# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Aliases: shadowhammer, shadowpad, apt41, apt-c-41, double dragon, lowkey, AXIOMATICASYMPTOTE, RedEcho # Reference: https://securelist.com/operation-shadowhammer/89992/ asushotfix.com # Reference: https://twitter.com/ydklijnsma/status/1110220766778286080 # Reference: https://twitter.com/ydklijnsma/status/1110189880313692160 homeabcd.com simplexoj.com # Reference: https://securelist.com/operation-shadowhammer-a-high-profile-supply-chain-attack/90380/ 103.19.3.17:443 103.19.3.43:443 103.19.3.44:443 103.19.3.44:1194 117.16.142.9:443 23.236.77.175:443 23.236.77.177:443 infestexe.com # Reference: https://content.fireeye.com/apt-41/rpt-apt41 # Reference: https://otx.alienvault.com/pulse/5d4ae9f31ae8a479422a17ab agegamepay.com ageofwuxia.com ageofwuxia.info ageofwuxia.net ageofwuxia.org bugcheck.xigncodeservice.com byeserver.com dnsgogle.com gamewushu.com gxxservice.com ibmupdate.com infestexe.com kasparsky.net linux-update.net macfee.ga micros0ff.com micros0tf.com notped.com operatingbox.com paniesx.com serverbye.com sexyjapan.ddns.info symanteclabs.com techniciantext.com win7update.net # Reference: https://www.fireeye.com/blog/threat-research/2019/08/game-over-detecting-and-stopping-an-apt41-operation.html # Reference: https://www.virustotal.com/gui/ip-address/67.229.97.229/relations http://67.229.97.229 67.229.97.229:5985 67.229.97.229:9999 # Reference: https://www.fireeye.com/blog/threat-research/2019/10/lowkey-hunting-for-the-missing-volume-serial-id.html # Reference: https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/ # Reference: https://otx.alienvault.com/pulse/5da5eaab4516e8056a6d59fb checkin.travelsanignacio.com # Reference: https://www.fireeye.com/blog/threat-research/2020/03/apt41-initiates-global-intrusion-campaign-using-multiple-exploits.html # Reference: https://otx.alienvault.com/pulse/5e7b4a11d552fbcfce6c314d # Reference: https://twitter.com/sysgoblin/status/1237054973579583489 (# CVE-2020-10189) http://66.42.98.220 http://91.208.184.78 66.42.98.220:12345 74.82.201.8:12345 91.208.184.78:443 accounts.longmusic.com dylerays.tk exchange.dumb1.com # Reference: https://unit42.paloaltonetworks.com/apt41-using-new-speculoos-backdoor-to-target-organizations-globally/ # Reference: https://otx.alienvault.com/pulse/5e95c0d3d12068d29f538338 # Reference: https://www.virustotal.com/gui/ip-address/66.42.98.220/relations http://66.42.98.220 66.42.98.220:12345 119.28.139.20:443 alibaba.zzux.com exchange.longmusic.com # Reference: https://www.ptsecurity.com/ru-ru/research/pt-esc-threat-intelligence/shadowpad-novaya-aktivnost-gruppirovki-winnti/ (Russian, # ShadowPad IOC) ertufg.com filename.onedumb.com info.kavlabonline.com ncdle.net trendupdate.dns05.com ttareyice.jkub.com unaecry.zzux.com yandex2unitedstated.dns04.com # Reference: https://www.trendmicro.com/en_us/research/20/i/u-s--justice-department-charges-apt41-hackers-over-global-cyberattacks.html # Reference: https://otx.alienvault.com/pulse/5f650a34fabdf2c7bf7a7616 http://104.233.224.227 # Reference: https://vblocalhost.com/uploads/VB2020-Lunghi-Horejsi.pdf (# Cluster 2) ashcrack.freetcp.com heatidc.com infrast.ygto.com notify.serveuser.com platform.freetcp.com reply.ygto.com tripmerry.com # Reference: https://st.drweb.com/static/new-www/news/2020/october/Study_of_the_ShadowPad_APT_backdoor_and_its_relation_to_PlugX_en.pdf arestc.net icefirebest.com mongolv.com pneword.net # Reference: https://blog.macnica.net/blog/2020/11/dtrack.html # Reference: https://otx.alienvault.com/pulse/5fc12f0ec26699f8ccd97838 mail.gietriangle.org/public/src3.png tastygoodness.net ussainc.org # Reference: https://go.recordedfuture.com/hubfs/reports/cta-2021-0228.pdf # Reference: https://otx.alienvault.com/pulse/603d0dcc0a0f44e375d16c62/ escanavupdate.club indrails.com ixrails.com ntpc-co.com pandorarve.com ptciocl.com ubuntumax.com websencl.com indianrailway.hopto.org indrra.ddns.net inraja.ddns.net modibest.sytes.net railway.sytes.net railways.hopto.org astudycarsceu.net indiasunsung.com shipcardonlinehelp.com smartdevoe.com # Reference: https://blog.group-ib.com/colunmtk_apt41 # Reference: https://otx.alienvault.com/pulse/60c34510bd6707ce53355efc colunm.tk cs.colunm.tk ns1.colunm.tk ns2.colunm.tk service.dns22.ml server04.dns04.com service04.dns04.com # Reference: https://content.fireeye.com/apt41-jp/rpt-apt41-jp # Reference: https://otx.alienvault.com/pulse/610cf675620c3a10851e62d0 backdoor.apt.photo # Reference: https://github.com/ti-research-io/ti/blob/main/ioc_extender/BB_APT41.json isbigfish.xyz # Reference: https://securelist.com/moonbounce-the-dark-side-of-uefi-firmware/105468/ dbhubspi.com glbaitech.com kinopoisksu.com necemarket.com dev.kinopoisksu.com holdmem.dbhubspi.com m.necemarket.com mb.glbaitech.com ns.glbaitech.com st.kinopoisksu.com # Reference: https://www.mandiant.com/resources/apt41-us-state-governments milli-seconds.com queryip.cf time12.cf viewdns.ml winsproxy.com work.viewdns.ml workers.viewdns.ml work.queryip.cf cdn.ns.time12.cf east.winsproxy.com afdentry.workstation.eu.org ns1.entrydns.eu.org subnet.milli-seconds.com # Reference: https://blogs.blackberry.com/en/2021/10/drawing-a-dragon-connecting-the-dots-to-find-apt41 # Reference: https://otx.alienvault.com/pulse/615da9a8e2c277e1749757c3 assistcustody.xyz chaindefend.bid defendchain.xyz isbigfish.xyz mircosoftdoc.com zalofilescdn.com microsoftbooks.dns-dns.com ns.mircosoftdoc.com # Reference: https://www.mandiant.com/resources/apt41-us-state-governments down-flash.com microsoftfile.com libxqagv.ns.dns3.cf # Reference: https://www.mandiant.com/resources/mobileiron-log4shell-exploitation # Reference: https://otx.alienvault.com/pulse/6244606893ddbc9a6a5bbdeb # Reference: https://www.virustotal.com/gui/file/fb091547c42fcd5917283b3a79ee86e7388d57789327289d6d357e71ae28ddff/detection 103.224.80.44:8080 103.242.133.48:44322 103.242.133.48:8085 198.13.40.130:2222 note.down-flash.com 111111.note.down-flash.com 2f2640fb.dns.1433.eu.org 335b5282.dns.1433.eu.org d5922235.dns.1433.eu.org # Reference: https://twitter.com/0xrb/status/1509396448387153920 # Reference: https://www.virustotal.com/gui/file/536def339fefa0c259cf34f809393322cdece06fc4f2b37f06136375b073dff3/detection 43.129.188.223:10333 longlifetrump.com # Reference: https://otx.alienvault.com/pulse/624ff0af271429d152b5a27e greatsong.soundcast.me supermarket.ownip.net supership.dynv6.net # Reference: https://documents.trendmicro.com/assets/white_papers/wp-earth-baku-an-apt-group-targeting-indo-pacific-countries.pdf # Reference: https://otx.alienvault.com/pulse/613b110f3e005c40fe57317d dns224.com mssetting.com twitterproxy.com microsofthelp.dns1.us ns.cloud01.tk ns.cloud20.tk ns1.extrsports.ru # Reference: https://twitter.com/AltShiftPrtScn/status/1519840040637157378 # Reference: https://www.virustotal.com/gui/file/d2d927e7cdb804c416e70e41290453a7902420894b5cb17fdb688e9ee7943b13/detection 138.68.61.82:444 # Reference: https://www.sentinelone.com/labs/moshen-dragons-triad-and-error-approach-abusing-security-software-to-sideload-plugx-and-shadowpad/ # Reference: https://otx.alienvault.com/pulse/6270f28cc2cfb0f83fe7b211 farisrezky.com freewula.strangled.net gfsg.chickenkiller.com greenhugeman.dns04.com pic.farisrezky.com szuunet.strangled.net final.staticd.dynamic-dns.net # Reference: https://blog.group-ib.com/apt41-world-tour-2021 # Reference: https://otx.alienvault.com/pulse/630615f326d4b91e473170fe delaylink.tk socialpt2021.club cs16.dns04.com newimages.socialpt2021.tk # Reference: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/espionage-asia-governments # Reference: https://otx.alienvault.com/pulse/632082a05037fdffef98dcb4 # Reference: https://www.virustotal.com/gui/file/c48e1ff27b6386dadd7a8b696c00b0b96d27dffc8ee5df393765ba538c272c11/detection 27.124.17.222:443 # Reference: https://blogs.vmware.com/security/2022/10/threat-analysis-active-c2-discovery-using-protocol-emulation-part3-shadowpad.html # Reference: https://github.com/carbonblack/active_c2_ioc_public/blob/main/shadowpad/shadowpad_202210.tsv http://149.127.176.12 http://149.127.176.14 http://164.155.51.9 http://38.54.4.48 http://45.79.122.225 http://65.21.57.12 103.120.82.243:443 103.133.139.23:443 103.133.139.29:443 103.138.82.202:443 103.138.82.215:443 103.143.73.116:443 103.151.229.130:443 103.151.229.139:443 103.151.229.35:443 103.151.229.74:443 103.209.233.172:443 103.231.14.171:443 103.254.75.140:443 103.27.108.20:443 103.27.109.182:443 103.56.19.113:443 103.56.19.157:443 103.56.19.42:443 103.93.76.135:443 107.155.50.198:443 116.204.134.123:443 120.79.8.23:443 134.122.134.140:443 134.122.188.187:443 137.220.185.203:443 137.220.53.224:443 137.220.55.36:443 139.180.188.58:443 139.180.193.182:443 14.18.191.150:443 149.127.176.12:443 149.127.176.14:443 149.127.176.22:443 149.28.151.244:53 152.32.133.68:443 152.32.139.128:443 154.201.144.60:443 154.215.96.211:443 154.38.118.107:443 156.240.104.115:443 156.240.104.149:443 156.240.107.248:443 158.247.202.188:443 163.197.32.39:443 163.197.34.109:443 167.179.78.160:443 167.179.78.160:53 167.71.236.226:443 172.105.36.249:443 173.254.227.204:443 185.207.155.146:443 188.116.48.62:443 193.239.191.95:443 211.239.213.13:443 213.59.118.124:443 38.54.4.48:443 38.55.223.221:443 43.129.188.223:443 45.134.1.74:443 45.137.10.3:443 45.32.102.50:443 45.32.121.100:443 45.32.248.92:443 45.76.152.71:443 45.76.152.71:53 45.77.169.228:443 45.77.250.209:443 45.77.252.157:443 5.181.4.59:443 61.97.248.72:443 65.21.57.12:443 66.42.60.66:443 8.136.179.117:443 8.208.94.94:443 85.9.26.104:53 92.38.135.71:443 95.85.67.48:443 # Reference: https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/k/hack-the-real-box-apt41-new-subgroup-earth-longzhi/IOCs-hack-the-real-box-apt41-new-subgroup-earth-longzhi.txt # Reference: https://www.trendmicro.com/en_us/research/22/k/hack-the-real-box-apt41-new-subgroup-earth-longzhi.html # Reference: https://otx.alienvault.com/pulse/636d814b3faea55b00ea98b8 # Reference: https://www.virustotal.com/gui/file/f8fa90be3e6295c275a4d23429e8738228b70693806ed9b2f482581487cb8e08/detection # Reference: https://www.virustotal.com/gui/file/76998c3cef50132d7eb091555b034b03a351bd8639c1c5dc05cf1ea6c19331d9/detection # Reference: https://www.virustotal.com/gui/file/4bc4d2ad9b608c8564eb5da5d764644cbb088c2f1cb61427d11f7b2ce4733add/detection http://139.180.138.226 http://47.108.173.88 139.180.138.226:8000 47.108.173.88:8098 47.108.173.88:8099 # Reference: https://community.emergingthreats.net/t/daily-ruleset-update-summary-2022-11-11/149 ymvh8w5.xyz c.ymvh8w5.xyz # Reference: https://github.com/blackorbird/APT_REPORT/blob/master/APT-hunting/hunting-cobaltstrike-beacons-in-the-dark.pdf # Reference: https://www.virustotal.com/gui/ip-address/185.14.29.72/relations schememicrosoft.com aliyun.com.co microport.com.cn microsoftbooks.dynamic-dns.net microsoftdocs.dns05.com microsoftonlineupdate.dynamic-dns.net ns.microsoftdocs.dns05.com # Reference: https://twitter.com/r3dbU7z/status/1605356770330828802 # Reference: https://twitter.com/jaydinbas/status/1605532948480000002 # Reference: https://www.virustotal.com/gui/file/867e8902612f9e9a390fc667ffd53343e324c8c677c12dcbca4e1b9f14b0e461/detection 43.229.155.42:8000 43.229.155.38:8443 google-au.ga cdn.google-au.ga # Reference: https://go.recordedfuture.com/hubfs/reports/cta-2023-0330.pdf adobe-cdn.org akamaixed.net dl-flash.tk linuxupdate.info microsoftcontents.com portomnail.com tcplog.com xxe.pw a.linuxupdate.info aejava.ddns.net aejva.ddns.net aone.ddns.net back.rooter.tk box.xxe.pw chrome.down-flash.com cloudat.ddns.net cloudcat.ddns.net dash.tcplog.com dns.xxe.pw down.xxe.pw down1.linuxupdate.info down2.linuxupdate.info exchange.openmd5.com exchange.portomnail.com fonts.google-au.ga gknbm.ddns.net help.down-flash.com help.tcplog.com js.down-flash.com jsj1.linuxupdate.info lemonupdate.ddns.net linux.down-flash.com linuxupdate.ddns.net ltupdate.ddns.net mail.xxe.pw mirros.microsoftcontents.com mirros3.linuxupdate.info mm.portomnail.com n2.xxe.pw ns1.xxe.pw ns2.xxe.pw officecdn-microsoft-com.akamaixed.net proxy.xxe.pw q.xxe.pw q2.xxe.pw q4.xxe.pw qq.xxe.pw