# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: darkcrystalrat, LightStone

# Reference: https://www.mandiant.com/resources/blog/analyzing-dark-crystal-rat-backdoor
# Reference: https://twitter.com/James_inthe_box/status/1178275531692756992
# Reference: https://app.any.run/tasks/01a715ca-6a34-4350-b3ba-d1daae1e3d16/

domalo.online
/ksezblxlvou3kcmbq8l7hf3f4cy5xgeo4udla91dueu3qa54/46kqbjvyklunp1z56txzkhen7gjci3cyx8ggkptx25i74mo6myqpx9klvv3/akcii239myzon0xwjlxqnn3b34w
/ksezblxlvou3kcmbq8l7hf3f4cy5xgeo4udla91dueu3qa54/46kqbjvyklunp1z56txzkhen7gjci3cyx8ggkptx25i74mo6myqpx9klvv3/
/ksezblxlvou3kcmbq8l7hf3f4cy5xgeo4udla91dueu3qa54
/46kqbjvyklunp1z56txzkhen7gjci3cyx8ggkptx25i74mo6myqpx9klvv3
/akcii239myzon0xwjlxqnn3b34w

# Reference: https://twitter.com/wwp96/status/1331059269089816581
# Reference: https://app.any.run/tasks/442534bd-e3db-4ba0-97c2-152d3a16c137/

http://91.240.84.166

# Reference: https://tccontre.blogspot.com/2019/10/dcrat-malware-evades-sandbox-that-use.html
# Reference: https://www.virustotal.com/gui/file/8d41d5131fac719cc11823fb57bef9ef1ea063dbb8f52b235a3948bece039d95/detection

80.87.202.63:25998
178.21.11.90:25998
hfjdhfgrhfnghvng.ru

# Reference: https://twitter.com/JAMESWT_MHT/status/1214876191699681280
# Reference: https://app.any.run/tasks/0a749c4f-0aad-40ab-9bbe-2a703f180eef/

bores.xyz

# Reference: https://app.any.run/tasks/e053d130-71e5-4a7d-936b-ac5b9d2b0129/

oxijoinedsite.site

# Reference: https://app.any.run/tasks/afef48e7-1724-4e27-95c6-580bf1a4c9a4/

city-pub-crawl.su

# Reference: https://app.any.run/tasks/eb847bb3-9a46-4401-992c-85e6f0b0e70f/

changer-esp.ml

# Reference: https://app.any.run/tasks/337e173e-b66c-4a94-96cd-5416c9322e28/

qiwi-api.site

# Reference: https://app.any.run/tasks/0017619a-c449-4827-9595-a781e34a295d/

kkkwdfea.tk

# Reference: https://app.any.run/tasks/7c5d1379-6d4a-495b-8dc1-3fc0b057fa65/

nistrype.fun

# Reference: https://app.any.run/tasks/41df6b91-87a2-4e07-8b4b-3b0afafff205/

never-project.hhos.ru

# Reference: https://app.any.run/tasks/6661b475-c9d1-42b4-bb6a-f864aa086973/

a0365369.xsph.ru

# Reference: https://app.any.run/tasks/346f1108-88cc-4374-bcf4-e613759e111e/

flextem.000webhostapp.com

# Reference: https://app.any.run/tasks/dea60c48-0c60-4338-ba69-9b858760ad68/

beepn.pw

# Reference: https://app.any.run/tasks/23a59334-0db7-40fa-922a-81eab53a20d9/

f0313002.xsph.ru

# Reference: https://app.any.run/tasks/53d78c4b-a003-4af6-9bf0-e3e1155b8ee0/

a0388296.xsph.ru

# Reference: https://app.any.run/tasks/58136f06-a6ed-403e-b16f-9076f37f9ec3/

a0387063.xsph.ru
myhostforlic.ucoz.ru

# Reference: https://app.any.run/tasks/dc26d9b1-dd74-4cc4-8d0e-ef4f3e0e9adf/

vkgroup.tk

# Reference: https://app.any.run/tasks/c97cf5dd-781d-4eb9-8d95-a8829393f80d/

a0315266.xsph.ru

# Reference: https://app.any.run/tasks/f09df457-25de-454e-b10a-5073b48989a3/

sdfsdgafghaetg.tk

# Reference: https://twitter.com/jorgemieres/status/1255866190771167236
# Reference: https://www.virustotal.com/gui/domain/logins.kl.com.ua/relations
# Reference: https://app.any.run/tasks/8696e015-2f09-4d96-b6eb-ef6df4dabfee/

logins.kl.com.ua

# Reference: https://app.any.run/tasks/ee26c21e-b96c-4533-993f-9d91ffb2a514/

cv36917.tmweb.ru

# Reference: https://www.fireeye.com/blog/threat-research/2020/05/analyzing-dark-crystal-rat-backdoor.html
# Reference:https://www.virustotal.com/gui/file/98d0e41701388f1fe202fbabac1fa628a110e8db27737009014774a9e761463c/detection

dcrat.ru
cdn.dcrat.ru

# Reference: https://app.any.run/tasks/cb6c1c2e-40e3-424c-9e4e-85125736d328/

ajci.tk

# Reference: https://app.any.run/tasks/f98f9ffa-6ece-4185-a3eb-0d33d5ed0449/

a0457406.xsph.ru

# Reference: https://app.any.run/tasks/2272828d-9756-44f6-afa1-c87913bcddd5/

http://212.109.221.247

# Reference: https://www.virustotal.com/gui/file/c1e705ce5ea1f84af3557d0bd10eefbbdd81fa4ddf6b4c0a51de1a34ab59e327/detection

a0461492.xsph.ru

# Reference: https://www.virustotal.com/gui/file/1fe6f6deb80bff8019cf443e4c0be1fe9c9cf585404428cbe145b673441b9598/detection

tereshyd.beget.tech

# Reference: https://www.virustotal.com/gui/file/220713be75f67da3ee73406c8a4c2f53b3a92126d5ef73b3dd193017f3826e94/detection

web75.craft-host.ru

# Reference: https://www.virustotal.com/gui/file/73dc0dcdf3a15bfefb1c438fff7ee729f4e35d7ecfab2b76558eabfd7944fc6f/detection

srv166785.hoster-test.ru

# Reference: https://www.virustotal.com/gui/file/203cf853c60be3985c25ce7798e155210a2b128185e5715322eb43171b25c4fa/detection

srv164667.hoster-test.ru

# Reference: https://app.any.run/tasks/535fce56-9ae0-4d8c-a033-ef78e03d2ef9/

ct10840.tmweb.ru

# Reference: https://app.any.run/tasks/289ab4e6-5a3e-46c6-8d29-49098990a9b7/

/eej32n40olfi20gqv0apdzk5x3wecwc2576rorvdmpsyt61rxmmgr6qp/

# Reference: https://app.any.run/tasks/c40ac2ec-986f-4b17-a83f-684149c31038/

/2jvhfu93ja1n5ef28yjwh8197xp0tbm6zegu2en75wti6hta/

# Reference: https://app.any.run/tasks/5f9bd8e6-6910-4216-95ba-7ad1af291b74/

/pgofzftnelhu53gj7qbwil2vo/
laserink.beget.tech

# Reference: https://twitter.com/wwp96/status/1335668703967539202
# Reference: https://app.any.run/tasks/d5eb72ee-af60-45c0-9ec2-17f0c34adc01/

http://185.189.12.125
/m1tjns1b229pczehyub8swfc3kzugkrrqbt6yx3c4xa8snig212irqznd90h9d6w6vjvu1m0yal4/
/wpz36jbvcq4syjrqjprito1r8ck12ui20ib5a40k8fmy7p49xk5yqxgnz/
/2e70bbdf534a47f9cc68a16122290cad65b3ed05.php

# Reference: https://twitter.com/wwp96/status/1335690053482405889
# Reference: https://app.any.run/tasks/8cb6c05f-a11e-40b4-9e7a-2ac14f04cd22/

http://212.109.216.114
/wmu7nzj48bdc5sfsivxxqwbhwvytre7ez/
/ramh92gnmgzspukfiow6z3w4k0syktrjibaovdmcgqze53rv3d1h85hs16t5jnjdcbefq1qi76n4poo8cf/
/dcbb3f0abca3117648fdcab13b68e1162ddbc275.php

# Reference: https://app.any.run/tasks/a6cff01f-a7aa-4180-b155-54ed2bd998be/

http://62.109.27.122
/ecxhnnthpytusqif0j9x7534rmz/
/nbszeoiml6wssgfpdtjbla9r8q59xcgphsft1cks7ru041oe9u5vijm0zclyz64eh2rdj7/
/1272d9d3e244604153265cb97db3c19ba1f2d7f5.php

# Reference: https://app.any.run/tasks/c19f8094-f2ff-4e49-98e3-ef1430e152e9/

http://82.146.57.28
/1841jr7loo9itlriycjs137kkurmub6gy4fgve85wej6p9cwzht/
/6nai20vl9ol9cpx4ugfqtzpgnh2q/
/53e88c7cd6f237543ef0b0cb52d775b7d583f83a.php

# Reference: https://app.any.run/tasks/8132aeef-11ed-443d-ae37-e61746e4e643/

a0501919.xsph.ru

# Reference: https://app.any.run/tasks/84288362-9f98-408c-b148-99b6d1aa0c2b/

http://94.250.255.110
/92axhgmxpdkezsc8o7utb4coqyop9ls4r8ynuqp05g22/
/92axhgmxpdkezsc8o7utb4coqyop9ls4r8ynuqp05g22/x3n9o/b88e556bffd877877e03b181174f5d55dd654e9e.php
/b88e556bffd877877e03b181174f5d55dd654e9e.php

# Reference: https://app.any.run/tasks/5433b35a-7ff2-414d-824e-4d4a73a3cce7/

cu24886.tmweb.ru
/xo8destofsad1yy0o0pj9rgjj4mqt5by2b8a9ktibk9z1h68npcffaorwp3/
/mjdpbwao3xfihlspr01mxeuj8ujcmv4i1pswkv6vja0so55dz2o4sgf5wqi9bnvi6h3dc4qd6gyf8/
/5f7b65221ba9f26a68dbe40cd557a10da5c41c17.php

# Reference: https://www.virustotal.com/gui/file/2e2dbb104e1a170651a42f2e739440719fea74360416cd6945d7a9e2eefa01bb/detection

sss.lyuk.fun
/lubacmytkmhh5d338wi4sub7av44bzkyzugl1mccx2q98qjf6cjna9g295gwrwjafoziul6apfep/65dc8f3f8e19a8822548a9b139852b2ae510a7f9.php
/lubacmytkmhh5d338wi4sub7av44bzkyzugl1mccx2q98qjf6cjna9g295gwrwjafoziul6apfep/
/65dc8f3f8e19a8822548a9b139852b2ae510a7f9.php

# Reference: https://www.virustotal.com/gui/file/84c1cd5e95673fca1444b5879e83857e0513b3985a8e9152b45f6ad6e688971d/detection

sdam-oge.xyz
/u2l4eq1htsg0u8ktp6ybv1arcxmoax/4j0oidz6tcdbp2oex8/04107c5846d99adc0ccece6ba32e8daa52346d3b.php
/u2l4eq1htsg0u8ktp6ybv1arcxmoax/
/04107c5846d99adc0ccece6ba32e8daa52346d3b.php

# Reference: https://www.virustotal.com/gui/file/c9a1d56e05b593d77541650c1424eeeb4c18ff948436f2c1e1ceffff61e424d4/detection
# Reference: https://www.virustotal.com/gui/file/f42a09edcf9d7745925cd56d498f57104329b10dcd221c99dd07df3fae4d6c64/detection
# Reference: https://www.virustotal.com/gui/file/30ca126420741c189cf4bf0cdb236c5ae863bb0cc705d3fcb45dc2b502652819/detection
# Reference: https://www.virustotal.com/gui/file/2bf90f9564d31ceec8f61908e8de2594082b1eb8622355b3436608559c5ce68a/detection
# Reference: https://www.virustotal.com/gui/file/c9a1d56e05b593d77541650c1424eeeb4c18ff948436f2c1e1ceffff61e424d4/detection

changer-esp.ml
/agpo589w2hro33u3uwsrw551cmq9d1h8ua/ekfkmfzlcgtyckndd184itb7b9a6sj6voa4a475b15epzy3voxns7mf9qb9t5wr/f287097c7ea3f9c96305e3c6d2b24a0492b2e42c.php
/agpo589w2hro33u3uwsrw551cmq9d1h8ua/
/ekfkmfzlcgtyckndd184itb7b9a6sj6voa4a475b15epzy3voxns7mf9qb9t5wr/
/f287097c7ea3f9c96305e3c6d2b24a0492b2e42c.php
/jpep63pj8f5k0956dofx1kr7kbmhtnkg3pjlcqqbc9tev86y0u6w3zxujcn1/lr8bs3n8dwzekz95t7g5290ynb1xguo1tc02wv3kmp0e96yrlr4406uirfsnp/810a818d2e046901cbf4685b2447bf5eced209d3.php
/jpep63pj8f5k0956dofx1kr7kbmhtnkg3pjlcqqbc9tev86y0u6w3zxujcn1/
/lr8bs3n8dwzekz95t7g5290ynb1xguo1tc02wv3kmp0e96yrlr4406uirfsnp/
/810a818d2e046901cbf4685b2447bf5eced209d3.php
/wrrk41xugrucxw8bmia1luo3ndykspkqxowev4qyn2vlt204gyes/ux3phf0o9efk052qntnlsiwxj1a6i1s9le0pukz6gg17got3h5n5ocjgr/524276db2008bc5a31cfab16b20e3f57a04e33d0.php
/wrrk41xugrucxw8bmia1luo3ndykspkqxowev4qyn2vlt204gyes/
/ux3phf0o9efk052qntnlsiwxj1a6i1s9le0pukz6gg17got3h5n5ocjgr/524276db2008bc5a31cfab16b20e3f57a04e33d0.php
/ux3phf0o9efk052qntnlsiwxj1a6i1s9le0pukz6gg17got3h5n5ocjgr/
/524276db2008bc5a31cfab16b20e3f57a04e33d0.php
/jqa220bvl8yxsdgmhki3fmjgo4alngtje10p3crfnl6bx3szk2dyis7x05v2xqw7huuawfu94crk/f730cf4f95e8c4974e9e354f14e192a209410810.php
/jqa220bvl8yxsdgmhki3fmjgo4alngtje10p3crfnl6bx3szk2dyis7x05v2xqw7huuawfu94crk/
/f730cf4f95e8c4974e9e354f14e192a209410810.php
/agpo589w2hro33u3uwsrw551cmq9d1h8ua/ekfkmfzlcgtyckndd184itb7b9a6sj6voa4a475b15epzy3voxns7mf9qb9t5wr/f287097c7ea3f9c96305e3c6d2b24a0492b2e42c.php
/agpo589w2hro33u3uwsrw551cmq9d1h8ua/
/ekfkmfzlcgtyckndd184itb7b9a6sj6voa4a475b15epzy3voxns7mf9qb9t5wr/f287097c7ea3f9c96305e3c6d2b24a0492b2e42c.php
/ekfkmfzlcgtyckndd184itb7b9a6sj6voa4a475b15epzy3voxns7mf9qb9t5wr/
/f287097c7ea3f9c96305e3c6d2b24a0492b2e42c.php

# Reference: https://www.virustotal.com/gui/file/c569b600936870c0205b6992fca7a3d98adc5d6d90206392bb29445bc04fdd9f/detection
# Reference: https://www.virustotal.com/gui/file/fc63cd606cf3be19778fc8a599565f466bace3ea413397b9207571cf90ee4d70/detection

trtrk.tk
/8sk7wdukztor4gv6sscgcbsfom672xgdl8hwn5slhhvn/9w78z41vd65tnev2dbg6xn7ifnthlum1lesjeybeh10ipcg568q/40511eac9a18da158d2524bf42b8099db23a7198.php
/8sk7wdukztor4gv6sscgcbsfom672xgdl8hwn5slhhvn/
/9w78z41vd65tnev2dbg6xn7ifnthlum1lesjeybeh10ipcg568q/
/40511eac9a18da158d2524bf42b8099db23a7198.php
/hb6z5e4vtf7s7xant1ymggp/0y6trz8p796z3l9un1bmkoryqt8jb7q0zno0m0cxrelxrbwvwssek2n3/94fdeb52381c8578b3fe82a4da27d8843a71254f.php
/hb6z5e4vtf7s7xant1ymggp/
/0y6trz8p796z3l9un1bmkoryqt8jb7q0zno0m0cxrelxrbwvwssek2n3/
/94fdeb52381c8578b3fe82a4da27d8843a71254f.php

# Reference: https://www.virustotal.com/gui/file/0c08183ca7d7511a0fb5ca3ab11d74b066c38427912220e963c4ceafe87350ed/detection
# Reference: https://www.virustotal.com/gui/file/11accc9b0cd6f1bcff495f7a3ec2b9ebc7acfaa15f5bf88160c4ae724eeb0269/detection
# Reference: https://www.virustotal.com/gui/file/19293bab3f8d1598dff122142f0641aeaf5c7b63d9692d565e4b4b5ae2fea82d/detection
# Reference: https://www.virustotal.com/gui/file/b505454ac5e35abf59bfd6d039d07348a309b4903f5679c10168215f8f4566f9/detection

big-chlen.ml
/zcc4wy82hc9sk351nf51xrzjmeqeisfnjwrw0nagso7z2mnb72aac1iqe3lv/ul86hhzpxz2terk/a06763f99577add4361c8f382e94b1d384d0eae2.php
/zcc4wy82hc9sk351nf51xrzjmeqeisfnjwrw0nagso7z2mnb72aac1iqe3lv/
/a06763f99577add4361c8f382e94b1d384d0eae2.php
/81ly4nh50jk0n43ze2fq6svhtp1x2ddrulymihx2qkkrgapah0a9l1w7lm79r3c1r8t1/5add562f05b70b54786e15b898eade52720a0304.php
/81ly4nh50jk0n43ze2fq6svhtp1x2ddrulymihx2qkkrgapah0a9l1w7lm79r3c1r8t1/
/5add562f05b70b54786e15b898eade52720a0304.php
/eb6ce1l2uf1lcdxiutpsskg4q22u4tt0mqfydf63n43chv8ts9zq6y5jre8zlpabz9f/o42p885c1967jdwl3wmfb3fi8msmyzz0se12yt1b2kuiou5v9ogc/461d319af8a6a131a055d1fbc3587d7e081534b5.php
/eb6ce1l2uf1lcdxiutpsskg4q22u4tt0mqfydf63n43chv8ts9zq6y5jre8zlpabz9f/
/o42p885c1967jdwl3wmfb3fi8msmyzz0se12yt1b2kuiou5v9ogc/461d319af8a6a131a055d1fbc3587d7e081534b5.php
/o42p885c1967jdwl3wmfb3fi8msmyzz0se12yt1b2kuiou5v9ogc/
/461d319af8a6a131a055d1fbc3587d7e081534b5.php
/4e3twf02xyx7uk3nlzuc/cbanirg43pfycp0098lxcoq7xsef2h8o/06aca9cb7ae3a7ae747899d9d5db60d066937d79.php
/4e3twf02xyx7uk3nlzuc/
/cbanirg43pfycp0098lxcoq7xsef2h8o/
/cbanirg43pfycp0098lxcoq7xsef2h8o/06aca9cb7ae3a7ae747899d9d5db60d066937d79.php
/06aca9cb7ae3a7ae747899d9d5db60d066937d79.php

# Reference: https://www.virustotal.com/gui/file/7738ad1029f1709ec86c8ba24e04b3f71edf671b64681b884ccd70725a1674a5/detection

f0332298.xsph.ru
khxclhpyxach.000webhostapp.com
tedrbavrjrvl.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/78d3657bc6632a7894975a120f3e3cba24a31c1be98d703ebd455ec3eb1b443f/detection

fthtrhtht.xyz.swtest.ru

# Reference: https://www.virustotal.com/gui/file/b0587a32f9dcd1918883354db87376bafaebfed10359228540e57372c2410eb9/detection

borodach2643890.online.swtest.ru
/stl8ldqmfrrfel0p6w5pfloceixidn3dg2qzitsb56ghwkefgbq4zg/1s1tqx4nad15jp7m36/2d1465a3505530413d71f7c5643c8f5f53f832bf.php
/stl8ldqmfrrfel0p6w5pfloceixidn3dg2qzitsb56ghwkefgbq4zg/1s1tqx4nad15jp7m36/
/stl8ldqmfrrfel0p6w5pfloceixidn3dg2qzitsb56ghwkefgbq4zg/
/1s1tqx4nad15jp7m36/
/2d1465a3505530413d71f7c5643c8f5f53f832bf.php

# Reference: https://www.virustotal.com/gui/file/79821a8e903d54162bd27f98e998056bdd86f9fb65fdfe6d2eb2db93d23d9e00/detection

joboykoya2.temp.swtest.ru
/dsa9bezkgbouxklfgtsj28jyu8mpiparwxcdwvqkwzuw4e4imtvhpq5odqz626wy103/zsoa7fq/c76977934cb8179863e8dcc6877b78f9eaa2c2f0.php
/dsa9bezkgbouxklfgtsj28jyu8mpiparwxcdwvqkwzuw4e4imtvhpq5odqz626wy103/
/c76977934cb8179863e8dcc6877b78f9eaa2c2f0.php

# Reference: https://www.virustotal.com/gui/file/dd2e16f51093a9e1f219dbbb9ed9170969e6d5f82fd75e9ffb14100a60b00944/detection

xibefoc467.temp.swtest.ru
/jr362ixublms04ceyi7zfnntmea9so8e51/mtzkbzxvmgzja977vh5cy2iea9ynrdku/ca9a1b6af82a14cc6367351fd09e28d59e3cf499.php
/jr362ixublms04ceyi7zfnntmea9so8e51/mtzkbzxvmgzja977vh5cy2iea9ynrdku/
/jr362ixublms04ceyi7zfnntmea9so8e51/
/mtzkbzxvmgzja977vh5cy2iea9ynrdku/
/ca9a1b6af82a14cc6367351fd09e28d59e3cf499.php

# Reference: https://app.any.run/tasks/fc618299-4cef-4e89-b5c0-4d2efb519054/

cu31892.tmweb.ru

# Reference: https://app.any.run/tasks/875036f3-5d0f-4197-bee5-3760f7e8dd95/

oneway-exe.ru

# Reference: https://app.any.run/tasks/6fd6f53a-609f-41f3-adf5-e2d47c6af95b/

ch71531.tmweb.ru

# Reference: https://www.virustotal.com/gui/file/5e92f42622ff84d9e7924fd77d203daae58dbf09da9b2bcab7474cf051820740/detection

exempal.cf
/dps7t752hgory13y2703rrpgxsw6owmmli8acdo9azm1v0q2b7lenn9w3kciuzn87zr4jvnz6f8lk30/6uooe4ipdagnerdwo8h5kh2txam1njqcx7j/87df5a86f678b2f61f9e2fae37a1c758737a0e99.php
/dps7t752hgory13y2703rrpgxsw6owmmli8acdo9azm1v0q2b7lenn9w3kciuzn87zr4jvnz6f8lk30/6uooe4ipdagnerdwo8h5kh2txam1njqcx7j/
/dps7t752hgory13y2703rrpgxsw6owmmli8acdo9azm1v0q2b7lenn9w3kciuzn87zr4jvnz6f8lk30/
/6uooe4ipdagnerdwo8h5kh2txam1njqcx7j/87df5a86f678b2f61f9e2fae37a1c758737a0e99.php
/6uooe4ipdagnerdwo8h5kh2txam1njqcx7j/
/87df5a86f678b2f61f9e2fae37a1c758737a0e99.php

# Reference: https://www.virustotal.com/gui/file/4826fb45c88d5e352c330de2c76612baed1eb94c58bc58929ffcd9df5b0b5213/detection

a0315442.xsph.ru
/8vrpgqblltuiasb3pavt/cas5qc1ukntde7mnk4z88isab2jl3pv845auzfvzh5krdwoxpwoe5vn8btgi7ucqvfjtuh/a82e98ad62625d64cf0aac8ff970f101f0b8dbdd.php
/8vrpgqblltuiasb3pavt/cas5qc1ukntde7mnk4z88isab2jl3pv845auzfvzh5krdwoxpwoe5vn8btgi7ucqvfjtuh/
/8vrpgqblltuiasb3pavt/
/cas5qc1ukntde7mnk4z88isab2jl3pv845auzfvzh5krdwoxpwoe5vn8btgi7ucqvfjtuh/a82e98ad62625d64cf0aac8ff970f101f0b8dbdd.php
/8vrpgqblltuiasb3pavt/cas5qc1ukntde7mnk4z88isab2jl3pv845auzfvzh5krdwoxpwoe5vn8btgi7ucqvfjtuh/
/a82e98ad62625d64cf0aac8ff970f101f0b8dbdd.php

# Reference: https://www.virustotal.com/gui/file/c79c8b52c8e06c77e068bf2d7798490ae3fbb596d798a3232011f0acbf322d9a/detection 

a0472136.xsph.ru
/434a17mvckf19dxf83nl84jcsgkqj6tkfpa152ec8/
/011afb0749904eed1c837350cda0a7aea10f84c9.php

