.biz

# Reference: https://twitter.com/reecdeep/status/1387777010097852426

http://203.159.80.206

# Reference: https://www.virustotal.com/gui/file/e5686e76056d1a4ac0a3120e1de3e3ab9aca585fb151881e76885d36a6621092/detection

lotomoto.info

# Reference: https://twitter.com/James_inthe_box/status/1389233811251073033
# Reference: https://app.any.run/tasks/4a9b349d-ade4-4723-ac41-40415532e8bc/
# Reference: https://app.any.run/tasks/3e24fd12-9eed-4e6a-9b49-dfd3d8341a87/

http://31.210.21.181

# Reference: https://www.virustotal.com/gui/file/bbd4dd21dde67a96ac02aa9795ce662fa36d4edb90d13f2ffbdeee0d4aea5050/detection

vtqt.xyz

# Reference: https://www.virustotal.com/gui/file/3be583104ac2df031993b4f1bcbca40c01cefc5282050bc70b74e6e428291aba/detection

http://31.210.20.228

# Reference: https://www.virustotal.com/gui/file/55f1a2084fd1c1d5477519f06b02aa4fa4d917aaceffd116fc45820dc49a7795/detection

osiq.xyz

# Reference: https://www.virustotal.com/gui/file/7d449aa7f0c8097671688a2636f7b2d748f5ee3e4e63de3447d903fd371533f0/detection

http://45.144.225.173

# Reference: https://www.virustotal.com/gui/file/fa1b210bdfaa9d9ed60eeee1196af0a697ed9bb1b6fbcc7108ebf43b55a313a5/detection

http://159.69.87.239

# Reference: https://www.virustotal.com/gui/ip-address/188.34.193.205/relations
# Reference: https://www.virustotal.com/gui/file/83422a63a67f69382eb8b0770a89d1841b43aac04beb7ae14429d35ce4b77a3f/detection

http://188.34.193.205

# Reference: https://www.virustotal.com/gui/file/8209fcebdc81bc471b8abd57c07a18a7f222803f625028e26e343fde63183fda/detection

http://78.142.29.63

# Reference: https://www.virustotal.com/gui/file/1fa6a1833e1fe0875ea6f0ddf0dab47659a5a9cc8db80e6496177215bfbff498/detection

worstyear2020.com

# Reference: https://www.virustotal.com/gui/file/dfe963eae24c412b410f879df4f8fdec5b1a4fa8e20f44ab4eea4af4f811cf19/detection

dollartikuda.xyz
ys-gay.net

# Reference: https://www.virustotal.com/gui/file/c41aa6d6eeac57851b0a00a619609ed764072881b85b7dad25ac30f2856eda43/detection

support121.ddns.net

# Reference: https://www.virustotal.com/gui/file/f7a75dfb71ae46a4d6732100359c7d1b6fb5bb65338d6d1b702871ca492d3d54/detection

sefagusten.top

# Reference: https://www.virustotal.com/gui/file/cdeda69bc5ed54e292430a0e7017a66472ef4a1a25e3ebc125785fa2f9dc2bd9/detection

siwirnes.top

# Reference: https://www.virustotal.com/gui/file/573ac5d6b60b2965407c8fbf5c9d0f82067a19c27db420c4f5e9067798bcf6f9/detection

http://162.55.189.102

# Reference: https://www.virustotal.com/gui/file/835c8f02b83dd9bf4b3bf34f7e786b9b37c22924977eab54c6be9f69f1fefc69/detection

http://168.119.226.10

# Reference: https://www.virustotal.com/gui/file/326bebb9e00419c94b901a4597b8d8b1b56ac6ca9cbb96fc8f40df4d85d588cb/detection

http://176.123.4.140

# Reference: https://www.virustotal.com/gui/file/f4a1b439d5d5dcda842507571335e05665dfddc1cec1690d2fa66480c84d3e50/detection

http://185.99.133.218

# Reference: https://www.virustotal.com/gui/file/addabc3e06c8044f4eb4dfc9b63c0d40c4c3e628761ac097a8647d105376051c/detection

http://188.34.193.205

# Reference: https://www.virustotal.com/gui/file/dc466832b1cfeb541df94d49aea4de357c034f78bf70480c27fe265e440010bf/detection

http://159.69.87.239

# Reference: https://www.virustotal.com/gui/file/49b3c1cea44676e46f5dd2d99db7810d3e09d256318be8429d1faa25a53d80b6/detection

http://195.201.94.135

# Reference: https://www.virustotal.com/gui/file/8d2dbbfd60c93fa6faf7f7b3bcfe4ac73dc6c2870911fe8f2c1c4e14bff90499/detection

http://49.12.77.13

# Reference: https://www.virustotal.com/gui/file/d17da61df61aace32659d4c00fd886a6115c893ce48b84c1a819ed6cb7fc1a61/detection

http://198.98.55.103

# Reference: https://www.virustotal.com/gui/file/00bebbc8e8adec6a7133ea0b83663d072b50cdab673d6b4d42b41d0a3fd61bc7/detection

djalil.top

# Reference: https://www.virustotal.com/gui/file/cc981c93093a992a27a48072beda1ebeefd2c23d1e961fd427995d389960890b/detection

lookluck.net

# Reference: https://www.virustotal.com/gui/file/3436be047261b75482542deb4e22e89927e89f60b6061fa32d72043ef8e4afad/detection

http://205.185.127.90

# Reference: https://www.virustotal.com/gui/file/6d68a55fc9958ed4e1e38eb44159f7ef87c434f91c78ae5c8bc58a979526f0da/detection

http://116.203.140.224
http://78.47.81.226

# Reference: https://www.virustotal.com/gui/file/dccba229de62bcbd976968e97f5c2febecf9408e339c553371563e43e8f7be48/detection

http://78.47.87.144

# Reference: https://www.virustotal.com/gui/file/bf9be8425f9523539e9fadbd7b96ced4fc65eaabb1006996a6974c6da8041a7e/detection

http://88.198.106.10

# Reference: https://www.virustotal.com/gui/file/a439026408378e73e65afe890e517d9fd78ed55739840cd0eec1e0d83056dd33/detection

http://94.130.58.199

# Reference: https://medium.com/s2wlab/deep-analysis-of-vidar-stealer-ebfc3b557aed
# Reference: https://otx.alienvault.com/pulse/60b10fc3cf96ed70dad3bc07

bittracker.co.ug
blockbock.com
bockbock.top
bocksmoke.com
brainstormer.co.ug
cache.krishgarden.com
centos8lts.com
centoswiki.co.ug
choohchooh.com
ciaociaoline.com
ciaociaoline.top
customkitchaid.com
data.parafia-strumiany.pl
didntreadlol.com
djalil.top
dockclock.pro
duckclack.com
fastkisel.co.ug
flinstonehouse.co.ug
ftp.dwysokinski.me
fuckspha.com
gate.akadns9.net
goodssogood.com
guilmettemoron.com
hydrakupi.co.ug
juhjuh.com
kenutduk.duckdns.org
kiselev.co.ug
lookluck.net
mail.kiselev.co.ug
paperone.co.ug
promo.parafia-strumiany.pl
protestbonjer.ml
shirleyhorn.com
smtp.omplcement.com
static.accelerator-introlab.ml
static.helpmybusiness.ga
static.parafia-strumiany.pl
upload.krishgarden.com
yourpro.top
zockzock.top

# Reference: https://www.virustotal.com/gui/ip-address/185.215.113.114/relations
# Reference: https://www.virustotal.com/gui/file/4b17367ca1fa965f3e4c89a58c7f0325157c224eb80d3344490c7f368f12a833/detection

bilederina.top
binoders.top
cerolipak.top
manusorg.top
mutaleson.top
tenorimp.top
veribuman.top
cleardatass.com
datastatscl.com
statsdatacl.com

# Reference: https://www.virustotal.com/gui/file/c54b414ff7ca8ec5843b3944a53b63fd1a904be8423be677a738060fb1546ff2/detection

http://103.155.81.167

# Reference: https://tria.ge/210710-kzbnpe2rbx

sergeevih43.tumblr.com

# Reference: https://www.virustotal.com/gui/file/ec763b65e400b9caaf560db4f26600251bd0971c7202a799dc7c3ce732a3717b/detection

http://162.55.223.232

# Reference: https://www.virustotal.com/gui/file/b32eb85e201ed5cb4bdef0f43882da7c32807d9be2dc9412aae0db3162d46fb2/detection

http://5.34.178.48

# Reference: https://twitter.com/pollo290987/status/1415925808766623744

sslamlssa1.tumblr.com

# Reference: https://www.virustotal.com/gui/file/a94a56609fd846b118788f9b003adecbdf47b06380cc9d9af5bd403fc5362941/detection
# Reference: https://www.virustotal.com/gui/file/f83d5140698073bdaa2e907ee6cbe025256b5796ce18f0d2cbc8efff4e9962cb/detection

http://116.202.183.50
xeronxikxxx.tumblr.com

# Reference: https://tria.ge/210726-6jdmkdfwcs

shpak125.tumblr.com

# Reference: https://twitter.com/reecdeep/status/1422191780833988616
# Reference: https://www.virustotal.com/gui/file/6c67e1ccf77b872b1f3cf257a257d75c4995dc079945080f578b51357ccdbe55/detection

himarkh.xyz

# Reference: https://twitter.com/Racco42/status/1422961309012930564
# Reference: https://app.any.run/tasks/b295d801-8643-4b42-a848-55c8fa5c22a1/

irkark.xyz

# Reference: https://www.virustotal.com/gui/file/7e04a5f055b6ea1d3402465c4bc96f89b660b82c494b860832f5b7540608bb70/detection
# Reference: https://www.virustotal.com/gui/file/aa1dc867430200195ec34624c58bce2dec6bcda1f837529c564b7cfab0ee978f/detection
# Reference: https://www.joesandbox.com/analysis/454005?idtype=analysisid

anqwcvaaq.xyz
/8GzIpNiHlc.php
/Fl26aoXOqL.php

# Reference: https://www.virustotal.com/gui/ip-address/188.130.139.107/relations

indiacas.xyz
indiamed.xyz
indianot.xyz
kazced.site
kazfds.xyz
kazkef.site
kazksc.xyz
kaznas.site
kazopz.xyz
kazxzs.xyz

# Reference: https://twitter.com/benkow_/status/1443189560024969226
# Reference: https://tria.ge/210929-pd2k9sfacl/behavioral1

http://79.124.78.139

# Reference: https://twitter.com/benkow_/status/1447835812050112516
# Reference: https://tria.ge/211012-jzgv4abhb7/behavioral1

gurums.online

# Reference: https://twitter.com/InQuest/status/1450099115258486784

http://136.144.41.229
searcer.x24hr.com
/gJCbU1V9y2.php

# Reference: https://twitter.com/benkow_/status/1457786964191571977
# Reference: https://tria.ge/211108-xpsfqschd6/behavioral1

http://65.108.80.190

# Reference: https://tria.ge/211117-lb4q3aehak/behavioral1

http://159.69.92.223

# Reference: https://twitter.com/Jane_0stin/status/1463981701596598272
# Reference: https://app.any.run/tasks/762741f6-b2d4-4fde-bf1c-111caf124379/

die-grausamste-herrin.at

# Reference: https://www.virustotal.com/gui/file/1ac64c5db03f0fc9729de68be00e2eff7a59f8e10d2ec50c5d348029de745ba4/detection

http://185.215.113.22
/E2vacMBpWA.php

# Reference: https://twitter.com/ViriBack/status/1476718496218324993
# Reference: https://tria.ge/211231-a19g3aehhj/behavioral1

main2.flashysoft.me

# Reference: https://www.virustotal.com/gui/file/baf599abab1d6969e1ba455f83375cbc9643bbe5049189729d3ce60be08e4a58/detection

http://188.34.200.103

# Reference: https://github.com/ti-research-io/ti/blob/main/ioc_extender/TF_vidar.json

derxblog.de
milktr.uk

# Reference: https://www.virustotal.com/gui/file/c3e725df442abe93e1d1d5ca01fc8105521c82e8e5f86d07171d8f95562c59a5/detection

http://49.12.198.69

# Reference: https://twitter.com/crep1x/status/1478361605394116612

http://116.202.186.120

# Reference: https://twitter.com/crep1x/status/1475535929985187846
# Reference: https://tria.ge/211227-sfrevsbcfq/behavioral1
# Reference: https://www.virustotal.com/gui/file/12f67b777aa65271b2e5773b042cbf8bc1c0bf8cabaf356aa05b583a1e581b94/detection

http://116.202.188.27

# Reference: https://www.virustotal.com/gui/file/42e77b0c32a2e1d98bb7e45198c83f92cad7f33b1369bc61c38ceab0ec2cd4f3/detection

http://167.86.127.231

# Reference: https://twitter.com/crep1x/status/1480574856265711618

http://78.46.160.87

# Reference: https://www.virustotal.com/gui/file/01a46fe5d3f043fe1b45548a36b63edfd841c1841ec5b6878d10ecab36d81d88/detection

http://65.108.180.72

# Reference: https://www.virustotal.com/gui/file/15bd912b0e66bf88fc6dbae28754cb085bfa199b7f7e0d4989ab39a747053be6/detection

hjggvbc.ru

# Reference: https://www.virustotal.com/gui/file/00706aeb7422cf62dbcf72342b913d32e85a68d025629d9ea464162ece67bcc2/detection

http://116.203.165.54

# Reference: https://www.virustotal.com/gui/file/005d0cbf83fcceb2657b56711cc56a4144d9c58a8393d3d1ae052db880b60269/detection

boombangers00666999.sc
/gate2233.php

# Reference: https://twitter.com/ViriBack/status/1487421178557964292
# Reference: https://app.any.run/tasks/49b5dee3-f179-4d8d-8000-0a7cde350c1e/
# Reference: https://www.virustotal.com/gui/file/2c35ee480e2ea480624011857326defe537063bb383824013a8f8a0b9182e3b1/detection

anydesk.computer
panel.computer

# Reference: https://www.virustotal.com/gui/file/27afc8d7727c80c934d73e4aa021ab138b99149023dbc1625c8d4ba867981652/detection

banlobora2.temp.swtest.ru

# Reference: https://www.virustotal.com/gui/file/2d299fcdf7562306634b74f187b445ad17ca07495d2a36ffca86c7425a7982db/detection

opmos.temp.swtest.ru

# Reference: https://www.virustotal.com/gui/file/7da3029263bfbb0699119a715ce22a3941cf8100428fd43c9e1e46bf436ca687/detection

cookreceipts.fun

# Reference: https://www.virustotal.com/gui/file/3c81b46f9c2fd6871f6844585c9d835eea672e1e0c8e26e667ce8049579e3245/detection

sl9XA73g7u3EO07WT42n7f4vIn5fZH.biz

# Reference: https://www.virustotal.com/gui/file/1e0608ba01db4c6a953d5a2bf144a944d5939790fd9e0acd7c06a37563470add/detection

f0457102.xsph.ru

# Reference: https://www.virustotal.com/gui/file/6e5bef09238ff67eb3c4765eed4a0d647a3b0d9be6e7604a3e9a0d509623c6fd/detection

admin.foa.ae

# Reference: https://www.virustotal.com/gui/file/c145a437ca06f644c48e37c597d6efc46f4a0e4d8b1bfb265a1d28ced7e8009b/detection

bergamot.nu

# Reference: https://www.virustotal.com/gui/file/4e842aade6a22d8efbcae4bd9cde73de26398f7f70a06fc09042ed72bb61465a/detection

cmd3490ghbdtn3.ru

# Reference: https://www.virustotal.com/gui/file/c48534128c907c63db7b3f995cbb17eb67a973a8abc7e567cac4229889df1535/detection

databasecontrol.xyz

# Reference: https://www.virustotal.com/gui/file/253a4539177c2e6617a98571a87211a364d1a9d6dee454589548a6413db23be5/detection

datamon.cc

# Reference: https://www.virustotal.com/gui/file/03830b7509fe6e46ea89d7fe60f732120cca1501473c5fc477e2d96b01f7f050/detection

gfxapanbnqd4jhf.pw

# Reference: https://www.virustotal.com/gui/file/64d7ba13bf3e525fc99988f742b751c9df4431af7b26a7d6cdb3191218648517/detection

ggtyyu.pw

# Reference: https://www.virustotal.com/gui/file/47019ee43e1682cdcdabda06ba450642be49b241416da1331917726cf6e565b8/detection

hostisgerhg.tk

# Reference: https://www.virustotal.com/gui/file/e677eb033d3676db1d9beae7fa1d392fef40cf0950f862108609ff25b25a4642/detection

kepler071.site

# Reference: https://www.virustotal.com/gui/file/c79a3bd6b7a37c9bf58d12a6c493e00df8413d6b68892f8c402fb34a8341aa5b/detection

lilldshar.space

# Reference: https://www.virustotal.com/gui/file/b2af96a978461c384d5efdb367b6d80028cee69d86b3cb3691b43e8a62721788/detection

masadproject.life

# Reference: https://www.virustotal.com/gui/file/02fc294d8a722633df5411062307978762ce56ed1b285cf1b388a5ca2df809f2/detection

onlinemseof.site

# Reference: https://www.virustotal.com/gui/file/0425eaee15de5550bb64838d9c3fb74071d83575362388c22d45e2385e996bbc/detection

pablopanuroere.pw

# Reference: https://www.virustotal.com/gui/file/0b3cf8e37e13a3100885a6a538da9244c72b0223501dc4f6b23929204c8d3361/detection

poiuytrewq2.site

# Reference: https://www.virustotal.com/gui/file/d1cf6edc0a27e9eadabbaacd1ec9650d6484f91556c5e81ed3b43923c4dfc1d0/detection

shlyapa.website

# Reference: https://www.virustotal.com/gui/file/9801abe4b5e3a68d376694c548d992fd1372df88299d3618b5d8c2b36c9530a4/detection

tgp.opcache.xyz

# Reference: https://www.virustotal.com/gui/file/e48514ff1736378e93832535b9c903655de96e48c5ae3ab2382ff3c8c016725c/detection

topteamover9000.fun

# Reference: https://www.virustotal.com/gui/file/d66df2e485a93c02470b99c6d4821f2f5a3bc7cde19d3ccec70d1f0dd874a66b/detection

travelgidblog.top

# Reference: https://www.virustotal.com/gui/file/fd991646249ed10695d429cac8df890dda694ba66df071469e047547df602a68/detection

watchmovie.life

# Reference: https://www.virustotal.com/gui/file/74465e9ad0ef9a1cce5f2e7485c20cb2f7d15cee1f224ac8629f68656febb39e/detection

xenicoln.gb.net

# Reference: https://www.virustotal.com/gui/file/169a4309780969168c4af528075bb4b1e2526f976ab572cdfa6ff3e13a009faa/detection

yrhealth.life

# Reference: https://github.com/cyberark/malware-research/blob/master/OskiStealer/IoCs.pdf

http://162.0.224.159
http://173.232.146.69
http://176.113.81.170
http://178.32.145.141
http://188.227.57.121
http://194.87.147.13
http://194.87.234.156
http://194.87.236.221
http://194.87.95.5
http://195.133.147.113
http://195.133.197.21
http://45.141.84.143
http://45.143.92.129
http://45.143.93.152
http://45.151.144.128
http://45.8.228.100
http://46.17.96.25
http://5.187.7.144
http://52.246.250.237
http://80.89.228.202
http://80.89.238.87
http://85.209.91.120
http://89.223.123.36
http://91.245.227.131
http://92.53.124.88

# Reference: https://app.any.run/tasks/1ba24008-9819-4fda-9098-d2e769715470/

http://65.108.155.192

# Reference: https://twitter.com/phishgalore/status/1490794416239489028
# Reference: https://twitter.com/JCyberSec_/status/1491008346505515015
# Reference: https://www.virustotal.com/gui/file/95573cc24f3901c938e84f9628359a9dcc816dd451809f5313a99fe8da2756b9/detection

bank-statement.xyz
freddomdomain.xyz
order-magento-admin.com
statement-scotiabank.com

# Reference: https://tria.ge/220202-w4cs6abagj/behavioral1

http://95.216.183.78

# Reference: https://tria.ge/220202-w4s55sbagl/behavioral1

uploaditem.xyz

# Reference: https://twitter.com/ViriBack/status/1492589247697719304
# Reference: https://www.virustotal.com/gui/domain/flashysoft.me/relations
# Reference: https://www.virustotal.com/gui/file/241d7ec7d8a462c1a9c4570be1ddcb744f38b9322635ed860219505054c7db25/detection

flashysoft.me
main.flashysoft.me

# Reference: https://app.any.run/tasks/75915cfb-9864-46c5-b673-20e0a8ec9409/

http://95.216.147.143

# Reference: https://www.virustotal.com/gui/ip-address/13.78.210.162/relations
# Reference: https://www.virustotal.com/gui/file/b9c74bca334747feac392bc96d57d870f1907ec6ec3062bd405c1df3ccc16b74/detection

bankkia.gq
dashgaa.tk
wellsfago.ga

# Reference: https://app.any.run/tasks/45ddee1d-5fc4-4c0a-859c-42b4fbc333d0/

http://94.130.174.62

# Reference: https://www.virustotal.com/gui/file/148c9a3fc02110a684dedd1af853b508bdab5eed766f9fadd15e910ae46b2b1f/detection

bestpolandhotels.com

# Reference: https://isc.sans.edu/diary/28468

bor4omkin.ru
dersed.com
sughicent.com

# Reference: https://www.virustotal.com/gui/file/0239bcbfae35cdefd367a9dc269287c92b666743018e45f6265495b43fbbb27c/detection

maurizio.ug

# Reference: https://www.virustotal.com/gui/file/034e8e297165eeb14372eea7a7e68756e561df39b84c5be924e542a36dee7418/detection

hubvera.ac.ug
prepepe.ac.ug

# Reference: https://www.virustotal.com/gui/ip-address/185.215.113.77/relations

agentt.ac.ug
agenttt.ac.ug
ailsom.ac.ug
andres.ac.ug
andres.ug
backgrounds.pk
bilbosaquet.ug
brice.ac.ug
colonna.ac.ug
colonna.ug
conthruian.ug
courtneyjones.ac.ug
cracksmsa.ug
cvae.ac.ug
dancedance.ac.ug
danielmax.ac.ug
danielmi.ac.ug
darkangel.ac.ug
ddlakava.ac.ug
erolasa.ac.ug
erolbasa.ac.ug
gordonas.ac.ug
gordonhk.ac.ug
gordons.ac.ug
hanxlas.ac.ug
hsagoi.ac.ug
imobiles.pk
jamshed.pk
jonescourtney.ac.ug
kode.ac.ug
kodekode.ac.ug
kullasa.ac.ug
lastimaners.ug
lizzard.ac.ug
lizzzqua.ac.ug
lucab.ug
macakslcaq.ug
malcacnba.ac.ug
mantata.ac.ug
marcapinyo.ru
marcyovcx.ru
marianne.ac.ug
marketprice.pk
mastitisa.ac.ug
matisaas.ac.ug
matiti.ug
maurizio.ac.ug
mazooyaar.ac.ug
mazoyer.ac.ug
milsom.ac.ug
milsom.ug
moreirawag.ac.ug
myfidlerpro.ug
myhostiger.ug
myproskxa.ac.ug
nicolas.ug
nikahuve.ac.ug
nmorbertomo.ac.ug
nothinglike.ac.ug
omomom.ug
pakxkvad.ac.ug
pdshcjvnv.ug
playwell.ug
pretorian.ac.ug
pretorian.ug
puritaaxa.ac.ug
qwerty12346.ru
regay.ac.ug
saba.ac.ug
scarsa.ac.ug
scarsxa.ug
scouragae.ac.ug
sergui.ac.ug
taurus.ug
triathlethe.ug
underdohag.ac.ug
veronika.ac.ug
veronikaa.ac.ug
veronikac.ac.ug
viniscav.ac.ug
wellplayed.ug
zxvbcrt.ug

# Reference: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/vidar-malware-launcher-concealed-in-help-file/
# Reference: https://otx.alienvault.com/pulse/623c985eb2d2a96857e9985b

http://95.216.181.231

# Reference: https://twitter.com/Cyber_O51NT/status/1508819570588459017
# Reference: https://blog.morphisec.com/threat-research-mars-stealer
# Reference: https://www.virustotal.com/gui/file/6670b60de348f134151d4911e9714ee1cb3a51dd9d0f008b0fa2d42c796d2cfb/detection
# Reference: https://www.virustotal.com/gui/file/6b18a223ce8f1f42880a54809880cd5c3a6890955d2469b10ea771dab333871e/detection
# Reference: https://www.virustotal.com/gui/file/ab7e7d8594befb5a7137ec323db87a4aacfa64260327d61eee30626a760c3d5b/detection
# Reference: https://www.virustotal.com/gui/file/77148020b07fa69f4c68596f3132186975d7e289cff617ae9f4dab6806709807/detection
# Reference: https://www.virustotal.com/gui/file/0f2edca4bfbbde781da5438b0dec6f91e701588b854d66561be0f2d9d5074a78/detection
# Reference: https://www.virustotal.com/gui/file/8f925aa659cdab2466d2860dfc06d14d1c384c7a449683813db8d9219ed333c9/detection

http://185.212.130.47
http://193.56.146.66
http://5.45.84.214
http://66.29.142.232
http://82.146.63.54
http://91.92.128.35
telemeetrydata.cn
tommytshop.com
tonyshop312.com
/SCmygye1LE/FTOauwvCfJ/
/FTOauwvCfJ/
/SCmygye1LE/
/2BxXIkoySb.php
/8cPynL7Va1.php
/eglkAa6HG1.php
/gfattee933.php
/KNOuG8qeID.php
/tytfu656i7kuydgsjdsdu.php
/umO0HLhYp5.php

# Reference: https://www.virustotal.com/gui/file/8537e3492ed1da3a8c301853548e4ffb1e79906063e20ba237db9038121ae4a2/detection

http://45.9.20.31
/LD3F8IPgas.php

# Reference: https://www.virustotal.com/gui/file/56cf528c7b47eec296feb89c8314db85d81eaca55b96387360e0ec3e7b6caa1b/detection

f0649032.xsph.ru
f0649033.xsph.ru

# Reference: https://www.virustotal.com/gui/file/7e7b97d4785f8f237e996ba65d7369261071db6e66b796ad87a195d6caded887/detection

http://176.57.189.191

# Reference: https://www.virustotal.com/gui/file/1fc99227ff5f8d7548959ebabda2fdd4c9c51c3ee924e5494e70af307d8aafc5/detection

http://154.16.112.151

# Reference: https://twitter.com/0xrb/status/1511564992805761024
# Reference: https://www.virustotal.com/gui/file/4bcff4386ce8fadce358ef0dbe90f8d5aa7b4c7aec93fca2e605ca2cbc52218b/detection

http://194.87.218.39
/RyC66VfSGP.php

# Reference: https://twitter.com/0xrb/status/1511939521877000194
# Reference: https://www.virustotal.com/gui/file/813b776096fefc9a314814fc0a79019e50268ab598dd7257fc5f3cc438191d84/detection
# Reference: https://www.virustotal.com/gui/file/ff676d4c5f83c81b77d21b605866d45acde3e04f4cf9f2cf9180f154144a48b9/detection

250329.prohoster.biz

# Reference: https://www.virustotal.com/gui/file/f668f1ba25939689fb35e11e3c77f2824ede2373ebb48ec711bb99d11de3027b/detection

a0634004.xsph.ru

# Reference: https://twitter.com/fr0s7_/status/1512457923947114499
# Reference: https://www.virustotal.com/gui/file/ba981a94852325debf0e4b478266f6efd8e4e9c5b149fd9ad277be0be5045768/detection

http://95.217.244.41

# Reference: https://twitter.com/0xrb/status/1513739710765895681
# Reference: https://www.virustotal.com/gui/file/473c8b608a69a546da4510f610501bcac001e726699e75d8a15afd50ff66f460/detection

http://62.204.41.128
/81uBpsioYb.php

# Reference: https://twitter.com/0xrb/status/1513762639218118656
# Reference: https://www.virustotal.com/gui/file/309122794db2c8fd2ffd82c9770988297860a56116ce184be08da75b64d361f8/detection
# Reference: https://www.virustotal.com/gui/file/0f63b4b4659449eee766610af817b786e9cd7622743851cf7b71430613d7521b/detection

http://62.204.41.69
62.204.41.166:27688
/p8jG9WvgbE.php

# Reference: https://twitter.com/0xrb/status/1513747076714491905
# Reference: https://www.virustotal.com/gui/ip-address/2.57.186.176/relations
# Reference: https://www.virustotal.com/gui/file/455118a3a6c915e50ec4ff1133b51f24b1e080e3e591f42e41e144af0bdc7890/detection

cheapa.link
cheapb.link
cheapc.link
cheapd.link
cheape.link
cheapf.link
cheapg.link
cheaph.link
cheapi.link
cheapj.link
cheapk.link
cheapl.link
cheapm.link
cheapn.link
cheapo.link
cheapp.link
cheapq.link
cheapr.link
cheaps.link
cheapt.link
cheapu.link
cheapv.link
cheapw.link
cheapx.link
cheapy.link
cheapz.link

# Reference: https://twitter.com/Glacius_/status/1513861040605442052

http://195.242.111.168
/2s06lj04kybnr4ze.php

# Reference: https://twitter.com/0xrb/status/1515918645800882181
# Reference: https://www.virustotal.com/gui/ip-address/185.215.113.89/relations
# Reference: https://www.virustotal.com/gui/file/fd48ebb9c6da16d3f371ee0e1bd94c7027ffacb7b99d27e59c81c8504477fd60/detection

asdasgs.ug
beachwood.ug
courtneyjones.ac.ug
danwisha.ac.ug
hubvera.ac.ug
kodekode.ac.ug
ludivineemery.ac.ug
malayska.ug
marksidfgs.ug
marnersstyler.ug
mistitis.ug
rockphil.ac.ug
rockrock.ug
triathlethe.ug
underdohg.ac.ug
underdohg.ug

