# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: BumbleBee, Hisoka, Snugy, TriFive, huntxspy

# Reference: https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
# Reference: https://github.com/pan-unit42/iocs/blob/master/xHunt/xHunt_IOCs.csv
# Reference: https://www.virustotal.com/gui/file/892d5e8e763073648dfebcfd4c89526989d909d6189826a974f17e2311de8bc4/detection

google-update.com
learn-service.com
microsofte-update.com
woxmma.microsofte-update.com

# Reference: https://unit42.paloaltonetworks.com/more-xhunt-new-powershell-backdoor-blocked-through-dns-tunnel-detection/
# Reference: https://twitter.com/Voulnet/status/1014951078364876801
# Reference: https://otx.alienvault.com/pulse/5da0d8dc27a2ad4cc8864283

firewallsupports.com
windows64x.com
winx64-microsoft.com
windows-updates.com

# Reference: https://unit42.paloaltonetworks.com/xhunt-campaign-backdoors/
# Reference: https://otx.alienvault.com/pulse/5fa97823e94863569cf1fdbe

sharepoint-web.com

# Reference: https://unit42.paloaltonetworks.com/xhunt-campaign-backdoors/
# Reference: https://otx.alienvault.com/pulse/5fa97823e94863569cf1fdbe

deman1.icu
hotsoft.icu
lidarcc.icu
uplearn.top

# Reference: https://unit42.paloaltonetworks.com/bumblebee-webshell-xhunt-campaign/
# Reference: https://otx.alienvault.com/pulse/5ffcbc5b19a30849ecd2ab78

142.11.211.79:8080
142.11.211.79:8081
192.119.110.194:8083
91.92.109.59:1234
91.92.109.59:1255
91.92.109.59:1288
91.92.109.59:1289
backendloop.online
bestmg.info
windowsmicrosofte.online

# Reference: https://www.cynet.com/orion-threat-alert-flight-of-the-bumblebee/
# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-04-05-IOCs-for-Bumblebee-and-Cobalt-Strike.txt

192.236.198.63:443
23.82.19.208:443
45.147.229.177:433

# Reference: https://twitter.com/r0ny_123/status/1515939792034230272

108.62.12.12:443

# Reference: https://twitter.com/Max_Mal_/status/1516352309311246339

199.80.55.44:443
209.141.59.96:433
23.106.160.120:433

# Reference: https://twitter.com/k3dg3/status/1516819204200091655
# Reference: https://tria.ge/220420-t3m7dsechn/behavioral2

184.29.205.132:443

# Reference: https://twitter.com/phage_nz/status/1519207039968313344

104.168.236.99:443
172.241.29.169:443
23.82.141.184:443
messerota.com

# Reference: https://twitter.com/Max_Mal_/status/1519323650062753792

108.62.118.56:443
185.33.87.53:443
28.11.143.222:443
49.12.241.35:443
71.1.188.122:443
89.222.221.14:443

# Reference: https://tria.ge/220428-tx94zafbc7

209.141.59.96:443
23.106.160.120:443

# Reference: https://twitter.com/Max_Mal_/status/1521449204106862592

138.201.190.52:443
23.83.134.136:443

# Reference: https://twitter.com/1ZRR4H/status/1521822196150067201
# Reference: https://github.com/CronUp/Malware-IOCs/blob/main/2022-05-03_Bumblebee

103.175.16.45:443
103.175.16.46:443
103.175.16.49:443
108.62.118.236:443
108.62.118.56:443
108.62.118.61:443
108.62.118.62:443
108.62.118.64:443
138.201.190.52:443
23.106.160.120:443
23.106.160.39:443
23.106.160.40:443
23.81.246.187:443
23.83.134.110:443
23.83.134.133:443
23.83.134.136:443
45.147.229.177:443
45.147.229.23:443
49.12.241.35:443

# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-05-03-IOCs-for-Contact-Forms-Bumblebee-and-Cobalt-Strike.txt

45.153.243.93:443

# Reference: https://twitter.com/k3dg3/status/1521899597462966273
# Reference: https://twitter.com/pr0xylife/status/1521901280771416066

figesoyuzo.com
/usda29ksagh12/

# Reference: https://twitter.com/James_inthe_box/status/1521956984941019139

108.62.12.203:443
23.82.128.149:443

# Reference: https://twitter.com/petrovic082/status/1522951977445081089
# Reference: https://www.virustotal.com/gui/file/e90c7d64377f397f556feaf056d0319c8338311d44e320541207a362b683196a/detection

45.140.146.244:443

# Reference: https://twitter.com/1ZRR4H/status/1530746956619857920
# Reference: https://twitter.com/pr0xylife/status/1530842662072467456
# Reference: https://twitter.com/pr0xylife/status/1530842864187494403
# Reference: https://isc.sans.edu/diary/rss/28636
# Reference: https://otx.alienvault.com/pulse/627bcbb336db3754603b5c38
# Reference: https://www.virustotal.com/gui/file/02dce7f57e4933edf84cbe525d8115defd5ecafd5b2b203be6a2ec7aa0099bc7/detection

banytul.com
barkunode.com
baronrtal.com
birobixt.com
bunadist.com
curanao.com
glicefud.com
goranism.com
kurabas.com
marebust.com
maudaris.com
olodaris.com
omnimature.com
parashane.com
vorkinal.com

# Reference: https://twitter.com/malware_traffic/status/1524564009034334210
# Reference: https://www.virustotal.com/gui/file/d08c8c165c0ca480ef40df7b9f7107524dbcc51e5e49fe013cbc16d91f18cef1/detection

154.56.0.218:443
serverjarvis.sytes.net

# Reference: https://tria.ge/220509-ygys8agghn

146.70.106.92:443
23.227.198.195:443
23.227.203.120:443
51.83.253.244:443

# Reference: https://twitter.com/ESETresearch/status/1524971448892366880
# Reference: https://twitter.com/ESETresearch/status/1524971459248066560

194.33.40.181:443
23.88.117.246:443
91.213.8.18:443

# Reference: https://isc.sans.edu/diary/28664
# Reference: https://otx.alienvault.com/pulse/62864c5e786571c438628fd6

194.135.33.144:443
southerncompanygas.co
wolsleyindustrialgroup.co
wolsleyindustrialgroup.com

# Reference: https://tria.ge/220519-sh1rbagge9

192.236.198.116:443
79.110.52.53:443

# Reference: https://twitter.com/pr0xylife/status/1527356211053547529

103.175.16.117:443
154.56.0.221:443
64.44.101.250:443

# Reference: https://tria.ge/220520-mxt97aaef5

176.107.177.124:443
192.236.160.254:443
192.236.192.85:443

# Reference: https://twitter.com/pr0xylife/status/1528787494711578625

192.236.194.136:443
193.239.84.247:443
63.141.248.253:443

# Reference: https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_25.05.2022.txt

192.119.64.21:443
64.44.102.6:443
79.110.52.56:443

# Reference: https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_26.05.2022.txt

103.175.16.121:443
64.44.135.250:443
68.233.238.105:443

# Reference: https://twitter.com/k3dg3/status/1529868442391674881
# Reference: https://tria.ge/220526-t3xe3ahack

23.254.229.131:443
51.75.62.99:443
79.110.52.71:443

# Reference: https://tria.ge/220528-fh5n2sdfhm
# Reference: https://tria.ge/220527-w8yanagch4

101.88.16.100:443
107.90.225.1:443
108.16.90.159:443
108.174.195.253:443
121.15.221.97:443
121.175.62.199:443
146.70.78.21:443
154.0.119.28:443
154.56.0.228:443
170.32.109.77:443
18.127.96.221:443
185.156.172.8:443
185.62.56.12:443
19.71.13.153:443
21.175.22.99:443
22.175.0.90:443
38.12.57.131:443
49.12.153.53:443
51.68.146.200:443
73.214.29.52:443
77.121.49.161:443
78.112.52.91:443
8.12.181.20:443
84.119.1.64:443

# Reference: https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_09.06.2022.txt

103.175.16.107:443
103.175.16.108:443
103.175.16.122:443
145.239.135.155:443
146.19.173.139:443
146.19.253.49:443
146.70.104.250:443
146.70.125.82:443
149.255.35.134:443
154.56.0.241:443
185.156.172.123:443
185.62.58.133:443
185.62.58.169:443
192.236.161.191:443
192.236.249.68:443
193.233.203.156:443
193.239.84.254:443
194.135.33.148:443
194.135.33.149:443
212.114.52.46:443
23.254.201.97:443
37.120.198.248:443
45.147.229.101:443
45.147.229.50:443
46.21.153.145:443
54.38.136.187:443

# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-06-09-IOCs-from-TA578-Bumblebee-with-Cobalt-Strike.txt

145.239.30.26:443

# Reference: https://twitter.com/ankit_anubhav/status/1536773306358976512
# Reference: https://tria.ge/220614-wfjlssgcgq/behavioral1

103.175.16.108:443
104.168.219.94:443
107.44.53.47:330
111.99.39.11:387
115.109.212.139:461
123.67.113.210:483
133.57.116.243:424
135.253.243.175:300
142.182.181.207:450
145.239.135.155:443
146.70.125.82:443
15.209.19.148:466
154.56.0.252:443
157.17.142.85:406
158.35.83.74:332
160.70.24.228:486
167.28.27.185:467
171.78.101.85:258
172.244.110.160:367
185.62.58.133:443
188.104.94.69:348
188.57.4.52:357
188.6.218.149:317
193.233.203.156:443
194.135.33.148:443
21.29.238.98:209
216.254.58.191:443
22.83.186.45:201
221.106.84.123:307
223.243.46.133:147
235.126.132.170:106
244.6.154.71:111
246.20.199.100:175
33.145.184.132:240
34.229.154.31:235
39.57.152.217:440
45.153.241.187:443
47.58.200.234:159
48.165.175.199:316
48.209.106.172:357
57.240.143.90:256
67.136.243.43:323
68.227.158.172:411
69.161.201.181:382
78.89.31.86:229
80.156.1.202:305
80.26.101.48:372
80.9.246.19:338
90.81.8.16:370

# Reference: https://tria.ge/220614-w277aagfcl/behavioral1

103.175.16.106:443
104.124.14.244:197
105.137.48.127:156
112.143.55.233:256
115.200.5.214:467
117.75.94.181:456
12.236.242.155:211
122.247.231.47:117
128.44.54.202:493
13.218.205.215:309
134.247.186.104:233
145.239.28.110:443
146.19.173.186:443
148.70.67.206:267
170.24.243.46:441
171.227.174.67:108
172.117.69.12:366
177.96.182.180:213
182.10.38.85:198
185.62.57.27:443
187.247.16.193:308
192.107.100.31:298
192.205.3.12:235
193.233.203.243:443
2.211.111.213:125
20.150.149.28:415
201.249.37.165:420
204.1.81.223:110
207.90.225.187:369
211.22.161.225:196
24.57.185.167:317
243.91.103.106:246
243.92.11.201:387
247.23.37.74:155
29.64.0.111:122
4.165.175.212:387
40.72.17.141:326
45.142.214.167:443
45.147.231.202:443
45.84.0.13:443
51.68.145.54:443
57.132.248.83:391
66.160.230.114:370
67.194.32.32:367
69.235.89.243:366
76.96.116.176:190
77.49.189.77:103
78.202.137.116:271
89.52.115.119:444

# Reference: https://pastebin.com/bST3CZAx

1.32.39.22:459
100.93.33.185:487
102.109.16.255:445
103.175.16.106:443
103.175.16.107:443
103.175.16.108:443
103.175.16.117:443
103.175.16.121:443
103.175.16.122:443
103.175.16.59:443
104.124.14.244:197
104.135.8.250:417
104.168.156.224:443
104.168.219.94:443
105.137.48.127:156
107.44.53.47:330
108.28.254.44:399
109.108.10.35:386
111.99.39.11:387
112.110.146.153:349
112.143.55.233:256
112.81.173.199:399
114.9.152.233:402
115.103.22.1:153
115.109.212.139:461
115.16.153.155:459
115.200.5.214:467
115.239.67.202:380
117.50.181.41:373
117.75.94.181:456
119.177.224.146:124
12.236.242.155:211
120.237.172.163:343
122.247.231.47:117
123.67.113.210:483
124.243.81.221:274
126.68.7.249:422
127.87.0.227:339
128.44.54.202:493
13.218.205.215:309
132.44.27.212:299
133.133.249.24:204
133.57.116.243:424
134.247.186.104:233
135.142.208.39:298
135.253.243.175:300
135.36.13.40:427
137.253.55.69:235
138.65.77.29:391
140.208.107.161:360
141.98.168.70:443
142.11.216.143:443
142.182.181.207:450
143.117.20.123:425
144.52.138.51:193
145.239.135.155:443
145.239.28.110:443
145.239.30.26:443
146.19.173.105:443
146.19.173.116:443
146.19.173.139:443
146.19.173.186:443
146.19.173.195:443
146.19.173.202:443
146.19.173.224:443
146.19.253.15:443
146.19.253.49:443
146.19.253.6:443
146.70.104.250:443
146.70.124.77:443
146.70.125.122:443
146.70.125.82:443
146.70.86.254:443
148.70.67.206:267
149.255.35.134:443
149.255.35.183:443
149.57.112.159:122
15.209.19.148:466
154.56.0.100:443
154.56.0.102:443
154.56.0.199:443
154.56.0.219:443
154.56.0.221:443
154.56.0.231:443
154.56.0.240:443
154.56.0.241:443
154.56.0.242:443
154.56.0.252:443
155.113.182.180:324
157.17.142.85:406
158.35.83.74:332
158.69.98.105:443
160.20.147.191:443
160.70.24.228:486
162.144.249.150:239
165.158.204.41:469
167.235.245.35:443
167.28.27.185:467
168.20.103.16:132
170.107.238.10:276
170.24.243.46:441
171.227.174.67:108
171.78.101.85:258
172.117.69.12:366
172.244.110.160:367
174.150.214.40:426
174.58.225.25:420
176.107.177.124:443
177.231.94.146:410
177.96.182.180:213
178.255.155.53:108
18.215.29.142:436
18.8.71.243:176
180.184.129.160:223
180.23.251.29:230
182.10.38.85:198
182.62.4.186:282
183.37.64.159:220
185.156.172.123:443
185.250.148.136:443
185.62.56.186:443
185.62.56.201:443
185.62.56.202:443
185.62.57.162:443
185.62.57.182:443
185.62.57.27:443
185.62.58.133:443
185.62.58.169:443
185.62.58.209:443
185.62.58.222:443
185.62.58.238:443
185.94.100.232:189
187.247.16.193:308
188.104.94.69:348
188.57.4.52:357
188.6.218.149:317
190.123.237.229:261
192.107.100.31:298
192.119.64.21:443
192.205.3.12:235
192.21.12.118:231
192.236.160.254:443
192.236.161.191:443
192.236.192.85:443
192.236.194.136:443
192.236.249.68:443
193.233.203.156:443
193.233.203.243:443
193.239.84.247:443
193.239.84.254:443
193.43.251.231:312
194.135.33.148:443
194.135.33.149:443
194.135.33.16:443
194.37.97.135:443
198.98.57.91:443
198.98.62.156:443
2.190.89.140:236
2.211.111.213:125
2.97.24.126:148
20.150.149.28:415
201.249.37.165:420
203.138.139.122:404
204.1.81.223:110
207.90.225.187:369
208.151.241.134:362
208.231.162.191:266
208.84.180.22:146
209.141.52.25:443
21.29.238.98:209
210.163.58.211:385
210.251.188.194:228
211.22.161.225:196
212.114.52.46:443
212.234.34.219:148
213.115.131.233:186
213.203.201.199:307
213.26.162.157:477
216.254.58.191:443
218.199.149.25:415
22.83.186.45:201
221.106.84.123:307
221.218.33.190:154
221.238.146.116:272
222.62.166.76:206
223.243.46.133:147
224.255.62.16:414
224.49.28.61:214
228.127.34.30:316
228.78.147.191:253
229.139.73.188:287
23.227.202.179:443
23.254.201.97:443
23.254.227.144:443
23.254.227.53:443
23.254.229.131:443
231.169.5.102:403
233.82.38.10:391
235.126.132.170:106
238.42.54.122:171
239.100.121.57:329
24.57.185.167:317
241.112.226.151:197
241.41.90.117:181
241.54.78.154:269
242.165.212.79:339
242.30.221.68:198
243.91.103.106:246
243.92.11.201:387
244.234.60.83:386
244.6.154.71:111
246.20.199.100:175
247.23.37.74:155
249.222.51.70:286
249.241.29.24:181
251.143.69.150:395
251.210.76.59:335
253.174.222.210:447
255.11.235.99:426
26.6.83.53:219
28.78.74.145:427
29.64.0.111:122
3.172.226.46:189
30.65.48.152:239
31.215.170.180:431
32.181.245.23:191
33.145.184.132:240
34.229.154.31:235
35.17.203.69:268
37.120.198.248:443
37.64.220.2:332
37.72.174.23:443
39.57.152.217:440
4.165.175.212:387
40.72.17.141:326
45.138.172.22:443
45.142.214.167:443
45.147.229.101:443
45.147.229.50:443
45.147.231.202:443
45.153.241.187:443
45.153.241.234:443
45.3.236.177:312
45.84.0.13:443
46.21.153.145:443
47.58.200.234:159
48.165.175.199:316
48.209.106.172:357
49.57.156.149:228
51.210.158.156:443
51.68.144.94:443
51.68.145.54:443
51.75.62.15:443
51.75.62.99:443
51.83.250.240:443
53.96.32.99:333
54.37.130.77:443
54.38.136.187:443
54.38.139.20:443
55.14.133.44:292
57.132.248.83:391
57.156.134.113:446
57.240.143.90:256
58.10.55.201:382
60.27.170.3:463
63.122.120.151:268
63.141.248.253:443
64.250.120.4:406
64.44.101.250:443
64.44.102.6:443
64.44.135.230:443
64.44.135.250:443
65.254.82.66:498
65.95.20.151:232
66.160.230.114:370
66.23.70.38:168
67.136.243.43:323
67.194.32.32:367
68.227.158.172:411
68.233.238.105:443
69.161.201.181:382
69.235.89.243:366
70.77.209.88:224
76.96.116.176:190
77.49.189.77:103
78.174.92.106:151
78.202.137.116:271
78.244.227.62:462
78.79.38.95:496
78.89.31.86:229
78.90.18.29:383
79.110.52.104:443
79.110.52.236:443
79.110.52.56:443
79.110.52.71:443
79.133.212.60:211
79.198.114.179:442
80.156.1.202:305
80.241.131.170:311
80.26.101.48:372
80.9.246.19:338
83.142.26.147:465
83.47.40.251:306
89.52.115.119:444
9.240.112.25:411
90.81.8.16:370
91.167.137.83:421
92.204.160.92:443
95.29.177.99:462
98.84.87.52:353