# Reference: https://www.virustotal.com/gui/file/26bb89fed1eb8544bf3e70fdac8713d7201cd3b36962738aa23f42371779c100/detection

f0452627.xsph.ru
/d0wpfpdwqcvri7hikj0honbqlg60vkld/ec7i7ylhvupxp1jpdah68mzigqxyat0nuw9spok3ywfql52ct5nv5k419/52d126a457c70dcf8f15c863f1e7eb6318f28152.php
/d0wpfpdwqcvri7hikj0honbqlg60vkld/ec7i7ylhvupxp1jpdah68mzigqxyat0nuw9spok3ywfql52ct5nv5k419/
/d0wpfpdwqcvri7hikj0honbqlg60vkld/
/ec7i7ylhvupxp1jpdah68mzigqxyat0nuw9spok3ywfql52ct5nv5k419/
/52d126a457c70dcf8f15c863f1e7eb6318f28152.php

# Reference: https://www.virustotal.com/gui/file/ccb4673eba9fc6523366bfe8a0dfaa8cf4c4aa3f5c5edccc3c98dd4b28356fe0/detection

f0471995.xsph.ru

# Reference: https://www.virustotal.com/gui/file/21b703742ded5a6ac2d580ccbe1fadc3113e6c01750658c93204e5cb3c4797e7/detection

a0486179.xsph.ru
/0ewhm8n8kba1grvga073qjtu7lq/
/ccba8a2e3755c5123325a7f2e766975b0ad70363.php

# Reference: https://www.virustotal.com/gui/file/89c0578b862c36d099744f435c97e3d64cefc29a3705dfa61735ab9d7939c83e/detection

cy59724.tmweb.ru
/fhouqsip6grypvxr4gvoeu5s/6h56e8do29cj71emx2wxop90l6ms6b0n03ys1v34m9c4ffqfymjeslku1nt4zxrzpe/e6eca0e86c3ff6c5f5ce3b597946a8466c9a5e49.php
/6h56e8do29cj71emx2wxop90l6ms6b0n03ys1v34m9c4ffqfymjeslku1nt4zxrzpe/e6eca0e86c3ff6c5f5ce3b597946a8466c9a5e49.php
/fhouqsip6grypvxr4gvoeu5s/
/6h56e8do29cj71emx2wxop90l6ms6b0n03ys1v34m9c4ffqfymjeslku1nt4zxrzpe/
/e6eca0e86c3ff6c5f5ce3b597946a8466c9a5e49.php

# Reference: https://www.virustotal.com/gui/file/c3832621e8b001e0d9c67a2eb87df480794160ba88dad28611e3fbd1019e382f/detection

pcsovet.5k5.ru
/4r8sb3nl87wc75w9rh3ffhu6w5che/bltcxwg89mid9szec5tojjm79ls6kh1rom74d71n3hvepefuiylji0rffa5n62l56wsuk28bcw978agtu1y/d1e916594122bd471161b2701ccd8b16c7d56f06.php
/4r8sb3nl87wc75w9rh3ffhu6w5che/bltcxwg89mid9szec5tojjm79ls6kh1rom74d71n3hvepefuiylji0rffa5n62l56wsuk28bcw978agtu1y/
/4r8sb3nl87wc75w9rh3ffhu6w5che/
/bltcxwg89mid9szec5tojjm79ls6kh1rom74d71n3hvepefuiylji0rffa5n62l56wsuk28bcw978agtu1y/
/d1e916594122bd471161b2701ccd8b16c7d56f06.php

# Reference: https://twitter.com/c3rb3ru5d3d53c/status/1366076714653212676
# Reference: https://www.virustotal.com/gui/file/50444a618ccea3cc6b93088378260b2fab89b5b92d4b06f27fc2e8a58b950c79/detection

cg94871.tmweb.ru
/ipq342neycw2vemr137rhq3u1lsggre8hk4enbicwwb7hdfzrtpla4kyufmto/avldwf/11d3d498af0fd072d4bbc98f8a2273b235c27adb.php
/ipq342neycw2vemr137rhq3u1lsggre8hk4enbicwwb7hdfzrtpla4kyufmto/
/11d3d498af0fd072d4bbc98f8a2273b235c27adb.php

# Reference: https://www.virustotal.com/gui/file/6ac9d0949e78f75adb767797d2e8f456b9bfc19cf85ce0f6fe4fe2e2678ae020/detection

a0484572.xsph.ru
/0ongi8hxo7yarpcd65ellx53/cwc80amx0pz2qbb7j75ew4h3mtreckxau7203jofqsdgqekrx0a924p21lv95n58fl69v54an/0e776a6139e804b26561001e727cd021217e5558.php
/cwc80amx0pz2qbb7j75ew4h3mtreckxau7203jofqsdgqekrx0a924p21lv95n58fl69v54an/0e776a6139e804b26561001e727cd021217e5558.php
/0e776a6139e804b26561001e727cd021217e5558.php
/0ongi8hxo7yarpcd65ellx53/
/cwc80amx0pz2qbb7j75ew4h3mtreckxau7203jofqsdgqekrx0a924p21lv95n58fl69v54an/

# Reference: https://www.virustotal.com/gui/file/0db9b3287dbda591372414623e67ed65e19145656ec7270c545e33ec8dcf7359/detection

f0438395.xsph.ru
f0446323.xsph.ru
/y4owmffza4zbl/vay92fnfwidomnmj2ati1/ce35e0ff1e1d2c8b81e3deee715d223b27132874.php
/y4owmffza4zbl/vay92fnfwidomnmj2ati1/
/y4owmffza4zbl/
/vay92fnfwidomnmj2ati1/
/ce35e0ff1e1d2c8b81e3deee715d223b27132874.php

# Reference: https://www.virustotal.com/gui/file/0bc8f7c32c038195ec0a00142e6a497a85740044b6c7f58f140d8bd084aa4c7d/detection

f0478615.xsph.ru
/zli0hx3rb7l5motetc6rq/m50qy39ordpa8n7ags3r1jmhv4441kibchpvujqu1c67lz54wdhn41etky0p0mjfruxx/bf8bde4aecac1785475ed63563972416621c91d2.php
/zli0hx3rb7l5motetc6rq/m50qy39ordpa8n7ags3r1jmhv4441kibchpvujqu1c67lz54wdhn41etky0p0mjfruxx/
/zli0hx3rb7l5motetc6rq/
/m50qy39ordpa8n7ags3r1jmhv4441kibchpvujqu1c67lz54wdhn41etky0p0mjfruxx/
/bf8bde4aecac1785475ed63563972416621c91d2.php

# Reference: https://www.virustotal.com/gui/file/10308a424c6d9abfc703efc49ab5d0840766ebf51ac4b03269a1f98ef0a66aec/detection

f0463306.xsph.ru
/dnc43rncghchlzne9ifqkgvkz/w1d6njsup/5bea1966ae5a874168cf125971b3ea99cedb7df7.php
/dnc43rncghchlzne9ifqkgvkz/
/5bea1966ae5a874168cf125971b3ea99cedb7df7.php

# Reference: https://www.virustotal.com/gui/file/cd6e3b60a429bbf3dd571ac9bcb953f378433264550325139b1535c79b434e86/detection

f0475486.xsph.ru
/tq2jahdsfa5g9y3w1wjcio6r48zu6qvp7o92omin3etbfwh5uad8p/bv426i0urvvb71p1ecoum8rsozplify7glwhxk97w/fc0de89767fa4fb6ceb846e92428d4a917d24c31.php
/tq2jahdsfa5g9y3w1wjcio6r48zu6qvp7o92omin3etbfwh5uad8p/bv426i0urvvb71p1ecoum8rsozplify7glwhxk97w/
/tq2jahdsfa5g9y3w1wjcio6r48zu6qvp7o92omin3etbfwh5uad8p/
/bv426i0urvvb71p1ecoum8rsozplify7glwhxk97w/
/fc0de89767fa4fb6ceb846e92428d4a917d24c31.php

# Reference: https://www.virustotal.com/gui/file/0c797645b62f0d5262d2db462218c9f0ad064858bfe206f02d99541c7bc762dd/detection

f0457573.xsph.ru
/5a7tuwel9087f50z2wu42oyf8sbjeztvg785xrn/gh7r8ky9sp/8661ba6a5e0db20f23382c8ecb1af46b4af13638.php
/5a7tuwel9087f50z2wu42oyf8sbjeztvg785xrn/
/8661ba6a5e0db20f23382c8ecb1af46b4af13638.php

# Reference: https://www.virustotal.com/gui/file/3507728820cc00598364f740bc8bd661b3ea2217d3292f17b20f8d9093fda25e/detection

f0494736.xsph.ru
/q3vuzcny1grdz47l019ksvl7g5kla6tq1johbifung5j617s82dd2oyf/og4rzao3yh3z48er5eh8y3lju1dwtcntz9xw6jfo9pf5807xk2ffvup5402w4kj/sryg3ha98v02qow3rp/dc8c5ce9e6004966bf6ad5e7499b507b.php
/q3vuzcny1grdz47l019ksvl7g5kla6tq1johbifung5j617s82dd2oyf/og4rzao3yh3z48er5eh8y3lju1dwtcntz9xw6jfo9pf5807xk2ffvup5402w4kj/
/q3vuzcny1grdz47l019ksvl7g5kla6tq1johbifung5j617s82dd2oyf/
/og4rzao3yh3z48er5eh8y3lju1dwtcntz9xw6jfo9pf5807xk2ffvup5402w4kj/
/fbd557434528cbf66b6d4edaaf8c7c68f5b17c75.php
/sryg3ha98v02qow3rp/dc8c5ce9e6004966bf6ad5e7499b507b.php

# Reference: https://www.virustotal.com/gui/file/0c973ee7d91878f4db5d0044ecb43f508df4013d85d85b33f5a58ff3ee1a58a0/detection

f0493264.xsph.ru
/piks3hwokuzpinvf1sifaqvlezh0/
/f3924bcd353a8e1f603f95309fa65ca3f8dcfceb.php
/piks3hwokuzpinvf1sifaqvlezh0/zc8bt0r4pk3m9ql8c6dc9xlnyl0tk5bok42soa5j1o68pg20t/283314aaecfe5dd34e232939e1218999.php
/piks3hwokuzpinvf1sifaqvlezh0/zc8bt0r4pk3m9ql8c6dc9xlnyl0tk5bok42soa5j1o68pg20t/
/zc8bt0r4pk3m9ql8c6dc9xlnyl0tk5bok42soa5j1o68pg20t/
/283314aaecfe5dd34e232939e1218999.php

# Reference: https://www.virustotal.com/gui/file/040a25f63a9c6fb1703a1039488a0eba849588a054b5e603cd19792707d2ef32/detection

f0503470.xsph.ru

# Reference: https://www.virustotal.com/gui/file/d50d9f271cf93d53fe6d1f1a00546e12c04f00e6546158a389c99a201b281231/detection

f0515589.xsph.ru
/34voq2emqal4bp5any671hzf9lm3ij839zrxw2gzhl6ttih4ewum0ply6omxcfus08wn14ib/03ryscvohzllc76/ea5efdbfcf64407f0133129dc50e9decb86eddc2.php
/34voq2emqal4bp5any671hzf9lm3ij839zrxw2gzhl6ttih4ewum0ply6omxcfus08wn14ib/03ryscvohzllc76/
/34voq2emqal4bp5any671hzf9lm3ij839zrxw2gzhl6ttih4ewum0ply6omxcfus08wn14ib/
/ea5efdbfcf64407f0133129dc50e9decb86eddc2.php

# Reference: https://www.virustotal.com/gui/file/357b1770262a0b0f33f56f8fece9e1e35f4918acf72d36bb3cae719fde9bc18b/detection

f0510538.xsph.ru
/u3s904w2ibcgouhmgk4bcxx1a2vetdp7/
/7db32d0d111d8e8d56501876d36930c7da4bbda7.php

# Reference: https://www.virustotal.com/gui/file/8c0a2621bdd862a767aea8ac6c8721a07f11232db5b16a60cd868341355a3e07/detection

f0491418.xsph.ru
/jbouypul6170z295czg/9esptzen95oqo1qj4mmd7fbuo63xp2pnv1c8wizr6bjlkf2da4a4u6axfv3uhex36wludrvoec5ykywq/103eeb3716f4deeefafd758ba7c991b6b88dd11e.php
/jbouypul6170z295czg/9esptzen95oqo1qj4mmd7fbuo63xp2pnv1c8wizr6bjlkf2da4a4u6axfv3uhex36wludrvoec5ykywq/
/jbouypul6170z295czg/
/9esptzen95oqo1qj4mmd7fbuo63xp2pnv1c8wizr6bjlkf2da4a4u6axfv3uhex36wludrvoec5ykywq/
/103eeb3716f4deeefafd758ba7c991b6b88dd11e.php

# Reference: https://www.virustotal.com/gui/file/33291a6e72594047c17a796a081f09883550a219846dccd5ed3cfc8451b5a135/detection

f0509824.xsph.ru

# Reference: https://www.virustotal.com/gui/file/424917f137c2dba0a9dbbac18076aee314780dfccedc31883b1cbe7ce914298d/detection

f0515589.xsph.ru
/34voq2emqal4bp5any671hzf9lm3ij839zrxw2gzhl6ttih4ewum0ply6omxcfus08wn14ib/03ryscvohzllc76/ea5efdbfcf64407f0133129dc50e9decb86eddc2.php
/34voq2emqal4bp5any671hzf9lm3ij839zrxw2gzhl6ttih4ewum0ply6omxcfus08wn14ib/
/ea5efdbfcf64407f0133129dc50e9decb86eddc2.php

# Reference: https://www.virustotal.com/gui/file/be2cc2d4877f79dcb0cbef9a42d114544a135f2c1f8bd96ed06cb01c0defae60/detection

f0515572.xsph.ru

# Reference: https://www.virustotal.com/gui/file/14df9469961f7a159651587e0a4afc78d06e3d7247c9d9ccb47b840c71bfb792/detection

f0517366.xsph.ru
/3s66rm0tcvofycuvdqqdlhaoi0i7560bwkxgq97drftbf4m4l04nea9ugzt/wh97lg5i0mnw6rfzrg/d5501495d336c46495f9b8e54386c8bf5ac0cc5e.php
/3s66rm0tcvofycuvdqqdlhaoi0i7560bwkxgq97drftbf4m4l04nea9ugzt/wh97lg5i0mnw6rfzrg/
/3s66rm0tcvofycuvdqqdlhaoi0i7560bwkxgq97drftbf4m4l04nea9ugzt/
/wh97lg5i0mnw6rfzrg/
/d5501495d336c46495f9b8e54386c8bf5ac0cc5e.php

# Reference: https://app.any.run/tasks/3ca79d1f-03ef-4215-b587-082334de1ed7/

filmix.space
/s3l2w44ni0au767y00lrxlbkesye5cot4zund7ju9t3k65niw1msvh/g7o4lqch3nkt0p08/20eb5bca358665727c4c5ac112fb96afb9757028.php
/s3l2w44ni0au767y00lrxlbkesye5cot4zund7ju9t3k65niw1msvh/g7o4lqch3nkt0p08/
/s3l2w44ni0au767y00lrxlbkesye5cot4zund7ju9t3k65niw1msvh/
/20eb5bca358665727c4c5ac112fb96afb9757028.php

# Reference: https://www.virustotal.com/gui/file/a8b88f7751da32956991d5a6bed4bb5fe788696188a04b951f304e5035d1c5b0/detection

f0517233.xsph.ru
/7njihfv0a/kz5cfx173w93hd3eizzct6gy1gx8dj5ioy/5e150948e707791422070434d2fa55363f18c867.php
/7njihfv0a/kz5cfx173w93hd3eizzct6gy1gx8dj5ioy/
/5e150948e707791422070434d2fa55363f18c867.php
/kz5cfx173w93hd3eizzct6gy1gx8dj5ioy/db9hfgvbx/edc301e834c038e30c4f9fc52b979a12.php
/kz5cfx173w93hd3eizzct6gy1gx8dj5ioy/
/edc301e834c038e30c4f9fc52b979a12.php

# Reference: https://www.virustotal.com/gui/file/e7bc06eedb8600ef3a3a168e04260e2aa2c1bffa1eec3ab256deb866bed7b1d1/detection

f0519071.xsph.ru
/1lua73k3rf9/ag07622pc1uspjsulyin3gz3ywv8btbe0jx5tmkild45o88qfgt6v23keb1rdcnsfaz1fma09vns6rhtrghk37/2da79cb2b31cd83770333991b6d72e6823f7120d.php
/ag07622pc1uspjsulyin3gz3ywv8btbe0jx5tmkild45o88qfgt6v23keb1rdcnsfaz1fma09vns6rhtrghk37/
/2da79cb2b31cd83770333991b6d72e6823f7120d.php

# Reference: https://www.virustotal.com/gui/file/514227515d4d8d80d19bb27b92182154fefc8f016be0c86c8016ec9a0cad7c6a/detection

f0519034.xsph.ru
/gxb17nqb13togzcoj6w2wbvdamxwsgmvdmqxk74pz7iaetdzd08z1j7rak6ujptlgy/b55vlmrnyp/80501efbfd7a3a3302bf2aa2aeda671587c06f3c.php
/gxb17nqb13togzcoj6w2wbvdamxwsgmvdmqxk74pz7iaetdzd08z1j7rak6ujptlgy/
/80501efbfd7a3a3302bf2aa2aeda671587c06f3c.php

# Reference: https://www.virustotal.com/gui/file/84ae6fe4cd4f1357409af9eeea51b0ceb8385242c1e67b1f22a51a9475f3ce01/detection

cs51919.tmweb.ru
/jah3b5q3hkt4v8iuj47724umkygr1gsctnp3p1ukmio9ixwfcnflh76esg5fv4qnxlsm/sg2dmj1k5lzzxrtchs6omubpixuk3a1dqmb8rn/1b58f49e15eeb98754ad22cdd55072e27b160ca2.php
/jah3b5q3hkt4v8iuj47724umkygr1gsctnp3p1ukmio9ixwfcnflh76esg5fv4qnxlsm/sg2dmj1k5lzzxrtchs6omubpixuk3a1dqmb8rn/
/jah3b5q3hkt4v8iuj47724umkygr1gsctnp3p1ukmio9ixwfcnflh76esg5fv4qnxlsm/
/sg2dmj1k5lzzxrtchs6omubpixuk3a1dqmb8rn/
/1b58f49e15eeb98754ad22cdd55072e27b160ca2.php

# Reference: https://www.virustotal.com/gui/file/6e2c565e36ca5fd95af9f7a0d1a2fa6b9ec50caef4290e9eb9abe53ab3b8e70b/detection

a0404851.xsph.ru
/stwc3br2iynbmx8wlv054g1c9nyqq7eumxrb1t0u5d9znkez8jip10f4ap95ja94aabro1kxzxpq708/av4yi982qnv743qpxk/4b15077fafc5c905a0a10493de237bd680a0de80.php
/av4yi982qnv743qpxk/4b15077fafc5c905a0a10493de237bd680a0de80.php
/stwc3br2iynbmx8wlv054g1c9nyqq7eumxrb1t0u5d9znkez8jip10f4ap95ja94aabro1kxzxpq708/av4yi982qnv743qpxk/
/stwc3br2iynbmx8wlv054g1c9nyqq7eumxrb1t0u5d9znkez8jip10f4ap95ja94aabro1kxzxpq708/
/av4yi982qnv743qpxk/
/4b15077fafc5c905a0a10493de237bd680a0de80.php

# Reference: https://www.virustotal.com/gui/file/be4f2bc98517755200485163d8f7734702f9fc072fef2df4e6250f679151070c/detection

a0405963.xsph.ru
/smx039rtaq99eh0guby5copi4ml698dyb0k3acwg0czni6vbzat75bt/4cenvfizboennpdqih0avfwitbb3j4m4f4forilbg7/16e350e36f5328bd301a257515f4e3fd5b680305.php
/4cenvfizboennpdqih0avfwitbb3j4m4f4forilbg7/16e350e36f5328bd301a257515f4e3fd5b680305.php
/smx039rtaq99eh0guby5copi4ml698dyb0k3acwg0czni6vbzat75bt/4cenvfizboennpdqih0avfwitbb3j4m4f4forilbg7/
/smx039rtaq99eh0guby5copi4ml698dyb0k3acwg0czni6vbzat75bt/
/4cenvfizboennpdqih0avfwitbb3j4m4f4forilbg7/
/16e350e36f5328bd301a257515f4e3fd5b680305.php

# Reference: https://www.virustotal.com/gui/file/9c91b43d243ac9adfdabcf848069b08b9117c6380d4805729d06836fdc10a74c/detection

a0525835.xsph.ru
/oqk743prn86ycil1soeb99aqy0epzj6utcxrw30c23o86kif7gscmld/aih52uhn1u0prqmd5vckdleh246a8p2b9dq7o0k7htcq1w/30650a8f98a447ec28b175ffd31214d7d94eb991.php
/oqk743prn86ycil1soeb99aqy0epzj6utcxrw30c23o86kif7gscmld/aih52uhn1u0prqmd5vckdleh246a8p2b9dq7o0k7htcq1w/
/oqk743prn86ycil1soeb99aqy0epzj6utcxrw30c23o86kif7gscmld/
/aih52uhn1u0prqmd5vckdleh246a8p2b9dq7o0k7htcq1w/
/aih52uhn1u0prqmd5vckdleh246a8p2b9dq7o0k7htcq1w/30650a8f98a447ec28b175ffd31214d7d94eb991.php
/30650a8f98a447ec28b175ffd31214d7d94eb991.php

# Reference: https://twitter.com/K_N1kolenko/status/1377902418839678976
# Reference: https://twitter.com/K_N1kolenko/status/1377902531641237505
# Reference: https://twitter.com/James_inthe_box/status/1377967403611480070

http://195.54.33.24
/jsserverwindows.php

# Reference: https://www.virustotal.com/gui/file/29df0b984e959c856c2cc8d45dbd407301567d1f8deb962f350b8789f5a9a1f8/detection

cc50835.tmweb.ru
/pipebigloadbaseWindowstest.php

# Reference: https://www.virustotal.com/gui/file/89fa4b96824cff45d631aba001e6ea4873bdc50133149489453e1930f93061db/detection

ch30249.tmweb.ru
/CpulongpollAsync.php

# Reference: https://www.virustotal.com/gui/file/b353f0b1f05df11cd8d4a9d5e32b175bf52795d4571da48347c8d367767c7f2c/detection

cx55949.tmweb.ru
/linePipepacketmultilinux.php

# Reference: https://www.virustotal.com/gui/file/e2c0f6c339713ba63202f13e1f788997d87b4d8ce38cb6bb8f214bc92020b77d/detection

cm51492.tmweb.ru
/ProviderLongpoll.php

# Reference: https://www.virustotal.com/gui/file/e46a16ade0a00728c59210acdcd131a5bab46470d9acb07afb58917a1e287456/detection

ck02342.tmweb.ru
/JavascriptjsProcessorProtectFlower.php

# Reference: https://www.virustotal.com/gui/file/4b032a536e842694ebbf6152c16484e01dd3c786d028cd535bd75b74c2e1e75c/detection

ct53551.tmweb.ru
/php_updateLongpoll.php

# Reference: https://www.virustotal.com/gui/file/56739e49de52e250f4a3eca5675917fe3cda4d3c40903e7f9d2b79e18bec9999/detection

cg15251.tmweb.ru

# Reference: https://www.virustotal.com/gui/file/7055d783414b106fe0cf64d48298626a77800e0b8dcdc8eb861d63b72ae8f8fa/detection

cf09397.tmweb.ru
/multiDefaultFlower.php

# Reference: https://www.virustotal.com/gui/file/76878896e452310544b7935243156babb347549bf8f7c57dcd809d9d9cc7273c/detection

cu32668.tmweb.ru
/pipelowprocessmultiBase.php

# Reference: https://www.virustotal.com/gui/file/353e71b1f29f2a127d199fd7b936805a6181a1d81fb83b818b5628d1ab424e17/detection

ch08518.tmweb.ru

# Reference: https://www.virustotal.com/gui/file/32acd16ac1f0ceda43528df2401e91212338f58a16b0446e564174a9c840721c/detection

cq64286.tmweb.ru
/HttpcpuupdateauthApi.php

# Reference: https://www.virustotal.com/gui/file/20adaedcd00cb34d5ff9f6840a171bae738b7acdee4ab320724fcceb3218cda4/detection

cn25255.tmweb.ru
/AsentusEncoded.php

# Reference: https://www.virustotal.com/gui/file/4ed2b9056a1141a2d92ee8c0b5e4b94bd59a1d84784f5bffc487575f1f98b88e/detection

cr39615.tmweb.ru
/imagesecurePacket.php

# Reference: https://www.virustotal.com/gui/file/3d3326dd0a2dade47a2b5ad966fdebbd09fa15ff67ec18a8b8f8323ca481e70f/detection

dyeee.tmweb.ru
/longpollTraffic.php

# Reference: https://www.virustotal.com/gui/file/72362d62cf50c249dee90fa062a9a382572d67997da05608ef3f79a1292a43e1/detection

cf79984.tmweb.ru
/secureGeoauthflower.php

# Reference: https://www.virustotal.com/gui/file/544d2ce0cdc40c01dad1b0c0e8c6040d9252ff9c5edac8c73a212e8210c44473/detection

cq38242.tmweb.ru

# Reference: https://www.virustotal.com/gui/file/96aea8e31880f1a37353a47c962de1f59755abea5bb12a2abd62ae1bf694231c/detection
# Reference: https://www.virustotal.com/gui/file/edfbfcbb103f5b69bcf2a9b3cc6e01750744bdc84a882f929c3f9cefef42cecb/detection

cj09837.tmweb.ru
vh366.timeweb.ru

# Reference: https://www.virustotal.com/gui/file/bf6e3cf654738116a14be298176fc12524154ee51f9a2424fa117ee5b47be53a/detection

cw51552.tmweb.ru
/pythonlowupdateprotectdefault.php

# Reference: https://www.virustotal.com/gui/file/f0690112624bffc927f19e8cc0d8af4f46656a354212bc234e9cc3d1c33c4993/detection

sk1tzz.beget.tech
/kef8wewmagh6vs3rbm5jqhi29dkn7y96gp1ou9i7d4pw14c9rlc46uur3fvlzgjiehh/h7otaleclm238j1szeb/9753eb7181919647609843743199a5f58a01a37c.php
/kef8wewmagh6vs3rbm5jqhi29dkn7y96gp1ou9i7d4pw14c9rlc46uur3fvlzgjiehh/h7otaleclm238j1szeb/
/kef8wewmagh6vs3rbm5jqhi29dkn7y96gp1ou9i7d4pw14c9rlc46uur3fvlzgjiehh/
/h7otaleclm238j1szeb/
/h7otaleclm238j1szeb/9753eb7181919647609843743199a5f58a01a37c.php
/9753eb7181919647609843743199a5f58a01a37c.php