static.adobe-cdn.org static.tcplog.com transcom.ddns.net twnoc.ddns.net updatenew.servehttp.com vbnmob.ddns.net volleyball.ddns.net vpnmobupdate.ddns.net x.xxe.pw xxe.linuxupdate.info yunchat.ddns.net # Reference: https://twitter.com/sneakymonk3y/status/1679970286467268609 # Reference: https://www.trendmicro.com/en_us/research/23/g/supply-chain-attack-targeting-pakistani-government-delivers-shad.html http://158.247.230.255 # Reference: https://www.lookout.com/threat-intelligence/article/wyrmspy-dragonegg-surveillanceware-apt41 # Reference: https://www.virustotal.com/gui/file/38e18d79b83e7c0afbe1ac246a7a5fe6b2783adc085e9aeb2ec610e76f5ccaad/detection 116.205.4.18:33889 121.42.149.52:8002 andropwn.xyz win10micros0ft.com alxc.tbtianyan.com dns.win10micros0ft.com huaxin-bantian.duckdns.org smiss.imwork.net # Reference: https://twitter.com/tiresearch1/status/1688843159265325056 ap.philancourts.com atomiclampco.com closeby.coupons ftp.gulliverwear.com gulliverwear.com news.revecontopsy.com securityhealthservice.com test.dagnelie.fr test.securityhealthservice.com # Reference: https://twitter.com/tiresearch1/status/1689173376487849984 bulkyservice.info mexicobulk.info kdalpqwx312dwjbb.leopard2.com mta0.bulkyservice.info mta0.mexicobulk.info ns1.bulkyservice.info ns2.bulkyservice.info ns2.mexicobulk.info server.mexicobulk.info # Reference: https://threatfox.abuse.ch/browse/malware/win.shadowpad/ 120.25.0.139:8443 193.36.117.21:443 219.141.161.65:443 47.94.196.131:444 # Reference: https://stairwell.com/resources/security-alert-enrichment-shadowpad-variants/ # Reference: https://www.virustotal.com/gui/file/48ac2ca316e636109524e72c771afc7e4592f0a6c1de827985aa090f17b98879/detection rtxwen.com # Reference: https://threatfox.abuse.ch/browse/malware/win.shadowpad/ (# 2023-10-13) http://103.113.8.225 http://103.113.8.232 http://104.233.160.81 http://104.233.161.173 http://107.150.124.43 http://107.173.63.250 http://112.213.109.121 http://112.213.109.131 http://112.213.109.141 http://114.29.254.126 http://114.29.254.17 http://114.29.254.201 http://114.29.254.94 http://143.92.52.130 http://143.92.52.133 http://143.92.52.137 http://149.28.25.119 http://154.26.153.129 http://154.84.23.116 http://156.234.169.19 http://158.247.239.102 http://16.162.44.42 http://182.16.60.150 http://185.161.209.2 http://194.37.97.132 http://198.135.48.10 http://20.214.1.160 http://207.148.97.160 http://3.112.45.157 http://38.47.116.103 http://38.47.123.94 http://38.54.50.224 http://43.135.1.200 http://43.242.34.23 http://43.255.28.190 http://45.63.65.123 http://45.77.157.245 http://5.255.88.185 http://54.249.142.61 http://61.238.103.165 http://63.141.237.100 http://63.141.237.208 http://64.44.184.105 http://72.18.215.38 http://8.218.191.58 http://8.218.234.216 http://96.9.211.159 101.99.94.142:443 103.106.202.158:8443 103.106.202.163:8443 103.113.8.225:443 103.113.8.225:53 103.113.8.225:8080 103.113.8.232:443 103.113.8.232:8080 103.146.231.2:443 103.68.193.225:8443 103.94.76.115:81 103.94.76.163:443 104.208.73.38:53 104.233.161.173:53 104.233.161.173:8080 104.37.175.64:443 107.150.124.43:53 107.173.63.250:21 112.213.109.121:443 112.213.109.121:53 112.213.109.131:443 112.213.109.131:53 112.213.109.141:443 112.213.109.141:53 122.254.94.69:8000 124.220.78.199:8443 13.208.47.9:443 139.84.163.79:443 139.84.163.79:8080 139.84.163.79:8443 143.92.52.130:12345 143.92.52.130:21 143.92.52.130:443 143.92.52.130:53 143.92.52.130:8000 143.92.52.133:21 143.92.52.133:443 143.92.52.133:8000 143.92.52.137:21 143.92.52.137:443 143.92.52.137:53 143.92.52.137:8000 143.92.56.71:10000 149.28.145.25:443 154.19.70.222:8000 154.19.70.222:8080 154.19.70.94:65000 154.84.23.116:12345 154.84.23.116:21 154.84.23.116:443 154.84.23.116:8000 156.234.169.19:443 156.234.169.19:8080 156.234.211.149:8080 158.247.222.2:21 158.247.222.2:53 158.247.222.2:8443 158.247.239.102:443 165.84.180.74:443 180.178.42.34:65000 180.178.42.35:65000 180.178.42.38:65000 182.16.60.150:443 182.16.60.150:53 182.16.60.150:8080 185.161.209.2:443 192.236.195.253:443 193.37.59.246:443 194.37.97.132:443 198.135.48.10:443 20.210.134.241:443 202.182.115.238:443 208.72.153.162:8080 208.85.21.210:443 216.83.41.111:443 216.83.41.112:443 216.83.41.113:443 38.45.120.138:12345 38.45.120.139:12345 38.45.120.140:12345 38.45.120.141:12345 38.45.120.142:12345 38.47.116.103:443 38.47.123.94:443 38.47.220.183:65000 38.47.221.162:12345 38.47.221.86:443 38.54.50.224:443 38.54.50.224:53 38.54.50.224:8080 38.60.217.198:443 43.135.1.200:443 43.135.1.200:8080 43.154.29.157:12345 43.242.34.23:443 45.63.65.123:443 45.74.41.38:21 45.74.6.174:443 45.76.110.175:443 45.76.110.175:8080 45.76.213.19:443 45.76.213.19:8080 45.77.157.245:443 5.253.36.199:443 54.249.142.61:8080 64.44.184.105:21 78.141.208.113:443 8.218.234.216:443 8.218.234.216:8080 96.9.211.159:21 96.9.211.159:443 # Reference: https://threatfox.abuse.ch/browse/malware/win.shadowpad/ (# 2023-10-26) http://103.158.190.167 http://103.255.118.149 http://103.255.118.150 http://103.51.110.5 http://104.194.129.178 http://104.233.167.99 http://118.193.56.234 http://124.126.116.7 http://139.180.193.182 http://149.202.45.103 http://149.28.157.235 http://149.88.75.49 http://156.236.114.202 http://158.247.202.188 http://158.247.203.58 http://158.247.213.14 http://165.154.227.192 http://167.179.108.149 http://173.199.123.205 http://198.13.42.128 http://216.128.177.23 http://38.60.217.40 http://45.76.189.91 http://45.77.244.237 http://46.17.103.152 http://5.252.178.38 http://64.176.47.148 http://95.174.24.213 http://95.85.91.50 101.99.88.70:4443 103.146.231.40:44444 103.146.231.40:55555 103.22.255.14:8002 103.43.19.239:443 103.51.110.5:443 104.194.129.178:443 104.194.129.178:44444 104.194.129.178:53 111.203.154.198:8002 111.203.154.199:8002 112.94.221.4:8002 112.95.159.90:443 113.98.238.83:443 114.255.80.175:8002 120.236.186.153:8002 121.201.64.100:38002 121.32.27.111:8002 124.126.116.6:8002 124.126.116.7:8002 124.133.230.153:8002 128.14.105.245:443 134.122.189.25:443 134.122.189.25:53 134.122.189.32:443 139.180.193.182:8080 