# Reference: https://tria.ge/220625-h96rjabbdr

101.8.100.194:131
103.175.16.47:443
103.200.32.188:492
106.120.29.13:489
13.2.200.200:338
133.209.39.126:217
138.114.199.166:316
146.19.173.202:443
146.19.173.207:443
152.38.148.148:494
168.120.139.16:273
172.110.248.55:203
173.77.219.120:201
186.150.217.235:221
187.210.45.242:299
192.119.77.241:443
193.239.152.108:242
204.181.129.183:248
204.233.101.71:459
206.103.180.253:205
207.6.99.3:471
211.131.243.77:112
215.48.4.118:123
224.239.200.236:443
228.194.82.251:473
239.11.133.48:421
24.121.25.160:346
246.232.135.28:477
246.47.222.240:216
247.224.208.140:372
25.170.215.18:456
28.53.120.108:270
49.179.166.100:235
50.167.186.112:239
50.41.225.93:478
54.38.136.111:443
69.120.31.126:408
74.135.94.210:347
74.57.128.223:112
82.20.113.198:446
86.91.101.57:221
89.172.3.185:315
97.194.155.116:446
98.28.11.39:201

# Reference: https://www.cybereason.com/blog/threat-analysis-report-bumblebee-loader-the-high-road-to-enterprise-domain-control
# Reference: https://otx.alienvault.com/pulse/6306320477c9993c7fc3a2c0

185.62.56.129:443

# Reference: https://www.malware-traffic-analysis.net/2022/08/30/index.html

142.11.234.238:443

# Reference: https://twitter.com/BroadAnalysis/status/1567586542276775938

103.144.139.135:443

# Reference: https://twitter.com/pr0xylife/status/1571899501455048704
# Reference: https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_19.09.2022.txt

108.177.235.29:443
23.106.160.117:443
23.106.215.133:443
meeronixt.com

# Reference: https://twitter.com/k3dg3/status/1575173131198558208

/ASUYfdhjsQx/

# Reference: https://research.checkpoint.com/2022/bumblebee-increasing-its-capacity-and-evolving-its-ttps/

104.168.201.219:443
142.11.234.230:443
152.89.247.79:443
185.17.40.189:443
185.62.58.175:443
205.185.122.143:443
205.185.123.137:443
209.141.46.50:443
209.141.58.141:443
51.68.146.186:443
51.68.147.233:443
51.83.251.245:443
51.83.253.131:443
54.37.130.166:443
54.37.131.14:443
54.38.138.94:443

# Reference: https://twitter.com/BroadAnalysis/status/1577816261823795200

51.83.250.102:443

# Reference: https://twitter.com/ESETresearch/status/1577963080096555008
# Reference: https://twitter.com/ESETresearch/status/1577963091295453184

103.144.139.158:443
145.239.28.55:443
146.70.147.39:443
146.70.149.48:443
192.119.74.28:443
45.141.58.37:443
54.38.138.5:443

# Reference: https://twitter.com/pr0xylife/status/1583595706148741120

146.59.116.146:443
172.93.193.220:443
23.106.160.112:443
ralepijo.com
/grasbly.dll

# Reference: https://www.microsoft.com/en-us/security/blog/2022/10/27/raspberry-robin-worm-part-of-larger-ecosystem-facilitating-pre-ransomware-activity/
# Reference: https://otx.alienvault.com/pulse/635bcc619768c0b6cb3e9677

guteyutur.com
dsfdsfgb.azureedge.net

# Reference: https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_27.06.2022.txt

103.25.51.23:388
12.75.186.131:263
122.50.173.112:157
124.79.186.17:245
135.36.57.27:157
135.79.221.116:303
14.155.143.74:191
141.69.161.34:281
145.250.252.150:418
146.19.253.56:443
149.197.87.217:409
150.37.37.18:112
151.233.218.244:192
154.171.215.86:169
155.180.101.133:318
156.151.142.100:123
156.165.161.82:298
159.117.143.69:265
168.113.169.88:428
175.90.216.232:197
179.4.178.202:339
19.32.56.182:487
192.119.77.100:443
194.120.202.95:468
194.129.76.203:490
199.61.79.119:346
21.21.141.32:133
212.107.138.109:287
218.122.217.28:234
224.110.0.53:105
227.12.148.222:270
227.233.79.54:327
234.248.206.141:176
24.4.68.32:418
241.0.19.171:313
245.245.176.160:137
253.13.70.127:340
254.230.180.37:486
28.107.38.196:269
29.122.243.158:226
31.228.253.114:427
33.93.97.183:112
35.120.155.220:262
41.28.188.77:212
51.199.209.83:290
64.157.160.42:207
68.121.248.35:464
68.14.88.177:143
76.81.225.65:337
78.24.136.181:493
78.74.20.180:433

# Reference: https://www.cynet.com/blog/orion-threat-alert-flight-of-the-bumblebee/

192.236.198.63:433

# Reference: https://twitter.com/tosscoinwitcher/status/1590084982193913857
# Reference: https://tria.ge/221108-zhe8yahgbp/behavioral1

146.19.253.28:443
146.70.149.38:443
176.223.165.108:443

# Reference: https://www.malware-traffic-analysis.net/2022/11/07/index.html

http://134.209.118.141
http://87.251.67.176
103.144.139.156:443
144.173.110.28:115
155.182.198.198:402
183.125.56.150:459
188.172.189.108:163
193.211.15.111:229
208.226.164.254:152
212.48.233.55:446
220.193.225.180:148
39.65.8.170:443
4.167.227.222:325
56.50.75.119:423
73.13.11.238:338
86.184.196.254:214
95.254.227.139:451

# Reference: https://twitter.com/malwrhunterteam/status/1592249538802511873
# Reference: https://www.virustotal.com/gui/file/48d585ca3a477ef7e8f0983735903335d9a5327f5fc434c222b6f551f7c0dc68/detection

