├── AZORult └── azorult.urls ├── Bisonal ├── bisonal.pcre └── bisonal.urls ├── Emotet ├── emotet.pcre ├── emotet.urls ├── emotet_deob_07MAR23.sh └── emotet_deob_08MAR23.py ├── Evrial ├── evrial.pcre └── evrial.urls ├── FakeUpdates ├── fakeupdates.pcre └── fakeupdates.urls ├── FormBook ├── formbook.pcre └── formbook.urls ├── GodzillaLoader ├── godzillaloader.pcre └── godzillaloader.urls ├── GodzillaShell ├── Godzilla_Shell_Data.csv └── webshell_godzilla.yar ├── Gootkit └── gootkit.pcre ├── Hancitor ├── hancitor.pcre ├── hancitor.urls └── troj_win_hancitor.yar ├── Kimsuky └── kimsuky.suri ├── Lazarus ├── lazarus.pcre ├── lazarus.urls └── troj_win_lazarus.yar ├── LummaStealer └── lummastealer.urls ├── MagEK ├── magek.pcre └── magek.urls ├── Misc ├── TDS_Pro_Redirects_02FEB2023-24MAR2024.csv ├── apt_win_carbanak_downlaoder.yar ├── apt_win_ismagent.yar ├── apt_win_turla_comratv4.yar ├── blackbasta_domain_by_email.txt ├── blackbasta_domain_by_name.txt ├── exploit_any_poppopret.yar ├── exploit_win_dde.yar ├── informational_win_protectedole.yar ├── loader_win_unknown001.yar ├── packer_win_spoonvm.yar ├── packer_win_tiggre.yar ├── ransom_win_antefrigus.yar ├── ransom_win_egregor_a.yar ├── ransom_win_lyposit.yar ├── troj_apk_gravityrat_a.yar ├── troj_apk_vamp_a.yar ├── troj_elf_cetus_a.yar ├── troj_osx_evilquest.yar ├── troj_win_auguststealer.yar ├── troj_win_bitrat.yar ├── troj_win_blackstar.yar ├── troj_win_cobaltstrike.yar ├── troj_win_cobaltstrike_beacon_maze.yar ├── troj_win_headertip.yar ├── troj_win_keymarble.yar ├── troj_win_m00nd3v.yar ├── troj_win_macrosafe.yar ├── troj_win_mbrkiller.yar ├── troj_win_mehcrypter.yar ├── troj_win_mnubot.yar ├── troj_win_oldgremlin.yar ├── troj_win_pennywise_stealer.yar ├── troj_win_powerstager.yar ├── troj_win_purplefox.yar ├── troj_win_redsigdav.yar ├── troj_win_threadkit.yar ├── troj_win_vbkryjetor.yar ├── troj_win_warzonerat.yar └── troj_win_xaler.yar ├── Negasteal ├── negasteal.pcre ├── negasteal.urls └── troj_win_negasteal.yar ├── OriginLogger └── troj_win_originlogger.yar ├── Phishing ├── phishing.pcre ├── phishing.suri └── phishing.urls ├── PlugX ├── plugx.pcre ├── plugx.suri ├── plugx.urls └── troj_win_plugx_loader_go.yar ├── Qakbot ├── qakbot.pcre └── qakbot.urls ├── README.md ├── RigEK ├── rigek.pcre └── rigek.urls ├── Sality ├── sality.pcre └── sality.urls ├── Shlayer ├── shlayer.pcre └── shlayer.urls ├── SlothfulMedia ├── slothfulmedia.pcre └── slothfulmedia.urls ├── TeamViewer ├── teamviewer.pcre └── teamviewer.urls ├── Trickbot ├── trickbot.pcre └── trickbot.urls └── Ursnif ├── ursnif.pcre └── ursnif.urls /AZORult/azorult.urls: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/AZORult/azorult.urls -------------------------------------------------------------------------------- /Bisonal/bisonal.pcre: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Bisonal/bisonal.pcre -------------------------------------------------------------------------------- /Bisonal/bisonal.urls: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Bisonal/bisonal.urls -------------------------------------------------------------------------------- /Emotet/emotet.pcre: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Emotet/emotet.pcre -------------------------------------------------------------------------------- /Emotet/emotet.urls: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Emotet/emotet.urls -------------------------------------------------------------------------------- /Emotet/emotet_deob_07MAR23.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Emotet/emotet_deob_07MAR23.sh -------------------------------------------------------------------------------- /Emotet/emotet_deob_08MAR23.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Emotet/emotet_deob_08MAR23.py -------------------------------------------------------------------------------- /Evrial/evrial.pcre: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Evrial/evrial.pcre -------------------------------------------------------------------------------- /Evrial/evrial.urls: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Evrial/evrial.urls -------------------------------------------------------------------------------- /FakeUpdates/fakeupdates.pcre: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/FakeUpdates/fakeupdates.pcre -------------------------------------------------------------------------------- /FakeUpdates/fakeupdates.urls: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/FakeUpdates/fakeupdates.urls -------------------------------------------------------------------------------- /FormBook/formbook.pcre: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/FormBook/formbook.pcre -------------------------------------------------------------------------------- /FormBook/formbook.urls: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/FormBook/formbook.urls -------------------------------------------------------------------------------- /GodzillaLoader/godzillaloader.pcre: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/GodzillaLoader/godzillaloader.pcre -------------------------------------------------------------------------------- /GodzillaLoader/godzillaloader.urls: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/GodzillaLoader/godzillaloader.urls -------------------------------------------------------------------------------- /GodzillaShell/Godzilla_Shell_Data.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/GodzillaShell/Godzilla_Shell_Data.csv -------------------------------------------------------------------------------- /GodzillaShell/webshell_godzilla.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/GodzillaShell/webshell_godzilla.yar -------------------------------------------------------------------------------- /Gootkit/gootkit.pcre: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Gootkit/gootkit.pcre -------------------------------------------------------------------------------- /Hancitor/hancitor.pcre: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Hancitor/hancitor.pcre -------------------------------------------------------------------------------- /Hancitor/hancitor.urls: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Hancitor/hancitor.urls -------------------------------------------------------------------------------- /Hancitor/troj_win_hancitor.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Hancitor/troj_win_hancitor.yar -------------------------------------------------------------------------------- /Kimsuky/kimsuky.suri: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Kimsuky/kimsuky.suri -------------------------------------------------------------------------------- /Lazarus/lazarus.pcre: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Lazarus/lazarus.pcre -------------------------------------------------------------------------------- /Lazarus/lazarus.urls: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Lazarus/lazarus.urls -------------------------------------------------------------------------------- /Lazarus/troj_win_lazarus.