# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://ransomwaretracker.abuse.ch/tracker/cerber/

i01001.dgn.vn
chromebewfk.top
chromefastl.top
chromehakc.top
cleverdotl.top
ddiopoola.top
dealkolld.top
dokjasura.top
fkauueeepla.top
flowerxpo.top
foolalexas.top
googlefoad.top
newsectorbs.top
watherfka.top
weekendlk.top
zutzt67dcxr6mxcn.onion.to

# Reference: https://isc.sans.edu/diary/Sage%2B2.0%2BRansomware/21959

cocalolo.top
truepokemonant.top

# Reference: https://twitter.com/0bfusCat/status/1194975382795145218

besenok.biz

# Reference: https://blog.talosintelligence.com/2019/11/threat-roundup-1115-1122.html (# Win.Ransomware.Cerber-7395321-0)

ahrkvtgc.com
aynycxbgodmwi.com
fhvkufnnrlyfvx.com
gcijrxipe.com
hd63ueor8473y.com
ogltynjmtfiu.com
qegdtnvuanlyid.com
rlkeqcsygmmglv.com
shebkucvrunporc.com
uahvwkjphhklqigod.com
wdwefwefwwfewdefewfwefw.onion
wglxvkpybhnxhfv.com

# Reference: https://blog.talosintelligence.com/2020/02/threat-roundup-0131-0207.html (# Win.Ransomware.Cerber-7571364-0)

blasters.biz

# Reference: https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.html (# Win.Ransomware.Cerber-7582361-0)

bocfgojek.click
cdwguymjxnyot.pl
cojkhmdxrwvxwxa.pw
dxpmkdipp.info
hkwyfnevdievebgjx.xyz
hldsfuh.info
iconhrdqmeueg.su
ligumssfsrtfpy.xyz
mmteenijjjuyoqju.info
mwddgguaa5rj7b54.onion
othcijmuhwb.pl
pqhwfeeivtkxi.click
qgilcuym.org
qoaouhgwfy.biz
rqtcmltkurtev.pw
veiqvqirdhmyis.org
ydgsjrjqotlffitfg.org

# Reference: https://github.com/StrangerealIntel/malware-notes/blob/master/Ransomware/_ransom_notes.md

decrypttozxybarc.onion

# Reference: https://app.any.run/tasks/7bebb866-3963-4843-9226-6cfc79c4c3bf/

ffoqr3ug7m726zou.onion.to

# Reference: https://blog.talosintelligence.com/2020/02/threat-roundup-0221-0228.html (# Doc.Malware.Valyria-7595017-0)

dosehoop.top
folueaport.top
footarepu.top
vvorootad.top
zofelaseo.top

# Reference: https://www.ey.com/Publication/vwLUAssets/ey-wannacry-ransomware-attack/$File/ey-wannacry-ransomware-attack.pdf

mbfce24rgn65bx3g.jktew0.com
mbfce24rgn65bx3g.lfsjkad.net
mbfce24rgn65bx3g.yio3lvx.com
7gie6ffnkrjykggd.2kzm0f.com
mbfce24rgn65bx3g.2kzm0f.com
7gie6ffnkrjykggd.jktew0.com
7gie6ffnkrjykggd.jpo2z1.net
mbfce24rgn65bx3g.6t4u2p.net
mbfce24rgn65bx3g.jpo2z1.net

# Reference: https://ransomwaretracker.abuse.ch/tracker/sage/  (as seen on 2017-10-31)

mbfce24rgn65bx3g.kye1ap.net
mbfce24rgn65bx3g.l3by4d.com
mbfce24rgn65bx3g.17b3o.net
mbfce24rgn65bx3g.2igu316.com
mbfce24rgn65bx3g.je9mlz.com
mbfce24rgn65bx3g.eho23d.net
mbfce24rgn65bx3g.hp8ewo.net
mbfce24rgn65bx3g.0ny42p.com
mbfce24rgn65bx3g.is0hvt1.com

# Reference: https://blog.talosintelligence.com/2019/06/threat-roundup-0614-0621.html (# Win.Ransomware.Sage-6995951-1)

mbfce24rgn65bx3g.we0sgd.com
mbfce24rgn65bx3g.y8lkjg5.net

# Reference: http://id-ransomware.blogspot.com/2017/01/sage-2-ransomware.html (Russian)

mbfce24rgn65bx3g.op7su2.com
mbfce24rgn65bx3g.rzunt3u2.com
7gie6ffnkrjykggd.rzunt3u2.com
7gie6ffnkrjykggd.er29sl.in
7gie6ffnkrjykggd.onion
z5dq36kjy5swjtmr.hp8ewo.net
z5dq36kjy5swjtmr.0ny42p.com

# Reference: https://isc.sans.edu/diary/Sage%2B2.0%2BRansomware/21959

mbfce24rgn65bx3g.er29sl.in

# Reference: https://blog.talosintelligence.com/2020/04/threat-roundup-0403-0410.html (# Win.Ransomware.Razy-7646351-0)

mbfce24rgn65bx3g.we0sgd.com
mbfce24rgn65bx3g.y8lkjg5.net

# Reference: https://twitter.com/pancak3lullz/status/1251227273950310400

31.184.192.3:6892

# Reference: https://app.any.run/tasks/a87d495b-2fb6-4130-a40d-f5b74610b8c2/

93.107.12.1:6893

# Generic trails

\b(27lelchgcvs2wpm7|4kqd3hmqgptupi3p|52uo5k3t73ypjije|7gie6ffnkrjykggd|ahuqfrqk54v3vnzj|avsxrcoq2q5fgrw2|cerberhhyed5frqa|ffoqr3ug7m726zou|fnmi62725zfti2vy|ftoxmpdipwobp4qy|hjhqmbxyinislkkt|lfdachijzuwx4bc4|mbfce24rgn65bx3g|oqwygprskqv65j72|p27dokhpz2n7nvgr|pe2cku7pebkpgeko|pmenboeqhyrpvomq|qfjhpgbefuhenjp7|unocl45trpuoefft|vyohacxzoue32vvk|wjtqjleommc4z46i|xpcx6erilkjced3j|xrhwryizf5mui7a5|z5dq36kjy5swjtmr)\.[a-z0-9.]+
