# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: zeus, zbot, vmzeus, citadel, zitmo, soraya
# Note: https://securelist.com/android-security-suite-premium-new-zitmo/33088/ (Zitmo is the Android variation of Zeus/Zbot)

# Reference: https://zeustracker.abuse.ch/monitor.php?registrar=GODADDY.COM,%20LLC

aefalcon.com
9virgins.com
lincolnkaraoke.com
vegantravelshow.com
roanmtbb.com
oycservicios.com
milkworks.org
prtscrinsertcn.net
toolsathomes.com
dphcustompins.com
bocaautocenters.com
tronuprising.heliohost.org
links.heliohost.org
bilbobaggins.comxa.com
danislenefc.info
sslsam.com
bots.configbinbots.info
joejdbjrmrkklfnmf.usr.me
z3us1.z-ed.info
kesikelyaf.com
felanco.heliohost.org
circleread-view.com.mocha2003.mochahost.com
resr.configure.8c1.net
server.bovine-mena.com
google.poultrymiddleeast.com
ice.ip64.net

# Reference: https://zeustracker.abuse.ch/monitor.php?registrar=ENOM,%20INC.

ozowarac.com
luenhinpearl.com
wayufilm.com
zetes.vdsinside.com
poolkingsthailand.com
me404.net
escuelanet.com
stats.lead.mysitehosted.com
hotelavalon.org
branchtist.com
spartanr.5gbfree.com
leon10.5gbfree.com
kraonkelaere.com
indongsang.com
lion.web2.0campus.net
lifeisgoodwhenu2.info
warriorinjapan.hostjava.net
wor6.b6dfnahea.ns2.name
mxstat230.com
yamleg.fu8.com

# Reference: https://zeustracker.abuse.ch/monitor.php?registrar=Namecheap

shadowraze.pw
speroni.pw
cryptmyexe.pw
dominoziele.pw
u8781a21.pw
japanparts.pw
waserazer.pw
martex-rybnik.pw
foxmanwer.pw
ohimmades.pw
ryuitaqw.pw
blogerjijer.pw
serverjainpangwang.pw
debservers.pw

# Reference: https://zeustracker.abuse.ch/monitor.php?registrar=R01-RU

bqtest2.ru
cd31411.tmweb.ru
jacoblanderville.myjino.ru
kadastr89.ru
islenpiding.hotmail.ru
natlalirans.hotmail.ru
dileconme.hotmail.ru
pharirgatic.hotmail.ru
imamnhearte.hotmail.ru
naaninggeschcho.hotmail.ru
rarabarnfi.hotmail.ru
gyodundena.hotmail.ru
ya-aaaa123123.myjino.ru

# Reference: https://zeustracker.abuse.ch/monitor.php?registrar=PDR%20Ltd.%20d/b/a%20PublicDomainRegistry.com

iphoneservisci.com
christianwomenpc.org
rajrainwater.org
mersinescortbayanlar.org
bppkbsulsel.com
franka.in.net
markhousecm.com
chhathpuja.com
cooldomainname.ws
gjiayimeiya.com
xclones.in.net

# Reference: https://zeustracker.abuse.ch/monitor.php?registrar=R01-REG-FID

bright.su
bitters.su
turkeyhotelnoslafas.su
angryshippflyforok.su
nonstopeddanceraz.su
pedropedreiromoxik.su
beatyhousesupporte.su
rsslessons.su

# Reference: https://zeustracker.abuse.ch/monitor.php?registrar=SHINJIRU%20MSC%20SDN%20BHD

cennoworld.com
classicalbitu.com
eresimgbo.com
emailsclient.com
micheal766.info
hillalala.com
yahoo-action.com

# Reference: https://zeustracker.abuse.ch/monitor.php?registrar=ERANET%20INTERNATIONAL%20LIMITED

depolakoeasre.pw
bolerakopsoa.pw
doratopelase.pw
samoniklo.pw
delaponitan.pw
slivoratikam.pw

# Reference: https://zeustracker.abuse.ch/monitor.php?registrar=TUCOWS%20DOMAINS%20INC.

demexsoft.com
blog.raw-recruits.com
burrinsurance.com
pfengineering.com
lonsmemorials.com
bbwscimanuk.pdsda.net

# Reference: https://zeustracker.abuse.ch/monitor.php?registrar=WEB%20COMMERCE%20COMMUNICATIONS%20LIMITED%20DBA%20WEBNIC.CC

domifondery3d.com
domifondery.com
securetestingnetwotk.com
littwronthath.net
hope-found-now.net
jangasm.org

# Reference: https://plot.ly/~vkremez/17

actualmove.ru
aflar.ru
alaska2russia.ru
almazdental.ru
atmape.ru
baims.ru
bbumn.ru
bitcoin-send.ru
blesslifelove.ru
bqtest2.ru
brr-21.ru.shn-host.ru
cd31411.tmweb.ru
cogoda.ru
danbeta.ru
dileconme.hotmail.ru
dozybrown.ru
eddw.ru
endnra.ru
fitytrade.ru
fx45.pp.ru
genmjob3.ru
geopryce.ru
goa-inf.ru
gyodundena.hotmail.ru
hjsahdjalsudioaso.ru
imamnhearte.hotmail.ru
islenpiding.hotmail.ru
jacoblanderville.myjino.ru
junniper.mcdir.ru
kadastr89.ru
lebedev30.ru
legitvendors.ru
lifestyles.pp.ru
lifestyles3d.ru
love.saleb.ru
lucoilosa.ru
madunixxx.ru
mcbt.ru
naaninggeschcho.hotmail.ru
natlalirans.hotmail.ru
now-work.ru
olwwe.ru
onlyl.ru
panorama-otel.ru
pharirgatic.hotmail.ru
platinum-casino.ru
pnmmn-cyvbiqzbe.ru
rarabarnfi.hotmail.ru
rich11ds2015sqr.ru
richus.ru
s888for.ru
sp4m.ru
tosyisha.ru
u0003321.cp.regruhosting.ru
ulogroup.ru
uralviolet.ru
viose.ru
vz81757.eurodir.ru
warfacebest.ru.swtest.ru
changeexchange2.ru
eroconlia.ru
luxkupe.ru
ruyacafe.net
tvergeneration.ru
zvenigorodskoe.ru
ya-aaaa123123.myjino.ru
zabava-bel.ru
zhyravlik.ru

# Reference: https://www.malwaredomainlist.com/forums/index.php?topic=2207.1255;wap2

zxjfcvfvhqfqsrpz.onion
zxjfcvfvhqfqsrpz.onion.gq
zxjfcvfvhqfqsrpz.onion.lt
zxjfcvfvhqfqsrpz.onion.cab
zxjfcvfvhqfqsrpz.onion.city
zxjfcvfvhqfqsrpz.onion.direct
zxjfcvfvhqfqsrpz.onion.link
zxjfcvfvhqfqsrpz.onion.nu
zxjfcvfvhqfqsrpz.tor2web.fi
zxjfcvfvhqfqsrpz.tor2web.blutmagie.de
zxjfcvfvhqfqsrpz.tor2web.org
zxjfcvfvhqfqsrpz.tor2web.ru
zxjfcvfvhqfqsrpz.tor-gateways.de

