# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: bokbot, icedid

# CERT-UA: UAC-0041

# Reference: https://otx.alienvault.com/pulse/5fb042c8c8bc52fd36438c9d
# Reference: https://github.com/JR0driguezB/malware_configs/tree/master/IcedID

arcadyflyff.com
atlanimeday.com
binncu.net
camorata.com
comeontrk.com
csuwbru.net
cupicratings.com
daliyudin.net
debonointl.net
dorothyle.net
expling.net
firebbernank.net
freegameshacks.net
fzlajsf.net
gordondeen.net
jefchinloans.com
joronda.com
jumpsworks.com
medicalciferol.com
miraquebolsis.com
nobleduty.com
timmasanz.net
tradequel.net
wbgjds.net
youaboard.com

# Reference: https://blog.talosintelligence.com/2018/04/icedid-banking-trojan.html

efoijowufjaowudawd.com

# Reference: https://securityintelligence.com/new-banking-trojan-icedid-discovered-by-ibm-x-force-research/

lik0sa1.com
nejokexulang.example.com
payfinance.net

# Reference: https://www.crowdstrike.com/blog/bokbots-man-in-the-browser-overview/
# Reference: https://otx.alienvault.com/pulse/5c99fb543acc7f5eb0e7e933

acquistic.space
ambusted.space
coultra.space
exhausines.space
exterine.space
haractice.space
hospirit.com
overein.space
parchick.space
portened.space
resurround.pw
segregory.com
stocracy.space
stradition.space
subsquire.com
tybalties.com
ugrigo.space
waharactic.com
yorubal.space

# Reference: https://twitter.com/James_inthe_box/status/1110564181021908993

mathedro.com

# Reference: https://blog.fox-it.com/2018/08/09/bokbot-the-rebirth-of-a-banker/

zonefb.com

# Reference: https://twitter.com/malware_traffic/status/1123458651434434563

marakusta.at
saudienter.pw

# Reference: https://twitter.com/CapeSandbox/status/1123605348466741249
# Reference: https://cape.contextis.com/analysis/70719/

forsynanchyv.com
hipponexunam.org

# Reference: https://twitter.com/CapeSandbox/status/1121084063903821824
# Reference: https://cape.contextis.com/analysis/68966/

arguerns.top
extenterms.top
minental.top

# Reference: https://twitter.com/malware_traffic/status/1136690489757974538

37.59.68.215:443
goodinzone.at
mozambiquest.pw

# Reference: https://twitter.com/James_inthe_box/status/1136950895986429954

albarthurst.pro
hipponexunam.org

# Reference: https://twitter.com/malware_traffic/status/1147303805115162624

germakhya.xyz

# Reference: https://www.fortinet.com/blog/threat-research/icedid-malware-analysis-part-two.html

albarthurst.pro
carlsbadenomise.top
chardiop.club
ethracial.pw
exchangests.xyz
forsynanchyv.com
goodinzone.at
hipponexunam.org
hydrylater.online
mechangerous.space
mozambiquest.pw
parenessed.icu
ransmittend.club
saudienter.pw
summerch.xyz
wagenstead.xyz

# Reference: https://twitter.com/takerk734/status/1135955547310632960
# Reference: https://app.any.run/tasks/13d6d9f9-7033-4ce7-9ad4-76591f15274c/

http://195.123.234.12
http://95.213.217.139
http://54.36.218.96
185.143.145.90:443
maidcafeyoyo.fun
simbaooshi.space
summerch.xyz
wagenstead.xyz

# Reference: https://twitter.com/James_inthe_box/status/1163512836930199552
# Reference: https://pastebin.com/rcwZmSu0

bumpsitting.pro
diplomainter.pro
duffered.pro
existination.pro
hahashow67.bit
pitfields.pro

# Reference: https://twitter.com/SoulRage6/status/1168171341998149637

casternsinc.com
casternsblog.com

# Reference: https://github.com/silence-is-best/c2db#icedid

memphase.com

# Reference: https://twitter.com/SoulRage6/status/1184141516534702081
# Reference: https://www.virustotal.com/gui/file/6f72987e323aa2d0a81c74e45851b62c1f415f703be20afb662748bc709f9361/detection
# Reference: https://twitter.com/JasonMilletary/status/1184201998381522944
# Reference: https://pastebin.com/vnwHadJk
# Reference: https://twitter.com/JasonMilletary/status/1190286207751733248
# Reference: https://pastebin.com/cz2HePMS

amongolia.com
bavariousltc.com
bhagavana.com
biorexis.top
builtitute.com
contrmved.com
corposted.com
coujtried.com
demonike.com
demonsoon.com
dioneras.top
eurobable.com
founddhog.com
honolfogy.com
jjanuatu.com
leonopic.top
lionerat.top
magnwnce.com
mastroga.top
memphase.com
molinaro.top
nopelrod.top
pidronog.top
piloresi.top
presifered.com
sacrecope.com
semistor.top
sheaffic.com
sheaffic.net
sheaffic.nl
sheaffic.org
tadpoleonilc.com
tidesore.top
wentinueqhcr.com
whyeelong.com

# Reference: https://twitter.com/OttoScav/status/1186356752406724609

gfthwards.net

# Reference: https://twitter.com/JAMESWT_MHT/status/1187390560384049155

gfthwards.com
gfthwards.eu
piloresi.top
presifered.com

# Reference: https://twitter.com/wwp96/status/1189244489472319489

kbtseafood.com

# Reference: https://twitter.com/malware_traffic/status/1190026665952497667
# Reference: https://www.virustotal.com/gui/ip-address/217.182.188.118/relations

217.182.188.118:443
demonsoon.com
emperimen.com
magnwnce.com
moreogramlfgt.com
orsement.net
orsement.org
resultiplrt.com

# Reference: https://twitter.com/malware_traffic/status/1068570263732789248

govenian.host
suprecien.host

# Reference: https://twitter.com/malware_traffic/status/1068281897346838528

freshwallet.at
labadegmc.com
listmyfloor.com
modelssohn.website

# Reference: https://twitter.com/pollo290987/status/996471190221983746

3200bpm.com
autozpolisy.pl
tagamol.com

# Reference: https://twitter.com/JR0driguezB/status/978937668921970688
# Reference: https://github.com/JR0driguezB/malware_configs/blob/master/IcedID/C2.txt

arcadyflyff.com
atlanimeday.com
binncu.net
camorata.com
comeontrk.com
csuwbru.net
cupicratings.com
daliyudin.net
debonointl.net
dorothyle.net
expling.net
firebbernank.net
freegameshacks.net
fzlajsf.net
gordondeen.net
jefchinloans.com
joronda.com
jumpsworks.com
medicalciferol.com
miraquebolsis.com
nobleduty.com
timmasanz.net
tradequel.net
wbgjds.net
youaboard.com

# Reference: https://twitter.com/Paladin3161/status/1156867967260303360

bumpsitting.pro
heinless.pro
mainly.pro

# Reference: https://twitter.com/Paladin3161/status/1156632752260648960

diplomainter.pro
existination.pro
forsynanchyv.com
stalitic.pro

# Reference: https://twitter.com/JAMESWT_MHT/status/1194631881007910921

aginia.net
aginia.top
leonopic.top
nopelrod.top
sacrecope.com
telected.xyz

# Reference: https://twitter.com/stecar792/status/1194745611377135616
# Reference: https://pastebin.com/FhbU27vC
# Reference: https://pastebin.com/if2VpJJg

bhagavana.com
eurobable.com
leonopic.top
lionerat.top
memphase.com
mirkolkdb.com
mirkolkdb.eu
mirkolkdb.net
mirkolkdb.nl
nopelrod.top
pidronog.top
sacrecope.com
semistor.top
tadpoleonilc.com
telected.com
telected.eu
telected.in
telected.net
telected.nl
telected.one
telected.org
telected.tel
telected.top
telected.xyz
wentinueqhcr.com
whyeelong.com

# Reference: https://twitter.com/JasonMilletary/status/1177323562425815049
# Reference: https://pastebin.com/XF980VrW

bhagavana.com
biorexis.top
centrash.com
duffice.com
eurobable.com
fallium.com
gioredoh.top
kenoted.com
leonopic.top
lionerat.top
mamerona.top
mastroga.top
memphase.com
molinaro.top
nopelrod.top
pidronog.top
samioner.top
scatholics.com
semistor.top
tidesore.top
uniresio.top
vulcate.com

# Reference: https://twitter.com/JasonMilletary/status/1176934514414759936

genepbisulphite.nl
yavagumchewer.com

# Reference: https://twitter.com/JasonMilletary/status/1174026442100940800

eonopic.top
ionerat.top
ioredoh.top
mamerona.top
olinaro.top
samioner.top
uniresio.top

# Reference: https://www.f5.com/labs/articles/threat-intelligence/de-icing-icedid--decompression-and-decryption-methods-explained-?

ygrenevresed.fun

# Reference: https://twitter.com/CapeSandbox/status/1168607522795790337
# Reference: https://twitter.com/SoulRage6/status/1168171341998149637

casternsblog.com
casternsclub.com
casternsinc.com
casternssite.com
rankrns.com
staterns.com
webcasterns.com

# Reference: https://twitter.com/JasonMilletary/status/1197209873294999553
# Reference: https://pastebin.com/964KsuMx

bhagavana.com
dioleg.top
eurobable.com
fioure.top
goidiom.top
guiertr.top
hiolne.top
leonopic.top
lionerat.top
memphase.com
mirkolkdb.com
mirkolkdb.eu
mirkolkdb.net
mirkolkdb.nl
monerto.top
nopelrod.top
pidronog.top
riopwe.top
sacrecope.com
semistor.top
tadpoleonilc.com
tierton.top
tyuerse.top
wentinueqhcr.com
whyeelong.com
ziones.top

# Reference: https://twitter.com/JasonMilletary/status/1197541828402143233

37.48.83.137:80
37.48.83.137:443

# Reference: https://twitter.com/JasonMilletary/status/1197593565863518208
# Reference: https://app.any.run/tasks/30cb7b07-6cff-4ff0-88eb-e69c6d60397a/

berrydom.top

# Reference: https://twitter.com/Kostastsale/status/1199604381751988225
# Reference: https://app.any.run/tasks/b3f60bc6-c821-4921-b4e4-221e32b2d7e7/
# Reference: https://app.any.run/tasks/6e5996c2-81b1-45ac-bdd0-3ec9517608ce/

astenitral.club
desreona.top
gerrredona.top
nedisona.top

# Reference: https://any.run/malware-trends/icedid (Note: as seen on 2019-12-04)

dirosad.top
jikolis.top
monerto.top
ziones.top
tierton.top
ddos.dnsnb8.net
semistor.top
guiertr.top
tyuerse.top
thuocnam.tk
desreona.top
nedireob.top
gerrredona.top
nameseorin.top

# Reference: https://pastebin.com/ErESEBNy

herrasei.top

# Reference: https://twitter.com/killamjr/status/1203183444127354880
# Reference: https://www.virustotal.com/gui/domain/colonisfg.com/relations
# Reference: https://www.virustotal.com/gui/file/5cfbcfac6faea9055f9c7bebc1974aac0ec445f4d08900100b5a3a389ec02610/detection

colonisfg.com
derilopa.top
dezaredo.top
gerontos.top
netionax.top
seniorex.top

# Reference: https://twitter.com/luc4m/status/1204861411010207744

certifacto.com
beaderza.top
gertuko.top
hiperdom.top
modestog.top
nonedore.top

# Reference: https://twitter.com/malware_traffic/status/1208205022925860865

b99vxjju.com
jlb81hdvernon.com
v60yuuu1415.com

# Reference: https://app.any.run/tasks/5e1ba7ba-4a11-44d0-a80b-ea188041fd76/
# Reference: https://pastebin.com/higQqzwD

arkanacarszoom.pro
arkanacarszoom.red
arkanaways.pro
arkanaways.red
baberdon.top
bavariousltc.com
bavidopa.top
beaderza.top
berrydom.top
bilopans.top
biodeser.top
bladisuka.red
brekatrinado.red
carensod.top
certifacto.com
colonisfg.com
containerfirearms.com
copiresd.top
coridef.top
cowspidzu.pro
demandary.com
desreona.top
dioledoe.top
dioleg.top
dirosad.top
elabortin.com
exceptionalsanta.pro
fanisder.top
fidonau.top
fioure.top
foxitone.top
geropil.top
gertuko.top
giretona.top
golitope.top
goredoma.top
goresoin.top
herdomo.top
hiolne.top
hiperdom.top
hironmen.com
hovernor.com
jikolis.top
kololokoip.red
korendor.top
kuskusnamnam.icu
loperdon.top
manyloaddss.red
maredosa.top
maxikolo.top
modestog.top
monerto.top
moreogramlfgt.com
muratinue.com
nedisona.top
newyeardocs.pro
newyearfreaks.pro
nikolopu.top
nonedore.top
owspidzu.pro
piterdos.top
redilok.top
renaultarkana.pro
renaultarkana.red
resultiplrt.com
riopwe.top
rubonder.top
santaclausdriver.red
serkolo.top
sionerde.top
sisipiciliko.pro
skachkiiloady.pro
stata.link
succine.com
systemory.com
thrushmore.com
tierton.top
transityfade.pro
transityfade.top
viderson.top
vilokilofilo.pro
viterex.top
voperdom.top
xyuvuugadali.info
xyuvuugadali.pro
ziones.top

# Reference: https://pastebin.com/VniAbG5k

ecowis.com
exceptionalsanta.red
fmjstorage.com
happysantacows.red

# Reference: https://twitter.com/SoulRage6/status/1215259274055704577

letsgotopluto.best
plutomylove.monster
plutoisaplanet.best
plutomylove.monster
plutusforpluto.best
saveplutoplanet.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1215260222832463873
# Reference: https://app.any.run/tasks/47590dc6-e93a-49e9-b053-974230cf8d3c/

hillenincopenhagen.best
willenhillen.xyz

# Reference: https://app.any.run/tasks/36d30924-4064-4288-a4e3-bc3ea44bda3e/

venusplanet.best

# Reference: https://twitter.com/JasonMilletary/status/1227975671282118657
# Reference: https://pastebin.com/kVWnJkaC

4success8.pro
creativedevelopment.xyz
developme.best
fridgehealth.best
geminichair.xyz
imreherzog.xyz
kinuplayer.info
langlawer.pro
nasafridge.xyz
spacecable.best
starofporn.xyz
thefeelingsapple.xyz

# Reference: https://twitter.com/Paladin3161/status/1228359000359501824
# Reference: https://pastebin.com/GUGbsQxE

appleparkca.best
bigbonmax.best
firedoggy.xyz
laroshelle.best
stamptowns.best
stsseriesdilemma.xyz

# Reference: https://twitter.com/James_inthe_box/status/1228452446978002944

applethecompany.best
bulbulmeni.best

# Reference: https://app.any.run/tasks/e7fb661a-6968-4367-9cd4-2077419a702d/

jagerteam.top
bibliophil.club
happyhunters.pw
bibliophil.pw

# Reference: https://twitter.com/malware_traffic/status/1243645177245380610
# Reference: https://www.malware-traffic-analysis.net/2020/03/27/index.html
# Reference: https://app.any.run/tasks/16c7bbfb-1c6a-40be-a625-bf8bc870354b
# Reference: https://app.any.run/tasks/9f2e532c-24d9-42d5-9be2-7ce9a8920980

conceptinteriors.ae
karantino.xyz
pravizzillo.club
projectfatty.club

# Reference: https://sysopfb.github.io/malware,/icedid/2020/04/28/IcedIDs-updated-photoloader.html
# Reference: https://app.any.run/tasks/d092cd7a-3e1c-479f-93e0-6494e464f44e/

http://45.147.231.107
customscripts.us
hinkaly.club
karantino.xyz
zajjizev.club

# Reference: https://twitter.com/malware_traffic/status/1256297802948399104

ghefgekil.club
obratapres.pw
smallhole.club
severeconditions.xyz

# Reference: https://twitter.com/James_inthe_box/status/1257418677760282624

knockaddress.xyz

# Reference: https://pastebin.com/vCfWusnR

lokolojazz.club

# Reference: https://twitter.com/SBousseaden/status/1258564579463921665
# Reference: https://app.any.run/tasks/c98c5585-ad28-4744-8156-476efa30674e/

turtlesfun.fun

# Reference: https://twitter.com/James_inthe_box/status/1262856956613554176

connuwedro.xyz

# Reference: https://bazaar.abuse.ch/sample/837f40c12fc476d81d0741da2ab0bc0ee5c9857fe9623f2dfa33fb9f9d20f6ce/

bividilli.xyz

# Reference: https://app.any.run/tasks/6b57fda7-dd83-44c9-a8d0-3befecb7c4c6/
# Reference: https://bazaar.abuse.ch/sample/df0b5d6ca7ba81e22d98e1f4dafe4d222ce496c31299e4189d8d773d9b70d6ec
# Reference: https://www.virustotal.com/gui/file/df0b5d6ca7ba81e22d98e1f4dafe4d222ce496c31299e4189d8d773d9b70d6ec/detection

cryptocrio.pw
cryptocrio.top

# Reference: https://twitter.com/abuse_ch/status/1265989591628238848

3chickens.pw

# Reference: https://pastebin.com/bUzE4Df6

fordthunderbirth.site
gotofresno.xyz
luxcarlegend.top
nicebirththunder.cloud
poloturtles.top
robertogunez.xyz
totheocean.pw

# Reference: https://twitter.com/James_inthe_box/status/1268985862173257728

porkon3stuff.top

# Reference: https://twitter.com/Artilllerie/status/1270013362194219008

makindra.xyz
pohindra.best
prostokilo.top

# Reference: https://twitter.com/malware_traffic/status/1270158384738770951

trythisrandom.top
ziddat.com/registration.doc

# Reference: https://twitter.com/malware_traffic/status/1271588921168867329

musicapuntocero.com
wloppyload.top

# Reference: https://github.com/f0wl/deICEr/blob/master/README.md

boldidiotruss.xyz
nizaoplov.xyz
153ishak.best
ilu21plane.xyz

# Reference: https://blogs.juniper.net/en-us/threat-research/covid-19-and-fmla-campaigns-used-to-install-new-icedid-banking-malware
# Reference: https://pastebin.com/Sz16iU57

2pillsofhunderts.pw
30miles.xyz
3chickens.pw
3glanzepages.top
antivarevare.club
antivarevare.pw
bavadivaclub.club
beradocolon.top
bividilli.xyz
bluekit.pw
bonwes.bid
bredretre.uno
carpetkisa.xyz
carztesla.xyz
chumocarz.club
citytrallbus.xyz
colocarantino.xyz
connuwedro.xyz
cosacasa.top
costacolonel.club
costamustero.pw
coucarachiz.top
cozyappt.club
crossbones.email
cryptocrio.pw
cryptocrio.top
cucumberz99.club
dayafterthe.xyz
dezisenkor.club
docccutime.xyz
emergencytoolz.pw
extraordinarycurc.club
fekilopol.xyz
feminization.xyz
fidelliware.pw
filacolonel.site
filacolonel.xyz
filteroggy.pw
fishmak.pw
flighfinder.xyz
flightslots.online
forwardnogi.pw
fredoferodo.top
frenchfries8.top
fullplainefares.club
gerenada.club
ghefgekil.club
gigakolors.club
glassyradua.xyz
goodcolonell.xyz
goodservers.top
groggypirogy.top
herekeder.best
hinkaly.club
instarobotics.club
karantino.xyz
kassadesada.top
knockaddress.xyz
knockdomain.xyz
loacorecoder.club
lokolojazz.club
menosmeno.best
millogorillo.top
nadalia.top
northdestrickt.top
oggytarakan.club
oggythecoucca.xyz
polymorphis.top
pravizzillo.club
pravizzillo.email
presserdresser.best
pyramide33.pw
pythonfinder.top
safebanktest.top
seguridadcolonel.club
sharedocar.xyz
siffersniffer.best
silkycow.pw
smallhole.club
stuffed8tomatoes.club
svaerossi.pw
testermeisterz.top
tourdayly.top
tryfreder.xyz
trythisone2.best
uxozhuki.pw
vereseptem.pw
vodkahater.xyz
withoutemblems.top
yahzdaje2.website
zajjizev.club

# Reference: https://twitter.com/ffforward/status/1275364648091557889
# Reference: https://app.any.run/tasks/f4945f71-1327-43d4-b948-326bcc730033/

khaliel.com/load/
loadthird.casa

# Reference: https://twitter.com/abuse_ch/status/1275526243404972034
# Reference: https://bazaar.abuse.ch/sample/921138bc2b28d01a51e6673c6e61ba3237592d08875180e0b3749d8e47fdfd6d/

germana-arad.ro/tds.php
redbrookconservatories.com/wp-content/themes/genesis/tds.php

# Reference: https://twitter.com/abuse_ch/status/1278373790054076417

ldrbasketball.net

# Reference: https://twitter.com/baberpervez2/status/1279177216249733120

lotusabloom.com

# Reference: https://twitter.com/James_inthe_box/status/1282793500325498881
# Reference: https://app.any.run/tasks/0a4d263a-75d7-4e10-8129-4b260141ebcf/

neptuneloadz.casa

# Reference: https://twitter.com/JAMESWT_MHT/status/1283450384061800453
# Reference: https://www.virustotal.com/gui/domain/ldrglobal.casa/relations
# Reference: https://www.virustotal.com/gui/ip-address/104.248.62.43/relations

ldrglobal.casa
ldrgreecehome.casa

# Reference: https://pastebin.com/raw/DZNj1XQ6

circleoccupy.best
ldrtango.casa
mramoritto.top

# Reference: https://twitter.com/JAMESWT_MHT/status/1285210383557558273
# Reference: https://www.virustotal.com/gui/ip-address/157.230.17.102/relations

loadberlin.casa
loadprague.casa

# Reference: https://www.virustotal.com/gui/file/502268717d5b2e7c70d800f09daaebb861d0c05baf66f96f698215107bcf82d3/detection
# Reference: https://www.virustotal.com/gui/file/4794fc23f8b61badab67099a5f31ab20a1864a061fabd89d60695c5cefe2a29b/detection

citytrallbus.xyz
cluebullet.best
conspiracylegal.xyz
freekolobanga.top
kolobanga.press
mannycoder.top

# Reference: https://twitter.com/malware_traffic/status/1285669899696775175
# Reference: https://www.virustotal.com/gui/ip-address/178.128.195.34/relations
# Reference: https://www.virustotal.com/gui/ip-address/89.105.198.105/relations

againstrocket.top
androsandro.top
blmfuck.best
blmfuck.top
changewinds.top
fegmetozza.top
helicopterstarted.top
italyvenice.top
newwildtuna.top
overthewater.top
plainlanded.top
shopunderwater.top
venicefood.best
venicefood.top
loaderprototype.casa

# Reference: https://app.any.run/tasks/d52f66be-14f1-47fc-ad3b-77c89c0e2b77/

loadhnichar.co

# Reference: https://pastebin.com/raw/bfTG05My
# Reference: https://www.virustotal.com/gui/ip-address/194.5.249.122/relations

betafrosner.best
foztrotalphatester.xyz
gigaholliver.top
iskuliokilo.pw
loadkanoe.casa
passiopersio.top

# Reference: https://pastebin.com/a5rqv7c7

ldrfoxtrot.casa
ldrvals.casa
loadproto.co

# Reference: https://pastebin.com/NvzmauW1

ldrgopak.casa
loadbudapest.casa

# Reference: https://github.com/tsale/Kostas_Yara-Rules/blob/master/Malware/IcedID_loader.yar

requiregreen.com

# Reference: https://twitter.com/0bfusCat/status/1243213416837402624

monoplanebis.xyz

# Reference: https://www.virustotal.com/gui/ip-address/95.174.65.224/relations

banconchle.live
blackbullhorns.pro
blackcowlegs.best
boldidiotruss.xyz
bullhorns.xyz
bullyhorn.xyz
cargoship.top
cargovan.top
colocalzz.xyz
daretohaveyours.xyz
freeclubcargo.club
freeshippingto.top
hornybull.best
landoffarming.xyz
landstorages.best
nizaoplov.xyz
propanballoon.club
propanballoon.pw
propanballoon.top
selectedship.top
servantstat.best
shalomgashish.best
shalomisrael.xyz
shalomshabatt.best
shishashalom.pro
sizhinpin.best
spinnertrousers.best
sportspotlandfarm.xyz
trustedcommand.top
venomnewsite.club
verticalzz.pro

# Reference: https://www.virustotal.com/gui/file/79723cbc2234e26aae3111b8c7b6711da68a46d01e5808598a1492e49c331f60/detection

mexicanfoodinmiami.pro
exceptionalsanta.pro
happysantacows.red

# Reference: https://twitter.com/0bfusCat/status/1209421391910645760

santaclausdriver.pro

# Reference: https://twitter.com/0bfusCat/status/1059084917756301318
# Reference: https://www.virustotal.com/gui/file/199351acf7947ed415f6b4ed0049757fba0b0111aed1cfc20030efebe5af5005/detection

alldo.club
office365.bit
specialnan.date

# Reference: https://twitter.com/reecdeep/status/1290260109260595200
# Reference: https://app.any.run/tasks/dbf04eb6-35c7-4a8c-b311-67f6ffc1b54f/

ldrflippo.co

# Reference: https://twitter.com/p5yb34m/status/1290408585273344001
# Reference: https://www.virustotal.com/gui/ip-address/134.209.191.228/relations
# Reference: https://www.virustotal.com/gui/file/677fd9bc5ee34b4e171897fc07082a7fa14854d2f881cd62a23cb0c2181fa240/detection

ldrneptuno.net
loadagent.casa
loaderclass3.casa

# Reference: https://twitter.com/James_inthe_box/status/1290773214520434690
# Reference: https://tccontre.blogspot.com/2020/08/learning-from-iceid-loader-including.html
# Reference: https://app.any.run/tasks/b4beb108-60c8-4ae5-8f7b-4f21ffa5da7a/

loadfreeman.casa

# Reference: https://isc.sans.edu/forums/diary/TA551+Shathak+Word+docs+push+IcedID+Bokbot/26438/
# Reference: https://otx.alienvault.com/pulse/5f2d7028f25fbdc6daa1b016
# Reference: https://www.virustotal.com/gui/ip-address/94.100.18.58/relations

31goalsyaher.co
atalantaclub.co
juveperdhue.top
leaderfreeder.co
northkorisla.co
qazyaquanauti.co

# Reference: https://twitter.com/reecdeep/status/1292828204445696001
# Reference: https://app.any.run/tasks/59666532-c5e3-4080-9266-7812f337a104/

nothingtodo.co

# Reference: https://twitter.com/p5yb34m/status/1292886770246225920

soldkorean.top

# Reference: https://pastebin.com/raw/Ye7MrSqV
# Reference: https://www.virustotal.com/gui/ip-address/45.66.250.145/relations

debuggerhelper.top
discsnooker.best
felliohreffer.co
jallioradio.co
youmecube.top

# Reference: https://twitter.com/0bfusCat/status/1293218539684401154
# Reference: https://www.virustotal.com/gui/ip-address/159.203.184.41/relations
# Reference: https://www.virustotal.com/gui/file/d99c8340e0a0c65212465e36ea184e48b16136ccda77dcf2b2a0865b154f70c6/detection

accentio.online
boxeschannel.co
dassentrio.top
ulanudeo.online
zalkipamat.top

# Reference: https://twitter.com/reecdeep/status/1295399848569712642
# Reference: https://app.any.run/tasks/26ef48a4-c45b-48f3-8a63-c5b02f7467b4/
# Reference: https://www.virustotal.com/gui/ip-address/134.122.73.8/relations

loadlisboa.casa
loadofficer.casa

# Reference: https://pastebin.com/raw/4tgby2qV
# Reference: https://www.virustotal.com/gui/file/9ba8f41f73a563796c021dbe89d3bd9a8d3a2d0226425e43efc271536f5f376b/detection
# Reference: https://www.virustotal.com/gui/ip-address/165.227.41.66/relations

loadrome.directory
crypnotes.co
ghererrafleur.co
helindraold.co
hwakiraklir.top
mahindranew.co
staerfraer.co

# Reference: https://twitter.com/reecdeep/status/1295727323052945411
# Reference: https://app.any.run/tasks/c33bd52b-f56e-486f-9b7f-55ac112e8554/

firstava.top
fourthava.club
secava.best

# Reference: https://twitter.com/Unit42_Intel/status/1296500515065536515
# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-08-18-TA551-IOCs-for-IcedID.txt

apparatto.top
babafirst.top
babafourth.club
cheapoilz.best
mintrillion.club
musorru.top
rolifo23.top
thirdava.cyou

# Reference: https://twitter.com/reecdeep/status/1296809596351283200
# Reference: https://www.virustotal.com/gui/ip-address/138.197.137.215/relations

ballsinluza.co
ferhalirish.co
ldralfa.casa
ldrbeta.casa
ldrcharlie.casa
lifregal.co
snookermaster.co
spplohh.co
trazzhres.best
truckycustom.pw

# Reference: https://twitter.com/reecdeep/status/1300432198135418880
# Reference: https://twitter.com/reecdeep/status/1301159068279746561
# Reference: https://app.any.run/tasks/f3c7a321-bead-4914-b780-bd9e1dca32a2/
# Reference: https://app.any.run/tasks/f312482a-bf13-4f05-ac58-9bf0a91ef132/
# Reference: https://www.virustotal.com/gui/ip-address/64.227.95.68/relations

classified.best
customrecustom.top
deskofreserve.top
dissdoorg.top
explodevices.top
huhunadekil.top
ldrtugi.casa
niggpigs.best
piggyniga.pw
programmelexc.club
singleperson.pw
terminpolg.top

# Reference: https://www.virustotal.com/gui/file/2a9fe9fdc49ae22a691d027f721bab70a430136559b2207b528e905c390343f6/detection

195.69.187.86:443
93.189.149.176:443
ignorepairs.pro

# Reference: https://pastebin.com/QSqT99xJ

albarthurst.pro
ambiguing.net
anothese.xyz
answerved.net
bandstreat.pro
berlingbowman.pro
bugandonesis.club
camishniacing.pw
carlsbadenomise.top
centrastroyer.club
charactic.pro
chardiop.club
consequencycle.pw
contempty.club
demandymedes.xyz
dorentmeofts.com
egainvisit.pw
ettestinbalt.com
exchangests.xyz
forsynanchyv.com
germakhya.xyz
goodinzone.at
harbournal.club
hipponexunam.org
hornformance.pro
hydrylater.online
ichthererbob.org
ignorepairs.pro
importional.com
maiowforecto.org
massentern.pw
mechangerous.space
meiyardionsa.org
minoriticipal.pw
monkeyflowed.pro
mozambiquest.pw
murderinal.pro
parenessed.icu
ransmittend.club
rolescene.xyz
runethern.pro
seconominist.com
seeminism.pw
stimateurs.club
summerch.xyz
talogue.pw
teautotaillhurneg.org
therlanding.xyz
thracial.pw
thussailled.pw
tracroadsmendisan.org
tradication.pw
wagenstead.xyz
writtee.pro

# Reference: https://twitter.com/p5yb34m/status/1303408866483290112
# Reference: https://twitter.com/p5yb34m/status/1304108801860071424
# Reference: https://www.virustotal.com/gui/ip-address/194.113.34.92/relations

eurisiuri.top
kilogoncha.casa
ldflipper.casa
ldfolkland.casa
ldklippers.casa
loadbejing.casa
loadgermy.casa
loadlondon.casa
loadnewjersey.casa
loadperventin.casa
loadseoul.casa
loadxiniang.casa
repofinlsnd.casa
sleepymaxer.cyou
vbikdemokk.casa
vloppiloker.cyou
zasudaproteet.casa

# Reference: https://twitter.com/reecdeep/status/1304051067093692422
# Reference: https://twitter.com/reecdeep/status/1304071658521669632
# Reference: https://app.any.run/tasks/c0d6f2fb-ad34-4ce8-9a87-ee2c9ac94055/
# Reference: https://app.any.run/tasks/0db6cb2f-b477-4e8a-8b7e-a7911fcfc8f0/
# Reference: https://www.virustotal.com/gui/ip-address/159.65.137.90/relations
# Reference: https://twitter.com/reecdeep/status/1305523915054354433
# Reference: https://app.any.run/tasks/2c48723a-6803-4f9d-a330-63d546408b9d/

9dayscitadel.co
biglosses.top
ldleadflip.top
ldrfatty.casa
ldrglass.casa
ldrplastic.casa
loadbiofill.casa
loadbooker.casa
loadhooker.casa
loadnavycomp.casa
loadspanny.casa
roofallkilo.co
waysoflibis.best

# Reference: https://www.virustotal.com/gui/ip-address/51.210.73.176/relations

fikilederes.club
ldjersey.casa
ldrapollo.casa
ldrglass.casa
ldrinsertion.casa
ldrpanel.casa
ldrporollon.casa
loaderooker.casa
loadflooker.casa
loadfrooker.casa
loadgooker.casa
loadsite2.casa
loadsite4.casa
pussiageorge.cyou
starterdewakilo.best

# Reference: https://pastebin.com/Z4kWrhSF

10hesadety.pw
85vumbut.best
asnerkifa.cyou
aspellino.cyou
bcertyuo.cyou
gastellino.top
hurmaniut.cyou
matrossinio.xyz
povoliporillio.xyz
zopenret.top

# Reference: https://twitter.com/malware_traffic/status/1304507387957608450
# Reference: https://pastebin.com/bRT1y6rv
# Reference: https://www.virustotal.com/gui/ip-address/68.183.47.194/relations
# Reference: https://www.virustotal.com/gui/ip-address/164.90.153.241/relations

budagent.cyou
castrovillage.cyou
daswerbworse.best
delegatoz.xyz
jheckler.top
malgs.best
patriwifecis.cyou
saqerisation.best
tatarovers.best
tizersincluded.best

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-09-14-TA551-IOCs-for-IcedID.txt
# Reference: https://www.virustotal.com/gui/ip-address/134.122.55.164/relations

77hertykol.club
90nesokret.top
astrafrodo.asia
bcertyou.cyou
bettercontact.co
downdomino.click
examoplerevo.pw
ldrdropper.casa
ldrpaperkoz.casa
ldrpitcher.casa
ldrruble.casa
ldrshekel.casa
ldrstar.casa
ldruniverse.casa
loadgo2.casa
loadro3.casa
loadwe4.casa
trapotorio.best

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-07-14-TA551-IOCs-for-IcedID.txt
# Reference: https://www.virustotal.com/gui/ip-address/194.5.249.158/relations

circleoccupy.best
corporotto.top
mramoritto.top
papuanewguinew.club
portivitto.top
slizilinno.top

# Reference: https://www.virustotal.com/gui/ip-address/45.153.240.223/relations

loadwarsaw.casa

# Reference: https://www.virustotal.com/gui/ip-address/79.141.171.183/relations

allpikoloserdzwe.cyou
gaagachelo.cyou
obnaprimezert.cyou
odnovoennbundes.cyou
sipmptomsledy.top
sprbumazna.club
uragapediculez.top

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-07-20-TA551-IOCs-for-IcedID.txt
# Reference: https://www.virustotal.com/gui/ip-address/161.35.148.20/relations

ldrplutos.casa
loaderoverlord.casa

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-07-31-TA551-IOCs-for-IcedID.txt
# Reference: https://www.virustotal.com/gui/ip-address/165.22.120.138/relations

ldrpolka.casa

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-08-03-TA551-IOCs-for-IcedID.txt
# Reference: https://www.virustotal.com/gui/ip-address/161.35.207.41/relations

houssio45.co
littlehomies.cyou
radicaltreppo.co
transferhouse.cyou
twoloftscats.cyou

