#PolarEdge - https://censys.com/blog/a-look-at-polaredge-adjacent-infrastructure
119.8.186.227
190.92.202.218
159.138.83.57
3f00058448b8f7e9a296d0cdf6567ceb23895345eae39d472350a27b24efe999
e234e102cd8de90e258906d253157aeb7699a3c6df0c4e79e05d01801999dcb5
827797a9bff728ae6f46abd505e67a15e40b0ba69a8dc92a36fd90d9974c9593

#EvilAI ( TamperedChef? ) https://www.trendmicro.com/en_us/research/25/i/evilai.html
8ecd3c8c126be7128bf654456d171284f03e4f212c27e1b33f875b8907a7bc65
49a4442e73521ecca8e56eb6dbc33f31eb7cfa5e62a499e552bcd29a29d79d8a
b0c321d6e2fc5d4e819cb871319c70d253c3bf6f9a9966a5d0f95600a19c0983
cb15e1ec1a472631c53378d54f2043ba57586e3a28329c9dbf40cb69d7c10d2c
ad0655b17bbdbd8a7430485a10681452be94f5e6c9c26b8f92e4fcba291c225a
95001359fb671d0e6d97f37bd92642cc993e517d2307f373bfa9893639f1a2bc
9f369e63b773c06588331846dd247e48c4030183df191bc53d341fcc3be68851 
cf45ab681822d0a4f3916da00abd63774da58eb7e7be756fb6ec99c2c8cca815
ce834dca38aeac100f853d79e77e3f61c12b9d4da48bb0a949d0a961bf9c0a27
https://9mdp5f.com
https://5b7crp.com
https://mka3e8.com
https://y2iax5.com
https://abf26u.com

#Coldriver - https://www.zscaler.com/blogs/security-research/coldriver-updates-arsenal-baitswitch-and-simplefix
preentootmist.org
blintepeeste.org
captchanom.top
southprovesolutions.com
https://preentootmist.org/?uinfo_message=Resilient_Voices
https://blintepeeste.org/?u_storages=Resilient_Voices_concept
https://captchanom.top/check/machinerie.dll
https://captchanom.top/coup/premier
https://captchanom.top/coup/deuxieme
https://captchanom.top/coup/troisieme
https://captchanom.top/coup/quatre
https://southprovesolutions.com/FvFLcsr23
https://southprovesolutions.com/Zxdf
https://southprovesolutions.com/KZouoRc
https://southprovesolutions.com/EPAWl
https://southprovesolutions.com/VUkXugsYgu
https://drive.google.com/file/d/1UiiDBT33N7unppa4UMS4NY2oOJCM-96T/view
87138f63974a8ccbbf5840c31165f1a4bf92a954bacccfbf1e7e5525d750aa48
62ab5a28801d2d7d607e591b7b2a1e9ae0bfc83f9ceda8a998e5e397b58623a0
16a79e36d9b371d1557310cb28d412207827db2759d795f4d8e27d5f5afaf63f

#BrickStorm - https://cloud.google.com/blog/topics/threat-intelligence/brickstorm-espionage-campaign/
90b760ed1d0dcb3ef0f2b6d6195c9d852bcb65eca293578982a8c4b64f51b035
2388ed7aee0b6b392778e8f9e98871c06499f476c9e7eae6ca0916f827fe65df

#RedNovember - https://www.recordedfuture.com/research/rednovember-targets-government-defense-and-technology-organizations
aeifile.offiec.us.kg
citrix.offiec.us.kg
cna.offiec.us.kg
download.offiec.us.kg
gp.offiec.us.kg
login.offiec.us.kg
test.offiec.us.kg
vpn.offiec.us.kg
vpn1.offiec.us.kg
45.61.187.124
198.98.50.218
198.98.53.163
198.98.61.155
209.141.37.254
205.185.126.208
205.185.124.24
209.141.42.131
209.141.46.83
209.141.57.116
47.103.218.35
http://47.103.218.35/pixel
http://47.103.218.35/GSjY
06e87a03507213322d876b459194021f876ba90f85c5faa401820954045cd1d2
134ed0407956ff1ac59f38e89742e357cc3be565cbaff18b424ed1bcfd130978
2bee2cc42322e928bfa0650c5416b14bc0200f2d1156304179d63982baa835dc
8679a25c78e104c6e74996b75882e378f420614fe1379ee9c1e266a11ffa096d
