# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: raccoon, pycoon, mohazo, legion, racealer, recordbreaker, xocreator, modernloader

# Reference: https://twitter.com/ViriBack/status/1120072762305990663
# Reference: https://twitter.com/James_inthe_box/status/1119282322895855618

http://176.223.143.5
http://80.88.90.110
raccoon-gate.site
raccoon-storage.site

# Reference: https://twitter.com/x42x5a/status/1124062134378409992

http://94.177.213.34

# Reference: https://twitter.com/James_inthe_box/status/1151583038087655424

http://35.246.139.134

# Reference: https://twitter.com/nao_sec/status/1175779553211379720

http://34.90.238.61

# Reference: https://twitter.com/P3pperP0tts/status/1176118878553956354

http://35.228.240.181

# Reference: https://app.any.run/tasks/80750e99-21d6-4fd4-b245-0312fa3908ab/

http://35.228.79.212

# Reference: https://www.cybereason.com/blog/hunting-raccoon-stealer-the-new-masked-bandit-on-the-block
# Reference: https://www.cybereason.com/hubfs/Indicators%20of%20Compromise/Raccoon%20-%20Indicators%20of%20Compromise.pdf
# Reference: https://otx.alienvault.com/pulse/5db2e20e8d6c8e510174fa05

adsymbol.com
advertserv25.world
advexmail2d.world
aegohaohuoruitiiee.top
aegohaohuoruitiiek.su
aegohaohuoruitiiel.cc
aegohaohuoruitiieo.io
aegohaohuoruitiiep.co
aeifaeifhutuhuhuse.top
aeifaeifhutuhuhusk.su
aeifaeifhutuhuhusl.cc
aeifaeifhutuhuhuso.io
aeifaeifhutuhuhusp.co
aeoughaoheguaoehde.top
aeoughaoheguaoehdk.su
aeoughaoheguaoehdl.cc
aeoughaoheguaoehdo.io
aeoughaoheguaoehdp.co
aeufuaehfiuehfuhfe.top
aeufuaehfiuehfuhfk.su
aeufuaehfiuehfuhfl.cc
aeufuaehfiuehfuhfo.io
aeufuaehfiuehfuhfp.co
afaeigaifgsgrhhafe.top
afaeigaifgsgrhhafk.su
afaeigaifgsgrhhafl.cc
afaeigaifgsgrhhafo.io
afaeigaifgsgrhhafp.co
afaigaeigieufuifie.top
afaigaeigieufuifik.su
afaigaeigieufuifil.cc
afaigaeigieufuifio.io
afaigaeigieufuifip.co
avgcommunity.info
beahero4u.com
befaheaiudeuhughge.top
befaheaiudeuhughgk.su
befaheaiudeuhughgl.cc
befaheaiudeuhughgo.io
befaheaiudeuhughgp.co
bfagzzezgaegzgfaie.top
bfagzzezgaegzgfaik.su
bfagzzezgaegzgfail.cc
bfagzzezgaegzgfaio.io
bfagzzezgaegzgfaip.co
bitcoinwinery.com
daedagheauehfuuhfe.top
daedagheauehfuuhfk.su
daedagheauehfuuhfl.cc
daedagheauehfuuhfo.io
daedagheauehfuuhfp.co
dualup.top
eaeuafhuaegfugeude.top
eaeuafhuaegfugeudk.su
eaeuafhuaegfugeudl.cc
eaeuafhuaegfugeudo.io
eaeuafhuaegfugeudp.co
eguaheoghouughahse.top
eguaheoghouughahsk.su
eguaheoghouughahsl.cc
eguaheoghouughahso.io
eguaheoghouughahsp.co
fingers1.ddns.net
firstbankhome.com
fusaazor6.icu
gaghpaheiafhjefije.top
gaghpaheiafhjefijk.su
gaghpaheiafhjefijl.cc
gaghpaheiafhjefijo.io
gaghpaheiafhjefijp.co
gaoehuoaoefhuhfuge.top
gaoehuoaoefhuhfugk.su
gaoehuoaoefhuhfugl.cc
gaoehuoaoefhuhfugo.io
gaoehuoaoefhuhfugp.co
gaoheeuofhefefhute.top
gaoheeuofhefefhutk.su
gaoheeuofhefefhutl.cc
gaoheeuofhefefhuto.io
gaoheeuofhefefhutp.co
gaohrhurhuhruhfsde.top
gaohrhurhuhruhfsdk.su
gaohrhurhuhruhfsdl.cc
gaohrhurhuhruhfsdo.io
gaohrhurhuhruhfsdp.co
gaouehaehfoaeajrse.top
gaouehaehfoaeajrsk.su
gaouehaehfoaeajrsl.cc
gaouehaehfoaeajrso.io
gaouehaehfoaeajrsp.co
geauhouefheuutiiie.top
geauhouefheuutiiik.su
geauhouefheuutiiil.cc
geauhouefheuutiiio.io
geauhouefheuutiiip.co
getmycash4u.com
ggcleaner.space
huaeokaefoaeguaehe.top
huaeokaefoaeguaehk.su
huaeokaefoaeguaehl.cc
huaeokaefoaeguaeho.io
huaeokaefoaeguaehp.co
lookmodeusa.com
luckymonkey.net.in
mailserv85m.world
mybetterdl.com
nothinginterestinghere.com
paarlprecision.com
rubthemoneybear.xyz
rzhsudhugugfugugse.top
rzhsudhugugfugugsk.su
rzhsudhugugfugugsl.cc
rzhsudhugugfugugso.io
rzhsudhugugfugugsp.co
thaus.top
urusurofhsorhfuuhk.su
urusurofhsorhfuuhl.cc
urusurofhsorhfuuho.io
urusurofhsorhfuuhp.co
usd.odysseus-nua.com

# Reference: https://twitter.com/killamjr/status/1192788604508131333

http://34.77.135.60

# Reference: https://app.any.run/tasks/bc644345-46a2-4c9f-b9d3-edc050aa462f/

http://34.89.185.248

# Reference: https://twitter.com/James_inthe_box/status/1199338236633481216

http://34.76.145.229

# Reference: https://twitter.com/0xCARNAGE/status/1199700157127892992

http://34.77.197.252

# Reference: https://twitter.com/tkanalyst/status/1204442400023646208

http://35.246.108.168

# Reference: https://twitter.com/nao_sec/status/1213283648969093120

http://35.228.121.96

# Reference: https://twitter.com/killamjr/status/1217636352155500544

http://35.228.239.183

# Reference: https://app.any.run/tasks/5b92871e-75f6-40db-bd79-0419866304c6/

http://35.246.8.131

# Reference: https://www.virustotal.com/gui/file/696985a0b8af5dc318af712c410410c86df46eac80aa15b65e1b9d7a6801b0d6/detection

http://35.228.183.206

# Reference: https://twitter.com/benkow_/status/1222539585542066176

35.228.215.155:80
api-update1.biz
legions17.biz
oberonapps.org

# Reference: https://twitter.com/James_inthe_box/status/1223006972674314240

34.65.176.45:80

# Reference: https://www.virustotal.com/gui/ip-address/34.76.55.103/relations

34.76.55.103:80

# Reference: https://twitter.com/FaLconIntel/status/1230488503290449920

104.155.44.42:80

# Reference: https://app.any.run/tasks/f7171b62-b0f1-4c2e-afe6-58e99bd8c509/

35.228.57.136:80

# Reference: https://app.any.run/tasks/d8073674-fd7e-4401-93f8-e5fbe6d4b314/

corp1.site
http://35.205.213.237

# Reference: https://app.any.run/tasks/b988bd16-422e-42f6-9902-6b6699f85906/

http://35.228.28.245

# Reference: https://www.virustotal.com/gui/file/1d8412b53630ad72db53a579352a7aecf818f0bf52647eea6633ac9c67506e1d/detection

http://34.76.15.247

# Reference: https://app.any.run/tasks/6b6e39bd-902a-4bfa-91fb-585fdd3ff99e/

http://35.228.60.178

# Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/raccoon-stealers-abuse-of-google-cloud-services-and-multiple-delivery-techniques/
# Reference: https://otx.alienvault.com/pulse/5e8607ef75f928497d0780e4

http://34.77.125.60
http://35.228.215.155

# Reference: https://twitter.com/James_inthe_box/status/1248964446505947136
# Reference: https://app.any.run/tasks/4cc95d8b-f2c7-457d-97d2-991d0115c1b4/

http://34.89.159.33

# Reference: https://twitter.com/nao_sec/status/1253902651172851712
# Reference: https://app.any.run/tasks/6fd01600-9f05-457a-8225-3cb55099c4a6/

http://34.65.18.19

# Reference: https://twitter.com/3xp0rtblog/status/1250415892451569666
# Reference: https://app.any.run/tasks/2df933f8-2c84-4e80-b15b-ae8a9940ab97/

http://35.240.36.208

# Reference: https://app.any.run/tasks/077dcfe0-ac26-4890-8ca5-9204f7195eed/

http://35.228.86.146

# Reference: https://www.virustotal.com/gui/file/07cc49bd763e65ed456c5f2103c3cdd6d265d13013066a92394c1dc2d29d23cf/detection
# Reference: https://www.virustotal.com/gui/ip-address/193.110.3.190/relations

10022020newfolder1002002231-service1002.space
10022020newfolder33417-01242510022020.space

# Reference: https://app.any.run/tasks/51a2865e-01f4-4bec-8e9a-a23dddf27f00/

http://34.89.178.133

# Reference: https://app.any.run/tasks/54da143a-b666-4001-be17-84aed6283be6/

http://34.107.22.206

# Reference: https://twitter.com/yusaerguven/status/1270670436406308864

private-virtual.online

# Reference: https://app.any.run/tasks/450fda6e-0c7c-4f88-9857-0f1d8ebc14fa/

http://35.226.139.169

# Reference: https://twitter.com/iamwinstonm/status/1279529808188366848
# Reference: https://www.virustotal.com/gui/file/393ad8b8dd5fb5359b1057eae2394cac9cfd12bab98115a4056e5954c5c70aa2/detection

http://35.198.88.195
cloud-server-updater1.co.za
microsoft-cloud1.co.za

# Reference: https://twitter.com/iamwinstonm/status/1282295968512311297

http://35.242.170.60

# Reference: https://www.virustotal.com/gui/file/fb5ce30c1aeed408a453f1df09843e223b77e2b19885a7365f8b2b8e4dafc77b/detection
# Reference: https://www.virustotal.com/gui/file/106558ec5566588454181097777bb38aa0f173a6f5312fad139be1ac547d7fc3/detection

http://34.65.10.107

# Reference: https://twitter.com/nao_sec/status/1287755458153869312

http://35.228.248.188

# Reference: https://www.virustotal.com/gui/file/a36dbfc2856e660e0d9dfbe78e1973ec8fee31ffd2762b062b61a9fe93c67edc/detection

marashmara.info

# Reference: https://www.virustotal.com/gui/domain//relations

megagemes.info

# Reference: https://app.any.run/tasks/8f9931d5-7b31-4032-89cd-634985450354/

http://35.228.58.123

# Reference: https://github.com/pan-unit42/tweets/blob/master/2020-09-01-raccoon-stealer-IOCs.txt

http://34.89.241.53

# Reference: https://twitter.com/theDark3d/status/1303091496816697345
# Reference: https://app.any.run/tasks/f0aefc25-feb9-45f9-ae97-6d51cd3bb87e/

chinadevmonster.top

# Reference: https://blog.malwarebytes.com/social-engineering/2020/09/malvertising-campaigns-come-back-in-full-swing/
# Reference: https://otx.alienvault.com/pulse/5f59270f9f09e5c82665a7b3

http://34.105.147.92

# Reference: https://twitter.com/ViriBack/status/1303829357551669248
# Reference: https://twitter.com/DrStache_/status/1303974362660429824
# Reference: https://app.any.run/tasks/781f94db-7374-46cc-b030-be0335064853/

btncc.com.br
eto-ne-stealer.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1314113271864139778
# Reference: https://www.virustotal.com/gui/file/e126b73a5cde8febdab5ce300346a98af6487b3bb95d548950f2ea7ea6c9dbba/detection

rsttrs.site

# Reference: https://www.virustotal.com/gui/file/724ce0d8ca978f9bb9004c2252fb51b44f96c87721d68582ec67268cbd8f13a5/detection
# Reference: https://www.virustotal.com/gui/file/927f8cc27c5cfbb255cf599760ba6c55fe93797289d024086fac767ade678e0c/detection

http://195.54.167.51
j3cytza2m2.pw
on-offtrack.biz

# Reference: https://www.proofpoint.com/us/blog/threat-insight/malware-masquerades-privacy-tool
# Reference: https://tria.ge/210615-9ncxxbrjg2
# Reference: https://otx.alienvault.com/pulse/60df0c7c5e03d145c6a38652
# Reference: https://www.virustotal.com/gui/file/aee8a95953aeef3346036ad7c6ef4ed810d7d7b3300c00de31c4d032313519b4/detection
# Reference: https://www.virustotal.com/gui/file/ed1674efc8259df33767cd32fb7853e9bc957a43cddd8364e6553a0e7846b422/detection
# Reference: https://www.virustotal.com/gui/file/25681de7e02857c21c6d3ffed80354333751a7fc7c3a07b8ae7be45c93307ab2/detection

10022020besttest971-service1002012510022020.ru
10022020clubtest561-service1002012510022020.ru
10022020est213531-service100201242510022020.ru
10022020infotest341-service1002012510022020.ru
10022020kupitest451-service1002012510022020.ru
10022020megatest251-service1002012510022020.ru
10022020mytest151-service100201242510022020.ru
10022020newfolder1002-01252510022020.ml
10022020newfolder1002-01262510022020.ga
10022020newfolder1002-01272510022020.cf
10022020newfolder1002-01282510022020.gq
10022020newfolder1002-01292510022020.com
10022020newfolder1002-0130251002202035.site
10022020newfolder1002-0131251002202035.site
10022020newfolder1002-0132251002202035.site
10022020newfolder1002-0133251002202035.site
10022020newfolder1002-0134251002202035.site
10022020newfolder1002-0135251002202035.site
10022020newfolder1002-0136251002202035.site
10022020newfolder1002-0137251002202035.site
10022020newfolder1002-0138251002202035.site
10022020newfolder1002-0139251002202035.site
10022020newfolder1002-0140251002202035.site
10022020newfolder1002-0141251002202035.site
10022020newfolder1002-0142251002202035.site
10022020newfolder1002-0143251002202035.site
10022020newfolder1002-0144251002202035.site
10022020newfolder1002-0145251002202035.site
10022020newfolder1002-0146251002202035.site
10022020newfolder1002-0147251002202035.site
10022020newfolder1002-0148251002202035.site
10022020newfolder1002-0149251002202035.site
10022020newfolder1002-0150251002202035.site
10022020newfolder1002-0151251002202035.site
10022020newfolder1002-0152251002202035.site
10022020newfolder1002-0153251002202035.site
10022020newfolder1002-service100201blog2510022020.ru
10022020newfolder1002-service100201life2510022020.ru
10022020newfolder1002-service100201shop2510022020.ru
10022020newfolder1002002131-service1002.space
10022020newfolder1002002231-service1002.space
10022020newfolder1002002431-service1002.space
10022020newfolder1002002531-service1002.space
10022020newfolder100221-service1022020.ru
10022020newfolder100231-service1022020.ru
10022020newfolder100241-service1002010022020.ru
10022020newfolder100251-service2510022020.ru
10022020newfolder241-service1002012510022020.ru
10022020newfolder3100231-service1002.space
10022020newfolder33417-01242510022020.space
10022020newfolder351-service1002012510022020.ru
10022020newfolder4561-service1002012510022020.ru
10022020newfolder471-service1002012510022020.ru
10022020newfolder481-service1002012510022020.ru
10022020newfoldert161-service100201242510022020.ru
10022020oopoest361-service1002012510022020.ru
10022020proftest981-service1002012510022020.ru
10022020rest21-service1002012510022020.eu
10022020rustest213-service1002012510022020.ru
10022020shoptest871-service1002012510022020.ru
10022020test11-service1002012510022020.press
10022020test125831-service1002012510022020.space
10022020test12671-service1002012510022020.online
10022020test13461-service1002012510022020.net
10022020test134831-service1002012510022020.space
10022020test13561-service1002012510022020.su
10022020test136831-service1002012510022020.space
10022020test146831-service1002012510022020.space
10022020test14781-service1002012510022020.info
10022020test147831-service1002012510022020.space
10022020test15671-service1002012510022020.tech
10022020test231-service1002012510022020.fun
10022020test261-service1002012510022020.space
10022020test281-service1002012510022020.ru
10022020test391-service1002012510022020.ru
10022020test41-service100201pro2510022020.ru
10022020test461-service1002012510022020.host
10022020test481-service1002012510022020.ru
10022020test51-service1002012510022020.xyz
10022020test571-service1002012510022020.pro
10022020test61-service1002012510022020.website
10022020tostest371-service1002012510022020.ru
10022020uest71-service100201dom2510022020.ru
10022020utest1341-service1002012510022020.ru
10022020yes1t3481-service1002012510022020.ru
10022020yest31-service100201rus2510022020.ru
10022020yirtest231-service1002012510022020.ru
10022020yomtest251-service1002012510022020.ru
999080321besttest971-service10020125999080321.ru
999080321clubtest561-service10020125999080321.ru
999080321est213531-service1002012425999080321.ru
999080321infotest341-service10020125999080321.ru
999080321kupitest451-service10020125999080321.ru
999080321megatest251-service10020125999080321.ru
999080321mytest151-service1002012425999080321.ru
999080321newfolder1002-012525999080321.ml
999080321newfolder1002-012625999080321.ga
999080321newfolder1002-012725999080321.cf
999080321newfolder1002-012825999080321.gq
999080321newfolder1002-012925999080321.com
999080321newfolder1002-01302599908032135.site
999080321newfolder1002-01312599908032135.site
999080321newfolder1002-01322599908032135.site
999080321newfolder1002-01332599908032135.site
999080321newfolder1002-01342599908032135.site
999080321newfolder1002-01352599908032135.site
999080321newfolder1002-01362599908032135.site
999080321newfolder1002-01372599908032135.site
999080321newfolder1002-01382599908032135.site
999080321newfolder1002-01392599908032135.site
999080321newfolder1002-01402599908032135.site
999080321newfolder1002-01412599908032135.site
999080321newfolder1002-01422599908032135.site
999080321newfolder1002-01432599908032135.site
999080321newfolder1002-01442599908032135.site
999080321newfolder1002-01452599908032135.site
999080321newfolder1002-01462599908032135.site
999080321newfolder1002-01472599908032135.site
999080321newfolder1002-01482599908032135.site
999080321newfolder1002-01492599908032135.site
999080321newfolder1002-01502599908032135.site
999080321newfolder1002-01512599908032135.site
999080321newfolder1002-01522599908032135.site
999080321newfolder1002-01532599908032135.site
999080321newfolder1002-01542599908032135.site
999080321newfolder1002-01552599908032135.site
999080321newfolder1002-service100201blog25999080321.ru
999080321newfolder1002-service100201life25999080321.ru
999080321newfolder1002-service100201shop25999080321.ru
999080321newfolder1002002131-service1002.space
999080321newfolder1002002231-service1002.space
999080321newfolder1002002431-service1002.space
999080321newfolder1002002531-service1002.space
999080321newfolder100221-service1022020.ru
999080321newfolder100231-service1022020.ru
999080321newfolder100241-service10020999080321.ru
999080321newfolder100251-service25999080321.ru
999080321newfolder241-service10020125999080321.ru
999080321newfolder3100231-service1002.space
999080321newfolder33417-012425999080321.space
999080321newfolder351-service10020125999080321.ru
999080321newfolder4561-service10020125999080321.ru
999080321newfolder471-service10020125999080321.ru
999080321newfolder481-service10020125999080321.ru
999080321newfoldert161-service1002012425999080321.ru
999080321oopoest361-service10020125999080321.ru
999080321proftest981-service10020125999080321.ru
999080321rest21-service10020125999080321.eu
999080321rustest213-service10020125999080321.ru
999080321shoptest871-service10020125999080321.ru
999080321test11-service10020125999080321.press
999080321test125831-service10020125999080321.space
999080321test12671-service10020125999080321.online
999080321test13461-service10020125999080321.net
999080321test134831-service10020125999080321.space
999080321test13561-service10020125999080321.su
999080321test136831-service10020125999080321.space
999080321test146831-service10020125999080321.space
999080321test14781-service10020125999080321.info
999080321test147831-service10020125999080321.space
999080321test15671-service10020125999080321.tech
999080321test231-service10020125999080321.fun
999080321test261-service10020125999080321.space
999080321test281-service10020125999080321.ru
999080321test391-service10020125999080321.ru
999080321test41-service100201pro25999080321.ru
999080321test461-service10020125999080321.host
999080321test481-service10020125999080321.ru
999080321test51-service10020125999080321.xyz
999080321test571-service10020125999080321.pro
999080321test61-service10020125999080321.website
999080321tostest371-service10020125999080321.ru
999080321uest71-service100201dom25999080321.ru
999080321utest1341-service10020125999080321.ru
999080321yes1t3481-service10020125999080321.ru
999080321yest31-service100201rus25999080321.ru
999080321yirtest231-service10020125999080321.ru
999080321yomtest251-service10020125999080321.ru
cozanostra.best
jg5.5aef.pw
naritouzina.net

