# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: pterodo, primitive bear

# MITRE: https://attack.mitre.org/groups/G0047/

# Reference: http://researchcenter.paloaltonetworks.com/2017/02/unit-42-title-gamaredon-group-toolset-evolution/

admin-ru.ru
adobe.update-service.net
apploadapp.webhop.me
brokbridge.com
cat.gotdns.ch
check-update.ru
childrights.in.ua
conhost.myftp.org
docdownload.ddns.net
downloads.email-attachments.ru
downloads.file-attachments.ru
dyndownload.serveirc.com
e.muravej.ua
email-attachments.ru
file-attachments.ru
freefiles.myftp.biz
getmyfile.webhop.me
googlefiles.serveftp.com
grom56.ddns.net
grom90.ddns.net
hrome-update.ru
hrome-updater.ru
loaderskypetm.webhop.me
loadsoulip.serveftp.com
mail.file-attachments.ru
mails.redirectme.net
mars-ru.ru
msrestore.ru
oficialsite.webhop.me
parkingdoma.webhop.me
poligjong.webhop.me
polistar.ddns.net
proxy-spread.ru
rms.admin-ru.ru
samotsvety.com.ua
skypeemocache.ru
skypeupdate.ru
spbpool.ddns.net
spread-service.ru
spread-ss.ru
spread-updates.ru
stor.tainfo.com.ua
tortilla.sytes.net
ukrnet.serveftp.com
ukrway.galaktion.ru
umachka.ua
update-service.net
updatesp.ddns.net
updateviber.sytes.net
webclidie.webhop.me
win-restore.ru
winloaded.sytes.net
winupdateloader.ru
yfperoliz.webhop.me

# Reference: https://arstechnica.com/information-technology/2018/11/ukraine-detects-new-pterado-backdoor-malware-warns-of-russian-cyberattack/

updates-spreadwork.pw
dataoffice.zapto.org
bitsadmin.ddns.net

# Reference: https://cert.gov.ua/news/46

natos-drp.ddns.net
nato-drp.ddns.net
ukraine-news.ddns.net
ukraina-drp.ddns.net
tovar-es.ddns.net
start-usb.ddns.net
sovetkirov.ddns.net
singles-office.ddns.net
single-office.ddns.net
yousister.ddns.net
wq03.ddns.net
wq02.ddns.net
wq01.ddns.net
werdikt.ddns.net
wareface.ddns.net
vnc-new.ddns.net
ut03.ddns.net
ut02.ddns.net
ut01.ddns.net
us03.ddns.net
us02.ddns.net
us01.ddns.net
topline.myftp.org
sushi-bar.ddns.net
po03.ddns.net
po02.ddns.net
po01.ddns.net
pk03.ddns.net
pk02.ddns.net
pk01.ddns.net
orizoh88.ddns.net
optima-se.ddns.net
new-club.ddns.net
mykarina.ddns.net
microsoft-single.ddns.net
metro-exodus.ddns.net
marishka.ddns.net
macdocs.ddns.net
karasto01.ddns.net
gr03.ddns.net
gr02.ddns.net
gr01.ddns.net
connect-updates.ddns.net
chrome-update.ddns.net

# Reference: https://blog.threatstop.com/russian-apt-gamaredon-group

splin-body.site
torrent-stel.space
torent-updates.ddns.net
torrent-updates.ddns.net
splin-upd.site
splin-upd1.site
torrent-supd.space

# Reference: https://cert.gov.ua/news/42

http://95.142.45.58
single-office.ddns.net

# Reference: https://cert.gov.ua/news/46

bitsadmin.ddns.net
dataoffice.zapto.org
updates-spreadwork.pw

# Reference: https://twitter.com/VK_Intel/status/1084955795358330880

spread-system.info

# Reference: https://twitter.com/VK_Intel/status/1080919080616439808

torrent-supd.space

# Reference: https://twitter.com/ClearskySec/status/1065267794474950657

chrome-update.ddns.net
connect-updates.ddns.net
gr01.ddns.net
gr02.ddns.net
gr03.ddns.net
karasto01.ddns.net
macdocs.ddns.net
marishka.ddns.net
metro-exodus.ddns.net
microsoft-single.ddns.net
mykarina.ddns.net
natos-drp.ddns.net
nato-drp.ddns.net
new-club.ddns.net
orizoh88.ddns.net
optima-se.ddns.net
pk01.ddns.net
pk02.ddns.net
pk03.ddns.net
po01.ddns.net
po02.ddns.net
po03.ddns.net
singles-office.ddns.net
single-office.ddns.net
sovetkirov.ddns.net
start-usb.ddns.net
sushi-bar.ddns.net
topline.myftp.org
tovar-es.ddns.net
ukraina-drp.ddns.net
ukraine-news.ddns.net
us01.ddns.net
us02.ddns.net
us03.ddns.net
ut01.ddns.net
ut02.ddns.net
ut03.ddns.net
vnc-new.ddns.net
wareface.ddns.net
werdikt.ddns.net
wq01.ddns.net
wq02.ddns.net
wq03.ddns.net
yousister.ddns.net

# Reference: https://twitter.com/CSIRTCV/status/1083420779486855169

errors-analyses.ddns.net
spr-files.ddns.net
spr-updates.ddns.net

# Reference: https://unit42.paloaltonetworks.com/unit-42-title-gamaredon-group-toolset-evolution/

admin-ru.ru
adobe.update-service.net
apploadapp.webhop.me
brokbridge.com
cat.gotdns.ch
check-update.ru
childrights.in.ua
conhost.myftp.org
docdownload.ddns.net
downloads.email-attachments.ru
downloads.file-attachments.ru
dyndownload.serveirc.com
e.muravej.ua
email-attachments.ru
file-attachments.ru
freefiles.myftp.biz
getmyfile.webhop.me
googlefiles.serveftp.com
grom56.ddns.net
grom90.ddns.net
hrome-update.ru
hrome-updater.ru
loaderskypetm.webhop.me
loadsoulip.serveftp.com
mail.file-attachments.ru
mails.redirectme.net
mars-ru.ru
msrestore.ru
oficialsite.webhop.me
parkingdoma.webhop.me
poligjong.webhop.me
polistar.ddns.net
proxy-spread.ru
rms.admin-ru.ru
samotsvety.com.ua
skypeemocache.ru
skypeupdate.ru
spbpool.ddns.net
spread-service.ru
spread-ss.ru
spread-updates.ru
stor.tainfo.com.ua
tortilla.sytes.net
ukrnet.serveftp.com
ukrway.galaktion.ru
umachka.ua
update-service.net
updatesp.ddns.net
updateviber.sytes.net
webclidie.webhop.me
win-restore.ru
winloaded.sytes.net
winupdateloader.ru
yfperoliz.webhop.me

# Reference: https://twitter.com/ClearskySec/status/1065267790943268865

dropdrop.ddns.net
drop-new.ddns.net
drop-news.ddns.net
google-drive.ddns.net
google-drp.ddns.net
google-drop.ddns.net

# Reference: https://twitter.com/VK_Intel/status/1117303080545079296

winroutes.ddns.net

# Reference: https://twitter.com/h4ckak/status/1117234914158530560

winrouts.ddns.net

# Reference: https://twitter.com/h4ckak/status/1117789601765007360

lisingrout.ddns.net

# Reference: https://twitter.com/Timele9527/status/1118331760612388864

word-service.site

# Reference: https://twitter.com/Timele9527/status/1118343183971360769

libre4.space

# Reference: https://twitter.com/zlab_team/status/1121013394251948036
# Reference: https://blog.yoroi.company/research/the-russian-shadow-in-eastern-europe-ukrainian-mod-campaign/

bitwork.ddns.net
librework.ddns.net

# Reference: https://twitter.com/ThreatBookLabs/status/1123149311573815297
# Reference: https://x.threatbook.cn/nodev4/vb4/article?threatInfoID=1417 (Chinese)
# Reference: https://otx.alienvault.com/pulse/5cc80eba055a4f569561dad5
# Reference: https://www.virustotal.com/gui/ip-address/185.200.241.88/relations

advansed-template.site
alenko.site
attach.website
beercraft.fun
beercraft.space
bits-mars.fun
bits-mars.site
bits-mars.space
bits-tor.fun
bits-tor.site
bits-tor.space
bits-tor.website
bitsadmin.space
bitsadmin1.space
bitsadmin10.space
bitsadmin2.space
bitsadmin3.space
bitsadmin4.space
bitsadmin5.space
bitsadmin6.space
bitsadmin7.space
bitsadmin8.space
bitsadmin9.space
bitsbitsa.space
bitsbitsb.space
bitsbitsc.space
bitsbitsd.space
bitsbitsf.space
bitsbitsg.space
bitsbitsh.space
bitsbitsi.space
bitsbitsk.space
bitsbitsl.space
cleaners.fun
cornelius.website
cyberworld.host
cyberworld.website
demiurg.site
demiurg.space
demiurg.website
dilana.space
drivegoogle.site
drovka.space
dwn-files.site
fix-template.site
gameland.host
gameland.space
gameland.website
gameworld.website
google-drive.site
haker.fun
haker.host
haker.space
haker.website
immortals.site
immortals.space
immortals.website
lebrederm.space
lebreman.space
libda.site
libdab.site
libdad.site
libdadi.site
libdado.site
libdaf.site
libdag.site
libdah.site
libdak.site
libdal.site
libdam.site
libdan.site
libdas.site
libre-360.site
libre-exel.site
libre-office.site
libre-ppt.site
libre-word.site
libre1.space
libre2.space
libre3.space
libre4.space
libre5.space
librerty.space
libres.space
libressimo.space
macros1.space
macros2.space
macros3.space
macros4.space
macros5.space
masseffect.fun
masseffect.site
masseffect.space
masseffect.website
microsoft-analise.site
microsoft-bits.site
microsoft-macros.site
microsoft-office.site
microsoft-usb.site
mirkwood.space
mototo.fun
mototo.site
mototo.space
mototo.website
new-template.site
niam.space
normal-template.site
normandia.website
ogmar.fun
ogmar.site
ogmar.website
ogremage.site
ogremage.space
ogremage.website
old-template.site
overload.space
overload.website
rainak.space
riki.space
rud.ddns.net
saprit.fun
saprit.site
saprit.space
saprit.website
sheppard.fun
sheppard.website
skymage.fun
skymage.space
skymage.website
sorg.space
ssu-gov.site
ssu-gov.website
stan-stana.site
stan-stana.space
stan-stana.website
stereo-bit.fun
stereo-bit.space
termit.space
termit.website
termits.fun
watcher.host
wayto.host
wayto.website
wifa.site
wifa.space
wifa.website
wifb.site
wifb.space
wifc.host
wifc.site
wifc.space
wifc.website
wifo.host
wifo.space
wifo.website
wifu.site
wifu.space
wifu.website
wify.space
wify.website
word-checker.site
word-online.site
word-proxy.site
word-service.site
word-update.site
wordmacros.space
xakep.fun
xakep.site
zanzar.space
bitqueshions.ddns.net
gamework.ddns.net
telemetriya.hopto.org
torrent-videos.ddns.net
usbqueshions.ddns.net
wordqueshion.ddns.net
workan.ddns.net
workusb.ddns.net

# Reference: https://twitter.com/JAMESWT_MHT/status/1131226380694413312

bitvers.ddns.net
tor-file.ddns.net
wincreator.ddns.net

# Reference: https://twitter.com/Timele9527/status/1139816501869871104

templates.hopto.org

# Reference: https://twitter.com/HONKONE_K/status/1143725710340587520

curt.hopto.org

# Reference: https://twitter.com/VK_Intel/status/1143696009261932544

bit-rnbo.ddns.net
rnbo-ua.ddns.net

# Reference: https://twitter.com/VK_Intel/status/1147021849567617026

barathrum.space
zombieland.info

# Reference: https://thehackernews.com/2019/07/linux-gnome-spyware.html

clsass.ddns.net
kotl.space

# Reference: https://twitter.com/Timele9527/status/1154570300635303937
# Reference: https://www.virustotal.com/gui/ip-address/5.252.193.204/relations
# Reference: https://www.virustotal.com/gui/file/79fd962eb0c256f32786dab4d42cb416f6c1e6766bf0e2dcafdf5ffa2c5e61c1/detection
# Reference: https://otx.alienvault.com/pulse/5d3ac45e3bc2987b3b0031dc
# Reference: https://app.any.run/tasks/dee82850-9e19-4a53-b9b4-e5d88df913be/

advansed-template.site
bits-tor.fun
bits-tor.host
bits-tor.site
bits-tor.space
bits-tor.website
bitsadmin10.space
bitsadmin2.space
bitsadmin3.space
bitsadmin4.space
bitsadmin5.space
bitsadmin6.space
bitsadmin7.space
bitsadmin8.space
bitsadmin9.space
bitsbitsa.space
bitsbitsb.space
bitsbitsc.space
bitsbitsi.space
bitsbitsk.space
bitsbitsl.space
certificate-verif.ddns.net
cyberworld.host
cyberworld.website
dilana.space
drovka.space
fix-template.site
furion.space
gameland.space
gameland.website
gameworld.space
gameworld.website
haker.fun
haker.host
haker.space
haker.website
libda.site
libdab.site
libdac.site
libdad.site
libdade.site
libdadi.site
libdado.site
libdaf.site
libdag.site
libdah.site
libdak.site
libdal.site
libdam.site
libdan.site
libdas.site
libre-360.site
libre-exel.site
libre-office.site
libre-ppt.site
libre-word.site
libre1.space
libre2.space
libre3.space
libre4.space
libre5.space
librerty.space
libressimo.space
macros1.space
macros2.space
macros3.space
macros4.space
macros5.space
niam.space
orlean.space
overload.space
overload.website
overwatch.host
rainak.space
redict.ddns.net
riki.space
wayto.host
wifa.site
wifa.space
wifa.website
wifb.site
wifb.space
wifb.website
wifc.host
wifc.site
wifc.space
wifc.website
wifo.host
wifo.site
wifo.space
wifo.website
wifu.site
wifu.space
wifu.website
wifx.site
wify.space
wify.website
wordmacros.space
xakep.fun
xakep.website
zombieland.host
zombieland.info

# Reference: https://twitter.com/Timele9527/status/1157458188792262656

shell-create.ddns.net

# Reference: https://twitter.com/Timele9527/status/1158554492746383361
# Reference: https://www.virustotal.com/gui/file/96f9f7a5c6a7452f385727708c69bf158e2d9461ad1bc683ba9082306b210e0e/detection

libre-templates.ddns.net

# Reference: https://twitter.com/spider_girl22/status/1171262839295635457

office-constructor.ddns.net

# Reference: https://twitter.com/Rmy_Reserve/status/1174592994395054080

weeklite.ddns.net

# Reference: https://twitter.com/spider_girl22/status/1192276592522776576

inbox-office.ddns.net

# Reference: https://twitter.com/spider_girl22/status/1192638857478463488

micro-set.ddns.net
office-crash.ddns.net

# Reference: https://twitter.com/ccxsaber/status/1192630060513136640

get-icons.ddns.net

# Reference: https://twitter.com/ccxsaber/status/1192630027847950338

micro-office.ddns.net

# Reference: https://twitter.com/spider_girl22/status/1193731348239773698

office-lite.ddns.net

# Reference: https://twitter.com/MalCrawler/status/1192796411752042496
# Reference: https://www.virustotal.com/gui/ip-address/2.59.41.5/relations

bitread.ddns.net
bitvers.ddns.net
checkhurl.fun
checkhurl.info
checkhurl.site
checkhurl.space
checkhurl.website
const-gov.ddns.net
constructor-word.ddns.net
creative-office.ddns.net
document-listing.ddns.net
document-write.ddns.net
duktas-dde.ddns.net
get-icons.ddns.net
kornet-ua.ddns.net
kristo-ua.ddns.net
l3ccd25c.justinstalledpanel.com
libre-boot.ddns.net
libresoft.ddns.net
list-sert.ddns.net
lookups.ddns.net
message-office.ddns.net
micro-office.ddns.net
military-ua.ddns.net
my-certificates.ddns.net
network-crash.ddns.net
rnbo-ua.ddns.net
shell-sertificates.ddns.net
suipost.ddns.net
sv-menedgment.ddns.net
templates.hopto.org
tempwook.ddns.net
tesla-pos.ddns.net
underlord.fun
underlord.site
underlord.space
unhcr.ddns.net

