# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/
# Reference: https://www.virustotal.com/gui/file/277d7f450268aeb4e7fe942f70a9df63aa429d703e9400370f0621a438e918bf/detection

http://144.76.173.247
http://195.123.226.91

# Reference: https://twitter.com/Ishusoka/status/1614028229307928582

http://157.90.248.179
http://213.252.244.62
http://77.73.134.68

# Reference: https://twitter.com/ULTRAFRAUD/status/1620158819023323137

videolan-web.org

# Reference: https://twitter.com/Gi7w0rm/status/1631756650234167299
# Reference: https://twitter.com/MalwareSearcher/status/1638096508686925824
# Reference: https://tria.ge/230303-y6p8daag4w/behavioral1

http://82.118.23.50
pcworldgetin.net

# Reference: https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown

walmart.lc
marketplace.walmart.lc

# Reference: https://twitter.com/Ishusoka/status/1645048767484239872

http://23.254.225.133
http://82.117.255.127
http://82.117.255.128

# Reference: https://twitter.com/Ishusoka/status/1649716132822089728

http://109.105.198.114
http://185.99.132.51
http://192.236.233.253
http://79.137.203.190

# Reference: https://twitter.com/Ishusoka/status/1652670103404544006

http://85.239.62.218

# Reference: https://twitter.com/Ishusoka/status/1655156071168655361

http://185.99.133.246
http://45.8.146.130
http://45.8.146.213

# Reference: https://twitter.com/g0njxa/status/1658488606485540865

http://195.123.227.138
anysoft.live
virtualbox-vb.com

# Reference: https://www.virustotal.com/gui/file/2dc0f50fa7eb53be17b578fbcb66a5ec8c40d250fd9be7b2b96663624fa4dba8/detection

gstatic-node.io

# Reference: https://www.virustotal.com/gui/file/9ee6c9be68204aea85dce08e6ba8c9395f827f22e5f3ee430172abe9ea5fbd0b/detection

aloowforest.xyz

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/

http://168.119.4.83
http://217.12.206.230
http://217.25.91.15
http://45.15.25.190
http://89.116.255.182
http://94.142.138.78
http://94.158.244.69
1private.pro
91.215.85.210:48237
agustfreeday-my.xyz
clonecloud-my.xyz
crazypictures.xyz
demomoves.xyz
extrasofts.org
fastcloudlife-my.xyz
flowers-my.xyz
gservice-node.io
kellmda.click
many-verses.xyz
private-cloud-server.pro
skicloud-my.xyz
speedtestip.xyz
stoppublick.xyz
vipcloud-my.xyz
worldofpoetry.xyz

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2023-07-27)

dodgeavay.xyz
gbbsoft.xyz
jonesleming.xyz
jornesfree.xyz
laynchcontrol.xyz
modifesistem.xyz
privategame.xyz
promocar.xyz
promomilk.xyz
scandimyth.xyz
slading.xyz
traftech.pro
viemon.xyz
westwork-my.xyz

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2023-08-01)

colomndead.xyz
fingerstile.xyz
sloumotion.xyz
trapmusics.xyz

# Reference: https://twitter.com/1ZRR4H/status/1686659981389463552

http://107.172.0.180

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2023-08-03)

exitfile.xyz
flaydoor.xyz
sinopticday.xyz

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2023-08-11)

acecnouwglass.xyz
acexoss.xyz
balancelag.xyz
beerword.xyz
blockigro.xyz
booxshistr.xyz
boxhappines.xyz
cloudsaled.xyz
colomna.xyz
coolvtf.xyz
costexcise.xyz
coursenote.xyz
dashminimaltokens.xyz
deadpip.xyz
doorblu.xyz
elitewin.xyz
exfillrar.xyz
exitlife.xyz
fibrodoorsbig.xyz
fileforex.xyz
fisholl.xyz
freeace.xyz
frogswordsale.xyz
gapi-node.io
gitarlessonfinger.xyz
glitchmoon.xyz
glowesbrons.xyz
goldenwalstk.xyz
grossvp.xyz
kpsshistoryone.xyz
kudoflowers.xyz
linesroom.xyz
lowwesprion.xyz
lpsserversonlene.xyz
marketsale.xyz
netforyou.xyz
phonevronlene.xyz
programmbox.xyz
proxyindex.xyz
quotamoney.xyz
scoollovers.xyz
seobrokerstv.xyz
sieratools.xyz
simesmile.xyz
singlesfree.xyz
sonyabest.xyz
starold.xyz
stormwumen.xyz
survviv.xyz
usdseancer.xyz
woodcat.xyz

# Reference: https://www.malwarebytes.com/blog/threat-intelligence/2023/08/old-exploit-kits-still-kicking-around-in-2023
# Reference: https://www.virustotal.com/gui/file/07e06e8277980a60e595da9cd9e03a4ecd2e8f8bdbd3cf5c930ab878ac5b0836/detection

solopodvip-my.xyz

# Reference: https://www.virustotal.com/gui/file/113627a5c1f4faf1e6010c36abfa0b2acefb5632bd827b13444f6d69a387c15e/detection

update-regb-service.com

# Reference: https://twitter.com/1ZRR4H/status/1692149286048616567

checkgoods.xyz

# Reference: https://www.virustotal.com/gui/ip-address/194.87.31.176/relations
# Reference: https://www.virustotal.com/gui/file/c9094685ae4851fd5a5b886b73c7b07efd9b47ea0bdae3f823d035cf1b3b9e48/detection

lazagrc2cnk.xyz
ocmtancmi2c5t.xyz
update-vinc.in.net

# Reference: https://twitter.com/petrovic082/status/1694264617772458363
# Reference: https://www.virustotal.com/gui/file/51925d36298a3d9ceac6067fdc1ba1f799ef5c53553be95d6827192df0700d80/detection

randsoms.click
hopvibestravel.co.za

# Reference: https://www.virustotal.com/gui/ip-address/206.233.128.77/relations

51doudian.xyz
aidoudian.xyz
diyidd.xyz
dodiam.asia
dodiam.live
dodiam.ltd
dodiam.monster
dodiam.one
dodiam.online
dodiam.shop
dodiam.xyz
dodiamhub.xyz
doyoudian.com
wpshub.xyz

# Reference: https://twitter.com/g0njxa/status/1694754823378227312

selfmicrosoft.com

# Reference: https://threatfox.abuse.ch/ioc/1152241/

fullppc.xyz

# Reference: https://www.rapid7.com/blog/post/2023/08/31/fake-update-utilizes-new-idat-loader-to-execute-stealc-and-lumma-infostealers/
# Reference: https://otx.alienvault.com/pulse/64f1e91a2dd9db4bd3af8ce4

buyerbrand.xyz
lazagrc3cnk.xyz

# Reference: https://twitter.com/1ZRR4H/status/1701296924471529508

acsfoodthegood.fun
activlessor.fun
adavefrees.xyz
artificialleath.fun
arvimon.fun
assacurajob.fun
astrolco.fun
bakedmatela.fun
balancebordrt.xyz
bearboll.fun
blessdeckite.fun
blockall-my.xyz
bloomhome.xyz
boothroundupdow.fun
bottlewattoh.fun
brockerby.xyz
campphotos.xyz
castomdroms.xyz
cfgy8uj.click
choserowboatfly.fun
cleanvr.xyz
closhemone.fun
coinflore-my.xyz
coldwinded.fun
coolfingers.xyz
coolworks.xyz
curtainjors.fun
cvadrobox.xyz
damageagio.xyz
demanddeal.xyz
dermrtv.fun
diavellipromo-my.xyz
divineservicecity.fun
doggyguffy.fun
downloadfiles-my.xyz
dropfiles-my.xyz
ellifotolive.xyz
equestrianjumpingfrog.fun
faircoupon.xyz
fartyfun.fun
feathspacesaf.fun
fiancejiveimp.fun
fibrodoorsbig.fun
findyhuman.fun
fireworld.fun
flashpool.xyz
follovertv.fun
footfetishlol.xyz
footslou.fun
formiklass.fun
freesco.xyz
freesoftportal.xyz
funnycox.fun
gamefoods.xyz
gaspatchommm.fun
glowesbrones.xyz
gogobad.fun
goldsboxss.xyz
goldtokensool.xyz
gougeflying.fun
gunstormonl.fun
hedgedecay.xyz
jobsvac.xyz
kneesockrod.fun
labourcakefrt.fun
leaseagent.xyz
liveswords.xyz
lockguard.xyz
loufuelscom.fun
loufuelscom.xyz
luidelyator.xyz
magaway.fun
malenursenect.fun
markuschop.fun
mensmoment.xyz
microflawersj.xyz
milkwithlacto.fun
momsikret.xyz
morefilmsfree.fun
morevita-my.xyz
mrcrubsaf.fun
mycollection-my.xyz
noisemakjelly.fun
ollfiles-my.xyz
petsgamess.xyz
piplexm.xyz
pizzasison.xyz
potatomeatball.fun
productionbio.fun
reconphotocolor.xyz
recordbell.fun
resistangroupee.fun
rovengold.fun
satanakop.fun
seededraisinlilinglov.fun
seobrokerstv.fun
sevenzk.xyz
shoppervik.fun
slimtvsocico.fun
sloumitionvideos.xyz
statehaller.fun
stoptme.xyz
superyupp.fun
svaproot.fun
thuspulllig.fun
titanaquaplus.xyz
toastmastone.fun
tobeornottobe.fun
toysforchild.fun
tritonbody.fun
usdseancer.fun
valleydod.fun
vipmusic-my.xyz
warnger.xyz
weaselplacerif.fun
welcometv.fun
xwomencalor.xyz
yachtracingopt.fun
zetmountsqr.fun

# Reference: https://twitter.com/1ZRR4H/status/1701141801401299268

documents.notificationsapps.com

# Reference: https://www.virustotal.com/gui/file/45d9b1765bb06ead1abbc6f8817c009fc3d15ebe1f71d3289f2c10e1e1afb343/detection

qptr.ru

# Reference: https://twitter.com/JAMESWT_MHT/status/1701832039995949127
# Reference: https://app.any.run/tasks/ae7fbdf2-f5e3-44c6-8718-f18eddf05c54/

gapi-alpha.io

# Reference: https://twitter.com/karol_paciorek/status/1701592162155327720
# Reference: https://www.virustotal.com/gui/file/10edcd9c40ca57679c78fc5a8a08bf7554d5e41f58f2aa19f299551c7c601601/detection

18866-32530.bacloud.info
sisadmin-my.xyz

# Reference: https://twitter.com/g0njxa/status/1702262724414050537

blockbeerman.fun
gaspatchommm.fun

# Reference: https://twitter.com/g0njxa/status/1702444978503360989

dedoxtrone.fun

# Reference: https://twitter.com/Jane_0sint/status/1702479372261683399
# Reference: https://app.any.run/tasks/409f5138-3853-4910-80d4-3c380b969274/

gasfpa.click

# Reference: https://www.virustotal.com/gui/file/301432e6053a0f092e8f5137a97ef3543934e0f8e200bd0c7844886e4c72e7e9/detection

treepledeeple.fun

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2023-09-16)

glinkgik-7.com
hinkli-5.com
jlinkjk-6.com
link-45gik.com
link234-33.com
link43897.com
link5467.com
link76h.com
linked-42.com
linked-66.com
linked-88.com
linkers-92.com
linkhj764.com
linkjshw-4.com
linkll-11.com
linkll-2.com
linko8457y.com
linkqksi-3.com
notion-download.pro
notions-download.com
webex-download.com

# Reference: https://www.virustotal.com/gui/file/fe37f6971c59e02cfb250532fa1862bc58ce6aea100fbde5a7be91586eca2aad/detection

parrotorsk.fun

# Reference: https://twitter.com/1ZRR4H/status/1706747262993350752
# Reference: https://www.virustotal.com/gui/file/6a096c8158da4e2453ba68fe0f780c2e4181c01f125d7831fc5d58a77faf792c/detection

ocmtancmi2c5t.website
orkograkula.fun
stable4download.ocmtancmi2c5t.website

# Reference: https://asec.ahnlab.com/ko/57276/

holdbox.xyz

# Reference: https://twitter.com/g0njxa/status/1707079932977774661

firmpanacewa.fun

# Reference: https://www.silentpush.com/blog/lummac2

2flowers-my.xyz
blockspam-my.xyz
bondappeal.xyz
boxclod.xyz
catfoodbio.xyz
chocomeat.fun
cloudsnike-my.xyz
coolworkss.xyz
cosmosvr3d.xyz
culturalevenings.xyz
deeppoetry.xyz
dogshanter.xyz
downloaddedattre.fun
dromautocar.xyz
ducklingibises.fun
glaziercarde.fun
housegrommy.fun
jomanboy.fun
jumperstad.fun
lackbasinmu.fun
pearlbarleyhit.fun
politicuseles.fun
portlandcor.fun
pregnantflowers.fun
rarefood.fun
rosaryconbo.fun
royalpantss.fun
sausagerollraisin.fun
scruffymapleflat.fun
sendcyniaforeign.fun
socialmadness.fun
sodafountainpr.fun
startablekor.fun
talkinwhitepod.fun
tuberoseprod.fun
veinsmoter.fun
waterparkedone.fun
withdrawlecterns.fun
wolffunny.fun

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2023-09-29)

erorblackday.xyz
rarefood.fun
rollbeamone.fun
rosaryconbo.fun
royalpantss.fun
woldwidesage.fun

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2023-10-07)

begonblom.fun
blingaspireojhau.online
bytecloudasa.website
cameponceowa.site
decorhighsa.pw
destroyevensusp.fun
npskudlu.com
nursepridespan.fun
pedigreeprotone.fun

# Reference: https://twitter.com/JAMESWT_MHT/status/1710940736177238046
# Reference: https://app.any.run/tasks/2576c42c-072a-4914-bfa9-196a54940f21/
# Reference: https://www.virustotal.com/gui/file/5c7a5c97cb1ffcc16367dd9f43192485ec2f2d043fa83c69ada31235f3a464f3/detection

cystnovor.fun

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2023-10-08)
# Reference: https://www.virustotal.com/gui/file/8b73f81b3dc549b0afd9f1147afa70c92cdf326e7b5a7b7b95ef60ecbc58d194/detection
# Reference: https://www.virustotal.com/gui/file/f8412c9a8d210409888fb0aed2120d12b4be1cb480cf24ed66b13ccbfef6d928/detection

http://172.67.163.21
aivoicechanger.cc
aivoicechanger.xyz
allcentrlizeqweq.fun
amerloun.fun
archipelagocelly.fun
arrogantcatfishef.pw
athwartchannelly.pw
babacloud.pw
bankedbaroloak.site
barbecueappledos.pw
bezstpool.pw
bloockflad.pw
bluepablo.fun
bluesaks.fun
bobbycloud.pw
boddyshow.fun
boldaus.fun
bookgames.pw
booudbras.pw
buggubucks.fun
builaos.fun
bulletforx.fun
casioblue.pw
castomarmor.xyz
ckylake.fun
cleansoft.fun
cleansoft.xyz
clearcracksoft.fun
clearcracksoft.xyz
codeofconducrasa.pw
comperssw.fun
consoles.pw
crossmuchscandta.pw
dannyleagy.fun
dayzilons.pw
defrosscrappeo.pw
diamondcrystal.fun
discussiowardder.website
doooldues.pw
duhodown.fun
ebalkayiu.fun
engrousf.pw
enouselr.pw
feedsuudenli.fun
fenduqs.fun
funnyorgos.site
funpayns.fun
gachimychi.fun
gonberusha.fun
goodmpore.pw
grasialoud.pw
gravellyroadhunge.pw
gursgars.pw
hawsteamjoak.fun
hellouts.fun
helpfulsteepyi.pw
herioteeakl.pw
hokagef.fun
hollconsole.pw
hoodblor.pw
hoooldanos.pw
hovelpubtrav.fun
howlcars.fun
inosthome.fun
interplaychoske.pw
jomjolse.pw
jooshorks.pw
kambuchaorjireji.website
keewoolas.pw
killredls.pw
knittinprophec.pw
koludsa.pw
kowersize.fun
kusmanin.fun
lemoney.fun
loobrain.pw
loodwork.fun
makrsides.pw
mambergame.fun
manguvorpmi.pw
membaers.fun
micelock.fun
momalua.fun
moneywel.fun
moomagou.pw
moonsterd.pw
moskhoods.pw
mouseblock.pw
mouseoiet.fun
mouskules.pw
musicallyageop.pw
naamberso.pw
namegames.fun
netovrema.pw
newsproks.fun
noladuer.pw
nshdpoud.pw
numpersb.fun
nusaproble.pw
oluaskaz.pw
onlyblack.fun
orgstekomnw.pw
osesuppor.fun
outsiderus.pw
oxygendwelli.fun
paintpeasmou.fun
paratositologis.fun
peersneaps.fun
plengreg.fun
proogreso.pw
pruvles.fun
quoolser.pw
realinghuhuhmund.pw
revivalsecularas.pw
ritzytaxypigefow.pw
robolorunerushe.pw
sensfixlook.pw
servkitchin.fun
skinnychattyfur.pw
softaipro.fun
softonyxx.com
spreadbytile.fun
staircompletemil.pw
steycools.pw
suppliepackas.pw
suprafox.fun
susohudan.pw
taretool.pw
teleportfilmona.online
tellindeedcurt.fun
temoolda.pw
tenselwhoevery.pw
terninadeshi.pw
tfestv.fun
tipsydulljaui.website
tirechinecarpett.pw
traillit.fun
turankil.pw
volkels.fun
volkstera.fun
voloknus.pw
vporanu.fun
wakeupperion.site
whethergaseoatra.pw
willowa.fun
willywilk.fun
zamesblack.fun
zoolboues.pw
en.softaipro.fun