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-08-14-TA551-IOCs-for-IcedID.txt
# Reference: https://www.virustotal.com/gui/ip-address/89.105.198.114/relations

atombody.best
blholove.best
blholove.co
coverbeacon.top
cutbroken.club
lostinbush.best

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-08-20-TA551-IOCs-for-IcedID.txt
# Reference: https://www.virustotal.com/gui/ip-address/104.131.13.31/relations

ldrfewa.casa
ldrgeo.casa
ldrnuri.casa
ldrpopi.casa

# Reference: https://www.virustotal.com/gui/ip-address/159.203.35.240/relations

gugafirst.top
gugasecond.cyou
ldrfohill.casa
womindo.co

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-08-27-TA551-IOCs-for-IcedID.txt
# Reference: https://www.virustotal.com/gui/ip-address/89.105.194.231/relations

chinadedoing.best
feretraidsouth.cyou
musiciange.club
pommiopeo.cyou
rightsaqua.cyou

# Reference: https://www.virustotal.com/gui/ip-address/128.199.121.86/relations

balancesheets.pw
destroyerspussan.top
stryjerefer.buzz
swedenstats.best
tank50.top
xixoloadr.casa

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-08-28-TA551-IOCs-for-IcedID.txt
# Reference: https://www.virustotal.com/gui/ip-address/67.205.166.105/relations

dluizz.top
ldrloki.casa
nothingtodo.co
shammunani.top
situator.best
sleepstops.club

# Reference: https://www.virustotal.com/gui/ip-address/185.147.15.25/relations

kajakracer.top
sequoejak.club
statuator.pw
swedenstats.best
withmar.club

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-09-01-TA551-IOCs-for-IcedID.txt
# Reference: https://www.virustotal.com/gui/ip-address/167.71.229.185/relations

gigacouckarach.xyz
ldrulmio.casa
piggyniga.top

# Reference: https://www.virustotal.com/gui/ip-address/159.89.226.226/relations

dissdoorg.top
explodevices.top
trazzhres.top

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-09-08-TA551-IOCs-for-IcedID.txt

loudnavycomp.casa

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-09-17-TA551-IOCs-for-IcedID.txt
# Reference: https://www.virustotal.com/gui/ip-address/142.93.218.110/relations

astedolo.asia
ldrcantimo.casa
ldrearth.casa
ldrkrona.casa
ldrmercury.casa
ldrpanel.casa
ldrpeso.casa
ldrphound.casa
ldrporollon.casa
ldrspace.casa
ldrsuede.casa
ldrvenus.casa
vragafraga.beer
wertigohol.click

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-09-21-TA551-IOCs-for-IcedID.txt
# Reference: https://www.virustotal.com/gui/ip-address/134.122.101.157/relations

10hesadety.pw
85vumbut.best
bcertyuo.cyou
doremifasol.online
likofedo.club

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-09-23-TA551-IOCs-for-IcedID.txt
# Reference: https://www.virustotal.com/gui/ip-address/206.81.11.50/relations

andronicakopianz.top
assfingerz.club
droidattac.cyou
geraldiconews.cyou
spacerevodron.pw

# Reference: https://www.virustotal.com/gui/ip-address/46.101.10.119/relations

antologymaster.pw
headtroller.pw
lokopotio.pw
smavellpolia.cyou

# Reference: https://www.malware-traffic-analysis.net/2020/10/06/index.html
# Reference: https://www.virustotal.com/gui/ip-address/161.35.111.71/detection
# Reference: https://www.virustotal.com/gui/ip-address/91.235.116.132/relations
# Reference: https://www.virustotal.com/gui/file/58708f4f20813442260ac0983ad6edb8666c4173606debef497d546bec2b1a2a/detection

america2020.cyou
donmekyrm.top
figatrummpper.cyou
fikilederes.club
firstava.top
flathommy.top
holubicoklire.top
huliosmall.cyou
huntinglon.com
islandfighters.top
ldraccumuu.fit
ldrautos.fit
ldrcalifa.click
ldreuro.casa
ldrforce.click
ldrjersey.beer
ldrpeset.casa
loadbmw.click
loadgiga.click
loadmercedes.beer
loadpascal.asia
loadwater.casa
lobechess.cyou
placestostart.club
realparallel.top
rufepuksuka.cyou
sepneretyiu.cyou
softcornerz47.top
uzhokpidarok.cyou

# Reference: https://twitter.com/malware_traffic/status/1313952618948030464
# Reference: https://pastebin.com/raw/Dv6edvut
# Reference: https://www.virustotal.com/gui/ip-address/178.62.243.45/relations

donmekrym.top
grablihuiz.cyou
holubicoklire.top
obnulenush.cyou
sepneretyiu.cyou

# Reference: https://isc.sans.edu/diary/rss/26674
# Reference: https://www.virustotal.com/gui/ip-address/134.209.25.122/relations

huntysmally.top
jazzcity.top
ldrdifference.casa
ldrright.beer
loadfelicio.fit
loadmarcello.beer
smalleryurta.club
whiskeybravo.xyz

# Reference: https://www.virustotal.com/gui/ip-address/143.110.176.28/relations

minishtab.cyou
novemberdejudge.cyou
sryvplanrespublican.cyou
suddekaster.best
xoxofuck.cyou

# Reference: https://www.virustotal.com/gui/ip-address/104.131.38.173/relations

ldrengineer.casa
ldrk50.casa
sadawerty.link

# Reference: https://twitter.com/malware_traffic/status/1317238281554317313
# Reference: https://www.malware-traffic-analysis.net/2020/10/16/index.html

engisilo.best
likoncar.cyou
phauballistic.club
skrepamulan.cyou
weaponreich.pw

# Reference: https://www.virustotal.com/gui/ip-address/206.189.179.174/relations

japansoldat.asia
kommyplete.cyou
loadcuhel.beer
loadhelico.asia
rusoldat.click
smallplaces.shop
spaceprogramm.cloud
spehanemzu.top
zomboboxer.top

# Reference: https://www.virustotal.com/gui/ip-address/46.101.0.125/relations

americansoldat.link
anklavartefact.cyou
greerknees.top
ideaofplet.club
isolatedglobus.top
kleeslikreff.top
konzsered.best
ldrleft.asia
loadbombardier.beer
loadcessna.asia
loaddyna.fit
loadnelliko.click
ostiriozhio.top
qapoloki.cyou
seaforrest.asia
startcapital.top
vernerfonbraun.pw
voairtaxetion.xyz
wasserherehiller.club

# Reference: https://www.virustotal.com/gui/ip-address/159.65.114.23/relations

8mopazuredolit.best
couretplodaserq.cyou
familyfromforrest.club
fihokiliopo.pw
filopipilo.top
millogorillo.pw
mishagrisha.top

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-10-19-TA551-IOCs-for-IcedID.txt
# Reference: https://www.virustotal.com/gui/ip-address/68.183.125.188/relations

awemvngktyl.club
cowsmilky.top
defthebest.club
entroerdogany.pw
fishechi3.pw
fourblaizers.xyz
gigamazers.club
isolatedglubus.top
kolopoedre.best
kracherregimme.pw
luxcarlegend.club
pizzaeaters.top
posipako.top
reraspomonob.cyou
simpliefire.best
touchification.pw

# Reference: https://twitter.com/malware_traffic/status/1321211578113511425
# Reference: https://pastebin.com/raw/Szm0xFwr
# Reference: https://www.virustotal.com/gui/ip-address/188.166.82.172/relations

34ortiz.pw
bowlinglocombina.pw
careerquaterb.pw
dpvtrans.cyou
finulipor.pw
fodsijjire.cyou
hdfouter.pw
inforesuaremedown.club
maseratipirosh.top
mosquitollio.pw
nesutrebbe.pw
noviewnorussia.club
rivercoockinh.cyou
tsalkshower.cyou
tyrek87.cyou
wassilerepiom.top

# Reference: https://twitter.com/58_158_177_102/status/1321583599485820928
# Reference: https://twitter.com/58_158_177_102/status/1323420403277033472
# Reference: https://app.any.run/tasks/4e842de4-2dee-4f8c-ab25-d52a0c7bc4c0/
# Reference: https://app.any.run/tasks/2bbc6d3e-f0ca-42cd-8cac-f3af5296eea5/
# Reference: https://app.any.run/tasks/dbc926f6-eb68-43af-9a55-bc307b781754/
# Reference: https://app.any.run/tasks/deebf118-abe7-4ea5-9e33-81bce557d426/
# Reference: https://app.any.run/tasks/f64b9924-6022-428e-a0d7-4bd8ed3a3f01/
# Reference: https://app.any.run/tasks/8beff69c-0c5c-4ea2-9205-8b7ca7ade6f7/
# Reference: https://www.virustotal.com/gui/ip-address/167.99.248.130/relations

argentinocapuccho.cyou
covercinemo.club
detecvasquez.cyou
hobburussye.top
klopperflitter.cyou
konzsered.best
likrodetective.best
loaddyna.fit
loadhighertop.fit
loadrescuerer.casa
loadtwomoretimes.fit
ostiriozhio.top
papararazzi.cyou
redicilious.online
rekreations.cyou
voairtaxetion.xyz
zarubanonce.top

# Reference: https://twitter.com/MBThreatIntel/status/1321963911365586944
# Reference: https://www.virustotal.com/gui/ip-address/188.166.103.231/relations
# Reference: https://www.virustotal.com/gui/file/4d3c594e119e5137a2baafc1174d57b08f7b8bbd8e9116331abf8063837c0222/detection

anthekarabach.top
heredeire.xyz
loadpillar.casa
newbieshanna.pw
vesaporedik.club
zenit20112020.top

# Reference: https://twitter.com/malware_traffic/status/1323766476541775874
# Reference: https://pastebin.com/kHXmMhQQ
# Reference: https://www.virustotal.com/gui/ip-address/104.248.90.150/relations

0349ssss.cyou
3422jelle.best
9485pele.cyou
blokaddio.top
defeodallio.cyou
grekilioliplane.best
nawserty8.club
pelefootball40.best
quaddroporrte4.top
rewetiolo.xyz

# Reference: https://www.virustotal.com/gui/ip-address/46.101.7.77/relations
# Reference: https://www.virustotal.com/gui/ip-address/157.245.106.220/relations

alotthinlayers.best
gridplates8.pw
loadatlantic.fit
loadhonda.asia
loadricky.fit
loadrover.beer
loadsite2.casa

# Reference: https://twitter.com/malware_traffic/status/1326680201208717315
# Reference: https://www.virustotal.com/gui/ip-address/143.110.191.95/relations

2018starnpz.cyou
2solovushka8.cyou
aerofighters.co
angarakolessi.top
anyactions.best
armanepozy.top
armennewerria.top
aslokodebillo.best
astrapresa.top
aswepori.club
awelipo7.club
awertyutilo.pw
balkimraklire.cyou
belowragi.pw
beradocolon.top
besoputinnioputa.cyou
bigconsequences.top
bomberfiller.cyou
budaberlin44.top
bulutuso.club
casadekilo.best
cderete.pw
ckkpuliopo.best
closeroads.cyou
conretullio.best
consistan.xyz
coshmaputuxuylo.xyz
dasikloti.club
daysarecommitee.top
ddekilocasa.top
defencesystem.xyz
defreind.best
deliveryeating.best
derivoclition.club
dilibobiol.top
dosyllitu.top
durkapsycho.best
eastzrada.club
fcbarca.top
fdelopoh.club
federesursy.best
fekoliture.cyou
fellazillio.co
ferekilocasa.pw
findscrinder.pw
firstpartmotor.cyou
fodsijjire.cyou
footbalgoalkeeper.club
footballillemarcelle.best
freekolobanga.top
freemonter.top
geliopeople.cyou
gelipeterria.cyou
gettokolo.club
ghosternew.casa
gigikilo.xyz
gliokisser.best
glovercasa.club
goblinsdown.top
goloploroto.best
hdfouter.pw
hilloritopo.club
hongkonger.best
hzlkfb.xyz
jacksonwennik.pw
jare4.pw
jeteame.press
jijikolo.uno
kileder8.cyou
klopoprigozh.best
kolobanga.press
ledasopiret.best
lezasopedrill.cyou
likercasserio.top
likoncar.cyou
malselsilo.pw
maseratipirosh.top
moldovsky.club
moldovsky.top
moneocurva.top
motordotor.cyou
multiplecities.co
nekillosa.co
nithingmore.top
northvietnam.top
nothingknown.co
novoport16045.best
nullnadum.cyou
oldeney.xyz
operswagner.club
panrights.pw
parrondon.xyz
passsmennelio.top
phauballistic.club
pipulosha.cyou
piska.win
plainia.xyz
polisyl.top
postsovok.cyou
prevampion.icu
rankaraoh.xyz
rasolpewsitr.club
recidiver.best
rerozvi.best
reshitixa.cyou
retainthecolour.co
revorevonove.pw
rurulukashi.pw
sanoradad.club
sillivilkous.top
skisliz.club
sositezaporebrik.top
stilstol.pw
stopfurusputo.cyou
swerlillio.co
tarabarov.online
transmissons.pw
trebletta.top
trolliroses.cyou
tyrek87.cyou
ultimatulebe.cyou
unodostres.top
uppernapitki.club
uralshuja.club
velocarsderev.co
vergilliostar.top
vesaporedik.club
villedasilpo.best
visiondesicion.casa
werikiloty.best
whiterange.top
winthebrit.pw
zaborder.pw
zedebobo.top

# Reference: https://www.virustotal.com/gui/ip-address/198.211.99.24/relations

12demuslims.top
aslokodebillo.best
besoputinnioputa.cyou
compactmuslimsdeport.pw
experrementummo.pw
jacksonwennik.pw
nomoremigration.cyou
timerdisclaimer.pw

# Reference: https://twitter.com/58_158_177_102/status/1329591778635235328
# Reference: https://twitter.com/58_158_177_102/status/1329591782519177218
# Reference: https://app.any.run/tasks/9a6231ad-313a-4dff-a22a-e087f99edbb4/
# Reference: https://app.any.run/tasks/383862d8-66f5-4de9-b013-1d99f8bde04f/
# Reference: https://www.virustotal.com/gui/ip-address/143.110.185.84/relations

deretter.club
futuduramatios.best
kamastos.cyou
kennethinstitute.xyz
lowbudget.top
marinesnotarmy7.cyou
rasolpewsitr.club
suitecasecourt.cyou
sweetporto.cyou
zoperawekil8.top

# Reference: https://twitter.com/reecdeep/status/1329761384842792961
# Reference: https://app.any.run/tasks/89819e81-b694-42d2-9cd1-fa0b8e6bd9c8/
# Reference: https://www.virustotal.com/gui/ip-address/159.89.6.165/relations

4tankers8.cyou
aweragiprooslk.cyou
formerglommer.best
linedefragmentatiom.best
psycotrest33.cyou
revopilte3.club
transferblog.top

# Reference: https://twitter.com/malware_traffic/status/1329934246249697280
# Reference: https://www.malware-traffic-analysis.net/2020/11/20/index.html
# Reference: https://www.virustotal.com/gui/ip-address/165.232.104.85/relations

agrivcultureintegra.club
coupper3.cyou
desinforma.cyou
emoposawe.cyou
okrufedikol29.club
plumbum44.cyou
realisationdelimitation.top
store4famly.xyz

# Reference: https://www.virustotal.com/gui/ip-address/161.35.152.178/relations
# Reference: https://www.virustotal.com/gui/file/26101626e9e57de6271161f6929922bdc46ba4c71a98161cebf4e3199b82e58d/detection

bolopedasrty.club
desatopillo.best
klopperflitter.cyou
m103tank.cyou
minerdorf.top
shermannlow.best
/laband162/main.php

# Reference: https://twitter.com/malware_traffic/status/1331259415022825473
# Reference: https://pastebin.com/BR3dZTNU
# Reference: https://www.virustotal.com/gui/ip-address/68.183.54.143/relations

9seeallcars.best
afromadness.club
astroglippers.club
billeriubin.club
crypetecranch.best
dawessigriggio.pw
dnaislatoler.pw
egedemaer.cyou
fuckingkremlin.pw
grabberputinoyd.best
initiativeuntimed.cyou
lawofthechanges.cyou
noagreforisla.pw
nonormsinsla.pw
oligophreneoligarchi.club
oxxoboats.top
pochkapechenka.cyou
proissvollio.club
reraspomonob.cyou

# Reference: https://www.virustotal.com/gui/ip-address/167.71.224.39/relations

0349ssss.cyou
100thdollars.cyou
1911drink.best
49vodysf.club
54asplane.top
9485pele.cyou
aretulopetega.cloud
asertuyo.pw
asskniferd.best
avilablehelp.top
colombosuede.club
colosssueded.top
decorunbelieveble.best
delokijio.pw
desertpw.pw
driverapmassive.pw
durablad.shop
evroparlamiko.cyou
falsivikirigizy.pw
fihokiliopo.pw
fufuarmenja.xyz
golddisco.top
gromhitputi.cyou
hotelindivire.cyou
jajaelecto.club
june85.cyou
kniferbellir.cyou
kultimulti.top
laskiopowert56.club
layerfatfek.club
miamia.club
millogorillo.pw
mishagrisha.top
netochstatic.club
olloterponeik.pw
pareomedeo.club
pelefootball40.best
propellerregis.top
rarejawelleryz.cyou
refakolun.best
ruwedolki.pw
selekilleque.best
servepeolor.top
shakerdrinker.top
stubbornbilo.xyz
supremecourt.cyou
tatataryk.pw
wasserwoman.top
wertigoterrio.online
wheelssp.top
yorkykukri24.top

# Reference: https://twitter.com/malware_traffic/status/1331720027188441088
# Reference: https://pastebin.com/raw/43E0C8w3
# Reference: https://www.virustotal.com/gui/ip-address/68.183.89.248/relations

aslopoer45.cyou
bonvemrt.cyou
desloporty8.top
ujkiol45.cyou
vopilo49.best

# Reference: https://www.virustotal.com/gui/ip-address/64.227.88.71/relations

21pointsframe.cyou
acci54.cyou
casaderassa.cyou
defillionew.cyou
fikolopore.cyou
froplays.top
winasession.cyou

# Reference: https://www.virustotal.com/gui/ip-address/37.252.1.57/relations

basebusebise.red
bseballpro.pro
countrylandlords.info
geroiconnect.info
kostafootball.info
kostanards.red
selefromeconnect.pro
simpletransit.red
successkali.red

# Reference: https://www.virustotal.com/gui/file/e5f928160acd53a19b7de681b32b61fb36e1a7b13e9e8c1f3b5be66bc36496b3/detection

embassyecuador.ca
executiveteams.biz
maelloussa.red
malumaricky.info
mekillomelloussa.info
raeggyricky.pro

# Reference: https://www.virustotal.com/gui/ip-address/188.127.227.76/relations

arkanacarszoom.pro
arkanacarszoom.red
arkanaways.pro
arkanaways.red
bezzuhikali.info
custommegane.info
indianfoodinmiami.pro
kalistands.info
kasialinia.info
koreanfoodinmiami.pro
kostaboxing.pro
kostacardsplayer.pro
landiscloudlord.red
landlordscloud.pro
malayanfoodinmiami.pro
meganrenaultforjoe.red
mexicanfoodinmiami.pro
renaultarkana.pro
renaultarkana.red
russianfoodinmiami.pro
serejitykaty.pro
sisipiciliko.pro
thaifoodinmiami.pro

# Reference: https://twitter.com/malware_traffic/status/1333485185841713157
# Reference: https://pastebin.com/x9iiCjGH
# Reference: https://www.virustotal.com/gui/ip-address/167.71.138.137/relations
# Reference: https://www.virustotal.com/gui/ip-address/185.135.82.225/detection

1952warrior.xyz
8mopazuredolit.best
allthemeanings.top
asderator.cyou
azomorinno.best
crysys70th.cyou
fewboys.cyou
folopotress.top
heavytankmarines.best
kamastos.cyou
m41tank.best
marinesnotarmy7.cyou
middletankbattalion.club
morenthechief.xyz
oldaquafrsh.cyou
outgrade.club
rotapetek.cyou
symplyfireteller.best
t34tank.club
tatarinanaboskuto.cyou
woodenbruus.cyou

# Reference: https://www.virustotal.com/gui/ip-address/206.189.56.140/relations

8andmack.cyou
moviecastle.club
philadelphiagirl.top
rockercastle.best
wendi4kcash.top

# Reference: https://twitter.com/malware_traffic/status/1337471320339177475
# Reference: https://twitter.com/reecdeep/status/1337458646754729986
# Reference: https://app.any.run/tasks/6749761d-4922-4b3f-be99-609aae866aeb/
# Reference: https://app.any.run/tasks/95e1dda9-37a1-460e-9e46-e53d45194211/
# Reference: https://www.virustotal.com/gui/ip-address/188.166.88.45/relations

14katok.cyou
aluditos.top
awertino.xyz
berringheavy.best
cosmokosmo.best
djordanobruno.best
eastpomeranija.top
energydefrost.top
firstpetja.top
fislatriller.best
franciscointelle.club
glicolikop.best
holeretopolo.club
kastrillobromwich.cyou
killwaterkolonn.cyou
lockdowngunni.club
millipillio.best
milliship.top
modulbelongs.club
neasdutr55.top
neferetiti.top
pedezrkken.xyz
pilotflights.club
portugalloindostan.top
proorbital.best
razunimorep.online
retechnolodgy.top
rpoznahu.top
terpepillio.casa
tsarabsolutely.top

# Reference: https://www.virustotal.com/gui/ip-address/5.149.254.27/relations

fiscalclub.top
ottepel.biz
reshailam.biz
t3476.top
vollhafer.top

# Reference: https://www.virustotal.com/gui/ip-address/185.38.185.103/relations

chainoftheapril.cyou
localallcases.xyz
lukapedrilla.cyou
unproffesional.club
xilophones.best

# Reference: https://otx.alienvault.com/pulse/5fcf6bf143bf8362603727ec
# Reference: https://www.virustotal.com/gui/ip-address/45.153.240.101/relations

80frontluzkher.xyz
bruzilovv.top
heavyselfartillery.best
killicher.best
kolotiloher.buzz

# Reference: https://www.virustotal.com/gui/ip-address/139.59.101.19/relations

aviaaero.pw
likishino.pw
missigloves.best
orsibataan.pw
phillifighters.cyou

# Reference: https://www.malware-traffic-analysis.net/2020/12/11/index.html
# Reference: https://www.virustotal.com/gui/ip-address/161.35.57.202/relations

autohoffer.club
dorogaway.best
joelubber.shop
marcingranio.cyou
marzingranocny.top

# Reference: https://twitter.com/infosecfu/status/1337486196193243137
# Reference: https://app.any.run/tasks/edf32891-5b39-4673-9a25-e575c14a5aac/

manusderci.top
/weqre779/index.php

# Reference: https://www.virustotal.com/gui/domain/romelonda.top/relations
# Reference: https://www.virustotal.com/gui/file/68729a7f6faed84d68f85eeb04058d9f53271f30edc3c6585276e05f4f11ccaf/detection
# Reference: https://www.virustotal.com/gui/file/b112abf8ea2013cf70b5e32f0ac30a9aa938ddb3d3e3a71403afbb94a6a52ba5/detection

romelonda.top
/koreto937/index.php

# Reference: https://www.virustotal.com/gui/ip-address/178.62.242.234/relations

16centurys.cyou
balanseer.top
dastoperasder.cyou
duellolineup.top
fulofutobrille.top
newfleet.best
oldesttrjapka.cyou
oldmanner.cyou
portoweapon.club
rusishipbuilder.cyou

# Reference: https://twitter.com/infosecfu/status/1339238803475718147

perosink.top
zapachastillo.best
/kolpe100/index.php
/kolpe100/main.php

# Reference: https://www.virustotal.com/gui/ip-address/178.62.217.217/relations

10thevoliko.best
cameraoshkosh.cyou
heweruty.club
loadaroma.casa
vesaporedik.club

# Reference: https://www.virustotal.com/gui/ip-address/188.166.126.25/relations

chinadopiller.cyou
defliportor.cyou
dewallerion.club
januarydiscoverry.cyou
premierre.cyou
satiscropertio.cyou
tajkillo.best
worldofcdor.best

# Reference: https://www.virustotal.com/gui/ip-address/91.235.116.134/relations
# Reference: https://www.virustotal.com/gui/file/69d0511d19b40f86ccc004a5172b9b1d0978dbd2cba47800f0e690a0a9a074e5/detection

addyourplanet.pw
balticgrindex.top
balticpagesyellow.best
balticpagesyellow.top
baltpeople.top
besitxavier.best
bestspacer.pw
buygrindex.top
habanadash.top
hispanuredesk.pw
mermateria.cyou
moonwalkerz.pw
morganholes.cyou
nazifestivo.best
vellifilliok.best
vermaxt.top
vilnusgrindex.best
vilnusgrindex.top
williher.buzz

# Reference: https://www.virustotal.com/gui/ip-address/146.0.72.170/relations

20yearsofhappy.top
2posutiu.top
3rasstrium.top
4closium.top
balticpagesyellow.best
balticpagesyellow.top
britford.top
bundesplumber.pw
chinalapsha.top
comherehlopp.best
deactivationlima.pw
dereferederefrost.pw
finderway.pw
firebrighter.club
fitterglitter.best
flightrewards.best
floppysyncty.best
forfillo.top
gigakiloframe.club
grrjeibneder.top
hidethetrooper.top
historyfireclose.online
ididallthis.best
kremlinpidar.pw
lokihiliilo.pw
patrium5.top
physicaldissapear.xyz
pilafirefighter.top
qwebrester.club
seattingiron.club
seculitura.top
severade.casa
sittingbytes.pw
sittingbytes.top
smokebreather.best
sportunism.xyz
tastition.icu
teoreticaldanger.pw
thesisted.icu
thoughout.icu
thyrstypup.best
topolanger.best
tyreprize.best
uxanlabchina.top
wassaby.cyou
weneedmiracle.club

# Reference: https://www.virustotal.com/gui/ip-address/185.156.172.55/relations

alforitn.pw
asertigo.best
asrehillo.best
delkiolllo.club
ferejillo.top
inonumax.pw
planeplan.top
removember.icu
zarinnader.pw

# Reference: https://www.virustotal.com/gui/ip-address/188.119.149.77/relations

bluebook.pw
caserelation.top
demondedemon.cyou
deretopol.top
dogawaydered.top
flipperauto.top
followthemusic.top
glasssmoothest.best
gokaserilo.pw
hallfinaleuro.cyou
helopoderurban.pw
hillitrumper.cyou
inocontacts.top
istredestre.cyou
kylerdog.cyou
makeallbetter.top
march44redflag.top
maynotneed.top
molliksawer.cyou
okliogiokol.online
proig748vybo.cyou
rezultatexit.best
rossafloor.top
servethe.cyou
shiopwarrior.club
udarrihroup.top
uneslokutaz.top
unofighter.top
voiliwerty.best
wakeupearly.club

# Reference: https://www.virustotal.com/gui/ip-address/134.209.182.58/relations

bloadypupper.best
puppybloder.pw

# Reference: https://www.virustotal.com/gui/ip-address/161.35.10.43/relations

brillianto.pw
dramboldorritto.top
goulittioma.top
onixxyto.top
postifitto.top

# Reference: https://www.virustotal.com/gui/ip-address/68.183.147.106/relations

balticgrindex.best
filomante.top
grafomante.top
grepotufe.top
homelandjapan.top
hreopofreopo.top
japanmiduej.top
judgessur.top
myxel.best
myxel.top
pyxel.pw
pyxel.top
rigagrindex.club
rigagrindex.top
sedorozza.top
wedikolitures.top
weliomanter.best
weliomanter.top

# Reference: https://www.virustotal.com/gui/ip-address/165.22.27.128/relations

neffritto.top

# Reference: https://www.virustotal.com/gui/ip-address/159.65.117.225/relations

48greedstrocks.best
60stepsofhonor.club
andropsoshyls.top
asformeded.best
chinamania.cyou
controllerdoppler.club
countrysinger.club
crespofootball.best
disgerdefer.club
dominotopper.top
draggerbreather.top
flemmingyogan.top
icehockeyplayer.best
loadcaramboll.top
loadpool.top
loadsnooker.top
lovemesong.cyou
minutemanner.cyou
neverminded.club
playedwilliams.cyou
plockerdocker.top
prokladvpsder.cyou
protorilla.best
rebuilder.cyou
respondishot.cyou
shotofframe.top

# Reference: https://www.virustotal.com/gui/ip-address/194.5.249.156/relations

boatergrip.top
carduirtitor.top
equipmentkess.top
felixheater.top
footlegger.cyou
gigafilliopot.pw
gilotriatior.top
halfkilo.uno
hereandnow.uno
heroimonroy.xyz
kissavorob.best
klopolopo.co
kompozitt.club
lagunaway.top
miracleisnearby.pw
mostuiretitor.top
planeplan.pw
planoftheplane.best
pullhimoutrightnow.top
rebondianer.top
responsekesson.top
shitdownout.top
sorryworry.pw
spacefutures.club
tangodelfuma.club
tangodelfuma.top
thurstygrep.club
vosshodo.best
watercityv.top
williher.buzz

# Reference: https://www.virustotal.com/gui/ip-address/194.113.34.203/relations

45hlopokk.cyou
75meterspenny.best
agreemanrajon.top
analogrostter.cyou
asnuternou.top
aspertilo.pw
astrogonk.top
bennansouth.best
boltwinelter.top
caloporedeiuy.top
chinaamer.co
closeddoors.pw
confliccto.cyou
coopergordon.top
dasaewqaz.pw
destroycruiser.cyou
dewardsdom.top
doprorayny.best
efficientsys.cyou
eishtoss.best
ekipueqe.best
englishjill.top
factoryoccupied.pw
faloppoitu.best
fifthorange.uno
fluckservlet.cyou
gasopenuty.cyou
grabberuno.top
greattemple.cyou
greedyserver.cyou
gregoryhaskey.top
harderpytok.cyou
headcaliber.top
hillerfloppy.best
hongcontrol.best
hrenuevo.top
huilojilo.pw
instadomain.top
integrproject.pw
internalchanges.cyou
kinginoffrance.best
kirewefere.club
kissmobo8.top
krachemore.cyou
lieinthecourt.xyz
litiernode.cyou
longnerrion.cyou
lunat.top
mihabrexa.top
newskrefake.top
niiloporef.top
notoseeing.top
oppponaval.pw
plantstopped.top
politicosite.top
quantummilio.cyou
racerasismus.website
rumeokilobravo.top
saintplaces.top
sellehopolo.cyou
semiofficial.pw
shepperdhlino.top
shopunderwater.club
sincotul.top
socialexpert.top
startluna.club
strangekidnapping.cyou
stratergoicour.club
threefili.cyou
tuksvata.cyou
whiteclub.uno
zipperpocket.cyou

# Reference: https://www.virustotal.com/gui/ip-address/128.199.46.99/relations

250krmilvod.xyz
dnatamdere.top
filopipilo.top
kravynolu.cyou
lostciviliz.top
mustangleverage.top
nikushotomo.cyou
reerwheels.top
singlepizza.club
vladygoofy.top

# Reference: https://www.virustotal.com/gui/ip-address/209.97.178.88/relations

344povja.cyou
docotorre.pw
ecodeberzew.best
eurospirtus.pw
kilokubok.best
klopwedir.pw
longprjob.xyz
modellomatematico.pw
novemberpanda.pw
profitdolores.cyou
shmellioretry.pw
spiritusprom.cyou
stationoxxy.club
valueimporto.xyz

# Reference: https://www.virustotal.com/gui/ip-address/68.183.92.152/relations

damagedhelicopter.top
destrickthelio.top
niggazilla.best
niggazilla.top
vtaplanes.top

# Reference: https://www.virustotal.com/gui/ip-address/64.227.48.220/relations

2001williams.best
defreabral.top
ldfranny.top
ldnails.casa
ldrsitting.casa
ldwikita.casa
loadgranny.top
loadhorit.casa
olleggiomuch.cyou
pollogreffi.cyou
sewellia.top

# Reference: https://www.virustotal.com/gui/ip-address/194.5.249.201/relations

100ranhut.casa
12herruio.cyou
areadati.site
assficioklo.cyou
dewellerfive.top
grabberderekilo.cyou
hulioferere.cyou
hunlokiol.best
koliokilio.cyou
lukapidarillo.club
oppokandida88.top
paratraxer.cyou
poloplayerrin.cyou
poreadse.cyou
qafewillian.cyou
qwellerz.cyou
redavenue.pw
redstreet.pw
rewrite.best
selicawand.cyou
susiporo.top
utochkafes.cyou
vemenadra.cyou
vilnovlada.top
wasalerfourth.top
wenjalutto.cyou

# Reference: https://www.virustotal.com/gui/ip-address/142.93.192.37/relations

carantinium.top
jaredetiuo.top
kaiffero.top
kvazideruptura.top
rfparasha.top

# Reference: https://www.virustotal.com/gui/ip-address/128.199.1.118/relations

docktorthird.top
rooferfirst.top
troopersecond.top

# Reference: https://www.virustotal.com/gui/ip-address/161.35.15.124/relations

1208272020.club
daswerty.uno
folokihuradio.top
gibbelspidar.top
kloppertrainer.top
niochem.cyou
patokolsti.cyou
pechedesilla.top
pooltrap.cyou
rebuild.best
redraw.best
saliopok.cyou
sdarrinutulopo.club
suxirakili.top
tesfrentu.club
tixoluka.top

# Reference: https://www.virustotal.com/gui/ip-address/178.62.41.69/relations

asdeliocarlo.uno
australiatrible.best
australiatrible.top
bremenmusician.best
chinatrible.best
chinatrible.top
genry50years.top
motorscollege.top
racerflawer.top
racinghills.top

# Reference: https://www.virustotal.com/gui/ip-address/161.35.29.30/relations

killerturbo.top

# Reference: https://www.virustotal.com/gui/ip-address/5.39.222.254/relations

antiquepariss.top
fresnoviews.top

# Reference: https://www.virustotal.com/gui/ip-address/45.66.250.104/relations

fortunefish.best
millitower.co
ollorett.cyou
pzawert.best
sillimotor.co

# Reference: https://www.virustotal.com/gui/ip-address/194.113.34.204/relations

centralliniom.best
dictatnotwin.cyou
idolszillo.club
inrinterest.cyou
mountlunnar.top
naryty.top
nylonwhell.xyz
pillermarket.club
steelmoker.xyz
suverenguardia.pw
varetoukolit.club
wheelformforsu.top

# Reference: https://www.virustotal.com/gui/ip-address/45.66.250.247/relations
# Reference: https://www.virustotal.com/gui/file/41d94230aaaff4d4b14233efaf0f106bff0519ac0c5420bf46d3210c33cb3e27/detection
# Reference: https://www.virustotal.com/gui/file/644ce7b8b00378237f12523c452bd0177390d43dc392bf6f679e49dfcfb4338f/detection

glostercrabs.top
placeishidden.best
speedyarmyjp.top
tunahunters.top
westportmorsby.best

