# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/ViriBack/status/1023286939858939906

http://5.8.88.25

# Reference: https://www.bleepingcomputer.com/news/security/azorult-trojan-serving-aurora-ransomware-by-malactor-oktropys/

lulaaura.top

# Reference: https://samples.vx-underground.org/APTs/2010/2010.01.27/Paper/Operation%20Aurora%20Detect%20Diagnose%20Respond.pdf

33iqst.com
360.homeunix.com
blog1.serverbeer.com
demo1.ftpaccess.cc
ftp2.homeunix.com
s11.homelinux.org
update.ourhobby.com

# Reference: https://www.virustotal.com/gui/file/5e449a2664be9d024e78d660e9cad4099c64bb7d91fb40d08459dec274de02dc/detection

a0653691.xsph.ru
/AuroraLoader/check.txt
/AuroraLoader/CheckAccount.php?jopa=
/AuroraLoader/LoaderVersion.php?jopa=
/AuroraNEW/check.txt
/AuroraNEW/CheckAccount.php?jopa=
/AuroraNEW/LoaderVersion.php?jopa=

# Reference: https://twitter.com/crep1x/status/1592270231585816576
# Reference: https://www.virustotal.com/gui/file/0878bfc99e884abac4cba8339944045ccf16c99c942dc681729b152a3a9e6f25/detection

45.15.156.97:8081

# Reference: https://blog.sekoia.io/aurora-a-rising-stealer-flying-under-the-radar/#h-aurora-c2
# Reference: https://otx.alienvault.com/pulse/637baa6081d4bafd9cb4afec

138.201.92.44:8081
146.19.24.118:8081
167.235.233.95:9865
185.173.36.94:8081
185.209.22.98:8081
193.233.48.15:9865
37.220.87.2:8081
45.137.65.190:8081
45.144.30.146:8081
45.15.156.115:8081
45.15.156.22:8081
45.15.156.33:8081
45.15.156.80:8081
45.15.157.137:8081
49.12.222.119:8081
49.12.97.28:8081
5.9.85.111:8081
65.108.253.85:8081
65.109.25.109:8081
78.153.144.31:8081
81.19.140.21:8081
82.115.223.218:8081
85.192.63.114:8081
89.208.104.160:8081
95.214.55.225:8081
cheatcloud.info
winsoft.cloud

# Reference: https://twitter.com/James_inthe_box/status/1594750999759310849
# Reference: https://twitter.com/ViriBack/status/1594758845297229824
# Reference: https://app.any.run/tasks/241b198d-622a-4d57-989c-84690b82d99b/

37.220.87.2:8081

# Reference: https://twitter.com/malwrhunterteam/status/1595119413384314880
# Reference: https://www.virustotal.com/gui/file/533d6c8a642edd24cd046a6749655e7463548adfa3585ef0a7efe63515090d8f/detection

212.86.108.41:7000
212.86.108.41:8081

# Reference: https://twitter.com/idclickthat/status/1595082222851481600
# Reference: https://tria.ge/221122-s1r7wscd21/behavioral6
# Reference: https://www.virustotal.com/gui/file/04b2edcc9d62923a37ef620f622528d70edab52ccd340981490046ad3aa255e5/detection

79.137.195.171:8081
mividajugosa.com

# Reference: https://twitter.com/ViriBack/status/1597746330830794752

http://45.137.65.190
http://45.15.156.24
http://45.15.156.33
http://45.15.157.137
http://49.12.222.119
http://65.108.225.214
http://82.115.223.218

# Reference: https://twitter.com/malwrhunterteam/status/1599001245804814339
# Reference: https://www.virustotal.com/gui/file/15a24027de069f52e9ad493901e91e110e5ca64630ac30a57ba07a827fca832a/detection

85.192.63.42:8081

# Reference: https://twitter.com/0xToxin/status/1600510379586719746
# Reference: https://tria.ge/221204-rtkc2agc97/behavioral2