# Reference: https://www.virustotal.com/gui/domain/analyticsonline.top/relations
# Reference: https://twitter.com/FaLconIntel/status/1247895934127591426
# Reference: https://twitter.com/malwrhunterteam/status/1327616871043133441
# Reference: https://www.virustotal.com/gui/file/8c842be9d93e2ada204da0ad0981b572e1de9d8ae3148d53af657c5aa147d877/detection
# Reference: https://www.virustotal.com/gui/file/3266f6c72939e2c376af2a25529aa92500b4e4e9776f7ede132746b47ea7549a/detection

analyticsonline.top
/popunder_exe.php?id-user=
/qwascx.php?name-pc=
/work.php?id-user=

# Reference: https://twitter.com/wwp96/status/1328341500699299841
# Reference: https://app.any.run/tasks/f58bd996-a019-4007-be4e-4d92d5644fa4/

http://35.198.141.22

# Reference: https://twitter.com/nao_sec/status/1332115770009034752
# Reference: https://app.any.run/tasks/c32ee8a3-ce61-4836-ac99-68337b254a1f/
# Reference: https://app.any.run/tasks/da45e6da-5dc7-4eee-a402-7642539ed9a6/

centralwestofbankoffice.cyou
puffpuff423.top

# Reference: https://www.virustotal.com/gui/file/9850bb21544a0375948ab304014fbad4d3a9bbd7289c5ca42de9447298ff8bce/detection
# Reference: https://otx.alienvault.com/indicator/ip/45.82.68.166

proload.info

# Reference: https://www.virustotal.com/gui/file/d920f89a4d8ae2f2cc597779c57e515c0f9451a66ecdaeef35169f6d0a43a35d/detection
# Reference: https://www.virustotal.com/gui/domain/ultraspeed.info/relations

ultraspeed.info

# Reference: https://www.virustotal.com/gui/file/e7111acd60f1fbe98eac7e7ff9215b34758257a9badf2fe02ce8d39a1d0a3b73/detection

watado.xyz

# Reference: https://twitter.com/nao_sec/status/1334289601125445633
# Reference: https://app.any.run/tasks/daf21461-db00-47b7-a33e-a61e864ddc1a/

recyclecycle.top

# Reference: https://www.virustotal.com/gui/file/8825eebf3e19804f89d438aa971ccf8335cb70724e76057c70f0a5cc3257d72c/detection

hellousa.info
superload24.info

# Reference: https://www.virustotal.com/gui/file/8e61d7a623bdf6b531bdf7fc2fc20c14707b7e13f86773aa19badc56e0cb1ab6/detection

chinarobotics2020.top

# Reference: https://www.group-ib.com/blog/fakesecurity_raccoon

azure-cloud1.co.za
azure-cloud1.web.za
azure-cloud2.co.za
azure-cloud2.web.za
azure-cloud3.co.za
azure-cloud3.web.za
azure-cloud4.co.za
cloud-server-updater.co.za
cloud-server-updater1.co.za
cloud-server-updater10.co.za
cloud-server-updater11.co.za
cloud-server-updater12.co.za
cloud-server-updater13.co.za
cloud-server-updater14.co.za
cloud-server-updater15.co.za
cloud-server-updater16.co.za
cloud-server-updater17.co.za
cloud-server-updater18.co.za
cloud-server-updater19.co.za
cloud-server-updater2.co.za
cloud-server-updater20.co.za
cloud-server-updater21.co.za
cloud-server-updater22.co.za
cloud-server-updater23.co.za
cloud-server-updater24.co.za
cloud-server-updater25.co.za
cloud-server-updater26.co.za
cloud-server-updater27.co.za
cloud-server-updater28.co.za
cloud-server-updater3.co.za
cloud-server-updater4.co.za
cloud-server-updater5.co.za
cloud-server-updater6.co.za
cloud-server-updater7.co.za
cloud-server-updater8.co.za
cloud-server-updater9.co.za
cloudupdate.co.za
cloudupdates.co.za
code-cloud1.co.za
code-cloud2.co.za
code-cloud3.co.za
code-cloud4.co.za
code-cloud5.co.za
code-cloud6.co.za
documents-cloud-server.co.za
documents-cloud-server1.co.za
documents-cloud-server2.co.za
documents-cloud-server3.co.za
documents-cloud-server4.co.za
documents-cloud-server6.co.za
documents-cloud-server7.co.za
documents-cloud-server8.co.za
documents-cloud-server9.co.za
download-plugin.co.za
download-plugins.co.za
downloadplugins.co.za
google-document.co.za
microsoft-cloud1.co.za
microsoft-cloud10.co.za
microsoft-cloud11.co.za
microsoft-cloud12.co.za
microsoft-cloud13.co.za
microsoft-cloud14.co.za
microsoft-cloud15.co.za
microsoft-cloud6.co.za
microsoft-cloud7.co.za
microsoft-cloud8.co.za
microsoft-cloud9.co.za
msupdater.co.za
oneupdateadobe.co.za
oneupdateadobe.org.za
oneupdateadobe2.co.za
oneupdateadobe2.org.za
oneupdateadobe3.co.za
oneupdateadobe3.com
oneupdateadobe3.org.za
oneupdateadobe4.co.za
securitycloudserver.co.za
updateadobeonline.co.za
updateforadobenew.co.za

# Reference: https://www.virustotal.com/gui/file/9428e5edade393b0c6a79b3232141428b970350b27b088d1bf235f6c15f7198d/detection
# Reference: https://tria.ge/201220-ydzzbnfhze/behavioral1#report
# Reference: https://app.any.run/tasks/09226a36-b84b-4c28-9a59-346f376fc337/

tripsafe.fun

# Reference: https://www.virustotal.com/gui/file/366537de61541a69e63922342da061ce9cabbb92a8634553b098888a8f33c6dd/detection
# Reference: https://www.virustotal.com/gui/file/8b43c9b2b93dfbf3732b6a9f40b391f0fe7ac0194a470c8b9a2c7cb71d5617ad/detection
# Reference: https://www.virustotal.com/gui/file/988396426d899ee2029bc88f2d2c915ac3a3f4557f91bd2a170942e03de1ca2c/detection
# Reference: https://app.any.run/tasks/347daeea-65cf-4313-9f27-9fc8b801bf47/

sibernetix.fr
madrasdarbar.com/wp-admin/fw1.php
madrasdarbar.com/wp-admin/fw2.php
madrasdarbar.com/wp-admin/fw3.php
madrasdarbar.com/wp-admin/fw4.php
madrasdarbar.com/wp-admin/fw5.php
madrasdarbar.com/wp-admin/fw6.php
madrasdarbar.com/wp-admin/fw7.php
madrasdarbar.com/wp-admin/fw8.php
madrasdarbar.com/wp-admin/fw9.php
madrasdarbar.com/wp-content/plugins/img1.php?id=
madrasdarbar.com/wp-content/plugins/img2.php?id=
madrasdarbar.com/wp-content/plugins/img3.php?id=
madrasdarbar.com/wp-content/plugins/img4.php?id=
madrasdarbar.com/wp-content/plugins/img5.php?id=
madrasdarbar.com/wp-content/plugins/img6.php?id=
madrasdarbar.com/wp-content/plugins/img7.php?id=
madrasdarbar.com/wp-content/plugins/img8.php?id=
madrasdarbar.com/wp-content/plugins/img9.php?id=
/plugins/fw1.exe
/plugins/fw2.exe
/plugins/fw3.exe
/plugins/fw4.exe
/plugins/fw5.exe
/plugins/fw6.exe
/plugins/fw7.exe
/plugins/fw8.exe
/plugins/fw9.exe
/plugins/fw1.php
/plugins/fw2.php
/plugins/fw3.php
/plugins/fw4.php
/plugins/fw5.php
/plugins/fw6.php
/plugins/fw7.php
/plugins/fw8.php
/plugins/fw9.php
/wp-admin/fw1.exe
/wp-admin/fw2.exe
/wp-admin/fw3.exe
/wp-admin/fw4.exe
/wp-admin/fw5.exe
/wp-admin/fw6.exe
/wp-admin/fw7.exe
/wp-admin/fw8.exe
/wp-admin/fw9.exe
/wp-admin/fw1.php
/wp-admin/fw2.php
/wp-admin/fw3.php
/wp-admin/fw4.php
/wp-admin/fw5.php
/wp-admin/fw6.php
/wp-admin/fw7.php
/wp-admin/fw8.php
/wp-admin/fw9.php
/plugins/img1.php?id=
/plugins/img2.php?id=
/plugins/img3.php?id=
/plugins/img4.php?id=
/plugins/img5.php?id=
/plugins/img6.php?id=
/plugins/img7.php?id=
/plugins/img8.php?id=
/plugins/img9.php?id=

# Reference: https://twitter.com/h2jazi/status/1341805802760364036
# Reference: https://www.virustotal.com/gui/file/f89ac1672d0ef466d78613257fe2735509afb9cb4aca81ceb1be8a288f1eb0d6/detection

http://45.15.143.230/Raccoon/
/Raccoon/iencli32.dot
/Raccoon/iencli32dot
/Raccoon/Purchase.exe
/iencli32dot
/iencli32.dot

# Reference: https://app.any.run/tasks/56c71276-54c1-447f-818c-decd01fe8cc0/

morasergiox.ac.ug
taenaiaa.ac.ug
helpsavedogs.top

# Reference: https://app.any.run/tasks/56931149-9db8-43c0-8fae-8b6cd50ef4e4/

blacksmokegun.top

# Reference: https://www.virustotal.com/gui/file/d23a96b27a385fec7eef04f0b312feda253e24275c160d8cc38c2b1c39e9c5b1/detection

mynameisalfred.top
/jbitchsucks

# Reference: https://twitter.com/AvastThreatLabs/status/1362787975201886212
# Reference: https://www.virustotal.com/gui/file/5bb23670b1fd229c3ba9ab0b25839e715a90af8f01654f4b92134f7692e117fb/detection
# Reference: https://app.any.run/tasks/12e02693-6660-452e-921e-414994a8335f/

yearofthepig.top

# Reference: https://www.virustotal.com/gui/file/a285ef3f4162d1b869844edf63c3d1b88c3a0b296cacf6234835eafc9d674252/detection

globalsalespartscn.top

# Reference: https://www.virustotal.com/gui/file/a14fb42ce0bb182cfbaf6319ae29a96c81ba4ac195cba646ad899f63085e205c/detection

178.20.40.83:81
vaxton.club

# Reference: https://www.virustotal.com/gui/file/38e9eda271a1bbf27d7486fb5ebf88da22a92711ffb19a43b9519e512c336252/detection

pilinno.info
pubload.info

# Reference: https://twitter.com/McAfee_Labs/status/1364609358710136841
# Reference: https://app.any.run/tasks/d3bf337d-a795-484b-be3b-b9b7d38e875c/

mariofart8.top

# Reference: https://www.virustotal.com/gui/file/5b77ec829dda6e8850db5e1bb0e7f77392aa9daf8313b8950a987993a3f5f8f8/detection

f0491609.xsph.ru

# Reference: https://www.virustotal.com/gui/file/4cbf92c3d4529f29269b2b00747d624859d7040f32091ede2d7386efb8983318/detection
# Reference: https://www.virustotal.com/gui/file/0f4bca305be1d8b7c9f7c87311279e213cc04220f4f21907b2f976449ca185ac/detection

gb-cleans.tech
gucciworldcommunity.com
takeshykurosavabest.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1368837298868129793

thereisnoscheme.top

# Reference: https://twitter.com/pmmkowalczyk/status/1369034284246437888
# Reference: https://www.virustotal.com/gui/file/26156edb64b5cc30c393ec4e05ef7313134ca5f9ce4a057bb4130dcef1c1c9ec/detection

againstpolicebrutality.top

# Reference: https://twitter.com/pmmkowalczyk/status/1369234428267012113
# Reference: https://www.virustotal.com/gui/file/59efc85fe1524abbaf2f8dd1dbbfb6af070372ca1de0c43e4b4f9960ecc5d79a/detection

nyqualitypizza.top

# Reference: https://twitter.com/pmmkowalczyk/status/1369655824797360133
# Reference: https://www.virustotal.com/gui/file/bb50134057186ffb3de02361a670bbc405a1fe289ffb4f3b1e44abcffe80c592/detection

hitfromthebong.top

# Reference: https://www.virustotal.com/gui/file/00b737e6875f5c41cb05581c56330b220601e98cd54e4f5ba43e745762df23f9/detection

93.115.18.77:81
http://93.115.18.77

# Reference: https://twitter.com/pmmkowalczyk/status/1370802182761644032
# Reference: https://app.any.run/tasks/c8b972a9-60e1-4296-859e-d5b0fd41342e/

mynameischarliebrown.top

# Reference: https://twitter.com/wwp96/status/1372012259904487428

http://93.190.138.2

# Reference: https://www.virustotal.com/gui/file/c2e8a322d8d5a837934556bd1b6c951a411581c2b8196c3be086fe0d43297300/detection

http://45.139.236.6

# Reference: https://twitter.com/c3rb3ru5d3d53c/status/1377584138442641410
# Reference: https://app.any.run/tasks/42af693c-f1d9-46b9-ac3c-6c2fb1696a42/

duckduckstop.top

# Reference: https://www.virustotal.com/gui/file/78271642776efafec0e3a1d3c808249bc44731a2595309e842c06bd3ca5e3965/detection

youareperfect2day.top

# Reference: https://www.virustotal.com/gui/file/a97f38db5b3a04a89eb0ca0fc744333e3118102fd355891505857e5016b54eab/detection

minorleage.top

# Reference: https://tracker.viriback.com/index.php?q=modernloader
# Reference: https://www.virustotal.com/gui/file/365c4d412d538e3308c77cac58204ce5e596d0baa7788215368fb4495e4b4232/detection
# Reference: https://tria.ge/210507-8mfadfbjpe/behavioral1

http://185.70.186.149
miranore.top
number1g.top

# Reference: https://www.virustotal.com/gui/file/40e74935dd9135e38e3fd3e99aa361c87cee569664fce16660501ea617bd9d93/detection

nuderono.top

# Reference: https://www.virustotal.com/gui/ip-address/146.0.72.86/relations

marunok.top

# Reference: https://www.virustotal.com/gui/ip-address/146.0.72.89/relations

secureim.top

# Reference: https://twitter.com/petrovic082/status/1391394902911631369
# Reference: https://app.any.run/tasks/3d45121d-8f5a-470a-aa2a-e3e16de0350c/

http://34.89.59.109

# Reference: https://app.any.run/tasks/45f040e8-f0ee-4987-9504-d6b03200a0d2/
# Reference: https://tria.ge/210521-c4n3kxtnkx/behavioral1

http://45.142.212.182

# Reference: https://www.virustotal.com/gui/file/9cfc3729c9a4afd9d868185a9358866e83e63a01663aaadea46e631f7c97bb8b/detection

http://34.105.230.174

# Reference: https://www.virustotal.com/gui/ip-address/34.88.222.181/relations
# Reference: https://www.virustotal.com/gui/file/ab7a25c9c3b06601eed37969c1038920a5445a061fd8350fd564745911e79ce2/detection
# Reference: https://www.virustotal.com/gui/file/b12fa69671aa80f206ecbeb8e52af324ff5f6ba3e4dcc789f412827d64bfb2a0/detection

http://34.88.222.181

# Reference: https://www.virustotal.com/gui/file/79bbdb8009278ba629dae626b86f4447a81333ef9535e2a9341d5728571e4ae1/detection

http://159.69.20.131

# Reference: https://twitter.com/nao_sec/status/1403322564580020227
# Reference: https://app.any.run/tasks/f00d7529-d2b7-4ad8-86ea-3d3bd256d8c3/

http://34.88.52.57

# Reference: https://www.virustotal.com/gui/file/73c74e428e5944013aac76cb54505d11616ae7d9fa13afb0beb4b2a7c29f8633/detection
# Reference: https://www.virustotal.com/gui/file/6bde10caf2a906e88ab47ee8a0ff14e94a2dafa6f740bb8ab4bd21bc1fe234ea/detection
# Reference: https://www.virustotal.com/gui/file/1aaedf67e498d2421c1afc740447f00dc7bf1a96a4b73cb9601a33b8594a5ff2/detection

akadns9.net
gate.akadns9.net
test.akadns9.net

# Reference: https://www.virustotal.com/gui/file/dcf436f1a886d5e07fb6029c2c2a0a87cc43b70626d4a35acadf975e08a9c55b/detection

http://34.65.79.5

# Reference: https://bazaar.abuse.ch/sample/c54228f797eb663e6a223ecf20f225f91bc2e1dfbea5ac84687ff87513a0dad5

http://35.246.76.29

# Reference: https://www.virustotal.com/gui/file/84a790b8c39b4658e68f43ea5b61c22ae42bf92c5aeeb704eff40ff0820e5f3f/behavior/VirusTotal%20Jujubox

http://185.157.162.75
bakercost.gq
bravestone.ru

# Reference: https://www.virustotal.com/gui/file/a9cd85d14daa44ea4e634d14c7225b73b7b82138b624bbf53222b6084acf5502/detection

http://34.88.33.218

# Reference: https://www.virustotal.com/gui/ip-address/8.209.80.200/relations

dopehope.top
greenbook.top
oldfinerecord.top
simpleplan.top

# Reference: https://www.virustotal.com/gui/file/2a92d81d45296a37dab3b61c3e26af03b680043205eae14acda1131302b61046/detection

http://34.141.84.7

# Reference: https://tria.ge/210722-hf3hkgcyax/behavioral1

http://94.228.114.197

# Reference: https://tria.ge/210722-psafrxqafn/behavioral1

http://188.119.112.73

# Reference: https://tria.ge/210731-pdc5qrte6n
# Reference: https://www.virustotal.com/gui/file/f778cca4f1de43b854a2ca78733215ea18a8eceaa94431e5b8c19cf4002ad893/detection
# Reference: https://www.virustotal.com/gui/file/18a630378f7b892e5b1a1fe3c1d92ba702fcaac354fa09a175ed039851cf6dbb/detection

readinglistforaugust1.club
readinglistforaugust1.site
readinglistforaugust1.xyz
readinglistforaugust10.site
readinglistforaugust10.xyz
readinglistforaugust2.club
readinglistforaugust2.site
readinglistforaugust2.xyz
readinglistforaugust3.club
readinglistforaugust3.site
readinglistforaugust3.xyz
readinglistforaugust4.club
readinglistforaugust4.site
readinglistforaugust4.xyz
readinglistforaugust5.site
readinglistforaugust5.xyz
readinglistforaugust6.site
readinglistforaugust6.xyz
readinglistforaugust7.site
readinglistforaugust7.xyz
readinglistforaugust8.site
readinglistforaugust8.xyz
readinglistforaugust9.club
readinglistforaugust9.site
readinglistforaugust9.xyz
readinglistforjuly1.club
readinglistforjuly1.site
readinglistforjuly1.xyz
readinglistforjuly10.club
readinglistforjuly10.site
readinglistforjuly10.xyz
readinglistforjuly2.club
readinglistforjuly2.site
readinglistforjuly2.xyz
readinglistforjuly3.club
readinglistforjuly3.site
readinglistforjuly3.xyz
readinglistforjuly4.club
readinglistforjuly4.site
readinglistforjuly4.xyz
readinglistforjuly5.club
readinglistforjuly5.site
readinglistforjuly5.xyz
readinglistforjuly6.club
readinglistforjuly6.site
readinglistforjuly6.xyz
readinglistforjuly7.club
readinglistforjuly7.site
readinglistforjuly7.xyz
readinglistforjuly8.club
readinglistforjuly8.site
readinglistforjuly8.xyz
readinglistforjuly9.club
readinglistforjuly9.site
readinglistforjuly9.xyz

