blocklists-symantec.txt

## hosts-blocklists
## domains-ips-hashes

## blocklists-symantec
## https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence


# https://www.security.com/threat-intelligence/stonefly-north-korea-extortion

51.81.168.157
144.208.127.115
172.96.137.224
216.120.201.112
217.195.153.209

003815b3b170437316614c66e63fc0750e459f47cb0caf2af9cf584fffee4916
09795d17d027c561e8e48f6089a8cf37e71c5985afbf7f51945fc359b4697a16
1e2fad6c77410965ea2b3a5d36e8d980d839cc7a2b6f2e2d795d915e496ff398
2b254ae6690c9e37fa7d249e8578ee27393e47db1913816b4982867584be713a
2c70973b2b70e60f4187cb704bbc3c74da25a526828384b841b53778fb53fd38
3b1fa5ffbdc79a395df274d558eed7cfebb3863d2cf4607c816a6e7d26007899
3f880395c9d5820c4018daecf56711ce4ee719736590792f652ea29cbcbdb8f3
4ef8f3be7615392e4fe5751c9647ede1c6be2d2723af9b0fab69b6e58543e6ca
5df907d0ff950194758a8ef32dabe78c31c7470c6e771c4f82e4c135a898f8fb
6de5219d913ed93389ae8e9e295695da1adc889c0352a9069f9921a0a2cb5ec6
7ab3f076e70350f06ad19863fdd9e794648020f621c0b1bd20ad4d80f0745142
7bec0b28eb52f7a2e218367c0fef91e83c9df8f0463d55f3a064a2d6ca77c8d0
12bf9fe2a68acb56eb01ca97388a1269b391f07831fd37a1371852ed5df44444
35bbea3e077e63616e6785b667ddc67c3360be80b690fd0eea4e531b38777b0c
37b1c57120760acefb6ad9a99eb1a7dfa49d4ee6c4e6afcc09b385c24c5f0639
42d52a78058954fcb85f538c86253214bacf475b4abecf3b426dad9d5b6543d6
58d267dd80298c6d582ea7e45cf85a6e665d172d4122cc029cbcd427a33c2472
88b3c100d4a3168b1807fe9d1c4cb9d772e294c1cdf29ff287bc451d37891d8c
89aa7b67e9476d0f91df71a2b92ebe21f63f218afb6446296403f34f91831d15
93b75bc724a4a85b93fb749b734381ef79ab54c2debf27907794c8fd632fa0f5
94eef46095c231b1ee33cd63e063d8a2fc663e44832e45a294cf8d8cf9df31f8
243ad5458706e5c836f8eb88a9f67e136f1fa76ed44868217dc995a8c7d07bf7
511a75b2daca294db39d0e82e7af6161e67aab557b6b86bfea39ccbd2d7b40ae
28149b1e55551948a629dcd2dacad32f6a197ed9324dc08b27ff00fa0bf0d909
75448c81d54acb16dd8f5c14e3d4713b3228858e07e437875fbea9b13f431437
485465f38582377f9496a6c77262670a313d8c6e01fd29a5dbd919b9a40e68d5
5633691b680b46b8bd791a656b0bb9fe94e6354f389ab7bc6b96d007c9d41ffa
96118268f9ab475860c3ae3edf00d9ee944d6440fd60a1673f770d150bfb16d3
966319464e10b5a1ccc214a76a57ecf8afb322055f55154cf6e039c7373fd5e7
a65cefb3c2ccdb50704b1af1008a1f8c7266aa85bd24aaf21f6eb1ddd5b79c81
a7711b8314b256d279e104ea3809f0668d3615fba584ca887d9c495795d0a98e
ac6f6c77e0c9082f85324dcde9aabbdd1c4dcd51b78e45d1d8ace4d1648213dd
c5a6a18ec53a8743853112f58dd1fcc73d0b2fc6e9cb73b2424e29d78b4504df
cdd079bcb01e0f1229194f1f0ff9b6261e24ee16f8f75ec83763a33561c2071a
d71f478b1d5b8e489f5daafda99ad203de356095278c216a421694517826b79a
d867aaa627389c377a29f01493e9dff517f30db8441bf2ccc8f80c48eaa0bf91
e5d56cb7085ed8caf6c8269f4110265f9fb9cc7d8a91c498f3e2818fc978eee2
e11e57d6d0944c2856828a287a868af96b47be32d4fe411f58dae4f0fe45ee2d
ea2867c5de97e512b9780b6e73c075291259f5b24e95569ccbb05ed249d511a3
ee017325a743516155210f367272ac736bbfc8284b9613180744f26dda6502b0
ee7926b30c734b49f373b88b3f0d73a761b832585ac235eda68cf9435c931269
f0bc0f94ac743185e6d0c865a9e162f4ce2f306df13b2ea80df984160eb3363c
f3f17480a3e5c86d1ed876243a06db9b4d7d6aea91e284fa555882e0f1360206
f64dab23c50e3d131abcc1bdbb35ce9d68a34920dd77677730568c24a84411c5
f128fabe601026ceb6d918d58061e3dd2f549366d14dcf6d44df4992bca3b53
fce7db964bef4b37f2f430c6ea99f439e5be06e047f6386222826df133b3a047

# https://www.security.com/threat-intelligence/taiwan-malware-dns

a89ebe7d1af3513d146a831b6fa4a465c8edeafea5d7980eb5448a94a4e34480
e08dc1c3987d17451a3e86c04ed322a9424582e2f2cb6352c892b7e0645eda43
f5937d38353ed431dc8a5eb32c119ab575114a10c24567f0c864cb2ef47f9f36

# https://www.security.com/threat-intelligence/cloud-espionage-attacks

7-zip.tw
30sof.onedumb.com

89.42.178.13
103.255.178.200
157.245.159.135

9f61ed14660d8f85d606605d1c4c23849bd7a05afd02444c3b33e3af591cfdc9
79e56dc69ca59b99f7ebf90a863f5351570e3709ead07fe250f31349d43391e6
527fada7052b955ffa91df3b376cc58d387b39f2f44ebdcb54bc134e112a1c14
582b21409ee32ffca853064598c5f72309247ad58640e96287bb806af3e7bede
30093c2502fed7b2b74597d06b91f57772f2ae50ac420bcaa627038af33a6982
97551bd3ff8357831dc2b6d9e152c8968d9ce1cd0090b9683c38ea52c2457824
4057534799993a63f41502ec98181db0898d1d82df0d7902424a1899f8f7f9d2
a76507b51d84708c02ca2bd5a5775c47096bc740c9f7989afd6f34825edfcba6
ab6a684146cec59ec3a906d9e018b318fb6452586e8ec8b4e37160bcb4adc985
d728cdcf62b497362a1ba9dbaac5e442cebe86145734410212d323a6c2959f0f
f1ccd604fcdc0034d94e575b3709cd124e13389bbee55c59cbbf7d4f3476e214
f69fb19604362c5e945d8671ce1f63bb1b819256f51568daff6fed6b5cc2f274
fd9fc13dbd39f920c52fbc917d6c9ce0a28e0d049812189f1bb887486caedbeb

# https://symantec-enterprise-blogs.security.com/threat-intelligence/malware-ai-llm

0A90FADE657A0C0AC73D4E085E168AA8515994700A12612D1C20CB00ED15A0CA
2AE6737D691BFF402FC50A29EDDCBE9FD0B0C18250776435F61CE70F3C9481CD
3A88FCB26F7A6BE68B65AB18D8358365E9A4FD7D4C0EF8FC581771CCFB746271
4FB58687A364C3F6D6F7E0CA03654F9DEC0F8832A499D61D40B0D424DB1B1B14
9BD692BC32E13185232E95FF7693D0039B5C5C563323982BFAB34A5D1E0379AE
29F8B50F737FEEF9EC7439780DAEAD395BF2BF278A4540DDFFE64CA70AA9F462
30DD8CBBA98F2E4CBB8D8D85A7A9AC97B0157A77C83D9B8DEAB50C2225C0CB22
44B3095A86F2091CCB9B52B9ECF995BC5B9E2294EB9E38D90E9FD743567F5F22
121E900D1EFC6D9E537471360848B333BFBBB7E08ECADB1D75897882CE2DCB20
948D0D1FABBD858C13C387737EF833BEB982141CFC2E2D0E26024918EB0AF479
4153F2CE9CD956B29A1D1F21669932596FD1564863F65782D1EEA4E06E8623F7
5077EEE9D9933E1DB4B311B893A8F3583CA9F0D9F6DB33938A67BF5054133AA8
9160A5F4DB292A50BAED109BFF1C94738418FB8E6D729D7FC4A7841DB06F8F3E
A2C1B716D20B61BC4C57748E1EC195FBAC2C5B143CF960D0FFEE895160D4B0DB
A1739E001E0720341F14466231A21BD12A74485DAB59B0F4FDE7F931467CB4B2
B1D48CA54EFB57B9BD626420391FBBC638C9F4271F009DFB31B28C33B76A4228
B6AADA8476838CD39EFD5A3681F50ECEB0938BBCDECD3712FDB81394ED2922BB
BA325F828378C1733044F3022D73D770E2A8E81AEB01605B13866DE7E722075D
BAC7079571FA4FA2E3543FD4EDFB5144EC4FF9046065C7F11CB8C9552117D138
BB932056CAE8940742E50B4F2B994A802E703F7BC235E7DD647D085AE2B2BAF7
BC824A97E877EF38D5D14E0D51433F3890873B58B710C0E5D41A4638A1A3FAF4
BCDB4F1AF705889ACE73E8A0C8626BC6B615393A4C4F28EA00E5A51EB6E541D9
BF0B4C933B9EF188A9073D68D955ADD8CBE8398F3EC2E04CE285D45C8183C033
C7D1DC81BB9CC86DD129AC414E8805DDDBFFF23D347E5F3349D5D59F4172F3BA
C398B3E06EF860670B9597DAED85632834FA961AEA87164B8BA8BB2F094A14EF
C645FD15DDA1AA3D5554B847E1D243493EA22F81FAF3D1F883100A4B51438B27
C8032306AB5C5BF09C38BD05A2F41BB4DCE98A56DF0570C6A58F116127E0532D
CAD698049830745BA6685B5D571DEF86FA77D046D2403A7C48ED8D0258314093
CD003F5CE0DDE74B9793685C549A6883B405FCA4D533F27FBB050199A2339A28
D05032CA22352BA77CE67A2975A33A5A3A7170705817FE4305B162F7E4E7065B
D38A62A73A9FE1ED0CE7F6902E52D90A056374123D6ECF4D5FF9A01008E922CB
DC6C5B4ABB65C8E5169F96A65D0A225C91AD2A58E13ECABA5B3FF29D07A4660B
EB8A22036655F0EB19924868031D3CDD273630B167A5FEC72B3C98FE887CA9C6
F06D83CE130BAE96EBFDE9ADDDD0FF1245FEBF768E6D984B69816B252808BA0C
F1CFC6E55777A62A1B269901793550CE8D0126D1035C5BEBF5C8145A83EF842B
F5FC667D818A26FBB5C04657B131D86AF1746A349CEB9D6E441D24C8673393B2
FA0FEE451B2DD9C532189705177457D0982E1F27F11E3E2B0B31B9ECE654FF4C