185.17.0.138:8081

# Reference: https://www.virustotal.com/gui/file/d8e22530aa884e9e742a102f9acb53a2727b749dac4489c72b37782e2ec6383e/detection
# Reference: https://www.virustotal.com/gui/file/af1f5335d497726e81237f3049d3918c32f8ac999b9ca21cf3535a57162f0fc9/detection

62.204.41.3:8081

# Reference: https://www.virustotal.com/gui/file/02074294a16b02d4deb61f85f16c2ef3847f47cf5c53c5c15c011a854486f1ef/detection

89.107.10.175:8081

# Reference: https://www.virustotal.com/gui/file/911ad4d55923322ce584ffe2478a37e9d39875611f09b1059592376f1d2f87bb/detection

37.139.129.125:8081

# Reference: https://twitter.com/0xrb/status/1607255904831037443
# Reference: https://threatfox.abuse.ch/browse/tag/Aurora%20Stealer/ (26 Dec 2022)

103.179.143.146:8081
116.203.236.141:8081
135.181.197.26:8081
152.89.247.30:8081
172.86.122.46:8081
176.124.216.38:8081
185.106.93.245:8081
185.106.93.246:8081
185.106.93.251:8081
191.101.130.41:8081
193.42.33.110:8081
193.42.33.176:8081
193.42.33.5:8081
194.113.106.228:8081
195.123.217.171:8081
195.43.142.218:8081
20.68.243.166:8081
213.239.213.187:8081
23.88.97.138:8081
3.238.130.38:8081
45.10.40.246:8081
45.138.74.160:8081
45.15.156.140:8081
45.15.156.26:8081
45.15.156.83:8081
45.15.157.142:8081
45.32.79.170:8081
49.12.245.165:8081
5.75.160.178:8081
65.109.12.241:8081
77.73.131.156:8081
77.73.134.10:8081
77.73.134.27:8081
77.73.134.57:8081
77.73.134.7:8081
78.47.192.53:8081
79.137.206.138:8081
82.115.223.138:8081
82.115.223.249:8081
85.192.63.158:8081
87.251.77.59:8081
89.23.100.223:8081
95.179.187.111:8081

# Reference: https://threatfox.abuse.ch/browse/malware/win.aurora_stealer/ (29 Dec 2022)

http://103.179.143.146
http://116.203.236.141
http://135.181.197.26
http://152.89.247.30
http://172.86.122.46
http://176.124.216.38
http://185.106.93.245
http://185.106.93.246
http://191.101.130.41
http://193.42.33.110
http://193.42.33.176
http://193.42.33.5
http://194.113.106.228
http://195.123.217.171
http://195.43.142.218
http://213.239.213.187
http://23.88.97.138
http://45.10.40.246
http://45.138.74.160
http://45.15.156.135
http://45.15.156.140
http://45.15.156.184
http://45.15.156.22
http://45.15.156.67
http://45.15.156.70
http://45.15.157.142
http://45.32.79.170
http://49.12.245.165
http://5.75.160.178
http://65.109.12.241
http://77.73.131.156
http://77.73.134.57
http://77.73.134.7
http://78.47.222.65
http://79.137.206.138
http://82.115.223.138
http://82.115.223.249
http://89.107.10.180
http://89.23.100.223
http://95.179.187.111
129.146.9.178:8081
147.124.212.238:8081
167.235.141.208:8081
185.246.220.16:8081
194.87.31.137:777
2.232.150.231:8081
217.195.155.154:8081
37.220.87.13:8081
45.15.156.130:8081
45.15.156.135:8081
45.15.156.184:8081
45.15.156.59:8081
45.15.156.67:8081
45.15.156.70:8081
45.86.86.197:8081
49.12.190.58:8081
5.199.169.19:8081
65.108.225.214:8081
77.73.133.57:8081
77.73.134.55:9865
78.47.222.65:8081
89.107.10.180:8081
allsoftware.store
kvitochka.store

# Reference: https://twitter.com/1ZRR4H/status/1615029840520032256
# Reference: https://www.virustotal.com/gui/file/3d242f0d9a6e40018c226e162c1b70c3cfdeb25b20d42d8f05e107070040f5b2/detection