# Reference: https://www.virustotal.com/gui/file/fb3914e5fb9bbae88d31177071dd6465bc4ae46f05c71f3a72b086483d65e066/detection

http://135.181.235.118

# Reference: https://www.virustotal.com/gui/file/1a1971d70f3879a8fb9cb656c3afe487760454b1caf139cf2d3b87330f3e77ff/detection

datasines.ru
/vmasyncTrack.php

# Reference: https://www.virustotal.com/gui/file/1294a91cd45ed0dc87531245654e961b6aa1b399ca32a33048a04ab7993b16b7/detection
# Reference: https://www.joesandbox.com/analysis/444364?idtype=analysisid

http://185.246.65.192
/pythonsecurelowcpuGame.php

# Reference: https://www.virustotal.com/gui/file/3d49374f76096e055f31a9e83d0bdd15a349aa85041a9f827fef376011913d05/detection
# Reference: https://www.virustotal.com/gui/file/55c68474cc02e4834e61a80980679f364f3fb1d012e8aab3bb3bd254967e5514/detection

http://82.146.57.148
/tracedemosupportphp/demo/mobilegenerator/support/cpucamphp/prefprefmathcore/djangoplugin/searchercpuprefrecord/demohtopphptrace/limitdatalog/imageprocesslongpolltraffic.php

# Reference: https://www.virustotal.com/gui/file/a0f4c92db2cfda9c338306c1b12f71c15416196ed593f0aa28ca5add785d426a/detection
# Reference: https://www.virustotal.com/gui/file/fac11dc010c0a36ccacc3a5438af9bd5182b7b94be16d5758f78c6b89100dbf9/detection

u102494.test-handyhost.ru
/cf56ixqm4hmo9mco4un456azr94f7rsa6xkusidqjs2bg7lsvak1lbz1xl3xp0yq5p6eyykeju8rjzpzjw2a/f4gcpek23jbc0nadh6spye3fiujv9m6nyq2gwihz6ctth8d37hdajp/cf1d9bc56e0d85baf1d1e7e49e0db80d9b047230.php
/cf56ixqm4hmo9mco4un456azr94f7rsa6xkusidqjs2bg7lsvak1lbz1xl3xp0yq5p6eyykeju8rjzpzjw2a/
/f4gcpek23jbc0nadh6spye3fiujv9m6nyq2gwihz6ctth8d37hdajp/
/cf1d9bc56e0d85baf1d1e7e49e0db80d9b047230.php

# Reference: https://www.virustotal.com/gui/file/5ad69de9fdcb9ae92c756236de868bf963d04b6cad241d418c62f06e7332c13c/detection

http://82.146.42.205
/httptraffic.php

# Reference: https://www.virustotal.com/gui/file/ac5690010ad06525c90e0d604403e9169f2698d82f5a4e89d328343d59ead472/detection

bigwins.ddns.net
/ExternalphpPoll.php

# Reference: https://www.virustotal.com/gui/file/ca0c5b278fc4a2fd0d71019429789248453779143404ff909964807facba6b20/detection

http://212.109.199.108
/HttpBigloadsqllinux.php

# Reference: https://www.virustotal.com/gui/file/9c7cb7bc7443f2f35c6804ca5aca69df5b21327b96428c31cb1cea12b3b94d1e/detection

http://79.174.13.146
/linuxAsync.php

# Reference: https://www.virustotal.com/gui/file/679bec4906c57d7637bd04824f1d3fc26a75e4dac0aff833f9b86a3f0bdd7b24/detection

a0553951.xsph.ru
/apiBigloadDbtrack.php

# Reference: https://www.virustotal.com/gui/file/92b9803da13558ef311fe025ec74a0ada01b1c95b499985d51d4c4bd01f11129/detection

a0548637.xsph.ru
/javascript_geoserver.php

# Reference: https://www.virustotal.com/gui/file/8801faeab21ac37b1785a78c635cba75f914d2056f1b74ddefbcc1b17f836edc/detection

a0555497.xsph.ru
/eternalsecurelinux.php
/ImageProcessordb.php

# Reference: https://www.virustotal.com/gui/file/061fa38282c2f86c3a5e9e0c87e63c6d1e7e9404d3dd212b51515d254a2254ee/detection

cn36102.tmweb.ru
/o40ypy0hwwr6x7tycm55w6pgmkftd/r0m1j2e3zgfazhs6r8x2w603/4057ff4bb273cce3b7c60daac775421c5bf03a7e.php
/o40ypy0hwwr6x7tycm55w6pgmkftd/r0m1j2e3zgfazhs6r8x2w603/
/o40ypy0hwwr6x7tycm55w6pgmkftd/
/r0m1j2e3zgfazhs6r8x2w603/
/4057ff4bb273cce3b7c60daac775421c5bf03a7e.php
/r0m1j2e3zgfazhs6r8x2w603/4057ff4bb273cce3b7c60daac775421c5bf03a7e.php

# Reference: https://www.virustotal.com/gui/file/4cacca33e4823519cffa51e6d0f0226ef3b581024f57d8acc444427a636cb95e/detection

http://194.226.139.141
http://94.103.80.73
/Packetbasetraffic.php

# Reference: https://tria.ge/210731-v2zwybkdfs/behavioral1

http://94.250.248.166
/external_Packetupdatemulti.php

# Reference: https://www.virustotal.com/gui/file/e0dbdf3dbc3203ede5b14a38d80f53203d6c14cda083f81f498fdbe394cdbcf3/detection

cf99125.tmweb.ru
/providerSecureWindows.php

# Reference: https://www.virustotal.com/gui/file/60bd11a9eb239a95fa07a879822b4e4cc4b971f57971387c7c65542b48acb099/detection

cv53487.tmweb.ru
/defaultFlowerAsync.php

# Reference: https://blog.talosintelligence.com/2021/10/crimeware-targets-afghanistan-india.html
# Reference: https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/649/original/network_iocs_for_detection.txt

95.111.241.233:4563
95.111.241.233:8848
AbdaalRuhaani-27733.portmap.host

# Reference: https://www.virustotal.com/gui/file/012fa663e73b01b030d4283bd6d1d23250e47ab6180fe6d1c0efc289a45af710/detection

cq28540.tmweb.ru
/lineToGeomultidb.php

# Reference: https://www.virustotal.com/gui/file/dfb38282ee9f6bc18b4e9c6f0406e00dabc2fe57d76a4eec9722f9e0e7e07928/detection

bitrix386.timeweb.ru
cu85891.tmweb.ru

# Reference: https://www.virustotal.com/gui/file/6718c04021467956503e7c53e7a6597fad77eafe88b080442d4168ab1081f32c/detection

a0560022.xsph.ru

# Reference: https://www.virustotal.com/gui/file/6dfc2ded144d897f001f26e050a1abb54d661b9fd9e855199caf41246cd0649b/detection

a0480057.xsph.ru
/dg6kx49844do2wpbwfc5s75x1y7rj8ig0sqnfxn1w0wceftcj8ijcvlvlj3q42sd5eloze2u68aktlra/fmph5agvjxo/c69cd7ffb036451638f1c24db25a0515740d8125.php
/dg6kx49844do2wpbwfc5s75x1y7rj8ig0sqnfxn1w0wceftcj8ijcvlvlj3q42sd5eloze2u68aktlra/fmph5agvjxo/
/dg6kx49844do2wpbwfc5s75x1y7rj8ig0sqnfxn1w0wceftcj8ijcvlvlj3q42sd5eloze2u68aktlra/
/c69cd7ffb036451638f1c24db25a0515740d8125.php
/fmph5agvjxo/

# Reference: https://www.virustotal.com/gui/file/887f455ee655af59acf845a6f7eec88be53d3e39aff9f3b09cb8e89d9e2c3726/detection

a0524006.xsph.ru
/hepac3jv5bkh5ycvi0d1ewjacma0xgd/wn21g8tolwy8n63qki92hcu82wxutf5dgq239jfp6ghb3008r5/34fa085d5cd7e6f47a1a85493422af8a14f97a19.php
/hepac3jv5bkh5ycvi0d1ewjacma0xgd/wn21g8tolwy8n63qki92hcu82wxutf5dgq239jfp6ghb3008r5/
/hepac3jv5bkh5ycvi0d1ewjacma0xgd/
/wn21g8tolwy8n63qki92hcu82wxutf5dgq239jfp6ghb3008r5/
/34fa085d5cd7e6f47a1a85493422af8a14f97a19.php

# Reference: https://www.virustotal.com/gui/file/90256b8d51135779431b9a7d02944d79e0c8b7f6a00ba19a5d08d4e252f39964/detection

a0549308.xsph.ru
/providerlongpollasync.php

# Reference: https://www.virustotal.com/gui/file/a01d51b821fc25d9909c74771287e7782cf607a69c01e29037860e1e32399a0b/detection

a0600399.xsph.ru

# Reference: https://www.virustotal.com/gui/file/c6cabb4109dca04a0d3493c4dd00861f5dc727606e5fe9120d2fd3ebadbb476c/detection
# Reference: https://www.virustotal.com/gui/file/ced32aa25118e81a5b12ad187f9372239eb440327f96f5c28a6ca7dd483b38a7/detection

a0454147.xsph.ru
/bdytbxyzt28mr240noe4rrg093adguvi02oc6/
/srxotvy8z6jic7vy7ah4oudisalxsdmkwfksgbennps3g6fd4u1zh26ojvzw3xucp4pz275y39bj89k8intmkl11/
/0226cf1a5d9ff16d620618544626a30aadc83dc5.php

# Reference: https://www.virustotal.com/gui/file/752a2b36c51e70a340394df673dba33a6e4731629b1e624f9246030d80fa3003/detection

a0429276.xsph.ru
/3t5v7d7pegualb068qsj0nmxfghl0fuoh418iz6cinatqfor4v9akdq37rx9ycwvyee8ubs4swlgiac585m0/
/pdzkcqf0x4dyr2f2vlaf7e4rmrh72yr1bm6mhyue2zim1j4z0u6/
/a30a7e8d446e07feb3edd0a0387878b922679121.php

# Reference: https://www.virustotal.com/gui/file/dacce09fd5829213606cef3f45d5bc43d4522183e54422eb4a5c7a404c69a6c2/detection

rodik2020m.temp.swtest.ru

# Reference: https://www.virustotal.com/gui/file/44f3eb01406921d5605933abce49e5fe04cfe6a73f3fcb7380dc99765043ea2a/detection

cheff2019m.temp.swtest.ru

# Reference: https://www.virustotal.com/gui/file/cacd507c94ebe53ab72ec0ca9352069e09f8b8dcfba64abd2054f227ad16e0b2/detection

testedpo11.temp.swtest.ru

# Reference: https://www.virustotal.com/gui/file/4bf6ec0d9ab95d7d7d4e1e7453a83ed731c9188fbe6d007834025f00791cdcb9/detection

jlauka2018.temp.swtest.ru

# Reference: https://www.virustotal.com/gui/file/41dcb2cb400c656826db00e368c5ddc4d254d69d5d9ab0cd6a63fd68bba2fb5f/detection

a0439723.xsph.ru

# Reference: https://www.virustotal.com/gui/file/b9024622a0e5c982db8b533e6c3a736d65d5c02bf01b4ff15d3fd770f4632443/detection

a0439698.xsph.ru

# Reference: https://www.virustotal.com/gui/file/e6af686fbb16722033095116708e650d4dc8094069d2047291e7fb374cc5edc1/detection

a0438890.xsph.ru

# Reference: https://www.virustotal.com/gui/file/b1ce6bb28fac9c93b1eec761dfcabcc7f37ea3ef8ef9fd388f42cb41ba2d8dc0/detection

a0439294.xsph.ru

# Reference: https://www.virustotal.com/gui/file/02a8462c5578ac09bd2c6657167a5103b0e91ad759b05f6d63e415b47cbcdcfb/detection

a0440066.xsph.ru

# Reference: https://www.virustotal.com/gui/file/9f66780f03e00ce6852d2bbb9ae2496b875871ae3cf8fd2a578596431ac3346f/detection

a0523644.xsph.ru
/c29bwyj1xuov8fe73uqhp09la6kkaphj7gm/x9ahvg1kp8jvucilm9rwee4ich/8e4fcd4fc1806a68c3bd06d79ba1b48b1ebe08b1.php
/c29bwyj1xuov8fe73uqhp09la6kkaphj7gm/x9ahvg1kp8jvucilm9rwee4ich/
/c29bwyj1xuov8fe73uqhp09la6kkaphj7gm/
/x9ahvg1kp8jvucilm9rwee4ich/
/8e4fcd4fc1806a68c3bd06d79ba1b48b1ebe08b1.php

# Reference: https://www.virustotal.com/gui/file/c8db435b9a380579b7ccf477a0030f6d8d143ff32df9148f6ed82407c5f86813/detection

a0530848.xsph.ru
/imageLinepipeGame.php

# Reference: https://www.virustotal.com/gui/file/da2d2ccffac5d4877096cb5b787e10ac0817b5a56c3ff67f640ec80d47dfd258/detection

a0550213.xsph.ru
/Vmpacketbigload.php

# Reference: https://www.virustotal.com/gui/file/8a55211db06abc570a3f0e6bc612d42a67f1face07d82a65cdcbac9a56c64923/detection

a0552459.xsph.ru
/CpuApisqltrack.php

# Reference: https://www.virustotal.com/gui/file/6c231312fac958bb547368ae896a4e763d97d176eee5223f365c81ce3ffc3211/detection

a0550354.xsph.ru
/PollGeoprocessdefaultflower.php

# Reference: https://www.virustotal.com/gui/file/17cb5a4dec6b16c87fa481f4d2e1cea4ed3c24a790dae776ba83fa5320f98ee2/detection

a0615946.xsph.ru

# Reference: https://www.virustotal.com/gui/file/34e8a3b9532e5475b8c62a21f836682bbe1e2479089bcc2a0b6646e66362d573/detection

cb81657.tmweb.ru
/pipeHttpAuthbasewordpress.php

# Reference: https://www.virustotal.com/gui/file/5e40c4e18338a01645611f11f2caeb4eb5353bda96175f96c20526e16a5d3e14/detection

cy50210.tmweb.ru
/VideoVmJavascriptCentralTemporary.php

# Reference: https://www.virustotal.com/gui/file/5e4f320e663b58088d396ca3c9a32bfcf3ef0fb0f26d21f70e3f4e0ef9c6a5a5/detection

cu44809.tmweb.ru

# Reference: https://www.virustotal.com/gui/file/a8b815767cc06b4e4c73c0ffaa73eda2d9bef6ba1da8fc62950c6b7b1343c160/detection

http://80.78.240.210
/imageVideoupdateauthApi.php

# Reference: https://www.virustotal.com/gui/file/7700b39073a305e9b3ae9e64e36dc507ff13caf82e3f0b8a812e76bbfabfc36d/detection
# Reference: https://www.virustotal.com/gui/file/064e47140735631b988516748b833330b5c0844d6016b1c3d80c83c5c326cba2/detection

http://92.63.106.112
/JavascriptauthMultibase.php
/javascriptdefaultbase.php

# Reference: https://threatfox.abuse.ch/ioc/315762/

http://176.126.103.126
/pythonjavascriptprotectFlowerDatalife.php

# Reference: https://www.virustotal.com/gui/file/a1a4171c888bb45ba62753af9d69469a6eba3d9bffdc8ea46b6f37c61faa0c86/detection

bigrussianfloppa.duckdns.org
/externalbaseGeneratorTempdownloads.php

# Reference: https://www.virustotal.com/gui/file/00603531bcf1c4db7431140d656e57a43887fe1103bbac67c91141804084f50e/detection

allakorovi.temp.swtest.ru
/Vm_processasync.php

# Reference: https://www.virustotal.com/gui/file/5f615615c250fe6757004187cc0a1de547fbbb0fb922ea7d11838da7d98593be/detection

15.235.13.122:3000

# Reference: https://tria.ge/220209-d5xwlshba2/behavioral2

http://37.46.135.124

# Reference: https://tria.ge/220130-13xt6abccq/behavioral2

http://62.109.2.159

# Reference: https://tria.ge/220125-f2kszshddn/behavioral2

http://37.46.130.225

# Reference: https://tria.ge/220120-qjy8rsabdk/behavioral2

http://149.154.70.169

# Reference: https://www.virustotal.com/gui/file/f441ea0832309aa62b60882b28fbd5f4685fd75c0c188a1e4668237c5d0b30b9/detection
# Reference: https://www.virustotal.com/gui/file/0e748d0654f213eb61a27174cf40a102b38d241185d49cb348cde07350b85c50/detection

154.16.248.110:8848
154.16.248.223:8848
172.83.152.101:8848
23.237.25.128:8848
23.237.25.226:8848
23.237.25.232:8848
79.101.204.213:8848
zerocool888.duckdns.org

# Reference: https://www.virustotal.com/gui/file/d3d8c9bca1efbecedaa23e64e662214517926d481cc59edebc60145aabbf7730/detection

http://192.236.192.143

# Reference: https://www.virustotal.com/gui/file/0be0e32f4f1dfcd37a3afdb938d27345cd42a3512fbe1ae0b1c209dbe060bf12/detection

51.81.142.111:7979
pearvh.ddns.net

# Reference: https://www.virustotal.com/gui/file/0e8c253c11e409898c0c547c9fe47c6aa4441726061d8df6f7de32e7b6eb3f78/detection

cf47501.tmweb.ru

# Reference: https://www.virustotal.com/gui/file/ad2ef315d1e12b4f973eb23529f6c332fe67db210b59b588d6f1636003b240c1/detection

cd86823.tmweb.ru
/VmPythonserverTrafficdle.php

# Reference: https://www.virustotal.com/gui/file/ff7db454e5873e61727042bb37d5359ef5c8e4e5510fced6f4e21c9f442c7c14/detection

cy70433.tmweb.ru

# Reference: https://www.virustotal.com/gui/file/8f831441d0959368d3ee7d27441fc1156d77e3bc0ea443760e98b8c54c068178/detection

cr85089.tmweb.ru
/imageBigloadDefaultDleLocal.php

# Reference: https://www.virustotal.com/gui/file/aa255b75541e4e8163684cacedde6741f32e2622a0f6876a11caa4c9edb60c98/detection
# Reference: https://www.virustotal.com/gui/file/3aa22c46f786e2718696a5916e7f494d16ac51f51aa5c7d36439642fc93bdbe9/detection

197.210.227.5:3428
197.210.55.176:3428
frank.ddnsking.com

# Reference: https://www.virustotal.com/gui/file/ff3139e35eec5df931d732988e7a6b5612bb9f965ebb38708e4edbf1bebe2280/detection

a0613874.xsph.ru
/externaleternalApiTemporary.php

# Reference: https://www.virustotal.com/gui/file/fa682ed24f520200484355c5fc07427103d1c53a6db60f96d059855bc1ccef7c/detection

a0653333.xsph.ru
/ExternalJavascriptProcessTraffic.php

# Reference: https://www.virustotal.com/gui/file/f7dcbcdc69dc9091b4a243e43cbb020f45e3ec177bc8a375c61ec98615bf402f/detection

a0643628.xsph.ru

# Reference: https://www.virustotal.com/gui/file/ebcb5ce8775baac48a3211fc6a665b92ba5025cb9f37512ece0ca8fd28a70707/detection

a0643626.xsph.ru
/ToSqllinux.php

# Reference: https://www.virustotal.com/gui/file/ded5891b6f8f7dffa6ca268fb1c686c1f2017af2473cada96c99401baa8c1c32/detection

a0613505.xsph.ru
/requestGeoProtectflower.php

# Reference: https://www.virustotal.com/gui/file/dc11ec7791f71753d03cb63ed0c9ced53cb2e250a5413ccd8ec9ed609e2780ae/detection

a0604955.xsph.ru
/imageBaseTemptemporary.php

# Reference: https://www.virustotal.com/gui/file/d8f25d4e26a04cbfb40a44650503e944c2a628ae255bbf7aa3e3a6ed38a16bb2/detection

a0636388.xsph.ru
/processauthDleTemporary.php

# Reference: https://www.virustotal.com/gui/file/d67c934f491416949ea2f884dd92e1df963842b782883e7d2fcd3722e40b3051/detection

a0615272.xsph.ru

# Reference: https://www.virustotal.com/gui/file/d0ae81400fd405312a1f6e59846d9f494abc72f8075e592b4e63f227b2178ba4/detection

a0605075.xsph.ru

# Reference: https://www.virustotal.com/gui/file/d078590e47634128542985f434513e843c967b9097c6581c31b6c2bf704296f6/detection

a0640235.xsph.ru
/multiBasegeneratorPublicprivate.php

# Reference: https://www.virustotal.com/gui/file/12e6398f73e2b6945d16b3d64ae0d905b06be81e208ebc37f47001fe6186352b/detection

cv67410.tmweb.ru
/45cztqral1d4n7tbl6l58ivvuctd6v05rfncjtl9y17hdjefk/h72y35q4jeb9tmr8r3us68aomn9p4eix2hh5vyp5eumkciwn4udxkkw0v3q8k/f597d04c819c3ce4e2ce6278ae7bb73632e22455.php
/45cztqral1d4n7tbl6l58ivvuctd6v05rfncjtl9y17hdjefk/
/h72y35q4jeb9tmr8r3us68aomn9p4eix2hh5vyp5eumkciwn4udxkkw0v3q8k/
/f597d04c819c3ce4e2ce6278ae7bb73632e22455.php

# Reference: https://www.virustotal.com/gui/file/fd54ce3addfbcd79126599cb8b8cb9b140dd9defde04058f16b633a004f8c5d5/detection

ci40763.tmweb.ru
/ek5o644jb1mblccz2keb7qypfo3oxnx8hvfs8crzzd02ek2jsmufgr4i9p3xuq6qhwr2838co7ihehmtn0m9u/wyxtdmxpgxg94nxdieqsmok7p68lo0mj7w5tlbwe1rvhf80drwl4nvhriip2vtf656jpbuzapzyi1gerejz3h5r/fdbccf8d3c2e2a0b76ff89809ce571594dcdcb70.php
/ek5o644jb1mblccz2keb7qypfo3oxnx8hvfs8crzzd02ek2jsmufgr4i9p3xuq6qhwr2838co7ihehmtn0m9u/wyxtdmxpgxg94nxdieqsmok7p68lo0mj7w5tlbwe1rvhf80drwl4nvhriip2vtf656jpbuzapzyi1gerejz3h5r/fdbccf8d3c2e2a0b76ff89809ce571594dcdcb70.php
/ek5o644jb1mblccz2keb7qypfo3oxnx8hvfs8crzzd02ek2jsmufgr4i9p3xuq6qhwr2838co7ihehmtn0m9u/
/wyxtdmxpgxg94nxdieqsmok7p68lo0mj7w5tlbwe1rvhf80drwl4nvhriip2vtf656jpbuzapzyi1gerejz3h5r/
/fdbccf8d3c2e2a0b76ff89809ce571594dcdcb70.php

# Reference: https://www.virustotal.com/gui/file/f55a233ea31b463466defa5d5b3941699e76835a48d94ff8430a7ade30dbeddf/detection

193.161.193.99:59618
daddycitrix-59618.portmap.io

# Reference: https://blogs.blackberry.com/en/2022/05/dirty-deeds-done-dirt-cheap-russian-rat-offers-backdoor-bargains
# Reference: https://www.virustotal.com/gui/file/ae97918f7e22be53b7eb9778c11dec8d873989a2b798617a60b2d448fac5dc89/detection

co44089.tmweb.ru
/9rsk8lug9peq4f23cjhyo3fz2q7j81vhnvil6c6tjdc7adzbia1ki04d9p65b5wfe4ronb0rtm/4vsyc5bajheyp1gt5i63igklh15828uwuwsek0x0p9frsqy1l2boc3l936aratwc7jddw2djzm40u83r6f/d9475980a348412b6a890000bd9ece3a022be2e8.php
/9rsk8lug9peq4f23cjhyo3fz2q7j81vhnvil6c6tjdc7adzbia1ki04d9p65b5wfe4ronb0rtm/
/9rsk8lug9peq4f23cjhyo3fz2q7j81vhnvil6c6tjdc7adzbia1ki04d9p65b5wfe4ronb0rtm/4vsyc5bajheyp1gt5i63igklh15828uwuwsek0x0p9frsqy1l2boc3l936aratwc7jddw2djzm40u83r6f/
/4vsyc5bajheyp1gt5i63igklh15828uwuwsek0x0p9frsqy1l2boc3l936aratwc7jddw2djzm40u83r6f/d9475980a348412b6a890000bd9ece3a022be2e8.php
/4vsyc5bajheyp1gt5i63igklh15828uwuwsek0x0p9frsqy1l2boc3l936aratwc7jddw2djzm40u83r6f/
/d9475980a348412b6a890000bd9ece3a022be2e8.php

