# Copyright (c) 2014-2026 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Reference: https://github.com/eset/malware-ioc/tree/master/sshdoor http://198.23.187.46 http://94.75.207.3 176.9.47.34:28739 # Reference: https://twitter.com/ESETresearch/status/1410864752948043778 # Reference: https://twitter.com/ESETresearch/status/1410864779229548546 # Reference: https://www.virustotal.com/gui/file/0bff46518b35ddfe37f4a7820286aab829d81f1480d9eeca5aaedc9ceda6724f/detection # Reference: https://www.virustotal.com/gui/file/be97d7ae3b2d876f027d99d8d61dbca92513f4975336c2ebc26cf8a0839b67b6/detection 45.67.230.53:443 # Reference: https://twitter.com/r3dbU7z/status/1584713099806126080 # Reference: https://www.virustotal.com/gui/file/3eac3dce42c59c37a826537f4f3b9c580db2d18d09df1fc23cd45d4f8309ac63/detection http://181.115.207.243 181.115.207.243:443 3.133.207.110:17715 3.136.65.236:17715 3.138.180.119:17715 /hS7PV4gUa-XphOiGisRung-yxu84TF5wsYDHEtrIBL # Reference: https://twitter.com/1ZRR4H/status/1774355839165280493 # Reference: https://twitter.com/1ZRR4H/status/1774356908897419376 # Reference: https://www.virustotal.com/gui/file/910077fa834a5a156c40c9dba7637611522c248b1b32d32fef23b42dfab11896/detection # Reference: https://www.virustotal.com/gui/file/7c636f1c9e4d9032d66a58f263b3006788047488e00fc26997b915e9d1f174bf/detection http://45.133.74.48 147.45.40.125:9999 45.133.74.48:22 77.221.137.93:4444 shield.surf aeza.shield.surf tratata.shield.surf # Reference: https://threatfox.abuse.ch/browse/tag/SSH-C2/ (# 2024-04-16) 103.174.73.85:9900 134.255.218.111:1337 134.255.218.111:8081 141.98.7.218:1337 141.98.7.237:1337 147.135.119.43:1337 147.135.119.43:8081 15.204.12.150:1337 15.235.149.123:9999 162.214.103.215:2052 162.214.103.216:2052 172.65.152.34:22 185.196.8.230:1337 185.254.198.211:9900 193.34.69.249:1337 209.141.50.91:1337 209.141.59.146:1337 209.141.62.176:1337 45.128.232.185:1337 45.128.232.219:1337 45.133.74.121:1337 5.181.80.35:999 51.38.67.91:888 51.81.0.240:666 51.89.30.114:9999 64.95.13.160:10000 89.187.28.15:2222 94.156.66.16:1337 94.156.66.184:1337 94.156.66.225:1337 94.156.67.43:1337 94.156.67.74:1337 94.228.168.28:1337 pickthecotton.xyz royalparac2.xyz royalparadisec2.xyz zopz-api.com # Reference: https://urlhaus.abuse.ch/browse.php?search=6f1bbcaa6efc41ee257919a85acc9ea5b1f82c8def103e39629e0b5161800ccc http://14.165.172.148 http://14.245.204.22 # Reference: https://pastebin.com/JGcvfvAJ http://188.92.72.129 http://188.92.79.110 http://188.92.79.115 http://188.92.79.116 http://92.118.39.81 # Reference: https://threatfox.abuse.ch/browse/tag/SSH-C2/ (# 2024-09-22) 103.178.234.178:9900 103.211.201.207:9900 103.69.96.242:9900 109.120.157.133:1337 109.120.157.133:666 109.120.157.133:777 141.98.7.23:25565 142.44.236.7:15017 146.59.34.134:1337 147.182.227.94:1337 152.42.244.186:1337 158.51.96.150:1225 158.51.96.150:6969 158.69.129.106:25565 158.69.129.110:10000 159.65.82.152:1337 167.114.127.88:25565 167.114.127.94:25565 185.112.83.65:888 185.208.158.103:1337 185.208.158.145:1337 191.96.94.56:1337 198.251.81.118:1337 198.251.83.208:222 198.27.107.173:1337 