# Reference: https://www.virustotal.com/gui/ip-address/94.100.18.53/relations

placeishidden.top

# Reference: https://www.virustotal.com/gui/ip-address/194.187.249.152/relations

allthereal.top

# Reference: https://www.virustotal.com/gui/ip-address/45.147.230.95/relations

applewrangler.club
asberperger.cyou
aswerger.club
awerymotor.co
cucumberproto.cyou
dedalikar.club
devidedsnooze.co
fasseipolot.cyou
fillerdriver.co
fillerwinner.best
fishofgloster.pw
fleightfreight.best
fourgoun.co
freebilliard.best
gegeluza.xyz
gigamonkey.top
greatwheelsdiscs.cyou
hillerfderec.best
howwescottish.co
hrefferlikol.cyou
inetcable.top
jeepwrangler.cyou
joasoosda.club
kliolkiol.best
klursson.best
linkerstar.top
lookatamerica.best
momentaljeep.cyou
newwheels.cyou
newxrocket.top
ninetiten.club
qalufrikili.cyou
saderillo.best
sinaloacity.top
thaiplant.cyou
towermotor.co
wilverhampton.club

# Reference: https://www.virustotal.com/gui/ip-address/194.113.34.116/relations

10steps.top
12spended.cyou
23dfuere.top
allthehole.pw
asdpergerz.top
asthenesosto.top
autofiller.top
awerymotor.co
beloviator.top
boatliker.top
daserwerty.top
defulliopo.xyz
dewastradio.top
diktator.cyou
druidzero.pw
formulapilot.top
forrestserviceusa.top
frelossko.top
halfpastsix.pw
hnjkiloer4.xyz
holopourer.cyou
infoillario.icu
klioterrify.top
klosafelli.top
lightshot.pw
messiliving.top
mullioflavio.best
nextflight.top
popondeou.top
prodo22exrad.top
quietcountry.cyou
rarealience.uno
rezinrubber.cyou
seatgreews.top
ser88protu.cyou
show39prit.top
trusteepilot.pw
warriordos.top
warrioruno.top

# Reference: https://www.virustotal.com/gui/ip-address/159.65.146.96/relations

gerermotor.best
kilomotorr.cyou
messagehistory.pw
samadviga.cyou
sederevillio.top

# Reference: https://www.virustotal.com/gui/ip-address/185.245.84.144/relations

dancegirlls.top
hlipolioklass.top
oldformer.top

# Reference: https://www.virustotal.com/gui/ip-address/167.71.73.106/relations

doctryna.xyz
ekxortsisto.best
gabushev.top
kilmentostar.best
netutto.best

# Reference: https://www.virustotal.com/gui/ip-address/159.203.30.45/relations

swibstoca.xyz

# Reference: https://www.virustotal.com/gui/ip-address/45.66.250.110/relations

avadevatop.top
balkonnydiva.top
fansboysband.club
flagmanduty.top
gerefaller.top
goodperiod.top
goodplay.top
hulioflagger.club
hummondgrande.co
icebreakerz.best
klarksonfresh.best
nicedays.pw
parrapper.top
parratropper.top
pilliows.top
reactionspeed.club
warriortres.top
willigilli.top
wordsayd.co

# Reference: https://www.virustotal.com/gui/ip-address/79.110.52.195/relations

bitemouzert.cyou
readerchater.top
vasellifred.best
warending.top

# Reference: https://www.virustotal.com/gui/ip-address/37.120.222.46/relations

artificialterminal.club
deltaoilprice.stream
enterprizealco.top
oiltechno.top
qwelloprice.best
symplerincomes.cyou
teacherfat.top
tightende.cyou
traxxer.xyz
tresfighter.top
valusepromo.cyou
wazzaruti.top

# Reference: https://www.virustotal.com/gui/ip-address/206.189.140.201/relations

10yonkitchen.cyou
20yearshotel.best
asperhotels.cyou
berendik.top
billionhorob.pw
bishkekeskul.online
bounapartismo.xyz
butunkyrgyzston.pw
chillichemodan.xyz
degradationrus.pw
ebanutyechina.best
favouriteho.cyou
furggonn.cyou
gorokrysa.club
grabbelinno.top
gripperboat.best
kukarachaluka.cyou
maskborts.club
muxxikoma.pw
plitsupperboin.top
rivertrier.top
roofmaplejeep.co
sterevjatnikko.top
tarakanoluka.top
waterzlynulo.cyou
zenithrequired.best

# Reference: https://www.virustotal.com/gui/ip-address/165.232.110.48/relations

chinatrades.best
mufootreve.top

# Reference: https://www.virustotal.com/gui/ip-address/159.89.18.27/relations
# Reference: https://www.virustotal.com/gui/file/8d12f1e1265315d45481a955155f56a3c35a229adf35105bf730a495cfa1332b/detection

nomoreislamy.xyz
parisbarbara.top
ramzanahmat.cyou

# Reference: https://www.virustotal.com/gui/ip-address/159.89.27.147/relations

2020jaccky.shop
cybersecurito.pw
highestscream.pw
icercream.pw
kremlinvorona.pw
linvorodana.cyou
razadrava.pw
vaccicybertheft.pw

# Reference: https://www.virustotal.com/gui/ip-address/194.113.34.94/relations

kazluxraritet.club

# Reference: https://www.virustotal.com/gui/ip-address/188.166.120.59/relations

apatiaredopia.cyou
artsteerlingwheel.top
astahastalavista.cyou
decracoffe.best
konchitaebuchka.top
kumurazh.pw
littyfahren.club
lookatnice.top
middleposition.cyou
nazamoskaotp.xyz
tenpounds.top
wheelsreels.best
workerspickuper.club

# Reference: https://otx.alienvault.com/pulse/602911fab6ba07fc0d8b1a70
# Reference: https://www.virustotal.com/gui/ip-address/206.189.161.224/relations
# Reference: https://www.virustotal.com/gui/file/8c5c92e1545b49d6d45c4f14a5414f437f94d1fe628fc656df9154386955f23d/detection

azarewetete.best
honoluluo.club
lawernios9248.top
masfiatto.best
redession.cyou

# Reference: https://twitter.com/MrsYisWhy/status/1360499999415689216

austriarch.xyz
gigagregory.xyz
urgentyattention.cyou

# Reference: https://otx.alienvault.com/pulse/602fa970591aa64fed643c2c
# Reference: https://www.virustotal.com/gui/file/69efa5acfe8ee79871251f01a779e9f1b8458983fce9a32c4b032836f4b947da/detection

willizoo.website

# Reference: https://www.virustotal.com/gui/ip-address/159.203.116.96/relations
# Reference: https://www.virustotal.com/gui/ip-address/167.99.187.112/relations

derrickolop.online
gomotorcycles.site
kraseipolo.space
zaxhasshira.uno

# Reference: https://www.virustotal.com/gui/ip-address/64.227.119.213/relations

artilleryin.online
bowepripos.uno
caliberunity.club
kastellira3.space
pexxota.space
shrapnell.space
snproti.cyou
timerework.fun

# Reference: https://www.virustotal.com/gui/ip-address/206.189.10.247/relations

berxion9.online
chinavillage.uno
deregojikulo.uno
emanielepolikutuo1.website
gommadrilla.space
oskolko.uno
prolomstenn.fun

# Reference: https://twitter.com/malware_traffic/status/1364999361902469127

14yeara.fun
georrohero3.space
livekossa.fun
positionpererost.space
pulemashinegun.online

# Reference: https://github.com/pan-unit42/tweets/blob/master/2021-03-01-IcedID-IOCs.txt
# Reference: https://www.virustotal.com/gui/ip-address/159.203.6.195/detection

awerityubfer.club
cleantheplace.top
reworktopper.top
wellernaft.top

# Reference: https://otx.alienvault.com/pulse/603f7b7498567421ddbc2ca0

whisperingstar.com

# Reference: https://twitter.com/reecdeep/status/1369357573686779905
# Reference: https://app.any.run/tasks/ab0acd15-b09d-4ff2-bf88-a1e55c7d4f76/
# Reference: https://www.virustotal.com/gui/ip-address/143.198.2.53/relations

22bogotacapoital.online
2tomorrowcaholo.fun
44glovesmoliuy.uno
errehra.club
faeswerderioytt4.fun
gioloporazirt.uno
newandnewers.website
ponchilizza9.website
serpedfiler.uno
warcorrective.online
zcqqdur.uno

# Reference: https://twitter.com/ps66uk/status/1370026963604099081
# Reference: https://tria.ge/210311-k6mbf6fwna
# Reference: https://www.virustotal.com/gui/ip-address/143.198.25.214/relations

apouvtios2.uno
awefoplou5.site
chajkovsky.space
daserwewlollipop.club
dastemodaste.fun
emanielepolikutuo1.website
klicjop9.fun
ohbluebennihill.website
seconwowa.cyou
violonchelistto.space
zomonedu3.website

# Reference: https://twitter.com/p5yb34m/status/1370091615918776320
# Reference: https://www.virustotal.com/gui/ip-address/164.90.143.105/relations

barmaafmaodd.space
fedlopesazillo9.site
kitchenbiggy.best
klicka2.online
laworzbuio77.space

# Reference: https://www.virustotal.com/gui/ip-address/165.227.28.47/relations

agitopinaholop.uno
dedupomoshi.space
iporumuski.fun
twotoiletsr.space

# Reference: https://www.virustotal.com/gui/ip-address/178.128.243.14/relations

217roteben.online
320glazhuk.fun
529pqexirvy.uno
630mordorebiter.website
723salikoper.site
801cvcaller.online
apoxiolazio55.space
asforthemines99.uno
awefoplou5.site
calldivorce.fun
fekiop3.space
fiollofiorro.uno
gaubizza.cyou
georoworro5.website
georrohero3.space
hiolop4.fun
oceanwaterfree34.xyz
shuttlesojuzo2.space
turkairlonomelette.space
zomonedu3.website

# Reference: https://www.virustotal.com/gui/ip-address/167.99.212.207/relations

bulktrumpbun.top
capittolijar.cyou
epitete435.cyou
jailedtrump.club
prioriteteinsider.top

# Reference: https://www.virustotal.com/gui/ip-address/139.59.168.175/relations

520horsepower.top
allhealthis.top
antibioticoroto.club
asianpacificregion.cyou
chassche.top
eventheren.club
kikanefiga.space
klikaclicker.website
solovjevo.uno
tifferoi.top
vovocolo.cyou
vozloteolot.space
wallagolla.cyou
wasserduster.website
weatherbaddyly.website
westerrossa.website

# Reference: https://www.virustotal.com/gui/ip-address/138.68.52.94/relations
alltheout.space
asperragirro.top
awerinosillo.website
bethehere9.site
childparafer.space
countryhero.site
dadavipoliop.site
deprivemeer.space
derrickolop.online
fredtrampovich.site
gomotorcycles.site
goodywelli.uno
gsalliperioptol.online
hodokiblacky.uno
kraseipolo.space
limergreek.cyou
loporewendia.website
mastercalmarro.club
middeterraniendishes.cyou
nighterdevu.website
noknowfish.fun
poertico.website
rajoplaca.top
rossija.online
somythoghi.club
speakingfrog.uno
teherani.uno
urkourga.online
vendingwendigo.xyz
willizoo.website
zaxhasshira.uno

# Reference: https://twitter.com/reecdeep/status/1371794991614398466

33nachoscocso.website

# Reference: https://twitter.com/peterkruse/status/1371806755756335107

berxion9.online
cikawemoret34.space
emanielepolikutuo1.website
gommadrilla.space
prolomstenn.fun

# Reference: https://twitter.com/reecdeep/status/1372511120502759424
# Reference: https://app.any.run/tasks/d46b7411-f9ec-4fd0-ac24-bc9424a5671e/

188criolaserz.space

# Reference: https://www.virustotal.com/gui/file/7b0290fdb87e425a869defb681c5fbbed330a000c0cdb6e8c9c52b0e8b1b5492/detection

lightopridum2.website

# Reference: https://twitter.com/reecdeep/status/1374295280309444610

vodostocksstand.uno

# Reference: https://www.virustotal.com/gui/ip-address/138.197.197.35/relations

0384smaturned.uno
34trully.xyz
439tzxtixrex.space
aimmnight.website
alotderedreamhome.fun
biigkrodivza.fun
earthdirespao.website
goodsnara.space
inowaserr.top
nenepepe.pro
otreincomsal.space
polopemoskow.xyz
rakovinnae.website
zawemofu4.website

# Reference: https://www.virustotal.com/gui/ip-address/167.172.240.248/relations

40yrjobberz.space
912caporers.fun
azorropulseee.fun
biigkrodivza.fun
descruppted8.xyz
dodoflightvogel.xyz
feaser2347.club
fivetonnbobavia.uno
islanddeazorro.top
longarmhighsta.xyz
missimokotov.space
opuhuilo3.uno
perfeck42.uno
perplace8234.space
pozharra.space
skolziko.uno
stoikoplot.xyz
tvorartificialnature.xyz
vodostocksstand.uno
willhouseforus.top

# Reference: https://www.virustotal.com/gui/ip-address/207.154.234.212/relations
# Reference: https://www.virustotal.com/gui/file/7b0290fdb87e425a869defb681c5fbbed330a000c0cdb6e8c9c52b0e8b1b5492/detection

allthemilliplastini.space

# Reference: https://www.virustotal.com/gui/ip-address/165.227.219.125/relations

aplowzerrio.club
friendfrondo.uno
twocookiess.website
zopewifeisda.uno

# Reference: https://thedfirreport.com/2021/03/29/sodinokibi-aka-revil-ransomware/
# Reference: https://otx.alienvault.com/pulse/60620612447fce2d8297e899

cloudmetric.online
nomovee.website
smalleststores.com

# Reference: https://www.virustotal.com/gui/ip-address/161.35.109.168/relations

aspergerr.top
kneelklil.uno
newstationcosmo8.space

# Reference: https://www.virustotal.com/gui/ip-address/159.203.6.250/relations

blindpilotr.xyz
starorienta.uno
usaaforced.fun
wordstream12.tk

# Reference: https://twitter.com/teamcymru_S2/status/1380233063238602768
# Reference: https://www.virustotal.com/gui/ip-address/159.89.146.79/relations

andninediugh.space
bronntanko.top
dellikodebillo.uno
japanrusso.uno
laugvnipha.club
livekossa.fun
minotransporter.biz
navessystrel.club
neprijaki.space
nester.website
orudjuioplik.top
plaskikali.space
polkopushka.cyou
positionpererost.space
pulemashinegun.online
skorossoter.biz
strelkopolk.cyou
thoughzine.website
yukrepoderevo.biz

# Reference: https://twitter.com/teamcymru_S2/status/1380233063238602768
# Reference: https://www.virustotal.com/gui/ip-address/165.22.216.113/relations

22percentcatholic.top
23greems.best
2solovushka8.cyou
35monthmy.top
49spartantroll.top
88trooper.top
8whitehizhi.best
9judgessupreme.top
abutilo.pw
adeserekilo.best
affalyaffala.press
allarmenlos.pw
angarakolessi.top
asqerty.cyou
asuterklot.cyou
aswepori.club
aviacoverage.best
awerrigechess.top
awertyutilo.pw
awseredet.top
ayzerwin.club
balkimraklire.cyou
bellebekeriver.pw
benderlive.club
besoputinnioputa.cyou
beuatyhill.pw
botobotopod.cyou
boxeschannel.co
bychulukboto.top
casalifter3.best
casaverde.top
cassiopea.pw
cassiopeaplanet.top
castingsvillage.cloud
cderete.pw
classifiedz.best
clownstopper.top
colonelbiden.top
cosilituchi.club
costacolonel.club
creatortopdog.co
cresserok.pw
dalobecu.xyz
dancerplancer.co
dasterfroster.shop
daysarecommitee.top
ddiesells.xyz
deactivate.best
definitor.co
delicatomano.cyou
deputilop.best
desinfect.pw
detkazatka.top
dowhatiwant.top
ecolonized.xyz
ekxortsisto.best
enterbezzu.pw
eterasies.best
euroledre.top
fastcolonel.top
fediko.xyz
financesromma.club
finnikulus.xyz
fivefili.xyz
fivejudgescatholic.cyou
flawioretta.club
fodsijjire.cyou
footerloe.pw
fraunas.xyz
fretocasa.club
froretta.top
fukingdron.xyz
goblinsdown.top
gobotoplobot.top
golichi.best
golo5309va.cyou
googmusi.cyou
granittishal.pw
grazioballet.pw
grewekillopol.best
gsusand.xyz
guesspredat.cyou
helopotucasa.top
herience.xyz
highplane.club
hiiiet.cloud
historyz.top
hloporotokilo.best
horisonship.cyou
howitsmade.club
hreglikoli.cyou
immobilli.co
insuedebright.pw
ironcontra.cyou
italyshopping.best
jacksonwennik.pw
jijigolo.best
jpjapan88.pw
kekukurux.top
kidssovoll.pw
kilmentostar.best
kilokiolthree.top
kisslolo.shop
klioporeder.club
kodjakskoda.club
lawepofib.cyou
levede80rus.pw
lifeshopping.pw
lokolikolo.top
luckygoal.co
lukabotol.cyou
menmengogo.shop
meropivedo.xyz
millistore.online
motorrrewun.co
mrevitocration.best
nafrewsa.club
netutto.best
newbokadoors.pw
newtonmaster.xyz
noconnection.cyou
oilcheaper.top
oppogloppo.cyou
palattinograbber.top
patriaheretria.best
peresillo.club
podvaloknowunder.top
politukilo.top
powelrio.best
putinium.pw
qawerutto.best
quantumtime.cyou
refuelingspace.best
regionrus.xyz
renovationclub.club
reshalaraxan.club
resonanse.cyou
reuniondowding.best
salliokory.best
sank99.pw
santiselli.club
setivody400.best
shmylvaro.pw
speedfire.top
terrifitotrible.top
timetopython.club
towercomission.club
traglamat.cyou
tresgrabber.club
trillions.cyou
tuttogowillings.best
twofili.best
tyrek87.cyou
ulanudeo.online
underwaters.top
velessioauto.top
vesselmaker.co
vvpprocentum.top
warmachine.cyou
wasent.cyou
wassermanika.top
watchrights.pw
watermellowen.top
werightcars.best
xaserviolbotopob.cyou
zalopiterkiff.pw
zaporedik.xyz
zassterpolli.pw

# Reference: https://twitter.com/teamcymru_S2/status/1380233063238602768
# Reference: https://www.virustotal.com/gui/ip-address/167.99.189.26/relations

albanallahacrab.club
almostthere.uno
askzaderopol.top
astroperger.uno
aweritynmer.club
bawepotru.club
chiperwhittness.cyou
daskolermasha.club
debillotrussion.best
dewellop.top
erdoorproble.cyou
gerekillo.fit
haloporetopor.club
korytothealien.top
masskwearing.cyou
newwashitropl.uno
notimenodead.cyou
padishahmurrka.best
pollter.uno
psaderinki.top
ratatuiler.club
reloadgreece.cyou
resbulling.pw
retaziloper.top
shnake.top
spyter.top
strwemmillion.casa
takilerito.best
ultimatuum.cyou
uragusexgre.club

# Reference: https://www.virustotal.com/gui/ip-address/206.189.147.24/relations

2weekslockdowd.website
asweullio.xyz
cjgsggo.cloud
domankiy2.uno
grenademetto.uno
hedoilir1.website
smartinsights21.cf

# Reference: https://www.virustotal.com/gui/ip-address/83.97.20.176/relations

ameripermanentno.website
chajkovsky.space
daserwewlollipop.club
mazzappa.fun
odichaly.space
ohbluebennihill.website
seconwowa.cyou
vaccnavalcod.website
violonchelistto.space

# Reference: https://www.virustotal.com/gui/ip-address/104.131.53.120/relations

celocsoptico.uno
provokordino.space
samostoja3.space

# Reference: https://github.com/pan-unit42/tweets/blob/master/2021-04-12-IcedID-IOCs.txt
# Reference: https://www.virustotal.com/gui/ip-address/83.97.20.176/relations

ameripermanentno.website
banusdona.top
chajkovsky.space
daserwewlollipop.club
mazzappa.fun
momenturede.fun
odichaly.space
ohbluebennihill.website
seconwowa.cyou
vaccnavalcod.website
violonchelistto.space

# Reference: https://twitter.com/malware_traffic/status/1382868770486513665
# Reference: https://twitter.com/malware_traffic/status/1382869298809475073

185.92.73.147:8080

# Reference: https://www.malware-traffic-analysis.net/2021/04/23/index.html

stereozek.top

# Reference: https://www.virustotal.com/gui/ip-address/167.99.163.235/relations

classicfucup.top
hidethisfact.top
rangstatepol.top
ultimarulle.top

# Reference: https://www.virustotal.com/gui/file/18be9d0088dcf0f1ebb1f070927fe1ba07d3c5d1275d99f54459c2a51f70c18b/detection

federallissimus.casa

# Reference: https://otx.alienvault.com/pulse/603dd3d59d4aa6f57829577e

023943.top
107pushh.fun
10thousandop.website
122milli.site
152fugasso.online
18minutes.xyz
200pounds29.top
213podellkk.website
234tvgro.space
234willkids.uno
23rinninz.space
24savetonnofmaoney.xyz
2toserextended.space
30bisdestroyer.club
3204usexport.club
34tankdetank.website
39gefrost.cyou
400orudi33.cyou
60profit.website
68criuser.top
760maur.top
89shmurufo.pw
90stepsklick.site
aborigencredit.xyz
actorz.site
adinaporter.uno
aerospacefleet.uno
afdeserutil32.website
agrippinio.website
aircoverage.cyou
alkoshaffer.space
allmywill.pw
aloki20sottka.uno
alterdepressio.uno
alvaspace.cyou
amnewzel.cyou
androgender.xyz
anewknowwhere.website
antimatercrymea.top
aperdioret.top
aposlwarlir.club
areakilia.best
aristinmonsitin.uno
armahelper87.xyz
armyguerro.top
artesystemsssr.club
artiellerhow.space
ascjntukzv.buzz
asertinofase.top
asewter.site
asforthema.xyz
asquireter.uno
asredetollo.space
asreterharet.top
assinogrissino.website
asterhalogabry.website
astraracertlip.cyou
attacjollup.top
aviatechholding.uno
azarrdovertikal.top
azertuioploe.top
bejingexporto.space
benzeemo.pw
beregoaerodro.uno
bestcamalla.space
bloshiryn.cyou
brewed.space
brian.koinrobo.com
bridgershina.uno
buriooursqa.ml
buydeslone.work
camillodeprillo.top
capitoli.club
cardinalfirstwar.site
catchallmoments.pw
chernen.space
chertsheat.top
classicfucup.top
classikwarrattempt.uno
coallitsia.uno
cognakcola.fun
collonnellter.club
contreliteaction.cyou
cosidervariants.pw
cserdas.club
dasfilkoler.fun
daskurilla.pw
dasserenity.space
dastinhoklomann.pw
deblacker.best
demorespurde.space
destroyerattacker.xyz
detachingbolt.pw
dictorecovery.cyou
diggadance.top
diswurede.top
doktrinalli.club
dolasendoever.host
dolchegubanni.fun
dostostrelko.space
dromdron.cyou
easterpolletr.top
eeshraplen.club
elcamzigod.fun
erdoganno.top
escalateduttu.space
eurostabiller.top
evenedopolligo.host
everyonemustbe.pw
exitaports.website
expertulthima.club
exsprezzo.top
eyhodtvbm.cloud
fallelected.casa
fantasmagory.club
fasterforrest.site
federallissimus.casa
fellinimover.xyz
firstsentenceliberal.top
flagchipdase.top
forkftriosilly.space
forwardstrickt.website
fredekiltyresder.uno
frontierpilots.club
fsikiolker.uno
fullhamon.pw
gaaga923.website
gabry4saver.website
geasgeolander.fun
getallopeerk3.host
getoutofcontroll.xyz
gimnodopingo.space
gladdisfliop.xyz
googdykey.bond
gopoloto8.best
grandeprunto.casa
greedert56.cyou
greenpeoplokhoma.fun
grizzionedaser.xyz
guteyahgewish.website
heavyoildevelop2.fun
hedpolifiko.fun
hellernotureik.space
helpiscomming.cyou
hesolkiol.top
hidethisfact.top
hitthuracellio.uno
hoeruruuki.space
holkaxlopot.space
hommyfloppy.best
hondurasto.fun
house34vegas.uno
howergooverz.uno
hubannedillih.top
ideology8cum.top
idiomaflopper.website
importantoteme.uno
italianongrata.website
jasvamaheolop.website
jilliokedr.space
josseliender.website
jrburnit.website
juikole2.club
justiceminister.best
justinreich.net
kawepotriv.space
kdbploxokrocks.uno
kedlopzawutu.uno
kilkolper.space
killofrillio.space
kimyfrenotsure.uno
kinderz.online
kledoapkd.website
klintonkiagered.top
kolochaidomo.website
konstrolo.top
kontoshare.top
kosmolitopor.space
krasskipaint.cyou
kripotopliv.website
krizgorod.website
kuazavia.space
laloflanerry.website
lapoedjkeo.top
lazioperdovo.space
lightbombers.uno
lissikopopo.fun
listofounishments.xyz
littledeselect.club
littleflager.uno
littleshitthu.space
littliwoerdete.xyz
lkiokilogartes.uno
lopokedraito.xyz
mazaksaedr23.space
mealspleasures.xyz
mechaniclaphet.biz
medicinotero.website
melatallhugoboss.space
mhb877.top
middle20.cyou
monno29lizzo.space
moohammeddu9.club
moschner.top
moskomosto.top
mtownkrut.top
nadovodokora.top
nanologicinfo.cyou
nazio9033.cyou
nedalskdsert.website
nedopuumerra.fun
needforslower.uno
netmoscito2.uno
newzolind.cyou
nikakuraguio.xyz
noblackwhiter.fun
nobohlboudy.website
nomassbo.cyou
nomorefails.pw
noscream.club
novoloserto.fun
numerroipolo.space
obaitrumbama.website
obldedistrickt.fun
occupiedcherchill.website
oktavius34flo.website
olavrochki.uno
oppenheimerrizo.top
oprorra.best
orrigatrade.club
orrypansion.top
oxythuler.cyou
pasegroup.website
pasqualle.top
petelbomber.xyz
pidasnowerneever.top
pisdidsukkin.uno
planesdifferent.club
plannodoxho.xyz
plashkadertop.space
polevalight.space
politycodess.uno
pollibatter.best
poloniumqueen.pw
porkaporckuy.uno
porthole.top
premwendegardem.top
productionvolume.online
prohibition34gazza.website
provokewhyder.top
publicoaddio.club
putixuloy.website
quantisranti.xyz
quantuulim.uno
qwerylebedlake.uno
rangstatepol.top
rasterniomno.space
readyformerambassa0.uno
repodepositt.top
repostsubscrypt.club
reweretquanto.space
rfeveefo.fun
roesuwelt.top
romanstores4.best
rudellaito.fun
rudolphtheoeln.club
rusubberserve.club
ruswashi2.uno
sachinsahel.club
sadammanopore.cyou
sadertweller.club
sadervbenitere.fun
sakiloirania.fun
salvadrillo.club
samedime.pw
sanankiti44.website
sanctionshere2.xyz
sattelitekrebljad.top
secondpilots.space
sedakloid.top
sellygloper34.uno
shadeheada9.space
shaxtugel.fun
shelbyflannery.space
shturmann.space
silliorop.top
silloflippo.casa
sligslishki.top
snaruzho.website
solsnaker.xyz
sophiak.site
sosistopililo.top
soufredevous.host
soviwashirouse.uno
stallipoverr.xyz
strannopopolo88.website
submarineubot.xyz
superhaskey.best
suttepromi.top
suttohowmake.top
swiftreloadert.xyz
tankoavis.cyou
tasyateles.club
teaboxes.pw
teacupshotter.space
technicallanallythizz.top
terrikonfere.cyou
thousakilor.top
thulleultinn.club
timedeveloper.website
train348.fun
trefferwasted.top
trend100series.website
tridentscaeder.uno
tromboastrashield.space
truffelpodomain.website
tuashoutting.website
turneedarroundedd.website
twotimercvac.uno
ubotmarinerz.top
uglevodorodo.top
ugolkuzjaspace.website
ulevvinterop.top
ultimarulle.top
unilievercity.uno
urramoskower.top
usser234dopper.space
vaclicinni.xyz
velospok.xyz
veryatlasglanz.best
voighteltinlee.uno
wallerik.xyz
warmpoller.top
warniweder.space
wasserwaster.xyz
wasszerkeater.website
whyfoyouneedthis.cyou
xiolodiogo.club
yeahnowneede.website
zagrotypressure.fun
zaheadd.cyou
zakharymiddi.fun
zakkider2.website
zapatiryesa.fun
zapokorrdo.fun
zapolitudoporetu.website
zaprosso.cyou
zarathabnkgiv.club
zaseflopir.website
zeleydoby9.fun
zenithartillery.top
zhirafatty.host
zlokichinn.space

# Reference: https://www.virustotal.com/gui/ip-address/83.97.20.126/relations
# Reference: https://www.virustotal.com/gui/file/585229377732e8e8b26e4a4ea5ea805b5f6a655de5dd45d6a6ef821f2211a6c3/detection

ferrelosaakolo.top
icouldmakeyoubelieve.top
jikkiaderwa.top
makeyoubelieve.top
refolloprello.top
zasertiokil.top

# Reference: https://www.virustotal.com/gui/ip-address/194.5.249.85/relations

barcafokliresd.top
desagreelokilo.top
desazasilkor.top
dsedertyhuiokle.top
zasertolofolom.top

# Reference: https://www.virustotal.com/gui/ip-address/83.97.20.254/relations

defliressisto.top
luppotuppo.top
weighteroperter.top
zasatava.top

# Reference: https://twitter.com/malware_traffic/status/1390061477739048964
# Reference: https://www.virustotal.com/gui/ip-address/139.60.161.89/relations

bestdecision.agency
redetillu.casa
rojjoness.digital
sporticyber.bid

# Reference: https://github.com/pan-unit42/tweets/blob/master/2021-05-10-IOCs-for-TA551-pushing-IcedID.txt
# Reference: https://www.virustotal.com/gui/ip-address/194.5.249.103/relations

dupperawergo.top

# Reference: https://twitter.com/TheDFIRReport/status/1392443465540280322

38.135.122.194:8080

# Reference: https://www.virustotal.com/gui/ip-address/194.5.249.86/relations

elligoes.top
everysil.uno
tukituchiundo.uno

# Reference: https://www.virustotal.com/gui/ip-address/194.5.249.87/relations

asisas.site
buklaka.top
cheptovgon.top
dronoplon.site
formenalina.top
frealinamov.top
gepuzeum.club
kisekyusn.club
letakyanm.club
lotototok.top
moretok.top

# Reference: https://www.virustotal.com/gui/ip-address/194.5.249.97/relations

fimlubindu.xyz
fungitomik.buzz
hillerfolding.fun
lorrobrama.digital
nostroporto.casa

# Reference: https://www.virustotal.com/gui/ip-address/194.5.249.81/relations

2tothepollo.top
allnezokila.cyou
daserekolut.top
scupiol.top

# Reference: https://www.virustotal.com/gui/ip-address/194.5.249.72/relations

chispublic.cyou
emotilnal.top
fresder34.top
gorrodorro.top
servizibancari.website

