# Copyright (c) 2014-2026 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Aliases: darkcrystalrat, LightStone # Reference: https://www.mandiant.com/resources/blog/analyzing-dark-crystal-rat-backdoor # Reference: https://twitter.com/James_inthe_box/status/1178275531692756992 # Reference: https://app.any.run/tasks/01a715ca-6a34-4350-b3ba-d1daae1e3d16/ domalo.online /ksezblxlvou3kcmbq8l7hf3f4cy5xgeo4udla91dueu3qa54/46kqbjvyklunp1z56txzkhen7gjci3cyx8ggkptx25i74mo6myqpx9klvv3/akcii239myzon0xwjlxqnn3b34w /ksezblxlvou3kcmbq8l7hf3f4cy5xgeo4udla91dueu3qa54/46kqbjvyklunp1z56txzkhen7gjci3cyx8ggkptx25i74mo6myqpx9klvv3/ /ksezblxlvou3kcmbq8l7hf3f4cy5xgeo4udla91dueu3qa54 /46kqbjvyklunp1z56txzkhen7gjci3cyx8ggkptx25i74mo6myqpx9klvv3 /akcii239myzon0xwjlxqnn3b34w # Reference: https://twitter.com/wwp96/status/1331059269089816581 # Reference: https://app.any.run/tasks/442534bd-e3db-4ba0-97c2-152d3a16c137/ http://91.240.84.166 # Reference: https://tccontre.blogspot.com/2019/10/dcrat-malware-evades-sandbox-that-use.html # Reference: https://www.virustotal.com/gui/file/8d41d5131fac719cc11823fb57bef9ef1ea063dbb8f52b235a3948bece039d95/detection 80.87.202.63:25998 178.21.11.90:25998 hfjdhfgrhfnghvng.ru # Reference: https://twitter.com/JAMESWT_MHT/status/1214876191699681280 # Reference: https://app.any.run/tasks/0a749c4f-0aad-40ab-9bbe-2a703f180eef/ bores.xyz # Reference: https://app.any.run/tasks/e053d130-71e5-4a7d-936b-ac5b9d2b0129/ oxijoinedsite.site # Reference: https://app.any.run/tasks/afef48e7-1724-4e27-95c6-580bf1a4c9a4/ city-pub-crawl.su # Reference: https://app.any.run/tasks/eb847bb3-9a46-4401-992c-85e6f0b0e70f/ changer-esp.ml # Reference: https://app.any.run/tasks/337e173e-b66c-4a94-96cd-5416c9322e28/ qiwi-api.site # Reference: https://app.any.run/tasks/0017619a-c449-4827-9595-a781e34a295d/ kkkwdfea.tk # Reference: https://app.any.run/tasks/7c5d1379-6d4a-495b-8dc1-3fc0b057fa65/ nistrype.fun # Reference: https://app.any.run/tasks/41df6b91-87a2-4e07-8b4b-3b0afafff205/ never-project.hhos.ru # Reference: https://app.any.run/tasks/6661b475-c9d1-42b4-bb6a-f864aa086973/ a0365369.xsph.ru # Reference: https://app.any.run/tasks/346f1108-88cc-4374-bcf4-e613759e111e/ flextem.000webhostapp.com # Reference: https://app.any.run/tasks/dea60c48-0c60-4338-ba69-9b858760ad68/ beepn.pw # Reference: https://app.any.run/tasks/23a59334-0db7-40fa-922a-81eab53a20d9/ f0313002.xsph.ru # Reference: https://app.any.run/tasks/53d78c4b-a003-4af6-9bf0-e3e1155b8ee0/ a0388296.xsph.ru # Reference: https://app.any.run/tasks/58136f06-a6ed-403e-b16f-9076f37f9ec3/ a0387063.xsph.ru myhostforlic.ucoz.ru # Reference: https://app.any.run/tasks/dc26d9b1-dd74-4cc4-8d0e-ef4f3e0e9adf/ vkgroup.tk # Reference: https://app.any.run/tasks/c97cf5dd-781d-4eb9-8d95-a8829393f80d/ a0315266.xsph.ru # Reference: https://app.any.run/tasks/f09df457-25de-454e-b10a-5073b48989a3/ sdfsdgafghaetg.tk # Reference: https://twitter.com/jorgemieres/status/1255866190771167236 # Reference: https://www.virustotal.com/gui/domain/logins.kl.com.ua/relations # Reference: https://app.any.run/tasks/8696e015-2f09-4d96-b6eb-ef6df4dabfee/ logins.kl.com.ua # Reference: https://app.any.run/tasks/ee26c21e-b96c-4533-993f-9d91ffb2a514/ cv36917.tmweb.ru # Reference: https://www.fireeye.com/blog/threat-research/2020/05/analyzing-dark-crystal-rat-backdoor.html # Reference:https://www.virustotal.com/gui/file/98d0e41701388f1fe202fbabac1fa628a110e8db27737009014774a9e761463c/detection dcrat.ru cdn.dcrat.ru # Reference: https://app.any.run/tasks/cb6c1c2e-40e3-424c-9e4e-85125736d328/ ajci.tk # Reference: https://app.any.run/tasks/f98f9ffa-6ece-4185-a3eb-0d33d5ed0449/ a0457406.xsph.ru # Reference: https://app.any.run/tasks/2272828d-9756-44f6-afa1-c87913bcddd5/ http://212.109.221.247 # Reference: https://www.virustotal.com/gui/file/c1e705ce5ea1f84af3557d0bd10eefbbdd81fa4ddf6b4c0a51de1a34ab59e327/detection a0461492.xsph.ru # Reference: https://www.virustotal.com/gui/file/1fe6f6deb80bff8019cf443e4c0be1fe9c9cf585404428cbe145b673441b9598/detection tereshyd.beget.tech # Reference: https://www.virustotal.com/gui/file/220713be75f67da3ee73406c8a4c2f53b3a92126d5ef73b3dd193017f3826e94/detection web75.craft-host.ru # Reference: https://www.virustotal.com/gui/file/73dc0dcdf3a15bfefb1c438fff7ee729f4e35d7ecfab2b76558eabfd7944fc6f/detection srv166785.hoster-test.ru # Reference: https://www.virustotal.com/gui/file/203cf853c60be3985c25ce7798e155210a2b128185e5715322eb43171b25c4fa/detection srv164667.hoster-test.ru # Reference: https://app.any.run/tasks/535fce56-9ae0-4d8c-a033-ef78e03d2ef9/ ct10840.tmweb.ru # Reference: https://app.any.run/tasks/289ab4e6-5a3e-46c6-8d29-49098990a9b7/ /eej32n40olfi20gqv0apdzk5x3wecwc2576rorvdmpsyt61rxmmgr6qp/ # Reference: https://app.any.run/tasks/c40ac2ec-986f-4b17-a83f-684149c31038/ /2jvhfu93ja1n5ef28yjwh8197xp0tbm6zegu2en75wti6hta/ # Reference: https://app.any.run/tasks/5f9bd8e6-6910-4216-95ba-7ad1af291b74/ /pgofzftnelhu53gj7qbwil2vo/ laserink.beget.tech # Reference: https://twitter.com/wwp96/status/1335668703967539202 # Reference: https://app.any.run/tasks/d5eb72ee-af60-45c0-9ec2-17f0c34adc01/ http://185.189.12.125 /m1tjns1b229pczehyub8swfc3kzugkrrqbt6yx3c4xa8snig212irqznd90h9d6w6vjvu1m0yal4/ /wpz36jbvcq4syjrqjprito1r8ck12ui20ib5a40k8fmy7p49xk5yqxgnz/ /2e70bbdf534a47f9cc68a16122290cad65b3ed05.php # Reference: https://twitter.com/wwp96/status/1335690053482405889 # Reference: https://app.any.run/tasks/8cb6c05f-a11e-40b4-9e7a-2ac14f04cd22/ http://212.109.216.114 /wmu7nzj48bdc5sfsivxxqwbhwvytre7ez/ /ramh92gnmgzspukfiow6z3w4k0syktrjibaovdmcgqze53rv3d1h85hs16t5jnjdcbefq1qi76n4poo8cf/ /dcbb3f0abca3117648fdcab13b68e1162ddbc275.php # Reference: https://app.any.run/tasks/a6cff01f-a7aa-4180-b155-54ed2bd998be/ http://62.109.27.122 /ecxhnnthpytusqif0j9x7534rmz/ /nbszeoiml6wssgfpdtjbla9r8q59xcgphsft1cks7ru041oe9u5vijm0zclyz64eh2rdj7/ /1272d9d3e244604153265cb97db3c19ba1f2d7f5.php # Reference: https://app.any.run/tasks/c19f8094-f2ff-4e49-98e3-ef1430e152e9/ http://82.146.57.28 /1841jr7loo9itlriycjs137kkurmub6gy4fgve85wej6p9cwzht/ /6nai20vl9ol9cpx4ugfqtzpgnh2q/ /53e88c7cd6f237543ef0b0cb52d775b7d583f83a.php # Reference: https://app.any.run/tasks/8132aeef-11ed-443d-ae37-e61746e4e643/ a0501919.xsph.ru # Reference: https://app.any.run/tasks/84288362-9f98-408c-b148-99b6d1aa0c2b/ http://94.250.255.110 /92axhgmxpdkezsc8o7utb4coqyop9ls4r8ynuqp05g22/ /92axhgmxpdkezsc8o7utb4coqyop9ls4r8ynuqp05g22/x3n9o/b88e556bffd877877e03b181174f5d55dd654e9e.php /b88e556bffd877877e03b181174f5d55dd654e9e.php # Reference: https://app.any.run/tasks/5433b35a-7ff2-414d-824e-4d4a73a3cce7/ cu24886.tmweb.ru /xo8destofsad1yy0o0pj9rgjj4mqt5by2b8a9ktibk9z1h68npcffaorwp3/ /mjdpbwao3xfihlspr01mxeuj8ujcmv4i1pswkv6vja0so55dz2o4sgf5wqi9bnvi6h3dc4qd6gyf8/ /5f7b65221ba9f26a68dbe40cd557a10da5c41c17.php # Reference: https://www.virustotal.com/gui/file/2e2dbb104e1a170651a42f2e739440719fea74360416cd6945d7a9e2eefa01bb/detection sss.lyuk.fun /lubacmytkmhh5d338wi4sub7av44bzkyzugl1mccx2q98qjf6cjna9g295gwrwjafoziul6apfep/65dc8f3f8e19a8822548a9b139852b2ae510a7f9.php /lubacmytkmhh5d338wi4sub7av44bzkyzugl1mccx2q98qjf6cjna9g295gwrwjafoziul6apfep/ /65dc8f3f8e19a8822548a9b139852b2ae510a7f9.php # Reference: https://www.virustotal.com/gui/file/84c1cd5e95673fca1444b5879e83857e0513b3985a8e9152b45f6ad6e688971d/detection sdam-oge.xyz /u2l4eq1htsg0u8ktp6ybv1arcxmoax/4j0oidz6tcdbp2oex8/04107c5846d99adc0ccece6ba32e8daa52346d3b.php /u2l4eq1htsg0u8ktp6ybv1arcxmoax/ /04107c5846d99adc0ccece6ba32e8daa52346d3b.php # Reference: https://www.virustotal.com/gui/file/c9a1d56e05b593d77541650c1424eeeb4c18ff948436f2c1e1ceffff61e424d4/detection # Reference: https://www.virustotal.com/gui/file/f42a09edcf9d7745925cd56d498f57104329b10dcd221c99dd07df3fae4d6c64/detection # Reference: https://www.virustotal.com/gui/file/30ca126420741c189cf4bf0cdb236c5ae863bb0cc705d3fcb45dc2b502652819/detection # Reference: https://www.virustotal.com/gui/file/2bf90f9564d31ceec8f61908e8de2594082b1eb8622355b3436608559c5ce68a/detection # Reference: https://www.virustotal.com/gui/file/c9a1d56e05b593d77541650c1424eeeb4c18ff948436f2c1e1ceffff61e424d4/detection changer-esp.ml /agpo589w2hro33u3uwsrw551cmq9d1h8ua/ekfkmfzlcgtyckndd184itb7b9a6sj6voa4a475b15epzy3voxns7mf9qb9t5wr/f287097c7ea3f9c96305e3c6d2b24a0492b2e42c.php /agpo589w2hro33u3uwsrw551cmq9d1h8ua/ /ekfkmfzlcgtyckndd184itb7b9a6sj6voa4a475b15epzy3voxns7mf9qb9t5wr/ /f287097c7ea3f9c96305e3c6d2b24a0492b2e42c.php /jpep63pj8f5k0956dofx1kr7kbmhtnkg3pjlcqqbc9tev86y0u6w3zxujcn1/lr8bs3n8dwzekz95t7g5290ynb1xguo1tc02wv3kmp0e96yrlr4406uirfsnp/810a818d2e046901cbf4685b2447bf5eced209d3.php /jpep63pj8f5k0956dofx1kr7kbmhtnkg3pjlcqqbc9tev86y0u6w3zxujcn1/ /lr8bs3n8dwzekz95t7g5290ynb1xguo1tc02wv3kmp0e96yrlr4406uirfsnp/ /810a818d2e046901cbf4685b2447bf5eced209d3.php /wrrk41xugrucxw8bmia1luo3ndykspkqxowev4qyn2vlt204gyes/ux3phf0o9efk052qntnlsiwxj1a6i1s9le0pukz6gg17got3h5n5ocjgr/524276db2008bc5a31cfab16b20e3f57a04e33d0.php /wrrk41xugrucxw8bmia1luo3ndykspkqxowev4qyn2vlt204gyes/ /ux3phf0o9efk052qntnlsiwxj1a6i1s9le0pukz6gg17got3h5n5ocjgr/524276db2008bc5a31cfab16b20e3f57a04e33d0.php /ux3phf0o9efk052qntnlsiwxj1a6i1s9le0pukz6gg17got3h5n5ocjgr/ /524276db2008bc5a31cfab16b20e3f57a04e33d0.php /jqa220bvl8yxsdgmhki3fmjgo4alngtje10p3crfnl6bx3szk2dyis7x05v2xqw7huuawfu94crk/f730cf4f95e8c4974e9e354f14e192a209410810.php /jqa220bvl8yxsdgmhki3fmjgo4alngtje10p3crfnl6bx3szk2dyis7x05v2xqw7huuawfu94crk/ /f730cf4f95e8c4974e9e354f14e192a209410810.php /agpo589w2hro33u3uwsrw551cmq9d1h8ua/ekfkmfzlcgtyckndd184itb7b9a6sj6voa4a475b15epzy3voxns7mf9qb9t5wr/f287097c7ea3f9c96305e3c6d2b24a0492b2e42c.php /agpo589w2hro33u3uwsrw551cmq9d1h8ua/ /ekfkmfzlcgtyckndd184itb7b9a6sj6voa4a475b15epzy3voxns7mf9qb9t5wr/f287097c7ea3f9c96305e3c6d2b24a0492b2e42c.php /ekfkmfzlcgtyckndd184itb7b9a6sj6voa4a475b15epzy3voxns7mf9qb9t5wr/ /f287097c7ea3f9c96305e3c6d2b24a0492b2e42c.php # Reference: https://www.virustotal.com/gui/file/c569b600936870c0205b6992fca7a3d98adc5d6d90206392bb29445bc04fdd9f/detection # Reference: https://www.virustotal.com/gui/file/fc63cd606cf3be19778fc8a599565f466bace3ea413397b9207571cf90ee4d70/detection trtrk.tk /8sk7wdukztor4gv6sscgcbsfom672xgdl8hwn5slhhvn/9w78z41vd65tnev2dbg6xn7ifnthlum1lesjeybeh10ipcg568q/40511eac9a18da158d2524bf42b8099db23a7198.php /8sk7wdukztor4gv6sscgcbsfom672xgdl8hwn5slhhvn/ /9w78z41vd65tnev2dbg6xn7ifnthlum1lesjeybeh10ipcg568q/ /40511eac9a18da158d2524bf42b8099db23a7198.php /hb6z5e4vtf7s7xant1ymggp/0y6trz8p796z3l9un1bmkoryqt8jb7q0zno0m0cxrelxrbwvwssek2n3/94fdeb52381c8578b3fe82a4da27d8843a71254f.php /hb6z5e4vtf7s7xant1ymggp/ /0y6trz8p796z3l9un1bmkoryqt8jb7q0zno0m0cxrelxrbwvwssek2n3/ /94fdeb52381c8578b3fe82a4da27d8843a71254f.php # Reference: https://www.virustotal.com/gui/file/0c08183ca7d7511a0fb5ca3ab11d74b066c38427912220e963c4ceafe87350ed/detection # Reference: https://www.virustotal.com/gui/file/11accc9b0cd6f1bcff495f7a3ec2b9ebc7acfaa15f5bf88160c4ae724eeb0269/detection # Reference: https://www.virustotal.com/gui/file/19293bab3f8d1598dff122142f0641aeaf5c7b63d9692d565e4b4b5ae2fea82d/detection # Reference: https://www.virustotal.com/gui/file/b505454ac5e35abf59bfd6d039d07348a309b4903f5679c10168215f8f4566f9/detection big-chlen.ml /zcc4wy82hc9sk351nf51xrzjmeqeisfnjwrw0nagso7z2mnb72aac1iqe3lv/ul86hhzpxz2terk/a06763f99577add4361c8f382e94b1d384d0eae2.php /zcc4wy82hc9sk351nf51xrzjmeqeisfnjwrw0nagso7z2mnb72aac1iqe3lv/ /a06763f99577add4361c8f382e94b1d384d0eae2.php /81ly4nh50jk0n43ze2fq6svhtp1x2ddrulymihx2qkkrgapah0a9l1w7lm79r3c1r8t1/5add562f05b70b54786e15b898eade52720a0304.php /81ly4nh50jk0n43ze2fq6svhtp1x2ddrulymihx2qkkrgapah0a9l1w7lm79r3c1r8t1/ /5add562f05b70b54786e15b898eade52720a0304.php /eb6ce1l2uf1lcdxiutpsskg4q22u4tt0mqfydf63n43chv8ts9zq6y5jre8zlpabz9f/o42p885c1967jdwl3wmfb3fi8msmyzz0se12yt1b2kuiou5v9ogc/461d319af8a6a131a055d1fbc3587d7e081534b5.php /eb6ce1l2uf1lcdxiutpsskg4q22u4tt0mqfydf63n43chv8ts9zq6y5jre8zlpabz9f/ /o42p885c1967jdwl3wmfb3fi8msmyzz0se12yt1b2kuiou5v9ogc/461d319af8a6a131a055d1fbc3587d7e081534b5.php /o42p885c1967jdwl3wmfb3fi8msmyzz0se12yt1b2kuiou5v9ogc/ /461d319af8a6a131a055d1fbc3587d7e081534b5.php /4e3twf02xyx7uk3nlzuc/cbanirg43pfycp0098lxcoq7xsef2h8o/06aca9cb7ae3a7ae747899d9d5db60d066937d79.php /4e3twf02xyx7uk3nlzuc/ /cbanirg43pfycp0098lxcoq7xsef2h8o/ /cbanirg43pfycp0098lxcoq7xsef2h8o/06aca9cb7ae3a7ae747899d9d5db60d066937d79.php /06aca9cb7ae3a7ae747899d9d5db60d066937d79.php # Reference: https://www.virustotal.com/gui/file/7738ad1029f1709ec86c8ba24e04b3f71edf671b64681b884ccd70725a1674a5/detection f0332298.xsph.ru khxclhpyxach.000webhostapp.com tedrbavrjrvl.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/78d3657bc6632a7894975a120f3e3cba24a31c1be98d703ebd455ec3eb1b443f/detection fthtrhtht.xyz.swtest.ru # Reference: https://www.virustotal.com/gui/file/b0587a32f9dcd1918883354db87376bafaebfed10359228540e57372c2410eb9/detection borodach2643890.online.swtest.ru /stl8ldqmfrrfel0p6w5pfloceixidn3dg2qzitsb56ghwkefgbq4zg/1s1tqx4nad15jp7m36/2d1465a3505530413d71f7c5643c8f5f53f832bf.php /stl8ldqmfrrfel0p6w5pfloceixidn3dg2qzitsb56ghwkefgbq4zg/1s1tqx4nad15jp7m36/ /stl8ldqmfrrfel0p6w5pfloceixidn3dg2qzitsb56ghwkefgbq4zg/ /1s1tqx4nad15jp7m36/ /2d1465a3505530413d71f7c5643c8f5f53f832bf.php # Reference: https://www.virustotal.com/gui/file/79821a8e903d54162bd27f98e998056bdd86f9fb65fdfe6d2eb2db93d23d9e00/detection joboykoya2.temp.swtest.ru /dsa9bezkgbouxklfgtsj28jyu8mpiparwxcdwvqkwzuw4e4imtvhpq5odqz626wy103/zsoa7fq/c76977934cb8179863e8dcc6877b78f9eaa2c2f0.php /dsa9bezkgbouxklfgtsj28jyu8mpiparwxcdwvqkwzuw4e4imtvhpq5odqz626wy103/ /c76977934cb8179863e8dcc6877b78f9eaa2c2f0.php # Reference: https://www.virustotal.com/gui/file/dd2e16f51093a9e1f219dbbb9ed9170969e6d5f82fd75e9ffb14100a60b00944/detection xibefoc467.temp.swtest.ru /jr362ixublms04ceyi7zfnntmea9so8e51/mtzkbzxvmgzja977vh5cy2iea9ynrdku/ca9a1b6af82a14cc6367351fd09e28d59e3cf499.php /jr362ixublms04ceyi7zfnntmea9so8e51/mtzkbzxvmgzja977vh5cy2iea9ynrdku/ /jr362ixublms04ceyi7zfnntmea9so8e51/ /mtzkbzxvmgzja977vh5cy2iea9ynrdku/ /ca9a1b6af82a14cc6367351fd09e28d59e3cf499.php # Reference: https://app.any.run/tasks/fc618299-4cef-4e89-b5c0-4d2efb519054/ cu31892.tmweb.ru # Reference: https://app.any.run/tasks/875036f3-5d0f-4197-bee5-3760f7e8dd95/ oneway-exe.ru # Reference: https://app.any.run/tasks/6fd6f53a-609f-41f3-adf5-e2d47c6af95b/ ch71531.tmweb.ru # Reference: https://www.virustotal.com/gui/file/5e92f42622ff84d9e7924fd77d203daae58dbf09da9b2bcab7474cf051820740/detection exempal.cf /dps7t752hgory13y2703rrpgxsw6owmmli8acdo9azm1v0q2b7lenn9w3kciuzn87zr4jvnz6f8lk30/6uooe4ipdagnerdwo8h5kh2txam1njqcx7j/87df5a86f678b2f61f9e2fae37a1c758737a0e99.php /dps7t752hgory13y2703rrpgxsw6owmmli8acdo9azm1v0q2b7lenn9w3kciuzn87zr4jvnz6f8lk30/6uooe4ipdagnerdwo8h5kh2txam1njqcx7j/ /dps7t752hgory13y2703rrpgxsw6owmmli8acdo9azm1v0q2b7lenn9w3kciuzn87zr4jvnz6f8lk30/ /6uooe4ipdagnerdwo8h5kh2txam1njqcx7j/87df5a86f678b2f61f9e2fae37a1c758737a0e99.php /6uooe4ipdagnerdwo8h5kh2txam1njqcx7j/ /87df5a86f678b2f61f9e2fae37a1c758737a0e99.php # Reference: https://www.virustotal.com/gui/file/4826fb45c88d5e352c330de2c76612baed1eb94c58bc58929ffcd9df5b0b5213/detection a0315442.xsph.ru /8vrpgqblltuiasb3pavt/cas5qc1ukntde7mnk4z88isab2jl3pv845auzfvzh5krdwoxpwoe5vn8btgi7ucqvfjtuh/a82e98ad62625d64cf0aac8ff970f101f0b8dbdd.php /8vrpgqblltuiasb3pavt/cas5qc1ukntde7mnk4z88isab2jl3pv845auzfvzh5krdwoxpwoe5vn8btgi7ucqvfjtuh/ /8vrpgqblltuiasb3pavt/ /cas5qc1ukntde7mnk4z88isab2jl3pv845auzfvzh5krdwoxpwoe5vn8btgi7ucqvfjtuh/a82e98ad62625d64cf0aac8ff970f101f0b8dbdd.php /8vrpgqblltuiasb3pavt/cas5qc1ukntde7mnk4z88isab2jl3pv845auzfvzh5krdwoxpwoe5vn8btgi7ucqvfjtuh/ /a82e98ad62625d64cf0aac8ff970f101f0b8dbdd.php # Reference: https://www.virustotal.com/gui/file/c79c8b52c8e06c77e068bf2d7798490ae3fbb596d798a3232011f0acbf322d9a/detection a0472136.xsph.ru /434a17mvckf19dxf83nl84jcsgkqj6tkfpa152ec8/ /011afb0749904eed1c837350cda0a7aea10f84c9.php # Reference: https://www.virustotal.com/gui/file/26bb89fed1eb8544bf3e70fdac8713d7201cd3b36962738aa23f42371779c100/detection f0452627.xsph.ru /d0wpfpdwqcvri7hikj0honbqlg60vkld/ec7i7ylhvupxp1jpdah68mzigqxyat0nuw9spok3ywfql52ct5nv5k419/52d126a457c70dcf8f15c863f1e7eb6318f28152.php /d0wpfpdwqcvri7hikj0honbqlg60vkld/ec7i7ylhvupxp1jpdah68mzigqxyat0nuw9spok3ywfql52ct5nv5k419/ /d0wpfpdwqcvri7hikj0honbqlg60vkld/ /ec7i7ylhvupxp1jpdah68mzigqxyat0nuw9spok3ywfql52ct5nv5k419/ /52d126a457c70dcf8f15c863f1e7eb6318f28152.php # Reference: https://www.virustotal.com/gui/file/ccb4673eba9fc6523366bfe8a0dfaa8cf4c4aa3f5c5edccc3c98dd4b28356fe0/detection f0471995.xsph.ru # Reference: https://www.virustotal.com/gui/file/21b703742ded5a6ac2d580ccbe1fadc3113e6c01750658c93204e5cb3c4797e7/detection a0486179.xsph.ru /0ewhm8n8kba1grvga073qjtu7lq/ /ccba8a2e3755c5123325a7f2e766975b0ad70363.php # Reference: https://www.virustotal.com/gui/file/89c0578b862c36d099744f435c97e3d64cefc29a3705dfa61735ab9d7939c83e/detection cy59724.tmweb.ru /fhouqsip6grypvxr4gvoeu5s/6h56e8do29cj71emx2wxop90l6ms6b0n03ys1v34m9c4ffqfymjeslku1nt4zxrzpe/e6eca0e86c3ff6c5f5ce3b597946a8466c9a5e49.php /6h56e8do29cj71emx2wxop90l6ms6b0n03ys1v34m9c4ffqfymjeslku1nt4zxrzpe/e6eca0e86c3ff6c5f5ce3b597946a8466c9a5e49.php /fhouqsip6grypvxr4gvoeu5s/ /6h56e8do29cj71emx2wxop90l6ms6b0n03ys1v34m9c4ffqfymjeslku1nt4zxrzpe/ /e6eca0e86c3ff6c5f5ce3b597946a8466c9a5e49.php # Reference: https://www.virustotal.com/gui/file/c3832621e8b001e0d9c67a2eb87df480794160ba88dad28611e3fbd1019e382f/detection pcsovet.5k5.ru /4r8sb3nl87wc75w9rh3ffhu6w5che/bltcxwg89mid9szec5tojjm79ls6kh1rom74d71n3hvepefuiylji0rffa5n62l56wsuk28bcw978agtu1y/d1e916594122bd471161b2701ccd8b16c7d56f06.php /4r8sb3nl87wc75w9rh3ffhu6w5che/bltcxwg89mid9szec5tojjm79ls6kh1rom74d71n3hvepefuiylji0rffa5n62l56wsuk28bcw978agtu1y/ /4r8sb3nl87wc75w9rh3ffhu6w5che/ /bltcxwg89mid9szec5tojjm79ls6kh1rom74d71n3hvepefuiylji0rffa5n62l56wsuk28bcw978agtu1y/ /d1e916594122bd471161b2701ccd8b16c7d56f06.php # Reference: https://twitter.com/c3rb3ru5d3d53c/status/1366076714653212676 # Reference: https://www.virustotal.com/gui/file/50444a618ccea3cc6b93088378260b2fab89b5b92d4b06f27fc2e8a58b950c79/detection cg94871.tmweb.ru /ipq342neycw2vemr137rhq3u1lsggre8hk4enbicwwb7hdfzrtpla4kyufmto/avldwf/11d3d498af0fd072d4bbc98f8a2273b235c27adb.php /ipq342neycw2vemr137rhq3u1lsggre8hk4enbicwwb7hdfzrtpla4kyufmto/ /11d3d498af0fd072d4bbc98f8a2273b235c27adb.php # Reference: https://www.virustotal.com/gui/file/6ac9d0949e78f75adb767797d2e8f456b9bfc19cf85ce0f6fe4fe2e2678ae020/detection a0484572.xsph.ru /0ongi8hxo7yarpcd65ellx53/cwc80amx0pz2qbb7j75ew4h3mtreckxau7203jofqsdgqekrx0a924p21lv95n58fl69v54an/0e776a6139e804b26561001e727cd021217e5558.php /cwc80amx0pz2qbb7j75ew4h3mtreckxau7203jofqsdgqekrx0a924p21lv95n58fl69v54an/0e776a6139e804b26561001e727cd021217e5558.php /0e776a6139e804b26561001e727cd021217e5558.php /0ongi8hxo7yarpcd65ellx53/ /cwc80amx0pz2qbb7j75ew4h3mtreckxau7203jofqsdgqekrx0a924p21lv95n58fl69v54an/ # Reference: https://www.virustotal.com/gui/file/0db9b3287dbda591372414623e67ed65e19145656ec7270c545e33ec8dcf7359/detection f0438395.xsph.ru f0446323.xsph.ru /y4owmffza4zbl/vay92fnfwidomnmj2ati1/ce35e0ff1e1d2c8b81e3deee715d223b27132874.php /y4owmffza4zbl/vay92fnfwidomnmj2ati1/ /y4owmffza4zbl/ /vay92fnfwidomnmj2ati1/ /ce35e0ff1e1d2c8b81e3deee715d223b27132874.php # Reference: https://www.virustotal.com/gui/file/0bc8f7c32c038195ec0a00142e6a497a85740044b6c7f58f140d8bd084aa4c7d/detection f0478615.xsph.ru /zli0hx3rb7l5motetc6rq/m50qy39ordpa8n7ags3r1jmhv4441kibchpvujqu1c67lz54wdhn41etky0p0mjfruxx/bf8bde4aecac1785475ed63563972416621c91d2.php /zli0hx3rb7l5motetc6rq/m50qy39ordpa8n7ags3r1jmhv4441kibchpvujqu1c67lz54wdhn41etky0p0mjfruxx/ /zli0hx3rb7l5motetc6rq/ /m50qy39ordpa8n7ags3r1jmhv4441kibchpvujqu1c67lz54wdhn41etky0p0mjfruxx/ /bf8bde4aecac1785475ed63563972416621c91d2.php # Reference: https://www.virustotal.com/gui/file/10308a424c6d9abfc703efc49ab5d0840766ebf51ac4b03269a1f98ef0a66aec/detection f0463306.xsph.ru /dnc43rncghchlzne9ifqkgvkz/w1d6njsup/5bea1966ae5a874168cf125971b3ea99cedb7df7.php /dnc43rncghchlzne9ifqkgvkz/ /5bea1966ae5a874168cf125971b3ea99cedb7df7.php # Reference: https://www.virustotal.com/gui/file/cd6e3b60a429bbf3dd571ac9bcb953f378433264550325139b1535c79b434e86/detection f0475486.xsph.ru /tq2jahdsfa5g9y3w1wjcio6r48zu6qvp7o92omin3etbfwh5uad8p/bv426i0urvvb71p1ecoum8rsozplify7glwhxk97w/fc0de89767fa4fb6ceb846e92428d4a917d24c31.php /tq2jahdsfa5g9y3w1wjcio6r48zu6qvp7o92omin3etbfwh5uad8p/bv426i0urvvb71p1ecoum8rsozplify7glwhxk97w/ /tq2jahdsfa5g9y3w1wjcio6r48zu6qvp7o92omin3etbfwh5uad8p/ /bv426i0urvvb71p1ecoum8rsozplify7glwhxk97w/ /fc0de89767fa4fb6ceb846e92428d4a917d24c31.php # Reference: https://www.virustotal.com/gui/file/0c797645b62f0d5262d2db462218c9f0ad064858bfe206f02d99541c7bc762dd/detection f0457573.xsph.ru /5a7tuwel9087f50z2wu42oyf8sbjeztvg785xrn/gh7r8ky9sp/8661ba6a5e0db20f23382c8ecb1af46b4af13638.php /5a7tuwel9087f50z2wu42oyf8sbjeztvg785xrn/ /8661ba6a5e0db20f23382c8ecb1af46b4af13638.php # Reference: https://www.virustotal.com/gui/file/3507728820cc00598364f740bc8bd661b3ea2217d3292f17b20f8d9093fda25e/detection f0494736.xsph.ru /q3vuzcny1grdz47l019ksvl7g5kla6tq1johbifung5j617s82dd2oyf/og4rzao3yh3z48er5eh8y3lju1dwtcntz9xw6jfo9pf5807xk2ffvup5402w4kj/sryg3ha98v02qow3rp/dc8c5ce9e6004966bf6ad5e7499b507b.php /q3vuzcny1grdz47l019ksvl7g5kla6tq1johbifung5j617s82dd2oyf/og4rzao3yh3z48er5eh8y3lju1dwtcntz9xw6jfo9pf5807xk2ffvup5402w4kj/ /q3vuzcny1grdz47l019ksvl7g5kla6tq1johbifung5j617s82dd2oyf/ /og4rzao3yh3z48er5eh8y3lju1dwtcntz9xw6jfo9pf5807xk2ffvup5402w4kj/ /fbd557434528cbf66b6d4edaaf8c7c68f5b17c75.php /sryg3ha98v02qow3rp/dc8c5ce9e6004966bf6ad5e7499b507b.php # Reference: https://www.virustotal.com/gui/file/0c973ee7d91878f4db5d0044ecb43f508df4013d85d85b33f5a58ff3ee1a58a0/detection f0493264.xsph.ru /piks3hwokuzpinvf1sifaqvlezh0/ /f3924bcd353a8e1f603f95309fa65ca3f8dcfceb.php /piks3hwokuzpinvf1sifaqvlezh0/zc8bt0r4pk3m9ql8c6dc9xlnyl0tk5bok42soa5j1o68pg20t/283314aaecfe5dd34e232939e1218999.php /piks3hwokuzpinvf1sifaqvlezh0/zc8bt0r4pk3m9ql8c6dc9xlnyl0tk5bok42soa5j1o68pg20t/ /zc8bt0r4pk3m9ql8c6dc9xlnyl0tk5bok42soa5j1o68pg20t/ /283314aaecfe5dd34e232939e1218999.php # Reference: https://www.virustotal.com/gui/file/040a25f63a9c6fb1703a1039488a0eba849588a054b5e603cd19792707d2ef32/detection f0503470.xsph.ru # Reference: https://www.virustotal.com/gui/file/d50d9f271cf93d53fe6d1f1a00546e12c04f00e6546158a389c99a201b281231/detection f0515589.xsph.ru /34voq2emqal4bp5any671hzf9lm3ij839zrxw2gzhl6ttih4ewum0ply6omxcfus08wn14ib/03ryscvohzllc76/ea5efdbfcf64407f0133129dc50e9decb86eddc2.php /34voq2emqal4bp5any671hzf9lm3ij839zrxw2gzhl6ttih4ewum0ply6omxcfus08wn14ib/03ryscvohzllc76/ /34voq2emqal4bp5any671hzf9lm3ij839zrxw2gzhl6ttih4ewum0ply6omxcfus08wn14ib/ /ea5efdbfcf64407f0133129dc50e9decb86eddc2.php # Reference: https://www.virustotal.com/gui/file/357b1770262a0b0f33f56f8fece9e1e35f4918acf72d36bb3cae719fde9bc18b/detection f0510538.xsph.ru /u3s904w2ibcgouhmgk4bcxx1a2vetdp7/ /7db32d0d111d8e8d56501876d36930c7da4bbda7.php # Reference: https://www.virustotal.com/gui/file/8c0a2621bdd862a767aea8ac6c8721a07f11232db5b16a60cd868341355a3e07/detection f0491418.xsph.ru /jbouypul6170z295czg/9esptzen95oqo1qj4mmd7fbuo63xp2pnv1c8wizr6bjlkf2da4a4u6axfv3uhex36wludrvoec5ykywq/103eeb3716f4deeefafd758ba7c991b6b88dd11e.php /jbouypul6170z295czg/9esptzen95oqo1qj4mmd7fbuo63xp2pnv1c8wizr6bjlkf2da4a4u6axfv3uhex36wludrvoec5ykywq/ /jbouypul6170z295czg/ /9esptzen95oqo1qj4mmd7fbuo63xp2pnv1c8wizr6bjlkf2da4a4u6axfv3uhex36wludrvoec5ykywq/ /103eeb3716f4deeefafd758ba7c991b6b88dd11e.php # Reference: https://www.virustotal.com/gui/file/33291a6e72594047c17a796a081f09883550a219846dccd5ed3cfc8451b5a135/detection f0509824.xsph.ru # Reference: https://www.virustotal.com/gui/file/424917f137c2dba0a9dbbac18076aee314780dfccedc31883b1cbe7ce914298d/detection f0515589.xsph.ru /34voq2emqal4bp5any671hzf9lm3ij839zrxw2gzhl6ttih4ewum0ply6omxcfus08wn14ib/03ryscvohzllc76/ea5efdbfcf64407f0133129dc50e9decb86eddc2.php /34voq2emqal4bp5any671hzf9lm3ij839zrxw2gzhl6ttih4ewum0ply6omxcfus08wn14ib/ /ea5efdbfcf64407f0133129dc50e9decb86eddc2.php # Reference: https://www.virustotal.com/gui/file/be2cc2d4877f79dcb0cbef9a42d114544a135f2c1f8bd96ed06cb01c0defae60/detection f0515572.xsph.ru # Reference: https://www.virustotal.com/gui/file/14df9469961f7a159651587e0a4afc78d06e3d7247c9d9ccb47b840c71bfb792/detection f0517366.xsph.ru /3s66rm0tcvofycuvdqqdlhaoi0i7560bwkxgq97drftbf4m4l04nea9ugzt/wh97lg5i0mnw6rfzrg/d5501495d336c46495f9b8e54386c8bf5ac0cc5e.php /3s66rm0tcvofycuvdqqdlhaoi0i7560bwkxgq97drftbf4m4l04nea9ugzt/wh97lg5i0mnw6rfzrg/ /3s66rm0tcvofycuvdqqdlhaoi0i7560bwkxgq97drftbf4m4l04nea9ugzt/ /wh97lg5i0mnw6rfzrg/ /d5501495d336c46495f9b8e54386c8bf5ac0cc5e.php # Reference: https://app.any.run/tasks/3ca79d1f-03ef-4215-b587-082334de1ed7/ filmix.space /s3l2w44ni0au767y00lrxlbkesye5cot4zund7ju9t3k65niw1msvh/g7o4lqch3nkt0p08/20eb5bca358665727c4c5ac112fb96afb9757028.php /s3l2w44ni0au767y00lrxlbkesye5cot4zund7ju9t3k65niw1msvh/g7o4lqch3nkt0p08/ /s3l2w44ni0au767y00lrxlbkesye5cot4zund7ju9t3k65niw1msvh/ /20eb5bca358665727c4c5ac112fb96afb9757028.php # Reference: https://www.virustotal.com/gui/file/a8b88f7751da32956991d5a6bed4bb5fe788696188a04b951f304e5035d1c5b0/detection f0517233.xsph.ru /7njihfv0a/kz5cfx173w93hd3eizzct6gy1gx8dj5ioy/5e150948e707791422070434d2fa55363f18c867.php /7njihfv0a/kz5cfx173w93hd3eizzct6gy1gx8dj5ioy/ /5e150948e707791422070434d2fa55363f18c867.php /kz5cfx173w93hd3eizzct6gy1gx8dj5ioy/db9hfgvbx/edc301e834c038e30c4f9fc52b979a12.php /kz5cfx173w93hd3eizzct6gy1gx8dj5ioy/ /edc301e834c038e30c4f9fc52b979a12.php # Reference: https://www.virustotal.com/gui/file/e7bc06eedb8600ef3a3a168e04260e2aa2c1bffa1eec3ab256deb866bed7b1d1/detection f0519071.xsph.ru /1lua73k3rf9/ag07622pc1uspjsulyin3gz3ywv8btbe0jx5tmkild45o88qfgt6v23keb1rdcnsfaz1fma09vns6rhtrghk37/2da79cb2b31cd83770333991b6d72e6823f7120d.php /ag07622pc1uspjsulyin3gz3ywv8btbe0jx5tmkild45o88qfgt6v23keb1rdcnsfaz1fma09vns6rhtrghk37/ /2da79cb2b31cd83770333991b6d72e6823f7120d.php # Reference: https://www.virustotal.com/gui/file/514227515d4d8d80d19bb27b92182154fefc8f016be0c86c8016ec9a0cad7c6a/detection f0519034.xsph.ru /gxb17nqb13togzcoj6w2wbvdamxwsgmvdmqxk74pz7iaetdzd08z1j7rak6ujptlgy/b55vlmrnyp/80501efbfd7a3a3302bf2aa2aeda671587c06f3c.php /gxb17nqb13togzcoj6w2wbvdamxwsgmvdmqxk74pz7iaetdzd08z1j7rak6ujptlgy/ /80501efbfd7a3a3302bf2aa2aeda671587c06f3c.php # Reference: https://www.virustotal.com/gui/file/84ae6fe4cd4f1357409af9eeea51b0ceb8385242c1e67b1f22a51a9475f3ce01/detection cs51919.tmweb.ru /jah3b5q3hkt4v8iuj47724umkygr1gsctnp3p1ukmio9ixwfcnflh76esg5fv4qnxlsm/sg2dmj1k5lzzxrtchs6omubpixuk3a1dqmb8rn/1b58f49e15eeb98754ad22cdd55072e27b160ca2.php /jah3b5q3hkt4v8iuj47724umkygr1gsctnp3p1ukmio9ixwfcnflh76esg5fv4qnxlsm/sg2dmj1k5lzzxrtchs6omubpixuk3a1dqmb8rn/ /jah3b5q3hkt4v8iuj47724umkygr1gsctnp3p1ukmio9ixwfcnflh76esg5fv4qnxlsm/ /sg2dmj1k5lzzxrtchs6omubpixuk3a1dqmb8rn/ /1b58f49e15eeb98754ad22cdd55072e27b160ca2.php # Reference: https://www.virustotal.com/gui/file/6e2c565e36ca5fd95af9f7a0d1a2fa6b9ec50caef4290e9eb9abe53ab3b8e70b/detection a0404851.xsph.ru /stwc3br2iynbmx8wlv054g1c9nyqq7eumxrb1t0u5d9znkez8jip10f4ap95ja94aabro1kxzxpq708/av4yi982qnv743qpxk/4b15077fafc5c905a0a10493de237bd680a0de80.php /av4yi982qnv743qpxk/4b15077fafc5c905a0a10493de237bd680a0de80.php /stwc3br2iynbmx8wlv054g1c9nyqq7eumxrb1t0u5d9znkez8jip10f4ap95ja94aabro1kxzxpq708/av4yi982qnv743qpxk/ /stwc3br2iynbmx8wlv054g1c9nyqq7eumxrb1t0u5d9znkez8jip10f4ap95ja94aabro1kxzxpq708/ /av4yi982qnv743qpxk/ /4b15077fafc5c905a0a10493de237bd680a0de80.php # Reference: https://www.virustotal.com/gui/file/be4f2bc98517755200485163d8f7734702f9fc072fef2df4e6250f679151070c/detection a0405963.xsph.ru /smx039rtaq99eh0guby5copi4ml698dyb0k3acwg0czni6vbzat75bt/4cenvfizboennpdqih0avfwitbb3j4m4f4forilbg7/16e350e36f5328bd301a257515f4e3fd5b680305.php /4cenvfizboennpdqih0avfwitbb3j4m4f4forilbg7/16e350e36f5328bd301a257515f4e3fd5b680305.php /smx039rtaq99eh0guby5copi4ml698dyb0k3acwg0czni6vbzat75bt/4cenvfizboennpdqih0avfwitbb3j4m4f4forilbg7/ /smx039rtaq99eh0guby5copi4ml698dyb0k3acwg0czni6vbzat75bt/ /4cenvfizboennpdqih0avfwitbb3j4m4f4forilbg7/ /16e350e36f5328bd301a257515f4e3fd5b680305.php # Reference: https://www.virustotal.com/gui/file/9c91b43d243ac9adfdabcf848069b08b9117c6380d4805729d06836fdc10a74c/detection a0525835.xsph.ru /oqk743prn86ycil1soeb99aqy0epzj6utcxrw30c23o86kif7gscmld/aih52uhn1u0prqmd5vckdleh246a8p2b9dq7o0k7htcq1w/30650a8f98a447ec28b175ffd31214d7d94eb991.php /oqk743prn86ycil1soeb99aqy0epzj6utcxrw30c23o86kif7gscmld/aih52uhn1u0prqmd5vckdleh246a8p2b9dq7o0k7htcq1w/ /oqk743prn86ycil1soeb99aqy0epzj6utcxrw30c23o86kif7gscmld/ /aih52uhn1u0prqmd5vckdleh246a8p2b9dq7o0k7htcq1w/ /aih52uhn1u0prqmd5vckdleh246a8p2b9dq7o0k7htcq1w/30650a8f98a447ec28b175ffd31214d7d94eb991.php /30650a8f98a447ec28b175ffd31214d7d94eb991.php # Reference: https://twitter.com/K_N1kolenko/status/1377902418839678976 # Reference: https://twitter.com/K_N1kolenko/status/1377902531641237505 # Reference: https://twitter.com/James_inthe_box/status/1377967403611480070 http://195.54.33.24 /jsserverwindows.php # Reference: https://www.virustotal.com/gui/file/29df0b984e959c856c2cc8d45dbd407301567d1f8deb962f350b8789f5a9a1f8/detection cc50835.tmweb.ru /pipebigloadbaseWindowstest.php # Reference: https://www.virustotal.com/gui/file/89fa4b96824cff45d631aba001e6ea4873bdc50133149489453e1930f93061db/detection ch30249.tmweb.ru /CpulongpollAsync.php # Reference: https://www.virustotal.com/gui/file/b353f0b1f05df11cd8d4a9d5e32b175bf52795d4571da48347c8d367767c7f2c/detection cx55949.tmweb.ru /linePipepacketmultilinux.php # Reference: https://www.virustotal.com/gui/file/e2c0f6c339713ba63202f13e1f788997d87b4d8ce38cb6bb8f214bc92020b77d/detection cm51492.tmweb.ru /ProviderLongpoll.php # Reference: https://www.virustotal.com/gui/file/e46a16ade0a00728c59210acdcd131a5bab46470d9acb07afb58917a1e287456/detection ck02342.tmweb.ru /JavascriptjsProcessorProtectFlower.php # Reference: https://www.virustotal.com/gui/file/4b032a536e842694ebbf6152c16484e01dd3c786d028cd535bd75b74c2e1e75c/detection ct53551.tmweb.ru /php_updateLongpoll.php # Reference: https://www.virustotal.com/gui/file/56739e49de52e250f4a3eca5675917fe3cda4d3c40903e7f9d2b79e18bec9999/detection cg15251.tmweb.ru # Reference: https://www.virustotal.com/gui/file/7055d783414b106fe0cf64d48298626a77800e0b8dcdc8eb861d63b72ae8f8fa/detection cf09397.tmweb.ru /multiDefaultFlower.php # Reference: https://www.virustotal.com/gui/file/76878896e452310544b7935243156babb347549bf8f7c57dcd809d9d9cc7273c/detection cu32668.tmweb.ru /pipelowprocessmultiBase.php # Reference: https://www.virustotal.com/gui/file/353e71b1f29f2a127d199fd7b936805a6181a1d81fb83b818b5628d1ab424e17/detection ch08518.tmweb.ru # Reference: https://www.virustotal.com/gui/file/32acd16ac1f0ceda43528df2401e91212338f58a16b0446e564174a9c840721c/detection cq64286.tmweb.ru /HttpcpuupdateauthApi.php # Reference: https://www.virustotal.com/gui/file/20adaedcd00cb34d5ff9f6840a171bae738b7acdee4ab320724fcceb3218cda4/detection cn25255.tmweb.ru /AsentusEncoded.php # Reference: https://www.virustotal.com/gui/file/4ed2b9056a1141a2d92ee8c0b5e4b94bd59a1d84784f5bffc487575f1f98b88e/detection cr39615.tmweb.ru /imagesecurePacket.php # Reference: https://www.virustotal.com/gui/file/3d3326dd0a2dade47a2b5ad966fdebbd09fa15ff67ec18a8b8f8323ca481e70f/detection dyeee.tmweb.ru /longpollTraffic.php # Reference: https://www.virustotal.com/gui/file/72362d62cf50c249dee90fa062a9a382572d67997da05608ef3f79a1292a43e1/detection cf79984.tmweb.ru /secureGeoauthflower.php # Reference: https://www.virustotal.com/gui/file/544d2ce0cdc40c01dad1b0c0e8c6040d9252ff9c5edac8c73a212e8210c44473/detection cq38242.tmweb.ru # Reference: https://www.virustotal.com/gui/file/96aea8e31880f1a37353a47c962de1f59755abea5bb12a2abd62ae1bf694231c/detection # Reference: https://www.virustotal.com/gui/file/edfbfcbb103f5b69bcf2a9b3cc6e01750744bdc84a882f929c3f9cefef42cecb/detection cj09837.tmweb.ru vh366.timeweb.ru # Reference: https://www.virustotal.com/gui/file/bf6e3cf654738116a14be298176fc12524154ee51f9a2424fa117ee5b47be53a/detection cw51552.tmweb.ru /pythonlowupdateprotectdefault.php # Reference: https://www.virustotal.com/gui/file/f0690112624bffc927f19e8cc0d8af4f46656a354212bc234e9cc3d1c33c4993/detection sk1tzz.beget.tech /kef8wewmagh6vs3rbm5jqhi29dkn7y96gp1ou9i7d4pw14c9rlc46uur3fvlzgjiehh/h7otaleclm238j1szeb/9753eb7181919647609843743199a5f58a01a37c.php /kef8wewmagh6vs3rbm5jqhi29dkn7y96gp1ou9i7d4pw14c9rlc46uur3fvlzgjiehh/h7otaleclm238j1szeb/ /kef8wewmagh6vs3rbm5jqhi29dkn7y96gp1ou9i7d4pw14c9rlc46uur3fvlzgjiehh/ /h7otaleclm238j1szeb/ /h7otaleclm238j1szeb/9753eb7181919647609843743199a5f58a01a37c.php /9753eb7181919647609843743199a5f58a01a37c.php # Reference: https://www.virustotal.com/gui/file/fb3914e5fb9bbae88d31177071dd6465bc4ae46f05c71f3a72b086483d65e066/detection http://135.181.235.118 # Reference: https://www.virustotal.com/gui/file/1a1971d70f3879a8fb9cb656c3afe487760454b1caf139cf2d3b87330f3e77ff/detection datasines.ru /vmasyncTrack.php # Reference: https://www.virustotal.com/gui/file/1294a91cd45ed0dc87531245654e961b6aa1b399ca32a33048a04ab7993b16b7/detection # Reference: https://www.joesandbox.com/analysis/444364?idtype=analysisid http://185.246.65.192 /pythonsecurelowcpuGame.php # Reference: https://www.virustotal.com/gui/file/3d49374f76096e055f31a9e83d0bdd15a349aa85041a9f827fef376011913d05/detection # Reference: https://www.virustotal.com/gui/file/55c68474cc02e4834e61a80980679f364f3fb1d012e8aab3bb3bd254967e5514/detection http://82.146.57.148 /tracedemosupportphp/demo/mobilegenerator/support/cpucamphp/prefprefmathcore/djangoplugin/searchercpuprefrecord/demohtopphptrace/limitdatalog/imageprocesslongpolltraffic.php # Reference: https://www.virustotal.com/gui/file/a0f4c92db2cfda9c338306c1b12f71c15416196ed593f0aa28ca5add785d426a/detection # Reference: https://www.virustotal.com/gui/file/fac11dc010c0a36ccacc3a5438af9bd5182b7b94be16d5758f78c6b89100dbf9/detection u102494.test-handyhost.ru /cf56ixqm4hmo9mco4un456azr94f7rsa6xkusidqjs2bg7lsvak1lbz1xl3xp0yq5p6eyykeju8rjzpzjw2a/f4gcpek23jbc0nadh6spye3fiujv9m6nyq2gwihz6ctth8d37hdajp/cf1d9bc56e0d85baf1d1e7e49e0db80d9b047230.php /cf56ixqm4hmo9mco4un456azr94f7rsa6xkusidqjs2bg7lsvak1lbz1xl3xp0yq5p6eyykeju8rjzpzjw2a/ /f4gcpek23jbc0nadh6spye3fiujv9m6nyq2gwihz6ctth8d37hdajp/ /cf1d9bc56e0d85baf1d1e7e49e0db80d9b047230.php # Reference: https://www.virustotal.com/gui/file/5ad69de9fdcb9ae92c756236de868bf963d04b6cad241d418c62f06e7332c13c/detection http://82.146.42.205 /httptraffic.php # Reference: https://www.virustotal.com/gui/file/ac5690010ad06525c90e0d604403e9169f2698d82f5a4e89d328343d59ead472/detection bigwins.ddns.net /ExternalphpPoll.php # Reference: https://www.virustotal.com/gui/file/ca0c5b278fc4a2fd0d71019429789248453779143404ff909964807facba6b20/detection http://212.109.199.108 /HttpBigloadsqllinux.php # Reference: https://www.virustotal.com/gui/file/9c7cb7bc7443f2f35c6804ca5aca69df5b21327b96428c31cb1cea12b3b94d1e/detection http://79.174.13.146 /linuxAsync.php # Reference: https://www.virustotal.com/gui/file/679bec4906c57d7637bd04824f1d3fc26a75e4dac0aff833f9b86a3f0bdd7b24/detection a0553951.xsph.ru /apiBigloadDbtrack.php # Reference: https://www.virustotal.com/gui/file/92b9803da13558ef311fe025ec74a0ada01b1c95b499985d51d4c4bd01f11129/detection a0548637.xsph.ru /javascript_geoserver.php # Reference: https://www.virustotal.com/gui/file/8801faeab21ac37b1785a78c635cba75f914d2056f1b74ddefbcc1b17f836edc/detection a0555497.xsph.ru /eternalsecurelinux.php /ImageProcessordb.php # Reference: https://www.virustotal.com/gui/file/061fa38282c2f86c3a5e9e0c87e63c6d1e7e9404d3dd212b51515d254a2254ee/detection cn36102.tmweb.ru /o40ypy0hwwr6x7tycm55w6pgmkftd/r0m1j2e3zgfazhs6r8x2w603/4057ff4bb273cce3b7c60daac775421c5bf03a7e.php /o40ypy0hwwr6x7tycm55w6pgmkftd/r0m1j2e3zgfazhs6r8x2w603/ /o40ypy0hwwr6x7tycm55w6pgmkftd/ /r0m1j2e3zgfazhs6r8x2w603/ /4057ff4bb273cce3b7c60daac775421c5bf03a7e.php /r0m1j2e3zgfazhs6r8x2w603/4057ff4bb273cce3b7c60daac775421c5bf03a7e.php # Reference: https://www.virustotal.com/gui/file/4cacca33e4823519cffa51e6d0f0226ef3b581024f57d8acc444427a636cb95e/detection http://194.226.139.141 http://94.103.80.73 /Packetbasetraffic.php # Reference: https://tria.ge/210731-v2zwybkdfs/behavioral1 http://94.250.248.166 /external_Packetupdatemulti.php # Reference: https://www.virustotal.com/gui/file/e0dbdf3dbc3203ede5b14a38d80f53203d6c14cda083f81f498fdbe394cdbcf3/detection cf99125.tmweb.ru /providerSecureWindows.php # Reference: https://www.virustotal.com/gui/file/60bd11a9eb239a95fa07a879822b4e4cc4b971f57971387c7c65542b48acb099/detection cv53487.tmweb.ru /defaultFlowerAsync.php # Reference: https://blog.talosintelligence.com/2021/10/crimeware-targets-afghanistan-india.html # Reference: https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/649/original/network_iocs_for_detection.txt 95.111.241.233:4563 95.111.241.233:8848 AbdaalRuhaani-27733.portmap.host # Reference: https://www.virustotal.com/gui/file/012fa663e73b01b030d4283bd6d1d23250e47ab6180fe6d1c0efc289a45af710/detection cq28540.tmweb.ru /lineToGeomultidb.php # Reference: https://www.virustotal.com/gui/file/dfb38282ee9f6bc18b4e9c6f0406e00dabc2fe57d76a4eec9722f9e0e7e07928/detection bitrix386.timeweb.ru cu85891.tmweb.ru # Reference: https://www.virustotal.com/gui/file/6718c04021467956503e7c53e7a6597fad77eafe88b080442d4168ab1081f32c/detection a0560022.xsph.ru # Reference: https://www.virustotal.com/gui/file/6dfc2ded144d897f001f26e050a1abb54d661b9fd9e855199caf41246cd0649b/detection a0480057.xsph.ru /dg6kx49844do2wpbwfc5s75x1y7rj8ig0sqnfxn1w0wceftcj8ijcvlvlj3q42sd5eloze2u68aktlra/fmph5agvjxo/c69cd7ffb036451638f1c24db25a0515740d8125.php /dg6kx49844do2wpbwfc5s75x1y7rj8ig0sqnfxn1w0wceftcj8ijcvlvlj3q42sd5eloze2u68aktlra/fmph5agvjxo/ /dg6kx49844do2wpbwfc5s75x1y7rj8ig0sqnfxn1w0wceftcj8ijcvlvlj3q42sd5eloze2u68aktlra/ /c69cd7ffb036451638f1c24db25a0515740d8125.php /fmph5agvjxo/ # Reference: https://www.virustotal.com/gui/file/887f455ee655af59acf845a6f7eec88be53d3e39aff9f3b09cb8e89d9e2c3726/detection a0524006.xsph.ru /hepac3jv5bkh5ycvi0d1ewjacma0xgd/wn21g8tolwy8n63qki92hcu82wxutf5dgq239jfp6ghb3008r5/34fa085d5cd7e6f47a1a85493422af8a14f97a19.php /hepac3jv5bkh5ycvi0d1ewjacma0xgd/wn21g8tolwy8n63qki92hcu82wxutf5dgq239jfp6ghb3008r5/ /hepac3jv5bkh5ycvi0d1ewjacma0xgd/ /wn21g8tolwy8n63qki92hcu82wxutf5dgq239jfp6ghb3008r5/ /34fa085d5cd7e6f47a1a85493422af8a14f97a19.php # Reference: https://www.virustotal.com/gui/file/90256b8d51135779431b9a7d02944d79e0c8b7f6a00ba19a5d08d4e252f39964/detection a0549308.xsph.ru /providerlongpollasync.php # Reference: https://www.virustotal.com/gui/file/a01d51b821fc25d9909c74771287e7782cf607a69c01e29037860e1e32399a0b/detection a0600399.xsph.ru # Reference: https://www.virustotal.com/gui/file/c6cabb4109dca04a0d3493c4dd00861f5dc727606e5fe9120d2fd3ebadbb476c/detection # Reference: https://www.virustotal.com/gui/file/ced32aa25118e81a5b12ad187f9372239eb440327f96f5c28a6ca7dd483b38a7/detection a0454147.xsph.ru /bdytbxyzt28mr240noe4rrg093adguvi02oc6/ /srxotvy8z6jic7vy7ah4oudisalxsdmkwfksgbennps3g6fd4u1zh26ojvzw3xucp4pz275y39bj89k8intmkl11/ /0226cf1a5d9ff16d620618544626a30aadc83dc5.php # Reference: https://www.virustotal.com/gui/file/752a2b36c51e70a340394df673dba33a6e4731629b1e624f9246030d80fa3003/detection a0429276.xsph.ru /3t5v7d7pegualb068qsj0nmxfghl0fuoh418iz6cinatqfor4v9akdq37rx9ycwvyee8ubs4swlgiac585m0/ /pdzkcqf0x4dyr2f2vlaf7e4rmrh72yr1bm6mhyue2zim1j4z0u6/ /a30a7e8d446e07feb3edd0a0387878b922679121.php # Reference: https://www.virustotal.com/gui/file/dacce09fd5829213606cef3f45d5bc43d4522183e54422eb4a5c7a404c69a6c2/detection rodik2020m.temp.swtest.ru # Reference: https://www.virustotal.com/gui/file/44f3eb01406921d5605933abce49e5fe04cfe6a73f3fcb7380dc99765043ea2a/detection cheff2019m.temp.swtest.ru # Reference: https://www.virustotal.com/gui/file/cacd507c94ebe53ab72ec0ca9352069e09f8b8dcfba64abd2054f227ad16e0b2/detection testedpo11.temp.swtest.ru # Reference: https://www.virustotal.com/gui/file/4bf6ec0d9ab95d7d7d4e1e7453a83ed731c9188fbe6d007834025f00791cdcb9/detection jlauka2018.temp.swtest.ru # Reference: https://www.virustotal.com/gui/file/41dcb2cb400c656826db00e368c5ddc4d254d69d5d9ab0cd6a63fd68bba2fb5f/detection a0439723.xsph.ru # Reference: https://www.virustotal.com/gui/file/b9024622a0e5c982db8b533e6c3a736d65d5c02bf01b4ff15d3fd770f4632443/detection a0439698.xsph.ru # Reference: https://www.virustotal.com/gui/file/e6af686fbb16722033095116708e650d4dc8094069d2047291e7fb374cc5edc1/detection a0438890.xsph.ru # Reference: https://www.virustotal.com/gui/file/b1ce6bb28fac9c93b1eec761dfcabcc7f37ea3ef8ef9fd388f42cb41ba2d8dc0/detection a0439294.xsph.ru # Reference: https://www.virustotal.com/gui/file/02a8462c5578ac09bd2c6657167a5103b0e91ad759b05f6d63e415b47cbcdcfb/detection a0440066.xsph.ru # Reference: https://www.virustotal.com/gui/file/9f66780f03e00ce6852d2bbb9ae2496b875871ae3cf8fd2a578596431ac3346f/detection a0523644.xsph.ru /c29bwyj1xuov8fe73uqhp09la6kkaphj7gm/x9ahvg1kp8jvucilm9rwee4ich/8e4fcd4fc1806a68c3bd06d79ba1b48b1ebe08b1.php /c29bwyj1xuov8fe73uqhp09la6kkaphj7gm/x9ahvg1kp8jvucilm9rwee4ich/ /c29bwyj1xuov8fe73uqhp09la6kkaphj7gm/ /x9ahvg1kp8jvucilm9rwee4ich/ /8e4fcd4fc1806a68c3bd06d79ba1b48b1ebe08b1.php # Reference: https://www.virustotal.com/gui/file/c8db435b9a380579b7ccf477a0030f6d8d143ff32df9148f6ed82407c5f86813/detection a0530848.xsph.ru /imageLinepipeGame.php # Reference: https://www.virustotal.com/gui/file/da2d2ccffac5d4877096cb5b787e10ac0817b5a56c3ff67f640ec80d47dfd258/detection a0550213.xsph.ru /Vmpacketbigload.php # Reference: https://www.virustotal.com/gui/file/8a55211db06abc570a3f0e6bc612d42a67f1face07d82a65cdcbac9a56c64923/detection a0552459.xsph.ru /CpuApisqltrack.php # Reference: https://www.virustotal.com/gui/file/6c231312fac958bb547368ae896a4e763d97d176eee5223f365c81ce3ffc3211/detection a0550354.xsph.ru /PollGeoprocessdefaultflower.php # Reference: https://www.virustotal.com/gui/file/17cb5a4dec6b16c87fa481f4d2e1cea4ed3c24a790dae776ba83fa5320f98ee2/detection a0615946.xsph.ru # Reference: https://www.virustotal.com/gui/file/34e8a3b9532e5475b8c62a21f836682bbe1e2479089bcc2a0b6646e66362d573/detection cb81657.tmweb.ru /pipeHttpAuthbasewordpress.php # Reference: https://www.virustotal.com/gui/file/5e40c4e18338a01645611f11f2caeb4eb5353bda96175f96c20526e16a5d3e14/detection cy50210.tmweb.ru /VideoVmJavascriptCentralTemporary.php # Reference: https://www.virustotal.com/gui/file/5e4f320e663b58088d396ca3c9a32bfcf3ef0fb0f26d21f70e3f4e0ef9c6a5a5/detection cu44809.tmweb.ru # Reference: https://www.virustotal.com/gui/file/a8b815767cc06b4e4c73c0ffaa73eda2d9bef6ba1da8fc62950c6b7b1343c160/detection http://80.78.240.210 /imageVideoupdateauthApi.php # Reference: https://www.virustotal.com/gui/file/7700b39073a305e9b3ae9e64e36dc507ff13caf82e3f0b8a812e76bbfabfc36d/detection # Reference: https://www.virustotal.com/gui/file/064e47140735631b988516748b833330b5c0844d6016b1c3d80c83c5c326cba2/detection http://92.63.106.112 /JavascriptauthMultibase.php /javascriptdefaultbase.php # Reference: https://threatfox.abuse.ch/ioc/315762/ http://176.126.103.126 /pythonjavascriptprotectFlowerDatalife.php # Reference: https://www.virustotal.com/gui/file/a1a4171c888bb45ba62753af9d69469a6eba3d9bffdc8ea46b6f37c61faa0c86/detection bigrussianfloppa.duckdns.org /externalbaseGeneratorTempdownloads.php # Reference: https://www.virustotal.com/gui/file/00603531bcf1c4db7431140d656e57a43887fe1103bbac67c91141804084f50e/detection allakorovi.temp.swtest.ru /Vm_processasync.php # Reference: https://www.virustotal.com/gui/file/5f615615c250fe6757004187cc0a1de547fbbb0fb922ea7d11838da7d98593be/detection 15.235.13.122:3000 # Reference: https://tria.ge/220209-d5xwlshba2/behavioral2 http://37.46.135.124 # Reference: https://tria.ge/220130-13xt6abccq/behavioral2 http://62.109.2.159 # Reference: https://tria.ge/220125-f2kszshddn/behavioral2 http://37.46.130.225 # Reference: https://tria.ge/220120-qjy8rsabdk/behavioral2 http://149.154.70.169 # Reference: https://www.virustotal.com/gui/file/f441ea0832309aa62b60882b28fbd5f4685fd75c0c188a1e4668237c5d0b30b9/detection # Reference: https://www.virustotal.com/gui/file/0e748d0654f213eb61a27174cf40a102b38d241185d49cb348cde07350b85c50/detection 154.16.248.110:8848 154.16.248.223:8848 172.83.152.101:8848 23.237.25.128:8848 23.237.25.226:8848 23.237.25.232:8848 79.101.204.213:8848 zerocool888.duckdns.org # Reference: https://www.virustotal.com/gui/file/d3d8c9bca1efbecedaa23e64e662214517926d481cc59edebc60145aabbf7730/detection http://192.236.192.143 # Reference: https://www.virustotal.com/gui/file/0be0e32f4f1dfcd37a3afdb938d27345cd42a3512fbe1ae0b1c209dbe060bf12/detection 51.81.142.111:7979 pearvh.ddns.net # Reference: https://www.virustotal.com/gui/file/0e8c253c11e409898c0c547c9fe47c6aa4441726061d8df6f7de32e7b6eb3f78/detection cf47501.tmweb.ru # Reference: https://www.virustotal.com/gui/file/ad2ef315d1e12b4f973eb23529f6c332fe67db210b59b588d6f1636003b240c1/detection cd86823.tmweb.ru /VmPythonserverTrafficdle.php # Reference: https://www.virustotal.com/gui/file/ff7db454e5873e61727042bb37d5359ef5c8e4e5510fced6f4e21c9f442c7c14/detection cy70433.tmweb.ru # Reference: https://www.virustotal.com/gui/file/8f831441d0959368d3ee7d27441fc1156d77e3bc0ea443760e98b8c54c068178/detection cr85089.tmweb.ru /imageBigloadDefaultDleLocal.php # Reference: https://www.virustotal.com/gui/file/aa255b75541e4e8163684cacedde6741f32e2622a0f6876a11caa4c9edb60c98/detection # Reference: https://www.virustotal.com/gui/file/3aa22c46f786e2718696a5916e7f494d16ac51f51aa5c7d36439642fc93bdbe9/detection 197.210.227.5:3428 197.210.55.176:3428 frank.ddnsking.com # Reference: https://www.virustotal.com/gui/file/ff3139e35eec5df931d732988e7a6b5612bb9f965ebb38708e4edbf1bebe2280/detection a0613874.xsph.ru /externaleternalApiTemporary.php # Reference: https://www.virustotal.com/gui/file/fa682ed24f520200484355c5fc07427103d1c53a6db60f96d059855bc1ccef7c/detection a0653333.xsph.ru /ExternalJavascriptProcessTraffic.php # Reference: https://www.virustotal.com/gui/file/f7dcbcdc69dc9091b4a243e43cbb020f45e3ec177bc8a375c61ec98615bf402f/detection a0643628.xsph.ru # Reference: https://www.virustotal.com/gui/file/ebcb5ce8775baac48a3211fc6a665b92ba5025cb9f37512ece0ca8fd28a70707/detection a0643626.xsph.ru /ToSqllinux.php # Reference: https://www.virustotal.com/gui/file/ded5891b6f8f7dffa6ca268fb1c686c1f2017af2473cada96c99401baa8c1c32/detection a0613505.xsph.ru /requestGeoProtectflower.php # Reference: https://www.virustotal.com/gui/file/dc11ec7791f71753d03cb63ed0c9ced53cb2e250a5413ccd8ec9ed609e2780ae/detection a0604955.xsph.ru /imageBaseTemptemporary.php # Reference: https://www.virustotal.com/gui/file/d8f25d4e26a04cbfb40a44650503e944c2a628ae255bbf7aa3e3a6ed38a16bb2/detection a0636388.xsph.ru /processauthDleTemporary.php # Reference: https://www.virustotal.com/gui/file/d67c934f491416949ea2f884dd92e1df963842b782883e7d2fcd3722e40b3051/detection a0615272.xsph.ru # Reference: https://www.virustotal.com/gui/file/d0ae81400fd405312a1f6e59846d9f494abc72f8075e592b4e63f227b2178ba4/detection a0605075.xsph.ru # Reference: https://www.virustotal.com/gui/file/d078590e47634128542985f434513e843c967b9097c6581c31b6c2bf704296f6/detection a0640235.xsph.ru /multiBasegeneratorPublicprivate.php # Reference: https://www.virustotal.com/gui/file/12e6398f73e2b6945d16b3d64ae0d905b06be81e208ebc37f47001fe6186352b/detection cv67410.tmweb.ru /45cztqral1d4n7tbl6l58ivvuctd6v05rfncjtl9y17hdjefk/h72y35q4jeb9tmr8r3us68aomn9p4eix2hh5vyp5eumkciwn4udxkkw0v3q8k/f597d04c819c3ce4e2ce6278ae7bb73632e22455.php /45cztqral1d4n7tbl6l58ivvuctd6v05rfncjtl9y17hdjefk/ /h72y35q4jeb9tmr8r3us68aomn9p4eix2hh5vyp5eumkciwn4udxkkw0v3q8k/ /f597d04c819c3ce4e2ce6278ae7bb73632e22455.php # Reference: https://www.virustotal.com/gui/file/fd54ce3addfbcd79126599cb8b8cb9b140dd9defde04058f16b633a004f8c5d5/detection ci40763.tmweb.ru /ek5o644jb1mblccz2keb7qypfo3oxnx8hvfs8crzzd02ek2jsmufgr4i9p3xuq6qhwr2838co7ihehmtn0m9u/wyxtdmxpgxg94nxdieqsmok7p68lo0mj7w5tlbwe1rvhf80drwl4nvhriip2vtf656jpbuzapzyi1gerejz3h5r/fdbccf8d3c2e2a0b76ff89809ce571594dcdcb70.php /ek5o644jb1mblccz2keb7qypfo3oxnx8hvfs8crzzd02ek2jsmufgr4i9p3xuq6qhwr2838co7ihehmtn0m9u/wyxtdmxpgxg94nxdieqsmok7p68lo0mj7w5tlbwe1rvhf80drwl4nvhriip2vtf656jpbuzapzyi1gerejz3h5r/fdbccf8d3c2e2a0b76ff89809ce571594dcdcb70.php /ek5o644jb1mblccz2keb7qypfo3oxnx8hvfs8crzzd02ek2jsmufgr4i9p3xuq6qhwr2838co7ihehmtn0m9u/ /wyxtdmxpgxg94nxdieqsmok7p68lo0mj7w5tlbwe1rvhf80drwl4nvhriip2vtf656jpbuzapzyi1gerejz3h5r/ /fdbccf8d3c2e2a0b76ff89809ce571594dcdcb70.php # Reference: https://www.virustotal.com/gui/file/f55a233ea31b463466defa5d5b3941699e76835a48d94ff8430a7ade30dbeddf/detection 193.161.193.99:59618 daddycitrix-59618.portmap.io # Reference: https://blogs.blackberry.com/en/2022/05/dirty-deeds-done-dirt-cheap-russian-rat-offers-backdoor-bargains # Reference: https://www.virustotal.com/gui/file/ae97918f7e22be53b7eb9778c11dec8d873989a2b798617a60b2d448fac5dc89/detection co44089.tmweb.ru /9rsk8lug9peq4f23cjhyo3fz2q7j81vhnvil6c6tjdc7adzbia1ki04d9p65b5wfe4ronb0rtm/4vsyc5bajheyp1gt5i63igklh15828uwuwsek0x0p9frsqy1l2boc3l936aratwc7jddw2djzm40u83r6f/d9475980a348412b6a890000bd9ece3a022be2e8.php /9rsk8lug9peq4f23cjhyo3fz2q7j81vhnvil6c6tjdc7adzbia1ki04d9p65b5wfe4ronb0rtm/ /9rsk8lug9peq4f23cjhyo3fz2q7j81vhnvil6c6tjdc7adzbia1ki04d9p65b5wfe4ronb0rtm/4vsyc5bajheyp1gt5i63igklh15828uwuwsek0x0p9frsqy1l2boc3l936aratwc7jddw2djzm40u83r6f/ /4vsyc5bajheyp1gt5i63igklh15828uwuwsek0x0p9frsqy1l2boc3l936aratwc7jddw2djzm40u83r6f/d9475980a348412b6a890000bd9ece3a022be2e8.php /4vsyc5bajheyp1gt5i63igklh15828uwuwsek0x0p9frsqy1l2boc3l936aratwc7jddw2djzm40u83r6f/ /d9475980a348412b6a890000bd9ece3a022be2e8.php # Reference: https://www.virustotal.com/gui/file/00dca02ce6a738439634bf9794859f7fbb40e9e62e6701743e32c786f8269f23/detection a0504029.xsph.ru /adao541rcdh52c1u906nlakpjbwh21p47fejgvlrbka4w7vuut63sm9/10jrzpo8v95hjxexofgi2kabmhbwb9xlgu27uwlplsenpz6bccts2nq2424gmtv3ykp74/694e9a452a200fae5d4a04b05733dbdbac6fef75.php /adao541rcdh52c1u906nlakpjbwh21p47fejgvlrbka4w7vuut63sm9/10jrzpo8v95hjxexofgi2kabmhbwb9xlgu27uwlplsenpz6bccts2nq2424gmtv3ykp74/ /10jrzpo8v95hjxexofgi2kabmhbwb9xlgu27uwlplsenpz6bccts2nq2424gmtv3ykp74/694e9a452a200fae5d4a04b05733dbdbac6fef75.php /10jrzpo8v95hjxexofgi2kabmhbwb9xlgu27uwlplsenpz6bccts2nq2424gmtv3ykp74/ /adao541rcdh52c1u906nlakpjbwh21p47fejgvlrbka4w7vuut63sm9/ /694e9a452a200fae5d4a04b05733dbdbac6fef75.php # Reference: https://www.virustotal.com/gui/file/0193945a5e4c654ae765e311a7bb0a5c1344ec3d5e7cf57f81620c6186d21841/detection a0635613.xsph.ru /SqlwindowsUniversalcdntemporary.php # Reference: https://www.virustotal.com/gui/file/fd949b25fcc548aac88535151d8f8ad7302307c56357d90d0aa1a01fc55c7956/detection a0501990.xsph.ru /1jajffbp8t6k71fa9icrwylrgp4udpd7z62oz7bgp87x9finxn/ke0ide6s5hf7zokwe/e776f8f27539e2705547b02779c1b90b8b204984.php /1jajffbp8t6k71fa9icrwylrgp4udpd7z62oz7bgp87x9finxn/ke0ide6s5hf7zokwe/ /ke0ide6s5hf7zokwe/e776f8f27539e2705547b02779c1b90b8b204984.php /1jajffbp8t6k71fa9icrwylrgp4udpd7z62oz7bgp87x9finxn/ /ke0ide6s5hf7zokwe/ /e776f8f27539e2705547b02779c1b90b8b204984.php # Reference: https://www.virustotal.com/gui/file/fc75f0331334f23072247d9eb4746e0c692b4bd724c6dc0bbf9f3093bb87105f/detection /f6sct0q3lp/f7btjg0za5k069v46cxllp8vh93bw8wc23y5l2ue3tergt0us4qzq2bi5w1gb0lpn4/49832f0846f8d279cad20b836d78b599e2c668da.php /f6sct0q3lp/f7btjg0za5k069v46cxllp8vh93bw8wc23y5l2ue3tergt0us4qzq2bi5w1gb0lpn4/ /f7btjg0za5k069v46cxllp8vh93bw8wc23y5l2ue3tergt0us4qzq2bi5w1gb0lpn4/49832f0846f8d279cad20b836d78b599e2c668da.php /f6sct0q3lp/ /f7btjg0za5k069v46cxllp8vh93bw8wc23y5l2ue3tergt0us4qzq2bi5w1gb0lpn4/ /49832f0846f8d279cad20b836d78b599e2c668da.php # Reference: https://www.virustotal.com/gui/file/f638a72eec11f20c56d6863b048f8f2d1a69cbb43512486454b48d0598a915d0/detection a0620849.xsph.ru /To_requestsqlgenerator.php # Reference: https://www.virustotal.com/gui/file/f3910b4183705723698873055e2b8808ea4066ab9cbe0a65e65aed6f8027c287/detection a0547090.xsph.ru # Reference: https://www.virustotal.com/gui/file/f2a111bdc9a0fcff64c138c71e88cce5a2af06fdb323d6837d2449f377eb6b1b/detection a0511040.xsph.ru /ukntk5p5n3tkgyaa0kbzjqix6j82bc537oszjacooeung0v0f792fgoylh8zy3acp4r15j8p4i4e1vlusgl3pe/ia0g7rcp5ce07fq5shkvr462bvc8mwltmotn501xr65whdvcoq9tbslfwo1g7onfqye81qwi/b7594eb1766c3f4c49239eb927b936bfae118dc4.php /ukntk5p5n3tkgyaa0kbzjqix6j82bc537oszjacooeung0v0f792fgoylh8zy3acp4r15j8p4i4e1vlusgl3pe/ia0g7rcp5ce07fq5shkvr462bvc8mwltmotn501xr65whdvcoq9tbslfwo1g7onfqye81qwi/ /ia0g7rcp5ce07fq5shkvr462bvc8mwltmotn501xr65whdvcoq9tbslfwo1g7onfqye81qwi/b7594eb1766c3f4c49239eb927b936bfae118dc4.php /ia0g7rcp5ce07fq5shkvr462bvc8mwltmotn501xr65whdvcoq9tbslfwo1g7onfqye81qwi/ /ukntk5p5n3tkgyaa0kbzjqix6j82bc537oszjacooeung0v0f792fgoylh8zy3acp4r15j8p4i4e1vlusgl3pe/ /b7594eb1766c3f4c49239eb927b936bfae118dc4.php # Reference: https://www.virustotal.com/gui/file/ea6fc1630a4ed56abe7d83529ce0c1ae122c11bde401048871d0513510e50f8e/detection a0547138.xsph.ru # Reference: https://www.virustotal.com/gui/file/e851b030549e4e022b46ec88fdec6a8aaf4ff41184332be8ac4cfeb8d4c7ec17/detection a0506233.xsph.ru /xjq3mmrkeov8cn4ydhcd/j4h220yu1ohi57exxz4dhsa3t7znjumbe5nmvw3rdgwga/80dc5955c8bef80ffc6828492786eb8ca61f8997.php /xjq3mmrkeov8cn4ydhcd/j4h220yu1ohi57exxz4dhsa3t7znjumbe5nmvw3rdgwga/ /j4h220yu1ohi57exxz4dhsa3t7znjumbe5nmvw3rdgwga/80dc5955c8bef80ffc6828492786eb8ca61f8997.php /j4h220yu1ohi57exxz4dhsa3t7znjumbe5nmvw3rdgwga/ /xjq3mmrkeov8cn4ydhcd/ /80dc5955c8bef80ffc6828492786eb8ca61f8997.php # Reference: https://www.virustotal.com/gui/file/e7589f12f5f6bd06cb353809cae963730aaac1829327474793f0c8028a5d6548/detection a0499458.xsph.ru /mjcstx05nas5guqmw74orf9aue1eqvlexi469bpjprkg30ezp8boa0hg2u29w3tdifq6more/sd9fzlf0mzptv876giu43a8o8c6n7ygq8jz19ext452cyyaren36whfix1jpug46ki5s/3853f5654eb40f9911242115ee8218fff8de6ae8.php /mjcstx05nas5guqmw74orf9aue1eqvlexi469bpjprkg30ezp8boa0hg2u29w3tdifq6more/sd9fzlf0mzptv876giu43a8o8c6n7ygq8jz19ext452cyyaren36whfix1jpug46ki5s/ /sd9fzlf0mzptv876giu43a8o8c6n7ygq8jz19ext452cyyaren36whfix1jpug46ki5s/3853f5654eb40f9911242115ee8218fff8de6ae8.php /mjcstx05nas5guqmw74orf9aue1eqvlexi469bpjprkg30ezp8boa0hg2u29w3tdifq6more/ /sd9fzlf0mzptv876giu43a8o8c6n7ygq8jz19ext452cyyaren36whfix1jpug46ki5s/ /3853f5654eb40f9911242115ee8218fff8de6ae8.php # Reference: https://www.virustotal.com/gui/file/e34ac32e1ed63dbac5f1ea54b05aa670339db0ddd786ae4fd3c484c22091d86b/detection a0512913.xsph.ru /s81o2tn5p605rt71m6u3jghhb0b03qsa44oddlsjaytzt4paz2pq7a7oj7biqe39/528mdec649upg6f2ra5ytesid3dvl9nh45b4pwlanpm7biqaaqrvqxgx0gtug31n7bt9e4ml77f3w6/1942c9b90273e2f2fa8a022e10535d3d226e3d07.php /s81o2tn5p605rt71m6u3jghhb0b03qsa44oddlsjaytzt4paz2pq7a7oj7biqe39/528mdec649upg6f2ra5ytesid3dvl9nh45b4pwlanpm7biqaaqrvqxgx0gtug31n7bt9e4ml77f3w6/ /528mdec649upg6f2ra5ytesid3dvl9nh45b4pwlanpm7biqaaqrvqxgx0gtug31n7bt9e4ml77f3w6/1942c9b90273e2f2fa8a022e10535d3d226e3d07.php /528mdec649upg6f2ra5ytesid3dvl9nh45b4pwlanpm7biqaaqrvqxgx0gtug31n7bt9e4ml77f3w6/ /s81o2tn5p605rt71m6u3jghhb0b03qsa44oddlsjaytzt4paz2pq7a7oj7biqe39/ /1942c9b90273e2f2fa8a022e10535d3d226e3d07.php # Reference: https://www.virustotal.com/gui/file/dd6a597309522bf6cd51cdbbf7a17a3148f2b1367ea87aa5b54a4cda76d12e24/detection a0509262.xsph.ru /hb1gymx2f7szz1rahc7jn5x4fu943e0k4te0y/36fll0sqbzxn79ia7wdc/1db7cb52a48c5e4b186a7ab240d346d4d5c54eda.php /hb1gymx2f7szz1rahc7jn5x4fu943e0k4te0y/36fll0sqbzxn79ia7wdc/ /36fll0sqbzxn79ia7wdc/1db7cb52a48c5e4b186a7ab240d346d4d5c54eda.php /36fll0sqbzxn79ia7wdc/ /hb1gymx2f7szz1rahc7jn5x4fu943e0k4te0y/ /1db7cb52a48c5e4b186a7ab240d346d4d5c54eda.php # Reference: https://www.virustotal.com/gui/file/d98b8c3e36db621aea1b70e30290c8df7ed5f16585285c8af3e83bac6121ed44/detection a0636042.xsph.ru # Reference: https://www.virustotal.com/gui/file/d720cd83354d772ed43d388ca6117257b4e77c74550f9140a8311fc564c8c0ad/detection a0636235.xsph.ru # Reference: https://www.virustotal.com/gui/file/d4a3c8464081d0f33ddc2d954f35f678c9da896f1ea14a5ca5c21e3fab34635e/detection a0607571.xsph.ru /javascriptsecureauthGameuniversal.php # Reference: https://www.virustotal.com/gui/file/d379acd0508f62cd1074da129c2a1d6478fae5c10ae0de05005b05e268ae779e/detection a0512176.xsph.ru /47hcq7zohwim1npp2lf3x16dq4ue/yyiq8nqjfxjxl7r7ttgodhimeln9wp55alx9ujrvikb2ba33w/8be8b684d4f6852a286a4b2b0ae48476765c4d4e.php /47hcq7zohwim1npp2lf3x16dq4ue/yyiq8nqjfxjxl7r7ttgodhimeln9wp55alx9ujrvikb2ba33w/ /yyiq8nqjfxjxl7r7ttgodhimeln9wp55alx9ujrvikb2ba33w/8be8b684d4f6852a286a4b2b0ae48476765c4d4e.php /47hcq7zohwim1npp2lf3x16dq4ue/ /yyiq8nqjfxjxl7r7ttgodhimeln9wp55alx9ujrvikb2ba33w/ /8be8b684d4f6852a286a4b2b0ae48476765c4d4e.php # Reference: https://www.virustotal.com/gui/file/cd22545cd8815721dd36621d53c0a759a9a7db32e9709b9810cddfe320f54bce/detection a0505523.xsph.ru /rxrz942aiuu4l8pz911zftk80r96wapccjubcecid2dnukfb1l7vkft3vyy07gao6txs5v5dxil5/olvsy92ekms4xtegh8ut2uaglv9sx3c80fng5kdqe8jn6itjnc18qlnjuiw31zro2xao327x46c5w34/3444644e44c1647371bd5dfb1f4c154e2628a7d9.php /rxrz942aiuu4l8pz911zftk80r96wapccjubcecid2dnukfb1l7vkft3vyy07gao6txs5v5dxil5/olvsy92ekms4xtegh8ut2uaglv9sx3c80fng5kdqe8jn6itjnc18qlnjuiw31zro2xao327x46c5w34/ /olvsy92ekms4xtegh8ut2uaglv9sx3c80fng5kdqe8jn6itjnc18qlnjuiw31zro2xao327x46c5w34/3444644e44c1647371bd5dfb1f4c154e2628a7d9.php /olvsy92ekms4xtegh8ut2uaglv9sx3c80fng5kdqe8jn6itjnc18qlnjuiw31zro2xao327x46c5w34/ /rxrz942aiuu4l8pz911zftk80r96wapccjubcecid2dnukfb1l7vkft3vyy07gao6txs5v5dxil5/ /3444644e44c1647371bd5dfb1f4c154e2628a7d9.php # Reference: https://www.virustotal.com/gui/file/c9799f909a0bf09ef5fab57929cd0de349aad34c2456e8dd076a878921427a43/detection a0502373.xsph.ru /95d8wtybliyy4c6xga0vs1uzc9/qrle8kye8zrfk7b4iz7m25gyxpioon3nz23wm32t26zcds0ve6szgcemt2a9fsbp5n85s6avj3bwvc1amj5guh47d/1689e55ee8d0b7689e40485576d1d8903252a398.php /95d8wtybliyy4c6xga0vs1uzc9/qrle8kye8zrfk7b4iz7m25gyxpioon3nz23wm32t26zcds0ve6szgcemt2a9fsbp5n85s6avj3bwvc1amj5guh47d/ /qrle8kye8zrfk7b4iz7m25gyxpioon3nz23wm32t26zcds0ve6szgcemt2a9fsbp5n85s6avj3bwvc1amj5guh47d/1689e55ee8d0b7689e40485576d1d8903252a398.php /95d8wtybliyy4c6xga0vs1uzc9/ /qrle8kye8zrfk7b4iz7m25gyxpioon3nz23wm32t26zcds0ve6szgcemt2a9fsbp5n85s6avj3bwvc1amj5guh47d/ /1689e55ee8d0b7689e40485576d1d8903252a398.php # Reference: https://www.virustotal.com/gui/file/c010d0c7128593451922c1513c9b4afa3453e3c9f73e3eb164689cdaf246b372/detection a0615320.xsph.ru /EternalGeneratorwordpressprivate.php # Reference: https://www.virustotal.com/gui/file/c00bda11c896a535e69e122d9727f19346bf75bc601e4f599abba928c94a5c1b/detection a0509427.xsph.ru /0mqeh34ok06sgd36e5t/dp6mhcfn80s3jnls9hhje7q9i74e8fnotkr5zkg9354fbqj57xyjbkrd9god5mm68/f32ab53a4e9a006cb78f5151fe42a10eb173f34b.php /0mqeh34ok06sgd36e5t/dp6mhcfn80s3jnls9hhje7q9i74e8fnotkr5zkg9354fbqj57xyjbkrd9god5mm68/ /dp6mhcfn80s3jnls9hhje7q9i74e8fnotkr5zkg9354fbqj57xyjbkrd9god5mm68/f32ab53a4e9a006cb78f5151fe42a10eb173f34b.php /0mqeh34ok06sgd36e5t/ /dp6mhcfn80s3jnls9hhje7q9i74e8fnotkr5zkg9354fbqj57xyjbkrd9god5mm68/ /f32ab53a4e9a006cb78f5151fe42a10eb173f34b.php # Reference: https://www.virustotal.com/gui/file/b76d4d55a77e60335c601937e5640e9340d81958c0fe3d7589200437114ee289/detection a0530235.xsph.ru # Reference: https://www.virustotal.com/gui/file/b6e5eb6c4977b9d2fc3450f329df3d278520113b7f4971957e3fe6d298087fec/detection a0507655.xsph.ru /tgm1bkvusaettq/25ke48f4rznl2/e911ccbf80878043841ae566261d6d088e7b9f76.php /tgm1bkvusaettq/25ke48f4rznl2/ /25ke48f4rznl2/e911ccbf80878043841ae566261d6d088e7b9f76.php /25ke48f4rznl2/ /tgm1bkvusaettq/ /e911ccbf80878043841ae566261d6d088e7b9f76.php # Reference: https://www.virustotal.com/gui/file/0058b8d9c8c1158938c5cb6bb8812d745720df7d930f922ff62503ec64c016f9/detection f0489337.xsph.ru /4co6nkvlyzq7nnxoghatiyygje7dvtis5i4rkcil1/daqvp0s8mjwvvt95z7311j2qc3po9qsxe0eyhf6ryaktqute8248i1f5ru822hjnjt4zbkivjakrr40tl/fc8ba6c59d8743c977012be26c9b31afc585846a.php /4co6nkvlyzq7nnxoghatiyygje7dvtis5i4rkcil1/daqvp0s8mjwvvt95z7311j2qc3po9qsxe0eyhf6ryaktqute8248i1f5ru822hjnjt4zbkivjakrr40tl/ /daqvp0s8mjwvvt95z7311j2qc3po9qsxe0eyhf6ryaktqute8248i1f5ru822hjnjt4zbkivjakrr40tl/fc8ba6c59d8743c977012be26c9b31afc585846a.php /4co6nkvlyzq7nnxoghatiyygje7dvtis5i4rkcil1/ /daqvp0s8mjwvvt95z7311j2qc3po9qsxe0eyhf6ryaktqute8248i1f5ru822hjnjt4zbkivjakrr40tl/ /fc8ba6c59d8743c977012be26c9b31afc585846a.php # Reference: https://www.virustotal.com/gui/file/819a6e842b7837d2b08acaf4fe967fbe5773d508ac7942edcd78813138184c77/detection http://149.154.70.81 /zb71wvnuncm5g37hb4doz0gkhfy6rxo1fscb6u9uudo2yp6rp9q0vsj28/3lc4qki7n2954yke05xqzvlfp48v59novo4fg88h4fzmtfwa8cbkrmxji1hbo9smr6l7ppgle/5a2194a364aeae82c34648c9543e8ee7725f5bb5.php /zb71wvnuncm5g37hb4doz0gkhfy6rxo1fscb6u9uudo2yp6rp9q0vsj28/3lc4qki7n2954yke05xqzvlfp48v59novo4fg88h4fzmtfwa8cbkrmxji1hbo9smr6l7ppgle/ /3lc4qki7n2954yke05xqzvlfp48v59novo4fg88h4fzmtfwa8cbkrmxji1hbo9smr6l7ppgle/5a2194a364aeae82c34648c9543e8ee7725f5bb5.php /3lc4qki7n2954yke05xqzvlfp48v59novo4fg88h4fzmtfwa8cbkrmxji1hbo9smr6l7ppgle/ /zb71wvnuncm5g37hb4doz0gkhfy6rxo1fscb6u9uudo2yp6rp9q0vsj28/ /5a2194a364aeae82c34648c9543e8ee7725f5bb5.php # Reference: https://www.virustotal.com/gui/file/003ffe92e0586bdfc75e35fce3d959a2be1f1003a6f60591ffe671fa7bad632a/detection cg38346.tmweb.ru /06qd02/4k4fu7wdr8yn18sfc4imxod979kt3jmtzad4vrpbz5vvul5wpom/65c42b42653fba838f215c3150f7a59527ad3b3c.php /4k4fu7wdr8yn18sfc4imxod979kt3jmtzad4vrpbz5vvul5wpom/65c42b42653fba838f215c3150f7a59527ad3b3c.php /4k4fu7wdr8yn18sfc4imxod979kt3jmtzad4vrpbz5vvul5wpom/ /65c42b42653fba838f215c3150f7a59527ad3b3c.php # Reference: https://www.virustotal.com/gui/file/0a66fab23fc185a17155e98e68315898fbab45bf6a5120d40734f1d0e17ed0bf/detection ct51793.tmweb.ru /vmpolllowprotect.php # Reference: https://tria.ge/220513-1c14wsbhb8/behavioral1 # Reference: https://tria.ge/220513-epmldaccb8/behavioral1 http://31.148.99.171 # Reference: https://www.virustotal.com/gui/file/eed1a9f0ec43c5ae892d3405db010421f0961d53a0728c5f298d45baa31f9e92/detection a0679997.xsph.ru # Reference: https://www.virustotal.com/gui/file/6db9070ee1d70e0d24eee9794c461f7bc8be994f7fe7ad721ade2fe3b09bde42/detection a0662376.xsph.ru /providersecureApiLinux.php # Reference: https://www.virustotal.com/gui/file/73583b83b0864479a0731f3d7aa8986f20415ce961774b13029ada8b778790ac/detection 154.12.230.109:8848 # Reference: https://www.virustotal.com/gui/file/06ad34aa4dc9bdef0a3bc023060110d6f879774411ed397caf07f00d5d6f2a4f/detection a0684770.xsph.ru # Reference: https://cert.gov.ua/article/405538 (# Ukrainian, UAC-0113) # Reference: https://www.virustotal.com/gui/file/2b2438aa8da7c23e714f2d7a196d82ed52914c9353ef9fded01448216bd858ff/detection plexbd.net/MSCommondll.exe plexbd.net/MSCommonDriver.exe datagroup.ddns.net /PythonHttpGeolongpolldefault.php # Reference: https://www.fortinet.com/blog/threat-research/ukraine-targeted-by-dark-crystal-rat star-cz.ddns.net # Reference: https://www.virustotal.com/gui/file/0007015ce9090fc52712bc0148a974c643fc570b56d8d78765a6fbde9953639d/detection hyuihyuihyuihyuihyuihyuihyuihyuihyuihyuihyu.site # Reference: https://www.virustotal.com/gui/file/b64e011891245dfd504c35145c073ab37a7298ca12ba7c0b40190f83bfba5566/detection http://149.154.70.91 /phprequestApiuniversalpublic.php # Reference: https://www.virustotal.com/gui/file/1f97e20f092479de14e6ecc4debcbc835528a0de8d75c5f2ac36d9c24d08555b/detection http://149.154.70.79 # Reference: https://www.virustotal.com/gui/file/1e1ddbd0db9aeff25d220aaa65a1118c38b90e6ad3d268fd4b47ec898bf3d17a/detection http://87.236.146.23 /Temp5To/HttpPollUniversalgame/sql/02Httpcdn/httpLinux.php # Reference: https://www.virustotal.com/gui/file/ced36829a9dcff10487b26b9c931c399f4dba93ae3a226c0174426ee02b0c8f9/behavior/VirusTotal%20Jujubox http://185.46.10.74 /Vm_Servercentral.php # Reference: https://github.com/ti-research-io/ti/blob/main/ioc_extender/ET_DCRat_Related.json bomber.dcrat.ru # Reference: https://www.virustotal.com/gui/file/ba532af8694c6cb7ed64a3967366e9356082f1038e7983f7829ad94f55bb0cf6/detection # Reference: https://www.virustotal.com/gui/file/f5e5848f11cb330a78ae2c4177ba72a229a7298894061436abcf5bec3c70b752/detection a0698769.xsph.ru # Reference: https://www.virustotal.com/gui/file/00671603a647502a53d1fea47406952e22d1de35151f6f3aa187e209da5f1793/detection a0546152.xsph.ru /lowUpdategameflower.php # Reference: https://www.virustotal.com/gui/file/180bdaa12e54e3cc55aec3b80ef124626b997145c520125e96ed750c0a815857/detection clmonth.nyashteam.ml 1002.clmonth.nyashteam.ml 1006.clmonth.nyashteam.ml 1007.clmonth.nyashteam.ml 1008.clmonth.nyashteam.ml 1648.clmonth.nyashteam.ml 2069.clmonth.nyashteam.ml 2255.clmonth.nyashteam.ml 23457.clmonth.nyashteam.ml 2765.clmonth.nyashteam.ml 28958.clmonth.nyashteam.ml 2945.clmonth.nyashteam.ml 3587.clmonth.nyashteam.ml 3598.clmonth.nyashteam.ml 5422.clmonth.nyashteam.ml 5687.clmonth.nyashteam.ml 61633.clmonth.nyashteam.ml 7485.clmonth.nyashteam.ml 7539.clmonth.nyashteam.ml 7865.clmonth.nyashteam.ml 7885.clmonth.nyashteam.ml 7935.clmonth.nyashteam.ml 9076.clmonth.nyashteam.ml # Reference: https://www.virustotal.com/gui/file/9fd9b29ea8b6c727dcf1853272ce5b8e4a18ed109e38b0c4857a601e41f81b13/detection eternity.fbkw.ru /supersecret/getlatestversionnnncnnnnnnnnnnnnnnnnnnnnannnnnnnnnnnnnnnnnnnnnnnnannnaaa.php /secretet/vZGOpKmEUkU7BDMvGUZ97QNikJvrOmXSGsjWZ8g0kbT4Nv.php /getlatestversionnnncnnnnnnnnnnnnnnnnnnnnannnnnnnnnnnnnnnnnnnnnnnnannnaaa.php /vZGOpKmEUkU7BDMvGUZ97QNikJvrOmXSGsjWZ8g0kbT4Nv.php # Reference: https://twitter.com/MBThreatIntel/status/1556683337258782720 # Reference: https://www.virustotal.com/gui/file/c90bd7b3e642eba0ab5a1153dde46a1c01131a773956f54801c7380ba037e6b6/detection sublimetext.me h925402f.beget.tech /ServerDefaultBasedatalifedownloads.php # Reference: https://www.virustotal.com/gui/file/0fd56384d2b39661d2a81b16bd5aa72ae4deb023dda532796acc94516fc1b9de/detection # Reference: https://app.any.run/tasks/ccecbcd8-f578-40c7-be8a-8bf59e751e0e/ a0682132.xsph.ru narzieo9.beget.tech /SecurebaseTraffic.php /updateapidbCentral.php # Reference: https://www.virustotal.com/gui/file/03d2ea4dd1ce66403b7977dfdf6fc2a9708425fee1d9b4792ac465578788c61d/detection a0521453.xsph.ru /voir02dspjj3azy9xnvqpidhtx1ih6ymcnf7qk7nbjm3gg4lrqpukwjr8twctg5rt297dx6eg5/p7v8ksbrt61jpbbemgmk6wzh6n/c62e14ab2c403943c7e5f1f40282c9a92a2d1d0c.php /voir02dspjj3azy9xnvqpidhtx1ih6ymcnf7qk7nbjm3gg4lrqpukwjr8twctg5rt297dx6eg5/ /p7v8ksbrt61jpbbemgmk6wzh6n/c62e14ab2c403943c7e5f1f40282c9a92a2d1d0c.php /p7v8ksbrt61jpbbemgmk6wzh6n/ /c62e14ab2c403943c7e5f1f40282c9a92a2d1d0c.php # Reference: https://www.virustotal.com/gui/file/21cb6213795cabdcb33cd3102017a9e2a4ad31395976edf02311423ad0f622af/detection a0703775.xsph.ru # Reference: https://www.virustotal.com/gui/file/09342b36eeaad27a94f1fd6817bf161cf1c9194709ce8fe869afccd4239f4db3/detection a0554670.xsph.ru /PacketgamemultiFlowerTraffic.php # Reference: https://www.virustotal.com/gui/file/005cc836619526899f69218adb2a46f51f4847d8b43c36a7821c3c9a1abc1110/detection http://86.110.212.29 # Reference: https://www.virustotal.com/gui/file/2aebe64ad1d7e84b2111b0571276c760eeabd6b641c89c09ba2d9ef95cd883c8/detection a0710769.xsph.ru /externalCdntemporary.php # Reference: https://www.virustotal.com/gui/file/03d0857d5817b72bd95ebb768b41c8d0bd819ad041289ff378dbac621bee2597/detection asdfadawdawd.ru /externalauthdbwpPrivate.php # Reference: https://www.virustotal.com/gui/file/07dd506c59ad8f994f52611247eed8275201d0acb24c1341e33ffd75cceaac85/detection a0521182.xsph.ru /ac80iuazteg5lj5e610udcmw3t2xlqrf8oy0pi2/iryj0onjpw3m3xchqsi9zi5k1ghin9p6tk41ers9ejlkmbg60vbhj4hkxlr/kor3vehmv2ztwnlzxsqpgzp8p6haj3coqm6qd54clt61n9fuohygfwmixdi/d96da147ddc7c66170035f82a42d9c2f.php /ac80iuazteg5lj5e610udcmw3t2xlqrf8oy0pi2/iryj0onjpw3m3xchqsi9zi5k1ghin9p6tk41ers9ejlkmbg60vbhj4hkxlr/kor3vehmv2ztwnlzxsqpgzp8p6haj3coqm6qd54clt61n9fuohygfwmixdi/ /ac80iuazteg5lj5e610udcmw3t2xlqrf8oy0pi2/iryj0onjpw3m3xchqsi9zi5k1ghin9p6tk41ers9ejlkmbg60vbhj4hkxlr/ /iryj0onjpw3m3xchqsi9zi5k1ghin9p6tk41ers9ejlkmbg60vbhj4hkxlr/kor3vehmv2ztwnlzxsqpgzp8p6haj3coqm6qd54clt61n9fuohygfwmixdi/ /ac80iuazteg5lj5e610udcmw3t2xlqrf8oy0pi2/ /iryj0onjpw3m3xchqsi9zi5k1ghin9p6tk41ers9ejlkmbg60vbhj4hkxlr/ /kor3vehmv2ztwnlzxsqpgzp8p6haj3coqm6qd54clt61n9fuohygfwmixdi/ /d96da147ddc7c66170035f82a42d9c2f.php # Reference: https://www.virustotal.com/gui/file/3c167c067abc30c62d2d74e7409d65cc84ae051a868ce55ee0a1f4de0a3059fb/detection cw85895.tmweb.ru # Reference: https://www.virustotal.com/gui/file/000f3f7a71b10f42d32371c5dff7b974300a45fa35f9a7d8024a4ec4fcabab41/detection a0709015.xsph.ru /pollFlowerAsyncwordpress.php # Reference: https://www.virustotal.com/gui/file/00775bf2d98db532ca754489e9f262bbead5f19e6a5b2114e9f3fc989e70dde9/detection a0706820.xsph.ru # Reference: https://www.virustotal.com/gui/file/035e94c3897695d24524b01e141f8c904034e15bf0d6492d8005b81d8c1e1424/detection asos.bar /bigloadMultiBase.php # Reference: https://www.virustotal.com/gui/file/2a833361299f6bd61506cf3ac29e25fa960467657cc92f23a6d36bd65a4aabd5/detection a0685116.xsph.ru # Reference: https://www.virustotal.com/gui/file/d4d8519fb5cb89f65a29db531034be71cb4c41188c512e01eb48c0ff9e9175f7/detection a0715881.xsph.ru # Reference: https://www.virustotal.com/gui/file/7aa907117d7dc41bcf159506536af6d2b76f2ac49adbacbb9748ac09917310ef/detection a0715314.xsph.ru # Reference: https://twitter.com/MisterCh0c/status/1123890895605194752 # Reference: https://app.any.run/tasks/39dc7c95-2f60-4a0f-b962-5abb688817ba darkcrystalrat29.000webhostapp.com uproxies.myarena.ru # Reference: https://www.virustotal.com/gui/file/b88b12d7dc8c791383f11a7f2083b0f16d353c6e47615b10bc533c36ef893e96/detection mamont1337.