diff --git a/iocs/otx-c2-iocs.txt b/iocs/otx-c2-iocs.txt index 1e77f4b..e5a4cfb 100644 --- a/iocs/otx-c2-iocs.txt +++ b/iocs/otx-c2-iocs.txt @@ -1,3 +1,392 @@ +211.58.38.100;StreamEx samples https://twitter.com/v0id_hunter/status/835209786312400896 +rouji.xssr.org;StreamEx samples https://twitter.com/v0id_hunter/status/835209786312400896 +103.214.143.44;StreamEx samples https://twitter.com/v0id_hunter/status/835209786312400896 +time-service.org;StreamEx samples https://twitter.com/v0id_hunter/status/835209786312400896 +wwwgooglewww.com;StreamEx samples https://twitter.com/v0id_hunter/status/835209786312400896 +mail-help.com;StreamEx samples https://twitter.com/v0id_hunter/status/835209786312400896 +wwgooglewww.com;StreamEx samples https://twitter.com/v0id_hunter/status/835209786312400896 +google-helps.com;StreamEx samples https://twitter.com/v0id_hunter/status/835209786312400896 +ns1.xssr.org;StreamEx samples https://twitter.com/v0id_hunter/status/835209786312400896 +r4.microsoftupdating.org;StreamEx samples https://twitter.com/v0id_hunter/status/835209786312400896 +backup.microsoftappstore.com;StreamEx samples https://twitter.com/v0id_hunter/status/835209786312400896 +www.microsoftwww.com;StreamEx samples https://twitter.com/v0id_hunter/status/835209786312400896 +uriupdate.newsbs.net;StreamEx samples https://twitter.com/v0id_hunter/status/835209786312400896 +ns2.ccccc.work;StreamEx samples https://twitter.com/v0id_hunter/status/835209786312400896 +qr1.3jd90dsj3df.website;StreamEx samples https://twitter.com/v0id_hunter/status/835209786312400896 +ns1.superman0x58.com;StreamEx samples https://twitter.com/v0id_hunter/status/835209786312400896 +ns2.superman0x58.com;StreamEx samples https://twitter.com/v0id_hunter/status/835209786312400896 +update.microsoftwww.com;StreamEx samples https://twitter.com/v0id_hunter/status/835209786312400896 +ns1.ccccc.work;StreamEx samples https://twitter.com/v0id_hunter/status/835209786312400896 +dataserver.cmonkey3.com;StreamEx samples https://twitter.com/v0id_hunter/status/835209786312400896 +ns2.xssr.org;StreamEx samples https://twitter.com/v0id_hunter/status/835209786312400896 +t2z0n9.microsoftappstore.com;StreamEx samples https://twitter.com/v0id_hunter/status/835209786312400896 +temp.mail-issue.top;StreamEx samples https://twitter.com/v0id_hunter/status/835209786312400896 +zy.xssr.org;StreamEx samples https://twitter.com/v0id_hunter/status/835209786312400896 +updatecz.mykorean.net;StreamEx samples https://twitter.com/v0id_hunter/status/835209786312400896 +kpupdate.amz80.com;StreamEx samples https://twitter.com/v0id_hunter/status/835209786312400896 +www.aceactor.co.kr;StreamEx samples https://twitter.com/v0id_hunter/status/835209786312400896 +220.73.222.120;StreamEx samples https://twitter.com/v0id_hunter/status/835209786312400896 +107.161.80.22;StreamEx samples https://twitter.com/v0id_hunter/status/835209786312400896 +88.208.228.56;StreamEx samples https://twitter.com/v0id_hunter/status/835209786312400896 +118.193.153.5;StreamEx samples https://twitter.com/v0id_hunter/status/835209786312400896 +92.242.144.2;StreamEx samples https://twitter.com/v0id_hunter/status/835209786312400896 +158.69.34.129;StreamEx samples https://twitter.com/v0id_hunter/status/835209786312400896 +173.231.49.141;StreamEx samples https://twitter.com/v0id_hunter/status/835209786312400896 +221.139.50.134;StreamEx samples https://twitter.com/v0id_hunter/status/835209786312400896 +178.209.51.164;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +logon.had-one-job.com;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +video.today-nytimes.com;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +update.nfkllyuisyahooapis.com;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +api.officeonlinetool.com;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +travel.tripmans.com;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +mail.upgoogle.com;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +library.cpgcorp.org;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +dns.undpus.com;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +ie.update-windows-microsoft.com;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +www.avgfree.us;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +secure2.sophosrv.com;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +store.outlook-microsoft.net;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +wbmail.city-library.com;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +images.defexpoindia14.com;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +www.go-gga.com;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +support.outlook-microsoft.net;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +update.micrdsoft.com;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +116.251.210.77;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +23.89.200.128;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +178.209.52.72;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +23.89.201.173;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +112.213.117.52;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +38.109.190.55;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +210.245.85.83;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +49.213.18.15;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +116.251.216.165;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +117.17.10.10;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +103.229.124.1;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +151.236.14.53;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +116.251.216.72;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +192.157.229.164;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +50.117.47.67;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +50.117.47.66;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +61.250.92.79;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +176.31.220.160;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +103.39.78.131;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +116.251.216.227;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +116.251.219.142;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +198.98.103.7;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +107.191.61.105;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +information.as;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +consultant.in;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +10.in;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +leases.in;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +registry.active;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +adventurelearning.me;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +malware.one;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +components.report;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +cpgcorp.com.sg;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +name.network;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +installed.active;