# https://symantec-enterprise-blogs.security.com/threat-intelligence/daggerfly-espionage-updated-toolset

103.96.128.44
103.96.131.150
103.243.212.98

0cabb6780b804d4ee285b0ddb00b02468f91b218bd2db2e2310c90471f7f8e74
003764fd74bf13cff9bf1ddd870cbf593b23e2b584ba4465114023870ea6fbef
1f5e4d2f71478518fe76b0efbb75609d3fb6cab06d1b021d6aa30db424f84a5e
3a6605266184d967ab4643af2c73dafb8b7724d21c7aa69e58d78b84ebc06612
4c3b9a568d8911a2a256fdc2ebe9ff5911a6b2b63c7784da08a4daf692e93c1a
5c52e41090cdd13e0bfa7ec11c283f5051347ba02c9868b4fddfd9c3fc452191
570cd76bf49cf52e0cb347a68bdcf0590b2eaece134e1b1eba7e8d66261bdbe6
955cee70c82bb225ca2b108f987fbb245c48eefe9dc53e804bbd9d55578ea3a4
3894a8b82338791764524fddac786a2c5025cad37175877959a06c372b96ef05
5687b32cdd5c4d1b3e928ee0792f6ec43817883721f9b86ec8066c5ec2791595
49079ea789e75736f8f8fad804da4a99db52cbaca21e1d2b6d6e1ea4db56faad
65441ea5a7c0d08c1467e9154312ac9d3fdd3ca9188b4234b5944b767d135074
d8a49e688f214553a7525be96cadddec224db19bae3771d14083a2c4c45f28eb
dad13b0a9f5fde7bcdda3e5afa10e7d83af0ff39288b9f11a725850b1e6f6313
ef9aebcd9022080189af8aa2fb0b6594c3dfdc862340f79c17fb248e51fc9929
eff1c078895bbb76502f1bbad12be6aa23914a4d208859d848d5f087da8e35e0
fce66c26deff6a5b7320842bc5fa8fe12db991efe6e3edc9c63ffaa3cc5b8ced

# https://symantec-enterprise-blogs.security.com/threat-intelligence/ransomware-q2-2024

2fc2d747847eb04561a435e65954f0103101e2190458eb3c125deda49326c597
3e65437f910f1f4e93809b81c19942ef74aa250ae228caca0b278fc523ad47c5
3f41e2ceff3a04cd6de6aadce7e7b7c8584940e4320a7db55dd712debb061510
4d571f4d0008deb01e3144e0e3d5f882c5422acfcb4dd260082852a822d8d2fb
4de4621da1b7da597c2c8def4c08b8d405672dadb9c70d7dffd647c8d6abd394
5e446efb6c4f296fb8f25ef7a1a0a482f51dc475bd5ef3e89be9d43782a9f60f
6fb438feeb8369c5b82bfaa77144a641f7645c321f0b24dd97cfe2687b1ebd44
7d6877eb8a3e2da1e8b06e2ed41604c6c3d5ced8293f7cc7e760ba972303bd0e
21ff399e57cc306a1ae1daab6009ea40c8aa96c39296d0f8781626de6bd19256
38f0750cbe49b30db326b53b9f752b66c4f5e23cc3bbbd6d1844e2878a19b9a7
67e4c18e80d4d1acb9395f4a1fe9c2a75d95fcccdb33bcdd5259ba6f47e60e57
88efa81984852dac62d325f2091a09de1e6423a711d7913aeac103c50664cf84
170d654b61810992fef6f18dbce5b4c7f5762cf36c9b41c36a14c9f6609f6e7d
7101db8cb05e989c018ebc5df47819029cd76c4093b22c4582288795e46f6689
9562ad2c173b107a2baa7a4986825b52e881a935deb4356bf8b80b1ec6d41c53
1453179d46ef89eb780f8b82632f352017a3586e8d49fc3f087f633f7bebbf0a
2881194b7e0939d47165c894c891737d8c189ee8fb4720e814a4bcdd804d00d1
95279881525d4ed4ce25777bb967ab87659e7f72235b76f9530456b48a00bac3
6192488729850a7a28498f233346e856b0097e4b3160baa641f8cf9571b56da8
a702a671b7911a09ccb5b4f42923e8b301e0bbb851443dd52622022959a3055a
aa0ef20f9f8ca111b0d8a550daf6651f5b0557f0acb0a26545755c5a02263a9b
aa43f34c3fa67aea994c1babeb71b46c7b24eccaa0455ae21aa561e251e7cc4d
bef2d817f1813eb0629222112fd3721865a2a4eb1f4d51ad1f09fd807d4380ab
d18453e564ca27514227478f225d85811fe15d08aa5fb1f613022c43155c5c54
ea59d6a130a279dfde4df53640bd720419c7b5d9711a21a78af9453b1b3b5805
f6afa84b0847414220bb15517b8b5e2c505b64b53efbba73b753379c66ac5017
f572898ab9f9a0fabac77d5d388680f84f85f9eb2c01b4e5de426430c6b5008f

# https://symantec-enterprise-blogs.security.com/threat-intelligence/telecoms-espionage-asia

swiftandfast.net

14.161.4.152
38.60.254.243
43.152.200.62
49.204.77.162
65.20.66.128
65.20.66.214
65.20.69.80
65.20.70.110
65.20.73.72
65.20.76.211
65.20.82.212
103.180.161.123
110.34.166.198
113.160.186.153
115.79.207.240
117.2.82.149
134.209.147.60
134.209.156.5
139.59.35.77
139.59.37.50
139.84.130.178
139.84.137.139
139.84.163.162
139.84.165.248
139.84.166.131
142.93.223.200
143.110.244.132
143.110.250.11
146.190.18.167
157.245.107.16
159.65.158.28
159.89.170.164
203.159.95.197
206.189.136.180
206.189.140.171

089809e73354648b3caed7db6bc24dcce4f2ef0f327206fd14f36c6619d9ed30
3aae73ff8ff5973c74af5a7991ca6a57ce797b7b775e1358efd9d76b67b5797b
4c136270ca4c17edb77985aca570e291fa77abaaa48761f85e184892089164a6
6a5fdbe9579b69d4a5e1f6930145debd5adb2a9f93dd052bfb442cbd0141277b
6ad67d7f76986359865667bdd51ba267f6bd7e560270512074448dd7b088bcb7
1906e7d5a745a364c91f5e230e16e1566721ace1183a57e8d25ff437664c7d02
c61daa0df88a33387b94b22bfc0b68d1211a57357aff401613c07832b5192fc0
c348eba51897fbd55ca3ffdaab21259b8f73688e6e008b923ebc597c6272d2d9
dc9a12574f8c3b5bed6043b1cd3fd43672779d132c864bb22ae8b0a5dee24576
e32c5e6d70895f0d071f420b7ff28c6fe0eaf2c08eeebe39122b3b1fd1981473
f45dabd683795f099a40553e5d85c9bc8a15bb964c992b45cec48c620ff78fdb

# https://symantec-enterprise-blogs.security.com/threat-intelligence/black-basta-ransomware-zero-day

3b3bd81232f517ba6d65c7838c205b301b0f27572fcfef9e5b86dd30a1d55a0d
4aae231fb5357c0647483181aeae47956ac66e42b6b134f5b90da76d8ec0ac63
2408be22f6184cdccec7a34e2e79711ff4957e42f1ed7b7ad63f914d37dba625
a31e075bd5a2652917f91714fea4d272816c028d7734b36c84899cd583181b3d
b0903921e666ca3ffd45100a38c11d7e5c53ab38646715eafc6d1851ad41b92e
b73a7e25d224778172e394426c98b86215087d815296c71a3f76f738c720c1b0

# https://symantec-enterprise-blogs.security.com/threat-intelligence/ransomhub-knight-ransomware

02e9f0fbb7f3acea4fcf155dc7813e15c1c8d1c77c3ae31252720a9fa7454292
2f3d82f7f8bd9ff2f145f9927be1ab16f8d7d61400083930e36b6b9ac5bbe2ad
8f59b4f0f53031c555ef7b2738d3a94ed73568504e6c07aa1f3fa3f1fd786de7
34e479181419efd0c00266bef0210f267beaa92116e18f33854ca420f65e2087
36e5be9ed3ec960b40b5a9b07ba8e15d4d24ca6cd51607df21ac08cda55a5a8e
104b22a45e4166a5473c9db924394e1fe681ef374970ed112edd089c4c8b83f2
595cd80f8c84bc443eff619add01b86b8839097621cdd148f30e7e2214f2c8cb
7539bd88d9bb42d280673b573fc0f5783f32db559c564b95ae33d720d9034f5a
7114288232e469ff368418005049cf9653fe5c1cdcfcd63d668c558b0a3470f2
a96a0ba7998a6956c8073b6eff9306398cc03fb9866e4cabf0810a69bb2a43b2
e654ef69635ab6a2c569b3f8059b06aee4bce937afb275ad4ec77c0e4a712f23
ea9f0bd64a3ef44fe80ce1a25c387b562a6b87c4d202f24953c3d9204386cf00
f1a6e08a5fd013f96facc4bb0d8dfb6940683f5bdfc161bd3a1de8189dea26d3
fb9f9734d7966d6bc15cce5150abb63aadd4223924800f0b90dc07a311fb0a7e	 

# https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/springtail-kimsuky-backdoor-espionage

216.189.159.34

6c2a8e2bbe4ebf1fb6967a34211281959484032af1d620cbab390e89f739c339
7bd723b5e4f7b3c645ac04e763dfc913060eaf6e136eecc4ee0653ad2056f3a0
8a80b6bd452547650b3e61b2cc301d525de139a740aac9b0da2150ffac986be4
8e45daace21f135b54c515dbd5cf6e0bd28ae2515b9d724ad2d01a4bf10f93bd
36ea1b317b46c55ed01dd860131a7f6a216de71958520d7d558711e13693c9dc
47d084e54d15d5d313f09f5b5fcdea0c9273dcddd9a564e154e222343f697822
380ec7396cc67cf1134f8e8cda906b67c70aa5c818273b1db758f0757b955d81
831f27eb18caf672d43a5a80590df130b0d3d9e7d08e333b0f710b95f2cde0e0
5068ead78c226893df638a188fbe7222b99618b7889759e0725d85497f533e98
8898b6b3e2b7551edcceffbef2557b99bdf4d99533411cc90390eeb278d11ac8
30584f13c0a9d0c86562c803de350432d5a0607a06b24481ad4d92cdf7288213
a98c017d1b9a18195411d22b44dbe65d5f4a9e181c81ea2168794950dc4cbd3c
bc4c1c869a03045e0b594a258ec3801369b0dcabac193e90f0a684900e9a582d
cc7a123d08a3558370a32427c8a5d15a4be98fb1b754349d1e0e48f0f4cb6bfc
d05c50067bd88dae4389e96d7e88b589027f75427104fdb46f8608bbcf89edb4
d7f3ecd8939ae8b170b641448ff12ade2163baad05ca6595547f8794b5ad013b
ecab00f86a6c3adb5f4d5b16da56e16f8e742adfb82235c505d3976c06c74e20
ff945b3565f63cef7bb214a93c623688759ee2805a8c574f00237660b1c4d3fd

# https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/graph-api-threats

02e8ea9a58c13f216bdae478f9f007e20b45217742d0fbe47f66173f1b195ef5
1a87e1b41341ad042711faa0c601e7b238a47fa647c325f66b1c8c7b313c8bdf
4b78b1a3c162023f0c14498541cb6ae143fb01d8b50d6aa13ac302a84553e2d5
5c430e2770b59cceba1f1587b34e686d586d2c8ba1908bb5d066a616466d2cc6
7fc54a287c08cde70fe860f7c65ff71ade24dfeedafdfea62a8a6ee57cc91950
470cd1645d1da5566eef36c6e0b2a8ed510383657c4030180eb0083358813cd3
a78cc475c1875186dcd1908b55c2eeaf1bcd59dedaff920f262f12a3a9e9bfa8
afeaf8bd61f70fc51fbde7aa63f5d8ad96964f40b7d7fce1012a0b842c83273e
f229a8eb6f5285a1762677c38175c71dead77768f6f5a6ebc320679068293231
fe8f99445ad139160a47b109a8f3291eef9c6a23b4869c48d341380d608ed4cb

# https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ransomware-attacks-exploits

005cfd8a4dd101c127bcb0f94f1fa143b24d91442ee9e1525b4c540c9fe88c63
09f7622eb9ed3bbd375575c8a190ff152ef3572a717a20c1b2dd5556b8cc9eba
4c1346eab3fb23ca0613d73bbd2dd87fedb6ca8b1ba7bf48d69a57868d05854d
6ec7a25adc9bf516e9150bebd773feafa64787769156ffbcb6eccabc579ee03a
7ebe51d5a48cc3c01878e06c6db3f4f0189c4f9788bfe57b763b03f4ab910e26
8d5c521d7a52fd0b24d15c61c344a8f87b3b623a1ab3520ab55197b772377155
13d525588d2f6babe0b6de7d1456a6f3f39a0947128280a94b6f676dd5684201
19707b18f750bae0214e2a6d36735b6723549899bf83751d3650b9ec8125b91f
c06e320ad2568e15baae155346c6fb92e18fc038e7465adfb5fc2a3f8af9caa5
ce26642327aa55c67a564f695ae3038d5afee9b8d14bb5146bf30dd0f1af24e5