139.180.217.229:443 139.59.29.27:443 141.164.62.87:8443 144.202.27.95:8443 146.185.219.33:443 146.185.219.33:8443 146.70.157.115:8080 146.70.157.115:8081 146.70.157.115:8443 148.66.50.42:4443 148.66.50.43:4443 149.202.45.103:443 149.202.45.103:8080 149.202.45.103:88 149.88.75.49:443 149.88.75.49:53 152.32.133.68:8088 154.7.64.133:44444 154.7.64.169:44444 156.236.114.202:443 156.236.114.202:53 158.247.202.188:53 158.247.202.188:995 158.247.241.217:18443 158.247.241.217:443 158.247.241.217:8443 16.163.146.134:8443 165.154.227.192:443 165.154.227.192:8080 173.199.123.205:443 18.193.11.42:8083 183.162.222.8:8002 183.236.220.4:8002 192.71.26.55:443 194.165.59.120:443 207.148.120.140:993 216.128.177.23:443 217.12.206.194:443 218.3.254.252:44444 220.248.252.114:8002 220.248.252.114:8012 3.19.1.60:8083 3.219.38.25:8083 3.84.66.152:8083 36.255.221.118:44444 36.255.221.118:58443 38.54.20.187:443 39.96.58.23:8084 39.96.58.23:8883 45.76.217.11:443 45.77.244.237:443 45.77.244.237:8080 46.17.103.152:443 46.17.103.152:8080 46.17.103.152:8081 46.17.103.152:88 46.246.98.47:443 47.242.188.74:4443 5.252.178.38:443 5.252.178.38:8080 5.252.178.38:8081 5.78.83.190:443 64.176.37.149:443 64.176.37.149:8080 64.176.58.84:443 77.72.85.16:443 77.72.85.16:8080 77.72.85.16:8081 77.72.85.16:88 8.218.212.77:8080 8.219.186.164:443 88.119.169.116:443 88.218.192.21:443 95.179.217.17:443 95.85.91.50:443 95.85.91.50:53 # Reference: https://threatfox.abuse.ch/browse/malware/win.shadowpad/ (# 2023-11-20) http://103.97.176.121 http://109.123.230.56 http://16.163.142.128 http://167.179.98.155 http://175.27.191.226 http://203.69.170.86 http://207.148.120.140 http://38.54.84.31 http://45.67.230.185 http://45.86.162.190 103.56.19.158:993 103.97.176.121:443 103.97.176.121:8080 112.121.187.179:12345 13.115.129.191:8080 13.208.47.9:53 154.204.24.244:65000 154.7.64.210:44444 158.247.202.188:993 158.247.253.206:443 165.154.233.32:1024 175.27.191.226:21 175.27.191.226:443 185.189.241.155:53 185.189.241.155:8080 185.189.241.159:443 185.189.241.159:53 185.189.241.186:443 185.189.241.186:53 185.189.241.208:53 185.189.241.208:8080 203.69.170.86:21 203.69.170.86:443 207.148.120.140:443 207.148.120.140:995 209.58.190.167:32443 34.92.77.165:443 43.230.161.205:12345 45.67.230.185:443 45.74.6.148:8443 45.74.6.188:21 95.174.24.213:443 # Reference: https://threatfox.abuse.ch/browse/malware/win.shadowpad/ (# 2023-11-23) http://37.120.247.29 101.132.147.163:8002 106.52.128.236:12340 106.52.128.236:8443 106.52.243.150:12340 118.126.107.95:12340 119.29.143.243:12340 119.29.143.243:8443 119.29.165.74:12340 119.29.165.74:8443 119.29.249.227:12340 119.29.249.227:8443 119.29.73.94:12340 119.29.73.94:8443 119.29.8.235:12340 119.29.8.235:8443 119.29.84.169:12340 120.233.114.145:22000 120.233.114.145:22001 120.233.114.145:22002 120.233.114.145:22003 120.233.114.145:22004 120.233.114.145:22005 120.233.114.145:22006 120.233.114.145:22007 120.233.114.212:22000 120.233.114.212:22001 120.233.114.212:22002 120.233.114.212:22003 120.233.114.212:22004 120.233.114.212:22005 120.233.114.212:22006 120.233.114.212:22007 122.114.18.100:12340 122.114.18.103:12340 122.114.18.103:22350 122.114.18.104:12340 122.114.18.106:12340 122.114.18.106:22350 122.114.18.107:12340 122.114.18.107:22350 122.114.18.108:12340 122.114.18.108:22350 122.114.18.109:12340 122.114.18.109:22350 122.114.18.111:12340 122.114.18.111:22350 122.114.18.112:12340 122.114.18.112:22350 122.114.18.113:12340 122.114.18.113:22350 122.114.18.114:12340 122.114.18.115:12340 122.114.18.115:22350 122.114.18.116:12340 122.114.18.116:22350 122.114.18.119:12340 122.114.18.119:22350 122.114.18.120:12340 122.114.18.120:22350 122.114.18.123:12340 122.114.18.123:22350 122.114.18.124:12340 122.114.18.124:22350 122.114.18.19:12340 122.114.18.19:22350 122.114.18.22:12340 122.114.18.22:22350 122.114.18.25:12340 122.114.18.25:22350 122.114.18.26:12340 122.114.18.26:22350 122.114.18.27:12340 122.114.18.27:22350 122.114.18.30:12340 122.114.18.30:22350 122.114.18.31:12340 122.114.18.31:22350 122.114.18.32:12340 122.114.18.32:22350 122.114.18.35:12340 122.114.18.35:22350 122.114.18.38:12340 122.114.18.38:22350 122.114.18.39:12340 122.114.18.39:22350 122.114.18.42:22350 122.114.18.43:12340 122.114.18.43:22350 122.114.18.44:12340 122.114.18.44:22350 122.114.18.46:12340 122.114.18.46:22350 122.114.18.47:12340 122.114.18.47:22350 122.114.18.49:12340 122.114.18.49:22350 122.114.18.50:12340 122.114.18.50:22350 122.114.18.52:12340 122.114.18.52:22350 122.114.18.53:12340 122.114.18.53:22350 122.114.18.54:12340 122.114.18.54:22350 122.114.18.55:12340 122.114.18.55:22350 122.114.18.57:12340 122.114.18.57:22350 122.114.18.58:12340 122.114.18.58:22350 122.114.18.59:12340 122.114.18.59:22350 122.114.18.62:12340 122.114.18.62:22350 122.114.18.64:12340 122.114.18.64:22350 122.114.18.65:12340 122.114.18.65:22350 122.114.18.66:12340 122.114.18.66:22350 122.114.18.68:12340 122.114.18.68:22350 122.114.18.74:12340 122.114.18.74:22350 122.114.18.75:12340 122.114.18.75:22350 122.114.18.76:12340 122.114.18.76:22350 122.114.18.77:12340 122.114.18.77:22350 122.114.18.78:12340 122.114.18.78:22350 122.114.18.79:12340 122.114.18.79:22350 122.114.18.7:12340 122.114.18.7:22350 122.114.18.83:12340 122.114.18.83:22350 122.114.18.85:12340 122.114.18.85:22350 122.114.18.87:12340 122.114.18.87:22350 122.114.18.88:12340 122.114.18.88:22350 122.114.18.89:12340 122.114.18.89:22350 122.114.18.90:12340 122.114.18.90:22350 122.114.18.91:12340 122.114.18.91:22350 122.114.18.94:12340 122.114.18.94:22350 122.114.18.96:12340 122.114.18.96:22350 122.114.18.97:12340 122.114.18.97:22350 122.114.18.98:12340 122.114.18.98:22350 122.9.125.150:8000 122.9.125.150:8001 122.9.125.150:8002 122.9.125.150:8003 122.9.125.150:8004 122.9.125.150:8005 122.9.125.150:8006 122.9.125.150:8007 123.207.16.103:12340 129.204.202.169:12340 139.199.155.188:1235 139.199.166.208:12340 139.199.166.208:8443 139.199.72.163:12340 139.199.72.163:8443 139.199.83.96:12340 192.109.119.100:443 193.200.16.184:443 37.120.247.29:443 37.120.247.29:8080 43.153.63.174:12340 # Reference: https://threatfox.abuse.ch/browse/malware/win.shadowpad/ (# 2023-11-25) http://103.146.230.153 103.146.230.153:443 106.14.196.21:8000 106.14.196.21:8001 106.14.196.21:8002 106.14.196.21:8003 111.230.31.215:1235 114.116.237.206:8000 114.116.237.206:8001 114.116.237.206:8002 114.116.237.206:8003 114.116.237.206:8004 114.116.237.206:8005 114.116.237.206:8006 114.116.237.206:8007 117.78.9.251:8000 117.78.9.251:8001 117.78.9.251:8002 117.78.9.251:8003 117.78.9.251:8004 117.78.9.251:8005 117.78.9.251:8006 117.78.9.251:8007 118.89.62.61:12340 119.29.170.82:1235 119.3.157.2:8000 119.3.157.2:8001 119.3.157.2:8002 119.3.157.2:8003 119.3.157.2:8004 119.3.157.2:8005 119.3.157.2:8006 119.3.157.2:8007 119.3.164.101:8000 119.3.164.101:8001 119.3.164.101:8002 119.3.164.101:8003 119.3.164.101:8004 119.3.164.101:8005 119.3.164.101:8006 119.3.164.101:8007 120.233.114.141:22000 120.233.114.141:22002 120.233.114.141:22003 120.233.114.141:22004 120.233.114.141:22005 120.233.114.141:22006 120.233.114.141:22007 120.233.114.144:22000 120.233.114.144:22001 120.233.114.144:22002 120.233.114.144:22003 120.233.114.144:22004 120.233.114.144:22006 120.233.114.144:22007 120.233.114.146:22000 120.233.114.146:22001 120.233.114.146:22002 120.233.114.146:22003 120.233.114.146:22004 120.233.114.146:22005 120.233.114.146:22007 120.233.114.156:22000 120.233.114.156:22001 120.233.114.156:22002 120.233.114.156:22003 120.233.114.156:22004 120.233.114.156:22005 120.233.114.156:22006 120.233.114.156:22007 120.233.114.161:22000 120.233.114.161:22001 120.233.114.161:22002 120.233.114.161:22003 120.233.114.161:22004 120.233.114.161:22006 120.233.114.161:22007 120.233.114.167:22000 120.233.114.167:22001 120.233.114.167:22002 120.233.114.167:22003 120.233.114.167:22004 120.233.114.167:22005 120.233.114.167:22006 120.233.114.167:22007 120.233.114.169:22000 120.233.114.169:22001 120.233.114.169:22002 120.233.114.169:22003 120.233.114.169:22004 120.233.114.169:22005 120.233.114.169:22007 120.233.114.171:22000 120.233.114.171:22001 120.233.114.171:22002 120.233.114.171:22003 120.233.114.171:22004 120.233.114.171:22005 120.233.114.171:22006 120.233.114.171:22007 120.233.114.177:22000 120.233.114.177:22001 120.233.114.177:22002 120.233.114.177:22003 120.233.114.177:22004 120.233.114.177:22005 120.233.114.177:22006 120.233.114.177:22007 120.233.114.182:22001 120.233.114.182:22002 120.233.114.182:22004 120.233.114.182:22005 120.233.114.182:22006 120.233.114.182:22007 120.233.114.187:22001 120.233.114.187:22002 120.233.114.187:22003 120.233.114.187:22004 120.233.114.187:22005 120.233.114.187:22006 120.233.114.187:22007 120.233.114.190:22000 120.233.114.190:22001 120.233.114.190:22002 120.233.114.190:22003 120.233.114.190:22004 120.233.114.190:22005 120.233.114.190:22006 120.233.114.190:22007 120.233.114.204:22000 120.233.114.204:22001 120.233.114.204:22003 120.233.114.204:22004 120.233.114.204:22005 120.233.114.204:22007 120.233.114.210:22000 120.233.114.210:22001 120.233.114.210:22002 120.233.114.210:22003 120.233.114.210:22004 120.233.114.210:22005 120.233.114.210:22006 120.233.114.210:22007 120.233.114.214:22000 120.233.114.214:22001 120.233.114.214:22002 120.233.114.214:22003 120.233.114.214:22004 120.233.114.214:22005 120.233.114.214:22006 120.233.114.214:22007 120.233.114.215:22000 120.233.114.215:22001 120.233.114.215:22002 120.233.114.215:22003 120.233.114.215:22004 120.233.114.215:22005 120.233.114.215:22007 120.233.114.218:22001 120.233.114.218:22002 120.233.114.218:22003 120.233.114.218:22004 120.233.114.218:22005 120.233.114.218:22006 120.233.114.218:22007 120.233.114.225:22000 120.233.114.225:22001 120.233.114.225:22002 120.233.114.225:22003 120.233.114.225:22004 120.233.114.225:22005 120.233.114.225:22006 120.233.114.225:22007 120.233.114.226:22000 120.233.114.226:22001 120.233.114.226:22002 120.233.114.226:22004 120.233.114.226:22005 120.233.114.226:22006 120.233.114.226:22007 120.233.114.235:22000 120.233.114.235:22001 120.233.114.235:22002 120.233.114.235:22003 120.233.114.235:22004 120.233.114.235:22005 120.233.114.235:22006 120.233.114.235:22007 120.233.114.237:22001 120.233.114.237:22003 120.233.114.237:22004 120.233.114.237:22006 120.233.114.237:22007 120.233.114.242:22000 120.233.114.242:22001 120.233.114.242:22003 120.233.114.242:22004 120.233.114.242:22005 120.233.114.242:22006 120.233.114.242:22007 120.233.114.243:22000 120.233.114.243:22001 120.233.114.243:22003 120.233.114.243:22004 120.233.114.243:22005 120.233.114.243:22006 120.233.114.243:22007 120.233.114.244:22000 120.233.114.244:22002 120.233.114.244:22003 120.233.114.244:22004 120.233.114.244:22005 120.233.114.244:22006 120.233.114.244:22007 120.46.141.88:8000 120.46.141.88:8001 120.46.141.88:8002 120.46.141.88:8003 120.46.141.88:8004 120.46.141.88:8005 120.46.141.88:8006 120.46.141.88:8007 120.46.152.197:8000 120.46.152.197:8001 120.46.152.197:8002 120.46.152.197:8003 120.46.152.197:8004 120.46.152.197:8005 120.46.152.197:8006 120.46.152.197:8007 120.46.157.112:8000 120.46.157.112:8001 120.46.157.112:8002 120.46.157.112:8003 120.46.157.112:8004 120.46.157.112:8005 120.46.157.112:8006 120.46.157.112:8007 121.36.200.164:8000 121.36.200.164:8001 121.36.200.164:8002 121.36.200.164:8003 121.36.200.164:8004 121.36.200.164:8005 121.36.200.164:8006 121.36.200.164:8007 121.36.203.169:8000 121.36.203.169:8001 121.36.203.169:8002 121.36.203.169:8003 121.36.203.169:8004 121.36.203.169:8005 121.36.203.169:8006 121.36.203.169:8007 121.36.205.81:8000 121.36.205.81:8001 121.36.205.81:8002 121.36.205.81:8003 121.36.205.81:8004 121.36.205.81:8005 121.36.205.81:8006 121.36.205.81:8007 121.36.21.47:8000 121.36.21.47:8001 121.36.21.47:8002 121.36.21.47:8003 121.36.21.47:8004 121.36.21.47:8005 121.36.21.47:8006 121.36.21.47:8007 121.36.212.187:8000 121.36.212.187:8001 121.36.212.187:8002 121.36.212.187:8003 121.36.212.187:8004 121.36.212.187:8005 121.36.212.187:8006 121.36.212.187:8007 121.36.22.58:8000 121.36.22.58:8001 121.36.22.58:8002 121.36.22.58:8003 121.36.22.58:8004 121.36.22.58:8005 121.36.22.58:8006 121.36.22.58:8007 121.36.223.91:8000 