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Lazarus/troj_win_lazarus.yar -------------------------------------------------------------------------------- /LummaStealer/lummastealer.urls: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/LummaStealer/lummastealer.urls -------------------------------------------------------------------------------- /MagEK/magek.pcre: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/MagEK/magek.pcre -------------------------------------------------------------------------------- /MagEK/magek.urls: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/MagEK/magek.urls -------------------------------------------------------------------------------- /Misc/TDS_Pro_Redirects_02FEB2023-24MAR2024.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Misc/TDS_Pro_Redirects_02FEB2023-24MAR2024.csv -------------------------------------------------------------------------------- /Misc/apt_win_carbanak_downlaoder.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Misc/apt_win_carbanak_downlaoder.yar -------------------------------------------------------------------------------- /Misc/apt_win_ismagent.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Misc/apt_win_ismagent.yar -------------------------------------------------------------------------------- /Misc/apt_win_turla_comratv4.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Misc/apt_win_turla_comratv4.yar -------------------------------------------------------------------------------- /Misc/blackbasta_domain_by_email.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Misc/blackbasta_domain_by_email.txt -------------------------------------------------------------------------------- /Misc/blackbasta_domain_by_name.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Misc/blackbasta_domain_by_name.txt -------------------------------------------------------------------------------- /Misc/exploit_any_poppopret.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Misc/exploit_any_poppopret.yar -------------------------------------------------------------------------------- /Misc/exploit_win_dde.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Misc/exploit_win_dde.yar -------------------------------------------------------------------------------- /Misc/informational_win_protectedole.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Misc/informational_win_protectedole.yar -------------------------------------------------------------------------------- /Misc/loader_win_unknown001.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Misc/loader_win_unknown001.yar -------------------------------------------------------------------------------- /Misc/packer_win_spoonvm.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Misc/packer_win_spoonvm.yar -------------------------------------------------------------------------------- /Misc/packer_win_tiggre.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Misc/packer_win_tiggre.yar -------------------------------------------------------------------------------- /Misc/ransom_win_antefrigus.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Misc/ransom_win_antefrigus.yar -------------------------------------------------------------------------------- /Misc/ransom_win_egregor_a.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Misc/ransom_win_egregor_a.yar -------------------------------------------------------------------------------- /Misc/ransom_win_lyposit.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Misc/ransom_win_lyposit.yar -------------------------------------------------------------------------------- /Misc/troj_apk_gravityrat_a.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Misc/troj_apk_gravityrat_a.yar -------------------------------------------------------------------------------- /Misc/troj_apk_vamp_a.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Misc/troj_apk_vamp_a.yar -------------------------------------------------------------------------------- /Misc/troj_elf_cetus_a.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Misc/troj_elf_cetus_a.yar -------------------------------------------------------------------------------- /Misc/troj_osx_evilquest.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Misc/troj_osx_evilquest.yar -------------------------------------------------------------------------------- /Misc/troj_win_auguststealer.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Misc/troj_win_auguststealer.yar -------------------------------------------------------------------------------- /Misc/troj_win_bitrat.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Misc/troj_win_bitrat.yar -------------------------------------------------------------------------------- /Misc/troj_win_blackstar.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Misc/troj_win_blackstar.yar -------------------------------------------------------------------------------- /Misc/troj_win_cobaltstrike.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Misc/troj_win_cobaltstrike.yar -------------------------------------------------------------------------------- /Misc/troj_win_cobaltstrike_beacon_maze.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Misc/troj_win_cobaltstrike_beacon_maze.yar -------------------------------------------------------------------------------- /Misc/troj_win_headertip.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Misc/troj_win_headertip.yar -------------------------------------------------------------------------------- /Misc/troj_win_keymarble.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Misc/troj_win_keymarble.yar -------------------------------------------------------------------------------- /Misc/troj_win_m00nd3v.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Misc/troj_win_m00nd3v.yar -------------------------------------------------------------------------------- /Misc/troj_win_macrosafe.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Misc/troj_win_macrosafe.yar -------------------------------------------------------------------------------- /Misc/troj_win_mbrkiller.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Misc/troj_win_mbrkiller.yar -------------------------------------------------------------------------------- /Misc/troj_win_mehcrypter.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Misc/troj_win_mehcrypter.yar -------------------------------------------------------------------------------- /Misc/troj_win_mnubot.