├── Defender ├── Browser Downloads.md ├── Check for DNS query going to known Malicious Domain.md ├── Defender Weekly OSINT IOC -List Hunt.kql ├── Detecting External Connections from public IP to internal Device.md ├── GobalProtect Login outside of the Specified Country.md ├── Hunt Devices with Missing Security Updates.md ├── Hunt for Auto or user Triggered Scheduled tasks.md ├── Hunt for Devices Not Onboarded on Defender.md ├── Hunt for E-mails shared with URL and attachments clicked by Users.md ├── Hunt for Leaked Credentials.md ├── Hunt for Phishing E-mail Delivered inside the organization.md ├── Hunt for Specific CVE associated with the devices onboarded on Defender.md ├── Hunt for Specific User sending mass E-mail to other Recipient and list out user's clicking the URL.md ├── Hunt for Suspicious Windows Services.md ├── Hunt for any suspicious traffic going to suspicious ports from firewall.md ├── Hunt for files shared by malicious e-mail sender on the devices.md ├── Hunt for potential data exfiltration from Windows Server.md ├── Hunt new browser extension installation on Microsoft Defender For Endpoint Devices.md ├── Hunt outbound E-mails and attachments Shared outside organization Domain.md ├── Hunting query to see Auto-Reply forward to other e-mail Recipient.md ├── Identify Fake URL Domain.md ├── Logon Events inside organization Domain.md ├── Monitor large file (including documents and any executable files) sharing over e-mail.md ├── Review PowerShell activities after receipt of emails from known malicious sender.md ├── Review logon attempts after receipt of malicious emails.md ├── Unusual volume of DNS Queries within last 24 hours.md └── UrlClicks by user for specific urls.md ├── IOC ├── OSINT-02-June-2025.csv ├── OSINT-03-March-IOC-List.csv ├── OSINT-05-MAY-2025.csv ├── OSINT-07-April-2025.csv ├── OSINT-09-June-2025.csv ├── OSINT-10-March-2025.csv ├── OSINT-12-MAy-2025.csv ├── OSINT-14-April2025.csv ├── OSINT-17 Feb-IOC-List.csv ├── OSINT-17-March-2025.csv ├── OSINT-19-May-2025.csv ├── OSINT-21-April-2025.csv ├── OSINT-24-March-2025.csv ├── OSINT-24Feb-IOC-List (2).csv ├── OSINT-24Feb-IOC-List.csv ├── OSINT-26-May-2025 (3).csv ├── OSINT-28-April-2025.csv └── OSINT-31-March-2025.csv ├── LICENSE ├── README.md ├── Reports ├── After-Hours-Incidents-Weekdays.md ├── Query to generate incident report for last 14 days.md └── Top 10 Security Incidents.md └── Sentinel ├── AD user enabled and password not set within 48 hours(Severity: Low).md ├── Account Created and Deleted in short Timeframe(Severity: High).md ├── Account Password Not Required (Severity: High).md ├── Account created or deleted by non-approved user(Severity: Medium).md ├── Attempts to sign in to disabled accounts (Severity: Medium).md ├── Excessive-Login-Failure-Detection-Rule(LOW Severity).md ├── Multiple authentication failures followed by a success(Severity: Low).md ├── Permission Change in Azure.md └── User added to privilege group (Severity: High).md /Defender/Browser Downloads.md: -------------------------------------------------------------------------------- 1 | #### This query idetifies any files being downlaoded from browsers like Internet Explorer, Edge, Chrome and firefox. This query can be used as hunting query to identify any suspicious file being downloaded from device browser, after an incident alert triggred in the defender or can be used just to hunt for any suspicious files being downlaoded on devices. 2 | 3 | #### Query: 4 | ```KQL 5 | DeviceFileEvents 6 | | where Timestamp > ago(7d) 7 | | where FolderPath !has "$Recycle.Bin" 8 | | where 9 | // Edge 10 | InitiatingProcessFileName == "msedge.exe" 11 | or 12 | InitiatingProcessFolderPath endswith @"windows\system32\browser_broker.exe" 13 | // Internet Explorer x64 14 | or InitiatingProcessFolderPath endswith @"program files\internet explorer\iexplore.exe" 15 | // Internet Explorer x32 16 | or InitiatingProcessFolderPath endswith @"program files (x86)\internet explorer\iexplore.exe" 17 | // Chrome 18 | or (InitiatingProcessFileName =~ "chrome.exe" and FileName endswith "crdownload") 19 | // Firefox 20 | or (InitiatingProcessFileName =~ "firefox.exe" and (FileName !endswith ".js" or FolderPath !has "profile")) 21 | | project Timestamp, DeviceName, InitiatingProcessFileName, FileName, FolderPath 22 | ``` 23 | -------------------------------------------------------------------------------- /Defender/Check for DNS query going to known Malicious Domain.md: -------------------------------------------------------------------------------- 1 | #### This query Looks any DNS query traffic going to any known malicious domain by looking at the ThreatIngelligenceIndicator database that is ingested into sentinel/Defender via Data Connector. 2 | 3 | ```KQL 4 | IdentityQueryEvents 5 | | where TimeGenerated > ago(1d) 6 | | where isnotempty(QueryTarget) // Ensure we have non-empty QueryTarget values 7 | | join kind=inner ( 8 | ThreatIntelligenceIndicator 9 | | where TimeGenerated > ago(1d) 10 | | where isnotempty(DomainName) // Ensure we have non-empty DomainName values 11 | | project DomainName, Description, ConfidenceScore, ThreatType, ThreatSeverity, FileHashType, FileHashValue, Url 12 | ) on $left.QueryTarget == $right.DomainName 13 | | project TimeGenerated, DeviceName, QueryTarget, Description, IPAddress, Port, DestinationDeviceName, DestinationIPAddress, DestinationPort 14 | ``` 15 | 16 | -------------------------------------------------------------------------------- /Defender/Defender Weekly OSINT IOC -List Hunt.kql: -------------------------------------------------------------------------------- 1 | 2 | 3 | let WeeklyOSINT=externaldata(Type:string, Value:string, Source:string) 4 | [h'https://raw.githubusercontent.com/SlimKQL/Hunting-Queries-Detection-Rules/refs/heads/main/IOC/WeeklyOSINTHightlights17Feb2025.csv']; 5 | let OSINTSHA256 = 6 | WeeklyOSINT 7 | | where Type == "hash_sha256" 8 | | project Value; 9 | let OSINTSHA1 = 10 | WeeklyOSINT 11 | | where Type == "hash_sha1" 12 | | project Value; 13 | let OSINTMD5 = 14 | WeeklyOSINT 15 | | where Type == "hash_md5" 16 | | project Value; 17 | let OSINTDOMAIN = 18 | WeeklyOSINT 19 | | where Type == "domain" 20 | | project Value; 21 | let OSINTURL = 22 | WeeklyOSINT 23 | | where Type == "url" 24 | | project Value; 25 | let OSINTIP = 26 | WeeklyOSINT 27 | | where Type == "ip" 28 | | project Value; 29 | let ScanEmailAttachments = 30 | EmailAttachmentInfo 31 | | where Timestamp > ago(30d) 32 | | where SHA256 has_any(OSINTSHA256); 33 | let ScanEmailURLs = 34 | EmailUrlInfo 35 | | where Timestamp > ago(30d) 36 | | where UrlDomain has_any(OSINTDOMAIN) or Url has_any(OSINTURL); 37 | let ScanEndpointFiles = 38 | DeviceFileEvents 39 | | where Timestamp > ago(30d) 40 | | where ActionType == "FileCreated" 41 | | where MD5 has_any(OSINTMD5) or SHA1 has_any(OSINTSHA1) or SHA256 has_any(OSINTSHA256); 42 | let ScanEndpointNetwork1 = 43 | DeviceNetworkEvents 44 | | where Timestamp > ago(30d) 45 | | where ActionType == "ConnectionSuccess" 46 | | where RemoteIP has_any (OSINTIP) or RemoteUrl has_any (OSINTDOMAIN); 47 | let ScanEndpointNetwork2 = 48 | DeviceNetworkEvents 49 | | where Timestamp > ago(30d) 50 | | where ActionType == "HttpConnectionInspected" 51 | | extend ConnectInfo = todynamic(AdditionalFields) 52 | | extend HttpHost = ConnectInfo.host 53 | | where HttpHost has_any(OSINTDOMAIN); 54 | union ScanEmailAttachments, ScanEmailURLs, ScanEndpointFiles, ScanEndpointNetwork1, ScanEndpointNetwork2 55 | -------------------------------------------------------------------------------- /Defender/Detecting External Connections from public IP to internal Device.md: -------------------------------------------------------------------------------- 1 | #### This KQL query identifies potentially suspicious inbound connection attempts to internet-facing devices in the last 2 hours. It achieves this by filtering and correlating data from two tables: DeviceInfo (device metadata) and DeviceNetworkEvents (network activity). 2 | #### This query identifies suspicious external connection attempts to internet-facing devices: 3 | Helps pinpoint external threats (e.g., potential attackers) based on their activity (3+ attempts from the same IP). 4 | Provides geographical context for the source of threats, aiding in analysis and incident response. 5 | Focuses on actionable data by correlating network activity with device metadata, ensuring only relevant devices are considered. 6 | 7 | #### Query: 8 | ```KQL 9 | let InternetFacingDevice = 10 | DeviceInfo 11 | | where Timestamp > ago(2h) 12 | | where IsInternetFacing 13 | | summarize arg_max(Timestamp, *) by DeviceId, DeviceName 14 | | project DeviceId, DeviceName; 15 | DeviceNetworkEvents 16 | | where DeviceId has_any(InternetFacingDevice) 17 | | where ActionType == "InboundConnectionAttempt" 18 | | where not(ipv4_is_private(RemoteIP)) // Only external public IPs 19 | | extend IPLocation = geo_info_from_ip_address(RemoteIP) 20 | | summarize Connections = count(), Ports = make_set(RemotePort) by RemoteIP, tostring(IPLocation.country), DeviceId 21 | | where Connections >= 3 // Only show IPs with >= 3 attempts 22 | // Join DeviceInfo table with DeviceNetworkEvents 23 | | join kind=inner (InternetFacingDevice) on DeviceId 24 | | project DeviceName, DeviceId, RemoteIP, Ports, Connections, IPLocation_country 25 | | sort by Connections desc 26 | ``` 27 | -------------------------------------------------------------------------------- /Defender/GobalProtect Login outside of the Specified Country.md: -------------------------------------------------------------------------------- 1 | #### This query searches for any user logged In to GlobalProtect outside of Canada. 2 | #### Query: 3 | ```KQL 4 | GlobalProtect_CL 5 | | where PanOSSourceRegion != "CA" //Specify the country achronym according to your requirement. 6 | | where isnotnull(PanOSSourceRegion) and PanOSSourceRegion != "" 7 | ``` 8 | -------------------------------------------------------------------------------- /Defender/Hunt Devices with Missing Security Updates.md: -------------------------------------------------------------------------------- 1 | #### This query identifies the devices with missing Recommended Security Updates on the devices onboarded on Defender. 2 | #### Query: 3 | ```KQL 4 | DeviceTvmSoftwareVulnerabilities 5 | | join kind=inner ( 6 | DeviceTvmSoftwareVulnerabilitiesKB 7 | | project CveId 8 | ) on CveId 9 | | project DeviceName, CveId, RecommendedSecurityUpdateId 10 | | summarize MissingKBs = make_set(RecommendedSecurityUpdateId) by DeviceName 11 | | where array_length(MissingKBs) > 0 12 | ``` 13 | -------------------------------------------------------------------------------- /Defender/Hunt for Auto or user Triggered Scheduled tasks.md: -------------------------------------------------------------------------------- 1 | #### This query analyzes process events on specific devices in your network to identify actions involving svchost.exe or schtasks.exe. These executables are commonly associated with scheduled tasks, either system-initiated or user-triggered. 2 | #### This query can be helpfull in a situation where you want to see or hunt for any unexpected or suspicious scheduled task running automatically on the devices that you want to check. This query can also help in a situation where defender detected a suspicious scheduled task running on the organizations devices. 3 | 4 | #### Query: 5 | ```KQL 6 | DeviceProcessEvents 7 | | where InitiatingProcessFileName == "svchost.exe" // Common for scheduled tasks 8 | or InitiatingProcessFileName == "schtasks.exe" //If the task is directly triggered by the user 9 | | where DeviceName in ("adc", "sgf", "ert", "poi") 10 | | order by Timestamp desc 11 | ``` 12 | -------------------------------------------------------------------------------- /Defender/Hunt for Devices Not Onboarded on Defender.md: -------------------------------------------------------------------------------- 1 | ## Onboarding Devices 2 | #### This Query Hunts for Devices that are not Onboarded on Defender by searching for devices that matches the rgex which contains any alphabets or numbers or hyphens as device name and specific domain name of your organization. 3 | 4 | #### Query: 5 | ``` KQL 6 | DeviceInfo 7 | | where OnboardingStatus != "Onboarded" // Exclude onboarded devices 8 | | where OSPlatform contains "Windows10" or OSPlatform contains "Windows11" // Windows 10 or 11 OS 9 | | where DeviceName matches regex "^[a-zA-Z0-9-]+\\.abc07\\.qqqq\\.qc\\.ca$" // Matches domain name abc07 only 10 | | where DeviceType == "Workstation" // Device type is workstation 11 | | where Vendor contains "HP" // Vendor contains "HP" 12 | | distinct DeviceId, DeviceName, OSPlatform, DeviceType, OnboardingStatus, Vendor // Only distinct based on these columns 13 | ``` 14 | ### Explanation 15 | 16 | #### This KQL query is used to identify distinct devices that are not onboarded, run either Windows 10 or Windows 11, belong to a specific domain, are workstations, and are made by the vendor HP. 17 | 18 | #### Here’s a detailed breakdown: 19 | 20 | #### DeviceInfo | where OnboardingStatus != "Onboarded": 21 | 22 | ##### This first filter excludes devices that are already "Onboarded," focusing only on those that haven't completed the onboarding process. 23 | 24 | #### where OSPlatform contains "Windows10" or OSPlatform contains "Windows11": 25 | 26 | ##### The query is looking for devices that are running either Windows 10 or Windows 11 operating systems. The contains ensures that even if there are additional versions (e.g., Windows10 Enterprise), those will still match. 27 | 28 | #### where (DeviceName matches regex "^[a-zA-Z0-9-]+\\.abc07\\.qqqq\\.qc\\.ca$"): 29 | 30 | ##### This part uses a regular expression (regex) to match devices whose names end with the domain abc07.qqqq.qc.ca. The regex ensures that device names consist of alphanumeric characters or hyphens followed by the specific domain. 31 | 32 | #### where DeviceType == "Workstation": 33 | 34 | ##### The query only includes devices that are classified as "Workstation." This means devices like desktop or laptop computers, excluding servers, mobile devices, etc. 35 | 36 | #### where Vendor contains "HP": 37 | 38 | ##### This filter narrows down the results to devices made by HP, based on the "Vendor" field. 39 | 40 | #### distinct DeviceId, DeviceName, OSPlatform, DeviceType, OnboardingStatus, Vendor: 41 | 42 | ##### Finally, it retrieves distinct records based on the specified columns: DeviceId, DeviceName, OSPlatform, DeviceType, OnboardingStatus, and Vendor. This ensures that duplicate records with the same values in these fields are removed, showing only unique devices. 43 | ### Summary: 44 | #### This query helps you find distinct HP workstations running Windows 10 or 11 that have not been onboarded, belong to the specific domain abc07.qqqq.qc.ca, and filters out other devices based on these criteria. 45 | -------------------------------------------------------------------------------- /Defender/Hunt for E-mails shared with URL and attachments clicked by Users.md: -------------------------------------------------------------------------------- 1 | #### This KQL query is designed to identify and analyze user interactions with URLs embedded in emails, specifically focusing on emails that are either inbound or intra-organizational (within the organization). 2 | #### The goal is to determine which users clicked on URLs within these emails and to provide a summary of this activity. 3 | #### Query: 4 | 5 | ```KQL 6 | let EmailEvents = EmailEvents_CL 7 | | where EmailDirection_s in("Inbound", "Intra-org") 8 | | project 9 | NetworkMessageId_g, 10 | SenderFromAddress_s, 11 | RecipientEmailAddress_s, 12 | Subject_s, 13 | DeliveryAction_s, 14 | EmailDirection_s, 15 | TimeGenerated; 16 | let EmailUrls = EmailUrlInfo_CL 17 | | project 18 | NetworkMessageId_g, 19 | SenderFromAddress_s, 20 | RecipientEmailAddress_s, 21 | Url_s, 22 | UrlDomain_s; 23 | let UrlClicks = UrlClickEvents_CL 24 | | project 25 | NetworkMessageId_g, 26 | AccountUpn_s, 27 | Url_s, 28 | ActionType_s, 29 | Workload_s, 30 | UrlChain_s, 31 | TimeGenerated; 32 | EmailEvents 33 | | join kind=inner (EmailUrls) on NetworkMessageId_g 34 | | join kind=inner (UrlClicks) on NetworkMessageId_g 35 | | extend UserClicking = iif(ActionType_s contains "ClickAllowed", "Yes", "No") 36 | | where UserClicking == "Yes" // Filter to show only emails where users clicked the URLs 37 | | summarize 38 | ClickedUsers = make_set(AccountUpn_s), // List of users who clicked 39 | CountOfClickedUsers = dcount(AccountUpn_s) // Count of distinct users who clicked 40 | by 41 | SenderFromAddress_s, 42 | RecipientEmailAddress_s, 43 | Subject_s, 44 | Url_s, 45 | Workload_s, 46 | UrlDomain_s, 47 | TimeGenerated 48 | | project 49 | SenderFromAddress_s, 50 | RecipientEmailAddress_s, 51 | Subject_s, 52 | Url_s, 53 | Workload_s, 54 | UrlDomain_s, 55 | ClickedUsers, 56 | CountOfClickedUsers, 57 | TimeGenerated 58 | | extend MailMessage_0_Sender = SenderFromAddress_s 59 | | extend MailMessage_0_Recipient = RecipientEmailAddress_s 60 | | extend MailMessage_0_Urls = Url_s 61 | | extend Account_0_Name = ClickedUsers 62 | ``` 63 | ##### Explanation: 64 | 65 | ##### Key Steps in the Query: 66 | 67 | 1. Filter and Select Data from Email Events (EmailEvents_CL): 68 | a. The query starts by filtering the EmailEvents_CL table to include only emails with a direction of either "Inbound" (coming from outside the organization) or "Intra-org" (sent within the organization). 69 | b. It then selects (projects) relevant columns, such as the unique email identifier (NetworkMessageId_g), sender's email address (SenderFromAddress_s), recipient's email address (RecipientEmailAddress_s), subject of the email (Subject_s), and the time the event was generated (TimeGenerated). 70 | 2. Extract URL Information from Emails (EmailUrlInfo_CL): 71 | a. The EmailUrlInfo_CL table is used to gather information about URLs found in the emails. This includes the URL itself (Url_s), the domain of the URL (UrlDomain_s), and the corresponding sender and recipient email addresses. 72 | 3. Analyze URL Click Events (UrlClickEvents_CL): 73 | a. The UrlClickEvents_CL table is queried to identify user interactions with the URLs. It includes data on the user account that clicked the URL (AccountUpn_s), the action taken (ActionType_s), the workload or platform used (e.g., email, Teams) (Workload_s), and the time of the event. 74 | 4. Join the Tables: 75 | a. The query performs inner joins on the NetworkMessageId_g field to combine data from the EmailEvents_CL, EmailUrlInfo_CL, and UrlClickEvents_CL tables. This ensures that only records with matching email and URL data across all three tables are included. 76 | 5. Identify User Clicks: 77 | a. The extend UserClicking = iif(ActionType_s contains "ClickAllowed", "Yes", "No") step creates a new column, UserClicking, that indicates whether the user clicked on the URL. If the ActionType_s field contains "ClickAllowed," the UserClicking value is set to "Yes." 78 | 6. Filter for Clicked URLs: 79 | a. The query then filters the results to include only those records where UserClicking is "Yes," meaning the URLs were clicked by users. 80 | 7. Summarize the Results: 81 | a. The summarize function groups the results by key fields, including the sender's email, recipient's email, email subject, URL, workload, URL domain, and the time the event was generated. 82 | b. It creates two summary columns: 83 | 8.  ClickedUsers uses the make_set(AccountUpn_s) function to create a list of unique users who clicked on the URLs. 84 | 9.  CountOfClickedUsers uses the dcount(AccountUpn_s) function to count the number of distinct users who clicked on the URLs. 85 | 10. Project the Final Output: 86 | a. The final output of the query includes the sender's and recipient's email addresses, the subject of the email, the URL, the workload (platform), the URL domain, the list of users who clicked on the URLs, the count of distinct users who clicked, and the time the event was generated. 87 | 11. Objective of the Query: 88 | 12. The primary objective of this query is to track and analyze user interactions with URLs in emails, particularly those that were clicked on by recipients. By summarizing this information, the query helps in identifying: 89 | a. Which emails contained URLs that were clicked on. 90 | b. The list of users who clicked on these URLs. 91 | c. The total number of distinct users who clicked on each URL. 92 | 13. This analysis is particularly useful in security contexts, where understanding user behavior regarding potentially risky links can help in identifying phishing attacks or other malicious activities. 93 | -------------------------------------------------------------------------------- /Defender/Hunt for Leaked Credentials.md: -------------------------------------------------------------------------------- 1 | ## 🔍 KQL Description 2 | #### This KQL query searches the ExposureGraphNodes table in Microsoft Defender XDR or Sentinel to identify user accounts whose credentials have been leaked. It focuses on nodes categorized as "identity" and labeled as "user", then extracts detailed identity-related properties such as: 3 | ##### • Display name, UPN, email address 4 | ##### • Account status (enabled/disabled) 5 | ##### • Job title, department, phone, address 6 | ##### • Source provider (e.g., Azure AD, on-prem AD) 7 | ##### • Account creation time 8 | ##### • Whether the account's credentials have been leaked 9 | ##### • The query filters and enriches this data, and presents it in a clean, readable format for hunting or triage. 10 | ## 🧩 MITRE ATT&CK Mapping 11 | #### Tactic: Credential Access (TA0006) 12 | #### Technique: Unsecured Credentials (T1552) 13 | ### Query: 14 | ```KQL 15 | ExposureGraphNodes 16 | | where set_has_element(Categories, "identity") 17 | | where NodeLabel == "user" 18 | | extend properties = parse_json(NodeProperties) 19 | | extend DisplayName = properties.rawData.accountDisplayName 20 | | extend EnabledAccount = properties.rawData.accountEnabled 21 | | extend Name = properties.rawData.accountName 22 | | extend UPN = properties.rawData.accountUpn 23 | | extend AccountCreated = properties.rawData.createdDateTime 24 | | extend Email = properties.rawData.emailAddress 25 | | extend Department = properties.rawData.department 26 | | extend JobTitle = properties.rawData.jobTitle 27 | | extend Address = properties.rawData.address 28 | | extend Mobile = properties.rawData.phone 29 | | extend AccountType = properties.rawData.userAccountControl 30 | | extend SourceProvider = properties.rawData.primaryProvider 31 | | extend Leakedcredentials = properties.rawData.hasLeakedCredentials == true 32 | | project NodeId, NodeName, DisplayName, EnabledAccount, Name, UPN, AccountCreated, Email, Department, JobTitle, Address, Mobile, AccountType, SourceProvider, Leakedcredentials 33 | ``` 34 | 35 | 36 | -------------------------------------------------------------------------------- /Defender/Hunt for Phishing E-mail Delivered inside the organization.md: -------------------------------------------------------------------------------- 1 | #### If You want to hunt for the e-mails delivered which is categorized as “Phishing” on the organization e-mail domain then run this query 2 | #### Query: 3 | ```KQL 4 | EmailEvents_CL 5 | | where EmailDirection_s == "Inbound" 6 | | join EmailUrlInfo_CL on NetworkMessageId_g 7 | | where UrlLocation_s in ("Attachment", “Body”) // To see Suspicious e-mail from Attachment or Body of the e-mail. //You can look for different Urllocation according to your need. 8 | | where DeliveryAction_s == "Delivered" 9 | | where ThreatTypes_s contains "phish" 10 | | summarize Count=count() by UrlDomain_s 11 | | sort by Count desc 12 | ``` 13 | #### Once you get the list of UrlDomains that were cayagorised as phishing you can cross check these urldomains in virus total running the below python Script: 14 | ```PYTHON 15 | import requests 16 | API_KEY = "Put Your Virus Total API KEY" 17 | url = "https://www.virustotal.com/vtapi/v2/url/report" 18 | 19 | def check_domain(domain): 20 | params = {"apikey": API_KEY, "resource": domain} 21 | response = requests.get(url, params=params) 22 | return response.json() 23 | ``` 24 | #### Example usage 25 | domains = ["www.healthevidence.org", "belmontbusinessmedia.emlnk9.com", "soinsintermediaire.us15.list-manage.com", "content.app-us1.com", "www.facebook.com", "soinsintermediaires.com", "www.instagram.com", "www.linkedin.com", "mailchi.mp"] # Replace with your list of domains 26 | for domain in domains: 27 | report = check_domain(domain) 28 | print(f"Domain: {domain}, Report: {report}") 29 | 30 | 31 | #### After you run the script you'll get the report from virusTotal and see if any security vendor has flagged or reported them as malicious. 32 | -------------------------------------------------------------------------------- /Defender/Hunt for Specific CVE associated with the devices onboarded on Defender.md: -------------------------------------------------------------------------------- 1 | #### In defender, in Threat Analytics you can see the latest known vulnerability details. With this Query you can check if latest vulnerability from the Threat Analytics list are vulnerable to the onboarded devices in your environment. To summarize, idea of this query is to find out if any latest discovered vulnerability is vulnerable to the devices that are in your environment. 2 | #### Query: 3 | ```KQL 4 | DeviceTvmSoftwareVulnerabilities 5 | | where CveId == "CVE-2024-38063" \\ Specify the specific CVEID that you want to check 6 | | join kind=leftouter (DeviceInfo | project DeviceName, OnboardingStatus, DeviceId) on DeviceId 7 | | where OnboardingStatus == "Onboarded" // Filter for Onboarded devices 8 | | distinct DeviceName, DeviceId, OnboardingStatus, SoftwareName, SoftwareVersion, CveId, VulnerabilitySeverityLevel, RecommendedSecurityUpdate, RecommendedSecurityUpdateId, OSPlatform 9 | ``` 10 | -------------------------------------------------------------------------------- /Defender/Hunt for Specific User sending mass E-mail to other Recipient and list out user's clicking the URL.md: -------------------------------------------------------------------------------- 1 | #### This KQL query is designed to track and summarize email activities related to a specific sender, focusing on instances where recipients clicked on URLs within those emails. 2 | #### It Corelates the all three tables to list out the user's who clicked on the url's send by the specific Sender specified in the Query. 3 | 4 | #### Query: 5 | ```KQL 6 | let EmailEvents = EmailEvents_CL 7 | | where EmailDirection_s in("Inbound", "Intra-org") 8 | | where SenderFromAddress_s == "Ryan.Raynolds@deadpool.ca" // Replace with the specific sender's email 9 | | project 10 | NetworkMessageId_g, 11 | SenderFromAddress_s, 12 | RecipientEmailAddress_s, 13 | Subject_s, 14 | DeliveryAction_s, 15 | EmailDirection_s, 16 | TimeGenerated; 17 | let EmailUrls = EmailUrlInfo_CL 18 | | project 19 | NetworkMessageId_g, 20 | SenderFromAddress_s, 21 | RecipientEmailAddress_s, 22 | Url_s, 23 | UrlDomain_s; 24 | let UrlClicks = UrlClickEvents_CL 25 | | project 26 | NetworkMessageId_g, 27 | AccountUpn_s, 28 | Url_s, 29 | ActionType_s, 30 | Workload_s, 31 | UrlChain_s, 32 | TimeGenerated; 33 | EmailEvents 34 | | join kind=inner (EmailUrls) on NetworkMessageId_g 35 | | join kind=inner (UrlClicks) on NetworkMessageId_g 36 | | extend UserClicking = iif(ActionType_s contains "ClickAllowed", "Yes", "No") 37 | | where UserClicking == "Yes" // Filter to only show emails where users clicked the URLs 38 | | project 39 | SenderFromAddress_s, 40 | RecipientEmailAddress_s, 41 | UserClicking, 42 | Url_s, 43 | Workload_s, 44 | UrlDomain_s, 45 | AccountUpn_s, 46 | TimeGenerated 47 | | summarize 48 | ClickedUsers = make_set(AccountUpn_s), // List of users who clicked 49 | CountOfClickedUsers = dcount(AccountUpn_s) // Count of users who clicked 50 | by 51 | SenderFromAddress_s, 52 | RecipientEmailAddress_s, 53 | Url_s, 54 | Workload_s, 55 | UrlDomain_s, 56 | TimeGenerated 57 | ``` 58 | 59 | ##### Explanation: 60 | ##### KQL BreakDown: 61 | 62 | 1. EmailEvents: 63 | let EmailEvents = EmailEvents_CL 64 | | where EmailDirection_s in("Inbound", "Intra-org") 65 | | where SenderFromAddress_s == "Ryan.Raynolds@deadpool.ca" 66 | | project 67 | NetworkMessageId_g, 68 | SenderFromAddress_s, 69 | RecipientEmailAddress_s, 70 | Subject_s, 71 | DeliveryAction_s, 72 | EmailDirection_s, 73 | TimeGenerated; 74 | Purpose: Filters and selects specific columns from the EmailEvents_CL table. 