# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: magnigate

# Reference: https://www.vkremez.com/2017/12/lets-learn-studying-magniber-ransomware.html

piruns.racing
sawchip.life
oneking.space
r6zhyjiytkramynl.onion

# Reference: https://twitter.com/hatching_io/status/1407366503930941441
# Reference: https://tria.ge/210622-5npfzh2c5e
# Reference: https://tria.ge/210622-vq5yh8k95e
# Reference: https://tria.ge/210622-aezm899mqs
# Reference: https://tria.ge/210622-492tma6vxj

bejoin.space
bestep.cyou
dayhit.xyz
lieedge.casa
lognear.xyz
ownhits.space
plughas.casa
wonride.site
5s4ixqul2enwxrqv.onion
ndkeblzjnpqgpo5o.onion
0ce07ed8d4c45800ssdxwead.ndkeblzjnpqgpo5o.onion
0ce07ed8d4c45800ssdxwead.lieedge.casa
0ce07ed8d4c45800ssdxwead.wonride.site
0ce07ed8d4c45800ssdxwead.lognear.xyz
0ce07ed8d4c45800ssdxwead.bejoin.space
20fcec4066784a708aovlamrdt.dayhit.xyz
20fcec4066784a708aovlamrdt.bestep.cyou
20fcec4066784a708aovlamrdt.ownhits.space
20fcec4066784a708aovlamrdt.plughas.casa
20fcec4066784a708aovlamrdt.5s4ixqul2enwxrqv.onion
9c741e708ed008e0cqsydkxb.ndkeblzjnpqgpo5o.onion
9c741e708ed008e0cqsydkxb.bejoin.space
9c741e708ed008e0cqsydkxb.lognear.xyz
9c741e708ed008e0cqsydkxb.lieedge.casa
9c741e708ed008e0cqsydkxb.wonride.site
f014ace070784a70eedezwvaw.ndkeblzjnpqgpo5o.onion
f014ace070784a70eedezwvaw.lognear.xyz
f014ace070784a70eedezwvaw.wonride.site
f014ace070784a70eedezwvaw.lieedge.casa
f014ace070784a70eedezwvaw.bejoin.space

# Reference: https://www.virustotal.com/gui/file/52ee17f3c365066c1292092999bbabc6b49e7c16a68af634206ce093afabc719/detection
# Reference: https://www.joesandbox.com/analysis/914418#iocs

windows-store.online

# Reference: https://www.joesandbox.com/analysis/914419#iocs

fishlay.uno

# Reference: https://twitter.com/MBThreatIntel/status/1582155075686109185
# Reference: https://www.virustotal.com/gui/ip-address/74.119.194.124/relations
# Reference: https://www.virustotal.com/gui/file/34d401d1241975a1b7d76be390f126fad67d1f6b6fbb2cf4ca09af1f69529bd0/detection

anadded.fit
asksbet.space
barpass.uno
bemile.uno
betsdie.uno
buryleg.uno
carput.casa
daysis.quest
deathus.uno
doenjoy.space
dooris.casa
dutymy.cam
fateyet.space
gapmark.space
goscale.uno
hevital.fun
hidcuts.space
hispay.quest
hostson.casa
hugevan.space
itjust.uno
leafmen.uno
logcure.casa
mayloan.space
mebet.casa
mucha.quest
newmany.uno
ofplays.space
orplug.uno
outsuch.space
pidrop.space
rawmay.fit
relyhas.uno
seemran.quest
sonplug.quest
sorryam.cam
teatry.fit
toadded.quest
tokenit.casa
tolddie.space
treatas.quest
usfails.sbs
wideyou.quest
wildas.space
wondraw.uno
yousake.space

# Reference: https://www.virustotal.com/gui/ip-address/138.124.184.209/relations

aidlot.email
aslip.email
bigcums.email
centany.email
firstam.email
granton.email
hardor.email
seeinch.email
sopush.email
stopits.email
yetby.email

# Reference: https://twitter.com/MBThreatIntel/status/1582403823825727488
# Reference: https://www.virustotal.com/gui/ip-address/95.111.212.179/relations

fourill.email
kindaim.email
kindtop.email
looksno.email
runeast.email
wasloan.email

# Reference: https://www.virustotal.com/gui/ip-address/95.111.215.169/relations

doeflag.email
dryhere.email
icesee.email
inyears.email
knewran.email
quoteme.email

# Reference: https://www.virustotal.com/gui/ip-address/104.156.253.46/relations

addrare.space
andtime.quest
anyputs.uno
avoidam.monster
bothhes.fit
boxyet.space
bugsat.uno
bykeeps.casa
bypint.uno
corehes.uno
cycleis.space
deepson.uno
dorest.website
drawsbe.space
eyeswhy.quest
fewease.uno
fineher.monster
fitpull.quest
fixhere.cam
fixpoem.casa
flagcan.quest
forunit.quest
getloan.uno
getshit.quest
halffed.quest
isfate.space
justsun.space
justtea.space
leafre.fun
letgoes.uno
lieharm.fit
mapdays.uno
nonekey.uno
noroil.quest
pagescs.quest
passeda.space
paystep.quest
penover.quest
runsuch.cam
satbug.uno
truepen.casa
unitsby.quest
whatfun.casa
yearcut.quest