# Reference: https://twitter.com/James_inthe_box/status/1711390043821232196

http://172.86.98.101

# Reference: https://twitter.com/r3dbU7z/status/1712335701541257565
# Reference: https://www.virustotal.com/gui/file/50c61ca23c68af02c0146978409a60912ba6cfe4ee31d5d6be736a92f4f0c8d7/detection

signalknockrio.site

# Reference: https://twitter.com/malwrhunterteam/status/1716517330602033659
# Reference: https://www.virustotal.com/gui/file/a42303a1baa0b48a95f6eaf6cfba9cef523492d078692cb2a1ab4889337624a6/detection

senpaireek.fun

# Reference: https://www.virustotal.com/gui/file/b13ce6179417dddff91e37fa3fed298f046a1cc2786a0f5c834f71d2b84751d0/detection

erikskite.fun
nasaprodu.fun
gcdnbabl3png.erikskite.fun

# Reference: https://www.intrinsec.com/wp-content/uploads/2023/10/TLP-CLEAR-Lumma-Stealer-EN-Information-report.pdf
# Reference: https://otx.alienvault.com/pulse/6531428c62ae987b76cc3191

gstatic-service.io
lumma.online
lumma.site

# Reference: https://www.virustotal.com/gui/file/493c87f0fd2fd648d190520b293db61ca612965b6d446352dbf1072164b4e8a7/detection
# Reference: https://www.virustotal.com/gui/file/0796818dc3510e88a966f0aaacd201ba162c46e0bc0f7c670ffbd43df485f5a7/detection

http://85.209.11.204
hackermania.org
/api/files/client/s51
/api/files/client/s52
/api/files/client/s53
/api/files/client/s54

# Reference: https://www.virustotal.com/gui/file/318b4327dcbdff36cb1b5bd2eaa1b08e6f3da93a136656cd301fd6967f790f9e/detection

http://135.181.11.36

# Reference: https://twitter.com/gothburz/status/1727652849008472312
# Reference: https://app.any.run/tasks/dd323037-05ea-4581-9a95-e22519ecc05e/

africathrillthes.pw

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2023-12-01-v10477/1174
# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2023-12-03)

http://5.42.92.179
http://95.217.74.243
2311forget.online
accouncementdivecane.site
acidevenstrisj.pw
activitymousetaitrwws.fun
admplous.pw
albumerrorregisetep.pw
analysisswellenterw.fun
angerprofeessoa.pw
assignmentfinalyy.pw
awareforcemouthwjji.fun
baitbillioledbel.pw
banananationalists.pw
baseballherdowf.fun
baseballleadrwio.pw
beachterminaldiff.fun
beenovelskilleoiw.pw
belongblowrelatefw.pw
betrareptileplas.pw
braidfadefriendklypk.site
brickabsorptiondullyi.site
buffettrickopsd.pw
cakecoldsplurgrewe.pw
carpetcupboardtejjerew.site
carvewomanflavourwop.site
castlesideopwas.pw 
chairtrainlineadju.pw
cherryopposedii.pw
cinemaretailermkw.fun
climbavantgardefe.fun
coldcoercekowja.fun
combpoplaurap.pw
communicationinchoicer.site
communicationpalaoow.pw
conceptcallewrige.pw
confineconcertjuuioa.fun
conservationsownk.pw
conventionleaflew.pw
cooperatecliqueobstac.site
crisisestimatehealtwh.site
cropfemininedynam.pw
crudeleavelegendew.fun
dancenegotiationffi.pw
dayfarrichjwclik.fun
declineconclusioniwo.pw
definefolkeloi.pw
deletefateoow.pw
delivernoteturnwjkl.fun
diagramfiremonkeyowwa.fun
discriminationcagerf.pw
dominantwidthwuiw.fun
downloads.media-talk.ru
drilledtonerconc.pw
droppicches.xyz
effluxcoltural.pw
eliminatechemistrywj.fun
ensurerecommendedd.pw
episodeterrifylat.pw
factorxharasswe.pw
fanlumpactiras.pw
fashionlazynavyresewg.site
flatmourningdressow.pw
fleetconsciousnessjuiw.site
floozielyhowevermist.pw
flowseasonallissoo.pw
formansnappybel.pw
fortunedomerussea.pw
fowlcirlenospp.pw
freckletropsao.pw
frighteninflatejuwi.pw
funeralmaximumjsju.pw
gatelistcoldyeisa.pw
gearboomchocolateowfs.site
geminiflattyord.pw
glovesslave.fun
godlawyerfeelkw.fun
gracecassettecretw.pw
healdieplayeriw.fun
hearpoundesweety.pw
hemispheredonkkl.pw
hotcowerrecoreeew.fun
idealruinrewardesw.fun
issuefightgreetw.fun
laborermemorandumjes.pw
lawitemymodelefr.pw
leaffountainla.fun
lendremindcenterpassew.site
likehulkinggera.pw
limitedconvertjiw.pw
linearcarerefs.pw
lingerescapecleanwja.fun
loogsporus.pw
macaronnicoccker.pw
magazineaccountantw.fun
makegreatagaintwwi.fun
managertraditionwjua.fun
massagemotipoole.pw
meayyammgaterre.pw
media-talk.ru
medicinebuckerrysa.pw
medicinefixlowop.pw
missileverdictwj.fun
moodanvoterowklam.fun
musclechannelnomi.pw
musclefarelongea.pw
neighborhoodfeelsa.fun
neutralpastureop.pw
nz.voicechangeai.pro
occupytapsessijk.pw
offerdelicateros.pw
onsciouosoepewmausj.site
opposesicknessopw.pw
ownerbuffersuperw.pw
payfrecklematurei.pw
perceivedomerusp.pw
personalpromiseo.fun
piggepawneillusio.pw
pinkipinevazzey.pw
platteryippejkomaf.pw
politefrightenpowoa.pw
portionetensioaw.pw
possibilitydespaw.pw
quitstrikesizeowo.pw
racerecessionrestrai.site
ratefacilityframw.fun
refereealivewhu.fun
referralpublicationjk.pw
refusemiserableofka.fun
resortredrobenris.pw
respectablegirlwfwa.fun
retainfactorypunishjkw.site
reviveincapablewew.pw
ribbonfolkcrownyy.pw
roomsodiumdependew.pw
rosemoonsleeptoe.pw
ruleborderdynamiciw.pw
saffronmontybrisk.pw
scanintegrutybatowss.pw
secondrailroadoikj.pw
sentimentprecisio.fun
settlehillcanne.pw
showerreigerniop.pw
showpumpkicartsl.pw
silveraquariumjwu.fun
skipflowposses.pw
slabbymenusportef.pw
slantrearperiosdew.pw
smoothawarescreenyo.pw
societylaboratoryuw.pw
sofacalendareffewx.fun
soupinterestoe.fun
speakeminoritetea.pw
spontaneouslightss.fun
stabsicknessord.pw
suburbmeetabuseowp.pw
suppresssectionje.pw
swarmseasonbuckoo.pw
tankqueueipjsh.pw
tarantulamalaguenrr.pw
territoryrequersp.pw
thinkroarseso.pw
tidecharityhouseow.fun
tidyrespectexpow.fun
tropicanimjrka.pw
troubleexemptioni.pw
turkeyjoystickesp.pw
unawarealarmtwinjje.pw
vesselspeedcrosswakew.site
wakereviewhuwee.pw
wantpiecesoftef.pw
willpoweragreebokkskiew.site
wriggleregisterycos.pw
xpencildiscussiio.pw

# Reference: https://twitter.com/RedDrip7/status/1734513423545720913
# Reference: https://ti.qianxin.com/blog/articles/UTG-Q-003-Supply-Chain-Poisoning-of-7ZIP-on-the-Microsoft-App-Store-EN/
# Reference: https://raw.githubusercontent.com/RedDrip7/APT_Digital_Weapon/master/UTG-Q-003/UTG-Q-003_hash.md
# Reference: https://otx.alienvault.com/pulse/657898bb7319baba70af7f94

50kmovie.com
alosevera.fun
azwin.top
bcca.kr
brolink2s.site
broworker7s.com
browserneedupdate.com
captionhost.net
creatologics.com
danesh-gah.sbs
deputadojoaodaniel.com.br
dns.gobobby.life
download7z-soft.xyz
exe.foxpro.top
foxpro.top
gendalf.top
gobobby.life
gry.gendalf.top
gusel.mom
imagefilestorage.top
jjj.ustrun.top
kar.azwin.top
leanbiome-leanbioome.com
linta.software
mazerah.fun
my.gusel.mom
nallcentrlizeqweq.fun
nalosevera.fun
nbakedmatela.fun
nbrolink2s.site
nbroworker7s.com
nbrowserneedupdate.com
nbulletforx.fun
nduhodown.fun
nexe.foxpro.top
nfeathspacesaf.fun
ngry.gendalf.top
nh2o.activebuy.top
nhawsteamjoak.fun
nhi.salam.monster
nhowlcars.fun
nimagefilestorage.top
njjj.ustrun.top
nkar.azwin.top
nmazerah.fun
nmy.gusel.mom
nnoo.egogol.top
nop.topina.top
nplengreg.fun
nrosaryconbo.fun
nsec.estimate.top
ntak.soydet.top
ntop.toppe.top
ntu.trainlove.monster
nvzz.skitech.top
op.topina.top
opwer.top
skitech.top
topina.top
ustrun.top
vzz.skitech.top
zuripvp.tk

# Reference: https://twitter.com/Syndikalist/status/1734493554691514586

enzvoiceaichanger.site

# Reference: https://twitter.com/g0njxa/status/1735571631789969411
# Reference: https://app.any.run/tasks/3ae62135-57be-4047-b5df-88beea8cae70/

voicechangeai.pro
dz.voicechangeai.pro
ns.voicechangeai.pro
nz.voicechangeai.pro

# Reference: https://twitter.com/g0njxa/status/1737123594054906114
# Reference: https://www.virustotal.com/gui/domain/sergiocostantino.com/relations

sergiocostantino.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2023-12-23)

http://91.92.253.220
absorbbiblowskinj.fun
advancefishexeedw.pw
advertiseshotdecaywi.pw
angerbumpyardee.pw
arresthorrodrw.fun
attachmentartikidw.fun
attyclaim.com
betstamprareempiewa.fun
blastechohackopeower.pw
bombertublestylebanws.fun
breakfastchanneljw.fun
caneclothesdriverhen.pw
captivatechimpanzeef.fun
carstirgapcheatdeposwte.pw
chincenterblandwka.pw
claimpassivedebatw.pw
coastperfumeoslan.fun
conferenctdressingshrw.site
combinethemepiggerygoj.site
copyrightspareddcitwew.site
couragedistributeoeo.pw
creepfleetconfusew.fun
cruelslumpeeris.pw
cupaffordcathedralk.fun
cuttingcoachrecovr.pw
differentliftwelanew.fun
dragonporterloudjettyw.site
dreamtelevisiongues.fun
driftpasssingeriuw.pw
ed.softaipro.fun
en.voiceaichanger.pro
ena.voiceaichanger.pro
ena.voiceaichanger.store
ens.voiceaichanger.site
enz.voiceaichanger.site
eternalchopflattyo.fun
evokenumberpottruckere.fun
expenditureddisumilarwo.site
falsifydisappearsoaeka.pw
familiardvotecheapw.pw
feedbackspidermate.fun
fitnescivilianquesw.pw
folkloreinviteex.pw
froggraduategravi.fun
goddirtybrilliancece.fun
groannysoapblockedstiw.site
illusionqualifiedj.fun
insertrichdedicatewa.pw
interactivetreadrel.fun
jewelassertivebop.fun
kitchenfootballkiw.fun
lipstructorymusclewow.fun
makeexpectentrypon.pw
maskmusicalproplemanw.pw
mixperiodfrienndy.fun
mountainlegislaturel.pw
muggymidnightleanuu.fun
necklacecasecauseowa.fun
nestpatchfillfavo.fun
ownerteztapplicatiow.pw
paperambiguonusphoterew.site
pedestriankididentityw.fun
pickbeatmoduleprefer.pw
playerweighmailydailew.pw
preferencesubwaywad.fun
premiums.voiceaichanger.pro
promo.voiceaichanger.pro
qualifiedbehaviorrykej.site
ranchguarrelguidewa.pw
rarevaluediscow.fun
realitysocialiolee.site
recessionconceptjetwe.pw
representrecyclere.pw
revivalconflictgrippe.site
ritualaccidentrepu.fun
sideindexfollowragelrew.pw
solutionoutlineplaint.fun
speedslumpachierew.fun
stereotypebushexch.fun
subwayspellprotiso.fun
surfsponsorjun.pw
tablesockartfinewa.pw
teardesertfreewo.fun
technologyprosecutiw.pw
testifypiecefarst.fun
theoristnationalprow.fun
tollactionancestorw.pw
transparenteunlawfullyp.site
twinconstellationjkal.fun
underlinefreeapearew.fun
vegatablebeacjinser.fun
viewconceivegiw.fun
virtuereplacerentj.fun
voiceai.attyclaim.com
voiceaichanger.pro
voiceaichanger.store
weedpairfolkloredheryw.site
winnerparagrapdierw.fun
winterrescueplwo.pw
worrystitchsounddywuwp.site
voice.k7pw.com
voiceai.linkedsl.com

# Reference: https://twitter.com/g0njxa/status/1738890509404238017
# Reference: https://app.any.run/tasks/0dedb8f0-0d83-4360-add0-129319875738/

agedelayglacierwe.pw

# Reference: https://www.virustotal.com/gui/file/3715487205bd663c45a2cd4cf85a0a73183a20960d126e8ed3a461ef837c4144/detection

ntdll-update-connect.com

# Reference: https://twitter.com/kienbigmummy/status/1744582708045717901
# Reference: https://www.virustotal.com/gui/file/92b768cf585a5fa46bb9b86e9acec71ad56e4b2b93cc0e77f88da2cdb852dd7c/detection
# Reference: https://www.virustotal.com/gui/file/aa5c2e2376a44428339d1a91f5a48129a15271bb344e46b23fc76468000af67f/detection

build-villa.io.vn

# Reference: https://twitter.com/Syndikalist/status/1744772300946170119

voicechangeai.online
promos.voicechangeai.online
voiceai.electronicweldingcolombia.com

# Reference: https://www.virustotal.com/gui/file/7f44b17f4d1437f97e80e7f372f7b11db0ab21a7658d8521622ac68014014bd7/detection

copyexpertisesausewaverw.site

# Reference: https://www.virustotal.com/gui/file/16d52767bb629f7e84e2c4d770c844987366e9f5d36b52c5e68dea53e6a350be/detection

contextsuffreintymore.fun

# Reference: https://www.virustotal.com/gui/file/e7583882961b541180ce58c3c839fb57e80e467407cd4b2cc7d3ec039a220b62/detection

demonstratorleasheropw.site

# Reference: https://twitter.com/g0njxa/status/1751329389994721780

voicechangeai.online
premiums.voicechangeai.online
promo.voicechangeai.online
promos.voicechangeai.online

