# Copyright (c) 2014-2026 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Aliases: apachestealer, confucius, patchwork, protego, protegorat, sneepy, droppingelephant, sloppylemming, chinastrats, monsoon, sarit, quilted tiger, apt-c-09, zinc emerson, streamspy # Reference: https://ti.qianxin.com/blog/articles/apt-c-09-reappeared-as-conflict-intensified-between-india-and-pakistan/ # Reference: https://otx.alienvault.com/pulse/5d68fa5d04b58d378df39abf http://123.57.158.115 http://146.185.234.71 http://149.56.80.64 http://176.107.182.24 http://185.203.116.58 http://185.82.217.200 http://188.165.124.30 http://43.249.37.165 http://46.183.216.222 http://81.17.30.28 http://91.229.79.183 http://94.156.35.204 /byuehf8af.php /dfae43rsfdgq4e.php /dqvabs.php /f3af3fasf32.php /ghsnls.php /j8fiandfuesmg.php /sadk9f043ejf.php /sg4gasdnjf984.php /u5a3ewfasdk9.php # Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/untangling-the-patchwork-cyberespionage-group/ # Reference: https://twitter.com/shotgunner101/status/1084111296746921986 # Reference: https://otx.alienvault.com/pulse/5c3c8199888d403ecee5e463 kielsoservice.net frameworksupport.net # Reference: https://twitter.com/blackorbird/status/1119518720794058752 # Reference: https://www.virustotal.com/gui/file/e94659941847dac6e5483df31d6429c9bfb339a013079f41ea52e7fe86d7f061/detection # Reference: https://s.tencent.com/research/report/711.html (Chinese) crowcatcher.net global-news.center useraccount.co 188.241.58.60:21 188.241.58.61:21 # Reference: https://ti.360.net/blog/articles/analysis-of-targeted-attack-against-pakistan-by-exploiting-inpage-vulnerability-and-related-apt-groups/ # Reference: https://brica.de/alerts/alert/public/1215663/new-confucius-malware-campaign-has-links-to-patchwork-cybergang/ errorfeedback.com # Reference: https://twitter.com/h4ckak/status/1161208604566966272 http://139.28.38.231 # Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/deciphering-confucius-cyberespionage-operations/ # Reference: https://documents.trendmicro.com/assets/appendix-deciphering-confucius-cyberespionage-operations.pdf http://199.101.187.54 http://45.63.43.29 http://45.76.33.53 http://46.165.207.108 http://5.135.73.109 http://5.135.73.109 http://91.210.107.104 http://94.242.219.205 46.165.249.223:80 5.199.163.51:4343 91.210.107.106:80 91.210.107.109:80 91.210.107.110:80 adhath-learning.com freeintrnet.com mfone.net mofu.tech simplechatpoint.ddns.net truth786.com tweetychat.com /android_connect/insert_account.php /android_connect/insert_contacts.php /android_connect/insert_file_list.php /android_connect/insert_sms.php /android_connect/upload_file_content.php # Reference: https://twitter.com/RedDrip7/status/1184099910892670976 yetwq.twilightparadox.com # Reference: https://twitter.com/spider_girl22/status/1172044630512164864 192.250.236.76:80 # Reference: https://twitter.com/Rmy_Reserve/status/1172016149971619841 upgrading-office-content.esy.es # Reference: https://twitter.com/Arkbird_SOLG/status/1225014088755044353 185.193.38.24:443 # Reference: https://www.cymmetria.com/wp-content/uploads/2017/10/Unveiling-Patchwork.pdf 163-cn.org 81-cn.net aaskmee.com alfred.ignorelist.com annchenn.com asiandefnetwork.com blingblingg.com chinastrat.com chinastrats.com climaxcn.com cndailynetwork.info dailychina.news epg-cn.com expatchina.info extremebolt.com extrememachine.org extremerebolt.com eyescreem.com greatdexter.com haiwaipengyou.com info81.com junshiyuehui.com letsgetclose.com lujunxinxi.com majidalfuttaiim.com matrixrevolt.com militaryworkerscn.com milresearchcn.com miltechcn.com miltechweb.com modgovcn.com mozarting.com nduformation.com newsnstat.com nextraload.com nudtcn.com numeronez.com nutcn.com office-rb-support.com outlookkz.com pizzahomez.com qqgroups.info revoltmax.com securematrixx.com sinodefprog.info socialfreakzz.com symantecz.com telemediaz.com webworldreq.com wikifedia.space xbladezz.com xmachinez.com you-yisi.com yue-lao.info # Reference: https://unit42.paloaltonetworks.com/unit42-confucius-says-malware-families-get-further-by-abusing-legitimate-websites/ # Reference: https://www.virustotal.com/gui/file/33c061dcf59d17c950fc450593cb4c3df1ee755f3a6a216eafc9717e76bc0858/behavior/VirusTotal%20Cuckoofork 130dozen.com adhath-learning.com avtofrom.us b3autybab3s.com bookerstream.com breachframework.com breachframework.website chucknorr.com com-account-jfnjkr.xyz cooperednews.info couchypotatoes.com cutedazzle.com didlynews.info fierybarrels.com fullhalfempty.com gallopingroses.com gomadweb.com greatleonidas.com jupanto.com little-nuts.com magzinehog.com mysugarbin.com neistovo.com news-letters-4u.com newsscrapper.com newstodayreviews.com nophoz.com onepickle.com purple-banana.com romanrugby.com roseauster.com sechshun8.com softwares-free.com speedeagles.com stepontheroof.com stilletowheels.com tangyball.com teens3xweb.com teensechs.com templetom.com transseksualov.com tumblebin.com twigreader.com uchitel-nitsa.com wetcottonballs.com wond3rfulworld.com younghogs.com your3x.com zadnitsa.com znaniye-onlayn.com http://95.211.38.135/search1.php /ipimp.txt # Reference: https://www.blackberry.com/content/dam/blackberry-com/asset/enterprise/pdf/direct/mobile-malware-report.pdf nowhatsapp.com web.nowhatsapp.com myrocketchat.com tweetychat.com secretchatpoint.com simplechatpoint.ddns.net android-helper.info chatit.club chaton.life chaton.live kahmir-n.com kashmir-n.com philionschat.com sync.chatit.club # Reference: https://twitter.com/malwrhunterteam/status/1273581262750593030 # Reference: https://twitter.com/JAMESWT_MHT/status/1273583949646893056 # Reference: https://twitter.com/Arkbird_SOLG/status/1273627959170121734 # Reference: https://www.virustotal.com/gui/file/977c81bfab432eaeb119167b5342468918645636aa3dc94bdb993667c2e96693/detection # Reference: https://www.virustotal.com/gui/file/628172ab0dc7360ebc49ec15f6197d7f26f6e06c370aad9c55e5e87542bcb4ec/detection # Reference: https://app.any.run/tasks/21e6efb4-751f-4135-9f8d-e3f4a9624c5b/ # Reference: https://app.any.run/tasks/0901274f-49ff-41a4-919d-759a68e79685/ http://185.29.10.117 http://94.156.35.204 185.29.10.117:443 altered.twilightparadox.com # Reference: https://twitter.com/ShadowChasing1/status/1346747278279643137 # Reference: https://www.virustotal.com/gui/file/b9b5a9fa0ad7f802899e82e103a6c2c699c09390b1a79ae2b357cacc68f1ca8e/detection msoffice.user-assist.site user-assist.site # Reference: https://twitter.com/ShadowChasing1/status/1351201320670285836 # Reference: https://www.virustotal.com/gui/file/7fb7944fb452d8588194ea746910ed782865efb991fa02479e429f8fba677d3b/detection http://176.107.181.213 # Reference: https://twitter.com/mg2_tracy1/status/1358246040302850055 http://108.62.12.210 mlservices.online # Reference: https://blog.lookout.com/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict # Reference: https://otx.alienvault.com/pulse/6025716ad1074318fbe5b3c8/ cucuchat.com pieupdate.online samaatv.online tea-time.link # Reference: https://twitter.com/ShadowChasing1/status/1360806740367876105 # Reference: https://www.virustotal.com/gui/file/f615bb459a91d76ee8a56661666fc450297dd9f9736dbe5b3efda7fb2f2ade70/detection sunshinereal.000webhostapp.com # Reference: https://0xthreatintel.medium.com/internals-of-ave-maria-malware-cb0f63bcce8d # Reference: https://www.virustotal.com/gui/file/a6e56c81c88fdaa28cbd3bf72635c5becb164f75f51ff0aabd46ee7723d4ac23/detection 108.62.12.210:4251 # Reference: https://twitter.com/ShadowChasing1/status/1364925537651617794 # Reference: https://www.virustotal.com/gui/domain/moe-cn.org/relations # Reference: https://www.virustotal.com/gui/file/153d5941a73f9600046ad859e819db33b323908a99712cd224d454cd5e3ba004/detection # Reference: https://www.virustotal.com/gui/file/4a4238e7d8c2b0950165fd1d4c6c9e43c20848028cbe1e52945c87bb921cfba8/detection 185.61.148.223:8080 208.91.197.91:8080 moe-cn.org # Reference: https://twitter.com/AnonySecAgency/status/1371648062460887040 # Reference: https://www.virustotal.com/gui/file/c3f0c89e7cddfe0a130a58c3e9edcae06579ee6d88787d5222368a8f57cc899e/detection 185.157.78.135:4040 # Reference: https://twitter.com/h2jazi/status/1415347869318537220 http://142.202.191.236 # Reference: https://twitter.com/ShadowChasing1/status/1422180936632860677 # Reference: https://www.virustotal.com/gui/file/6ddf7b13312987ed7d85ff6795f279d4c09ef67e7895a84254e53776a7ea9873/detection 142.202.191.234:2022 # Reference: https://twitter.com/ShadowChasing1/status/1449172597816455170 http://23.81.246.170 /doodle14/UploadToServer.php /doodle14/createDirecotory.php /doodle14/save_file_str.php /doodle14/save_target_applist.php /doodle14/savetargetdeviceinfo.php # Reference: https://twitter.com/souiten/status/1473142851798114312 # Reference: https://www.virustotal.com/gui/file/3ddbd2f9d4194aaebaffda1417b34aa1c2a5ec948e01b7ef0a1c9e035e78721e/detection http://104.143.36.19 # Reference: https://twitter.com/ShadowChasing1/status/1491954861402771456 webinstaller.online # Reference: https://twitter.com/RedDrip7/status/1529403598165004289 # Reference: https://www.virustotal.com/gui/file/9153c0618803e8799472060ac508135933f551581ede827265c78d644aba08b1/detection dayspringdesk.xyz /wfgkl/cvrkaf/xkj/test.php /wfgkl/cvrkaf/ # Reference: https://twitter.com/__0XYC__/status/1540211206211772416 # Reference: https://www.virustotal.com/gui/file/2d5afc95d620bed1ba631a34e6ad7c490da58d931045e1294dcf739326ad053d/detection taxofill.info # Reference: https://twitter.com/__0XYC__/status/1535107137441251328 t7g5c.app.link # Reference: https://twitter.com/__0XYC__/status/1540212682271236096 # Reference: https://twitter.com/__0XYC__/status/1540214103733522432 pmogov.online pmo.app.link # Reference: https://twitter.com/__0XYC__/status/1543806683092340737 # Reference: https://twitter.com/__0XYC__/status/1543807380269432832 # Reference: https://twitter.com/jaydinbas/status/1543952789491040257 # Reference: https://twitter.com/jaydinbas/status/1543952905925005314 # Reference: https://twitter.com/h2jazi/status/1543965665526255617 # Reference: https://www.virustotal.com/gui/file/041aa41948f654f8813b0a411f449e91ba84cdd5c0b08040bcdd9592df63a245/detection # Reference: https://www.virustotal.com/gui/file/9a42cdfe611f7e50cafc33da9e8dc5bd51abf1d16e31d324d28842d0cfef4170/detection # Reference: https://www.virustotal.com/gui/file/041aa41948f654f8813b0a411f449e91ba84cdd5c0b08040bcdd9592df63a245/detection # Reference: https://www.virustotal.com/gui/file/8adad3cb57e851c7daefe2e2f61c578c63bffaf61afbda23815ecc3c6eabf902/detection # Reference: https://www.virustotal.com/gui/file/4e19ca405e8caef23a677609b4fde2cf1c482cc08ea39d72dc89ccddc0d96c79/detection blingin.shop blingin.xyz jizyajan.shop jusmine.xyz mamba.live taxofill.info # Reference: https://twitter.com/Des00464472/status/1549615287846453248 pankilo.xyz # Reference: https://twitter.com/h2jazi/status/1558130495891857408 # Reference: https://www.virustotal.com/gui/file/1dd1c52e5eb1b1e5c4abc7c327b63687528118e612e9a42f01b97955676f4ff0/detection support-office-us.herokuapp.com # Reference: https://twitter.com/StopMalvertisin/status/1560213184535199749 # Reference: https://www.virustotal.com/gui/file/d732bc4f7bd2951cedef03a3a3235cce4f33602c858e0c5caceeb98f5bf1a4bf/detection office-fonts.herokuapp.com # Reference: https://twitter.com/__0XYC__/status/1561917066482966528 # Reference: https://twitter.com/h2jazi/status/1562079407853953024 # Reference: https://www.virustotal.com/gui/file/0e30b6e1b05279aac4c0b3b1d8b6d250fec0999cc72d0506e617fde53bc4f6e9/detection bonimoni.xyz viterwin.club # Reference: https://twitter.com/souiten/status/1565597424013365249 # Reference: https://www.virustotal.com/gui/file/c795a13148b13b6c293c11099fbe06aed8b478e1713d5c3c849fa7acabc215cc/detection # Reference: https://www.virustotal.com/gui/file/9268c46f5ed8b2f00cf3ef4d14e5bc327907b776a97b466a52bc9fbfea002e5b/detection http://125.209.76.62 http://192.227.174.165 # Reference: https://twitter.com/t3ft3lb/status/1567947765132435459 # Reference: https://www.virustotal.com/gui/file/aa6b4f8948d8524835dee9064ab54dc8f9f410eae7cbc502b1baf21cca5f8b20/detection 51.89.251.8:443 # Reference: https://twitter.com/SethKingHi/status/1570608984348053508 # Reference: https://www.virustotal.com/gui/file/2592a0b60b5902a5cbdfa19d5612546a53e6f1bf6ead33d1d86d392c5e281263/detection http://74.119.193.145 # Reference: https://twitter.com/ShadowChasing1/status/1576854577483157504 # Reference: https://www.virustotal.com/gui/file/449b4cee4b9df09777891a70248e000e3bb13f33d579603f69e444d4d175d022/detection en-us-office.herokuapp.com # Reference: https://twitter.com/StopMalvertisin/status/1578405262209142785 # Reference: https://www.virustotal.com/gui/file/bba3303974f9b4b0bc2e0b0c52e8b656992b6f18ee6321ff49d87ce1e448c69d/ office-templates.herokuapp.com # Reference: https://twitter.com/RedDrip7/status/1578687322291593216 # Reference: https://twitter.com/blackorbird/status/1585555349939314688 # Reference: https://mp.weixin.qq.com/s/IwcxY3TqkmyY-pBxnXuM1A # Reference: https://www.virustotal.com/gui/file/a9175491a108645ba2f0f906d639bd94e895e41370e6c23c59b95ab4a927a6fa/detection 162.216.240.173:1991 housingpanel.info zaim.pkwebs.com/wp-includes/c /vwykzjzy2si478c7a2w/terncpx8yr2ufvisgd2j/x8jb9g97kkexor5ihnbq/d91ng62l00hc4vgaxkf.php /vwykzjzy2si478c7a2w/terncpx8yr2ufvisgd2j/x8jb9g97kkexor5ihnbq/ /vwykzjzy2si478c7a2w/terncpx8yr2ufvisgd2j/ /vwykzjzy2si478c7a2w/ /terncpx8yr2ufvisgd2j/ /x8jb9g97kkexor5ihnbq/ /d91ng62l00hc4vgaxkf.php # Reference: https://www.virustotal.com/gui/file/2b8194a93c17d82a1814c094768c1fb728c105fd6e89661c9af51370a31dbb17/detection http://172.81.62.200 # Reference: https://twitter.com/SethKingHi/status/1588054655623659520 # Reference: https://www.virustotal.com/gui/file/115ddd20884fcf42f8937287e2b2cbb52e4d1420c000953ab8945f724c6c2f93/detection webinstall2.ddns.net # Reference: https://twitter.com/__0XYC__/status/1593088165556150272 # Reference: https://twitter.com/BaoshengbinCumt/status/1593108148646449152 mail-paf-documents-download-pk.herokuapp.com # Reference: https://twitter.com/malwrhunterteam/status/1593021085997420544 # Reference: https://www.virustotal.com/gui/file/41e561168a4a26f7d4bc14186c2d7fc2232e12fd1aa44ef77b4a9d45e14fc763/detection en-officeupdate.herokuapp.com # Reference: https://twitter.com/souiten/status/1597943643582902273 # Reference: https://twitter.com/souiten/status/1597944825340305408 # Reference: https://www.virustotal.com/gui/file/66d366fcdc0cef9a6af89a46909c9710bab0192a473f5ac583940093b990c86c/detection # Reference: https://www.virustotal.com/gui/file/ef76d11453a632920dd5835c0f0f8a317fb187972b0a51cdf8d78560f653d35f/detection # Reference: https://www.virustotal.com/gui/file/d345a80e349b79c78faa9bf10922416b0d5cfb1b805e0bfb2f675d83f63c7e47/detection 142.234.157.195:8989 142.234.157.195:8080 45.56.165.100:8080 microsoftonedriver.com info-updates.ddns.net # Reference: https://twitter.com/malwrhunterteam/status/1567483040317816833 # Reference: https://twitter.com/h2jazi/status/1567512391289544704 # Reference: https://www.virustotal.com/gui/file/40831538e59700fd86081130af597623d0779a93cde6f76b86d52174522d8ad4/detection # Reference: https://www.virustotal.com/gui/file/e2b7181d67ab4a4de5600d7f0f68190894db4d007aa66db94be0ee94631bc701/detection gov-cloud.herokuapp.com # Reference: https://twitter.com/RedDrip7/status/1608383205664780289 # Reference: https://www.virustotal.com/gui/ip-address/5.2.77.109/relations # Reference: https://www.virustotal.com/gui/file/79bde77f2295dbf272b4138db3b42a8e40e67201da5f7a70de1600c15ebfc81e/detection # Reference: https://www.virustotal.com/gui/file/2be095b201379123f11fd66b382aee0ca9542e3061fa129bc53c1eddd9b895c3/detection bingoplant.live # Reference: https://twitter.com/SethKingHi/status/1612377098777133057 # Reference: https://www.virustotal.com/gui/file/e89e0a56fad8e7232015f18bc4fd0287b98d7697e24c66820a0d4d2d501cd444/detection vlc-updates.ddns.net # Reference: https://twitter.com/souiten/status/1627613531586834432 # Reference: https://www.virustotal.com/gui/file/716298589ab48b187c127e9dbe47dd78487d0e4fd1841bf09d7e45027a23ac06/detection 23.163.0.133:443 # Reference: https://twitter.com/SethKingHi/status/1628601980682932224 # Reference: https://twitter.com/liqingjia1989/status/1640273312692727809 # Reference: https://www.virustotal.com/gui/file/6a3624f7022bf5797cb4a2bc633c383f4c59e0b6c277dea292657d56d66e29ae/detection # Reference: https://www.virustotal.com/gui/file/038da443e2ffc69b0c3d6bba7eab229166d1340ff07754fd51019d74a89b0c0b/detection http://162.216.243.187 /S8hmr7lxi7n4ceD2g93yz/foGpgvbzeYpJx6UeJcBq6/3H5StvwrQGeWkYSFbM5qY/Ztrt1DyB3tTXbjG.php /foGpgvbzeYpJx6UeJcBq6/3H5StvwrQGeWkYSFbM5qY/Ztrt1DyB3tTXbjG.php /3H5StvwrQGeWkYSFbM5qY/Ztrt1DyB3tTXbjG.php /S8hmr7lxi7n4ceD2g93yz/foGpgvbzeYpJx6UeJcBq6/3H5StvwrQGeWkYSFbM5qY/ /S8hmr7lxi7n4ceD2g93yz/foGpgvbzeYpJx6UeJcBq6/ /S8hmr7lxi7n4ceD2g93yz/ /Ztrt1DyB3tTXbjG.php # Reference: https://twitter.com/ThreatBookLabs/status/1631134841923325958 # Reference: https://www.virustotal.com/gui/ip-address/82.180.172.13/relations # Reference: https://www.virustotal.com/gui/file/9b3d01dd457b4eeae6712df54c7ef96312f56cd0115612d0d5aece654fc6bc61/detection officedocuments.info # Reference: https://twitter.com/ThreatBookLabs/status/1640397245882437632 pitbmail.000webhostapp.com webmail-pitb-gov-pk.netlify.app # Reference: https://twitter.com/blackorbird/status/1649005925947310080 # Reference: https://mp.weixin.qq.com/s/Nk2zml2d0HtK0hszyKW2Dw (Chinese) charliezard.shop msit5214.b-cdn.net shhh2564.b-cdn.net # Reference: https://twitter.com/ThreatBookLabs/status/1650906402792304641 douyni.info # Reference: https://twitter.com/ThreatBookLabs/status/1651052933142937600 ctg36512.b-cdn.net # Reference: https://about.fb.com/wp-content/uploads/2023/05/Meta-Quarterly-Adversarial-Threat-Report-Q1-2023.pdf 104.27.172.22:9371 104.27.173.22:9371 106.215.68.174:9371 172.94.99.215:4040 185.82.216.57:2125 195.20.54.105:4040 appplace.life bayanat.co.nf beautifullimages.co.nf chirrups-download.ml downloader-file.cf downloadvpn.comli.com drive-sharefiles-downloads.ga drive-sharefiles-downloads.gq faridun.com file-downloader.ga file-star.buzz fileshares.online fun.socialyte.site islamicbayanat.ddns.net kashmirundergroundnews.ml newice.hopto.org securemessagingapps.blogspot.com socialyte.site stockapp-fresh.com thenewsnation.ml videvideocaller.ml vpndl.co.nf vpndownload.co.nf vpndownload.webutu.com vpndownloads.co.nf vpndownloads.ddns.net webmails-authentication.tk /gdgtgdt1245435/chirrups.apk /poahbcyskdh/cable.apk /vdfogrglj/YoTalk.apk /gdgtgdt1245435/ /poahbcyskdh/ /vdfogrglj/ # Reference: https://twitter.com/malwrhunterteam/status/1676228569263996930 # Reference: https://www.virustotal.com/gui/ip-address/185.225.69.181/detection # Reference: https://www.virustotal.com/gui/file/1648cc664ab332c446d89a5406cc6adcfa357b2883d44f059c54012a4401b4f2/detection # Reference: https://www.virustotal.com/gui/file/8cd0ad4572e1f0b71ed8e8e84d4e75942393617afac3962c164ff04a3ab87ea4/detection # Reference: https://www.virustotal.com/gui/file/a3fc903bf6bf49f8c6e3bd5633433cfcae80be54eeefbb7345764b0059491371/detection # Reference: https://www.virustotal.com/gui/file/d4fdd37f4aaa486a9ca32d083ba2900f237eb0a186f3a6f4418d63ccdf7d69ca/detection http://185.225.69.181 onedriver.cloud toptaskrabbitgroup.com # Reference: https://twitter.com/JVPv5sIM3eFmGyi/status/1681921960731897856 # Reference: https://twitter.com/JVPv5sIM3eFmGyi/status/1681924794701455361 # Reference: https://twitter.com/JVPv5sIM3eFmGyi/status/1681925487080378368 # Reference: https://twitter.com/Des00464472/status/1687394684652695553 # Reference: https://mp-weixin-qq-com.translate.goog/s/9cqXdFn7erJupk9QPRhqpg?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=zh-CN&_x_tr_pto=wapp (# APT-K-47, ORPCBackdoor) # Reference: https://www.virustotal.com/gui/file/a7acb7fa69f218475e06fb27dceac3f199b9cb7cbea07d01c0cfb220b465cbc4/detection # Reference: https://www.virustotal.com/gui/file/556f51b7bd03b9be121f4a35916bef331d1ac82f3a00ed014975c12986d6c1e9/detection # Reference: https://www.virustotal.com/gui/file/dd53768eb7d5724adeb58796f986ded3c9b469157a1a1757d80ccd7956a3dbda/detection msdocs.ddns.net msoutllook.ddns.net outlook-services.ddns.net outlook-updates.ddns.net # Reference: https://twitter.com/binlmmhc/status/1682284911506636800 # Reference: https://www.virustotal.com/gui/file/e43d53c505e0944e6a8ce9f613a1ce5ef2b845fd04b9a777e1515b787206a03c/detection kdrm201.b-cdn.net # Reference: https://twitter.com/binlmmhc/status/1684521661926973440 cftn6129.b-cdn.net johu91837.b-cdn.net nthb041.b-cdn.net # Reference: https://twitter.com/StopMalvertisin/status/1691469917475000320 dgdg8675.b-cdn.net # Reference: https://twitter.com/StopMalvertisin/status/1692879603977908224 # Reference: https://www.virustotal.com/gui/file/709298c36dcc4afedc1ef5725890f119d117df1ad5776cdeecda9c1a7380a33b/detection ppzo3687.b-cdn.net # Reference: https://twitter.com/ginkgo_g/status/1694544752350486732 kdrm201.b-cdn.net # Reference: https://mp.weixin.qq.com/s/nMTQww-jHkdKBWFPYdfprA (Chinese) # Reference: https://www.virustotal.com/gui/file/1e2b343eb7948ed225dc192e53dfe8d1d587c9b88ef17b910dc48810dccb4f28/detection http://149.102.225.98 /sun2/UploadToServer.php /sun2/UploadToServer_gb.php /sun2/createDirecotory.php /sun2/save_file_str.php /sun2/save_target_applist.php /sun2/save_whats_chat.php /sun2/savetargetdeviceinfo.php # Reference: https://twitter.com/malwrhunterteam/status/1704236578053210488 # Reference: https://x.com/malwrhunterteam/status/1831273968000479422 # Reference: https://twitter.com/RexorVc0/status/1715246574748549581 # Reference: https://mp.weixin.qq.com/s?