# Reference: https://www.virustotal.com/gui/file/00dca02ce6a738439634bf9794859f7fbb40e9e62e6701743e32c786f8269f23/detection

a0504029.xsph.ru
/adao541rcdh52c1u906nlakpjbwh21p47fejgvlrbka4w7vuut63sm9/10jrzpo8v95hjxexofgi2kabmhbwb9xlgu27uwlplsenpz6bccts2nq2424gmtv3ykp74/694e9a452a200fae5d4a04b05733dbdbac6fef75.php
/adao541rcdh52c1u906nlakpjbwh21p47fejgvlrbka4w7vuut63sm9/10jrzpo8v95hjxexofgi2kabmhbwb9xlgu27uwlplsenpz6bccts2nq2424gmtv3ykp74/
/10jrzpo8v95hjxexofgi2kabmhbwb9xlgu27uwlplsenpz6bccts2nq2424gmtv3ykp74/694e9a452a200fae5d4a04b05733dbdbac6fef75.php
/10jrzpo8v95hjxexofgi2kabmhbwb9xlgu27uwlplsenpz6bccts2nq2424gmtv3ykp74/
/adao541rcdh52c1u906nlakpjbwh21p47fejgvlrbka4w7vuut63sm9/
/694e9a452a200fae5d4a04b05733dbdbac6fef75.php

# Reference: https://www.virustotal.com/gui/file/0193945a5e4c654ae765e311a7bb0a5c1344ec3d5e7cf57f81620c6186d21841/detection

a0635613.xsph.ru
/SqlwindowsUniversalcdntemporary.php

# Reference: https://www.virustotal.com/gui/file/fd949b25fcc548aac88535151d8f8ad7302307c56357d90d0aa1a01fc55c7956/detection

a0501990.xsph.ru
/1jajffbp8t6k71fa9icrwylrgp4udpd7z62oz7bgp87x9finxn/ke0ide6s5hf7zokwe/e776f8f27539e2705547b02779c1b90b8b204984.php
/1jajffbp8t6k71fa9icrwylrgp4udpd7z62oz7bgp87x9finxn/ke0ide6s5hf7zokwe/
/ke0ide6s5hf7zokwe/e776f8f27539e2705547b02779c1b90b8b204984.php
/1jajffbp8t6k71fa9icrwylrgp4udpd7z62oz7bgp87x9finxn/
/ke0ide6s5hf7zokwe/
/e776f8f27539e2705547b02779c1b90b8b204984.php

# Reference: https://www.virustotal.com/gui/file/fc75f0331334f23072247d9eb4746e0c692b4bd724c6dc0bbf9f3093bb87105f/detection

/f6sct0q3lp/f7btjg0za5k069v46cxllp8vh93bw8wc23y5l2ue3tergt0us4qzq2bi5w1gb0lpn4/49832f0846f8d279cad20b836d78b599e2c668da.php
/f6sct0q3lp/f7btjg0za5k069v46cxllp8vh93bw8wc23y5l2ue3tergt0us4qzq2bi5w1gb0lpn4/
/f7btjg0za5k069v46cxllp8vh93bw8wc23y5l2ue3tergt0us4qzq2bi5w1gb0lpn4/49832f0846f8d279cad20b836d78b599e2c668da.php
/f6sct0q3lp/
/f7btjg0za5k069v46cxllp8vh93bw8wc23y5l2ue3tergt0us4qzq2bi5w1gb0lpn4/
/49832f0846f8d279cad20b836d78b599e2c668da.php

# Reference: https://www.virustotal.com/gui/file/f638a72eec11f20c56d6863b048f8f2d1a69cbb43512486454b48d0598a915d0/detection

a0620849.xsph.ru
/To_requestsqlgenerator.php

# Reference: https://www.virustotal.com/gui/file/f3910b4183705723698873055e2b8808ea4066ab9cbe0a65e65aed6f8027c287/detection

a0547090.xsph.ru

# Reference: https://www.virustotal.com/gui/file/f2a111bdc9a0fcff64c138c71e88cce5a2af06fdb323d6837d2449f377eb6b1b/detection

a0511040.xsph.ru
/ukntk5p5n3tkgyaa0kbzjqix6j82bc537oszjacooeung0v0f792fgoylh8zy3acp4r15j8p4i4e1vlusgl3pe/ia0g7rcp5ce07fq5shkvr462bvc8mwltmotn501xr65whdvcoq9tbslfwo1g7onfqye81qwi/b7594eb1766c3f4c49239eb927b936bfae118dc4.php
/ukntk5p5n3tkgyaa0kbzjqix6j82bc537oszjacooeung0v0f792fgoylh8zy3acp4r15j8p4i4e1vlusgl3pe/ia0g7rcp5ce07fq5shkvr462bvc8mwltmotn501xr65whdvcoq9tbslfwo1g7onfqye81qwi/
/ia0g7rcp5ce07fq5shkvr462bvc8mwltmotn501xr65whdvcoq9tbslfwo1g7onfqye81qwi/b7594eb1766c3f4c49239eb927b936bfae118dc4.php
/ia0g7rcp5ce07fq5shkvr462bvc8mwltmotn501xr65whdvcoq9tbslfwo1g7onfqye81qwi/
/ukntk5p5n3tkgyaa0kbzjqix6j82bc537oszjacooeung0v0f792fgoylh8zy3acp4r15j8p4i4e1vlusgl3pe/
/b7594eb1766c3f4c49239eb927b936bfae118dc4.php

# Reference: https://www.virustotal.com/gui/file/ea6fc1630a4ed56abe7d83529ce0c1ae122c11bde401048871d0513510e50f8e/detection

a0547138.xsph.ru

# Reference: https://www.virustotal.com/gui/file/e851b030549e4e022b46ec88fdec6a8aaf4ff41184332be8ac4cfeb8d4c7ec17/detection

a0506233.xsph.ru
/xjq3mmrkeov8cn4ydhcd/j4h220yu1ohi57exxz4dhsa3t7znjumbe5nmvw3rdgwga/80dc5955c8bef80ffc6828492786eb8ca61f8997.php
/xjq3mmrkeov8cn4ydhcd/j4h220yu1ohi57exxz4dhsa3t7znjumbe5nmvw3rdgwga/
/j4h220yu1ohi57exxz4dhsa3t7znjumbe5nmvw3rdgwga/80dc5955c8bef80ffc6828492786eb8ca61f8997.php
/j4h220yu1ohi57exxz4dhsa3t7znjumbe5nmvw3rdgwga/
/xjq3mmrkeov8cn4ydhcd/
/80dc5955c8bef80ffc6828492786eb8ca61f8997.php

# Reference: https://www.virustotal.com/gui/file/e7589f12f5f6bd06cb353809cae963730aaac1829327474793f0c8028a5d6548/detection

a0499458.xsph.ru
/mjcstx05nas5guqmw74orf9aue1eqvlexi469bpjprkg30ezp8boa0hg2u29w3tdifq6more/sd9fzlf0mzptv876giu43a8o8c6n7ygq8jz19ext452cyyaren36whfix1jpug46ki5s/3853f5654eb40f9911242115ee8218fff8de6ae8.php
/mjcstx05nas5guqmw74orf9aue1eqvlexi469bpjprkg30ezp8boa0hg2u29w3tdifq6more/sd9fzlf0mzptv876giu43a8o8c6n7ygq8jz19ext452cyyaren36whfix1jpug46ki5s/
/sd9fzlf0mzptv876giu43a8o8c6n7ygq8jz19ext452cyyaren36whfix1jpug46ki5s/3853f5654eb40f9911242115ee8218fff8de6ae8.php
/mjcstx05nas5guqmw74orf9aue1eqvlexi469bpjprkg30ezp8boa0hg2u29w3tdifq6more/
/sd9fzlf0mzptv876giu43a8o8c6n7ygq8jz19ext452cyyaren36whfix1jpug46ki5s/
/3853f5654eb40f9911242115ee8218fff8de6ae8.php

# Reference: https://www.virustotal.com/gui/file/e34ac32e1ed63dbac5f1ea54b05aa670339db0ddd786ae4fd3c484c22091d86b/detection

a0512913.xsph.ru
/s81o2tn5p605rt71m6u3jghhb0b03qsa44oddlsjaytzt4paz2pq7a7oj7biqe39/528mdec649upg6f2ra5ytesid3dvl9nh45b4pwlanpm7biqaaqrvqxgx0gtug31n7bt9e4ml77f3w6/1942c9b90273e2f2fa8a022e10535d3d226e3d07.php
/s81o2tn5p605rt71m6u3jghhb0b03qsa44oddlsjaytzt4paz2pq7a7oj7biqe39/528mdec649upg6f2ra5ytesid3dvl9nh45b4pwlanpm7biqaaqrvqxgx0gtug31n7bt9e4ml77f3w6/
/528mdec649upg6f2ra5ytesid3dvl9nh45b4pwlanpm7biqaaqrvqxgx0gtug31n7bt9e4ml77f3w6/1942c9b90273e2f2fa8a022e10535d3d226e3d07.php
/528mdec649upg6f2ra5ytesid3dvl9nh45b4pwlanpm7biqaaqrvqxgx0gtug31n7bt9e4ml77f3w6/
/s81o2tn5p605rt71m6u3jghhb0b03qsa44oddlsjaytzt4paz2pq7a7oj7biqe39/
/1942c9b90273e2f2fa8a022e10535d3d226e3d07.php

# Reference: https://www.virustotal.com/gui/file/dd6a597309522bf6cd51cdbbf7a17a3148f2b1367ea87aa5b54a4cda76d12e24/detection

a0509262.xsph.ru
/hb1gymx2f7szz1rahc7jn5x4fu943e0k4te0y/36fll0sqbzxn79ia7wdc/1db7cb52a48c5e4b186a7ab240d346d4d5c54eda.php
/hb1gymx2f7szz1rahc7jn5x4fu943e0k4te0y/36fll0sqbzxn79ia7wdc/
/36fll0sqbzxn79ia7wdc/1db7cb52a48c5e4b186a7ab240d346d4d5c54eda.php
/36fll0sqbzxn79ia7wdc/
/hb1gymx2f7szz1rahc7jn5x4fu943e0k4te0y/
/1db7cb52a48c5e4b186a7ab240d346d4d5c54eda.php

# Reference: https://www.virustotal.com/gui/file/d98b8c3e36db621aea1b70e30290c8df7ed5f16585285c8af3e83bac6121ed44/detection

a0636042.xsph.ru

# Reference: https://www.virustotal.com/gui/file/d720cd83354d772ed43d388ca6117257b4e77c74550f9140a8311fc564c8c0ad/detection

a0636235.xsph.ru

# Reference: https://www.virustotal.com/gui/file/d4a3c8464081d0f33ddc2d954f35f678c9da896f1ea14a5ca5c21e3fab34635e/detection

a0607571.xsph.ru
/javascriptsecureauthGameuniversal.php

# Reference: https://www.virustotal.com/gui/file/d379acd0508f62cd1074da129c2a1d6478fae5c10ae0de05005b05e268ae779e/detection

a0512176.xsph.ru
/47hcq7zohwim1npp2lf3x16dq4ue/yyiq8nqjfxjxl7r7ttgodhimeln9wp55alx9ujrvikb2ba33w/8be8b684d4f6852a286a4b2b0ae48476765c4d4e.php
/47hcq7zohwim1npp2lf3x16dq4ue/yyiq8nqjfxjxl7r7ttgodhimeln9wp55alx9ujrvikb2ba33w/
/yyiq8nqjfxjxl7r7ttgodhimeln9wp55alx9ujrvikb2ba33w/8be8b684d4f6852a286a4b2b0ae48476765c4d4e.php
/47hcq7zohwim1npp2lf3x16dq4ue/
/yyiq8nqjfxjxl7r7ttgodhimeln9wp55alx9ujrvikb2ba33w/
/8be8b684d4f6852a286a4b2b0ae48476765c4d4e.php

# Reference: https://www.virustotal.com/gui/file/cd22545cd8815721dd36621d53c0a759a9a7db32e9709b9810cddfe320f54bce/detection

a0505523.xsph.ru
/rxrz942aiuu4l8pz911zftk80r96wapccjubcecid2dnukfb1l7vkft3vyy07gao6txs5v5dxil5/olvsy92ekms4xtegh8ut2uaglv9sx3c80fng5kdqe8jn6itjnc18qlnjuiw31zro2xao327x46c5w34/3444644e44c1647371bd5dfb1f4c154e2628a7d9.php
/rxrz942aiuu4l8pz911zftk80r96wapccjubcecid2dnukfb1l7vkft3vyy07gao6txs5v5dxil5/olvsy92ekms4xtegh8ut2uaglv9sx3c80fng5kdqe8jn6itjnc18qlnjuiw31zro2xao327x46c5w34/
/olvsy92ekms4xtegh8ut2uaglv9sx3c80fng5kdqe8jn6itjnc18qlnjuiw31zro2xao327x46c5w34/3444644e44c1647371bd5dfb1f4c154e2628a7d9.php
/olvsy92ekms4xtegh8ut2uaglv9sx3c80fng5kdqe8jn6itjnc18qlnjuiw31zro2xao327x46c5w34/
/rxrz942aiuu4l8pz911zftk80r96wapccjubcecid2dnukfb1l7vkft3vyy07gao6txs5v5dxil5/
/3444644e44c1647371bd5dfb1f4c154e2628a7d9.php

# Reference: https://www.virustotal.com/gui/file/c9799f909a0bf09ef5fab57929cd0de349aad34c2456e8dd076a878921427a43/detection

a0502373.xsph.ru
/95d8wtybliyy4c6xga0vs1uzc9/qrle8kye8zrfk7b4iz7m25gyxpioon3nz23wm32t26zcds0ve6szgcemt2a9fsbp5n85s6avj3bwvc1amj5guh47d/1689e55ee8d0b7689e40485576d1d8903252a398.php
/95d8wtybliyy4c6xga0vs1uzc9/qrle8kye8zrfk7b4iz7m25gyxpioon3nz23wm32t26zcds0ve6szgcemt2a9fsbp5n85s6avj3bwvc1amj5guh47d/
/qrle8kye8zrfk7b4iz7m25gyxpioon3nz23wm32t26zcds0ve6szgcemt2a9fsbp5n85s6avj3bwvc1amj5guh47d/1689e55ee8d0b7689e40485576d1d8903252a398.php
/95d8wtybliyy4c6xga0vs1uzc9/
/qrle8kye8zrfk7b4iz7m25gyxpioon3nz23wm32t26zcds0ve6szgcemt2a9fsbp5n85s6avj3bwvc1amj5guh47d/
/1689e55ee8d0b7689e40485576d1d8903252a398.php

# Reference: https://www.virustotal.com/gui/file/c010d0c7128593451922c1513c9b4afa3453e3c9f73e3eb164689cdaf246b372/detection

a0615320.xsph.ru
/EternalGeneratorwordpressprivate.php

# Reference: https://www.virustotal.com/gui/file/c00bda11c896a535e69e122d9727f19346bf75bc601e4f599abba928c94a5c1b/detection

a0509427.xsph.ru
/0mqeh34ok06sgd36e5t/dp6mhcfn80s3jnls9hhje7q9i74e8fnotkr5zkg9354fbqj57xyjbkrd9god5mm68/f32ab53a4e9a006cb78f5151fe42a10eb173f34b.php
/0mqeh34ok06sgd36e5t/dp6mhcfn80s3jnls9hhje7q9i74e8fnotkr5zkg9354fbqj57xyjbkrd9god5mm68/
/dp6mhcfn80s3jnls9hhje7q9i74e8fnotkr5zkg9354fbqj57xyjbkrd9god5mm68/f32ab53a4e9a006cb78f5151fe42a10eb173f34b.php
/0mqeh34ok06sgd36e5t/
/dp6mhcfn80s3jnls9hhje7q9i74e8fnotkr5zkg9354fbqj57xyjbkrd9god5mm68/
/f32ab53a4e9a006cb78f5151fe42a10eb173f34b.php

# Reference: https://www.virustotal.com/gui/file/b76d4d55a77e60335c601937e5640e9340d81958c0fe3d7589200437114ee289/detection

a0530235.xsph.ru

# Reference: https://www.virustotal.com/gui/file/b6e5eb6c4977b9d2fc3450f329df3d278520113b7f4971957e3fe6d298087fec/detection

a0507655.xsph.ru
/tgm1bkvusaettq/25ke48f4rznl2/e911ccbf80878043841ae566261d6d088e7b9f76.php
/tgm1bkvusaettq/25ke48f4rznl2/
/25ke48f4rznl2/e911ccbf80878043841ae566261d6d088e7b9f76.php
/25ke48f4rznl2/
/tgm1bkvusaettq/
/e911ccbf80878043841ae566261d6d088e7b9f76.php

# Reference: https://www.virustotal.com/gui/file/0058b8d9c8c1158938c5cb6bb8812d745720df7d930f922ff62503ec64c016f9/detection

f0489337.xsph.ru
/4co6nkvlyzq7nnxoghatiyygje7dvtis5i4rkcil1/daqvp0s8mjwvvt95z7311j2qc3po9qsxe0eyhf6ryaktqute8248i1f5ru822hjnjt4zbkivjakrr40tl/fc8ba6c59d8743c977012be26c9b31afc585846a.php
/4co6nkvlyzq7nnxoghatiyygje7dvtis5i4rkcil1/daqvp0s8mjwvvt95z7311j2qc3po9qsxe0eyhf6ryaktqute8248i1f5ru822hjnjt4zbkivjakrr40tl/
/daqvp0s8mjwvvt95z7311j2qc3po9qsxe0eyhf6ryaktqute8248i1f5ru822hjnjt4zbkivjakrr40tl/fc8ba6c59d8743c977012be26c9b31afc585846a.php
/4co6nkvlyzq7nnxoghatiyygje7dvtis5i4rkcil1/
/daqvp0s8mjwvvt95z7311j2qc3po9qsxe0eyhf6ryaktqute8248i1f5ru822hjnjt4zbkivjakrr40tl/
/fc8ba6c59d8743c977012be26c9b31afc585846a.php

# Reference: https://www.virustotal.com/gui/file/819a6e842b7837d2b08acaf4fe967fbe5773d508ac7942edcd78813138184c77/detection

http://149.154.70.81
/zb71wvnuncm5g37hb4doz0gkhfy6rxo1fscb6u9uudo2yp6rp9q0vsj28/3lc4qki7n2954yke05xqzvlfp48v59novo4fg88h4fzmtfwa8cbkrmxji1hbo9smr6l7ppgle/5a2194a364aeae82c34648c9543e8ee7725f5bb5.php
/zb71wvnuncm5g37hb4doz0gkhfy6rxo1fscb6u9uudo2yp6rp9q0vsj28/3lc4qki7n2954yke05xqzvlfp48v59novo4fg88h4fzmtfwa8cbkrmxji1hbo9smr6l7ppgle/
/3lc4qki7n2954yke05xqzvlfp48v59novo4fg88h4fzmtfwa8cbkrmxji1hbo9smr6l7ppgle/5a2194a364aeae82c34648c9543e8ee7725f5bb5.php
/3lc4qki7n2954yke05xqzvlfp48v59novo4fg88h4fzmtfwa8cbkrmxji1hbo9smr6l7ppgle/
/zb71wvnuncm5g37hb4doz0gkhfy6rxo1fscb6u9uudo2yp6rp9q0vsj28/
/5a2194a364aeae82c34648c9543e8ee7725f5bb5.php

# Reference: https://www.virustotal.com/gui/file/003ffe92e0586bdfc75e35fce3d959a2be1f1003a6f60591ffe671fa7bad632a/detection

cg38346.tmweb.ru
/06qd02/4k4fu7wdr8yn18sfc4imxod979kt3jmtzad4vrpbz5vvul5wpom/65c42b42653fba838f215c3150f7a59527ad3b3c.php
/4k4fu7wdr8yn18sfc4imxod979kt3jmtzad4vrpbz5vvul5wpom/65c42b42653fba838f215c3150f7a59527ad3b3c.php
/4k4fu7wdr8yn18sfc4imxod979kt3jmtzad4vrpbz5vvul5wpom/
/65c42b42653fba838f215c3150f7a59527ad3b3c.php

# Reference: https://www.virustotal.com/gui/file/0a66fab23fc185a17155e98e68315898fbab45bf6a5120d40734f1d0e17ed0bf/detection

ct51793.tmweb.ru
/vmpolllowprotect.php

# Reference: https://tria.ge/220513-1c14wsbhb8/behavioral1
# Reference: https://tria.ge/220513-epmldaccb8/behavioral1

http://31.148.99.171

# Reference: https://www.virustotal.com/gui/file/eed1a9f0ec43c5ae892d3405db010421f0961d53a0728c5f298d45baa31f9e92/detection

a0679997.xsph.ru

# Reference: https://www.virustotal.com/gui/file/6db9070ee1d70e0d24eee9794c461f7bc8be994f7fe7ad721ade2fe3b09bde42/detection

a0662376.xsph.ru
/providersecureApiLinux.php

# Reference: https://www.virustotal.com/gui/file/73583b83b0864479a0731f3d7aa8986f20415ce961774b13029ada8b778790ac/detection

154.12.230.109:8848

# Reference: https://www.virustotal.com/gui/file/06ad34aa4dc9bdef0a3bc023060110d6f879774411ed397caf07f00d5d6f2a4f/detection

a0684770.xsph.ru

# Reference: https://cert.gov.ua/article/405538 (# Ukrainian, UAC-0113)
# Reference: https://www.virustotal.com/gui/file/2b2438aa8da7c23e714f2d7a196d82ed52914c9353ef9fded01448216bd858ff/detection

plexbd.net/MSCommondll.exe
plexbd.net/MSCommonDriver.exe
datagroup.ddns.net
/PythonHttpGeolongpolldefault.php

# Reference: https://www.fortinet.com/blog/threat-research/ukraine-targeted-by-dark-crystal-rat

star-cz.ddns.net

# Reference: https://www.virustotal.com/gui/file/0007015ce9090fc52712bc0148a974c643fc570b56d8d78765a6fbde9953639d/detection

hyuihyuihyuihyuihyuihyuihyuihyuihyuihyuihyu.site

# Reference: https://www.virustotal.com/gui/file/b64e011891245dfd504c35145c073ab37a7298ca12ba7c0b40190f83bfba5566/detection

http://149.154.70.91
/phprequestApiuniversalpublic.php

# Reference: https://www.virustotal.com/gui/file/1f97e20f092479de14e6ecc4debcbc835528a0de8d75c5f2ac36d9c24d08555b/detection

http://149.154.70.79

# Reference: https://www.virustotal.com/gui/file/1e1ddbd0db9aeff25d220aaa65a1118c38b90e6ad3d268fd4b47ec898bf3d17a/detection

http://87.236.146.23
/Temp5To/HttpPollUniversalgame/sql/02Httpcdn/httpLinux.php

# Reference: https://www.virustotal.com/gui/file/ced36829a9dcff10487b26b9c931c399f4dba93ae3a226c0174426ee02b0c8f9/behavior/VirusTotal%20Jujubox

http://185.46.10.74
/Vm_Servercentral.php

# Reference: https://github.com/ti-research-io/ti/blob/main/ioc_extender/ET_DCRat_Related.json

bomber.dcrat.ru

# Reference: https://www.virustotal.com/gui/file/ba532af8694c6cb7ed64a3967366e9356082f1038e7983f7829ad94f55bb0cf6/detection
# Reference: https://www.virustotal.com/gui/file/f5e5848f11cb330a78ae2c4177ba72a229a7298894061436abcf5bec3c70b752/detection

a0698769.xsph.ru

# Reference: https://www.virustotal.com/gui/file/00671603a647502a53d1fea47406952e22d1de35151f6f3aa187e209da5f1793/detection

a0546152.xsph.ru
/lowUpdategameflower.php

# Reference: https://www.virustotal.com/gui/file/180bdaa12e54e3cc55aec3b80ef124626b997145c520125e96ed750c0a815857/detection

clmonth.nyashteam.ml
1002.clmonth.nyashteam.ml
1006.clmonth.nyashteam.ml
1007.clmonth.nyashteam.ml
1008.clmonth.nyashteam.ml
1648.clmonth.nyashteam.ml
2069.clmonth.nyashteam.ml
2255.clmonth.nyashteam.ml
23457.clmonth.nyashteam.ml
2765.clmonth.nyashteam.ml
28958.clmonth.nyashteam.ml
2945.clmonth.nyashteam.ml
3587.clmonth.nyashteam.ml
3598.clmonth.nyashteam.ml
5422.clmonth.nyashteam.ml
5687.clmonth.nyashteam.ml
61633.clmonth.nyashteam.ml
7485.clmonth.nyashteam.ml
7539.clmonth.nyashteam.ml
7865.clmonth.nyashteam.ml
7885.clmonth.nyashteam.ml
7935.clmonth.nyashteam.ml
9076.clmonth.nyashteam.ml