# Reference: https://www.virustotal.com/gui/ip-address/185.33.85.35/relations

fimlubindu.club
fimlubindu.top
kilodaser4.fit
tournamento3.online

# Reference: https://twitter.com/malware_traffic/status/1395110158292893698

mexidorna.top

# Reference: https://otx.alienvault.com/pulse/60ac3ca5c7a4a34cd42f2c2b

oonnewretrieve.top
aspotube8.top
delorevo54.cyou
73burned.xyz
glibberklised.cyou
referezhu.cyou
aziretedefertyu.space
fourthwireblue.top
saloporitili.uno
davethecat.club
hihitressikol.xyz
mentokiller.top
2timesperhour.cyou
rentedhouses.top
milanotopallo.website
junkkers.cyou
excellent.pw
60kilobig.top
waserutlo.best
dudefromme.pw
regardlessnotice.top
antropometrics2.best
hreffpoz.uno
pasquelle.pw
negrotheanima.top
beslopred8.best
bleepingtrolling.pw
decarrige.top
airtopolos.best
ferrolikosy.best
beedinthecorner.cyou
chaseltd.top
detopobot.best
tranmigrust.club
trueisouthere.top
qazzy44.top
stairparliament.xyz
glioclio.top
colleagues.space
dailyselections.space
conretullio.top
namalnu.cyou
demofuisla.top
shampaolir.club
lsiuprz.club
duckdiliogio.pw
mazsertoph.site
blackermagickl.online
casablancos.top
titannicus.club
quadrogorrila.casa
worsterrio.cyou
zapahzhivot.best
quatrograbber.best
skodacar.top
ludebiliomosso.cyou
ds349onmo.online
1800whyskey.club
jikoloridoro.online
gleeserfer.fun
radioosobble.top
zasityre.fun
politicopaper.cyou
worknigger.best
testthehalf.top
tellernefer.cyou
zoorezerg.pw
muslerafootball.best
burningkuzja.xyz
beavare.top
wegoingforward.top
falalalala.online
nexttimeflopper.top
vyoturehik.top
dowblegroup.top
paserilloterrra.top
berrowernew.casa
ins34devicci.top
marsbasecolonisation.cyou
oplotyholly.top
embassyatt.co
blomdiranus.top
lysterpad.top
blastserriout.space
yozafmail.xyz
bulkikachalki.xyz
ishigishili.top
horseswood.best
winrarzip.top
ereferokiro.club
jillio55tibet.cyou
thetrainz2.fun
heffertopper.best
holdzakreppo.best
konnokaraconfli.club
hamdurget.cyou
enemyplanes.cyou
crprotoper.best
buygassa.cyou
maseratti.co
greatlongitude.top
ezopolanguage.club
ope99wah.top
kontextkassa.xyz
radarinformation.club
bluewhiteblue.top
sparkasse.icu
fillercasser.top
smallerfilterr.pw
asezmbot.pw
aswqazxjf854.uno
freeactivities.pw
aszaertiolki.top
sadwqseria.cyou
awsedc8.cyou
neverfewer.top
britishsuddoku.best
herecasa.top
mousefinger.best
soldierplays.uno
centristovogel.cyou
illioredesazerro.top
cozyfrozzy.club
futterrr04.top
pacificoceanposi.cyou
xerrrload03.top
tanksprunks.co
mdpoter02.top
cheeferichai.top
feleciagelicia.best
tigerslysanka.shop
12wandera.space
gigicasa.top
politicosifilli.pw
2kiljiondo.cyou
deliioppoe.site
daseratioklippa.cyou
washercarefull.best
cryingru.top
asitrepo45.best
asforkaterz.club
refiouthg.uno
responsedolo.cyou
bilbobulbinz.cyou
casfer.space
agriartificial.cyou
90volizmu.pw
tribleafgany.pw
pundikalo.top
tourtogreexce.space
firstcovo.pw
tyrefolo.cyou
20athenanight.space
specihero.top
kasernium.top
encredibleluck.top
lightcost.top
xzcvcvxvxcvxfx.top
bundeswear.club
ledikopaswer.cyou
linkorwship.top
aspergillio.top
feder5ru.club
futterrr06.top
plizzerino.best
freshdelivered.club
pakistanytrible.top
niduaej.co
hueabattle.co
foreversuccess.cyou
lyfterzambija.cyou
kunalamala.site
lokkinkolins.cyou
listentoljah.xyz
futterrr07.top
divisionjungle.top
xerrrload09.top
su25parasha.cyou
dasweruoutl.best
sistersbrothers.top
possipilotmission.top
pushtutrible.top
passacorarocket.cyou
nifrittilo.pw
reloadagun.top
brenttheoil.top
horrortravel.best
rozathetroll.pw
kalldereprostudo.top
slobrewelo.pw
glisserpolot.club
ballelisa.icu
400prettyboy.best
hireowe.cyou
marcelle2020.top
populationrivals.best
tyvasolo.club
hdedkilo.top
avitalion.online
opareomfre.best
virtyvaldauj.club
fertiggbox.co
tunyhouser.cyou
deflaggedteam.cyou
gelevandren.cyou
greenwhite.top
russalino.cyou
hokkerhurricane.xyz
aslillefc.cyou
aswerillio.top
aswenedo.space
ererdivisia8.uno
walirede.top
asgokillpro.pw
bigmotordetax.cyou
xoxolillia.xyz
xerrrload02.top
polterheist.xyz
1timeperminute.top
clackson.club
sissioferrigo.cyou
webhosting.club
xexxds01.top
goodbeach.top
spingland.top
formgotobig.top
ameritrainer.cyou
daweci9.uno
pickuprtvi.cyou
evtoporojk.top
postyu200.best
univmaryland.co
zalupafedor.cyou
orelresh.cyou
opusdeiorden.cyou
pidortelling.cyou
mlokiolopo.top
sleepyputani.top
klanamistress.best
fasederro.site
moriiikk04.top
sneguriko.cyou
retaerdoig.club
greenflopper.best
huyprofitarmane.best
stvoller.casa
thruthicer.best
follerring.best
23ktradell.club
biggarderoub.cyou
fedenio.best
dranyjvatnik.cyou
bottlefresko.top
deactivate.pw
saygoodbauy.cyou
tribleafgany.top
wastedfekol34.club
softlanding.top
selfitrigger.top
nffiiload06.top
ifitislovenosad.cyou
kagozeltabs.xyz
thirdfeder.top
fereoplo.club
xrt10devi.top
qassertolik.top
texasfresnos.top
boughtscreezy.space
37squ75tho.casa
11hearallsongs.cyou
deklafimonum.top
cereberetour.club
noisladominate.cyou
gulliverro.top
felpojdhf8980.cyou
quadrattokolo.club
agraminam.club
azoperfdeoti85.xyz
2kilowestern.club
exisulfur.icu
kukkriop.cyou
babinos.space
quantumoftupik.xyz
landingforced.co
hythereandhere.top
asplikottor1.best
flagoncitadel.co
backtothegrey.co
christmasdealz.space
azpergerlio.best
heretanky34.top
fmourtarito.best
otherpartofpazl.top
kloppertripper59.cyou
weakreal.top
09lawersz.club
lakirjen8.xyz
dirtyfloppy.cyou
welleater.best
spartap.cyou
businessrutuom.cyou
lasdomain.xyz
awerypidary.top
test.xyz
bomminollio.co
servepoint.space
delportio.top
pozzidlio.top
ajdzoovgjg.cloud
intimerjoel.top
10meterscamping.best
androginner.cyou
agencyiono.uno
solidstreamer.top
slavernigger.club
ocordero.site
intensemisha.cyou
karamarabach.best
aquesetu.top
grettaconfetta.top
kengurutrible.top
thirdbiggest.xyz
selfresponcible8.club
azeryforza.cyou
fucknigro.cyou
hilioherta.top
ahalfilomius.top
zilliporilli.cyou
loadamerican.top
oilrereder.top
leverlights.top
orangeisgreen.top
klioperillo.top
drugston.icu
anotherone.space
ameriplatoons.co
clubbyterry.top
gooseloft.club
dastermordaster8.site
declinesuites.top
yammupiro.top
newwest.uno
lonelover.best
wastefropp5.top
santafranta.top
azerasupra5.cyou
virulinnafre.pw
kilohardtostop.pw
greedyfopolo.best
totalitariusto.top
kderetillopo.online
81batallion.top
klopirtop.best
femaleremale.top
zappazappos.top
delimanotrousers.best
jamaguchi.top
128germanni.cyou
pasparadise.cyou
peoplewasserwar.casa
jiko455.club
wassermannshop.club
geroees.club
zaswerlito.top
rokonalo.cyou
villewerro.co
segamega.top
20bottledvine.top
restpost8.cloud
7metersforcamping.best
firsterchisel.cyou
allayzerawill.pw
45prinilop.xyz
27armybester.best
amehistonew.cyou
kjndawjdaw.xyz
monomonster.top
delemano.online
dedakolon.club
dekkiliop10.cyou
69cicopainterconti.cyou
hypergroup.best
lopotilliout.top
bantustan.club
likofeaswe.club
3gelepowagenokilio.online
bubudegert.best
ater78.cyou
roscosblows.top
pohindra.online
heavyfalkonz.top
hoistory.club
wlissywater.top
asqwertigo.club
ploasdemvnty3.top
hybridrerere.space
gioretta.best
mokkaleriol45.cyou
konto.top
garrbidge.club
eveningstarz.top
sawerememo.top
lastsallways.cyou
200senthomemuslims.cyou
havalebba.cyou
midaero.space
pfizer.space
zatulinzalupin.pw
newkolobanga.press
defilliporeit.xyz
chandleshi.top
vinchanger.xyz
funuionals.best
twogrands200.club
democrajikorespo.best
moveforward8.top
sedolawep.top
wasserquasser.best
turkeylokiol.pw
auctibox.club
zyjbohhmza.club
noacceptable.best
despedollig.top
awekiretlon.cyou
3boardeux.best
southattac.co
zhiganno.best
severewinter.co
leprasson.space
longlowbus.top
politifision.top
dollarsotke.website
hockeymanshajba.club
uppervolta.cyou
asterioidglowo.club
zovniokovpoxo.club
felliniferro.club
dronarmanni.top
streetbattles.xyz
fewdozenspeople.pw
millionworkers.top
eurochrysty.cyou
defenceshift.pw
fusbalspieler.best
prostokilo.club
germankjil.shop
aezakmiv52.top
christmasgiftstore.space
austration.icu
aderneillio.online
understandingtroll.cyou
floisthere.club
srvgame.top
muughpickt.xyz
spectacoers.online
ihcyryx.cyou
playerchess.cyou
helokido.top
thaimumbai.cyou
counterwinn.space
naturolinf.top
nffiiload08.top
oneinamillion.cyou
chacagrabsterston.top
loadpilotfly.top
greatdefbritain.top
asertypolo.cyou
zastepolity.cyou
belovedbygod.cyou
anerdtut.website
amrmaninaxuy.best
gorpokryshka.club
redislocated.top
outtvmarquise.club
scoutedevirro.space
perfectland.icu
keepacod.space
zahopaloterra.cyou
zambeziklop.top
differentcountries.top
visitgeece.space
klomperklimpon.fun
aswerellipol.top
webbio.best
dlopesazillop.fun
seduced.top
arahiss.top
rumunumoldo.casa
voldovan.top
puxuloblows.top
fedretiol.space
minibillino.top
piterkoller.cyou
panduspending.uno
lookupup.uno
avi.top
snakesofausrtalia.top
3498gladdios.top
dkilipoaswer.top
muvludturki.top
islapoliliders.best
revoluelectionusa.cyou
ninxuxu.top
meinkontopcypal.top
wifigrederlow.top
gekiloger43.best
forwardmoving.xyz
revoerdoganno.pw
ploreniutre3.best
feloporo.top
delicioustresh.cyou
neccessarywires.top
agropereprawwo.best
allways.cyou
nffiiload04.top
macphillipo.pw
wesselfront77.club
cwertoposler.cyou
zhirikpizdobollish.cyou
gogopizduny.cyou
supportayzer.shop
masigokret.cyou
fevizionn.best
vpngood.best
overzicht.top
mazafakkura.club
ceosin.space
nffiiload02.top
australianpenguin.pw
loveandflowers.pw
divautop038.cyou
negroexplu.club
rusiputipidrilo.best
belodebilo.pw
stoptheplanet.co
shenderovka.top
aspirinustrollus.top
onpixel.site
psgparis.best
sauartillery.club
march42.pw
tradplatgo.xyz
ameriplanes.co
bratvrututy.top
storegijoe.best
alcobottle.best
gladysshow.cyou
writingmessage.fun
ihrearbeit.top
firevilliowok.best
dasterholler.cyou
dastinumnan.cyou
batterygazzi.club
beerpubs.xyz
ecoproggy.club
franceswedenres.cyou
grandefirmio.cyou
gigakolobanga.press
kilokanistro.uno
munomudillo.top
whitelifesmatt.top
dohrepollitu.top
newgooddream.top
45broqngray.cyou
brightsunny.best
ilikedeskerlino.club
oligophrenejan.top
bonussokilo.online
pickuppzz.best
gravitazillio.co
poorbritain.best
2394rabbo.cyou
sderlopoilli.top
noprospective.club
11calikarotelo.fun
budnisjopper.cyou
reramolo.cyou
watergoingiz.top
monolablanic.top
seemslightpor.club
mlkieu.xyz

# Reference: https://www.virustotal.com/gui/ip-address/91.193.19.170/relations

girongasokli.top
malkomaricsad.top
timeculfing.top

# Reference: https://www.virustotal.com/gui/ip-address/165.232.185.3/relations

clusterzhima.live

# Reference: https://www.virustotal.com/gui/ip-address/152.89.247.60/relations

dukdonogirorlish.top
giraredeson.top
nativnefil.top
pakeduvistalik.top
ponduroviga.top

# Reference: https://www.malware-traffic-analysis.net/2021/05/27/index.html
# Reference: https://www.virustotal.com/gui/ip-address/45.147.228.198/relations

bediloper.top
bigeront.top
devicescout.space
disponfirules.top
garrozalibbo.click
lascakatheather.top
marslayot.top
roponavi.online
trinaa3.fun
twistcolseza.top
ytoptila.website

# Reference: https://research.checkpoint.com/2021/melting-ice-tracking-icedid-servers-with-a-few-simple-steps/

backtotop.top
prepercentu.agency
francolodok.casa
gallsoweller.club
esaquell.website
saintgermaincluff.agency
tusdumifigov.top
buzzinmaster.live
pewazutior.fun
francelosterr.fun
mislinororv.top
vindurualeg.top
iraquyidlok.golf
extravnene3.top
wazakulpa.casa
bilbotor.space
vinchanger.top
zaporedi.club
bigdogbifmur.top
confidermaf.top
jackshanter.top
fungitomik.top
coronanovirus.top
extrimesuofki.top
dekoloeo.space
gontudovingiy.top
smokeinhabds.website
moresifoliatu.top
flipperdesar.digital
90poltuiltu.casa
shiptospace.space
klosterrion.casa
hesteklobum.online
sosista.casa
extrimefigim.top
chiefier.website
naviconscs.bid
dimetriadit.top
browserupdate.online
nonprofitwerde.top
instformtosu.club
contocontinue.agency
tututvmore.fit
frshfriend200.casa
extrimebigim.top
musicmuskolino.top
hinsilipinguo.top
fighterdesert.golf
frangimingi.top
23mozzgoscanne.top
gegemocotoro.top
feelakey.top
folikkuloge.top
xenaxklio.fit
siberiaposlire.top
inkarhanter.top
gonsikolika.top
todykaser.fit
nomorer.casa
piklindaurum.top
planidogat.top
minimulibery.bid
vilkodsare.top
nobadynovoy.top
beggings.top
fertillonoatro.agency
poedkoloed.top
desantogambito.agency
collaborranto.casa
yousarenotrew.top
hartromboblood.club
nositkarta2.top
12horroser.fun
woodabeg.fun
tendaronifulik.top
phoenixsenaks.golf
royallik.uno
vindurualeg.art
hobbitza.website
zaqeurepto.casa
ujoshui.top
starginogil.top
quantokilofresh.fit
hlugoposs.top
wenettoauto.golf
brrammannen.fun
saamosuumo.bid
supnoviklon.top
boalietr.website
colsezarain.top
miglokinewss.top
killynavi.space
mikugivetonik.top
kakecupckake.online
sillkolo.space
unifaestbigbog.top
planeppilot.digital
consoloursullo.casa
goldtograbb.pw
feelingsfreshr.space
10yofcris.casa
fiziturongis.top
dacadece.fit
erlozimadam.top
torbinsb.uno
nuuuaaaretobe.top
peravolicherov.top
kindsoftpron.top
russoful.space
laquasil.top
furnifutolinka.top
ventuaustria.digital
biopewaz.fun
aspessilo.fit
ameriglo.uno
bigcostarikas.top
glooverdoover.top
faeartofaer.top
supplementik.top
bumisuevralek.top
formgotobig.xyz
vindurualeg.club
illuziontime.top
tradplatgo.top
veritylo.uno
moldorunumu.digital
agalere.club
saredurostef.top
idiomore.website
highertrully.top
gambitsniper.digital
tverrotordo.space
xantummassacre.golf
goringavizi.bid
wukuchuk.space
zoktalivensia.top
kaizerrotsosa.casa
dassauldblame.fun
lostdexsation.top
prizedassault.golf
luchinuginfi.top
grennader.space
ggbetcode.golf
captakomanda.top
litefilipiness.top
deerevula.club
durvindigo.top
nighterlikorew.casa
fiflosnurenst.top
finalllolubo.space
asralissralis.online
brokletwistzz.top
arhannexa5.top
mirducolivech.top
catanirogof.top
drannirusso.casa
darkfoxmarket.link
ginreworess.top
zakuppilo.fun
extrimedomino.top
backpackgrey.online

# Reference: https://gist.github.com/myrtus0x0/12b088ab863c5ffc56d84e76712c5f3b
# Reference: https://www.virustotal.com/gui/ip-address/45.142.215.229/relations
# Reference: https://www.virustotal.com/gui/file/b4f8da4dadd6a3f18b98cd39b3d6202d0afcc46db01fbcf792daf0cd36dbd85c/detection
# Reference: https://www.virustotal.com/gui/file/af23d4b7238e7c34710202627722c7d2bb02645380f13066b16d6d8352545e35/detection
# Reference: https://www.virustotal.com/gui/file/d2bc8d2ed345e62138546ba148598641bbf2fe93e9749dad262bf4dcb9117305/detection
# Reference: https://www.virustotal.com/gui/file/81b3ef4c1b47b1f4376b5e887c2c0ff26443cb7204a92d4e815ce1bd88d4e2b5/detection

dilmopozira.top

# Reference: https://gist.github.com/myrtus0x0/e8b191faa086c9b05e3978c3836fca51
# Reference: https://www.virustotal.com/gui/ip-address/193.203.202.108/relations
# Reference: https://www.virustotal.com/gui/file/b5f54359c7ea11c5cece6fb2420b392ed8b7f84e2351e31fe687fa7c03ded5d6/detection
# Reference: https://www.virustotal.com/gui/file/5f035283ef433b5a12b51c7f3157ce9a720df74b192080b465db277341bfed4d/detection
# Reference: https://www.virustotal.com/gui/file/c57f1c661a21b7d160633f48c45a5a3eb9272762f9e88996a488a3d6362928f4/detection

potimomainger.top

# Reference: https://gist.github.com/myrtus0x0/d860787abe5580600835182a70f50412
# Reference: https://www.virustotal.com/gui/file/c3cfec44f342c82d31689da86150710b21a25492a9ce1ad634d700f0e4a8ae5f/detection

calciumasta.top

# Reference: https://gist.github.com/myrtus0x0/835bc1bba8688587f37c25ea2cd09bb5
# Reference: https://www.virustotal.com/gui/file/defcc722a2816c05bd0331858b3a4f51735ff7cf89f4f35649c48cc09f36aa2a/detection

dietarydog.top
zverrokodo.live

# Reference: https://gist.github.com/myrtus0x0/68fd792038380ba4e334b28ff9325d4f
# Reference: https://www.virustotal.com/gui/file/c2e8e316fd877dca1e06fadbda3fd01ae4dbc6d2d1eb8a8ad3eff6ca7f8f56a4/detection

lascakatheather.shop

# Reference: https://gist.github.com/myrtus0x0/c4863c504e76d45f35f4517c644506da
# Reference: https://www.virustotal.com/gui/file/39dde7049b772424639030d139edf59fb1f227604c6a3a16218868f9c64cbee5/detection

immotransfer.top

# Reference: https://gist.github.com/myrtus0x0/408f68a8df12fbadcf5a9d122de06ce4
# Reference: https://www.virustotal.com/gui/file/30f9f6b1b6e37477070d73bb964e95df8ae10b358a72c240ca3f2cc9e56992ec/detection

mappingmorrage.top

# Reference: https://www.virustotal.com/gui/file/66cd46fecdfc361be5c9c75c51b4c84cebc82030da79b219de59e968aca61209/detection

fintopikasling.top

# Reference: https://tria.ge/210621-pd63fl26fn
# Reference: https://www.virustotal.com/gui/file/3839ea5f86c4ebc8036ab26cfee2b0e05893a6b276d39ba23b75980c4db4c8a4/detection

bethehill.trade

# Reference: https://labs.sentinelone.com/evasive-maneuvers-massive-icedid-campaign-aims-for-stealth-with-benign-macros/
# Reference: https://otx.alienvault.com/pulse/60d584d46294b971bc361a14

epicprotovir.download
essoandmobilcards.com
immotransfer.top
kickersflyers.bid
mappingmorrage.top
momenturede.fun
provokordino.space
quadrogorrila.casa
vaclicinni.xyz
vikolifer.top

# Reference: https://www.virustotal.com/gui/file/f611aa0d43e504d3542d9533fbdff4c29d552d4aa57b64b63f63ba869f449e3e/detection

http://45.90.59.28
goateyeball.xyz

# Reference: https://www.virustotal.com/gui/ip-address/185.81.114.9/relations
# Reference: https://www.virustotal.com/gui/ip-address/195.123.233.17/relations
# Reference: https://www.virustotal.com/gui/ip-address/54.197.173.238/relations

compozitiminass.top
dakestoci.top
expinodarver.top
ladvsa.club
livungomer.top
piramidionno.life
pronews.icu
revedanstvy.bid
selenaserena.today
tukolanichka.club
wokitoki.top
zacepeneni.bid

# Reference: https://gist.github.com/myrtus0x0/23ceaa099b5ad11d9586e6c2bd119844

amanekjacks.top
clinoridaf.club
dopplercripper.top
feedbackportal.pro
ispaniolla.top
latevanthave.top
libereftornia.top
makeeris.top
odinom.bid

# Reference: https://gist.github.com/myrtus0x0/4bb17522271df974a6285b42214c4622

akapuliaka.top
canicomfinfera.club
ceracallones.top
lookdebreser.press
mestarimopillaf.club
piramidionno.life
venozzoleaker.space

# Reference: https://gist.github.com/myrtus0x0/5451ca8df04cd9508d7a4ec1d0d9e52b

akapuliaka.top
astrocycle.download
ceracallones.top
galoneskil.top
iserunifish.top
lidclimmon.top
parkinihol.top
rengadomist.top
souldeppen.today

# Reference: https://www.virustotal.com/gui/file/785bb011059028a6612df7f56f67ec3685374dc1f529470c013bc1e7b052bfa6/detection

meronekis.space

# Reference: https://www.virustotal.com/gui/file/e3c147716e64c815e5dc014d3b16f90be4d9c6a11809561283825e6377ce8487/detection

miterinader.space

# Reference: https://twitter.com/James_inthe_box/status/1417509107309760517
# Reference: https://twitter.com/James_inthe_box/status/1417520502248148992
# Reference: https://app.any.run/tasks/2c864a76-aa26-4dcb-b946-757bdce06a29/
# Reference: https://www.virustotal.com/gui/ip-address/139.59.66.245/relations
# Reference: https://www.virustotal.com/gui/ip-address/37.1.195.84/relations
# Reference: https://www.virustotal.com/gui/file/08b05618d409cddfec04ae19319e929e3568fce467fbb14bf9f11429c51f7041/detection

feedbackportal.download
aldebaranz.fun
dongandge.fun
engivesci.top
erisvenus.top
fooldinort.top
maxifilorihi.top
orhinosementris.club
oscanonamik.buzz
legangraffer.life
morevigpekiulin.top
survoning.top

# Reference: https://twitter.com/fr0s7_/status/1421136378210013186

gilinsbigtop.com

# Reference: https://www.virustotal.com/gui/ip-address/5.61.46.164/relations

kastfiron.top
perincikies.club

# Reference: https://www.virustotal.com/gui/file/0b14383f52be57815dd216e13c3fabccfa05b3e5e382045fbaed210f8188549a/detection

72years.fun

# Reference: https://gist.github.com/myrtus0x0/8c4b64bfcb192a451260a1d3288d9b45

bilopernolifa.club
humadiscifil.buzz
mosvilenralina.fun

# Reference: https://twitter.com/malware_traffic/status/1420105986312921089

munardis.space

# Reference: https://www.virustotal.com/gui/ip-address/8.208.88.252/relations

365cashl.com
desk-infomno.work
milbankllp.net
poyerl.com

# Reference: https://www.virustotal.com/gui/file/99b33d046b950bfe1d39e73d6ca0a1c071a0653b979094a8680da8ad22604e90/detection

menoiras.space

# Reference: https://www.virustotal.com/gui/file/9140fd537bf5f86928a95b306d11831a8e59717206767aae991c8331ebcf7bb2/detection

moigoran.space

# Reference: https://www.virustotal.com/gui/file/ca6d2c89e020068722d1509a6e77ceb3b1b821682018206e2a0e28876f9ed2f6/detection

tovubey.info

# Reference: https://www.virustotal.com/gui/file/fe4d4eced33ae01a282646bb1c9ea572f97816d0487648c817bdfbfe35d8f6db/detection

tagutyy.info

# Reference: https://www.virustotal.com/gui/file/ae93a0e0085bcae5ec9f21cb71df0b7d3a6682fa5c8ac4e763f70884cb7bf5c6/detection

denazao.info

# Reference: https://twitter.com/teamcymru_S2/status/1423643504723603457

hamaderoning.club
haumeaquaoar.top
vickimirovit.top
venuscera.top
remiginuedsal.top
yankisnop.top
astrallis.fit
morevigpekiulin.club
lemendioz.top
nexaamanek.top
humadiscifil.club
inifastkolin.club
filinrgincost.club
cookfidapis.top
2s1.top
popolojogilni.top
melbourneangelika.fit
westopiseres.top
grandopoop.top
livertom.top
iserunifish.club
havakf7.bid
lingreskoginuchia.club
dilorefinhoch.top
katgichiniad.top
parksoliteram.club
indigogo.website
derefilosvato.fun
eudimalinka.top
nocelmozzvi.top
amenigmals.club
aloporeftio.club
filinrgincost.buzz
glipwilson.top
dumarilovelaga.top
grandopoop.club
bresonimagifiy.top
obizizafun.top
akapuliaka.club
payanattention.download
gvadamaxala.top
materialsuncovered.press
hanonedika.club
operovishionshi.top
hilogrilim.club
mysteginga.top
bivemidoorning.top
quaoarmakemake.top
topyotanesla.top
ymiraymiradil.club
weakstart.bid
iylifeshunia.top
restprodefine3.bid
filshilkamira.club
wazoploretmbir.online
spinoschirkovni.buzz
fInGoPAsKILEM.buzz
eoeohopehope.club
vindurualeg.xyz
courtrecordingz.online
tatwithsac.club
combozpazom.online
zilivibez.top
nurofenexpressfortetabs.website
2.top
modewater.top
grandopoop.buzz
djeniforikam.top
undorepair.click
natihoresilimi.top
yachtbooking.xyz
deservethis.fun
eudimalinka.club
indifigatualim.top
operinogildan.top
randgraze.club
fingopaskilem.buzz
maksilenoviresta.top
afrisumiliman.club
silinsekraft.top
wiskotoniks.club
asverilim.club
gazzetto.press
geogeooppe.club
thishishigov.top
zilinfed.top
gvadamaxala.club
duvinodigatomia.bid
megafangchain.fun
salaciahaumea.top
timesilgeren.top
zincforward.top
mideliidalgo.top
gerimoling.club
simboul.fit
caminingco.club
ymiraymiradil.top
silawatergim.club
bigimigiriven.top
gonhooupe.fun
himilimlika.club
tranmigrust.xyz
gsterangsic.buzz
mergeotiska.club
nanahanafi.top
wiskotoniks.buzz
rainkarrigan.top
exmailsixtry.top
somefildrea.club
plutosalacia.top
rangbanksolstot.club
islandimeron.club
domigilamorov.xyz
oscanonamik.club
elbigiddim.xyz
magicolipka.top
pistols.fit
instformtosu.top
kalcimeroni.top
dirstovesiy.top
nikonexa8.top
gonggongtouze.top
solgarstat.top
waserfootgled.club
flourayder.club
westburgim.club
ispaniolla.club
srikeoffsil.top
humadiscifil.top
xhinedralliok.top
filipinekaus.top
haunliberty.top
dugilonimaska.club
perincikies.buzz
wamosforza.bid
kontokonih.top
bryanfilogistar.top
perfundilin.top
eitherwayinc.buzz
oscanonamik.top
angleeherma.download
porvimmount.top
newgeneradete.uno
teamfinfintop.club
kerberrtennis.download
sukilomenfi.top
comaseuou.top
riferelclin.top
danemarkneutral.fit
dikloferdbred.top
himolinga.top
astrallizz.agency
mideliidalgo.club
pobunwestrou.top
toldopened.press
9847germany.bid
filshilkamira.top
riderskop.top
silidervinga.club
stornihivesturaf.club
hanterniko.top

# Reference: https://twitter.com/Max_Mal_/status/1426167519358894087

bigben-soft-down.com

# Reference: https://twitter.com/StopMalvertisin/status/1438603577568595986
# Reference: https://www.virustotal.com/gui/file/f0d20ffd85cb4c09f65f2a7bce9768b4c7cae0720dafcde846528a3711a9e1cc/detection

mulenoras.space

# Reference: https://twitter.com/phage_nz/status/1446236115342487555

mopuketo.space

# Reference: https://twitter.com/seguridadyredes/status/1450733984636448769

vagenor.space

# Reference: https://www.hybrid-analysis.com/sample/ca56b35917e49868e70ba5e3fc328c776de8c9af361e4b3fc5010762c9e68e67/60d9ed1b27d48c1af94d9d0d

moriovalex.space

# Reference: https://www.virustotal.com/gui/file/23c37ad86e5ff11652d28bf0c5a49c7bdcbffbcc109a6037ca9b30bf81ae6eab/detection

vanordast.top

# Reference: https://www.virustotal.com/gui/file/67621214101cdc9e82be2f0e6ae523213f221612d5ef3bd74799bfe1680f9cfe/detection

moseronado.top

# Reference: https://www.virustotal.com/gui/file/c6491ea496c4ad11d6d29560621430eabf05c74a0bb29b3b5c605e6363f67dde/detection

mazeba.space

# Reference: https://www.virustotal.com/gui/file/ddfce90a7b4db3ebb535327a24e9519884cd8427e2e8de27274f0fc6113ef5d4/detection

miniotis.space

# Reference: https://www.virustotal.com/gui/file/d301a4aa9f908055a96db590e94efa81e65b3f7acee7ec29d626f09ade86efc1/detection

meshura.space

# Reference: https://twitter.com/ffforward/status/1457689811872006145
# Reference: https://www.virustotal.com/gui/ip-address/188.130.139.215/relations
# Reference: https://www.virustotal.com/gui/ip-address/62.173.154.193/relations
# Reference: https://www.virustotal.com/gui/file/08d35cdc49c5c313592172dd5911c117080b30c3f0ccc91e4a69ecd7399e310b/detection
# Reference: https://www.virustotal.com/gui/file/d807d8a8c2bdfd731e24d56fc33398a86a553c927ca8237b223ccbab7eba93d3/detection

agenziaentrate.bar
centrale.bar
centrale.casa
connecter.bar
contenente.com
direzione.bar
direzione.casa
interline.bar
securelights.co
liquidaz.bar
statsgo.bar
statslink.casa

# Reference: https://github.com/hpthreatresearch/iocs/blob/main/IcedID/domains.txt

aboutbest.top
accessfin.top
adjacentlim.top
airportslim.top
aisinlipfo.top
anothersok.top
appeartin.top
arizonabig.top
articipanttin.top
bandwidthmas.top
belowilin.top
centrallim.top
commamas.top
commerciallim.top
considerbest.top
consistentin.top
containsbest.top
contibig.top
controlsit.top
counteredilin.top
creaslipfo.top
databasfin.top
defaultsbest.top
dependssok.top
describedsit.top
differentsit.top
domalipfo.top
dredgedlim.top
ebsitiofilin.top
eceivedilin.top
ectionilin.top
emergesit.top
emotefin.top
emporfilin.top
encounterilin.top
encryptionfin.top
enhancetin.top
ependinilin.top
eptemlipfo.top
erformedilin.top
ermanenerilin.top
erraizinbig.top
essagenerilin.top
examplesok.top
featuretin.top
fieldsmas.top
functiofin.top
functionssit.top
generatedmas.top
gistratiofilin.top
guesssok.top
hangetilin.top
hardwarebest.top
ignatedorilin.top
inistratorilin.top
installinfin.top
instantlytin.top
intuitivelysit.top
istederilin.top
landinglim.top
listedbest.top
machinebest.top
manytin.top
menisotabig.top
menkitostbig.top
ncreaslipfo.top
networkbest.top
nnelforwfin.top
northwestlim.top
numericmas.top
obviouslsok.top
olesalelipfo.top
omainlipfo.top
ongoingsit.top
operatingbest.top
optionsok.top
otherwisesit.top
parametermas.top
previouslylim.top
pricelipfo.top
primarylim.top
principallim.top
psycopfin.top
purgingsok.top
querymas.top
raisinglipfo.top
ransfelipfo.top
ransferlipfo.top
rathersok.top
readabilitytin.top
removingsok.top
requiremas.top
requiringsit.top
returnedmas.top
revisiontin.top
rivatefin.top
rocesdilin.top
runningbest.top
runningfin.top
rwarderfin.top
seaplaneslim.top
seekssit.top
separatemas.top
servicelim.top
shouldbest.top
shouldfin.top
shouldmas.top
simplifiedtin.top
somebodysok.top
sometimestin.top
specifymas.top
structuresit.top
successilin.top
surroundbest.top
temberlipfo.top
thousandssit.top
tinanbig.top
tomeredorilin.top
towigetibig.top
tructuretin.top
undertin.top
ustomerilin.top
usuallyfin.top
usuallysit.top
vailablfilin.top
valuemas.top
vironmenfin.top
whensok.top
whichmas.top
wholeslipfo.top
wikitexttin.top
wilasgenetibig.top
wildlipfo.top
wilnusbig.top
withoutilin.top
writtensit.top
zhesezetibig.top

# Reference: https://www.virustotal.com/gui/file/7636d563c16a37aa05fdbe2b29e65c934f3f25d08b48d5ce91f3023e6f2e5729/detection

mosteplo.top

# Reference: https://isc.sans.edu/diary/28092
# Reference: https://otx.alienvault.com/pulse/61aa07f043e4aceac901d572
# Reference: https://www.virustotal.com/gui/file/47e775bff0696d3f49ad26e602a55c327c07083029a35ab26f5c8f330c2f17e9/detection

baeswea.com
bersaww.com
normyils.com

# Reference: https://www.virustotal.com/gui/file/e4f7dcb2a4dcf96c89f7b2cd36694d160c4b090f84cd5ad7a7eee3eb299a6a48/detection

enricowilli.top

# Reference: https://twitter.com/pr0xylife/status/1467832306899501057
# Reference: https://www.virustotal.com/gui/file/cd31327b2c7b3d8e90a06c1194f847c81c51ac72d0f16db9aec520a594b84507/detection
# Reference: https://www.virustotal.com/gui/file/f05e9edc503214f7826d228b888ddcfd5d78e922d540968eaf20c5cc03b8f2f3/detection

vopnoz.com

# Reference: https://twitter.com/ConfiantIntel/status/1468268331631521792
# Reference: https://www.virustotal.com/gui/file/f75415ca82c111ef1070c5f3ab47cd099d8ecf2681c2ee3fc51ed5d9d2a95fa6/detection
# Reference: https://www.virustotal.com/gui/file/600a21358e2cc2d5d50b014c4a4df03435b136bec0ee7903eb88d4368fe37647/detection

braveapp-browser.com
panyinth.top

# Reference: https://tria.ge/211209-wj1dqaeedq/behavioral1
# Reference: https://www.virustotal.com/gui/file/33fd2f2b2053150f21129807c381d38874c7622d207a8d036782db82cc61455b/detection

nchestothe.ink

# Reference: https://twitter.com/pr0xylife/status/1469294797466877957
# Reference: https://www.virustotal.com/gui/file/bbc7fdaf1d7c5886d564096f7923c75235a373230d60a40a20670be117f860dd/detection
# Reference: https://www.virustotal.com/gui/file/f9f62722ff249e8219d4864dc46a1bbb3871b1b3f9c4139ffe2726b8f6f27ad0/detection
# Reference: https://www.virustotal.com/gui/file/cdaed6e6cdcbde86a775f0fa3be338b4dd9e11a6bb418464287ed8a28fb7c429/detection

jeliskvosh.com

# Reference: https://twitter.com/Unit42_Intel/status/1470778363254128651

asrspoe.com

# Reference: https://twitter.com/malware_traffic/status/1470943087589576713

foeldans.top
mordister.top

# Reference: https://github.com/ti-research-io/ti/blob/main/ioc_extender/HP_IcedID.json

4gerulit.pw
7pliopre.pw
9zlopout.pw
accessfin.top
additionalsupport.fun
airportslim.top
allegrinno.website
alofisolokay.fun
alphaselested.quest
anuonuribids.store
anystemmin.top
aszepolityu.fun
ativestob.top
augustfinished.online
awesillo.live
azerqwe7.pw
bafikalop.top
bandwidthmas.top
bansoffgo.rest
befederehop.fun
behappyterr.rest
billiwilli.top
billobully.space
bounappetid.fun
bouncedsar.site
brasecaps.work
bravoizzy.space
brieven-post.nl
burgomustopr.rest
byfekaxo.rest
centrallim.top
chats1s.org
chinabejing.cyou
commamimubebe.site
commerciallim.top
confidermaf.top
coolandprofit.business
coscoplayer.top
counteredilin.top
creaslipfo.top
crumiaopozzit.fun
dasreropolo.quest
dassaretillop.fun
databasfin.top
deltasdoklir.club
dockslim.top
doestomtell.rest
domalipfo.top
durvindigo.top
duvinodigatomia.bid
ebsitiofilin.top
eceivedilin.top
echobendol.fun
ectionilin.top
eitherwayinc.buzz
emotefin.top
emporfilin.top
encounterilin.top
environmentbest.top
ependinilin.top
erandtheresult.top
erformedilin.top
ermanenerilin.top
essagenerilin.top
essaipienure.space
essarovidnure.space
ewhopsilind.top
extrimebigim.top
fallelected.casa
felixsaz.site
feretiop.top
ferfreenights.site
ferroparromo.fun
festworfs.site
fighterdesert.golf
financeexactly.site
firzittoser.site
flipperdesar.digital
flipperzillo.quest
follytresh.co
gabbyhaddy.site
gcl-gb.biz
ghttoolsandtrai.top
gistratiofilin.top
gitancea.com
godjenkli.top
golfvillok.space
grimesfunds.com
guesssok.top
hangetilin.top
haseoploer.live
headwayndred.rest
healthythat.top
hedorret.one
heywanted.top
highbigdeaz.top
huavertion.bond
hulebotetatet.online
hulojipo.store
icehokkfer.online
ignatedorilin.top
infocorp.hu
inistratorilin.top
interesmmingnstr.fun
inthedecision.top
intongettingr.rest
intonghundred.rest
intonthsnstr.rest
intrusidril.fun
istederilin.top
jackshanter.top
junepackage.site
juristaklio.store
kaferbigmirems.top
kiloveliks.club
kingflipp.online
klosterrion.casa
kostopilogreezy.top
kummamemybaby.rest
ladeytreh.top
lagafiatnil.top
lakogrefop.rest
laomdpsolaszas.site
lasticjugs.top
leaguensuti.top
liderphildom.rest
lobotomyfelixo.space
loboudelima.fun
lokidasterreno.site
lokiwaderty.space
lopokihoiop.online
loppidoaster.site
macroniislami.top
mainfilduenigra.top
minimike.quest
minnideviju.online
miterb.casa
moawimmingnstr.fun
monstraview.fun
motioarketplctly.site
mynokolop.fun
naffalno.site
ndmarkrepo.top
nighterlikorew.casa
nlmain11.email
nnelforwfin.top
nobadynovoy.top
numereshka.top
obviouslsok.top
odinom.bid
oecipienure.space
omersure.space
omingnut.top
onmentalsocio.top
orgfunine.live
oscarnextweeg.store
oubteditwouldw.top
oughthepla.top
pambabama.site
parradocorradu.top
pawemilokder.website
pedrosimanez.fun
pervisolniy.top
planidogat.top
playstation-5.shop
plodaserkilo.store
plovdovdiw.space
polokilopohu.fun
pozaludasun.fun
ppointingoptio.top
priorodur.site
privnelistka.top
problemsok.top
programsexactly.site
propatientactly.site
raisinglipfo.top
ransferlipfo.top
rapkloew.shop
regulatorrie.website
remiginuedsal.top
reteredelete.top
returnedmas.top
ribedexperi.top
roadswendy.top
rocesdilin.top
rowncommu.top
runedomerki.space
sadfor.top
saintgermaincluff.agency
salvadrillo.club
sartanian.site
sattelitekrebljad.top
seaplanelim.top
sedefijiko.space
septembergloved.fun
shouldfin.top
shouldmas.top
sigmentinj.top
sirovincher.top
soliverhone.top
sosistopililo.top
spinoschirkovni.buzz
stenion.bond
successilin.top
surfgoklub.surf
temberlipfo.top
thesreiste.site
tomeredorilin.top
ubotmarinerz.top
undertin.top
uszpoyem.rest
viewsketplctly.fun
vikollaser.space
washingtonkulli.online
wassertulip.store
watercilk.top
wenettoauto.golf
wertigofighter.fun
westvirjin.space
wheregreen.top
winuvinnosluk.club
xantiokisa.surf
youngsupporter.store
ytredesa.store
zasewalli.fun
zixermacher.surf
zokawero.fun
zolawetyup.website