__biz=MzUyMDEyNTkwNA==&mid=2247495700&idx=1&sn=5f39caf4d5fafef490ff1ad18f072a16&chksm=f9ed9cabce9a15bd1a5c94d19de5c927bdd0983b55b6183159a40034129bc78b2355aab38d85&scene=178&cur_album_id=1375769135073951745#rd (# RiverStealer) # Reference: https://www.virustotal.com/gui/file/1f3590c97efdbaff2fff55a9f420863ca543f6ae35d1510f65da8984cb35bba1/detection # Reference: https://www.virustotal.com/gui/file/5bdd87417c5dc17a994b9880caf54de759c46614f2b16e63d9dcebcf251cc9cf/detection http://39.104.22.215 http://39.104.65.77 http://45.159.250.181 bluechillyboo.site redcrocodilepuppet.online riverelephant.site riverelephent.site /JSdfjweuisdfjhg/ /HprodXprnvlm1.php /VueWsxpogcjwq1.php # Reference: https://twitter.com/malwrhunterteam/status/1725275794711126259 # Reference: https://twitter.com/RedDrip7/status/1734110428685570139 # Reference: https://www.virustotal.com/gui/file/e8a519d735c3356b10a94f39923a10b76b644e68b74029fe7ec8e060a4345750/detection # Reference: https://www.virustotal.com/gui/file/13c1cde8ded82f73c5b0ca483c2b2f2ea693ebc9dad6d30b90fcd03ff80795d6/detection arabcomputersupportgroup.com firebasebackups.com /hailo/block.php /hailo/cert.php /hailo/load_img.php /hailo/pakart.php # Reference: https://twitter.com/ginkgo_g/status/1725445679072587993 # Reference: https://www.virustotal.com/gui/file/b019ed0bb09bda78af75f941ba1bb88f3b3e3604a202309d8661fdaacb04d02e/detection pd560.b-cdn.net pld956.b-cdn.net # Reference: https://otx.alienvault.com/pulse/6566312bddcfb0e7f0991687 grand123099ggcarnivol.com mfaturk.com morimocanab.com omeri12oncloudd.com # Reference: https://twitter.com/blackorbird/status/1729327114187587854 cflayerprotection.com cloudlflares.com # Reference: https://twitter.com/ginkgo_g/status/1731870687562752375 # Reference: https://www.virustotal.com/gui/file/90e7df73e769bf0bde48294c38004341778e6ed2a6cd8db9d20fe57524607607/detection tyfk1.b-cdn.net # Reference: https://twitter.com/ginkgo_g/status/1732652858804486614 # Reference: https://www.virustotal.com/gui/ip-address/185.74.222.34/relations # Reference: https://www.virustotal.com/gui/file/ca24347d80aed81df2a0e89075c645bfd6081a8e66103ea680f3a8758999b32b/detection wingpao.info pd35.b-cdn.net pl335.b-cdn.net # Reference: https://twitter.com/liqingjia1989/status/1639072245648883712 # Reference: https://www.virustotal.com/gui/file/cb0fe57e84a705a6e6d5d40f621c60095aaf73ba87c424029d2e2813210e09b9/detection triptrans.info # Reference: https://twitter.com/Joseliyo_Jstnk/status/1749719852623802384 # Reference: https://www.virustotal.com/gui/ip-address/152.89.247.23/relations # Reference: https://www.virustotal.com/gui/ip-address/51.79.217.72/relations # Reference: https://www.virustotal.com/gui/file/8734a8a71c27712f17d08e758a251665e1c81e91ea6482c0045facca5b777e4d/detection classcentral-drive.ddns.net deltabook.ddns.net msdesigns.site officecloud.store # Reference: https://www.welivesecurity.com/en/eset-research/vajraspy-patchwork-espionage-apps/ # Reference: https://www.virustotal.com/gui/file/ba9aeb87025ba26e7a54fe38f97bf28b72b1dac069e9fa6624a195a599c4b0ae/detection chatapp-6b96e-default-rtdb.firebaseio.com chit-chat-e9053-default-rtdb.firebaseio.com glowchat-33103-default-rtdb.firebaseio.com hello-chat-c47ad-default-rtdb.firebaseio.com letschat-5d5e3-default-rtdb.firebaseio.com meetme-abc03-default-rtdb.firebaseio.com privchat-6cc58-default-rtdb.firebaseio.com quick-chat-1d242-default-rtdb.firebaseio.com rafaqat-d131f-default-rtdb.asia-southeast1.firebasedatabase.app tiktalk-2fc98-default-rtdb.firebaseio.com wave-chat-e52fe-default-rtdb.firebaseio.com yooho-c3345-default-rtdb.firebaseio.com # Reference: https://twitter.com/ginkgo_g/status/1753339086709100633 # Reference: https://www.virustotal.com/gui/file/a4c16bcdf5db8d29688e1112434fe8f7f15e9e4dc78828ba2890bade62b9c7cc/detection hu51.b-cdn.net # Reference: https://twitter.com/malwrhunterteam/status/1758395825103798760 # Reference: https://www.virustotal.com/gui/file/e68c9aedfd080fe8e54b005482fcedb16f97caa6f7dcfb932c83b29597c6d957/detection # Reference: https://www.virustotal.com/gui/file/e89305bd8e01769d024916fb5e286b951382409a5106e31c8bea2e3400ebf603/detection denv-1.b-cdn.net denv-2.b-cdn.net # Reference: https://twitter.com/suyog41/status/1765725837041824121 # Reference: https://www.virustotal.com/gui/file/01ea7197094b9acd50605bda611111eaa822230f81a3cac4b47a2f9d01e146c1/detection # Reference: https://www.virustotal.com/gui/file/749942726963f0a55380123dff8238cdf54d6b98d3fb083528a41ba287002bad/detection espncrics.info ruz98.b-cdn.net # Reference: https://twitter.com/__0XYC__/status/1770684464470872294 # Reference: https://twitter.com/mal_analysis136/status/1770693119463326144 # Reference: https://twitter.com/suyog41/status/1771135469327417684 # Reference: https://www.virustotal.com/gui/file/8f4cf379ee2bef6b60fec792d36895dce3929bf26d0533fbb1fdb41988df7301/detection daily-mashriq.org t-cdn.org doc.t-cdn.org quranchapter.t-cdn.org /javascript/juicesdafekohioshfoshfhiofh/ /juicesdafekohioshfoshfhiofh/ /goyxdrkhjilchyigflztv # Reference: https://twitter.com/h2jazi/status/1773468430013727186 # Reference: https://twitter.com/PrakkiSathwik/status/1773763707744489594 # Reference: https://www.virustotal.com/gui/file/88558ef568b3c775b2d79499b74dc3ecde7c049440c8872573fc6622433eec17/detection # Reference: https://www.virustotal.com/gui/file/aaaae5f5d7f58eb8c970c4e5407fb2f4597bc81674d006c5e2d1462a3b133d74/detection 176.56.237.126:443 # Reference: https://twitter.com/k3yp0d/status/1780928811195887973 # Reference: https://twitter.com/k3yp0d/status/1780929118034362708 # Reference: https://twitter.com/k3yp0d/status/1780929459689758926 # Reference: https://www.virustotal.com/gui/ip-address/38.180.94.120/relations # Reference: https://www.virustotal.com/gui/file/6d6dc50e8e73053763f9b85b7c1f1b532ec3023b5b89b3546f0330b4956e75a9/detection # Reference: https://www.virustotal.com/gui/file/d0ccad2452cc0124d95214f9a9c5e4df9d842f97c6389c6e01baa0916306ad87/detection 15731.org c-cdn77.com dugayqwh.c-cdn77.com huanetdw.c-cdn77.com pijaung.c-cdn77.com # Reference: https://twitter.com/liqingjia1989/status/1790677262146388398 # Reference: https://x.com/PrakkiSathwik/status/1823316607453577258 # Reference: https://www.virustotal.com/gui/file/cd2bd2e66a903c10e90023fc73c993a3bf8a009dd09b03930f3c40ee4e7c35fd/detection dezhongcn.org sdfsecs.org /akwj2iycjeh5347 /fsdhwerui4358vxfg13hgu/ /gtyggfj4ytqej35f/buldgy4ujedhk /qaloh42bsk093cag41vb/ /qaloh42bsk093cag41vb/stwv32jj197jl1hbfy /stwv32jj197jl1hbfy /tueyixahgdw3u265dfer/ /tueyixahgdw3u265dfer/akwj2iycjeh5347 # Reference: https://x.com/StrikeReadyLabs/status/1798687665987989691 # Reference: https://www.virustotal.com/gui/file/ff28cff64b2e37e852e778202b57400f508b94770980b2788914bd3bcbcda627/detection # Reference: https://www.virustotal.com/gui/file/29420ee792d63aa7d5658f971ba3c62d776615aa56b96b7f055dc7833eef1af0/detection # Reference: https://www.virustotal.com/gui/file/1a47c99d3167d26b1ac7c7bbf0ca05c5ba53ec50aad3278355a43a5091ac85e8/detection nihaoucloud.org guangzhou.nihaoucloud.org /gsdgsd89iop/sdfger23ty /gsdgsd89iop/ /sdfger23ty # Reference: https://x.com/suyog41/status/1810268207241982376 # Reference: https://www.virustotal.com/gui/ip-address/172.81.60.40/relations # Reference: https://www.virustotal.com/gui/file/f6d171e79e2fb38b3919011835c8117a1c56788bcf634e69ae67a5e255fb9d58/detection # Reference: https://www.virustotal.com/gui/file/14bbe421abe496531f4c63b16881eee23fb2c92b2938335dca1668206882201a/detection beijingtv.org cartmizer.info hometogeljaya.xyz icreativez.org /ogQas32xzsy6/fRgt9azswq1e /fRgt9azswq1e /lkqnzntawldqjlwdxivsnemw /ogQas32xzsy6 # Reference: https://x.com/StrikeReadyLabs/status/1811339489136066615 # Reference: https://www.virustotal.com/gui/file/0f0ed90e3a825e86ce4fe46c065f60f01f22fd878cb02e7ee5eb9d103a80b156/detection mato3.b-cdn.net matozip1.b-cdn.net # Reference: https://mp.weixin.qq.com/s/Bf4ZN7Hr124vi3H3k-v3Bg # Reference: https://www.virustotal.com/gui/file/da10810b38385f2c674c8f5aba08c04a0b30c7b3ac828c6a86da927839b80b48/detection longwang.b-cdn.net # Reference: https://x.com/naumovax/status/1813151432419254656 # Reference: https://www.ctfiot.com/193014.html # Reference: https://tria.ge/240715-lrfzyazfmm/behavioral2 # Reference: https://www.virustotal.com/gui/file/6afdf4a3088bff045e1998d2dc2863b90d06765abb2dc35c7b93c456b9818e55/detection shrilongu.info yw56.info centling.nihaoucloud.org hengtian.nihaoucloud.org weibo.nihaoucloud.org xinhuanet.nihaoucloud.org /akowutbuu753dtRWq21jk/odiworukdjo2375kjkl1lk87hl0 /akowutbuu753dtRWq21jk/ /koqiiwyekj5458bj32uoiWQ21/kjtw83nkQ /koqiiwyekj5458bj32uoiWQ21/ /kjtw83nkQ /odiworukdjo2375kjkl1lk87hl0 /ymybisvimqjoknhmgryit/getocmskdmsm/ /getocmskdmsm/ /ymybisvimqjoknhmgryit/ /gtw2jh43/css.txt /gtw2jh43/ # Reference: https://x.com/malwrhunterteam/status/1816424803022057883 # Reference: https://x.com/RexorVc0/status/1818517432467706147 # Reference: https://www.virustotal.com/gui/file/6795dac9944b17ba82d40cf18ad5c57b8c4363bc5634d525bdbff3dfa18762d8/detection ghshijie.com telsiairegion.xyz yuxuan.ghshijie.com /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php /1WrCVzW4kSDNbNTt/ /cqWf4vQlofzqFkc7.php # Reference: https://x.com/PrakkiSathwik/status/1822328733610430860 # Reference: https://www.virustotal.com/gui/file/c3805b8b37eb1ba34057cd6c882dc9bedcebc01ec90a6d4be8d0f6fc82859ecb/detection # Reference: https://www.virustotal.com/gui/file/1e977b2ea2421b9ee3878e21550533e765ea8bb54f11383893a9b3772bc76dc5/detection # Reference: https://www.virustotal.com/gui/file/0954c455576ff84efe67a3b2a2fd5de64aaa5540af648116e6b9d716be77240b/detection bhutanembassynepal.com apcas.bhutanembassynepal.com docdailyupdate.bhutanembassynepal.com energynews.bhutanembassynepal.com /aqoqi43bjdewsfgTg4/iq2387skl844xWq1 /bgTAqwhPaYvtrkwu5445jkj4n/koaquwd73hkd /latehtu454fh4/setwcx328nvy4.bin /aqoqi43bjdewsfgTg4/ /bgTAqwhPaYvtrkwu5445jkj4n/ /sqalopej47gkjuiczdWreq2/ /PswqaDyeh6Fs2g12-g34fyu/ /latehtu454fh4/ /iq2387skl844xWq1 /koaquwd73hkd /setwcx328nvy4.bin # Reference: https://x.com/RexorVc0/status/1833389801162023417 # Reference: https://x.com/JAMESWT_MHT/status/1842213101011108237 # Reference: https://www.ctfiot.com/204087.html # Reference: https://www.virustotal.com/gui/file/83e4962419f2d4e99c5aa02ed6a077c9fc19e15d6427c79c6cdef2df4530fb53/detection # Reference: https://www.virustotal.com/gui/file/2fc76a42fb7af2fbe480c0cf3d63e2eaf8d2b904a38b962261887f163ad6b4a2/detection 172.81.62.199:6606 172.81.62.199:7707 172.81.62.199:8808 194.156.99.229:443 74.119.193.8:1005 dasiqueiros.info mdridefys.info socialrg.info parkways.info rootranger.info anabel.rootranger.info biwef.rootranger.info hangei.rootranger.info hidescw.dasiqueiros.info kinomei.rootranger.info rebgyuxi.rootranger.info siang.rootranger.info viang.rootranger.info xiahong.rootranger.info xiam.dasiqueiros.info xiamo.dasiqueiros.info zhiming.ghshijie.com /bIHTfcVHegEoMrv/WCcod7JY3zwUpDH.php /eruksfjg/wruiowu /kjwgdjg/euitug /latexcb71ni/vtyu89ni.bin /latexcb71ni/ /qwytjhcey/aocmnvfnd /aocmnvfnd /euitug /wruiowu /eruksfjg/ /kjwgdjg/ /qwytjhcey/ /bIHTfcVHegEoMrv/ /vtyu89ni.bin /WCcod7JY3zwUpDH.php # Reference: https://x.com/ginkgo_g/status/1834859844261577158 # Reference: https://x.com/Timele9527/status/1834875792872161613 # Reference: https://www.virustotal.com/gui/ip-address/172.81.62.40/relations # Reference: https://www.virustotal.com/gui/file/ba262c587f1f5df7c2ab763434ef80785c5b51cac861774bf66d579368b56e31/detection # Reference: https://www.virustotal.com/gui/file/d7b278d20f47203da07c33f646844e74cb690ed802f2ba27a74e216368df7db9/detection iceandfire.xyz kartenkauf.info scapematic.info jihang.scapematic.info shianchi.scapematic.info /cDiCQddlQr /chBXgPelzd /peCDMAFXQN # Reference: https://x.com/StrikeReadyLabs/status/1836724951941882101 # Reference: https://www.virustotal.com/gui/file/1ee756cd6608235454f0877c51881803d52c0887479838925b3caf4a976a17f0/detection # Reference: https://www.virustotal.com/gui/file/fd96ac431474ce6ba502f89a1d4f3bdaa182428a22aab15dd05483dd0b46de2d/detection coldchikenshop29.info greenearthtreeh.info whitemissycorp.info # Reference: https://x.com/k3yp0d/status/1836877748708552958 # Reference: https://www.virustotal.com/gui/file/136221a89f1042aea42ef4ba78f0c4d7244e78607deb4cc619aa9d6f19f0fbca/detection http://121.199.0.104 http://39.100.91.201 # Reference: https://x.com/k3yp0d/status/1836875647865528508 # Reference: https://www.virustotal.com/gui/file/b5e6f8e2203f086d85e64b0687f0c000407a1fa0563eb4cb19c184ffb85d63fd/detection http://89.47.160.244 /HSfuywrhjerfsd.txt # Reference: https://www.virustotal.com/gui/file/14bbe421abe496531f4c63b16881eee23fb2c92b2938335dca1668206882201a/detection # Reference: https://www.virustotal.com/gui/file/f6d171e79e2fb38b3919011835c8117a1c56788bcf634e69ae67a5e255fb9d58/detection adaptation-funds.org # Referemce: https://blog.cloudflare.com/unraveling-sloppylemming-operations/ adobefileshare.com maldevfudding.com accounts.opensecurity-legacy.com api.opensecurity-legacy.com bin.opensecurity-legacy.com cloud.adobefileshare.com cloud.cflayerprotection.com data.cloudlflares.com frontend-m.opensecurity-legacy.com m.opensecurity-legacy.com monitor.opensecurity-legacy.com secure.cflayerprotection.com secure.cloudlflares.com sensors.opensecurity-legacy.com static.opensecurity-legacy.com # Reference: https://x.com/malwrhunterteam/status/1985321336240013357 # Reference: https://x.com/malwrhunterteam/status/1985321351784055132 # Reference: https://ti.qianxin.com/blog/articles/analysis-of-streamspy-a-new-trojan-using-websocket-by-patchwork-en/ # Reference: https://www.virustotal.com/gui/file/5193c3ade7f0cc89b8b3202391b1099c60688ac6f27ca3ae6773ddbe4b31aca1/detection firebasescloudemail.com cloud.firebasescloudemail.com vpn.firebasescloudemail.com # Reference: https://x.com/SquiblydooBlog/status/1842535888938729871 # Reference: https://www.virustotal.com/gui/file/e6071ae0da3289eb87edf67b2b198b0a3f0cf9da8eb35a8a2b5aa8989b6c0ef5/detection winfileshare.com # Reference: https://x.com/SquiblydooBlog/status/1842535888938729871 # Reference: https://www.virustotal.com/gui/file/bf9445ded122ee5853bb45d69b390ed5a0b36baa0c48adc7a8fa65e526116720/detection # Reference: https://www.virustotal.com/gui/file/1753abbd3a79ff9db264b3e05bbbd2fa6f0b983de1a66c341a8a4cc71b4d6429/detection nodejsupdates.com /ticket_line/afa.php /ticket_line/certificate.php /ticket_line/llb.php /ticket_line/lockdown.php # Reference: https://x.com/jaydinbas/status/1797968559668400536 # Reference: https://x.com/HaCkyWang/status/1824384420574634214 # Reference: https://mp.weixin.qq.com/s/M6xoCfqMCSDsv32S0vrGEw # Reference: https://www.virustotal.com/gui/file/e5b332d6f860d00d5d2d94cb6d9e07b0c9ba3f204bdcc77a7765272cf8d9feae/detection http://89.147.109.143 http://93.95.230.16 l0p1.shop firebaseupdater.com onlinecsstutorials.com # Reference: https://x.com/liqingjia1989/status/1843206630428823889 # Reference: https://www.virustotal.com/gui/file/97ba91d1208f7726a794a919fc8a5623d43d26f0b645f4d35ed1c2967421901d/detection cloudcdn-storage.org henghi.cloudcdn-storage.org tiangfu.cloudcdn-storage.org /azmil93p/bhnl41mp /qzxnmpl/zplqmw /azmil93p/ /bhnl41mp /qzxnmpl/ /zplqmw # Reference: https://x.com/k3yp0d/status/1845725805940179239 # Reference: https://x.com/k3yp0d/status/1845726834786197674 # Reference: https://www.virustotal.com/gui/ip-address/193.149.176.131/relations # Reference: https://www.virustotal.com/gui/file/516c1f3d7dceb9c257b30ac3c10e53a5798beb3cf6ddb2e7cdb11cce2960a1e4/detection # Reference: https://www.virustotal.com/gui/file/986c6ff539eeb1d1692ca5b9498422b546c3e1513dd6c9b5003cbdf3d1e967fb/detection # Reference: https://www.virustotal.com/gui/file/a2768e6bb920bc9224662c08c7da7d0c09fb2101662a8265a20a27b90140122d/detection pinshare.net shareboostfile.com springbring.info # Reference: https://x.com/blackorbird/status/1846741250076213514 # Reference: https://app.validin.com/detail?type=ip&find=79.132.130.231#tab=resolutions anglerrscovey.com nationalsecuritysolutions.com.co stjets.com microsftonline-sharpoint.nationalsecuritysolutions.com.co microsftonline-sharpoint.stjets.com # Reference: https://x.com/ThreatBookLabs/status/1846916072441778474 