198.50.207.22:10000 198.98.53.133:1337 202.158.249.20:1337 209.141.33.129:1337 209.141.39.25:222 209.141.43.48:1337 217.144.184.45:1337 37.114.46.120:2052 37.114.56.86:1337 41.216.183.210:1337 45.11.229.162:1337 45.137.198.11:1337 45.137.207.152:1337 45.14.245.240:9900 45.148.244.127:1337 45.202.33.16:1337 45.45.237.115:10000 45.90.12.127:1337 45.90.12.217:1337 45.90.12.81:1337 45.90.13.246:1337 45.95.169.33:1337 5.39.34.47:187 5.39.34.47:222 5.42.100.115:1337 51.222.196.58:808 51.254.156.24:10000 51.38.93.187:888 51.68.202.203:1337 51.75.166.195:1337 51.77.74.141:1337 51.81.228.213:888 51.81.230.244:9090 51.81.38.136:1337 51.81.69.5:1225 51.81.69.5:6969 57.128.159.119:5050 62.182.84.156:4040 64.176.217.111:1337 66.78.40.115:1337 68.183.180.68:1337 69.30.200.99:4398 77.105.146.225:1010 77.221.148.78:1337 77.221.151.154:1337 77.221.156.254:7070 77.91.66.27:1337 77.91.66.67:10000 78.40.116.170:1337 79.137.202.45:1337 79.137.203.182:1337 83.147.29.35:1337 83.168.110.33:1337 83.168.69.39:1337 83.168.69.39:6969 85.192.56.249:999 89.208.103.203:4122 91.92.244.41:6969 91.92.247.71:1337 91.92.255.205:1337 92.246.138.78:1337 92.249.48.17:1337 92.249.48.65:1337 94.156.66.163:1337 94.156.66.184:10000 94.156.66.205:1337 94.156.66.84:1337 95.214.27.140:1337 95.214.27.200:1337 95.214.27.230:1337 95.214.27.242:1337 admin.craftsteal.me advisors.hardbacon.ca atov.xyz backup-drrugs.xyz cad-capostoa-aa.top canada-capost-aee.top canada-capost-bb.com canada-capost-bee.top canada-capost-dd.com canada-capostoa.top connectionrandom.xyz correo-paraguayotb.top drupbox.com frostedservices.us gdew59.scma.zorinmc.tech gg-net.cc gob-pe-seepost.top hyperleaks.xyz it.sakel.eu kymev.com kymev.coma logicc2.com login.wrldsecurity.ru luciferc2.net medusa-network.sbs mta01.jjp59.com node.craftsteal.me omerta-btc.com panel.austria-host.de proxy-c2.online proxy.kaitenc2.de rxqtxyz.xyz streaming.siciliavera.com tcp-connect.xyz tcp-proxy.live usreorj.com usreorm.com usreory.com vanilla.vin weeping.lol wireguard.wtools.us zelrvn.xyz ziw.tyblue.net # Reference: https://urlhaus.abuse.ch/browse/tag/sshdkit/ (# 2024-09-23) http://102.216.105.81 http://103.42.198.20 http://104.131.131.50 http://104.131.237.245 http://109.69.8.230 http://113.165.173.221 http://116.103.156.94 http://116.103.163.15 http://116.105.113.118 http://117.202.0.15 http://117.202.0.54 http://121.202.143.135 http://125.168.166.40 http://14.165.170.160 http://14.176.160.169 http://14.245.201.19 http://147.182.177.199 http://149.248.44.196 http://161.43.205.67 http://172.115.81.23 http://173.255.230.192 http://182.239.84.154 http://182.239.84.156 http://182.239.84.210 http://182.239.84.86 http://182.239.84.87 http://182.239.84.88 http://182.239.84.89 http://183.171.48.228 http://194.105.59.47 http://2.54.83.23 http://2.55.116.44 http://2.57.122.121 http://202.3.248.178 http://202.3.248.179 http://219.70.106.89 http://36.67.155.2 http://36.95.166.82 http://45.32.126.172 http://45.55.115.133 http://45.77.247.71 http://45.79.100.217 http://45.79.190.114 http://46.125.89.13 http://50.116.26.12 http://62.12.138.141 