# Reference: https://www.virustotal.com/en/file/0663c151e7107e6d5378ecba52753f78ad50761ac6e32b63b95172dc840a1225/analysis/

aa.jn43d.su
ds38dks.net
tmp87.jn43d.su
tmp90.edns.su
tmp32.dns-free.su
c19h7.no-ip.su
fp-mk.net78.net
tmp21.dnsx23.su
tmp19.dns71.su
tmp12.dns-top.org
d65g.dw7g3.dns-free.su
d65g.dw7g3.dn3gwe.su
d65g.dw7g3.dnesa343.ru
d65g.dw7g3.dndfr44.su
d65g.dw7g3.d33jd.net
d65g.dw7g3.fefg934.info
d65g.dw7g3.46hf44.tv
d65g.dw7g3.dnrrrrrrrr.xxx

# Reference: https://www.threatcrowd.org/malware.php?md5=1ccde9e8e2599f7423ec0334013ef0c7

xdns.su

# Misc.

c19h7.no-ip-free.su
d65g.dw7g3.dns-free.su
ds.fdlo1.su
tmp19.dndddew1.su
tmp19.dns71.su
tmp21.dnsx23.su
tmp32.dns7free.su
tmp33.djuika.su
tmp33.dnsm2.su
tmp47.xdns.su
tmp90.dnsm2.su
ujn.sdf439.su

# Reference: https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html

blessedgroup.biz

# Reference: https://blog.talosintelligence.com/2018/08/threat-roundup-0824-0831.html

neosz.org

# Reference: https://blog.talosintelligence.com/2018/08/threat-roundup-0817-0824.html

www.crossatlantictrades.info

# Reference: https://reaqta.com/2018/09/global-malware-campaign-using-zeus-panda/

http://85.204.74.107
http://89.18.27.143
http://89.18.27.221
http://95.141.36.106
http://95.181.178.216
aanvraag-ing.nl
abnamto.com
adobeflashupdater.net
american-express.site
american-express24.com
apple-activated.com
apple-inc-server-icloud.com
apple-ins-server-icloud.com
apple-ituens.com
apple-ltunes-ios.com
appleid-find-usa.com
applessl.info
bdv4cc9rub.net
blochhain.com
blockchaiw.info
cibconline.cibc.com.ebm-anp.com
clickara.com
cloudflore.cc
colobinar.com
conectlo.qt
conishiret.com
disbanist.com
elementaleios.win
elementalelib.space
free-etherwallet.com
freeflysky.tk
gegirtan.com
gemendoloma.top
google-cloud.pw
gorevoin.com
gov.0.56v.us
guardnet.review
iban-abnamro.nl
iban-ing.nl
iban-marktplaats.nl
iban-rabobank.nl
icloudip-itunes.com
ielectrum.info
imap.em.gmailssdf.com
imap.maill.clintonemailhearing.com
lelectrum.com
lloyds-online-banking.verificaiton-stamp-online.com
maferdola.top
magentotoolset.com
mail30.power-gt.com
metrobanakonlline.com
mijning-ssl.info
mijning-ssl.nl
minotaris.com
mongovaca.win
nodertoma.top
polessdo.com
polinodara.com
power-gt.com
ppnl.info
procrd.pro
prosalesservice.com
sitergenis.com
sobentera.com
staticball.com
sucursalesvirtuales.at
sucursalvirtualpersonas.at
ukogono.top
verificaiton-stamp-online.com
vigerentis.com
waser.ml
worontau.top

# Reference: https://twitter.com/Bank_Security/status/1039211385752875008
# Reference: https://otx.alienvault.com/pulse/5b968a18fd673805822ff806

bizercise.top
cremedesoins.top
disithedtse.com
gaswanted.top
nauseorofte.ru
theeunload.website

# Reference: https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html (Win.Dropper.Zbot-6681657-0)

grandesupport.biz

# Reference: https://twitter.com/JAMESWT_MHT/status/1045564495723188225

94.102.60.144/1/gate.php
94.102.60.144/1/screenshot_gate.php

# Reference: https://twitter.com/r00tninja/status/1043978633558347777

wxyxgpescui4qpmc.onion

# Reference: https://twitter.com/blackorbird/status/1140519090961825792

br1vo.com

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2014/2014-04-07-zbot-botnet-steals-thousands-credentials/zbot-botnet-steals-thousands-credentials.csv

merdekapalace.com
vodrasit.su

# Reference: https://twitter.com/James_inthe_box/status/1186291866511147008
# Reference: https://twitter.com/P3pperP0tts/status/1186565131829948417

baloobafoudanitojahdge.space
godisonourside5.store
molanounakomllbsedfrtee.xyz

# Reference: https://twitter.com/ChrisPSecc/status/1059374450100109313

foxbeagle.com

# Reference: https://twitter.com/James_inthe_box/status/1190320241139564544

ac-cofan.com

# Reference: https://blog.talosintelligence.com/2019/11/threat-roundup-1025-1101.html (# Win.Packed.Zbot-7364099-0)

alnisat.com
jagalot.com
myadvsit1.com

# Reference: https://www.virustotal.com/gui/ip-address/185.70.184.88/relations

http://185.70.184.88

# Reference: https://www.virustotal.com/gui/domain/appareluea.com/relations

appareluea.com

# Reference: https://viriback.com/30-days-later-97-panels/

nsdic.pp.ru
dtron.gdn

# Reference: https://www.virustotal.com/gui/file/0f799184fc1d6912469a26fc1c60e0f3f7fa4f9ef172f77d791911200168ee84/behavior/VirusTotal%20Cuckoofork

bonton.by

# Reference: https://www.virustotal.com/gui/file/eda6b09b87f893c7940219e19c2aa1ae1a4e0c9d07af13c4cedb9bd4ecc7cdda/behavior/VirusTotal%20Jujubox
# Reference: https://www.virustotal.com/gui/file/4e8d523f1c48f606a42a25a7ebacedc0747da860bfef6a489dfe6f3b72eb7762/behavior/VirusTotal%20Jujubox
# Reference: https://www.virustotal.com/gui/file/34c3e4f184b2b2551988e97941cc5aafaf9ad9bb47e03e35b4a6951a9ec502dc/behavior/Dr.Web%20vxCube

http://31.220.2.120/~bulblgh1/

# Reference: https://www.virustotal.com/gui/ip-address/185.170.43.187/relations

/ibbcgcwbrsghsovq/gate.php
/lgdrxgsorgvanizl/gate.php
/rnbqjgjxyqonejhm/gate.php
/wjsjltaipbnypilx/gate.php

# Reference: https://www.virustotal.com/gui/ip-address/167.114.89.205/relations

bemybooter.eu
edmundgroup.tk
emeonlineinc.com
estebantrejos.com
freetool.tk
partchecker.info
skmineinc.tk
swatt.me