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-01-30)

http://185.172.128.154
absentconvicsjawun.shop
acquisitionfinancej.shop
affordcharmcropwo.shop
alcojoldwograpciw.shop
assaultseekwoodywod.pw
associationokeo.shop
auctiondecadecontaii.shop
baketransparentadw.pics
banquetmasteryfailurw.site
beaturifuelministyuowwas.site
benddiscoleideasbridrew.site
birdvigorousedetertyw.shop
bleednumberrottern.homes
bordersoarmanusjuw.shop
brakesummitfiightre.pics
circulatejobspontane.shop
claimconcessionrebe.shop
cleartotalfisherwo.shop
colorfulequalugliess.shop
combinationconventiwov.shop
communicationgenerwo.shop
consciouosoepewmausj.site
controlopposedcallyo.shop
culturesketchfinanciall.shop
deadpanstupiddyjjuwk.shop
demonstationfukewko.shop
despairphtsograpgp.shop
detectordiscusser.shop
developmentalveiop.homes
diskretainvigorousiw.shop
dismissalcylinderhostw.shop
donorwifeconfusionstronko.site
doonwload.fun
doughmebinnybunio.shop
economicscreateojsu.shop
edurestunningcrackyow.fun
enthusiasimtitleow.shop
entitlementappwo.shop
essayinterventiondepof.site
evokeoutlooklits.shop
executivebrakeji.shop
exemptatmospherestingw.site
exitassumebangpastcone.shop
feturepoudbicchteo.shop
flexibleagttypoceo.shop
gemcreedarticulateod.shop
greetclassifytalk.shop
healthrankunderow.fun
hovermeatglacierrjuw.site
hunterstrawmersp.homes
incredibleextedwj.shop
inviteaccessiblesaltw.shop
joystickempiricalhirpw.site
knonkcdalfyhitt.shop
landgateindirectdangre.shop
lawwormroleveinn.mom
legislationdictater.mom
liabilityarrangemenyit.shop
liabilitynighstjsko.shop
lighterepisodeheighte.fun
mealplayerpreceodsju.shop
medalappearancerackw.shop
mercyaloofprincipleo.pics
modernizepledgeoi.shop
modestessayevenmilwek.shop
mosaicyoungoccasionnyej.site
muggierdragstemmio.fun
nationalistvetecanve.shop
negliganceassumeruew.site
offerimagefancine.shop
offsetundressdriveryjow.site
oneclickyporkeiw.fun
pavementpreferencewjiao.site
peasanthovecapspll.shop
pillowbrocccolipe.shop
pooreveningfuseor.pw
problemregardybuiwo.fun
productivelookewr.shop
publishfavorharbouroe.site
pushjellysingeywus.shop
radicalleafletmissfoxw.pw
reechoingkaolizationp.fun
rejectbettysmartws.shop
relevantvoicelesskw.shop
resergvearyinitiani.shop
sayleafletcamerakwov.site
scrapedirtyieoqk.shop
secretionsuitcasenioise.shop
sessionannoucemenwj.shop
shatterbreathepsw.shop
shortsvelventysjo.shop
smilesnugglemonstouseo.site
sofahuntingslidedine.shop
spokespersonunjuriwo.shop
stamprollabbeymemberw.site
suitcaseacanehalk.shop
technologyenterdo.shop
telldruggcommitetter.shop
theatergenerationju.shop
tolerateilusidjukl.shop
tonguehypnothesislan.shop
townsfolkhiwoeko.fun
triangleseasonbenchwj.shop
turkeyunlikelyofw.shop
tvoikcloud.pw
updaterootapplederjuios.site
vatleaflettrusteeooj.shop
wifeplasterbakewis.shop
worryfillvolcawoi.shop

# Reference: https://www.virustotal.com/gui/file/137aaf991507d90ad86343ea960b798f349504fcbdc3b004ffd9a50366b6c1b9/detection

fantasticabnormally.shop

# Reference: https://www.virustotal.com/gui/file/d83706c6ce5817a7d854e17b99d92d4027fa5b2c960fdb7886b46169ed1e3e06/detection

xm8wyk.site

# Reference: https://twitter.com/1ZRR4H/status/1763013383152976352

trendspider.dev

# Reference: https://www.virustotal.com/gui/file/cc153440791a534326d7c57871f9443b533b4cbeb4b693df58ce9b6ef137cc62/detection

decorousnumerousieo.shop

# Reference: https://www.virustotal.com/gui/file/13878fa249e211d6fe9a3fe49ad570829217e9a75f50fcdd268dc7a6bd1ab5c7/detection

herdbescuitinjurywu.shop
resergvearyinitiani.shop
wisemassiveharmonious.shop

# Reference: https://www.virustotal.com/gui/file/0cb6c879f21d799ecb3907bbe42f34ca7269881658217191f9ce002e74838d8f/detection

asleepfulltytarrtw.shop
colorfulequalugliess.shop
relevantvoicelesskw.shop

# Reference: https://www.virustotal.com/gui/file/9cf7055ad997b7e0371677517b350e69d6dc0500a60e0ca138630e3db496d89b/detection

prematuresolvehumoew.shop

# Reference: https://www.virustotal.com/gui/file/2ba044c9cb003579926f4bc9cb21d0e8e022665546b9fd7c17d9615c176e03d0/detection

wagechaircoupessaywu.shop

# Reference: https://www.virustotal.com/gui/file/2b1039f5409827b3452a6d2c98879b7b5be243f8943bc54237fd10d97af37399/detection

paintercrutcheniw.shop

# Reference: https://www.virustotal.com/gui/file/14090631957ac88ddf886e446d1dcbce90befa7cb8040bf0c858ae6211d5c738/detection

wagonglidemonkywo.shop

# Reference: https://www.virustotal.com/gui/file/0279f6fced0275c1da4efe62b25d58249e7f7748ce9363a1e01b5156c3a8b845/detection
# Reference: https://www.virustotal.com/gui/file/f619065e3de7a25c808af62b9c3a49934a6a93999361f9ad3e2fe9f50f73c2d6/detection

directorryversionyju.shop
respectpitchadopwo.shop

# Reference: https://www.virustotal.com/gui/file/7dbd19ece9d099c65970625b4b3b1b663d538a80da98ed49e05a71341c9f4e56/detection
# Reference: https://www.virustotal.com/gui/file/1bd1837f2fc67064877eb9391c44c3c6709fcf7301cabad0ad1c9b4cab840200/detection

awardlandscareposiw.shop
sailsystemeyeusjw.shop

# Reference: https://www.virustotal.com/gui/file/98f6ecc60e016311511ce920220598b33eb9671e7c71254e76d638d0f2a45883/detection

abuselinenaidwjuew.shop
birdpenallitysydw.shop
cinemaclinicttanwk.shop
colorprioritytubbew.shop
officiallongberyw.shop

# Reference: https://twitter.com/karol_paciorek/status/1780582512596566337
# Reference: https://tria.ge/240417-psw94afb88/behavioral1
# Reference: https://www.virustotal.com/gui/file/09ffc4188bf11bf059b616491fcb8a09a474901581f46ec7f2c350fbda4e1e1c/detection

http://85.239.53.219

# Reference: https://twitter.com/r3dbU7z/status/1782383162116436436
# Reference: https://www.virustotal.com/gui/file/24de10a6c677345b927d2c84f8f58a6fb3918ae9efe64504dc94da887fbed3cb/detection

meadowannivejrsary.shop

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-05-07)

auctiongutollyjkui.shop
democraticseekysiwo.shop
harassretunrstiwo.shop
hearthingdirecwi.shop
palmeventeryjusk.shop
peanuearthflaxes.shop
public-ftp.com
strollheavengwu.shop

# Reference: https://x.com/Threat_Down/status/1791912008746430748

stiffraspyofkwsl.shop
zocmstranslate.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-05-28)

acceptabledcooeprs.shop
appetitesallooonsj.shop
averageaattractiionsl.shop
babycandidateoswp.shop
boredimperissvieos.shop
buttockdecarderwiso.shop
civilianurinedtsraov.shop
employeedscratshj.shop
employhabragaomlsp.shop
femininiespywageg.shop
headraisepresidensu.shop
holicisticscrarws.shop
lineagelasserytailsd.shop
miniaturefinerninewjs.shop
minorittyeffeoos.shop
museumtespaceorsp.shop
obsceneclassyjuwks.shop
plaintediousidowsko.shop
prideconstituiiosjk.shop
roomabolishsnifftwk.shop
sloganprogrevidefkso.shop
smallelementyjdui.shop
sofaprivateawarderysj.shop
stalfbaclcalorieeis.shop
sweetsquarediaslw.shop
tendencyportionjsuk.shop
whispedwoodmoodsksl.shop
zippyfinickysofwps.shop

# Reference: https://www.virustotal.com/gui/file/e158171cee1cd932a42f0fc480644b6098e541108f0dab559d2b161a5daba63c/detection

slamcopynammeks.shop

# Reference: https://www.esentire.com/blog/fake-browser-updates-delivering-bitrat-and-lumma-stealer

accountasifkwosov.shop

# Reference: https://www.virustotal.com/gui/file/39345b9dc44db0aec3ceb63efa9f4b0bb74753da4fa421745acff9835f50debc/detection

considerrycurrentyws.shop
deprivedrinkyfaiir.shop
detailbaconroollyws.shop
horsedwollfedrwos.shop
messtimetabledkolvk.shop
patternapplauderw.shop
relaxtionflouwerwi.shop
understanndtytonyguw.shop

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-06-18)

additionmarriagefoewsv.shop
adoptionalbumgesw.shop
allowbloodythinkews.shop
antiuncontemporary.fun
appliedgrandyjuiw.shop
arrangementyforumekw.shop
assumptionflattyou.shop
audiencegafferokkow.shop
baresoakopiniocowe.fun
bettynoticecovej.shop
bicyclesunhygenico.fun
biographyfirmtrisie.shop
blastoporicwoff.fun
bowelunitrydoorsko.shop
breakdecisiveexpandw.fun
bremenessverdurewas.fun
brickbrothjorkyooe.shop
burnfamesoilratewo.shop
cassetteprodueiwo.shop
catlackjellyodwps.shop
cattilecodereowop.pw
chokepopilarvirusew.shop
chunkylopsidedwos.shop
churchemipircasowl.shop
clientgirlfrienddyjw.shop
comedyhorizonbedwus.shop
competitionpooleow.shop
computerfuneralljwu.shop
conceptionextortyosw.shop
concessionofsellerwo.shop
convictionpartyeokwi.shop
corruptioncrackywosp.shop
counterrailcrwu.shop
declarationlastyj.shop
declineforntyuekw.shop
demonstratedesighw.shop
descriptionappleoj.shop
diamondarrivallyowju.shop
disagreemenywyws.shop
disgustedsorryeedi.shop
distributopsuoprs.shop
divosrcemusemutati.shop
drilmoralwandreowpops.shop
economelogainyjusk.shop
elizgerls.pw
ensureclackexcatwi.shop
exceptionwillapews.shop
executrixrangedcoew.fun
explocommisiowsa.shop
explodesaildecksatt.shop
favourlegislatureduei.shop
fieldtrollyeowskwe.shop
fikkeropendorwiw.pw
fireplacecheckwi.shop
fishboatnurrybeauti.fun
fixturewordbakewos.shop
footflexibleacts.shop
forknegotationaow.shop
fossillandscapefewkew.site
fragmentyperspowp.shop
gameteamfinder.com
geneticsockkdwlsaw.shop
glossydecentjuskwos.shop
goodlocka.pw
grazeinnocenttyyek.shop
greenbowelsustainny.fun
guhomush.pw
handbreeadretwaiw.shop
hushedsombkereos.shop
improvisersmissionjuw.fun
interferencesandyshiw.shop
ironshottallinko.fun
isotrimorphicnongrasse.shop
jewelbasinfrankywoi.shop
jobbyshysinduksowp.shop
joblkessprosgeow.shop
kitchenreviewbewrwsa.shop
legatorypluralishrtw.shop
libertyliebindywv.shop
lightsecretatylattew.shop
likelysoarastonishiow.shop
listenmoutioncow.shop
marchsensedjurkey.shop
mazefearcontainujsy.shop
mazumaponyanthus.fun
mealroomrallpassiveer.shop
methodgreenglassdatw.shop
mutterunlikelyoo.shop
neddlepyramidfunnyjok.fun
negotitatiojdsuktoos.shop
newspaperpotatoju.shop
nimkishraddedrew.shop
noduscheatscake.fun
onebiogopwdsa.site
orbitpettystudio.fun
paininsrertymarshwke.shop
palacetilecomplew.shop
peanutclutchlowwow.shop
pearcyworkeronej.shop
penetratedworrsyw.shop
phobicgiddyfivverr.shop
pielumchalotpostwo.fun
pilothardwarreodsi.shop
pioneerframeoakchew.fun
plasterdaughejsijuk.shop
poledoverglazedkilio.shop
pollutiofactwoijk.shop
portaircoveragejsuk.shop
practicalcoherentt.shop
preachbusstyoiwo.shop
preciousenviouskakei.shop
premeritwallyoko.fun
preocucupationssk.shop
prescriptionstorageag.fun
presencewineonnyui.shop
princeaccessiblepo.shop
pumpedcalmdeadpannkow.shop
pumpkindribblewo.shop
punchtelephoneverdi.store
purefinishonerbrothsjke.shop
questbehavixoporpo.shop
questionconservawuts.shop
quitdigitalplatforwi.shop
rankrandomotherwjsui.shop
recognizestainsw.shop
refundemobxyyeols.shop
regardvelvettynerverf.site
revisedrinkslappyoowi.shop
rightchampionieo.shop
rocketmusclesksj.shop
roleprofittypleasw.shop
roundpolechildryowjv.shop
routinecontoradwjsk.shop
rugbysummerosodnwu.shop
samplepoisonbarryntj.shop
scandalbasketballoe.shop
scshemevalleywelferw.site
seasonaldemonstradojs.shop
sermonundressolcow.shop
simplicitynegotiatiw.shop
smallrabbitcrossing.site
snuggleapplicationswo.fun
souptapedentisttactiwe.shop
speedparticipatewo.shop
steadfastvaluabelywomo.shop
stingmisplacedelivrrw.shop
strainriskpropos.store
stripmarrystresew.shop
superiorhardwaerw.pw
surprisemakedjukenw.shop
surpriserangeloggypo.fun
survivalpersisttww.shop
sustentatorcoagulat.fun
syncarpiajanapiom.fun
tearfulbashfulow.shop
telephoneverdictyow.site
televisionstudiowmmj.shop
templecharteredowis.shop
textureshallodsjk.shop
theoryapparatusjuko.fun
thinrecordsunrjisow.pw
ticketgradiencomfj.shop
tigerrfunerlariro.shop
tropicalironexpressiw.shop
tubewelfaredopw.shop
uncertaintyrestsju.shop
unexaminablespectrall.fun
unhappytidydryypwto.shop
valuablestraigwhi.shop
varianntyfeecterd.shop
vehicledropliberwls.shop
villagemagneticcsa.fun
voicelighterrrepso.shop
warmstrawcounwyhj.shop
warningindicationsjw.shop
wastwfulldashiwnjs.shop
woodfeetumhblefepoj.shop

# Reference: https://www.virustotal.com/gui/file/9cf43d480f6319717934b1a3f97682a4454c1742e2409aa416ba719e606c34ca/detection
# Reference: https://www.virustotal.com/gui/file/c3a9ab0fbf5cbbec8e2c28a168d8f0c485f6cfa9fddd046c94f4704453ee85ee/detection

falseaudiencekd.shop
feighminoritsjda.shop
justifycanddidatewd.shop
marathonbeedksow.shop
pleasurenarrowsdla.shop
raiseboltskdlwpow.shop
richardflorespoew.shop
strwawrunnygjwu.shop

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-06-22)

accumulationeyerwos.shop
backcreammykiel.shop
bargainnygroandjwk.shop
computerexcudesp.shop
disappointcredisotw.shop
doughtdrillyksow.shop
facilitycoursedw.shop
injurypiggyoewirog.shop
leafcalfconflcitw.shop
publicitycharetew.shop

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-06-24-v10626/1760

ablesulkyfirstyews.shop
composepayyersellew.shop
quotakickerrywos.shop
sailorshelfquids.shop

# Reference: https://www.virustotal.com/gui/file/b299a5c40aaff914b314965d62efcf15417a0b55ef641e947e608159bd6c6f9f/detection
# Reference: https://www.virustotal.com/gui/file/15adb154e14f3368db25bce7e45b756391ad9982d2af0687f56cc9a99527cd98/detection

http://91.92.248.132

# Reference: https://x.com/vxremalware/status/1807287716188422443

77.105.135.107:3445
contintnetksows.shop
foodypannyjsud.shop
groundsmooors.shop
potterryisiw.shop
reinforcedirectorywd.shop

# Reference: https://www.virustotal.com/gui/file/004aba94049326997a5effb611dc3fd88b1669fe2a311630bc61138aa728698d/detection

professionalresources.pw

# Reference: https://www.virustotal.com/gui/file/b357c7f065b1cb7f07c91097794424d1aecb6356893798eb4a6ee138ee87bfa0/detection

affecthorsedpo.shop
answerrsdo.shop
bannngwko.shop
bargainnykwo.shop
benchillppwo.shop
bouncedgowp.shop
publicitttyps.shop
radiationnopp.shop
stationacutwo.shop
willingyhollowsk.shop

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-07-10)

applyzxcksdia.shop
arritswpoewroso.shop
arriveoxpzxo.shop
assignmentygassdyw.shop
begghurldids.shop
bindceasdiwozx.shop
bitchsafettyudjwu.shop
bittercoldzzdwu.shop
catchddkxozvp.shop
charmingtranskw.xyz
civilizzzationo.shop
conformfucdioz.shop
contemplateodszsv.shop
declaredczxi.shop
extorteauhhwigw.shop
invisibledovereats.shop
lyingchemicow.shop
piedsiggnycliquieaw.shop
replacedoxcjzp.shop
requestyex.shop
respectabledpcs.shop
unwielldyzpwo.shop

# Reference: https://x.com/malwrhunterteam/status/1814013663453581342
# Reference: https://www.virustotal.com/gui/file/22bcd32874d4c2b4be760f06820be1e02e97d886249a9b1db51c61a247cf685e/detection

callosallsaospz.shop
flydryszxo.shop
indexterityszcoxp.shop
lariatedzugspd.shop
liernessfornicsa.shop
outpointsozp.shop
shepherdlyopzc.shop
unseaffarignsk.shop
upknittsoappz.shop

