# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: phokace, trik

# Reference: https://twitter.com/James_inthe_box/status/1113908672227233792
# Reference: https://app.any.run/tasks/147f20d1-7402-4897-881c-d406976d8e89/

aeuandnuaoegogngaif.ru
afhoahegue.ru
afhoahegue.su
ageouhoeufhhghugaif.ru
auehaofehofhuhfgaif.ru
eauohouefhoahfugaif.ru
efhoahegue.ru
efhoahegue.su
egoanfoenuoanfugaif.ru
ehaofehofhuhfhrfuof.su
eouhoeufhhghuhrfuof.su
euaoufhaheghfhrfuof.su
gaeuaoufhaheghfgaif.ru
hgouhfuosuoosrhgaif.ru
ionfneonoigidhrfuof.su
oanfoenuoanfuhrfuof.su
ouaoueouefnufhrfuof.su
ouhfuosuoosrhhrfuof.su
rfhoahegue.ru
rfhoahegue.su
rsionfneonoigidgaif.ru
sgouaoueouefnufgaif.ru
tfhoahegue.ru
tfhoahegue.su
uandnuaoegognhrfuof.su
uohouefhoahfuhrfuof.su
xfhoahegue.ru
xfhoahegue.su

# Reference: https://research.checkpoint.com/in-the-footsteps-of-a-sextortion-campaign/
# Reference: https://otx.alienvault.com/pulse/5da88d64cfc02d4709b339e1

http://185.176.27.132
http://193.32.161.69
http://193.32.161.73
http://193.32.161.77
http://87.120.37.234
http://92.63.197.153
osheoufhusheoghuesd.ru
ouhfuosuoosrhfzr.su

# Reference: https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html (# Win.Malware.Phorpiex-7373816-1)
# Reference: https://www.virustotal.com/gui/domain/shojnoc.com/relations

ieguaoeuafhoauedg.ru
ofoanefubehauufdu.ru
osgohfoeaugfoauef.ru
shojnoc.com

# Reference: https://app.any.run/tasks/b136db95-e120-4a54-9a41-287361759b80/
# Reference: https://app.any.run/tasks/e7ad003e-7dad-49fe-90c5-7135e1496fec/
# Reference: https://app.any.run/tasks/0be54fb9-a4a0-4827-b699-1ab577c55094/

aeifaeifhutuhuhusp.su
urusurofhsorhfuuhp.su
eaeuafhuaegfugeudp.su
rzhsudhugugfugugsp.su
bfagzzezgaegzgfaip.su
aeoughaoheguaoehdp.su
aeufuaehfiuehfuhfp.su
geauhouefheuutiiip.su
eguaheoghouughahsp.su
afaeigaifgsgrhhafp.su
daedagheauehfuuhfp.su
gaoehuoaoefhuhfugp.su
afaigaeigieufuifip.su
gaouehaehfoaeajrsp.su
huaeokaefoaeguaehp.su
aegohaohuoruitiiep.su
gaghpaheiafhjefijp.su
gaoheeuofhefefhutp.su
urusurofhsorhfuuhd.io
befaheaiudeuhughgp.su
rzhsudhugugfugugsd.io
gaohrhurhuhruhfsdp.su
bfagzzezgaegzgfaid.io
aeifaeifhutuhuhusd.io
daedagheauehfuuhfd.io
aeoughaoheguaoehdd.io
aeufuaehfiuehfuhfd.io
eaeuafhuaegfugeudd.io
eguaheoghouughahsd.io
huaeokaefoaeguaehd.io
afaigaeigieufuifid.io
afaeigaifgsgrhhafd.io
geauhouefheuutiiid.io
gaouehaehfoaeajrsd.io
gaoheeuofhefefhutd.io
aegohaohuoruitiied.io
aeifaeifhutuhuhusr.cc
gaoehuoaoefhuhfugd.io
gaohrhurhuhruhfsdd.io
urusurofhsorhfuuhr.cc
befaheaiudeuhughgd.io
gaghpaheiafhjefijd.io
rzhsudhugugfugugsr.cc
bfagzzezgaegzgfair.cc
eguaheoghouughahsr.cc
aeoughaoheguaoehdr.cc
daedagheauehfuuhfr.cc
aeufuaehfiuehfuhfr.cc
eaeuafhuaegfugeudr.cc
gaouehaehfoaeajrsr.cc
geauhouefheuutiiir.cc
befaheaiudeuhughgr.cc
rzhsudhugugfugugsh.co
aeifaeifhutuhuhush.co
bfagzzezgaegzgfaih.co
huaeokaefoaeguaehr.cc
afaigaeigieufuifir.cc
gaoehuoaoefhuhfugr.cc
gaoheeuofhefefhutr.cc
afaeigaifgsgrhhafr.cc
aegohaohuoruitiier.cc
urusurofhsorhfuuhh.co
gaghpaheiafhjefijr.cc
gaohrhurhuhruhfsdr.cc
eaeuafhuaegfugeudh.co
gaohrhurhuhruhfsdh.co
gaouehaehfoaeajrsh.co
afaigaeigieufuifih.co
gaghpaheiafhjefijh.co
gaoheeuofhefefhuth.co
afaeigaifgsgrhhafh.co
eguaheoghouughahsh.co
huaeokaefoaeguaehh.co
aeoughaoheguaoehdh.co
daedagheauehfuuhfh.co
aeufuaehfiuehfuhfh.co
geauhouefheuutiiih.co
aegohaohuoruitiieh.co
befaheaiudeuhughgh.co
urusurofhsorhfuuhe.to
aeifaeifhutuhuhuse.to
gaoehuoaoefhuhfugh.co
rzhsudhugugfugugse.to
afaigaeigieufuifie.to
aeufuaehfiuehfuhfe.to
daedagheauehfuuhfe.to
bfagzzezgaegzgfaie.to
eaeuafhuaegfugeude.to
aeoughaoheguaoehde.to
gaoheeuofhefefhute.to
eguaheoghouughahse.to
huaeokaefoaeguaehe.to
afaeigaifgsgrhhafe.to
gaouehaehfoaeajrse.to
geauhouefheuutiiie.to
gaghpaheiafhjefije.to
rzhsudhugugfugugsw.top
gaohrhurhuhruhfsde.to
aeoughaoheguaoehdw.top
aegohaohuoruitiiee.to
gaoehuoaoefhuhfuge.to
aeifaeifhutuhuhusw.top
eaeuafhuaegfugeudw.top
befaheaiudeuhughge.to
bfagzzezgaegzgfaiw.top
aeufuaehfiuehfuhfw.top
afaigaeigieufuifiw.top
afaeigaifgsgrhhafw.top
befaheaiudeuhughgw.top
daedagheauehfuuhfw.top
aegohaohuoruitiiew.top
huaeokaefoaeguaehw.top
gaohrhurhuhruhfsdw.top
gaghpaheiafhjefijw.top
geauhouefheuutiiiw.top
thaus.top
eguaheoghouughahsw.top
gaouehaehfoaeajrsw.top
gaoheeuofhefefhutw.top
gaoehuoaoefhuhfugw.top