# Reference: https://twitter.com/0xrb/status/1516280842586566656
# Reference: https://twitter.com/0xrb/status/1517034682164334592
# Reference: https://www.virustotal.com/gui/ip-address/2.56.240.56/relations
# Reference: https://www.virustotal.com/gui/ip-address/2.57.187.224/relations
# Reference: https://www.virustotal.com/gui/ip-address/45.8.124.64/relations
# Reference: https://www.virustotal.com/gui/file/03989d0af03476f5611d18e2e8f6706be0d542707336c2b426035c78335f1328/detection
# Reference: https://www.virustotal.com/gui/file/c24d3ad6c8178c5066eea814986ce73e26d6ec2812fc6f56b0275eb68da0f6bb/detection
# Reference: https://www.virustotal.com/gui/file/6e304b4616eb9daa7da76d3c1894d5e62af10fe6dc3d6b2356518dbb1121d6b9/detection

jsdkca.link
jsdkcb.link
jsdkcc.link
jsdkcd.link
jsdkce.link
jsdkcf.link
jsdkcg.link
jsdkch.link
jsdkci.link
jsdkcj.link
jsdkck.link
jsdkcl.link
jsdkcm.link
jsdkcn.link
jsdkco.link
jsdkcp.link
jsdkcq.link
jsdkcr.link
jsdkcs.link
jsdkct.link
jsdkcu.link
jsdkcv.link
jsdkcw.link
jsdkcx.link
jsdkcy.link
jsdkcz.link

# Reference: https://twitter.com/0xrb/status/1516640874306088960
# Reference: https://www.virustotal.com/gui/file/18c7c5e7d5146bef12ead85598bf5d2c48ee5e6634d4769221d3e7712809f1ad/detection

xiskasment.com

# Reference: https://twitter.com/James_inthe_box/status/1517238542434414592
# Reference: https://app.any.run/tasks/f82a6efe-c21c-4949-8523-d3f2ad8be39c/

http://5.252.178.50

# Reference: https://twitter.com/James_inthe_box/status/1517262007795281920
# Reference: https://app.any.run/tasks/e6362786-dbeb-44ad-b62e-ddf6a6fe7c1c/

http://116.202.1.195

# Reference: https://www.virustotal.com/gui/file/9699bee0ae268555ceb77a02522f568229233284c9eb698209c03b05b1304b10/detection

http://139.177.176.177

# Reference: https://app.any.run/tasks/2bf3a7e1-f6a9-44dc-9d15-d9fa4f803e65/

http://195.201.250.209

# Reference: https://twitter.com/0xrb/status/1521717264311275520

http://185.104.114.24

# Reference: https://twitter.com/0xrb/status/1522455058520358912
# Reference: https://www.virustotal.com/gui/file/1fb1244bbc75553e090acf7f1dfc01f4283b428ac966364fad0d95bd1b967e61/detection

http://162.33.179.235
/gatero0m.php

# Reference: https://twitter.com/0xrb/status/1522450567473549313

micrwa.link
micrwb.link
micrwc.link
micrwd.link
micrwe.link
micrwf.link
micrwg.link
micrwh.link
micrwi.link
micrwj.link
micrwk.link
micrwl.link
micrwm.link
micrwn.link
micrwo.link
micrwp.link
micrwq.link
micrwr.link
micrws.link
micrwt.link
micrwu.link
micrwv.link
micrww.link
micrwx.link
micrwy.link
micrwz.link
/8sdd875.php

# Reference: https://www.virustotal.com/gui/file/0ed195ec728ae0cf1d028dfc6682e64f4355b3e33ce4de258f854701dce4ee61/detection
# Reference: https://tria.ge/220610-s2xtrshbb2/behavioral1

http://93.115.21.45
/gtaddress

# Reference: https://www.virustotal.com/gui/file/62a53b52eb3408052d19cace306452e9d3075618b4198e3e8c0beb7200da5886/detection

http://78.47.227.68

# Reference: https://twitter.com/c_APT_ure/status/1526268613367300096
# Reference: https://www.virustotal.com/gui/file/6852472f4d85443563b226cc8dd1adfc7b005d094071eb460681af0830d10a16/detection
# Reference: https://www.virustotal.com/gui/file/b9106d6ef93fa8f25f43b1fb0b4fe6e29b1afb44844159a22bd5fa23ddaebe1f/detection
# Reference: https://www.virustotal.com/gui/file/e106f33cb1f8c26b6211611bd22fcaced5d1c88700670c8b477827f9e00a8b3f/detection

http://23.95.52.191

# Reference: https://www.virustotal.com/gui/file/05a3028bc4f10ff3387b486c171178f7d5a4864de59f6693d2dcbdae035820d1/detection

http://95.217.244.73

# Reference: https://www.zscaler.com/blogs/security-research/vidar-distributed-through-backdoored-windows-11-downloads-and-abusing
# Reference: https://otx.alienvault.com/pulse/62876ce0115d3177c23d5d74

ms-teams-app.net
ms-win11.com
win11-serv.com
win11-serv4.com
win11install.com
ms-win11.midlandscancer.com

# Reference: https://www.virustotal.com/gui/file/00068c42aca308063416f2ab531c218bd8c6b960fe727064f03cfda101f9c746/detection

http://162.55.213.180

# Reference: https://www.virustotal.com/gui/file/0290fd4f9c7240911d9051f76167a75dd78834e6a03faf6b09aeae21ff3094db/detection

backgrounds.pk
gadem.ug
lcjvkdfas.ug
zaragoza.co.ug
zaragozsa.ug

# Reference: https://www.virustotal.com/gui/file/f6a58d46a92e7739388cd9e1c0df2800af70169a6df2a19b8c1b96defeed902e/detection

2tril.com

# Reference: https://app.any.run/tasks/67322566-fff2-4a64-a5b8-405599618c7d/

http://107.189.13.22

# Reference: http://lists.emergingthreats.net/pipermail/emerging-sigs/2022-May/030670.html
# Reference: https://www.virustotal.com/gui/file/7093aba8ae03275caab7372a7d56172df1716120d477dc276ee9f0b08816bd0c/detection

aztkiryhetxx.ru
ckrddvcveumq.ru
cugdwpnykghx.ru
dvizhdom.ru
dwrfqitgvmqn.ru
rhjebiuujydv.ru
rwwmefkauiaa.ru
sanlygeljek.ru
sinelnikovd.ru
wzqyuwtdxyee.ru
zpuxmwmwdxxk.ru
zyzkikpfewuf.ru

# Reference: https://www.virustotal.com/gui/file/8bf5a6be286efa5c7871d287a80120fc48a3744bd2a6a3764834082b95e68674/detection

cenlar.cc

# Reference: https://tria.ge/220602-rf2p6acaaj/behavioral1

http://107.189.11.124

# Reference: https://twitter.com/BlackLotusLabs/status/1532795523329052672
# Reference: https://www.virustotal.com/gui/file/78456112caae4c00fa66e6f9c7474331a2befe795a75a7313d4e0770196a0b35/detection

http://116.202.187.69

# Reference: https://www.virustotal.com/gui/file/005c0f50f1b90558975f0c63b23fc35b0493ea596a9c5e051c2f26dc3ca977e0/detection

http://185.9.41.83
http://212.110.132.195
http://77.232.41.206

# Reference: https://www.virustotal.com/gui/file/005c0f50f1b90558975f0c63b23fc35b0493ea596a9c5e051c2f26dc3ca977e0/detection

http://2.57.122.82

# Reference: https://tria.ge/220609-ztaslagec8/behavioral1

http://194.156.98.151

# Reference: https://www.virustotal.com/gui/file/12e81b998b37955c4e028a9f46378b8b664646e3cc5f177a867321c54af30ca3/detection

http://194.180.174.180

# Reference: https://www.virustotal.com/gui/file/ead121e4d007085adb42edd61c3328aa728fa2c1d7c78e77ceb64f999f7323e3/detection

ratinonanuere.pw

# Reference: https://www.virustotal.com/gui/file/037b340417857e618b37cfc3c6b4e6d01717ca0cedfaf57c4d98f368f432f10d/detection

recmaster.ru

# Reference: https://www.virustotal.com/gui/file/03d90fc0c0da8275035336d823f053a84ef50ab82aa0d2bba0722bb9e32a5627/detection

martinlloyd.net

# Reference: https://tracker.viriback.com/dump.php (2022-07-11)

http://13.58.70.215
http://185.4.65.70
http://188.212.124.14
http://193.203.238.120
http://194.233.168.238
http://194.87.218.26
http://195.242.110.71
http://45.130.104.128
http://45.138.157.227
http://62.204.41.103
http://62.204.41.179
http://62.204.41.223
http://80.79.114.182
http://91.243.44.99
http://94.142.141.235
a0626884.xsph.ru
anderd2w.beget.tech
blitzhost.ga
dashgaa.ml
ericfatima.beget.tech
f0623459.xsph.ru
ida-ayu.com
img.futanari-toons.com
mars.cryptominingpioneer.com
mars22.cryptominingpioneer.com
nationalspaceforceusaaainc.com
pashiudsa.com
share.softwareshare.me
tracey991.beget.tech
truehempbiz.com
zl3fh9x1.beget.tech
/5Ou97MmeyI/
/5Ou97MmeyI/login.php
/SCmtgye1LE/
/SCmtgye1LE/login.php
/c0XEaQ58yT/
/c0XEaQ58yT/login.php
/deAGgwt1R7/
/deAGgwt1R7/login.php
/yugYFTr5u6uytJgfj/
/yugYFTr5u6uytJgfj/login.php

# Reference: https://tria.ge/220531-s91kmafcgl/behavioral1

http://78.47.74.118

# Reference: https://tria.ge/220715-rnvltacbhl/behavioral2

http://45.144.29.243

# Reference: https://twitter.com/ViriBack/status/1549905970905612290

http://185.104.114.24
http://146.190.235.63
http://185.4.65.203
http://193.124.22.9
http://87.120.37.42
http://94.102.57.150
http://94.124.78.161
chicvvdon.lol
goldrushaw.ug
moneyd.link
renox.lol
superfilmes.cf
topababa.us
data.topababa.us

# Reference: https://twitter.com/idclickthat/status/1551249542783328257
# Reference: https://tria.ge/220724-ttq7paafbm/behavioral1

http://185.53.46.199
zidclouzby2.xyz

# Reference: https://app.any.run/tasks/da232c24-a63c-4378-ae30-f3305fd0334e/

http://95.217.244.216

# Reference: https://twitter.com/ViriBack/status/1554137490872799233
# Reference: https://tria.ge/220801-str9baahe3

atomic-wallet.net
/marsword/gate.php

# Reference: https://www.virustotal.com/gui/file/c1f6d80c29bdb4c6939dcd898e17d868859def5a9ed463044115728e193168d9/detection

lamol.ddns.net

# Reference: https://twitter.com/ViriBack/status/1555348941834698758

moneya.link
moneyb.link
moneyc.link
moneyd.link
moneye.link
moneyf.link
moneyg.link
moneyh.link
moneyi.link
moneyj.link
moneyk.link
moneyl.link
moneym.link
moneyn.link
moneyo.link
moneyp.link
moneyq.link
moneyr.link
moneys.link
moneyt.link
moneyu.link
moneyv.link
moneyw.link
moneyx.link
moneyy.link
moneyz.link
/8sd87v7.php

# Reference: https://www.virustotal.com/gui/file/75e886f21527f32fb230ba37cfef2271279a41c6b72e57a63223eb10367be928/detection

116.202.183.213:1080
95.217.246.200:1080

# Reference: https://twitter.com/0xrb/status/1557289524006293504
# Reference: https://www.virustotal.com/gui/file/246b27e609ebd8a1ec31b9667addf3b262d6487602209baa9b32c54539a28031/detection

http://193.106.191.146
194.5.98.107:6968
beachwood.top
beachwood.ug
charisma.ac.ug
goldrushaw.ug
kalskala.ac.ug
malayska.ug
mariah.pk
nikahuve.ac.ug
parthaha.ac.ug
safetygear.pk
safetygear.top
scientific.pk
tuekisaa.ac.ug
vsongs.pk
wiwirdo.ac.ug

# Reference: https://twitter.com/fumik0_/status/1559474920152875008
# Reference: https://twitter.com/ViriBack/status/1559523902082224128
# Reference: https://www.virustotal.com/gui/file/9f90081674303197706584dd91a9b37dc9399c499b466ef7a4e5d55a8145f844/detection
# Reference: https://www.virustotal.com/gui/file/7873dddec4a46e7ad104de9b6bd68f590575b7680a1d20b9fe1329d1ad95348f/detection

safe-car.ru

# Reference: https://twitter.com/ViriBack/status/1562797767592136704
# Reference: https://tria.ge/220825-qn96tsdfap/behavioral1
# Reference: https://www.virustotal.com/gui/file/cdbbca5bc9428b5e403f4af071affbfe74b90c1b3244908bb0470d214f080205/detection
# Reference: https://www.virustotal.com/gui/file/a77d1a409ec71c1f9c90d1b632edb29c11a043bcb05ffef05c3ef5688e10cea5/detection

http://176.10.118.235
housewall.xyz
kanban.housewall.xyz
mars.housewall.xyz
n8n.housewall.xyz
traefik.housewall.xyz
trilium.housewall.xyz

# Reference: https://www.virustotal.com/gui/file/09fb6bb883ca633aa0aa3eea9735d8b041b3cdfa03a49fa12a32896968708d96/detection

kmwekek.link

# Reference: https://www.virustotal.com/gui/file/017c70f1af4f0b70d2b4aa5ae0b64c883d29aeb9a995cfe725b52c62a8cf3c0e/detection

werido.ug

# Reference: https://otx.alienvault.com/pulse/630cb63d30d8b469b2a6a1c7
# Reference: https://www.virustotal.com/gui/ip-address/45.143.201.4/relations

boundertime.ru
cointra.ac.ug
ftp.backgrounds.pk
ftp.nicoslag.ru
goldrush.ug
goldrushaw.ac.ug
hopeforhealth.com.ph
mail.charisma.ac.ug
mail.goldrush.ug
mail.goldrushaw.ac.ug
mail.goldrushaw.ug
mail.karimgousa.ug
mail.marnersstyler.ug
mail.mistitis.ug
mail.mofdold.ug
mail.opsdjs.ug
mail.partaususd.ru
mail.safetygear.pk
mail.scientific.pk
mail.wiwirdo.ac.ug
mofdold.ug
momomolastik.ug
movesc.top
nicoslag.ru
ns1.asdsadasrdc.ug
ns1.backgrounds.pk
ns1.goldrush.ug
ns1.karimgousa.ug
ns1.marnersstyler.ug
ns1.mistitis.ug
ns1.mofdold.ug
ns1.partaususd.ru
ns1.safetygear.pk
ns1.scientific.pk
ns1.triathlethe.ug
ns2.asdsadasrdc.ug
ns2.boundertime.ru
ns2.goldrush.ug
ns2.marnersstyler.ug
ns2.mistitis.ug
ns2.qwertzx.ru
ns2.safetygear.pk
ns2.scientific.pk
partadino.ac.ug
partaususd.ru
phila.ac.ug
pjjot.top
pop.backgrounds.pk
pop.cracksmsa.ug
pop.partaususd.ru
qd34gf23ewrfsd1233.ru
qwertasd.ru
raphaellasia.com
rbcxvnb.ug
smtp.backgrounds.pk
smtp.qwertzx.ru
thatstraveling.ac.ug
timebounder.ru
tugusino.ru
wewilltoptheearth.top

# Reference: https://www.virustotal.com/gui/file/f0b1c1bef9f65f6a69d2fa3211fffae43afdbb144bf24fd1d889a26fbcbcfafb/detection

http://116.202.180.202

# Reference: https://www.virustotal.com/gui/file/40ac4d8ee624e824ca4b6fe0cc01df13a36d31ca53036c1e0f963cefa7ed8948/detection

http://107.189.31.171

# Reference: https://www.virustotal.com/gui/file/01d692761b0698f1246ab16aaf09f74e7801a26a271405028c2771366008c363/detection

http://74.119.192.241

# Reference: https://www.virustotal.com/gui/file/0a7682c0607e0fcb3580d28aec0e3439d6eae0cde1ab3359832046f7f33cdb0f/detection

http://94.130.188.151

# Reference: https://www.virustotal.com/gui/file/616cfd724afe8376aae36c9f065ebdf0a17590c0d1b71c95d6b1d960091807a6/detection
# Reference: https://www.virustotal.com/gui/file/32d081287ed11af4a7cec2a17e44885fd80d8770a4b1ef21da009e68f97bf9b6/detection

brainstormvc.me
niemannbest.me
smkn3depok.com
topniemannpickshop.cc

# Reference: https://www.virustotal.com/gui/file/091ffa54f241270aea68cbb9fa0aea580ad3b800f544200b6908022cc3c28e4a/detection

opzspqwkz.ru

# Reference: https://twitter.com/WhichbufferArda/status/1569412764543713281
# Reference: https://www.virustotal.com/gui/file/bfd72bdd4ab311acd0e05211cb01f8671d358540201eb200f613fd80b62291f0/detection

http://5.161.155.121
evetesttech.net

# Reference: https://twitter.com/idclickthat/status/1569679280761626626
# Reference: https://twitter.com/idclickthat/status/1570399267977859074
# Reference: https://twitter.com/idclickthat/status/1570783889827983362
# Reference: https://twitter.com/1ZRR4H/status/1570626623241846787
# Reference: https://tria.ge/220916-enhk2aefa4/behavioral1

http://5.252.22.196
pdf-edit.online
pdf-editor.online
pdf-editor.top
zoom-us.top

# Reference: https://twitter.com/idclickthat/status/1569350142230204421

zoom-download.fun
zoom-download.host
zoom-download.space
zoomus.host
zoomus.tech
zoomus.website

# Reference: https://tria.ge/220922-vp5pysfgdn

mars.haksanlogistics.com

# Reference: https://tria.ge/220922-vqawzacac6

gemkan.online
gg.gemkan.online

# Reference: https://twitter.com/1ZRR4H/status/1575364121893158916
# Reference: https://www.virustotal.com/gui/file/06d1366df3628a010416384f7c77c493ac35f13ee05e010751708d681ebe5169/detection

http://116.202.2.236
http://5.161.21.185
/trampapanam

# Reference: https://tria.ge/220929-vejpqsbeb6/behavioral1

765mm.xyz

# Reference: https://tria.ge/220916-sgqjysbgdr

dimonbk83.tumblr.com

# Reference: https://www.virustotal.com/gui/file/0b7410c41dd49a7a43487fa0e56f5b336951609e67b873d5cdd70632a954b4a8/detection

ludivin.ac.ug
markinda.top
markinda.xyz
mckawwrsa.ac.ug
muylove.ac.ug
partiad.top
partiad.xyz
tuekisa.ac.ug
wishamag.ac.ug

# Reference: https://twitter.com/ViriBack/status/1575637648911192064

http://142.11.252.64
http://23.137.249.61
http://37.46.135.174
http://74.201.28.165
babycookie.net
linkappa.link
linkappb.link
menfkkf.link
xlsxexcelviewer.cf
banta.xlsxexcelviewer.cf

# Reference: https://twitter.com/Gi7w0rm/status/1575851139425177600
# Reference: https://tria.ge/220930-q699jsefbr/behavioral1

http://5.182.36.79
http://94.131.97.143

# Reference: https://www.virustotal.com/gui/file/371384518223a80ff5381a728ba1e4f846c93713bb39bc80fb2d95cdd8158241/detection
# Reference: https://www.virustotal.com/gui/file/487723e00df8d7f8bfdb57614fa32001f2addc6be9576005b04f1dff53710634/detection

o.oteqprojects.co.in
v.oteqprojects.co.in

# Reference: https://tria.ge/221014-wdxewadhg3/behavioral2

http://77.73.133.31

# Reference: https://www.virustotal.com/gui/file/fcf421952d84ded2ae3c64d60e404be047df6bbf7c126286d673301ea9639296/detection

http://5.161.120.43

# Reference: https://www.virustotal.com/gui/file/cb0fed1d298a0c7762cc0e97262788840d7d82f9f73b83832a1d61b16456bac1/detection

http://94.131.96.16

# Reference: https://www.virustotal.com/gui/file/c834c1de44e284183d5a90eda6835c4d5b4da809ea513b22876422865ae5fa90/detection

http://23.88.115.141

# Reference: https://twitter.com/idclickthat/status/1580635156016410624
# Reference: https://tria.ge/221013-t6pjmadfb3/behavioral2

exoduswallet.app

# Reference: https://twitter.com/idclickthat/status/1579245116296138752
# Reference: https://tria.ge/221009-2l4rtaacer/behavioral3

http://213.252.245.80
desktoptrading.store
tradingviewcheck.com
tredingveiws.com

# Reference: https://www.virustotal.com/gui/file/13c98b46764978f5261ed939fdc46c17f4fbc5eb382ab9ca795cb773c0e5bb55/detection

http://45.15.156.60
http://49.12.196.69
nanoplow.space

# Reference: https://tria.ge/221024-qapb7sgfe8

http://45.159.249.181
http://45.8.145.85
http://77.91.123.173

# Reference: https://twitter.com/idclickthat/status/1584541335415312384
# Reference: https://tria.ge/221024-qktdxaggc3/behavioral1

http://45.15.156.81
allbestcrack.pro

# Reference: https://twitter.com/idclickthat/status/1584584590982664193

garminexpress.art
garminexpress.homes
garminexpress.skin

# Reference: https://twitter.com/JAMESWT_MHT/status/1584595337339338752

logitech-ghub.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1584591876170330113

http://45.89.54.52

# Reference: https://twitter.com/l205306/status/1584569524137127936

allsofts.cloud
allsoftwarefou.com
byxdeoner.me
freesoft.digital
kokoasoft.com
winsofts.cloud

# Reference: https://twitter.com/idclickthat/status/1584586589598285825
# Reference: https://tria.ge/221024-th4zeahegn/behavioral1

http://167.235.62.106
baiaveloz.com
tensoft.org
tm.baiaveloz.com

# Reference: https://twitter.com/l205306/status/1584742172934688769

expertsoft.org
software-plus.space

# Reference: https://www.virustotal.com/gui/file/00221666dec1a50f08ed21af02c42150b8d75203e7b86f2a17080a8df5ea9af4/detection

http://195.201.255.186

# Reference: https://twitter.com/l205306/status/1584827015835680768

eazzysoft.com
newsoftman.com
nigmasoftware.site

# Reference: https://twitter.com/l205306/status/1584858330216173568

anysoft.site
wh1tesoftware.me

# Reference: https://twitter.com/l205306/status/1585064152166699008

byxdeoner.net
soft-pro.site
softwareplanet.website
teensoft.org

# Reference: https://twitter.com/r3dbU7z/status/1584714345153728512

http://135.181.168.27
http://144.24.197.26
http://162.247.152.190
/frBjrtz56Urt/
/tkK30UgdT6/
/17sh9j0q9nrz2iqj.php
/1kk52amkkoyzw9oq.php
/1xphi615sno1jmx9.php
/2xfc11rpcncdfk7z.php
/32xaywoipobq5v5v.php
/41szxukxx0vtv9ee.php
/jgkgugyfdftytf.php
/qtnqpx3zkscm0d8c.php
/uh9mbmc2i054omv6.php

# Reference: https://twitter.com/l205306/status/1585250164922814464
# Reference: https://twitter.com/JAMESWT_MHT/status/1585263428935073793

http://78.47.204.168
allsoftware.cloud
soft-exp.org
softlab.fun
softload.tech

# Reference: https://twitter.com/l205306/status/1585595687441661953

appshigha.com
cracked.guru
placeofreesoft.com
soft-free.space
softcloud.link
softwareorlando.com
unisoft.store
vexonex.com
windsoft.cloud

# Reference: https://twitter.com/SquiblydooBlog/status/1585940710007705602
# Reference: https://tria.ge/221028-l6wc6sfcd5/behavioral12

http://88.119.169.42
soft-portal.site

# Reference: https://www.virustotal.com/gui/file/6855c3be8f4527b0e7da660b812ed882474bb274583850c856121fd5e123b224/detection

http://5.252.178.82

# Reference: https://twitter.com/milannshrestga/status/1581662855203782656
# Reference: https://tria.ge/221016-sbkrhshfbm

decenlral-games.pro

# Reference: https://tria.ge/221030-a87y7sebf5/behavioral1

http://95.216.182.145

# Reference: https://twitter.com/SquiblydooBlog/status/1587122203375575053
# Reference: https://tria.ge/221031-tq57facccr/behavioral2

http://89.185.85.63

# Reference: https://www.virustotal.com/gui/file/03f732ed336f06dc381f0a60bee3a77905a073096eb7fb20fa45a56d37f7638c/detection

http://116.202.5.121

# Reference: https://www.virustotal.com/gui/file/a041839327295fde3df12ea61374abd19c4499b87e211757c593179d6a6870d1/detection

http://95.216.181.10

# Reference: https://twitter.com/1ZRR4H/status/1575364101148114944

fortinetq.com

# Reference: https://twitter.com/crep1x/status/1589721461882617857
# Reference: https://threatfox.abuse.ch/browse/tag/Vidar/

http://104.128.190.89
http://104.223.0.115
http://104.223.0.117
http://107.175.40.57
http://116.203.15.149
http://116.203.182.209
http://116.203.7.175
http://138.201.90.120
http://146.19.233.108
http://162.55.221.218
http://167.235.137.244
http://176.126.113.111
http://176.126.113.99
http://185.130.47.169
http://185.142.238.113
http://185.181.165.49
http://185.203.117.83
http://185.213.209.142
http://185.214.10.114
http://185.214.10.153
http://185.214.10.174
http://185.225.19.47
http://185.25.50.127
http://185.25.51.238
http://185.25.51.36
http://188.34.207.6
http://193.38.54.108
http://194.87.31.140
http://195.133.40.163
http://195.201.251.82
http://195.201.252.190
http://195.201.253.169
http://195.201.253.5
http://198.251.89.96
http://213.170.133.117
http://213.170.133.153
http://213.170.133.163
http://213.170.133.36
http://213.252.244.136
http://213.252.244.137
http://213.252.244.247
http://213.252.244.86
http://213.252.245.100
http://213.252.245.66
http://213.252.246.218
http://213.252.246.230
http://213.252.246.243
http://213.252.247.107
http://42.186.202.116
http://45.136.50.120
http://45.142.212.155
http://45.142.213.52
http://45.142.213.7
http://45.150.64.207
http://45.153.230.169
http://45.153.230.241
http://45.8.145.83
http://45.8.146.18
http://45.8.147.23
http://45.8.147.74
http://45.86.229.188
http://45.87.154.35
http://45.89.55.118
http://45.89.55.154
http://45.89.55.158
http://45.89.55.159
http://45.89.55.174
http://45.89.55.176
http://45.89.55.177
http://45.89.55.82
http://45.92.156.110
http://45.92.156.133
http://49.12.72.35
http://5.182.39.134
http://5.182.39.216
http://5.182.39.224
http://5.252.177.45
http://5.252.177.9
http://5.252.21.207
http://5.252.23.34
http://5.253.18.213
http://5.253.18.70
http://5.253.18.96
http://51.195.166.165
http://62.204.41.126
http://64.44.167.153
http://64.44.177.137
http://64.44.61.136
http://65.108.210.122
http://65.21.189.158
http://65.21.63.71
http://69.161.221.169
http://72.18.215.185
http://72.18.215.195
http://72.18.215.223
http://74.119.195.129
http://74.119.195.180
http://77.75.230.160
http://77.91.123.253
http://77.91.73.17
http://77.91.73.44
http://78.47.148.33
http://79.124.78.206
http://79.137.195.130
http://79.137.204.163
http://79.137.204.167
http://80.71.157.152
http://80.71.157.165
http://80.71.157.209
http://80.89.229.62
http://80.92.206.65
http://80.92.206.80
http://82.115.223.60
http://82.180.132.54
http://85.239.62.233
http://88.119.169.102
http://88.119.170.155
http://88.198.175.205
http://88.198.74.87
http://88.198.89.6
http://89.185.85.145
http://89.185.85.63/
http://94.131.100.124
http://94.131.107.124
http://94.131.107.38
http://94.131.109.10
http://94.131.109.112
http://94.131.109.113
http://94.131.109.139
http://94.131.109.217
http://94.131.109.35
http://94.131.109.45
http://94.131.109.46
http://94.131.110.20
http://94.131.110.42
http://94.131.97.111
http://94.131.97.119
http://94.131.97.136
http://94.131.97.153
http://94.131.98.4
http://94.158.244.125
http://94.158.244.79
http://95.216.174.64
http://95.216.180.168
http://95.216.181.211
http://95.216.181.82
http://95.216.182.219
http://95.216.182.38
http://95.217.102.102
http://95.217.214.231
http://95.217.242.151
http://95.217.242.155
http://95.217.244.42
http://95.217.245.107
http://95.217.245.254
http://95.217.246.41
http://95.217.27.155
http://95.217.27.160
http://95.217.29.33
http://95.217.31.129
12ewsdf.one
23ntrolandcon.cfd
4r8uhzs3e.click
5tfgbgf6yjhg.cfd
6ha7e7ws.cfd
6tgghf3ec2ws.cfd
7uhjedf3e.click
7uyh9i1qws4r.click
9d8pc33h.cfd
9ik4rfu85tg.cfd
ada09sch.cfd
arentsconti.cfd
arkableco.cfd
arytotheo.cfd
as45vfrt8.one
aswe45bju.one
azsdef7ujh.click
b7hk59vz.cfd
b86yht6.cfd
bg6buj3q.cfd
bgfd3w7uj.click
bgt5hy7ju87.cfd
bgy6trfdx.click
bitclandng.click
btiku5c6x.cfd
btr65kaq1.one
byrokilandn.xyz
c34f5tybc.one
casaufixco.click
cfr45tfg.cfd
d23c06na.one
ddrtg0oikt.click
de3bgt54.cfd
dea6e67jp.cfd
downloadish.us
dyacosm.cfd
edtoal.cfd
encfavestan.xyz
eri39fg.one
erseyata.cloud
f34g56y.one
fe34rfhg5tf.cfd
fezulandg4.click
fithsthef.cloud
g4rty6b.one
geclandz.click
get4pc.click
get4pcsoft.click
getpccrack.click
getpcsoft.click
gt5juy76u87.cfd
gtb7cd8x6.cfd
h45iuy7.one
hagxoferz.click
hu8jki8.cfd
ichitisthel.cfd
ijmnhxd5t.click
ikr2c8jw.cfd
ilandonserc.xyz
inneroft.cfd
isticdiversi.cfd
j5tg3ed.cfd
j8f7bgmm7.cfd
j9bvc1z.one
k56tyui.cfd
kitonestvo.xyz
kmnh6tg43ed.click
kuygvdt5tg.click
l9eg69oik.cfd
landkemoty.click
laodosmart4.xyz
ledoffamaj.cloud
loi87ygvcx3e.cfd
lsknf45vgh.click
mekaofland.click
mlwsx6ygh.click
monitorcrack.click
mqw60ct.cfd
mylandng00.click
myprob1go.click
mysolandg.click
mzhuto2j.cfd
n6j7ujhg.cfd
nhgfr7yh.click
nhgtr46t.cfd
nlondono.cfd
nthenorth.cfd
ntiquityan.cfd
nug5i3tv.cfd
nyt67dfa.one
oldlands1t.xyz
onwalloniai.cfd
p4pentsh0.click
pa12cqxe.one
pccracking.click
qa5nhg6tygh.cfd
qwvmgj82cvm.cfd
qyqevqvig.cfd
r6hsv2gxd.cfd
redirectwar.org
rerecorded.cfd
rfj87lmj.one
rtheidicona.xyz
s584d3v3s.cfd
sapported.xyz
sb244iuy.one
scribedth.cfd
securedownload7.xyz
securedownloadcheaker.xyz
semalop98w7.cfd
semarewwdw7.cfd
solsw98w7.cfd
sooswa8w7.cfd
ssu810der.one
sujghwdtb.cfd
sw2gt5.cfd
swqtglk8u.click
t1nkabyt.click
t2dwsm3v.cfd
taknoce11.click
tandflick.cfd
ther878ha.cfd
thismataln.click
tikalandof.click
tp4mtmoaj.cfd
tqbnb8c2f.cfd
trikbozm3.click
trolboatvasilyb.xyz
tsorequiva.cfd
ujhg6yhgdc.click
upfcraf.cfd
uralposition.cfd
v5tr6yfr.one
verei67gn.cfd
vfews23pl.click
vffgt67yu.cfd
volpsolkpas7.cfd
w34cf5t.one
weokd09rt.one
withylndng.click
x4rt45tgf5g.cfd
xg4x7yzy.cfd
xr45tyui.cfd
y29se10.one
youcolandrz.click
ysystemw.cfd
zxcv6yhg.cfd