# https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ransomware-data-exfiltration

0d068a6aa2df88613e1c5c7ba412a5a5bc3cadc3f3ab4b76d10035ba8eec27bf
0f4fa41c4ab2ac238cbe92438cb71d139a7810c6c134b16b6c6005c4c5b984e4
00be065f405e93233cc2f0012defdcbb1d6817b58969d5ffd9fd72fc4783c6f4
0242c29a20e19a4c19ff1e5cc7f28a8af3c13b6ec083d0569b3ba15a02c898b6
0244b889e1928a51b8552ab394f28b6419c00542a1bbc2366e661526790ec0a7
040f59f7e89787ee8db7ba44a11d7ed2ce9065ac938115933ca8cb37bb99abc5
2cbe4368f75f785bf53cbc52b1b357d6281dc41adc1a1aa1870e905a7f07ed5e
2e64bf8ca66e4363240e10dd8c85eabbf104d08aba60b307435ff5760d425a92
3a3fe8352e0a2bca469dba0dc5922976d6ba4dc8b744ac36056bfb25dbf7fc68
3cc56d5b79877a8ee6d15f0109d1c59937d6555ae656924686cafeee36ec0d57
3e2bda57454efa2e87ae4357f5c6c04edafa6b1efcda8093cbfd056a211d0f39
3f0256ae16587bf1dbbd3b25a50f972883ae41bce1d77f464b2a5c77fd736466
4de898c139fb5251479ca6f9ec044cac4d83a2f5d1113b7a4b8f13468a130c97
5adfef3f7721d6616650711d06792c087fd909f52435c8124c5f940f7acbdb48
5b70972c72bf8af098350f8a53ec830ddbd5c2c7809c71649c93f32a8a3f1371
5cc2c563d89257964c4b446f54afe1e57bbee49315a9fc001ff5a6bcb6650393
5d8f9cf481d72c53438cdfff72d94b986493e908786e6a989acad052d1939399
6ad342fbfe679c66ecf31b7da1744cbf78c3dc9f4dbc61f255af28004e36a327
6c5338d84c208b37a4ec5e13baf6e1906bd9669e18006530bf541e1d466ba819
6cf60c768a7377f7c4842c14c3c4d416480a7044a7a5a72b61ff142a796273ec
6f88fb88ffb0f1d5465c2826e5b4f523598b1b8378377c8378ffebc171bad18b
7bcff667ab676c8f4f434d14cfc7949e596ca42613c757752330e07c5ea2a453
7c20393e638d2873153d2873f04464d4bad32a4d40eabb48d66608650f7d4494
7d531afcc1a918df73f63579ca8d1a5c8048d8ac77917674c6805f31c8c9890f
7ef2cc079afe7927b78be493f0b8a735a3258bc82801a11bc7b420a72708c250
8a878d4c2dff7ae0ec4f20c9ddbbe40b1d6c801d07b9db04597e46b852ea2dc5
8b23414492ebf97a36d53d6a9e88711a830cbfb007be756df4819b8989140c2d
8cd552392bb25546ba58e73d63c4b7c290188ca1060f96c8abf641ae9f5a8383
8d6a398f97d734412de03340bbb8237d00c519479649af8933afb8fb4fa2f695
8e21c680dab06488014abca81348067753be97fd0413def630701019dea00980
9a7c58bd98d70631aa1473f7b57b426db367d72429a5455b433a05ee251f3236
9b5d1f6a94ce122671a5956b2016e879428c74964174739b68397b6384f6ee8b
9b78a7d8fd95fe9275c683f8cca54bc6c457b2cb90c549de227313a50da4fc41
9bbc9784ce3c818a127debfe710ec6ce21e7c9dd0daf4e30b8506a6dba533db4
9e3c618873202cd6d31ea599178dd05b0ab9406b44c13c49df7a2cbc81a5caa4
33f6acd3dfeda1aadf0227271937c1e5479c2dba24b4dca5f3deccc83e6a2f04
35e6742e840490ee8ccfbbccacd5e7e61a1a28a2e23fb7b5083a89271a5fd400
40c81a953552f87de483e09b95cbc836d8d6798c2651be0beba3b1a072500a15
64dd55e1c2373deed25c2776f553c632e58c45e56a0e4639dfd54ee97eab9c19
64e0322e3bec6fb9fa730b7a14106e1e59fa186096f9a8d433a5324eb6853e01
89a09433e0a57d8c01d5bab4ef4e6def979d2bc8e1ffad47ee6eadd3b85d09e9
99abf0d33e2372521384da3c98fd4a3534155ad5b6b7852ebe94e098aa3dc9b8
109b03ffc45231e5a4c8805a10926492890f7b568f8a93abe1fa495b4bd42975
265b69033cea7a9f8214a34cd9b17912909af46c7a47395dd7bb893a24507e59
270c888f8fbeb3bdc2dbcf8a911872791e05124d9bd253932f14dc4de1d2aed2
355faa21f35d4a15c894445f09af97b2ad90604425b9a4b9076e293dbd4504ab
366f5d5281f53f06fffe72f82588f1591191684b6283fb04102e2685e5d8e95c
461ba29d9386de39071d8f2f7956be21fb4fa06df8dd1db6dec3da0982e42f9f
486b2c2b0ca934ab63a9cf9f4b660768ad34c8df85e6f070aec0b6a63f09b0d8
523dcd9d9b971a8b4c53b5cfd9a003d7fcc0e6a4e0a06039db7f87ba7fb0a167
580f6a285c6c3b7238bd16e1aeb62a077ae44b5061a2162e9fd6383af59028bb
664bb48bf3e8a7d7036e4b0029fa10e1a90c2562ad9a09a885650408d00dea1b
734f3577aa453fe8e89d6f351a382474a5dab97204aff1e194eee4e9fdff0a4a
837fa64038a1e46494b581020606c386fbd79898aab9f38f90df8cfa7d4599ec
840e1f9dc5a29bebf01626822d7390251e9cf05bb3560ba7b68bdb8a41cf08e3
935c1861df1f4018d698e8b65abfa02d7e9037d8f68ca3c2065b6ca165d44ad2
5157d2c1759cb9527d780b88d7728dc4ba5c9ce5fddff23fb53c0671febb63bc
5778bf9e4563a80ec48e975eaa81fd6fe2f4b504ffcd61fcfbceb65a45eb8345
8258756c2e0ca794af527258e8a3a4f7431fbd7df44403603b94cb2a70cb1bdf
91605641a4c7e859b7071a9841d1cd154b9027e6a58c20ec4cadafeaf47c9055
9242846351a65655e93ed2aeaf36b535ff5b79ddf76c33d54089d9005a66265b
a7f477021101837696f27159031c27afec16df0a92355dfe0eb06e8b23bff7f6
a8611c0befdb76e8453bc36e1c5cfea04325e57dffb21c88760c6e0316319b36
aaa647327ba5b855bedea8e889b3fafdc05a6ca75d1cfd98869432006d6fecc9
af61905129f377f5934b3bbf787e8d2417901858bb028f40f02200e985ee62f6
b1e7851bd2edae124dc107bec66af79febcb7bc0911022ac31b3d24b36b3f355
b9ef2e948a9b49a6930fc190b22cbdb3571579d37a4de56564e41a2ef736767b
b53f3c0cd32d7f20849850768da6431e5f876b7bfa61db0aa0700b02873393fa
b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450
bbbedd933ac156b476e1b3edb3e09501c604a79c4ff1a917df779a9f1bec5cca
bc866cfcdda37e24dc2634dc282c7a0e6f55209da17a8fa105b07414c0e7c527
bcaa3d8dcba6ba08bf20077eadd0b31f58a1334b7b9c629e475694c4eeafd924
c4753ca743f0bfa82590e9838ad48af862814052e5c90a6dab97c651942a9d61
cd37a69b013336637a1ee722a6c7c8fd27439cf36ac8ed7e29374bbe4a29643e
cdb82be1b9dd6391ed068124cfdf2339d71dd70f6f76462a7e4a0fdadd5a208a
cef987a587faded1a497d37cf8d1564a287ef509338dbd956ea36c8e6aa9a68e
d0ceb18272966ab62b8edff100e9b4a6a3cb5dc0f2a32b2b18721fea2d9c09a5
d3b125f6441485825cdf3e22e2bfdeda85f337e908678c08137b4e8ef29303db
d4e9986e9ad85daae7fabd935f021b26d825d693209bed0c9084d652feef0d77
d5e01c86dab89a0ecbf77c831e4ce7e0392bea12b0581929cace5e08bdd12196
d6c1e30368d7ed406f0a6c6519287d589737989e8ff1297b296054b64b646b3f
d40ae98a7d18c2c35c0355984340b0517be47257c000931093a4fc3ccc90c226
d551b4f46ad7af735dfa0e379f04bdb37eda4a5e0d9fe3ea4043c231d034176c
d1144b0fb4e1e8e5104c8bb90b54efcf964ce4fca482ee2f00698f871af9cb72
d7267fe13e073dcfe5b0d319e41646a3eb855444d25c01d52d6dab9de695e1b1
d928708b944906e0a97f6a375eb9d85bc00de5cc217d59a2b60556a3a985df1e
de96a6e69944335375dc1ac238336066889d9ffc7d73628ef4fe1b1b160ab32c
df69dc5c7f62c06b0a64c9b065c3cbe7d034af6ba14131f54678135c33806f3e
df28158ea229ab67f828328fc01ea7629f3b743ecea8c0b88fba80cd7efc3a75
e2a5fb1ca722474b76d6da5c5b1d438a1e58beca52864862555c9ab1b533e72d
e69f82a00ab0e15d2d5d9f539c70406cbfaffd2d473e09aab47036d96b6a1bc1
e94901809ff7cc5168c1e857d4ac9cbb339ca1f6e21dcce95dfb8e28df799961
ea38cff329692f6b4c8ade15970b742a9a8bb62a44f59227c510cb2882fa436f
ec33d8ee9c3881b8fcea18f9f862d5926d994553aec1b65081d925afd3e8b028
ec436aeee41857eee5875efdb7166fe043349db5f58f3ee9fc4ff7f50005767f
eea7d9af6275c1cbf009de73a866eac4bc5d0703078ffe73b0d064cca4029675
f6c9532e1f4b66be96f0f56bd7c3a3c1997ea8066b91bfcc984e41f072c347ba
f63ff9c6f31701c1dca42d47ca4d819645e8d47586cf375db170503ce92b777e
fc19f3275d02764cf249dc6fe8962e06b83a4f5769cc369bc4f77b90c567df18
ff79d3c4a0b7eb191783c323ab8363ebd1fd10be58d8bcc96b07067743ca81d5