# Reference: https://twitter.com/angel11VR/status/1196488408652275712
# Reference: https://pastebin.com/Vhb4KF5L

win-apu.ddns.net

# Reference: https://twitter.com/Rmy_Reserve/status/1199105567379402752

paparije.ddns.net
win-gu.ddns.net

# Reference: https://twitter.com/Rmy_Reserve/status/1198992468244455430

brousework.ddns.net
yotaset.ddns.net

# Reference: https://twitter.com/DeadlyLynn/status/1196769711557447681

win-ss.ddns.net

# Reference: https://twitter.com/DeadlyLynn/status/1199310720971628544

korneliuswork.ddns.net

# Reference: https://twitter.com/TippedMyCows/status/1201966780727607298

kavkazwork.ddns.net
reklama-network.ddns.net

# Reference: https://twitter.com/DeadlyLynn/status/1210785247039635462

document-out.hopto.org
libcrash.ddns.net

# Reference: https://twitter.com/WaChinYu1/status/1215292666776313857
# Reference: https://twitter.com/JAMESWT_MHT/status/1215580348853170176

listenwork.ddns.net
pasive.ddns.net

# Reference: https://twitter.com/TippedMyCows/status/1215376917047775232

document-out.ddns.net

# Reference: https://twitter.com/DeadlyLynn/status/1217805735070822400

dominikanos.hopto.org
kreps.hopto.org

# Reference: https://twitter.com/Rmy_Reserve/status/1217064837051645954

dochlist.hopto.org
skrembler.hopto.org

# Reference: https://twitter.com/TippedMyCows/status/1217514381866688517

susget.hopto.org

# Reference: https://twitter.com/DeadlyLynn/status/1194869515173019648

office-out.ddns.net

# Reference: https://twitter.com/dewan202/status/1194004664716541954

word-gread.ddns.net

# Reference: https://twitter.com/KorbenD_Intel/status/1065018358075146240
# Reference: https://www.virustotal.com/gui/ip-address/185.231.155.209/relations

dr01.ddns.net
dr02.ddns.net
dropper.crimea.com
dropper01.crimea.com

# Reference: https://twitter.com/DrunkBinary/status/1019904469155368960

realy.ddns.net

# Reference: https://twitter.com/VK_Intel/status/1220238381319323648

masseffect.space

# Reference: https://twitter.com/MarsFacebook/status/1219183410289102849

perdector.hopto.org

# Reference: https://twitter.com/WaChinYu1/status/1221897054693228545

kastoget.hopto.org
papir.hopto.org

# Reference: https://www.virustotal.com/gui/ip-address/141.8.195.60/relations

feodosh.hopto.org
ironiya.ddns.net
karab.hopto.org
kastoget.hopto.org
kentes.hopto.org
kutan.ddns.net
lobanus.hopto.org
office-carambol.ddns.net
provansales.ddns.net
selena.myftp.biz
stive.hopto.org
zariks.ddns.net

# Reference: https://www.virustotal.com/gui/ip-address/188.225.25.50/details
# Reference: https://app.any.run/tasks/6bf01afd-9d07-47df-88be-ad4b388e31a1/

babir.bounceme.net
bitupd.ddns.net
honvoi.hopto.org
kara.3utilities.com
livas.3utilities.com
sakira.3utilities.com
scr-out.ddns.net
sonik.hopto.org
tele.3utilities.com
tempget.ddns.net
tesla-fun.ddns.net
tesla-getro.ddns.net
tesla-opt.ddns.net
tesla-preat.ddns.net
tesla-tehno.ddns.net
tesla-ufis.ddns.net
tesla-unit.ddns.net

# Reference: https://www.virustotal.com/gui/ip-address/176.57.215.22/relations

bitclass.ddns.net
cretors.ddns.net
getclass.ddns.net
wizartopen.ddns.net

# Reference: https://www.virustotal.com/gui/ip-address/188.225.24.161/details

internetcreate.ddns.net

# Reference: https://www.virustotal.com/gui/ip-address/141.8.192.153/relations

carambol-oru.ddns.net
down-vv.ddns.net
librebooton.ddns.net
office-menedgment.ddns.net
sambiras.myftp.org
tempcr.ddns.net
temppost.ddns.net

# Reference: https://www.virustotal.com/gui/ip-address/195.88.208.81/relations

device-update.ddns.net
flash01.ddns.net
fsu01.ddns.net
katalisto01.ddns.net
my-update.ddns.net
office-updates.ddns.net
service-device.ddns.net

# Reference: https://www.virustotal.com/gui/ip-address/142.93.110.250/relations
# Reference: https://www.virustotal.com/gui/file/baacc7aaf686dc4b18febe921932f10f6ebbca0e0ebb06c777d5c4b0a5449058/detection
# Reference: https://www.virustotal.com/gui/file/baa16cd5609e2412e985223912929644694a82231a6b9b76c994be5768f73def/detection
# Reference: https://www.virustotal.com/gui/file/706fbc3610c4cde404cff9a5038ad290d0a3cdab87d63fe29fa9cee4496b889d/detection
# Reference: https://www.virustotal.com/gui/file/8d0c90707ab27c47ddc7ccb91c1016f948c7405073fedea9b59517442920b29c/detection

armaruru.ddns.net
device-update.ddns.net
droper-sp.ddns.net
droper-spr.ddns.net
droper.ddns.net
dropius.ddns.net
spr-d1.ddns.net
spr-d2.ddns.net
spr-d3.ddns.net
spr-d4.ddns.net
spr-d5.ddns.net
spr-d6.ddns.net
spr-u.ddns.net
telo-spread.ddns.net

# Reference: https://twitter.com/Zhx_8885/status/1228178125151850496
# Reference: https://www.virustotal.com/gui/ip-address/141.8.194.74/relations
# Reference: https://app.any.run/tasks/b5d0290e-5355-4568-b702-1a0390495902/
# Reference: https://app.any.run/tasks/c0063d98-84d1-4ed9-94eb-9397302a1887/
# Reference: https://app.any.run/tasks/bc0e9a03-2742-4ad6-acb6-e43a290e5db7/
# Reference: https://app.any.run/tasks/a2e4d04d-17ff-499a-b78d-b655a221fe3c/

error-office.myftp.biz
error-word.myftp.biz
kasimovschmuck.hopto.org
mikhailkasimov.myftp.biz
mikhailkasimov.myftp.org
schmuckkasim.3utilities.com
writedoc.bounceme.net

# Reference: https://twitter.com/Zhx_8885/status/1227471901028646912

solod.bounceme.net

# Reference: https://www.virustotal.com/gui/ip-address/185.200.241.88/relations

cron-redic.ddns.net
crons.ddns.net

# Reference: https://twitter.com/DeadlyLynn/status/1229702371732623360
# Reference: https://www.virustotal.com/gui/ip-address/176.57.215.115/relations
# Reference: https://app.any.run/tasks/b5e39e8d-8a94-4c69-9140-8015114a35c3/
# Reference: https://app.any.run/tasks/ea5d835d-43a3-4996-9767-3d0069d8ca70/
# Reference: https://app.any.run/tasks/58ad6333-96c4-4616-bba6-c0acc7c1500c/

hedriks.bounceme.net
kristoffer.hopto.org
kristom.hopto.org
livas.3utilities.com
miragena.xyz
sabdja.3utilities.com
samson.3utilities.com
violina.space
violina.website
voyaget.myftp.biz
100hit.ru
288706-ce34203.tmweb.ru
decos.hopto.org
fangimen.xyz
fingra.xyz
firran.xyz
frondo.xyz
liard.bounceme.net
niso.gotdns.ch
olida.xyz
orlani.xyz
safer.3utilities.com
shokoda.xyz
sonik.hopto.org
tesla-iu.ddns.net
tesla-ny.ddns.net
tesla-res.ddns.net
tesla-rt.ddns.net
tesla-tui.ddns.net
tesla-uos.ddns.net
totilla.xyz
uidertu.myddns.me
upokan.xyz
vois.gotdns.ch

# Reference: https://twitter.com/WaChinYu1/status/1230865020764000262

bbtt.space
himym.space
himym.xyz
underlord.fun
underlord.site
underlord.space

# Reference: https://twitter.com/w3ndige/status/1234574732730753025
# Reference: https://app.any.run/tasks/4622fd63-97dc-433a-b859-9be099f37e20/
# Reference: https://app.any.run/tasks/6401f328-c80f-48f7-95a9-b3b981111e94/
# Reference: https://app.any.run/tasks/a013b184-4d5b-40d6-8cfb-0661ade38657/
# Reference: https://app.any.run/tasks/dade1db1-f1fe-42e9-a48b-b1d28b9584e9/
# Reference: https://app.any.run/tasks/9e666611-5151-4889-858e-4f5797d64e2a/
# Reference: https://gist.github.com/W3ndige/d2eb1969497f65a8f7e572d0299afdb9

bbtt.site
himym.site

# Reference: https://twitter.com/TippedMyCows/status/1235605583404859392
# Reference: https://www.virustotal.com/gui/ip-address/176.119.147.225/relations
# Reference: https://app.any.run/tasks/e41fc213-f939-4de4-936e-a7971f9a2e19/
# Reference: https://app.any.run/tasks/5022d054-250f-41fa-93ad-b0cc1c4aba6a/
# Reference: https://app.any.run/tasks/8050341f-0602-4aae-9a7a-e114152ced89/
# Reference: https://app.any.run/tasks/afc1eea3-75e0-4aec-9b50-d1a6a0eecd41/
# Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/gamaredon-apt-group-use-covid-19-lure-in-campaigns/

bambinos.bounceme.net
bbtt.website
birbas.hopto.org
forestac.site
forestac.website
forestac.xyz
harpa.site
harpa.space
harpa.website
melos.myftp.biz
midos.hopto.org
saja.myftp.biz
seliconos.3utilities.com
varas.myftp.biz
voyager.myftp.biz

# Reference: https://twitter.com/DeadlyLynn/status/1242727456563269632
# Reference: https://www.virustotal.com/gui/ip-address/141.8.198.69/relations
# Reference: https://app.any.run/tasks/85d62624-8153-482d-a8e7-26e746510eb3/
# Reference: https://app.any.run/tasks/761c45e0-83e1-4068-b7e3-ae40c06547e9/
# Reference: https://app.any.run/tasks/008c9df0-96b2-4616-9b75-d6a95ee74457/

asdfaws.myddns.me
bizavto.myftp.org
federeal.3utilities.com
jikoltew.myftp.biz
kolidus.gotdns.ch
kolyuwer.bounceme.net
liboot.myftp.biz
lopaverus.3utilities.com
milosetuder.myftp.biz
outfish.bounceme.net
redukos.bounceme.net
salioert.3utilities.com
samsorud.myftp.biz
satkower.3utilities.com
wertlook.hopto.org

# Reference: https://twitter.com/Zhx_8885/status/1242857013048012804

koliorew.hopto.org

# Reference: https://twitter.com/Zhx_8885/status/1242859749965627392

teriosad.myftp.org

# Reference: https://twitter.com/WaChinYu1/status/1249752181051478017
# Reference: https://app.any.run/tasks/62e67bce-1c3f-4262-a3b4-93fc7aab8190/

getyuawer.myftp.biz
pankratios.myftp.org

# Reference: https://twitter.com/Zhx_8885/status/1250110743778717696

hirodomus.hopto.org

# Reference: https://www.virustotal.com/gui/ip-address/109.68.213.102/relations

saveriutew.3utilities.com

# Reference: https://www.virustotal.com/gui/ip-address/188.225.79.97/relations

heristomuk.hopto.org
perastyuer.myftp.biz
poizader.hopto.org

# Reference: https://www.virustotal.com/gui/ip-address/188.225.46.94/relations

redisman.ddns.net
reklamgroup.ddns.net

# Reference: https://www.virustotal.com/gui/file/59bef9935d5dae8c0c1f05dd4faf15b642b93baaff3555b02387f49c2153d256/detection

bits-mars.info

# Reference: https://www.virustotal.com/gui/file/fffe5cb20a950f29e462bc04d1662343dc8019c44748a26d39cf604c594b8313/detection

restors.ddns.net

# Reference: https://www.virustotal.com/gui/ip-address/5.23.55.101/relations

myimage.host

# Reference: https://twitter.com/ShadowChasing1/status/1250592142034001921
# Reference: https://www.virustotal.com/gui/ip-address/185.248.100.121/relations
# Reference: https://www.virustotal.com/gui/ip-address/195.88.208.196/relations

splin-body.site
splin-body1.site
splin-upd.site
splin-upd1.site

# Reference: https://twitter.com/ShadowChasing1/status/1250592542090878976
# Reference: https://www.virustotal.com/gui/file/1be87dd137ff211e0e2334e053f78c8f9ba00c0c59ea044488a74b9b77270f4a/detection

musik-lis.ddns.net

# Reference: https://www.virustotal.com/gui/ip-address/91.210.170.72/relations

actor-tv.ddns.net
addova.xyz
alastari.xyz
amarillio.space
area-tv.hopto.org
baby-tv.ddns.net
borzoy-tv.ddns.net
druweal.xyz
fartiny.xyz
ferranot.xyz
filkos-tv.ddns.net
fulo-tv.ddns.net
geters-tv.ddns.net
gorgopa.xyz
hilos-tv.ddns.net
hres-tv.ddns.net
hudos-tv.ddns.net
huncea.xyz
itango.space
joka-tv.ddns.net
jontap.xyz
kiodas.xyz
kistas-tv.ddns.net
koleran.xyz
liqutan.xyz
lustra-tv.ddns.net
marmari.space
mersi-tv.ddns.net
musik-dreg.ddns.net
musik-erta.ddns.net
musik-file.ddns.net
musik-klo.ddns.net
musik-kreps.ddns.net
musik-lio.ddns.net
musik-lis.ddns.net
musik-lk.ddns.net
musik-pit.ddns.net
musik-qas.ddns.net
musik-sa.ddns.net
onyxi.xyz
orteasd-tv.ddns.net
papai-tv.ddns.net
pardi-tv.ddns.net
podr-tv.ddns.net
pragma-tv.ddns.net
predf-tv.ddns.net
samak-tv.ddns.net
siold-tv.ddns.net
srarda.space
syio-tv.ddns.net
teris-tv.ddns.net
trelial.xyz
troubl.xyz
vantalio.space
veronis.space
vinara.xyz
virtuz.xyz
wiilasto.website

# Reference: https://www.virustotal.com/gui/ip-address/58.158.177.102/relations

hanwha.hopto.org

# Reference: https://app.any.run/tasks/dbfc2cb0-8527-45fb-9af0-ae70e87b03cf/
# Reference: https://app.any.run/tasks/6919cbfb-f193-4125-a282-f3cf7f835e66/
# Reference: https://app.any.run/tasks/dbfc2cb0-8527-45fb-9af0-ae70e87b03cf/

karpa.bounceme.net

# Reference: https://www.anomali.com/files/white-papers/Anomali_Threat_Research-Gamaredon_TTPs_Target_Ukraine-WP.pdf

office-constructor.ddns.net
librebooton.ddns.net
inbox-office.ddns.net
libre-templates.ddns.net
word-gread.ddns.net
win-apu.ddns.net
office-lite.ddns.net
office-crash.ddns.net
office-out.ddns.net
micro-set.ddns.net
win-ss.ddns.net
get-icons.ddns.net
network-crash.ddns.net
constructor-word.ddns.net
tempget.ddns.net
bitclass.ddns.net
bitlocker.ddns.net
const-gov.ddns.net
kornet-ua.ddns.net
certificate-verif.ddns.net
document-listing.ddns.net
shell-create.ddns.net
internet-create.ddns.net
libresoft.ddns.net
creative-office.ddns.net
kristo-ua.ddns.net
lookups.ddns.net
rnbo-ua.ddns.net
sv-menedgment.ddns.net
document-write.ddns.net
my-certificates.ddns.net
bitwork.ddns.net
military-ua.ddns.net
bitupd.ddns.net
internetcreate.ddns.net
shell-sertificates.ddns.net
wizartopen.ddns.net
bitvers.ddns.net
kavkazwork.ddns.net
brousework.ddns.net
paparije.ddns.net
korneliuswork.ddns.net
scr-out.ddns.net
tesla-fun.ddns.net
list-sert.ddns.net
tempwook.ddns.net
micro-office.ddns.net
bit-rnbo.ddns.net
bitread.ddns.net
libre-boot.ddns.net
win-gu.ddns.net
office-menedgment.ddns.net
d-o.ddns.net
carambol-oru.ddns.net