# Reference: https://tria.ge/210731-zmz5ynbcl6/behavioral1
# Reference: https://www.virustotal.com/gui/file/bf38a6555a9742fc97a6efbb662f2cda03cb5156c22e56417d74c06e4ebecce1/detection

http://185.234.247.148

# Reference: https://www.virustotal.com/gui/file/2b5421fe219ccf463ddcd933739f038948f411e264ff8485589114a92c34b2c7/detection

prof1t-crypt0.xyz

# Reference: https://news.sophos.com/en-us/2021/08/03/trash-panda-as-a-service-raccoon-stealer-steals-cookies-cryptocoins-and-more/

cheapdealnow.top
f0473248.xsph.ru
aun3xk17k.space
aun3xk18k.space
aun3xk19k.space
bbhmnn778.fun
donotspace.pw

# Reference: https://www.virustotal.com/gui/file/b96fe7672bb7f8bb93a34afa0cddb8adca26b29d37ad6177428e03a6f5decf19/detection

http://35.205.249.65

# Reference: https://www.virustotal.com/gui/file/9ca59ba1030b3aacfb700c7a5315b2f507ff7aa4d9952c74eab76db232ce91c3/detection

annafraudy.pw

# Reference: https://www.virustotal.com/gui/file/6df4625a2800e03824bdbd634656e7a5eb36c800c6137510427e9ce5a6006868/detection

avorlen.xyz

# Reference: https://www.virustotal.com/gui/file/13d89de097dbbf41822ed9d024e53b8c934cd724c77ab9cfaeeff29fd98e6f5f/detection

letsmakesome.fun

# Reference: https://www.virustotal.com/gui/file/a0a50284a627570c96cf3ed3d05835bed9fe27d4732034c535a082f727db8660/detection

youaresoslow.top

# Reference: https://www.virustotal.com/gui/file/2a5fcaa841cb812407cb3bfa0bc2e304e71b0b081a4aaf38360dcf949e4ae2f0/detection

http://91.214.124.126
bbbs7n5n2kohfwn4rlp4zozaqjue2batn26pblf3f.xyz

# Reference: https://www.virustotal.com/gui/file/032ee9b7a4037c20fe7afab73c5dbdf36724d7a5e38dcc7e89ee5356a473716d/detection

youcanfindmeonthe.top

# Reference: https://www.virustotal.com/gui/file/e3cb68c0fc9640e1f84456d17837a14681991a0f2479215c14a62cfa731ad45e/detection

videomart.top

# Reference: https://www.virustotal.com/gui/file/62ae35bf94183248e227e5197f3d0e03de10ae80a02c054c90380b04aebd9d5f/detection

belochkaneprihoditodna.top

# Reference: https://www.virustotal.com/gui/file/e61886846ec468de3e977cfbb68e2f26df9fd3bef014dc17d8db8736e7b30dd3/detection

mynameisjamesbrown.top

# Reference: https://www.virustotal.com/gui/file/823a661a806d45ed15b0c501fa049efad049b1f4b230965eed8e37adcdd4c560/detection

http://35.228.60.103

# Reference: https://www.virustotal.com/gui/file/8752f73ad02750730501bb8b87e164deeaba0a6ac81cf27ed7285dd3a3e9314f/detection

number2g.top

# Reference: https://www.virustotal.com/gui/file/42d7f38a0939dd15cc3ffd2ed9cc6be3a88120081cddc062275f105821920e83/detection

genericalphabet.top

# Reference: https://www.virustotal.com/gui/file/d4e62831f539ad067210308f28c5e93faec48b920038e340908e2e88c3fb0ca3/detection

http://34.76.8.115

# Reference: https://www.virustotal.com/gui/file/dbba731937d435681ed98af6e42ab52d53af4f9ebe8db955a2b4b9ab63b4b06c/detection

135.148.139.222:33569

# Reference: https://twitter.com/abuse_ch/status/1449632874848792586

http://5.181.156.229
telegatt.top
telemirror.top
tgmirror.top

# Reference: https://twitter.com/pr0xylife/status/1458056136565927939
# Reference: https://twitter.com/pr0xylife/status/1458056336961425415
# Reference: https://www.virustotal.com/gui/file/05a4d26a9ad8eec047a1cbc268e8bdad7cb3b62f8661cbc0d271208fd6485eed/detection

http://138.68.162.128
http://185.163.47.176
http://188.166.1.115
http://193.38.54.238
http://194.180.174.145
http://74.119.192.122
http://91.219.236.133
http://91.219.236.162
http://91.219.236.240
/baldandbankrupt1
/bimboDinotrex
/elonstack12
/jdiamond13
/nixsmasterbaks2
/ogaollebro1
/rino115sipsip
/takecareandkeepitup

# Reference: https://www.virustotal.com/gui/file/9b939d6792be4814bae998d6c757674730b32ce5f56e37e6b1d16968e3e9bf24/detection

warmbeddy.top

# Reference: https://www.virustotal.com/gui/file/60d20bdbfff1e73f1b1cca0f5b34a19b70fa855c470b2f382980dfb03d819d6d/behavior/Microsoft%20Sysinternals
# Reference: https://www.virustotal.com/gui/file/60d20bdbfff1e73f1b1cca0f5b34a19b70fa855c470b2f382980dfb03d819d6d/behavior/Microsoft%20Sysinternals

91.243.32.23:12780

# Reference: https://www.virustotal.com/gui/file/f98b232e826f4a0a4f1aca5c1d704c964d82bd562d3bdab1d69baaa63e2f5891/behavior/Microsoft%20Sysinternals

23.88.109.42:55961

# Reference: https://www.virustotal.com/gui/file/d57e7380837a4cc5bf20d4134aa30c68c34d42c4517b6906b812b00cd72f9461/behavior/Microsoft%20Sysinternals
# Reference: https://www.virustotal.com/gui/file/c00878138c8dd2df6ec39b436568b9c56b9c1fdde5878e50d9faa2eed87125e5/behavior/Microsoft%20Sysinternals

ce27084.tmweb.ru
185.215.113.57:50723

# Reference: https://www.virustotal.com/gui/file/f859429e880efdc4ca45dccd04f16d167d6369b19e84ab91ab8be5ea85d496c5/behavior/Microsoft%20Sysinternals

194.58.69.100:37026

# Reference: https://www.virustotal.com/gui/file/9ffb47d819051a27ce0ed198a22c18f49f9e47c4ad19a7578aa84322ab4140e9/behavior/Lastline

164.132.202.23:35481

# Reference: https://www.virustotal.com/gui/file/96a2923ef8d971498bd84cfa20a4cad3329624f5cc9a10c17840927bc4cec3bf/behavior/Microsoft%20Sysinternals

95.181.152.14:46927

# Reference: https://www.virustotal.com/gui/file/2392f52588a43a91fbe330d046e5263272e100acb2f79193d788696ef9f2613d/behavior/Microsoft%20Sysinternals

185.215.113.109:44059

# Reference: https://www.virustotal.com/gui/file/39a9cd5cdd897d4c78294fbdd13c5114191ca378f2bb83c62b2a45dc744206ae/behavior/Microsoft%20Sysinternals

185.215.113.109:44059

# Reference: https://twitter.com/Racco42/status/1468371119170375682
# Reference: https://twitter.com/Racco42/status/1468371121309421569

http://185.225.19.18
http://91.219.236.207
http://91.219.237.227
/bigboomfish

# Reference: https://twitter.com/MBThreatIntel/status/1471960582370721793

http://178.62.232.173

# Reference: https://twitter.com/benkow_/status/1476886648818384902
# Reference: https://dpaste.org/Nx77/raw (# Raccoon)

actcake.xyz
avisitorfromanotherworldy.xyz
captivaterelated.xyz
citizenmonopoly.xyz
distortionvegetation.xyz
grandfathertriangle.xyz
headquartersplay.xyz
mosquecreed.xyz
polarrphotoeditor.net
poloainstall.com
predatorcarry.xyz
trackinstall.xyz
visitoralohasocietyofhawaiiy.xyz
visitoranalyticsy.xyz
visitorapplicationy.xyz
visitorarrivalshawaiiy.xyz
visitorattractionsy.xyz
welcomethreshold.xyz
windarm.xyz

# Reference: https://www.virustotal.com/gui/file/0326d2a630429308a4b21861b6df55441d273385630180f3ba32e8b606ef956e/detection

rowlingimpala.top
tripsafe.fun

# Reference: https://www.virustotal.com/gui/file/5a962e6116bde82aa809719f0b1872fa7b1d6a477cc915528ee5d06cea4c1b75/detection

http://5.181.156.4

# Reference: https://www.virustotal.com/gui/file/d8ed836fecea80be2e62b4e0e75916671bcf7e81ad516a3cb2dc8249340a2a90/detection

http://35.228.124.70

# Reference: https://www.virustotal.com/gui/file/fc5759a7c228d99dbd12e085feb5d17d845320df9fcbf44cc55f1af25bd3d423/detection

l0lz.co

# Reference: https://twitter.com/MBThreatIntel/status/1480681882668785665

http://185.163.204.22
http://185.163.204.24
/nixsmasterbaks2

# Reference: https://www.virustotal.com/gui/ip-address/212.224.105.79/relations

alasshrilm.xyz
ciathilyra.xyz
deverreybl.xyz
frerylystt.xyz
ierinapu.xyz
jonaianell.xyz
kalamaivig.xyz
prazubeina.xyz
uspeelayla.xyz
uzananobor.xyz
xariebelal.xyz
yabelesatg.xyz
zellerncet.xyz

# Reference: https://news.sophos.com/en-us/2021/08/03/trash-panda-as-a-service-raccoon-stealer-steals-cookies-cryptocoins-and-more/
# Reference: https://github.com/sophoslabs/IoCs/blob/master/raccoonstealer.csv
# Reference: https://otx.alienvault.com/pulse/611390ac90bfcc235bfac828

darkwebs.ws

# Reference: https://www.virustotal.com/gui/file/1854b148b78af64e8210f928a4a6185d60e820ce7dfc3edad01d721f94f894f2/detection

http://91.219.236.49
telegin.top
telegka.top
/agrybirdsgamerept

# Reference: https://www.virustotal.com/gui/file/84dc1aac57ee73c1a6115d5abdaf369ee91827ee6d6906c3404cc84a51e792b8/detection
# Reference: https://www.virustotal.com/gui/file/8d03d7e009a1f39d1e0f089bf633007bce0f8ac64e5322e762a1d6091fcb8640/detection

cert-mail.org
mail-input.info
charlie.mail-input.info

# Reference: https://www.virustotal.com/gui/file/01a46fe5d3f043fe1b45548a36b63edfd841c1841ec5b6878d10ecab36d81d88/detection

http://194.180.174.53
/jredmankun

# Reference: https://twitter.com/BushidoToken/status/1487051192324825088

raccoonstealer.com

# Reference: https://www.virustotal.com/gui/ip-address/47.88.17.74/relations
# Reference: https://www.virustotal.com/gui/file/8f27a981e44cc3595009f7e78dde8ed1a13f1404b266d8277dab71237384d2a9/detection

mageronad.top
mentoribai.top
moreinored.top
newtonanddiana.top

# Reference: https://www.virustotal.com/gui/file/ec3c0afccfef11f753a408c859d98bbba4841e87f7f1a48573270c0d82252b03/detection

8003659902.site
8003659902.space

# Reference: https://www.cyberark.com/resources/threat-research-blog/raccoon-the-story-of-a-typical-infostealer
# Reference: https://lp.cyberark.com/rs/316-CZP-275/images/CyberArk-Labs-Racoon-Malware-wp.pdf
# Reference: https://www.virustotal.com/gui/file/a57e1f3217b993476c594570095d28b6c287731a005325e5f64a332a86cb7878/detection

http://35.189.105.242

# Reference: https://www.virustotal.com/gui/file/019a364b08251e4318c4db82d00955f218b6641ca09f4d49efd85a4db508eb0e/detection

http://194.180.174.41
http://91.219.236.148
http://91.219.236.18

# Reference: https://www.malware-traffic-analysis.net/2022/01/27/index2.html

http://188.166.1.115
http://91.219.236.139
http://91.219.236.153
endoftheendi.com
/kumchakl1

# Reference: https://www.virustotal.com/gui/ip-address/35.205.249.65/relations

http://35.205.249.65

# Reference: https://www.virustotal.com/gui/file/03d48529d57b75b44a708262dba0caef92bef0dcd72d37b161b5a5276c9b525a/detection

yarinefatt.xyz

# Reference: https://www.virustotal.com/gui/file/0ea436c47fea3602536925f013ffd815a2f82cac16e03c190d571b41aa06f4b3/detection

http://139.162.146.59
http://185.163.204.119
/cksuitegu

# Reference: https://twitter.com/LixaH_CL/status/1494050209613107206
# Reference: https://www.virustotal.com/gui/file/f54ec287f5ce5da75fe3a255d601528d96172f09868a20458cb723de39073e8d/detection

http://139.162.146.59
http://185.163.204.119
http://194.180.191.234
http://194.180.191.3
http://206.189.100.203
/sibiusio

# Reference: https://www.virustotal.com/gui/file/2aa88269507cd63f9688a091af13da0d8f5bed5185335ea9010a0edd3c6aee7e/detection

http://139.162.157.205
http://194.180.191.124
/wavesf

# Reference: https://www.virustotal.com/gui/file/00f8eb4b23da98cf64beffa201cf519461193af881fda0b31acf376fe766e4b6/detection

http://91.219.236.27
http://94.158.245.137
http://94.158.245.147
http://94.158.245.167
/h_smurf1kman_1

# Reference: https://www.virustotal.com/gui/file/018f187b5d0caed4c805ed066dcb0615c151cd52c0865ce85e3e7ec3f4069dd0/detection

http://185.225.19.238
http://185.163.204.230
/borderxra

# Reference: https://www.virustotal.com/gui/file/05cb839e6fe936257e42ce28f65469f0d421651b0ffdc8f74808845ed3552427/detection

http://185.163.204.216
http://185.163.204.218
/duglassa1

# Reference: https://www.virustotal.com/gui/file/0bc1a8cdf1c963118f4d1d31c14175e6aad0bfa2fb38d431d8578602f39c323b/detection

/derbasasa

# Reference: https://www.virustotal.com/gui/file/0c1609590f4335e4365c07e767ca381954948767998d5da4a226929b8036678a/detection

/hellobyegain

# Reference: https://www.virustotal.com/gui/file/1704bfdf2f3cafdf218ec1171ae27a22f7c4727b278e3f6648420c2466335457/detection

http://185.225.19.238
http://194.180.174.140
/wentexza

# Reference: https://www.virustotal.com/gui/file/d24d2b6f33fe7df641f5f7f4ebaff22e5e2d036a33269121e6322ccabf946208/detection

teletele.top
ttmirror.top

# Reference: https://www.virustotal.com/gui/file/034e8e297165eeb14372eea7a7e68756e561df39b84c5be924e542a36dee7418/detection

/brikitiki

# Reference: https://www.virustotal.com/gui/file/887ea929be30f19844dde144e5b1babdc38f8436e216c7d01b45ae602ed9d1c2/detection

http://178.62.127.193
http://185.215.113.78

# Reference: https://lists.emergingthreats.net/pipermail/emerging-sigs/2021-November/030496.html
# Reference: https://www.virustotal.com/gui/file/0e2fc097ab85ac49639d49d80a72d5d1a2bed3921f3621541866ac7fbdc62ac0/detection

livetelive.top
teleger.top
teleghost.top
teleliver.top
telemir.top
teleroom.top
telestrong.top
teletelo.top
tgrampro.top

# Reference: https://www.virustotal.com/gui/ip-address/194.87.196.220/relations

boertilsar.top
buioltran.top
maladaro.top
marodraf.top
vuilodersa.top

# Reference: https://www.virustotal.com/gui/file/077a7cc94f5b88dba69fee80250006a2fb3b5f5bdea612910d143ac188800f67/detection

algrcabel.ru
elsaunny.com
go-piratia.ru
hangxachtaythodoan.com
korphoto.com
pelangiqq99.com
piratia.su
pjure.at
pkodev.net
puffersweiven.com

# Reference: https://www.virustotal.com/gui/file/00554453043d823beed8079d6dadbcffd036a031878aee5f9591e9c3157756ff/detection
# Reference: https://www.virustotal.com/gui/file/70dab5c1df261f4df8dec4f2d5f83d83ccab1567dff8337a453823a9bcc933a4/detection

http://178.79.174.111
http://206.189.100.203
/bi4s4eal
/cashins
/jeffreemazui3
/jjbadb0y
/pus5nut