http://66.70.242.174 http://68.183.74.40 http://77.211.17.249 http://78.132.114.66 http://79.124.49.158 http://83.224.163.3 http://86.221.95.134 http://86.93.35.33 http://90.117.44.182 http://91.39.188.217 http://95.182.31.10 http://95.230.215.65 http://95.47.248.146 1.179.62.255:8080 1.179.62.255:8081 102.165.122.114:6100 102.223.106.188:8025 102.223.106.188:9023 102.23.88.134:8082 102.23.88.134:8083 103.42.198.103:1025 103.42.198.106:1025 103.42.198.20:1025 107.145.144.57:5180 109.127.9.41:81 109.127.9.41:82 109.158.46.249:94 109.158.46.249:95 109.69.8.230:7878 109.69.8.230:8080 111.75.151.121:8888 113.160.251.236:8080 113.165.5.209:8080 115.160.162.10:4500 115.72.178.33:8081 115.79.183.216:8082 117.216.139.132:2008 117.216.139.218:2002 117.241.74.26:2002 118.69.157.212:9111 118.69.157.212:9112 118.69.157.212:9114 118.71.172.12:8080 119.13.179.133:8081 119.13.179.180:8080 119.13.179.180:8081 119.13.179.183:8080 119.13.179.183:8081 119.13.179.184:8080 119.13.179.184:8081 119.13.179.185:8080 119.13.179.185:8081 119.13.179.186:8080 119.13.179.186:8081 119.13.179.187:8080 119.13.179.187:8081 119.13.179.189:8080 119.13.179.189:8081 119.13.179.191:8081 119.13.179.215:8080 119.13.179.215:8081 119.13.179.222:8080 119.13.179.222:8081 119.13.179.227:8080 119.13.179.227:8081 119.13.179.75:8080 119.13.179.78:8080 119.13.179.78:8081 119.13.179.84:8080 119.13.179.84:8081 119.13.179.92:8080 119.13.179.92:8081 120.157.13.69:8000 123.143.141.75:10001 123.143.141.75:10002 123.143.141.75:10003 123.143.141.75:10005 123.143.141.75:10006 123.200.171.184:8081 123.209.115.252:8081 123.28.166.179:8001 123.28.195.117:8081 123.28.195.117:8082 124.19.77.89:8000 124.19.79.176:8000 124.19.91.120:8000 124.19.92.48:8081 132.255.192.122:9001 14.161.45.250:8888 14.164.61.33:8181 14.164.61.33:8383 14.164.61.33:8484 14.164.61.33:8585 14.164.61.33:8686 14.164.61.33:8787 14.164.61.33:8888 14.171.72.133:37771 14.171.72.133:37773 14.171.72.133:37775 14.171.72.133:37779 14.185.164.136:8080 14.254.135.96:8181 141.134.214.217:8003 14stirling.dyndns.org 151.71.98.227:8080 152.173.150.196:8080 159.196.71.244:8083 159.196.71.244:8084 161.43.195.146:8080 161.43.195.146:8081 161.43.196.13:8000 161.43.196.13:9000 161.43.202.65:8081 161.43.207.55:8080 161.43.207.55:8081 161.43.207.65:8080 161.43.207.65:8081 162.191.190.249:81 162.191.190.249:82 165.73.108.6:8020 165.73.108.6:8021 165.73.108.6:8022 165.73.108.6:8025 165.73.108.6:8027 165.73.108.6:8028 165.73.108.6:8029 166.140.147.185:8001 166.140.147.185:8002 166.140.147.185:8003 166.140.147.185:8004 166.144.131.188:8045 166.144.131.188:8052 170.254.152.248:8080 171.233.24.60:8080 174.67.82.219:1167 174.71.237.86:1101 174.71.237.86:1103 174.71.247.18:1188 174.71.253.35:1101 174.71.253.35:1103 178.156.67.184:2220 178.176.204.240:84 178.176.204.250:84 178.182.253.59:8081 178.182.253.59:8082 178.182.253.59:8083 178.182.253.59:8084 178.182.253.59:8085 178.183.184.59:8088 178.183.208.134:8080 178.183.208.134:8081 178.183.85.67:10081 178.183.85.67:10082 178.183.85.67:10083 178.183.99.195:8089 178.84.167.164:8080 179.87.223.249:8083 183.191.215.135:8000 