# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: bazar, trickbot, trickmo

# Reference: https://twitter.com/itaitevet/status/1035250414038474752
# Reference: https://pastebin.com/XT20EyJA

3gihg5esw7lxg2wh.onion

# Reference: https://www.securityhome.eu/malware/malware.php?mal_id=8442588975b9c69bf696447.83703696

/neam.meow

# Reference: https://myonlinesecurity.co.uk/trickbot-still-being-delivered-by-fake-payroll-emails/

/super.orb

# Reference: https://twitter.com/James_inthe_box/status/1047239965216665600
# Reference: https://twitter.com/James_inthe_box/status/1047241977043898368

/cantbe.played

# Reference: https://www.malware-traffic-analysis.net/2018/10/05/index.html

/novich.gas

# Reference: https://www.fortinet.com/blog/threat-research/deep-analysis-of-trickbot-new-module-pwgrab.html

excel-office.com

# Reference: https://app.any.run/tasks/fe58bf2c-065f-4505-a644-6baeeb7ee4cf

/78237_8219_9.php

# Reference: https://twitter.com/Racco42/status/1107351502878842880

/001928_112.php

# Reference: https://twitter.com/Racco42/status/1106547527334154240

/47238348_8820.php

# Reference: https://twitter.com/Racco42/status/1106225615705948167

/99208_929_991.php

# Reference: https://twitter.com/Racco42/status/1106201029127880704

/92112893892.php

# Reference: https://twitter.com/Racco42/status/1102869794502705152

/CPQpqCOuKV.php

# Reference: https://twitter.com/Racco42/status/1102590512228388866

/930_08.php

# Reference: https://twitter.com/K_N1kolenko/status/918370497590628353

/logHbst.php

# Reference: https://twitter.com/JAMESWT_MHT/status/1109027309015715840
# Reference: https://app.any.run/tasks/738cc560-f3c6-4534-893d-3ea28dd60671

/shh.sshh

# Reference: https://twitter.com/Racco42/status/1110461029354487809

/993098_2.php

# Reference: https://twitter.com/JAMESWT_MHT/status/1111236459930046464
# Reference: https://app.any.run/tasks/ca7a8278-2535-4101-b5be-ea70e7362617

/tot445/

# Reference: https://twitter.com/0bfusCat/status/1036577317190021127

95.213.251.200:443
/tt0002

# Reference: https://twitter.com/avman1995/status/1115514722751848448

3dnext.ru/43434673.php

# Reference: https://twitter.com/K_N1kolenko/status/1094871503303262208

/corona.mor

# Reference: https://twitter.com/JAMESWT_MHT/status/1117105783240577026

/7738_0019.php

# Reference: https://twitter.com/K_N1kolenko/status/918370497590628353
# Reference: https://twitter.com/K_N1kolenko/status/916192356847751168
# Reference: https://twitter.com/K_N1kolenko/status/900259914874073088

/worming.png

# Reference: https://twitter.com/K_N1kolenko/status/916551437647335424

/worming2.png

# Reference: https://twitter.com/K_N1kolenko/status/1017305694331121665

5g4c3a6jkk734fs5.onion

# Reference: https://twitter.com/malware_traffic/status/1118299982069628929

201.184.231.34:8082
/sat43/

# Reference: https://twitter.com/Racco42/status/1118476901876674561

/43455_5514_12.php

# Reference: https://twitter.com/malware_traffic/status/1119021844416405504

/8377_8298_99.php

# Reference: https://twitter.com/pancak3lullz/status/1106677558224060416
# Reference: https://twitter.com/pancak3lullz/status/1102629658221314048

103.119.144.250:8082
75.183.130.158:8082
/lib427/
/tot427/

# Reference: https://twitter.com/Racco42/status/1121379098834755584

/99200277_0.php

# Reference: https://twitter.com/James_inthe_box/status/1126175073759481857
# Reference: https://pastebin.com/T5U4SHQU

181.209.88.26:449
185.222.202.42:443
185.222.202.43:443
95.213.252.153:443
192.227.232.63:443
192.227.232.65:443
185.243.115.149:443
200.122.209.78:449
200.54.14.61:449
181.143.17.66:449
177.105.235.17:449
181.143.102.30:449
190.0.20.114:449
190.151.25.178:449
201.184.69.50:449
190.109.165.197:449
125.209.82.158:449
80.173.224.81:449
76.107.90.235:449
181.129.136.226:449
191.103.219.138:449
202.63.242.48:449
181.176.191.5:449
190.117.66.194:449
186.226.188.105:449
143.255.141.137:449
190.151.10.114:449
181.115.236.26:449
190.196.32.42:449
181.48.203.10:449
177.105.237.93:449
181.129.20.250:449
186.159.2.153:449

# Reference: https://twitter.com/malware_traffic/status/1128019457966735360
# Reference: https://twitter.com/malware_traffic/status/1136682537005305858

186.159.1.217:8082

# Reference: https://twitter.com/Racco42/status/1128955163023171584

/1124_938_0029.php

# Reference: https://twitter.com/binitamshah/status/1137743683586052096
# Reference: https://www.sneakymonkey.net/2019/05/22/trickbot-analysis/
# Reference: https://pastebin.com/wZ3R0gCa
# Reference: https://pastebin.com/ghGtMBLH

125.209.82.158:449
136.25.2.43:449
138.186.62.222:449
143.255.141.137:449
162.209.124.166:80
167.99.206.127:80
177.105.235.17:449
177.105.237.93:449
177.183.194.194:449
177.92.249.187:449
179.189.234.157:449
181.112.221.246:449
181.115.156.218:80
181.115.236.26:449
181.129.136.226:449
181.129.160.10:8082
181.129.20.250:449
181.129.49.98:449
181.143.102.30:449
181.143.17.66:449
181.176.191.5:449
181.209.88.26:449
181.48.203.10:449
181.57.97.138:80
185.117.73.140:443
185.183.96.219:443
185.198.57.70:443
186.10.243.70:8082
186.159.1.217:8082
186.183.151.194:8082
186.226.188.105:449
186.248.163.198:449
186.42.186.202:449
187.17.201.237:449
187.61.106.223:449
187.61.107.140:449
187.65.49.88:449
187.8.169.10:449
187.95.123.179:449
187.95.32.18:449
190.0.20.114:449
190.109.165.197:449
190.117.66.194:449
190.151.10.114:449
190.151.25.178:449
190.152.125.162:80
190.196.32.42:449
190.215.52.165:449
191.103.219.138:449
191.103.252.29:80
191.241.233.195:449
191.242.178.210:449
191.36.157.164:449
192.210.152.190:443
194.5.250.130:443
199.247.24.9:80
2.184.90.173:449
200.107.59.130:449
200.110.72.134:449
200.122.209.78:449
200.21.51.30:80
200.35.47.199:80
200.35.56.81:449
200.54.14.61:449
200.83.49.141:449
201.148.247.21:449
201.184.69.50:449
201.56.193.18:449
202.63.242.48:449
209.45.30.2:449
216.189.145.231:443
31.47.55.106:449
36.91.93.114:80
37.255.200.157:449
5.190.90.5:449
75.183.130.158:8082
76.107.90.235:449
80.173.224.81:449
85.133.183.174:449
85.209.162.148:443
90.215.52.165:449
91.242.178.210:449
91.98.159.58:449
93.115.146.119:449
93.115.147.198:449
94.101.182.156:449
97.87.127.198:80

# Reference: https://twitter.com/James_inthe_box/status/1090234438833778690
# Reference: https://app.any.run/tasks/5a12dfe2-ba7a-4efe-8062-d710e7350c94/

37.140.199.69:17655
37.140.199.69:25087

# Reference: https://twitter.com/ararora4/status/1144982095325990913
# Reference: https://garwarner.blogspot.com/2019/06/trickbot-new-injects-new-host.html

aefaldnessliverhearted.com
onlylocaltrade.com
remirollerros.com
wellsfargostrade.com

# Reference: https://twitter.com/malware_traffic/status/1146086054207873024

170.238.117.187:8082

# Reference: https://twitter.com/ps66uk/status/1147193022830059521

mailchi.mp/d975f55661ef/4jzmygx2t9
pasini.info

# Reference: https://twitter.com/seguridadyredes/status/1054112048559329282

http://185.92.74.85/index.php
98.177.188.224:49225

# Reference: https://twitter.com/James_inthe_box/status/1151140239122894848
# Reference: https://pastebin.com/wTidM7a9

187.58.56.26:449
146.196.122.167:449
177.103.240.149:449
131.196.184.141:449
103.117.232.198:449
163.53.80.228:449
190.152.4.210:449
138.59.233.5:449
36.89.85.103:449
146.196.122.152:449
170.84.78.186:449
131.255.82.24:449
186.138.152.228:449
180.250.197.188:449
181.129.93.226:449
186.42.226.46:449
190.13.160.19:449
186.183.199.114:449
177.8.172.86:449
181.129.140.140:449
103.87.48.66:449
177.52.79.29:449
168.227.229.112:449
186.42.186.202:449
138.121.24.78:449
131.0.142.120:449
181.129.49.98:449
181.115.168.69:449
172.245.241.25:443
107.191.109.143:443
193.124.176.170:443
206.217.143.91:443
23.94.137.179:443
23.94.137.223:443
94.103.94.97:443
92.38.171.12:443
89.105.203.180:443
185.141.25.101:443
195.133.196.102:443
185.252.144.213:443
198.46.190.37:443
78.155.206.85:443

# Reference: https://twitter.com/Racco42/status/1151098878466416641
# Reference: https://pastebin.com/94cAWDHm
# Reference: https://twitter.com/jcarndt/status/1154731650145763328

/hollyhole/c644.php
/hollyhole951/c644.php

# Reference: https://twitter.com/malware_traffic/status/1151540706508464134

luxuryvailrentals.com

# Reference: https://otx.alienvault.com/pulse/5d2f644f8fe9174629471028
# Reference: https://technical.nttsecurity.com/post/102fnog/targeted-trickbot-activity-drops-powerbrace-backdoor

qqcore.co
util98.com

# Reference: https://twitter.com/malwrhunterteam/status/1151382643277213696

get-office365.live

# Reference: https://twitter.com/Racco42/status/1152202184685236232

alco.co.in/images/flash_viewer.php
aloe-drink.com/host.php
alternativemedicinenis.com.au/images/view.php
amanchemicalsindia.in/images/visual.php
ambari.co.in/images/view_install.php
ambivium.org/fonts/myriad-pro-installerr.php

# Reference: https://twitter.com/Racco42/status/1152202311982354433

abarkagambia.com/backup.php
acaciarodriguez.com/images/gif_animator.php
accompagnatricidilusso.net/media.php
admimm.cl/images/flash_download.php
adminsystemcr.com/images/watermarks.php
ahangamalmagate.co.za/images/image_resizer.php

# Reference: https://twitter.com/Racco42/status/1152202470971625473

ambrosiapanama.com/images/imagedb.php
amcgsr.com.mx/images/imageresize.php
abidyahya.com/wp-test.php

# Reference: https://app.any.run/tasks/d8abd914-eccb-47f3-9619-734159777e1c/

23.94.93.106:443
192.243.102.102:447

# Reference: https://twitter.com/malware_traffic/status/1154511610649538560 (# Trickbot VNC Module)

107.155.66.16:5900

# Reference: https://twitter.com/matte_lodi/status/1155815877905997824

altxcode.com

# Reference: https://twitter.com/MalHunters/status/1158262554935713794

107.181.175.122:443
185.65.202.127:443
195.123.243.60:443

# Reference: https://twitter.com/ps66uk/status/1158446041643081728

/recenorg.php

# Reference: https://app.any.run/tasks/9cc66fab-9dba-4471-b77c-2dc461006ff0/

46.30.42.245:80
162.248.225.20:443

# Reference: https://twitter.com/425A_/status/1159152546805628930
# Reference: https://app.any.run/tasks/687bafc0-9d7c-4dd4-acb6-9162589e4b87/

http://5.53.124.203/index.php

# Reference: https://twitter.com/ps66uk/status/1159395052893933568

/inputok.php

# Reference: https://twitter.com/James_inthe_box/status/1164269734193274881
# Reference: https://pastebin.com/2R5TUnJS

103.207.1.44:449
103.84.238.3:449
107.175.33.16:443
107.181.175.122:443
131.196.184.141:449
146.185.219.27:443
168.227.229.112:449
177.103.240.149:449
178.170.189.117:443
180.250.197.188:449
181.129.140.140:449
181.129.49.98:449
181.129.93.226:449
181.176.160.145:449
185.172.129.146:443
185.174.172.60:443
186.156.52.78:449
186.183.199.114:449
186.42.186.202:449
186.42.226.46:449
186.47.40.234:449
186.47.82.6:449
187.58.56.26:449
189.80.134.122:449
190.13.160.19:449
190.13.190.178:449
190.151.213.140:449
190.152.36.30:449
190.152.38.66:449
190.152.4.210:449
190.154.203.218:449
191.37.181.152:449
192.3.146.179:443
198.12.97.212:443
198.46.198.12:443
200.119.45.140:449
202.9.120.79:449
31.184.253.6:443
36.89.85.103:449
37.228.117.250:443
45.237.240.178:449
5.53.124.49:443
79.143.31.94:443
82.118.21.99:443
89.105.203.184:443

# Reference: https://twitter.com/nahamike01/status/1166309356574347264
# Reference: https://www.virustotal.com/gui/file/bb23200f9c2c5f7764383d34d5d31aad164cd4e0281085256457872dd1ee2a8d/detection

45.137.151.112:443

# Reference: https://twitter.com/OttoScav/status/1169737229310275589

170.238.117.187:8082
186.10.243.70:8082
190.119.180.226:8082
131.161.105.206:8082
103.116.84.44:8082
200.35.43.105:80
103.194.90.242:80
103.87.48.54:80
190.152.125.162:80
103.84.238.3:80
192.3.105.136:443
54.37.229.180:443
192.227.142.155:443
23.94.204.80:443
5.230.26.41:443
45.80.148.236:443

# Reference: https://twitter.com/Artilllerie/status/1169924303053303808
# Reference: https://pastebin.com/aFeeUMJJ

103.116.84.44:8082
103.194.90.242:80
103.207.1.44:449
103.84.238.3:449
103.84.238.3:80
103.87.48.54:80
107.155.137.12:443
107.173.160.18:443
107.173.160.19:443
107.173.160.22:443
107.173.90.220:443
131.161.105.206:8082
131.196.184.141:449
146.196.122.167:449
168.227.229.112:449
170.238.117.187:8082
177.103.240.149:449
181.112.159.70:449
181.129.49.98:449
181.129.93.226:449
181.129.96.74:449
181.176.160.145:449
185.142.99.59:443
185.235.130.84:443
186.10.243.70:8082
186.156.52.78:449
186.42.186.202:449
186.42.226.46:449
186.46.63.58:449
186.47.40.234:449
187.58.56.26:449
189.80.134.122:449
190.109.189.119:449
190.119.180.226:8082
190.13.160.19:449
190.13.190.178:449
190.144.89.82:449
190.151.213.140:449
190.152.125.162:80
190.152.4.210:449
190.154.203.218:449
191.37.181.152:449
192.227.142.155:443
192.3.104.38:443
192.3.105.136:443
200.119.45.140:449
200.29.106.33:449
200.35.43.105:80
23.94.204.80:443
31.202.132.179:443
36.89.85.103:449
37.187.186.7:443
45.80.148.236:443
5.230.26.41:443
54.37.229.180:443
68.168.123.85:443
79.124.49.206:443
95.174.65.246:443

# Reference: https://www.ncsc.gov.uk/news/ryuk-advisory
# Reference: https://otx.alienvault.com/pulse/5d108ad7a63b52237073efd1

177.183.194.194:449
177.52.28.238:449
177.52.79.29:449
186.248.163.198:449
186.42.186.202:449
187.65.49.88:449
187.8.169.10:449
187.95.123.179:449
187.95.32.18:449
191.241.233.195:449
200.107.59.130:449
200.110.72.134:449
200.35.56.81:449
200.83.49.141:449