1.3.49.41:116
126.214.148.137:194
132.236.194.230:315
133.135.205.124:197
157.195.106.206:250
191.208.255.91:175
215.55.4.215:483
25.166.31.10:427
33.15.138.183:236
33.187.124.30:114
64.44.135.140:443
78.86.12.112:410
cruds-club.com

# Reference: https://twitter.com/malware_traffic/status/1592268760924450816
# Reference: https://tria.ge/221114-vt7p4sha5y/behavioral5

107.189.13.247:443
54.37.130.24:443
64.44.102.241:443

# Reference: https://twitter.com/Unit42_Intel/status/1593636233212739584

193.200.16.175:443

# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-12-07-IOCs-for-Bumblebee-infection-with-Cobalt-Strike.txt

139.177.146.137:443
81.77.212.213:118
88.52.50.98:452

# Reference: https://tria.ge/230208-x8dfxseb8w

103.175.16.104:443
172.86.120.111:443
205.185.113.34:443
23.254.167.63:443

# Reference: https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_21.02.2023.txt

104.168.140.145:443
108.62.118.170:443
108.62.141.20:443
192.119.72.133:443
23.108.57.201:443
51.68.145.171:443

# Reference: https://twitter.com/Artilllerie/status/1628349460966215682
# Reference: https://0paste.com/443087.txt

103.175.16.13:443
104.168.157.253:443
146.19.173.86:443
157.254.194.117:443
160.20.147.242:443
173.234.155.246:443
185.17.40.138:443
185.173.34.35:443
192.111.146.178:443
194.135.33.184:443
195.20.17.75:443
23.82.140.155:443
51.68.144.43:443
51.75.62.204:443
86.106.131.105:443
91.206.178.234:443

# Reference: https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/bumblebee-docusign-campaign

107.189.5.17:443
114.70.235.72:357
122.125.104.16:475
138.133.49.46:211
140.157.121.40:433
141.161.143.136:272
146.29.236.141:457
150.18.156.130:256
174.72.94.173:309
177.232.32.155:257
179.55.218.145:322
181.87.160.175:479
194.135.33.85:443
196.224.200.10:482
207.12.58.212:419
209.141.40.19:443
210.38.79.54:319
214.77.93.215:263
216.73.114.69:379
24.64.127.190:229
241.163.228.200:362
246.6.106.79:340
254.65.104.229:127
255.115.3.251:370
32.234.39.72:191
38.174.252.233:131
44.184.236.94:128
58.249.161.153:350
6.66.255.6:433
60.231.88.20:422
72.204.201.249:374
73.73.80.51:127
93.216.14.249:213

# Reference: https://twitter.com/Max_Mal_/status/1636365861681496068

12.100.159.196:261
138.5.60.195:103
152.151.165.105:252
175.103.114.28:154
210.154.128.203:164
41.82.217.82:340
43.231.64.55:493
45.61.187.225:433

# Reference: https://tria.ge/230318-bzrfjacg81/behavioral1

103.175.16.15:443
107.189.12.129:443
157.254.194.119:443
192.111.146.184:443
192.254.79.101:443
195.133.192.10:443
209.141.53.174:443
23.254.225.130:443
37.28.155.36:443
51.83.248.92:443

# Reference: https://twitter.com/0xToxin/status/1649131620383825923

103.175.16.150:443
146.70.155.82:443
149.3.170.179:443

# Reference: https://twitter.com/k3dg3/status/1659619906919251979
# Reference: https://tria.ge/230519-wbzgfsfa73/behavioral1

103.175.16.151:443
192.198.82.59:443
194.135.33.160:443
32.54.188.44:443
92.119.178.40:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.bumblebee/