675874ac8fbe66e76244759ae398a4d30da84ef2435a1384c4be549ca9eba18b
1e37efcd3cd647e6ce5414ae8e353ca690c2d3f7a701a1cc2ec29a4813f5c90b
9a1077f57bac5610d44ac46a8958dd5469522a3db466f164f4dfeada73847b79
dba860617762bc713771de351026eb683546b37489fa0359064948f263438030

#tamperedchef - "https://www.truesec.com/hub/blog/tamperedchef-the-bad-pdf-editor"
apdft.net
mypdfonestart.com
ltdpdf.com
pdfreplace.com
pdf-tool.appsuites.ai7
pdfsmartkit.com
fastonestartpdf.com
pdfhubspot.com
pdfhubspot.com
businesspdf.com
pdfdoccentral.com
pdffilehub.net
pdfonestarthub.com
pdfonestartlive.com
download04.pdfgj.com
pdfappsuite.com
pdffacts.net
pdftraining.com
smarteasypdf.com
pdffacts.com
pdfonestart.com
pdf-kiosk.net
pdfmeta.com
download04.internetdownloadhub.biz
download05.masterlifemastermind.net
pdf-kiosk.com
easyonestartpdf.com
ltdpdf.net
fileconverterdownload.com
download02.pdfgj.com
pdfworker.com
getsmartpdf.com
proonestartpdf.com
cdasynergy.net
pdfscraper.com
appsuites.ai
pdfts.site
micromacrotechbase.com
pdfartisan.com
apdft.com
itpdf.net
9mdp5f.com
proonestarthub.com
advancedtransmitart.net
click4pdf.com
convertpdfplus.com
onestartbrowser.com
vault.appsuites.ai
download02.apdft.online
download04.masterlifemastermind.net
itpdf.com
transmitcdnzion.com
smartmanualspdf.com
pdfonestarttoday.com
y2iax5.com
abf26u.com
mka3e8.com
5b7crp.com
da3c6ec20a006ec4b289a90488f824f0f72098a2f5c2d3f37d7a2d4a83b344a0
956f7e8e156205b8cbf9b9f16bae0e43404641ad8feaaf5f59f8ba7c54f15e24
f97c7edb0d8d9b65bf23df76412b6d2bbfbab6e3614e035789e4e1a30e40b7f1
cf5194e7f63de52903b5d61109fd0d898b73dd3a07512e151077fba23cdf4800
189b0ba8c61740d5ad1c802649718958a86f5b7a8c8e795dc2e990909a9ab88a
57c92ed1e87dda6091903e1360c065e594576e2125f5d45f159269b0bef47f32
cb15e1ec1a472631c53378d54f2043ba57586e3a28329c9dbf40cb69d7c10d2c
71edb9f9f757616fe62a49f2d5b55441f91618904517337abd9d0725b07c2a51
ce0019424497040351c9054aa2ee6b07fc610024cc2cb2cc810de80f838c7a14
7e0d909c934620140db7d53e2caefdd58866484cb049f876f8a8428e6334618a
abbb3e96b910c9d1e2074dc05fd51e78984941f03bcb7d443714838849a7a928
a3fc5447a9638a3469bab591d6f94ee2bc9c61fc12fd367317eec60f46955859
13698b05960edbda52fa8f4836526f27e8fc519ca0f4a7bc776990568523113e
bdb0e1f2582547fdc64a656a813b0e67f8819f96918050f6114b159d7ca7fd69
10640dcc67b3e2e4a6dbbfdb2fab981de4676d57f9f093af3cfb6f4f8351baf6
2e4de114ad10967f1807f317f476290dc0045bdfa9395553d1b443ef9f905018
9e3334afa4a951c7e6eacc2ce16637919eb113ac1ca5527ece7140ae1f364e76
2e06a801c4bdfca8061c04dea3a43b0fd3b883b96f32dd901a076be786d466e6
3b32696ebac176a898f277bb662099deebecf7216dae942e610dc8b7b3dd4c48
ce1a6009f013eafecbe13d72bee044c546654dad3805b7d2744d453e6544ecc8
3a2b1f97a47e63d48f8955311f18664aa2c5e5a865ec6f43d8943b81eefd5a65
ab376fbec6ca90c8cac2fd4ec92c564638bde0e6737a48f687b5367c51f49a0b
5c839e560530a7a4077baa16294cc9dc404f98a42c004f2013903543383af669
458ef97817fa4537ff9a4b73844260e4a9951ec4e7e4b4d3c13240bb8675764b
9bbe83ec13fc6397ddb69c47a3266ae39b3204d68674b529170bc6b56bcbdfcc
9fa4d8a68d6f231577d62d560d110a66fd3f311cc8dcb1b4b10a50632d03ad1d
987a94fbe252da32dfb83daeb52d5636bd61d4b88fb45e9a97b79df3c03edcb8
