# Copyright (c) 2014-2019 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.symantec.com/security_response/earthlink_writeup.jsp?docid=2018-013106-5656-99

bleepingcomputer.bit
nomoreransom.bit
esetnod32.bit
emsisoft.bit
gandcrab.bit

# Reference: https://cert.gov.ua/news/43

cryptsen7fo43rr6.onion
cryptsen7fo43rr6.onion.to
cryptsen7fo43rr6.onion.cab

# Reference: https://twitter.com/avman1995/status/1041733448560521217

zsr7pln56d2ovr85.com
alldonemostbe.space/auth/login

# Reference: https://www.fortinet.com/blog/threat-research/gandcrab-honor-among-thieves.html

politiaromana.bit
malwarehunterteam.bit
gdcb.bit
gandcrab.bit
nomoreransom.coin
nomoreransom.bit

# Reference: https://www.bleepingcomputer.com/news/security/gandcrab-ransomware-version-2-released-with-new-crab-extension-and-other-changes/

gdcbmuveqjsli57x.onion
gdcbmuveqjsli57x.hiddenservice.net
gdcbmuveqjsli57x.onion.guide
gdcbmuveqjsli57x.onion.rip
gdcbmuveqjsli57x.onion.plus
gdcbmuveqjsli57x.onion.to

# Reference: https://blog.talosintelligence.com/2019/03/threat-roundup-0315-0322.html (Win.Ransomware.Gandcrab-6900355-0)

carder.bit
ransomware.bit
wowservers.ru

# Reference: https://twitter.com/CryptoInsane/status/1119253648549269505

gandcr4cponzb2it.onion

# Reference: https://twitter.com/VK_Intel/status/1123880277170892800
# Reference: https://www.virustotal.com/gui/file/59ac9dc1100246bd7e225a5216b588c121ede5393aeccc8db530dee7c25644af/detection
# Reference: https://twitter.com/James_inthe_box/status/1123918290513027072

http://185.105.4.112

# Reference: https://twitter.com/GrujaRS/status/1123678562765168643

gandcrabmfe6mnef.onion

# Reference: https://twitter.com/blackorbird/status/1108200419543535616
# Reference: https://twitter.com/dvk01uk/status/1126044416966365184
# Reference: https://app.any.run/tasks/abfb50a4-02a7-424e-a430-76d056973968

kakaocorp.link

# Reference: https://news.sophos.com/en-us/2019/05/24/gandcrab-spreading-via-directed-attacks-against-mysql-servers/

172.96.14.134:5471

# Reference: https://www.bleepingcomputer.com/news/security/release-of-gandcrab-52-decryptor-ends-a-bad-ransomware-story/

gdcbghvjyqy7jclk.onion
gdcbghvjyqy7jclk.onion.top
gdcbghvjyqy7jclk.onion.casa
gdcbghvjyqy7jclk.onion.guide
gdcbghvjyqy7jclk.onion.rip
gdcbghvjyqy7jclk.onion.plus
