# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Reference: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor:Win32/Farfli.I w.qq-uc.cn baoge.9966.org mmd178.cn oiuyt.net # Reference: https://www.virustotal.com/gui/file/4a9c646136c527e9669fcada5319678c77bd98218f77d8cce79c04ff475d3194/behavior/Tencent%20HABO cccd02.codns.com # Reference: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor:Win32/Farfli.AV&threatId=-2147286376 hackxiaoben.3322.org # Reference: https://www.virustotal.com/gui/file/5418c6786bc04eb939a9febc8cfa0411f463fbf2a957189b2dc46ba3d5885652/behavior/VirusTotal%20Cuckoofork 4263604.meibu.net # Reference: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor:Win32/Farfli.DA&threatId=-2147261103 binbinkam.cn # Reference: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanDownloader:Win32/Farfli.K!bit&threatId=-2147249070 cdn_server_word9500.xxus.us # Reference: https://www.virustotal.com/gui/file/24ecf8d68c313a9cff7c801eb8108b61f9bd5a6bfcb17434f71ab74d3d6b444a/behavior/VirusTotal%20Cuckoofork a2.qwsazx.com # Reference: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanDownloader:Win32/Farfli.C&threatId=-2147258877 b1a23.meibu.net # Reference: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanDownloader:Win32/Farfli.E&threatId=-2147258594 m1.yea.im # Reference: https://twitter.com/K_N1kolenko/status/1281163539223363584 # Reference: https://www.virustotal.com/gui/file/ec65dff6c8c64535d441d9d3c1a2a7c6c2a0a42ca304041bde9cdd8f7d5b1628/detection qch1jjlb7.bkt.clouddn.com # Reference: https://www.virustotal.com/gui/file/b9c5b00ecbfe17abc48ee5df3f4a4725f90218c5ef596d16ffd7a1e59864fa98/detection linenews.mypicture.info # Reference: https://www.virustotal.com/gui/file/893859a6cee37a556d2368c1ca39b7c9e100983a0822c14b59f59224c5e41639/detection nutqauytva\d{1,3}azxd\.com # Reference: https://twitter.com/Jirehlov/status/1385068574889234439 # Reference: https://www.virustotal.com/gui/ip-address/43.128.26.244/relations # Reference: https://www.virustotal.com/gui/file/7b1bd6931e3e0d9592205a4945661f053d7f696dbf57ced2d6467e4775135290/detection # Reference: https://www.virustotal.com/gui/file/bea0dfb403684642d6612a653bf18dbbff35574ff7166b6ea5e433258df3a7b2/detection # Reference: https://www.virustotal.com/gui/file/52589fbf2352bb762bd1b2a18bf20d60ceaeb0b829034edf77ea4e73d4711e8a/detection http://43.128.26.244 43.128.26.244:99 /2021/0???????????.db /2021/03usdt????????.db /2021/04??????.db /2021/042021????.db /2021/062021Excel.db /2021/20218036/kb.jpg /2021/20218036/TY.png # Reference: https://www.virustotal.com/gui/file/3ee01bd64bb58a4d892fa0994fec5c32faa089346e0bc3d4fe00a08b6890be18/detection rat.microsoftups.com # Reference: https://www.virustotal.com/gui/file/bae1270981c0a2d595677a7a1fefe8087b07ffea061571d97b5cd4c0e3edb6e0/detection 193.164.223.77:7456 # Reference: https://www.virustotal.com/gui/file/385c92e3d2b1dc253eac89889157258df64586cad653dccfd3f3d6b240b9efba/detection 144.48.243.79:1002 202.8.123.81:6547 # Reference: https://www.virustotal.com/gui/file/9a5cae26a14962475b1d9e3011aa16cf7fbd421f2f3f9caa4299c98e3cf018f7/detection 193.164.222.131:4567 # Reference: https://www.virustotal.com/gui/file/e3c418133e17bd7ddd99ef252fb220852a0ab1d827e28c57fcb2645d89899c43/detection 107.151.94.66:4397 # Reference: https://www.virustotal.com/gui/file/2122180333641dee3a0ef7b9966ef035dc010e9857867c247517fe4ec8f566cc/detection 107.151.64.99:4398 # Reference: https://www.virustotal.com/gui/file/00f89613a5add3497b0da5c69bf7e39d88f312f2251f1f7cd3eb678584795931/detection 58.56.66.45:1111 kk321.f3322.net # Reference: https://www.virustotal.com/gui/file/d7a35dac1206d1b11cc5d7f27cd5c41831a71b9384de993bd22997686782d8c9/detection updatedns.serveuser.com # Reference: https://www.virustotal.com/gui/file/669c73d43ee10805a49260331dc5c2f278a84191b96c32ffe0ffc46365722b70/detection 27.124.3.138:5002 # Reference: https://www.virustotal.com/gui/file/1665b6af7f0f2be925ffccde88aa85d442c22dd95617ef79195cfb3ceca73b97/detection 113.90.168.19:8000 # Reference: https://www.virustotal.com/gui/file/9c8275d340bd29999a4d8f21e846225fdbb3fd67e82df6da810ec6913786cdc1/detection 180.215.203.34:36060 # Reference: https://www.virustotal.com/gui/file/880ee211e61938ce2b52c191b52a670be2cd83385fe573ef1ab5ac3fcb6d3eea/detection 180.215.203.34:24690 180.215.203.34:443 # Reference: https://www.virustotal.com/gui/file/7dbb6b9b81c564c8843000cfa156512057f783abb7b1b036362b36a3a23c1ef8/detection 43.139.138.38:2002 # Reference: https://www.virustotal.com/gui/file/f810b7e70b092c28f444de6782676e2d6c2d754340359be3278ce8957d2a3486/detection 124.220.35.63:7777 # Reference: https://www.virustotal.com/gui/file/a261d2dd247ae794de54eeb729b5336d945e7d5406d96cc8b41d6546e912705b/detection 124.220.35.63:8000 # Reference: https://www.virustotal.com/gui/file/9a2112fa4bb5f16b6e7a61b50fe0abb25aade5d0b50930699db1f195891d50bd/detection 124.220.35.63:4088 # Reference: https://www.virustotal.com/gui/file/83534b5f34717ef561cb855f2611710bad259e0ca42cae2252d00d986b73d7be/detection 154.91.230.44:8225 # Reference: https://www.virustotal.com/gui/file/614c1ce944cd52468289e806685ab58ce6bccb33b87d991bf376eb144dd03c1e/detection 104.233.151.40:8225 # Reference: https://www.virustotal.com/gui/file/e759df6f0df75856657945fc8bfcc0abc3def918e847956ad7c361fc72d0e19c/detection 40.83.115.43:8001 81.69.6.161:992 bot.nodefunction.vip # Reference: https://app.any.run/tasks/51ac8482-d809-4a2b-a601-89be388f3f13/ 27.124.43.55:8000 # Reference: https://twitter.com/obfusor/status/1685588560760709120 # Reference: https://www.virustotal.com/gui/file/1e3c8d40ac25f58439cd1eeb3e69066bfb7f7554d79b125b4c2213152496eeb8/detection # Reference: https://www.virustotal.com/gui/file/363f2bc3f3f5da3147689f5d66f7fcad1199e1c654326e40767df6fd9fbd6233/detection # Reference: https://www.virustotal.com/gui/file/da387187f3ae143bc874f27acb5bb04a5e208ca0f4d0200917eee0c6ccd33781/detection # Reference: https://www.virustotal.com/gui/file/5f4c86793dc182bbdbca017a15a26213cf07bcc7d5a3038db3b728fcd421c581/detection # Reference: https://www.virustotal.com/gui/file/d4cfd0cf4f253c6cb6d6b1aa8475d6a2a58de7b87e51cbb5affd9e65eb47224b/detection 103.229.126.5:7700 122.10.24.216:7700 154.38.114.192:7700 164.155.255.38:7700 43.129.71.79:7700 8.218.190.138:7700 # Reference: https://www.virustotal.com/gui/file/4027995b0a77793ccb5b415d66ba3b6ea1dfdbdc70249ab2f7f66a35f97a80d3/detection # Reference: https://www.virustotal.com/gui/file/43ecc26f16080ee7c67b9ed6fd75b45b3aae99862733a0824b03d8e53904778c/detection 106.55.160.12:2012 192.252.182.100:2012 216.83.40.189:2012 8.134.97.32:2012 # Reference: https://twitter.com/ThreatBookLabs/status/1691451361014272000 # Reference: https://www.virustotal.com/gui/file/27ae3c21f27cf73b34ef7f2fecf9ed1bf319a7acb155d9b36341ac821ec35216/detection 59.42.71.178:876 wanyaqing.3322.org # Reference: https://blog.cyble.com/2023/06/16/new-malware-campaign-targets-letsvpn-users/ # Reference: https://otx.alienvault.com/pulse/64906a888558bdb91b9f4495 latavpn.world lestvpn.com letevpn.world letsvpn.club letsvpn.cyou letsvpnaa.com # Reference: https://www.virustotal.com/gui/file/0b4eb7fdae7e90c0bd0dbfc7552865ba6d7dcd03e77efd91b5e246c71f9f2f7c/detection # Reference: https://www.virustotal.com/gui/file/7ec0d3e3dc4222f34c482926ce1f971b51929e95b9d097140bc1f4b1c84dafd9/detection 182.42.105.12:2022 182.42.105.12:9000 lqwljs.cn lqwljs.top # Reference: https://www.virustotal.com/gui/file/075f5138060a476a449b2134c53abfa13ddd233d2151fa6576c5c7c6c5badcf2/detection 222.186.160.169:40869 sjlwql.cn # Reference: https://www.virustotal.com/gui/file/0383b4607310f8e98a2d2ee93cbea1a9e5d66dfaf8755e6b3e1e4398ae42ca71/detection 43.248.191.125:7999 sjlwql.top # Reference: https://www.virustotal.com/gui/file/b6bc28566acdd68792cf2393993f01e992e23be2ba275d74bf697300cb1b250e/detection 103.142.146.92:8000 103.143.29.28:3325 # Reference: https://www.virustotal.com/gui/file/490e63ba4abec4b9935c8edf0df01e34c9f9d00e326f084bc52b3ca9853a5623/detection 222.211.72.102:8018 hackerinvasion.f3322.net # Reference: https://www.virustotal.com/gui/file/4cf0f2fd200e4c941e940044c23784061390936caf5b15d666766e0ae6086d92/detection 222.211.72.102:8068 # Reference: https://twitter.com/naumovax/status/1706663843571904622 # Reference: https://tria.ge/230925-dhhheadb52/behavioral2 # Reference: https://tria.ge/230925-dhd5zsdb49/behavioral2 222.211.72.102:7029 222.211.72.102:7088 # Reference: https://www.virustotal.com/gui/file/3084e166be386ff331ebb3321d9fc55239b909264b5b7f0ddeb1cf3690ad8656/detection 20.187.77.247:53762 one188.one gd.one188.one # Reference: https://www.virustotal.com/gui/file/06ca956b3574a6514803b2682f8dd6cda6e81111ae6e7ebc8d71de68964dbe03/detection 141.255.146.160:7077 # Reference: https://www.virustotal.com/gui/file/44773329fdd390d4321f01dd301736de74606062a8e6b8ce79f302a316d9e598/detection 42.51.37.132:8000 # Reference: https://www.virustotal.com/gui/file/6e6c6c7dd4b27ec3ba17135aa99d5166405a3e0512c9ca092c4b14718fa39045/detection 43.248.117.189:37558 s4.v100.vip # Reference: https://www.malwarebytes.com/blog/threat-intelligence/2024/01/malicious-ads-for-restricted-messaging-applications-target-chinese-users # Reference: https://www.virustotal.com/gui/file/a366710645856803e6d4cd0babd1b11d6eaef7ce0bca7254d499164d4b26abfb/detection # Reference: https://www.virustotal.com/gui/file/acf6c75533ef9ed95f76bf10a48d56c75ce5bbb4d4d9262be9631c51f949c084/detection # Reference: https://www.virustotal.com/gui/file/e3edfb7d2c5b95a0eba0070f0f735a78ea3dffc73a7d5f97bf9b886931bcf047/detection # Reference: https://www.virustotal.com/gui/file/fb7b9f25adc2a0f6fb6a80666072783e34cb2fa2cb7412b14f4ff12ab36961a3/detection 216.83.56.247:36061 45.195.148.73:15628 47.75.116.234:19858 5443654.site 5443654.world telagsmn.com teleglarm.com teleglren.com # Reference: https://www.virustotal.com/gui/file/287a4430ea2c76838bf97bae597209017f62a7bbacdfd472508afcea2f184524/detection 91.204.226.63:8000 # Generic /newfiz7/tasks.php