# Reference: https://app.any.run/tasks/9e581c45-0809-4dd8-8007-cda84b7079a2/

fafhoafouehfuh.su

# Reference: https://app.any.run/tasks/b70962a2-6c68-430e-8bd0-41838a8cc1cc/

aeufuaehfiuehfuhfw.top
aeoughaoheguaoehdw.top
geauhouefheuutiiiw.top

# Reference: https://app.any.run/tasks/90937c0e-05d4-4051-9ab7-7a5e51ae4d31/

jukesxdbrxd.xyz

# Reference: https://app.any.run/tasks/08104a8e-0024-434f-8306-ece290ee7d4d/

roiriorisiorotr.cc
b0t.to

# Reference: https://research.checkpoint.com/phorpiex-breakdown/
# Reference: https://otx.alienvault.com/pulse/5dd568ae32d2613ea999b983

http://185.176.27.132
http://92.63.197.59
http://94.156.133.65
ghjk78kjhb.net
thaus.top

# Reference: https://research.checkpoint.com/2019/phorpiex-breakdown/
# Reference: https://www.virustotal.com/gui/file/1386613864239dee1051eec8f6ca98e28b8714a6fd3eca0682dad711a3beb72a/detection
# Reference: https://www.virustotal.com/gui/file/0c77b260ee3fdd2754cd4f289efce709519aad34fa3cb84663655a6240e45973/detection