76cf960146bf07ad8b459ceb401a35ed37c98cb4e84ace329595b5b0f3955d3a
2f66690072dae1ca203e8c93330fccb8b5ccf8b8c9cce747250a11096d551794
5adc11546db45ab8e57f9bc2808b46898dc7eef179ccbf963552b694f0ec61b6
f4bc13b8b76656e4e4b7306d2dc6a5be4e19e752b015bcefbfdcc885a8bb122f
b0c321d6e2fc5d4e819cb871319c70d253c3bf6f9a9966a5d0f95600a19c0983
42222692739edf910e1e25310923ddfbbea465a69b6d9e5ec01091c5aa0aee0f
031682d2f69322a68cd13d0e380cf149199b20755c6e08f4fb7b41d27a5378f0
5cbd51bbd10008b92fe490a6fa87339dd3d0f57fce82d10dc4fa0566133ac94d
b07ffbd8eed8dc989db1c58d84d3f8b9d57fb6a7b5f30af6d982e2bd4da0e696
232006ef149a2dcc150d765a3b330317d5e62f21391c1f355fba4a833a9dd49f
b7f63771d24f07f5ce30f2a9f8895b815e47ab01a1e3c09322f55c16f140e041
3c702aa9c7e0f2e6557f3f4ac129afd2ad4cfa2b027d6f4a357c02d4185359c4
14fb07941492c7f014435633a02bf14761d91d1df3023fa0dd4c3210e80554b7
f6e323d4741baf047445a13bb9587acfb79cc2b16737b91df18a8a9bf5b307f4
3b32696ebac176a898f277bb662099deebecf7216dae942e610dc8b7b3dd4c48
0a15e90c062bf6137336beba0ec480af8f370ceaedca3e1ff76cd131f2e54927
0faaec07a598784fc76caa5254307a01383b229397e271020f319be84c7b8bf9
2ce20ceb2aaa24de8d3d7714bf87cef90b9cc90a21234d0b7cc78f22d9d5d5c1
cebe0ce89e4622118371f60cd82a9d0a7659e0916edf522cacba6b308bded8de
bd21360149904ce42c6927d9c3fb482316f2537a4a7bce8b64990428e27a54ac
e08cc90e738e7e5f275d220b3914c2860a388e7ada67ed34fda1a01a23bf42bc
69b373084e47cbb54a9003ae2435adb49f184bfa11989a2800700da22a153dff
5485bafd43f2f3865f18e74a14a00a433971cdc5b50c357bd0307179e0187e3d
5964e5c15ea512ea3208109d7175e6b43c5f85a77de95f44d3dc81e1940f94e3
5c21b5d1eb58367cb1ac189d383a7f0eb1e8d00d6722712897eb2efdbc670d1d
6ec07c1d2dc566d59a7576cc4a89c605bcfc8abd414c77338c940fb8e3ed5f1a
aaf6e40848b904e664cdfbefa1e42870c3e42387471a03361e4fd0781943a032
5d3a41e2c6b854d12b70cea9000cafe1f3877bbccc51ca20f29da2e47f79a088
2221b218ad03b615683941d11bd8085ca87b7b576bc5d1a6c720a0eb223d4405
aefab9c1959c5cb86fd656d9ea2148c584cae543ac203dd2ae4467a36382586a
8f1960939eee8d0689cc07613189f27054beff96e8740045de88fa1b6764b5b5
95176fc574f3d707e68965690826759260c5867e865b19a000bebb20a01a2e0a
fc4d1107958f70bd553d824224fc74b3b5ad2365f3599bfda795e0b718f3c76a
6aa61426d77da6674efdf6f7d139b4ccd9eebf4afb86831b79da0b8913ba89d8
88450ae2c0c19d2a3a54e7b2c029998ed3daf68e78fbd664aea50c7ed582f544
2fe2d16e51488337de25bb02c7ca4a06e2b7e3229cd2af9903db7c9efdf88e31
6ec7acd0ff0980b88801d5eed7dfe69d6349f2044bd5e1768f6d1ed7f403e43e
e6286f5f4c7cdde39c9300d1204ff504499c760bbffa56fc7e3830796537f71b
6c6cde420ea1b48c2f070ae139a71294b3c4c6c768da4279e4fe3bd2a9ff1885
d7315bbccff2899c1751c7f7e0e0b48d561366771699f48c90d9b448418856c2
25d1fd2706c39edeb453a30fbca7561142978468d3e94efa0982504d60b06757
5f52dc64c6d56287abcdd16d1e2a42db1a4bccc43263cbc259d881fc709242b9

#Russian Influence Ops Against Moldovan Election - "https://www.recordedfuture.com/research/russian-influence-assets-converge-on-moldovan-elections"
moldova24.space
moldova24.press
moldova-24.online
moldova24.online
moldova24.org
moldova-24.live
mldvideo24.space
mldvideo24.tech
mldvideo24.site
mldvideo24.online