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/b4d86cc2a6d1417ab614fd759cadbdd03750511cda2cd4d063b92b1daae6cffe/detection pwnova.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/0f1611211d77702a6f7dd5f1110afdf85bd3d6d2d0d2f569fe2a4962acec2de8/detection payloads-poison.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/3f17bcfc62559226df10d47eb9769b32c7c2ef5ad44889f0c253e1fcc5d68dea/detection zorgehnajamn.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/ef486eaf9407e020a911c8795e334b6be98cf84386ac3eeaa25488c975b47227/detection ponchikgribov.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/c0741e25484d3ed9ab786a852564500602186b59638397ffbe37eab9182a7512/detection holohololo.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/561f3702f2bc11607012f82894475da814052c925d7d2afd242a95dc5f5a7363/detection mabuch.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/ebb67c781269d75cc4aa1c5aacdc4ab1289a603dc5532ccc2fb7dbbed284d786/detection 0x01f1.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/bbde4f9a20c30515c9c163709e7fb670d296e087f486278a3017fdaeea282114/detection supercraftalex.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/0783ad7db9e4f015a8c4a2100da925c43e9197996463f03194519aa8a70d6328/detection silentscanner.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/de622b50da9fad14bee683c2d46ffa167a453d8cd0d31f7a86d72d2cf5de8b13/detection thedonserver2.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/a69604b7a62ff5eab64e011fbe653d83b0d7e854633528aedb98a27a300e9cdb/detection vanityss0.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/fa76b811f2ea98f5c356bac7d2c27cca58c7db23729307fed74650c7ee95075f/detection allopathic-trays.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/6ad0fb9af26cd895584d71f89186754ab9263c6034126f8ae2be9a85a8ea3482/detection fritroser.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/9c370e4919315bd7b718e4ccdf605f2332ab672b53209c12dfdd22ebd5bf63b6/detection cuberdragon.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/7bb559915ee54376af490aec3354df9d024f4c80878eb5c976caf98aff430d7e/detection spikerr.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/50d8c57679ebf98a325f0cca86309fbd757964accd8e694cc31553c792551c5b/detection hkmksmsjn.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/fcf3dd30c43dbd3fb8db46ffbd90aa898f821acd5f77c79b0f22da4ef824010e/detection eliseyhaise1488.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/1c7fbedcbbe92c3c00c58d75ed8f02ddc79ce3af209f68305758a785200b09a9/detection nosky777.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/f0bd98484d599b26d067ae42c5baf4cacf88170d397b5bf805c3cb8fb558aaa2/detection zorgehnajamn.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/eb94e806bfd7e5e3aa1a5aee781150cc7e1e83af22a6c0194c6138673a006fb0/detection jssh.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/92e6d7a6e8e9bdf59d8c92f54ef8f076b04ea31d62e20e83add00d70f53f0373/detection superacute-barrier.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/d1f9e8d2c091a5ec29a0420ed3a2002209689799ec7babcf1e1ff81775234d53/detection filesfloader.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/d4a47a202068cf51c8b10381cbdd414f24af4a7c7562b97472540d7a02646d09/detection diversionary-turbul.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/f3261eab08f0316d237bb474734674acd4a8eeb183331ce689d1cee57de94218/detection hkmksmsjn.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/873baf17585637276230e7c7b358321ac0e7f9c1e64878b708a030104836e7d6/detection rat21212121.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/769609d8870d14efe8688affabf153dd287dd7ca97ea81b921704bab1752c150/detection nikotsu.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/f8eda3c1be8522ab6afd7e8f259ec592292b7940a7f9ee189ecdd5b9ccee2eb9/detection labscreenshare.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/c3309c40ed05075598d9a44d06be2a5eea0c25ce11e2741e5e1e5239b0f0259e/detection kasumeauth.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/a8d4bfcf4a966ac593f31cf8fe82b8f133034066859acb8bb54fc19577b35d14/detection denotable-guide.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/aff3a5987ebd22e6bab2845e8b5f033149d9f6fd38c1c19f63a9b666a78cda84/detection wolfgt.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/7def4faac6dca29bd03a5b4bcd3e5ead02fdb6318a0b308f88d9cc16065c729c/detection ratfunpay.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/5ce86179014d6b741a6be05600151c2cf7f6140dc4115e05e3f2261484e677c1/detection testforpurp.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/b8850467013fa029a51489ee66554fd70296690713a07d80eef978f8871ae8e4/detection telenor-location-setup.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/47b664ab4e3913721c25763104d534a2585a9f3464b20d5a0b3604b877543ece/detection hutech123.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/71a5ced54a8792c354b729bbbdd97a132ee32acc332e7cc2136d5fd158bd0dca/detection dcrettting.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/6fb1b51833dd0eea891ea931b2b4d54835f5b19791b4065babea5538c4d982a6/detection masha1488.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/1ea8e7c9a99f93222159b00b3713de60ab6364a93a62b18fc24f572922edef86/detection asbfbzvfhsebh.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/04f0cbef22ec452eb8024aabe693157d03a1d6ff488600b541483d11895eba90/detection asdasd1010.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/46667d51bd5a6cf6bb93ea291a95ac66fe65459f17d001c40b9a2978bb0fe1ca/detection mrbigg.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/282cb1832225f49f62850ea57f5227dfadf7a118a609d7ea1488cae8c1029990/detection mrbiggg.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/ab8f00944d1323c75dedce595036a16765ada233648e247afc30bc76e7ec1914/detection zorgehnajamn.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/49d323809906bf0326d5cd2e721c301672dfb9e5832bb7470d3693b6cc7c973d/detection organner.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/7d13019882ad60fc65881d607360a8b1441cb6dde43d1f92e120940f791701d7/detection kiwihook228.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/f0c5303a8a8713f4c73f9b04debfde6387a37fb0fdab0fd3dba68b4ac9388181/detection kdwahjdklawhflahywfilyhaw.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/0012c370f4fe5384a99e4041530a76f14518ebf1fa79e2569eae21044f25ca74/detection moralfag228.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/32d69753f2cfdf76427e497f6798fd10fff58c0b6bfdb3fda5eaf510b1890511/detection matvey2207api.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/1689209fe6dab791b4d7eedee0ac05cd1119328b9217ae1f2b48f66a6b7f1ef4/detection icursos.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/8ff34b12b7a065fcb4b75e55b4ca06cfc5b40aa51afa763e881f522a534ade7b/detection huongtra899.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/e1f53c1783e59c5a3ea7d28ceac7c74b2eb81ac850a74c1e90bd82a0314024f2/detection frogmezserver.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/37d8371c4d5db0701605f647dda2482ae2c0383793544caaa6ac218d630e8cb4/detection diyspecial.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/d7c16df73304c6d7c166200b0e5bf8cc0cf0701d3f49539e95efd4078a12fd44/detection wannatalk.000webhostapp.com # Reference: https://twitter.com/James_inthe_box/status/1435345484139286530 # Reference: https://app.any.run/tasks/46d1eb68-c229-4263-bf3f-207dbcd5d896/ http://178.250.158.47 # Reference: https://twitter.com/James_inthe_box/status/1448751827046985746 # Reference: https://app.any.run/tasks/66fad0a4-789c-4d09-bb1c-12f9ff2bb92e/ http://82.146.34.178 # Reference: https://www.virustotal.com/gui/file/4b4a3839ecf1b4103a231af600a029d5b315cedd359ec3bdfaf61bb243ae7297/detection 7539.clmonth.nyashteam.ru # Reference: https://www.virustotal.com/gui/file/02177431b0825bf9f3d7c7d887c82494a3d1fd89f3e24d9128f126dd56f06a73/detection 95892.clmonth.nyashteam.ru # Reference: https://www.virustotal.com/gui/file/e50d7c1551535c94387091a653d18f5ecc26b6a15c04392523fde82df61f310c/detection f0531789.xsph.ru # Reference: https://twitter.com/WhichbufferArda/status/1581332837814636545 # Reference: https://www.virustotal.com/gui/file/72a3dffc4708d9e9eedffd81cc26ca19df813db423e848bbaf092540d9e36eab/detection bayraktar.fun # Reference: https://twitter.com/pmelson/status/1585699881905451008 # Reference: https://www.virustotal.com/gui/file/49a59c92e9c1876828015fa1985132058e1ac023a196c2942ebef409789bb356/detection 141.255.147.241:8973 # Reference: https://twitter.com/tosscoinwitcher/status/1586061272197476352 # Reference: https://www.virustotal.com/gui/file/005ca7fcb95236a3ae86e744c9d9b41ad97e74205ca5c2151e60abd4676fbd66/detection http://188.120.244.159 /lineCentralTo0/Voiddb0Request8/7centralPrivate/ /Request1/0/universalDefaulthttp/ /Request9Multi6/ApigeotempProtect/GeneratorLineServer/ /Request9Multi6/ /Voiddb0Request8/ # Reference: https://www.virustotal.com/gui/file/02dd2d41ea02bee1d7a6505fa299cacb41024a6c6a1b2eb9e43597bc1b5854b1/detection a0724321.xsph.ru /PythonprotectLinuxAsync.php # Reference: https://www.virustotal.com/gui/file/041bd486fefe872019f748d66a7d5dee4b097d4b222c320ce94f89133b6860a6/detection http://194.58.98.53 /ExternalRequestpollsqlasync.php # Reference: https://www.virustotal.com/gui/file/053f31bae67a9d04b92b11e54981618f7da49b9d4b77344babaebd7773fc76b1/detection a0571604.xsph.ru /imageApiDefaultflower.php # Reference: https://www.virustotal.com/gui/file/0051ad484af03c603e1c10dd3b70f700faee7d46e86fe3467ed393bf18249a7b/detection malenkybabejon.xyz # Reference: https://www.virustotal.com/gui/file/08b2434fa33b35c428fb85e938fed0d6d715b5e46806bbe2d130ebb0ed2df614/detection http://13.90.128.253 # Reference: https://www.virustotal.com/gui/file/ae3b4897a288a41ec73e1a6b94ce89b982a35e4ee754208e035877ed27ad17a8/detection 103.151.123.121:8890 toff7857.duckdns.org # Reference: https://www.virustotal.com/gui/file/a6f9c3a7f821cad5b2095915c015fce09729cb2f4637c1ee002dd8f3ec951a81/detection 103.151.123.121:8895 moneyinthemaking33.duckdns.org # Reference: https://www.virustotal.com/gui/file/1e01bacfc305cac510024cfd91980e72f7f162f3feb017637d43b013195e13ee/detection dthaurs.duckdns.org gdbsty.duckdns.org makingthomas9.duckdns.org medelinemellinger.duckdns.org morningb006.duckdns.org # Reference: https://www.virustotal.com/gui/file/05c5855645215f25843fb116d4ad622331599e6823c1ac08e26b3ec016462c00/detection a0642773.xsph.ru /processoruniversalpublic.php # Reference: https://www.virustotal.com/gui/file/0fb1da58743a6a21376c4d513e4e8dd39e176719b9f89551c94a88e21b58922d/detection a0654793.xsph.ru /trafficdatalifewpdlepublic.php # Reference: https://www.virustotal.com/gui/file/d4b5239cf81c54d406e6f208359145d7ea1fb429a3a245e2c805161d761737de/detection a0740712.xsph.ru # Reference: https://www.virustotal.com/gui/file/04d48912fee541a1dcec802ac9065a91cfb75114fdea1edd43b8a4a9d538299d/detection 193.149.3.239:1938 liteshare.co one.liteshare.co # Reference: https://www.virustotal.com/gui/file/0000ad0538e40f2c6a61df90552b1603a05556a620dd5e09d07c0d4cf6b329d2/detection a0741693.xsph.ru # Reference: https://www.virustotal.com/gui/file/23fda5b36c96f2c2e7e5ae8a0ba46eee0b898fa97c95b522bef284134b78e21b/detection a0751745.xsph.ru # Reference: https://github.com/pan-unit42/tweets/blob/master/2022-12-29-IOCs-for-malware-from-fake-Adobe-Reader-page.txt # Reference: https://www.joesandbox.com/analysis/775734?idtype=analysisid # Reference: https://www.virustotal.com/gui/file/37082f0b757d6c249b870c29872a9bf8e38e344150735d9b6d2a64364b18b226/detection 78.47.195.75:4448 78.47.195.75:4449 adobereaders.co bravebrowsers.cc system-checki.com # Reference: https://twitter.com/suyog41/status/1612421819646226432 # Reference: https://www.virustotal.com/gui/file/aa7329f9d3c9b4c1620182c9697b905ce03819a6b538d8c5e70142a6aad4e712/detection http://149.154.68.247 /PollProcessvoiddb/Cpu5js/lowserverflowerCdn.php /PollProcessvoiddb/Cpu5js/ /PollProcessvoiddb/ /lowserverflowerCdn.php # Reference: https://www.virustotal.com/gui/file/2f2d38c73fd78cfbb16fe47b098400197de6021d58038fdc49679a4b756463e3/detection 18.228.115.60:11104 18.229.146.63:11104 18.229.248.167:11104 18.229.94.15:11104 18.231.93.153:11104 52.67.169.190:11104 52.67.76.246:11104 54.94.248.37:11104 # Reference: https://www.virustotal.com/gui/file/4a8ccf53b785ab0ee93db39aaa6d656c19a7705d5a38f298a6bc5fa8250995f3/detection http://135.181.83.211 /cpugamedefaultsqlDatalife.php # Reference: https://www.virustotal.com/gui/file/b2d97d507306f7abbed7ca882340f456a17cdf176488faa8f8e0741019300d78/detection http://212.113.106.79 # Reference: https://twitter.com/ScumBots/status/1621223797071175682 # Reference: https://www.virustotal.com/gui/file/4f23c0742d9a19732acdcc777b4168366d4762b7f9fa553d1dbc62b68378cc97/detection 20.197.196.201:7749 intrudernomercy.duckdns.org # Reference: https://www.virustotal.com/gui/file/6cff73a9a97ff3955d44e35310ccec01847143a9e70678f685840d7c8ad25971/detection ca22859.tw1.ru /ProcessorauthTestLocal.php # Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ http://109.107.189.197 http://109.172.44.182 http://109.248.42.13 http://121.40.81.65 http://130.255.170.91 http://135.181.106.220 http://135.181.164.113 http://135.181.99.197 http://136.243.179.74 http://141.94.188.141 http://142.132.182.134 http://145.239.27.225 http://146.19.207.252 http://146.19.207.58 http://146.19.233.133 http://146.19.24.118 http://147.182.195.133 http://148.251.242.103 http://149.154.64.5 http://149.154.65.218 http://149.154.66.74 http://149.154.67.30 http://149.154.68.117 http://149.154.69.71 http://149.154.70.15 http://149.154.71.242 http://151.248.117.210 http://151.248.121.68 http://159.65.31.64 http://162.55.170.203 http://162.55.33.151 http://164.92.181.85 http://165.22.23.36 http://167.235.28.213 http://167.235.57.39 http://167.88.170.23 http://172.104.4.99 http://172.245.10.88 http://176.113.82.46 http://176.124.200.25 http://176.124.201.32 http://176.126.103.159 http://176.126.103.211 http://176.126.103.47 http://176.31.32.199 http://176.57.69.97 http://176.99.12.128 http://178.154.196.48 http://178.20.47.110 http://178.250.156.239 http://178.250.156.30 http://178.250.157.127 http://178.250.157.16 http://178.250.158.26 http://178.250.158.55 http://178.250.159.150 http://178.250.159.206 http://178.250.159.50 http://178.250.247.22 http://179.43.175.120 http://185.103.254.119 http://185.104.248.184 http://185.106.92.40 http://185.112.83.126 http://185.112.83.48 http://185.12.126.186 http://185.143.220.212 http://185.146.156.142 http://185.146.156.144 http://185.156.72.35 http://185.16.38.98 http://185.16.39.123 http://185.174.136.169 http://185.174.136.187 http://185.189.12.109 http://185.189.13.15 http://185.197.75.85 http://185.204.0.144 http://185.206.214.155 http://185.213.211.238 http://185.219.40.39 http://185.224.135.74 http://185.229.66.123 http://185.233.38.221 http://185.233.80.179 http://185.235.218.66 http://185.241.61.111 http://185.246.65.133 http://185.246.65.20 http://185.246.65.77 http://185.246.65.81 http://185.246.66.170 http://185.246.67.84 http://185.251.90.27 http://185.43.4.142 http://185.43.4.223 http://185.43.4.27 http://185.43.4.31 http://185.43.5.151 http://185.43.5.62 http://185.43.5.75 http://185.43.6.111 http://185.43.6.68 http://185.43.7.221 http://185.46.10.199 http://185.5.248.148 http://185.51.246.172 http://185.60.134.186 http://185.92.149.245 http://188.120.224.116 http://188.120.224.97 http://188.120.225.216 http://188.120.225.47 http://188.120.226.13 http://188.120.228.186 http://188.120.229.72 http://188.120.231.113 http://188.120.231.63 http://188.120.233.209 http://188.120.235.7 http://188.120.236.137 http://188.120.237.72 http://188.120.240.211 http://188.120.241.206 http://188.120.243.11 http://188.120.244.227 http://188.120.244.38 http://188.120.246.154 http://188.120.246.49 http://188.120.248.214 http://188.120.253.98 http://188.120.254.194 http://188.120.254.81 http://188.225.72.109 http://188.93.233.120 http://192.95.55.233 http://193.106.191.180 http://193.108.113.28 http://193.109.78.76 http://193.124.22.2 http://193.124.22.3 http://193.188.23.169 http://193.233.48.42 http://193.233.49.76 http://194.147.90.111 http://194.163.190.76 http://194.190.152.128 http://194.190.153.34 http://194.226.121.128 http://194.226.121.164 http://194.226.121.83 http://194.26.229.18 http://194.26.229.23 http://194.26.229.54 http://194.26.229.65 http://194.36.177.74 http://194.36.177.98 http://194.40.243.101 http://194.5.78.193 http://194.61.52.49 http://194.67.110.48 http://194.67.111.145 http://194.67.119.11 http://194.67.67.104 http://194.67.67.43 http://194.67.74.169 http://194.67.87.32 http://194.67.92.230 http://194.67.92.38 http://194.87.186.10 http://194.87.199.77 http://194.87.214.216 http://194.87.216.2 http://194.87.216.73 http://194.87.218.122 http://194.87.219.243 http://194.87.232.197 http://194.87.237.68 http://194.87.31.20 http://194.87.62.41 http://194.87.82.229 http://195.133.1.180 http://195.133.1.65 http://195.133.75.174 http://195.133.75.213 http://195.133.75.27 http://195.133.88.26 http://195.140.146.115 http://195.140.147.188 http://195.3.223.215 http://195.3.223.218 http://195.3.223.79 http://2.56.59.225 http://2.57.186.38 http://20.113.82.15 http://20.26.196.182 http://207.148.109.186 http://209.209.113.33 http://212.109.192.100 http://212.109.195.180 http://212.109.198.236 http://212.113.116.24 http://212.162.153.128 http://212.192.14.24 http://213.159.214.231 http://217.114.43.68 http://217.25.95.234 http://217.28.221.151 http://217.28.223.117 http://23.137.249.17 http://23.227.193.58 http://3.122.113.204 http://3.123.129.109 http://3.249.182.164 http://31.129.22.12 http://31.172.66.22 http://31.184.249.5 http://31.24.87.18 http://31.24.87.49 http://31.42.177.7 http://37.143.12.118 http://37.143.9.37 http://37.220.86.127 http://37.220.87.84 http://37.228.93.151 http://37.230.112.51 http://37.230.113.176 http://37.230.113.20 http://37.230.113.43 http://37.230.113.82 http://37.230.116.166 http://37.230.117.59 http://37.252.1.137 http://37.46.130.13 http://37.46.130.214 http://37.46.131.62 http://37.46.133.171 http://37.46.134.156 http://38.242.133.44 http://38.242.207.140 http://45.124.115.20 http://45.128.234.216 http://45.132.1.186 http://45.137.65.70 http://45.140.147.119 http://45.141.100.241 http://45.141.76.106 http://45.141.79.87 http://45.142.122.12 http://45.142.36.241 http://45.144.2.118 http://45.15.157.11 http://45.153.186.205 http://45.153.229.94 http://45.156.84.108 http://45.63.74.55 http://45.8.158.146 http://45.81.227.27 http://45.82.13.18 http://45.83.122.110 http://45.83.194.100 http://45.83.194.102 http://45.86.229.156 http://45.93.200.140 http://46.148.114.84 http://46.151.30.40 http://46.175.145.60 http://46.175.150.73 http://46.3.197.42 http://46.3.197.86 http://46.3.199.118 http://46.3.199.52 http://46.30.45.25 http://47.254.235.229 http://47.96.64.30 http://5.101.44.217 http://5.63.154.100 http://5.63.159.147 http://51.161.64.200 http://51.210.69.65 http://51.250.37.171 http://51.250.8.242 http://51.38.92.34 http://51.91.193.177 http://62.109.0.205 http://62.109.1.128 http://62.109.1.226 http://62.109.10.87 http://62.109.12.97 http://62.109.13.12 http://62.109.15.235 http://62.109.16.69 http://62.109.17.127 http://62.109.2.209 http://62.109.2.36 http://62.109.20.14 http://62.109.21.205 http://62.109.23.37 http://62.109.25.235 http://62.109.26.135 http://62.109.27.119 http://62.109.27.237 http://62.109.28.158 http://62.109.28.7 http://62.109.30.213 http://62.109.30.9 http://62.109.31.158 http://62.109.31.200 http://62.109.31.35 http://62.109.4.67 http://62.109.5.198 http://62.109.5.68 http://62.109.5.72 http://62.109.8.21 http://62.109.8.37 http://62.109.9.201 http://62.113.110.142 http://62.113.118.176 http://62.113.96.135 http://62.217.176.20 http://62.84.97.90 http://64.225.102.136 http://65.109.63.235 http://65.21.251.86 http://77.246.158.136 http://77.246.158.191 http://77.246.158.205 http://77.55.208.121 http://77.73.131.144 http://77.73.131.194 http://77.73.133.58 http://77.73.133.75 http://77.91.124.246 http://77.91.68.78 http://77.91.77.179 http://78.24.216.186 http://78.24.218.129 http://78.24.219.249 http://78.24.220.207 http://78.24.220.74 http://78.24.221.170 http://78.24.222.67 http://78.24.222.9 http://78.24.223.39 http://78.24.223.53 http://79.110.52.107 http://79.124.56.6 http://79.137.196.92 http://79.137.202.179 http://79.174.12.172 http://79.174.12.29 http://79.174.13.54 http://80.66.64.164 http://80.66.79.39 http://80.66.79.5 http://80.66.79.51 http://80.78.241.48 http://80.78.247.142 http://80.78.251.115 http://80.85.142.179 http://80.87.192.227 http://80.87.192.58 http://80.87.194.58 http://80.87.194.76 http://80.87.196.100 http://80.87.196.254 http://80.87.197.225 http://80.87.198.211 http://80.87.198.76 http://80.87.199.172 http://80.87.199.19 http://80.87.200.238 http://80.87.201.177 http://80.87.201.178 http://80.87.202.58 http://80.87.202.7 http://80.87.202.92 http://81.19.140.16 http://81.200.152.41 http://82.115.223.17 http://82.115.223.92 http://82.146.33.148 http://82.146.34.194 http://82.146.34.244 http://82.146.35.75 http://82.146.38.48 http://82.146.41.71 http://82.146.42.247 http://82.146.43.104 http://82.146.43.67 http://82.146.45.68 http://82.146.45.7 http://82.146.46.170 http://82.146.46.51 http://82.146.47.144 http://82.146.48.150 http://82.146.48.223 http://82.146.48.233 http://82.146.49.100 http://82.146.52.151 http://82.146.52.198 http://82.146.52.200 http://82.146.52.217 http://82.146.53.241 http://82.146.54.148 http://82.146.54.219 http://82.146.55.100 http://82.146.55.21 http://82.146.56.217 http://82.146.56.24 http://82.146.56.83 http://82.146.58.86 http://82.146.59.136 http://82.146.59.195 http://82.146.60.81 http://82.146.61.207 http://82.146.62.116 http://82.146.63.142 http://82.148.30.111 http://83.136.232.133 http://83.136.232.155 http://83.136.232.228 http://83.136.232.237 http://83.136.232.25 http://83.136.233.84 http://83.220.168.32 http://83.220.168.58 http://83.220.170.162 http://83.220.172.137 http://83.220.172.179 http://83.220.173.110 http://83.220.173.145 http://83.220.173.194 http://83.220.175.103 http://83.220.175.138 http://84.32.190.8 http://85.192.41.4 http://85.192.63.166 http://85.193.80.152 http://85.31.46.137 http://86.110.212.160 http://87.236.146.103 http://87.251.77.205 http://88.210.9.215 http://89.107.10.225 http://89.108.102.163 http://89.108.115.110 http://89.108.76.178 http://89.108.81.97 http://89.108.88.227 http://89.185.85.200 http://89.208.142.177 http://89.23.110.215 http://89.23.97.43 http://89.23.97.74 http://89.41.182.81 http://91.151.88.63 http://91.201.112.111 http://91.209.226.36 http://91.219.62.158 http://91.227.113.154 http://91.240.84.249 http://91.240.86.94 http://91.242.229.77 http://91.243.59.65 http://91.245.227.34 http://92.255.107.243 http://92.53.71.105 http://92.63.101.174 http://92.63.101.82 http://92.63.102.68 http://92.63.103.35 http://92.63.104.181 http://92.63.104.237 http://92.63.104.240 http://92.63.104.30 http://92.63.104.47 http://92.63.104.96 http://92.63.106.232 http://92.63.106.249 http://92.63.106.6 http://92.63.107.12 http://92.63.192.101 http://92.63.192.33 http://92.63.96.83 http://92.63.97.118 http://92.63.97.158 http://92.63.97.168 http://92.63.97.36 http://92.63.99.234 http://94.103.81.144 http://94.103.81.146 http://94.103.81.174 http://94.103.82.132 http://94.103.92.207 http://94.124.78.86 http://94.131.96.44 http://94.142.142.6 http://94.23.190.57 http://94.250.249.169 http://94.250.250.160 http://94.250.252.221 http://94.250.252.243 http://94.250.253.4 http://94.250.254.158 http://94.250.254.199 http://94.250.254.43 http://94.250.254.50 http://94.250.255.214 http://94.250.255.250 http://95.142.43.115 http://95.143.179.155 http://95.163.233.217 http://95.214.53.31 http://95.217.99.28 102.140.196.34:3851 103.133.105.61:1338 103.133.105.61:8848 185.70.104.53:3861 194.26.229.33:85 209.151.144.77:443 91.193.75.139:5900 91.193.75.152:7196 91.193.75.175:9217 91.193.75.235:5900 91.193.75.244:5900 042832.clmonth.nyashteam.top 043659.clmonth.nyashteam.top 077147.clmonth.nyashteam.top 101583.clmonth.nyashteam.top 12342.clmonth.nyashteam.ru 12418.clmonth.nyashteam.ru 12748.clmonth.nyashteam.ru 14888.clmonth.nyashteam.ru 151-248-118-14.cloudvps.regruhosting.ru 158447.clmonth.nyashteam.top 16530.clmonth.nyashteam.ru 171304.clmonth.nyashteam.top 188726.clmonth.nyashteam.top 191151.clmonth.nyashteam.top 191191.cllt.nyashteam.top 194-58-107-59.cloudvps.regruhosting.ru 194-67-90-137.cloudvps.regruhosting.ru 198939.clmonth.nyashteam.top 2030.clmonth.nyashteam.ru 22865.clmonth.nyashteam.ru 22866.clmonth.nyashteam.ru 23457.clmonth.nyashteam.ru 23558.clmonth.nyashteam.ru 24820.clmonth.nyashteam.ru 24824.clmonth.nyashteam.ru 248706.clmonth.nyashteam.top 25066.clmonth.nyasht.ml 26150.clmonth.nyashteam.ru 273709.clmonth.nyashteam.top 28049.clmonth.nyashteam.ru 281429.clmonth.nyashteam.top 286216.clmonth.nyashteam.top 28747.clmonth.nyashteam.ml 29035.clmonth.nyashteam.ru 310246.clmonth.nyashteam.top 32589.clmonth.nyashteam.ml 32589.clmonth.nyashteam.ru 32836.clmonth.nyashteam.ru 336522.clmonth.nyashteam.top 33811.clmonth.nyashteam.ru 33866.clmonth.nyashteam.ru 341560.clmonth.nyashteam.top 344968.clmonth.nyashteam.top 34843.clmonth.nyashteam.ru 34845.clmonth.nyashteam.ru 349733.clmonth.nyashteam.top 355969.clmonth.nyashteam.top 37-140-195-166.cloudvps.regruhosting.ru 372260.clmonth.nyashteam.top 384445.clmonth.nyashteam.top 39841.clmonth.nyashteam.ru 40211.clmonth.nyashteam.ru 403267.clmonth.nyashteam.top 41028.clmonth.nyashteam.ru 43425.clmonth.nyashteam.ml 456445.clmonth.nyashteam.top 468840.clmonth.nyashteam.top 471120.clmonth.nyashteam.top 481372.clmonth.nyashteam.top 48808.clmonth.nyashteam.ru 48944.cllt.nyashteam.top 49856.clmonth.nyashteam.ml 51165.clmonth.nyashteam.top 525803.clmonth.nyashteam.top 55441.clmonth.nyashteam.ru 55555.clmonth.nyashteam.ml 561706.clmonth.nyashteam.top 58261.clmonth.nyashteam.ru 583848.clmonth.nyashteam.top 58561.clmonth.nyashteam.ru 5b5t.servegame.com 618239.clmonth.nyashteam.top 61839.clmonth.nyashteam.ru 64198.clmonth.nyashteam.ml 64372.clmonth.nyashteam.ru 64714.clmonth.nyashteam.ru 66223.clmonth.nyashteam.ru 66444.cllt.nyashteam.top 669731.clmonth.nyashteam.top 670880.clmonth.nyashteam.top 677710.clmonth.nyashteam.top 684386.clmonth.nyashteam.top 686084.clmonth.nyashteam.top 707731.clmonth.nyashteam.top 71902.clmonth.nyashteam.ru 72606.clmonth.nyashteam.ru 75419.clmonth.nyashteam.ru 76427.clmonth.nyashteam.top 76429.clmonth.nyashteam.top 76834.clmonth.nyashteam.ml 777233.clmonth.nyashteam.top 7fc3460091094336a2af4e71b7590b6e.ru 802560.clmonth.nyashteam.top 802772.clmonth.nyashteam.top 809212.clmonth.nyashteam.top 81888.cllt.nyashteam.ru 81888.cllt.nyashteam.top 82607.clmonth.nyashteam.ru 82881.clmonth.nyashteam.ru 83107.clmonth.nyashteam.ru 834532.clmonth.nyashteam.top 852543.clmonth.nyashteam.top 871356.clmonth.nyashteam.top 87550.clmonth.nyashteam.ru 88225.cllt.nyashteam.ru 88300.clmonth.nyashteam.ru 88314.cllt.nyashteam.top 88730.clmonth.nyashteam.ru 888888.cllt.nyashteam.top 896447.clmonth.nyashteam.top 90465.clmonth.nyashteam.ml 904927.clmonth.nyashteam.top 91898.clmonth.nyashteam.ru 93404.clmonth.nyashteam.ru 947425.clmonth.nyashteam.top 948166.clmonth.nyashteam.top 956787.clmonth.nyashteam.top 95892.clmonth.nyashteam.site 982918.clmonth.nyashteam.top 9837.cllt.nyashteam.ru 98612.clmonth.nyashteam.ru 98765.clmonth.nyashteam.ru 98875.clmonth.nyashteam.ru 989673.clmonth.nyashteam.top 99099.clmonth.nyashteam.ml 99944.clmonth.nyashteam.ru a-plague-tale.top a0561607.xsph.ru a0561978.xsph.ru a0562386.xsph.ru a0562792.xsph.ru a0566780.xsph.ru a0567317.xsph.ru a0582236.xsph.ru a0594391.xsph.ru a0603308.xsph.ru a0613321.xsph.ru a0615510.xsph.ru a0632115.xsph.ru a0632804.xsph.ru a0635682.xsph.ru a0638710.xsph.ru a0639268.xsph.ru a0639896.xsph.ru a0642012.xsph.ru a0642085.xsph.ru a0642285.xsph.ru a0643725.xsph.ru a0643994.xsph.ru a0646475.xsph.ru a0647213.xsph.ru a0648010.xsph.ru a0653501.xsph.ru a0655106.xsph.ru a0656330.xsph.ru a0678146.xsph.ru a0682348.xsph.ru a0684190.xsph.ru