# Copyright (c) 2014-2026 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Aliases: elephantrat, gh0st, pcrat, smanagerrat, winos4, roningloader # Reference: https://www.fireeye.com/blog/threat-research/2017/05/threat-actors-leverage-eternalblue-exploit-to-deliver-non-wannacry-payloads.html bj6po.a1free9bird.com beiyeye.401hk.com # Reference: https://cybersecurity.att.com/blogs/labs-research/the-odd-case-of-a-gh0strat-variant # Reference: https://otx.alienvault.com/pulse/5c9900511d123a6d16e75561/ # Reference: https://www.virustotal.com/gui/file/54f62979c8c7637af238093fbf204b1edb16e9ce7ca371f9f62c4039f934cede/detection # Reference: https://www.virustotal.com/gui/file/d3dfa0f0582818e24caaccdda78c0b0833d30aa97a8ca9c43cacc7fe3bebab67/detection # Reference: https://www.virustotal.com/gui/file/23414344a6c2afdec92a4679f7947b44498db151dff2822ca7c72d704c6e28e0/detection # Reference: https://www.virustotal.com/gui/file/beade05902c2bd59b1aafe77e0a043766f5e507ac4024640f17ad1fe7c890d6c/detection # Reference: https://www.virustotal.com/gui/file/cbd875b7f9516d4662526457c2132f17e4ac4596380202aac105bc3c146ea93a/detection # Reference: https://www.virustotal.com/gui/file/d4dec64053fa6de0aa85fefd692ce71fb71d3cdd295e7169c8b9b9bd4210b023/detection # Reference: https://www.virustotal.com/gui/file/ea49fbabc6f69ffc9f93993e3d7d5fe47f743fbdc1cc031557a8595fb1594d94/detection # Reference: https://www.virustotal.com/gui/file/d4a21390dd9c85fe6f3b41038a4b270de055a30ad6f9500699775e3ae78d7fd1/detection # Reference: https://www.virustotal.com/gui/file/77722a09b3cc0b17159e27433945548b3e6bd9160d4de4919b02ea6eea671111/detection # Reference: https://www.virustotal.com/gui/file/8e1c369e8b470c9bad0aee715da300dda9a50db153a025b3c797c219d537bb68/detection # Reference: https://www.virustotal.com/gui/file/6d79053611e0d0e2f586061636f337d27de51325b24070edefe08af7d9c5006d/detection # Reference: https://www.virustotal.com/gui/file/88df6448d091acba48dfea761e5360d111f4f50acaf15b4bd2734d81a79ab21b/detection # Reference: https://www.virustotal.com/gui/file/1f824c7b70667072964e4c08a372305cc78a0833beacad52b3e0d24a84e89065/detection # Reference: https://www.virustotal.com/gui/file/0caf2987bca2ca7f644c2cb33099950eb8a5aebe03244ddf8de5e6f3fc8bf1cf/detection # Reference: https://www.virustotal.com/gui/file/45a84d5bb8ce67685504a4409bf4604a500628e454e80ef3f3b832507a4cf855/detection # Reference: https://www.virustotal.com/gui/file/af8f6c9a5a588e4d61913d54c2ae4fb3de2e50b43f57290b0657b11466a18779/detection # Reference: https://www.virustotal.com/gui/file/dfe0e061279f0d67ba84bb4f945b0115b20759f6c48a91dd6c09782cb232266e/detection # Reference: https://www.virustotal.com/gui/file/3b925244721054a15cbb845ba4b617e5c7c46d80ea1c78e7fa5d02bb2069553b/detection # Reference: https://www.virustotal.com/gui/file/258b70d70b856484b65bdaaf4a5c23efb200b160af0babfb21ccd0679bd09749/detection # Reference: https://www.virustotal.com/gui/file/d19bf8ad35b8d494e68ca817a324a4eac3d456a527c8963145e438db9c1e6924/detection 106.14.45.61:15963 106.14.45.61:18566 106.14.45.61:19637 106.14.45.61:19931 106.14.45.61:19932 106.14.45.61:19934 106.14.45.61:25553 106.14.45.61:25563 106.14.45.61:29931 106.14.45.61:3654 113.28.187.169:15963 113.28.187.169:18566 113.28.187.169:19931 113.28.187.169:3654 123.129.224.185:15963 123.129.224.185:18882 123.129.224.185:18883 123.129.224.185:19931 123.129.224.185:19932 123.129.224.185:3654 129.28.23.76:81 221.229.207.145:19931 221.229.207.145:3654 221.7.12.156:19637 221.7.12.156:19931 221.7.12.156:19932 221.7.12.156:19934 221.7.12.156:25553 221.7.12.156:25563 221.7.12.156:29931 221.7.12.156:3654 23.101.115.41:18566 23.101.115.41:19931 23.101.115.41:3654 43.229.153.122:19931 43.229.153.122:3654 58.218.66.180:19931 58.218.66.180:3654 60.169.10.86:15963 60.169.10.86:19637 60.169.10.86:19931 60.169.10.86:19934 60.169.10.86:25553 60.169.10.86:25563 60.169.10.86:29931 60.169.10.86:3654 61.147.125.184:19931 61.147.125.184:3654 95.211.102.25:19931 95.211.102.25:3654 mdzz2019.noip.cn yuankong.info # Reference: https://twitter.com/lazyactivist192/status/1112449219653193736 # Reference: https://www.virustotal.com/gui/file/f1cd38bbb504b38d115b5c127afa913572cef4233395416b5b08aff5f718cfea/relations z-hacker-y.win # Reference: https://twitter.com/Jan0fficial/status/1102912998975434752 # Reference: https://twitter.com/lazyactivist192/status/1168582672752566279 # Reference: https://pastebin.com/D2pUSzcS # Reference: https://app.any.run/tasks/1837b1d1-a62c-4e1b-9223-b6d40dc32d9f # Reference: https://www.virustotal.com/gui/file/2fcc9c48d5d8a5c6889ca3302fcaa9f6296a9e36b167526033a0371172ab1693/detection haohai.hopto.org ip.yototoo.com 116.196.18.237:8082 122.114.192.241:8082 139.196.209.127:923 183.104.6.120:923 # Reference: https://twitter.com/malware_traffic/status/949057588250865665 # Reference: http://www.malware-traffic-analysis.net/2018/01/04/index.html etybh.com # Reference: https://twitter.com/JAMESWT_MHT/status/843829412370046977 45.125.17.15:443 # Reference: https://medium.com/@Sebdraven/chineses-actor-apt-target-ministry-of-justice-vietnamese-14f13cc1c906 nicetiss54.lflink.com # Reference: https://blog.talosintelligence.com/2019/06/threat-roundup-0607-0614.html (# Win.Trojan.Gh0stRAT-6993126-0) # Reference: https://otx.alienvault.com/pulse/5d074c94248332bdb80099af 278267882.f3322.org 850967012.f3322.org a3328657.f3322.org a678157.oicp.net cfhx.f3322.org ddos-cc.vicp.cc guduyinan.gnway.com guduyinan.gnway.net jie0109.hackxd.net linchen1.3322.org q727446006.gicp.net touzi1616.com xm974192128.3322.org xueyang22.gicp.net y927.f3322.org zy520.f3322.org sweety2001.dating4you.cn paleb.no-ip.org honeypus.rusladies.cn marina99.ruladies.cn youwave932.no-ip.biz x.93ne.com ns1.helpchecks.at ns1.helpchecks.by ns1.helpchecks.com ns1.helpchecks.eu ns1.helpchecks.info ns1.helpcheck1.com ns1.helpcheck1.net ns1.helpcheck1.org mskgh.ddns.net yeswecan.duckdns.org sabridz.no-ip.biz mskhe.ddns.net karem.no-ip.org cdn.zry97.com dmar-ksa.ddns.net alkhorsan2016.no-ip.biz amiramir.noip.me katarinasw.date4you.cn # Reference: https://blog.talosintelligence.com/2019/07/threat-roundup-0712-0719.html (# Win.Trojan.Gh0stRAT-7059563-0) 79575465.f3322.net chhacke.win cx820329965.f3322.net e2.luyouxia.net guxiaosen.f3322.net labixiaoxin.e2.luyouxia.net mf123.f3322.net mingyemo.3322.org yaoyao.f3322.net # Reference: https://blog.talosintelligence.com/2019/07/threat-roundup-0719-0726.html (# Win.Dropper.Gh0stRAT-7073937-0) 1321.f3322.org 254143.f3322.net 53ca.meibu.net feng12763.3322.org jwl520.xicp.net pass.5sfox.com pzss.f3322.org pzss.foxdos.cc separa.f3322.org wfs2015.f3322.net # Reference: https://twitter.com/P3pperP0tts/status/1157179581348163584 haohai.ddns.net # Reference: https://twitter.com/dcTavvy/status/1168906154602373122 154.221.22.25:8080 # Reference: https://twitter.com/killamjr/status/1196089316986032128 # Reference: https://app.any.run/tasks/3d38cda0-3987-49e4-aa1c-d72ecd82e997/ 106.54.57.80:8080 # Reference: https://www.virustotal.com/gui/file/89e9b8338dcf5e6fedee17b76dd2416dc83f3e2476f0cea77de9f0fa56754f2c/detection # Reference: https://www.virustotal.com/gui/file/80b01aa49dd4812b5a4b9d15bc8800c4ee1eeaea6897f6475e00d680771ae703/detection 106.54.57.80:80 106.54.57.80:94 # Reference: https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html (# Win.Dropper.Gh0stRAT-7414189-0) 107.163.241.193:6520 107.163.56.251:6658 host123.zz.am # Reference: https://twitter.com/pancak3lullz/status/743123575146586112 183.61.165.228:8000 243145432.f3322.org # Reference: https://twitter.com/securiteoff/status/739622863485931520 qqqq374281.f3322.org # Reference: https://twitter.com/pancak3lullz/status/739619999334031360 115.239.229.196:8090 # Reference: https://twitter.com/lazyactivist192/status/1214302017981702144 1j5p551644.iok.la # Reference: https://www.virustotal.com/gui/file/b8d20eeb7bc3ec8451c72b69b4d2defd9c3981be6cc8b6ba6935a1a724e6d041/detection 218.94.148.242:2015 218.94.148.242:2554 # Reference: https://www.virustotal.com/gui/file/c29621bf50fb69d65de52b6e41a590eb6f804359008324936b94b4e7ec59d812/detection 61.142.176.23:2014 # Reference: https://app.any.run/tasks/2624d66e-c37e-4f50-a199-c5eddd8a1cf1/ xilongxi.net 45.138.209.61:8080 # Reference: https://blog.talosintelligence.com/2020/02/threat-roundup-0131-0207.html (# Win.Worm.Gh0stRAT-7571319-1) # Reference: https://www.virustotal.com/gui/file/c3d1a51bc8f0bd2dca95900d274d575d3d2fd50cdb128f78877d25a5beba7fc9/detection 67.198.149.218:6720 67.198.149.220:8590 # Reference: https://twitter.com/Vishnyak0v/status/1226873846504075264 # Reference: https://www.virustotal.com/gui/file/f96adc9e046ecc6f22d3ba9cfea47a4af75bcba369f454b7a9c8d7ca3d423ac4/detection 192.225.226.217:80 # Reference: https://www.virustotal.com/gui/file/4a7cf906c8cc871176d0702245953eeee5065f9651186cd8ae594e6835b8a8eb/detection 192.225.226.217:8443 # Reference: https://www.virustotal.com/gui/file/ade0514ccb90c39a61ab8a4c16818fbcd352984e2a26b2ffcd92165975e07fd5/detection 192.225.226.217:443 192.225.226.217:53 # Reference: https://app.any.run/tasks/3987798b-6cbe-4236-955e-2413166ef9f9/ 137.220.135.36:8000 # Reference: https://app.any.run/tasks/0611a18e-76be-468a-bfc3-d9491b8f9003/ vip38000a.com 30.554205.com # Reference: https://app.any.run/tasks/12956eb4-d209-4449-9e63-09ee83a64714/ 183.236.2.18:8888 haidishijie.3322.org # Reference: https://twitter.com/wwp96/status/1232326236636090370 # Reference: https://otx.alienvault.com/pulse/5e526a70e6dc03c41340eceb 425rt.rapiddns.ru ref.tbfull.com # Reference: https://news.sophos.com/wp-content/uploads/2020/02/CloudSnooper_report.pdf # Reference: https://otx.alienvault.com/pulse/5e5542330b83d1a8b5dc1f27 cloud.newsofnp.com load.collegesmooch.com ssl.newsofnp.com # Reference: https://www.threatcrowd.org/malware.php?md5=55d149450d27b69d3ad00287a9164c02 chdvks88.dns0755.net # Reference: https://www.virustotal.com/gui/file/60d7cae08475fb78cab77e09df43468cc0f6d2f01f847fc7582f56731672b0e8/detection 101.200.58.177:16233 # Reference: https://blog.talosintelligence.com/2020/03/threat-roundup-0228-0306.html (# Win.Trojan.Gh0stRAT-7603864-1) # Reference: https://www.virustotal.com/gui/ip-address/210.222.25.223/relations # Reference: https://www.virustotal.com/gui/ip-address/113.214.1.34/relations 113.214.1.34:52 117.78.50.197:333 210.222.25.223:7718 210.222.25.223:7748 cq52.top w1464642840.f3322.org xiaoxinzadan.gicp.net # Reference: https://www.virustotal.com/gui/file/fe4625e54603f5c382ab06f0ed1b231e23cbf5bd84f5c30d62e7978217ccea84/detection 210.222.25.223:8562 # Reference: https://www.virustotal.com/gui/file/a67acdaf14970b6fc528707c959554dc76e3869d4d63001fe4f3862e1ad21a05/detection 107.163.56.243:18963 107.163.56.246:18530 # Reference: https://www.virustotal.com/gui/file/370b81561ce4692c46baaa8f64c06d65dad9f816fdda51261a69bedcf93586b7/detection 107.163.56.250:18963 # Reference: https://www.virustotal.com/gui/file/a0eca39b75b4d86e2d363c3200c5b8e0542da3a94ca0e06294c356fab5a5d1c9/detection 107.163.56.245:18963 # Reference: https://blog.talosintelligence.com/2020/03/threat-roundup-0320-0327.html (# Win.Keylogger.Gh0stRAT-7639975-0) # Reference: https://www.virustotal.com/gui/file/0349a3917f7f5a79f7edb0b0573acefcda39e51db6ff44456e339e88f422c129/detection # Reference: https://www.virustotal.com/gui/file/4228b03f92fecdd4333d791397ea6dcf109b78ebd518165e5c424028511434da/detection # Reference: https://www.virustotal.com/gui/file/64e9703811f78071523f5f493b2ea39435dcd405a20f6bc1ee644cb83dfd8917/detection # Reference: https://www.virustotal.com/gui/file/89346a8fbd4d9fd02887a508c02e4d3a0b1f45dfa43672cf8dff84efef316a3c/detection # Reference: https://www.virustotal.com/gui/file/5789ece7e834c45289e85ec65358f422b4562635a3a918b18e22ed4a64daddf3/detection # Reference: https://www.virustotal.com/gui/file/5789ece7e834c45289e85ec65358f422b4562635a3a918b18e22ed4a64daddf3/detection # Reference: https://www.virustotal.com/gui/file/0f1efaaa2da0908afd3582e9bac7e9542f3acaac422f4d22c0145cd6a7748a73/detection # Reference: https://www.virustotal.com/gui/file/e7502dfbc56b998b54e0944758b3fe7b2dd55b06043764b1ebf36f280cb92344/detection # Reference: https://www.virustotal.com/gui/file/c1d7a774961bd01b96e4d8161632af09b97e3a6f85325dfcd08173282cc819b1/detection 106.9.144.132:7777 106.9.146.161:7777 116.62.168.250:24649 123.207.217.39:90 129.28.191.60:8000 129.28.191.60:99 174.128.255.252:8000 183.131.80.101:90 43.248.201.209:27268 49.232.147.19:8080 8686.f3322.net ccidc.f3322.net qqqqdddd.e2.luyouxia.net qyefeng.vicp.net wzbbk.com # Reference: https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html (# Win.Trojan.Gh0stRAT-7737919-0) 1.93.49.73:2012 104.143.150.115:2012 142.4.97.105:2012 155604.f3322.org 182.91.107.168:2012 192.210.63.230:2012 198.74.98.230:2012 aa7899.f3322.org j8666.f3322.org jiuyin.f3322.org kingsir.6600.org linlinwoaini.f3322.org q1299771210.f3322.org qq0104.gicp.net songkeliang.eicp.net vves.3322.org wuer1985.9966.org xiaoxiannv.gnway.net xiaozijun.f3322.org xyllz.com yangman520.f3322.net youlanxiangyin.vicp.cc yzc110110.meibu.net zuoyi5201314.5166.info # Reference: https://blog.prevailion.com/2020/06/the-gh0st-remains-same8.html # Reference: https://otx.alienvault.com/pulse/5edfe5c18832f5af1aaf33e3 45.76.6.149:443 comcleanner.info mlcrosoft.site # Reference: https://www.virustotal.com/gui/file/3179a8de034c4547ed9b45898cf60a73816e8b6363e53c7e8aeda0fe17499f1d/detection 103.133.177.250:4563 quasa.ddns.net # Reference: https://www.virustotal.com/gui/file/68844c9403b2b7357050755b9729b21fd22bb4986b5cbf627685a59413c0e1ab/detection 103.40.101.68:4563 # Reference: https://www.virustotal.com/gui/file/42ee8000ef9f2084b5ecffb1d2ca8889615ec58856785eccab3c8f87c53178ae/detection 43.248.11.151:4243 pclient.ddns.net # Reference: https://app.any.run/tasks/b584a05c-2f6d-47cf-83e7-657b2e0cf4b1/ http://118.107.47.110 118.107.47.104:8000 118.107.47.104:8001 # Reference: https://blog.talosintelligence.com/2020/10/threat-roundup-1009-1016.html (# Win.Packed.Gh0stRAT-9776529-0) # Reference: https://www.virustotal.com/gui/file/086a43e783b6301d5758f43bce59a71908c7beb9f31afd3c88bde7d89081db6b/detection 122.114.28.118:3522 xmrminer.f3322.net # Reference: https://app.any.run/tasks/be0fe876-bcf2-4de7-9ff0-9df1935d0e3b/ 103.74.173.145:6688 pc.8686dy.com # Reference: https://blog.talosintelligence.com/2020/11/threat-roundup-1030-1106.html (# Win.Dropper.Gh0stRAT-9786931-0) 1x1elma7.xiaomy.net 22i5b37672.51mypc.cn 2313u080t2.imwork.net 232mr66094.iok.la 26k4593i06.51vip.biz 273o4d5660.wicp.vip 27ow345733.wicp.vip 2z213948z7.iask.in a731940742.gicp.net y2291815a1.51mypc.cn # Reference: https://app.any.run/tasks/4d47550f-cc3b-4b49-8af8-0ccad1760a9e/ 27.124.10.245:4753 syy.skt-one.com # Reference: https://twitter.com/wwp96/status/1327897784213794816 # Reference: https://app.any.run/tasks/e5baf985-6f1d-48ac-bcf2-1302d4a3086d/ 143.92.57.83:8001 143.92.57.83:8080 # Reference: https://www.virustotal.com/gui/file/99d47a61b580eedd39efa6d6c7fb9d13fa1fca3c9fe628cee0f49f1c8f97e8db/detection xiaohai2013.f3322.org # Reference: https://otx.alienvault.com/pulse/5fc0eb77569dc57d9686fb39 graceland777.ddns.net mitty1.freemyip.com williamz20.ddns.net # Reference: https://otx.alienvault.com/pulse/5fc8d47bae040ead5cfc4767 cloudbase-init.pw compprotect.com # Reference: https://twitter.com/lazyactivist192/status/1216814092725506049 zjq1993.meibu.com # Reference: https://twitter.com/_re_fox/status/1238188943587377155 # Reference: https://app.any.run/tasks/f2118744-26c3-4523-8e82-d7203e3bb1e4/ 193.203.215.52:2011 online.update--microsoft.com # Reference: https://www.virustotal.com/gui/file/12d847b384f2aa42db19236178ccd18cf39feb4f18477e48b957816c537d854c/detection 104.149.136.66:2011 mail.update--microsoft.com # Reference: https://www.virustotal.com/gui/file/b739076d107965600dfdb92536faa8638deb6d0dcfba5fc6e653ec12853c215c/detection live.korearac.com # Reference: https://www.virustotal.com/gui/file/4c652657944ba7f09a4dbeff95ea66d69f7d82c3bea44808e0428935c513273b/detection # Reference: https://www.virustotal.com/gui/file/4ecc8864e91febef66a6efc6538749e29af715f1a61807b78cd25efebe372449/detection 107.175.137.138:59170 211.149.209.11:59170 lijiejie.nat123.cc # Reference: https://blog.talosintelligence.com/2020/12/threat-roundup-1127-1204.html (# Win.Dropper.Gh0stRAT-9800485-0) 53074960.nat123.cc bqcyyx.com lht1361828085.3322.org mingyemo.3322.org seo.kfj.cc # Reference: https://www.virustotal.com/gui/file/9b757b63b31061e0b77a31b5706911f223376283ace22140a415203cbe8040e3/detection 35084ea6.nat123.cc # Reference: https://blog.talosintelligence.com/2020/12/threat-roundup-1204-1211.html (# Win.Dropper.Gh0stRAT-9802375-0) # Reference: https://www.virustotal.com/gui/file/e347ced607de94a87801a27edc9b3faec0551829dbd78294748d93460e28346c/detection 118.193.233.10:7360 a13932873816.f3322.org cescmouad.zapto.org # Reference: https://twitter.com/wwp96/status/1337849110536347650 # Reference: https://app.any.run/tasks/8edcf322-5fba-49ea-a98e-dec554b3d9d0/ 202.58.105.174:8000 # Reference: https://twitter.com/wato_dn/status/1356965355650863106 # Reference: https://twitter.com/kienbigmummy/status/1361965176451264517 # Reference: https://app.any.run/tasks/b91747ae-ea86-4875-9cbf-8a2b78487cc1/ https://blog.vincss.net/2021/02/re020-elephantrat-kunming-version-our-latest-discovered-RAT-of-Panda.html 103.255.177.138:8080 # Reference: https://www.virustotal.com/gui/file/2fadd1cb04e54811ca3d3538b9833c254a31db8b875a96794d44aa49db3faa60/detection 43.248.201.209:21922 yg484698405.e2.luyouxia.net # Reference: https://www.virustotal.com/gui/file/dba5987cbe9958bb86bd08eeccdb72999e0327b032821c0b2df4ea5b537c4072/detection 43.248.201.209:29719 xiaok66.e2.luyouxia.net # Reference: https://www.virustotal.com/gui/file/429cd23868b064297dd5c536ea420152394b2b5210d8b1f6f1802d353759e7a6/detection 43.248.201.209:32520 xiaoren234.e2.luyouxia.net # Reference: https://www.virustotal.com/gui/file/e407517a144c10e6946082afded7cf7f6afbf4beb4808894fd6b7ac170830a85/detection 43.248.201.209:27140 mmp224460.e2.luyouxia.net # Reference: https://www.virustotal.com/gui/file/f711c717473bb221b7f39a6f13d2c1aaa9403f7fcc5791dc53c38468efead20d/detection 43.248.201.133:28672 hax0fdafda.e1.luyouxia.net # Reference: https://www.virustotal.com/gui/file/9eed6ad63fd1688c0e906ef294a1c6f0489cb6356c3736584c12a34ceea0ff0d/detection 43.248.201.133:27731 damm25969.e1.luyouxia.net # Reference: https://www.virustotal.com/gui/file/09291140c7cd8b73219fa7a95564ec75c54bbfea92dd92cbccfb47c6a7699736/detection 222.186.170.35:29802 zhangjian123.e1.luyouxia.net # Reference: https://www.virustotal.com/gui/file/23ad910aadc455b38b41446ba7425cb891d00f3791d64c7cf8b2c7b47ddf1fe7/detection 43.248.201.133:2021 yindixiang.e1.luyouxia.net # Reference: https://www.virustotal.com/gui/file/130a026be6e1c01d23c3a94052db892950dd00cf2195cc7e54d7e3add19f6278/detection 43.248.201.133:21727 fxd9988019.e1.luyouxia.net # Reference: https://www.virustotal.com/gui/file/0a80a258c199b864b1de65ed260b2cfed02934eb1e51a45e89ae192fb3afa787/detection 43.248.201.133:28316 q3088429300.e1.luyouxia.net # Reference: https://blog.talosintelligence.com/2021/02/threat-roundup-0212-0219.html (# Win.Trojan.Gh0stRAT-9831483-1) aka.f3322.net gyxin1314.xicp.net god_xinghe.f3322.org ljwser.xicp.net nt520.f3322.org # Reference: https://app.any.run/tasks/67e24e08-584b-4cca-a8a1-b1ca12f70e95/ 125.65.79.5:5522 103.119.1.139:1987 # Reference: https://twitter.com/wwp96/status/1368417388543180800 # Reference: https://app.any.run/tasks/39d974b3-6fe0-4278-8695-98684eb35c1f/ 113.212.91.178:4753 six.skt-one.com # Reference: https://www.virustotal.com/gui/file/32f2fe76ed68ffaa93baaf3e05ab0cabb058c48a431974e2f8312e2661849a93/detection 45.154.198.168:4753 sy.skt-one.com # Reference: https://www.virustotal.com/gui/file/91c422b4d9d826ff83ba875f46091c5907b61dcac8a7829ad25aebe181bdc359/detection 45.154.198.160:4753 mm.skt-one.com # Reference: https://www.virustotal.com/gui/file/fd77950eb7f104dfef6eb7f535a5d324069e8f7fb7cca7057e67e427d248f1ff/detection 202.5.23.125:4753 ss.skt-one.com # Reference: https://www.virustotal.com/gui/file/90085f7de94a2ca42f3f534d628318854d7dea91d97a4527ca5b3545fe75094b/detection 27.124.10.245:4753 syy.skt-one.com # Reference: https://www.virustotal.com/gui/file/a99f4c0c9653bb121c9d6875b756203adf3e4d9086f2111e0fe0243355f26e36/detection 73.23.200.124:44579 # Reference: https://www.virustotal.com/gui/file/7f8742297042b4da3914c65c79bec5608eb166fe2034fa054f3d108f7d4f8131/detection # Reference: https://www.virustotal.com/gui/file/2d26ef7b55e8345369b4e6c184441197304532dcf0557022431e5689fd2e9552/detection 113.212.90.152:4753 113.212.91.215:4753 tmh.skt-one.com # Reference: https://www.virustotal.com/gui/file/4359b20a9570083d6126fc013d74d5fb65de09a628a287ae291cd3b7335eb5e3/detection # Reference: https://www.virustotal.com/gui/file/ad101c55122b9bd5be2d5a64d27de50b1826b5908741355e1a28cf38cde79b79/detection # Reference: https://www.virustotal.com/gui/file/ae90ea48bb6a9501de26f6d2763ead816047dab1bed91e5565c477113c63ddef/detection 103.135.101.189:4753 ax.skt-one.com # Reference: https://www.virustotal.com/gui/file/2d3d7817dfaf66265cf2db4a3b8a1806394b74530ae36e7d6d3ad0ba95a0606e/detection 27.124.10.245:4753 ssy.skt-one.com # Reference: https://blog.talosintelligence.com/2021/04/threat-roundup-0326-0402.html (# Win.Keylogger.Gh0stRAT-9847918-1) 36ho560717.wicp.vip cn-xz-bgp.sakurafrp.com lolsb.cn # Reference: https://twitter.com/wwp96/status/1385603503998095361 # Reference: https://app.any.run/tasks/8b366bb8-90d3-422c-bf28-c20fad648817/ 122.114.68.46:1990 39.103.200.111:14996 qjy888.f3322.net ref.tbfull.com # Reference: https://www.trendmicro.com/en_us/research/21/d/water-pamola-attacked-online-shops-via-malicious-orders.html # Reference: https://www.virustotal.com/gui/file/55ade218a34f3e727186c9e9c645265f161d7a9b7f55a721ba29e6ef5c3a12da/detection download.adobe-air.com # Reference: https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html (# Win.Dropper.Gh0stRAT-9871236-0) gaoshouzaimimang.f3322.org # Reference: https://twitter.com/wwp96/status/1409713019802710029 # Reference: https://app.any.run/tasks/9de5a384-d5aa-4e56-9ead-6a6e63a3731b/ 192.250.240.130:8000 # Reference: https://twitter.com/wwp96/status/1410328605389905923 103.194.104.94:8080 # Reference: https://www.virustotal.com/gui/file/156673535edad847a0bfaa2e3ed0d641b912b7c9704a576c458a968c9d64bb35/detection 160.20.147.36:2019 23.82.19.11:2019 cc.nainainainainainainainainainainai.com # Reference: https://www.virustotal.com/gui/file/4c244d5aa5e534df85e0e56f4b7816029a9d03f26bbff03c1dbb4fec5366b8a4/detection 160.20.147.36:8888 # Reference: https://blog.talosintelligence.com/2021/07/threat-roundup-0716-0723.html (# Win.Malware.Gh0stRAT-9880225-1) aaas0000.codns.com adobeservice.codns.com gkgk5421.codns.com gkgk5544.codns.com gmdals87.codns.com guswns740.codns.com sex5844.ddns.net tmal44.codns.com wldhr15.codns.com # Reference: https://blog.talosintelligence.com/2021/08/threat-roundup-0730-0806.html (# Win.Trojan.Gh0stRAT-9882928-1) zxl520.f3322.org # Reference: https://www.virustotal.com/gui/file/f942f8d6fdc97692ed7f864732f4ef0a91f13116f85b56a651eab059f51e3fca/detection bodyres.f3322.net dahuilianglaile.f3322.net # Reference: https://otx.alienvault.com/pulse/61c708f7de699b6b1d490dcd # Reference: https://www.virustotal.com/gui/file/b70da60888ac5237fb74c6dd5fcbb4c4c1c0b26ab0ff5709339c629e54167a9a/detection 106.13.228.81:2025 # Reference: https://blog.talosintelligence.com/2021/09/threat-roundup-0910-0917.html (# Win.Dropper.Gh0stRAT-9892254-0) 107.183.41.149:3204 # Reference: https://blog.talosintelligence.com/2021/09/threat-roundup-0917-0924.html (# Win.Malware.Gh0stRAT-9893485-1) qc4.pw qqqzxc.win tak9.win tzzpt.win wyx146.top # Reference: https://www.virustotal.com/gui/file/85e4be57ce216b2123ba6ded2d65696bd7d6040ccf63fa7593fe4e2f64869e7a/detection anonymousdzss.no-ip.biz anonymousso.no-ip.biz anonymousuhytsa.no-ip.biz anonymusblack12.no-ip.biz anthonycamis.no-ip.biz # Reference: https://blog.talosintelligence.com/2021/10/threat-roundup-1001-1008.html (# Win.Dropper.Gh0stRAT-9899606-0) 110.34.174.66:8000 # Reference: https://blog.talosintelligence.com/2022/01/threat-roundup-1231-0107.html (# Win.Trojan.Gh0stRAT-9928675-1) 67.198.215.213:3204 # Reference: https://www.virustotal.com/gui/file/000a2ceaa0c6a10dadcece38e9b37f0b4e7adc0bb26936801f330ca1b7b56b1a/detection 107.163.241.197:12354 107.163.241.198:6520 # Reference: https://www.virustotal.com/gui/file/aeba2bd0382eb3e80387fdc5a0182175a50208922d6aab56f090968676e3b32f/detection # Reference: https://www.virustotal.com/gui/file/c11430593fe348d7d2c6c2b5c38004af815e63c2ac87b1bcc09707499de5c160/detection 107.163.241.194:6520 107.163.241.195:12354 # Reference: https://www.virustotal.com/gui/file/a80c87e032a84b4a1df56f5a882b2da1f1f392208258648748277ddbe2749410/detection 107.163.241.191:16300 107.163.241.192:12354 # Reference: https://www.virustotal.com/gui/file/c2769cf66869f1207b0e1d498f541e66d47ba373306b8ff6728ed5ddaddd83d6/detection 107.163.241.189:12354 107.163.241.190:16300 # Reference: https://www.virustotal.com/gui/file/0debc35d129e03a8c856b14fba71671de04906b2de1546754396c63944a8ef00/detection 107.163.241.187:16300 107.163.241.188:12354 # Reference: https://www.virustotal.com/gui/file/09d56d1c1070532b70d5ea512849d432affe85e7e7a5d120e3c8a308e243b243/detection 107.163.241.185:16300 107.163.241.186:12354 # Reference: https://www.virustotal.com/gui/file/4f131307faa566c5780630e2f58beec65fef4f6e068d0834cdb0f6b99991ff9c/detection 107.163.241.183:16300 107.163.241.184:12354 # Reference: https://www.virustotal.com/gui/file/2b11428f8477dc1ab6e3aeafc8e8a4a749df748225ead91bcba07f946c8eae62/detection 107.163.43.143:12388 107.163.241.181:16300 107.163.241.182:12354 # Reference: https://www.virustotal.com/gui/file/72f947ca4affb5dc522b08c079fec7757412a3616abf333c73295f26e843ceeb/detection 107.163.241.179:16300 107.163.241.180:12354 107.163.56.110:18530 # Reference: https://www.virustotal.com/gui/file/c133d06d32d03a0a315455ecbc5845f242ee244068162fba160b63d614b6fc1c/detection 107.163.241.175:16300 107.163.241.176:12354 # Reference: https://www.virustotal.com/gui/file/04370baf78b59a171007f518b3eb4d5854637f8c036ad7022d078af4abef8980/detection 107.163.241.202:12354 krnaver.com # Reference: https://twitter.com/honeymoon_ioc/status/1487546093911085070 # Reference: https://twitter.com/vinopaljiri/status/1487653340699844610 # Reference: https://tria.ge/220129-1rwgysaabj/behavioral1 # Reference: https://www.virustotal.com/gui/file/5c07770e22f6b69b150d3b43f2ef2145020f73738d3ba4610932189a0b62927e/detection 185.199.224.169:8145 185.199.224.169:9090 exiles.site # Reference: http://blog.talosintelligence.com/2022/02/threat-roundup-0128-0204.html (# Win.Packed.Gh0stRAT-9937867-1) 98.126.40.18:3204 # Reference: https://www.virustotal.com/gui/file/004744315ef2277a8bd1078173fe88080a97a91dbe0e37ff9fdea7701151f191/detection 