195.123.218.52:8081
ahydk.click

# Reference: https://isc.sans.edu/diary/rss/29448
# Reference: https://otx.alienvault.com/pulse/63c8222df2bcbec18baaf78f

79.137.133.225:8081
notopod-plos-plus.com
obsqroject.com

# Reference: https://twitter.com/DonPasci/status/1616461046360805382
# Reference: https://www.virustotal.com/gui/ip-address/104.21.74.62/relations
# Reference: https://tria.ge/230120-sy37daaf9t/behavioral1

45.15.156.210:8081
battlenet-install.top
driver-updates.site
kodfem.hemsida.eu

# Reference: https://tria.ge/230122-ffpj2sha8z

45.15.156.242:8081

# Reference: https://tria.ge/230121-yzzhgadg24/behavioral1

2.232.150.231:8081
servicestarting.hopto.org

# Reference: https://tria.ge/230121-vddgbsdb36/behavioral2

95.217.235.8:8081

# Reference: https://tria.ge/230118-llkqyaaf9t/static1

85.209.135.29:8081

# Reference: https://twitter.com/Artilllerie/status/1618980737679765504

notepad-setup.top

# Reference: https://twitter.com/Artilllerie/status/1620018615725735936
# Reference: https://twitter.com/Artilllerie/status/1620094871515316224
# Reference: https://twitter.com/JAMESWT_MHT/status/1620062867860111361
# Reference: https://twitter.com/DonPasci/status/1620059736837361666
# Reference: https://tria.ge/230130-q5gkvaaf39

notepad-editor.space
notepad-install.top
rocketpool-net.website
goverment.duckdns.org

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Aurora_Stealer/Aurora_C2s_09_02_2023.txt

http://167.235.60.69
http://176.124.214.54
http://185.106.93.132
http://185.106.93.199
http://185.106.93.203
http://193.188.23.177
http://45.15.156.153
http://45.15.156.172
http://45.15.156.175
http://45.15.156.187
http://45.15.156.206
http://45.15.156.210
http://45.15.156.219
http://45.15.156.220
http://45.15.156.234
http://45.15.156.246
http://45.15.156.250
http://45.9.74.11
http://79.137.133.225
http://89.22.227.50
http://94.142.138.14
http://94.142.138.15
http://94.142.138.18
http://94.142.138.22
http://94.142.138.23
http://94.142.138.28
http://94.142.138.30
http://94.142.138.32
http://94.142.138.34
http://94.142.138.36
http://94.142.138.38
http://94.142.138.6

# Reference: https://twitter.com/TrackerC2Bot/status/1612428317814128640

82.115.223.77:8081

# Reference: https://twitter.com/ULTRAFRAUD/status/1625557844371144707

download-nwidia.website

# Reference: https://twitter.com/abuse_ch/status/1625755033085087744
# Reference: https://www.virustotal.com/gui/ip-address/104.21.2.12/relations

driver-nvidia.site
nvidia.services
nvidia1.top

# Reference: https://twitter.com/AnFam17/status/1625990921488674816
# Reference: https://www.virustotal.com/gui/ip-address/45.9.74.21/relations
# Reference: https://www.virustotal.com/gui/file/aa349ad45bb48e85b5cd1b55308ae835353859219f28ece9685c8ae552e8e63a/detection

185.106.93.135:8081
app-python.com
pyithon.com
python-acc.com
python-app-software.com
python-application.com

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Aurora_Stealer/Aurora_Panel_scan_16-02-2023_01-01-07.txt

http://159.69.108.164
http://45.15.157.130
http://94.142.138.29
http://94.142.138.60