a0689393.xsph.ru a0693837.xsph.ru a0694489.xsph.ru a0694602.xsph.ru a0697183.xsph.ru a0697279.xsph.ru a0698517.xsph.ru a0699063.xsph.ru a0701472.xsph.ru a0702131.xsph.ru a0702220.xsph.ru a0702895.xsph.ru a0703811.xsph.ru a0705512.xsph.ru a0706778.xsph.ru a0706896.xsph.ru a0707468.xsph.ru a0709203.xsph.ru a0709573.xsph.ru a0712169.xsph.ru a0712674.xsph.ru a0713666.xsph.ru a0717143.xsph.ru a0719318.xsph.ru a0723621.xsph.ru a0724768.xsph.ru a0728179.xsph.ru a0728273.xsph.ru a0728298.xsph.ru a0729054.xsph.ru a0729543.xsph.ru a0730110.xsph.ru a0730393.xsph.ru a0730546.xsph.ru a0730923.xsph.ru a0736143.xsph.ru a0739347.xsph.ru a0741539.xsph.ru a0744037.xsph.ru a0756235.xsph.ru a0756488.xsph.ru a0758190.xsph.ru a0761206.xsph.ru a0761701.xsph.ru a0761996.xsph.ru a0764072.xsph.ru a0765835.xsph.ru a0769200.xsph.ru a0771106.xsph.ru a0772555.xsph.ru a0776567.xsph.ru a0780562.xsph.ru a0784310.xsph.ru a0787727.xsph.ru a0788683.xsph.ru a0794138.xsph.ru a0794203.xsph.ru a0802004.xsph.ru access.samp-loader.ru app.squidgame.to armannl5.beget.tech barsukk676.duckdns.org battletw.beget.tech bigboxt5.beget.tech bksdk.jsonwf.pw blamblambla.cyberhost.ml blockchainc.us blockchainsync.us bunkovb3.beget.tech ca04510.tw1.ru ca50999.tmweb.ru ca69244.tw1.ru cb93602.tw1.ru cd44093.tmweb.ru ce30512.tmweb.ru ce48662.tmweb.ru cf90664.tmweb.ru ch14079.tmweb.ru chamilqn.beget.tech cheathub.space cheatinghub.com ck43536.tmweb.ru ck44758.tw1.ru cm07739.tmweb.ru cm71694.tw1.ru cm87547.tw1.ru cm97018.tmweb.ru cortez.cyberhost.ml cp48625.tmweb.ru cs78629.tmweb.ru csomundibash.ru cu59983.tw1.ru cv44623.tw1.ru cw31476.tw1.ru cw55706.tw1.ru cx15642.tmweb.ru cz09685.tw1.ru cz81401.tw1.ru darksrystalryk.com.swtest.ru david79t.beget.tech dcbiorlov.shop dcmobina.duckdns.org dcrat.host ddergaixyi.site devil137.ru domain2424242.ru.host1855822.serv80.hostland.pro domdain2.co.vu duhgfb6e.beget.tech e908170j.beget.tech era-paradise.ru expl01t.tk f0571616.xsph.ru f0629544.xsph.ru f0633137.xsph.ru f0639494.xsph.ru f0653783.xsph.ru f0681920.xsph.ru f0713677.xsph.ru f0715481.xsph.ru f0772589.xsph.ru f0786544.xsph.ru fioradro.cyberhost.cf forusualworkwithpeople.space funnym78.beget.tech furiosgr.isp26.admintest.ru g35hn83489.tmweb.ru h158013.srv16.test-hf.su h162295.srv13.test-hf.su h162345.srv12.test-hf.su haivo.co.zw haskers.ru hesoyam.space imhaacja.beget.tech jokerkqc.beget.tech kadyeri.cyberhost.cf kasikkar.beget.tech kykelone.cyberhost.ml kyrainkg.beget.tech l96588w5.beget.tech leshaed5.beget.tech limfunsto.site lkofkkkkfkjjsfh.drive-35.ru lubluabobu.com marspaste.com metacryptobot.com msmpeng.cyberhost.ml n953700o.beget.tech nestell.cyberhost.ml neverchurka.ml newdfhfgdjmfgjm.store nftbanger.ru nikitabon2.temp.swtest.ru nulledgames.fun pashkis.beget.tech phoenass.cyberhost.ml play-varryal.online policefbr.linkpc.net portfolioksk.xyz rapidtestdr.com rfewkfnr234.cf s18senfg.beget.tech sashaplays5.ru.com sdwasdwads.tk shrekforever.tk softportal.tk soubmaag.beget.tech srv174492.hoster-test.ru svinlasf.ru tcp.viewdns.net tomattolittle.su trenbalon.cyberhost.ml u1174726leb.ha004.t.justns.ru u13794788m.ha003.t.justns.ru u1638884.plsk.regruhosting.ru u1721466.trial.reg.site ulihkapc.beget.tech universalwordpress.site usehvhgf.beget.tech vaynhaqt.beget.tech vbhfghgfjjfgd.online vkggttin.beget.tech vlaadblp.beget.tech whatipedia.org windowsign.theworkpc.com wp.banjaro.de xxhdftgjftgkjfgk.site y5z2870c.beget.tech ya-ebal-reg-ru-v-rot.site yadrochy.ru.com ytdjfugjwtruykjhgf.sytes.net zamineserver.online zebra1987.fvds.ru zorz1337.xyz # Reference: https://www.virustotal.com/gui/file/544248eab18c06346bb6819c0763ba2ed7a7f89fc98ae37e7b74e21f2393dcbb/detection a0684985.xsph.ru /providerpollPackettemp.php # Reference: https://twitter.com/crep1x/status/1638596454087368708 # Reference: https://www.virustotal.com/gui/file/7606edcf0491794b631f9aaf1a7e34fd0960e542d30614b562c8423afc86e2c1/detection nyvhpww3.beget.tech /dc/apiMultitemp.php # Reference: https://www.virustotal.com/gui/file/04f46cc5cc7dfab4b587bedd1663d868b9c6c53998dccfbbff7594a8cab4bcf7/detection http://37.46.130.3 # Reference: https://www.virustotal.com/gui/file/ebdf74f5b6e0b49bdb471dc9c908c5b741ed113049744328af8f73aec4f57b67/detection http://195.123.246.86 # Reference: https://www.virustotal.com/gui/file/930261f96fe4393d9e4bef23d4eb932b33d1f0f957d9483f6da2dca3767f750b/detection # Reference: https://www.virustotal.com/gui/file/8cafad64caf5dcac0117b5bd535782280375ea68eb28be0d8421f61b03e2c641/detection /LinejavascriptDb.php # Reference: https://www.virustotal.com/gui/file/0aca0b24374538efda88f17bbe3ed4d0adcb9c361552af5b45d83d858b253dbd/detection http://62.109.15.166 # Reference: https://blog.bushidotoken.net/2023/05/fake-steam-desktop-authenticator-app.html gllthub.com glthub.org gthub.org steamauthenticator.net steamdesktopauthenticator.net steamdesktopauthenticator.org steamdesktopauthenticator.ru # Reference: https://www.virustotal.com/gui/file/2d2211d9266e7080e6e12d150829935a3f0794e4d499199f9c7480de02b458d7/detection http://141.95.84.40 # Reference: https://www.virustotal.com/gui/file/b31c082dea750e9be6e1cf866efaef2c129e836c5db54198089a8745c79a4569/detection 173.44.50.86:7788 flugrekorder.duckdns.org # Reference: https://www.virustotal.com/gui/file/6a8ea9c4a9200f1dc374e7a60ffaf6ac6399bccf17eeb3c0c7ebe047ee9e6843/detection # Reference: https://www.virustotal.com/gui/file/a16465e149e3d655f042fe17721a93f54c9db0ce45cc09b7152fbd4710f71b78/detection # Reference: https://www.virustotal.com/gui/file/aa44b193e2eb0046c55dc1a78fed298c361f06835256504ff42db39c5692df10/detection 20.200.63.2:2525 asegurarq.duckdns.org envio2023junio.duckdns.org hjgeuyiohfkjsdfhgiwe.duckdns.org # Reference: https://www.virustotal.com/gui/file/f1e5829e0f9473127d72559e3f811dcb5158d22e09eb4925ef27c7ada864fe6f/detection 191.89.243.236:4242 moneymaker.dynuddns.net # Reference: https://www.virustotal.com/gui/file/df7a8962331cc5a23cd13744420aa91547cfc085950d22ab1b7e4f298b2ee0ab/detection 179.13.3.110:2356 promotores14.duckdns.org # Reference: https://www.virustotal.com/gui/file/7b1bb2682a37f2a3f5aa1de69eed5ba5b44debe322b0409ce261492751c01f5f/detection # Reference: https://www.virustotal.com/gui/file/db56ca34b934ee56d33478d16413a49d78a7671fd92c9a7a9444c48469030520/detection 179.13.3.110:7575 neweraimporta1.duckdns.org newroda2023.duckdns.org # Reference: https://www.virustotal.com/gui/file/6c64cb817eb68c8fd0f051b00fcb20a0a28e26062d06eebe2502d8e8077c6116/detection 74.119.194.154:2060 distributework.theworkpc.com # Reference: https://www.virustotal.com/gui/file/eb61309bd790110928277bed37961dbd7dfd8360286c670fbc100fd0c4623c32/detection 52.152.223.228:8848 newforting.duckdns.org # Reference: https://www.virustotal.com/gui/file/b5a07ffef279e824561d2fb7c6f3f8f2ce86f8fd407fd091820fa35f4dc3a99a/detection 185.106.93.148:2020 # Reference: https://www.virustotal.com/gui/file/f0708715c7c8fbd9e77083048adf331c8be83a2049863a8e71cbf63353ab45a0/detection 154.29.75.191:2027 avsdefender.giize.com # Reference: https://twitter.com/drb_ra/status/1683550086104489985 191.101.3.50:8848 # Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-07-25) http://109.172.83.121 http://113.30.150.52 http://138.128.242.147 http://149.154.64.92 http://159.89.232.82 http://176.37.97.210:81 http://178.250.156.210 http://185.112.144.202 http://185.146.156.56 http://185.146.157.245 http://185.146.157.98 http://185.20.227.154 http://185.43.4.203 http://185.46.46.139 http://188.120.226.231 http://188.120.227.150 http://188.120.233.131 http://188.120.233.146 http://188.120.233.42 http://188.120.236.114 http://188.120.251.253 http://188.225.58.206 http://188.225.58.220 http://193.124.92.72 http://193.233.164.54 http://194.26.229.33:85 http://194.58.92.23 http://212.109.194.187 http://212.109.195.44 http://212.109.199.150 http://212.224.113.92 http://217.144.103.26 http://217.196.96.4 http://31.41.221.82 http://37.230.116.57 http://37.46.129.39 http://37.46.134.225 http://45.12.238.157 http://45.140.147.214 http://45.153.68.9 http://45.8.230.157 http://45.91.8.171 http://46.149.77.33 http://46.175.146.110 http://5.161.143.111 http://5.252.118.26 http://5.42.65.49 http://62.109.12.5 http://62.109.17.54 http://62.109.22.191 http://62.109.27.71 http://62.113.96.239 http://77.73.131.120 http://77.91.72.151 http://79.132.140.15 http://79.137.202.118 http://79.137.207.211 http://80.78.251.51 http://80.87.192.174 http://80.90.185.107 http://82.146.36.3 http://82.146.43.250 http://82.165.114.107 http://83.220.174.44 http://89.185.85.106 http://89.191.228.213 http://89.23.96.74 http://89.23.97.153 http://92.255.107.38 http://92.51.36.155 http://92.63.107.224 http://92.63.189.63 http://92.63.193.111 http://92.63.193.81 http://92.63.97.185 http://94.131.112.154 1.165.96.128:4480 1.242.139.44:8848 103.144.148.219:8080 103.146.78.130:8848 103.170.118.35:8848 103.186.108.229:14567 103.186.108.229:8848 104.219.234.167:8848 109.195.94.247:8848 111.229.139.47:8848 112.213.98.87:8848 120.78.151.171:7777 120.78.151.171:7788 124.72.246.78:6079 134.255.216.148:80 139.180.143.50:8848 141.95.84.40:112 142.202.242.168:8848 142.202.242.168:9898 144.126.230.14:102 144.126.230.14:1111 144.126.230.14:6666 154.53.42.53:8848 172.111.236.107:8848 172.94.103.171:8848 177.255.88.252:5022 179.43.154.184:8888 179.61.251.188:8848 185.225.18.110:2100 185.241.208.121:9898 185.246.222.117:8000 191.101.3.50:8848 192.99.10.207:8848 193.42.32.159:8848 194.26.192.203:5050 194.59.31.109:8848 194.87.218.64:8818 194.87.218.64:8828 194.87.218.64:8878 20.199.73.159:1024 20.216.162.185:1024 20.216.165.135:1024 20.216.178.113:1024 20.223.128.97:1337 206.238.221.30:8848 209.25.142.180:5569 3.6.30.85:10048 34.92.66.146:8848 37.18.62.18:8060 37.187.222.230:8848 38.242.139.217:8848 40.114.223.144:1337 40.87.50.159:1337 41.62.221.74:90 43.243.111.229:8848 45.144.154.62:1938 45.74.7.10:8848 45.77.175.130:8848 45.77.34.211:8686 45.77.34.211:8848 45.77.34.211:9999 45.92.1.155:8848 45.95.19.170:8848 45.95.19.172:8848 45.95.19.173:8848 45.95.19.174:8848 46.23.96.131:8848 47.106.131.255:8848 47.254.75.102:4444 5.178.3.191:8848 52.186.31.169:1337 64.176.43.239:8848 64.44.166.203:8848 77.92.154.211:1337 83.229.83.102:1337 87.121.221.220:8848 89.211.209.74:8080 89.23.101.37:1337 89.23.96.202:8838 91.227.113.154:12345 91.227.113.154:8848 94.124.192.220:8848 95.179.128.208:8080 95.179.128.208:8081 95.179.128.208:8089 95.214.26.63:6666 95.214.26.63:9595 001600.clmonth.nyashteam.top 055561.clmonth.nyashteam.top 067445.clmonth.nyashteam.top 073910.clmonth.nyashteam.top 080138.clmonth.nyashteam.top 089240.clmonth.nyashteam.top 100879.clmonth.nyashteam.top 109736.clmonth.nyashteam.top 140487.clmonth.nyashteam.top 149688.clmonth.nyashteam.top 181770.clmonth.nyashteam.top 204949.clmonth.nyashteam.top 2372261.clmonth.nyashteam.top 238533.clmonth.nyashteam.top 259773.clmonth.nyashteam.top 2681291.im499886.web.hosting-test.net 268669.clmonth.nyashteam.top 306806.clmonth.nyashteam.top 333201.clmonth.nyashteam.top 375099.clmonth.nyashteam.top 495315.clmonth.nyashteam.top 507447.clmonth.nyashteam.top 5103017.lmonth.whiteproducts.ru 510922.clmonth.nyashteam.top 521187.clmonth.nyashteam.top 531810.clmonth.nyashteam.top 562620.clmonth.nyashteam.top 63120m.dccr.ru 638041.clmonth.nyashteam.top 641309.clmonth.nyashteam.top 642838.clmonth.nyashteam.top 679449.clmonth.nyashteam.top 697484.clmonth.nyashteam.top 726267.clmonth.nyashteam.top 736036.cllt.nyashteam.top 744392.cllt.nyashteam.top 759053.clmonth.nyashteam.top 76428.clmonth.nyashteam.top 766698.clmonth.nyashteam.top 767884.clmonth.nyashteam.top 798839.clmonth.nyashteam.top 846901.clmonth.nyashteam.top 86120.clmonth.nyashteam.ru 867280.clmonth.nyashteam.top 870825.clmonth.nyashteam.top 882703.clmonth.nyashteam.top 892549.clmonth.nyashteam.top 9463949.clmonth.whiteproducts.ru 965092.clmonth.nyashteam.top 97528733.clmonth.whiteproducts.ru 976400.clmonth.nyashteam.top 999309.clmonth.nyashteam.top 999593.clmonth.nyashteam.top 999952.clmonth.nyashteam.top a0574458.xsph.ru a0578993.xsph.ru a0689699.xsph.ru a0761798.xsph.ru a0784312.xsph.ru a0797197.xsph.ru a0806752.xsph.ru a0818759.xsph.ru a0828600.xsph.ru a0837236.xsph.ru a0839223.xsph.ru askeas8d.beget.tech bookintosh.com cb38900.tw1.ru cc69539.tw1.ru cd67644.tw1.ru cg56646.tw1.ru cl30608.tw1.ru cl80747.tmweb.ru cn64382.tw1.ru co73949.tw1.ru cr48644.tw1.ru cs20502.tw1.ru cs33412.tw1.ru cv57372.tw1.ru cw52314.tw1.ru cy34693.tw1.ru cy87237.tw1.ru cz61643.tw1.ru cz82964.tw1.ru cz89769.tw1.ru dreadhack.ru i93035tu.beget.tech kapibarka1337.kriptnhosting.ru legend92.beget.tech pococox.cc ssoo1451.ddns.net tcp.viewdns.net vikselr4.beget.tech vm654.loyal.sclad.network web3174.craft-host.ru # Reference: https://www.virustotal.com/gui/file/995904e555328bd1cdb5d04a370140fe247a8d05aa6e5b150696a2bb503ebdac/detection 10788m.dccr.ru # Reference: https://www.virustotal.com/gui/file/f4f3d7fb398aa690d3922b26560655e3f040d606c1afa7210d36ff289bee5ee6/detection 21102m.dccr.ru # Reference: https://www.virustotal.com/gui/file/e61fe1036cbbbc67cdd99dc094b13f1f12c3b9c29dd5054f5a33587b00d68fb0/detection 41030m.dccr.ru 48576m.dccr.ru # Reference: https://www.virustotal.com/gui/file/4577ac39b54ab8fc029612fa4331388a6d6ebff0a7807b2224f130382ee40376/detection 60154m.dccr.ru # Reference: https://www.virustotal.com/gui/file/3ff4bdcdb466656d9acbef32f9c022ccd9585531c4ede71f6830492681036000/detection 84688m.dccr.ru # Reference: https://www.virustotal.com/gui/file/201d813f62d133d4112916355c1b73a258f137ff86d1b5a2eb5fe3239d2b2c5f/detection 190.211.255.106:9049 60057m.dccr.ru # Reference: https://www.virustotal.com/gui/file/7fc956e918b4b5c29acede00f02e8d4e3ceeafcb318bbe23727372c19d6324fb/detection 61462m.dccr.ru # Reference: https://www.virustotal.com/gui/file/8d1690fa7843bce0c255dbe02e3927936d97d45424f33eefee876de06fbdfc07/detection 60894m.dccr.ru 61124m.dccr.ru # Reference: https://www.virustotal.com/gui/file/fcdeb5ef7fd326bd5d6d34405eae0958d07e95ccf5c5dda01f0e60fdcb9c63ab/detection emprendimientolaboral2.duckdns.org # Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-07-28) http://78.141.213.103 172.94.103.16:8848 188.132.197.104:8848 a0832838.xsph.ru cm32236.tw1.ru imhaacwo.beget.tech /imagephpSqlgeneratortemporary.php /Jsvoiddbrequestpipe/0http/Temporarytest6Cdn/RequestServerMultiDefaultcdn.php /Jsvoiddbrequestpipe/0http/Temporarytest6Cdn/ /Jsvoiddbrequestpipe/0http/ /Jsvoiddbrequestpipe/ /Temporarytest6Cdn/ /RequestServerMultiDefaultcdn.php # Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-07-30) 103.38.83.176:8848 176.96.137.221:2000 216.83.38.252:8848 45.12.221.10:8848 45.32.74.105:8848 52.152.223.228:1080 nyashtyan.top 211450cm.nyashtyan.top 942980cm.nyashtyan.top a0708223.xsph.ru a0844030.xsph.ru cr50765.tw1.ru # Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-08-01) http://37.46.128.31 http://5.63.159.156 http://91.228.155.244 114.96.73.0:8848 akamaitechcdns.com nyashkoon.top 213897cm.nyashtyan.top 636695lm.nyashkoon.top 736786cm.nyashtyan.top 790199cm.nyashtyan.top cg14313.tw1.ru # Reference: https://threatfox.abuse.ch/ioc/1146724/ 079471cm.nyashtyan.top # Reference: https://threatfox.abuse.ch/ioc/1146725/ http://82.146.48.182 # Reference: https://threatfox.abuse.ch/ioc/1146787/ 400277cm.nyashtyan.top # Reference: https://threatfox.abuse.ch/ioc/1146808/ 31.210.55.202:81 # Reference: https://threatfox.abuse.ch/ioc/1148429/ http://194.87.101.56 # Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-08-05) http://45.67.231.91 141.95.11.145:81 172.94.103.112:8848 073545cm.nyashkoon.top 481679cm.nyashtyan.top 856401cm.nyashkoon.top 913432cm.nyashtyan.top /nyashsupport.php # Reference: https://www.virustotal.com/gui/file/f84cf07bba5377a0c9f5b21252abf585d4170c40310d2b38460c4d8394e20445/detection # Reference: https://www.virustotal.com/gui/file/65f1c8480894798b2b6223b62984a6779720768a7885c6a49ddd8529902b988a/detection # Reference: https://www.virustotal.com/gui/file/0ec4ecd50be7f47da972d3641aab816ab4bef93a9cc01da158aae5d878109166/detection 192.154.229.64:2368 22-23asyn.servemp3.com # Reference: https://threatfox.abuse.ch/ioc/1148927/ 982407cm.nyashkoon.top # Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-08-08) 379038cm.nyashkoon.top 550098cm.nyashkoon.top 998357cm.nyashkoon.top # Reference: https://threatfox.abuse.ch/ioc/1149140/ http://154.49.137.173 /request0flower/ # Reference: https://threatfox.abuse.ch/ioc/1149156/ http://195.3.223.35 # Reference: https://threatfox.abuse.ch/ioc/1149161/ kriptonhosting.store iwithknife.kriptonhosting.store volksilach.kriptonhosting.store wiwieiwiissiwi.kriptonhosting.store # Reference: https://www.virustotal.com/gui/file/772211f2e767f8d8daf6c5f721fae0b998539bc83843ff07530be7226fb8a62d/detection skfjsfk.kriptonhosting.store # Reference: https://threatfox.abuse.ch/ioc/1149180/ http://5.42.92.132 # Reference: https://threatfox.abuse.ch/ioc/1149204/ 832932cm.nyashtyan.top # Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-08-09) http://212.109.195.187 http://82.146.52.24 45.32.74.105:8686 a0847744.xsph.ru 318145cm.nyashkoon.top 858925lm.nyashtyan.top # Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-08-11) http://185.161.251.195 http://188.120.242.207 154.12.254.215:46452 # Reference: https://twitter.com/drb_ra/status/1690255513303289856 82.156.141.121:8848 # Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-08-12) 826894cm.nyashkoon.top 857224cm.nyashkoon.top 933858cm.nyashkoon.top 945478cm.nyashtyan.top cb66024.tw1.ru # Reference: https://threatfox.abuse.ch/ioc/1149773/ http://188.120.224.186 # Reference: https://threatfox.abuse.ch/ioc/1149785/ a0827550.xsph.ru # Reference: https://twitter.com/drb_ra/status/1690798633715707904 159.69.64.122:8848 # Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-08-14) http://15.188.64.143 http://185.182.111.66 # Reference: https://twitter.com/drb_ra/status/1691161144537337857 # Reference: https://www.virustotal.com/gui/file/0a800c35a29e5105898ca274b12dda114e08f23da75dcec3b16a809f1d0109ad/detection 179.43.154.184:591 filetransrediremin.com /cry/11Rota # Reference: https://twitter.com/drb_ra/status/1691342424583331840 147.185.221.181:51638 # Reference: https://threatfox.abuse.ch/ioc/1150061/ 179.43.154.184:8090 # Reference: https://threatfox.abuse.ch/ioc/1150041/ http://92.63.107.173 # Reference: https://twitter.com/drb_ra/status/1691523675944837121 46.246.14.20:5050 # Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-08-16) http://185.189.181.87 http://188.127.231.139 http://212.118.36.238 http://45.61.188.238 http://5.42.77.211 http://51.38.163.64 http://62.109.13.186 http://62.109.25.12 http://94.156.253.218 http://94.228.126.154 http://95.217.3.189 63.143.47.135:10443 091608cm.nyashkoon.top 467376m.dccrk.top 684896lm.nyashkoon.top 734537cm.nyashtyan.top a0853356.xsph.ru a0854153.xsph.ru cb15953.tw1.ru cn36459.tw1.ru cs84335.tw1.ru x96559rd.beget.tech yaysem.ru.swtest.ru # Reference: https://twitter.com/drb_ra/status/1693335496431222862 188.132.197.93:1337 # Reference: https://any.run/malware-trends/dcrat (# 2023-08-23) http://212.113.106.125 http://82.147.85.228 175060m.dccrk.top 232161cm.nyashtyan.top ch72917.tw1.ru # Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-08-25) http://193.37.71.142 http://77.246.107.91 http://94.156.102.214 071900cm.n9shteam1.top 221968cm.nyashkoon.top 351201cm.nyashtyan.top 388404cm.nyashkoon.top 533261cm.n9shteam1.top 775515cm.n9shteam1.top 898757cm.nyashkoon.top 993855cm.n9shteam1.top a0567586.xsph.ru a0840686.xsph.ru a0855945.xsph.ru chernobyl-hack.online cb56823.tw1.ru cq27523.tw1.ru # Reference: https://threatfox.abuse.ch/ioc/1152366/ http://82.146.60.137 # Reference: https://threatfox.abuse.ch/ioc/1152367/ http://149.154.71.81 # Reference: https://threatfox.abuse.ch/ioc/1152374/ http://185.104.113.225 # Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-08-31) http://103.231.254.144 http://149.154.69.62 http://185.149.146.185 http://217.144.103.11 194.156.88.152:8848 213.238.182.19:3131 95.214.26.88:9933 96074.clmonth.nyashteam.ru cc75590.tw1.ru dcrack.ru f0856923.xsph.ru # Reference: https://cert.gov.ua/article/5628441 (# UAC-0173) barnsertr.com # Reference: https://threatfox.abuse.ch/ioc/1152481/ http://79.137.203.186 # Reference: https://threatfox.abuse.ch/ioc/1152515/ 95.214.26.89:9933 # Reference: https://twitter.com/drb_ra/status/1696958515649069237 95.214.26.66:9933 # Reference: https://twitter.com/drb_ra/status/1696958528731201785 95.214.26.67:9933 # Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-09-01) http://178.250.159.46 http://213.159.208.46 http://45.8.159.53 http://82.146.57.75 119.91.99.194:8080 150.107.2.176:8848 172.162.233.190:8080 179.13.2.154:4444 179.43.142.36:591 180.12.159.131:64432 185.221.67.22:4444 223.26.57.45:8848 81.218.45.223:8848 91.134.150.156:8080 95.214.27.6:8848 95.222.241.139:8088 004727cm.n9shteam1.top 642541lm.nyashkoon.top a0852402.xsph.ru a0854644.xsph.ru a0871177.xsph.ru co54255.tw1.ru ws896.castlehost.ru # Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-09-05) http://46.18.107.229 http://83.220.169.211 20.199.65.155:8848 868692cm.nyashkoon.top a0856871.xsph.ru ck39226.tw1.ru cl08031.tw1.ru cx11830.tw1.ru /L1nc0In.php # Reference: https://www.virustotal.com/gui/file/df09c7578388be896ad2f55e005d4ebb3700af89fe06fc73109847989452656d/detection # Reference: https://www.virustotal.com/gui/file/d11bd86036bcd409096608ccfc76a098974f38c6802fce1eabc4fd83788f3c58/detection 207.32.218.112:9898 77.247.127.10:9898 93.123.118.74:9898 stylish4.duckdns.org # Reference: https://threatfox.abuse.ch/ioc/1155391/ 878535cm.n9shteam1.top # Reference: https://threatfox.abuse.ch/ioc/1155706/ klopware.space status.klopware.space # Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-09-09) 012244cm.nyashtyan.top 375230cm.nyashnyash.top 419819cm.nyashkoon.top 604291cm.nyashkoon.top a0859540.xsph.ru cz14767.tw1.ru # Reference: https://threatfox.abuse.ch/ioc/1155797/ http://5.42.85.163 # Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-09-20) http://85.192.63.134 103.162.14.197:8686 103.162.14.197:8848 118.89.85.106:8848 150.107.2.178:8848 150.107.2.180:8848 166.88.209.105:8848 168.119.148.218:8848 185.158.251.88:8848 43.248.188.196:8848 51.120.245.251:1024 rocketchange.xyz 124014cm.nyashnyash.top 570264cm.nyashtyan.top 806171cm.n9shteam1.top a0858699.xsph.ru # Reference: https://www.virustotal.com/gui/file/0ecff04eedef75ad091b55d1cbdd6c2680b58a3ccb577154e0d1b0bab482c942/detection access.samp-loader.ru bot.samp-loader.ru # Reference: https://www.virustotal.com/gui/file/092fa2ea4f6a254c38547b3b2cc7e22a153fa72b502849327946ca98f9aab839/detection api.samp-loader.ru # Reference: https://twitter.com/malwrhunterteam/status/1702212339443835078 # Reference: https://www.virustotal.com/gui/file/24e231bfa888bbb4ade49d3741cd1ad1c85ec2de47460a745a5bf5dea5f5e6e8/detection 505406lm.nyashkoon.top # Reference: https://threatfox.abuse.ch/ioc/1164012/ http://185.63.191.134 # Reference: https://threatfox.abuse.ch/ioc/1164310/ a0860624.xsph.ru # Reference: https://twitter.com/Jane_0sint/status/1704526449234096484 # Reference: https://app.any.run/tasks/7aebaa50-c790-438c-93a5-4602f3dcefa7/ http://5.42.84.144 /0LocalrequestCdn/ /dumpbetterProcessorWp/ /VoiddbmariadbCdnRequest/ /Wp5Cdnjavascript/ # Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-09-21) nyashnyash.top 770670cm.nyashnyash.top 934062cm.nyashnyash.top a0863208.xsph.ru # Reference: https://www.virustotal.com/gui/file/7424f3e36da8d30ba3f88f0633d07e26631842e5ad20c51dc7c570f018faf2f7/detection nyashteam.top dc.nyashteam.top # Reference: https://threatfox.abuse.ch/ioc/1165829/ makui.kriptonhosting.store # Reference: https://threatfox.abuse.ch/ioc/1165658/ http://213.159.208.100 # Reference: https://threatfox.abuse.ch/ioc/1165974/ 179.43.163.120:8008 # Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-09-23) http://185.106.92.110 http://92.63.101.56 119.91.99.194:8081 179.43.163.120:8080 362764cm.nyashnyash.top 753139cl.nyashtop.top co14383.tw1.ru f0861908.xsph.ru # Reference: https://www.virustotal.com/gui/file/d2e659e7fcefcbbd51d6a78888f54c5745e8178385a8697ca3478a0e83d70f71/detection # Reference: https://www.virustotal.com/gui/file/723bc3e3fe448223922702806b2edfbbb7b132879ae5021f01c55d9aac4d0af1/detection 49.12.227.111:8848 dcrat.vnh.wtf # Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-09-26) http://45.144.233.162 103.39.78.162:8088 20.199.64.106:8848 109888cm.nyashnyash.top 394776cl.nyashtop.top 398693cm.nyashnyash.top # Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-10-01) 15.207.54.166:8848 177.255.90.40:8010 181.235.12.82:5000 20.199.18.38:1024 202.146.218.35:8848 77.91.124.111:5552 23872634cm.whiteproducts.ru 343848cm.nyashnyash.top cp37626.tw1.ru dccrk.top 766392m.dccrk.top nukermij.beget.tech # Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-10-02) http://18.118.199.163 http://188.120.253.147 http://193.37.70.233 134.255.254.102:32400 154.38.113.75:8848 179.13.2.154:2323 179.13.2.154:9000 185.196.8.91:591 185.254.37.40:8899 186.169.68.32:5000 186.169.49.3:8000 186.169.49.3:9000 45.195.54.195:2828 a0868980.xsph.ru a0871308.xsph.ru cd21797.tw1.ru cj77911.tw1.ru cn56603.tw1.ru cr78464.tw1.ru firsovak.beget.tech # Reference: https://twitter.com/smica83/status/1711047976238387549 # Reference: https://www.virustotal.com/gui/file/01f00b78503924bcb25ec6aedaaaf9200b68329e686e22fbdc85e0c28a51d4e2/detection underical.cc # Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-10-10) http://77.91.124.41 http://91.107.120.136 14.233.244.57:7772 18.231.93.153:18161 194.36.177.94:9999 n9shteam2.top /toJavascriptJsprocessorDatalifePublic.php # Reference: https://twitter.com/Gi7w0rm/status/1711900442899149240 # Reference: https://twitter.com/Gi7w0rm/status/1718319435600019675 # Reference: https://twitter.com/Gi7w0rm/status/1719372490261012636 http://80.66.87.148 aaronestebancoaching.com voice-ai.store voiceaipro.com ed.voice-ai.store en.voice-ai.store en.voiceaipro.com us.voiceaipro.com voice.2005thavenue.com voice.aktivewebsitedesign.com voiceai.aaronestebancoaching.com # Reference: https://threatfox.abuse.ch/ioc/1187460/ 185.196.9.95:8080 # Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-10-19) http://46.17.104.60 http://82.146.39.98 112.213.101.35:1145 112.213.101.67:1145 112.213.101.73:1145 195.85.205.150:1337 20.199.16.204:1024 20.199.45.15:8848 20.90.46.68:8080 212.87.204.29:8080 52.186.179.225:1337 whiteproducts.ru 012315cm.n9shteam1.top 304588cm.nyashnyash.top 355212cm.nyashnyash.top 1097252cm.whiteproducts.ru 12785373cm.whiteproducts.ru 23872634cm.whiteproducts.ru 2895743cm.whiteproducts.ru 2918221licm.whiteproducts.ru 29959593cm.whiteproducts.ru 32425226cm.whiteproducts.ru 345727892cm.whiteproducts.ru 3857294cm.whiteproducts.ru 3857374cm.whiteproducts.ru 387374374cm.whiteproducts.ru 4859395cm.whiteproducts.ru 48758294cm.whiteproducts.ru 7355826cm.whiteproducts.ru 7862368cm.whiteproducts.ru 8187790licm.whiteproducts.ru 82957222cm.whiteproducts.ru 8361285cm.whiteproducts.ru 84625264cm.whiteproducts.ru 8476838cm.whiteproducts.ru 93473573cm.whiteproducts.ru 94868473cm.whiteproducts.ru ci80904.tw1.ru # Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-10-29) http://100.25.110.137 http://141.255.152.88 http://141.255.153.99 http://172.86.66.137 http://188.120.235.51 http://193.37.71.22 http://5.182.86.156 http://5.42.86.60 http://77.91.124.101 http://78.24.216.97 http://78.47.204.48 http://85.215.218.19 103.144.240.21:6699 103.147.185.18:1604 106.14.153.130:8848 107.175.243.138:8848 107.189.169.135:8848 119.91.99.194:8088 119.91.99.194:8848 124.221.43.13:8848 141.98.10.132:8888 141.98.6.98:8848 154.23.182.73:8848 154.53.42.53:8845 156.240.108.109:8848 156.240.108.145:8848 156.240.108.178:8848 159.65.235.56:5555 164.92.246.58:9087 172.94.103.13:8848 185.196.8.91:8008 185.212.47.90:8843 185.241.208.27:2404 212.192.12.222:5000 223.26.57.5:1145 3.131.147.49:12994 38.181.35.175:8848 43.249.8.44:7070 43.249.8.44:7071 45.138.16.187:8848 45.138.16.187:9898 45.81.39.179:8848 5.181.80.69:8848 51.75.52.3:8848 65.109.56.26:8848 77.91.124.111:8848 81.161.229.91:6667 91.92.240.91:8848 foulertech.online 045885cm.nyashcrack.top 078374cm.nyashnyash.top 118821cm.nyashkoon.top 269818cm.nyashland.top 396388cm.nyashland.top 400886cm.nyashnyash.top 639538cm.nyashcrack.top a0872673.xsph.ru ci61682.tw1.ru ck53254.tw1.ru cm87784.tw1.ru co99163.tw1.ru ct46096.tw1.ru ct70489.tw1.ru cv59914.tw1.ru cx51464.tw1.ru f0885664.xsph.ru simikkzd.beget.tech # Reference: https://twitter.com/ScumBots/status/1720155763732091327 # Reference: https://www.virustotal.com/gui/file/c9c19f83c9f151bb29cd21779c0ade1f7363805d7e3c5b6d227e109973243d6e/detection 13.52.204.76:17680 13.52.62.53:17680 52.9.148.222:17680 52.9.153.64:17680 52.9.84.44:17680 54.219.47.216:17680 paste-bin.xyz # Reference: https://www.virustotal.com/gui/ip-address/37.255.148.138/community http://37.255.148.138 # Reference: https://threatfox.abuse.ch/ioc/1199125/ host1835875.hostland.pro # Reference: https://threatfox.abuse.ch/ioc/1201607/ abobub-001-site1.etempurl.com # Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-11-25) http://141.255.152.24 http://197.113.236.128 http://197.114.177.145 http://197.115.207.45 http://77.91.124.202 http://82.146.33.89 http://82.146.59.131 http://83.147.245.42 103.243.26.65:8848 171.41.251.170:25565 078301cm.nyashland.top 12112.ru.swtest.ru 217196cm.nyashcrack.top 598194cm.nyashland.top 925823lm.nyashnyash.top a0885630.xsph.ru a0887556.xsph.ru # Reference: https://www.virustotal.com/gui/file/76e3ae7e17cd4adc52519baa31226bbf032ac1ca7ac3947cd59c01f730f1c934/detection # Reference: https://www.virustotal.com/gui/file/df74b225d403122d58eabeba3b2a8442d223df78d56f97e3ee81b6b4ede158ea/detection 77.127.86.54:4444 87.70.175.54:4443 123d.ddns.net # Reference: https://www.virustotal.com/gui/file/8a9c1f6cbb3c007686dd49723babb95afc94933aabf1c2012e395ee3ecf3a65b/detection 46.246.86.3:2106 # Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-12-03) http://141.255.144.167 http://141.255.146.60 http://141.255.151.123 http://154.242.81.6 http://154.246.141.162 http://154.246.25.204 http://154.247.11.93 http://154.247.87.209 http://185.234.247.107 http://188.127.227.49 http://188.127.229.238 http://188.127.242.156 http://195.20.16.116 http://213.159.208.250 http://37.220.86.210 http://46.8.29.132 http://80.66.89.123 http://89.23.101.188 http://89.23.101.210 http://89.23.99.83 http://94.131.112.229 http://95.164.22.193 167.94.158.156:8989 171.41.252.199:25565 172.208.93.32:1337 249782m.dccrk.top 306341cm.nyashland.top 491061cm.nyashland.top 740307cm.nyashland.top 766282cm.nyashland.top 767241cm.nyashland.top a0840745.xsph.ru a0888880.xsph.ru a0889022.xsph.ru a0889572.xsph.ru a0890495.xsph.ru cd75930.tw1.ru celestinepanel.000webhostapp.com ck49537.tw1.ru cw11723.tw1.ru evgenzow.beget.tech gybin6gz.beget.tech t3terncy.beget.tech # Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-12-05) http://141.255.145.130 http://154.246.105.39 http://185.242.86.164 http://213.159.214.92 http://82.146.62.215 004242cm.nyashland.top 302099cm.nyashland.top 666541cm.nyashland.top cs58019.tw1.ru f0888474.xsph.ru hldnzeftm3.temp.swtest.ru zubareff.site # Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-12-07) http://62.109.14.64 http://62.122.213.56 019214cm.nyashland.top 098452cm.nyashland.top 233584cm.nyashland.top f0892247.xsph.ru sinastallh.temp.swtest.ru tool5245636476.000webhostapp.com # Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-12-09) http://185.221.198.229 http://188.120.233.136 http://195.85.250.175 http://5.42.92.212 http://62.109.10.76 http://79.174.94.41 20.199.26.211:8848 4.194.12.203:443 039030cm.nyashland.top 866280lm.nyashmyash.top 882394cm.nyashland.top a0894385.xsph.ru eukpukpup0.temp.swtest.ru f0892975.xsph.ru gorgodlm.beget.tech krutnotupg.temp.swtest.ru # Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-12-17) http://141.255.153.13 http://141.255.156.189 http://154.246.109.167 http://154.247.199.149 http://154.247.95.30 http://188.120.254.27 http://92.63.97.182 185.187.170.127:9000 38.59.124.61:5555 38.59.124.61:6666 044574cm.nyashland.top 199618cl.nyashtop.top 546346346dod.whiteproducts.ru 650602cm.nyashtech.top 714745cm.nyashland.top 743823cm.nyashtech.top 8572975289cm.whiteproducts.ru a0891158.xsph.ru a0894367.xsph.ru co57358.tw1.ru crackdcptme.000webhostapp.com f0894994.xsph.ru # Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-12-24) http://141.255.147.252 http://194.110.248.41 http://213.226.100.235 