# Reference: https://twitter.com/MBThreatIntel/status/1582803005703098369
# Reference: https://www.virustotal.com/gui/ip-address/209.94.57.131/relations

airking.email
badif.email
bigheat.email
drydue.email
frysan.email
ifmark.email
intoto.email
needhas.email
saton.email
wallfan.email

# Reference: https://www.virustotal.com/gui/ip-address/94.237.79.225/relations

actsus.email
asyours.email
betand.email
decides.email
inhello.email
keysher.email
oldgive.email
orfeel.email
proofno.email
rainbet.email
roomfun.email

# Reference: https://www.virustotal.com/gui/ip-address/209.50.54.25/relations

afterby.quest
anban.space
artkey.quest
askwear.uno
busbe.fun
buyvia.space
diebids.quest
diemean.casa
dumpsay.website
feltadd.space
flysbox.fit
flysgas.quest
hadtoo.uno
havecs.quest
hesdays.quest
hesjoin.quest
hidate.cam
histhe.monster
howvery.quest
ideaoff.space
isbig.quest
itdog.fit
laymess.space
lostrid.casa
lotsill.quest
lowform.quest
manpart.space
mansdry.space
mepipe.uno
mylines.casa
ohcover.website
pageyes.quest
paidnet.space
peradds.quest
picksif.uno
popbig.uno
ratejoy.fit
riverhe.space
rollbid.uno
rowwear.space
sitlost.quest
stepit.space
texttry.uno
wasdog.space
westof.quest

# Reference: https://twitter.com/MBThreatIntel/status/1586060670738763781
# Reference: https://www.virustotal.com/gui/ip-address/209.94.59.22/relations

agesus.cam
amnone.fit
ampen.quest
armysat.space
askweek.quest
asqueue.quest
badlyif.casa
bookfry.uno
boxuse.quest
bylaws.website
eatbe.uno
feartwo.fun
feetled.uno
fightgo.uno
fitwons.space
flagdo.cam
flatsex.quest
gasship.quest
hersite.casa
hesago.space
holdone.quest
inwore.casa
jumpscs.quest
killnet.quest
lothas.monster
markany.space
markgas.uno
metwide.quest
needdry.quest
notdate.fit
oncetry.fit
plotold.monster
plotsup.uno
salesas.fit
sheroom.space
soonsee.space
thatice.cam
tieface.quest
toking.uno
usdirty.space
walluse.space
wejob.uno
yetmen.website

# Reference: https://twitter.com/MBThreatIntel/status/1586060670738763781
# Reference: https://www.virustotal.com/gui/ip-address/67.219.101.130/relations

ageoff.email
amchaos.email
applywe.email
crynor.email
faceour.email
flathot.email
giveage.email
hangsun.email
hatlog.email
hatrace.email
joykeep.email
lawsput.email

# Reference: https://twitter.com/MBThreatIntel/status/1589404373826023424
# Reference: https://www.virustotal.com/gui/ip-address/167.179.73.222/relations

amparty.site
athim.site
barart.uno
carpath.site
charpop.cam
fewflew.uno
flymile.uno
flyserr.uno
frysake.email
gladday.email
gonefor.sbs
grownon.email
guyour.top
hidlost.monster
himslip.club
hintsam.email
hintsan.cam
hisits.club
jobnew.email
lowtill.top
matchdo.email
mendeep.email
mindoil.site
modhate.email
niceor.email
shuttoo.email
worstno.email

# Reference: https://twitter.com/MBThreatIntel/status/1589404373826023424
# Reference: https://www.virustotal.com/gui/ip-address/95.111.197.53/relations

airhave.uno
badtwo.quest
bedtrap.quest
duemad.fit
easttie.space
easyby.uno
everlet.uno
fandead.uno
fullhes.quest
heathes.space
heevent.casa
hopescs.website
lackto.uno
losebar.space
mailget.fun
mettrip.uno
noissue.quest
norlazy.casa
oddstoo.uno
owestea.space
passsix.fit
retax.quest
rideoil.uno
ridfirm.quest
ridshot.cam
riseput.quest
sayband.uno
saysure.quest
soeats.space
theputt.space
tinwhy.quest
titlean.fun
toldgas.website
tripgap.cam
updata.casa
updates.monster
vansvia.monster
vitalif.quest
wehours.uno
whereas.uno

# Reference: https://www.virustotal.com/gui/ip-address/95.111.197.146/relations

alsotin.casa
ammarks.quest
dayfilm.quest
eatsnow.quest
endlegs.uno
frytend.uno
hatekey.space
itsmad.uno

# Reference: https://tria.ge/231201-mfeheahb31

dearbet.sbs
hateme.uno
legcore.space
oddson.quest
9cc862b0fe84e050d2gihmepi.7hibj3fp6jlp52q2m4lv6thx2lr34itaayiydby2axofaql54dung3ad.onion
9cc862b0fe84e050d2gihmepi.hateme.uno
9cc862b0fe84e050d2gihmepi.oddson.quest
9cc862b0fe84e050d2gihmepi.dearbet.sbs
9cc862b0fe84e050d2gihmepi.legcore.space
/gihmepi

# Generic

/dezwvaw
/ovlamrdt
/qsydkxb
/ssdxwead