# Reference: https://twitter.com/spicy_bear_/status/1628473821878534144

http://85.192.63.49
http://9.152.217.95

# Reference: https://twitter.com/0xrb/status/1628611690274385922

http://107.182.129.73
http://109.172.45.197
http://135.181.107.76
http://147.124.212.238
http://157.245.55.151
http://157.90.232.2
http://157.90.241.140
http://159.69.80.167
http://162.55.126.111
http://163.172.13.53
http://167.235.134.202
http://167.235.147.73
http://167.235.18.89
http://176.124.201.212
http://176.124.210.153
http://185.106.93.135
http://185.17.0.138
http://185.181.10.117
http://185.197.160.20
http://185.219.220.239
http://185.219.80.224
http://185.239.239.194
http://185.62.56.10
http://193.233.20.134
http://193.29.62.24
http://193.42.33.157
http://194.104.136.143
http://199.247.24.79
http://2.232.150.231
http://212.192.31.29
http://37.220.87.13
http://45.128.234.60
http://45.144.30.146
http://45.15.156.147
http://45.15.156.221
http://45.15.156.224
http://45.15.156.249
http://45.15.156.59
http://45.15.156.86
http://45.151.144.19
http://45.61.139.86
http://45.84.1.87
http://46.105.147.137
http://5.75.144.249
http://5.75.175.231
http://77.83.173.136
http://77.91.77.67
http://80.92.204.59
http://82.115.223.135
http://82.115.223.190
http://82.115.223.51
http://82.115.223.64
http://85.192.63.77
http://85.209.135.29
http://87.251.77.59
http://89.23.97.58
http://94.130.27.94
http://94.142.138.100
http://94.142.138.50
http://94.142.138.64
http://94.142.138.73
http://94.142.138.88
http://94.142.138.94
http://95.215.108.15
http://95.217.152.9
http://95.217.193.56
http://95.217.235.8
107.182.129.73:8081
109.172.45.197:8081
135.181.107.76:8081
145.239.202.13:8081
157.90.232.2:8081
157.90.241.140:8081
159.69.80.167:8081
163.172.13.53:8081
167.235.134.202:8081
167.235.147.73:8081
167.235.18.89:8081
167.235.60.69:8081
176.124.201.212:8081
176.124.210.153:8081
176.124.214.54:8081
185.106.93.132:8081
185.106.93.193:8081
185.106.93.199:8081
185.106.93.203:8081
185.106.93.247:8081
185.181.10.117:8081
185.219.220.239:8081
185.219.80.224:8081
185.62.56.10:8081
193.188.23.177:8081
193.233.20.134:8081
193.29.62.24:8081
195.123.217.108:8081
199.247.24.79:8081
212.113.106.47:8081
212.162.152.199:8081
212.192.31.29:8081
213.166.71.21:8081
45.128.234.60:8081
45.132.106.77:8081
45.144.31.252:8081
45.15.156.147:8081
45.15.156.151:8081
45.15.156.153:8081
45.15.156.172:8081
45.15.156.175:8081
45.15.156.182:8081
45.15.156.187:8081
45.15.156.206:8081
45.15.156.209:8081
45.15.156.219:8081
45.15.156.220:8081
45.15.156.221:8081
45.15.156.224:8081
45.15.156.234:8081
45.15.156.246:8081
45.15.156.249:8081
45.15.156.250:8081
45.15.156.54:8081
45.15.156.7:8081
45.15.156.86:8081
45.15.157.130:8081
45.151.144.19:8081
45.61.139.86:8081
45.84.1.87:8081
45.9.74.11:8081
45.9.74.87:8081
46.105.147.137:8081
49.12.203.54:8081
5.34.180.208:8081
5.75.144.249:8081
5.75.175.231:8081
65.109.216.5:8081
77.83.173.136:8081
77.91.124.12:8081
77.91.68.46:8081
77.91.77.67:8081
79.20.32.223:8081
82.115.223.135:8081
82.115.223.51:8081
82.115.223.64:8081
85.192.63.77:8081
87.251.77.225:8081
89.22.227.50:8081
89.22.237.237:8081
89.23.97.58:8081
94.130.27.94:8081
94.142.138.100:8081
94.142.138.14:8081
94.142.138.18:8081
94.142.138.22:8081
94.142.138.23:8081
94.142.138.29:8081
94.142.138.32:8081
94.142.138.34:8081
94.142.138.36:8081
94.142.138.38:8081
94.142.138.4:8081
94.142.138.50:8081
94.142.138.60:8081
94.142.138.64:8081
94.142.138.6:8081
94.142.138.73:8081
94.142.138.88:8081
94.142.138.94:8081
95.215.108.15:8081
95.217.152.9:8081
95.217.193.56:8081
java-download1.space
java-download2.space
java-download3.space
miracleapps.store
notepad-download.online
notepad-plus-plus-setup.top
nvidia-geforce1.space
nvidia-geforce2.space
nvidia-geforce3.space
nvidia.agency
nvidia.best
nvidio-geforce.info
nvidio-geforce.site
nvidio-geforce.us
nvidio-geforce.website
nvidio-qeforce.info
nvidio-qeforce.site
nvidio-qeforce.us
nvidio-qeforce.website
nvldio-geforce.info
nvldio-geforce.site
nvldio-geforce.us
nvldio-geforce.website
python-official.xyz
software-planet.ru