121.36.223.91:8001 121.36.223.91:8002 121.36.223.91:8003 121.36.223.91:8004 121.36.223.91:8005 121.36.223.91:8006 121.36.223.91:8007 121.36.241.218:8000 121.36.241.218:8001 121.36.241.218:8002 121.36.241.218:8003 121.36.241.218:8004 121.36.241.218:8005 121.36.241.218:8006 121.36.241.218:8007 121.36.43.95:8000 121.36.43.95:8001 121.36.43.95:8002 121.36.43.95:8003 121.36.43.95:8004 121.36.43.95:8005 121.36.43.95:8006 121.36.43.95:8007 121.36.64.43:8000 121.36.64.43:8001 121.36.64.43:8002 121.36.64.43:8003 121.36.64.43:8004 121.36.64.43:8005 121.36.64.43:8006 121.36.64.43:8007 121.37.136.145:8000 121.37.136.145:8001 121.37.136.145:8002 121.37.136.145:8003 121.37.136.145:8004 121.37.136.145:8005 121.37.136.145:8006 121.37.136.145:8007 121.37.161.136:8000 121.37.161.136:8001 121.37.161.136:8002 121.37.161.136:8003 121.37.161.136:8004 121.37.161.136:8005 121.37.161.136:8006 121.37.161.136:8007 121.37.179.2:8000 121.37.179.2:8001 121.37.179.2:8002 121.37.179.2:8003 121.37.179.2:8004 121.37.179.2:8005 121.37.179.2:8006 121.37.179.2:8007 121.37.184.68:8000 121.37.184.68:8001 121.37.184.68:8002 121.37.184.68:8003 121.37.184.68:8004 121.37.184.68:8005 121.37.184.68:8006 121.37.184.68:8007 122.114.18.13:12340 122.114.18.13:22350 122.114.18.86:22350 122.114.18.92:12340 122.114.18.92:22350 122.9.111.24:8000 122.9.111.24:8001 122.9.111.24:8002 122.9.111.24:8003 122.9.111.24:8004 122.9.111.24:8005 122.9.111.24:8006 122.9.111.24:8007 122.9.112.171:8000 122.9.112.171:8001 122.9.112.171:8002 122.9.112.171:8003 122.9.112.171:8004 122.9.112.171:8005 122.9.112.171:8006 122.9.112.171:8007 122.9.121.124:8000 122.9.121.124:8001 122.9.121.124:8002 122.9.121.124:8003 122.9.121.124:8004 122.9.121.124:8005 122.9.121.124:8006 122.9.121.124:8007 122.9.122.105:8000 122.9.122.105:8001 122.9.122.105:8002 122.9.122.105:8003 122.9.122.105:8004 122.9.122.105:8005 122.9.122.105:8006 122.9.122.105:8007 122.9.122.166:8000 122.9.122.166:8001 122.9.122.166:8002 122.9.122.166:8003 122.9.122.166:8004 122.9.122.166:8005 122.9.122.166:8006 122.9.122.166:8007 122.9.123.90:8000 122.9.123.90:8001 122.9.123.90:8002 122.9.123.90:8003 122.9.123.90:8004 122.9.123.90:8005 122.9.123.90:8006 122.9.123.90:8007 122.9.124.131:8000 122.9.124.131:8001 122.9.124.131:8002 122.9.124.131:8003 122.9.124.131:8004 122.9.124.131:8005 122.9.124.131:8006 122.9.124.131:8007 122.9.124.96:8000 122.9.124.96:8001 122.9.124.96:8002 122.9.124.96:8003 122.9.124.96:8004 122.9.124.96:8005 122.9.124.96:8006 122.9.124.96:8007 122.9.125.139:8000 122.9.125.139:8001 122.9.125.139:8002 122.9.125.139:8003 122.9.125.139:8004 122.9.125.139:8005 122.9.125.139:8006 122.9.125.139:8007 122.9.125.184:8000 122.9.125.184:8001 122.9.125.184:8002 122.9.125.184:8003 122.9.125.184:8004 122.9.125.184:8005 122.9.125.184:8006 122.9.125.184:8007 122.9.125.26:8000 122.9.125.26:8001 122.9.125.26:8002 122.9.125.26:8003 122.9.125.26:8004 122.9.125.26:8005 122.9.125.26:8006 122.9.125.26:8007 122.9.126.138:8000 122.9.126.138:8001 122.9.126.138:8002 122.9.126.138:8003 122.9.126.138:8004 122.9.126.138:8005 122.9.126.138:8006 122.9.126.138:8007 122.9.126.21:8000 122.9.126.21:8001 122.9.126.21:8002 122.9.126.21:8003 122.9.126.21:8004 122.9.126.21:8005 122.9.126.21:8006 122.9.126.21:8007 122.9.126.235:8000 122.9.126.235:8001 122.9.126.235:8002 122.9.126.235:8003 122.9.126.235:8004 122.9.126.235:8005 122.9.126.235:8006 122.9.126.235:8007 122.9.126.59:8000 122.9.126.59:8001 122.9.126.59:8002 122.9.126.59:8003 122.9.126.59:8004 122.9.126.59:8005 122.9.126.59:8006 122.9.126.59:8007 122.9.126.74:8000 122.9.126.74:8001 122.9.126.74:8002 122.9.126.74:8003 122.9.126.74:8004 122.9.126.74:8005 122.9.126.74:8006 122.9.126.74:8007 122.9.96.62:8000 122.9.96.62:8001 122.9.96.62:8002 122.9.96.62:8003 122.9.96.62:8004 122.9.96.62:8005 122.9.96.62:8006 122.9.96.62:8007 122.9.98.121:8000 122.9.98.121:8001 122.9.98.121:8002 122.9.98.121:8003 122.9.98.121:8004 122.9.98.121:8005 122.9.98.121:8006 122.9.98.121:8007 123.207.12.142:1235 123.207.16.103:8443 123.207.18.157:12340 123.207.18.157:8443 123.60.12.32:8000 123.60.12.32:8001 123.60.12.32:8002 123.60.12.32:8003 123.60.12.32:8004 123.60.12.32:8005 123.60.12.32:8006 123.60.12.32:8007 123.60.218.46:8000 123.60.218.46:8001 123.60.218.46:8002 123.60.218.46:8003 123.60.218.46:8004 123.60.218.46:8005 123.60.218.46:8006 123.60.218.46:8007 123.60.221.78:8000 123.60.221.78:8001 123.60.221.78:8002 123.60.221.78:8003 123.60.221.78:8004 123.60.221.78:8005 123.60.221.78:8006 123.60.221.78:8007 123.60.31.114:8000 123.60.31.114:8001 123.60.31.114:8002 123.60.31.114:8003 123.60.31.114:8004 123.60.31.114:8005 123.60.31.114:8006 123.60.31.114:8007 123.60.31.166:8000 123.60.31.166:8001 123.60.31.166:8002 123.60.31.166:8003 123.60.31.166:8004 123.60.31.166:8005 123.60.31.166:8006 123.60.31.166:8007 123.60.92.210:8000 123.60.92.210:8001 123.60.92.210:8002 123.60.92.210:8003 123.60.92.210:8004 123.60.92.210:8005 123.60.92.210:8006 123.60.92.210:8007 123.60.94.121:8000 123.60.94.121:8001 123.60.94.121:8002 123.60.94.121:8003 123.60.94.121:8004 123.60.94.121:8005 123.60.94.121:8006 123.60.94.121:8007 124.70.128.38:8000 124.70.128.38:8001 124.70.128.38:8002 124.70.128.38:8003 124.70.128.38:8004 124.70.128.38:8005 124.70.128.38:8006 124.70.128.38:8007 124.70.186.208:8000 124.70.186.208:8001 124.70.186.208:8002 124.70.186.208:8003 124.70.186.208:8004 124.70.186.208:8005 124.70.186.208:8006 124.70.186.208:8007 124.70.204.39:8000 124.70.204.39:8001 124.70.204.39:8002 124.70.204.39:8003 124.70.204.39:8004 124.70.204.39:8005 124.70.204.39:8006 124.70.204.39:8007 124.70.21.77:8000 124.70.21.77:8001 124.70.21.77:8002 124.70.21.77:8003 124.70.21.77:8004 124.70.21.77:8005 124.70.21.77:8006 124.70.21.77:8007 124.70.29.43:8000 124.70.29.43:8001 124.70.29.43:8002 124.70.29.43:8003 124.70.29.43:8004 124.70.29.43:8005 124.70.29.43:8006 124.70.29.43:8007 124.70.87.2:8000 124.70.87.2:8001 124.70.87.2:8002 124.70.87.2:8003 124.70.87.2:8004 124.70.87.2:8005 124.70.87.2:8006 124.70.87.2:8007 124.71.10.22:8000 124.71.10.22:8001 124.71.10.22:8002 124.71.10.22:8003 124.71.10.22:8004 