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +www.flymna.com;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +www.goodlook.sg;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +www.domesky.com;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +www.commerce.gov.mm;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +www.tinroofpopcorn.com;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +www.citrixmeeting.com;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +www.psychologia.uni.wroc.pl;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +www.ipacking.co.kr;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +203.81.162.178;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +150.207.1.67;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +support.f--secure.com;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +kssync3347.com;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +kssync3343.com;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +avssync3357.com;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +bluesync2121.com;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +mvssync8767.com;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +mahee.kssync3343.co.cc;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +kssync3347.co.cc;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +windws-microsoft.com;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +domainsapplemedia1218.com;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +store.outlook-microsoft.com;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +domainsaccount.google.com.gmgoogle.com;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +oem.outlook-microsoft.com;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +support.outlook-microsoft.com;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +help.outlook-microsoft.com;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +eastmedia1221.com;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +bbmdroid.com;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +eastmedia3347.com;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +bbmsync2727.com;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +facemedia.co.cc;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +eastmedia3347.co.cc;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp +mit.fileserver4390.org;Crypt0L0cker http://marcoramilli.blogspot.co.uk/2017/02/crypt0l0cker-revival.html +xiodc6dmizahhijj.onion;Crypt0L0cker http://marcoramilli.blogspot.co.uk/2017/02/crypt0l0cker-revival.html +izemireli.divamind.org;Crypt0L0cker http://marcoramilli.blogspot.co.uk/2017/02/crypt0l0cker-revival.html +irel.divamind.org;Crypt0L0cker http://marcoramilli.blogspot.co.uk/2017/02/crypt0l0cker-revival.html +isafexuh.divamind.org;Crypt0L0cker http://marcoramilli.blogspot.co.uk/2017/02/crypt0l0cker-revival.html +ulymobutol.divamind.org;Crypt0L0cker http://marcoramilli.blogspot.co.uk/2017/02/crypt0l0cker-revival.html +xxxxxxx.divamind.org;Crypt0L0cker http://marcoramilli.blogspot.co.uk/2017/02/crypt0l0cker-revival.html +ulefuw.divamind.org;Crypt0L0cker http://marcoramilli.blogspot.co.uk/2017/02/crypt0l0cker-revival.html +awwtodufir.divamind.org;Crypt0L0cker http://marcoramilli.blogspot.co.uk/2017/02/crypt0l0cker-revival.html +ykotifehut.divamind.org;Crypt0L0cker http://marcoramilli.blogspot.co.uk/2017/02/crypt0l0cker-revival.html +imadyxaro.divamind.org;Crypt0L0cker http://marcoramilli.blogspot.co.uk/2017/02/crypt0l0cker-revival.html +kcoma.divamind.org;Crypt0L0cker http://marcoramilli.blogspot.co.uk/2017/02/crypt0l0cker-revival.html +efuca.divamind.org;Crypt0L0cker http://marcoramilli.blogspot.co.uk/2017/02/crypt0l0cker-revival.html +udupose.divamind.org;Crypt0L0cker http://marcoramilli.blogspot.co.uk/2017/02/crypt0l0cker-revival.html +ibeb.divamind.org;Crypt0L0cker http://marcoramilli.blogspot.co.uk/2017/02/crypt0l0cker-revival.html +uqekfr.divamind.org;Crypt0L0cker http://marcoramilli.blogspot.co.uk/2017/02/crypt0l0cker-revival.html +ifyvas.divamind.org;Crypt0L0cker http://marcoramilli.blogspot.co.uk/2017/02/crypt0l0cker-revival.html +usen.divamind.org;Crypt0L0cker http://marcoramilli.blogspot.co.uk/2017/02/crypt0l0cker-revival.html +iqyk.divamind.org;Crypt0L0cker http://marcoramilli.blogspot.co.uk/2017/02/crypt0l0cker-revival.html +aminevkjude.divamind.org;Crypt0L0cker http://marcoramilli.blogspot.co.uk/2017/02/crypt0l0cker-revival.html +abswuhupnt.divamind.org;Crypt0L0cker http://marcoramilli.blogspot.co.uk/2017/02/crypt0l0cker-revival.html +yfycodolul.divamind.org;Crypt0L0cker http://marcoramilli.blogspot.co.uk/2017/02/crypt0l0cker-revival.html +rtibola.divamind.org;Crypt0L0cker http://marcoramilli.blogspot.co.uk/2017/02/crypt0l0cker-revival.html +yzijyvy.divamind.org;Crypt0L0cker http://marcoramilli.blogspot.co.uk/2017/02/crypt0l0cker-revival.html +irol.divamind.org;Crypt0L0cker http://marcoramilli.blogspot.co.uk/2017/02/crypt0l0cker-revival.html +iwesvxynd.divamind.org;Crypt0L0cker http://marcoramilli.blogspot.co.uk/2017/02/crypt0l0cker-revival.html +kgorihukyho.divamind.org;Crypt0L0cker http://marcoramilli.blogspot.co.uk/2017/02/crypt0l0cker-revival.html +ejrdip.divamind.org;Crypt0L0cker http://marcoramilli.blogspot.co.uk/2017/02/crypt0l0cker-revival.html +erelo.divamind.org;Crypt0L0cker http://marcoramilli.blogspot.co.uk/2017/02/crypt0l0cker-revival.html +ewuzivy.divamind.org;Crypt0L0cker http://marcoramilli.blogspot.co.uk/2017/02/crypt0l0cker-revival.html +pwiregaty.divamind.org;Crypt0L0cker http://marcoramilli.blogspot.co.uk/2017/02/crypt0l0cker-revival.html +ekohob.divamind.org;Crypt0L0cker http://marcoramilli.blogspot.co.uk/2017/02/crypt0l0cker-revival.html +obehilebac.divamind.org;Crypt0L0cker http://marcoramilli.blogspot.co.uk/2017/02/crypt0l0cker-revival.html +qhera.divamind.org;Crypt0L0cker http://marcoramilli.blogspot.co.uk/2017/02/crypt0l0cker-revival.html +ygbm.divamind.org;Crypt0L0cker http://marcoramilli.blogspot.co.uk/2017/02/crypt0l0cker-revival.html +upenigy.divamind.org;Crypt0L0cker http://marcoramilli.blogspot.co.uk/2017/02/crypt0l0cker-revival.html +yzukyfyku.divamind.org;Crypt0L0cker http://marcoramilli.blogspot.co.uk/2017/02/crypt0l0cker-revival.html +iqimub.divamind.org;Crypt0L0cker http://marcoramilli.blogspot.co.uk/2017/02/crypt0l0cker-revival.html +usegi.divamind.org;Crypt0L0cker http://marcoramilli.blogspot.co.uk/2017/02/crypt0l0cker-revival.html +ydoc.divamind.org;Crypt0L0cker http://marcoramilli.blogspot.co.uk/2017/02/crypt0l0cker-revival.html +ijywiqezy.divamind.org;Crypt0L0cker http://marcoramilli.blogspot.co.uk/2017/02/crypt0l0cker-revival.html +fjep.divamind.org;Crypt0L0cker http://marcoramilli.blogspot.co.uk/2017/02/crypt0l0cker-revival.html +ucnpive.divamind.org;Crypt0L0cker http://marcoramilli.blogspot.co.uk/2017/02/crypt0l0cker-revival.html +ghxsykegaja.divamind.org;Crypt0L0cker http://marcoramilli.blogspot.co.uk/2017/02/crypt0l0cker-revival.html +yjeqicoht.divamind.org;Crypt0L0cker http://marcoramilli.blogspot.co.uk/2017/02/crypt0l0cker-revival.html +ogisirigu.divamind.org;Crypt0L0cker