http://78.24.217.54 http://82.146.37.188 154.12.254.215:46450 8.219.4.230:8001 80.240.16.166:1337 012782m.dccrk.top 315615cm.nyashtech.top 324387cm.nyashtech.top 537201lm.nyashmyash.top 630956lm.nyashmyash.top 736134cm.nyashland.top 962855cm.nyashtech.top a0896895.xsph.ru cm53710.tw1.ru dfhdjtujngtdj.atwebpages.com f0898772.xsph.ru fronzysb.beget.tech fsdxda2eedasdc.atwebpages.com injuuuste2.temp.swtest.ru sosunsasun.temp.swtest.ru zekhost.000webhostapp.com # Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-01-01) http://101.99.93.85 http://141.255.151.226 http://185.106.94.86 http://212.60.21.225 http://37.220.86.148 http://45.11.77.54 http://77.83.173.248 http://79.174.94.220 http://80.87.199.249 http://83.229.75.221 http://89.104.66.62 103.143.80.140:8848 103.17.185.70:5555 104.143.46.9:8848 107.148.13.223:8848 108.61.177.107:1337 111.173.89.100:8848 118.107.7.237:8848 120.78.139.3:8848 123.207.75.205:8848 124.220.49.140:8000 128.199.66.119:56789 139.155.92.118:8848 151.236.59.218:8888 156.245.19.71:8848 156.245.19.73:8848 156.245.19.81:8848 172.206.62.226:1337 179.43.163.120:8090 185.213.25.37:8848 192.99.152.153:4449 193.112.79.150:8848 193.143.1.136:8848 193.84.248.185:8848 20.217.81.50:8080 202.162.109.198:8848 27.102.134.120:8848 27.147.169.101:3333 38.59.124.16:5555 38.59.124.16:6666 38.59.124.49:5555 38.59.124.49:6666 40.66.41.222:1024 42.192.132.36:8848 45.11.47.195:8848 47.94.241.76:443 47.94.83.202:8848 64.176.217.187:5555 66.135.26.66:9095 67.205.154.243:48303 8.210.131.175:65503 87.251.67.215:8888 91.107.200.181:8890 91.198.66.47:2023 91.92.241.198:8848 91.92.242.235:8848 91.92.252.194:4449 010532cm.nyashcrack.top 137953cm.nyashtech.top 276721cm.nyashtech.top 718146m.dccrk.top 847702cm.nyashtech.top 882584cm.nyashtech.top 890113cm.nyashland.top 990489lm.nyashmyash.top a0896387.xsph.ru a0899050.xsph.ru a0899944.xsph.ru a0899956.xsph.ru a0900918.xsph.ru a0902024.xsph.ru a0902362.xsph.ru a0903379.xsph.ru aguantemessi0234.000webhostapp.com blackberryfn.duckdns.org cj13214.tw1.ru cw27296.tw1.ru nemicata.beget.tech wefwe23f2m.temp.swtest.ru # Reference: https://www.virustotal.com/gui/file/e1974c4099cd21cc0b538bdce94f78165930fbfe1f79e7f0fcca3cd276d39bda/detection fanumtax123.ddns.net /sssssssss/68ce5b29.php # Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-01-09) http://185.251.91.215 http://83.220.169.42 http://89.23.112.15 028874lm.nyashmyash.top 045134cm.nyashtech.top 526775cm.nyashtech.top glacial-liquor.000webhostapp.com tiyeso4885.temp.swtest.ru # Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-01-15) http://109.107.182.163 http://147.45.196.103 http://176.123.168.238 http://188.120.226.211 http://20.161.72.166 http://45.87.246.118 http://62.109.28.71 http://82.97.243.114 http://89.185.84.52 http://89.23.115.8 http://95.163.228.74 147.135.85.114:4444 172.111.136.105:2016 179.13.3.199:8010 183.131.83.145:8000 75.119.138.31:8848 98.66.161.180:8848 009788cm.nyashtech.top 011781cm.nyashtech.top 837565cm.nyashtech.top 852377cm.nyashland.top 898082lm.nyashmyash.top 977789cm.nyashland.top a0894373.xsph.ru a0899768.xsph.ru a0902645.xsph.ru a0904422.xsph.ru a0904877.xsph.ru a0906284.xsph.ru a0909123.xsph.ru a0910594.xsph.ru cf43561.tw1.ru ck52959.tw1.ru cm65543.tw1.ru cw42035.tw1.ru cz07639.tw1.ru fwjfiwmail.temp.swtest.ru yedar2on.beget.tech # Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-01-24) http://185.185.68.156 http://185.221.198.108 http://20.161.72.166 http://3.79.229.48 http://3.79.245.165 http://45.32.153.79 http://46.29.237.220 http://80.66.89.148 http://94.156.65.94 107.150.23.137:8010 40.112.134.176:1024 45.131.108.123:2003 45.131.108.123:22 45.74.7.87:8898 94.130.49.62:6214 nyashmyash.top nyashtech.top 127895cm.nyashmyash.top 172969cm.nyashtech.top 192565cm.nyashtech.top 369023cm.nyashmyash.top 562173cm.nyashmyash.top 647249cm.nyashtech.top 691908cm.nyashtech.top 792487ll.nyashmyash.top 812285cm.nyashtech.top 852287cm.nyashland.top 984794727cm.whiteproducts.ru a0903703.xsph.ru a0907744.xsph.ru a0908021.xsph.ru cj23497.tw1.ru ck70571.tw1.ru cz17350.tw1.ru edsfeejsdbfelefaubdiaslfedafd.000webhostapp.com j6yla0n2hm.temp.swtest.ru # Reference: https://www.virustotal.com/gui/file/5986afdabceec7308a5192491905fb44c1f7fb770c663d5a4718f3cc7f722108/detection http://124.221.43.13 # Reference: https://www.virustotal.com/gui/file/00ef3e134c11cb7836a8fb11367a71e2526c62f088d9fda1b3b86ef193d83003/detection 483059cm.nyashtech.top # Reference: https://www.virustotal.com/gui/ip-address/172.67.178.175/relations 104718cm.nyashtech.top 855212cm.nyashtech.top 744734cm.nyashtech.top 119313cm.nyashtech.top 867233cm.nyashtech.top 414712cm.nyashtech.top 943186cm.nyashtech.top 209226cm.nyashtech.top 324229cm.nyashtech.top 265003cm.nyashtech.top 326516cm.nyashtech.top 600127cm.nyashtech.top 378416cm.nyashtech.top 172969cm.nyashtech.top 076902cm.nyashtech.top 691908cm.nyashtech.top 678026cm.nyashtech.top 838536cm.nyashtech.top 647249cm.nyashtech.top 192565cm.nyashtech.top 906812cm.nyashtech.top 050909cm.nyashtech.top 718710cm.nyashtech.top 372451cm.nyashtech.top 348774cm.nyashtech.top 544557cm.nyashtech.top 201441cm.nyashtech.top 258640cm.nyashtech.top 151855cm.nyashtech.top 837565cm.nyashtech.top 997423cm.nyashtech.top 127562cm.nyashtech.top 685938cm.nyashtech.top 480193cm.nyashtech.top 907916cm.nyashtech.top 009788cm.nyashtech.top 011781cm.nyashtech.top 810413cm.nyashtech.top 654625cm.nyashtech.top 992152cm.nyashtech.top 951499cm.nyashtech.top 279306cm.nyashtech.top 532957cm.nyashtech.top 600225cm.nyashtech.top 526775cm.nyashtech.top 276721cm.nyashtech.top 744346cm.nyashtech.top 612098cm.nyashtech.top 640093cm.nyashtech.top 832325cm.nyashtech.top 045134cm.nyashtech.top 137953cm.nyashtech.top 218282cm.nyashtech.top 845900cm.nyashtech.top 965262cm.nyashtech.top 007330cm.nyashtech.top 678769cm.nyashtech.top 890801cm.nyashtech.top 882584cm.nyashtech.top 812285cm.nyashtech.top 315264cm.nyashtech.top 847702cm.nyashtech.top 304718cm.nyashtech.top 315615cm.nyashtech.top 364739cm.nyashtech.top 962855cm.nyashtech.top 921310cm.nyashtech.top 496493cm.nyashtech.top 324387cm.nyashtech.top 630004cm.nyashtech.top 870333cm.nyashtech.top 426899cm.nyashtech.top 494792cm.nyashtech.top 650602cm.nyashtech.top 955402cm.nyashtech.top 743823cm.nyashtech.top 694604cm.nyashtech.top # Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-02-04) http://141.255.146.46 http://141.255.159.135 http://141.255.159.87 http://154.246.107.125 http://154.246.204.6 http://154.247.197.111 http://154.247.243.232 http://183.105.191.36 http://185.185.68.50 http://185.195.27.26 http://185.244.51.120 http://185.87.199.10 http://193.187.172.13 http://194.36.209.243 http://20.215.193.147 http://46.174.52.97 http://5.35.80.183 http://77.222.54.18 http://77.91.124.159 http://85.209.9.184 111.92.243.131:8848 139.99.186.184:8848 154.204.178.170:8848 166.88.61.138:9898 171.41.199.216:25565 171.80.234.90:25565 171.80.235.121:25565 171.80.235.135:25565 171.80.251.240:25565 178.236.247.250:8848 186.169.69.242:8523 192.253.251.98:8848 198.13.49.217:8848 20.14.88.85:8447 210.56.49.4:8848 213.226.117.48:1337 38.181.35.232:8848 43.143.236.67:8080 45.76.12.238:5555 45.76.196.96:8848 47.242.73.99:8848 64.176.217.187:6666 85.209.176.79:8848 91.92.242.235:9898 91.92.249.225:2023 91.92.255.107:8848 94.102.148.42:1337 94.102.155.46:1337 94.156.65.19:1337 94.156.69.93:4444 95.72.172.97:9080 681428cm.nyashmyash.top a0910130.xsph.ru a0912235.xsph.ru cm56126.tw1.ru f0912091.xsph.ru f0913347.xsph.ru self-lighting-subpr.000webhostapp.com # Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-02-11) http://185.16.39.248 http://194.87.93.199 http://20.117.106.245 http://45.90.217.194 http://5.230.229.207 178.73.218.6:2222 178.73.218.9:2222 181.141.40.28:4433 193.111.248.167:2003 193.163.7.156:8008 40.66.42.165:1024 46.246.6.2:2121 46.246.84.13:2222 5.180.155.218:1337 91.92.241.121:2023 91.92.241.128:2023 91.92.241.39:2023 007017cm.nyashsens.top 103761cm.nyashsens.top 553689cm.nyashsens.top 837376cm.nyashsens.top a0905211.xsph.ru a0905554.xsph.ru a0909872.xsph.ru a0913447.xsph.ru a0915620.xsph.ru a0916186.xsph.ru a0916535.xsph.ru cd43986.tw1.ru exhaustless-bracket.000webhostapp.com f0915140.xsph.ru hammiest-dependents.000webhostapp.com lest1kkror.ru.swtest.ru workonz7.beget.tech # Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-02=12) http://217.25.94.158 http://62.109.13.250 http://91.107.121.253 46.246.82.7:6000 a0914338.xsph.ru bobrcurw.top cr13705.tw1.ru lilbabyfan.000webhostapp.com # Reference: https://twitter.com/IronNetTR/status/1767991209065115925 206.238.43.147:65503 # Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-03-17) http://147.45.197.82 http://159.89.17.81 http://176.123.169.110 http://185.104.113.237 http://185.130.46.46 http://185.195.24.252 http://185.246.67.26 http://185.87.199.107 http://188.120.229.213 http://188.120.241.126 http://193.233.255.228 http://195.2.84.94 http://195.43.142.35 http://20.117.169.244 http://20.26.126.28 http://45.9.73.82 http://5.182.87.104 http://51.142.10.24 http://62.109.11.10 http://62.109.7.175 http://77.91.124.57 http://79.137.207.120 http://79.174.94.173 http://80.66.89.102 http://80.78.243.170 http://80.85.246.217 http://81.200.146.58 http://82.115.223.136 http://82.146.60.218 http://86.110.194.110 http://89.23.97.121 http://89.23.98.146 http://91.107.121.93 http://91.220.109.66 http://95.142.35.43 106.53.186.12:8848 124.220.200.241:8848 147.135.85.114:8000 154.23.178.106:8848 154.23.178.139:8848 154.23.178.70:8848 166.88.61.138:8848 171.41.197.221:25565 171.41.198.240:25565 171.41.251.198:25565 171.80.216.99:25565 172.174.236.21:1337 178.73.192.11:5000 179.14.8.182:6606 179.14.9.152:4433 180.140.129.152:8848 181.141.40.47:4433 191.88.249.10:4433 191.88.249.121:4433 191.88.250.232:4433 194.147.140.242:2202 20.107.243.137:3000 20.19.32.59:1024 20.197.231.238:8848 212.192.12.222:5008 27.124.34.10:1145 27.124.34.14:1145 27.124.34.16:1145 27.156.108.198:6079 45.67.231.21:1337 46.246.12.2:6000 46.246.14.3:6000 46.246.14.6:6000 46.246.4.11:6000 46.246.4.16:6000 46.246.6.11:5000 46.246.6.6:6000 46.246.80.10:6000 46.246.80.13:6000 46.246.80.4:6000 46.246.80.7:6000 46.246.84.5:6000 46.246.86.12:6000 46.246.86.16:5000 46.246.86.9:6000 5.181.80.13:8848 5.42.92.25:8848 74.91.29.67:8848 78.46.191.105:6666 83.217.9.199:8848 88.153.94.39:4444 89.117.23.25:46450 91.202.233.133:8848 91.92.245.119:443 91.92.252.227:1000 95.165.99.74:8443 95.179.200.130:1024 058493cm.nyashsens.top 102822cm.nyashsens.top 113304cm.n9shteam2.top 113754cm.nyashtech.top 209374cm.nyashsens.top 27925375.whiteproducts.ru 356873cm.nyashtyan.top 386958cm.nyashsens.top 392065cm.n9shteam2.top 421820cm.n9shteam2.top 514885cm.nyashsens.top 597359lm.nyashsens.top 737165cm.nyashsens.top 739668cm.n9shteam2.top 767163cm.nyashsens.top 785319cm.nyashsens.top 825947295cm.whiteproducts.ru 88888cl.nyashtyan.top 969727cm.nyashsens.top a0913701.xsph.ru a0914958.xsph.ru a0916462.xsph.ru a0916796.xsph.ru a0918108.xsph.ru a0919021.xsph.ru a0919167.xsph.ru a0919334.xsph.ru a0922009.xsph.ru a0922245.xsph.ru a0922949.xsph.ru a0923143.xsph.ru a0923400.xsph.ru a0923769.xsph.ru a0924648.xsph.ru a0925146.xsph.ru a0927241.xsph.ru a0927657.xsph.ru chromestartup.top ck07725.tw1.ru cm65198.tw1.ru cs52010.tw1.ru cs52256.tw1.ru cy58784.tw1.ru cz13602.tw1.ru f0885058.xsph.ru f0914549.xsph.ru f0918974.xsph.ru f0924067.xsph.ru f0929508.xsph.ru gafisezs.beget.tech gaming7core.info gp104995g2.temp.swtest.ru h172956.srv11.test-hf.su icanzuo.top miwekahb.beget.tech pipikaka-ggg.000webhostapp.com rosalihi.beget.tech vamknigi.mcdir.me vilon.000webhostapp.com watermjx.beget.tech # Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-03-24) http://185.173.36.217 http://195.20.16.119 http://212.109.193.246 http://80.78.243.49 103.165.81.207:8888 202.47.118.167:8080 38.59.124.61:8848 43.129.31.231:8848 46.246.12.4:5000 46.246.14.3:5000 46.246.4.5:5000 46.246.6.15:6000 46.246.6.21:6000 46.246.82.17:6000 46.246.82.24:6000 46.246.84.14:5000 46.246.84.16:5000 46.246.86.15:5000 82.66.185.138:4449 n9shteam3.top onedrivepack.com 042506cm.n9shteam2.top 181571cm.n9shteam1.top 585196cm.n9shteam1.top 785654cm.n9shteam3.top 839860cm.n9shteam3.top 926388cm.n9shteam3.top a0583448.xsph.ru a0929875.xsph.ru a0932103.xsph.ru cf31000.tw1.ru cq25511.tw1.ru ct39024.tw1.ru # Reference: https://twitter.com/IronNetTR/status/1772276171532611978 45.91.226.96:65503 # Reference: https://www.virustotal.com/gui/file/a89667a64a05760547dd5b7f8a87181fb145a48ed2492392918e653c7e5bb9a6/detection 179.13.0.175:7091 promesasalvaro1.duckdns.org # Reference: https://www.virustotal.com/gui/file/7e81616c030fd562f23a4a6a6ce8f62d62e2db0673cbc1ecad826c400a67a69b/detection 185.81.157.105:333 186.169.52.181:7079 ivadici-18.duckdns.org # Reference: https://www.virustotal.com/gui/file/483c26de4c47fb01964f83c8c23ea38e6ef25c62c1693d6f6e6b2f9597b1ecab/detection 186.169.47.122:9531 # Reference: https://www.virustotal.com/gui/file/472286992086f88eaba8d9bbdfe0a43df77c404df62202dd73601be65bb27d1c/detection 179.13.0.24:7079 # Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-04-10) http://154.23.178.106 http://154.23.178.139 http://154.23.178.70 http://176.124.220.79 http://185.230.64.239 http://212.109.198.52 http://213.171.8.25 http://38.180.35.114 http://38.181.35.175 http://77.105.161.180 http://77.105.161.254 http://77.221.143.152 http://80.66.84.71 http://80.71.227.167 http://89.23.98.225 http://91.107.120.42 http://91.92.252.39 1.14.126.22:8848 103.165.81.103:1145 103.186.108.212:8848 103.209.129.94:1145 104.161.53.196:8848 106.53.186.12:8012 128.199.66.119:57411 144.91.127.15:4546 160.20.109.7:2003 171.41.198.122:25565 178.73.218.14:5000 179.13.2.154:2230 179.13.3.18:8010 188.126.90.3:5000 20.199.44.70:1024 20.199.87.153:8848 202.95.23.39:5555 206.233.128.142:65503 206.238.196.192:8090 211.101.247.89:8848 3.125.102.39:12853 34.92.107.200:8001 34.92.107.200:8002 34.92.107.200:8011 34.92.107.200:8012 38.147.172.16:443 39.101.177.68:8848 43.129.31.231:8858 45.76.142.33:1604 46.246.12.2:5000 46.246.14.15:6000 46.246.14.9:6000 46.246.4.6:6000 46.246.80.9:5000 46.246.82.12:7000 46.246.82.18:6000 46.246.82.4:5000 46.246.84.23:5000 46.246.84.3:6000 46.246.84.3:7000 46.246.84.8:5000 46.246.86.15:6000 46.246.86.15:7000 47.242.231.229:65503 47.242.64.202:65503 47.243.4.123:65503 47.76.41.68:65503 51.116.96.182:4000 51.68.169.77:443 58.87.70.252:8848 8.210.3.81:65503 8.217.225.19:65503 8.217.88.225:65503 8.218.27.81:65503 85.209.195.22:1337 88.214.59.115:8848 88.99.214.187:3232 89.105.201.158:4444 89.105.201.158:591 89.105.201.158:8080 89.105.201.158:8090 89.105.201.98:591 91.102.163.73:1024 91.92.250.207:8081 91.92.255.244:8845 91.92.255.244:8848 91.92.255.249:8845 91.92.255.249:8848 94.156.10.201:8848 94.156.71.184:8848 94.156.71.212:2222 95.172.23.98:8848 nyashland.top nyashsens.top 131217cm.n9shteam3.top 267097cm.n9shteam1.top 490523cm.nyashland.top 531995cl.nyashtop.top 878497cm.nyashsens.top 93757283cm.whiteproducts.ru a0869574.xsph.ru a0881216.xsph.ru a0917913.xsph.ru a0933252.xsph.ru a0933702.xsph.ru a0934860.xsph.ru a0935095.xsph.ru a0935883.xsph.ru a0936238.xsph.ru a0938327.xsph.ru a0938575.xsph.ru a0938913.xsph.ru ca87122.tw1.ru cf73329.tw1.ru ct22043.tw1.ru f0934723.xsph.ru fire-studio.000webhostapp.com firerebbit.top huinyao.hunamuna.ru kuailianv.com opratio.top # Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-04-14) http://109.107.182.28 http://45.195.54.195 http://77.221.158.35 http://79.174.94.153 107.167.92.76:8848 162.33.178.99:4567 172.94.39.213:2016 178.73.218.12:5000 45.195.54.195:8080 45.195.54.195:8888 46.246.14.2:5000 46.246.82.21:8000 46.246.82.6:6000 46.246.86.18:8000 52.185.161.226:8080 52.185.161.226:8848 a0917747.xsph.ru # Reference: https://twitter.com/K_N1kolenko/status/1779794083990343939 276261cm.nyashkoon.top # Reference: https://www.virustotal.com/gui/file/d79a750ee167a5091e3b3d72a7d0e818e4eb816d74cbf173bc65c54f8563f986/detection # Reference: https://www.virustotal.com/gui/file/af15dba7febd481bc561896f504ca39da7856f28d33ae9d41968fc63b064fe15/detection 179.13.0.175:7095 186.169.60.250:7084 procesoexitos1.duckdns.org # Reference: https://www.virustotal.com/gui/file/236831b10dd11048659f6ecedff1f2020e0158eb1dda70f9a3c114c6913faa20/detection 179.13.0.175:7092 companianuevoano.duckdns.org newdcrat777.duckdns.org newservices1.duckdns.org # Reference: https://www.virustotal.com/gui/file/52074a60b7b1235c0688d7d923c80ecff27d1b19c7e1485d3bb0a8acd9460946/detection srv416860.hstgr.cloud # Reference: https://www.virustotal.com/gui/file/7c190a66de1e69720ea226dab36f86d3d26d15e60fe20a6b20cfbd20e548bc02/detection 185.161.209.155:8848 # Reference: https://www.virustotal.com/gui/file/fa244cc3fa7784bd21fc95a6e7a311686b6875ba0b770a1e6383481edc95973a/detection 179.13.0.175:7097 comercialnuevoan20.casacam.net # Reference: https://twitter.com/naumovax/status/1788226040277484029 # Reference: https://tria.ge/240401-2sr2lahc7x/behavioral1 # Reference: https://www.virustotal.com/gui/file/20846a4d12bfec2dcada815d04167bb471a0e7b173c7ba1ca6a2bfad1573d5cf/detection 18.158.249.75:11097 3.125.102.39:11097 # Reference: https://www.virustotal.com/gui/file/15c37fc34c843c04dd97fdb40a9c767c0964a02ee7c0d9b22fd67a85fcf39a8a/detection 172.94.108.75:7786 # Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-05-27) http://109.107.182.145 http://146.0.73.222 http://147.45.44.3 http://154.248.27.182 http://176.123.168.151 http://185.221.198.248 http://185.43.4.41 http://188.120.242.235 http://193.17.183.196 http://199.231.191.222 http://20.117.109.69 http://212.109.196.215 http://45.130.42.16 http://45.141.102.40 http://5.35.98.20 http://62.109.13.68 http://62.109.7.179 http://77.221.157.108 http://82.146.61.164 http://85.159.231.54 http://89.111.173.112 http://89.23.98.112 http://91.240.84.178 005514cm.n9shteam1.top 044913cm.n9shteam2.top 046408cm.n9shteam3.top 055442cm.n9shteam2.top 065963cm.nyashkoon.top 1.92.114.234:8000 101.43.186.30:8848 101.43.49.80:8848 103.187.4.53:8080 103.187.4.53:8848 103.195.236.62:6789 103.254.73.247:63305 103.254.73.248:63305 103.254.73.249:63305 103.45.173.142:4444 104.238.167.85:1024 107.167.18.2:7979 107.167.18.3:7979 107.167.18.4:7979 107.167.18.5:7979 107.167.18.6:7979 120.46.37.189:8848 123.207.198.252:8848 137.175.123.61:8848 137.175.123.62:8848 137.175.123.63:8848 137.175.123.64:8848 137.175.123.65:8848 137.175.68.193:8848 137.175.68.194:8848 137.175.68.195:8848 137.175.68.196:8848 137.175.68.197:8848 137.175.68.198:8848 137.175.68.199:8848 137.175.68.200:8848 137.175.68.201:8848 137.175.68.202:8848 137.175.68.203:8848 137.175.68.204:8848 137.175.68.205:8848 137.175.68.206:8848 137.175.68.207:8848 137.175.68.208:8848 137.175.68.209:8848 137.175.68.210:8848 137.175.68.211:8848 137.175.68.212:8848 137.175.68.213:8848 137.175.68.214:8848 137.175.68.215:8848 137.175.68.216:8848 137.175.68.217:8848 137.175.68.218:8848 137.175.68.219:8848 137.175.68.220:8848 137.175.68.221:8848 137.175.68.222:8848 137.175.68.223:8848 137.175.68.224:8848 137.175.68.225:8848 137.175.68.226:8848 137.175.68.227:8848 137.175.68.228:8848 137.175.68.229:8848 137.175.68.230:8848 137.175.68.231:8848 137.175.68.232:8848 137.175.68.233:8848 137.175.68.234:8848 137.175.68.235:8848 137.175.68.236:8848 137.175.68.237:8848 137.175.68.238:8848 137.175.68.239:8848 137.175.68.240:8848 137.175.68.241:8848 137.175.68.242:8848 137.175.68.243:8848 137.175.68.244:8848 137.175.68.245:8848 137.175.68.246:8848 137.175.68.247:8848 137.175.68.248:8848 137.175.68.249:8848 137.175.68.250:8848 137.175.68.251:8848 137.175.68.252:8848 137.175.68.253:8848 137.175.70.100:8848 137.175.70.101:8848 137.175.70.102:8848 137.175.70.103:8848 137.175.70.104:8848 137.175.70.105:8848 137.175.70.106:8848 137.175.70.107:8848 137.175.70.108:8848 137.175.70.109:8848 137.175.70.110:8848 137.175.70.111:8848 137.175.70.112:8848 137.175.70.113:8848 137.175.70.114:8848 137.175.70.115:8848 137.175.70.116:8848 137.175.70.117:8848 137.175.70.118:8848 137.175.70.119:8848 137.175.70.120:8848 137.175.70.121:8848 137.175.70.122:8848 137.175.70.123:8848 137.175.70.124:8848 137.175.70.125:8848 137.175.70.65:8848 137.175.70.66:8848 137.175.70.67:8848 137.175.70.68:8848 137.175.70.69:8848 137.175.70.70:8848 137.175.70.71:8848 137.175.70.72:8848 137.175.70.73:8848 137.175.70.74:8848 137.175.70.75:8848 137.175.70.76:8848 137.175.70.77:8848 137.175.70.78:8848 137.175.70.79:8848 137.175.70.80:8848 137.175.70.81:8848 137.175.70.82:8848 137.175.70.83:8848 137.175.70.84:8848 137.175.70.85:8848 137.175.70.86:8848 137.175.70.87:8848 137.175.70.88:8848 137.175.70.89:8848 137.175.70.90:8848 137.175.70.91:8848 137.175.70.92:8848 137.175.70.93:8848 137.175.70.94:8848 137.175.70.95:8848 137.175.70.96:8848 137.175.70.97:8848 137.175.70.98:8848 137.175.70.99:8848 137.175.73.100:8848 137.175.73.101:8848 137.175.73.102:8848 137.175.73.103:8848 137.175.73.104:8848 137.175.73.105:8848 137.175.73.106:8848 137.175.73.107:8848 137.175.73.108:8848 137.175.73.109:8848 137.175.73.110:8848 137.175.73.111:8848 137.175.73.112:8848 137.175.73.113:8848 137.175.73.114:8848 137.175.73.115:8848 137.175.73.116:8848 137.175.73.117:8848 137.175.73.118:8848 137.175.73.119:8848 137.175.73.120:8848 137.175.73.121:8848 137.175.73.122:8848 137.175.73.123:8848 137.175.73.124:8848 137.175.73.125:8848 137.175.73.65:8848 137.175.73.66:8848 137.175.73.67:8848 137.175.73.68:8848 137.175.73.69:8848 137.175.73.70:8848 137.175.73.71:8848 137.175.73.72:8848 137.175.73.73:8848 137.175.73.74:8848 137.175.73.75:8848 137.175.73.76:8848 137.175.73.77:8848 137.175.73.78:8848 137.175.73.79:8848 137.175.73.80:8848 137.175.73.81:8848 137.175.73.82:8848 137.175.73.83:8848 137.175.73.84:8848 137.175.73.85:8848 137.175.73.86:8848 137.175.73.87:8848 137.175.73.88:8848 137.175.73.89:8848 137.175.73.90:8848 137.175.73.91:8848 137.175.73.92:8848 137.175.73.93:8848 137.175.73.94:8848 137.175.73.95:8848 137.175.73.96:8848 137.175.73.97:8848 137.175.73.98:8848 137.175.73.99:8848 137.175.77.100:8848 137.175.77.101:8848 137.175.77.102:8848 137.175.77.103:8848 137.175.77.104:8848 137.175.77.105:8848 137.175.77.106:8848 137.175.77.107:8848 137.175.77.108:8848 137.175.77.109:8848 137.175.77.110:8848 137.175.77.111:8848 137.175.77.112:8848 137.175.77.113:8848 137.175.77.114:8848 137.175.77.115:8848 137.175.77.116:8848 137.175.77.117:8848 137.175.77.118:8848 137.175.77.119:8848 137.175.77.120:8848 137.175.77.121:8848 137.175.77.122:8848 137.175.77.123:8848 137.175.77.124:8848 137.175.77.125:8848 137.175.77.65:8848 137.175.77.66:8848 137.175.77.67:8848 137.175.77.68:8848 137.175.77.69:8848 137.175.77.70:8848 137.175.77.71:8848 137.175.77.72:8848 137.175.77.73:8848 137.175.77.74:8848 137.175.77.75:8848 137.175.77.76:8848 137.175.77.77:8848 137.175.77.78:8848 137.175.77.79:8848 137.175.77.80:8848 137.175.77.81:8848 137.175.77.82:8848 137.175.77.83:8848 137.175.77.84:8848 137.175.77.85:8848 137.175.77.86:8848 137.175.77.87:8848 137.175.77.88:8848 137.175.77.89:8848 137.175.77.90:8848 137.175.77.91:8848 137.175.77.92:8848 137.175.77.93:8848 137.175.77.94:8848 137.175.77.95:8848 137.175.77.96:8848 137.175.77.97:8848 137.175.77.98:8848 137.175.77.99:8848 139.162.178.159:2003 147.78.103.197:4443 149.88.82.88:8888 154.248.27.182:1024 154.248.27.182:10258 154.248.27.182:10298 154.248.27.182:11112 154.248.27.182:11261 154.248.27.182:1200 154.248.27.182:12881 154.248.27.182:13760 154.248.27.182:15284 154.248.27.182:15443 154.248.27.182:16501 154.248.27.182:17150 154.248.27.182:1723 154.248.27.182:18082 154.248.27.182:18084 154.248.27.182:18245 154.248.27.182:18260 154.248.27.182:18351 154.248.27.182:19181 154.248.27.182:20547 154.248.27.182:2077 154.248.27.182:20815 154.248.27.182:2096 154.248.27.182:222 154.248.27.182:22222 154.248.27.182:2281 154.248.27.182:23 154.248.27.182:23019 154.248.27.182:2323 154.248.27.182:2434 154.248.27.182:25290 154.248.27.182:26350 154.248.27.182:2762 154.248.27.182:28983 154.248.27.182:28987 154.248.27.182:29144 154.248.27.182:319 154.248.27.182:3306 154.248.27.182:3318 154.248.27.182:33389 154.248.27.182:34365 154.248.27.182:34540 154.248.27.182:35062 154.248.27.182:36161 154.248.27.182:389 154.248.27.182:41115 154.248.27.182:41909 154.248.27.182:4369 154.248.27.182:445 154.248.27.182:46829 154.248.27.182:4840 154.248.27.182:49152 154.248.27.182:49664 154.248.27.182:5000 154.248.27.182:502 154.248.27.182:5060 154.248.27.182:5061 154.248.27.182:51445 154.248.27.182:52101 154.248.27.182:52200 154.248.27.182:53151 154.248.27.182:53419 154.248.27.182:55295 154.248.27.182:56512 154.248.27.182:56670 154.248.27.182:5672 154.248.27.182:56910 154.248.27.182:58000 154.248.27.182:5900 154.248.27.182:5905 154.248.27.182:6000 154.248.27.182:6001 154.248.27.182:6005 154.248.27.182:6006 154.248.27.182:6009 154.248.27.182:61616 154.248.27.182:61753 154.248.27.182:62422 154.248.27.182:62757 154.248.27.182:6697 154.248.27.182:6699 154.248.27.182:7704 154.248.27.182:8008 154.248.27.182:8010 154.248.27.182:8080 154.248.27.182:8159 154.248.27.182:830 154.248.27.182:831 154.248.27.182:888 154.248.27.182:9024 154.248.27.182:9508 154.248.27.182:993 154.248.27.182:995 159.65.235.56:9005 171.80.235.140:25565 172.207.236.31:8080 172.207.236.31:8848 177.255.88.222:8000 178.73.192.14:5000 178546cm.n9shteam3.top 179.13.4.37:8000 179.13.4.37:8010 185.241.225.213:3389 185.94.29.85:2222 190.70.119.188:4859 20.240.192.104:80 203.189.234.25:65503 210.56.49.230:8848 211.194.139.155:8080 266026cm.n9shteam3.top 330745cm.nyashkoon.top 339380cm.n9shteam3.top 34844.clmonth.nyashteam.ru 37.235.56.182:5000 38.180.25.208:8000 38.59.124.16:8848 38.59.124.49:8848 45.195.54.195:2558 45.61.132.242:443 45.63.56.64:1024 45.74.46.58:8848 45.77.65.118:1024 46.246.12.25:6000 46.246.12.25:8000 46.246.12.25:9000 46.246.12.2:8000 46.246.12.3:9000 46.246.14.12:6000 46.246.14.12:9000 46.246.14.16:6000 46.246.14.19:9000 46.246.4.24:9000 46.246.4.7:6000 46.246.4.7:8000 46.246.6.23:6000 46.246.6.23:8000 46.246.6.23:9000 46.246.6.5:3000 46.246.6.6:8000 46.246.80.2:6000 46.246.80.2:8000 46.246.80.7:8000 46.246.80.8:6000 46.246.80.8:8000 46.246.82.10:6000 46.246.82.10:8000 46.246.82.10:9000 46.246.82.14:6000 46.246.82.14:9000 46.246.82.21:6000 46.246.84.12:6000 46.246.84.12:8000 46.246.84.8:6000 46.246.84.8:8000 46.246.86.14:6000 46.246.86.14:8000 46.246.86.15:8000 46.246.86.15:9000 46.246.86.16:6000 46.246.86.7:9000 47.208.30.4:2222 47.238.162.247:65503 47.98.97.75:8848 470927cm.n9shteam3.top 49.1.239.101:8080 51.68.169.120:443 52.155.97.150:8080 53473cm.easyswap.space 54.37.74.73:8848 550515cm.n9shteam2.top 579050cm.nyashkoon.top 642229cm.n9shteam3.top 65.109.22.155:7777 729231cm.n9shteam1.top 759931cm.n9shteam1.top 78.142.245.78:8443 78.40.117.167:4444 796367cm.n9shteam2.top 8.130.69.96:8001 8.138.108.192:8848 8.210.250.14:6603 8.217.113.1:65503 8.217.14.132:65503 8.218.163.207:8848 815622cm.n9shteam3.top 822987529cm.whiteproducts.ru 83.229.87.144:8080 842614cm.n9shteam2.top 85.159.231.54:80 85.192.63.194:7777 87.120.84.220:8848 87.121.105.212:8848 91.92.249.117:3232 937039cm.n9shteam3.top 94.156.10.208:8848 94.156.10.31:8848 95.179.165.102:1024 956330cm.n9shteam2.top 967183cm.nyashkoon.top 98.66.160.134:8848 994609cm.n9shteam2.top a0804818.xsph.ru a0835675.xsph.ru a0929453.xsph.ru a0938829.xsph.ru a0940040.xsph.ru a0941925.xsph.ru a0941979.xsph.ru a0942630.xsph.ru a0942660.xsph.ru a0943092.xsph.ru a0943999.xsph.ru a0944507.xsph.ru a0945069.xsph.ru a0945627.xsph.ru a0946931.xsph.ru a0947008.xsph.ru a0947291.xsph.ru a0947994.xsph.ru a0948305.xsph.ru a0948640.xsph.ru a0949002.xsph.ru a0949311.xsph.ru a0949502.xsph.ru a0949584.xsph.ru a0950024.xsph.ru a0950683.xsph.ru a0950998.xsph.ru a0951137.xsph.ru a0951158.xsph.ru a0951334.xsph.ru a0951529.xsph.ru a0952196.xsph.ru a0974467.xsph.ru a0980477.xsph.ru a0981008.xsph.ru a0981341.xsph.ru a0981474.xsph.ru a0981582.xsph.ru a0982032.xsph.ru a0982114.xsph.ru a0982137.xsph.ru a0982456.xsph.ru a0982894.xsph.ru a0983585.xsph.ru a0984236.xsph.ru a0984678.xsph.ru a0984800.xsph.ru a0984984.xsph.ru a0985701.xsph.ru a0985859.xsph.ru aery-messages.000webhostapp.com betabag.top budding-knives.000webhostapp.com cj32434.tw1.ru clientright.top cn80908.tw1.ru co29474.tw1.ru cq77272.tw1.ru cv76387.tw1.ru cx53027.tw1.ru cz24519.tw1.ru cz63343.tw1.ru dist2118.duckdns.org easyswap.space esdjasd.maxkrnldc.online fanskrairg.temp.swtest.ru fghjdtgujkjdgkdettygdbnbbn.000webhostapp.com golovkcc.beget.tech intopart.top jewokfweteto.skibiteamx.top mikilo39.beget.tech minecrafthyipixel.xyz objectiveci.top porpabor.top preachy-multiplex.000webhostapp.com reallysrv.top remotetable.top skibiteamx.top softworker.top taketa.top vladiez8.beget.tech whiteproducts.ru ytere.elementfx.com # Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-06-02) 103.1.40.82:8848 172.111.174.67:8081 20.199.91.184:1024 46.246.12.11:6000 46.246.6.4:9000 46.246.80.15:6000 46.246.80.15:9000 46.246.86.18:9000 434778cm.n9shteam1.top 501046cm.n9shteam3.top a0913612.xsph.ru a0982426.xsph.ru a0985805.xsph.ru a0986534.xsph.ru a0986754.xsph.ru a0987339.xsph.ru a0987361.xsph.ru a0987707.xsph.ru a0988934.xsph.ru chernobyl-cheat.fun optimal-expert.000webhostapp.com # Reference: https://cert.gov.ua/article/6279561 (# UAC-0200) # Reference: https://www.virustotal.com/gui/file/02d657729837838d18bbe6b4bae44cab0e6d3a357836d7cd6a9bb7288543facb/detection http://188.245.50.32 # Reference: https://x.com/ScumBots/status/1798710029673222193 # Reference: https://www.virustotal.com/gui/file/5eef5607e73cbe3b62c0c4adf6ea924acc471de57e86f3f0b66fe8320d3fcdc9/detection cvbnhgjh.duckdns.org gfhfdhutr.duckdns.org hbvcmrwe.duckdns.org # Reference: https://www.virustotal.com/gui/file/4b6ae15c7b22a1e0d0cad2676c4e78226e8d8e1ecbdbb51b9fe17697451287d5/detection http://77.91.77.51 # Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-06-08) http://103.145.191.123 179.13.2.154:2250 222.239.101.244:8888 46.246.14.21:9000 46.246.86.19:9000 46.246.86.8:3000 333376cm.n9shteam1.top a0988327.xsph.ru a0988419.xsph.ru # Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-06-12) http://103.30.78.218 http://185.180.231.214 http://37.46.130.54 http://38.147.186.117 http://38.180.165.153 203.104.42.92:2233 45.157.233.27:2222 46.246.6.17:9000 46.246.86.17:6000 505732cm.n9shteam2.top 901329cm.n9shteam2.top 972464cm.nyashkoon.top a0988426.xsph.ru a0991129.xsph.ru a0991200.xsph.ru a0991246.xsph.ru a0991598.xsph.ru a0991799.xsph.ru a0992229.xsph.ru a0992445.xsph.ru bbill.freehostpro.com d1namias.beget.tech egorostroux.000webhostapp.com f0992583.xsph.ru securitytransfer.top # Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-06-16) http://5.42.104.243 46.246.12.14:9000 46.246.4.13:8000 46.246.4.3:6000 46.246.4.3:9000 a0992098.xsph.ru a0992844.xsph.ru a0993016.xsph.ru a0993204.xsph.ru a0993445.xsph.ru a0993651.xsph.ru a0994027.xsph.ru cq83230.tw1.ru n9shteam1.top 196844cm.n9shteam1.top 751120cm.n9shteam2.top l0sscommun.temp.swtest.ru # Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-06-22) http://103.30.78.8 http://212.57.118.94 171.80.217.247:25565 46.246.12.19:8000 46.246.4.12:8000 46.246.4.17:8000 46.246.84.24:9000 46.246.84.3:9000 91.92.248.143:1011 235566cm.n9shteam2.top 424673cm.n9shteam2.top 951669cm.n9shteam1.top a0986195.xsph.ru a0986288.xsph.ru a0987400.xsph.ru a0992097.xsph.ru a0993996.xsph.ru a0994533.xsph.ru a0994622.xsph.ru a0994812.xsph.ru a0994900.xsph.ru a0995122.xsph.ru a0995485.xsph.ru a0995598.xsph.ru a0995830.xsph.ru cq11142.tw1.ru cudohub.ru cz61028.tw1.ru f0996251.xsph.ru gotsuspended.000webhostapp.com host1871899.hostland.pro j282895d.beget.tech # Reference: https://x.com/lontze7/status/1810175784872489463 # Reference: https://www.virustotal.com/gui/file/1bf9f5d49df45385cd8df0f6cfebb3b380b30a6f97e3894fe2f60ec76dc679a8/detection 93.115.10.211:1604 # Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s.csv http://51.103.218.125 http://74.241.248.254 103.147.185.18:8848 121.127.232.86:443 121.127.232.87:443 121.127.232.88:443 143.92.60.11:9999 143.92.60.20:9999 143.92.60.22:9999 147.189.168.82:6002 162.212.158.246:22 162.212.158.246:443 171.80.249.15:25565 172.111.151.128:8081 179.13.4.125:8008 179.13.4.125:8010 185.169.54.165:7331 20.19.32.238:1024 20.19.36.45:1024 20.199.84.103:1024 206.238.42.216:8848 216.83.46.43:8080 4.233.217.53:1024 46.246.12.12:8000 46.246.14.16:2222 46.246.14.3:9000 46.246.14.9:8000 46.246.14.9:9000 46.246.4.17:9000 46.246.4.19:2222 46.246.4.2:9000 46.246.6.12:9000 46.246.6.14:2222 46.246.6.14:8000 46.246.6.16:8000 