# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Reference: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor:Win32/Farfli.I w.qq-uc.cn baoge.9966.org mmd178.cn oiuyt.net # Reference: https://www.virustotal.com/gui/file/4a9c646136c527e9669fcada5319678c77bd98218f77d8cce79c04ff475d3194/behavior/Tencent%20HABO cccd02.codns.com # Reference: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor:Win32/Farfli.AV&threatId=-2147286376 hackxiaoben.3322.org # Reference: https://www.virustotal.com/gui/file/5418c6786bc04eb939a9febc8cfa0411f463fbf2a957189b2dc46ba3d5885652/behavior/VirusTotal%20Cuckoofork 4263604.meibu.net # Reference: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor:Win32/Farfli.DA&threatId=-2147261103 binbinkam.cn # Reference: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanDownloader:Win32/Farfli.K!bit&threatId=-2147249070 cdn_server_word9500.xxus.us # Reference: https://www.virustotal.com/gui/file/24ecf8d68c313a9cff7c801eb8108b61f9bd5a6bfcb17434f71ab74d3d6b444a/behavior/VirusTotal%20Cuckoofork a2.qwsazx.com # Reference: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanDownloader:Win32/Farfli.C&threatId=-2147258877 b1a23.meibu.net # Reference: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanDownloader:Win32/Farfli.E&threatId=-2147258594 m1.yea.im # Reference: https://twitter.com/K_N1kolenko/status/1281163539223363584 # Reference: https://www.virustotal.com/gui/file/ec65dff6c8c64535d441d9d3c1a2a7c6c2a0a42ca304041bde9cdd8f7d5b1628/detection qch1jjlb7.bkt.clouddn.com # Reference: https://www.virustotal.com/gui/file/b9c5b00ecbfe17abc48ee5df3f4a4725f90218c5ef596d16ffd7a1e59864fa98/detection linenews.mypicture.info # Reference: https://www.virustotal.com/gui/file/893859a6cee37a556d2368c1ca39b7c9e100983a0822c14b59f59224c5e41639/detection nutqauytva[0-9]{1,3}azxd\.com # Reference: https://twitter.com/Jirehlov/status/1385068574889234439 # Reference: https://www.virustotal.com/gui/ip-address/43.128.26.244/relations # Reference: https://www.virustotal.com/gui/file/7b1bd6931e3e0d9592205a4945661f053d7f696dbf57ced2d6467e4775135290/detection # Reference: https://www.virustotal.com/gui/file/bea0dfb403684642d6612a653bf18dbbff35574ff7166b6ea5e433258df3a7b2/detection # Reference: https://www.virustotal.com/gui/file/52589fbf2352bb762bd1b2a18bf20d60ceaeb0b829034edf77ea4e73d4711e8a/detection http://43.128.26.244 43.128.26.244:99 /2021/0???????????.db /2021/03usdt????????.db /2021/04??????.db /2021/042021????.db /2021/062021Excel.db /2021/20218036/kb.jpg /2021/20218036/TY.png # Reference: https://www.virustotal.com/gui/file/3ee01bd64bb58a4d892fa0994fec5c32faa089346e0bc3d4fe00a08b6890be18/detection rat.microsoftups.com # Reference: https://www.virustotal.com/gui/file/bae1270981c0a2d595677a7a1fefe8087b07ffea061571d97b5cd4c0e3edb6e0/detection 193.164.223.77:7456 # Reference: https://www.virustotal.com/gui/file/385c92e3d2b1dc253eac89889157258df64586cad653dccfd3f3d6b240b9efba/detection 144.48.243.79:1002 202.8.123.81:6547 # Reference: https://www.virustotal.com/gui/file/9a5cae26a14962475b1d9e3011aa16cf7fbd421f2f3f9caa4299c98e3cf018f7/detection 193.164.222.131:4567 # Reference: https://www.virustotal.com/gui/file/e3c418133e17bd7ddd99ef252fb220852a0ab1d827e28c57fcb2645d89899c43/detection 107.151.94.66:4397 # Reference: https://www.virustotal.com/gui/file/2122180333641dee3a0ef7b9966ef035dc010e9857867c247517fe4ec8f566cc/detection 107.151.64.99:4398 # Reference: https://www.virustotal.com/gui/file/00f89613a5add3497b0da5c69bf7e39d88f312f2251f1f7cd3eb678584795931/detection 58.56.66.45:1111 kk321.f3322.net # Reference: https://www.virustotal.com/gui/file/d7a35dac1206d1b11cc5d7f27cd5c41831a71b9384de993bd22997686782d8c9/detection updatedns.serveuser.com # Reference: https://www.virustotal.com/gui/file/669c73d43ee10805a49260331dc5c2f278a84191b96c32ffe0ffc46365722b70/detection 27.124.3.138:5002 # Reference: https://www.virustotal.com/gui/file/1665b6af7f0f2be925ffccde88aa85d442c22dd95617ef79195cfb3ceca73b97/detection 113.90.168.19:8000 # Reference: https://www.virustotal.com/gui/file/9c8275d340bd29999a4d8f21e846225fdbb3fd67e82df6da810ec6913786cdc1/detection 180.215.203.34:36060 # Reference: https://www.virustotal.com/gui/file/880ee211e61938ce2b52c191b52a670be2cd83385fe573ef1ab5ac3fcb6d3eea/detection 180.215.203.34:24690 180.215.203.34:443 # Reference: https://www.virustotal.com/gui/file/7dbb6b9b81c564c8843000cfa156512057f783abb7b1b036362b36a3a23c1ef8/detection 43.139.138.38:2002 # Reference: https://www.virustotal.com/gui/file/f810b7e70b092c28f444de6782676e2d6c2d754340359be3278ce8957d2a3486/detection 124.220.35.63:7777 # Reference: https://www.virustotal.com/gui/file/a261d2dd247ae794de54eeb729b5336d945e7d5406d96cc8b41d6546e912705b/detection 124.220.35.63:8000 # Reference: https://www.virustotal.com/gui/file/9a2112fa4bb5f16b6e7a61b50fe0abb25aade5d0b50930699db1f195891d50bd/detection 124.220.35.63:4088 # Reference: https://www.virustotal.com/gui/file/83534b5f34717ef561cb855f2611710bad259e0ca42cae2252d00d986b73d7be/detection 154.91.230.44:8225 # Reference: https://www.virustotal.com/gui/file/614c1ce944cd52468289e806685ab58ce6bccb33b87d991bf376eb144dd03c1e/detection 104.233.151.40:8225 # Reference: https://www.virustotal.com/gui/file/e759df6f0df75856657945fc8bfcc0abc3def918e847956ad7c361fc72d0e19c/detection 40.83.115.43:8001 81.69.6.161:992 bot.nodefunction.vip # Reference: https://app.any.run/tasks/51ac8482-d809-4a2b-a601-89be388f3f13/ 27.124.43.55:8000 # Reference: https://twitter.com/obfusor/status/1685588560760709120 # Reference: https://www.virustotal.com/gui/file/1e3c8d40ac25f58439cd1eeb3e69066bfb7f7554d79b125b4c2213152496eeb8/detection # Reference: https://www.virustotal.com/gui/file/363f2bc3f3f5da3147689f5d66f7fcad1199e1c654326e40767df6fd9fbd6233/detection # Reference: https://www.virustotal.com/gui/file/da387187f3ae143bc874f27acb5bb04a5e208ca0f4d0200917eee0c6ccd33781/detection # Reference: https://www.virustotal.com/gui/file/5f4c86793dc182bbdbca017a15a26213cf07bcc7d5a3038db3b728fcd421c581/detection # Reference: https://www.virustotal.com/gui/file/d4cfd0cf4f253c6cb6d6b1aa8475d6a2a58de7b87e51cbb5affd9e65eb47224b/detection 103.229.126.5:7700 122.10.24.216:7700 154.38.114.192:7700 164.155.255.38:7700 43.129.71.79:7700 8.218.190.138:7700 # Reference: https://www.virustotal.com/gui/file/4027995b0a77793ccb5b415d66ba3b6ea1dfdbdc70249ab2f7f66a35f97a80d3/detection # Reference: https://www.virustotal.com/gui/file/43ecc26f16080ee7c67b9ed6fd75b45b3aae99862733a0824b03d8e53904778c/detection 106.55.160.12:2012 192.252.182.100:2012 