# Reference: https://twitter.com/ShadowChasing1/status/1264480951880441856
# Reference: https://www.virustotal.com/gui/file/6c7aa083ff8f4a33ecb485069b1fbd4f1a5fae780de18f52cbf4eb518a278c48/detection

biotic.space
biotic.website

# Reference: https://www.virustotal.com/gui/file/5bc819f9a202951e68f31649dbd9bda1bb68c5b7065939f24a1e7c0deb7df0e2/detection

barathrum.space
zombieland.info

# Reference: https://www.virustotal.com/gui/file/8d6829dd413eeb94c835f3c4474f48f8406b4f144e308f10ea50837710d200e7/detection

barildan.space
zombieland.space

# Reference: https://www.virustotal.com/gui/file/e6f39725f54becb50f48c2ea56dcd5e8cb3126947c70929664766647043d0159/detection

mapper.space
furion.space

# Reference: https://www.virustotal.com/gui/ip-address/188.225.33.164/relations
# Reference: https://www.virustotal.com/gui/ip-address/188.225.34.160/relations
# Reference: https://www.virustotal.com/gui/ip-address/92.53.124.153/relations

barathrum.space
barildan.space
biotic.space
biotic.website
doctorrr.space
furion.space
kania-tau.space
kinozavr.fun
kinozavr.site
kinozavr.space
kinozavr.website
liara.site
liara.website
m-upd.ddns.net
mapper.space
nellas.space
rashta.space
rulomins.world
torrent-stel.space
torrent-supd.space
u-opt.ddns.net
zombieland.fun
zombieland.host
zombieland.info
zombieland.space
zombieland.website

# Reference: https://twitter.com/Circuitous__/status/1266339237839998976
# Reference: https://www.virustotal.com/gui/ip-address/141.8.198.56/relations

fidel.freedynamicdns.org
ip-server.freedynamicdns.net
kasim.freedynamicdns.org
kasting.freedynamicdns.org
lisbek.freedynamicdns.org
lodukat.freedynamicdns.org
lodus.freedynamicdns.org
mishail.freedynamicdns.org
ncio.freedynamicdns.net
polits.freedynamicdns.org

# Reference: https://twitter.com/h2jazi/status/1270718708013387777
# Reference: https://www.virustotal.com/gui/file/b81056a989fefe54ef5b57f6cf60301d81436096f180df89112fa5fc48e0aab2/detection

posateriu.myftp.org

# Reference: https://github.com/eset/malware-ioc/tree/master/gamaredon
# Reference: https://twitter.com/_re_fox/status/1352664215291654145
# Reference: https://www.virustotal.com/gui/file/f5e8b5bd2aadc07680e8923483a9985353b7c1c0508dc880106650a1f0db08bb/detection
# Reference: https://www.virustotal.com/gui/file/2e2302808e9f778833c3e9c79b6a0f65bdf7093ddc9e8bd26f1c98bfc14d9654/detection

abdurs.space
abies.space
actor-tv.ddns.net
acutifolia.space
addova.xyz
advansed-template.site
aganta.space
alastari.xyz
alenko.site
alenko.website
amarillio.space
anadima.website
apino.space
araino.space
arionda.space
armita.space
aromaticus.space
atropoides.space
aukci.space
babitors.myftp.biz
baby-tv.ddns.net
baill.space
barrigal.space
batmeast.space
bbtt.site
bbtt.space
bbtt.website
beasty.space
beepapa.space
beercraft.fun
beercraft.space
beercraft.website
benzoin.space
bergius.space
beriuatcj.hopto.org
bernado.website
birion.website
bits-mars.fun
bits-mars.info
bits-mars.site
bits-mars.space
bits-mars.website
bits-tor.fun
bits-tor.site
bits-tor.space
bits-tor.website
bitsadmin1.space
bitsadmin10.space
bitsadmin2.space
bitsadmin3.space
bitsadmin4.space
bitsadmin5.space
bitsadmin6.space
bitsadmin7.space
bitsadmin8.space
bitsadmin9.space
bitsbitsa.space
bitsbitsb.space
bitsbitsc.space
bitsbitsd.space
bitsbitsf.space
bitsbitsg.space
bitsbitsh.space
bitsbitsi.space
bitsbitsk.space
bitsbitsl.space
bizavto.myftp.org
blackardi.space
borigl.space
bowira.website
burago.space
callitris.space
caprjhjkqwer.hopto.org
cartu.myftp.org
caryophyllus.space
casopruy.myftp.org
cathartica.space
centifolia.space
cephaelis.space
cerasus.space
ceredukos.hopto.org
cereffiopas.hopto.org
certerasdfuj.hopto.org
ceyudfg.hopto.org
chachand.space
chairada.space
chamomilla.ru
changato.space
charika.website
cioasdg.hopto.org
cleaners.fun
codfgsdf.hopto.org
codfjert.myftp.org
comedas.space
copiran.space
coprtyuqw.hopto.org
cornelius.website
corovana.space
cosdfghdf.hopto.org
cowtor.space
cozsdv.hopto.org
cozxcgbx.myftp.org
cpasah.hopto.org
cpozsxcgbxf.myftp.org
crons.ddns.net
ctert.myftp.org
cubeba.space
cudawer.hopto.org
cudrg.myftp.org
cufjdfge.myftp.org
cuiasef.myftp.org
cupana.space
cyberworld.host
cyberworld.website
davaris.space
delile.space
deloperaw.bounceme.net
demiurg.fun
demiurg.site
demiurg.space
demiurg.website
denovar.space
derpenta.space
deviar.space
dilana.space
dolori.website
dorogavi.space
dortama.space
drovka.space
dryand.space
elecan.space
entona.website
eregorn.space
error-word.myftp.biz
erythrina.space
europaea.ru
excelsa.space
fangimen.xyz
farfara.space
fartiny.xyz
federeal.3utilities.com
feodal.bounceme.net
feridonutop.myftp.org
ferranot.xyz
fidel.freedynamicdns.org
fillin.space
firecor.space
firestarters.site
firran.xyz
fix-template.site
fizanta.space
flackch.space
foenum.space
forestac.site
forestac.website
forestac.xyz
fragrans.ru
frangula.space
frondo.xyz
frostani.website
fuagrado.space
fulo-tv.ddns.net
fuubara.space
gameland.host
gameland.space
gameland.website
gameworld.space
gameworld.website
gereston.gotdns.ch
gerotron.gotdns.ch
gerotumans.myftp.org
gerusta.space
get-icons.ddns.net
geterotuks.hopto.org
geters-tv.ddns.net
getro.bounceme.net
getyuawer.myftp.biz
gochir.space
godrick.space
gogora.space
gorgopa.xyz
goronta.website
gostio.website
grandiora.website
graveolens.space
groover.fun
groover.website
guitin.space
gulif.space
haker.fun
haker.host
haker.space
haker.website
hariva.space
harpa.site
harpa.space
harpa.website
hasuduwert.hopto.org
heartal.space
heavar.space
hedriks.bounceme.net
hestomig.hopto.org
himym.site
hirodomus.hopto.org
hispidus.space
hottob.space
houtt.ru
hres-tv.ddns.net
httpsnc.hopto.org
humulusa.ru
huncea.xyz
huugara.space
huvasi.website
hyditta.space
immortals.site
immortals.space
immortals.website
imperatoria.space
indicum.space
inogri.space
ip-server.freedynamicdns.net
isoga.space
itango.space
jdaeus.space
jeera.space
jgnatii.space
jikardo.myftp.org
jogara.space
jontap.xyz
karapuls.3utilities.com
karikatos.hopto.org
katalisto01.ddns.net
kelogir.myftp.biz
kilazurus.hopto.org
kilewqrt.hopto.org
kilosadwert.hopto.org
kiloster.bounceme.net
kilotrace.myftp.org
kiodas.xyz
kirasto.website
kistas-tv.ddns.net
kokoni.space
koleran.xyz
kolidus.gotdns.ch
kolinstro.space
korogav.space
krikorro.space
kristol.space
kristom.hopto.org
kristomen.myftp.org
krossin.website
krugotto.space
ksevada.space
landraba.website
laricio.space
lebrederm.space
lebreman.space
leeri.space
leronti.space
leucadendron.ru
libcrash.ddns.net
libda.site
libdab.site
libdac.site
libdad.site
libdade.site
libdadi.site
libdado.site
libdaf.site
libdag.site
libdah.site
libdak.site
libdal.site
libdam.site
libdan.site
libdas.site
liboot.myftp.biz
libre1.space
libre2.space
libre3.space
libre4.space
librerty.space
libres.space
libressimo.space
liferat.space
lifista.space
lindras.space
lionello.website
liqutan.xyz
lodafert.hopto.org
lodus.freedynamicdns.org
loomand.space
lopasir.bounceme.net
lopaverus.3utilities.com
louthi.space
lycopodium.ru
macros1.space
macros2.space
macros3.space
macros4.space
malaky.site
malaky.website
malaky.xyz
malio-tv.hopto.org
mallotus.ru
maltikor.website
mandicap.space
mapper.space
mardallo.space
margatti.space
margon.website
marmari.space
marrubium.ru
masseffect.fun
masseffect.site
masseffect.space
masseffect.website
matricaria.ru
mazdok.myftp.org
mediacentr.space
melos.myftp.biz
melroses.space
menyanthes.ru
mersi-tv.ddns.net
mestara.space
miragena.xyz
mirani.website
mirkwood.space
mishel.freedynamicdns.org
mokushi.space
mototo.fun
mototo.site
mototo.space
mototo.website
musata.space
musik-dreg.ddns.net
musik-file.ddns.net
musik-jiolter.ddns.net
musik-klo.ddns.net
musik-kreps.ddns.net
musik-lio.ddns.net
musik-lis.ddns.net
musik-lk.ddns.net
musik-oretus.ddns.net
musik-pit.ddns.net
musik-qas.ddns.net
musik-sa.ddns.net
myristica.ru
naligo.space
naomat.space
naveria.website
ncio.freedynamicdns.net
ncov-2020.hopto.org
ncov-2020.site
nebola.space
nebora.space
nenadi.space
new-template.site
niam.space
nikao.website
nikolosad.myftp.org
normal-template.site
normandia.fun
normandia.website
nubiran.space
obendo.space
oenanthe.ru
office-constructor.ddns.net
officinale.space
ogmar.fun
ogmar.site
ogmar.space
ogmar.website
ogremage.site
ogremage.space
ogremage.website
old-template.site
olida.xyz
onyxi.xyz
opatusir.hopto.org
operitors.myftp.org
opitrqwer.3utilities.com
oput.freedynamicdns.org
orangae.space
orlani.xyz
orlean.space
orlenndi.space
orteasd-tv.ddns.net
oteruiowert.ddns.net
overload.space
overload.website
overwatch.host
pankratios.myftp.org
pannora.website
paparitto.space
papatti.space
paperonni.space
papir.hopto.org
pardi-tv.ddns.net
pasucoorew.hopto.org
pasudukus.hopto.org
patran.space
patrici.space
paullinia.space
pennatifolius.space
pennyal.space
perafidors.hopto.org
periaorew.hopto.org
perlandi.space
pestani.space
petroselinum.space
phellandrium.ru
physostigma.space
piantra.website
picea.space
pilocarpus.space
pinus.space
piscidia.space
pistacia.space
plotor.space
poasdrwety.hopto.org
podagenus.hopto.org
podr-tv.ddns.net
pointerra.space
polandi.website
poletton.space
polindar.space
polygala.space
poporaca.website
porilis.space
poronoc.website
potatin.space
poyrag.space
predf-tv.ddns.net
pridafi.website
primaver.space
proponda.space
pterocarpus.space
punica.space
purshiana.space
quadrivalvis.space
quarta.space
quassia.space
quercus.space
quillaja.space
rabio.website
radonta.space
raggina.space
rainak.space
rantai.space
redukos.bounceme.net
reiloster.hopto.org
remeno.space
rheum.space
rhus.space
ricinus.space
riki.space
risko.hopto.org
roseum.space
rosmarinus.space
rossalt.space
roundi.space
rubus.space
rud.ddns.net
russic.website
saazer.space
sabdja.3utilities.com
sabinar.website
saccharum.space
saijar.gotdns.ch
salivar.space
samail.space
samak-tv.ddns.net
samalo.space
samarutus.hopto.org
sambiras.myftp.org
santalum.space
saponaria.space
saprit.fun
saprit.site
saprit.space
saprit.website
sarakinod.myftp.biz
sarutnoum.hopto.org
sativum.space
satkower.3utilities.com
saveriutew.3utilities.com
savert-tv.hopto.org
saxifraga.space
scopolia.space
sehadus.3utilities.com
seletos.3utilities.com
sendobin.space
senega.space
serpyllum.space
serumondus.hopto.org
sesamum.space
sevena.space
sheppard.fun
sheppard.website
shiodai.space
shokoda.xyz
shoppersi.space
sidochan.space
silenser.fun
silenser.site
silenser.space
silenser.website
silenser.xyz
sinapis.space
skymage.fun
skymage.space
skymage.website
slonar.website
solonra.space
sonik.hopto.org
sorg.space
spirantra.space
srarda.space
stairu.space
stan-stana.fun
stan-stana.site
stan-stana.space
stan-stana.website
statsinfo.space
steinh.space
stenama.space
stereo-bit.fun
stereo-bit.site
stereo-bit.space
stereo-bit.website
stolina.website
stonewa.space
strychnos.space
styrax.space
succedanea.space
sylvestris.ru
symphytum.space
tamarindus.space
tarapi.space
tclvds.site
tekora.space
terihorew.hopto.org
teris-tv.ddns.net
termit.site
termit.space
termit.website
termits.fun
terokitos.hopto.org
tesla-getro.ddns.net
tesla-opt.ddns.net
tesla-preat.ddns.net
tesla-res.ddns.net
tesla-rt.ddns.net
tesla-tehno.ddns.net
tesla-ufis.ddns.net
thymus.space
tiamor.space
tilia.space
tinctorum.space
toqq.website
torrent-vnc.ddns.net
toxifera.space
traksa.space
trelial.xyz
trigonella.space
triticum.space
troubl.xyz
tussilago.space
tyctyc.ddns.net
ulmifolia.space
uncaria.space
underlord.site
underlord.space
upokan.xyz
urceola.space
urginea.space
usbqueshions.ddns.net
usitatissimum.ru
utilissima.ru
vabalt.space
valeriana.space
vantalio.space
venomart.space
veratrum.space
verbascum.space
veronis.space
vertigos.space
vestak.space
veterra.space
vibraska.website
victios.space
vidika.website
vinara.xyz
vinifera.space
violina.website
virtuz.xyz
viruanta.website
viscum.space
vitis.space
volotin.space
vomica.space
voyaget.myftp.biz
vratio.space
vulgare.space
watcher.host
wavera.space
wayto.host
wayto.website
weaman.space
wertlook.hopto.org
weweca.website
wifa.site
wifa.space
wifa.website
wifb.site
wifb.space
wifb.website
wifc.host
wifc.site
wifc.space
wifc.website
wifo.host
wifo.site
wifo.space
wifo.website
wifu.site
wifu.space
wifu.website
wifx.site
wify.space
wify.website
wiilasto.website
wildbar.space
win-apu.ddns.net
wordmacros.space
wostrigo.website
writedoc.bounceme.net
xakep.fun
xakep.site
xakep.website
yiorewasdf.myftp.org
zanusson.website
zanzar.space
zaoeryuijas.hopto.org
zareton.space
zikoarew.myftp.biz
zingiber.space

# Reference: https://intezer.com/blog/linux/evilgnome-rare-malware-spying-on-linux-desktop-users/
# Reference: https://www.virustotal.com/gui/ip-address/185.158.115.44/relations
# Reference: https://www.virustotal.com/gui/ip-address/185.158.115.154/relations

b-class.ddns.net
connets.ddns.net
en-p.ddns.net

# Reference: https://www.virustotal.com/gui/ip-address/188.225.57.152/relations
# Reference: https://www.virustotal.com/gui/domain/inform.3utilities.com/detection
# Reference: https://www.virustotal.com/gui/file/fe934cbb46e88f252ad327ac4735839afbf3b493378fecb7e1dcee961ff12d7c/detection
# Reference: https://twitter.com/_re_fox/status/1273632793789181954

inform.3utilities.com
inform.bounceme.net
inform.gotdns.ch

# Reference: https://twitter.com/_re_fox/status/1273355801013424128
# Reference: https://twitter.com/_re_fox/status/1286018850262339585
# Reference: https://www.virustotal.com/gui/ip-address/141.8.192.31/relations

factos.freedynamicdns.org
geros.freedynamicdns.org
macros.freedynamicdns.org
malofid.freedynamicdns.org
opertos.freedynamicdns.org
polk.freedynamicdns.org
sekuso.freedynamicdns.org
serakuz.freedynamicdns.org