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Aurora_Stealer/txt/Aurora_Panel_scan_02-03-2023_19-30-23.txt

http://116.203.245.173
http://157.90.239.70
http://82.115.223.9

# Reference: https://otx.alienvault.com/pulse/63e3def42a1475e6733f2b1d
# Reference: https://www.virustotal.com/gui/ip-address/37.220.83.95/relations
# Reference: https://www.virustotal.com/gui/ip-address/5.178.2.159/relations
# Reference: https://www.virustotal.com/gui/file/002369fd9eec709ae250b39a46ce21ec64c586249e610145f9beca933b302efe/detection

advert-panel.ru
advert-panel.site
annemarieotey.com
anyfisolusi.com
awesomemainer.top
black-socks.org
bluecentury.org
cgminer.top
coinsupport-online.com
comm-agentsupport.com
confirmation-setup.com
cryptowat.top
cryptowatch.top
duinvest.info
duncan-technologies.net
enigma-soft.com
expresswebstores.com
fgpprlaw.com
footballmeta.com
gfcitservice.net
listfoo.org
master-yoga.top
metatrader.top
mikefaw.com
msi-afterburner.top
online-securesetup.com
otameyshan.com
peak-pjv.com
repossessionheadquarters.org
samsontech.mobi
shiptrax24.com
southfirstarea.com
styleselect.com
sublimetext.top
thebtcrevolution.com
virtualmediaoffice.com

# Reference: https://twitter.com/1ZRR4H/status/1631718258431729673
# Reference: https://virustotal.com/gui/ip-address/31.31.196.67/relations

