# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.symantec.com/security_response/earthlink_writeup.jsp?docid=2018-013106-5656-99
# Reference: https://app.any.run/tasks/a5c15ead-071a-404b-b297-9bffb9ef3de9/

bleepingcomputer.bit
nomoreransom.bit
esetnod32.bit
emsisoft.bit
gandcrab.bit

# Reference: https://cert.gov.ua/news/43

cryptsen7fo43rr6.onion
cryptsen7fo43rr6.onion.to
cryptsen7fo43rr6.onion.cab

# Reference: https://twitter.com/avman1995/status/1041733448560521217

zsr7pln56d2ovr85.com
alldonemostbe.space/auth/login

# Reference: https://www.fortinet.com/blog/threat-research/gandcrab-honor-among-thieves.html

politiaromana.bit
malwarehunterteam.bit
gdcb.bit
gandcrab.bit
nomoreransom.coin
nomoreransom.bit

# Reference: https://blog.talosintelligence.com/2020/05/threat-roundup-0522-0529.html (# Win.Ransomware.Gandcrab-7867602-0)

zonealarm.bit

# Reference: https://www.bleepingcomputer.com/news/security/gandcrab-ransomware-version-2-released-with-new-crab-extension-and-other-changes/

gdcbmuveqjsli57x.onion
gdcbmuveqjsli57x.hiddenservice.net
gdcbmuveqjsli57x.onion.guide
gdcbmuveqjsli57x.onion.rip
gdcbmuveqjsli57x.onion.plus
gdcbmuveqjsli57x.onion.to

# Reference: https://blog.talosintelligence.com/2019/03/threat-roundup-0315-0322.html (Win.Ransomware.Gandcrab-6900355-0)

carder.bit
ransomware.bit
wowservers.ru

# Reference: https://twitter.com/CryptoInsane/status/1119253648549269505

gandcr4cponzb2it.onion

# Reference: https://twitter.com/VK_Intel/status/1123880277170892800
# Reference: https://www.virustotal.com/gui/file/59ac9dc1100246bd7e225a5216b588c121ede5393aeccc8db530dee7c25644af/detection
# Reference: https://twitter.com/James_inthe_box/status/1123918290513027072

http://185.105.4.112

# Reference: https://twitter.com/GrujaRS/status/1123678562765168643

gandcrabmfe6mnef.onion

# Reference: https://twitter.com/blackorbird/status/1108200419543535616
# Reference: https://twitter.com/dvk01uk/status/1126044416966365184
# Reference: https://app.any.run/tasks/abfb50a4-02a7-424e-a430-76d056973968

kakaocorp.link

# Reference: https://news.sophos.com/en-us/2019/05/24/gandcrab-spreading-via-directed-attacks-against-mysql-servers/

172.96.14.134:5471

# Reference: https://www.bleepingcomputer.com/news/security/release-of-gandcrab-52-decryptor-ends-a-bad-ransomware-story/

gdcbghvjyqy7jclk.onion
gdcbghvjyqy7jclk.onion.top
gdcbghvjyqy7jclk.onion.casa
gdcbghvjyqy7jclk.onion.guide
gdcbghvjyqy7jclk.onion.rip
gdcbghvjyqy7jclk.onion.plus

# Reference: https://app.any.run/tasks/93642402-010b-4213-95b0-7556a858a91a/

poketeg.com/uploads/assets/sodehe.png
perovaphoto.ru/wp-content/pictures/methesim.gif
nesten.dk/wp-content/pics/amdedemede.gif
fabbfoundation.gm/wp-content/pictures/esesme.bmp
wpakademi.com/content/graphic/ruzuesde.gif
pp-panda74.ru/data/images/mozu.gif
wash-wear.com/includes/assets/meseimam.jpg
perfectfunnelblueprint.com/uploads/image/mefu.jpg
mimid.cz/uploads/pictures/mesefume.png
oceanlinen.com/news/assets/thkaheam.png
6chen.cn/wp-content/pics/esmo.bmp
boatshowradio.com/news/assets/imheim.bmp
asl-company.ru/news/pictures/eszuke.bmp

# Reference: https://www.exposedbotnets.com/2018/07/gandcrab-v4-ransomware-cnc.html

pp-panda74.ru
priceclub.su

# Reference: https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html (# Win.Dropper.Gandcrab-7586670-0)
# Reference: https://www.virustotal.com/gui/file/39fe1f5c0e995dda7cc659ddd07e2bb7834281d108d42123f723cf31785c0c8d/detection

bon.aungercote.org
ver.sceinsheru.org

# Generic
# https://www.virustotal.com/gui/file/0582d318ac26381d966f74111e80150e5b62525e0cecb07b3f5c47b62723fd39/detection

/api/load/dll
/api/load/downloads
/api/load/loadnew
/api/load/ping