# Reference: https://twitter.com/h2jazi/status/1275476473680408578
# Reference: https://twitter.com/_re_fox/status/1276210660616142849
# Reference: https://twitter.com/_re_fox/status/1276699634623287296
# Reference: https://twitter.com/500mk500/status/1278259412386426880
# Reference: https://www.virustotal.com/gui/ip-address/141.8.196.56/relations

basik.freedynamicdns.org
debian.freedynamicdns.org
document.freedynamicdns.org
first.freedynamicdns.org
history.freedynamicdns.org
jiga.freedynamicdns.org
kasimka.freedynamicdns.org
krembo.freedynamicdns.org
ktr.freedynamicdns.org
ment.freedynamicdns.org
operkot.freedynamicdns.org
refox.freedynamicdns.org
smt.freedynamicdns.org
validat.freedynamicdns.org
vilaged.freedynamicdns.org
sarothamnus.xyz

# Reference: https://www.virustotal.com/gui/ip-address/141.8.195.33/relations

dopnet.freedynamicdns.org
farket.freedynamicdns.org
hotcat.freedynamicdns.org

# Reference: https://www.virustotal.com/gui/ip-address/188.225.78.105/relations
# Reference: https://www.virustotal.com/gui/file/422a90af5fc888f129e93ab69a0168e7714143c6bd20677b51136bb31625e5bf/detection
# Reference: https://www.virustotal.com/gui/file/7d67ff753b9e56b0486dcbd56b50294be3b6405df5a301e80125e067d99fe77a/detection
# Reference: https://www.virustotal.com/gui/file/2151073bc1d3adba7fc283291cb38984017ac7fa07d52e83bccc91d64298753a/detection

188.225.78.105:443

# Reference: https://mp.weixin.qq.com/s/MMH1eHXTtal7b9uFXrMF5Q (Chinese)
# Reference: https://www.virustotal.com/gui/ip-address/89.223.125.229/relations

185.45.193.31:443
92.53.119.52:443
baillon.ru
dekada.space
dukawertus.hopto.org
erecubas.hopto.org
hewasukis.hopto.org
inflata.ru
jateorrhiza.ru
krepsonid.hopto.org
lacosa.space
melilotus.ru
musik-lopasur.ddns.net
musik-qasdfer.ddns.net
musik-sqr.ddns.net
newryidzjk.hopto.org
ortukatus.hopto.org
stomarra.space
woodstone.space

# Reference: https://twitter.com/jorgemieres/status/1295748602996895746
# Reference: https://www.virustotal.com/gui/file/6cc711215898b2aebcde6c105297e280307a78db6bea8473d6cc8f1d08c3bc45/detection

dep-esdh.kum.dk

# Reference: https://twitter.com/TippedMyCows/status/1296494110581415936
# Reference: https://twitter.com/ShadowChasing1/status/1297735718421188608
# Reference: https://www.virustotal.com/gui/file/f021b79168daef8a6359b0b14c0002316e9a98dc79f0bf27e59c48032ef21c3d/detection
# Reference: https://www.virustotal.com/gui/ip-address/193.164.150.34/relations
# Reference: https://www.virustotal.com/gui/ip-address/78.40.217.167/relations
# Reference: https://www.virustotal.com/gui/ip-address/92.53.105.64/relations
# Reference: https://www.virustotal.com/gui/file/905b4bb0ac0289ac750811b2ec1c6e80e32388c99238cf1636dcfa0deb7d11cb/detection

abdurs.space
abies.space
abrusa.xyz
abyssinica.website
acaciana.xyz
acenov.space
achilleas.xyz
aconitum.xyz
acorusis.xyz
aculeatus.xyz
acutifolia.space
adblocked.space
addova.xyz
adonisi.xyz
adonisis.xyz
adscendens.xyz
aethusas.xyz
aganta.space
alastari.xyz
alburnus.ru
alenko.site
alenko.website
alpiniar.xyz
althaean.xyz
amarillio.space
amarus.xyz
ammoniacum.xyz
anacardium.xyz
anadima.website
anamirtat.xyz
anguisa.xyz
anisatum.ru
anisum.space
annuumar.xyz
anthriscus.xyz
apino.space
apusi.xyz
araino.space
arborea.xyz
arctostaphylos.xyz
arenariat.xyz
arionda.space
armita.space
aromaticus.space
arvalis.xyz
arvensis.xyz
aspidium.xyz
astragalus.xyz
atropan.xyz
atropoides.space
auratus.xyz
autumnale.xyz
avratus.xyz
awdrgyjilqse.online
babylont.online
baill.space
baillon.ru
balsamum.ru
barbadense.space
barbatulus.xyz
barosma.xyz
barrigal.space
bartli.xyz
batmeast.space
bbtt.site
bbtt.space
bbtt.website
beasty.space
beercraft.fun
beercraft.space
beercraft.website
benedictus.xyz
benzoin.space
bergius.space
bernado.website
berus.xyz
bettar.xyz
betulat.xyz
betulina.xyz
biotic.space
biotic.website
birion.website
bitsadmin1.space
bitsadmin10.space
bitsadmin2.space
bitsadmin3.space
bitsadmin4.space
bitsadmin5.space
bitsadmin6.space
bitsadmin7.space
bitsadmin8.space
bitsadmin9.space
bitsbitsa.space
bitsbitsb.space
bitsbitsc.space
bitsbitsd.space
bitsbitsf.space
bitsbitsg.space
bitsbitsh.space
bitsbitsi.space
bitsbitsk.space
bitsbitsl.space
blackardi.space
blockpost.site
blockpost.website
boiss.xyz
boissy.xyz
bombinator.xyz
borigl.space
boswellian.xyz
bottava.space
bowira.website
brasiliensis.ru
brasiliensis.xyz
brasiliensisi.xyz
brassicat.xyz
browser-update.website
bufol.xyz
buhse.xyz
burago.space
caimana.xyz
calamusi.xyz
calamuss.xyz
calendulas.xyz
callichthys.xyz
callitris.space
calumba.ru
camellian.xyz
camphorat.xyz
canadensis.website
canarium.xyz
capillaceum.website
capillaceum.xyz
capsicuma.xyz
carassiusis.xyz
carassiuss.xyz
cardamomum.xyz
carefulparents.ru
carexy.xyz
caricat.xyz
carinatus.ru
carteris.xyz
caruman.xyz
caryophyllus.space
caspius.xyz
castilloa.xyz
catechu.xyz
catechur.xyz
cathartica.space
centifolia.space
cephaelis.space
cephalotes.xyz
ceragenixdiffusion.xyz
cerasus.space
cerebro.website
chachand.space
chaetodon.xyz
chairada.space
changato.space
charika.website
check-browser.site
chillyt.space
cichlasoma.online
claviceps.xyz
cleaners.fun
cloustoni.ru
clupeonella.online
cnicus.xyz
cochlearia.xyz
colchicum.xyz
cololabis.ru
comedas.space
communev.xyz
conium.xyz
convallaria.xyz
convolvulus.xyz
conyza.ru
copaifera.xyz
copiran.space
coriandrum.xyz
cornelius.website
cotular.xyz
covarra.space
cowtor.space
cristatus.xyz
crocodilus.xyz
crossobamon.xyz
crotalus.xyz
croton.xyz
cubeba.space
cuminum.xyz
curcuma.xyz
cydoniar.xyz
cyminum.xyz
cynapiuma.xyz
darvini.xyz
davaris.space
decidua.ru
dekada.space
delile.space
demiurg.fun
demiurg.site
demiurg.space
demiurg.website
denovar.space
derpenta.space
deviar.space
dipterocarpus.xyz
discouti.online
discouti.ru
dolori.website
domarta.space
dorema.xyz
dortama.space
dracod.xyz
druweal.xyz
dryand.space
dwn-files.site
elastican.xyz
elasticum.xyz
elecan.space
elettaria.xyz
eluteria.xyz
entona.website
eregorn.space
erythrina.space
erythroxylon.xyz
eryxis.online
eunectes.xyz
euphorbia.xyz
europaea.ru
eversmanni.xyz
excelsa.space
extrado.online
facetum.online
fagus.xyz
fangimen.xyz
farfara.space
fartiny.xyz
ferranot.xyz
ferrox.xyz
ferula.space
ferula.xyz
fillin.space
fingra.xyz
fionar.xyz
firestarters.site
firran.xyz
fixnight.xyz
fizanta.space
fluviatilis.xyz
foeniculum.xyz
foenum.space
fomentarius.space
fomentarius.xyz
forestac.site
forestac.website
forestac.xyz
fossilis.xyz
fragilis.xyz
frangula.space
fraxinus.space
frondo.xyz
frostani.website
fuagrado.space
fuubara.space
galbaniflua.website
galbaniflua.xyz
gameland.website
gangeticus.xyz
garcinia.space
gastrotheca.xyz
gaultheria.website
gaultheria.xyz
gavialis.xyz
gelsemium.xyz
gentiana.space
gentiana.xyz
geophagusi.xyz
gerusta.space
gibelio.xyz
gigarina.website
glabra.space
glanisa.xyz
glaziovii.ru
globulus.xyz
glycyrrhiza.xyz
gochir.space
godrick.space
gogora.space
gonolobus.ru
gorgopa.xyz
goronta.website
gossypium.website
gostio.website
graeca.online
graeca.ru
grandiora.website
graveolens.space
griseus.xyz
groover.fun
groover.website
guajacum.space
guineensis.xyz
gulif.space
gymnodactylus.xyz
hagenia.xyz
haker.website
hamamelis.website
hancr.xyz
haplochromis.online
hariva.space
harpa.site
harpa.space
harpa.website
heartal.space
heavar.space
herpetodryas.online
herpetodryas.ru
hevea.space
heveat.ru
hiemalis.xyz
himym.xyz
hispidus.space
hoffmi.xyz
hookas.xyz
horridus.xyz
humulusa.ru
huncea.xyz
huugara.space
huvasi.website
hyditta.space
hydrastis.ru
hydrastis.xyz
hylar.xyz
hyoscyamus.ru
hypogaeat.xyz
igneus.xyz
iguanas.xyz
ilexan.ru
immortals.site
immortals.space
immortals.website
imperatoria.space
impres.space
indicum.space
indigofera.ru
inflata.ru
inogri.space
ipomoea.ru
isoga.space
itango.space
jacare.xyz
jaculus.ru
jdaeus.space
jeera.space
jgnatii.space
jogara.space
jontap.xyz
juncear.xyz
kinozavr.fun
kinozavr.site
kinozavr.space
kinozavr.website
kiodas.xyz
kirasto.website
kokoni.space
koleran.xyz
kolinstro.space
korogav.space
krameria.ru
krikorro.space
kristol.space
krossin.website
krugotto.space
ksevada.space
lacosa.space
lactuca.ru
landolphia.ru
landraba.website
laricio.space
latesa.ru
lebetina.xyz
leeri.space
leeri.xyz
leronti.space
leucadendron.ru
levisticum.ru
liara.site
liara.website
libre1.space
libre2.space
libre3.space
libre4.space
libre5.space
liferat.space
lifista.space
lindras.space
lionello.website
liquidambar.ru
liqutan.xyz
longar.xyz
loomand.space
lotari.xyz
louthi.space
lupulus.ru
lusciniar.online
lutea.space
lutea.website
lutea.xyz
macropodus.xyz
macros1.space
macros2.space
macros3.space
macros4.space
macrotomias.xyz
maculatum.xyz
mail-iua.site
malaky.site
malaky.website
malaky.xyz
malandi.space
mallotus.ru
maltikor.website
mamillosa.space
mamillosa.xyz
mandicap.space
manihot.ru
mapper.space
mardallo.space
margatti.space
margon.website
marinus.xyz
marmari.space
marrubium.ru
marsupiata.xyz
marsupium.space
masseffect.fun
masseffect.site
masseffect.space
masseffect.website
matricaria.ru
mediacentr.space
melilotus.ru
melroses.space
menyanthes.ru
mesogonistius.xyz
mestara.space
mezereum.xyz
millefolium.xyz
mirani.website
misgurnus.xyz
mokushi.space
montanar.xyz
morella.website
morella.xyz
mototo.fun
mototo.site
mototo.space
mototo.website
mugil.ru
murinus.xyz
musata.space
myoporoides.xyz
myristica.ru
myrrhan.xyz
mystaceus.xyz
najar.xyz
naligo.space
naomat.space
napellus.xyz
napus.xyz
natrixy.online
naveria.website
ncov-2019.site
ncov-2020.site
nebola.space
nebora.space
nemachilus.xyz
nenadi.space
nervin.space
newermin.space
niam.space
nikao.website
niloticu.xyz
nlmk.space
normandia.fun
normandia.website
nowerti.space
nubiran.space
nucifera.xyz
obendo.space
obstetricans.xyz
occidentale.xyz
oenanthe.ru
officinale.space
officinalis.xyz
ogmar.fun
ogmar.site
ogmar.space
ogmar.website
ogremage.site
ogremage.space
ogremage.website
oleifera.xyz
olida.xyz
ononis.ru
onyxi.xyz
orangae.space
orbicularis.online
orbicularis.ru
orlani.xyz
orlean.space
orlenndi.space
ornus.xyz
ostruthium.space
overload.space
oxycedrus.ru
palaquium.ru
pallida.ru
pannora.website
paparitto.space
papatti.space
papaver.space
papayana.xyz
paperonni.space
paraguariensi.ru
parthenium.space
patran.space
patrici.space
paullinia.space
payena.space
pedicellata.xyz
pennatifolius.space
pennyal.space
perca.xyz
pereirae.ru
perlandi.space
persit.space
pestani.space
petroselinum.space
phellandrium.ru
philippensis.ru
phyllomedusa.xyz
physostigma.space
piantra.website
picea.space
pilocarpus.space
pinus.space
pipasa.xyz
piscidia.space
pistacia.space
plantora.online
plotor.space
polandi.website
poletton.space
polindar.space
polygala.space
polyporus.website
polyporus.xyz
poporaca.website
porilis.space
poronoc.website
potatin.space
poyrag.space
precatoriusis.xyz
pridafi.website
procumbens.xyz
progib.space
proponda.space
prunus.space
pterocarpus.space
punica.space
purpurea.xyz
purshiana.space
pyrethrum.xyz
quadrivalvis.space
quarta.space
quassia.space
quercus.space
quillaja.space
rabio.website
radonta.space
raggina.space
rainak.space
ranar.xyz
rantai.space
repens.xyz
resinifera.xyz
restorg.space
retusus.xyz
rhamnus.space
rheum.space
rhinoderma.xyz
rhodeus.xyz
rhus.space
ricinus.space
roseum.space
rosmarinus.space
roundi.space
rubus.space
russic.website
rutilus.xyz
saazer.space
sabinar.website
saccharum.space
salivar.space
samail.space
samalo.space
santalum.space
saponaria.space
saprit.fun
saprit.site
saprit.space
saprit.website
sarothamnus.xyz
sativara.xyz
sativum.space
sativum.xyz
sativus.xyz
sauryn.ru
saxifraga.space
schrenchi.xyz
scincus.xyz
sclerops.xyz
scoparius.xyz
scopolia.space
scorodosma.xyz
sebaer.xyz
sempervirens.space
sempervirens.xyz
sendobin.space
senega.space
senegala.xyz
serpyllum.space
sesamum.space
settings-meta-ua.site
settings-ukr.net
sevena.space
shabal.space
sheppard.fun
sheppard.website
shiodai.space
shokoda.xyz
shoppersi.space
silenser.fun
silenser.site
silenser.space
silenser.website
silenser.xyz
silvestris.xyz
sinapis.space
skymage.fun
skymage.space
skymage.website
slonar.website
smtpserver.site
solonra.space
somniferum.ru
sorg.space
spirantra.space
sprengel.xyz
squarosa.ru
srarda.space
stairu.space
stan-stana.fun
stan-stana.site
stan-stana.space
stan-stana.website
staphisagria.xyz
steinh.space
stenama.space
stereo-bit.fun
stereo-bit.site
stereo-bit.space
stereo-bit.website
stolina.website
stomarra.space
stonewa.space
stramonium.xyz
strigigena.ru
strychnos.space
styrax.space
succedanea.space
sylvatica.xyz
sylvestris.ru
symphytum.space
tamarindus.space
tarapi.space
taraxacum.space
tclvds.site
tekora.space
teratoscincus.xyz
termit.site
termit.space
termit.website
termits.fun
testudos.ru
thean.xyz
theobroma.space
thymus.space
tiamor.space
tiglium.xyz
tigrinum.xyz
tilia.space
timewer.space
tinctorum.space
tinea.xyz
toluifera.ru
toqq.website
totilla.xyz
toxifera.space
trelial.xyz
treubii.ru
triandra.ru
trichogaster.xyz
trichopodus.xyz
trichopterus.xyz
trifoliata.ru
trigonatus.xyz
trigonella.space
triticum.space
triticum.xyz
triturus.xyz
troubl.xyz
tussilago.space
ugorado.online
ulmifolia.space
uncaria.space
upokan.xyz
urceola.space
urginea.space
urostigma.xyz
utilissima.ru
vabalt.space
valeriana.space
vantalio.space
varanus.xyz
venomart.space
veratrum.space
verbascum.space
vernalisa.xyz
veronis.space
vertigos.space
vesea.xyz
vestak.space
veterra.space
vibraska.website
victios.space
vidika.website
vinara.xyz
vinifera.space
vipera.xyz
virginiana.space
viridiflorus.ru
virtuz.xyz
viscum.space
vitis.space
vomica.space
vulgare.space
vulgarisa.xyz
wallich.xyz
ward.fun
watsonii.ru
wavera.space
weaman.space
weweca.website
wiilasto.website
wildbar.space
willder.xyz
woodstone.space
wordmacros.space
wostrigo.website
xakep.site
xakep.website
xn--delphnium-k5a.xyz
zanusson.website
zareton.space
zaxscdvf.online
zedoaria.xyz
zingiber.space

