# Copyright (c) 2014-2018 Miroslav Stampar (@stamparm)
# See the file 'LICENSE' for copying permission

# Reference: https://www.proofpoint.com/us/threat-insight/post/new-version-azorult-stealer-improves-loading-features-spreads-alongside

briancobert.com

# Reference: http://cybercrime-tracker.net/index.php?search=AZORult

00v.xyz
0131.ga
4max.xyz
accqweqweazo.com
ad.icab.pk
aimnawnt.beget.tech
akingu.bit.md-98.webhostbox.net
alexblog24.p-host.in
among3919.com
andreimolchanov.siteme.org
andreimolchanov.siteme.org
art4.xyz
asdfz.ru
azorneutrino.com
banckofamerica.info
benchadcrd.nl
bitcoalko.com
bitscoinsme.com
blackexploitz.net
bmagikleak.website
bucscrup.ru
cc33782.tmweb.ru
ch.baskpower.com
coinbitbot.ru
cresbuy.ga
crypto-e.org
cryptopiabot.cc
cryptopiabot.cc
cryptopiasupport.co
cryptotrust.today.md-35.webhostbox.net
defaultbrowser.xyz
donperenion.com
doueven.click
doueven.click
druvan.xyz
elowpuki.com
elowpuki.com
elysium-inc.pro
elysium-ltd.pro
ernazar.tk
eualube.com
fde4.tk
fdsv.ml
feamleys.com
flash-piayer-update.com.md-90.webhostbox.net
fsdf.ga
gmx7.com
gob.grantflaskparty.com
gohithatsandrof.win
grantflaskparty.com
hallojab.co.ua
hellojab.com
hhamay.website
holidey.pw
hondobakr.top
hondobakr.top
hotbest-apps.com
iddqdp.pw
iddqdp.pw
imbaxqxq.org
inc0de.gq
kalakhomes.club
kamyn9ka.com
keyar12f.beget.tech
l2fog.ru
lelllnn.com
lers.xyz
levonside.space
loveyouneed.pw
mcgau2.bit.md-100.webhostbox.net
methodist.sch.id
mike.rivalserver.com
mike.rivalserver.com
mix1456465.com.cp-47.webhostbox.net
mobwerpingthis.com
mopw.men
mybigfish.stream
myxamop.com
needmorelogs.club
nervozn.tk
nimerstat.ru
ninjatrader.life
npromo.world
ogabosworld.com
ortaksistem.com
panamera.site
pchel8.tk
poloniex.spb.ru
pornhospital.net
port.so.tl
preramet123.name
ps4akk.ru
qers.xyz
rar-lab.ru
rotkit.tk
rotkit.tk
sads.ml
scat01.tk
scat.cf
scat.cf
sepprod.com
sharfik.club
sinutinu.com
skyroot.ru
solimetalspa.com
sondomax.co
sskyokker256.bit.md-89.webhostbox.net
sslwmi.top
sumocloud.club
sumocloud.club
svchost.pw
sysplugins.com
taskdata.gq
taskdata.gq
trimasjaya.com
ubmwuyq.com
ultimaspots.co.uk
usa-bank.info.md-91.webhostbox.net
videocommercialsforyou.com
videopopups.com
vm239011.had.su
vsd1.net
wattmeter.win
www.alkratrad.com
www.antonskoritskii.com
www.asdasdq.com
www.azghost888.com
www.benchadcrd.nl
www.cryptopiasupport.co
www.elowpuki.com
www.ghost888abc.com
www.gopety.cc
www.grandmasson.pw
www.rar-lab.ru
x7x.xyz
zevs3.xyz
zevs5.xyz

# Reference: https://twitter.com/SevenLayerJedi/status/950761083509313536

macpay.pw

# Reference: https://twitter.com/James_inthe_box/status/1039250061065039873

microsoft-update-server.bit
securityupdateserver4.com

# Reference: https://twitter.com/ViriBack/status/983011333506588672
# Reference: https://pastebin.com/nwWHHFe0

fdos.tk
genri.ga
gfcv.tk
gfsd.ga
grlo.tk
qpzm.gq
suka1.tk
vfsv.tk

# Reference: https://cert.gov.ua/news/44
# Reference: https://www.virustotal.com/#/ip-address/192.198.87.130
# Reference: https://www.virustotal.com/#/ip-address/185.193.38.78

http://185.193.38.78/
cashouts.tk
vitani.tk

# Reference: https://twitter.com/JAMESWT_MHT/status/1046755632299352064

columbusfunnybone.com/images/drop.php

# Reference: https://twitter.com/ViriBack/status/1050032466164154368

bigchlen.tk

# Reference: https://www.malware-traffic-analysis.net/2018/10/12/index.html

bitdotz.top

# Reference: https://twitter.com/avman1995/status/1052426452187185153

qe.igg.biz/gate.php

# Reference: https://research.checkpoint.com/the-emergence-of-the-new-azorult-3-3/

certipin.top
infolocalip.com
tohertgopening.com

# Reference: https://twitter.com/james_inthe_box/status/1022866075493355520

kenkelord.gq