124.71.10.22:8005 124.71.10.22:8006 124.71.10.22:8007 124.71.14.157:8000 124.71.14.157:8001 124.71.14.157:8002 124.71.14.157:8003 124.71.14.157:8004 124.71.14.157:8005 124.71.14.157:8006 124.71.14.157:8007 124.71.186.151:8000 124.71.186.151:8001 124.71.186.151:8002 124.71.186.151:8003 124.71.186.151:8004 124.71.186.151:8005 124.71.186.151:8006 124.71.186.151:8007 124.71.192.182:8000 124.71.192.182:8001 124.71.192.182:8002 124.71.192.182:8003 124.71.192.182:8004 124.71.192.182:8005 124.71.192.182:8006 124.71.192.182:8007 124.71.193.201:8000 124.71.193.201:8001 124.71.193.201:8002 124.71.193.201:8003 124.71.193.201:8004 124.71.193.201:8005 124.71.193.201:8006 124.71.193.201:8007 124.71.205.70:8000 124.71.205.70:8001 124.71.205.70:8002 124.71.205.70:8003 124.71.205.70:8004 124.71.205.70:8005 124.71.205.70:8006 124.71.205.70:8007 124.71.228.182:8000 124.71.228.182:8001 124.71.228.182:8002 124.71.228.182:8003 124.71.228.182:8004 124.71.228.182:8005 124.71.228.182:8006 124.71.228.182:8007 124.71.63.158:8000 124.71.63.158:8001 124.71.63.158:8002 124.71.63.158:8003 124.71.63.158:8004 124.71.63.158:8005 124.71.63.158:8006 124.71.63.158:8007 124.71.99.215:8000 124.71.99.215:8001 124.71.99.215:8002 124.71.99.215:8003 124.71.99.215:8004 124.71.99.215:8005 124.71.99.215:8006 124.71.99.215:8007 139.159.152.195:8000 139.159.152.195:8001 139.159.152.195:8002 139.159.152.195:8003 139.159.152.195:8004 139.159.152.195:8005 139.159.152.195:8006 139.159.152.195:8007 139.9.119.173:8000 139.9.119.173:8001 139.9.119.173:8002 139.9.119.173:8003 139.9.119.173:8004 139.9.119.173:8005 139.9.119.173:8006 139.9.119.173:8007 139.9.135.156:8000 139.9.135.156:8001 139.9.135.156:8002 139.9.135.156:8003 139.9.135.156:8004 139.9.135.156:8005 139.9.135.156:8006 139.9.135.156:8007 139.9.138.15:8000 139.9.138.15:8001 139.9.138.15:8002 139.9.138.15:8003 139.9.138.15:8004 139.9.138.15:8005 139.9.138.15:8006 139.9.138.15:8007 139.9.221.228:8000 139.9.221.228:8001 139.9.221.228:8002 139.9.221.228:8003 139.9.221.228:8004 139.9.221.228:8005 139.9.221.228:8006 139.9.221.228:8007 139.9.36.241:8000 139.9.36.241:8001 139.9.36.241:8002 139.9.36.241:8003 139.9.36.241:8004 139.9.36.241:8005 139.9.36.241:8006 139.9.36.241:8007 139.9.37.126:8000 139.9.37.126:8001 139.9.37.126:8002 139.9.37.126:8003 139.9.37.126:8004 139.9.37.126:8005 139.9.37.126:8006 139.9.37.126:8007 139.9.80.84:8000 139.9.80.84:8001 139.9.80.84:8002 139.9.80.84:8003 139.9.80.84:8004 139.9.80.84:8005 139.9.80.84:8006 139.9.80.84:8007 139.9.86.92:8000 139.9.86.92:8001 139.9.86.92:8002 139.9.86.92:8003 139.9.86.92:8004 139.9.86.92:8005 139.9.86.92:8006 139.9.86.92:8007 141.164.54.104:443 185.126.237.57:443 193.112.241.118:12340 218.64.122.107:8081 37.120.247.29:8443 38.54.32.114:443 38.54.84.31:443 45.77.174.203:443 # Reference: https://threatfox.abuse.ch/browse/malware/win.shadowpad/ (# 2023-12-03) http://103.56.55.153 http://141.164.54.104 http://154.84.23.110 http://165.154.64.215 http://40.74.70.136 http://45.74.6.169 http://45.74.6.251 http://45.77.174.203 http://5.183.95.202 http://54.219.223.239 http://96.9.210.77 101.132.147.163:8000 101.132.147.163:8001 101.132.147.163:8003 101.200.77.210:6051 116.72.78.89:8443 118.249.189.96:13702 118.69.225.164:1433 118.89.52.171:8000 118.89.52.171:8001 118.89.52.171:8002 118.89.52.171:8003 119.3.188.193:8000 119.3.188.193:8001 119.3.188.193:8002 119.3.188.193:8003 119.3.188.193:8004 119.3.188.193:8005 119.3.188.193:8006 119.3.188.193:8007 119.3.227.189:8000 119.3.227.189:8001 119.3.227.189:8002 119.3.227.189:8003 119.3.227.189:8004 119.3.227.189:8005 119.3.227.189:8006 119.3.227.189:8007 120.233.114.141:22001 120.233.114.144:22005 120.233.114.146:22006 120.233.114.161:22005 120.233.114.169:22006 120.233.114.182:22000 120.233.114.182:22003 120.233.114.184:22000 120.233.114.184:22001 120.233.114.184:22002 120.233.114.184:22003 120.233.114.184:22004 120.233.114.184:22005 120.233.114.184:22006 120.233.114.184:22007 120.233.114.186:22000 120.233.114.186:22001 120.233.114.186:22002 120.233.114.186:22003 120.233.114.186:22004 120.233.114.186:22005 120.233.114.186:22006 120.233.114.186:22007 120.233.114.187:22000 120.233.114.204:22002 120.233.114.204:22006 120.233.114.215:22006 120.233.114.218:22000 120.233.114.226:22003 120.233.114.229:22000 120.233.114.229:22001 120.233.114.229:22002 120.233.114.229:22003 120.233.114.229:22004 120.233.114.229:22005 120.233.114.229:22006 120.233.114.229:22007 120.233.114.237:22000 120.233.114.237:22002 120.233.114.237:22005 120.233.114.242:22002 120.233.114.243:22002 120.233.114.244:22001 120.233.50.14:22000 120.233.50.14:22001 120.233.50.14:22002 120.233.50.14:22003 120.233.50.14:22004 120.233.50.14:22005 120.233.50.14:22006 120.233.50.14:22007 120.46.142.56:8000 120.46.142.56:8001 120.46.142.56:8002 120.46.142.56:8003 120.46.142.56:8004 120.46.142.56:8005 120.46.142.56:8006 120.46.142.56:8007 121.36.106.89:8000 121.36.106.89:8001 121.36.106.89:8002 121.36.106.89:8003 121.36.106.89:8004 121.36.106.89:8005 121.36.106.89:8006 121.36.106.89:8007 121.36.83.144:8000 121.36.83.144:8001 121.36.83.144:8002 121.36.83.144:8003 121.36.83.144:8004 121.36.83.144:8005 121.36.83.144:8006 121.36.83.144:8007 122.114.18.100:22350 122.114.18.42:12340 122.254.94.69:443 123.60.55.205:8000 123.60.55.205:8001 123.60.55.205:8002 123.60.55.205:8003 123.60.55.205:8004 123.60.55.205:8005 123.60.55.205:8006 123.60.55.205:8007 124.223.102.72:8443 124.70.200.238:8000 124.70.200.238:8001 124.70.200.238:8002 124.70.200.238:8003 124.70.200.238:8004 124.70.200.238:8005 124.70.200.238:8006 124.70.200.238:8007 124.70.202.122:8000 124.70.202.122:8001 124.70.202.122:8002 124.70.202.122:8003 124.70.202.122:8004 124.70.202.122:8005 124.70.202.122:8006 124.70.202.122:8007 124.70.38.91:8000 124.70.38.91:8001 124.70.38.91:8002 124.70.38.91:8003 124.70.38.91:8004 124.70.38.91:8005 124.70.38.91:8006 124.70.38.91:8007 124.70.56.41:8000 124.70.56.41:8001 124.70.56.41:8002 124.70.56.41:8003 124.70.56.41:8004 124.70.56.41:8005 124.70.56.41:8006 124.70.56.41:8007 124.70.63.174:8000 124.70.63.174:8001 124.70.63.174:8002 