# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: http://www.secureworks.com/cyber-threat-intelligence/threats/cryptowall-ransomware/
# Reference: https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/25000/PD25480/en_US/McAfee_Labs_Threat_Advisory-Ransom_Cryptowall.pdf

yoyosasa.com
youtubeallin.com
serbiabboy.com
hairyhustler.com
uprnsme.com
dealwithhell.com
wawamediana.com
qoweiuwea.com
dominikanabestplace.com
nofbiatdominicana.com
dominicanajoker.com
likeyoudominicana.com
khalisimilisi.com
posramosra.com
maskaradshowdominicana.com
newsbrontima.com
yaroshwelcome.com
granatebit.com
rearbeab.com
droterdrotit.com
kukisasda8121.com
tyuweirwsdf18741.com
machetesraka.com
markizasamvel.com
wachapikchaid91.com
hilaryclintonbest81.com
niggaattack23.com
norevengenosuck.com
stopobamastopusa.com
jiromepic.com
clocksoffers.com
gretableta.com
kaikialexus.com
babyslutsnil.com
wartbartmart.com
la4eversuck.com
obsesickshit.com
mamapapafam.com
usawithgitler.com
kickasssisters.com
bdsmwithyou.com
iampeterbaby.com
teromasla.com
torichipinis.com
gitlerluvua.com
covermontislol.com
usaalwayswar.com
bolizarsospos.com
titaniumpaladium.com
adolfforua.com
vivatsaultppc.com
milimalipali.com
poroshenkogitler.com
waltabaldasd.com
dancewithmeseniorita.com
indeedlinkme.com
crunkthatme.com
hungarymethis.com
terrymerry.com
lvoobptv6w5zanxu.onion
hyzcrtwh6ispjwj4.onion
2yd2bu2k5ilgxv6u.onion
kpai7ycr7jxqkilp.onion

# Reference: https://otx.alienvault.com/pulse/56253a7d67db8c47d3ce1a99/

speralreaopio.com
londonparig.tk
wswellproducts.com
comprarbbom.com.br
saryact.com

# Reference: http://www.malware-traffic-analysis.net/2015/10/20/index.html

dramaldental.com
konrad.szalapak.eu
quali-man.com

# Reference: https://otx.alienvault.com/pulse/5649468167db8c7a156b251d/

19bee88.com
abelindia.co
adcconsulting.net
adrive62.com
ainahanaudoula.com
alltimefacts.com
champagneframeofmind.com
cjforudesigns.com
csscott.com
fitbalancechallenge.com
flexiblepestsolutions.com
frc-conf.com
frc-pr.com
gerberinsreferral.com
hajsy.pro-linuxpl.com
httthanglong.com
imagescameraclub.com
kingalter.com
ks0407.com
lexscheep.com
localburialinsuranceinfo.com
mabawamathare.org
manisidhu.in
mofiaweb.com
mycampusjuice.com
novolani.com
parsimaj.com
pastimefoods.com
posrednik-china.com
purposenowacademy.com
royalsboostersgbball.com
salamasisters.org
shrisaisales.in
smfinternational.com
stwholesaleinc.com
successafter60.com
SuperCravings.com
texmart.in
thegingod.com
theGinGod.com
tuvestir.com
yahoosupportaustralia.com

# Reference: http://www.pccaretips.com/blog/how-to-remove-paytordmbdekmizq-tor4pay-com-virus.html

paytordmbdekmizq.onion
paytordmbdekmizq.pay4tor.com
paytordmbdekmizq.tor4pay.com
paytordmbdekmizq.torsona.com

# Reference: https://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Ransom%3AWin32%2FIsda

euiloveyou.com
hungariagogo.com
muhojir.tj
structretech.com
valueseu.com

# Reference: https://www.virustotal.com/en/domain/taxonprofits.com/information/

taxonprofits.com

# Reference: https://cymon.io/154.43.166.88

barabakadog.com

# Reference: https://www.zscaler.com/blogs/research/cryptowall-30-campaign-still-kicking

dorttlokolrt.com
indsertgamert.org
davis1.ru
downs1.ru
ellison1.ru
manning1.ru

# Reference: http://malwarefor.me/paying-days-cryptowall-3-0-campaign-via-magnitude-ek/

judora-ng.com
tryea.com
aseanian.com

# Reference: https://www.cryptowalltracker.org/cryptowall-4.html#networktraffic

/4bnu_k.php
/SCNnAd.php
/e25yBh.php
/5FY7P8.php

# Reference: https://www.cryptowalltracker.org/cryptowall-3.html#networktraffic

/P_tfk9.php
/H0zbxa.php

# Reference: https://www.cryptowalltracker.org/cryptowall-2.html#networktraffic

/w5bt74v22rlpfhx
/3640m0hzrz4i
/4z824ft4kum

# Reference: https://www.cryptowalltracker.org/cryptowall-1.html#networktraffic

/ogw4jyd918b
/w8c20n1424sw
/mp2fylzguhia

# Reference: https://www.cryptowalltracker.org/cryptodefense.html#networktraffic

/2a628t577por5c
/psfxwfddej1roh
/68qmqzyt1326xx8
/zfan5jzphfdsrlr
/fjd7m0199e5
/6ifemkkgkn19n
/hs9qwveivl
/1od6f4q72ppa