# Reference: https://www.virustotal.com/gui/file/7f6b5298f9ed023b9d1210727318b9b97858ebeebedabbea4607ff3dcc5d90a1/detection

ckrddvcveumq.ru

# Reference: https://twitter.com/JaromirHorejsi/status/1534533988429271044
# Reference: https://twitter.com/James_inthe_box/status/1534587919410683904
# Reference: https://www.virustotal.com/gui/ip-address/5.252.22.88/relations
# Reference: https://app.any.run/tasks/631b83d3-0f5d-4766-9b84-c35919fc4db0/
# Reference: https://medium.com/s2wblog/raccoon-stealer-is-back-with-a-new-version-5f436e04b20d

bear-found.xyz
load-brain.xyz
really-software.xyz
retro-rave.xyz
vibe-soft.xyz

# Reference: https://tria.ge/220611-3nvgladbhm

http://5.252.22.62

# Reference: https://tria.ge/220612-fsjjkabga7

http://167.235.245.75

# Reference: https://tria.ge/220614-kybs5adadq

http://2.58.56.247

# Reference: https://www.virustotal.com/gui/file/06c6a6cfe3900af0484501582befeb70ffe4d013b70a9ce5d2240292fa69dc94/detection

proxyww.com

# Reference: https://www.virustotal.com/gui/file/00c88d8947b2a24b5eec98b7a5b9ebfb0afa0ee6366b1c3af2d34418e0710dbf/detection

http://37.0.8.39

# Reference: https://www.virustotal.com/gui/file/f7b1aaae018d5287444990606fc43a0f2deb4ac0c7b2712cc28331781d43ae27/detection

http://51.195.166.201

# Reference: https://www.virustotal.com/gui/file/47f3c8bf3329c2ef862cf12567849555b17b930c8d7c0d571f4e112dae1453b1/detection

http://51.195.166.184
http://94.158.247.24

# Reference: https://www.virustotal.com/gui/file/27e02b973771d43531c97eb5d3fb662f9247e85c4135fe4c030587a8dea72577/detection

http://85.202.169.112

# Reference: https://tria.ge/220610-y6vg4afbgj

http://185.106.94.148

# Reference: https://tria.ge/220610-qc14sabdaq

http://185.227.111.81

# Reference: https://www.virustotal.com/gui/file/00b114eaad7c08764581dec3597d729aef386550e505ac8d9d0cdec6bcc3d89d/detection

cafegreenvalley.com
esmic.at

# Reference: https://www.virustotal.com/gui/file/04099e26a13254f342682e06dba06168523f4b7e93fa40b801b89451300e8eaa/detection

astrani.com
diewebseite.at

# Reference: https://app.any.run/tasks/2abb44b0-86f5-4e6c-a805-63c58f6a5186/

http://159.69.102.192

# Reference: https://twitter.com/0xDanielLopez/status/1545686578617630720
# Reference: https://twitter.com/1ZRR4H/status/1545777193535537152
# Reference: https://raw.githubusercontent.com/CronUp/EnAnalisis/main/2022-07-09_Racoon_C2_comms

http://51.195.166.175
microstrategygivesbtc.com

# Reference: https://www.virustotal.com/gui/file/44b865cbb4e178e013d37cdf330f726a99dac6a8bcc9a6ebc8002ccecdd2c69a/detection

http://51.195.166.174

# Reference: https://www.virustotal.com/gui/file/5e614758b6344d6aa9619a75c110b9af4ea2dc1b1103c542e5d10e8d5fc2d66a/detection

http://51.195.166.171
http://94.158.247.44

# Reference: https://www.virustotal.com/gui/file/fba1005e8c248ec460e6c13cb38759bd70d9db4882f88f651b194ab1800e656c/detection

http://51.195.166.176

# Reference: https://www.virustotal.com/gui/file/0e24a0c019fc8b4ec43e4cf15e268607dbdbc23ea314145502f81d03c39a421f/detection

http://51.195.166.178

# Reference: https://www.virustotal.com/gui/file/00c750cd38d99194ed9f19540f3a7668a8e88a317694d926a95351db00466121/detection

http://51.195.166.181

# Reference: https://www.virustotal.com/gui/file/ca16432d519f2dfd1e5ca4216c861cce7895178aeb9e7e5d925d2ec28e4df0b1/detection

http://51.195.166.183

# Reference: https://twitter.com/idclickthat/status/1547954303486218241

keystool.com

# Reference: https://app.any.run/tasks/65885b80-bf6b-47e7-9e52-bca0f1d27413/

http://45.159.249.5

# Reference: https://tria.ge/220716-thc6padfel

http://45.8.145.243
http://78.159.97.21

# Reference: https://tria.ge/220715-c8rnbsfhb6

http://162.33.179.100

# Reference: https://app.any.run/tasks/5fced4fd-b798-4344-b951-b8fa45fbb923/

http://116.202.178.170

# Reference: https://bazaar.abuse.ch/sample/494ab44bb96537fc8a3e832e3cf032b0599501f96a682205bc46d9b7744d52ab/

http://193.56.146.177

# Reference: https://twitter.com/idclickthat/status/1557714370297298945
# Reference: https://tria.ge/220811-p5k3lafddp
# Reference: https://www.virustotal.com/gui/ip-address/45.153.35.20/relations

http://185.53.46.156
http://45.140.147.73
http://45.159.251.140
ledgdown.com
ledgrestartings.com
legdreons.com
wallet-ladger.com

# Reference: https://twitter.com/MBThreatIntel/status/1560453584172421121
# Reference: https://www.virustotal.com/gui/file/2694222cb3dd3e186a014e5575065b29d9f2656735d35406761bb94293944da8/detection

http://176.124.212.169
vpn-express-vpn.com

# Reference: https://tria.ge/220822-vh3xsaafek/behavioral1

http://168.100.10.238
http://77.75.230.25
/W9H1B8P3F2J2H2K7U1Y7G5N4C0Z4B/

# Reference: https://www.virustotal.com/gui/file/6a895c7bff68fb8d532d13231f7e4237fda44b6eb7c541a3cb292101d8ecc5d2/detection

http://45.150.67.175

# Reference: https://www.virustotal.com/gui/file/3af78a671cda535b18df772857f3008dcb1bf95ba3c087293f86185b860d0598/detection

http://45.159.251.164
http://94.158.244.119
/wK6nO2iM9lE7pN7e/

# Reference: https://blog.sucuri.net/2022/08/fake-ddos-pages-on-wordpress-lead-to-drive-by-downloads.html

bitttab.net

# Reference: https://www.virustotal.com/gui/file/d8f4a974a2d65cc7e7e93a456896efbe804dad011c3e8ba8a3be71834e269105/detection

http://213.252.244.230

# Reference: https://www.virustotal.com/gui/file/9d66a6a6823aea1b923f0c200dfecb1ae70839d955e11a3f85184b8e0b16c6f8/detection

http://45.140.146.169
/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/

# Reference: https://twitter.com/abuse_ch/status/1630111198036348928
# Reference: https://www.virustotal.com/gui/file/40ac4d8ee624e824ca4b6fe0cc01df13a36d31ca53036c1e0f963cefa7ed8948/detection
# Reference: https://www.virustotal.com/gui/file/0c78984cd2afe869307aca9d8dc9d257f650616b12fa45a2a79a83821f1e7b37/detection
# Reference: https://www.virustotal.com/gui/file/82d54b01efce5dd7f9cc36e77e9663a545c834a89981e71be1ca1ae1ffc4fc66/detection

http://179.43.140.174
http://179.43.140.229
http://179.43.141.116
ultra-cheat.ru.net
/BEBRA.php
/BEBRIK.php
/DLCGHOUL.php
/DLEBEBRA2.php
/DLIMSORRY.php
/SOSORRY.php
/VERBORROV.php

# Reference: https://twitter.com/faisalusuf/status/1565577100228263936
# Reference: https://app.any.run/tasks/d3caf7ce-316a-45df-a4a7-95594b68b26c/

http://116.203.105.117
http://174.138.15.216

# Reference: https://www.virustotal.com/gui/file/0a7682c0607e0fcb3580d28aec0e3439d6eae0cde1ab3359832046f7f33cdb0f/detection

http://62.204.41.192

# Reference: https://www.virustotal.com/gui/file/32d081287ed11af4a7cec2a17e44885fd80d8770a4b1ef21da009e68f97bf9b6/detection

http://212.193.30.115
http://45.133.1.107
http://45.133.1.182

# Reference: https://twitter.com/idclickthat/status/1572265426440323073
# Reference: https://tria.ge/220920-t1wezsdgc2
# Reference: https://app.any.run/tasks/9f262d66-d29f-4f68-a549-a27568a1664a/

http://89.185.85.53
appshigh.com

# Reference: https://www.virustotal.com/gui/file/6e032bb49d967ed134440ff43ea7ab2ffb3166e62fcc9cbedabbb51bafe9d116/detection

beastmode-1.xyz

# Reference: https://tria.ge/220914-2yaphafcdl/behavioral1

http://102.130.114.185

# Reference: https://twitter.com/WhichbufferArda/status/1571125906856620034
# Reference: https://www.virustotal.com/gui/file/28a833907c5f992bda6d3973437bba07b5e990adcd21970590c8ec7c39cf9405/detection

http://94.131.106.116

# Reference: https://twitter.com/WhichbufferArda/status/1571527103761518593
# Reference: https://www.virustotal.com/gui/file/582980ba975d2510ff4ec9c0b501b0db08373aa53f9ff040bdfbdb16dda0369c/detection

http://193.149.129.144
http://45.67.229.149
http://94.131.104.18
/rgd4rgrtrje62iuty/

# Reference: https://twitter.com/Iamdeadlyz/status/1572261545299836929
# Reference: https://www.virustotal.com/gui/file/7b0d940175c7c440f5bc5b54bf72b899fc5cef36ff62e65c2f52856e75d0b05b/detection

http://91.201.25.172

# Reference: https://twitter.com/idclickthat/status/1572280867577528325
# Reference: https://tria.ge/220920-v3wdfahfcp

http://168.100.9.109

# Reference: https://www.virustotal.com/gui/file/60009a057bc8cbf7bf6577f516a26e23487909791ddda210687236af448224f9/detection

http://193.149.185.192
http://45.89.55.113
/Z2J8J3N2S2Z6X2V3S0B5/

# Reference: https://app.any.run/tasks/3a72e567-33b0-4843-98e3-9615cc09b007/

http://116.202.179.139

# Reference: https://twitter.com/pollo290987/status/1574396187377106945

http://20.163.204.239

# Reference: https://twitter.com/JAMESWT_MHT/status/1574626812466180096

http://80.92.205.35
http://94.131.107.206

# Reference: https://tria.ge/220829-n4kvrsggek

http://45.67.35.151

# Reference: https://www.virustotal.com/gui/file/0b7410c41dd49a7a43487fa0e56f5b336951609e67b873d5cdd70632a954b4a8/detection

http://185.225.19.55

# Reference: https://twitter.com/idclickthat/status/1578893652625018880
# Reference: https://tria.ge/221008-3k1jfafhh4/behavioral1

http://15.235.89.55
http://167.114.45.110
http://51.68.28.146
zoomsoftware.info

# Reference: https://tria.ge/221014-wdxewadhg3/behavioral2

http://168.100.9.234
/oko84pgIrymhc7w/

# Reference: https://www.virustotal.com/gui/file/35ad6f7ca469732908cb3c2f4777589baa74b189b2efa3b891f53765fe52f881/detection

http://193.149.180.210
/GdjrtfHETyier5rfVMD/

# Reference: https://www.virustotal.com/gui/file/fcf421952d84ded2ae3c64d60e404be047df6bbf7c126286d673301ea9639296/detection

http://94.131.97.129

# Reference: https://www.virustotal.com/gui/file/eeb5ee631e4e3dea3a6faf8fc70bf52d1814db8f5c6a6ebe729ae23df71879e5/detection

http://116.202.186.42
http://116.203.10.3
http://45.89.55.198

# Reference: https://www.virustotal.com/gui/file/c834c1de44e284183d5a90eda6835c4d5b4da809ea513b22876422865ae5fa90/detection

http://45.8.147.4

# Reference: https://www.virustotal.com/gui/file/ae2c3f918a302dcc08de5830ee6b57c7aee99855ff45e28b82502f2d92fe8940/detection

http://195.201.251.151

# Reference: https://www.joesandbox.com/analysis/700916/0/html

http://116.203.167.5

# Reference: https://twitter.com/SquiblydooBlog/status/1584143778637455360
# Reference: https://tria.ge/221022-rlh51adea4/behavioral2

http://185.25.51.202
soft-portal.shop

# Reference: https://www.virustotal.com/gui/file/01a5005f3ad75fd7073b3eaccbc3dfc7b5a3fe71653abd9e811b9da3d3edda76/detection

http://194.37.80.221

# Reference: https://twitter.com/crep1x/status/1584256833962749954

http://5.255.103.158

# Reference: https://twitter.com/0xLEZOS/status/1584581005175705601
# Reference: https://www.virustotal.com/gui/file/695099e4dd37db1f66b01bb0b5bccee6c37b80e2d9fe4985053e35c19b032ace/detection

http://94.158.247.30
notion.bz

# Reference: https://www.virustotal.com/gui/file/ad006450f536033f61832ec050467f9331ba94a22e7239a319893415fccf7b5d/detection

http://45.15.156.72

# Reference: https://twitter.com/l205306/status/1560987822839832576
# Reference: https://www.virustotal.com/gui/file/08df76e878ce7055f3aa2e264432bb3a775ff01e42ca8c95a7fd8ce50a5b621a/detection

sky-soft.space

# Reference: https://twitter.com/l205306/status/1555575473434152960

http://78.159.103.195
http://78.159.103.196
software-catalog.space

# Reference: https://twitter.com/l205306/status/1553727224989503489

http://172.86.75.27
x4webs.com

# Reference: https://blog.cyble.com/2022/10/25/dual-malware-infection-targets-cryptocurrency-users/

179.43.140.174
s457516.ha003.t.justns.ru

# Reference: https://www.virustotal.com/gui/file/d4b8c8e5ccc02be55f8c742257178df24c66ef4ac7a98273467c73046f9e655a/detection

http://84.32.188.31

# Reference: https://www.virustotal.com/gui/file/2991a8a3c36383f0d24c316254005053f91249590e74f96265e416f82b7326d3/detection

http://159.69.241.241

# Reference: https://twitter.com/Gi7w0rm/status/1586776595469041664
# Reference: https://www.virustotal.com/gui/file/ad695e274df8ad2e8dc99c2b9184680c0a3f52afb5bf91717d921a1e5807326b/detection

http://178.62.211.84
http://5.45.66.129

# Reference: https://twitter.com/abuse_ch/status/1586787216227012631
# Reference: https://urlhaus.abuse.ch/browse.php?search=%2FaN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK

http://146.70.86.136
http://176.124.203.182
http://176.124.207.141
http://185.143.223.72
http://193.233.48.6
http://193.33.195.39
http://31.41.244.153
http://45.8.144.183
http://51.68.28.231
http://88.119.169.78
http://88.119.171.205
http://89.185.85.151
http://89.208.103.222
http://94.131.109.53

# Reference: https://www.virustotal.com/gui/ip-address/192.42.116.41/relations
# Reference: https://www.virustotal.com/gui/file/008c499fe866366e3156bdf7319d4540ed89b9571f01ea39133155d8aabaa933/detection

apowkfeeifin21.site
blodinetisha15.site
cusanthana12.site
cytheriata4.xyz
danniemusoa7.store
dmunaavank10.store
ersyglhjkuij7.xyz
ewoijioewoif27.club
fazanaharahe1.xyz
fwenmfioewnjo26.club
fwjenfuihew28.club
fwkejnfuiewn29.club
fwkjenfuewnh30.club
gfyufuhhihioh17.site
ggiergionard5.xyz
gilmandros11.site
iefhuiehruiu23.site
mewmofinoine22.site
nastanizab8.store
nsgiuwrevi18.site
oiureveiuv19.site
ovrnevnriuen20.site
readinglistforaugust10.club
readinglistforaugust5.club
readinglistforaugust6.club
readinglistforaugust7.club
readinglistforaugust8.club
roimvnnvwniov25.club
ustiassosale3.xyz
vjrnnvinerovn24.club
willietjeana13.site
wnlonevkiju16.site
xandelissane2.xyz
ximusokall14.site

# Reference: https://www.team-cymru.com/post/inside-the-v1-raccoon-stealer-s-den

dq7shlx5o67t64ljuzisyp34s3n7vepnhc5ijt5hjh433qzaatyj5bid.onion

# Reference: https://www.virustotal.com/gui/file/237e88f7f9445399fbda4b9a82942309fe272077883d00397ffa2e5c0ca6dd08/detection

http://45.147.231.4

# Reference: https://www.virustotal.com/gui/file/3242b1d64d7ab9792dfce067d4d670f37277dc7825e45ee1e17ff70fb9809022/detection

http://185.238.168.190
http://5.61.50.161
http://5.61.51.73

# Reference: https://blog.cyble.com/2022/11/08/massive-youtube-campaign-targeting-over-100-applications-to-deliver-info-stealer/

http://51.255.211.253
http://91.213.50.70

# Reference: https://twitter.com/th3_protoCOL/status/1590493788635824128
# Reference: https://twitter.com/1ZRR4H/status/1590514594497581058
# Reference: https://tria.ge/221110-anef6afadk/behavioral1

http://146.70.86.46
freesoftwar.com
soft-cloud.org

# Reference: https://twitter.com/AuCyble/status/1590694320264601600

download-torrent-pro.com

# Reference: https://www.virustotal.com/gui/file/1e14063f58c7141ce18cf6aa97357217dbff6b5a4ff21df20ca13c9baa0ba512/detection

http://193.106.191.150

# Reference: https://www.virustotal.com/gui/file/0994292bbec307e21f6f4c2d45fb8258fef8abe1611a5d611e98062f29e0ad16/detection

http://193.106.191.155
/WYyJf5noB6.php

# Reference: https://www.virustotal.com/gui/file/36bd02986dce2eed41c7de5ba2fad40054dc7c3afa853837eca3e5aec8c97cd0/detection

http://185.225.17.198
http://193.106.191.162
http://193.106.191.223
http://5.252.176.62

# Reference: https://www.virustotal.com/gui/file/048ff2c2d619d58ace213fe63487b76681ce386c0f234a04f1db5b36e96bf323/detection

http://5.253.19.133
http://5.253.19.61

# Reference: https://twitter.com/MichalKoczwara/status/1591117083961884673
# Reference: https://tria.ge/221111-t63q9abh2s

http://213.252.247.230
http://213.252.247.23

# Reference: https://twitter.com/crep1x/status/1592270229190881280
# Reference: https://www.virustotal.com/gui/file/7e4371101f788c3f31179a2d0ee6fdb933367f21cc9dc28a65928373d2253d2f/detection

http://45.153.230.92
http://45.8.144.148
http://81.19.140.3
http://91.213.50.70
http://94.131.109.157

# Reference: https://twitter.com/idclickthat/status/1593321833742434307
# Reference: https://tria.ge/221117-xr9g2afd26

http://193.47.61.188
star-link.app

# Reference: https://twitter.com/1ZRR4H/status/1593377638504087553

http://45.15.156.105
http://45.15.156.116
http://45.15.156.120
http://45.15.156.122
http://45.15.156.2
http://45.15.156.36
http://45.15.156.38
http://45.15.156.40
http://45.15.156.42
http://45.15.156.65
http://45.15.156.90
http://45.15.156.94
http://45.15.156.95

# Reference: https://twitter.com/idclickthat/status/1594350316266422276
# Reference: https://twitter.com/BushidoToken/status/1594374268057522180
# Reference: https://tria.ge/221120-sldqysdd5s

http://193.149.180.60
http://193.149.185.171
http://193.149.187.34
cloudsintheslack.com
cloudsslack.com
slack-download.net
slackicorp.com
slackuk.com