http://103.175.16.13
100.166.114.2:231
100.221.98.138:443
100.62.116.119:471
102.189.132.75:411
103.144.139.137:443
103.144.139.139:443
103.144.139.145:443
103.144.139.146:443
103.144.139.150:443
103.144.139.154:443
103.144.139.159:443
103.144.139.164:443
103.144.139.166:443
103.175.16.105:443
103.175.16.10:443
103.175.16.119:443
103.175.16.133:443
103.175.16.149:443
103.175.16.208:443
103.175.16.25:443
103.175.16.58:443
103.175.16.60:443
104.109.81.90:359
104.168.136.137:443
104.168.144.212:443
104.168.151.120:443
104.168.162.242:443
104.168.171.159:443
104.168.171.189:443
104.168.171.97:443
104.168.172.195:443
104.168.174.148:443
104.168.175.78:443
104.168.175.81:443
104.168.200.192:443
104.168.202.54:443
104.168.203.190:443
104.168.204.115:443
104.168.218.224:443
104.168.218.74:443
104.168.243.123:443
104.168.243.178:443
104.168.243.204:443
104.168.244.96:443
104.219.233.101:443
104.219.233.107:443
104.219.233.113:443
104.219.233.120:443
104.219.233.125:443
104.219.233.127:443
104.219.233.129:443
104.219.233.130:443
104.219.233.133:443
104.219.233.145:443
104.219.233.30:443
104.219.233.38:443
104.219.233.41:443
104.219.233.42:443
104.244.72.215:443
104.244.75.253:443
104.244.77.61:443
104.37.20.148:152
104.86.43.102:455
105.111.222.244:485
105.45.26.251:205
106.30.10.152:200
107.189.1.123:443
107.189.1.156:443
107.189.1.219:443
107.189.13.201:443
107.189.14.8:443
107.189.30.231:443
107.189.5.45:443
107.189.6.147:443
107.189.8.58:443
107.204.201.53:264
107.219.151.119:244
108.174.194.151:443
108.25.105.234:166
108.62.118.108:443
108.62.118.177:443
108.62.118.219:443
108.62.118.235:443
108.62.118.53:443
108.62.118.59:443
108.62.118.70:443
108.62.118.81:443
108.62.12.19:443
108.62.12.202:443
108.62.141.221:443
108.62.141.38:443
108.62.141.52:443
108.62.141.98:443
109.140.220.255:121
109.251.149.213:421
112.242.91.221:407
113.4.33.142:138
113.56.104.34:443
113.98.120.85:440
116.151.146.123:341
116.204.18.170:113
116.205.234.96:247
116.241.116.41:410
117.17.41.72:459
117.172.191.115:471
118.64.27.23:475
118.89.112.82:338
119.50.18.190:134
12.194.222.34:380
120.181.249.142:177
121.164.36.213:396
121.37.185.77:358
124.131.180.3:215
124.76.30.34:476
124.9.134.87:426
125.81.24.187:397
126.76.167.19:201
126.99.238.54:447
127.200.198.38:363
128.79.29.175:298
129.125.121.145:133
129.250.70.54:276
129.51.68.80:196
13.234.171.104:461
130.173.49.173:107
130.242.219.205:423
131.136.57.50:384
131.220.159.133:200
132.11.130.225:224
132.180.150.102:379
133.99.126.202:263
134.179.38.71:422
135.125.241.35:443
135.15.5.19:411
136.179.9.50:318
137.219.255.218:446
137.31.59.180:443
138.141.158.45:217
139.177.146.230:443
139.177.146.25:443
139.177.146.26:443
139.177.146.27:443
14.11.77.37:138
14.128.51.19:412
14.195.237.81:451
142.11.193.243:443
142.11.194.198:443
142.11.195.231:443
142.11.196.174:443
142.11.199.235:443
142.11.206.112:443
142.11.210.50:443
142.11.211.32:443
142.11.212.144:443
142.11.213.56:443
142.11.216.12:443
142.11.234.228:443
142.11.238.7:443
142.11.245.185:443
142.118.138.85:402
142.32.211.156:157
142.93.12.251:443
143.27.231.233:335
144.136.57.11:443
145.239.135.16:443
145.239.29.119:443
145.239.30.219:443
145.239.30.242:443
145.239.30.73:443
145.239.31.136:443
146.158.114.155:467
146.19.173.120:443
146.19.173.137:443
146.19.173.141:443
146.19.173.148:443
146.19.173.173:443
146.19.173.25:443
146.19.173.26:443
146.19.173.31:443
146.19.173.33:443
146.19.173.34:443
146.19.173.45:443
146.19.173.61:443
146.19.173.71:443
146.19.173.76:443
146.19.253.102:443
146.19.253.41:443
146.19.253.53:443
146.59.116.127:443
146.59.116.131:443
146.59.116.185:443
146.59.116.196:443
146.59.116.242:443
146.59.116.25:443
146.59.116.49:443
146.59.116.4:443
146.59.116.54:443
146.59.116.64:443
146.59.116.77:443
146.59.116.79:443
146.59.117.200:443
146.70.100.126:443
146.70.100.80:443
146.70.102.73:443
146.70.106.163:443
146.70.106.76:443
146.70.124.116:443
146.70.124.117:443
146.70.125.80:443
146.70.125.93:443
146.70.135.135:443
146.70.139.252:443
146.70.143.133:443
146.70.143.140:443
146.70.143.183:443
146.70.147.16:443
146.70.147.57:443
146.70.147.7:443
146.70.149.11:443
146.70.149.14:443
146.70.149.32:443
146.70.149.40:443
146.70.149.42:443
146.70.149.43:443
146.70.149.45:443
146.70.149.58:443
146.70.152.221:443
146.70.161.59:443
146.70.161.82:443
146.70.53.139:443
146.70.53.142:443
146.70.86.47:443
147.79.237.123:354
149.255.35.138:443
149.255.35.163:443
149.28.84.215:443
149.3.170.185:443
149.3.170.196:443
149.3.170.213:443
149.3.170.236:443
149.3.170.62:443
149.3.170.94:443
15.248.60.137:220
151.218.16.201:462
152.89.247.225:443
152.89.247.241:443
153.30.97.227:163
154.56.0.101:443
154.56.0.110:443
154.56.0.114:443
154.56.0.115:443
154.56.0.196:443
154.56.0.197:443
155.98.234.36:412
157.254.194.104:443
157.254.194.150:443
158.208.5.127:269
158.67.156.68:380
159.107.119.196:466
159.113.48.85:385
159.191.39.179:386
159.248.192.111:424
159.89.22.59:443
16.249.204.133:158
16.86.113.88:226
160.20.147.91:443
160.20.62.151:124
161.207.51.170:397
162.0.209.131:443
163.158.2.201:265
164.254.139.199:210
164.29.3.97:443
164.52.201.153:443
164.90.179.108:443
165.132.190.127:368
165.15.183.148:458
165.84.157.60:302
167.77.156.226:482
168.160.250.76:159
169.197.227.201:474
169.246.230.158:489
17.147.212.14:276
17.29.249.188:264
170.160.24.88:267
170.36.34.111:203
170.66.154.71:361
170.88.0.154:120
170.95.167.18:496
172.241.27.116:443
172.241.27.120:443
172.86.120.141:443
172.86.121.123:443
172.86.121.56:443
172.86.121.59:443
172.86.121.61:443
172.86.122.167:443
172.86.123.111:443
172.86.123.150:443
172.86.123.217:443
172.86.123.231:443
172.93.193.149:443
172.93.193.3:443
172.93.193.42:443
172.93.193.46:443
172.93.193.74:443
172.93.193.95:443
172.93.201.138:443
172.93.201.207:443
172.93.201.244:443
172.93.201.2:443
173.200.61.240:100
173.234.155.124:443
173.234.155.133:443
173.234.155.143:443
173.62.170.155:484
176.111.174.65:443
176.111.174.66:443
176.111.174.67:443
176.111.174.70:443
176.111.174.73:443
176.223.165.119:443
176.223.165.125:443
178.63.172.12:443
179.174.90.170:108
179.5.59.188:228
179.88.25.130:348
18.141.105.98:293
18.151.45.13:359
18.210.196.217:178
180.160.133.46:486
180.175.236.161:293
180.220.100.51:127
181.33.49.44:164
182.121.202.27:373
182.206.137.152:214
183.194.177.52:219
184.167.112.126:440
184.34.86.128:233
184.56.33.232:129
184.83.49.115:179
185.123.53.173:443
185.123.53.248:443
185.145.97.141:443
185.165.82.120:182
185.227.82.15:443
185.62.57.202:443
185.62.57.94:443
185.69.113.39:124
186.190.32.221:102
189.167.167.132:443
189.215.92.254:209
19.128.78.21:190
190.165.163.67:285
190.238.244.214:117
191.65.54.76:181
192.111.146.181:443
192.111.146.185:443
192.111.146.186:443
192.111.146.189:443
192.119.120.146:443
192.119.120.22:443
192.119.64.249:443
192.119.65.175:443
192.119.66.138:443
192.119.74.194:443
192.119.77.44:443
192.119.81.86:443
192.119.87.45:443
192.129.129.20:443
192.129.129.53:443
192.155.197.15:315
192.198.82.51:443
192.198.82.56:443
192.198.82.60:443
192.198.82.62:443
192.236.146.147:443
192.236.155.219:443
192.236.155.47:443
192.236.161.44:443
192.236.161.50:443
192.236.178.253:443
192.236.179.104:443
192.236.193.215:443
192.236.194.101:443
192.236.194.104:443
192.236.198.181:443
192.236.199.191:443
192.236.199.61:443
192.236.208.19:443
192.236.233.8:443
192.254.79.100:443
192.254.79.106:443
192.254.79.120:443
192.254.79.122:443
192.254.79.124:443
192.255.188.11:443
192.49.26.26:156
193.109.120.156:443
193.109.120.252:443
193.109.120.71:443
194.13.72.84:438
194.135.33.127:443
194.135.33.139:443
194.135.33.151:443
194.135.33.182:443
194.135.33.40:443
194.135.33.90:443
194.15.216.113:443
194.15.216.247:443
194.162.246.66:284
194.59.183.30:443
195.133.192.103:443
195.133.192.117:443
195.133.192.26:443
195.133.192.4:443
195.20.17.210:443
195.20.17.233:443
195.20.17.76:443
195.24.93.69:140
196.168.84.24:372
196.205.170.142:344
196.229.162.29:498
197.100.127.145:468
198.176.96.204:443
198.230.60.229:465
198.84.123.61:443
198.98.48.141:443
198.98.48.231:443