# Reference: https://twitter.com/crep1x/status/1590044609757220864

downloadadri.us
downloadbea.us
downloadcog.us
downloadex.us
fileaza.us
filebia.us
filecheck.us
filecore.us
filecyber.us
fileddev.us
filedigital.us
filedock.us
fileegy.us
fileella.us
fileex.us
fileflash.us
fileloop.us
filemodel.us
filenetwork.us
fileoperator.us
filespire.us
filetetra.us

# Reference: https://twitter.com/AuCyble/status/1590306688447709185

msi-afterburnerr.com

# Reference: https://twitter.com/AuCyble/status/1590304696576901120

meta-trader4.net

# Reference: https://twitter.com/AuCyble/status/1590305538335985667

tradingview10-download.top

# Reference: https://www.virustotal.com/gui/ip-address/193.106.191.169/relations

badhabits.ug
bratiop.ru
gorillaglue.ug
itomail.ug
junks.ac.ug
marcaka.ac.ug
maripos.ac.ug
movescx.top
mylupaslc.ug
wewilltoptheworld.top

# Reference: https://cert.gov.ua/article/2724253 (Ukrainian, UAC-0118, FRwL, Z-Team)

http://185.96.163.102
http://193.43.146.42
advanced-ip-scanner.click
advanced-ip-scanner.site

# Reference: https://twitter.com/idclickthat/status/1593634378898296833
# Reference: https://twitter.com/1ZRR4H/status/1593636426234691590
# Reference: https://www.virustotal.com/gui/ip-address/116.202.5.101/relations

http://116.202.5.101
http://95.216.178.160
citrix-download.online
citrix-download.site
citrix-download.store
citrix-download.tech
citrix-download.website

# Reference: https://threatfox.abuse.ch/browse.php?search=malware%3Avidar

http://116.202.2.1
http://116.202.3.228
http://138.124.180.85
http://141.98.169.146
http://146.70.86.32
http://167.99.129.200
http://176.57.69.149
http://178.159.38.91
http://178.23.190.60
http://185.138.164.149
http://185.138.164.179
http://185.165.188.49
http://185.231.205.200
http://185.231.205.242
http://185.250.148.238
http://188.119.112.11
http://188.119.113.36
http://191.96.53.183
http://191.96.53.184
http://193.57.138.18
http://193.57.138.19
http://195.201.252.143
http://212.192.31.130
http://213.142.146.83
http://45.8.144.232
http://45.8.147.191
http://45.83.122.248
http://45.9.190.250
http://45.9.191.215
http://5.252.22.61
http://51.195.166.198
http://74.119.195.192
http://74.119.195.230
http://77.83.173.96
http://77.91.73.95
http://79.137.205.25
http://79.137.205.26
http://79.137.205.27
http://85.208.136.233
http://85.31.44.207
http://88.119.169.106
http://88.119.169.107
http://88.119.169.119
http://88.119.170.143
http://88.198.207.120
http://88.99.120.225
http://89.185.85.232
http://94.131.110.120
http://94.131.97.179
http://94.131.98.3
http://94.131.98.65
http://94.131.98.66
http://94.131.98.67
http://94.131.98.68
http://94.131.98.77
http://94.131.98.78
http://94.131.98.85
http://94.158.244.15
bebrasoft.com

# Reference: https://www.virustotal.com/gui/file/08b2434fa33b35c428fb85e938fed0d6d715b5e46806bbe2d130ebb0ed2df614/detection

mars1877.duckdns.org

# Reference: https://www.virustotal.com/gui/file/8864cd7cbc654d6a0abd75fe8152562f1a9837122bf829832fb4093be252b2e2/detection

http://88.198.106.9
http://95.217.29.31

# Reference: https://twitter.com/idclickthat/status/1597263364538789889
# Reference: https://tria.ge/221128-txx5eagh38/behavioral1

http://49.12.113.223
http://95.217.29.31
audacitya.org
autodeskst.com
bravebrwsr.com

# Reference: https://twitter.com/crep1x/status/1596960278859481088

http://95.217.31.208
mesoft.tech
selfware.net
tensoft.me
thepcworld.pro

# Reference: https://twitter.com/crep1x/status/1598012204233920513

http://153.92.221.169
http://178.23.190.20
http://213.226.100.34
anydesk.ltd
anykdesk.com
bravebrovvser.com
meegans.com
onytesk.com
teligrum.org

# Reference: https://www.virustotal.com/gui/ip-address/51.91.209.190/relations
# Reference: https://www.virustotal.com/gui/file/845e36305916034b608e82c5c4891112c1facfcd9151346e9abda8e0c1447fac/detection

arbetfroll.pw
arbetfrolli.pw
cheakendinner.xyz

# Reference: https://twitter.com/Gi7w0rm/status/1599702328558247937
# Reference: https://tria.ge/221130-n4s65sha45/behavioral1

http://88.198.77.204

# Reference: https://twitter.com/crep1x/status/1600129411629473792

http://195.201.250.87
http://195.201.255.246

# Reference: https://twitter.com/crep1x/status/1600839833114800129
# Reference: https://twitter.com/abuse_ch/status/1600855987946016768
# Reference: https://tria.ge/221208-p35zzsda5x

http://142.132.236.84
http://95.217.25.31
blendres.us
braveappbrowser.us
mslaftrebunrer.us
nvidiaexpirianse.us
obcproject.us

# Reference: https://twitter.com/l205306/status/1600861214485417985

coronasfree.com
freesoftwarelab.org
tensoft.store
x-soft.re

# Reference: https://twitter.com/idclickthat/status/1602678773236858882
# Reference: https://www.virustotal.com/gui/ip-address/31.31.196.171/relations

rufus-sootf.site
rufussootf.online
rufussootf.site
rufussootf.space

# Reference: https://twitter.com/crep1x/status/1603739742910169088
# Reference: https://twitter.com/crep1x/status/1603739749012738048
# Reference: https://tria.ge/221216-pvfecsef97
# Reference: https://tria.ge/221215-xs7ptsgb2x/behavioral2

http://116.202.6.49
http://168.119.243.28
http://94.131.98.49
http://95.217.24.210
amyldesk.com
anlmlydesk.com
bragwe.com
download-wallet.net
traldingveiw.com
traldlngview.com
zoow.us

# Reference: https://twitter.com/idclickthat/status/1603917198673805314
# Reference: https://www.virustotal.com/gui/file/decede09c564d8816cd6d5c9ef887adfc60e3880a47eca94e68de0179aa544a4/detection
# Reference: https://www.virustotal.com/gui/file/586923ff9e847ca568e3ee7a24897e02c5406c07c3f14ed33325d0a68ec9b5a2/detection

http://95.216.207.27
tradingapp.tech
tradingviewdownloads.com

# Reference: https://www.virustotal.com/gui/file/7006c4b851cbd7e8e97e7d9d94313c80e0be8cf12d7f814854b1a9cf7b3841b6/detection
# Reference: https://www.virustotal.com/gui/file/64cff0c222e7ed1fd41cddd842288c52c0ddd55a72a2276dd84c32d10111ca0d/detection

http://77.73.131.193

# Misc.

metatrader-5.net
metatrader-download.net

# Reference: https://twitter.com/jstrosch/status/1606045107970486272

http://152.89.218.27

# Reference: https://twitter.com/idclickthat/status/1607860641238323201

http://195.201.251.249
intuitquickbooks.space

# Reference: https://twitter.com/malware_traffic/status/1608690081178750976
# Reference: https://www.virustotal.com/gui/file/050ac31eccb687f01aa3ee0c16217d6d103b796bb606ddf4e3d0013af689e08c/detection

http://45.93.201.62
http://77.73.134.36

# Reference: https://twitter.com/Gi7w0rm/status/1609603582319288323
# Reference: https://tria.ge/230101-s3fa4sca97/behavioral2

http://116.202.4.70
http://116.203.3.152
http://157.90.244.205

# Reference: https://twitter.com/crep1x/status/1609638736366632967

http://116.203.121.167
http://116.203.164.147
http://135.181.204.67
http://185.125.206.181

# Reference: https://www.virustotal.com/gui/file/320aba94c97100f0722bd0acf6ab407f46e309a2e73c8d19dd9eea74e35739b1/detection

http://23.88.49.119

# Reference: https://twitter.com/crep1x/status/1612199364805660673
# Reference: https://twitter.com/crep1x/status/1612199370870460416
# Reference: https://tria.ge/230107-vnc9bahd7x/behavioral2

http://94.130.190.48
1123am.org
7-zlp.quest
7-zlp.shop
7-zlp.xyz
aanybesk.xyz
afteerbumers.lol
afteerbumers.shop
afteerbumers.xyz
afterbbumers.pics
afterbbumers.shop
afterburmer.store
afterburmmeer.website
afterrbburnerr.click
afterrbburnerr.shop
afterrburnerr.click
afterrburnerr.shop
aftersburmers.online
aftersburmers.shop
aftersburmers.xyz
aftterbumer.shop
aftterbumer.store
aftterbumer.xyz
aftterbumers.shop
aftterbumers.xyz
aiu-w.com
amyybeck.com
anyaesk.click
anyaesk.fun
anyaesk.online
anyaesk.site
anyaesk.store
anyaesk.website
anybeck.com
anybeck.site
anybeck.xyz
anybeeskk.xyz
anybek.com
anybesk.xyz
anybessk.xyz
blednar.com
bleednar.click
bleednar.site
bleenbeer.click
bleenbeer.fun
bleenbeer.online
bleenbeer.site
bleenbeer.store
bleenbeer.website
bleenbeer.xyz
blenbber.xyz
blenbeer.xyz
blenbeerr.lol
blenbeerr.xyz
blenber.com
blenber.live
blenber.online
blenber.xyz
blenbere.click
blenbere.fun
blenbere.site
blenbere.store
blenberr.store
blenberr.xyz
blennbeer.online
blennbeer.xyz
blennber.lol
blennber.xyz
bllenber.lol
bllenber.site
blnanseup.xyz
bookinfirst.com
caldairou-bessette.com
dasnlane.click
dasnlane.shop
dasnlane.xyz
dasnlanee.shop
ewga-precision.xyz
firslhorlzom.com
florinaprivateschool.com
flrstharlzan.com
flrstharlzon.click
flrstharlzon.xyz
fox8hen.com
gethonestseo.com
m-afterbbumer.lol
m-afterbbumer.shop
m-afterbbumer.xyz
m-afterbbumers.beauty
m-afterbbumers.christmas
m-afterbbumers.lol
m-afterbbumers.shop
m-afterbbumers.xyz
m-afterbumer.click
m-afterbumer.homes
m-afterbumer.shop
m-afterbummeer.shop
m-afterbummer.shop
m-afterbunar.shop
m-afterburmers.shop
m-afterburmers.xyz
m-afterbuumer.lol
m-afterbuumer.shop
m-afterbuumer.xyz
martianwalel.xyz
martlanwalel.beauty
martlanwalel.hair
martlanwalel.live
martlanwalel.shop
megaobjects.com
msi-afteburner.com
msi-afterbarner.com
msl-afteburner.com
msl-afteburner.link
msl-aftebuurner.xyz
msl-afterbumers.shop
msl-afterbumers.xyz
msl-afturbarner.shop
msl-afturbumeerr.one
msl-afturbumeerr.shop
msl-afturbumeerr.xyz
msl-afturbumer.shop
msl-afturbummeer.one
msl-afturbummeer.shop
msl-afturbummeer.xyz
mslafterbumer.shop
mslafterbumers.click
mslafterbumers.lol
mslafterbumers.shop
msslafteburner.link
obsproector.click
obsproector.xyz
obsprojector.live
obsprojector.online
obsprojector.xyz
obsprojectr.click
obsprojectr.xyz
obsprojectrr.lol
obsprojectrr.xyz
pipeliningutah.com
robimhod.com
rufuc.xyz
rufuuc.click
rufuuc.lol
rufuuc.site
rufuuc.store
rufuuc.xyz
rufuucc.lol
rufuucc.xyz
ruufuc.store
samouraivvallel.xyz
sbccu.xyz
sejaitaliano.net
sellmya36.com
sketcn-up.click
sketcn-up.lol
sketcn-up.shop
sketcn-up.xyz
slaks.online
slaks.store
slaks.website
slaskc.website
slaskc.xyz
slaskkc.xyz
slasskc.website
slasskc.xyz
teamwieever.live
teamwieever.online
teamwieever.xyz
telecomandotelevisione.com
traidlngvieew.online
traidlngvieew.shop
traidlngvieew.xyz
traidlngview.shop
traidlngview.xyz
traidlngvieww.shop
traidlngvieww.xyz
traldlngvlew.xyz
unlfufsu.xyz
wasabiwolet.xyz
wasabiwollet.xyz
wideolan.click
wideolan.club
wideolan.shop
zksyn-io.xyz

# Reference: https://twitter.com/DonPasci/status/1612529338015965208
# Reference: https://www.virustotal.com/gui/ip-address/170.130.40.34/relations

acrobatsadobes.icu
anydesk-software.site
anydeskdownload.icu
gimps.icu

# Reference: https://twitter.com/DonPasci/status/1612846842605359106
# Reference: https://www.virustotal.com/gui/ip-address/77.73.131.130/relations

brave-browser-instal.store
brave-browser-softvvare.com
brave-browser-softwares.com
brave-browser-softwere.com
brave-browser.cam
brave-browser.xyz
brave-browsers.live
brave-browsyr.store
brave-browzers.store
brave-browzir.biz
brave-browzir.store
brave-brser.biz
brave-dovvnlaod.store
brave-download-setup.cam
brave-download-setup.live
brave-instai.store
brave-instail.store
brave-installs.biz
brave-installs.store
brave-installs.xyz
bravebrowzer.cam
bravebrowzer.live
bravebrowzer.site
bravebrwser.biz
creative-cloud-info.com
creative-cloud-panel.com
creative-cloud.live
creative-cloud.pro
creative-cloud.xyz
hetflix-2023.cam
hetflix-instal.cam
hetflix-instal.store
hetflix-install2023.store
hetflix-installs.cam
hetflix-pc-install.cam
hetflix-pc-setup.cam
hetflix-pc.cam
notepab.cam
notepad-pl-us-plus.com
notepadinfo.biz
notepadinfo.cam
notepadinfo.pro
notepadownload.cam
notepadpl-us-plus.cam
notepadplus-plus.cam
notepadplusplusihstall.com
notepadplusplusinstal.cam
notepadplusplusinstall.cam
notepadplusplusinstall.pro
notepadplusplusinstall.store
notepadplusplusinstall.xyz
notepadplusplusinstaller.cam
notepadplusplusinstaller.store
notepadplusplusinstalls.cam
notepadplusplusinstals.cam
notepadplusplusinstals.store
notepadplusplusinstals.xyz
notepadsplu-plusinstall.com
obs-prject.store
obs-prjectx.store
obs-projec-soft.store
obs-project-downloading.com
obs-project-soft.store
obs-project-software.store
obs-projectx.biz
obs-projest.store
obs-projict-install.store
obsinstaller.cam
obsinstaller.com
obsinstalls.biz
obsinstalls.com
obsinstalls.store
obsinstallsoft.com
obslaboratory.store
obslabs.cam
obslabs.pro
obsprject.pro
obsprject.store
obsprjects.com
obsprjjject.store
obsprojicts.com
obsrecord.store
obsstream.store
okiawaabots.store
okiawabots.store
okiawabotswork.store
okiawagang.store

# Reference: https://threatfox.abuse.ch/ioc/1068148/
# Reference: https://threatfox.abuse.ch/ioc/1068149/

http://5.75.182.6
http://65.109.190.87

# Reference: https://twitter.com/JAMESWT_MHT/status/1613893102262951937
# Reference: https://twitter.com/yvesago/status/1613851481077161984
# Reference: https://app.any.run/tasks/a1ec516d-6a4b-46e4-9bed-99da40e4ff59/
# Reference: https://www.virustotal.com/gui/file/72cf01d835129bd2b829391f098c17fd444f6b105651736c19c9f937479b591e/detection

http://5.75.203.81
http://78.47.228.65
http://91.107.156.138
aduducity.org
audacityeteam.org

# Reference: https://www.malwarebytes.com/blog/threat-intelligence/2023/01/crypto-inspired-magecart-skimmer-surfaces-via-digital-crime-haven

aanybesk.click
traidlngvieew.site

# Reference: https://twitter.com/1ZRR4H/status/1614689336242348033

http://91.107.158.249
blenderno.org
qiupm.org
tradervwiev.org

# Reference: https://twitter.com/mdmck10/status/1615010474088611842
# Reference: https://www.virustotal.com/gui/ip-address/79.137.197.61/relations

androidcarts.com
best-finance-news.com
brosno.com
cancerpedia.com
com.brosno.com
com.cancerpedia.com
com.consulenzapro.com
com.ctsided.com
com.piensa-engrande.com
com.prifense.com
com.sunceam-news.com
consulenzapro.com
ctsided.com
domifybot.com
hantarjer.com
letstreamin.space
obsproject.com.brosno.com
obsproject.com.cancerpedia.com
obsproject.com.consulenzapro.com
obsproject.com.ctsided.com
obsproject.com.piensa-engrande.com
obsproject.com.prifense.com
obsproject.com.sunceam-news.com
piensa-engrande.com
prifense.com
sunceam-news.com

# Reference: https://twitter.com/mdmck10/status/1615015220077887488
# Reference: https://www.virustotal.com/gui/ip-address/185.149.120.133/relations

audacslty.site
audasite.online
audasite.site
audasite.space
audasite.website
docstore.app
glmps.site
godstreamsview.fun
godstreamsview.online
godstreamsview.site
godstreamsview.space
godstreamsview.website
godstreamsviews.fun
godstreamsviews.online
godstreamsviews.site
godstreamsviews.space
godstreamsviews.website
letstreamin.space
obcproect.site
obcprolect.com
oblproject.com
obmprolect.com
obpproject.com
obrproject.com
obsproect.site
obsspro.online
obsspro.site
obsspro.website
obstremsview.online
obstremswiev.fun
obstremswiev.online
obstremswiev.site
obstremswiev.space
odstraeming.fun
odstraeming.online
odstraeming.site
odstraeming.space
odstraeming.website
odstreamsviews.fun
odstreamsviews.online
odstreamsviews.site
odstreamsviews.space
odstreamsviews.website
ostreeming.fun
ostreeming.online
ostreeming.site
ostreeming.space
ostreeming.website
qobstreamsview.fun
qobstreamsview.online
qobstreamsview.site
qobstreamsview.website
qobstreamsviews.fun
qobstreamsviews.online
qobstreamsviews.site
qobstreamsviews.space
qobstreamsviews.website
sgparroquial.app
techinovation.fun
techinovation.online
techinovation.site
techinovation.space
techinovation.website
tecinnovation.fun
tecinnovation.online
tecinnovation.site
tecinnovation.space
tecinnovation.website
tecinnovations.online
tecinovations.pw
vilc.site

# Reference: https://twitter.com/malwrhunterteam/status/1615129063257001984

blenelder.org
blenderno.org

# Reference: https://twitter.com/malwrhunterteam/status/1615145024299175941
# Reference: https://www.virustotal.com/gui/ip-address/198.54.114.162/relations

capcut-brl.online
capcut-desktop.online
capcut-downloads.online
capcut-edits.online
capcut-pc.online
capcut-pcdownload.online
capcut-pro.online
capcut-windows.online
ccleaner-pc.online
clickminded.online
cyprusroyalestates.com
foxit-pc.online
hidemyass.online
internetdownloadmanager-pc.online
kinemaster.website
kmplayer-pc.online
notepad-pc.online
pipiads.online
softwarefullcrack.online
theslidequest.online
videolan-pc.online
winrar-pc.online
winrar-pro.online

# Reference: https://www.virustotal.com/gui/file/4a8ccf53b785ab0ee93db39aaa6d656c19a7705d5a38f298a6bc5fa8250995f3/detection

http://23.137.249.5
/fs89rh4nfg0.php

# Reference: https://twitter.com/malwrhunterteam/status/1615776570307657730
# Reference: https://www.virustotal.com/gui/file/b1af4c462b411699595be17c4373dea4ce739339682874f0f3dc231d8cef744d/detection

http://65.21.119.56
ripple-wells-2022.org

# Reference: https://twitter.com/CSICCybersecur1/status/1615794289719808000
# Reference: https://threatresearch.ext.hp.com/adverts-mimicking-popular-software-leads-to-malware/

audacite.org
blenderon.org

# Reference: https://tria.ge/230118-zksl2shf29/behavioral2

http://65.109.208.140

# Reference: https://twitter.com/crep1x/status/1615840062729605122
# Reference: https://tria.ge/230118-1q7htsfe4y/behavioral2

http://88.198.120.151
brave-browser.edudlplomss.com

# Reference: https://github.com/brad-duncan/IOCs/blob/main/2023-01-19-IOCs-for-Fake-Notepad-plus-plus-page-and-malware.txt

notpad-plus-plus.com

# Reference: https://tria.ge/230120-zn2zwsbf9s/behavioral1

http://45.93.201.114
http://65.109.208.142

# Reference: https://www.virustotal.com/gui/file/55154520c70873a559f4dffa7984201a49dcf8d50a3f2782cb72cc940116168b/detection

http://65.109.200.241

# Reference: https://community.emergingthreats.net/t/vidar-stealer-picks-up-steam/271

http://142.132.169.161
http://78.46.238.118
http://78.47.172.233
http://78.47.225.61
http://78.47.233.145

# Reference: https://otx.alienvault.com/pulse/63cc2e0bdcf82dd7a1016c43
# Reference: https://www.sentinelone.com/blog/breaking-down-the-seo-poisoning-attack-how-attackers-are-hijacking-search-results/
# Reference: https://www.virustotal.com/gui/file/0c5e7987dd67a8313fed90262b5bf678f19854ee0948e9ceb75f095cba1feecf/detection
# Reference: https://www.virustotal.com/gui/file/1ea1ac062289988a73823ff8e9d3349eeb6e42a2180bee8250d3c4217d6f33e9/detection
# Reference: https://www.virustotal.com/gui/file/8c0bfb0cfb89c367745b8c09e0d1ca790494ce7bf064748f7b47f5a204a5457f/detection