http://marcoramilli.blogspot.co.uk/2017/02/crypt0l0cker-revival.html +ahydenuj.divamind.org;Crypt0L0cker http://marcoramilli.blogspot.co.uk/2017/02/crypt0l0cker-revival.html +ezelilijxn.divamind.org;Crypt0L0cker http://marcoramilli.blogspot.co.uk/2017/02/crypt0l0cker-revival.html +imocyfyt.divamind.org;Crypt0L0cker http://marcoramilli.blogspot.co.uk/2017/02/crypt0l0cker-revival.html +ydqpibc.divamind.org;Crypt0L0cker http://marcoramilli.blogspot.co.uk/2017/02/crypt0l0cker-revival.html +ogax.divamind.org;Crypt0L0cker http://marcoramilli.blogspot.co.uk/2017/02/crypt0l0cker-revival.html +x5sbb5gesp6kzwsh.hoptrop.pl;Crypt0L0cker http://marcoramilli.blogspot.co.uk/2017/02/crypt0l0cker-revival.html +koala.acsocietyy.com;Targeted Attacks - Fake Japan Society for the Promotion of Science and... by APT10? https://www.jsps.go.jp/alert/index.html / http://www.meiji.ac.jp/isc/information +hamiltion.catholicmmb.com;Targeted Attacks - Fake Japan Society for the Promotion of Science and... by APT10? https://www.jsps.go.jp/alert/index.html / http://www.meiji.ac.jp/isc/information +dick.ccfchrist.com;Targeted Attacks - Fake Japan Society for the Promotion of Science and... by APT10? https://www.jsps.go.jp/alert/index.html / http://www.meiji.ac.jp/isc/information +trout.belowto.com;Targeted Attacks - Fake Japan Society for the Promotion of Science and... by APT10? https://www.jsps.go.jp/alert/index.html / http://www.meiji.ac.jp/isc/information +zebra.wthelpdesk.com;Targeted Attacks - Fake Japan Society for the Promotion of Science and... by APT10? https://www.jsps.go.jp/alert/index.html / http://www.meiji.ac.jp/isc/information +area.wthelpdesk.com;Targeted Attacks - Fake Japan Society for the Promotion of Science and... by APT10? https://www.jsps.go.jp/alert/index.html / http://www.meiji.ac.jp/isc/information +sakai.unhamj.com;Targeted Attacks - Fake Japan Society for the Promotion of Science and... by APT10? https://www.jsps.go.jp/alert/index.html / http://www.meiji.ac.jp/isc/information +kawasaki.cloud-maste.com;Targeted Attacks - Fake Japan Society for the Promotion of Science and... by APT10? https://www.jsps.go.jp/alert/index.html / http://www.meiji.ac.jp/isc/information +scorpion.poulsenv.com;Targeted Attacks - Fake Japan Society for the Promotion of Science and... by APT10? https://www.jsps.go.jp/alert/index.html / http://www.meiji.ac.jp/isc/information +kawasaki.unhamj.com;Targeted Attacks - Fake Japan Society for the Promotion of Science and... by APT10? https://www.jsps.go.jp/alert/index.html / http://www.meiji.ac.jp/isc/information +msn.incloud-go.com;Targeted Attacks - Fake Japan Society for the Promotion of Science and... by APT10? https://www.jsps.go.jp/alert/index.html / http://www.meiji.ac.jp/isc/information +sapporo.cloud-maste.com;Targeted Attacks - Fake Japan Society for the Promotion of Science and... by APT10? https://www.jsps.go.jp/alert/index.html / http://www.meiji.ac.jp/isc/information +www.fukuoka.cloud-maste.com;Targeted Attacks - Fake Japan Society for the Promotion of Science and... by APT10? https://www.jsps.go.jp/alert/index.html / http://www.meiji.ac.jp/isc/information +zebra.incloud-go.com;Targeted Attacks - Fake Japan Society for the Promotion of Science and... by APT10? https://www.jsps.go.jp/alert/index.html / http://www.meiji.ac.jp/isc/information +fukuoka.cloud-maste.com;Targeted Attacks - Fake Japan Society for the Promotion of Science and... by APT10? https://www.jsps.go.jp/alert/index.html / http://www.meiji.ac.jp/isc/information +yahoo.incloud-go.com;Targeted Attacks - Fake Japan Society for the Promotion of Science and... by APT10? https://www.jsps.go.jp/alert/index.html / http://www.meiji.ac.jp/isc/information +gavin.ccfchrist.com;Targeted Attacks - Fake Japan Society for the Promotion of Science and... by APT10? https://www.jsps.go.jp/alert/index.html / http://www.meiji.ac.jp/isc/information +help.googleplusupport.com;Spear Phishing Techniques Used in Attacks Targeting the Mongolian Government https://www.fireeye.com/blog/threat-research/2017/02/spear_phishing_techn.html / +service.microsoft-onedrive.com;Spear Phishing Techniques Used in Attacks Targeting the Mongolian Government https://www.fireeye.com/blog/threat-research/2017/02/spear_phishing_techn.html / +116.193.154.28;Spear Phishing Techniques Used in Attacks Targeting the Mongolian Government https://www.fireeye.com/blog/threat-research/2017/02/spear_phishing_techn.html / +iynus.net;Locky: New Ransomware Mimics Dridex-Style Distribution http://researchcenter.paloaltonetworks.com/2016/02/locky-new-ransomware-mimics-d +www.southlife.church;Locky: New Ransomware Mimics Dridex-Style Distribution http://researchcenter.paloaltonetworks.com/2016/02/locky-new-ransomware-mimics-d +www.jesusdenazaret.com.ve;Locky: New Ransomware Mimics Dridex-Style Distribution http://researchcenter.paloaltonetworks.com/2016/02/locky-new-ransomware-mimics-d +www.iglobali.com;Locky: New Ransomware Mimics Dridex-Style Distribution http://researchcenter.paloaltonetworks.com/2016/02/locky-new-ransomware-mimics-d +www.villaggio.airwave.at;Locky: New Ransomware Mimics Dridex-Style Distribution http://researchcenter.paloaltonetworks.com/2016/02/locky-new-ransomware-mimics-d +iphone.vizvaz.com;menuPass Returns with New Malware and New Attacks http://researchcenter.paloaltonetworks.com/2017/02/unit42-menupass-returns-new-m +cvnx.zyns.com;menuPass Returns with New Malware and New Attacks http://researchcenter.paloaltonetworks.com/2017/02/unit42-menupass-returns-new-m +fbi.sexxxy.biz;menuPass Returns with New Malware and New Attacks http://researchcenter.paloaltonetworks.com/2017/02/unit42-menupass-returns-new-m +apple.cmdnetview.com;menuPass Returns with New Malware and New Attacks http://researchcenter.paloaltonetworks.com/2017/02/unit42-menupass-returns-new-m +app.lehigtapp.com;menuPass Returns with New Malware and New Attacks http://researchcenter.paloaltonetworks.com/2017/02/unit42-menupass-returns-new-m +contractus.qpoe.com;menuPass Returns with New Malware and New Attacks http://researchcenter.paloaltonetworks.com/2017/02/unit42-menupass-returns-new-m +2014.zzux.com;menuPass Returns with New Malware and New Attacks http://researchcenter.paloaltonetworks.com/2017/02/unit42-menupass-returns-new-m +www.mseupdate.ourhobby.com;menuPass Returns with New Malware and New Attacks http://researchcenter.paloaltonetworks.com/2017/02/unit42-menupass-returns-new-m +cia.toh.info;menuPass Returns with New Malware and New Attacks http://researchcenter.paloaltonetworks.com/2017/02/unit42-menupass-returns-new-m +dick.ccfchrist.com;menuPass Returns with New Malware and New Attacks http://researchcenter.paloaltonetworks.com/2017/02/unit42-menupass-returns-new-m +trout.belowto.com;menuPass Returns with New Malware and New Attacks http://researchcenter.paloaltonetworks.com/2017/02/unit42-menupass-returns-new-m +zebra.wthelpdesk.com;menuPass Returns with New Malware and New Attacks http://researchcenter.paloaltonetworks.com/2017/02/unit42-menupass-returns-new-m +area.wthelpdesk.com;menuPass Returns with New Malware and New Attacks