# Reference: https://twitter.com/0XCHAR/status/1175154224046452742

rvmzrf24dgmr4tce.onion
107.155.137.8:447
107.173.160.29:447
145.239.188.95:447
178.157.82.135:447
178.170.189.239:447
185.250.204.126:447
195.123.221.104:447
195.123.221.178:447
195.123.238.36:447
195.123.247.27:447
23.95.214.138:447
37.228.117.65:447
45.8.126.5:447
46.4.167.254:447
5.53.124.55:447
91.92.128.237:447
92.63.102.212:447

# Reference: https://twitter.com/makflwana/status/1176877958473977857
# Reference: https://app.any.run/tasks/a7be32af-a368-4200-b8c6-9b64b2d170be/

http://144.91.69.195/solar.php
51.254.69.244:443

# Reference: https://pastebin.com/5XF67ZmJ

103.194.90.242:80
103.84.238.3:80
103.87.48.54:80
104.244.73.115:443
107.172.143.155:443
138.185.25.228:449
138.59.233.5:449
146.196.122.167:449
170.233.120.53:449
170.84.78.117:449
177.103.240.149:449
181.115.168.69:449
181.129.49.98:449
181.129.93.226:449
181.196.61.110:449
181.199.102.179:449
181.49.61.237:449
185.222.202.49:443
185.70.182.162:449
186.183.199.114:449
186.42.185.10:449
186.42.186.202:449
186.42.226.46:449
186.42.98.254:449
187.110.100.122:449
190.13.160.19:449
190.152.4.210:449
190.152.4.98:449
192.227.142.155:443
193.29.56.122:443
200.153.15.178:449
200.21.51.38:449
200.29.106.33:80
200.35.56.81:449
201.184.137.218:80
23.94.204.80:443
36.89.85.103:449
45.161.33.88:449
91.207.185.73:449

# Reference: https://twitter.com/killamjr/status/1181657813417959424

185.130.104.157:443

# Reference: https://twitter.com/malware_traffic/status/1182090303420997632

cardesign-analytics.com
dzbvyejoy81.com
t7763jykqeiy.com
/leo20/

# Reference: https://twitter.com/James_inthe_box/status/1182999215833677826

172.245.118.105:446

# Reference: https://twitter.com/0xFrost/status/1184189273010032640

185.79.242.204:449
194.5.250.82:443
194.5.250.83:443

# Reference: https://twitter.com/killamjr/status/1184204867545513987
# Reference: https://pastebin.com/1xzBiPm6

109.234.34.135:443
138.185.25.228:449
170.233.120.53:449
170.84.78.117:449
177.103.240.149:449
181.113.20.186:449
181.115.168.69:449
181.129.49.98:449
181.49.61.237:449
185.222.202.222:443
185.222.202.223:443
185.244.150.142:443
185.70.182.162:449
185.79.242.204:449
185.79.243.37:449
186.42.185.10:449
186.42.186.202:449
186.42.98.254:449
187.58.56.26:449
188.137.81.201:449
189.80.134.122:449
190.13.160.19:449
190.152.4.98:449
190.154.203.218:449
194.5.250.82:443
194.5.250.83:443
195.93.223.100:449
200.116.199.10:449
200.21.51.38:449
200.35.56.81:449
31.184.253.37:443
31.214.138.207:449
36.89.85.103:449
45.142.213.58:443
45.161.33.88:449
45.66.11.116:443
45.80.148.30:443
46.30.41.229:443
5.185.67.137:449
66.55.71.11:443
78.88.188.42:449
81.190.160.139:449
85.11.116.194:449
89.25.238.170:449
91.207.185.73:449
94.156.144.3:443

# Reference: https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html (# Win.Dropper.Trickbot-7340237-0)

46igeuohbyzeokpe.onion

# Reference: https://twitter.com/malware_traffic/status/1189950830448959488
# Reference: https://app.any.run/tasks/bec0f8ee-7050-4c37-999a-2a3c2f152c36/

144.91.79.12:443
85.204.116.139:443

# Reference: https://twitter.com/malware_traffic/status/1190026665952497667

185.222.202.192:443
185.99.2.104:447
186.71.150.23:449

# Reference: https://pastebin.com/29uSdMAk

192.3.104.46:443

# Reference: https://twitter.com/stecar792/status/1194746230997495808
# Reference: https://pastebin.com/SKBmjFGm

103.219.213.102:449
103.255.10.24:449
107.173.240.221:443
117.196.233.100:449
117.197.119.219:449
117.204.253.33:449
117.206.149.29:449
117.255.221.135:449
144.91.80.253:443
145.239.188.90:447
177.105.242.229:449
177.154.86.145:449
181.112.157.42:449
181.113.28.146:449
181.113.28.162:449
181.129.104.139:449
181.129.134.18:449
181.129.167.82:449
181.140.173.186:449
181.196.207.202:449
184.95.51.5:447
185.141.61.29:443
185.177.59.41:447
185.189.122.68:449
185.222.202.242:447
185.222.202.25:443
185.252.144.145:447
185.57.167.32:449
185.99.2.166:447
189.28.185.50:449
192.3.247.117:447
194.5.250.109:443
194.5.250.136:447
194.5.250.162:447
195.123.220.151:447
195.123.220.155:443
195.123.221.190:447
195.123.239.79:447
198.24.151.211:447
212.73.150.144:447
212.80.218.144:443
45.141.102.2:443
45.224.214.34:449
45.238.37.14:449
5.182.210.254:443
5.2.79.203:447
51.89.115.110:443
62.109.22.2:443
62.109.30.70:447
66.55.71.129:447
66.77.59.41:447
66.85.173.57:443
78.24.219.9:443
85.143.219.117:447
85.204.116.91:447
91.108.150.213:449
94.156.144.74:443
95.181.198.94:447
cmw5x56e4whk6dpx.onion

# Reference: https://twitter.com/malware_traffic/status/1196554607658459136
# Reference: https://app.any.run/tasks/1496c35f-f44a-4913-b7de-847a421bdfe1/

94.103.82.99:2050

# Reference: https://twitter.com/malware_traffic/status/1199082009387290630

190.142.200.108:449
200.21.51.38:449
5.34.176.212:447

# Reference: https://twitter.com/malware_traffic/status/1201890411343761409

157.25.102.50:80
185.62.189.132:443
64.44.133.151:443
66.55.71.152:447

# Reference: https://twitter.com/malware_traffic/status/1201923577689174016

107.172.82.165:80

# Reference: https://any.run/malware-trends/trickbot (Note: as seen on 2019-12-04)

qxq.ddns.net
thuocnam.tk
office.webxpo.us
driverconnectsearch.info

# Reference: https://otx.alienvault.com/pulse/5df0edc2630945dce885b806

qfcallc.com
chishir.com
carambaneed.club
kostunivo.com
northracing.net
mangoclone.com
excelestimation.com
sodonnews.com
onixcellent.com
cics.secureforge.info
wuniuqhi5byfc5qh.onion

# Reference: https://twitter.com/malware_traffic/status/1205171614788313101

172.82.152.136:443
198.46.161.213:443
23.94.70.12:443

# Reference: https://twitter.com/James_inthe_box/status/1205547881496641536
# Reference: https://www.virustotal.com/gui/file/bcc9b0a91e0280fdb89c20954c11f3555c335cc96e4742f7d7ad1a0238f97966/detection

91.134.14.26:443
93.190.143.26:443
spirrits.com

# Reference: https://twitter.com/smica83/status/1206957311668953088

100.38.123.22:443
181.123.59.111:443
181.126.80.118:443
73.179.178.78:443
75.110.250.89:443

# Reference: https://twitter.com/malware_traffic/status/1208205659466092544

181.129.104.139:449
51.89.204.240:447

# Reference: https://twitter.com/luc4m/status/1214981595301462017
# Reference: https://pastebin.com/qeQZP0Tu

5.182.210.109:443
36.89.85.103:449
45.137.151.198:443
46.174.235.36:449
51.89.115.124:443
78.24.223.88:443
114.8.133.71:449
119.252.165.75:449
121.100.19.18:449
131.161.253.190:449
146.185.253.191:443
164.68.120.60:443
170.84.78.224:449
171.100.142.238:449
172.82.152.11:443
180.180.216.177:449
181.112.157.42:449
181.113.28.146:449
181.129.104.139:449
181.129.134.18:449
181.140.173.186:449
181.196.207.202:449
185.141.27.190:443
185.177.59.163:443
185.213.20.246:443
186.71.150.23:449
186.232.91.240:449
188.120.254.68:443
188.165.62.34:443
190.214.13.2:449
195.123.220.178:443
198.23.209.201:443
200.21.51.38:449
200.127.121.99:449
202.29.215.114:449

# Reference: https://pastebin.com/GyzCEEXH

114.8.133.71:449
119.252.165.75:449
121.100.19.18:449
131.161.253.190:449
146.185.219.31:443
164.68.120.60:443
170.84.78.224:449
171.100.142.238:449
176.119.159.204:443
180.180.216.177:449
181.112.157.42:449
181.113.28.146:449
181.129.104.139:449
181.129.134.18:449
181.140.173.186:449
181.196.207.202:449
185.62.188.83:443
186.232.91.240:449
186.71.150.23:449
190.214.13.2:449
195.123.221.194:443
195.123.240.81:443
198.23.209.201:443
198.8.91.10:443
200.127.121.99:449
200.21.51.38:449
202.29.215.114:449
23.95.231.187:443
36.89.85.103:449
46.174.235.36:449
5.182.210.109:443
5.182.211.44:443
5.2.76.122:443
51.89.73.159:443
64.44.133.157:443
79.174.12.245:443
85.143.219.230:443
92.63.105.138:443
95.181.198.151:443

# Reference: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
# Reference: https://otx.alienvault.com/pulse/5e173a76a3ecc18449d121a0

kostunivo.com
magichere.icu
magikorigin.me
northtracing.net
traveldials.com
web000aaa.info
wizardmagik.best

# Reference: https://feodotracker.abuse.ch/browse/host/203.176.135.102/ (# Trickbot)
# Reference: https://www.virustotal.com/gui/ip-address/203.176.135.102/relations

203.176.135.102:80
203.176.135.102:8082

# Reference: https://twitter.com/reecdeep/status/1220678917448749057

185.159.82.182:80

# Reference: https://www.virustotal.com/gui/file/fe2c4521ea823e91f2bf43d3261d699b6e5dc077a87ff7adb79088bba73c5eb5/detection

5.182.210.226:443
104.168.96.113:443

# Reference: https://www.virustotal.com/gui/file/a2e3ebf2b30d9f0736e37346f33d7f18da4da9a44448e05bf4d3dada500a91b9/detection

107.173.26.231:447
181.129.104.139:449

# Reference: https://www.virustotal.com/gui/file/fe2c4521ea823e91f2bf43d3261d699b6e5dc077a87ff7adb79088bba73c5eb5/detection

5.2.75.167:443

# Reference: https://www.virustotal.com/gui/file/e71419cd556dd730ebee920968e97ff5a16441fcfe51cf7da616421d2011c5fb/detection

146.185.253.177:447
85.143.217.237:447
85.204.116.233:447

# Reference: https://app.any.run/tasks/8ece34b7-9b69-4698-87d2-e8f61aaf3437/

5.182.210.246:443
164.68.120.56:443

# Reference: https://blog.talosintelligence.com/2020/01/threat-roundup-0117-0124.html (# Win.Packed.TrickBot-7541396-1)

2cdajlnnwxfylth4.onion
teene.site

# Reference: https://twitter.com/malware_traffic/status/1221919676030042112
# Reference: https://www.virustotal.com/gui/ip-address/107.175.116.133/relations
# Reference: https://www.virustotal.com/gui/ip-address/195.123.221.53/relations
# Reference: https://pastebin.com/YxFc5dgG
# Reference: https://app.any.run/tasks/b4d6f542-7582-4de9-87cd-d959e995b68d/
# Reference: https://app.any.run/tasks/c9f6e633-9784-4bee-96c5-d6803a7896b7/

107.175.116.133:80
185.66.12.59:447
195.123.221.53:443
195.123.221.53:447
195.158.224.103:447
5.182.210.230:443
78.24.221.145:447
92.63.98.59:447

# Reference: https://www.virustotal.com/gui/file/3193ec3b85f65b8b899ab5b189314e1eccfc61e098341397d76720c17f0a32b8/detection

162.247.155.133:447
198.8.91.25:447

# Reference: https://twitter.com/reecdeep/status/1218098821143703552

185.159.82.96:80

# Reference: https://pastebin.com/Mc1UwKae

103.94.122.254:8082
112.78.164.34:8082
190.100.16.210:8082
177.74.232.124:80
36.89.106.69:80
96.9.73.73:80
96.9.77.142:80
164.68.96.155:443
185.99.2.137:443
185.99.2.185:443
188.165.62.29:443
188.165.62.2:443
195.123.216.95:443
195.123.219.93:443
5.2.64.188:443
5.2.78.191:443

# Reference: https://github.com/SentineLabs/PowerTrick/commit/c046404538d11044f8df0ce98491292fe618660e

192.99.38.41:80
5.9.161.246:80
drive.staticcontent.kz

# Reference: https://twitter.com/reecdeep/status/1224333532681641985

91.196.70.100:80

# Reference: https://twitter.com/James_inthe_box/status/1224442114374717444

it-corp.info

# Reference: https://twitter.com/malware_traffic/status/1224476088946122752

212.109.195.175:447

# Reference: https://www.herbiez.com/?p=949

107.22.214.64:80
149.56.167.227:443
172.82.152.171:443
178.156.202.114:443
178.156.202.206:443
188.165.62.15:443
188.165.62.46:443
188.165.62.8:443
194.87.102.167:8082
194.87.102.36:443
199.181.238.221:443
199.181.238.224:443
210.16.102.251:443
217.12.210.54:447
37.59.80.96:443
46.105.238.157:443
5.152.210.176:443
5.2.65.130:443
5.2.76.34:443
51.254.164.249:443
66.85.27.165:443
67.21.84.23:443
84.238.198.166:449
84.40.65.85:449
89.46.222.240:443
89.46.222.246:443
91.139.236.92:449
95.154.199.118:1062
campusassas.com
campuslinne.com
changetheworld.bit

# Reference: https://twitter.com/nhs281/status/1228752573215248387
# Reference: https://app.any.run/tasks/cdc172e1-36e8-446d-b0bf-b860f312c26f/

185.11.146.86:443
185.45.193.76:443
51.254.164.240:443
5.2.78.70:443

# Reference: https://twitter.com/malware_traffic/status/1230214222111485953

185.62.188.10:443
192.3.124.40:80

# Reference: https://twitter.com/malware_traffic/status/1230260269596758016

195.123.220.154:447

# Reference: https://twitter.com/malware_traffic/status/1232370158494154754

45.138.72.155:443

# Reference: https://twitter.com/malware_traffic/status/1232782901927972865

104.237.194.147:80

# Reference: https://twitter.com/malware_traffic/status/1232790448051281921
# Reference: https://www.virustotal.com/gui/file/6f55f3b1415b5bf9dda57158f05fe628edb92b436887ad72f3d4bd108e8542d2/detection
# Reference: https://www.virustotal.com/gui/file/f9507a76801d5b1b83704a5019cdc312de18b004f16c5547b91b7dba086b2e29/detection

http://51.89.115.99
51.89.115.99:443
155.138.216.133:443
defenswin.com

# Reference: https://twitter.com/James_inthe_box/status/1233086420857708544
# Reference: https://www.virustotal.com/gui/ip-address/161.117.177.248/relations

barbeyo.xyz
basorkiq.host
emmnebuc.xyz
merystol.xyz
pnxkntdl.xyz
soficatan.site
tozcftdl.xyz
veqejzkb.xyz

