# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: raccoon, mohazo, legion, racealer

# Reference: https://twitter.com/ViriBack/status/1120072762305990663
# Reference: https://twitter.com/James_inthe_box/status/1119282322895855618

http://176.223.143.5
http://80.88.90.110
raccoon-gate.site
raccoon-storage.site

# Reference: https://twitter.com/x42x5a/status/1124062134378409992

http://94.177.213.34

# Reference: https://twitter.com/James_inthe_box/status/1151583038087655424

http://35.246.139.134

# Reference: https://twitter.com/nao_sec/status/1175779553211379720

http://34.90.238.61

# Reference: https://twitter.com/P3pperP0tts/status/1176118878553956354

http://35.228.240.181

# Reference: https://app.any.run/tasks/80750e99-21d6-4fd4-b245-0312fa3908ab/

http://35.228.79.212

# Reference: https://www.cybereason.com/blog/hunting-raccoon-stealer-the-new-masked-bandit-on-the-block
# Reference: https://www.cybereason.com/hubfs/Indicators%20of%20Compromise/Raccoon%20-%20Indicators%20of%20Compromise.pdf
# Reference: https://otx.alienvault.com/pulse/5db2e20e8d6c8e510174fa05

adsymbol.com
advertserv25.world
advexmail2d.world
aegohaohuoruitiiee.top
aegohaohuoruitiiek.su
aegohaohuoruitiiel.cc
aegohaohuoruitiieo.io
aegohaohuoruitiiep.co
aeifaeifhutuhuhuse.top
aeifaeifhutuhuhusk.su
aeifaeifhutuhuhusl.cc
aeifaeifhutuhuhuso.io
aeifaeifhutuhuhusp.co
aeoughaoheguaoehde.top
aeoughaoheguaoehdk.su
aeoughaoheguaoehdl.cc
aeoughaoheguaoehdo.io
aeoughaoheguaoehdp.co
aeufuaehfiuehfuhfe.top
aeufuaehfiuehfuhfk.su
aeufuaehfiuehfuhfl.cc
aeufuaehfiuehfuhfo.io
aeufuaehfiuehfuhfp.co
afaeigaifgsgrhhafe.top
afaeigaifgsgrhhafk.su
afaeigaifgsgrhhafl.cc
afaeigaifgsgrhhafo.io
afaeigaifgsgrhhafp.co
afaigaeigieufuifie.top
afaigaeigieufuifik.su
afaigaeigieufuifil.cc
afaigaeigieufuifio.io
afaigaeigieufuifip.co
avgcommunity.info
beahero4u.com
befaheaiudeuhughge.top
befaheaiudeuhughgk.su
befaheaiudeuhughgl.cc
befaheaiudeuhughgo.io
befaheaiudeuhughgp.co
bfagzzezgaegzgfaie.top
bfagzzezgaegzgfaik.su
bfagzzezgaegzgfail.cc
bfagzzezgaegzgfaio.io
bfagzzezgaegzgfaip.co
bitcoinwinery.com
daedagheauehfuuhfe.top
daedagheauehfuuhfk.su
daedagheauehfuuhfl.cc
daedagheauehfuuhfo.io
daedagheauehfuuhfp.co
dualup.top
eaeuafhuaegfugeude.top
eaeuafhuaegfugeudk.su
eaeuafhuaegfugeudl.cc
eaeuafhuaegfugeudo.io
eaeuafhuaegfugeudp.co
eguaheoghouughahse.top
eguaheoghouughahsk.su
eguaheoghouughahsl.cc
eguaheoghouughahso.io
eguaheoghouughahsp.co
fingers1.ddns.net
firstbankhome.com
fusaazor6.icu
gaghpaheiafhjefije.top
gaghpaheiafhjefijk.su
gaghpaheiafhjefijl.cc
gaghpaheiafhjefijo.io
gaghpaheiafhjefijp.co
gaoehuoaoefhuhfuge.top
gaoehuoaoefhuhfugk.su
gaoehuoaoefhuhfugl.cc
gaoehuoaoefhuhfugo.io
gaoehuoaoefhuhfugp.co
gaoheeuofhefefhute.top
gaoheeuofhefefhutk.su
gaoheeuofhefefhutl.cc
gaoheeuofhefefhuto.io
gaoheeuofhefefhutp.co
gaohrhurhuhruhfsde.top
gaohrhurhuhruhfsdk.su
gaohrhurhuhruhfsdl.cc
gaohrhurhuhruhfsdo.io
gaohrhurhuhruhfsdp.co
gaouehaehfoaeajrse.top
gaouehaehfoaeajrsk.su
gaouehaehfoaeajrsl.cc
gaouehaehfoaeajrso.io
gaouehaehfoaeajrsp.co
geauhouefheuutiiie.top
geauhouefheuutiiik.su
geauhouefheuutiiil.cc
geauhouefheuutiiio.io
geauhouefheuutiiip.co
getmycash4u.com
ggcleaner.space
huaeokaefoaeguaehe.top
huaeokaefoaeguaehk.su
huaeokaefoaeguaehl.cc
huaeokaefoaeguaeho.io
huaeokaefoaeguaehp.co
lookmodeusa.com
luckymonkey.net.in
mailserv85m.world
mybetterdl.com
nothinginterestinghere.com
paarlprecision.com
rubthemoneybear.xyz
rzhsudhugugfugugse.top
rzhsudhugugfugugsk.su
rzhsudhugugfugugsl.cc
rzhsudhugugfugugso.io
rzhsudhugugfugugsp.co
thaus.top
urusurofhsorhfuuhk.su
urusurofhsorhfuuhl.cc
urusurofhsorhfuuho.io
urusurofhsorhfuuhp.co
usd.odysseus-nua.com