http://74.119.194.167
blender-s.org
blendersa.org
blender3dorg.fras6899.odns.fr

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/

http://116.202.0.132
http://116.202.185.129
http://116.202.185.202
http://116.202.30.165
http://116.202.6.47
http://116.202.7.135
http://116.202.8.130
http://116.203.11.245
http://116.203.11.45
http://116.203.13.130
http://116.203.164.194
http://116.203.165.188
http://116.203.166.139
http://116.203.211.149
http://116.203.220.83
http://116.203.69.150
http://116.203.7.201
http://128.140.13.168
http://135.181.26.183
http://135.181.27.186
http://135.181.87.234
http://138.201.94.79
http://142.132.168.13
http://142.132.228.165
http://146.70.131.216
http://146.70.20.236
http://157.230.123.128
http://157.90.145.118
http://157.90.161.227
http://159.69.223.112
http://159.69.50.190
http://161.35.28.183
http://162.55.40.72
http://164.92.172.75
http://165.227.167.218
http://167.235.153.37
http://168.119.59.211
http://185.130.47.220
http://185.149.120.9
http://185.162.177.26
http://185.203.119.148
http://188.119.112.77
http://195.201.237.253
http://195.201.251.109
http://195.201.253.86
http://195.201.255.32
http://195.201.45.16
http://195.201.45.203
http://195.201.45.53
http://195.201.46.32
http://195.201.47.75
http://217.160.170.6
http://23.106.122.140
http://23.145.40.109
http://37.123.196.7
http://45.159.48.224
http://45.8.145.14
http://45.8.147.151
http://45.8.147.51
http://49.12.112.48
http://49.12.113.110
http://49.12.117.107
http://49.12.118.167
http://49.12.119.56
http://5.75.159.217
http://5.75.167.38
http://65.108.86.196
http://65.109.164.83
http://65.109.201.11
http://65.109.236.2
http://65.21.58.6
http://77.73.133.32
http://78.46.235.109
http://78.46.254.12
http://78.47.168.170
http://78.47.225.60
http://78.47.31.221
http://88.198.108.245
http://88.198.116.74
http://88.99.120.56
http://91.107.199.176
http://91.107.199.224
http://91.107.229.205
http://91.107.229.3
http://91.107.232.62
http://94.130.190.118
http://94.130.190.86
http://94.131.105.147
http://95.216.179.190
http://95.217.152.87
http://95.217.157.160
http://95.217.221.82
http://95.217.233.36
http://95.217.240.249
http://95.217.240.6
http://95.217.29.138
116.202.1.171:1010
49.12.119.193:9100
49.12.34.6:1010
5.75.234.140:8333
88.99.124.27:1010
91.215.85.198:35964
2022-12-01znegeulfluxsisilafamille.blog.msi-afteburner.com
2022-12-02znegeulfluxsisilafamille.wp.msl-afteburner.com
42c150df-96bf-4714-9d76-9b9c8f464b9c.msl-afteburner.com
56988011-f30d-45c5-a604-63d3f977f48b.firslhorlzom.com
5f7f20b6-142f-4be4-b2f3-162a57f19e8f.msl-afteburner.com
79161e492f6e.firslhorlzom.com
7b6d99a9-c61e-438f-908d-9c5d71038dd5.msi-afteburner.com
94efb512-1b7e-42dd-8799-bee584ec6305.msi-afteburner.com
989e6127-7d52-4162-a517-79161e492f6e.firslhorlzom.com
a63cf611-acbd-4806-82f5-8d5b3160d1a9.robimhod.com
app.msl-afteburner.com
app.msl-afteburner.link
app.msl-aftebuurner.xyz
b2b.firslhorlzom.com
b2b.gethonestseo.com
b2b.msi-afteburner.com
b2b.msl-afteburner.com
b2b.msl-afteburner.link
b2b.msl-aftebuurner.xyz
b2b.msslafteburner.link
b2b.robimhod.com
blog.firslhorlzom.com
blog.hostmaster.caldairou-bessette.com
blog.megaobjects.com
blog.msi-afteburner.com
blog.msl-afteburner.com
blog.msl-afteburner.link
blog.msl-aftebuurner.xyz
blog.msslafteburner.link
cd8h4oikbfgntfve6p40.msl-afteburner.link
cd9es62kbfgq26rbe220.msl-afteburner.link
crm.msl-aftebuurner.xyz
crm.msslafteburner.link
crm.robimhod.com
d7jr1cj6.sejaitaliano.net
ec1ccef2-ccd2-4ab4-9a6f-fda5f8e6a66d.robimhod.com
enter.bookinfirst.com
enter.firslhorlzom.com
enter.msi-afteburner.com
enter.msl-afteburner.com
f4a38fb8-74af-4a65-8330-7afca66eb7df.firslhorlzom.com
fda5f8e6a66d.robimhod.com
forum.firslhorlzom.com
git.app.msl-afteburner.com
git.app.msl-afteburner.link
git.app.msl-aftebuurner.xyz
git.b2b.firslhorlzom.com
git.b2b.msi-afteburner.com
git.b2b.msl-afteburner.link
git.b2b.msslafteburner.link
git.blog.firslhorlzom.com
git.blog.msl-afteburner.com
git.blog.msl-afteburner.link
git.blog.msl-aftebuurner.xyz
git.blog.msslafteburner.link
git.cd9es62kbfgq26rbe220.msl-afteburner.link
git.crm.msl-aftebuurner.xyz
git.enter.firslhorlzom.com
git.enter.msl-afteburner.com
git.firslhorlzom.com
git.git.app.msl-afteburner.com
git.git.app.msl-aftebuurner.xyz
git.git.b2b.msi-afteburner.com
git.git.blog.firslhorlzom.com
git.git.blog.msl-afteburner.com
git.git.blog.msl-afteburner.link
git.git.blog.msl-aftebuurner.xyz
git.git.blog.msslafteburner.link
git.git.cd9es62kbfgq26rbe220.msl-afteburner.link
git.git.git.app.msl-afteburner.com
git.git.git.app.msl-aftebuurner.xyz
git.git.git.b2b.msi-afteburner.com
git.git.git.blog.firslhorlzom.com
git.git.git.blog.msl-afteburner.com
git.git.git.blog.msl-afteburner.link
git.git.git.blog.msslafteburner.link
git.git.git.cd9es62kbfgq26rbe220.msl-afteburner.link
git.git.git.firsthorizon.com.gethonestseo.com
git.git.git.git.app.msl-aftebuurner.xyz
git.git.git.git.b2b.msi-afteburner.com
git.git.git.git.blog.firslhorlzom.com
git.git.git.git.blog.msl-afteburner.com
git.git.git.git.blog.msl-afteburner.link
git.git.git.git.cd9es62kbfgq26rbe220.msl-afteburner.link
git.git.git.git.git.app.msl-aftebuurner.xyz
git.git.git.git.git.blog.firslhorlzom.com
git.git.git.git.git.blog.msl-afteburner.com
git.git.git.git.git.blog.msl-afteburner.link
git.git.git.git.git.cd9es62kbfgq26rbe220.msl-afteburner.link
git.git.git.git.git.git.blog.firslhorlzom.com
git.git.git.git.git.git.blog.msl-afteburner.link
git.git.git.git.git.git.git.msi-afteburner.com
git.git.git.git.git.git.m.msi-afteburner.com
git.git.git.git.git.git.msi-afteburner.com
git.git.git.git.git.git.sitemaps.msi-afteburner.com
git.git.git.git.git.gitlab.shop.msl-afteburner.link
git.git.git.git.git.m.msi-afteburner.com
git.git.git.git.git.msi-afteburner.com
git.git.git.git.git.sitemaps.msi-afteburner.com
git.git.git.git.gitlab.gitlab.git.firslhorlzom.com
git.git.git.git.gitlab.gitlab.sitemap.robimhod.com
git.git.git.git.gitlab.gitlab.sitemap.sellmya36.com
git.git.git.git.gitlab.shop.msl-afteburner.link
git.git.git.git.gitlab.sitemaps.msl-afteburner.link
git.git.git.git.m.msi-afteburner.com
git.git.git.git.mail.msl-aftebuurner.xyz
git.git.git.git.msi-afteburner.com
git.git.git.git.sitemap.msl-afteburner.link
git.git.git.git.sitemaps.msi-afteburner.com
git.git.git.gitlab.blog.hostmaster.gethonestseo.com
git.git.git.gitlab.blog.msl-aftebuurner.xyz
git.git.git.gitlab.enter.firslhorlzom.com
git.git.git.gitlab.git.sitemaps.robimhod.com
git.git.git.gitlab.gitlab.git.firslhorlzom.com
git.git.git.gitlab.gitlab.gitlab.b2b.msl-afteburner.com
git.git.git.gitlab.gitlab.gitlab.wp.msi-afteburner.com
git.git.git.gitlab.gitlab.gitlab.wp.msl-afteburner.com
git.git.git.gitlab.gitlab.sitemap.robimhod.com
git.git.git.gitlab.m.msl-afteburner.com
git.git.git.gitlab.msl-afteburner.com
git.git.git.gitlab.shop.msl-afteburner.link
git.git.git.gitlab.sitemap.msl-afteburner.link
git.git.git.gitlab.sitemap.robimhod.com
git.git.git.gitlab.sitemaps.msl-afteburner.link
git.git.git.gitlab.sitemaps.robimhod.com
git.git.git.m.msi-afteburner.com
git.git.git.m.msl-afteburner.com
git.git.git.mail.msl-aftebuurner.xyz
git.git.git.msi-afteburner.com
git.git.git.sitemap.msl-afteburner.link
git.git.git.sitemaps.msi-afteburner.com
git.git.git.speedycrm.robimhod.com
git.git.gitlab.app.msl-afteburner.com
git.git.gitlab.blog.hostmaster.gethonestseo.com
git.git.gitlab.blog.msl-aftebuurner.xyz
git.git.gitlab.enter.firslhorlzom.com
git.git.gitlab.git.blog.hostmaster.gethonestseo.com
git.git.gitlab.git.blog.msslafteburner.link
git.git.gitlab.git.enter.firslhorlzom.com
git.git.gitlab.git.git.app.msl-afteburner.com
git.git.gitlab.git.git.blog.msslafteburner.link
git.git.gitlab.git.git.gitlab.wp.msi-afteburner.com
git.git.gitlab.git.git.wp.msi-afteburner.com
git.git.gitlab.git.gitlab.enter.firslhorlzom.com
git.git.gitlab.git.gitlab.git.wp.msl-afteburner.com
git.git.gitlab.git.gitlab.gitlab.wp.firslhorlzom.com
git.git.gitlab.git.gitlab.sitemap.robimhod.com
git.git.gitlab.git.gitlab.wp.firslhorlzom.com
git.git.gitlab.git.sitemaps.msl-afteburner.link
git.git.gitlab.git.sitemaps.robimhod.com
git.git.gitlab.git.wordpress.msl-afteburner.link
git.git.gitlab.git.wp.msl-afteburner.com
git.git.gitlab.git.wp.sejaitaliano.net
git.git.gitlab.gitlab.git.app.msl-afteburner.com
git.git.gitlab.gitlab.git.firslhorlzom.com
git.git.gitlab.gitlab.git.sitemaps.msl-afteburner.link
git.git.gitlab.gitlab.git.sitemaps.robimhod.com
git.git.gitlab.gitlab.gitlab.b2b.msl-afteburner.com
git.git.gitlab.gitlab.gitlab.git.sitemaps.robimhod.com
git.git.gitlab.gitlab.gitlab.gitlab.1.bookinfirst.com
git.git.gitlab.gitlab.gitlab.secure.bookinfirst.com
git.git.gitlab.gitlab.gitlab.shop.msslafteburner.link
git.git.gitlab.gitlab.gitlab.wp.firslhorlzom.com
git.git.gitlab.gitlab.gitlab.wp.msi-afteburner.com
git.git.gitlab.gitlab.gitlab.wp.msl-afteburner.com
git.git.gitlab.gitlab.sitemap.robimhod.com
git.git.gitlab.gitlab.wp.firslhorlzom.com
git.git.gitlab.m.msl-afteburner.com
git.git.gitlab.msl-afteburner.com
git.git.gitlab.shop.msl-afteburner.link
git.git.gitlab.shop.msslafteburner.link
git.git.gitlab.sitemap.msl-afteburner.link
git.git.gitlab.sitemap.robimhod.com
git.git.gitlab.sitemaps.msl-afteburner.link
git.git.gitlab.sitemaps.robimhod.com
git.git.gitlab.wp.firslhorlzom.com
git.git.gitlab.wp.msi-afteburner.com
git.git.m.msi-afteburner.com
git.git.m.msl-afteburner.com
git.git.m.msl-aftebuurner.xyz
git.git.mail.msl-aftebuurner.xyz
git.git.msi-afteburner.com
git.git.msl-aftebuurner.xyz
git.git.old.msl-afteburner.link
git.git.robimhod.com
git.git.sitemap.msl-afteburner.link
git.git.sitemaps.msi-afteburner.com
git.git.sitemaps.msl-afteburner.link
git.git.speedycrm.robimhod.com
git.git.test.msslafteburner.link
git.git.wp.msi-afteburner.com
git.gitlab.app.msl-afteburner.com
git.gitlab.b2b.msl-afteburner.com
git.gitlab.blog.hostmaster.gethonestseo.com
git.gitlab.blog.msl-aftebuurner.xyz
git.gitlab.enter.firslhorlzom.com
git.gitlab.git.app.msl-afteburner.com
git.gitlab.git.blog.msl-aftebuurner.xyz
git.gitlab.git.blog.msslafteburner.link
git.gitlab.git.enter.firslhorlzom.com
git.gitlab.git.git.app.msl-afteburner.com
git.gitlab.git.git.blog.msl-aftebuurner.xyz
git.gitlab.git.git.blog.msslafteburner.link
git.gitlab.git.git.git.blog.msslafteburner.link
git.gitlab.git.git.git.git.b2b.msi-afteburner.com
git.gitlab.git.git.git.gitlab.blog.msl-aftebuurner.xyz
git.gitlab.git.git.git.gitlab.sitemaps.msl-afteburner.link
git.gitlab.git.git.gitlab.blog.msl-aftebuurner.xyz
git.gitlab.git.git.gitlab.enter.firslhorlzom.com
git.gitlab.git.git.gitlab.git.sitemaps.robimhod.com
git.gitlab.git.git.gitlab.gitlab.sitemap.robimhod.com
git.gitlab.git.git.gitlab.shop.msl-afteburner.link
git.gitlab.git.git.gitlab.wp.msi-afteburner.com
git.gitlab.git.git.m.msl-afteburner.com
git.gitlab.git.git.wp.msi-afteburner.com
git.gitlab.git.gitlab.app.msl-afteburner.com
git.gitlab.git.gitlab.blog.msl-aftebuurner.xyz
git.gitlab.git.gitlab.enter.firslhorlzom.com
git.gitlab.git.gitlab.git.git.blog.msslafteburner.link
git.gitlab.git.gitlab.git.wp.msl-afteburner.com
git.gitlab.git.gitlab.gitlab.blog.hostmaster.gethonestseo.com
git.gitlab.git.gitlab.gitlab.git.blog.msl-aftebuurner.xyz
git.gitlab.git.gitlab.gitlab.gitlab.blog.msslafteburner.link
git.gitlab.git.gitlab.gitlab.gitlab.shop.msslafteburner.link
git.gitlab.git.gitlab.gitlab.gitlab.wp.msi-afteburner.com
git.gitlab.git.gitlab.gitlab.wp.firslhorlzom.com
git.gitlab.git.gitlab.sitemap.robimhod.com
git.gitlab.git.gitlab.wp.firslhorlzom.com
git.gitlab.git.gitlab.wp.msl-afteburner.com
git.gitlab.git.m.msl-afteburner.com
git.gitlab.git.sitemaps.msl-afteburner.link
git.gitlab.git.sitemaps.robimhod.com
git.gitlab.git.wordpress.msl-afteburner.link
git.gitlab.git.wp.msl-afteburner.com
git.gitlab.gitlab.blog.hostmaster.gethonestseo.com
git.gitlab.gitlab.blog.msl-aftebuurner.xyz
git.gitlab.gitlab.git.app.msl-afteburner.com
git.gitlab.gitlab.git.b2b.msi-afteburner.com
git.gitlab.gitlab.git.blog.hostmaster.gethonestseo.com
git.gitlab.gitlab.git.blog.msl-aftebuurner.xyz
git.gitlab.gitlab.git.firslhorlzom.com
git.gitlab.gitlab.git.git.app.msl-afteburner.com
git.gitlab.gitlab.git.git.blog.msl-aftebuurner.xyz
git.gitlab.gitlab.git.git.git.b2b.msi-afteburner.com
git.gitlab.gitlab.git.git.mail.msl-aftebuurner.xyz
git.gitlab.gitlab.git.gitlab.git.app.msl-afteburner.com
git.gitlab.gitlab.git.gitlab.git.blog.msl-aftebuurner.xyz
git.gitlab.gitlab.git.m.msl-afteburner.com
git.gitlab.gitlab.git.sitemaps.msl-afteburner.link
git.gitlab.gitlab.git.sitemaps.robimhod.com
git.gitlab.gitlab.gitlab.b2b.msl-afteburner.com
git.gitlab.gitlab.gitlab.blog.hostmaster.gethonestseo.com
git.gitlab.gitlab.gitlab.blog.msl-aftebuurner.xyz
git.gitlab.gitlab.gitlab.blog.msslafteburner.link
git.gitlab.gitlab.gitlab.enter.msl-afteburner.com
git.gitlab.gitlab.gitlab.git.b2b.msi-afteburner.com
git.gitlab.gitlab.gitlab.git.blog.msl-aftebuurner.xyz
git.gitlab.gitlab.gitlab.git.sitemaps.robimhod.com
git.gitlab.gitlab.gitlab.gitlab.b2b.msl-afteburner.com
git.gitlab.gitlab.gitlab.gitlab.blog.msslafteburner.link
git.gitlab.gitlab.gitlab.gitlab.gitlab.blog.msslafteburner.link
git.gitlab.gitlab.gitlab.gitlab.shop.msslafteburner.link
git.gitlab.gitlab.gitlab.gitlab.sitemap.robimhod.com
git.gitlab.gitlab.gitlab.shop.msslafteburner.link
git.gitlab.gitlab.gitlab.wp.firslhorlzom.com
git.gitlab.gitlab.gitlab.wp.msi-afteburner.com
git.gitlab.gitlab.gitlab.wp.msl-afteburner.com
git.gitlab.gitlab.old.firslhorlzom.com
git.gitlab.gitlab.sitemap.robimhod.com
git.gitlab.gitlab.sitemaps.msl-afteburner.link
git.gitlab.gitlab.test.msl-afteburner.link
git.gitlab.gitlab.wp.firslhorlzom.com
git.gitlab.m.msl-afteburner.com
git.gitlab.msl-afteburner.com
git.gitlab.old.msl-afteburner.link
git.gitlab.shop.msi-afteburner.com
git.gitlab.shop.msl-afteburner.link
git.gitlab.shop.msslafteburner.link
git.gitlab.sitemap.msl-afteburner.link
git.gitlab.sitemap.robimhod.com
git.gitlab.sitemaps.msl-afteburner.link
git.gitlab.sitemaps.robimhod.com
git.gitlab.test.msl-afteburner.link
git.gitlab.wordpress.msl-afteburner.com
git.gitlab.wp.firslhorlzom.com
git.gitlab.wp.msi-afteburner.com
git.gitlab.wp.msl-afteburner.com
git.lime.msl-aftebuurner.xyz
git.m.msi-afteburner.com
git.m.msl-afteburner.com
git.m.msl-aftebuurner.xyz
git.mail.msl-aftebuurner.xyz
git.msi-afteburner.com
git.msl-aftebuurner.xyz
git.old.firslhorlzom.com
git.old.msl-afteburner.link
git.old.msslafteburner.link
git.robimhod.com
git.sitemap.msl-afteburner.link
git.sitemaps.msi-afteburner.com
git.sitemaps.msl-afteburner.link
git.sitemaps.robimhod.com
git.speedycrm.robimhod.com
git.test.msslafteburner.link
git.wordpress.msi-afteburner.com
git.wordpress.msl-afteburner.com
git.wordpress.msl-afteburner.link
git.wordpress.msslafteburner.link
git.wp.msi-afteburner.com
git.wp.msl-afteburner.com
gitlab.app.msl-afteburner.com
gitlab.b2b.msl-afteburner.com
gitlab.b2b.msl-afteburner.link
gitlab.b2b.msslafteburner.link
gitlab.blog.hostmaster.gethonestseo.com
gitlab.blog.msl-aftebuurner.xyz
gitlab.blog.msslafteburner.link
gitlab.enter.firslhorlzom.com
gitlab.enter.msi-afteburner.com
gitlab.enter.msl-afteburner.com
gitlab.git.app.msl-afteburner.com
gitlab.git.b2b.msi-afteburner.com
gitlab.git.blog.msl-aftebuurner.xyz
gitlab.git.blog.msslafteburner.link
gitlab.git.enter.firslhorlzom.com
gitlab.git.firslhorlzom.com
gitlab.git.git.app.msl-afteburner.com
gitlab.git.git.b2b.msi-afteburner.com
gitlab.git.git.blog.caldairou-bessette.com
gitlab.git.git.blog.msl-aftebuurner.xyz
gitlab.git.git.blog.msslafteburner.link
gitlab.git.git.git.app.msl-afteburner.com
gitlab.git.git.git.b2b.msi-afteburner.com
gitlab.git.git.git.blog.msslafteburner.link
gitlab.git.git.git.git.b2b.msi-afteburner.com
gitlab.git.git.git.git.gitlab.shop.msl-afteburner.link
gitlab.git.git.git.git.wp.sejaitaliano.net
gitlab.git.git.git.gitlab.blog.hostmaster.gethonestseo.com
gitlab.git.git.git.gitlab.blog.msl-aftebuurner.xyz
gitlab.git.git.git.gitlab.m.msl-afteburner.com
gitlab.git.git.git.gitlab.shop.msl-afteburner.link
gitlab.git.git.git.gitlab.sitemap.robimhod.com
gitlab.git.git.git.gitlab.sitemaps.msl-afteburner.link
gitlab.git.git.gitlab.app.msl-afteburner.com
gitlab.git.git.gitlab.blog.msl-aftebuurner.xyz
gitlab.git.git.gitlab.enter.firslhorlzom.com
gitlab.git.git.gitlab.git.enter.firslhorlzom.com
gitlab.git.git.gitlab.git.git.blog.msslafteburner.link
gitlab.git.git.gitlab.git.gitlab.wp.firslhorlzom.com
gitlab.git.git.gitlab.git.sitemaps.robimhod.com
gitlab.git.git.gitlab.git.wp.msl-afteburner.com
gitlab.git.git.gitlab.gitlab.git.sitemaps.msl-afteburner.link
gitlab.git.git.gitlab.gitlab.gitlab.b2b.msl-afteburner.com
gitlab.git.git.gitlab.gitlab.gitlab.shop.msslafteburner.link
gitlab.git.git.gitlab.gitlab.gitlab.wp.msi-afteburner.com
gitlab.git.git.gitlab.gitlab.gitlab.wp.msl-afteburner.com
gitlab.git.git.gitlab.gitlab.sitemap.robimhod.com
gitlab.git.git.gitlab.shop.msl-afteburner.link
gitlab.git.git.gitlab.wp.firslhorlzom.com
gitlab.git.git.gitlab.wp.msi-afteburner.com
gitlab.git.git.m.msl-afteburner.com
gitlab.git.git.mail.msl-aftebuurner.xyz
gitlab.git.git.secure.bookinfirst.com
gitlab.git.git.wp.msi-afteburner.com
gitlab.git.git.x1.bookinfirst.com
gitlab.git.gitlab.app.msl-afteburner.com
gitlab.git.gitlab.blog.msl-aftebuurner.xyz
gitlab.git.gitlab.enter.firslhorlzom.com
gitlab.git.gitlab.git.app.msl-afteburner.com
gitlab.git.gitlab.git.blog.msl-aftebuurner.xyz
gitlab.git.gitlab.git.git.blog.msl-aftebuurner.xyz
gitlab.git.gitlab.git.git.blog.msslafteburner.link
gitlab.git.gitlab.git.git.git.blog.msslafteburner.link
gitlab.git.gitlab.git.git.gitlab.blog.msl-aftebuurner.xyz
gitlab.git.gitlab.git.git.gitlab.wp.msi-afteburner.com
gitlab.git.gitlab.git.gitlab.app.msl-afteburner.com
gitlab.git.gitlab.git.gitlab.blog.msl-aftebuurner.xyz
gitlab.git.gitlab.git.gitlab.enter.firslhorlzom.com
gitlab.git.gitlab.git.gitlab.wp.firslhorlzom.com
gitlab.git.gitlab.git.sitemaps.robimhod.com
gitlab.git.gitlab.git.wordpress.msl-afteburner.link
gitlab.git.gitlab.git.wp.msl-afteburner.com
gitlab.git.gitlab.gitlab.blog.hostmaster.gethonestseo.com
gitlab.git.gitlab.gitlab.blog.msl-aftebuurner.xyz
gitlab.git.gitlab.gitlab.blog.sellmya36.com
gitlab.git.gitlab.gitlab.git.blog.hostmaster.gethonestseo.com
gitlab.git.gitlab.gitlab.git.blog.msl-aftebuurner.xyz
gitlab.git.gitlab.gitlab.git.sitemaps.robimhod.com
gitlab.git.gitlab.gitlab.gitlab.b2b.msl-afteburner.com
gitlab.git.gitlab.gitlab.gitlab.blog.msl-aftebuurner.xyz
gitlab.git.gitlab.gitlab.gitlab.blog.msslafteburner.link
gitlab.git.gitlab.gitlab.gitlab.git.b2b.msi-afteburner.com
gitlab.git.gitlab.gitlab.gitlab.git.blog.msl-aftebuurner.xyz
gitlab.git.gitlab.gitlab.gitlab.gitlab.b2b.msl-afteburner.com
gitlab.git.gitlab.gitlab.gitlab.secure.bookinfirst.com
gitlab.git.gitlab.gitlab.gitlab.shop.msslafteburner.link
gitlab.git.gitlab.gitlab.gitlab.wp.firslhorlzom.com
gitlab.git.gitlab.gitlab.gitlab.wp.msi-afteburner.com
gitlab.git.gitlab.gitlab.wp.firslhorlzom.com
gitlab.git.gitlab.hostmaster.sellmya36.com
gitlab.git.gitlab.sitemap.robimhod.com
gitlab.git.gitlab.wp.firslhorlzom.com
gitlab.git.gitlab.wp.msl-afteburner.com
gitlab.git.m.msl-afteburner.com
gitlab.git.old.msl-afteburner.link
gitlab.git.sitemap.msl-afteburner.link
gitlab.git.sitemaps.msl-afteburner.link
gitlab.git.sitemaps.robimhod.com
gitlab.git.wordpress.msl-afteburner.link
gitlab.git.wp.msl-afteburner.com
gitlab.gitlab.app.msl-afteburner.com
gitlab.gitlab.b2b.msl-afteburner.com
gitlab.gitlab.b2b.msl-afteburner.link
gitlab.gitlab.blog.hostmaster.gethonestseo.com
gitlab.gitlab.blog.msl-aftebuurner.xyz
gitlab.gitlab.blog.msslafteburner.link
gitlab.gitlab.enter.firslhorlzom.com
gitlab.gitlab.enter.msl-afteburner.com
gitlab.gitlab.git.app.msl-afteburner.com
gitlab.gitlab.git.b2b.msi-afteburner.com
gitlab.gitlab.git.blog.hostmaster.gethonestseo.com
gitlab.gitlab.git.blog.msl-aftebuurner.xyz
gitlab.gitlab.git.enter.firslhorlzom.com
gitlab.gitlab.git.firslhorlzom.com
gitlab.gitlab.git.git.app.msl-afteburner.com
gitlab.gitlab.git.git.blog.msl-aftebuurner.xyz
gitlab.gitlab.git.git.git.app.msl-afteburner.com
gitlab.gitlab.git.git.git.b2b.msi-afteburner.com
gitlab.gitlab.git.git.git.blog.msslafteburner.link
gitlab.gitlab.git.git.git.git.b2b.msi-afteburner.com
gitlab.gitlab.git.git.gitlab.gitlab.sitemap.robimhod.com
gitlab.gitlab.git.git.m.msl-afteburner.com
gitlab.gitlab.git.git.mail.msl-aftebuurner.xyz
gitlab.gitlab.git.gitlab.app.msl-afteburner.com
gitlab.gitlab.git.gitlab.git.app.msl-afteburner.com
gitlab.gitlab.git.gitlab.git.blog.msl-aftebuurner.xyz
gitlab.gitlab.git.gitlab.git.git.blog.msl-aftebuurner.xyz
gitlab.gitlab.git.gitlab.git.git.blog.msslafteburner.link
gitlab.gitlab.git.gitlab.git.wp.msl-afteburner.com
gitlab.gitlab.git.gitlab.gitlab.blog.hostmaster.gethonestseo.com
gitlab.gitlab.git.gitlab.gitlab.blog.msl-aftebuurner.xyz
gitlab.gitlab.git.gitlab.gitlab.gitlab.b2b.msl-afteburner.com
gitlab.gitlab.git.gitlab.sitemaps.robimhod.com
gitlab.gitlab.git.gitlab.wp.msl-afteburner.com
gitlab.gitlab.git.m.msl-afteburner.com
gitlab.gitlab.git.sitemaps.msl-afteburner.link
gitlab.gitlab.git.sitemaps.robimhod.com
gitlab.gitlab.git.wp.msl-afteburner.com
gitlab.gitlab.gitlab.b2b.msl-afteburner.com
gitlab.gitlab.gitlab.blog.hostmaster.gethonestseo.com
gitlab.gitlab.gitlab.blog.msl-aftebuurner.xyz
gitlab.gitlab.gitlab.blog.msslafteburner.link
gitlab.gitlab.gitlab.enter.msl-afteburner.com
gitlab.gitlab.gitlab.git.app.msl-afteburner.com
gitlab.gitlab.gitlab.git.b2b.msi-afteburner.com
gitlab.gitlab.gitlab.git.blog.hostmaster.gethonestseo.com
gitlab.gitlab.gitlab.git.blog.msl-aftebuurner.xyz
gitlab.gitlab.gitlab.git.firslhorlzom.com
gitlab.gitlab.gitlab.git.git.blog.msl-aftebuurner.xyz
gitlab.gitlab.gitlab.git.sitemaps.msl-afteburner.link
gitlab.gitlab.gitlab.git.sitemaps.robimhod.com
gitlab.gitlab.gitlab.gitlab.b2b.msl-afteburner.com
gitlab.gitlab.gitlab.gitlab.blog.msl-aftebuurner.xyz
gitlab.gitlab.gitlab.gitlab.blog.msslafteburner.link
gitlab.gitlab.gitlab.gitlab.git.app.msl-afteburner.com
gitlab.gitlab.gitlab.gitlab.git.sitemaps.robimhod.com
gitlab.gitlab.gitlab.gitlab.gitlab.b2b.msl-afteburner.com
gitlab.gitlab.gitlab.gitlab.gitlab.blog.msslafteburner.link
gitlab.gitlab.gitlab.gitlab.gitlab.gitlab.b2b.msl-afteburner.com
gitlab.gitlab.gitlab.gitlab.gitlab.sitemap.pipeliningutah.com
gitlab.gitlab.gitlab.gitlab.gitlab.wp.firslhorlzom.com
gitlab.gitlab.gitlab.gitlab.shop.msslafteburner.link
gitlab.gitlab.gitlab.gitlab.sitemap.robimhod.com
gitlab.gitlab.gitlab.gitlab.wp.firslhorlzom.com
gitlab.gitlab.gitlab.m.msl-afteburner.com
gitlab.gitlab.gitlab.old.firslhorlzom.com
gitlab.gitlab.gitlab.shop.msslafteburner.link
gitlab.gitlab.gitlab.sitemap.robimhod.com
gitlab.gitlab.gitlab.wp.firslhorlzom.com
gitlab.gitlab.gitlab.wp.msi-afteburner.com
gitlab.gitlab.gitlab.wp.msl-afteburner.com
gitlab.gitlab.m.msl-afteburner.com
gitlab.gitlab.old.firslhorlzom.com
gitlab.gitlab.old.msl-afteburner.link
gitlab.gitlab.shop.msi-afteburner.com
gitlab.gitlab.shop.msslafteburner.link
gitlab.gitlab.sitemap.robimhod.com
gitlab.gitlab.sitemaps.msl-afteburner.link
gitlab.gitlab.test.msl-afteburner.link
gitlab.gitlab.wordpress.msl-afteburner.com
gitlab.gitlab.wordpress.msslafteburner.link
gitlab.gitlab.wp.firslhorlzom.com
gitlab.gitlab.wp.msi-afteburner.com
gitlab.gitlab.wp.msl-afteburner.com
gitlab.m.msl-afteburner.com
gitlab.msl-afteburner.com
gitlab.old.firslhorlzom.com
gitlab.old.msl-afteburner.link
gitlab.shop.firslhorlzom.com
gitlab.shop.msi-afteburner.com
gitlab.shop.msl-afteburner.link
gitlab.shop.msslafteburner.link
gitlab.sitemap.msl-afteburner.link
gitlab.sitemap.robimhod.com
gitlab.sitemaps.msl-afteburner.link
gitlab.sitemaps.robimhod.com
gitlab.test.msi-afteburner.com
gitlab.test.msl-afteburner.link
gitlab.wordpress.msl-afteburner.com
gitlab.wordpress.msslafteburner.link
gitlab.wp.firslhorlzom.com
gitlab.wp.msi-afteburner.com
gitlab.wp.msl-afteburner.com
hostmaster.bookinfirst.com
hostmaster.gethonestseo.com
hostmaster.megaobjects.com
lime.msl-aftebuurner.xyz
lime.robimhod.com
m.msi-afteburner.com
m.msl-afteburner.com
m.msl-aftebuurner.xyz
mail.megaobjects.com
mail.msl-aftebuurner.xyz
msl-afterbarnur.gethonestseo.com
noteany.com
old.firslhorlzom.com
old.gethonestseo.com
old.msl-afteburner.link
old.msslafteburner.link
ruletka-na-dengi-onlayn.caldairou-bessette.com
shop.bookinfirst.com
shop.firslhorlzom.com
shop.msi-afteburner.com
shop.msl-afteburner.com
shop.msl-afteburner.link
shop.msslafteburner.link
sitemap.firslhorlzom.com
sitemap.msi-afteburner.com
sitemap.msl-afteburner.link
sitemap.msslafteburner.link
sitemap.robimhod.com
sitemaps.msi-afteburner.com
sitemaps.msl-afteburner.link
sitemaps.robimhod.com
speedycrm.msl-aftebuurner.xyz
speedycrm.robimhod.com
test.bookinfirst.com
test.gethonestseo.com
test.msi-afteburner.com
test.msl-afteburner.link
test.msl-aftebuurner.xyz
test.msslafteburner.link
test.robimhod.com
wordpress.firslhorlzom.com
wordpress.msi-afteburner.com
wordpress.msl-afteburner.com
wordpress.msl-afteburner.link
wordpress.msslafteburner.link
wp.bookinfirst.com
wp.firslhorlzom.com
wp.msi-afteburner.com
wp.msl-afteburner.com
wp.msl-afteburner.link
wp.msl-aftebuurner.xyz
wp.msslafteburner.link
wp.robimhod.com
zksyncio.xyz
zoomdowndesktop.store

# Reference: https://twitter.com/ULTRAFRAUD/status/1617185995526443008
# Reference: https://twitter.com/ULTRAFRAUD/status/1617918997156229120
# Reference: https://www.virustotal.com/gui/ip-address/185.163.204.10/relations

http://5.75.149.127
download-davinci.duckdns.org
download-davinci17.duckdns.org
download-obsstudio.duckdns.org
download-sqlite.duckdns.org