185.127.22.75:8080 185.143.139.103:2221 185.43.16.46:82 185.43.19.103:9043 185.49.168.84:197 188.147.175.138:5002 188.147.175.18:8085 188.147.175.18:8088 188.147.175.18:8091 188.147.175.18:8094 188.170.32.148:84 188.26.129.216:9090 188.28.165.123:8083 188.28.167.142:8081 188.28.167.142:8082 188.28.167.142:8083 188.29.34.164:8081 188.29.34.164:8082 188.29.34.164:8083 188.30.200.232:8081 188.30.201.55:8084 189.223.203.43:8080 193.160.86.39:8080 195.135.42.75:38185 195.135.42.75:38187 195.135.42.75:38188 200.187.93.158:37020 201.110.70.11:8080 202.22.143.159:9020 202.22.143.159:9021 204.11.227.214:1103 209.162.229.229:2003 209.162.229.229:2004 212.14.98.61:10092 212.3.211.157:50080 217.160.26.97:8001 217.35.225.65:81 217.35.225.65:82 218.108.181.2:84 218.108.181.2:87 221.10.233.217:8618 222.145.26.8:50005 222.252.15.21:8081 223.108.58.13:37780 223.108.58.15:37780 223.82.83.143:8888 223.83.194.100:8080 223.83.194.100:8081 223.83.194.100:8082 24.120.13.5:1101 24.120.13.5:1103 24.120.175.134:1111 24.120.42.254:1212 24.120.42.254:1214 24.234.159.5:1111 24.234.159.5:1112 24.234.172.44:1101 24.234.172.44:1111 24.234.172.44:1112 3.109.239.113:8406 31.0.241.65:8081 31.0.241.65:8082 31.125.243.56:8181 31.173.70.100:86 31.217.117.2:8081 31.217.117.2:8082 31.217.117.2:8084 39.175.56.202:9001 39.175.56.248:9006 39.175.56.249:9005 39.175.56.250:9003 41.144.133.44:8081 41.144.133.44:8083 41.144.133.44:8084 41.146.5.125:8083 41.71.51.243:8080 42.113.68.50:8888 45.234.218.54:8099 45.90.2.195:999 46.103.200.106:8080 46.171.144.226:1081 46.250.54.75:83 46.250.54.75:84 47.152.114.31:8104 47.152.114.31:8105 5.161.79.118:8563 50.175.37.218:1141 50.175.37.222:1141 50.243.106.237:1101 50.243.106.237:1103 50.243.106.237:1188 59.154.239.132:8000 59.154.252.26:8000 61.88.48.247:8000 61.88.50.73:8000 61.88.50.74:8000 61.88.50.76:8000 62.45.143.203:9012 66.214.27.140:8111 66.49.95.131:8131 66.49.95.131:8132 68.107.218.106:1101 68.226.36.150:1122 69.75.168.226:8007 70.173.248.138:1101 70.173.248.138:1103 74.72.72.247:8000 74.72.72.247:8002 76.53.38.126:8081 76.53.38.126:8082 76.53.38.126:8085 76.53.38.126:8086 76.53.38.126:8087 76.53.38.126:8090 76.53.38.126:8888 77.237.29.219:2025 77.237.29.219:2027 77.73.166.186:8001 77.73.166.186:8002 78.21.148.41:4002 78.21.148.41:4003 78.23.174.181:8810 78.23.174.181:8811 79.142.152.214:10001 79.162.222.118:8083 79.162.222.118:8089 79.8.63.122:8081 80.14.38.66:1081 80.15.181.173:2501 80.24.87.77:8056 80.24.87.77:8057 80.24.87.77:8058 80.64.76.65:8002 81.156.181.101:60030 81.196.96.73:1030 81.42.247.62:8082 81.42.247.62:8083 81.42.247.62:8084 81.42.247.62:8085 81.42.247.62:8086 81.42.247.62:8087 82.148.194.54:9013 82.76.12.91:1030 82.76.12.91:1031 82.76.12.91:1032 82.77.57.16:8585 83.220.108.132:8081 83.220.108.132:8082 83.220.108.132:8083 83.220.108.132:8084 83.220.108.132:8085 84.199.4.170:8005 84.29.231.9:8080 85.99.124.65:8001 86.121.112.111:1031 86.121.112.111:1032 86.121.112.188:1032 86.121.112.188:1033 86.121.112.70:1031 86.121.112.70:1032 86.121.113.72:1032 86.121.113.72:1033 86.121.113.87:1025 86.121.221.111:50102 86.122.141.80:8002 