http://researchcenter.paloaltonetworks.com/2017/02/unit42-menupass-returns-new-m +sakai.unhamj.com;menuPass Returns with New Malware and New Attacks http://researchcenter.paloaltonetworks.com/2017/02/unit42-menupass-returns-new-m +kawasaki.cloud-maste.com;menuPass Returns with New Malware and New Attacks http://researchcenter.paloaltonetworks.com/2017/02/unit42-menupass-returns-new-m +scorpion.poulsenv.com;menuPass Returns with New Malware and New Attacks http://researchcenter.paloaltonetworks.com/2017/02/unit42-menupass-returns-new-m +kawasaki.unhamj.com;menuPass Returns with New Malware and New Attacks http://researchcenter.paloaltonetworks.com/2017/02/unit42-menupass-returns-new-m +msn.incloud-go.com;menuPass Returns with New Malware and New Attacks http://researchcenter.paloaltonetworks.com/2017/02/unit42-menupass-returns-new-m +fukuoka.cloud-maste.com;menuPass Returns with New Malware and New Attacks http://researchcenter.paloaltonetworks.com/2017/02/unit42-menupass-returns-new-m +yahoo.incloud-go.com;menuPass Returns with New Malware and New Attacks http://researchcenter.paloaltonetworks.com/2017/02/unit42-menupass-returns-new-m +inspgon.re26.com;menuPass Returns with New Malware and New Attacks http://researchcenter.paloaltonetworks.com/2017/02/unit42-menupass-returns-new-m +nttdata.otzo.com;menuPass Returns with New Malware and New Attacks http://researchcenter.paloaltonetworks.com/2017/02/unit42-menupass-returns-new-m +kawasaki.unham.com;menuPass Returns with New Malware and New Attacks http://researchcenter.paloaltonetworks.com/2017/02/unit42-menupass-returns-new-m +jepsen.r3u8.com;menuPass Returns with New Malware and New Attacks http://researchcenter.paloaltonetworks.com/2017/02/unit42-menupass-returns-new-m +nunluck.re26.com;menuPass Returns with New Malware and New Attacks http://researchcenter.paloaltonetworks.com/2017/02/unit42-menupass-returns-new-m +lion.wchildress.com;menuPass Returns with New Malware and New Attacks http://researchcenter.paloaltonetworks.com/2017/02/unit42-menupass-returns-new-m +jimin.jimindaddy.com;menuPass Returns with New Malware and New Attacks http://researchcenter.paloaltonetworks.com/2017/02/unit42-menupass-returns-new-m +sarahtame.at;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +chudresex.cc;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +loupeacara.net;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +chudresex.at;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +memosigla.su;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +loupeahak.com;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +barberink.biz;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +i-app4.online;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +i-app5.online;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +i-app1.online;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +rockybalboa.at;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +storegoogle.at;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +de.ing;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +cpsxz1.at;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +com.itau;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +inovea-engineering.com;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +weituweritoiwetzer.at;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +elitbizopa.info;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +st.george;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +wellscoastink.biz;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +track-google.at;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +wqetwertwertwerxcvbxcv.at;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +trackgoogle.at;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +ldfghvcxsadfgr.at;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +sudopsuedo2.su;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +dfjdgxm3753u744h.at;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +lingerieathome.eu;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +playsstore.mobi;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +androidpt01.asia;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +bizlikebiz.biz;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +sudopsuedo3.su;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +deereebee.info;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +androidpt02.asia;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +fhfhhhrjtfg3637fgjd.at;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +qqqright.info;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +divingforpearls.at;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +nowayright.biz;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +sudopsuedo1.su;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +alzashop.com;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +coupon-online.fr;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +playsstore.net;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +ktbcs.netbank;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +soulreaver.at;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +securitybitches1.at;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +secure-ingdirect.top;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +playgoogle.at;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +compoz.at;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +filllfoll.biz;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +ssnoways.info;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +dndzh457thdhjk.at;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +olimpogods.at;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +messviiqqq.info;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +securitybitches3.at;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +mobile.santander.de;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +com.ing.mobile;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +com.amazon.mshop.android.shopping;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +org.banksa.bank;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +com.ykb.android;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +org.westpac.bank;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +com.todo1.mobile;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +com.westernunion.moneytransferr3app.eu;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +com.chase.sig.android;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +com.kms.free;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +org.stgeorge.bank;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +com.instagram.android;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +com.avira.android;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +fr.bred.fr;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +au.com.nab.mobile;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +com.schwab.mobile;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +com.santander.app;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +de.comdirect.android;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +au.com.ingdirect.android;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +au.com.bankwest.mobile;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +com.vakifbank.mobile;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +com.cleanmaster.security;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +fr.banquepopulaire.cyberplus.pro;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +com.axabanque.fr;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +com.google.android.gm;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +br.com.bb.android;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +com.ikarus.mobile.security;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +com.qihoo.security;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +com.carrefour.bank;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +com.womboidsystems.antivirus.security.android;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +com.scb.phone;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +com.commbank.netbank;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +com.mosync.app;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +176.119.28.74;Marcher - Android banking Trojan on the rise https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the +rockybalboa.at;Android Marcher now posing as Super Mario Run https://www.zscaler.com/blogs/research/android-marcher-now-posing-super-mario-ru +storegoogle.at;Android Marcher now posing as Super Mario Run https://www.zscaler.com/blogs/research/android-marcher-now-posing-super-mario-ru +goodydaddy.com;Breaking The Weakest Link Of The Strongest Chain https://securelist.com/blog/incidents/77562/breaking-the-weakest-link-of-the-str +androidbak.com;Breaking The Weakest Link Of The Strongest Chain https://securelist.com/blog/incidents/77562/breaking-the-weakest-link-of-the-str +endpointup.com;Breaking The Weakest Link Of The Strongest Chain https://securelist.com/blog/incidents/77562/breaking-the-weakest-link-of-the-str +siteanalysto.com;Breaking The Weakest Link Of The Strongest Chain https://securelist.com/blog/incidents/77562/breaking-the-weakest-link-of-the-str +droidback.com;Breaking The Weakest Link Of The Strongest Chain https://securelist.com/blog/incidents/77562/breaking-the-weakest-link-of-the-str +service1.chrome-up.date;Magic Hound Campaign Attacks Saudi Targets http://researchcenter.paloaltonetworks.com/2017/02/unit42-magic-hound-campaign-a +servicesystem.serveirc.com;Magic Hound Campaign Attacks Saudi Targets http://researchcenter.paloaltonetworks.com/2017/02/unit42-magic-hound-campaign-a +www5.chrome-up.date;Magic Hound Campaign Attacks Saudi Targets http://researchcenter.paloaltonetworks.com/2017/02/unit42-magic-hound-campaign-a +www7.chrome-up.date;Magic Hound Campaign Attacks Saudi Targets http://researchcenter.paloaltonetworks.com/2017/02/unit42-magic-hound-campaign-a +www3.chrome-up.date;Magic Hound Campaign Attacks Saudi Targets http://researchcenter.paloaltonetworks.com/2017/02/unit42-magic-hound-campaign-a +service.chrome-up.date;Magic Hound Campaign Attacks Saudi Targets http://researchcenter.paloaltonetworks.com/2017/02/unit42-magic-hound-campaign-a +104.238.184.252;Magic Hound Campaign Attacks Saudi Targets http://researchcenter.paloaltonetworks.com/2017/02/unit42-magic-hound-campaign-a +timezone.live;Magic Hound Campaign Attacks Saudi Targets http://researchcenter.paloaltonetworks.com/2017/02/unit42-magic-hound-campaign-a +apple-uptoday.org;XAgentOSX: Sofacys XAgent macOS Tool http://researchcenter.paloaltonetworks.com/2017/02/unit42-xagentosx-sofacys-xage +apple-search.info;XAgentOSX: Sofacys XAgent macOS Tool http://researchcenter.paloaltonetworks.com/2017/02/unit42-xagentosx-sofacys-xage +apple-iclods.org;XAgentOSX: Sofacys XAgent macOS Tool http://researchcenter.paloaltonetworks.com/2017/02/unit42-xagentosx-sofacys-xage +apple-checker.org;XAgentOSX: Sofacys XAgent macOS Tool http://researchcenter.paloaltonetworks.com/2017/02/unit42-xagentosx-sofacys-xage +23.227.196.215;XAgentOSX: Sofacys XAgent macOS Tool http://researchcenter.paloaltonetworks.com/2017/02/unit42-xagentosx-sofacys-xage +busserh.mancely.com;Deep Dive On The DragonOK Rambo Backdoor http://www.morphick.com/resources/news/deep-dive-dragonok-rambo-backdoor +108.61.117.31;Deep Dive On The DragonOK Rambo Backdoor http://www.morphick.com/resources/news/deep-dive-dragonok-rambo-backdoor +rqeuset.hanguot.g-puls.viwe.accnnout-loookout.auditi.devisionial-checlkout.inistructiion-mutuael.halftoine.appliacctiorn-gurad-way.leigacy-fs.termp-forn.provider-saefe.alvie-valuse.token-centeir.recollect.label.ping2port.info;Operation Kingphish: Uncovering a Campaign of Cyber Attacks against Civil Society in Qatar and Nepal https://medium.com/amnesty-insights/operation-kingphish-uncovering-a-campaign-of +drvie.goo-qle.aconnut.corn.provider-termp.fs-valuse.checlk-out.appliactiorn.token-loookout-recomrnendation.deivisional.centeir-halftone.mutuael-inistructiion.leigacy-auditi.label-recollect.forn-alive.ropelastic.com;Operation Kingphish: Uncovering a Campaign of Cyber Attacks against Civil Society in Qatar and Nepal https://medium.com/amnesty-insights/operation-kingphish-uncovering-a-campaign-of +direve.g-co.pohto.shraning.fodler-premissiion.viwe.termp-recomrnendation.appliacctiorn.loookout.forn-devisionial.recollect.auditi-checlkout.inistructiion.halftoine-valuse.provider-alive.leigacy.gurad-way.saefe-fs.ping2port.info;Operation Kingphish: Uncovering a Campaign of Cyber Attacks against Civil Society in Qatar and Nepal https://medium.com/amnesty-insights/operation-kingphish-uncovering-a-campaign-of +ropelastic.com;Operation Kingphish: Uncovering a Campaign of Cyber Attacks against Civil Society in Qatar and Nepal https://medium.com/amnesty-insights/operation-kingphish-uncovering-a-campaign-of +ping2port.info;Operation Kingphish: Uncovering a Campaign of Cyber Attacks against Civil Society in Qatar and Nepal https://medium.com/amnesty-insights/operation-kingphish-uncovering-a-campaign-of +images.timekard.com;Kingslayer - a software supply chain attack https://www.rsa.com/content/dam/pdfs/2-2017/kingslayer-a-supply-chain-attack.pdf +www.oraclesoft.net;Kingslayer - a software supply chain attack https://www.rsa.com/content/dam/pdfs/2-2017/kingslayer-a-supply-chain-attack.pdf +sap.misapor.ch;Attackers target dozens of global banks with new malware http://www.symantec.com/connect/blogs/attackers-target-dozens-global-banks-new-m +eye-watch.in;Attackers target dozens of global banks with new malware http://www.symantec.com/connect/blogs/attackers-target-dozens-global-banks-new-m +spora.bz;Spora - the Shortcut Worm that is also a Ransomware https://blog.gdatasoftware.com/2017/01/29442-spora-worm-and-ransomware +186.2.161.51;Spora - the Shortcut Worm that is also a Ransomware https://blog.gdatasoftware.com/2017/01/29442-spora-worm-and-ransomware +52.85.184.201;Spora - the Shortcut Worm that is also a Ransomware https://blog.gdatasoftware.com/2017/01/29442-spora-worm-and-ransomware +52.85.184.216;Spora - the Shortcut Worm that is also a Ransomware https://blog.gdatasoftware.com/2017/01/29442-spora-worm-and-ransomware +unonoticias.net;Bitter Sweet: Supporters of Mexico\u2019s Soda Tax Targeted With NSO Exploit Links https://citizenlab.org/2017/02/bittersweet-nso-mexico-spyware/ +smsmensaje.mx;Bitter Sweet: Supporters of Mexico\u2019s Soda Tax Targeted With NSO Exploit Links https://citizenlab.org/2017/02/bittersweet-nso-mexico-spyware/ +oxylala.gdn;StegBaus: Because Sometimes XOR Just Isnt Enough http://researchcenter.paloaltonetworks.com/2017/02/unit42-stegbaus-because-somet +kimki.ru;StegBaus: Because Sometimes XOR Just Isnt Enough http://researchcenter.paloaltonetworks.com/2017/02/unit42-stegbaus-because-somet +minecon.co;StegBaus: Because Sometimes XOR Just Isnt Enough http://researchcenter.paloaltonetworks.com/2017/02/unit42-stegbaus-because-somet +informer.pe.hu;StegBaus: Because Sometimes XOR Just Isnt Enough http://researchcenter.paloaltonetworks.com/2017/02/unit42-stegbaus-because-somet +goodluckjayjay.duckdns.org;StegBaus: Because Sometimes XOR Just Isnt Enough http://researchcenter.paloaltonetworks.com/2017/02/unit42-stegbaus-because-somet +goodluckyugo.duckdns.org;StegBaus: Because Sometimes XOR Just Isnt Enough http://researchcenter.paloaltonetworks.com/2017/02/unit42-stegbaus-because-somet +slyopeznetwr.ddns.net;StegBaus: Because Sometimes XOR Just Isnt Enough http://researchcenter.paloaltonetworks.com/2017/02/unit42-stegbaus-because-somet +11live.zapto.org;StegBaus: Because Sometimes XOR Just Isnt Enough http://researchcenter.paloaltonetworks.com/2017/02/unit42-stegbaus-because-somet +akudon.chickenkiller.com;StegBaus: Because Sometimes XOR Just Isnt Enough http://researchcenter.paloaltonetworks.com/2017/02/unit42-stegbaus-because-somet +exbonus.mrbasic.com;Attacks against Polish banks https://niebezpiecznik.pl/post/jak-przeprowadzono-atak-na-knf-i-polskie-banki-or +tradeboard.mefound.com;Attacks against Polish banks https://niebezpiecznik.pl/post/jak-przeprowadzono-atak-na-knf-i-polskie-banki-or +movis-es.ignorelist.com;Attacks against Polish banks https://niebezpiecznik.pl/post/jak-przeprowadzono-atak-na-knf-i-polskie-banki-or +rouji.xssr.org;Shell Crew Variant StreamEx https://blog.cylance.com/shell-crew-variants-continue-to-fly-under-big-avs-radar +time-service.org;Shell Crew Variant StreamEx https://blog.cylance.com/shell-crew-variants-continue-to-fly-under-big-avs-radar +wwwgooglewww.com;Shell Crew Variant StreamEx https://blog.cylance.com/shell-crew-variants-continue-to-fly-under-big-avs-radar +mail-help.com;Shell Crew Variant StreamEx https://blog.cylance.com/shell-crew-variants-continue-to-fly-under-big-avs-radar +wwgooglewww.com;Shell Crew Variant StreamEx https://blog.cylance.com/shell-crew-variants-continue-to-fly-under-big-avs-radar +google-helps.com;Shell Crew Variant StreamEx https://blog.cylance.com/shell-crew-variants-continue-to-fly-under-big-avs-radar +ns1.xssr.org;Shell Crew Variant StreamEx https://blog.cylance.com/shell-crew-variants-continue-to-fly-under-big-avs-radar +r4.microsoftupdating.org;Shell Crew Variant StreamEx https://blog.cylance.com/shell-crew-variants-continue-to-fly-under-big-avs-radar +backup.microsoftappstore.com;Shell Crew Variant StreamEx https://blog.cylance.com/shell-crew-variants-continue-to-fly-under-big-avs-radar +www.microsoftwww.com;Shell Crew Variant StreamEx https://blog.cylance.com/shell-crew-variants-continue-to-fly-under-big-avs-radar +uriupdate.newsbs.net;Shell Crew Variant StreamEx https://blog.cylance.com/shell-crew-variants-continue-to-fly-under-big-avs-radar +ns2.ccccc.work;Shell Crew Variant StreamEx https://blog.cylance.com/shell-crew-variants-continue-to-fly-under-big-avs-radar +qr1.3jd90dsj3df.website;Shell Crew Variant StreamEx https://blog.cylance.com/shell-crew-variants-continue-to-fly-under-big-avs-radar +ns1.superman0x58.com;Shell Crew Variant StreamEx https://blog.cylance.com/shell-crew-variants-continue-to-fly-under-big-avs-radar +ns2.superman0x58.com;Shell Crew Variant StreamEx https://blog.cylance.com/shell-crew-variants-continue-to-fly-under-big-avs-radar +update.microsoftwww.com;Shell Crew Variant StreamEx https://blog.cylance.com/shell-crew-variants-continue-to-fly-under-big-avs-radar +ns1.ccccc.work;Shell Crew Variant StreamEx https://blog.cylance.com/shell-crew-variants-continue-to-fly-under-big-avs-radar +dataserver.cmonkey3.com;Shell Crew Variant StreamEx https://blog.cylance.com/shell-crew-variants-continue-to-fly-under-big-avs-radar +ns2.xssr.org;Shell Crew Variant StreamEx https://blog.cylance.com/shell-crew-variants-continue-to-fly-under-big-avs-radar +t2z0n9.microsoftappstore.com;Shell Crew Variant StreamEx https://blog.cylance.com/shell-crew-variants-continue-to-fly-under-big-avs-radar +temp.mail-issue.top;Shell Crew Variant StreamEx https://blog.cylance.com/shell-crew-variants-continue-to-fly-under-big-avs-radar +zy.xssr.org;Shell Crew Variant StreamEx https://blog.cylance.com/shell-crew-variants-continue-to-fly-under-big-avs-radar +updatecz.mykorean.net;Shell Crew Variant StreamEx https://blog.cylance.com/shell-crew-variants-continue-to-fly-under-big-avs-radar +kpupdate.amz80.com;Shell Crew Variant StreamEx https://blog.cylance.com/shell-crew-variants-continue-to-fly-under-big-avs-radar +rss.nbcpost.com;The curious case of a reconnaissance campaign targeting ministry and embassy sites https://blogs.forcepoint.com/security-labs/curious-case-reconnaissance-campaign- +www.mentalhealthcheck.net;The curious case of a reconnaissance campaign targeting ministry and embassy sites https://blogs.forcepoint.com/security-labs/curious-case-reconnaissance-campaign- +static.travelclothes.org;The curious case of a reconnaissance campaign targeting ministry and embassy sites https://blogs.forcepoint.com/security-labs/curious-case-reconnaissance-campaign- +drivers.epsoncorp.com;The curious case of a reconnaissance campaign targeting ministry and embassy sites https://blogs.forcepoint.com/security-labs/curious-case-reconnaissance-campaign- +up.f4321y.com;Mirai Windows version http://vms.drweb.com/virus/?_is=1&i=14934685 +down.f4321y.com;Mirai Windows version http://vms.drweb.com/virus/?_is=1&i=14934685 +60.250.76.52;Mirai Windows version http://vms.drweb.com/virus/?