# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: shadowsilk

# Reference: https://x.com/StrikeReadyLabs/status/1877839055716581634
# Reference: https://x.com/virusbtn/status/1882771331726647421
# Reference: https://www.seqrite.com/blog/silent-lynx-apt-targeting-central-asian-entities/
# Reference: https://app.validin.com/detail?find=64.7.198.66&type=ip4&ref_id=55f2c681bec#tab=resolutions
# Reference: https://www.virustotal.com/gui/file/efb700681713cd50a2addd1fea6b7ee80c084467d3e87668688b9f06642062ba/detection
# Reference: https://www.virustotal.com/gui/file/e6f76a73180b4f2947764f4de57b52d037b482ece1a88dab9d3290e76be8c098/detection
# Reference: https://www.virustotal.com/gui/file/3560660162f2268d52b69382c78192667a7eee5796d77418a8609b2f1709f834/detection
# Reference: https://www.virustotal.com/gui/file/297d1afa309cdf0c84f04994ffd59ee1e1175377c1a0a561eb25869909812c9c/detection
# Reference: https://www.virustotal.com/gui/file/c045344b23fc245f35a0ff4a6d6fa744d580cde45c8cd0849153dee7dce1d80c/detection
# Reference: https://www.virustotal.com/gui/file/1b76931775aa4de29df27a9de764b22f17ca117d6e5ae184f4ef617c970fc007/detection
# Reference: https://www.virustotal.com/gui/file/66294c9925ad454d5640f4fe753da9e7d6742f60b093ed97be88fcdd47b04445/detection
# Reference: https://www.virustotal.com/gui/file/99c6017c8658faf678f1b171c8eb5d5fa7e7d08e0a0901b984a8e3e1fab565cd/detection

185.122.171.22:8082
accessibleneats.com
hometowncity.cloud
mailboxdownload.com
pweobmxdlboi.com
document.hometowncity.cloud

# Reference: https://app.validin.com/detail?find=Accessible%20Neats&type=raw&ref_id=ea4a621b30a#tab=host_pairs (# 2025-01-24)