# Reference: https://twitter.com/Artilllerie/status/1617490471470903296

malwarebytes-premium.com

# Reference: https://twitter.com/tosscoinwitcher/status/1617588555995574274
# Reference: https://www.virustotal.com/gui/ip-address/191.101.13.129/relations

anydeskcloud.tech

# Reference: https://twitter.com/malwrhunterteam/status/1617618773045018625
# Reference: https://twitter.com/tosscoinwitcher/status/1617623026157383680
# Reference: https://tria.ge/230123-zchf4sfc94/behavioral2

http://65.109.210.114
nvidladrlvers.top
nvldia-graphics.online
safe.nvidladrlvers.top

# Reference: https://twitter.com/malwrhunterteam/status/1617961361593749505
# Reference: https://www.virustotal.com/gui/ip-address/172.67.138.234/relations

nvidia-graphics.top

# Reference: https://twitter.com/Gi7w0rm/status/1618185842899705856
# Reference: https://www.team-cymru.com/post/darth-vidar-the-dark-side-of-evolving-threat-infrastructure

my-odin.com
my-vidar.com
my-vidar.net
new.my-odin.com
old.my-vidar.net
new.my-vidar.net

# Reference: https://twitter.com/Malwar3Ninja/status/1618279742041640960
# Reference: https://www.virustotal.com/gui/ip-address/186.2.171.7/relations

audacityu.org
belunder.org
blenderlo.org
downleoad.com
rufuse.org
tradingview-ger.org
tradingview-get.org

# Reference: https://www.virustotal.com/gui/ip-address/172.67.163.176/relations

trebingview.com

# Reference: https://twitter.com/StopMalvertisin/status/1618253036018892801
# Reference: https://www.virustotal.com/gui/ip-address/104.21.24.164/relations

tendencyquicksand.xyz
tradingview-usa.club
traidstok.website

# Reference: https://twitter.com/malwrhunterteam/status/1618362802552573953

geforce-official.online
geforce-official.site
nvidia-drive3.site

# Reference: https://twitter.com/malwrhunterteam/status/1618735590870228995

geforse-drlvers.site

# Reference: https://twitter.com/irfan_eternal/status/1618260845343178754
# Reference: https://app.any.run/tasks/f0414d59-0ea3-4d8a-a6d8-724cdacd8b42/

http://95.217.16.127

# Reference: https://twitter.com/idclickthat/status/1620465213589049345
# Reference: https://tria.ge/230131-tzkbbsha89

http://116.203.6.107
http://135.181.41.147

# Reference: https://twitter.com/x3ph1/status/1623011203005001749
# Reference: https://www.virustotal.com/gui/file/0c2229f5d5bd61fd8ac9cec0cb4da07f733ac3ae007d8b2b7da3376c047102dd/detection

http://49.12.239.21
http://65.109.168.191
http://65.109.7.48
http://95.217.240.157

# Reference: https://threatfox.abuse.ch/browse/tag/vidar (# up-to 10th Feb 2023)

http://116.202.181.160
http://116.203.1.203
http://116.203.9.69
http://135.181.203.71
http://135.181.43.158
http://142.132.228.93
http://157.90.148.112
http://167.235.246.125
http://168.119.236.82
http://195.201.254.227
http://49.12.79.235
http://5.182.37.147
http://65.108.249.43
http://65.109.136.136
http://65.109.168.175
http://78.47.216.96
http://88.198.152.171
http://88.198.95.89
http://94.130.75.1
http://95.217.240.133
http://95.217.246.37
activatorshome.com
anydesktop.tech
bigcracks.com
crack11.com
crackbye.com
cracked1.com
cracked4pc.com
crackedplugs.net
crackfair.com
crackgive.com
crackleft.com
crackmix.com
crackmypc.com
crackport.com
crackpull.com
crackright.com
cracksaw.com
cracksend.com
cracksir.com
freecrackapp.com
fullkeygens.com
getfreecracks.com
getmecrack.com
hitpcsoft.com
hotpcsoft.com
incracks.com
justsofts.com
keygenbro.com
keygenhere.com
keyslog.com
licenseapps.com
licensedaily.com
licensehd.com
licenselive.com
nvldladriver.com
pc-crack.com
pcsoftnew.com
playcrack.com
plug-cracked.com
plug-torrent.com
plug-torrents.com
plugin-torrents.com
pluginstorrents.com
powercrack.com
rrvldladrlwers.top
serialkeygens.com
softsnew.com
starcrack.net
team-viewer.monashenki.com
topcrackpatch.com
up2pc.com
up4crack.com
upcracks.com
vcracks.com
vipcracks.com
vstcrackx.com
win-crack.com
windowcrack.com
windowsbay.com
windowsroom.com

# Reference: https://www.virustotal.com/gui/file/7858bffea20cffd024d5132442c44feb6f6c68b3e0b60fc3622d83ddd2793923/detection

hugersi.com

# Reference: https://twitter.com/TrackerC2Bot/status/1618226763519197184

drampik.com

# Reference: https://www.virustotal.com/gui/file/012498bb79e5b2914abac4b8343510a8cd180a92d11ec087f66dfd87a202f41c/detection

propanla.com

# Reference: https://twitter.com/TrackerC2Bot/status/1615056181587808276

http://45.12.253.56
http://45.12.253.72
http://45.12.253.75
http://45.12.253.98

# Reference: https://www.virustotal.com/gui/file/001997f3e75c1e0e3857f79186bfc2af22a043a2e3bd9b640a22b9f59dbc9149/detection

http://116.203.245.137
abgtt.com

# Reference: https://www.virustotal.com/gui/file/02214be7a1ec20e21ab4209575618bb2a5090f15b53c4aaaac9490634d6aa48b/detection

http://159.69.203.58

# Reference: https://www.virustotal.com/gui/file/32cf0e4532d6617a76a22f45edfe5d10ecbaf10040cedffdb2cea5126b6ff053/detection

http://116.203.127.162

# Reference: https://twitter.com/TrackerC2Bot/status/1623039112298090496

http://109.230.199.110
http://170.130.165.60
http://176.10.111.164
http://176.10.119.209
http://176.10.119.217
http://176.10.125.84
http://185.158.248.100
http://185.90.162.33
http://194.76.225.88
http://37.10.71.114
http://45.11.183.24
http://79.132.130.73
http://79.132.130.76
http://79.132.133.128
http://79.132.134.158
http://91.242.219.235
http://91.242.219.237

# Reference: https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign#the-phish

http://195.201.44.125
http://23.88.36.149
http://95.216.164.28

# Reference: https://github.com/SEKOIA-IO/Community/blob/main/IOCs/stealc/stealc_iocs_20230220.csv

http://146.70.161.51
http://162.0.238.10
http://167.235.62.105
http://176.124.192.200
http://179.43.162.89
http://179.43.162.94
http://185.130.46.214
http://185.143.223.136
http://185.242.87.149
http://185.247.184.7
http://185.5.248.95
http://194.4.51.160
http://194.87.31.146
http://195.74.86.37
http://23.88.116.117
http://37.120.238.190
http://37.220.87.65
http://45.136.49.247
http://45.136.50.69
http://45.136.51.61
http://45.144.29.176
http://45.87.153.50
http://5.75.138.201
http://65.109.3.34
http://77.246.156.93
http://84.246.85.80
http://85.239.54.29
http://91.215.85.188
http://91.228.225.46
http://94.131.99.185
http://94.142.138.11
http://94.142.138.48
http://95.216.112.83
http://95.217.143.99
666palm.com
777palm.com
aa-cj.com
fff-ttt.com
moneylandry.com
start-not.com

# Reference: https://www.virustotal.com/gui/file/28f8308941a1e87dfe3130238669ac16af3150aa2e284a1ba07eeb10ecbce17e/detection

http://91.215.85.213

# Reference: https://twitter.com/idclickthat/status/1628819842496188417

http://116.202.181.154
http://78.47.226.24
http://89.40.14.155
panelco.su

# Reference: https://tria.ge/230222-yxyhdsfb6z/behavioral2

http://167.235.249.225
bbc-s.news

# Reference: https://www.virustotal.com/gui/ip-address/141.8.192.169/relations

notepadt-plus-pluss.com

# Reference: https://twitter.com/crep1x/status/1630193006446870530

http://157.90.113.100
http://167.235.226.106
http://65.109.9.93

# Reference: https://twitter.com/Artilllerie/status/1630985137319018510

blenderfoundation.site

# Reference: https://twitter.com/crep1x/status/1630992258584518656

systemupdate-microsoft.top

# Reference: https://twitter.com/wwp96/status/1631777007259496449
# Reference: https://app.any.run/tasks/37a143c6-630d-4417-a3d2-f1437aa6346a/

http://81.240.108.170

# Reference: https://medium.com/s2wblog/lumma-stealer-targets-youtubers-via-spear-phishing-email-ade740d486f7
# Reference: https://otx.alienvault.com/pulse/63ff9979b5c3b385741f5737

http://195.123.226.167
http://45.9.74.78

# Reference: https://twitter.com/ULTRAFRAUD/status/1632479744972267520

download-discord.top

# Reference: https://twitter.com/Artilllerie/status/1633836712584712196
# Reference: https://www.virustotal.com/gui/file/4310c4b30bc9b398ae2259d30b79e784e4e674caafca7a75f962bb0085474e1a/detection

http://65.109.12.165
http://95.216.183.16
ccleanersetup.com

# Reference: https://www.virustotal.com/gui/file/903ff55224c1ec533bc09336407a5ab211e29c93d49eddb2bfa28ae60c02e1e7/detection

http://85.31.45.100

# Reference: https://twitter.com/DonPasci/status/1635991291560435714

putty.sbs

# Reference: https://twitter.com/Artilllerie/status/1638563848792752129

http://82.117.255.80
afterburnermsi.info

# Reference: https://www.virustotal.com/gui/file/a2c9201bae028ac3ec48f5fa2fd5df4d2a387052713e79aa54eedd603d818b99/detection

http://116.202.183.154

# Reference: https://twitter.com/0xToxin/status/1640013648725680128
# Reference: https://tria.ge/230326-sncxfagh98/behavioral2

app4j.org

# Reference: https://www.virustotal.com/gui/file/13a0b3e462a014b605489df82b082618b64d7292140bbfdbb7b58e683cb80b3b/detection

http://159.69.103.216

# Reference: https://twitter.com/crep1x/status/1640464556173705217

http://116.203.10.236
dumepad.com
hurimis.com
kisomer.com
metersik.com
nuktose.com
nviktus.com
onmepdum.com
opriky.com
poomcis.com
vikolin.com
viulinik.com

# Reference: https://twitter.com/GuardYourDomain/status/1643263801301532674

nordvpncloud.com

# Reference: https://www.virustotal.com/gui/file/19446bdf86ecbc053df4e6c222d2bc1ac3b926638895ec1068c0557f2daa4837/detection

http://212.113.116.213
http://179.43.155.207

# Reference: https://twitter.com/ULTRAFRAUD/status/1646259248119140355

trading-view-download.alibuilderusa.com

# Reference: https://twitter.com/powershellcode/status/1646277775031144448
# Reference: https://www.virustotal.com/gui/file/060bb41b14196768ac984a1bb76d80cb59ec7a157fcbd4c0538a37f11047446e/detection

http://195.201.251.197

# Reference: https://twitter.com/robemtnez/status/1620478415244754944

notepadplusplus.site
download-notepad-plus-plus.duckdns.org

# Reference: https://twitter.com/malwrhunterteam/status/1646609191568658458
# Reference: https://www.virustotal.com/gui/file/6fdfb56033dd92edfde1461cab42042d38ce43b8f2cb75872e7435e62ed744ca/detection

http://31.41.244.251

# Reference: https://www.quorumcyber.com/wp-content/uploads/2023/01/Malware-Analysis-Vidar.pdf

msconfig.noip.me

# Reference: https://tria.ge/230404-2l3vhsae34/behavioral2

vooip5884.ddns.net
/YUHI87PJM.php

# Reference: https://www.virustotal.com/gui/file/e89e9d32d5142ccaa36ec5b215c5493786a90af78b29f4ad20ee05d276b26edb/detection

http://45.80.69.193
/glazomer/payload
/manager/payload

# Reference: https://www.virustotal.com/gui/file/0ae89ff0f8f57e30516f60a3a73d7bf3c0199b92031c933a8300f3f5663430f1/detection

http://193.42.32.154

# Reference: https://twitter.com/crep1x/status/1648063048815464480

http://45.159.248.242

# Reference: https://www.virustotal.com/gui/file/02de7dc70bed64b07d9556aed181e3d8ee811f86736684f69f3973e7e8fef104/detection

http://116.202.6.237

# Reference: https://www.virustotal.com/gui/file/5e16d11733b3516e3efc69145980eae528a987ae7d46819dfb8e8328a6d876ec/detection

http://195.201.44.70

# Reference: https://www.virustotal.com/gui/file/54b988703926e5d730271adf35e27d5a51a2a1eabd392dcafc4e85f8accb5e3f/detection

asianspades.com

# Reference: https://www.virustotal.com/gui/file/061170f26cd5572bd80552df4a346244c55de6f5b2afe55476ab343647db57e6/detection

prohomedevs.com

# Reference: https://www.virustotal.com/gui/file/ccb65cdcc68b20e736bc4f09b6b34a6d7ed3330f5bfb56245d2c598fa020317b/detection

http://104.156.149.33
http://46.151.26.234

# Reference: https://twitter.com/crep1x/status/1650555642900361223

http://116.203.15.24
http://116.203.240.51
http://116.203.7.73
http://95.217.246.227
116.203.2.149:11111
116.203.220.83:11111

# Reference: https://twitter.com/ULTRAFRAUD/status/1651684332296106004

http://91.215.85.198
116.203.6.40:131
cyberghostvpn.live

# Reference: https://twitter.com/g0njxa/status/1652034044299714563

http://5.78.106.48

# Reference: https://www.virustotal.com/gui/file/867c574602105903116dca0a8b826e474a555980a193524d1aa7f15aecbc9ae4/detection

http://193.233.134.57

# Reference: https://www.virustotal.com/gui/file/eae4b77ea1c206dc0a5fd6c0f34d2eae940b8fd20558aadf67ae4481099db184/detection

http://65.109.225.236

# Reference: https://twitter.com/g0njxa/status/1652643842342936579

168.119.169.139:131
cheatforall.art

# Reference: https://twitter.com/idclickthat/status/1653394620750102528
# Reference: https://www.virustotal.com/gui/ip-address/212.118.55.237/relations
# Reference: https://www.virustotal.com/gui/ip-address/77.246.97.103/relations
# Reference: https://tria.ge/230502-qmp49sda61/behavioral2

91.215.85.198:22322
bestdogdaycaresoftware.com
bluevaultsoftware.net
colos-software.com
emanagesoftware.com
fortnitegm.online
ldplayer.site
ldplayer.website
omnilinksoftware.com
shoflosoftware.com
softreseller.online
softwarebeginner.com
sublime-text.pw
sublumetext.online

# Reference: https://twitter.com/g0njxa/status/1654129493655846919

freeforall.blog

# Reference: https://twitter.com/g0njxa/status/1656016314694004736
# Reference: https://app.any.run/tasks/c4341419-3e31-433b-978d-4b06b6a12b92/

http://5.75.128.76
buyivermectinforsale.com
utils-world.site

# Reference: https://twitter.com/g0njxa/status/1657750839048413185
# Reference: https://www.virustotal.com/gui/file/0c31938a4ae468dbfe9ee5c2d3d6cd8e79ce2d64e28e9fbe4d5271c0b0bcdbdf/detection

116.202.1.79:9100
softwave.cc

# Reference: https://www.virustotal.com/gui/file/3d2fe825ec28a455c83711a7f1f696500180b8f90e42ba084623ec7fc7ddbc86/detection

http://128.140.94.214
scr3.365tv.ma
scr5.365tv.ma

# Reference: https://www.virustotal.com/gui/file/1e42d63ed11929379e5739414c944bc755fb2e212eb475777de4a7e0ef54c517/detection

167.235.199.208:8333

# Reference: https://twitter.com/g0njxa/status/1662432191249281025

http://185.99.133.229
firstsoftapp.com
smalltalkit.com
stablever.store

# Reference: https://twitter.com/DonPasci/status/1663193292555661313
# Reference: https://tria.ge/230529-rphzeacb85/behavioral1#report
# Reference: https://www.virustotal.com/gui/ip-address/148.163.92.27/relations
# Reference: https://www.virustotal.com/gui/file/83abf60f7eb7656fa3671ad754fced48d6e8f732f44faaf805343e3dbdab5393/detection

avolina.co
download-canva.com
download-capcut.com
download-capcut.online
download-skylum.com
download-videofacebook.online
downloads-anydeks.com
downloadsdesktop.com
notepads-plus.com

# Reference: https://twitter.com/g0njxa/status/1665833355831660547
# Reference: https://www.virustotal.com/gui/file/034b56e83a37e3120a001596342a68aa99747d9a184ade42eb88cd39e2472543/detection

http://65.21.240.228
116.202.4.61:490
boraflow.click

# Reference: https://www.virustotal.com/gui/file/2d2211d9266e7080e6e12d150829935a3f0794e4d499199f9c7480de02b458d7/detection

http://179.43.142.99

# Reference: https://www.virustotal.com/gui/file/29edb23e89b1512a4c044133cbafc863eb2710f8d8d3828ee0583cd1c528da60/detection

5.75.213.157:490

# Reference: https://cert-agid.gov.it/wp-content/uploads/2023/07/vidar_05-07-2023.json

http://116.202.176.70
http://116.203.14.106
195.123.218.236:8080
5.75.208.184:27016

# Reference: https://www.virustotal.com/gui/file/06a279f25d37992d3c85c3c294c9aa9013c11bb6048bdff3206724b87d41f7c0/detection

5.75.208.196:27015

# Reference: https://www.virustotal.com/gui/file/29dd4e665950e1a7dfa9dc73954b2ae77e87f383215db64584d39eaa7601e787/detection

5.75.209.44:13370

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2023-07-23)

http://116.203.15.76
http://116.203.164.141
http://116.203.165.219
http://116.203.166.104
http://116.203.166.131
http://116.203.166.22
http://116.203.167.3
http://121.127.33.76
http://128.140.10.42
http://128.140.35.86
http://128.140.41.121
http://128.140.88.54
http://135.181.109.100
http://135.181.32.61
http://135.181.46.141
http://142.132.230.215
http://159.69.250.177
http://162.55.169.178
http://162.55.53.95
http://167.235.75.183
http://167.235.75.60
http://168.119.178.159
http://168.119.55.206
http://172.86.77.42
http://179.43.142.251
http://193.106.175.116
http://193.27.90.10
http://193.27.90.10/
http://193.27.90.104
http://194.87.31.199
http://195.201.234.139
http://195.201.251.46
http://195.201.253.168
http://195.201.44.70/
http://195.201.45.110
http://217.196.96.187
http://23.88.46.113
http://37.27.0.69
http://37.27.6.23
http://45.136.49.229
http://45.86.86.144
http://49.13.59.137
http://49.13.9.29
http://5.42.87.152
http://5.75.142.250
http://5.75.152.241
http://5.75.188.254
http://5.75.210.95
http://5.75.213.23
http://5.75.240.14
http://77.91.78.175
http://78.47.195.134
http://79.137.148.125
http://79.137.199.241
http://79.137.248.125
http://79.137.248.55
http://80.85.241.165
http://88.99.87.20
http://91.107.209.224
http://94.130.148.34
http://94.130.56.27
http://94.142.138.228
http://95.216.221.102
116.202.3.149:3306
116.202.5.112:27015
116.202.5.168:11022
116.202.6.52:27016
116.202.7.239:30303
128.140.84.26:3306
128.140.92.122:8081
142.132.183.252:22022
162.55.169.178:11022
167.235.204.174:27016
167.235.207.108:490
168.119.51.197:13370
188.34.154.187:30303
49.12.115.154:8333
49.13.50.61:27015
5.75.188.254:3306
5.75.209.169:11022
5.75.209.76:3306
5.75.211.155:8081
5.75.211.167:8081
5.75.213.102:22022
78.47.123.243:13370
78.47.228.71:22022
78.47.34.59:30303
fever2new.top
log5ny.top
new2bs.top
new2pnev.top
newr2bb.top
newv2up.top
ny2new.top
ny2pnews.top
p2newer.top
pan2.top
pn2nnev.top
sb2pnew.top

# Reference: https://twitter.com/Jane_0sint/status/1684500500430086144
# Reference: https://twitter.com/naumovax/status/1684893815272853504
# Reference: https://app.any.run/tasks/2e1fdb67-78fe-4d1e-a699-22a2c74faa8d/
# Reference: https://app.any.run/tasks/7072c560-bec2-4eb7-bd49-740f344aedfc/

94.142.138.119:45245
194.50.153.158:45243
systemcontrolmanage.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2023-07-28)

http://116.202.188.78
http://116.203.6.40:131
http://135.148.113.181
http://79.137.206.122
http://83.97.79.248
5.75.211.220:12771
5.75.214.16:12771

# Reference: https://threatfox.abuse.ch/browse/malware/win.stealc/ (# 2023-07-31)

http://152.89.198.34
http://159.69.83.200
http://167.235.136.41
http://172.86.70.117
http://172.86.77.102
http://185.161.248.78
http://185.209.161.53
http://185.244.48.81
http://185.254.37.234
http://194.50.153.181
http://194.50.153.23
http://194.59.31.66
http://194.59.31.67
http://195.2.84.205
http://212.118.43.207
http://23.184.48.114
http://45.12.253.67
http://45.15.157.135
http://45.15.159.188
http://45.150.65.128
http://46.29.234.95
http://5.42.64.28
http://5.75.240.249
http://5.78.104.95
http://62.113.115.22
http://65.21.118.113
http://65.21.150.74
http://65.21.87.125
http://77.105.146.152
http://77.91.123.99
http://79.137.202.62
http://79.137.206.248
http://91.103.252.12
http://91.103.252.143
http://91.103.252.28
http://91.103.252.32
http://91.212.166.50
http://95.214.25.241
http://95.217.102.100
adriaenclaeys.top
blogvpnreserch.com
bubbloityu.xyz
nwstats3.site
pretzelsget.top
reserchvpn.com
rewe-coupouns.com
sertateweliser.store
unlikeget.top
weak-sar.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2023-07-31)

http://78.47.122.222
49.13.60.242:12771

# Reference: https://www.virustotal.com/gui/ip-address/45.159.248.244/relations

rar-uploads.top
rare-upload.top
rars-upload.top
rarz-upload.top
updownloadrar.top
updownloadware.top
upsoft-rar.top

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2023-08-02)

http://77.73.131.100
http://77.91.97.18
http://94.131.101.77
http://95.217.241.202
http://95.217.242.246
116.203.165.166:27002
78.47.72.178:27002

# Reference: https://threatfox.abuse.ch/ioc/1148963/

http://128.140.122.28

# Reference: https://threatfox.abuse.ch/ioc/1149113/

http://65.21.187.146

# Reference: https://threatfox.abuse.ch/ioc/1149248/

195.201.251.182:27015

# Reference: https://threatfox.abuse.ch/ioc/1149250/

http://91.103.253.50

# Reference: https://threatfox.abuse.ch/ioc/1149482/

116.203.166.240:27015

# Reference: https://threatfox.abuse.ch/ioc/1149697/

159.69.198.239:27015

# Reference: https://threatfox.abuse.ch/ioc/1149864/

http://135.148.76.83

# Reference: https://www.virustotal.com/gui/file/6b2687ee65d8d51dfc255e3c9f7b0874eb5360a42e818417c3e920d25bb1b365/detection

http://45.9.74.92

# Reference: https://threatfox.abuse.ch/ioc/1150149/

94.130.190.4:8080

# Reference: https://threatfox.abuse.ch/ioc/1150409/

http://5.42.65.52

# Reference: https://threatfox.abuse.ch/ioc/1150540/

195.201.47.241:8080

# Reference: https://threatfox.abuse.ch/ioc/1150622/

http://94.228.169.55

# Reference: https://threatfox.abuse.ch/ioc/1150639/

http://81.19.137.220

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2023-08-18)

http://116.202.177.109
http://116.203.42.123
http://116.203.7.113
http://116.203.9.153
http://128.140.45.45
http://135.181.39.142
http://146.70.169.174
http://176.31.25.213
http://193.233.133.110
http://195.201.45.115
http://213.142.147.139
http://37.27.11.1
http://37.27.17.95
http://49.12.200.224
http://49.13.27.53
http://5.75.211.155
http://5.75.211.167
http://5.75.211.220
http://65.21.252.46
http://79.137.204.77
http://79.137.248.233
http://95.216.183.42
http://95.217.219.73
http://95.217.246.133
http://95.217.28.234
168.119.174.1:8080
5.75.171.168:27002

# Reference: https://www.esentire.com/blog/stealc-delivered-via-deceptive-google-sheets
# Reference: https://www.virustotal.com/gui/file/c6f9f905201196951ed12e8e09b92328aa31e4b46a01701a15607f48da9d3438/detection

http://89.208.105.162

# Reference: https://threatfox.abuse.ch/ioc/1151414/

reinroot.top

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2023-08-22)

http://95.217.243.179
http://95.217.243.71
116.203.5.218:10099
195.201.249.225:10099

# Reference: https://www.virustotal.com/gui/file/34a0f848bbcf609398fbffbc14a3b070f6e5c15c4987785c29db8de7d46f9bd6/detection

http://91.107.224.80

# Reference: https://www.virustotal.com/gui/ip-address/195.58.51.86/relations
# Reference: https://www.virustotal.com/gui/file/efe76e209a9575bc73aa11a6c35be706087fdc696645821c5959a4f445540e3d/detection
# Reference: https://www.virustotal.com/gui/file/3a0540a3db9219f4f54fe07ce1777f8c1087b5ed126e5a404935a925e367593c/detection

andrewjohnson.top
davidlewis.top

# Reference: https://twitter.com/Cyber0verload/status/1694947702360952852
# Reference: https://twitter.com/Cyber0verload/status/1694948025045540865

anyget.top
arthurmaes.top
bernhardtroost.top
bobstayget.top
carlestrada.top
charlesjones.top
davidharris.top
frankjackson.top
getbehavior.top
getburritos.top
geteatable.top
getfink.top
getgym.top
getindication.top
getnoon.top
getspeak.top
jamesperez.top
jeffmorales.top
jerrysmith.top
joelhammond.top
joscramp.top
kennethpeters.top
larsvanderwal.top
marijnricken.top
metacarpusget.top
michaeljohnson.top
michealjohnson.top
normanhoffman.top
pickledget.top
publisherget.top
ralphkors.top
robertelliott.top
ronaldlitt.top
sjoerdstolen.top
weighget.top
widowget.top
williecampbell.top

# Reference: https://threatfox.abuse.ch/ioc/1152217/

http://91.103.252.212

# Reference: https://threatfox.abuse.ch/ioc/1152264/

128.140.47.150:10099

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2023-08-30)

http://135.148.113.144
http://135.181.198.32
http://45.138.74.114
http://5.42.76.165
http://79.137.206.192
http://179.43.155.204
http://179.43.162.75
http://195.201.254.123
http://94.228.170.65
http://95.216.183.69
116.203.6.169:6012
195.201.254.123:6012

# Reference: https://www.virustotal.com/gui/file/45611c3bf02c81345c89c858b0e6a97677cd654af0e76742118da4786d63805c/detection

http://45.15.157.6
http://89.23.96.203

# Reference: https://www.virustotal.com/gui/file/e873eddaa1059da8dde9c190061637183f4169876ff9fcb21e1f1a13754f4c20/detection

scapitg.live

# Reference: https://threatfox.abuse.ch/ioc/1152871/

http://45.147.197.114

# Reference: https://threatfox.abuse.ch/ioc/1153450/

http://91.103.252.242

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2023-09-04)

http://65.109.229.201
116.203.75.210:6012

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2023-09-05)

http://195.201.248.117
http://5.42.76.5
http://5.42.79.33
http://80.85.241.108
5.75.209.196:9000

# Reference: https://threatfox.abuse.ch/ioc/1155383/

http://77.105.146.175

# Reference: https://threatfox.abuse.ch/ioc/1155409/

http://116.203.15.252

# Reference: https://threatfox.abuse.ch/ioc/1155407/

78.47.49.22:9000

# Reference: https://threatfox.abuse.ch/ioc/1155481/

http://5.161.188.133

# Reference: https://threatfox.abuse.ch/ioc/1155778/

http://217.196.96.228

# Reference: https://threatfox.abuse.ch/ioc/1155798/

http://45.147.197.249

# Reference: https://urlhaus.abuse.ch/browse/tag/Stealc/

http://104.245.33.157
http://116.203.125.44
http://128.140.91.217
http://141.98.6.54
http://162.55.212.236
http://162.55.215.42
http://178.20.41.96
http://179.43.155.203
http://179.43.162.125
http://185.119.196.167
http://193.109.85.62
http://193.42.32.206
http://194.120.116.120
http://194.87.45.68
http://212.113.106.72
http://212.86.109.106
http://23.227.202.68
http://23.88.122.134
http://45.61.137.151
http://45.87.154.30
http://45.95.233.60
http://5.255.125.41
http://5.42.66.25
http://5.42.66.3
http://5.75.155.1
http://5.75.232.223
http://5.78.100.243
http://5.78.104.48
http://64.52.80.24
http://65.108.20.233
http://65.109.2.12
http://77.105.146.130
http://77.91.124.231
http://77.91.68.238
http://77.91.78.245
http://77.91.84.172
http://77.91.84.41
http://79.137.203.144
http://80.66.79.48
http://80.85.241.225
http://80.85.241.84
http://80.94.95.137
http://81.19.137.198
http://82.117.255.211
http://85.192.41.196
http://88.119.168.142
http://91.107.196.27
http://91.107.224.54
http://94.131.104.50
http://94.142.138.240
http://94.142.138.41
http://95.217.124.180
http://95.217.232.10
agsnv.com
akkolsizidinliyor.com
amanext.com
davidharris.online
givesc.link
givesd.link
h167991.srv21.test-hf.su
h170420.srv22.test-hf.su
h170578.srv22.test-hf.su
i-mode.xyz
industrias-lopez.com
inst-hh.com
jerrysmith.online
justi.su
matthewdavis.link
ndtech.in
oof00.com
projectbewailed.com
rrawdha.com
salutass.com
stablewin32.app
xn----8sbkbfthkmkkzmo6dvh.xn--p1ai
zellewallet.site