107.163.56.241:18530 107.163.56.240:18963 # Reference: https://blogs.jpcert.or.jp/en/2021/10/gh0sttimes.html # Reference: https://otx.alienvault.com/pulse/615c2a13c152c6c325889282 tftpupdate.ftpserver.biz # Reference: https://www.virustotal.com/gui/file/4cf08b61835581ebafacd5913eba5d5c743d500c005fe23238650e011ce180f7/detection # Reference: https://www.virustotal.com/gui/file/7d080b7bcd89791afd112738c5d40af4d41a0ef84dde15a906cad764df8ef20b/detection http://45.125.218.178 http://45.125.218.179 45.125.218.178:8000 45.125.218.179:8000 # Reference: https://blog.talosintelligence.com/2022/04/threat-roundup-0422-0429.html (# Win.Trojan.Gh0stRAT-9946565-1) 1sf.8800.org black123.gnway.net ddos.zhanglianlian.com hao.2sqj.com l.emp666.org one2ada.f3322.org senlin1996.3322.org shiyong.8866.org sszhuan.3322.org vip.523sew.com yangzihouyuanhui.6600.org yplinfo.gnway.net # Reference: https://twitter.com/1ZRR4H/status/1523791593278345217 154.23.191.157:5896 nishabii.live # Reference: https://www.virustotal.com/gui/file/28114eb0261850e8d744be4605b506cd2058ca3acd7c2da7387464f038f4c438/detection 223.171.55.127:1999 # Reference: https://tria.ge/220423-hdggrsaha2/behavioral2 144.202.74.176:2012 asd1738402137.f3322.org # Reference: https://tria.ge/220425-z1573sddd3/behavioral2 3.13.191.225:14136 # Reference: https://tria.ge/220427-bncs1afad6/behavioral2 171.38.77.97:42419 171.38.77.97:42420 171.38.77.97:42421 chaofeng1.f3322.org # Reference: https://www.virustotal.com/gui/file/d9d1d2c440fffc40d5ac6abeb16bb83cc98267b0130637e54b8e79e22dce87e4/behavior/Microsoft%20Sysinternals 154.23.182.128:8089 # Reference: https://www.virustotal.com/gui/file/cec8082b581df5a734ff3d6c6582c94fa1cb12f08c3bd3390a4c58960dd1de8f/behavior/VirusTotal%20Jujubox 23.224.97.111:5555 # Reference: https://www.virustotal.com/gui/file/f563029f4a88368711eed2b7acbdf244cc865027945407098c3bc7e2e504d2c6/behavior/VirusTotal%20Jujubox 134.175.141.126:2022 # Reference: https://www.virustotal.com/gui/file/39af9d875717c9a93fbe97fdd5f5b5da1d7dbb76cae14fdeeae4556da9827813/behavior/C2AE 216.83.45.203:7500 # Reference: https://www.virustotal.com/gui/file/f75d645400b91e9b1ea1f1f3f4806c1f59b378399684e1a499061b79724a0a68/behavior/Microsoft%20Sysinternals 110.186.58.114:9797 # Reference: https://www.virustotal.com/gui/file/a09ff60f0acaef699dc08ee06aac0bdc9a6ab4c1427b15dace33752ab753f92c/behavior/Microsoft%20Sysinternals 193.218.38.158:8080 # Reference: https://www.virustotal.com/gui/file/95e5988e40f7655cd95b70b5ae927ca25ac8ceb486117bd933fbfabe5456bf3e/behavior/VirusTotal%20Jujubox 43.248.201.133:21328 a798370668.e1.luyouxia.net # Reference: https://www.virustotal.com/gui/file/a120d80235eccb05e995c3f6d72acf3c89e5b8809a72f366bc01171e40d69608/behavior/Dr.Web%20vxCube 103.194.104.10:8089 # Reference: https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.html (# Win.Malware.Gh0stRAT-9949686-0) 1.15.252.63:3339 # Reference: https://blog.talosintelligence.com/2022/05/threat-roundup-0520-0527.html (# Win.Dropper.Gh0stRAT-9950358-1) # Reference: https://www.virustotal.com/gui/file/05a9987be765d374c21143d6aa92ed0b6405e28bd96291375cf0d28f21a165ec/detection # Reference: https://www.virustotal.com/gui/file/188328a03eafa8a5ab8e1fcd971e10eacb6fe4428741fb72e8a965cdda850f0d/detection # Reference: https://www.virustotal.com/gui/file/388d77e4fa716c49dde738b8897b7ed13313a6800155de7d388e59cd23eebab7/detection 154.221.21.125:65004 nianqing.xyz yckz.5453.top # Reference: https://www.virustotal.com/gui/file/999e537d3fe2789a074121cee8f83d6858ca7d0baf7b54e6e24ed5f91a231444/detection 47.97.103.217:2012 # Reference: https://twitter.com/r3dbU7z/status/1624977660735528962 # Reference: https://www.virustotal.com/gui/file/12b71b648d7b07fcd01b954e2615e21548e7c818effa5748dfa20fbba08d2ef2/detection 182.92.235.68:1990 # Reference: https://otx.alienvault.com/pulse/63f361ef1a12fc11df419438 lanzuanpay.xyz # Reference: https://twitter.com/wwp96/status/1627448220182872064 # Reference: https://app.any.run/tasks/33efb5a3-5668-44bb-a98d-e24ee0510a54/ 114.96.97.0:1997 # Reference: https://twitter.com/wwp96/status/1630019574816182272 # Reference: https://app.any.run/tasks/8fb9ad39-57dc-444d-88d8-d71ac942cddc/ 47.94.241.76:43 # Reference: https://twitter.com/wwp96/status/1630343778367344640 # Reference: https://app.any.run/tasks/93bad3ed-b2d5-4e2a-9c02-f1b8c9c3d889/ 58.221.57.142:7777 # Reference: https://twitter.com/wwp96/status/1632152368178659328 # Reference: https://app.any.run/tasks/3bbe3ab0-33d4-4248-bd12-d52d368f804a/ 39.109.113.141:7777 # Reference: https://twitter.com/0xToxin/status/1633009525530800131 # Reference: https://app.any.run/tasks/2d6ac745-bdbe-401b-9099-f5d1d5ee63d5/ http://124.220.35.63 103.127.83.43:8225 # Reference: https://twitter.com/JAMESWT_MHT/status/1633019264675241984 # Reference: https://www.virustotal.com/gui/file/05974133505a3e988edff7e6f12db30b978a7b1f222aa180bc37cae4fa235633/detection 124.220.35.63:8880 # Reference: https://www.virustotal.com/gui/file/79a46b45d026b26a52c76fd5729a7dbd43a3c3233300c0624122cd578dd6c0b8/detection 124.220.35.63:8081 # Reference: https://www.virustotal.com/gui/file/cb321addb3a80115ca704ce53d3d395ab9ff994863c8e04ad4e6082def455113/detection 124.220.35.63:8001 # Reference: https://twitter.com/pollo290987/status/1654581586342338560 # Reference: https://www.virustotal.com/gui/file/f1b2416eafb95e5e027569b21e575c5c19c8994b26c5be785c833d18c77488ed/detection 111.92.242.184:2200 # Reference: https://threatfox.abuse.ch/browse/malware/win.ghost_rat/ http://2.58.64.219 101.132.125.131:8000 101.43.124.250:16823 103.145.86.39:7777 103.145.86.6:7777 103.145.87.50:7777 103.163.46.120:10086 103.193.188.98:8000 103.193.192.90:8000 103.20.193.166:2015 103.21.117.137:7375 103.25.19.32:9735 103.37.1.131:443 103.45.138.180:1369 103.46.128.46:26098 103.99.63.138:8900 104.232.98.28:2222 107.175.50.207:20327 110.249.156.50:9522 110.76.158.75:11024 114.110.198.107:8886 114.110.198.107:8889 114.110.208.215:7747 115.231.218.18:12611 115.236.153.170:11302 115.28.142.7:2433 116.62.165.107:5555 118.121.184.235:8023 118.184.169.48:80 121.4.122.206:37936 123.160.10.39:60756 123.57.186.60:8088 123.99.198.201:12611 125.240.117.220:2221 125.65.79.5:7777 129.211.208.176:8000 13.58.157.220:16180 139.155.178.173:19060 150.242.98.19:29514 154.204.209.197:8008 154.221.18.47:7777 154.221.30.106:7777 154.39.66.37:18443 156.234.127.6:8000 171.38.76.144:42421 175.107.89.72:8287 18.189.106.45:10874 183.105.164.105:10798 183.236.2.18:1031 183.236.2.18:1212 183.236.2.18:12588 183.236.2.18:1300 183.236.2.18:1415 183.236.2.18:17 183.236.2.18:1980 183.236.2.18:1989 183.236.2.18:1994 183.236.2.18:1997 183.236.2.18:2007 183.236.2.18:2011 183.236.2.18:2222 183.236.2.18:2223 183.236.2.18:3565 183.236.2.18:44 183.236.2.18:4821 183.236.2.18:512 183.236.2.18:5408 183.236.2.18:6000 183.236.2.18:61 183.236.2.18:6666 183.236.2.18:7001 183.236.2.18:7308 183.236.2.18:7732 183.236.2.18:7740 183.236.2.18:800 183.236.2.18:8000 183.236.2.18:8001 183.236.2.18:8084 183.236.2.18:81 183.236.2.18:8181 183.236.2.18:83 183.236.2.18:8312 183.236.2.18:8686 183.236.2.18:8786 183.236.2.18:8787 183.236.2.18:9820 202.163.158.147:9735 210.97.234.97:13966 211.173.73.165:2333 219.153.12.4:8786 23.106.215.217:1017 23.225.73.110:8000 23.251.41.162:7777 3.134.125.175:14136 3.134.39.220:14136 3.14.182.203:14136 3.141.177.1:10874 3.142.81.166:16180 3.17.7.232:14136 3.22.30.40:14136 38.181.58.21:8000 38.47.204.154:7777 43.129.192.59:7777 43.142.38.153:8520 43.249.195.178:9595 43.255.241.176:1337 45.153.241.207:1016 47.112.163.50:8086 47.114.98.223:8888 58.138.234.82:9065 58.138.247.121:7745 58.138.247.121:8286 58.138.247.121:8287 58.138.247.121:8288 58.158.177.102:4116 58.221.72.142:7777 61.160.236.44:9015 188s.co s7.188s.co # Reference: https://twitter.com/sicehice/status/1689863652122255360 # Reference: https://www.virustotal.com/gui/file/21c3b30041dc16f6fb0fe758c4cd1767e272133ff45dd21aee22506e6d9199aa/detection 193.142.58.208:443 193.142.58.208:8888 # Reference: https://threatfox.abuse.ch/browse/malware/win.ghost_rat/ (# 2023-08-23) 103.145.86.153:6000 88.218.195.109:60601 # Reference: https://threatfox.abuse.ch/ioc/1151937/ 82.157.254.217:8000 # Reference: https://threatfox.abuse.ch/ioc/1151949/ 123.99.198.201:20973 # Reference: https://threatfox.abuse.ch/ioc/1152213/ 115.236.153.170:58669 # Reference: https://threatfox.abuse.ch/ioc/1152289/ 115.236.153.181:41719 # Reference: https://threatfox.abuse.ch/ioc/1152321/ 60.247.148.188:2023 # Reference: https://threatfox.abuse.ch/ioc/1155822/ 115.236.153.170:41719 # Reference: https://twitter.com/naumovax/status/1703765086014152778 # Reference: https://twitter.com/naumovax/status/1704062570510877176 # Reference: https://www.virustotal.com/gui/file/e7eb91b0994a94a22d4a27f9cd85997d4570ffe2e1c02a690930e78486b7d43e/detection # Reference: https://www.virustotal.com/gui/file/c161bedddebc92c399f6bd8edf0005e3e594c635a2ac6d072a46d4a0232251ec/detection 103.218.0.125:6000 124.222.139.41:6000 163.197.241.150:6000 27.124.3.48:6000 34.92.223.98:6000 38.55.186.235:6000 8.218.169.130:6000 # Reference: https://threatfox.abuse.ch/ioc/1164419/ 47.111.82.157:53637 # Reference: https://www.proofpoint.com/us/blog/threat-insight/chinese-malware-appears-earnest-across-cybercrime-threat-landscape # Reference: https://www.virustotal.com/gui/ip-address/103.59.103.99/relations # Reference: https://www.virustotal.com/gui/file/2fd76b7c461cfa5d1cbc0a753cc408e9787df2f176407ac4ab7ad99733b44f06/detection # Reference: https://www.virustotal.com/gui/file/1e792148cee06743f14b0e96d3cc3c2cc81353af5344b61294b64bd56dc35489/detection # Reference: https://www.virustotal.com/gui/file/43e21ba4a2290cfedfce1acff67f6a14b8020a6a8672165bb8c235ccb8f81e1a/detection # Reference: https://www.virustotal.com/gui/file/0ac2f42a2e07a6c5fd6e4f1272e714ef98f85ee8150ee705092df4a338aef24a/detection http://103.145.22.215 http://178.236.42.11 http://27.124.12.21 http://45.119.52.243 103.105.23.34:3368 103.59.103.99:3366 27.124.12.2:3367 bitoke.top bitokex.top haoyun2.top fakaka16.top kakasone.top rus3rcqtp.hn-bkt.clouddn.com /5555/cdyxf.png /5555/ty.txt /6700/cdyxf.png /6700/ty.txt /7788/cdyxf.png /7788/ty.txt # Reference: https://app.any.run/tasks/a7d9af4e-7c0e-4bc1-844a-cef9b3ac3617/ bensonman-1318879887.cos.accelerate.myqcloud.com # Reference: https://twitter.com/naumovax/status/1711430493822976216 # Reference: https://twitter.com/Jane_0sint/status/1711716833970020835 # Reference: https://app.any.run/tasks/38e0a2e7-fb09-4e3b-8c6a-081821e24a0d/ 122.10.15.8:7060 164.88.140.82:7000 27.124.6.64:7700 38.165.9.247:7000 38.6.160.10:7000 # Reference: https://twitter.com/naumovax/status/1712461549494014420 # Reference: https://app.any.run/tasks/4f50dd6b-99a6-4b46-b0ee-40c9eb82ab07/ # Reference: https://www.virustotal.com/gui/file/9ee6e44f1d3444f3d17614273d11cd9e373f7bec152be4de262da9e8a3a07d07/detection http://134.122.138.2 134.122.138.2:2023 # Reference: https://threatfox.abuse.ch/browse/malware/win.ghost_rat/ (# 2023-10-13) 1.13.249.49:7070 103.148.245.125:999 106.52.216.65:999 106.55.28.59:5688 115.236.153.170:32592 116.63.35.42:12000 121.5.136.143:2012 123.99.198.130:12323 123.99.198.130:12611 124.222.227.63:12345 124.223.199.81:8808 124.248.67.83:12323 124.248.67.83:12611 125.229.22.79:3456 125.229.22.79:3458 144.202.74.176:81 180.97.238.254:8000 202.63.172.122:47779 202.95.8.183:8888 211.101.247.155:8000 222.222.106.47:8008 38.181.20.78:6000 47.111.82.157:42090 51.222.230.191:443 61.147.199.238:8000 85.214.255.25:53 # Reference: https://twitter.com/g0njxa/status/1715081804649046128 # Reference: https://app.any.run/tasks/1246e115-7cd2-4b91-8723-f61bd9bd5b8a/ # Reference: https://www.virustotal.com/gui/file/d565948a3b1b0d86166b62553864a7739284a292cc9c832fddf696bb274f8166/detection 195.130.202.155:450 195.130.202.232:8004 # Reference: https://threatfox.abuse.ch/ioc/1195820/ 106.12.126.136:8086 # Reference: https://threatfox.abuse.ch/browse/malware/win.ghost_rat/ (# 2023-11-01) 103.71.154.163:6000 121.22.243.241:47779 121.62.16.112:8000 156.224.27.167:8000 61.147.93.153:999 10-10.telecgram.com 10.cmananan.com 15.cmananan.com 17.cmananan.com 30.cmananan.com 3005.qmananan.com 3009.qmananan.com 3010.qmananan.com 3011.qmananan.com 3012.qmananan.com 3013.qmananan.com 3015.qmananan.com 3016.qmananan.com 4.cmananan.com 482e6192z0.goho.co 6.cmananan.com 6x514937w5.goho.co 6xj.telegramh.net 7001.aadaa1.cc 7002.aadaa1.cc 7003.aadaa1.cc 792c682w73.goho.co a2.aadaa1.cc aadaa1.cc chao1323301.e1.luyouxia.net cmananan.com hdalulnc.e3.luyouxia.net hei.xjbtv.com hk.yunpingbao.com kekn.asselst.com knight114.e1.luyouxia.net kyy1010.e1.luyouxia.net lfh520.e1.luyouxia.net lfh521.e1.luyouxia.net lyh111.e3.luyouxia.net nmslcnmsb1.e2.luyouxia.net nzh995188.e2.luyouxia.net op114514.e1.luyouxia.net player1.e3.luyouxia.net qmananan.com rere.e3.luyouxia.net sccwangluo.asselst.com shaoshuai3.top shengfutong-pay.com t1492261251.e1.luyouxia.net telecgram.com telegramh.net vb147258.e1.luyouxia.net wangchenchao.e1.luyouxia.net xy1.youjucan.com zhj08.e2.luyouxia.net zhodaji.com # Reference: https://threatfox.abuse.ch/ioc/1198075/ # Reference: https://www.virustotal.com/gui/ip-address/20.96.151.88/detection http://20.96.151.88 # Reference: https://www.virustotal.com/gui/ip-address/51.222.230.191/relations http://51.222.230.191 51.222.230.191:443 # Reference: https://www.virustotal.com/gui/ip-address/146.59.220.235/relations http://146.59.220.235 