# Reference: https://www.virustotal.com/gui/file/9fd9b29ea8b6c727dcf1853272ce5b8e4a18ed109e38b0c4857a601e41f81b13/detection

eternity.fbkw.ru
/supersecret/getlatestversionnnncnnnnnnnnnnnnnnnnnnnnannnnnnnnnnnnnnnnnnnnnnnnannnaaa.php
/secretet/vZGOpKmEUkU7BDMvGUZ97QNikJvrOmXSGsjWZ8g0kbT4Nv.php
/getlatestversionnnncnnnnnnnnnnnnnnnnnnnnannnnnnnnnnnnnnnnnnnnnnnnannnaaa.php
/vZGOpKmEUkU7BDMvGUZ97QNikJvrOmXSGsjWZ8g0kbT4Nv.php

# Reference: https://twitter.com/MBThreatIntel/status/1556683337258782720
# Reference: https://www.virustotal.com/gui/file/c90bd7b3e642eba0ab5a1153dde46a1c01131a773956f54801c7380ba037e6b6/detection

sublimetext.me
h925402f.beget.tech
/ServerDefaultBasedatalifedownloads.php

# Reference: https://www.virustotal.com/gui/file/0fd56384d2b39661d2a81b16bd5aa72ae4deb023dda532796acc94516fc1b9de/detection
# Reference: https://app.any.run/tasks/ccecbcd8-f578-40c7-be8a-8bf59e751e0e/

a0682132.xsph.ru
narzieo9.beget.tech
/SecurebaseTraffic.php
/updateapidbCentral.php

# Reference: https://www.virustotal.com/gui/file/03d2ea4dd1ce66403b7977dfdf6fc2a9708425fee1d9b4792ac465578788c61d/detection

a0521453.xsph.ru
/voir02dspjj3azy9xnvqpidhtx1ih6ymcnf7qk7nbjm3gg4lrqpukwjr8twctg5rt297dx6eg5/p7v8ksbrt61jpbbemgmk6wzh6n/c62e14ab2c403943c7e5f1f40282c9a92a2d1d0c.php
/voir02dspjj3azy9xnvqpidhtx1ih6ymcnf7qk7nbjm3gg4lrqpukwjr8twctg5rt297dx6eg5/
/p7v8ksbrt61jpbbemgmk6wzh6n/c62e14ab2c403943c7e5f1f40282c9a92a2d1d0c.php
/p7v8ksbrt61jpbbemgmk6wzh6n/
/c62e14ab2c403943c7e5f1f40282c9a92a2d1d0c.php

# Reference: https://www.virustotal.com/gui/file/21cb6213795cabdcb33cd3102017a9e2a4ad31395976edf02311423ad0f622af/detection

a0703775.xsph.ru

# Reference: https://www.virustotal.com/gui/file/09342b36eeaad27a94f1fd6817bf161cf1c9194709ce8fe869afccd4239f4db3/detection

a0554670.xsph.ru
/PacketgamemultiFlowerTraffic.php

# Reference: https://www.virustotal.com/gui/file/005cc836619526899f69218adb2a46f51f4847d8b43c36a7821c3c9a1abc1110/detection

http://86.110.212.29

# Reference: https://www.virustotal.com/gui/file/2aebe64ad1d7e84b2111b0571276c760eeabd6b641c89c09ba2d9ef95cd883c8/detection

a0710769.xsph.ru
/externalCdntemporary.php

# Reference: https://www.virustotal.com/gui/file/03d0857d5817b72bd95ebb768b41c8d0bd819ad041289ff378dbac621bee2597/detection

asdfadawdawd.ru
/externalauthdbwpPrivate.php

# Reference: https://www.virustotal.com/gui/file/07dd506c59ad8f994f52611247eed8275201d0acb24c1341e33ffd75cceaac85/detection

a0521182.xsph.ru
/ac80iuazteg5lj5e610udcmw3t2xlqrf8oy0pi2/iryj0onjpw3m3xchqsi9zi5k1ghin9p6tk41ers9ejlkmbg60vbhj4hkxlr/kor3vehmv2ztwnlzxsqpgzp8p6haj3coqm6qd54clt61n9fuohygfwmixdi/d96da147ddc7c66170035f82a42d9c2f.php
/ac80iuazteg5lj5e610udcmw3t2xlqrf8oy0pi2/iryj0onjpw3m3xchqsi9zi5k1ghin9p6tk41ers9ejlkmbg60vbhj4hkxlr/kor3vehmv2ztwnlzxsqpgzp8p6haj3coqm6qd54clt61n9fuohygfwmixdi/
/ac80iuazteg5lj5e610udcmw3t2xlqrf8oy0pi2/iryj0onjpw3m3xchqsi9zi5k1ghin9p6tk41ers9ejlkmbg60vbhj4hkxlr/
/iryj0onjpw3m3xchqsi9zi5k1ghin9p6tk41ers9ejlkmbg60vbhj4hkxlr/kor3vehmv2ztwnlzxsqpgzp8p6haj3coqm6qd54clt61n9fuohygfwmixdi/
/ac80iuazteg5lj5e610udcmw3t2xlqrf8oy0pi2/
/iryj0onjpw3m3xchqsi9zi5k1ghin9p6tk41ers9ejlkmbg60vbhj4hkxlr/
/kor3vehmv2ztwnlzxsqpgzp8p6haj3coqm6qd54clt61n9fuohygfwmixdi/
/d96da147ddc7c66170035f82a42d9c2f.php

# Reference: https://www.virustotal.com/gui/file/3c167c067abc30c62d2d74e7409d65cc84ae051a868ce55ee0a1f4de0a3059fb/detection

cw85895.tmweb.ru

# Reference: https://www.virustotal.com/gui/file/000f3f7a71b10f42d32371c5dff7b974300a45fa35f9a7d8024a4ec4fcabab41/detection

a0709015.xsph.ru
/pollFlowerAsyncwordpress.php

# Reference: https://www.virustotal.com/gui/file/00775bf2d98db532ca754489e9f262bbead5f19e6a5b2114e9f3fc989e70dde9/detection

a0706820.xsph.ru

# Reference: https://www.virustotal.com/gui/file/035e94c3897695d24524b01e141f8c904034e15bf0d6492d8005b81d8c1e1424/detection

asos.bar
/bigloadMultiBase.php

# Reference: https://www.virustotal.com/gui/file/2a833361299f6bd61506cf3ac29e25fa960467657cc92f23a6d36bd65a4aabd5/detection

a0685116.xsph.ru

# Reference: https://www.virustotal.com/gui/file/d4d8519fb5cb89f65a29db531034be71cb4c41188c512e01eb48c0ff9e9175f7/detection

a0715881.xsph.ru

# Reference: https://www.virustotal.com/gui/file/7aa907117d7dc41bcf159506536af6d2b76f2ac49adbacbb9748ac09917310ef/detection

a0715314.xsph.ru

# Reference: https://twitter.com/MisterCh0c/status/1123890895605194752
# Reference: https://app.any.run/tasks/39dc7c95-2f60-4a0f-b962-5abb688817ba

darkcrystalrat29.000webhostapp.com
uproxies.myarena.ru

# Reference: https://www.virustotal.com/gui/file/b88b12d7dc8c791383f11a7f2083b0f16d353c6e47615b10bc533c36ef893e96/detection

mamont1337.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/b4d86cc2a6d1417ab614fd759cadbdd03750511cda2cd4d063b92b1daae6cffe/detection

pwnova.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/0f1611211d77702a6f7dd5f1110afdf85bd3d6d2d0d2f569fe2a4962acec2de8/detection

payloads-poison.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/3f17bcfc62559226df10d47eb9769b32c7c2ef5ad44889f0c253e1fcc5d68dea/detection

zorgehnajamn.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/ef486eaf9407e020a911c8795e334b6be98cf84386ac3eeaa25488c975b47227/detection

ponchikgribov.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/c0741e25484d3ed9ab786a852564500602186b59638397ffbe37eab9182a7512/detection

holohololo.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/561f3702f2bc11607012f82894475da814052c925d7d2afd242a95dc5f5a7363/detection

mabuch.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/ebb67c781269d75cc4aa1c5aacdc4ab1289a603dc5532ccc2fb7dbbed284d786/detection

0x01f1.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/bbde4f9a20c30515c9c163709e7fb670d296e087f486278a3017fdaeea282114/detection

supercraftalex.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/0783ad7db9e4f015a8c4a2100da925c43e9197996463f03194519aa8a70d6328/detection

silentscanner.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/de622b50da9fad14bee683c2d46ffa167a453d8cd0d31f7a86d72d2cf5de8b13/detection

thedonserver2.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/a69604b7a62ff5eab64e011fbe653d83b0d7e854633528aedb98a27a300e9cdb/detection

vanityss0.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/fa76b811f2ea98f5c356bac7d2c27cca58c7db23729307fed74650c7ee95075f/detection

allopathic-trays.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/6ad0fb9af26cd895584d71f89186754ab9263c6034126f8ae2be9a85a8ea3482/detection

fritroser.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/9c370e4919315bd7b718e4ccdf605f2332ab672b53209c12dfdd22ebd5bf63b6/detection

cuberdragon.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/7bb559915ee54376af490aec3354df9d024f4c80878eb5c976caf98aff430d7e/detection

spikerr.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/50d8c57679ebf98a325f0cca86309fbd757964accd8e694cc31553c792551c5b/detection

hkmksmsjn.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/fcf3dd30c43dbd3fb8db46ffbd90aa898f821acd5f77c79b0f22da4ef824010e/detection

eliseyhaise1488.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/1c7fbedcbbe92c3c00c58d75ed8f02ddc79ce3af209f68305758a785200b09a9/detection

nosky777.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/f0bd98484d599b26d067ae42c5baf4cacf88170d397b5bf805c3cb8fb558aaa2/detection

zorgehnajamn.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/eb94e806bfd7e5e3aa1a5aee781150cc7e1e83af22a6c0194c6138673a006fb0/detection

jssh.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/92e6d7a6e8e9bdf59d8c92f54ef8f076b04ea31d62e20e83add00d70f53f0373/detection

superacute-barrier.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/d1f9e8d2c091a5ec29a0420ed3a2002209689799ec7babcf1e1ff81775234d53/detection

filesfloader.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/d4a47a202068cf51c8b10381cbdd414f24af4a7c7562b97472540d7a02646d09/detection

diversionary-turbul.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/f3261eab08f0316d237bb474734674acd4a8eeb183331ce689d1cee57de94218/detection

hkmksmsjn.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/873baf17585637276230e7c7b358321ac0e7f9c1e64878b708a030104836e7d6/detection

rat21212121.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/769609d8870d14efe8688affabf153dd287dd7ca97ea81b921704bab1752c150/detection

nikotsu.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/f8eda3c1be8522ab6afd7e8f259ec592292b7940a7f9ee189ecdd5b9ccee2eb9/detection

labscreenshare.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/c3309c40ed05075598d9a44d06be2a5eea0c25ce11e2741e5e1e5239b0f0259e/detection

kasumeauth.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/a8d4bfcf4a966ac593f31cf8fe82b8f133034066859acb8bb54fc19577b35d14/detection

denotable-guide.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/aff3a5987ebd22e6bab2845e8b5f033149d9f6fd38c1c19f63a9b666a78cda84/detection

wolfgt.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/7def4faac6dca29bd03a5b4bcd3e5ead02fdb6318a0b308f88d9cc16065c729c/detection

ratfunpay.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/5ce86179014d6b741a6be05600151c2cf7f6140dc4115e05e3f2261484e677c1/detection

testforpurp.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/b8850467013fa029a51489ee66554fd70296690713a07d80eef978f8871ae8e4/detection

telenor-location-setup.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/47b664ab4e3913721c25763104d534a2585a9f3464b20d5a0b3604b877543ece/detection

hutech123.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/71a5ced54a8792c354b729bbbdd97a132ee32acc332e7cc2136d5fd158bd0dca/detection

dcrettting.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/6fb1b51833dd0eea891ea931b2b4d54835f5b19791b4065babea5538c4d982a6/detection

masha1488.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/1ea8e7c9a99f93222159b00b3713de60ab6364a93a62b18fc24f572922edef86/detection

asbfbzvfhsebh.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/04f0cbef22ec452eb8024aabe693157d03a1d6ff488600b541483d11895eba90/detection

asdasd1010.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/46667d51bd5a6cf6bb93ea291a95ac66fe65459f17d001c40b9a2978bb0fe1ca/detection

mrbigg.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/282cb1832225f49f62850ea57f5227dfadf7a118a609d7ea1488cae8c1029990/detection

mrbiggg.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/ab8f00944d1323c75dedce595036a16765ada233648e247afc30bc76e7ec1914/detection

zorgehnajamn.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/49d323809906bf0326d5cd2e721c301672dfb9e5832bb7470d3693b6cc7c973d/detection

organner.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/7d13019882ad60fc65881d607360a8b1441cb6dde43d1f92e120940f791701d7/detection

kiwihook228.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/f0c5303a8a8713f4c73f9b04debfde6387a37fb0fdab0fd3dba68b4ac9388181/detection

kdwahjdklawhflahywfilyhaw.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/0012c370f4fe5384a99e4041530a76f14518ebf1fa79e2569eae21044f25ca74/detection

moralfag228.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/32d69753f2cfdf76427e497f6798fd10fff58c0b6bfdb3fda5eaf510b1890511/detection

matvey2207api.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/1689209fe6dab791b4d7eedee0ac05cd1119328b9217ae1f2b48f66a6b7f1ef4/detection

icursos.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/8ff34b12b7a065fcb4b75e55b4ca06cfc5b40aa51afa763e881f522a534ade7b/detection

huongtra899.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/e1f53c1783e59c5a3ea7d28ceac7c74b2eb81ac850a74c1e90bd82a0314024f2/detection

frogmezserver.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/37d8371c4d5db0701605f647dda2482ae2c0383793544caaa6ac218d630e8cb4/detection

diyspecial.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/d7c16df73304c6d7c166200b0e5bf8cc0cf0701d3f49539e95efd4078a12fd44/detection

wannatalk.000webhostapp.com

# Reference: https://twitter.com/James_inthe_box/status/1435345484139286530
# Reference: https://app.any.run/tasks/46d1eb68-c229-4263-bf3f-207dbcd5d896/

http://178.250.158.47

# Reference: https://twitter.com/James_inthe_box/status/1448751827046985746
# Reference: https://app.any.run/tasks/66fad0a4-789c-4d09-bb1c-12f9ff2bb92e/

http://82.146.34.178

# Reference: https://www.virustotal.com/gui/file/4b4a3839ecf1b4103a231af600a029d5b315cedd359ec3bdfaf61bb243ae7297/detection

7539.clmonth.nyashteam.ru

# Reference: https://www.virustotal.com/gui/file/02177431b0825bf9f3d7c7d887c82494a3d1fd89f3e24d9128f126dd56f06a73/detection

95892.clmonth.nyashteam.ru

# Reference: https://www.virustotal.com/gui/file/e50d7c1551535c94387091a653d18f5ecc26b6a15c04392523fde82df61f310c/detection

f0531789.xsph.ru

# Reference: https://twitter.com/WhichbufferArda/status/1581332837814636545
# Reference: https://www.virustotal.com/gui/file/72a3dffc4708d9e9eedffd81cc26ca19df813db423e848bbaf092540d9e36eab/detection

bayraktar.fun

# Reference: https://twitter.com/pmelson/status/1585699881905451008
# Reference: https://www.virustotal.com/gui/file/49a59c92e9c1876828015fa1985132058e1ac023a196c2942ebef409789bb356/detection

141.255.147.241:8973

# Reference: https://twitter.com/tosscoinwitcher/status/1586061272197476352
# Reference: https://www.virustotal.com/gui/file/005ca7fcb95236a3ae86e744c9d9b41ad97e74205ca5c2151e60abd4676fbd66/detection

http://188.120.244.159
/lineCentralTo0/Voiddb0Request8/7centralPrivate/
/Request1/0/universalDefaulthttp/
/Request9Multi6/ApigeotempProtect/GeneratorLineServer/
/Request9Multi6/
/Voiddb0Request8/

# Reference: https://www.virustotal.com/gui/file/02dd2d41ea02bee1d7a6505fa299cacb41024a6c6a1b2eb9e43597bc1b5854b1/detection

a0724321.xsph.ru
/PythonprotectLinuxAsync.php

# Reference: https://www.virustotal.com/gui/file/041bd486fefe872019f748d66a7d5dee4b097d4b222c320ce94f89133b6860a6/detection

http://194.58.98.53
/ExternalRequestpollsqlasync.php

# Reference: https://www.virustotal.com/gui/file/053f31bae67a9d04b92b11e54981618f7da49b9d4b77344babaebd7773fc76b1/detection

a0571604.xsph.ru
/imageApiDefaultflower.php

# Reference: https://www.virustotal.com/gui/file/0051ad484af03c603e1c10dd3b70f700faee7d46e86fe3467ed393bf18249a7b/detection

malenkybabejon.xyz

# Reference: https://www.virustotal.com/gui/file/08b2434fa33b35c428fb85e938fed0d6d715b5e46806bbe2d130ebb0ed2df614/detection

http://13.90.128.253

# Reference: https://www.virustotal.com/gui/file/ae3b4897a288a41ec73e1a6b94ce89b982a35e4ee754208e035877ed27ad17a8/detection

103.151.123.121:8890
toff7857.duckdns.org

# Reference: https://www.virustotal.com/gui/file/a6f9c3a7f821cad5b2095915c015fce09729cb2f4637c1ee002dd8f3ec951a81/detection

103.151.123.121:8895
moneyinthemaking33.duckdns.org

# Reference: https://www.virustotal.com/gui/file/1e01bacfc305cac510024cfd91980e72f7f162f3feb017637d43b013195e13ee/detection

dthaurs.duckdns.org
gdbsty.duckdns.org
makingthomas9.duckdns.org
medelinemellinger.duckdns.org
morningb006.duckdns.org

# Reference: https://www.virustotal.com/gui/file/05c5855645215f25843fb116d4ad622331599e6823c1ac08e26b3ec016462c00/detection

a0642773.xsph.ru
/processoruniversalpublic.php

# Reference: https://www.virustotal.com/gui/file/0fb1da58743a6a21376c4d513e4e8dd39e176719b9f89551c94a88e21b58922d/detection

a0654793.xsph.ru
/trafficdatalifewpdlepublic.php

# Reference: https://www.virustotal.com/gui/file/d4b5239cf81c54d406e6f208359145d7ea1fb429a3a245e2c805161d761737de/detection

a0740712.xsph.ru

# Reference: https://www.virustotal.com/gui/file/04d48912fee541a1dcec802ac9065a91cfb75114fdea1edd43b8a4a9d538299d/detection

193.149.3.239:1938
liteshare.co
one.liteshare.co

# Reference: https://www.virustotal.com/gui/file/0000ad0538e40f2c6a61df90552b1603a05556a620dd5e09d07c0d4cf6b329d2/detection

a0741693.xsph.ru

# Reference: https://www.virustotal.com/gui/file/23fda5b36c96f2c2e7e5ae8a0ba46eee0b898fa97c95b522bef284134b78e21b/detection

a0751745.xsph.ru

# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-12-29-IOCs-for-malware-from-fake-Adobe-Reader-page.txt
# Reference: https://www.joesandbox.com/analysis/775734?idtype=analysisid
# Reference: https://www.virustotal.com/gui/file/37082f0b757d6c249b870c29872a9bf8e38e344150735d9b6d2a64364b18b226/detection

78.47.195.75:4448
78.47.195.75:4449
adobereaders.co
bravebrowsers.cc
system-checki.com

# Reference: https://twitter.com/suyog41/status/1612421819646226432
# Reference: https://www.virustotal.com/gui/file/aa7329f9d3c9b4c1620182c9697b905ce03819a6b538d8c5e70142a6aad4e712/detection

http://149.154.68.247
/PollProcessvoiddb/Cpu5js/lowserverflowerCdn.php
/PollProcessvoiddb/Cpu5js/
/PollProcessvoiddb/
/lowserverflowerCdn.php

# Reference: https://www.virustotal.com/gui/file/2f2d38c73fd78cfbb16fe47b098400197de6021d58038fdc49679a4b756463e3/detection

18.228.115.60:11104
18.229.146.63:11104
18.229.248.167:11104
18.229.94.15:11104
18.231.93.153:11104
52.67.169.190:11104
52.67.76.246:11104
54.94.248.37:11104

# Reference: https://www.virustotal.com/gui/file/4a8ccf53b785ab0ee93db39aaa6d656c19a7705d5a38f298a6bc5fa8250995f3/detection

http://135.181.83.211
/cpugamedefaultsqlDatalife.php

# Reference: https://www.virustotal.com/gui/file/b2d97d507306f7abbed7ca882340f456a17cdf176488faa8f8e0741019300d78/detection

http://212.113.106.79

# Reference: https://twitter.com/ScumBots/status/1621223797071175682
# Reference: https://www.virustotal.com/gui/file/4f23c0742d9a19732acdcc777b4168366d4762b7f9fa553d1dbc62b68378cc97/detection

20.197.196.201:7749
intrudernomercy.duckdns.org

# Reference: https://www.virustotal.com/gui/file/6cff73a9a97ff3955d44e35310ccec01847143a9e70678f685840d7c8ad25971/detection