148.81.111.121:65520
16.249.218.1:55809
16.249.234.1:59905
16.249.60.1:15361
http://112.126.94.107
http://123.56.228.49
http://124.158.10.82
http://125.212.217.30
http://125.212.217.33
http://127.181.87.80
http://172.104.40.92
http://183.81.171.242
http://185.176.27.132
http://185.189.58.222
http://193.32.161.69
http://193.32.161.73
http://193.32.161.77
http://210.211.116.246
http://220.181.87.80
http://87.120.37.156
http://87.120.37.234
http://87.120.37.235
http://92.63.197.106
http://92.63.197.112
http://92.63.197.153
http://92.63.197.38
http://92.63.197.48
http://92.63.197.59
http://92.63.197.60
http://95.81.1.43
aaaeieiiiofffla.co
aaaeieiiiofffpn.su
aaaeieiiioffftr.cc
aaaeieiiiofffzt.io
aaauuwiifoogeao.to
aaauuwiifoogela.co
aaauuwiifoogepn.su
aaauuwiifoogetr.cc
aauaaaeieiieepn.su
aauaaaeieiieetr.cc
aauaaaeieiieezt.io
abfeiagihisl.su
abfeiagihiso.co
abfeiagihisp.io
abfeiagihisr.cc
aefeohaueajdula.co
aefhuoaeudofrla.co
aefiabeuodbauobfaoebbf.ru
aefoahefuaehfu.su
aefoguaeoueorla.co
aefoheaofefhuu.su
aefouaeaooaobaubvaeubv.ru
aehfiaheifuedhgsf.su
aehfiaheifuedhgsg.su
aehfiaheifuedhgso.su
aeifuaeiuafbuu.su
aeigaeizfaizef.su
aeiueigafiegfaiedeiuag.ru
aeiziaezieidiebg.ru
aeubaefefbuuss.su
afeifieuuufufufuf.biz
afeifieuuufufufuf.com
afeifieuuufufufuf.in
afeifieuuufufufuf.info
afeifieuuufufufuf.net
afeifieuuufufufuf.ru
afeifieuuufufufuf.su
afeoadaueodgeouaoueofu.ru
afueufuefueifo.su
agnediuaeuidhegsf.su
agnediuaeuidhegsg.su
agnediuaeuidhegso.su
agnediuaeuidhegsx.su
aiaizzzezeezela.co
aiaizzzezeezetr.cc
aiaizzzezeezezt.io
aieiiieittel.su
aieiiieitteo.co
aieiiieittep.io
aieiiieitter.cc
aiiaiafrzrueuedur.biz
aiiaiafrzrueuedur.com
aiiaiafrzrueuedur.in
aiiaiafrzrueuedur.info
aiiaiafrzrueuedur.net
aiiaiafrzrueuedur.ru
aiiaiafrzrueuedur.su
aiuauuaaanggila.co
aneoeauhiazegfiz.ru
aoeubfoabeoufadaeufoue.ru
aoufauhueful.su
aoufauhuefuo.co
aoufauhuefup.io
aoufauhuefur.cc
arsohoduauahfhofuhfdus.ru
ashihsijaediaehf.ru
aufheuafoaheuf.su
auiaaedabzabevbiiedizf.ru
awdauegdouegfageuofguo.ru
babfaehfuehfuh.su
baeiaeueauieis.su
bafaejidjaiehfgsf.su
bafaejidjaiehfgsg.su
bafaejidjaiehfgso.su
bafaejidjaiehfgsx.su
bafbeiahighgii.su
baoefubfbfigoao.to
baoefubfbfigola.co
baoefubfbfigopn.su
baoefubfbfigotr.cc
baoefubfbfigozt.io
bbfaeuuhfiaehf.su
bfbaiefiheil.su
bfbaiefiheio.co
bfbaiefiheip.io
bfbaiefiheir.cc
bnioooarubgzdla.co
bnioooarubgzdtr.cc
booomaahuuoooapl.ru
bsigsifrruhhgd.su
buaeabguguul.su
buaeabguguuo.co
buaeabguguup.io
buaeabguguur.cc
buaeaefuueofhla.co
bueoueoaoeoadla.co
buieubfiuebuuf.su
eaojefiuaugueufo.ru
eaueaoeufuufhs.su
eauebfuiaefubg.su
ebgiaueghuul.su
ebgiaueghuuo.co
ebgiaueghuup.io
ebgiaueghuur.cc
eeeieiieirdl.su
eeeieiieirdo.co
eeeieiieirdp.io
eeeieiieirdr.cc
efugusdogdogg.ru
egaueuefuhgl.su
egaueuefuhgo.co
egaueuefuhgp.io
egaueuefuhgr.cc
egubeauefaeufu.su
ehaofehofhuhffzgag.su
ehaofehofhuhffzgow.su
eiifngjfksisiufjf.biz
eiifngjfksisiufjf.com
eiifngjfksisiufjf.in
eiifngjfksisiufjf.info
eiifngjfksisiufjf.net
eiifngjfksisiufjf.ru
eiifngjfksisiufjf.su
eiiiaoihoaeruao.to
eiiiaoihoaerula.co
eiiiaoihoaerupn.su
eiiiaoihoaerutr.cc
eiiiaoihoaeruzt.io
eobbeaubfeuuela.co
eobbeaubfeuuetr.cc
eobbeaubfeuuezt.io
eofihsishihiursgu.biz
eofihsishihiursgu.com
eofihsishihiursgu.in
eofihsishihiursgu.info
eofihsishihiursgu.net
eofihsishihiursgu.ru
eofihsishihiursgu.su
eoroooskfogihisrg.biz
eoroooskfogihisrg.com
eoroooskfogihisrg.in
eoroooskfogihisrg.info
eoroooskfogihisrg.net
eoroooskfogihisrg.ru
eoroooskfogihisrg.su
eoufaoeuhoauengi.ru
eouhoeufhhghufzgag.su
eouhoeufhhghufzgow.su
euaoufhaheghffzgag.su
euaoufhaheghffzgow.su
eveezueigohehla.co
eveezueigohehpn.su
eveezueigohehtr.cc
ezaziiezfzgl.su
ezaziiezfzgo.co
ezaziiezfzgp.io
ezaziiezfzgr.cc
faeuhoaoiehrhd.su
fafhoafouehfuh.su
feoanoanednuela.co
ffoeefsheuesihfo.ru
fieooeoafheififo.ru
fifiehsueuufidhfi.biz
fifiehsueuufidhfi.com
fifiehsueuufidhfi.in
fifiehsueuufidhfi.info
fifiehsueuufidhfi.net
fifiehsueuufidhfi.ru
fifiehsueuufidhfi.su
fiiauediehduefuge.biz
fiiauediehduefuge.com
fiiauediehduefuge.in
fiiauediehduefuge.info
fiiauediehduefuge.net
fiiauediehduefuge.ru
fiiauediehduefuge.su
fuaiuebndieufeufu.biz
fuaiuebndieufeufu.com
fuaiuebndieufeufu.in
fuaiuebndieufeufu.info
fuaiuebndieufeufu.net
fuaiuebndieufeufu.ru
fuaiuebndieufeufu.su