# Reference: https://threatfox.abuse.ch/browse.php?search=malware%3Arecordbreaker

http://107.152.42.43
http://107.152.44.45
http://109.107.175.28
http://111.90.143.220
http://116.202.0.25
http://116.203.214.248
http://135.148.104.11
http://135.181.103.91
http://135.181.104.145
http://135.181.168.157
http://135.181.185.150
http://144.76.31.117
http://146.19.173.87
http://146.19.247.151
http://146.70.139.240
http://146.70.86.235
http://151.236.1.121
http://152.89.196.234
http://152.89.218.79
http://157.90.154.157
http://159.69.101.181
http://164.92.186.156
http://167.172.152.136
http://167.235.133.31
http://167.235.134.14
http://167.235.135.253
http://167.235.234.131
http://168.100.10.253
http://168.100.9.214
http://172.111.36.191
http://172.86.120.142
http://172.86.120.42
http://172.86.121.106
http://176.113.115.217
http://176.124.210.131
http://176.124.211.205
http://179.43.162.97
http://179.43.163.117
http://185.106.92.14
http://185.106.92.25
http://185.215.113.26
http://185.225.17.100
http://185.225.17.101
http://185.225.17.16
http://185.225.19.229
http://185.25.51.125
http://185.253.96.120
http://185.51.247.192
http://185.51.247.56
http://188.119.112.230
http://188.127.227.51
http://188.212.125.115
http://188.215.229.203
http://188.93.233.101
http://188.93.233.33
http://193.106.191.199
http://193.149.129.109
http://193.149.129.96
http://193.149.185.168
http://193.149.187.118
http://193.201.126.64
http://193.233.193.56
http://193.33.194.176
http://193.38.55.180
http://193.38.55.82
http://193.43.146.80
http://193.43.147.159
http://193.43.147.242
http://193.43.147.6
http://194.104.136.99
http://194.180.174.102
http://194.180.174.117
http://194.180.174.118
http://194.180.174.72
http://194.36.177.117
http://194.87.216.139
http://195.201.255.175
http://20.39.251.171
http://206.166.251.166
http://206.166.251.254
http://206.188.196.200
http://212.118.36.128
http://212.118.39.74
http://213.170.133.159
http://213.170.133.189
http://213.252.244.27
http://213.252.245.214
http://213.252.247.104
http://213.252.247.130
http://213.252.247.97
http://217.182.36.132
http://23.229.117.245
http://23.229.117.249
http://23.88.58.125
http://31.41.244.137
http://31.41.244.88
http://37.1.206.174
http://45.10.20.248
http://45.11.19.99
http://45.138.74.104
http://45.138.74.152
http://45.140.147.122
http://45.140.147.223
http://45.140.147.76
http://45.142.214.212
http://45.144.29.146
http://45.144.29.235
http://45.147.228.210
http://45.147.231.141
http://45.15.156.102
http://45.15.156.16
http://45.15.156.27
http://45.15.156.56
http://45.153.230.205
http://45.153.230.5
http://45.153.240.208
http://45.153.241.202
http://45.153.242.180
http://45.159.189.41
http://45.159.248.118
http://45.61.137.163
http://45.61.138.131
http://45.67.229.220
http://45.67.231.142
http://45.67.231.202
http://45.67.231.93
http://45.67.35.17
http://45.67.35.251
http://45.8.144.151
http://45.8.144.153
http://45.8.144.53
http://45.8.145.174
http://45.8.145.198
http://45.8.145.203
http://45.8.145.21
http://45.8.145.222
http://45.8.146.190
http://45.8.146.34
http://45.87.3.111
http://45.89.54.95
http://45.89.55.178
http://45.95.11.158
http://46.249.35.162
http://46.249.58.152
http://49.12.5.43
http://5.182.39.76
http://5.2.70.65
http://5.252.177.20
http://5.252.177.64
http://5.252.21.28
http://5.252.23.112
http://5.253.19.142
http://5.45.67.19
http://5.61.42.196
http://51.104.40.109
http://51.140.255.32
http://51.195.166.180
http://51.79.211.202
http://62.113.255.110
http://64.44.102.116
http://64.44.102.241
http://65.108.20.194
http://65.108.20.41
http://65.108.240.126
http://65.109.13.85
http://65.21.183.166
http://65.21.186.115
http://74.119.194.185
http://77.220.215.14
http://77.220.215.34
http://77.232.39.101
http://77.73.132.74
http://77.73.133.1
http://77.73.133.23
http://77.73.133.49
http://77.73.133.7
http://77.73.133.92
http://77.73.134.31
http://77.75.230.68
http://77.75.230.93
http://77.91.102.246
http://77.91.123.97
http://77.91.73.213
http://78.153.144.98
http://78.159.103.214
http://78.47.191.142
http://79.137.192.29
http://79.137.195.225
http://79.137.197.212
http://79.137.205.87
http://80.66.87.23
http://80.66.87.28
http://80.66.87.43
http://80.92.205.130
http://80.92.206.126
http://80.92.206.215
http://82.115.223.5
http://84.246.85.144
http://84.246.85.153
http://84.246.85.28
http://84.246.85.43
http://84.32.188.111
http://85.192.63.175
http://85.192.63.46
http://87.120.254.71
http://87.236.161.20
http://87.251.77.253
http://87.251.77.27
http://88.119.161.159
http://88.119.169.24
http://88.119.169.27
http://88.119.169.49
http://88.119.169.51
http://88.119.169.55
http://88.119.170.105
http://88.119.170.241
http://88.119.171.176
http://88.119.171.62
http://88.119.171.79
http://88.119.174.185
http://88.119.175.136
http://88.210.6.78
http://89.185.85.175
http://89.185.85.230
http://89.208.103.4
http://89.208.103.56
http://89.208.104.165
http://89.208.104.46
http://89.208.104.89
http://89.208.107.42
http://89.22.226.85
http://89.58.0.206
http://91.234.254.126
http://91.240.118.160
http://92.204.160.116
http://92.38.240.8
http://93.115.21.96
http://93.185.166.43
http://93.185.166.95
http://94.131.100.111
http://94.131.100.147
http://94.131.106.183
http://94.131.106.184
http://94.131.106.196
http://94.131.106.225
http://94.131.106.59
http://94.131.106.92
http://94.131.107.214
http://94.131.107.23
http://94.131.107.238
http://94.131.107.239
http://94.131.107.59
http://94.131.109.18
http://94.131.109.56
http://94.131.97.157
http://94.131.97.33
http://94.158.247.25
http://95.141.41.13
http://95.216.177.153
http://95.216.178.91
http://95.216.251.186
http://95.216.252.180
http://95.217.187.116
http://95.217.241.175
filetick.pro
inexu.top
o3shuzjrnpzf2aiq.online
shettester1000.com

# Reference: https://threatfox.abuse.ch/browse.php?search=malware%3Araccoon

http://101.99.95.192
http://101.99.95.5
http://103.155.93.229
http://103.155.93.70
http://136.244.65.99
http://138.197.179.146
http://139.162.210.29
http://140.82.52.55
http://142.132.180.233
http://142.132.225.253
http://142.132.229.12
http://146.19.247.28
http://146.19.247.91
http://146.70.124.71
http://146.70.125.95
http://146.70.160.4
http://149.202.65.236
http://159.223.25.220
http://164.92.172.4
http://176.58.125.121
http://176.58.98.13
http://178.128.94.180
http://178.62.198.37
http://178.79.160.84
http://178.79.161.18
http://179.43.154.171
http://185.163.204.20
http://185.163.204.212
http://185.163.204.219
http://185.163.204.229
http://185.163.204.32
http://185.163.204.47
http://185.163.204.62
http://185.163.204.9
http://185.163.47.175
http://185.225.19.128
http://185.225.19.190
http://185.225.19.198
http://185.246.220.214
http://185.62.56.113
http://188.166.49.196
http://188.40.147.166
http://192.248.184.34
http://193.149.176.204
http://193.233.193.50
http://193.38.54.50
http://193.43.146.17
http://193.43.146.26
http://193.43.147.132
http://194.180.158.174
http://194.180.174.104
http://194.180.174.161
http://194.180.174.181
http://194.180.174.182
http://194.180.174.40
http://194.180.174.55
http://194.180.174.97
http://194.87.31.186
http://195.201.248.58
http://206.166.251.218
http://206.188.197.116
http://206.189.234.222
http://207.154.195.173
http://212.118.38.177
http://213.226.100.106
http://23.88.55.150
http://31.13.195.44
http://45.133.216.145
http://45.133.216.170
http://45.133.216.249
http://45.142.212.100
http://45.142.214.247
http://45.142.215.50
http://45.142.215.92
http://45.144.30.91
http://45.15.156.31
http://45.150.67.85
http://45.152.86.98
http://45.153.230.183
http://45.153.240.247
http://45.153.241.28
http://45.182.189.196
http://45.61.138.121
http://45.67.34.234
http://45.84.0.80
http://45.9.148.139
http://46.101.30.175
http://5.181.156.242
http://5.181.156.62
http://5.181.156.92
http://5.252.22.107
http://5.252.22.66
http://5.253.19.65
http://51.195.166.185
http://51.195.166.186
http://51.195.166.204
http://51.210.87.110
http://65.108.20.64
http://65.108.216.10
http://77.73.132.84
http://77.73.133.69
http://77.91.102.115
http://77.91.102.44
http://77.91.73.162
http://77.91.74.67
http://82.202.172.185
http://83.149.87.220
http://84.246.85.178
http://85.159.212.113
http://88.119.171.225
http://89.108.102.157
http://89.185.84.7
http://89.185.85.173
http://91.194.11.43
http://91.219.236.143
http://91.219.236.212
http://91.219.236.69
http://91.219.236.97
http://91.219.237.226
http://91.242.229.166
http://93.115.19.194
http://93.115.28.51
http://94.131.107.132
http://94.131.97.56
http://94.158.244.21
http://94.158.245.199
http://94.158.247.13
http://95.216.88.185
https://45.144.29.146
cdnofficecloud.net
game4486.worldhosts.fun
robloxscript.site
roll-rave.site
telegalive.top
telegraf.top
toptelete.top

# Reference: https://twitter.com/idclickthat/status/1597260362705145857
# Reference: https://tria.ge/221128-s2tr4sdg38/

http://185.173.34.39
fajaspieldeangel.co
trial-autodesk.com

# Reference: https://twitter.com/l205306/status/1597928917775503360

all-soft.space
gldfreesofts.site
mixsoftware.org
selfw4re.net
trustgamesoft.com

# Reference: https://twitter.com/James_inthe_box/status/1598351953246900228
# Reference: https://app.any.run/tasks/62b03113-07e9-4fd5-a371-634e022e50c8/

http://88.210.9.212

# Reference: https://www.virustotal.com/gui/file/85317946bf51e7c6080c6607f18c05e587647aeafdad2f77316c6addaf474f2d/detection

download-serv-463256.xyz
youtubedonwload4.xyz
youwebmaster.net

# Reference: https://twitter.com/idclickthat/status/1602358835322261518
# Reference: https://tria.ge/221212-v6evvscb23/behavioral2

http://88.119.169.120
amdicat.com
infamousmails.com

# Reference: https://twitter.com/crep1x/status/1603739742910169088
# Reference: https://tria.ge/221216-pzp5cseg23

http://94.131.98.162
chrone-intsall.com

# Reference: https://www.virustotal.com/gui/file/1443b2fa3ece332d66836172ff5c75237fd064300f3c8c1754c319935ed44797/detection

http://179.43.142.85

# Reference: https://twitter.com/crep1x/status/1604561875949199373
# Reference: https://tria.ge/221218-mljz3sbe86/behavioral2

http://213.252.247.188

# Reference: https://twitter.com/Gi7w0rm/status/1606330240351051777

http://94.131.98.99
http://94.131.98.100

# Reference: https://www.virustotal.com/gui/file/8de8b2295a85d4817c4da8ca24a438ada4edb5e80ef93ae48646ff5d918ddeac/detection

http://212.118.38.57

# Reference: https://twitter.com/r3dbU7z/status/1607028963980754945
# Reference: https://www.virustotal.com/gui/file/5fa1c3ddf64efe1a1c7482987bcd03b32bdbebbb5ca7adeca2f5615d24790811/detection

http://94.131.100.85

# Reference: https://twitter.com/r3dbU7z/status/1607803057672421376
# Reference: https://www.virustotal.com/gui/file/14d0ab048470cf65ec844ce0a841204c8120c190a5838bc5bcdb85a1ea9f56fa/detection

http://193.3.23.11
aircompany.site
slakosuoyoliusdd.ru
tinunlomitedwastan.ru

# Reference: https://twitter.com/malware_traffic/status/1608690081178750976

http://146.70.102.99

# Reference: https://www.virustotal.com/gui/file/3dc8685a50a7899e1edb038851f791a992a558213a376bd1494d7be86f8a3935/detection

http://94.131.98.103
http://94.131.98.177

# Reference: https://www.virustotal.com/gui/ip-address/161.117.231.217/relations
# Reference: https://www.virustotal.com/gui/ip-address/161.117.83.93/relations
# Reference: https://www.virustotal.com/gui/file/00264ad58c30937544a5e3ce096bd3dcab52f18a2b8554a0ec8634526ecc42b7/detection
# Reference: https://www.virustotal.com/gui/file/2f87741b700ead4acc6ed82d781626d389c71fd17f50666ab6a978ea4a101831/detection
# Reference: https://www.virustotal.com/gui/file/32fcf602c79e06547233ab22eca1d6979d8739bec9ae9cc7bffcf494631c16f9/detection
# Reference: https://www.virustotal.com/gui/file/6b9ba9d6bddecf83a47f18d8f7c747b14747107c6b6bd5e94da46779cef341ed/detection

asmupdate1.top
asmupdate2.top
asmupdate3.top
asmupdate4.top
fasmupdate1.top
fasmupdate2.top
fasmupdate3.top
fasmupdate4.top
idaupdate1.top
idaupdate2.top
idaupdate3.top
idaupdate4.top
lastupdate1.top
lastupdate2.top
lastupdate3.top
lastupdate4.top
rockupdate1.top
rockupdate2.top
rockupdate3.top
rockupdate4.top

# Reference: https://mobile.twitter.com/0xrb/status/1610512844222763008

http://104.234.147.80
http://109.107.173.210
http://116.203.105.175
http://138.124.180.91
http://146.70.86.243
http://147.135.62.201
http://147.135.62.202
http://152.89.247.84
http://154.7.253.54
http://172.86.122.234
http://176.124.212.149
http://179.43.163.110
http://185.234.247.220
http://188.34.203.37
http://193.38.55.43
http://194.15.216.23
http://194.4.49.101
http://194.87.216.120
http://195.133.75.104
http://212.114.52.79
http://212.114.52.89
http://212.192.31.175
http://37.220.87.12
http://37.220.87.25
http://37.220.87.34
http://37.220.87.38
http://45.11.19.199
http://45.11.19.40
http://45.130.151.120
http://45.140.146.74
http://45.144.31.115
http://45.15.156.151
http://45.15.156.168
http://45.15.156.169
http://45.15.156.179
http://45.15.156.75
http://45.67.228.98
http://45.67.35.164
http://45.77.137.243
http://45.8.147.239
http://5.252.118.177
http://5.252.178.86
http://51.255.211.170
http://51.81.254.14
http://77.73.133.123
http://77.73.133.45
http://77.73.133.51
http://77.73.134.30
http://79.137.196.11
http://79.137.202.214
http://80.92.205.177
http://83.220.171.29
http://83.97.20.99
http://84.246.85.98
http://86.105.252.165
http://88.119.161.188
http://88.119.161.195
http://88.119.161.198
http://88.119.169.187
http://88.119.169.193
http://88.119.170.115
http://89.40.206.86
http://91.215.85.146
http://93.185.166.49
http://94.131.100.83
http://94.131.105.198
http://94.131.98.102
http://95.217.102.106
exsolution-softs.com
nextgen-game.com
respekt5567.com
softeasy.org
softeasy.pro
softwareofficial.site
vipsoft.store

# Reference: https://twitter.com/teamcymru_S2/status/1610320609531285504
# Reference: https://twitter.com/0xrb/status/1610519952829845504

http://74.119.195.225
http://88.119.161.199
http://88.119.169.153
http://88.119.169.154
http://88.119.171.143
http://88.119.175.111

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Raccoon_v2/C2_IPs_found_05_01_2023.txt

http://103.214.4.110
http://103.219.154.161
http://135.181.157.133
http://138.124.183.122
http://141.98.169.173
http://141.98.169.180
http://146.19.173.72
http://146.19.207.20
http://146.70.106.171
http://146.70.106.93
http://146.70.131.213
http://146.70.86.238
http://152.89.247.174
http://152.89.247.216
http://159.69.180.81
http://160.20.147.173
http://160.20.147.205
http://160.20.147.64
http://162.19.206.3
http://168.100.9.166
http://185.163.45.250
http://185.163.45.254
http://185.225.19.29
http://185.225.70.145
http://185.229.65.197
http://185.242.86.140
http://185.242.86.141
http://185.242.86.142
http://185.242.86.143
http://185.25.50.200
http://185.25.50.4
http://185.25.51.38
http://185.5.250.167
http://188.119.112.179
http://193.149.180.124
http://194.37.97.188
http://194.4.49.73
http://206.166.251.126
http://213.252.245.203
http://213.252.246.220
http://213.252.247.41
http://213.252.247.48
http://23.134.168.143
http://23.134.168.173
http://37.220.87.29
http://37.220.87.35
http://37.220.87.36
http://37.220.87.47
http://37.220.87.7
http://45.130.43.77
http://45.138.74.231
http://45.140.147.138
http://45.144.29.18
http://45.15.156.79
http://45.15.159.197
http://45.153.230.216
http://45.66.230.38
http://45.67.228.180
http://45.8.144.61
http://45.8.144.73
http://45.84.0.219
http://45.84.0.222
http://45.84.0.239
http://45.84.121.40
http://45.84.121.46
http://45.89.54.61
http://46.3.199.79
http://49.12.211.76
http://5.181.159.66
http://5.181.159.86
http://5.182.36.75
http://5.182.37.217
http://5.252.118.36
http://5.252.177.22
http://5.252.23.27
http://5.255.97.178
http://5.75.186.33
http://51.195.166.179
http://64.52.80.224
http://65.109.131.183
http://65.20.114.202
http://74.119.195.134
http://77.73.133.111
http://77.73.133.112
http://77.73.133.118
http://77.73.133.119
http://77.73.133.127
http://77.73.133.20
http://77.73.133.81
http://77.91.122.57
http://78.153.130.102
http://79.137.198.122
http://79.137.207.148
http://80.92.204.30
http://84.246.85.137
http://84.246.85.61
http://84.32.191.242
http://85.192.63.204
http://85.192.63.21
http://85.239.63.228
http://87.120.37.253
http://87.236.146.172
http://88.119.169.183
http://88.119.169.188
http://88.210.11.158
http://89.185.85.109
http://89.208.103.77
http://89.208.106.154
http://89.23.103.4
http://91.213.50.19
http://94.131.98.154
http://94.131.98.156
http://94.131.98.157
http://94.131.98.176
http://94.131.98.90
http://94.131.98.91
http://94.131.98.93
http://94.131.98.98
http://95.216.251.188