# https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/alpha-netwalker-ransomware

0bad18cb64b14a689965540126e0adbc952f090f1fb7b6447fe897a073860cdb
1c12ff296e7d9f90391e45f8a1d82d8140edf98d616a7da28741094d60d4779d
2d07f0425dc465b3a1267a672c1293f9a3d0cd23106b7be490807fea490978ea
5f3bf9c07eedde053f19ce134caa7587f8fb6c466e33256e1253f3a9450b7110
6e204e39121109dafcb618b33191f8e977a433470a0c43af7f39724395f1343e
9c71500a9472814f7bf97a462fe9822cf93dc41e2e34cc068734586d5e5146ef
9d6ed8396ee79ae92a5e6cef718add321226def3461711cf585e0fd302c961ae
89bfcbf74607ad6d532495de081a1353fc3cf4cd4a00df7b1ba06c10c2de3972
480cf54686bd50157701d93cc729ecf70c14cd1acd2cb622b38fc25e23dfbc26
6462b8825e02cf55dc905dd42f0b4777dfd5aa4ff777e3e8fe71d57b7d9934e7
46569bf23a2f00f6bac5de6101b8f771feb972d104633f84e13d9bc98b844520
a8d350bbe8d9ccfbb0c3e9c2dd9251c957d18ce13ae405ceb2f2d087c115db15
ab317c082c910cfe89214b31a0933eaab6c766158984f7aafb9943aef7ec6cbb
b2adf8ec7ab5193c7358f6acb30b003493466daee33ea416e3f703e744f73b7d
b7ca6d401b051712cb5b1a388a2135921a4420db8fe41842d51d2ec27380b479
c00fbf3fb992e7f237c396d69081246570cbd60d6c7a2262c01ae4d8e6f17ddd
c5f7492a3e763b4456afbb181248fdb8e652575cea286db7861e97ffcd1b72e4
df15266a9967320405b3771d0b7353dc5a4fb1cbf935010bc3c8c0e2fe17fb94
e43b1e06304f39dfcc5e59cf42f7a17f3818439f435ceba9445c56fe607d59ea
e68dd7f20cd31309479ece3f1c8578c9f93c0a7154dcf21abce30e75b25da96b
e573d2fec8731580ab620430f55081ceb7153d0344f2094e28785950fb17f499
f5d25777331ba55d80e064dea72240c1524ffcd3870555a8c34ff5377def3729
f3858d29073ae90f90c9bb284913752533fe1a6437edd6536e4b1775fc8f6db4

# https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/iran-apt-seedworm-africa-telecoms

45.67.230.91
45.150.64.39
94.131.3.160
94.131.98.14
94.131.109.65
95.164.38.99
95.164.46.199
146.70.124.102

1a0827082d4b517b643c86ee678eaa53f85f1b33ad409a23c50164c3909fdaca
25b985ce5d7bf15015553e30927691e7673a68ad071693bf6d0284b069ca6d6a
3916ba913e4d9a46cfce437b18735bbb5cc119cc97970946a1ac4eab6ab39230
eac8e7989c676b9a894ef366357f1cf8e285abde083fbdf92b3619f707ce292f

# https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/crambus-middle-east-government

78.47.218.106
91.132.92.90
151.236.19.91
192.121.22..46

4d04ad9d3c3abeb61668e52a52a37a46c1a60bc8f29f12b76ff9f580caeefba8
5a803bfe951fbde6d6b23401c4fd1267b03f09d3907ef83df6cc25373c11a11a
6b9f60dc91fbee3aecb4a875e24af38c97d3011fb23ace6f34283a73349c4681
6bad09944b3340947d2b39640b0e04c7b697a9ce70c7e47bc2276ed825e74a2a
7e107fdd6ea33ddc75c1b75fdf7a99d66e4739b4be232ff5574bf0e116bc6c05
22df38f5441dec57e7d7c2e1a38901514d3f55203b2890dc38d2942f1e4bc100
23db83aa81de19443cafe14c9c0982c511a635a731d6df56a290701c83dae9c7
41ff7571d291c421049bfbd8d6d3c51b0a380db3b604cef294c1edfd465978d9
159b07668073e6cd656ad7e3822db997d5a8389a28c439757eb60ba68eaff70f
497e1c76ed43bcf334557c64e1a9213976cd7df159d695dcc19c1ca3d421b9bc
661c9535d9e08a3f5e8ade7c31d5017519af2101786de046a4686bf8a5a911ff
1698f9797f059c4b30f636d16528ed3dd2b4f8290e67eb03e26181e91a3d7c3b
6964f4c6fbfb77d50356c2ee944f7ec6848d93f05a35da6c1acb714468a30147
41672b08e6e49231aedf58123a46ed7334cafaad054f2fd5b1e0c1d5519fd532
497978a120f1118d293906524262da64b15545ee38dc0f6c10dbff3bd9c0bac2
927327bdce2f577b1ee19aa3ef72c06f7d6c2ecd5f08acc986052452a807caf2
75878356f2e131cefb8aeb07e777fcc110475f8c92417fcade97e207a94ac372
a1a633c752be619d5984d02d4724d9984463aa1de0ea1375efda29cadb73355a
a6365e7a733cfe3fa5315d5f9624f56707525bbf559d97c66dbe821fae83c9e9
ba620b91bef388239f3078ecdcc9398318fd8465288f74b4110b2a463499ba08
be6d631fb2ff8abe22c5d48035534d0dede4abfd8c37b1d6cbf61b005d1959c1
c3ac52c9572f028d084f68f6877bf789204a6a0495962a12ee2402f66394a918
c488127b3384322f636b2a213f6f7b5fdaa6545a27d550995dbf3f32e22424bf
d0bfdb5f0de097e4460c13bc333755958fb30d4cb22e5f4475731ad1bdd579ec
d884b3178fc97d1077a13d47aadf63081559817f499163c2dc29f6828ee08cae
db1cbe1d85a112caf035fd5d4babfb59b2ca93411e864066e60a61ec8fe27368 

# https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/grayling-taiwan-cyber-attacks

d3ktcnc1w6pd1f.cloudfront.net

3.0.93.185
45.148.120.23
172.245.92.207

1b72410e8e6ef0eb3e0f950ec4ced1be0ee6ac0a9349c8280cd8d12cc00850f9
1ed1b6a06abbab98471d5af33e242acc76d17b41c6e96cce0938a05703b58b91
1f15c3ae1ce442a67e3d01ed291604bfc1cb196454b717e4fb5ac52daa37ecce
3acfe90afa3cbb974e219a5ab8a9ee8c933b397d1c1c97d6e12015726b109f1b
4c44efc7d9f4cd71c43c6596c62b91740eb84b7eb9b8cf22c7034b75b5f432d9
4fbe8b69f5c001d00bd39e4fdb3058c96ed796326d6e5e582610d67252d11aba
5ed10f2564cd60d02666637e9eac36db36f3a13906b851ec1207c7df620d8970
5ef2e36a53c681f6c64cfea16c2ca156cf468579cc96f6c527eca8024bfdc581
6a8c39e4c543e94f6e4901d0facee7793f932cd2351259d8054981cf2b4da814
6e5d840ddeedc3b691e11a286acd7b6c087a91af27c00044dd1d951da5893068
7c1b20de1f170cfaf3e75ebc7e81860378e353c84469795a162cd3cfd7263ba2
7ea706d8da9d68e1214e30c6373713da3585df8a337bc64fcc154fc5363f5f1f
8b6c559cd145dca015f4fa06ef1c9cd2446662a1e62eb51ba2c86f4183231ed2
9bad71077e322031c0cf7f541d64c3fed6b1dc7c261b0b994b63e56bc3215739
23e5dfaf60c380837beaddaaa9eb550809cd995f2cda99e3fe4ca8b281d770ae
74cbde4d4b4ac4cae943831035bff90814fa54fd21c3a6a6ec16e7e3fb235f87
79b0e6cd366a15848742e26c3396e0b63338ead964710b6572a8582b0530db17
87a7e428d08ecc97201cc8f229877a6202545e562de231a7b4cab4d9b6bbc0f8
90de98fa17294d5c918865dfb1a799be80c8771df1dc0ec2be9d1c1b772d9cf0
803d0d07d64010b102413da61bbf7b4d378891e2a46848b88ef69ca9357e3721
971ab5d4f0ec58fa1db61622a735a51e14e70ee5d99ab3cd554e0070b248eb1f
6725e38cbb15698e957d50b8bc67bd66ece554bbf6bcb90e72eaf32b1d969e50
30130ea1ab762c155289a32db810168f59c3d37b69bcbedfd284c4a861d749d6
245016ace30eda7650f6bb3b2405761a6a5ff1f44b94159792a6eb64ced023aa
525417bdd5cdd568605fdbd3dc153bcc20a4715635c02f4965a458c5d008eba9
667624b10108137a889f0df8f408395ae332cc8d9ad550632a3501f6debc4f2c
752018c117e07f5d58eed35622777e971a5f495184df1c25041ff525ca72acea
a180e67fcaf2254b18eafdc95b83038e9a4385b1a5c2651651d9d288fa0500fe
ab09e8cac3f13dea5949e7a2eaf9c9f98d3e78f3db2f140c7d85118b9bc6125f
af26d07754c8d4d1cb88195f7dc53e2e4ebee382c5b84fc54a81ba1cee4d0889
b19ccfa8bc75ce4cf29eb52d4afe79fe7c3819ac08b68bd87b35225a762112ba
ba8a7af30e02bd45e3570de20777ab7c1eec4797919bfcd39dde681eb69b9faf
bf1665c949935f3a741cfe44ab2509ec3751b9384b9eda7fb31c12bfbb2a12ec
c2a714831d8a7b0223631eda655ce62ff3c262d910c0a2ed67c5ca92ef4447e3
c24b19e7ccd965dfeed553c94b093533e527c55d5adbc9f0e87815d477924be5
c76ba3eb764706a32013007c147309f0be19efff3e6a172393d72d46631f712e
d0e1724360e0ae11364d3ac0eb8518ecf5d859128d094e9241d8e6feb43a9f29
d522bf1fb3b869887eaf54f6c0e52d90514d7635b3ff8a7fd2ce9f1d06449e2c
da670d5acf3648b0deaecb64710ae2b7fc41fc6ae8ab8343a1415144490a9ae9
dcadcac4c57df4e31dd7094ae96657f54b22c87233e8277a2c40ba56eafcf548
de500875266fd18c76959839e8c6b075e4408dcbc0b620f7544f28978b852c1c
e75f2cee98c4b068a2d9e7e77599998196fd718591d3fa23b8f684133d1715c3
f2aaedb17f96958c045f2911655bfe46f3db21a2de9b0d396936ef6e362fea1b
f3e8f2ef4ad949a0ada037f52f4c0e6000d111a4ac813e64138f0ded865e6e31
f1764f8c6fc428237ffafeb08eb0503558c68c6ccf6f2510a2ef8c574ba347e0

# https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/budworm-tool-update-telecoms-govt

551397b680da0573a85423fbb0bd10dac017f061a73f2b8ebc11084c1b364466
c4f7ec0c03bcacaaa8864b715eb617d5a86b5b3ca6ee1e69ac766773c4eb00e6
c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37
c501203ff3335fbfc258b2729a72e82638719f60f7e6361fc1ca3c8560365a0e
df571c233c3c10462f4d88469bababe4c57c21a52cca80f2b1e1af848a2b4d23
ee9dfcea61282b4c662085418c7ad63a0cbbeb3a057b6c9f794bb32455c3a79e
f157090fd3ccd4220298c06ce8734361b724d80459592b10ac632acc624f455e

# https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/3am-ransomware-lockbit

85.159.229.62
185.202.0.111
212.18.104.6

079b99f6601f0f6258f4220438de4e175eb4853649c2d34ada72cce6b1702e22
307a1217aac33c4b7a9cd923162439c19483e952c2ceb15aa82a98b46ff8942e
991ee9548b55e5c815cc877af970542312cff79b3ba01a04a469b645c5d880af
680677e14e50f526cced739890ed02fc01da275f9db59482d96b96fbc092d2f4
ecbdb9cb442a2c712c6fb8aee0ae68758bc79fa064251bab53b62f9e7156febc

# https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/critical-infrastructure-attacks

websencl.com

01f4e6f32070234b4203507be22cfb9d3d73b4bbd5100f62271e2161ec8813b7
2e642afdd36c129e6b50ae919ca608ac0006ce337f2a5a7a6fb1eef6a4ad99e7
8dbc8b756cb724e2d6dc9c7c40f22c48022a8ee48da6685c4ccf580c6b5183cf
16f413862efda3aba631d8a7ae2bfff6d84acd9f454a7adaa518c7a8a6f375a5
32d709d8d41e4ede6861ce27c9e2bb86d83be8336b45a17f567bab1869c6600a
231d21ceefd5c70aa952e8a21523dfe6b5aae9ae6e2b71a0cdbe4e5430b4f5b3
656582bf82205ac3e10b46cbbcf8abb56dd67092459093f35ce8daa64f379a2c
ac6938e03f2a076152ee4ce23a39a0bfcd676e4f0b031574d442b6e2df532646
d9438cd2cdc83e8efad7b0c9a825466efea709335b63d6181dfdc57fb1f4a4e3