gaeifiuheiuhauhdf.su
gaeifiuheiuhauhdg.su
gaeifiuheiuhauhdo.su
gaeifiuheiuhauhdx.su
gaeuhaiuhfihehfsf.su
gaeuhaiuhfihehfsg.su
gaeuhaiuhfihehfso.su
gaeuhaiuhfihehfsx.su
gaieufhaefuefh.su
gauehfeohfefhu.su
ghaueouahfuohla.co
ghofhauofeofhla.co
ghosrurruheudla.co
giaeijeidgieua.su
gnnaneieaojoagisf.su
gnnaneieaojoagisg.su
gnnaneieaojoagiso.su
gnnaneieaojoagisx.su
goheufuhufdl.su
goheufuhufdo.co
goheufuhufdp.io
goheufuhufdr.cc
gohorghosrsohgsri.ru
gosurrhrguhl.su
gosurrhrguho.co
gosurrhrguhp.io
gosurrhrguhr.cc
gouarhofhrufhla.co
gshrghirhgsgrao.to
gshrghirhgsgrla.co
gshrghirhgsgrpn.su
gshrghirhgsgrzt.io
guaouehdaouehla.co
hehfaofiehgggao.to
hehfaofiehgggla.co
hehfaofiehgggpn.su
hehfaofiehgggzt.io
hohigoirjgrijla.co
iaefiazefgizagdgf.su
iaefiazefgizagdgg.su
iaefiazefgizagdgo.su
iaefiazefgizagdgx.su
ibufhhuofouaes.su
infineinfinigao.to
infineinfinigla.co
infineinfinigpn.su
infineinfinigtr.cc
infineinfinigzt.io
ionfneonoigidfzgag.su
ionfneonoigidfzgow.su
isohgohrusurgd.su
iuefgauiaiduihgs.ru
iuirshriuisruruuf.biz
iuirshriuisruruuf.com
iuirshriuisruruuf.in
iuirshriuisruruuf.info
iuirshriuisruruuf.net
iuirshriuisruruuf.ru
iuirshriuisruruuf.su
koksfegkosoefh.su
lopiaoeufgaeid.su
lpliouhzieuaela.co
maeobnaoefhgoajo.ru
miokpkaeofkl.su
miokpkaeofko.co
miokpkaeofkp.io
miokpkaeofkr.cc
mokoaehaeihgiaheih.ru
nehfauheudhuela.co
nfbaeiudhaiedhhgf.su
nkoaefuhfuhl.su
nkoaefuhfuho.co
nkoaefuhfuhp.io
nkoaefuhfuhr.cc
nnososoosjfeuhueu.biz
nnososoosjfeuhueu.com
nnososoosjfeuhueu.in
nnososoosjfeuhueu.info
nnososoosjfeuhueu.net
nnososoosjfeuhueu.ru
nnososoosjfeuhueu.su
noeuaoenriusfiruu.biz
noeuaoenriusfiruu.com
noeuaoenriusfiruu.in
noeuaoenriusfiruu.info
noeuaoenriusfiruu.net
noeuaoenriusfiruu.ru
noeuaoenriusfiruu.su
nousiieiffgogogoo.biz
nousiieiffgogogoo.com
nousiieiffgogogoo.in
nousiieiffgogogoo.info
nousiieiffgogogoo.net
nousiieiffgogogoo.ru
nousiieiffgogogoo.su
oanfoenuoanfufzgag.su
oanfoenuoanfufzgow.su
oe123uhwugfuuws.ru
oeeoeuueueuueao.to
oeeoeuueueuuela.co
oeeoeuueueuuetr.cc
oeeoeuueueuuezt.io
oefheahfueghuh.su
oehfeoaufhuufs.su
oeoaoueuoeuoaao.to
oeoaoueuoeuoala.co
oeoaoueuoeuoatr.cc
oeoaoueuoeuoazt.io
ofeideinieghihfo.ru
ofhhusrugsrhgurhf.su
ofhhusrugsrhgurhg.su
ofhhusrugsrhgurho.su
ofhhusrugsrhgurhx.su
ohsufsiuesiuhuhgf.su
ohsufsiuesiuhuhgg.su
ohsufsiuesiuhuhgo.su
ohsufsiuesiuhuhgx.su
oksubuszeususur.su
olruheuuruul.su
olruheuuruuo.co
olruheuuruup.io
olruheuuruur.cc
ouaoueouefnuffzgag.su
ouaoueouefnuffzgow.su
ouauooaoaoeeuao.to
ouauooaoaoeeula.co
ouauooaoaoeeutr.cc
ouauooaoaoeeuzt.io
ouefeeeefhuwuhs.ru
ouhfuosuoosrhfzgag.su
ouhfuosuoosrhfzgow.su
ouhgousgoahutao.to
ouhgousgoahutla.co
ouhgousgoahutpn.su
ouhgousgoahuttr.cc
ouhgousgoahutzt.io
pfeakpfiahefupafoahefd.ru
plpanaifheaighai.ru
plporsiszsgetao.to
plporsiszsgetla.co
plporsiszsgetpn.su
plporsiszsgettr.cc
rguaouhouaefela.co
roiriorisioroao.to
roiriorisiorola.co
roiriorisioropn.su
roiriorisiorotr.cc
roiriorisiorozt.io
rugeaofhefhugla.co
rzauerzueutl.su
rzauerzueuto.co
rzauerzueutp.io
rzauerzueutr.cc
sefuhsuifhishffo.ru
sfuhseidueiihffo.ru
shufourfhrufhu.su
sisfiusnrsruisfo.ru
slpsrgpsrhojifdij.biz
slpsrgpsrhojifdij.com
slpsrgpsrhojifdij.in
slpsrgpsrhojifdij.info
slpsrgpsrhojifdij.net
slpsrgpsrhojifdij.ru
slpsrgpsrhojifdij.su
soghrrsoeuhugao.to
soghrrsoeuhugla.co
soghrrsoeuhugpn.su
soghrrsoeuhugzt.io
srgbsuirbfubuf.su
srgsifijsjigjhfo.ru
srgsougshfouaoehfaghae.ru
srgsougshfouaoehfaghae.su
srndndubsbsifurfd.biz
srndndubsbsifurfd.com
srndndubsbsifurfd.in
srndndubsbsifurfd.info
srndndubsbsifurfd.net
srndndubsbsifurfd.ru
srndndubsbsifurfd.su
ssofhoseuegsgrfnj.biz
ssofhoseuegsgrfnj.com
ssofhoseuegsgrfnj.in
ssofhoseuegsgrfnj.info
ssofhoseuegsgrfnj.net
ssofhoseuegsgrfnj.su
ssofhoseuegsgrfnu.ru
tookddiwijdiss.su
uaeihefiuaefhuha.ru
uaeihefiuaefhuha.su
uaeihefiuaefhuhc.ru
uaeihefiuaefhuhc.su
uaeihefiuaefhuhe.ru
uaeihefiuaefhuhe.su
uaeihefiuaefhuhg.ru
uaeihefiuaefhuhg.su
uaeihefiuaefhuhr.ru
uaeihefiuaefhuhr.su
uaeihefiuaefhuht.ru
uaeihefiuaefhuht.su
uaeihefiuaefhuhv.ru
uaeihefiuaefhuhv.su
uaeihefiuaefhuhy.ru
uaeihefiuaefhuhy.su
uandnuaoegognfzgow.su
uefuaebfauoeug.su
uoaeogauhduadhug.ru
uohouefhoahfufzgag.su
uohouefhoahfufzgow.su
usifusurfbbuguruf.su
usifusurfbbugurug.su
usifusurfbbuguruo.su
usifusurfbbugurux.su
uwgfubusbbusswf.ru