_is=1&i=14934685 securitychecking.org;Malicious Word document targeting Mac users https://objective-see.com/blog/blog_0x17.html kbfvzoboss.bid;When A Pony Walks Out Of A Pub http://blog.talosintel.com/2017/02/pony-pub-files.html?m=1 5.200.52.198;When A Pony Walks Out Of A Pub http://blog.talosintel.com/2017/02/pony-pub-files.html?m=1 @@ -565,22 +954,6 @@ www.kiselalloe.top;Farming Malicious Documents to Unravel Ransomware http://rese dolceitaliaz.topdolceitrop.top;Farming Malicious Documents to Unravel Ransomware http://researchcenter.paloaltonetworks.com/2017/01/unit42-farming-malicious-docu test-test-test.ttest-eaktalao.co.in;Farming Malicious Documents to Unravel Ransomware http://researchcenter.paloaltonetworks.com/2017/01/unit42-farming-malicious-docu pabstats1name.pabstats1name.ptypabstats1nrus.co.in;Farming Malicious Documents to Unravel Ransomware http://researchcenter.paloaltonetworks.com/2017/01/unit42-farming-malicious-docu -koala.acsocietyy.com;Targeted Attacks - Fake Japan Society for the Promotion of Science and... by APT10? https://www.jsps.go.jp/alert/index.html / http://www.meiji.ac.jp/isc/information -hamiltion.catholicmmb.com;Targeted Attacks - Fake Japan Society for the Promotion of Science and... by APT10? https://www.jsps.go.jp/alert/index.html / http://www.meiji.ac.jp/isc/information -dick.ccfchrist.com;Targeted Attacks - Fake Japan Society for the Promotion of Science and... by APT10? https://www.jsps.go.jp/alert/index.html / http://www.meiji.ac.jp/isc/information -trout.belowto.com;Targeted Attacks - Fake Japan Society for the Promotion of Science and... by APT10? https://www.jsps.go.jp/alert/index.html / http://www.meiji.ac.jp/isc/information -zebra.wthelpdesk.com;Targeted Attacks - Fake Japan Society for the Promotion of Science and... by APT10? https://www.jsps.go.jp/alert/index.html / http://www.meiji.ac.jp/isc/information -area.wthelpdesk.com;Targeted Attacks - Fake Japan Society for the Promotion of Science and... by APT10? https://www.jsps.go.jp/alert/index.html / http://www.meiji.ac.jp/isc/information -sakai.unhamj.com;Targeted Attacks - Fake Japan Society for the Promotion of Science and... by APT10? https://www.jsps.go.jp/alert/index.html / http://www.meiji.ac.jp/isc/information -kawasaki.cloud-maste.com;Targeted Attacks - Fake Japan Society for the Promotion of Science and... by APT10? https://www.jsps.go.jp/alert/index.html / http://www.meiji.ac.jp/isc/information -scorpion.poulsenv.com;Targeted Attacks - Fake Japan Society for the Promotion of Science and... by APT10? https://www.jsps.go.jp/alert/index.html / http://www.meiji.ac.jp/isc/information -kawasaki.unhamj.com;Targeted Attacks - Fake Japan Society for the Promotion of Science and... by APT10? https://www.jsps.go.jp/alert/index.html / http://www.meiji.ac.jp/isc/information -msn.incloud-go.com;Targeted Attacks - Fake Japan Society for the Promotion of Science and... by APT10? https://www.jsps.go.jp/alert/index.html / http://www.meiji.ac.jp/isc/information -sapporo.cloud-maste.com;Targeted Attacks - Fake Japan Society for the Promotion of Science and... by APT10? https://www.jsps.go.jp/alert/index.html / http://www.meiji.ac.jp/isc/information -www.fukuoka.cloud-maste.com;Targeted Attacks - Fake Japan Society for the Promotion of Science and... by APT10? https://www.jsps.go.jp/alert/index.html / http://www.meiji.ac.jp/isc/information -zebra.incloud-go.com;Targeted Attacks - Fake Japan Society for the Promotion of Science and... by APT10? https://www.jsps.go.jp/alert/index.html / http://www.meiji.ac.jp/isc/information -fukuoka.cloud-maste.com;Targeted Attacks - Fake Japan Society for the Promotion of Science and... by APT10? https://www.jsps.go.jp/alert/index.html / http://www.meiji.ac.jp/isc/information -yahoo.incloud-go.com;Targeted Attacks - Fake Japan Society for the Promotion of Science and... by APT10? https://www.jsps.go.jp/alert/index.html / http://www.meiji.ac.jp/isc/information www.dicemention.com;Oops, they did it again: APT Targets Russia and Belarus with ZeroT and PlugX https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zer www.riaru.net;Oops, they did it again: APT Targets Russia and Belarus with ZeroT and PlugX https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zer www.tassnews.net;Oops, they did it again: APT Targets Russia and Belarus with ZeroT and PlugX https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zer @@ -614,11 +987,6 @@ megadl.fr;Assorted ransomware http://pastebin.com/BZAa3fsz / https://twitter.com misterin.pkitup.com;Assorted ransomware http://pastebin.com/BZAa3fsz / https://twitter.com/v0id_hunter/status/8268932228 a-24.1fichier.com;Assorted ransomware http://pastebin.com/BZAa3fsz / https://twitter.com/v0id_hunter/status/8268932228 kgnene199meiwww.com;VirLocker http://pastebin.com/pHkr4CD8 / https://twitter.com/v0id_hunter/status/8268936633 -spora.bz;Spora - the Shortcut Worm that is also a Ransomware https://blog.gdatasoftware.com/2017/01/29442-spora-worm-and-ransomware -186.2.161.51;Spora - the Shortcut Worm that is also a Ransomware https://blog.gdatasoftware.com/2017/01/29442-spora-worm-and-ransomware -35.161.88.115;Spora - the Shortcut Worm that is also a Ransomware https://blog.gdatasoftware.com/2017/01/29442-spora-worm-and-ransomware -52.85.184.201;Spora - the Shortcut Worm that is also a Ransomware https://blog.gdatasoftware.com/2017/01/29442-spora-worm-and-ransomware -52.85.184.216;Spora - the Shortcut Worm that is also a Ransomware https://blog.gdatasoftware.com/2017/01/29442-spora-worm-and-ransomware feed.networksupdates.com;Flokibot Invades PoS: Trouble in Brazil https://www.arbornetworks.com/blog/asert/flokibot-invades-pos-trouble-brazil/ duparseled.com;Flokibot Invades PoS: Trouble in Brazil https://www.arbornetworks.com/blog/asert/flokibot-invades-pos-trouble-brazil/ shhtunnel.at;Flokibot Invades PoS: Trouble in Brazil https://www.arbornetworks.com/blog/asert/flokibot-invades-pos-trouble-brazil/ @@ -1418,73 +1786,6 @@ aaa.stage.15594901.en.onokder.com;CARBANAK GROUP USES GOOGLE FOR MALWARE COMMAND 138.201.44.4;CARBANAK GROUP USES GOOGLE FOR MALWARE COMMAND-AND-CONTROL https://blogs.forcepoint.com/security-labs/carbanak-group-uses-google-malware-co eidk.hopto.org;New Mac backdoor using antiquated code https://blog.malwarebytes.com/threat-analysis/2017/01/new-mac-backdoor-using-ant 99.153.29.240;New Mac backdoor using antiquated code https://blog.malwarebytes.com/threat-analysis/2017/01/new-mac-backdoor-using-ant -178.209.51.164;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -logon.had-one-job.com;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -video.today-nytimes.com;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -update.nfkllyuisyahooapis.com;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -api.officeonlinetool.com;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -travel.tripmans.com;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -mail.upgoogle.com;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -library.cpgcorp.org;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -dns.undpus.com;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -ie.update-windows-microsoft.com;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -www.avgfree.us;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -secure2.sophosrv.com;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -store.outlook-microsoft.net;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -wbmail.city-library.com;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -images.defexpoindia14.com;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -www.go-gga.com;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -support.outlook-microsoft.net;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -update.micrdsoft.com;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -116.251.210.77;