# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://blog.talosintelligence.com/2019/04/sodinokibi-ransomware-exploits-weblogic.html

aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion
decryptor.top
http://130.61.54.136

# Reference: https://twitter.com/struppigel/status/1134472294456320000

blaerck.xyz

# Reference: https://twitter.com/James_inthe_box/status/1130541505356095488
# Reference: https://pastebin.com/LFHR1XX1

jg4rli4xoagvvmw47fr2bnnfu7t2epj6owrgyoee7daoh4gxvbt3bhyd.onion

# Reference: https://pastebin.com/dCyaDZEm

sritoosoosd.xyz

# Reference: https://twitter.com/rikvduijn/status/1229688433339179008

decryptor.cc

# Reference: https://twitter.com/FaLconIntel/status/1235580218842083329

http://165.22.105.225

# Reference: https://www.virustotal.com/gui/file/457d9e4773f45954449ee5913d068fdbb3d8e5689019688e7bce901467e5473a/detection

texet1.ug
texet2.ug

# Reference: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/sodinokibi-ransomware-cobalt-strike-pos
# Reference: https://otx.alienvault.com/pulse/5ef222cc894e26def88c012f

d2zblloliromfu.cloudfront.net