# Reference: https://securityintelligence.com/posts/zeus-sphinx-back-in-business-some-core-modifications-arise/
# Reference: https://www.virustotal.com/gui/ip-address/185.236.203.134/relations
# Reference: https://www.virustotal.com/gui/ip-address/5.63.159.168/relations
# Reference: https://www.virustotal.com/gui/ip-address/109.94.209.66/relations
# Reference: https://www.virustotal.com/gui/file/e3932ab83bc05de2e91d321c4d479ff1aa3d10fdbd91e1687c80cc0ec88270e8/detection

choksaiiwkokskkall.info
dasifosafjasfhasf.com
dsdjfhdsufudhjas.com
dsdjfhdsufudhjas.info
dsjdjsjdsadhasdas.com
fdsjfjdsfjdsdsjajjs.com
fdsjfjdsfjdsdsjajjs.info
fdsjfjdsfjdsjfdjsfh.com
fdsjfjdsjfdjsfh.com
idisaudhasdhasdj.com
idisaudhasdhasdj.info
infinitydeveloperspes.info
jdafiasfjsafahhfs.com
kasfajfsafhasfhaf.com
kdsidsiadsakfsas.com
oajdasnndkdahm.com
unverifiedintigoosjai.info

# Reference: https://www.virustotal.com/gui/file/cdd21d133862b336d6e9f6023cabc8624f2dfe78b4060e22bcd560d83caa7725/detection

microsofto.sytes.net

# Reference: https://www.virustotal.com/gui/file/f3990a88fbcd2e6c31d6dc423bb90610444227e25bd26848e653939bf593b9ed/detection

http://93.174.89.19

# Reference: https://blog.talosintelligence.com/2020/09/threat-roundup-0918-0925.html (# Win.Packed.Zeus-9762533-1)

cyxaerkijeuaupzhqjzxhkzmrmvxw.net
gmwgkfjfrcdamydbuucrhxzxqclv.org
hmnbdanrschumrtouxhmxwhfe.biz
hseuswtumvofhaugxcbuaskifzp.ru
hvwuwdellgqcaivwkeqzxhkhyea.org
jvzxcyfquohmzyotkswskjnbn.biz
kljvxotcuplskxqwbyizbro.org
knibxwsofqprztzpbyibhpvqcsh.ru
ldugqylugovtcpfuingawkugnws.com
llxcijbliflgqhiijivxkvkrcr.com
mjhhmhrovocqlnkjqkuayhxgvgoj.net
mvdyheugepjxxdgyxxsuceqv.info
mzqocmpfltdlirxcqwxwdmb.info
nbvcqsprcapbymreyvojvteagy.org
pgdgqxhufexpnfqcedvbaythu.com
pvyhfypvemoeqhxsgerotsorpsfe.ru
rshuptpdiypmjovfebcetxkud.com
soamvwpqwdxougljpjwpfbuzpuky.biz
tstcfobmbcizlrramfuhwckrn.net
tvkdezvwqkqclpnxsdapinamd.com
vklfwsfqpbsxvobnzrkxshmrkd.com
xcpijwuyvktcbmuodykbkbp.biz
xgijwozlwbiddyeavkvintxnrv.biz
xwgbavssggegeubilbnzdpbwkjzt.biz
zthqlrtgcexobqkpqkoydheikj.org

# Reference: https://www.virustotal.com/gui/file/64ed16141e4200957c51541d8b542e69828004eadfb12d7be6af1cb315bd477b/detection

dnsslavemgr.info

# Reference: https://www.virustotal.com/gui/file/1dfe64efadacd42c07ddacd8ac0bb8b4fcc8fb714411bb1f2c9a3dc6ff32bc94/detection

e-trustuplevel.info
uplvlmassreserv.com
uplvlmassreserv.info
/strongest/encryption/lvl.php
/turbojets/service/file.php

# Reference: https://www.virustotal.com/gui/file/a2c687cd7ea9a8962327848539d59ba702e5808b8450b878106ea749856e41f6/detection

yholder.com
/server[php]/file.php

# Reference: https://www.virustotal.com/gui/file/b5f692f2b5d1ded9063df83c6c50e46f800308a623d88516f11c705ee43878de/detection

aolmm.com
dreampass.us

# Reference: https://www.virustotal.com/gui/file/60ffd56104693c5232a7c7036595fe415b0538a47e3e84357fda6e9526397fb5/detection

brightgraph.com
blogstruct.com
babbleprint.com
/sopelka1/file.php

# Reference: https://www.virustotal.com/gui/file/9c4d15d6ebceaa72992e69984d42982886e18a7f78579f373152d15dcc45a63e/detection
# Reference: https://www.virustotal.com/gui/file/fa980962e88c61e29145ccded7da9666ecd2d855c2edc4f64a05a8a54cead222/detection

vikingwer6.com
/deadm/file.php

# Reference: https://www.virustotal.com/gui/file/f33cc7e44566a77e288990d8c13747cc54402c6c1cedc6c4da226ceb685f6c8e/detection

newoubouhbolihbi.in
trading-top.com

# Reference: https://www.virustotal.com/gui/file/ee5e4d0b93a5e8eccaebfaedb8701f5599248a28f8ef904bccaf4ea109687d62/detection

wtfrpfm.com

# Reference: https://www.virustotal.com/gui/file/d598ee9b6b6aeb0d7f0969e4964ce64136110fdc0084ae03393f8681e4b6c83e/detection

joomwerk.ru
kansound.ru
in911.ru

# Reference: https://www.virustotal.com/gui/file/67d209a1f080e29bb168e81c19ef7e149cd675b2cecb61b947d772259aee021d/detection

rolabork.ru

# Reference: https://www.virustotal.com/gui/file/869780a8cf3e5c6abef877d0c8de6d25f39b3f2190ae5437e301195bca2f2a36/detection

hronologqq33.org
httpservice-check.in
poseidonmnesovsem.org

# Reference: https://www.virustotal.com/gui/file/af482f12f5d3d14e7b1ef4b172c46647d4f117da224abfba55b682eabba147b8/detection

secondaryfoundationforyou.com

# Reference: https://www.virustotal.com/gui/file/bc200c6ddc4d67ae074ea296e078610048c787804a34b031f089154479ff66cb/detection

au1-gate.com
au1-gate.net
au1-gate.org
/citadel/file.php

# Reference: https://www.virustotal.com/gui/file/1ac2d1eeb98eb86e1d362b77dea44e4c2004b150b0a5351ab11af009010287fb/detection

birdisaword.com

# Reference: https://www.virustotal.com/gui/file/d54a79e8e02d981cb3e997a6c7ce62139c3231f7afeb81eee208b993cb8bf243/detection
# Reference: https://www.virustotal.com/gui/file/e8a189c50cecd228054fe4712c5e141b3537b708edc6bc5ae3b92f8f9fa8950a/detection
# Reference: https://www.virustotal.com/gui/file/2c7c90ed27e4362f1bbe6a0804dccb2290d336738f9ffaee953e74e55faf80ed/detection
# Reference: https://www.virustotal.com/gui/file/5545d836b2d098d7a27d5078b420db3876b64a62ea0f37e4c72a6eb7d8790353/detection

969696.ru
/(())/cfg.bin
/((l))/ld.php
/696969/cfg.bin
/696969/ld.php
/69111/69.php

# Reference: https://www.virustotal.com/gui/file/76df057847c5c03cdb03909463fe1cf971227be2916bd44fcad238ca71795059/detection

gussiley.org
wowteammy113.org

# Reference: https://www.virustotal.com/gui/file/b3e03b09e6c232697baf75a2bf9d6294286515b39f0d9c4760bfe31df9a26617/detection

omarioscb.com
megasuperzx.com
megasuperzxa.com
/citdl/qpcpcitdl/amdinkz/filex.php