146.59.220.235:443 # Reference: https://www.virustotal.com/gui/ip-address/54.38.116.47/relations http://54.38.116.47 54.38.116.47:443 # Reference: https://threatfox.abuse.ch/ioc/1199251/ http://211.149.226.68 # Reference: https://www.virustotal.com/gui/ip-address/184.73.185.248/detection 184.73.185.248:443 # Reference: https://www.virustotal.com/gui/ip-address/94.191.187.105/detection http://94.191.187.105 # Reference: https://www.virustotal.com/gui/ip-address/46.32.37.132/detection http://46.32.37.132 # Reference: https://www.virustotal.com/gui/ip-address/213.179.32.9/detection http://213.179.32.9 # Reference: https://www.virustotal.com/gui/ip-address/222.190.108.207/detection 222.190.108.207:443 # Reference: https://www.virustotal.com/gui/ip-address/109.190.79.33/detection http://109.190.79.33 # Reference: https://www.virustotal.com/gui/ip-address/149.210.20.118/detection 149.210.20.118:443 # Reference: https://www.virustotal.com/gui/ip-address/163.44.43.131/detection http://163.44.43.131 163.44.43.131:443 # Reference: https://www.virustotal.com/gui/ip-address/180.184.71.135/detection http://180.184.71.135 # Reference: https://www.virustotal.com/gui/ip-address/180.184.71.135/community http://180.184.71.135 180.184.71.135:443 # Reference: https://www.virustotal.com/gui/ip-address/52.61.168.199/community http://52.61.168.199 # Reference: https://www.virustotal.com/gui/ip-address/87.26.121.156/community http://87.26.121.156 # Reference: https://www.virustotal.com/gui/ip-address/37.255.148.139/detection http://37.255.148.139 37.255.148.139:443 # Reference: https://www.virustotal.com/gui/ip-address/149.210.4.170/community 149.210.4.170:443 # Reference: https://www.virustotal.com/gui/ip-address/220.90.135.156/community 220.90.135.156:443 # Reference: https://www.virustotal.com/gui/ip-address/149.210.74.229/community 149.210.74.229:443 # Reference: https://www.virustotal.com/gui/ip-address/114.35.162.47/community http://114.35.162.47 # Reference: https://www.virustotal.com/gui/ip-address/54.233.162.122/community http://54.233.162.122 # Reference: https://threatfox.abuse.ch/ioc/1204672/ 43.248.137.153:8000 # Reference: https://threatfox.abuse.ch/ioc/1206321/ 47.92.53.65:13155 # Reference: https://threatfox.abuse.ch/ioc/1206537/ yy3088429300.e2.luyouxia.net # Reference: https://twitter.com/naumovax/status/1730567945862995981 # Reference: https://tria.ge/231125-paex4aba7y/behavioral1 # Reference: https://tria.ge/231127-snxxlshd37/behavioral1 103.216.155.149:44156 192.252.181.27:13150 xingxing.asselst.com # Reference: https://www.virustotal.com/gui/ip-address/100.20.96.2/relations http://100.20.96.2 # Reference: https://threatfox.abuse.ch/browse/malware/win.ghost_rat/ (# 2023-12-10) 103.165.81.82:10086 103.45.128.143:8000 104.37.185.125:6543 107.151.244.80:6000 134.122.135.75:8000 134.122.135.81:8000 143.92.40.173:6108 149.88.73.191:8000 154.23.141.34:8000 154.55.135.102:6666 154.55.135.102:8888 163.181.92.82:1688 206.233.128.72:8899 43.136.78.18:8000 dlink.host gettimi.top book.cookielive.top new.gettimi.top q3472884397.e2.luyouxia.net # Reference: https://twitter.com/naumovax/status/1734225709994803206 # Reference: https://tria.ge/231204-mefdbaae3w # Reference: https://www.virustotal.com/gui/file/e847385dc200a5a101344a0912de4766cbd97aedfd7f4fa3a0c69e39025fd2fa/detection # Reference: https://www.virustotal.com/gui/file/e1e94dd9014aa9707605fbde38d2e3753dc8b23da507344d45416ba9583da31e/detection # Reference: https://www.virustotal.com/gui/file/9883f7808137667b448dbb4ce94c7202af626f4e34e021b581173e666ac6d8c8/detection http://1.14.71.246 1.14.25.37:1443 1.14.25.37:1444 139.186.228.218:443 # Reference: https://www.virustotal.com/gui/ip-address/89.247.50.50/community http://89.247.50.50 # Reference: https://www.virustotal.com/gui/ip-address/89.247.50.206/community http://89.247.50.206 # Reference: https://twitter.com/naumovax/status/1738198104996774145 # Reference: https://www.virustotal.com/gui/ip-address/202.63.172.17/relations # Reference: https://tria.ge/231212-kwqjhaabgj/behavioral2 # Reference: https://www.virustotal.com/gui/file/bf5a41c08bbc65bac437d651c7334a8ea6c2113a6fa20c817a1c5623124da047/detection 202.63.172.17:27100 # Reference: https://tria.ge/231205-qkdnfsbe87/behavioral1 # Reference: https://twitter.com/naumovax/status/1740305905990971642 http://38.54.25.23 http://49.129.12.59 1.14.70.108:8668 103.207.166.117:13842 206.238.199.226:8668 206.238.221.105:8668 38.60.204.65:53261 45.112.206.130:18496 # Reference: https://www.virustotal.com/gui/ip-address/18.136.0.29/community http://18.136.0.29 # Reference: https://www.virustotal.com/gui/ip-address/106.38.221.252/relations http://106.38.221.252 # Reference: https://www.virustotal.com/gui/ip-address/18.170.11.119/relations http://18.170.11.119 # Reference: https://www.virustotal.com/gui/ip-address/34.211.241.194/community http://34.211.241.194 # Reference: https://www.virustotal.com/gui/ip-address/83.22.228.184/community http://83.22.228.184 # Reference: https://twitter.com/ShanHolo/status/1746848612120744282 # Reference: https://www.virustotal.com/gui/file/3a33ee8017eeb09a4e9d416370172d49691ddf1d2e2c9388de53a4816b78d25a/detection http://45.150.67.155 http://64.176.37.64 http://8.219.91.175 http://80.92.205.55 45.150.67.155:443 64.176.37.64:443 8.219.91.175:443 80.92.205.55:443 # Reference: https://www.virustotal.com/gui/ip-address/54.200.228.98/community http://54.200.228.98 # Reference: https://threatfox.abuse.ch/ioc/1231443/ 129.204.53.10:8081 # Reference: https://www.virustotal.com/gui/ip-address/89.247.50.125/community http://89.247.50.125 # Reference: https://www.virustotal.com/gui/ip-address/217.31.202.98/community http://217.31.202.98 # Reference: https://www.virustotal.com/gui/ip-address/13.245.184.253/community http://13.245.184.253 # Reference: https://www.virustotal.com/gui/ip-address/188.127.24.220/community http://188.127.24.220 # Reference: https://www.virustotal.com/gui/ip-address/89.247.50.191/community http://89.247.50.191 # Reference: https://www.virustotal.com/gui/ip-address/100.21.141.96/community http://100.21.141.96 # Reference: https://threatfox.abuse.ch/browse/malware/win.ghost_rat/ (# 2024-03-24) http://175.203.14.166 http://221.159.15.231 1.92.90.232:8000 110.42.102.82:6688 111.67.195.90:6000 115.231.218.42:14363 123.99.198.201:20064 124.248.69.29:14363 156.236.72.163:8000 175.24.197.196:8001 18.158.249.75:14210 18.192.31.165:14210 198.44.174.170:10086 198.44.174.232:10086 216.83.40.187:7777 3.124.142.205:14210 3.125.223.134:14210 42.237.24.42:7899 42.237.25.52:7899 43.248.129.152:8000 8.130.11.62:8000 54412.e3.luyouxia.net 66ddjkr.e3.luyouxia.net ad2916985983.e2.luyouxia.net asjidoaiosdjo.e3.luyouxia.net cn-he-plc-2.openfrp.top fdsfhkjf.e3.luyouxia.net gx121.e1.luyouxia.net hfs666.top i.wanna.see.20242525.xyz kx5555.e3.luyouxia.net latiao.ddns.net 996m2m2.top xc091221.e2.luyouxia.net xiaoyuwudi.e3.luyouxia.net zxyhwww.top # Reference: https://twitter.com/RacWatchin8872/status/1787150297049027027 # Reference: https://www.virustotal.com/gui/file/0b997cf73baa61d852212bd26044cbaaf5e7e366553043bc10b6d17f20d2df96/detection http://60.204.249.34 60.204.249.34:8000 # Reference: https://twitter.com/naumovax/status/1787433507536384139 # Reference: https://tria.ge/240402-bd4hzaca7x/behavioral2 # Reference: https://www.virustotal.com/gui/file/fdf08d6b2e7283f7317a2a32a6ef8665d9e0f7c346c59867be407892bb165cb6/detection 154.12.85.161:3020 # Reference: https://x.com/ShanHolo/status/1792835827464282545 # Reference: https://www.virustotal.com/gui/file/677cea91ba7171d1a19f3c49d077db58bd66da053a190df60ac258a45407c48f/detection 103.214.23.195:42534 119.81.27.109:42534 se1f.cc dgz.se1f.cc # Reference: https://www.virustotal.com/gui/file/6c01c1ddc969faaede15958721a1eab7cd4f79009235bde37b4087968be805f7/detection # Reference: https://www.virustotal.com/gui/file/7e239cdc3d9598732c711475fb81f9ec40668668b9f20db60e4a7f5a68f723c3/detection 119.81.125.20:2082 148.66.129.146:2082 211.20.120.161:2082 51.79.160.233:2082 serv.se1f.cc serv1.se1f.cc # Reference: https://www.virustotal.com/gui/file/68fc0e714bd7982ac3e2cbfd00a4362f6a4daffe1be6a0efaa632064b7981a20/detection 103.147.186.4:2082 148.66.129.146:2082 works01.se1f.cc works02.se1f.cc # Reference: https://www.virustotal.com/gui/file/651fe4b8be23c8c42db4b85e69cef5a7bd5694476a49ea88d9c9ec93575ab398/detection dl.se1f.cc dow.se1f.cc downer.se1f.cc # Reference: https://x.com/SBousseaden/status/1795166821030543649 # Reference: https://www.virustotal.com/gui/file/8b24e43d325a556c6797cc7753f6a555d47b0c7f24bad99b2009baf8a0796065/detection # Reference: https://www.virustotal.com/gui/file/7d5961b64d45bd62968eca15f2811c7aa1df243dcc57e5aafdf4de2f4f47c9c3/detection # Reference: https://www.virustotal.com/gui/file/5d6539defb2a24752445dd1c4a3698253f7199e1a0c27af7c4feb7130809d6a9/detection http://198.176.59.144 154.19.70.72:443 195.130.202.48:449 195.130.202.52:35 206.119.117.209:8001 # Reference: https://x.com/burp_heart/status/1799455219543404633 # Reference: https://www.virustotal.com/gui/file/a4b25c7a464cabbedef80a704ec8c7cd84a98073b055ddc42f2fb5b7d81ff250/detection 146.19.100.7:8000 154.201.91.59:44557 # Reference: https://www.virustotal.com/gui/file/39345b9dc44db0aec3ceb63efa9f4b0bb74753da4fa421745acff9835f50debc/detection 123.249.25.73:5653 # Reference: https://www.virustotal.com/gui/file/4997ad5623cd3aba8ad80c894482b69a3b5d51669bf6d02e5f393e4e1ecb6da1/detection 123.249.25.73:7830 # Reference: https://asec.ahnlab.com/ko/67509/ http://121.204.249.123 121.204.249.123:8077 154.201.87.185:999 164.155.205.99:999 # Reference: https://x.com/lontze7/status/1808764061288395023 http://122.51.183.116 122.51.183.116:443 # Reference: https://www.akamai.com/blog/security-research/2024-php-exploit-cve-one-day-after-disclosure 147.50.253.109:44119 # Reference: https://x.com/malwrhunterteam/status/1813892619170418949 # Reference: https://www.virustotal.com/gui/file/8fe382f79d4834a4dbc9abda1681a77187c08c087b704f9a5ad8af50f128c2ce/detection http://206.238.196.148 206.238.196.148:6666 # Reference: https://www.esentire.com/blog/a-dropper-for-deploying-gh0st-rat # Reference: https://github.com/esThreatIntelligence/iocs/blob/main/Gh0stGambit_Gh0stRAT/Gh0stGambit_Gh0stRAT.txt http://104.143.46.143 http://104.143.47.226 http://154.23.179.113 http://38.181.34.153 http://38.181.34.182 http://38.181.34.219 http://38.181.34.72 http://38.181.35.129 http://38.181.35.71 1683.org asj658g.cyou bb6575.cyou bbnhh.icu bngcp.icu hzj66.vip mk65yui45876.cyou mm6695.cyou nnnjkj.bond pplilv.top pplilvbest.cyou # Reference: https://www.virustotal.com/gui/file/db4d47190376d2bd3f2a00c7433ddba94a3a09db4148a99aa920b92642f0aee9/detection 156.247.32.199:6666 156.247.32.199:8080 fadale.cc # Reference: https://x.com/malwrhunterteam/status/1820498954104209643 # Reference: https://www.virustotal.com/gui/file/f0c3c3aff910d8790469b522a37c27a8bf084c70003aa94e4d4e153f9a9f47e3/detection # Reference: https://www.virustotal.com/gui/file/38d506ff86e4fa113a7cfce2d8834be9769e5c6ec1c68bdc29428a052058cc69/detection http://206.119.117.61 103.145.86.153:6666 43.156.96.21:8080 qaqbba.com qaqbba.top # Reference: https://www.virustotal.com/gui/file/a7bdd967748664c18c128920641d73669af8f9ad81c013f64d7709deeae6a78f/detection benson-1318162842.cos.accelerate.myqcloud.com # Reference: https://threatfox.abuse.ch/browse/malware/win.ghost_rat/ (# 2024-08-18) http://122.51.35.39 http://122.9.69.40 http://60.204.235.186 1.92.90.232:8080 103.158.37.147:443 103.44.246.66:8000 103.71.152.68:1000 115.231.218.42:10299 117.24.12.243:8888 12123das.f3322.net 122.199.186.108:6215 122.9.69.40:8000 123.99.198.130:10299 124.222.81.240:81 124.248.69.14:14363 12512.e3.luyouxia.net 137.220.137.85:24818 154.12.93.14:1153 154.12.93.14:13855 154.91.90.216:6666 171.38.43.209:42421 183.131.85.64:14363 202.63.172.119:47779 202.63.172.120:47779 206.233.240.70:5808 206.238.199.35:6000 206.238.220.206:7777 206.238.43.211:6666 24365426.e3.luyouxia.net 27.25.156.47:8000 36.212.238.69:8000 43.139.48.143:1450 47.111.82.157:14352 47.115.207.251:8006 47.120.59.37:6161 60.205.132.75:13155 62.234.90.4:8000 8.210.206.52:1725 8.210.22.92:6000 8.217.223.172:6000 U22.zgwl.eu.org aiac.f3322.net bj.caobibibi.com honchengkeji.f3322.net jjjj7371.e1.luyouxia.net kinh.xmcxmr.com microsoftel.com newyk5.e3.luyouxia.net nnmz.e3.luyouxia.net q596110.3322.org sy12311.e3.luyouxia.net twrata.com xisafjasfjip.u1.luyouxia.net zhangkedong.u1.luyouxia.net zxww.e3.luyouxia.net # Reference: https://x.com/malwrhunterteam/status/1829810337350025447 # Reference: https://www.virustotal.com/gui/file/e05826b2375f069043fa220f92b8ae2dafa2f798930bfb56ca86251b6cbb7fc6/detection # Reference: https://www.virustotal.com/gui/file/d1f4e345dbdb06016b682f5dd2ff9dc4f2206059e4b8b7baa9d7745b1ff2a5ae/detection # Reference: https://www.virustotal.com/gui/file/c8d76cbe86dcbe77f983e85107c2a6f7367e3d0e82c8bf2b8fd1801da67d675c/detection # Reference: https://www.virustotal.com/gui/file/2eee70c3f0da076439e680bd576302e073f71e9175952c1d8259b216762fc627/detection 103.158.36.181:8000 104.233.187.200:3000 # Reference: https://threatfox.abuse.ch/browse/malware/win.ghost_rat/ (# 2024-09-22) http://124.221.28.167 http://140.143.203.107 http://143.92.58.218 101.17.46.79:11631 103.199.101.81:1000 103.73.161.186:8080 115.230.124.27:7317 115.230.124.27:9026 116.62.193.113:222 221.10.93.196:2499 221.10.93.196:2500 27.155.132.108:23801 27.156.64.174:23801 