# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Reference: https://www.virustotal.com/#/ip-address/185.10.68.163 # Reference: https://twitter.com/luc4m/status/1044148790008205312 /miner.sh /scanner.sh /worlswest.sh /bruteforce_ssh /bruteforce_ssh_386 /bruteforce_ssh_arm /tcpconnect_zmap_386 /tcpconnect_zmap_arm # Reference: https://twitter.com/bad_packets/status/1127110083429654528 r00ts.online # Reference: https://twitter.com/bad_packets/status/1127450801834680320 104.128.230.16:8000 # Reference: https://www.fortinet.com/blog/threat-research/closer-look-satan-ransomwares-propagation-technics.html /conn32 /conn64 # Reference: https://twitter.com/ankit_anubhav/status/1132974251194011648 # Reference: https://twitter.com/0xrb/status/1133055807572959232 nadns.info 222.186.15.231:5555 # Reference: https://twitter.com/bad_packets/status/1133534604030169088 185.239.226.167:8480 # Reference: https://twitter.com/ankit_anubhav/status/1133682276045164544 cyberium.xyz # Reference: https://twitter.com/smii_mondher/status/1134068251951083521 http://54.37.70.249 # Reference: https://twitter.com/bad_packets/status/1134920520644714496 # Reference: https://twitter.com/bad_packets/status/1140065934926684162 45.79.9.153:8000 110.40.14.13:8000 # Reference: https://twitter.com/bad_packets/status/1135623419670646784 216.176.179.106:9090 # Misc. http://173.212.214.137 http://46.22.220.21 45.32.200.190:443 85.25.84.99:443 # Reference: https://otx.alienvault.com/pulse/5d020fb5a91466d30ad51fa2 146.185.171.227:443 5.255.86.129:3333 /.satan /.x15cache # Reference: https://twitter.com/P3pperP0tts/status/1140335879493492737 qqxh888.785sou.xyz # Reference: https://twitter.com/P3pperP0tts/status/1140528607766466560 hjghj.cn # Reference: https://twitter.com/P3pperP0tts/status/1140927899824005125 154.218.1.63:9 # Reference: https://nvd.nist.gov/vuln/detail/CVE-2019-10149 # Reference: https://github.com/bananaphones/exim-rce-quickfix # Reference: https://habr.com/ru/company/first/blog/455636/ (Russian) # Reference: https://www.cybereason.com/blog/new-pervasive-worm-exploiting-linux-exim-server-vulnerability # Reference: https://twitter.com/bad_packets/status/1140719767961001984 # Aliases: CVE-2019-10149, CVE-2019-1003029 an7kmd2wp4xo7hpr.tor2web.io an7kmd2wp4xo7hpr.tor2web.su an7kmd2wp4xo7hpr.onion.sh http://185.10.68.193 http://185.162.235.211 # Reference: https://twitter.com/P3pperP0tts/status/1145813992297914368 58.218.66.92:520 # Reference: https://twitter.com/ankit_anubhav/status/1147172115516293121 # Reference: https://twitter.com/Jouliok/status/1143947867910004742 222.186.52.155:21541 # Reference: https://twitter.com/0xrb/status/1147447320595685376 /s1g3.sh # Reference: https://twitter.com/bad_packets/status/1148673303533387776 http://103.76.87.94 /ARM4LinuxTF /ARM6LinuxTF /MipsLinuxTF /Serverdd # Reference: https://blog.reversinglabs.com/blog/suppy-chain-malware-detecting-malware-in-package-manager-repositories (# libpeshnx, libpesh, libari) http://145.249.104.71 # Reference: https://otx.alienvault.com/pulse/5d44445d2995170f8886c141 # Reference: https://blog.netlab.360.com/some-fiberhome-routers-are-being-utilized-as-ssh-tunneling-proxy-nodes-2/ gggwmndy.org # Reference: https://twitter.com/smii_mondher/status/1161534124596875266 http://91.92.66.192 # Reference: https://www.virustotal.com/gui/file/d5926800003d87349fdd8d2844c799bf294037e541ec84e9079b7cdd75ea04db/detection 83.212.110.123:2222 # Reference: https://www.virustotal.com/gui/file/91995b62129f53ac97485c736ff7e06289bdbf5cbd4ee9f837d956fd6a230dfc/detection 103.237.99.228:1337 # Reference: https://www.virustotal.com/gui/file/381a555090858ad3aeb3484eebb596c0b2b61511d43e36339abd114efc58dae3/detection 103.41.16.39:80 # Reference: https://www.virustotal.com/gui/file/7b21b057d5d3c7f2316845e6c2e32244ab4df8f3e379d15143e52f991d2046f1/detection 129.21.254.89:2222 # Reference: https://twitter.com/_odisseus/status/1112653908185415681 80.211.90.168:53773 # Reference: https://twitter.com/VessOnSecurity/status/1177884186461507584 cnc.dontcatch.us # Reference: https://twitter.com/bad_packets/status/1186876280446185477 # Reference: https://www.virustotal.com/gui/ip-address/188.92.77.12/relations 188.92.77.12:80 188.92.77.12:801 # Reference: https://twitter.com/Sektor7Net/status/1187292703102570496 # Reference: https://2019.hack.lu/archive/2019/Fileless-Malware-Infection-and-Linux-Process-Injection-in-Linux-OS.pdf (Slide 106) 82.194.229.214:8738 # Reference: https://twitter.com/zom3y3/status/1109044920755482624 172.104.182.244:30003 # Reference: https://twitter.com/binitamshah/status/1210110141464317958 # Reference: https://anee.me/reversing-a-real-world-249-bytes-backdoor-aadd876c0a32 # Reference: https://www.virustotal.com/gui/file/5141d29d0278c8da4eac177126cbf4d15623502d4763abd6d3a4dca2a3ea616e/detection 