# Reference: https://twitter.com/ShadowChasing1/status/1296707738756501504
# Reference: https://www.virustotal.com/gui/ip-address/109.95.211.14/relations
# Reference: https://www.virustotal.com/gui/file/c7123a57126e8e23f689f82ac8181245dc7a7ba57d110432b76a0cb8091e07fa/detection

kopot.myftp.biz
moris.hopto.org

# Reference: https://twitter.com/ShadowChasing1/status/1300775186459893760
# Reference: https://twitter.com/ShadowChasing1/status/1301342236391608320
# Reference: https://www.virustotal.com/gui/ip-address/109.95.210.183/relations
# Reference: https://www.virustotal.com/gui/file/17ac0f1084dd2456f9fd805843ccf3b2fc55b7bfb28b78a2f2434c4e470e99cf/detection
# Reference: https://www.virustotal.com/gui/file/596ca34b5d6e66905c50aa5968bb0ec706cad4aa945e68315958ca2ecf33f250/detection

belkus.bounceme.net
hidfes.bounceme.net

# Reference: https://twitter.com/ShadowChasing1/status/1302916313375940610
# Reference: https://twitter.com/ShadowChasing1/status/1303983487221788672
# Reference: https://www.virustotal.com/gui/ip-address/31.28.24.123/relations
# Reference: https://www.virustotal.com/gui/ip-address/193.29.204.52/relations
# Reference: https://www.virustotal.com/gui/file/4f9e9125e481b3d610305de2a2c1c5b6d4df369d407b3960307bef13fdffdd11/detection
# Reference: https://www.virustotal.com/gui/file/2d33e4360829fc86ba8dca456ab38015e9bb5a3d54f153c75938c684c708e188/detection

hiodus.bounceme.net
numan.bounceme.net

# Reference: https://twitter.com/ShadowChasing1/status/1304020722134597633
# Reference: https://twitter.com/_re_fox/status/1304424900942323717
# Reference: https://www.virustotal.com/gui/file/f03929f52932ccd3363310f95aacea8130331478b531d8989bcff9793e8516d7/detection
# Reference: https://www.virustotal.com/gui/file/e2e7fc4c7b4712940e24046da566b8ccda9a7384e3265eac8cde11930cdea431/detection
# Reference: https://www.virustotal.com/gui/ip-address/31.28.24.131/relations

forkasimov.hopto.org
hedim.myftp.biz
hellokasimka.hopto.org
kilsaduck.myftp.biz
lodgetus.myftp.biz
milovardi.myftp.org
palodus.myftp.biz
pankus.3utilities.com
reverus.myftp.biz
sangorits.hopto.org
shadowchasergroup.hopto.org
visla.myftp.org

# Reference: https://twitter.com/ShadowChasing1/status/1302870884495978500
# Reference: https://www.virustotal.com/gui/file/7be1bac6321637f343555ad72ae2c061845c379ab26b33721bbc26f340a83acb/detection

strigigena.ru
testudos.ru

# Reference: https://twitter.com/ShadowChasing1/status/1306159659326218240
# Reference: https://www.virustotal.com/gui/file/54a8e592c98f314a32757cacf3443ea86d2602251951add3927b27fdb924632b/detection
# Reference: https://www.virustotal.com/gui/file/bf862f14e98529ed87dfad7a6fe003d8b306b8b86f5d193c07017737bc911397/detection

discouti.ru
jaculus.ru

# Reference: https://twitter.com/_re_fox/status/1309182864416821248
# Reference: https://www.virustotal.com/gui/file/e94c15affa9180169b2affcf9baafe6c02c18470f8e833106715e758b70ad63b/detection

sort.freedynamicdns.org

# Reference: https://www.virustotal.com/gui/ip-address/31.28.24.124/relations
# Reference: https://app.any.run/tasks/9fe1c422-f0f4-45be-8336-0ba860ec290e/

sakidus.myftp.org

# Reference: https://www.virustotal.com/gui/ip-address/195.62.53.158/relations

google-spread.hopto.org
spread-notify.info
supp.webhop.me
uspread.webhop.me
uspread2.webhop.me

# Reference: https://www.virustotal.com/gui/file/6fa02e965c84eeabc1601263c203e1b524fd9500584e4ca08907d3b97cb963a0/detection

srv166997.hoster-test.ru

# Reference: https://twitter.com/DrunkBinary/status/1323286255636008965
# Reference: https://www.virustotal.com/gui/ip-address/185.231.155.69/relations
# Reference: https://www.virustotal.com/gui/file/528bbb7584905898bde0d06c45be655b293a2346d1e93e743414191471e69f0d/detection

nato-spr.ddns.net
spread.crimea.com
spread01.crimea.com

# Reference: https://www.virustotal.com/gui/ip-address/185.158.115.137/relations

droper-spread.ddns.net
update-spread.ddns.net
updates-spread.ddns.net

# Reference: https://www.virustotal.com/gui/ip-address/78.40.219.213/relations
# Reference: https://www.virustotal.com/gui/file/08c674f58b33ed1a3854b2df9b4eab5c87f96a5700bc901389aec609876cdad6/detection
# Reference: https://www.virustotal.com/gui/file/b712459206fd9e35f92ec49fa06028074beabe20be106e25ba56a4a97d488b1e/detection

herodukins.hopto.org
microwords.3utilities.com
microwords.bounceme.net
word-help.3utilities.com
word-lis.myftp.org
word-web.gotdns.ch
wordgroup.myftp.biz
wordpress.gotdns.ch
acantholyda.online
acanthophis.ru
achalinus.ru
acridoxena.online
alicui.ru
antarcticus.online
cichlasoma.ru
clonorchis.online
conscindere.online
discedere.ru
erythrocephala.ru
formosanus.online
fossor.ru
goatfish.site
hakena.online
halibut.site
herrings.site
hewaniana.online
hewaniana.ru
limosa.ru
mackereli.site
mulletin.site
nilesa.site
perchi.site
pilcharda.site
pomfreti.ru
proserpinus.ru
rainak.space
rainbowt.site
salmoni.site
soled.site
spratan.online
stealheada.site
superfundi.ru
tiglium.xyz
tilapian.online
tilapian.ru
trouta.site
tunara.online
tunara.ru
turgescere.ru
variare.ru

# Reference: https://www.virustotal.com/gui/ip-address/188.225.83.103/relations

libre-crash.myftp.biz
libre-setting.myddns.me
word-office.myftp.biz
boniton.site
flatfish.site
flounder.site
goatfish.site
hakena.online
halibut.site
mackereli.site
netinsurance.site
nilesa.site
plaices.site
rainbowt.site
salmoni.site
soled.site
tilapian.ru
trouta.site
tunara.ru

# Reference: https://twitter.com/Circuitous__/status/1329820564337414149
# Reference: https://www.virustotal.com/gui/file/4acfb73e121a49c20423a6d72c75614b438ec53ca6f84173a6a27d52f0466573/detection

erythrocephala.online

# Reference: https://www.virustotal.com/gui/file/fcea8c5e11d69d724cf7fd48ad67a837671aa66e4f7da1ecdc1889ca947628ca/detection
# Reference: https://www.virustotal.com/gui/file/0fdbcc1ddc1941e21be206158db25bdb01c688a9af69e7e2675587f34450becd/detection
# Reference: https://www.virustotal.com/gui/file/a3e24300ee419b26218ddba90d4dec90110dd5766b51ebbb1535c91bdcd8ace6/detection
# Reference: https://www.virustotal.com/gui/file/64d74dac46258e2eeb0b37ed50f3b38f5b034300df965ec7a6651b67b7796e88/detection
# Reference: https://www.virustotal.com/gui/ip-address/78.40.219.152/relations

abrumpere.online
abrumpere.ru
alicui.online
alicui.ru
atlanticos.site
conscindere.online
conscindere.ru
differre.ru
difformis.ru
discedere.ru
discrepare.ru
disjungere.ru
diversiformis.ru
labefactare.ru
lacerare.ru
mulletin.site
petulans.online
rumpere.online
superventus.online

# Reference: https://twitter.com/Circuitous__/status/1331609085838561281
# Reference: https://twitter.com/Circuitous__/status/1341401065053429760
# Reference: https://www.virustotal.com/gui/ip-address/195.161.114.130/relations
# Reference: https://www.virustotal.com/gui/file/c6fe85f16ddb68f8244e8a6518f02b998e15cbd94a56ef756cf14c36c82a2e2b/detection
# Reference: https://www.virustotal.com/gui/file/8350dfafd8621cd342fa3405adeed06d6089745e54e163ba11e50c33ea832a08/detection

jikods.hopto.org
karimatus.3utilities.com
kasidvk.3utilities.com
luser-kas.myftp.biz
malikos.hopto.org
mydinos.myddns.me

# Reference: https://twitter.com/ShadowChasing1/status/1334071900004179968
# Reference: https://www.virustotal.com/gui/file/b58ef82901cb0c46ea62539e6e52951868e9e1275d24b435a186ab1bd5554a1c/detection
# Reference: https://www.virustotal.com/gui/file/7f1df9d4fb027504c6025f73147b97be1ddb30ba780c7b28b1f8d39954ca0d95/detection
# Reference: https://www.virustotal.com/gui/file/faae5fbbd9198ac903aeb45ada19e4e555c89cecba3ec89a78d97cc70293bae9/detection

proserpinus.online

# Reference: https://twitter.com/Nexus23_Labs/status/1334087485119492099

srv186-h-st.jino.ru

# Reference: https://twitter.com/ShadowChasing1/status/1338459230412554242
# Reference: https://www.virustotal.com/gui/ip-address/188.225.85.180/detection
# Reference: https://www.virustotal.com/gui/file/126073b4a22e7f42247c19be9dad1b0f5c01ab0de11eea99a4bee2f0f9a5fb4d/detection

cash-libre.3utilities.com
wordgroup.bounceme.net

# Reference: https://ti.qianxin.com/blog/articles/Hackers-in-Eastern-Europe-Use-Harpoon-Mail-to-Target-Activities-in-Ukraine/
# Reference: https://otx.alienvault.com/pulse/5fd7a4c5ad06715cb8630ecb

http://78.40.219.213/intimate.php
http://78.40.219.213/interrupt.php
cultiventris.online
decursio.online
testudos.ru
vincula.online

# Reference: https://twitter.com/ShadowChasing1/status/1348220217650946048
# Reference: https://www.virustotal.com/gui/file/13b780800c94410b3d68060030b5ff62e9a320a71c02963603ae65abbf150d36/detection

sufflari.online

# Reference: https://www.virustotal.com/gui/ip-address/188.225.82.216/relations

dikolap.myftp.biz
lisaduman.myddns.me
alburnus.online
alytes.xyz
anolis.ru
archaicus.online
archiepiscopus.online
asymmetria.online
bombinators.xyz
burhinus.online
carinatus.online
carolinensis.online
ciconiat.online
coeruleus.online
cololabis.online
differre.online
difformis.online
discedere.online
discrepare.online
disjungere.online
diversiformis.online
dividere.online
emysi.online
eurypterida.online
exundare.online
floridae.xyz
fossor.online
gasterosteus.xyz
heterotypus.online
hippoglossus.online
hypochondralis.xyz
incursio.online
incursionibus.online
incursus.online
irritabilitas.online
jordanella.xyz
labefacere.online
labefactare.online
lacerare.online
latesa.online
lineolatum.xyz
lovarinda.site
mugil.online
niloticus.online
ophisaurus.xyz
pestola.space
phrynocephalus.xyz
regionem.online
regionem.ru
rekarda.space
ridibunda.xyz
rufescens.online
sairanat.online
saltator.online
saltator.ru
sauryn.online
scolopaxys.online
sphaerion.online
sprata.online
suaveolens.online
suffunditur.online
superfluere.online
superfundi.online
taphrometopon.xyz
testudos.online
tuberculata.xyz
turgescere.online

# Reference: https://www.virustotal.com/gui/ip-address/185.119.57.195/relations

libredrives.myftp.org
libreint.hopto.org
worddebuks.myftp.org
worddrives.myftp.biz
wordpress-id.hopto.org
petulans.ru
rumpere.ru
saury.site
sprata.site
sufflari.online
suffundi.online
suffundi.ru
suffunditur.ru
superfluere.ru
vincula.ru

# Reference: https://www.virustotal.com/gui/file/b9aec383ba19e3955f4e18eb1feb4018a9aefcfa35cc3288503bbc7ad070f060/detection
# Reference: https://www.virustotal.com/gui/file/c31a0f4f089c09d1357e437e257052f2fa0a592d6198c83d09bfed5d3b000c64/detection

niloticus.ru

# Reference: https://www.virustotal.com/gui/ip-address/185.104.114.215/relations

lodurawer.bounceme.net

# Reference: https://twitter.com/RedDrip7/status/1348821911979978753
# Reference: https://aaqeel01.wordpress.com/2021/01/18/docx-files-template-injection/
# Reference: https://app.any.run/tasks/26e685f3-9a76-45fa-ad70-dd61cb64812c/
# Reference: https://www.virustotal.com/gui/file/0b525e66587e564db10bb814495aefb5884d74745297f33503d32b1fec78343f/detection
# Reference: https://www.virustotal.com/gui/file/105a1aa3ca1bffdfced9933ea374c5013f9ea9a4879afb890f883f08ea9298ea/detection
# Reference: https://www.virustotal.com/gui/file/436d2e6da753648cbf7b6b13f0dc855adf51c014e6a778ce1901f2e69bd16360/detection

http://188.225.82.216/index.html
http://188.225.82.216/inspection.php
http://188.225.82.216/inspection%5B.%5Dphp
intumescere.online
limosa.online

# Reference: https://twitter.com/ShadowChasing1/status/1350053099835047938
# Reference: https://app.any.run/tasks/17575220-f087-4baa-bc96-3d9bdb0f10ed/
# Reference: https://www.virustotal.com/gui/ip-address/195.161.114.130/relations
# Reference: https://www.virustotal.com/gui/file/499caf4558ca05440875a94d5e06663cc637f9c6acdaa7c1a89f889a025837f3/detection

email-gov.site
office360-expert.online
mil-gov.site
noreply-yandex.ru
word-expert.online

# Reference: https://twitter.com/ShadowChasing1/status/1351570565354541056
# Reference: https://www.virustotal.com/gui/ip-address/37.77.106.61/relations
# Reference: https://www.virustotal.com/gui/file/a302e17a08443c3d14a0f877fb76ad30b36c5cf8e20edf90d935c508f4125163/detection

asdik-ero.hopto.org
cash-office.3utilities.com
cash-word.3utilities.com
kasdot.hopto.org
pokis-to.hopto.org
saradot.gotdns.ch
valet-din.hopto.org
acridoxena.ru
campestri.online
campestri.ru
clonorchis.ru
dionysi.online
golintras.site
gorimana.site
hepatica.ru
holodosiz.site
mortivan.site
pomfreti.online
portunio.site
sinensisa.ru
viraglo.site
vitrokaz.site