124.70.63.174:8003 124.70.63.174:8004 124.70.63.174:8005 124.70.63.174:8006 124.70.63.174:8007 13.115.194.155:53 14.225.192.198:443 148.66.22.106:443 148.66.22.106:8443 148.66.22.107:443 148.66.22.107:8443 148.66.22.108:443 148.66.22.108:8443 148.66.22.109:443 148.66.22.109:8443 148.66.22.110:443 148.66.22.110:8443 149.202.45.103:8081 149.28.23.65:12345 154.84.23.116:53 156.59.39.106:443 165.154.64.215:443 208.76.222.168:443 211.75.116.27:443 216.83.40.84:443 3.91.231.34:8083 35.77.99.82:53 38.180.54.6:443 38.181.24.48:8000 38.181.24.48:8080 38.60.221.150:443 43.128.40.28:8080 43.229.112.203:65000 45.195.76.26:443 45.74.6.77:8443 45.76.110.175:53 45.77.183.245:8080 45.86.162.190:443 52.128.229.100:443 52.128.229.98:443 52.128.229.99:443 54.219.223.239:53 64.176.59.90:443 96.9.210.77:21 96.9.210.77:443 # Reference: https://threatfox.abuse.ch/browse/malware/win.shadowpad/ (# 2023-12-24) http://192.109.119.100 http://45.32.106.247 http://46.246.98.47 1.12.224.214:12340 192.109.119.100:8080 45.129.199.38:443 45.129.199.38:8080 45.76.83.253:443 89.38.131.70:443 # Reference: https://threatfox.abuse.ch/browse/malware/win.shadowpad/ (# 2024-01-03) http://107.148.73.109 http://110.173.53.162 http://141.98.212.38 http://143.92.60.54 http://155.138.142.176 http://185.189.241.209 http://194.246.114.4 http://34.96.231.241 http://45.117.102.174 http://45.67.34.151 http://45.74.6.14 http://45.74.6.175 http://8.130.26.42 http://8.212.157.140 1.94.125.189:8000 1.94.125.189:8001 103.86.45.200:2096 103.86.45.200:53 107.148.45.172:443 107.148.73.109:443 110.173.53.162:443 121.37.164.60:8000 121.37.164.60:8001 121.37.164.60:8002 121.37.164.60:8003 121.37.164.60:8004 121.37.164.60:8005 121.37.164.60:8007 122.114.18.86:12340 122.254.94.69:8080 123.60.174.4:8000 123.60.174.4:8001 124.71.188.124:8000 124.71.188.124:8001 124.71.188.124:8002 124.71.188.124:8004 124.71.188.124:8005 124.71.188.124:8007 141.98.212.38:8080 149.28.136.218:443 151.236.18.179:443 156.255.3.7:443 156.59.168.116:1688 156.59.168.116:443 175.27.191.226:53 185.130.214.116:443 185.189.241.209:443 185.189.241.254:443 185.189.241.254:53 192.71.26.172:443 194.116.191.150:443 194.116.191.150:8081 194.116.191.150:88 194.246.114.4:21 194.246.114.4:443 20.6.82.79:443 23.225.71.115:12345 23.225.71.115:8888 34.81.45.231:443 34.96.231.241:53 37.1.193.156:443 43.132.173.7:12345 43.135.1.200:53 45.32.106.247:443 45.67.34.151:443 45.67.34.151:8080 45.74.6.175:21 52.128.229.100:12345 52.128.229.101:443 52.128.229.102:12345 52.128.229.102:443 52.128.229.98:12345 52.128.229.99:12345 58.20.44.195:13702 60.204.211.54:8000 60.204.211.54:8001 8.130.26.42:12345 8.130.26.42:443 8.212.157.140:443 94.131.119.167:8080 sdfsj3h1s54-yh.foy9dong.com stationarycell.xyz # Reference: https://threatfox.abuse.ch/browse/malware/win.shadowpad/ (# 2024-01-16) http://155.138.154.203 1.92.75.200:8000 1.92.75.200:8001 1.92.75.200:8002 1.92.75.200:8003 1.92.75.200:8004 1.92.75.200:8005 1.92.75.200:8006 1.92.75.200:8007 1.92.91.219:8000 1.92.91.219:8001 1.92.91.219:8002 1.92.91.219:8003 1.92.91.219:8004 1.92.91.219:8005 1.92.91.219:8006 1.92.91.219:8007 1.94.125.189:8002 1.94.125.189:8003 1.94.125.189:8004 1.94.125.189:8005 1.94.125.189:8006 1.94.125.189:8007 103.91.64.204:443 103.91.64.204:80 120.46.66.113:8000 120.46.66.113:8001 120.46.66.113:8002 120.46.66.113:8003 120.46.66.113:8004 120.46.66.113:8005 120.46.66.113:8006 120.46.66.113:8007 121.37.164.60:8006 123.60.174.4:8002 123.60.174.4:8003 123.60.174.4:8004 123.60.174.4:8005 123.60.174.4:8006 123.60.174.4:8007 124.70.0.94:8000 124.70.0.94:8001 124.70.0.94:8002 124.70.0.94:8003 124.70.0.94:8004 124.70.0.94:8005 124.70.0.94:8006 124.70.0.94:8007 124.70.98.249:8000 124.70.98.249:8001 124.70.98.249:8002 124.70.98.249:8003 124.70.98.249:8004 124.70.98.249:8005 124.70.98.249:8006 124.70.98.249:8007 124.71.188.124:8003 124.71.188.124:8006 124.71.218.160:8000 124.71.218.160:8001 124.71.218.160:8002 124.71.218.160:8003 124.71.218.160:8004 124.71.218.160:8005 124.71.218.160:8006 124.71.218.160:8007 124.71.222.120:8000 124.71.222.120:8001 124.71.222.120:8002 124.71.222.120:8003 124.71.222.120:8004 124.71.222.120:8005 124.71.222.120:8006 124.71.222.120:8007 139.159.146.137:8000 139.159.146.137:8001 139.159.146.137:8002 139.159.146.137:8003 139.159.146.137:8004 139.159.146.137:8005 139.159.146.137:8006 139.159.146.137:8007 139.9.180.3:8000 139.9.180.3:8001 139.9.180.3:8002 139.9.180.3:8003 139.9.180.3:8004 139.9.180.3:8005 139.9.180.3:8006 139.9.180.3:8007 139.9.41.174:8000 139.9.41.174:8001 139.9.41.174:8002 139.9.41.174:8003 139.9.41.174:8004 139.9.41.174:8005 139.9.41.174:8006 139.9.41.174:8007 194.116.191.150:8080 45.77.183.245:443 5.252.178.189:443 5.252.178.189:8080 60.204.211.54:8002 60.204.211.54:8003 60.204.211.54:8004 60.204.211.54:8005 60.204.211.54:8006 60.204.211.54:8007 # Reference: https://threatfox.abuse.ch/browse/malware/win.shadowpad/ (# 2024-01-23) http://103.91.64.204 http://38.55.204.19 http://5.252.178.189 155.138.154.203:443 195.123.217.139:443 20.2.219.165:3389 27.44.204.144:22000 27.44.204.144:22002 27.44.204.144:22003 27.44.204.144:22004 27.44.204.144:22005 27.44.204.144:22007 27.44.204.161:22000 27.44.204.161:22001 27.44.204.161:22002 27.44.204.161:22003 27.44.204.161:22004 27.44.204.161:22005 27.44.204.161:22006 27.44.204.161:22007 27.44.204.219:22000 27.44.204.219:22001 27.44.204.219:22003 27.44.204.219:22004 27.44.204.219:22007 27.44.204.229:22000 27.44.204.233:22001 27.44.204.233:22002 45.32.106.247:8080 5.252.178.189:8443 # Reference: https://twitter.com/nahamike01/status/1755183472677924879 supermirco.us micro.supermirco.us mircoo.supermirco.us ns.supermirco.us # Reference: https://twitter.com/luc4m/status/1778110699870310840 165.154.227.192:6005 165.154.227.192:7000 # Reference: https://twitter.com/Cyberteam008/status/1779763262722355512 173.199.71.210:443 185.174.172.41:443 194.156.99.115:443 194.156.99.115:8443 195.85.250.254:443 45.77.65.219:443 65.20.98.31:443 # Reference: https://twitter.com/ValidinLLC/status/1779916377039495523 80.92.204.66:3306 80.92.204.66:443