mldvideo24.pro
newseday.site
premiumlive.site
nlive-24.online
nlive24.ru
fondfbr.ru
vtforeignpolicy.com
eadaily.com
londontimes.live
bakomkulisserna.info
ahilesva.info
mldvideo24.pro
news-365.ru
artel.watch
mldvideo24.site
newseday.site
arteldoc.com
mldvideo24.space
nlive-24.online
arteldoc.tv
mldvideo24.tech
nlive24.ru
book-catalog.ru
moldova-24.live
poiskblizkih.com
gatewaytorussia.ru
moldova-24.online
premiumlive.site
green-box-tv.com
moldova24.online
putinspeaks-rt.com
gw2ru.com
moldova24.org
rtdoc.tv
kanzlerdaddy.ru
moldova24.press
rteam.tech
khangar.net
moldova24.space
rtred.online
ktech.team
msimonyan.ru
xn--80aaglo1cmx.xn--p1ai
mldvideo24.online
navalny.lol
md.news-pravda.com
moldova.news-pravda.com
pravda-md.com

#Russian Influence Ops Against Moldovan Election - "https://www.silentpush.com/blog/storm-1679"
absatz.media
abzac.media
5.188.179.181

#SystemBC - "https://blog.lumen.com/systembc-bringing-the-noise/"
176.46.138.225
176.46.138.209
185.93.89.171
176.46.138.232
104.250.164.241
176.46.138.228
176.46.138.215
104.250.164.247
176.46.138.237
185.93.89.182
185.93.89.190
185.93.89.149
104.250.164.254
176.46.138.227
185.93.89.151
176.46.138.234
104.250.164.223
104.250.164.244
176.46.138.222
185.93.89.183
104.250.164.236
176.46.138.207
185.93.89.174
176.46.138.223
185.93.89.181
176.46.138.210
104.250.164.239
185.93.89.158
185.93.89.162
104.250.164.224
185.93.89.172
104.250.164.229
185.93.89.168
176.46.138.235
104.250.164.235
185.93.89.189
176.46.138.221
176.46.138.233
104.250.164.233
185.93.89.143
185.93.89.150
185.93.89.145
185.93.89.159
185.93.89.180
104.250.164.245
104.250.164.220
176.46.138.213
185.93.89.157
185.93.89.169
176.46.138.211
185.93.89.175
185.93.89.147
185.93.89.153
185.93.89.146
176.46.138.239
185.93.89.170
104.250.164.222
104.250.164.234
104.250.164.240
185.93.89.188
185.93.89.155
104.250.164.251
185.93.89.166
176.46.138.226
185.93.89.163
104.250.164.238
176.46.138.216
104.250.164.227
176.46.138.217
176.46.138.219
176.46.138.240
185.93.89.156
104.250.164.230
104.250.164.228
176.46.138.220
185.93.89.179
104.250.164.253
176.46.138.241
185.93.89.176
185.93.89.164
185.93.89.152
104.250.164.250
185.93.89.187
104.250.164.221
185.93.89.144
104.250.164.226
104.250.164.246
176.46.138.229
185.93.89.178
185.93.89.165
104.250.164.252
176.46.138.208
185.93.89.191
104.250.164.248
104.250.164.242
185.93.89.177
104.250.164.214
185.64.104.132
85.206.160.65
109.236.93.68
89.39.149.231
85.206.167.140
185.64.104.44
85.206.167.133
212.8.252.59
93.190.139.34
185.64.104.124
89.39.149.227
85.206.167.142
85.206.160.66
185.25.49.181
185.64.106.97
185.64.106.148
213.227.128.161
185.25.49.182
85.206.167.139
85.206.167.146
185.64.104.125
85.206.167.148
85.206.160.250
85.206.160.115
185.25.48.49
109.236.93.60
89.39.149.228
213.227.128.162
109.236.93.67
109.236.93.61
185.64.106.186
185.25.48.97
93.190.139.74
185.25.48.96
185.64.105.182
109.236.93.65
109.236.93.63
185.64.104.131
85.206.167.137
185.64.106.189
213.227.128.153
85.206.167.141
185.64.104.55
185.25.49.180
85.206.160.13
85.206.167.147
185.64.106.147