accttechllc.com
akcloud.top
akersolutoins.com
alandyh.com
albertinamachinery.com
alfhjdumnsulhuehs.com
allocco-ar.com
alpine-hosokawa.net
altendorf-de.com
annons.info
arableaguenews.com
arpimportnl.com
asdnwakalet.net
asmtld.com
atomicenergylab.com
authmailinbox.com
ax47tui83.com
aydemirtek.com
babblnipresses.com
bencoconstructionsllc.com
bestdomblog.com
bestmartsolutions.com
bestunif.com
bluemoono.com
brainytask.tech
brandxoffice.com
breuing-irco.com
brindley-medical.com
cae-gruope.com
cairo-day-trips.com
caprnatic.com
catchthestorms.net
check-connection.org
checkingsite.org
citylinefood.com
cm-elevatori.com
cmcrushermachine.com
colombaogrobg.com
consultafacildoc.com
consultasfacildoc.com
converting-system.com
csiwoffshore.com
datosdecuit.com
dl-keepass.info
dmgrnori.com
dmsplasts.com
downloadmailbox.com
e-egov.com
eaglesxv.com
eco-prozestechnik.com
eew-groups.com
elcomen.com
elike-rne.com
elinkexpressltd.com
elldrissi.com
elpisitsinc.com
emiratom.com
emsilgroups.com
enigmaaxis.com
envolvesearch.com
estaterlea.com
etori.info
etunabilar.com
field-tec.org
filfilter-tr.com
filorep.com
fob-au.com
garmorgan.com
gdrr.info
geanew.com
geniwatit.com
genmac-it.com
globa-space.com
globexgruop.com
goodbabiynt.com
greeentom.com
gsbplataforma.com
guidolingiroto.com
gvfimpainti.com
gynovetylesc.com
hamzagill.com
harrellc.com
henigworldwide.com
hgbeerequipment-uk.com
hi053.info
hidrogarnes.com
hpfrugt.com
hsb-it.com
husmanin-web.com
hydrocleariservices.com
inboxoid.com
interger.org
investmentsfor.com
j-tiec.com
jeetu.club
jeetu.global
jeetu.me
jonesproduces.com
jskhcdiueslnin.com
juargen-escher.com
k670.info
khu3x.info
kovis-groups.com
kss-sap.com
kycountynews.com
l161.info
ledsf.com
lnciner8.com
lnteracservice.in
lnteracservices.com
loftinequlp.com
lophjgihh.com
luada-technology.com
lutz-purnpen.com
lyndexrceycling.com
m339.info
magnitudeconsults.com
magnumiserviceslp.com
mailkeyboard.com
mailruinbox.com
mansoorhabibdoost.com
masonindustries-sg.com
matast.com
michlot.org
miecal.com
mininnovationuz.com
miyako-securities.com
mlutibeias.com
mozoil-llc.com
mprecisionsgrinding.com
mqmuk.com
mrwallpaper.net
multinedia-connect.com
mvfglobai.com
mxdnxlove.com
mypreciousdomainer.net
myunistars.com
navtechsradar.com
ncspares-za.com
newscode.net
ngmex.org
oakcreekapples.com
officelabelsonline.com
officewithyou.com
onlinefinancenews.com
onurtektsil.com
ormac-it.com
ozfarmnews.com
partincpas.com
piasskowanie.net
pp731.info
productddon.com
psbvip.com
q-10c.com
qazmarinefuel.com
qswl.org
ravemia.com
realialebrewing.com
reginachian.net
registermydomainagain.top
releasedatestory.com
reynco.co
reyncos.com
rinbid.com
rotomabe.com
sasafetty.com
sdzgw.org
secfatsbily.com
segrez.com
shuchonafoods.com
smartwebgroup.net
sobarialty.com
solfarmer.net
springstonenergyltd.com
spsalemarketing.com
srsconvayors.com
starraqid.com
steambolers.com
straemer-electric.com
suncrb.com
swatsconstruction.com
teachaways.com
terra-worlds.com
tfherald.com
tigers-coatings.com
toampn.com
toirbo.com
toppciqm.com
toptutorialsstore.com
tradesworksinc.com
travellingwords.com
unionlnvest.com
uphearth.com
ural-info.net
usefullhost.info
valkiriya.team
vapic.org
verification.sdzgw.org
vibropowers.com
viewpiontsystem.com
volgagas.net
waikatosinc.com
websubline.com
woodrecyclability.com
work-dl.org
wpowerproduct.com
x683.info
xnxx-v.com
xpanxions.com
yanimar.com
yushinautomations.com
zbtflorida.org
zzbanjia0371.net

# Reference: https://www.group-ib.com/blog/shadowsilk/

http://168.100.8.21
http://64.7.198.46
http://64.7.198.66
http://65.38.120.38
http://65.38.121.107
http://72.5.43.100
http://91.212.89.197
http://85.209.128.171
http://91.212.89.197
141.98.82.198:9942
193.124.203.226:9942
81.19.136.241:9942
85.209.128.171:3306
85.209.128.171:8000
85.209.128.171:8080
85.209.128.171:9000
88.214.26.37:9942
adm-govuz.com
allcloudindex.com
docworldme.com
emails-cloud.com
inboxsession.info
mailboxarea.cloud
openpdfllc.com
qwadx.com
webmailsession.com
wincorpupdates.com
admin.inboxsession.info
auth.allcloudindex.com
document.mailboxarea.cloud
document.webmailsession.com
ex.wincorpupdates.com
inbox.docworldme.com
message.mailboxarea.cloud
mosreg.docworldme.com
ss.qwadx.com
sss.qwadx.com

# Generic

/iufhtyhgyfugj.php