# Reference: https://twitter.com/felixaime/status/1611268354722897920
# Reference: https://blog.sekoia.io/unveiling-of-a-large-resilient-infrastructure-distributing-information-stealers/
# Reference: https://github.com/SEKOIA-IO/Community/blob/main/IOCs/infra_seo_crack_stealers/infra_seo_crack_stealers_iocs_20230106.csv

http://134.122.115.190
http://137.184.159.42
http://137.184.227.198
http://137.184.43.153
http://143.198.164.102
http://143.244.212.228
http://146.190.12.4
http://157.230.87.146
http://159.223.97.209
http://162.243.164.175
http://18.144.113.48
http://34.203.142.179
http://44.198.126.45
aboxwithfilez.xyz
allactivationkey.com
allcracker.com
allcracker.comallsoftwarepro.com
allsoftwarepro.com
asperhost.xyz
audioplugins.net
bdomicfilez.xyz
binaryfile.cfd
bitloservx.click
blakbooot.click
bnr45iqly.cfd
bokywodzfa.xyz
bottlecap1.click
brownrabr.click
bubl-filez.xyz
ceedohostzcomi.xyz
chondimahiy.xyz
cl0nytig.xyz
comallsoftwarepro.com
comcrackzsoft.com
completecrack.com
comprocracklink.com
corokeralama.xyz
corpyfoxiy.xyz
crack-line.com
crack-warez.com
crack-win.com
crackask.com
crackcow.com
crackedfilez.com
cracker01.com
crackexe.net
crackeyfree.com
crackfaqs.com
crackglobal.com
crackinges.com
crackist.com
cracklet.com
crackmyapps.com
crackmykeys.com
crackname.com
cracknkeys.com
cracknpc.com
crackny.com
crackpcpro.com
crackproduct.com
crackre.com
crackregister.com
crackrepack.com
cracks-full.com
cracks11.com
cracksbuddy.com
crackservices.com
cracksfree.net
crackspromax.com
cracksroom.com
crackstores.com
cracktera.com
cracktera.comcrackzsoft.com
crackwebs.com
crackwindow.com
crackzero.com
crackzsoft.com
crookhost.cfd
crop18king.xyz
ctmouzecla.click
dailycracks.com
dikshaappforpc.com
ditlivhostz.xyz
dll-crack.com
dllcrackz.com
easywindowsactivator.com
entry4hide.cyou
eros0hostz.xyz
evosurver.click
exitlocat.cyou
fiiezofcloude.xyz
find2sitrox.xyz
fishsurver.click
fitcrack.com
fizzzhost.xyz
forevercrack.com
free-crack.com
freefiles22.xyz
freewindowsactivator.com
full-crack.com
full-cracked.com
full-softwares.com
fullcrackapp.com
fullcrackfile.com
fullkeypro.com
fullportable.com
giantcrack.com
gooddata.xyz
greenbottz.xyz
hdstreamzforpcdl.com
heifan2survr.xyz
hersiz00d.xyz
hft76yu.cfd
hificellfon.click
hitcrackspc.com
hitpcgames.com
hosngclowz.cyou
hy3srver.xyz
hyphnhostn.xyz
icrackpro.com
icracx.com
iee2kolmoz.xyz
iglo0host.click
inshotforpc.com
itforhost.xyz
jytibarose.xyz
keygen4u.com
keygenguru.net
kihygenvc.xyz
kinbo112.xyz
kinemasterforpcdl.com
king-host.xyz
kitefly.xyz
kitlybitli44.xyz
klimyteioz2b.xyz
komikata.click
koptikbaj4.xyz
krimikomrew4.xyz
license4softs.com
lowfeedo1.xyz
loyabonzy.xyz
lvihostng.click
macapps-download.com
macdownloadpro.com
macgamers.net
macsoftwarepro.com
massraphost.xyz
masterforpc.com
mattservrz.xyz
mikavika.click
minghost.cfd
minicrack.com
mo21srver.xyz
mobilelegendsforpc.com
mocrack.com
moyakanj0.xyz
myclotb0e.xyz
myhasrnga.xyz
myloster2v1.xyz
mypklboy3.xyz
mysite-servrz.xyz
mytallphon.click
naswarlobi.xyz
neonhost.click
newactivationkey.com
newcracksoft.com
newlicensekeys.com
nikuserver.xyz
nomanpc.com
nysicforma.xyz
odibolngup.click
offsebike.cyou
onecracks.com
ooxyzhost.xyz
opcracks.com
opetafruith.xyz
osr1file.xyz
ovacrack.com
pandacracks.com
patchzip.com
pccrackspro.com
pcgamesguru.com
pcsoftkit.com
pepatoniyac.click
ping-host.xyz
pingatinga.click
pinkbotts2.xyz
pirtibox.click
plugin-torrent.com
pozitfiiezi.xyz
premiumcrack.com
primrvils.click
procrackapp.com
procrackapp.comprocracklink.com
procracklink.com
procracksfile.com
procracksoftware.com
purplbogi.click
purplebot21.xyz
qcellphone.click
qoli-filez.xyz
quy32-filez.xyz
ridsosurver1.xyz
rizonfoggy.xyz
roizohozt19.xyz
safehand.xyz
setserverfile.xyz
sharemeforpc.com
sid4time.xyz
sigmarole.cyou
sigrat4hyp.xyz
singlwirre.click
sitka-pyrok.xyz
sixcozrevoli.xyz
slom0wise4.xyz
slugmefilehos.xyz
softkeygenpro.com
softs32.com
softskeygen.com
softwarekeygen.com
surbexdillx.xyz
survrhostngs.xyz
tekken3forpc.com
thecrackfiles.com
thecracksoftware.com
thepccrack.com
tocracks.com
tolby-file.xyz
toloserverz.click
top3hostngc.xyz
torrdroidforpc.com
totalcracks.com
trollhost.xyz
trycracks.com
unacademyforpc.com
uploadpk.com
urconsolest.click
urcracks.net
urhandups.xyz
urstolupzo.xyz
uscracks.com
vig0boat.click
vst-crack.com
vst-torrent.net
vysorforpc.com
wecracks.com
whitr0sez.xyz
windowsactivatorpro.com
windowscrack.com
woldcup20.cyou
wowcracks.com
ww16.ping-host.xyz
ww16.tolby-file.xyz
ww25.qoli-filez.xyz
ww38.tolby-file.xyz
xo-xohost.xyz
ycracks.com
yell0wssroz.xyz
yellokomput.xyz
yourcracks.com

# Reference: https://twitter.com/0xrb/status/1613768173375082497

http://135.181.202.232
http://146.19.233.206
http://146.70.125.93
http://146.70.145.201
http://152.89.247.59
http://170.75.173.215
http://185.106.94.254
http://185.218.3.131
http://185.223.93.181
http://185.242.87.199
http://185.242.87.203
http://193.149.187.95
http://194.104.136.49
http://194.104.136.68
http://20.115.112.33
http://213.252.247.68
http://45.15.156.208
http://46.3.199.85
http://77.73.134.67
http://77.91.122.78
http://77.91.78.44
http://78.47.114.228
http://88.119.169.205
http://89.23.96.13
http://91.107.147.251
http://91.90.192.72
http://94.131.100.203
http://94.131.100.41
http://94.131.98.82
http://94.131.98.89
http://95.217.219.204

# Reference: https://threatfox.abuse.ch/browse/malware/win.raccoon/

http://101.99.93.178
http://102.130.113.39
http://103.219.154.115
http://103.219.154.161
http://103.219.154.247
http://104.40.27.143
http://109.107.175.155
http://109.172.45.16
http://109.230.215.138
http://109.234.39.45
http://111.90.143.111
http://116.203.145.50
http://116.203.199.122
http://116.203.35.117
http://116.203.57.132
http://130.0.234.116
http://134.209.88.114
http://135.181.123.170
http://135.181.187.248
http://135.181.241.165
http://135.181.251.158
http://135.181.68.23
http://138.201.119.9
http://141.94.55.61
http://142.132.167.230
http://142.132.191.50
http://142.132.226.252
http://142.132.236.51
http://146.0.74.79
http://146.19.170.164
http://146.19.207.163
http://146.70.100.89
http://146.70.101.78
http://146.70.104.186
http://146.70.106.55
http://146.70.143.138
http://146.70.152.214
http://146.70.161.70
http://146.70.20.241
http://146.70.24.132
http://146.70.86.141
http://146.70.86.253
http://146.70.86.27
http://146.70.86.4
http://146.70.88.38
http://147.78.47.232
http://152.89.196.234
http://152.89.247.188
http://152.89.247.203
http://152.89.247.63
http://152.89.247.92
http://157.254.195.130
http://157.254.195.56
http://157.254.195.57
http://157.90.145.118
http://157.90.172.182
http://159.203.177.90
http://159.69.196.191
http://162.33.177.9
http://162.33.178.237
http://162.33.178.37
http://162.55.37.54
http://165.232.118.86
http://167.235.131.221
http://167.235.233.181
http://167.235.240.184
http://167.235.29.56
http://168.100.11.62
http://168.100.11.85
http://168.100.8.188
http://168.100.9.125
http://168.119.60.182
http://170.75.160.9
http://170.75.167.33
http://172.81.180.176
http://172.86.75.81
http://176.10.111.93
http://179.43.140.137
http://179.43.142.103
http://179.43.154.206
http://179.43.155.213
http://179.43.162.53
http://185.10.68.210
http://185.106.92.101
http://185.106.92.135
http://185.106.92.151
http://185.106.92.17
http://185.106.92.20
http://185.106.92.27
http://185.106.92.48
http://185.106.92.51
http://185.106.92.62
http://185.106.92.84
http://185.106.92.89
http://185.106.92.93
http://185.106.94.194
http://185.106.94.215
http://185.106.94.4
http://185.106.94.71
http://185.121.139.45
http://185.125.206.245
http://185.158.251.192
http://185.163.204.16
http://185.173.34.208
http://185.173.34.29
http://185.173.34.40
http://185.173.34.73
http://185.181.10.208
http://185.193.126.104
http://185.203.117.113
http://185.206.215.35
http://185.225.115.112
http://185.225.73.102
http://185.225.73.151
http://185.246.220.203
http://185.25.51.5
http://185.25.51.6
http://185.253.96.110
http://185.253.96.116
http://185.62.58.61
http://185.73.202.78
http://188.116.34.196
http://188.119.113.237
http://188.121.97.140
http://188.34.188.246
http://188.34.194.236
http://188.34.199.86
http://190.14.37.156
http://192.153.57.193
http://192.153.57.230
http://192.236.154.227
http://193.149.129.12
http://193.149.176.45
http://193.149.185.13
http://193.149.185.159
http://193.149.187.230
http://193.149.187.53
http://193.149.189.174
http://193.149.189.212
http://193.149.189.239
http://193.176.29.199
http://193.233.20.128
http://193.233.20.134
http://193.233.20.137
http://193.233.20.138
http://193.233.20.140
http://193.233.20.142
http://193.233.20.143
http://193.233.20.195
http://193.233.20.238
http://193.233.232.250
http://193.233.232.5
http://193.233.233.32
http://193.38.54.38
http://193.38.55.131
http://194.104.136.194
http://194.104.136.55
http://194.15.216.219
http://194.15.216.226
http://194.163.177.109
http://194.4.51.202
http://194.4.51.203
http://194.5.177.193
http://194.87.199.101
http://194.87.199.196
http://194.87.216.106
http://194.87.219.115
http://194.87.31.171
http://194.87.62.51
http://195.123.217.217
http://195.123.217.247
http://195.123.241.57
http://195.133.40.111
http://195.133.40.221
http://195.20.17.190
http://195.201.124.92
http://195.211.96.217
http://195.54.174.35
http://195.85.250.67
http://20.166.60.250
http://206.166.251.126
http://206.166.251.136
http://206.166.251.230
http://206.188.196.18
http://206.188.197.110
http://206.189.179.153
http://208.85.19.93
http://212.113.106.116
http://212.113.106.17
http://212.113.106.211
http://212.113.106.216
http://212.113.106.218
http://212.113.116.1
http://212.113.116.46
http://212.113.116.47
http://212.113.119.101
http://212.113.119.153
http://212.113.119.25
http://212.113.119.35
http://212.113.119.48
http://212.113.119.69
http://212.113.119.73
http://212.113.119.8
http://212.118.36.51
http://212.118.41.216
http://212.86.102.98
http://212.86.109.24
http://213.252.244.5
http://213.252.246.235
http://217.114.43.217
http://217.138.215.68
http://217.138.215.83
http://217.196.96.11
http://217.196.96.19
http://23.134.168.112
http://23.19.58.152
http://37.1.208.22
http://37.1.212.243
http://37.120.238.179
http://37.220.87.17
http://37.220.87.18
http://37.220.87.22
http://37.220.87.25
http://37.220.87.26
http://37.220.87.48
http://37.220.87.49
http://37.220.87.63
http://37.220.87.66
http://37.220.87.67
http://37.220.87.68
http://37.220.87.69
http://37.220.87.86
http://37.49.230.54
http://43.130.118.228
http://45.132.1.159
http://45.137.65.37
http://45.138.74.192
http://45.140.146.217
http://45.142.215.180
http://45.143.223.133
http://45.147.228.200
http://45.147.229.105
http://45.147.229.205
http://45.15.156.143
http://45.15.156.144
http://45.15.156.145
http://45.15.156.164
http://45.15.156.226
http://45.15.156.227
http://45.15.156.239
http://45.15.156.251
http://45.15.156.50
http://45.15.156.62
http://45.15.156.75
http://45.15.156.87
http://45.15.156.96
http://45.15.157.7
http://45.15.159.199
http://45.15.159.249
http://45.153.230.189
http://45.153.241.202
http://45.153.243.78
http://45.61.136.194
http://45.61.138.12
http://45.61.138.130
http://45.61.139.2
http://45.67.35.52
http://45.8.146.72
http://45.82.13.17
http://45.82.71.192
http://45.82.73.28
http://45.82.73.60
http://45.84.121.41
http://45.9.74.119
http://45.9.74.133
http://45.9.74.140
http://45.9.74.151
http://45.9.74.152
http://45.9.74.160
http://45.9.74.165
http://45.9.74.166
http://45.9.74.170
http://45.9.74.171
http://45.9.74.172
http://45.9.74.173
http://45.9.74.174
http://45.9.74.175
http://45.9.74.176
http://45.9.74.21
http://45.9.74.22
http://45.9.74.34
http://45.9.74.35
http://45.9.74.36
http://45.9.74.50
http://45.9.74.54
http://45.9.74.56
http://45.9.74.6
http://45.9.74.60
http://45.9.74.68
http://45.9.74.69
http://45.9.74.70
http://45.9.74.71
http://45.9.74.81
http://45.9.74.82
http://45.9.74.90
http://45.9.74.97
http://45.9.74.99
http://45.90.59.19
http://45.91.203.172
http://46.151.24.154
http://46.151.27.83
http://46.151.31.129
http://46.151.31.216
http://46.18.107.197
http://49.12.197.60
http://49.12.203.54
http://49.12.210.141
http://49.12.210.249
http://5.252.118.139
http://5.252.118.232
http://5.252.177.22
http://5.252.177.50
http://5.252.177.71
http://5.252.178.139
http://5.252.178.5
http://5.254.118.211
http://5.254.118.254
http://5.255.100.41
http://5.255.111.137
http://5.39.117.99
http://5.75.129.114
http://5.75.138.1
http://5.75.159.229
http://5.75.182.199
http://5.75.186.50
http://5.75.225.209
http://5.75.242.235
http://5.75.243.212
http://5.75.251.66
http://5.78.75.80
http://51.178.186.12
http://51.81.143.171
http://51.81.160.184
http://51.81.160.185
http://51.81.254.18
http://51.89.124.197
http://54.38.218.228
http://62.204.41.115
http://62.204.41.124
http://62.204.41.125
http://62.204.41.134
http://62.204.41.250
http://62.204.41.7
http://64.190.113.112
http://64.190.113.31
http://64.44.139.110
http://65.108.156.39
http://65.108.241.85
http://65.109.131.223
http://65.109.139.29
http://65.109.169.111
http://65.109.2.154
http://65.109.205.198
http://77.105.146.86
http://77.246.96.7
http://77.73.131.33
http://77.73.133.79
http://77.73.133.90
http://77.73.134.11
http://77.73.134.25
http://77.73.134.43
http://77.73.134.49
http://77.73.134.81
http://77.73.134.82
http://77.91.123.116
http://77.91.123.135
http://77.91.123.139
http://77.91.124.79
http://77.91.68.33
http://77.91.78.44
http://77.91.78.46
http://77.91.78.50
http://77.91.78.69
http://77.91.84.20
http://77.91.84.46
http://77.91.84.68
http://77.91.85.172
http://77.91.86.187
http://77.91.86.231
http://77.91.87.126
http://78.153.130.123
http://78.153.130.127
http://78.153.130.132
http://78.153.130.148
http://78.153.130.157
http://78.153.130.226
http://78.153.130.242
http://78.153.130.247
http://78.153.130.54
http://78.153.130.86
http://78.47.92.58
http://79.132.137.39
http://79.137.194.178
http://79.137.195.240
http://79.137.196.41
http://79.137.197.160
http://79.137.198.18
http://79.137.199.211
http://79.137.199.215
http://79.137.199.216
http://79.137.202.139
http://79.137.202.245
http://79.137.203.199
http://79.137.203.5
http://79.137.205.138
http://79.137.206.143
http://79.137.206.151
http://79.137.206.189
http://79.137.206.195
http://79.137.206.22
http://79.137.206.76
http://79.137.207.152
http://79.137.207.160
http://79.137.207.168
http://79.137.207.4
http://79.137.207.53
http://79.137.207.59
http://79.137.248.123
http://79.137.248.197
http://79.137.248.245
http://79.137.248.73
http://80.66.89.194
http://80.71.157.79
http://80.78.25.110
http://80.85.139.150
http://80.85.139.245
http://80.85.241.20
http://80.85.241.83
http://80.89.228.162
http://80.92.206.186
http://81.19.140.95
http://81.19.141.119
http://81.19.141.163
http://81.19.141.6
http://82.115.223.13
http://82.115.223.208
http://82.115.223.215
http://83.217.11.10
http://83.217.11.11
http://83.217.11.12
http://83.217.11.13
http://83.217.11.14
http://83.217.11.16
http://83.217.11.17
http://83.217.11.18
http://83.217.11.19
http://83.217.11.20
http://83.217.11.22
http://83.217.11.23
http://83.217.11.25
http://83.217.11.26
http://83.217.11.27
http://83.217.11.28
http://83.217.11.31
http://83.217.11.32
http://83.217.11.33
http://83.217.11.34
http://83.217.11.35
http://83.217.11.36
http://83.217.11.4
http://83.217.11.6
http://83.217.11.9
http://84.247.51.113
http://84.247.51.117
http://84.32.190.128
http://85.192.40.253
http://85.192.63.154
http://85.192.63.161
http://85.192.63.185
http://85.192.63.243
http://85.192.63.51
http://85.206.172.171
http://85.206.172.172
http://85.208.107.18
http://85.208.107.89
http://85.217.144.18
http://85.239.41.190
http://86.105.18.13
http://87.120.254.239
http://87.251.77.45
http://88.119.161.37
http://88.119.170.121
http://88.119.174.133
http://88.119.174.136
http://88.119.175.213
http://88.119.175.232
http://88.198.125.205
http://89.107.10.138
http://89.107.10.20
http://89.185.84.86
http://89.185.85.186
http://89.185.85.248
http://89.23.107.5
http://89.23.97.130
http://89.238.170.254
http://89.238.185.17
http://89.44.9.71
http://91.107.180.190
http://91.107.192.138
http://91.107.250.226
http://91.201.113.12
http://91.201.115.148
http://91.207.173.122
http://91.213.50.104
http://91.215.85.146
http://91.219.236.123
http://91.234.254.143
http://91.234.254.208
http://91.234.254.228
http://91.235.234.210
http://91.235.234.230
http://91.235.234.235
http://91.240.84.153
http://92.204.160.102
http://94.131.107.176
http://94.131.11.222
http://94.131.115.5
http://94.131.98.88
http://94.142.138.10
http://94.142.138.102
http://94.142.138.109
http://94.142.138.122
http://94.142.138.123
http://94.142.138.124
http://94.142.138.133
http://94.142.138.135
http://94.142.138.136
http://94.142.138.140
http://94.142.138.155
http://94.142.138.158
http://94.142.138.159
http://94.142.138.160
http://94.142.138.162
http://94.142.138.166
http://94.142.138.168
http://94.142.138.169
http://94.142.138.174
http://94.142.138.175
http://94.142.138.177
http://94.142.138.181
http://94.142.138.19
http://94.142.138.191
http://94.142.138.194
http://94.142.138.195
http://94.142.138.196
http://94.142.138.200
http://94.142.138.208
http://94.142.138.210
http://94.142.138.211
http://94.142.138.213
http://94.142.138.214
http://94.142.138.216
http://94.142.138.221
http://94.142.138.239
http://94.142.138.241
http://94.142.138.246
http://94.142.138.3
http://94.142.138.37
http://94.142.138.40
http://94.142.138.43
http://94.142.138.53
http://94.142.138.54
http://94.142.138.74
http://94.142.138.79
http://94.142.138.85
http://94.142.138.86
http://94.142.138.89
http://94.142.138.9
http://94.142.138.90
http://94.142.138.99
http://94.158.244.36
http://95.179.182.231
http://95.216.153.86
http://95.217.10.109
http://95.217.191.113
http://95.217.65.66

# Reference: https://twitter.com/80vul/status/1614958062116442113

http://46.18.107.196

# Reference: https://twitter.com/0xrb/status/1615216442508709890

http://116.203.30.135
http://146.70.78.51
http://146.70.86.11
http://170.75.173.138
http://185.51.121.139
http://188.241.83.55
http://45.15.156.215
http://45.15.156.225
http://5.182.36.239
http://5.78.53.188
http://74.119.195.189
http://77.91.102.27
http://77.91.78.69
http://80.92.205.49
http://83.217.11.11
http://83.217.11.13
http://88.119.175.220
http://88.119.175.57
http://92.205.165.188
http://94.131.104.225
respekt5568.com