185.64.104.45
185.25.49.221
185.64.104.54
185.25.49.229
185.25.49.220
185.25.48.95
185.64.104.68
185.64.105.12
85.206.160.225
212.8.252.56
185.64.105.183
109.236.93.66
85.206.167.149
85.206.167.144
85.206.167.145
85.206.167.138
85.206.167.136
85.206.167.134
85.206.167.132
85.206.160.226
85.206.167.135
185.25.49.183
185.25.48.104
85.206.160.116
109.236.93.62
185.25.48.197
185.64.104.69
89.39.149.230
185.25.48.102
85.206.167.143
185.64.105.8
185.64.106.94
188.165.208.154
honipsiops.in

#DeerStealer - "https://www.cyfirma.com/research/deerstealer-malware-campaign-stealth-persistence-and-rootkit-like-capabilities/"
a03cec07324b0c3227e4f060b0fefc24d35482dfe690bc86df1a53211629837e 
b7ee370878fb4290097311e652222d8bab91c44a94063ea192100d4fd9dadb14
49ad6431fb67c29e1a2745092232898c491652ddf7115e0332382b42466d0734 
ce62130f0392b40ab047392b47d523f66a55260c9fc2ec3d3727fab13fc87933
d4b3a879fb6907c39a3b843ec5272a005e8fec25d8012c4a9fe9d0ada9f71d1f 
e189e7fe9cd6d63ecece8b8e8fafb773003db6009fb0c45dc2b21e77167938ba
0feaaabe6d0a2e29b636cf1f5f9d1b3f727518507ffc93fc881d64feefa2ab81 
623ff1e6662986ab36336919fde5c48805b4a87b97af6f9abe09732e9ac45b8f
1432faeddfe57877873e8608ace13739ca66e8ce12b3453531e7eec4753df21d 
6f1bfbb8ba6d4eb4e7ce3ff16f1b8e95d601a5eccdd0d743141ac7c3841b11f3
263484f65c76fd3be147ad124a1feaa5240a1d0ce1695855f08f6c6968d1a30d 
5ec174af8a18a5516b8a6e11d8a27481d70df14d1edb67c48b5458ff44df9146 
telluricaphelion.com 
loadinnnhr.today 
nacreousoculus.pro 
104.21.112.1 
103.246.144.118 
172.67.195.171 
Task Name: \zceWriter 
Task Name: \dyApp 
Task Name: \Pluginsecurity_dbg
C:\Users\user-name\AppData\Roaming\DebugdebugIRG_debug\ZZDCDNTCCJTZXIUKRCZH 
C:\Users\user-name\AppData\Roaming\Outspan 
C:\ProgramData\DebugdebugIRG_debug 
C:\Users\user-name\AppData\Roaming\ValidArchive4 
C:\Users\user-name\AppData\Roaming\DebugdebugIRG_debug 

#Turla x Gamaredon Collaboration - "https://www.welivesecurity.com/en/eset-research/gamaredon-x-turla-collab/"
7DB790F75829D3E6207D8EC1CBCD3C133F596D67
2610A899FE73B8F018D19B50BE55D66A6C78B2AF
3A24520566BBE2E262A2911E38FD8130469BA830
DA7D5B9AB578EF6487473180B975A4B2701FDA9E
D7DF1325F66E029F4B77E211A238AA060D7217ED
FF741330CC8D9624D791DE9074086BBFB0E257DC
A7ACEE41D66B537D900403F0E6A26AB6A1290A32
54F2245E0D3ADEC566E4D822274623BF835E170C
371AB9EB2A3DA44099B2B7716DE0916600450CFD
4A58365EB8F928EC3CD62FF59E59645C2D8C0BA5
214DC22FA25314F9C0DDA54F669EDE72000C85A4
64.176.173.164
85.13.145.231
91.231.182.187
185.118.115.15
77.46.148.242
168.119.152.19
217.160.0.33
217.160.0.159
lucky-king-96d6.mopig92456.workers.dev
eset.ydns.eu
hauptschule-schwalbenstrasse.de
ekrn.ydns.eu
fjsconsultoria.com
ingas.rs
abrargeospatial.ir
www.brannenburger-nagelfluh.de
www.pizzeria-mercy.de

#BlockBlasters - "https://www.gdatasoftware.com/blog/2025/09/38265-steam-blockblasters-game-downloads-malware"
aa1a1328e0d0042d071bca13ff9a13116d8f3cf77e6e9769293e2b144c9b73b3
c3404f768f436924e954e48d35c27a9d44c02b7a346096929a1b26a1693b20b3
b2f84d595e8abf3b7aa744c737cacc2cc34c9afd6e7167e55369161bc5372a9b