# Reference: https://twitter.com/JAMESWT_MHT/status/1700730417731485794
# Reference: https://tria.ge/230910-erx5wsfb37/behavioral2

168.119.191.88:9000

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2023-09-10)

http://195.201.131.165
http://89.208.103.204

# Reference: https://threatfox.abuse.ch/ioc/1162430/

http://185.244.48.191

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2023-09-11)

http://195.201.250.198
5.75.211.218:27015

# Reference: https://threatfox.abuse.ch/ioc/1163291/

criminalaffair.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2023-09-20)

http://116.203.11.147
http://116.203.7.16
http://195.201.121.147
http://78.47.79.33
128.140.120.34:27015
159.69.100.165:10088
49.13.80.90:10088
5.75.212.216:27015
78.47.74.49:10088

# Reference: https://threatfox.abuse.ch/ioc/1163464/

http://185.244.48.221

# Reference: https://threatfox.abuse.ch/ioc/1163722/

http://171.22.28.221

# Reference: https://threatfox.abuse.ch/ioc/1163833/

http://45.155.250.218

# Reference: https://threatfox.abuse.ch/ioc/1163956/

wordpress-1076759-3767880.cloudwaysapps.com

# Reference: https://threatfox.abuse.ch/ioc/1164315/

http://85.209.11.51

# Reference: https://threatfox.abuse.ch/ioc/1164326/

http://179.43.155.157

# Reference: https://threatfox.abuse.ch/ioc/1164387/

http://45.15.157.211

# Reference: https://threatfox.abuse.ch/ioc/1164581/

http://78.47.166.143

# Reference: https://threatfox.abuse.ch/ioc/1164586/

christopherantonio.top

# Reference: https://threatfox.abuse.ch/ioc/1164796/

bryanzachary.top

# Reference: https://threatfox.abuse.ch/ioc/1165532/

http://91.103.252.146

# Reference: https://threatfox.abuse.ch/ioc/1165828/

http://193.168.141.163

# Reference: https://threatfox.abuse.ch/ioc/1165857/

http://5.42.75.167

# Reference: https://threatfox.abuse.ch/ioc/1165946/

http://176.123.8.152

# Reference: https://threatfox.abuse.ch/ioc/1166214/

http://185.161.251.81

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2023-09-25)

http://116.202.182.4
http://168.119.168.251
http://79.137.198.7
http://79.137.198.72
http://91.103.253.18
5.75.215.131:1333

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/stealc/stealc_c2s_2022_to_2023.txt

http://109.206.243.134
http://116.203.9.96
http://138.201.221.118
http://152.89.198.95
http://157.90.162.130
http://172.99.189.221
http://176.113.115.26
http://179.43.142.247
http://185.225.74.249
http://193.233.134.93
http://193.233.233.195
http://193.42.32.99
http://194.180.48.244
http://195.201.2.192
http://206.188.196.196
http://37.220.87.73
http://45.12.239.76
http://45.144.28.84
http://45.147.229.23
http://45.147.231.118
http://45.66.230.37
http://5.42.64.88
http://65.108.209.36
http://65.108.210.97
http://65.108.211.9
http://65.109.159.234
http://77.91.123.112
http://77.91.97.21
http://78.47.73.116
http://79.137.203.155
http://82.115.223.203
http://89.208.103.152
http://89.23.108.122
http://89.32.41.133
http://91.103.253.2
http://94.130.170.32
http://94.142.138.83
http://95.214.27.75
http://95.216.114.207
bakbakbak.info
getgoodsa.link

# Reference: https://twitter.com/JAMESWT_MHT/status/1706932650542309590

http://89.23.98.56
89.23.98.56:445

# Reference: https://threatfox.abuse.ch/ioc/1176006/

jesseaustin.top

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2023-09-27)

116.202.2.169:1333
49.12.118.209:1333

# Reference: https://threatfox.abuse.ch/browse/malware/win.stealc/ (# 2023-09-28)

http://193.201.8.110
http://208.91.189.189

# Reference: https://www.virustotal.com/gui/file/014797cac586da92f12bea4cda0d400105e0732e1403b51d794cde02c22beeb9/detection
# Reference: https://tria.ge/210926-r8qtcsfac3/behavioral2

requestimedout.com
/xenocrates/zoroaster

# Reference: https://threatfox.abuse.ch/browse/malware/win.stealc/ (# 2023-10-03)

http://116.203.7.13
http://193.201.8.121
http://195.201.228.145
http://195.201.252.3
http://195.201.252.32
http://45.138.74.85
http://45.140.147.83
http://45.15.157.247
http://5.42.65.39
http://91.103.252.74
http://91.103.253.171
http://95.216.187.218
116.202.4.35:1333
168.119.168.251:10088
188.34.152.120:1333
5.75.216.44:27015
aidandylan.top
dominiczachary.top

# Reference: https://www.virustotal.com/gui/file/fa01ef904d819c0101560b473d5be56b326336a1bb9eb31aaad1a6db24255d24/detection

http://217.196.96.138

# Reference: https://www.virustotal.com/gui/file/3b96c89b7d40fca00018a19588be2ec3f305b2da49fd749cb0366ac5b3127027/detection

http://77.91.97.131
77.91.97.131:445

# Reference: https://twitter.com/JAMESWT_MHT/status/1709873142645113323

116.202.7.149:27015

# Reference: https://threatfox.abuse.ch/ioc/1183521/

49.13.86.44:27015

# Reference: https://twitter.com/JAMESWT_MHT/status/1711072138231189940
# Reference: https://app.any.run/tasks/7ab4c455-c7b3-4fa8-a2ed-00bbad0acb40/

http://94.228.162.50

# Reference: https://www.virustotal.com/gui/file/9e07ece83055dad67aa19c1c1c6cd6e8ad2ee14d787cce6f65daf7f6a4a58c40/detection

http://45.147.197.225
http://85.209.11.133

# Reference: https://threatfox.abuse.ch/browse/malware/win.stealc/ (# 2023-10-10)

http://116.203.167.36
http://116.203.24.34
http://116.203.55.91
http://128.140.102.206
http://142.132.186.212
http://168.119.115.218
http://194.169.175.126
http://217.196.96.16
http://49.12.118.149
http://5.42.6.7
http://77.83.92.234
http://77.91.97.146
http://78.47.20.171
http://89.23.98.151
http://91.212.166.95
http://94.130.186.149
88.99.122.198:8000
94.130.189.55:7070
devinjason.top
elijahdiego.top
henryjackson.icu
howardwood.top
kevinrobinson.top
matthewsamuel.top
williammoore.top
wyattsebastian.top

# Reference: https://twitter.com/JAMESWT_MHT/status/1712065662980391334
# Reference: https://app.any.run/tasks/59b5cf5d-cf5f-4a64-8cbd-38bc9fca7c90/

49.12.118.151:8000

# Reference: https://threatfox.abuse.ch/ioc/1188714/

168.119.243.238:8000

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/stealc/stealc_c2s_2023_10_16.txt

http://109.107.182.248
http://116.202.102.6
http://116.203.73.136
http://185.221.196.69
http://193.201.8.123
http://193.233.255.102
http://194.87.71.138
http://49.12.116.189
http://5.75.212.77
http://78.47.219.84
http://91.103.252.11
http://91.103.253.170
116.203.10.96:3306
128.140.102.206:8000
5.75.188.83:3306
78.47.66.147:3306
bidbur.com
tetromask.site

# Reference: https://twitter.com/fr0s7_/status/1714576609527656637
# Reference: https://www.virustotal.com/gui/file/b7980abb0fbb1e27c9dfd24f2d36891986e3325b2596fff09baa3904830eac0c/detection

116.203.14.160:7070

# Reference: https://threatfox.abuse.ch/ioc/1191453/

128.140.96.230:7070

# Reference: https://threatfox.abuse.ch/ioc/1191487/

http://193.233.232.98

# Reference: https://twitter.com/g0njxa/status/1718343906406854907

asdfsdf32r235sdfsdfsdf.top

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2023-10-31)

http://142.132.204.231
http://157.90.152.131
http://195.201.255.168
http://23.88.45.254
http://5.75.208.206
http://5.75.209.4
http://89.38.135.11
http://91.215.85.189
116.202.182.32:2083
195.201.249.33:2083
195.201.34.151:2083
jaimemcgee.top
raymonddixon.icu
robertjohnson.top

# Reference: https://threatfox.abuse.ch/ioc/1197789/

jameskelly.top

# Reference: https://threatfox.abuse.ch/ioc/1197906/

ronaldrichards.icu

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2023-11-06)

http://116.203.165.60
http://116.203.6.243
http://128.140.84.205
http://195.201.44.59
http://5.75.246.16
http://5.75.246.163
http://78.47.151.182
116.203.165.60:2087
116.203.6.243:2087
195.201.251.173:2087
94.130.188.233:2087

# Reference: https://threatfox.abuse.ch/browse/malware/win.stealc/ (# 2023-11-07)
# Reference: https://app.validin.com/axon?find=193.106.175.190&type=ip

http://138.201.196.248
http://149.255.35.132
http://157.90.24.248
http://168.119.173.77
http://176.124.198.17
http://185.17.40.133
http://185.172.128.24
http://185.172.128.53
http://185.172.128.79
http://185.244.48.148
http://185.250.45.18
http://185.78.76.13
http://193.187.174.182
http://193.233.232.54
http://195.201.251.173
http://45.87.153.135
http://5.42.64.41
http://5.42.65.54
http://5.42.66.57
http://5.42.92.215
http://5.75.165.104
http://77.105.132.197
http://77.105.132.216
http://77.105.132.229
http://77.91.124.154
http://77.91.124.229
http://77.91.124.233
http://77.91.68.247
http://91.206.178.118
http://91.242.229.100
http://91.92.243.201
http://94.142.138.179
http://95.216.72.17
amotel.xyz
arnaldomondo.icu
arturogillotti.icu
bernardofata.icu
bubbebottle.xyz
danielhamerling.icu
fabianonetto.icu
finnmanninger.icu
florianhabeler.icu
giuliotoro.icu
gsggaoo.top
janmorath.icu
lazzarotata.icu
michaelcoleman.icu
paulcruz.icu
phoenixexec.icu
raphaelbischoff.icu
richardwalker.icu
severinofragola.icu
severinotursi.icu
vewver.xyz
vittoriogioia.icu

# Reference: https://app.validin.com/axon?find=37.139.129.88&type=ip
# Reference: https://app.validin.com/axon?find=45.11.27.150&type=ip
# Reference: https://www.virustotal.com/gui/file/02a8f44506f086128b18c4efb473c58406026d467f4fdcad07c5d02ffe97df47/detection

chadsullivan.top
danielisaiah.top
jackantonio.top
jamesjordan.top
jasongraves.top
jesuscolin.top
robertcook.top
roberthamilton.top

# Reference: https://www.virustotal.com/gui/ip-address/37.139.129.91/relations

bunaliber.top
musonare.top

# Reference: https://twitter.com/JAMESWT_MHT/status/1722902055524724961
# Reference: https://www.virustotal.com/gui/file/2aa3c6dd94498a7a640f8c4aef123024be8edc16d77da79f84354339aff235b3/detection

116.203.166.75:2087

# Reference: https://www.virustotal.com/gui/file/8c970d1175779ee7eae4d510450b89d5ab9ac799027ff4adb8c5e2835243ad6f/detection

5.42.64.13:3000

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2023-11-13)

http://193.233.255.11
http://5.42.92.55
116.202.189.41:443
116.203.7.211:443
128.140.72.50:443
157.90.152.131:2083
167.235.143.166:443
168.119.173.77:2087
195.201.255.35:443
49.12.119.148:443
49.13.94.153:1021
49.13.94.153:443
65.108.152.136:443
78.47.61.97:443
95.216.176.210:443
95.217.244.44:443

# Reference: https://app.validin.com/axon?find=103.212.81.157
# Reference: https://www.virustotal.com/gui/file/22224f65c07515b2f61e29f7f1a14005d0de54378aa925d9e017bb2ac26b5395/detection

cimcimcim.ac.ug
fillah.ac.ug
nickshort.ac.ug
nickshort.ug

# Reference: https://threatfox.abuse.ch/browse/malware/win.mars_stealer/

pushpointdelivery.com
twinsources.shop
alpha.twinsources.shop

# Reference: https://twitter.com/g0njxa/status/1728055751170527427
# Reference: https://app.any.run/tasks/1d50db5c-056d-4e20-af05-87515eca0c43/
# Reference: https://www.virustotal.com/gui/file/772a2cf41a5e3dedba24c844d549a9fbcb139a719c5b1602c68ff38f91062607/detection

http://185.198.57.117

# Reference: https://censys.com/tracking-vidar-infrastructure/
# Reference: https://otx.alienvault.com/pulse/6560829a84f4d4c9903e5443

http://116.202.189.41
http://116.203.10.96
http://116.203.7.211
http://131.152.90.157
http://151.34.201.195
http://167.235.143.166
http://173.251.201.195
http://189.116.12.49
http://195.20.16.45
http://195.201.34.151
http://49.12.119.148
http://49.13.94.153
http://65.108.152.136
http://78.47.61.97
http://94.130.188.233
http://95.217.244.44
avisclair.com
naxtm.cfd
join.naxtm.cfd

# Reference: https://app.any.run/tasks/f30a98fb-a904-46db-89e8-988b9bd1cdd5/

http://77.91.76.36

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2023-12-05)

http://195.201.255.35
http://5.42.66.36
http://5.42.75.166
116.202.183.33:25565
116.202.183.33:443
116.202.184.4:443
116.202.184.4:9000
116.203.15.153:443
116.203.165.60:443
116.203.184.78:443
167.235.143.166:1021
195.201.46.226:25565
195.201.46.226:443
195.201.46.42:10200
37.27.20.125:443
65.108.57.141:9000
78.47.104.201:443
94.130.188.133:443
94.130.188.133:9000
95.217.240.71:443
95.217.243.145:443
95.217.243.145:9000
95.217.30.118:443
95.217.30.118:9000
95.217.31.63:25565
95.217.31.63:443
partner-infoservice.online

# Reference: https://twitter.com/JAMESWT_MHT/status/1732630131804455189
# Reference: https://app.any.run/tasks/8e6fba28-d0bd-43aa-9ed6-1f97a4f208ff/

116.202.183.33:25565

# Reference: https://medium.com/@fofabot/analysis-and-tracing-of-the-observerstealer-f9e803694a2b

77.73.134.51:3000
77.73.134.51:3001
91.103.252.17:8912
91.215.85.38:3000

# Reference: https://www.virustotal.com/gui/file/3e9e65b139afe73c38d31ad771845526b70595725209787ce631539c776c7ee9/detection
# Reference: https://www.virustotal.com/gui/file/2dbca09c6e362d69b9684e538ec92cf46bf809a6f9269e8cf6db96d1638a9974/detection

103.212.81.156:24317
91.215.85.223:12484
91.215.85.223:20015
91.215.85.223:24317
91.215.85.223:46017
91.92.248.48:24317
marcaksa.top
pastrasasca.ug

# Reference: https://www.virustotal.com/gui/file/1644fe7f7969fe8724fa0afe45eb73ae03f815939e2a286cc832e322c19fd61d/detection

paipaisdvzxc.ru

# Reference: https://twitter.com/banthisguy9349/status/1733200132106039734

http://88.209.206.36
akttusa.com

# Reference: https://threatfox.abuse.ch/ioc/1211659/

kelenoproc.cc.ua

# Reference: https://www.virustotal.com/gui/file/7a14bf95b11124f6996e015f7becc6f34922c2a3738864215aad46b8714c71b9/detection
# Reference: https://www.virustotal.com/gui/file/33010904b810979cba2d7b44e338ba49899abd8c390ec641a4d6194cc09746e1/detection

microsoft-word.duckdns.org
/xb2vf0iarce5cvvx/util.php
/xb2vf0iarce5cvvx

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2023-12-12)

116.203.10.143:993
128.140.111.217:3000
168.119.58.175:993
195.201.255.210:3001
5.75.178.5:443
5.75.208.190:993
5.75.211.54:1993
5.75.211.95:3001
88.198.124.209:1993
88.198.124.209:993

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2023-12-24)

116.202.177.141:3000
116.202.180.148:3001
116.203.123.207:3001
116.203.164.22:3000
116.203.3.205:2024
116.203.3.205:443
116.203.3.40:3000
128.140.5.127:3000
142.132.232.235:443
168.119.58.175:443
23.88.121.200:443
5.75.178.5:1993
5.75.209.154:443
5.75.215.64:3001
65.109.242.109:443
78.46.250.172:443
78.47.104.201:25565
95.216.149.92:443
95.216.178.71:443

# Reference: https://www.virustotal.com/gui/file/06c0877edf7076f1d18b6d6a0dfe5e1a28e909cfbfb5868c36f5e0c7b4ad6082/detection

http://46.246.96.149

# Reference: https://threatfox.abuse.ch/browse/malware/win.mars_stealer/ (# 2023-12-25)

couriercare.in
moscow-post.com
moscow-post.ru
msk-post.com
/blogggg/blogger.php
/xaoniu/server/waungowangued/g.php

# Reference: https://threatfox.abuse.ch/ioc/1223674/

http://5.42.66.58

# Reference: https://www.virustotal.com/gui/file/041be18344ea8da345923dd5d2421ad79ed888bca4a9ceebe0aa1030c75e5602/detection

http://194.87.31.229

# Reference: https://twitter.com/karol_paciorek/status/1742170079406530655
# Reference: https://www.virustotal.com/gui/file/ada3f1fca37b6aa5a1b851c10e9d35fb9fd7d757c6e6bcccba173e933ef30837/detection
# Reference: https://www.virustotal.com/gui/file/25418f9accfaa84b3ea5ef662fc2b24f9782d1e2e00c1303f879f11afc2eec7b/detection

egetfile.top
youraiusa.top
v.egetfile.top
tg.egetfile.top
tg.youraiusa.top
testingversion.my-vidar.net
/uFJrXt/builder?hash=

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2024-01-06)

http://116.202.187.82
http://116.203.167.169
http://128.140.69.37
http://142.132.232.235
http://195.201.44.3
http://195.201.47.172
http://5.75.215.64
http://5.75.220.180
http://95.216.178.60
http://95.217.241.217
168.119.106.20:443
49.12.114.15:10220
5.75.215.64:443
5.75.220.180:443
65.21.188.123:443
95.216.178.60:443
95.217.25.10:443

# Reference: https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2024-01-12-IOCs-from-StealC-activity.txt

http://109.107.181.33

# Reference: https://www.virustotal.com/gui/file/4436e908111bd5641201fec0b80656609cda5c3d189a5f5e8c3fde69a50f88dc/detection

http://91.92.255.226

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2024-01-15)

http://128.140.123.120
116.202.0.196:10220
65.109.240.203:443
65.109.241.139:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2024-01-23)

http://159.69.102.168
http://49.13.6.118
http://5.75.215.163
http://65.109.240.203
http://65.21.187.53
http://95.216.183.138
http://95.217.240.143
http://95.217.243.230
116.202.4.242:2271
159.69.102.168:443
159.69.102.168:7575
37.27.26.28:443
49.12.118.185:2920
49.13.131.64:7575
49.13.6.118:443
5.75.211.130:2271
5.75.215.163:443
5.75.215.163:7575
65.109.242.152:443
65.109.242.38:443
65.109.243.18:443
65.21.187.53:443
88.198.191.199:2920
95.216.183.138:443
95.217.166.29:443
95.217.240.143:443
95.217.243.230:443

# Reference: https://iamdeadlyz.gitbook.io/malware-research/february-2024/outfoxing-a-malicious-pdf-an-attackers-attempt-to-deliver-a-stealc-infostealer

brazilanimalshelp.com

# Reference: https://twitter.com/banthisguy9349/status/1754899303271661649
# Reference: https://www.virustotal.com/gui/file/4314a53c2c41eb8a57a933a4d1d2e3f29f9b5417074c7a12d081411418928f89/detection
# Reference: https://www.virustotal.com/gui/file/2841d614844219e1c2e937b51d5cd94f816f6b1985bf7372f0ee41c5bcb176b5/detection

http://91.215.85.182
91.215.85.182:443

# Reference: https://www.virustotal.com/gui/file/e271f87be79a5c6af329f942af158bfd4c9bc8252caa4d54da89116f4a04d11f/detection

http://185.172.128.127

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2024-02-12)

http://116.202.3.242
http://49.12.118.45
http://5.75.209.125
http://5.75.211.127
http://5.75.215.113
http://78.46.251.181
http://78.47.191.114
http://88.198.107.6
http://88.99.38.67
http://95.216.181.87
http://95.217.215.24
http://95.217.243.137
116.202.0.229:443
116.202.184.165:9000
116.202.3.242:443
116.203.165.197:9000
116.203.6.77:9000
159.69.101.193:5432
49.12.101.249:9000
49.12.118.45:443
49.13.33.99:443
5.75.209.125:443
5.75.211.127:443
5.75.215.113:443
65.109.242.25:443
78.46.251.181:443
78.47.174.101:9000
78.47.191.114:443
78.47.191.114:9000
78.47.233.159:9000
88.198.107.6:443
88.198.108.242:9000
88.99.38.67:443
95.217.209.180:443
95.217.215.24:443
95.217.243.137:443
95.217.28.5:443

# Reference: https://www.virustotal.com/gui/file/32576ecaeba4abaed4a94f26edddc19447f307f494eb629cfa10db5e579f024d/detection

http://195.2.76.141

# Reference: https://www.virustotal.com/gui/file/6762fa8ca76de2282ca3e6dc73577481e5137516fb78be0fa5d2b380b0d71388/detection

193.233.132.58:3111
sswcnet.org
d.sswcnet.org

# Reference: https://www.virustotal.com/gui/file/13878fa249e211d6fe9a3fe49ad570829217e9a75f50fcdd268dc7a6bd1ab5c7/detection

http://185.172.128.145

# Reference: https://twitter.com/Cyberteam008/status/1770440457979359585

http://147.45.78.181
http://185.172.128.208
http://185.172.128.209
http://185.172.128.210
http://185.209.162.38
http://193.143.1.226
http://217.182.197.48
http://91.92.246.201
http://91.92.248.63
http://94.156.8.100

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2024-03-24)

http://116.202.2.143
http://116.202.4.168
http://116.202.4.240
http://116.203.13.151
http://116.203.3.120
http://142.132.224.223
http://159.69.103.8
http://167.235.207.130
http://49.12.116.63
http://49.13.32.193
http://49.13.32.37
http://49.13.87.142
http://5.75.208.102
http://5.75.208.156
http://5.75.208.68
http://5.75.209.178
http://5.75.211.82
http://5.75.212.96
http://5.75.213.10
http://5.75.213.121
http://5.75.213.155
http://5.75.214.171
http://5.75.221.28
http://65.109.172.49
http://65.109.240.92
http://65.109.242.25
http://65.109.242.251
http://95.216.180.93
http://95.217.240.158
http://95.217.240.44
http://95.217.29.171
http://95.217.31.198
103.35.188.34:39119
116.202.2.143:443
116.202.3.93:443
116.202.4.168:443
116.202.4.240:443
116.202.5.172:443
116.203.117.12:443
116.203.13.151:443
116.203.13.151:9494
116.203.15.173:443
142.132.224.223:443
142.132.224.223:9001
159.69.103.100:443
159.69.103.8:443
195.201.131.130:443
37.27.36.6:9000
45.144.28.165:49119
49.12.103.42:5432
49.12.113.229:443
49.12.116.63:443
49.13.32.231:443
49.13.32.37:443
49.13.33.8:443
49.13.87.142:443
49.13.89.149:443
49.13.89.149:9000
5.75.208.102:443
5.75.208.156:443
5.75.208.68:443
5.75.209.178:443
5.75.209.178:5432
5.75.210.0:443
5.75.211.82:443
5.75.212.96:443
5.75.213.10:443
5.75.213.121:443
5.75.213.155:443
5.75.214.171:443
5.75.214.7:9000
5.75.215.159:9001
5.75.215.43:443
5.75.216.188:443
5.75.221.51:443
65.108.83.243:8081
65.109.11.145:443
65.109.172.49:443
65.109.240.54:8081
65.109.240.92:443
65.109.241.165:8888
65.109.242.251:443
65.109.242.25:5432
65.109.242.97:9000
78.46.233.36:9000
78.47.136.81:443
78.47.223.253:443
78.47.57.253:443
78.47.78.87:443
88.198.107.0:443
88.198.109.225:443
88.198.112.251:10050
88.198.112.251:443
88.99.127.167:9000
95.216.180.93:443
95.216.180.93:9000
95.216.183.48:443
95.217.234.153:443
95.217.240.145:443
95.217.240.152:8081
95.217.240.158:443
95.217.240.44:443
95.217.25.45:8888
95.217.28.14:5432
95.217.28.198:8081
95.217.28.242:8888

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2024-03-27%20FakeUpdates%20IOCs

http://193.233.74.31

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2024-04-11)

http://116.202.186.227
http://116.202.3.93
http://116.202.5.172
http://116.203.117.12
http://116.203.15.173
http://116.203.15.18
http://128.140.125.116
http://159.69.102.165
http://159.69.103.100
http://168.119.60.168
http://195.201.250.50
http://195.201.47.206
http://49.12.113.229
http://49.13.125.250
http://49.13.33.8
http://5.75.211.135
http://5.75.212.236
http://5.75.215.43
http://5.75.216.188
http://5.75.221.51
http://65.109.241.38
http://65.109.242.131
http://65.109.242.143
http://65.109.243.220
http://78.46.229.36
http://78.47.136.81
http://78.47.141.20
http://78.47.221.177
http://78.47.223.253
http://78.47.57.253
http://78.47.78.87
http://80.66.84.68
http://88.198.109.225
http://88.99.122.130
http://95.216.179.73
http://95.217.212.139
http://95.217.240.145
http://95.217.241.187
http://95.217.242.90
http://95.217.27.87
http://95.217.31.143
116.202.186.227:443
116.203.12.29:9000
116.203.14.35:9000
116.203.14.84:5432
116.203.15.18:443
128.140.125.116:443
135.181.97.113:8888
159.69.102.165:443
168.119.60.168:443
195.201.250.50:443
195.201.47.150:5432
195.201.47.206:443
49.13.125.250:443
49.13.149.204:9000
49.13.149.95:9001
5.75.211.135:443
5.75.212.236:443
65.109.241.38:443
65.109.242.131:443
65.109.242.143:443
65.109.243.191:5432
65.109.243.220:443
78.46.229.36:443
78.47.141.20:443
78.47.221.177:443
80.66.84.68:443
88.99.122.130:443
88.99.122.130:5432
94.130.188.149:9000
95.216.176.246:5432
95.216.179.73:443
95.217.155.87:5432
95.217.212.139:443
95.217.241.187:443
95.217.242.90:443
95.217.27.87:443
95.217.31.143:443
95.217.31.228:5432
alexanderalbie.xyz
alexanderarthur.xyz
cytuns.xyz
disear.xyz
galvins.xyz
hepialid.xyz
mogor.xyz
pvasms.top
sares.xyz
stodia.fun
stviw.xyz
suggst.xyz
widur.xyz
yetties.xyz

# Reference: https://threatfox.abuse.ch/browse/malware/win.stealc/ (# 2024-04-11)

http://109.107.182.60
http://116.203.180.34
http://147.45.47.71
http://147.45.47.72
http://185.172.128.26
http://185.216.70.109
http://185.244.48.135
http://192.121.87.173
http://193.143.1.168
http://193.163.7.111
http://193.163.7.129
http://193.163.7.160
http://193.163.7.20
http://193.233.132.241
http://212.52.1.40
http://216.98.13.202
http://216.98.9.109
http://37.27.52.220
http://37.27.52.241
http://37.28.157.3
http://5.75.177.20
http://52.143.157.84
http://62.113.119.199
http://77.105.132.208
http://80.66.85.128
http://80.89.239.178
http://82.115.223.87
http://82.115.223.88
http://89.105.201.132
http://89.105.201.188
http://89.105.201.33
http://89.105.223.142
http://91.108.240.151
http://91.202.233.204
http://91.92.246.192
http://91.92.254.245
http://92.246.138.149
http://93.123.39.11
http://94.156.65.61
http://94.156.79.32
http://94.156.8.97
http://95.164.2.59
147.45.78.181:22
185.172.128.145:22
185.172.128.208:22
185.172.128.209:22
185.172.128.26:22
185.209.162.38:22
185.216.70.109:22
193.143.1.168:22
193.143.1.226:22
212.52.1.40:22
217.182.197.48:22
52.143.157.84:22
62.113.119.199:22
91.202.233.204:22
93.123.39.11:22
94.156.79.32:22
94.156.8.97:22
95.164.2.59:22
abrws.com.br
dskflherlkhopihsf.com
ettoregiardina.icu
farozinda.ru
ffud666.com
giveapp.pro
mariles.top
top-adobe.site
unidasg.top

# Reference: https://twitter.com/naumovax/status/1781333396100116870

death1488.com
heckass.monster
iigggkkl.monster
raur94.com
thecurl.monster

# Reference: https://twitter.com/Artilllerie/status/1782332359959892190

bitdefender-app.com

# Reference: https://twitter.com/g0njxa/status/1782849485732794831

malwarebytes.pro

# Reference: https://twitter.com/banthisguy9349/status/1784929522275483785

old.my-odin.com
setip.my-odin.com
setip.my-vidar.net

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2024-05-08)

http://116.202.188.155
http://116.203.15.80
http://116.203.164.39
http://159.69.26.61
http://94.130.189.25
116.202.177.31:5432
116.202.178.41:443
116.202.185.144:443
116.202.185.144:5432
116.202.185.228:443
116.202.188.155:443
116.202.190.202:5432
116.203.0.165:443
116.203.12.249:443
116.203.13.134:5432
116.203.15.80:443
116.203.164.39:443
116.203.167.106:5432
116.203.7.126:443
116.203.7.96:443
128.140.8.170:5432
157.90.25.39:5432
159.69.102.118:9000
159.69.26.61:443
195.201.248.34:443
23.88.46.51:9000
23.88.47.9:443
23.88.47.9:5432
3.88.46.51:9000
37.27.11.177:443
37.27.87.155:443
49.12.115.59:443
49.13.149.95:443
49.13.224.6:5432
49.13.32.146:443
5.75.213.100:9000
65.108.152.56:9000
65.109.140.8:443
65.109.240.63:443
65.109.241.217:443
65.109.242.112:9000
65.109.242.73:443
78.47.14.240:443
78.47.186.226:443
78.47.221.177:80
88.198.124.238:443
94.130.189.25:443
95.216.176.100:443
95.216.176.5:443
95.217.240.166:443
95.217.242.142:443
95.217.242.142:9000
95.217.244.99:443
95.217.244.99:5432
95.217.245.42:443
95.217.245.42:9000
95.217.246.168:443
95.217.28.230:443
95.217.28.230:5342
95.217.28.230:5432
95.217.29.187:443
95.217.29.215:443
95.217.9.149:443
aktayho.top
almatac.top
bimbro.xyz
bogote.xyz
bohot.xyz
davltp.xyz
eralaunch.xyz
graims.xyz
hobobo.xyz
hypaton.xyz
karl3on.xyz
kartogra.top
meday.xyz
ndearn.xyz
neuengi.top
nevers.xyz
oktes.xyz
racess.xyz
redddog.xyz
riptode.xyz
soka101.xyz
tenens.xyz
tstarks.xyz
vances.xyz
vtlintro.xyz
woo2tech.xyz
yestohe.xyz