# Reference: https://www.virustotal.com/gui/file/0a18067c173a7c4bdc24b8d3a847814b30733cecfdcc305c431a3d1fcc322536/detection

freezetdopzx.shop

# Reference: https://x.com/malwrhunterteam/status/1815460941791981820
# Reference: https://www.virustotal.com/gui/file/b7971b5d452939405cfb8db0ef47e5c83b6747c8a210d59637b0ac469c5ca5df/detection

accessibledpzp.shop
assetdistribution.info
pwarticles.xyz
contur2fa.assetdistribution.info
ctura.assetdistribution.info

# Reference: https://www.virustotal.com/gui/file/f101c64d3b5435c00af570e23a3ef274ec7a86bdc17e6a48b6e76b955c252db4/detection

enormousseop.shop

# Reference: https://x.com/9823f_/status/1815764911630258188
# Reference: https://x.com/9823f_/status/1815764966529536454

deal48441.shop
deal8382.shop
deal8409.shop
deal9401.shop
deliveconf.shop
eu-info.shop
evoga.shop
geetpaag.shop
holabueenoss.shop
neworders-351251.shop
offer-8231.shop
offer-secure.shop
offer5678.shop
offer5893.shop
offer7610.shop
offer7821.shop
offer78231.shop
offer8917.shop
offer8943.shop
ppulsepedlrr.shop
safeespanio.shop
saxzczx.shop
verificacion.shop
xcholasays.shop

# Reference: https://www.virustotal.com/gui/file/a18fb5ee523e9e8894fb9075b5fa0781f40140a6bf4605feb081c5de008b337c/detection

chapterrysopz.shop
wikifacts.pro
edal.wikifacts.pro

# Reference: https://www.virustotal.com/gui/file/6df0c27c9b7346fcfd227ace641a6bbc9f1a2a86e19a1f8c82813c55094cdcd2/detection

rightruesx.shop

# Reference: https://www.virustotal.com/gui/file/5aeed0daa0d8ec420c31282257c7cb8286eb5a150d53b60c7698949923c557be/detection

mundannetransuq.shop

# Reference: https://www.virustotal.com/gui/file/3881d55ece7ce708ff46ff227d2fc43f8346b698859d32a1ef688625148309e3/detection

condar.wikifacts.pro

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-07-23)

bigmouthudiop.shop
movedwithdrwiaso.shop
overshootsizx.shop
spackledzpxs.shop
whangeeeerodpz.shop

# Reference: https://x.com/1ZRR4H/status/1816022666232373649
# Reference: https://www.virustotal.com/gui/file/893ab38214561c3c6ce16587533a9053f18769db11a1a4b999cb4c0bf0f5552d/detection

warrantelespsz.shop

# Reference: https://www.virustotal.com/gui/file/2aa3c7ed83a905ab7161635b95e97ce757e4e1c74e6922c8f4bc0cfc8ac26995/detection
# Reference: https://www.virustotal.com/gui/file/b67dd604d01052c74a4f37160a7595d513c47f4974ccd4a35bdaecdaa38aeb34/detection

aplointexhausdh.xyz
compilecoppydkewsw.xyz
depositybounceddwk.xyz
exertcreatedadnndjw.xyz
gloomopiniosnforuw.xyz
manufactiredowreachhd.xyz
oventoolyeditiiow.xyz
panameradovkews.xyz
proffyrobharborye.xyz
slammyslideplanntywks.xyz

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-07-26)

beatablydoxzcop.shop
closedjuruwk.shop
importancedopz.shop
spliceszongsop.shop
trobulepcatoa.shop

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-07-26-v10654/1853

advertisedszp.shop
bravedreacisopm.shop
broccoltisop.shop
disappearsodsz.shop
effectivedoxzj.shop
grassytaisol.shop
horizonvxjis.shop
importancedopz.shop
parntorpkxzlp.shop
shellfyyousdjz.shop
spliceszongsop.shop
stimultaionsppzv.shop
teentytinyjeo.shop

# Reference: https://x.com/r3dbU7z/status/1817607423890231742
# Reference: https://www.virustotal.com/gui/file/dcd0823f72d6a145fb9acfbb6f2e4885b3e6fca6dc76f1476bd0c5431ae15ff4/detection
# Reference: https://www.virustotal.com/gui/file/9ef975e93768f270dfb2923e1848ac26d98789ffdf4fb7f9785e2a4260a32cdb/detection
# Reference: https://www.virustotal.com/gui/file/015a04303ee4a925095311e60593fa100951986713324c118d067684d6dd5787/detection

15.197.192.55:1775
185.172.129.25:1775
188.40.187.174:1775
ftpclienter.com
kgeyscaqeacwaccu.xyz
kmiigggyqiwkeeci.xyz
scqekwyoswaguuyo.xyz
skssoeqouussusyi.xyz
uamgayumeqmwemas.xyz
ugmkmoigiimgmaaw.xyz

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-07-30-v10656/1858

ammycanedpors.shop
chequedxmznp.shop
dividenntyss.shop
egorepetiiiosn.shop
faceddullinhs.shop
illnesmunxkza.shop
paradexjdoa.shop
shelterryujxo.shop
shootydowtqosm.shop
supportyattraos.shop
triallyforwhgh.shop

# Reference: https://research.checkpoint.com/2024/stargazers-ghost-network/

distincttangyflippan.shop
greentastellesqwm.shop
innerverdanytiresw.shop
lamentablegapingkwaq.shop
macabrecondfucews.shop
standingcomperewhitwo.shop
stickyyummyskiwffe.shop
sturdyregularrmsnhw.shop
vivaciousdqugilew.shop

# Reference: https://www.virustotal.com/gui/file/02a3c287a18f16c925ee19e4b13a4860b65fecb0d5e58b69b5f651e476f25ecf/detection

celosiapatroen.shop
flyyedreplacodp.shop
weaknessmznxo.shop

# Reference: https://www.virustotal.com/gui/file/087ca6e9485fd8fef25c435817ac6a42c0dccee7b2dbb84bd644183d6b11a768/detection

tenntysjuxmz.shop

# Reference: https://www.virustotal.com/gui/file/0ef487a74c9432e7664ac6dec0fe7227cef529f1f853f135551e77eb7ee1beb6/detection

toughsnxcmxz.shop

# Reference: https://x.com/malwrhunterteam/status/1821805570581508568
# Reference: https://www.virustotal.com/gui/file/a6d62490a4df493c01879c39214d91050885cedcdab2457d80da7cacf07d6f14/detection

assumedtribsosp.shop
boattyownerwrv.shop
budgetttysnzm.shop
chippyfroggsyhz.shop
creepydxzoxmj.shop
definitonizmnx.shop
empiredzmwnx.shop
rainbowmynsjn.shop
sulphurhsum.shop
ensetupoffice365.blob.core.windows.net
msoffice365help.blob.core.windows.net
setupmsoffice365.blob.core.windows.net

# Reference: https://www.virustotal.com/gui/file/25dd3a24daf65c9c3e8cdd6fe7d4e8e6b88c6dabd9dc5aeb486a628ec1250109/detection

unnaniomsuado.shop

# Reference: https://www.virustotal.com/gui/file/4d68bc04256f81a4997e189149a7185b2120828d918ade491a6428aaed3e6e48/detection

occurrmensipz.shop
outfittydadop.shop

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-08-10)

http://195.211.97.9
ballottynsjm.shop
bannertastylbaoeow.xyz
bannybottomskp.shop
bassizcellskz.shop
celebratioopz.shop
citizencenturygoodwk.shop
clouddycuiomsnz.shop
complaintsipzzx.shop
deallerospfosu.shop
demandlinzei.shop
deviationknzm.shop
dirtdrawingjsi.shop
elephanntys.shop
enfixxysdjsip.shop
erdefendkzov.shop
fiondationkvowos.xyz
harmfullyelobardek.shop
hookybeamngwskow.xyz
hugedearwaxxysu.shop
kaminiasbbefow.shop
languagedscie.shop
libarraryspzm.shop
mennyudosirso.shop
nobledpcowep.shop
outfittisozm.shop
palacecirwoos.shop
pallmusksopzm.shop
quialitsuzoxm.shop
scannedunsop.shop
shinyearthtwio.shop
singerreasonnbasldd.xyz
solutionpxmuzo.shop
spitechallengddwlsv.xyz
surprisedscaledowp.xyz
technologggisp.shop
templerrysjzkp.shop
transformatiwosp.shop
varitycookypowerw.xyz
voyagedprivillywk.xyz
whimiscallysmmzn.shop
writerospzm.shop

# Reference: https://x.com/banthisguy9349/status/1824354073916641543

cagedwifedsozm.shop
charecteristicdxp.shop
consciousourwi.shop
deicedosmzj.shop
enthusiandsi.shop
incentiospzxm.shop
interactiedovspm.shop
paperryszjxuo.shop
potentioallykeos.shop
southedhiscuso.shop
torubleeodsmzo.shop
unenviousdxep.shop
weiggheticulop.shop

# Reference: https://x.com/BigDonTea/status/1824307613787410810
# Reference: https://www.virustotal.com/gui/file/8970909a790a15402cd11e7b737e2cd5c9b39b609bcd3e7122049f1665abc228/detection

cam-m1.b-cdn.net
campzips-v1.b-cdn.net
greetycruthsuo.shop

# Reference: https://www.virustotal.com/gui/file/02322c49b6a8cdffd4c65d22583f1ce3f9c5d0e20ff05fd413a362023ce64ee7/detection

pieddfreedinsu.shop

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-08-18)

buccketpyspm.shop
circullateiosn.shop
comediantes.org
deadpannsjzvn.shop
disappointypsm.shop
excavtaionps.shop
fisstyconsumerosp.shop
futureddospzmvq.shop
meiddlesrsnzop.shop
revivewronggykwos.xyz
riffledopspzio.shop
sleipnirbrowser.org
trickysymptommysqu.xyz

# Reference: https://www.virustotal.com/gui/file/44f3785a638a44fc304e73faec31f19a7afcf6f0c3da7b9cedd2b31bc4ab56d4/detection

revivewronggykwos.xyz

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-08-19-v10669/1904

abandonnyskop.shop
episodepspzmp.shop
guuynsqpwsima.shop
polyctendizxcop.shop
sensitivyitszv.shop

# Reference: https://x.com/g0njxa/status/1826214880539505095
# Reference: https://app.any.run/tasks/58551a68-796b-4605-a3cd-566db979e409

dlvideosfre.click
ch3.dlvideosfre.click
check.dlvideosfre.click
verif.dlvideosfre.click

# Reference: https://www.virustotal.com/gui/file/0a40d445fa8d83d2b7019d692542148c8f17f07e5afd998e3c422a49f4df7d97/detection

miracledzmnqwui.shop

# Reference: https://x.com/RacWatchin8872/status/1826917893457559782

pub-9c4ec7f3f95c448b85e464d2b533aac1.r2.dev

# Reference: https://www.virustotal.com/gui/file/67a0379932aa7f0fcd0544eec112c29632cb94c25026fb91f4660c9aa42d881d/detection

fictionnykwop.shop

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-08-25)

a1000128.xsph.ru
absentjuks.shop
acceptconvectiiw.shop
asdasdadskewk.shop
barebrilliancedkoso.shop
berserkydosom.shop
biiishowpmsqi.shop
boillingyskop.shop
caffegclasiqwp.shop
clearrypalsidn.shop
condedqpwqm.shop
conferencefreckewl.shop
convincecandpsuwm.shop
cooperatvassquaidmew.xyz
cottageaskyflolewk.shop
craackypotsis.shop
crisisrottenyjs.xyz
cycasisicio.shop
deadtrainingactioniw.xyz
dependancedkzxkj.shop
discountdkgozxc.shop
discoverymaidykew.shop
discreetdramatricop.shop
drinnkysoapmzv.shop
dueamuggyshkowsv.shop
edificedcampds.shop
edificedcampslzi.shop
enthusiasmmskaso.shop
excellentdiwdu.shop
explorationcoerwk.shop
exporttearryliveedko.shop
exuberanttjdkwo.xyz
femininedspzmhu.shop
flourhishdiscovrw.shop
forymsweeelsm.shop
froytnewqowv.shop
grandcommonyktsju.xyz
haltconcrenrsi.shop
handyxczos.shop
instructionpxjc.shop
jazztgratizecnagnek.xyz
juniirsoow.shop
knowwnysipm.shop
landdumpycolorwskfw.shop
latesttributedowps.shop
liabiliytshareodlkv.shop
locatedblsoqp.shop
markerryshewi.shop
meannypaintipp.shop
millyscroqwp.shop
notoriousdcellkw.shop
ohfantasyproclaiwlo.shop
onionoowzwqm.shop
parallelmercywksoffw.shop
partyyeisdo.shop
playerstomachbwlle.shop
prettilikeopwp.shop
qualificationjdwko.xyz
readdyloopyeow.shop
reluctancedopmxz.shop
salesperosominsid.shop
scenarriotdpq.shop
secretiveonnicuw.shop
separateedmsqj.shop
sinceregianntykuso.shop
snaillymarriaggew.shop
spinedpriceodqp.shop
spoortsiso.shop
stagedchheiqwo.shop
stamppreewntnq.shop
striphousdingkolewp.shop
stronggemateraislw.shop
survivedosaz.shop
sweetcalcutangkdow.xyz
swingcirculateblsdi.shop
thumbdriverrylinnw.shop
timetabledffiewi.shop
timetablepdodwp.shop
traineiwnqo.shop
universittsyos.shop
uttercarrigsno.shop
violanntyisopz.shop
violationsyxzb.shop
welfaredcattewd.xyz
wollfsoaisvz.shop
wordingnatturedowo.xyz

# Reference: https://x.com/r3dbU7z/status/1828177963562549637
# Reference: https://www.virustotal.com/gui/file/a8cc637d455d7e89c1adf34775eadc90a7c8e425fcbe6e5c74303220e50ad5ef/detection
# Reference: https://www.virustotal.com/gui/file/de6df199b5a727199f6540d216a6fa920105b7b2f254b165d63101011c0d178a/detection

computador.run
portalservicos-denatran-serpro-gov-br.org
view.portalservicos-denatran-serpro-gov-br.org
windows.computador.run

# Reference: https://www.virustotal.com/gui/file/0225ca9a6f4b5cee87d1d25b11cd445228f49ab13f65ed1ad104a8ff54702b46/detection

evoliutwoqm.shop

# Reference: https://www.ontinue.com/resource/obfuscated-powershell-leads-to-lumma-c2-stealer/
# Reference: https://www.virustotal.com/gui/file/e9457733ee1d946eb69cc9f7db756430d1d055012d26240cec24925aed498098/detection
# Reference: https://www.virustotal.com/gui/file/ee34b612ee13eea868b47c797863619075a28099285a61b1fa7376f72b06ff7a/detection
# Reference: https://www.virustotal.com/gui/file/b7f8be9ae0cde7d6233d50520d76b63474cc5f32f334160a7699a0e77a34d276/detection
# Reference: https://www.virustotal.com/gui/file/47656fd369a7ce08902875a7476a1889b7b770c2a1396bdfde3e5e093b7c79ee/detection

http://188.68.220.48
ufort.info
vamplersam.info

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-08-31)

abortionlaoep.shop
aggiledpozm.shop
applieddyooqnz.shop
approoverowps.shop
arsriefloxzm.shop
awwardwiqi.shop
bordjoyoust.shop
brasshroewwpm.shop
buddgetisozv.shop
burrydedmnzop.shop
calcuatllitwop.shop
cheerysyqsip.shop
chooopywsqu.shop
clerkpolicemandwusi.xyz
colleaguedopzm.shop
conservaitiwo.shop
consideratisiqw.shop
constructgeneratisa.xyz
demopartisom.shop
densitybragpwq.shop
dirreopcspzx.shop
economiicsosoq.shop
energgyosiwpp.shop
ensuredqsnjqk.shop
eternallysosm.shop
evaluateoqwp.shop
fashiiosuwq.shop
fearlessywqmn.shop
flinngyuqwqum.shop
glisteniingwiw.shop
guardeedwospq.shop
guerrillatoswz.shop
hardshippdiv.shop
innovationows.shop
integratedmwqo.shop
interdepmon.shop
iserjpcektoq.shop
ivrelmanitt.shop
largerryskwhq.shop
linedsipzmxo.shop
lunchindooip.shop
matterrydamagedowkds.xyz
muuudsaowis.shop
notairdropton.shop
noticcedospq.shop
ohmparadouio.shop
persiisstowqop.shop
ponintnykqwm.shop
producersosuz.shop
professinowpqqz.shop
projectaownqo.shop
provicnwiqmp.shop
provisionfusni.shop
racklilekwqp.shop
reagoofydwqioo.shop
reptiledqowm.shop
revenuedsozp.shop
scenariospzm.shop
securedosqpsn.shop
shadowqsnqop.shop
strideforuwqm.shop
suntanynwowqm.shop
tenseddrywsqio.shop
tibedowqmwo.shop
toothydsozp.shop
transtitiowo.shop
twilightsizp.shop
uniqueadowpqm.shop
upsettymsnqwk.shop

