SocGholish’s Intrusion Techniques Facilitate Distribution of RansomHub Ransomware

Domains\Urls :

nevada.mandros.us

cpanel.kreativelife.net

exclusive.nobogoods.com

whcms.greendreamcannabis.com

windows.envisionfonddulac.net

round.micha.ai

mail.aestheticfina.com

cluster.buydoorlitesandlouvers.com

software.adx-crm.com

sponsor.sewacanada.org

certificate.hypnotherapy-training.co.nz

estate.envisionfonddulac.org

seminary.envisionfonddulac.com

exchange.tuckx.com

dashboard.nzlifecoaching.com

programs.edlester.com

academy.entrepreneurwealthhub.com

portal.miaariacademy.com

preview.jpainting.ca

hub.unlimitedcashflowevent.com

ceo.cowholesaling.com

support.myfirstdealplaybook.com

newsite.iapmd.org

cpanel.buyjlindustriesonline.com

btctrading.crestlinesolutions.work

webmail.ebuildingsource.com

subscribe.bigeznola.com

gemini.1stpagegold.com

customer.aaddigitalstrategies.com

regular.ptbaconsulting.com

crm.bestintownpro.com

trial.buyintercomsonline.com

order.buyanemostatonline.com

static.buyweatherstriponline.com

zone.ebuilderssource.com

slot.buyaiphoneonline.com

rednosehorse.com

apiexplorerzone.com

smthwentwrong.com

newgoodfoodmarket.com

foundedbrounded.org

packedbrick.com

newgreenvibes.com

rapiddevapi.com

digdonger.org

blackshelter.org

blacksaltys.com

brickedpack.com

blessedwirrow.org

IP Address :

207.174.31.215

185.72.8.129

38.180.137.245

38.180.137.141

45.76.228.18

140.82.4.20

149.28.125.75

172.96.15.104

193.124.24.117

207.90.236.231

155.138.226.179

172.96.15.103

85.209.85.206

207.174.31.92

166.88.182.126

23.146.184.221

194.135.104.251

23.133.88.96

166.1.173.65

38.180.244.209

91.149.239.242

155.138.211.27

128.254.146.183

166.88.182.65

85.209.85.199

82.153.134.38

194.135.104.175

38.180.81.153

108.181.115.171

38.180.195.187

185.174.101.240

194.36.209.227

92.118.112.143

185.174.101.69

92.118.112.208

108.181.182.143

173.44.141.226

162.252.173.12

23.227.193.172

185.33.86.15

45.66.248.150

5.8.63.178

88.119.175.70

185.219.220.175

45.82.85.50

104.238.61.144

193.203.49.90

38.146.28.93

88.119.175.65

37.1.212.18

Domains\Urls :

userdomainname like "academy.entrepreneurwealthhub.com" or url like "academy.entrepreneurwealthhub.com" or userdomainname like "webmail.ebuildingsource.com" or url like "webmail.ebuildingsource.com" or userdomainname like "apiexplorerzone.com" or url like "apiexplorerzone.com" or userdomainname like "exchange.tuckx.com" or url like "exchange.tuckx.com" or userdomainname like "windows.envisionfonddulac.net" or url like "windows.envisionfonddulac.net" or userdomainname like "cluster.buydoorlitesandlouvers.com" or url like "cluster.buydoorlitesandlouvers.com" or userdomainname like "programs.edlester.com" or url like "programs.edlester.com" or userdomainname like "whcms.greendreamcannabis.com" or url like "whcms.greendreamcannabis.com" or userdomainname like "exclusive.nobogoods.com" or url like "exclusive.nobogoods.com" or userdomainname like "ceo.cowholesaling.com" or url like "ceo.cowholesaling.com" or userdomainname like "gemini.1stpagegold.com" or url like "gemini.1stpagegold.com" or userdomainname like "certificate.hypnotherapy-training.co.nz" or url like "certificate.hypnotherapy-training.co.nz" or userdomainname like "rednosehorse.com" or url like "rednosehorse.com" or userdomainname like "newgoodfoodmarket.com" or url like "newgoodfoodmarket.com" or userdomainname like "dashboard.nzlifecoaching.com" or url like "dashboard.nzlifecoaching.com" or userdomainname like "smthwentwrong.com" or url like "smthwentwrong.com" or userdomainname like "software.adx-crm.com" or url like "software.adx-crm.com" or userdomainname like "hub.unlimitedcashflowevent.com" or url like "hub.unlimitedcashflowevent.com" or userdomainname like "crm.bestintownpro.com" or url like "crm.bestintownpro.com" or userdomainname like "support.myfirstdealplaybook.com" or url like "support.myfirstdealplaybook.com" or userdomainname like "brickedpack.com" or url like "brickedpack.com" or userdomainname like "static.buyweatherstriponline.com" or url like "static.buyweatherstriponline.com" or userdomainname like "blessedwirrow.org" or url like "blessedwirrow.org" or userdomainname like "packedbrick.com" or url like "packedbrick.com" or userdomainname like "cpanel.kreativelife.net" or url like "cpanel.kreativelife.net" or userdomainname like "newsite.iapmd.org" or url like "newsite.iapmd.org" or userdomainname like "newgreenvibes.com" or url like "newgreenvibes.com" or userdomainname like "subscribe.bigeznola.com" or url like "subscribe.bigeznola.com" or userdomainname like "sponsor.sewacanada.org" or url like "sponsor.sewacanada.org" or userdomainname like "btctrading.crestlinesolutions.work" or url like "btctrading.crestlinesolutions.work" or userdomainname like "digdonger.org" or url like "digdonger.org" or userdomainname like "rapiddevapi.com" or url like "rapiddevapi.com" or userdomainname like "order.buyanemostatonline.com" or url like "order.buyanemostatonline.com" or userdomainname like "nevada.mandros.us" or url like "nevada.mandros.us" or userdomainname like "trial.buyintercomsonline.com" or url like "trial.buyintercomsonline.com" or userdomainname like "round.micha.ai" or url like "round.micha.ai" or userdomainname like "mail.aestheticfina.com" or url like "mail.aestheticfina.com" or userdomainname like "estate.envisionfonddulac.org" or url like "estate.envisionfonddulac.org" or userdomainname like "seminary.envisionfonddulac.com" or url like "seminary.envisionfonddulac.com" or userdomainname like "portal.miaariacademy.com" or url like "portal.miaariacademy.com" or userdomainname like "preview.jpainting.ca" or url like "preview.jpainting.ca" or userdomainname like "cpanel.buyjlindustriesonline.com" or url like "cpanel.buyjlindustriesonline.com" or userdomainname like "customer.aaddigitalstrategies.com" or url like "customer.aaddigitalstrategies.com" or userdomainname like "regular.ptbaconsulting.com" or url like "regular.ptbaconsulting.com" or userdomainname like "zone.ebuilderssource.com" or url like "zone.ebuilderssource.com" or userdomainname like "slot.buyaiphoneonline.com" or url like "slot.buyaiphoneonline.com" or userdomainname like "foundedbrounded.org" or url like "foundedbrounded.org" or userdomainname like "blackshelter.org" or url like "blackshelter.org" or userdomainname like "blacksaltys.com" or url like "blacksaltys.com"

