# Copyright (c) 2014-2023 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Reference: https://twitter.com/malwaremustd1e/status/1256977666084761602 # Reference: https://www.virustotal.com/gui/domain/1.versionday.xyz/relations 1.versionday.xyz # Reference: https://intezer.com/blog/research/kaiji-chinese-iot-malware-turning-to-golang/ # Reference: https://otx.alienvault.com/pulse/5eb19b29d53d234ac978f51b aresboot.xyz cu.versiondat.xyz # Reference: https://twitter.com/albertzsigovits/status/1264909051227451395 45.138.81.176:35565 0.versiondat.xyz # Reference: https://twitter.com/albertzsigovits/status/1265196913067991040 2s11.com 6x66.com cocoserver.xyz # Reference: https://twitter.com/r3dbU7z/status/1271053327242014721 136.243.18.221:808 # Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/xorddos-kaiji-botnet-malware-variants-target-exposed-docker-servers/ # Reference: https://otx.alienvault.com/pulse/5ef223cce7849b037b7614a5 122.51.133.49:10086 # Reference: https://twitter.com/r3dbU7z/status/1328650015842197506 173.230.150.166:37301 # Reference: https://twitter.com/CujoaiLabs/status/1423258390583812102 # Reference: https://www.virustotal.com/gui/file/e666735eb6c10a27617aac9ffbf1bf29435fa0d1e3d099787d6ce28e079c8768/detection 103.59.113.150:8989 luoyefeihua.site # Reference: https://www.virustotal.com/gui/file/ee310139ba31770b69650d464c999c3526aa5cc4ab924ddcc53cf3cb06727c37/detection 20.187.127.241:11000 20.239.179.30:11001 20.247.3.55:11001 myjiaduobao.xyz myjianlibao.xyz # Reference: https://www.virustotal.com/gui/ip-address/20.247.3.55/relations # Reference: https://www.virustotal.com/gui/file/d5f8e4fac3b005c15a8e5a440d411cb7513f18ab627c49e883e0d40c5f16c57e/detection # Reference: https://www.virustotal.com/gui/file/ca3830454c715c79d8bdafc083d9108d139b155ab87f8cbf0f33ff515cb813de/detection 20.247.3.55:808 20.247.3.55:8567 kivspace.top kivspace.xyz # Reference: https://www.virustotal.com/gui/file/c07c45348a74ff71179a13ec1be8a398fc49183ab04e3f9b0c436c55f1bde423/detection # Reference: https://www.virustotal.com/gui/file/420223e8f59e78148b21b2a90b2ffc080e0bb8084ffceca3f7e26b215eb09a0c/detection 103.254.72.193:10099 103.254.72.193:808 tomca1.com # Reference: https://elfdigest.com/brief/0683b2d2bca6a69bca5f8ac1d9c98a0627514a08d86b2a5602480c10872511e9 23.225.194.65:8080 # Reference: https://twitter.com/0xrb/status/1575354022298411009 115.126.74.37:808 154.12.42.195:808 155.94.141.226:808 195.178.120.201:808 # Reference: https://twitter.com/r3dbU7z/status/1583293071524958208 67.198.237.116:808 ars1.wemix.cc # Reference: https://www.virustotal.com/gui/file/b9728070aabe0442bc58d759c354cdcc93e35dbd6a9d99706ee0b8ff51edf644/detection 156.254.126.18:8080 156.254.126.18:9090 ars.wemix.cc # Reference: https://blog.lumen.com/chaos-is-a-go-based-swiss-army-knife-of-malware/ 20.90.110.121:808 # Reference: https://elfdigest.com/brief/ec0c849db557051d2f6cdef6973ccc04b246fc58dca933cbb9fa1a7c7c01e71f xn--9kqv03dn4b.xyz tf.xn--9kqv03dn4b.xyz # Reference: https://elfdigest.com/brief/dc4cbafeee9342ff237bf6e8c22a8ca8b687d26a1e9eaa8d7fbd8ee165ae9768 43.249.9.245:888 # Reference: https://twitter.com/suyog41/status/1630172084079939587 http://107.189.13.143 # Reference: https://ti.qianxin.com/blog/articles/Kaiji-Botnet-Resurfaces-Unmasking-Ares-Hacking-Group-EN/ # Reference: https://otx.alienvault.com/pulse/63ffa1fdf2b44bd91fdedeff llkh.net rawrgaming.icu testapiss.online 998n.f3322.net adsl.testapiss.online control.rawrgaming.icu # Reference: https://elfdigest.com/brief/d3965aeab57d429b0cb28a2853e941a0710294b2159755ea354bf32a723fef3a 23.94.57.167:2023 # Reference: https://threatfox.abuse.ch/browse/malware/elf.kaiji/ http://107.189.13.89 http://45.125.238.68 103.254.72.193:10099 104.207.149.94:10099 137.175.17.80:8080 137.175.17.80:81 154.19.243.107:808 154.7.10.30:808 182.43.6.129:6565 20.239.156.147:8080 23.224.143.170:888 23.94.57.167:808 45.113.1.126:808 45.32.166.73:8080 52.140.208.75:9527 # Reference: https://twitter.com/0xrb/status/1635901959420121088 154.19.243.107:8868 154.7.10.30:89