e4cae16e643a03eec4e68f7d727224e0bbf5415ebb0a831eb72cb7ff31027605
3766a8654d3954c8c91e658fa8f8ddcd6844a13956318242a31f52e205d467d0
17c3d4c216b2cde74b143bfc2f0c73279f2a007f627e3a764036baf272b4971a
59f80ca5386ed29eda3efb01a92fa31fb7b73168e84456ac06f88fdb4cd82e9e

#Calendaromatic - "https://www.guidepointsecurity.com/blog/ai-exposes-homoglyph-hustle/"
calendaromatic.com
e32d6b2b38b11db56ae5bce0d5e5413578a62960aa3fab48553f048c4d5f91f0
e32d6b2b38b11db56ae5bce0d5e5413578a62960aa3fab48553f048c4d5f91f0
69934dc1d4fdb552037774ee7a75c20608c09680128c9840b508551dbcf463ad
497ed5bca59fa6c01f80d55c5f528a40daff4e4afddfbe58dbd452c45d4866a3
c24774d9b3455b47a41c218d404ae6b702da0d2e3e8ad3d2a353ffddd62239c2

#Nimbus Manticore - "https://research.checkpoint.com/2025/nimbus-manticore-deploys-new-malware-targeting-europe/"
23c0b4f1733284934c071df2bf953a1a894bb77c84cff71d9bfcf80ce3dc4c16
0b2c137ef9087cb4635e110f8e12bb0ed43b6d6e30c62d1f880db20778b73c9a
6780116ec3eb7d26cf721607e14f352957a495d97d74234aade67adbdc3ed339
41d60b7090607e0d4048a3317b45ec7af637d27e5c3e6e89ea8bdcad62c15bf9
4260328c81e13a65a081be30958d94b945fea6f2a483d051c52537798b100c69
a37d36ade863966fb8520ea819b1fd580bc13314fac6e73cb62f74192021dab9
5d832f1da0c7e07927dcf72d6a6f011bfc7737dc34f39c561d1457af83e04e70
ffeacef025ef32ad092eea4761e4eec3c96d4ac46682a0ae15c9303b5c654e3e
c22b12d8b1e21468ed5d163efbf7fee306e357053d454e1683ddc3fe14d25db5
4da158293f93db27906e364a33e5adf8de07a97edaba052d4a9c1c3c3a7f234d
061c28a9cf06c9f338655a520d13d9b0373ba9826a2759f989985713b5a4ba2b
bc9f2abce42141329b2ecd0bf5d63e329a657a0d7f33ccdf78b87cf4e172fbd1
e69c7ea1301e8d723f775ee911900fbf7caf8dcd9c85728f178f0703c4e6c5c0
e77b7ec4ace252d37956d6a68663692e6bde90cdbbb07c1b8990bfaa311ecfb2
b43487153219d960b585c5e3ea5bb38f6ea04ec9830cca183eb39ccc95d15793
1b629042b5f08b7460975b5ecabc5b195fcbdf76ea50416f512a3ae7a677614a
f8a1c69c03002222980963a5d50ab9257bc4a1f2f486c3e7912d75558432be88
954de96c7fcc84fb062ca1e68831ae5745cf091ef5fb2cb2622edf2358e749e0
afe679de1a84301048ce1313a057af456e7ee055519b3693654bbb7312083876
9ec7899729aac48481272d4b305cefffa7799dcdad88d02278ee14315a0a8cc1
3b4667af3a3e6ed905ae73683ee78d2c608a00e566ae446003da47947320097f
a4f5251c81f080d80d1f75ad4cc8f5bc751e7c6df5addcfca268d59107737bd0
cf0c50670102e7fc6499e8d912ce1f5bd389fad5358d5cae53884593c337ac2e
3b58fd0c0ef8a42226be4d26a64235da059986ec7f5990d5c50d47b7a6cfadcd
7c77865f27b8f749b7df805ee76cf6e4575cbe0c4d9c29b75f8260210a802fce
d2db5b9b554470f5e9ad26f37b6b3f4f3dae336b3deea3f189933d007c17e3d8
b9b3ba39dbb6f4da3ed492140ffc167bde5dee005a35228ce156bed413af622d
53ff76014f650b3180bc87a23d40dc861a005f47a6977cb2fba8907259c3cf7a
b405ae67c4ad4704c2ae33b2cf60f5b0ccdaff65c2ec44f5913664805d446c9b
5985bf904c546c2474cbf94d6d6b2a18a4c82a1407c23a5a5eca3cd828f03826
0e4ff052250ade1edaab87de194e87a9afeff903695799bcbc3571918b131100
8e7771ed1126b79c9a6a1093b2598282221cad8524c061943185272fbe58142d
f54fccb26a6f65de0d0e09324c84e8d85e7549d4d04e0aa81e4c7b1ae2f3c0f8
054483046c9f593114bc3ddc3613f71af6b30d2e4b7e7faec1f26e72ae6d7669
95d246e4956ad5e6b167a3d9d939542d6d80ec7301f337e00bb109cc220432cf