# Reference: https://twitter.com/seguridadyredes/status/1234215349454876672/photo/1
# Reference: https://www.virustotal.com/gui/ip-address/107.172.208.30/relations

http://107.172.208.30

# Reference: https://twitter.com/Arkbird_SOLG/status/1234624555131555841
# Reference: https://www.virustotal.com/gui/ip-address/5.34.176.184/relations
# Reference: https://www.virustotal.com/gui/file/08ea96e4b9e71cc0281938d91fe7b12f77a2ade37845d1110afd75f225603bae/detection

http://5.34.176.184
5.34.176.184:443

# Reference: https://twitter.com/MalHunters/status/1069898222636679168
# Reference: https://pastebin.com/SUbUY0if

105.27.171.234:449
107.174.34.202:443
108.160.196.130:449
140.190.54.187:449
172.222.97.179:449
182.253.20.66:449
190.145.74.84:449
192.3.52.107:443
192.52.167.145:443
193.29.56.3:443
198.46.131.164:443
198.46.160.217:443
198.46.198.241:443
199.227.126.250:449
206.130.141.255:449
24.227.222.4:449
24.247.181.155:449
24.247.181.226:449
24.247.182.174:449
24.247.182.179:449
24.247.182.29:449
24.247.182.39:449
24.247.182.7:449
47.49.168.50:443
64.128.175.37:449
65.31.241.133:449
71.94.101.25:443
72.189.124.41:449
72.241.62.188:449
74.132.135.120:449
74.134.5.113:449
74.140.160.33:449
75.108.123.165:449
89.46.222.239:443
94.232.20.113:443
97.87.172.0:449

# Reference: https://twitter.com/malware_traffic/status/1235261812083482624

192.3.193.162:443
5.182.210.226:443
64.44.133.156:447

# Reference: https://blog.talosintelligence.com/2020/03/threat-roundup-0228-0306.html (# Win.Malware.Trickbot-7603048-1)

107.181.246.213:443
185.86.150.89:443
191.7.30.30:443
193.124.117.189:443
193.124.117.189:447
194.87.144.16:443
194.87.92.113:443
195.62.52.96:443
37.59.183.142:443
67.21.90.106:443
67.21.90.109:443
87.121.76.172:443
87.121.76.172:449
91.219.28.58:443
91.219.28.80:443
http://107.181.246.213
http://185.86.150.89
http://191.7.30.30
http://193.124.117.189
http://194.87.144.16
http://194.87.92.113
http://195.62.52.96
http://37.59.183.142
http://51.254.164.249
http://67.21.90.106
http://67.21.90.109
http://84.238.198.166
http://87.121.76.172
http://91.219.28.58
http://91.219.28.80

# Reference: https://twitter.com/JAMESWT_MHT/status/1237028470565240832
# Reference: https://www.virustotal.com/gui/ip-address/162.244.32.210/relations

162.244.32.210:443

# Reference: https://gist.github.com/kirk-sayre-work/3999514ffdd15923ac1290c4bd74d2b0

big-partynew.ru
birthdayeventdxb.com
bootiky.com
elievarsen.ru
luxjewelleries.com
wex-notdead.ru
gettonatissime.cyprustimbermerchants.com
lookmodeusa.com
vatonly.com

# Reference: https://www.virustotal.com/gui/ip-address/64.44.133.131/relations
# Reference: https://app.any.run/tasks/5c03c481-ab9a-4d3d-b22f-47cf859b9d6f/

http://64.44.133.131
146.185.253.176:447
51.254.164.245:443
64.44.133.131:447

# Reference: https://twitter.com/pancak3lullz/status/1240983894461231104
# Reference: https://www.virustotal.com/gui/ip-address/185.62.188.159/relations

http://185.62.188.159

# Reference: https://twitter.com/benkow_/status/1242457353070546944
# Reference: https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/ (# TrickMo variation)
# Reference: https://twitter.com/benkow_/status/1242526274217746432

facebouk.net
mcsoft365.com
pingconnect.net
web5401.com
webnat.host

# Reference: https://twitter.com/benkow_/status/1536247467234189313

deconnect.at
demospeed.org
itwww.org
letsencryp.at

# Reference: https://www.virustotal.com/gui/ip-address/195.123.220.193/relations

http://195.123.220.193
195.123.220.193:443

# Reference: https://twitter.com/AltShiftPrtScn/status/1243166479903834112
# Reference: https://blog.reversinglabs.com/blog/exposing-ryuk-variants-using-yara
# Reference: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
# Reference: https://otx.alienvault.com/pulse/5e7cc5274bea708f20593bec

norulless.com

# Reference: https://twitter.com/malware_traffic/status/1243674365222322176

doha-media.com

# Reference: https://twitter.com/laskow26/status/1244576312724836352
# Reference: https://laskowski-tech.com/2020/03/29/opnsense-and-ssl-decryption-using-sslsplit/

http://172.245.156.138
http://51.254.164.244
http://51.254.164.245
172.245.156.138:443
51.254.164.244:443

# Reference: https://twitter.com/hatching_io/status/1246092812103421953
# Reference: https://tria.ge/reports/200403-3kjagsdnqa/behavioral1

109.86.227.152:443
111.69.87.59:449
138.34.32.218:443
138.34.32.74:443
158.58.131.54:443
173.26.243.116:443
182.253.210.130:449
185.146.156.237:443
185.159.129.78:443
185.228.232.13:443
187.163.215.32:443
199.250.230.169:443
200.2.126.98:443
201.174.70.238:443
209.131.236.23:443
36.74.100.211:449
45.56.2.247:443
47.40.90.210:443
62.31.150.202:443
66.229.97.133:443
66.232.212.59:443
67.159.157.150:443
73.107.42.28:443
77.246.158.173:443
86.61.177.139:443
93.109.242.134:443
95.213.191.30:443

# Reference: https://twitter.com/makflwana/status/1247779774623150080
# Reference: https://app.any.run/tasks/b3f18101-314e-47a6-bf21-d1ebc3820765/
# Reference: https://www.virustotal.com/gui/ip-address/194.5.250.189/relations
# Reference: https://www.virustotal.com/gui/ip-address/195.123.239.194/relations

http://194.5.250.189
http://195.123.239.194
194.5.250.189:447
195.123.239.194:443

# Reference: https://labs.sentinelone.com/deep-dive-into-trickbot-executor-module-mexec-hidden-anchor-bot-nexus-operations/
# Reference: https://otx.alienvault.com/pulse/5e8e2c6890241d5f774cdea3
# Reference: https://otx.alienvault.com/pulse/5ebf07c5b90ea8b330e8561a

http://104.168.98.206
http://107.173.160.14
http://172.82.152.15
http://185.98.87.185
http://198.46.161.242
http://64.91.251.250
http://85.204.116.245

# Reference: https://bazaar.abuse.ch/sample/80d162a9d3998938dbf4e82b4411c7aebf3365bef53412c622de318062da3c70/

103.12.161.194:449
103.5.231.188:449
108.170.61.186:443
131.161.253.190:449
134.255.221.55:447
148.251.185.164:443
164.68.120.58:443
171.100.142.238:449
181.129.134.18:449
185.141.27.225:443
185.14.29.141:443
185.161.211.215:447
185.90.61.62:443
185.99.2.197:443
185.99.2.44:443
185.99.2.67:447
188.165.62.2:447
190.214.13.2:449
194.5.250.201:443
195.123.237.105:443
202.29.215.114:449
31.131.20.159:447
31.131.21.184:443
5.1.74.249:447
51.89.115.108:443
51.89.115.112:443
62.109.30.83:447
91.235.129.199:443
94.250.249.170:443
94.250.250.69:443

# Reference: https://twitter.com/malware_traffic/status/1252320726557827073

http://107.172.221.106

# Reference: https://twitter.com/malware_traffic/status/1252716888188227584
# Reference: https://app.any.run/tasks/dcc8420c-c71c-45f2-bdd6-40bf448d5dde/
# Reference: https://app.any.run/tasks/11e79d9c-b6c6-4980-98f0-b5a17bddb94f/
# Reference: https://app.any.run/tasks/796ceffe-4e46-49fc-80c5-32d5cd091fc3/
# Reference: https://www.virustotal.com/gui/ip-address/194.5.250.52/relations

http://62.171.152.105
http://194.5.250.52
194.5.250.52:443
194.5.250.52:447
fetitech.live

# Reference: https://twitter.com/James_inthe_box/status/1250907772494864384
# Reference: https://twitter.com/DynamicAnalysis/status/1252982471811043331
# Reference: https://www.bleepingcomputer.com/news/security/bazarbackdoor-trickbot-gang-s-new-stealthy-network-hacking-malware/

petromltd.com
bestgame.bazar
forgame.bazar
newgame.bazar
portgame.bazar
thegame.bazar

# Reference: https://twitter.com/abuse_ch/status/1255413734325059586
# Reference: https://twitter.com/reecdeep/status/1255866535945568257
# Reference: https://bazaar.abuse.ch/sample/3008d3a85d42533167443e236755a01ae25d008728dbcd9630d99a42db30fbae/

chinatyres.net/IuNbOpen/oiUnbYATR.php

# Reference: https://thedfirreport.com/2020/04/30/tricky-pyxie/
# Reference: https://app.any.run/tasks/e4ab5166-07a5-4399-87d1-63e543f5c3b5/

103.227.147.82:449
110.232.76.39:449
110.93.15.98:449
122.50.6.122:449
148.251.185.186:443
151.80.212.114:443
164.132.255.19:443
176.119.159.147:443
178.156.202.251:443
185.234.72.193:443
185.234.72.50:443
185.99.2.152:447
188.119.113.60:443
190.136.178.52:449
194.5.250.200:443
200.171.101.169:449
217.12.209.159:443
217.12.209.176:447
217.12.209.244:443
36.91.45.10:449
45.6.16.68:449
5.182.210.178:443
5.182.210.30:447
5.196.247.14:443
51.254.164.243:443
51.89.115.121:443
93.189.42.81:443
96.9.77.56:449

# Reference: https://twitter.com/malware_traffic/status/1255939600184496130

dichthuatsnu.com/goodweb/

# Reference: https://twitter.com/malware_traffic/status/1256297802948399104

piedmontrescue.org/sport/

# Reference: https://twitter.com/James_inthe_box/status/1257418677760282624

spdtextile.com/sport/

# Reference: https://twitter.com/James_inthe_box/status/1257365981233635335

185.99.2.133:443

# Reference: https://twitter.com/VK_Intel/status/1258519788885700611
# Reference: https://www.virustotal.com/gui/file/9e4edad037a06e1cfa803adca84b3950b3e9fbe471397c71db53b0ab1510cc56/detection

http://193.38.54.106
http://45.148.120.176
193.38.54.106:443
45.148.120.176:443

# Reference: https://twitter.com/vk_intel/status/1259905046134829056
# Reference: https://otx.alienvault.com/pulse/5ebafadd0dddaee2f8bb193b

dns.dnsskype.com
dns2.dnsskype.com
dns3.dnsskype.com

# Reference: https://twitter.com/abuse_ch/status/1270740309140529152
# Reference: https://twitter.com/abuse_ch/status/1270773648262119424

copsbiau.monster
mnjcszrh.monster
shmbidgp.monster
vmrriktf.monster
ygzggxeh.monster

# Reference: https://twitter.com/reecdeep/status/1270961624954830848
# Reference: https://app.any.run/tasks/e26e317f-7ab5-4bca-b497-d14516332797/
# Reference: https://www.virustotal.com/gui/ip-address/85.204.116.100/detection

85.204.116.100:443
coprikompatt.com/autostart/apptrace.php

# Reference: https://twitter.com/reecdeep/status/1272782327278637057

134.119.191.11:443
185.99.2.65:443
5.1.81.68:443
51.81.112.144:443
memberlogin.cloud

# Reference: https://twitter.com/OttoScav/status/1272937840301813763
# Reference: https://twitter.com/OttoScav/status/1272984737343320065
# Reference: https://twitter.com/OttoScav/status/1272984829785767937
# Reference: https://twitter.com/OttoScav/status/1272984893040005120

103.111.83.246:449
107.175.72.141:443
110.50.84.5:449
134.119.191.21:443
182.253.113.67:449
185.14.31.104:443
185.90.61.9:443
185.99.2.66:443
192.3.247.123:443
194.5.250.121:443
200.107.35.154:449
36.66.218.117:449
36.89.182.225:449
36.89.243.241:449
36.92.19.205:449
78.108.216.47:443
80.210.32.67:449
85.204.116.216:443
91.235.129.20:443
95.171.16.42:443

# Reference: https://twitter.com/malware_traffic/status/1273007235115999233

195.123.221.93:443
85.143.222.208:447

# Reference: https://www.virustotal.com/gui/file/fd9a7d0013a7407a82d7ce662b5e3ec2d20b33681e1e3600e409b1ed8d086dfa/detection

217.12.209.60:443
217.12.209.60:80

# Reference: https://twitter.com/bit_dam/status/1275141957187244036

covidsonline.com

# Reference: https://twitter.com/reecdeep/status/1275316892635463680
# Reference: https://app.any.run/tasks/0efc7226-4b9e-4775-bf74-c54ea72997c5/
# Reference: https://app.any.run/tasks/2c8af64d-f294-4847-8f50-09f42eccee12/

lawyersblog.net

# Reference: https://bazaar.abuse.ch/sample/024d1e75caece924601857b3e631b56936784215267c89d4ebc20f32258fa689/
# Reference: https://bazaar.abuse.ch/sample/04c2d16ee5463453c04a6b4645f6a36f2485d91bd86fb18a9ed20446fdc57728/

http://23.95.231.200

# Reference: https://twitter.com/p5yb34m/status/1278146363734126592

ruths-brownies.com/adbanner/ololomadam.php

# Reference: https://twitter.com/abuse_ch/status/1278321543953735682

terracotia.xyz

# Reference: https://bazaar.abuse.ch/sample/44639ea41979b4c2128df89a16f8d1c277e16ddad27372bcb33e6956de3eeb90/

http://185.14.30.131

# Reference: https://bazaar.abuse.ch/sample/b4eb31112cb2d0686ea3e88ab33569a0c902cb14331bb5f12a206d6f61b6b1fe/

http://194.5.249.107

# Reference: https://bazaar.abuse.ch/sample/ccbfecc4794a51d7e8a3cb58a3b0c5dc9f7ab301d5cdc9669bb0fc0fad8f0eff/

pinskdrev.market
archive.saturn.mn

# Reference: https://bazaar.abuse.ch/sample/8c47730867b57083f6ec4ab8c237f32f556c04ee4a973f2fc1c1be2919e49199/

http://185.99.2.83

# Reference: https://bazaar.abuse.ch/sample/53443315360c434457eca1626003a288924a363677a4e1ca1bbaad902f677674/

http://185.45.192.232

# Reference: https://bazaar.abuse.ch/sample/2b354d7dccd32f56af516f35821d9d389271da55cd4c9c7a97f30303d1136e04/

http://185.180.197.66

# Reference: https://bazaar.abuse.ch/sample/c7b6b5c5fd0241015dea2d5bf76f50143844676bec4b1a57284af92a75a367db/

http://93.189.41.196

# Reference: https://twitter.com/VK_Intel/status/1281570630169759745

http://66.70.218.46

# Reference: https://twitter.com/malware_traffic/status/1281682198815477761
# Reference: https://app.any.run/tasks/659cdd3a-d99a-4702-8f1e-e4e8f1357845/

http://45.11.183.78

# Reference: https://urlhaus.abuse.ch/browse/tag/chil65/

http://192.210.152.100
http://66.70.218.45
http://94.140.115.48

# Reference: https://medium.com/stage-2-security/anchor-dns-malware-family-goes-cross-platform-d807ba13ca30 (# anchor_dns)
# Reference: https://otx.alienvault.com/pulse/5f0c8ae66a7df4bc2d9fdf70

biillpi.com

# Reference: https://twitter.com/reecdeep/status/1284005945962631169

http://195.123.242.93

# Reference: https://www.virustotal.com/gui/file/8a96a8d0337d095c05f291e97927a2f7ff8ceab6db9335c44a842ac7791c863e/detection

http://162.216.0.182
162.216.0.182:447

# Reference: https://www.virustotal.com/gui/file/24ffa4b433cd90f30b432b6007a066672ef0a886d56f2938b9a41234d754e861/detection

http://85.204.116.144
85.204.116.144:447

# Reference: https://twitter.com/killamjr/status/1287896689685278720
# Reference: https://app.any.run/tasks/694cccad-ce08-4348-bea9-899e022d7224/

http://188.40.203.198
http://198.46.198.115

# Reference: https://app.any.run/tasks/3aeb59d6-3f23-4d67-9a78-9237040e84f2/

107.174.196.242:443
183.81.154.113:449
186.159.8.218:449
195.123.241.187:443

# Reference: https://twitter.com/malware_traffic/status/1291113168157188097

kiwizon.com/junkreps/sllep.php

# Reference: 

hanayadefi.com/js/crypt_bot32.dll
hanayadefi.com/js/d2.dll
hanayadefi.com/js/PO1DD.dll