198.98.49.201:443
198.98.50.15:443
198.98.50.197:443
198.98.51.235:443
198.98.51.250:443
198.98.51.75:443
198.98.52.145:443
198.98.52.241:443
198.98.52.246:443
198.98.55.214:443
198.98.56.242:443
198.98.56.9:443
198.98.57.185:443
198.98.58.184:443
198.98.59.245:443
198.98.59.39:443
198.98.59.54:443
198.98.59.64:443
198.98.60.196:443
199.195.249.106:443
199.195.249.67:443
199.195.249.74:443
199.195.251.244:443
199.195.253.39:443
2.126.13.36:272
2.240.132.127:273
2.50.39.29:308
2.56.10.16:443
200.154.18.124:356
200.97.188.60:309
201.101.156.173:443
201.19.223.122:395
202.77.46.110:494
203.48.139.140:482
204.172.178.183:443
204.223.28.129:424
205.160.222.15:274
205.185.113.181:443
205.185.114.107:443
205.185.114.241:443
205.185.115.138:443
205.185.116.99:443
205.185.119.60:443
205.185.121.162:443
205.185.121.173:443
205.185.123.115:443
205.185.126.42:443
205.185.127.176:443
206.219.40.88:120
206.245.228.10:133
206.8.75.126:347
207.146.147.151:430
207.206.225.56:376
207.232.34.49:443
208.115.216.246:443
209.141.35.185:443
209.141.35.21:443
209.141.41.251:443
209.141.41.46:443
209.141.42.230:443
209.141.46.65:443
209.141.46.67:443
209.141.48.117:443
209.141.48.135:443
209.141.48.221:443
209.141.49.203:443
209.141.49.72:443
209.141.51.187:443
209.141.51.65:443
209.141.54.211:443
209.141.57.123:443
209.141.57.151:443
209.141.57.29:443
209.141.58.129:443
209.198.142.251:182
209.244.102.105:112
211.138.66.214:245
211.30.22.66:156
212.114.52.124:443
212.128.221.184:268
212.46.38.231:443
213.227.154.19:443
213.232.235.90:443
213.80.235.165:443
213.9.245.43:177
215.158.14.90:210
215.52.248.60:351
216.247.106.59:282
217.246.42.10:346
217.60.200.139:240
217.8.253.10:398
218.155.13.204:130
218.77.185.92:266
219.110.187.248:435
219.169.113.48:428
219.192.196.111:289
22.39.164.0:452
221.131.148.148:357
221.184.92.249:392
221.225.254.105:363
222.183.74.213:469
222.202.140.206:438
223.187.26.169:105
226.2.161.184:368
227.129.109.91:341
227.172.55.184:399
228.25.115.64:494
228.41.85.117:115
229.155.90.63:264
23.106.124.154:443
23.106.124.23:443
23.106.160.137:443
23.106.160.141:443
23.106.160.52:443
23.106.160.82:443
23.106.215.141:443
23.106.215.165:443
23.106.215.225:443
23.106.215.230:443
23.106.215.233:443
23.106.215.60:443
23.106.215.82:443
23.106.223.144:443
23.106.223.14:443
23.106.223.182:443
23.106.223.197:443
23.106.223.1:443
23.106.223.209:443
23.106.223.219:443
23.106.223.222:443
23.108.57.200:443
23.108.57.250:443
23.108.57.29:443
23.108.57.57:443
23.108.57.59:443
23.108.57.5:443
23.108.57.65:443
23.108.57.66:443
23.108.57.79:443
23.108.57.87:443
23.136.208.76:136
23.19.58.176:443
23.229.117.229:443
23.254.142.159:443
23.254.161.46:443
23.254.167.143:443
23.254.204.109:443
23.254.204.210:443
23.254.225.249:443
23.254.229.210:443
23.254.247.48:443
23.29.115.164:443
23.81.246.171:443
23.81.246.17:443
23.81.246.205:443
23.81.246.22:443
23.82.128.116:443
23.82.128.11:443
23.82.128.127:443
23.82.140.100:443
23.82.140.14:443
23.82.140.180:443
23.82.19.119:443
230.134.37.163:248
231.118.141.159:352
231.217.204.87:289
231.228.102.246:186
233.102.116.211:431
233.184.55.151:193
233.91.193.248:176
234.181.138.54:339
235.25.215.60:162
235.93.186.127:353
236.195.236.23:291
24.183.132.242:376
240.116.151.154:188
240.77.2.4:372
242.232.106.206:162
243.81.43.209:318
243.87.105.138:281
244.137.147.69:367
244.23.55.232:297
244.76.41.194:324
246.134.183.74:364
247.207.208.18:239
247.34.180.239:377
249.112.226.98:243
249.250.158.148:322
249.57.205.117:166
25.131.252.242:253
25.169.42.242:443
250.4.46.84:202
251.19.57.54:112
251.198.165.196:117
252.187.191.102:223
252.47.83.163:103
252.56.37.128:177
252.75.45.182:365
252.90.109.242:351
253.1.163.108:274
253.165.60.220:288
253.21.192.23:231
255.99.94.68:100
27.31.180.123:139
28.23.200.103:366
29.15.120.102:455
29.203.98.166:376
3.215.24.1:346
30.140.193.246:341
30.225.24.243:414
31.135.71.34:258
31.232.16.192:443
33.191.119.32:366
34.1.180.202:108
34.119.95.6:249
34.2.221.48:450
34.34.152.166:165
36.150.76.13:147
36.201.196.202:367
37.1.214.229:443
37.1.214.72:443
37.221.67.104:443
37.221.67.122:443
37.28.156.24:443
37.28.157.29:443
37.42.62.77:427
38.180.25.111:443
38.180.25.71:443
38.180.4.165:443
38.48.147.152:349
4.177.13.86:289
4.236.88.115:131
41.15.71.157:274
41.7.15.180:116
41.70.42.112:452
42.179.23.39:452
42.63.100.82:129
43.184.255.110:182
44.224.48.159:123
44.94.75.93:103
45.11.19.208:443
45.11.19.252:443
45.11.19.70:443
45.11.19.86:443
45.132.180.49:420
45.141.58.139:443
45.147.229.47:443
45.147.230.179:443
45.147.230.233:443
45.147.230.245:443
45.147.231.156:443
45.147.231.232:443
45.153.240.94:443
45.153.241.209:443
45.153.241.245:443
45.153.242.183:443
45.153.242.184:443
45.153.242.242:443
45.153.242.61:443
45.153.243.111:443
45.153.243.126:443
45.153.243.130:443
45.153.243.222:443
45.32.37.109:443
45.61.184.227:443
45.61.184.24:443
45.61.184.8:443
45.61.185.227:443
45.61.185.65:443
45.61.186.18:443
45.61.186.51:443
45.61.187.10:443
45.61.187.123:443
45.61.187.160:443
45.61.187.170:443
45.61.187.204:443
45.61.187.225:443
45.61.187.40:443
45.66.151.142:443
45.66.151.193:443
45.66.248.156:443
45.66.248.216:443
45.66.248.61:443
45.66.248.64:443
45.84.240.87:443
46.142.186.28:443
46.142.187.27:443
46.142.187.96:443
46.214.226.37:368
46.240.5.92:298
46.249.38.114:443
46.249.38.141:443
47.26.53.19:195
48.194.62.179:122
5.141.46.137:379
5.237.231.132:443
5.45.54.50:412
5.53.19.66:164
50.44.183.176:440
51.68.144.13:443
51.68.145.174:443
51.68.145.40:443
51.68.147.63:443
51.68.157.245:443
51.75.63.193:443
51.75.63.234:443
51.77.41.141:443
51.77.41.66:443
51.81.134.202:443
51.83.225.143:443
51.83.248.182:443
51.83.248.28:443
51.83.249.204:443
51.83.250.153:443
51.83.250.168:443
51.83.252.171:443
51.83.253.18:443
51.83.254.164:443
51.83.254.187:443
51.83.254.3:443
51.83.254.9:443
51.83.255.232:443
51.83.255.85:443
52.40.0.232:170
54.108.3.223:465
54.37.130.121:443
54.37.130.195:443
54.37.131.107:443
54.37.131.10:443
54.37.131.158:443
54.37.131.164:443
54.37.131.232:443
54.38.136.144:443
54.38.136.209:443
54.38.136.39:443
54.38.137.14:443
54.38.139.94:443
54.66.60.129:229
58.184.81.243:122
6.10.249.12:377
60.248.37.104:413
61.147.148.44:325
62.113.238.72:443
62.113.238.73:443
62.160.169.2:232
62.22.48.195:239
62.82.188.190:234
64.44.101.102:443
64.44.101.123:443
64.44.101.25:443
64.44.102.140:443
64.44.102.202:443
64.44.102.224:443
64.44.102.239:443
64.44.102.36:443
64.44.102.85:443
64.44.135.134:443
64.44.135.197:443
64.44.135.198:443
64.44.97.138:443
64.44.97.56:443
64.44.97.58:443
64.44.98.157:443
64.44.98.213:443
66.15.189.146:122
66.9.9.138:154
67.17.64.18:478
67.28.24.164:451
68.63.126.83:102
69.114.87.193:408
69.128.111.23:128
69.164.203.147:443
69.46.15.158:443
7.12.29.221:249
7.71.244.186:411
74.17.237.225:370
74.219.241.225:481
74.230.15.244:376
75.115.238.135:394
76.134.233.76:443
76.26.104.26:249
77.38.240.57:172
78.0.144.134:330
79.143.87.103:443
79.172.113.34:443
79.196.23.192:106
8.126.95.33:443
8.219.132.142:443
8.222.182.83:443
8.222.227.103:443
8.253.171.67:308
8.76.233.176:318
80.17.127.251:110
80.187.122.238:295
80.85.142.45:443
81.215.251.28:357
82.104.34.104:373
82.4.190.155:413
85.143.223.165:148
85.239.52.113:443
85.239.52.15:443
85.239.52.179:443
85.239.52.29:443
85.239.52.71:443
85.239.54.134:443
85.239.54.145:443
85.239.54.178:443
85.239.54.192:443
85.239.54.2:443
85.58.120.124:184
86.105.1.108:443
86.106.87.135:443
88.139.160.72:326
89.159.155.176:455
89.41.26.77:443
89.44.9.153:443
89.44.9.204:443
91.206.178.167:443
91.206.178.179:443
91.206.178.204:443
91.206.178.68:443
91.206.178.81:443
91.235.234.107:443
91.235.234.199:443
91.245.253.76:443
91.245.254.101:443
91.245.254.107:443
91.245.254.41:443
91.245.254.96:443
91.245.254.97:443
91.43.99.217:268
92.204.160.44:443
93.212.145.203:443
93.212.159.189:443
94.103.188.112:443
94.88.121.46:403
94.98.129.174:197
95.168.191.134:443
95.168.191.248:443
95.249.6.218:443
97.85.151.94:372
98.18.89.105:425
98.254.212.235:127
99.253.242.138:390
ambronixt.com
irs.reviews