ca22859.tw1.ru
/ProcessorauthTestLocal.php

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/

http://109.107.189.197
http://109.172.44.182
http://109.248.42.13
http://121.40.81.65
http://130.255.170.91
http://135.181.106.220
http://135.181.164.113
http://135.181.99.197
http://136.243.179.74
http://141.94.188.141
http://142.132.182.134
http://145.239.27.225
http://146.19.207.252
http://146.19.207.58
http://146.19.233.133
http://146.19.24.118
http://147.182.195.133
http://148.251.242.103
http://149.154.64.5
http://149.154.65.218
http://149.154.66.74
http://149.154.67.30
http://149.154.68.117
http://149.154.69.71
http://149.154.70.15
http://149.154.71.242
http://151.248.117.210
http://151.248.121.68
http://159.65.31.64
http://162.55.170.203
http://162.55.33.151
http://164.92.181.85
http://165.22.23.36
http://167.235.28.213
http://167.235.57.39
http://167.88.170.23
http://172.104.4.99
http://172.245.10.88
http://176.113.82.46
http://176.124.200.25
http://176.124.201.32
http://176.126.103.159
http://176.126.103.211
http://176.126.103.47
http://176.31.32.199
http://176.57.69.97
http://176.99.12.128
http://178.154.196.48
http://178.20.47.110
http://178.250.156.239
http://178.250.156.30
http://178.250.157.127
http://178.250.157.16
http://178.250.158.26
http://178.250.158.55
http://178.250.159.150
http://178.250.159.206
http://178.250.159.50
http://178.250.247.22
http://179.43.175.120
http://185.103.254.119
http://185.104.248.184
http://185.106.92.40
http://185.112.83.126
http://185.112.83.48
http://185.12.126.186
http://185.143.220.212
http://185.146.156.142
http://185.146.156.144
http://185.156.72.35
http://185.16.38.98
http://185.16.39.123
http://185.174.136.169
http://185.174.136.187
http://185.189.12.109
http://185.189.13.15
http://185.197.75.85
http://185.204.0.144
http://185.206.214.155
http://185.213.211.238
http://185.219.40.39
http://185.224.135.74
http://185.229.66.123
http://185.233.38.221
http://185.233.80.179
http://185.235.218.66
http://185.241.61.111
http://185.246.65.133
http://185.246.65.20
http://185.246.65.77
http://185.246.65.81
http://185.246.66.170
http://185.246.67.84
http://185.251.90.27
http://185.43.4.142
http://185.43.4.223
http://185.43.4.27
http://185.43.4.31
http://185.43.5.151
http://185.43.5.62
http://185.43.5.75
http://185.43.6.111
http://185.43.6.68
http://185.43.7.221
http://185.46.10.199
http://185.5.248.148
http://185.51.246.172
http://185.60.134.186
http://185.92.149.245
http://188.120.224.116
http://188.120.224.97
http://188.120.225.216
http://188.120.225.47
http://188.120.226.13
http://188.120.228.186
http://188.120.229.72
http://188.120.231.113
http://188.120.231.63
http://188.120.233.209
http://188.120.235.7
http://188.120.236.137
http://188.120.237.72
http://188.120.240.211
http://188.120.241.206
http://188.120.243.11
http://188.120.244.227
http://188.120.244.38
http://188.120.246.154
http://188.120.246.49
http://188.120.248.214
http://188.120.253.98
http://188.120.254.194
http://188.120.254.81
http://188.225.72.109
http://188.93.233.120
http://192.95.55.233
http://193.106.191.180
http://193.108.113.28
http://193.109.78.76
http://193.124.22.2
http://193.124.22.3
http://193.188.23.169
http://193.233.48.42
http://193.233.49.76
http://194.147.90.111
http://194.163.190.76
http://194.190.152.128
http://194.190.153.34
http://194.226.121.128
http://194.226.121.164
http://194.226.121.83
http://194.26.229.18
http://194.26.229.23
http://194.26.229.54
http://194.26.229.65
http://194.36.177.74
http://194.36.177.98
http://194.40.243.101
http://194.5.78.193
http://194.61.52.49
http://194.67.110.48
http://194.67.111.145
http://194.67.119.11
http://194.67.67.104
http://194.67.67.43
http://194.67.74.169
http://194.67.87.32
http://194.67.92.230
http://194.67.92.38
http://194.87.186.10
http://194.87.199.77
http://194.87.214.216
http://194.87.216.2
http://194.87.216.73
http://194.87.218.122
http://194.87.219.243
http://194.87.232.197
http://194.87.237.68
http://194.87.31.20
http://194.87.62.41
http://194.87.82.229
http://195.133.1.180
http://195.133.1.65
http://195.133.75.174
http://195.133.75.213
http://195.133.75.27
http://195.133.88.26
http://195.140.146.115
http://195.140.147.188
http://195.3.223.215
http://195.3.223.218
http://195.3.223.79
http://2.56.59.225
http://2.57.186.38
http://20.113.82.15
http://20.26.196.182
http://207.148.109.186
http://209.209.113.33
http://212.109.192.100
http://212.109.195.180
http://212.109.198.236
http://212.113.116.24
http://212.162.153.128
http://212.192.14.24
http://213.159.214.231
http://217.114.43.68
http://217.25.95.234
http://217.28.221.151
http://217.28.223.117
http://23.137.249.17
http://23.227.193.58
http://3.122.113.204
http://3.123.129.109
http://3.249.182.164
http://31.129.22.12
http://31.172.66.22
http://31.184.249.5
http://31.24.87.18
http://31.24.87.49
http://31.42.177.7
http://37.143.12.118
http://37.143.9.37
http://37.220.86.127
http://37.220.87.84
http://37.228.93.151
http://37.230.112.51
http://37.230.113.176
http://37.230.113.20
http://37.230.113.43
http://37.230.113.82
http://37.230.116.166
http://37.230.117.59
http://37.252.1.137
http://37.46.130.13
http://37.46.130.214
http://37.46.131.62
http://37.46.133.171
http://37.46.134.156
http://38.242.133.44
http://38.242.207.140
http://45.124.115.20
http://45.128.234.216
http://45.132.1.186
http://45.137.65.70
http://45.140.147.119
http://45.141.100.241
http://45.141.76.106
http://45.141.79.87
http://45.142.122.12
http://45.142.36.241
http://45.144.2.118
http://45.15.157.11
http://45.153.186.205
http://45.153.229.94
http://45.156.84.108
http://45.63.74.55
http://45.8.158.146
http://45.81.227.27
http://45.82.13.18
http://45.83.122.110
http://45.83.194.100
http://45.83.194.102
http://45.86.229.156
http://45.93.200.140
http://46.148.114.84
http://46.151.30.40
http://46.175.145.60
http://46.175.150.73
http://46.3.197.42
http://46.3.197.86
http://46.3.199.118
http://46.3.199.52
http://46.30.45.25
http://47.254.235.229
http://47.96.64.30
http://5.101.44.217
http://5.63.154.100
http://5.63.159.147
http://51.161.64.200
http://51.210.69.65
http://51.250.37.171
http://51.250.8.242
http://51.38.92.34
http://51.91.193.177
http://62.109.0.205
http://62.109.1.128
http://62.109.1.226
http://62.109.10.87
http://62.109.12.97
http://62.109.13.12
http://62.109.15.235
http://62.109.16.69
http://62.109.17.127
http://62.109.2.209
http://62.109.2.36
http://62.109.20.14
http://62.109.21.205
http://62.109.23.37
http://62.109.25.235
http://62.109.26.135
http://62.109.27.119
http://62.109.27.237
http://62.109.28.158
http://62.109.28.7
http://62.109.30.213
http://62.109.30.9
http://62.109.31.158
http://62.109.31.200
http://62.109.31.35
http://62.109.4.67
http://62.109.5.198
http://62.109.5.68
http://62.109.5.72
http://62.109.8.21
http://62.109.8.37
http://62.109.9.201
http://62.113.110.142
http://62.113.118.176
http://62.113.96.135
http://62.217.176.20
http://62.84.97.90
http://64.225.102.136
http://65.109.63.235
http://65.21.251.86
http://77.246.158.136
http://77.246.158.191
http://77.246.158.205
http://77.55.208.121
http://77.73.131.144
http://77.73.131.194
http://77.73.133.58
http://77.73.133.75
http://77.91.124.246
http://77.91.68.78
http://77.91.77.179
http://78.24.216.186
http://78.24.218.129
http://78.24.219.249
http://78.24.220.207
http://78.24.220.74
http://78.24.221.170
http://78.24.222.67
http://78.24.222.9
http://78.24.223.39
http://78.24.223.53
http://79.110.52.107
http://79.124.56.6
http://79.137.196.92
http://79.137.202.179
http://79.174.12.172
http://79.174.12.29
http://79.174.13.54
http://80.66.64.164
http://80.66.79.39
http://80.66.79.5
http://80.66.79.51
http://80.78.241.48
http://80.78.247.142
http://80.78.251.115
http://80.85.142.179
http://80.87.192.227
http://80.87.192.58
http://80.87.194.58
http://80.87.194.76
http://80.87.196.100
http://80.87.196.254
http://80.87.197.225
http://80.87.198.211
http://80.87.198.76
http://80.87.199.172
http://80.87.199.19
http://80.87.200.238
http://80.87.201.177
http://80.87.201.178
http://80.87.202.58
http://80.87.202.7
http://80.87.202.92
http://81.19.140.16
http://81.200.152.41
http://82.115.223.17
http://82.115.223.92
http://82.146.33.148
http://82.146.34.194
http://82.146.34.244
http://82.146.35.75
http://82.146.38.48
http://82.146.41.71
http://82.146.42.247
http://82.146.43.104
http://82.146.43.67
http://82.146.45.68
http://82.146.45.7
http://82.146.46.170
http://82.146.46.51
http://82.146.47.144
http://82.146.48.150
http://82.146.48.223
http://82.146.48.233
http://82.146.49.100
http://82.146.52.151
http://82.146.52.198
http://82.146.52.200
http://82.146.52.217
http://82.146.53.241
http://82.146.54.148
http://82.146.54.219
http://82.146.55.100
http://82.146.55.21
http://82.146.56.217
http://82.146.56.24
http://82.146.56.83
http://82.146.58.86
http://82.146.59.136
http://82.146.59.195
http://82.146.60.81
http://82.146.61.207
http://82.146.62.116
http://82.146.63.142
http://82.148.30.111
http://83.136.232.133
http://83.136.232.155
http://83.136.232.228
http://83.136.232.237
http://83.136.232.25
http://83.136.233.84
http://83.220.168.32
http://83.220.168.58
http://83.220.170.162
http://83.220.172.137
http://83.220.172.179
http://83.220.173.110
http://83.220.173.145
http://83.220.173.194
http://83.220.175.103
http://83.220.175.138
http://84.32.190.8
http://85.192.41.4
http://85.192.63.166
http://85.193.80.152
http://85.31.46.137
http://86.110.212.160
http://87.236.146.103
http://87.251.77.205
http://88.210.9.215
http://89.107.10.225
http://89.108.102.163
http://89.108.115.110
http://89.108.76.178
http://89.108.81.97
http://89.108.88.227
http://89.185.85.200
http://89.208.142.177
http://89.23.110.215
http://89.23.97.43
http://89.23.97.74
http://89.41.182.81
http://91.151.88.63
http://91.201.112.111
http://91.209.226.36
http://91.219.62.158
http://91.227.113.154
http://91.240.84.249
http://91.240.86.94
http://91.242.229.77
http://91.243.59.65
http://91.245.227.34
http://92.255.107.243
http://92.53.71.105
http://92.63.101.174
http://92.63.101.82
http://92.63.102.68
http://92.63.103.35
http://92.63.104.181
http://92.63.104.237
http://92.63.104.240
http://92.63.104.30
http://92.63.104.47
http://92.63.104.96
http://92.63.106.232
http://92.63.106.249
http://92.63.106.6
http://92.63.107.12
http://92.63.192.101
http://92.63.192.33
http://92.63.96.83
http://92.63.97.118
http://92.63.97.158
http://92.63.97.168
http://92.63.97.36
http://92.63.99.234
http://94.103.81.144
http://94.103.81.146
http://94.103.81.174
http://94.103.82.132
http://94.103.92.207
http://94.124.78.86
http://94.131.96.44
http://94.142.142.6
http://94.23.190.57
http://94.250.249.169
http://94.250.250.160
http://94.250.252.221
http://94.250.252.243
http://94.250.253.4
http://94.250.254.158
http://94.250.254.199
http://94.250.254.43
http://94.250.254.50
http://94.250.255.214
http://94.250.255.250
http://95.142.43.115
http://95.143.179.155
http://95.163.233.217
http://95.214.53.31
http://95.217.99.28
102.140.196.34:3851
103.133.105.61:1338
103.133.105.61:8848
185.70.104.53:3861
194.26.229.33:85
209.151.144.77:443
91.193.75.139:5900
91.193.75.152:7196
91.193.75.175:9217
91.193.75.235:5900
91.193.75.244:5900
042832.clmonth.nyashteam.top
043659.clmonth.nyashteam.top
077147.clmonth.nyashteam.top
101583.clmonth.nyashteam.top
12342.clmonth.nyashteam.ru
12418.clmonth.nyashteam.ru
12748.clmonth.nyashteam.ru
14888.clmonth.nyashteam.ru
151-248-118-14.cloudvps.regruhosting.ru
158447.clmonth.nyashteam.top
16530.clmonth.nyashteam.ru
171304.clmonth.nyashteam.top
188726.clmonth.nyashteam.top
191151.clmonth.nyashteam.top
191191.cllt.nyashteam.top
194-58-107-59.cloudvps.regruhosting.ru
194-67-90-137.cloudvps.regruhosting.ru
198939.clmonth.nyashteam.top
2030.clmonth.nyashteam.ru
22865.clmonth.nyashteam.ru
22866.clmonth.nyashteam.ru
23457.clmonth.nyashteam.ru
23558.clmonth.nyashteam.ru
24820.clmonth.nyashteam.ru
24824.clmonth.nyashteam.ru
248706.clmonth.nyashteam.top
25066.clmonth.nyasht.ml
26150.clmonth.nyashteam.ru
273709.clmonth.nyashteam.top
28049.clmonth.nyashteam.ru
281429.clmonth.nyashteam.top
286216.clmonth.nyashteam.top
28747.clmonth.nyashteam.ml
29035.clmonth.nyashteam.ru
310246.clmonth.nyashteam.top
32589.clmonth.nyashteam.ml
32589.clmonth.nyashteam.ru
32836.clmonth.nyashteam.ru
336522.clmonth.nyashteam.top
33811.clmonth.nyashteam.ru
33866.clmonth.nyashteam.ru
341560.clmonth.nyashteam.top
344968.clmonth.nyashteam.top
34843.clmonth.nyashteam.ru
34845.clmonth.nyashteam.ru
349733.clmonth.nyashteam.top
355969.clmonth.nyashteam.top
37-140-195-166.cloudvps.regruhosting.ru
372260.clmonth.nyashteam.top
384445.clmonth.nyashteam.top
39841.clmonth.nyashteam.ru
40211.clmonth.nyashteam.ru
403267.clmonth.nyashteam.top
41028.clmonth.nyashteam.ru
43425.clmonth.nyashteam.ml
456445.clmonth.nyashteam.top
468840.clmonth.nyashteam.top
471120.clmonth.nyashteam.top
481372.clmonth.nyashteam.top
48808.clmonth.nyashteam.ru
48944.cllt.nyashteam.top
49856.clmonth.nyashteam.ml
51165.clmonth.nyashteam.top
525803.clmonth.nyashteam.top
55441.clmonth.nyashteam.ru
55555.clmonth.nyashteam.ml
561706.clmonth.nyashteam.top
58261.clmonth.nyashteam.ru
583848.clmonth.nyashteam.top
58561.clmonth.nyashteam.ru
5b5t.servegame.com
618239.clmonth.nyashteam.top
61839.clmonth.nyashteam.ru
64198.clmonth.nyashteam.ml
64372.clmonth.nyashteam.ru
64714.clmonth.nyashteam.ru
66223.clmonth.nyashteam.ru
66444.cllt.nyashteam.top
669731.clmonth.nyashteam.top
670880.clmonth.nyashteam.top
677710.clmonth.nyashteam.top
684386.clmonth.nyashteam.top
686084.clmonth.nyashteam.top
707731.clmonth.nyashteam.top
71902.clmonth.nyashteam.ru
72606.clmonth.nyashteam.ru
75419.clmonth.nyashteam.ru
76427.clmonth.nyashteam.top
76429.clmonth.nyashteam.top
76834.clmonth.nyashteam.ml
777233.clmonth.nyashteam.top
7fc3460091094336a2af4e71b7590b6e.ru
802560.clmonth.nyashteam.top
802772.clmonth.nyashteam.top
809212.clmonth.nyashteam.top
81888.cllt.nyashteam.ru
81888.cllt.nyashteam.top
82607.clmonth.nyashteam.ru
82881.clmonth.nyashteam.ru
83107.clmonth.nyashteam.ru
834532.clmonth.nyashteam.top
852543.clmonth.nyashteam.top
871356.clmonth.nyashteam.top
87550.clmonth.nyashteam.ru
88225.cllt.nyashteam.ru
88300.clmonth.nyashteam.ru
88314.cllt.nyashteam.top
88730.clmonth.nyashteam.ru
888888.cllt.nyashteam.top
896447.clmonth.nyashteam.top
90465.clmonth.nyashteam.ml
904927.clmonth.nyashteam.top
91898.clmonth.nyashteam.ru
93404.clmonth.nyashteam.ru
947425.clmonth.nyashteam.top
948166.clmonth.nyashteam.top
956787.clmonth.nyashteam.top
95892.clmonth.nyashteam.site
982918.clmonth.nyashteam.top
9837.cllt.nyashteam.ru
98612.clmonth.nyashteam.ru
98765.clmonth.nyashteam.ru
98875.clmonth.nyashteam.ru
989673.clmonth.nyashteam.top
99099.clmonth.nyashteam.ml
99944.clmonth.nyashteam.ru
a-plague-tale.top
a0561607.xsph.ru
a0561978.xsph.ru
a0562386.xsph.ru
a0562792.xsph.ru
a0566780.xsph.ru
a0567317.xsph.ru
a0582236.xsph.ru
a0594391.xsph.ru
a0603308.xsph.ru
a0613321.xsph.ru
a0615510.xsph.ru
a0632115.xsph.ru
a0632804.xsph.ru
a0635682.xsph.ru
a0638710.xsph.ru
a0639268.xsph.ru
a0639896.xsph.ru
a0642012.xsph.ru
a0642085.xsph.ru
a0642285.xsph.ru
a0643725.xsph.ru
a0643994.xsph.ru
a0646475.xsph.ru
a0647213.xsph.ru
a0648010.xsph.ru
a0653501.xsph.ru
a0655106.xsph.ru
a0656330.xsph.ru
a0678146.xsph.ru
a0682348.xsph.ru
a0684190.xsph.ru
a0689393.xsph.ru
a0693837.xsph.ru
a0694489.xsph.ru
a0694602.xsph.ru
a0697183.xsph.ru
a0697279.xsph.ru
a0698517.xsph.ru
a0699063.xsph.ru
a0701472.xsph.ru
a0702131.xsph.ru
a0702220.xsph.ru
a0702895.xsph.ru
a0703811.xsph.ru
a0705512.xsph.ru
a0706778.xsph.ru
a0706896.xsph.ru
a0707468.xsph.ru
a0709203.xsph.ru
a0709573.xsph.ru
a0712169.xsph.ru
a0712674.xsph.ru
a0713666.xsph.ru
a0717143.xsph.ru
a0719318.xsph.ru
a0723621.xsph.ru
a0724768.xsph.ru
a0728179.xsph.ru
a0728273.xsph.ru
a0728298.xsph.ru
a0729054.xsph.ru
a0729543.xsph.ru
a0730110.xsph.ru
a0730393.xsph.ru
a0730546.xsph.ru
a0730923.xsph.ru
a0736143.xsph.ru
a0739347.xsph.ru
a0741539.xsph.ru
a0744037.xsph.ru
a0756235.xsph.ru
a0756488.xsph.ru
a0758190.xsph.ru
a0761206.xsph.ru
a0761701.xsph.ru
a0761996.xsph.ru
a0764072.xsph.ru
a0765835.xsph.ru
a0769200.xsph.ru
a0771106.xsph.ru
a0772555.xsph.ru
a0776567.xsph.ru
a0780562.xsph.ru
a0784310.xsph.ru
a0787727.xsph.ru
a0788683.xsph.ru
a0794138.xsph.ru
a0794203.xsph.ru
a0802004.xsph.ru
access.samp-loader.ru
app.squidgame.to
armannl5.beget.tech
barsukk676.duckdns.org
battletw.beget.tech
bigboxt5.beget.tech
bksdk.jsonwf.pw
blamblambla.cyberhost.ml
blockchainc.us
blockchainsync.us
bunkovb3.beget.tech
ca04510.tw1.ru
ca50999.tmweb.ru
ca69244.tw1.ru
cb93602.tw1.ru
cd44093.tmweb.ru
ce30512.tmweb.ru
ce48662.tmweb.ru
cf90664.tmweb.ru
ch14079.tmweb.ru
chamilqn.beget.tech
cheathub.space
cheatinghub.com
ck43536.tmweb.ru
ck44758.tw1.ru
cm07739.tmweb.ru
cm71694.tw1.ru
cm87547.tw1.ru
cm97018.tmweb.ru
cortez.cyberhost.ml
cp48625.tmweb.ru
cs78629.tmweb.ru
csomundibash.ru
cu59983.tw1.ru
cv44623.tw1.ru
cw31476.tw1.ru
cw55706.tw1.ru
cx15642.tmweb.ru
cz09685.tw1.ru
cz81401.tw1.ru
darksrystalryk.com.swtest.ru
david79t.beget.tech
dcbiorlov.shop
dcmobina.duckdns.org
dcrat.host
ddergaixyi.site
devil137.ru
domain2424242.ru.host1855822.serv80.hostland.pro
domdain2.co.vu
duhgfb6e.beget.tech
e908170j.beget.tech
era-paradise.ru
expl01t.tk
f0571616.xsph.ru
f0629544.xsph.ru
f0633137.xsph.ru
f0639494.xsph.ru
f0653783.xsph.ru
f0681920.xsph.ru
f0713677.xsph.ru
f0715481.xsph.ru
f0772589.xsph.ru
f0786544.xsph.ru
fioradro.cyberhost.cf
forusualworkwithpeople.space
funnym78.beget.tech
furiosgr.isp26.admintest.ru
g35hn83489.tmweb.ru
h158013.srv16.test-hf.su
h162295.srv13.test-hf.su
h162345.srv12.test-hf.su
haivo.co.zw
haskers.ru
hesoyam.space
imhaacja.beget.tech
jokerkqc.beget.tech
kadyeri.cyberhost.cf
kasikkar.beget.tech
kykelone.cyberhost.ml
kyrainkg.beget.tech
l96588w5.beget.tech
leshaed5.beget.tech
limfunsto.site
lkofkkkkfkjjsfh.drive-35.ru
lubluabobu.com
marspaste.com
metacryptobot.com
msmpeng.cyberhost.ml
n953700o.beget.tech
nestell.cyberhost.ml
neverchurka.ml
newdfhfgdjmfgjm.store
nftbanger.ru
nikitabon2.temp.swtest.ru
nulledgames.fun
pashkis.beget.tech
phoenass.cyberhost.ml
play-varryal.online
policefbr.linkpc.net
portfolioksk.xyz
rapidtestdr.com
rfewkfnr234.cf
s18senfg.beget.tech
sashaplays5.ru.com
sdwasdwads.tk
shrekforever.tk
softportal.tk
soubmaag.beget.tech
srv174492.hoster-test.ru
svinlasf.ru
tcp.viewdns.net
tomattolittle.su
trenbalon.cyberhost.ml
u1174726leb.ha004.t.justns.ru
u13794788m.ha003.t.justns.ru
u1638884.plsk.regruhosting.ru
u1721466.trial.reg.site
ulihkapc.beget.tech
universalwordpress.site
usehvhgf.beget.tech
vaynhaqt.beget.tech
vbhfghgfjjfgd.online
vkggttin.beget.tech
vlaadblp.beget.tech
whatipedia.org
windowsign.theworkpc.com
wp.banjaro.de
xxhdftgjftgkjfgk.site
y5z2870c.beget.tech
ya-ebal-reg-ru-v-rot.site
yadrochy.ru.com
ytdjfugjwtruykjhgf.sytes.net
zamineserver.online
zebra1987.fvds.ru
zorz1337.xyz

# Reference: https://www.virustotal.com/gui/file/544248eab18c06346bb6819c0763ba2ed7a7f89fc98ae37e7b74e21f2393dcbb/detection

a0684985.xsph.ru
/providerpollPackettemp.php

# Reference: https://twitter.com/crep1x/status/1638596454087368708
# Reference: https://www.virustotal.com/gui/file/7606edcf0491794b631f9aaf1a7e34fd0960e542d30614b562c8423afc86e2c1/detection

nyvhpww3.beget.tech
/dc/apiMultitemp.php

# Reference: https://www.virustotal.com/gui/file/04f46cc5cc7dfab4b587bedd1663d868b9c6c53998dccfbbff7594a8cab4bcf7/detection

http://37.46.130.3

# Reference: https://www.virustotal.com/gui/file/ebdf74f5b6e0b49bdb471dc9c908c5b741ed113049744328af8f73aec4f57b67/detection

http://195.123.246.86

# Reference: https://www.virustotal.com/gui/file/930261f96fe4393d9e4bef23d4eb932b33d1f0f957d9483f6da2dca3767f750b/detection
# Reference: https://www.virustotal.com/gui/file/8cafad64caf5dcac0117b5bd535782280375ea68eb28be0d8421f61b03e2c641/detection

/LinejavascriptDb.php

# Reference: https://www.virustotal.com/gui/file/0aca0b24374538efda88f17bbe3ed4d0adcb9c361552af5b45d83d858b253dbd/detection

http://62.109.15.166

# Reference: https://blog.bushidotoken.net/2023/05/fake-steam-desktop-authenticator-app.html

gllthub.com
glthub.org
gthub.org
steamauthenticator.net
steamdesktopauthenticator.net
steamdesktopauthenticator.org
steamdesktopauthenticator.ru

# Reference: https://www.virustotal.com/gui/file/2d2211d9266e7080e6e12d150829935a3f0794e4d499199f9c7480de02b458d7/detection

http://141.95.84.40

# Reference: https://www.virustotal.com/gui/file/b31c082dea750e9be6e1cf866efaef2c129e836c5db54198089a8745c79a4569/detection

173.44.50.86:7788
flugrekorder.duckdns.org

# Reference: https://www.virustotal.com/gui/file/6a8ea9c4a9200f1dc374e7a60ffaf6ac6399bccf17eeb3c0c7ebe047ee9e6843/detection
# Reference: https://www.virustotal.com/gui/file/a16465e149e3d655f042fe17721a93f54c9db0ce45cc09b7152fbd4710f71b78/detection
# Reference: https://www.virustotal.com/gui/file/aa44b193e2eb0046c55dc1a78fed298c361f06835256504ff42db39c5692df10/detection

20.200.63.2:2525
asegurarq.duckdns.org
envio2023junio.duckdns.org
hjgeuyiohfkjsdfhgiwe.duckdns.org

# Reference: https://www.virustotal.com/gui/file/f1e5829e0f9473127d72559e3f811dcb5158d22e09eb4925ef27c7ada864fe6f/detection

191.89.243.236:4242
moneymaker.dynuddns.net

# Reference: https://www.virustotal.com/gui/file/df7a8962331cc5a23cd13744420aa91547cfc085950d22ab1b7e4f298b2ee0ab/detection

179.13.3.110:2356
promotores14.duckdns.org

# Reference: https://www.virustotal.com/gui/file/7b1bb2682a37f2a3f5aa1de69eed5ba5b44debe322b0409ce261492751c01f5f/detection
# Reference: https://www.virustotal.com/gui/file/db56ca34b934ee56d33478d16413a49d78a7671fd92c9a7a9444c48469030520/detection

179.13.3.110:7575
neweraimporta1.duckdns.org
newroda2023.duckdns.org

# Reference: https://www.virustotal.com/gui/file/6c64cb817eb68c8fd0f051b00fcb20a0a28e26062d06eebe2502d8e8077c6116/detection

74.119.194.154:2060
distributework.theworkpc.com

# Reference: https://www.virustotal.com/gui/file/eb61309bd790110928277bed37961dbd7dfd8360286c670fbc100fd0c4623c32/detection

52.152.223.228:8848
newforting.duckdns.org

# Reference: https://www.virustotal.com/gui/file/b5a07ffef279e824561d2fb7c6f3f8f2ce86f8fd407fd091820fa35f4dc3a99a/detection

185.106.93.148:2020

# Reference: https://www.virustotal.com/gui/file/f0708715c7c8fbd9e77083048adf331c8be83a2049863a8e71cbf63353ab45a0/detection