# Reference: https://twitter.com/abuse_ch/status/1294169425826983936

anikastyle.com/ram2base.php

# Reference: https://twitter.com/malware_traffic/status/1294073727014129665

http://138.68.78.51
/campo/22/22
timseddon.com/loader.dll

# Reference: https://twitter.com/ViriBack/status/1321779235221053441
# Reference: https://twitter.com/500mk500/status/1321807553249103875
# Reference: https://www.virustotal.com/gui/ip-address/207.154.210.66/relations
# Reference: https://www.virustotal.com/gui/file/511d6897758dab59c545bd39d7c3a78b47cf756fe241dc21a9e05480ada9c4af/detection
# Reference: https://www.virustotal.com/gui/file/6195dac0f280220406c8a2c4705b99c8ea20a28c9e67c9ae9554fd206775f826/detection

foreverbold.xyz
nightsalmon.xyz
superstartart.xyz
/campo/b/b

# Reference: https://twitter.com/malware_traffic/status/1295497122276679682

alphasheild.com/metalf.php

# Reference: https://twitter.com/InQuest/status/1296852524654301185
# Reference: https://twitter.com/InQuest/status/1297051748293586944
# Reference: https://www.virustotal.com/gui/file/1951fe180603952a4f329f14a22161c7c3275a6cf62e861c4451d8351b3f36b3/detection

http://195.123.232.163
http://195.123.242.118
107.155.137.18:443
91.200.100.85:443
disk-cloud-app.com
template-doc.com

# Reference: https://twitter.com/h2jazi/status/1297911526972686339
# Reference: https://www.virustotal.com/gui/domain/yektairon.com/detection
# Reference: https://github.com/pan-unit42/tweets/blob/master/2020-08-24-Trickbot-gtag-ono66-IOCs.txt

yektairon.com
/brands/goodmanstory.php

# Reference: https://twitter.com/VirITeXplorer/status/1298195728532111360

http://107.174.192.219

# Reference: https://www.virustotal.com/gui/file/17c04932b68cbacea61759b43dc393b1c7dc32dd13276473c3f32411e0f380ef/detection

180.211.170.214:449
195.123.241.90:443
198.46.198.128:447
86.104.194.116:443

# Reference: https://www.virustotal.com/gui/file/b08a808cd66128c3f1fbfb008dbc26471075af804eff2c724fe773787c429391/detection

http://104.161.32.109

# Reference: https://github.com/pan-unit42/tweets/blob/master/2020-08-25-IOCs-for-Emotet-with-Trickbot.txt

91.200.103.236:447

# Reference: https://tria.ge/200831-4tkx1hyjd6/behavioral1

51.89.177.20:443
194.5.249.174:443
107.174.196.242:443
185.205.209.241:443
82.146.46.220:443
5.34.178.126:443
212.22.70.65:443
195.123.241.90:443
185.164.32.214:443
198.46.198.139:443
195.123.241.187:443
86.104.194.116:443
195.123.240.252:443
185.164.32.215:443
45.148.120.195:443
45.138.158.32:443
5.149.253.99:443
92.62.65.163:449
88.247.212.56:449
180.211.170.214:449
186.159.8.218:449
158.181.155.153:449
27.147.173.227:449
103.130.114.106:449
103.221.254.102:449
187.109.119.99:449
220.247.174.12:449
183.81.154.113:449
121.101.185.130:449
200.116.159.183:449
200.116.232.186:449
103.87.169.150:449
180.211.95.14:449
103.36.48.103:449
45.127.222.8:449
112.109.19.178:449
36.94.33.102:449
110.232.249.13:449
177.190.69.162:449

# Reference: https://www.virustotal.com/gui/file/54c3e01a3dee75c7137c63a25915b7bec1876a8fc65047eff99b97d9ca6cd5c6/detection

66.70.218.37:443
86.104.194.108:443

# Reference: https://www.virustotal.com/gui/file/75682633e0cf3922340da72927e6c2c0900f055368afbbc1438f9112115e1f61/detection

http://66.70.218.37
http://85.204.116.188

# Reference: https://otx.alienvault.com/pulse/5ea7262636e7f750733c7436

bestgame.bazar
coastdeny.bazar
eventmoult.bazar
forgame.bazar
newgame.bazar
portgame.bazar
realfish.bazar
tallcareful.bazar
thegame.bazar
workrepair.bazar
zirabuo.bazar

# Reference: https://twitter.com/malware_traffic/status/1303501213225365505

http://185.172.129.67

# Reference: https://twitter.com/malware_traffic/status/1309698130468896768
# Reference: https://app.any.run/tasks/018be08a-518e-449f-b7cc-3bc8b5cd8031/

179.97.246.23:449
195.123.242.119:443
89.249.65.23:447

# Reference: https://www.virustotal.com/gui/file/c184c87b5b9f87c864b5356695afbe4b147e83de5a7cba789824856b3d346275/detection

79.110.52.39:80

# Reference: https://www.virustotal.com/gui/file/05e43d0d10284517dbdfe13647eb049ffba1ab119b4a39738365b685e3a30e9b/detection

185.99.2.123:443

# Reference: https://www.virustotal.com/gui/file/707a8f2e9bd5c1edafe780fddf79ee2936438e9b62324bb7d1e1a9d96c16a3a7/detection

http://62.108.35.29

# Reference: https://twitter.com/theDark3d/status/1314618824008892417
# Reference: https://www.virustotal.com/gui/file/4013945c4997c0c02b6d094186dde0ae4fa499bc33afae5bbbc0207f2754fe39/detection

131.153.22.145:443
45.89.127.118:443
45.89.127.119:443
51.77.112.255:443

# Reference: https://app.any.run/tasks/671907b6-e1a2-48cb-ac31-e4657bc78702/
# Reference: https://twitter.com/malware_traffic/status/1314662732684296192

helmut0.dll

# Reference: https://twitter.com/malware_traffic/status/1314664855236947969

104.161.32.111:443
185.117.73.190:447
185.234.72.147:447
185.99.2.210:447
194.5.249.224:447
195.123.240.130:447
37.220.6.101:447
45.148.10.164:447
45.148.120.152:447
45.148.120.154:447
45.89.127.128:447
45.89.127.129:447
51.89.204.242:447
86.104.194.106:447
86.104.194.76:447
88.150.180.33:447

# Reference: https://www.virustotal.com/gui/file/2ae54dde3652a1cceef7ec5fcc8f2fdf5a07833fba685f0c0ee9964c5c2429d4/detection

148.251.185.165:443
185.234.72.35:443
185.99.2.243:443
194.87.110.144:443
195.123.240.104:443
195.123.240.113:443
213.32.84.27:443
45.67.231.68:443
45.89.125.148:443
5.152.210.188:443
5.182.211.223:443
51.89.163.40:443
85.204.116.173:443
89.223.126.186:443
103.36.48.103:449
103.76.169.213:449
117.222.63.145:449
117.252.214.138:449
125.165.20.104:449
177.190.69.162:449
179.127.88.41:449
179.97.246.23:449
181.143.186.42:449
190.99.97.42:449
200.24.67.161:449
36.91.87.227:449
36.94.33.102:449
45.224.213.234:449
45.237.241.97:449

# Reference: https://twitter.com/malware_traffic/status/1318710455678926848

199.38.120.89:449
45.89.127.244:447

# Reference: https://twitter.com/pancak3lullz/status/1319727630933950464

103.76.169.213:449
216.250.248.102:447
5.182.210.106:447
5.182.210.219:447
5efxqhk2zhgnc24l.onion

# Reference: https://labs.sentinelone.com/anchor-project-for-trickbot-adds-icmp/
# Reference: https://www.netscout.com/blog/asert/dropping-anchor
# Reference: https://otx.alienvault.com/pulse/5fa1e69430b6b9d591b9a8ba
# Reference: https://app.any.run/tasks/433d0ef1-1a0d-4dbb-9837-553125c0db42/

ericrause.com
onixcellent.com
westurn.in
wonto.pro

# Reference: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/

104.250.138.194:443
138.201.44.28:443
188.116.23.98:443
193.9.28.24:443
27.208.131.97:443
36.37.176.6:443
37.1.209.51:443
37.109.52.75:443
46.22.211.34:443
5.12.28.0:443
68.179.234.69:443
80.79.114.179:443
84.232.251.0:443
91.219.28.103:443
91.219.28.77:443

# Reference: https://www.fortinet.com/blog/threat-research/deep-analysis-the-eking-variant-of-phobos-ransomware

/campo/v/v

# Reference: https://www.virustotal.com/gui/file/0466b5055d26489dffb46f9d170330591f372785cd2f56a289c1167d83e97e59/detection

http://207.154.235.218
/campo/q/q

# Reference: https://twitter.com/James_inthe_box/status/1325863857328332801
# Reference: https://twitter.com/malware_traffic/status/1325871455201005568
# Reference: https://www.virustotal.com/gui/file/52da51085e5c6d650abf866b1268ccd81d6c0b2c424e12807dc0ac176ac8c929/detection

156.96.128.237:443
185.163.47.157:443
51.81.112.135:443

# Reference: https://tria.ge/201110-tjb64jlajj

195.123.240.40:443
195.123.241.226:443
66.85.183.5:443
94.140.115.99:443

# Reference: https://www.virustotal.com/gui/file/f2b59fd4fb474f8faa420984fb13915375cc8d01e19995ec9c70017194e597be/detection
# Reference: https://www.virustotal.com/gui/file/6eadf009ccf4b75aa14cd8c87b8966e867ef68effd25f9b39b9bef1f99926cff/detection

http://167.86.123.83
http://185.163.47.157
167.86.123.83:443
185.163.47.157:443

# Reference: https://www.virustotal.com/gui/file/d6751c233f5e4abc384fa891f8f34fbd7ac6358c1f55d2546d4dff73e5aab358/detection

http://195.123.241.222
tomkruzback.bazar

# Reference: https://twitter.com/wwp96/status/1329234844438630401

103.131.157.102:449

# Reference: https://twitter.com/James_inthe_box/status/1329451751079079940
# Reference: https://app.any.run/tasks/48289cb3-ef55-4aad-8db0-980fc8b4a0a8/
# Reference: https://www.virustotal.com/gui/file/b3880e41e54550f102ed4ddc0b255d5e8282d2e0522d96b2ed50423673afe288/detection

http://207.154.206.177
/campo/d/d
/campo/o/o

# Reference: https://twitter.com/ffforward/status/1328761489067536384
# Reference: https://tria.ge/201117-8m75mhtc9x/static1
# Reference: https://otx.alienvault.com/pulse/5fb6f498d6c0b4e186658305

http://194.36.191.186
info.businesssec.me

# Reference: https://twitter.com/JAMESWT_MHT/status/1329746592082092035
# Reference: https://app.any.run/tasks/b5a1a482-65de-4ec3-b099-7bc7eb4a2151/

103.131.156.21:449
103.131.157.102:449
103.131.157.161:449
103.156.126.232:449
103.146.232.5:449
46.21.153.247:447

# Reference: https://labs.bitdefender.com/2020/11/trickbot-is-dead-long-live-trickbot/
# Reference: https://otx.alienvault.com/pulse/5fbc07e4072cac8e2f2eff7a
# Reference: https://www.virustotal.com/gui/file/47560bd7409f20782c6948159602e6427cb1a67e93a7f30ca040cce0445325ca/detection
# Reference: https://www.virustotal.com/gui/file/4ee11bd54d2f1dc61467de3f71bb6b9f01bfdd35df8fe586fa556f2383c96b21/detection
# Reference: https://www.virustotal.com/gui/file/77b7bbf78f7a14d808b61a23ea7b29c2bc2e3d8faf62bccf3459182730ea42e3/detection

102.164.206.129:449
103.150.68.124:449
103.52.47.20:449
81.91.234.196:443
morganfreeman.bazar

# Reference: https://twitter.com/h2jazi/status/1331342523462258696
# Reference: https://www.virustotal.com/gui/file/5220f86bf7ae58b02715d1bcafc82736437a4e9a05ab3830857141c172f76a89/detection
# Reference: https://www.virustotal.com/gui/file/846cd2a3e425cfec72b0e490e71026ec8cd3c9ebf3bb15362d8235761074f49e/detection

http://103.131.157.161
http://103.131.156.21
http://102.164.206.129
http://103.146.232.5
http://103.131.157.102
http://103.52.47.20
tophomedesignz.com/sport.dll

# Reference: https://www.virustotal.com/gui/file/34d0f4c650c7e7caa5a4f68de82205ba12852d936a8f4ca50f39d91be3fd9b7b/detection

http://209.97.175.120

# Reference: https://twitter.com/dark0pcodes/status/1334238062126231557

116.90.224.158:449
177.221.108.198:449
187.62.208.234:449
49.156.41.74:449
80.242.220.146:449
89.40.206.116:449
94.45.210.13:443

# Reference: https://www.virustotal.com/gui/file/6ff785f5d5cc583551f5126af1e2984b3cd836eb79b6f83586664729ae281fc6/detection

berlitzalahsa.sa/jdnskjfn

# Reference: https://twitter.com/dark0pcodes/status/1335957656184512514

156.96.47.3:443
177.221.108.198:449
178.134.55.190:449
184.95.51.178:443
192.3.247.125:443
194.5.249.71:443
195.123.242.207:443
41.243.29.182:449
80.242.220.146:449
94.158.245.90:443

# Reference: https://twitter.com/dark0pcodes/status/1337121926205075461

103.65.196.44:449
103.87.25.220:443
103.87.25.220:449
103.98.129.222:449
196.45.140.146:449
41.243.29.182:449

# Reference: https://twitter.com/ffforward/status/1337345314278281219
# Reference: https://app.any.run/tasks/8c58c917-c763-4648-a291-7b632188074c/

186.47.209.222:443
45.141.59.212:443

# Reference: https://twitter.com/dark0pcodes/status/1337372954477387777

170.245.30.121:443
182.253.0.90:449
185.97.135.16:449
186.46.168.43:449
195.238.101.125:449
94.142.179.138:449

# Reference: https://twitter.com/dark0pcodes/status/1338932562966753281

177.91.179.128:443
45.201.209.29:443
45.233.116.8:449
45.233.170.75:443
45.250.65.9:443
45.250.65.9:449
45.4.29.26:443
45.70.14.98:443
94.188.172.236:443

# Reference: https://twitter.com/Artilllerie/status/1339218918091710466
# Reference: https://0paste.com/117103

102.164.208.44:449
102.164.208.48:449
103.110.53.174:449
103.112.145.58:449
103.126.185.7:449
103.137.81.206:449
103.150.68.124:449
103.61.100.131:449
103.61.101.11:449
103.65.195.95:449
103.65.196.44:449
103.87.25.220:443
103.87.25.220:449
103.98.129.222:449
192.3.247.117:447
196.45.140.146:449
41.243.29.182:449
45.12.110.195:447