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-08-29-v10677/1924

deteriotraiwo.shop
diamonykeqpwm.shop

# Reference: https://x.com/DonPasci/status/1832705603526910141
# Reference: https://tria.ge/240907-yqxbravbkg

teachherwjw.shop

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-09-08)

appointwiymo.shop
axisdebtwoq.shop
ballettabek.shop
basedsymsotp.shop
bassicnuadnwi.shop
ceremonynekwqn.shop
charistmatwio.shop
chocolatedwq.shop
collonymtqn.shop
commisionipwn.shop
complainnykso.shop
cutesliprpepo.shop
dairyucoemwk.shop
dealleromwn.shop
druggywuop.shop
forummykwqpm.shop
glassestacwop.shop
grassemenwji.shop
ignoracndwko.shop
limitadmitiwo.shop
pensiontqiw.shop
powderquattterwso.shop
preachstrwnwjw.shop
puproceliveo.shop
sculpturedowqm.shop
sentistivowmi.shop
serveghaweqjm.shop
stitchmiscpaew.shop
technicaltip.shop
unawaredfostwp.shop
votteryloeq.shop
waiteralcohowl.shop

# Reference: https://www.virustotal.com/gui/file/331be5f895b0d2fcc92a4477c87c40d247665ac35375e4af85646d820e1b37c1/detection

proffoduwnuq.shop

# Reference: https://www.virustotal.com/gui/file/09af84877c333dfaf359e968337bfaaac06736c432f588829475702272e1cf37/detection

toolstechs.com

# Reference: https://x.com/g0njxa/status/1835393713465405810
# Reference: https://x.com/NDA0E/status/1835403830252748847
# Reference: https://x.com/RakeshKrish12/status/1838820115720061013
# Reference: https://x.com/lontze7/status/1838836764909117750
# Reference: https://x.com/raghav127001/status/1847001926371869172
# Reference: https://search.censys.io/search?resource=hosts&sort=RELEVANCE&per_page=25&virtual_hosts=INCLUDE&q=services.http.response.favicons.md5_hash%3D%22565ac8716e4fd6028e64c29639bfede1%22
# Reference: https://app.validin.com/detail?type=hash&find=565ac8716e4fd6028e64c29639bfede1#tab=host_pairs
# Reference: https://search.censys.io/hosts/82.118.16.132

http://82.118.16.132
82.118.16.132:3389
82.118.16.132:47001
82.118.16.132:5985
82.118.16.132:8080
abaftebeetl.biz
ancientlum.com
apilumma1.fun
arpifox.xyz
consirepdi.biz
domainlumm.fun
funlumma.fun
lum-fun.fun
lum-new.fun
lummarket.fun
lummc2.fun
lumnew.fun
marketlumm.fun
newlumm.fun
oldlumm.fun
oldlumma.fun
perspectiy.cyou
stickintial.cyou
urgenlums.com

# Reference: https://x.com/banthisguy9349/status/1835769382733017281
# Reference: https://urlscan.io/search/#filename:%22dober.css%22

http://45.134.26.107
gapi-service.io
lastcoms.fun
static.247.173.76.144.clients.your-server.de

# Reference: https://x.com/fam4r/status/1836497372454465628
# Reference: https://x.com/malwrhunterteam/status/1836498511598059879
# Reference: https://cert-agid.gov.it/wp-content/uploads/2024/09/github-scanner_lumma_18-09-2024.json
# Reference: https://www.virustotal.com/gui/ip-address/185.208.159.43/relations
# Reference: https://www.virustotal.com/gui/file/10d4e15b63a07368299f2245661d7a4626cd1a91a9950a3cbed5b4276d2dc31f/detection
# Reference: https://www.virustotal.com/gui/file/d737637ee5f121d11a6f3295bf0d51b06218812b5ec04fe9ea484921e905a207/detection

2x.si
github-scanner.com
github-scanner.shop
githubscanner.workers.dev
eemmbryequo.shop
keennylrwmqlw.shop
licenseodqwmqn.shop
reggwardssdqw.shop
relaxatinownio.shop
tendencctywop.shop
tesecuuweqo.shop
tryyudjasudqo.shop

# Reference: https://x.com/iam_rajhans/status/1836717049353019614
# Reference: https://www.virustotal.com/gui/ip-address/99.79.122.234/relations

http://43.205.115.44
http://99.79.122.234
pancakeswap-finance.linkpc.net
updatemail.publicvm.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-09-19)

absentcurtaino.shop
acqutiygwl.shop
addicitedoqowm.shop
assettywkwm.shop
aviatiiitwinq.shop
bulletiiitenw.shop
couppertoobaw.shop
cyrtainnywkos.shop
damagedowqm.shop
deaddynpangju.shop
dumpliportiwo.shop
eliminatedowpq.shop
empiredmnuowq.shop
frightennywj.shop
genedjestytw.shop
harassuwqom.shop
heirafairiwo.shop
hennyrelatie.shop
leftoversowmo.shop
managgerowkso.shop
modesttylitwo.shop
murderryewowp.shop
mushroomwiwop.shop
nationattwllwqm.shop
pang-scrooge-carnage.shop
panushciwracelp.shop
planntyitemiw.shop
polishuwqiwom.shop
predictionmq.shop
productedmwqki.shop
proudebenehcs.shop
publicevkwop.shop
punisshepuredo.shop
rafaelappps.shop
resstyeggeuo.shop
salvaitoynwo.shop
seemlyewdmsn.shop
steepycentnqopm.shop
stoolybootwmwn.shop
stryyridomwn.shop
sulphugruewoqm.shop
tabledchargwo.shop
taillymodwp.shop
thirstyywowmq.shop
tinnyauthorsi.shop
understagkedow.shop
vottermrkw.shop
whhhelewmni.shop
wrappyprotesp.shop

# Reference: https://x.com/banthisguy9349/status/1825110613850276035
# Reference: https://x.com/malwrhunterteam/status/1837383953776353526
# Reference: https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2024-09-19-IOCs-for-file-downloader-to-Lumma-Stealer.txt
# Reference: https://www.virustotal.com/gui/file/2764239db3813e1bbf031ac00531bc98befe0ade1de06cf8b47c811a189217b8/detection
# Reference: https://www.virustotal.com/gui/file/dd6f96d0d6f6ed2b83df7552f77523688f2a2272fce63564bc9ffdcb3157b70e/detection
# Reference: https://www.virustotal.com/gui/file/55663778a8c593b77a82ea1be072c73dd6a1d7a9567bbfbfad7d3dec9f672996/detection

http://45.156.25.126
access-htaccess.com
back-kurwa.com
chick-chick666.com
hit-8841.com
nhit66.com
pick-pick.com
root-head.com
software-license1.com
two-root.com
/cock/dick/169.bin
/little/bitch/239.exe

# Reference: https://blog.sekoia.io/webdav-as-a-service-uncovering-the-infrastructure-behind-emmenhtal-loader-distribution/

91.92.243.198:81

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-09-22)

achievenmtynwjq.shop
appleboltelwk.shop
bearrytankkewo.shop
captainynfanw.shop
carrtychaintnyw.shop
chickerkuso.shop
contractowno.shop
coursedonnyre.shop
fossillargeiw.shop
intelligenctjwi.shop
intoductionweoa.shop
metallygaricwo.shop
milldymarskwom.shop
opponnentduei.shop
presennttykwo.shop
puredoffustow.shop
questionmwq.shop
quotamkdsdqo.shop
steppyplantnw.shop
strappystyio.shop
superrcolellwe.shop
surveriysiop.shop
tearrybyiwo.shop
tendencerangej.shop
trolleyrreiwn.shop

# Reference: https://x.com/banthisguy9349/status/1837835850245136743
# Reference: https://urlscan.io/search/#domain%3Ashop%20AND%20page.url%3A%22%2Fapi%22

abledzovmposia.shop
analystuysowp.shop
bananadwidndewo.shop
candidaiteopwm.shop
chammypaswiqo.shop
compunnnyyioq.shop
deliveerkoqwmn.shop
depsairryosp.shop
discoveriwm.shop
insistytriro.shop
joystickkyjwq.shop
lisstyassicrown.shop
liversymbwqp.shop
muggudrowiwm.shop
obstacleosdsapq.shop
ohhyhousedmxznw.shop
optinewlip.shop
refrencireoi.shop
resindecdesjai.shop
runngerrybiwo.shop
samledwwekspzxp.shop
shareehodwnqm.shop
soliddywdwu.shop
sopranntkwow.shop
stretchedsqosqp.shop
talktaitoovee.shop
tellyqperoiqo.shop
thanngkwwqlm.shop

# Reference: https://www.virustotal.com/gui/file/f7d5e31a90a7a436fb88277e0920c9675b69fa37eee1b97120a27f792ea8ca1d/detection

abortinoiwiam.shop
covvercilverow.shop
deallyharvenw.shop
defenddsouneuw.shop
priooozekw.shop
pumpkinkwquo.shop
racedsuitreow.shop
surroundeocw.shop

# Reference: https://www.virustotal.com/gui/file/2c59d45d84dcffce87d7185ad1c335413ca8e06e37873f24e596a1dcf89fb396/detection

65.109.127.181:3333

# Reference: https://www.virustotal.com/gui/file/ee4b3ad0ab7aa01d1c44e47bf7515628770a6d2458e4ed8f98820c5ff1883fa6/detection

mizzerablekmo.shop

# Reference: https://www.virustotal.com/gui/file/6081b51cb35b877e585e65440539df92d4e8516d7ae087cb18b7a7ce87707185/detection

drawzhotdog.shop
fragnantbui.shop
ghostreedmnu.shop
gutterydhowi.shop
offensivedzvju.shop
performenj.shop
reinforcenh.shop
stogeneratmns.shop
vozmeatillu.shop

# Reference: https://www.virustotal.com/gui/file/eaa4f17fe2fdee87a403b0880fd1fa3bdca6a7d9f435c44b38ab2a3ec058a8bb/detection

swinngydisaosp.shop

# Reference: https://x.com/DaveLikesMalwre/status/1838937361612161315
# Reference: https://x.com/NDA0E/status/1838943185415836139
# Reference: https://x.com/DaveLikesMalwre/status/1841629226719707149
# Reference: https://app.validin.com/detail?find=185.255.122.133&type=ip4&ref_id=30e288367c9#tab=resolutions

http://185.255.122.133
185.255.122.133:443
finalstagetogo.com
finalstepgetshere.com
finalstepgo.com
finalsteptogo.com
getmenextstage.com
trackthemgood.com

# Reference: https://x.com/iam_rajhans/status/1839224928270225591

91.214.78.177:5500

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-09-25-v10703/2006

literacyhangwk.shop
roaddrermncomplai.shop
tiddymarktwo.shop
trustterwowqm.shop
wallkedsleeoi.shop

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-09-30)

admissionfaccen.shop
agreedmeanynj.shop
articultattkwm.shop
ballotnwu.site
bommotmynwjq.shop
branchtriviawlek.shop
candleduseiwo.shop
chaptermusu.store
chlakkymagazi.shop
cittypillyekwo.shop
coinnyfrownwejr.shop
conctrajwi.shop
dosedcastrerwns.shop
famikyjdiag.site
fannydayywjwo.shop
fastidioudqmwo.shop
filetip.shop
invitedmwdnqi.shop
liedshorqwi.shop
lootebarrkeyn.shop
moduledfahhhiov.shop
mysteryedjw.site
oldenlumm.fun
patternucapri.shop
pianoswimen.shop
pilotyiess.shop
possiwreeste.site
ptramidermsnqj.shop
raciimoppero.shop
reliabledmwqj.shop
riderratttinow.shop
siegednwqu.shop
statuesquesiqow.shop
swipedbakkwo.shop
teenaggerwwysm.shop
teenylogicod.shop
underlinemdsj.site
videobenefdii.shop
wrisstytenewj.shop
younngpresseo.shop

# Reference: https://x.com/malwrhunterteam/status/1841063554637541521
# Reference: https://www.virustotal.com/gui/file/467af926472622448eb04925b9fa7351e8542f277f489ae792288829efa164dc/detection

agentyanlark.site
bellykmrebk.site
commandejorsk.site
delaylacedmn.site
offensivednsh.store
writekdmsnu.site

# Reference: https://x.com/malwrhunterteam/status/1841409205716066561
# Reference: https://www.virustotal.com/gui/file/6275fdc6cb613300c08ef09917a6dcd2da5eb1fef5e20bdd214fd9fefeafd8fb/detection

abnomalrkmu.site
absorptioniw.site
chorusarorp.site
gravvitywio.store
mysterisop.site
nurserrsjwuwq.shop
questionsmw.store
snarlypagowo.site
soldiefieop.site
treatynreit.site

# Reference: https://www.silentpush.com/blog/fin7-malware-deepfake-ai-honeypot/
# Reference: https://www.virustotal.com/gui/file/34cba2f6c710bb76d47f9fce2d8b5c462e11b35cd352751b6cdd453521d0a761/detection

fileworld.shop
privilegedkoq.shop
thesiszppdsmi.shop

# Reference: https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2024-10-03-IOCs-for-SmartLoader-to-Lumma-Stealer.txt

highawaretemptersudwu.xyz

# Reference: https://x.com/RacWatchin8872/status/1842124331544928483
# Reference: https://urlscan.io/search/#hash%3A51280dabfbc880cdc5f92cc2f4f22c8032de5aba401c3268250a11eeb2df1f73%20AND%20page.url%3A%22%2Fapi%22

http://45.76.178.207
advocachark.store
beautidrawk.store
brainnystowi.store
coderollksn.store
consumptiy.site
discouragedk.store
diskegraciw.online
egodoubkeo.site
ejectyflay.store
fallydisablek.site
feltzercario.site
forumustow.store
frannykamj.store
offeviablwke.site
pennyresignyj.store
pittyshishre.site
soupedterju.online
spiderrista.shop
suspictiozn.online
termyfencdw.site
timberiska.online
worldresource.shop

# Reference: https://x.com/RacWatchin8872/status/1842262030700437971

assaultxnh.site
febnceokwi.site
jealouskfnn.site
mountainywj.site
sunhsinkujh.site
throaatyinpak.site
witnesjwuka.site

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-10-05)

abundanttyj.site
annthostiledm.shop
appendparttenw.shop
bathdoomgaz.store
beearvagueo.site
boarderryowk.shop
brammdysocitrey.shop
carddytrailko.shop
cereeembalank.shop
certainykww.store
clearancek.site
diiiveowmnj.shop
dissapoiznw.store
dividenntykw.shop
eaglepawnoy.store
exmptiondixv.shop
explorationmsn.store
famillmeasurd.shop
flouredbiteowo.shop
gemmyfaithkw.shop
giffrooypwm.shop
makedupperkjs.shop
markyclaktwi.store
millysioitwl.shop
mobbipenju.store
newresource.shop
officemythsjw.shop
oriennnationiw.shop
perforatedmwqn.shop
pierryfurow.site
platformreisio.shop
positionorbiteo.shop
remembkreom.xyz
spirittunek.store
studennotediw.store
sufferinggeryjs.shop
thighfeingjywk.shop
trenndylicensei.shop
truthevideow.store
usseorganizedw.shop
virationli.site
voilantaiowm.shop
weakkysemwmns.shop

# Reference: https://x.com/g0njxa/status/1842152674621317564
# Reference: https://app.any.run/tasks/02afc68d-6687-47a4-894b-3f9d1dda74ca
# Reference: https://www.virustotal.com/gui/file/58299fe21b58cca245f9f5cdf4a6f25bbbd481bd81840600473077977b868bea/detection

bathdoomgaz.store
clearancek.site
dissapoiznw.store
eaglepawnoy.store
firghtenj.online
licendfilteo.site
mobbipenju.store
spirittunek.store
studennotediw.store
kedtypots.sfo3.cdn.digitaloceanspaces.com

# Reference: https://x.com/sudo_Rem/status/1842329196007227843

editai.cloud

# Reference: https://x.com/ViriBack/status/1843271741742698747
# Reference: https://app.any.run/tasks/0c4d9368-64f5-4211-9484-d1fbb0137cd8

http://194.38.20.211
http://89.23.107.75
89.23.107.75:445
sergei-esenin.com

# Reference: https://x.com/RacWatchin8872/status/1843358373967987037

despisedmny.store
difficenwu.store
drivepkmnsu.store
enteryujshb.store
favoryloctw.store
firedsharow.store
folldusgg.store
formatinowk.store
framedui.store
hairypreac.store
holdlykmo.store
lateeminsk.store
patientpro.store
percentyexto.store
strawwybuwjv.store
swearryguwi.store
theftymixu.store
triangledh.store
viablemnuj.store

# Reference: https://x.com/cyberfeeddigest/status/1843656093206995423

comodozeropoint.com

# Reference: https://x.com/malwrhunterteam/status/1843903871804129550
# Reference: https://www.virustotal.com/gui/file/607ef10353465c2772a7f4f0f49bb0cc196130139d543f591800e42d46c11e0c/detection

bemuzzeki.sbs

# Reference: https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2024-11-08-IOCs-for-malware-from-fake-Clockify-site.txt

http://193.3.168.112

# Reference: https://x.com/Unit42_Intel/status/1844407872471392363
# Reference: https://x.com/RacWatchin8872/status/1844412801428881606
# Reference: https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2024-10-09-IOCs-for-Lumma-Stealer-from-typosquatted-domain.txt

http://144.126.129.4
allocatinow.sbs
chinnyvoushw.shop
enlargkiw.sbs
lonellykrqwmn.shop
mandarin-ca.com
mathcucom.sbs
resinedyw.sbs
nenkinseido.com
posfrnon.com
posrman.com
rodejs.mom
tgwcol.com
lo.mandarin-ca.com
lulu.mandarin-ca.com