# Reference: https://twitter.com/killamjr/status/1192788604508131333

http://34.77.135.60

# Reference: https://app.any.run/tasks/bc644345-46a2-4c9f-b9d3-edc050aa462f/

http://34.89.185.248

# Reference: https://twitter.com/James_inthe_box/status/1199338236633481216

http://34.76.145.229

# Reference: https://twitter.com/0xCARNAGE/status/1199700157127892992

http://34.77.197.252

# Reference: https://twitter.com/tkanalyst/status/1204442400023646208

http://35.246.108.168

# Reference: https://twitter.com/nao_sec/status/1213283648969093120

http://35.228.121.96

# Reference: https://twitter.com/killamjr/status/1217636352155500544

http://35.228.239.183

# Reference: https://app.any.run/tasks/5b92871e-75f6-40db-bd79-0419866304c6/

http://35.246.8.131

# Reference: https://www.virustotal.com/gui/file/696985a0b8af5dc318af712c410410c86df46eac80aa15b65e1b9d7a6801b0d6/detection

http://35.228.183.206

# Reference: https://twitter.com/benkow_/status/1222539585542066176

35.228.215.155:80
api-update1.biz
legions17.biz
oberonapps.org

# Reference: https://twitter.com/James_inthe_box/status/1223006972674314240

34.65.176.45:80

# Reference: https://www.virustotal.com/gui/ip-address/34.76.55.103/relations

34.76.55.103:80

# Reference: https://twitter.com/FaLconIntel/status/1230488503290449920

104.155.44.42:80

# Reference: https://app.any.run/tasks/f7171b62-b0f1-4c2e-afe6-58e99bd8c509/

35.228.57.136:80

# Reference: https://app.any.run/tasks/d8073674-fd7e-4401-93f8-e5fbe6d4b314/

corp1.site
http://35.205.213.237

# Reference: https://app.any.run/tasks/b988bd16-422e-42f6-9902-6b6699f85906/

http://35.228.28.245

# Reference: https://www.virustotal.com/gui/file/1d8412b53630ad72db53a579352a7aecf818f0bf52647eea6633ac9c67506e1d/detection

http://34.76.15.247

# Reference: https://app.any.run/tasks/6b6e39bd-902a-4bfa-91fb-585fdd3ff99e/

http://35.228.60.178

# Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/raccoon-stealers-abuse-of-google-cloud-services-and-multiple-delivery-techniques/
# Reference: https://otx.alienvault.com/pulse/5e8607ef75f928497d0780e4

http://34.77.125.60
http://35.228.215.155

# Reference: https://twitter.com/James_inthe_box/status/1248964446505947136
# Reference: https://app.any.run/tasks/4cc95d8b-f2c7-457d-97d2-991d0115c1b4/

http://34.89.159.33

# Reference: https://twitter.com/nao_sec/status/1253902651172851712
# Reference: https://app.any.run/tasks/6fd01600-9f05-457a-8225-3cb55099c4a6/

http://34.65.18.19

# Reference: https://twitter.com/3xp0rtblog/status/1250415892451569666
# Reference: https://app.any.run/tasks/2df933f8-2c84-4e80-b15b-ae8a9940ab97/

http://35.240.36.208

# Reference: https://app.any.run/tasks/077dcfe0-ac26-4890-8ca5-9204f7195eed/

http://35.228.86.146

# Reference: https://www.virustotal.com/gui/file/07cc49bd763e65ed456c5f2103c3cdd6d265d13013066a92394c1dc2d29d23cf/detection
# Reference: https://www.virustotal.com/gui/ip-address/193.110.3.190/relations

10022020newfolder1002002231-service1002.space
10022020newfolder33417-01242510022020.space

# Reference: https://app.any.run/tasks/51a2865e-01f4-4bec-8e9a-a23dddf27f00/

http://34.89.178.133

# Reference: https://app.any.run/tasks/54da143a-b666-4001-be17-84aed6283be6/

http://34.107.22.206

# Reference: https://twitter.com/yusaerguven/status/1270670436406308864

private-virtual.online

# Reference: https://app.any.run/tasks/450fda6e-0c7c-4f88-9857-0f1d8ebc14fa/

http://35.226.139.169

# Reference: https://twitter.com/iamwinstonm/status/1279529808188366848
# Reference: https://www.virustotal.com/gui/file/393ad8b8dd5fb5359b1057eae2394cac9cfd12bab98115a4056e5954c5c70aa2/detection

http://35.198.88.195
cloud-server-updater1.co.za
microsoft-cloud1.co.za

# Reference: https://twitter.com/iamwinstonm/status/1282295968512311297

http://35.242.170.60

# Reference: https://www.virustotal.com/gui/file/fb5ce30c1aeed408a453f1df09843e223b77e2b19885a7365f8b2b8e4dafc77b/detection
# Reference: https://www.virustotal.com/gui/file/106558ec5566588454181097777bb38aa0f173a6f5312fad139be1ac547d7fc3/detection

http://34.65.10.107

# Reference: https://twitter.com/nao_sec/status/1287755458153869312

http://35.228.248.188

# Reference: https://www.virustotal.com/gui/file/a36dbfc2856e660e0d9dfbe78e1973ec8fee31ffd2762b062b61a9fe93c67edc/detection

marashmara.info

# Reference: https://www.virustotal.com/gui/domain//relations

megagemes.info

# Reference: https://app.any.run/tasks/8f9931d5-7b31-4032-89cd-634985450354/

http://35.228.58.123

# Reference: https://github.com/pan-unit42/tweets/blob/master/2020-09-01-raccoon-stealer-IOCs.txt

http://34.89.241.53

# Reference: https://twitter.com/theDark3d/status/1303091496816697345
# Reference: https://app.any.run/tasks/f0aefc25-feb9-45f9-ae97-6d51cd3bb87e/

chinadevmonster.top

# Reference: https://blog.malwarebytes.com/social-engineering/2020/09/malvertising-campaigns-come-back-in-full-swing/
# Reference: https://otx.alienvault.com/pulse/5f59270f9f09e5c82665a7b3

http://34.105.147.92

# Reference: https://twitter.com/ViriBack/status/1303829357551669248
# Reference: https://twitter.com/DrStache_/status/1303974362660429824
# Reference: https://app.any.run/tasks/781f94db-7374-46cc-b030-be0335064853/

btncc.com.br
eto-ne-stealer.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1314113271864139778
# Reference: https://www.virustotal.com/gui/file/e126b73a5cde8febdab5ce300346a98af6487b3bb95d548950f2ea7ea6c9dbba/detection