# Reference: https://twitter.com/makflwana/status/1246718741460770816
# Reference: https://twitter.com/makflwana/status/1246720193981755393

w0rm.in

# Reference: https://blog.cyberint.com/trickbot-malware-as-a-service

5.34.180.168:443
34.116.68.148:12711
41.243.29.182:449
45.12.110.206:443
52.88.83.54:2726
62.116.88.136:11687
80.242.220.146:449
94.158.245.90:443
102.164.208.44:449
102.164.208.48:449
103.110.53.174:449
103.112.145.58:449
103.126.185.7:449
103.137.81.206:449
103.150.68.124:449
103.250.70.163:443
103.61.100.131:449
103.61.101.11:449
103.65.195.95:449
103.65.196.44:449
103.87.25.220:443
103.87.25.220:449
103.98.129.222:449
113.216.22.71:53158
118.69.133.4:443
141.136.0.42:443
146.91.245.192:44966
156.96.47.3:443
167.199.192.121:1702
177.221.108.198:449
178.134.55.190:449
184.95.51.178:443
186.130.221.30:24230
188.225.219.74:15270
189.89.218.190:33446
192.119.171.230:443
192.3.247.125:443
192.3.73.165:443
194.5.249.71:443
195.123.242.202:443
195.123.242.207:443
196.45.140.146:449
201.210.174.234:32166

# Reference: https://www.virustotal.com/gui/ip-address/172.105.126.54/relations

http://172.105.126.54

# Reference: https://twitter.com/malware_traffic/status/1343630789683118081

103.61.101.11:447
131.196.202.122:443
134.255.254.52:443
176.58.123.25:443
23.160.192.125:447

# Reference: https://twitter.com/malware_traffic/status/1344476617192574977

103.14.232.46:443
173.222.63.100:449
187.189.99.216:447
hiperdoscolchoes.com/demoimg.gif

# Reference: https://twitter.com/dark0pcodes/status/1346472484246233093

149.54.11.54:449
178.132.223.36:443
36.89.191.119:449
41.159.31.227:449

# Reference: https://github.com/pan-unit42/tweets/blob/master/2021-01-05-Emotet-and-Trickbot-IOCs.txt

103.220.47.220:447

# Reference: https://twitter.com/dark0pcodes/status/1347535219767832576

107.152.46.188:443
107.172.188.113:443
195.123.241.214:443
198.46.198.116:443
200.52.147.93:443
23.254.224.2:443
5.34.180.180:443
5.34.180.185:443
64.74.160.228:443

# Reference: https://twitter.com/malware_traffic/status/1349100952649953283

222.124.7.150:447
45.230.244.20:443

# Reference: https://www.virustotal.com/gui/file/878e0b2fddd35cfd243442a9e818bf813ab7d75fbcdd7ec1d89577e7485dad97/detection

195.161.114.131:443

# Reference: https://twitter.com/rcwht_/status/1350156081406877698
# Reference: https://app.any.run/tasks/5a251d79-f156-4e93-a6b5-ca66b4608bc4/
# Reference: https://www.virustotal.com/gui/file/7f40d0fe270f72aec76ec5348630f3b354ea4dd010d60edcdd865693824981de/detection

sometestfirstdom.info

# Reference: https://twitter.com/dark0pcodes/status/1351865694405750787

107.191.61.39:443
113.160.129.15:443
139.162.182.54:443
139.162.44.152:443
144.202.106.23:443
158.247.219.186:443
172.105.107.25:443
172.105.190.51:443
83.151.14.13:443
85.204.116.83:443
91.200.100.143:443

# Reference: https://twitter.com/reecdeep/status/1351934161276305413

http://172.104.129.156

# Reference: https://twitter.com/InQuest/status/1354110791197335553

http://172.105.79.146

# Reference: https://twitter.com/dark0pcodes/status/1354446957998178305

216.128.130.16:443
192.46.229.48:443
178.79.138.253:443
172.105.25.190:443
172.105.196.53:443
172.105.190.51:443
172.105.107.25:443
158.247.219.186:443
144.202.106.23:443
139.162.44.152:443
107.191.61.39:443

# Reference: https://www.virustotal.com/gui/file/e487318a3263588f81d496b040c3b9ff93edf19f892d3cee6dfa188be7fab8b9/detection

http://45.234.248.66
45.226.124.226:447
45.234.248.66:449

# Reference: https://www.virustotal.com/gui/file/c898c1b02d424a3f41ffd1ba8c604b2b9098e46f6867ce100b4e8a40f55b5709/detection

117.212.193.62:449
202.21.103.194:449

# Reference: https://www.virustotal.com/gui/file/835405f4a416b475bebe372e8be0b8498b27fb271c2b4f0e0de1c561ee85cbfc/detection

118.67.216.238:449

# Reference: https://www.virustotal.com/gui/file/4fccd66a9ad43406130ec8b69c3240a795da7fe4fd1184346954ef59253557b8/detection

92.242.214.203:449

# Reference: https://www.virustotal.com/gui/file/36128848b18bac4f9c58fe07b232662231c6248ca19e03601a7b6cd0e5a2f84e/detection

103.91.244.102:449

# Reference: https://www.virustotal.com/gui/file/b624ce7d201f109bdbfd7882192e81e25b2e64f426e4c8c87d07117ba3582807/detection

179.191.108.58:449
37.143.150.186:449

# Reference: https://www.virustotal.com/gui/file/14b913ecddad3d672acc57e388e606857c6f586ac205cbca0136555d3d3eab8a/detection

169.239.45.42:449
85.93.159.98:449

# Reference: https://www.virustotal.com/gui/file/40dbf8e35eb8ced6d27a53b0ec082241888a6cf33462d9c08c257d540a32b6b9/detection

201.184.190.59:449

# Reference: https://twitter.com/ffforward/status/1357363005600759812
# Reference: https://bazaar.abuse.ch/sample/fa8a4b51c739735940000aafaf9d3bd9b92963caa52f276f82ad415d6eb188de/
# Reference: https://tria.ge/210204-yl1ee7erg2

149.56.80.31:443
85.159.214.61:443
103.29.185.138:449
79.122.166.236:449

# Reference: https://twitter.com/James_inthe_box/status/1358805039628750850

greyfade.co.tz/terms_files/uptodate.php

# Reference: https://twitter.com/dark0pcodes/status/1359175408470675456
# Reference: https://twitter.com/dark0pcodes/status/1359175969140076544

108.170.20.72:443
134.119.186.200:443
134.119.186.201:443
185.234.72.84:443
188.34.142.248:443
195.123.241.195:443
45.14.226.115:443
45.83.129.224:443
45.89.127.240:443
85.204.116.134:443
94.158.245.54:443

# Reference: https://twitter.com/ale_sp_brazil/status/1360888555350986753

soberlifeco.com/contra/storage.php

# Reference: https://twitter.com/wato_dn/status/1361265356430479365
# Reference: https://tria.ge/210215-jnlne9kk8x

http://139.162.191.228

# Reference: https://malware.news/t/trickbot-tricks-again/44812

165.226.231.80:1273
168.140.17.62:39938
171.138.104.153:58232
194.255.156.239:25317
96.139.163.83:10616

# Reference: https://twitter.com/reecdeep/status/1362082254558756865

destinostumundo.com/layout/recruter.php

# Reference: https://twitter.com/p5yb34m/status/1362837301055819777
# Reference: https://tria.ge/210219-61w8cm88fn

108.170.20.75:443
134.119.186.202:443
142.202.191.164:443
182.253.107.34:443
185.163.45.138:443
186.137.85.76:443
186.250.157.116:443
193.8.194.96:443
194.5.249.156:443
200.52.147.93:443
36.94.62.207:443
45.155.173.242:443
45.230.244.20:443
94.140.114.136:443
chipmania.it/mails/open.php

# Reference: https://twitter.com/p5yb34m/status/1364990417029111809

103.130.6.244:449
103.225.138.94:449
122.2.28.70:449
123.200.26.246:449
131.255.106.152:449
142.112.79.223:449
154.126.176.30:449
177.85.133.118:449
180.92.238.186:449
187.20.217.129:449
192.162.238.186:449
201.20.118.122:449
202.91.41.138:449
41.77.134.250:449
95.210.118.90:449
sundancemotelwy.com
/dummy/counters.strike

# Reference: https://twitter.com/FewAtoms/status/1365682998121811971

http://195.123.220.220

# Reference: https://twitter.com/wato_dn/status/1365489611091238916

http://195.123.220.249

# Reference: https://twitter.com/p5yb34m/status/1366456267254886402
# Reference: https://tria.ge/210301-37nldw7616/behavioral1

102.164.211.138:449
103.119.117.42:443
103.146.2.152:449
103.73.101.98:449
103.76.20.226:443
103.84.164.87:443
111.235.66.83:443
154.79.252.132:449
167.179.194.205:443
168.232.188.88:449
173.81.4.147:449
177.47.88.62:443
178.54.230.164:443
179.60.243.52:443
182.48.66.106:443
186.195.199.238:449
187.19.200.154:449
190.152.71.230:443
200.6.169.124:443
202.142.151.190:449
221.176.88.201:449
36.92.93.5:449
36.94.202.131:443
37.235.230.123:449
80.78.75.246:443
80.78.77.116:449
beachtreepestcontrol.com/viewer/app.counter

# Reference: https://twitter.com/K_N1kolenko/status/1366623099836379139

beachtreepestcontrol.com/viewer/counter.php

# Reference: https://twitter.com/K_N1kolenko/status/1366680439822368770

ptpmeccatronica.eu/sorman/123.php

# Reference: https://urlhaus.abuse.ch/host/195.123.219.21/

http://195.123.219.21

# Reference: https://twitter.com/p5yb34m/status/1366803980941074432

187.190.116.59:443
metalin-cr.com/appdata/datafile.php

# Reference: https://twitter.com/James_inthe_box/status/1368972637725097985
# Reference: https://www.virustotal.com/gui/file/68eb43b8e87657e66f8b25400926f55498bfde185252ee24eb068928d698e90d/detection

103.146.185.107:447
103.239.165.24:447
117.210.210.179:447
181.191.67.186:447

# Reference: https://twitter.com/pmmkowalczyk/status/1370088158776455171

quanticemotions.com/sitemaps/maps.php
quanticemotions.com/sitemaps/solution.iops

# Reference: https://otx.alienvault.com/pulse/6048b5f9d61853672118e00f

nirvanaeyehospital.com
pureaqua.pk
simplithy.co.uk
sklep.omax.pl

# Reference: https://twitter.com/p5yb34m/status/1371534955419865091

g1ba4tt4ngq5nl7w.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1372088639748988929

bfdnews.xyz

# Reference: https://twitter.com/p5yb34m/status/1372967220184186882

itelsys.ma/prod/education.php

# Reference: https://tria.ge/210319-tcpzt1jape

104.4.84.130:443
108.161.11.44:443
137.27.148.14:443
156.19.152.218:443
184.188.210.34:449
24.227.152.42:443
47.37.90.57:443
47.51.21.82:443
50.197.243.125:443
50.75.131.6:443
50.84.233.214:443
65.158.28.70:443
67.212.241.178:443
67.48.50.58:443
67.48.54.37:443
68.201.55.46:443
70.118.50.62:443
70.119.149.64:443
71.40.62.107:443
71.42.188.85:443
71.66.92.190:443
72.128.158.51:443
72.131.216.28:443
73.103.36.158:443
73.6.0.166:449
75.118.158.174:443
96.88.45.25:443
98.6.49.38:443

# Reference: https://www.virustotal.com/gui/file/d021f3c83a2fb22da832e301962d63c695194907ab415d0b978858699e22952a/detection

gainme.xyz

# Reference: https://twitter.com/malware_traffic/status/1375237822941134850
# Reference: https://app.any.run/tasks/13af58ee-8b4d-4343-b3ba-fff8dc994fc2/

whynt.xyz

# Reference: https://twitter.com/FewAtoms/status/1373307603267239946

call2.xyz

# Reference: https://twitter.com/James_inthe_box/status/1374753801769394178
# Reference: https://www.virustotal.com/gui/file/c777a87756b14abbe4745957c7705a76c7a944419447dd7e7a6e34a44ab25f34/detection

103.102.220.50:443
truemerit.io/databases/merit.php

# Reference: https://twitter.com/pmmkowalczyk/status/1374323909626109957

ballpro.xyz

# Reference: https://www.virustotal.com/gui/ip-address/176.111.174.53/relations

anetapp.xyz
fate3.xyz
gopigs.xyz
pwrpro.xyz
ship4.xyz

# Reference: https://twitter.com/p5yb34m/status/1375161717064302594

shatteredglass.io/uo/date.php

# Reference: https://twitter.com/tosscoinwitcher/status/1376596291413635073
# Reference: https://www.virustotal.com/gui/file/aa40f9dd1212993f79cc23111de3a8dd5e529dd1a8ca5dceaa30fba53f6f96b4/detection

mineiro.ch/casrtnoar/count.php

# Reference: https://twitter.com/luc4m/status/1376627849705222146

103.155.239.1:443
103.242.104.43:443
115.127.160.171:443
123.231.149.122:443
131.72.153.199:443
167.179.194.205:443
181.176.221.243:443
186.46.28.202:443
27.110.228.186:443
45.127.222.7:443

# Reference: https://tria.ge/210329-x7skaky76e

137.27.167.58:443
162.155.10.150:443
162.155.225.130:443
162.155.69.74:443
173.198.151.86:443
173.219.76.169:443
174.105.233.82:443
174.105.236.140:443
216.186.128.26:443
24.153.175.236:443
24.182.101.64:449
47.190.2.12:443
47.51.219.98:443
50.208.68.153:443
67.212.241.127:443
67.79.117.70:443
70.119.220.241:443
70.125.241.196:443
70.235.74.189:443
71.15.77.155:443
72.164.254.204:443
72.180.57.176:443
75.87.15.158:443
96.68.79.18:443
98.6.253.142:443
99.147.197.147:443

# Reference: https://tria.ge/210407-qcf37tycg6

102.68.17.97:443
103.76.150.14:443
103.9.188.23:449
109.185.139.90:449
138.185.72.142:443
148.216.32.55:443
173.81.4.147:443
182.253.184.130:449
185.205.250.162:443
190.122.168.219:443
196.41.57.46:449
200.90.11.177:449
202.166.211.197:443
31.134.124.90:443
31.211.85.110:443
41.77.134.250:443
5.59.205.32:443
62.213.14.166:443
77.95.93.132:449
78.138.187.231:443
81.95.45.234:449
84.21.206.164:449
85.112.74.178:449
87.116.151.237:449
87.76.1.81:449
89.250.208.42:449
91.185.236.170:449
91.225.231.120:443
96.9.77.142:443

# Reference: https://intel471.com/blog/ettersilent-maldoc-builder-macro-trickbot-qbot/
# Reference: https://otx.alienvault.com/pulse/606f2e77342bd3d1fa7e8d34

costacars.es/ico/ortodox.php

# Reference: https://twitter.com/reecdeep/status/1381914284544917512

living-traditions.com/blogs/click.php

# Reference: https://twitter.com/jh__1995/status/1382641572152537097
# Reference: https://tria.ge/210415-rbfwnlhcz6/behavioral1
# Reference: https://www.virustotal.com/gui/ip-address/176.111.174.62/relations

glass3.xyz
hall4.xyz

# Reference: https://fr3d.hk/blog/campo-loader-simple-but-effective
# Reference: https://otx.alienvault.com/pulse/6079aceeacc38ce480df8869

about2.xyz
ballpro.xyz
beauty1.xyz
board3.xyz
call2.xyz
fate3.xyz
gainme.xyz
gopigs.xyz
hellomydad.xyz
nightsalmon.xyz
pickthismotel.xyz
pipkaboss.xyz
pwrpro.xyz
ship4.xyz
sported.xyz
steeltits.xyz
superstartart.xyz
veso2.xyz

# Reference: https://twitter.com/teamcymru_S2/status/1386758544800763905

103.102.220.50:443
177.84.63.252:443
185.119.120.213:443
36.95.27.243:443
83.220.115.230:443