104.248.237.194:1337 # Reference: https://www.virustotal.com/gui/file/0e9ec521e0f862be55b967944516362aa4f4f975397086adad33bf37f69ec474/detection 119.3.22.174:8082 # Reference: https://www.virustotal.com/gui/file/325192ff91f5ec9502aedc8fad61a5a81813d0f856d2d2063d26140647d01ce7/detection 119.3.22.174:4445 # Reference: https://www.virustotal.com/gui/file/d3cb5474eaa64748b066fc78a02227fad012292d5c9f7b77e898d3b7f1eb327e/detection 119.3.22.174:9090 # Reference: https://www.virustotal.com/gui/ip-address/119.3.22.174/relations http://119.3.22.174 # Reference: https://www.virustotal.com/gui/file/d7ee59c5d7406b95f5c8bc1bf55cca00e106df1014914b5ddd68e9d58ecc04ca/detection 109.234.37.219:7393 # Reference: https://tolisec.com/yarn-botnet/ http://104.244.74.248 /hehe.sh # Reference: https://isc.sans.edu/forums/diary/Interesting+HTTP+User+Agent+chrootapach0day/18453 proxypipe.com/apach0day /apch0day.sh # Reference: https://twitter.com/IntezerLabs/status/1297868508135481346 # Reference: https://analyze.intezer.com/analyses/0d0171fd-c2a1-47eb-8d5c-2aa4a814f87a/sub/75207f3e-c8c1-435a-97ee-9c765f274d80/ # Reference: https://www.virustotal.com/gui/file/4ed5bfcdfe78bfad88494a883c0c8e392f8ccf9746ec5a8449746cc5e8b0edca/detection # Reference: https://www.virustotal.com/gui/file/8471b945edaa37d2cfeda1a7c367cf3f273e8dee7353e6cb309a74d33b6a87b7/detection bcfc.xyz # Reference: https://twitter.com/IntezerLabs/status/1298615434267197440 # Reference: https://analyze.intezer.com/analyses/4149b963-66bc-4bbb-877a-f2a79e884e71 # Reference: https://www.virustotal.com/gui/file/a272169216d1020b615c453e1565857f129a5d4f4fa9f0ac054a3c8a8d98cc06/detection # Reference: https://www.virustotal.com/gui/file/7ae87ed4c4b57b96959f46b24357b15bc68b7cc9a1af2d92a2bcd632f692af5d/detection # Reference: https://www.virustotal.com/gui/file/7e4031816f446e3788303fb0d34b67c3eedb080118bbe9efb9ad567503ac3e0f/detection 95.142.46.69:8015 95.142.46.69:8016 95.142.46.69:8022 fttt.developerstatss.ga # Reference: https://www.virustotal.com/gui/file/96ead4fa8bf37eb8933285466b0f3985ab55438702000f678fac150ab3ea9703/detection 129.204.227.27:11445 # Reference: https://www.virustotal.com/gui/file/d3466a191b5185a4007faf8949117df5c77907eea9121c7e8308f2a5a736b3fc/detection # Reference: https://github.com/stamparm/maltrail/pull/12104/commits/4be05bd2e501d1f7558e8f3e0c2f8182775b6bcb 103.125.218.107:1433 103.125.218.107:6379 103.125.218.107:6380 103.125.218.107:7001 103.125.218.107:7002 103.125.218.107:8080 103.125.218.107:8088 103.125.218.107:9200 # Reference: https://www.virustotal.com/gui/file/9a5596bfd850ced638cefeb7eb389448780076e42a6749006409ccef4036cc71/detection 185.191.32.157:8888 # Reference: https://twitter.com/rootprivilege/status/1331348542028275712 http://161.35.110.135/a.tar.gz # Reference: https://twitter.com/jorgemieres/status/1333417189005799424 /shell.elf # Reference: https://twitter.com/alphasoc/status/1056792558284619776 flyings0ul.do.am redu.clan.su # Reference: https://twitter.com/0xrb/status/1344166270736822272 http://51.178.215.251 # Reference: https://twitter.com/SolutionsXnotes/status/1173228101850894342 /auto_priv_exploit.sh /auto_searchsploit.py # Reference: https://www.virustotal.com/gui/file/9dbb7c3cb76ac4620a46400525bfab4fd7935a191b774c0d483b73c6370b5515/detection 149.248.6.193:2006 # Reference: https://www.virustotal.com/gui/file/f0d8ea0e716c239df7829b37ca77c4c55d652e7b64dc0f47291939c173a829ee/detection 149.248.6.193:2007 # Reference: https://twitter.com/r3dbU7z/status/1346381456063528962 # Reference: https://s.tencent.com/research/report/1213.html 103.45.183.12:808 # Reference: https://s3.amazonaws.com/snort-org/www/rules/community/community-rules.tar.gz # Reference: https://snort-org-site.s3.amazonaws.com/production/release_files/files/000/012/156/original/snort3-community-rules.tar.gz antiq.scifi.ro funny.evils.in # Reference: https://www.lacework.com/groundhog-botnet-rapidly-infecting-cloud/ # Reference: https://otx.alienvault.com/pulse/6011e0e8fe4caceec3d71f63/ /Linuxaacc # Reference: https://twitter.com/r3dbU7z/status/1363822329885847552 http://195.2.78.71 /flash_erase-arm-lsb /flash_erase-arm-msb /flash_erase-mips /flashcp-arm-lsb /flashcp-arm-lsb_2 /flashcp-arm-msb /flashcp-arm-msb_2 /flashcp-mips /flashcp-mips_2 /ssev78 # Reference: https://www.virustotal.com/gui/file/c7c26bf1e2074cf76b67f29489eb71e3a143c2b3bf867d06c3a30905e12aef8f/detection 45.9.148.48:8351 # Reference: https://www.virustotal.com/gui/file/c2c91c021a048eea97147add486b7618304803d63989d2c2fdab87741ca8803b/detection 45.9.148.48:8341 # Reference: https://www.virustotal.com/gui/file/ac636d56a2d4deddcba32c860dbf047575880edc149d1d12065ac881126cb8dc/detection 45.9.148.48:8541 # Reference: https://www.virustotal.com/gui/file/f618a9e30c9b78c3e9c63abacbc795182382237134ca5eca8f270180a1ccca4c/detection 