75 | Filtering: Only emails with EmailDirection_s of "Inbound" or "Intra-org" from the sender "Ryan.Raynolds@deadpool.ca" are selected. 76 | Projection: Columns like NetworkMessageId_g, SenderFromAddress_s, RecipientEmailAddress_s, and others are chosen for further processing. 77 | 78 | 2. EmailUrls: 79 | let EmailUrls = EmailUrlInfo_CL 80 | | project 81 | NetworkMessageId_g, 82 | SenderFromAddress_s, 83 | RecipientEmailAddress_s, 84 | Url_s, 85 | UrlDomain_s; 86 | Purpose: Extracts URL-related data from the EmailUrlInfo_CL table. 87 | Projection: Selects NetworkMessageId_g, SenderFromAddress_s, RecipientEmailAddress_s, Url_s, and UrlDomain_s for linking with email events. 88 | 89 | 3. URLClicks: 90 | let UrlClicks = UrlClickEvents_CL 91 | | project 92 | NetworkMessageId_g, 93 | AccountUpn_s, 94 | Url_s, 95 | ActionType_s, 96 | Workload_s, 97 | UrlChain_s, 98 | TimeGenerated; 99 | Purpose: Captures URL click event data from the UrlClickEvents_CL table. 100 | Projection: Selects NetworkMessageId_g, AccountUpn_s, Url_s, and other relevant columns. 101 | 102 | 4. Join Operations: 103 | EmailEvents 104 | | join kind=inner (EmailUrls) on NetworkMessageId_g 105 | | join kind=inner (UrlClicks) on NetworkMessageId_g 106 | Purpose: Joins the three tables (EmailEvents, EmailUrls, and UrlClicks) based on the NetworkMessageId_g to link emails with their associated URLs and click events. 107 | Join Type: Inner joins are used, meaning only records that exist in all three tables are included. 108 | 109 | 5. User Click Filtering: 110 | | extend UserClicking = iif(ActionType_s contains "ClickAllowed", "Yes", "No") 111 | | where UserClicking == "Yes" 112 | UserClicking: Creates a new column UserClicking that is "Yes" if the ActionType_s contains "ClickAllowed", indicating that the user clicked on the URL. 113 | Filtering: Only keeps rows where users clicked on the URLs (UserClicking == "Yes") 114 | 115 | 6. Final Project and Summarization: 116 | | project 117 | SenderFromAddress_s, 118 | RecipientEmailAddress_s, 119 | UserClicking, 120 | Url_s, 121 | Workload_s, 122 | UrlDomain_s, 123 | AccountUpn_s, 124 | TimeGenerated 125 | | summarize 126 | ClickedUsers = make_set(AccountUpn_s), 127 | CountOfClickedUsers = dcount(AccountUpn_s) 128 | by 129 | SenderFromAddress_s, 130 | RecipientEmailAddress_s, 131 | Url_s, 132 | Workload_s, 133 | UrlDomain_s, 134 | TimeGenerated 135 | 136 | Projection: Selects relevant columns including sender, recipient, URL details, and user information. 137 | Summarization: 138 | ClickedUsers: Creates a set of unique users (AccountUpn_s) who clicked on the URLs. 139 | CountOfClickedUsers: Counts the number of unique users who clicked. 140 | Group By: The summarization groups results by sender, recipient, URL, workload, URL domain, and the time the email was generated 141 | 142 | 7. Overall Purpose of the query: 143 | This query identifies which users clicked on URLs in emails sent from a specific sender (Ryan.Raynolds@deadpool.ca), summarizes how many users clicked on each URL, and lists the users who did so. 144 | It helps to identify the list of user's who clicked on the phishing e-mail URL link coming from the compromised Business Account. 145 | -------------------------------------------------------------------------------- /Defender/Hunt for Suspicious Windows Services.md: -------------------------------------------------------------------------------- 1 | #### This query is designed to hunt for any known suspicious services running in the organization environment by comparing with the updated list of suspicious services from the git hub: https://github.com/mthcht/awesome-lists/blob/main/Lists/suspicious_windows_services_names_list.csv 2 | #### Query: 3 | ```KQL 4 | let Suspicious_Services = externaldata( 5 | service_name: string, 6 | service_path: string, 7 | metadata_tool_category: string, 8 | metadata_tool_type: string, 9 | metadata_severity: string, 10 | metadata_comment: string, 11 | metadata_reference: string 12 | ) 13 | [ 14 | @"https://raw.githubusercontent.com/mthcht/awesome-lists/main/Lists/suspicious_windows_services_names_list.csv" 15 | ] 16 | with (format="csv", ignoreFirstRecord=True); 17 | DeviceEvents 18 | | where ActionType in ("ServiceInstalled", "ServiceModified", "ServiceDeleted") 19 | | extend ServiceName = extractjson("$.ServiceName", tostring(AdditionalFields)) 20 | | extend ServiceAccount = extractjson("$.ServiceAccount", tostring(AdditionalFields)) 21 | | join kind=inner (Suspicious_Services) on $left.ServiceName == $right.service_name 22 | | project TimeGenerated, DeviceName, AccountName, InitiatingProcessAccountName, InitiatingProcessFileName, InitiatingProcessFolderPath, ActionType, ServiceName, ServiceAccount, metadata_comment, metadata_tool_category, metadata_tool_type, metadata_severity, metadata_reference, service_name, service_path 23 | | order by TimeGenerated desc 24 | ``` 25 | #### Explanation: 26 | 27 | #### This KQL query is designed to detect suspicious service activities (like installation, modification, or deletion) on devices by comparing them with a list of known suspicious services. Here's a step-by-step explanation of what the query does: 28 | 29 | #### 1. Load Suspicious Services List 30 | ```KQL 31 | let Suspicious_Services = externaldata( 32 | service_name: string, 33 | service_path: string, 34 | metadata_tool_category: string, 35 | metadata_tool_type: string, 36 | metadata_severity: string, 37 | metadata_comment: string, 38 | metadata_reference: string 39 | ) 40 | [ 41 | @"https://raw.githubusercontent.com/mthcht/awesome-lists/main/Lists/suspicious_windows_services_names_list.csv" 42 | ] 43 | with (format="csv", ignoreFirstRecord=True); 44 | ``` 45 | ##### Purpose: Load a list of suspicious Windows service names from an external CSV file hosted online. 46 | ##### Details: 47 | ##### The CSV file contains details about suspicious services, such as: 48 | ##### service_name: Name of the service. 49 | ##### service_path: File path of the service. 50 | ##### metadata_*: Additional information, like the tool category, severity, comments, and references. 51 | ##### externaldata: Reads the file in CSV format and treats it like a table. 52 | ##### ignoreFirstRecord=True: Ignores the header row of the CSV file. 53 | 54 | #### 2. Filter Device Events 55 | ```KQL 56 | DeviceEvents 57 | | where ActionType in ("ServiceInstalled", "ServiceModified", "ServiceDeleted") 58 | ``` 59 | ##### Purpose: Look for events in the DeviceEvents table where services were installed, modified, or deleted. 60 | ##### Details: 61 | ##### DeviceEvents: This table contains detailed logs about activities on devices. 62 | ##### ActionType: Filters events related to service changes: 63 | ##### ServiceInstalled: A new service was added. 64 | ##### ServiceModified: An existing service was altered. 65 | ##### ServiceDeleted: A service was removed. 66 | 67 | #### 3. Extract Service Information 68 | ```KQL 69 | | extend ServiceName = extractjson("$.ServiceName", tostring(AdditionalFields)) 70 | | extend ServiceAccount = extractjson("$.ServiceAccount", tostring(AdditionalFields)) 71 | ``` 72 | ##### Purpose: Extract detailed information about the service name and service account from the AdditionalFields column. 73 | ##### Details: 74 | ##### AdditionalFields: A JSON-formatted field that contains additional data about the event. 75 | ##### extractjson(): Extracts specific values from the JSON. 76 | ##### $.ServiceName: Retrieves the name of the service. 77 | ##### $.ServiceAccount: Retrieves the account under which the service is running. 78 | ##### tostring(): Ensures the field is treated as a string for parsing. 79 | 80 | #### 4. Join with Suspicious Services List 81 | ```KQL 82 | | join kind=inner (Suspicious_Services) on $left.ServiceName == $right.service_name 83 | ``` 84 | ##### Purpose: Compare the services detected in the DeviceEvents table with the list of suspicious services. 85 | ##### Details: 86 | ##### join kind=inner: Matches rows in DeviceEvents and Suspicious_Services where the ServiceName (from device logs) equals service_name (from the suspicious list). 87 | ##### If no match is found, the event is excluded from the results. 88 | 89 | #### 5. Select Relevant Data 90 | ```KQL 91 | | project TimeGenerated, DeviceName, AccountName, InitiatingProcessAccountName, InitiatingProcessFileName, InitiatingProcessFolderPath, ActionType, ServiceName, ServiceAccount, metadata_comment, metadata_tool_category, metadata_tool_type, metadata_severity, metadata_reference, service_name, service_path 92 | ``` 93 | ##### Purpose: Show only the important fields from the results. 94 | ##### Fields Selected: 95 | ##### TimeGenerated: When the event happened. 96 | ##### DeviceName: Name of the device where the event occurred. 97 | ##### AccountName: Account associated with the event. 98 | ##### InitiatingProcessAccountName: User account that triggered the process. 99 | ##### InitiatingProcessFileName: File name of the process that made the change. 100 | ##### InitiatingProcessFolderPath: Path of the initiating process. 101 | ##### ActionType: Type of service event (installed, modified, deleted). 102 | ##### ServiceName: Name of the suspicious service. 103 | ##### ServiceAccount: Account under which the suspicious service is running. 104 | #### 6. Sort Results 105 | ```KQL 106 | | order by TimeGenerated desc 107 | ``` 108 | ##### Purpose: Arrange the results in descending order based on the event timestamp. This ensures the most recent events appear at the top. 109 | 110 | #### If you only want to see or have visibility of what services are installed, created or deleted in the organization environment. You can run the below query. 111 | ```KQL 112 | DeviceEvents 113 | | where ActionType in ("ServiceInstalled", "ServiceModified", "ServiceDeleted") 114 | | extend ServiceName = extractjson("$.ServiceName", tostring(AdditionalFields)) 115 | | extend ServiceAccount = extractjson("$.ServiceAccount", tostring(AdditionalFields)) 116 | | project TimeGenerated, DeviceName, AccountName, InitiatingProcessAccountName, InitiatingProcessFileName, InitiatingProcessFolderPath, ActionType, ServiceName, ServiceAccount 117 | | order by TimeGenerated desc 118 | ``` 119 | 120 | 121 | 122 | -------------------------------------------------------------------------------- /Defender/Hunt for any suspicious traffic going to suspicious ports from firewall.md: -------------------------------------------------------------------------------- 1 | #### This Query is designed to have visibility of the web traffic ports that's coming inside and going outside of 2 | #### the network which were used for exploits by the threat actors in the past by comparing with the updated list of ports that has been used by the threat actors from the git hub https://raw.githubusercontent.com/mthcht/awesome-lists/main/Lists/suspicious_ports_list.csv 3 | #### The idea of this Hunting Query is to hunt if any of the ports is being used by the threat actors to exploit the organizations applications. 4 | 5 | #### Query: 6 | ```KQL 7 | let Suspicious_Ports = externaldata( 8 | dest_port: int, 9 | metadata_comment: string, 10 | metadata_confidence: string, 11 | metatada_category: string, 12 | metadata_detection_type: string 13 | ) 14 | [ 15 | @"https://raw.githubusercontent.com/mthcht/awesome-lists/main/Lists/suspicious_ports_list.csv" 16 | ] 17 | with (format="csv", ignoreFirstRecord=True) 18 | | where isnotempty(dest_port); // Filter out rows with empty or invalid dest_port 19 | CommonSecurityLog 20 | | where TimeGenerated >= ago(1h) 21 | | where DeviceAction in ("accept", "pass", "close") 22 | | join kind=inner (Suspicious_Ports) on $left.DestinationPort == $right.dest_port 23 | | project TimeGenerated, DeviceName, DestinationPort, DeviceProduct, Activity, ApplicationProtocol, DeviceInboundInterface, DeviceOutboundInterface, DestinationIP, SourceTranslatedAddress, SourceTranslatedPort, metadata_comment, metadata_confidence, metatada_category, metadata_detection_type, Computer 24 | | order by TimeGenerated desc 25 | ``` 26 | #### Explanation 27 | #### This KQL (Kusto Query Language) query is designed to detect network traffic involving suspicious ports by joining security logs with an external list of ports flagged as suspicious. Here's a step-by-step explanation: 28 | ##### 1. Defining the Suspicious Ports List 29 | ```KQL 30 | let Suspicious_Ports = externaldata( 31 | dest_port: int, 32 | metadata_comment: string, 33 | metadata_confidence: string, 34 | metatada_category: string, 35 | metadata_detection_type: string 36 | ) 37 | [ 38 | @"https://raw.githubusercontent.com/mthcht/awesome-lists/main/Lists/suspicious_ports_list.csv" 39 | ] 40 | with (format="csv", ignoreFirstRecord=True) 41 | | where isnotempty(dest_port); 42 | ``` 43 | ##### Purpose: Load a list of suspicious Windows service names from an external CSV file hosted online. 44 | ##### Details: 45 | ##### The CSV file contains details about suspicious services, such as: 46 | ##### service_name: Name of the service. 47 | ##### service_path: File path of the service. 48 | ##### metadata_*: Additional information, like the tool category, severity, comments, and references. 49 | ##### externaldata: Reads the file in CSV format and treats it like a table. 50 | ##### ignoreFirstRecord=True: Ignores the header row of the CSV file. 51 | 52 | ##### 2. Querying the Security Logs 53 | ```KQL 54 | CommonSecurityLog 55 | | where TimeGenerated >= ago(1h) 56 | | where DeviceAction in ("accept", "pass", "close") 57 | ``` 58 | ##### Purpose: Fetch security logs from the CommonSecurityLog table, which contains firewall or security appliance logs. 59 | ##### TimeGenerated >= ago(1h): Filters logs from the past hour. 60 | ##### DeviceAction in ("accept", "pass", "close"): Focuses on specific actions indicating allowed or terminated connections. 61 | 62 | ##### 3. Joining Security Logs with the Suspicious Ports List 63 | ```KQL 64 | | join kind=inner (Suspicious_Ports) on $left.DestinationPort == $right.dest_port 65 | ``` 66 | ##### Purpose: Match the security log entries with the suspicious ports list. 67 | ##### join kind=inner: Retains only logs where a match is found between: 68 | ##### DestinationPort from the security logs. 69 | ##### dest_port from the suspicious ports list. 70 | ##### This identifies traffic involving the flagged suspicious ports. 71 | 72 | ##### 4. Selecting Relevant Fields 73 | ```KQL 74 | | project TimeGenerated, DeviceName, DestinationPort, DeviceProduct, Activity, ApplicationProtocol, DeviceInboundInterface, DeviceOutboundInterface, DestinationIP, SourceTranslatedAddress, SourceTranslatedPort, metadata_comment, metadata_confidence, metatada_category, metadata_detection_type, Computer 75 | ``` 76 | ##### Purpose: Choose the fields to include in the results: 77 | ##### Security log details (e.g., TimeGenerated, DeviceName, DestinationPort, DestinationIP, ApplicationProtocol). 78 | ##### Metadata from the suspicious ports list (e.g., metadata_comment, metadata_confidence, metatada_category, metadata_detection_type). 79 | ##### Device-related information (e.g., Computer, DeviceInboundInterface, DeviceOutboundInterface). 80 | 81 | ##### 5. Sorting Results. 82 | ```KQL 83 | | order by TimeGenerated desc 84 | ``` 85 | ##### Purpose: Sort the results by the timestamp (TimeGenerated) in descending order to show the most recent events first. 86 | 87 | #### What This Query Does 88 | ##### Loads a suspicious ports list from an external CSV file. 89 | ##### Filters recent security log events from the CommonSecurityLog table (last 1 hour, with specific actions). 90 | ##### Matches the DestinationPort in the logs against the suspicious ports list. 91 | ##### Outputs detailed information about the matched events, including metadata about the flagged ports. 92 | ##### Sorts the results so you can quickly analyze the most recent activity. 93 | 94 | #### Why This Query is Useful 95 | ##### Purpose: Detect potential threats by identifying network traffic targeting or originating from known suspicious ports. 96 | ##### Applications: This can help in threat hunting, incident response, or monitoring unusual activity in the network. The metadata provides additional context about why the port is suspicious (e.g., confidence level, detection category). 97 | -------------------------------------------------------------------------------- /Defender/Hunt for files shared by malicious e-mail sender on the devices.md: -------------------------------------------------------------------------------- 1 | #### This query hunts for any files shared by the malicious sender on the devices of the users. In other words it checks if the file shared by malicious sender is downloaded, saved or present on the devices of the user's. 2 | 3 | #### Query: 4 | ```KQL 5 | EmailAttachmentInfo_CL 6 | | where SenderFromAddress_s =~ "MaliciousSender@example.com" 7 | // Get emails with attachments identified by a SHA-256 8 | | where isnotempty(SHA256_s) 9 | | extend SHA256 = SHA256_s // Standardize the column name for the join 10 | | join ( 11 | // Check devices for any activity involving the attachments 12 | DeviceFileEvents 13 | | project FileName, SHA256, DeviceName, DeviceId 14 | ) on SHA256 15 | | project Timestamp_t, FileName, SHA256, DeviceName, DeviceId, NetworkMessageId_g, SenderFromAddress_s, RecipientEmailAddress_s 16 | ``` 17 | 18 | -------------------------------------------------------------------------------- /Defender/Hunt for potential data exfiltration from Windows Server.md: -------------------------------------------------------------------------------- 1 | ## KQL Description 2 | #### This query is designed to hunt for potential data exfiltration from Windows Server devices by detecting file write activity followed by network connections to the internet using common file transfer tools like curl.exe, ftp.exe, powershell.exe, certutil.exe, etc. 3 | ## 🎯 MITRE ATT&CK Mapping 4 | #### 🛠️ Tactic: Exfilteration (TA0010) 5 | #### 📌 Techniques:T1048 – Exfiltration Over Alternative Protocol 6 | ### Query: 7 | ```KQL 8 | let OS_info = DeviceInfo 9 | | where OSPlatform contains "Windows Server" 10 | | project DeviceName; 11 | let exfilTools = dynamic(["curl.exe", "ftp.exe", "powershell.exe", "certutil.exe", "bitsadmin.exe", "winscp.exe"]); 12 | let fileWrites = DeviceFileEvents 13 | | where ActionType in ("FileCreated", "FileModified") 14 | | project FileWriteTime = Timestamp, DeviceName, FileName, FolderPath, InitiatingProcessId, InitiatingProcessCommandLine, InitiatingProcessFileName; 15 | let netConnections = DeviceNetworkEvents 16 | | where RemoteUrl != "" and RemotePort in (21, 22, 80, 443) 17 | | project NetConnectTime = Timestamp, DeviceName, RemoteUrl, RemotePort, InitiatingProcessId, InitiatingProcessCommandLine, InitiatingProcessFileName; 18 | fileWrites 19 | | join kind=inner (netConnections) on DeviceName, InitiatingProcessId 20 | | where abs(datetime_diff("minute", FileWriteTime, NetConnectTime)) <= 5 21 | | where DeviceName in (OS_info) 22 | | where InitiatingProcessFileName in~ (exfilTools) 23 | | project FileWriteTime, NetConnectTime, DeviceName, FileName, FolderPath, RemoteUrl, RemotePort, InitiatingProcessFileName, InitiatingProcessCommandLine 24 | ``` 25 | -------------------------------------------------------------------------------- /Defender/Hunt new browser extension installation on Microsoft Defender For Endpoint Devices.md: -------------------------------------------------------------------------------- 1 | #### This KQL (Kusto Query Language) query is helps to detect the installation of new Chromium browser extensions on Microsoft Defender for Endpoint (MDE) devices. Specifically, it aims to identify when a new extension file (with a ".crx" extension) is created in the "Webstore Downloads" folder. 2 | #### This is relevant for detecting malicious activities, such as the deployment of a fake extension to gather information. 3 | 4 | #### Query: 5 | ```KQL 6 | DeviceFileEvents 7 | | where ActionType == "FileCreated" 8 | | where FolderPath contains "Webstore Downloads" and FileName endswith ".crx" 9 | | extend ExtensionId = extract(@"(?i)Downloads[\\/]|Webstore Downloads[\\/](.+?)_\d+\.crx", 1, FolderPath) 10 | ``` 11 | 12 | ##### Once you get the result downlaod the .crx file to analyze it on virustotal or any other threat feed to check if it is a fake or malicious extension. 13 | -------------------------------------------------------------------------------- /Defender/Hunt outbound E-mails and attachments Shared outside organization Domain.md: -------------------------------------------------------------------------------- 1 | #### To identify e-mails sent or forwarded outbound i.e outside of the organization e-mail domain: 2 | #### Query: 3 | ```KQL 4 | let Lookback = ago(1d); 5 | let AllEmailActivity = 6 | EmailEvents_CL 7 | | where TimeGenerated >= Lookback 8 | | where DeliveryAction_s == "Delivered" 9 | | where EmailDirection_s == "Outbound" 10 | ; 11 | AllEmailActivity 12 | ``` 13 | 14 | #### Now join the AllemailActivity data to the EmailAttachmentinfo Table to match if any outbound e-mail being sent from the organization e-mail domain with attachments: 15 | 16 | #### Final Query: 17 | ```KQL 18 | let Lookback = ago(1d); 19 | let AllEmailActivity = 20 | EmailEvents_CL 21 | | where TimeGenerated >= Lookback 22 | | where DeliveryAction_s == "Delivered" 23 | | where EmailDirection_s == "Outbound"; 24 | let EmailWithAttachments = 25 | AllEmailActivity 26 | | join kind=inner ( 27 | EmailAttachmentInfo_CL 28 | | where TimeGenerated >= Lookback 29 | ) on NetworkMessageId_g // Assuming NetworkMessageId_g exists in both tables 30 | ; 31 | EmailWithAttachments 32 | | project TimeGenerated, SenderFromAddress_s, RecipientEmailAddress_s, FileType_s, FileName_s, FileSize_d 33 | ``` 34 | 35 | ##### Note: Table names for the query shown above can be different in different organization. Adjust the table name and its schema's according to the organization enviornment. 36 | -------------------------------------------------------------------------------- /Defender/Hunting query to see Auto-Reply forward to other e-mail Recipient.md: -------------------------------------------------------------------------------- 1 | #### This Query Lists out all the Auto reply configured inside the organization's user's e-mails to sent to outbound recepient. In other words, it looks for Auto reply e-mails sent to the Recipent outside of the organization domain. 2 | #### Query 3 | ```KQL 4 | EmailEvents_CL 5 | // add your automatic replies cases in your languages 6 | | where Subject_s startswith "Automatic reply:" 7 | | where DeliveryAction_s has "Delivered" and EmailDirection_s has "Outbound" 8 | | extend Username = split(RecipientEmailAddress_s, "@")[0], Domain = tostring(split(RecipientEmailAddress_s, "@")[1]) 9 | | extend DomainParts = split(RecipientEmailAddress_s, ".") 10 | | extend DomainExtensions = tostring(DomainParts[-1]) 11 | | distinct SenderFromAddress_s, SenderMailFromDomain_s, SenderIPv4_s, RecipientEmailAddress_s, DomainExtensions, Domain, Subject_s, EmailDirection_s, DeliveryAction_s, DeliveryLocation_s, ThreatTypes_s 12 | ``` 13 | -------------------------------------------------------------------------------- /Defender/Identify Fake URL Domain.md: -------------------------------------------------------------------------------- 1 | #### Let's say your organization is monitoring email traffic for potential phishing attacks. 2 | #### You are specifically concerned about attackers who might spoof email addresses to look like they are from microsoft, a well-known company. 3 | #### Attackers might use domains like "microsoft-azure.com" or "support-microsoft.net" to trick recipients into thinking the emails are legitimate. This KQl can help you identify those fake URL Domains 4 | 5 | #### Query: 6 | ```KQL 7 | EmailEvents_CL 8 | | join EmailEvents_CL on NetworkMessageId_g 9 | | where EmailDirection_s == "Inbound" 10 | | where LatestDeliveryAction_s == "Delivered" 11 | | where SenderFromDomain_s contains "microsoft" 12 | | where SenderFromDomain_s !endswith "microsoft.com" 13 | ``` 14 | 15 | -------------------------------------------------------------------------------- /Defender/Logon Events inside organization Domain.md: -------------------------------------------------------------------------------- 1 | #### Hunting query to see Log on events inside organization domain 2 | #### Query: 3 | ```KQL 4 | let Lookback = ago(1d); 5 | let Signins = 6 | IdentityLogonEvents 7 | | where TimeGenerated > Lookback 8 | | distinct AccountDisplayName, AccountUpn, DeviceName, DestinationDeviceName, ActionType, AccountDomain, Application 9 | ; 10 | Signins 11 | ``` 12 | -------------------------------------------------------------------------------- /Defender/Monitor large file (including documents and any executable files) sharing over e-mail.md: -------------------------------------------------------------------------------- 1 | #### You can create a detection rule to identify any suspicious file being shared over the e-mails. 2 | #### This query identifies any files being shared over the e-mails. Filetypes like .exe, bat etc.. 3 | ## Mitre Attack Technique: Data Transfer Size Limits (T1030) 4 | #### Query: 5 | ```KQL 6 | // Define the size threshold (e.g., 10 MB) 7 | let sizeThreshold = 10 * 1024 * 1024; // 10 MB in bytes 8 | // Define suspicious file types 9 | let suspiciousFileTypes = pack_array(".exe", ".bat", ".cmd", ".com", ".scr", ".pif", ".cpl", ".dll", ".sys", ".js", ".vbs"); 10 | // Query to monitor large attachments and suspicious file types 11 | EmailAttachmentInfo_CL 12 | | where FileSize_d > sizeThreshold or FileType_s in (suspiciousFileTypes) 13 | | project TimeGenerated, TenantId, SenderFromAddress_s, RecipientEmailAddress_s, FileName_s, FileType_s, FileSize_d, SHA256_s, NetworkMessageId_g, ReportId_s 14 | | extend Description = strcat("Suspicious attachment detected: ", FileName_s, " (", FileType_s, ") with size ", tostring(FileSize_d / 1024 / 1024), " MB") 15 | | summarize Count = count() by TenantId, SenderFromAddress_s, RecipientEmailAddress_s, FileSize_d, FileType_s, bin(TimeGenerated, 1h) 16 | ``` 17 | -------------------------------------------------------------------------------- /Defender/Review PowerShell activities after receipt of emails from known malicious sender.md: -------------------------------------------------------------------------------- 1 | #### This query helps review any powershell activities in the user's workstations after a known malicious sender sends a mass malicious e-mails in the organization. 2 | 3 | #### Query : 4 | ```KQL 5 | //Define new table for emails from specific sender 6 | let EmailsFromBadSender=EmailEvents_CL 7 | | where SenderFromAddress_s =~ "MaliciousSender@example.com" 8 | | project TimeEmail = Timestamp_t, Subject_s, SenderFromAddress_s, AccountName = tostring(split(RecipientEmailAddress_s, "@")[0]); 9 | //Merge emails from sender with process-related events on devices 10 | EmailsFromBadSender 11 | | join ( 12 | DeviceProcessEvents 13 | //Look for PowerShell activity 14 | | where FileName =~ "powershell.exe" 15 | //Add line below to check only events initiated by Outlook 16 | //| where InitiatingProcessParentFileName =~ "outlook.exe" 17 | | project TimeProc = Timestamp, AccountName, DeviceName, InitiatingProcessParentFileName, InitiatingProcessFileName, FileName, ProcessCommandLine 18 | ) on AccountName 19 | //Check only PowerShell activities within 30 minutes of receipt of an email 20 | | where (TimeProc - TimeEmail) between (0min.. 30min) 21 | ``` 22 | -------------------------------------------------------------------------------- /Defender/Review logon attempts after receipt of malicious emails.md: -------------------------------------------------------------------------------- 1 | #### This query helps identify logon attempts on any device within 30 minutes of receiving an email categorized as malware inside the organization. 