rsttrs.site

# Reference: https://www.virustotal.com/gui/file/724ce0d8ca978f9bb9004c2252fb51b44f96c87721d68582ec67268cbd8f13a5/detection
# Reference: https://www.virustotal.com/gui/file/927f8cc27c5cfbb255cf599760ba6c55fe93797289d024086fac767ade678e0c/detection

http://195.54.167.51
j3cytza2m2.pw
on-offtrack.biz

# Reference: https://www.virustotal.com/gui/file/0637626dbefbbb0dc8732e099cf5cfbd3413f264b6342b91734c0bc2a273d84a/detection

http://78.141.215.0

# Reference: https://www.proofpoint.com/us/blog/threat-insight/malware-masquerades-privacy-tool
# Reference: https://tria.ge/210615-9ncxxbrjg2
# Reference: https://otx.alienvault.com/pulse/60df0c7c5e03d145c6a38652
# Reference: https://www.virustotal.com/gui/file/aee8a95953aeef3346036ad7c6ef4ed810d7d7b3300c00de31c4d032313519b4/detection
# Reference: https://www.virustotal.com/gui/file/ed1674efc8259df33767cd32fb7853e9bc957a43cddd8364e6553a0e7846b422/detection
# Reference: https://www.virustotal.com/gui/file/25681de7e02857c21c6d3ffed80354333751a7fc7c3a07b8ae7be45c93307ab2/detection

10022020besttest971-service1002012510022020.ru
10022020clubtest561-service1002012510022020.ru
10022020est213531-service100201242510022020.ru
10022020infotest341-service1002012510022020.ru
10022020kupitest451-service1002012510022020.ru
10022020megatest251-service1002012510022020.ru
10022020mytest151-service100201242510022020.ru
10022020newfolder1002-01252510022020.ml
10022020newfolder1002-01262510022020.ga
10022020newfolder1002-01272510022020.cf
10022020newfolder1002-01282510022020.gq
10022020newfolder1002-01292510022020.com
10022020newfolder1002-0130251002202035.site
10022020newfolder1002-0131251002202035.site
10022020newfolder1002-0132251002202035.site
10022020newfolder1002-0133251002202035.site
10022020newfolder1002-0134251002202035.site
10022020newfolder1002-0135251002202035.site
10022020newfolder1002-0136251002202035.site
10022020newfolder1002-0137251002202035.site
10022020newfolder1002-0138251002202035.site
10022020newfolder1002-0139251002202035.site
10022020newfolder1002-0140251002202035.site
10022020newfolder1002-0141251002202035.site
10022020newfolder1002-0142251002202035.site
10022020newfolder1002-0143251002202035.site
10022020newfolder1002-0144251002202035.site
10022020newfolder1002-0145251002202035.site
10022020newfolder1002-0146251002202035.site
10022020newfolder1002-0147251002202035.site
10022020newfolder1002-0148251002202035.site
10022020newfolder1002-0149251002202035.site
10022020newfolder1002-0150251002202035.site
10022020newfolder1002-0151251002202035.site
10022020newfolder1002-0152251002202035.site
10022020newfolder1002-0153251002202035.site
10022020newfolder1002-service100201blog2510022020.ru
10022020newfolder1002-service100201life2510022020.ru
10022020newfolder1002-service100201shop2510022020.ru
10022020newfolder1002002131-service1002.space
10022020newfolder1002002231-service1002.space
10022020newfolder1002002431-service1002.space
10022020newfolder1002002531-service1002.space
10022020newfolder100221-service1022020.ru
10022020newfolder100231-service1022020.ru
10022020newfolder100241-service1002010022020.ru
10022020newfolder100251-service2510022020.ru
10022020newfolder241-service1002012510022020.ru
10022020newfolder3100231-service1002.space
10022020newfolder33417-01242510022020.space
10022020newfolder351-service1002012510022020.ru
10022020newfolder4561-service1002012510022020.ru
10022020newfolder471-service1002012510022020.ru
10022020newfolder481-service1002012510022020.ru
10022020newfoldert161-service100201242510022020.ru
10022020oopoest361-service1002012510022020.ru
10022020proftest981-service1002012510022020.ru
10022020rest21-service1002012510022020.eu
10022020rustest213-service1002012510022020.ru
10022020shoptest871-service1002012510022020.ru
10022020test11-service1002012510022020.press
10022020test125831-service1002012510022020.space
10022020test12671-service1002012510022020.online
10022020test13461-service1002012510022020.net
10022020test134831-service1002012510022020.space
10022020test13561-service1002012510022020.su
10022020test136831-service1002012510022020.space
10022020test146831-service1002012510022020.space
10022020test14781-service1002012510022020.info
10022020test147831-service1002012510022020.space
10022020test15671-service1002012510022020.tech
10022020test231-service1002012510022020.fun
10022020test261-service1002012510022020.space
10022020test281-service1002012510022020.ru
10022020test391-service1002012510022020.ru
10022020test41-service100201pro2510022020.ru
10022020test461-service1002012510022020.host
10022020test481-service1002012510022020.ru
10022020test51-service1002012510022020.xyz
10022020test571-service1002012510022020.pro
10022020test61-service1002012510022020.website
10022020tostest371-service1002012510022020.ru
10022020uest71-service100201dom2510022020.ru
10022020utest1341-service1002012510022020.ru
10022020yes1t3481-service1002012510022020.ru
10022020yest31-service100201rus2510022020.ru
10022020yirtest231-service1002012510022020.ru
10022020yomtest251-service1002012510022020.ru
999080321besttest971-service10020125999080321.ru
999080321clubtest561-service10020125999080321.ru
999080321est213531-service1002012425999080321.ru
999080321infotest341-service10020125999080321.ru
999080321kupitest451-service10020125999080321.ru
999080321megatest251-service10020125999080321.ru
999080321mytest151-service1002012425999080321.ru
999080321newfolder1002-012525999080321.ml
999080321newfolder1002-012625999080321.ga
999080321newfolder1002-012725999080321.cf
999080321newfolder1002-012825999080321.gq
999080321newfolder1002-012925999080321.com
999080321newfolder1002-01302599908032135.site
999080321newfolder1002-01312599908032135.site
999080321newfolder1002-01322599908032135.site
999080321newfolder1002-01332599908032135.site
999080321newfolder1002-01352599908032135.site
999080321newfolder1002-01362599908032135.site
999080321newfolder1002-01372599908032135.site
999080321newfolder1002-01382599908032135.site
999080321newfolder1002-01392599908032135.site
999080321newfolder1002-01402599908032135.site
999080321newfolder1002-01412599908032135.site
999080321newfolder1002-01422599908032135.site
999080321newfolder1002-01432599908032135.site
999080321newfolder1002-01442599908032135.site
999080321newfolder1002-01452599908032135.site
999080321newfolder1002-01462599908032135.site
999080321newfolder1002-01472599908032135.site
999080321newfolder1002-01482599908032135.site
999080321newfolder1002-01492599908032135.site
999080321newfolder1002-01502599908032135.site
999080321newfolder1002-01512599908032135.site
999080321newfolder1002-01522599908032135.site
999080321newfolder1002-01532599908032135.site
999080321newfolder1002-01542599908032135.site
999080321newfolder1002-01552599908032135.site
999080321newfolder1002-service100201blog25999080321.ru
999080321newfolder1002-service100201life25999080321.ru
999080321newfolder1002-service100201shop25999080321.ru
999080321newfolder1002002131-service1002.space
999080321newfolder1002002231-service1002.space
999080321newfolder1002002431-service1002.space
999080321newfolder1002002531-service1002.space
999080321newfolder100221-service1022020.ru
999080321newfolder100231-service1022020.ru
999080321newfolder100241-service10020999080321.ru
999080321newfolder100251-service25999080321.ru
999080321newfolder241-service10020125999080321.ru
999080321newfolder3100231-service1002.space
999080321newfolder33417-012425999080321.space
999080321newfolder351-service10020125999080321.ru
999080321newfolder4561-service10020125999080321.ru
999080321newfolder471-service10020125999080321.ru
999080321newfolder481-service10020125999080321.ru
999080321newfoldert161-service1002012425999080321.ru
999080321oopoest361-service10020125999080321.ru
999080321proftest981-service10020125999080321.ru
999080321rest21-service10020125999080321.eu
999080321rustest213-service10020125999080321.ru
999080321shoptest871-service10020125999080321.ru
999080321test11-service10020125999080321.press
999080321test125831-service10020125999080321.space
999080321test12671-service10020125999080321.online
999080321test13461-service10020125999080321.net
999080321test134831-service10020125999080321.space
999080321test13561-service10020125999080321.su
999080321test136831-service10020125999080321.space
999080321test146831-service10020125999080321.space
999080321test14781-service10020125999080321.info
999080321test147831-service10020125999080321.space
999080321test15671-service10020125999080321.tech
999080321test231-service10020125999080321.fun
999080321test261-service10020125999080321.space
999080321test281-service10020125999080321.ru
999080321test391-service10020125999080321.ru
999080321test41-service100201pro25999080321.ru
999080321test461-service10020125999080321.host
999080321test481-service10020125999080321.ru
999080321test51-service10020125999080321.xyz
999080321test571-service10020125999080321.pro
999080321test61-service10020125999080321.website
999080321tostest371-service10020125999080321.ru
999080321uest71-service100201dom25999080321.ru
999080321utest1341-service10020125999080321.ru
999080321yes1t3481-service10020125999080321.ru
999080321yest31-service100201rus25999080321.ru
999080321yirtest231-service10020125999080321.ru
999080321yomtest251-service10020125999080321.ru
cozanostra.best
jg5.5aef.pw
naritouzina.net