# Reference: https://threatfox.abuse.ch/browse/malware/win.bumblebee/ (# 2023-09-08)

104.199.38.224:443
34.77.116.45:443
35.239.11.197:443
52.211.87.95:443
95.214.56.243:443
3v1n35i5kwx.life
cmid1s1zeiu.life
itszko2ot5u.life
newdnq1xnl9.life

# Reference: https://threatfox.abuse.ch/ioc/1149948/

103.82.37.213:443

# Reference: https://threatfox.abuse.ch/ioc/1150215/

85.167.242.61:443

# Reference: https://threatfox.abuse.ch/ioc/1150544/

165.227.8.47:443

# Reference: https://twitter.com/k3dg3/status/1697373194972217715
# Reference: https://tria.ge/230831-1vmzzsba29/behavioral1

134.156.166.37:332

# Reference: https://threatfox.abuse.ch/ioc/1163465/

62.4.17.47:443

# Reference: https://threatfox.abuse.ch/ioc/1163901/

164.52.223.235:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.bumblebee/ (# 2023-09-19)

164.52.216.101:443
164.52.223.170:443
170.187.142.12:443
185.226.116.226:443
216.48.184.52:443
43.155.161.152:443
95.177.215.71:443

# Reference: https://twitter.com/Intrinsec/status/1709609529070010447
# Reference: https://www.virustotal.com/gui/ip-address/128.140.53.189/relations
# Reference: https://www.virustotal.com/gui/file/4ca01b4a13ae7673bd0e92aa999efc59c1614bb496e2274e8d552ed2fc6cfe00/detection
# Reference: https://www.virustotal.com/gui/file/60f4f1cd1eed873c414fb56441a3d76efbb469ee1312b3b73c0534eec1e082d3/detection

g7qf7ew5c.life

# Reference: https://twitter.com/k3dg3/status/1711509566934974785

186.85.54.111:149

# Reference: https://threatfox.abuse.ch/ioc/1198165/

20.22.18.80:443

# Reference: https://threatfox.abuse.ch/ioc/1204316/

149.28.109.119:443

# Reference: https://twitter.com/Artilllerie/status/1729182856625496184
# Reference: https://bazaar.abuse.ch/sample/4203f929fe8fab1c990e027216ef732955cc4fbfe598e9dc02dbf61fefd2e579/
# Reference: https://www.virustotal.com/gui/ip-address/62.133.61.203/relations
# Reference: https://app.validin.com/axon?find=62.133.61.203&type=ip
# Reference: https://tria.ge/231125-1cf4qach83
# Reference: https://www.virustotal.com/gui/file/790e47348ed361bcb1b2d5e3f5ab7c95f3fb7b53b94b54ea0dffd93d8d0f6e0e/detection

livmesilovess.pro
llvemewhateh.pro
02uhomlq.life
0oz7923s.life
0req10rd.life
0rlxan4o.life
0xtmu3tz.life
10ciy2hb.life
11ou1grl.life
1p24echu.life
1p34o0do.life
1q04n1r6.life
1qa3k743.life
2z2dl1og.life
37zi55wc.life
3jhcm6ou.life
3k8iq1nb.life
3nmeg5wa.life
3xqy6csn.life
43vtghfz.life
4huoqrsp.life
4r3inwrt.life
4soexc4m.life
54y2q50j.life
6a1fbhay.life
6o26tws0.life
6qwim2j8.life
6xhpschv.life
7564a2mg.life
7kmzys39.life
83b0leyy.life
8hxwl72r.life
8qwcvseh.life
9hh7hq5r.life
a9nhflze.life
aiv8bb2b.life
aqjjchti.life
aqnx9c9h.life
awr5omre.life
ay03u2te.life
az77sw77.life
b24f19ne.life
baunjh6t.life
bei9dppm.life
btycmaq0.life
c9l8ri53.life
cg4cuoyi.life
d0k4fdaa.life
dph3pby8.life
e97igyz6.life
ep0kbvph.life
et53yjoc.life
fra3xqrx.life
hjcbhzd8.life
hkgd9kar.life
hx0hysyg.life
i6n08gx7.life
i9f44mju.life
igak9l9s.life
is45ipqt.life
j57fzy12.life
jpngew6a.life
jwyxm0f3.life
kqn0zkig.life
luw8ubf2.life
m3vc2ce4.life
m4v4xq2f.life
mddoknvi.life
n64c2akw.life
o10qz4xe.life
ohwv1vpp.life
oq36weoi.life
p1p97dov.life
p5e68m36.life
pe6r5tzc.life
pyjijjlm.life
q65io756.life
qal55els.life
qhfoevow.life
r0ca080m.life
r5ue5rok.life
rbvsf6io.life
t31jn4t1.life
t99iv15x.life
tcjcv520.life
tvgco82h.life
uq034w07.life
vojg90l2.life
vv5sfo80.life
vxyojl27.life
w2hje2t7.life
wq6w8jkq.life
wykpnxcx.life
x698iah6.life
yqofro9q.life
yykdmh0r.life
z2tp7x2v.life
zdx0i18o.life
zefawfb0.life
zmlly8xo.life
zna5lybe.life
zpy1vssg.life

# Reference: https://twitter.com/Artilllerie/status/1757725596992278642
# Reference: https://www.virustotal.com/gui/file/c34e5d36bd3a9a6fca92e900ab015aa50bb20d2cd6c0b6e03d070efe09ee689a/detection