anydesk-anydesk.org
anydeskdestkop.com
bitcoin-futur.com
bittorrent-download.me
bittorrent-download.net
bittorrent-download.xyz
bittorrent.icu
bittorrent.live
bittorrentdownload.net
bittorrentdownloadfree.com
bittorrentfree.com
blluestack.me
bluaestack.club
bluastaack.app
bluastacks.biz
bluastacks.com
bluasteaks.com
bluasteaks.net
bluastec.org
bluastec.xyz
bluastecks.icu
bluelivestock.com
bluepilesoft.com
blueshock.app
blueshock5.com
blueshockapp.com
blueshockget.com
blueshocksetup.com
blueslack.com
blueslacks.net
blueslacksoft.com
bluestack-app.net
bluestack-get.com
bluestack-get.net
bluestack-install.com
bluestack-setup.com
bluestack-soft.com
bluestack-soft.net
bluestack-software.com
bluestack.cloud
bluestack.club
bluestack.fun
bluestackapps.com
bluestackapps.net
bluestackaps.net
bluestackfive.com
bluestackget.com
bluestackget.net
bluestackgroupup.com
bluestackinstall.com
bluestackios.com
bluestacks-5.net
bluestacks-game.net
bluestacks-games.com
bluestacks-games.org
bluestacks-setup.net
bluestacks-soft.com
bluestacks-software.com
bluestacks10.net
bluestacksgame.com
bluestacksget.com
bluestacksinstall.com
bluestacksinstallation.com
bluestacksinternet.com
bluestacksinternet.net
bluestacksoftware.com
bluestackssoft.com
bluestackssoftware.com
bluestacksweb.com
bluestackweb.com
bluestacsoft.com
bluestak.biz
bluestask-app.com
bluestaskapp.com
bluestockapp.com
bluestockinstate.com
bluestockinstone.com
bluestockst.com
bluestocktank.com
bluslack.com
blustacksoft.com
blustackst.com
bluustackapp.com
bluustacks-app.com
bluustacks.com
blyestack.one
chat-gpt-app.net
chat-gpt-get.com
chat-gpt-portable.com
chat-gpt-soft.com
chat-gpt.run
chat-gpt.studio
chat-gtp.icu
chatgpt-2023.com
chatgpt-2023.online
chatgpt-app.art
chatgpt-desktop.com
chatgpt-download.com
chatgpt-download.me
chatgpt-download.xyz
chatgpt-downloads.com
chatgpt-install.com
chatgpt-login.net
chatgpt-login.xyz
chatgpt-official.com
chatgpt-online.me
chatgpt-online.xyz
chatgpt-portable.com
chatgpt-setup.com
chatgpt-setup.net
chatgpt-software.com
chatgptdesktop.net
chatgptdesktop.org
chatgptdownload.net
chatgptget.com
chatgptlog.org
chatgptlow.com
chatgptportable.com
chatgptsetup.com
chatgtp.icu
chatgtpget.com
crypto-trends2022.com
desktop-chatgpt.com
desktopchatgpt.com
downstacks.com
downstacksoft.com
fastchap-gpt.com
fastchapgpt.com
gpt-chat-instal.com
gpt-chat.icu
gpt-chat.live
gpt-chat.me
gptchat-portable.com
gptchat.tools
gptchatai.net
gptchatai.org
gptchatcom.icu
gptchatinstal.com
gptchatlogin.com
gptchatlogin.org
gptchatportable.com
gptchatstock.com
gptonlinechat.xyz
gpuz-tech.com
gpuz-tech.org
installchatgpt.net
installchatgptapp.com
java-login.com
java-official.com
java-official.org
java-pc.cloud
java-pc.live
java-sc.net
java-script.space
java-script.xyz
java-site.com
java-text.com
javaapp.xyz
javacomp.xyz
javadestkop.com
javafistofficial.com
javalog.net
javaofficial.com
javaofficial.site
javasc.net
javascriptofficial.com
javascriptofficialsite.dev
javasetup.com
javasite.org
javatext.info
js-get.com
kmspico-2023.net
kmspico-activator.org
kmspico2023-official.com
kmspico2023official.com
kmspico2023official.net
kmspicoofficial2023.net
kmspicoofficialsite.com
meta-tradler5.com
metatradler5.com
official-bluestack.com
official-bluestacks.com
officialbitcoin-up.com
officialbluestack.com
officialbluestacks.com
phyton.site
phytonsite.xyz
python-desktop.com
python-official.com
python-official.site
python-official.space
pythonofficial.info
pythonofficial.net
pythonofficial.org
roboterra.one
roboterra.xyz
robottera.one
robottera.xyz
signai.org
signal-download.com
signal-download.org
signal-login.com
signal-official.com
signal-setup.com
signaldownload.info
signalofficial.net
signalsetup.com
signalsetup.net
signalsignin.com
slkype-app.com
slkypeapp.com
stargate-financing.net
stargatefinancenews.com
stargatefinancial.net
stargatefinancing.com
stargateofinances.com
stargateofinancing.com
teamgram.pro

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Aurora_Stealer/txt/Aurora_Panel_scan_10-03-2023_23-35-20.txt

http://103.184.97.117
http://116.203.245.147
http://195.201.230.5
http://37.220.87.8
http://45.9.74.87
http://94.131.112.108
http://94.142.138.132
http://94.142.138.137
http://94.142.138.144
http://94.142.138.164
http://94.142.138.185
http://94.142.138.93
http://94.142.138.95