27.156.64.88:23801 27.25.148.152:8080 8.146.204.76:8000 # Reference: https://x.com/RakeshKrish12/status/1851147705600315772 # Reference: https://www.virustotal.com/gui/file/d202ed020ed8e36bd8a0f5b571a19d386c12abecb2a28c989d50bbf92c78f54e/detection 121.182.174.27:3000 121.196.49.217:12358 # Reference: https://x.com/malwrhunterteam/status/1834902728633446807 # Reference: https://www.fortinet.com/blog/threat-research/threat-campaign-spreads-winos4-through-game-application # Reference: https://www.virustotal.com/gui/file/c9817d415d34ea3ae07094dae818ffe8e3fb1d5bcb13eb0e65fd361b7859eda7/detection ad59t82g.com # Reference: https://x.com/malwrhunterteam/status/1859303181760557356 # Reference: https://www.virustotal.com/gui/file/9ce9057feff7a9e9c750eae2ab2e50a004e5a7beff471de7b2dc28a41b34bf6b/detection 8.210.144.166:443 boss.google.tw.cn # Reference: https://x.com/banthisguy9349/status/1869370981737025813 aadww3.cc nbdsnb2.top qqdcc4.cc yydsnb1.top 26.cmananan.com a11.nbdsnb2.top a11.yydsnb1.top a15.nbdsnb2.top a15.yydsnb1.top a16.nbdsnb2.top a16.yydsnb1.top a17.aadww3.cc a18.nbdsnb2.top a18.yydsnb1.top a3.nbdsnb2.top a3.yydsnb1.top a31.aadww3.cc a31.qqdcc4.cc a34.aadww3.cc a34.qqdcc4.cc a37.aadww3.cc a37.qqdcc4.cc a4.nbdsnb2.top a4.yydsnb1.top a40.aadww3.cc a40.qqdcc4.cc a5.aadww3.cc a5.qqdcc4.cc a11xxx1.oss-cn-hongkong.aliyuncs.com a12xxx1.oss-cn-hongkong.aliyuncs.com a15aaa1.oss-cn-hongkong.aliyuncs.com a16eea1.oss-cn-hongkong.aliyuncs.com a17rrr1.oss-cn-hongkong.aliyuncs.com a18qqq1.oss-cn-hongkong.aliyuncs.com a19ccc1.oss-cn-hongkong.aliyuncs.com a23uuu1.oss-cn-hongkong.aliyuncs.com a26bbb1.oss-cn-hongkong.aliyuncs.com bbbitcoin.oss-cn-hongkong.aliyuncs.com # Reference: https://x.com/x86rax/status/1871305149525938305 # Reference: https://www.virustotal.com/gui/file/2e8018f36f3e682f8c8f407448cb2c41e639707c251ae5877090d61286143ba4/detection http://122.130.170.45 119.91.100.85:3510 us2.host.skybad.top # Reference: https://x.com/James_inthe_box/status/1882526324834939379 # Reference: https://app.any.run/tasks/365f8969-106d-4fa0-8587-7d2593731a67 zlonline.oss-cn-shenzhen.aliyuncs.com # Reference: https://x.com/skocherhan/status/1883288235507609768 # Reference: https://www.virustotal.com/gui/file/933d328fc61efbcf04430715d2c746c6a59290c8834d2eb40c40de7e448fa7b6/detection # Reference: https://www.virustotal.com/gui/file/791d966495c683a455b24217ff94cab0dc3aeeb75ebffb5bfd134129e14550bb/detection # Reference: https://www.virustotal.com/gui/file/f5674b7c5d6cc7fd5461ae27dbd573b428bac7cecb241b91d7271e42a11be9bd/detection 47.243.63.150:45 8.217.47.21:45 shunlilaicai.com star1ine.com wenxincehua.top asi.wenxincehua.top zhlc.star1ine.com # Reference: https://x.com/skocherhan/status/1883296818718810416 # Reference: https://app.validin.com/detail?find=Telegram%E4%B8%AD%E6%96%87%E7%89%88-telegram%E4%B8%8B%E8%BD%BD-%E7%BA%B8%E9%A3%9E%E6%9C%BA%E4%B8%AD%E6%96%87%E7%89%88-Telegram%E5%AE%98%E7%BD%91%E4%B8%8B%E8%BD%BD&type=raw&ref_id=9efa793ea0a#tab=host_pairs (# 2025-01-26) # Reference: https://www.virustotal.com/gui/file/12c887d191db87b8afd9dd3eb433b389b01ff8e0ba1b3a113ff25a2fae0ca61c/detection # Reference: https://www.virustotal.com/gui/file/00a6efec3220a1d05cdff01e1d1c93efb03302863142d2b23b883bb47541adc4/detection 154.19.85.71:54 dirtelegram.com telegrai.com telegram-zh.cn telegram0.com telegram2.com telegrames.org telegramla.com telegramo.cn telegramrcn.org telegramrm.org telegramsit.com telegramtee.com telegramvs.com telegramxx.com telegramxx.org telegramza.org telegramzi.org telegrarcn.com telegrarm.org telegrarnm.org telegrasm.com telegrm.net telegrmce.org telegrmea.org telegrom.net telegrpm.org telegrrem.org telegrrram.org tnlegram.org tplegram.org adminuser.telegrm.net bossex.app.tw.cn free.down.tw s1.star1ine.com web.telegrpm.org ww1.telegram0.com # Reference: https://app.validin.com/detail?type=ip&find=38.55.144.167#tab=resolutions (# 2025-01-25) 0ray.cn 0xvpn.com 21vpn.com 29vpn.com 365vpn.net 520vpn.com 91ajs.vip 91vpn.net 92ajs.com aiduo.cc aiduotv.cc aijiasu.me ajs91.cn ajs91.com ajsapp.net ajsk.net ajsvpn.cc ajsvpn.cn aladdinvpn.com androvpn.com bestvpnsfor.com cccvpn.com cdnzj.com cpjackvpn.com cppotentvpn.com cpvpnish.com cxvpn.com d-quick.com divpn.com downquick.com exepressvpn.com expressovpn.com fesvpn.com fjvpn.com fkvpn.com fqvpn.com fxvpn.org got-vpn.net grammassecret.com hidedown.com hotelegram.com htavpn.com hxvpn.com ipv6vpn.cn isvpn.net jackvpn.com jdjsq.com jisuvpn.com jsgvpn.com jsqfgs.com juavpn.com koproxy.com kris.r2vpn.com krvpn.com kuailianvpns.com lavpn.com letsiovpn.com letssvpn.icu mayivpn.com mvvpn.cn neekvpn.com nodeskvpn.com notracevpn.com okwallet.cn opnevpn.com opnvpn.org opvpn.icu potatoz.cn potentvpn.com poxyvpn.com protonvvpn.com q-vpn.com qqvpn.com quickqvpn.cyou quickqvpn.icu quickqvpn.me quickqvpn.org quickqvpn.top quickqvpn.vip quickvpn.net r2vpn.com sbvpn.com starlinkvpn.cn starlinkvpn.org stylevpn.com sulianvpn.com surfsharkvpnapp.com szquick.com t-elegram.org te-legram.org telegra.vip telegramle.com telegramreg.net telegran.org.cn telegrp.com telegrzm.com teolegram.org ticvpn.com tipvpn.com tntvpn.com top10vpnservices.com top2vpn.com topcvpn.com traneasy.org trc.tw trelegram.com tzvpn.com udunclod.com umsvpn.com unixvpn.com v4vpn.com visvpn.com vitevpn.com vpn-web.com vpn11.cn vpn169.com vpn6.cn vpncc.com vpndoor.com vpne.net vpngg.com vpngogogo.com vpngrade.com vpnh.cn vpnhike.com vpnic.com vpnier.com vpnint.com vpnish.com vpnkkk.com vpnla.com vpnlily.com vpnnvs.cn vpnprotego.com vpnr.net vpntx.com vpnwc.com vpnzh.com vvvvpn.com vxsvpn.com weixiaovpn.com whasapp.cn whatsappd.com whm.odvpn.com whovpn.net whstsaapp.com whsvpn.com wthasapp.cn xhj-vpn.cn xhj-vpn.com xhjvpn.net xiaohuojianvpn.org xnvpn.com xpvpn.net xxnet.org yaklang.org yasvpn.net yesvpn.net yfcdn.com # Reference: https://app.validin.com/detail?find=38.55.144.81&type=ip4&ref_id=9d1bcc0d7a3#tab=resolutions 88vpn.com app.tw.cn chvpn.com obaby.net odvpn.com rsvpn.com # Reference: https://x.com/skocherhan/status/1891381443399455029 http://69.165.65.24 69.165.65.24:8888 # Reference: https://x.com/malwrhunterteam/status/1892634169131356453 # Reference: https://www.virustotal.com/gui/file/b415eb69ca677ae41546bc7ff4b854ddc7b016cec1cc48b06b8669d5bc68d0bd/detection 27.124.17.49:4433 palaeentomology.s3.ap-east-1.amazonaws.com # Reference: https://x.com/malwrhunterteam/status/1894137699990126853 # Reference: https://www.virustotal.com/gui/file/d29ba6bda577edd6a77e4c5e1c416b06d0c5e853af9a9c47c667f7ac2489ed12/detection 103.214.172.100:6745 td49t43g.com # Reference: https://www.virustotal.com/gui/file/d025ce0fb9c6da7a80fa56cac8814f5a2c2a91fa208d38de86cf81b9eec4ad1b/detection # Reference: https://www.virustotal.com/gui/file/bf201c1e5cd4898342b13f9adb4445ca10e0327376621ca1ac87bebbcb01a87a/detection # Reference: https://www.virustotal.com/gui/file/4acf6fb040a622ed812ef184d965fe47395b57b85c2e566803a9c3a1ec5ed94b/detection 27.124.17.74:45 mi.ai89.me # Reference: https://x.com/malwrhunterteam/status/1894518639035908148 # Reference: https://www.virustotal.com/gui/file/12ab07d75352c3c9d6b37175201b718fa8d754b6835f4692192559c811d39c98/detection 202.95.14.88:45 xcrsiss.icu xcr.xcrsiss.icu # Reference: https://x.com/malwrhunterteam/status/1905747239148122288 # Reference: https://www.virustotal.com/gui/file/455b4ba2fd6cee2144dd48a10a76c4bfd09a16de45033c512c2bcb9fab16c1c8/detection 154.82.85.30:45 mlcrosoft.cyou xtssiss.icu xt.xtssiss.icu zhxt.mlcrosoft.cyou # Reference: https://x.com/malwrhunterteam/status/1894810293357752435 # Reference: https://www.virustotal.com/gui/file/f471453cb4e6ff3ac0008cb15968e90caad2669bc107aa125034bd13ec33f634/detection 118.107.44.62:45 tuiguang168.top # Reference: https://x.com/malwrhunterteam/status/1895416061178290521 # Reference: https://www.virustotal.com/gui/file/1f846658ba4a5328ca5c40d4d2018153e5a0c22612699b1f494e73773126cdf6/detection 154.82.84.154:45 xyssiss.icu xy.xyssiss.icu # Reference: https://x.com/malwrhunterteam/status/1895900110602846333 # Reference: https://www.virustotal.com/gui/file/c32554488f4f8bec19e32dd0d4e99ba2f0b8b36f7b7a51f07dc2b45c702d70f7/detection 206.238.115.18:6666 206.238.115.18:8888 # Reference: https://x.com/malwrhunterteam/status/1896558624509710803 # Reference: https://www.virustotal.com/gui/ip-address/47.243.64.137/relations # Reference: https://www.virustotal.com/gui/file/82b44f0050e56f53f97bb95aa4ad9135422ca8948ff6b42b16ddac0bdfc0a6ce/detection http://23.226.57.52 23.226.57.52:45 jinpaikeji338.top jinpaisere.buzz jksrszzx.top # Reference: https://x.com/skocherhan/status/1896828031609741508 # Reference: https://www.virustotal.com/gui/file/fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2/detection 134.122.207.6:1080 # Reference: https://x.com/malwrhunterteam/status/1896864217460052352 # Reference: https://www.virustotal.com/gui/file/696a183a93ed8385b22afc8f428f8bf3eae535b085449d5603cef71658cfa491/detection 121.43.60.1:5252 # Reference: https://x.com/malwrhunterteam/status/1898084767830065500 # Reference: https://www.virustotal.com/gui/file/27704918683ead37ff245087d68d92c68a7a6228aa30b25c92ea4f9d23319713/detection # Reference: https://www.virustotal.com/gui/file/4ca8ad80a83623177db3e8ed40ef7a8fe7371a764f1a3110745251d8ee60009a/detection 47.86.104.84:45 yossiss.icu yo.yossiss.icu googge1-1335747301.cos.ap-hongkong.myqcloud.com # Reference: https://x.com/malwrhunterteam/status/1900590487431455025 # Reference: https://www.virustotal.com/gui/file/f34d4205c53455854899f755ad75e3014e57b9c5221e687494f7403d30bc9f4c/detection 206.238.115.224:4433 telegram--www.com # Reference: https://x.com/malwrhunterteam/status/1900648279899029945 # Reference: https://www.virustotal.com/gui/file/d391016b69bd9b8f23412c16538e1527948375212014af88eb0be28738b5d6cb/detection 192.238.134.101:7777 8010.helloqu.com homekitchenthings.com matearestobar.com iahdixoc.homekitchenthings.com # Reference: https://x.com/malwrhunterteam/status/1901591934709232117 # Reference: https://www.virustotal.com/gui/file/7d02195796b79bbc59f0e1ba543f31df2cfbd40cc171bc29a0289d579fc0c200/detection 8.217.85.20:27955 # Reference: https://x.com/malwrhunterteam/status/1903079916150620405 # Reference: https://x.com/malwrhunterteam/status/1921900948001083765 # Reference: https://www.virustotal.com/gui/file/349b54f136e63904ed5a1b3921d8744d3815592690f9167aedd3ead075ced9a4/detection # Reference: https://www.virustotal.com/gui/file/d8655cb920dff79d3fc2006247925cf66c198595ed3e496218a5b24c2bb1080f/detection 103.156.24.15:9918 43.224.224.15:9918 micro-windows.info ggt-9918.micro-windows.info # Reference: https://x.com/Unit42_Intel/status/1902754112988471537 # Reference: https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2025-03-19-IOCs-for-Chinese-Language-trojanized-installers.txt 103.181.134.138:8080 deep-seek.app deep-seek.art deep-seek.asia deep-seek.band deep-seek.bar deep-seek.bio deep-seek.biz deep-seek.blog deep-seek.bond deep-seek.bot deep-seek.cfd deep-seek.chat deep-seek.click deep-seek.cloud deep-seek.club deep-seek.cyou deep-seek.dev deep-seek.fan deep-seek.fit deep-seek.fun deep-seek.fyi deep-seek.group deep-seek.help deep-seek.icu deep-seek.info deep-seek.ink deep-seek.lat deep-seek.life deep-seek.link deep-seek.live deep-seek.love deep-seek.ltd deep-seek.net deep-seek.one deep-seek.org deep-seek.plus deep-seek.pro deep-seek.qpon deep-seek.rest deep-seek.run deep-seek.sale deep-seek.sbs deep-seek.shop deep-seek.site deep-seek.store deep-seek.team deep-seek.tech deep-seek.top deep-seek.uno deep-seek.video deep-seek.wang deep-seek.wiki deep-seek.work deep-seek.world deep-seek.xin deep-seek.xyz i4toolsearch.vip i4toolssaana.top i4toolssaand.top i4toolssaanf.top i4toolssaang.top i4toolssaanh.top i4toolssaanj.top i4toolssaank.top i4toolssaanl.top i4toolssaanq.top i4toolssaans.top i4toolssaasa.top i4toolssaasd.top i4toolssaasf.top i4toolssaasg.top i4toolssaash.top i4toolssaasj.top i4toolssaask.top i4toolssaasl.top i4toolssaasm.top i4toolssaasn.top i4toolssaave.top i4toolssaavi.top i4toolssaavo.top i4toolssaavp.top i4toolssaavq.top i4toolssaavr.top i4toolssaavt.top i4toolssaavu.top i4toolssaavw.top i4toolssaavy.top i4toolssaaxa.top i4toolssaaxd.top i4toolssaaxf.top i4toolssaaxg.top i4toolssaaxh.top i4toolssaaxj.top i4toolssaaxk.top i4toolssaaxl.top i4toolssaaxs.top i4toolssaaxz.top i4toolssaaze.top i4toolssaazi.top i4toolssaazo.top i4toolssaazp.top i4toolssaazq.top i4toolssaazr.top i4toolssaazt.top i4toolssaazu.top i4toolssaazw.top i4toolssaazy.top i4toolssddna.top i4toolssddnd.top i4toolssddnf.top i4toolssddng.top i4toolssddnh.top i4toolssddnj.top i4toolssddnk.top i4toolssddnl.top i4toolssddnq.top i4toolssddns.top i4toolssddsa.top i4toolssddsd.top i4toolssddsf.top i4toolssddsg.top i4toolssddsh.top i4toolssddsj.top i4toolssddsk.top i4toolssddsl.top i4toolssddsm.top i4toolssddsn.top i4toolssddve.top i4toolssddvi.top i4toolssddvo.top i4toolssddvp.top i4toolssddvq.top i4toolssddvr.top i4toolssddvt.top i4toolssddvu.top i4toolssddvw.top i4toolssddvy.top i4toolssddxa.top i4toolssddxd.top i4toolssddxf.top i4toolssddxg.top i4toolssddxh.top i4toolssddxj.top i4toolssddxk.top i4toolssddxl.top i4toolssddxs.top i4toolssddxz.top i4toolssddze.top i4toolssddzi.top i4toolssddzo.top i4toolssddzp.top i4toolssddzq.top i4toolssddzr.top i4toolssddzt.top i4toolssddzu.top i4toolssddzw.top i4toolssddzy.top i4toolssffna.top i4toolssffnd.top i4toolssffnf.top i4toolssffng.top i4toolssffnh.top i4toolssffnj.top