# https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/carderbee-software-supply-chain-certificate-abuse

cdn.ofo.ac
cdn.stream-amazon.com
githubassets.akamaixed.net
gobay.info
ms-f7-sites-prod-cdn.akamaixed.net
ms-g9-sites-prod-cdn.akamaixed.net
tjj.active-microsoft.com

45.76.179.209
103.151.28.11
104.238.151.104
111.231.100.228

1ff7b55dde007b7909f43dd47692f7c171caa2897d663eb9db01001062b1fe9d
2f714aaf9e3e3e03e8168fe5e22ba6d8c1b04cbfa3d37ff389e9f1568a80cad4
7e6d0f14302662f52e4379eb5b69a3749d8597e8f61266aeda74611258972a3d
8bd40da84c8fa5f6f8e058ae7e36e1023aca1b9a9c8379704934a077080da76f
8ca135b2f4df6a714b56c1a47ac5baa80a11c6a4fcc1d84a047d77da1628f53f
9e96f70ce312f2638a99cfbd3820e85798c0103c7dc06fe0182523e3bf1e2805
9fc49d9f4b922112c2bafe3f1181de6540d94f901b823e11c008f6d1b2de218c
19a6a404605be964ab87905d59402e2890460709a1d9038c66b3fbeedc1a2343
47b660bbaacb2a602640b5e2c589a3adc620a0bfc9f0ecfb8d813a803d7b75e2
85fc7628c5c7190f25da7a2c7ee16fc2ad581e1b0b07ba4ac33cff4c6e94c8af
2400d8e66c652f4f8a13c99a5ffb67cb5c0510144b30e93122b1809b58614936
5467e163621698b38c2ba82372bac110cea4121d7c1cec096958a4d9eaa44be7
96170614bbd02223dc79cec12afb6b11004c8edb8f3de91f78a6fc54d0844622
b7b8ea25786f8e82aabe4a4385c6142d9afe03f090d1433d0dc6d4d6ccc27510
b84f68ab098ce43f9cb363d0a20a2267e7130078d3d2d8408bfb32bbca95ca37
b5159f8ae16deda7aa5d55100a0eac6e5dacd1f6502689b543513a742353d1ea
f64267decaa982c63185d92e028f52c31c036e85b2731a6e0bccdb8f7b646e97

# https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/syssphinx-fin8-backdoor

104-168-237-21.sslip.io
api-cdn.net
api-cdnw5.net
git-api.com

37.10.71.215

0e11a050369010683a7ed6a51f5ec320cd885128804713bb9df0e056e29dc3b0
05236172591d843b15987de2243ff1bfb41c7b959d7c917949a7533ed60aafd9
0980aa80e52cc18e7b3909a0173a9efb60f9d406993d26fe3af35870ef1604d0
1d3e573d432ef094fba33f615aa0564feffa99853af77e10367f54dc6df95509
2cd2e79e18849b882ba40a1f3f432a24e3c146bb52137c7543806f22c617d62c
2d39a58887026b99176eb16c1bba4f6971c985ac9acbd9e2747dd0620548aaf3
4db89c39db14f4d9f76d06c50fef2d9282e83c03e8c948a863b58dedc43edd31
4e73e9a546e334f0aee8da7d191c56d25e6360ba7a79dc02fe93efbd41ff7aa4
5b8b732d0bb708aa51ac7f8a4ff5ca5ea99a84112b8b22d13674da7a8ca18c28
6cba6d8a1a73572a1a49372c9b7adfa471a3a1302dc71c4547685bcbb1eda432
8cfb05cde6af3cf4e0cb025faa597c2641a4ab372268823a29baef37c6c45946
48e3add1881d60e0f6a036cfdb24426266f23f624a4cd57b8ea945e9ca98e6fd
64f8ac7b3b28d763f0a8f6cdb4ce1e5e3892b0338c9240f27057dd9e087e3111
72fd2f51f36ba6c842fdc801464a49dce28bd851589c7401f64bbc4f1a468b1a
307c3e23a4ba65749e49932c03d5d3eb58d133bc6623c436756e48de68b9cc45
356adc348e9a28fc760e75029839da5d374d11db5e41a74147a263290ae77501
78109d8e0fbe32ae7ec7c8d1c16e21bec0a0da3d58d98b6b266fbc53bb5bc00e
827448cf3c7ddc67dca6618f4c8b1197ee2abe3526e27052d09948da2bc500ea
e4e3a4f1c87ff79f99f42b5bbe9727481d43d68582799309785c95d1d0de789a
e7175ae2e0f0279fe3c4d5fc33e77b2bea51e0a7ad29f458b609afca0ab62b0b
ede6ca7c3c3aedeb70e8504e1df70988263aab60ac664d03995bce645dff0935
edfd3ae4def3ddffb37bad3424eb73c17e156ba5f63fd1d651df2f5b8e34a6c7

# https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/microsoft-zeroday-exploit

3a3138c5add59d2172ad33bc6761f2f82ba344f3d03a2269c623f22c1a35df97
a61b2eafcf39715031357df6b01e85e0d1ea2e8ee1dfec241b114e18f7a1163f
d3263cc3eff826431c2016aee674c7e3e5329bebfb7a145907de39a279859f4a
e7cfeb023c3160a7366f209a16a6f6ea5a0bc9a3ddc16c6cba758114dfe6b539

# https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/flea-backdoor-microsoft-graph-apt15

beltsymd.org
cyclophilit.com
cyprus-villas.org
perusmartcity.com
verisims.com

50.116.3.164
172.104.244.187

02e8ea9a58c13f216bdae478f9f007e20b45217742d0fbe47f66173f1b195ef5
07fc745c29db1e2db61089d8d46299078794d7127120d04c07e0a1ea6933a6df
2b60e49e85b21a439855b5cb43cf799c1fb3cc0860076d52e41d48d88487e6d8
2da9a09a14c52e3f3d8468af24607602cca13bc579af958be9e918d736418660
4b78b1a3c162023f0c14498541cb6ae143fb01d8b50d6aa13ac302a84553e2d5
7aa10e5c59775bfde81d27e63dfca26a1ec38065ddc87fe971c30d2b2b72d978
7d3f6188bfdde612acb17487da1b0b1aaaeb422adc9e13fd7eb61044bac7ae08
7d93862c021d56b4920cab5e6cb30a2d5fb21478e7158f104e520cc739a1678d
7fa350350fc1735a9b6f162923df8d960daffb73d6f5470df3c3317ae237a4e6
8d2af0e2e755ffb2be1ea3eca41eebfcb6341fb440a1b6a02bfc965fe79ad56b
9a94483a4563228cb698173c1991c7cf90726c2c126a3ce74c66ba226040f760
17a63ccd749def0417981c42b0765f7d56e6be3092a1f282b81619ca819f82ef
44c1c5c92771c0384182f72e9866d5fed4fda896d90c931fe8de363ed81106cf
177c4722d873b78b5b2b92b12ae2b4d3b9f76247e67afd18e56d4e0c0063eecf
548ce27996e9309e93bf0bd29c7871977530761b2c20fc7dc3e2c16c025eb7bc
617af8e063979fe9ca43479f199cb17c7abeab7bfe904a2baf65708df8461f6d
819d0b70a905ae5f8bef6c47423964359c2a90a168414f5350328f568e1c7301
865c18480da73c0c32a5ee5835c1cfd08fa770e5b10bc3fb6f8b7dce1f66cf48
5600a7f57e79acdf711b106ee1c360fc898ed914e6d1af3c267067c158a41db6
9829c86fab4cbccb5168f98dcb076672dc6d069ddb693496b463ad704f31722e
31529b8b86d4b6a99d8f3b5f4b1f1b67f3c713c11b83b71d8df7d963275c5203
42379bb392751f6a94d08168835b67986c820490a6867c28a324a807c49eda3b
65436d5646c2dbb61607ed466132302f8c87dab82251f9e3f20443d5370b7806
617589fd7d1ea9a228886d2d17235aeb4a68fabd246d17427e50fb31a9a98bcd
858818cd739a439ac6795ff2a7c620d4d3f1e5c006913daf89026d3c2732c253
18560596e61eae328e75f4696a3d620b95db929bc461e0b29955df06bc114051
a6cad2d0f8dc05246846d2a9618fc93b7d97681331d5826f8353e7c3a3206e86
a78cc475c1875186dcd1908b55c2eeaf1bcd59dedaff920f262f12a3a9e9bfa8
af4a10cbe8c773d6b1cfb34be2455eb023fb1b0d6f0225396920808fefb11523
b42f9571d486a8aef5b36d72c1c8fff83f29cac2f9c61aece3ad70537d49b222
bf4ed3b9a0339ef80a1af557d0f4e031fb4106a04b0f72c85f7f0ff0176ebb64
bff65d615d1003bd22f17493efd65eb9ffbfe9a63668deebe09879982e5c6aa8
c559eb7e2068e39bd26167dd4dca3eea48e51ad0b2c7631f2ed6ffcba01fb819
d30ace69d406019c78907e4f796e99b9a0a51509b1f1c2e9b9380e534aaf5e30
d21797e95b0003d5f1b41a155cced54a45cd22eec3f997e867c11f6173ee7337
dc2423e21752f431ce3ad010ce41f56914e414f5a88fd3169e78d4cc08082f7b
df6a740b0589dbd058227d3fcab1f1a847b4aa73feab9a2c157af31d95e0356f
e7a6997e32ca09e78682fc9152455edaa1f9ea674ec51aecd7707b1bbda37c2f
e25cc57793f0226ff31568be1fce1e279d35746016fc086a6f67734d26e305a0
ed2f501408a7a6e1a854c29c4b0bc5648a6aa8612432df829008931b3e34bf56
f06692b482d39c432791acabb236f7d21895df6f76e0b83992552ab5f1b43c8d
f6f57fc82399ef3759dcbc16b7a25343dea0b539332dacdf0ed289cc82e900db
f98bd4af4bc0e127ae37004c23c9d14aa4723943edb4622777da8c6dcf578286
f653e93adf00cf2145d4bfa00153ae86905fe2c2d3c1f63e8f579e43b7069d51
f4575af8f42a1830519895a294c98009ffbb44b20baa170a6b5e4a71fd9ba663
fd21a339bf3655fcf55fc8ee165bb386fc3c0b34e61a87eb1aff5d094b1f1476	

# https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-russia-ukraine-military


 5.199.161.29
24.199.84.132
24.199.107.218
31.129.22.46
31.129.22.48
31.129.22.50
45.32.41.115
45.32.62.100
45.32.88.90
45.32.94.58
45.32.101.6
45.32.117.62
45.32.158.96
45.32.184.140
45.76.141.166
45.76.202.102
45.77.115.67
45.82.13.22
45.82.13.23
45.82.13.84
45.95.232.29
45.95.232.33
45.95.232.51
45.95.232.74
45.95.232.92
45.95.233.80
46.101.127.147
64.226.84.229
64.227.64.163
64.227.72.210
66.42.104.158
66.42.126.121
68.183.200.0
78.141.238.136
78.141.239.24
78.153.139.7
81.19.140.147
84.32.34.69
84.32.128.239
84.32.131.38
84.32.131.47
84.32.185.136
84.32.188.13
84.32.188.69
84.32.190.31
84.32.190.137
84.32.191.147
88.216.210.3
89.185.84.32
89.185.84.45
89.185.84.48
89.185.84.50
95.179.144.161
95.179.245.185
104.156.230.193
104.248.54.250
104.248.86.158
108.61.211.250
134.122.43.175
134.122.51.47
134.209.0.136
134.209.33.42
134.209.182.221
136.244.65.253
137.184.178.46
138.68.110.19
138.68.174.177
139.59.60.191
139.59.109.100
140.82.11.60
140.82.16.120
140.82.18.48
140.82.47.181
140.82.50.37
140.82.56.186
142.93.108.1
143.110.180.68
143.198.50.118
143.198.53.203
143.198.135.132
143.198.152.232
143.244.190.199
146.190.60.230
146.190.117.209
146.190.127.238
146.190.212.239
147.182.240.58
147.182.250.33
149.28.98.149
149.28.125.56
149.28.130.189
149.28.181.232
155.138.194.244
157.245.69.118
157.245.176.123
158.247.204.242
159.65.176.121
159.65.248.0
159.203.164.194
159.223.23.23
159.223.102.109
159.223.112.245
161.35.95.47
161.35.232.118
161.35.238.148
164.92.72.212
164.92.185.60
164.92.222.8
164.92.245.246
165.22.72.74
165.227.48.59
165.227.76.84
165.227.121.87
165.232.77.197
165.232.120.169
165.232.165.42
167.71.67.58
167.99.215.50
167.172.20.159
167.172.58.96
167.172.69.123
167.172.144.127
170.64.136.186
170.64.138.138
170.64.140.214
170.64.146.194
170.64.150.90
170.64.156.98
170.64.168.228
170.64.188.146
173.199.70.238
178.128.16.170
178.128.86.43
178.128.213.177
178.128.228.252
178.128.231.180
188.166.4.128
188.166.7.140
188.166.176.39
192.248.154.154
193.149.176.26
195.133.88.19
195.133.88.55
199.247.8.115
202.182.98.100
202.182.116.135
206.81.28.5
206.189.0.134
206.189.14.94
206.189.80.216
206.189.128.172
206.189.149.103
206.189.154.168
207.148.72.173
207.148.74.68
209.97.175.128
216.128.140.45
216.128.178.248