# Reference: https://x.com/RussianPanda9xx/status/1844454351646961812
# Reference: https://www.virustotal.com/gui/file/012231f0c091e468f49a1644a6cd1fae0e28870e15dd773990228f0e71aa6240/detection

cdn-gravitiumgame.xyz
exemplarou.sbs
exilepolsiy.sbs
frizzettei.sbs
invinjurhey.sbs
isoplethui.sbs
laddyirekyi.sbs
wickedneatr.sbs
xilloolli.com

# Reference: https://x.com/RacWatchin8872/status/1844487675317014755
# Reference: https://x.com/DaveLikesMalwre/status/1844546423842316795

annoyingfiler.com
apocalypsedoer.com
basizuw.buzz
condifendteu.sbs
drawwyobstacw.sbs
ehticsprocw.sbs
jokingnations.com
lameuotgiwo.store
pleasegetthisfile.com
vennurviot.sbs

# Reference: https://x.com/banthisguy9349/status/1844372737512632818
# Reference: https://www.virustotal.com/gui/file/65a060f8606f2213f1480ea132d519590f2736d8e1f53edb33fdfb27b3c9d869/detection

rtpdgox.info
app.rtpdgox.info
heks.egrowbrands.com
kale.amwebsolution.com
lide.omernisar.com
mkas.rizwanmano.com
proxy.amazonscouts.com

# Reference: https://x.com/RacWatchin8872/status/1845463023353274781
# Reference: https://x.com/RacWatchin8872/status/1845494648510287951

citedgrinyn.biz
datedhorseuw.biz
electroyw.biz
ensuderowmn.biz
equipyfigv.biz

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-10-13)

abstacctywiwqom.shop
accentypastedw.store
accessgivvwpew.shop
adulterizdsoz.shop
allocateowb.biz
aluminiumsdiqw.shop
appealsozvmio.shop
appearancdeo.shop
archidoveryusk.shop
avatrade-compliance.com
avatrade-global.com
avatrade-regulation.com
avatrade-services.com
avatrade-supervision.com
averageorganicfallfaw.shop
bakefirefighteossw.shop
beerishint.sbs
benefictioraikiitso.xyz
bikeivaiwo.shop
bleedminejw.buzz
breedycodwk.store
bundledborne.shop
cancedhoeysopzv.shop
carrotmjus.store
carvehittyupzew.shop
cfd-regulations.com
cheappyefejej.shop
cititezneowqp.shop
coalitionformutalew.xyz
competitiveovallew.shop
contarraylean.store
corushedk.store
couragefollexpdorwpe.xyz
creamtaretio.shop
creeeamynsaudi.shop
crowddycrossqk.shop
cucubmerkwh.buzz
deallykrisk.store
destructionloserods.shop
diliggentyj.buzz
domainlumm.funlogin
dormynwj.buzz
economilgreattykow.shop
eggyosmdqnjo.shop
elfinnyjwu.buzz
energybarreosp.shop
engineernoticew.shop
entertainingwzw.shop
epiloggati.sbs
errapotprayosk.shop
eveninngykwo.shop
evenyagonizingwff.shop
excellentdizzyvasw.shop
faillymoodkywko.shop
feecruthsdusodq.shop
feelystroll.buzz
firmmydivideow.shop
firstraccedmusical.shop
fixturedalarmyksow.shop
flimsybrieffykmew.shop
fomremywellmadderw.shop
forutnedmhiqo.shop
franticnaughtyeiw.shop
fruityconsti.buzz
furtiveplastickdjw.shop
galleryshortsxaxiwos.shop
goodymuxzjch.shop
grannndjtaom.shop
grannsfulyls.shop
grrenytradwsi.shop
halttbindsj.shop
happytummynk.site
harasssurvivalywk.shop
helipoctrerow.shop
hightpuredospzv.shop
illegalpremiumjwkew.shop
insidewpqm.shop
inspctosm.site
insticntclodwop.shop
judgemeenttiqio.shop
kontaktrot.pw
lagnueiwn.buzz
landownerryparaxodwo.xyz
lonelymqwj.shop
macabredabor.site
magneticcosi.buzz
makketakecoincidejs.shop
mannerskatenotionsu.shop
meltedpleasandtws.shop
meritdiveu.site
messagedoxpzxvm.shop
methodbojjewkl.shop
methodgallonpermisiw.shop
mixturehari.store
monkkerpmzio.shop
muggylasergaijynwjk.shop
multiplyewodqm.shop
negotationpxczp.shop
nippydxmnwquo.shop
nonsensedjwqj.site
onefreex.com
operrayowo.shop
pajamas-stoic-failing.shop
paleneatuw.buzz
parachutedkw.buzz
parkkynenwio.shop
peceptioglaciero.shop
pepperdignitytaciw.shop
periodicroytewrsn.shop
prinntypainrwi.shop
probablekl.site
proclaimykn.buzz
professitonwqu.shop
projejtjmwtjwi.shop
quaintindoorykoskw.shop
rainygori.buzz
randomdeskfireballsw.xyz
readdywiny.buzz
redunadanydelicouios.shop
referencedxlzp.shop
refrigaterpsm.shop
remainyadjw.biz
reporrtisizo.shop
resourcedosqp.shop
roadsterrhetoricaw.shop
roundpleaddso.shop
roundpleaddysxz.shop
salvatiiywo.shop
samefuturistickoew.shop
scientificymalieffkywo.shop
selearntju.buzz
selfishhri.store
sensatinwu.buzz
shaffkmistyid.shop
shelfedpriveowp.shop
sicillyosopzv.shop
sippytryedkwn.shop
sisafffairsop.shop
softcallousdmykw.shop
specialadventurousw.shop
spikeduggli.buzz
spludgemercydowwerw.shop
spotlessimminentys.shop
stckeringdkzpx.shop
stomachoverwis.shop
succesfullysjlewdwp.shop
suiatcarew.biz
tastyoswk.site
terminalprecedentyks.shop
themeletdzoxcpxv.shop
thidrsorebahsufll.shop
tiggerstrhekk.shop
toppledhaemw.shop
tradeprofixmariw.shop
tremendousjuokeyow.shop
tribepresentaitsi.shop
uniedpureevenywjk.shop
uniquedpieco.site
urgedknitqsdio.shop
vannysiidwq.shop
vilounteersyi.shop
wantypoofjk.store
widdensmoywi.sbs
worthsuwqp.shop
zen-space.shop

# Reference: https://x.com/RacWatchin8872/status/1845843569640128544

blesstextrei.buzz
discouragedkw.buzz
endureferrar.buzz
explositonuy.buzz
folkfloreks.buzz
gaspytanykw.buzz
homedarenwj.buzz
innovatioy.buzz
proclaimykn.buzz
punchudump.buzz

# Reference: https://x.com/RacWatchin8872/status/1845783639058968667

factorglaro.biz
firedaggeriu.biz
overcomedenh.biz
persuaddetwj.biz
pinlaunchhut.biz
publisherxzh.biz
pyramidyjwu.biz
renewboostyw.biz
requireow.biz
servebothez.biz
shootyprovedn.biz
sleepysupl.biz
submiytinh.biz
suiatcarew.biz

# Reference: https://x.com/ValidinLLC/status/1845882035107516591

advertuseh.biz
divewanntwj.biz
jellyrealewi.biz
osberverynsb.biz
soupedburhsh.biz

# Reference: https://x.com/ValidinLLC/status/1845886886113394761

counbuyytwy.biz
leaddysalmony.biz
remindydivir.biz
revirepart.biz
siegedcoffy.biz
strippyadvis.biz

# Reference: https://www.virustotal.com/gui/file/01819dd81f96fc48235eaf1d55028d6bd440407b8ab363407872cdd6070e6687/detection

abusipvork.store

# Reference: https://x.com/RacWatchin8872/status/1846531592476319874

acidpassages.cfd
adoptythanyj.cfd
ansectoriyj.cfd
bearryinveu.cfd
blowwyivot.cfd
braidyintw.cfd
constrastywiu.cfd
creepyoso.cfd
crimedcirwo.cfd
cucumberlkt.cfd
decreasefost.cfd
desertedjwuyo.cfd
discoverrwz.cfd
drammesuuio.cfd
droppyrelivei.cfd
ferryfarvo.cfd
foodymovuw.cfd
giveaspectwuy.cfd
hunterrycru.cfd
imgagriwu.cfd
insideparti.cfd
louadywotmn.cfd
matteryshzh.cfd
minoritwtio.cfd
offenycoru.cfd
opiniomot.cfd
palmyrejectiy.cfd
pestyactewi.cfd
pierryjumy.cfd
prinyveri.cfd
promisedjeylk.cfd
promotedcuut.cfd
proviniclkaw.cfd
pumpkineeu.cfd
quittywooruy.cfd
sandiwthu.cfd
scholartp.cfd
sippymroat.cfd
smootyattraw.cfd
snaillyknsu.cfd
spootyleggiu.cfd
stirnyuys.cfd
storefeingny.cfd
strikedrumnyh.cfd
stunnyaccot.cfd
suggestedomb.cfd
sweerprevet.cfd
tractopersuo.cfd
transatcitov.cfd

# Reference: https://www.embeeresearch.io/practical-examples-of-url-hunting-queries-part-1/
# Reference: https://urlscan.io/search/#page.url%3A%2Fhttps%3F%3A%5C%2F%5C%2F%5Ba-z%5D%2B%5C.%5Ba-z%5D%2B%5C%2Fapi%2F%20AND%20page.server%3Acloudflare

abjectthinkaggwblw.xyz
abusipvork.store
aggressivedisillweiw.shop
ayzhendevelopment.xyz
bedtrailpercreowpso.xyz
boundlessopwp.shop
braidyintw.cfd
bulvarprdo.pw
bunkr.black
butcherl.fun
clausegerfild.fun
conceptionnyi.sbs
counbuyytwy.biz
darischkr.xyz
deadkyremarkmindn.fun
divewanntwj.biz
dividefik.buzz
drilltighiisgitn.xyz
enginenek.buzz
exceptionfascinatemoviv.site
fevertalkkywkwm.shop
fightyglobo.sbs
give.lol
goldfinchwood.fun
grazelaunchedpoe.shop
herberyloduso.shop
hollandblu.fun
hollowfantasticdash.shop
imgagriwu.cfd
instamax.shop
interruptigogoz.shop
invitedrevivi.cfd
lasstylinage.cfd
lemnnywu.buzz
lionapi.xyz
matteryshzh.cfd
modellydivi.sbs
mooncourt.xyz
nervepianoyo.sbs
nobleproffbarrieriy.shop
numberlesswortheiwol.shop
opponentsuio.shop
osberverynsb.biz
passimovrt.cfd
photofram.pw
pioneeruyj.sbs
platformcati.sbs
propermixturedwo.xyz
qualifielgalt.sbs
revirepart.biz
scrawwwnykos.xyz
seriessoftydamnge.shop
sippymroat.cfd
smashygally.sbs
smiledocwuj.online
sofftydcleannycexudew.shop
soupedburhsh.biz
southcompetenctder.xyz
specimennativqepthhy.shop
specimmenywoq.shop
spootyleggiu.cfd
strtapewithadblock.xyz
trashefool.store
underlinefiue.sbs
unlikerwu.sbs
varshavlur.pw
wanderibd.cfd
waytinmedicinedskow.shop
wittyhurteh.buzz
worryofficwi.cfd

# Reference: https://x.com/s1dhy/status/1847055129419096144
# Reference: https://app.any.run/tasks/04a15f2e-16b0-4dae-8fc1-3946eacea0cb
# Reference: https://app.any.run/tasks/ec76f873-3048-420f-bbd7-551e862c6e81

all-instructions.com
cosmic-canvas.shop
experttech.shop
learnedwk.store
online-pdf-viewer.com
updateexpert.shop
vibrant-minds.shop
download.all-instructions.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-10-21)

ambiguitywo.cfd
apic2.fun
archivedky.cfd
arreggshow.cfd
captaitwik.sbs
captivaterz.cfd
chewcaferw.cfd
collectbuffetfilylew.site
comeddycourse.cfd
conglomerateoi.cfd
consumeroo.sbs
cousinsorai.cfd
deepymouthi.sbs
defenntreffu.cfd
deportyowm.sbs
deserveiu.cfd
discoverrysh.cfd
docu-sign.info
domainc2.xyz
draggyworusi.cfd
drinkthawwt.cfd
expectationw.cfd
failuredgrio.cfd
ferrycheatyk.sbs
ferryexpre.cfd
firsthandyw.cfd
flatwarei.cfd
flavflavourk.site
freshmannywju.cfd
gabragerui.cfd
gollyelect.cfd
gravellylib.cfd
grudgednoy.cfd
guttervaiin.cfd
heroicmint.sbs
imageforg.cfd
jurisdictwy.cfd
kneelyopkr.cfd
legislatiu.cfd
legislaturedj.cfd
lickypassk.cfd
litigatin.cfd
lumsecret.fun
magnificwo.store
memberidealky.cfd
messbeamy.cfd
monstourtu.sbs
morselfeattuw.cfd
nurseryfii.cfd
opposutboomy.cfd
plasticyere.cfd
possibledkb.cfd
raceadmiredo.cfd
recessionmar.cfd
reeferpict.cfd
refurnharj.cfd
revolutionwg.cfd
rugbydiffu.cfd
scandallyuru.cfd
scratgyy.biz
sensitiveuw.cfd
shallowbreray.shop
sidercotay.sbs
snailyeductyi.sbs
speedsheety.cfd
spooteddecow.store
squaredow.buzz
stagecrar.cfd
supportnows.cfd
threespecio.site
tournametnu.cfd
westyhayp.cfd
wrigglesight.sbs

# Reference: https://x.com/RacWatchin8872/status/1848673355596988781

agendasinky.cfd
arenabaeny.cfd
assumedsimmy.cfd
balancedwei.cfd
bodyridegw.cfd
buildinggyw.cfd
calfyrelifak.cfd
chaseinfrrc.cfd
chiefdisocu.cfd
cooperatedmw.cfd
coupledxry.cfd
endyreversez.cfd
floodypocu.cfd
harmonydhyr.cfd
hesitateiox.cfd
iniativeit.cfd
lecturstrid.cfd
lucnhyasi.cfd
newsystuff.cfd
noucenemtny.cfd
paitheadki.cfd
pierrycomm.cfd
pleaddymoenu.cfd
reffpicks.cfd
resoluitdrawz.cfd
scrambledmy.cfd
sellyoffri.cfd
sufferiny.cfd
talantedoi.cfd
teenagrski.cfd
tollyabledbyi.cfd
unrestyherf.cfd
valuednoty.cfd

# Reference: https://x.com/g0njxa/status/1848859399647072339

talentedoi.cfd

# Reference: https://x.com/RacWatchin8872/status/1849114931922124822
# Reference: https://app.validin.com/detail?type=raw&find=%D0%A1%D0%B5%D1%80%D0%B3%D0%B5%D0%B9+%D0%95%D1%81%D0%B5%D0%BD%D0%B8%D0%BD#tab=host_pairs

angerrucancjew.site
assetiio.site
bendndyecsaw.store
c1.creative-habitat.shop
creative-habitat.shop
dominatfireow.store
establishedwi.site
graphicowkn.store
limityuwjy.store
lowwyorvek.store
memoranduori.online
mistreetta.store
mutuallkykwo.online
paradermnj.cfd
piniushidom.store
powrggideog.store
relationkwi.online
relieevenj.store
seaosnakewu.online
summityceowk.store
swearryiguwj.store

# Reference: https://www.virustotal.com/gui/file/05329742f309c770924d5fb6bfc034bd2f17c3e646ce33cbf2b5ea51bea5a16a/detection

exportkju.site

# Reference: https://x.com/crep1x/status/1849476775165784388
# Reference: https://app.validin.com/detail?find=193.3.19.110&type=ip4&ref_id=2fe639c8c54#tab=resolutions

iloveschweppes.shop
lakadmakatdg.shop
zadaravstvai.shop
thumbi.cfd

# Reference: https://x.com/kddx0178318/status/1849391461533425844

all-instructions.org
download.all-instructions.org

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-10-26)

activedomest.sbs
arenbootk.sbs
armretire.sbs
assignetmwj.buzz
bannrjur.biz
cemeteryun.cyou
cheappyholk.store
clammygrumnj.store
colldycatle.cyou
commandseai.cyou
completedyu.cyou
crisiwarny.store
deficticoepwqm.shop
definitib.sbs
directoren.cyou
elaboretib.sbs
fashionablei.sbs
founpiuer.store
garagedpoczxzc.shop
genuinedjw.cyou
guiadeseguros.online
housingyid.cyou
locaterincrewy.biz
lowwywelcok.cyou
mediavelk.sbs
mikhail-lermontov.com
moonydiscowz.cyou
navygenerayk.store
necklacedmny.store
offybirhtdi.sbs
ostracizez.sbs
pilethroneb.cyou
qualitypxvoz.shop
questinoyn.cyou
revivaldm.cyou
richprotectiveodw.shop
strikebripm.sbs
surveropas.cyou
thighpecr.cyou
topetipeo.cyou
trappysno.cyou
unpleasna.cyou
wheatari.cyou
withdrwblon.cyou