# Reference: https://www.virustotal.com/gui/file/77aa47af04cd0e6db95601f1fc99341502d46796e71491946cffafd99b9026f9/detection
# Reference: https://www.virustotal.com/gui/file/d36a83d3dd3426c0f25f75eab0975476dfdd46a76482d31ad650faa2f45cab20/detection
# Reference: https://www.virustotal.com/gui/file/1ea97b370180d9d44d664a4f1a864b900e024ca2341e4ca1cfe8ce8f1453bf84/detection

fs21sa643664.be
fs535a64364.be
fsa3fsa1643624.be
fsafs421524.be
fsafs4215254.be
fsafsa521524.in
/0x0003/file.php

# Reference: https://www.virustotal.com/gui/file/8af46632f1182264dfca3865ae9583748a21e8a3d020ef8d3340c8c0b36a04f0/detection

quittsagges3ies.be
/0x0004/file.php

# Reference: https://www.virustotal.com/gui/file/b73f0e9996a603e6a365e94fa187dddb228911e88224513fd06bd55a46fb1cea/detection

kopolenatser.com
urkinotgood.com

# Reference: https://www.virustotal.com/gui/file/2d2c858c42ca6a3f5cf5dee426359c6af428d067ee76b695bf77e95d64338e8c/detection

homelinuxinside2.net

# Reference: https://www.virustotal.com/gui/file/7481d6bbe0dbee670f794927d4616766f67b0b29949035ef1eeb518ff1f64b51/detection

grblinux.com

# Reference: https://www.virustotal.com/gui/file/8b9618bb2c711d6957a77559a6ae067ea80e80a40e19020b2034848c7362df37/detection

alemandat.info
bilbodron.info

# Reference: https://www.virustotal.com/gui/file/2e489f865d361135df441d5abf8345110a71216a76a67c5cf427c48564980d14/detection

demoserviceout.ru

# Reference: https://www.virustotal.com/gui/file/237dcc31bf8f4b64d96bd3a2fbe5c5f0851f384b66d94b64f2667a9448694559/detection

commonformstopnet.com
netcenterc.com
obcmainrevisitor.net

# Reference: https://www.virustotal.com/gui/file/19798a9e42cce6050411aef7bd409f7159963d84f15da8fdfd97201028bf4877/detection

soundwisdomfinancial.com
thelockmanpublic.com/wp-content/themes/instal/file.php
trendlavoro.com

# Reference: https://www.virustotal.com/gui/file/88621dfb1f33552c74a5737b94b82a8a21ebad940ff4cbeac5875f7859a6bdbb/detection

checkincheckoutdoodling.in
emphasissmartlists.org
simplynamedgritty.in

# Reference: https://www.virustotal.com/gui/file/9c49410451724a01979fe1f0977c401053350b2b09870dc446d8fc052af13fb1/detection

h5d5c57.com
h5d5c61.com
mobidickguru.com

# Reference: https://www.virustotal.com/gui/file/3b9ff9953de8cf87fd8a8f81e0ed49f2872733c79c9c4f300ac6d4054cece8f9/detection

computer-data-klinik.de/html/kk2.bin
justtakethis.be
/html/kk2.bin

# Reference: https://www.virustotal.com/gui/file/575bab5077092b7eed58daa88dc419fcb7c63297e2dc5f6709719665cab5b67d/detection

sikonsol.com
/jobcfg/cfg.bin

# Reference: https://www.virustotal.com/gui/file/b9a128c5ba5aba51e29a83c15500d551fd900c84d84c90a2f1ae94d2136be661/detection

sampleadvert.net
someadverdownservice.com
werbadvsrvpoints.net

# Reference: https://www.virustotal.com/gui/file/ec17c8a9397fd0563453c9d81c67e5e4582e4826221e060e4c192cb5c0efdb2e/detection

aartdvery.ru
ischu-sponsora.ru
lana-ross.ru
lazur-gagra.ru

# Reference: https://www.virustotal.com/gui/file/c3a6741265e5ab85fd0961d32c24732c224ace930933a379fc1e86ef14fc709c/detection

dualglobalwave.info
dualglobalexwave.com
quadglobalexwave.com
/encrypted/globalwave/aes.php

# Reference: https://www.virustotal.com/gui/file/229c8f1c6c38736cd17b640c23af25820c0ae03605dce999c1753d0471c1586e/detection

kulanustarikamistalama.in
lopusterijuxtanta.org
robasteolukatunamela.com
/chuqn/siaoqir9v/file.php
/chuqn/siaoqir9v/
/siaoqir9v/
/dgquicnqi/ladlchfiq/ofpcnqkx/file.php
/dgquicnqi/ladlchfiq/ofpcnqkx/
/dgquicnqi/ladlchfiq/
/dgquicnqi/
/ladlchfiq/ofpcnqkx/
/ladlchfiq/
/ofpcnqkx/

# Reference: https://www.virustotal.com/gui/file/4486727f171db1926ef12dd440d21eea31b93da2216970eff293583f635dba85/detection

commonftsformbs.com
fieldmanv.net
obcontainerev.net

# Reference: https://www.virustotal.com/gui/file/3db29a66fe45ca425b777f48b65c92151b76d1ba937a59b9ac1578b705f69c28/detection

webdatab.net

# Reference: https://www.virustotal.com/gui/file/4309d4f49abeb0d39454f20a5c60195ee42bf0b0f59864c86059da078c189830/detection

gremlindefault.net
/mainsession/game_install.bin

# Reference: https://www.virustotal.com/gui/file/c8f04368f328a59e18c07bd0ee1db101395828d0927780cb33188eff3d784a17/detection

cloudsfigs.info
getocifpo.in

# Reference: https://www.virustotal.com/gui/file/6fc09cc6d28ec986cfc0aacda23ec88be4c0bda626872bfde372cb9ab9dc8671/detection

alexaworldserver.com
clickbankstat.com

# Reference: https://www.virustotal.com/gui/file/f636794e88cb81b01ac7fa6c4bdf77a33ddd7e88cd33eb98072008e0e64d3013/detection

inconvenienceonthefly.org
performschronicle.org

# Reference: https://www.virustotal.com/gui/file/b3dd0f0ed4049538d744bb23be46595e5e13776c1fd1bd925b04d9bfb94fe38c/detection

newcidomain.com
trestnetreste.com

# Reference: https://www.virustotal.com/gui/file/d7c0238bf4b822e0c48da87d643182a0cc078dcbca2d6ea1db47e02f2802163f/detection

somanyexp.com

# Reference: https://www.virustotal.com/gui/file/915c2d5328ac5ad50b1cc62ad86e18f6f176d2b8f1971c436d9f21aed9f4fe6e/detection

hatefujews.com
qwe111.com

# Reference: https://www.virustotal.com/gui/file/b7b6c4f9addbc4d9b409a3cbda3b4575abb4b48e0f39659adc38306fd1f0bc16/detection

sunshinework22.com

# Reference: https://www.virustotal.com/gui/file/5a72c2f099c6a6fce7b9c67ba818d1a03b1e419dc502f04e484230c6dfd37247/detection