46.246.6.18:9000 46.246.6.5:2222 46.246.80.11:2222 46.246.80.18:8000 46.246.82.15:2222 46.246.82.17:8000 46.246.82.21:2222 46.246.82.21:9000 46.246.82.4:2222 46.246.84.17:2222 46.246.84.22:5000 46.246.84.25:8000 46.246.84.26:8000 46.246.84.29:9000 46.246.84.4:9000 46.246.86.10:2222 46.246.86.6:8000 81.69.247.188:8848 # Reference: https://www.validin.com/blog/practical_malware_infrastructure_discovery_with_pdns/ nyashka.top 000366cm.nyashka.top 023119cm.nyashka.top 040179cm.nyashka.top 078519cm.nyashka.top 080099cm.nyashka.top 082650cm.nyashka.top 114591cm.nyashka.top 120747cm.nyashka.top 126433cm.nyashka.top 169833cm.nyashka.top 183050cm.nyashka.top 186014cm.nyashka.top 193046cm.nyashka.top 196419cm.nyashka.top 199719cm.nyashka.top 208659cm.nyashka.top 228282cm.nyashka.top 234671cm.nyashka.top 271910cm.nyashka.top 281363cm.nyashka.top 306577cm.nyashka.top 309245cm.nyashka.top 314957cm.nyashka.top 318239cm.nyashka.top 335980cm.nyashka.top 344958cm.nyashka.top 357473cm.nyashka.top 363476cm.nyashka.top 373292cm.nyashka.top 388876cm.nyashka.top 398730cm.nyashka.top 445798cm.nyashka.top 483130cm.nyashka.top 513971cm.nyashka.top 519487cm.nyashka.top 545267cm.nyashka.top 574056cm.nyashka.top 578603cm.nyashka.top 585213cm.nyashka.top 596530cm.nyashka.top 631597cm.nyashka.top 640740cm.nyashka.top 660256cm.nyashka.top 664732cm.nyashka.top 673304cm.nyashka.top 728023cm.nyashka.top 737397cm.nyashka.top 759442cm.nyashka.top 760859cm.nyashka.top 790009cm.nyashka.top 796646cm.nyashka.top 843427cm.nyashka.top 859520cm.nyashka.top 868920cm.nyashka.top 870331cm.nyashka.top 910741cm.nyashka.top 911628cm.nyashka.top 940499cm.nyashka.top 947438cm.nyashka.top 949542cm.nyashka.top 973845cm.nyashka.top # Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-08-10) http://146.19.128.52 http://149.154.66.1 http://172.187.227.79 http://178.208.86.27 http://178.250.158.121 http://185.146.157.164 http://185.177.59.141 http://185.244.219.53 http://194.26.232.193 http://194.58.103.90 http://194.58.42.154 http://194.87.145.83 http://213.159.64.146 http://217.28.222.194 http://5.42.104.244 http://62.109.18.87 http://62.109.22.14 http://87.251.77.55 http://89.208.14.64 http://89.23.97.228 http://92.63.101.139 http://92.63.193.127 http://94.156.67.121 http://94.228.166.75 101.43.47.165:4449 103.144.240.21:8888 103.244.226.241:65503 103.244.226.252:65503 104.156.247.38:9090 107.149.163.118:8080 117.18.12.93:8880 123.60.58.162:90 144.172.76.78:443 154.205.147.125:60000 154.212.146.156:65503 154.212.146.175:65503 156.251.137.156:8888 157.20.182.100:4449 157.20.182.101:4449 157.20.182.172:3232 165.154.224.19:4449 185.121.169.214:65503 192.197.113.223:65503 192.248.163.171:10066 20.205.58.253:8880 39.99.206.34:8880 46.246.12.22:5000 46.246.4.19:9090 46.246.6.11:9090 46.246.6.13:2121 46.246.6.13:5000 46.246.6.9:5000 46.246.82.24:8000 46.246.86.17:5000 47.148.68.129:8197 47.238.143.105:8443 47.238.183.60:65503 47.238.194.61:65503 47.238.38.102:65503 47.242.122.228:65503 47.243.187.196:65503 47.243.233.199:65503 47.76.105.152:65503 47.76.98.21:65503 51.89.253.9:7878 59.27.223.225:443 8.217.13.16:65503 8.217.215.116:65503 8.218.129.126:65503 8.218.235.124:65503 91.92.255.91:3232 94.156.79.231:2011 024460cm.n9shteam2.top 034928cm.n9shteam2.top 040943cm.n9shteam2.top 041018cm.n9shteam2.top 047138cm.n9shteam2.top 054717cm.n9shteam3.top 072212cm.nyashsens.top 080864cm.n9shteam2.top 096241cm.n9shteam2.top 112880cm.n9shteam2.top 113313cm.n9shteam2.top 115583cm.n9shteam2.top 118621cm.n9shteam2.top 126776cm.nyashsens.top 130727cm.n9shteam2.top 152810cm.nyashka.top 173920cm.n9shteam2.top 182785cm.n9shteam3.top 206481cm.n9shteam2.top 218629cm.n9shteam2.top 226037cm.n9shteam2.top 234540cm.n9shteam2.top 241622cm.n9shteam1.top 256435cm.n9shteam2.top 266468cm.nyashka.top 272450cm.n9shteam2.top 283743cm.nyashka.top 284739cm.n9shteam3.top 288583cm.n9shteam2.top 297037cm.n9shteam2.top 306003cm.n9shteam2.top 314172cm.n9shteam2.top 318907cm.n9shteam2.top 327882cm.nyashsens.top 338453cm.n9shteam2.top 351866cm.n9shteam2.top 356137cm.n9shteam2.top 367191cm.n9shteam2.top 373430cm.n9shteam2.top 378418cm.n9shteam2.top 382119cm.n9shteam2.top 411260cm.nyashka.top 415566cm.n9shteam2.top 417847cm.nyashsens.top 429517cm.nyashka.top 445443cm.n9shteam2.top 452132cm.n9shteam2.top 462708cm.n9shteam2.top 463281cm.n9shteam2.top 466037cm.n9shteam2.top 466329cm.n9shteam2.top 473366cm.n9shteam2.top 474452cm.n9shteam2.top 476258cm.n9shteam2.top 478925cm.n9shteam2.top 484997.prohoster.biz 485006.prohoster.biz 502647cm.n9shteam2.top 545735cm.n9shteam2.top 596048cm.n9shteam2.top 621287cm.n9shteam2.top 625492cm.n9shteam2.top 651186lm.nyashmyash.top 656709cm.n9shteam2.top 677846cm.n9shteam2.top 722659cl.nyashtop.top 741211cm.n9shteam2.top 782652cm.n9sh.top 784334cm.n9shteam2.top 791660cm.n9shteam2.top 797441cm.n9shteam2.top 800453cm.n9shteam2.top 810755cm.n9shteam2.top 812375cm.nyashkoon.top 815156cm.n9shteam2.top 826969cm.n9shteam2.top 849188cm.nyashka.top 851594cm.n9shteam2.top 865461cm.n9shteam2.top 913987cm.n9shteam2.top 918938cm.n9shteam2.top 931740cm.n9shteam2.top 93752cm.darkproducts.ru 946663cm.n9shteam2.top a0798240.xsph.ru a0988574.xsph.ru a0988906.xsph.ru a0990027.xsph.ru a0990904.xsph.ru a0992484.xsph.ru a0994587.xsph.ru a0995213.xsph.ru a0995880.xsph.ru a0996046.xsph.ru a0996099.xsph.ru a0996277.xsph.ru a0996330.xsph.ru a0996803.xsph.ru a0996805.xsph.ru a0997029.xsph.ru a0997172.xsph.ru a0997235.xsph.ru a0997287.xsph.ru a0997452.xsph.ru a0997464.xsph.ru a0997564.xsph.ru a0997621.xsph.ru a0997718.xsph.ru a0998491.xsph.ru a0998535.xsph.ru a0998701.xsph.ru a0998722.xsph.ru a0998768.xsph.ru a0998803.xsph.ru a0998834.xsph.ru a0998932.xsph.ru a0999045.xsph.ru a0999075.xsph.ru a0999252.xsph.ru a0999337.xsph.ru a0999396.xsph.ru a0999665.xsph.ru a0999723.xsph.ru a0999792.xsph.ru a0999840.xsph.ru a0999929.xsph.ru a1000048.xsph.ru a1000056.xsph.ru a1000330.xsph.ru a1000383.xsph.ru a1000454.xsph.ru a1000492.xsph.ru a1001668.xsph.ru a1002079.xsph.ru a1002185.xsph.ru a1002962.xsph.ru a1003569.xsph.ru a1003574.xsph.ru a1004647.xsph.ru a1005337.xsph.ru a1005682.xsph.ru a1005850.xsph.ru a1005873.xsph.ru a1006461.xsph.ru a1006920.xsph.ru a1007516.xsph.ru a1008223.xsph.ru a1008296.xsph.ru a1008315.xsph.ru a1008817.xsph.ru a1008986.xsph.ru a1009043.xsph.ru a1009060.xsph.ru a1009150.xsph.ru a1009608.xsph.ru a1010381.xsph.ru a1010630.xsph.ru a1010765.xsph.ru a1011033.xsph.ru a1011177.xsph.ru a1011239.xsph.ru a1011347.xsph.ru a1011643.xsph.ru a1011702.xsph.ru a1011924.xsph.ru a1012110.xsph.ru a1012449.xsph.ru a1013249.xsph.ru a1013311.xsph.ru a1013404.xsph.ru a1013814.xsph.ru abort.top an.cloudto.ru animefull.atwebpages.com antivirusaway.top article-coal.gl.at.ply.gg bakusw0t.beget.tech bedabeda.top boldenis44.top cb22792.tw1.ru cb87290.tw1.ru cc53534.tw1.ru cd40479.tw1.ru cf30785.tw1.ru cg69956.tw1.ru cg99620.tw1.ru ci15096.tw1.ru ck66916.tw1.ru cl14041.tw1.ru cl71096.tw1.ru co30059.tw1.ru co44847.tw1.ru code-yandex.ru coolray.top cp34023.tw1.ru cp57330.tw1.ru cp57435.tw1.ru cr47539.tw1.ru cr55307.tw1.ru cr94982.tw1.ru ct54429.tw1.ru cu12485.tw1.ru cu82103.tw1.ru cv10369.tw1.ru cw35214.tw1.ru cx76022.tw1.ru cy61024.tw1.ru cy70322.tw1.ru cz28920.tw1.ru cz36357.tw1.ru cz41806.tw1.ru cz45007.tw1.ru cz61492.tw1.ru f0979909.xsph.ru f0999104.xsph.ru f0999105.xsph.ru f0999297.xsph.ru f0999352.xsph.ru f1002548.xsph.ru f1003430.xsph.ru f1006727.xsph.ru f1007612.xsph.ru f1010716.xsph.ru f1011238.xsph.ru fqq121.beget.tech frrvoavx.beget.tech fsin.top hendai.top kolasau6.beget.tech loxlas.000webhostapp.com main-although.gl.at.ply.gg mortilove9.temp.swtest.ru novatek.top offsetupdater.top ozero.top papka.top podval.top romangw5.beget.tech sogaz.top testprogs.shop unsight-pistons.000webhostapp.com uwuerkz9.beget.tech yenot.top # Reference: https://x.com/banthisguy9349/status/1824132183889678795 http://147.45.44.145 # Reference: https://www.virustotal.com/gui/file/208d29a5abf1c101de44f416464e50a9c8bbe85fc2359e286b180b57e862d760/detection n9sh.top 798167cm.n9sh.top /providerVmpollServer.php # Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-0818) 178.73.192.10:5000 178.73.192.6:5000 178.73.218.16:5000 179.13.4.125:8013 46.246.12.18:5000 46.246.12.19:5000 46.246.12.7:9000 46.246.14.17:5000 46.246.14.17:9000 46.246.14.21:9090 46.246.4.13:5000 46.246.4.14:9090 46.246.6.12:5000 46.246.6.7:2121 46.246.80.13:5000 46.246.80.14:8000 46.246.80.22:9000 46.246.82.24:4040 46.246.82.26:5000 46.246.84.13:5060 46.246.84.19:9000 46.246.84.20:5000 46.246.86.11:5000 46.246.86.13:9090 5.238.25.214:22 # Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-08-18) 149387cm.n9sh.top 376294cm.n9sh.top 396218cm.n9shteam1.top 423836cm.nyashsens.top 613761cm.n9shteam1.top 764337cm.nyashsens.top a1013213.xsph.ru a1017163.xsph.ru cd45046.tw1.ru cg01126.tw1.ru ck93874.tw1.ru knafi2hc.beget.tech # Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-08-24) http://20.90.89.160 http://210.126.67.141 http://4.235.120.231 147.45.44.58:7777 179.13.4.53:8081 188.126.90.26:5000 193.233.74.21:7777 193.233.74.94:7777 46.246.12.10:9000 46.246.14.15:3000 46.246.14.15:5000 46.246.4.16:9000 46.246.4.18:9090 46.246.80.20:9090 46.246.82.13:5000 46.246.82.14:5000 46.246.84.12:5000 # Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-08-25) http://147.45.228.97 http://147.45.44.51 http://185.188.183.218 http://89.23.100.125 011949cm.n9sh.top 097430cm.n9sh.top 120555cm.n9sh.top 248810cm.n9sh.top 389075cm.n9sh.top 494375cm.n9sh.top 509349cm.n9sh.top 572335cm.n9sh.top 826430cl.nyashtop.top 941699cm.nyashsens.top 996175cm.nyashka.top a0929423.xsph.ru a1016039.xsph.ru a1017117.xsph.ru a1018296.xsph.ru a1018688.xsph.ru a1019243.xsph.ru a1019427.xsph.ru a1019796.xsph.ru agusha.top alp901g7.beget.tech cb23294.tw1.ru cb34021.tw1.ru ce63117.tw1.ru cf11739.tw1.ru cg77726.tw1.ru ci54113.tw1.ru cj11210.tw1.ru ck96248.tw1.ru cl35792.tw1.ru co74548.tw1.ru cx46156.tw1.ru cz23272.tw1.ru dmitreku.beget.tech dongga.beget.tech f1009203.xsph.ru f1019804.xsph.ru f1020631.xsph.ru fizika.top gopfopj6.beget.tech i3557434gm.temp.swtest.ru leroplan.beget.tech nekto2wj.beget.tech pw190.castledev.ru qfedorpmai.temp.swtest.ru qweqwe9i.beget.tech shizofrenia.top volki.top # Reference: https://www.virustotal.com/gui/file/70d06001f1172ce35fa5af56f7b6adb3800251ab9dfafcb8e1dc039300ff8952/detection http://89.22.230.240 # Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-07) http://20.151.56.117 http://4.204.24.194 http://4.248.59.179 119.91.157.193:8848 154.216.17.18:22078 178.73.192.20:5000 207.246.99.14:1024 23.237.106.58:9999 23.237.106.59:9999 23.237.106.60:9999 23.237.106.62:9999 27.124.45.77:8848 46.246.12.9:5000 46.246.4.10:5000 46.246.4.3:5000 46.246.4.4:5000 46.246.6.6:8080 46.246.6.6:9090 46.246.80.11:5000 46.246.80.16:4040 46.246.80.17:5000 46.246.80.7:5000 46.246.82.14:4040 46.246.84.12:8080 46.246.84.15:9000 46.246.84.4:5000 46.246.86.12:8000 46.246.86.16:8000 46.246.86.20:8080 46.246.86.2:9090 46.246.86.5:5000 94.156.68.149:25565 # Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-09-08) http://121.199.58.53 http://185.106.93.197 http://188.120.227.56 http://193.233.203.181 http://45.14.165.5 http://45.93.9.248 http://91.214.78.75 http://92.63.98.227 http://94.158.244.70 101.99.94.128:3232 111.230.96.32:8848 123.249.104.74:8848 125.124.181.56:22 154.216.17.18:22077 154.44.26.105:8848 159.65.169.173:8181 176.96.138.192:2222 182.188.47.2:7777 185.146.88.217:1024 193.233.203.181:1194 193.233.203.181:443 202.228.199.54:2323 209.126.4.168:8848 43.199.93.110:4433 45.14.165.5:1194 45.14.165.5:443 45.93.9.248:1194 45.93.9.248:443 47.120.52.176:8848 47.242.234.131:8848 51.77.103.216:8520 51.81.168.153:2000 54.94.248.37:11978 78.135.83.58:6666 80.76.49.178:3232 857728cm.n9sh.top 89.105.201.98:4443 89.105.201.98:4444 89.105.201.98:8080 89.105.201.98:8090 91.193.18.135:1194 91.193.18.135:443 91.92.246.196:8080 222725cm.n9shka.top 290277cm.nyashkoon.top 304550cm.n9shka.top 334972cm.n9shka.top 380681cm.n9shka.top 426314cm.n9sh.top 438772cm.n9shka.top 621196cl.nyashtop.top 671893cm.n9shka.top 692143cm.n9shka.top 728996cm.n9sh.top 732376cm.nyashkoon.top 917166cm.n9shka.top 921773cm.n9sh.top 966193cm.n9shka.top a1009742.xsph.ru a1014692.xsph.ru a1020713.xsph.ru a1021235.xsph.ru a1021266.xsph.ru a1021292.xsph.ru a1023624.xsph.ru a1023737.xsph.ru a1024319.xsph.ru a1024868.xsph.ru baevanbw.beget.tech cb41196.tw1.ru ce73945.tw1.ru ce80336.tw1.ru cm17453.tw1.ru co60610.tw1.ru cq96782.tw1.ru cu14777.tw1.ru cv30339.tw1.ru cv79241.tw1.ru cw67355.tw1.ru cz38275.tw1.ru did1.uebki.one f1017118.xsph.ru f1022242.xsph.ru gugol.top hvatit.top ludocju4.beget.tech mamka.top mioww.uebki.one moscowteslaclub.top n9shka.top okidoki.top otkaz.top rbgamer-filespro.ru rtx4090.top uebki.one # Reference: https://www.virustotal.com/gui/file/3bdd649201ba70b2484745554f2f008fc76862312375e4913b1774dd29445ac9/detection 185.241.208.90:8848 # Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-14) http://185.203.241.115 http://4.233.193.26 136.244.80.89:1024 148.113.165.11:4242 217.195.197.55:1604 45.77.179.49:8443 46.246.12.15:5000 46.246.12.5:5000 46.246.14.16:5000 46.246.80.13:8080 46.246.80.13:9090 46.246.80.22:9090 46.246.82.8:8000 46.246.84.17:9090 94.156.65.202:1337 # Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-22) 102.186.190.17:8080 124.221.231.247:8848 185.216.71.46:7777 188.126.90.5:5000 45.77.66.31:1024 46.246.12.23:9000 46.246.14.24:5000 46.246.4.17:9090 46.246.80.17:4040 46.246.82.10:5000 46.246.84.12:9000 # Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-09-22) http://31.177.108.211 http://45.154.99.246 http://89.208.79.252 103.74.101.154:4449 124.221.231.247:8848 159.69.241.51:2011 185.216.71.46:7777 188.126.90.5:5000 197.60.80.16:4444 217.195.197.230:1604 39.50.160.221:6906 45.77.66.31:1024 46.246.12.23:9000 46.246.14.24:5000 46.246.4.17:9090 46.246.80.17:4040 46.246.82.10:5000 46.246.84.12:9000 65.38.120.76:8080 77.0.77.52:10000 20789cm.darkproducts.ru 292192cl.nyashtop.top 383852cm.n9shka.top 468198cl.nyashtop.top 598828cm.n9shka.top 696969cm.n9shka.top a1017742.xsph.ru a1028861.xsph.ru a1030351.xsph.ru a1031033.xsph.ru cd73139.tw1.ru cn54248.tw1.ru cq36570.tw1.ru f1019049.xsph.ru govnos3z.beget.tech naratnik888.whf.bz /vm_httpUpdateAuthsqlWp.php # Reference: https://x.com/Gi7w0rm/status/1838836517013233815 # Reference: https://www.virustotal.com/gui/file/e9450aa208965d3e3d5efccf2fd9ae3642abcdede294d5dee508a0ca626c039e/detection 190.9.223.135:8848 191.98.25.251:8848 192.169.69.26:8848 dcrat2024.duckdns.org # Reference: https://www.virustotal.com/gui/file/677b4709af196f4218f038449bd9959a7fe63b2ee2554e69879c04bfaa7e191c/detection 209.105.248.135:6060 centrodecontrol2050.duckdns.org respaldo2.duckdns.org # Reference: https://www.netskope.com/blog/dcrat-targets-users-with-html-smuggling # Reference: https://github.com/netskopeoss/NetskopeThreatLabsIOCs/tree/main/Malware/DCRat/IOCs # Reference: https://www.virustotal.com/gui/file/763c1f21d22b7215d36e2dbd52d141d71d9e540c19f631f63f151c283b91f0d8/detection cr87986.tw1.ru # Reference: https://www.virustotal.com/gui/ip-address/80.211.144.156/relations (# 2024-09-29) # Reference: https://www.virustotal.com/gui/file/4f9c83cd1a87d23bee4377b34806e9fc669aac598db042f4b98bac1a00359a7d/detection 002806cm.nyashka.top 002944cm.nyashland.top 003958cm.nyashland.top 004649m.dccrk.top 005185cm.nyashsens.top 005334cm.nyashsens.top 005662cm.n9shteam3.top 005664cm.nyashnyash.top 006122cm.n9shka.top 006765cm.nyashkoon.top 010239cm.nyashland.top 011966cm.n9sh.top 012257cm.nyashnyash.top 012909cm.n9shka.top 013230cm.nyashland.top 016502cm.n9shteam1.top 017731cm.nyashsens.top 017766cm.nyashland.top 018910cm.n9shteam1.top 021473ll.nyashmyash.top 027243cm.nyashland.top 027582cm.n9shteam1.top 027715cm.n9shteam3.top 029179cm.nyashland.top 029604cm.n9shteam1.top 036108cm.n9shteam3.top 036935cm.nyashsens.top 040948cm.nyashcrack.top 041240cm.nyashkoon.top 041510cm.n9shteam1.top 041833lm.nyashmyash.top 043122cm.n9shteam1.top 043159cm.n9shteam1.top 043409cm.nyashkoon.top 043460cm.nyashcrack.top 044849lm.nyashkoon.top 045412lm.nyashmyash.top 046827cm.n9shteam1.top 048229cm.n9shteam3.top 048363cm.nyashka.top 049939cm.nyashcrack.top 054885cm.nyashsens.top 056446cm.nyashkoon.top 056618cm.nyashsens.top 056973lm.nyashnyash.top 058828cm.nyashcrack.top 059221cm.nyashcrack.top 061636cm.nyashnyash.top 061657cm.nyashkoon.top 063428cm.nyashsens.top 068166cm.n9sh.top 068654lm.nyashmyash.top 072585cm.n9shteam1.top 072638cm.nyashtyan.top 073218cm.n9shka.top 074212cm.nyashcrack.top 078417cm.nyashkoon.top 080456cm.nyashka.top 080467lm.nyashnyash.top 083053cm.nyashnyash.top 086192cm.nyashcrack.top 088312lm.nyashkoon.top 088347lm.nyashmyash.top 089429cm.n9shteam3.top 092152cm.nyashmyash.top 092655cm.n9shteam3.top 095414lm.nyashmyash.top 095845cm.nyashnyash.top 096931cm.nyashsens.top 098042cm.n9shteam1.top 099209cm.nyashcrack.top 101344cm.n9shteam3.top 103841cm.nyashka.top 105187cm.nyashtech.top 105833lm.nyashmyash.top 107364cm.nyashkoon.top 107683ll.nyashmyash.top 119719cm.nyashkoon.top 120706cm.nyashsens.top 123848cm.n9shka.top 124027m.dccrk.top 126613cm.nyashkoon.top 126810cm.n9sh.top 127733cm.nyashkoon.top 128293cm.n9shteam3.top 128441m.dccrk.top 128538cm.n9shteam3.top 128929lm.nyashmyash.top 133727cm.nyashnyash.top 134716lm.nyashnyash.top 136337cm.n9shteam3.top 141217cm.n9shteam3.top 142716cm.n9shka.top 146217cm.n9shteam1.top 146348cm.n9shteam1.top 14655m.dccrk.top 153039cm.nyashkoon.top 153912m.dccrk.top 155054cm.n9shteam1.top 155560cm.n9shteam1.top 156359cm.n9shka.top 156704cm.n9shteam1.top 157306cm.nyashkoon.top 157949cm.nyashmyash.top 159893lm.nyashnyash.top 165767cm.nyashka.top 166970cm.n9sh.top 167463cm.nyashsens.top 167731cm.n9shteam1.top 169394cm.n9shka.top 169981cm.n9shteam1.top 171470cm.nyashkoon.top 172454cm.nyashnyash.top 172515cm.nyashnyash.top 175353cm.nyashnyash.top 175635cm.nyashkoon.top 176706cm.n9shteam1.top 180495cm.nyashsens.top 186255m.dccrk.top 187368cm.nyashland.top 195007cm.n9shteam3.top 195015cm.nyashsens.top 197771cm.nyashkoon.top 197816m.dccrk.top 198908cm.n9shteam1.top 199058m.dccrk.top 200616cm.n9shteam3.top 205351cm.nyashnyash.top 206171cm.nyashcrack.top 206407cm.nyashmyash.top 207872cm.nyashsens.top 209730cm.nyashsens.top 209808cm.n9sh.top 211277cm.nyashland.top 211648cm.nyashsens.top 213695cm.nyashka.top 218200cm.nyashkoon.top 218772cm.nyashtyan.top 223233lm.nyashsens.top 226723cm.nyashnyash.top 229261cl.nyashtop.top 233416cm.n9shteam3.top 23412lm.aidvwbpa.top 234478cm.nyashland.top 234783cm.n9shteam3.top 238891cm.n9shteam1.top 241746cm.n9sh.top 242106cm.nyashtech.top 244576m.dccrk.top 245918cm.n9sh.top 246693cm.nyashkoon.top 250259cm.nyashcrack.top 250317cm.n9sh.top 251891cm.n9shteam3.top 253965m.dccrk.top 256705cm.nyashkoon.top 257270cm.nyashnyash.top 258345cm.nyashmyash.top 258414cm.n9shka.top 262155cm.nyashtyan.top 267581cm.nyashkoon.top 267991cm.n9shka.top 268064cm.n9shteam3.top 273604lm.nyashkoon.top 274249cm.n9shteam3.top 275877cm.n9sh.top 276067lm.nyashkoon.top 278375cm.nyashland.top 278494cm.nyashnyash.top 280023cm.n9shteam1.top 282697cm.nyashcrack.top 285935lm.nyashnyash.top 286420cm.nyashland.top 287013lm.nyashmyash.top 287327lm.nyashkoon.top 288263cm.n9shteam3.top 289259cm.nyashkoon.top 290693cm.nyashtyan.top 293709cm.n9sh.top 294401cm.n9shteam1.top 295615cm.nyashkoon.top 297701cm.n9shka.top 298518cm.n9shteam3.top 299962cm.nyashsens.top 300276cm.n9sh.top 301152cm.nyashkoon.top 303449cm.nyashka.top 305701cm.n9shteam1.top 306039cm.nyashcrack.top 310095cm.nyashkoon.top 311291cm.nyashcrack.top 314657lm.nyashmyash.top 315162cm.n9shteam3.top 316897cm.newnyash.top 317140cm.nyashkoon.top 318874cm.n9sh.top 319983cm.n9sh.top 322879lm.nyashmyash.top 322914cm.nyashland.top 328737cm.n9shteam1.top 330350cm.n9shteam1.top 330785cm.nyashtech.top 334188cm.n9sh.top 341549cm.n9shteam2.top 345435cm.nyashland.top 346560cm.nyashkoon.top 347760cm.nyashnyash.top 34897cm.nyashland.top 349786cl.nyashtop.top 350575cm.nyashland.top 351450cm.n9shteam3.top 353501cm.n9shteam1.top 353735lm.nyashmyash.top 353915cm.n9shteam3.top 354690cm.n9shka.top 356753cm.nyashkoon.top 360427cm.n9shka.top 365011cm.nyashnyash.top 365908m.dccrk.top 365939cm.n9shteam1.top 368031cm.nyashland.top 368271cm.nyashcrack.top 370270cm.n9shteam3.top 370946cm.nyashtyan.top 373563cm.nyashland.top 374286cm.n9shteam3.top 374865cm.nyashcrack.top 376136cm.nyashkoon.top 377950cm.n9shteam1.top 379803cm.nyashland.top 380905cm.nyashnyash.top 385725cm.nyashkoon.top 387617cm.nyashkoon.top 391369cm.nyashnyash.top 391685cm.nyashkoon.top 395882cm.nyashtyan.top 396046lm.nyashsens.top 396388cm.nyashcrack.top 398029cm.nyashkoon.top 399327lm.nyashsens.top 399491cm.nyashcrack.top 402523cm.nyashland.top 402951cm.nyashtyan.top 404705cm.n9shteam1.top 406577cm.n9shteam1.top 407575cm.nyashmyash.top 407916cm.n9shka.top 409728cm.nyashkoon.top 411434cm.nyashsens.top 413466cm.n9shteam2.top 413955cm.nyashtyan.top 414436cm.n9shteam3.top 414636cm.n9sh.top 414792cm.n9shteam3.top 415366cm.nyashka.top 417012lm.nyashmyash.top 417668cm.nyashka.top 418257cm.n9shteam1.top 423159cm.nyashsens.top 424983cm.nyashkoon.top 429625cm.nyashcrack.top 429680cm.n9shteam1.top 430236lm.nyashmyash.top 432581cm.nyashkoon.top 438288cl.nyashtop.top 439157cm.n9shteam1.top 439875cm.nyashnyash.top 441160cm.n9shka.top 442883cm.n9shka.top 443056cm.nyashtyan.top 445742cm.nyashsens.top 446068cm.nyashsens.top 449040cm.n9shteam1.top 450314cm.n9shteam1.top 451203cm.n9shka.top 452568lm.nyashmyash.top 454189cm.nyashkoon.top 454374cm.nyashsens.top 454431cm.n9sh.top 456424cm.n9sh.top 457041cm.nyashnyash.top 464287lm.nyashmyash.top 464701m.dccrk.top 465584cm.nyashnyash.top 468841cm.nyashkoon.top 469208m.dccrk.top 472704cm.n9shteam1.top 473941cm.n9shteam1.top 476072cm.nyashsens.top 477102cm.nyashkoon.top 478225cm.nyashnyash.top 478712cm.n9shteam1.top 479898cm.nyashsens.top 479926cm.n9shteam1.top 480666cm.n9sh.top 481374cm.nyashsens.top 484393cm.nyashtyan.top 486630lm.nyashnyash.top 488150cm.n9sh.top 488417cm.n9shteam1.top 491131cm.n9shteam1.top 492028lm.nyashsens.top 495626cm.nyashcrack.top 496238cm.nyashland.top 498288cm.nyashsens.top 498984cm.nyashland.top 499862cl.nyashmyash.top 503213m.dccrk.top 508474cm.nyashland.top 510061cm.nyashkoon.top 510978lm.nyashnyash.top 512325cm.nyashcrack.top 512795cm.n9sh.top 519519cm.n9sh.top 519600cl.nyashtop.top 522815cm.n9shteam1.top 523027lm.nyashmyash.top 523185cm.nyashtyan.top 525632cm.nyashsens.top 528238cm.nyashkoon.top 529258cm.n9shka.top 531054cm.nyashland.top 531423cm.nyashnyash.top 531481cm.nyashtyan.top 533577cm.nyashcrack.top 535700cl.nyashtop.top 539545m.dccrk.top 540137cm.nyashsens.top 541396cm.nyashnyash.top 542032cm.nyashcrack.top 543888cl.nyashtop.top 544147cm.nyashtyan.top 546474cm.nyashland.top 547186cm.n9shteam1.top 549578cm.n9sh.top 550074lm.nyashkoon.top 552906cm.n9shteam1.top 555661cm.nyashcrack.top 556462cm.nyashnyash.top 556822cm.n9shteam1.top 560135cm.n9shteam1.top 560216cm.n9shteam2.top 562581cm.n9shteam1.top 565138cm.n9shteam1.top 567146cm.nyashcrack.top 567331cm.n9shka.top 568547cm.nyashkoon.top 571019cm.n9shteam1.top 572810cm.nyashkoon.top 573932cm.nyashkoon.top 573936cm.nyashmyash.top 574565cm.renyash.top 576138cm.nyashkoon.top 576585cm.n9shteam1.top 576919cm.nyashcrack.top 577072cm.n9shteam1.top 583538cm.nyashsens.top 583784cm.n9shka.top 585362lm.nyashkoon.top 586238cm.n9shteam3.top 587986cm.n9shteam2.top 588842cl.nyashmyash.top 590908cm.nyashka.top 591416cm.n9shteam3.top 592065m.dccrk.top 592486cm.nyashka.top 593011cm.nyashsens.top 594712cm.nyashkoon.top 595506cm.n9shka.top 595918cm.nyashkoon.top 598239cm.n9shteam1.top 601693cm.nyashkoon.top 602463cm.nyashsens.top 604164cm.n9shteam3.top 607896cm.nyashsens.top 608901cm.nyashland.top 613809lm.nyashkoon.top 614818cm.n9shteam1.top 615994cm.nyashnyash.top 617866cm.nyashkoon.top 618628cm.nyashcrack.top 619697cm.n9sh.top 619757cm.nyashnyash.top 621756cm.n9shteam1.top 626299cm.nyashcrack.top 628902cm.nyashcrack.top 631047cm.n9shka.top 632976cm.n9shteam1.top 633618cm.n9shteam1.top 636906cm.nyashsens.top 637472cm.nyashcrack.top 638220cm.n9shteam1.top 638250cm.nyashnyash.top 641489cm.nyashcrack.top 644143cm.nyashkoon.top 644882lm.nyashsens.top 645446cm.n9shteam1.top 646667lm.nyashkoon.top 649987cm.nyashcrack.top 651949lm.nyashkoon.top 652739cm.nyashcrack.top 657001cm.nyashsens.top 657896cm.nyashkoon.top 658966cm.n9shka.top 659257cm.n9shteam1.top 659417cm.nyashka.top 661549cm.n9shteam3.top 662675cm.n9shteam3.top 663715cm.n9shteam2.top 664930cm.n9shka.top 666497cm.nyashnyash.top 668798cm.nyashsens.top 669630cm.n9shteam1.top 671550cm.n9shteam1.top 672971cm.nyashkoon.top 674341cm.n9shteam3.top 679335cm.n9shteam1.top 680690cm.n9shteam1.top 680736cm.n9sh.top 682036lm.nyashmyash.top 684248cm.nyashcrack.top 684288lm.nyashsens.top 686694m.dccrk.top 687155cm.n9shteam1.top 688096cm.nyashcrack.top 690000cm.n9shteam3.top 690038lm.nyashkoon.top 690769cm.nyashtyan.top 692215cm.n9sh.top 694478cm.n9shteam1.top 695776cm.nyashka.top 695867cm.nyashnyash.top 695928cm.nyashland.top 696588cm.nyashland.top 697028cm.nyashcrack.top 697469cm.nyashsens.top 698257cm.n9shteam1.top 699671cm.nyashnyash.top 699837cm.nyashtech.top 7007lc.nyashkoon.top 700908cm.nyashkoon.top 701541cm.nyashka.top 702684cm.n9shteam1.top 703115ll.nyashmyash.top 703506cm.n9shteam1.top 706391lm.nyashsens.top 706812ll.nyashmyash.top 707078cm.n9shteam1.top 707500cm.n9shteam1.top 710734m.dccrk.top 710998cm.n9shteam1.top 712600cm.nyashland.top 717182cm.nyashland.top 718244cm.nyashsens.top 720466cm.nyashnyash.top 724156cm.nyashland.top 724714cm.nyashnyash.top 729538lm.nyashnyash.top 730980cm.nyashland.top 730994cm.n9sh.top 731065cm.n9shteam3.top 736021cm.n9shteam1.top 737201cm.nyashsens.top 737484cm.nyashsens.top 741402cm.nyashkoon.top 742667cm.n9shteam1.top 743919cm.nyashtyan.top 749312cm.nyashnyash.top 749563cm.n9shka.top 750538cm.n9shka.top 752518cm.nyashmyash.top 756451cm.n9shteam1.top 756772cm.n9shteam3.top 757221cm.nyashkoon.top 758069cm.nyashka.top 758936cm.newnyash.top 761245cm.nyashcrack.top 762229cm.nyashkoon.top 762250cm.nyashkoon.top 762449cl.nyashmyash.top 763167cl.nyashmyash.top 763927cm.n9sh.top 764133cm.nyashkoon.top 767348cm.n9shteam3.top 767361m.dccrk.top 768237cm.nyashtyan.top 772131cm.nyashsens.top 773531cm.nyashsens.top 776854cm.nyashnyash.top 777019cm.nyashland.top 778617lm.nyashmyash.top 779642cm.nyashland.top 781919cm.n9shka.top 783640cm.nyashkoon.top 784323cm.nyashland.top 786029cm.n9shteam3.top 791009cm.n9shteam3.top 792288cm.nyashkoon.top 794480cm.nyashnyash.top 795467cm.nyashnyash.top 795748cm.nyashland.top 796027cm.n9shteam1.top 797918cm.nyashmyash.top 799761cm.nyashcrack.top 800935cl.nyashtop.top 803914cm.nyashtyan.top 808416cm.n9shteam1.top 809624cm.nyashland.top 809829lm.nyashmyash.top 812140cm.n9shka.top 812613cm.nyashland.top 812728lm.nyashsens.top 813882cm.nyashnyash.top 815983cm.n9shteam3.top 816056cm.nyashtyan.top 816600cm.nyashtyan.top 818328cm.nyashland.top 819956cm.n9shteam3.top 822243cm.nyashtyan.top 822797cm.n9shka.top 822817cm.nyashsens.top 826522cl.nyashmyash.top 827539m.dccrk.top 831199cm.nyashsens.top 831960cm.nyashcrack.top 834329cm.n9shteam3.top 841019cm.nyashnyash.top 842174cm.n9sh.top 847687cm.nyashland.top 847952ll.nyashmyash.top 848452cm.nyashkoon.top 848748lm.nyashkoon.top 853719cm.nyashland.top 854242cm.n9sh.top 856622cm.nyashsens.top 856918cm.n9shteam3.top 857377cm.nyashsens.top 858915cm.nyashtyan.top 860108cm.nyashka.top 860618cm.nyashkoon.top 866199cm.nyashkoon.top 867043lm.nyashsens.top 867059m.dccrk.top 868047cm.nyashnyash.top 871720cm.n9shteam3.top 872900cm.nyashsens.top 878926cm.n9shteam3.top 879315cm.nyashland.top 879618cm.nyashka.top 879747cl.nyashmyash.top 881783cm.nyashland.top 882574cm.nyashkoon.top 884050cm.n9shteam3.top 887953cm.n9shka.top 88888cl.n9shteam1.top 891483cm.nyashkoon.top 892188cm.nyashnyash.top 892534cm.nyashtyan.top 896389cm.n9shteam3.top 896906cm.nyashcrack.top 896933cm.nyashkoon.top 897270cm.nyashkoon.top 897712cm.n9shka.top 899848cm.n9shteam1.top 902241cm.nyashkoon.top 902893lm.nyashmyash.top 904130cm.n9shka.top 904908cm.nyashka.top 905533cm.n9shka.top 905719cm.nyashland.top 906597cm.n9sh.top 911520cm.nyashtyan.top 912308cm.n9shka.top 912729m.dccrk.top 915197cm.nyashtop.top 915651cm.n9shteam3.top 915932m.dccrk.top 918576cm.n9shteam1.top 924580cm.nyashcrack.top 931620cm.n9shteam1.top 933009cm.nyashkoon.top 934211cm.nyashsens.top 935056cm.nyashcrack.top 935913cm.nyashmyash.top 936699m.dccrk.top 937509cm.n9shteam1.top 941100lm.nyashkoon.top 941806cm.nyashsens.top 945197cl.nyashtop.top 945424cm.nyashsens.top 946576cm.n9shteam3.top 947044cm.nyashmyash.top 954354cl.nyashmyash.top 954591cm.nyashsens.top 955715cm.n9shteam3.top 956977cm.nyashsens.top 958647cm.n9shteam1.top 959719cm.nyashcrack.top 961760cm.n9shteam1.top 962045cl.nyashtop.top 962473cm.nyashkoon.top 964838cm.nyashtyan.top 966974cm.nyashland.top 967918cm.n9shteam1.top 968085cm.nyashkoon.top 968620cm.nyashkoon.top 971936lm.nyashkoon.top 973164cm.nyashsens.top 973800cm.nyashsens.top 975763cm.n9shteam1.top 976435cm.nyashtyan.top 978393cm.nyashnyash.top 981800cm.n9shka.top 981904ll.nyashmyash.top 984720lm.nyashsens.top 984746cm.nyashtyan.top 992894lm.nyashmyash.top 993485cm.nyashland.top 994110cm.n9shteam1.top 996506cm.nyashnyash.top aezakmid.top aidvwbpa.top alphauser.top alwaysupdate.top animegame.top ariarea.top astonmartin.top autovaz.top balashiha.top barashek.top batya.top bonedino.top braindown.top brainoclock.top brokendus.top bundlepro.top campingtop.top cartofheart.top checkme.top chenhuahua.top codeproga.top coneforest.top controlreg.top cpcontacts.securitycheck.top cryptoaboba.top d0k.top dablyat.top dc.dccr.ru dc.dccrk.top decription.top desyatochek.top devnyash.top diksi.top dirol.top dmacard.top domneed.top doorplace.top dotspace.top durka.top dvatri.top easyanime.top engupto.top eternitysys.top expectum.top faceuptable.top fbiopenup.top finalbattle.top flipupto.top fls-fe.securitycheck.top fls-na.securitycheck.top freeputin.top galochka.top glagol.top golenos.top googlechromeportable.top googlizamenya.top goski.top gosnarkocontrol.top gpdwin.top hardsystem.top haval.top healthya.top hellokitty.top hesoyam.top housedown.top hvhmovie.top hypetrain.top iddqd.top images-na.securitycheck.top ironres.top jqueryui.top katcut.top kimonomagic.top kitaets.top kitekat.top klodvandam.top ladno.top lapki.top lgg6.top liberalspawned.top lk.sudorat.ru localcdndownload.top lololowka.top lolzteam.top m-media-amazon.securitycheck.top magnit.top marchapril.top megaengine.top megaforce.top megapascal.top megaphone.top megaproject.top memegen.top memflow.top merlion.top mersedes.top micropatch.top mihoyolab.top milasya.top minedownload.top mitsubishi.top monitortraf.top morzyanka.top moskvich.top mshta.top multiofficial.top mvdrf.top mvidio.top namesearch.top nazvanie.top neurokek.top nixware.top noburo.top nogami.top notactual.top notbalbec.top nothost.top novolink.top nukebomb.top nyanya.top offlinewas.top ogurec.top opensrc.top orphanor.top otval.top patronusus.top perepelka.top perfecteasy.top petuh.top pohooy.top porshe.top porzhat.top postpre.top pphud.top premiumultra.top projectt.top proprietary.top prosti.top prowaifu.top prre.top publicdata.top pyaterochka.top rabbitcsgo.top ratelimit.top razreshayu.top rdponline.top recoder.top registratio.top renyash.top rlynottop.top rollsroys.top rosatom.top rostelecom.top rostex.top royalmail.novatek.top samsa.top sanandreas.top sardelka.top sasok.top secureupdate.top securitycheck.top seouptime.top seroi.top serviceworker.top shto.top shtuka.top smartpaid.top socksmy.top softline.top soglasen.top spacexyz.top sportloto.top strepsils.top subscribeme.top supporthere.top tagaz.top tatneft.top tavoetogo.top tazik.top tele2.top teroborona.top test.magnit.top todoany.top tonna.top topnomer.top tryagain.top typebloom.top uffyaa.top ultratop.top umvd.top unagi-fe.securitycheck.top vetka.top virtualreal.top vkontakt.top vsratost.top warpath.top wentaway.top whoisyou.top whware.top x5group.top yeahnot.top yetanotherpaste.top yourwfu.top zelenka.top zelensky.top /RequestlongpolllinuxTrafficlocalpublicUploads.php # Reference: https://www.virustotal.com/gui/file/209314d8a75568265d25c58ab5be74f4793d314a1fa6031c5fc51dde38baff45/detection http://147.45.77.108 193.233.113.198:1726 # Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-10-13) 171.113.130.94:6079 171.80.251.128:25565 178.159.43.116:10443 179.13.2.251:9090 185.181.0.20:1024 185.181.0.21:1024 