9b186530f291f0e6ebc981399c956e1de3ba26b0315b945a263250c06831f281
asylimed.azurewebsites.net
clinichaven.azurewebsites.net
healsanctum.azurewebsites.net
mediasylum.azurewebsites.net
therashelter.azurewebsites.net
arabiccountriestalent.com
arabiccountriestalenthr.azurewebsites.net
arabiccountriestalents.azurewebsites.net
arabiccountriestalentshr.azurewebsites.net
talenthumanresourcestalent.com
carebytesolutions.azurewebsites.net
medicoreit.azurewebsites.net
smartmediq.azurewebsites.net
vitatechlink.azurewebsites.net
biolinksystems.azurewebsites.net
digicura.azurewebsites.net
healthcarefluent.com
hivemedtech.azurewebsites.net
neurocloudhq.azurewebsites.net
marsoxygen.azurewebsites.net
nanobreathe.azurewebsites.net
turbulencemd.azurewebsites.net
zerogmed.azurewebsites.net
virgomarketingsolutions.com
virgomarketingsolutions.comtions.com
airtravellog.com
masterflexiblecloud.azurewebsites.net
storagewiz.co.azurewebsites.net
thecloudappbox.azurewebsites.net
arabiccountriestalent.azurewebsites.net
focusfusion.eastus.cloudapp.azure.com
frameforward.azurewebsites.net
tacticalsnap.eastus.cloudapp.azure.com
thetacticstore.com
lensvisionary.azurewebsites.net
wellnessglowluth.azurewebsites.net
activehealthlab.azurewebsites.net
ehealthpsuluth.com
grownehealth.eastus.cloudapp.azure.com
activespiritluth.eastus.cloudapp.azure.com
createformquestionshelper.com.net
collaboromarketing.com
cloudaskquestioning.eastus.cloudapp.azure.com.net
cloudaskquestionanswers.com.net
cloudaskquestionanswers.azurewebsites.net.net
cloudaskingquestions.eastus.cloudapp.azure.com.net
cloudaskingquestions.azurewebsites.net.net
cloudaskingquestioning.azurewebsites.net.net
vitatechlinks.azurewebsites.net
mojavemassageandwellness.com
airmdsolutions.azurewebsites.net
ventilateainest.azurewebsites.net
aeroclinicit.azurewebsites.net
exchtestcheckingapijson.azurewebsites.net
exchtestcheckingapihealth.com
exchtestchecking.azurewebsites.net
maydaymed.azurewebsites.net
traveltipspage.com
smartapptools.azurewebsites.net
createformquestionshelper.com
cloudaskquestioning.eastus.cloudapp.azure.com
cloudaskquestionanswers.com
cloudaskquestionanswers.azurewebsites.net
cloudaskingquestions.eastus.cloudapp.azure.com
cloudaskingquestioning.azurewebsites.net
healthbodymonitoring.azurewebsites.net
healthcare-azureapi.azurewebsites.net
healthdataanalyticsrecord.azurewebsites.net
medical-deepresearch.azurewebsites.net
medicalit-imaging.azurewebsites.net
mentalhealth-support-portal.azurewebsites.net
patient-azureportal.azurewebsites.net
pharmainfo.azurewebsites.net
symptom-recordchecker.azurewebsites.net
systemmedicaleducation.azurewebsites.net
acupuncturebentonville.com
cardiomedspecialists.azurewebsites.net
digithealthplatform.azurewebsites.net
medicpathsolutions.azurewebsites.net
nextgenhealthtrack.azurewebsites.net
sulumorbusinessservices.com
telehealthconnectpro.azurewebsites.net
totalcaremedcenter.azurewebsites.net
trustedcarehub360.azurewebsites.net
virtualcliniczone.azurewebsites.net
wellnessfirstgroup.azurewebsites.net
yourfamilymdclinic.azurewebsites.net