# Reference: https://www.virustotal.com/gui/file/241589089e32610bf1d0620cec1d1b6905b0426d3125e7047bb275d962f226cf/detection

hipnoguard.com

# Reference: https://www.virustotal.com/gui/file/7e0e44c6eebb41fde83f2bf22ce3d2f922700a95516bd54e5cdcda2ba0fff984/detection

carpricegoods.com

# Reference: https://twitter.com/1ZRR4H/status/1478051871608737797

setup6.com

# Reference: https://www.virustotal.com/gui/file/ea6a267897a57adb46981d707b6b9426f9e13513240bb1c78521d20744ade6fd/detection

greshman.xyz

# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-01-05-IOCs-for-TA551-IcedID-with-Cobalt-Strike.txt

xijsry.com

# Reference: https://www.virustotal.com/gui/file/ee23c428b222722444fafe6bffcfc77283f3fecfa0946a44e35041ca732fa78f/detection

joikarendal.com

# Reference: https://www.malware-traffic-analysis.net/2022/01/06/index.html

landofrayz.com
upperdown.eu

# Reference: https://thedfirreport.com/2021/10/18/icedid-to-xinglocker-ransomware-in-24-hours/
# Reference: https://otx.alienvault.com/pulse/616d8a397ff2ac1abbc9d7e6

calseled.bond
feedbackfileweb.club

# Reference: https://twitter.com/executemalware/status/1481048885284020230
# Reference: https://twitter.com/ffforward/status/1481053245728505858
# Reference: https://tria.ge/220111-3wq45sadan
# Reference: https://www.virustotal.com/gui/ip-address/159.89.171.14/relations

heyintrodu.top
ildrenmightf.top
olerantand.top
ovedfromasi.top
reverdoome.top
teredaroundcarb.top

# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-01-12-IOCs-for-IcedID-with-Cobalt-Strike-and-DarkVNC.txt

charliedeffer.store
hashingold.top
lasticjugs.top
namerikode.uno
ouldmakeithapp.top

# Reference: https://www.virustotal.com/gui/ip-address/185.70.184.59/relations

beltypolon.xyz
delegator.top
gorrilazada.top
trainfaressite.top

# Reference: https://www.virustotal.com/gui/ip-address/174.138.59.117/relations

severecouckarachi.top
trafficgigabest.best
trainfaressite.top

# Reference: https://www.virustotal.com/gui/ip-address/89.105.202.54/relations

aviasale.club
hillerkiller.top
pentestfile.pw

# Reference: https://www.virustotal.com/gui/ip-address/149.255.36.159/relations

2020miners.best

# Reference: https://www.virustotal.com/gui/file/0b0b92a625911a7065cf0e48d470acac71290c6832363a715b1f46aff01fe4c8/detection

instarobotics.club
instarobotics.pw

# Reference: https://twitter.com/mojoesec/status/1483471457346854912

fusingcity.top
nicagreenco.top
thehandof.top

# Reference: https://twitter.com/mojoesec/status/1485646686940803082
# Reference: https://www.virustotal.com/gui/ip-address/143.198.229.198/relations
# Reference: https://www.virustotal.com/gui/ip-address/159.223.167.251/relations
# Reference: https://www.virustotal.com/gui/ip-address/164.92.214.108/relations

artiminiduska.live
demicthatmo.top
domigilamorov.xyz
filomosoliv.live
ginwhiskye.top
greatwhen.top
hisbacteriu.top
recpitanium.bond
thishishigov.top
vulcuntulin.top
youfomeclin.top

# Reference: https://www.virustotal.com/gui/ip-address/195.123.233.52/relations

moskowfloppy.host
omenalostiganing.top
surinoaminon.top

# Reference: https://www.virustotal.com/gui/ip-address/185.123.53.132/relations

moskmono.fun
thezikest.bond
zinozenned.site

# Reference: https://www.virustotal.com/gui/ip-address/185.186.246.147/relations

dilimoregration.top
iterrationobj.site
mousetopdiming.top
plovvored.rest
readyplovi.store
roundcludiska.top
ulencpiegelhost.quest
whoisthisa.site

# Reference: https://www.virustotal.com/gui/ip-address/159.65.84.9/relations

filovgosti.fun
grizlimaunt.top
moapprovednstr.fun
motionaentactly.site

# Reference: https://www.virustotal.com/gui/ip-address/5.39.222.193/relations

heroesdininh.top
ferropitollo.space
foxfulderlend.bond
westcostrimer.top

# Reference: https://twitter.com/ScarletSharkSec/status/1486086933122011148
# Reference: https://app.any.run/tasks/c72d33cd-fe12-4652-bc80-342c18926360/

daferton.top
/30fdh3fdh/update.dll
/30fdh3fdh/update1.dll
/30fdh3fdh/update2.dll
/30fdh3fdh/

# Reference: https://www.virustotal.com/gui/ip-address/172.67.146.72/relations

mosserdau.top

# Reference: https://www.virustotal.com/gui/ip-address/104.21.6.161/relations

xulokapis.top

# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-01-27-IOCs-for-Contact-Forms-IcedID-with-Cobalt-Strike.txt
# Reference: https://www.virustotal.com/gui/file/b646d0f1fb4b580c6d1465049bc0108b2d6ac78d2405dee00dc641f38fa16631/detection
# Reference: https://www.virustotal.com/gui/file/1b9c356da9b2c510d1f78b421b6b2f560c35b2e4c2400a5f5afa281c753292ac/detection

asoperdo.com
coolbearblunts.com
cooldogblunts.com
karunamanke.com/wp-content/plugins/elementor/modules/admin-bar/png/picture.dll
/alt1/1.dll
/alt1/2.dll
/alt1/3.dll
/sddk2fe09/1.dll
/sddk2fe09/2.dll
/sddk2fe09/3.dll
/sddk2fe09/

# Reference: https://www.virustotal.com/gui/file/45ab30436c5ef0c3efd2716f60600b1fbfa149e533dd34b00803d56315ffb0b1/detection

hdtrenity.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1488511090090721280
# Reference: https://www.virustotal.com/gui/file/c5b2f6184f9ffbffbc4d1b1ff9755790d06619bde2c82ff08148397b751b241d/detection

cleverballs.com
vipinbiz.com

# Reference: https://www.virustotal.com/gui/ip-address/198.244.181.229/relations
# Reference: https://www.virustotal.com/gui/file/7389ce92adff4756d4d46ccf5f04e2c8fdaaf4774055eeeabce70991265b9834/detection

keepfootbal.com

# Reference: https://isc.sans.edu/forums/diary/Stolen+Images+Evidence+Campaign+Continues+Pushing+BazarLoader+Malware/27816/
# Reference: https://www.virustotal.com/gui/file/5a22e9bde5aaed03b323e5c933c473e9ba3831f4473790a3d4394baefe809d8a/detection

mabiorex.space
zvanij.space

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-01-19%20IcedID%20IOCs

statmorte.top
/stat8112.php

# Reference: https://twitter.com/JAMESWT_MHT/status/1493948743770644482

carziano.com/box.php

# Reference: https://twitter.com/JAMESWT_MHT/status/1493971547413008386

abouthemes.com

# Reference: https://twitter.com/D3LabIT/status/1495694866214526977
# Reference: https://twitter.com/reecdeep/status/1495696814460313603

adnmarketing.ec/robostar.php
expovivienda.ec/rockys.php

# Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_08.03.2022.txt

golinisye.top

# Reference: https://twitter.com/C0ryInTheHous3/status/1501310367607115779

byteguess.top
dilinorenka.top
erminasarav.top
fikasterwer.top
filimaslika.top
javcomics.top
jevejosader.top
loniferast.top
opertinulag.top
qwesteresiler.top
silinifarma.top
timalerinastel.top
topcomic.top
vilivadertum.top

# Reference: https://twitter.com/felixw3000/status/1502282160203608067
# Reference: https://www.virustotal.com/gui/file/101b6b6bec4ae6e698d793d1f9d1a905c03bac2da987ba68033a16fed414a95c/detection

oceriesfornot.top

# Reference: https://www.virustotal.com/gui/file/e82bade1258a56f6f6850665759a682ffeeaaf57d62200687ebcb110deea75b9/detection

yourgroceries.top

# Reference: https://www.virustotal.com/gui/ip-address/164.90.198.40/relations
# Reference: https://www.virustotal.com/gui/file/7a6c42343b3d422c9f6f5c72763645b8f1b4931c609c320e60816aee55e4ae8a/detection

arelyevennot.top
emicthatmov.top

# Reference: https://twitter.com/C0ryInTheHous3/status/1502311804172705795

sapp.top
upmax.top

# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-03-21-IOCs-for-Cobalt-Strike-from-IcedID-infection.txt

antnosience.com

# Reference: https://www.virustotal.com/gui/ip-address/103.208.86.139/relations

otectagain.top

# Reference: https://www.virustotal.com/gui/ip-address/188.166.154.118/relations
# Reference: https://www.virustotal.com/gui/file/98b3471ac865e7cc6cc5712ab0db76c476fd861828267284a6aa40c802737b2e/detection
# Reference: https://www.virustotal.com/gui/file/16641647772f6572cdf8554198279560e98ce8e686f4433ca64e2031b8ffabdc/detection
# Reference: https://www.virustotal.com/gui/file/9082c327ecf9c7bd9bd98c62a82e235165e8e11272998b63a66771da49be75f0/detection
# Reference: https://www.virustotal.com/gui/file/08d30d6646117cd96320447042fb3857b4f82d80a92f31ee91b16044b87929c0/detection

http://66.150.66.167
ertimadifa.com
ritionalvalueon.top
rivertimad.com

# Reference: https://www.fortinet.com/blog/threat-research/spoofed-invoice-drops-iced-id
# Reference: https://otx.alienvault.com/pulse/62443e7a14b711f66588af60

ssddds1ssd2.com

# Reference: https://www.virustotal.com/gui/ip-address/172.105.27.36/relations

demandingsok.top
detreville.top
docupolotrew.one
dolinawestby.top
dudilifonika.top
eriumyers.top
logithechimka.top
pealinimor.top
restonfreeon.uno
rtofmethough.top
tsasafuelsou.top

# Reference: https://www.virustotal.com/gui/ip-address/164.90.204.224/relations

bidilisimo.top
dilinostarenashik.top
krestilife.top
versonizonkil.top

# Reference: https://www.virustotal.com/gui/file/baeb13eea3a71cfaba9d20ef373dcea69cf31f2ec21f45b83f29f699330cb3e3/detection

guguchrome.com

# Reference: https://www.virustotal.com/gui/ip-address/147.182.222.62/relations

applesflying.com
balliordan.com
biglaneat.com
firstdatachannel.click
flourmat.com
grandtexen.com
helloshoplegs.com
northspaceline.co
oprenfirst.com
upperdown.eu

# Reference: https://www.virustotal.com/gui/file/f1dcb3697e577e8e6bb142895901d864a05b33254e1f4b548b2be6e0dada36a3/detection

hdgravity.com

# Reference: https://isc.sans.edu/forums/diary/How+the+Contact+Forms+campaign+tricks+people/28142/
# Reference: https://otx.alienvault.com/pulse/61bb31bceb547f7142333d49

maruadix.top

# Reference: https://www.virustotal.com/gui/ip-address/185.236.202.192/relations
# Reference: https://www.virustotal.com/gui/file/880758a1cead6e79acd46b54beae951c7502bd999d9206653ffea10ef26f6195/detection

gawanacool.pw

# Reference: https://cert.gov.ua/article/39609 (Ukrainian)
# Reference: https://www.virustotal.com/gui/file/de7bcc556dde40d347b003d891f36c2a733131593ce2b9382f0bd9ade123d54a/detection

http://168.100.8.42
dogiraftig.com
ndlestomak.top
rresteraftin.com

# Reference: https://twitter.com/fr0s7_/status/1514714765377028102
# Reference: https://www.virustotal.com/gui/file/d4b2f91ae5c196d6b21e2a5eef18a319b27208aab834630b381afec32ea9455f/detection

http://212.224.118.163

# Reference: https://thedfirreport.com/2022/04/25/quantum-ransomware/
# Reference: https://www.virustotal.com/gui/ip-address/138.68.42.130/relations
# Reference: https://otx.alienvault.com/pulse/6267bb8eb8865618367f89eb
# Reference: https://otx.alienvault.com/pulse/627a7e1ce34132677bd27640

http://188.166.154.118
dilimoretast.com
seaskysafe.com

# Reference: https://twitter.com/phage_nz/status/1524206904733364225

olodaris.com
yolneanz.com

# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-05-10-IOCs-for-Contact-Forms-IcedID-with-Cobalt-Strike.txt

callbackhubs.com
eldingdayl.com
ganjicow.com
meanforthen.com

# Reference: https://twitter.com/felixw3000/status/1529023673700700161
# Reference: https://www.virustotal.com/gui/ip-address/159.223.41.31/relations

laryqera.com
kregxuls.com
speratinda.com

# Reference: https://www.malware-traffic-analysis.net/2022/05/23/index.html

attemptersnext.site
sawertinoit.site

# Reference: https://www.virustotal.com/gui/file/132590d988d7d66b093c3f7b2821229925609e7f277bb4e0f05a212beebc366c/detection
# Reference: https://www.virustotal.com/gui/file/455acb2ee4276f73a08bff5dbc759f44d06e728efad0bc587b92006bd92efefa/detection

blockchaincapital.space
crypto.blockchaincapital.space

# Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_27.05.2022.txt

reapetzold.com

# Reference: https://twitter.com/mojoesec/status/1530166268388683778
# Reference: https://www.virustotal.com/gui/ip-address/64.227.182.2/relations
# Reference: https://www.virustotal.com/gui/file/9ed5d51e93871fc54737ac7c641b74769cab2cc06ea5afbbd2b33ff486392d7f/detection

ilekvoyn.com
pearsqiizy.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1531553106256875522
# Reference: https://www.virustotal.com/gui/ip-address/51.89.190.220/relations

pillalerted.com
uleoballs.com

# Reference: https://twitter.com/malwrhunterteam/status/1531957313032052736
# Reference: https://www.virustotal.com/gui/file/df4190f1b39f60c2e898d51cb43fec4f2ff50bd54b83b2ab22f4bf3567bcd558/detection

http://194.31.150.173

# Reference: https://otx.alienvault.com/pulse/629755f6649ad51ea41dc343
# Reference: https://www.virustotal.com/gui/file/d9ae3e15b1ae3d616a03cb3cbf8e3fecc83aa0739c04c360a8dab26b6ed50bd3/detection
# Reference: https://www.virustotal.com/gui/file/d95d64e94d9b6489ab23ce8196b2375582a06aa8adc0326c12a410ca7ef076a1/detection
# Reference: https://www.virustotal.com/gui/file/b15ac3658243a89c6f56b1504b6634130a2ad244da44ebf1ea7b41859d6a99b2/detection

calgama.com
newsgrover.com
spitaly.com
unescene.com

# Reference: https://www.virustotal.com/gui/file/aefe38ae0c15286b82cca13e2f1033471b4917128313c11193515ddebb767ba4/detection

answersegeoge2022.ru

# Reference: https://www.virustotal.com/gui/file/38a1d181f0f8d3ce3ac7a39559627f899a8fb51783df1223bbd7d8b15b3c2dc3/detection

arxipdedsh.com

# Reference: https://gist.github.com/myrtus0x0/06848be2267c3d06b33bcbd51fb0b07e

akernilon.com
leatyeals.com
vadgeatemoz.com
westdudil.com

# Reference: https://twitter.com/TheDFIRReport/status/1535264269612220416
# Reference: https://www.virustotal.com/gui/ip-address/94.140.114.240/relations

mlidaxeraza.com
pnovajim.com

# Reference: https://gist.github.com/myrtus0x0/8a96d35196f0725101d4a47c27909a15
# Reference: https://gist.github.com/myrtus0x0/cdbf5318b878f88aeb6089866e6aea54
# Reference: https://www.virustotal.com/gui/ip-address/185.150.117.97/relations
# Reference: https://www.virustotal.com/gui/ip-address/45.147.231.164/relations
# Reference: https://www.virustotal.com/gui/ip-address/84.32.188.223/relations
# Reference: https://www.virustotal.com/gui/ip-address/94.140.114.40/relations
# Reference: https://www.virustotal.com/gui/ip-address/94.140.115.109/relations

adfinawxol.com
blandafearz.com
cukliosario.com
didojanza.com
goodfealan.com
needmomslearn.com
pleashurehott.com
plocganga.com
quuenkrauz.com
tekacuanm.com

# Reference: https://gist.github.com/myrtus0x0/af3f6e4c8c70137fe1661af550767151
# Reference: https://www.virustotal.com/gui/ip-address/174.138.59.14/relations
# Reference: https://www.virustotal.com/gui/ip-address/91.134.219.111/relations

blueyerskumy.com
coolnexoz.com
ilzenhwery.com

# Reference: https://twitter.com/ankit_anubhav/status/1539858168611610624
# Reference: https://www.virustotal.com/gui/ip-address/178.62.194.122/relations

aniogarphianeo.com
bredofenction.com
carbrownleger.com

# Reference: https://twitter.com/TheDFIRReport/status/1541428641275334657
# Reference: https://www.virustotal.com/gui/ip-address/179.43.156.144/relations

floppyfgreed.fun
fruakij.com
implementalyhiol.rest
nilkomadik.com
piolsneeds.com
qipanzero.com

# Reference: https://gist.github.com/myrtus0x0/34a3f552dd75e5aa7f1d3fcef52a1b3a
# Reference: https://www.virustotal.com/gui/ip-address/91.234.254.234/relations

quenndazden.com
trinityasos.com

# Reference: https://gist.github.com/myrtus0x0/34a3f552dd75e5aa7f1d3fcef52a1b3a
# Reference: https://www.virustotal.com/gui/ip-address/94.140.115.91/relations
# Reference: https://www.virustotal.com/gui/ip-address/94.158.244.115/relations

merodlein.com
montycrack.com

# Reference: https://gist.github.com/myrtus0x0/79ec1f0eff068a46774736e7153ad214
# Reference: https://www.virustotal.com/gui/ip-address/5.199.162.166/relations
# Reference: https://www.virustotal.com/gui/ip-address/91.238.50.93/relations

allesborn.com
blaskmirror.com
dogdreror.com
feelsgear.com

# Reference: https://www.virustotal.com/gui/ip-address/165.232.157.41/relations
# Reference: https://www.virustotal.com/gui/file/b7dcbb82cb674265b75afb54c2a614c9652bdd399e48c8cfe60845dd28e37ee3/detection

alionavon.com
carismortht.com

# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-06-28-IOCs-for-TA578-IcedID-Cobalt-Strike-and-DarkVNC.txt

mioshaltikaz.com
plomiberka.com

# Reference: https://gist.github.com/myrtus0x0/05cae3e972d9dbe685ff359b5ad233f1
# Reference: https://www.virustotal.com/gui/ip-address/188.93.233.247/relations

dgogyfuul.com
yankyhoni.com

# Reference: https://www.virustotal.com/gui/file/219d1bd045d7c3328184aba4842cc0d36acae7e835564d84ee2d8ffea94e4317/detection

ciaontroni.com

# Reference: https://www.virustotal.com/gui/file/70a6dbcff1c00d28da208cc9778af6eb7f609540fb0000ed316bbd003c7841e3/detection

momskakeshop.com

# Reference: https://www.virustotal.com/gui/ip-address/84.32.190.32/relations

akelammira.com
bloodhimwat.com
chaeological.com

# Reference: https://www.virustotal.com/gui/ip-address/94.140.114.61/relations

createbinori.com
zondbrunner.com

# Reference: https://www.virustotal.com/gui/ip-address/103.208.86.57/relations

apchenxuz.com
feldaxxxx.com
zloapenden.com

# Reference: https://www.virustotal.com/gui/ip-address/85.239.55.250/relations

qazillo.com

# Reference: https://www.virustotal.com/gui/ip-address/217.199.103.37/relations

mauraxinus.com
trionyball.com

# Reference: https://gist.github.com/myrtus0x0/26874290d4d31a9ea5318ed4a2301362
# Reference: https://www.virustotal.com/gui/ip-address/134.209.107.62/relations
# Reference: https://www.virustotal.com/gui/ip-address/51.89.62.193/relations
# Reference: https://www.virustotal.com/gui/ip-address/94.158.247.18/relations

carismorth.com
plorinnoult.com
uytricmpreprom.com

# Reference: https://twitter.com/TheDFIRReport/status/1544667489774313478
# Reference: https://www.virustotal.com/gui/ip-address/91.238.50.94/relations

clearhotbeafc.com
zalontrackei.com

# Reference: https://twitter.com/k3dg3/status/1544747167751065601
# Reference: https://tria.ge/220706-wl7wkshgg2/behavioral1

comradespoon.com

# Reference: https://www.virustotal.com/gui/ip-address/164.92.253.181/relations

aldatepools.com
greenfairsaid.com
vneastruzz.com

# Reference: https://gist.github.com/myrtus0x0/be956b90dab25c928ae7fe10bb6c2f6e
# Reference: https://www.virustotal.com/gui/ip-address/155.94.208.135/relations
# Reference: https://www.virustotal.com/gui/ip-address/45.86.229.94/relations
# Reference: https://www.virustotal.com/gui/ip-address/89.44.9.207/relations

jizzyploy.com
khondiroda.com
ointisthat.top
olkanizad.com
vondenay.com

# Reference: https://www.virustotal.com/gui/ip-address/165.227.65.47/relations
# Reference: https://www.virustotal.com/gui/file/e01ff083657629f0a1ce756551fbd5b3dbbdd3eae0905d669f73a741c6da675a/detection
# Reference: https://www.virustotal.com/gui/file/6146d45df34ee16ece29200aae157cb87a918cb12822232d92046103ba8ce318/detection

loadjoma.casa
loadnike.casa

# Reference: https://twitter.com/peterkruse/status/1548221048193093636
# Reference: https://www.virustotal.com/gui/ip-address/46.101.137.169/relations
# Reference: https://www.virustotal.com/gui/ip-address/46.21.153.211/relations
# Reference: https://www.virustotal.com/gui/file/0cc56595aa5e676ca94e8c746ecc22300321531ecec980b803267fc393c8ef8f/detection
# Reference: https://www.virustotal.com/gui/file/a2a864ed64fa8da7f159510bb3bcd56de45cf0d613be2063ffb9f8b249526ab8/detection

blionarywesta.com
bransfortrionaf.com
lifelightnilsa.com
peranistaer.top
trendmisolaf.com
wiandukachelly.com

# Reference: https://www.virustotal.com/gui/ip-address/159.223.23.127/relations
# Reference: https://www.virustotal.com/gui/file/f3719dd8c4a3507f180bb285d637230457f48d0180a6ade83f1de7fe2c7696bf/detection

alldogsedag.com

# Reference: https://www.virustotal.com/gui/file/ce9b6c707d7ea1e1945660ffacab4d345bd06c274d625d9769eb0ece3aa3953f/detection

aftersunicox.com

# Reference: https://twitter.com/k3dg3/status/1549455457533796352
# Reference: https://www.virustotal.com/gui/ip-address/134.209.170.133/relations

cootembrast.com

# Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_20.07.2022.txt
# Reference: https://www.virustotal.com/gui/ip-address/165.22.201.70/relations

explorblins.com

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-07-18%20IcedID%20IOCs
# Reference: https://www.virustotal.com/gui/ip-address/142.93.169.99/relations

garbagewellduno.com

# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-07-21-IOCs-for-IcedID-with-DarkVNC-and-Cobalt-Strike.txt

brebdaalizan.com
cleverchaosname.com
izzicarat.com
weolaneocar.com

# Reference: https://twitter.com/k3dg3/status/1551992175294091265
# Reference: https://twitter.com/k3dg3/status/1551992300745768961
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-07-26%20IcedID%20IOCs

tritehairs.com

# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-07-25-IOCs-for-IcedID-with-Cobalt-Strike.txt

cleverchaosname.com
eventbloodd.com
wronigrabs.com

# Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_25.07.2022.txt

plorinnoult.com
uytricmpreprom.com

# Reference: https://twitter.com/reecdeep/status/1551568491538530308
# Reference: https://www.virustotal.com/gui/ip-address/159.89.122.109/relations
# Reference: https://www.virustotal.com/gui/file/c352a8ec3029c110859ff526a9bc8c4c681420f1e59eafe24d3613197212526e/detection

floatascentry.com
wennectbwzy.com

# Reference: https://gist.github.com/myrtus0x0/f101ea892ceec84f70b69ce4dd7d670c
# Reference: https://www.virustotal.com/gui/ip-address/178.33.187.139/relations

alohasockstaina.com
gruvihabralo.nl

# Reference: https://www.virustotal.com/gui/file/508ed66c9cfde35940f75f3bc8e77087dda1a571e53619420b550ee634e21162/detection

handsquestiona.com

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-07-27%20IcedID%20IOCs
# Reference: https://www.virustotal.com/gui/file/f3a554330a7ca966b101c16a602f835eb2c0b1859a8ea92b7771d9739ec59be6/detection

cansugperpetu.com

# Reference: https://gist.github.com/myrtus0x0/e2a6b94a851437331ad2c49369cde203

deficulintersun.com
nokainptisarda.com

# Reference: https://twitter.com/James_inthe_box/status/1554142760994689024
# Reference: https://app.any.run/tasks/25796d58-1067-4f19-b5c6-26b6257a56ce/

sortswiminboard.com

# Reference: https://twitter.com/James_inthe_box/status/1554461085037498368
# Reference: https://app.any.run/tasks/778ce3ef-1d3f-4557-b22d-84c72983714f/
# Reference: https://www.virustotal.com/gui/ip-address/165.232.147.248/relations

keyseaysnice.com

# Reference: https://www.virustotal.com/gui/ip-address/5.199.173.162/relations

azzimbuffy.com
mobicustomfees.com

# Reference: https://www.virustotal.com/gui/ip-address/185.99.133.184/relations

villshomedrane.com

# Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_03.08.2022.txt
# Reference: https://www.virustotal.com/gui/ip-address/159.89.43.72/relations

getmeaninwurz.com

# Reference: https://twitter.com/mojoesec/status/1555197269372182530

advenstravel.com
alohabrunda.com
appercoarvies.com
bluemoonfranki.com
bucjattecha.com
carynicenur.com
demobehairns.com
dogifasterbigs.com
festicrumps.com
sciencesmurvill.com
seatforillosa.com

# Reference: https://twitter.com/mojoesec/status/1555567458018263040

autohemidno.com
brumedane.com
dromfiregreti.com
ginersaer.top
golimansire.top
kerenshowblack.com
migaresko.top
ulaxtitolo.com
vilasanitasa.com

# Reference: https://www.virustotal.com/gui/file/c51bd77c55acd65a2e1e44d19a87b4cd038898ee9fd5f91c79f1cc7d0440ac33/detection

abegelkunic.com

# Reference: https://gist.github.com/myrtus0x0/0f924e99d0c631a55ae289ff9e0628fe

klareqvino.com
ultomductingbig.pro

# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-08-10-IOCs-for-IcedID-and-Cobalt-Strike.txt

qropalhouse.com

# Reference: https://github.com/0xToxin/Malware-IOCs/blob/main/IcedID/IcedID%2010082022
# Reference: https://tria.ge/220811-vhmwkacbd2/
# Reference: https://www.virustotal.com/gui/file/afefe1432f4a3ab3278c0a9090c2195fc2f3ac022397e5d0190f2ad48cd21992/detection

alexbionka.com

# Reference: https://tria.ge/220811-s1wkbaghhr/behavioral1

http://45.8.146.139
/fhfty/O7M1FTZXNP3SW5W21KH-_840WLA_ZB8D/loader_p3_dll_64_n3_crypt_x64_asm_clone_n163.dll
/fhfty/O7M1FTZXNP3SW5W21KH-_840WLA_ZB8D/
/O7M1FTZXNP3SW5W21KH-_840WLA_ZB8D/

# Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_15.08.2022.txt
# Reference: https://www.virustotal.com/gui/ip-address/5.255.100.207/relations
# Reference: https://www.virustotal.com/gui/ip-address/5.255.100.8/relations

blumzillapex.com
cleanmagoza.com
lenodraid.cyou
yotrakeoksa.com

# Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_18.08.2022.txt

heldosant.com
microark.org
waterintoairi.com

# Reference: https://twitter.com/pr0xylife/status/1561737165255725057
# Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_22.08.2022.txt
# Reference: https://www.virustotal.com/gui/ip-address/164.92.65.3/relations

satisfyammyz.com

# Reference: https://gist.github.com/myrtus0x0/7673e29c837bbd733ca260c65927d97a

dayzabazenb.com

# Reference: https://www.virustotal.com/gui/file/de33097468c9926dbcc45323d556a120bd94b4b0636728849025723d87dee58e/detection

dullthingpur.com

# Reference: https://gist.github.com/myrtus0x0/fd29430b7aef7218235b7dc2e7ce2b75
# Reference: https://www.virustotal.com/gui/ip-address/179.43.154.179/relations
# Reference: https://www.virustotal.com/gui/ip-address/193.239.84.229/relations

bredhairnos.shop
carprisesr.com
crunerato.com
hidozwerav.com
iionadred.com
ipolaternouse.com
kiodareipa.com
tranblackyn.com
wetdrharis.club

# Reference: https://www.virustotal.com/gui/ip-address/209.97.134.125/relations
# Reference: https://www.virustotal.com/gui/file/5de273ceebdd3c8d617970ec0a0b5f2bb5b5d78e3f903ba1796449009ec28b27/detection
# Reference: https://www.virustotal.com/gui/file/d9220b5d3c27ac7445b5ee81f1a3841c3a2c815413bb0711954ab939a8d8fbae/detection

blazzerneumi.com

# Reference: https://gist.github.com/myrtus0x0/febef39d74b8fdc546bae5dac8e0c960

crabsbolt.art

# Reference: https://gist.github.com/myrtus0x0/68d5d7cc409801ce50a3bf8ec96a7767

alcoheyteri.click
godenfasternow.com

# Reference: https://gist.github.com/myrtus0x0/c025d1e7feacc403cbb6923dd43b86a5

assigdedrigme.cyou
autobrag.cloud
cmbaindesureshure.com
colorsuckbeh.com
empladeefly.wiki
ferdianbanga.com
lionafuyesas.com

# Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_31.08.2022.txt
# Reference: https://www.virustotal.com/gui/ip-address/94.103.93.13/relations

maskatier.com
moxisoma.com

# Reference: https://www.virustotal.com/gui/file/fd46ad3ef89011b4ec6eb3709f903f5212d94c98ab81296d5664b82e7f9d6493/detection

donorcabr.com

# Reference: https://twitter.com/fr0s7_/status/1565657665350541312
# Reference: https://www.virustotal.com/gui/ip-address/79.110.52.48/relations

bodilycar.quest

# Reference: https://www.virustotal.com/gui/ip-address/164.92.176.20/relations
# Reference: https://www.virustotal.com/gui/file/6a1ba492984c630ad274b2943b37a697c35a9147f367ddd83b42a229d7e1c27a/detection
# Reference: https://www.virustotal.com/gui/file/eb7649af98573b5fcf29393e9d1ecc9a8991d69a3a8db687de7d93766009eb11/detection
# Reference: https://www.virustotal.com/gui/file/f42ed736153af39769160d35134978d63fdf95cdfc9a7a5ab88a29fd09cf2bd4/detection

http://164.92.176.20
academfleedalas.com

# Reference: https://twitter.com/phage_nz/status/1567639090077790209
# Reference: https://twitter.com/malware_traffic/status/1567643669372485633
# Reference: https://www.virustotal.com/gui/ip-address/198.244.193.166/relations
# Reference: https://app.any.run/tasks/33d0b2c7-35eb-4c48-a307-cb8aacb5b484/
# Reference: https://www.virustotal.com/gui/file/05b9b3805e5be9d68a08874e8c0ac73ea66c8a71ede76de9f5d6aacba4d8cc4e/detection
# Reference: https://www.virustotal.com/gui/file/4a028d361295fc1d63c7e824458b64dde1811eece179f76922802ab63e0a74a8/detection
# Reference: https://www.virustotal.com/gui/file/9a420055fcfec727fa5afe0d5879d9a815f32db3699b88efa574b258079d70f5/detection

banuscip.com
iscasbase.cyou
kbreedfin.fun
leonyelloswen.com

# Reference: https://www.virustotal.com/gui/file/d2f972298617ea53b01060ca7cdb62cb2daf7328427e30cbeae865e681aeef54/detection

trakonicwe.com

# Reference: https://www.virustotal.com/gui/file/2fb562fe7681a7da1ec642787447dad2b7dab24081b4cbb99c15d535d136e901/detection

kolinandod.com

# Reference: https://www.virustotal.com/gui/ip-address/134.209.97.90/relations
# Reference: https://www.virustotal.com/gui/file/6377b9e47ebc9d912741a21a15750387c84e00863890b140d8c61454800404c3/detection

qvantumbrakesz.com

# Reference: https://www.virustotal.com/gui/ip-address/188.166.169.40/relations
# Reference: https://www.virustotal.com/gui/file/2a261577318c408e73e1c6459514197efa58cfe6053d03be092e2c2ff3f6179c/detection

allozelkot.com

# Reference: https://gist.github.com/myrtus0x0/da43fbcf5303a32dfe35a9e415da4ffe

blenderbraunmae.club
brendyhalfid.com
evagelawelder.com
trendmaycrot.com

# Reference: https://twitter.com/0xToxin/status/1570435177549275137
# Reference: https://www.virustotal.com/gui/ip-address/142.93.44.94/relations
# Reference: https://www.virustotal.com/gui/file/df0028f0f52840a24f13ae6bdd327da4b2baab19ba72771ddd93a80c2b2d73c9/detection

pildofraften.com

# Reference: https://gist.github.com/myrtus0x0/1f524fc3ae39683799fa649ef8dd13ed

blackleaded.tattoo
crhonofire.info
curioasshop.pics
frogtableoreno.click

# Reference: https://www.virustotal.com/gui/file/55491ff800b385703b0660f899bf3bc4cbc58504a9708415d4017f8cdad292b5/detection

zalikomanperis.com

# Reference: https://gist.github.com/myrtus0x0/33b25df59427a826fecff66f9994f5d7

backrunda.beauty
pippleweld.hair
sexualpoid.me

# Reference: https://twitter.com/malware_traffic/status/1573471048699346954
# Reference: https://www.malware-traffic-analysis.net/2022/09/23/index.html
# Reference: https://www.virustotal.com/gui/ip-address/137.184.114.20/relations
# Reference: https://www.virustotal.com/gui/file/fd26652f44780a2e4245e3d391b9ef53e4ef03a01c1176f0eb759262ac509bdd/detection
# Reference: https://www.virustotal.com/gui/file/5037e5517bdc8c3af195a2d66cb74451010aba466e68d451f5d1d2f12ab4c9ff/detection

algerat.cyou
considerf.info
sebdgoldingor.com
trallfasterinf.com

# Reference: https://twitter.com/embee_research/status/1573601757845807104

antiflamez.bar
erinindiaka.quest

# Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_26.09.2022.txt
# Reference: https://www.virustotal.com/gui/ip-address/165.227.187.5/relations
# Reference: https://www.virustotal.com/gui/file/abc0382a20c86144086e39ccf107bb7702bde07dcc66a06967a01bc15f6a1432/detection
# Reference: https://www.virustotal.com/gui/file/768ae10d748df22e799a878c2bd5eebddd0cd331196d28e26b1a9b2e0ca989c2/detection

scainznorka.com

# Reference: https://twitter.com/James_inthe_box/status/1574791975366455296
# Reference: https://app.any.run/tasks/5ae84f39-0d13-47f0-bee8-02268c8b0ff9/
# Reference: https://www.virustotal.com/gui/file/5a866cb8e80bdd4659ec8fe0a70f85eaf665560a74ff1a45b5e6b5f41cb56b4a/detection
# Reference: https://www.virustotal.com/gui/file/02347fb46156e8f43f223791ee37944c1cfc3ed729a97316ec2922308b577a57/detection

tezycronam.com

# Reference: https://www.virustotal.com/gui/file/5e932751c4dea799d69e1b4f02291dc6b06200dd4562b7ae1b6ac96693165cea/detection

marualosa.top

# Reference: https://www.virustotal.com/gui/ip-address/141.8.199.113/relations
# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=45.143.136.123
# Reference: https://www.virustotal.com/gui/file/d3e69a33913507c80742a2d7a59c889efe7aa8f52beef8d172764e049e03ead5/detection

guardns.biz
localdns.biz
muelgadr.top
whoerssl.biz
wikidreamers.com

# Reference: https://twitter.com/James_inthe_box/status/1575138079853060097
# Reference: https://app.any.run/tasks/bbf1a19b-4bad-4627-95e0-14c65c3f1ed6/

alockajilly.com

# Reference: https://twitter.com/teamcymru_S2/status/1575553504499752960
# Reference: https://twitter.com/teamcymru_S2/status/1575553520253935616
# Reference: https://www.virustotal.com/gui/ip-address/164.90.174.6/relations
# Reference: https://www.virustotal.com/gui/ip-address/46.101.19.119/relations

opiransiuera.com
saxonbinka.lol
zoomersoidfor.com

# Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_30.09.2022.txt
# Reference: https://www.virustotal.com/gui/file/ba9481130c405679401696134cc2b17673d5a064bb0131dfd99c6e74405cc862/detection

triskawilko.com

# Reference: https://twitter.com/teamcymru_S2/status/1576997553169522689

sofkinlasersop.com

# Reference: https://twitter.com/James_inthe_box/status/1577688801211666432
# Reference: https://www.virustotal.com/gui/ip-address/68.183.184.0/relations
# Reference: https://app.any.run/tasks/411aac18-9025-4db4-84f6-c0a8cda14097/

fireskupigar.com

# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-10-04-IOCs-for-IcedID-infection-with-Cobalt-Strike.txt

dietappli.shop
frabigwin.info
gropcropila.com
trainbondarexil.com

# Reference: https://twitter.com/reecdeep/status/1577979717717721088
# Reference: https://www.virustotal.com/gui/ip-address/159.65.169.200/relations
# Reference: https://www.virustotal.com/gui/ip-address/91.213.50.43/relations
# Reference: https://www.virustotal.com/gui/file/eb84a283ff58906786d63ffe43a8ff2728584428f5f7d9972c664f63f8790113/detection
# Reference: https://www.virustotal.com/gui/file/34ac27459b6ee01fe98d574cfca00c32182a52cd02bdb457f0113b1978d84893/detection
# Reference: https://www.virustotal.com/gui/file/1b47cff101a0b05fb2f1bd7d92825f73226767fbb32d705b05723941056ad431/detection
# Reference: https://www.virustotal.com/gui/file/a86cc4b853e8b263ddc7e215bd1dec71360f411448b2fc79bbfce022d92d80cd/detection

kicknocisd.com
simipimi.com

# Reference: https://malware-traffic-analysis.net/2022/10/06/index.html

didociskal.com
dietappli.shop

# Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_10.10.2022.txt
# Reference: https://www.virustotal.com/gui/file/526bc77ae68c541368d045aaf06f38f124b0898eb454f2101421a66e53edb16c/detection

hoftpaeers.com

# Reference: https://twitter.com/k3dg3/status/1580215977006206976
# Reference: https://gist.github.com/myrtus0x0/30eeaeb9cd051ba9250600cf69eff36f
# Reference: https://www.virustotal.com/gui/ip-address/104.248.81.57/relations

balderdash.beauty
carshardeniom.com
cotanantirrri.com
egatamopew.com
tracksupernova.com

# Reference: https://www.virustotal.com/gui/file/5ae69d06d17c532b90cdb6163510f2b710dfa95429e5f97d8cec297c8ddfeb2a/detection

alicenegord.com

# Reference: https://twitter.com/Unit42_Intel/status/1580245166744821760

zlohasukula.com

# Reference: https://twitter.com/malware_traffic/status/1580668932108582913

plethuirda.com
trackofers.lol

# Reference: https://twitter.com/teamcymru_S2/status/1579794732414554113
# Reference: https://twitter.com/netresec/status/1580491700581019649

137.74.104.108:8080

# Reference: https://www.malware-traffic-analysis.net/2022/10/12/index.html

alohabrunda.com
chattyprettyhot.com
plenomils.homes
trilwiqya.com
vilasanitasa.com
zlohasukula.com
ohenv.shop
k13sditmc.mutiaracendekia.sch.id

# Reference: https://twitter.com/k3dg3/status/1582046535910424577
# Reference: https://www.virustotal.com/gui/ip-address/66.63.168.75/relations
# Reference: https://www.virustotal.com/gui/ip-address/94.140.114.103/relations
# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-10-17-IOCs-for-IcedID-with-Cobalt-Strike.txt

airsaintol.beauty
axilapodiumz.com
correctinomind.com
pipsolik.art
yeloypod.hair

# Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_19.10.2022.txt

tablearmestion.com

# Reference: https://twitter.com/malware_traffic/status/1582850206797680641

pikchayola.pics
questdisar.com

# Reference: https://www.virustotal.com/gui/ip-address/167.99.201.14/relations
# Reference: https://www.virustotal.com/gui/file/043f5a3b3e6c99a20685f85cf6dfe79e58481b83e6543b5e8f90f2693262f09a/detection

salimjizita.com

# Reference: https://tria.ge/221022-1a114seha7

ettermangusta.com

# Reference: https://tria.ge/221020-wxap8ahbap

seddkomaautomat.com

# Reference: https://twitter.com/embee_research/status/1584344164824555520
# Reference: https://www.virustotal.com/gui/ip-address/185.236.231.73/relations
# Reference: https://www.virustotal.com/gui/ip-address/45.147.229.191/relations

dporfluerus.lol
feeldarcked.com
nealgruzding.com
yelshardiro.com

# Reference: https://cert-agid.gov.it/wp-content/uploads/2022/10/iceid_AdER_24-10-2022.json_.txt
# Reference: https://www.virustotal.com/gui/file/e05fe5026485aec688c19ebca312e79cf06bd08c9e2182f25195cc49571ec7c4/detection
# Reference: https://www.virustotal.com/gui/file/d3b4b33a20ad1c231d6955526e6282711eac8cc2d6fb89c9f7b353d0f9c574dc/detection
# Reference: https://www.virustotal.com/gui/file/2d8bd8eb56bff74bac7927a865cfa25d9f6a0113e347c4fc647c7862640f31c9/detection
# Reference: https://www.virustotal.com/gui/file/18bf4b5c8afb52369a5a851d1cab2c314ebc8ed7f78fc06c6dbab3929dd1747f/detection

fortihook.com
rulescvosher.com

# Reference: https://twitter.com/malware_traffic/status/1584596554987757568
# Reference: https://www.virustotal.com/gui/ip-address/158.255.212.179/relations
# Reference: https://www.virustotal.com/gui/file/865207a90709b4b0d7fd232e1ae0fe2cedc80919c239458fb2bcc12c6d142c17/detection

ambifuserity.com
nipsontaz.com
melleraw.homes
troskanribus.com

# Reference: https://www.virustotal.com/gui/ip-address/167.99.220.73/relations
# Reference: https://www.virustotal.com/gui/file/52ecf29aed6b1f9b5143d744200ea2ead8852333cf22923a3d4bb8c621b28f82/detection

seedhlumening.com

# Reference: https://twitter.com/teamcymru_S2/status/1584983941823737859

aucircly.skin
bitherws.wiki
grechinta.buzz
herubroatern.com
kunidplishar.com
oppolanium.info
ytleropa.homes

# Reference: https://twitter.com/teamcymru_S2/status/1584967043472044032

198.251.84.61:8080

# Reference: https://www.virustotal.com/gui/ip-address/172.105.27.36/relations

atommonga.art
azuretron.wiki
cantfluing.autos
carsoveraho.pics
cermerchees.lol
choifejuce.lol
coercedesult.quest
coperhils.cloud
croakbadgu.shop
dilopmeska.top
dkbillly.run
fathecomel.lol
fghermaast.top
gigamerolini.top
pricehistory.website
qaderation.top
trionallocatio.club
xqertansi.gay

# Reference: https://www.microsoft.com/en-us/security/blog/2022/10/27/raspberry-robin-worm-part-of-larger-ecosystem-facilitating-pre-ransomware-activity/
# Reference: https://otx.alienvault.com/pulse/635bcc619768c0b6cb3e9677
# Reference: https://www.virustotal.com/gui/ip-address/67.205.169.96/relations
# Reference: https://www.virustotal.com/gui/file/a199c57ac97ec3ec8c62d811b5fee76ffb0ca5787e41db241dd0a206d41a7817/detection
# Reference: https://www.virustotal.com/gui/file/beec379598ac2e4d3d36ff84a449b91b6c7f3ba2199b4bdf446ab2057d6c34c6/detection

aviadronazhed.com

# Reference: https://gist.github.com/myrtus0x0/71568fdb0df0cacb98c0693bbcb6cec0

vgiragdoffy.com

# Reference: https://twitter.com/0xToxin/status/1587174760701632512
# Reference: https://tria.ge/221031-ytt1ssddfm

trentonkaizerfak.com

# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-10-31-IOCs-for-IcedID-with-DarkVNC-and-Cobalt-Strike.txt

ringashopsu.com
sainforgromset.com

# Reference: https://isc.sans.edu/diary/29210

194.5.249.150:8080
51.89.201.236:443

# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-11-03-IOCs-for-Emotet-with-IcedID.txt

bayernbadabum.com
newscommercde.com
nrwmarkettoys.com
spkdeutshnewsupp.com
/botpack.dat

# Reference: https://www.netresec.com/?page=Blog&month=2022-10&post=IcedID-BackConnect-Protocol
# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-10-04-IOCs-for-IcedID-infection-with-Cobalt-Strike.txt

http://188.40.30.100
51.89.201.236:8080

# Reference: https://twitter.com/N3utralZ0ne/status/1497027766893486081
# Reference: https://tria.ge/220224-z1aq6sehfl

http://45.61.136.232
blinkenx.com

# Reference: https://gist.github.com/myrtus0x0/084603f1548c0df3433e7173c474b4e2

3aseruty.pw
attemptssok.top
bookmaker.bid
dollinopole.uno
gmverasconstruction.com
hanonedika.top
mammucity.fun
pozityv3.pw
vertigiodust.top
wuilburrtennant.site
xanderboghart.cyou

# Reference: https://twitter.com/Max_Mal_/status/1432725064311623686

safiliti-load.com

# Reference: https://twitter.com/Max_Mal_/status/1433456034824302598

fusuri-solt-down.com
triste-mega-down.com

# Reference: https://twitter.com/teamcymru_S2/status/1589574164507426816

176.31.136.226:8080

# Reference: https://twitter.com/k3dg3/status/1589680664890462210
# Reference: https://twitter.com/threatinsight/status/1589733762010853378
# Reference: https://tria.ge/221107-whz2kaagd2/behavioral6

anisamnatyrel.com
downloadfastfile.top
downloadtyoufile.buzz
fastyoudownload.top
file-youupload.buzz

# Reference: https://www.virustotal.com/gui/file/c58b13dc51e572ec288d97aa255d55884d7418466b8381afd1a4278a0be87427/detection
# Reference: https://www.virustotal.com/gui/file/05a3a84096bcdc2a5cf87d07ede96aff7fd5037679f9585fee9a227c0d9cbf51/detection

germanysupportspk.com

# Reference: https://twitter.com/1ZRR4H/status/1589807390752665602

uoplasser.online

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-11-07%20IcedID%20(Bokbot)%20IOCs

fileyourupload.one
youfile-upload.top

# Reference: https://twitter.com/reecdeep/status/1589946217546424320
# Reference: https://app.any.run/tasks/2cb8e940-2242-45b2-ac46-5e16564b9cbc/

irdudetrusthill.com

# Reference: https://twitter.com/k3dg3/status/1590424949839499265

gromsdaxert.com

# Reference: https://gist.github.com/myrtus0x0/c66f9714dba3c4541d41a2ff94701b4c

dremkalifcarsis.com
likamsun.tattoo
quavok.lol
qurafleuncen.com

# Reference: https://twitter.com/reecdeep/status/1590664451614658561
# Reference: https://twitter.com/VirITeXplorer/status/1590644700037644288
# Reference: https://app.any.run/tasks/dd7e5c24-d0eb-468c-a72a-be73c5c7d1c0/

bluamus.pics
frendliuer.pics
scinetkoshir.com

# Reference: https://twitter.com/luigi_martire94/status/1590711341060222976
# Reference: https://tria.ge/221110-rkq48acdcl

aerbuschartint.com

# Reference: https://twitter.com/tosscoinwitcher/status/1590806161967972353
# Reference: https://www.virustotal.com/gui/ip-address/188.166.213.163/relations
# Reference: https://tria.ge/221110-y1tzdafecl/behavioral2

ahilacarstrupert.com

# Reference: https://twitter.com/MichalKoczwara/status/1591117083961884673

185.25.51.182:8000
5.199.168.23:8000

# Reference: https://twitter.com/k3dg3/status/1592230699524030464
# Reference: https://tria.ge/221114-xg9eaada24/behavioral1

trolspeaksunt.com

# Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_16.11.2022.txt
# Reference: https://www.virustotal.com/gui/ip-address/143.110.176.101/relations

aurasantisflork.com

# Reference: https://tria.ge/221118-xexbyacb95
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-11-18%20IcedID%20(Bokbot)%20IOCs

sciiultaelinoza.com

# Reference: https://www.virustotal.com/gui/file/c6aafa6b32ac91908ee37207c6feb4cef74aa8e9b82e70c1e58e5691a9319c60/detection

starnaddplenumsak.com

# Reference: https://twitter.com/fr0s7_/status/1595344900937203712
# Reference: https://www.virustotal.com/gui/ip-address/91.213.50.67/relations
# Reference: https://www.virustotal.com/gui/file/fe0e830bcdd85026da34ac02ed73d4cb1cc3bdfd3336a33849eeb98e936060fc/detection
# Reference: https://www.virustotal.com/gui/file/9c2c79d85e402b09deb43dc230c9b9c7fe7c1345f59e5e31881d2ff8fd2129bc/detection
# Reference: https://www.virustotal.com/gui/file/97f7e8809cb74cb87f7f03e7196d60db63d07ae36d4e02f3821ef0464288af58/detection
# Reference: https://www.virustotal.com/gui/file/448b35ad2bfeb1353a5b668b7cbb140d9ad958d5f9ab7a426f9eb8e1a6e8b545/detection

mederaogs.com

# Reference: https://twitter.com/samson2655/status/1598375365348573184
# Reference: https://twitter.com/ian_kenefick/status/1599864494695403520
# Reference: https://twitter.com/HaoZhixiang/status/1600791369853075459
# Reference: https://www.virustotal.com/gui/ip-address/165.227.104.80/relations
# Reference: https://www.virustotal.com/gui/file/0d544614b47400768cf210c2e4d1a298e5cae36820c7b1b6327bb67b8e3ea8cb/detection
# Reference: https://www.virustotal.com/gui/file/de81ef356acc2e199252f8fe2a894c36c6e327d5efd3abaaa7df477f3942e33b/detection
# Reference: https://www.virustotal.com/gui/file/99dfb7baafec050861e152a036af86fc0c7663f3c719d58a56dfd9f06f4b8cef/detection

babysoftletirs.com
broskabrwaf.com
ewgahskoot.com
firestansinbox.com
kamintrewftor.com
oilcardirtoz.com

# Reference: https://twitter.com/Max_Mal_/status/1600433862710267910

aslowigza.com
kastoyarki.com
opraadeadiwenna.com
saintrefunda.com

# Reference: https://twitter.com/malware_traffic/status/1600944054610821120
# Reference: https://www.virustotal.com/gui/ip-address/5.230.68.22/relations

51.195.169.87:8080
bloodharvi.buzz
trimordaf.homes

# Reference: https://twitter.com/crep1x/status/1602026802611982337

va-zum.com

# Reference: https://twitter.com/k3dg3/status/1602763938869006337
# Reference: https://www.virustotal.com/gui/ip-address/143.198.92.88/relations
# Reference: https://tria.ge/221213-y4rcnaae7x/behavioral1
# Reference: https://tria.ge/221219-1dpggsbc7w/behavioral2
# Reference: https://www.virustotal.com/gui/file/8007332d51621d56b951813e51c5cde13adb23b577c4d51ca2aea497f428fb6f/detection
# Reference: https://www.virustotal.com/gui/file/772550abf2601834380fdaf3a82d81d8414bfa256d55efdd0a6a9ab3745ac1fe/detection
# Reference: https://www.virustotal.com/gui/file/75c398d3a87e736ece65f10550519590a991f02990accf7d28cd52ac453a0a67/detection
# Reference: https://www.virustotal.com/gui/file/05adcd44c155d9bde8704c6f886889127769f6f3a5b1af23d78e95d9cd402afb/detection

estrabornhot.com
klepdrafooip.com
lilsakainrot.com
trbiriumpa.com

# Reference: https://isc.sans.edu/diary/rss/29344
# Reference: https://otx.alienvault.com/pulse/639c251cccbd8ca49a40f4e5

oferialerkal.online
onyxinnov.lol
primsenetwolk.com
trashast.wiki
wwwanydesk.top

# Reference: https://twitter.com/MichalKoczwara/status/1603726554831282176
# Reference: https://twitter.com/MichalKoczwara/status/1603730522483691521
# Reference: https://www.virustotal.com/gui/ip-address/94.140.112.173/relations

blerkatrosb.com
kuachaech.click

# Reference: https://twitter.com/MichalKoczwara/status/1603726554831282176
# Reference: https://twitter.com/MichalKoczwara/status/1603730522483691521
# Reference: https://www.virustotal.com/gui/ip-address/94.140.112.194/relations

meaninggods.com
trekbisekl.homes

# Reference: https://twitter.com/MichalKoczwara/status/1603726554831282176
# Reference: https://twitter.com/MichalKoczwara/status/1603730522483691521
# Reference: https://www.virustotal.com/gui/ip-address/94.140.115.159/relations

firespoot.lol
taynerfork.homes

# Reference: https://twitter.com/MichalKoczwara/status/1603726554831282176
# Reference: https://twitter.com/MichalKoczwara/status/1603730522483691521
# Reference: https://www.virustotal.com/gui/ip-address/94.140.115.209/relations

aplikashion.lol
imorendaset.com
tmaliopak.com
vrobreadcom.com

# Reference: https://twitter.com/MichalKoczwara/status/1603726554831282176
# Reference: https://twitter.com/MichalKoczwara/status/1603730522483691521
# Reference: https://www.virustotal.com/gui/ip-address/193.37.69.106/relations

aluidein.com

# Reference: https://twitter.com/MichalKoczwara/status/1603747456369496064

bernkiy.com
ca-ref73280.co
console-red.com
solar2023.net
trndinbolda.com

# Reference: https://gist.github.com/myrtus0x0/65b623f1e736594a1896a4e53277c971

aozakefir.com

# Reference: https://twitter.com/ian_kenefick/status/1604932621091364866
# Reference: https://twitter.com/DavidTy03461965/status/1607784735723655168

burnaoqa.top
cryptobrowser.top
dlscordcom.top
enhet-bekrefte-no.top
fortlnet.top
germogenborya.top
irs-forms.top
irsform.top
irsforms.top
irsgov.top
llbreoffice.top
llbreofflce.top
moralaz.top
mosxinale.top
postbox-inc.top
sandboxie-plus.top
seregeox.top
thunderbird.top
thunderblrd.top
torberone.top
www-adobe.top
www-anydesk.top
www-brave.top
www-chase.top
www-discord.top
www-discordcom.top
www-dlscord.top
www-fortinet.top
www-goto.top
www-irs.top
www-obsproject.top
www-ringcentral.top
www-teamviewer.top
www-torproject.top
www-vmware.top
www-webex.top
www-whatsapp.top
wwwadobe.top
wwwchase.top
wwwdiscordcom.top
wwwebex.top
wwwfortinet.top
wwwfortlnet.top
wwwslack.top
wwwteamviewer.top
wwwvmware.top
wwww-anydesk.top
wwww-discord.top
wwww-discordcom.top
wwww-dlscord.top
wwwwadobe.top
wwwwebex.top

# Reference: https://www.trendmicro.com/en_us/research/22/l/icedid-botnet-distributors-abuse-google-ppc-to-distribute-malware.html
# Reference: https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/l/icedid-botnet-distributors-abuse-google-ppc-to-distribute-malware/IOCs-IcedID-Botnet-Actors-Abuse-Google-PPC-to-Distribute-Malware.txt
# Reference: https://otx.alienvault.com/pulse/63ac1b17661299228f6393e0

microsoft-teams.top
sandboxieplus.top
webeex.top
www-basecamp.top
www-citrix.top
www-docker.top
www-fortlnet.top
www-irs-forms.top
www-libreofflce.top
www-realvnc.top
www-teamvlewer.top
www-thunderblrd.top
wwww-adobe.top
wwww-dlscordcom.top
wwww-irs-forms.top
wwwwanydesk.top
wwwwslack.top

# Reference: https://twitter.com/AuCyble/status/1605452226968711168
# Reference: https://www.virustotal.com/gui/file/9108e1d22d74bc5397b8886edc4f0a84b8906436a648ef8a86f30cf7e08978dd/detection

explorezoom.com

# Reference: https://www.virustotal.com/gui/ip-address/172.86.122.22/relations

jinodomenta.com
sekanurd.wiki

# Reference: https://www.virustotal.com/gui/ip-address/45.86.230.103/relations

finaxallif.com
hlomshopen.com
ipirazer.com
jinodomenta.com
polarverdezz.com
proskefiola.com
teensviolet.com

# Reference: https://www.team-cymru.com/post/inside-the-icedid-backconnect-protocol

135.125.242.223:8080
185.156.172.97:8080
198.244.187.242:8080

# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-12-20-IOCs-for-IcedID-infection-with-Cobalt-Strike.txt

artiwal.pics
thinkiwond.skin

# Reference: https://gist.github.com/myrtus0x0/8876c9c3d5e31a9faaf562026cccb258

alimat.cloud
gronnyreapiter.com

# Reference: https://twitter.com/ian_kenefick/status/1606626852659154944

joyzibrakzi.com
owisportlittle.com

# Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_28.12.2022.txt
# Reference: https://www.virustotal.com/gui/ip-address/192.153.57.8/relations

whothitheka.com

# Reference: https://twitter.com/k3dg3/status/1612495824369471488
# Reference: https://twitter.com/Myrtus0x0/status/1612505963319418880
# Reference: https://www.virustotal.com/gui/ip-address/162.33.179.231/relations
# Reference: https://gist.github.com/myrtus0x0/e11b1fcf5fac005b67fd4a902f3b72ab

apretakert.com
grooviuno.art
likasertik.shop
pkusamain.cloud
rilsoft.cyou
topwarizda.com
tranimor.lol
wagringamuk.com

# Reference: https://twitter.com/mojoesec/status/1612544085281181696
# Reference: https://twitter.com/mojoesec/status/1612544087399464960

airanavityulet.com
alkinsan.art
asolawera.click
blumstrkiso.com
craftisiykoff.com
fdiromkant.cyou
getnidderton.pics
hightingsoul.hair
mosatrap.art
onionafrizdan.com
plemkanorf.wiki
scifiturnio.com
smostluxi.com
tginbota.cyou
trainellia.one
tristacarsfor.com
turelomi.hair
werdalcaribza.com
zlokasma.com

# Reference: https://twitter.com/k3dg3/status/1612860949773389835
# Reference: https://bazaar.abuse.ch/sample/1796aef0940e800bcb2556782f92a7874422bbdfdda24e6658e43db4b0916850/

ebothlips.com

# Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_12.01.2023.txt
# Reference: https://github.com/pan-unit42/tweets/blob/master/2023-01-12-IOCs-from-IcedID-and-Cobalt-Strike-infection.txt
# Reference: https://www.virustotal.com/gui/ip-address/162.33.177.186/relations

allertmnemonkik.com
lezhidov.cloud
qzmeat.cyou

# Reference: https://twitter.com/ian_kenefick/status/1614254597945671681
# Reference: https://twitter.com/ian_kenefick/status/1614254599875235843

brigottafkor.com
elcapolis.com
ertusaporf.com
felzater.lol
ijoyzymama.com
jozzinafkae.com
kaesanor.homes
pleoweld.homes
quelasoup.homes
skaiortalop.com
startevopadra.com
tailwera.cloud

# Reference: https://twitter.com/ian_kenefick/status/1614293229272465408

needzolapa.com
plumxeto.pics
swertoolsken.com
wcollopracket.com

# Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_16.01.2023.txt

dgormiugatox.com

# Reference: https://gist.github.com/myrtus0x0/1132f5375f8cd92b9cbed4948c7e449d

feriposloshops.com
magazinto.one
nindaxloart.com
noncionicum.beauty
qaqpcook.com
siantdarik.lol
zlokaregat.com

# Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_17.01.2023.txt
# Reference: https://gist.github.com/myrtus0x0/ad7163a3d7e9f2e55e53a5d1e1e72313

monkestad.mom
plivetrakoy.com
skanpiskar.one

# Reference: https://twitter.com/malware_traffic/status/1615785311736315915
# Reference: https://www.virustotal.com/gui/ip-address/46.173.218.229/relations

acridpanel.com
martubad.com
microsofteamscom.top
miiwes.top
mlcrosofteamscom.top
onenote-com.top
recoverybinfund.com
tracking-orders.link
vvv-irsforms.top
vvv-libreofflce.top
vvw-adobe.top
vwv-adobe.top
vwv-citrlx.top
vwv-irsforms.top
vwvirsforms.top
wvv-libreofflce.top
wvv-llbreofflce.top
wvvmlcrosofteams.top
wvvonenote.top
wvvslack-us.top
wvvslack.top
wvvteamviewer.top
wvw-microsofteams.top
wvw-slack.top
wvwonenote.top
wvwonenotes.top
wvwslack.top
wvwteamviewer.top
wvwwanydesk-com.top
wvwwanydeskcom.top
wwv-citrlx.top
www-adobe.xyz
www-citrlx.top
www-irsforms-us.top
www-mlcrosofteams.top
www-teamviewer-com.top
wwwteamviewer-com.top
wwwteamvlewer.top

# Reference: https://twitter.com/CSICCybersecur1/status/1615794289719808000
# Reference: https://threatresearch.ext.hp.com/adverts-mimicking-popular-software-leads-to-malware/

microsofteams.top
microsoftteams.top
vvv-discord.top
vwv-discord.top
vwvv-discord.top
wvvw-citrix.top
wvw-adobe.top
wvw-discord.top
wvw-irs-forms.top
wwv-discord.top
wwv-slack.top
www-adobecom.top
www-anydeskcom.top
www-discordc.top
www-lbreofflce.top
www-llbreofflce.top
www-microsofteams.top
www-microsoftteams.top
www-onenote.top
wwww-citrix.top
wwww-irs-form.top
wwww-slack.top
wwww-teamvlewer.top
wwwwdiscord.top

# Reference: https://gist.github.com/myrtus0x0/05cbc12632667f77e13b425c03bc7d9a

avoymratax.com
brakudafear.pics
marmelokpa.com
nigaragusoups.com
pahtafinlund.com
qsertopinajil.com
skafiparod.com
stillprunnert.com
tonikantos.one
trinazhkoma.club
wendypior.ink

# Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_19.01.2023.txt
# Reference: https://gist.github.com/myrtus0x0/9ea040e1c31b474b4c20464ae31c3b73

klayerziluska.com

# Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_20.01.2023.txt
# Reference: https://www.virustotal.com/gui/ip-address/193.149.176.55/relations

umousteraton.com

# Reference: https://twitter.com/DonPasci/status/1616455525863915520

teamviewerr.life
teamviewerr.online
teamviewerr.site
teamviewerr.top

# Reference: https://twitter.com/ian_kenefick/status/1617510411015684096
# Reference: https://twitter.com/ian_kenefick/status/1617510412744003588
# Reference: https://twitter.com/ian_kenefick/status/1617583844705566723

abigelofraj.com
headertolz.com
iskopila.com
nomaeradiur.com
pleylqox.com
rolewzullo.com
scanproluet.com
spotifrezise.com
swordnifhing.com
tibloautonef.com
trastbaki.com
trotimera.com
trustopaj.com
ulrtonemio.com

# Reference: https://twitter.com/ian_kenefick/status/1617831936533368832

birungor.com
jucypokers.com
neaachar.com
smarticaino.com
startinghpot.com

# Reference: https://twitter.com/teamcymru_S2/status/1617832079676395521

5.196.196.252:8080

# Reference: https://twitter.com/embee_research/status/1617728548034457605
# Reference: https://www.virustotal.com/gui/ip-address/5.206.227.5/relations
# Reference: https://www.virustotal.com/gui/ip-address/5.255.106.240/relations
# Reference: https://www.virustotal.com/gui/ip-address/94.140.114.235/relations

needfradka.com
neelrocap.com
pleasurtika.com
polirieta.com
trustyox.cloud

# Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_24.01.2023.txt

plitspiritnox.com

# Reference: https://www.virustotal.com/gui/ip-address/85.239.61.92/relations

alijhaborta.com
windmencherser.com

# Reference: https://threatfox.abuse.ch/ioc/1075360/
# Reference: https://twitter.com/abuse_ch/status/1620152896724803584

sajimadurop.com
tthunderbir.space
us-thunderbird-soft.com

# Reference: https://twitter.com/teamcymru_S2/status/1620733039176466434

135.148.217.85:8080

# Reference: https://twitter.com/abuse_ch/status/1620850766247518208
# Reference: https://www.virustotal.com/gui/ip-address/185.26.122.80/relations
# Reference: https://www.virustotal.com/gui/ip-address/206.188.196.136/relations
# Reference: https://www.virustotal.com/gui/ip-address/46.151.26.131/relations
# Reference: https://www.virustotal.com/gui/file/3a585be7037b0dd24dbc719e8a05d1a1502108bb6e0fea62d6b90980be75a7d9/detection

mlcrosofteams-us.top
restorahlith.com
siitributario.top
teams-mss.online
ww-citrixcom.top
www-adobeus.top
www-onenote-us.top

# Reference: https://twitter.com/k3dg3/status/1623333951069646857
# Reference: https://www.virustotal.com/gui/ip-address/80.66.88.143/relations
# Reference: https://www.virustotal.com/gui/file/2b317f6a1ffc33b390ef0f9ca4c7227c250dc6e46e9eb198e2ef56ce00e0d360/detection

ehonlionetodo.com
noosaerty.com
palasedelareforma.com
renomesolar.com

# Reference: https://www.virustotal.com/gui/file/6e494eb76d75ee02b28e370ab667bcbcdc6f5143ad522090f4b8244eb472d447/detection

bbpline.com

# Reference: https://www.virustotal.com/gui/ip-address/158.255.211.174/relations

qoipaboni.com
yelsopotre.com

# Reference: https://www.virustotal.com/gui/ip-address/185.236.231.223/relations

leftcatrheringg.com

# Reference: https://twitter.com/malwrhunterteam/status/1620166640209133569

bassecanp.space
wvv-basecamp-us.com

# Reference: https://github.com/pan-unit42/tweets/blob/master/2023-02-13-IOCs-for-IcedID-infection-from-fake-Microsoft-Teams-page.txt
# Reference: https://www.virustotal.com/gui/ip-address/45.61.139.138/relations
# Reference: https://www.virustotal.com/gui/ip-address/85.193.93.125/relations
# Reference: https://www.virustotal.com/gui/ip-address/94.140.112.54/relations