# Reference: https://www.cryptowalltracker.org/cryptolocker-clone.html#networktraffic

/36b1pxn56o6gnnf
/5at6xmynaj13ts4
/5h4tsjw18159zg

# Reference: https://www.malware-traffic-analysis.net/2015/08/13/index.html

http://couponsonakeychain.com/wp-content/plugins/wp-smushit/ccc.php
http://conopizzabrasil.com/wp-content/plugins/revision-control/ccc.php
http://futurecomtechnologies.com/wp-content/plugins/jetpack/ccccc.php
http://content-into-cash.com/wp-content/plugins/pretty-link/cc.php
http://cprnash.com/wp-content/themes/twentytwelve/c.php
http://conopizzavenezuela.com/wp-content/plugins/stickyfooter/ccccc.php

# Reference: https://app.any.run/tasks/987fb584-39b6-4c71-806a-f01410995d98/

goijsert5liuasdf7.l5news9ndbe3f.com
djdkduep62kz4nzx.tor2web.blutmagie.de
vmnpoius5e8s.awsfdmn342ned.com
djdkduep62kz4nzx.tor2web.org

# Reference: https://www.virustotal.com/gui/file/dee03c76e9b59ee3cbdb0110dde39a8d481f9b97cbbae4d1ad238e5f61773c30/behavior/Tencent%20HABO