45.9.148.48:8531 # Reference: https://www.virustotal.com/gui/file/0082bf60be89624ca9b9bcffbb4ac000a71bd218650b0db159932d603b2bea20/detection 45.9.148.48:8564 # Reference: https://www.virustotal.com/gui/file/fd3a902c16d01cd926ae97afaa26d520c45eec95c5097edf82f2a98d8f8c310f/detection 45.9.148.48:8524 # Reference: https://www.virustotal.com/gui/file/c2dd9f998ca023047ce598a4d818b3df7c638ba179bb2f81d4ac0c8c0bd8d291/detection 45.9.148.48:8529 # Reference: https://www.virustotal.com/gui/file/ab26a6c846c2cf9b14028bd46229d5ab0e87b30317d9b984f791ca8b07a3e73d/detection 45.9.148.48:8538 # Reference: https://www.virustotal.com/gui/file/434d52b058a290e6a1c7ad710e9cf862d0dc7a1e042030dc1e87e23d8fdc41b9/detection 45.9.148.48:8251 # Reference: https://www.virustotal.com/gui/file/396d35154d706ab8919421ac534884e87731dc0d1291ac74ee5ef71ceec51e69/detection 45.9.148.48:8534 # Reference: https://www.virustotal.com/gui/file/dfe6a1525d7855e0263ea6be94c5df7e6ec30202b648774384886a0d49780dfc/detection 45.9.148.48:8539 # Reference: https://www.virustotal.com/gui/file/c665b2ab1f99897be561b6ef03d9cb95be45b4eb0cef37c6d64aa764a06466a9/detection 45.9.148.48:8143 # Reference: https://www.virustotal.com/gui/file/3adab440aa13c9408773d520db329a2ba2085d2af910fd6f7d524f92e0ec82f7/detection 45.9.148.48:8144 # Reference: https://www.virustotal.com/gui/file/9cff626a8c38625a50a50f9498889f1c840f4cb13d564089a1834c04d639db36/detection 45.9.148.48:8569 # Reference: https://www.virustotal.com/gui/file/2bbdb554932381b2683921398aa359ad495bbe8975756e14cec2a9a0fdc3a40a/detection 45.9.148.48:8549 # Reference: https://www.virustotal.com/gui/file/ee9aba246552f22b89a08c7a576a9985f83a6db534f1be513a976317c90c712a/detection 45.9.148.48:8565 # Reference: https://www.virustotal.com/gui/file/8190aefa69c26c5b4c238773e007329ceb88de346fc319123e37b1f87d6c08c0/detection 45.9.148.48:8553 # Reference: https://www.virustotal.com/gui/file/b4f796628f19d9d27ac1903b7c63c27a243b2aa78733ddf09cedab7d2921cc16/detection 45.9.148.48:8349 # Reference: https://www.virustotal.com/gui/file/aee33e18a36e79f3041c2cd2702a49d06e558b57126beb6690237458efbcc843/detection 45.9.148.48:8535 # Reference: https://www.virustotal.com/gui/file/def65bcae9351a26ee887741beed19779171b144d41746e0720090c4e375856a/detection 45.9.148.48:8543 # Reference: https://www.virustotal.com/gui/file/34b1adb4fb3276b8e80fcd1f339494de2cc09df82dede5d3106a53d9a2f331ce/detection 45.9.148.48:8561 # Reference: https://www.virustotal.com/gui/file/948dd8cfb13ba06a67e379c7ddc5a1a4cc590576fac2b1b8781cfa1955a150e3/detection 45.9.148.48:8548 # Reference: https://www.virustotal.com/gui/file/d19fe4ef771b259146a9d2b2ff60ac8eab1ecc080565c3a76e2dbebb909cea13/detection 45.9.148.48:8544 # Reference: https://www.virustotal.com/gui/file/99b8809f8b5ed31cd69095712fa00642e792649fc87cec7a5b3a01d6cf51056c/detection 45.9.148.48:8525 # Reference: https://www.virustotal.com/gui/file/ec2b53a184f0313d73708075af812519d87aa395c6a2afffb70b4a9485f54c32/detection 45.9.148.48:8528 # Reference: https://www.virustotal.com/gui/file/5550200c4087390971167379104bd56c60aeda620b6ba4314c4e551ec8ff914b/detection 45.9.148.48:8554 # Reference: https://www.virustotal.com/gui/file/1e22b24e5b80926ede6c28d4f1eeb6252ce9f26f99e320d06ae012e489ebe40f/detection 45.9.148.48:8413 # Reference: https://twitter.com/fr0s7_/status/1367895399365816327 goaqaba.com/wp-content/uploads/2021/03/ # Reference: https://twitter.com/xuy1202/status/1370664531190419458 51.195.26.217:6667 # Reference: https://unit42.paloaltonetworks.com/attackers-conducting-cryptojacking-u-s-education-organizations/ /shit/sshd # Reference: https://twitter.com/cyb3rops/status/1383065580379516928 # Reference: https://www.virustotal.com/gui/file/9b0b78716c0c1c5d01231017ef2733115b0a31c1d9b751525d04da89ef17b7d1/relations http://104.248.94.23 # Reference: https://www.virustotal.com/gui/domain/epelcdn.com/relations # Reference: https://www.virustotal.com/gui/file/571bf19ebdc3bc14925b2a41dcd8b1c94cca94b0b59182813267ace0d7f56217/detection epelcdn.com h.epelcdn.com /bd210131/pm.sh /bd210131/scan.sh /dd210131/pm.sh /dd210131/scan.sh # Reference: https://www.trendmicro.com/en_us/research/21/d/tor-based-botnet-malware-targets-linux-systems-abuses-cloud-management-tools.html 7jmrbtrvkgcqkldzyob4kotpyvsgz546yvik2xv4rpnfmrhe4imxthqd.onion bggts547gukhvmf4cgandlgxxphengxovoyo6ewhns5qmmb2b5oi43yd.onion dreambusweduybcp.onion i62hmnztfpzwrhjg34m6ruxem5oe36nulzmxcgbdbkiaceubprkta7ad.onion ji55jjplpknk7eayxxtb5o3ulxuevntutsdanov5dp3wya7l7btjv4qd.onion mhevkk4odgzqpt2hbj3hhw2uz4vhunoo55evewrgmouyiehcaltmbrqd.onion ojk5zra7b3yq32timb27n4qj5udk4w2l5kqn5ulhnugdscelttfhtoyd.onion plgs6otqdiu7snxdfwjnidhw4ncmp5qvvxi5gepiszg75kxebwci2wad.onion ryukdssuskovhnwb.onion sg722jwocbvedckhd4dptpqfek5fsbmx3v57qg6lzhuo56np73mb3zyd.onion trumpzbffbewy3gn.onion trumpzwlvlyrvlss.onion