2aee8bb2a953124803bc42e5c42935c92f87030b65448624f51183bf00dd1581
7d6264ce74e298c6d58803f9ebdb4a40b4ce909d02fd62f54a1f8d682d73519a
31e60a361509b60e7157756d6899058213140c3b116a7e91207248e5f41a096b
91d42a959c5e4523714cc589b426fa83aaeb9228364218046f36ff10c4834b86
3393fbdb0057399a7e04e61236c987176c1498c12cd869dc0676ada859617137
3458cec74391baf583fbc5db3b62f1ce106e6cffeebd0978ec3d51cebf3d6601
28358a4a6acdcdfc6d41ea642220ef98c63b9c3ef2268449bb02d2e2e71e7c01
a615c41bcf81dd14b8240a7cafb3c7815b48bb63842f7356731ade5c81054df5
acc2b78ce1c0fc806663e3258135cdb4fed60682454ab0646897e3f240690bb8
c6f6838afcb177ea9dda624100ce95549cee93d9a7c8a6d131ae2359cabd82c8
c62dd5b6036619ced5de3a340c1bb2c9d9564bc5c48e25496466a36ecd00db30
dbd03444964e9fcbd582eb4881a3ff65d9513ccc08bd32ff9a61c89ad9cc9d87
f7a6ae1b3a866b7e031f60d5d22d218f99edfe754ef262f449ed3271d6306192

# https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware

81.161.229.120
91.215.85.183

01b09b554c30675cc83d4b087b31f980ba14e9143d387954df484894115f82d4
063fcedd3089e3cea8a7e07665ae033ba765b51a6dc1e7f54dde66a79c67e1e7
4dc407b28474c0b90f0c5173de5c4f1082c827864f045c4571890d967eadd880
5b3627910fe135475e48fd9e0e89e5ad958d3d500a0b1b5917f592dc6503ee72
7eabd3ba288284403a9e041a82478d4b6490bc4b333d839cc73fa665b211982c
8b2cf6af49fc3fb1f33e94ad02bd9e43c3c62ba2cfd25ff3dfc7a29dde2b20f2
8b5c261a2fdaf9637dada7472b1b5dd1d340a47a00fe7c39a79cf836ef77e441
9b8adde838c8ea2479b444ed0bb8c53b7e01e7460934a6f2e797de58c3a6a8bf
9f0c35cc7aab2984d88490afdb515418306146ca72f49edbfbd85244e63cfabd
18a79c8a97dcfff57e4984aa7e74aa6ded22af8e485e807b34b7654d6cf69eef
22e74756935a2720eadacf03dc8fe5e7579f354a6494734e2183095804ef19fe
32e815ef045a0975be2372b85449b25bd7a7c5a497c3facc2b54bcffcbb0041c
65c91e22f5ce3133af93b69d8ce43de6b6ccac98fc8841fd485d74d30c2dbe7b
287c07d78cafc97fb4b7ef364a228b708d31e8fe8e9b144f7db7d986a1badd52
898d57b312603f091ff1a28cb2514a05bd9f0eb55ace5d6158cc118d1e37070a
8041b82b8d0a4b93327bc8f0b71672b0e8f300dc7849d78bb2d72e2e0f147334
97378d58815a1b87f07beefb24b40c5fb57f8cce649136ff57990b957aa9d56a
515777b87d723ebd6ffd5b755d848bb7d7eb50fc85b038cf25d69ca7733bd855
bdfac069017d9126b1ad661febfab7eb1b8e70af1186a93cb4aff93911183f24
c33e56318e574c97521d14d68d24b882ffb0ed65d96203970b482d8b2c332351
ca6abfa37f92f45e1a69161f5686f719aaa95d82ad953d6201b0531fb07f0937
d59df9c859ccd76c321d03702f0914debbadc036e168e677c57b9dcc16e980cb
d259be8dc016d8a2d9b89dbd7106e22a1df2164d84f80986baba5e9a51ed4a65
d65225dc56d8ff0ea2205829c21b5803fcb03dc57a7e9da5062cbd74e1a6b7d6
de052ce06fea7ae3d711654bc182d765a3f440d2630e700e642811c89491df72
e5d65e826b5379ca47a371505678bca6071f2538f98b5fef9e33b45da9c06206
eda0328bfd45d85f4db5dbb4340f38692175a063b7321b49b2c8ebae3ab2868c 

# https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lancefly-merdoor-zxshell-custom-backdoor

0abc1d12ef612490e37eedb1dd1833450b383349f13ddd3380b45f7aaabc8a75
0dcfcdf92e85191de192b4478aba039cb1e1041b1ae7764555307e257aa566a7
009d8d1594e9c8bc40a95590287f373776a62dad213963662da8c859a10ef3b4
1ab4f52ff4e4f3aa992a77d0d36d52e796999d6fc1a109b9ae092a5d7492b7dd
1f09d177c99d429ae440393ac9835183d6fd1f1af596089cc01b68021e2e29a7
3ce38a2fc896b75c2f605c135297c4e0cddc9d93fc5b53fe0b92360781b5b94e
3e1c8d982b1257471ab1660b40112adf54f762c570091496b8623b0082840e9f
4c55f48b37f3e4b83b6757109b6ee0a661876b41428345239007882993127397
5f16633dbf4e6ccf0b1d844b8ddfd56258dd6a2d1e4fb4641e2aa508d12a5075
8d77fe4370c864167c1a712d0cc8fe124b10bd9d157ea59db58b42dea5007b63
8e98eed2ec14621feda75e07379650c05ce509113ea8d949b7367ce00fc7cd38
8f64c25ba85f8b77cfba3701bebde119f610afef6d9a5965a3ed51a4a4b9dead
8f64c25ba85f8b77cfba3701bebde119f610afef6d9a5965a3ed51a4a4b9dead –
9f00cee1360a2035133e5b4568e890642eb556edd7c2e2f5600cf6e0bdcd5774
10b96290a17511ee7a772fcc254077f62a8045753129d73f0804f3da577d2793
11bb47cb7e51f5b7c42ce26cbff25c2728fa1163420f308a8b2045103978caf5
13df2d19f6d2719beeff3b882df1d3c9131a292cf097b27a0ffca5f45e139581
14edb3de511a6dc896181d3a1bc87d1b5c443e6aea9eeae70dbca042a426fcf3
19ec3f16a42ae58ab6feddc66d7eeecf91d7c61a0ac9cdc231da479088486169
32d837a4a32618cc9fc1386f0f74ecf526b16b6d9ab6c5f90fb5158012fe2f8c
41d174514ed71267aaff578340ff83ef00dbb07cb644d2b1302a18aa1ca5d2d0
67ebc03e4fbf1854a403ea1a3c6d9b19fd9dc2ae24c7048aafbbff76f1bea675
79ae300ac4f1bc7636fe44ce2faa7e5556493f7013fc5c0a3863f28df86a2060
89e503c2db245a3db713661d491807aab3d7621c6aff00766bc6add892411ddc
90edb2c7c3ba86fecc90e80ac339a42bd89fbaa3f07d96d68835725b2e9de3ba
139c39e0dc8f8f4eb9b25b20669b4f30ffcbe2197e3a9f69d0043107d06a2cb4
341d8274cc1c53191458c8bbc746f428856295f86a61ab96c56cd97ee8736200
415f9dc11fe242b7a548be09a51a42a4b5c0f9bc5c32aeffe7a98940b9c7fc04
530c7d705d426ed61c6be85a3b2b49fd7b839e27f3af60eb16c5616827a2a436
592e237925243cf65d30a0c95c91733db593da64c96281b70917a038da9156ae
711a347708e6d94da01e4ee3b6cdb9bcc96ebd8d95f35a14e1b67def2271b2e9
750b541a5f43b0332ac32ec04329156157bf920f6a992113a140baab15fa4bd3
859e76b6cda203e84a7b234c5cba169a7a02bf028a5b75e2ca8f1a35c4884065
929b771eabef5aa9e3fba8b6249a8796146a3a4febfd4e992d99327e533f9798
947f7355aa6068ae38df876b2847d99a6ca458d67652e3f1486b6233db336088
5018fe25b7eac7dd7bc30c7747820e3c1649b537f11dbaa9ce6b788b361133bf
5655a2981fa4821fe09c997c84839c16d582d65243c782f45e14c96a977c594e
9584df964369c1141f9fc234c64253d8baeb9d7e3739b157db5f3607292787f2
9830f6abec64b276c9f327cf7c6817ad474b66ea61e4adcb8f914b324da46627
180970fce4a226de05df6d22339dd4ae03dfd5e451dcf2d464b663e86c824b8e
210934a2cc59e1f5af39aa5a18aae1d8c5da95d1a8f34c9cfc3ab42ecd37ac92
a1f9b76ddfdafc47d4a63a04313c577c0c2ffc6202083422b52a00803fd8193d
a5a4dacddfc07ec9051fb7914a19f65c58aad44bbd3740d7b2b995262bd0c09e
a9051dc5e6c06a8904bd8c82cdd6e6bd300994544af2eed72fe82df5f3336fc0
a6020794bd6749e0765966cd65ca6d5511581f47cc2b38e41cb1e7fddaa0b221
b0d25b06e59b4cca93e40992fa0c0f36576364fcf1aca99160fd2a1faa5677a2
c840e3cae2d280ff0b36eec2bf86ad35051906e484904136f0e478aa423d7744
d5df686bb202279ab56295252650b2c7c24f350d1a87a8a699f6034a8c0dd849
d8cc2dc0a96126d71ed1fce73017d5b7c91465ccd4cdcff71712381af788c16d
d62596889938442c34f9132c9587d1f35329925e011465c48c94aa4657c056c7
db5deded638829654fc1595327400ed2379c4a43e171870cfc0b5f015fad3a03
dc182a0f39c5bb1c3a7ae259f06f338bb3d51a03e5b42903854cdc51d06fced6
e94a5bd23da1c6b4b8aec43314d4e5346178abe0584a43fa4a204f4a3f7464b9
e244d1ef975fcebb529f0590acf4e7a0a91e7958722a9f2f5c5c05a23dda1d2c
eb3b4e82ddfdb118d700a853587c9589c93879f62f576e104a62bdaa5a338d7b
ee486e93f091a7ef98ee7e19562838565f3358caeff8f7d99c29a7e8c0286b28
ef08f376128b7afcd7912f67e2a90513626e2081fe9f93146983eb913c50c3a8
efa9e9e5da6fba14cb60cba5dbd3f180cb8f2bd153ca78bbacd03c270aefd894
f0003e08c34f4f419c3304a2f87f10c514c2ade2c90a830b12fdf31d81b0af57
f040a173b954cdeadede3203a2021093b0458ed23727f849fc4c2676c67e25db
f76e001a7ccf30af0706c9639ad3522fd8344ffbdf324307d8e82c5d52d350f2
f92cac1121271c2e55b34d4e493cb64cdb0d4626ee30dc77016eb7021bf63414
f3478ccd0e417f0dc3ba1d7d448be8725193a1e69f884a36a8c97006bf0aa0f4
fa5f32457d0ac4ec0a7e69464b57144c257a55e6367ff9410cf7d77ac5b20949
fae713e25b667f1c42ebbea239f7b1e13ba5dc99b225251a82e65608b3710be7
fcdec9d9b195b8ed827fb46f1530502816fe6a04b1f5e740fda2b126df2d9fd5
fe7a6954e18feddeeb6fcdaaa8ac9248c8185703c2505d7f249b03d8d8897104
ff4c2a91a97859de316b434c8d0cd5a31acb82be8c62b2df6e78c47f85e57740