http://chadwondermagic.com/wp-content/plugins/wp-quick-contact-us/cc.php
http://connectao.com/wp-content/themes/twentyeleven/cc.php
http://homestyle1974.com/wp-content/uploads/rrr.php
http://gsaarkansas.com/wp-content/plugins/wp-antibot-standart/rrrr.php
http://isikbahcebakim.com/wp-content/uploads/rrrr.php
http://glamazona.com/plugins/system/plg_system_rewrite/rr.php
http://hkmsm.com/wp-content/themes/xinji/rrrr.php
http://idea-lab.kz/wp-content/uploads/rrr.php
http://conopizzavenezuela.com/wp-content/plugins/stickyfooter/ccccc.php
http://morphcoffee.com/wp-content/uploads/cc.php
http://kwiatpaproci.mazury.pl/images/ccccc.php
http://conopizzacolombia.com/wp-content/plugins/pods/cc.php
http://cprnash.com/wp-content/themes/twentytwelve/c.php
http://aplikacii.com/openx/www/delivery/ccc.php
http://paperplane.co.id/site/ccccc.php
http://fortecegypt.com/blog/wp-content/themes/twentyfourteen/rrr.php
http://misssupranationalthailand.com/wp-content/cccc.php
http://communityneuroclinic.com/wp-content/themes/twentytwelve/cccc.php
http://immbau24.de/templates/atomic/rr.php
http://grpgroup.co.il/wp-content/plugins/revslider/temp/cccc.php
http://eiflthai.net/wp-content/themes/twentytwelve/rr.php
http://comoaprenderamaquillarse.com/wp-content/themes/twentyten/c.php
http://bryanfross.com/wp-content/themes/twentyeleven/ccccc.php
http://biz-brokerage.com/wp-content/plugins/wp-antibot-standart/rrr.php
http://fashionpeople.com.br/wp-content/themes/mazine/rrrrr.php
http://conopizzachile.com/wp-content/plugins/gravityforms/ccc.php
http://conopizzabrasil.com/wp-content/plugins/revision-control/ccc.php
http://oscotec.com/board/cccc.php
http://content-into-cash.com/wp-content/plugins/pretty-link/cc.php
http://conopizzauruguay.com/wp-content/wp-content/themes/twentythirteen/cccc.php
http://motored.pl/wp-content/uploads/rrrrr.php
http://charityfross.com/wp-content/themes/twentyfourteen/cccc.php
http://cafejapan.com/wp-content/plugins/bwp-recent-comments/ccc.php
http://kesbuk.cz/wp-content/uploads/rrrr.php
http://clever-x.com/wp-content/plugins/sitepress-multilingual-cms/ccccc.php
http://elanahmias.com/wp-content/uploads/r.php
http://gayphonesexboys.com/wp-content/uploads/rrrr.php
http://mohandeep.com/wp-content/uploads/rrr.php
http://hiring-drivers.com/wp-content/plugins/revslider/temp/cc.php
http://ferijalnirs.com/wp-content/plugins/revslider/temp/c.php
http://jadeamazonia.com/wp-content/uploads/r.php
http://charlescrosson.com/wp-content/plugins/woodojo/ccccc.php
http://miiart-jewelry.com/wp-content/uploads/rr.php
http://eduvantage.com/wp-content/uploads/rrrr.php
http://futurecomtechnologies.com/wp-content/plugins/jetpack/ccccc.php
http://majorleaguehomerepair.com/wp-content/uploads/rrrr.php
http://shipedtoyou.com/download/cc.php
http://gei-th.com/ckfinder/cc.php
http://infrontofmycamera.com/albums/ccc.php
http://grizzlysts.com/wp-content/uploads/rrr.php
http://canyonmidwifery.com/wp-content/plugins/ultimate-branding/c.php
http://couponsonakeychain.com/wp-content/plugins/wp-smushit/ccc.php
http://chadwondermagic.com/wp-content/plugins/wp-quick-contact-us/cc.php
http://connectao.com/wp-content/themes/twentyeleven/cc.php
http://homestyle1974.com/wp-content/uploads/rrr.php
http://gsaarkansas.com/wp-content/plugins/wp-antibot-standart/rrrr.php
http://isikbahcebakim.com/wp-content/uploads/rrrr.php
http://glamazona.com/plugins/system/plg_system_rewrite/rr.php
http://hkmsm.com/wp-content/themes/xinji/rrrr.php
http://idea-lab.kz/wp-content/uploads/rrr.php
http://conopizzavenezuela.com/wp-content/plugins/stickyfooter/ccccc.php
http://morphcoffee.com/wp-content/uploads/cc.php
http://kwiatpaproci.mazury.pl/images/ccccc.php
http://conopizzacolombia.com/wp-content/plugins/pods/cc.php
http://cprnash.com/wp-content/themes/twentytwelve/c.php
http://aplikacii.com/openx/www/delivery/ccc.php
http://paperplane.co.id/site/ccccc.php
http://fortecegypt.com/blog/wp-content/themes/twentyfourteen/rrr.php
http://misssupranationalthailand.com/wp-content/cccc.php
http://communityneuroclinic.com/wp-content/themes/twentytwelve/cccc.php
http://immbau24.de/templates/atomic/rr.php
http://grpgroup.co.il/wp-content/plugins/revslider/temp/cccc.php
http://eiflthai.net/wp-content/themes/twentytwelve/rr.php
http://comoaprenderamaquillarse.com/wp-content/themes/twentyten/c.php
http://bryanfross.com/wp-content/themes/twentyeleven/ccccc.php
http://biz-brokerage.com/wp-content/plugins/wp-antibot-standart/rrr.php
http://fashionpeople.com.br/wp-content/themes/mazine/rrrrr.php
http://conopizzachile.com/wp-content/plugins/gravityforms/ccc.php
http://conopizzabrasil.com/wp-content/plugins/revision-control/ccc.php
http://oscotec.com/board/cccc.php
http://content-into-cash.com/wp-content/plugins/pretty-link/cc.php
http://conopizzauruguay.com/wp-content/wp-content/themes/twentythirteen/cccc.php
http://motored.pl/wp-content/uploads/rrrrr.php
http://charityfross.com/wp-content/themes/twentyfourteen/cccc.php
http://cafejapan.com/wp-content/plugins/bwp-recent-comments/ccc.php
http://kesbuk.cz/wp-content/uploads/rrrr.php
http://clever-x.com/wp-content/plugins/sitepress-multilingual-cms/ccccc.php
http://elanahmias.com/wp-content/uploads/r.php
http://gayphonesexboys.com/wp-content/uploads/rrrr.php
http://mohandeep.com/wp-content/uploads/rrr.php
http://hiring-drivers.com/wp-content/plugins/revslider/temp/cc.php
http://ferijalnirs.com/wp-content/plugins/revslider/temp/c.php
http://jadeamazonia.com/wp-content/uploads/r.php
http://charlescrosson.com/wp-content/plugins/woodojo/ccccc.php
http://miiart-jewelry.com/wp-content/uploads/rr.php
http://eduvantage.com/wp-content/uploads/rrrr.php
http://futurecomtechnologies.com/wp-content/plugins/jetpack/ccccc.php
http://majorleaguehomerepair.com/wp-content/uploads/rrrr.php
http://shipedtoyou.com/download/cc.php
http://gei-th.com/ckfinder/cc.php
http://infrontofmycamera.com/albums/ccc.php
http://grizzlysts.com/wp-content/uploads/rrr.php
http://canyonmidwifery.com/wp-content/plugins/ultimate-branding/c.php
http://couponsonakeychain.com/wp-content/plugins/wp-smushit/ccc.php