alldomainsguns.org
fincdoms11.com
returnzlab.net

# Reference: https://www.virustotal.com/gui/file/800193aaf555efb8fc4c4cf40b0a33ff7bab082c3cc07d254156300e1b45b5f7/detection

viplobbyr.in
waxshmax.org

# Reference: https://www.virustotal.com/gui/file/b963b4f7340d6c1a691f62f7051d922c9ba5eb8283e49b3d7308faa52fc938e7/detection

transservx.com
/xz4h3/files/test_config.bin

# Reference: https://www.virustotal.com/gui/file/fc11097eaf4e2cc3b36ff3e3ca399568219693623a3c85142dd6a3999404c7b4/detection

streetviewdaz.com

# Reference: https://www.virustotal.com/gui/file/0cf49127a7a57851623353d77dbb7dd54c337a5b56cdbe11475bb9fa68c44624/detection

aderege.com
domainqwerty.com

# Reference: https://www.virustotal.com/gui/file/ec8d0d93275f35730ca3d122116f6fb2705f357a72f0ac919567ac89ad521100/detection

adiumflux.com
/UOIy7893uas4adss/
/UOIy7893uas4adss/file.php

# Reference: https://www.virustotal.com/gui/file/9247811c3355c6a72eb1b9b2c2f6535a68a34add7486c3c3ee450903fa2edc60/detection

games4win.org

# Reference: https://www.virustotal.com/gui/file/c52b858a241f25202cec44f8606307c3a31333cd35a8692dfa0cdf8c708b780b/detection

leramvena15.info

# Reference: https://www.virustotal.com/gui/file/8e035883bba72d3bc925f8657dc9da754e5ed854290d436ab188ce155a31dea7/detection

produkktc.com

# Reference: https://www.virustotal.com/gui/file/ffc588993173d8b4a19a9ee87888d53f1b13c957e47a89027439deb73ad3ba4d/detection

ineshohaia.no-ip.biz
oslomoslo.myftp.biz
philcrow88.my03.com
smartappsecurity.com
smartappsecurity.net
smtpandrho.sendsmtp.com
/sms/me_v689.php

# Reference: https://otx.alienvault.io/indicator/domain/promisex.ru
# Reference: https://www.slideshare.net/realdeepdark/famous-cc-servers-from-inside-to-outside
# Reference: https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2020/pdf/BRKSEC-3156.pdf

promisex.ru
tredokilo745241.ru
/1/uggi/

# Reference: https://www.virustotal.com/gui/file/12a5fcbea38b2105cf7a6fb697ed61be1b118898096a0f7f868b51a24a04f138/detection

777rhims.dhcp.biz

# Reference: https://www.virustotal.com/gui/file/ed37d472ab06b7f289a8ab784029edb164ad83a9dc1b8937b01a8d4155628176/detection

iansconcept.com
/adminpanel/modules/config.bin
 
# Reference: https://medium.com/@lavineaoluoch/network-traffic-analysis-of-zeus-malware-86fee538c809

mahamaya1ifesciences.com
/metro91/admin/1/ppptp.jpg
/metro91/admin/

# Reference: https://www.virustotal.com/gui/file/c759e26e98eaf7c8ff3c1650ff5d027561bb15db56d41b22984a4db01674ee92/detection
# Reference: https://www.virustotal.com/gui/file/99de318ee773544d99430fbc0e369acd0ae5820f2d46065f640b502ea508ae01/detection

sonifer.biz
/pers/list/config.bin

# Reference: https://www.virustotal.com/gui/file/1b2603f25f03c697080ceb79b740b534958f69c07232819fe29bd3d4adc39f9d/detection
# Reference: https://www.virustotal.com/gui/file/82b3ff47244eb0c0fd77716f2f5a0e4183e2140d31c586cadbe16d3cc39481c9/detection

/gsdwwk/config.bin
/gsdwwk/gate.php
/gsdwwk/mod1.bin
/gsdwwk/mod2.bin
/gsdwwk/mod3.bin
/gsdwwk/mod4.bin
/gsdwwk/mod5.bin
/gsdwwk/mod6.bin
/gsdwwk/mod7.bin
/gsdwwk/mod8.bin
/gsdwwk/mod9.bin

# Reference: https://github.com/stamparm/maltrail/commit/733a4d2029755ad71c84caf07fc8dfb0e8332e60 (# Citadel)

adcarapicuiba.org.br
aimbissonline.uni.me
alabaka.net
albors.ir
appimpak.com
asptt.aikido-meat.com
aydinyasam.com
bawsyfella.96.lt
bercepazarlama.com
blacked.co.in
bringbackourgals.biz
bukumluiplik.com
campusbusinness.uk.nf
casadoatirador.com.br
chidochi.in
cita.zlayvez.name
clinicadrneto.com.br
clubotumba.asia
coldrollicecream.com
crossydonalds.biz
czonest.com
dadaehirim-ventures.biz
dan.xiga.us
dantanta.in
daveotool.com
dede-ventures.biz
dexteriscool.in
dohanconglomerate.eu
donaldsleek.in
eddy-elderventures.com
enocuae.com
esherristore.com
fasholatools.com
faw.cl
flamaniplik.com
fretrillion.bl.ee
frhometextile.com
gfxexchange.biz
girlchildeducation.biz
girlchildright.biz
goldtradingpty.com
greenindustry.info
grupolz.com.br
hardwoodhosting.biz
harsto5.myhostpoint.ch
heartfactor.us
hsbconlineuk.com
hulkania.bl.ee
ibegroupofcompany.biz
indigienet.net
industry-pencik.biz
int.ishonch-doverie.uz
integratedcredit-exchangebase.com
inteligenciasistemas.com.br
ironisthrone.in
isopoly.net
jahexportandinprot.in
jefferkayelle.name
jj-tradings.ru
jobs.hendra-budiawan.com
jottedmaintains.net
junkss.asia
kalisto.us
kane22.flu.cc
kesikelyaf.com
kitchensinkco.com
ktvarzi.com
lawaco.com.vn
lbmedical.se
likeorders.com
lineage2world.pro
livingword.co.uk
macclean.cn
machimaks.nut.cc
magajmet400.com
makemoneyonlinewithdougzimmer.com
martex-rybnik.pw
merchantspeedaircourier.com
merchantspeedcourier.com
mercodigital.com
migratesolutions.net
militarygradehosting.com
mnsccds.com
morondos.com
mrganglobalinks.com
muzafferdemirtas.com
my40ventures.biz
nondisclosureaddremove.net
ntma-ng.com
osi1.tld.cc
ourdailyshopping.com
parisnigeria.com
peralos.com
phiosi.usa.cc
powblock.com
premieroil.net
profisite.net.ua
pursuits.in
rayanserver.com
ready-for-numbers.com
ringiplik.com
rossyb1.myhostpoint.ch
roymelody.net
s-trust.co
saudevitalsuplementos.com
sayno2gal2galmarriage.biz
sayno2gaymarriage.biz
servicoplus.in
sexyfeetpics.net
siouxlandchamber.com
sp4m.ru
spamheros.info
specificrandomness.com
sportfitzeeland.nl
starteendteam.ru
stfoto.pro
susdu34568.com
susduais1818.com
swellbottom.net
talkaloka.meximas.com
technlip.com
teddydurban.com
teethbow.in
theoweiss.com.br
togment.co.in
toolsinc.info
trillsafe.usa.cc
trustinstrument.com
unlimitedgoods.biz
upliftosi.ibiz.cc
vidgutch.biz
voipinfo.sk
vsnili.com
wandingoo.net
westgotit.net
windows-security.su
worldbiggestsocialnetwork.in
xcessabc.in
young-gizzy.com
zedlabs.co.uk
zpanel.ibiz.cc