# Reference: https://twitter.com/z0ul_/status/1387112303611498496
# Reference: https://www.virustotal.com/gui/file/39d99432698540f5ea6b8acf77b2323e2cde143638694bbd726e161924885059/detection

lie3.xyz

# Reference: https://twitter.com/James_inthe_box/status/1389569228626268165

deluciaspizza.com/netmouser.dll

# Reference: https://tria.ge/210504-dkv3rmt786

102.176.221.78:443
103.111.199.76:443
103.124.173.35:443
103.54.41.193:443
103.66.72.217:443
103.90.197.33:443
109.207.165.40:443
115.73.211.230:443
117.252.68.211:443
117.54.250.246:443
131.0.112.122:443
139.255.116.42:443
154.79.244.182:443
154.79.245.158:443
154.79.251.172:443
158.181.179.229:443
178.134.47.166:443
178.254.161.250:443
178.72.192.20:443
181.176.161.143:443

# Reference: https://twitter.com/executemalware/status/1390331263043739648
# Reference: https://pastebin.com/PLCTxpAT

36.95.27.243:443
5.202.120.150:443

# Reference: https://twitter.com/malware_traffic/status/1390373738084982786

bomovie.net
bravomovies.net
out2.xyz

# Reference: https://twitter.com/MBThreatIntel/status/1392950776792698885

mastercarebath.com/wp-netmon.dll

# Reference: https://www.virustotal.com/gui/file/0f2ab41f9ce221dc8fb3778416f80f059e86578f030b2b8d8dd5bdcaae501335/detection

http://134.119.186.200
http://169.239.45.42
http://202.21.103.194
http://45.89.127.240
http://194.5.249.93
194.5.249.93:447

# Reference: https://www.virustotal.com/gui/file/2178a85feb486f06e18997447b61a874a0e804716a71d37a1ffd0664afc8d50a/detection

http://202.136.89.226
http://212.3.104.50
http://41.41.179.239
202.136.89.226:449
212.3.104.50:449
41.41.179.239:449

# Reference: https://www.virustotal.com/gui/file/2de994f3d961293aa64516c7be274bf1fbee8de16da9ff12c0f8072610511428/detection

http://202.169.244.252
http://203.176.135.38
http://43.242.141.59
http://43.245.216.190
http://43.255.113.180
202.169.244.252:449
203.176.135.38:449
43.242.141.59:449
43.245.216.190:449
43.255.113.180:449

# Reference: https://www.virustotal.com/gui/file/5b428809c1d2cb63b2b3129aad700cfdb1a36e383b071d7ceb0b72d02e3a4e3a/detection

http://43.239.152.240
http://45.230.8.34
43.239.152.240:449
45.230.8.34:449

# Reference: https://www.virustotal.com/gui/file/a33cf50b4423a277ca2b9d651f7077a5354a32b2de26a3150a7bc630ddc23429/detection

http://41.203.215.122
41.203.215.122:449

# Reference: https://www.virustotal.com/gui/file/c98b7b275bf404b2e20641f7802e686e8a64b7aa72e1ec0152cf03667daea2be/detection

49.156.41.74:449

# Reference: https://tria.ge/210519-lqhwwwz81n/

181.176.174.139:443
181.176.221.151:443
182.16.165.38:443
185.138.78.73:443
185.242.88.63:443
185.242.89.198:443
186.32.3.108:443
186.46.168.46:443
188.137.76.235:443
188.254.102.79:443
190.255.36.100:443
190.96.84.250:443
200.170.149.209:443
200.58.84.94:443
203.80.171.162:443
203.80.171.189:443
206.192.254.100:443
31.129.228.122:443
36.71.150.118:443
36.91.98.231:443
36.95.4.29:443
41.189.214.11:443
43.225.148.118:443
45.182.190.142:443
45.234.248.146:443
45.7.56.172:443

# Reference: https://twitter.com/malware_traffic/status/1395158205811068930

tear2.xyz

# Reference: https://twitter.com/z0ul_/status/1398351080300453892
# Reference: https://twitter.com/z0ul_/status/1398352022664003588
# Reference: https://www.virustotal.com/gui/file/896af1d48a0952bf86c19d6b97240a018308f33133015af47f32e04d9bb4bd85/detection

141.136.0.93:443
213.59.119.42:443

# Reference: https://twitter.com/jaimeblascob/status/1400190815180410880
# Reference: https://otx.alienvault.com/indicator/file/fd05481da74a6d89ac3c60db954e8f02a85711f9abaf12ede2d4e54eaf06a032

144.48.139.206:443
197.254.14.238:443
download3.xyz
download4.xyz

# Reference: https://twitter.com/InQuest/status/1400880724748779524
# Reference: https://www.virustotal.com/gui/file/94e0fb454ceac3661246c926658b44aa56167d0f988dd3c4c4bd3c8143f9af26/detection

download4.club

# Reference: https://www.virustotal.com/gui/file/8c206ff3cf89ee0ddf05f2608ef0535b7a2c17710e6ccec34ec6439d417dab69/detection

http://103.126.185.7
66.70.246.0:443

# Reference: https://twitter.com/MBThreatIntel/status/1402649681990238208
# Reference: https://www.virustotal.com/gui/file/869aceb1e0c477626683939d3fc8a670194eaa9695f8cf2048f077a70430ad2b/detection

downl0ads9.club
microsotf.club

# Reference: https://twitter.com/reecdeep/status/1403256216613232641
# Reference: https://app.any.run/tasks/d89b9654-57ab-448e-9e8c-b0a21017c2bc/
# Reference: https://tria.ge/210611-pwt1byfxkj

http://185.180.199.125
103.101.104.229:443
103.12.160.164:443
103.124.145.98:443
103.242.104.68:443
114.7.240.222:443
116.0.6.110:443
123.231.149.122:443
123.231.149.123:443
131.0.112.122:443
146.196.121.219:443
177.221.39.161:443
178.72.192.20:443
180.178.106.50:443
182.160.116.190:443
45.5.152.39:443
46.209.140.220:443
85.175.171.246:443
85.248.1.126:443
88.150.240.129:443
89.37.1.2:443
94.142.179.179:443
94.142.179.77:443
94.183.237.101:443

# Reference: https://tria.ge/210628-61ybdfys16

103.122.228.44:443
105.30.26.50:443
113.160.132.237:443
118.173.233.64:443
119.202.8.249:443
14.232.161.45:443
143.0.208.20:443
177.10.90.29:443
178.216.28.59:443
181.114.215.239:443
185.17.105.236:443
185.189.55.207:443
186.225.119.170:443
196.216.59.174:443
200.236.218.62:443
202.165.47.106:443
220.82.64.198:443
222.124.16.74:443
41.57.156.203:443
45.201.136.3:443
45.239.233.131:443
45.239.234.2:443
49.248.217.170:443
82.159.149.37:443
91.237.161.87:443

# Reference: https://twitter.com/malware_traffic/status/1410347443053604864
# Reference: https://www.virustotal.com/gui/file/5d3825ec62b0f2f30deace7e1ae3a9dc22e00fb9879e76cc63499ba94bb182f2/detection
# Reference: https://www.virustotal.com/gui/file/3cda97c2bd92917db2be92fbb5a120004f6131cbcdc61611ca514a0b679022c9/detection

14.241.244.60:443
144.48.138.213:443
144.48.139.206:443
172.104.241.29:443
172.105.15.152:443
177.67.137.111:443
181.129.116.58:443
181.129.242.202:443
181.167.217.53:443
185.189.55.207:443
185.9.187.10:443
186.225.63.18:443
186.66.15.10:443
186.97.172.178:443
187.19.167.233:443
189.206.78.155:443
190.110.179.139:443
196.41.57.46:443
196.43.106.38:443
197.254.14.238:443
202.131.227.229:443
202.138.242.7:443
202.166.196.111:443
212.200.25.118:443
27.72.107.215:443
36.94.100.202:443
36.94.27.124:443
37.228.70.134:443
41.77.134.250:443
43.245.216.116:443
45.229.71.211:443

# Reference: https://github.com/pan-unit42/tweets/blob/master/2021-06-28-TA551-IOCs-for-Trickbot.txt

12.23.113.82:443
12.23.113.83:443
12.23.113.84:443
12.23.113.85:443
12.23.113.86:443
12.23.113.87:443
12.23.113.88:443
12.23.113.89:443
12.23.113.90:443
12.23.113.91:443
12.23.113.92:443
190.109.204.126:443
45.239.234.2:443

# Reference: https://twitter.com/malware_traffic/status/1410712988135342090

45.201.136.3:443

# Reference: https://blog.talosintelligence.com/2021/07/threat-roundup-0625-0702.html (# Win.Packed.Trickbot-9874595-0)

load3rd.casa

# Reference: https://twitter.com/Artilllerie/status/1414881551670816771
# Reference: https://www.virustotal.com/gui/file/3d819dc74e27223af4fc6af86da14d3fec795eeb6ec45d8ff15afba91b90ba75/detection

http://107.175.94.164
http://46.8.19.179

# Reference: https://twitter.com/malware_traffic/status/1415056834566758408

12.23.113.88:443
185.162.1.250:443
85.187.252.141:443

# Reference: https://www.virustotal.com/gui/file/6dba263acd0c1adf448036202c6a8a85fe4e50649bae213c620550e39005fefb/detection

103.164.180.66:447
186.225.119.170:443
5.34.74.210:443
70.117.40.230:443

# Reference: https://www.virustotal.com/gui/file/8795c57292ac5616f2d5ebc0356043f600f3e60e677f51ea444302d94e914f5e/detection

http://23.160.192.83
174.47.92.130:443
71.78.156.115:443

# Reference: https://tria.ge/210716-af4vh1kecx

103.122.228.44:443
105.30.26.50:443
113.160.132.237:443
118.173.233.64:443
119.202.8.249:443
14.232.161.45:443
143.0.208.20:443
177.10.90.29:443
178.216.28.59:443
181.114.215.239:443
185.17.105.236:443
185.189.55.207:443
186.225.119.170:443
196.216.59.174:443
200.236.218.62:443
202.165.47.106:443
220.82.64.198:443
222.124.16.74:443
41.57.156.203:443
45.201.136.3:443
45.239.233.131:443
45.239.234.2:443
49.248.217.170:443
82.159.149.37:443
91.237.161.87:443

# Reference: https://twitter.com/MBThreatIntel/status/1416060110074531848

http://162.248.225.95
http://185.255.130.247

# Reference: https://twitter.com/MBThreatIntel/status/1414739767888162817

http://107.175.94.164
138.34.28.219:443
185.56.76.28:443
185.56.76.94:443
204.138.26.60:443
217.115.240.248:443
24.162.214.166:443
38.110.103.124:443
38.110.103.136:443
38.110.103.18:443
60.51.47.65:443
68.69.26.182:443
74.85.157.139:443

# Reference: https://blog.reversinglabs.com/blog/data-exfiltrator
# Reference: https://www.virustotal.com/gui/ip-address/51.81.153.212/relations
# Reference: https://otx.alienvault.com/pulse/60f1357c15569fb2a28d6d8d

http://51.161.82.135
http://51.77.110.6
pablotech.info
figures.pablotech.info
files.pablotech.info
reports.pablotech.info
saves.pablotech.info

# Reference: https://twitter.com/ps66uk/status/1418617297162354695
# Reference: https://www.virustotal.com/gui/file/1e6a26062bbb9fb04dfd48aada29254b8c4e4c4d657b977f4f496e3e2c26ab84/detection

http://45.89.127.230

# Reference: https://twitter.com/malware_traffic/status/1418637192977686533

178.132.7.117:443
45.140.147.34:443
45.86.74.32:443

# Reference: https://twitter.com/InQuest/status/1417910778028507136

http://151.236.30.123

# Reference: https://twitter.com/malware_traffic/status/1420065232462954506

http://194.156.224.198
178.132.7.117:443
192.119.110.250:443

# Reference: https://github.com/pan-unit42/tweets/blob/master/2021-07-26-Trickbot-gtag-rob112.txt
# Reference: https://otx.alienvault.com/pulse/610133f9dfdb29871ece3fd3

190.144.10.242:443
192.185.150.20:443
194.135.33.220:443
213.244.146.19:443
38.110.100.33:443
38.110.103.124:443
38.110.103.136:443
38.110.103.18:443
38.110.103.19:443
80.15.2.105:443
94.140.114.239:443
netvalleykenya.com

# Reference: https://twitter.com/James_inthe_box/status/1420418893403746310

smart-integrator.hr/pornhub.php

# Reference: https://bazaar.abuse.ch/sample/cd774e6a643ce65364e57bdd6e4eea43c08ad5ac157d43d9c232e7bbdce81dd4/

103.105.254.17:443
138.34.28.219:443
138.34.28.35:443
154.58.23.192:443
184.74.99.214:443
185.13.79.3:443
185.56.76.108:443
185.56.76.28:443
185.56.76.72:443
185.56.76.94:443
204.138.26.60:443
217.115.240.248:443
24.162.214.166:443
38.110.100.104:443
38.110.100.142:443
38.110.100.242:443
38.110.100.33:443
38.110.103.113:443
38.110.103.124:443
38.110.103.136:443
38.110.103.18:443
45.36.99.184:443
60.51.47.65:443
62.99.76.213:443
68.69.26.182:443
74.85.157.139:443
80.15.2.105:443
82.159.149.52:443
97.83.40.67:443

# Reference: https://twitter.com/luc4m/status/1421065370526490627
# Reference: https://ghostbin.com/paste/tnhnk

181.129.162.131:443
185.227.170.13:443
38.110.100.16:443
45.230.176.157:443
46.99.175.185:443
5.181.83.64:443
63.147.234.198:443
82.130.201.18:443
99.251.76.88:443

# Reference: https://twitter.com/360CoreSec/status/1421072455901204480
# Reference: https://www.virustotal.com/gui/domain/vupipess.com/relations
# Reference: https://www.virustotal.com/gui/file/1ade9962b8cc5b8da193f91f3672ce1dc6bf9fee7cd979766861c451f04a9c3e/detection

vupipess.com

# Reference: https://www.virustotal.com/gui/file/6ddf271879d687a097f920b09c6b23caf198a12529df0d8b9ae50b92cd6f5192/detection

179.43.147.225:443
195.133.196.217:443
195.133.197.229:443
212.109.196.28:443
212.109.196.93:443
37.230.115.201:443
37.46.131.76:443
37.46.131.94:443
46.21.249.18:443
62.109.27.157:443
77.244.214.114:443
77.244.215.158:443
82.202.236.229:443
92.53.66.210:443
94.127.111.14:449
94.250.248.166:443
94.250.252.22:443
95.213.237.231:443

# Reference: https://www.virustotal.com/gui/file/be98cf40b1ba5dafde4834ba50fb1dc697e456b9f93cb437842f5177160c9fad/detection

103.101.104.229:443
103.12.160.164:443
103.124.145.98:443
103.242.104.68:443
114.7.240.222:443
116.0.6.110:443
123.231.149.122:443
123.231.149.123:443
131.0.112.122:443
146.196.121.219:443
177.221.39.161:443
178.72.192.20:443
180.178.106.50:443
181.196.16.58:447
182.160.116.190:443
45.5.152.39:443
46.209.140.220:443
85.175.171.246:443
85.248.1.126:443
88.150.240.129:443
89.37.1.2:443
94.142.179.179:443
94.142.179.77:443
94.183.237.101:443

# Reference: https://bazaar.abuse.ch/sample/5c3106248f206daef2fe467eb407f898d04b3fa5e69ce8ffb13d5d5726dd8e38

103.105.254.17:443
128.201.76.252:443
179.189.229.254:443
181.129.167.82:443
184.74.99.214:443
185.56.175.122:443
216.166.148.187:443
24.162.214.166:443
45.36.99.184:443
46.99.175.149:443
46.99.175.217:443
46.99.188.223:443
60.51.47.65:443
62.99.76.213:443
62.99.79.77:443
65.152.201.203:443
82.159.149.52:443
97.83.40.67:443

# Reference: https://blog.group-ib.com/prometheus-tds

http://139.162.190.91
http://172.104.151.55
http://195.123.220.220
http://195.123.222.26
http://85.90.247.25