# Reference: https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html (# Win.Downloader.Phorpiex-7428338-0)

abaeubuegs.su
aeoghehofu.su
aeubeufubg.su
aieieieros.su
aiheiufisd.su
aniaeninie.su
tbaeubuegs.su
teoghehofu.su
teuaueudgs.su
teubeufubg.su
tieieieros.su
tiheiufisd.su
wbaeubuegs.su
weoghehofu.su
weuaueudgs.su
weubeufubg.su
wiaeufaehe.su
wieieieros.su
wiheiufisd.su
wniaeninie.su
xbaeubuegs.su
xeoghehofu.su
xieieieros.su
xiheiufisd.su
xniaeninie.su

# Reference: https://app.any.run/tasks/9e581c45-0809-4dd8-8007-cda84b7079a2/

aefoahefuaehfu.su
aefoheaofefhuu.su
aeifuaeiuafbuu.su
aeigaeizfaizef.su
aeubaefefbuuss.su
afueufuefueifo.su
aufheuafoaheuf.su
babfaehfuehfuh.su
baeiaeueauieis.su
bafbeiahighgii.su
bbfaeuuhfiaehf.su
bsigsifrruhhgd.su
buieubfiuebuuf.su
eaueaoeufuufhs.su
eauebfuiaefubg.su
egubeauefaeufu.su
faeuhoaoiehrhd.su
fafhoafouehfuh.su
gauehfeohfefhu.su
giaeijeidgieua.su
ibufhhuofouaes.su
koksfegkosoefh.su
lopiaoeufgaeid.su
oefheahfueghuh.su
oehfeoaufhuufs.su
shufourfhrufhu.su
srgbsuirbfubuf.su
tookddiwijdiss.su
uefuaebfauoeug.su