unixdbnuadxmwtob.onion va6xh4hqgb754klsffjamjgotlq7mne3lyyrhu5vhypakbumzeo4c4ad.onion y4mcrfeigcaa2robjk3azb2qwcd5hk45xpoaddupmdwv24qoggnmdbid.onion yrxxxqia45xxcdqfwyx4pk6ufyanazdwjbv3de7r4mrtyztt5mpw35yd.onion # Reference: https://www.virustotal.com/gui/file/aea8280ffdb6b08e6d8dc60682d77731b97873f99d249594f993ea65960f6cb3/detection hulo.r00ts.online /.configs/r00t # Reference: https://twitter.com/r3dbU7z/status/1406688370496057352 # Reference: https://www.virustotal.com/gui/file/4c808923ee3ee4acb59907655f8f87f4f3fa5ab398b254951bf722656dbe43f4/detection http://1.177.164.167 http://1.177.165.230 104.236.13.229:1338 /raffie_lib.so /raffie_r00t.sh /raffie.tar.gz # Reference: https://twitter.com/ESETresearch/status/1415542456360263682 # Reference: https://otx.alienvault.com/pulse/60f12a9bc1e8763fef70a512 # Reference: https://www.virustotal.com/gui/file/ce272b58c186f690c18c50c3ac97c49fc425ca2798e376a9c7dc98d4b5019e38/detection cloudflare.5156game.com # Reference: https://www.virustotal.com/gui/file/a58765e3ed00f4f22129d62289524986ae61ed4f87762264a28d3b01f6f486a3/detection 42.193.186.7:9997 # Reference: https://twitter.com/bad_packets/status/1423736850716389378 http://209.141.42.191 # Reference: https://twitter.com/r3dbU7z/status/1423942288665886721 5.189.165.151:8080 # Reference: https://twitter.com/bad_packets/status/1424081490518810625 http://176.31.159.27 # Reference: https://www.virustotal.com/gui/file/a58765e3ed00f4f22129d62289524986ae61ed4f87762264a28d3b01f6f486a3/detection 42.193.186.7:9997 # Reference: https://twitter.com/IntezerLabs/status/1455160560258097153 # Reference: https://www.virustotal.com/gui/file/feb13b5003225b91e76eeaff65996d1c484702941a9559afe5d3c0eb6d61c504/detection # Reference: https://www.virustotal.com/gui/file/cd54a34dbd7d345a7fd7fd8744feb5c956825317e9225edb002c3258683947f1/detection 172.96.190.95:903 172.96.190.95:904 # Reference: https://www.virustotal.com/gui/file/df87afed0b9bef37d4ff79b0065e95b65cb3ffd320dc258548a229720e4bf99f/detection http://144.91.81.180 # Reference: https://twitter.com/IntezerLabs/status/1460959908904398852 # Reference: https://www.virustotal.com/gui/file/4d90e505d8b7d724752a5e0ec1df38e8cace9ab56e74c5a130b8286c274b02ab/detection # Reference: https://www.virustotal.com/gui/file/b2753614554a5d36d0f928045cebaa2008fb510f0f006ed98cb87a29eb481e8a/detection 185.22.153.165:9999 # Reference: https://twitter.com/dimitribest/status/1473701800301797380 # Reference: https://www.virustotal.com/gui/file/41e7cee6b5534a0e8633be51f8a3bb37d439f0ccd8893ed67dcbe6be7dda2e48/detection 23.94.7.237:2333 # Reference: https://twitter.com/r3dbU7z/status/1481533464646418439 upgradetime.zyns.com /kewr98235.sh # Reference: https://twitter.com/r3dbU7z/status/1483739428447260673 2.58.149.174:999 razuland.xyz # Reference: https://www.virustotal.com/gui/file/db4272abc9dd6c8fe1a8ef82bd088d5629c0373ff0be8e44d9a5c4078937615e/detection 195.2.93.34:3332 # Reference: https://www.virustotal.com/gui/file/ba962209a6a173baaae1337f1e53fc4d0e23a45d7cc830c7e6db73dc135ad295/detection 195.2.93.34:16047 # Reference: https://www.virustotal.com/gui/file/9aa6fd2531d551e45802415857fcaeadacc294d92a3bc6ad5150a9c25a39643e/detection 195.2.93.34:33305 # Reference: https://www.virustotal.com/gui/file/6b63770c095eda3958a83464346b747ccb1217d774ba3248252f6c6f3dee8822/detection 195.2.93.34:17529 # Reference: https://www.virustotal.com/gui/file/4999a7089fc0d1340a5b8809aebcea81d9de4349d1016b337e9a02dd9acc21b7/detection 195.2.93.34:16012 # Reference: https://www.virustotal.com/gui/file/40680a7bcff1a1356891f7467367450c3d655b344e3f20960769b640ad681f48/detection 195.2.93.34:12301 # Reference: https://www.virustotal.com/gui/file/155491ed30a842db5abae0a813dc1e2d995379a5edaa91e3991c2eb951c9e996/detection 195.2.93.34:33303 # Reference: https://www.virustotal.com/gui/file/14153de8fdd28b7c4d296b97bf3d1d5bfb7dffccd76f7834ce47d5f58beee073/detection 195.2.93.34:33304 # Reference: https://www.virustotal.com/gui/file/1bd7af2951b192afa5e94f23ae23a5a482e00dc41aee7a798fd57696cb9f2c54/detection 3.141.142.211:18774 # Reference: https://unit42.paloaltonetworks.com/cve-2022-22954-vmware-vulnerabilities/ http://106.246.224.219 http://107.148.13.247 http://107.191.43.86 101.42.89.186:1234 103.43.18.15:8089 107.148.12.162:12345 107.148.13.247:7777 138.68.61.82:444 45.144.179.204:9999 enlib2w9g8mze.x.pipedream.net /388e6567d5.sh /4102909932.sh /d1bea27b13.sh /payllll.sh /.d/bot.redis /.d/bot.v /.d/botVNC # Reference: https://www.virustotal.com/gui/file/4993806d2f77096ab28d589f8ee91869fc6045725ec9bc83b9e57f78cf86a5b8/detection 179.60.150.29:4444 # Reference: https://www.virustotal.com/gui/file/79b299ff0c0bf5d5986457c1b163a8755a10692b12f54ab8b7b395c68c1e6f86/detection http://179.60.150.34 # Reference: https://www.virustotal.com/gui/file/4ac059ad0f43b786b26a132fa1bd0393f59f86492aadd7fd53b73eaa8330ffe9/detection 