190.70.117.83:7998 216.241.141.4:8848 217.195.197.135:1604 23.237.174.2:7979 23.237.174.3:7979 39.101.122.168:9999 4.233.217.245:1024 43.138.225.212:8888 45.74.34.32:1995 46.246.12.11:5000 46.246.12.18:9090 46.246.14.13:8080 46.246.4.22:8080 46.246.6.14:8080 46.246.6.6:5000 46.246.80.12:6060 46.246.80.4:8080 46.246.80.5:9090 46.246.82.4:8080 46.246.82.8:8080 46.246.84.12:4040 46.246.84.15:8080 46.246.86.17:9000 87.120.127.57:1024 91.92.254.114:3030 91.92.254.46:3030 93.123.39.131:1337 # Reference: https://x.com/Tac_Mangusta/status/1846329712433680557 # Reference: https://www.joesandbox.com/analysis/1534777#iocs corp-grass-plastic-ventures.trycloudflare.com playing-res-alert-rational.trycloudflare.com # Reference: https://www.virustotal.com/gui/ip-address/190.240.48.29/relations # Reference: https://www.virustotal.com/gui/file/a74cc5cddbc77c63f202cc198442b0982c30a2e192b65f61fa9162278cb429b8/detection 190.240.48.29:2727 12septiembre.con-ip.com agosto13.con-ip.com azul.accesscam.org castanojulian1111.chickenkiller.com fuertefuerte.accesscam.org octubre100.con-ip.com octubre18.ydns.eu octubre212024.giize.com octubre242024.casacam.net octubre7.con-ip.com octubre8.con-ip.com octubre9.con-ip.com septiembre09.con-ip.com septiembre11.con-ip.com # Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-11-06) http://141.8.192.217 http://185.114.245.123 a1049078.xsph.ru a1049238.xsph.ru ca26657.tw1.ru f1032430.xsph.ru pedrobyst.beget.tech pizdi2m7.beget.tech web4067.craft-host.ru # Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-11-10) http://103.124.101.168 104.234.30.23:4444 121.127.232.86:1433 121.127.232.87:1433 121.127.232.88:1433 152.201.184.235:8000 152.201.184.91:2000 152.204.165.90:8000 154.198.50.4:8080 167.0.196.114:2000 179.13.10.157:8081 181.236.112.169:8000 194.190.152.111:1194 23.237.174.4:7979 45.77.91.238:10066 46.246.12.17:8000 46.246.14.10:5000 46.246.14.11:5000 46.246.14.12:8080 46.246.14.18:5000 46.246.4.15:9000 46.246.4.20:8000 46.246.6.19:8000 46.246.82.11:8080 46.246.82.14:8080 46.246.82.15:8000 46.246.82.15:9090 46.246.82.17:5000 46.246.82.21:8080 46.246.82.5:8080 46.246.82.7:9090 46.246.84.17:5000 93.123.109.33:8848 93.123.109.34:8848 # Reference: https://www.virustotal.com/gui/file/48ee878fefc7d5d9df66fc978dfaafcfb61129acf92b1143e1b865ab292be9f0/detection 45.135.232.38:35650 dckast.duckdns.org # Reference: https://www.virustotal.com/gui/file/9707cb0a265a33cfe0f452c65a67fcf2a2cd839ae5db5fb3e824c764b279ee72/detection 179.14.9.145:3016 dcrat24.duckdns.org # Reference: https://www.virustotal.com/gui/file/b026259f2b7111c2f22846579fee6daf50b10a983eaa91d4e1f93c65d4887348/detection # Reference: https://www.virustotal.com/gui/file/fa0819b8d077102f6b7da46aadc38de45c0b1a60521b13d87defc1ab5fffef1b/detection 179.14.9.145:3013 dcrat13.duckdns.org # Reference: https://www.virustotal.com/gui/ip-address/179.14.9.145/relations envnue1024.duckdns.org sostexampp.duckdns.org # Reference: https://x.com/banthisguy9349/status/1866947676245463090 http://141.8.192.138 http://141.8.192.151 http://195.201.34.199 http://62.60.246.26 http://81.169.145.78 http://87.236.19.78 21567cm.darkproducts.ru 28951cm.darkproducts.ru a0534681.xsph.ru a1039170.xsph.ru a1043195.xsph.ru a1043329.xsph.ru a1046988.xsph.ru a1047148.xsph.ru a1047149.xsph.ru a1047204.xsph.ru a1047552.xsph.ru a1047563.xsph.ru a1047595.xsph.ru a1047756.xsph.ru a1047782.xsph.ru a1047839.xsph.ru a1048005.xsph.ru a1048313.xsph.ru a1048372.xsph.ru a1048688.xsph.ru a1048969.xsph.ru a1049140.xsph.ru a1049588.xsph.ru a1049638.xsph.ru a1049698.xsph.ru a1050789.xsph.ru a1050793.xsph.ru a1051092.xsph.ru a1051246.xsph.ru a1051443.xsph.ru a1051469.xsph.ru a1051742.xsph.ru a1051820.xsph.ru a1051905.xsph.ru a1052154.xsph.ru a1052268.xsph.ru a1052429.xsph.ru a1052477.xsph.ru a1052676.xsph.ru a1053204.xsph.ru a1053300.xsph.ru a1053365.xsph.ru a1053784.xsph.ru a1053795.xsph.ru a1053995.xsph.ru a1054006.xsph.ru a1054138.xsph.ru a1054327.xsph.ru a1054696.xsph.ru a1055021.xsph.ru a1055365.xsph.ru a1055553.xsph.ru a1055874.xsph.ru a1055970.xsph.ru a1056005.xsph.ru a1057638.xsph.ru a1057856.xsph.ru a1058850.xsph.ru a1059028.xsph.ru a1059196.xsph.ru a1060175.xsph.ru a1060367.xsph.ru a1060391.xsph.ru a1060878.xsph.ru a1060897.xsph.ru a1060903.xsph.ru a1061758.xsph.ru a1062249.xsph.ru a1062538.xsph.ru a1062569.xsph.ru a1062767.xsph.ru a1062999.xsph.ru a1063206.xsph.ru a1063944.xsph.ru a1064048.xsph.ru a1064570.xsph.ru a1064609.xsph.ru a1064909.xsph.ru a1066271.xsph.ru a1066275.xsph.ru a1066603.xsph.ru a1066647.xsph.ru a1066999.xsph.ru a1067376.xsph.ru a1067494.xsph.ru a1068232.xsph.ru a1068999.xsph.ru a1069594.xsph.ru a1069666.xsph.ru a1069976.xsph.ru a1070052.xsph.ru a1070053.xsph.ru a1070073.xsph.ru a1070107.xsph.ru a1070366.xsph.ru a1070438.xsph.ru a1070590.xsph.ru a1070666.xsph.ru a1070702.xsph.ru a1070985.xsph.ru a1071097.xsph.ru a1071121.xsph.ru a1071196.xsph.ru a1071290.xsph.ru a1071405.xsph.ru a1071602.xsph.ru a1071664.xsph.ru a1071765.xsph.ru a1071864.xsph.ru a1071976.xsph.ru a1072183.xsph.ru a1072517.xsph.ru a1072615.xsph.ru a1072830.xsph.ru a1072840.xsph.ru arabna4a.beget.tech assitsguard.xyz brovetop.beget.tech buddyqr.beget.tech burjuiwm.beget.tech ca91547.tw1.ru cheateyh.beget.tech cj46586.tw1.ru cx70760.tw1.ru darkproducts.ru f0503304.xsph.ru f0516078.xsph.ru f0854165.xsph.ru f1037098.xsph.ru f1039112.xsph.ru f1040987.xsph.ru f1047246.xsph.ru f1047670.xsph.ru f1048020.xsph.ru f1048353.xsph.ru f1051546.xsph.ru f1052241.xsph.ru f1052635.xsph.ru f1057735.xsph.ru f1058331.xsph.ru f1059060.xsph.ru f1060404.xsph.ru f1060604.xsph.ru f1061210.xsph.ru f1062095.xsph.ru f1062357.xsph.ru f1063431.xsph.ru f1064330.xsph.ru f1064905.xsph.ru f1065720.xsph.ru f1066369.xsph.ru f1066481.xsph.ru f1067254.xsph.ru f1067441.xsph.ru f1067989.xsph.ru f1068729.xsph.ru f1069581.xsph.ru f1069670.xsph.ru f1069813.xsph.ru f1070213.xsph.ru f1070307.xsph.ru f1070465.xsph.ru f1070743.xsph.ru f1070781.xsph.ru f1070818.xsph.ru f1071349.xsph.ru f1072057.xsph.ru f1072181.xsph.ru f1072439.xsph.ru ffdgsmsw.beget.tech fuckyou.pzdk.ru gameovw4.beget.tech itunfiles.beget.tech jyk1038b.beget.tech kolesnhy.beget.tech koner17n.beget.tech kosta65f.beget.tech kotoswin.darkproducts.ru krakenyd.beget.tech l98588cv.beget.tech laposrefs.beget.tech lololocu.beget.tech miraculos.ru monrul3t.beget.tech n92652r0.beget.tech nikitfdl.beget.tech nosanonf.beget.tech q92470lk.beget.tech securedism.beget.tech securedpdf.beget.tech sergri7g.beget.tech store.assitsguard.xyz sulimeo6.beget.tech svch0st.ru u90218fp.beget.tech w93726zy.beget.tech wh19292.web2.maze-tech.ru withcwallet.com xuttd6xz.beget.tech xxmodgtv.beget.tech yangri7x.beget.tech yaroslfn.beget.tech yegorlpx.beget.tech yyyjckhj.beget.tech zeromaee.beget.tech zetka08d.beget.tech # Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-01-02) 107.150.23.137:9909 108.181.199.23:3000 108.181.199.23:5000 109.230.200.236:22 109.236.87.67:7001 148.113.165.11:8848 148.178.16.16:8848 152.201.182.125:8000 152.202.226.52:8000 152.202.233.48:8000 167.0.225.167:8000 171.113.130.129:6079 179.13.5.17:8010 181.236.124.54:8000 185.8.172.13:22 191.91.177.119:8010 192.129.178.58:9001 192.129.178.59:9001 192.129.178.60:9001 192.129.178.61:9001 192.129.178.62:9001 217.195.197.73:1604 36.137.5.78:22 38.14.254.188:8888 38.46.13.170:8080 38.46.13.171:8080 38.46.13.172:8080 38.46.13.173:8080 38.46.13.174:8080 4.233.220.9:1024 4.251.96.80:1024 43.155.93.125:22 45.149.241.10:4444 45.154.98.226:1024 46.246.12.14:9090 46.246.12.20:8080 46.246.12.3:5000 46.246.14.14:5000 46.246.14.15:8080 46.246.14.15:9090 46.246.14.4:8080 46.246.4.11:5000 46.246.4.14:5000 46.246.4.19:5000 46.246.6.2:5000 46.246.80.11:8080 46.246.80.12:9000 46.246.80.14:5000 46.246.80.16:9000 46.246.80.18:5000 46.246.80.28:9090 46.246.80.6:8080 46.246.82.17:4040 46.246.82.20:5000 46.246.82.23:4040 46.246.84.13:5000 46.246.84.21:9000 46.246.84.22:8080 46.246.84.9:9000 46.246.86.12:9000 46.246.86.13:8000 46.246.86.9:5050 83.147.38.235:2404 85.209.133.29:8848 87.120.116.179:1500 98.66.177.116:1024 # Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2025-02-10) http://121.127.37.30 http://147.45.45.201 http://147.45.47.156 http://154.29.71.9 http://176.123.1.211 http://185.177.239.121 http://185.177.239.237 http://185.177.239.66 http://185.230.138.58 http://185.239.51.56 http://185.246.113.224 http://185.246.65.175 http://185.246.67.73 http://185.43.5.145 http://185.43.5.93 http://188.120.228.203 http://188.120.251.105 http://193.124.185.16 http://193.3.168.50 http://193.32.162.64 http://193.58.121.137 http://194.135.20.4 http://194.33.43.197 http://195.10.205.157 http://195.2.79.32 http://206.188.197.24 http://213.108.22.118 http://31.177.108.176 http://31.177.109.102 http://31.177.109.24 http://31.58.58.231 http://37.1.214.137 http://37.44.238.250 http://37.46.131.145 http://38.180.145.185 http://38.180.228.120 http://45.88.91.89 http://45.89.110.133 http://5.42.66.51 http://5.42.92.37 http://62.109.1.101 http://62.109.16.145 http://62.109.25.165 http://62.109.31.116 http://62.109.6.177 http://77.222.47.117 http://77.73.39.158 http://78.24.221.196 http://80.66.81.173 http://80.66.89.37 http://80.87.197.189 http://82.146.37.234 http://82.146.42.97 http://82.146.53.9 http://86.110.194.28 http://86.110.212.203 http://87.120.127.117 http://89.110.93.210 http://89.23.100.242 http://89.23.96.180 http://91.107.151.211 http://91.199.45.187 http://91.211.249.46 http://91.214.78.88 http://91.227.41.9 http://91.92.42.1 http://94.141.122.137 http://94.250.249.125 http://95.164.6.175 1.94.33.219:8848 103.77.209.70:8848 103.84.89.222:4444 105.101.179.169:38672 113.45.153.3:8000 113.45.153.3:8080 116.203.56.216:8081 12.202.180.114:7878 12.202.180.114:8890 121.206.52.110:9997 121.37.128.90:8848 143.92.56.14:8888 143.92.56.19:8888 143.92.56.21:8888 147.185.221.22:52881 147.185.221.24:18545 148.113.165.11:2323 154.12.25.226:8080 156.238.227.79:8848 157.97.11.134:18246 157.97.11.134:2083 157.97.11.134:40380 157.97.11.134:5672 157.97.11.134:6190 157.97.11.134:64818 158.51.123.171:8888 170.238.45.112:6000 170.238.45.112:7000 171.41.199.170:25565 171.41.252.7:25565 171.80.217.208:25565 171.80.251.38:25565 172.94.108.143:7788 176.31.147.216:7878 179.13.3.202:8080 179.14.11.213:4010 181.235.11.209:8090 181.235.12.51:8090 185.172.175.125:1337 186.169.34.19:8090 186.169.52.131:8090 186.169.57.33:1000 186.169.66.68:8090 186.169.95.130:2020 187.201.155.62:8848 192.129.178.58:9002 192.129.178.59:9002 192.129.178.60:9002 192.129.178.61:9002 192.129.178.62:9002 195.177.95.241:8443 201.220.174.16:99 212.47.70.85:3388 217.156.50.170:5901 31.58.58.187:25565 37.32.22.233:8848 38.46.13.170:443 38.46.13.171:443 38.46.13.172:443 38.46.13.173:443 38.46.13.174:443 39.46.125.107:6906 4.228.228.120:8080 42.193.99.173:8848 43.199.119.135:443 45.135.232.38:35550 45.135.232.38:46452 45.145.43.222:4444 45.61.159.148:1111 46.246.12.17:8080 46.246.12.18:8000 46.246.12.20:9090 46.246.12.21:8000 46.246.14.11:8000 46.246.14.9:5000 46.246.14.9:8080 46.246.4.17:8080 46.246.4.18:8000 46.246.4.2:5000 46.246.4.7:8080 46.246.6.25:8080 46.246.6.2:7000 46.246.6.5:8000 46.246.6.9:9000 46.246.80.10:8080 46.246.80.11:9000 46.246.80.14:9000 46.246.80.17:8000 46.246.80.6:8000 46.246.80.9:9000 46.246.82.20:8080 46.246.82.6:9000 46.246.84.10:3000 46.246.84.11:9000 46.246.84.15:8000 46.246.84.9:8000 46.246.86.14:5000 46.246.86.14:8080 46.246.86.9:9000 47.95.201.133:8848 5.206.227.44:5000 51.89.253.9:8890 62.60.248.28:1604 65.38.120.211:33486 68.168.118.3:8848 69.4.232.1:25565 78.135.83.58:7777 79.110.49.207:7001 8.134.254.31:8848 80.76.49.17:3232 85.209.133.15:111 85.209.133.220:111 87.120.116.155:8080 87.120.126.140:3232 87.120.127.215:4444 87.120.84.111:591 87.120.84.111:8008 87.120.84.111:8080 87.120.84.111:8090 93.185.167.219:8520 94.141.122.230:443 94.156.167.42:4449 94.156.167.68:2000 94.156.167.86:2000 95.111.239.205:5900 001031cm.nyashteam.ru 024171cm.newnyash.top 045849cm.shnyash.ru 048038cm.renyash.ru 072486cm.n9shteam.ru 083098cm.n9shteam.in 101349cm.renyash.ru 112025ct.darkproducts.ru 114936cm.nyashcrack.top 115653cm.shnyash.ru 117813cm.n9shteam.in 122295cm.n9shteam.in 123863.darkproducts.ru 126987cm.renyash.ru 138231cm.n9shteam.in 143840cm.nyashteam.ru 14881cm.darkproducts.ru 188387cm.n9shteam.in 192592cm.shnyash.ru 221580cm.nyashkoon.in 228472cm.n9shka.top 23742.darkproducts.ru 250345cm.renyash.ru 284386cm.renyash.ru 28954cm.darkproducts.ru 29358cm.darkproducts.ru 304773cm.n9shteam.in 319351cm.nyashteam.ru 321723cm.renyash.ru 328579cm.renyash.ru 337703cm.n9sh.top 38165cm.darkproducts.ru 390412cm.n9shteam.in 427176cm.nyashkoon.in 438286cm.nyashnyash.ru 447320cm.nyashnyash.ru 452399cm.renyash.ru 464064cm.shnyash.ru 480344cm.renyash.ru 487997cm.renyash.top 492668cm.newnyash.top 495112cm.renyash.ru 500154cm.n9shteam.in 500817cm.renyash.top 501799.prohoster.biz 505905cm.n9shka.top 506691cm.renyash.ru 517300cm.renyash.ru 525833cm.nyashnyash.ru 52952cm.darkproducts.ru 568327cm.shnyash.ru 586580cm.renyash.ru 588538cm.renyash.ru 59035cm.darkproducts.ru 604647cm.renyash.ru 623127cm.nyashk.ru 649521cm.renyash.ru 697548cm.nyashnyash.ru 703035cm.nyashk.ru 703648cm.newnyash.top 703648cm.renyash.top 71941.darkproducts.ru 723223cm.renyash.ru 723486cm.nyashnyash.ru 733812cm.n9shteam.in 741300cm.nyashnyash.ru 749858cm.renyash.ru 77777cm.nyashtyan.in 788464cm.shnyash.ru 799615cm.nyashnyash.ru 817087cm.nyashteam.ru 838596cm.nyafka.top 861848cm.nyashkoon.ru 863811cm.nyafka.top 886972cm.renyash.ru 88888cm.nyashtyan.in 890959cm.newnyash.top 891781cm.renyash.ru 895157cm.nyashteam.ru 92542cm.darkproducts.ru 92713cm.darkproducts.ru 955792cm.nyashk.ru 976794cm.shnyash.ru 977255cm.nyashkoon.in a0592551.xsph.ru a0984458.xsph.ru a0990484.xsph.ru a0994456.xsph.ru a1022792.xsph.ru a1035834.xsph.ru a1035960.xsph.ru a1036037.xsph.ru a1036503.xsph.ru a1036589.xsph.ru a1037709.xsph.ru a1038038.xsph.ru a1038934.xsph.ru a1039629.xsph.ru a1040171.xsph.ru a1040350.xsph.ru a1041198.xsph.ru a1043540.xsph.ru a1043943.xsph.ru a1044352.xsph.ru a1044520.xsph.ru a1044603.xsph.ru a1045065.xsph.ru a1045237.xsph.ru a1045278.xsph.ru a1045626.xsph.ru a1045709.xsph.ru a1047806.xsph.ru a1047912.xsph.ru a1048068.xsph.ru a1048400.xsph.ru a1048697.xsph.ru a1048940.xsph.ru a1049460.xsph.ru a1049646.xsph.ru a1050477.xsph.ru a1050733.xsph.ru a1052930.xsph.ru a1053620.xsph.ru a1056109.xsph.ru a1056424.xsph.ru a1060905.xsph.ru a1063331.xsph.ru a1063683.xsph.ru a1067345.xsph.ru a1067559.xsph.ru a1067734.xsph.ru a1068004.xsph.ru a1068994.xsph.ru a1069038.xsph.ru a1069635.xsph.ru a1070154.xsph.ru a1070463.xsph.ru a1070543.xsph.ru a1071370.xsph.ru a1071470.xsph.ru a1071997.xsph.ru a1072021.xsph.ru a1073080.xsph.ru a1073086.xsph.ru a1073401.xsph.ru a1074338.xsph.ru a1075044.xsph.ru a1075328.xsph.ru a1075712.xsph.ru a1075950.xsph.ru a1075974.xsph.ru a1076034.xsph.ru a1076044.xsph.ru a1076119.xsph.ru a1076350.xsph.ru a1076459.xsph.ru a1076662.xsph.ru a1076687.xsph.ru a1076853.xsph.ru a1077057.xsph.ru a1077792.xsph.ru a1078067.xsph.ru a1078080.xsph.ru a1078143.xsph.ru a1078153.xsph.ru a1078682.xsph.ru a1078904.xsph.ru a1080505.xsph.ru a1080708.xsph.ru a1080904.xsph.ru a1081338.xsph.ru a1081724.xsph.ru a1082676.xsph.ru a1083100.xsph.ru a1083255.xsph.ru a1083407.xsph.ru abdulbek.top activequestion.ru adsdadbp.beget.tech alishosn.beget.tech andre2tn.beget.tech aroslawo.beget.tech arsenik2.beget.tech artema1m.beget.tech artemccf.beget.tech artemcw8.beget.tech artemcy5.beget.tech asme0534-51572.portmap.host b902470r.beget.tech baallsn3.beget.tech babos.top bagnakgt.beget.tech bobaprog.ru burjuip7.beget.tech ca54823.tw1.ru cb53940.tw1.ru cb83927.tw1.ru cc82394.tw1.ru cc96011.tw1.ru cd29847.tw1.ru cd35171.tw1.ru cd38713.tw1.ru cd44549.tw1.ru cd60197.tw1.ru cd77746.tw1.ru ce17561.tw1.ru ce58027.tw1.ru cf17360.tw1.ru cf83712.tw1.ru cf97623.tw1.ru cg15356.tw1.ru cg26785.tw1.ru cg37346.tw1.ru cg39171.tw1.ru cg79561.tw1.ru cg83870.tw1.ru ch28439.tw1.ru ch67763.tw1.ru ch68434.tw1.ru chwerfw63932.macan.chost.com.ua ci07006.tw1.ru ci26757.tw1.ru cj05364.tw1.ru cj15501.tw1.ru cj37718.tw1.ru cj46058.tw1.ru cj79318.tw1.ru cj94096.tw1.ru ck25000.tw1.ru cl04317.tw1.ru cl08054.tw1.ru cl41253.tw1.ru cl85533.tw1.ru cm34393.tw1.ru cm36861.tw1.ru cm38152.tw1.ru cm45075.tw1.ru cn40185.tw1.ru cn67735.tw1.ru co91798.tw1.ru comatagcom.temp.swtest.ru cp52181.tw1.ru cp89183.tw1.ru cp91897.tw1.ru cq02494.tw1.ru cq12403.tw1.ru cq13555.tw1.ru cq38273.tw1.ru cq65040.tw1.ru cr35340.tw1.ru cr39969.tw1.ru cs55120.tw1.ru cs68173.tw1.ru ct10906.tw1.ru cu00054.tw1.ru cu09209.tw1.ru cu10009.tw1.ru cu35742.tw1.ru cv38351.tw1.ru cw95073.tw1.ru cx79992.tw1.ru cy08450.tw1.ru cy52165.tw1.ru cyberpotato.ru cz15171.tw1.ru cz25672.tw1.ru cz34133.tw1.ru cz37182.tw1.ru cz44917.tw1.ru cz59288.tw1.ru cz68521.tw1.ru cz91659.tw1.ru cz93002.tw1.ru daniibcy.beget.tech daxon.giize.com dcrat1337.atwebpages.com ddosbo0r.beget.tech deeplo4f.beget.tech deniszuz.beget.tech dimksseo.beget.tech dimkssfx.beget.tech dimkssud.beget.tech dmitrievan.temp.swtest.ru dragon-rp.com drenow.atwebpages.com drgost.duckdns.org drlas.duckdns.org drpras.duckdns.org durok.ru dvvldvvz.beget.tech eesdtr23c4e.atwebpages.com epicgramm1.temp.swtest.ru eternitysystems.online ezrar.atwebpages.com f0908023.xsph.ru f1039159.xsph.ru f1045855.xsph.ru f1064463.xsph.ru f1068822.xsph.ru f1069418.xsph.ru f1070723.xsph.ru f1071409.xsph.ru f1072253.xsph.ru f1076005.xsph.ru f1076998.xsph.ru f1077757.xsph.ru f1078098.xsph.ru f1079650.xsph.ru f1080003.xsph.ru f1082530.xsph.ru f1082777.xsph.ru f1082834.xsph.ru fantomri.beget.tech frozeemodtest.freewebhostmost.com gaming0558.mygamesonline.org getipinfo.duckdns.org gqcsmfau.beget.tech gsfaggsagsgasfgg.x10.mx has1350.beget.tech host1877066.hostland.pro hvhpolak.ru i97889ae.beget.tech ilusharx.beget.tech it-ords.ru jamuro-52920.portmap.io jumaisimba.x10.mx k83398f9.beget.tech k91100v5.beget.tech kazart4q.beget.tech kendalcp.beget.tech kitaygorod.top klospegh.beget.tech konsolxq.beget.tech kreker.top l99250gh.beget.tech lastic6p.beget.tech lenkaa6t.beget.tech lflgklpx.beget.tech lolkeky8.beget.tech lopatasovka.ru mak1nt0sh.ru mas9kan0.beget.tech meowmeowmeow.onlinewebshop.net mervyamat.ru.swtest.ru mrpon108.beget.tech mstrelaz.beget.tech necobox.ru nutipa.ru olegpivo.tw1.ru otkazaza.ru pdiroasdasadas.atwebpages.com penisgw9.beget.tech petrasl7.beget.tech phoeni13.beget.tech phoenior.beget.tech pole4udes.ru ponos228.mywebcommunity.org ponos22834.mywebcommunity.org ppasovtv.beget.tech premove.ru pseudoironia.ru pw267.castledev.ru pw322.castledev.ru pw323.castledev.ru pw334.castledev.ru qlauncher.ru qwerty3032.temp.swtest.ru ratts.s07002yx.beget.tech record-lopez.gl.at.ply.gg romanopi.beget.tech root.darkproducts.ru rsakinc8.beget.tech rsakinmu.beget.tech rustpidc.beget.tech s1004864.smrtp.ru s1mpld00.beget.tech s936550.ha005.t.mydomain.zone samsuka.ru sashapae22.temp.swtest.ru savehal3.beget.tech sh1goto.org.swtest.ru shydooac.beget.tech sigma14881499.atwebpages.com sigmaphpog.atwebpages.com srv226957.hoster-test.ru steamtp2.beget.tech stendr9y.beget.tech stepancy.beget.tech taccaroi.beget.tech takiqskiqg.temp.swtest.ru test-site.com.s61.hhos.net testedark.writesthisblog.com thehikwp.beget.tech tsukanjz.beget.tech uffyaa.ru unasnetds.ru vadgko6t.beget.tech vimewonf.beget.tech visualstudionews.x10.mx vitamind3.top web3373.craft-host.ru web4200.craft-host.ru windowsxp.top xard77xe.beget.tech xclre2wq.beget.tech zaebator23.temp.swtest.ru zloyvah4.beget.tech # Reference: https://www.virustotal.com/gui/file/b875598478872e91797af75764bef4c8489574fdef5f782ca960de7eda843780/detection 191.104.103.121:2013 dcrat2013.duckdns.org # Reference: https://www.virustotal.com/gui/file/f158eb862c6f9700b85433cf1aceae4c0a84578a185b60e66df44da9374e73c0/detection 178.215.224.234:8848 favor.ydns.eu # Reference: https://cert.gov.ua/article/6282536 http://193.233.48.166 http://194.0.234.155 http://87.120.126.48 194.0.234.155:443 87.120.126.48:443 89.105.201.98:11371 89.105.201.98:8888 91.92.246.18:443 upnow-prod.ff45e40d1a1c8f7e7de4e976d0c9e555.r2.cloudflarestorage.com # Reference: https://www.virustotal.com/gui/file/36cdb54c76cc9457a56c1f3731cb757f101442e7a569972ddb5ac207847255b5/detection # Reference: https://www.virustotal.com/gui/file/29eac43040dd9d513bc340a3ac7f384fe77e9221f361571335f76e5eb6814508/detection http://77.239.121.198 # Reference: https://x.com/greenplan_it/status/1896852077835583797 # Reference: https://www.virustotal.com/gui/file/b8fc29c02005c84131f34de083c2e81cdf615ff405877f9e73400bf35513c053/detection 148.113.214.176:7878 watchonlinehotvideos.top # Reference: https://x.com/malwrhunterteam/status/1901910982420512915 # Reference: https://www.virustotal.com/gui/file/0c450b7b9c7f17fd4a1ddf8a140303fac55d95bc5a674730cdecbbaf4601a395/detection http://96.9.210.135 176.65.134.105:9852 goodsvibes.dynuddns.net # Reference: https://cert.gov.ua/article/6282737 http://217.25.91.61 http://45.130.214.237 http://62.60.235.190 http://83.147.253.138 http://87.249.50.64 # Reference: https://x.com/malwrhunterteam/status/1905187307189068275 # Reference: https://www.virustotal.com/gui/file/4f42b9c0ef40bc5d935cf145a765ca390887f5fdd722c0d4b96f81fa76f79503/detection watchonlinemoveis.net # Reference: https://x.com/skocherhan/status/1906469346722906266 # Reference: https://www.virustotal.com/gui/file/01fd713cc9ff2c7dea4d20b314217879bbd8af9f294ccd71d4530bf52589d5b4/detection 147.185.221.27:12288 45.138.16.240:8100 contract-issued.gl.at.ply.gg # Reference: https://x.com/JAMESWT_WT/status/1910964823522705752 # Reference: https://www.virustotal.com/gui/file/81e50dc7874d36bfd680e61ecea8dfa255a64bb337bc986c014355a9d99d6d28/detection http://77.223.119.85 77.223.119.85:1414 # Reference: https://www.virustotal.com/gui/file/18558f597aee7d7a87cadf4bef334322f57f2d0135e90a760f78ed5ffa36e224/detection 92.255.85.66:1414 # Reference: https://www.virustotal.com/gui/file/38c265404f8a5625f733b330a0d3344d0bc67b36f8953db8fff911b8e6e26e5c/detection http://193.176.22.172 193.176.22.172:1414 # Reference: https://www.virustotal.com/gui/file/cae7ab4aa07028e0d52b0a62bd5bc58398f457ff7896e8cb177eec10efab5fdf/detection 92.255.85.207:1414 92.255.85.207:443 # Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2025-04-21) http://138.68.80.167 http://147.185.221.25 http://147.45.185.85 http://185.180.230.239 http://185.246.66.165 http://194.87.99.40 http://199.83.103.6 http://213.159.215.238 http://213.21.237.235 http://217.144.98.170 http://3.127.121.101 http://37.114.39.29 http://37.230.113.179 http://43.249.233.80 http://45.144.52.152 http://45.94.31.18 http://5.252.155.127 http://62.60.148.130 http://77.91.76.102 http://81.94.156.41 http://83.217.209.253 http://87.120.84.108 http://87.251.66.162 http://89.111.152.13 http://91.132.59.41 http://92.53.120.241 http://93.123.84.246 http://94.159.104.203 http://94.250.249.79 http://95.163.86.252 http://95.182.122.208 101.99.91.30:2013 102.43.198.127:4445 103.237.92.118:8080 103.60.148.10:8848 103.60.148.10:8849 103.60.148.11:8848 103.60.148.11:8849 103.60.148.12:8848 103.60.148.12:8849 103.60.148.13:8848 103.60.148.13:8849 103.60.148.14:8848 103.60.148.14:8849 107.178.104.186:4444 108.252.227.16:3001 109.242.10.124:9000 110.10.98.18:8848 110.40.68.104:8089 110.42.227.156:8848 110.42.57.248:8089 111.180.190.199:31880 111.180.190.199:8848 112.213.116.35:8848 115.91.26.76:9999 134.122.128.85:4433 134.122.128.86:4433 134.122.128.87:4433 137.184.219.32:3232 139.99.23.210:1000 143.92.36.187:443 143.92.36.191:443 146.70.49.42:7045 146.70.49.42:8080 146.70.49.42:9090 147.124.213.50:8848 147.185.221.25:3064 147.185.221.25:3232 147.185.221.25:51578 147.185.221.26:15319 147.185.221.26:2935 147.185.221.27:7503 148.113.214.176:555 148.66.21.234:443 148.66.21.234:4433 148.66.21.235:443 148.66.21.235:4433 148.66.21.236:443 148.66.21.236:4433 148.66.21.237:443 148.66.21.237:4433 148.66.21.238:443 148.66.21.238:4433 151.236.9.205:2009 154.201.68.239:443 154.207.55.249:443 154.207.55.98:443 154.213.48.66:8848 154.213.48.67:8848 154.213.48.68:8848 154.213.48.69:8848 154.213.48.70:8848 154.213.48.71:8848 154.213.48.72:8848 154.213.48.73:8848 154.213.48.74:8848 154.213.48.75:8848 154.213.48.76:8848 154.213.48.77:8848 154.213.48.78:8848 154.213.48.79:8848 154.213.48.80:8848 154.213.48.81:8848 154.213.48.82:8848 154.213.48.83:8848 154.213.48.84:8848 154.213.48.85:8848 154.213.48.86:8848 154.213.48.87:8848 154.213.48.88:8848 154.213.48.89:8848 154.213.48.90:8848 154.213.48.91:8848 154.213.48.92:8848 154.213.48.93:8848 154.213.48.94:8848 154.216.35.10:8848 154.216.35.10:8849 154.216.35.11:8848 154.216.35.11:8849 154.216.35.12:8848 154.216.35.12:8849 154.216.35.13:8848 154.216.35.13:8849 154.216.35.14:8848 154.216.35.14:8849 154.216.35.15:8848 154.216.35.15:8849 154.216.35.16:8848 154.216.35.16:8849 154.216.35.17:8848 154.216.35.17:8849 154.216.35.18:8848 154.216.35.18:8849 154.216.35.19:8848 154.216.35.19:8849 154.216.35.20:8848 154.216.35.20:8849 154.216.35.21:8848 154.216.35.21:8849 154.216.35.22:8848 154.216.35.22:8849 154.216.35.23:8848 154.216.35.23:8849 154.216.35.24:8848 154.216.35.24:8849 154.216.35.25:8848 154.216.35.25:8849 154.216.35.26:8848 154.216.35.26:8849 154.216.35.27:8848 154.216.35.27:8849 154.216.35.28:8848 154.216.35.28:8849 154.216.35.29:8848 154.216.35.29:8849 154.216.35.2:8848 154.216.35.2:8849 154.216.35.30:8848 154.216.35.30:8849 154.216.35.3:8848 154.216.35.3:8849 154.216.35.4:8848 154.216.35.4:8849 154.216.35.5:8848 154.216.35.5:8849 154.216.35.6:8848 154.216.35.6:8849 154.216.35.7:8848 154.216.35.7:8849 154.216.35.8:8848 154.216.35.8:8849 154.216.35.9:8848 154.216.35.9:8849 154.92.54.162:8848 154.92.54.162:8849 154.92.54.163:8848 154.92.54.163:8849 154.92.54.164:8848 154.92.54.164:8849 154.92.54.165:8848 154.92.54.165:8849 154.92.54.166:8848 154.92.54.166:8849 154.92.54.167:8848 154.92.54.167:8849 154.92.54.168:8848 154.92.54.168:8849 154.92.54.169:8848 154.92.54.169:8849 154.92.54.170:8848 154.92.54.170:8849 154.92.54.171:8848 154.92.54.171:8849 154.92.54.172:8848 154.92.54.172:8849 154.92.54.173:8848 154.92.54.173:8849 154.92.54.174:8848 154.92.54.174:8849 154.92.54.175:8848 154.92.54.175:8849 154.92.54.176:8848 154.92.54.176:8849 154.92.54.177:8848 154.92.54.177:8849 154.92.54.178:8848 154.92.54.178:8849 154.92.54.179:8848 154.92.54.179:8849 154.92.54.180:8848 154.92.54.180:8849 154.92.54.181:8848 154.92.54.181:8849 154.92.54.182:8848 154.92.54.182:8849 154.92.54.183:8848 154.92.54.183:8849 154.92.54.184:8848 154.92.54.184:8849 154.92.54.185:8848 154.92.54.185:8849 154.92.54.186:8848 154.92.54.186:8849 154.92.54.187:8848 154.92.54.187:8849 154.92.54.188:8848 154.92.54.188:8849 154.92.54.189:8848 154.92.54.189:8849 154.92.54.190:8848 154.92.54.190:8849 156.208.31.143:4445 158.255.74.231:22 160.124.135.162:8848 160.124.135.162:8849 160.124.135.163:8848 160.124.135.163:8849 160.124.135.164:8848 160.124.135.164:8849 160.124.135.165:8848 160.124.135.165:8849 160.124.135.166:8848 160.124.135.166:8849 160.124.135.167:8848 160.124.135.167:8849 160.124.135.168:8848 160.124.135.168:8849 160.124.135.169:8848 160.124.135.169:8849 160.124.135.170:8848 160.124.135.170:8849 160.124.135.171:8848 160.124.135.171:8849 160.124.135.172:8848 160.124.135.172:8849 160.124.135.173:8848 160.124.135.173:8849 160.124.135.174:8848 160.124.135.174:8849 160.124.135.175:8848 160.124.135.175:8849 160.124.135.176:8848 160.124.135.176:8849 160.124.135.177:8848 160.124.135.177:8849 160.124.135.178:8848 160.124.135.178:8849 160.124.135.179:8848 160.124.135.179:8849 160.124.135.180:8848 160.124.135.180:8849 160.124.135.181:8848 160.124.135.181:8849 160.124.135.182:8848 160.124.135.182:8849 160.124.135.183:8848 160.124.135.183:8849 160.124.135.184:8848 160.124.135.184:8849 160.124.135.185:8848 160.124.135.185:8849 160.124.135.186:8848 160.124.135.186:8849 160.124.135.187:8848 160.124.135.187:8849 160.124.135.188:8848 160.124.135.188:8849 160.124.135.189:8848 160.124.135.189:8849 160.124.135.190:8848 160.124.135.190:8849 160.124.30.34:8848 160.124.30.34:8849 160.124.30.35:8848 160.124.30.35:8849 160.124.30.36:8848 160.124.30.36:8849 160.124.30.37:8848 160.124.30.37:8849 160.124.30.38:8848 160.124.30.38:8849 160.124.30.39:8848 160.124.30.39:8849 160.124.30.40:8848 160.124.30.40:8849 160.124.30.41:8848 160.124.30.41:8849 160.124.30.42:8848 160.124.30.42:8849 160.124.30.43:8848 160.124.30.43:8849 160.124.30.44:8848 160.124.30.44:8849 160.124.30.45:8848 160.124.30.45:8849 160.124.30.46:8848 160.124.30.46:8849 160.124.30.47:8848 160.124.30.47:8849 160.124.30.48:8848 160.124.30.48:8849 160.124.30.49:8848 160.124.30.49:8849 160.124.30.50:8848 160.124.30.50:8849 160.124.30.51:8848 160.124.30.51:8849 160.124.30.52:8848 160.124.30.52:8849 160.124.30.53:8848 160.124.30.53:8849 160.124.30.54:8848 160.124.30.54:8849 160.124.30.55:8848 160.124.30.55:8849 160.124.30.56:8848 160.124.30.56:8849 160.124.30.57:8848 160.124.30.57:8849 160.124.30.58:8848 160.124.30.58:8849 160.124.30.59:8848 160.124.30.59:8849 160.124.30.60:8848 160.124.30.60:8849 160.124.30.61:8848 160.124.30.61:8849 160.124.30.62:8848 160.124.30.62:8849 160.124.65.226:8848 160.124.65.226:8849 160.124.65.227:8848 160.124.65.227:8849 160.124.65.228:8848 160.124.65.228:8849 160.124.65.229:8848 160.124.65.229:8849 160.124.65.230:8848 160.124.65.230:8849 160.124.65.231:8848 160.124.65.231:8849 160.124.65.232:8848 160.124.65.232:8849 160.124.65.233:8848 160.124.65.233:8849 160.124.65.234:8848 160.124.65.234:8849 160.124.65.235:8848 160.124.65.235:8849 160.124.65.236:8848 160.124.65.236:8849 160.124.65.237:8848 160.124.65.237:8849 160.124.65.238:8848 160.124.65.238:8849 160.124.65.239:8848 160.124.65.239:8849 160.124.65.240:8848 160.124.65.240:8849 160.124.65.241:8848 160.124.65.241:8849 160.124.65.242:8848 160.124.65.242:8849 160.124.65.243:8848 160.124.65.243:8849 160.124.65.244:8848 160.124.65.244:8849 160.124.65.245:8848 160.124.65.245:8849 160.124.65.246:8848 160.124.65.246:8849 160.124.65.247:8848 160.124.65.247:8849 160.124.65.248:8848 160.124.65.248:8849 160.124.65.249:8848 160.124.65.249:8849 160.124.65.250:8848 160.124.65.250:8849 160.124.65.251:8848 160.124.65.251:8849 160.124.65.252:8848 160.124.65.252:8849 160.124.65.253:8848 160.124.65.253:8849 160.124.65.254:8848 160.124.65.254:8849 161.97.113.198:3000 162.250.190.150:14188 162.250.190.150:18188 162.250.190.150:8848 165.227.112.105:3232 165.73.252.176:9999 166.108.236.192:8848 174.70.151.61:2406 175.178.37.75:8848 176.65.134.55:3470 176.65.140.20:8520 176.65.144.27:4000 178.73.218.13:8090 179.13.2.158:8080 179.13.5.203:8010 179.43.152.178:8825 181.131.216.154:2030 181.206.158.190:8848 181.235.4.114:8090 185.208.159.120:4443 185.208.159.120:591 185.208.159.120:8080 185.208.159.120:8090 185.208.159.45:3030 185.254.28.9:5566 185.255.92.151:5000 185.7.214.2:1414 186.169.36.44:8090 186.169.38.242:8090 186.169.46.42:8090 186.169.47.146:8090 186.169.55.158:8090 186.169.55.183:8090 186.169.61.26:8090 186.169.67.20:8090 186.169.67.83:8090 186.169.68.250:8090 186.169.72.217:1000 186.169.90.226:1000 186.169.93.49:8090 190.89.245.97:3000 192.129.178.58:5020 192.129.178.59:5020 192.129.178.60:5020 192.129.178.61:5020 192.129.178.62:5020 192.140.163.10:8089 192.159.99.113:2296 192.159.99.113:2298 193.83.224.70:4444 193.83.226.60:4444 194.36.26.109:25514 195.82.146.19:4443 195.82.146.19:4444 195.82.146.19:591 195.82.146.19:8080 195.82.146.19:8090 195.82.146.32:4443 195.82.146.32:4444 195.82.146.32:591 195.82.146.32:8080 195.82.146.32:8090 195.82.147.35:4443 195.82.147.35:4444 195.82.147.35:591 195.82.147.35:8080 195.82.147.35:8090 195.85.207.145:1024 196.251.71.168:2000 196.251.71.169:2000 196.251.71.233:2000 196.251.72.206:2000 196.251.83.37:2000 196.251.84.169:4444 196.251.85.154:2000 196.251.85.235:8848 196.251.90.56:2000 196.251.90.57:2000 20.197.224.169:6000 20.229.103.183:4000 201.220.178.36:99 201.220.180.250:99 202.61.136.134:443 202.95.14.159:443 202.95.14.161:443 202.95.14.164:443 206.233.130.150:3389 206.233.130.7:3389 207.180.205.17:674 208.109.38.138:65503 208.110.72.224:9999 209.105.242.112:7777 216.219.83.86:3976 216.250.251.245:8848 217.18.210.142:1998 23.235.146.66:8848 23.235.146.66:8849 23.235.146.67:8848 23.235.146.67:8849 23.235.146.68:8848 23.235.146.68:8849 23.235.146.69:8848 23.235.146.69:8849 23.235.146.70:8848 23.235.146.70:8849 23.235.146.71:8848 23.235.146.71:8849 23.235.146.72:8848 23.235.146.72:8849 23.235.146.73:8848 23.235.146.73:8849 23.235.146.74:8848 23.235.146.74:8849 23.235.146.75:8848 23.235.146.75:8849 23.235.146.76:8848 