# Reference: https://twitter.com/ShadowChasing1/status/1352264953663639559
# Reference: https://www.virustotal.com/gui/ip-address/185.119.56.5/relations
# Reference: https://www.virustotal.com/gui/file/13daeeea4261ce15504e584c22c61d3b4e4d65f296dfded3dcae2fefaf025963/detection

apoxipodes.online
asilidae.ru
chelicerata.online
chelicerata.ru
merostomata.online
polyphemus.online
scorpiones.online
po-hg.freedynamicdns.org

# Reference: https://www.virustotal.com/gui/ip-address/188.225.87.252/detection

din-work.gotdns.ch

# Reference: https://www.virustotal.com/gui/ip-address/46.229.215.169/relations
# Reference: https://www.virustotal.com/gui/file/68c4ba9c72670e1dff7321a9b6c954cd9e3c3c6f59019a8e26625436e0a322b6/detection

agaricusa.ru
arachnidas.ru
eurypterida.online
fasciolas.online
formosanus.ru
gari-gt.gotdns.ch
jikolad.hopto.org
rufescens.ru
sinensisa.online
sufflari.ru
xiphosura.online

# Reference: https://www.virustotal.com/gui/ip-address/193.164.150.5/relations

aidoona.online
samerkiss.hopto.org
upload-dot.hopto.org

# Reference: https://www.virustotal.com/gui/ip-address/188.225.77.116/relations

milrodus.myftp.biz
wakrims.hopto.org

# Reference: https://twitter.com/DrunkBinary/status/1354167067226812417
# Reference: https://www.virustotal.com/gui/ip-address/185.119.59.227/detection
# Reference: https://www.virustotal.com/gui/file/262f2b7085ea5646a3713c400637237fe54eb535c6602ed41e030319173fccad/detection

albatrellus.ru
asilidae.online
graphiuma.online
incursio.ru
incursionibus.ru
irritabilitas.ru
ovinus.online
ovinus.ru
panchax.ru
scolopaxys.ru
sprata.ru
optica-rd.myftp.biz

# Reference: https://www.virustotal.com/gui/ip-address/83.166.241.13/relations
# Reference: https://www.virustotal.com/gui/file/211f5e86a3b88c0e313280dcc02afda3ee07bfaabae11f6be34ead120cc91933/detection

http://83.166.241.13/insufficient.php
acrididae.ru
apaturinae.ru
blattodea.ru
cerambycidae.online
coleopteras.online
coliadinae.online
cyrestinae.online
cyrestinae.ru
empusidae.online
gonepteryx.online
graphosoma.online
graphosoma.ru
hamadryas.online
hamadryas.ru
heliconiinae.ru
hesperiidae.online
heteroptera.online
hierodula.online
hierodula.ru
homoptera.online
homoptera.ru
kallima.online
maniola.online
mantidae.ru

# Reference: https://twitter.com/NinjaOperator/status/1354886010056962051
# Reference: https://www.virustotal.com/gui/file/f57469f74cc9f20f719ed0895f19df521fe4c6c3700430452006612d6277eb90/detection

f0403793.xsph.ru

# Reference: https://twitter.com/Circuitous__/status/1355190838998036486
# Reference: https://www.virustotal.com/gui/ip-address/91.210.169.194/relations

acrididae.online
antarcticus.ru
arachnidas.online
arctiidae.online
asilidae.online
asilidae.ru
blaberidae.online

# Reference: https://www.virustotal.com/gui/ip-address/217.25.88.126/relations
# Reference: https://www.virustotal.com/gui/ip-address/37.77.104.60/relations

facetum.ru
heterotypus.ru
jaculusan.ru
sphaerion.ru
karatel.3utilities.com
vimpel.3utilities.com

# Reference: https://www.virustotal.com/gui/file/aa3aefa7fd21fa68c207ff0539fd5fd76bc8e4db3d6fdb5542c61f45062c9989/detection

http://83.166.240.180/plot.php
polyphemus.ru

# Reference: https://www.virustotal.com/gui/file/8b9f8909f07f7ca5a6eb72093f2cb7e5f0981fff809f06433f7ef968c4d0530d/detection

apoxipodes.ru

# Reference: https://www.virustotal.com/gui/ip-address/83.166.240.180/relations

agaricusa.online
albatrellus.online
apaturinae.online
apoxipodes.ru
dionysi.ru
dipteran.ru
empusidae.ru
fanniidae.online
fanniidae.ru
felineus.ru
graphiuma.ru
gromphadorhina.ru
heteroptera.ru
hymenoptera.online
inachis.online
merostomata.ru
polyphemus.ru
silvicol.online

# Reference: https://twitter.com/ShadowChasing1/status/1357322289331638275
# Reference: https://www.virustotal.com/gui/file/81bdc709be19af44a1acc7c6289ed0212d214a7d0e5ffd4c35d3fa0b87401175/detection

inula.ru

# Reference: https://twitter.com/ShadowChasing1/status/1357324995194593281
# Reference: https://www.virustotal.com/gui/file/8fbea49a8b26889e9157ace2003334f56e3de7020cb099d3948df676539eb4a3/detection

email-smtp.online

# Reference: https://www.virustotal.com/gui/ip-address/188.225.58.175/relations
# Reference: https://www.virustotal.com/gui/file/8c6a3df1398677c85a6e11982d99a31013486a9c56452b29fc4e3fc8927030ad/detection
# Reference: https://www.virustotal.com/gui/file/55fa15372c2ec11c8e6b112713594bfc286d5af54fe654ecbb715ed7f64cf948/detection
# Reference: https://www.virustotal.com/gui/file/5a152904a17a5c1660f807ba65d66bbed8db9fe002740473bdf9b708f3a520b4/detection

http://188.225.58.175/ingenious_/28.01/ivan.php
anisoptera.online
biblidinae.online
danainae.online
dipteran.online
gromphadorhina.online
heliconiinae.online
lepidopteras.ru
libellulat.ru
libellulidae.ru
lodisak-gid.myddns.me
maliko-dicto.myftp.biz
maniola.ru
oper-getor.gotdns.ch

# Reference: https://www.virustotal.com/gui/ip-address/92.53.105.106/relations

hunda.3utilities.com
wordfix.myftp.org

# Reference: https://www.virustotal.com/gui/ip-address/83.166.242.231/relations

lepidopteras.online
limenitis.online
limenitis.ru
lophacris.online
megascolias.online
nematoceras.ru

# Reference: https://twitter.com/ShadowChasing1/status/1360234329591275521
# Reference: https://www.virustotal.com/gui/file/0600f4be4dc7fe5ba4e226b797888667f5dd6138734a6333da697346e897c216/detection

mail-check.ru

# Reference: https://www.virustotal.com/gui/ip-address/91.210.170.51/relations

libellulat.online
libellulidae.online
limenitidinae.online
limenitidinae.ru
lycaenidae.online
mantidae.online

# Reference: https://www.virustotal.com/gui/ip-address/109.68.212.97/relations
# Reference: https://www.rnbo.gov.ua/en/Diialnist/4823.html

http://109.68.212.97/infant.php
khpf.ru
morphon.online
sigma-oi.freedynamicdns.net

# Reference: https://twitter.com/h2jazi/status/1362051799897759745
# Reference: https://www.virustotal.com/gui/file/6b2a77bbd4a8daa4be10c32ffb9212ef6464e313b8ccfe1bb8208f5d6071be74/detection

acetica.online

# Reference: https://twitter.com/h2jazi/status/1362838864633753601
# Reference: https://www.virustotal.com/gui/ip-address/83.166.244.174/relations
# Reference: https://www.virustotal.com/gui/file/3455284a4cb88afa6da547fc3899d5063b59dcb25a4a1ed5b0161df841255b78/detection

http://83.166.244.174/infant.php
brucel.ru
clostri.ru
enterox.ru
hpoi.online

# Reference: https://www.virustotal.com/gui/ip-address/188.225.24.78/relations

siwer-to.hopto.org
lophacris.ru
lycaenidae.ru
meandrusas.online

# Reference: https://twitter.com/ShadowChasing1/status/1363873714891202561
# Reference: https://www.virustotal.com/gui/ip-address/83.166.242.227/relations
# Reference: https://www.virustotal.com/gui/file/e0a345e544f05450dc201db8215370a40c3011fe2d1a95a87dadc6c164a5ce77/detection

mantodeas.online
meandrusas.ru
melitaeas.online
morphinaes.online
nymphalidaes.online

# Reference: https://www.virustotal.com/gui/ip-address/193.164.150.29/relations

archaicus.ru
archiepiscopus.ru
deltanermo.site
incursus.ru
superventus.ru
kolodisad.3utilities.com
panridaks.bounceme.net

# Reference: https://www.virustotal.com/gui/ip-address/188.166.183.105/detection

bolobolol.servehttp.com
cukagempi.serveftp.com
icikiwer.myftp.biz
koyongene.myftp.biz
nadeeen.servehttp.com
susu-bendera.3utilities.com
susukacang.3utilities.com

# Reference: https://otx.alienvault.com/pulse/60352ce7950d179bd0aff18b/

apidaet.ru
corvusi.ru
intumescere.ru
hippoglossus.ru
noctuidaes.online
babylont.ru
haplochromis.ru
google.site
downloadfiles.website
elaphe.xyz
exundare.ru
balderdash.fun
blaberidae.ru
cinada.xyz
duboisia.xyz
arnicad.xyz
ambystoma.xyz
emysi.ru
assasysa.online
balderdash.website
gmail.online
colisa.xyz
botaurus.ru
dividere.ru
absinthiuma.xyz
khpf.online
extrado.ru
info.online
eurypterida.ru
arctiidae.ru
metcalfas.online
sardanal.ru
coliadinae.ru
eryxis.ru
googlefiles.site
clupeonella.ru
alligatori.xyz
attach.pw
attachments.pw
emailinfo.site
coluber.xyz
balderdash.host
fasciolas.ru
gonepteryx.ru
deadpool.pw
tnoi.online
anisoptera.ru
ciconiat.ru
balderdash.space
blockpost.space
cultiventris.ru
kyiv.site
burhinus.ru
attach.pro
acantholyda.ru
constrictor.xyz
opercularis.xyz
ophisaurusis.xyz
fnrn.online
attachments.website
agamat.xyz
inbox.site
apusa.xyz
eyeofra.online
nematoceras.online

# Reference: https://twitter.com/h2jazi/status/1367170822973104143
# Reference: https://www.virustotal.com/gui/file/11e99664b7573bb2efb4d2d88c3c36cdb6e67f25a0644f744b59bf5badec036b/detection
# Reference: https://www.virustotal.com/gui/ip-address/217.25.93.27/relations
# Reference: https://www.virustotal.com/gui/ip-address/83.166.241.96/relations
# Reference: https://www.virustotal.com/gui/ip-address/83.166.244.243/relations
# Reference: https://www.virustotal.com/gui/ip-address/89.223.124.22/relations

acteran.ru
ariuma.ru
bacteri.ru
baryom.ru
botulina.ru
brevib.ru
butyri.ru
candidar.ru
debarys.ru
enterow.ru
erwina.ru
erwini.ru
eschera.ru
guill.ru
herica.ru
ichia.ru
iermo.ru
lipolys.ru
mondii.ru
omyce.ru
perfrin.ru
picalisy.ru
ricuma.ru
rificum.ru
ryomy.ru
robact.ru
stearo.ru
subterm.ru
subtila.ru
thermop.ru
tropisti.ru
winial.ru

# Reference: https://www.virustotal.com/gui/file/4c7070a4ada6ed9a65df0dda79c4a3bb9296611ff94e51f5dd9514047e5c35fa/detection

http://188.225.37.128/index.php

# Reference: https://www.virustotal.com/gui/file/b8ae65f340dcf4406c01570a6da09cc764499cf67cb647287613313659d7ae72/detection

http://83.166.241.96/striped

# Reference: https://www.virustotal.com/gui/file/3455284a4cb88afa6da547fc3899d5063b59dcb25a4a1ed5b0161df841255b78/detection

http://89.223.124.22/infant.php

# Reference: https://www.virustotal.com/gui/ip-address/185.119.58.61/relations

acetica.ru
bacteriu.ru
cereusi.ru
escheri.ru
fusari.ru
fusaris.ru
gluconid.ru
gramine.ru
hilus.ru
ineari.ru
klebsie.ru
mesant.ru
onoba.ru
papiliot.ru
riumo.ru
sinia.ru
spratan.ru
tilapian.ru

# Reference: https://www.virustotal.com/gui/ip-address/80.78.246.128/relations

coagula.ru
coeruleus.ru
colista.ru
earium.ru
hkol.ru
labefacere.ru
natrixy.ru
siella.ru
stellarisa.ru
ugorado.ru
jk-rec.myftp.biz
libre-word.myftp.org
microwords.myftp.org
milidot.myftp.org
wordexucute.myftp.org
wordgroup.myftp.org
wordprestige.myftp.biz
wordslowe.myftp.org

# Reference: https://twitter.com/h2jazi/status/1369808549178671106

/LAB-PC_D06C2D4F/WindowsNewsense.php

# Reference: https://www.virustotal.com/gui/file/70eb2f56fc524c0dc0d19528410def37c9dd0a183c7230fcff57cb31200ca6fc/detection

/Q9IATRKPRH_8443A5AF/WindowsNewsense.php

# Reference: https://twitter.com/ShadowChasing1/status/1373865939389747204
# Reference: https://www.virustotal.com/gui/file/b33f8924e499b6678ddf6356427a385fb2ac917127e3344bb11f28125ca869ab/detection

acanthophis.online

# Reference: https://www.virustotal.com/gui/ip-address/91.229.91.124/relations
# Reference: https://www.virustotal.com/gui/file/6153d3563e1458ba840943c210ca3c7a14ebb5d5f65e7aca02f3f74f55ec91aa/detection

http://188.225.76.97/schedule.php
tridiuma.ru

# Reference: https://www.virustotal.com/gui/ip-address/188.225.76.97/relations

baryo.ru
colidar.ru
mucora.ru
putrif.ru
sporog.ru
winialo.ru
labzet.hopto.org
melasid.hopto.org

# Reference: https://twitter.com/ShadowChasing1/status/1376538338560122880
# Reference: https://www.virustotal.com/gui/file/4aa2c783ae3d2d58f12d5e89282069533a80a7ba6f7fe6c548c6230a9601e650/detection

a0322810.xsph.ru

# Reference: https://twitter.com/ShadowChasing1/status/1377250380732526598
# Reference: https://www.virustotal.com/gui/file/775ffa9f9ae3b9b07b368f38161d0a81d54d801f4ccb39e6957d1b3dfa2bf0c1/detection

http://195.58.49.41

# Reference: https://twitter.com/ShadowChasing1/status/1377627463342247947
# Reference: https://www.virustotal.com/gui/file/45bfb0bc5f9e8a03e337065c2b5517ca032b2bbf62510f64b79a98796fb3f6e1/detection

jobiden.site

# Reference: https://twitter.com/ShadowChasing1/status/1377973764164476932
# Reference: https://twitter.com/ShadowChasing1/status/1377973769579360258
# Reference: https://www.virustotal.com/gui/file/301e819008e19b9803ad8b75ecede9ecfa5b11a3ecd8df0316914588b95371c8/detection

http://91.234.33.108

# Reference: https://www.virustotal.com/gui/ip-address/83.166.244.172/relations

http://83.166.244.172

# Reference: https://twitter.com/ShadowChasing1/status/1383068766771105795
# Reference: https://twitter.com/_re_fox/status/1383216911329071108
# Reference: https://twitter.com/_re_fox/status/1383484672433213445
# Reference: https://www.virustotal.com/gui/ip-address/194.87.215.141/relations
# Reference: https://www.virustotal.com/gui/ip-address/194.87.68.169/relations
# Reference: https://www.virustotal.com/gui/ip-address/45.129.2.187/relations
# Reference: https://www.virustotal.com/gui/ip-address/5.63.159.221/relations
# Reference: https://www.virustotal.com/gui/file/52756359d57cb60a5f0d2633ab054639e1571cd43a471c22553f3322481cc848/detection

aerogenosa.ru
camama.ru
debary.ru
fluoresc.ru
fortias.ru
mamberis.ru
maniis.ru
megatos.online
mirabilisa.ru
mycodar.ru
oidium.ru
propioni.ru
proteug.ru
pseudom.ru
roquef.ru
tubercur.ru
nilias.ru
erati.ru
acterium.ru
cterium.ru
penicil.ru
mishel.myftp.biz
silves.3utilities.com

