# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: dataleak1 ransomware

# Reference: https://twitter.com/makflwana/status/1305130765219295234
# Reference: https://app.any.run/tasks/4a697768-6cb3-4df2-81a2-b38ea5dfc911/
# Reference: https://github.com/thetanz/ransomwatch/blob/main/docs/INDEX.md

kwvhrdibgmmpkhkidrby4mccwqpds5za6uo2thcw5gz75qncv7rbhyad.onion
qd7pcafncosqfqu3ha6fcx4h6sr7tzwagzpcdcnytiw3b6varaeqv5yd.onion

# Reference: https://twitter.com/r3dbU7z/status/1496175099086610438

http://85.217.170.156

# Reference: https://www.cisa.gov/uscert/ncas/alerts/aa22-181a
# Reference: https://otx.alienvault.com/pulse/62be9ffa5e5d44f2d9d4e816

gvlay6u4g53rxdi5.onion
gvlay6y4g53rxdi5.onion
medusacegu2ufmc3kx2kkqicrlcxdettsjcenhjena6uannk5f4ffuyd.onion

# Reference: https://twitter.com/1ZRR4H/status/1580363613784526848
# Reference: https://www.virustotal.com/gui/domain/decorous.cyou/detection

decorous.cyou

# Reference: https://twitter.com/D4RKR4BB1T47/status/1629209284037734400

188.241.39.161:8088

# Reference: https://unit42.paloaltonetworks.com/medusa-ransomware-escalation-new-leak-site/
# Reference: https://otx.alienvault.com/pulse/65a07afb559173d01a6eb537

medusaxko7jxtrojdkxo66j7ck4q5tgktf7uqsqyfry4ebnxlcbkccyd.onion

# Reference: https://twitter.com/AlvieriD/status/1765919058539561177

xfv4jzckytb4g3ckwemcny3ihv4i5p4lqzdpi624cxisu35my5fwi5qd.onion

# Reference: https://x.com/RakeshKrish12/status/1798614581419594234

45.9.148.39:8001
kyfiw76eol6ph2mq7pi5e5tdvce37bicddhai62qhdc5ja6jdchz4qqd.onion
s7lmmhlt3iwnwirxvgjidl6omcblvw2rg75txjfduy73kx5brlmiulad.onion

# Reference: https://app.any.run/tasks/0431cc32-7ebe-498a-abd9-c3c71d0e1ce7

cx5u7zxbvrfyoj6ughw76oa264ucuuizmmzypwum6ear7pct4yc723qd.onion

# Reference: https://www.thedfirspot.com/general-8-1

osintcorp.net
62foekhv5humjrfwjdyd2dgextpbf5i7obguhwvfoghmu3nxpkmxlcid.onion
medusakxxtp3uo7vusntvubnytaph4d3amxivbggl3hnhpk2nmus34yd.onion

# Reference: https://x.com/PaduckLee/status/1934534344548479117
# Reference: https://www.virustotal.com/gui/file/933301e5ddbe543925b853bcd1b7816da58be200e9ce31fe79a081de40c95434/detection (# dataleak1 ransomware)

b6jbei3bljrqsqwo7hlpnanv3pc6ejfs4appy4fz3ubt4ar3dm5irpid.onion

# Reference: https://x.com/fbgwls245/status/1955867948712911125
# Reference: https://www.virustotal.com/gui/ip-address/82.165.229.83/relations
# Reference: https://www.virustotal.com/gui/file/275af9acc867f8a10734247c82fbbfb0c596a4877b44da6456d2d3439613d3c0/detection

amniyat.xyz
salamati.vip
mail.amniyat.xyz
mail.salamati.vip