# Reference: https://www.virustotal.com/gui/domain/analyticsonline.top/relations
# Reference: https://twitter.com/FaLconIntel/status/1247895934127591426
# Reference: https://twitter.com/malwrhunterteam/status/1327616871043133441
# Reference: https://www.virustotal.com/gui/file/8c842be9d93e2ada204da0ad0981b572e1de9d8ae3148d53af657c5aa147d877/detection
# Reference: https://www.virustotal.com/gui/file/3266f6c72939e2c376af2a25529aa92500b4e4e9776f7ede132746b47ea7549a/detection

analyticsonline.top
/popunder_exe.php?id-user=
/qwascx.php?name-pc=
/work.php?id-user=

# Reference: https://twitter.com/wwp96/status/1328341500699299841
# Reference: https://app.any.run/tasks/f58bd996-a019-4007-be4e-4d92d5644fa4/

http://35.198.141.22

# Reference: https://twitter.com/nao_sec/status/1332115770009034752
# Reference: https://app.any.run/tasks/c32ee8a3-ce61-4836-ac99-68337b254a1f/
# Reference: https://app.any.run/tasks/da45e6da-5dc7-4eee-a402-7642539ed9a6/

centralwestofbankoffice.cyou
puffpuff423.top

# Reference: https://www.virustotal.com/gui/file/9850bb21544a0375948ab304014fbad4d3a9bbd7289c5ca42de9447298ff8bce/detection
# Reference: https://otx.alienvault.com/indicator/ip/45.82.68.166

proload.info

# Reference: https://www.virustotal.com/gui/file/d920f89a4d8ae2f2cc597779c57e515c0f9451a66ecdaeef35169f6d0a43a35d/detection
# Reference: https://www.virustotal.com/gui/domain/ultraspeed.info/relations

ultraspeed.info

# Reference: https://www.virustotal.com/gui/file/e7111acd60f1fbe98eac7e7ff9215b34758257a9badf2fe02ce8d39a1d0a3b73/detection

watado.xyz

# Reference: https://twitter.com/nao_sec/status/1334289601125445633
# Reference: https://app.any.run/tasks/daf21461-db00-47b7-a33e-a61e864ddc1a/

recyclecycle.top

# Reference: https://www.virustotal.com/gui/file/8825eebf3e19804f89d438aa971ccf8335cb70724e76057c70f0a5cc3257d72c/detection

hellousa.info
superload24.info

# Reference: https://www.virustotal.com/gui/file/8e61d7a623bdf6b531bdf7fc2fc20c14707b7e13f86773aa19badc56e0cb1ab6/detection