45.76.31.3:4444 # Reference: https://www.virustotal.com/gui/file/f8fc70e4c693020f7253640b0e7462bc6989a4db111370d950d6f8c814e7ed56/detection 124.221.235.63:4443 # Reference: https://twitter.com/r3dbU7z/status/1561466299389251590 http://150.158.181.243 # Reference: https://sansec.io/research/magento-2-template-attacks # Reference: https://elfdigest.com/brief/d3fbae7eb3d38159913c7e9f4c627149df1882b57998c8acaac5904710be2236 # Reference: https://www.virustotal.com/gui/file/d3fbae7eb3d38159913c7e9f4c627149df1882b57998c8acaac5904710be2236/detection 86.104.15.60:443 allsecurehosting.com dev-clientservice.com mailchimp-addons.com # Reference: https://twitter.com/r3dbU7z/status/1576920251853582336 http://142.132.230.75 http://168.119.247.111 188.34.154.180:3000 # Reference: https://twitter.com/r3dbU7z/status/1588337205595951106 # Reference: https://www.virustotal.com/gui/ip-address/185.29.10.38/relations # Reference: https://www.virustotal.com/gui/file/f1856188732f05612c7c05347463109e8fc0e11a3d2604196551d90b4f846513/detection # Reference: https://www.virustotal.com/gui/file/7e9b7ebf36cfbd4b59b77fba3bba1bac0b8d2ac657530d945fd41c15937f0bb3/detection # Reference: https://www.virustotal.com/gui/file/799d44f51e6ea84998d96570e8b597af82601260fada14bd7f08391e403bc02a/detection # Reference: https://www.virustotal.com/gui/file/4e5e42b1acb0c683963caf321167f6985e553af2c70f5b87ec07cc4a8c09b4d8/detection # Reference: https://www.virustotal.com/gui/file/3dffb684333ea8f036e0d2142d1f49ebeccb28806cf6407308a88e846f8f30ec/detection http://185.29.10.38 185.29.10.38:3306 185.29.10.38:53 /lmetax86 /lmetax863306 /lmetax64 /lmetax643306 /lmetax6480 # Reference: https://twitter.com/r3dbU7z/status/1597228559608651776 # Reference: https://www.virustotal.com/gui/file/fe1884cda10cd6759aa1a9f1b8d3a0fc91136146fdd55c8c31005654e8f86b14/detection magento-updates.com # Reference: https://twitter.com/SecureSh3ll/status/1601609581201096705 # Reference: https://twitter.com/SecureSh3ll/status/1601652623828209667 http://146.56.41.193 kkk.jiyunidc.com /qcjk.sh # Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2023-01-05-v10212/248 pateu.freevar.com # Reference: https://twitter.com/imp0rtp3/status/1613270251709276190 # Reference: https://www.virustotal.com/gui/file/0184e3d3dd8f4778d192d07e2caf44211141a570d45bb47a87894c68ebebeabb/detection # Reference: https://www.virustotal.com/gui/file/23f2536aec6a4977a504312ff5863468ba2900fece735acd775d0ae455b4cd4d/detection 107.148.27.117:443 155.138.224.122:443 # Reference: https://ti.qianxin.com/blog/articles/watch-out-for-new-variants-of-rapper-botnet-and-related-mining-activities/ /ssh/scan_amd64 /ssh/scan_arc /ssh/scan_arcle-hs38 /ssh/scan_arm /ssh/scan_arm4 /ssh/scan_arm4l /ssh/scan_arm4t /ssh/scan_arm4tl /ssh/scan_arm4tll /ssh/scan_arm5 /ssh/scan_arm5l /ssh/scan_arm5n /ssh/scan_arm6 /ssh/scan_arm64 /ssh/scan_arm6l /ssh/scan_arm7 /ssh/scan_arm7l /ssh/scan_arm8 /ssh/scan_armv4 /ssh/scan_armv4l /ssh/scan_armv5l /ssh/scan_armv6 /ssh/scan_armv61 /ssh/scan_armv6l /ssh/scan_armv7l /ssh/scan_dbg /ssh/scan_exploit /ssh/scan_i4 /ssh/scan_i486 /ssh/scan_i586 /ssh/scan_i6 /ssh/scan_i686 /ssh/scan_kill /ssh/scan_m68 /ssh/scan_m68k /ssh/scan_mips /ssh/scan_mips64 /ssh/scan_mipseb /ssh/scan_mipsel /ssh/scan_mpsl /ssh/scan_pcc /ssh/scan_powerpc /ssh/scan_powerpc-440fp /ssh/scan_powerppc /ssh/scan_ppc /ssh/scan_pp-c /ssh/scan_ppc2 /ssh/scan_ppc440 /ssh/scan_ppc440fp /ssh/scan_riscv64 /ssh/scan_root /ssh/scan_root32 /ssh/scan_s390x /ssh/scan_sh /ssh/scan_sh4 /ssh/scan_sparc /ssh/scan_spc /ssh/scan_ssh4 /ssh/scan_x32 /ssh/scan_x32_64 /ssh/scan_x64 /ssh/scan_x86 /ssh/scan_x86_32 /ssh/scan_x86_64 # Reference: https://twitter.com/petikvx/status/1617110694901723136 # Reference: https://twitter.com/SecureSh3ll/status/1617236183301652480 http://23.94.251.245 http://72.251.235.155 # Reference: https://twitter.com/r3dbU7z/status/1623667053390442496 http://193.149.176.147 # Reference: https://twitter.com/r3dbU7z/status/1621703277573275649 http://121.40.117.114 # Reference: https://elfdigest.com/brief/daeeb4fa4edb56ecce7b430308bfc9b231e58e50013d10930b3ad03b7dc20cc2 # Reference: https://www.virustotal.com/gui/file/daeeb4fa4edb56ecce7b430308bfc9b231e58e50013d10930b3ad03b7dc20cc2/detection 192.3.111.150:35348 # Reference: https://twitter.com/SecureSh3ll/status/1620868169593421825 http://134.209.96.222 # Reference: https://twitter.com/r3dbU7z/status/1627563576364769280 # Reference: https://www.virustotal.com/gui/ip-address/34.228.222.39/relations volitech.cloud # Reference: https://www.virustotal.com/gui/file/3b112b75a4b0e785da991574bd06417a21cc8dcd5dedbdf265205f0b1154b84b/detection 80.85.156.184:443 # Reference: https://twitter.com/r3dbU7z/status/1632748778284359684 http://43.139.138.38 # Reference: https://www.virustotal.com/gui/file/0137d310281b06eec4f403bc44d6c34f0dedf5fff90781587d076719ae09d517/detection 5.253.84.159:8080 # Reference: https://twitter.com/MichalKoczwara/status/1636870828292808706 http://34.125.33.213 # Reference: https://www.virustotal.com/gui/file/16a83fa397a0efa9422146e8575d7c4d51c8ed8dcc95c7aacd282d2ee33889aa/detection 185.10.68.163:7878 # Reference: https://twitter.com/SecureSh3ll/status/1641886474810294274 http://45.159.49.246 # Reference: https://twitter.com/sicehice/status/1643729489933811712 # Reference: https://elfdigest.com/brief/26ccf2824534d812c14a59783db85916a03da86ec65e86fc4b356657405080c7 # Reference: https://www.virustotal.com/gui/file/26ccf2824534d812c14a59783db85916a03da86ec65e86fc4b356657405080c7/detection 108.166.206.237:15650 108.166.206.237:8002 # Reference: https://twitter.com/sicehice/status/1645476975769681946 # Reference: https://www.virustotal.com/gui/file/c04137124c97208db7da2e3a0cd97d50db6350e5f15e94918b653e35ddc1d40f/detection # Reference: https://www.virustotal.com/gui/file/1b1a319910758a9ac7c6e8f2993cf92512d5a3a53e25ab5348cc3224aa5de7a3/detection http://109.205.180.99 109.205.180.99:4242 173.212.248.30:4242 # Reference: https://twitter.com/SecureSh3ll/status/1646579732220182543 http://129.146.17.134 # Reference: https://twitter.com/SecureSh3ll/status/1665429507447070724 http://192.254.204.95 # Reference: https://twitter.com/JustWantToQ1/status/1693454560201683287 # Reference: https://www.virustotal.com/gui/file/e7d0c568b14225b67056265b19e0d0b2fb111815809df46fa6f857636955a200/detection 101.200.145.141:8002 101.200.145.141:8080 # Reference: https://www.cisa.gov/news-events/analysis-reports/ar23-209c # Reference: https://otx.alienvault.com/pulse/64c80719b55c4fd963785a4a http://107.148.219.54 http://107.148.223.196 # Reference: https://twitter.com/TLP_R3D/status/1716479835411714198 # Reference: https://www.virustotal.com/gui/file/c389e7c2b5f206b1e39535cd755e6995d100cdde8cbd06b0fed8e6691a81511b/detection # Reference: https://www.virustotal.com/gui/file/79dcef6db64861a43a665faff57df662da4cbe04e16da696131772c985322deb/detection # Reference: https://www.virustotal.com/gui/file/0c97ecf729edfa3e9288463a0989a32c1da2ac5dd81d0650d081006d44c98496/detection http://192.3.101.111 # Reference: https://www.virustotal.com/gui/file/05d127335a2cbc84ffeeb521ee7f16524afc413760f33188039c37ad5889b73e/detection 141.255.145.242:21 # Reference: https://twitter.com/JustWantToQ1/status/1735870555373355048 /skls7.elf /skopee.elf /skopee81.elf /xasjs1334.sh # Reference: https://www.virustotal.com/gui/file/55b95b91f19e251a3930ffb443537feefb8e468bf508a3767abe7cbdcfd9d513/detection # Reference: https://www.virustotal.com/gui/file/ee6eb51ee6cff3c2bd264a6a05022acc620893681845d04648a3dbca3e92f807/detection 43.156.140.241:3232 # Reference: https://www.virustotal.com/gui/file/cf831d33e7ccbbdc4ec5efca43e28c6a6a274348bb7bac5adcfee6e448a512d9/detection 185.158.155.175:4202 # Reference: https://www.virustotal.com/gui/file/195183fce95b0d309d8d555d4c91cc35dd6a96ab16825a19f6ecac4a50b4fe9b/detection 38.242.151.1:4092 # Reference: https://twitter.com/cyber_ra1/status/1752602839254528468 194.213.18.14:8000 # Reference: https://twitter.com/banthisguy9349/status/1756379713780469831 http://84.54.51.113 # Reference: https://twitter.com/banthisguy9349/status/1756606597667709276 47.93.172.190:8000 # Reference: https://www.virustotal.com/gui/file/4b7e0aff7d65d88448e69a1a6be5e982e529ecddf0d105893e344bfee3c97f0b/detection 111.229.33.213:30001 # Reference: https://www.virustotal.com/gui/ip-address/93.123.85.163/relations http://93.123.85.163 # Reference: https://twitter.com/AzakaSekai_/status/1758255538339758558 # Reference: https://www.virustotal.com/gui/file/7afb66a02358cf72a50019b9de7b72eaa4af1e6236342a98f626d0245fcbed7c/detection 43.163.218.168:18560 43.156.249.190:18560 # Reference: https://twitter.com/cyb3rops/status/1758443684285071727 # Reference: https://www.virustotal.com/gui/file/3b1f0dd83f8e52518ebc89e00db2d541aca193264fd1aa86d2a1c9fbb76a63b4/detection # Reference: https://www.virustotal.com/gui/file/5e99ea4aead0c7ab75c769f18d82251130979c3846f87408644f9016e793ee89/detection # Reference: https://www.virustotal.com/gui/file/f892bfa3311249c22a84f393bc67029c2d89a67854e020785fd72218fe63777a/detection http://106.75.156.251 # Reference: https://twitter.com/cyb3rops/status/1758443684285071727 # Reference: https://www.virustotal.com/gui/file/f2f2aa9f1f736bc4a1c9d656f11aacfb3f65523e6a752186ddec96147ed0ab48/detection 120.26.86.217:443 # Reference: https://twitter.com/cyb3rops/status/1758443684285071727 # Reference: https://www.virustotal.com/gui/file/edf44013cefc774fd8536382f7d869eb10fddbbb48307d0205a98255f325c931/detection 123.249.9.234:443 # Reference: https://twitter.com/cyb3rops/status/1758443684285071727 # Reference: https://www.virustotal.com/gui/file/aa0de6e9db6ae871e7aa2c22df23e8e048822621327583ea598101366505af83/detection 103.234.54.52:8084 # Reference: https://twitter.com/cyb3rops/status/1758443684285071727 # Reference: https://www.virustotal.com/gui/file/7206665a025da0793825d2bea79895ed81cdb3044621113ab1c3e4b3b39236af/detection 43.138.114.59:8084 # Reference: https://twitter.com/cyb3rops/status/1758443684285071727 # Reference: https://www.virustotal.com/gui/file/ccb9106b84cbbc276268b87f81c495e23341f51435e9a5ba03b812039c80913e/detection 137.175.17.221:48084 # Reference: https://twitter.com/cyb3rops/status/1758443684285071727 # Reference: https://www.virustotal.com/gui/file/e20be442700425853749522939aa9919c97b3dc875f9eba6a35e037d6a8debd5/detection 137.175.17.172:41334 # Reference: https://twitter.com/cyb3rops/status/1758443684285071727 # Reference: https://www.virustotal.com/gui/file/fe0b76601775168fdf495e32cb79c4edc58336cc8044a93601d70886a7742233/detection # Reference: https://www.virustotal.com/gui/file/9e1aeedf3a87ca8d5ec7362705687ce61fe80279ffb8955d1e1bb0a7a26239b9/detection # Reference: https://www.virustotal.com/gui/file/3ed3b1fbebf54f175a3c7a804f11f2d86def22e11e26c6677d6d9b4af5fa2677/detection http://112.121.164.202 112.121.164.202:58080 # Reference: https://twitter.com/cyb3rops/status/1758443684285071727 # Reference: https://www.virustotal.com/gui/file/e858ba9fc7455faf8302869992668b55d2a4b086660301d8dc6260d1b7b4d960/detection # Reference: https://www.virustotal.com/gui/file/6078955c613b4aa6f2b52631038613d0d81c6ccb2ceb370d7968d260257a8294/detection # Reference: https://www.virustotal.com/gui/file/3cd3dbc36b8fa10ca25b395d91063496c1f03363d07b240aea7db2125fee4bb7/detection 172.245.68.110:443 # Reference: https://twitter.com/cyb3rops/status/1758443684285071727 # Reference: https://www.virustotal.com/gui/file/6078955c613b4aa6f2b52631038613d0d81c6ccb2ceb370d7968d260257a8294/detection 13.215.35.169:58084 # Reference: https://twitter.com/cyb3rops/status/1758443684285071727 # Reference: https://www.virustotal.com/gui/file/e1ea86ab00c3cb4a9ddc5207fdd4810d1d8043cacbc24f50df68a4ea395822f8/detection 116.204.122.201:8084 # Reference: https://twitter.com/cyb3rops/status/1758443684285071727 # Reference: https://www.virustotal.com/gui/file/a15cd1bb21340068cb6ba2adfb3c79c02fa9c39094a3bcc3ae41b9c0d6930e6d/detection 43.128.85.89:8084 # Reference: https://twitter.com/cyb3rops/status/1758443684285071727 # Reference: https://www.virustotal.com/gui/file/31bd11d5b3c71d2c42646eb38060a62288726dd759cd26ba9d498d532c9073cf/detection 182.16.17.130:443 # Reference: https://twitter.com/banthisguy9349/status/1764248177912238192 http://211.215.19.94 # Reference: https://twitter.com/banthisguy9349/status/1765355350285287462 8.219.54.162:8000 # Reference: https://twitter.com/banthisguy9349/status/1765348861776744943 http://49.235.144.122 # Reference: https://twitter.com/banthisguy9349/status/1766032714069573982 # Reference: https://twitter.com/banthisguy9349/status/1766060422497505738 http://123.231.253.230 http://194.9.172.135 123.231.253.230:19999 194.9.172.135:8080 23.88.73.182:7777 # Reference: https://twitter.com/banthisguy9349/status/1769653638459220391 http://209.141.55.107 # Reference: https://twitter.com/banthisguy9349/status/1772924477841531297 # Reference: https://urlhaus.abuse.ch/host/91.92.254.172 http://91.92.254.172 # Reference: https://twitter.com/banthisguy9349/status/1777691993847521746 # Reference: https://twitter.com/banthisguy9349/status/1777704101532332321 http://172.96.161.103 http://185.150.189.121 # Reference: https://twitter.com/banthisguy9349/status/1778041505212441081 http://167.114.127.93 http://51.81.17.166 # Reference: https://twitter.com/banthisguy9349/status/1777729336138670430 http://23.81.41.166 # Reference: https://twitter.com/banthisguy9349/status/1780130173557317804 http://159.69.35.215 http://65.108.249.57 http://65.109.1.161 http://65.109.195.250 http://91.107.182.144 http://91.107.254.27 65.109.1.161:8390 bott.selector9991.com vless.selector9991.com # Reference: https://twitter.com/banthisguy9349/status/1780492072207663454 91.204.226.22:222 91.204.226.24:222 91.204.226.55:222 # Reference: https://twitter.com/banthisguy9349/status/1780925439030051190 /Linux-Privilege-Escalation-Exploits/ # Reference: https://twitter.com/banthisguy9349/status/1782681257639383548 # Reference: https://twitter.com/banthisguy9349/status/1783012442659836145 http://107.189.5.238 http://181.215.6.133 # Reference: https://twitter.com/banthisguy9349/status/1787161047410802748 160.181.160.162:8888 160.181.160.163:8888 160.181.160.164:8888 160.181.160.165:8888 160.181.160.166:8888 160.181.160.167:8888 160.181.160.168:8888 160.181.160.169:8888 160.181.160.170:8888 160.181.160.171:8888 160.181.160.172:8888 160.181.160.173:8888 160.181.160.174:8888 160.181.160.175:8888 