# Reference: https://threatfox.abuse.ch/browse/malware/win.stealc/ (# 2024-05-10)

http://109.172.112.246
http://139.60.162.84
http://146.70.86.229
http://185.172.128.111
http://185.172.128.150
http://185.172.128.151
http://185.172.128.23
http://185.172.128.62
http://185.172.128.76
http://185.70.186.153
http://193.163.7.82
http://193.163.7.88
http://45.11.92.124
http://49.13.229.86
http://62.133.60.205
http://62.133.60.218
http://65.109.170.29
http://89.105.198.253
http://89.23.103.109
http://89.23.103.129
http://89.23.103.132
http://89.23.103.141
http://89.23.103.159
http://89.23.103.165
http://89.23.103.168
http://89.23.103.89
http://89.23.103.96
http://94.156.79.116
http://94.156.79.164
http://95.181.173.85
146.70.86.229:22
185.172.128.23:22
185.172.128.9:22
49.13.229.86:22
62.133.60.205:22
62.133.60.218:22
65.109.170.29:22
89.23.103.109:22
89.23.103.129:22
89.23.103.132:22
89.23.103.141:22
89.23.103.159:22
89.23.103.165:22
89.23.103.168:22
89.23.103.89:22
89.23.103.96:22
94.156.79.116:22
95.181.173.85:22
okkolus.com
shaffatta.com

# Reference: https://x.com/Cyberteam008/status/1792756439003676864

http://116.202.0.24
http://116.202.178.41
http://116.202.185.228
http://116.202.5.235
http://116.202.6.172
http://116.203.0.165
http://116.203.12.249
http://116.203.7.126
http://168.119.166.86
http://49.12.115.112
http://49.13.49.198
http://5.75.214.74
http://5.75.220.208
http://65.108.55.55
http://65.21.183.11
http://78.46.237.77
http://78.47.123.174
http://78.47.14.240
http://78.47.23.196
http://88.198.122.201
http://88.99.124.6
http://91.107.221.88
http://95.217.240.101
http://95.217.28.63
116.202.0.24:22
116.202.0.24:443
116.202.178.41:22
116.202.185.228:22
116.202.5.235:22
116.202.5.235:443
116.202.6.172:22
116.202.6.172:443
116.203.0.165:22
116.203.12.249:22
116.203.7.126:22
168.119.166.86:22
168.119.166.86:443
49.12.115.112:22
49.12.115.112:443
49.13.49.198:22
49.13.49.198:443
5.75.214.74:22
5.75.214.74:443
5.75.220.208:22
5.75.220.208:443
65.108.55.55:22
65.108.55.55:443
65.21.183.11:22
65.21.183.11:443
78.46.237.77:22
78.46.237.77:443
78.47.123.174:22
78.47.123.174:443
78.47.14.240:22
78.47.23.196:22
78.47.23.196:443
88.198.122.201:22
88.198.122.201:443
88.99.124.6:22
88.99.124.6:443
91.107.221.88:22
91.107.221.88:443
95.217.240.101:22
95.217.240.101:443
95.217.28.63:22
95.217.28.63:443

# Reference: https://x.com/banthisguy9349/status/1801605940409483729
# Reference: https://www.virustotal.com/gui/file/b26b1074a9b97f7f8be564b70f50ee965df6b8773695ba25d72c2638d3c90586/detection

http://65.109.240.138
http://77.238.253.107
195.201.251.58:9000
65.109.240.138:443
65.109.240.138:9000
edusau.com
nubsibote.su
victorisport.shop

# Reference: https://threatfox.abuse.ch/browse/malware/win.stealc/ (#2024-06-16)

http://147.45.47.150
http://147.45.78.162
http://193.163.7.39
http://194.26.232.108
http://194.26.232.166
http://194.55.186.11
http://194.55.186.12
http://194.55.186.13
http://212.113.117.130
http://23.88.106.134
http://45.88.79.153
http://5.161.191.146
http://5.161.203.102
http://57.181.170.149
http://62.133.61.244
http://89.105.198.116
http://89.105.198.134
http://89.105.198.59
http://93.123.39.132
http://93.123.39.135
http://93.123.39.138
147.45.78.162:22
194.26.232.108:22
194.26.232.166:22
194.55.186.11:22
194.55.186.12:22
194.55.186.13:22
212.113.117.130:22
23.88.106.134:22
57.181.170.149:22
62.133.61.244:22
93.123.39.132:22
93.123.39.135:22
93.123.39.138:22

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2024-06-16)

http://116.202.1.60
http://116.202.177.206
http://116.202.5.195
http://116.202.8.208
http://116.203.7.199
http://188.245.35.23
http://49.12.115.57
http://5.75.212.247
http://5.75.213.183
http://5.75.215.51
http://5.75.215.90
http://5.75.232.183
http://78.47.105.28
http://88.198.124.82
http://88.99.127.107
http://95.217.242.38
116.202.1.60:443
116.202.177.206:443
116.202.190.18:443
116.202.190.18:5432
116.202.2.84:443
116.202.5.195:443
116.202.5.235:9000
116.202.8.208:443
116.203.13.51:443
116.203.14.211:9000
116.203.15.103:443
116.203.166.11:443
116.203.167.34:443
116.203.2.129:5432
116.203.4.20:443
128.140.34.253:443
159.69.102.132:443
159.69.102.132:5432
188.245.35.23:443
195.201.248.182:443
195.201.253.107:443
195.201.46.4:443
37.27.34.12:443
49.12.115.57:443
49.13.214.194:443
49.13.227.86:443
49.13.227.86:5432
49.13.235.244:5432
49.13.32.109:443
49.13.49.198:9000
5.42.96.89:443
5.75.208.137:443
5.75.208.137:9000
5.75.212.114:443
5.75.212.247:443
5.75.212.9:443
5.75.213.183:443
5.75.214.104:443
5.75.215.51:443
5.75.232.183:443
50.75.213.183:443
65.108.55.55:9000
65.109.241.185:443
65.109.242.112:443
65.109.242.59:443
65.109.243.78:443
77.221.151.87:443
78.47.105.28:443
88.198.122.201:9000
88.198.124.82:443
88.198.193.148:443
88.99.124.6:9000
88.99.127.107:443
91.107.221.88:9000
94.130.190.88:443
95.217.135.112:443
95.217.240.101:9000
95.217.241.137:443
95.217.242.38:443
95.217.242.38:5432
95.217.28.33:443
95.217.28.63:9000

# Reference: https://x.com/RacWatchin8872/status/1803822001569603945
# Reference: https://www.virustotal.com/gui/file/9cf43d480f6319717934b1a3f97682a4454c1742e2409aa416ba719e606c34ca/detection

http://5.42.65.116
162.55.53.18:9000

# Reference: https://www.esentire.com/blog/fake-it-support-website-leading-to-vidar-infection
# Reference: https://www.virustotal.com/gui/file/66657d9b96b553b432221190becbe66c4ea3bd11073c7cdd06267d16a1bedc87/detection
# Reference: https://www.virustotal.com/gui/file/3868e2bb77f84cece0e9d7dc2d64b6e40ce12347aaf01ce4b18e548d994b5a3f/detection

answermedia.site
pchelperspro.com
pchelprwizardsguide.com
ghufa.answermedia.site
ghufal.answermedia.site
ghufalu.answermedia.site
hufal.answermedia.site

# Reference: https://app.validin.com/detail?find=Gala%20Vlog&type=raw&ref_id=88c370def95#tab=host_pairs_v2

95.216.164.36:443
95.217.31.188:443

# Reference: https://x.com/RacWatchin8872/status/1804969698469007822

http://185.172.128.20

# Reference: https://www.virustotal.com/gui/file/1dd70ad9399b127e9cc2700248002d1100419ae97da7263055f6e25167cae05e/detection

139.162.190.156:8888

# Reference: https://www.virustotal.com/gui/file/d13d3d0db7a7f39a38d276fcd37036b2e86db69643f3dabb0550a3db4c65b13c/detection
# Reference: https://www.virustotal.com/gui/file/6e7f46991aa219191afeacf3be81806705a1ea055dadc2beb7530b595fa2ad3f/detection
# Reference: https://www.virustotal.com/gui/file/85925f6ca57cdc1f20b14e15394cbec01eab82b85bea7d4b4dbbcc4c369d6274/detection

139.162.190.156:8080

# Reference: https://x.com/raghav127001/status/1805495552328732755
# Reference: https://app.validin.com/detail?find=XTotoroPet&type=raw&ref_id=a8af73f79ef#tab=host_pairs_v2
# Reference: https://www.virustotal.com/gui/file/43ff60f3ff07496a159a4d98b1907ebf74eaab132f770f82a0a885ab6cc9fe57/detection
# Reference: https://www.virustotal.com/gui/file/dd704f1c16c05260c6c6738c8f2d3d6cd06b17fd38cdb3037db0cc377ddcba40/detection
# Reference: https://www.virustotal.com/gui/file/398814c99fa23c50827b61d0b33340ec1d246ed0320c98dd5ffcfba711913869/detection

http://154.23.185.46
http://154.19.84.90
http://154.19.85.129
http://154.23.181.219
http://154.82.75.80
http://154.91.90.233
http://38.46.15.242
154.82.75.80:10200
154.91.90.233:10200
38.46.15.242:10200
googlechrome-sice.top
googlechromegts.top
wsw.googlechromegts.top
gamew123.com
pplilv.bond
zadan123.com

# Reference: https://www.virustotal.com/gui/file/e8f4e2c8f058da6e964fd24eadc2e3cd09c837fc267f7ddab5a052beea194a84/detection

http://172.99.189.221

# Reference: https://app.validin.com/detail?find=vidar2406.exe&type=dom&ref_id=ecde18d3401#tab=host_pairs_v2

1b6rxhbom0if81.ru
1kqgydtp.ru
2ckmn6gortocdt2wx.v123u0ikbmqe6h.ru
31rwvruesygea86fiua.ufopovqkwpxznuo.ru
3dcvyu86ot6w9.ru
6fpxdofyeau.1kqgydtp.ru
8jgajnghgr7bn.mgaq996t7hh6bn2.ru
9p6eymc3bb8iff.ru
9y2t6yiu.ru
a4dbezwb3na.ru
aiyerslogistics.com
ajauhzzqkgcowusrsv.9p6eymc3bb8iff.ru
alanasophiaromero.com
anjxcoevuhvdie.ru
ankitopticals.com
b9tellfguwqs.anjxcoevuhvdie.ru
bbwizxq4prat.ru
bezkngteaqr.ru
bismillahhalalsupermarket.com
booksdealers.com
bxmyw3byc9074v3oh3.3dcvyu86ot6w9.ru
bxoizvcwk1i18u.mnvfaus.ru
c4musqgiix.zvmdyjjavbo9au.ru
dluqmza6ixunhsk.xapmsjd78clu.ru
dreguy.com
e6kepaoz.zz2tamfcest67la.ru
eopdtzo2fmkin.ru
ewmevxlafkrdnfzvyo.xapmsjd78clu.ru
findhalalrestaurants.com
finishlinedesignz.com
fjwbxvaw6wymio8axp.m4nzy77kn.ru
ftocmcwayyukkdgsc.bbwizxq4prat.ru
gcbn-tv.com
girish-aswani.com
hennastencilsqueen.com
hgrpxnjs.ru
hugedomainssales.com
hvstcyzsdd.ru
jhsa1gggqgdjpe.ru
kaxjcnv.ru
kkqgdmomoedswa7hygu.vhus5q8f.ru
kywings.com
l9jbfdn2ikj84.ru
lijnk8ht6.jhsa1gggqgdjpe.ru
ls4j0vcchfk.a4dbezwb3na.ru
lvvc83e3atjwffje.mgaq996t7hh6bn2.ru
m4nzy77kn.ru
mgaq996t7hh6bn2.ru
mnvfaus.ru
mxrdmpym.wgjghqu6k.ru
neo21st.com
nfno8xcxjero.l9jbfdn2ikj84.ru
ooxiiygl3.eopdtzo2fmkin.ru
orderhalalfoods.com
orderhalalgrocery.com
ore156tewypbn.yesffpxmre5.ru
postit-social.com
ppyqeptelvilg7o.ru
pqwr1nxyn2ohdocjr.scj9vcej.ru
scj9vcej.ru
skinnypigprovisionco.com
sz6ewfcs.9y2t6yiu.ru
tableplacemat.com
tablesplacemats.com
tasteabites.com
tdt7khbuxi.ufopovqkwpxznuo.ru
texascuervoleather.com
topbesthalalrestaurants.com
topbestrestaurants.com
topbestsellingdomains.com
tophalalrestaurants.com
trflaakg7grd6p.1b6rxhbom0if81.ru
tyibw8trwkndni.kaxjcnv.ru
udcwsxr3bknzehmwqej.scj9vcej.ru
ufopovqkwpxznuo.ru
v123u0ikbmqe6h.ru
vg9uaonmlovvvey0ym.bezkngteaqr.ru
vhus5q8f.ru
viztik.com
wgjghqu6k.ru
wmrbgsj33epkwm2.1kqgydtp.ru
worldhalalrestaurants.com
worldofbakhoor.com
wovenembroidery.com
wp9acsvfwtovymxga8au.bezkngteaqr.ru
wyrsm0kepayk.1b6rxhbom0if81.ru
xapmsjd78clu.ru
xsjbvjg53eie5qihucez.hvstcyzsdd.ru
yesffpxmre5.ru
z0h5zwqcnshucs3mbk.ppyqeptelvilg7o.ru
zj1gop8a7taggs.hgrpxnjs.ru
zvmdyjjavbo9au.ru
zz2tamfcest67la.ru

# Reference: https://x.com/karol_paciorek/status/1809161475350552937
# Reference: https://app.validin.com/detail?find=dlmtk.php&type=dom&ref_id=6a3ca7d2f1f#tab=host_pairs_v2

0pqqrno.ru
4yfuf6fbns.ru
5uzomur8jdzkr2.ru
6s8ejmzn.ru
6syftzfcm9ykmn.ru
6u55qnw.ru
6x2rjts.ru
7v71tlq5duzw.ru
afugzhgpjndz.ru
appdevweb.com
arh6kitpiza.ru
fckhkdmzarlxnv.ru
fudyharaj4.ru
fw8qhmjzzcmw5.ru
gqtgrj0azzy6j.ru
hbyhzrwtgey4wmm.ru
hg3entz7it1.ru
huviio3qdxjxwy.ru
issgkigw.ru
iszexeeci.ru
l2rm7wpf1wsx4.ru
liwapoq6hyo.ru
lvew58zfy.ru
m0bkqt0.ru
mvt2bw1dnj9eev.ru
njy1rzjpfo4.ru
o4dhtgfypia2i.ru
prkj2dwtcl1nrt.ru
q5yyqfpt2ftyau.ru
qa88zlak1k.ru
sspxswtgsyg58.ru
u1z8mzv.ru
vqan9spmiieoz.ru
wgnyffwvl6wjwy7.ru
wv8olbxijb8lk7q.ru
xbn3xif4shd.ru
zabr03xsi.ru
zd0q8appahl.ru
zgdsuj9tdao9.ru
zqjfctliy2zgk.ru
afvukwyd.liwapoq6hyo.ru
aqudsbzay.wgnyffwvl6wjwy7.ru
avrzofkfhprwc.xbn3xif4shd.ru
bvaqvtls.issgkigw.ru
bxdzmxioejv.fudyharaj4.ru
cauosfbq.6x2rjts.ru
ccuotook.prkj2dwtcl1nrt.ru
ceulejdaa.mvt2bw1dnj9eev.ru
cfvcatak.iszexeeci.ru
cqkylkdc.u1z8mzv.ru
ctfsyoenje.wv8olbxijb8lk7q.ru
davqjlqzivgic.q5yyqfpt2ftyau.ru
dqqfyxi.u1z8mzv.ru
drsfvnohwtmd.hg3entz7it1.ru
dtxciobrr.lvew58zfy.ru
duoyjlfrx.6s8ejmzn.ru
dwqlphd.vqan9spmiieoz.ru
ecfdeozfshsdoz.sspxswtgsyg58.ru
ehilahwgywev.afugzhgpjndz.ru
fexlxlnduujwh.0pqqrno.ru
fvpfkmxthvoopf.l2rm7wpf1wsx4.ru
gfdmvvyyzxi.xbn3xif4shd.ru
gytcxidje.zgdsuj9tdao9.ru
hdmdpezxakz.6syftzfcm9ykmn.ru
ibdxzvhqnod.iszexeeci.ru
jazgkwzjff.hg3entz7it1.ru
jdekqhqgsdtuhrs.huviio3qdxjxwy.ru
jzcjqmny.issgkigw.ru
kcuoshjza.wv8olbxijb8lk7q.ru
kvjljovivijkh.liwapoq6hyo.ru
lgisqews.zqjfctliy2zgk.ru
llftccfoxndayn.fw8qhmjzzcmw5.ru
lpbeksttoj.arh6kitpiza.ru
mrhwfcrbliw.7v71tlq5duzw.ru
nffdscufhcklote.5uzomur8jdzkr2.ru
nftjlkqemdeg.huviio3qdxjxwy.ru
ngtqaptvyefytvc.4yfuf6fbns.ru
nhbtuwenpxjpsv.fckhkdmzarlxnv.ru
nzbwssqupojpqhr.zd0q8appahl.ru
obnqkbjynhwdr.gqtgrj0azzy6j.ru
ogjxkfewbu.zabr03xsi.ru
oiroguinadyxo.o4dhtgfypia2i.ru
osnnmtohzfs.7v71tlq5duzw.ru
otdaxww.6u55qnw.ru
pabloxfqs.gqtgrj0azzy6j.ru
peliopjyzfeg.6u55qnw.ru
pfoouorz.m0bkqt0.ru
pqcrurzehkb.qa88zlak1k.ru
prbaibhb.wgnyffwvl6wjwy7.ru
ptdzddl.sspxswtgsyg58.ru
qhzfnfqvkmheolx.njy1rzjpfo4.ru
qmdqfarriz.zgdsuj9tdao9.ru
quhlogh.mvt2bw1dnj9eev.ru
rwprfiajldozj.vqan9spmiieoz.ru
rxqtvahnfeb.6s8ejmzn.ru
shvomeapvykarr.prkj2dwtcl1nrt.ru
sizuxburosr.hbyhzrwtgey4wmm.ru
slmvkoxpszpepzl.4yfuf6fbns.ru
slymiuvbcnbpsx.o4dhtgfypia2i.ru
sssgyvorcpydvpc.hbyhzrwtgey4wmm.ru
sxyizrjjtz.0pqqrno.ru
tigepzxxepojaw.fudyharaj4.ru
tpfnnbmagxmv.zabr03xsi.ru
udghzhhuhq.m0bkqt0.ru
uiimuqz.njy1rzjpfo4.ru
ulhgbvw.zqjfctliy2zgk.ru
vxornjrb.l2rm7wpf1wsx4.ru
wakkoapi-mr81c5r29drtnqhe.cfd
wlhupambrce.fckhkdmzarlxnv.ru
wlooolcoxdk.fw8qhmjzzcmw5.ru
wlqyapdzebfruh.qa88zlak1k.ru
xhhfdbllb.lvew58zfy.ru
xtryromolasu.5uzomur8jdzkr2.ru
xuhxrowba.q5yyqfpt2ftyau.ru
yeqrlgwjvj.arh6kitpiza.ru
ykkaebk.afugzhgpjndz.ru
ymuzkdzlepfo.6syftzfcm9ykmn.ru
yvzmzlunb.6x2rjts.ru
zgnadzatg.zd0q8appahl.ru

# Reference: https://x.com/Merlax_/status/1806147569317294141

http://77.221.158.54
168.119.115.138:9000

# Reference: https://www.virustotal.com/gui/file/004c36d5a75d96cd6d275a135222353869f30bf7e12e8f6f7f93e3f6ed572493/detection

http://85.28.47.4

# Reference: https://x.com/ShanHolo/status/1807396638358487370
# Reference: https://www.virustotal.com/gui/file/0f88ea51a56da966d12311a4b20ea3a6c44315e00747a589f19cf535f90ced77/detection

http://77.105.132.27
195.201.251.214:9000

# Reference: https://www.virustotal.com/gui/file/004aba94049326997a5effb611dc3fd88b1669fe2a311630bc61138aa728698d/detection

kotawa.top
tea.arpdabl.org

# Reference: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
# Reference: https://www.virustotal.com/gui/file/81e89754ae2324c684fce71acafc30f8085870be947e7a76971b4fec1b24b5d1/detection

pbdbj.xyz
pbpbj.xyz
pcvcf.xyz
pcvvf.xyz
pddbj.xyz
pdddj.xyz
pdddk.xyz
pqdrf.xyz
ptdrf.xyz

# Reference: https://www.virustotal.com/gui/ip-address/108.177.15.188/relations

googlechroegts.top
hiuyoudml.top
mey-sksexasr.top
nweussallisa.top
shufalwmg.top
shufawtas.top
skype-a.com
skype-c.com
skype-cism.top
skype-cisve.top
telegeram-s.org
telegram-cc.org
telegram-ic.org
telegram-re.org
telegram-rs.org
telegram-yc.org
telegream-a.org
telegream-ai.org
telegream-e.org
telegream-m.org
telegream-st.org
telegream-v.org
telegrma-r.org
wosmnrsa.top
xunmiwl.top
youdafanyi.top
youdaoafs.top
youdaoic.icu
youdaoixa.cc
youdaoixc.shop
youdaojsa.icu
youdaomab.cyou
youdaomax.shop
youdaomk.cc
youdaomsb.icu
youdaomsk.icu
youdaomvix.icu
youdaomwerxze.icu
youdaomz.shop
youdaone.shop
youdaonfw.shop
youdaons.shop
youdaonsa.icu
youdaonw.top
youdaonwha.top
youdaonwyr.top
youdaosaa.top
youdaosasf.shop
youdaosimwr.icu
youdaosma.top
youdaossat.icu
youdaossnw.shop
youdaowb.shop
youdaowbjka.icu
youdaowbn.shop
youdaowbnjhak.top
youdaown.icu
youdaown.shop
youdaownas.top
youdaownj.shop
youdaowsnj.top
pao.paowmtastacvx.top
usw.youdaoixa.cc
usw.youdaomk.cc
vv.shufalwmg.top
vv.shufawtas.top
wpo.wosmnrsa.top
wrew.nweussallisa.top
wssw.xunmiwl.top
wsw.googlechroegts.top
wsw.skype-cism.top
wsw.skype-cisve.top
wsw.youdafanyi.top
wsw.youdaoafs.top
wsw.youdaoic.icu
wsw.youdaoixc.shop
wsw.youdaojsa.icu
wsw.youdaomab.cyou
wsw.youdaomax.shop
wsw.youdaomsb.icu
wsw.youdaomsk.icu
wsw.youdaomvix.icu
wsw.youdaomwerxze.icu
wsw.youdaomz.shop
wsw.youdaone.shop
wsw.youdaonfw.shop
wsw.youdaons.shop
wsw.youdaonsa.icu
wsw.youdaonw.top
wsw.youdaonwyr.top
wsw.youdaosaa.top
wsw.youdaosimwr.icu
wsw.youdaosma.top
wsw.youdaossat.icu
wsw.youdaossnw.shop
wsw.youdaowb.shop
wsw.youdaowbjka.icu
wsw.youdaowbn.shop
wsw.youdaowbnjhak.top
wsw.youdaownas.top
wsw.youdaownj.shop
wsw.youdaowsnj.top
wws.youdaown.shop
wziw.hiuyoudml.top