chinarobotics2020.top

# Reference: https://www.group-ib.com/blog/fakesecurity_raccoon

azure-cloud1.co.za
azure-cloud1.web.za
azure-cloud2.co.za
azure-cloud2.web.za
azure-cloud3.co.za
azure-cloud3.web.za
azure-cloud4.co.za
cloud-server-updater.co.za
cloud-server-updater1.co.za
cloud-server-updater10.co.za
cloud-server-updater11.co.za
cloud-server-updater12.co.za
cloud-server-updater13.co.za
cloud-server-updater14.co.za
cloud-server-updater15.co.za
cloud-server-updater16.co.za
cloud-server-updater17.co.za
cloud-server-updater18.co.za
cloud-server-updater19.co.za
cloud-server-updater2.co.za
cloud-server-updater20.co.za
cloud-server-updater21.co.za
cloud-server-updater22.co.za
cloud-server-updater23.co.za
cloud-server-updater24.co.za
cloud-server-updater25.co.za
cloud-server-updater26.co.za
cloud-server-updater27.co.za
cloud-server-updater28.co.za
cloud-server-updater3.co.za
cloud-server-updater4.co.za
cloud-server-updater5.co.za
cloud-server-updater6.co.za
cloud-server-updater7.co.za
cloud-server-updater8.co.za
cloud-server-updater9.co.za
cloudupdate.co.za
cloudupdates.co.za
code-cloud1.co.za
code-cloud2.co.za
code-cloud3.co.za
code-cloud4.co.za
code-cloud5.co.za
code-cloud6.co.za
documents-cloud-server.co.za
documents-cloud-server1.co.za
documents-cloud-server2.co.za
documents-cloud-server3.co.za
documents-cloud-server4.co.za
documents-cloud-server6.co.za
documents-cloud-server7.co.za
documents-cloud-server8.co.za
documents-cloud-server9.co.za
download-plugin.co.za
download-plugins.co.za
downloadplugins.co.za
google-document.co.za
microsoft-cloud1.co.za
microsoft-cloud10.co.za
microsoft-cloud11.co.za
microsoft-cloud12.co.za
microsoft-cloud13.co.za
microsoft-cloud14.co.za
microsoft-cloud15.co.za
microsoft-cloud6.co.za
microsoft-cloud7.co.za
microsoft-cloud8.co.za
microsoft-cloud9.co.za
msupdater.co.za
oneupdateadobe.co.za
oneupdateadobe.org.za
oneupdateadobe2.co.za
oneupdateadobe2.org.za
oneupdateadobe3.co.za
oneupdateadobe3.com
oneupdateadobe3.org.za
oneupdateadobe4.co.za
securitycloudserver.co.za
updateadobeonline.co.za
updateforadobenew.co.za

# Reference: https://www.virustotal.com/gui/file/9428e5edade393b0c6a79b3232141428b970350b27b088d1bf235f6c15f7198d/detection
# Reference: https://tria.ge/201220-ydzzbnfhze/behavioral1#report
# Reference: https://app.any.run/tasks/09226a36-b84b-4c28-9a59-346f376fc337/

tripsafe.fun

# Reference: https://www.virustotal.com/gui/file/366537de61541a69e63922342da061ce9cabbb92a8634553b098888a8f33c6dd/detection
# Reference: https://www.virustotal.com/gui/file/8b43c9b2b93dfbf3732b6a9f40b391f0fe7ac0194a470c8b9a2c7cb71d5617ad/detection
# Reference: https://www.virustotal.com/gui/file/988396426d899ee2029bc88f2d2c915ac3a3f4557f91bd2a170942e03de1ca2c/detection
# Reference: https://app.any.run/tasks/347daeea-65cf-4313-9f27-9fc8b801bf47/

sibernetix.fr
madrasdarbar.com/wp-admin/fw1.php
madrasdarbar.com/wp-admin/fw2.php
madrasdarbar.com/wp-admin/fw3.php
madrasdarbar.com/wp-admin/fw4.php
madrasdarbar.com/wp-admin/fw5.php
madrasdarbar.com/wp-admin/fw6.php
madrasdarbar.com/wp-admin/fw7.php
madrasdarbar.com/wp-admin/fw8.php
madrasdarbar.com/wp-admin/fw9.php
madrasdarbar.com/wp-content/plugins/img1.php?id=
madrasdarbar.com/wp-content/plugins/img2.php?id=
madrasdarbar.com/wp-content/plugins/img3.php?id=
madrasdarbar.com/wp-content/plugins/img4.php?id=
madrasdarbar.com/wp-content/plugins/img5.php?id=
madrasdarbar.com/wp-content/plugins/img6.php?id=
madrasdarbar.com/wp-content/plugins/img7.php?id=
madrasdarbar.com/wp-content/plugins/img8.php?id=
madrasdarbar.com/wp-content/plugins/img9.php?id=
/plugins/fw1.exe
/plugins/fw2.exe
/plugins/fw3.exe
/plugins/fw4.exe
/plugins/fw5.exe
/plugins/fw6.exe
/plugins/fw7.exe
/plugins/fw8.exe
/plugins/fw9.exe
/plugins/fw1.php
/plugins/fw2.php
/plugins/fw3.php
/plugins/fw4.php
/plugins/fw5.php
/plugins/fw6.php
/plugins/fw7.php
/plugins/fw8.php
/plugins/fw9.php
/wp-admin/fw1.exe
/wp-admin/fw2.exe
/wp-admin/fw3.exe
/wp-admin/fw4.exe
/wp-admin/fw5.exe
/wp-admin/fw6.exe
/wp-admin/fw7.exe
/wp-admin/fw8.exe
/wp-admin/fw9.exe
/wp-admin/fw1.php
/wp-admin/fw2.php
/wp-admin/fw3.php
/wp-admin/fw4.php
/wp-admin/fw5.php
/wp-admin/fw6.php
/wp-admin/fw7.php
/wp-admin/fw8.php
/wp-admin/fw9.php
/plugins/img1.php?id=
/plugins/img2.php?id=
/plugins/img3.php?id=
/plugins/img4.php?id=
/plugins/img5.php?id=
/plugins/img6.php?id=
/plugins/img7.php?id=
/plugins/img8.php?id=
/plugins/img9.php?id=