23.235.146.76:8849 23.235.146.77:8848 23.235.146.77:8849 23.235.146.78:8848 23.235.146.78:8849 23.235.146.79:8848 23.235.146.79:8849 23.235.146.80:8848 23.235.146.80:8849 23.235.146.81:8848 23.235.146.81:8849 23.235.146.82:8848 23.235.146.82:8849 23.235.146.83:8848 23.235.146.83:8849 23.235.146.84:8848 23.235.146.84:8849 23.235.146.85:8848 23.235.146.85:8849 23.235.146.86:8848 23.235.146.86:8849 23.235.146.87:8848 23.235.146.87:8849 23.235.146.88:8848 23.235.146.88:8849 23.235.146.89:8848 23.235.146.89:8849 23.235.146.90:8848 23.235.146.90:8849 23.235.146.91:8848 23.235.146.91:8849 23.235.146.92:8848 23.235.146.92:8849 23.235.146.93:8848 23.235.146.93:8849 23.235.146.94:8848 23.235.146.94:8849 23.235.158.10:8848 23.235.158.10:8849 23.235.158.11:8848 23.235.158.11:8849 23.235.158.12:8848 23.235.158.12:8849 23.235.158.13:8848 23.235.158.13:8849 23.235.158.14:8848 23.235.158.14:8849 23.235.158.15:8848 23.235.158.15:8849 23.235.158.16:8848 23.235.158.16:8849 23.235.158.17:8848 23.235.158.17:8849 23.235.158.18:8848 23.235.158.18:8849 23.235.158.19:8848 23.235.158.19:8849 23.235.158.20:8848 23.235.158.20:8849 23.235.158.21:8848 23.235.158.21:8849 23.235.158.22:8848 23.235.158.22:8849 23.235.158.23:8848 23.235.158.23:8849 23.235.158.24:8848 23.235.158.24:8849 23.235.158.25:8848 23.235.158.25:8849 23.235.158.26:8848 23.235.158.26:8849 23.235.158.27:8848 23.235.158.27:8849 23.235.158.28:8848 23.235.158.28:8849 23.235.158.29:8848 23.235.158.29:8849 23.235.158.2:8848 23.235.158.2:8849 23.235.158.30:8848 23.235.158.30:8849 23.235.158.3:8848 23.235.158.3:8849 23.235.158.4:8848 23.235.158.4:8849 23.235.158.5:8848 23.235.158.5:8849 23.235.158.6:8848 23.235.158.6:8849 23.235.158.7:8848 23.235.158.7:8849 23.235.158.8:8848 23.235.158.8:8849 23.235.158.9:8848 23.235.158.9:8849 23.235.176.56:443 23.235.176.76:443 23.235.176.89:443 27.124.38.117:6667 27.124.38.137:6667 27.124.38.150:6667 27.124.41.250:65503 27.124.41.252:65503 27.124.41.253:65503 3.127.121.101:3064 3.68.171.119:18876 3.69.115.178:12672 31.57.33.159:3740 37.27.58.254:1024 38.225.209.116:9898 38.49.40.240:8848 38.49.40.240:8888 38.49.43.182:8848 43.138.115.214:1818 45.128.36.154:8080 45.133.180.130:5050 45.133.180.130:9000 45.133.180.138:8000 45.133.180.154:5050 45.133.180.154:8000 45.133.180.154:9000 45.138.16.158:1337 45.141.233.142:7777 45.145.229.196:1414 45.155.53.49:4400 45.195.54.195:5858 45.32.213.58:1337 45.88.186.160:1337 46.153.112.54:9090 46.246.12.10:8080 46.246.12.15:8080 46.246.12.2:9000 46.246.12.9:9000 46.246.14.13:9090 46.246.14.20:8080 46.246.14.20:9090 46.246.14.3:9090 46.246.4.11:8080 46.246.4.11:9000 46.246.4.12:8080 46.246.4.2:8080 46.246.4.3:8080 46.246.6.12:8000 46.246.6.3:8080 46.246.6.7:9000 46.246.80.12:8080 46.246.80.12:9090 46.246.82.12:2000 46.246.82.12:8000 46.246.82.16:2000 46.246.82.30:8080 46.246.84.20:9000 46.246.84.3:8000 46.246.84.4:9999 46.246.86.10:9000 46.246.86.3:8000 46.246.86.8:2000 46.246.86.8:8080 46.31.79.56:7777 47.115.225.92:8848 47.239.188.78:8080 5.200.210.1:55476 62.60.191.138:8000 65.38.120.211:7000 68.168.118.2:8848 68.168.118.4:8848 68.168.118.5:8848 77.105.161.9:3232 8.141.114.182:8545 8.152.218.67:8080 8.218.97.73:65503 85.235.74.114:1024 87.248.145.252:22 88.224.24.88:9090 91.199.42.188:7000 93.185.167.219:7878 94.223.186.150:3389 036356cm.nyashnyash.ru 047506cm.nyanyash.ru 070687cm.nyashk.ru 075185cm.nyashk.ru 112664cm.nyashk.ru 136601cm.shnyash.ru 140061cm.nyanyash.ru 167345cm.nyashk.ru 17329.cllt.nyashteam.ru 176449cm.nyashk.ru cllt.nyashteam.ru 207405cm.nyashk.ru 222390cm.nyashnyash.ru 230852cm.nyashk.ru 27.ip.gl.ply.gg 285790259cm.whiteproducts.ru 285857cm.nyanyash.ru 289029cm.nyashk.ru 289098cm.shnyash.ru 297856cm.nyashnyash.ru 317827cm.shnyash.ru 331545cm.nyashru.ru 342613cm.nyashk.ru 368456cm.nyashk.ru 383281cm.nyashk.ru 396608cm.nyashk.ru 439153cm.nyashk.ru 469473cm.nyashware.ru 542148cm.nyanyash.ru 557844cm.nyashnyash.ru 593412cm.nyanyash.ru 596306cm.nyashteam.ru 610188cm.nyanyash.ru 657355cm.shnyash.ru 635207cm.nyashk.ru 692218cm.nyanyash.ru 697580cm.nyashk.ru 697624cm.nyanyash.ru 714280cm.nyanyash.ru 723499cm.shnyash.ru 776437cm.nyanyash.ru 800811cm.nyashk.ru 821518cm.nyanyash.ru 839805cm.nyashk.ru 908457cm.nyashk.ru 91141ncm.darkproducts.ru 921935cm.nyashk.ru 940706cm.nyashnyash.ru 961570cm.nyashk.ru a0691925.xsph.ru a0723684.xsph.ru a0768683.xsph.ru a0993730.xsph.ru a1002438.xsph.ru a1003563.xsph.ru a1040668.xsph.ru a1046211.xsph.ru a1059347.xsph.ru a1069655.xsph.ru a1072193.xsph.ru a1080277.xsph.ru a1080799.xsph.ru a1080822.xsph.ru a1081046.xsph.ru a1081343.xsph.ru a1082411.xsph.ru a1083054.xsph.ru a1083178.xsph.ru a1083519.xsph.ru a1085017.xsph.ru a1085424.xsph.ru a1085615.xsph.ru a1086186.xsph.ru a1086695.xsph.ru a1087172.xsph.ru a1087470.xsph.ru a1087552.xsph.ru a1087981.xsph.ru a1088471.xsph.ru a1088535.xsph.ru a1088592.xsph.ru a1088739.xsph.ru a1088759.xsph.ru a1089122.xsph.ru a1089267.xsph.ru a1089269.xsph.ru a1089520.xsph.ru a1089604.xsph.ru a1089655.xsph.ru a1089746.xsph.ru a1090709.xsph.ru a1090962.xsph.ru a1091043.xsph.ru a1096844.xsph.ru a1097362.xsph.ru a1097571.xsph.ru a1099935.xsph.ru a1099965.xsph.ru a1100394.xsph.ru a1100551.xsph.ru a1100737.xsph.ru a1100962.xsph.ru a1101487.xsph.ru a1101496.xsph.ru a1101946.xsph.ru a1102442.xsph.ru a1102719.xsph.ru a1104037.xsph.ru a1104094.xsph.ru a1106540.xsph.ru a1106561.xsph.ru a1106670.xsph.ru a1108039.xsph.ru a1113201.xsph.ru a1113269.xsph.ru a1113351.xsph.ru a1113503.xsph.ru a1113623.xsph.ru a1113861.xsph.ru a1114157.xsph.ru a1114171.xsph.ru a1114349.xsph.ru a1114645.xsph.ru a1115106.xsph.ru above-aspect.gl.at.ply.gg advanced-contributing.gl.at.ply.gg again-duck.gl.at.ply.gg all-trans.online artemcd9.beget.tech asasac313v.work.gd asasedc0.beget.tech asdff123fsdafasdf.ru assikapr25.temp.swtest.ru assikapr27.temp.swtest.ru autozakfull.ru avensrp.fvds.ru azamatpa.beget.tech b929273h.beget.tech beginvost53.x10.bz benefits-convention.gl.at.ply.gg boards-essential.gl.at.ply.gg born-me.gl.at.ply.gg c0re-50342.portmap.host ca09284.tw1.ru ca71441.tw1.ru ca97087.tw1.ru cc28022.tw1.ru cd99222.tw1.ru ce11914.tw1.ru ce43370.tw1.ru ce64450.tw1.ru cg26081.tw1.ru cg55176.tw1.ru cherniychay.ru cj98865.tw1.ru cjturs3.localto.net cl32012.tw1.ru cm48994.tw1.ru cn09381.tw1.ru cn63230.tw1.ru co35066.tw1.ru core.sportsontheweb.net countries-discovery.gl.at.ply.gg cp37219.tw1.ru cp90262.tw1.ru cr32765.tw1.ru cs2weaponpaints.ru.s29.hhos.net cs38450.tw1.ru cs44110.tw1.ru ct18031.tw1.ru ct20978.tw1.ru ct61476.tw1.ru ct78524.tw1.ru cut-peripherals.gl.at.ply.gg cv83561.tw1.ru cw18001.tw1.ru cw42306.tw1.ru cx04402.tw1.ru cy10907.tw1.ru cz23695.tw1.ru cz34019.tw1.ru cz69577.tw1.ru cz91472.tw1.ru dakdkkldkd.temp.swtest.ru earth-schedules.gl.at.ply.gg emerso63.beget.tech eowgbnoewrgberg.getenjoyment.net erik16r1.beget.tech f1068264.xsph.ru f1080509.xsph.ru f1081725.xsph.ru f1083567.xsph.ru f1085679.xsph.ru f1085813.xsph.ru f1085892.xsph.ru f1086012.xsph.ru f1088688.xsph.ru f1090404.xsph.ru f1090532.xsph.ru f1090540.xsph.ru f1096627.xsph.ru f1099947.xsph.ru f1100076.xsph.ru fair-functionality.gl.at.ply.gg fairwarning.ru fdgfddgfgfdgfddfggfdfho.ru fidodido.ddns.net flash-recovered.gl.at.ply.gg fluf5ikyan.temp.swtest.ru fnafbox1gm.temp.swtest.ru fupnikitag.temp.swtest.ru g321nosp.beget.tech gerais481g.temp.swtest.ru getting-regulation.gl.at.ply.gg given-neither.gl.at.ply.gg i99522h5.beget.tech jocer66c.be jocer66c.beget.tech kis2110wnk.temp.swtest.ru kitai1245-43780.portmap.io komronbekn.temp.swtest.ru letaryzipthone.ddns.net loveme123ru.ru maxsim87.beget.tech navalny.top neittqgmai.temp.swtest.ru nurlasdxc.atwebpages.com nurpukan.x10.bz o-la.gl.at.ply.gg phentermine-colleagues.gl.at.ply.gg pobudil.ru porsik9j.beget.tech porsikgq.beget.tech powerinyou.org pro-ram.gl.at.ply.gg propere.ru pw402.castledev.ru rartwn76g2.temp.swtest.ru rat.portal2707070.keenetic.pro registration-delayed.gl.at.ply.gg rodina.space rules-binary.gl.at.ply.gg sigmabioaef.atwebpages.com skwiz1k133.temp.swtest.ru stastom01g.temp.swtest.ru stvann.onlinewebshop.net summer-malaysia.gl.at.ply.gg technical-equally.gl.at.ply.gg these-suites.gl.at.ply.gg timofezq.beget.tech up.nemesissoftlab.com villagerae.temp.swtest.ru virustotalprotect.mygamesonline.org vord1x1gma.temp.swtest.ru wednesday-classified.gl.at.ply.gg went-postcard.gl.at.ply.gg whole-contract.gl.at.ply.gg y0sxz-23886.portmap.host yariksca.beget.tech # Reference: https://www.virustotal.com/gui/file/1ae48f847c4102031c47453078508d1006b888890cae7421ab7262b88b52b91f/detection http://88.214.48.26 88.214.48.26:1414 # Reference: https://x.com/skocherhan/status/1922823068969299980 # Reference: https://www.virustotal.com/gui/file/f4cc83df502e52e7bf58de1f498cc5f5c657eacdc1aebfeaae97258d23726b26/detection # Reference: https://www.virustotal.com/gui/file/eef569f5ac7602fc56d952f878c2ca5854582085a129e3c5cf683aabf5fa0f12/detection 194.58.33.244:6455 ayugram.one imgdown.shop lookthis.space 723499cm.shnyash.ru update.ayugram.one # Reference: https://www.virustotal.com/gui/file/8615d7300624d906f0621bcdab4869d895cca8b589d255bc74ededdac131f366/detection http://89.23.99.246 188.37.160.41:7706 # Reference: https://x.com/JAMESWT_WT/status/1927975973179265369 # Reference: https://www.virustotal.com/gui/file/01481af91d711522c16a205b7d5428cb76251db97a61a72aa5efbd36e156eb9b/behavior 46.173.214.176:7777 fshjaifhajfa.click hekpaharma.com hfjaohf9q3.click hfjwfheiwf.click jfhaowhfjk.click partnervrft.com sevstats.top sixtestats.top thirtstat.top twelvestats.top # Reference: https://x.com/JAMESWT_WT/status/1928306522880160045 # Reference: https://www.virustotal.com/gui/file/1d681ba797934bd0183e8a324bccc19c1404acd45d70c12828d5cbf0a8342ada/detection 95.182.101.174:7777 bkngnet.com # Reference: https://x.com/skocherhan/status/1931571964482625903 # Reference: https://www.virustotal.com/gui/file/b16588e0e2c6a0c8ff080ded57abe8159008d040aea78b2e801c17ce79f05863/detection chakarnaga.com # Reference: https://censys.com/blog/unmasking-the-infrastructure-of-a-spearphishing-campaign 213.209.150.22:55140 45.141.233.60:55330 dcaw.duckdns.org dckaws.duckdns.org dcupdate.duckdns.org dgflex.duckdns.org dgost.duckdns.org drgrootp.duckdns.org glost.duckdns.org soscop.duckdns.org # Reference: https://x.com/1ZRR4H/status/1933008526542008622 # Reference: https://www.virustotal.com/gui/ip-address/146.70.51.42/relations # Reference: https://www.virustotal.com/gui/file/fbae94dddc8f9655174a03968656459516608bc7144e4a088c7d45aa01ead6c5/detection # Reference: https://www.virustotal.com/gui/file/b49dfaa0d915524049eb0eed26115dac421cd307551284a054a27cbbdb9aad81/detection # Reference: https://www.virustotal.com/gui/file/aa8b92535e690da968234d639af28caf881f03ad1f4dcad1c692b846830d0d87/detection 146.70.51.42:3040 envio1010.duckdns.org envio1919.duckdns.org envio2020.duckdns.org envio2121.duckdns.org envio2222.duckdns.org envio55.duckdns.org envio666.duckdns.org # Reference: https://www.virustotal.com/gui/file/53118724a324f0d1ded9fa9ef77401fcb6ad3fb3c867237f08b3f7b3570ee316/detection 124.198.132.234:666 tao081018.ddnsfree.com # Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-06-14) 110.40.77.62:888 111.170.171.242:8080 114.66.58.133:8995 13.48.133.107:1024 143.92.48.130:8000 143.92.48.133:8000 143.92.48.137:8000 146.70.51.74:3000 146.70.51.74:5000 156.234.114.138:888 156.234.114.139:888 156.234.114.140:888 156.234.114.141:888 156.234.114.142:888 172.111.182.5:2025 172.190.216.61:8081 172.94.111.105:8848 172.94.111.195:8848 173.249.29.108:8000 176.143.53.10:81 176.65.137.186:2118 176.65.137.186:3000 176.65.137.186:5000 176.65.138.30:6204 179.13.1.144:8081 179.13.10.232:8080 179.13.11.235:2248 179.13.7.0:8010 181.131.217.135:9002 181.206.158.190:1000 181.235.5.14:8090 186.169.35.50:8010 186.169.63.145:8090 186.169.87.231:8090 186.169.95.151:8090 193.26.115.124:8848 193.26.115.156:8848 201.220.163.234:99 203.104.42.92:2234 217.154.216.29:2030 217.18.210.142:1995 24.205.128.150:2004 27.124.2.7:114 5.200.249.139:22 5.252.153.181:7000 64.20.59.130:7000 74.48.49.233:8080 94.26.90.82:4444 # Reference: https://x.com/smica83/status/1938510562566238429 # Reference: https://www.virustotal.com/gui/file/c0e219359c8e6e755ce8e4db6233554e79980e7519519f17e6a1b388275138d7/detection 37.187.37.111:5555 ofkkfd24.work.gd # Reference: https://www.virustotal.com/gui/file/50599fdad90eb6b31e8f23ec9dbd01f4a9bb0c050054f6eed861fd0643aba1b0/detection http://5.252.155.185 # Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-07-26) 103.20.102.180:8848 103.230.69.188:6000 108.165.100.252:9898 146.19.215.141:9090 148.178.18.39:8000 171.22.31.199:9000 179.13.0.54:8081 181.235.10.10:8010 185.242.5.90:4040 186.169.36.120:8090 186.169.61.249:8090 23.94.99.5:8848 37.187.37.111:9999 45.141.26.64:1160 46.246.12.5:2003 46.246.12.7:3000 46.246.12.7:5000 46.246.4.7:5000 46.246.82.3:5000 46.246.82.4:3000 46.246.82.7:1963 46.246.84.22:3000 46.246.84.2:5000 47.113.229.193:8080 85.208.84.26:8808 86.54.42.116:8855 86.54.42.147:6699 86.54.42.17:8854 86.54.42.17:8855 94.141.122.114:1337 98.66.208.234:1024 # Reference: https://x.com/RexorVc0/status/1955878647220281669 # Reference: https://www.virustotal.com/gui/ip-address/146.70.137.90/relations # Reference: https://www.virustotal.com/gui/file/2e82689cc5a2d9beb0bce4da3330122e5cad896a04b1296c5fb9b54fe3e92f52/detection # Reference: https://www.virustotal.com/gui/file/1987ff3d881dbe2ee399c5e2df37c6223f80f6a217776380861a64d1e20d9595/detection 146.70.137.90:3020 envio05-06.duckdns.org envio14-05.duckdns.org envio15-005.duckdns.org envio16-05.duckdns.org envio19-055.duckdns.org envio20-05.duckdns.org envio21-005.duckdns.org envio23-05.duckdns.org envio25-04.duckdns.org envio6-06.duckdns.org usooo205.duckdns.org # Reference: https://www.virustotal.com/gui/file/76a7abda8935c4bdd714601830fcffe581a0fc5cc6e7898309cb4de7d614d936/detection 142.202.191.102:8848 saynomoreplz.1cooldns.com # Reference: https://www.virustotal.com/gui/file/f5de4a64544531993e7985b43eeb96b21ca7b33f5f12136f260eeb60e190fa0b/detection 186.169.63.216:7645 quasar12agos.duckdns.org # Reference: https://x.com/skocherhan/status/1958833100823175433 # Reference: https://www.virustotal.com/gui/file/7eff5e9a93dd90f0151ea02e0e8b29db775258e353823218668ee6041fda57cc/detection # Reference: https://www.virustotal.com/gui/file/bb4c4b228883ee62437050385b77285de9cc0862e8d9904cc9c7706697790045/detection seguroagost21.duckdns.org # Reference: https://www.virustotal.com/gui/file/e64b1e9366a0e779367263374c5f57a85616a8809e1cdeb4df55164e1eea9fa4/detection agostodc20.duckdns.org # Reference: https://www.virustotal.com/gui/file/c838824b005e8fee11b87d19be65f62a895be28dca962a70c2aac42b97290212/detection 94.154.35.160:8848 cardvaultcc.com ohmy0hs.dynuddns.net # Reference: https://www.virustotal.com/gui/file/895fac78d58af96575f3cdbcaa3d716e6b861a21a616ae1d84777d61682f7db3/detection coquitoxxx.dynuddns.net # Reference: https://x.com/smica83/status/1962050910760174004 # Reference: https://www.virustotal.com/gui/ip-address/94.154.35.160/relations # Reference: https://www.virustotal.com/gui/file/1311118fcad1d976e50d8013f652ccea7e356a8c065ebc1a6a24de8094114503/detection 0hteas1.dynuddns.com koketexx.dynuddns.net otoekekasa233.dynuddns.com putaleamadreeeee.dynuddns.net toktotkttok244.dynuddns.net tururleca41414.dynuddns.net # Reference: https://x.com/FalconFeedsio/status/1962494410471739490 # Reference: https://www.virustotal.com/gui/file/7d406ea4f3c94f86228662495df35517c89df991b672eb804d5ec796fa0a2a63/detection # Reference: https://www.virustotal.com/gui/file/69c701375910e21a3ce02a97f8cd53be662da5f160e1f219f9eb3ea4ca148b0b/detection http://92.53.96.145 ca40866.tw1.ru /8aabfefb.php # Reference: https://www.virustotal.com/gui/file/104da4a6a9f13d9b3c36e71838fbe5adf66dbaa68f2ae4b4a7067c9511ca3cac/detection 186.169.40.245:1515 dcrat0106.duckdns.org # Reference: https://app.validin.com/detail?find=31agosto.vbs&type=dom&ref_id=7c6cac13d30#tab=host_pairs (# 2025-09-15) dcoctubre9.duckdns.org dcsosrat.duckdns.org hijosdeperra.duckdns.org # Reference: https://www.virustotal.com/gui/file/4e9fe0cea90778a4b8ea1c2748e6084cf15f9c288fda2daf8dc5d31dd7fc3db1/detection 186.169.73.108:7645 # Reference: https://app.validin.com/detail?find=sostener1.vbs&type=dom&ref_id=313f3cd9a6e#tab=host_pairs (# 2025-09-15) http://158.94.209.243 # Reference: https://www.virustotal.com/gui/file/8635b498be98d750486f1a5e832bb862fe8c2248e983435546459bf101632221/detection 23.160.168.165:7096 johnsonbarbor.ddns.net # Reference: https://www.virustotal.com/gui/file/6947dc1c5a2bc28eb7dc2ef49f3ee0b3565a22a9f4b4d5f1c6ce5e63387cf63d/detection 178.16.53.106:3232 # Reference: https://x.com/smica83/status/1970587113872875771 # Reference: https://tria.ge/250923-zapseaer2y/behavioral2 # Reference: https://www.virustotal.com/gui/ip-address/124.198.132.234/relations amercansecurityog.workisboring.com instantaoprime.dynuddns.net southgangfree.ooguy.com taohh081018.zapto.org # Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-10-05) 1.15.25.105:8000 100.42.176.116:4333 103.20.102.130:8848 103.20.102.255:8848 103.236.70.158:8000 104.194.153.225:6000 104.194.154.152:6000 104.194.154.152:7000 104.194.154.161:6000 104.194.154.161:7000 124.156.225.126:8848 146.70.215.50:5000 148.178.16.11:8000 154.64.254.216:9090 163.227.239.216:6000 167.160.161.43:1888 172.94.111.217:8898 177.255.88.14:8081 178.16.53.2:7777 178.73.218.16:3000 178.73.218.5:5000 178.73.218.6:1963 178.73.218.9:2003 179.13.4.196:8080 179.13.4.92:8080 181.235.3.119:8092 185.18.222.5:8848 185.208.159.208:4000 190.255.85.13:4100 191.91.178.101:8081 191.91.178.217:1521 192.159.99.13:8848 196.251.72.146:1597 20.199.80.166:1024 207.174.1.242:6667 213.14.158.35:5050 217.131.34.203:2000 23.237.106.61:9999 23.27.169.64:8848 23.27.52.175:9898 4.248.184.170:8080 42.96.11.48:8848 45.133.180.154:2296 45.133.180.154:4000 45.153.34.67:9977 46.246.12.7:1963 46.246.14.17:3000 46.246.14.2:1963 46.246.14.4:1963 46.246.14.7:5000 46.246.4.22:5000 46.246.4.2:2003 46.246.4.2:4000 46.246.6.14:1963 46.246.6.16:2003 46.246.6.16:5000 46.246.6.18:1963 46.246.6.20:2003 46.246.6.20:3000 46.246.6.22:1963 46.246.6.22:5000 46.246.6.2:2003 46.246.80.14:3000 46.246.80.7:3000 46.246.82.12:1963 46.246.82.12:5000 46.246.82.15:3000 46.246.82.2:1963 46.246.84.12:1963 46.246.84.12:3000 46.246.84.12:4000 46.246.84.21:1963 46.246.86.13:5000 46.246.86.3:2003 46.246.86.6:5000 61.158.72.86:8848 74.124.24.240:8000 8.211.156.87:443 83.147.37.31:555 88.247.16.132:4788 94.154.35.114:9999 # Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2025-10-05) http://108.165.164.231 http://109.172.6.232 http://109.69.58.22 http://144.172.94.186 http://146.185.239.29 http://147.78.67.188 http://149.154.69.131 http://18.193.74.212 http://185.246.65.153 http://188.208.103.26 http://193.23.3.32 http://193.233.126.53 http://193.233.126.60 http://195.62.49.187 http://202.181.148.70 http://45.150.34.142 http://62.109.31.71 http://80.49.182.145 http://82.24.200.65 http://83.166.244.118 http://83.217.208.37 http://83.217.220.30 http://85.209.2.63 http://89.150.35.144 http://89.38.128.49 http://91.92.46.53 http://92.42.99.73 http://93.123.84.204 http://95.215.56.233 102.46.109.60:4445 103.112.99.205:8888 103.171.34.67:8080 103.171.34.67:9999 103.97.178.163:10086 104.194.154.39:7000 104.243.35.242:8000 107.150.0.29:6696 107.150.0.29:7778 110.42.61.91:8997 111.180.190.199:18008 111.92.240.189:443 111.92.240.215:443 111.92.240.219:443 112.213.108.154:443 112.213.108.176:443 112.213.123.48:1337 115.91.26.119:6000 115.91.26.119:6005 115.91.26.119:9999 116.203.56.216:8060 116.211.150.196:1234 118.107.46.82:443 118.107.46.92:443 118.107.46.97:443 121.127.246.231:443 137.184.46.150:5545 137.220.152.126:9091 137.220.154.104:8081 137.220.154.120:8081 138.2.16.164:8060 140.245.40.189:8060 141.8.199.79:7777 143.92.51.102:443 146.59.156.28:4444 146.70.215.45:25565 146.70.215.50:3000 147.185.221.18:51207 147.185.221.18:6969 147.185.221.29:30601 147.185.221.29:62304 147.185.221.29:63482 147.185.221.31:4510 147.45.45.130:3232 148.66.21.234:403 148.66.21.235:403 148.66.21.236:403 148.66.21.237:403 148.66.21.238:403 152.228.206.127:22 154.12.87.24:8000 154.205.10.197:4444 154.44.186.53:3112 154.83.211.234:65503 154.83.211.77:65503 156.253.13.10:4444 170.82.207.50:9090 172.203.240.47:8888 176.65.137.186:8090 178.16.53.2:4444 178.250.186.16:8888 178.73.218.6:3000 179.13.11.235:2143 181.206.158.190:9000 181.206.158.190:9002 185.156.72.67:6565 185.185.70.248:7777 185.221.215.43:7777 185.221.215.43:8888 188.34.155.101:7575 194.60.231.178:22 194.62.248.177:8848 194.87.238.216:4444 194.87.238.216:8888 195.133.49.180:8888 195.66.114.70:8888 196.251.80.106:8080 2.59.161.168:7777 2.59.161.75:4444 2.59.161.75:8888 206.119.174.116:443 206.119.174.117:443 206.119.174.118:443 206.206.126.179:22 206.238.40.189:65503 213.171.5.199:4444 213.226.125.85:7777 23.27.169.64:9898 23.94.232.5:3232 24.18.111.156:4444 3.69.157.220:13372 31.56.39.138:443 31.57.38.194:4949 31.57.46.108:7777 31.57.55.16:65503 31.57.55.69:65503 31.57.55.85:65503 31.58.58.26:7777 35.222.231.196:4000 37.114.63.27:4444 37.187.37.111:7777 37.27.220.239:8060 38.69.14.226:3232 43.226.17.43:8018 43.226.17.46:8018 43.226.17.50:8018 43.250.175.218:8080 45.141.87.243:4444 45.141.87.243:8888 45.146.255.160:4449 45.149.172.66:8060 45.153.34.67:2000 45.204.207.236:2323 45.204.207.236:8888 45.204.218.149:65503 45.91.8.136:4444 45.91.8.136:7777 45.91.8.136:8888 46.173.214.158:4444 46.173.214.158:8888 46.173.214.61:8888 46.173.214.64:8888 46.173.214.8:8888 46.246.12.7:2003 46.246.6.16:1963 46.246.6.9:1963 46.246.6.9:3000 46.246.80.14:1963 46.246.82.10:2003 46.246.82.13:3000 47.159.136.79:3232 47.243.67.46:8888 47.245.111.218:8081 62.60.187.17:8888 66.63.187.20:8080 77.110.112.33:8888 77.132.88.57:8848 78.135.82.65:7777 78.135.82.65:8888 8.148.178.255:18008 81.250.127.67:8080 83.136.209.153:3012 83.147.247.70:7777 85.208.9.145:4449 85.239.40.214:443 86.54.42.116:8854 86.54.42.116:8857 86.54.42.17:8857 87.248.145.252:8848 89.106.1.57:4444 89.34.230.109:8080 89.35.130.147:5810 89.35.130.147:58819 90.12.18.30:4444 92.112.127.237:4449 92.118.113.110:7777 93.127.138.116:1111 96.9.124.195:2404 98.80.102.215:8888 nyash.es nyashk.ru nyashru.ru nyashvibe.ru nyashware.ru shnyash.ru 003659cm.nyash.es 020854cm.nyashvibe.ru 027894cm.nyash.es 055871cm.nyash.es 064790cm.nyash.es 075229cm.nyash.es 075641cm.nyashvibe.ru 120907cm.nyash.es 132961cm.nyash.es 144403cm.nyash.es 162838cm.nyashvibe.ru 167472cm.nyashru.ru 201906cm.nyash.es 223451cm.nyashvibe.ru 239024cm.nyash.es 247471cm.nyash.es 304542cm.nyashware.ru 346720cm.nyashvibe.ru 357129cm.nyash.es 387780cm.nyashvibe.ru 391316cm.nyashvibe.ru 402317cm.nyashvibe.ru 404830cm.nyashvibe.ru 407440cm.nyash.es 413426cm.nyash.es 431188cm.nyashvibe.ru 453971cm.nyash.es 463957cm.nyash.es 476301cm.nyashk.ru 512920cm.nyash.es 516063cm.nyash.es 530182cm.nyashvibe.ru 539068cm.nyashvibe.ru 542733cm.nyash.es 543672cm.nyashvibe.ru 590178cm.nyashvibe.ru 603646cm.nyashvibe.ru 706858cm.nyashvibe.ru 715239cm.nyashvibe.ru 716244cm.nyashvibe.ru 724499cm.renyash.top 726346cm.nyash.es 730294cm.nyashvibe.ru 737347cm.nyash.es 776162cm.shnyash.ru 841333cm.nyash.es 843801cm.nyashvibe.ru 881035cm.nyashvibe.ru 892408cm.nyash.es 901730cm.nyash.es 929693cm.nyash.es 982361cm.nyash.es a0595798.xsph.ru a0747299.xsph.ru a0924483.xsph.ru a0931898.xsph.ru a0991666.xsph.ru a0992716.xsph.ru a1055919.xsph.ru a1078194.xsph.ru a1080242.xsph.ru a1097913.xsph.ru a1104725.xsph.ru a1107667.xsph.ru a1108904.xsph.ru a1112546.xsph.ru a1113081.xsph.ru a1114067.xsph.ru a1114094.xsph.ru a1115856.xsph.ru a1119311.xsph.ru a1120527.xsph.ru a1120742.xsph.ru a1121106.xsph.ru a1121348.xsph.ru a1121500.xsph.ru a1124682.xsph.ru a1125912.xsph.ru a1128455.xsph.ru a1129386.xsph.ru a1130104.xsph.ru a1130357.xsph.ru a1130764.xsph.ru a1130890.xsph.ru a1133268.xsph.ru a1133485.xsph.ru a1134815.xsph.ru a1135341.xsph.ru a1136426.xsph.ru a1136728.xsph.ru a1136783.xsph.ru a1136805.xsph.ru a1136850.xsph.ru a1137989.xsph.ru a1138040.xsph.ru a1138046.xsph.ru a1138565.xsph.ru a1139064.xsph.ru a1139089.xsph.ru a1139192.xsph.ru a1139452.xsph.ru a1139671.xsph.ru a1139694.xsph.ru a1139711.xsph.ru a1141375.xsph.ru a1141531.xsph.ru a1141936.xsph.ru a1143266.xsph.ru a1144783.xsph.ru a1144817.xsph.ru a1144925.xsph.ru a1147050.xsph.ru a1148213.xsph.ru a1153936.xsph.ru a1154992.xsph.ru a1155862.xsph.ru a1155962.xsph.ru a1155967.xsph.ru a1156364.xsph.ru a1156498.xsph.ru a1156681.xsph.ru a1158558.xsph.ru a1160130.xsph.ru a1160620.xsph.ru a1160686.xsph.ru a1160945.xsph.ru a1161183.xsph.ru a1161282.xsph.ru a1163093.xsph.ru a1163330.xsph.ru a1163354.xsph.ru a1163794.xsph.ru a1163876.xsph.ru a1163887.xsph.ru a1164019.xsph.ru a1164274.xsph.ru a1164290.xsph.ru a1164361.xsph.ru a1164480.xsph.ru a1164989.xsph.ru a1165341.xsph.ru a1165370.xsph.ru a1165381.xsph.ru a1166255.xsph.ru a1167258.xsph.ru a1167812.xsph.ru a1168056.xsph.ru a1168763.xsph.ru a1168949.xsph.ru adobesystem.duckdns.org ads-leaf.gl.at.ply.gg affiliate-47437.portmap.io animals713.temp.swtest.ru anthonymus.temp.swtest.ru aodwahszxo.temp.swtest.ru asdyaeblan.temp.swtest.ru ban1zons.beget.tech batyatj6.beget.tech bprof.dobriyk8.beget.tech ca26973.tw1.ru ca33575.tw1.ru ca44340.tw1.ru ca54422.tw1.ru cable-knife.gl.at.ply.gg cancersincura02.ddns.net cancersincura03.ddns.net cancersincura04.ddns.net cancersincura05.ddns.net cancersincura06.ddns.net cancersincura07.ddns.net cancersincura08.ddns.net cancersincura09.ddns.net cancersincura10.ddns.net cancersincura11.ddns.net cancersincura12.ddns.net cancersincura13.ddns.net cancersincura14.ddns.net cancersincura15.ddns.net catlavanng.temp.swtest.ru cb25083.tw1.ru cb74197.tw1.ru cc18300.tw1.ru cc81860.tw1.ru cd41415.tw1.ru cd52577.tw1.ru cd53575.tw1.ru cd58767.tw1.ru cd66377.tw1.ru ce12403.tw1.ru ce84720.tw1.ru ce99157.tw1.ru cf01909.tw1.ru cf33425.tw1.ru cf39442.tw1.ru cf46796.tw1.ru cg22156.tw1.ru cg34141.tw1.ru cg41011.tw1.ru cg93942.tw1.ru cg95189.tw1.ru cg97957.tw1.ru ch25498.tw1.ru ci03912.tw1.ru ci33128.tw1.ru ci35578.tw1.ru ci52171.tw1.ru ci77996.tw1.ru ci82856.tw1.ru cj05317.tw1.ru cj13224.tw1.ru cj22621.tw1.ru cj46418.tw1.ru cj74400.tw1.ru ck06120.tw1.ru ck11102.tw1.ru ck63922.tw1.ru ck68098.tw1.ru cl07667.tw1.ru cl14976.tw1.ru cl84177.tw1.ru cm31471.tw1.ru cm41241.tw1.ru cm76089.tw1.ru cn12257.tw1.ru cn71919.tw1.ru cn85153.tw1.ru co22720.tw1.ru co34970.tw1.ru co55281.tw1.ru cp16932.tw1.ru cp71691.tw1.ru cq24072.tw1.ru cq68815.tw1.ru cr48547.tw1.ru cr60627.tw1.ru cs16566.tw1.ru cs37962.tw1.ru cs61835.tw1.ru cs99879.tw1.ru ct51064.tw1.ru ct75800.tw1.ru ct82487.tw1.ru ct83204.tw1.ru ct87061.tw1.ru cu03417.tw1.ru cu08926.tw1.ru cu10874.tw1.ru cu21409.tw1.ru cu95767.tw1.ru cv09400.tw1.ru cv16139.tw1.ru cv34454.tw1.ru cv83502.tw1.ru cv88767.tw1.ru cv98306.tw1.ru cw15693.tw1.ru cw56267.tw1.ru cx12805.tw1.ru cx74809.tw1.ru cx98298.tw1.ru cy63408.tw1.ru cy69121.tw1.ru cy94611.tw1.ru cz08047.tw1.ru cz11730.tw1.ru cz27224.tw1.ru cz48006.tw1.ru cz52511.tw1.ru cz57985.tw1.ru cz75749.tw1.ru cz77268.tw1.ru cz93437.tw1.ru darwinnet.atwebpages.com dc.tseytlin.su decena10.duckdns.org deer75432a.temp.swtest.ru dm17549502.temp.swtest.ru dobriydl.beget.tech eliteaffiliate-24198.portmap.io envio30-09.duckdns.org etogavno.ru exteriumsiteofficial.atwebpages.com f1096594.xsph.ru f1150727.xsph.ru f1155683.xsph.ru f1159963.xsph.ru ffffgmail2.temp.swtest.ru follow-solved.gl.at.ply.gg football-confident.gl.at.ply.gg forgta135g.temp.swtest.ru fsdas3421fds.x10.mx galikgalil.temp.swtest.ru ghetto5f.beget.tech gopgop21.beget.tech horse18643.temp.swtest.ru itself-thou.gl.at.ply.gg jksban.duckdns.org ladniskoy2.temp.swtest.ru length-coverage.gl.at.ply.gg litkosbj.beget.tech lol.proxxied.serv00.net megavdslolkekcheburek.atwebpages.com merilcraft.ru n-survivors.gl.at.ply.gg negrickma2.temp.swtest.ru nitelume.shop nyash.es nyashteamshop.online nyashteamshop.ru nyashvibe.ru pavlovski3.temp.swtest.ru piotr2222-40866.portmap.host pw577.castledev.ru qwekqcwiomz.atwebpages.com resolver.qcopy.lol ripme.ru.swtest.ru sashad4w.beget.tech sep1809.duckdns.org sgbusibo.beget.tech sigmaboy.com.swtest.ru siymik2037.temp.swtest.ru teamvievwerup.duckdns.org tel-dv.gl.at.ply.gg ulljq8tna.localto.net uzbekovda2.temp.swtest.ru which-submission.gl.at.ply.gg x1le.atwebpages.com xxnxxxx-38365.portmap.io zerhoeqcdx.temp.swtest.ru # Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-11-08) 104.194.152.166:7000 104.194.152.6:7000 104.194.154.86:7000 110.42.47.252:30000 114.66.58.82:8848 144.48.180.16:8000 172.111.198.225:8081 172.94.36.171:8080 186.169.82.66:8092 191.93.113.21:8848 193.143.1.216:8848 23.27.169.36:9898 45.156.87.40:2003 78.71.115.65:9090 82.23.246.12:8880 86.105.4.101:1024 86.54.42.167:3000 94.154.35.114:7777 # Reference: https://www.virustotal.com/gui/file/738a50e56d2edd1c227f5243c210367410f6f744eeaa91923501bf973f5bcd94/detection 65.20.83.61:8848 65.20.83.61:9980 # Reference: https://www.virustotal.com/gui/ip-address/186.169.61.230/relations bank0106.duckdns.org dc21oct.duckdns.org qua2025.duckdns.org # Reference: https://x.com/smica83/status/1997201782678634622 # Reference: https://www.virustotal.com/gui/file/32428ed459777c26d68551f20c9c5aec1925ad0ce3a7d257066d92418b59c861/detection 156.254.20.107:5944 1v1v1v.com bo.1v1v1v.com pttphddopp.oss-cn-hongkong.aliyuncs.com # Reference: https://www.virustotal.com/gui/file/8e9466fbca0858c4462081bbfe25a33f4f68b6c50ed2fabf670d4025be44a8ee/detection 124.198.131.137:7997 dcmayofornuevo.dynuddns.com # Reference: https://www.virustotal.com/gui/file/71de824467c81374dc9b5c494b9348dc1016464ad7fc428401c3afb20a1c9c8f/detection 185.208.156.201:3000 2301amarilloa.kozow.com vps30002026.kozow.com # Reference: https://x.com/skocherhan/status/2021038855525368218 # Reference: https://www.virustotal.com/gui/file/c11a5ad2abd7f838ed4bad434d210a2694420a7e280fdba35420bddf90a3b61e/detection 185.221.213.35:7888 ny666luck.com ny777luck.com ny888luck.com ny999luck.com # Reference: https://x.com/skocherhan/status/2021039785024905527 # Reference: https://www.virustotal.com/gui/ip-address/194.187.122.190/relations # Reference: https://www.virustotal.com/gui/file/52ae88ddc3b249e5135a77747beb8baf5918289f6196d3bdfe27e217c987845c/detection crt666wow.com je666cs.com no666cc.com ot666good.com pod66va.com pod77va.com pod88va.com pod99va.com rsv666win.com st666eam.com wt666bk.com # Generic trails /DCRS/dsock/ /DCRS/index.php /DCRS/main.php /ExternalDbtesttrack.php /externalLowgeotrack.php /externalVideoBasetest.php /lineTosecureapi.php /packetlowcpuProtect.php /PipePacketDbLinuxFlower.php /PollGameServerUniversal.php /videoToLowtest.php /212bad81b4208a2b412dfca05f1d9fa7.php /2d02004c59e9a1f5d7d2a313711996eaafd017e3.php /56743785cf97084d3a49a8bf0956f2c744a4a3e0.php /fd1845d9489997784fcdca5feff97ba2a4cb81e5.php /akcii239myzon0xwjlxqnn3b34w/ /46kqbjvyklunp1z56txzkhen7gjci3cyx8ggkptx25i74mo6myqpx9klvv3/ /ksezblxlvou3kcmbq8l7hf3f4cy5xgeo4udla91dueu3qa54/ /98ylfy7k5pip6yuvr84qv7jb9v/ /r28anfb76lulvjxx7mdxcxa1yz7jfvt4pi5njv7ekeqrnmfh3vaic2y1rd3i488ah0uvo/ /jyba2srpuv77j5f41hv215o9m7czm84v8i9dt30tb2ntgrw45xoojrhukd606vtla3xdbx0xqppwczn/ /f5b75b6939d095db0eaf37fdfecac963030f7aa1.php /g8vsjcvnifd9gvlbbyb1ucmozewmyptloe5coey74juv1p1r0s/ /wih70f23q9voven47mcjf9q/ /c596a246010ddf201f7264927e5c39b8d20eba79.php /98ylfy7k5pip6yuvr84qv7jb9v/ /r28anfb76lulvjxx7mdxcxa1yz7jfvt4pi5njv7ekeqrnmfh3vaic2y1rd3i488ah0uvo/ /e59293a35848addcc181d5a0ab38266868d77ff4.php /2nwsr5yiv4oi4zfjoduq2ettv6rwkao/ /e5qx69ffszv9vbudkm/ /d6d4cbd9296a555615601b85dedaceaffd7120b5.php /9rf1tdedhn5u6lrzm79afxj0gl48tstycq2szp8/ /1ce78a902db7a61523b13afcb20d91f8.php /rb7u7g360qkxfkhcd/ /8e6k8lyhijw1y8aehkxbkytcoligdz2xc6pzmg49frcndn2kd63ejjrfnqwf6xsw9mo74ly5tr5i15m0z1acma4/ /44ab0bfd824936290de450263b2aaa06b01412a9.php /38ad2f43f6b9c1367674eb1b7f1db337.php /hyhwe8lxnty/j07u3xb0zwfka8ohvggymgmz/8d62d1a2a79fe42b5a214943336f449f2c83f18d.php /hyhwe8lxnty/j07u3xb0zwfka8ohvggymgmz/ /hyhwe8lxnty/ /j07u3xb0zwfka8ohvggymgmz/ /8d62d1a2a79fe42b5a214943336f449f2c83f18d.php /c76ae15161b4078c040462271a89caa06686cf38.php /twwhd4iu597yifaawuodsmuedbq3vm4754g8nko19l8rgk3f24jklz3ynngosa6q6jtx0gmb5l1vpps5zcit6pzt/ /og7th0bl0euzfxawae8yx/zm4lw7zacc7uxbb52b5p11up338yia5q6/207d160bdae62c6cd38c8d66bad1e59246befd46.php /og7th0bl0euzfxawae8yx/zm4lw7zacc7uxbb52b5p11up338yia5q6/ /og7th0bl0euzfxawae8yx/ /zm4lw7zacc7uxbb52b5p11up338yia5q6/ /207d160bdae62c6cd38c8d66bad1e59246befd46.php /7Voiddb8Image/VmToJsTrackCentral.php /7Voiddb8Image/ /VmToJsTrackCentral.php