# Reference: https://github.com/stamparm/maltrail/commit/733a4d2029755ad71c84caf07fc8dfb0e8332e60 (# Zeus)

1011233.com
2334455666.com
24411244.com
564356899.com
abdul.org.in
acstyles.com
actyve.com.br
agrochoice.co.ke
aladdinsbikes.com
alchemistrywork.com
alissonguimaraes.com.br
alliedmindstorm.com
alokobi.com
ambient-gradnje.si
ankaninyuvasi.com
approvi.com.br
arquitectoenbarcelona.com
arteemmetais.com.br
auto-fx.nl
bakisekerci.com
balharbourcondo.com
balkanjm.com
barekpaint.com
bashcamron.com
bazalttas.com
bentleyoil.biz
berizka.gorodok.km.ua
beta.malimusavirbul.com
biorecc.com
blessingfm.com
bobotat.usa.cc
bossmmc.in
bouvoyages.net
brandweerravels.com
brazilcup.tk
buachedhsp.com
bullorverdjinx.biz
bunydchina.com
butikbrands.com
c4utrecht.nl
cabinet-biennale.com
cambraine.eu
cathybote.biz
ccghd.ru
centrastt.co.uk
cerovskiprijatnomnebi25.net
chaseonlinepc.com
chicboytrde.in
chimmy.eu
clinicadrneto.com.br
clivertrade.biz
clubdonald.asia
cockkett.com
coldworld.co.in
cometcountry.com
consumatorul.com
coolnewhairstyles.com
cosem.co.in
cscebc.ca
cursodegnosis.net
dailyscursos.com
daisyvennyboy.com
dangotegroupng.org
darretlo.net
datarecoveryoxfordshire.co.uk
decembermoney.co.in
declogz2014.asia
dexteriscool.in
dezigner.com.my
diablesdelleida.cat
dierendal.nl
dimar.cl
diocesedemarilia.org.br
diversifiedgeneralcontracting.com
docedebebe.com.br
dominoziele.pw
dontskid.me
dopeboi.ru
doubtclear.com
drabstryy.co.uk
drekavac.com
dubankoolzi.biz
e-byturk.com
e-rbi.org
economiademercado.com.br
ellawijt.com
engeforpavimentacao.com.br
english-glasmark.pl
epjbcn.es
euslugi.mojregion.info
everbelen.be
excessmoney1.com
exchangeprofitchop.biz
eyeofgod1.com
fantasysasa.com
faranegar.co
favourfromgod.org
fdslosart.co.uk
femfkyozuma.biz
fleursmontreal.net
fluxedetero.biz
foxmanwer.pw
freegeart.net
freya.instanthosting.com.au
funbeatzfm.sonixhost.com
fundacioncopservir.org
gardenasofa.com
genesysproperties.co.ke
getego.suroot.com
ggnesx.biz
glamourettecollections.com
glaxeopink.net
globalplus1.in
glogisticses.com
godlalune.com
goodluckfromgod.org
greethy.com
grupoprosur.com
gunessaatlicaybahcesi.com
gunindo.co.id
hackingbase.com
haiunair.com
helllogz2014.org
hepsibirbilisim.com
hetchies.com
hillalala.com
hiro-ishino.com.au
hockeyihl.com
hungthinhtrade.com
hyperbolic.tk
hytorc.com.vn
iansconcept.com
ibandekorasyon.com
ibmjm.com.br
ichiewale973.biz
ikakajadesola.me
ikebob.usa.cc
illawarradisabilitytrust.com.au
imanprojects.com
indigienet.net
infosousahost.com
injaus.com
integralaser.cl
iphoneservicecenter.co.uk
ironisthrone.in
isgomtemizlik.com.tr
ismailerdem.com
jaiwebhosting.net
jerry.usa.cc
jerryguy.usa.cc
joehellgroup.org
johnconsultrade.in
jonetrade.org.in
juanadearco.com.uy
kenpactrades.biz
khoangiengthutiep.com
kihsmalta.com
kiongroups.com
kioskcantinhodaroca.com.br
kiperonline.com
kireasweert.co.uk
kisar.co.in
kisgolden.me
kkeraobal.com
kontlinent.info
kwazar.ru
lampond.info
lanotes.com
lawsnorders.eu
liderbombasinjetoras.com
livingwaterphotography.com
logzbox2014.org.in
londonswifitdelivery.net
losartsettsf.co.uk
macrshops.eu
magicborn.me
magnifiquenails.be
mahamaya1ifesciences.com
majorenterprise.info
malcolmwood.me.uk
mariorossi2013.homepc.it
markavellijob.co.in
masertrades.biz
matclawanstd.in
mattyboss.in
mcbt.ru
mcfadden.asia
mecanicauach.cl
menumaterno.com.br
mersinkablotv.com
metaphororganic.com
mhhealthcare.es
michael-spa.asia
mizarstvogregor.si
mnsccds.com
modeconnect.org
moratti-sales.biz
muazymaur.tk
munusamykeums.pw
myallpctools.com
mybomb.usa.cc
mycodeboard.com
mydriveonte.sx
nacosti.go.ke
namibianhardwood.com
nanoprotech.com.ua
nawederunam.com
neumaticoschiclayo.com
newbetrrsearve.co.uk
newyorkradioimperio.com
nguyentatdat.com
nhk.nl
nicholastradess.biz
nijahostingresellers.com
nmtchicago.org
nodulling.in
nozs.nl
numarabulma.com
nyprince.us
obi.org.in
obilogas.net
oceansheillnz.com
ochez.co.uk
ogodo.in
oldmomtaz.com
onecontabilidade.com.br
onenewmanthailand.com
onyekaobo.in
orientexpcs.org
ortaksistem.com
ostsee-bunker-de.com
oweridreamsact.com.ng
oxygenconcentratorairsep.com
packycracku.com
pafospress.com
panelreturn.tld.cc
paramin.ac.th
partiestiro200.com
pat.org.in
paulstoreyphotography.com
persianworlddesign.com
phnienhuis.nl
phuankhang.vn
pianofun.edu.vn
plannersa.com
planstrazwes.biz
pofuduk.org
pongwebdevelop.com
poolandspabuildingsandenclosures.com
postnotification-security.biz
prepairweekend.nl
primaria-baciu.ro
princeventure.in
protectiatgjiu.ro
proxyhost.pr.ohost.de
qoritravelperu.com
radiantuniform.com
rainbowsongdome.net
range2014.co.in
realsamytrade.org.in
reluxmusic.com
retinolkrem.com
richirichibues.in
ricolain.in
rodsagu.com
roersmabestratingen.nl
romanskorter290.com
rootpanel.inthostingpro.com
roymelody.net
s2db101.com
salesadvert.com
seasonlogz.co.in
seastrader.com
securenetsystem.net
securityguard.co.in
seguroparaviageminternacional.net
seminee.aega.ro
shumakadeenm.biz
siamjaguar.com
signsbycoast.com
sinetix.ca
sksshopping.com
smarthous.com.ua
soja.usa.cc
solgetyhenz.biz
solomongrandy.zapto.org
sonbachtuyet.net
sonifer.biz
sosyalmmo.net
specificrandomness.com
spectracity.com
srnsaexpress.com
strenghtoflord.co.in
sub.beirinckx.be
syndlcatebank.co.in
tairov.com.ua
taiyuean.com
tatlidunyam.biz
techfriendly.us
technoindiaengg.com
tesia-thailand.com
tkvcelik.com.tr
tkwdog.com.br
togdbdglrytrade.org.in
tosyisha.ru
trebolparnpa.com
trettinjoel.com
trinityball.com.au
tryfindurwayback.tk
tsrsolutions.in
tualimpa.pt
tuguarenas.com
tuoitredakrlap.net
tupperwarewithdawna.com
tvergeneration.ru
uatyper.com
ucelrezistans.com
udih-udih.tk
udmowners.com
ufg-corp.com
ungererandcompany.net
unlessg.in
v-prokate.by
v-speedautoimport.com
vagamonhillvalley.com
vaterfall.com
vehicle-electrics-liverpool.co.uk
vickybaba.in
villa.usa.cc
vip-interior.com.ua
vivahammer.com
w1sdom.us
wahproject.com
warpservice.ro
wbassessoriaeconsultoria.com.br
web-upd.com
webgiz.muz.ifsuldeminas.edu.br
webhacktools.co.vu
whitbyshopper.co.uk
wipper.co.in
woo-wei.com.tw
wsostore.net
apat.ir
asmep.biz
bhaveshkumar.pw
candlerparkchiropractic.com
centralcour.com
coolhaas.com
czkey1n.com
dailysanitations.com
emmy.usa.cc
fightforme.ind.in
girasolestudi.it
impm.upel.edu.ve
mahamaya1ifesciences.pw
mediacasal.com
mydatingphoto.com
nomoreparentsleftbehind.com
phillipshenderson.org
porschecayenne.com.ru
powerofpromos.com
r-sbonline.org
salemtravelsagency.com
thaidham.com
theprintingagent.ca
xiistones.com
yothin.ac.th
youngshoipstory.com
youronlinecoach.net
zapata1.co.uk
zinolioncity.co.in
zokah.dk