# Reference: https://twitter.com/h2jazi/status/1341805802760364036
# Reference: https://www.virustotal.com/gui/file/f89ac1672d0ef466d78613257fe2735509afb9cb4aca81ceb1be8a288f1eb0d6/detection

http://45.15.143.230/Raccoon/
/Raccoon/iencli32.dot
/Raccoon/iencli32dot
/Raccoon/Purchase.exe
/iencli32dot
/iencli32.dot

# Reference: https://app.any.run/tasks/56c71276-54c1-447f-818c-decd01fe8cc0/

morasergiox.ac.ug
taenaiaa.ac.ug
helpsavedogs.top

# Reference: https://app.any.run/tasks/56931149-9db8-43c0-8fae-8b6cd50ef4e4/

blacksmokegun.top

# Reference: https://www.virustotal.com/gui/file/d23a96b27a385fec7eef04f0b312feda253e24275c160d8cc38c2b1c39e9c5b1/detection

mynameisalfred.top
/jbitchsucks

# Reference: https://twitter.com/AvastThreatLabs/status/1362787975201886212
# Reference: https://www.virustotal.com/gui/file/5bb23670b1fd229c3ba9ab0b25839e715a90af8f01654f4b92134f7692e117fb/detection
# Reference: https://app.any.run/tasks/12e02693-6660-452e-921e-414994a8335f/

yearofthepig.top

# Reference: https://www.virustotal.com/gui/file/a285ef3f4162d1b869844edf63c3d1b88c3a0b296cacf6234835eafc9d674252/detection

globalsalespartscn.top

# Reference: https://www.virustotal.com/gui/file/a14fb42ce0bb182cfbaf6319ae29a96c81ba4ac195cba646ad899f63085e205c/detection

178.20.40.83:81
vaxton.club

# Reference: https://www.virustotal.com/gui/file/38e9eda271a1bbf27d7486fb5ebf88da22a92711ffb19a43b9519e512c336252/detection

pilinno.info
pubload.info

# Reference: https://twitter.com/McAfee_Labs/status/1364609358710136841
# Reference: https://app.any.run/tasks/d3bf337d-a795-484b-be3b-b9b7d38e875c/

mariofart8.top

# Reference: https://www.virustotal.com/gui/file/5b77ec829dda6e8850db5e1bb0e7f77392aa9daf8313b8950a987993a3f5f8f8/detection

f0491609.xsph.ru

# Reference: https://www.virustotal.com/gui/file/4cbf92c3d4529f29269b2b00747d624859d7040f32091ede2d7386efb8983318/detection
# Reference: https://www.virustotal.com/gui/file/0f4bca305be1d8b7c9f7c87311279e213cc04220f4f21907b2f976449ca185ac/detection

gb-cleans.tech
gucciworldcommunity.com
takeshykurosavabest.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1368837298868129793

thereisnoscheme.top

# Reference: https://twitter.com/pmmkowalczyk/status/1369034284246437888
# Reference: https://www.virustotal.com/gui/file/26156edb64b5cc30c393ec4e05ef7313134ca5f9ce4a057bb4130dcef1c1c9ec/detection

againstpolicebrutality.top

# Reference: https://twitter.com/pmmkowalczyk/status/1369234428267012113
# Reference: https://www.virustotal.com/gui/file/59efc85fe1524abbaf2f8dd1dbbfb6af070372ca1de0c43e4b4f9960ecc5d79a/detection

nyqualitypizza.top

# Reference: https://twitter.com/pmmkowalczyk/status/1369655824797360133
# Reference: https://www.virustotal.com/gui/file/bb50134057186ffb3de02361a670bbc405a1fe289ffb4f3b1e44abcffe80c592/detection

hitfromthebong.top

# Reference: https://www.virustotal.com/gui/file/00b737e6875f5c41cb05581c56330b220601e98cd54e4f5ba43e745762df23f9/detection

93.115.18.77:81
http://93.115.18.77

# Reference: https://twitter.com/pmmkowalczyk/status/1370802182761644032
# Reference: https://app.any.run/tasks/c8b972a9-60e1-4296-859e-d5b0fd41342e/

mynameischarliebrown.top

# Reference: https://twitter.com/wwp96/status/1372012259904487428

http://93.190.138.2

# Reference: https://www.virustotal.com/gui/file/c2e8a322d8d5a837934556bd1b6c951a411581c2b8196c3be086fe0d43297300/detection

http://45.139.236.6

# Reference: https://twitter.com/c3rb3ru5d3d53c/status/1377584138442641410
# Reference: https://app.any.run/tasks/42af693c-f1d9-46b9-ac3c-6c2fb1696a42/

duckduckstop.top

# Reference: https://www.virustotal.com/gui/file/78271642776efafec0e3a1d3c808249bc44731a2595309e842c06bd3ca5e3965/detection

youareperfect2day.top

# Reference: https://www.virustotal.com/gui/file/a97f38db5b3a04a89eb0ca0fc744333e3118102fd355891505857e5016b54eab/detection

minorleage.top

# Reference: https://www.virustotal.com/gui/file/365c4d412d538e3308c77cac58204ce5e596d0baa7788215368fb4495e4b4232/detection
# Reference: https://tria.ge/210507-8mfadfbjpe/behavioral1

miranore.top
number1g.top

# Reference: https://www.virustotal.com/gui/file/40e74935dd9135e38e3fd3e99aa361c87cee569664fce16660501ea617bd9d93/detection

nuderono.top

# Reference: https://www.virustotal.com/gui/ip-address/146.0.72.86/relations

marunok.top

# Reference: https://www.virustotal.com/gui/ip-address/146.0.72.89/relations

secureim.top

# Reference: https://twitter.com/petrovic082/status/1391394902911631369
# Reference: https://app.any.run/tasks/3d45121d-8f5a-470a-aa2a-e3e16de0350c/

http://34.89.59.109

# Reference: https://app.any.run/tasks/45f040e8-f0ee-4987-9504-d6b03200a0d2/
# Reference: https://tria.ge/210521-c4n3kxtnkx/behavioral1