i4toolssffnk.top i4toolssffnl.top i4toolssffnq.top i4toolssffns.top i4toolssffsa.top i4toolssffsd.top i4toolssffsf.top i4toolssffsg.top i4toolssffsh.top i4toolssffsj.top i4toolssffsk.top i4toolssffsl.top i4toolssffsm.top i4toolssffsn.top i4toolssffve.top i4toolssffvi.top i4toolssffvo.top i4toolssffvp.top i4toolssffvq.top i4toolssffvr.top i4toolssffvt.top i4toolssffvu.top i4toolssffvw.top i4toolssffvy.top i4toolssffxa.top i4toolssffxd.top i4toolssffxf.top i4toolssffxg.top i4toolssffxh.top i4toolssffxj.top i4toolssffxk.top i4toolssffxl.top i4toolssffxs.top i4toolssffxz.top i4toolssffze.top i4toolssffzi.top i4toolssffzo.top i4toolssffzp.top i4toolssffzq.top i4toolssffzr.top i4toolssffzt.top i4toolssffzu.top i4toolssffzw.top i4toolssffzy.top i4toolssggna.top i4toolssggnd.top i4toolssggnf.top i4toolssggng.top i4toolssggnh.top i4toolssggnj.top i4toolssggnk.top i4toolssggnl.top i4toolssggnq.top i4toolssggns.top i4toolssggsa.top i4toolssggsd.top i4toolssggsf.top i4toolssggsg.top i4toolssggsh.top i4toolssggsj.top i4toolssggsk.top i4toolssggsl.top i4toolssggsm.top i4toolssggsn.top i4toolssggve.top i4toolssggvi.top i4toolssggvo.top i4toolssggvp.top i4toolssggvq.top i4toolssggvr.top i4toolssggvt.top i4toolssggvu.top i4toolssggvw.top i4toolssggvy.top i4toolssggxa.top i4toolssggxd.top i4toolssggxf.top i4toolssggxg.top i4toolssggxh.top i4toolssggxj.top i4toolssggxk.top i4toolssggxl.top i4toolssggxs.top i4toolssggxz.top i4toolssggze.top i4toolssggzi.top i4toolssggzo.top i4toolssggzp.top i4toolssggzq.top i4toolssggzr.top i4toolssggzt.top i4toolssggzu.top i4toolssggzw.top i4toolssggzy.top i4toolsshhna.top i4toolsshhnd.top i4toolsshhnf.top i4toolsshhng.top i4toolsshhnh.top i4toolsshhnj.top i4toolsshhnk.top i4toolsshhnl.top i4toolsshhnq.top i4toolsshhns.top i4toolsshhsa.top i4toolsshhsd.top i4toolsshhsf.top i4toolsshhsg.top i4toolsshhsh.top i4toolsshhsj.top i4toolsshhsk.top i4toolsshhsl.top i4toolsshhsm.top i4toolsshhsn.top i4toolsshhve.top i4toolsshhvi.top i4toolsshhvo.top i4toolsshhvp.top i4toolsshhvq.top i4toolsshhvr.top i4toolsshhvt.top i4toolsshhvu.top i4toolsshhvw.top i4toolsshhvy.top i4toolsshhxa.top i4toolsshhxd.top i4toolsshhxf.top i4toolsshhxg.top i4toolsshhxh.top i4toolsshhxj.top i4toolsshhxk.top i4toolsshhxl.top i4toolsshhxs.top i4toolsshhxz.top i4toolsshhze.top i4toolsshhzi.top i4toolsshhzo.top i4toolsshhzp.top i4toolsshhzq.top i4toolsshhzr.top i4toolsshhzt.top i4toolsshhzu.top i4toolsshhzw.top i4toolsshhzy.top i4toolssjjna.top i4toolssjjnd.top i4toolssjjnf.top i4toolssjjng.top i4toolssjjnh.top i4toolssjjnj.top i4toolssjjnk.top i4toolssjjnl.top i4toolssjjnq.top i4toolssjjns.top i4toolssjjsa.top i4toolssjjsd.top i4toolssjjsf.top i4toolssjjsg.top i4toolssjjsh.top i4toolssjjsj.top i4toolssjjsk.top i4toolssjjsl.top i4toolssjjsm.top i4toolssjjsn.top i4toolssjjve.top i4toolssjjvi.top i4toolssjjvo.top i4toolssjjvp.top i4toolssjjvq.top i4toolssjjvr.top i4toolssjjvt.top i4toolssjjvu.top i4toolssjjvw.top i4toolssjjvy.top i4toolssjjxa.top i4toolssjjxd.top i4toolssjjxf.top i4toolssjjxg.top i4toolssjjxh.top i4toolssjjxj.top i4toolssjjxk.top i4toolssjjxl.top i4toolssjjxs.top i4toolssjjxz.top i4toolssjjze.top i4toolssjjzi.top i4toolssjjzo.top i4toolssjjzp.top i4toolssjjzq.top i4toolssjjzr.top i4toolssjjzt.top i4toolssjjzu.top i4toolssjjzw.top i4toolssjjzy.top xiaobaituziha.com xiazailianjieoss.com youdaohhna.top youdaohhnd.top youdaohhnf.top youdaohhng.top youdaohhnh.top youdaohhnj.top youdaohhnk.top youdaohhsa.top youdaohhsd.top youdaohhsf.top youdaohhsg.top youdaohhsh.top youdaohhsj.top youdaohhsk.top youdaohhve.top youdaohhvi.top youdaohhxa.top youdaohhxd.top youdaohhxf.top youdaohhxg.top youdaohhxh.top youdaohhxj.top youdaohhxk.top youdaohhze.top youdaohhzi.top fs-im-kefu.7moor-fs1.com # Reference: https://x.com/malwrhunterteam/status/1904143434098557373 # Reference: https://www.virustotal.com/gui/file/779ca615925a9a6a4db8f9b0f7b50c149ffbbb60a7832520b2f4257a5a7d6199/detection # Reference: https://www.virustotal.com/gui/file/fac8d4e726208cb64b70e61a538c4567c4c1e467d4d1fc329a109315594c9004/detection 47.86.28.28:10861 47.86.28.28:10862 47.86.28.28:18852 47.86.28.28:18853 47.86.28.28:8852 # Reference: https://x.com/malwrhunterteam/status/1905736742168326303 # Reference: https://www.virustotal.com/gui/file/b560f76f7603e3ec88a874085f15499ec043917d93e306b3b0fb7a913b54f287/detection 118.107.46.162:5650 liuddiase1li.com mee333.com zhanas1fa32.com a87.mee333.com a88.mee333.com a99.mee333.com api.mee333.com lc.liuddiase1li.com lc.zhanas1fa32.com # Reference: https://x.com/Jane_0sint/status/1907491246341501368 # Reference: https://www.virustotal.com/gui/file/528049345279a58dc71a5c3aca9cfdb3b9d4b92dd998979f9e631bb0681e1b2a/detection # Reference: https://www.virustotal.com/gui/file/c00b5e1626215154c153fb4fe6c9ddf89cbd34528ad9e63cf032ed9763a62dc6/detection http://103.148.186.142 http://195.130.202.44 http://206.119.117.165 103.148.186.142:16660 195.130.202.44:16123 206.119.117.165:16123 haoandwei.xyz apiv3.haoandwei.xyz bloges.haoandwei.xyz info.haoandwei.xyz # Reference: https://x.com/malwrhunterteam/status/1907156909800448265 # Reference: https://www.virustotal.com/gui/file/ca05f31b3e84f5607514d50e78e50a2af90a6b745b1466879031475c1c9bfdc6/detection 104.143.33.39:45 mlcrosoft.bond telegramzw.org boss.telegramzw.org zzhy.mlcrosoft.bond # Reference: https://www.virustotal.com/gui/file/946e6e1b31fa15a9d1bec79aa9d2b525536c6d2f8fad48dc8685cb915e96eea0/detection 47.238.66.85:7777 helloqu.com 8008.helloqu.com # Reference: https://www.virustotal.com/gui/file/782da477d93b6be61b926b97ad2eeaf025718ab762962be3d3a7ef01c3bd01eb/detection 206.238.115.149:7777 8009.helloqu.com # Reference: https://x.com/malwrhunterteam/status/1909601624969855075 # Reference: https://www.virustotal.com/gui/file/f81b621991e38e4c33bb0b2dc966d3c45c806b38686730f79cc270e245c89da5/detection 202.95.8.53:45 kksiss.icu ku.kksiss.icu lets-1348336590.cos.ap-hongkong.myqcloud.com zhkunk.mlcrosoft.cyou # Reference: https://x.com/malwrhunterteam/status/1909883117713707305 # Reference: https://www.virustotal.com/gui/file/bbd68e2e5e172b7ab3131fab87eb3c25542a935f99279bf05f1d35a7214ba04a/detection 43.230.171.42:45 cassiss.icu ca.cassiss.icu zhca.mlcrosoft.cyou # Reference: https://x.com/malwrhunterteam/status/1910078946525225390 # Reference: https://www.virustotal.com/gui/file/db15f45f69f863510986fb2198a8a6b3d55d8ccc8a2ed4bb30bc27bdd1bf151c/detection # Reference: https://www.virustotal.com/gui/file/748a23a108733fcaddf6f0ce646cbd44ea229c6bd7358410aba8557e3649416c/detection # Reference: https://www.virustotal.com/gui/file/2cc26e957de0679d49066d03672b2a03bf672125df5fe0bdb10628731b163b7c/detection 206.238.115.207:16888 206.238.115.207:18088 206.238.115.207:443 sanyww10.com no207.sanyww10.com # Reference: https://x.com/AzakaSekai_/status/1910908257759367241 # Reference: https://github.com/Still34/malware-lab/tree/main/reworkshop/2025-04-12 line-china.com tendernesss.com ucsenta.com yythender.com api.tendernesss.com api.ucsenta.com api.yythender.com # Reference: https://x.com/malwrhunterteam/status/1912059681930948747 # Reference: https://www.virustotal.com/gui/file/8a0b1bf8ef261c836a4aff04beffd1f74c8d54f7d7c92eb994f573b73d8dded0/detection 8.210.169.221:45 lpnsiss.icu lpn.lpnsiss.icu kuailian0001.cdn.bcebos.com # Reference: https://x.com/malwrhunterteam/status/1912416512452727124 # Reference: https://www.virustotal.com/gui/file/bcb3a39d7339370a539ad601944eec205515df3411f6a38654ccdf257f87d45c/detection 192.238.129.9:7777 ldxwpedf.cn td.ldxwpedf.cn # Reference: https://x.com/malwrhunterteam/status/1912803759383588964 # Reference: https://www.virustotal.com/gui/file/087a4d732b26237cdf561bc1148162209739074fd47e2465831b68d3fa15fd2c/detection 8.217.221.239:45 t7a8t1xr.com am.t7a8t1xr.com pub-cde06bcbe3a3479296fa21daf4bb5af3.r2.dev zham.mlcrosoft.cyou # Reference: https://x.com/malwrhunterteam/status/1912840893205275102 # Reference: https://www.virustotal.com/gui/file/6b73b97249d860414a6974ac7496d734bf9b58076d5b0f2d91a59dd619284d7a/detection 154.55.135.69:45 xcfsiss.icu xxfc.xcfsiss.icu zhxfc.mlcrosoft.cyou # Reference: https://x.com/malwrhunterteam/status/1912920263118745678 # Reference: https://www.virustotal.com/gui/file/6fb67dee97abfe8fdac607b64f5c660000f37b938f1cd1a844b81c7d478b827d/detection 118.107.40.62:45 dz7.mlcrosoft.bond # Reference: https://x.com/malwrhunterteam/status/1913357644494000161 # Reference: https://www.virustotal.com/gui/file/a6dcb1ed5ae73227811a88e26db992f13fbc95aa2e94b6a35fa97071ba440f8a/detection ksdcks.org xk1.ksdcks.org # Reference: https://x.com/anylink20240604/status/1913319908274037213 # Reference: https://www.virustotal.com/gui/ip-address/143.92.32.224/relations # Reference: https://www.virustotal.com/gui/file/3d70d7c48fc0254fdd1b43be74bbd6a30f681803f4a81d84bf200cd02ccbe1b7/detection # Reference: https://www.virustotal.com/gui/file/3a8d9826d898938c91867af2b389fb7108d4c685001d7a365f662b633c24149c/detection # Reference: https://www.virustotal.com/gui/file/d616ca15bdb81ab90f1a93e09767eb254a2a264adc81d23eecf6d5f68d7bb0f1/detection 143.92.32.224:45 202.79.173.107:45 2015baofu.top msksxym.top yulanfan.top chrome.yulanfan.top hk.msksxym.top hr.2015baofu.top nmw.2015baofu.top # Reference: https://x.com/malwrhunterteam/status/1914257799330099468 # Reference: https://www.virustotal.com/gui/file/b0fa846e8dfc50a7557a55ad8a65f8263927467b7111c49d56e47eaf403ace42/detection 38.46.10.130:54 bossex.trc.tw s1.mlcrosoft.bond # Reference: https://x.com/malwrhunterteam/status/1914405186686345265 # Reference: https://www.virustotal.com/gui/file/7d7c2c4e0db8b36c944e13607243fece8dfd6c6ae437c8eda9a91a632f3408ec/detection 192.238.128.204:45 gtrsiss.icu gtr.gtrsiss.icu gtrx.mlcrosoft.cyou # Reference: https://x.com/malwrhunterteam/status/1914403113802387921 # Reference: https://www.virustotal.com/gui/file/98b20d90bd1366766b2f8c0d7334fcfb67e7a14456c595ce6e268a824dd3b533/detection 189.1.243.84:45 gah566w6wefbhawo.top tuiguang168.top tl2.mlcrosoft.bond # Reference: https://x.com/malwrhunterteam/status/1914605676417974357 # Reference: https://www.virustotal.com/gui/file/b317d54c684f06347b97475a41e2ba64cc98b3b8571109169c30d40c3f3a3929/detection # Reference: https://www.virustotal.com/gui/file/8f76e210f1a41698b08767d4a2c867edb8c5bd748fb55886c6fc5d7a2d184336/detection # Reference: https://www.virustotal.com/gui/file/276d223fc902039f0ee24160c846c7a30b4894beebe0a8cbb36712a216ce1edf/detection 23.133.4.98:10443 23.133.4.98:4433 # Reference: https://x.com/malwrhunterteam/status/1915030381683773696 # Reference: https://www.virustotal.com/gui/file/f5e6efaae52ab1650d92d5f7ac9dbbf76b43f5fabef5171663ec817d4ec53899/detection # Reference: https://www.virustotal.com/gui/file/b40e66fb3cf48d9ddbad2a98eff614da3be5cf83f3272130332ad90583c0eacb/detection 154.82.92.185:33360 154.82.92.185:442 /api/d/e58948 # Reference: https://x.com/malwrhunterteam/status/1915345171606065318 # Reference: https://www.virustotal.com/gui/file/c7e6a88d4fddc3cc873a1ebd6ed37199a0a41e031b9b80e98a1ac990c4416467/detection 8.213.213.32:6010 8.213.213.32:6020 601019.xyz 10.601019.xyz # Reference: https://x.com/malwrhunterteam/status/1915431720314171533 # Reference: https://www.virustotal.com/gui/file/57dc5c86afdc7864ea3725e8b41ef02519a160fe2312d4fefbbc42bb1323b84e/detection 156.251.16.74:442 /api/d/vfkakr # Reference: https://x.com/malwrhunterteam/status/1915866710747582508 # Reference: https://www.virustotal.com/gui/file/5757cd3364e6efd97c21e0d903c16f010d1d594d5a712dd383efbec596296ce6/detection 154.91.64.236:442 # Reference: https://x.com/malwrhunterteam/status/1915866258391941261 # Reference: https://www.virustotal.com/gui/ip-address/47.76.121.113/relations # Reference: https://www.virustotal.com/gui/file/3b9bb6e7a819e1a1c1f944a414becd049cdbdedaad6b77e3fa4a2cf07cdfa05d/detection 43.154.105.244:442 ajsdg.com klasdg.com pasdhx.com pgryd.group ppashdg.com # Reference: https://x.com/malwrhunterteam/status/1916239542417330646 # Reference: https://www.virustotal.com/gui/file/a565b9d60415fdaf100044c7cddb232a5422003c7edf656e6314c3e934c56b07/detection 23.133.4.4:6666 23.133.4.4:7777 # Reference: https://x.com/malwrhunterteam/status/1917178513322320288 # Reference: https://www.virustotal.com/gui/file/87ba75fa5bf4e0e8df441e1252ca66c42cde87741aae212095395befcde063cc/detection 154.91.90.72:45 xcsiss.icu xc.xcsiss.icu zhxc.mlcrosoft.cyou # Reference: https://x.com/malwrhunterteam/status/1917546155535393062 # Reference: https://www.virustotal.com/gui/ip-address/216.250.105.98/relations # Reference: https://www.virustotal.com/gui/file/336f12dc8d280cb9e860daf51ee661f3dcaa0826e4d7d09e35014dc0b64d8466/detection 154.211.90.30:442 swcx001.cn swcxoas.cn swleoas.cn # Reference: https://x.com/malwrhunterteam/status/1917682539835122064 # Reference: https://www.virustotal.com/gui/file/a00da4373d0607eea9cd3008a8284ff31b38f8ae4751778db0666f2ad8667f9e/detection # Reference: https://www.virustotal.com/gui/file/2ed53b3936a60537abce947d3f6e2e058579a57ef834c29097e62f6843de4f12/detection # Reference: https://www.virustotal.com/gui/file/2e9837cdac825f524dce0ae37db418e7c537f0f382c6804e25acf4a05c869793/detection 45.192.217.152:10443 45.192.217.152:4433 # Reference: https://x.com/malwrhunterteam/status/1918419478536167670 # Reference: https://www.virustotal.com/gui/file/bca88b1473cf1524a4facea3ba7f5e6d33653d98dadc9408a9734785fe15f7cd/detection # Reference: https://www.virustotal.com/gui/file/9a1bcac81e4501f71c6781ff7e7025a637f7d0948c98ce27e5d24d9d4398ef7a/detection 