154.29.75.191:2027
avsdefender.giize.com

# Reference: https://twitter.com/drb_ra/status/1683550086104489985

191.101.3.50:8848

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-07-25)

http://109.172.83.121
http://113.30.150.52
http://138.128.242.147
http://149.154.64.92
http://159.89.232.82
http://176.37.97.210:81
http://178.250.156.210
http://185.112.144.202
http://185.146.156.56
http://185.146.157.245
http://185.146.157.98
http://185.20.227.154
http://185.43.4.203
http://185.46.46.139
http://188.120.226.231
http://188.120.227.150
http://188.120.233.131
http://188.120.233.146
http://188.120.233.42
http://188.120.236.114
http://188.120.251.253
http://188.225.58.206
http://188.225.58.220
http://193.124.92.72
http://193.233.164.54
http://194.26.229.33:85
http://194.58.92.23
http://212.109.194.187
http://212.109.195.44
http://212.109.199.150
http://212.224.113.92
http://217.144.103.26
http://217.196.96.4
http://31.41.221.82
http://37.230.116.57
http://37.46.129.39
http://37.46.134.225
http://45.12.238.157
http://45.140.147.214
http://45.153.68.9
http://45.8.230.157
http://45.91.8.171
http://46.149.77.33
http://46.175.146.110
http://5.161.143.111
http://5.252.118.26
http://5.42.65.49
http://62.109.12.5
http://62.109.17.54
http://62.109.22.191
http://62.109.27.71
http://62.113.96.239
http://77.73.131.120
http://77.91.72.151
http://79.132.140.15
http://79.137.202.118
http://79.137.207.211
http://80.78.251.51
http://80.87.192.174
http://80.90.185.107
http://82.146.36.3
http://82.146.43.250
http://82.165.114.107
http://83.220.174.44
http://89.185.85.106
http://89.191.228.213
http://89.23.96.74
http://89.23.97.153
http://92.255.107.38
http://92.51.36.155
http://92.63.107.224
http://92.63.189.63
http://92.63.193.111
http://92.63.193.81
http://92.63.97.185
http://94.131.112.154
1.165.96.128:4480
1.242.139.44:8848
103.144.148.219:8080
103.146.78.130:8848
103.170.118.35:8848
103.186.108.229:14567
103.186.108.229:8848
104.219.234.167:8848
109.195.94.247:8848
111.229.139.47:8848
112.213.98.87:8848
120.78.151.171:7777
120.78.151.171:7788
124.72.246.78:6079
134.255.216.148:80
139.180.143.50:8848
141.95.84.40:112
142.202.242.168:8848
142.202.242.168:9898
144.126.230.14:102
144.126.230.14:1111
144.126.230.14:6666
154.53.42.53:8848
172.111.236.107:8848
172.94.103.171:8848
177.255.88.252:5022
179.43.154.184:8888
179.61.251.188:8848
185.225.18.110:2100
185.241.208.121:9898
185.246.222.117:8000
191.101.3.50:8848
192.99.10.207:8848
193.42.32.159:8848
194.26.192.203:5050
194.59.31.109:8848
194.87.218.64:8818
194.87.218.64:8828
194.87.218.64:8878
20.199.73.159:1024
20.216.162.185:1024
20.216.165.135:1024
20.216.178.113:1024
20.223.128.97:1337
206.238.221.30:8848
209.25.142.180:5569
3.6.30.85:10048
34.92.66.146:8848
37.18.62.18:8060
37.187.222.230:8848
38.242.139.217:8848
40.114.223.144:1337
40.87.50.159:1337
41.62.221.74:90
43.243.111.229:8848
45.144.154.62:1938
45.74.7.10:8848
45.77.175.130:8848
45.77.34.211:8686
45.77.34.211:8848
45.77.34.211:9999
45.92.1.155:8848
45.95.19.170:8848
45.95.19.172:8848
45.95.19.173:8848
45.95.19.174:8848
46.23.96.131:8848
47.106.131.255:8848
47.254.75.102:4444
5.178.3.191:8848
52.186.31.169:1337
64.176.43.239:8848
64.44.166.203:8848
77.92.154.211:1337
83.229.83.102:1337
87.121.221.220:8848
89.211.209.74:8080
89.23.101.37:1337
89.23.96.202:8838
91.227.113.154:12345
91.227.113.154:8848
94.124.192.220:8848
95.179.128.208:8080
95.179.128.208:8081
95.179.128.208:8089
95.214.26.63:6666
95.214.26.63:9595
001600.clmonth.nyashteam.top
055561.clmonth.nyashteam.top
067445.clmonth.nyashteam.top
073910.clmonth.nyashteam.top
080138.clmonth.nyashteam.top
089240.clmonth.nyashteam.top
100879.clmonth.nyashteam.top
109736.clmonth.nyashteam.top
140487.clmonth.nyashteam.top
149688.clmonth.nyashteam.top
181770.clmonth.nyashteam.top
204949.clmonth.nyashteam.top
2372261.clmonth.nyashteam.top
238533.clmonth.nyashteam.top
259773.clmonth.nyashteam.top
2681291.im499886.web.hosting-test.net
268669.clmonth.nyashteam.top
306806.clmonth.nyashteam.top
333201.clmonth.nyashteam.top
375099.clmonth.nyashteam.top
495315.clmonth.nyashteam.top
507447.clmonth.nyashteam.top
5103017.lmonth.whiteproducts.ru
510922.clmonth.nyashteam.top
521187.clmonth.nyashteam.top
531810.clmonth.nyashteam.top
562620.clmonth.nyashteam.top
63120m.dccr.ru
638041.clmonth.nyashteam.top
641309.clmonth.nyashteam.top
642838.clmonth.nyashteam.top
679449.clmonth.nyashteam.top
697484.clmonth.nyashteam.top
726267.clmonth.nyashteam.top
736036.cllt.nyashteam.top
744392.cllt.nyashteam.top
759053.clmonth.nyashteam.top
76428.clmonth.nyashteam.top
766698.clmonth.nyashteam.top
767884.clmonth.nyashteam.top
798839.clmonth.nyashteam.top
846901.clmonth.nyashteam.top
86120.clmonth.nyashteam.ru
867280.clmonth.nyashteam.top
870825.clmonth.nyashteam.top
882703.clmonth.nyashteam.top
892549.clmonth.nyashteam.top
9463949.clmonth.whiteproducts.ru
965092.clmonth.nyashteam.top
97528733.clmonth.whiteproducts.ru
976400.clmonth.nyashteam.top
999309.clmonth.nyashteam.top
999593.clmonth.nyashteam.top
999952.clmonth.nyashteam.top
a0574458.xsph.ru
a0578993.xsph.ru
a0689699.xsph.ru
a0761798.xsph.ru
a0784312.xsph.ru
a0797197.xsph.ru
a0806752.xsph.ru
a0818759.xsph.ru
a0828600.xsph.ru
a0837236.xsph.ru
a0839223.xsph.ru
askeas8d.beget.tech
bookintosh.com
cb38900.tw1.ru
cc69539.tw1.ru
cd67644.tw1.ru
cg56646.tw1.ru
cl30608.tw1.ru
cl80747.tmweb.ru
cn64382.tw1.ru
co73949.tw1.ru
cr48644.tw1.ru
cs20502.tw1.ru
cs33412.tw1.ru
cv57372.tw1.ru
cw52314.tw1.ru
cy34693.tw1.ru
cy87237.tw1.ru
cz61643.tw1.ru
cz82964.tw1.ru
cz89769.tw1.ru
dreadhack.ru
i93035tu.beget.tech
kapibarka1337.kriptnhosting.ru
legend92.beget.tech
pococox.cc
ssoo1451.ddns.net
tcp.viewdns.net
vikselr4.beget.tech
vm654.loyal.sclad.network
web3174.craft-host.ru

# Reference: https://www.virustotal.com/gui/file/995904e555328bd1cdb5d04a370140fe247a8d05aa6e5b150696a2bb503ebdac/detection

10788m.dccr.ru

# Reference: https://www.virustotal.com/gui/file/f4f3d7fb398aa690d3922b26560655e3f040d606c1afa7210d36ff289bee5ee6/detection

21102m.dccr.ru

# Reference: https://www.virustotal.com/gui/file/e61fe1036cbbbc67cdd99dc094b13f1f12c3b9c29dd5054f5a33587b00d68fb0/detection

41030m.dccr.ru
48576m.dccr.ru

# Reference: https://www.virustotal.com/gui/file/4577ac39b54ab8fc029612fa4331388a6d6ebff0a7807b2224f130382ee40376/detection

60154m.dccr.ru

# Reference: https://www.virustotal.com/gui/file/3ff4bdcdb466656d9acbef32f9c022ccd9585531c4ede71f6830492681036000/detection

84688m.dccr.ru

# Reference: https://www.virustotal.com/gui/file/201d813f62d133d4112916355c1b73a258f137ff86d1b5a2eb5fe3239d2b2c5f/detection

190.211.255.106:9049
60057m.dccr.ru

# Reference: https://www.virustotal.com/gui/file/7fc956e918b4b5c29acede00f02e8d4e3ceeafcb318bbe23727372c19d6324fb/detection

61462m.dccr.ru

# Reference: https://www.virustotal.com/gui/file/8d1690fa7843bce0c255dbe02e3927936d97d45424f33eefee876de06fbdfc07/detection

60894m.dccr.ru
61124m.dccr.ru

# Reference: https://www.virustotal.com/gui/file/fcdeb5ef7fd326bd5d6d34405eae0958d07e95ccf5c5dda01f0e60fdcb9c63ab/detection

emprendimientolaboral2.duckdns.org

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-07-28)

http://78.141.213.103
172.94.103.16:8848
188.132.197.104:8848
a0832838.xsph.ru
cm32236.tw1.ru
imhaacwo.beget.tech
/imagephpSqlgeneratortemporary.php
/Jsvoiddbrequestpipe/0http/Temporarytest6Cdn/RequestServerMultiDefaultcdn.php
/Jsvoiddbrequestpipe/0http/Temporarytest6Cdn/
/Jsvoiddbrequestpipe/0http/
/Jsvoiddbrequestpipe/
/Temporarytest6Cdn/
/RequestServerMultiDefaultcdn.php

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-07-30) 

103.38.83.176:8848
176.96.137.221:2000
216.83.38.252:8848
45.12.221.10:8848
45.32.74.105:8848
52.152.223.228:1080
nyashtyan.top
211450cm.nyashtyan.top
942980cm.nyashtyan.top
a0708223.xsph.ru
a0844030.xsph.ru
cr50765.tw1.ru

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-08-01)

http://37.46.128.31
http://5.63.159.156
http://91.228.155.244
114.96.73.0:8848
akamaitechcdns.com
nyashkoon.top
213897cm.nyashtyan.top
636695lm.nyashkoon.top
736786cm.nyashtyan.top
790199cm.nyashtyan.top
cg14313.tw1.ru

# Reference: https://threatfox.abuse.ch/ioc/1146724/

079471cm.nyashtyan.top

# Reference: https://threatfox.abuse.ch/ioc/1146725/

http://82.146.48.182

# Reference: https://threatfox.abuse.ch/ioc/1146787/

400277cm.nyashtyan.top

# Reference: https://threatfox.abuse.ch/ioc/1146808/

31.210.55.202:81

# Reference: https://threatfox.abuse.ch/ioc/1148429/

http://194.87.101.56

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-08-05)

http://45.67.231.91
141.95.11.145:81
172.94.103.112:8848
073545cm.nyashkoon.top
481679cm.nyashtyan.top
856401cm.nyashkoon.top
913432cm.nyashtyan.top
/nyashsupport.php

# Reference: https://www.virustotal.com/gui/file/f84cf07bba5377a0c9f5b21252abf585d4170c40310d2b38460c4d8394e20445/detection
# Reference: https://www.virustotal.com/gui/file/65f1c8480894798b2b6223b62984a6779720768a7885c6a49ddd8529902b988a/detection
# Reference: https://www.virustotal.com/gui/file/0ec4ecd50be7f47da972d3641aab816ab4bef93a9cc01da158aae5d878109166/detection

192.154.229.64:2368
22-23asyn.servemp3.com

# Reference: https://threatfox.abuse.ch/ioc/1148927/

982407cm.nyashkoon.top

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-08-08)

379038cm.nyashkoon.top
550098cm.nyashkoon.top
998357cm.nyashkoon.top

# Reference: https://threatfox.abuse.ch/ioc/1149140/

http://154.49.137.173
/request0flower/

# Reference: https://threatfox.abuse.ch/ioc/1149156/

http://195.3.223.35

# Reference: https://threatfox.abuse.ch/ioc/1149161/

kriptonhosting.store
iwithknife.kriptonhosting.store
volksilach.kriptonhosting.store
wiwieiwiissiwi.kriptonhosting.store

# Reference: https://www.virustotal.com/gui/file/772211f2e767f8d8daf6c5f721fae0b998539bc83843ff07530be7226fb8a62d/detection

skfjsfk.kriptonhosting.store

# Reference: https://threatfox.abuse.ch/ioc/1149180/

http://5.42.92.132

# Reference: https://threatfox.abuse.ch/ioc/1149204/

832932cm.nyashtyan.top

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-08-09)

http://212.109.195.187
http://82.146.52.24
45.32.74.105:8686
a0847744.xsph.ru
318145cm.nyashkoon.top
858925lm.nyashtyan.top

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-08-11)

http://185.161.251.195
http://188.120.242.207
154.12.254.215:46452

# Reference: https://twitter.com/drb_ra/status/1690255513303289856

82.156.141.121:8848

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-08-12)

826894cm.nyashkoon.top
857224cm.nyashkoon.top
933858cm.nyashkoon.top
945478cm.nyashtyan.top
cb66024.tw1.ru

# Reference: https://threatfox.abuse.ch/ioc/1149773/

http://188.120.224.186

# Reference: https://threatfox.abuse.ch/ioc/1149785/

a0827550.xsph.ru

# Reference: https://twitter.com/drb_ra/status/1690798633715707904

159.69.64.122:8848

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-08-14)

http://15.188.64.143
http://185.182.111.66

# Reference: https://twitter.com/drb_ra/status/1691161144537337857
# Reference: https://www.virustotal.com/gui/file/0a800c35a29e5105898ca274b12dda114e08f23da75dcec3b16a809f1d0109ad/detection

179.43.154.184:591
filetransrediremin.com
/cry/11Rota

# Reference: https://twitter.com/drb_ra/status/1691342424583331840

147.185.221.181:51638

# Reference: https://threatfox.abuse.ch/ioc/1150061/

179.43.154.184:8090

# Reference: https://threatfox.abuse.ch/ioc/1150041/

http://92.63.107.173

# Reference: https://twitter.com/drb_ra/status/1691523675944837121

46.246.14.20:5050

# Reference:  https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-08-16)

http://185.189.181.87
http://188.127.231.139
http://212.118.36.238
http://45.61.188.238
http://5.42.77.211
http://51.38.163.64
http://62.109.13.186
http://62.109.25.12
http://94.156.253.218
http://94.228.126.154
http://95.217.3.189
63.143.47.135:10443
091608cm.nyashkoon.top
467376m.dccrk.top
684896lm.nyashkoon.top
734537cm.nyashtyan.top
a0853356.xsph.ru
a0854153.xsph.ru
cb15953.tw1.ru
cn36459.tw1.ru
cs84335.tw1.ru
x96559rd.beget.tech
yaysem.ru.swtest.ru

# Reference: https://twitter.com/drb_ra/status/1693335496431222862

188.132.197.93:1337

# Reference: https://any.run/malware-trends/dcrat (# 2023-08-23)

http://212.113.106.125
http://82.147.85.228
175060m.dccrk.top
232161cm.nyashtyan.top
ch72917.tw1.ru

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-08-25)

http://193.37.71.142
http://77.246.107.91
http://94.156.102.214
071900cm.n9shteam1.top
221968cm.nyashkoon.top
351201cm.nyashtyan.top
388404cm.nyashkoon.top
533261cm.n9shteam1.top
775515cm.n9shteam1.top
898757cm.nyashkoon.top
993855cm.n9shteam1.top
a0567586.xsph.ru
a0840686.xsph.ru
a0855945.xsph.ru
chernobyl-hack.online
cb56823.tw1.ru
cq27523.tw1.ru

# Reference: https://threatfox.abuse.ch/ioc/1152366/

http://82.146.60.137

# Reference: https://threatfox.abuse.ch/ioc/1152367/

http://149.154.71.81

# Reference: https://threatfox.abuse.ch/ioc/1152374/

http://185.104.113.225

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-08-31)

http://103.231.254.144
http://149.154.69.62
http://185.149.146.185
http://217.144.103.11
194.156.88.152:8848
213.238.182.19:3131
95.214.26.88:9933
96074.clmonth.nyashteam.ru
cc75590.tw1.ru
dcrack.ru
f0856923.xsph.ru

# Reference: https://cert.gov.ua/article/5628441 (# UAC-0173)

barnsertr.com

# Reference: https://threatfox.abuse.ch/ioc/1152481/

http://79.137.203.186

# Reference: https://threatfox.abuse.ch/ioc/1152515/

95.214.26.89:9933

# Reference: https://twitter.com/drb_ra/status/1696958515649069237

95.214.26.66:9933

# Reference: https://twitter.com/drb_ra/status/1696958528731201785

95.214.26.67:9933

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-09-01)

http://178.250.159.46
http://213.159.208.46
http://45.8.159.53
http://82.146.57.75
119.91.99.194:8080
150.107.2.176:8848
172.162.233.190:8080
179.13.2.154:4444
179.43.142.36:591
180.12.159.131:64432
185.221.67.22:4444
223.26.57.45:8848
81.218.45.223:8848
91.134.150.156:8080
95.214.27.6:8848
95.222.241.139:8088
004727cm.n9shteam1.top
642541lm.nyashkoon.top
a0852402.xsph.ru
a0854644.xsph.ru
a0871177.xsph.ru
co54255.tw1.ru
ws896.castlehost.ru

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-09-05)

http://46.18.107.229
http://83.220.169.211
20.199.65.155:8848
868692cm.nyashkoon.top
a0856871.xsph.ru
ck39226.tw1.ru
cl08031.tw1.ru
cx11830.tw1.ru
/L1nc0In.php

# Reference: https://www.virustotal.com/gui/file/df09c7578388be896ad2f55e005d4ebb3700af89fe06fc73109847989452656d/detection
# Reference: https://www.virustotal.com/gui/file/d11bd86036bcd409096608ccfc76a098974f38c6802fce1eabc4fd83788f3c58/detection

207.32.218.112:9898
77.247.127.10:9898
93.123.118.74:9898
stylish4.duckdns.org

# Reference: https://threatfox.abuse.ch/ioc/1155391/

878535cm.n9shteam1.top

# Reference: https://threatfox.abuse.ch/ioc/1155706/

klopware.space
status.klopware.space

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-09-09)

012244cm.nyashtyan.top
375230cm.nyashnyash.top
419819cm.nyashkoon.top
604291cm.nyashkoon.top
a0859540.xsph.ru
cz14767.tw1.ru

# Reference: https://threatfox.abuse.ch/ioc/1155797/

http://5.42.85.163

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-09-20)

http://85.192.63.134
103.162.14.197:8686
103.162.14.197:8848
118.89.85.106:8848
150.107.2.178:8848
150.107.2.180:8848
166.88.209.105:8848
168.119.148.218:8848
185.158.251.88:8848
43.248.188.196:8848
51.120.245.251:1024
rocketchange.xyz
124014cm.nyashnyash.top
570264cm.nyashtyan.top
806171cm.n9shteam1.top
a0858699.xsph.ru

# Reference: https://www.virustotal.com/gui/file/0ecff04eedef75ad091b55d1cbdd6c2680b58a3ccb577154e0d1b0bab482c942/detection

access.samp-loader.ru
bot.samp-loader.ru

# Reference: https://www.virustotal.com/gui/file/092fa2ea4f6a254c38547b3b2cc7e22a153fa72b502849327946ca98f9aab839/detection

api.samp-loader.ru

# Reference: https://twitter.com/malwrhunterteam/status/1702212339443835078
# Reference: https://www.virustotal.com/gui/file/24e231bfa888bbb4ade49d3741cd1ad1c85ec2de47460a745a5bf5dea5f5e6e8/detection

505406lm.nyashkoon.top

# Reference: https://threatfox.abuse.ch/ioc/1164012/

http://185.63.191.134

# Reference: https://threatfox.abuse.ch/ioc/1164310/

a0860624.xsph.ru

# Reference: https://twitter.com/Jane_0sint/status/1704526449234096484
# Reference: https://app.any.run/tasks/7aebaa50-c790-438c-93a5-4602f3dcefa7/

http://5.42.84.144
/0LocalrequestCdn/
/dumpbetterProcessorWp/
/VoiddbmariadbCdnRequest/
/Wp5Cdnjavascript/

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-09-21)

nyashnyash.top
770670cm.nyashnyash.top
934062cm.nyashnyash.top
a0863208.xsph.ru

# Reference: https://www.virustotal.com/gui/file/7424f3e36da8d30ba3f88f0633d07e26631842e5ad20c51dc7c570f018faf2f7/detection

nyashteam.top
dc.nyashteam.top

# Reference: https://threatfox.abuse.ch/ioc/1165829/

makui.kriptonhosting.store

# Reference: https://threatfox.abuse.ch/ioc/1165658/

http://213.159.208.100

# Reference: https://threatfox.abuse.ch/ioc/1165974/

179.43.163.120:8008

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-09-23)

http://185.106.92.110
http://92.63.101.56
119.91.99.194:8081
179.43.163.120:8080
362764cm.nyashnyash.top
753139cl.nyashtop.top
co14383.tw1.ru
f0861908.xsph.ru

# Reference: https://www.virustotal.com/gui/file/d2e659e7fcefcbbd51d6a78888f54c5745e8178385a8697ca3478a0e83d70f71/detection
# Reference: https://www.virustotal.com/gui/file/723bc3e3fe448223922702806b2edfbbb7b132879ae5021f01c55d9aac4d0af1/detection

49.12.227.111:8848
dcrat.vnh.wtf

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-09-26)

http://45.144.233.162
103.39.78.162:8088
20.199.64.106:8848
109888cm.nyashnyash.top
394776cl.nyashtop.top
398693cm.nyashnyash.top

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-10-01)

15.207.54.166:8848
177.255.90.40:8010
181.235.12.82:5000
20.199.18.38:1024
202.146.218.35:8848
77.91.124.111:5552
23872634cm.whiteproducts.ru
343848cm.nyashnyash.top
cp37626.tw1.ru
dccrk.top
766392m.dccrk.top
nukermij.beget.tech

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-10-02)

http://18.118.199.163
http://188.120.253.147
http://193.37.70.233
134.255.254.102:32400
154.38.113.75:8848
179.13.2.154:2323
179.13.2.154:9000
185.196.8.91:591
185.254.37.40:8899
186.169.68.32:5000
186.169.49.3:8000
186.169.49.3:9000
45.195.54.195:2828
a0868980.xsph.ru
a0871308.xsph.ru
cd21797.tw1.ru
cj77911.tw1.ru
cn56603.tw1.ru
cr78464.tw1.ru
firsovak.beget.tech

# Reference: https://twitter.com/smica83/status/1711047976238387549
# Reference: https://www.virustotal.com/gui/file/01f00b78503924bcb25ec6aedaaaf9200b68329e686e22fbdc85e0c28a51d4e2/detection

underical.cc

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-10-10)

http://77.91.124.41
http://91.107.120.136
14.233.244.57:7772
18.231.93.153:18161
194.36.177.94:9999
n9shteam2.top
/toJavascriptJsprocessorDatalifePublic.php

# Reference: https://twitter.com/Gi7w0rm/status/1711900442899149240
# Reference: https://twitter.com/Gi7w0rm/status/1718319435600019675
# Reference: https://twitter.com/Gi7w0rm/status/1719372490261012636

http://80.66.87.148
aaronestebancoaching.com
voice-ai.store
voiceaipro.com
ed.voice-ai.store
en.voice-ai.store
en.voiceaipro.com
us.voiceaipro.com
voice.2005thavenue.com
voice.aktivewebsitedesign.com
voiceai.aaronestebancoaching.com

# Reference: https://threatfox.abuse.ch/ioc/1187460/

185.196.9.95:8080

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-10-19)

http://46.17.104.60
http://82.146.39.98
112.213.101.35:1145
112.213.101.67:1145
112.213.101.73:1145
195.85.205.150:1337
20.199.16.204:1024
20.199.45.15:8848
20.90.46.68:8080
212.87.204.29:8080
52.186.179.225:1337
whiteproducts.ru
012315cm.n9shteam1.top
304588cm.nyashnyash.top
355212cm.nyashnyash.top
1097252cm.whiteproducts.ru
12785373cm.whiteproducts.ru
23872634cm.whiteproducts.ru
2895743cm.whiteproducts.ru
2918221licm.whiteproducts.ru
29959593cm.whiteproducts.ru
32425226cm.whiteproducts.ru
345727892cm.whiteproducts.ru
3857294cm.whiteproducts.ru
3857374cm.whiteproducts.ru
387374374cm.whiteproducts.ru
4859395cm.whiteproducts.ru
48758294cm.whiteproducts.ru
7355826cm.whiteproducts.ru
7862368cm.whiteproducts.ru
8187790licm.whiteproducts.ru
82957222cm.whiteproducts.ru
8361285cm.whiteproducts.ru
84625264cm.whiteproducts.ru
8476838cm.whiteproducts.ru
93473573cm.whiteproducts.ru
94868473cm.whiteproducts.ru
ci80904.tw1.ru