216.83.40.189:2012 8.134.97.32:2012 # Reference: https://twitter.com/ThreatBookLabs/status/1691451361014272000 # Reference: https://www.virustotal.com/gui/file/27ae3c21f27cf73b34ef7f2fecf9ed1bf319a7acb155d9b36341ac821ec35216/detection 59.42.71.178:876 wanyaqing.3322.org # Reference: https://blog.cyble.com/2023/06/16/new-malware-campaign-targets-letsvpn-users/ # Reference: https://otx.alienvault.com/pulse/64906a888558bdb91b9f4495 latavpn.world lestvpn.com letevpn.world letsvpn.club letsvpn.cyou letsvpnaa.com # Reference: https://www.virustotal.com/gui/file/0b4eb7fdae7e90c0bd0dbfc7552865ba6d7dcd03e77efd91b5e246c71f9f2f7c/detection # Reference: https://www.virustotal.com/gui/file/7ec0d3e3dc4222f34c482926ce1f971b51929e95b9d097140bc1f4b1c84dafd9/detection 182.42.105.12:2022 182.42.105.12:9000 lqwljs.cn lqwljs.top # Reference: https://www.virustotal.com/gui/file/075f5138060a476a449b2134c53abfa13ddd233d2151fa6576c5c7c6c5badcf2/detection 222.186.160.169:40869 sjlwql.cn # Reference: https://www.virustotal.com/gui/file/0383b4607310f8e98a2d2ee93cbea1a9e5d66dfaf8755e6b3e1e4398ae42ca71/detection 43.248.191.125:7999 sjlwql.top # Reference: https://www.virustotal.com/gui/file/b6bc28566acdd68792cf2393993f01e992e23be2ba275d74bf697300cb1b250e/detection 103.142.146.92:8000 103.143.29.28:3325 # Reference: https://www.virustotal.com/gui/file/490e63ba4abec4b9935c8edf0df01e34c9f9d00e326f084bc52b3ca9853a5623/detection 222.211.72.102:8018 hackerinvasion.f3322.net # Reference: https://www.virustotal.com/gui/file/4cf0f2fd200e4c941e940044c23784061390936caf5b15d666766e0ae6086d92/detection 222.211.72.102:8068 # Reference: https://twitter.com/naumovax/status/1706663843571904622 # Reference: https://tria.ge/230925-dhhheadb52/behavioral2 # Reference: https://tria.ge/230925-dhd5zsdb49/behavioral2 222.211.72.102:7029 222.211.72.102:7088 # Reference: https://www.virustotal.com/gui/file/3084e166be386ff331ebb3321d9fc55239b909264b5b7f0ddeb1cf3690ad8656/detection 20.187.77.247:53762 one188.one gd.one188.one # Reference: https://www.virustotal.com/gui/file/06ca956b3574a6514803b2682f8dd6cda6e81111ae6e7ebc8d71de68964dbe03/detection 141.255.146.160:7077 # Reference: https://www.virustotal.com/gui/file/44773329fdd390d4321f01dd301736de74606062a8e6b8ce79f302a316d9e598/detection 42.51.37.132:8000 # Reference: https://www.virustotal.com/gui/file/6e6c6c7dd4b27ec3ba17135aa99d5166405a3e0512c9ca092c4b14718fa39045/detection 43.248.117.189:37558 s4.v100.vip # Reference: https://www.malwarebytes.com/blog/threat-intelligence/2024/01/malicious-ads-for-restricted-messaging-applications-target-chinese-users # Reference: https://www.virustotal.com/gui/file/a366710645856803e6d4cd0babd1b11d6eaef7ce0bca7254d499164d4b26abfb/detection # Reference: https://www.virustotal.com/gui/file/acf6c75533ef9ed95f76bf10a48d56c75ce5bbb4d4d9262be9631c51f949c084/detection # Reference: https://www.virustotal.com/gui/file/e3edfb7d2c5b95a0eba0070f0f735a78ea3dffc73a7d5f97bf9b886931bcf047/detection # Reference: https://www.virustotal.com/gui/file/fb7b9f25adc2a0f6fb6a80666072783e34cb2fa2cb7412b14f4ff12ab36961a3/detection 216.83.56.247:36061 45.195.148.73:15628 47.75.116.234:19858 5443654.site 5443654.world telagsmn.com teleglarm.com teleglren.com # Reference: https://www.virustotal.com/gui/file/287a4430ea2c76838bf97bae597209017f62a7bbacdfd472508afcea2f184524/detection 91.204.226.63:8000 # Reference: https://x.com/K_N1kolenko/status/1796542852681596972 # Reference: https://www.virustotal.com/gui/file/4403fcd4791990c2a228398f6282c5cc419f23970f67ede03d7004e07c953076/detection 110.6.28.25:88 123.129.229.68:5656 154.222.224.99:7000 4.233.222.144:8848 0qsf.com dnf60.online a.0qsf.com dnf.dnf60.online # Reference: https://x.com/DonPasci/status/1792981948631007391 # Reference: https://www.virustotal.com/gui/ip-address/103.192.209.60/relations # Reference: https://www.virustotal.com/gui/file/0150b8a808a9ba4dc2e5093839a75ceba632e3668fe3f2977e604257f02757fc/detection # Reference: https://www.virustotal.com/gui/file/2bdd6c549e4314db5c888ef891cf869d018af003a614bb9f43d26e23a758bfe3/detection # Reference: https://www.virustotal.com/gui/file/65594cd00b59b33c7d31f57048e329a24b3e1c2c29b2fda682ea01e157d447d3/detection # Reference: https://www.virustotal.com/gui/file/857ebb67b4be23b01e2feacaee45d0650b39c3f6306416ac19b319d14cd68e69/detection # Reference: https://www.virustotal.com/gui/file/db969801fdf2511b44c442e0b7a762f35a2dab99abfe089672535362654d8198/detection http://103.84.110.94 103.192.209.60:7474 103.192.209.60:7575 103.192.209.60:7778 154.39.251.77:13799 996cq.com aadij.top aaojg.top aclhl.top acole.top adbck.top ahdpb.top aheoe.top ajhei.top banol.top beapn.top bfjdn.top blhlc.top bmhhk.top bobmg.top bohon.top cacnj.top caehc.top caied.top cbnco.top cfbkb.top cjpka.top ckkib.top cniac.top cofim.top dbacn.top dboka.top ddchg.top dghbb.top dgknd.top dhiin.top dhjcp.top digjf.top djhna.top dljol.top ebnih.top edgip.top edmap.top eeilh.top efogb.top ehoca.top ekgie.top emhob.top emomg.top enhjb.top facbc.top fbfnc.top fjojf.top flaio.top fmjfc.top fpiff.top gchfp.top gcnij.top gdaog.top geohh.top gkeco.top gpnjf.top hcfpo.top hdmnh.top hejhp.top hfidd.top hhjdn.top hiccf.top hknki.top hlifk.top hlilm.top hlmlh.top hmamb.top hmoan.top hpfpn.top ienjd.top ihomi.top iicmk.top ikgbl.top iomca.top ipebj.top jaaja.top jbbpe.top jbffm.top jdllm.top jfbnb.top jffop.top jiigm.top jjmjj.top jkfkh.top jmimn.top jnael.top kelka.top kgtejsaf.com khhbo.top kidbe.top kjaga.top knhgk.top kpgia.top lajca.top lbnfl.top ldbom.top lffkl.top liapp.top ligkl.top lmfga.top lnbgj.top lnlgh.top loicg.top macfh.top mdkol.top meion.top mpifi.top najom.top nakbm.top nbjme.top ncnih.top nfjge.top ngfca.top nhmln.top ninid.top nkkan.top nlinn.top nnepl.top nocda.top oagij.top oaibo.top obafe.top odjkl.top ogagp.top ohnag.top ohppf.top oikpk.top oipoi.top ojlob.top okcdg.top okmib.top olekf.top oljee.top ommpg.top omopp.top onhid.top onldm.top oople.top oplda.top paegj.top pcjmk.top pejof.top pgoac.top pijon.top pkdhe.top pldnc.top plgbd.top pmeca.top pojlg.top ppifh.top bba.odjkl.top cdc.ogagp.top lip.cjpka.top lip.jkfkh.top ning.meion.top ning.oople.top sss.cjpka.top sss.onldm.top tieb.kjaga.top xxhh.acole.top xxhh.gcnij.top xxhh.hiccf.top xxhh.liapp.top xxhh.pejof.top zscm.996cq.com zzz.emomg.top zzz.hiccf.top zzz.liapp.top zzz.pejof.top https.bba.odjkl.top https.lip.cjpka.top # Reference: https://www.virustotal.com/gui/file/07edde3f52e5adfc2f689ebe8ff5701ada4be0daac06a98bc865aa369aa98e14/detection 110.8.29.195:2014 q7481.codns.com # Generic /newfiz7/tasks.php