# Reference: https://app.any.run/tasks/6a05c001-3dc4-4376-8b09-5701d5b44e25/

http://93.174.93.149/new.txt

# Reference: https://app.any.run/tasks/0cde956b-6d48-481b-9ee2-6c3b2751a170/

http://185.227.81.163/config.txt
185.227.81.163:3333

# Reference: https://twitter.com/P3pperP0tts/status/1146328144141606913
# Reference: https://www.virustotal.com/gui/file/b1650c6085710bd89fdec14ce9a1a5f52d7199ab98671d994181b1e7116a0a86/behavior/Lastline

aoruuoooshfrohfe.su
bbruuoooshfrohfe.su
foruuoooshfrohfe.su
roruuoooshfrohfe.su
soruuoooshfrohfe.su
toruuoooshfrohfe.su
uoruuoooshfrohfe.su
zeruuoooshfrohfe.su
zzruuoooshfrohfe.su
aoruuoooshfrohle.su
bbruuoooshfrohle.su
foruuoooshfrohle.su
roruuoooshfrohle.su
soruuoooshfrohle.su
toruuoooshfrohle.su
uoruuoooshfrohle.su
zeruuoooshfrohle.su
zzruuoooshfrohle.su
aoruuoooshfrohoe.su
bbruuoooshfrohoe.su
foruuoooshfrohoe.su
roruuoooshfrohoe.su
soruuoooshfrohoe.su
toruuoooshfrohoe.su
uoruuoooshfrohoe.su
zeruuoooshfrohoe.su
zzruuoooshfrohoe.su
aoruuoooshfrohue.su
bbruuoooshfrohue.su
foruuoooshfrohue.su
roruuoooshfrohue.su
soruuoooshfrohue.su
toruuoooshfrohue.su
uoruuoooshfrohue.su
zeruuoooshfrohue.su
zzruuoooshfrohue.su

# Reference: https://app.any.run/tasks/bfdf5f79-bfa4-452c-b043-1c8e9cb6bb40/

tldrbox.top

# Reference: https://research.checkpoint.com/2020/phorpiex-arsenal-part-ii/
# Reference: https://otx.alienvault.com/pulse/5e68f9a535aee3bd6ed575f8

185.176.27.132:4545
193.32.161.69:5555
193.32.161.73:7777
193.32.161.77:9595
92.63.197.153:7575
92.63.197.153:9090
92.63.197.60:9090
http://185.176.27.132
http://193.32.161.69
http://193.32.161.73
http://193.32.161.77
http://92.63.197.153
http://92.63.197.60
osheoufhusheoghuesd.ru

# Reference: https://app.any.run/tasks/e61d9ae1-a843-4d66-aa21-ceab45093bf2/

aefuaeufhueuufua.ru
badaeduahedhhuaa.ru
aeufoeahfouefhga.ru
eueuqundnndnsuda.ru
awduhawduhuhhaga.ru
nbmbnmbembfaeura.ru
aegieuueueuuruia.ru
azezezbdndnnnsna.ru
awbnmnmammmamnra.ru
afieifaieudhhuda.ru
euauueuueuruudga.ru
fauibdbebdbburua.ru
aeufoeahfouefhgz.su
euuauudduufuugua.ru
eooeoeoririusfra.ru
ploaiedueaigzefa.ru

# Reference: https://www.symantec.com/blogs/threat-intelligence/nemty-ransomware-trik-botnet
# Reference: https://otx.alienvault.com/pulse/5dc0b264b1356775410765ec

http://193.32.161.69
http://193.32.161.77
http://92.63.197.153
http://92.63.197.38
http://92.63.197.48
aiiaiafrzrueuedur.ru
fafhoafouehfuh.su
osheoufhusheoghuesd.ru
ouhfuosuoosrhfzr.su
unokaoeojoejfghr.ru

# Reference: https://app.any.run/tasks/dc34776d-097f-41f7-a6ed-12dc04d857ce/

tldrnet.top

# Reference: https://twitter.com/ViriBack/status/1270105258908401678
# Reference: https://twitter.com/trungduc751995/status/1270279726980984832
# Reference: https://www.virustotal.com/gui/file/43a922ce521114e7a4be1aa6987129e57cec880a8d235056e20ed933ff808a57/detection
# Reference: https://app.any.run/tasks/4cf2d180-cacb-49f3-a3de-dc105832f88f/
# Reference: https://www.virustotal.com/gui/ip-address/217.8.117.63/relations

http://217.8.117.63
fieooeoafheifi.ru
inigbiseijfji.ru
ouefuguefhuwuhs.ru
tldrbox.top
tldrbox.ws
utdifguizdidiz.ru
zzruuoooshfrohu.su