160.181.160.176:8888 160.181.160.177:8888 160.181.160.178:8888 160.181.160.179:8888 160.181.160.180:8888 160.181.160.181:8888 160.181.160.182:8888 160.181.160.183:8888 160.181.160.184:8888 160.181.160.185:8888 160.181.160.186:8888 160.181.160.187:8888 160.181.160.188:8888 160.181.160.189:8888 160.181.160.190:8888 160.181.161.162:8888 160.181.161.163:8888 160.181.161.164:8888 160.181.161.165:8888 160.181.161.166:8888 160.181.161.167:8888 160.181.161.168:8888 160.181.161.169:8888 160.181.161.170:8888 160.181.161.171:8888 160.181.161.172:8888 160.181.161.173:8888 160.181.161.174:8888 160.181.161.175:8888 160.181.161.176:8888 160.181.161.177:8888 160.181.161.178:8888 160.181.161.179:8888 160.181.161.180:8888 160.181.161.181:8888 160.181.161.182:8888 160.181.161.183:8888 160.181.161.184:8888 160.181.161.185:8888 160.181.161.186:8888 160.181.161.187:8888 160.181.161.188:8888 160.181.161.189:8888 160.181.161.190:8888 160.181.162.162:8888 160.181.162.163:8888 160.181.162.164:8888 160.181.162.165:8888 160.181.162.166:8888 160.181.162.167:8888 160.181.162.168:8888 160.181.162.169:8888 160.181.162.170:8888 160.181.162.171:8888 160.181.162.172:8888 160.181.162.173:8888 160.181.162.174:8888 160.181.162.175:8888 160.181.162.176:8888 160.181.162.177:8888 160.181.162.178:8888 160.181.162.179:8888 160.181.162.180:8888 160.181.162.181:8888 160.181.162.182:8888 160.181.162.183:8888 160.181.162.184:8888 160.181.162.185:8888 160.181.162.186:8888 160.181.162.187:8888 160.181.162.188:8888 160.181.162.189:8888 160.181.162.190:8888 160.181.163.162:8888 160.181.163.163:8888 160.181.163.164:8888 160.181.163.165:8888 160.181.163.166:8888 160.181.163.167:8888 160.181.163.168:8888 160.181.163.169:8888 160.181.163.170:8888 160.181.163.171:8888 160.181.163.172:8888 160.181.163.173:8888 160.181.163.174:8888 160.181.163.175:8888 160.181.163.176:8888 160.181.163.177:8888 160.181.163.178:8888 160.181.163.179:8888 160.181.163.180:8888 160.181.163.181:8888 160.181.163.182:8888 160.181.163.183:8888 160.181.163.184:8888 160.181.163.185:8888 160.181.163.186:8888 160.181.163.187:8888 160.181.163.188:8888 160.181.163.189:8888 160.181.163.190:8888 160.181.164.162:8888 160.181.164.163:8888 160.181.164.164:8888 160.181.164.165:8888 160.181.164.166:8888 160.181.164.167:8888 160.181.164.168:8888 160.181.164.169:8888 160.181.164.170:8888 160.181.164.171:8888 160.181.164.172:8888 160.181.164.173:8888 160.181.164.174:8888 160.181.164.175:8888 160.181.164.176:8888 160.181.164.177:8888 160.181.164.178:8888 160.181.164.179:8888 160.181.164.180:8888 160.181.164.181:8888 160.181.164.182:8888 160.181.164.183:8888 160.181.164.184:8888 160.181.164.185:8888 160.181.164.186:8888 160.181.164.187:8888 160.181.164.188:8888 160.181.164.189:8888 160.181.164.190:8888 160.181.165.162:8888 160.181.165.163:8888 160.181.165.164:8888 160.181.165.165:8888 160.181.165.166:8888 160.181.165.167:8888 160.181.165.168:8888 160.181.165.169:8888 160.181.165.170:8888 160.181.165.171:8888 160.181.165.172:8888 160.181.165.173:8888 160.181.165.174:8888 160.181.165.175:8888 160.181.165.176:8888 160.181.165.177:8888 160.181.165.178:8888 160.181.165.179:8888 160.181.165.180:8888 160.181.165.181:8888 160.181.165.182:8888 160.181.165.183:8888 160.181.165.184:8888 160.181.165.185:8888 160.181.165.186:8888 160.181.165.187:8888 160.181.165.188:8888 160.181.165.189:8888 160.181.165.190:8888 160.181.166.162:8888 160.181.166.163:8888 160.181.166.164:8888 160.181.166.165:8888 160.181.166.166:8888 160.181.166.167:8888 160.181.166.168:8888 160.181.166.169:8888 160.181.166.170:8888 160.181.166.171:8888 160.181.166.172:8888 160.181.166.173:8888 160.181.166.174:8888 160.181.166.175:8888 160.181.166.176:8888 160.181.166.177:8888 160.181.166.178:8888 160.181.166.179:8888 160.181.166.180:8888 160.181.166.181:8888 160.181.166.182:8888 160.181.166.183:8888 160.181.166.184:8888 160.181.166.185:8888 160.181.166.186:8888 160.181.166.187:8888 160.181.166.188:8888 160.181.166.189:8888 160.181.166.190:8888 160.181.167.162:8888 160.181.167.163:8888 160.181.167.164:8888 160.181.167.165:8888 160.181.167.166:8888 160.181.167.167:8888 160.181.167.168:8888 160.181.167.169:8888 160.181.167.170:8888 160.181.167.171:8888 160.181.167.172:8888 160.181.167.173:8888 160.181.167.174:8888 160.181.167.175:8888 160.181.167.176:8888 160.181.167.177:8888 160.181.167.178:8888 160.181.167.179:8888 160.181.167.180:8888 160.181.167.181:8888 160.181.167.182:8888 160.181.167.183:8888 160.181.167.184:8888 160.181.167.185:8888 160.181.167.186:8888 160.181.167.187:8888 160.181.167.188:8888 160.181.167.189:8888 160.181.167.190:8888 # Reference: https://twitter.com/banthisguy9349/status/1788164385489178679 # Reference: https://www.virustotal.com/gui/file/51305c6bff62cffbe48226163dde0c348ac6eed3f5a36a1d28464d3925d05fd1/detection 78.26.81.99:58230 # Generic /attack.elf