2 | #### Query: 3 | 4 | ```KQL 5 | //Define new table for malicious emails 6 | let MaliciousEmails=EmailEvents_CL 7 | //List emails detected as malware, getting only pertinent columns 8 | | where ThreatTypes_s has "Malware" 9 | | project TimeEmail = Timestamp_t, Subject_s, SenderFromAddress_s, AccountName = tostring(split(RecipientEmailAddress_s, "@")[0]); 10 | MaliciousEmails 11 | | join ( 12 | //Merge malicious emails with logon events to find logons by recipients 13 | IdentityLogonEvents 14 | | project LogonTime = Timestamp, AccountName, DeviceName 15 | ) on AccountName 16 | //Check only logons within 30 minutes of receipt of an email 17 | | where (LogonTime - TimeEmail) between (0min.. 30min) 18 | | take 10 19 | ``` 20 | -------------------------------------------------------------------------------- /Defender/Unusual volume of DNS Queries within last 24 hours.md: -------------------------------------------------------------------------------- 1 | #### This query helps see if there is unusual amount of DNS queries. 2 | #### Query: 3 | ```KQL 4 | IdentityQueryEvents 5 | | where TimeGenerated > ago(1d) 6 | | where ActionType == "DNS query" 7 | | summarize queryCount = count() 8 | by 9 | QueryTarget, 10 | bin(TimeGenerated, 1h), 11 | DeviceName, 12 | IPAddress, 13 | Port, 14 | DestinationDeviceName, 15 | DestinationIPAddress, 16 | DestinationPort 17 | | where queryCount > 100 // Example threshold for unusual volume 18 | | order by queryCount desc 19 | | project 20 | TimeGenerated, 21 | QueryTarget, 22 | queryCount, 23 | DeviceName, 24 | IPAddress, 25 | Port, 26 | DestinationDeviceName, 27 | DestinationIPAddress, 28 | DestinationPort 29 | ``` 30 | -------------------------------------------------------------------------------- /Defender/UrlClicks by user for specific urls.md: -------------------------------------------------------------------------------- 1 | #### This Query helps identify users clicking in the specific urls shared to them via e-mail. This hunting query is beneficial to identify which users clicked on any phishing url shared by malicous actor. 2 | #### Query: 3 | ```KQL 4 | let urls = dynamic(["https://www.emaze.com/@ALIZRTIZR/ems", "https://lists.mcgill.ca/scripts/wa.exe?SUBED1=CHB_PERMANENT_MDS&A=1"]); 5 | EmailUrlInfo_CL 6 | | where Url_s in (urls) 7 | | join kind=inner ( 8 | UrlClickEvents_CL 9 | | where Url_s in (urls) 10 | | project ClickTimestamp = TimeGenerated, ClickedUrl = Url_s, AccountUpn_s 11 | ) on $left.RecipientEmailAddress_s == $right.AccountUpn_s 12 | | project RecipientEmailAddress_s, Url_s, ClickTimestamp, ClickedUrl 13 | ``` 14 | -------------------------------------------------------------------------------- /IOC/OSINT-02-June-2025.csv: -------------------------------------------------------------------------------- 1 | "type","value","source" 2 | "domain","adobe-express.com","public" 3 | "domain","ai-kling.com","public" 4 | "domain","aikling.ai","public" 5 | "domain","aisoraplus.com","public" 6 | "domain","bitdefender-download.com","public" 7 | "domain","boostcreatives-ai.com","public" 8 | "domain","boostcreatives.ai","public" 9 | "domain","canva-dreamlab.com","public" 10 | "domain","canvadream-lab.com","public" 11 | "domain","canvadreamlab.ai","public" 12 | "domain","canvadreamlab.com","public" 13 | "domain","canvaproai.com","public" 14 | "domain","capcutproai.com","public" 15 | "domain","cloud.msapp.workers.dev","public" 16 | "domain","creativepro-ai.com","public" 17 | "domain","creativepro.ai","public" 18 | "domain","creativespro-ai.com","public" 19 | "domain","dreamai-luma.com","public" 20 | "domain","greenadelhouse.com","public" 21 | "domain","jetmf.com","public" 22 | "domain","klings-ai.com","public" 23 | "domain","klingxai.com","public" 24 | "domain","luma-aidream.com","public" 25 | "domain","luma-dream.com","public" 26 | "domain","luma-dreamai.com","public" 27 | "domain","luma-dreammachine.com","public" 28 | "domain","lumaai-dream.com","public" 29 | "domain","lumaai-lab.com","public" 30 | "domain","lumaai-labs.com","public" 31 | "domain","lumaaidream.com","public" 32 | "domain","lumaailabs.com","public" 33 | "domain","lumalabsai.in","public" 34 | "domain","nationaldefensecollege.com","public" 35 | "domain","operationsindoor2025.in","public" 36 | "domain","pahalgamattack.com","public" 37 | "domain","pubs.infinityfreeapp.com","public" 38 | "domain","quirkquestai.com","public" 39 | "domain","resource.infinityfreeapp.com","public" 40 | "domain","sindoor.live","public" 41 | "domain","term-restore-satisfied-hence.trycloudflare.com","public" 42 | "domain","ways-sms-pmc-shareholders.trycloudflare.com","public" 43 | "domain","word.msapp.workers.dev","public" 44 | "url","http://185.156.72.2/files/5297474040/aNXlZBn.exe","public" 45 | "url","http://192.3.95.152/cloudshare/atr/pull.pdf","public" 46 | "url","http://192.3.95.152/cloudshare/atr/trm","public" 47 | "url","http://45.61.157.163:443/Destop-Win10.zip","public" 48 | "url","http://pokijhgcfsdfghnj.mywebcommunity.org/main/receive.php","public" 49 | "url","http://pokijhgcfsdfghnj.mywebcommunity.org/main/test.txt","public" 50 | "url","http://wersdfxcv.mygamesonline.org/view.php","public" 51 | "url","http://www.autonomousrich.xyz/iej0","public" 52 | "url","http://www.balivegasbaru2.xyz/cfze","public" 53 | "url","http://www.ddvids.xyz/uiki","public" 54 | "url","http://www.dqvcbn.info/iby8","public" 55 | "url","http://www.ethereumpartner.xyz/xou3","public" 56 | "url","http://www.fjlgyc.info/txra","public" 57 | "url","http://www.garfo.xyz/35rt","public" 58 | "url","http://www.gnlokn.info/lmor","public" 59 | "url","http://www.hugeblockchain.xyz/1dpy","public" 60 | "url","http://www.iighpb.bid/jfhd","public" 61 | "url","http://www.intention.digital/h6z3","public" 62 | "url","http://www.kasun.wtf/u4ue","public" 63 | "url","http://www.kpilal.info/9o26","public" 64 | "url","http://www.laohuc58.net/zyjq","public" 65 | "url","http://www.leveledge.sbs/asbs","public" 66 | "url","http://www.lucynoel6465.shop/1i64","public" 67 | "url","http://www.manicure-nano.sbs/xkx8","public" 68 | "url","http://www.nhc7tdkp6.live/d9kr","public" 69 | "url","http://www.nullus.xyz/pf7y","public" 70 | "url","http://www.prepaidbitcoin.xyz/rcx4","public" 71 | "url","http://www.seasay.xyz/xwy3","public" 72 | "url","http://www.svapo-discount.net/s956","public" 73 | "url","http://www.themutznuts.xyz/ks15","public" 74 | "url","http://www.theweb.services/fb40","public" 75 | "url","http://www.tumbetgirislinki.fit/i8hk","public" 76 | "url","http://www.vivamente.shop/xr41","public" 77 | "url","http://www.xrrkkv.info/eg97","public" 78 | "url","http://www.yueolt.shop/je6k","public" 79 | "url","https://bbuseruploads.s3.amazonaws.com/9e2daa63-bae3-4cbb-9f88-8154ba43261f/downloads/aa7b9593-2ccd-4cd0-9e04-9b4a7da9276b/BitDefender.zip","public" 80 | "url","https://bitbucket.org/sadsafsadfsadf/dsfgdsgssdfgdsg/downloads/BitDefender.zip","public" 81 | "url","https://github.com/legendary99999/fbvsfdbafdbdqba/releases/download/fdbagbagdbad/adsqwe.exe","public" 82 | "url","https://googl-6c11f.firebaseapp.com/job/file-846873865383.html","public" 83 | "url","https://googl-6c11f.web.app/job/9867648797586_Scan_15052025-736574.html","public" 84 | "url","https://lihi.cc/4z5sh","public" 85 | "url","https://lihi.cc/5nlgd","public" 86 | "url","https://lihi.cc/6dekU","public" 87 | "url","https://lihi.cc/edcOv","public" 88 | "url","https://lihi.cc/v3OyQ","public" 89 | "url","https://lorica.com.ua/MFA/?????????.zip","public" 90 | "url","https://mega.nz/file/SmxUiA4K#QoS_PYQDnJN4VtsSg5HoCv5eOK0AI1bL6Cw5lxA0zfI","public" 91 | "url","https://my5353.com/ZwEkm","public" 92 | "url","https://my5353.com/fPUcX","public" 93 | "url","https://my5353.com/nWyTf","public" 94 | "url","https://my5353.com/ppOH5","public" 95 | "url","https://my5353.com/vEWiT","public" 96 | "url","https://reurl.cc/WNr2Xy","public" 97 | "url","https://rushpapers.com/ws","public" 98 | "url","https://tinyurl.com/3wnz46pv","public" 99 | "url","https://tinyurl.com/hycev3y7","public" 100 | "url","https://tinyurl.com/mpa2c5wj","public" 101 | "url","https://tinyurl.com/mr42t4yv","public" 102 | "ip","157.20.182.167","public" 103 | "ip","157.20.182.35","public" 104 | "ip","157.20.182.68","public" 105 | "ip","157.20.182.72","public" 106 | "ip","185.23.253.204","public" 107 | "ip","212.232.22.77","public" 108 | "hash_sha256","029C5914CEDF8E79A647AB69AC08B7EA662C7608EA80CD8C42D07F1D9FE84C9B","public" 109 | "hash_sha256","037BDA8A7E324E378720FF143CA1810B95C78E74062913E9BC588AAC9AA55483","public" 110 | "hash_sha256","038712505C782F6DE7FD435805DB35CD806DA5132BD7B2F2B16B0C430B800F65","public" 111 | "hash_sha256","03BC25AE7222A8142E06629D22C62900E9CD2554FF7D2B9D8836125C6C4FEA8C","public" 112 | "hash_sha256","07D73F4822549AF4EC61D16ED366133DAE1733CE1D6AD0A27FC80C94956ABC51","public" 113 | "hash_sha256","0916166F5CF72E5869AEB75331A46F9BF978FA328B08E13EE356DD7B0B13AFBA","public" 114 | "hash_sha256","0BC2AC5AA152FE7EBB4225F09F691F456631845EAB2D71D548BDFFED681AF3B8","public" 115 | "hash_sha256","0C4015083A3EEFA815D0F5310B112E7AFF27199D38D5605F88A79DCAB85DB2B5","public" 116 | "hash_sha256","0CAD360457A42C0408D4E7ED9F4F0FAF3D96EC2320C2CDD11B53D82DE85B5428","public" 117 | "hash_sha256","0DF13FD42FB4A4374981474EA87895A3830EDDCC7F3BD494E76ACD604C4004F7","public" 118 | "hash_sha256","0F7148BD9E74527C9DA1A5913A04EE1B4C1C4EA75CAB57539E6781E617B9DAB0","public" 119 | "hash_sha256","114465C38E51D9CD15B84F5C57AFD2CA5427EF71ECE73D592C0F92F5BB69B237","public" 120 | "hash_sha256","11BAB07F4DD49504F15A0D7BD4C3D57BF93C67939A200FB34D70F18219984C38","public" 121 | "hash_sha256","151257E9DFDA476CDAFD9983266AD3255104D72A66F9265CAA8417A5FE1DF5D7","public" 122 | "hash_sha256","1572C35417C425433D03477D8E02784739337DB9C26DF25C0E6B2AA0444C0668","public" 123 | "hash_sha256","15953E0191EDAA246045DDA0D7489B3832F27FDC3FCC5027F26B89692AEFD6E1","public" 124 | "hash_sha256","15A61D74BA86155E9D4636B9F081452A530B6766CC59E950D557A21EAB96D60A","public" 125 | "hash_sha256","160911C246A25CAE17454901FB2D7FB31E20DD0F5C12CBF686FFE24510F22EDE","public" 126 | "hash_sha256","160DD63C6C58BD2A958C6B9E01C873C4192B6A4533197D7B506E49A04C5AEF1C","public" 127 | "hash_sha256","18CB28C5C7BEAE394111CF867B4E3CD8E154AB7C7F3D91016E0EAD5D90009EE3","public" 128 | "hash_sha256","1A037DA4103E38FF95CB0008A5E38FD6A8E7DF5BC8E2D44E496B7A5909DDEBEB","public" 129 | "hash_sha256","1B4660133C2F2125B1013A3FA22DE51D60176052D7C1487C09630FEE5582298A","public" 130 | "hash_sha256","1D0B246F8D43442EA0EAECDE5CFA7FCD8139A9BA93496CD82A8AC056F7393BCF","public" 131 | "hash_sha256","22AF84327CB8ECAFA44B51E9499238CA2798CEC38C2076B702C60C72505329CB","public" 132 | "hash_sha256","2381929126D3EB17402D77103F6E07A272A6FAD54EC64225A6D5E1F31FF057AC","public" 133 | "hash_sha256","24A7CE118461C264BF797A4632E8B83B11C7F16C4C6836057284751BC33D20F8","public" 134 | "hash_sha256","25B1EC4D62C67BD51B43DE181E0F7D1BDA389345B8C290E35F93CCB444A2CF7A","public" 135 | "hash_sha256","25F863C6190B727C45B762B70091A8D8F6CB98FF44DB05044BA76A46D3C17A3D","public" 136 | "hash_sha256","263EE8E9F8FBDB95CA8AFB642E990F66C41E194110A70765F2ABF7257E0790E3","public" 137 | "hash_sha256","266D2307216788FCF174735535193C77488435B3DA5F9B3867E714D94AE1F4E3","public" 138 | "hash_sha256","268C2B3286BB079EC6B047FE17321C7A98B24BF36C16598998DE4FC48B6BEDF9","public" 139 | "hash_sha256","2798BF4FD8E2BC591F656FA107BD871451574D543882DDEC3020417964D2FAA9","public" 140 | "hash_sha256","28116E434E35F76400DC473ADA97AEAE9B93CA5BCC2A86BD1002F6824F3C9537","public" 141 | "hash_sha256","2852770F459C0C6A0ECFC450B29201BD348A55FB3A7A5ECDCC9986127FDB786B","public" 142 | "hash_sha256","2A62393C3B2E97CDBD03181D4E4CF699D4511C56A1C9C4ED8FF122F05EB919CC","public" 143 | "hash_sha256","2C067B470AB3802719AD65EF1E721A3850933C1A9EBF3E97303A3164EFFB6F63","public" 144 | "hash_sha256","2EA8980002AF5ACE6C34408626AC56B424EA0A2504CCD0281E09D560E8E05276","public" 145 | "hash_sha256","2EFD13442F109790BDD5E1B33F706E60501546EB06D15A2AA8226458BBBD315E","public" 146 | "hash_sha256","2F8E0FC38EAF08A69653F40867DCD4CC951A10CD92B8168898B9AA45BA18A5C8","public" 147 | "hash_sha256","2FD5B4D1CB318B8CBD9C3A5DF0EE0C248E8261A20F33110B221AE9CB8B1071AE","public" 148 | "hash_sha256","3264A6FAE4613963E5B559C956D7D0D48041B6E873A5162F6F0A5F942B1B6215","public" 149 | "hash_sha256","36AA5DC6C23669821204C7D18A714E360CF0EA2B6E48175BA89C7BBB01A3A1BB","public" 150 | "hash_sha256","36DBF119CB0CCA52AED82CA3E69BBE09D96FA92F2831F8E14DC1BD1B6A5E9590","public" 151 | "hash_sha256","3B50605E11FF66A370A0A2F99EBC6DF09D589D107735004862178F661E051ED8","public" 152 | "hash_sha256","3B7B0B7DABE9FE77797EF944121F611D6EB69716A15942C6B58998FBFD6B13D9","public" 153 | "hash_sha256","3B88B3EFBDC86383EE9738C92026B8931CE1C13CD75CD1CDA2FA302791C2C4FB","public" 154 | "hash_sha256","3BD969B1B078A20C5A43BB50E7FC035E9C4AF41F0C735D07524F770C0FB0ED22","public" 155 | "hash_sha256","3BE0B7D41D9FEDFCBF5DD8147640F1D12C5693936910FCC76D7AF99243056B94","public" 156 | "hash_sha256","3E2F9C3B76C3B4D932783FAEB7AB25CFED3EDD939F58659E0AA92FD46A6B1111","public" 157 | "hash_sha256","4598D35D789DB350008C2307FEBE18859221923FE9F1FD2FA61BCCC8ECA8828E","public" 158 | "hash_sha256","469B534BEC827BE03C0823E72E7B4DA0B84F53199040705DA203986EF154406A","public" 159 | "hash_sha256","475E1A46141EFB13BAE2E935E61A8731D466A53C1268CA54CD7BA3815B002256","public" 160 | "hash_sha256","4982A33E0C2858980126B8279191CB4EDDD0A35F936CF3EDA079526BA7C76959","public" 161 | "hash_sha256","49C71B594BA808832900316AF90AB7CAC3E9AF825D5B7A081244913C8FED849F","public" 162 | "hash_sha256","4E1C1F94358A6402C69CCA010FC2829514AEB77D11B33561469F0D0FDF64F989","public" 163 | "hash_sha256","4F12C5DCA2099492D0C0CD22EDEF841CBE8360AF9BE2D8E9B57C2F83D401C1A7","public" 164 | "hash_sha256","50124174A4AC0D65BF8B6FD66F538829D1589EDC73AA7CF36502E57AA5513360","public" 165 | "hash_sha256","5060BCD360683D43DCDE43676D908D5D10B5310E71F16C42529B103B91818D57","public" 166 | "hash_sha256","507103BF93E50A8B7B2944C402F1403402E2F607930FA7822BB64236C1FBA23A","public" 167 | "hash_sha256","512AD96221DDC5BB90228B719AC2BADB999E43C129AA759B3619AE6FFEA49C73","public" 168 | "hash_sha256","52AF32AB127D9956C598E926E20ABFDDEFF28CF8F6271BC60EA21CC074DEF08F","public" 169 | "hash_sha256","538E5A536714C0DB69B4BB1EA6DF421299E75E8C0B2C4644992EBD022C98CD65","public" 170 | "hash_sha256","53A26D5E2B1EE5D2A8261843C1FE0C68632D6686222F11177BEE9C572C485005","public" 171 | "hash_sha256","54B0949E3771E1B1DD7EABDBAF2ACFFE5E527EDAFC4A5FFA6AAEB0A6047479F1","public" 172 | "hash_sha256","57FE3BC7B7D4E2F8B10869D735C95F53D6A85BD59DACD26292C2D6A089FC36B4","public" 173 | "hash_sha256","58ADB6B87A3873F20D56A10CCDE457469ADB5203F3108786C3631E0DA555B917","public" 174 | "hash_sha256","5C74A6E283B679C9A2E1E8DC74B0AC301F5FA4BD2B37A6C3AF2BA4015B34A780","public" 175 | "hash_sha256","5DD629B610AEE4ED7777E81FC5135D20F59E43B5D9CC55CDAD291FCF4B9D20EB","public" 176 | "hash_sha256","608A5144AE8DDEC032854092DA555EB9E29626465657C1C5CC3DE0ADA0BFEA7E","public" 177 | "hash_sha256","613985E6CB0783FA378100D464065C0CFAB636230ED76994D9DAED6B19AF3BE1","public" 178 | "hash_sha256","62BA281147CEEEFCA5BD15F58AC52125BC42B0E134A6FCB4BD90EFDAE0FCE318","public" 179 | "hash_sha256","62F734B99E5B690C12F339562C08E6A9168AD91C00BF4EFC6C3F2D6C7A9677BD","public" 180 | "hash_sha256","67E5FE71333949E664D9FB1D9AC0081C106FABB9B8E141AF9874B58C132AB9E7","public" 181 | "hash_sha256","6CCAEF03DCAB293D23494070AACFD4B94D7DEFD14AF39DC543F2F551846E9D50","public" 182 | "hash_sha256","6D9B34BEC276A1351EF46E63829237C7352A2E64118FE072A650979557B421B9","public" 183 | "hash_sha256","6DC8E99DA68B703E86FA90A8794ADD87614F254F804A8D5D65927E0676107A9D","public" 184 | "hash_sha256","6ECD637EC715709A21AE05C3917E7B33CC35CE2B77700C938D16897FCD0CD8EA","public" 185 | "hash_sha256","70DA3B1B49C0D6C660501A803026E5A5390BBEA749B25B8B2DDFFEF8BB211FF6","public" 186 | "hash_sha256","73E647287408B2D40F53791B8A387A2F7EB6B1BBA1926276E032BF2833354CC4","public" 187 | "hash_sha256","75FF0334D46F9B7737E95AC1EDCC79D956417B056154C23FAD8480EC0829B079","public" 188 | "hash_sha256","7787ECA1528144693930458282EE26C39508A9014152D36EFA3B8645C188964C","public" 189 | "hash_sha256","7AB4710EFC9CEE29C4C17C2D7B367EE528CA3070835BC961EB8481F4EF010EE8","public" 190 | "hash_sha256","7DE095A011A3DCD48F806DCB6A48D5262E06BEC2D63D828B85436F79C83BCD70","public" 191 | "hash_sha256","839260AC321A44DA55D4E6A5130C12869066AF712F71C558BD42EDD56074265B","public" 192 | "hash_sha256","84F3B5432A437A8319D81556CCEB857609D2C5C9A1E4EB8DAB61F528DB59E83C","public" 193 | "hash_sha256","8550677E8CA53235C5EDA21401E75AB495E418877E71149D1AE0C3CE247C3124","public" 194 | "hash_sha256","871862D1117FD7D2DF907406A3CE08555196800B0EF9901DD4C46F82B728263D","public" 195 | "hash_sha256","8863065544DF546920CE6189DD3F99AB3F5D644D3D9C440667C1476174BA862B","public" 196 | "hash_sha256","8CE7E340773AF5310BC851B5A9B848A72759FC33059A0D8CC5732A5F97766AA7","public" 197 | "hash_sha256","8D2C9C2B5AF31E0E74185A82A816D3D019A0470A7AD8F5C1B40611AA1FD275CC","public" 198 | "hash_sha256","8E53784A8600A6E6FCB61CF9A363A49C44FD97BF22CFEC2948728EC622D817FC","public" 199 | "hash_sha256","900A9E65BAB0C31CEFB8E144E4D43052D1B0699D8DF05B695BFE4B3275747D0F","public" 200 | "hash_sha256","925E6375DEAA38D978E00A73F9353A9D0DF81F023AB85CF9A1DC046E403830A8","public" 201 | "hash_sha256","92E82FE79025AA9E68CAE7B734DE8C840EC7C6DD439F17ABEFE69354D4A8BD6E","public" 202 | "hash_sha256","93D6F9F0172206779C753A4C486DDA1DE4AA17A5147E84C31203C694655CD8AB","public" 203 | "hash_sha256","95FB0944A2348F1E326B4CE65B04A5B62E1587D90C40D3BB505DC93F5F61295A","public" 204 | "hash_sha256","961AFC40BD120D3715D2FA333DE19A83AB4C712092E9289C28E271EC778F4EA0","public" 205 | "hash_sha256","964EC70FC2FDF23F928F78C8AF63CE50AFF058B05787E43C034E04EA6CBE30EF","public" 206 | "hash_sha256","96ADA593D54949707437FA39628960B1C5D142A5B1CB371339ACC8F86DBC7678","public" 207 | "hash_sha256","A0E75BD0B0FA0174566029D0E50875534C2FCC5BA982BD539BDEFF506CAE32D3","public" 208 | "hash_sha256","A134F4F4A8D5EFD1529DFE83BA1084083DA36FD3E78963E1D5D127F7649ACB24","public" 209 | "hash_sha256","A4F8FFFF81C13D2BC6BA5F0DED5EA31B73450AD1A0F42C592F1040D46263846A","public" 210 | "hash_sha256","A7A7004ED404980E56F3E9DD4B349A42B39D08B310D32C8EC7DB8D55EE693A93","public" 211 | "hash_sha256","A8163C286A140DD67A8C97631D4EF5799F93DE94A914C3AB1C3026E1688743FA","public" 212 | "hash_sha256","AD7848C78CFB589190A1363EE25C6DB47DD04A577300A4FBE829CE5B71F0FF39","public" 213 | "hash_sha256","AF2C6C59F98C5A172E071A38706255EE56E9E8F7B4A1C575593B862E60F8A2C4","public" 214 | "hash_sha256","B24316E81B6EBF954FAB7A87A211554CDE6986B239792610F8D234D05D2A2A1F","public" 215 | "hash_sha256","B249814A74DFF9316DC29B670E1D8ED80EB941B507E206CA0DFDC4FF033B1C1F","public" 216 | "hash_sha256","B2850795BD5BE0E6556E20FA10160585DEF005C2A5CD8DF2C345A662714BD815","public" 217 | "hash_sha256","B4CAF6949964F75E8DD281AE2AB9947248120C680415B5F5B307532C1DC99B58","public" 218 | "hash_sha256","B61C22C6B74A546EE337B3A6CC2EE1FA9F3E92E93ECED40FE7DF27FFDDC4C0FE","public" 219 | "hash_sha256","B8C0D54F40D0C9DEAFA44860799A54A09C32CC795498BF0E9F2BEF49FA056288","public" 220 | "hash_sha256","B905802B0E600F2988FB4D16EAA6EEC65ED3C5B9735B79DD9A00DFA4D7ABE65E","public" 221 | "hash_sha256","B912F06CF65233B9767953CCF4E60A1A7C262AE54506B311C65F411DB6F70128","public" 222 | "hash_sha256","B93632280602502B9480ABC7C4ACD5C7398004197C4A6013CCD2A4EE4C599591","public" 223 | "hash_sha256","BA114A9B775CCF8215F80094D353B06B3A9FD32E22167E4E06BA986A738EC518","public" 224 | "hash_sha256","BA65D71D06A8201D32EDB98CA54149FB7662BAAC43D8ECD853C90D03F4320DB0","public" 225 | "hash_sha256","BB6AB67DDBB74E7AFB82BB063744A91F3FECF5FD0F453A179C0776727F6870C7","public" 226 | "hash_sha256","BCE9616ED0D829A05CE7DF6C1FB90895A93772EB438ED7B2CC35407C34031666","public" 227 | "hash_sha256","C04860E0ECCE7D3A91C5358AECBAFC495B2A9F0936DABF99DB5F46457776687A","public" 228 | "hash_sha256","C2FDB76EC20047129D5F993917CAE4A73B61204C531121A57A9121910910FBAF","public" 229 | "hash_sha256","C44D1A50EAB5299FE20D742093DF44A617EEEE1E2E0A176BAFD8ED95DD60C6C5","public" 230 | "hash_sha256","C601721933D11254AE329B05882337DB1069F81E4D04CD4550C4B4B4FE35F9CD","public" 231 | "hash_sha256","C7137D350AAF2ACC965763E380255E9FB63D6FEEFAE4ED91C80B70FF022DB855","public" 232 | "hash_sha256","C87F7E0AE64E11EF755083BDE6B756C695D07C6B89633F6FB66CD96214BCD502","public" 233 | "hash_sha256","CBB512C427297C2B67B83E459887B59E3171AD47A22A62D89F03A1EACAB1AC42","public" 234 | "hash_sha256","CE98FEAC673B63A3C030C976C0DD4A0FBA0CD5E124373B390B0F3C7FA761F95E","public" 235 | "hash_sha256","CEE6A7663FAD90C807C9F5EA8F689AFD0E4ECE04F8C55D7A047A7215DB6BE210","public" 236 | "hash_sha256","D1D957406E9177A1AB10BB5A4D2D4DFB3AC971C390F8383EEAA263BDF8038058","public" 237 | "hash_sha256","D3F50DC61D8C2BE665A2D3933E2668448EDC31546FEA84517F8E61237C6D2E5D","public" 238 | "hash_sha256","D5746F82D91620C767339B8852E42422FBE4A833C7674AEDCBDB1B098D28F99A","public" 239 | "hash_sha256","D6C3C83D8549C691972E8FE91277C579EFE83B731D5A1669D42692B0B3A17980","public" 240 | "hash_sha256","D8364DC34CCECE608BEEA861067FA31CAE3F4EF0C3FCDF1804CC88D162C0FF15","public" 241 | "hash_sha256","D8E272F50E1D699870A74F8CBED06A9371212C208BCFA8B3C992A4744E84ED87","public" 242 | "hash_sha256","D92BB6E47CB0A0BDBB51403528CCFE643A9329476AF53B5A729F04A4D2139647","public" 243 | "hash_sha256","DCB1E9C6B066C2169928AE64E82343A250261F198EB5D091FD7928B69ED135D3","public" 244 | "hash_sha256","DE6B41AB72BFA4114C79464D1083737C6DFA55767339D732DB8D2EDD462832ED","public" 245 | "hash_sha256","E019C6F094965C3BCCC0A7BA09BFB09C4FF7059795DA5B66B6E7A7C0AC8EF7EF","public" 246 | "hash_sha256","E1C4603D8354BB53E9BA93B860DB6AE853D64BCE0FE25A37033BFE260EA63F23","public" 247 | "hash_sha256","E345D793477ABBECC2C455C8C76A925C0DFE99EC4C65B7C353E8A8C8B14DA2B6","public" 248 | "hash_sha256","E4249CF9557799E8123E0B21B6A4BE5AB8B67D56DC5BFAD34A1D4E76F7FD2B19","public" 249 | "hash_sha256","E663C1BA289D890A74E33C7E99F872C9A7B63E385A6A4AF10A856D5226C9A822","public" 250 | "hash_sha256","E73F6E1F6C28469E14A88A633AEF1BC502D2DBB1D4D2DFCAAEF7409B8CE6DC99","public" 251 | "hash_sha256","E82ECBE3823046A27D8C39CC0A4ACB498F415549946C9FF0E241838B34ED5A21","public" 252 | "hash_sha256","E9F2F6E47E071ED2A0DF5C75E787B2512BA8A601E55C91AB49EA837FD7A0FC85","public" 253 | "hash_sha256","EB1DF006C34463FAF8325C52C2F132B62ADAAFF37AFC0BD7DDF0274FA30E59D0","public" 254 | "hash_sha256","EDB68223DB3E583F9A4DD52FD91867FA3C1CE93A98B3C93DF3832318FD0A3A56","public" 255 | "hash_sha256","F3EB67B8DDAC2732BB8DCC07C0B7BC307F618A0A684520A04CFC817D8D0947B9","public" 256 | "hash_sha256","F80313B4E2D743C94571A98D1672FFC3BC003209C6315CE2A22A9989AAE051C2","public" 257 | "hash_sha256","F90E8F85F79CBFF664AD3C4758F1BED8A6EBC2A712180D675FF560BEA2B88C65","public" 258 | "hash_sha256","FB2B9163E8EDF104B603030CFF2DC62FE23D8F158DD90EA483642FCE2CEDA027","public" 259 | "hash_sha256","FDC86A5B3D7DF37A72C3272836F743747C47BFBC538F05AF9ECF78547FA2E789","public" 260 | "hash_sha256","FF724631DBA8ABE354C8742F09D88821237632E36C305BA4F1132A95880DDE67","public" 261 | "hash_sha256","FFDB183742A3404C3756BA654EA8EB7983650CBF8FDC4E8A6514870E251F2915","public" 262 | "hash_md5","1CA609E207EDB211C8B9566EF35043B6","public" 263 | "hash_md5","2EC4EEEABB8F6C2970DCBFFDCDBD60E3","public" 264 | "hash_md5","4CD73946B68B2153DBFF7DEE004012C3","public" 265 | "hash_md5","53192B6BA65A6ABD44F167B3A8D0E52D","public" 266 | "hash_md5","65DA1A9026CF171A5A7779BC5EE45FB1","public" 267 | "hash_md5","876FB1B0275A653C4210AAF01C2698EC","public" 268 | "hash_md5","B91162A019934B9CB3C084770AC03EFE","public" 269 | -------------------------------------------------------------------------------- /IOC/OSINT-10-March-2025.csv: -------------------------------------------------------------------------------- 1 | "type","value","source" 2 | "url","http://185.100.157.127/storage/de373d0df/f0eee999","public" 3 | "url","http://193.143.1.205/invoice.php","public" 4 | "url","http://193.143.1.205/up.php","public" 5 | "url","http://38.14.255.23:8077/6Qeq","public" 6 | "url","http://38.14.255.23:8077/jANd","public" 7 | "url","http://9x9o.com","public" 8 | "url","http://auth.portal.pikara.ne.polypheou.jp","public" 9 | "url","http://canvas.pet","public" 10 | "url","http://download.mail.naver.corn-file.kro.kr","public" 11 | "url","http://gitrok.com","public" 12 | "url","http://swapme.fun","public" 13 | "url","http://t.infomail.microsofit.com.polypheou.jp","public" 14 | "url","http://us06web.zoom.us.meet.polypheou.jp","public" 15 | "url","http://www3.icloud.vbox.l.up.tcmp.polypheou.jp","public" 16 | "url","https://booking.procedeed-verific.com/goo_pdf","public" 17 | "url","https://filters14.s3.us-east-2.amazonaws.com","public" 18 | "url","https://gitb.org/watch-click/?=archive","public" 19 | "url","https://payment-confirmation.82736.store/pgg46","public" 20 | "url","https://raw.githubusercontent.com/eagle-1337/x/main/browser.exe","public" 21 | "url","https://raw.githubusercontent.com/eagle-1337/x/main/updater.exe","public" 22 | "url","https://raw.githubusercontent.com/eagle-1337/x/main/vscode.exe","public" 23 | "url","https://viralxgo.com/watch-full-video","public" 24 | "hash_sha256","00001C98E08FA4D7F4924BD1C375149104BD4F1981CEF604755D34CA225F2CE1","public" 25 | "hash_sha256","000E75287631A93264D11FC2B773C61992664277386F45FA19897A095E6A7C81","public" 26 | "hash_sha256","0047D7A61FD9279C9FBA9A604ED892E4EC9D732B10C6562AAB1938486A538B7D","public" 27 | "hash_sha256","00539E997EB6AE5F6F7CB050C3486A6DFB901B1268C13BDFEEEC5B776BF81C1E","public" 28 | "hash_sha256","0419A1942AF24E21F988249DB2C1748509471CCA6B5B7FE9305EAC817C5C4D41","public" 29 | "hash_sha256","06628B0447C94DD270ECAF798BD052891CDA386D504A20D439EB994004FF483C","public" 30 | "hash_sha256","07397A113756805501A3F73A027977011849A90053F2A966053711F442D21B8D","public" 31 | "hash_sha256","07D8A505492566DAEB6174C312A4F7114DC60EFCD1D17FEF12CA0B8D6303FB2B","public" 32 | "hash_sha256","098A18E96C4FB250FFADB3F01D601240C74A4D9F5DF94CB72BD44CC81B80B2AF","public" 33 | "hash_sha256","0B0C8FB59DB1C32ED9D435ABB0F7E2E8C3365325D59B1F3FEEBA62B7DC0143EE","public" 34 | "hash_sha256","0FF87724012499381266E5EB8481117ED4549F44FA88BE2C517AFEE899C2179F","public" 35 | "hash_sha256","112AEABC6CC7E0CBC42E006C868BA538F39B50617FC652A129E399AE6005FA17","public" 36 | "hash_sha256","1661E8F8758526F913E4400AF8DBFA7587794BA9345F299FA50373C7140E5819","public" 37 | "hash_sha256","16D2F6194D1B1989FBEF4572055DBF62A0D6A2570B316AC15722192F1C559A50","public" 38 | "hash_sha256","1BCE694F9F811982EB01D381A69CDD56C3FA81D113E41B5ACB902EC66EC942B1","public" 39 | "hash_sha256","1CF2BDB1CDD34BB50D60F21B8208041913747B8DECA5F26AA187D2E8C0E9A105","public" 40 | "hash_sha256","21B99435D0CF1F9845FEB795C83CBF9D10211E6BC26460F4CDCFCD57569054FE","public" 41 | "hash_sha256","270B8685104389B8341DC7C68FB362579170B82BFFE89CC964CB27C10E496F08","public" 42 | "hash_sha256","2B8BE1BBAF17A69326F65096A31054A1198E66A83E31C37D1EEE1C2580D6C7FA","public" 43 | "hash_sha256","31389CB2F067020F181462BAB3519C22FD88DA084012729E9EDF79D15427B86F","public" 44 | "hash_sha256","37BF1269A21CBA22AF239E734DE043F1D08D61B44414BCF63B1B9198E6A8BC87","public" 45 | "hash_sha256","381695385BDE0F96AD93DCBAB79B3FC40F84E497C0B6AFD087D2F1A2FBF824C3","public" 46 | "hash_sha256","3C6511B15E3B0E8C378A549347FA0F0745FD371AAA86206CB03528FDC0A23B29","public" 47 | "hash_sha256","3D8187853D481C74408D56759F427E2C3446E9310C2D109FD38A0F200696C32D","public" 48 | "hash_sha256","411E6413AFC5DADC63F69DD37D25F23DFEE1FBD5EFF1A591BA33DFC38CA5A4FD","public" 49 | "hash_sha256","4AF6E5A266577CCC2DCA9FCBE2F56A9673947F6F3B5B9D1D7EB740613FCE80D4","public" 50 | "hash_sha256","4D084A7E0C656D038D3176E97A4F807D094CE78F6B1F92A6ADA7B93CF6A7CF03","public" 51 | "hash_sha256","51796EFFE230D9ECA8EC33EB17DE9C27E9E96AB52E788E3A9965528BE2902330","public" 52 | "hash_sha256","522FD6A56589F3CE764C88846006CCA8C37CCBB286C6D2754EA979A59909271D","public" 53 | "hash_sha256","52C606609DAB25CDD43F831140D7F296D89F9F979E00918F712018E8CC1B6750","public" 54 | "hash_sha256","532F4C9C72F1C77531A55F7811371AA65F85FC3A768D792482CAB3381CDD29B3","public" 55 | "hash_sha256","5588D1C5901D61BB09CD2FC86D523E2CCBC35A0565FD63C73B62757AC2EE51F5","public" 56 | "hash_sha256","57D0B8A89B216AADB6525BCCFDB67917D52E239856AE9011721E84746B99571E","public" 57 | "hash_sha256","58CF64E33543791869A0F08776BCFE515FD6DA36942045BED0AE0C21305442A5","public" 58 | "hash_sha256","605CC564A0D25571F24791652FF8F47ABF491104E0209CDDBEA7621B6C423CC0","public" 59 | "hash_sha256","623A43B826F95DC109F7B46303C6566298522B824E86A928834F12AC7887E952","public" 60 | "hash_sha256","64C9723E61808E95716485B020F24CE3DADFD982E2BF3E94E7EE5E8CED388DC2","public" 61 | "hash_sha256","695E038452A656D58471F284EDB8D81754B78258A6AFD3D8F62AE8A47C3130D9","public" 62 | "hash_sha256","6B249D6421F4C8C04CA11FEBB0244F333AA49CA6A28FEEE62B7C681960A86AD5","public" 63 | "hash_sha256","6B5A75DCC505AC1C065844BE27EE6D4693AC51ABFC04AAF9BBFC1A06E69A19FD","public" 64 | "hash_sha256","6C36D61AD03E33DC3BC5D26E336855C4AB147541CCB989A35D3ED470FD1D521F","public" 65 | "hash_sha256","71FE618A360C3D077AF47DDB17B35DE5300C94D3F46FB173A039C01D8CA6B86C","public" 