# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Aliases: NT_HVNC # Reference: https://twitter.com/James_inthe_box/status/1144626442304552960 23.81.246.175:443 # Reference: https://twitter.com/PRODAFT/status/1139419259816124416 http://13.232.142.19 # Reference: https://twitter.com/PRODAFT/status/1104782941547192320 23.82.19.60:8070 # Reference: https://twitter.com/James_inthe_box/status/1088774712233058306 78.24.220.215:443 # Reference: https://twitter.com/James_inthe_box/status/1039936854345150464 74.118.139.159:77 # Reference: https://twitter.com/James_inthe_box/status/1148652274727575558 sertacio12.com # Reference: https://twitter.com/James_inthe_box/status/1159861664960749569 23.83.133.215:443 # Reference: https://twitter.com/VK_Intel/status/1161493315134603265 217.182.208.91:81 # Reference: https://twitter.com/DynamicAnalysis/status/1223303076100169730 leaben.pw # Reference: https://twitter.com/James_inthe_box/status/1223307741877297157 buhjike.host # Reference: https://twitter.com/VK_Intel/status/1224327255104446464 # Reference: https://www.virustotal.com/gui/file/df2bea2c7d1f9f2a27a62e291cff41e1b3ec677014c98048e82301cd10d36493/detection 94.103.81.79:5010 # Reference: https://twitter.com/DynamicAnalysis/status/1224787828351098880 brewaz.club zulutwit.site # Reference: https://twitter.com/JasonMilletary/status/1225820677732737024 # Reference: https://www.virustotal.com/gui/ip-address/49.51.172.149/relations avnjila.website axelerode.club basorkiq.host brewaz.club buhjike.host leaben.pw loubanas.xyz nuhjir.site rubense.xyz verobani.website zulutwit.site # Reference: https://twitter.com/VK_Intel/status/1230220315445383176 45.138.172.177:95 # Reference: https://twitter.com/ViriBack/status/1080826513266749451 jurasik.serveminecraft.net # Reference: https://app.any.run/tasks/2b11413b-1bff-44b8-adc1-f43ceeb81e98/ 23.106.160.147:443 # Reference: https://app.any.run/tasks/c6711e73-4541-451b-b968-77231e7f46fc/ 45.147.230.231:443 # Reference: https://app.any.run/tasks/35820425-8f3c-4e20-a5ae-ad9f0c1cb875/ 45.147.228.40:443 # Reference: https://app.any.run/tasks/2a384131-f172-4933-9f92-0296d1d42a2f/ 45.147.230.186:443 # Reference: https://app.any.run/tasks/06bc97c7-9be1-4a26-93d5-af11cede68ea/ 172.81.132.241:95 # Reference: https://twitter.com/James_inthe_box/status/1242798335641059328 wgyvjbse.pw # Reference: https://www.virustotal.com/gui/ip-address/161.117.177.248/relations aquolepp.pw barbeyo.xyz bhajkqmd.xyz bwambztl.xyz dhteijwrb.host rizoqur.pw siloban.pw soficatan.site # Reference: https://twitter.com/JAMESWT_MHT/status/1287761442289135617 # Reference: https://app.any.run/tasks/b18e788b-3f54-4288-a7fe-eb039b3b5cd9/ # Reference: https://app.any.run/tasks/36a0a516-b912-4d37-8bdc-29ba7a65deb5/ 172.241.29.106:443 # Reference: https://app.any.run/tasks/26b7265a-7a8d-489e-b6b5-56ff9bac0f97/ 64.44.141.42:80 # Reference: https://twitter.com/N3utralZ0ne/status/1349796440881545216 # Reference: https://twitter.com/James_inthe_box/status/1349815934656016384 # Reference: https://bazaar.abuse.ch/sample/4bdabf667555e37d4bf5afdcb3b4331c68571ca798340cbf6f3b2c206b840975/ 172.93.201.155:443 # Reference: https://twitter.com/ViriBack/status/1396086752255913984 # Reference: https://twitter.com/StopMalvertisin/status/1396119095699939331 # Reference: https://www.virustotal.com/gui/file/2ffe1cc7a03b55ebc8f3fb94b29cd23af5ec531ecfab006acf2b1afa28131300/detection http://178.63.120.107 178.63.120.107:777 # Reference: https://youtu.be/pKD9p0EIZEs?t=1992 # Reference: https://github.com/pan-unit42/tweets/blob/master/2021-12-10-IOCs-for-TA551-IcedID-infection-with-Cobalt-Strike-and-DarkVNC.txt 88.119.161.75:8080 88.119.161.76:8080 # Reference: https://github.com/pan-unit42/tweets/blob/master/2022-01-12-IOCs-for-IcedID-with-Cobalt-Strike-and-DarkVNC.txt 45.147.228.197:8080 # Reference: https://tria.ge/220120-l7yvpaheek/behavioral1 test1625092.duckdns.org # Reference: https://youtu.be/pKD9p0EIZEs?t=1701 88.119.161.88:8080 # Reference: https://www.virustotal.com/gui/file/32415b86619f83e08de9456a9e9da7b8d4a33336d7212a9d58e7866986cad27e/detection # Reference: https://www.virustotal.com/gui/file/5eb8faaa26074c63c1ed70cbed1b0446786cf7102945e0d783b191eaa71e6795/detection 111.90.151.182:4899 111.90.151.182:5555 111.90.151.182:5651 111.90.151.182:8080 # Reference: https://www.virustotal.com/gui/file/ca66249e968fe933a119ab7c1d89ab669ec2a59f4dbe71ebfd1a1d553f38cfe9/detection 195.62.47.132:6785 hvncmoney.duckdns.org # Reference: https://www.virustotal.com/gui/file/ca66249e968fe933a119ab7c1d89ab669ec2a59f4dbe71ebfd1a1d553f38cfe9/detection 195.62.47.132:6785 hvncmoney.duckdns.org # Reference: https://twitter.com/benkow_/status/1500483190074585088 # Reference: https://tria.ge/220305-1nsa5abaer/behavioral1 # Reference: https://www.virustotal.com/gui/file/721fc592907ebd7164e3152b160f4d33dd3afdae084f596adc48c5d9f3a4fa4c/detection 185.177.59.38:444 # Reference: https://twitter.com/c_APT_ure/status/1554801583979991043 194.213.3.182:8000 # Reference: https://www.virustotal.com/gui/file/78bf839b8dbb956925e0d3a3f72ad939143310fd8db627f6df8f509070e81a03/detection 2.152.208.135:5500 aimtech.ddns.net # Reference: https://www.virustotal.com/gui/file/fb89d38753668d9b9a2eb00607694fc2e25351e7fa727a613780f289bba97090/detection 193.43.104.183:5500 # Reference: https://twitter.com/fr0s7_/status/1712788618824106443 # Reference: https://www.virustotal.com/gui/file/2730a449c43a2c7ca7d4783678ba47405d6775ad0a73de6bc6305c92f1f5f7a4/detection 20.211.121.138:9982 # Generic /error_faust.php /milagrecf.php