# Reference: https://app.validin.com/detail?find=27.124.34.149&type=ip4&ref_id=26e76131b02#tab=resolutions

a-skype.com
aisscxzsw.icu
aks.mktaeilwbtas.top
alwaysatyours.icu
ashnjktast.top
asnmwisfas.icu
bhasjktyas.icu
daoyouwrta.top
daoyouwrtxa.top
daoyouwsawrt.top
dingshengzhifuu.com
dnslistsaz.top
engseegdao.top
engsengdao.top
engsengdio.top
fasnkyhlsd.top
fgajkltyas.top
gram-ms.org
gshajktaws.icu
hnwjktnas.icu
hwjskatasa.icu
insxzysfg.top
jhasktaskatas.icu
jsaawr654.xyz
lineowumehsx.top
linsxzyen.top
mengyunl.xyz
miceeunlma.top
mjhwgtas.icu
mktaeilwbtas.top
mnwis.top
mshweart.icu
muwjntb.icu
my.telegram-jc.org
my.telegram-ky.org
my.telegram-yc.org
nccwiliaaf.top
ncuwgit.cc
neixzualiieyh.top
nelowkjke.top
nenghuinlonm.top
newieksaty.top
newlijnm.top
noiwmwps.top
nucccintp.top
nuckcintp.top
nuckiintp.top
nuckkintp.top
nucwwintp.top
nuewssvims.cc
nwexlzdm.top
omwgbr.cc
paoaim.aisscxzsw.icu
paopaome.top
pois.wsowntsedzas.icu
pomil.mjhwgtas.icu
pomil.muwjntb.icu
ppans.mnwis.top
s1651s.xyz
sahjktasfsx.top
sajhkatast.icu
sajketasdf.top
shajktafsxt.top
shjkawtasd.top
shufafsac.top
shufaijioas.top
shufamnksa.top
shurufamxa.top
sjkawtafasx.xyz
skype-cisve.icu
skype0sha.shop
sogomausa.top
sufamawrtsx.top
sufamwasaw.top
sufasnxzs.top
surufasfax.top
syn.yunenius.top
teiagrem.top
tele.gram-ms.org
telegram-cy.org
telegram-jc.org
telegram-ky.org
telegream-c.org
telegream-n.org
telegream-o.org
telegream-s.org
telegream-si.org
telegrma-a.org
telegrma-c.org
telegrma-l.org
telegrma-s.org
ufamxxgw.top
uimlrhtl.top
usw.youdaoixc.cc
vv.shufafsac.top
vv.shufaijioas.top
vv.shufamnksa.top
vv.shurufamxa.top
vv.sogomausa.top
vv.sufamawrtsx.top
vv.sufamwasaw.top
vv.sufasnxzs.top
vv.surufasfax.top
vv.ufamxxgw.top
vv.wofbajkssa.top
vv.womsnjas.top
wafsjkltasa.top
wastyast.top
wbhajktewas.icu
web.gram-a.org
wee.teiagrem.top
weiw.neixzualiieyh.top
wew.nwexlzdm.top
wew.youdaow.top
whaksat.top
whatsapp-ed.com
whaujktsda.icu
whjkatyas.icu
whjksatyss.top
wiw.youdaoiswe.icu
wiw.youdaomw.icu
wiw.youdaomwhra.icu
wiw.youdaomwsa.icu
wiw.youdaomwsw.icu
wiw.youdaonwsa.icu
wiw.youdaonwuer.icu
wiw.youdaooiss.icu
wiw.youdaosaer.icu
wiw.youdaowasd.xyz
wlw.youdaolsw.icu
wlw.youdaowrt.icu
wo.s1651s.xyz
wofbajkssa.top
womsnjas.top
wosmjjrtasfga.icu
wps.alwaysatyours.icu
wraw.miceeunlma.top
wrw.yuimwkyht.top
ws.wosmjjrtasfga.icu
wsew.engseegdao.top
wsew.engsengdao.top
wsew.engsengdio.top
wsew.newieksaty.top
wsew.xunmiloie.top
wsiw.nelowkjke.top
wsiw.nenghuinlonm.top
wsiw.newlijnm.top
wsiw.xunmengli.top
wsiw.xunmrngloi.top
wsiw.yoiudyfcas.top
wsiw.yulongml.top
wsowntsedzas.icu
wssw.dnslistsaz.top
wssw.insxzysfg.top
wssw.nucccintp.top
wssw.nuckcintp.top
wssw.nuckiintp.top
wssw.nuckkintp.top
wssw.nucwwintp.top
wssw.uimlrhtl.top
wssw.youdaocheas.top
wssw.youlkjwstws.top
wsw.ashnjktast.top
wsw.asnmwisfas.icu
wsw.bhasjktyas.icu
wsw.daoyouwrta.top
wsw.daoyouwrtxa.top
wsw.daoyouwsawrt.top
wsw.fasnkyhlsd.top
wsw.fgajkltyas.top
wsw.gshajktaws.icu
wsw.hnwjktnas.icu
wsw.hwjskatasa.icu
wsw.jhasktaskatas.icu
wsw.mshweart.icu
wsw.ncuwgit.cc
wsw.noiwmwps.top
wsw.nuewssvims.cc
wsw.omwgbr.cc
wsw.sahjktasfsx.top
wsw.sajhkatast.icu
wsw.sajketasdf.top
wsw.shajktafsxt.top
wsw.shjkawtasd.top
wsw.sjkawtafasx.xyz
wsw.skype-cisve.icu
wsw.skype0sha.shop
wsw.wafsjkltasa.top
wsw.wastyast.top
wsw.wbhajktewas.icu
wsw.whaksat.top
wsw.whaujktsda.icu
wsw.whjkatyas.icu
wsw.whjksatyss.top
wsw.xunmmet.top
wsw.youadaw.top
wsw.youdaoas.cyou
wsw.youdaoasf.cyou
wsw.youdaoaswrxz.top
wsw.youdaoaxa.icu
wsw.youdaobdeawes.icu
wsw.youdaobhe.shop
wsw.youdaobhxz.icu
wsw.youdaobnh.cyou
wsw.youdaodawr.top
wsw.youdaois.icu
wsw.youdaoisnw.icu
wsw.youdaoiun.icu
wsw.youdaoiuw.icu
wsw.youdaoix.icu
wsw.youdaoiz.icu
wsw.youdaoka.cc
wsw.youdaokwer.icu
wsw.youdaombwt.icu
wsw.youdaomiuyw.icu
wsw.youdaomjwr.icu
wsw.youdaomkfas.icu
wsw.youdaomnes.icu
wsw.youdaomnwer.icu
wsw.youdaomnwer.vip
wsw.youdaoms.icu
wsw.youdaomsa.icu
wsw.youdaomsawmzx.icu
wsw.youdaomsesav.icu
wsw.youdaomshw.icu
wsw.youdaomsw.icu
wsw.youdaomswwr.icu
wsw.youdaomvbns.icu
wsw.youdaomvcse.icu
wsw.youdaomvcswxamzx.icu
wsw.youdaomves.icu
wsw.youdaomvmezx.icu
wsw.youdaomvsel.icu
wsw.youdaomvwb.icu
wsw.youdaomwa.icu
wsw.youdaomwa.xyz
wsw.youdaomwg.icu
wsw.youdaomwhr.icu
wsw.youdaomwht.icu
wsw.youdaomwn.icu
wsw.youdaomwuer.icu
wsw.youdaonashnj.icu
wsw.youdaonax.shop
wsw.youdaonera.icu
wsw.youdaonjw.icu
wsw.youdaonsbw.shop
wsw.youdaonsh.sbs
wsw.youdaonsj.shop
wsw.youdaonvessa.icu
wsw.youdaonvexzc.icu
wsw.youdaonvuwen.icu
wsw.youdaonvwesa.icu
wsw.youdaonw.cyou
wsw.youdaonw.xyz
wsw.youdaonwa.xyz
wsw.youdaonwais.icu
wsw.youdaonwgra.icu
wsw.youdaonwhas.top
wsw.youdaonwi.icu
wsw.youdaonwma.icu
wsw.youdaonwsa.xyz
wsw.youdaonwy.icu
wsw.youdaonxam.top
wsw.youdaosa.icu
wsw.youdaosa.shop
wsw.youdaosaas.sbs
wsw.youdaosajh.xyz
wsw.youdaosat.icu
wsw.youdaoshw.shop
wsw.youdaosjw.shop
wsw.youdaosnh.top
wsw.youdaosnjh.icu
wsw.youdaosnjwa.shop
wsw.youdaosnwjka.icu
wsw.youdaossda.shop
wsw.youdaotaliask.icu
wsw.youdaouie.icu
wsw.youdaoumies.icu
wsw.youdaouw.icu
wsw.youdaovwrt.icu
wsw.youdaowas.icu
wsw.youdaowasz.icu
wsw.youdaowbas.top
wsw.youdaowbh.shop
wsw.youdaowha.cyou
wsw.youdaowmjwr.icu
wsw.youdaown.top
wsw.youdaownj.top
wsw.youdaowntakx.top
wsw.youdaowntj.top
wsw.youdaowrtsa.icu
wsw.youdaowsd.top
wsw.youdaowssa.top
wsw.youdaowtsa.icu
wsw.youdaowtyxa.top
wsw.youdaoxaz.icu
wsw.youdaozis.icu
wsw.youdawas.shop
wsw.youduowsa.cc
wsw.youmebhv.cc
wsw.youmjsnw.cc
wsw.youodaomlwr.icu
wsw.yuodaomela.icu
wvw.youdaoxis.icu
wws.youdaowmn.top
wzw.mengyunl.xyz
xunmengli.top
xunmiloie.top
xunmmet.top
xunmrngloi.top
yoiudyfcas.top
youadaw.top
youdaoas.cyou
youdaoasf.cyou
youdaoaswrxz.top
youdaoaxa.icu
youdaobdeawes.icu
youdaobhe.shop
youdaobhxz.icu
youdaobnh.cyou
youdaocheas.top
youdaodawr.top
youdaois.icu
youdaoisnw.icu
youdaoiswe.icu
youdaoiun.icu
youdaoiuw.icu
youdaoix.icu
youdaoixc.cc
youdaoiz.icu
youdaoka.cc
youdaokwer.icu
youdaolsw.icu
youdaombwt.icu
youdaomiuyw.icu
youdaomjwr.icu
youdaomkfas.icu
youdaomnes.icu
youdaomnwer.icu
youdaomnwer.vip
youdaoms.icu
youdaomsa.icu
youdaomsawmzx.icu
youdaomsesav.icu
youdaomshw.icu
youdaomsw.icu
youdaomswwr.icu
youdaomvbns.icu
youdaomvcse.icu
youdaomvcswxamzx.icu
youdaomves.icu
youdaomvmezx.icu
youdaomvsel.icu
youdaomvwb.icu
youdaomw.icu
youdaomwa.icu
youdaomwa.xyz
youdaomwg.icu
youdaomwhr.icu
youdaomwhra.icu
youdaomwht.icu
youdaomwn.icu
youdaomwsa.icu
youdaomwsw.icu
youdaomwuer.icu
youdaonashnj.icu
youdaonax.shop
youdaonera.icu
youdaonjw.icu
youdaonsbw.shop
youdaonsh.sbs
youdaonsj.shop
youdaonvessa.icu
youdaonvexzc.icu
youdaonvuwen.icu
youdaonvwesa.icu
youdaonw.cyou
youdaonw.xyz
youdaonwa.xyz
youdaonwais.icu
youdaonwgra.icu
youdaonwhas.top
youdaonwi.icu
youdaonwma.icu
youdaonwsa.icu
youdaonwsa.xyz
youdaonwuer.icu
youdaonwy.icu
youdaonxam.top
youdaooiss.icu
youdaosa.icu
youdaosa.shop
youdaosaas.sbs
youdaosaer.icu
youdaosajh.xyz
youdaosat.icu
youdaoshw.shop
youdaosjw.shop
youdaosnh.top
youdaosnjh.icu
youdaosnjwa.shop
youdaosnwjka.icu
youdaossda.shop
youdaotaliask.icu
youdaouie.icu
youdaoumies.icu
youdaouw.icu
youdaovwrt.icu
youdaow.top
youdaowas.icu
youdaowasd.xyz
youdaowasz.icu
youdaowbas.top
youdaowbh.shop
youdaowha.cyou
youdaowmjwr.icu
youdaowmn.top
youdaown.top
youdaownj.top
youdaowntakx.top
youdaowntj.top
youdaowrt.icu
youdaowrtsa.icu
youdaowsd.top
youdaowssa.top
youdaowtsa.icu
youdaowtyxa.top
youdaoxaz.icu
youdaoxis.icu
youdaozis.icu
youdawas.shop
youduowsa.cc
youlkjwstws.top
youmebhv.cc
youmjsnw.cc
youodaomlwr.icu
yuimwkyht.top
yulongml.top
yunenius.top
yuodaomela.icu

# Reference: https://x.com/banthisguy9349/status/1809159704343408700
# Reference: https://www.virustotal.com/gui/file/076bdbac46ca40ee9712d5c74ebe561186e9b25d4b00df6ca8b2fdf62567677d/detection

5.75.221.27:5432

# Reference: https://x.com/banthisguy9349/status/1809159704343408700
# Reference: https://www.virustotal.com/gui/file/016c5ce0baba78eebe76316b4189d3a51603fee61c00425d214e6835cffab284/detection

116.202.180.70:5432

# Reference: https://x.com/banthisguy9349/status/1809159704343408700
# Reference: https://www.virustotal.com/gui/file/0d26ce4c21d6333dc7c10a7d52045531e7dc1e86647f74f9a3ad2393a9757b68/detection
# Reference: https://www.virustotal.com/gui/file/0bd204224a7e1ae7d6d71b9f759ff2edcf102f820b169714af34c221c7aae8ec/detection
# Reference: https://www.virustotal.com/gui/file/1acd7c16aae986435d7384c9532fba5820995228cfaea55eabd0e09a9e30c1ee/detection

http://116.202.186.70
http://116.203.13.231
http://116.203.13.42
http://116.203.3.167
http://128.140.53.5
http://168.119.118.92
http://195.201.47.189
http://37.27.31.150
http://49.13.227.249
http://65.109.243.69
http://95.217.240.75
http://95.217.27.75
116.202.186.70:443
116.203.13.231:443
116.203.13.42:443
116.203.3.167:443
128.140.53.5:443
168.119.118.92:443
195.201.47.189:443
37.27.31.150:443
49.13.159.121:9000
49.13.227.249:443
65.109.243.69:443
95.217.240.75:443
95.217.240.75:5432
95.217.241.48:443
95.217.27.75:443

# Reference: https://x.com/RacWatchin8872/status/1811871305031123120
# Reference: https://www.virustotal.com/gui/file/013fcdcecfed10f8e5f88ae679e3d7d9a700ba211fa90f139e735fae86a8fa6e/detection

http://85.28.47.30
http://85.28.47.31
/stealc/random.exe

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2024-07-13)

http://116.203.13.254
http://5.42.72.36
http://65.109.233.123
http://88.198.89.4
http://95.217.240.177
http://95.217.241.23
http://95.217.30.242
116.203.13.254:443
116.203.14.27:443
116.203.14.27:9000
128.140.53.5:9000
162.55.53.18:443
168.119.118.92:9000
195.201.251.214:443
195.201.89.97:443
195.201.89.97:5432
37.27.186.135:443
37.27.31.150:9000
49.12.115.229:443
49.13.159.121:443
49.13.33.235:9000
5.75.215.90:443
65.109.233.123:443
65.109.241.221:443
65.109.241.229:443
65.109.241.229:9000
65.109.242.170:443
65.109.243.105:443
78.46.201.42:443
78.47.205.62:443
78.47.205.62:9000
88.198.239.243:443
88.198.89.4:443
95.216.142.162:443
95.216.142.162:9000
95.216.182.224:443
95.216.182.224:9000
95.217.240.177:443
95.217.241.23:443
95.217.27.167:443
95.217.30.242:443
aibek.xyz
aliszon.xyz
anexchange.xyz
antiochus.xyz
aramazd.xyz
bugday.site
callias.xyz
corysy.xyz
feeldog.xyz
guillerme.xyz
kaylen.xyz
paulu.xyz
plagmat.store
poocoin.online
sosimo.xyz
soterios.xyz
theemir.xyz
ymuren.top

# Reference: https://threatfox.abuse.ch/browse/malware/win.stealc/ (# 2024-07-13)

http://139.99.67.238
http://146.70.86.139
http://146.70.86.49
http://176.123.5.92
http://185.216.70.126
http://185.216.70.128
http://188.130.207.35
http://188.245.82.177
http://193.176.153.226
http://194.116.214.29
http://194.55.186.27
http://35.74.81.43
http://40.86.87.10
http://45.152.114.233
http://46.8.238.240
http://5.230.253.197
http://5.42.104.211
http://68.183.108.129
http://82.147.84.78
http://89.110.69.218
http://89.110.74.220
http://89.169.54.23
http://91.214.78.137
http://91.92.240.120
http://94.156.68.153
http://94.156.79.31
146.70.86.139:22
146.70.86.49:22
176.123.5.92:22
185.216.70.126:22
185.216.70.128:22
188.245.82.177:22
193.176.153.226:22
194.116.214.29:22
194.55.186.27:22
35.74.81.43:22
40.86.87.10:22
45.152.114.233:22
5.230.253.197:22
89.110.74.220:22
89.169.54.23:22
91.214.78.137:22
94.156.79.31:22
9507c272a51ce8cefc8761591b2c50e6.fit
bigdogfoundation.com

# Reference: https://x.com/g0njxa/status/1812843562456785116
# Reference: https://search.censys.io/hosts/65.21.246.249
# Reference: https://app.any.run/tasks/64eda020-f17a-4dfa-bd82-b796010c5dc4/

http://65.21.246.249
65.21.246.249:22
65.21.246.249:443

# Reference: https://x.com/malwrhunterteam/status/1813438113680691252
# Reference: https://www.virustotal.com/gui/file/fe8bed09a836755e33c1ad4cae1ea15db42f7f5b5ac669d9a359d8c4fc1df9a1/detection
# Reference: https://www.virustotal.com/gui/file/06e03f5dfb61345a2c095fb98c154d436f9d3be634d5421836ad9322469295a5/detection

http://95.216.182.106
95.216.182.106:443
mamallan.life
arpdabl.zapto.org
/memve4erin

# Reference: https://x.com/ViriBack/status/1814702278030332091
# Reference: https://tria.ge/240720-txe9latdqd/behavioral1
# Reference: https://www.virustotal.com/gui/file/c2a095bf5b04c0ce7af29aebab583b31d76475b3e15762ba5db956b0a3f717d5/detection

antymalwarecheckgood.top
/RFGUOHKFLWEHLFWKL3324243jkfEWLrtgrtr/lica/
/RFGUOHKFLWEHLFWKL3324243jkfEWLrtgrtr/

# Reference: https://www.virustotal.com/gui/file/0a18067c173a7c4bdc24b8d3a847814b30733cecfdcc305c431a3d1fcc322536/detection

http://185.216.214.218
185.216.214.218:1720

# Reference: https://x.com/Cyberteam008/status/1815594345770181093

http://85.28.47.101
http://85.28.47.109
http://85.28.47.152
http://85.28.47.60
http://85.28.47.70
85.28.47.101:22
85.28.47.109:22
85.28.47.152:22
85.28.47.30:22
85.28.47.31:22
85.28.47.4:22
85.28.47.60:22
85.28.47.70:22

# Reference: https://x.com/karol_paciorek/status/1815756273855443427
# Reference: https://tria.ge/240723-rflnyaxalf/behavioral1

http://5.75.253.161
5.75.253.161:443

# Reference: https://www.virustotal.com/gui/file/f9794a9781cb6017ed5e77aa65457a755bc923b77595bf6e2f65d703db43ee32/detection

http://116.203.8.165
http://77.91.77.145

# Reference: https://app.any.run/tasks/eef1b828-5496-4be4-a439-d01480dce840/

http://45.152.112.131

# Reference: https://x.com/JAMESWT_MHT/status/1820808584059388092
# Reference: https://www.virustotal.com/gui/ip-address/206.188.196.37/relations
# Reference: https://app.any.run/tasks/987a32f1-279b-4f17-a1af-fc1fe83151e8/
# Reference: https://www.virustotal.com/gui/file/02d072b70efe0c6c7840e65eba05e580604ae7958cea1d39082ba120d4c4ac93/detection
# Reference: https://www.virustotal.com/gui/file/178099be63a86ae65c574438d19d96a6a2896d1744d61a511f0f6f7445432fbf/detection
# Reference: https://www.virustotal.com/gui/file/c21a1c7ab1321315be200ee49b5b9007d7288ff2af959aa3a556cf034599f481/detection

abgnmlahkdfnfhn.top
ahfnaidhcfenibl.top
aihaknlhdbgmcnb.top
anfndfhijhdalkk.top
bckccicemnkhikb.top
bkldalmefllgfcd.top
cemdlnjdnjmgchf.top
dfcgbllaafenfkh.top
dhdhlceabcgmnil.top
dncgnaiaiefnccj.top
fagjclklkakhffm.top
fcikmcdklkmgncb.top
fihkaagldmlgcln.top
hdmnbafhngdacgd.top
hfaalfmhacgmkdh.top
hlnnncchgefnnlf.top
igdcbdaebmlgagj.top
imdcdadeiakhdai.top
jaedmfldjkmgkml.top
jhfdkihdcinfhdn.top
kbigcdnblgdaaba.top
kdkhmigamdfnhmd.top
kjjgafjaeeenlgb.top
meajbfilanlglbf.top
mgbkllbkajnfemj.top
mmbkniflhlmgihh.top
ncyyefpodi.top
/1eu79g5b4phtr.php
/80bpf4zw39htr.php
/ftcu78mi52htr.php
/u58bkteo2yhtr.php
/n9abodv3lthtr.php

# Reference: https://threatfox.abuse.ch/browse/malware/win.stealc/ (# 2024-08-10)

http://109.107.187.5
http://147.45.47.59
http://185.106.93.99
http://185.215.113.24
http://188.130.207.115
http://193.187.173.86
http://194.116.217.148
http://217.138.215.82
http://45.152.112.103
http://45.152.114.50
http://45.156.25.217
http://45.158.12.58
http://89.169.55.83
http://91.92.244.238
185.106.93.99:22
217.138.215.82:22

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2024-08-10)

http://104.131.166.122
http://159.89.26.154
168.119.176.241:443
5.75.212.60:443
65.21.5.236:443

# Reference: https://www.vmray.com/analyses/_mb/f1ecf2469a83/report/network.html

http://185.172.128.203

# Reference: https://www.virustotal.com/gui/file/1562435949a43d05963e88e6dca52df0b7510a08b28a25feff91f810e29a3cfb/detection

iolo0.b-cdn.net

# Reference: https://x.com/malwrhunterteam/status/1822913620231004550
# Reference: https://www.virustotal.com/gui/file/0bd1beb985425d06ff14735a00162f7fb7934cd796bc58abae830ac61a390237/detection

http://37.1.213.84

# Reference: https://www.virustotal.com/gui/file/da1cd4fe028b80d781a27b9d467301697790794393c17948b77dd47a29f9789a/detection

http://78.46.239.218
78.46.239.218:443

# Reference: https://www.esentire.com/blog/exploring-the-d3f-ck-malware-as-a-service-loader
# Reference: https://github.com/esThreatIntelligence/iocs/blob/main/D3F%40ck_Loader/iocs_7-23-2024.txt

http://116.202.0.236
116.202.0.236:443

# Reference: https://www.virustotal.com/gui/file/33c553e2789dc0ec2c092586db6dea65d0d6a7a8c844ab4790774d88e8de7aa6/detection

http://185.196.9.135

# Reference: https://www.joesandbox.com/analysis/1393952#iocs

1blob.monster
2j.tel
aprel88.com
complete-s.monster
good2-led.com
post-there.com

# Reference: https://tria.ge/240617-vg68tazhkm/behavioral2

gachi-lane.com
gay-domain.com
replica-souls.com
run-df.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.stealc/ (# 3034-08-18)

http://185.215.113.103
http://193.176.190.41
http://194.116.216.149
http://194.59.247.199
http://213.109.147.66

# Reference: https://x.com/karol_paciorek/status/1825508740310647047

http://95.164.47.211

# Reference: https://x.com/raghav127001/status/1826349843230720081
# Reference: https://app.any.run/tasks/a5096f84-0613-4c56-9fa0-e8fd689597c0

http://147.45.47.68
http://65.109.67.190
chronosworlds.world

# Reference: https://x.com/g0njxa/status/1827271656315793554
# Reference: https://app.any.run/tasks/14b06515-315a-4fef-b551-35e90d6b085e

http://147.45.44.104
http://147.45.68.138
http://46.8.231.109

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2024-08-25)

116.202.190.124:443
116.203.5.69:443
5.75.214.144:443
78.46.255.249:443
95.216.180.48:443
95.217.243.180:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.stealc/ (# 2024-08-25)

http://176.98.40.202
http://185.196.9.140
http://185.217.197.202
http://193.176.153.234
http://194.116.214.153
http://194.116.217.112
http://213.232.235.99
http://37.221.64.72
http://45.152.115.116
http://45.152.115.5
http://45.156.23.211
http://94.156.68.106
http://94.156.68.133
http://94.232.249.208

# Reference: https://www.virustotal.com/gui/file/7e74f3e8d070de8a3d3488dc7e68281d2450f28f79ee84edf3e0ea7c62bd7f91/detection

http://195.201.118.191
195.201.118.191:443

# Reference: https://tria.ge/240828-l984favalh/behavioral2

http://5.223.42.55

# Reference: https://cert-agid.gov.it/wp-content/uploads/2024/09/vidar_pec_03-09-2024.json
# Reference: https://app.validin.com/detail?find=168.100.10.21&type=ip4&ref_id=0f39ea8cd92#tab=resolutions
# Reference: https://app.validin.com/detail?find=206.188.196.37&type=ip4&ref_id=650fcce685d#tab=resolutions

cemdlnjdnjmgchf.top
fcikmcdklkmgncb.top
hfaalfmhacgmkdh.top
kdkhmigamdfnhmd.top
rprizu4u6.top
wbnotezbest.top
/v6edbr7xwchtr.php

# Reference: https://x.com/Gi7w0rm/status/1831359580561100965
# Reference: https://tria.ge/240904-skjktasgkk/behavioral2

http://147.45.41.134

# Reference: https://www.virustotal.com/gui/file/8c9ff3afa2b90dcca1609dd10564d1212e0be6d70e1ca1cb81f1357432a996d4/detection

bordo.pw
torpic.xyz

# Reference: https://www.virustotal.com/gui/file/07d182382ff1423e65b309bbc78e93855c0953af02ab0179c8114b5cf848bd5e/detection

cuyahogav.com

# Reference: https://www.virustotal.com/gui/file/5ef282479f0c6f082f15d3f878f8c4b418259ebc6d7941a472e0f28cdcc43c88/detection

http://5.75.214.132
5.75.214.132:443
gacan.zapto.org

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2024-09-08)

http://116.202.5.245
http://159.69.178.243
http://168.119.243.238
http://49.12.8.228
116.202.179.237:443
65.108.57.141:443
95.217.237.91:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.stealc/ (# 2024-09-08)

http://147.45.242.66
http://147.45.47.137
http://147.45.47.253
http://154.216.17.97
http://178.22.31.96
http://185.215.113.37
http://213.21.237.110
http://45.14.245.11
http://46.105.140.131
http://84.247.165.244
http://89.187.73.42
http://91.202.233.158
http://91.202.5.28

# Reference: https://x.com/kddx0178318/status/1834200990565773334
# Reference: https://www.virustotal.com/gui/file/48e74d11c58e4942e394f3f16ffe7446c73884b0a5df0fc89c7f2b94a43f4152/detection

http://194.59.183.235

# Reference: https://x.com/kddx0178318/status/1834642748101554452

deadlockplaytest.com
steamcommunityj.com

# Reference: https://x.com/banthisguy9349/status/1835753819797410142
# Reference: https://www.virustotal.com/gui/file/1eb09563597c5aa12344072b431f844825c2a6b62f77f9b339c838456e826d97/detection

http://46.29.235.52
hijdrop.xyz
api-panel.holesh.ir
g-m1.hijdrop.xyz

# Reference: https://x.com/malwrhunterteam/status/1836037400071413818
# Reference: https://www.virustotal.com/gui/file/871f5ba64ebc090b1d468c8424f643334ad422004a681516a942a684f093140c/detection

http://159.69.100.83
159.69.100.83:443

# Reference: https://www.virustotal.com/gui/file/5d083fcf25b89acc7a51e596299601ea80f8539b694737e97105d3ab68d8be38/detection

http://45.156.27.45

# Reference: https://www.virustotal.com/gui/file/15985feddf54f5d8f3377bca5504fd30d20659993581a4ed12ca925dacb474a9/detection

http://45.156.27.196

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2024-09-22)

http://147.45.126.10
http://46.226.160.169
http://5.161.221.13
http://92.246.138.65
116.202.0.195:443
116.202.183.159:443
116.203.10.69:443
116.203.12.50:443
116.203.15.34:443
116.203.165.127:443
116.203.6.46:443
135.181.31.18:443
188.245.87.202:443
49.12.116.191:443
49.13.33.252:443
5.75.220.8:443
78.47.152.105:443
78.47.227.64:443
91.107.146.245:443
91.107.179.108:443
94.130.188.148:443
95.216.177.246:443

# Reference: https://twitter.com/wwp96/status/1628273497708326912
# Reference: https://x.com/ShanHolo/status/1818541500348707022
# Reference: https://tria.ge/240715-kmwn6axfpr
# Reference: https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/
# Reference: https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2024-01-12-IOCs-from-StealC-activity.txt

/072aacac8f68fd5f.php
/0b92e7ab19e861f9.php
/0d8af8f06ba4b880.php
/0e4968fc55367a12.php
/108e010e8f91c38c.php
/14b1d33c61a04c9e.php
/1a6bc231b835769a.php
/201a735ed890db75.php
/273d9c8034a95cb4.php
/2fa883eebd632382.php
/2fca4d4264af2833.php
/30257e4c371b49a4.php
/413a030d85acf448.php
/570d5d5e8678366c.php
/584d87b5bdba3c10.php
/587ec30955d49a9c.php
/6259fdc16222e061.php
/6842f013779f3d08.php
/6ecdc9436941ebbd.php
/73de3362ad1122cd.php
/752e382b4dcf5e3f.php
/7a957ef6cc168ff6.php
/84b7b6f977dd1c65.php
/8621de5ba9a36454.php
/8c3498a763cc5e26.php
/8ee66a3c8f19e4b5.php
/920475a59bac849d.php
/94903f819d758732.php
/984dd96064cb23d7.php
/99210de056092a58.php
/9b1668f28bd265e2.php
/9b53fb902ecbf12d.php
/9ccb7e7554a07e52.php
/a066a53ea1064ac7.php
/a17861b9cb6f1a53.php
/a27b47225f6019fa.php
/a8f961c72f0d877c.php
/b55459c10e99c506.php
/bca98681abf8e1ab.php
/bef7fb05c9ef6540.php
/c1377b94d43eacea.php
/c3f845711fab35f8.php
/c4754d4f680ead72.php
/ced268c0bcc9de5f.php
/d4e186a7092be5c7.php
/d8ab11e9f7bc9c13.php
/daecd5ae9c3a5474.php
/dc0de592dc0f725c.php
/de4846fc29f26952.php
/e2d7d29621e1052a.php
/e6e1bcda8702fc37.php
/e96ea2db21fa9a1b.php
/edd20096ecef326d.php
/f0b7e3704c0051f9.php
/f0cfeac32620a8d1.php
/f3ee98d7eec07fb9.php
/f9f76ae4bb7811d9.php

# Reference: https://www.virustotal.com/gui/file/f7d5e31a90a7a436fb88277e0920c9675b69fa37eee1b97120a27f792ea8ca1d/detection

http://147.45.45.69
http://185.125.102.133
http://45.132.206.251
cowod.hopto.org
meyot.bounceme.net

# Reference: https://x.com/banthisguy9349/status/1838597449910251943
# Reference: https://www.virustotal.com/gui/file/6081b51cb35b877e585e65440539df92d4e8516d7ae087cb18b7a7ce87707185/detection
# Reference: https://www.virustotal.com/gui/file/5864b9c1714f615fa1fa40f60b9e14cfb534ec217e9e4a013fa5959217adabe8/detection
# Reference: https://www.virustotal.com/gui/file/49b342bc51fce077b6079d1473f88d69c6351ad2fdcee09abc47daee8f8fb368/detection
# Reference: https://www.virustotal.com/gui/file/1f8acba1d796a9ebaed193ece097f9e82c09f596ab79bd66362c5cda736df3d1/detection

yalubluseks.eu

# Reference: https://x.com/vxremalware/status/1838798677269262829

http://62.204.41.159

# Reference: https://x.com/karol_paciorek/status/1838878695269728455
# Reference: https://x.com/crep1x/status/1838887615107309852
# Reference: https://x.com/crep1x/status/1838884440543465937
# Reference: https://www.virustotal.com/gui/file/33d0af046a659cfa452a516d4e01d8bcf2528fb6a9cdc613f39862ad29352b4b/detection
# Reference: https://www.virustotal.com/gui/file/2260a3c1382cb6af852ec6135418ece6ceb004b9e214c2efa4ad4d8fbcbaf974/detection

http://95.182.97.58
77.221.157.170:3004
cdm-join.us
com-join.us
googie.com-join.us
googiedrivers.com
google.us-join.com
meet.googie.com-join.us
meet.google.us-join.com
us-join.com
us10web-zoom.us
us18web-zoom.us
us30web-zoom.us
us45web-zoom.us
us60web-zoom.us
us70web-zoom.us
us77web-zoom.us
us80web-zoom.us
us85web-zoom.us
us95web-zoom.us

# Reference: https://cert-agid.gov.it/wp-content/uploads/2024/09/vidar_pec_26-09-2024.json

116.202.1.77:443
5.75.211.162:443
bha736beb9vnaj46ubv09j1l382oejyefmosr9rthohnt.skyblueten.com
ewiojfohvuysu.top
jhfdkihdcinfhdn.top
opzovbjzueg.top
/t8y1zm36kbhtr.php

# Reference: https://x.com/ViriBack/status/1839831425714966845
# Reference: https://x.com/JAMESWT_MHT/status/1839919053541880185

baruopas.com
mazurax.com
sumonare.com

# Reference: https://x.com/JAMESWT_MHT/status/1841069772844220640
# Reference: https://www.virustotal.com/gui/ip-address/168.100.9.155/relations
# Reference: https://www.virustotal.com/gui/file/29f9b490b0dd1e5b8ce8d2117385904e30255dcd2c1ffd3dd9bca0ec3dea0de0/detection

aihaknlhdbgmcnb.top
gizpvovur.top
pbuxzueuj4zz.top
/jp7gwb1yq2htr.php
/pmo0nd1z6hhtr.php

# Reference: https://x.com/g0njxa/status/1841354134198378870
# Reference: https://app.any.run/tasks/ecf18c58-804a-4a7e-8e34-8445dd6eaa66

http://147.45.47.86
flauidriver.com

# Reference: https://www.virustotal.com/gui/file/6427b28b5735de15e796c60b0ae019328e948b62ed1448dc3ef71768e95e3cfd/detection

http://116.203.15.73

# Generic

/dlmtk.php
/hsdf7w34rhdjsf.php
/smbfhrgc
/smbfupkuhrgc1
/lilipopdamnnn.zip
/nnnzbsjalqjx.zip
/peppppzxc.zip
/prentaloksxjf.zip
/someoneadasylf.zip
/vidar2406.exe
/vidar2606.exe
/vidar2806.exe