7-zip-com.top
adobeusa.top
adobeuscom.top
alishabrindeader.com
basecampus-com.top
basecampusa.top
blender-org.top
blenderusa.top
citrixusa.top
citrixuscom.top
covimars.com
dockerus-com.top
dockerusa.top
irsform-online.top
irsforms-online.top
martubad.com
microsofteamsus.top
mlcrosofteamsus.top
onenoteus-com.top
onenoteusa.top
portaconexao8.top
qonavlecher.com
thunderbirdus-software.top
thunderbirdusa.top
treylercompandium.com
visual-studio-usa.top
visual-studio.top
www-irsform-us.top
ns8.miiwes.top

# Reference: https://twitter.com/1ZRR4H/status/1625870720629604354

bestsdealofworld.com
besttestbrend.com
breakshoulder.com
breakyboost.com
cloudzippe.com
greatjbook.com
loktelnotes.com 
magneticjspt.com 
ninjahmake.com
objectiveusers.com
olivnakercheast.com
omegaweth.com
resetpswdr.com
tempsolutionsde.com
waojernote.com

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-02-16%20IcedID%20IOCs
# Reference: https://www.virustotal.com/gui/ip-address/162.33.177.93/relations

azergapolak.com

# Reference: https://twitter.com/1ZRR4H/status/1627085493023424512

germogenborya.at

# Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_21.02.2023.txt

aerilaponawki.com
alishaskainz.com
alohaplinayagot.com

# Reference: https://twitter.com/teamcymru_S2/status/1629186902011138049

80.66.88.71:8080

# Reference: https://twitter.com/teamcymru_S2/status/1630216181218164736

45.61.137.220:8080

# Reference: https://www.team-cymru.com/post/from-chile-with-malware

aixjobsonline.net
rmbonlineshop.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2023-02-28-v10255/336

neonmilkustaers.com
svoykbragudern.com

# Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_28.02.2023.txt

hrowerknifi.com

# Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_02.03.2023.txt
# Reference: https://www.virustotal.com/gui/ip-address/162.33.177.91/relations

aproillionsgif.com

# Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_02.03.2023.txt

almileniomf.com

# Reference: https://www.virustotal.com/gui/file/4d413030a194ff44334cc00660edc31f7c10cffb28c24fb529b0d4790127b152/detection

olifamagaznov.com

# Reference: https://twitter.com/k3dg3/status/1634252661053870085
# Reference: https://www.virustotal.com/gui/ip-address/46.173.218.184/relations
# Reference: https://www.virustotal.com/gui/file/befeb1ab986fae9a54d4761d072bf50fdbff5c6b1b89b66a6790a3f0bfc4243f/detection

ariopolanetyoa.com
segurda.top
shisyatnic.top
sntnder.top

# Reference: https://www.malware-traffic-analysis.net/2023/03/08/index.html

daybeds.xyz
gyxplonto.com
lifeinsurancequotes.xyz
pichervoip.com
statifaronta.com

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-03-16%20IcedID%20(Bokbot)%20IOCs
# Reference: https://www.virustotal.com/gui/ip-address/176.119.147.36/relations
# Reference: https://www.virustotal.com/gui/ip-address/80.66.64.199/relations
# Reference: https://www.virustotal.com/gui/file/8a2604cafa51f55c680e29b0aa090c1c359959c5ca1fe985331c8bffc352d6e6/detection
# Reference: https://www.virustotal.com/gui/file/b160d088b1e3dae04dff4e286381e5b648b36393fe43a6188eee1f66791f5cab/detection
# Reference: https://www.virustotal.com/gui/file/4acedf813aaf351826a6616bb43146e4d9f6821e31cfa0aeb1e4a1558124320e/detection

acridpanel.top
aproshak.top
borasga.top
burisman.top
momidor.top
russiancl.top
applicatwindomz.com
avroralikhaem.com
skanfordiporka.com
villageskaier.com
/dll/loader_p1_dll_64_n1_x64_inf.dll28.dll
/loader_p1_dll_64_n1_x64_inf.dll28.dll

# Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_17.03.2023.txt
# Reference: https://www.virustotal.com/gui/ip-address/176.124.193.25/relations
# Reference: https://www.virustotal.com/gui/ip-address/185.173.38.133/relations
# Reference: https://www.virustotal.com/gui/ip-address/80.78.24.30/relations

conalom.top
dexteroa.top
allowpedartun.com
auronavtimor.com
breakolitro.com
brendastics.com
canserprite.com
deadwinston.com
ewyersbetter.com
greendayzy.com
halinshopyelo.com
hechizuops.com
ituitem.net
klindriverfor.com
kokphiladefvoid.com
kondarimno.com
lomviolxenus.com
nikertimeshaft.com
panamaplanert.com
pingwiskot.com
plehvioda.com
quelopaskal.com
sexyneolded.com
shoterqana.com
skigimeetroc.com
smockalifatori.com
statikfootbol.com
stimulspitrauk.com
sumnutrionm.com
systimjoyzy.com
thingssouthal.com
trastmoreplanet.com
umoxlopator.com
utorsabegot.com
viskocompetr.com
wazxlerasta.com
zoomersoidfor.com

# Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_24.03.2023.txt
# Reference: https://www.virustotal.com/gui/ip-address/206.166.251.62/relations

http://173.44.141.213
liguspotforsit.com

# Reference: https://twitter.com/Unit42_Intel/status/1639371567900798977
# Reference: https://www.virustotal.com/gui/ip-address/195.20.17.21/relations
# Reference: https://www.virustotal.com/gui/ip-address/89.117.89.197/relations

193.239.85.16:8080
gabrikxuira.com
keyzishaptu.com

# Reference: https://www.proofpoint.com/us/blog/threat-insight/fork-ice-new-era-icedid
# Reference: https://otx.alienvault.com/pulse/64220246fe8791e38ac9c2f0

http://94.131.11.141
akermonixalif.com
guidassembler.com
halicopnow.com
handsinworld.com
helthbrotthersg.com
lepriconloots.com
oilbookongestate.com
samoloangu.com
sanoradesert.com
steepenmount.com

# Reference: https://www.bleepingcomputer.com/news/security/new-icedid-variants-shift-from-bank-fraud-to-malware-delivery/
# Reference: https://www.virustotal.com/gui/ip-address/5.61.34.46/relations

tourdeworldsport.com

# Reference: https://twitter.com/teamcymru_S2/status/1641440140428967936

162.33.179.145:8080
46.21.153.153:8080

# Reference: https://twitter.com/Unit42_Intel/status/1645851799427874818
# Reference: https://twitter.com/malware_traffic/status/1645862110931611649

193.149.176.100:443
45.61.137.159:443
alishakainz.com
deadwinston.com
sithoparka.com
villagekaier.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2023-04-14-v10298/480

askamoshopsi.com
beepkauftagers.com
tadernost.com
troffyfrutlot.com
yhorneedminf.com

# Reference: https://twitter.com/k3dg3/status/1648755072648503322
# Reference: https://www.virustotal.com/gui/file/5f5f78266fddd18f3db7791b4980df2d13184de9d1c5ac39c49751e25f83ca17/detection
# Reference: https://www.virustotal.com/gui/file/bd24b6344dcde0c84726e620818cb5795c472d9def04b259bf9bff1538e5a759/detection

skigimeetroc.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/

104.168.198.16:443
104.168.236.183:443
104.168.250.197:443
104.168.59.69:443
104.168.70.14:443
104.248.223.35:443
108.174.196.120:443
134.122.62.178:443
138.197.146.18:443
139.59.73.85:443
140.99.159.159:443
151.236.9.57:443
161.35.166.97:443
162.33.177.137:443
162.33.179.218:443
167.99.248.131:443
168.100.10.149:443
168.100.10.28:443
168.100.11.100:443
168.100.11.128:443
168.100.9.230:443
172.86.75.233:443
176.124.32.10:443
185.121.168.152:443
185.99.132.16:8080
185.99.133.58:443
192.119.68.151:443
192.153.57.172:443
193.149.129.50:443
193.149.129.53:443
193.149.129.59:443
193.149.176.198:443
193.149.187.158:443
193.149.189.7:443
193.168.143.119:443
209.38.220.183:443
209.54.96.100:443
213.59.118.120:443
38.180.8.107:443
45.61.139.144:443
45.92.163.233:443
5.61.37.224:443
64.227.48.93:443
66.63.188.18:443
74.201.30.84:443
80.66.88.148:443
87.251.67.56:443
91.235.234.217:443
91.238.50.105:443
94.140.114.48:443
94.232.41.107:443
abigeyzolla.com
afrakonla.com
africnouzor.com
afrodizajoy.com
ahilopadra.com
aitoblelorn.com
akwoyawoyezh.com
alconafnizswr.com
alefwizador.com
alicaskotchers.com
aliensaiot.wiki
aliopiwert.com
alistokusta.com
alsomibtrop.com
amercand.one
anniforsa.art
animamagaznaf.com
aoureskindzet.com
aplinormalde.com
apoligazanattions.com
apsoalskd.xyz
architrinm.com
ariadioda.click
aromaydensor.com
artoboxnapi.com
ascorifatka.com
asiksliopakt.com
astrawwinzo.homes
auronegas.art
autohouzepick.com
autokoza.tattoo
autovropsanti.com
avianeikop.com
awesocaerigrot.com
aytomerilnaz.com
bandseventi.com
bedlyklaif.info
biglygirle.com
bizonexpressyet.com
blickwost.quest
boordopad.com
boyangprofit.com
breakolitro.com
brisharten.lol
brocoko.lol
buchiersnair.com
cheryhotlene.com
cloaissap.art
codiciikunfu.wiki
colsnife.art
cubinger.homes
dadiortnavil.hair
daprable.hair
debinatorforka.com
deelstokty.cloud
delarossa.net
dendrapa.tattoo
dismaycars.com
dockeerw.site
dockeruscom.top
dollarsbink.com
doockerq.site
dreoditn.pics
dtreetbenks.com
eatiomnus.com
entercasta.com
farelfif.com
fdronisatis.com
fightsmtimor.pics
flimonikadarchoz.com
flipasunam.nl
flixstotpy.com
folkriferknauf.com
frechezup.com
freddomnad.com
futerimek.com
gerbatoilst.com
ginzatiquella.com
gliinjoyae.com
gravsatrisd.com
grilkavok.com
grixuma.com
grofertnaz.com
grozilur.com
grundatera.com
hannoverplus.com
hardenpasedaken.com
hazertofichamda.com
homeonestrafgnoum.com
hretbornshops.com
ikopaeronafti.com
ilioskajyzi.com
illinousnachez.com
imageabroidkal.cloud
innolarenta.com
iratoubus.com
irosjoyzinax.com
isdernoupe.lol
iskazorety.com
italinakaret.com
itfirhialonat.com
jeanharimop.com
jilosrawet.com
jinofroyka.com
jinowera.com
kajsolakxy.top
kalimboosta.com
keyzibord.homes
kicksoftnuclpark.com
kingsoftingskaiyd.com
komarpleausfa.com
kraftifoodwest.com
kropnagursa.com
lasernofkaret.com
lirepraqueen.com
lldapqoaaosp.xyz
loliapitudet.com
lsonubir.skin
magsashkedfold.com
mashaliop.com
meanxazer.lol
meettofad.hair
milkasofti.click
milkberka.skin
momtretaskan.com
moontraps.com
mrassociattes.com
murlakoperre.com
mybagsukcsfutre.com
naturechese.com
naturetrtwentond.com
needgueachat.com
neefolkrd.com
neelsquelo.com
negerotar.com
netswaerty.com
nextpozziotions.com
nexttinexazerd.com
nigerodmanko.com
nixbachinga.com
nizanigrola.com
nizzapizzakor.com
nothithoeredum.com
nozhidfajip.com
nydkaalis.com
oaskalsaoskdxzx.xyz
obrovasikul.cloud
offetknauzhad.com
oiurkastarting.com
olponetox.com
ondorobo.shop
paesoitalon.com
pcahaelko.com
peargodva.lol
pikcherstoka.com
piktojillyq.com
pilamilko.com
pinchersoftqum.com
pingwiskot.com
pinitosaki.com
pintoolonamon.com
piolareiu.pics
plintarueza.com
plotinchizz.com
postrangecarscity.com
prahmatorn.com
procompeser.com
pxoirita.com
qertoplast.com
qiratrontyssy.com
qwevinaj.lol
rbcverif.com
rbcverif.link
reaperossslo.com
ridikto.buzz
rinosekawer.com
rutapaapps.com
saecoprofintad.com
salipjuino.com
sanovkablumd.com
sarenmarki.pics
satifayban.com
saydoglemoomy.com
scafendertroopers.com
scaniahelfideret.com
scaspeedhamer.com
sciense.buzz
scikeranovan.com
scoulnafirtajoy.com
senioraskaf.cyou
sentinorkaber.com
serdtacoolte.com
sevenfrogsx.com
sexearicjeh.com
sexyneolded.com
skafruedaktor.com
skalk.info
skanerhavio.com
skechingouz.com
sketchar.art
sketiopaag.com
skevapluif.com
skilom.homes
slaqot.com
smacktoloapert.com
smplemente.net
snidjafail.com
snilpmagazfor.com
snofermild.com
softwinmeod.com
sporteatinom.com
sszteell.com
staikfuetures.com
stakingmask.com
stanpyerdx.com
stapcovert.com
staringgeipod.com
statiskalreon.com
statoparkof.com
stdtplast.com
stefilockjiza.com
stegaporto.com
strindcommer.com
stringspakert.com
stronpilor.com
swatihoodi.com
sweetyzdufyp.com
systimjoyzy.com
taisaautodorf.com
team-viewercom.top
thondorbird.com
thunnderbilp.space
thuunderbilb.space
thuunderbils.space
tiulycon.com
tradicop.com
transpilion.lol
tranzitpiert.com
trasewpatyuska.com
trctorsfabricue.com
trodaviatrokaw.com
trollmustfishto.com
tromkalkadio.com
tronkaprofa.com
troscant.one
troslaiet.com
truchvols.homes
tthunderbilp.space
tuslounech.com
us-thunderbird-soft.top
vertyfag.cloud
viskocompetr.com
vroomtolkena.com
vvv-docker-us.com
vvv-docker-us.top
vvw-dlscord.top
vvwdlscord.top
vwv-irs-forms.top
wazxlerasta.com
wendoqolta.com
weranaelliots.com
werandotrek.com
wistaropa.com
wlonkabeadinga.com
wnoykaaloha.com
woezxmioasla.top
workedstarcop.com
worrtekbor.com
wrinatabloq.cloud
wvv-basecamp-us.top
wvw-docker-us.com
wvw-mlcrosofteams.top
wvw-webex-us.top
wvw-whalsapp-us.top
wvwmlcrosofteams.top
wwwwanydeskcom.top
xopdaroad.beauty
yozadading.com
zeroportozoo.com
znoatefif.lol
zoppwet.pics
zoykolmena.com
zulanuca.shop
zusmodert.com

# Reference: https://twitter.com/k3dg3/status/1650579691978252328
# Reference: https://www.virustotal.com/gui/ip-address/193.149.129.152/relations
# Reference: https://tria.ge/230424-xxcp9afg4s/behavioral1

ewyersbetter.com

# Reference: https://www.virustotal.com/gui/file/90aeafc90be26a167104b5fde10a44ee61b06fcb2bd3760949de50872039d4b2/detection

auronavtimor.com

# Reference: https://www.virustotal.com/gui/file/277a97a2dd85bc8f404e58e28410e2d742eb4714e5a6fbbbbc2471d5e3e79a37/detection

klonpiparf.com

# Reference: https://twitter.com/k3dg3/status/1651686244781289496

yewopeuropaus.com

# Reference: https://twitter.com/k3dg3/status/1652001968783601665
# Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_28.04.2023.txt
# Reference: https://www.virustotal.com/gui/ip-address/5.61.37.224/relations
# Reference: https://www.virustotal.com/gui/file/371c2cdb76692d1f4db02a946607bc69d768a8acad42c7e96014eaf18e51e599/detection

aeloderton.com
alomegodarks.com
fdorepolass.com
miolicelis.com

# Reference: https://www.virustotal.com/gui/file/dbe20431bd0fe298357c1bc3df57dfb803b6cb77e078c17c48c0a5da3feab6bf/detection

alepscoking.com

# Reference: https://www.virustotal.com/gui/file/08b62d9687a20192887eecc20d86fa794d8fb1871dd78a2d3e7445931dc6fb70/detection

bgreenglobus.com

# Reference: https://www.virustotal.com/gui/file/f6153ad86d31b9b83c4093e7bf1f0402dd19ba144f8785ca566b292ca4363fca/detection

xairdone.com

# Reference: https://www.virustotal.com/gui/file/c12d0d30e6b1b5567ceafab35f60f0ce7893f75c29bcaf8021a32035131b9d05/detection

joysaketshops.com

# Reference: https://twitter.com/k3dg3/status/1656352426507530245
# Reference: https://tria.ge/230510-v3vf5sbb8y/behavioral1

nedgogolinh.com

# Reference: https://twitter.com/0xBurgers/status/1656928911840907264

domsubuuu.buzz
flekaspino.buzz
germscleaner.store
givesunshine.info
pexpoline.buzz
sprinklerest.buzz
teamentroof.buzz
workdiskleft.buzz

# Reference: https://threatfox.abuse.ch/browse/malware/win.icedid_downloader/

actuallyobligat.info
actuallyobligat.ink
alconauytor.com
amarilloporeder.pw
anisiderblomm.com
asredetyr.site
aucespoo.ink
audifastinggip.com
bedogilas.top
blackferrow.com
bleizcarsgood.com
blompompad.com
dekeoipsi.top
driophizter.com
druidfenixis.com
eholeyear.bid
endofyour.ink
enjoyednot.top
enticationmetho.ink
firehwost.com
firstdatachannel.art
fisherslipkom.com
fucherwindo.com
gadverjo.com
gintoonafa.com
gochihochkiz.fun
grendafolz.com
grizdrolendino.com
guaracheza.pics
harrisonnenda.com
hevciak.com
hftpaeers.com
houghthepl.ink
illinoismusichall.com
libre-offlce.top
likoportio.fun
loremurs.com
matesedoulta.com
meeruboot.space
microsoft-teamscom.top
monowhell.com
munipalis.top
nermorell.com
oceanmeer.site
onedollarmax.com
onlyadheres.com
onokdaynekti.top
orangegrande.com
overpasta.ink
owesureoma.top
pastwestbi.top
placingapie.ink
plutoheadingo.com
porimoksin.ink
portedauthenticati.ink
preomondaka.com
qvenzizshop.com
sauceson.ink
showsyouthe.top
sincaplox.com
sipfierqaz.com
smallbadcity.com
stayersa.art
tiplifid.top
toughflatlying.com
tyretclaster.club
ultraxreroxx.com
vvw-irs-forms.top
vww-discord.top
vww-dlscord.top
wasthuliok.live
whoreviki.top
wvw-llbreofflce.top
wvw-onenote.top
www-adobe-com.top
www-discord-com.top
www-onenote-com.top
wwwanydesk-com.top
wwwirsforms-com.top
wwwmlcrosofteams.top
wwwslackcom.top
wwwteamviewercom.top
zanokiryq.com
zasewartefiko.top
zlinderfaid.com
zojecurf.store

# Reference: https://twitter.com/Unit42_Intel/status/1657014096200343554

139.59.33.128:443

# Reference: https://thedfirreport.com/2023/05/22/icedid-macro-ends-in-nokoyawa-ransomware/

belliecow.wiki
curabiebarristie.com

# Reference: https://twitter.com/FarghlyMal/status/1661844844476612608

153ishak.best
boldidiotruss.xyz
ilu21plane.xyz
nizaoplov.xyz

# Reference: https://twitter.com/ian_kenefick/status/1673629443766534144
# Reference: https://twitter.com/ian_kenefick/status/1677236366575296514
# Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/

aflercoopert.com
akedhorrorr.com
aloowpromis.com
amirkofeefour.com
anscowerbrut.com
arliapples.com
atoryshapsn.com
dolscapche.com
eloasammer.com
fletchersgroop.com
fleurdetarbs.com
frutmossert.com
hloyagorepa.com
jinoparterves.com
jizzynaf.com
kojgimagi.com
natursaker.com
necgatinh.com
nemchaprues.com
nerfgamesarche.com
palesreapor.com
piomasocks.com
seahloperd.com
skayfingertawr.com
skepartisol.com
stathorrientd.com
tracautomatitspow.com
trofpokertak.com
voesallientak.com
yellorquli.com

# Reference: https://twitter.com/k3dg3/status/1679585047450464257
# Reference: https://bazaar.abuse.ch/sample/517e2852fe933c6f1713d648707dc0b3c677329c4078145095ce140691388928/
# Reference: https://www.virustotal.com/gui/file/517e2852fe933c6f1713d648707dc0b3c677329c4078145095ce140691388928/detection

http://45.11.182.118

# Reference: https://www.virustotal.com/gui/ip-address/80.66.64.154/relations

beerang.top
boronia.top
ginomar.top
irsformsusa.top
jiveleta.top
musarga.top
mutalis4hello45.top
russiathecrown.top
semorqa.top
slack-usa.top
sntdr.site
www-adobe-reader.top
www-webex-us.top
zoom-usa.top
zoomusa.top

# Reference: https://www.virustotal.com/gui/file/aa8138d2fd97003e534e36c9961e1a105b13ea24ccf7db1059ea4026b28b5247/detection

skofilldrom.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 14 Jul 2023)

http://104.21.7.13
http://170.130.55.140
http://170.130.55.187
http://170.130.55.195
http://170.130.55.199
http://170.130.55.228
http://45.11.182.114
http://45.11.182.115
http://45.11.182.117
http://45.11.182.119
http://45.11.182.120
http://45.11.182.121
http://45.11.182.61
http://77.83.196.189
104.168.152.22:443
104.168.53.11:443
104.219.233.149:443
104.223.118.109:443
104.248.21.165:443
104.248.81.48:443
108.174.196.152:443
138.197.138.46:443
138.68.244.54:443
139.59.186.140:443
139.59.72.105:443
140.99.3.12:443
151.236.30.214:443
151.236.30.222:443
151.236.9.101:443
151.236.9.187:443
151.236.9.205:443
157.245.104.223:443
159.89.116.11:443
168.100.8.203:443
176.124.32.116:443
192.153.57.109:443
192.3.76.146:443
193.149.129.12:443
193.149.129.231:443
193.149.129.25:443
193.149.129.87:443
193.168.143.131:443
193.168.143.138:443
193.43.104.28:443
206.166.251.101:443
206.188.196.238:443
206.188.197.120:443
206.188.197.251:443
207.154.203.203:443
38.180.34.14:443
45.144.178.236:443
45.61.137.119:443
45.61.139.196:443
5.230.57.30:443
5.230.68.190:443
5.255.115.226:443
5.255.122.79:443
5.255.124.55:443
5.255.99.21:443
64.227.146.71:443
68.183.198.18:443
68.183.77.223:443
74.201.30.4:443
80.66.88.162:443
85.239.63.218:443
87.251.64.211:443
87.251.67.49:443
91.193.18.205:443
94.232.46.201:443
boomstortyil.com
groowstatb.com
gualazaskanti.com

# Reference: https://twitter.com/powershellcode/status/1680293518995226625

http://80.77.23.154
http://80.77.23.155
http://80.77.23.170
http://80.77.23.176
http://80.77.23.64
http://91.240.202.190
http://91.240.202.195

# Reference: https://twitter.com/ian_kenefick/status/1681777219251716096

airnaftokampa.com
archiparist.com
brakoairnis.com
elokijjonaut.com
jizzygamgp.com
krepradoshaps.com
nedromeagi.com
nezgoakker.com
pearuchemilk.com
plurescandistika.com
prasketfostert.com
speedfatoppam.com
trainpolkstaet.com

# Reference: https://www.virustotal.com/gui/file/c41b62c08150340a18b6fc1a3acde0b8496441497b1a2af9b8f3c7ea4d2b573e/detection
# Reference: https://www.virustotal.com/gui/file/cb8cb60629d7d85aa621d611a45462dd4e385b65df06b0116763a456e102a841/detection

officialk2spice.com
wiraofise.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1681221724753240065

testserbia.com/wp-content/out/k.php

# Reference: https://twitter.com/k3dg3/status/1683544196341219341
# Reference: https://twitter.com/ian_kenefick/status/1683549956584382486
# Reference: https://tria.ge/230724-w1dlaaha6w/behavioral1
# Reference: https://www.virustotal.com/gui/file/8b5529d29aeaf195889ebad68f2c3a390845e173edfec923acaf25fed824a529/detection

autokamertos.com
childhauster.com
erailopaf.com
filtaferamoza.com
findertoues.com
flarkonafaero.com
gravitoperka.com
lasergathe.com
lergochatep.com
lohmotarufos.com
magiketchinn.com
magizanqomo.com
miniprukerw.com
nechgoper.com
nimezidhalxa.com
rinotrackingg.com
silmofaid.com
skazifrant.com
spakernakurs.com
sucksonouch.com
villysnapsy.com
wgamershyh.com

# Reference: https://twitter.com/THIR_Sec/status/1676962063082737677
# Reference: https://www.virustotal.com/gui/file/163b06edcd4986d554e5a64df9c53de700a769543053f8d191a63ec444e396f5/detection

safeworld.cl/out/d.php

# Reference: https://twitter.com/reecdeep/status/1673652535360454656

bestholidaysdestinations.com/out/sal.php
rankboss.com/out/sal.php
springandyouth.com/out/sal.php

# Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 2023-07-25)

http://170.130.165.246
http://170.130.165.247
http://170.130.165.250
http://170.130.165.89
http://173.232.146.10
atomaresto.com
pitrinoaoil.com

# Reference: https://www.virustotal.com/gui/ip-address/38.180.0.182/relations
# Reference: https://www.virustotal.com/gui/file/4871d83c32ce40c24171ec40c4548dd320fe183a58d3866aa88c0b12d2d7b3ae/detection
# Reference: https://www.virustotal.com/gui/file/9e741bbca30380dd6f62954ca9e1c9d2a6270e00c92ce11ff18956dfe0ff2f20/detection

foasseropgh.net
/botpackn1.dat
/botpackn2.dat
/botpackn3.dat
/botpackn4.dat
/botpackn5.dat
/botpackn6.dat
/botpackn7.dat
/botpackn8.dat
/botpackn9.dat

# Reference: https://twitter.com/ian_kenefick/status/1683812491514486785

kechizlarey.com

# Reference: https://twitter.com/ian_kenefick/status/1684175591082188800

fireplotcann.com
vrondafarih.com

# Reference: https://twitter.com/ian_kenefick/status/1684519844656340993

mineskateroff.com
needsomsital.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 2023-07-28)

http://134.122.75.104
http://143.110.209.116
http://159.203.20.194
http://164.90.238.94
http://165.227.104.80
http://167.99.255.146
http://170.130.165.61
http://170.130.165.62
http://170.130.165.83
http://173.44.141.224
http://206.188.196.136
103.208.85.14:443
103.208.85.216:443
103.208.85.42:443
103.208.86.118:443
103.68.108.10:443
104.168.132.147:443
104.168.144.138:443
104.168.53.13:443
104.168.53.18:443
104.168.59.73:443
128.199.3.164:443
134.122.75.104:443
134.209.109.146:443
134.209.144.24:443
134.209.157.203:443
137.184.164.28:443
137.184.172.23:443
138.197.177.26:443
138.197.64.163:443
139.59.26.99:443
139.59.32.97:443
139.59.67.109:443
139.59.89.80:443
140.99.221.138:443
140.99.32.203:443
140.99.32.219:443
140.99.4.3:443
142.11.206.160:443
142.93.217.201:443
143.110.209.116:443
143.110.210.71:443
143.110.250.186:443
143.244.141.126:443
144.126.226.88:443
149.154.152.217:443
149.154.152.58:443
149.154.153.110:443
149.154.154.214:443
149.202.29.169:443
151.236.13.44:443
151.236.30.131:443
151.236.30.192:443
151.236.30.246:443
151.236.8.73:443
151.236.9.107:443
151.236.9.206:443
158.255.211.133:443
158.255.211.62:443
158.255.211.85:443
158.255.212.150:443
158.255.212.175:443
158.255.212.81:443
159.203.20.194:443
159.203.86.86:443
159.223.216.52:443
159.89.120.183:443
159.89.124.188:443
162.33.177.47:443
162.33.178.40:443
162.33.179.202:443
162.33.179.33:443
162.33.179.35:443
164.90.238.94:443
165.22.217.33:443
165.232.175.216:443
168.100.10.214:443
168.100.10.51:443
168.100.11.123:443
168.100.11.167:443
168.100.8.213:443
168.100.9.109:443
168.100.9.203:443
168.100.9.218:443
169.239.128.143:443
172.86.75.157:443
172.86.75.159:443
172.86.75.189:443
172.86.75.50:443
172.86.75.64:443
176.31.90.131:443
185.123.53.211:443
185.161.70.195:443
185.161.70.44:443
185.161.70.6:443
185.73.124.161:443
185.73.124.8:443
185.99.132.18:443
185.99.133.122:443
185.99.133.164:443
185.99.133.17:443
185.99.133.84:443
192.119.110.253:443
192.153.57.110:443
192.153.57.134:443
192.153.57.157:443
192.153.57.233:443
192.153.57.24:443
192.153.57.82:443
192.153.57.96:443
192.236.146.34:443
192.236.154.108:443
192.236.162.108:443
192.236.193.209:443
192.236.198.7:443
193.149.129.152:443
193.149.129.177:443
193.149.129.191:443
193.149.129.238:443
193.149.129.48:443
193.149.180.16:443
193.149.187.7:443
193.149.189.254:443
193.168.143.106:443
193.168.143.111:443
193.168.143.121:443
195.20.17.133:443
195.20.17.176:443
195.20.17.21:443
195.20.17.62:443
195.20.17.64:443
2.56.177.122:443
206.166.251.62:443
206.188.197.91:443
206.189.138.24:443
207.154.221.213:443
213.59.118.207:443
216.73.159.132:443
216.73.159.134:443
216.73.159.29:443
216.73.159.44:443
216.73.159.53:443
216.73.159.57:443
216.73.159.63:443
217.199.103.232:443
217.199.121.211:443
217.199.121.56:443
23.254.202.234:443
23.254.224.148:443
23.254.226.152:443
37.235.56.30:443
37.235.56.37:443
37.235.56.94:443
37.252.6.77:443
38.180.0.89:443
38.180.8.169:443
45.12.109.136:443
45.12.109.195:443
45.12.109.221:443
45.12.139.90:443
45.15.161.254:443
45.61.136.193:443
45.61.136.6:443
45.61.138.171:443
45.61.138.175:443
45.61.138.181:443
45.61.138.227:443
45.61.139.138:443
45.61.139.179:443
45.61.139.235:443
45.61.139.243:443
45.66.248.7:443
45.82.247.121:443
45.82.247.148:443
45.82.247.87:443
45.82.251.36:443
45.82.251.44:443
45.86.230.141:443
45.88.221.211:443
45.89.98.138:443
45.92.162.84:443
45.92.163.123:443
45.92.163.238:443
46.149.75.148:443
46.151.29.201:443
5.144.132.47:443
5.206.224.239:443
5.206.227.5:443
5.230.57.194:443
5.230.66.157:443
5.230.67.227:443
5.230.68.48:443
5.230.68.66:443
5.230.70.135:443
5.230.70.140:443
5.230.70.57:443
5.230.72.37:443
5.230.73.139:443
5.230.73.157:443
5.230.73.172:443
5.230.73.244:443
5.230.73.61:443
5.230.74.202:443
5.230.74.203:443
5.230.74.223:443
5.230.75.11:443
5.230.75.134:443
5.230.75.188:443
5.230.75.247:443
5.230.76.198:443
5.230.76.44:443
5.230.78.208:443
5.252.178.142:443
5.255.100.32:443
5.255.100.65:443
5.255.101.68:443
5.255.102.167:443
5.255.102.88:443
5.255.103.108:443
5.255.103.75:443
5.255.104.11:443
5.255.104.145:443
5.255.104.153:443
5.255.104.233:443
5.255.104.45:443
5.255.105.239:443
5.255.105.55:443
5.255.106.136:443
5.255.106.240:443
5.255.106.72:443
5.255.106.78:443
5.255.107.149:443
5.255.109.175:443
5.255.109.46:443
5.255.110.177:443
5.255.111.220:443
5.255.113.157:443
5.255.119.21:443
5.255.120.33:443
5.255.98.126:443
5.255.99.51:443
5.61.61.35:443
64.227.131.33:443
64.94.214.200:443
66.151.51.32:443
68.183.175.39:443
77.243.86.137:443
80.66.88.145:443
80.66.88.40:443
81.19.141.20:443
84.54.47.75:443
85.239.52.234:443
86.38.217.131:443
87.251.64.208:443
87.251.67.166:443
87.251.67.175:443
87.251.67.181:443
87.251.67.219:443
87.251.67.75:443
89.117.88.249:443
89.117.89.105:443
89.23.107.26:443
89.23.107.39:443
89.31.123.14:443
89.44.9.157:443
91.193.18.49:443
91.235.234.135:443
91.235.234.72:443
91.238.50.101:443
91.238.50.26:443
91.238.50.30:443
91.238.50.32:443
91.238.50.79:443
94.140.112.152:443
94.140.112.173:443
94.140.112.194:443
94.140.112.61:443
94.140.112.97:443
94.140.114.102:443
94.140.114.109:443
94.140.114.121:443
94.140.114.54:443
94.140.114.96:443
94.140.115.159:443
94.140.115.224:443
94.140.115.57:443
94.158.244.111:443
94.158.244.79:443
94.158.247.58:443
94.158.247.65:443
94.232.46.217:443
94.232.46.63:443
94.232.46.65:443
98.142.251.189:443
aerobrabusvoc.com
appkasnofert.com
priklosta.com
rsescolumbus.org
webprimosloja.shop