# Reference: https://www.virustotal.com/gui/file/04b5fe7818bae1336275789510cf1a58b03a6f218a3631b2458a77ea177dcb17/detection

143biz.cc.md-14.webhostbox.net
blog.wordpress-catalog.com
/something/bot.php

# Reference: https://www.virustotal.com/gui/file/d45f6e73b2841c984702a9f0c0c62f87ccf2bcdd609ba007e4d3d8fb83794034/detection
# Reference: https://www.virustotal.com/gui/file/fc584fc8eee7af410e28a2d9e4aec8829ffe6919aca24d2499fd96133ce20f9a/detection
# Reference: https://www.virustotal.com/gui/file/9c02d98b1030de2663476e476dd83a2894de9e8499cc4449356cc94da16de7f4/detection
# Reference: https://www.virustotal.com/gui/file/a65ef3a77982ae70f5509548076a3957a3c881c053aec6b6c9fa819461dfed9b/detection

blander6.net
irtonger-um2.net
mersingers3.org

# Reference: https://www.virustotal.com/gui/file/196d1e066205ba6c35f09376eb632688c4fde2226d6197c6eae327ed67120fc7/detection

androzo.ru

# Reference: https://s3.amazonaws.com/snort-org/www/rules/community/community-rules.tar.gz
# Reference: https://snort-org-site.s3.amazonaws.com/production/release_files/files/000/012/156/original/snort3-community-rules.tar.gz

jiang-zem.in

# Reference: https://www.virustotal.com/gui/file/88fa2c2b5fc263b480f9c5325c8a9f50990d9021662e04c446b6cd829487b76d/detection

109.236.87.180:7000
217.23.3.184:4500
217.23.3.184:7000
nanoseklo.net

# Reference: https://www.virustotal.com/gui/file/9a18c4304cfa61761e6056c58baf1b04f05821089859b927edf64db2d19ea7a0/detection

ssw.linkpc.net

# Reference: https://www.virustotal.com/gui/file/f625affaf24e22f04f0bd876a2ab8451e55ebf4c0e4f30b3c939a5e113d81025/detection

hlebska.info
verodex.info

# Reference: https://www.virustotal.com/gui/file/f202499ba5cbae333203ad6a52e7de8e245b2b9c24b2cc9d6853a23ecfaf41e1/detection

lajogrodushope.pl
vitamingraphic.pl
/ukh/file.php

# Reference: https://blog.talosintelligence.com/2021/02/threat-roundup-0212-0219.html (# Win.Packed.Zbot-9831585-0)

dailytip4u.net
discountgoods2012.com

# Reference: https://www.virustotal.com/gui/file/fd9979d7034ecebbc40c74debb6d9f45f0fc85013d1f015a5b00e889fc218d54/detection

mediajoint.info

# Reference: ttps://blog.talosintelligence.com/2021/03/threat-roundup-0226-0305.html (# Win.Packed.Zbot-9836849-0)

eadergdmezhmllycukzwxfy.info
fmhxukscmzbupemqgytfmxpln.com
fqizmzpdpnoreznzzibpztizl.biz
gqdqordebeuxtcfuzllnozlojl.org
gqldsoztpzlzzfavsbakn.com
gyldeijvmztgylvyttugwk.biz
htgqcyfiyltkbdigqptohwt.net
jbbqhpgqxpojmnuozhrozpd.com
jnkfpdbydhytwpfyvodyugsoq.net
lrhyhapnlcypebafmdyxrskh.info
ozguhiqzxvortkuwpvnfduwxpz.biz
ozvwgmjbojmnxdwolrkcu.biz
pltoeyvdxydtjbmia.biz
rkxmitgcymqsxijmjfyotsfa.info
swcepbtokjovjfuoljcqydxiv.com
swusxjddvovcjbeaucfuhixkt.org
tcyhznjsowdcyzirnrtreu.com
tswfgqaybeslzgqampfemnuwhfy.net
uszdrwmvofibnammrhmfmrwsmvifij.com
uwlljzswedzhcebuyprwlrvc.net
woaetjnxwzlwmjqkhukrthxg.com
xqoltscyroxdunzkvtovleajr.org
zlkzxbidydpxyxhlnamlvsd.biz
zppjrbqhbainsgjnhuwxsbyvgt.org