# https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/xtrader-3cx-supply-chain

tradingtechnologies.com	
		
6e11c02485ddd5a3798bf0f77206f2be37487ba04d3119e2d5ce12501178b378
6e989462acf2321ff671eaf91b4e3933b77dab6ab51cd1403a7fe056bf4763ba
47a8e3b20405a23f7634fa296f148cab39a7f5f84248c6afcfabf5201374d1d1
900b63ff9b06e0890bf642bdfcbfcc6ab7887c7a3c057c8e3fd6fba5ffc8e5d6
19442d9e476e3ef990ce57b683190301e946ccb28fc88b69ab53a93bf84464ae
277119738f4bdafa1cde9790ec82ce1e46e04cebf6c43c0e100246f681ba184e
aa318070ad1bf90ed459ac34dc5254acc178baff3202d2ea7f49aaf5a055dd43
cb374af8990c5f47b627596c74e2308fbf39ba33d08d862a2bea46631409539f
cc4eedb7b1f77f02b962f4b05278fa7f8082708b5a12cacf928118520762b5e2
d937e19ccb3fd1dddeea3eaaf72645e8cd64083228a0df69c60820289b1aa3c0
e185c99b3d1085aed9fda65a9774abd73ecf1229f14591606c6c59e9660c4345
f8c370c67ffb3a88107c9022b17382b5465c4af3dd453e50e4a0bd3ae9b012ce

# https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/apt-attacks-telecoms-africa-mgbot

0bcdcc0515d30c28017fd7931b8a787feebe9ee3819aa2b758ce915b8ba40f99
017187a1b6d58c69d90d81055db031f1a7569a3b95743679b21e44ea82cfb6c7
03bc62bd9a681bdcb85db33a08b6f2b41f853de84aa237ae7216432a6f8f817e
1b8500e27edc87464b8e5786dc8c2beed9a8c6e58b82e50280cebb7f233bcde4
1cf04c3e8349171d907b911bc2a23bdb544d88e2f9b8fcc516d8bcf68168aede
2c0cfe2f4f1e7539b4700e1205411ec084cbc574f9e4710ecd4733fbf0f8a7dc
2dcf9e556332da2a17a44dfceda5e2421c88168aafea73e2811d65e9521c715c
2f4a97dc70f06e0235796fec6393579999c224e144adcff908e0c681c123a8a2
3f75818e2e43a744980254bfdc1225e7743689b378081c560e824a36e0e0a195
5a0976fef89e32ddcf62c790f9bb4c174a79004e627c3521604f46bf5cc7bea2
6d5be3e6939a7c86280044eebe71c566b48981a3341193aa3aff634a3a5d1bbd
7b945fb1bdeb27a35fab7c2e0f5f45e0e64df7821dd1417a77922c9b08acfdc3
7bcff667ab676c8f4f434d14cfc7949e596ca42613c757752330e07c5ea2a453
17dce65529069529bcb5ced04721d641bf6d7a7ac61d43aaf1bca2f6e08ead56
26d129aaa4f0f830a7a20fe6317ee4a254b9caac52730b6fed6c482be4a5c79d
29df6c3f7d13b259b3bc5d56f2cdd14782021fc5f9597a3ccece51ffac2010a0
53d2506723f4d69afca33e90142833b132ed11dd0766192a087cb206840f3692
90e15eaf6385b41fcbf021ecbd8d86b8c31ba48c2c5c3d1edb8851896f4f72fe
98b6992749819d0a34a196768c6c0d43b100ef754194308eae6aaa90352e2c13
585db6ab2f7b452091ddb29de519485027665335afcdb34957ff1425ecc3ec4b
632cd9067fb32ac8fbbe93eb134e58bd99601c8690f97ca53e8e17dda5d44e0e
706c9030c2fa5eb758fa2113df3a7e79257808b3e79e46869d1bf279ed488c36
22069984cba22be84fe33a886d989b683de6eb09f001670dbd8c1b605460d454
54198678b98c2094e74159d7456dd74d12ab4244e1d9376d8f4d864f6237cd79
a6ed16244a5b965f0e0b84b21dcc6f51ad1e413dc2ad243a6f5853cd9ac8da0b
a16a70b0a1ac0718149a31c780edb126379a0d375d9f6007a6def3141bec6810
ae39ced76c78e7c2043b813718e3cd610e1a8adac1f9ad5e69cf06bd6e38a5bd
b5c46c2604e29e24c6eb373a7287d919da5c18c04572021f20b8e1966b86d585
b45355c8b84b57ae015ad0aebfa8707be3f33e12731f7f8c282c8ee51f962292
c1e91a5f9cc23f3626326dab2dcdf4904e6f8a332e2bce8b9a0854b371c2b350
c31b409b1fe9b6387b03f7aedeafd3721b4ec6d6011da671df49e241394da154
c89316e87c5761e0fc50db1214beb32a08c73d2cad9df8c678c8e44ed66c1dab
cb7d9feda7d8ebfba93ec428d5a8a4382bf58e5a70e4b51eb1938d2691d5d4a5
cb8aede4ad660adc1c78a513e7d5724cac8073bea9d6a77cf3b04b019395979a
d9eec27bf827669cf13bfdb7be3fdb0fdf05a26d5b74adecaf2f0a48105ae934
db489e9760da2ed362476c4e0e9ddd6e275a84391542a6966dbcda0261b3f30a
e8be3e40f79981a1c29c15992da116ea969ab5a15dc514479871a50b20b10158
ea2be3d0217a2efeb06c93e32f489a457bdea154fb4a900f26bef83e2053f4fd
ee6a3331c6b8f3f955def71a6c7c97bf86ddf4ce3e75a63ea4e9cd6e20701024
f6f6152db941a03e1f45d52ab55a2e3d774015ccb8828533654e3f3161cfcd21

# https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/play-ransomware-volume-shadow-copy

justiceukraine.com 

137.220.49.66

5ef9844903e8d596ac03cc000b69bbbe45249eea02d9678b38c07f49e4c1ec46
6f95f7f53b3b6537aeb7c5f0025dbca5e88e6131b7453cfb4ee4d1f11eeaebfc
86e4e23f9686b129bfb2f452acb16a4c0fda73cf2bf5e93751dcf58860c6598c
367d47ad48822caeedf73ce9f26a3a92db6f9f2eb18ee6d650806959b6d7d0a2
762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539
1409e010675bf4a40db0a845b60db3aae5b302834e80adeec884aebc55eccbf7
453257c3494addafb39cb6815862403e827947a1e7737eb8168cd10522465deb
a8a7fdbbc688029c0d97bf836da9ece926a85e78986d0e1ebd9b3467b3a72258
c59f3c8d61d940b56436c14bc148c1fe98862921b8f7bad97fbc96b31d71193c
f81bd2ac937ed9e254e8b3b003cc35e010800cbbce4d760f5013ff911f01d4f9
f706bae95a232402488d17016ecc11ebe24a8b6cb9f10ad0fa5cbac0f174d2e7
f71476f9adec70acc47a911a0cd1d6fea1f85469aa16f5873dd3ffd5146ccd6b

# https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/mantis-palestinian-attacks

chloe-boreman.com
criston-cole.com
jumpstartmail.com
paydayloansnew.com
picture-world.info
rnacgroup.com
salimafia.net
seomoi.net
soft-utils.com

5.182.39.44

0a6247759679c92e1d2d2907ce374e4d6112a79fe764a6254baff4d14ac55038
0fb4d09a29b9ca50bc98cb1f0d23bfc21cb1ab602050ce786c86bd2bb6050311
1b62730d836ba612c3f56fa8c3b0b5a282379869d34e841f4dca411dce465ff6
1d1a0f39f339d1ddd506a3c5a69a9bc1e411e057fe9115352482a20b63f609aa
3d649b84df687da1429c2214d6f271cc9c026eb4a248254b9bfd438f4973e529
4a25ca8c827e6d84079d61bd6eba563136837a0e9774fd73610f60b67dca6c02
5af853164cc444f380a083ed528404495f30d2336ebe0f2d58970449688db39e
5ea6bdae7b867b994511d9c648090068a6f50cb768f90e62f79cd8745f53874d
6a0686323df1969e947c6537bb404074360f27b56901fa2bac97ae62c399e061
7ae97402ec6d973f6fb0743b47a24254aaa94978806d968455d919ee979c6bb4
8d1c7d1de4cb42aa5dee3c98c3ac637aebfb0d6220d406145e6dc459a4c741b2
11b81288e5ed3541498a4f0fd20424ed1d9bd1e4fae5e6b8988df364e8c02c4e
82f734f2b1ccc44a93b8f787f5c9b4eca09efd9e8dcd90c80ab355a496208fe4
85b083b431c6dab2dd4d6484fe0749ab4acba50842591292fdb40e14ce19d097
211f04160aa40c11637782973859f44fd623cb5e9f9c83df704cc21c4e18857d
220eba0feb946272023c384c8609e9242e5692923f85f348b05d0ec354e7ac3c
5405ff84473abccc5526310903fcc4f7ad79a03af9f509b6bca61f1db8793ee4
21708cea44e38d0ef3c608b25933349d54c35e392f7c668c28f3cf253f6f9db8
411086a626151dc511ab799106cfa95b1104f4010fe7aec50b9ca81d6a64d299
4840214a7c4089c18b655bd8a19d38252af21d7dd048591f0af12954232b267f
624705483de465ff358ffed8939231e402b0f024794cf3ded9c9fc771b7d3689
58331695280fc94b3e7d31a52c6a567a4508dc7be6bdc200f23f5f1c72a3f724
b6a71ca21bb5f400ff3346aa5c42ad2faea4ab3f067a4111fd9085d8472c53e3
bb6fd3f9401ef3d0cc5195c7114764c20a6356c63790b0ced2baceb8b0bdac51
bc9a4df856a8abde9e06c5d65d3bf34a4fba7b9907e32fb1c04d419cca4b4ff9
c4b9ad35b92408fa85b92b110fe355b3b996782ceaafce7feca44977c037556b
cb765467dd9948aa0bfff18214ddec9e993a141a5fdd8750b451fd5b37b16341
d10a2dda29dbf669a32e4198657216698f3e0e3832411e53bd59f067298a9798
d420b123859f5d902cb51cce992083370bbd9deca8fa106322af1547d94ce842
f38ad4aa79b1b448c4b70e65aecc58d3f3c7eea54feb46bdb5d10fb92d880203
f98bc2ccac647b93f7f7654738ce52c13ab477bf0fa981a5bf5b712b97482dfb
f2168eca27fbee69f0c683d07c2c5051c8f3214f8841c05d48897a1a9e2b31f8	
		
# https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/3cx-supply-chain-attack

akamaicontainer.com
akamaitechcloudservices.com
azuredeploystore.com
azureonlinecloud.com
azureonlinestorage.com
dunamistrd.com
glcloudservice.com
journalide.org
msedgepackageinfo.com
msstorageazure.com
msstorageboxes.com
officeaddons.com
officestoragebox.com
pbxcloudeservices.com
pbxphonenetwork.com
pbxsources.com
qwepoi123098.com
sbmsa.wiki
sourceslabs.com
visualstudiofactory.com
zacharryblogs.com