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -23.89.200.128;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -178.209.52.72;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -23.89.201.173;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -112.213.117.52;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -38.109.190.55;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -210.245.85.83;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -49.213.18.15;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -116.251.216.165;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -117.17.10.10;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -103.229.124.1;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -151.236.14.53;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -116.251.216.72;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -192.157.229.164;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -50.117.47.67;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -50.117.47.66;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -61.250.92.79;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -176.31.220.160;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -103.39.78.131;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -116.251.216.227;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -116.251.219.142;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -198.98.103.7;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -107.191.61.105;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -information.as;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -consultant.in;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -10.in;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -leases.in;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -registry.active;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -adventurelearning.me;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -comwindws-microsoft.com;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -group.in;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -malware.one;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -components.report;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -cpgcorp.com.sg;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -name.network;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -group.at;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -installed.active;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -www.flymna.com;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -www.goodlook.sg;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -www.domesky.com;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -domainsaccount.google.com.gmgoogle.comie.update-windows-microsoft.commail.upgoogle.comsupport.outlook-microsoft.comhelp.outlook-microsoft.comoem.outlook-microsoft.comwindws-microsoft.com;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -www.commerce.gov.mm;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -www.tinroofpopcorn.com;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -www.citrixmeeting.com;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -www.psychologia.uni.wroc.pl;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -www.ipacking.co.kr;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -203.81.162.178;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -150.207.1.67;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp -support.f--secure.com;Mofang: A politically motivated information stealing adversary https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp westlands.com;The EyePyramid attacks https://securelist.com/blog/incidents/77098/the-eyepyramid-attacks/ occhionero.com;The EyePyramid attacks https://securelist.com/blog/incidents/77098/the-eyepyramid-attacks/ eyepyramid.com;The EyePyramid attacks https://securelist.com/blog/incidents/77098/the-eyepyramid-attacks/ @@ -14192,20 +14493,6 @@ pecoqoarb.it;Locky DGA Feb-March https://www.microsoft.com/security/portal/threa aqayo.tf;Locky DGA Feb-March https://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Ra moejvqbrjbf.uk;Locky DGA Feb-March https://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Ra rvdpsiwxipvy.fr;Locky DGA Feb-March https://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Ra -195.154.241.208;Locky: New Ransomware Mimics Dridex-Style Distribution http://researchcenter.paloaltonetworks.com/2016/02/locky-new-ransomware-mimics-d -193.124.181.169;Locky: New Ransomware Mimics Dridex-Style Distribution http://researchcenter.paloaltonetworks.com/2016/02/locky-new-ransomware-mimics-d -91.195.12.185;Locky: New Ransomware Mimics Dridex-Style Distribution http://researchcenter.paloaltonetworks.com/2016/02/locky-new-ransomware-mimics-d -173.214.183.81;Locky: New Ransomware Mimics Dridex-Style Distribution http://researchcenter.paloaltonetworks.com/2016/02/locky-new-ransomware-mimics-d -66.133.129.5;Locky: New Ransomware Mimics Dridex-Style Distribution http://researchcenter.paloaltonetworks.com/2016/02/locky-new-ransomware-mimics-d -86.104.134.144;Locky: New Ransomware Mimics Dridex-Style Distribution http://researchcenter.paloaltonetworks.com/2016/02/locky-new-ransomware-mimics-d -195.64.154.14;Locky: New Ransomware Mimics Dridex-Style Distribution http://researchcenter.paloaltonetworks.com/2016/02/locky-new-ransomware-mimics-d -109.234.38.35;Locky: New Ransomware Mimics Dridex-Style Distribution http://researchcenter.paloaltonetworks.com/2016/02/locky-new-ransomware-mimics-d -46.4.239.76;Locky: New Ransomware Mimics Dridex-Style Distribution http://researchcenter.paloaltonetworks.com/2016/02/locky-new-ransomware-mimics-d -iynus.net;Locky: New Ransomware Mimics Dridex-Style Distribution http://researchcenter.paloaltonetworks.com/2016/02/locky-new-ransomware-mimics-d -www.southlife.church;Locky: New Ransomware Mimics Dridex-Style Distribution http://researchcenter.paloaltonetworks.com/2016/02/locky-new-ransomware-mimics-d -www.jesusdenazaret.com.ve;Locky: New Ransomware Mimics Dridex-Style Distribution http://researchcenter.paloaltonetworks.com/2016/02/locky-new-ransomware-mimics-d -www.iglobali.com;Locky: New Ransomware Mimics Dridex-Style Distribution http://researchcenter.paloaltonetworks.com/2016/02/locky-new-ransomware-mimics-d -www.villaggio.airwave.at;Locky: New Ransomware Mimics Dridex-Style Distribution http://researchcenter.paloaltonetworks.com/2016/02/locky-new-ransomware-mimics-d bmacyzmea723xyaz.onion.link;OSX Ransomware KeRanger Infected Transmission BTorrent Installer http://researchcenter.paloaltonetworks.com/2016/03/new-os-x-ransomware-keranger- bmacyzmea723xyaz.onion.nu;OSX Ransomware KeRanger Infected Transmission BTorrent Installer http://researchcenter.paloaltonetworks.com/2016/03/new-os-x-ransomware-keranger- nejdtkok7oz5kjoc.onion.nu;OSX Ransomware KeRanger Infected Transmission BTorrent Installer http://researchcenter.paloaltonetworks.com/2016/03/new-os-x-ransomware-keranger- diff --git a/threatintel/get-misp-iocs.py b/threatintel/get-misp-iocs.py old mode 100644 new mode 100755