# Reference: https://www.virustotal.com/en/file/bb7238944240e9eeee1371e1970cbd5d7697180b0ba1436ef7e62da3d97438db/analysis/
# Reference: https://hybrid-analysis.com/sample/bb7238944240e9eeee1371e1970cbd5d7697180b0ba1436ef7e62da3d97438db?environmentId=100&lang=fr
# Reference: https://securityrealwebblog.blogspot.com/2011/10/wormwin32phorpiexb.html
# Note: zo iets leilijk heb ik nog nooit in mijn leven gezien

srv5020.net
srv5010.net

# Reference: https://www.virustotal.com/gui/file/9cd701a43efacf74555154ea52fbd5e5fbc8ad947a9fa60849236b6e0736c7d7/detection
# Reference: https://www.virustotal.com/gui/file/2be1a58d23fc46b34ea0b7a76719937111872c5610d882db56d6fda1ddc4bb7b/detection

deauduafzgezzfgr.ws
eaffuebudbeudbbr.ws
eafuebdbedbedggr.ws
eafueudzefverrgr.ws
edhuaudhuedugufr.ws
efaeduvedvzfufur.ws
efeuafubeubaefur.ws
efuheruhdehduhgr.ws
faugzeazdezgzgfl.to
faugzeazdezgzgfr.ws
feauhueudughuurl.to
feauhueudughuurr.ws
feuhdeuhduhuehdl.to
feuhdeuhduhuehdr.ws
fheuhdwdzwgzdggl.to
fheuhdwdzwgzdggr.ws
gaueudbuwdbuguur.ws
okdoekeoehghaoer.ws
seuufhehfueughel.to
seuufhehfueugher.ws
wdkowdohwodhfhfr.ws
wduufbaueeubffgl.to
wduufbaueeubffgr.ws
worm.top
worm.ws

# Reference: https://twitter.com/58_158_177_102/status/1323767014503034880
# Reference: https://app.any.run/tasks/6f787e8e-9ea6-4a14-bce1-da5c82bb21c1/
# Reference: https://tria.ge/201103-yqdbwpye9x

25xb3kc6azicbbuo.onion
helpqvrg3cc5mvb3.onion
304049943.ws
trik.ws

# Reference: https://www.virustotal.com/gui/file/a1f816c36f1057afdb90b9d40504b8dd61d961ef89d5c67a5ebf3b7b8bbac270/detection
# Reference: https://www.virustotal.com/gui/file/18397138b7c4a87d79b3cec5472a0c896501e0ef6f7a3ff42406cf4991eec288/detection

ladbabbabefnefmf.to
laedvezdeahfhuea.to
laefneabdmemdnaf.to
lauedaiednaibduf.to
lbdadnmolaedbfau.to
lefiaeieiififnnf.to
lefiefijiejdijef.to
leuaueufuanbbgbg.to
lezaeazdgzegdget.to
lfubaebeanfienfi.to
lganieeidiehgihe.to
lgauheudbbchaiii.to
linbeafbiaebfiie.to
llpaenimonadfueh.to
lnabeuffhshsueur.to
loeghaiofiehfihf.to
loirgsiorgididii.to
loueafhuoaefhefu.to
lpleflpokadkeoot.to
lploaeieifuebaub.to
tefiefijiejdijef.ws
tinbeafbiaebfiie.ws
toeghaiofiehfihf.ws
toirgsiorgididii.ws
udzususuzddd.to

# Reference: https://blog.talosintelligence.com/2020/12/threat-roundup-1211-1218.html (# Win.Packed.Phorpiex-9805496-0)

rghirgsrogrshggir.ru

# Reference: https://app.any.run/tasks/ac6c6425-fb00-4de4-adec-3074dedf7689/
# Reference: https://app.any.run/tasks/2cc2e2a7-ac71-48ff-8e55-b7af26c3fb61/

tsrv3.ru
tsrv4.ws
tsrv5.top
thaus.ws
zzruuoooshfrohu.su
tldrbox.top
tldrzone.top

# Reference: https://www.virustotal.com/gui/file/7b4217630f438720c48e4034a29674c92851585ebfd27d9193832f6db9cd794d/detection

deauduafzgezzfgg.to
deauduafzgezzfgk.ws
deauduafzgezzfgm.top
eaffuebudbeudbbg.to
eaffuebudbeudbbk.ws
eaffuebudbeudbbm.top
eafuebdbedbedggg.to
eafuebdbedbedggk.ws
eafuebdbedbedggm.top
eafueudzefverrgg.to
eafueudzefverrgk.ws
eafueudzefverrgm.top
edhuaudhuedugufg.to
edhuaudhuedugufk.ws
edhuaudhuedugufm.top
efaeduvedvzfufug.to
efaeduvedvzfufuk.ws
efaeduvedvzfufum.top
efeuafubeubaefug.to
efeuafubeubaefuk.ws
efeuafubeubaefum.top
efuheruhdehduhgg.to
efuheruhdehduhgk.ws
efuheruhdehduhgm.top
faugzeazdezgzgfg.to
faugzeazdezgzgfk.ws
faugzeazdezgzgfm.top
feauhueudughuurg.to
feauhueudughuurk.ws
feauhueudughuurm.top
feuhdeuhduhuehdg.to
feuhdeuhduhuehdk.ws
feuhdeuhduhuehdm.top
fheuhdwdzwgzdggg.to
fheuhdwdzwgzdggk.ws
fheuhdwdzwgzdggm.top
gaueudbuwdbuguug.to
gaueudbuwdbuguuk.ws
gaueudbuwdbuguum.top
okdoekeoehghaoeg.to
okdoekeoehghaoek.ws
okdoekeoehghaoem.top
seuufhehfueugheg.to
seuufhehfueughek.ws
seuufhehfueughem.top
tsrv1.ws
tsrv2.top
tsrv4.ws
wdkowdohwodhfhfg.to
wdkowdohwodhfhfk.ws
wdkowdohwodhfhfm.top
wduufbaueeubffgg.to
wduufbaueeubffgk.ws
wduufbaueeubffgm.top