http://45.142.212.182

# Reference: https://www.virustotal.com/gui/file/9cfc3729c9a4afd9d868185a9358866e83e63a01663aaadea46e631f7c97bb8b/detection

http://34.105.230.174

# Reference: https://www.virustotal.com/gui/ip-address/34.88.222.181/relations
# Reference: https://www.virustotal.com/gui/file/ab7a25c9c3b06601eed37969c1038920a5445a061fd8350fd564745911e79ce2/detection
# Reference: https://www.virustotal.com/gui/file/b12fa69671aa80f206ecbeb8e52af324ff5f6ba3e4dcc789f412827d64bfb2a0/detection

http://34.88.222.181

# Reference: https://www.virustotal.com/gui/file/79bbdb8009278ba629dae626b86f4447a81333ef9535e2a9341d5728571e4ae1/detection

http://159.69.20.131

# Reference: https://twitter.com/nao_sec/status/1403322564580020227
# Reference: https://app.any.run/tasks/f00d7529-d2b7-4ad8-86ea-3d3bd256d8c3/

http://34.88.52.57

# Reference: https://www.virustotal.com/gui/file/73c74e428e5944013aac76cb54505d11616ae7d9fa13afb0beb4b2a7c29f8633/detection
# Reference: https://www.virustotal.com/gui/file/6bde10caf2a906e88ab47ee8a0ff14e94a2dafa6f740bb8ab4bd21bc1fe234ea/detection
# Reference: https://www.virustotal.com/gui/file/1aaedf67e498d2421c1afc740447f00dc7bf1a96a4b73cb9601a33b8594a5ff2/detection

akadns9.net
gate.akadns9.net
test.akadns9.net

# Reference: https://www.virustotal.com/gui/file/dcf436f1a886d5e07fb6029c2c2a0a87cc43b70626d4a35acadf975e08a9c55b/detection

http://34.65.79.5

# Reference: https://bazaar.abuse.ch/sample/c54228f797eb663e6a223ecf20f225f91bc2e1dfbea5ac84687ff87513a0dad5

http://35.246.76.29

# Reference: https://www.virustotal.com/gui/file/84a790b8c39b4658e68f43ea5b61c22ae42bf92c5aeeb704eff40ff0820e5f3f/behavior/VirusTotal%20Jujubox

http://185.157.162.75
bakercost.gq
bravestone.ru

# Reference: https://www.virustotal.com/gui/file/a9cd85d14daa44ea4e634d14c7225b73b7b82138b624bbf53222b6084acf5502/detection

http://34.88.33.218

# Reference: https://www.virustotal.com/gui/ip-address/8.209.80.200/relations

dopehope.top
greenbook.top
oldfinerecord.top
simpleplan.top

# Reference: https://www.virustotal.com/gui/file/2a92d81d45296a37dab3b61c3e26af03b680043205eae14acda1131302b61046/detection

http://34.141.84.7

# Reference: https://tria.ge/210722-hf3hkgcyax/behavioral1

http://94.228.114.197

# Reference: https://tria.ge/210722-psafrxqafn/behavioral1

http://188.119.112.73

# Reference: https://tria.ge/210731-pdc5qrte6n
# Reference: https://www.virustotal.com/gui/file/f778cca4f1de43b854a2ca78733215ea18a8eceaa94431e5b8c19cf4002ad893/detection

readinglistforjuly1.club
readinglistforjuly1.site
readinglistforjuly1.xyz
readinglistforjuly10.club
readinglistforjuly10.site
readinglistforjuly10.xyz
readinglistforjuly2.club
readinglistforjuly2.site
readinglistforjuly2.xyz
readinglistforjuly3.club
readinglistforjuly3.site
readinglistforjuly3.xyz
readinglistforjuly4.club
readinglistforjuly4.site
readinglistforjuly4.xyz
readinglistforjuly5.club
readinglistforjuly5.site
readinglistforjuly5.xyz
readinglistforjuly6.club
readinglistforjuly6.site
readinglistforjuly6.xyz
readinglistforjuly7.club
readinglistforjuly7.site
readinglistforjuly7.xyz
readinglistforjuly8.club
readinglistforjuly8.site
readinglistforjuly8.xyz
readinglistforjuly9.club
readinglistforjuly9.site
readinglistforjuly9.xyz

# Reference: https://tria.ge/210731-zmz5ynbcl6/behavioral1
# Reference: https://www.virustotal.com/gui/file/bf38a6555a9742fc97a6efbb662f2cda03cb5156c22e56417d74c06e4ebecce1/detection

http://185.234.247.148

# Reference: https://www.virustotal.com/gui/file/2b5421fe219ccf463ddcd933739f038948f411e264ff8485589114a92c34b2c7/detection

prof1t-crypt0.xyz

# Reference: https://news.sophos.com/en-us/2021/08/03/trash-panda-as-a-service-raccoon-stealer-steals-cookies-cryptocoins-and-more/

cheapdealnow.top
f0473248.xsph.ru
aun3xk17k.space
aun3xk18k.space
aun3xk19k.space
bbhmnn778.fun
donotspace.pw

# Reference: https://www.virustotal.com/gui/file/b96fe7672bb7f8bb93a34afa0cddb8adca26b29d37ad6177428e03a6f5decf19/detection

http://35.205.249.65

# Reference: https://www.virustotal.com/gui/file/9ca59ba1030b3aacfb700c7a5315b2f507ff7aa4d9952c74eab76db232ce91c3/detection

annafraudy.pw

# Reference: https://www.virustotal.com/gui/file/6df4625a2800e03824bdbd634656e7a5eb36c800c6137510427e9ce5a6006868/detection

avorlen.xyz

# Reference: https://www.virustotal.com/gui/file/13d89de097dbbf41822ed9d024e53b8c934cd724c77ab9cfaeeff29fd98e6f5f/detection

letsmakesome.fun

# Reference: https://www.virustotal.com/gui/file/a0a50284a627570c96cf3ed3d05835bed9fe27d4732034c535a082f727db8660/detection