# Reference: https://twitter.com/1ZRR4H/status/1460440775775375361

14.102.188.227:443
24.28.12.23:443
27.131.54.3:443
31.14.40.207:443
36.37.99.242:443
36.37.225.100:443
36.89.105.119:443
36.89.228.201:443
36.91.36.29:443
36.91.117.231:443
36.95.110.19:443
36.95.141.29:443
41.57.156.203:443
43.242.242.145:443
45.11.183.152:443
45.116.106.45:443
45.121.237.196:443
45.248.41.211:443
49.248.217.170:443
58.97.72.83:443
58.97.192.6:443
59.93.105.113:443
59.152.104.174:443
60.246.197.7:443
65.155.32.251:443
71.78.110.58:443
78.130.246.39:443
82.165.49.187:443
87.106.77.55:443
96.9.77.56:443
103.36.126.221:443
103.61.100.10:443
103.94.0.178:443
103.127.67.38:443
109.125.139.206:443
110.172.137.20:443
113.160.37.196:443
113.163.222.218:443
116.206.153.212:443
116.212.142.22:443
116.212.152.201:443
117.196.236.164:443
117.220.229.162:443
118.179.191.66:443
122.50.6.122:443
122.117.90.133:443
136.228.128.21:443
136.228.128.81:443
136.228.131.236:443
139.255.65.170:443
139.255.199.196:443
144.48.139.206:443
151.106.48.226:443
154.79.244.182:443
154.79.251.172:443
175.143.63.49:443
176.100.4.31:443
177.67.137.111:443
178.134.47.166:443
185.9.187.10:443
186.97.172.178:443
186.225.119.170:443
187.19.167.233:443
190.93.208.53:443
194.190.18.122:443
196.216.59.174:443
200.236.218.62:443
202.65.119.162:443
202.165.47.106:443
202.166.198.18:443
203.176.138.102:443
209.33.231.203:443
222.124.16.74:443
104.23.99.190:443
14.102.188.227:449
24.28.12.23:449
27.131.54.3:449
31.14.40.207:449
36.37.99.242:449
36.37.225.100:449
36.89.105.119:449
36.89.228.201:449
36.91.36.29:449
36.91.117.231:449
36.95.110.19:449
36.95.141.29:449
41.57.156.203:449
43.242.242.145:449
45.11.183.152:449
45.116.106.45:449
45.121.237.196:449
45.248.41.211:449
49.248.217.170:449
58.97.72.83:449
58.97.192.6:449
59.93.105.113:449
59.152.104.174:449
60.246.197.7:449
65.155.32.251:449
71.78.110.58:449
78.130.246.39:449
82.165.49.187:449
87.106.77.55:449
96.9.77.56:449
103.36.126.221:449
103.61.100.10:449
103.94.0.178:449
103.127.67.38:449
109.125.139.206:449
110.172.137.20:449
113.160.37.196:449
113.163.222.218:449
116.206.153.212:449
116.212.142.22:449
116.212.152.201:449
117.196.236.164:449
117.220.229.162:449
118.179.191.66:449
122.50.6.122:449
122.117.90.133:449
136.228.128.21:449
136.228.128.81:449
136.228.131.236:449
139.255.65.170:449
139.255.199.196:449
144.48.139.206:449
151.106.48.226:449
154.79.244.182:449
154.79.251.172:449
175.143.63.49:449
176.100.4.31:449
177.67.137.111:449
178.134.47.166:449
185.9.187.10:449
186.97.172.178:449
186.225.119.170:449
187.19.167.233:449
190.93.208.53:449
194.190.18.122:449
196.216.59.174:449
200.236.218.62:449
202.65.119.162:449
202.165.47.106:449
202.166.198.18:449
203.176.138.102:449
209.33.231.203:449
222.124.16.74:449
104.23.99.190:449

# Reference: https://www.virustotal.com/gui/ip-address/185.130.104.170/relations
# Reference: https://www.virustotal.com/gui/ip-address/93.117.137.164/relations
# Reference: https://www.virustotal.com/gui/file/1c894c15baeab8bb05d540c1d96d14050286de6845b8c11212e289a3d87a1c5f

netsecuressl.com
safenetssl.com
securesslservice.com
securesslweb.com
sslnetsecurity.com

# Reference: https://www.virustotal.com/gui/file/9099966731b06e1c90806e9e32160f304e335dc81541e6f52897685f8c83a189/detection

hideme.cyou

# Reference: https://otx.alienvault.com/pulse/61b09f6f319fc999e2486bda
# Reference: https://www.virustotal.com/gui/file/bea79aafd31532a2aac8839e612afa886348691228ea00e076b0cdb6b0a2851e/detection
# Reference: https://www.virustotal.com/gui/file/45ee419cfb7603671926e8eb0d27d8a70690b6e217d804e066fce337676962b9/detection
# Reference: https://www.virustotal.com/gui/file/22d54b3f0a52b102064c4346cff8f27810730829aa349fe4647c0b20fce38a60/detection

http://209.197.3.8
101.108.92.111:449
103.69.216.86:449
128.201.174.107:449
131.161.253.190:449
144.91.79.12:443
144.91.79.9:443
146.185.219.29:443
170.233.120.53:449
170.82.156.53:449
172.245.97.148:443
177.103.240.149:449
178.183.150.169:449
181.10.207.234:449
181.112.52.26:449
181.49.61.237:449
185.222.202.192:443
185.222.202.76:443
185.62.188.117:443
185.68.93.43:443
186.42.98.254:449
186.71.150.23:449
187.58.56.26:449
190.111.255.219:449
190.13.160.19:449
190.152.125.22:449
190.152.4.98:449
190.154.203.218:449
195.123.238.191:443
195.123.245.127:443
195.133.196.151:443
195.93.223.100:449
200.116.199.10:449
200.127.121.99:449
200.21.51.38:449
201.187.105.123:449
201.210.120.239:449
23.227.206.170:443
31.128.13.45:449
31.214.138.207:449
36.89.85.103:449
45.235.213.126:449
46.174.235.36:449
81.190.160.139:449
85.204.116.139:443
89.228.243.148:449
91.235.129.60:443

# Reference: https://twitter.com/pr0xylife/status/1468945134926675968
# Reference: https://twitter.com/pr0xylife/status/1468945878111113219
# Reference: https://pastebin.com/VXXnciZF

103.108.97.51:443
103.36.79.3:443
181.129.85.98:443
181.196.148.202:443
186.121.214.106:443
186.159.12.18:443
186.159.5.177:443
186.42.212.30:443
186.47.75.58:443
187.108.32.133:443
189.112.119.205:443
189.51.118.78:443
190.109.169.161:443
190.109.171.17:443
190.214.21.14:443
201.184.226.74:443
213.32.252.221:443
41.175.22.226:443
49.176.188.184:443
61.69.102.170:443
89.46.216.2:443
95.140.217.242:443

# Reference: https://app.any.run/tasks/2481368e-2c5e-4bc2-bb21-04cc2a9e2322

http://185.183.98.15
http://192.99.255.33
http://91.92.109.142

# Reference: https://twitter.com/h2jazi/status/1474100103640145920
# Reference: https://www.virustotal.com/gui/file/05f87369f99f8c94f96d54a866723feb06dd721c478213f2dae2e9f4a1a14e3c/detection

rredgh.org

# Reference: https://www.virustotal.com/gui/file/7e1ec66c6694278955eaa16bff2289188e6a89d77e56e50a6e024e9e49f17532/detection

186.159.16.58:443

# Reference: https://www.virustotal.com/gui/file/f89b8bef40cabc2ec52d712e6fecc700ad499e1727a7291107acba1577741a64/detection
# Reference: https://www.virustotal.com/gui/file/ecceb5fde73d0aef76142ccca308c4152232c99ce20577a10cbd0df0bcbc0628/detection
# Reference: https://www.virustotal.com/gui/file/6d0611f1c64dbc280163308eb1881240285bf21cd8d46fdf7b815bf8d801b84b/detection
# Reference: https://www.virustotal.com/gui/file/d656e27134fb5393417eef523a6df0c13402a2b3e4c57fa80eb0413f18a1c877/detection

103.105.254.17:443
103.75.32.173:443
128.201.76.252:443
179.189.229.254:443
181.129.167.82:443
184.74.99.214:443
185.56.175.122:443
202.152.56.10:443
216.166.148.187:443
24.162.214.166:443
45.36.99.184:443
46.99.175.149:443
46.99.175.217:443
46.99.188.223:443
60.51.47.65:443
62.99.76.213:443
62.99.79.77:443
65.152.201.203:443
82.159.149.52:443
97.83.40.67:443

# Reference: https://www.virustotal.com/gui/file/20c2008f4066cf4fc83f89f74395c9db7145a07f35849c8e74fef0273ca11f3a/detection

1.69.102.170:443
103.108.97.51:443
103.36.79.3:443
103.59.105.226:443
116.203.16.95:443
181.129.85.98:443
181.196.148.202:443
186.121.214.106:443
186.159.12.18:443
186.159.5.177:443
186.42.212.30:443
186.47.75.58:443
187.108.32.133:443
189.112.119.205:443
189.51.118.78:443
190.109.169.161:443
190.109.171.17:443
190.214.21.14:443
201.184.226.74:443
213.32.252.221:443
23.40.197.137:443
41.175.22.226:443
49.176.188.184:443
61.69.102.170:443
89.46.216.2:443
95.140.217.242:443

# Reference: https://twitter.com/pr0xylife/status/1439981580529897475

zoomdetails.members-only.online

# Reference: https://www.virustotal.com/gui/file/d6ea7be1af5051cb787386136a95b27cebaa48f162fc19a375f272aeb7ac9211/detection

43.252.158.104:443

# Reference: https://www.virustotal.com/gui/file/ca683ee1a7be442cb08b6527e4627e5f6e526ac301c9f65ea967842ed01de9bc/detection

109.234.35.249:443

# Reference: https://www.virustotal.com/gui/file/ff882b8ffeb7c1290401189a5e4d1bd095f0318640409e7e0708544798e8bbf7/detection

92.38.135.212:443

# Reference: https://twitter.com/seguridadyredes/status/1532598538344996865

185.164.32.135:447

# Reference: https://twitter.com/TrackerC2Bot/status/1601013628366454789

103.110.91.118:449
103.210.30.201:443
107.173.102.231:443
107.175.127.147:443
107.175.87.142:443
108.174.60.161:443
109.234.37.227:443
109.234.38.220:443
118.200.151.113:443
118.97.119.218:449
128.201.92.41:449
137.74.151.18:443
144.121.143.129:449
154.16.137.73:443
158.69.177.176:443
170.81.32.66:449
174.105.233.82:449
174.105.235.178:449
178.116.83.49:443
178.78.202.189:443
181.113.17.230:449
181.196.24.6:443
185.129.193.221:443
185.129.78.167:443
185.14.31.72:443
185.251.38.135:443
185.251.38.147:443
185.251.38.187:443
185.80.148.162:443
185.99.2.202:443
187.190.249.230:443
195.161.41.93:443
195.54.32.12:443
197.232.50.85:443
197.232.50.85:449
198.100.157.163:443
200.46.121.130:443
207.140.14.141:443
209.121.142.202:449
209.121.142.214:449
212.80.217.243:443
213.183.63.16:443
213.183.63.245:443
213.32.122.246:443
23.94.41.215:443
24.113.161.184:449
24.247.182.159:449
42.115.91.177:443
5.102.177.205:449
5.104.41.188:443
5.182.210.120:443
51.68.170.58:443
51.68.184.101:443
54.37.134.207:443
65.30.201.40:443
66.60.121.58:449
67.49.38.139:443
68.109.83.22:443
68.4.173.10:443
68.45.243.125:449
73.67.78.5:449
76.181.182.166:449
77.89.86.93:443
82.222.40.119:449
86.125.39.173:443
89.117.107.13:443
91.235.128.69:443
92.38.135.168:443
92.53.77.105:443
94.103.80.56:443

# Reference: https://twitter.com/TrackerC2Bot/status/1601642919089373186

107.144.49.162:449
109.95.114.28:449
118.91.178.106:449
144.48.51.8:449
173.220.6.194:449
179.107.89.145:449
185.174.172.20:443
185.42.192.194:449
189.84.125.37:449
191.6.18.166:449
203.86.222.142:449
37.230.112.67:443
37.230.116.56:443
37.230.116.77:443
46.20.207.204:449
46.243.179.212:449
46.72.175.17:449
68.227.31.46:449
68.96.73.154:449
69.122.117.95:449
80.87.197.152:443
80.93.182.51:443
81.177.255.76:449
82.146.57.73:443
82.146.62.210:443
91.206.4.216:449
91.235.129.15:443
94.250.251.49:443
95.161.180.42:449

# Reference: https://www.virustotal.com/gui/file/0e767a910907e65f9aea723e764e7e262e838019b34005e89c8f3ea05e6c09ea/detection

185.236.130.97:443
188.120.242.117:443
194.87.102.206:443
194.87.103.178:443
194.87.110.162:443
194.87.146.146:443
194.87.93.169:443
195.133.146.18:443
195.133.147.149:443
212.109.197.115:443
37.46.134.189:443
62.109.3.136:443
82.202.236.66:443
83.220.168.63:443
91.240.86.137:443
91.240.86.21:443
92.53.77.120:443
92.53.78.79:443
92.53.91.59:443
95.213.237.224:443

# Reference: https://www.virustotal.com/gui/file/0e767a910907e65f9aea723e764e7e262e838019b34005e89c8f3ea05e6c09ea/detection

195.123.209.174:443
195.54.163.150:443
5.182.210.55:443
51.89.115.98:443

# Reference: https://twitter.com/TrackerC2Bot/status/1604954425189191692

109.234.35.87:443
118.91.178.101:443
37.46.129.41:443
54.38.142.118:443

# Reference: https://twitter.com/TrackerC2Bot/status/1605089534802362368

208.78.220.120:443

# Reference: https://twitter.com/TrackerC2Bot/status/1605270156854304778

118.163.113.140:443
118.172.249.102:443

# Reference: https://twitter.com/TrackerC2Bot/status/1605271651054133288

47.156.129.52:443

# Reference: https://twitter.com/TrackerC2Bot/status/1605278731932782600

92.109.39.207:443

# Reference: https://blog.talosintelligence.com/threat-roundup-0210-0217/ (# Win.Dropper.TrickBot-9987411-0)

elosadywo.pl
ikurumona.pl
ikymucucy.pl
inydufevi.pl
oloqucovu.pl
ufyjelefe.pl
upikemugo.pl
upuhisadi.pl
utesoryzy.pl
uzawabono.pl

# Reference: https://twitter.com/TrackerC2Bot/status/1624115609330909198
# Reference: https://twitter.com/TrackerC2Bot/status/1624947030215868417

