# Copyright (c) 2014-2019 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: http://www.microsoft.com/security/portal/threat/Encyclopedia/Entry.aspx?Name=Ransom%3aWin32%2fNymaim.F#tab=2

afkkcfjjg.biz
gefesosexwithjimmy.org
oiksixvj.net
rvebpzja.net
ykbjkuu.ru

# Reference: https://www.symantec.com/security_response/writeup.jsp?docid=2014-012318-0146-99&tabid=2

apddtww.biz
bxsupbag.com
corfbsvdvz.biz
dngnpdcy.org
dpmqvjay.net
fajcgzyorp.com
fgghxchil.net
gewvogefqz.biz
gjzylv.ru
jdtwesjab.biz
jileyiixx.com
jvaankz.org
ldkguw.biz
lumlereou.com
lxawamilwkt.com
mcgmzfqe.ru
mjfzkdlztr.org
ntstghst.ru
opkcubj.biz
oxhdlsha.com
peqxhhwgigy.biz
qtvoabrx.net
rvthbcuxd.biz
sexopartynow.org
sweetbabydolly.org
tdkdgivar.biz
vyerhmyh.info
wbezwedfhd.info
wouhysd.info
xbetcic.org
xslxrdhn.net
yvbhniagt.biz
zdlxqk.com
zfeherttbiv.net

# Reference: https://researchcenter.paloaltonetworks.com/2017/08/unit42-the-curious-case-of-notepad-and-chthonic-exposing-a-malicious-infrastructure/
  
amellet.bit
danrnysvp.com
ejtmjealr.com
firop.com
gefinsioje.com
gesofgamd.com
ponedobla.bit
unoset.com

# Reference: https://twitter.com/James_inthe_box/status/1048241429342896128

deusfegsonfe.com
geisbfreco.com
/8o31k/index.php

# Reference: https://www.cert.pl/en/news/single/nymaim-revisited/

carvezine.com
/qpqhv.php

# Reference: https://twitter.com/VK_Intel/status/1021979643988127752

elvodgeus.com
fenusfhhnex.com
/inwsgo2pl7/index.php

# Reference: https://twitter.com/VK_Intel/status/1019780320386838528

fenrsiofue.com
sgjvxwerion.com
/dbqhh0e/index.php

# Reference: http://www.broadanalysis.com/2016/10/31/compromised-site-redirects-to-rig-exploit-kit-delivering-kronos-and-nymaim/

nylon.com
quilaine.com
/04edp/index.php
/amh.php
/ayfajf.php
/btgevp.php
/iec.php
/oyxobaf.php
/sdcfe.php
/xhvriphu.php
/xmoikl.php
/xuqcmeqz.php
/yvla.php
/yxxijeq.php

# Reference: https://twitter.com/anyrun_app/status/1041554467215302656

deustresgen.com
fesishineds.com

# Reference: https://www.welivesecurity.com/2016/07/12/nymaim-rides-2016-reaches-brazil/

gafbqvx.com
/xyg9rwlq/index.php

# Reference: https://twitter.com/malware_traffic/status/770384857209958400
# Reference: http://malware-traffic-analysis.net/2016/08/29/index2.html

obzvbpslwd.com
/ayt5b7dosy/index.php

# Reference: https://twitter.com/malware_traffic/status/1041580226457681920
# Reference: https://www.malware-traffic-analysis.net/2018/09/17/index.html

/wqjhwl2jk/index.php

# Reference: https://twitter.com/Mesiagh/status/1022580530410225664
# Reference: https://pastebin.com/wKWwGFmz

lobby.dhl-biznes.com
store.dhl-xxl.com
library.dhl-xom.com
maps.dhl-glob.com
dhl-inform.com
source.dhl-logistic.com
gstat.dhl-pol.com
statistic.dhl-ttl.com
goostat.dhl-ok.com
statistics.dhl-ttl.com

arlfbqcc.com
biedisestinge.com
bswhrknfk.com
denwelloset.com
desgercoms.com
eegiudifens.com
esirsgenovs.com
fenusfhhnex.com
hengediseu.com
ichcmozcow.com
ihalbom.com
iqhkhitgfqzu.com
iuzngzhl.com
jauudedqnm.com
jestionefen.com
sgjvxwerion.com
sifersgiode.com
translationdoor.com
ufurvyreh.com
vpvqskazjvco.com

# Reference: https://twitter.com/devnullek/status/1021752530911551488

/askqm.php
/eentese.php
/list598.php

# Reference: https://www.malware-traffic-analysis.net/2018/09/28/index.html

/buslurgw/index.php

# Reference: https://twitter.com/pr3wtd/status/1044651674974015488

fishstory.cf

# Reference: https://twitter.com/pr3wtd/status/1031994804169781253

globallibrary.ru

# Reference: https://twitter.com/pr3wtd/status/1027237972419248128

globalstatistics.ru

# Reference: https://twitter.com/pr3wtd/status/1051874732008767488

bilagoong.tk

# Reference: https://twitter.com/ps66uk/status/1052853678695219201
# Reference: https://app.any.run/tasks/defe1b39-b4b6-4573-ba46-de2c425f670f