# Reference: https://twitter.com/ShadowChasing1/status/1383413812187914252
# Reference: https://www.virustotal.com/gui/ip-address/195.133.52.247/relations
# Reference: https://www.virustotal.com/gui/file/936b70e0babe7708eda22055db6021aed965083d5bc18aad36bedca993d1442a/detection

http://195.133.52.247
cereusi.online
mesant.online

# Reference: https://twitter.com/h2jazi/status/1388920739345149960
# Reference: https://www.virustotal.com/gui/ip-address/83.166.246.59/relations
# Reference: https://www.virustotal.com/gui/file/21324d499531ea1f573e0c33954286e6577893a03a90d9c278cf9aa942d50027/detection

http://83.166.246.59
agarisi.ru
acetobacter.online
circulas.online

# Reference: https://www.virustotal.com/gui/ip-address/83.166.244.85/relations

rabilin.ru
riumos.ru
shermano.ru

# Reference: https://www.virustotal.com/gui/ip-address/45.129.3.41/relations

gosacc.ru
teriuma.ru
vibrida.ru

# Reference: https://twitter.com/Circuitous__/status/1394714444010250245
# Reference: https://www.virustotal.com/gui/ip-address/195.133.5.173/relations
# Reference: https://www.virustotal.com/gui/file/5c20d1f0c60a10e7d656c1a3198554356c4ebe5a801d356fd2150e29f182ede1/detection

http://195.133.5.173
bacilluse.online
leraer.ru
omyca.ru
tomond.ru

# Reference: https://www.virustotal.com/gui/ip-address/185.251.91.125/relations

acteraon.ru

# Reference: https://twitter.com/k3yp0d/status/1400112793827807232
# Reference: https://www.virustotal.com/gui/file/110656c3560cb29a0bb2046a8cae56bce03d4943d10348b2dddc7165d7c043d8/detection

http://185.22.153.9

# DOC/DOT patterns

/aCxBBz.dot
/ahWVID.dot
/dCiBlGD.dot
/EAuRvHK.dot
/eEpEaH.dot
/exusmq.dot
/fACWjNTD.dot
/fAlDCLaPBCoSJp.dot
/FCgnOw.dot
/FEzzSwLd.dot
/FFBHL.dot
/FGJoQCSzb.dot
/fzPJir.dot
/gaOwbtKJJ.dot
/gJHEIw.dot
/HIXOzc.dot
/hjnerkXCXrc.dot
/HkauzgNjTE.dot
/HMAJAQsq.dot
/IVCbXw.dot
/IdmPyYVUudYaVF.dot
/JEkSZWBgtH.dot
/jJIBWJHI.dot
/jtFqxxHzQAw.dot
/kFEkds.dot
/kgoDu.dot
/KMBGwE.dot
/KOBEko.dot
/KyVJhg.dot
/KzGdWvmSq.dot
/LjPmKaq.dot
/LuPNRY.dot
/LwRoTct.dot
/MAJGk.dot
/MxDmFQ.dot
/niGcEd.dot
/NTKOdGyMIFgETz.dot
/osasssecyqr.dot
/OTLJNYMqMVxkpp.dot
/OjSjBj.dot
/OzLIyx.dot
/pfJwhBY.dot
/RbfwAlJtAwm.dot
/rrdJqe.dot
/SBuTcj.dot
/TKvrzJNE.dot
/Tooqvc.dot
/TOppBw.dot
/UBBscw.dot
/VaFzplBF.dot
/VhhJHnvBBFA.dot
/wDewdIf.dot
/yopWWB.dot
/yZnuGSpFn.dot
/ZBTFJUuEFSF.dot
/360Templates/Notat.docx
/almost/councilman/rejoice/clank.dot
/although/clamp/clamp.dot
/band/selection/sequence.dot
/BABY/heap/dearest.dot
/BALANTAY/headline/grumble.dot
/BANCOC/September/prefix.dot
/BANCOC/intelligent/barefooted.dot
/BANCOC/prediction/preparations.dot
/BANCOC/prefer/regarded.dot
/BANCOC/quest/precarious.dot
/BANCOC/regions/quay.dot
/BANCOC/see/barefooted.dot
/BIMBA/bank/queer.dot
/BIMBA/barbed/sense.dot
/BIMBA/barren/decided.dot
/BIMBA/decency/headphones.dot
/BIMBA/decent/seen.dot
/BIMBA/groups/grudge.dot
/BIMBA/growing/barley.dot
/BIMBA/integral/seed.dot
/BIMBA/nephew/rejoined.dot
/BIMBA/never/preach.dot
/BIMBA/prepared/debris.dot
/BIMBA/presented/haze.dot
/BIMBA/queer/lot.dot
/BIMBA/question/serious.dot
/BIMBA/registration/guessing.dot
/BIMBA/selection/regarding.dot
/BINGO/luncheon.dot
/BINGO/presumably.dot
/BINGO/pry.dot
/BLADE/insurance/quick.dot
/CB/ambiguous.dot
/counter/nearest/needle.dot
/countryside/countryside1/soul.dot
/countryside/prevent/counter.dot
/DCH00-01/counter/nearest/needle.dot
/DCH00-01/falcon/registered/intend.dot
/DCH00-01/rehearsal.dot
/DESKTOP-28DO3Q8/clash/princess.dot
/DESKTOP-QBTFEOQ/intended.dot
/DESKTOP-ST7LSDE/nay.dot
/DESKTOP-ST7LSDE/bid/relay.dot
/DESKTOP-ST7LSDE/gloves/claimed.dot
/DESKTOP-U2U8A6R/nature/prey.dot
/DESKTOP-UV2EK7O/price/intercept/alteration.dot
/falcon/registered/intend.dot
/falling/shook/altered.dot
/gnaw/prime/gloves.dot
/glitter/glitter1/salvage.dot
/falcon/registered/intend.dot
/header/precaution/precisely.dot
/IGOR/goats.dot
/intent/sense/guarded.dot
/intercourse/endure/stop.dot
/luggage/princess/pretend.dot
/neglect/glowing.dot
/preliminary/guarantee/sequence.dot
/presently/refuge/intention.dot
/preservation/quietly/seedlings.dot
/price/intercept/alteration.dot
/quiet/precious/selling.dot
/questionable/regain/integer.dot
/reliable/barefooted/seek.dot
/reliable/decidedly/prayer.dot
/S1/glide/glide.dot
/SGZ2/sought.dot
/SGZ2/rejoice/lowered.dot
/stops/stops/registry.dot
/select/basis/never.dot
/bandage/grudge/nephew.dot
/guarded/network/precision.dot
/header/growl/relief.dot
/health/basically/lost.dot
/hear/lot/headphones.dot
/instruct/query/growled.dot
/instructor/queer/decay.dot
/integral/reliable/instrument.dot
/nest/nerves/relic.dot
/precaution/refrigerator/precise.dot
/preparations/guide/headstone.dot
/quarx/bar/relic.dot
/quarx/pregnant/bar.dot
/regiment/basically/separation.dot
/rehearsal/queer/prescription.dot
/reins/deadlock/selection.dot
/reliance/barton/barge.dot
/seeing/preparing/sense.dot
/seldom/grudge/sentiments.dot
/self/bare/regarding.dot
/separate/series/barge.dot
/strongly/bandy/quench.dot

# HTM/HTML path
# Reference: https://www.virustotal.com/gui/file/6fc61c8f07906b047e3828d0a1ace9c65e1c6d2a96fcf79a810d1db3b8cda3f8/detection

/HmGzHUg/vwEqNrh/index.html
/SeaBIOS-INTEL-1/index.html
/WrIWhq/sREFsJ/HPtgOy.html

# Reference: https://www.virustotal.com/gui/ip-address/45.135.134.139/relations

megascolias.ru
shermana.ru
uconos.ru
ckus.site
kjoi.ru
khjs.ru
flavobac.ru
cillium.ru
cobact.ru
mycoba.ru
hakena.ru
onili.ru
apidaet.online
silvicol.ru
tnoi.ru
hesperiidae.ru
bercul.ru
onibacter.ru
limulusa.online
felineus.online
sporotri.ru
nymphalidaes.ru
iersin.ru
xiphosura.ru
ichiella.ru
mantodeas.ru
brachycera.online
acidop.ru
hepatica.online
brevisi.ru
hymenoptera.ru
metcalfas.ru
obacter.ru
morphinaes.ru
tuberci.ru
morphon.ru
carolinensis.ru
noctuidaes.ru
limulusa.ru
erobact.ru
acetobacter.ru
blattodea.online
sairanat.ru
pseudon.ru
melitaeas.ru
senula.ru
dophil.ru
achalinus.online
shaperi.ru
hansenul.ru

# Reference: https://twitter.com/h2jazi/status/1379843634716102661
# Reference: https://www.virustotal.com/gui/ip-address/83.166.240.126/relations
# Reference: https://www.virustotal.com/gui/file/85e5e99c6cbfa403685661dd6cd7677a42e98b468b7163f273b3f129c32162dd/detection

http://83.166.240.126
bertis.ru
proteusa.ru

# Reference: https://www.virustotal.com/gui/ip-address/83.166.241.17/relations

http://83.166.241.17
bacterir.ru
culosisa.ru
mycobar.ru

# Reference: https://twitter.com/ShadowChasing1/status/1384144868667101203

murders-dkr.ru

# Reference: https://www.virustotal.com/gui/ip-address/83.166.241.215/relations

candidum.ru

# Reference: https://www.virustotal.com/gui/ip-address/83.166.248.181/relations

coagula.online
ermasa.ru
oderas.ru
papiliot.online
phymateus.online
teriuma.ru

# Reference: https://www.virustotal.com/gui/ip-address/95.46.114.126/relations

djurhuus.ru
elmqvist.ru
monask.ru

# Reference: https://twitter.com/h2jazi/status/1397189388321312773
# Reference: https://www.virustotal.com/gui/ip-address/83.166.242.164/relations
# Reference: https://www.virustotal.com/gui/file/a535bde3dd87be592c3cffee5c3d32f0073b4f46c858bc347541bcff39704c2a/detection

http://83.166.242.164
dahmke.ru
greatsante.xyz

# Reference: https://www.virustotal.com/gui/ip-address/83.166.245.192/relations

http://83.166.245.192

# Reference: https://www.virustotal.com/gui/ip-address/83.166.248.45/relations

http://83.166.248.45
cholerd.ru
haromo.ru

# Reference: https://www.virustotal.com/gui/ip-address/83.166.249.116/relations

karrid.ru

# Reference: https://www.virustotal.com/gui/ip-address/194.58.100.230/relations
# Reference: https://www.virustotal.com/gui/file/2d03a301bae0e95a355acd464afc77fde88dd00232aad6c8580b365f97f67a79/detection
# Reference: https://www.virustotal.com/gui/file/1624538852c69a771b6a0c51efc972ed9672a64dd45b8932cad881926ce9d4ec/detection

194.58.100.230:443
coleopteras.ru
danainae.ru

# Reference: https://twitter.com/360CoreSec/status/1400342291114455042
# Reference: https://www.virustotal.com/gui/ip-address/83.166.247.185/relations
# Reference: https://www.virustotal.com/gui/file/bae9895ad4e392990a09b1b8a01e424a7ad3769e538ac693919d1b99989f0cb3/detection
# Reference: https://www.virustotal.com/gui/file/8ed03b1d544444b42385e79cd17c796fefae71d140b146d0757a3960d8ba3cba/detection

bacilluse.ru
circulas.ru
firasto.ru
losinfo.ru
myces.ru
phymateus.ru
teroba.ru

# Reference: https://www.virustotal.com/gui/ip-address/188.225.44.138/relations
# Reference: https://www.virustotal.com/gui/file/b684fe91cf965b2f084ef98f078b0f978ec5e4479bb4a941b8730c27b762a7fe/detection

http://188.225.44.138
188.225.44.138:443

# Reference: https://www.virustotal.com/gui/file/9e28bded1e2a9112408ee20592d57279d7f1df40f638fcc9dfe476ebf5180a37/detection

http://45.129.2.187

# Reference: https://twitter.com/ShadowChasing1/status/1402589112633229312
# Reference: https://www.virustotal.com/gui/file/d6f0800534cec3bd19d2ed74bac01dbbe16a52168c69005da5c1c0d9920be16c/detection

http://185.251.89.153

# Reference: https://twitter.com/JAMESWT_MHT/status/1402589421459984387
# Reference: https://app.any.run/tasks/e04e438d-bd0d-4369-b25c-13bb7784738b/
# Reference: https://www.virustotal.com/gui/ip-address/83.166.252.186/relations

http://188.225.44.253
barbatam.online
barbatas.online
barbatas.ru
barbatus.online
ferruminatio.online
ferruminatio.ru
floundera.online
goatfish.ru
libellus.online
mulleti.ru
mullus.online
mullus.ru
plaicer.ru
privigna.online
privigna.ru
puppis.online
puppis.ru
sardanal.online
sardanal.ru
tectaconstrata.online
tectaconstrata.ru

# Reference: https://twitter.com/ShadowChasing1/status/1402636679463129091
# Reference: https://www.virustotal.com/gui/file/40162ef9a1efdf57eafb60364c3121471eefd7d65eb2afeb190fcfa44c55a460/detection

kilogar.ru

# Reference: https://twitter.com/h2jazi/status/1405186427575574535
# Reference: https://www.virustotal.com/gui/file/bab93bc258ed673a849e8a8a6da080cf82e3dab3fdb29f6ae42031280cda49ef/detection

http://83.166.240.31

# Reference: https://github.com/blacklotuslabs/IOCs/blob/main/Gamaredon_IoCs.txt

ci04495.tmweb.ru

# Reference: https://www.virustotal.com/gui/ip-address/217.25.88.153/relations
# Reference: https://www.virustotal.com/gui/ip-address/217.25.93.121/relations
# Reference: https://www.virustotal.com/gui/file/28c9912d1aa3f4b2902e29d2789d64b7fe9fce29c311ea67e36048d60854992d/detection
# Reference: https://www.virustotal.com/gui/file/806b2b347054eee9de88f2ce48b83e16266c9caf67af9207403cfd56b11ad9b5/detection

dintara.ru
gorrita.ru

# Reference: https://twitter.com/h2jazi/status/1407406348644519937
# Reference: https://www.virustotal.com/gui/ip-address/46.229.212.125/relations
# Reference: https://www.virustotal.com/gui/file/2ead55a222799281d2af1c1fec8311fba9c72c801f9f8608f8df4aede3d8f650/detection

elvisar.ru
rastani.ru
semara.ru
lovers.semara.ru
lump.semara.ru

# Reference: https://twitter.com/h2jazi/status/1408393772484993026
# Reference: https://twitter.com/Clerk4J/status/1409386175379374085
# Reference: https://www.virustotal.com/gui/ip-address/217.25.92.162/relations
# Reference: https://www.virustotal.com/gui/file/cd4548cefce7483170e81d4a8df5642df032345e485b0d97dfb947e2467317fe/detection

grafitto.ru
false.grafitto.ru

# Reference: https://www.virustotal.com/gui/ip-address/217.25.88.135/relations

holitar.ru

# Reference: https://twitter.com/s1ckb017/status/1409834805618003969
# Reference: https://www.virustotal.com/gui/ip-address/109.68.212.85/relations
# Reference: https://www.virustotal.com/gui/file/e2b745d87909ab295e7b272e0322b47a6ecaefe77335b8819d5c1bd6339cb583/detection
# Reference: https://www.virustotal.com/gui/file/78053405e71f436d41e224d7bb5a5c717d47e83636bfffeb86b506bf6cef0991/detection

arianos.ru
podloka.ru
released.podloka.ru
same.arianos.ru

# Generic

/17.02/inner.php
/help_Om.php
/mfareboot.php
/posolreboot.php
/rebootor.php
/rnboreboot.php
/zaderreboot.php
/bitprog.waw
/piTDaxD/GURSORUN.php
/spr_files.php
/spr_updates.php
/TCGahjr/reinst.php
/WindowsNewsense.php

# Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/gamaredon-apt-group-use-covid-19-lure-in-campaigns/
# Reference: https://www.virustotal.com/gui/file/66b67a1f4032f717ee19009996adbe2c185be2ef2da462902a4703fca269709d/behavior/Rising%20MOVES