# Reference: https://www.virustotal.com/gui/file/781befeda1c4a69d7d38355db70c44e8a0c4c620a4ec74d6ac78239a27fba929/detection

http://212.118.36.165

# Reference: https://www.virustotal.com/gui/file/77a369b0a94cda4f71f3a68d9a5d740d805e5e4bf793d3ee1389d6d78767155b/detection

http://160.119.253.150
http://160.119.253.242

# Reference: https://www.virustotal.com/gui/file/4da00e7d529be457c914b085d66f012c070bf6e3f85675303aa41a7689c08c75/detection

http://160.119.253.36

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Raccoon_v2/C2_IPs_found_27_01_2023.txt

http://103.219.154.247
http://146.70.101.124
http://146.70.78.17
http://185.253.96.114
http://212.113.106.196
http://212.113.106.199
http://37.220.87.26
http://45.15.156.209
http://45.15.156.214
http://45.15.156.222
http://5.252.178.210
http://77.73.134.71
http://77.91.124.60
http://79.137.202.30
http://79.137.207.173
http://83.217.11.12
http://83.217.11.14
http://85.192.63.85
http://91.234.254.216

# Reference: https://www.virustotal.com/gui/file/2475b6b24c1117002dfdb64795080ea401a25a2a23e08f3e9f809dfaa01a05c1/detection

http://94.142.138.3

# Reference: https://twitter.com/idclickthat/status/1620226482605010947
# Reference: https://www.virustotal.com/gui/ip-address/149.202.134.115/relations
# Reference: https://www.virustotal.com/gui/ip-address/37.220.87.51/relations

cheapsoftware.pro
cryptobotcheck.xyz
easy-ware.online
evilsoft.pro
evilsoftware.biz
evilsoftware.pw
evilsoftware.run
evilsoftware.space
evilsoftware.vip
evilsoftware.website
evilsoftware.xyz
goldgames.vip
goldsoftware.net
goldsoftware.vip
goldsware.app
lead-soft.app
lead-soft.pro
lead-soft.top
leadsoft.app
leadsoft.vip
mesoftwares.org
mesoftwares.vip
rippleqr.org
soft-easy.vip
trustcrypto.pro
vipsoftware.vip

# Reference: https://twitter.com/1ZRR4H/status/1623067548781539339

http://79.137.206.31
http://79.137.248.136
http://85.192.40.253
best-exp.org
exp-pc.com
soft-pro.site

# Reference: https://twitter.com/gorimpthon/status/1623185188003155971
# Reference: https://www.virustotal.com/gui/ip-address/185.106.94.179/relations
# Reference: https://tria.ge/230208-fc6n6ahc37/behavioral2

http://135.181.68.23
aida-64.com
aida64extreme.com
gimp-gnu.com
gimp-info.com
tor-company.com
tor-vpn.com
torbrowser.ink

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Raccoon_v2/C2_IPs_found_06_02_2023.txt

http://102.130.113.39
http://146.70.86.141
http://152.89.247.188
http://157.254.195.145
http://167.235.233.181
http://185.253.96.116
http://190.14.37.156
http://193.149.189.239
http://193.37.213.23
http://195.123.217.247
http://206.166.251.19
http://206.188.197.254
http://206.189.179.153
http://37.220.87.44
http://45.15.156.50
http://45.9.74.50
http://45.9.74.54
http://5.252.118.232
http://5.254.118.254
http://51.195.166.206
http://69.46.15.158
http://78.153.130.132
http://79.137.199.216
http://79.137.205.138
http://79.137.206.195
http://79.137.207.150
http://80.78.25.110
http://80.89.228.162
http://83.217.11.26
http://83.217.11.27
http://83.217.11.28
http://83.217.11.4
http://89.238.170.246
http://94.131.3.70
http://94.142.138.10
http://94.142.138.19
http://94.142.138.8
http://94.142.138.9

# Reference: https://twitter.com/TrackerC2Bot/status/1601297464379772935

http://157.90.132.182
http://160.20.147.114
http://168.100.8.160
http://172.86.75.144
http://5.182.36.233
http://77.91.103.191
http://88.119.169.53
http://88.119.169.56
http://94.131.104.15

# Reference: https://www.virustotal.com/gui/file/cf3e3f8d7e7a3ddedd579621c0be7286127384b43ccd2b8b6ea40314464f8854/detection

http://160.20.147.172

# Reference: https://www.virustotal.com/gui/file/302b64e57a29e92a0436ab3b99770b9052498bda505c44f3cf6af36912fa9cd3/detection

http://11.23.33.44
http://188.119.67.41
http://35.205.61.67

# Reference: https://www.virustotal.com/gui/file/ce7555b93204f3e724eafb8eb5a84418c3a446f57f47cc7a5e70e9e38cc68490/detection

http://212.114.52.79

# Reference: https://www.virustotal.com/gui/file/04e95db9663cac79ec012fe52be0a8c25fad8ba3644acb0c179123da2504621e/detection

http://146.19.170.157

# Reference: https://www.virustotal.com/gui/file/156c09e3cb827da350c1f3cb35f2ffe046d6a9e9089a1623cbf2ab07dfd2e46e/detection

http://185.234.247.225

# Reference: https://twitter.com/TrackerC2Bot/status/1615152836274176003

http://146.19.170.153
http://185.53.46.76

# Reference: https://www.virustotal.com/gui/file/32cf0e4532d6617a76a22f45edfe5d10ecbaf10040cedffdb2cea5126b6ff053/detection

http://45.153.230.19

# Reference: https://twitter.com/0xrb/status/1625412924511756288

http://109.172.45.16
http://109.230.215.138
http://135.181.241.165
http://138.201.119.9
http://142.132.191.50
http://142.132.236.51
http://146.70.161.70
http://146.70.20.241
http://146.70.86.27
http://152.89.247.92
http://170.75.167.33
http://179.43.140.137
http://179.43.142.103
http://179.43.154.206
http://185.106.94.4
http://185.121.139.45
http://185.225.73.151
http://192.153.57.193
http://192.236.154.227
http://193.233.20.140
http://193.233.20.238
http://195.211.96.217
http://206.166.251.230
http://208.85.19.93
http://212.113.116.46
http://212.113.116.47
http://212.86.102.98
http://23.19.58.152
http://37.220.87.66
http://45.138.74.192
http://45.84.121.41
http://45.9.74.119
http://45.91.203.172
http://49.12.210.249
http://5.252.177.71
http://5.254.118.211
http://5.78.75.80
http://62.204.41.115
http://62.204.41.124
http://62.204.41.125
http://62.204.41.134
http://62.204.41.250
http://65.109.139.29
http://65.109.169.111
http://65.109.2.154
http://77.91.68.33
http://77.91.78.50
http://78.153.130.226
http://78.47.92.58
http://79.137.197.160
http://79.137.203.199
http://79.137.206.143
http://79.137.206.189
http://79.137.207.53
http://79.137.248.73
http://80.66.89.194
http://80.85.139.150
http://80.85.241.20
http://80.85.241.83
http://82.115.223.215
http://83.217.11.31
http://83.217.11.32
http://83.217.11.33
http://83.217.11.34
http://83.217.11.35
http://83.217.11.36
http://89.185.85.248
http://89.238.170.254
http://94.142.138.37
http://94.142.138.43
http://94.142.138.53
http://94.142.138.54

# Reference: https://www.virustotal.com/gui/file/88aa85f63ddbcfa1204202633336d60f9ac6e37510794be230bcfc64a50f243f/detection

http://185.180.199.215

# Reference: https://www.virustotal.com/gui/file/0ac45933bdfea3743c555dff9764ea2c0b9abf8d4841fde19011129918f15d30/detection

http://79.137.197.190

# Reference: https://twitter.com/TrackerC2Bot/status/1619039699670122535

http://77.75.230.253
http://93.185.166.8

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Raccoon_v2/raccoonv2_found_16-02-2023_02-26-48.txt

http://103.155.93.161
http://179.43.142.18
http://185.173.34.147
http://193.149.189.202
http://37.220.87.22
http://37.220.87.67
http://37.220.87.68
http://37.220.87.69
http://45.15.159.27
http://45.9.74.133
http://45.9.74.140
http://79.137.248.47
http://89.238.185.30
http://94.142.138.74
http://94.142.138.79

# Reference: https://twitter.com/idclickthat/status/1628828027294564352
# Reference: https://tria.ge/230223-w42ghsag3y/behavioral2
# Reference: https://www.virustotal.com/gui/file/c9eabbca8b54f8e4d794702f3e270150c9e0e765b0724e69c5ead0c091bce4ef/detection

canva-download.com
dnsbkss.club

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Raccoon_v2/txt/raccoonv2_found_02-03-2023_21-26-27.txt

http://168.100.8.14
http://179.43.162.53
http://185.203.117.113
http://185.242.86.32
http://193.233.20.137
http://193.233.20.195
http://194.87.31.171
http://212.113.116.223
http://212.113.119.146
http://212.113.119.147
http://212.113.119.148
http://45.143.223.133
http://45.61.137.162
http://49.12.210.141
http://5.75.129.114
http://5.75.182.199
http://5.75.242.235
http://64.44.139.110
http://77.73.134.11
http://77.73.134.25
http://77.73.134.43
http://77.73.134.49
http://77.91.123.116
http://77.91.78.46
http://77.91.84.20
http://77.91.84.68
http://78.153.130.148
http://83.217.11.6
http://91.107.192.138
http://91.234.254.208
http://95.217.10.109
http://95.217.65.66

# Reference: https://www.virustotal.com/gui/file/7cca46a03c94db1f18f725ff41cbb371771b904e8341aa0dd9f04e5f8da36e7b/detection

http://142.93.132.67
http://79.137.203.5
/W0Y7W5I6N4S7M/

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Raccoon_v2/txt/raccoonv2_found_11-03-2023_05-47-43.txt

http://185.106.94.194
http://185.106.94.215
http://78.153.130.157
http://94.142.138.118
http://94.142.138.122
http://94.142.138.123
http://94.142.138.124
http://94.142.138.140
http://94.142.138.160
http://94.142.138.99

# Reference: https://twitter.com/crep1x/status/1635034103597924352

http://146.70.106.55
http://79.137.202.245
http://91.201.113.12

# Reference: https://twitter.com/IronNetTR/status/1635662648262967297

http://179.43.175.10
http://37.28.157.52

# Reference: https://twitter.com/crep1x/status/1636352245913583619
# Reference: https://tria.ge/230316-pnwg1ada5y/behavioral2

http://34.159.167.20
/kundalini

# Reference: https://www.virustotal.com/gui/file/015151bd2d2bfb88389899bfac44b0e17a28db00abc8e1463058d84de40b1925/detection

http://193.233.20.145

# Reference: https://raw.githubusercontent.com/Gi7w0rm/MalwareConfigLists/main/Raccoon_v2/txt/raccoonv2_found_16-03-2023_23-36-50.txt

http://212.113.119.8
http://45.15.159.199
http://45.15.159.249
http://45.9.74.69
http://45.9.74.71
http://45.9.74.81
http://45.9.74.82
http://85.192.63.185
http://94.142.138.195
http://94.142.138.200
http://94.142.138.210
http://94.142.138.211

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Raccoon_v2/txt/raccoonv2_found_23-03-2023_23-15-33.txt

http://193.233.20.138
http://195.133.40.111
http://212.113.106.211
http://212.113.119.35
http://212.113.119.69
http://212.113.119.73
http://37.220.87.63
http://45.9.74.70
http://45.9.74.90
http://77.91.124.37
http://78.153.130.123
http://79.137.207.168
http://79.137.248.197
http://79.137.248.245
http://94.142.138.196
http://94.142.138.208
http://94.142.138.216
http://94.142.138.221
http://94.142.138.224
http://94.142.138.226
http://94.142.138.227
http://94.142.138.234
http://94.142.138.235

# Reference: https://www.virustotal.com/gui/file/13a0b3e462a014b605489df82b082618b64d7292140bbfdbb7b58e683cb80b3b/detection

http://194.37.80.70

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Raccoon_v2/txt/raccoonv2_found_01-04-2023_07-31-16.txt

http://135.181.187.248
http://193.149.176.45
http://45.15.156.143
http://45.15.156.144
http://45.15.156.145
http://5.75.159.229
http://51.89.124.197
http://78.153.130.242
http://79.137.207.160
http://82.115.223.208
http://83.217.11.25
http://91.201.115.148
http://94.142.138.239
http://94.142.138.24
http://94.142.138.241
http://94.142.138.252
http://94.142.138.253

# Reference: https://twitter.com/crep1x/status/1645535585115820033

http://45.15.156.233

# Reference: https://twitter.com/TLP_R3D/status/1646246721293520898

raccoon.biz
stealer.app

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Raccoon_v2/txt/raccoonv2_found_14-04-2023_01-13-25.txt

http://146.70.86.33
http://172.86.75.242
http://172.86.75.59
http://192.153.57.170
http://193.149.189.93
http://45.15.156.159
http://45.15.156.177
http://45.15.156.178
http://45.15.156.192
http://45.15.156.198
http://45.15.156.201
http://45.15.156.238
http://45.15.159.95
http://79.137.206.158
http://83.217.11.38
http://85.192.63.83
http://91.215.85.225
http://91.215.85.226
http://94.142.138.103

# Reference: https://twitter.com/sicehice/status/1647645248288444418

195.201.40.91:8000

# Reference: https://twitter.com/James_inthe_box/status/1648072479980797954 (# Alias: LeftHook stealer)
# Reference: https://app.any.run/tasks/40ff202b-33e9-4b9d-bf32-057dc39d06fa/

/gate/http_handler.php

# Reference: https://twitter.com/g0njxa/status/1650903083486945280
# Reference: https://app.any.run/tasks/7c55087f-0438-4c47-90e5-174fca4bd357/

http://179.43.140.168

# Reference: https://twitter.com/g0njxa/status/1649481794465439755

kleencrack.us
official-expert.com
progtechguru.com

# Reference: https://www.virustotal.com/gui/file/fc0fc538a848333faba37ff1d79388cdb890e9a236788d2fdd611f9f51bcc308/detection
# Reference: https://www.virustotal.com/gui/file/8138cd34863ca9c42f1405c183a1834a2504fab03240a2bf73ee75033a3c2e3d/detection

http://107.6.181.194
http://151.106.16.146
http://185.183.34.10
http://65.60.62.74
http://93.115.29.120
http://93.115.29.122
http://93.115.29.139

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Raccoon_v2/txt/raccoonv2_found_27-04-2023_22-20-19.txt

http://45.138.74.99
http://79.137.197.14
http://94.142.138.141
http://94.142.138.143

# Reference: https://twitter.com/sicehice/status/1656030131431849990

188.34.196.33:8000

# Reference: https://twitter.com/g0njxa/status/1656021107810476089

http://94.142.138.107
crack-programs.site
game.crack-programs.site

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Raccoon_v2/txt/raccoonv2_found_11-05-2023_20-51-14.txt

http://212.113.106.210
http://212.113.106.9
http://212.113.116.206
http://212.113.119.120
http://37.220.87.71
http://37.220.87.76
http://37.220.87.79
http://37.220.87.88
http://37.220.87.89
http://37.220.87.91
http://37.220.87.93
http://45.138.74.236
http://5.252.118.228
http://77.73.134.39
http://77.73.134.41
http://77.73.134.55
http://77.73.134.74
http://77.73.134.75
http://79.137.202.81
http://94.142.138.108
http://94.142.138.125
http://94.142.138.126
http://94.142.138.130
http://94.142.138.31

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/commit/d3aa3f28f72d68944d1331a0d3d044d043d664fc

http://159.223.7.35
http://37.220.87.61
/S3J9X4E1U3X5U3/

# Reference: https://www.virustotal.com/gui/file/3710a9f6644af9e8a16d718257e5e2670c53d1042ddd3a97d38cd02320a73bf6/detection

http://79.137.203.217

# Reference: https://twitter.com/nahamike01/status/1664595922360344578
# Reference: https://www.virustotal.com/gui/file/c01bcd2fee216131267cbaf603d48dfaf7647bba122674042739a10676a8e44c/detection

91.107.229.39:8999

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Raccoon_v2/additional_payloads/additional_payloads_16_06_2023.txt

http://167.99.47.96
http://185.234.247.16
http://5.252.177.217

# Reference: https://threatfox.abuse.ch/browse/malware/win.raccoon/ (25 Jun 2023)

http://107.148.52.29
http://121.127.33.24
http://128.140.90.181
http://135.181.195.222
http://138.201.159.88
http://146.19.233.209
http://146.70.20.198
http://146.70.86.20
http://146.70.86.53
http://149.255.35.140
http://159.69.123.169
http://162.33.178.181
http://167.71.2.47
http://168.100.8.241
http://176.124.199.103
http://185.174.137.120
http://185.46.46.38
http://193.149.180.192
http://194.116.172.152
http://212.118.43.80
http://217.138.215.104
http://217.138.215.87
http://217.196.96.237
http://37.120.237.242
http://37.27.3.21
http://45.137.64.170
http://45.144.28.189
http://45.67.35.241
http://46.175.150.167
http://5.252.177.36
http://5.255.127.159
http://5.42.64.10
http://5.42.64.11
http://5.42.64.12
http://5.42.64.13
http://5.42.64.17
http://5.42.64.6
http://5.42.64.7
http://5.42.64.8
http://5.42.64.9
http://5.42.65.12
http://5.42.65.14
http://5.42.65.15
http://5.42.65.16
http://5.42.65.17
http://5.42.65.18
http://5.42.65.62
http://5.42.65.69
http://5.42.66.1
http://5.42.66.6
http://5.42.66.8
http://5.42.94.204
http://5.78.85.103
http://51.161.130.122
http://65.108.80.36
http://65.109.162.179
http://74.119.193.27
http://77.105.140.199
http://77.91.73.11
http://78.46.187.251
http://78.46.248.198
http://79.137.207.36
http://80.85.241.133
http://85.209.134.122
http://88.119.168.254
http://88.119.171.66
http://89.23.101.21
http://89.23.107.207
http://91.103.252.3
http://91.107.235.35
http://91.107.239.231
http://92.204.160.84
http://94.130.226.235
http://94.131.106.224
http://94.228.168.16
http://94.228.169.84
http://95.164.17.219
http://95.164.47.109
http://95.216.218.191
138.201.88.153:8998
45.144.28.209:32200
5.78.74.115:8999
65.108.80.36:8089

# Reference: https://twitter.com/crep1x/status/1677268296398262279

65.109.11.253:3000

# Reference: https://www.virustotal.com/gui/file/017fdd70f40fb3a7782a2eca17cb5f08aa0589dbb5fbc4db54bb2a0e22eab566/detection

http://179.43.170.241

# Reference: https://twitter.com/NexusFuzzy/status/1680929379910598657
# Reference: https://www.virustotal.com/gui/file/263b81e8cae2f8fe211900c7e7e926829e1d34014458bfb5c092a90bd5c0cfc0/detection

94.142.138.147:77

# Reference: https://threatfox.abuse.ch/browse/malware/win.raccoon/ (# 2023-07-23)

http://154.49.137.149
http://185.157.120.15
http://193.142.147.59
http://217.196.96.243
http://217.79.243.147
http://45.61.138.138
http://49.13.18.115
http://79.137.248.173
http://89.208.106.110
http://89.23.107.239
http://91.242.229.237
http://94.142.138.156
http://94.142.138.49
5.78.111.161:8088
5.78.98.26:8088