youaresoslow.top

# Reference: https://www.virustotal.com/gui/file/2a5fcaa841cb812407cb3bfa0bc2e304e71b0b081a4aaf38360dcf949e4ae2f0/detection

http://91.214.124.126
bbbs7n5n2kohfwn4rlp4zozaqjue2batn26pblf3f.xyz

# Reference: https://www.virustotal.com/gui/file/032ee9b7a4037c20fe7afab73c5dbdf36724d7a5e38dcc7e89ee5356a473716d/detection

youcanfindmeonthe.top

# Reference: https://www.virustotal.com/gui/file/e3cb68c0fc9640e1f84456d17837a14681991a0f2479215c14a62cfa731ad45e/detection

videomart.top

# Reference: https://www.virustotal.com/gui/file/62ae35bf94183248e227e5197f3d0e03de10ae80a02c054c90380b04aebd9d5f/detection

belochkaneprihoditodna.top

# Reference: https://www.virustotal.com/gui/file/e61886846ec468de3e977cfbb68e2f26df9fd3bef014dc17d8db8736e7b30dd3/detection

mynameisjamesbrown.top

# Reference: https://www.virustotal.com/gui/file/823a661a806d45ed15b0c501fa049efad049b1f4b230965eed8e37adcdd4c560/detection

http://35.228.60.103

# Reference: https://www.virustotal.com/gui/file/8752f73ad02750730501bb8b87e164deeaba0a6ac81cf27ed7285dd3a3e9314f/detection

number2g.top

# Reference: https://www.virustotal.com/gui/file/42d7f38a0939dd15cc3ffd2ed9cc6be3a88120081cddc062275f105821920e83/detection

genericalphabet.top

# Reference: https://www.virustotal.com/gui/file/d4e62831f539ad067210308f28c5e93faec48b920038e340908e2e88c3fb0ca3/detection

http://34.76.8.115

# Reference: https://www.virustotal.com/gui/file/dbba731937d435681ed98af6e42ab52d53af4f9ebe8db955a2b4b9ab63b4b06c/detection

135.148.139.222:33569

# Reference: https://twitter.com/abuse_ch/status/1449632874848792586

http://5.181.156.229
telegatt.top
telemirror.top
tgmirror.top

# Reference: https://twitter.com/pr0xylife/status/1458056136565927939
# Reference: https://twitter.com/pr0xylife/status/1458056336961425415

http://185.163.47.176
http://193.38.54.238
http://74.119.192.122
http://91.219.236.162
http://91.219.236.240
/baldandbankrupt1
/bimboDinotrex
/elonstack12
/jdiamond13
/nixsmasterbaks2
/ogaollebro1
/rino115sipsip
/takecareandkeepitup

# Reference: https://www.virustotal.com/gui/file/9b939d6792be4814bae998d6c757674730b32ce5f56e37e6b1d16968e3e9bf24/detection

warmbeddy.top

# Reference: https://www.virustotal.com/gui/file/60d20bdbfff1e73f1b1cca0f5b34a19b70fa855c470b2f382980dfb03d819d6d/behavior/Microsoft%20Sysinternals
# Reference: https://www.virustotal.com/gui/file/60d20bdbfff1e73f1b1cca0f5b34a19b70fa855c470b2f382980dfb03d819d6d/behavior/Microsoft%20Sysinternals

91.243.32.23:12780

# Reference: https://www.virustotal.com/gui/file/f98b232e826f4a0a4f1aca5c1d704c964d82bd562d3bdab1d69baaa63e2f5891/behavior/Microsoft%20Sysinternals

23.88.109.42:55961

# Reference: https://www.virustotal.com/gui/file/d57e7380837a4cc5bf20d4134aa30c68c34d42c4517b6906b812b00cd72f9461/behavior/Microsoft%20Sysinternals
# Reference: https://www.virustotal.com/gui/file/c00878138c8dd2df6ec39b436568b9c56b9c1fdde5878e50d9faa2eed87125e5/behavior/Microsoft%20Sysinternals

ce27084.tmweb.ru
185.215.113.57:50723

# Reference: https://www.virustotal.com/gui/file/f859429e880efdc4ca45dccd04f16d167d6369b19e84ab91ab8be5ea85d496c5/behavior/Microsoft%20Sysinternals

194.58.69.100:37026

# Reference: https://www.virustotal.com/gui/file/9ffb47d819051a27ce0ed198a22c18f49f9e47c4ad19a7578aa84322ab4140e9/behavior/Lastline

164.132.202.23:35481

# Reference: https://www.virustotal.com/gui/file/96a2923ef8d971498bd84cfa20a4cad3329624f5cc9a10c17840927bc4cec3bf/behavior/Microsoft%20Sysinternals

95.181.152.14:46927

# Reference: https://www.virustotal.com/gui/file/2392f52588a43a91fbe330d046e5263272e100acb2f79193d788696ef9f2613d/behavior/Microsoft%20Sysinternals

185.215.113.109:44059

# Reference: https://www.virustotal.com/gui/file/39a9cd5cdd897d4c78294fbdd13c5114191ca378f2bb83c62b2a45dc744206ae/behavior/Microsoft%20Sysinternals

185.215.113.109:44059

# Generic trails

/file_handler/file.php
/file_handler4/file.php
/gate/log.php
/gate/sqlite3.dll
/gate/libs.zip
/eueueuueueue.php
/momomoomomom.php
/ozozozozoz.php
/us1jdskjdshfkjehr.php
/usalamendallasu.php
/usksdjqjwjoweidjcslkm.php
/usuususususuusus.php
/hgguf3YB4qmE47arMq9R/
/hhhuuulllliiiiii/
/rrrorororor/
/hhhuuulllliiiiii/rrrorororor/
/SwjBfXYB4qmE47art5oZ/
/function/v2tmp/
/l/f/2yIwFHgBuI_ccNKoZIni/
/l/f/FRmrq3cBuI_ccNKom49o/
/2yIwFHgBuI_ccNKoZIni/
/FRmrq3cBuI_ccNKom49o/
/ASHASHAShOWIWWWQQQ/gate.php
/ASHASHAShOWIWWWQQQ/
/FGHAREHAHARWHY/