# Reference: https://www.team-cymru.com/post/inside-the-icedid-backconnect-protocol-part-2

104.248.21.165:8080
104.248.21.165:8082
104.248.21.165:8083
104.248.21.165:8101
104.248.223.35:8080
104.248.223.35:8082
104.248.223.35:8083
104.248.223.35:8101
116.203.30.206:443
116.203.30.206:8080
116.203.30.206:8082
116.203.30.206:8083
116.203.30.206:8101
134.122.62.178:8080
134.122.62.178:8082
134.122.62.178:8083
134.122.62.178:8101
135.148.217.85:443
135.148.217.85:8082
135.148.217.85:8083
135.148.217.85:8101
138.197.146.18:8080
138.197.146.18:8082
138.197.146.18:8083
138.197.146.18:8101
138.68.244.54:8080
138.68.244.54:8082
138.68.244.54:8083
138.68.244.54:8101
139.59.186.140:8080
139.59.186.140:8082
139.59.186.140:8083
139.59.186.140:8101
139.59.33.128:8080
139.59.33.128:8082
139.59.33.128:8083
139.59.33.128:8101
139.59.72.105:8080
139.59.72.105:8082
139.59.72.105:8083
139.59.72.105:8101
159.89.116.11:8080
159.89.116.11:8082
159.89.116.11:8083
159.89.116.11:8101
161.35.166.97:8080
161.35.166.97:8082
161.35.166.97:8083
161.35.166.97:8101
162.33.179.145:443
162.33.179.145:8082
162.33.179.145:8083
162.33.179.145:8101
162.33.179.218:8080
162.33.179.218:8082
162.33.179.218:8083
162.33.179.218:8101
167.99.235.95:443
167.99.235.95:8080
167.99.235.95:8082
167.99.235.95:8083
167.99.235.95:8101
167.99.248.13:443
167.99.248.13:8080
167.99.248.13:8082
167.99.248.13:8083
167.99.248.13:8101
185.99.132.16:443
185.99.132.16:8082
185.99.132.16:8083
185.99.132.16:8101
192.153.57.134:8080
192.153.57.134:8082
192.153.57.134:8083
192.153.57.134:8101
193.149.176.100:8080
193.149.176.100:8082
193.149.176.100:8083
193.149.176.100:8101
193.149.176.198:8080
193.149.176.198:8082
193.149.176.198:8083
193.149.176.198:8101
193.149.187.7:8080
193.149.187.7:8082
193.149.187.7:8083
193.149.187.7:8101
193.239.85.16:443
193.239.85.16:8082
193.239.85.16:8083
193.239.85.16:8101
207.154.203.203:8080
207.154.203.203:8082
207.154.203.203:8083
207.154.203.203:8101
209.38.220.183:8080
209.38.220.183:8082
209.38.220.183:8083
209.38.220.183:8101
45.61.137.159:8080
45.61.137.159:8082
45.61.137.159:8083
45.61.137.159:8101
45.61.137.220:443
45.61.137.220:8082
45.61.137.220:8083
45.61.137.220:8101
45.61.139.144:8080
45.61.139.144:8082
45.61.139.144:8083
45.61.139.144:8101
45.61.139.235:8080
45.61.139.235:8082
45.61.139.235:8083
45.61.139.235:8101
46.21.153.153:443
46.21.153.153:8082
46.21.153.153:8083
46.21.153.153:8101
5.196.196.252:443
5.196.196.252:8082
5.196.196.252:8083
5.196.196.252:8101
64.226.86.179:443
64.226.86.179:8080
64.226.86.179:8082
64.226.86.179:8083
64.226.86.179:8101
64.227.146.71:8080
64.227.146.71:8082
64.227.146.71:8083
64.227.146.71:8101
64.227.48.93:8080
64.227.48.93:8082
64.227.48.93:8083
64.227.48.93:8101
68.183.198.18:8080
68.183.198.18:8082
68.183.198.18:8083
68.183.198.18:8101
80.66.88.71:443
80.66.88.71:8082
80.66.88.71:8083
80.66.88.71:8101

# Reference: https://www.virustotal.com/gui/file/7f28c4bd1ac88ff3475365e3c77974fb99adc3a4ec9597e7bfeba6f1da51c24a/detection

http://45.11.180.149

# Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/

104.248.242.189:443
138.197.168.142:443
139.59.29.151:443
176.124.32.124:443
185.205.187.140:443
193.168.143.109:443
2.56.177.14:443
bnreadgoning.com
catnagulsk.com
halifmagzoom.com
illboardinj.com
pertanezer.com
shalwolonzy.com
triopahom.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 2023-07-31)

groovetsan.com
jiuzuzyew.com
kimsoupg.com

# Reference: https://twitter.com/ian_kenefick/status/1686356392674754560

skeletoheltha.com

# Reference: https://threatfox.abuse.ch/ioc/1146915/

aoysnakert.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 2023-08-05)

http://206.189.15.112
http://46.101.194.92
104.168.59.9:443
128.199.99.24:443
139.59.30.28:443
143.198.36.172:443
151.236.9.111:443
157.245.147.16:443
164.92.190.54:443
165.227.31.225:443
176.124.32.108:443
193.109.120.119:443
193.168.141.15:443
195.85.115.188:443
206.189.15.112:443
46.101.194.92:443
archiboldon.com
derhmajuzi.com
ospertoolsbo.com
perdimount.com
pireltotus.com
reraitper.com
tytsoftikor.com
ultrafoks.com

# Reference: https://twitter.com/x3ph1/status/1687536724023377932
# Reference: https://www.virustotal.com/gui/ip-address/81.177.140.194/relations
# Reference: https://www.virustotal.com/gui/file/c8fa87a63297851bb387a5a7d1202b785eb6eb99b9d4041397c90cb2db69d87a/detection

9sta9rt4.store
994super.site
bigforest682.store
screenrecorder.site
global-app.space

# Reference: https://www.virustotal.com/gui/file/c8f17882c567e27db7d850a3110d95e9bb907e03319156fa2f928ad079ea7d35/detection
# Reference: https://www.virustotal.com/gui/file/b140f907a0cd693c4a5abfc5fa2214377716da7865a767d9d883a5b6163b3d31/detection
# Reference: https://www.virustotal.com/gui/file/5068af522efbfa24c410c8f1d190225438b8c07efcb0b2ae45fb6260089ea019/detection

cajaminoretino.ru
promtrainmoping.com

# Reference: https://www.virustotal.com/gui/file/10efcc11981279f9d3eaa7b58d5dacff11ee87acf5f1b051cfaf6f429a83ac58/detection

skamusdeadin.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 2023-08-05)

http://104.168.152.22
http://104.168.59.73
http://104.168.59.9
http://104.219.233.41
http://128.199.99.24
http://134.209.109.146
http://137.184.164.28
http://138.197.177.26
http://139.59.30.28
http://140.99.221.138
http://142.93.217.201
http://143.198.36.172
http://149.202.29.169
http://151.236.30.131
http://151.236.30.222
http://151.236.9.111
http://157.245.147.16
http://164.92.190.54
http://165.227.31.225
http://176.124.32.108
http://176.124.32.124
http://176.31.90.131
http://185.123.53.211
http://185.73.124.8
http://192.236.146.34
http://193.109.120.119
http://193.109.120.27
http://193.168.141.15
http://193.168.143.15
http://195.133.52.11
http://195.85.115.188
http://2.56.177.122
http://2.56.177.14
http://2.56.177.183
http://80.66.88.162
http://80.66.88.72
http://89.117.88.249
http://91.193.18.49
193.109.120.27:443
66.63.188.6:443

# Reference: https://threatfox.abuse.ch/ioc/1148836/

dkepostnatures.com

# Reference: https://threatfox.abuse.ch/ioc/1149067/

http://162.33.179.158

# Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 2023-08-08)

http://143.244.140.238
http://193.168.141.76
affiksmaali.com
kanomapsfuter.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 2023-08-09)

http://167.99.240.150
http://195.85.115.72

# Reference: https://github.com/pan-unit42/tweets/blob/master/2023-08-09-IOCs-from-IcedID-infection.txt

podiumstrtss.com
pokerstorstool.com
smakizelkopp.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 2023-08-11)

http://128.199.151.179
http://143.110.241.178
http://159.223.95.82
http://164.92.144.116
http://167.71.35.189
http://176.124.32.164
http://185.153.182.156
http://5.181.159.39
http://5.181.159.41
http://5.181.159.51
http://5.181.159.54
http://5.181.159.55
http://94.158.245.178

# Reference: https://www.virustotal.com/gui/ip-address/137.74.104.108/detection

137.74.104.108:443

# Reference: https://www.virustotal.com/gui/file/010051aa8c323b920bc9ce0f635163ad74d5375bf9ccb307ea4b11ce797d44e4/detection

conniterot.com
cranetisti.com
dicarkadar.com
flagration.pw
intesteron.com
litellusef.com
matchippsi.com
mediaterki.com
scotiation.pw

# Reference: https://threatfox.abuse.ch/ioc/1150454/

mokililsan.com

# Reference: https://threatfox.abuse.ch/ioc/1150809/

143.110.245.38:443

# Reference: https://threatfox.abuse.ch/ioc/1150871/

http://159.203.8.183

# Reference: https://www.deepinstinct.com/blog/pindos-new-javascript-dropper-delivering-bumblebee-and-icedid
# Reference: https://otx.alienvault.com/pulse/64a2e37e2ed3cb6e66de1d49

acsdxb.net
adecoco.us
carwashdenham.com
egyfruitcorner.com
intellectproactive.com
logisticavirtual.org
masar-alulaedu.com
posao-austrija.at
qaswrahc.com
tech21africa.com
tusaceitesesenciales.com

# Reference: https://threatfox.abuse.ch/ioc/1151265/

http://168.100.9.127

# Reference: https://threatfox.abuse.ch/ioc/1151419/

46.101.237.100:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 2023-08-22)

http://104.168.59.4
http://140.99.32.199
http://151.236.30.57
http://151.236.9.237
http://159.203.5.115
http://168.100.11.144
http://193.109.120.30
http://206.166.251.139
http://85.192.40.160
167.71.35.189:443
167.99.240.150:443
168.100.11.144:443
168.100.9.127:443
ameliachoi.autos
antwanpittman.autos
carindeza.com
cheenzocan.com
fisheredwards.autos
khalilhunter.autos
krishalvarado.autos
minesotkarpid.com
playertinid.com
skansnekssky.com
snipelhafer.com
stelkaret.com
tremethaj.com
ultrasnafpor.com
wisthardem.wiki
yelkafeelind.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 2023-08-25)

http://45.66.248.64
http://45.8.158.140
http://68.183.93.101
http://87.251.67.42
http://91.193.43.161
alishopelec.com
carsmarcetwrld.com
ewacootili.com
kefsocksmag.com
liopalsdrom.com
magiraptoy.com
manamagazano.com
manderatapple.com
rpgmagglader.com
skrechelres.com
tramikora.com
tronpafet.com
ultrascihictur.com
zillafrogss.com
zonanullpoker.com

# Reference: https://threatfox.abuse.ch/ioc/1152240/

164.92.241.101:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 2023-08-30)

http://140.99.2.194
http://151.236.9.176
http://193.124.22.41
http://45.129.199.26
http://66.63.188.76
http://87.251.67.52
http://91.193.43.217

# Reference: https://threatfox.abuse.ch/ioc/1152421/

http://194.58.68.187

# Reference: https://threatfox.abuse.ch/browse/malware/win.icedid_downloader/
# Reference: https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2023-08-29-IOCs-for-IcedID-activity.txt
# Reference: https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2023-08-31-IOCs-for-IcedID-activity.txt

oopscokir.com
avestainfratech.com/out/t.php
moashraya.com/out/t.php

# Reference: https://twitter.com/souiten/status/1697552282613948615
# Reference: https://www.virustotal.com/gui/file/2ef26042422e2cf48870e6d97921f8d916f6886457d013602623d06906f10fda/detection
# Reference: https://www.virustotal.com/gui/file/380f5069a6d9b4689058ba53876b0571a9f81cf8d1388d71ee555118a0d967c8/detection

52.33.28.135:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 2023-09-02)

http://151.236.9.166
http://151.236.9.24
http://165.22.220.20
http://192.236.162.26
http://87.251.67.168
http://94.232.46.225
fraktomaam.com
patricammote.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 2023-09-05)

http://104.129.21.197
http://128.199.206.238
http://146.190.242.204
http://157.245.102.160
http://157.245.106.203
http://167.172.169.229
http://167.71.62.175
http://168.100.11.151
http://193.109.120.108
http://193.149.129.81
http://193.149.176.133
http://193.149.190.239
http://66.63.168.126
http://68.183.6.108
http://80.66.88.42
http://91.149.232.174
159.203.22.84:443
162.33.179.240:433
45.61.138.12:443
carsruitkan.com
clainsrimauto.com
dionaolesjob.com
feekstokandy.com
feeltravelstok.com
fustindor.com
gerkablop.com
kaheshanpa.com
kevinbrawiewu.com
majzolimka.com
maskarbloom.com
mmaymsoffrter.com
plastcmoont.com
plesbrilllian.com
shoopsihas.com
snapservarior.com

# Reference: https://threatfox.abuse.ch/ioc/1155931/

http://45.129.199.13

# Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 2023-09-13)

http://104.168.59.68
http://139.59.29.78
http://139.59.29.86
http://45.129.199.13
http://94.232.46.231
139.59.19.114:443
allienhasiwert.com
kaspimension.com
skootershopenf.com
trentimarsop.com

# Reference: https://twitter.com/Tac_Mangusta/status/1701902120692166887
# Reference: https://twitter.com/JAMESWT_MHT/status/1701926130884727211
# Reference: https://tria.ge/230913-mhmxkadh63

restohalto.site

# Reference: https://tria.ge/230909-c55e1sha28/behavioral1
# Reference: https://www.virustotal.com/gui/ip-address/81.177.140.69/relations

ads-info.ru
ads-info.site
clk-brom.ru
clk-brom.site
clk-info.site
fresh-prok.ru
fresh-prok.site
jizagaws.online
new-prok.ru
new-prok.site
trust-flare.site

# Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 2023-09-13)
# Reference: https://www.virustotal.com/gui/file/448e07d0b17f3ffdb2f74c2a50effc29979b7a8d5c7d499fd1207bc84747e4a0/detection

gurdubigoma.com
scauditora.cl
vocesdelatinoamerica.com

# Reference: https://twitter.com/phage_nz/status/1702095851634704809
# Reference: https://tria.ge/230913-2nkfysaa45/behavioral1

minutozhart.online

# Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 2023-09-20)

http://103.208.86.81
http://104.129.21.254
http://104.168.53.70
http://134.209.110.138
http://149.248.77.53
http://172.86.75.236
http://176.124.32.30
http://185.123.53.150
http://193.124.22.170
http://193.124.46.116
http://193.37.69.113
http://216.73.159.20
http://46.101.16.86
http://87.251.67.46
http://91.235.234.233
146.190.28.193:443
strastkamenhoop.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 2023-09-22)

http://104.129.21.204
123.30.137.194:21
13.237.195.116:443
13.52.121.66:443
13.57.55.155:443
139.162.6.236:443
140.210.94.185:443
172.104.42.176:443
184.169.214.156:443
184.169.223.42:443
206.166.251.33:443
3.105.92.116:443
3.82.225.224:443
3.95.241.204:443
39.104.16.102:443
39.104.17.212:443
39.104.23.152:443
39.104.27.24:443
39.104.72.59:443
39.104.94.83:443
51.250.91.99:443
52.65.231.93:443
54.151.68.59:443
54.151.74.195:443
54.176.193.133:443
54.241.197.226:443
54.252.13.186:443
54.66.136.198:443
54.67.100.168:443
54.67.19.155:443
54.79.125.231:443
69.164.208.254:443

# Reference: https://twitter.com/Cryptolaemus1/status/1706635492224024765
# Reference: https://twitter.com/JAMESWT_MHT/status/1706646248604721643
# Reference: https://twitter.com/fr0s7_/status/1706651956184240460
# Reference: https://www.virustotal.com/gui/ip-address/157.245.102.160/relations
# Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_09.26.2023.txt

http://135.125.177.95
http://192.153.57.191
http://206.166.251.177
http://206.188.196.120
http://95.164.17.59
157.245.102.160:443
pantherradio.media
skrgerona.com
transautomanf.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 2023-09-27)

http://192.153.57.191
http://206.166.251.177
http://206.188.196.120
http://45.129.199.67
13.237.1.27:443
140.210.94.185:9000
172.86.75.88:433
178.77.217.61:443
185.140.231.8:2083
3.104.41.163:443
39.104.164.115:443

# Reference: https://www.virustotal.com/gui/ip-address/157.245.106.203/relations

awindakizend.com

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/IcedID/icedid_loader_domains_2020_to_2023.txt

1derrick.pw
2014connflikki.pw
2kilozhiraffe.club
2points.xyz
2sekillo.pw
5kilozhuto.top
actuallycost.top
adrescairhot.com
adwerife.cyou
aerogregipop.com
aginia.in
aginia.tel
akasafaresla.com
alkaliodplus.com
almostcruze.best
alsohavethis.top
angiliaisland.best
applecourt.online
aristomosuga.top
arrowcaps.top
asperuguz.store
aviospe.com
blodwarstayed.com
blomskavino.com
bookoffathes.pw
bromidnaus.com
cementqbilly.com
cloudsappert.best
counrerro.club
crackeden.com
cutterfighter.club
demicdefinite.ink
derrillo.website
deteresposito.club
dilinfilino.top
dilingomer.top
dilinwestbig.top
dkiloipr.xyz
dondebaloon.pro
eaglehardwares.com
eightoclock.email
eliskapalu.com
enamulat.me
eriumhasappar.club
estalipica.com
estoptionicou.top
eysneolissionsm.com
fallhuma.top
fastbtcshimp.top
fechirtout.com
feedbackfile.download
filimistareg.top
foolishsmile.club
footballer.bid
freeharritage.top
frodupshopping.com
gegemony4you.top
gekatolic.top
gigameters.top
gladmitter.com
gohoemmuzlimanz.best
gravitation.pw
greejoin.xyz
gremlinkremlin.download
gudweenten.com
guversaksi.com
heatwould.ink
hereiswell.top
hlansmagazine.com
hlipolipol.top
holniakea.com
hoseonlin.top
hreffgreff.club
iboracarde.com
illocloud.com
imilarquestio.top
indiahindi.top
iningsessi.ink
juniarhends.com
karimorodrigo.pw
lakebikerool.com
ldrcreep.net
ldrfeelings.casa
ldrmars.casa
ldrradio.casa
letsfiaclub.top
letsgivnina.com
lhaerty.com
limerugaf.top
load5th.casa
loadboeing.click
loadfifth.com
lopityr4.pw
lusinobig.top
magnesiumik.top
makelifebetterdo.fun
mchinamoz.com
meincarton.top
minnerbkajoy.com
morginakolim.com
motorindianz.top
motorzz.top
ncaakneebroken.best
ndalldoma.ink
nefitsonyo.xyz
neonverdicto.com
neverbiglik.top
nikolandfantazy.com
nothingnewhere.life
novemberprosse.space
nrncipalmoonw.com
ovninaysozidu.top
parkerrsberg.site
pashamasha.top
pimidorro22.top
piponareatna.com
pleasurefascoin.com
pleasurepopug.cyou
podepopulos.pw
ponkdgenki.top
proanaliz.top
pronfasket.com
pumaadscolor.com
qrenasursa.com
qwasterni.top
radiationglass.pw
ranmilokd.com
registrant.top
renewersilti.top
reseptors.com
rifyyoure.ink
roomdetect.com
roovehiuxe.com
rotmistr.club
rshysytover.com
safiliti.top
sellsold.pw
sethisabelle.website
silkydaily.top
sinctuation.club
singularitty.best
sleepvotioka.com
slimworkslose.top
slowbtcfred.top
sobaprivba.rest
sprotakepatuz.com
starpetralina.com
stayhaslyey.com
stooryallice.com
subdibermarine.pw
thoutilin.fun
tocsicambar.xyz
toloutsicnow.top
tourryd.club
turkeyakinchi.pw
unkin4i.pw
unodostres.uno
upperdown.in
viryigamaps.top
vzaimrazv.cyou
warfarehotconflickt.space
worldcrysys.top
xikolaman.com
yellowpyrrol.com
yellwells.com
youandtherest.cyou
ypothesisabo.top
zmekiloder.site
zodiakko.cyou
zolerasiop.club
zoplasure.top
zroybalkane.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 2023-09-30)

http://104.223.118.109
http://151.236.9.203
http://206.53.55.5
http://45.61.139.232
http://66.63.188.5
http://80.66.88.67
http://91.149.221.245
185.140.231.8:8443
neelsmagofter.com

# Reference: https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2023-09-28-IOCs-for-IcedID-with-KeyholeVNC-and-Cobalt-Strike.txt
# Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_09.28.2023.txt
# Reference: https://www.virustotal.com/gui/file/6dbeb28cbe80c26172002ea3b96b94b49cf6be226c4c56cd64bf9830a55e65d2/detection

http://155.138.164.116
http://155.138.160.67
172.86.75.88:443
carsfootyelo.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1708779052918616346
# Reference: https://app.any.run/tasks/75368f55-0e1e-4a5d-8d00-d2c809509ac1/

mestorycallin.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 2023-10-02)

http://147.182.156.64
http://151.236.9.107
http://162.33.179.136
http://45.129.199.92
http://45.61.137.225
http://91.193.18.135
45.61.137.95:443
52.52.160.6:443
baskamioitali.com
borkatrostys.com
bronxadoskep.com
everynght.org
evinakortu.com
fanclubsdcomics.com
fliskmanon.com
hellowwwday.co
hofsaalos.com
jerryposter.com
jkbarmossen.com
lolibong.xyz
mintatrizza.com
nbastione.org

# Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 2023-10-03)

http://104.248.81.48
http://167.71.197.217
http://167.99.180.17
http://174.138.15.211
http://206.189.128.12
http://64.226.104.11
http://64.227.134.130
168.100.8.204:443
boskajean.com
gazeraftop.com
joekairbos.com
trizdriama.com
trondisaup.com
zikrammo.tech

# Reference: https://www.virustotal.com/gui/ip-address/185.73.124.154/relations
# Reference: https://www.virustotal.com/gui/ip-address/80.78.24.30/relations
# Reference: https://www.virustotal.com/gui/file/76a56c8d14604cc77de9d30ff8efb7b123a9ff793aac402774e8e55040087c99/detection

scismmw.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 2023-10-11)

http://139.59.15.110
http://172.86.75.130
http://185.235.137.45
http://195.54.160.114
http://23.164.240.130
http://91.149.203.143
45.61.137.158:443

# Reference: https://app.any.run/tasks/e317f71f-e746-4f48-85de-564d86cb2d23/

modalefastnow.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 2023-10-13)

http://151.236.30.167
http://5.255.98.45
192.153.57.141:443

# Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_16.10.2023.txt

http://193.168.141.169
http://198.98.61.173
http://89.147.111.46
aptekoagraliy.com
drignyaffk.com
lazirusairnaf.com
seedkraproboy.com
aatiq.com/ee/
abhiyandainik.com/as/
abodeclime.com/eboe/
aceresidence.com.ng/tec/
advanceindia.in/lsn/
adysfrenchbulldogs.com/pnme/
agnisurakshas.com/daa/
agriformexico.com/squi/
airoutlaw.com/ur/
ajpglobalshopping.com/eix/
al7irak.com/cs/
alleplus.com/rmeu/
amanafunville.com/imao/
anishindiaexports.com/eqe/
anrtimes.com/iane/
appstopic.com/lmip/
aquila-services.bg/qtui/
arbitribe.com/mt/
asim3d.com/mi/
autumnagedcare.com.au/ivev/
axioworldwide.com/iiqo/
badgeglow.com/oumo/
bangladeshmulticarehospital.com/loa/
bankpinar.com/rie/
besevic.com.ng/nt/
bologna.epu.edu.iq/dn/
bombaycasuals.com/ot/
breederexports.com/od/
bridgingtherapists.com/sit/
candyads.pro/gta/
casababadenopal.com/aot/
casababadenopal.com/trod/
cetmar18.edu.mx/te/
ceylontextiles.lk/esn/
cienporcientopurosurf.cl/toi/
closebit.com/un/
cottoncrumbs.com/ivll/
creativekiwiz.co.nz/iosd/
currylounge.ca/rel/
custominteriorscanada.com/urpf/
dawnlineltd.com/ut/
diginetworks.online/eie/
dma24.com/prti/
donadesi.co/squn/
drsalustidmd.com/ut/
e-deshltd.com/ssi/
eaasee.com/mrtu/
eatzapizza.in/ra/
eazywebsolution.com/isq/
egyfarm-eg.com/aq/
ejlalacademy.com/qea/
epuit.net/eoi/
esteraviation.com/lcho/
expertendeavor.com/tdio/
expressioncomp.com/iasu/
factorychampionshiprings.com/oi/
feedax.net/nct/
flyhigroup.com/ainv/
frey2.com/eemo/
galaxyanet.com.br/ns/
gelsynergysolutions.com/errr/
getesolutions.com/niom/
getimmobilier.com/emi/
goldleaf-revenup.com/retr/
groupersgame.com/stii/
gyngojuice.com/si/
happymix-eg.com/mnti/
herebestpriceoftheday.com/en/
highlandofpeace.com/ehi/
housingphotography.com/iac/
idealdabsters.com/to/
idsaperu.com/mal/
ifgbiobio.cl/et/
igaaexportsltd.co.tz/essv/
igpastpapers.com/tu/
impeccableafricatour.com/coau/
ingoroyayezunyirimpuhweruhango.org/feii/
itr.works/uiet/
jamnavidyapeeth.com/voni/
jpbenterprise.com/ea/
kakee.pro/snq/
kbsacademy.info/dslo/
khanz.co.nz/rvm/
kntelecom.pro.br/mi/
lakerestaurant.co.za/mxt/
lider.fm/uer/
linkprotect.cudasvc.com/url
locatemee.com/sae/
lowcostbeer.com/elpu/
malabsatfal.com/ao/
medheightsltd.com/esu/
merret.cl/nip/
methodistchurchkenya.org/im/
mhideals.com/iqi/
mhpropertiesltd.com/ltr/
miami-breeze.com/et/
milanoboutique-gruppo.com/mlt/
miracle-manufacturing.com/se/
mixit-sound.com/rrm/
mochilaeasas.com/osr/
mudardevidaja.com.br/unnt/
ndskm.com/ieei/
nepalonlinepatrika.com.np/alvl/
noraxsolutions.com/sip/
nupectogo.com/mre/
ofc.ai/uui/
onlinequranforkids.com/eut/
oqily.com/abm/
palpa.ps/nme/
parafusacos.com.br/ue/
paramountfiresafety.com/neuc/
payware.online/hi/
photosuite.in/eutq/
pictopara.com/ua/
pizzajagvar.ir/oo/
plasteritelfe.com/etq/
plserviceandsolutions.com/iaq/
prnts.cc/uiqq/
propertystock.co.in/ie/
prottasabd.com/ild/
ptbolaaman.com/asi/
purevitamina.com/uume/
rahatbaytak.com/ee/
rexlubs.com/co/
rileyfalconsecurity.co.ke/os/
rocknetwork.org/pnm/
rotarycluboftema.org/itls/
salantrollc.com/nrie/
shajaratlemon.com/sre/
sheflight.com/us/
shopatbazar.com/nod/
shubhshadi.co.in/qmun/
sightvape.com/eosd/
smechannels.com/me/
somoyerdarpon.com/mea/
sorkarshop.com/la/
southdotuw.com/ut/
spacetechnasa.site/stet/
splusassociates.com/sla/
splusassociates.com/ut/
sqacommunitybd.org/nucr/
stay2book.com/rs/
stjohnacroc.org/iod/
studiocamposdesign.com/tq/
supervagas.online/sdmi/
svhhealthcare.com/teea/
tabishaftab.com/nit/
tcnboso.com/uem/
technoscience-egy.com/tlr/
teiacs.com.br/rddt/
tennislifemag.com/tets/
tfciltd.com/dpea/
the-platformlab.com/drol/
thebabysense.ca/nu/
thejojostores.com/iro/
thekeyboard.co.in/auqo/
travel2deals.com/muei/
triple-o.pt/qumt/
triton.mn/sa/
ttc.edu.sg/om/
unanimousgoatcloting.com/msuo/
uwoya.or.tz/qua/
vanshads.com/tuon/
viacosmeticos.com/ii/
videfi.org/rmon/
viewhome.com.vn/xa/
vijayawadasrajugariruchulu.com/uam/
vlandvn.com/eo/
vodalink.ca/cuv/
vukamz.com/qiti/
wero.com.co/ae/
woodxestofados.com.br/tdes/
xirconhomes.com.au/ninp/
xpertmedianews.com/uqiu/
zahra-nejati.ir/aeo/

# Reference: https://www.malware-traffic-analysis.net/2023/10/16/index.html

http://198.99.61.173
agriformexico.com/puae/
alpscoating.com/oarm/
axioworldwide.com/umu/
bombaycasuals.com/tmpr/
clautedomex.mx/iis/
flashnewsbensedira.com/el/
i9fqe.com/E/
infocuankerajaan.co/qu/
keramatfarm.net/tdei/
pakistan1.tv/sui/
ptbolaterbaik.com/ed/
talhaislam.com/saes/

# Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_19.10.2023.txt
# Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 2023-10-17)

http://128.140.120.227
http://134.122.36.32
http://193.168.141.167
http://193.42.36.243
http://23.88.37.159
http://64.227.174.149
http://88.99.82.67
http://91.235.234.249
188.94.232.111:443
3.90.105.242:443
51.38.135.67:443
54.84.166.239:443
mistulinno.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 2023-10-24)

http://103.214.68.39
http://107.189.5.112
http://138.197.162.131
http://143.244.137.221
http://165.22.212.20
http://168.100.11.109
http://172.86.75.90
http://193.109.120.249
http://193.149.187.189
http://193.168.141.39
http://193.168.141.50
http://213.139.205.123
http://45.61.137.97
http://5.182.27.71
http://83.243.122.151
http://83.243.122.82
http://87.251.67.169
http://91.242.163.237
http://91.242.163.238
178.208.87.21:443
194.61.53.185:8080
204.236.201.96:443
54.164.160.66:443
66.63.168.75:443
77.105.140.181:443

# Reference: https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2023-10-31-IOCs-for-IcedID-infection.txt

asleytomafa.com
brojizuza.com
grafielucho.com
manjuskploman.com
qousahaff.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 2023-11-03)

http://168.100.10.217
http://168.100.11.107
http://172.86.75.163
http://172.86.75.66
http://193.149.185.196
http://193.168.141.215
http://193.168.141.69
http://193.168.141.81
http://206.188.197.206
http://206.188.197.52
http://213.139.205.136
http://213.139.205.14
http://45.129.199.158
http://45.129.199.172
http://45.129.199.75
http://45.155.121.151
http://45.85.117.196
http://5.180.114.52
http://5.180.114.165
http://5.189.253.223
http://77.72.85.32
http://77.72.85.57
http://79.141.171.240
http://83.243.122.245
109.111.185.225:443
130.193.51.15:443
146.59.12.132:443
149.248.79.55:443
15.236.140.116:9000
161.35.174.5:443
172.86.75.10:443
178.208.87.112:443
185.140.231.8:2087
185.164.163.105:443
193.149.129.245:443
206.188.196.156:443
206.188.196.49:443
45.61.138.149:443
54.91.93.203:443
iosninjafisk.com

# Reference: https://threatfox.abuse.ch/ioc/1206407/

http://213.139.205.149

# Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_27.11.2023.txt

mazdakrichest.com
missisanjoup.shop
mraskopal.link
riverhasus.com

# Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_28.11.2023.txt

aprettopizza.world
nimeklroboti.info
peermangoz.me

# Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 2023-12-03)

http://138.197.137.42
http://168.100.10.244
http://168.100.10.60
http://168.100.11.156
http://168.100.11.29
http://168.100.8.83
http://168.100.9.55
http://185.174.135.12
http://193.149.129.202
http://193.149.129.86
http://193.168.141.119
http://193.42.36.174
http://194.5.249.103
http://206.166.251.52
http://213.139.205.167
http://45.129.199.169
http://45.129.199.250
http://5.180.114.88
http://64.227.147.152
139.99.149.74:443
167.71.4.44:443
178.208.87.96:443
3.89.127.205:443
35.212.196.32:443
39.104.57.145:443
5.146.45.129:443
52.205.82.255:443
aprilcharou.com
arsimonopa.com
lemonimonakio.com
prikhapert.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 2023-12-07)

http://159.253.120.84
http://159.89.160.41
http://193.168.141.241
http://193.233.202.4
http://45.155.121.137
http://5.180.114.171
http://5.180.114.190
http://5.230.74.102
http://91.229.239.230
http://91.235.234.74
14.99.115.211:443
167.99.180.17:443
193.149.187.189:443
51.21.137.60:8009
64.227.134.130:443
89.23.118.243:443
hourmoneearti.com
manorpolora.com
poseicocoff.com
qtargumanikar.com
tinjamipesto.com

# Reference: https://twitter.com/ShanHolo/status/1756696815611592879
# Reference: https://www.virustotal.com/gui/file/94b8ab735d503884585fdb5a735b3ea3485b6b19c1899939a5b2c0a80616400a/detection

http://45.140.146.156
45.140.146.156:443
fluraresto.me
mastralakkot.live

# Reference: https://www.virustotal.com/gui/file/0e96cf6166b7cc279f99d6977ab0f45e9f47e827b8a24d6665ac4c29e18b5ce0/detection

miistoria.com
plwskoret.top

# Reference: https://www.virustotal.com/gui/ip-address/45.147.228.138/relations

exactlywhatgro.top
hatecookin.top
hotelsazilo.store
inaandbeca.top
istantaskedifi.top
mentalprof.top
mostalway.top
whatgroceries.top
xanderu5.pw
zudditptrobl.store

# Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 2024-03-24)

115.243.250.34:443
172.233.33.155:443
18.232.250.39:443
185.123.53.231:443
185.164.163.66:443
213.109.192.46:443
37.120.247.104:443
46.105.141.60:443
5.189.253.164:443
5.230.44.226:443
5.231.0.34:443
5.252.178.5:443
5.255.119.56:443
52.87.175.64:443
54.173.139.166:443
54.242.225.0:443
94.232.45.52:443
lovuterry.best
merknegrok.me
microbanafler.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.icedid/ (# 2024-04-03)

103.180.186.144:443
3.92.185.192:443
47.120.14.97:443
54.226.31.121:443

# Reference: https://twitter.com/banthisguy9349/status/1780989839615156472

104.129.20.14:443
124.71.37.149:443
176.124.32.107:443
183.238.22.22:443
185.123.53.250:443
193.168.143.179:443
193.168.143.182:443
193.168.143.185:443
194.87.39.98:443
45.129.199.161:443
45.129.199.228:443
45.129.199.86:443
5.230.76.134:443
66.63.189.105:443
66.63.189.8:443
77.72.85.78:443
91.149.253.77:443
94.232.45.58:443

# Reference: https://thedfirreport.com/2024/06/10/icedid-brings-screenconnect-and-csharp-streamer-to-alphv-ransomware-deployment/

217.23.12.8:22

# Reference: https://app.validin.com/detail?find=46.173.218.226&type=ip4&ref_id=ea8c5332a62#tab=resolutions

cerokant.top
evropex.top
fidelema.top

# Reference: https://www.virustotal.com/gui/ip-address/89.44.9.186/relations
# Reference: https://www.virustotal.com/gui/file/d748a00416baf3e4e5bf0a4e8312cd9c88872a6ab594628d7ff6d206e6705322/detection

ciliabba.cyou
davidouno.cyou
siesetera.club
trehilary.cyou
ubbifeder.cyou

# Reference: https://app.validin.com/detail?find=165.232.111.116&type=ip4&ref_id=7a248297948#tab=resolutions
# Reference: https://app.validin.com/detail?find=79.141.170.143&type=ip4&ref_id=92563ebf0cc#tab=resolutions

348banker.club
3desaxuio.cyou
badnew.cyou
bnikowerhu.top
bugagazha.top
derefkilo.cyou
eurpartner.cyou
feeedtheducks.cyou
ferrarati.top
fioklojigga.cyou
forfjaguar.cyou
hekneriopo.club
heliverto44.club
iceldeimount.cyou
indivysoty78.best
indochutry.xyz
kerlingmaster.best
koly4star.cyou
otzhaterrit.top
peugenault.club
push33kina.cyou
terriblehalf.cyou
tibelikferr.top
twqotoone.best
vaserwessel.cyou
vzy7ty.cyou
wertigotrel.xyz

# Generic

/034g100/index.php
/034g100/main.php
/034g100/stis.php
/222g100/index.php
/222g100/main.php
/222g100/stis.php
/333g100/index.php
/333g100/main.php
/333g100/stis.php
/034g100/
/222g100/
/333g100/