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Misc/troj_win_mnubot.yar -------------------------------------------------------------------------------- /Misc/troj_win_oldgremlin.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Misc/troj_win_oldgremlin.yar -------------------------------------------------------------------------------- /Misc/troj_win_pennywise_stealer.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Misc/troj_win_pennywise_stealer.yar -------------------------------------------------------------------------------- /Misc/troj_win_powerstager.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Misc/troj_win_powerstager.yar -------------------------------------------------------------------------------- /Misc/troj_win_purplefox.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Misc/troj_win_purplefox.yar -------------------------------------------------------------------------------- /Misc/troj_win_redsigdav.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Misc/troj_win_redsigdav.yar -------------------------------------------------------------------------------- /Misc/troj_win_threadkit.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Misc/troj_win_threadkit.yar -------------------------------------------------------------------------------- /Misc/troj_win_vbkryjetor.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Misc/troj_win_vbkryjetor.yar -------------------------------------------------------------------------------- /Misc/troj_win_warzonerat.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Misc/troj_win_warzonerat.yar -------------------------------------------------------------------------------- /Misc/troj_win_xaler.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Misc/troj_win_xaler.yar -------------------------------------------------------------------------------- /Negasteal/negasteal.pcre: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Negasteal/negasteal.pcre -------------------------------------------------------------------------------- /Negasteal/negasteal.urls: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Negasteal/negasteal.urls -------------------------------------------------------------------------------- /Negasteal/troj_win_negasteal.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Negasteal/troj_win_negasteal.yar -------------------------------------------------------------------------------- /OriginLogger/troj_win_originlogger.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/OriginLogger/troj_win_originlogger.yar -------------------------------------------------------------------------------- /Phishing/phishing.pcre: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Phishing/phishing.pcre -------------------------------------------------------------------------------- /Phishing/phishing.suri: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Phishing/phishing.suri -------------------------------------------------------------------------------- /Phishing/phishing.urls: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Phishing/phishing.urls -------------------------------------------------------------------------------- /PlugX/plugx.pcre: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/PlugX/plugx.pcre -------------------------------------------------------------------------------- /PlugX/plugx.suri: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/PlugX/plugx.suri -------------------------------------------------------------------------------- /PlugX/plugx.urls: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/PlugX/plugx.urls -------------------------------------------------------------------------------- /PlugX/troj_win_plugx_loader_go.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/PlugX/troj_win_plugx_loader_go.yar -------------------------------------------------------------------------------- /Qakbot/qakbot.pcre: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Qakbot/qakbot.pcre -------------------------------------------------------------------------------- /Qakbot/qakbot.urls: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Qakbot/qakbot.urls -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/README.md -------------------------------------------------------------------------------- /RigEK/rigek.pcre: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/RigEK/rigek.pcre -------------------------------------------------------------------------------- /RigEK/rigek.urls: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/RigEK/rigek.urls -------------------------------------------------------------------------------- /Sality/sality.pcre: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Sality/sality.pcre -------------------------------------------------------------------------------- /Sality/sality.urls: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Sality/sality.urls -------------------------------------------------------------------------------- /Shlayer/shlayer.pcre: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Shlayer/shlayer.pcre -------------------------------------------------------------------------------- /Shlayer/shlayer.urls: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Shlayer/shlayer.urls -------------------------------------------------------------------------------- /SlothfulMedia/slothfulmedia.pcre: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/SlothfulMedia/slothfulmedia.pcre -------------------------------------------------------------------------------- /SlothfulMedia/slothfulmedia.urls: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/SlothfulMedia/slothfulmedia.urls -------------------------------------------------------------------------------- /TeamViewer/teamviewer.pcre: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/TeamViewer/teamviewer.pcre -------------------------------------------------------------------------------- /TeamViewer/teamviewer.urls: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/TeamViewer/teamviewer.urls -------------------------------------------------------------------------------- /Trickbot/trickbot.pcre: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Trickbot/trickbot.pcre -------------------------------------------------------------------------------- /Trickbot/trickbot.urls: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Trickbot/trickbot.urls -------------------------------------------------------------------------------- /Ursnif/ursnif.pcre: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Ursnif/ursnif.pcre -------------------------------------------------------------------------------- /Ursnif/ursnif.urls: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/karttoon/iocs/HEAD/Ursnif/ursnif.urls --------------------------------------------------------------------------------