0ad1qrc1.life
0be6z82a.life
0hb72lv4.life
0ny3328d.life
0yznun55.life
12jawwzi.life
1330r5tl.life
18nf94hr.life
1kq5u5oh.life
22km13qy.life
25utqefr.life
2jrlu58d.life
2m420uuq.life
2r5pct64.life
2x5sidtj.life
389wsdwk.life
3botypuk.life
3hlr4b32.life
4bekj09u.life
4eo14u97.life
4qrr6ij0.life
56snpngr.life
56xom9cr.life
5a0mrc70.life
5cai9tan.life
5s9j4ij0.life
5xrn6i3n.life
5zime47c.life
61oankru.life
652t37sd.life
6t152qng.life
6tcl7gdl.life
7nx3ips8.life
7ue3qloo.life
7v3pqzur.life
8e2fs333.life
8jenv5cj.life
8zxvhrw3.life
93628xvf.life
9b7t2l0q.life
9bydjn76.life
9i4h14pn.life
9rzeyw6d.life
9xuj8nh1.life
accq42df.life
acuaw2q0.life
agjsuxbi.life
akzuglxg.life
augbit10.life
az3hs01z.life
b0wknuvv.life
b7v0h14g.life
bhqjgnyg.life
bnevdx61.life
c0g886v7.life
c4e9t8ri.life
c8o1xb3q.life
cu945ae2.life
d0paetq1.life
d5lspsc8.life
d64ijd3x.life
da3qmuiz.life
dkzmobfb.life
dtacg44e.life
dwdgv8ey.life
dza0z859.life
e12p0p07.life
ecdb0x3j.life
eiwkrw3v.life
enxlrvsp.life
es4xrlbf.life
f94vimcc.life
fcl2tw80.life
fjtg4l8d.life
fjtwh7ez.life
fmeojv6b.life
frm6u0r1.life
g27j5iqe.life
g4ggjukx.life
g7on0c47.life
gaiuzmjh.life
gb3kmt70.life
ge0gmguu.life
gpw38bkj.life
guycev3v.life
gvwgb5nw.life
h5hyssny.life
hkk0meg1.life
hlbflus2.life
hm2psb94.life
hocj7ez7.life
hyivgigf.life
i8kyugpr.life
i8yegp0g.life
idqrdhpg.life
ig4xohtj.life
ink7i9yf.life
inwyinkt.life
jbq2lc4m.life
jh1px0y2.life
jtyk5gdq.life
k6ptpfxk.life
k9asv5kf.life
kkrmo7k8.life
klclsjxl.life
klcmu5e3.life
kxk0fp99.life
kxxxz02p.life
lawsc41o.life
lni114wn.life
lnze846x.life
lq4rvf7h.life
lq6oee8d.life
mc255438.life
mkt3shgr.life
ms6qhpe2.life
mtu5eery.life
mw0au96x.life
myskwtvz.life
n0ohhx48.life
n1iq0gkh.life
n6s0rru2.life
n9t609lu.life
nnc9xesb.life
o0r9qsit.life
o1kmnuax.life
orc3zq3c.life
ouhz98km.life
pmrzi1bx.life
puh4ptfq.life
q905hr35.life
qblg0klz.life
qdqw1w5c.life
ql5hk4dj.life
qo725zwl.life
qpxq51gq.life
qulj3o2b.life
quw31ted.life
qz0pzkv1.life
qz7waafq.life
r1vp426o.life
r4x6iy6x.life
racgyvid.life
rj3h9lji.life
rka4u64f.life
rm0vgyz1.life
rqmbst2l.life
rrfklwtt.life
rtnzmwv0.life
s68s3bdd.life
si0wpv63.life
sx3i8jmk.life
t5me2n7i.life
thde5hd5.life
tkpnkize.life
tli6v0bb.life
tmzcoebw.life
tztttnt4.life
u3zvhegy.life
u45wcqn7.life
uj1lqdzb.life
v9nvi0qk.life
vevijml2.life
vg7uaic3.life
vkm1k94n.life
vpvmrmin.life
vtq4vrd1.life
w97o36m1.life
w9inw8u1.life
wdxn08y6.life
widcqm70.life
wiof5kps.life
wiw2pzow.life
wmds946t.life
wuxe83rt.life
wv7n0k5b.life
wvxatase.life
x1268u29.life
x2h84q1y.life
x3h1ahco.life
x9e2x6a2.life
xawrjuc7.life
xwcetuq6.life
y0a5tf81.life
y2stju2y.life
y3v1d1vu.life
y5eqdqo8.life
y6rqgp73.life
y7px5b06.life
y833kir4.life
ym1mmve7.life
ymxcwnjs.life
z15hvoz2.life
z4u0pw7m.life
z5gt6avq.life
zo2epezl.life
ztlkhvae.life
zutr3leo.life

# Reference: https://threatfox.abuse.ch/browse/malware/win.bumblebee/ (# 2024-05-05)


158.160.58.164:443
164.52.200.182:443
164.52.201.144:443
164.52.203.68:443
164.52.204.122:443
164.52.210.159:443
164.52.211.43:443
164.52.219.118:443
164.52.223.174:443
216.48.177.248:443
216.48.178.45:443
216.48.179.106:443
216.48.179.170:443
216.48.179.174:443
216.48.179.60:443
216.48.179.68:443
216.48.180.70:443
216.48.181.191:443
216.48.181.201:443
216.48.182.251:443
216.48.183.206:443
216.48.183.41:443
216.48.183.60:443
216.48.183.70:443
216.48.183.71:443
216.48.183.75:443
216.48.183.81:443
216.48.183.85:443
216.48.184.188:443
216.48.185.120:443
216.48.185.13:443
178.177.200.35.bc.googleusercontent.com
178.227.100.34.bc.googleusercontent.com
215.145.200.35.bc.googleusercontent.com
11qet4bgg.life
1d98d2w0k.life
1wrap3lnr.life
23b3imkqh.life
292edkjz6.life
2a6m2wkiq.life
2jlczycvw.life
2niq3fv8t.life
2x5cn12li.life
3rldogkrx.life
43dtvcgy6.life
44uegsxdd.life
497hssmh9.life
49jw256uc.life
4hdkyh1ns.life
4kqz7kqt2.life
5hsghdbng.life
5yv0b66c5.life
7clm8w86o.life
8fqxxf116.life
8jcl1fkor.life
8nrjr6hc4.life
8s75cl4j9.life
8t8g8jquy.life
99t9f8t4c.life
9f8srknbf.life
9qf9v3tgq.life
ajl0toabj.life
api.mcc-dspace.l2c2.co.in
arl8xdy0i.life
awjjbslep.life
awmv2d35g.life
axqje16l4.life
c231spcbk.life
c3x5wqfqd.life
cj87mkoo4.life
cmau5xobd.life
cpanel.ripplendt.com
crbk7hduu.life
d00d7ks32.life
db9oyi6b2.life
dl23dcg0p.life
donkvamcz.life
e2e-100-206.ssdcloudindia.net
e2e-100-41.ssdcloudindia.net
e2e-100-60.ssdcloudindia.net
e2e-100-70.ssdcloudindia.net
e2e-100-71.ssdcloudindia.net
e2e-100-75.ssdcloudindia.net
e2e-100-81.ssdcloudindia.net
e2e-100-85.ssdcloudindia.net
e2e-101-188.ssdcloudindia.net
e2e-102-13.ssdcloudindia.net
e2e-68-182.ssdcloudindia.net
e2e-69-144.ssdcloudindia.net
e2e-69-153.ssdcloudindia.net
e2e-69-171.ssdcloudindia.net
e2e-71-68.ssdcloudindia.net
e2e-72-122.ssdcloudindia.net
e2e-73-167.ssdcloudindia.net
e2e-73-170.ssdcloudindia.net
e2e-73-172.ssdcloudindia.net
e2e-73-173.ssdcloudindia.net
e2e-73-176.ssdcloudindia.net
e2e-79-159.ssdcloudindia.net
e2e-80-43.ssdcloudindia.net
e2e-85-101.ssdcloudindia.net
e2e-87-205.ssdcloudindia.net
e2e-88-118.ssdcloudindia.net
e2e-92-174.ssdcloudindia.net
e2e-94-248.ssdcloudindia.net
e2e-95-45.ssdcloudindia.net
e2e-96-170.ssdcloudindia.net
e2e-96-174.ssdcloudindia.net
e2e-96-60.ssdcloudindia.net
e2e-96-68.ssdcloudindia.net
e2e-98-191.ssdcloudindia.net
e2e-98-201.ssdcloudindia.net
e2e-99-251.ssdcloudindia.net
elearnacad.com
ezsj23n67.life
f0a3myb17.life
f66we2.easypanel.host
farentrip.com
gaamc74sm.life
gebj02y46.life
gmsjfazpo.life
go6nu8hgl.life
govntutzt.life
gpoxpkoiy.life
hadoop1.bizinso.com
inekdxiil.life
j2hsoa4va.life
jvmzaf24a.life
jzvx353vf.life
k4ikh1i8s.life
kbs.thinkiit.in
l9w8yn2fo.life
lcd7igvud.life
lgu7drz5a.life
lnoz4exs6.life
m460p6w8i.life
mcc-dspace.l2c2.co.in
mei2hlvph.life
nii34kqrw.life
o3f4d47j3.life
ofav9exew.life
oqfb13om6.life
p5zhkxu7x.life
p9m9as6rc.life
pltfrvss1.life
prl7fpdgq.life
pwfkwiup6.life
pzhihpnt2.life
qak8s.vunet.io
qm4hupdsq.life
qqpjqdylr.life
ripplendt.com
rm43ln1wn.life
s7n9pjbnl.life
secops.vunetsystems.com
server.instahosting.in
stage.mobycover.com
tcyvzdeex.life
tdyfmnlvv.life
test1.donateabook.org.in
testseries.thinkiit.in
trfy09x33.life
trustkeyfinserv.com
uaeo95mzk.life
ulfv8hiv3.life
un5nke6rt.life
upxamcuma.life
uvx6qjirx.life
v4wlbpzf0.life
vjgmo889e.life
webdisk.ripplendt.com
webmail.togetherindia.in
workernode3.dev.providerdom.com
wox5mblpd.life
wp9wddjn4.life
x5zxvz2yn.life
x7ir6c3dp.life
xky2lv24m.life
xszhjlyga.life
y0ue7nc4v.life
y7mmp6opv.life
yg7kcxnie.life
yk37wagdg.life
ynnlb3rus.life
yombx43uh.life
z1hf83vee.life
z4aarde49.life
z75717vaj.life
z8g4klplp.life