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Aurora_Stealer/txt/Aurora_Panel_scan_16-03-2023_19-44-10.txt

http://138.201.198.8
http://89.208.142.245
http://94.142.138.71
http://95.140.158.196

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Aurora_Stealer/txt/Aurora_Panel_scan_23-03-2023_19-18-41.txt

http://45.88.106.253
http://5.75.171.250
http://94.142.138.176
http://95.217.44.147

# Reference: https://www.virustotal.com/gui/file/07b974442b53035b8d057a7b429c191fe71f149a698041b005ee85645a89c165/detection

212.87.204.93:8081

# Reference: https://threatfox.abuse.ch/browse/malware/win.aurora_stealer/ (25 Mar 2023)

http://77.91.77.163
http://77.91.85.73
http://81.161.229.227
http://92.119.231.161
http://94.142.138.111
http://94.142.138.215
5.75.171.250:8081
77.91.77.163:8081
77.91.85.73:8081
81.161.229.227:8081
94.142.138.111:8081
94.142.138.29:456
95.217.44.147:8081

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Aurora_Stealer/txt/Aurora_Panel_scan_30-03-2023_19-38-36.txt

http://167.235.148.216
http://212.87.204.93
http://37.220.87.50
http://45.15.156.237
http://77.91.77.236
http://79.137.204.106
http://94.142.138.236

# Reference: https://twitter.com/AlvieriD/status/1643597470012784641

http://79.137.197.61

# Reference: https://twitter.com/0xrb/status/1645684586746191873
# Reference: https://threatfox.abuse.ch/browse/malware/win.aurora_stealer/ (11 Apr 2023)

http://116.203.69.241
http://135.181.89.118
http://141.255.162.222
http://141.98.6.253
http://168.119.234.111
http://176.124.200.101
http://176.126.85.210
http://185.106.93.153
http://185.216.13.190
http://37.220.87.58
http://41.216.182.181
http://45.15.156.158
http://45.15.156.165
http://45.15.156.176
http://45.15.156.182
http://45.9.74.156
http://77.91.84.147
http://79.137.203.193
http://79.137.205.173
http://82.115.223.34
http://84.54.50.28
http://91.107.231.13
http://94.131.112.184
http://94.142.138.147
http://94.142.138.151
http://94.142.138.84
http://95.216.154.91
103.184.97.117:8081
103.195.103.54:8081
104.248.91.138:8081
104.37.173.104:8081
116.203.245.147:8081
116.203.245.173:8081
116.203.69.241:8081
135.181.89.118:8081
138.201.198.8:8081
141.255.162.222:8081
141.98.6.253:8081
157.90.239.70:8081
159.69.108.164:8081
167.235.148.216:8081
168.119.234.111:8081
176.124.200.101:8081
176.126.85.210:8081
185.216.13.190:8081
195.201.230.5:8081
37.220.87.50:8081
37.220.87.8:8081
41.216.182.181:8081
45.15.156.158:8081
45.15.156.165:8081
45.15.156.174:8081
45.15.156.176:8081
45.15.156.237:8081
45.88.106.253:8081
65.108.142.123:8081
77.91.77.236:8081
77.91.84.147:8081
79.137.197.61:8081
79.137.203.193:8081
79.137.204.106:456
79.137.204.106:8081
79.137.205.173:8081
82.115.223.34:8081
82.115.223.9:8081
84.54.50.28:8081
89.208.142.245:8081
91.107.231.13:8081
92.119.231.161:8081
94.131.112.108:8081
94.131.112.184:8081
94.142.138.112:8081
94.142.138.132:8081
94.142.138.137:8081
94.142.138.144:8081
94.142.138.147:8081
94.142.138.151:8081
94.142.138.164:8081
94.142.138.176:8081
94.142.138.185:8081
94.142.138.236:8081
94.142.138.30:8081
94.142.138.71:35774
94.142.138.71:8081
94.142.138.84:8081
94.142.138.93:8081
94.142.138.95:8081
95.140.158.196:8081
95.216.154.91:8081