66 | "hash_sha256","725DF91A9DB2E077203D78B8BEF95B8CF093E7D0EE2E7A4F55A30FE200C3BF8F","public" 67 | "hash_sha256","73D908725A08DCFEBF300EF187DAB1C5BA1C3CBA8343C678DF49335BA7E89E47","public" 68 | "hash_sha256","76B1237D26B94EB75ED600BA51D4B2414A8DA48A30D06973921BCD0EE9FAC761","public" 69 | "hash_sha256","78F69097A5BA8480E39D735732D22319D7F4D05002940D99B326970353C8A545","public" 70 | "hash_sha256","7B3BD767FF532B3593E28085940646F145B9F32F2AE97DFA7CDD652A6494257D","public" 71 | "hash_sha256","7D222BB62AE995479F05D4BDDAA0B7D6DD7ADE8D9C438214B00CC1D1BE9B9DB1","public" 72 | "hash_sha256","7D5AB794DE22EBC90099273F96708BB378F9C7E87C9F902ED526A977A0791F36","public" 73 | "hash_sha256","8015B6036ECBAE1F9E850AF6BDF361D7598201CD4D4C55AE334ED72CF17BA94D","public" 74 | "hash_sha256","829C5A07B065B15969EA8C519705D64FC4C1C39C05E898FC9ABFBDB289C484D5","public" 75 | "hash_sha256","83290B2F6E7B3FB1BCFA90ED1E550ACAEB85C7DC0CB4476B35818436AF9395D2","public" 76 | "hash_sha256","837DC4E83FCEFC8334384C88D672EB2DEE31BCEB64657CA7BB4322536A810192","public" 77 | "hash_sha256","872A754101510BDC6C0F02399E44724F72922CD8066BDC8DCD75AA4B1F2E2268","public" 78 | "hash_sha256","8C408B29CBD76F60ECDF703F737408C5C0AE4D87BFA9C43F3307A36DF408122B","public" 79 | "hash_sha256","90B7B711F56F00A1FA08A7A29F2CD8602B8AA1A0D78986DBFC9F64E38AC6CECD","public" 80 | "hash_sha256","95C101A0164AF189CC282EB2D67E143B42E6D57D7EF396D59715A355A3162B96","public" 81 | "hash_sha256","977198C47D5E7F049C468135F5BDE776C20DCD40E8A2ED5ADB7717C2C44BE5B9","public" 82 | "hash_sha256","989F58C86343704F143C0D9E16893FAD98843B932740B113E8B2F8376859D2DD","public" 83 | "hash_sha256","9C49266E315EB76CE73CBE542CFD2BBF28844689944AC8776DAECBDCDECD8CF8","public" 84 | "hash_sha256","9D9829FF50F5195EF4C1EBEE6CF430C013AD47665657EF9A6C3BC0B9911A40C4","public" 85 | "hash_sha256","9EA760274186449A60F2B663F535C4FBBEFA74BC050DF07614150E8321ECCDB7","public" 86 | "hash_sha256","A02BDD3DB4DFEDE3D6D8DB554A266BF9F87F4FA55EE6CDE5CBE1ED77C514CDEE","public" 87 | "hash_sha256","A2F493769C0CD1CB3518571678F071588D683703ED368830F15405C1EB4028B2","public" 88 | "hash_sha256","A5210AAA9EB51E866D9C2EF17F55C0526732EACB1A412B910394B6B51246B7DA","public" 89 | "hash_sha256","A66FAA1BB8ACEFFD44FC314F42D155DF7440F4D979AE6E4CD1214A056FD3A12F","public" 90 | "hash_sha256","AAF43AAB8C08B41682F2B682B05D612651A2B43E235ABC06BB5C4FDE01BF50BE","public" 91 | "hash_sha256","AD5F610E8FB4F0D74D5D761532C8C8B2B9E01A2A402BA89389794D15ECCA8337","public" 92 | "hash_sha256","AFD9FB1DD236BC64BFF766B0BAC741371D618981BBC96B4B586A7D4A1E148D14","public" 93 | "hash_sha256","B0D20A3DCB937DA1DDB01684F6040BDBB920AC19446364E949EE8BA5B50A29E4","public" 94 | "hash_sha256","C124F307FFBFDBA7190C0DF9651E895C720962094A78A0AF347B2F1E7A8962D0","public" 95 | "hash_sha256","C5F07DE4D69742B5A4492F87902C1907948149052A9522719B1F14AB3CB03515","public" 96 | "hash_sha256","CBB84155467087C4DA2EC411463E4AF379582BB742CE7009156756482868859C","public" 97 | "hash_sha256","CC151456CF7DF7FF43113E5F82C4CE89434AB40E68CD6FB362E4AE4F70CE65B3","public" 98 | "hash_sha256","CC70570DD68A01EF43497C13EA7E5620256208B73BD1E4487F3BF0C91617169F","public" 99 | "hash_sha256","CCEDC244AD5933537231139E24B4CAD0DF3E44D3B2944EF3B28DEA5973396185","public" 100 | "hash_sha256","CEC655CC4C6BFCBC336D3AFC4E5537E619BCF58329D291A51F39B3D3A250E962","public" 101 | "hash_sha256","D72F4EF2E5CAEA42749D542384B6634E65E29F3AEF5D09A9C231CC09E76E4988","public" 102 | "hash_sha256","DB3FE436F4EEB9C20DC206AF3DFDFF8454460AD80EF4BAB03291528E3E0754AD","public" 103 | "hash_sha256","E4FC16FB36A5CD9E8D7DFE42482E111C7CE91467F6AC100A0E76740B491DF2D4","public" 104 | "hash_sha256","EA14B44EB179EBA81A5C5D645355479B5061604C54AB02D982F49EE9BB811626","public" 105 | "hash_sha256","ECB7EE118B68B178E62B68A7E2AAEE85BAFC8B721CB9CEE30D009A0C96E59CEF","public" 106 | "hash_sha256","F2836437090BFB8FF878C9A8AEE28E036ADC4AD7C73A51623C5C6FF12445A741","public" 107 | "hash_sha256","F5C54FCE6C9E2F84B084BBF9968C9A76D9CD74A11CCF4FCBA29DBE2E4574E3D7","public" 108 | "hash_sha256","F687FE9966F7A2CB6FDC344D62786958EDC4A9D9B8389A0E2FEA9907F90CFDE2","public" 109 | "hash_sha256","F70BC9A8E39EB36547717197EFE88173C23C1B9C206D253F0E24A8AAADF0F915","public" 110 | "hash_sha256","F7396835D69675B138D0E2BEE9B4CEB0A048BF705CB2F1012F1EEE51E406D6E6","public" 111 | "hash_sha256","F98A335A128A062323476454AE7C5490C5A134461AB49EE05AFA81B4714D033C","public" 112 | "hash_sha256","FCFB94820CB2ABBE80BDB491C98EDE8E6CFA294FA8FAF9BEA09A9B9CEAE35BF3","public" 113 | "domain","353827-coinbase.com","public" 114 | "domain","alphabit.vc","public" 115 | "domain","alturastreet.icu","public" 116 | "domain","app.deapseek.com","public" 117 | "domain","app.delpaseek.com","public" 118 | "domain","b8-crypt0x.com","public" 119 | "domain","binghost7.com","public" 120 | "domain","blackangel.dev","public" 121 | "domain","browser-storage.com","public" 122 | "domain","calendly-storage.com","public" 123 | "domain","chatgpt-storage.com","public" 124 | "domain","concur.net.co","public" 125 | "domain","conferx.live","public" 126 | "domain","deep-seek.bar","public" 127 | "domain","deep-seek.rest","public" 128 | "domain","deepseek-ai-soft.com","public" 129 | "domain","deepseek-pc-ai.com","public" 130 | "domain","deepseek-storage.com","public" 131 | "domain","deepseek.exploreio.net","public" 132 | "domain","dpsk.dghjwd.cn","public" 133 | "domain","encrypthub.us","public" 134 | "domain","fsf.velirax.ru","public" 135 | "domain","fuckedserver.net","public" 136 | "domain","global-protect.net","public" 137 | "domain","global-protect.us","public" 138 | "domain","hao771.sharepoint.com","public" 139 | "domain","healthy-cleanse-fit.com","public" 140 | "domain","host3ar.com","public" 141 | "domain","jobstreet-storage.com","public" 142 | "domain","malwarehunterteam.net","public" 143 | "domain","manyanshe.com","public" 144 | "domain","meets-gooie.com","public" 145 | "domain","paloaltonworks.com","public" 146 | "domain","pumpkinrab.com","public" 147 | "domain","r1-deepseek.net","public" 148 | "domain","resourcerepgroup.com","public" 149 | "domain","sharegolem.com","public" 150 | "domain","uzgw.welsiolopyro.ru","public" 151 | "domain","v3-deepseek.com","public" 152 | "domain","v3-grok.com","public" 153 | "hash_sha1","3920F3C63686514E8E0288F8227E92C969D690E5","public" 154 | "hash_sha1","AC9952BCFCECAB7400E837D55F91E9A5EEB67D07","public" 155 | "hash_sha1","B5A5BD9F727623B2EEEA051E1DD7D57705DAA03A","public" 156 | "ip","103.130.145.210","public" 157 | "ip","104.129.22.2","public" 158 | "ip","113.20.30.139","public" 159 | "ip","118.31.18.77","public" 160 | "ip","134.195.197.175","public" 161 | "ip","167.88.61.250","public" 162 | "ip","169.38.132.135","public" 163 | "ip","169.57.129.31","public" 164 | "ip","172.93.100.166","public" 165 | "ip","172.96.141.172","public" 166 | "ip","185.108.128.54","public" 167 | "ip","195.123.241.24","public" 168 | "ip","207.90.238.46","public" 169 | "ip","38.14.255.23","public" 170 | "hash_md5","0C380D648C0C4B65FF66269E331A0F00","public" 171 | "hash_md5","155BDB53D0BF520E3AE9B47F35212F16","public" 172 | "hash_md5","1F52EC40D3120014BB9C6858E3BA907F","public" 173 | "hash_md5","3E5C2097FFB0CB3A6901E731CDF7223B","public" 174 | "hash_md5","4EF18B2748A8F499ED99E986B4087518","public" 175 | "hash_md5","574ED9859FCDCC060E912CB2A8D1142C","public" 176 | "hash_md5","5C5C617B53F388176173768AE19952E8","public" 177 | "hash_md5","6D097E9EF389BBE62365A3CE3CBAF62D","public" 178 | "hash_md5","7088986A8D8FA3ED3D3DDB1F5759EC5D","public" 179 | "hash_md5","7CB0CA44516968735E40F4FAC8C615CE","public" 180 | "hash_md5","91B7CFD1F9F08C24E17D730233B80D5F","public" 181 | "hash_md5","9808B8430667F896BCC0CB132057A683","public" 182 | "hash_md5","A14794984C8F8AB03B21890ECD7B89CB","public" 183 | "hash_md5","A2A9EEB3113A3E6958836E8226A8F78F","public" 184 | "hash_md5","AC5CB1C0BE04E68C7AEE9A4348B37195","public" 185 | "hash_md5","E1EA1B600F218C265D09E7240B7EA819","public" 186 | -------------------------------------------------------------------------------- /IOC/OSINT-12-MAy-2025.csv: -------------------------------------------------------------------------------- 1 | "type","value","source" 2 | "hash_md5","0BCD4F14E7D8A3DC908B5C17183269A4","public" 3 | "hash_md5","17158538B95777541D90754744F41F58","public" 4 | "hash_md5","227FA46CF2A4517AA1870A011C79EB54","public" 5 | "hash_md5","2DA2F53FFD9969AA8004D0E1060D2ED1","public" 6 | "hash_md5","3C54D788DE1BF6BD2E7BC7AF39270540","public" 7 | "hash_md5","46F142198EEEADC30C0B4DDFBF0B3FFD","public" 8 | "hash_md5","5F6F79D276A2D84E74047358BE4F7EE1","public" 9 | "hash_md5","714165B06A462C9ED3D145BC56054566","public" 10 | "hash_md5","B1E8602E283BBBDF52DF642DD460A2A2","public" 11 | "hash_md5","C16AA3276E4BCBBE212D5182DE12C2B7","public" 12 | "hash_md5","EBB5FB96BF2D8DA2D9F0F6577766B9F1","public" 13 | "hash_md5","EC103191C61E4C5E55282F4FFB188156","public" 14 | "domain","198.45.54.34.bc.googleusercontent.com","public" 15 | "domain","access-shupfify.com","public" 16 | "domain","account.datedeath.com","public" 17 | "domain","account.turnkeycashsite.com","public" 18 | "domain","accuont-app-deel.cc","public" 19 | "domain","admin-shoopiffy.com","public" 20 | "domain","admin-shopffy.cc","public" 21 | "domain","angelistt.com","public" 22 | "domain","app-parker.com","public" 23 | "domain","biilll.com","public" 24 | "domain","ctelllo.com","public" 25 | "domain","deel.za.com","public" 26 | "domain","founderga.com","public" 27 | "domain","ipresale.world","public" 28 | "domain","justvvokrs-login.cc","public" 29 | "domain","login-biil.net","public" 30 | "domain","login-deel.app","public" 31 | "domain","maqreta.com","public" 32 | "domain","shluhify.com","public" 33 | "domain","virluaterminal.net","public" 34 | "domain","vye-starr.net","public" 35 | "url","http://doefstf.ryanberardi.com","public" 36 | "url","http://doefstf.ryanberardi.com/ikskck","public" 37 | "url","http://dtde.ryanberardi.com","public" 38 | "url","http://dtde.ryanberardi.com/ikskck","public" 39 | "url","https://api.incapdns.kz/v1","public" 40 | "url","https://backstabprotection.jamesx123.repl.co","public" 41 | "url","https://backstabprotection.jamesx123.repl.co/output","public" 42 | "url","https://beta.w3.org.kz/release/info","public" 43 | "url","https://blog.jasonlees.com/latestnews/info","public" 44 | "url","https://cast.voxcdn.kz/yui/yui-min.js","public" 45 | "url","https://contactlistsagregator.com/j2378745678674623/ajax.php","public" 46 | "url","https://developer.master.org.kz/api/v1","public" 47 | "url","https://etcady.xin/pay","public" 48 | "url","https://host.moresecurity.kz/host/info","public" 49 | "url","https://kzongfd.bo5wfb0f9.top/Kfade","public" 50 | "url","https://onlinemail.kz/version44/info","public" 51 | "url","https://report.monicabellucci.kz/295693495/info","public" 52 | "url","https://ssl.gstatic.kz/ui/v2","public" 53 | "url","https://stats.wp.org.kz/license.txt","public" 54 | "url","https://sunpass.com-tyjr.cc/pay","public" 55 | "url","https://tool.municipiodechepo.org/id/243149","public" 56 | "url","https://uhlkg.cn/HJmOkggh","public" 57 | "url","https://upload1.am.remote.management","public" 58 | "url","https://upload2.am.remote.management","public" 59 | "url","https://upload3.am.remote.management","public" 60 | "url","https://upload4.am.remote.management","public" 61 | "hash_sha256","02CE477A07681EE1671C7164C9CC847B01C2E1CD50E709F7E861EAAB89C69B6F","public" 62 | "hash_sha256","03B5C76AD07987CFA3236EAE5F8A5D42CEF228DDA22B392C40236872B512684E","public" 63 | "hash_sha256","0759B628512B4EAABC6C3118012DD29F880E77D2AF2FECA01127A6FCF2FBBF10","public" 64 | "hash_sha256","080E29E52A87D0E0E39ECA5591D7185FF024367DDADED3E3FD26D3DBDB096A39","public" 65 | "hash_sha256","0AF266246C905431E9982DEAB4AD38AAA63D33A725FF7F7675EB23DD75CA4D83","public" 66 | "hash_sha256","0DE612EA433676F12731DA515CB16DF0F98817B45B5EBC9BBF121D0B9E59C412","public" 67 | "hash_sha256","0EF66087D8F23CAF2C32CC43DB010FFE66A1CD5977000077EDA3A3FFCE5FA65F","public" 68 | "hash_sha256","1182B8E97DAF59AD5ABD1CB4B514436249DD4D36B4F3589B939D053F1DE8FE23","public" 69 | "hash_sha256","13F7599C94B9D4B028CE02397717A1282A46F07B9D3E2F8F2B3213FA8884B029","public" 70 | "hash_sha256","14C1CB13FFC67B222B42095A2E9EC9476F101E3A57246A1C33912D8FE3297878","public" 71 | "hash_sha256","15606C5CD0E536512A574C508BD8A4707AACE9E980AB4016CE84ACABED0AD3BE","public" 72 | "hash_sha256","1665387C632391E26E1606269FB3C4DDBDF30300FA3E84977B5974597C116871","public" 73 | "hash_sha256","184788267738DFA09C82462821B1363DBEC1191D843DA5B7392EE3ADD19B06FB","public" 74 | "hash_sha256","2850A346ECB7AEBEE3320ED7160F21A744E38F2D1A76C54F44C892FFC5C4AB77","public" 75 | "hash_sha256","28A0596B9C62B7B7ACA9CAC2A07B067109F27D327581A60E8CB4FAB92F8F4FA9","public" 76 | "hash_sha256","2FEF6C59FBF16504DB9790FCC6759938E2886148FC8ACAB84DBD4F1292875C6C","public" 77 | "hash_sha256","3233668D2E4A80B17E6357177B53539DF659E55E06BA49777D0D5171F27565DD","public" 78 | "hash_sha256","3E4E78A3E1C6A336B17D8AED01489AB09425B60A761FF86F46AB08BFCF421EAC","public" 79 | "hash_sha256","3F4CAC516B8F2CCB6F10042100369C018D8671972FAD360977FE522FD47E06C6","public" 80 | "hash_sha256","402BE231F1C9258BB1510962B15C3EA5410E54F97E3269CD6CD4C355822798D1","public" 81 | "hash_sha256","4787DF4EEA91D9CEB9E25D9EB7373D79A0DF4A5320411D7435F9A6621DA2FD6B","public" 82 | "hash_sha256","47F60C25AB5BB07DC3F65694302991A0796A29021B570A2335ACDA8196DD2B52","public" 83 | "hash_sha256","4C7ACCBA35EDD646584BB5A40AB78F963DE45E5FC816E62022CD7AB1B01DAE9C","public" 84 | "hash_sha256","51FA1D7B95831A6263BF260DF8044F77812C68A9B720DAD7379AE96200B065DD","public" 85 | "hash_sha256","527A40F5F73AEB663C7186DB6E8236EEC6F61FA04923CDE560EBCD107911C9FF","public" 86 | "hash_sha256","56755AABA6DA17A9F398C3659237D365C52D7D8F0AF9EA9CCDE82C11D5CF063F","public" 87 | "hash_sha256","57A90105AD2023B76E357CF42BA01C5CA696D80A82F87B54AEA58C4E0DB8D683","public" 88 | "hash_sha256","5DADC559F2FB3CFF1588B262DEB551F96FF4F4FC05CD3B32F065F535570629C3","public" 89 | "hash_sha256","63CDE9758F9209F15EE4068B11419FEAD501731B12777169D89EBB34063467EA","public" 90 | "hash_sha256","6B85D707C23D68F9518E757CC97ADB20ADC8ACCB33D0D68FAF1D8D56D7840816","public" 91 | "hash_sha256","6BC411D562456079A8F1E38F3473C33ADE73B08C7518861699E9863540B64F9A","public" 92 | "hash_sha256","6D7374B4F977F689389C7155192B5DB70EE44A7645625ECF8163C00DA8828388","public" 93 | "hash_sha256","6FB006ECC8B74E9E90D954FA139606B44098FC3305B68DCDF18C5B71A7B5E80F","public" 94 | "hash_sha256","72864BD09C09FE95360EDA8951C5EA190FBB3D3FF4424837EDF55452DB9B36FB","public" 95 | "hash_sha256","79B041CEDEF44253FDDA8A66B54BDD450605F01BBB77EA87DA31450A9B4D2B63","public" 96 | "hash_sha256","81BCF866BD94D723E50CE791CEA61B291E1F120F3FC084DC28CBE087B6602573","public" 97 | "hash_sha256","858EFE4F9037E5EFEBADAAA70AA8AD096F7244C4C4AEADE72C51DDAD23D05BFE","public" 98 | "hash_sha256","8AF28BB7E8E2F663D4B797BF3DDBEE7F0A33F637A33DF9B31FBB4C1CE71B2FEE","public" 99 | "hash_sha256","908A128F47B7F34417053952020D8BBDACF3AED1A1FCF4981359E6217B7317C9","public" 100 | "hash_sha256","95D008F7F6F6F5E3A8E0961480F0F7A213FA7884B824950FE9FB9E40D918A164","public" 101 | "hash_sha256","9C21ADBCB2888DAF14EF55C4FA1F41EAA6CBFBE20D85C3E1DA61A96A53BA18F9","public" 102 | "hash_sha256","A2C17F5C7ACB05AF81D4554E5080F5ED40B10E3988E96B4D05C4EE3E6237C31A","public" 103 | "hash_sha256","A37463862628876CECFC4F55C712F79A150CDC6AE3CF2491A39CC66DADCF81EB","public" 104 | "hash_sha256","A71E274FC3086DE4C22E68ED1A58567AB63790CC47CD2E04367E843408B9A065","public" 105 | "hash_sha256","B2CBA01AE6707CE694073018D948F82340B9C41FB2B2BC49769F9A0BE37071E1","public" 106 | "hash_sha256","B53F9C2802A0846FC805C03798B36391C444AB5EA88DC2B36BFFC908EDC1F589","public" 107 | "hash_sha256","B55CDCE773BC77EE46B503DBD9430828CC0F518B94289FBFA70B5FBB02AB1847","public" 108 | "hash_sha256","BC56676F0DA4B0FBA57AAA51D390732E40EF713909E5A70BB30264B724A65921","public" 109 | "hash_sha256","BD49B2DB669F920D96008047A81E847BA5C2FD12F55CFCC0BB2B11F475CDF76F","public" 110 | "hash_sha256","C484D3394B32E3C7544414774C717EBC0CE4D04CA75A00E93F4FB04B9B48ECEF","public" 111 | "hash_sha256","C56E277FD98FC2C28F85566D658E28A19759963C72A0F94F82630D6365E62C4F","public" 112 | "hash_sha256","CA11EB7B9341B88DA855A536B0741ED3155E80FC1AB60D89600B58A4B80D63A5","public" 113 | "hash_sha256","CCB05CA9250093479A6A23C0C4D2C587C843974F229929CD3A8ACD109424700D","public" 114 | "hash_sha256","D1EFEBCCA578357EA7AF582D3860FA6C357D203E483E6BE3D6F9592265F3B41C","public" 115 | "hash_sha256","E2171735F02F212C90856E9259FF7ABC699C3EFB55EEB5B61E72E92BEA96F99C","public" 116 | "hash_sha256","E34B8C9798B92F6A0E2CA9853ADCE299B1BF425DEDB29F1266254AC3A15C87CD","public" 117 | "hash_sha256","EBDEFA6F88E459555844D3D9C13A4D7908C272128F65A12DF4FB82F1AEAB139F","public" 118 | "hash_sha256","F52B4D81C73520FD25A2CC9C6E0E364B57396E0BB782187CAF7C1E49693BEBBF","public" 119 | "hash_sha256","F5EFD939372F869750E6F929026B7B5D046C5DAD2F6BD703FF1B2089738B4D9C","public" 120 | "hash_sha256","F68AE2C1D42D1B95E3829F08A516FB1695F75679FCFE0046E3E14890460191CF","public" 121 | "hash_sha256","F7A405795F11421F0996BE0D0A12DA743CC5AAF65F79E0B063BE6965C8FB8016","public" 122 | "hash_sha256","F873352564A6BD6BD162F07EB9F7A137671054F7EF6E71D89A1398FB237C7A7B","public" 123 | "hash_sha256","FD93D7A9F884E0B63106E669A10B8FAEAAAFDA49FAC05A66D8581C9E9AA31AD3","public" 124 | -------------------------------------------------------------------------------- /IOC/OSINT-17 Feb-IOC-List.csv: -------------------------------------------------------------------------------- 1 | "type","value","source" 2 | "domain","668th.com","public" 3 | "domain","798.toptopkm88.com","public" 4 | "domain","89vq.me","public" 5 | "domain","aafd.tv","public" 6 | "domain","all.targetedtrafficcrew.com","public" 7 | "domain","bb.vdfskis888.com","public" 8 | "domain","br.ruicaisiwang.com","public" 9 | "domain","br.zmdesf.cn","public" 10 | "domain","brcknkblue.com","public" 11 | "domain","bryyds.com","public" 12 | "domain","checkponit.com","public" 13 | "domain","chem-db.com","public" 14 | "domain","community.rmobileappdevelopment.workers.dev","public" 15 | "domain","coronavg99.xyz","public" 16 | "domain","cvsend.resumeexpert.cloud","public" 17 | "domain","datascience.iotconnectivity.workers.dev","public" 18 | "domain","eglotanygfa.vip","public" 19 | "domain","ferp.googledns.io","public" 20 | "domain","fortineat.com","public" 21 | "domain","googleseo.life","public" 22 | "domain","hk-dns.secssl.com","public" 23 | "domain","hk-dns.winsiked.com","public" 24 | "domain","hk-dns.wkossclsaleklddeff.io","public" 25 | "domain","hk-dns.wkossclsaleklddeff.is","public" 26 | "domain","html.aafd.tv","public" 27 | "domain","js.cloudflare.cyou","public" 28 | "domain","js.officefonts-clo.com","public" 29 | "domain","js.targetedtrafficcrew.com","public" 30 | "domain","jsc.bet277.vip","public" 31 | "domain","jsc.olacityviet.com","public" 32 | "domain","jumpsexxx.com","public" 33 | "domain","ldy.vdfskis888.com","public" 34 | "domain","link.topck008.com","public" 35 | "domain","link.toptoplm88.com","public" 36 | "domain","link.vdfskis888.com","public" 37 | "domain","live.itsmartuniverse.workers.dev","public" 38 | "domain","ll.olacityviet.com","public" 39 | "domain","lucky.668823.com","public" 40 | "domain","mia.nl.tab.digital","public" 41 | "domain","newth.googlecache.cc","public" 42 | "domain","newthmap.googlecache.cc","public" 43 | "domain","phpmap.googlecache.cc","public" 44 | "domain","poster.checkponit.com","public" 45 | "domain","proxy.xxxx.com","public" 46 | "domain","qiqiguaiguai2.xyz","public" 47 | "domain","s995.vip","public" 48 | "domain","se2.ggseocdn.com","public" 49 | "domain","se2.ggseocdn2.com","public" 50 | "domain","site.toptopkm88.com","public" 51 | "domain","sitemap.bet277.vip","public" 52 | "domain","sitemap1.bet277.vip","public" 53 | "domain","six2fc.com","public" 54 | "domain","sm.vbigdatasolutions.workers.dev","public" 55 | "domain","spider.xxxx.com","public" 56 | "domain","support.fortineat.com","public" 57 | "domain","support.vmphere.com","public" 58 | "domain","tdk.798love.com","public" 59 | "domain","tdkgpt.yyds6686.com","public" 60 | "domain","th.ntxx.cn","public" 61 | "domain","topck008.com","public" 62 | "domain","tz123.app","public" 63 | "domain","update.hobiter.com","public" 64 | "domain","vg9920.store","public" 65 | "domain","vn.coronavg99.com","public" 66 | "domain","vn6789sky.com","public" 67 | "domain","vnfll22.keeploong.com","public" 68 | "domain","wailian.brcknkblue.com","public" 69 | "domain","wailian.eglotanygfa.vip","public" 70 | "domain","wailian.vn6789sky.com","public" 71 | "domain","wailian.zavinac.net","public" 72 | "domain","www.jumpiis8.com","public" 73 | "domain","www.m2313.com","public" 74 | "domain","www.xiagao886.com","public" 75 | "domain","www.xxxx.vip","public" 76 | "domain","yitongmingde.com","public" 77 | "domain","yyds.tmpdrsh.com","public" 78 | "domain","zavinac.net","public" 79 | "hash_md5","CB801EF4D92394F984F726C9FC4F8315","public" 80 | "hash_sha1","23E6D0FD3BBC71C0188ACAB43D454C39FA56D206","public" 81 | "hash_sha1","D7B115003784AC2A595083795ABFFE68D834CDF0","public" 82 | "url","http://78.135.93.123/yaarsa/private/yarsap_80541.php","public" 83 | "url","http://jilas.net/files/222.txt","public" 84 | "url","http://server.yaarsa.com/con","public" 85 | "url","https://cvsend.resumeexpert.cloud/id/45bc4c3c-e212-43ab-a5d3-1a668c2df00e/kAal108","public" 86 | "url","https://github.com/Sam-cpu999/stuff/raw/main/MEMZ.exe","public" 87 | "url","https://pghnetworks.com/wp-content/uploads/2018/06/Blog-pic.jpg","public" 88 | "url","https://th.bing.com/th/id/OIP.nQu9CQ9gM84Pblh6AgykIgHaHa?rs=1&pid=ImgDetMain","public" 89 | "url","https://thugging.org/static/3.mp4","public" 90 | "url","https://thugging.org/static/kkk.png","public" 91 | "url","https://tvipguncelpro.com","public" 92 | "hash_sha256","01577F5B0869154FB678BCF86EEF50AFCEB5FC189C87B2085FE5FCDF74CD6FF0","public" 93 | "hash_sha256","02DBA6F34480EAC1D27C83A4FF06E3BA03FC63FCF3067E0957375BFD182ED39B","public" 94 | "hash_sha256","02E98650E89146F0BDDF29DD73165B9993D52F966D6194D375B6F0FCF737C38A","public" 95 | "hash_sha256","03BC0DDFA59CFA290C426396F1C5FFF45BD2C3EF90152CAFC7C662C075DFC7D8","public" 96 | "hash_sha256","04241BC4CE9CECE5644CD7F8F86EDE7DEF5CB6122B2F3B5760C2C3556DA34A7D","public" 97 | "hash_sha256","0455B08439CD4D4283865F3120000338D9920AA95E88448DCD3B493CC0720B10","public" 98 | "hash_sha256","061FDBF0C61A29D31406887A40B4F6A551600F7366A711ECCE6063F61965308D","public" 99 | "hash_sha256","071D3AD980EA77A9041C580015B2796D3D5D471C2FC1039C8F381501EFB3CDA0","public" 100 | "hash_sha256","08F965F640A3EC1C3AA9C31033455FAD02550485D0D5B6FE33553D374775F18A","public" 101 | "hash_sha256","0F7DF7AC22957DA6A793F641CDA611C2C2A294355D4D19B29B6920853A012D98","public" 102 | "hash_sha256","11F0074ED041D32A56A5599ECB924F4AD87FD3B5C38BE799AAA9B8944D6F5656","public" 103 | "hash_sha256","12E4817ABC69918B8556A4F18371C803DB3D5191031CB56F835EC33CDB12F0D9","public" 104 | "hash_sha256","13341C5171C34D846F6D0859E8C45D8A898EB332DA41AB62BCAE7519368D2248","public" 105 | "hash_sha256","134F9D27CF66BC7FDE695E5A213FC13FBC327D1F4E977A517B24EF5459D15C9C","public" 106 | "hash_sha256","13F094D3EEBE9D700360868006AC022A622EC606628ADCC3782123D5092224D1","public" 107 | "hash_sha256","15AF8C34E25268B79022D3434AA4B823AD9D34F3EFC6A8124ECF0276700ECC39","public" 108 | "hash_sha256","15C2270A2261D76D86931853850D2D37D69FDD98CF6A3426A325F5E8EB98478C","public" 109 | "hash_sha256","186CD8D9998D6C4E2D12A1370056BA910A6F8A2176C8B0C9362A868830FCFB07","public" 110 | "hash_sha256","18939C40DD601550DA9F07D8115F4B19BEC422DF4ADA9358BAC9BD9E9AC94E94","public" 111 | "hash_sha256","1BB1187DAFF9610A0C142B48BC04D3E883344CA0ECA8FE915D6A02FB3E7571FF","public" 112 | "hash_sha256","1CB60C7A121187978661B4BDA84279F2324A5779B3F58BAC11470A73FE544F6A","public" 113 | "hash_sha256","21A61777B0F725DD0DBDB2ECD0DD66E952012E94894E71C306059990C2AFE377","public" 114 | "hash_sha256","22CEBB4F0FE6F4377E91B1E19204EFF0F744D316B8C900377D8DB4AA4F457801","public" 115 | "hash_sha256","2496BFE15E283AFFDFCD7F1DE9134227671E2CDDFB726B46829FA966ABB9AC96","public" 116 | "hash_sha256","24AAFE0A2033E2E5CA231EBCA0E3C56740754A97CA1F5062305E6B30222FC0EE","public" 117 | "hash_sha256","2B307F11AE418931674156425C47FF1C0645FB0B160290CD358599708FF62668","public" 118 | "hash_sha256","2B725322F9A019B0106A084694C18FBB8604CF64C65182153C4D67FF3ADF4E48","public" 119 | "hash_sha256","2E20CE7BC1E653737F05C910759FD2E420FE28F77F80A6D8E7C9346809E4DCE7","public" 120 | "hash_sha256","2EC893440E04DE55BC6BBE4B1DB76DF532AA42D3140A15DC5365EF520A1D4247","public" 121 | "hash_sha256","2FDA25AFEC552D39A44764956AE96CF445BFCBD489791CDE67DBB4B98F960522","public" 122 | "hash_sha256","33E5E5E773D1909004D4B38A0E4E3E97E46CBDB7B17F94B28FCE2C9AD0A375D3","public" 123 | "hash_sha256","364A8EB56A6F85C958FF84EBAE61832453929B4AA12B7A75EA2E35301DFD502D","public" 124 | "hash_sha256","381DC36504E1B319FDE9BBAE0A580DA9F239B8AF8066638F9A4203E58DC16087","public" 125 | "hash_sha256","39E85DE1B1121DC38A33ECA97C41DBD9210124162C6D669D28480C833E059530","public" 126 | "hash_sha256","3AF1EEA1320C617F8607630704E19422A743EAC1B6FB5E941CCB3E88F320610B","public" 127 | "hash_sha256","3B8ADF88B10E0C66D97B4909A17D4436A043DED5CF29C85EAD22B58917E9AC7B","public" 128 | "hash_sha256","3D331E6C5C1B22377B3B4ABA9F71D65A10A77DF6D8EE64C3A0D7D7DE3D1F1565","public" 129 | "hash_sha256","4091DDC3560FB60BD3EF071367FD833D67C3C6E3E81165AA3D93519B93959658","public" 130 | "hash_sha256","40ECFE9EBDB0156EBE1080FFDCBA74C45F8E991DA20AD887D5B65FE2B5168CDF","public" 131 | "hash_sha256","42906AC10D053EEC10C05E2EEEBCB06A7D6B307DC0D18083151DFF3E0AC70022","public" 132 | "hash_sha256","44BFB9F0E13DD72ED111B5B5600B80B305AB153A0EE2224957E76391B28AC037","public" 133 | "hash_sha256","46A79A9200FB6DD802191D4BFBD98142D13E7EDAE467CDAB72A46D1A3D90E79A","public" 134 | "hash_sha256","50E9747DA2EF7454C6F9A833A5CC7363F9E34A12650C1EDA819D71BC3ED63F4A","public" 135 | "hash_sha256","519401C998FE5D6EB143415F7C17AD5F8E5EF5EBAE57AC91E9FA89A0BFCF0C7F","public" 136 | "hash_sha256","51C8D6D866454308C08D602683461DCA6930BE6DDA1E3AABB08E69CC077043D3","public" 137 | "hash_sha256","521869F9EE6066C33FB1615CBCAD66DE157876BD08CEC05597E4D3A0405EFAC8","public" 138 | "hash_sha256","59B416EFFF07208DC8B1C98A6F754E3ABC14E55D71971DDC5581F6BC7CA45837","public" 139 | "hash_sha256","5B497B4205427198FC922C74CAD8275B4256579F8BB5A1F1DBAD7151630288A0","public" 140 | "hash_sha256","5CE77544E39CFFBE8963E11EBAD66C20EBB52BEB122471BA60837B4F27DAE90F","public" 141 | "hash_sha256","5D0B2015998A8A5A2A60EBDD2F3D6A398E533D198B9157C1558E6913330C24BA","public" 142 | "hash_sha256","5D838C0DBF164B26C4C5DC20F96D3BF48A5F9FDE88BBC1DD02C08007BB184D86","public" 143 | "hash_sha256","61913E0A38282A42B26AFF578DA17DAB60AC0FBEE819FA42DB5497CC5CF55760","public" 144 | "hash_sha256","6503770B34C53025793F1674AF87D80A8F6ED44B5780490796012A2B771B8F84","public" 145 | "hash_sha256","65967F471440449D2F1B615FF1338B8082B0481B617EDA4D9F21A9F102B98859","public" 146 | "hash_sha256","6606D6E6424F7C25B922905095BA8CBFF83357430BF1EF0CE0553A411FED1748","public" 147 | "hash_sha256","6954FCFD89C531C4893CB8C738B61629F5CB4B621F3F1A8C91DF8EAEABC49C30","public" 148 | "hash_sha256","6CE41EE43A5D5F773203CFCF810C0208246F0B27505D49B270288751A747F5A3","public" 149 | "hash_sha256","6EB4433F1EAC5A0C018D5C7299B0F1BEF08E2C1620D2D5588335A06560BE51FC","public" 150 | "hash_sha256","6EDB1FD609C7E011CD42656AF67BAF5271D8212933A8C964604D138306B9565F","public" 151 | "hash_sha256","6EDFDBFC33E3F0F551052530284C1DDE3A8EE3D04CE2CE7B3F75F80AE7C92100","public" 152 | "hash_sha256","7321D599E777088356D7549E638B6B67FC43FC5C9F0C8846EE5AA7F47E35C2EB","public" 153 | "hash_sha256","7964A9F1732911E9E9B9E05CD7E997B0E4E2E14709490A1B657673011BC54210","public" 154 | "hash_sha256","79B7FE6DB452EDD3077FB55906BEEA64C19087A19E5FB35211DD80975DB74F9E","public" 155 | "hash_sha256","79B8E4D59087D94A5BAB759C3D86D08B0310A468FA11E2D087500F6F4434300F","public" 156 | "hash_sha256","7B15CC6844AD0381AD84604A818B2CE6C77C44018657E8703D050F2C252213E3","public" 157 | "hash_sha256","7B190719C3FB9C0BDE074981ADAF5B04356C9C48FA2FCCDB334C4AE218F66FC0","public" 158 | "hash_sha256","7CCDD8966ADF04DDD9B24DAC0D1B8642968598A88EC3F5048B279843BFFEFB84","public" 159 | "hash_sha256","7E177745BF37E7DD3E475E448E8C040C2592AC28BB4E5A0ED9CB7FEEC965D244","public" 160 | "hash_sha256","83406905710E52F6AF35B4B3C27549A12C28A628C492429D3A411FDB2D28CC8C","public" 161 | "hash_sha256","8548600B4E461580FE32FEA6C1E233A5862483CA9A617D79FDEA001EBF5556CC","public" 162 | "hash_sha256","868D382F98A4465B239F9E5B6DC91A46ADA7F334DF26AF9E780DD7FA74DC4E3C","public" 163 | "hash_sha256","89169F480810198A2CBB28FAB15E0DFC8D1EE53981A9834CB84A84D077DB3D17","public" 164 | "hash_sha256","893085F25B6629070780E5BFF9CD53EB7B3C373F732791DEE5CF75FA2FD791A8","public" 165 | "hash_sha256","8A49966EB90ACC5C05A6BBA523F1DD0D58127AB731D44C7304204FA02BF61186","public" 166 | "hash_sha256","8AE43E6BD2CF0F8CED8F888226A4D6D06A7B03552E9AF3D3CDE35BB1D9724867","public" 167 | "hash_sha256","8DBFCF6B67EE6C5821564BF4228099BEAF5F40E4A87118CBB1E52D8F01312F40","public" 168 | "hash_sha256","8DF615FA33DCD7AA81ADC640AC42A6A9A4A2BEBBB5308F1D8A35AFA169E99229","public" 169 | "hash_sha256","8EB51F51EEA27DE8B976BDBCC84F4CF386256DFD9DC3702DF8F839490699E173","public" 170 | "hash_sha256","8FEE015AE0E978E39AF2CD1CA74B29202E702D296C110F3A7A90DFADCE28D4A6","public" 171 | "hash_sha256","9141E25B93D315843399A757CDDB63AF55BDBDD4094FBA4A6B2BBEA89BF9ECF9","public" 172 | "hash_sha256","92E8076A59831156AF5DC7058356CC0AD3DBD3C32CD84B08C3C8541CCC32D1C0","public" 173 | "hash_sha256","937E77D2A910A1452F951D2DE6F614A6219E707C40B6789CCF31CAC0D82868CC","public" 174 | "hash_sha256","944C7070CB77D937C9BAE8C30A367B1C15B2F8951329CDB64D4B02A5E145EA44","public" 175 | "hash_sha256","986FD59D79727EE5F9144FC49BA5E680F7211FD2C555F9E05A0D90B988EFFA2F","public" 176 | "hash_sha256","9A11D6FCF76583F7F70FF55297FB550FED774B61F35EE2EDD95CF6F959853BCF","public" 177 | "hash_sha256","9FBAE4ED1DE2B09AF9A246A021F2A7FC8667492D459AC346EBA6719509C41C5A","public" 178 | "hash_sha256","A01AE86A356373F0D3E1B843F50243394308A96BD01978B33E4A91C0F0B19CCE","public" 179 | "hash_sha256","A0BB95EAFC9913633C7E27F0F1E6C81EB4C138A809C109AD3ABAE5FCC47C2CBD","public" 180 | "hash_sha256","A2A9DCDFC6F0AAB577BC0F2750FF44050034C0F1C2F8B325A246F4DFE5F33219","public" 181 | "hash_sha256","A3082B85401386229B0BDD621E3B3978883802B47E0FA8B0923F9778D088E622","public" 182 | "hash_sha256","A35368FF999259BC3D795ED1647952989D943CA4317C836A648EDF62259BA7E7","public" 183 | "hash_sha256","A35F810ED9FFD884D0599AA391D0043AD955E821F8144089116B15F01B8A932B","public" 184 | "hash_sha256","A383C13BBE949D0B6DFF23E3243C7BBAC1813D2CE9D99149CD5B984F051005D0","public" 185 | "hash_sha256","A4906B40232726948F6A5357AD0EE9445512B422AE510D2EF08BD9CF516852BD","public" 186 | "hash_sha256","A4C15AFD6CB79B66FCE3532907E65CCD13C8140A3CB26CC334138775F7A6AEBD","public" 187 | "hash_sha256","A68D83FD210B8CA21370A0F38DA8FC0DD20B081E69BEEF911060924AA708A280","public" 188 | "hash_sha256","ACCD651F58DD3F7EAAA06DF051E4C09D2EDAC67BB046A2DCB262AA6DB4291DE7","public" 189 | "hash_sha256","AFDD2D7036E388273E05A60280315D18E1EA630E048529DA7320A83A84E545E9","public" 190 | "hash_sha256","B053A3D68ABB27E91C2CAF5412DE7868FE50C7506E1F9314FEE4C26285DB7F59","public" 191 | "hash_sha256","B356CE8CC620D183032A38B3A532C79AFC8067101FD90C319FD268E9CFD15625","public" 192 | "hash_sha256","B6844533BB887E870EB88FBA88ED4D616EA8A9573B673FAF927846C802F7817C","public" 193 | "hash_sha256","B724CA474C2BCA77573E071524BD5500F0355C8B6B8BB432DCC2D8664ED2D073","public" 194 | "hash_sha256","BB20F2BFB78FD5A2FF4693939D061368949CD717B8033B6FACBA82DF26B31A1A","public" 195 | "hash_sha256","BB9B0B20D239B2F5FE6DA31FC2D13EC4BA6083238DF68BEFD33D7521570D334E","public" 196 | "hash_sha256","BBF9D7DAFBA979EF9C1E8531A20D3BEA1ADCDBB628816CE8781D7EEB6292F265","public" 197 | "hash_sha256","BCB4684CF651A197B77F022DF50FD9016C52D42ADB794701A05305411C998A46","public" 198 | "hash_sha256","BD5099E03D81613802D6EF4C2743195CB6E31D37B35A71011C924E66C40E6635","public" 199 | "hash_sha256","BF45C48B209E5004520B5D541E406C183BCCB2FE81F3974C2C53BE48017F74CA","public" 200 | "hash_sha256","C5A87BADFF4431F4DF2461FE8137E7D705432E122ED4119C9D9BD5850E87AD39","public" 201 | "hash_sha256","C6EF0416F7008882317696E66B93885170F5999968BC36D9165D313FA57EF041","public" 202 | "hash_sha256","C732067B3D8763C248051366AB7BEEAE0D7FBE105884D4D3F8647E3427F36DAF","public" 203 | "hash_sha256","C75A9A104E340473B72140127F3039A08F99A334887AFC100D09CFFA3C4C8E24","public" 204 | "hash_sha256","CC67B50D746B23B9BC6FC12DDE8C64D72C7F856521787B964598672D83525915","public" 205 | "hash_sha256","CFA4B3B3536224CF8DA11F5C02EA576014D86F37DD52A531DD59362967A832C3","public" 206 | "hash_sha256","D750D2F68573956325578C23405E7C59951A78AA5CBF1F087A15E7C0399E79D4","public" 207 | "hash_sha256","DDCA87FEA7E24F7ADBE3614DE48D371AC28C12BD02B592E6435C395ECACAF821","public" 208 | "hash_sha256","DF75B0B8EA1F75F0039C158C89E413ED6C4352309CC2CFA282AFD1857676A88C","public" 209 | "hash_sha256","E09067E3E134E620B69117CAF5BEE54C1066B7259B74DDF2399AFC64116690C9","public" 210 | "hash_sha256","E1AFA4DBAD6E9F131986240D9D96D1B4D24E021433711F81398293973E05ADF6","public" 211 | "hash_sha256","E3197285C98965CA0522D3683C0D656E4AB1F8335CA322E1AE8C06B79DFD9B9C","public" 212 | "hash_sha256","E3C73F76F7B08AB6E223918A5B961201F60934EC95E5362529A42C1655395443","public" 213 | "hash_sha256","E451287843B3927C6046EAABD3E22B929BC1F445EEC23A73B1398B115D02E4FB","public" 214 | "hash_sha256","E645EE394546DB818350ADFB2C55BFFEA78F405AC0EBB3FB1486E7D2F042C46F","public" 215 | "hash_sha256","E6715E140ECAB861235AE01C84345F7453847A9BA330512A37137BDF9E908EDB","public" 216 | "hash_sha256","E8201B4A0F2619224E0720034DFC19A75F77582531BD98A2465A58BBF4A9F8C6","public" 217 | "hash_sha256","E927D6EA1FDC27C0AE9EB55254BBBD4F501F14AE02E499D7D20CDD83AF479B20","public" 218 | "hash_sha256","ED3882A77CDC372F647E647B66979525A50054A580B43499CE5A97864D772730","public" 219 | "hash_sha256","EDA7A7EDC01392706A872A5A275940B4A4B9471DC562EB70128EE672872D1407","public" 220 | "hash_sha256","F1DCD2809A001A0D0EA3221939F7AFD2EF9E5BF468709BD91ABD70C902C42D45","public" 221 | "hash_sha256","F9017361349421728FC1AC1BC1549B3D23B35BD795F0A83BE2E9E517BCCACCDC","public" 222 | "hash_sha256","FACFEA68FE95FC81E3B6E04F79FBCBA738C79B4DE2D0238E4E5A8BA095A2516D","public" 223 | "hash_sha256","FBD3D1828592A2C1F154EBE2283643E24DEE1DB9F8989CE32E54B00D470A0096","public" 224 | "hash_sha256","FE14C579308D356C64BD3BE9365014DE805A17ABAB8CB741E2817B8451A92F64","public" 225 | "hash_sha256","FEC618C4F832D8A182FC1D3B9E58A0BFF1A62241A1D17108E84ED1F0C4BB7845","public" 226 | "hash_sha256","FF06CE3FD6FE994AEAA0EDC5162989D08F34440E9CACBC9E49E5DB8EF98A74E3","public" 227 | "hash_sha256","FF3706E94D9B769F78E4271928382426CB034B11C5A0F6A8FFEA35726CC03692","public" 228 | "hash_sha256","FFCEED66DD9935C92FF7922BD5FDFDE08E9A2FF78DD3A76DC65A200305779B9C","public" 229 | -------------------------------------------------------------------------------- /IOC/OSINT-17-March-2025.csv: -------------------------------------------------------------------------------- 1 | "type","value","source" 2 | "hash_sha1","062A869CAAC496D0182DECFADC57A23057CAA4AB","public" 3 | "hash_sha1","07647F0EDDF46D19E0864624B22236B2CDF561A1","public" 4 | "hash_sha1","08DAF84D9C2E9C51F64E076E7611601C29F68E90","public" 5 | "hash_sha1","133BC4304057317B0B93F5FF44F20D153B985B50","public" 6 | "hash_sha1","1A167B65BE75FD0651BBDA072C856628973A3C1E","public" 7 | "hash_sha1","1CC97E490B5F8A582B6B03BDBA58CB5F1A389E78","public" 8 | "hash_sha1","1D1E007A9D8939BEE7A0333522CC4F7480D448CC","public" 9 | "hash_sha1","1FCC44D3B20381ACCE66F5634743917E8F22DAE7","public" 10 | "hash_sha1","2D1537E92878A3A14B5B3F55B32C91B099513AE0","public" 11 | "hash_sha1","3278324744E14DDF4F4312D375F82B31026F51B5","public" 12 | "hash_sha1","33DDAEDC98991435F740F7A5A8A931A8CADD5391","public" 13 | "hash_sha1","5639FA1FA389ED32F8A8D1EBADA8BBBE03AC5171","public" 14 | "hash_sha1","74262A750437B80ED15AECA462172B50D87096E5","public" 15 | "hash_sha1","744E5181E76C68B8B23A19B939942DE9E1DB1DAA","public" 16 | "hash_sha1","758C73AB9706AE6977F9B4601C20B3667836D3EF","public" 17 | "hash_sha1","83C851F265F6D7DC9436890009822F0C2D4BA50A","public" 18 | "hash_sha1","911D9F05E1C57A745CB0C669F3E1B67AC4A08601","public" 19 | "hash_sha1","985FD1F74EB617B1FEA17095F9E991DCACEEC170","public" 20 | "hash_sha1","A0338654304B6F824BDC39BBB482A0E114F8A3A1","public" 21 | "hash_sha1","AE467B8593E340194DC73DC3DB6363C3E73CA970","public" 22 | "hash_sha1","B84604CAD2F3A80FB50415AA069CCE7AF381E249","public" 23 | "hash_sha1","CD62A9AB320B4F6BE49BE11C9B1D2D5519CC4860","public" 24 | "hash_sha1","DDC7315A3903974624DFD750A374C37C9C67C6DD","public" 25 | "hash_sha1","DF39AB90C89AA77A92295721688B18E7F1FDB38D","public" 26 | "hash_sha1","DF9FB41BFFBB7479776D1D9A1EECDBB94ABDF99B","public" 27 | "hash_sha1","EA6D12E4A465A7A44CBAD12659ADE8A4999D64D1","public" 28 | "hash_sha1","F08F036A0C79A53F6B0C9AD84FB6EAC1AC79C168","public" 29 | "hash_md5","0216FFC6FB679BDF4EA6EE7051213C1E","public" 30 | "hash_md5","0620FA617BC9EF32B93ADCF40FE291A4","public" 31 | "hash_md5","0734A2C3E827CCF558DAF48290D06D8C","public" 32 | "hash_md5","09BCFE1CCF2E199A92281AADE0F01CAF","public" 33 | "hash_md5","17190C7E5163B5C115E3D470F568EE5F","public" 34 | "hash_md5","218261DAA1ADBD5484B29BF7F959B57A","public" 35 | "hash_md5","313F9BBE6DAC3EDC09FE9AC081950673","public" 36 | "hash_md5","322579B54E4C6FECABEEE9CDB75233D8","public" 37 | "hash_md5","3BCB06BFD037D20132B11C49F21940E5","public" 38 | "hash_md5","3D9961991E7AE6AD2BAE09C475A1BCE8","public" 39 | "hash_md5","41FFC15C24259156DB000AF297C71703","public" 40 | "hash_md5","433480F7D8642076A8B3793948DA5EFE","public" 41 | "hash_md5","6008E6C3DEAA08FB420D5EFD469590C6","public" 42 | "hash_md5","70C964B9AEAC25BC97055030A1CFB58A","public" 43 | "hash_md5","872C2DDF6467B1220EE83DCA0E118214","public" 44 | "hash_md5","89921E5F39407A5E63DF013468181991","public" 45 | "hash_md5","96EC8798BBA011D5BE952E0E6398795D","public" 46 | "hash_md5","A694CCDB82B061C26C35F612D68ED1C2","public" 47 | "hash_md5","ADABF920682FAC1E6A81E655B1182590","public" 48 | "hash_md5","BD8043127ABE3F5CFA61BD2174F54C60","public" 49 | "hash_md5","D36A67468D01C4CB789CD6794FB8BC70","public" 50 | "hash_md5","D67EE7AE28A09BF7F6D33118A9D07527","public" 51 | "hash_md5","E0BCE049C71BC81AFE172CD30BE4D2B7","public" 52 | "hash_md5","E930B05EFE23891D19BC354A4209BE3E","public" 53 | "hash_md5","E9726519487BA9E4E5589A8A5EC2F933","public" 54 | "hash_md5","F42BA43F7328CBC9CE85B2482809FF1C","public" 55 | "ip","124.235.147.90","public" 56 | "ip","147.45.199.16","public" 57 | "ip","170.39.193.232","public" 58 | "ip","172.232.38.103","public" 59 | "ip","172.232.38.224","public" 60 | "ip","172.235.166.10","public" 61 | "ip","172.235.166.240","public" 62 | "ip","194.120.230.54","public" 63 | "ip","49.12.210.140","public" 64 | "ip","74.48.175.44","public" 65 | "ip","93.123.85.135","public" 66 | "url","http://172.86.84.38:1224/client/9/902","public" 67 | "url","http://172.86.84.38:1224/pdown","public" 68 | "url","http://172.86.84.38:1224/uploads","public" 69 | "url","http://45.155.249.215/xxx.zip","public" 70 | "url","http://www.farrarscieng.com/re.php","public" 71 | "url","https://3650ffice.anticlouds.su/Fraud_Alert_black","public" 72 | "url","https://binance-web3.com.ru/BinanceSetup.exe","public" 73 | "url","https://binance-web3.com.ru/downIoad.html","public" 74 | "url","https://ctrk.klclick2.com/l/01JNRGM3JYQC3X8C47X9EN8SER","public" 75 | "url","https://dashing-cassata-b94dd5.netlify.app","public" 76 | "url","https://eloquent-chebakia-e2667a.netlify.app","public" 77 | "url","https://farmagrupodw.com/temp/dlated.exe","public" 78 | "url","https://kalika.bluetrait.io/api","public" 79 | "url","https://kick.am","public" 80 | "url","https://klck.ai","public" 81 | "url","https://online.invoicesing.es/Bin/Attachment.Client.exe?h=instance-w08c5r-relay.screenconnect.com&p=443&k=BgIAAACkAABSU0ExAAgAAAEAAQBtb%2FXciCJO5hHyAR3NG5qwkHgKE4K5jxeGBs35Nlncjh1l6g%2B23I88rvlqmL%2FU%2BHDK35q63nY%2BZ%2BacGdqbEGbCs9%2BC5ELjJTyrUFEL0gVqegeArzyszYoIS4ijuI8mGGKzW9tytW5tQhqCPuQeWdSbe0f0ttBWIUk6MfP0L7WpImwpbDzvxtmyMWSxZ8JZg39F6e1w8cQHzLH0aqJX9uvQgIvogbJB0mFXWURVi9ErahW%2BwkXWptsr99acbACeWvHhej11zT9ZPHMMaluuXTiYnS06xPJTJZglT5hvMbl15uReewBWhhwiEVa2S%2BD%2BCQEQGLsz1dpJNd543dQllUPh&s=c242c8a1-6914-4689-8deb-67789c4f3a34&i=&e=Support&y=Guest&r=","public" 82 | "url","https://online.invoicesing.es/Bin/Statement.ClientSetup.exe?e=Access&y=Guest&c=Black_Cat&c=&c=&c=&c=&c=&c=&c=\","public" 83 | "url","https://overcoatpassably.shop/Z8UZbPyVpGfdRS/maloy.mp4","public" 84 | "url","https://plsverif.cfd/1.zip","public" 85 | "url","https://pnwthrive.com","public" 86 | "url","https://region-businesss-esignals.s3.us-east-1.amazonaws.com/region-businesss-esignals-46980.html","public" 87 | "url","https://retireafter5m.co/Bin/Recently_S_S_A_eStatementForum_Viewr5406991387785667481_Pdf.Client.exe?e=Access&y=Guest&s=1fa76235-0891-43b3-9773-feba750a3852&i=Buss1","public" 88 | "url","https://rumble.tube","public" 89 | "url","https://safelink.vn/GESLx","public" 90 | "url","https://safelink.vn/OsDXr","public" 91 | "url","https://ssastatementshelpcenter.de/top","public" 92 | "url","https://steamcommunity.com/profiles/76561199724331900","public" 93 | "url","https://tlgrmverif.cyou/log.php","public" 94 | "url","https://twitch.co.com","public" 95 | "url","https://twitch.team","public" 96 | "url","https://twltch.lol","public" 97 | "url","https://twltch.uno","public" 98 | "url","https://wirybringero.shop/api","public" 99 | "url","https://www.suarakutim.com/temp/hosebird.rpm","public" 100 | "url","https://www.suarakutim.com/temp/wspconfig.rpm","public" 101 | "hash_sha256","019BA14B03B42A1D3F3496659573E8BA9440340EA16166C3E294164F9BB8F3EF","public" 102 | "hash_sha256","033F50893BE3BB35EC8CC358D6D7FC764D327B00158617F8DEAC08A60E5F6883","public" 103 | "hash_sha256","0368BF651D5CE7E58305DD300A428D12E6A64D456A4805E845CB1985196BB5FC","public" 104 | "hash_sha256","04DBC65A0EC0A3D95AEEC8161816352A22CE74C19FCD002F631879E990C2D468","public" 105 | "hash_sha256","0608775A345C5A0869418FFDDD1F694CB888FE8ACDE6D34543516DB1A01E3EF8","public" 106 | "hash_sha256","0877653F6A24639BB02B547C94F670597C3C0CD96DF910A2AC891EAEAA9CC5F3","public" 107 | "hash_sha256","0A20A60EF5151F8ADAF9DCD819F970D9AFF20D8EB8F905FBA55CCC0E91C446BE","public" 108 | "hash_sha256","0AE3E6A8AF0D7657F820986291DAB1F071007DE4197214C976893EB78E8E200F","public" 109 | "hash_sha256","0C401D88CA37C0F3082C17B31112B79A9BBC08224E9566E9DAF130ED07F25E15","public" 110 | "hash_sha256","11E0596F453CCF8F30BA8177E7DF50517E364326585D1CEFB4C59DE277B0F6AA","public" 111 | "hash_sha256","159057BA35F3454424A4901866DE6DE286BD11715E975D4D124D33B2E83055C7","public" 112 | "hash_sha256","15C80B5BE235BF2A8C38291EB697A702C07DDE087EB459E9EA46A2BEE17C5F03","public" 113 | "hash_sha256","18D93547B1F14B452B7AD053A1A93122864D810D82A48ECC391D6D6B44FFD661","public" 114 | "hash_sha256","1F51F00B06D5C0358B662AF01DB9690D1EB379B33B1BF7A161BA2B6FE53D6574","public" 115 | "hash_sha256","20217810AED81399374FEC1F556B1537FA35B6499133F65E08EEDA324A72680F","public" 116 | "hash_sha256","28A4EFF21C27F9E3B0E7B5383ABB407E0A3D69BFC1D094DDD4F0B5C18425C523","public" 117 | "hash_sha256","28DC3771DC4AA5D8A19BA732479F3719C276E62CFFD0FE8ADE6159A1FD3BA880","public" 118 | "hash_sha256","2BC694A9A6FC03043472F6FB88D3EEDA31722FACF5659AA7EDDB13C29A8FB754","public" 119 | "hash_sha256","2BE90FEEA3580358A7AB90D744B7C3028C8E7694863672A8A30F021B284CC94A","public" 120 | "hash_sha256","2DA6D8FA510E66AE79BAB6B12849B123BB9B88D23DE3B0B383E7F48F9E9CFF69","public" 121 | "hash_sha256","30A17C5C65FE87D961AEA290E97E8AA09A03C20D257E22D8AC63F5A7B67C0C6B","public" 122 | "hash_sha256","3131FC2F253CCF46134987157EA51F77EE367C48D469A145B598F16B9E8281FC","public" 123 | "hash_sha256","31E9EA58C807633DBCC680303F1F741E2A6E58747E040E98DB133E076C6CBBED","public" 124 | "hash_sha256","3367442F903D854AEE965023734F25BFB4BCA6C852D29DCB5774B9E64707FF4B","public" 125 | "hash_sha256","346EC63BDDAD6B1889D6647ED43DCD71432F687BA8642B726AC67F08E415D77E","public" 126 | "hash_sha256","35BFF2270DAA66D092AFAF7E6CFA3210790E1D17DD77E0AF94B361DBF632B571","public" 127 | "hash_sha256","3751997CFCB038E6B658E9180BC7CCE28A3C25DBB892B661BCD1065723F11F7E","public" 128 | "hash_sha256","3B86B107B36AA1224DF2E46419F2652682C67F99222011FD63F7AB3ED43AB1D5","public" 129 | "hash_sha256","3E88E710043B3CC9BF1AF3B373828E9EF023ABA5D697A82A9A568AE9E45CC544","public" 130 | "hash_sha256","40B87A40B2DE80BC5A8CC40CD1667A3DED9B01211487A3AEA8E11225994B0F21","public" 131 | "hash_sha256","40F0A201E85E6CF32C48A0CFC496A55A4BB87E8C13174E6C583DE9BF7ED70590","public" 132 | "hash_sha256","4244EF7FF56A2DAB17F06C98131F61460EC9CA7EEC6F7CB057D7E779C3079A65","public" 133 | "hash_sha256","4304A7028616787990476CEB92CE98842C8E049278AD9E4AFA24A1FCF1DAD782","public" 134 | "hash_sha256","43896ED73BF5565DACACD3921AF42B0D0F484F69695187C249AD40D86A3AEC59","public" 135 | "hash_sha256","47B28D3D1AB89E207F7D634B53622960931431DCBF73FC26875659A0C20BD70D","public" 136 | "hash_sha256","48B7AAE41C1F229DADD80E7635A142175CBA75D03D54F08952269720C5F2735B","public" 137 | "hash_sha256","4C4E15513337DB5E0833133F587E0ED131D4EBB65BB9A3D6B62A868407AAE070","public" 138 | "hash_sha256","4D577320B4875FCD7E7E65AECE5BD4E3040772E4030A0D671570FCC9337FAB72","public" 139 | "hash_sha256","504CC73800ED86C7627234A1D092EFA14ABCEA667AA084191E34FFF2A3EDC167","public" 140 | "hash_sha256","51267FBD6AA2D09FD1ECD4C9F52557AA85F3F5AF0C60223AEA55ACB562DF9AA8","public" 141 | "hash_sha256","519A389D0D183FA5CAE0390CE8CC2716247B8F50332DE8E4FC8BEE5026C8BA70","public" 142 | "hash_sha256","52634530F53DFCE289317B2C4057811136FBBE873211D01E150AC32A94DD0F4A","public" 143 | "hash_sha256","5322F5EEB9E789FE63A89CE7852C24593B8B2B6233D855A1646116C14BB8E88E","public" 144 | "hash_sha256","53D2B22B91F39305B436A08EF9280D4A8FA3BD038D834B1ABEADB792F8E086A1","public" 145 | "hash_sha256","54CB466D399CE2D3FD24B1B800E276100C3272522FF84DAB4BB1DE73E5EAECDE","public" 146 | "hash_sha256","555CA3B4A1E17F832D477F365A660775ACC10D59A51D7CC194E6249B5C0BA58F","public" 147 | "hash_sha256","5906FE2B69A5874697B84882DF732F77DD3160221D0746F9688E9AA9B8E0AF31","public" 148 | "hash_sha256","5995AAFF5A047565C0D7FE3C80FA354C40E7E8C3E7D4DF292316C8472D4AC67A","public" 149 | "hash_sha256","5BEF7608D66112315EEFFF354DAE42F49178B7498F994A728AE6203A8A59F5A2","public" 150 | "hash_sha256","5DFC8FF180AE4E6C5852AB2FD3CF83C37F324A7566D2169B6ADBE4CDD10B532B","public" 151 | "hash_sha256","5F75A50AE9F6252D1F0F135726F4A605F4148EE36C9D36C4B2D3FA6404E03B10","public" 152 | "hash_sha256","612FBFEBFDCC12D6EAA20F22835A1A360A747C043AE1058070D4A71EF20A59DA","public" 153 | "hash_sha256","62F035A79382BF50E9959FCB272C19D5AAC64A7409DEEBF7C8E9B597F3954DB4","public" 154 | "hash_sha256","63F6BB98A3E3256F528734F1DEDA5524D97EF3540FB2A06624C92716BA1456FD","public" 155 | "hash_sha256","682F7884B06695A44F19077EB5CD21F1823347B070C8A3773BACEBFC0439B8B8","public" 156 | "hash_sha256","68A0F5040DCF9B7881D1557CAD827275271027906F830F6EE90E5521A00B72E4","public" 157 | "hash_sha256","6F0BC6D96340807BAB7A76D132444DC3BA21D99A4C825BCD07363E8D1340CC85","public" 158 | "hash_sha256","70FB59AC30B0FA16FEC656CCA60BC743A32CE6222E9FBDC1896BB2AFAD3EB868","public" 159 | "hash_sha256","72C5F9A11F126B4D1B79AC81BD03787622F2109560CEEFA762EA0C3A9E1A5E7B","public" 160 | "hash_sha256","75AD7E1857D39EB1554C75D1F52AA4C14318896A7AEBBC1D10E673AEE4C2CA36","public" 161 | "hash_sha256","794D1FF3B3FE275B49138F82B0CC597C35E1FC0A91BE3136729598D97F1086FF","public" 162 | "hash_sha256","79B898274B1AF26AC29F8BD23887244BB3766968B46D5E1012CC4485C6291CE9","public" 163 | "hash_sha256","7AA0D53BC4A08E7B61AA283C39BECCF7364AFC2174FFC958B3C5FD2D56DD9554","public" 164 | "hash_sha256","7AE38A27494DD6C1BC9AB3C02C3709282E0EBCF1E5FCF59A57DC3AE56CFD13B4","public" 165 | "hash_sha256","7BF9BE59DB4C55F5B372576B7BAAA25CFF2716D2F7E24DB1B98724A0E0927ECB","public" 166 | "hash_sha256","7C2A3A41217DA8A2A7D4B72BB5F0C5F45E2B7C6518526101F64B534070651DFC","public" 167 | "hash_sha256","7E658C7C9A1BE6EBD7AF0150FA6FA289D59822B4E771167E13BEDE5C9A622448","public" 168 | "hash_sha256","8004DF38975733770A7E2A0C71D284BC3439EB7EE74077F950AD7C0BAF2512AA","public" 169 | "hash_sha256","80AF77DC9C38A3BBFB68FA66635BB3F202D72DC093305D1218BB85811CE018C9","public" 170 | "hash_sha256","844BE559DEBDDEC75F460FAA912490DAB6EA400FE325E59B91DF250C1E1AD4FC","public" 171 | "hash_sha256","879B9BA401A3B8B580980EA31050A35DD849AD3B6E00338CB81D106BBC02963F","public" 172 | "hash_sha256","8B10E9C4E8C475FB7357E97205A0E3C8857908DBA93846F7C771E06726DB99FA","public" 173 | "hash_sha256","8F2541E5C425E6353BA1170079B238632ACB21498415861C1FD27A8615A86336","public" 174 | "hash_sha256","905B18D5DF58DD6C16930E318D9574A2AD793EC993AD2F68BCA813574E3D854B","public" 175 | "hash_sha256","9063336B99527F9F46B1D1F1D0DB44143B30F478CC708E217525C58CDE5FDDCD","public" 176 | "hash_sha256","909ED8A1351F9A21EBDD5D8EFB4147145F12D5D24225DBD44CD2800A1F94A596","public" 177 | "hash_sha256","9111AD2A4BC21A6C6A45507C59B7E35151B8C909F4BB1238CC2B1D750FC6FE89","public" 178 | "hash_sha256","96AA71F70D16E2784488FAD332AC65287F33D059CDE4CD2858B0DAB85340BA0D","public" 179 | "hash_sha256","98380EC6BF4E03D3FF490CDC6C48C37714450930E4ADF82E6E14D244D8373888","public" 180 | "hash_sha256","9B8CAE953C8F3DCB8E9E09D387D217FEA8FDF07C5E3001813A26D83AF7FCB4CC","public" 181 | "hash_sha256","9F6BFE55961AE4B657DD1E7B3F488B49133CD2CD89D89D3F1052FC5D28287DE6","public" 182 | "hash_sha256","A439F188BE62856F9DC6668D11C691C031C1CB5A9574A5CAB5CFC1856C7C7676","public" 183 | "hash_sha256","AF9C847CC0A204E969A0FAB93AE676B06222892AFC5271186604E348852BAD37","public" 184 | "hash_sha256","B2528CB39295490B53428A98FEFAFDE2D5F32C957B268F528B66756AD8AB6896","public" 185 | "hash_sha256","B2BCBC0FB471660632B6589FA96656F935F72AD5308E9B659B2E59ACAF820E02","public" 186 | "hash_sha256","B2F188B9E27D4A877E506457667A97C39F6805A597FCEB1DC729E6A3F2CF6639","public" 187 | "hash_sha256","B3E8B610EFC0EEF57332E50C29B54B0DA5F497DE1452D5E178009A0F354D7058","public" 188 | "hash_sha256","B6180699E895945D6178A61FD8228576629ED0FA03DE54D78E7EE16F271F1522","public" 189 | "hash_sha256","B6B68CDAC6CDB3956DC8B7C11454E4F493FBD9157F902FFD2539545D6F7315C7","public" 190 | "hash_sha256","B8837D659BB88ADC0348DE027D33D9C17E6D1EE732B025928E477DC2802CB256","public" 191 | "hash_sha256","B8FD2B4601B09AACD760FBEDE937232349BF90C23B35564AE538ED13313C7BD0","public" 192 | "hash_sha256","BA8565D459CBCC972BBCA96122881E85F5736F4E7B56383853190C95D0334B5D","public" 193 | "hash_sha256","BA8D7017545747BC1BC609277AF26A0C8C1FA92541C0290DD9D8570D59FACA97","public" 194 | "hash_sha256","BB276B2DD3726F3A712E0904EF87D41D133CD36A72ECB97DA8CEFC6BA0D33A30","public" 195 | "hash_sha256","BDE4436AAC1E27FE22B134CADC1E19DD954D350A5619C3593EFAC659AB1BBEFD","public" 196 | "hash_sha256","BE4FADB015D35092F3EE59938A3E68C671DE8C075F04E90FD819B61C383D4501","public" 197 | "hash_sha256","C08D8E742A34E9DC610ED5276E5CD0DCAD4F6139A03DDA07D9292D50FFD47D39","public" 198 | "hash_sha256","C0EC15E08B4FB3730C5695FB7B4A6B85F7FE341282AD469E4E141C40EAD310C3","public" 199 | "hash_sha256","C1FE08DEFD1651508B32FFE38892B52A519570F78E457467CCACB6FAE46B2439","public" 200 | "hash_sha256","C3DCE9C45B659118211B573A802ECAC94DEDE201D59B2A5DCED29D68B7A82F3B","public" 201 | "hash_sha256","C792CE87BA1B0DC37CF3D2D2B4AD3433395AE93E0F1AE9C1140D097D093C1457","public" 202 | "hash_sha256","C7BDCEBE60356900DC4B4F8BC8B75ACC1536DF33AE7A1049BFA27192B8C62D0A","public" 203 | "hash_sha256","C9AA237A2A30B901D52D0074731B5AC57F70322F1FDE81F6794588C17D6BB268","public" 204 | "hash_sha256","CC8E4C0C2E126938B827ACFCEC306DC9811D4AAF00934D397E3841FD6352F4D1","public" 205 | "hash_sha256","CCF58B300EC2A7D491CBD492373CCF5175056F55D4843889AD15C3F0B2DB815F","public" 206 | "hash_sha256","D0C8C833E2DE4F7D0D92FEBC6A9845CF2A2438013A9362CEFE0878897BD322A4","public" 207 | "hash_sha256","D105BB3F3C7CD6DA8B9A740FCB3537E731ED85F2BAB862B7F551EE41605C52BB","public" 208 | "hash_sha256","D92C28680AF30136DFD52852EDDC07E5197AFE039D84F5B2255B14AE8E15AC02","public" 209 | "hash_sha256","DB82442D83C116211531F104B77ADC5C45CF531315CAFBD8F6E1F9C5DEC6C0D4","public" 210 | "hash_sha256","DCBC1A43E1EE9D4C4C5A426CE862B151973545111F69F5B1C036E46E801ACC82","public" 211 | "hash_sha256","DD0396754DF3ACA8A482242EEBFA92DB7433781EBDD679507E329E34D4065C98","public" 212 | "hash_sha256","E060A451A4F310D4E4BC05A63B9027896B3126642182D8B176119B975689F217","public" 213 | "hash_sha256","E0C27D9A377E5F18AE850D1D0EF1D69934934CABDB95172E21FE0E36807243C8","public" 214 | "hash_sha256","E1070A6B5A406CE70CF1D1655169A4EC36FB69114C3064F00D28CC01CEDFB0E8","public" 215 | "hash_sha256","E1DE05A2832437AB70D36C4C05B43C4A57F856289224BBD41182DEEA978400ED","public" 216 | "hash_sha256","E2864BD791DF7E060B43598F04BE86C839E9907A1FA9C3614205B5139542D8C1","public" 217 | "hash_sha256","E2CE2A05D4B70EA4DFACBC60477F2F1FAC7B521B28650FE726D77D7999F57759","public" 218 | "hash_sha256","E33E05D3182F46F65554FDA2127D9D1D415A986B6C635485B323558A1821F56A","public" 219 | "hash_sha256","E4CCE18562FDDC70C71A8969141C56ADEB56032196F05E10524374C1EB398D7D","public" 220 | "hash_sha256","EA0DBC5CA8E96D8940337C5D19574498A4B398847049E62AF14F1D98346638B2","public" 221 | "hash_sha256","EB673D5C936238EED457BFE41AD02F2081F3EF42DD5F3935A0BB11394574C60D","public" 222 | "hash_sha256","EE6F9B6E8F2C0B37B906914CD640B7BDE1A903545035EB4861DBA5F1EC0317A9","public" 223 | "domain","authentication-safeguard.com","public" 224 | "domain","bigcatllover123.cfd","public" 225 | "domain","bot.merisprivate.net","public" 226 | "domain","cnc.merisprivate.net","public" 227 | "domain","cnc.ziparchive.xyz","public" 228 | "domain","codxefusion.top","public" 229 | "domain","cryptocurrencytrends.click","public" 230 | "domain","dhl.com-new.xin","public" 231 | "domain","distribution-berachain.net","public" 232 | "domain","distribution-hyperfoundation.net","public" 233 | "domain","driveks.com-jds.xin","public" 234 | "domain","e-zpassiag.com-courtfees.xin","public" 235 | "domain","e-zpassny.com-ticketd.xin","public" 236 | "domain","earthsymphzony.today","public" 237 | "domain","ezdrive.com-2h98.xin","public" 238 | "domain","ezdrivema.com-citations-etc.xin","public" 239 | "domain","ezdrivema.com-securetta.xin","public" 240 | "domain","farmingtzricks.top","public" 241 | "domain","fedex.com-fedexl.xin","public" 242 | "domain","gadgethgfub.icu","public" 243 | "domain","getipass.com-tickeuz.xin","public" 244 | "domain","hardrwarehaven.run","public" 245 | "domain","hardswarehub.today","public" 246 | "domain","instance-udm3tv-relay.screenconnect.com","public" 247 | "domain","invoice007.zapto.org","public" 248 | "domain","overcoatpassably.shop","public" 249 | "domain","plsverif.cfd","public" 250 | "domain","quietswtreams.life","public" 251 | "domain","retireafter5m.co","public" 252 | "domain","st0746.net","public" 253 | "domain","sunpass.com-ticketap.xin","public" 254 | "domain","techmindzs.live","public" 255 | "domain","techspherxe.top","public" 256 | "domain","thetollroads.com-fastrakeu.xin","public" 257 | "domain","tlgrm-redirect.icu","public" 258 | "domain","tlgrmverif.cyou","public" 259 | "domain","toppyneedus.biz","public" 260 | "domain","usps.com-tracking-helpsomg.xin","public" 261 | "domain","virtuehub.one","public" 262 | "domain","windows-update.site","public" 263 | -------------------------------------------------------------------------------- /IOC/OSINT-19-May-2025.csv: -------------------------------------------------------------------------------- 1 | "type","value","source" 2 | "ip","156.236.76.90","public" 3 | "ip","188.166.92.55","public" 4 | "ip","198.105.127.124","public" 5 | "ip","218.187.69.59","public" 6 | "ip","37.120.210.2","public" 7 | "ip","43.228.217.173","public" 8 | "ip","43.228.217.82","public" 9 | "ip","89.147.101.65","public" 10 | "ip","89.147.101.71","public" 11 | "hash_md5","324688238C42D7190A2B50303CBC6A3C","public" 12 | "hash_md5","364929C45703A84347064E2D5DE45BCD","public" 13 | "hash_md5","46CA088D5C052738D42BBD6231CC0ED5","public" 14 | "hash_md5","723F80D1843315717BC56E9E58E89BE5","public" 15 | "hash_md5","7822E53536C1CF86C3E44E31E77BD088","public" 16 | "hash_md5","81C08366EA7FC0F933F368B120104384","public" 17 | "hash_md5","8F339A09F0D0202CFAFFBD38469490EC","public" 18 | "hash_md5","A635BD019674B25038CD8F02E15EEBD2","public" 19 | "hash_md5","BEEACA6A34FB05E73A6D8B7D2B8C2EE3","public" 20 | "hash_md5","D5D48F044FF16EF6A4D5BDE060ED5CEE","public" 21 | "hash_md5","D77C8449F1EFC4BFB9EBFF496442BBBC","public" 22 | "hash_md5","EBCE43017D2CB316EA45E08374DE7315","public" 23 | "hash_sha256","0000CFF6A3C7F7EEBC0EDC3D1E42E454EBB675E57D6FC1FD968952694B1B44B3","public" 24 | "hash_sha256","0F303988E5905DFFC3202AD371C3D1A49BD3EA5E22DA697031751A80E21A13A7","public" 25 | "hash_sha256","0FC4397D28395974BBA2823A1D2437B33793127B8F5020D995109207A830761B","public" 26 | "hash_sha256","1088E05E19356A6F665E55DC3863B967C24003C82B62B4E4249F723008947CCD","public" 27 | "hash_sha256","10E80C3CB685AEB0CC217EF8ACAEC2E3BC69DDB6469F36EF1162B1BEC76092B6","public" 28 | "hash_sha256","11D0B292ED6315C3BF47F5DF4C7804EDCCBD0F6018777E530429CC7709BA6207","public" 29 | "hash_sha256","128A68A714F2F6002F5E8E8CFE0BBAE10CD2FFE63D30C8ACC00255B9659CE121","public" 30 | "hash_sha256","2DD75A7F9948D794E95539B9A9CCC6A1488FB64DBE099FEA401A13F98166D6AE","public" 31 | "hash_sha256","30738450F69C3DE74971368192A4A647E4ED9C658F076459E42683B110BAF371","public" 32 | "hash_sha256","335B1CD7708284FC1C2C6678F2F8D6737D68935EC992D680FF540F2E72774665","public" 33 | "hash_sha256","511AF3C08BD8C093029BF2926B0A1E6C8263CEBA3885E3FEC9B59B28CD79075D","public" 34 | "hash_sha256","5604351016BD77D44C6149CE4AB856F60821080A1BEBCACDEE36CD4EEAE02393","public" 35 | "hash_sha256","57A7AD6857195A84D05D10E0905911AC619607C6337CC9F642BD3B3074A6782D","public" 36 | "hash_sha256","5B48BBF2364F78812EA411EF41FB8B693A3965DF13596B303E12F69908784D03","public" 37 | "hash_sha256","6206F7F45EADF58FC4D2B10EC24932A6AD322321A322039B4DFBAFE0660EB488","public" 38 | "hash_sha256","625E4C166C7A1D5A1BECF56B27D4F76A2F95935CBD8D556C30A493263D10DBF8","public" 39 | "hash_sha256","6BDC7E1FFE86D3C0FA17358947D2F20278C72211D927DCA81D980A9C9F1B55C2","public" 40 | "hash_sha256","7087E5F768ACAAD83550E6B1B9696477089D2797E8F6E3F9A9D69C77177D030E","public" 41 | "hash_sha256","74EEF64F747D3FD02A24157424CACDF6E20FFB00D37FDB655875A3784737AD8A","public" 42 | "hash_sha256","7AE050F3B7CA48087C0F2452653BA38C1AA7C93BD306D37B5C8C1191E760E2BA","public" 43 | "hash_sha256","8146BE4A98F762DCE23F83619F1951E374708D17573F024F895C8BF8C68C0A75","public" 44 | "hash_sha256","83A13D14E1CBC25E46BE87472DE1956AC91727553BB3F019997467B2BAB2658F","public" 45 | "hash_sha256","98195A4D27E46066B4BC5B9BAEA42E1E5EF04D05734C556D07E27F45CB324E80","public" 46 | "hash_sha256","9940DE30F3930CF0D0E9E9C8769148594240D11242FCD6C9DD9E9F572F68AC01","public" 47 | "hash_sha256","9C83FAAE850406DF7DC991F335C049B0B6A64E12AF4BF61D5FB7281BA889CA82","public" 48 | "hash_sha256","9DF9BB3C13E4D20A83B0AC453E6A2908B77FC2BF841761B798B903EFB2D0F4F7","public" 49 | "hash_sha256","9FB57A4C6576A98003DE6BF441E4306F72C83F783630286758F5B468ABAA105D","public" 50 | "hash_sha256","A4A6364D2A8ADE431974B85DE44906FE8ABFED77AB74CC72E05E788B15C7A0CF","public" 51 | "hash_sha256","A93791D23A711AE1583A0CE5DFDD30F434232AF1EE76431CA504C3C978B54833","public" 52 | "hash_sha256","A9B33572237B100EDF1D4C7B0A2071D68406E5931AB3957A962FCCE4BFC2CC49","public" 53 | "hash_sha256","AC5FC65AE9500C1107CDD72AE9C271BA9981D22C4D0C632D388B0D8A3ACB68F4","public" 54 | "hash_sha256","B48A20F6A9015BEC667F0C3ED2FF77D050081CD1432FC15EC29AED43C76D94A6","public" 55 | "hash_sha256","B55BA0F869F6408674EE9C5229F261E06AD1572C52EAA23F5A10389616D62EFE","public" 56 | "hash_sha256","B6C969551F35C5DE1EBC234FD688D7AA11EAC01008013914DBC53F3E811C7C77","public" 57 | "hash_sha256","B8F00BD6CB8F004641EBC562E570685787F1851ECB53CD918BC6D08A1CAAE750","public" 58 | "hash_sha256","BF3B43F5E4398AC810F005200519E096349B2237587D920D3C9B83525BB6BAFC","public" 59 | "hash_sha256","C5F49C0F566A114B529138F8BD222865C9FA9FA95F96EC1DED50700764A1D4E7","public" 60 | "hash_sha256","C7B9AE61046EED01651A72AFE7A31DE088056F1C1430B368B1ACDA0B58299E28","public" 61 | "hash_sha256","C8ED52278EC00A6FBC9697661DB5FFBCBE19C5AB331B182F7FD0F9F7249B5896","public" 62 | "hash_sha256","DAC7B08A624C0144E1BAA929D455168FA45263475E1E9529346923A07C6377E3","public" 63 | "hash_sha256","DE839D6C361C7527EEAA4979B301AC408352B5B7EDEB354536BD50225F19CFA5","public" 64 | "hash_sha256","E1B2D0396914F84D27EF780DD6FDD8BAE653D721EEA523F0ADE8F45AC9A10FAF","public" 65 | "hash_sha256","E86FEAA258DF14E3023C7A74B7733F0B568CC75092248BEC77DE723DBA52DD12","public" 66 | "hash_sha256","FA3ECA4D53A1B7C4CFCD14F642ED5F8A8A864F56A8A47ACBF5CF11A6C5D2AFA2","public" 67 | "hash_sha256","FA50558BCF8AB396491BED342052B714CB9854BF990DE1E2A9CC51C5A445BBC3","public" 68 | "url","http://138.68.27.0","public" 69 | "url","http://85.239.62.36:27017/u/f","public" 70 | "url","https://baza.com/loader.bin","public" 71 | "url","https://files.catbox.moe/olyfi3.001","public" 72 | "url","https://ipfs.io/ipns/k51qzi5uqu5djqy6wp9nng1igaatx8nxwpye9iz18ce6b8ycihw8nt04khemao","public" 73 | "url","https://mainstomp.cloud/MDcMkjAxsLKsT","public" 74 | "url","https://sharemoc.space/XdYUmFd2xX","public" 75 | "url","https://temptransfer.live/SkwkUTIoFTrXYRMd","public" 76 | "domain","aicmas.com","public" 77 | "domain","alldataservice.com","public" 78 | "domain","animatedwebworks.com","public" 79 | "domain","arch-online.com","public" 80 | "domain","cadcamlabs.ru","public" 81 | "domain","email.gov.in.avtzyu.store","public" 82 | "domain","email.gov.in.drdosurvey.info","public" 83 | "domain","howupbusiness.com","public" 84 | "domain","insightsforconsultancy.com","public" 85 | "domain","keepass-download.grmspace.com","public" 86 | "domain","keepass-info.aenys.com","public" 87 | "domain","keepass.me","public" 88 | "domain","keepassx.com","public" 89 | "domain","keeppaswrd.com","public" 90 | "domain","larcausk.site","public" 91 | "domain","lvshilc.com","public" 92 | "domain","modilus.io","public" 93 | "domain","nestlingspace.com","public" 94 | "domain","protek-tech.com","public" 95 | "domain","prythera.com","public" 96 | "domain","resvat.co","public" 97 | "domain","resvat.com","public" 98 | "domain","salliemae-com-login.aenys.com","public" 99 | "domain","smakotin.com","public" 100 | "domain","takuripo.com","public" 101 | "domain","zowhy.com","public" 102 | -------------------------------------------------------------------------------- /IOC/OSINT-21-April-2025.csv: -------------------------------------------------------------------------------- 1 | "type","value","source" 2 | "hash_sha1","02AEBC3762E766BE0AC24EF57A135398344A8F7E","public" 3 | "hash_sha1","04AA241C574F0A7EC93BA5D27807D8E78467F21E","public" 4 | "hash_sha1","16F94F0DF6003F1566B2108F55E247F60A316185","public" 5 | "hash_sha1","1DB21DBF41DE5DE3686195B839E74DC56D542974","public" 6 | "hash_sha1","28765121730D419E8656FB8D618B2068408FE5AE","public" 7 | "hash_sha1","291AF8ADF6FA078692D0BF5E0D9D00C376BB3FFF","public" 8 | "hash_sha1","316AC8215095A24429632849407311B18A16E0CF","public" 9 | "hash_sha1","351FEBD645C66A3C9A79253D0AEFCCE8FF77054C","public" 10 | "hash_sha1","3771319BE1C8883610C65977811E93B0BDADDF6F","public" 11 | "hash_sha1","4181BC848A1CD32911A83E02FEAC9B8ABBD69AE2","public" 12 | "hash_sha1","43B4DBC71ADA99A7B8A8D6D0490BA5526A34F9A0","public" 13 | "hash_sha1","4B1EA5E7B28EB110D8741B76D34F7DBAE6F13B79","public" 14 | "hash_sha1","4C89BEAB00E3119CF516D6F98D364A5D99232181","public" 15 | "hash_sha1","5DDCBE4B591293F7B34FC0EF65DB6248BCC67EB6","public" 16 | "hash_sha1","5E42C6D12F6B51364B6BFB170F4306C5CE608B4F","public" 17 | "hash_sha1","6227CB77CB4AB1D066EEBF14E825DBC0A0A7F1E9","public" 18 | "hash_sha1","64171D46C8290C5CD88E0FBCE9E23DCECBE20865","public" 19 | "hash_sha1","65E4D507B1DE3A1E4820E4C81808FDFD7E238E10","public" 20 | "hash_sha1","76E93C97FFDB5ADB509C966BCA22E12C4508DCAA","public" 21 | "hash_sha1","7AB39D7AAD49ABB0F626383ED776FE20A3B4C8F3","public" 22 | "hash_sha1","7DD0131DD4660BE562BC869675772E58A1E3AC8E","public" 23 | "hash_sha1","84132AE00239E15B50C1A20126000EED29388100","public" 24 | "hash_sha1","88075BBC34655D1FA2A750F3BBDEE38214974009","public" 25 | "hash_sha1","8B5844FCBF6AF23BC0B410FC180E7E6BDD4F35C7","public" 26 | "hash_sha1","8EBE1A71AF1061D9E943BDFF46C5ED954D8C9348","public" 27 | "hash_sha1","937F6068DF4E091CF92D50AFB3C6B7CAD1DE6230","public" 28 | "hash_sha1","9BB8977CD5FC7BE484286BE8124154AB8A608D96","public" 29 | "hash_sha1","9BDEA37835CDB7F0B291891386AF28184AC85F79","public" 30 | "hash_sha1","9CA72D969D7C5494A30E996324C6C0FCB72AE1AE","public" 31 | "hash_sha1","A6B66B8B7EAE2969FD7237888D30766BAA1B2274","public" 32 | "hash_sha1","BE47B0C2FB328A338874F6EFBE8305DDB74F6A48","public" 33 | "hash_sha1","C38FC109E31C9D67A1EFC6CB767F826B7E46FB19","public" 34 | "hash_sha1","C54E214810CA7042D013845076B0360BDD7132B2","public" 35 | "hash_sha1","C83651D7706EFA8C115F2A0EDB07F863F4E79CE5","public" 36 | "hash_sha1","D53B7D0030A095A3FFA4B67D13DE82D08ADDA248","public" 37 | "hash_sha1","D61BF187C4CD3F9953B567B3AD320B9ECDE1C347","public" 38 | "hash_sha1","D9037E0DE902E6F7B6C5F1B3269BA482F5E67C8A","public" 39 | "hash_sha1","DC94EAA39E11F2CA7739D2CFDED9EEC1967F33EE","public" 40 | "hash_sha1","DD8DB29E90C6B52EE3D2723CC168CF33EE0BB521","public" 41 | "hash_sha1","E17DDB6515F2D399552245191F98458B68FECE7B","public" 42 | "hash_sha1","EF03B84048193A158ECF1F7033AB0CC8869DD2A5","public" 43 | "hash_sha1","F61589B1F86D8692964A6BD3E96DDADBE22994EB","public" 44 | "url","http://124.221.120.25:2222/vs666","public" 45 | "url","http://162.55.47.21:8080/1742688720","public" 46 | "url","http://45.61.136.228:8080/recaptha","public" 47 | "url","http://47.97.176.108:8887/?a=l64&h=47.97.176.108&t=ws_&p=8887","public" 48 | "url","http://64.95.10.95:8080/misteams","public" 49 | "url","http://64.95.10.95:8080/recaptch","public" 50 | "url","http://ciscocdn.com:8888/supershell/compile/download/x64","public" 51 | "url","http://ebhmkoohccl45qesdbvrjqtyro2hmhkmh6vkyfyjjzfllm3ix72aqaid.onion","public" 52 | "url","http://images.windowstimes.online/?a=l64&h=images.windowstimes.online&t=ws_&p=80","public" 53 | "url","http://lin.c1oudf1are.com:42323/?a=l64&h=lin.c1oudf1are.com&t=ws_&p=42323","public" 54 | "url","http://lin.huionepay.me:2086/?a=l64&h=lin.huionepay.me&t=ws_&p=2086","public" 55 | "url","http://lin.telegrams.icu:2086/?a=l64&h=lin.telegrams.icu&t=ws_&p=2086","public" 56 | "url","http://topsportracing.com/az10","public" 57 | "url","http://topsportracing.com/wp-az","public" 58 | "url","http://vs.gooogleasia.com:8443/?a=l64&h=vs.gooogleasia.com&t=ws_&p=8443","public" 59 | "url","http://www.bing-server.com:443","public" 60 | "url","https://airbluefootgear.com/wp-includes/images/xits.php","public" 61 | "url","https://album-anthony-rn-submission.trycloudflare.com/25423565","public" 62 | "url","https://apple-online.shop/ChromeSetup.exe","public" 63 | "url","https://apple-online.shop/MSTeamsSetup.exe","public" 64 | "url","https://apple-online.shop/MicrosoftEdgeSetup.exe","public" 65 | "url","https://dc-broader-green-norwegian.trycloudflare.com/12341234","public" 66 | "url","https://diff-beats-belize-chapter.trycloudflare.com/12341234","public" 67 | "url","https://ecologilives.com/additional-check.html","public" 68 | "url","https://egift.activationshub.com/gift-card/view/8lPFUrjq1LGzg7JHwS8hJJRdL","public" 69 | "url","https://forest-offensive-height-letters.trycloudflare.com/12341234","public" 70 | "url","https://lcd-add-palace-switching.trycloudflare.com/12341234","public" 71 | "url","https://metro-offset-imposed-behind.trycloudflare.com/ytjstast","public" 72 | "url","https://microsoft-msteams.com/additional-check.html","public" 73 | "url","https://microstteams.com/additional-check.html","public" 74 | "url","https://phones-pichunter-businesses-drop.trycloudflare.com/12341234","public" 75 | "url","https://pub-motorola-viking-charger.trycloudflare.com/12341234","public" 76 | "url","https://santa-reflection-capitol-classifieds.trycloudflare.com/12341234","public" 77 | "url","https://spa-step-hopkins-islands.trycloudflare.com/erfgtrtt","public" 78 | "url","https://sso.officefilecenter.com/signin?sso_reload=true#","public" 79 | "url","hxxp://topsportracing.com/wp-25","public" 80 | "ip","193.143.1.24","public" 81 | "ip","194.127.179.157","public" 82 | "ip","45.134.26.24","public" 83 | "ip","45.135.232.24","public" 84 | "ip","45.140.17.24","public" 85 | "ip","91.212.166.24","public" 86 | "hash_md5","030F54E96DB8A7EB0601976CC7997748","public" 87 | "hash_md5","06EC9CBAB0C3B1B47E7686AD40D07987","public" 88 | "hash_md5","0AC59D2C40EED713F35C3A1A0BAA846B","public" 89 | "hash_md5","0B04A2D692E0679243660865879628B2","public" 90 | "hash_md5","13903BFF189171D7DA957A50C6FC5840","public" 91 | "domain","address-4-72.top","public" 92 | "domain","adffew.top","public" 93 | "domain","aiisoi.top","public" 94 | "domain","airbluefootgear.com","public" 95 | "domain","api.jquery-release.com","public" 96 | "domain","api.thaibit.io","public" 97 | "domain","apib.googlespays.com","public" 98 | "domain","appexpress.top","public" 99 | "domain","aramexaene.com","public" 100 | "domain","at-post.icu","public" 101 | "domain","attdomhomepage.com","public" 102 | "domain","auspoust.cc","public" 103 | "domain","autopistes.asia","public" 104 | "domain","belpost-by.lol","public" 105 | "domain","btt.evil.gooogleasia.com","public" 106 | "domain","btyzywlp.top","public" 107 | "domain","busine.cfd","public" 108 | "domain","business-poste.top","public" 109 | "domain","canadaapoost.com","public" 110 | "domain","cdn.clublogos.io","public" 111 | "domain","cdn.jqueryversion.net","public" 112 | "domain","cdn.leaguehub.net","public" 113 | "domain","cdn.logoeye.net","public" 114 | "domain","cdn.soccerlab.io","public" 115 | "domain","ceska-post-a.blog","public" 116 | "domain","chamge-a.top","public" 117 | "domain","chroonopostfrr.click","public" 118 | "domain","coeetrttgroup.cfd","public" 119 | "domain","com-billsgowkx.xin","public" 120 | "domain","cootrut.site","public" 121 | "domain","cttpacks.click","public" 122 | "domain","dpd-pack.xyz","public" 123 | "domain","ecologilives.com","public" 124 | "domain","egiuw.top","public" 125 | "domain","eltade.cc","public" 126 | "domain","en.stockslab.org","public" 127 | "domain","en.wfinance.org","public" 128 | "domain","entelclws.top","public" 129 | "domain","epgovc.top","public" 130 | "domain","estafetau.shop","public" 131 | "domain","evriuk.top","public" 132 | "domain","ewdfb.top","public" 133 | "domain","fexpres.lol","public" 134 | "domain","forurbestexper.com","public" 135 | "domain","fwedsfg.top","public" 136 | "domain","geopostl.cfd","public" 137 | "domain","globeefd.top","public" 138 | "domain","hanypost.top","public" 139 | "domain","hketoll-etc-hk.top","public" 140 | "domain","https.sex666vr.com","public" 141 | "domain","indiapost.top","public" 142 | "domain","info-trackingcoi.cc","public" 143 | "domain","inposttrack.click","public" 144 | "domain","isr-aelpost.sbs","public" 145 | "domain","ks.evil.gooogleasia.com","public" 146 | "domain","lietuvospost.help","public" 147 | "domain","mapxis.ink","public" 148 | "domain","mcafeecdn.xyz","public" 149 | "domain","mndot.us-etce.cc","public" 150 | "domain","mondialrellay.live","public" 151 | "domain","mtls.sex666vr.com","public" 152 | "domain","mxups.me","public" 153 | "domain","myhermes-at.bond","public" 154 | "domain","myinfoaramapay.com","public" 155 | "domain","mys-jtexpres.cyou","public" 156 | "domain","nodejs.org","public" 157 | "domain","nzposst-co.top","public" 158 | "domain","phlppovd.top","public" 159 | "domain","post-isl.sbs","public" 160 | "domain","post-track.help","public" 161 | "domain","post-word.top","public" 162 | "domain","posta-romanam.cc","public" 163 | "domain","postah.cc","public" 164 | "domain","posteit.cfd","public" 165 | "domain","posten.top","public" 166 | "domain","posti-fifi.top","public" 167 | "domain","psocygb.xin","public" 168 | "domain","samsungcdn.com","public" 169 | "domain","serviciopostalgobec.pics","public" 170 | "domain","sex666vr.com","public" 171 | "domain","shant.fun","public" 172 | "domain","singpposts.top","public" 173 | "domain","slpostgovls.xyz","public" 174 | "domain","slvpostgob.ccsv","public" 175 | "domain","smbc-card.shop","public" 176 | "domain","smseexpress.cfd","public" 177 | "domain","spl-express.help","public" 178 | "domain","start.bootstrapcdn.fun","public" 179 | "domain","telkomssel.ink","public" 180 | "domain","tepco-co-jp.online","public" 181 | "domain","thetollroads-errp.top","public" 182 | "domain","thetollroadsll.lol","public" 183 | "domain","tigo-gtmc.top","public" 184 | "domain","trycloudflare.com","public" 185 | "domain","update.jquerycloud.io","public" 186 | "domain","vs.gooogleasia.com","public" 187 | "domain","wg.gooogleasia.com","public" 188 | "domain","www-claro.top","public" 189 | "domain","yhvxm.icu","public" 190 | "domain","yurticikargoy.cyou","public" 191 | "domain","za-post-word.top","public" 192 | "hash_sha256","045C041354A6D6B47E91E1124A7DC77397C18E0695CCBC73F87B12A0A1079D46","public" 193 | "hash_sha256","04BAE0045B86456D6000378A2E37D58B1FA617101543AD23BCEC862300B87BE3","public" 194 | "hash_sha256","05313E81E28F4C4A13E5F443CD2641181D5DE95CDC7E450E097EE23C09758A15","public" 195 | "hash_sha256","05C99F2C1A218CE4A985FD03A3A510C2EAF08EF4772F93EF4F2D5DA6CD9B86A1","public" 196 | "hash_sha256","074D26B9B128BE8E4A77D73DCAC31307F28B0E8B8097622C02267BE349FE4B4F","public" 197 | "hash_sha256","09793A85D372F044FE53C4B47C47049C6BC13D1141334727800B2E32E6D92342","public" 198 | "hash_sha256","0E0A647B3156D430CD70AD5A430277DC99014D069940A64D9DB1ECD60CA00467","public" 199 | "hash_sha256","17DB9D121FB3EB5033307FDB53DF67402BCBC9D8970F45D8142B78C83769B7AF","public" 200 | "hash_sha256","19A4339A4396E17FECE5FD5B19639AA773C3BB3D8E2F58EE3B8305B95D969215","public" 201 | "hash_sha256","1F568C2EAA8325BF7AFCF7A90F9595F8B601A085769A44C4FFA1CDFDD283594C","public" 202 | "hash_sha256","28C3C50D115D2B8FFC7BA0A8DE9572FBE307907AAAE3A486AABD8C0266E9426F","public" 203 | "hash_sha256","2F03B5D1081DFDE3D1296DACE404B362188B4A941530746D7B14711B42BC53AD","public" 204 | "hash_sha256","47E997B85ED3F51D2B1D37A6A61AE72185D9CEAF519E2FDB53BF7E761B7BC08F","public" 205 | "hash_sha256","61D092E5C7C8200377A8BD9C10288C2766186A11153DCAA04AE9D1200DB7B1C5","public" 206 | "hash_sha256","61F8224108602EB1F74CB525731C9937C2FFD9A7654CB0257624507C0FDB5610","public" 207 | "hash_sha256","62971070D6A8B9FCA8A50B9CD8E91545BFCC2C2B6665F134C112081F54E6BF31","public" 208 | "hash_sha256","6C054F9013C71CCB7522C1350995066EF5729371641A639A7E38D09D66320BF4","public" 209 | "hash_sha256","6E4CA569AB809BA3545860D26180316366803C231A2E3A66B4906ADC5826A397","public" 210 | "hash_sha256","71F773B4E9178DCEDD402C94FB9384AEA6312D8A93F95F3F9DC1249FD4933658","public" 211 | "hash_sha256","7501623230EEF2F6125DCF5B5D867991BDF333D878706D77C1690B632195C3FF","public" 212 | "hash_sha256","7D9F3701BF6F43AB84CE02CE4915DC0703504263DB2E1EB65F4F7C791565F731","public" 213 | "hash_sha256","80625A787C04188BE1992CFA457B11A166E19FF27E5AB499B58E8A7B7D44F2B9","public" 214 | "hash_sha256","8251186B3196E3FEFB0DBFCF71DFCCC2C1CD66515686C9AF8A6FB48766C739C6","public" 215 | "hash_sha256","888842BC1F6FCB354431919080858C623DEF305BED2214F11B93591859D4DEE2","public" 216 | "hash_sha256","8E273E1E65B337AD8D3B2DEC6264ED90D1D0662BD04D92CBD02943A7E12DF95A","public" 217 | "hash_sha256","91FCF70C1775DCAAAA4D3DE17D87D67976B0CEC9939DEDFB86F093AB388ED3B0","public" 218 | "hash_sha256","937C533BDDB8BBCD908B62F2BF48E5BC11160505DF20FEA91D9600D999EAFA79","public" 219 | "hash_sha256","958FF93E92EE8BED7819555603EA612F263C1B9C673566F5C506288B5318EFF8","public" 220 | "hash_sha256","996C19855BC30012E310944DD72D87376F26FCE086C6F2CEF3CD421CCB0C59FE","public" 221 | "hash_sha256","A5623B6A6F289BB328E4007385BDB1659407A9E825990A0FAAEF3625A2E782CF","public" 222 | "hash_sha256","A760E28145620FCCD072A415031CEC4036FC09E8530C93D85F5D1509D62FE551","public" 223 | "hash_sha256","B35DA0C1A515286A2B3021CF518140A59A63B470A9D611303304918BE9354D68","public" 224 | "hash_sha256","B36C20C757C4780F89272CE224A29A5A61B62733367893574196DEBDE19383FE","public" 225 | "hash_sha256","B3A512B9F4705D1947FBBBC42ACCDBD6BD95AF1B07CEC09D75AF501746FECDD5","public" 226 | "hash_sha256","BE6E5CEDE4E6A8B807062DB211EB3E8825A6CC00D71DDF7BCD63971D76219A25","public" 227 | "hash_sha256","C3028A3C0C9B037B252C046B1B170116E0EDECF8554931445C27F0DDB98785C1","public" 228 | "hash_sha256","D1CD8C4574C3290AE16BF4E718C5E89DADEF5B2FD4EEA2211A19A6180FF8EE5B","public" 229 | "hash_sha256","D4F3D0446E08DBF1A7CCB6DA09E756FF75EAE3B04DAFE2C2A69D6919052D2EBF","public" 230 | "hash_sha256","DF41085A8AA9EE9DA6A03DB08AD910B6EF5FCDC8FEE7EBB19744331C5E70C782","public" 231 | "hash_sha256","E307D3E9B8DE59311C692B2AB0EE864F0D469066E041141D577B65B43A4B3FFA","public" 232 | "hash_sha256","E668E30B4E111E16B4017CD49DD90C39F9988F8A44CD9CC16B95B7B451862B74","public" 233 | "hash_sha256","E69491A61EBC4A9FFC17884063C69A5489A83DD6D71295B4216962A43242A6C8","public" 234 | "hash_sha256","E78505DE8436A1D9978FD03A4E374518BE6F3F6F7F4BF18AE59E3F23301CE927","public" 235 | "hash_sha256","E89BF606FBED8F68127934758726BBB5E68E751427F3BCAD3DDF883CB2B50FC7","public" 236 | "hash_sha256","EB1CDF3118271D754CF0A1777652F83C3D11DC1F9A2B51E81E37602C43B47692","public" 237 | "hash_sha256","EB587B2603DFC14B420865BB862FC905CB85FE7B4B5A781A19929FC2DA88EB34","public" 238 | "hash_sha256","EC189B7CE68CB308139F6A5CF93FD2DC91CCF4432DC09CCAECB9DE403A000C73","public" 239 | "hash_sha256","F064FDD24C56F2D20F1A6A32FC7EDBD3848F962B25965B788B0DC725EEAB9DB4","public" 240 | "hash_sha256","F09D7BE7D9E2AFE24A0B507F04A2DA6BDB3D5536C03B1267D8639CE69084701B","public" 241 | "hash_sha256","F1DF43FE0F95DE6BADFB710827CDC7272E6654F108EF2CFCB2A01ACA089F0624","public" 242 | "hash_sha256","F613966B6ED1F080AACBA005B1E48268EF662FFFDF9894382299645F42900848","public" 243 | "hash_sha256","FDD4E0BB2A4475E4E44154D7BF29490DE98496553AF3C8807F999AB8B920263F","public" 244 | -------------------------------------------------------------------------------- /IOC/OSINT-24-March-2025.csv: -------------------------------------------------------------------------------- 1 | "type","value","source" 2 | "hash_sha256","0076F6EA4346AF5AE43DB08205664092029E06BB353E3406EE649E98723182EB","public" 3 | "hash_sha256","02AB315E4E3CF71C1632C91D4914C21B9F6E0B9AA0263F2400D6381AAB759A61","public" 4 | "hash_sha256","038FB5E0BA6C35E3EE2F56B5BD926109E8B321BD0C9E3B759489312518EFEA65","public" 5 | "hash_sha256","03FEC698A64C49F2650B064F0BA61266B22CAE4A8EB8E07959BFC07C9180B905","public" 6 | "hash_sha256","05633246AEEE0959414CF3B4D5482DF728CB798B838963270CF416783EF0DB7B","public" 7 | "hash_sha256","08F05C597AC7C8E35515A63A9E139EF75B44D92093ED8C5B1B3C064F9C7F6CB8","public" 8 | "hash_sha256","09CEA8AED5C58C446E6EF4D9BB83F7B5D7BA7B7C89D4164F397D378832722B69","public" 9 | "hash_sha256","0AD9AB7AA9ECBC79BCA0BFCE5BE58E0AA2606BDAB3898DAAC43A6FA1231AF164","public" 10 | "hash_sha256","0B3B9076591240A9639929A1A5A78922B5DB0AF3DBA2E782D595ECC139FFB7E1","public" 11 | "hash_sha256","12D4EFE2B21B5053A3A21B49F25A6A4797DC6E9A80D511F29CA67039BA361F63","public" 12 | "hash_sha256","1395627ECA4CA8229C3E7DA0A48A36D130CE6B016BB6DA750B3D992888B20AB8","public" 13 | "hash_sha256","15DB49717A9E9C1E26F5B1745870B028E0133D430EC14D52884CEC28CCD3C8AB","public" 14 | "hash_sha256","1753FA34BABEEEE3B20093B72987B7F5E257270F86787C81A556790CB322C747","public" 15 | "hash_sha256","1A13DC5488612AFF33C3AD378D6B06B76551A2C6DEFB30B132547A633DF03076","public" 16 | "hash_sha256","1EA7ECCE3B51F8C0F5329BC79CF7C035E47C962CA0241D040548F2FD55E3F1C8","public" 17 | "hash_sha256","1F1D3587E458DD883F9CA282FBF559115334A993BA111EC2296E94DE8A6FAB83","public" 18 | "hash_sha256","21B37FA1ECA20402431CA88DD77DB2DDD258B4BB69EA7A74DFEAE54AEB7D7E14","public" 19 | "hash_sha256","2272925B1E83C7C3AB24BDEB82CE727DB84F5268C70744345CDA41B452C49E84","public" 20 | "hash_sha256","234899DEA0A0E91C67C7172204DE3A92A4CBEEF37CDC10F563BF78343234AD1D","public" 21 | "hash_sha256","23A96252BA2A3CFF76158FA598F4DE904780F24FBBD426F36258077628E8CFC2","public" 22 | "hash_sha256","25A6A3A84FD0C070FBF3DFC9DA4A3E2E1186D9165EC59C3AAE2A82A6506D62D3","public" 23 | "hash_sha256","262A4DFF66CEB25D35D5CA8D8D148C1FEE88EA2EE1187877A5A0C8D6A0DD24B5","public" 24 | "hash_sha256","276024580B5BC903656A1C12A7EC02DACCB10E6E6BDF6872765C9A67F1CD6DA5","public" 25 | "hash_sha256","290B3FE64FD0875B2DC6BC0AD77DD52A70AD91A81DC24220523D38BF6C538AFA","public" 26 | "hash_sha256","299E6791E4EB85617C4FAB7F27AC53FB70CD038671F011007831B558C318B369","public" 27 | "hash_sha256","2D4FA520C03B358223D8210F2E9BAD572E4914EFD6E70CB7DB85A377E891E69A","public" 28 | "hash_sha256","31742AB79932AF3649189B9287730384215A8DCCDF21DB50DE320DA7B3E16BB4","public" 29 | "hash_sha256","32D8971CE5D541B1EB8863EA66DFD1AEE0CB9FDAEB47990991ED301912BFFA78","public" 30 | "hash_sha256","33414ABC9D5D4767A2612F85FE3B0555F3CBEF646163EF3D1D9DDB753DF5EFBF","public" 31 | "hash_sha256","35E853CC67BF1869127ED341EA7B1A5CBF7032523288D514DC4685924F898DB2","public" 32 | "hash_sha256","36CA817200204EAE59263031E64971E18A8F1D187C81E858D21E4567885E3040","public" 33 | "hash_sha256","3A7F64223A51E35A8253804C42D0BA92B663E06DA8C21D398A65074B8E50BEEC","public" 34 | "hash_sha256","3C9F0907304F7AF7A7B88F931B6733698E86492D02E98E440E87E3FFE2153DBC","public" 35 | "hash_sha256","3D7658C7DB34650DB12F11C0F2621C08A80AA0FFB5443A944519B4DA0236E446","public" 36 | "hash_sha256","45C62EBE5CD2441CA25A86DDC7023BC938C8D47F12EA626D5245875BF0A13C02","public" 37 | "hash_sha256","479C27DAA3B3BC10DE1CDE10C54D62F71EED0CB922D32B58FA4083204FECC050","public" 38 | "hash_sha256","494123779A6EDF73807F549B6CD1BFFD3BFD660DACB027AF66600EAAD66F8FB1","public" 39 | "hash_sha256","497A326C6C207C1FB49E4DAD81D051FCF6BCBE047E0D3FE757C298EF8FE99ABA","public" 40 | "hash_sha256","4B00B7EF72DB51BD3C40366E283FC4EED7D613B410FDEBAF451BF926FDD427FD","public" 41 | "hash_sha256","57F58FD5C140FD86FDA11C8F7AAE1B53479E1510FBCABE7BEE795DC01929285C","public" 42 | "hash_sha256","583940AB94608408294E344AF4503C8CAED96966A08165C58CDC4FAA03AB52A9","public" 43 | "hash_sha256","5B0F8C650F54F17D002C01DCC74713A40ECCB0367357D3F86490E9D17FCD71E8","public" 44 | "hash_sha256","5F08F5D3732BC019C80277AB6D8D4A4BD49709958E7A1EE8879DDCEA21751CBB","public" 45 | "hash_sha256","5F9D864D11C79B34C4502EDBA7D0E007197D0DF086A6FB9D6BFDA84A1771FF0F","public" 46 | "hash_sha256","61BB32673E33C7AA1A0825E18629880B4D870FDEB4666D8B0CA954866D110A07","public" 47 | "hash_sha256","622B9C7A39C3F0BF4712506DC53330CDDE37E842B97F1D12C97101CFE54BEBD4","public" 48 | "hash_sha256","67D99F3AFAA21D470F354DADE1FA19320CC36D51E7023BE64D4DAA25AF6F5DEF","public" 49 | "hash_sha256","6F6F7AA6144A1CFE61AC0A80DB7AD712440BDC5730644E05794876EB8B6A41B4","public" 50 | "hash_sha256","6FF9EAC3B4272E81A3B89F709FBA4DBA6544DB22E72DCB114BA27E10970420AD","public" 51 | "hash_sha256","71EB5115E8C47FFF1AB0E7ACEBAEA7780223683259A2BB1B8DB1EB3F26878CA4","public" 52 | "hash_sha256","76964C6E8283101383A5A99F7A0BD8A7C170E44752A73CE034558C43A19207AF","public" 53 | "hash_sha256","77A96B9BCC2BDCBC5C5CD39D606B8B14112E04390C04E4C9A7570A8BBCA32ED2","public" 54 | "hash_sha256","77C12DCDACD58F1F0CBF032FCF52B18AA06CD30C8A763A4DD3B2216F9C78E9A4","public" 55 | "hash_sha256","7880968B0020947D5D13FAC826E49C70B5A9421E3D6546A34663803A411B97FF","public" 56 | "hash_sha256","788FD5A229D4776CCA93F8628102CBAED704675EEBE7CC8C92D1A731532DEA3A","public" 57 | "hash_sha256","7985FBD052906A1CD963D42987AC5C840DDBF920B6C9B274AA5F428021830902","public" 58 | "hash_sha256","7A4D5219956854DB9581C98D9CEE7D6EBE61C5498988EC2655CD80F3548F7BED","public" 59 | "hash_sha256","7C0F223F585B9C9B64D4AC8C04724EDBFFA43B95FA997912960C9C5332EDE18B","public" 60 | "hash_sha256","7D7D6C292C05920D8272960C62ACB8AB5C000F4C6CF3ED9F5E1EDD70F7F33C91","public" 61 | "hash_sha256","7EF22BFB6B2B2D23FE026BDFD7D2304427B6B62C6F9643EFEDDB4820EBF865AF","public" 62 | "hash_sha256","80A2AE9D5189C55AEB838B651A712E70045D8E45BD95678C61109E6183FE3607","public" 63 | "hash_sha256","81889343FD40C56F5D5440518B7969CDE1F33D0EB263F3BED206BBE4A09E5619","public" 64 | "hash_sha256","8212F3C18F5C875E5543E08389798EDB8CDACE8446211CEDB0BAEE70E0E37D97","public" 65 | "hash_sha256","84099559A6D1DD1FEC8A5C065DA9F0747FAB8EBB7368C197224FA33035EABE8D","public" 66 | "hash_sha256","8571A354B5CDD9EC3735B84FA207E72C7AEA1AB82EA2E4FFEA1373335B3E88F4","public" 67 | "hash_sha256","8D440C5F0ECA705C6D27AA4883C9CC4F8711DE30FEA32342D44A286B362EFA9A","public" 68 | "hash_sha256","8DFF18F10C857DD3EEB5511F5724DA0AB1D9E411044AEA27F6DE23EE33F798C8","public" 69 | "hash_sha256","91C8B02B1FA9D1D555B56E50B091D4C5493B907E18B794F3280682D8D30B96F3","public" 70 | "hash_sha256","94017628658035206820723763A2A698A4FD7BE98FC2C541AAD6AA0281EF090E","public" 71 | "hash_sha256","950243A133DB44E93B764E03C8D06B99310686D010B52B67F4EFFA57F0D72E04","public" 72 | "hash_sha256","95EEE44482B4226EFE3739BED3FA6CE7AE7DB407C1E82E988F27CD27A31B56A6","public" 73 | "hash_sha256","97536E893CBD37B535911D36B284DE01325F3A6CD7213E4E82536CEF1D85C3AA","public" 74 | "hash_sha256","9E0274C4E57381E97CCCEADBA37B64DA35CFC379F80ABC53E40F310A5E6B690B","public" 75 | "hash_sha256","9E0A89C1B98F448865A73049A2B90BDFCD1B9846C4506441CFA6F0E429C1B329","public" 76 | "hash_sha256","9FA315259CC627B17A0D99864CD1BF54667BD26CCEF5CE50BA412FA8911B10E5","public" 77 | "hash_sha256","A46C3639BA099953DEF013430063EA018F616C10E4B1CB4FE9A26D261F9DAB0D","public" 78 | "hash_sha256","A774244EA5D759C4044AEA75128A977E45FD6D1BB5942D9A8A1C5D7BFF7E3DB9","public" 79 | "hash_sha256","A845E674C5B4B532F5FAE07AE2BCEEE181858F9C4A781C2C1B315B4F13D06F77","public" 80 | "hash_sha256","A8806944FF6CAD0D45D956972C32E93F44DA7E251352D63C1F058DF8384B78D1","public" 81 | "hash_sha256","A8F5537A63FEE5DA18F64A0FE6108916A740FDDA3BA961D425EC5A8A9419E409","public" 82 | "hash_sha256","A96A0BA7998A6956C8073B6EFF9306398CC03FB9866E4CABF0810A69BB2A43B2","public" 