/help_01_01.php
/help_01_02.php
/help_01_03.php
/help_01_04.php
/help_01_05.php
/help_01_06.php
/help_01_07.php
/help_01_08.php
/help_01_09.php
/help_01_10.php
/help_01_11.php
/help_01_12.php
/help_02_01.php
/help_02_02.php
/help_02_03.php
/help_02_04.php
/help_02_05.php
/help_02_06.php
/help_02_07.php
/help_02_08.php
/help_02_09.php
/help_02_10.php
/help_02_11.php
/help_02_12.php
/help_03_01.php
/help_03_02.php
/help_03_03.php
/help_03_04.php
/help_03_05.php
/help_03_06.php
/help_03_07.php
/help_03_08.php
/help_03_09.php
/help_03_10.php
/help_03_11.php
/help_03_12.php
/help_04_01.php
/help_04_02.php
/help_04_03.php
/help_04_04.php
/help_04_05.php
/help_04_06.php
/help_04_07.php
/help_04_08.php
/help_04_09.php
/help_04_10.php
/help_04_11.php
/help_04_12.php
/help_05_01.php
/help_05_02.php
/help_05_03.php
/help_05_04.php
/help_05_05.php
/help_05_06.php
/help_05_07.php
/help_05_08.php
/help_05_09.php
/help_05_10.php
/help_05_11.php
/help_05_12.php
/help_06_01.php
/help_06_02.php
/help_06_03.php
/help_06_04.php
/help_06_05.php
/help_06_06.php
/help_06_07.php
/help_06_08.php
/help_06_09.php
/help_06_10.php
/help_06_11.php
/help_06_12.php
/help_07_01.php
/help_07_02.php
/help_07_03.php
/help_07_04.php
/help_07_05.php
/help_07_06.php
/help_07_07.php
/help_07_08.php
/help_07_09.php
/help_07_10.php
/help_07_11.php
/help_07_12.php
/help_08_01.php
/help_08_02.php
/help_08_03.php
/help_08_04.php
/help_08_05.php
/help_08_06.php
/help_08_07.php
/help_08_08.php
/help_08_09.php
/help_08_10.php
/help_08_11.php
/help_08_12.php
/help_09_01.php
/help_09_02.php
/help_09_03.php
/help_09_04.php
/help_09_05.php
/help_09_06.php
/help_09_07.php
/help_09_08.php
/help_09_09.php
/help_09_10.php
/help_09_11.php
/help_09_12.php
/help_10_01.php
/help_10_02.php
/help_10_03.php
/help_10_04.php
/help_10_05.php
/help_10_06.php
/help_10_07.php
/help_10_08.php
/help_10_09.php
/help_10_10.php
/help_10_11.php
/help_10_12.php
/help_11_01.php
/help_11_02.php
/help_11_03.php
/help_11_04.php
/help_11_05.php
/help_11_06.php
/help_11_07.php
/help_11_08.php
/help_11_09.php
/help_11_10.php
/help_11_11.php
/help_11_12.php
/help_12_01.php
/help_12_02.php
/help_12_03.php
/help_12_04.php
/help_12_05.php
/help_12_06.php
/help_12_07.php
/help_12_08.php
/help_12_09.php
/help_12_10.php
/help_12_11.php
/help_12_12.php
/help_13_01.php
/help_13_02.php
/help_13_03.php
/help_13_04.php
/help_13_05.php
/help_13_06.php
/help_13_07.php
/help_13_08.php
/help_13_09.php
/help_13_10.php
/help_13_11.php
/help_13_12.php
/help_14_01.php
/help_14_02.php
/help_14_03.php
/help_14_04.php
/help_14_05.php
/help_14_06.php
/help_14_07.php
/help_14_08.php
/help_14_09.php
/help_14_10.php
/help_14_11.php
/help_14_12.php
/help_15_01.php
/help_15_02.php
/help_15_03.php
/help_15_04.php
/help_15_05.php
/help_15_06.php
/help_15_07.php
/help_15_08.php
/help_15_09.php
/help_15_10.php
/help_15_11.php
/help_15_12.php
/help_16_01.php
/help_16_02.php
/help_16_03.php
/help_16_04.php
/help_16_05.php
/help_16_06.php
/help_16_07.php
/help_16_08.php
/help_16_09.php
/help_16_10.php
/help_16_11.php
/help_16_12.php
/help_17_01.php
/help_17_02.php
/help_17_03.php
/help_17_04.php
/help_17_05.php
/help_17_06.php
/help_17_07.php
/help_17_08.php
/help_17_09.php
/help_17_10.php
/help_17_11.php
/help_17_12.php
/help_18_01.php
/help_18_02.php
/help_18_03.php
/help_18_04.php
/help_18_05.php
/help_18_06.php
/help_18_07.php
/help_18_08.php
/help_18_09.php
/help_18_10.php
/help_18_11.php
/help_18_12.php
/help_19_01.php
/help_19_02.php
/help_19_03.php
/help_19_04.php
/help_19_05.php
/help_19_06.php
/help_19_07.php
/help_19_08.php
/help_19_09.php
/help_19_10.php
/help_19_11.php
/help_19_12.php
/help_20_01.php
/help_20_02.php
/help_20_03.php
/help_20_04.php
/help_20_05.php
/help_20_06.php
/help_20_07.php
/help_20_08.php
/help_20_09.php
/help_20_10.php
/help_20_11.php
/help_20_12.php
/help_21_01.php
/help_21_02.php
/help_21_03.php
/help_21_04.php
/help_21_05.php
/help_21_06.php
/help_21_07.php
/help_21_08.php
/help_21_09.php
/help_21_10.php
/help_21_11.php
/help_21_12.php
/help_22_01.php
/help_22_02.php
/help_22_03.php
/help_22_04.php
/help_22_05.php
/help_22_06.php
/help_22_07.php
/help_22_08.php
/help_22_09.php
/help_22_10.php
/help_22_11.php
/help_22_12.php
/help_23_01.php
/help_23_02.php
/help_23_03.php
/help_23_04.php
/help_23_05.php
/help_23_06.php
/help_23_07.php
/help_23_08.php
/help_23_09.php
/help_23_10.php
/help_23_11.php
/help_23_12.php
/help_24_01.php
/help_24_02.php
/help_24_03.php
/help_24_04.php
/help_24_05.php
/help_24_06.php
/help_24_07.php
/help_24_08.php
/help_24_09.php
/help_24_10.php
/help_24_11.php
/help_24_12.php
/help_25_01.php
/help_25_02.php
/help_25_03.php
/help_25_04.php
/help_25_05.php
/help_25_06.php
/help_25_07.php
/help_25_08.php
/help_25_09.php
/help_25_10.php
/help_25_11.php
/help_25_12.php
/help_26_01.php
/help_26_02.php
/help_26_03.php
/help_26_04.php
/help_26_05.php
/help_26_06.php
/help_26_07.php
/help_26_08.php
/help_26_09.php
/help_26_10.php
/help_26_11.php
/help_26_12.php
/help_27_01.php
/help_27_02.php
/help_27_03.php
/help_27_04.php
/help_27_05.php
/help_27_06.php
/help_27_07.php
/help_27_08.php
/help_27_09.php
/help_27_10.php
/help_27_11.php
/help_27_12.php
/help_28_01.php
/help_28_02.php
/help_28_03.php
/help_28_04.php
/help_28_05.php
/help_28_06.php
/help_28_07.php
/help_28_08.php
/help_28_09.php
/help_28_10.php
/help_28_11.php
/help_28_12.php
/help_29_01.php
/help_29_02.php
/help_29_03.php
/help_29_04.php
/help_29_05.php
/help_29_06.php
/help_29_07.php
/help_29_08.php
/help_29_09.php
/help_29_10.php
/help_29_11.php
/help_29_12.php
/help_30_01.php
/help_30_02.php
/help_30_03.php
/help_30_04.php
/help_30_05.php
/help_30_06.php
/help_30_07.php
/help_30_08.php
/help_30_09.php
/help_30_10.php
/help_30_11.php
/help_30_12.php
/help_31_01.php
/help_31_02.php
/help_31_03.php
/help_31_04.php
/help_31_05.php
/help_31_06.php
/help_31_07.php
/help_31_08.php
/help_31_09.php
/help_31_10.php
/help_31_11.php
/help_31_12.php
/index_01_01.php
/index_01_02.php
/index_01_03.php
/index_01_04.php
/index_01_05.php
/index_01_06.php
/index_01_07.php
/index_01_08.php
/index_01_09.php
/index_01_10.php
/index_01_11.php
/index_01_12.php
/index_02_01.php
/index_02_02.php
/index_02_03.php
/index_02_04.php
/index_02_05.php
/index_02_06.php
/index_02_07.php
/index_02_08.php
/index_02_09.php
/index_02_10.php
/index_02_11.php
/index_02_12.php
/index_03_01.php
/index_03_02.php
/index_03_03.php
/index_03_04.php
/index_03_05.php
/index_03_06.php
/index_03_07.php
/index_03_08.php
/index_03_09.php
/index_03_10.php
/index_03_11.php
/index_03_12.php
/index_04_01.php
/index_04_02.php
/index_04_03.php
/index_04_04.php
/index_04_05.php
/index_04_06.php
/index_04_07.php
/index_04_08.php
/index_04_09.php
/index_04_10.php
/index_04_11.php
/index_04_12.php
/index_05_01.php
/index_05_02.php
/index_05_03.php
/index_05_04.php
/index_05_05.php
/index_05_06.php
/index_05_07.php
/index_05_08.php
/index_05_09.php
/index_05_10.php
/index_05_11.php
/index_05_12.php
/index_06_01.php
/index_06_02.php
/index_06_03.php
/index_06_04.php
/index_06_05.php
/index_06_06.php
/index_06_07.php
/index_06_08.php
/index_06_09.php
/index_06_10.php
/index_06_11.php
/index_06_12.php
/index_07_01.php
/index_07_02.php
/index_07_03.php
/index_07_04.php
/index_07_05.php
/index_07_06.php
/index_07_07.php
/index_07_08.php
/index_07_09.php
/index_07_10.php
/index_07_11.php
/index_07_12.php
/index_08_01.php
/index_08_02.php
/index_08_03.php
/index_08_04.php
/index_08_05.php
/index_08_06.php
/index_08_07.php
/index_08_08.php
/index_08_09.php
/index_08_10.php
/index_08_11.php
/index_08_12.php
/index_09_01.php
/index_09_02.php
/index_09_03.php
/index_09_04.php
/index_09_05.php
/index_09_06.php
/index_09_07.php
/index_09_08.php
/index_09_09.php
/index_09_10.php
/index_09_11.php
/index_09_12.php
/index_10_01.php
/index_10_02.php
/index_10_03.php
/index_10_04.php
/index_10_05.php
/index_10_06.php
/index_10_07.php
/index_10_08.php
/index_10_09.php
/index_10_10.php
/index_10_11.php
/index_10_12.php
/index_11_01.php
/index_11_02.php
/index_11_03.php
/index_11_04.php
/index_11_05.php
/index_11_06.php
/index_11_07.php
/index_11_08.php
/index_11_09.php
/index_11_10.php
/index_11_11.php
/index_11_12.php
/index_12_01.php
/index_12_02.php
/index_12_03.php
/index_12_04.php
/index_12_05.php
/index_12_06.php
/index_12_07.php
/index_12_08.php
/index_12_09.php
/index_12_10.php
/index_12_11.php
/index_12_12.php
/index_13_01.php
/index_13_02.php
/index_13_03.php
/index_13_04.php
/index_13_05.php
/index_13_06.php
/index_13_07.php
/index_13_08.php
/index_13_09.php
/index_13_10.php
/index_13_11.php
/index_13_12.php
/index_14_01.php
/index_14_02.php
/index_14_03.php
/index_14_04.php
/index_14_05.php
/index_14_06.php
/index_14_07.php
/index_14_08.php
/index_14_09.php
/index_14_10.php
/index_14_11.php
/index_14_12.php
/index_15_01.php
/index_15_02.php
/index_15_03.php
/index_15_04.php
/index_15_05.php
/index_15_06.php
/index_15_07.php
/index_15_08.php
/index_15_09.php
/index_15_10.php
/index_15_11.php
/index_15_12.php
/index_16_01.php
/index_16_02.php
/index_16_03.php
/index_16_04.php
/index_16_05.php
/index_16_06.php
/index_16_07.php
/index_16_08.php
/index_16_09.php
/index_16_10.php
/index_16_11.php
/index_16_12.php
/index_17_01.php
/index_17_02.php
/index_17_03.php
/index_17_04.php
/index_17_05.php
/index_17_06.php
/index_17_07.php
/index_17_08.php
/index_17_09.php
/index_17_10.php
/index_17_11.php
/index_17_12.php
/index_18_01.php
/index_18_02.php
/index_18_03.php
/index_18_04.php
/index_18_05.php
/index_18_06.php
/index_18_07.php
/index_18_08.php
/index_18_09.php
/index_18_10.php
/index_18_11.php
/index_18_12.php
/index_19_01.php
/index_19_02.php
/index_19_03.php
/index_19_04.php
/index_19_05.php
/index_19_06.php
/index_19_07.php
/index_19_08.php
/index_19_09.php
/index_19_10.php
/index_19_11.php
/index_19_12.php
/index_20_01.php
/index_20_02.php
/index_20_03.php
/index_20_04.php
/index_20_05.php
/index_20_06.php
/index_20_07.php
/index_20_08.php
/index_20_09.php
/index_20_10.php
/index_20_11.php
/index_20_12.php
/index_21_01.php
/index_21_02.php
/index_21_03.php
/index_21_04.php
/index_21_05.php
/index_21_06.php
/index_21_07.php
/index_21_08.php
/index_21_09.php
/index_21_10.php
/index_21_11.php
/index_21_12.php
/index_22_01.php
/index_22_02.php
/index_22_03.php
/index_22_04.php
/index_22_05.php
/index_22_06.php
/index_22_07.php
/index_22_08.php
/index_22_09.php
/index_22_10.php
/index_22_11.php
/index_22_12.php
/index_23_01.php
/index_23_02.php
/index_23_03.php
/index_23_04.php
/index_23_05.php
/index_23_06.php
/index_23_07.php
/index_23_08.php
/index_23_09.php
/index_23_10.php
/index_23_11.php
/index_23_12.php
/index_24_01.php
/index_24_02.php
/index_24_03.php
/index_24_04.php
/index_24_05.php
/index_24_06.php
/index_24_07.php
/index_24_08.php
/index_24_09.php
/index_24_10.php
/index_24_11.php
/index_24_12.php
/index_25_01.php
/index_25_02.php
/index_25_03.php
/index_25_04.php
/index_25_05.php
/index_25_06.php
/index_25_07.php
/index_25_08.php
/index_25_09.php
/index_25_10.php
/index_25_11.php
/index_25_12.php
/index_26_01.php
/index_26_02.php
/index_26_03.php
/index_26_04.php
/index_26_05.php
/index_26_06.php
/index_26_07.php
/index_26_08.php
/index_26_09.php
/index_26_10.php
/index_26_11.php
/index_26_12.php
/index_27_01.php
/index_27_02.php
/index_27_03.php
/index_27_04.php
/index_27_05.php
/index_27_06.php
/index_27_07.php
/index_27_08.php
/index_27_09.php
/index_27_10.php
/index_27_11.php
/index_27_12.php
/index_28_01.php
/index_28_02.php
/index_28_03.php
/index_28_04.php
/index_28_05.php
/index_28_06.php
/index_28_07.php
/index_28_08.php
/index_28_09.php
/index_28_10.php
/index_28_11.php
/index_28_12.php
/index_29_01.php
/index_29_02.php
/index_29_03.php
/index_29_04.php
/index_29_05.php
/index_29_06.php
/index_29_07.php
/index_29_08.php
/index_29_09.php
/index_29_10.php
/index_29_11.php
/index_29_12.php
/index_30_01.php
/index_30_02.php
/index_30_03.php
/index_30_04.php
/index_30_05.php
/index_30_06.php
/index_30_07.php
/index_30_08.php
/index_30_09.php
/index_30_10.php
/index_30_11.php
/index_30_12.php
/index_31_01.php
/index_31_02.php
/index_31_03.php
/index_31_04.php
/index_31_05.php
/index_31_06.php
/index_31_07.php
/index_31_08.php
/index_31_09.php
/index_31_10.php
/index_31_11.php
/index_31_12.php
/ingenious_/28.01/ivan.php