86.127.104.61:1300 86.127.104.61:1301 86.127.104.61:1302 86.127.104.61:1303 86.127.104.61:1304 86.127.104.61:1306 86.127.104.61:1309 86.127.104.61:1310 86.127.104.61:1311 86.221.95.134:81 86.221.95.134:82 86.221.95.134:83 87.119.173.73:8080 87.251.249.41:8082 87.26.194.197:8884 88.123.92.100:8000 88.208.213.73:8004 88.24.46.77:10062 88.24.46.77:10072 88.8.54.152:10042 89.31.226.224:8085 90.102.76.1:1216 90.102.76.1:1220 91.164.39.142:50002 91.164.39.142:50003 91.164.39.142:50004 91.164.39.142:50005 91.164.39.142:50006 91.164.39.142:50008 91.170.130.84:8080 91.231.190.163:8080 92.40.60.119:8001 92.41.12.160:8083 93.63.154.162:38000 94.190.215.76:37781 94.196.58.35:8081 94.196.58.35:8082 94.196.58.35:8083 94.254.244.246:1111 94.60.242.252:9091 94.60.242.252:9094 94.60.242.252:9095 95.60.186.19:9001 96.76.18.90:8081 96.76.18.90:8082 99.139.100.137:1101 99.139.100.137:1104 99.139.100.137:1107 99.139.100.137:1110 99.139.100.137:1188 99.71.130.109:8021 99.71.130.109:8022 99.71.130.109:8025 99.71.130.109:8027 99.71.130.109:8028 99.71.130.109:8034 99.71.130.109:8035 99.71.130.109:8039 99.71.130.109:8040 99.71.130.109:8041 99.71.130.109:8042 99.71.130.109:8048 99.71.130.109:8049 99.71.130.109:8050 99.71.130.109:8054 99.71.130.109:8055 173-255-238-129.ip.linodeusercontent.com article.se hksswbhjd.com v1.article.se # Reference: https://x.com/banthisguy9349/status/1838857986887876834 http://113.182.105.128 http://116.103.166.146 http://116.110.194.14 1.179.63.129:8080 1.179.63.129:8081 1.179.63.130:8080 1.179.63.130:8081 1.179.63.145:8080 1.179.63.145:8081 1.179.63.146:8081 1.54.31.240:8888 102.223.106.188:8022 102.223.106.188:8026 102.23.89.134:8082 102.23.89.134:8083 102.68.74.28:8055 102.68.74.45:8055 102.68.74.46:8055 102.68.74.69:8055 105.184.90.162:8081 109.166.211.222:6201 109.166.211.222:6202 110.239.6.20:8080 110.239.6.20:8081 112.4.110.22:37780 113.161.57.162:8080 113.165.91.189:8080 119.13.179.133:8080 119.13.179.136:8080 119.13.179.16:8080 119.13.179.16:8081 119.13.179.225:8080 119.13.179.225:8081 119.13.179.75:8081 # Reference: https://x.com/DaveLikesMalwre/status/1853203655911973324 # Reference: https://app.validin.com/detail?type=raw&find=Login+-+Nosviak4#tab=host_pairs http://15.204.132.49 http://188.212.101.73 http://198.251.80.196 http://198.251.81.118 http://198.251.83.85 http://205.185.117.147 http://5.183.171.160 http://51.81.104.127 http://51.81.135.240 http://51.81.135.241 http://54.39.226.40 http://62.146.182.2 http://93.123.85.50 api-flowerc2.online flowerstresser.online ip240.ip-51-81-135.us ip241.ip-51-81-135.us ns2.opennet.cloud rxqtuest.top # Reference: https://x.com/SecureSh3ll/status/1855051575498055687 # Reference: https://www.virustotal.com/gui/ip-address/135.181.56.30/detection # Reference: https://www.virustotal.com/gui/file/3f0ec748d8a083529098aa9181deba63508bb1d5863ff01bb528ebf4f53642e5/detection http://135.181.56.30 http://2.59.134.66 135.181.56.30:4411 static.30.56.181.135.clients.your-server.de # Reference: https://x.com/banthisguy9349/status/1869018664789569901 http://176.96.136.133 http://45.148.10.176 http://51.81.121.129