154.91.90.224:6688 uuulai.icu # Reference: https://x.com/malwrhunterteam/status/1919380522809036949 # Reference: https://www.virustotal.com/gui/file/1ef2d5cce9011e45574e9f9acab4d4bedd2c0dbcab40d65c62dad2b6a5f642ac/detection http://110.173.50.42 110.173.50.42:443 bbd333.s3.ap-southeast-1.amazonaws.com # Reference: https://x.com/malwrhunterteam/status/1920051665442419177 # Reference: https://www.virustotal.com/gui/file/18332eb2631bdc0d2f1c3636da1458c7bcb3b56cdff4b19b13c772983bc90bd8/detection 43.99.244.219:443 xk2.ksdcks.org # Reference: https://x.com/malwrhunterteam/status/1920081092226306311 # Reference: https://www.virustotal.com/gui/file/fce03ce264669a264220d2bc0101b64773225fce363be5534efe79cf22f0aa8b/detection 206.238.115.163:954 ghergfdg-1352644795.cos.ap-shanghai.myqcloud.com # Reference: https://x.com/malwrhunterteam/status/1920057943665283284 # Reference: https://www.virustotal.com/gui/file/3adb80969574bcab2511b3b1632fc4dfa41b90c6c2fb4acea6c944c80218df63/detection 47.86.161.22:45 aotssiss.icu apt.aotssiss.icu zhatm.mlcrosoft.cyou # Reference: https://x.com/malwrhunterteam/status/1920056940840751611 # Reference: https://www.virustotal.com/gui/file/c740d973b33f6c7e9fe570f27f4a55b2f72da4584c0e1dd7a80c52f3300d5951/detection 43.132.216.81:635 # Reference: https://x.com/skocherhan/status/1920875472298102876 # Reference: https://www.virustotal.com/gui/file/af8b6ac45918bc87d2a164fae888dab6e623327cba7c2409e4d0ef1dde8d1793/detection 27.124.45.228:45 fcssiss.icu xfc.fcssiss.icu # Reference: https://x.com/malwrhunterteam/status/1921895566927081583 # Reference: https://www.virustotal.com/gui/file/b9af67d7123d30401ffdcb7c7c2b60a180806523dfed0501611728504d9bf4a7/detection 23.133.4.102:27982 flyingforest.sbs # Reference: https://x.com/malwrhunterteam/status/1921929648637718807 jobkorea.3gaofax.com # Reference: https://x.com/smica83/status/1922256883340963993 # Reference: https://www.joesandbox.com/analysis/1688869#iocs 202.79.172.16:8880 # Reference: https://www.virustotal.com/gui/file/20ac793388397dc77290a489a76b7ebe295beee954d1e1ae2588674d488f4186/detection 38.46.13.82:27997 # Reference: https://x.com/malwrhunterteam/status/1921898499622248531 # Reference: https://www.virustotal.com/gui/file/1e2a4152efe0d82eb31f95097d77e60f60458f87e01d6abdf99bbc83ff71b19d/detection 118.107.46.23:27979 # Reference: https://x.com/malwrhunterteam/status/1922758554882027699 # Reference: https://x.com/malwrhunterteam/status/1927352162125832236 # Reference: https://www.virustotal.com/gui/file/f210615ed4dbc36a530a82fb76d074c7e61e9cebd0c887dde85fddd0b49cc3fb/detection # Reference: https://www.virustotal.com/gui/file/5e4aa8db1fb8cf7462a91f5d606de0dd72ada74864e51e16ee904101d902c9e4/detection preech.top hm.preech.top masike.preech.top masike2.preech.top # Reference: https://x.com/malwrhunterteam/status/1923292905424179672 # Reference: https://www.virustotal.com/gui/file/139466a8596fe3e2f172b28e5a7437a400fba6c5b6d85d83359101ed68e95a5f/detection 8.210.193.196:7777 fvsrchps.cn dsh.fvsrchps.cn # Reference: https://www.virustotal.com/gui/file/a231625c0dd26c9a28cc1ffd3aa3b62472a56b261f55efe2c0cac70afb73b651/detection 47.83.164.89:7777 nbpmmkrb.cn wps.nbpmmkrb.cn # Reference: https://x.com/malwrhunterteam/status/1924568228069589476 # Reference: https://www.virustotal.com/gui/file/a46b53ba2a6ece79628fd5e5bc401b21a13d01b30eb33bc31319a4a06b086282/detection # Reference: https://www.virustotal.com/gui/file/543e3044bda967e91175cfdf925c8f6e7907999b62af1b7e0c4f3b32a7b81bff/detection 156.245.27.224:443 # Reference: https://x.com/malwrhunterteam/status/1925147096207810972 # Reference: https://www.virustotal.com/gui/file/e5aa061d3a3f2ccfd348e7b67889c776ce062657999bd4edb9386379e1f4f60c/detection 23.133.4.5:10443 23.133.4.5:4433 # Reference: https://x.com/skocherhan/status/1926556842492150221 # Reference: https://www.virustotal.com/gui/file/a5c6338b23af21cdcf5d04c6fc30d29983abcb8111ed8c9729ce36e09a8ad81f/detection http://27.124.21.204 27.124.21.204:443 # Reference: https://app.validin.com/detail?find=%7B%7Btitle%7D%7D-%E5%85%8D%E8%B4%B9%E7%94%B5%E8%84%91%E8%BD%AF%E4%BB%B6%E4%B8%8B%E8%BD%BD%20&type=raw&ref_id=e2b7b0c08f4#tab=host_pairs (# 2025-05-25) acmdkr.cn aidahai.wenxinwl.top bmga.fgttdf.cn bmgg.fgttdf.cn bmgs.fgttdf.cn cdhove.cn chrome.gxfclb.xin chsr.podlwf.cn dfys.djkfkv.cn djkfkv.cn dkhf.yjkkld.cn dkhn.ghyufo.cn dkkd.ejfiwf.cn efwreh.cn ehfhnc.cn ejfiwf.cn fgttdf.cn fy1.wenxinwl.top fy2.wenxinwl.top fy3.wenxinwl.top fy4.wenxinwl.top fy5.wenxinwl.top fyf.wenxincehua.top fyf1.wenxincehua.top fyx1.wenxinwl.top ggux.wenxinwl.top ghyb.ghyufo.cn gikd.ejfiwf.cn goo.yexinch.top gool.yuelangjs.top gxfclb.xin gxy2.wenxinwl.top gzas.efwreh.cn gzsg.efwreh.cn gzwl.iufdgi.cn hjjy.ehfhnc.cn hsjdye.cn htdlxx.cn iufdgi.cn jieya.space keukj.xyz klny.efjfio.cn kualian.fun lcwa.sdjfsg.cn lcwb.sdjfsg.cn lcwd.sdjfsg.cn lcwe.sdjfsg.cn lcwf.sdjfsg.cn mqwa.iufdgi.cn mqwc.iufdgi.cn mqwd.iufdgi.cn mqwe.iufdgi.cn mqwf.iufdgi.cn msfa.ejfiwf.cn njrm.yjkkld.cn podlwf.cn sdjfsg.cn sogg.keukj.xyz tjqmdjnydt10.icu todesk.fun tzkj.cdhove.cn tzwl.cdhove.cn ujskdr.cn wenxinwl.top wgbh.ehfhnc.cn whffjf.top wingdsdf.top wlke.sdjfsg.cn wlkj.sdjfsg.cn wlkk.sdjfsg.cn wlks.sdjfsg.cn xgkj.hsjdye.cn xhua.acmdkr.cn xiazaiaa.top xygz.sliwpf.cn xyht.htdlxx.cn yasu.nunbae.cn yd.wenxincehua.top yexinch.top yjkkld.cn ymfy.ehfhnc.cn ymss.ehfhnc.cn ymyd.ehfhnc.cn youdada.wenxinwl.top youdaolwfa.top youdaorgyww.icu youdaoruun.icu youdaosunwi.top youdaouakw.icu yuelangjs.top yukm.ehfhnc.cn yx.wenxincehua.top yx1.wenxincehua.top # Reference: https://x.com/malwrhunterteam/status/1927410721031111085 # Reference: https://www.virustotal.com/gui/file/59705a69a421900734a8653fbf1e0a3bdfeaa3ec3b831ba7135166c91757df75/detection 202.162.100.6:53618 # Reference: https://x.com/malwrhunterteam/status/1928742687953297695 # Reference: https://www.virustotal.com/gui/file/5c253bc5b53ab7bfa7d60ce90d9562b73c74876dec40d8c7a1842096be5f1357/detection 103.68.181.196:6000 c0mcom.com oneihmdo.com quickqnew.com # Reference: https://x.com/malwrhunterteam/status/1929892737945354246 # Reference: https://www.virustotal.com/gui/file/f3b68f39cbb3250b5f3c5db458cc46e5a6287d11e1708176f553a7734f7ab55f/detection # Reference: https://www.virustotal.com/gui/file/d57452081e3b8a818f160646a238a26ea7608acdf2ffcc3c5b712b618b550c5e/detection 23.94.40.171:8081 # Reference: https://x.com/malwrhunterteam/status/1929993935356596460 # Reference: https://www.virustotal.com/gui/file/21d8662707c7faddc28a041489d01fbda9253ac13494d99491e3a5d285d50903/detection moneycome.me # Reference: https://x.com/malwrhunterteam/status/1930502628804301155 # Reference: https://www.virustotal.com/gui/file/9adb94bfd1232c1d15ae7a2c2c48a2650a8f2fc78c90493b88d33d7471d5fdeb/detection # Reference: https://www.virustotal.com/gui/file/c0df924c1d71b02152da6f58121cd349129b3504e3ac91253d46f3a0ab011784/detection 14.18.180.112:18000 156.234.228.112:6666 156.234.228.112:8852 156.234.228.112:18853 43.154.240.161:8080 # Reference: https://x.com/malwrhunterteam/status/1931254532689785229 # Reference: https://www.virustotal.com/gui/file/42c7f4f0aef68e7de2b06dd7c8409b9248550419c2330a8097cc35c006722f2c/detection 23.235.165.126:443 # Reference: https://x.com/skocherhan/status/1941006498592969099 154.82.85.102:8083 154.82.85.160:8083 xiaoshihou1.top xiaoshihou13.top ffsup-s42.oduuu.com # Reference: https://x.com/1nt3l_hunt/status/1941886322995556520 # Reference: https://app.validin.com/detail?find=45.204.215.42&type=ip4&ref_id=39357d17357#tab=resolutions # Reference: https://www.virustotal.com/gui/file/57f0888ec2f3eb3643c91761e5ca62fd9cad22ea3f029826c935e07ff3aa8344/detection chromebot.top i4cotr.top siguapov.top youdaopll.top youdaopot.top youdaopota.top youdaopotc.top youdaopotd.top youdaopote.top youdaopotg.top youdaopoth.top youdaopoti.top youdaopotk.top youdaopotl.top youdaopotn.top youdaopoto.top youdaopotp.top youdaopotq.top youdaopotr.top youdaopots.top youdaopotu.top youdaopotv.top youdaopotw.top youdaopotx.top youdaopoty.top youdaopotz.top youdaoptya.top youdaoptyb.top youdaoptyc.top youdaoptyd.top youdaoptye.top youdaoptyg.top youdaoptyh.top youdaoptyi.top youdaoptyj.top youdaoptyk.top youdaoptyl.top youdaoptyo.top youdaoptyp.top youdaoptyq.top youdaoptyqw.top youdaoptyr.top youdaoptyv.top youdaoptyx.top youdaoptyy.top youdaoptyz.top youdaovoka.top youdaovokb.top youdaovokc.top youdaovokd.top youdaovoke.top youdaovokg.top youdaovokh.top youdaovoki.top youdaovokj.top youdaovokk.top youdaovokl.top youdaovokm.top youdaovokn.top youdaovoko.top youdaovokp.top youdaovokq.top youdaovokr.top youdaovoks.top youdaovokt.top youdaovoku.top youdaovokv.top youdaovokw.top youdaovokx.top youdaovoky.top youdaovokz.top youdaovra.top youdaovre.top youdaovri.top youdaovro.top youdaovroxb.top youdaovroxc.top youdaovroxd.top youdaovroxj.top youdaovroxk.top youdaovroxl.top youdaovroxm.top youdaovroxn.top youdaovroxp.top youdaovroxt.top youdaovroxv.top youdaovroxw.top youdaovroxx.top youdaovroxz.top youdaovrp.top youdaovrq.top youdaovrr.top youdaovrs.top youdaovrt.top youdaovru.top youdaovrw.top youdaovry.top youdayybplot.top youdayylopt.top zwbvosy.top # Reference: https://www.virustotal.com/gui/file/0211c040edcbe0bfcc4b021e1a6304c359e46540e2a1ca53e6a30f6e3ed2d52a/detection http://45.204.199.40 43.199.235.160:6628 # Reference: https://x.com/skocherhan/status/1942414925764165899 # Reference: https://www.virustotal.com/gui/file/fdb8c01abb486b1119b4b28164129b223d8d1e7cd1fcabe5dd012478b583d3b6/detection 148.66.11.10:5555 fi0xl05.top roykdw53.top wss.fi0xl05.top wss.roykdw53.top # Reference: https://x.com/skocherhan/status/1942421506165813271 # Reference: https://www.virustotal.com/gui/ip-address/156.251.30.116/relations waeokxw456.icu waxoemis3.icu wbcueajx50v.icu wcakeolx3.icu wcneuaokz7.icu wcneuxkaoc.icu wcoameikx6.shop wcuaowkx6.icu whaiqpae1x0.icu whamxiokl.shop wharuom1.icu whasoxpem.shop whaspopm.icu whatsjpwjr236.shop whatspkoel1.icu whatsplepp.shop whatsplms.shop whatwpps5.icu whaueiks85.icu whaueonxa2.icu whaueoslx6.shop whaueoxk2.icu whaueoxka8.icu whaueqkxz5.icu whaueyn25.icu whauiso2.shop whauoeklnn.shop whauoxok8.shop whaxokel.shop whsuaolx2.shop whsueoakx1.icu whsueoamx8.shop whuaeksx.shop wnaienxo6.icu wnaozle93.icu wnauehklx582.icu wnaueoqk3.icu wnaueoqlx365.icu wnaueoxka6.icu wnaueoxkaz4.icu wnciolkkis40.icu wncoaplx78.icu wncueoam2.icu wncueoaz4x.icu wnqiaopl9.icu wnqiaoxkek6.icu wnqoamei7.icu wnquaozw8.icu wnuwoajx75.icu wnxeokpps28.icu wnxuekak8x.icu wnxueoakx9.icu wnxueoanm35.icu wnxueom85k.icu wqnaiomzw9.icu wsuxoam0.icu wsxnumi8.shop wuaieolx8.shop wuaoemxz12.icu wuwanueaivou.qpon wvvuwkopp1.icu wwqnai1m0.icu wxniklmxsp.shop wxnkosl23x.icu wxuoklmxaq.icu uaa.whaiqpae1x0.icu uaa.wnciolkkis40.icu waa.whatwpps5.icu waa.whauiso2.shop waa.whuaeksx.shop wat.wbcueajx50v.icu wat.wnxueoanm35.icu wkk.whaxokel.shop wkk.wnauehklx582.icu wkk.wnaueoxkaz4.icu wkk.wqnaiomzw9.icu wks.wnxueom85k.icu wll.whatsplms.shop wsk.wuaoemxz12.icu wss.whaspopm.icu wss.whaueqkxz5.icu wvv.wvvuwkopp1.icu wwa.wcneuxkaoc.icu wwa.whatspkoel1.icu wwa.whatsplepp.shop wwa.whaueonxa2.icu wwa.whsueoamx8.shop wwa.wnaueoqlx365.icu wwa.wnquaozw8.icu wwa.wsuxoam0.icu wwa.wsxnumi8.shop wwa.wxuoklmxaq.icu wwb.whamxiokl.shop wwb.wncueoaz4x.icu wwb.wnxeokpps28.icu wwc.wnaozle93.icu wwd.wnqoamei7.icu wwg.wnxuekak8x.icu wwi.waeokxw456.icu wwi.wnaienxo6.icu wwi.wnaueoxka6.icu wwk.wcoameikx6.shop wwk.wcuaowkx6.icu wwk.whasoxpem.shop wwk.whatsjpwjr236.shop wwk.whaueoslx6.shop wwk.whaueoxka8.icu wwk.whsuaolx2.shop wwk.whsueoakx1.icu wwk.wncueoam2.icu wwk.wnqiaoxkek6.icu wwk.wnuwoajx75.icu wwm.whauoxok8.shop wwo.wncoaplx78.icu wwq.waxoemis3.icu wws.wcakeolx3.icu wws.wharuom1.icu wws.whaueiks85.icu wws.whaueoxk2.icu wws.whauoeklnn.shop wws.wnqiaopl9.icu wws.wxnkosl23x.icu wwt.wcneuaokz7.icu wwt.whaueyn25.icu wwt.wnxueoakx9.icu wwt.wuaieolx8.shop wwt.wxniklmxsp.shop wwu.wnaueoqk3.icu wwu.wwqnai1m0.icu wxw.wuwanueaivou.qpon # Reference: https://x.com/skocherhan/status/1942760237167202457 # Reference: https://www.virustotal.com/gui/file/fdd0c56781c81e423b8af358596636afa72333d948113718650f48f163c7834f/detection latesclsnitr.com # Reference: https://x.com/smica83/status/1952730422212727181 # Reference: https://www.virustotal.com/gui/file/e104c98fe9b9fc4473018a88b37d9c1029aa444ff74315d5e469aa6db964eb94/detection 47.83.171.202:9650 47.83.171.202:9750 47.83.171.202:9850 # Reference: https://x.com/smica83/status/1953392224219111867 # Reference: https://x.com/skocherhan/status/1953399063354728558 47.239.99.114:8379 8.210.41.205:7036 feetifu.net iualef.net osuyet.net poaeur.net uyahcn.net yuwesq.net 2025so.oss-cn-beijing.aliyuncs.com 25nm.oss-cn-hangzhou.aliyuncs.com 2ao2my.oss-cn-beijing.aliyuncs.com 5oss.oss-cn-hangzhou.aliyuncs.com 67yao4.oss-cn-qingdao.aliyuncs.com 6yuyyh.oss-cn-beijing.aliyuncs.com 755owo.oss-cn-beijing.aliyuncs.com 7997cs.oss-cn-shenzhen.aliyuncs.com 8ae6tt.oss-cn-shenzhen.aliyuncs.com ae86dr.oss-cn-shenzhen.aliyuncs.com bbyy44.oss-cn-shenzhen.aliyuncs.com eg9eg9.oss-cn-beijing.aliyuncs.com er1er1.oss-cn-beijing.aliyuncs.com ewewbl.oss-cn-shenzhen.aliyuncs.com ewewbs.oss-cn-shenzhen.aliyuncs.com f11uw9.oss-cn-beijing.aliyuncs.com f3rf3r.oss-cn-beijing.aliyuncs.com fay5oh.oss-cn-shenzhen.aliyuncs.com he99eh.oss-cn-beijing.aliyuncs.com id29tg.oss-cn-beijing.aliyuncs.com ll6yy6.oss-cn-beijing.aliyuncs.com lldwt-oss.oss-cn-beijing.aliyuncs.com nm25.oss-cn-hangzhou.aliyuncs.com