# Reference: https://x.com/s1dhy/status/1850172265981436248
# Reference: https://www.inde.nz/blog/converging-paths-analysis-of-recent-lumma-stealer-campaigns

all-instructions.wsconnect.org
cdn-serveri68n-googleapis.org
dns.cdn-serveri68n-googleapis.org
download.wsconnect.org
instructionhub.net
pdb.timeless-tales.shop
timeless-tales.shop
urban-trek.shop
wsconnect.org

# Reference: https://x.com/RacWatchin8872/status/1850953394988441692
# Reference: https://www.virustotal.com/gui/file/f85529dc59f84aa839e4316cd253c010608f91c4891e34621a4e5544d33cb953/detection

pastelyki.cyou

# Reference: https://x.com/vm001cn/status/1849742127498219927
# Reference: https://app.any.run/tasks/5c1254bd-c596-4839-9d25-06156c3bf37c

plating-civic-curtsy.lol
cdn2.plating-civic-curtsy.lol
cdn3.plating-civic-curtsy.lol

# Reference: https://x.com/RussianPanda9xx/status/1850751855829152194

hsiwhfhdjwkkfncdn.lol
fadehairucw.store
presticitpo.store
scriptyprefej.store
thumbystriw.store

# Reference: https://x.com/JAMESWT_MHT/status/1851602386189471994
# Reference: https://tria.ge/241030-pnxeasskbs
# Reference: https://tria.ge/241030-pnxeastdpm

authorisev.site
computeryrati.site
contemteny.site
dilemmadu.site
forbidstow.site
goalyfeastz.site

# Reference: https://x.com/banthisguy9349/status/1851667637870432734

authorisev.site
beeryadjy.cyou
busineratty.cyou
carbonhari.cyou
circledexj.cyou
computeryrati.site
concedefi.cyou
contemteny.site
contractedorv.biz
countymushroom.cyou
coursednyg.cyou
dialectyocmn.cyou
dilemmadu.site
drinkyresule.cyou
fadehairucw.store
faulteyotk.site
forbidstow.site
foundationw.cyou
freighterjn.cyou
goalyfeastz.site
hornylught.cyou
hurlywolky.cyou
integratedny.cyou
introdycito.cyou
lecturetriy.cyou
mafnufacut.cyou
messejawu.store
opinieni.store
parachutedisky.cyou
presticitpo.store
scriptyprefej.store
seallysl.site
secretarryjw.cyou
servicedny.site
speedywqji.shop
thumbystriw.store
treatmentyj.cyou
varietybouy.cyou

# Reference: https://www.virustotal.com/gui/file/000fd5953ae056997b3fc6152e88ddb5e2ae37815556efb5b4aa15bd691a14fd/detection

nhariutz.cyou
opposezmny.site

# Reference: https://x.com/banthisguy9349/status/1852416010692776110

orchestratb.cyou

# Reference: https://www.virustotal.com/gui/file/aa8b4f55363987976940525d72bf26b3f534e6f4d717eb0eee792100ae5e3f25/detection

villagedguy.cyou

# Reference: https://x.com/RacWatchin8872/status/1853086132113695141

cdn-serveri6881-ns.shop
download.cdn-serveri6881-ns.shop

# Reference: https://x.com/kddx0178318/status/1853487249704284288
# Reference: https://www.virustotal.com/gui/file/111f29810427d40f1f61592c3cfe76393c01016bbd80c982d72ebd906450b747/detection

pub-1f3e5ec684c24b40ae9d9716dd6514f0.r2.dev
proggresinvj.cyou

# Reference: https://x.com/banthisguy9349/status/1854122700261765531

painttfel.fun

# Reference: https://www.virustotal.com/gui/file/5d8c4e788b57655567f4e6679ad08b9576c7f9e5d26db703887b61b2f2f54539/detection

realitydefenyb.cyou

# Reference: https://x.com/ShanHolo/status/1854152424325316699
# Reference: https://www.virustotal.com/gui/file/77f6caa506303dbdcf644380adf5cb01b122f6f5efa3a54d7492754075243e2b/detection

http://31.13.224.189
31.13.224.189:443
bakedstusteeb.shop
mutterissuen.shop
nightybinybz.shop
standartedby.shop
worddosofrm.shop

# Reference: https://pastebin.com/D3VGbqya

actgrievny.fun
berrylinyj.cyou
blasterrysbio.cyou
boys.terrifyenyb.icu
bringlanejk.site
broken.terrifyenyb.icu
conceszustyb.shop
dismissanw.icu
dominatez.cyou
expectegirn.icu
fitnessworld-cinemalovers.shop
frannbradnj.icu
fresh.terrifyenyb.icu
geerkenmsu.shop
goodyparticl.icu
gunnar.pridesctajrh.cyou
healthpathway-culinarydelight.shop
honerstyzu.site
joymagnutwy.cyou
knifedxejsu.cyou
leavedmodzy.shop
lmpethnicb.icu
moeventmynz.site
monopuncdz.site
moutheventushz.shop
parduawarj.site
plaintifuf.site
pridesctajrh.cyou
rainyreplacwv.site
reinfomarbke.site
respectabosiz.shop
rewardywenb.cyou
studentyjw.cyou
terracedjz.cyou
terrifyenyb.icu
travis.terrifyenyb.icu
unityshootsz.site
uppermixturyz.site
vampingrichest.shop

# Reference: https://app.validin.com/detail?find=%D0%A1%D0%B5%D1%80%D0%B3%D0%B5%D0%B9%20%D0%95%D1%81%D0%B5%D0%BD%D0%B8%D0%BD&type=raw#tab=host_pairs (# 2024-11-08)

booklounge-autofanshttps.shop

# Reference: https://www.virustotal.com/gui/file/00f4d4cc428634dbcb742e22647679bc7d16fa8c34bedf2b72a8030e1b24c362/detection

jirafasaltas.fun

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-11-09)

catkinlows.info
educationnpell.shop
lossycristi.cyou
olduenduyz.fun
perfomnjshin.cyou
reallymenyb.cyou
sdkjhfdskjnck.s3.amazonaws.com

# Reference: https://app.validin.com/detail?find=f37d51bfb5cdce1e654e6ea0e694d11f&type=hash#tab=host_pairs (# 2024-11-09)

pannlumz.com
pixelstory.shop
studyzone-investmentguru.shop
traveljournal-techinsights.shop

# Reference: https://x.com/RacWatchin8872/status/1868795669294850208
# Reference: https://app.validin.com/detail?find=%D0%A1%D0%B5%D1%80%D0%B3%D0%B5%D0%B9%20%D0%95%D1%81%D0%B5%D0%BD%D0%B8%D0%BD&type=raw&ref_id=a3ecce9ffbc#tab=host_pairs (#2024-11-09)

artspace-clickcreator.shop
belamai.shop
boldadventure.shop
brighthome.shop
buqowai.shop
camacamuca.org
culture-quest.shop
cycahao.shop
danojeo.shop
datocii.shop
dezaqyu.shop
doqevue.shop
duruvuo.shop
fairycity.shop
fejw.org
fireflypath.shop
forestchime.shop
foresttrail.shop
fylapyy.shop
gentlestream.shop
gentlewave.shop
gozojyi.shop
green-forest.shop
hapoqiy.shop
happyjourney.shop
jadodiy.shop
jimeqey.shop
jonagye.shop
jyfyvia.shop
kawykye.shop
kefuguy.shop
kemuvao.shop
keqirai.shop
kiskanukiska.org
lakuwya.shop
lepagie2.shop
leqezuu.shop
lifestyleclinic-fashionista.shop
localwanderer.shop
lumbluesky.shop
lumcopiqua6.shop
lumcozynest.shop
lumcyjukui.shop
lumdukekiy.shop
lumfokim.shop
lumfyginiu5.shop
lumgenowey9.shop
lumgentlewave.shop
lumjosafay1.shop
lumkecuq.shop
lumkymenau.shop
lumlacumii.shop
lumlideweo.shop
lummomusuo.shop
lummozudey.shop
lummunaqea.shop
lumpeguwey.shop
lumqalij.shop
lumquvonee.shop
lumramavyy.shop
lumrobotay.shop
lumsawedua.shop
lumsuxinya.shop
lumtechtribune.shop
lumtovusao.shop
lumzacynuy.shop
lumzenspace.shop
lumzulyj.shop
mexocey.shop
mindfuljournal.shop
morningjoy.shop
mountain-peak.shop
mysticjourney.shop
mysticriver.shop
nagurui.shop
nature-sounds.shop
naturevibes.shop
ninubeu.shop
nisyqai.shop
nutritionzone-chefsecrets.shop
nykidio.shop
ocean-view.shop
oceanpebble.shop
peacefulmind.shop
qosytuo.shop
radiantsunset.shop
rainbowdream.shop
rapabuo.shop
rifujiy.shop
river-stone.shop
rixokye.shop
rubyfalls.shop
s3-eu-north-1.culture-quest.shop
s3-eu-north-1.travelguide-techtrends.com
sapphirelake.shop
sciencediscovery-gardenhobby.shop
sefikey.shop
sereneoasis.shop
sibyree.shop
silentforest.shop
spicywind.shop
styleclinic-beautyicon.shop
sunny-beach.shop
techtribune.shop
travelguide-techtrends.com
velvetsky.shop
vividspark.shop
wanderlust-gadgetnews.shop
wellnesshub-chefparadise.shop
weponoe.shop
winterchill.shop
wucijyi.shop
wusaryy5.shop
xizs.org
xohivao.shop
zeqyciy.shop

# Reference: https://www.malwarebytes.com/blog/news/2024/11/hello-again-fakebat-popular-loader-returns-after-months-long-hiatus

brownieyuz.sbs
ducksringjk.sbs
explainvees.sbs
relalingj.sbs
repostebhu.sbs
rottieud.sbs
slippyhost.cfd
tamedgeesy.sbs
thinkyyokej.sbs
furliumalerer.site
furnotilioin.site

# Reference: https://x.com/banthisguy9349/status/1855579391708852460
# Reference: https://www.virustotal.com/gui/file/cb974d42183c1b779dd9b15f5014893e4ccd7bcb1c56c62416f028de759ce607/detection

147.45.47.61:8888

# Reference: https://x.com/RacWatchin8872/status/1856315808034574668
# Reference: https://tria.ge/241112-nykyks1lev/behavioral2

300snails.sbs
3xc1aimbl0w.sbs
faintbl0w.sbs
thicktoys.sbs

# Reference: https://x.com/SquiblydooBlog/status/1856415307658670246
# Reference: https://tria.ge/241112-v59c3sxfnl/behavioral1

bored-light.sbs
crib-endanger.sbs
faintbl0w.sbs
fleez-inc.sbs
impresnyb.cyou
marshal-zhukov.com
pull-trucker.sbs
thicktoys.sbs

# Reference: https://www.virustotal.com/gui/file/fbbb5ea69c9b064e3a7017f784a37f54937826fe958b03d65458b4c7e492365c/detection

jobdigitalmarketing.xyz
openaisoralab.com

# Reference: https://x.com/g0njxa/status/1857485682299519034
# Reference: https://app.any.run/tasks/896d628c-59ae-409e-b0b2-7fd6719b7c2a

editproai.org
editproai.pro
proai.club

# Reference: https://x.com/illegalFawn/status/1856982430546100434
# Reference: https://x.com/JAMESWT_MHT/status/1857014562744041509
# Reference: https://app.any.run/tasks/df8e7793-2e9d-40d6-ba20-87eb74e6090c

bugijepakx1c.b-cdn.net
cloud-salchechon.com
njprfirm.com
rel1gitiger.cyou

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-11-16)

approvedne.fun
approvfoor.com
brake-effect.cyou
captcha-verf-sys-v3.b-cdn.net
dudtybresah.cyou
giftedbonus.cyou
goldenstream.shop
hellishaluhg.fun
ignofinisheui.icu
intentiongi.cyou
joinykeryzi.fun
livelol.sbs
manuejcruwhj.cyou
netwrokenb.cyou
packagednyb.cyou
pragapin.sbs
qualifiresui.cyou
quiantiaj.icu
silversky.club
tech-tribune.online
toleratedbaybo.cyou

# Reference: https://app.validin.com/detail?find=e3110428602bf34818240304fc05df95&type=hash&ref_id=8803ea9e4b0#tab=host_pairs

crystalpeak.shop
dreamecho.shop
lumemeraldisle.shop
lumlasolyo.shop
lunarminds.shop

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-11-17)

3xp3cts1aim.sbs
acrith0t.cyou
c0al1t1onmatch.cyou
p10tgrace.sbs
p3ar11fter.sbs
peepburry828.sbs
processhol.sbs

# Reference: https://x.com/RacWatchin8872/status/1858484225915146393

additioniqqwu.shop
moonlight-glow.shop
thrusstedmdwqni.shop

# Reference: https://x.com/D3LabIT/status/1859597698288009478

befall-sm0ker.sbs
librari-night.sbs
owner-vacat10n.sbs

# Reference: https://www.virustotal.com/gui/file/cc5c482229f5b9d1c88f6ff68abb7461de259749f6230932654bb5aaa3fddd88/detection
# Reference: https://www.virustotal.com/gui/file/1055064ac9b506a5b74090f71c4fabbe4bf077bce9bd80bfce9671e723f50cfc/detection
# Reference: https://www.virustotal.com/gui/file/eec8d8dbdc517184ddfa7353ed89e4ac4d2e6c2fefef2a8c4e2c81bb4b6a9047/detection

164.132.5.124:1111
194.15.46.236:8397
hard-to-find.cyou

# Reference: https://x.com/DaveLikesMalwre/status/1860366437434417343
# Reference: https://app.any.run/tasks/ecd46a59-3878-4e36-a4b8-8b26a0d56a11

frogs-severz.sbs
revirepart.biz

# Reference: https://x.com/TRACLabs_/status/1861075988177707256

blade-govern.​sbs
disobey-curly.​sbs
frogs-severz.​sbs
leg-sate-boat.​sbs
marshal-zhukov.​com
motion-treesz.​sbs
occupy-blushi.​sbs
powerful-avoids.​sbs
property-imper.​sbs
story-tense-faz.​sbs

# Reference: https://x.com/Thisism23567356/status/1861367550774292804
# Reference: https://x.com/DaveLikesMalwre/status/1861387766812078398
# Reference: https://www.virustotal.com/gui/file/256f11069e446a62a8f7844662e9c9e9f5ed62b248e6d9b51a3b3586d1920d27/detection

occupy-blushi.sbs

# Reference: https://www.virustotal.com/gui/file/014197c064e4700bced40c9b64481b79e1f45113e3d00ae40146a0e925c97de5/detection

r2cloudmikudau8.shop
snowqueen.site
zasa.r2cloudmikudau8.shop

# Reference: https://x.com/RacWatchin8872/status/1862138058503487800

lumbrightfuture.shop
lumcalmwaters.shop
lumdreamcatch.shop
lumdreamyskies.shop
lumfeatherlight.shop
lumharmonyfields.shop
lumhiddenforest.shop
lumpeacefulmind.shop
lumsilverstream.shop
lumstarglimpse.shop
lumthunderchase.shop

# Reference: https://x.com/g0njxa/status/1861756587980767367

okelale.site

# Reference: https://x.com/orlof_v/status/1862539513018650828

copper-replace.sbs
looky-marked.sbs
plastic-mitten.sbs 
preside-comforter.sbs
record-envyp.sbs
savvy-steereo.sbs 
slam-whipp.sbs
wrench-creter.sbs

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-11-30)

advice-mixer.cyou
anti-automation-v3.b-cdn.net
appr0dress.cyou
balloon-sneak.cyou
blade-govern.sbs
candidatersz.cyou
cook-rain.sbs
crypto-way.pro
disobey-curly.sbs
dolly10dge.cyou
dwnfile27.b-cdn.net
effect-shake.cyou
encryption-code-verification.b-cdn.net
frogmen-smell.sbs
fumblingactor.cyou
hallowed-noisy.sbs
hellpartnercareeroo.shop
leg-sate-boat.sbs
lumdexibuy.shop
marchhappen.cyou
month-format.cyou
motion-treesz.sbs
powerful-avoids.sbs
property-imper.sbs
quotedjizwe.cyou
story-tense-faz.sbs
tail-cease.cyou
tripeggyun.fun
uniqueplas.sbs
w0rdergen1.cyou
water-acidict.cyou
windpull.cyou

# Reference: https://x.com/RacWatchin8872/status/1863568155739615268

digital-odyssey.shop
lumcitikai.shop
lumcrystalclear.shop
lumjebyhiu.shop
lumvelvettouch.shop
lumwhisperwind.shop
c3.digital-odyssey.shop