doctorconsult-app.azurewebsites.net
managetools-platform.azurewebsites.net
msnotetask-insights.azurewebsites.net
mstrakcer-tools.azurewebsites.net
olemanage-dashboard.azurewebsites.net
oletask-tracker.azurewebsites.net
patientcare-portal.azurewebsites.net
rpcconnection.azurewebsites.net
backsrv66.azurewebsites.net 
backsrv74.azurewebsites.net
datasheet96.azurewebsites.net
mainrepo10.azurewebsites.net
services-update-check.azurewebsites.net
send-feedback.azurewebsites.net
send-feedback-413.azurewebsites.net
send-feedback-838.azurewebsites.net
send-feedback-296.azurewebsites.net
check-backup-service.azurewebsites.net
check-backup-service-288.azurewebsites.net
check-backup-service-179.azurewebsites.net
check-backup-service-736.azurewebsites.net
boeing-careers.com
rheinmetallcareer.org
rheinmetallcareer.com
airbus.global-careers.com
airbus.careersworld.org
airbus.usa-careers.com
airbus.germanywork.org
airbus.careers-portal.org
rheinmetall.careersworld.org
rheinmetall.careers-hub.org
rheinmetall.theworldcareers.com
rheinmetall.gocareers.org
flydubaicareers.ae.org
global-careers.com
careers-hub.org
careersworld.org
usa-careers.com
germanywork.org
careers-portal.org
theworldcareers.com
gocareers.org

#PlugX - https://github.com/Cisco-Talos/IOCs/commit/37c4ca38858ffb9eb26e191ba2ffb2ad3f4caf80
e29767ffb75be9f363a39ba9b66785ecfc992e3d91ec9fc46515ef94c37dc0b6 
00dbc8a4b3121af5a19504a9d969e36e709556420a6117eb3533f1d2a8100fd9 
aec2d0cbd2f195bf35e55019a29f0d6109451eb85dc7941b73e3b562b065a11c 
2755de59ef87f9f38c236ed860a1f6f41a1d864126f54c4c0a7f87d4b4f63b20 
fe4f88bdfff87a94bd57bc16c20d199ee548e551b4aca852bcc013d0955d7ce8 
3480613294bc1e1704616dbf5628b92d7186246b87dbef1c8c3dbae13fe35c8b 
a12ed375965859d9434c9f651eef2f3663bb076963fec31723176c9083117671 
906ff72d4ea9cd831c58dc009fb1bbe407e8f430208a63d3dffd3f8e1da73f6e 
f0ad27f8737ac1a079a52c91d8b5cdd554cd42dccc597de8337e0c25d5287dd2 
42c9505c2c55b80e0e311cd6da6a5263b946c8ae8bd8162b0280a1e9be7f174b 
b691b2c1846ea75bb5b07a21c8664ecdb6379685623ba45fe6ca552e94a58ebc 
0ec83d1deb6065cac8ba8f849cdf5672da7313ec2e860a7d71bb7e397e661394 
7b028a9bd2bc0c306ab6561cf702406f5925fc073f9d0d2d9408ceccd6907743 
a92ed5f831c99bb84208ef7d7c733e0183a79de40f9d3b3be54744951f0a1391 
ab526d5ed335860ac2fe0adee26de1a95a3c528299800ddbb4d1e2dd91267252 
fd87149d6b8fdcad5d84ba4a3ca52e1cef8f0c54cafca6dbbb5d156f313d79dd 
fd6b1ca0f26e54fa9c97ea15c834e58ffb71798df38071ad00b14f19d6a4126c 
c91595edd1c9a0a2c1168e3bfa532e4a7dbb6b1380afd80ba445b728622798a4 
03CEC3B010853893310FEA486ECFDDF09642A7A5C695C70DB77D22BC7C402234 
10479191F2E06FF11797FC4DDA2E38AE6667C9DC396FAC32A6CF76965358ADE6 
0443289B1FC556C5EF4BBFA13774500E3936D965799A9C27BE0601170601094D 
b1EE96026A3FC0EE55DAB3B73896E88760F909B3C52D4A0152288D90E63F2E63 
b03fe49036c3830f149135068ff54f5c6c6622008a6fcb7edbf6b352e9a0acc0 
141.164.59.111   
pay.googleinstall.com   
66.42.62.253   
45.114.192.137   
103.9.14.218   
117.254.105.200   
mailserver.kozow.com   
103.136.45.108   
103.172.10.165   
117.239.199.202   
newsinfom.org   
23.254.225.184   
asp.asphspes.com