/slqua/index.php

# Reference: https://twitter.com/pollo290987/status/1053291973942095872

/wbdvs/index.php

# Reference: https://twitter.com/Techhelplistcom/status/1053335971910074369

/xfi7wapy/index.php

# Reference: https://twitter.com/Racco42/status/1097228699127238657

streetfood2you.com/show208.php

# Reference: https://www.proofpoint.com/us/threat-insight/post/nymaim-config-decoded

duewosgems.com
fiosbewos.com
/pkbn74is/index.php

# Reference: https://twitter.com/pr3wtd/status/1039938591680614405

zolloholl.cf

# Reference: https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html (# Win.Dropper.Nymaim-6956636-0)

otmqa.in
nuyfyp.in
omctebl.pw
qxqdslcvhs.pw
eyhwvkyswsts.in
lqeyztwnmqw.pw
tgkddewbn.in
bibmbkjvelox.net
mpoghxb.net
zglevl.net
cixhrfbok.com
yqxpvvbvncxr.com
vhmfwvrbln.net
pyioepars.com
iwxbgsvj.net

# Reference: https://blog.talosintelligence.com/2019/06/threat-roundup-0607-0614.html (# Win.Dropper.Nymaim-6992731-0)

jexzc.in
nenpzs.com

# Reference: https://blog.talosintelligence.com/2019/06/threat-roundup-0614-0621.html (# Win.Dropper.Nymaim-6996892-0)

bkbyvpcgbcnc.net
bqdkoibgkrw.in
clbnstusmu.net
deueijrnywe.pw
dlycu.net
fjfrix.pw
gxmxojjk.com
hlexdsgcio.com
kttasj.in
mmyuf.in
nefhn.in
nnhquzhcvm.in
olmcehndmyhb.in
oxkkvlewktdt.in
qthupu.net
rakacljgisdb.in
rqpdg.com
sqbxpxuhgs.in
tazhibvbczf.com
thxwvxr.pw
wjztocdw.net
wmimqpx.pw
xabzrrutxu.com
yayksuheo.net
yckmgwft.com

# Reference: https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html (# Win.Dropper.Nymaim-7011878-0)

bjgouvf.net
bybxug.pw
chavpayztnex.net
cspflbgtpwxg.com
emuakrgqzg.pw
fwceecdhnnph.net
hnmkptaybcf.pw
ilqmz.com
mzpgaccm.in
mzutglz.com
octvwlg.net
pcarbnracpll.in
rerbitzfyff.in
rinzevlc.net
ucwwhvxji.com
ulgug.in
utgwcrp.com
uwsmf.net
vncya.in
wnckjojra.net
xlwzoffpooo.com
xunveu.in
xyiubkksjo.pw
ypgfnvixxaw.in
zdlvqrnmf.net

# Reference: https://blog.talosintelligence.com/2019/07/threat-roundup-0712-0719.html (# Win.Malware.Nymaim-7057729-0)

atetgyy.com
aydvw.pw
dojtzsiroyjb.in
efonzybmsdtj.net
fplraqgdaq.com
jnnovcv.com
jvomazzl.pw
kdnbfzdvpkqa.net
kicxjtaec.pw
kpskawv.pw
kzqcbtrpvq.net
lmhfg.com
mxjhz.net
mytjbj.pw
qyaqzy.pw
rkxamsqbnnd.pw
rwaxyme.com
rzcbj.in
sviwlpnp.in
uiimknpsaft.net
wurecaigfse.com
wztiqm.com
zcbiptlc.com
zeqyucrzmoa.net
ztpmqpsid.com

# Reference: https://blog.talosintelligence.com/2019/07/threat-roundup-0719-0726.html (# Win.Malware.Nymaim-7077794-1)

ahvcnjqki.in
djxexguecx.com
dobra.in
euharm.net
euvee.com
fzfpwupqpryc.com
gobezj.in
gxeiohsixfc.com
gyxsvdvcilju.net
icschqdjwq.com
jgpazdzh.com
jqmxfop.in
klwrihhgj.pw
ldssmbugesb.in
lqtcrom.net
nfoojzpdtsl.in
oincxxqtdbh.net
otqfoi.in
pmxwbnpc.pw
qxeejy.pw
ticfwfen.pw
txvzjzoosogn.in
wglcpwdbg.net
wyftxsolryia.in
yeqmndxtavuf.in

# Reference: https://twitter.com/DGAFeedAlerts/status/1159617671010430977

gxlllgs.com

# Reference: https://blog.talosintelligence.com/2019/10/threat-roundup-1018-1025.html (# Win.Malware.Nymaim-7348211-1)

bwapyvznpflh.pw
ezgouisk.pw
gpkoz.pw
istpmxnf.net
jeajlfdtoua.in
klspisvji.in
kwchhgmla.in
ofiracujrsdy.net
onubkqstb.com
oxfab.pw
qjgtlozoh.com
ryron.com
sdghuwtwxsm.com
sianowq.pw
uslrspq.pw
voszetuy.in
ysxmebrfyg.net