103.111.55.218:449
103.55.69.238:449
104.255.182.45:449
107.152.42.163:443
107.172.165.149:443
107.172.208.51:443
107.172.251.159:443
107.172.29.108:443
107.175.127.149:443
109.234.34.106:443
109.234.34.90:443
109.234.35.230:443
109.234.36.103:443
109.234.37.39:443
109.234.38.22:443
112.78.38.163:449
117.196.233.79:449
118.91.178.153:443
142.202.191.175:443
146.185.219.94:443
155.133.31.21:449
162.244.32.215:443
162.247.155.122:443
172.223.62.128:443
172.82.152.132:443
176.120.126.21:449
179.43.147.250:443
179.43.147.251:443
179.43.147.72:443
181.113.114.50:449
181.211.34.154:449
185.142.99.8:443
185.146.156.38:443
185.158.114.98:443
185.159.129.97:443
185.174.172.215:443
185.186.77.222:443
185.228.233.174:443
185.246.64.156:443
185.246.64.221:443
185.246.64.65:443
185.251.38.109:443
185.252.144.135:443
185.28.63.109:449
185.34.52.20:443
185.34.52.223:443
185.80.128.16:443
185.80.130.208:443
185.99.2.115:443
185.99.2.117:443
185.99.2.221:443
188.165.62.36:443
192.227.232.21:443
192.3.130.29:443
193.37.212.246:443
194.87.102.48:443
194.87.144.222:443
194.87.238.4:443
194.87.238.84:443
194.87.94.8:443
194.87.94.96:443
194.87.98.166:443
194.87.99.225:443
195.123.239.67:443
195.133.144.112:443
195.133.146.92:443
195.133.147.74:443
195.161.114.240:443
195.161.114.57:443
195.54.162.179:443
195.54.163.139:443
195.54.163.87:443
195.54.163.91:443
198.23.252.117:443
200.116.248.170:449
200.117.251.52:449
201.251.18.28:449
202.59.168.162:449
203.23.128.179:443
209.191.203.238:449
212.109.220.111:443
212.73.150.233:443
217.107.219.15:443
217.107.34.104:443
217.107.34.34:443
217.73.131.222:449
223.25.64.119:443
23.94.3.13:443
24.113.169.148:449
24.217.193.43:449
24.217.49.92:449
24.247.182.167:449
31.184.254.50:443
37.18.30.153:443
37.228.117.146:443
37.230.114.164:443
37.230.114.177:443
37.230.114.248:443
37.230.114.53:443
37.230.114.80:443
37.230.115.129:443
37.230.115.133:443
37.230.115.138:443
37.230.115.171:443
37.230.116.185:443
37.46.128.226:443
37.46.132.49:443
37.46.134.5:443
45.11.27.72:443
45.141.100.6:443
45.148.120.13:443
45.148.120.14:443
45.148.120.153:443
46.229.213.27:443
47.224.98.123:449
47.44.54.70:449
5.182.210.24:443
5.2.70.145:443
5.2.78.43:443
5.2.78.98:443
5.34.180.173:443
51.68.247.62:443
51.75.232.232:443
51.89.115.120:443
51.89.73.158:443
54.38.49.80:443
62.109.1.68:443
62.109.10.76:443
62.109.16.54:443
62.109.24.134:443
62.109.31.193:443
63.135.55.17:449
64.192.234.98:449
64.74.160.218:443
72.226.102.151:449
73.115.58.90:449
78.24.217.88:443
78.47.156.178:449
79.143.31.246:443
80.87.199.163:443
80.87.199.8:443
81.177.140.37:443
81.177.180.254:443
81.177.26.91:443
82.146.42.89:443
82.146.61.47:443
82.146.62.52:443
83.172.125.227:443
83.220.169.117:443
83.220.169.200:443
85.143.220.41:443
85.204.116.207:443
89.223.88.121:443
89.231.13.36:449
91.200.103.41:443
91.232.52.187:449
91.235.128.186:443
91.235.129.76:443
91.240.84.224:443
92.103.210.13:443
92.223.105.210:443
92.38.171.54:443
92.63.105.132:443
92.63.107.235:443
94.103.80.134:443
94.103.82.87:443
94.250.250.110:443
94.250.251.180:443
94.250.253.121:443
94.250.253.127:443
94.250.253.69:443
94.250.253.74:443
95.213.199.95:443
95.213.236.187:443
95.213.252.23:443
95.213.252.77:443
96.9.90.104:449
97.87.175.152:449
97.89.178.50:449

# Reference: https://twitter.com/TrackerC2Bot/status/1659622699361026066

103.194.88.4:443
103.9.188.78:443
118.91.190.42:443
36.95.23.89:443

# Reference: https://twitter.com/TrackerC2Bot/status/1690785548779048960

134.122.75.115:447

# Reference: https://twitter.com/TrackerC2Bot/status/1692599294983852219

117.254.58.83:449
182.16.187.251:449
190.152.88.57:449
203.88.149.33:449
85.202.128.243:449

# Reference: https://threatfox.abuse.ch/browse/malware/win.trickbot/ (# 2023-08-25)
# Reference: https://www.virustotal.com/gui/file/0256172be4ae10020d5663a546f9f61a990d1c4026d47c907daa4167bb7e9ab3/detection

http://102.164.208.44
102.164.208.44:443
102.164.208.44:80
103.110.53.174:5060
103.113.105.126:443
103.122.108.44:443
103.123.86.104:443
103.140.207.110:443
103.146.232.154:443
103.23.237.6:443
103.238.203.82:443
103.238.228.115:443
103.47.170.130:443
103.47.170.131:443
103.47.170.149:443
103.52.135.61:443
103.56.207.230:443
103.56.43.209:449
103.59.105.226:449
103.61.100.117:443
103.61.100.252:443
103.65.193.144:443
103.75.32.38:443
103.77.205.102:447
103.93.176.237:443
108.55.14.158:447
109.196.148.123:443
111.235.66.83:447
112.234.48.144:56315
116.90.234.82:443
117.196.235.194:443
117.196.236.205:443
117.196.239.6:443
117.204.253.199:443
117.212.192.15:443
117.212.195.251:443
117.222.57.92:443
117.222.61.115:443
117.252.69.134:443
117.54.140.98:443
122.178.17.59:41680
124.41.211.17:443
125.234.128.250:443
131.72.127.126:443
136.228.129.179:443
138.36.1.137:443
139.255.6.2:443
14.102.15.100:443
14.102.15.101:443
14.102.46.9:443
14.102.72.204:443
142.196.163.52:26262
148.235.154.164:443
152.156.122.10:443
157.119.215.186:443
158.140.143.54:443
159.224.167.102:447
165.73.90.187:443
168.121.97.34:443
168.195.167.130:443
170.238.117.187:443
170.78.0.135:443
171.100.112.190:449
171.101.229.2:449
171.103.187.218:449
171.103.189.118:449
171.235.33.211:443
173.230.153.163:447
173.255.215.225:447
177.138.142.97:443
177.252.115.138:36473
177.37.161.136:443
177.52.221.73:443
177.52.26.233:443
177.75.5.222:443
177.87.0.7:447
179.42.137.102:443
179.42.137.104:443
179.42.137.105:443
179.42.137.106:443
179.42.137.107:443
179.42.137.108:443
179.42.137.109:443
179.42.137.110:443
179.42.137.111:443
18.139.111.104:443
181.112.49.170:443
181.113.63.86:443
181.129.251.109:443
181.143.251.154:447
181.188.180.243:443
181.189.221.250:443
181.196.148.42:443
181.205.41.42:443
181.211.247.43:443
181.49.135.242:443
182.253.100.150:443
182.253.106.35:443
182.253.210.130:443
185.164.32.148:443
186.159.4.217:443
186.194.119.205:443
186.235.250.230:443
186.4.193.75:443
186.42.253.110:443
186.71.134.62:443
186.97.201.66:443
187.95.113.110:443
188.234.115.35:443
189.126.72.249:443
190.110.222.109:443
190.145.83.98:443
190.152.125.75:443
190.152.4.202:447
190.197.55.254:443
190.248.146.170:443
190.61.46.106:443
191.103.252.193:443
191.36.151.129:443
191.36.152.198:443
197.44.54.162:449
200.105.199.234:443
200.201.185.194:443
200.233.192.111:443
200.7.198.138:443
200.83.98.31:443
202.144.203.140:443
202.179.185.203:443
202.183.12.124:443
202.51.122.163:443
202.58.199.82:443
202.9.121.143:443
203.115.106.98:443
203.173.94.162:443
210.2.149.202:443
212.175.98.171:443
216.177.161.118:447
221.175.134.225:10464
223.36.242.143:55190
24.32.202.68:443
31.173.137.39:443
31.173.137.47:443
31.173.137.49:443
36.67.109.15:443
36.67.97.127:443
36.89.98.183:443
36.91.186.235:443
36.91.88.164:443
36.92.59.93:443
37.57.82.112:443
45.115.172.105:443
45.181.207.101:443
45.181.207.156:443
45.201.134.202:447
45.229.162.233:443
45.65.249.154:443
49.156.39.150:447
5.182.210.132:443
53.39.34.230:1196
58.138.249.8:29304
61.19.116.53:443
62.150.59.143:44222
72.224.45.102:449
75.176.235.182:443
81.190.193.197:443
82.160.88.100:443
83.146.71.242:443
83.220.171.190:443
84.117.218.101:44597
84.236.171.231:443
85.143.218.249:443
86.138.149.100:7800
87.97.178.92:447
91.235.129.8:443
91.83.88.122:443
93.232.155.93:29309
94.136.143.124:443
94.28.78.200:447
96.47.239.181:443
98.0.159.122:443
myca.adprimblox.fun
wixz.adprimblox.fun

# Reference: https://twitter.com/TrackerC2Bot/status/1743876984642347508

207.246.92.48:443
45.79.126.97:443
45.79.155.9:443
45.79.253.142:443
66.42.113.16:443

# Reference: https://twitter.com/TrackerC2Bot/status/1744783958829637986

73.252.252.62:449
76.16.105.16:449
78.24.218.168:443
80.87.199.190:443
82.146.48.187:443
82.146.48.243:443

# Reference: https://twitter.com/TrackerC2Bot/status/1744783959911796954

82.146.49.135:443
82.146.61.103:443
82.146.61.140:443
82.146.61.247:443
92.53.91.15:443
94.250.253.142:443

# Reference: https://x.com/0x6rss/status/1798288742614200467
# Reference: https://x.com/0x6rss/status/1826254014264357208
# Reference: https://www.virustotal.com/gui/file/0741472eba8d6cf562a3e7e69de1d19eb51d573aafe32d9bb17720d9e6ce515a/detection

gofirst.cn.com
eastima.cn.com
tampam.cn.com
trustmode.at

# Reference: https://www.virustotal.com/gui/file/444567259806ae5fcb5c45b72f3012678fb352a74c466b6bfbe51c2f931674f2/detection

62.69.241.103:449

# Reference: https://www.virustotal.com/gui/file/457917738d6b93080ca36b12735082b40fcfabf53550b447f000e55fb0bf628b/detection
# Reference: https://www.virustotal.com/gui/file/e07e68bd1d4066e155d82cb1196b15cc7afd734f02dfc558ffd3046e2fff3684/detection

controlsync.at

# Generic trails

/2NquxQZ2oK4a45L.php
/2VJDZ6JaqzEiq.php
/2vOOR7gAPrc1eq.php
/34fhjdgEN3q.php
/6f04e0be46qb4Zc.php
/717VRBNDFF84qs.php
/countryyelow.php
/o3Mrg8bqRzC.php
/fRTe1z0xiWu8q.php
/karlmarks.php
/lU90i5Fjqb6cZ.php
/Wg4NI94598qBF.php
/Ui4VMX.php
/6ng688x8
/B1Dgs7jd
/DJNvad97v1
/DSKVJBdsj2
/DSVdv2vefasd
/DVkjbsdv37
/Huey4truyew7342
/Jygrfewhrbf3wr
/KJSDBViad7
/KVJbdisfv8sd
/SDVJKBsdkhv1
/SDVe2f2fds
/SDVjkhb7831r
/SDVsdv23
/SDVsdv23r
/YTWur324rwf5regd
/tt0002/
/djnvad97v1
/dvkjbsdv37
/hgx1bgs
/hrkddvsdv7
/qY3DRY3N
/qy3dry3n
/sdvsdv23r
/vbdh72F
/vdbh72f
/goodweb/pwofiles.php
/IuNbOpen/oiUnbYATR.php
/junkreps/sllep.php
/sport/rockstar.php
/Pan/dbloader.php/?func=
/zag/UpdateHelp.php
/zag/BorovHelp.php
/oiUnbYATR.php
/ololomadam.php
/opwasaythatthisverygoodinfo.php
/pwofiles.php
/ser0626/
/campo/a/a
/campo/b/b
/campo/c/c
/campo/d/d
/campo/e/e
/campo/f/f
/campo/g/g
/campo/h/h
/campo/i/i
/campo/j/j
/campo/k/k
/campo/l/l
/campo/m/m
/campo/n/n
/campo/o/o
/campo/o/u
/campo/p/p
/campo/q/q
/campo/r/r
/campo/s/s
/campo/t/t
/campo/u/u
/campo/v/v
/campo/w/w
/campo/x/x
/campo/y/y
/campo/z/z
/campo/a/a1
/campo/b/b1
/campo/c/c1
/campo/d/d1
/campo/e/e1
/campo/t/e2
/campo/f/f1
/campo/g/g1
/campo/h/h1
/campo/i/i1
/campo/j/j1
/campo/k/k1
/campo/l/l1
/campo/m/m1
/campo/n/n1
/campo/o/o1
/campo/p/p1
/campo/q/q1
/campo/r/r1
/campo/s/s1
/campo/t/t1
/campo/u/u1
/campo/v/v1
/campo/w/w1
/campo/x/x1
/campo/y/y1
/campo/z/z1
/campo/a/a2
/campo/b/b2
/campo/c/c2
/campo/d/d2
/campo/e/e2
/campo/f/f2
/campo/g/g2
/campo/h/h2
/campo/i/i2
/campo/j/j2
/campo/k/k2
/campo/l/l2
/campo/m/m2
/campo/n/n2
/campo/o/o2
/campo/p/p2
/campo/q/q2
/campo/r/r2
/campo/s/s2
/campo/t/t2
/campo/u/u2
/campo/v/v2
/campo/w/w2
/campo/x/x2
/campo/y/y2
/campo/z/z2
/campo/aa/a1
/campo/ba/b1
/campo/ca/c1
/campo/da/d1
/campo/ea/e1
/campo/fa/f1
/campo/ga/g1
/campo/ha/h1
/campo/ia/i1
/campo/ja/j1
/campo/ka/k1
/campo/la/l1
/campo/ma/m1
/campo/na/n1
/campo/oa/o1
/campo/pa/p1
/campo/qa/q1
/campo/ra/r1
/campo/sa/s1
/campo/ta/t1
/campo/ua/u1
/campo/va/v1
/campo/wa/w1
/campo/xa/x1
/campo/ya/y1
/campo/za/z1
/campo/a2/a2
/campo/b2/b2
/campo/c2/c2
/campo/d2/d2
/campo/e2/e2
/campo/f2/f2
/campo/g2/g2
/campo/h2/h2
/campo/i2/i2
/campo/j2/j2
/campo/k2/k2
/campo/l2/l2
/campo/m2/m2
/campo/n2/n2
/campo/o2/o2
/campo/p2/p2
/campo/q2/q2
/campo/r2/r2
/campo/s2/s2
/campo/t2/t2
/campo/u2/u2
/campo/v2/v2
/campo/w2/w2
/campo/x2/x2
/campo/y2/y2
/campo/z2/z2
/campo/li/e3
/campo/gl/gl3
/campo/t3/t3
/haurf/a/a
/haurf/b/b
/haurf/c/c
/haurf/d/d
/haurf/e/e
/haurf/f/f
/haurf/g/g
/haurf/h/h
/haurf/i/i
/haurf/j/j
/haurf/k/k
/haurf/l/l
/haurf/m/m
/haurf/n/n
/haurf/o/o
/haurf/p/p
/haurf/q/q
/haurf/r/r
/haurf/s/s
/haurf/t/t
/haurf/u/u
/haurf/v/v
/haurf/w/w
/haurf/x/x
/haurf/y/y
/haurf/z/z
/haurf/a2/a2
/haurf/b2/b2
/haurf/c2/c2
/haurf/d2/d2
/haurf/e2/e2
/haurf/f2/f2
/haurf/g2/g2
/haurf/h2/h2
/haurf/i2/i2
/haurf/j2/j2
/haurf/k2/k2
/haurf/l2/l2
/haurf/m2/m2
/haurf/n2/n2
/haurf/o2/o2
/haurf/p2/p2
/haurf/q2/q2
/haurf/r2/r2
/haurf/s2/s2
/haurf/t2/t2
/haurf/u2/u2
/haurf/v2/v2
/haurf/w2/w2
/haurf/x2/x2
/haurf/y2/y2
/haurf/z2/z2
/m105.dll
/mon102.dll
/mon103.dll
/mon41_cr.dll
/mon42_cr.dll
/mon44_cr.dll
/mon48_cr.dll
/mon4498.dll
/mon64.dll
/mon65.dll
/mon67.dll
/mon80.dll
/mon81.dll
/m123.dll
/mon117.dll
/mon117_cr.dll
/mon123.dll
/mon127.dll
/netmouser.dll
/wp-netmon.dll
/NgkxCQkxMTU5NUM2MTY3QkExQjcx/