IP Address : 

dstipaddress IN ("108.181.182.143","155.138.211.27","5.8.63.178","38.180.195.187","92.118.112.143","155.138.226.179","45.82.85.50","193.203.49.90","108.181.115.171","92.118.112.208","149.28.125.75","38.180.81.153","128.254.146.183","104.238.61.144","37.1.212.18","185.219.220.175","185.174.101.69","45.66.248.150","140.82.4.20","207.174.31.215","23.227.193.172","23.133.88.96","185.33.86.15","185.72.8.129","38.180.137.245","38.180.137.141","45.76.228.18","172.96.15.104","193.124.24.117","207.90.236.231","172.96.15.103","85.209.85.206","207.174.31.92","166.88.182.126","23.146.184.221","194.135.104.251","166.1.173.65","38.180.244.209","91.149.239.242","166.88.182.65","85.209.85.199","82.153.134.38","194.135.104.175","185.174.101.240","194.36.209.227","173.44.141.226","162.252.173.12","88.119.175.70","38.146.28.93","88.119.175.65") or ipaddress IN ("108.181.182.143","155.138.211.27","5.8.63.178","38.180.195.187","92.118.112.143","155.138.226.179","45.82.85.50","193.203.49.90","108.181.115.171","92.118.112.208","149.28.125.75","38.180.81.153","128.254.146.183","104.238.61.144","37.1.212.18","185.219.220.175","185.174.101.69","45.66.248.150","140.82.4.20","207.174.31.215","23.227.193.172","23.133.88.96","185.33.86.15","185.72.8.129","38.180.137.245","38.180.137.141","45.76.228.18","172.96.15.104","193.124.24.117","207.90.236.231","172.96.15.103","85.209.85.206","207.174.31.92","166.88.182.126","23.146.184.221","194.135.104.251","166.1.173.65","38.180.244.209","91.149.239.242","166.88.182.65","85.209.85.199","82.153.134.38","194.135.104.175","185.174.101.240","194.36.209.227","173.44.141.226","162.252.173.12","88.119.175.70","38.146.28.93","88.119.175.65") or publicipaddress IN ("108.181.182.143","155.138.211.27","5.8.63.178","38.180.195.187","92.118.112.143","155.138.226.179","45.82.85.50","193.203.49.90","108.181.115.171","92.118.112.208","149.28.125.75","38.180.81.153","128.254.146.183","104.238.61.144","37.1.212.18","185.219.220.175","185.174.101.69","45.66.248.150","140.82.4.20","207.174.31.215","23.227.193.172","23.133.88.96","185.33.86.15","185.72.8.129","38.180.137.245","38.180.137.141","45.76.228.18","172.96.15.104","193.124.24.117","207.90.236.231","172.96.15.103","85.209.85.206","207.174.31.92","166.88.182.126","23.146.184.221","194.135.104.251","166.1.173.65","38.180.244.209","91.149.239.242","166.88.182.65","85.209.85.199","82.153.134.38","194.135.104.175","185.174.101.240","194.36.209.227","173.44.141.226","162.252.173.12","88.119.175.70","38.146.28.93","88.119.175.65") or srcipaddress IN ("108.181.182.143","155.138.211.27","5.8.63.178","38.180.195.187","92.118.112.143","155.138.226.179","45.82.85.50","193.203.49.90","108.181.115.171","92.118.112.208","149.28.125.75","38.180.81.153","128.254.146.183","104.238.61.144","37.1.212.18","185.219.220.175","185.174.101.69","45.66.248.150","140.82.4.20","207.174.31.215","23.227.193.172","23.133.88.96","185.33.86.15","185.72.8.129","38.180.137.245","38.180.137.141","45.76.228.18","172.96.15.104","193.124.24.117","207.90.236.231","172.96.15.103","85.209.85.206","207.174.31.92","166.88.182.126","23.146.184.221","194.135.104.251","166.1.173.65","38.180.244.209","91.149.239.242","166.88.182.65","85.209.85.199","82.153.134.38","194.135.104.175","185.174.101.240","194.36.209.227","173.44.141.226","162.252.173.12","88.119.175.70","38.146.28.93","88.119.175.65")