# Reference: https://threatfox.abuse.ch/browse/malware/win.recordbreaker/ (# 2023-07-23)

http://102.130.115.199
http://102.130.119.173
http://107.152.42.243
http://109.172.45.80
http://111.90.147.133
http://134.209.196.186
http://135.181.123.25
http://135.181.7.173
http://146.19.170.100
http://146.19.170.52
http://146.19.247.96
http://146.19.253.125
http://146.70.86.45
http://149.154.67.234
http://157.254.195.187
http://162.33.179.159
http://168.100.11.23
http://170.75.168.118
http://172.86.121.100
http://176.124.218.249
http://176.126.103.55
http://178.23.190.30
http://185.106.92.38
http://185.106.92.43
http://185.198.167.165
http://185.231.205.221
http://185.234.247.68
http://185.247.184.58
http://185.25.51.122
http://185.53.46.103
http://185.53.46.137
http://185.53.46.77
http://185.77.96.237
http://188.119.112.157
http://188.119.112.206
http://188.119.112.93
http://193.109.120.2
http://193.149.185.227
http://193.178.210.56
http://193.38.54.165
http://193.43.146.190
http://193.43.146.192
http://193.43.146.213
http://193.43.147.135
http://194.104.136.102
http://194.180.191.81
http://194.87.216.22
http://2.56.10.122
http://206.166.251.138
http://206.166.251.156
http://212.114.52.165
http://213.170.133.151
http://213.170.133.190
http://213.226.100.108
http://213.252.244.167
http://213.252.245.59
http://213.252.245.64
http://213.252.246.241
http://213.252.246.27
http://213.252.247.152
http://213.252.247.214
http://31.41.244.139
http://37.27.3.211
http://37.49.230.139
http://45.133.216.198
http://45.133.216.71
http://45.142.212.215
http://45.142.212.223
http://45.142.212.228
http://45.142.215.197
http://45.142.215.91
http://45.144.31.31
http://45.147.231.42
http://45.153.241.104
http://45.153.243.16
http://45.159.251.144
http://45.67.231.11
http://45.8.144.152
http://45.8.144.227
http://45.84.240.72
http://45.87.154.214
http://45.89.54.25
http://45.89.55.114
http://45.89.55.117
http://45.89.55.20
http://45.89.55.21
http://45.9.74.90/
http://45.92.156.150
http://49.12.190.19
http://5.181.159.185
http://5.182.36.230
http://5.182.36.232
http://5.182.39.34
http://5.182.39.73
http://5.182.39.74
http://5.182.39.75
http://5.182.39.77
http://5.252.118.129
http://5.252.177.234
http://5.252.21.191
http://5.252.22.119
http://5.252.22.43
http://5.252.23.100
http://5.252.23.142
http://5.252.23.18
http://5.253.84.117
http://5.42.199.17
http://51.195.166.172
http://51.195.166.194
http://51.255.211.208
http://51.81.143.170
http://62.204.41.26
http://64.227.42.50
http://64.44.135.91
http://65.108.151.131
http://65.108.248.168
http://65.21.119.54
http://74.119.192.56
http://74.119.192.73
http://74.119.192.84
http://74.119.195.178
http://74.119.195.207
http://77.105.147.86
http://77.73.133.39
http://77.73.133.63
http://77.73.134.20
http://77.73.134.21
http://77.75.230.152
http://77.75.230.206
http://77.75.230.46
http://77.75.230.84
http://77.91.102.230
http://77.91.102.57
http://77.91.102.72
http://77.91.73.154
http://77.91.73.51
http://77.91.73.52
http://78.153.130.92
http://79.137.196.203
http://79.137.202.218
http://79.137.202.92
http://79.137.205.22
http://79.137.207.19
http://79.137.207.76
http://80.71.157.112
http://80.85.241.185
http://80.92.206.123
http://81.19.141.41
http://82.115.223.57
http://82.115.223.7
http://84.246.85.60
http://85.192.63.125
http://85.192.63.246
http://85.192.63.59
http://87.251.77.141
http://88.119.161.156
http://88.119.161.83
http://88.119.169.13
http://88.119.169.85
http://88.119.170.188
http://88.119.171.209
http://88.119.174.162
http://89.185.85.149
http://89.185.85.155
http://89.185.85.161
http://89.185.85.57
http://89.208.106.148
http://89.208.107.176
http://89.22.238.240
http://89.38.131.72
http://91.103.252.156
http://91.209.226.43
http://91.242.229.142
http://94.131.101.170
http://94.131.104.14
http://94.131.104.16
http://94.131.104.19
http://94.131.106.27
http://94.131.107.229
http://94.131.107.76
http://94.131.96.109
http://94.131.97.52
http://94.131.97.54
http://94.131.97.57
http://94.131.98.21
http://94.131.98.5
http://94.131.98.71
http://94.142.138.193
http://94.142.138.247
http://94.142.138.33
http://94.142.138.35
http://94.142.138.57
http://94.158.244.114
http://94.158.244.91
http://94.237.46.83
http://95.164.86.208
http://95.216.109.16
http://95.216.51.75
http://95.217.124.179
138.201.159.88:8089
5.161.202.109:8988
5.78.65.112:8988
5.78.78.150:8088
91.215.85.210:23015
95.217.163.56:8089
trastform.com

# Reference: https://twitter.com/James_inthe_box/status/1683554486768500736
# Reference: https://app.any.run/tasks/484f9eee-5b39-4c44-b33d-06c0fb042717/

fgui87uj.click

# Reference: https://threatfox.abuse.ch/browse/malware/win.recordbreaker/ (# 2023-07-27)

http://107.152.41.214
http://107.152.46.84
http://178.23.190.46
http://77.73.133.68
http://84.246.85.83
http://88.119.174.146
20.122.41.213:99
37.27.3.211:8988
45.142.212.215:443
5.161.69.57:8088
65.108.151.131:90
broke-dreams.xyz

# Reference: https://threatfox.abuse.ch/browse/malware/win.recordbreaker/ (# 2023-08-03)

http://146.70.106.44
http://146.70.86.15
http://185.143.223.37
http://193.178.170.44
http://45.15.156.183
http://5.252.118.51
http://64.52.80.38
http://77.91.123.19
http://89.23.107.112
http://89.23.107.113
http://89.23.107.233
http://89.23.107.49
http://89.23.107.94
http://91.103.252.10
http://91.103.252.129
http://91.103.252.130
http://91.103.252.151
http://91.103.252.154
http://91.103.252.167
http://91.103.252.191
http://91.103.252.31
http://91.103.252.65

# Reference: https://otx.alienvault.com/pulse/648340f66e6baaa298b44a9d

crackallsofts.com
crackprogs.com
expertstudiopro.com
hotsoft.bio
software.cc

# Reference: https://twitter.com/g0njxa/status/1677297278371889153
# Reference: https://twitter.com/g0njxa/status/1677306836410683393
# Reference: https://twitter.com/g0njxa/status/1689685316062388247

http://94.142.138.97
bigbrainhousewall.com
ripple-wells-2022.com

# Reference: https://www.virustotal.com/gui/ip-address/194.50.153.20/relations
# Reference: https://www.virustotal.com/gui/file/c52b6d58ded91cc16ab8d15fe50f30d080d5d263e5e158fe34752bd4ec8a2979/relations

tvd-packages-download-file.online
tvd-packages-download-file.pw
tvd-packages-download-file.site

# Reference: https://threatfox.abuse.ch/ioc/1149514/

http://91.103.252.140

# Reference: https://twitter.com/g0njxa/status/1691748179996184917
# Reference: https://app.any.run/tasks/698f65e2-2af2-4969-8d52-f388744af33b/

http://77.246.102.57

# Reference: https://threatfox.abuse.ch/browse/malware/win.raccoon/ (# 2023-08-16)

http://144.217.220.122
http://167.235.245.116
http://185.235.129.137
http://185.38.142.246
http://194.213.18.158
http://195.2.80.198
http://45.61.136.46
http://46.249.35.133
http://5.206.224.181
http://5.35.32.180
http://5.78.89.116
http://80.76.51.232
http://91.103.252.217
http://91.103.252.230
http://91.103.252.231
http://91.103.252.49
http://91.103.252.50
http://91.103.252.51
http://91.103.252.52
http://94.131.102.29

# Reference: https://www.virustotal.com/gui/file/172998995b63bc4a4efc8f6d1d879e00822f6fe338f5bb04360b81e2b4c48473/detection

tradersteampoggx.space

# Reference: https://asec.ahnlab.com/en/54658/
# Reference: https://otx.alienvault.com/pulse/6491a6e32a98b2a257b87871

http://79.137.202.161
http://85.192.40.245
http://89.185.85.117
http://89.185.85.33
http://89.208.103.225

# Reference: https://twitter.com/g0njxa/status/1694453356788343241
# Reference: https://www.virustotal.com/gui/file/f1625a1adefaa41e5bf0f622d38fed109fb731c05a2c8f5c399ae3ce1763ba95/detection

89.23.107.169:4000

# Reference: https://threatfox.abuse.ch/browse/malware/win.raccoon/ (# 2023-09-18)

http://185.11.61.186
http://185.149.146.253
http://185.253.96.117
http://193.168.141.152
http://195.2.80.198
http://217.138.215.98
http://23.227.199.27
http://45.8.145.219
http://45.9.149.237
http://49.13.51.185
http://5.42.67.7
http://5.75.248.141
http://62.113.114.102
http://65.109.2.42
http://80.66.79.14
http://91.103.252.229
http://91.103.252.241
http://91.103.252.245
http://94.103.93.160
http://95.164.17.125
http://95.179.149.59
5.78.94.201:56000
89.23.107.183:4000

# Reference: https://cyberint.com/blog/financial-services/raccoon-stealer/
# Reference: https://otx.alienvault.com/pulse/64dca4eb3f10605dbeff12ac

telecut.in
/antitantief3
/baudemars
/bpa1010100102
/ch0koalpengold
/jiocacossa
/kokajakprozak

# Reference: https://threatfox.abuse.ch/ioc/1152360/

http://91.103.252.249

# Reference: https://twitter.com/Gi7w0rm/status/1698660723616891025
# Reference: https://tria.ge/230903-2g47sach46

89.208.137.159:5200

# Reference: https://www.virustotal.com/gui/file/8d5f481be0bb03f0e59effda0fc86a0c9a7da2fb8964f2b4d00530f24231fc7c/detection

5.78.81.39:8088

# Reference: https://twitter.com/r3dbU7z/status/1701884223831875592

http://49.13.17.71

# Reference: https://threatfox.abuse.ch/ioc/1164082/

http://89.23.98.212

# Reference: https://twitter.com/malwrhunterteam/status/1704483766461173984
# Reference: https://www.virustotal.com/gui/file/3af0a90d9a3cd77aa0353ec59bd8129fb799ee72daa6e61555c6228219385d43/detection
# Reference: https://www.virustotal.com/gui/file/64e733d51b0e03957003f0b5e424efd1068f331226880e0c212de2c29b2a38d6/detection
# Reference: https://www.virustotal.com/gui/file/1169c5ba2feae0192d2d8d45ce2fc3456bca1d6633d46b0f219bd62fddcca922/detection

http://91.103.252.209

# Reference: https://asec.ahnlab.com/ko/57276/

http://95.216.166.188

# Reference: https://tria.ge/210926-r8qtcsfac3/behavioral2

http://194.180.174.100

# Reference: https://threatfox.abuse.ch/ioc/1179751/

http://128.140.101.125

# Reference: https://www.virustotal.com/gui/file/3af52378a5017f27b864120b03dcae9103cc587a5b2e4bacc894d57d774bfd58/detection

http://5.75.241.110

# Reference: https://www.virustotal.com/gui/file/84d1b1f0588cac4fb502da345ed7ee3bae4000b7f6b096a7bc797789c1fe8120/detection

http://206.188.197.18

# Reference: https://threatfox.abuse.ch/ioc/1182651/

5.78.80.43:8388

# Reference: https://threatfox.abuse.ch/browse/malware/win.recordbreaker/ (# 2023-10-24)

http://149.248.79.83
http://178.20.47.114
http://193.168.141.10
http://194.15.216.72
http://62.113.119.179
http://65.20.77.120
http://85.203.26.94
http://85.209.11.78
http://94.142.138.114
157.90.161.111:8086
193.222.96.7:8787

# Reference: https://www.virustotal.com/gui/file/eed495aa2e979b528263e0a251333e0afbab8fbfddef1dbca3f0928fcfe8ba3c/detection

194.87.31.242:4000
challenging.zippityjava.fun

# Reference: https://www.virustotal.com/gui/file/9e101940dbd206578c80cc81888c2698a36a12f533361de8dde57aaf2307a3b6/detection

http://216.238.101.101

# Reference: https://threatfox.abuse.ch/ioc/1189572/

http://95.181.173.204

# Reference: https://threatfox.abuse.ch/ioc/1189808/

194.87.31.58:8444

# Reference: https://twitter.com/suyog41/status/1714880422579196042
# Reference: https://www.virustotal.com/gui/file/826437c8fa913e5ae89a2b09beb5a748a7e1d766da6679a7c63686d58093f8cd/detection

wizmail.lol

# Reference: https://threatfox.abuse.ch/browse/malware/win.recordbreaker/ (# 2023-10-25)

http://195.123.218.98
http://217.138.215.106

# Reference: https://threatfox.abuse.ch/browse/malware/win.raccoon/ (# 2023-10-25)

http://172.86.97.180
http://176.113.115.213
http://185.211.5.34
http://195.10.205.31
http://195.85.115.26
http://31.192.237.75
http://37.49.230.152
http://45.61.138.198
http://45.61.166.46
http://5.181.159.31
http://5.255.111.183
http://5.42.65.26
http://5.45.85.201
http://68.169.43.35
http://77.105.146.87
http://77.91.68.37
http://79.110.48.140
http://85.203.26.95
http://85.209.11.169
http://89.208.107.10
http://91.103.252.193
http://91.103.252.35
http://91.219.237.205
http://94.103.93.33
http://94.142.138.80
http://95.181.161.144

# Reference: https://threatfox.abuse.ch/browse/malware/win.raccoon/ (# 2023-11-06)

http://103.136.42.221
http://103.214.68.60
http://146.70.106.36
http://178.20.41.15
http://178.236.246.9
http://185.172.128.8
http://185.236.228.34
http://185.39.18.228
http://193.233.132.12
http://193.233.132.13
http://193.233.132.15
http://193.233.132.17
http://193.233.132.30
http://195.20.16.154
http://195.20.16.35
http://212.237.217.137
http://31.192.237.23
http://38.180.70.181
http://45.15.156.26
http://5.181.159.13
http://62.113.112.27
http://64.176.7.223
http://68.67.203.43
http://77.91.76.14
http://77.91.76.6
http://91.103.252.109
http://91.103.252.114
http://91.92.246.197
http://94.103.88.64

# Reference: https://www.virustotal.com/gui/file/60ed2e60a028ee6b744234a2c9961bbd94711686d48db15ff8dd32f062ba8ac0/detection

http://5.42.65.13

# Reference: https://www.virustotal.com/gui/file/00fb9d3ea20805d4b650ecd38f87747f233489aac90ea1dc36bee763760bceca/detection

http://5.42.64.16

# Reference: https://threatfox.abuse.ch/ioc/1202366/

http://195.20.16.93

# Reference: https://threatfox.abuse.ch/ioc/1206350/

http://195.20.16.40

# Reference: https://threatfox.abuse.ch/ioc/1206447/

http://5.42.65.58

# Reference: https://threatfox.abuse.ch/ioc/1209058/

http://89.208.107.12

# Reference: https://twitter.com/crep1x/status/1731638155109884014

http://23.227.196.198
http://94.103.93.70

# Reference: https://twitter.com/ULTRAFRAUD/status/1734531363938632041
# Reference: https://www.virustotal.com/gui/file/80cc6f567abdca7c986866e2f1cdafc954778cf4395514386573f3b420e6352c/detection

89.23.98.143:30020
89.23.98.143:8000

# Reference: https://twitter.com/1ZRR4H/status/1744072499908735128
# Reference: https://www.virustotal.com/gui/ip-address/5.182.36.242/relations

rar-upload.com
rar-uploaded.com
rar-uploader.com
rar-uploads.com
rar-uploadz.com
rars-upload.com
rars-uploader.com
rars-uploading.com
rarz-upload.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.recordbreaker/ (# 2024-01-15)

http://185.16.39.253
http://51.161.131.35
http://91.92.246.200
http://93.185.166.154
http://94.103.90.193
185.193.125.199:8787

# Reference: https://threatfox.abuse.ch/browse/malware/win.recordbreaker/ (# 2024-01-23)

http://104.194.157.23
http://109.107.178.133
http://139.99.236.139
http://146.70.106.73
http://159.100.29.45
http://167.235.154.243
http://178.20.43.58
http://185.217.197.175
http://192.153.57.54
http://193.149.187.16
http://193.233.132.152
http://193.233.132.63
http://193.233.132.71
http://195.20.16.155
http://37.49.230.219
http://5.252.177.220
http://62.113.114.93
http://77.105.166.247
http://78.153.130.188
http://81.19.141.9
http://89.44.9.86
http://91.92.136.236
http://91.92.251.118
http://92.118.112.216
http://94.228.169.161
193.149.187.16:443

# Reference: https://www.virustotal.com/gui/file/ba14279dad6447cb86bd3591eb7307f97be89db095172e5074f10270c711fbba/detection
# Reference: https://www.virustotal.com/gui/file/009f52c57b7cb874574915d8e7ebeff136eb2424408aaf2f9eed2a5120aa4fbf/detection

78.153.139.198:4000

# Reference: https://threatfox.abuse.ch/browse/malware/win.recordbreaker/ (# 2024-04-11)

http://146.0.79.19
http://146.70.135.158
http://147.45.44.2
http://178.62.239.104
http://185.17.40.132
http://192.227.94.170
http://193.233.132.111
http://193.233.132.204
http://193.233.132.231
http://193.233.132.38
http://195.20.16.127
http://46.226.162.32
http://5.181.159.42
http://5.42.96.142
http://64.7.199.224
http://77.221.151.21
http://77.221.151.82
http://77.91.77.116
http://77.91.77.137
http://77.91.77.54
http://77.91.77.96
http://79.133.51.249
http://82.146.45.177
http://86.106.119.113
http://89.238.170.230
http://89.38.135.28
http://91.198.166.140
http://91.92.242.162
http://91.92.255.182
http://94.131.106.24
http://94.158.245.206
http://94.228.166.22

# Reference: https://x.com/banthisguy9349/status/1815054907856011590
# Reference: https://search.censys.io/search?resource=hosts&q=%28labels%3A%22c2%22%29+and+services.software.vendor%3D%60RecordBreaker%60&virtual_hosts=EXCLUDE

http://104.194.154.198
http://147.45.44.25
http://192.121.23.67
http://193.29.104.195
http://193.56.255.138
http://37.120.247.139
http://45.153.231.163
http://85.28.47.116
http://89.147.111.100

# Reference: https://pastebin.com/APKzqjb8

http://151.236.14.87
http://185.225.17.41
http://193.187.174.250
http://206.166.251.172
http://38.180.57.211

# Reference: https://www.virustotal.com/gui/file/07d182382ff1423e65b309bbc78e93855c0953af02ab0179c8114b5cf848bd5e/detection

http://35.240.33.56

# Generic trails

/file_handler/file.php
/file_handler4/file.php
/gate/log.php
/gate/sqlite3.dll
/gate/libs.zip
/eueueuueueue.php
/momomoomomom.php
/ozozozozoz.php
/us1jdskjdshfkjehr.php
/usalamendallasu.php
/usksdjqjwjoweidjcslkm.php
/usuususususuusus.php
/hgguf3YB4qmE47arMq9R/
/hhhuuulllliiiiii/
/rrrorororor/
/hhhuuulllliiiiii/rrrorororor/
/SwjBfXYB4qmE47art5oZ/
/function/v2tmp/
/l/f/2yIwFHgBuI_ccNKoZIni/
/l/f/3RS7onsBPvGyIjkLaQYk/
/l/f/7mVIyn0BZ2GIXa3qbA1/
/l/f/86W_IH0B3dP17SpzxSO3/
/l/f/AQi5QHsBPvGyIjkLlA5F/
/l/f/eGZv330BZ2GIX1a3nKb_/
/l/f/FRmrq3cBuI_ccNKom49o/
/l/f/KgUbOXsBPvGyIjkLDz0w/
/l/f/_5GVInwB3dP17SpzmEsB/
/_5GVInwB3dP17SpzmEsB/
/2yIwFHgBuI_ccNKoZIni/
/FRmrq3cBuI_ccNKom49o/
/ASHASHAShOWIWWWQQQ/gate.php
/ASHASHAShOWIWWWQQQ/
/cvxzbczvbcvzbzcvb/
/FGHAREHAHARWHY/
/LOGOGOGOGOX/index.php
/LOGOGOGOGOX/