# Reference: https://x.com/1ZRR4H/status/1864486678129258641

covery-mover.biz
dare-curbys.biz
dwell-exclaim.biz
formy-spill.biz
impend-differ.biz
print-vexer.biz
se-blurry.biz
zinc-sneark.biz

# Reference: https://x.com/urlquery/status/1865154044722872814
# Reference: https://urlquery.net/report/822930f2-5a1d-41da-8cb6-b28f4b03e605

http://80.76.51.231

# Reference: https://www.virustotal.com/gui/file/dfc48ea8d9ea084c2a227993d551864a6c7e52ca1538f1c85dee8c0d2b5f9e61/detection

empty-paster.cyou

# Reference: https://x.com/RacWatchin8872/status/1865739251595481502
# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-12-08)
# Reference: https://www.virustotal.com/gui/file/b6d3a1dbf5b7e88d8835f4ebdc6f9991a2591d307880dfdc3db9b2af074919b4/detection

a1m0sph3reds.cyou
aback-sliders.cyou
abate-seekyer.cyou
abusive-fight.cyou
achiever-rsert.cyou
adjust-cheek.cyou
adult-perfect.cyou
allowy-bleed.cyou
announce-own.cyou
ant-cheappy.cyou
appear-guides.cyou
aqua-tic-draco.cyou
attempt-lonely.cyou
atten-supporse.biz
author-ityz.cyou
awake-weaves.cyou
baggy-semll.cyou
battle-curbe.cyou
beaster-toss.cyou
bendydully.click
bet-cook-fixer.cyou
blade-bring.cyou
brass-meaty.cyou
break-fast.cyou
brendon-sharjen.biz
buffet-tape.cyou
burcket-iten.cyou
calendar-obese.cyou
careless-jar.cyou
carry-study.cyou
cashju1cyh0.cyou
category-fly.cyou
cats-flats.cyou
cherries-gentle.cyou
collar-finger.cyou
connect.resourcecloud.shop
contract-dim.cyou
cows-print.cyou
crave-shek.cyou
creating-egg.cyou
crooked-silver.cyou
curved-goose.cyou
cylinder-dawb.cyou
daffy-horses.cyou
dancer-shiner.cyou
debonair-brick.cyou
dependy-endors.cyou
destroy-penn.cyou
disappear-direct.cyou
divergeny-frut.cyou
docky-plot.cyou
drawing-feeling.cyou
drive-connect.cyou
ducks-factes.cyou
dust-rotten.cyou
earn-smash.cyou
empty-handler.cyou
enfire-ween.cyou
enter-door.cyou
enter-exulatn.cyou
exchange-res-id.cyou
extra-large-onz.cyou
fair-neck-un.cyou
favour-routed.cyou
ferry-apples.cyou
ferry-champage.cyou
fire-fighters.cyou
flop-rivers.cyou
foggy-addic.cyou
freezing-knot.cyou
fumbling-furryz.cyou
gardens-carify.cyou
get-read-tidy.cyou
goog-stoop.cyou
greywe-snotty.cyou
grow-deprive.cyou
halt-freight.cyou
halting-lender.cyou
heaved-ster.cyou
hellish-create.cyou
hoster-search.cyou
hosue-billowy.cyou
improve-inhreit.cyou
income-weakk.cyou
inculcate-melt.cyou
induce-impose.cyou
infect-crackle.cyou
inflect-glash.cyou
ir-aterudele.cyou
jam-batty.cyou
jelly-cool.cyou
jigateu.shop
keen-lopsider.cyou
klipdajemua0.shop
ladea-livi.cyou
leap-choke.cyou
legg-power.cyou
loving-card.cyou
macho-scar.cyou
magic-grippy.cyou
make-up-gened.cyou
mark-afraid.cyou
minor-sleety.cyou
misuser-farmer.cyou
modernl-owl-y.cyou
mow-saterry.cyou
nail-cruzz.cyou
narrow-reputat.cyou
nervous-depen.cyou
next-heart.cyou
niffty-machot.cyou
observant-want.cyou
offbeat-moans.cyou
olimpiada.gr
optimized-dwell.cyou
other-rans.cyou
output-fog.cyou
pier-frighten.cyou
pleasure-violate.cyou
point-saunter.cyou
pollution-raker.cyou
ponder-yummy.cyou
position-weave.cyou
potty-laborer.cyou
predator-lemon.cyou
pricey-davingh.cyou
pump-fearless.cyou
purify-shutz.cyou
puzzle-dscland.cyou
puzzling-inject.cyou
quota-tions.cyou
rail-red-bury.cyou
ratiomun.cyou
realize-contemn.cyou
rechnungsportal.sbs
reflect-laugher.cyou
regard-survey.cyou
resourcecloud.shop
riddled-mnu.cyou
ripe-blade.cyou
roomy-wanders.cyou
run-jumpy-atten.cyou
sad-grain-eye.cyou
saddle-auntyr.cyou
salvage-vied.cyou
salve-windp.cyou
saturate-sansi.cyou
saunter-colour.cyou
seat-tabooz.cyou
selective-diffr.cyou
shaker-flat.cyou
sheep-stormy.cyou
shirk-home.cyou
shut-paste.cyou
slam-obscene.cyou
sleet-signaly.cyou
slim-incises.cyou
smash-boiling.cyou
smash-trees.cyou
smooth-reason.cyou
sniffy-roll.cyou
society-puzzled.cyou
sordid-snaked.cyou
soupbra-in.cyou
spade-noted.cyou
spend-shiny.cyou
spooky-hellish.cyou
staking-seat.cyou
stare-roar.cyou
state-solevd.cyou
steep-number.cyou
stem-mellows.cyou
stimulta-erase.cyou
stingy-riddle.cyou
stir-zing.cyou
stun-overall.cyou
stupid-edsee.cyou
succeed-welco.cyou
summon-macabre.cyou
supporse-comment.cyou
sweep-bird.cyou
swif-knot-wat.cyou
system-testyr.cyou
teach-shave.cyou
termin-monir.cyou
threshol-skin.cyou
tidy-celery.cyou
tie-shelf-sip.cyou
tongue-henns.cyou
toqyxuy.shop
treasure-arm.cyou
unabled-defev.cyou
vessel-relieved.cyou
voter-screnn.cyou
voyage-soure.cyou
wave-cracky.cyou
wide-eyeder.cyou
wind-raspy.cyou
wind-taster.cyou
worship-scat.cyou
wrath-full.cyou
wrathful-jammy.cyou
wrench-test.cyou
wrong-oily.cyou

# Reference: https://x.com/Oliver7203/status/1865824742319546470
# Reference: https://www.virustotal.com/gui/file/f946567c5199244b8be5fc3843826ad97c31ee11753e26dbdc57689d443163e8/detection

seat-tabooz.cyou

# Reference: https://x.com/banthisguy9349/status/1866393258789933389
# Reference: https://www.virustotal.com/gui/file/c8437904da3f58baae420967a54c395d09a2586247c3aa361a2e56ac0980bfbb/detection

kliphuqibue.shop

# Reference: https://x.com/JAMESWT_MHT/status/1867599570332791071
# Reference: https://app.any.run/tasks/29235e6b-0358-4349-a468-d22c844efa36
# Reference: https://app.any.run/tasks/3b9f9be5-1f6f-4b8f-9b6b-bab73f981e50

tailyoveriw.my
lusibuck.oss-cn-hongkong.aliyuncs. com

# Reference: https://x.com/JAMESWT_MHT/status/1867600333826142689
# Reference: https://tria.ge/241213-s5xyyasrdy

awake-weaves.cyou
deafeninggeh.biz
debonairnukk.xyz
diffuculttan.xyz
effecterectz.xyz
immureprech.biz
sordid-snaked.cyou
wrathful-jammy.cyou

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-12-15)

http://65.38.120.31
aquawangy.store
bellflamre.click
classify-shed.biz
fdy0p.springpoitn.xyz
futipoy.shop
kac0t.springpoitn.xyz
motionless-temper.cyou
nailyakwj.help
namerbutty.online
profusetawdy.click
shineugler.biz
spellshagey.biz
springpoitn.xyz
tacitglibbr.biz
troubledinco.click
wwwsecure.icu

# Reference: https://x.com/banthisguy9349/status/1868369658157625834
# Reference: https://x.com/banthisguy9349/status/1868370682733846576

http://45.131.135.227
http://77.105.161.133
booking.fashion
booking-5721.com
holmenester.com
id-1684377421.com
misiterlom.com
partner-id-6856747.com
request-homeless.com
t-me.cloud
t-me.lol
t-me.xyz
telegram-autification.lol

# Reference: https://x.com/smica83/status/1868383554838949965
# Reference: https://www.virustotal.com/gui/file/a133fae8e316fd9d9df8cf5f8984457d2525459ad4e39eafe58e026147550fb2/detection
# Reference: https://www.virustotal.com/gui/file/d0e9ada0e6cfa93e889709ff7d21e96b5c093c93b9d8c76ebd73f3333fe6fc6e/detection

page-yoda.sbs
tacitglibbr.biz

# Reference: https://x.com/threatcat_ch/status/1869525282656600528

filenjjutre.online
chrome.downloading.com.de

# Reference: https://www.virustotal.com/gui/file/99c0231462ca655bb8234dbed536b07d15045fa279614f4a9f22bc71b9d77aa5/detection

predatowpmn.shop

# Reference: https://www.virustotal.com/gui/file/01f3a911149eb410b9b1f363dab0f9806f7c10118dc5533eeec450383563599a/detection

crusthdisow.store

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-10-29-v10730/2087

circledexj.cyou
ppi.circledexj.cyou

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-10-30-v10731/2092

relaxatiyon.cyou

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-11-04-v10734/2111

herroassebm.cyou

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-11-07-v10737/2120

elitedwari.cyou
ironadminz.cyou
passtyannyb.icu

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-11-08-v10738/2122

boltycoupeln.cyou

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-11-11-v10739/2129

dayeyerhb.cyou
employerdbz.icu
zanymarkedjz.fun
3number.employerdbz.icu

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-11-12-v10740/2133

automatic-meaty.sbs

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-11-15-v10743/2143

activitydmy.icu
crickout.com
kettletakkz.fun
promotechangez.cyou
wackysheibr.fun
washcolorediz.fun
1212tank.activitydmy.icu

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-11-18-v10744/2147

bab120witty.sbs
bed-cobweb.cyou
brakeritonb.icu
sector-essay.cyou
sliperyedhby.icu

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-11-25-v10750/2164

farewellnzu.icu
oak-smash.cyou
push-hook.cyou
sturdy-operated.cyou

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-11-26-v10753/2171

s1gn1fyh0se.cyou

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-11-27-v10754/2175

slam-hot.cyou

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-11-28-v10760/2181

teentyinch.fun

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-02-v10781/2210

petited-hulking.cyou

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-03-v10787/2221

clamfluffys.click

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-05-v10791/2234

abrasigehs.my
exchanwrysu.my
lettuchsy.my
scarpsniffy.click

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-09-v10793/2248

corkpennywj.click
fightlsoser.click

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-10-v10795/2253

formlaner.click

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-12-v10800/2257

opinioratty.click
unwieldypower.click

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-16-v10808/2270

dirtytram.click
formbellys.click
formydamagero.click
gradefuture.click
securesways.click
wishbusher.click

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-17-v10809/2275

aspecteirs.lat
brownyctuwh.click
crosshuaht.lat
discokeyus.lat
energyaffai.lat
grannyejh.lat
necklacebudi.lat
passworoggre.click
rapeflowwj.lat
saaadnesss.shop
sustainskelet.lat
sweepyribs.lat

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-18-v10810/2278

pancakedipyps.click
receptivesfii.click

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-19-v10811/2280

lossekniyyt.click
simplerapplau.click

# Reference: https://x.com/CyberRaiju/status/1871014838480282050
# Reference: https://x.com/9823f_/status/1871153370741747904
# Reference: https://x.com/9823f_/status/1871153922825441500
# Reference: https://www.virustotal.com/gui/file/13848f74c576b1624b6b64dd556791a7b40b7fee6a0fa7ea6ce3f82c8cc98b2b/detection
# Reference: https://www.virustotal.com/gui/file/68e5e9e1c859b49d2c4d51bd619634da76452d2d05ae52528fe7acfe2842aea0/detection

http://95.217.29.83
ddeapeaceofmind.shop
fuarez.cyou
minimeh.shop
polovoiinspektor.shop
runetvpn.com
runetvpn.info
runetvpn.org
saaadnesss.shop
uuukaraokeboss.shop
dns-me.pages.dev
dnserror-cdw.pages.dev
microsoft-dns-reload.pages.dev
recaptha-verify-8u.pages.dev

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-23-v10813/2287

analysiserjzy.click
bakedgooak.site
bashfulacid.lat
cuddlyready.xyz
curverpluch.lat
driblbemris.lat
inventionspo.click
kitteprincv.click
magicaltaster.click
manyrestro.lat
sendypaster.xyz
shapestickyr.lat
slipperyloo.lat
steppriflej.xyz
talkynicer.lat
tentabatte.lat
thesishsej.click
wordyfindy.lat

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-12-24)

http://212.87.222.185
46.202.155.128:443
asylumejkr.icu
clockersspic.click
crayonutteh.click
erectystickj.click
excluderhsh.click
fabricattewu.click
filezilla-newbuilt.b-cdn.net
gracefulcallou.click
icyidentifysu.click
ingreem-eilish.biz
klarnaportal.icu
klarnaportal.live
kliptizq.shop
lev-tolstoi.com
lewdtworre.click
longelizzaw.click
neqi.shop
obtainableruun.click
portal-klarna.com
portal-klarna.live
principledjs.click
volcanoyev.click
wrappyskmwio.store

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-24-v10816/2293

marrieddinn.click
volcanohushe.click

# Reference: https://www.virustotal.com/gui/file/0bc8237a22dee7558f390bae9cb39923ab6207ba8a6e450474e3390682db30b0/detection

cheapptaxysu.click
observerfry.lat

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-26-v10817/2296

beefshooti.click
bithithol.click
cheapptaxysu.click
fannleadyn.click
markydinnt.lat
thingssalver.click
throushgje.click
undesirabkel.click

# Reference: https://x.com/DaveLikesMalwre/status/1872392665716736393
# Reference: https://app.any.run/tasks/214907d3-4f33-40cc-8481-ea132dc80473

nextgencoding.cyou

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-27-v10818/2299

appliacnesot.buzz
brokenmatte.click
cashfuzysao.buzz
hummskitnj.buzz
inherineau.buzz
mindhandru.buzz
prisonyfork.buzz
rebuildeso.buzz
scentniej.buzz
screwamusresz.buzz
slimmybearz.click
tackybrushz.click

# Reference: https://x.com/RacWatchin8872/status/1873043962686259640
# Reference: https://x.com/RacWatchin8872/status/1872983832707977415
# Reference: https://www.virustotal.com/gui/file/2f1a930aa5ce429a2d891adf0934b969b239f1261b9f5822f3d6c1b3502248fd/detection

alleybikeru.click
parallellywko.shop
tightuteop.shop

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-30-v10819/2306

abruptyopsn.shop
admitunhearl.click
applesactti.click
begguinnerz.biz
censeractersj.click
ch33sep3ts.cyou
cloudewahsj.shop
crackerdolk.click
cureprouderio.click
enterwahsh.biz
fancywaxxers.shop
fivenaii.click
framekgirus.shop
imbibelubmbe.click
jammywritej.click
justyffyr.click
laborersquei.click
lackadausaz.click
nearycrepso.shop
noisycuttej.shop
peelyitemsn.click
rabidcowse.shop
spuriotis.click
stingyerasjhru.click
tentyshoeu.click
tirepublicerj.shop
wetlivelky.click
wholersorie.shop

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-12-31)

aboriginalkyv.click
acceptbaleeri.shop
breezysmiterz.click
cegu.shop
chillysalvagk.click
commentbeseeh.click
cryofficesj.click
deduhko.klipzyroloo.shop
dfgh.online
fallyjustif.click
fantassyzwi.click
fronyzealosud.click
gripfizz.click
hollowrefuz.click
hungrypaster.click
itsrevolutionmagnus.xyz
klipnogijuu.shop
klipsyzogey.shop
klipvumisui.shop
klipzyroloo.shop
ladybughge.click
learningypr.click
locketplyxx.click
lonylexpedn.my
moanungsnake.click
noisercluch.click
notebookgi.click
panelmaideus.click
permissiblene.click
pickduccker.click
q.klipzyroloo.shop
rurallyrishz.click
senc1.melody-wave.shop
sickyicyerh.click
smartoffer-captcha-verification.b-cdn.net
sos-ch-gva-2-exo-io.b-cdn.net
spotlessaja.click
squencehb.cyou
stampyflook.click
tougheryer.click
treehoneyi.click
triptrip.melody-wave.shop
u48631907.ct.sendgrid.net
walkyvulgari.click
wellofflyric.click

# Generic

/c2conf
/c2sock
/lumma0805.exe
/lumma0207.exe
/lumma2406.exe
/lumma2606.exe
/lumma2806.exe
/lummnew.exe