83 | "hash_sha256","AA2D46665EA230E856689C614EDCD9D932D9EDAD0083BF89C903299D148634A2","public" 84 | "hash_sha256","AAF985A5817A693F92A2775CE65EF57DDD2425B38533EC95062940D475C5568D","public" 85 | "hash_sha256","AB84AEEE213B902FDE9740C466CD53AF4BAE6D5EA81A2B84C4D534B08B2FA049","public" 86 | "hash_sha256","AD3EC38F79B4964FC9BA0D8F2D9D28C7CD3BD20DEE0E3ACF427EEBB5DC819275","public" 87 | "hash_sha256","AE312393EF8E7C4A813A0ED8D4DD9E6A85B00303EB070EB15133797F41E99D90","public" 88 | "hash_sha256","AF1A08578A5EBB02835CF10A9A45393349BCAA2CAA6EB9E823E7FC08DB37DA66","public" 89 | "hash_sha256","B058C128C801E2EE03874E183239FF369C599F3A2324905FF73F99D16D3B1A16","public" 90 | "hash_sha256","B1553DFEE1DA93FD2DEDB0755230CE4E21D4CB78CFC369DE29D29D04DB1FE013","public" 91 | "hash_sha256","B994CBC1B5C905A2B731E47B30718C684521E8EC6AFB601AFECF30EF573E5153","public" 92 | "hash_sha256","BAB01D029556CF6290F6F21FEC5932E13399F93C5FDBCFFD3831006745F0EB83","public" 93 | "hash_sha256","BBB6542D8602DFE0B66073266A3606E6804F5B2C67D64266B0EF245220CCC3CC","public" 94 | "hash_sha256","BD82216F1341159E950E9E7A68015C54C4995C8FD7C12C28A839C5068B0919AD","public" 95 | "hash_sha256","C05287F40E4C779A470D74C6C530D7BBF5C5AA27DFC36DA0611BE5EFE51A0E71","public" 96 | "hash_sha256","C28FA95A5D151D9E1D7642915EC5A727A2438477CAE0F26F0557B468800111F9","public" 97 | "hash_sha256","C333E4ED8E0D5C3B1F26FA12F51A1DC66DB4CCA344A646061E2C95F305560AA9","public" 98 | "hash_sha256","C3405D9C9D593D75D773C0615254E69D0362954384058EE970A3EC0944519C37","public" 99 | "hash_sha256","C37D0C9C9DA830E6173B71A3BCC5203FBB66241CCD7D704B3A1D809CADD551B2","public" 100 | "hash_sha256","C4D51F5A4DC95B0AC4B4F44A74D282D84898DDF56293A7DFDDD5CB5EB90EC989","public" 101 | "hash_sha256","C9E05B08731892295A0842F7D17BE0747C16226FCB75FA4A23B43B61A833C8CF","public" 102 | "hash_sha256","CB884BE5F579E4E4917DE5D9AE0A9CD3D9C80397B9A1519A8BB1FD5EEB6B882B","public" 103 | "hash_sha256","CCA5DF85920DD2BDAAA2ABC152383C9A1391A3E1C4217382A9B0FCE5A83D6E0B","public" 104 | "hash_sha256","CE41636E0733724C6531A9738B035E9743AEE8C39FC7358410000A9706B14231","public" 105 | "hash_sha256","CEFA8CB6C1E7641ED22C250DE4C9F7663C66E7FD18F93B69E1FF45401AF855F7","public" 106 | "hash_sha256","CF87A44C575D391DF668123B05C207EEF04B91E54300D1CBBEC2F48F5209D4A4","public" 107 | "hash_sha256","D1825CD7A985307C8585D88D247922C3A51835F9338DC76C10CDBAD859900A03","public" 108 | "hash_sha256","D1E1EB0E0AAEDB01DF8CC2B98B0119C4AEF8C1C2A3930EA0C455F0491E3161EB","public" 109 | "hash_sha256","D44603ABDCD6A4EB3283D5D4BE88B93CC359D6F0EFACCFD546C10E3349CCB4ED","public" 110 | "hash_sha256","D47E35BAEE57EB692065A2295E3E9DE40E4C57DBA72CB39F9ACB9F564C33B421","public" 111 | "hash_sha256","D9EFD833D31365C25BC10BB2A34845ADD5FF89BD660DA1D9405DEA82D035A308","public" 112 | "hash_sha256","DBE480495BE5ABC23437B5E916FA0368C617E4DBD58D9ED7EA303B102A6DC3B1","public" 113 | "hash_sha256","DD0E796F52FC1FCAD488DF122DB8F5FCC9423FFDD3B5EDBCC66D6055AB8A2247","public" 114 | "hash_sha256","DD832C8E30ED50383495D370836688EE48E95334270CBBCE41109594CB0C9FD1","public" 115 | "hash_sha256","DE41F1076CE46DD36CCF6B5D7975C070D0C5FE2E6556CEDFAD2DD0CD37653B06","public" 116 | "hash_sha256","DE4D1F58FA8FA9EB156A37A8D9A3396D58E804F92E5EEE25878A36A116F66362","public" 117 | "hash_sha256","DF6CB5199C272C491B3A7AC44DF6C4C279D23F7C09DAED758C831B26732A4851","public" 118 | "hash_sha256","E0B562B70B9FED98A05680A613F786BD482F71456976C7290CA2059004CB64A5","public" 119 | "hash_sha256","E159824448A8E53425B38BD11030AA786C460F956C9D7FC118B212E8CED4087A","public" 120 | "hash_sha256","E5D6F7138FCCCD1A579D681EF354C4660DEAB3C216F3DB1A330A8212D99FBEA1","public" 121 | "hash_sha256","E6A7BDBBF05A76A68E1D5E1DE15C63EEEA1607245B5604EE5AC835AEFEC57D6D","public" 122 | "hash_sha256","E7CAD51C71403C229364147D66EF1858065B10645D1D09774CD9A91DD8E54717","public" 123 | "hash_sha256","EDC9222AECE9098AD636AF351DD896FFEE3360E487FDA658062A9722EDF02185","public" 124 | "hash_sha256","EEBC24A4F94B02F1FDE7674887F20FE6029DC525ED9AD2256D3F79AB6579483A","public" 125 | "hash_sha256","F365CA957E733714691F4AC19F136B33442269816E71CAB84C3CE0B319084CC2","public" 126 | "hash_sha256","F635F424B967E3DF6BEC0E6BD4643D5B19BB6E3E3D9C925D91124B80F85E8D1B","public" 127 | "hash_sha256","F7B52EE613F8D4E55A69F0B93AA9AA5472E453B0C458C8390DB963FF8B0B769C","public" 128 | "hash_sha256","F7F6D0AFB300B57C32853D49FF50650F5D1DC7CF8111AA32FF658783C038BFE5","public" 129 | "hash_sha256","F9C5D479EAD9D36AF0DC3389774FA2AF85D490D93FF91620B1F9390783247CAE","public" 130 | "hash_sha256","F9EB34C34E4A91630F265F12569F70B83FEBA039C861D6BF906B74E7FB308648","public" 131 | "hash_sha256","FFB8DB57B543BA8A5086640A0B59A5DEF4929AD261E9F3624B2C0A22AE380391","public" 132 | "domain","9convert.com","public" 133 | "domain","convertallfiles.com","public" 134 | "domain","convertisseurs-pdf.com","public" 135 | "domain","convertitoremp3.it","public" 136 | "domain","convertix-api.xyz","public" 137 | "domain","convertpro.org","public" 138 | "domain","convertscloud.com","public" 139 | "domain","deep-seek.bond","public" 140 | "domain","deep-seek.cfd","public" 141 | "domain","deep-seek.qpon","public" 142 | "domain","freejpgtopdfconverter.com","public" 143 | "domain","i4toolsearch.vip","public" 144 | "domain","i4toolssddsl.top","public" 145 | "domain","i4toolssddzp.top","public" 146 | "domain","i4toolssddzq.top","public" 147 | "domain","i4toolssddzr.top","public" 148 | "domain","i4toolssddzt.top","public" 149 | "domain","i4toolssddzu.top","public" 150 | "domain","i4toolssddzw.top","public" 151 | "domain","i4toolssddzy.top","public" 152 | "domain","i4toolssffna.top","public" 153 | "domain","i4toolssffnd.top","public" 154 | "domain","i4toolssffnf.top","public" 155 | "domain","i4toolssffng.top","public" 156 | "domain","i4toolssffnh.top","public" 157 | "domain","i4toolssffnj.top","public" 158 | "domain","i4toolssffnl.top","public" 159 | "domain","imageconvertors.com","public" 160 | "domain","oldschool.best","public" 161 | "domain","primeconvertapp.com","public" 162 | "domain","youdaohhnf.top","public" 163 | "domain","youdaohhsh.top","public" 164 | "domain","youdaohhvw.top","public" 165 | "domain","youdaohhvy.top","public" 166 | "domain","youdaohhxf.top","public" 167 | "domain","youdaohhzi.top","public" 168 | "domain","youdaohhzy.top","public" 169 | "ip","103.149.98.231","public" 170 | "ip","104.167.222.106","public" 171 | "ip","121.78.147.213","public" 172 | "ip","185.208.158.206","public" 173 | "url","https://fancy-bush-61e9sydgsyi29s.jennifer-may.workers.dev","public" 174 | "url","https://i4toolssddzp.top/i4Tools8_v8.33_Setup_x64.zip","public" 175 | "url","https://i4toolssddzq.top/i4Tools8_v8.33_Setup_x64.zip","public" 176 | "url","https://i4toolssddzr.top/i4Tools8_v8.33_Setup_x64.zip","public" 177 | "url","https://i4toolssddzt.top/i4Tools8_v8.33_Setup_x64.zip","public" 178 | "url","https://i4toolssddzu.top/i4Tools8_v8.33_Setup_x64.zip","public" 179 | "url","https://i4toolssddzw.top/i4Tools8_v8.33_Setup_x64.zip","public" 180 | "url","https://i4toolssddzy.top/i4Tools8_v8.33_Setup_x64.zip","public" 181 | "url","https://i4toolssffna.top/i4Tools8_v8.33_Setup_x64.zip","public" 182 | "url","https://i4toolssffnd.top/i4Tools8_v8.33_Setup_x64.zip","public" 183 | "url","https://i4toolssffnf.top/i4Tools8_v8.33_Setup_x64.zip","public" 184 | "url","https://i4toolssffng.top/i4Tools8_v8.33_Setup_x64.zip","public" 185 | "url","https://i4toolssffnh.top/i4Tools8_v8.33_Setup_x64.zip","public" 186 | "url","https://i4toolssffnj.top/i4Tools8_v8.33_Setup_x64.zip","public" 187 | "url","https://i4toolssffnl.top/i4Tools8_v8.33_Setup_x64.zip","public" 188 | "url","https://li.tistateronic.ru/OqgX","public" 189 | "url","https://line.infoapollocapital.buzz","public" 190 | "url","https://xiazailianjieoss.com/YoudaoDictSetup.zip","public" 191 | "url","https://xiazailianjieoss.com/baidu/deepseek_release_X64.zip","public" 192 | "url","https://xiazailianjieoss.com/i4Tools8_v8.33_Setup_x64.zip","public" 193 | "hash_sha1","018944FC47DD2329B23B74DA31B19D57373FF539","public" 194 | "hash_sha1","02D32978543B9DD1303D5B020F52D24D5DABA52D","public" 195 | "hash_sha1","0E58ED8671D6B60D0890C21B07F8835ACE038E67","public" 196 | "hash_sha1","1AFDCD38AF37B9452FB4AC35DD9FCDCD5629B891","public" 197 | "hash_sha1","233029813051D20B61D057DC4A56337D9BDC40D2","public" 198 | "hash_sha1","2FB3B8099499FDD03DA7064812645AC781AFD502","public" 199 | "hash_sha1","3630F62771360540B66701ABC8F6C868087A6918","public" 200 | "hash_sha1","3C08C694C222E7346BD8633461C5D19EAE18B661","public" 201 | "hash_sha1","3F5F6839C7DCB1D164E4813AF2E30E9461AB35C1","public" 202 | "hash_sha1","5401E3EF903AFE981CFC2840D5F0EF2F1D83B0BF","public" 203 | "hash_sha1","68B72DA59467B1BB477D0C1C5107CDD8D9078D7D","public" 204 | "hash_sha1","694B1DD3187D876C5743A0D0B83334DBD18AC9DB","public" 205 | "hash_sha1","8361F7DBF81093928DA54D3CBC11A0FCC2DDB55A","public" 206 | "hash_sha1","875DC27963F8679D7D8BF53A7D69966523BC36BC","public" 207 | "hash_sha1","918DDD842787D64B244D353BFC0E14CC037D2D97","public" 208 | "hash_sha1","9B2B9A49F52B37927D6A9F4D6DDB180BD8169C5F","public" 209 | "hash_sha1","A4F68D0F1C72C3AC9D70919C17DC52692C43599E","public" 210 | "hash_sha1","AB65C08DA16A45565DBA930069B5FC5A56806A4C","public" 211 | "hash_sha1","D2C25AF9DD6D60A341B0C93DD97566FB532BFBD8","public" 212 | "hash_sha1","D3DA9467D0C89A9312DA199DCC83CDDF3607D8B1","public" 213 | "hash_sha1","D61A4387466A0C999981086C2C994F2A80193CE3","public" 214 | "hash_sha1","D8B631C551845F892EBB5E7D09991F6C9D4FACAD","public" 215 | "hash_sha1","F12C8CEC813257890F4856353ABD9F739DEED890","public" 216 | "hash_sha1","F5BA545D4A16836756989A3AB32F3F6C5D5AD8FF","public" 217 | -------------------------------------------------------------------------------- /IOC/OSINT-24Feb-IOC-List (2).csv: -------------------------------------------------------------------------------- 1 | "type","value","source" 2 | "hash_sha256","02244934046333F45BC22ABE6185E6DDDA033342836062AFB681A583AA7D827F","public" 3 | "hash_sha256","1ABFFE97AAFE9916B366DA57458A78338598CAB9742C2D9E03E4AD0BA11F29BF","public" 4 | "hash_sha256","243B92959CD9AA03482F3398FBE81B4874C50A5945FE6B0C0ABB432A33DB853F","public" 5 | "hash_sha256","25967270D67253C72532A7E0416EB27FF249BC17DC1D7CDED0148F8F4B932789","public" 6 | "hash_sha256","26B1D37EA3DA6A6213B65B000DBB39575D858FA274AEA895CC3BF62E706FCE5D","public" 7 | "hash_sha256","274EFB6BB2F95DEB7C7F8192919BF690D69C3F3A441C81FE2A24284D5F274973","public" 8 | "hash_sha256","28E6362ECF033B2A26C7457DCBD7AD2AB34E253FB08666D39073391A1254EA41","public" 9 | "hash_sha256","2BAE8B07F5098E1CA8FB5A5776EB874072ACE4E19734CBA4AF4450EECCDE7F89","public" 10 | "hash_sha256","2DF4C7BFA608CA88D9D659358894226910850AC0D7E566C6C10EC2727361D47B","public" 11 | "hash_sha256","32609FAEF0B04F0C37C4CF081C147872A45C59D7C4FBCA35DEB40D144B0226AD","public" 12 | "hash_sha256","33EA72B46AF7BB2ECC0775F7536D3259F34BD7A13E298CAC66649EE694097C2E","public" 13 | "hash_sha256","364F38B48565814B576F482C1E0EB4C8D58EFFCD033FD45136EE00640A2B5321","public" 14 | "hash_sha256","366EA3377EAEFA28B655B530710C03FB2ACE67BB531B1820E916CB02023892BA","public" 15 | "hash_sha256","3CEF0B5F069CC1D15D36AA83D54D2A7BE79B29B02081B6592DD4714639AD0A66","public" 16 | "hash_sha256","3E137DA41CB509412EE230C6D7AAC3D69361358B28C3A09EC851D3C0F3853326","public" 17 | "hash_sha256","40EBD719AA66A88E261633887ED4E2C144BD11FBCC6F7793F9B32652CC5BF2D3","public" 18 | "hash_sha256","42663F9D1AD0FE190912800B92C64D38B6F74FAC23281B87180A4FEF5BC2EFD6","public" 19 | "hash_sha256","43DE1831368E6420B90210E15F72CEA9171478391E15EFDD608AD22FE916CEA8","public" 20 | "hash_sha256","44DC2777EE8DD6D5CD8EBB10E71CAF73B330940131417B5FCA2B174A264E19E3","public" 21 | "hash_sha256","471E61015FF18349F4BF357447597A54579839336188D98D299B14CFF458D132","public" 22 | "hash_sha256","4A92FA725ADC57D7B501F33E87230A8291CF8AD22D4D3A830293ABCC0AC10D12","public" 23 | "hash_sha256","4EAEBD93E23BE3427D4C1349D64BEF4B5FC455C93AEBB9B5B752981E9266488E","public" 24 | "hash_sha256","5051F0AA11DA67E16797DAA51992467AD45C5BF18DCD2E252E8AA63D3FCE31BC","public" 25 | "hash_sha256","5064B2A8FCFC58C18F53773411F41824B7F6C2675C1D531FFA109DC4F842119B","public" 26 | "hash_sha256","571607C7F55C3616E4C58DB15E3D55317DA10294DBC10E0CD1ED24879B8FC051","public" 27 | "hash_sha256","625ED0E0AD7D3FBF2738349C767A7990C9F0D388DE66104E11DF3E0C4632033C","public" 28 | "hash_sha256","6E625BBCECC45B6B556141EEF37FFD31AA4861CE4DEBCA6500BE72364172FFC7","public" 29 | "hash_sha256","7416F6B69B34B3A36A86E50808E1DC47F4DC665BFD6F394CEF65E0BA5EAF961B","public" 30 | "hash_sha256","7B8EA6B1E2A29190CB28FC98EF837BF4A7A0B71B84177CE9395A5113A843C4D3","public" 31 | "hash_sha256","7C741C8BCD19990140F3FA4AA95BB195929C9429FC47F95CF4AB9FAD03040F7B","public" 32 | "hash_sha256","83C1A668AB06F55E6879593CA24EED9F78832BE97AC90BB74EF5828067F2D900","public" 33 | "hash_sha256","8BE80A33454F6C82AB565594CC33A2915D3E02AEB55D0E277AFB00E28249A1A1","public" 34 | "hash_sha256","8D44F2F442CA8F2FBBF75086A6F8D518C300CA93FE9957A9716076919B475865","public" 35 | "hash_sha256","9192A1C1AB42186A46E08B914D66253440AF2D2BE6B497C34FE4B1770C3B5E01","public" 36 | "hash_sha256","91E405E8A527023FB8696624E70498AE83660FE6757CEF4871CE9BCC659264D3","public" 37 | "hash_sha256","94B1087AF3120AE22CEA734D9EEA88EDE4AD5ABE4BDEAB2CC890E893C09BE955","public" 38 | "hash_sha256","9BDF41A178E09F65BF1981C86324CD40CB27054BF34228EFDCFEE880F8014BAF","public" 39 | "hash_sha256","A0887FA90F88DD002B025A97B3A57E4FDB7F5FDD725490D96776F8626F528EF2","public" 40 | "hash_sha256","A229A2943CF8D1B073574F0C050CA06392D0525B2028F4B4B04D1E4B40110C66","public" 41 | "hash_sha256","A2452456EB3A1A51116D9C2991AAE3B0982ACC1A9B30EFEE92A4F102DC4D2927","public" 42 | "hash_sha256","A2BB321D41B2300E80F9400950FA2125470D5B3927933AB4D6397F0CBF81532A","public" 43 | "hash_sha256","AB54AF1DBE6A82488DB161A7F57CD74F2DD282A9522587F18313B4E9835DC558","public" 44 | "hash_sha256","B28BC39E569AA0CFE984C341830CB037C5305877BA22A940C3BDAEB43CA87878","public" 45 | "hash_sha256","B38DAB1EE402F731313D697D5D79372AE97FCAB5704077771B5B82E705E0CD6D","public" 46 | "hash_sha256","B66660DFE1CE69F706AAA412FCD3FF18554D604DF59C09ADC2A8117417967CE9","public" 47 | "hash_sha256","BC490047FE6E0B0000C6CD147D3CF483105C92CF00450BFE35AC70F276A9E5C8","public" 48 | "hash_sha256","BC5B2EF81593095696433877CCCB0AB75EF942258EF4795DE5538DF842D952F4","public" 49 | "hash_sha256","C19BE7A006BD2BA8DEB56DCC6127A76F9624C6F1392A1794870DBED6F1A81BD5","public" 50 | "hash_sha256","C4DB25AB55AF2E943A297A5ECF7A62ACC3AD8897EC8BA4AB3226A138DA237B82","public" 51 | "hash_sha256","C7AA85C0B97C8F1F6F119109DF02E0F33AA7CD495DD7399A39927C9F1FBC258B","public" 52 | "hash_sha256","C7EC098093EB08D2B36D1C37B928D716D8DA021F93319A093808A7CEB3B35DC1","public" 53 | "hash_sha256","C9DA5B0A8DEE27FBF5D7BBB4C9B9B38D8C0C547479D315EFD62599A3C5D9CB13","public" 54 | "hash_sha256","CA172F8D36326FC0B6ADEF9EA98784FD216C319754C5FC47AA91FCE336C7D79A","public" 55 | "hash_sha256","D34C95C0563C8A944A03EE1448F0084DFB94661C24E51C131541922EBD1A2C75","public" 56 | "hash_sha256","D74B6B2129936377AACCC619BCFD4DF4FFBE2F35F960A4B043B23AE78A31EC35","public" 57 | "hash_sha256","DA8EF50FE5E571D0143A758C7C66BB55653F1F2D04F16464FC857226441D79B2","public" 58 | "hash_sha256","DCA39474220575004159ECFF70054BCF6239803FCF8D30F4E2E3907B5B97129C","public" 59 | "hash_sha256","DE4BB30E400F081601D4091206BA6C04AC502F50E0DBAC879DB8C0202BFF8108","public" 60 | "hash_sha256","E1202C017C76E06BFA201AD6EB824409C2529E887BDAF128FC364BDBC9E1E214","public" 61 | "hash_sha256","E1BDB6A878DC5A81A74F7178259571D6C1C89FD8163185E6CCC61732D64B6338","public" 62 | "hash_sha256","E1D72B0CFC3342B8A6436E3047C3CC54246C346AC179E459D07620D192BA6E01","public" 63 | "hash_sha256","E46779869C6797B294CB097F47027A5C52466FD11112B6CCD52C569578D4B8CD","public" 64 | "hash_sha256","F0DF09513DCF292264B3336269952C7E9FF685DF8180A2035BEE9F3143B36609","public" 65 | "hash_sha256","F2A1488DF1036549DA2DA37BD9CBC2B411C3BB2C3D4D431BC2E86A744578AD37","public" 66 | "hash_sha256","F39319312A567FA771921D11ECE66F3CE8996BA45F90D6FC89031B621535EB7E","public" 67 | "hash_sha256","F8915C5BE0649642DAC22572355F1462972F5087471F66F6A243F2374B208EB8","public" 68 | "hash_sha256","FA3A3351CD55089D40A7311E4BFAF15E4247416F78383D94AD58809467429B3E","public" 69 | "hash_sha256","FA7F2DDF91980D639A87465BD2A38EAA44D6079B11ACE3B2B3DFF03CAED66DE5","public" 70 | "hash_sha256","FBC67446DAAA0A0264ED7A252AB42413D6A43C2E5AB43437C2B3272DAEC85E81","public" 71 | "hash_sha256","FBCCC8952710A8A50655F4FE3A880C8373411B7EC40E54AABD7EAFF3F1D0137B","public" 72 | "hash_sha256","FCB8BF42D852526214578AB4B477B29F2412A7A931C6353DB4FA6C221661EDF4","public" 73 | "hash_sha256","FDAD627A21A95EA2A6136C264C6A6CC2F0910A24881118B6EABC2D6509DC8DD7","public" 74 | "hash_sha1","CE120E922ED4156DBD07DE8335C5A632974EC527","public" 75 | "url","http://64.52.80.211/1.php?s=boicn","public" 76 | "url","http://web3-authframe.top/st1?s=exodus_24","public" 77 | "url","http://web3-authframe.top/st1h?s=exodus_24","public" 78 | "hash_md5","0C03EFD969F6D9E6517C300F8FD92921","public" 79 | "hash_md5","1E210FCC47EDA459998C9A74C30F394E","public" 80 | "hash_md5","23CE22596F1C7D6DB171753C1D2612FE","public" 81 | "hash_md5","277ACB857F1587221FC752F19BE27187","public" 82 | "hash_md5","32DA6C4A44973A5847C4A969950FA4C4","public" 83 | "hash_md5","351260C2873645E314A889170C7A7750","public" 84 | "hash_md5","373EBF513D0838E1B8C3CE2028C3E673","public" 85 | "hash_md5","3E6CF927C0115F76CCF507D2F5913E02","public" 86 | "hash_md5","47765D12F259325AF8ACDA48B1CBAD48","public" 87 | "hash_md5","560024EFCA8E5730DC4DECF2E2C252DB","public" 88 | "hash_md5","5C3394E37C3D1208E499ABE56E4EC7EB","public" 89 | "hash_md5","5E17D1A077F86F7AE4895A312176EBA6","public" 90 | "hash_md5","6396908315D9147DE3DFF98AB1EE4CBE","public" 91 | "hash_md5","69F6DCDB3D87392F300E9052DE99D7CE","public" 92 | "hash_md5","6BD84DFB987F9C40098D12E3959994BC","public" 93 | "hash_md5","7140DBD0CA6EF09C74188A41389B0799","public" 94 | "hash_md5","729C24CC6A49FB635601EB88824AA276","public" 95 | "hash_md5","75FD9018433F5CBD2A4422D1F09B224E","public" 96 | "hash_md5","76E7CBAB1955FAA81BA0DDA824EBB31D","public" 97 | "hash_md5","778B6521DD2B07D7DB0EAEAAB9A2F86B","public" 98 | "hash_md5","7B26A25D7BF2BE6FDC2810BA5F519B4A","public" 99 | "hash_md5","7C527C6607CC1BFA55AC0203BF395939","public" 100 | "hash_md5","842F8064A81EB5FC8828580A08D9B044","public" 101 | "hash_md5","89052678DC147A01F3DB76FEBF8441E4","public" 102 | "hash_md5","8E960334C786280E962DB6475E0473AB","public" 103 | "hash_md5","97B19D9709ED3B849D7628E2C31CDFC4","public" 104 | "hash_md5","9871272AF8B06B484F0529C10350A910","public" 105 | "hash_md5","9B738D877E6590B40C2784BE10C215D7","public" 106 | "hash_md5","9D3337F0E95ECE531909E4C8D9F1CC55","public" 107 | "hash_md5","A3F4E422AECD0547692D172000E4B9B9","public" 108 | "hash_md5","B0844BB9A6B026569F9BAF26A40C36F3","public" 109 | "hash_md5","B57B13E9883BBEE7712E52616883D437","public" 110 | "hash_md5","BA40C097E9D06130F366B86DEB4A8124","public" 111 | "hash_md5","CDD4CFAC3FFE891EAC5FB913076C4C40","public" 112 | "hash_md5","D4B75A8318BEFDB1474328A92F0FC79D","public" 113 | "hash_md5","D8C6199B414BDF298B6A774E60515BA5","public" 114 | "hash_md5","DE26F488328EA0436199C5F728ECD82A","public" 115 | "hash_md5","E0F8D7EC2BE638FBF3DDF8077E775B2D","public" 116 | "hash_md5","EF8C77DC451F6C783D2C4DDB726DE111","public" 117 | "hash_md5","F8DF6CF748CC3CF7C05AB18E798B3E91","public" 118 | "hash_md5","FAA47ECBCC846BF182E4ECF3F190A9F4","public" 119 | "hash_md5","FE0438938EEF75E090A38D8B17687357","public" 120 | "domain","2024-tax-refund.info","public" 121 | "domain","akami-cdns.com","public" 122 | "domain","askforupdate.org","public" 123 | "domain","blackshelter.org","public" 124 | "domain","cdns-clfr-dns.com","public" 125 | "domain","claim.tax.refund.drtf5pe.us","public" 126 | "domain","claim.tax.refund.eljungle.me","public" 127 | "domain","claim.tax.refund.ema0jrm.us","public" 128 | "domain","claim.tax.refund.encengojos.live","public" 129 | "domain","claim32200-for2021-taxcredit.com","public" 130 | "domain","com-irs.xin","public" 131 | "domain","confirm-signal.site","public" 132 | "domain","deski.fastcloudcdn.com","public" 133 | "domain","federaltaxrebate-programs.click","public" 134 | "domain","form.e-refund.irs.gov.matheusmartins.website","public" 135 | "domain","gov-irs.net","public" 136 | "domain","group.kropyva.site","public" 137 | "domain","groups-signal.site","public" 138 | "domain","irs-claim-covid.com","public" 139 | "domain","irs-claim-federal.com","public" 140 | "domain","irs-claim-financial-profile.com","public" 141 | "domain","irs-claim-government.com","public" 142 | "domain","irs-claim-grant.com","public" 143 | "domain","irs-gov.space","public" 144 | "domain","irs-government.com","public" 145 | "domain","irs.gov.ownership-tax.com","public" 146 | "domain","irs.gov.reporting-tax.com","public" 147 | "domain","irs.gov.responsibilities-tax.com","public" 148 | "domain","irs.gov.tax-initial.com","public" 149 | "domain","irs.gov.tax-ownership.com","public" 150 | "domain","irs.gov.tax-private.com","public" 151 | "domain","irs.gov.tax-winnings.com","public" 152 | "domain","irsagencygov.com","public" 153 | "domain","irsclaim-kecv.mtzyxx.mobi","public" 154 | "domain","notionbox.org","public" 155 | "domain","payment-form-irs.com","public" 156 | "domain","payment.claim-irs-us.com","public" 157 | "domain","payment.irs.benefit.marypoesia.com","public" 158 | "domain","payment.irswebsecure.com","public" 159 | "domain","paymentax.top","public" 160 | "domain","query-dns-cdn.com","public" 161 | "domain","rednosehorse.com","public" 162 | "domain","s2notion.org","public" 163 | "domain","signal-device-off.online","public" 164 | "domain","signal-group.site","public" 165 | "domain","signal-group.tech","public" 166 | "domain","signal-groups-add.com","public" 167 | "domain","signal-groups.site","public" 168 | "domain","signal-groups.tech","public" 169 | "domain","signal-security.online","public" 170 | "domain","signal-security.site","public" 171 | "domain","signalgroup.site","public" 172 | "domain","signals-group.com","public" 173 | "domain","slowlysmiling.fastcloudcdn.com","public" 174 | "domain","tax-accounting-services-1801.click","public" 175 | "domain","tax-calculator-31430.bond","public" 176 | "domain","taxhelp-securelink.com","public" 177 | "domain","taxirs-gov.com","public" 178 | "domain","teneta.add-group.site","public" 179 | "domain","teneta.join-group.online","public" 180 | "domain","testdomain123123.shop","public" 181 | "domain","update.fjke5oe.com","public" 182 | "domain","www.b8pjmgd6.com","public" 183 | "domain","www.fjke5oe.com","public" 184 | "domain","www.ggrdl4.com","public" 185 | "domain","www.gm4rys.com","public" 186 | "domain","www.hbsanews.com","public" 187 | "domain","www.i5y3dl.com","public" 188 | "domain","www.zimbra.page","public" 189 | "domain","your-gov-tax.completissuc.club","public" 190 | "domain","your.irs.gov-addpayment.info","public" 191 | "domain","your.irs.gov-confirmaccess.info","public" 192 | -------------------------------------------------------------------------------- /IOC/OSINT-24Feb-IOC-List.csv: -------------------------------------------------------------------------------- 1 | "type","value","source" 2 | "hash_sha256","33EA72B46AF7BB2ECC0775F7536D3259F34BD7A13E298CAC66649EE694097C2E","public" 3 | "hash_sha256","7416F6B69B34B3A36A86E50808E1DC47F4DC665BFD6F394CEF65E0BA5EAF961B","public" 4 | "hash_sha256","DA8EF50FE5E571D0143A758C7C66BB55653F1F2D04F16464FC857226441D79B2","public" 5 | "hash_md5","351260C2873645E314A889170C7A7750","public" 6 | "hash_md5","8E960334C786280E962DB6475E0473AB","public" 7 | "hash_md5","FAA47ECBCC846BF182E4ECF3F190A9F4","public" 8 | "domain","cdns-clfr-dns.com","public" 9 | -------------------------------------------------------------------------------- /IOC/OSINT-31-March-2025.csv: -------------------------------------------------------------------------------- 1 | "type","value","source" 2 | "domain","abstracts.cngsby.cfd","public" 3 | "domain","admirable.brehmed.cfd","public" 4 | "domain","adventure.lantial.cfd","public" 5 | "domain","airconditionersontop.com","public" 6 | "domain","alignment.econd.cfd","public" 7 | "domain","artistry.cngsby.sbs","public" 8 | "domain","b8-crypt0x.com","public" 9 | "domain","blackangel.dev","public" 10 | "domain","breakfast.ffiftringg.sbs","public" 11 | "domain","clumsy-fir-mandible.glitch.me","public" 12 | "domain","coinsboostbonus.top","public" 13 | "domain","composure.pedancy.fun","public" 14 | "domain","constructive.lantial.us","public" 15 | "domain","dalopt.participates.cfd","public" 16 | "domain","discovered.secamondareeng.space","public" 17 | "domain","email.gov.in.gov-in.mywire.org","public" 18 | "domain","encrypthub.net","public" 19 | "domain","encrypthub.org","public" 20 | "domain","expedient.eithert.cfd","public" 21 | "domain","framework.chellor.cfd","public" 22 | "domain","framework.reorget.cfd","public" 23 | "domain","framework.retiont.space","public" 24 | "domain","fuckedserver.net","public" 25 | "domain","global-protect.us","public" 26 | "domain","hot-gays-quest.life","public" 27 | "domain","ht2jndn.web.app","public" 28 | "domain","ity.anoneth.fun","public" 29 | "domain","jeel.top","public" 30 | "domain","keenram.anariding.site","public" 31 | "domain","lakesandinnovations.com","public" 32 | "domain","landscape.chanism.sbs","public" 33 | "domain","landslide.postume.cfd","public" 34 | "domain","limitedavailability-show.com","public" 35 | "domain","livingscontinuations.com","public" 36 | "domain","mainframe.crellar.sbs","public" 37 | "domain","malwarehunterteam.net","public" 38 | "domain","methodical.reorgedt.fun","public" 39 | "domain","momentous.debayon.sbs","public" 40 | "domain","motorcyclesincyprus.com","public" 41 | "domain","myhot-cams.life","public" 42 | "domain","oldoak.spindexed.site","public" 43 | "domain","postindia.site","public" 44 | "domain","premiumservices.approviding.store","public" 45 | "domain","resonance.agained.cfd","public" 46 | "domain","romancezone.one","public" 47 | "domain","setting-raw-jushd.vercel.app","public" 48 | "domain","simulators-and-cars.com","public" 49 | "domain","slothingpressing.com","public" 50 | "domain","small-inches.com","public" 51 | "domain","strawberriesandmangos.com","public" 52 | "domain","streamingleaksnow.com","public" 53 | "domain","tavux.participates.cfd","public" 54 | "domain","topawardpicks.top","public" 55 | "domain","transmit.chanism.cfd","public" 56 | "domain","tremendous.mcgonal.cfd","public" 57 | "domain","tripplebanks.duckdns.org","public" 58 | "domain","workbench.cudwork.cfd","public" 59 | "domain","www.entryway.world","public" 60 | "domain","your-bigprofit.top","public" 61 | "domain","yourspacegain.top","public" 62 | "url","https://freeimagecdn.com","public" 63 | "url","https://github.com/Rekrutacja-JS/FizzBuzz","public" 64 | "url","https://litter.catbox.moe/eduway.ps1","public" 65 | "url","https://mia.nl.tab.digital/remote.php/dav/files","public" 66 | "url","https://mvnrepo.net","public" 67 | "url","https://my.powerfolder.com/webdav/utils/elzp.txt","public" 68 | "url","https://planachiever.au/admin-admin/Belejrers.fla","public" 69 | "url","https://planachiever.au/admin-admin/bPeMVYr142.bin","public" 70 | "url","https://raw.githubusercontent.com/coder9440/drop2/refs/heads/main/faktura_586507.pdf.lnk","public" 71 | "url","https://raw.githubusercontent.com/coder9540/weather_widget/refs/heads/main/SkyWatchWeather.exe","public" 72 | "hash_sha1","02065BBDB3209E0522DB3225600B8E79F8A10293","public" 73 | "hash_sha1","089439168D3C75B4DA94AB801F1C46AD6B9E1FDC","public" 74 | "hash_sha1","0B689C5677445729C609E284E91C7048A1D8BC11","public" 75 | "hash_sha1","0E282DC84D6CFD447FECE7D3ECC622523B143AA8","public" 76 | "hash_sha1","151DC47B213AAEC3751FFD1427737C65757AB410","public" 77 | "hash_sha1","1CC2D1F2A991C19B7E633A92B1629641C019CDEB","public" 78 | "hash_sha1","1F6D6C9F3841D0477D8B38A64935E0B58E57605F","public" 79 | "hash_sha1","207B7CF5DB59D70D4789CB91194C732BCD1CFB4B","public" 80 | "hash_sha1","23C4049121A9649682B3B901EAAC0CC52C308756","public" 81 | "hash_sha1","25A593B9517D6C325598EAB46833003C40F9491A","public" 82 | "hash_sha1","2B9B740FB5FE0549810500476F567002683DF71D","public" 83 | "hash_sha1","334A88E288AE18C6E3FD7FB2D1AD9548497D52CE","public" 84 | "hash_sha1","36ECC371E0EF7AE46F25C137AA0498DFD4FF70B3","public" 85 | "hash_sha1","3CAC6FF7CDDCB8F82409C79C85D976300FC60861","public" 86 | "hash_sha1","492CBE143F795888D8E5006AC595F65F4565ED6E","public" 87 | "hash_sha1","495A4B4757F3B1EEC7FDAA9D0B2930071565F2B1","public" 88 | "hash_sha1","49CD96DF4C85CDD7461701340C0BB4D05A5049D8","public" 89 | "hash_sha1","4AEEAE023766153A91B83D02B1B24DA20C0DD135","public" 90 | "hash_sha1","4DC0EBFA52ADF9B9EB4FA8F0A359C21A14E183FB","public" 91 | "hash_sha1","4DD22A08A5B103E1F2238AED7F7CE66C5A542533","public" 92 | "hash_sha1","4FA2B2AB3E24EE9D130CFEDA63C7AE1CCBC393DC","public" 93 | "hash_sha1","55EEAA904BC6518A2715CC77648E6C5187416A46","public" 94 | "hash_sha1","6461EC3154BEC2F4DAC27B84951AB28E1287D8C9","public" 95 | "hash_sha1","7AA028FD7350193BE167DC772A7EB486C9FA1C17","public" 96 | "hash_sha1","81622512757F897206A84B29EE866FB933FA3D48","public" 97 | "hash_sha1","8A3EA65147A156D381D8F1773E91EB8E0F6B1E40","public" 98 | "hash_sha1","8DE54CAD9D6316679580C91117B484ACB493AB72","public" 99 | "hash_sha1","9022F78087E1679035E09160D59D679DC3AC345D","public" 100 | "hash_sha1","9B7590C4313159810443EFCC6648837519B061D6","public" 101 | "hash_sha1","9DC3D272652851428F5CC44F2FD9458BFF1D6A78","public" 102 | "hash_sha1","A5C36B8022751CFEB4A88A21153847DF3870C7C0","public" 103 | "hash_sha1","A9BBEA73504139CE91A0EC20FEF303C68A131CD4","public" 104 | "hash_sha1","AD3DBEC2B621807FA9A2F1B2F575D7077E494626","public" 105 | "hash_sha1","B0BBE83895647A1EFE6843D1C619059B00F72CF3","public" 106 | "hash_sha1","BE52275B0C2086735DAC478DC4F09FD16031669A","public" 107 | "hash_sha1","C7C52FDAECF325DFAF6EDA14E0603579FEAED40A","public" 108 | "hash_sha1","C879A8EB6630B0CD7537B068F4E9AF2C9CA08A62","public" 109 | "hash_sha1","D102A34B3F0EFB57F1D9F04EFF26B256875A3AA1","public" 110 | "hash_sha1","D25EAE2DE64BB604987DB27085D60F3DDF7CA473","public" 111 | "hash_sha1","D67DC8C4232A3943A66608D62874923E9A3FB628","public" 112 | "hash_sha1","F31920D636224356E8C7A182C2B9B37E42A09181","public" 113 | "hash_sha1","FE9CA39A8C3261A4A81D3DA55C02EF3EE2B8863F","public" 114 | "hash_sha1","FF6D99505C87876B613D511D8734A9379B826E1A","public" 115 | "hash_sha1","FF7B2C3938306261881C42E78D0DF51D9BCDD574","public" 116 | "hash_sha256","015F0FDF24A19B98447FAB5FA16ABF929C1CF9BE33E9455CE788909DD5A8DBFE","public" 117 | "hash_sha256","045A1CBCC99C53C092BB61D43B89A6F7308FD01D9CEAEB9A72BBF81669DCBEF8","public" 118 | "hash_sha256","04A43023637CFDEE72E1FDBF7DD38AC442BDF2779D0450E20966F68119FA5A6A","public" 119 | "hash_sha256","079B7F03C727DE92C3FCB7D3B9B9FEA6D1E9FFDCD60DC9A360AF90CE7B4B5CC6","public" 120 | "hash_sha256","0943B0F328282504C2661CD56E4BD83E3B3E5A4CCE89E2E5523F83A2D535A07E","public" 121 | "hash_sha256","0AC748BAAAD6017E331A8D99AAE9E5449A96BA76FB7374F5D8C678AE52B7DB9F","public" 122 | "hash_sha256","105303AE231B9E2FEE43C82AFAC59249593155BBF7BFDC51EDA49CB50351857F","public" 123 | "hash_sha256","17A916728F5BFA2AF55565E0E73A04CBC52F4D872FB41E1A4CEDCC43C5A7A7D3","public" 124 | "hash_sha256","1A0103EB4BA83B978D6F006225D6B7B80C5B21948715C0D78D3643A306D4D2E0","public" 125 | "hash_sha256","1B3309C7A4C3940EFF1E1AB1905641B23EA743C4F11D82107CE36FA1EC2299E9","public" 126 | "hash_sha256","1BCE694F9F811982EB01D381A69CDD56C3FA81D113E41B5ACB902EC66EC942B1","public" 127 | "hash_sha256","1DB9C8C816D6D5871C463DA46C91864D780D933363B425983206B76C9DF09E08","public" 128 | "hash_sha256","20DA5E4736A91EB6AA55892D1497C724FB16767DA43CCF3227DB5C9647BB0793","public" 129 | "hash_sha256","287A5F95458301C632D6AA02DE26D7FD9B63C6661AF331DFF1E9B2264D150D23","public" 130 | "hash_sha256","2A5F9198F1E563688A2081B746BDAF48D897EC0AE96DFAFC15CD5CD52C25E8F2","public" 131 | "hash_sha256","2AEB9AECA5739EA1CB5A30D284D65E36FE18F47DB9E5E504063D982B9C3BC3E9","public" 132 | "hash_sha256","2B4BC80AF0A0AFAC04DA73E7DA2779D3AB3ED8C460D2FB22D4034E1B2469F879","public" 133 | "hash_sha256","3009E864D40D67F803481FD7F4F8A38F46EB5DBF0C9A0B6922C11C2121EC50C6","public" 134 | "hash_sha256","33BC5FA9798219BA6D4E31F91EC23982596C409E0FD73E2C0C33C70538B7EC83","public" 135 | "hash_sha256","3761060C509B9444BDD3D0E65D7F68E39FF5C52FA87FDC59DB02C1553E21E403","public" 136 | "hash_sha256","405D1DCDBBA56BCE99A308734C39AC8CA62FFB55DBD69565293A79B468E4DAD1","public" 137 | "hash_sha256","413DEA8EA8CB09CD3AC49531A8E0A13F767C09F78FB77856F4668377532A64EF","public" 138 | "hash_sha256","43EAB8488DCE80C1086AAFDF4594B1A438347E32275ABEAA8B2BB14475FB3F98","public" 139 | "hash_sha256","47DC344E945A0170C1F69CAF1CF5D63BCA22239E17F7DF1A01E6235484FA0593","public" 140 | "hash_sha256","47E4142FA6AB10A2D7DC0423D41F9BDBB3CED0F4FAE5C58B673386D11DD8C973","public" 141 | "hash_sha256","49A552D3ADBCAD9F5AC70151B48A4EDC2AE1D4094A1EA9D944785CEE8B4319D7","public" 142 | "hash_sha256","4A75B84C305F8E8FA98641E5A57F35CB3A51887A89D1291620359C2B60882F6A","public" 143 | "hash_sha256","4AB440989C4130B4BDC183C8B2C878F0E1931DC38BBEA5B8531C876202865B3E","public" 144 | "hash_sha256","4E6F35AB5EB9242335BEE01D6DF9B50F665043F9930A630DF7E170B904F52A24","public" 145 | "hash_sha256","5357279BAD530C3AF89713AAF6BEFE19A22E438F22952AED46097590130551FA","public" 146 | "hash_sha256","5538B88EB2EFFA211A9C324B001E02802B7CCD0008B3AF9284E32AB105DC9E6F","public" 147 | "hash_sha256","5752EFA219C7E42CB104917F38C146E1F747D14230BE0E64A5E87C20E82075BB","public" 148 | "hash_sha256","57BA0A5BE8B2DFA2A7DA564F1C50FD277212743E33E392AF924DA6EEB997E5DB","public" 149 | "hash_sha256","590512BF29E2A4A006F8CC76A931F14778F599FA14C9F0A935A16D7394E08422","public" 150 | "hash_sha256","5CC0D46909BD6733DD331E2DFCEF5EF9B9A9EFB709B104C1C9A9D49026715065","public" 151 | "hash_sha256","5FCD2E12723081F512FA438301690FB310610F4DE3C191C7C732D56ECE7F0499","public" 152 | "hash_sha256","60F5D8EADABA230B95339011DAF4800F81E35AC721BF908F68ED8191388ADDCB","public" 153 | "hash_sha256","677601F72181C53541F850248DD0904153EA62458489D7AA782149B93399EBD8","public" 154 | "hash_sha256","691087EC9B50022D3E23695C0B41E2927CB4C4825A1F5FD7E2F21AE3465E8973","public" 155 | "hash_sha256","6B99530953010DD8061A3A328C04C30653BBA26439DD30A752262582B0D02933","public" 156 | "hash_sha256","6CA1F674E54A2D2F12C387403CBA885037EDE153E16EC4F6E1DDD216BA897215","public" 157 | "hash_sha256","6DF96984D5BA709282B6C92287262BD81F980811B58B0C03B9B421BA1E580C6B","public" 158 | "hash_sha256","6EA8D7B27D2A6C0E08886F55EF810D66788D973739218270AE38C126A71ED530","public" 159 | "hash_sha256","6F07D75356B3698B885FF6070C338A7D96B9F761AB6350B385288842006DFF24","public" 160 | "hash_sha256","70FAFD3FEFCA2FD4A061D34E781136F93A47D856987832041D3C703658D60FC1","public" 161 | "hash_sha256","725DF91A9DB2E077203D78B8BEF95B8CF093E7D0EE2E7A4F55A30FE200C3BF8F","public" 162 | "hash_sha256","75B0971A19E9C80EFD47B6197DCE666955E1FB0A05C152D1FE37C7E511A01DB1","public" 163 | "hash_sha256","761690343F0577DF22E7130A5EFDF54EA246214395CBC94AC91AE91AAB78A76C","public" 164 | "hash_sha256","7D9B41D7600C79B79E01F4E5100673BB134D5B4EA84ED8FCC9A2BE6CCC1DF4F7","public" 165 | "hash_sha256","7F8BD2D63BB95D61FCBDB22827C3A3E46655F556DA769D3880C62865E6FDE820","public" 166 | "hash_sha256","82B649AE0A4CFE37C2A32EC2010BF7EF0E3236B540F85C8FBF15657D48D30D84","public" 167 | "hash_sha256","86E4115111E88BBAF09FE73CFC8255A4AAC64F7FFED4A3229BBC8D626566F0C8","public" 168 | "hash_sha256","8833F2A6E84C91E31AE65E5AB269B362F7D4C2A2AF63D760FE5B6452B9ECBA96","public" 169 | "hash_sha256","8941B1F6D8B6ED0DBC5E61421ABAD3F1634D01DB72DF4B38393877BD111F3552","public" 170 | "hash_sha256","8E565BA45C7624E8BC5DD92C1D0D3710F6A2B21D6C94742BB51FEC07B4843EBD","public" 171 | "hash_sha256","90B7B711F56F00A1FA08A7A29F2CD8602B8AA1A0D78986DBFC9F64E38AC6CECD","public" 172 | "hash_sha256","94EE2227696DA3049FF67592834B4B6F98186F91E6D1CD1EEEC44F24B9DF754B","public" 173 | "hash_sha256","95768BC40BB040D0C07C23F566CC20DF0651FC14714E617B3F4B7ED3C6B7E5DD","public" 174 | "hash_sha256","9637506691705B2FFA90FF6B46FB71F11125DFFABB19F3E89FD1BFB1F4CAA223","public" 175 | "hash_sha256","969C7EE8709A519C4A4878B230D4BA7F81FB9563320B5983F8F1F95D4D215ECE","public" 176 | "hash_sha256","97A766DB470C44347B65A0BC282582F96A47D96ED8D7946F4DA33775D384033A","public" 177 | "hash_sha256","983506186590F7118CB507D29F12F163AFB536A03E6D0F4FB441DF8AFE49EDE1","public" 178 | "hash_sha256","9854322760307C04AACD78F136E4D1496950811EE2F24978915D7CD322ECB36C","public" 179 | "hash_sha256","9B830C2979CBCE45573AA21D765ADDA76F52DB254155AE49648EF5050CEAF774","public" 180 | "hash_sha256","9D2AAA8672D583AF4C03C23127D6CAC509799A49FF9293ED63628D5B710B7528","public" 181 | "hash_sha256","9E9CA325F44EEFF4087BB67052536BA565DA18E70E5B29C79ED77C14C5548131","public" 182 | "hash_sha256","A04365C2804ED63EA0CADBA4FA4FFC2E0541A09059ABC0E046EE57EF1645AB64","public" 183 | "hash_sha256","AD95786B2402C6A2CC36A513937A10503AFF74E180EA1213CBFE40CA820D3B13","public" 184 | "hash_sha256","AF4D26B987093BE6B442E655FFDAFA8E1542E80F6A47A6895AA523F2F180025C","public" 185 | "hash_sha256","B1B3D27DEB35DD8C8FED75E878ADAE3F262475C8E8951D59E5DF091562C2779B","public" 186 | "hash_sha256","B1FA0DED2F0CC42A70B7A0C051F772CD6DB76B15D50EC119307027E670998728","public" 187 | "hash_sha256","B29E630B9C70B0DAABA4F83489494444C04C7A470B9C24EB4DDFFB6CD7CF05FF","public" 188 | "hash_sha256","B3ED3F2BC5334E54CA8D6020D37DA0764F123FA5717638229422BD95A028097B","public" 189 | "hash_sha256","B7B72D141ED56C8E5A924DFA959771548883B88E84646150447F85EB97F88E62","public" 190 | "hash_sha256","B9EA588642EA77D39CCAFAB329C2F10718F2C7771E2EE77A0C6DEDA285A48DE8","public" 191 | "hash_sha256","BA195A227FB76E8820D6DB36CD00C89095B88FAF01471FCDD9C0C7DE61A63A5D","public" 192 | "hash_sha256","BADB915188B5292CB1A22624AA386AB0AD8279D5BD2678926123560ECFFE0E0C","public" 193 | "hash_sha256","BB563180196989DCEE91417AA56D6F1BFC9320B2427536C200DFFCD784774906","public" 194 | "hash_sha256","BC1B750338BC3013517E5792DA59FBA0D9AA3965A9F65C2BE7A584E9A70C5D91","public" 195 | "hash_sha256","C13FB67BEEC7F1737234483AD8D333FF77DFCE804EC5C945B45FED448F272074","public" 196 | "hash_sha256","C930ECA887FDF45AEF9553C258A403374C51B9C92C481C452ECF1A4E586D79D9","public" 197 | "hash_sha256","CA22E7B954277659A308EF321A67516689A24C51AEA7AC3C5F2D76A583B11530","public" 198 | "hash_sha256","CBB84155467087C4DA2EC411463E4AF379582BB742CE7009156756482868859C","public" 199 | "hash_sha256","CBF74574278A22F1C38CA922F91548596630FC67BB234834D52557371B9ABF5D","public" 200 | "hash_sha256","CD301BDC07518027567A5ED242AE2075F9F0BDF73315E99D4D949280F151FEFE","public" 201 | "hash_sha256","CEDF4589428AE05D3D2DCA1D1BD7FA28F6CAFE54A077A6090F873053E04FD5CE","public" 202 | "hash_sha256","CFAFC9B2D6CBC65769074BAB296C5FBACC676D298F7391A3FF787307EB1CBCE0","public" 203 | "hash_sha256","CFF9C5A87B3FB5961DDF59DFA0558C5B63503F89905E2A81CCD405E333408E72","public" 204 | "hash_sha256","D150D8D8BFA651C0E08A10323ECB0BCCF346A35BD1BAD19F89A5338ACD8A88B3","public" 205 | "hash_sha256","DB3FE436F4EEB9C20DC206AF3DFDFF8454460AD80EF4BAB03291528E3E0754AD","public" 206 | "hash_sha256","E71E6B81C46AAB4760840369E3FFE6AC80A9E6A2E62FC7E563265ED37EFD695A","public" 207 | "hash_sha256","E77423214CFC184F3B41BDD539024D466BD5A94C91CFAA65D4E831410A8A8F94","public" 208 | "hash_sha256","EE07759184ECAF4E0EF0A2981DCCFC5B6C4DA43A14A7BEB002AE06C95A145DCC","public" 209 | "hash_sha256","EF8C99B57FF01D2267C6D946347F450BD4B92CEA56FBD0BB36F0BC9DE985FF83","public" 210 | "hash_sha256","F381A3877028F29EC7865B505B5C85CE77D4947D387D3F30071159FA991F009A","public" 211 | "hash_sha256","F3988F4C889E6AE79B7EBDE97A677E2ABFC89C53FFC800A8954B713D317232D3","public" 212 | "hash_sha256","F4B5BF7A2501C26E1F7306AD78F7C6FB2637FDE652AA303A3A51C53C98ED3C10","public" 213 | "hash_sha256","F5C97F23543E904944120EF738F300049EAE85C3B0BF8B86B346572F7BC6DEC1","public" 214 | "hash_sha256","F8A607E3214F4C98E7BFF5F3822D0B0FFFA0B9035D8E17ACAC3D51F862C80C5D","public" 215 | "hash_md5","0477406F83847D43A3B668CC1E75185F","public" 216 | "hash_md5","09735D305B7D6F071173FE3B62B46D9E","public" 217 | "hash_md5","1CE8509EABE2A293376D9B70044922FD","public" 218 | "hash_md5","27927A73B8273DC796DDFC309EC8ECAF","public" 219 | "hash_md5","4154C3553656E94575AEB7183969BFA0","public" 220 | "hash_md5","5F2C5F7620B74D183E206817B723B555","public" 221 | "hash_md5","6495356AFD05DBF8661AF13EF72AB887","public" 222 | "hash_md5","8D56AC580C06BAAC327613202FDBF5EB","public" 223 | "hash_md5","9C14DF330DEA5DFAAB7A4303A3296779","public" 224 | "hash_md5","9F7B1AFCE9C8C7D9282C5E791C69E369","public" 225 | "hash_md5","A501B4C09476B8F5AB505C6578BF9F9E","public" 226 | "hash_md5","A806DF529A111FB453175ECDCB230D96","public" 227 | "hash_md5","AB2D6846430B8EA18FC08CB7804FCE99","public" 228 | "hash_md5","ADD1BFB2D4B4AD083DCEE40D61A12780","public" 229 | "hash_md5","BC469BCDB585D8E6576FC664A6404A82","public" 230 | "hash_md5","C41957F965F8C38B6CEDF44B62B09298","public" 231 | "hash_md5","CA1B05B97E934511A76A744B53B8EB92","public" 232 | "hash_md5","D00C86EA42958F919C702A9A416A24CE","public" 233 | "hash_md5","E58E5AFA9A94BA474E465DBF919D2C51","public" 234 | "hash_md5","F19542732C33F1B908365DF02A86105C","public" 235 | "hash_md5","FD3FD2F6CDE9E38E92433C152892C03D","public" 236 | "hash_md5","FDE874E8D442E3F0469B3D2F86A45739","public" 237 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | BSD 3-Clause License 2 | 3 | Copyright (c) 2024, SubashGhimire 4 | 5 | Redistribution and use in source and binary forms, with or without 6 | modification, are permitted provided that the following conditions are met: 7 | 8 | 1. Redistributions of source code must retain the above copyright notice, this 9 | list of conditions and the following disclaimer. 10 | 11 | 2. Redistributions in binary form must reproduce the above copyright notice, 12 | this list of conditions and the following disclaimer in the documentation 13 | and/or other materials provided with the distribution. 14 | 15 | 3. Neither the name of the copyright holder nor the names of its 16 | contributors may be used to endorse or promote products derived from 17 | this software without specific prior written permission. 18 | 19 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 20 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 22 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 23 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 25 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 26 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 27 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Hunting-Queries-and-Detection-Rule-Microsoft-Sentinel-Defender 2 | KQL Sentinel and Defender Detection and HUnting Queires 3 | 4 | This repository is designed to share easy-to-understand KQL queries that anyone can use to enhance detection coverage using Microsoft Security product logs. While not all suspicious activities trigger alerts by default, many can be detected through logs. The queries provided here include Detection Rules, Hunting Queries and are free for anyone to use. If you have any questions, feel free to reach out to me on LinkedIn. www.linkedin.com/in/subash-ghimire-004a1711b 5 | 6 | Please note that claiming this material as your own is illegal and prohibited. When sharing or using the content, a reference to the GitHub repository is appreciated 7 | -------------------------------------------------------------------------------- /Reports/After-Hours-Incidents-Weekdays.md: -------------------------------------------------------------------------------- 1 | #### This query gives you lists of security incidents that are coming after hours meaning after workimh hours like 8-5. 2 | #### Set your Date and Time in the query according to your requirement. Please note that the time zone may affect the created time depending on which timezone your Sentinel or defender tenant is setup. 3 | #### Query: 4 | ```KQL 5 | SecurityIncident 6 | |where hourofday(CreatedTime) >= 21 or hourofday(CreatedTime) < 12 // Filter incidents happening after 5:00 PM or before 9:00 AM 7 | ``` 8 | -------------------------------------------------------------------------------- /Reports/Query to generate incident report for last 14 days.md: -------------------------------------------------------------------------------- 1 | #### Gives you Incident Report of 2 weeks with severity level "High" 2 | #### Query 3 | ```KQL 4 | SecurityIncident 5 | | where TimeGenerated >= ago(14d) 6 | | extend AssignedTo = tostring(parse_json(Owner)['assignedTo']) // Adjust if extraction is needed 7 | | project IncidentNumber, Title, Description, Severity, Status, TimeGenerated, ClosedTime, Classification, ClassificationReason, ClassificationComment, AdditionalData, RelatedAnalyticRuleIds, AssignedTo 8 | | order by TimeGenerated desc 9 | HighSeverityCount = 10 | CALCULATE( 11 | COUNTROWS(Query1), 12 | Severity[SeverityLevel] = "High" 13 | ``` 14 | -------------------------------------------------------------------------------- /Reports/Top 10 Security Incidents.md: -------------------------------------------------------------------------------- 1 | #### This query lists out top 10 security incidents. You can specify the time and date range on the query itself or on the Sentinel/Defender to list out the TOP 10 Security Incident. 2 | #### Query 3 | ```KQL 4 | SecurityIncident 5 | | summarize ["Number of Incidents"] = count(), ["Incidents List"]= make_list(IncidentNumber) by Title, Severity 6 | | top 10 by ['Number of Incidents'] desc 7 | | project-reorder ['Number of Incidents'], Severity, Title 8 | ``` 9 | -------------------------------------------------------------------------------- /Sentinel/AD user enabled and password not set within 48 hours(Severity: Low).md: -------------------------------------------------------------------------------- 1 | #### Identifies when an account is enabled with a default password and the password is not set by the user within 48 hours. 2 | ## Mitre Att&ck (Persistence) 3 | ### T1098: Account Manipulation 4 | #### This Detection rule is mostly for the organization that has Windows server 2012 or below as Domain Controller cause you can enable blank password option while creating any user account. 5 | #### Query: 6 | ```KQL 7 | // Get events where users are enabled 8 | let userEnabledEvents = IdentityDirectoryEvents 9 | | where ActionType == "Account enabled" 10 | | project EnabledTime = TimeGenerated, AccountUpn, AccountSid; 11 | // Get events where passwords are set 12 | let passwordSetEvents = IdentityDirectoryEvents 13 | | where ActionType == "Account Password changed" 14 | | project PasswordSetTime = TimeGenerated, AccountUpn, AccountSid; 15 | // Join enabled events with password set events 16 | let enabledWithoutPasswordSet = userEnabledEvents 17 | | join kind=leftouter (passwordSetEvents) on AccountSid 18 | | extend TimeDifference = datetime_diff("hour", PasswordSetTime, EnabledTime) 19 | | where isnull(PasswordSetTime) or TimeDifference > 48 20 | | project AccountUpn, EnabledTime, PasswordSetTime, TimeDifference 21 | | order by EnabledTime desc; 22 | enabledWithoutPasswordSet 23 | ``` 24 | -------------------------------------------------------------------------------- /Sentinel/Account Created and Deleted in short Timeframe(Severity: High).md: -------------------------------------------------------------------------------- 1 | #### Look for accounts created and then deleted in under 24 hours. Attackers may create an account for their use, and then remove the account when no longer needed. 2 | ## MITRE ATT&CK 3 | ### Initial Access 4 | ### T1078-Valid Accounts 5 | 6 | #### Query: 7 | ```KQL 8 | let AccountCreationEvents = 9 | IdentityDirectoryEvents 10 | | where ActionType == "User Account Created" 11 | | project AccountName, CreationTime = TimeGenerated; 12 | let AccountDeletionEvents = 13 | IdentityDirectoryEvents 14 | | where ActionType == " Account deleted" 15 | | project AccountName, DeletionTime = TimeGenerated; 16 | AccountCreationEvents 17 | | join kind=inner (AccountDeletionEvents) on AccountName 18 | | extend TimeDifference = DeletionTime-CreationTime 19 | | where TimeDifference <= 1d 20 | | project AccountName, CreationTime, DeletionTime 21 | | order by CreationTime desc 22 | ``` 23 | 24 | -------------------------------------------------------------------------------- /Sentinel/Account Password Not Required (Severity: High).md: -------------------------------------------------------------------------------- 1 | #### This query identifies if any user is created by enabling Account Password Not Required changed. 2 | #### Which means if this is enabled i.e if it is changed form False to True that user does not have to enter the password for authentication. 3 | ## Mitre Att&ck (Persistence) 4 | ### T1098- Account Manipulation 5 | 6 | #### Query: 7 | ```KQL 8 | IdentityDirectoryEvents 9 | | where ActionType == "Account Password Not Required changed" 10 | | extend PreviousState = tostring(parse_json(AdditionalFields)['FROM Account Password Not Required']) 11 | | extend CurrentState = tostring(parse_json(AdditionalFields)['TO Account Password Not Required']) 12 | | extend Actor = tostring(AdditionalFields.["ACTOR.ACCOUNT"]) 13 | | where PreviousState == "False" and CurrentState == "True" 14 | | project TimeGenerated, AccountName, TargetAccountUpn, Actor, PreviousState, CurrentState, AdditionalFields 15 | | order by TimeGenerated desc 16 | ``` 17 | -------------------------------------------------------------------------------- /Sentinel/Account created or deleted by non-approved user(Severity: Medium).md: -------------------------------------------------------------------------------- 1 | #### This query identifies accounts that were created or deleted by users other than the defined list of approved user principal names using the IdentityDirectoryEvents. 2 | ## MITRE ATT&CK (Initial Access) 3 | ### T1078-Valid Account 4 | #### Query: 5 | ```KQL 6 | let approvedUsers = dynamic(["User1", "User2", "User3"]); // Specify the list of users that are allowed to create and delete the user account 7 | IdentityDirectoryEvents 8 | | where ActionType in ("User Account Created", "Device Account Created", "Account Deleted Changed", "Account Deleted") 9 | | where not(AccountUpn in (approvedUsers)) 10 | | project TimeGenerated, AccountUpn, TargetAccountUpn, ActionType, Application, AccountDomain, AccountName, Device 11 | ``` 12 | -------------------------------------------------------------------------------- /Sentinel/Attempts to sign in to disabled accounts (Severity: Medium).md: -------------------------------------------------------------------------------- 1 | #### Identifies failed attempts to sign in to disabled accounts in Active Directory 2 | ## MITRE ATT&CK (Initial Access) 3 | ### T1078- Valid Accounts 4 | #### Query: 5 | ```KQL 6 | IdentityLogonEvents 7 | | where FailureReason == "AccountDisabled" and LogonType == "Failed logon" 8 | | summarize FailedAttempts = count() by AccountName, AccountUpn, Application, IPAddress, DeviceName, DestinationDeviceName, DestinationIPAddress, DestinationPort, Protocol, bin(TimeGenerated, 1h) 9 | | where FailedAttempts >= 5 10 | | project AccountName, FailedAttempts, TimeGenerated, Application, IPAddress, DeviceName, DestinationDeviceName, DestinationIPAddress, DestinationPort, Protocol 11 | | sort by TimeGenerated desc 12 | ``` 13 | -------------------------------------------------------------------------------- /Sentinel/Excessive-Login-Failure-Detection-Rule(LOW Severity).md: -------------------------------------------------------------------------------- 1 | #### Detection Query for mostly Domain Activity and User activity. 2 | #### This Detection Rule identifies user accounts which has over 5 Windows logon failures with wrong password over the previous 10 mins. 3 | 4 | ## Mitre ATT&CK (Credential Access) 5 | ### T1110 - Brute Force 6 | 7 | #### Query: 8 | ```KQL 9 | // Define the threshold for excessive logon failures 10 | let failureThreshold = 5; 11 | // Get logon failure events in the any days specified 12 | IdentityLogonEvents 13 | | where TimeGenerated >= ago(5m) 14 | | where ActionType == "LogonFailed" 15 | | where FailureReason == "WrongPassword" 16 | | summarize FailureCount = count() 17 | by 18 | AccountName, 19 | Application, 20 | AccountDomain, 21 | AccountUpn, 22 | FailureReason, 23 | AccountDisplayName, 24 | IPAddress, DeviceName, DestinationDeviceName, DestinationIPAddress 25 | | where FailureCount >= failureThreshold 26 | | order by FailureCount desc 27 | ``` 28 | -------------------------------------------------------------------------------- /Sentinel/Multiple authentication failures followed by a success(Severity: Low).md: -------------------------------------------------------------------------------- 1 | #### Identifies accounts who have failed to logon to the domain multiple times in a row, followed by a successful authentication within a short time frame. Multiple failed attempts followed by a success can be an indication of a brute force attempt or possible mis-configuration of a service account within an environment. 2 | #### The lookback is set to 2h and the authentication window and threshold are set to 1h and 5, meaning we need to see a minimum of 5 failures followed by a success for an account within 1 hour to surface an alert. 3 | 4 | ## Mitre Att&Ck (Credential Access) 5 | ### T1110 - Brute Force 6 | 7 | #### Query: 8 | ```KQL 9 | // Parameters 10 | let lookbackPeriod = 2h; 11 | let authenticationWindow = 1h; 12 | let failureThreshold = 5; 13 | // Filter logon events within the lookback period 14 | let logonEvents = IdentityLogonEvents 15 | | where TimeGenerated >= ago(lookbackPeriod) 16 | | project 17 | TimeGenerated,AccountUpn, AccountSid, AccountName, IPAddress, DeviceName, Logonstatus = iff(ActionType == "LogonSuccess", "LogonSuccess", "LogonFailed"); 18 | // Identify failure sequences 19 | let failureSequences = logonEvents 20 | | where Logonstatus == "LogonFailed" 21 | | summarize 22 | FailureCount = count(), 23 | StartTime = min(TimeGenerated), 24 | EndTime = max(TimeGenerated) 25 | by AccountUpn, AccountSid, bin(TimeGenerated, authenticationWindow) 26 | | where FailureCount >= failureThreshold; 27 | // Identify success events 28 | let successEvents = logonEvents 29 | | where Logonstatus == "LogonSuccess"; 30 | // Join failure sequences with success events within the same time window 31 | failureSequences 32 | | join kind=inner ( 33 | successEvents 34 | | project SuccessTime = TimeGenerated, AccountUpn, AccountSid, AccountName, IPAddress, DeviceName 35 | ) 36 | on AccountUpn, AccountSid 37 | | extend endAuthenticationWindow = StartTime + authenticationWindow 38 | | where SuccessTime between (StartTime .. endAuthenticationWindow) 39 | | project AccountUpn, AccountSid, FailureCount, StartTime, EndTime, SuccessTime, AccountName, IPAddress, DeviceName 40 | | order by SuccessTime desc 41 | ``` 42 | -------------------------------------------------------------------------------- /Sentinel/Permission Change in Azure.md: -------------------------------------------------------------------------------- 1 | ### This KQL can be used to detect any Role Changes made to the Azure Tenants accounts. 2 | ## Changes like 3 | #### "Add member to role" 4 | #### "Remove member from role" 5 | #### "Add eligible member to role" 6 | #### "Remove eligible member from role" 7 | #### "Update role membership" 8 | #### "Update user" 9 | #### "Add member to group" 10 | #### "Remove member from group" 11 | 12 | #### Query: 13 | ```KQL 14 | AuditLogs 15 | | where OperationName in ( 16 | "Add member to role", 17 | "Remove member from role", 18 | "Add eligible member to role", 19 | "Remove eligible member from role", 20 | "Update role membership", 21 | "Update user", 22 | "Add member to group", 23 | "Remove member from group" 24 | ) 25 | | where Category contains "RoleManagement" 26 | | where Result == "success" 27 | | extend TargetUser = tostring(TargetResources[0].userPrincipalName) 28 | | project TimeGenerated, OperationName, InitiatedBy = tostring(InitiatedBy.user.userPrincipalName), TargetUser, TargetResources, AdditionalDetails, Category 29 | | order by TimeGenerated desc 30 | ``` 31 | -------------------------------------------------------------------------------- /Sentinel/User added to privilege group (Severity: High).md: -------------------------------------------------------------------------------- 1 | #### This query identifies if any users are added to any privilege group that you want to keep an eye on. This query will help identify any user who is not suppose to be added on the list of privillege group. 2 | ## Mitre Att&ck (Persistence) 3 | ### T1098- Account Manipulation 4 | #### Query: 5 | ```KQL 6 | IdentityDirectoryEvents 7 | | where ActionType == "Group Membership changed" 8 | | extend ToGroup = tostring(AdditionalFields.["TO.GROUP"]) 9 | | extend FromGroup = tostring(AdditionalFields.["FROM.GROUP"]) 10 | | where ToGroup in ('Security-Group', 'IT-Admin-Group') // Specify the privilege group that you want to monitor 11 | | project TimeGenerated, Actor=AccountName, UserAdded=TargetAccountUpn, ToGroup, FromGroup 12 | ``` 13 | --------------------------------------------------------------------------------