# Reference: https://blog.talosintelligence.com/2021/04/threat-roundup-0416-0423.html (# Win.Ransomware.Phorpiex-9852505-1)
# Reference: https://www.virustotal.com/gui/file/d14f4408a7e126af404623520c6a1496163df31ae9c42f4744b80112e3b6c9b7/detection

aeuandnuaoegogn.ru
ageouhoeufhhghu.ru
ageouhoeufhhghu.ru
auehaofehofhuhf.ru
auehaofehofhuhf.ru
eauohouefhoahfu.ru
egoanfoenuoanfu.ru
ehaofehofhuhfhr.su
eouhoeufhhghuhr.su
euaoufhaheghfhr.su
gaeuaoufhaheghf.ru
hgouhfuosuoosrh.ru
hgouhfuosuoosrh.ru
ionfneonoigidhr.su
oanfoenuoanfuhr.su
ouaoueouefnufhr.su
ouhfuosuoosrhhr.su
rsionfneonoigid.ru
sgouaoueouefnuf.ru
uandnuaoegognhr.su
uohouefhoahfuhr.su

# Reference: https://www.virustotal.com/gui/file/b482f40d6a25bcdf96a92a4ae4b41694ad4eb36b5a91fde2813d6d9a26647415/detection
# Reference: https://www.virustotal.com/gui/file/7bf07131da269be194df41ffa88c5b806ccbf2c6b02e4aaa3b9d34ff53773056/detection

aefieiaehfiaehh.to
aefieiaehfiaehl.to
aefieiaehfiaeho.ws
aefieiaehfiaehr.top
aefieiaehfiaehr.ws
aefieiaehfiaehz.top
aefofhhfouahugh.to
aefofhhfouahugl.to
aefofhhfouahugo.ws
aefofhhfouahugr.top
aefofhhfouahugr.ws
aefofhhfouahugz.top
aeufhnfueunfnuh.to
aeufhnfueunfnul.to
aeufhnfueunfnuo.ws
aeufhnfueunfnur.top
aeufhnfueunfnur.ws
aeufhnfueunfnuz.top
bageiaiefuefuuh.to
bageiaiefuefuul.to
bageiaiefuefuuo.ws
bageiaiefuefuur.top
bageiaiefuefuur.ws
bageiaiefuefuuz.top
bfiuaebeufbefbh.to
bfiuaebeufbefbl.to
bfiuaebeufbefbo.ws
bfiuaebeufbefbr.top
bfiuaebeufbefbr.ws
bfiuaebeufbefbz.top
eaougheofhuoaeh.to
eaougheofhuoael.to
eaougheofhuoaeo.ws
eaougheofhuoaer.top
eaougheofhuoaer.ws
eaougheofhuoaez.top
egihaehefiejfjh.to
egihaehefiejfjl.to
egihaehefiejfjo.ws
egihaehefiejfjr.top
egihaehefiejfjr.ws
egihaehefiejfjz.top
fnenfmnieehgieh.to
fnenfmnieehgiel.to
fnenfmnieehgieo.ws
fnenfmnieehgier.top
fnenfmnieehgier.ws
fnenfmnieehgiez.top
hugrhusghufiiih.to
hugrhusghufiiil.to
hugrhusghufiiio.ws
hugrhusghufiiir.top
hugrhusghufiiir.ws
hugrhusghufiiiz.top
izezggefgegfzth.to
izezggefgegfztl.to
izezggefgegfzto.ws
izezggefgegfztr.top
izezggefgegfztr.ws
izezggefgegfztz.top
lkoeafoekfokooh.to
lkoeafoekfokool.to
lkoeafoekfokooo.ws
lkoeafoekfokoor.top
lkoeafoekfokoor.ws
lkoeafoekfokooz.top
lwoekouututeuoh.to
lwoekouututeuol.to
lwoekouututeuoo.ws
lwoekouututeuor.top
lwoekouututeuor.ws
lwoekouututeuoz.top
ufhuehfuigiijdh.to
ufhuehfuigiijdl.to
ufhuehfuigiijdo.ws
ufhuehfuigiijdr.top
ufhuehfuigiijdr.ws
ufhuehfuigiijdz.top

# Misc.

http://209.141.35.17/wpfa.txt

# Generic

/t.php?new=1
/tldr.php?on=1
/wpfa.txt