kirdycorp.com # Reference: https://x.com/ginkgo_g/status/1848197886988972154 # Reference: https://www.virustotal.com/gui/file/0a88cea0c0daf56cfed74b734177fceda7e107bf24f8ec45da47ebcd215454c0/detection dajeneats.xyz # Reference: https://x.com/k3yp0d/status/1848263969225458043 # Reference: https://www.virustotal.com/gui/ip-address/103.106.2.35/relations # Reference: https://www.virustotal.com/gui/ip-address/185.74.222.233/relations igcontest.xyz provoxil.live # Reference: https://x.com/mal_analysis136/status/1848407166186885486 # Reference: https://pastebin.com/qY9jicQh 103.106.2.35:443 146.70.79.15:443 172.67.180.160:443 185.74.222.165:443 185.74.222.169:443 185.74.222.233:443 185.74.222.34:443 194.156.98.121:443 194.156.98.141:443 194.156.98.21:443 194.156.98.51:443 194.156.99.203:443 194.156.99.239:443 38.180.95.185:443 43.241.73.185:443 45.125.64.219:443 45.125.67.102:443 45.125.67.215:443 47.92.162.135:443 74.119.193.154:443 74.119.193.246:443 74.119.193.254:443 74.119.193.29:443 91.245.255.122:443 arkiverat.info daricaspot.info eldpathy.hk flexmade.org guardianofgalaxy.live infinityink.xyz nicolehertz.info radixsand.org remitmetahk.org sfpay.online shenyeng.org sibedgee.org solidfiles.cloud wazsy.info zprodigital.org # Reference: https://x.com/k3yp0d/status/1848454682974265361 reconge.info shenzhan.org # Reference: https://x.com/blackorbird/status/1848658633179205742 # Reference: https://x.com/ginkgo_g/status/1864486667375239561 # Reference: https://www.virustotal.com/gui/ip-address/172.81.60.76/relations # Reference: https://www.virustotal.com/gui/file/c417fb3008a6180fc6099d5e4d3d8849b3b12477dfa7008af1fdd356f0840622/detection # Reference: https://www.virustotal.com/gui/file/a4fd69efc6fbd8b69e45924f4bbd577a6b7630e1ca2189ceee5da58f6fa09ac1/detection # Reference: https://www.virustotal.com/gui/file/5f0c2aa0f02167aa4f94c30fecce629c9de7095173e811181e0f388792f9764d/detection avangrid.info dagros.live jiansmst.info zanderz.me zscaller.live /YcKOjLMxiwCZfSS//comrCVPEffFiPvF.php /YcKOjLMxiwCZfSS/comrCVPEffFiPvF.php /YcKOjLMxiwCZfSS/ /comrCVPEffFiPvF.php # Reference: https://x.com/blackorbird/status/1851211200635543912 alieanmote.live aquilei.live bovnle.info masatex.info novasphere.live ragonrise.info renovaragora.info sanping.info # Reference: https://x.com/blackorbird/status/1853800938739241342 # Reference: https://threatbook.io/domain/gyyun.xyz gyyun.xyz a.gyyun.xyz # Reference: https://x.com/blackorbird/status/1857061171456782341 aurorafoss.xyz # Reference: https://x.com/wa1Ile/status/1859510826627105274 # Reference: https://x.com/blackorbird/status/1859598390193160630 # Reference: https://x.com/wa1Ile/status/1859961890593735100 # Reference: https://app.validin.com/detail?find=MIT%20Technology%20Review&type=raw&ref_id=824eb1886b9#tab=host_pairs # Reference: https://www.virustotal.com/gui/file/12cf713242ae7eb11eceddbcc535f562f16e5be645f07a87e805e7f4f81b362a/detection # Reference: https://www.virustotal.com/gui/file/7250c63c0035065eeae6757854fa2ac3357bab9672c93b77672abf7b6f45920a/detection # Reference: https://www.virustotal.com/gui/file/30024cadaf9aead441d926132c2a83aa478aa153e02a5b248b4c0dec33fcab94/detection # Reference: https://www.virustotal.com/gui/file/36c3aa180b8466d94b34397d786c913cc83bb33dbb1d6cc3bda0c83bd2392122/detection # Reference: https://www.virustotal.com/gui/file/74ce1c5bfdfd095a974b5457aa13cb2912fd2f3fe00558793bdb02907dbfd3ce/detection mingyn.org stealthcomm.org toproid.xyz weixein.info zdnets.top atus.toproid.xyz plete.toproid.xyz tected.toproid.xyz zon.toproid.xyz /aewbf_jsd_td/ /aewbf_jsd_td/ktrgdysvt /jyuecvdgt /klhju_rdf_gd/ /klhju_rdf_gd/ktdfersfr /ktdfersfr /ktrgdysvt /pfetc_ksr_lo/ /pfetc_ksr_lo/jyuecvdgt # Reference: https://x.com/suyog41/status/1864271210739323023 # Reference: https://www.virustotal.com/gui/ip-address/185.74.222.242/relations # Reference: https://www.virustotal.com/gui/file/d60e979ee44c9dc16e36657ec3a41016627cc685965befed018058986dd5d45e/detection # Reference: https://www.virustotal.com/gui/file/9057de3409fcceaa7fd91ce3e0a692181e2dac028cc70f9fc370576925c7698d/detection vormliebe.club vorm.vormliebe.club /djk_mdf81JH_jdJK_j999hf_kf/fdjhfd_dj81_kmdjk99999jfJHG_skl /djk_mdf81JH_jdJK_j999hf_kf/ /fdjhfd_dj81_kmdjk99999jfJHG_skl /mfjHJJK_jkfdjkfd999JKLLH_81_kfj_fdk/fdkfd_kdfjh81_djhndjJSjfjHdd_djfdj9999_djdJdk_jkf /mfjHJJK_jkfdjkfd999JKLLH_81_kfj_fdk/ /fdkfd_kdfjh81_djhndjJSjfjHdd_djfdj9999_djdJdk_jkf /SeEcdjJsdkKGFH_djm9_jfk_81_jkKSfj/JShJS_9jsGR_81FKSiaISH_jfhJS999hfISK /SeEcdjJsdkKGFH_djm9_jfk_81_jkKSfj/ /JShJS_9jsGR_81FKSiaISH_jfhJS999hfISK # Reference: https://x.com/SecAI_AI/status/1866441205715755518 wanghk.org # Reference: https://x.com/blackorbird/status/1867205766307807405 # Reference: https://app.validin.com/detail?find=Flysas.com%20-%20Scandinavian%20Airlines%20Official%20Website%20%7C%20SAS&type=raw&ref_id=d6843ce3510#tab=host_pairs (# 2024-12-14) instantindustri.live sheicen.info youdoa.info # Reference: https://x.com/blackorbird/status/1869019971424313688 aquileia.live dartshoppe.info queretero.xyz # Reference: https://x.com/blackorbird/status/1869740211481227541 # Reference: https://x.com/ThreatBookLabs/status/1869754057893855561 # Reference: https://x.com/StrikeReadyLabs/status/1869720899345318182 # Reference: https://www.virustotal.com/gui/file/784558045434404fff48c4599cbac24b079b45dcfdf94ceac488a33ce312f98d/detection insightglobel.info skyconect.org tribunepk.org biaonton.insightglobel.info domran.insightglobel.info documentsrequire.insightglobel.info docs.tribunepk.org # Reference: https://x.com/Cyberteam008/status/1871394361935819179 # Reference: https://pastebin.com/QfYTkXWY bilibil.info bolizhi.info cialiseight.info clomidtab.info douhin.org elsiver.info huashan.info overtures.info retinoa.info sjtu-edu-cn.org welsends.live youdianx.info # Reference: https://x.com/ThreatBookLabs/status/1876637665875132770 amelaits.info evolutiondebt.info # Reference: https://x.com/ginkgo_g/status/1877602843106095567 # Reference: https://www.virustotal.com/gui/file/6faccd85e9c1cbeb7d12131fd55b551e4e1d86accbe53751214600664efdd106/detection # Reference: https://www.virustotal.com/gui/file/49e2ca78803e0a903bf898a8c8332b3e0bb4661f74057b4553e19fe76ac443fe/detection fyicompsol.xyz metformina.live ados.fyicompsol.xyz auth.fyicompsol.xyz kens.fyicompsol.xyz kila.fyicompsol.xyz omai.fyicompsol.xyz rkde.fyicompsol.xyz wg.fyicompsol.xyz /aloetdg_74dfs/asgdneu9_lfd2 /bFIbN_sj9/ksJ9_Ks9J.bin /jsgdevdw_3ed/hdbdewsq1_sc3 /kfdgbcws_rf4/dcsxwer32khd_esf /lkasedb_4edsw/hsvdcxsew-3dsw /aloetdg_74dfs/ /bFIbN_sj9/ /jsgdevdw_3ed/ /kfdgbcws_rf4/ /lkasedb_4edsw/ /asgdneu9_lfd2 /dcsxwer32khd_esf /hdbdewsq1_sc3 /hsvdcxsew-3dsw /ksJ9_Ks9J.bin # Reference: https://x.com/blackorbird/status/1879155994036785155 emodigital.info tingding.info # Reference: https://x.com/blackorbird/status/1879894088562213070 # Reference: https://app.validin.com/detail?find=45.125.67.78&type=ip4&ref_id=0e5127cb794#tab=resolutions haolaoshi.info # Reference: https://x.com/suyog41/status/1881662594119024808 # Reference: https://app.validin.com/detail?find=%E5%85%89%E6%98%8E%E7%BD%91_%E6%96%B0%E9%97%BB%E8%A7%86%E9%87%8E%E3%80%81%E6%96%87%E5%8C%96%E8%A7%86%E8%A7%92%E3%80%81%E6%80%9D%E6%83%B3%E6%B7%B1%E5%BA%A6%E3%80%81%E7%90%86%E8%AE%BA%E9%AB%98%E5%BA%A6&type=raw#tab=host_pairs (# 2025-03-17) # Reference: https://www.virustotal.com/gui/file/9f27d7b82a70ba3d8ff1ad9f26acf8245a45cf80fbe0c3cf9f026814167e8dc6/detection hongbaow.info neectar.info sphereinc.info liuyi.neectar.info tian.neectar.info /hsdverd_3ed5d/mdswsourt_4rfs /lksderdd_4dferd/jhdfer3s_jh3de /hsdverd_3ed5d/ /lksderdd_4dferd/ /jhdfer3s_jh3de /mdswsourt_4rfs # Reference: https://www.virustotal.com/gui/file/657357e43cdc0f83cf73658cfef160b020f72c08f41ce11d4f6b2da481f8c5e2/detection # Reference: https://www.virustotal.com/gui/file/b976462859c61ae29f6509f980641f59f27e968072edc78fa4bf0f74caff634d/detection pxcauto.info # Reference: https://x.com/skocherhan/status/1885165347826758052/history # Reference: https://app.validin.com/detail?find=193.239.86.136&type=ip4&ref_id=0cce4f3356d#tab=resolutions bolizy.info ritamorenodoc.com sapdf.org hk-ping.virtono.com # Reference: https://x.com/RedDrip7/status/1897535706416996662 # Reference: https://www.virustotal.com/gui/file/34e260c301ee81b228d35ac721b06a3aa41fb5b07835078b5b4e2941fef8aa85/detection myprivatedrives.com /ticket_line/certificate.php /ticket_line/openai.php # Reference: https://x.com/suyog41/status/1908125176442622354 # Reference: https://www.virustotal.com/gui/file/8c233e13a0bc27bce7555b9a89f63c0eadaa5c618fe7301eebd7a32e2bd79bcf/detection apps-house.com playst0re.com # Reference: https://app.validin.com/detail?find=146.70.161.26&type=ip4&ref_id=7975039e594#tab=resolutions (# 2025-04-04) bluefileshare.com muqaddasquran.com # Reference: https://x.com/ginkgo_g/status/1915332815308403152 # Reference: https://www.virustotal.com/gui/file/4a626d128f00ed616e9eb3ba098920fd1d830c92cb8bdc8944e8bd9521a165ef/detection breatlee.org bonfo.breatlee.org feng.breatlee.org fimong.breatlee.org giamon.breatlee.org gioamo.breatlee.org gomong.breatlee.org hiaki.breatlee.org hibnao.breatlee.org jiamjo.breatlee.org jiamo.breatlee.org jiamon.breatlee.org jianom.breatlee.org kiamo.breatlee.org kiamon.breatlee.org kiamoz.breatlee.org kimaho.breatlee.org kmong.breatlee.org komonnv.breatlee.org loma.breatlee.org lomong.breatlee.org mianyo.breatlee.org mingo.breatlee.org mingom.breatlee.org minsaz.breatlee.org miqasn.breatlee.org mkiang.breatlee.org nimon.breatlee.org nomon.breatlee.org olama.breatlee.org viamo.breatlee.org xiamo.breatlee.org xuang.breatlee.org # Reference: https://app.validin.com/detail?find=051ff0b41b082ef28e65c17d5787cb30&type=hash&ref_id=f17897a12eb#tab=host_pairs (# 2025-05-09) # Reference: https://www.virustotal.com/gui/file/a264edcd1845fde6af17ea935a4f7da82a96d4f93b0d7f563907255aa3e05918/detection mrnextnewfeso.co # Reference: https://x.com/volrant136/status/1921476422452789578 fredcounting.org geochebrew.org zithropak.org # Reference: https://x.com/blackorbird/status/1926844187430789520 # Reference: https://mp.weixin.qq.com/s/pJTPeK1Cam5n4RUElWzb2Q # Reference: https://www.virustotal.com/gui/ip-address/45.77.43.128/relations viperdenx.info # Reference: https://x.com/ginkgo_g/status/1926915716793413749 # Reference: https://app.validin.com/detail?find=29b09458486f130ead14f1143f4a2b72&type=hash&ref_id=05ab0d824fc#tab=host_pairs (# 2025-05-26) # Reference: https://www.virustotal.com/gui/file/8f845267623cb3b8dbc99fcb374afcd695778addcc57c098714610c8f854e58a/detection foundersthub.org musickeepers.org # Reference: https://x.com/malwrhunterteam/status/1928036337292132790 # Reference: https://www.virustotal.com/gui/ip-address/185.225.17.36/relations # Reference: https://app.validin.com/detail?find=b0a0f886d1efaa5802076ac21043632186b5a781&type=hash&ref_id=15af9f26bc4#tab=host_pairs (# 2025-05-29) # Reference: https://www.virustotal.com/gui/file/2b24fe48628fe0405db4fa3534d31c305947a7eed8ff5e42724ab4d8117fb8ab/detection # Reference: https://www.virustotal.com/gui/file/abefd29c85d69f35f3cf8f5e6a2be76834416cc43d87d1f6643470b359ed4b1b/detection applepicker.info asftbngh.top blackmoo.info bloomwpp.info blueberrytree.info bluriq.info boxmaildrive.info brightpathos.eu buzzstack.org cmitx.site co2divo.info compaaat.store crownmedicals.com dearbear.info elephantglass.info evendarkness.info fideline.info flyinfishwater.info flyingcow.info flytree.info fusionnook.info goooglecloud.site govpak.cloud govpak.info greenhippo.info greenpop.info hreatlittleheaven.info ksecure.bio louqhwood.net mailexcite.store martkartout.info messagenote.ink messagenote.org nexnxky.info pineappleworld.info pinkoceanbees.info plumpinr.info popcornstudy.info purpleyh.info redcardboard.info setappleclin.info smoolideronline.info sohbettr.info soptr.info sunmelonontheway.info vibrantforest.info wdanasiali.store mail.asftbngh.top mail.messagenote.org ns1.buzzstack.org ns1.wdanasiali.store ns2.wdanasiali.store ns2.buzzstack.org /Cljfdghdjhndklh_ommjhfdgj/cfnbgjfghom_mun_jkghdfjkghdjklgfk_ication.php /reckjfhgjkRETldfhger/ljhgs563ERWHY3fkdhynkykntn_auto.php /reckjfhgjkRETldfhger/rkgjdfDRRdfYklhjdlghecived.php /cfnbgjfghom_mun_jkghdfjkghdjklgfk_ication.php /ljhgs563ERWHY3fkdhynkykntn_auto.php /rkgjdfDRRdfYklhjdlghecived.php /Cljfdghdjhndklh_ommjhfdgj/ /reckjfhgjkRETldfhger/ /modjghdjkhnlkdnhkdhn/ # Reference: https://x.com/ginkgo_g/status/1933447492668174785 # Reference: https://www.virustotal.com/gui/file/bca3cd5be5def46264b2a2e2170954b5829659f7527be1549d55821e290facf5/detection # Reference: https://www.virustotal.com/gui/file/cf89a287a5c2397d52fe3c3e8dded1a7bd2804be38ecdaa5d87cea9530ed8264/detection bizzshared.com /gandalf/cane.php # Reference: https://x.com/ginkgo_g/status/1943201717580972343 # Reference: https://www.virustotal.com/gui/file/4466995be863ec4405fc053296cfe74d0098f94e61aa89c95fa2cc80c8ad6cb9/detection # Reference: https://www.virustotal.com/gui/file/755f6c8ed6aacfd51915b0732815bce26db82484a205ef333a7ee96760e44c32/detection arpawebdom.org jlu-edu.org # Reference: https://x.com/suyog41/status/1943231579699970405 # Reference: https://www.virustotal.com/gui/file/341f27419becc456b52d6fbe2d223e8598065ac596fa8dec23cc722726a28f62/detection expouav.org # Reference: https://x.com/blackorbird/status/1943536808438173973 # Reference: https://mp.weixin.qq.com/s/xn313WWNi7rln-WfwFgE5w aonepiece.org # Reference: https://x.com/volrant136/status/1943953485982314988 dawnnewstv.news # Reference: https://x.com/teamcymru_S2/status/1948448626323099733 cypowertech.org techzcore.org # Reference: https://x.com/volrant136/status/1948762052010365403 # Reference: https://www.virustotal.com/gui/file/36830efbbf2999d50758b55b2a3140af749ab08a8ede1ac9e75801eeedc7ea08/detection globalsoler.org # Reference: https://x.com/volrant136/status/1948796460675297464 # Reference: https://www.virustotal.com/gui/file/e7472e7c75533cb6f548742d9e945b36a11e985788304b8f10572d1d08f28185/detection zebydigital.org # Reference: https://arcticwolf.com/resources/blog/dropping-elephant-apt-group-targets-turkish-defense-industry/ # Reference: https://www.virustotal.com/gui/file/a328280618fc09c9f3dd50e5aa4d85fa5063a6073306069a451bc9da816365e6/detection # Reference: https://www.virustotal.com/gui/file/969fb3e705ba8afe757ba7617e75d1096d4793d14796e2734613cfcc50675652/detection # Reference: https://www.virustotal.com/gui/file/8b6acc087e403b913254dd7d99f09136dc54fa45cf3029a8566151120d34d1c2/detection roseserve.org # Reference: https://x.com/WhichbufferArda/status/1933300356370325981 # Reference: https://x.com/volrant136/status/1933769135931981969 # Reference: https://arcticwolf.com/resources/blog/dropping-elephant-apt-group-targets-turkish-defense-industry/ # Reference: https://www.virustotal.com/gui/file/a3ba53a0d59bda812b01a1864358f0561ed844c5b58c0132d5a2582aee8d221b/detection # Reference: https://www.virustotal.com/gui/file/21270aab75e9e552db617885bcb10621d0de92a293ab5579df31309945a61eab/detection caapakistaan.com datamero.org d11d6t6zp1jvtm.cloudfront.net # Reference: https://x.com/ginkgo_g/status/1951229859616661766 # Reference: https://www.virustotal.com/gui/file/d1a9ad4186abdb66340dcad87833d30ea8ecc977f530163ad10e053e9e37cf5a/detection # Reference: https://www.virustotal.com/gui/file/998c270a5fea8645a7b9c6e45d310f23eb757a23ea0408d05bf42fd211da5557/detection cas-cn.org # Reference: https://x.com/ginkgo_g/status/1954803958637056198 xydzaim.org # Reference: https://x.com/RedDrip7/status/1963425314815840568 # Reference: https://www.virustotal.com/gui/file/2410f2fe2067aba972d9f255530499fbce40664308cf55c220f382256ab09b54/detection baidunetdisk.info sinopakgateway.info /MRTP28ZW7DH.tut /NR44PZXRWND8A.tut # Reference: https://x.com/ThreatBookLabs/status/1963799261180830133 # Reference: https://www.virustotal.com/gui/ip-address/5.252.177.34/relations # BODY_SHA1-HOST=301bfc79cdbc67aa7ae2a9f6ae31a8c8a394dac6 # CERT_FINGERPRINT_SHA256-HOST=157e79283f5c5326dc6d671d537db91f59e612937d4998626e82d0a1801c61ea nlc-pk.org nrtc-com-pk.org pnra-pk.org ptv-news.org socialback.org stm-tr.org doc.nrtc-com-pk.org documents.nrtc-com-pk.org propriated.co.in # Reference: https://app.validin.com/detail?find=301bfc79cdbc67aa7ae2a9f6ae31a8c8a394dac6&type=hash&ref_id=f339ccf85bf#tab=host_pairs (# 2025-09-05) delpenzy.org jlu-edu-cn.org tsinghua-edu.org # Reference: https://x.com/RedDrip7/status/1966329373927288941 # Reference: https://app.validin.com/detail?find=7d70e351fecf88c99b1db4c14b2b393e&type=hash&ref_id=92fece9cefb#tab=host_pairs (# 2025-09-12) # Reference: https://www.virustotal.com/gui/file/b7c1a2f05b74613f8ff47d40c0a8562121bfb97482421c4475355b9ccd53c866/detection # Reference: https://www.virustotal.com/gui/file/d20d4e90de355c90f4d9a0b7b80cf1aa32fe8b9b7aba5db730cfdde16df43021/detection # Reference: https://www.virustotal.com/gui/file/2f329a1171d2c6b1471604bf76157b6487c3e59d21bf4a0856e29dc4ba8753cb/detection # CLASS_1_HASH-HOST=3c6d096f3309de27c7ef2ad0f3dbb749 # HEADER_HASH-HOST=e4e0a0c81e9231d671c3 anchorsoft.org civihr.org codendigital.org driftlance.org empirecu.org inboundhealthcare.us laddervector.org lamusicawards.org learnroots.org nr3cgovpk.org plasnes.org st-wcde.org stubblers.org ternuimert.org thelifeafter.org verbaleryer.org vespalabs.org whywouldwe.org abcvip.us.org api.inboundhealthcare.us dev.lamusicawards.org stmu-edu-pk-localhost.pages.dev # Reference: https://x.com/__0XYC__/status/1970083613636251836 # Reference: https://www.virustotal.com/gui/file/29b0fcf9aa01e87255bf9941e01c22b3cb103607bfccbdc52d933df48dc98639/detection cloudexchangeshare.center # Reference: https://x.com/volrant136/status/1973762443009794065 # Reference: https://www.fortinet.com/blog/threat-research/confucius-espionage-from-stealer-to-backdoor # BANNER_0_HASH-HOST=2d8e60ff8c0529182772d2e51cb738cd # BANNER_0_HASH-HOST=2ef615a690c27dc9bb0a63c24c885ab9 # BANNER_0_HASH-HOST=379e17ffbbdcb62714366cfadb3ff7d8 # BANNER_0_HASH-HOST=459b2cdb1d4f71de7f87fa387d17a5ce # BANNER_0_HASH-HOST=00842f351f17093154183ac20158003f # BANNER_0_HASH-HOST=26d70c1f84b7de0a95a4302004b176a2 # BANNER_0_HASH-HOST=42dc94be6acb8d310d5570da53880f6d cornfieldblue.info dropmicis.info food-madeness.info greenxeonsr.info govpak.digital hauntedfishtree.info indomax138slot.org marshmellowflowerscar.info nayatelmediashare.info petricgreen.info redbanana36.info /Jsdfwejhrg.rko # Reference: https://x.com/RedDrip7/status/1977641871532077238 # Reference: https://www.virustotal.com/gui/file/01b7a6cccfa1d596e75e997fe2bd2063af3c264f169df60a0c8723818f22b39f/detection # Reference: https://www.virustotal.com/gui/file/582f4c583086a67f8942777b7a65a054b020a6732abd954a92ff525d9d0a3dba/detection adskochbus.org theserveunity.org # Reference: https://x.com/suyog41/status/1978396001778999417 # Reference: https://www.virustotal.com/gui/file/9f5b34ee5a5cd2eebc8923a961de8bc7b67c3048f7b6ebc1287fa8be613b9d83/detection snugluxe.org # Reference: https://x.com/malwrhunterteam/status/1988590544231293337 # Reference: https://www.virustotal.com/gui/file/8bbc0b45edb265a0ba51d6b017e0bc3b883382e29e70db5a52b11d1ccfeb1458/detection adobeonline.org tubitak-gov-tr.adobeonline.org /mail-b1619add/flk?yui= # Reference: https://x.com/RedDrip7/status/1988809385234297203 # Reference: https://x.com/RexorVc0/status/1995393637409321214 # Reference: https://mp.weixin.qq.com/s?__biz=MzUyMjk4NzExMA==&mid=2247507603&idx=1&sn=af41be456f6393a24771846328e8d7f2&chksm=f9c1ed9aceb6648ce3bc17578a9255fc21c310815312dc066e133762b9b088b365eaa831b734&scene=178&cur_album_id=1955835290309230595&search_click_id # Reference: https://www.virustotal.com/gui/file/dbe909b6c6c03b4000d96de1f4b1bdd10eef8ef34876a648a00cd5ee7117bd31/detection # Reference: https://www.virustotal.com/gui/file/3a4f47c60edf1e00adb3ca60a7643062657fe2c6dd85ace9dfd8fdec47078d4e/detection mydropboxbackup.com /ZxStpliGBsfdutMawer/lkhgBrPUyXbgIlErAStyilzsh/ /ZxStpliGBsfdutMawer/ /lkhgBrPUyXbgIlErAStyilzsh/ # Reference: https://x.com/__0XYC__/status/1991382897543245882 # Reference: https://x.com/volrant136/status/1991427420831010894 # Reference: https://www.virustotal.com/gui/file/6d31baf9a4c5e973c500b4fd9824c0a9e64ac65749aa33ce485eeed60a1d9289/detection # BODY_SHA1-HOST=86f9c96ce7d7c4dfd02de39cf7c3f413d8270b42 fileonlinetransfer.center # Reference: https://x.com/RedDrip7/status/1995419506399924723 # Reference: https://www.virustotal.com/gui/file/8ffdc7d783f87eab110921b33c74867a5eed7566d67d943f8d7deb5659d60c27/detection # Reference: https://www.virustotal.com/gui/file/a943b5b03b31604830766f41187f65dff2f18d9f7dcdb4241b375a5d95aaa043/detection # Reference: https://www.virustotal.com/gui/file/6c4c388acbd9790526cc7e8c567e430540436da94c6febe0766a1bdc39016da7/detection azureinternalupdates.com virtualworldsapinner.com # Reference: https://x.com/malwrhunterteam/status/1995494898431045933 # Reference: https://www.virustotal.com/gui/file/54fb4b99a4a45338809ee58a3ee43bf0bd9cb97b356c466cd19a87497f216985/detection # BANNER_0_HASH-HOST=e826fbb1ce8f6053c79401b07b0ccf50 # BANNER_0_HASH-HOST=b168d4758e7ad769be4bda93748c81a3 asustufupdates.com cloudcouponcodes.com cloud.asustufupdates.com /cache_tls/certificate.php /cache_tls/openai.php # Reference: https://x.com/wa1Ile/status/1995787286253035918 # Reference: https://www.virustotal.com/gui/file/79192cba1c7037e1fe15dbf50bb2b3a96e53a85fbcbd2ce229af0efacdcb73c7/detection # BANNER_0_HASH-HOST=2bc2ae6dda9e30d32312dfa42f662bef cabinetdivisionpakgov.org lifengine.org redwebsoft.org xydizainten.org # Reference: https://x.com/malwrhunterteam/status/1999049247728291932 # Reference: https://www.virustotal.com/gui/file/5dc5de87fb868fb06e107a7695d7f002dfd31c51b9ef7e237c35973ce4716608/detection # BODY_SHA1-HOST=3750c93c35ac4d698f307b7fba0845d7f6c46529 fgeha-gov-pk.pages.dev paapakistan-com-pk.pages.dev paacdn-deliver.pages.dev /hnseb3229nbhs.html # Reference: https://x.com/__0XYC__/status/2005891200453136414 myworkdrivemanager.org # Reference: https://x.com/RedDrip7/status/2017053456037806359 # Reference: https://www.virustotal.com/gui/file/660ad610b7ab9d090274cea9cc5f149c665d7343dad8c133ae559b2321a14244/detection # Reference: https://www.virustotal.com/gui/file/1d534cc1f1bf100c5e55161302921335a0390ddb1614d17934d65a9d4741ce5c/detection # Reference: https://www.virustotal.com/gui/file/1cad2c004c9cabaaaf52bfa7ca76bb9d708e79d5ae1109be0bef7b36b9e002c1/detection peeca.site webmajic.org # Reference: https://x.com/suyog41/status/2021136856356987347 # Reference: https://www.virustotal.com/gui/file/24e16b13be82a21d4ebd38715deccaf55d34023507918825f40e1071c8da92a5/detection cppa-pk.org # Generic /4sVKAOvu3D/ /e3e7e71a0b28b5e96cc492e636722f73/ /ABDYot0NxyG.php /BDYot0NxyG.php /UYEfgEpXAOE.php