2c9957ea04d033d68b769f333a48e228c32bcf26bd98e51310efd48e80c1789f
4e08e4ffc699e0a1de4a5225a0b4920933fbb9cf123cde33e1674fde6d61444f
8c0b7d90f14c55d4f1d0f17e0242efd78fd4ed0c344ac6469611ec72defa6b2d
11be1803e2e307b647a8a7e02d128335c448ff741bf06bf52b332e0bbf423b03
59e1edf4d82fae4978e97512b0331b7eb21dd4b838b850ba46794d9c7a2c0983
210c9882eba94198274ebc787fe8c88311af24932832a7fe1f1ca0261f815c3d
268d4e399dbbb42ee1cd64d0da72c57214ac987efbb509c46cc57ea6b214beca
2487b4e3c950d56fb15316245b3c51fbd70717838f6f82f32db2efcc4d9da6de
5407cda7d3a75e7b1e030b1f33337a56f293578ffa8b3ae19c671051ed314290
7986bbaee8940da11ce089383521ab420c443ab7b15ed42aed91fd31ce833896
92005051ae314d61074ed94a52e76b1c3e21e7f0e8c1d1fdd497a006ce45fa61
a64fa9f1c76457ecc58402142a8728ce34ccba378c17318b3340083eeb7acc67
a541e5fc421c358e0a2b07bf4771e897fb5a617998aa4876e0e1baa5fbb8e25c
aa4e398b3bd8645016d8090ffc77d15f926a8e69258642191deb4e68688ff973
aa124a4b4df12b34e74ee7f6c683b2ebec4ce9a8edcf9be345823b4fdcf5d868
b86c695822013483fa4e2dfdf712c5ee777d7b99cbad8c2fa2274b133481eadb
c13d49ed325dec9551906bafb6de9ec947e5ff936e7e40877feb2ba4bb176396
c62dce8a77d777774e059cf1720d77c47b97d97c3b0cf43ade5d96bf724639bd
c485674ee63ec8d4e8fde9800788175a8b02d3f9416d0e763360fff7f8eb4e02
d0f1984b4fe896d0024533510ce22d71e05b20bad74d53fae158dc752a65782e
d51a790d187439ce030cf763237e992e9196e9aa41797a94956681b6279d1b9a
d459aa0a63140ccc647e9026bfd1fccd4c310c262a88896c57bbe3b6456bd090
dde03348075512796241389dfea5560c20a3d2a2eac95c894e7bbed5e85a0acc
e059c8c8b01d6f3af32257fc2b6fe188d5f4359c308b3684b1e0db2071c3425c
e6bbc33815b9f20b0cf832d7401dd893fbc467c800728b5891336706da0dbcec
f1bf4078141d7ccb4f82e3f4f1c3571ee6dd79b5335eb0e0464f877e6e6e3182
f47c883f59a4802514c57680de3f41f690871e26f250c6e890651ba71027e4d3
fad482ded2e25ce9e1dd3d3ecc3227af714bdfbbde04347dbc1b21d6a3670405
fee4f9dabc094df24d83ec1a8c4e4ff573e5d9973caa676f58086c99561382d7

# https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/blackfly-espionage-materials

1cc838896fbaf7c1996198309fbf273c058b796cd2ac1ba7a46bee6df606900e
4ae2cb9454077300151e701e6ac4e4d26dc72227135651e02437902ac05aa80d
5e51bdf067e5781d2868d97e7608187d2fec423856dbc883c6f81a9746e99b9f
100cad54c1f54126b9d37eb8c9e426cb609fc0eda0e9a241c2c9fd5a3a01ad6c
192ef0dee8df73eec9ee617abe4b0104799f9543a22a41e28d4d44c3ad713284
452d08d420a8d564ff5df6f6a91521887f8b9141d96c77a423ac7fc9c28e07e4
498e8d231f97c037909662764397e02f67d0ee16b4f6744cf923f4de3b522bc1
560ea79a96dc4f459e96df379b00b59828639b02bd7a7a9964b06d04cb43a35a
714cef77c92b1d909972580ec7602b0914f30e32c09a5e8cb9cb4d32aa2a2196
88113bebc49d40c0aa1f1f0b10a7e6e71e4ed3ae595362451bd9dcebcf7f8bf4
a3acb9f79647f813671c1a21097a51836b0b95397ebc9cd178bc806e1773c864
a3078d0c4c564f5efb1460e7d341981282f637d38048501221125756bc740aac
b28456a0252f4cd308dfb84eeaa14b713d86ba30c4b9ca8d87ba3e592fd27f1c
caba1085791d13172b1bb5aca25616010349ecce17564a00cb1d89c7158d6459
cf6bcd3a62720f0e26e1880fe7ac9ca6c62f7f05f1f68b8fe59a4eb47377880a
d4e1f09cb7b9b03b4779c87f2a10d379f1dd010a9686d221c3a9f45bda5655ee
e1e0b887b68307ed192d393e886d8b982e4a2fd232ee13c2f20cd05f91358596
f138d785d494b8ff12d4a57db94958131f61c76d5d2c4d387b343a213b29d18f

# https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/clasiopa-materials-research

0550e1731a6aa2546683617bd33311326e7b511a52968d24648ea231da55b7e5
3aae54592fe902be0ca1ab29afe5980be3f96888230d5842e93b3ca230f8d18d
5b74b2176b8914b0c4e6215baab9e96d1e9a773803105cf50dac0427fac79c1b
8aa6612c95c7cef49709596da43a0f8354f14d8c08128c4cb9b1f37e548f083b
38f0f2d658e09c57fc78698482f2f638843eb53412d860fb3a99bb6f51025b07
95f76a95adcfdd91cb626278006c164dcc46009f61f706426b135cdcfa9598e3
940ab006769745b19de5e927d344c4a4f29cae08e716ee0b77115f5f2a2e3328
8023b2c1ad92e6c5fec308cfafae3710a5c47b1e3a732257b69c0acf37cb435b
1569074db4680a9da6687fb79d33160a72d1e20f605e661cc679eaa7ab96a2cd
c94c42177d4f9385b02684777a059660ea36ce6b070c2dba367bf8da484ee275
f93ddb2377e02b0673aac6d540a558f9e47e611ab6e345a39fd9b1ba9f37cd22

# https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/hydrochasma-asia-medical-shipping-intelligence-gathering

alidocs.dingtalk.com.wswebpic.com
csc.zte.com.cn.wswebpic.com
taoche.cn.wswebpic.com

39.101.194.61
47.92.138.241
106.14.184.148
180.119.234.147

02fe00ffd1b076983f3866c04ca95c56cef88c2564fabb586e11e54986e87ba7
084d1fc4236011d442801e423485c8e58f68dc14ec0a8b716fa0fd210de43dda
1d087f6a17227769bcebc799a2cdf1bb2a8fdf6ba560d21a88bb71f1c213a42c
5a62abc0a2208679e414cc71d1f36ffa14b48df2b73ac520e45d557ad77dd004
6cb815863088a0ad367b2a525a572323600596f6875a79536aee57202ef24fd5
6f017ad84d0d06f50b6213a0742838b5ec510f3d06f96e0300048f2da6a35c41
7b410fa2a93ed04a4155df30ffde7d43131c724cdf60815ee354988b31e826f8
7f0807d40e9417141bf274ef8467a240e20109a489524e62b090bccdb4998bc6
7f6a1d6950a9464f27d8651a267563d4630d223bf7ac66851917a57f8fac6550
8c0f0d1acb04693a6bdd456a6fcd37243e502b21d17c8d9256940fc7943b1e9a
8e32ea45e1139b459742e676b7b2499810c3716216ba2ec55b77c79495901043
9e8b5a84ad108a761619ca040788dcbf07996a9101cecc5c30ba61f9a06945c1
9ebd789e8ca8b96ed55fc8e95c98a45a61baea3805fd440f50f2bde5ffd7a372
9f5f7ba7d276f162cc32791bfbaa0199013290a8ac250eb95fd90bc004c3fd36
41b6d26926706bb68530ddff234f69757e3bbef91c47eb0255313ed86cb3f806
47d328c308c710a7e84bbfb71aa09593e7a82b707fde0fb9356fb7124118dc88
72bc8b30df3cdde6c58ef1e8a3eae9e7882d1abe0b7d4810270b5a0cc077bb1a
327fc116f8f48f97292184bb50cb3db418f368b3e2a0fb41267ba40254a35a89
409f89f4a00e649ccd8ce1a4a08afe03cb5d1c623ab54a80874aebf09a9840e5
553e0763cf3a938b5754c9d89939a118abe0b235e4be6920c34f562bd758e586
916b63b88de2549c4a5c8e13d51df4cf6996067ae30f24c8bb35c66db7c061df
968b28f7d6abb845f2cc7efa93cdcf7660585e22d589267695726de13afea260
981e5f7219a2f92a908459529c42747ac5f5a820995f66234716c538b19993eb
1744fac628262aa0cf3810bd5168375959be41764c8ca2fa41950a7b1f8f2fad
3516f94b0fb57e93c6659d813cbf5fb3617dea7a667c78cb70a1914306327906
6698a81e993363fab0550855c339d9a20a25d159aaa9c4b91f60bb4a68627132
6770f815480d7cfa0a6fc8599c08ca6013f608d257a2121233e77374e21c53f8
7229bd06cb2a4bbe157d72a3734ba25bc7c08d6644c3747cdc4bcc5776f4b5b9
7394ab0ed6d1f62e83fc5f8f1eb720ddd07cbd2bcdf6a00b9b63ef6018fa5f90
7800a4fb0cbdf29815c521ea8b00a23e28d7eb365653f2afcfb5572622727218
44223e5abd106c077908f03c93b8c8baee7d630f1718f9750f16b786cf88fd06
84502fbe3e5172c39e9a97734e6caac79255abffcb55c22752620d908ff33940
72885373e3e8404f1889e479b3d46dd8111280379c4065bfc1e62df093e42aba
a0f5966fcc64ce2d10f24e02ae96cdc91590452b9a96b3b1d4a2f66c722eec34
b5c4f420067499522b748a34161ad6e140a7f30ab0b8fa63feef760c5e631679
b53d0a43ea91b3c80bc6c87c0c6946816c38876b2cb2f6f772afe94c54d3ad30
cb03b5d517090b20749905a330c55df9eb4d1c6b37b1b31fae1982e32fd10009
d0ae66022929c17f31ddf98d88817f0aa70a56ce2ff2df9595b8889c2d3d7e31
d1c4968e7690fd40809491acc8787389de0b7cbc672c235639ae7b4d07d04dd4
d92c50a91bd5b2f06f41a9a5f9937e50b78658d46e3cd04bc3a85f270ce288c2
dc3b714fd6f93c0c0cd2685b6b8cd551896855474bdd09593b8c6b4b7ab6bac2
de01492b44372f2e4e38354845e7f86e0be5fb8f5051baafd004ec5c1567039f
e378d8b5a35d4ec75cae7524e64c1d605f1511f9630c671321ee46aa7c4d378b
e7684a4984d9d82115c5cc1b43b9f63a11e7ed333a4e2d92dc15b6e931634bf4
eba22f50eedfec960fac408d9e6add4b0bd91dd5294bee8cff730db53b822841
ebc3dabf0a2dafb0790be6dbb4d3509b5ce1259b955172910618a32627b3b668
ee9aefde33ed48d16ecb1c41256fc7d93ddfa8bedfa59b95e8810282ac164d0d
f35b206fe10ad3f57d9c4ecf71a2d2cc06d7c7fe905e567b989f72f147da99dc
f73738e6e33286657cda81f618a74b74745590915a8f4451e7c00473cbe89e1d
fc4b5f2ee9da1fe105bb1b7768754d48f798bf181cbc53583387578a5ebc7b56
fc8a67b80b0b0ecd10dfd90820ffc64923b94c32b04dbb6929a79b9ce027563c
ffdcf74968805e9cc897ca932e4da0f22ea7b3e9b96fcc9082c0c5300ae4cb0d