# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: snowlight, vshell

# Reference: https://x.com/malwrhunterteam/status/1925919454099054740
# Reference: https://sysdig.com/blog/unc5174-chinese-threat-actor-vshell/
# Reference: https://www.virustotal.com/gui/file/7cbcf84de28d4bc3b21773babe730c8cc57e91dfd8b561d0dc338ea7f6f0423f/detection

124.221.120.25:2222
bootstrapcdn.fun
c1oudf1are.com
chmobank.com
googlespays.com
huionepay.me
mcafeecdn.xyz
samsungcdn.com
telegrams.icu
virustotal.xyz
https.sex666vr.com
apib.googlespays.com
btt.evil.gooogleasia.com
javaw.virustotal.xyz
ks.evil.gooogleasia.com
lin.c1oudf1are.com
lin.huionepay.me
lin.telegrams.icu
mtls.sex666vr.com
start.bootstrapcdn.fun
vs.gooogleasia.com
wg.gooogleasia.com