oss3333.oss-cn-shanghai.aliyuncs.com qqssll.oss-cn-shenzhen.aliyuncs.com qqyyss.oss-cn-shenzhen.aliyuncs.com qs1qs1.oss-cn-shenzhen.aliyuncs.com s13s13.oss-cn-beijing.aliyuncs.com sc-2k7t.cn-hangzhou.oss-adns.aliyuncs.com sd2h2p.oss-cn-beijing.aliyuncs.com shi5ce.oss-cn-shenzhen.aliyuncs.com upitem.oss-cn-hangzhou.aliyuncs.com w4geu2.oss-cn-beijing.aliyuncs.com w5u9yy.oss-cn-beijing.aliyuncs.com wjkk59.oss-cn-beijing.aliyuncs.com wu3wu3.oss-cn-beijing.aliyuncs.com wuy535.oss-cn-beijing.aliyuncs.com wywwyw.oss-cn-beijing.aliyuncs.com xho7x7.oss-cn-shenzhen.aliyuncs.com xy8xy8.oss-cn-beijing.aliyuncs.com yr22ry.oss-cn-beijing.aliyuncs.com # Reference: https://x.com/smica83/status/1957150632093057227 103.204.79.114:448 103.204.79.118:448 5201314999.com # Reference: https://x.com/1ZRR4H/status/1960776566432256081 # Reference: https://www.virustotal.com/gui/file/adc570474b594eb4323605c804e4a7a875763895f56d00b571d9ebc4e0fc3f0e/detection kingmi2.ag.ink pub-86da01ef5dcc48a5835da89640b8232a.r2.dev # Reference: https://www.virustotal.com/gui/file/feda1267241d2399297681e81cfd04f9e418989f0d198c9c11dbb4574d59fb42/detection # Reference: https://www.virustotal.com/gui/file/d0349507c9d95b5ddc447406eb80d77d3fb450ba6af05aa0668fdab7acb8ffb8/detection # Reference: https://www.virustotal.com/gui/file/cf368705c5cd6cd0f824d5ca8b5f187488fbd4d436a93a60f57f8cfd6a004398/detection 27.124.43.13:27956 symptomatic.quest # Reference: https://x.com/zoomeye_team/status/1964997872937771343 # Reference: https://app.validin.com/detail?type=raw&find=Facebook+%E6%A1%8C%E9%9D%A2%E7%89%88#tab=host_pairs (# 2025-09-08) badzhmr.cn bqyd.opghfy.cn cbd.qefodim.cn cdsfewf.cn cfya.idshia.cn cgwc.ohvhfe.cn cqo.zhsnw.cn dmymbva.cn faseboko.life fbls.ytynjx.cn fbvv.yzjiy.cn fdodgp.cn fengyiyewl.cn hzaa.sfyurv.cn idshia.cn jbb.badzhmr.cn junyiw.cn key.whjiayide.cn kpxd.fdodgp.cn lpk.junyiw.cn ohvhfe.cn opghfy.cn qefodim.cn sfyurv.cn tgb.ziywl.top whjiayide.cn wpkf.cdsfewf.cn xci.dmymbva.cn xhs.fengyiyewl.cn ytynjx.cn yzjiy.cn zhsnw.cn ziywl.top zzs.whjiayide.cn # Reference: https://www.virustotal.com/gui/file/0ce9d0a4fa6044c11ae72beece8b9aedc35b0fdb28eba1997216831aee490c4b/detection http://47.242.144.180 47.242.144.180:4433 dftuchu.oss-cn-beijing.aliyuncs.com # Reference: https://x.com/malwrhunterteam/status/1969292383809400865 # Reference: https://www.virustotal.com/gui/file/117919943eda9082aaf4ba89b0a32411c1959d46b01484406ecb07766b5c200c/detection microsoft001.oss-cn-hangzhou.aliyuncs.com # Reference: https://x.com/malwrhunterteam/status/1969296139791798358 # Reference: https://www.virustotal.com/gui/file/28c1575ef28fc5e3b5eb4a63327bec10b399ce17bd65ea1b2e53562cfcd7e8a4/detection 150.5.145.84:443 # Reference: https://www.huntress.com/blog/nezha-china-nexus-threat-actor-tool # Reference: https://www.virustotal.com/gui/file/7b2599ed54b72daec0acfd32744c7a9a77b19e6cf4e1651837175e4606dbc958/detection # TITLE-IP=默认页面-最美诗词提示 # CLASS_0_HASH-IP=d47b8ca005d031689e03014b62769945 #CLASS_0_HASH-HOST=d47b8ca005d031689e03014b62769945 107.172.234.17:53762 124.221.113.254:53762 156.226.172.249:53762 157.254.178.135:53762 45.207.220.12:53762 47.79.92.244:53762 74.48.213.222:53762 bj2.xyz cx0.cc np-prob.xyz okoka.icu coal.np-prob.xyz gd.bj2.xyz hkg-v1.cx0.cc w.okoka.icu # Reference: https://x.com/midnight_comms/status/1980252390675615770 45.204.214.219:1230 # Reference: https://x.com/JustWantToQ1/status/1981740294346334218 # Reference: https://www.virustotal.com/gui/file/116d5947b1919ad56634b965b9009aff3ff798d03b6457f7ff09ddf9752839db/detection # Reference: https://www.virustotal.com/gui/file/da288a72584f8755e6f13dfb2dde61da7246fa615fd5399d184209fe2b6e6b79/detection http://45.197.144.130 45.197.144.130:5521 45.197.144.130:6667 45.197.144.130:8887 # Reference: https://x.com/smica83/status/1982186836203053090 # Reference: https://www.virustotal.com/gui/file/d2d5fee717c1721edc7d3f0360ca2ea03f39128cb94ecf94f967f238a68f31e7/detection # Reference: https://www.virustotal.com/gui/file/729e4f4f25b5e52e82ef77248e65eddcff7d05a18d910cf33403c376147c055d/detection # Reference: https://www.virustotal.com/gui/file/46c3bc886dd188cb1fa1a63b940783814b5ef9a2c82a934e73b9d92a72870868/detection # Reference: https://www.virustotal.com/gui/file/2a33f96484af528d16dd084ed46b7ebc16ec93ccca4bb732a87e557e6f18c05c/detection 16.162.106.28:8099 # Reference: https://x.com/smica83/status/1982787105085333507 # Reference: https://www.virustotal.com/gui/file/27b29a4a67e5d22b2801a415d5677739d5900b6c72b433497eb9ee0e9960dfc2/detection # Reference: https://www.virustotal.com/gui/file/39aa0ffe47f3f571a263111963c61863b88614ac0fd43118bb2abbdcaa1ec4ff/detection 118.107.45.98:3569 118.107.45.98:7858 # Reference: https://x.com/smica83/status/1986120281845330268 # Reference: https://x.com/skocherhan/status/1986373605710516498 # Reference: https://www.virustotal.com/gui/ip-address/47.76.152.56/relations # Reference: https://www.virustotal.com/gui/file/f76439295941334a6b1a65c2c49c9f233594c35083fdf67db015832cb0976192/detection # Reference: https://www.virustotal.com/gui/file/6329ce9620105613106ca8b66782d061999ef874c7850a445a07af40b34faff1/detection 43.154.69.173:88 47.76.152.56:88 52niuyan.cc 52niuyan.link 52niuyan.org 52niuyan.top 52niuyanks.cc 52niuyanks.top 52niuyanxs.cc 52niuyanxs.org 52niuyanxs.top ftysn.xyz niuyan123.cc niuyan123.link niuyan123.top tieniu6541.top tnfc.xyz # Reference: https://www.virustotal.com/gui/file/14b4e9a65826761e88a010fd46c86db8a329225a40a87e97f1b315d9002326cf/detection 103.226.153.164:6666 103.226.153.164:8888 154.211.5.9:38256 154.211.5.9:45461 net-flixer.net azure.app.s3-website-ap-northeast-1.amazonaws.com # Reference: https://x.com/smica83/status/1986682381558747343 # Reference: https://www.virustotal.com/gui/file/8b21606674c7ce4731f867aaf43ea3a317356b788a6bd451b6615545269577a9/detection # Reference: https://www.virustotal.com/gui/file/d8ad76a574e954269600aef040a6b493799490da8e4b67b5e7027f9f492a742b/detection 134.122.128.179:8899 # Reference: https://x.com/malwrhunterteam/status/1987801142512767222 # Reference: https://www.virustotal.com/gui/file/fce7f7ad1d7b17e7106639ca23cc49d2cf642bcea024d8ba838f3f559c99e34c/detection xingxings.cc ak1.xingxings.cc # Reference: https://www.elastic.co/security-labs/roningloader # Reference: https://www.virustotal.com/gui/file/25296ab87303283f490980f71843d1a9c8a621fe18bee93104d17865e5f3fb30/detection 43.132.251.95:5556 qaqkongtiao.com # Reference: https://unit42.paloaltonetworks.com/impersonation-campaigns-deliver-gh0st-rat/ i4toolscacsm.top i4toolscacvi.top i4toolscaczu.top i4toolsllsk.top i4toolsuuoxk.top i4toolsuuozp.top llllxiazai-web.vip qishuiyinyque-vip.top ydbao11.cyou ydbaoo52.cyou youdaooosssj.top youdaovavxk.top youdaovavxl.top youdaqqaavw.top youdaxxddxk.top youdaxxyzr.top youdaxxyzy.top i4.llllxiazai-web.vip # Reference: https://x.com/smica83/status/1991630792611512380 # Reference: https://www.virustotal.com/gui/file/bb82bbd8e3c463aa3abadfcc3b7cd487005a8691f27e8e93c86681b9247012e1/detection # Reference: https://www.virustotal.com/gui/file/006b60e580ab5dc48747b67da9eba0155284c464243bc3cedb664ab082465449/detection 154.211.104.154:8080 # Reference: https://www.virustotal.com/gui/file/fa755134d9c9796b2f58fd61aeb0ef12121da6afaa1943f05334d332992cdff5/detection 154.23.185.147:8081 maaahao.vip # Reference: https://x.com/smica83/status/1995803319869075796 # Reference: https://www.virustotal.com/gui/file/1eee743659812843950a374f7454f077f88469c36be3d9b702e41f47997df831/detection 108.187.37.85:8888 # Reference: https://x.com/malwrhunterteam/status/1996276368703881298 # Reference: https://www.virustotal.com/gui/file/9c586f440d986aa8a61a9bbc8d1c814a97214e6a536d5ae97754a4b4c858909d/detection http://156.255.0.28 156.255.0.28:1688 # Reference: https://www.virustotal.com/gui/file/e0b830bf5cc2b9f5272feeb7dd9a5883ff6417168f6f0001dab60be7cb16489a/detection # Reference: https://www.virustotal.com/gui/file/46045a9cc0d342108b3391de49fada77a82490a8c023bf0fdfd044b446b1082f/detection 38.181.24.114:6666 38.181.24.114:7777 rb-cloud.cc # Reference: https://x.com/malwrhunterteam/status/1996575115820126532 # Reference: https://www.virustotal.com/gui/file/fde101333a3b602551c815e5d5c82224885eac27d1b6fd6849747ec08cd9d9c3/detection hash-verification.com # Reference: https://x.com/smica83/status/1996597158414315863 # Reference: https://www.virustotal.com/gui/file/0bd1774b808cf46fbf94b6646eb5374303675ecc6317eb0706d77c47bba74ba2/detection http://45.119.98.147 45.119.98.147:1688 bflaicai.com bflu.cc nbusdt.com # Reference: https://www.virustotal.com/gui/file/b1b7ca0979b4fee195b142b8522feb5827ce283282fc2d9723d39a3c70c60f60/detection http://110.92.65.62 110.92.65.62:1688 dmeeeeoo.org dmoneff.com # Reference: https://www.virustotal.com/gui/file/8bad274e7a0d484c4f8891bcfd1e73250d030fd1351708477e35c85572d06cdb/detection # Reference: https://www.virustotal.com/gui/file/7a5b747509525f093f7ced2dc3297f8f5c4f0875d55c9e90e248a25f9c4e40ba/detection 54.251.117.164:45 56.254.20.42:45 # Reference: https://x.com/malwrhunterteam/status/1997228196581048336 # Reference: https://www.virustotal.com/gui/file/8de897a70f61b2b8d347a31adf154a80415ec03a75b3350acc2c90fb27975798/detection qiqigece.top res.qiqigece.top # Reference: https://www.virustotal.com/gui/file/3d48fdc9f7c1f4b29436ff47c3d5ef493970ca77e4e79f93df85fc402ea82aef/detection 207.56.138.28:6666 dte06kaeerrr4.cloudfront.net # Reference: https://www.virustotal.com/gui/file/b12e8deba0b10fc32789001579092d8369e39a7e03951d12a70423f699896d08/detection xingxing7.com ak1.xingxing7.com # Reference: https://x.com/malwrhunterteam/status/2000509534260035835 # Reference: https://www.virustotal.com/gui/file/124e8f7ca958fd8cb2a3baf91681513f93f73d9cfa4efea6f4a1f165d8cbc8d9/detection 154.12.87.24:800 # Reference: https://x.com/malwrhunterteam/status/2002002468612280755 # Reference: https://www.esentire.com/blog/weaponized-in-china-deployed-in-india-the-syncfuture-espionage-targeted-campaign # Reference: https://www.virustotal.com/gui/ip-address/108.181.161.156/relations # Reference: https://www.virustotal.com/gui/file/88d1f4bb8b133e04d07b37fb594eadd769aa7a7f9a9b158513a094eb26b20e15/detection 108.181.161.156:443 118.107.0.172:6666 143.14.123.173:2323 incometax.click incometax.gu.cc incometaxi.click go.incometax.click go.incometax.gu.cc go.incometaxi.click gov.incometax.click gov.incometaxi.click in.incometax.click in.incometax.gu.cc ind.incometax.click india.incometax.gu.cc ingov.incometaxi.click # Reference: https://x.com/K_N1kolenko/status/2003717423636287958 108.187.7.206:447 198.176.62.92:1688 27.124.44.189:6668 # Reference: https://www.virustotal.com/gui/file/16ffc645d53608b78796bb136d938e6350add05d5971cdcc0b3b0d258b5c3dad/detection 95.40.120.43:443 yandi9988.com # Reference: https://www.virustotal.com/gui/file/3a49336a253a63d4832fc3cfed3e04cd89328ec0f71ae464d17b27c7af439bed/detection http://178.249.208.233 178.249.208.233:22 shdd0758.com # Reference: https://x.com/malwrhunterteam/status/2004614211285200984 # Reference: https://www.virustotal.com/gui/file/b64f52ee31323774fa3ce8a78f33706f870289629235b914c477d991a054fa2c/detection 192.238.192.11:22 kkmd5.hoyenoy.com # Reference: https://x.com/smica83/status/2006142632938938431 # Reference: https://x.com/skocherhan/status/2007289321762836752 # Reference: https://www.virustotal.com/gui/file/d1b92f05d3c981ae5da4b3fd56e82c706a57bb9567fedaf4a31f8c3031a38ce1/detection # Reference: https://www.virustotal.com/gui/file/d4ab88b96d4a5776829081286553b410b593a8292c6612627a9afdf43892bfb6/detection 134.122.130.150:1688 134.122.130.150:1699 7323.pw tiktoksy.xyz vidnas.com yzgy.cc yzgy2.cc # Reference: https://x.com/malwrhunterteam/status/2008877395961614720 # Reference: https://www.virustotal.com/gui/file/5a9e3949576123117bf3dc3e3b2138c687e0704e98bc748a3ecbf1da1425fe18/detection 47.237.177.10:1688 # Reference: https://x.com/malwrhunterteam/status/2008862876933804241 # Reference: https://www.virustotal.com/gui/file/2de4842e5b335d0f59073cc0e26c8900498d3daddf2b809e6abbf795a75311ca/detection 47.237.162.153:1123 # Reference: https://www.virustotal.com/gui/file/07b2d1ff03cd867be5b1b72ebcff955e6919fe9daf33cc572e6688ebb191ef30/detection 43.154.85.148:6666 # Reference: https://x.com/malwrhunterteam/status/2008651008566792420 # Reference: https://www.virustotal.com/gui/file/ed868c0bbf654880d014f954e935039c5d3a4ad7d615912277c4502bf67964cf/detection xingxings10.com ak1.xingxings10.com # Reference: https://x.com/malwrhunterteam/status/2009635954802209115 # Reference: https://www.virustotal.com/gui/file/f8d5e36ae7af535acd72982e1b5f745adb2b39b83d522709c4c18630bdc87d1c/detection 8.210.134.138:5858 # Reference: https://x.com/PrakkiSathwik/status/2013512886086443205 # Reference: https://www.virustotal.com/gui/file/403bcf735c0657aec0f94201400760ddcaa810ac55321080dfe746f19384a05f/detection # Reference: https://www.virustotal.com/gui/file/b0521ad45fd21cdae26afdc74307870c5859421e049bbff2a545852b0ccf0fe6/detection 202.95.11.173:5551 202.95.11.173:5552 # Reference: https://x.com/smica83/status/2015778842640560397 # Reference: https://www.virustotal.com/gui/file/d3b7f4e56430a5164609a6441a13f055ccba1acf0e632da616681ad93ec93bee/detection 202.95.1.227:7880 202.95.1.227:7881 aeya388.club aeyd588.club shyda6319.club # Reference: https://x.com/smica83/status/2020847647804772648 # Reference: https://www.virustotal.com/gui/file/a4d1844c0a492f4f0095e8f2d0c84e99a6cb2093ce57d750e76f8b3d345d0e7d/detection 43.128.42.125:6666