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Aurora_Stealer/csv/Aurora_2023-04-13_16-48-41.csv

http://94.142.138.104
http://94.142.138.198
http://94.142.138.245

# Reference: https://twitter.com/osipov_ar/status/1649087073738014723
# Reference: https://blog.morphisec.com/in2al5d-p3in4er
# Reference: https://otx.alienvault.com/pulse/643eea91789e4a0752ffd25c

94.142.138.218:4561
all-free-software.online
allfreesoftware.online
chatgptex.us
cv-builder.site
mid-journey.org
midj0urney.org
siamaster.com.mx
ai.midj0urney.org
get.mid-journey.org

# Reference: https://threatfox.abuse.ch/browse/malware/win.aurora_stealer/ (# 29 Apr 2023)

http://65.109.157.119
http://89.208.103.78
http://94.130.176.65
http://94.142.138.165
http://94.142.138.173
104.248.91.138:12121
104.248.91.138:456
104.248.91.138:58010
185.106.93.153:456
185.106.93.153:8081
199.127.62.3:8081
65.109.157.119:8081
65.109.26.115:8081
89.208.103.78:8081
94.130.176.65:8081
94.142.138.165:8081
94.142.138.166:8081
94.142.138.173:8081
94.142.138.218:8081
94.142.138.25:8081

# Reference: https://www.virustotal.com/gui/file/8a39f1c4d26805b60ed234c2cf42e2fd33bcd81b0676a4c8f3cb1dddb0f76046/detection
# Reference: https://www.virustotal.com/gui/file/09481f3647c184825e7de06bb592164c7d4c90b2720b007cbd54b2ef6e5980d3/detection

http://185.106.93.237
185.106.93.237:56763
185.106.93.237:6378

# Reference: https://www.virustotal.com/gui/file/1d8a86f270c02120611baf7ad6a90c15d5d600b555e9584a0f0beea382324ea1/detection

185.106.93.237:21678
185.106.93.237:26777
185.106.93.237:44697

# Reference: https://www.virustotal.com/gui/file/0d7dc7413dd3f25fcd45de53fc5feebcb3eb5b5517ae1c07469c9072ef9eb9cf/detection

185.106.93.237:15744
185.106.93.237:17825
185.106.93.237:24638
185.106.93.237:25912
185.106.93.237:30763

# Reference: https://www.malwarebytes.com/blog/threat-intelligence/2023/05/fake-system-update-drops-new-highly-evasive-loader

103.195.103.54:443

# Reference: https://www.malwarebytes.com/blog/threat-intelligence/2023/05/fake-system-update-drops-new-highly-evasive-loader
# Reference: https://otx.alienvault.com/pulse/645d079328a1ef668409ac53

04042023.ru
activedebian.ru
activehdd.ru
activessd.ru
activessd6.ru
chistauyavoda.ru
click7adilla.ru
clickaineasdfer.ru
evatds.ru
grhfgetraeg6yrt.site
moskovpizda.ru
oled8kultra.ru
oled8kultra.site
pochelvpizdy.ru
qqtube.ru
shluhapizdec.ru
xhamster-18.ru
xxxxxxxxxxxxxxx.ru

# Reference: https://www.esentire.com/blog/esentire-threat-intelligence-malware-analysis-aurora-stealer
# Reference: https://otx.alienvault.com/pulse/64944b41915f5405ef355ef4

passcape.com

# Reference: https://twitter.com/idclickthat/status/1782882684072526280
# Reference: https://www.virustotal.com/gui/file/fa546f0e69f544dfd517d91e795adcd6e092a448c609b9bd2940dfa0895b9cb8/detection

bybitdesktop.com
ohyoulookstupid.win
api.ohyoulookstupid.win
r2.ohyoulookstupid.win

# Reference: https://x.com/banthisguy9349/status/1806736491097296979

http://45.88.91.74
45.88.91.74:443

# Reference: https://x.com/skocherhan/status/1924676298808434713
# Reference: https://www.virustotal.com/gui/file/5d6fa8670f6b5f4492e1d15c34a8cb002f70b006b37bde8f96a2656b1921d6ae/detection

88.119.165.37:8081