# Reference: https://www.virustotal.com/gui/file/607b3ee81bb8ef64c64304ed98a85fb860efaf3fe61afa8ac67c1ca7f1b970e2/detection

btnt.niex.cc

# Reference: https://www.virustotal.com/gui/file/e05b55fef3646ce0b34e76af3763a58f55ce47e27a85c842738fdc75c1fa0a47/detection

datafilename.download

# Reference: https://www.virustotal.com/gui/file/cb6c1e02bf80a5d6878a73b2cd599f2ce44b3cb952ddbcfe714f6a912ed9fd64/detection

hutrnadhi.com

# Reference: https://www.virustotal.com/gui/file/edd8ee629a3a57850a4cb78eda37ca19c8606bdabf70d62674b5920d647007ae/detection

kiwi123kiwi.work

# Reference: https://www.coursehero.com/file/pposbt/authkey21232f297a57a5a743894a0e4a801fc3-iclearstudentworkbookpwmepadminphp/

thzsmrjqqzpaz2mz.onion

# https://www.virustotal.com/gui/domain/ropmibwbwfkevluntsfv.com/detection

ropmibwbwfkevluntsfv.com

# Reference: https://www.virustotal.com/gui/domain/utotsllaeowgnlhmnivr.com/detection

utotsllaeowgnlhmnivr.com

# Reference: https://www.virustotal.com/gui/file/f4c22f4af8e228ba0b68465baa6c9a54f1b435477f339b82e83226a6092acb22/detection

g0dday.cc

# Reference: https://www.virustotal.com/gui/file/30d05f1ffda632acba42f47f9488af801d8af85f06edfda782762915126494c3/detection

r-sbonline.biz

# Reference: https://github.com/hardenedlinux/hardenedlinux-zeek-script/blob/master/scripts/frameworks/intel/OSINT/CYBERCRiME-03-03-19.txt

grabbil.name
matexx-japan.com

# Reference: https://www.virustotal.com/gui/file/fd9b50dce3717b79f0cb5a09bd9f7b3b08c459a02aeabbb2b9c68cc7408fdf8c/detection

avast-mail-security.download

# Reference: https://github.com/hardenedlinux/hardenedlinux-zeek-script/blob/master/scripts/frameworks/intel/OSINT/CYBERCRiME-03-03-19.txt

5.9.62.149:50800
eddw.ru
olwwe.ru
wadergroup.biz

# Reference: https://www.virustotal.com/gui/file/f7fa29542a62a0ba5100f3b1d78fb0e70235353b71df6e4f9c9b72e7f877e0d3/detection

epkadvies.nl

# Reference: https://www.virustotal.com/gui/file/63a6c6485b70a50b525ae4ab0ce9d221562d70b699f957fbc2ae9ae6bd906898/detection

http://107.150.43.186

# Reference: https://www.virustotal.com/gui/domain/upgradetoserver.com/detection

upgradetoserver.com

# Reference: https://www.virustotal.com/gui/file/84989bfe79becdea44a2290df3f52bfc2363b6c603aa2b7742dcdde5c7cba12a/detection

madunixxx.ru

# Reference: 
# Reference: https://www.virustotal.com/gui/file/e67bc65e75a16005898b2764c2554262380f22b5a0557d12539905739ea953bf/detection

checksece.com
checksece.net
checksendt.com
checksendt.net
grabbit4me.name
sentedcheck.com
sentedcheck.net
wundscheck.net

# Reference: https://www.virustotal.com/gui/domain/face2face-nig.biz/detection

face2face-nig.biz

# Reference: https://www.virustotal.com/gui/file/d6298e05ed76f20562d6646cc18a94c89855c4d3c0b19e5be5d307423e780de1/detection

darjustice.com

# Reference: https://www.virustotal.com/gui/file/fa181f2826b2c2ff26d5c864415279a23c283ba2949f7913d4bad0be0580ac7d/detection

mfstroi.ru

# Reference: https://blog.talosintelligence.com/2021/05/threat-roundup-0521-0528.html (# Win.Packed.Zbot-9864764-0)

fallb.ru
frigw.ru
habew.ru
orthb.ru
qimpa.ru
qlita.ru
aemunkxyjmrznrls.info
aemunkxyjmrznrls.org
fpuculxcpuqjtwn.net
kgiqlnknpzqutjs.com
kgiqlnknpzqutjs.info
mqlmrqihmrpnjtqm.info
mqlmrqihmrpnjtqm.org
nnuozosighewmigq.biz
nnuozosighewmigq.org
oloynepoursmptli.biz
oloynepoursmptli.org
psosfmhfomti.com
psosfmhfomti.info
qjhhgpcrufowipvz.biz
qjhhgpcrufowipvz.org
qolppnsimtsypr.net
twotmeegloxrmv.biz
twotmeegloxrmv.org

# Reference: https://www.virustotal.com/gui/file/001fbd9ec0fb19fa0e7d934d61edf73c1fa03e38557c5612552e6a87f9c15461/detection

football-x.org
psport-live.biz
synthetic-lab.biz

# Reference: https://blog.talosintelligence.com/2021/06/threat-roundup-0528-0604.html (# Win.Trojan.Zbot-9866263-0)

baszodjmeg.me
gamefans.eu
hipsdontlie.info
newtvcast.com
pusikuracbre.me
tvinshot.info
wheretowatch.com
yaboyyoshi.info
m3.sytes.net
m31.sytes.net

# Reference: https://blog.talosintelligence.com/2021/06/threat-roundup-0617-0624.html (# Win.Packed.Zbot-9874254-0)

bmjzxhsovwhtqcqpvxxcmzk.com
cjveiorqctgmiggmjrlzhuddq.org
demxylxksylneihmbtwbyxopz.net
djvcycygudvusunrizwumnsgqc.ru
dmdyxcrousnfxdeqwpnvgobojeq.ru
dqemzppuwfurksorvdaxovca.info
feqshmroraqzvwtgucucmvwhdqhu.biz
gikbdyafymblylguqsgwcnjmfhy.com
gmdypeugmkvijdxcztvmgipbam.net
hsmrtkxofmbiqcinwskrcuyttiv.com
huqcqwxylpnvkdapfteaswtknjzq.ru
lruoqokhmxvmzqvojjrvgxcmem.biz
nvxrhskiztbaronjdekfxwcl.info
rcijzpkvovrkdyeictuoukvcad.com
skbuxcqfehlfrgwsrgobztnf.org
tsubqrfqxobtljhmhizqaybq.biz
ttcswpvxgdeaihqqsllvmrytunvkf.ru
uciugdmfncuskbmlfrstsnxopx.com
useugkbwtssglfltwkfahfqwk.net
vhfmkryxdlkbcequhmrd.org
xpyxucpfyleqaqciqcqdwotkzl.info
xttszgihuchgmdiytxcbe.biz
zhhitmvpypbmjntqkbwglpt.com
zltddcyjrswkruotoijdkwgm.com

# Reference: https://www.virustotal.com/gui/file/38ea7578201e225257c0b2ebc6d59eccb548364e91a3bece5abd4d2a4f949609/detection

porevo11.com

# Reference: https://www.virustotal.com/gui/file/69f4bd058dd35085e543d4d4976a3deac5187a226b64188a15e34fc1cce480ac/detection

plutosos.tk

# Generic

/botnet/server%5Bphp%5D/
/cp.php?letter=login
/cp.php?m=login
/mtanqste.php?m=login
/grabbedinfo7sob7/admin.php
/grabbedinfo7sob7/loading.php
/grabbedinfo0sob0/
/grabbedinfo1sob1/
/grabbedinfo2sob2/
/grabbedinfo3sob3/
/grabbedinfo4sob4/
/grabbedinfo5sob5/
/grabbedinfo6sob6/
/grabbedinfo7sob7/
/grabbedinfo8sob8/
/grabbedinfo9sob9/
/wp-zeus/