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-10-29)

http://100.25.110.137
http://141.255.152.88
http://141.255.153.99
http://172.86.66.137
http://188.120.235.51
http://193.37.71.22
http://5.182.86.156
http://5.42.86.60
http://77.91.124.101
http://78.24.216.97
http://78.47.204.48
http://85.215.218.19
103.144.240.21:6699
103.147.185.18:1604
106.14.153.130:8848
107.175.243.138:8848
107.189.169.135:8848
119.91.99.194:8088
119.91.99.194:8848
124.221.43.13:8848
141.98.10.132:8888
141.98.6.98:8848
154.23.182.73:8848
154.53.42.53:8845
156.240.108.109:8848
156.240.108.145:8848
156.240.108.178:8848
159.65.235.56:5555
164.92.246.58:9087
172.94.103.13:8848
185.196.8.91:8008
185.212.47.90:8843
185.241.208.27:2404
212.192.12.222:5000
223.26.57.5:1145
3.131.147.49:12994
38.181.35.175:8848
43.249.8.44:7070
43.249.8.44:7071
45.138.16.187:8848
45.138.16.187:9898
45.81.39.179:8848
5.181.80.69:8848
51.75.52.3:8848
65.109.56.26:8848
77.91.124.111:8848
81.161.229.91:6667
91.92.240.91:8848
foulertech.online
045885cm.nyashcrack.top
078374cm.nyashnyash.top
118821cm.nyashkoon.top
269818cm.nyashland.top
396388cm.nyashland.top
400886cm.nyashnyash.top
639538cm.nyashcrack.top
a0872673.xsph.ru
ci61682.tw1.ru
ck53254.tw1.ru
cm87784.tw1.ru
co99163.tw1.ru
ct46096.tw1.ru
ct70489.tw1.ru
cv59914.tw1.ru
cx51464.tw1.ru
f0885664.xsph.ru
simikkzd.beget.tech

# Reference: https://twitter.com/ScumBots/status/1720155763732091327
# Reference: https://www.virustotal.com/gui/file/c9c19f83c9f151bb29cd21779c0ade1f7363805d7e3c5b6d227e109973243d6e/detection

13.52.204.76:17680
13.52.62.53:17680
52.9.148.222:17680
52.9.153.64:17680
52.9.84.44:17680
54.219.47.216:17680
paste-bin.xyz

# Reference: https://www.virustotal.com/gui/ip-address/37.255.148.138/community

http://37.255.148.138

# Reference: https://threatfox.abuse.ch/ioc/1199125/

host1835875.hostland.pro

# Reference: https://threatfox.abuse.ch/ioc/1201607/

abobub-001-site1.etempurl.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-11-25)

http://141.255.152.24
http://197.113.236.128
http://197.114.177.145
http://197.115.207.45
http://77.91.124.202
http://82.146.33.89
http://82.146.59.131
http://83.147.245.42
103.243.26.65:8848
171.41.251.170:25565
078301cm.nyashland.top
12112.ru.swtest.ru
217196cm.nyashcrack.top
598194cm.nyashland.top
925823lm.nyashnyash.top
a0885630.xsph.ru
a0887556.xsph.ru

# Reference: https://www.virustotal.com/gui/file/76e3ae7e17cd4adc52519baa31226bbf032ac1ca7ac3947cd59c01f730f1c934/detection
# Reference: https://www.virustotal.com/gui/file/df74b225d403122d58eabeba3b2a8442d223df78d56f97e3ee81b6b4ede158ea/detection

77.127.86.54:4444
87.70.175.54:4443
123d.ddns.net

# Reference: https://www.virustotal.com/gui/file/8a9c1f6cbb3c007686dd49723babb95afc94933aabf1c2012e395ee3ecf3a65b/detection

46.246.86.3:2106

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-12-03)

http://141.255.144.167
http://141.255.146.60
http://141.255.151.123
http://154.242.81.6
http://154.246.141.162
http://154.246.25.204
http://154.247.11.93
http://154.247.87.209
http://185.234.247.107
http://188.127.227.49
http://188.127.229.238
http://188.127.242.156
http://195.20.16.116
http://213.159.208.250
http://37.220.86.210
http://46.8.29.132
http://80.66.89.123
http://89.23.101.188
http://89.23.101.210
http://89.23.99.83
http://94.131.112.229
http://95.164.22.193
167.94.158.156:8989
171.41.252.199:25565
172.208.93.32:1337
249782m.dccrk.top
306341cm.nyashland.top
491061cm.nyashland.top
740307cm.nyashland.top
766282cm.nyashland.top
767241cm.nyashland.top
a0840745.xsph.ru
a0888880.xsph.ru
a0889022.xsph.ru
a0889572.xsph.ru
a0890495.xsph.ru
cd75930.tw1.ru
celestinepanel.000webhostapp.com
ck49537.tw1.ru
cw11723.tw1.ru
evgenzow.beget.tech
gybin6gz.beget.tech
t3terncy.beget.tech

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-12-05)

http://141.255.145.130
http://154.246.105.39
http://185.242.86.164
http://213.159.214.92
http://82.146.62.215
004242cm.nyashland.top
302099cm.nyashland.top
666541cm.nyashland.top
cs58019.tw1.ru
f0888474.xsph.ru
hldnzeftm3.temp.swtest.ru
zubareff.site

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-12-07)

http://62.109.14.64
http://62.122.213.56
019214cm.nyashland.top
098452cm.nyashland.top
233584cm.nyashland.top
f0892247.xsph.ru
sinastallh.temp.swtest.ru
tool5245636476.000webhostapp.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-12-09)

http://185.221.198.229
http://188.120.233.136
http://195.85.250.175
http://5.42.92.212
http://62.109.10.76
http://79.174.94.41
20.199.26.211:8848
4.194.12.203:443
039030cm.nyashland.top
866280lm.nyashmyash.top
882394cm.nyashland.top
a0894385.xsph.ru
eukpukpup0.temp.swtest.ru
f0892975.xsph.ru
gorgodlm.beget.tech
krutnotupg.temp.swtest.ru

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-12-17)

http://141.255.153.13
http://141.255.156.189
http://154.246.109.167
http://154.247.199.149
http://154.247.95.30
http://188.120.254.27
http://92.63.97.182
185.187.170.127:9000
38.59.124.61:5555
38.59.124.61:6666
044574cm.nyashland.top
199618cl.nyashtop.top
546346346dod.whiteproducts.ru
650602cm.nyashtech.top
714745cm.nyashland.top
743823cm.nyashtech.top
8572975289cm.whiteproducts.ru
a0891158.xsph.ru
a0894367.xsph.ru
co57358.tw1.ru
crackdcptme.000webhostapp.com
f0894994.xsph.ru

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2023-12-24)

http://141.255.147.252
http://194.110.248.41
http://213.226.100.235
http://78.24.217.54
http://82.146.37.188
154.12.254.215:46450
8.219.4.230:8001
80.240.16.166:1337
012782m.dccrk.top
315615cm.nyashtech.top
324387cm.nyashtech.top
537201lm.nyashmyash.top
630956lm.nyashmyash.top
736134cm.nyashland.top
962855cm.nyashtech.top
a0896895.xsph.ru
cm53710.tw1.ru
dfhdjtujngtdj.atwebpages.com
f0898772.xsph.ru
fronzysb.beget.tech
fsdxda2eedasdc.atwebpages.com
injuuuste2.temp.swtest.ru
sosunsasun.temp.swtest.ru
zekhost.000webhostapp.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-01-01)

http://101.99.93.85
http://141.255.151.226
http://185.106.94.86
http://212.60.21.225
http://37.220.86.148
http://45.11.77.54
http://77.83.173.248
http://79.174.94.220
http://80.87.199.249
http://83.229.75.221
http://89.104.66.62
103.143.80.140:8848
103.17.185.70:5555
104.143.46.9:8848
107.148.13.223:8848
108.61.177.107:1337
111.173.89.100:8848
118.107.7.237:8848
120.78.139.3:8848
123.207.75.205:8848
124.220.49.140:8000
128.199.66.119:56789
139.155.92.118:8848
151.236.59.218:8888
156.245.19.71:8848
156.245.19.73:8848
156.245.19.81:8848
172.206.62.226:1337
179.43.163.120:8090
185.213.25.37:8848
192.99.152.153:4449
193.112.79.150:8848
193.143.1.136:8848
193.84.248.185:8848
20.217.81.50:8080
202.162.109.198:8848
27.102.134.120:8848
27.147.169.101:3333
38.59.124.16:5555
38.59.124.16:6666
38.59.124.49:5555
38.59.124.49:6666
40.66.41.222:1024
42.192.132.36:8848
45.11.47.195:8848
47.94.241.76:443
47.94.83.202:8848
64.176.217.187:5555
66.135.26.66:9095
67.205.154.243:48303
8.210.131.175:65503
87.251.67.215:8888
91.107.200.181:8890
91.198.66.47:2023
91.92.241.198:8848
91.92.242.235:8848
91.92.252.194:4449
010532cm.nyashcrack.top
137953cm.nyashtech.top
276721cm.nyashtech.top
718146m.dccrk.top
847702cm.nyashtech.top
882584cm.nyashtech.top
890113cm.nyashland.top
990489lm.nyashmyash.top
a0896387.xsph.ru
a0899050.xsph.ru
a0899944.xsph.ru
a0899956.xsph.ru
a0900918.xsph.ru
a0902024.xsph.ru
a0902362.xsph.ru
a0903379.xsph.ru
aguantemessi0234.000webhostapp.com
blackberryfn.duckdns.org
cj13214.tw1.ru
cw27296.tw1.ru
nemicata.beget.tech
wefwe23f2m.temp.swtest.ru

# Reference: https://www.virustotal.com/gui/file/e1974c4099cd21cc0b538bdce94f78165930fbfe1f79e7f0fcca3cd276d39bda/detection

fanumtax123.ddns.net
/sssssssss/68ce5b29.php

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-01-09)

http://185.251.91.215
http://83.220.169.42
http://89.23.112.15
028874lm.nyashmyash.top
045134cm.nyashtech.top
526775cm.nyashtech.top
glacial-liquor.000webhostapp.com
tiyeso4885.temp.swtest.ru

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-01-15)

http://109.107.182.163
http://147.45.196.103
http://176.123.168.238
http://188.120.226.211
http://20.161.72.166
http://45.87.246.118
http://62.109.28.71
http://82.97.243.114
http://89.185.84.52
http://89.23.115.8
http://95.163.228.74
147.135.85.114:4444
172.111.136.105:2016
179.13.3.199:8010
183.131.83.145:8000
75.119.138.31:8848
98.66.161.180:8848
009788cm.nyashtech.top
011781cm.nyashtech.top
837565cm.nyashtech.top
852377cm.nyashland.top
898082lm.nyashmyash.top
977789cm.nyashland.top
a0894373.xsph.ru
a0899768.xsph.ru
a0902645.xsph.ru
a0904422.xsph.ru
a0904877.xsph.ru
a0906284.xsph.ru
a0909123.xsph.ru
a0910594.xsph.ru
cf43561.tw1.ru
ck52959.tw1.ru
cm65543.tw1.ru
cw42035.tw1.ru
cz07639.tw1.ru
fwjfiwmail.temp.swtest.ru
yedar2on.beget.tech

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-01-24)

http://185.185.68.156
http://185.221.198.108
http://20.161.72.166
http://3.79.229.48
http://3.79.245.165
http://45.32.153.79
http://46.29.237.220
http://80.66.89.148
http://94.156.65.94
107.150.23.137:8010
40.112.134.176:1024
45.131.108.123:2003
45.131.108.123:22
45.74.7.87:8898
94.130.49.62:6214
nyashmyash.top
nyashtech.top
127895cm.nyashmyash.top
172969cm.nyashtech.top
192565cm.nyashtech.top
369023cm.nyashmyash.top
562173cm.nyashmyash.top
647249cm.nyashtech.top
691908cm.nyashtech.top
792487ll.nyashmyash.top
812285cm.nyashtech.top
852287cm.nyashland.top
984794727cm.whiteproducts.ru
a0903703.xsph.ru
a0907744.xsph.ru
a0908021.xsph.ru
cj23497.tw1.ru
ck70571.tw1.ru
cz17350.tw1.ru
edsfeejsdbfelefaubdiaslfedafd.000webhostapp.com
j6yla0n2hm.temp.swtest.ru

# Reference: https://www.virustotal.com/gui/file/5986afdabceec7308a5192491905fb44c1f7fb770c663d5a4718f3cc7f722108/detection

http://124.221.43.13

# Reference: https://www.virustotal.com/gui/file/00ef3e134c11cb7836a8fb11367a71e2526c62f088d9fda1b3b86ef193d83003/detection

483059cm.nyashtech.top

# Reference: https://www.virustotal.com/gui/ip-address/172.67.178.175/relations

104718cm.nyashtech.top
855212cm.nyashtech.top
744734cm.nyashtech.top
119313cm.nyashtech.top
867233cm.nyashtech.top
414712cm.nyashtech.top
943186cm.nyashtech.top
209226cm.nyashtech.top
324229cm.nyashtech.top
265003cm.nyashtech.top
326516cm.nyashtech.top
600127cm.nyashtech.top
378416cm.nyashtech.top
172969cm.nyashtech.top
076902cm.nyashtech.top
691908cm.nyashtech.top
678026cm.nyashtech.top
838536cm.nyashtech.top
647249cm.nyashtech.top
192565cm.nyashtech.top
906812cm.nyashtech.top
050909cm.nyashtech.top
718710cm.nyashtech.top
372451cm.nyashtech.top
348774cm.nyashtech.top
544557cm.nyashtech.top
201441cm.nyashtech.top
258640cm.nyashtech.top
151855cm.nyashtech.top
837565cm.nyashtech.top
997423cm.nyashtech.top
127562cm.nyashtech.top
685938cm.nyashtech.top
480193cm.nyashtech.top
907916cm.nyashtech.top
009788cm.nyashtech.top
011781cm.nyashtech.top
810413cm.nyashtech.top
654625cm.nyashtech.top
992152cm.nyashtech.top
951499cm.nyashtech.top
279306cm.nyashtech.top
532957cm.nyashtech.top
600225cm.nyashtech.top
526775cm.nyashtech.top
276721cm.nyashtech.top
744346cm.nyashtech.top
612098cm.nyashtech.top
640093cm.nyashtech.top
832325cm.nyashtech.top
045134cm.nyashtech.top
137953cm.nyashtech.top
218282cm.nyashtech.top
845900cm.nyashtech.top
965262cm.nyashtech.top
007330cm.nyashtech.top
678769cm.nyashtech.top
890801cm.nyashtech.top
882584cm.nyashtech.top
812285cm.nyashtech.top
315264cm.nyashtech.top
847702cm.nyashtech.top
304718cm.nyashtech.top
315615cm.nyashtech.top
364739cm.nyashtech.top
962855cm.nyashtech.top
921310cm.nyashtech.top
496493cm.nyashtech.top
324387cm.nyashtech.top
630004cm.nyashtech.top
870333cm.nyashtech.top
426899cm.nyashtech.top
494792cm.nyashtech.top
650602cm.nyashtech.top
955402cm.nyashtech.top
743823cm.nyashtech.top
694604cm.nyashtech.top

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-02-04)

http://141.255.146.46
http://141.255.159.135
http://141.255.159.87
http://154.246.107.125
http://154.246.204.6
http://154.247.197.111
http://154.247.243.232
http://183.105.191.36
http://185.185.68.50
http://185.195.27.26
http://185.244.51.120
http://185.87.199.10
http://193.187.172.13
http://194.36.209.243
http://20.215.193.147
http://46.174.52.97
http://5.35.80.183
http://77.222.54.18
http://77.91.124.159
http://85.209.9.184
111.92.243.131:8848
139.99.186.184:8848
154.204.178.170:8848
166.88.61.138:9898
171.41.199.216:25565
171.80.234.90:25565
171.80.235.121:25565
171.80.235.135:25565
171.80.251.240:25565
178.236.247.250:8848
186.169.69.242:8523
192.253.251.98:8848
198.13.49.217:8848
20.14.88.85:8447
210.56.49.4:8848
213.226.117.48:1337
38.181.35.232:8848
43.143.236.67:8080
45.76.12.238:5555
45.76.196.96:8848
47.242.73.99:8848
64.176.217.187:6666
85.209.176.79:8848
91.92.242.235:9898
91.92.249.225:2023
91.92.255.107:8848
94.102.148.42:1337
94.102.155.46:1337
94.156.65.19:1337
94.156.69.93:4444
95.72.172.97:9080
681428cm.nyashmyash.top
a0910130.xsph.ru
a0912235.xsph.ru
cm56126.tw1.ru
f0912091.xsph.ru
f0913347.xsph.ru
self-lighting-subpr.000webhostapp.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-02-11)

http://185.16.39.248
http://194.87.93.199
http://20.117.106.245
http://45.90.217.194
http://5.230.229.207
178.73.218.6:2222
178.73.218.9:2222
181.141.40.28:4433
193.111.248.167:2003
193.163.7.156:8008
40.66.42.165:1024
46.246.6.2:2121
46.246.84.13:2222
5.180.155.218:1337
91.92.241.121:2023
91.92.241.128:2023
91.92.241.39:2023
007017cm.nyashsens.top
103761cm.nyashsens.top
553689cm.nyashsens.top
837376cm.nyashsens.top
a0905211.xsph.ru
a0905554.xsph.ru
a0909872.xsph.ru
a0913447.xsph.ru
a0915620.xsph.ru
a0916186.xsph.ru
a0916535.xsph.ru
cd43986.tw1.ru
exhaustless-bracket.000webhostapp.com
f0915140.xsph.ru
hammiest-dependents.000webhostapp.com
lest1kkror.ru.swtest.ru
workonz7.beget.tech

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-02=12)

http://217.25.94.158
http://62.109.13.250
http://91.107.121.253
46.246.82.7:6000
a0914338.xsph.ru
bobrcurw.top
cr13705.tw1.ru
lilbabyfan.000webhostapp.com

# Reference: https://twitter.com/IronNetTR/status/1767991209065115925

206.238.43.147:65503

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-03-17)

http://147.45.197.82
http://159.89.17.81
http://176.123.169.110
http://185.104.113.237
http://185.130.46.46
http://185.195.24.252
http://185.246.67.26
http://185.87.199.107
http://188.120.229.213
http://188.120.241.126
http://193.233.255.228
http://195.2.84.94
http://195.43.142.35
http://20.117.169.244
http://20.26.126.28
http://45.9.73.82
http://5.182.87.104
http://51.142.10.24
http://62.109.11.10
http://62.109.7.175
http://77.91.124.57
http://79.137.207.120
http://79.174.94.173
http://80.66.89.102
http://80.78.243.170
http://80.85.246.217
http://81.200.146.58
http://82.115.223.136
http://82.146.60.218
http://86.110.194.110
http://89.23.97.121
http://89.23.98.146
http://91.107.121.93
http://91.220.109.66
http://95.142.35.43
106.53.186.12:8848
124.220.200.241:8848
147.135.85.114:8000
154.23.178.106:8848
154.23.178.139:8848
154.23.178.70:8848
166.88.61.138:8848
171.41.197.221:25565
171.41.198.240:25565
171.41.251.198:25565
171.80.216.99:25565
172.174.236.21:1337
178.73.192.11:5000
179.14.8.182:6606
179.14.9.152:4433
180.140.129.152:8848
181.141.40.47:4433
191.88.249.10:4433
191.88.249.121:4433
191.88.250.232:4433
194.147.140.242:2202
20.107.243.137:3000
20.19.32.59:1024
20.197.231.238:8848
212.192.12.222:5008
27.124.34.10:1145
27.124.34.14:1145
27.124.34.16:1145
27.156.108.198:6079
45.67.231.21:1337
46.246.12.2:6000
46.246.14.3:6000
46.246.14.6:6000
46.246.4.11:6000
46.246.4.16:6000
46.246.6.11:5000
46.246.6.6:6000
46.246.80.10:6000
46.246.80.13:6000
46.246.80.4:6000
46.246.80.7:6000
46.246.84.5:6000
46.246.86.12:6000
46.246.86.16:5000
46.246.86.9:6000
5.181.80.13:8848
5.42.92.25:8848
74.91.29.67:8848
78.46.191.105:6666
83.217.9.199:8848
88.153.94.39:4444
89.117.23.25:46450
91.202.233.133:8848
91.92.245.119:443
91.92.252.227:1000
95.165.99.74:8443
95.179.200.130:1024
058493cm.nyashsens.top
102822cm.nyashsens.top
113304cm.n9shteam2.top
113754cm.nyashtech.top
209374cm.nyashsens.top
27925375.whiteproducts.ru
356873cm.nyashtyan.top
386958cm.nyashsens.top
392065cm.n9shteam2.top
421820cm.n9shteam2.top
514885cm.nyashsens.top
597359lm.nyashsens.top
737165cm.nyashsens.top
739668cm.n9shteam2.top
767163cm.nyashsens.top
785319cm.nyashsens.top
825947295cm.whiteproducts.ru
88888cl.nyashtyan.top
969727cm.nyashsens.top
a0913701.xsph.ru
a0914958.xsph.ru
a0916462.xsph.ru
a0916796.xsph.ru
a0918108.xsph.ru
a0919021.xsph.ru
a0919167.xsph.ru
a0919334.xsph.ru
a0922009.xsph.ru
a0922245.xsph.ru
a0922949.xsph.ru
a0923143.xsph.ru
a0923400.xsph.ru
a0923769.xsph.ru
a0924648.xsph.ru
a0925146.xsph.ru
a0927241.xsph.ru
a0927657.xsph.ru
chromestartup.top
ck07725.tw1.ru
cm65198.tw1.ru
cs52010.tw1.ru
cs52256.tw1.ru
cy58784.tw1.ru
cz13602.tw1.ru
f0885058.xsph.ru
f0914549.xsph.ru
f0918974.xsph.ru
f0924067.xsph.ru
f0929508.xsph.ru
gafisezs.beget.tech
gaming7core.info
gp104995g2.temp.swtest.ru
h172956.srv11.test-hf.su
icanzuo.top
miwekahb.beget.tech
pipikaka-ggg.000webhostapp.com
rosalihi.beget.tech
vamknigi.mcdir.me
vilon.000webhostapp.com
watermjx.beget.tech

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-03-24)

http://185.173.36.217
http://195.20.16.119
http://212.109.193.246
http://80.78.243.49
103.165.81.207:8888
202.47.118.167:8080
38.59.124.61:8848
43.129.31.231:8848
46.246.12.4:5000
46.246.14.3:5000
46.246.4.5:5000
46.246.6.15:6000
46.246.6.21:6000
46.246.82.17:6000
46.246.82.24:6000
46.246.84.14:5000
46.246.84.16:5000
46.246.86.15:5000
82.66.185.138:4449
n9shteam3.top
onedrivepack.com
042506cm.n9shteam2.top
181571cm.n9shteam1.top
585196cm.n9shteam1.top
785654cm.n9shteam3.top
839860cm.n9shteam3.top
926388cm.n9shteam3.top
a0583448.xsph.ru
a0929875.xsph.ru
a0932103.xsph.ru
cf31000.tw1.ru
cq25511.tw1.ru
ct39024.tw1.ru

# Reference: https://twitter.com/IronNetTR/status/1772276171532611978

45.91.226.96:65503

# Reference: https://www.virustotal.com/gui/file/a89667a64a05760547dd5b7f8a87181fb145a48ed2492392918e653c7e5bb9a6/detection

179.13.0.175:7091
promesasalvaro1.duckdns.org

# Reference: https://www.virustotal.com/gui/file/7e81616c030fd562f23a4a6a6ce8f62d62e2db0673cbc1ecad826c400a67a69b/detection

185.81.157.105:333
186.169.52.181:7079
ivadici-18.duckdns.org

# Reference: https://www.virustotal.com/gui/file/483c26de4c47fb01964f83c8c23ea38e6ef25c62c1693d6f6e6b2f9597b1ecab/detection

186.169.47.122:9531

# Reference: https://www.virustotal.com/gui/file/472286992086f88eaba8d9bbdfe0a43df77c404df62202dd73601be65bb27d1c/detection

179.13.0.24:7079

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-04-10)

http://154.23.178.106
http://154.23.178.139
http://154.23.178.70
http://176.124.220.79
http://185.230.64.239
http://212.109.198.52
http://213.171.8.25
http://38.180.35.114
http://38.181.35.175
http://77.105.161.180
http://77.105.161.254
http://77.221.143.152
http://80.66.84.71
http://80.71.227.167
http://89.23.98.225
http://91.107.120.42
http://91.92.252.39
1.14.126.22:8848
103.165.81.103:1145
103.186.108.212:8848
103.209.129.94:1145
104.161.53.196:8848
106.53.186.12:8012
128.199.66.119:57411
144.91.127.15:4546
160.20.109.7:2003
171.41.198.122:25565
178.73.218.14:5000
179.13.2.154:2230
179.13.3.18:8010
188.126.90.3:5000
20.199.44.70:1024
20.199.87.153:8848
202.95.23.39:5555
206.233.128.142:65503
206.238.196.192:8090
211.101.247.89:8848
3.125.102.39:12853
34.92.107.200:8001
34.92.107.200:8002
34.92.107.200:8011
34.92.107.200:8012
38.147.172.16:443
39.101.177.68:8848
43.129.31.231:8858
45.76.142.33:1604
46.246.12.2:5000
46.246.14.15:6000
46.246.14.9:6000
46.246.4.6:6000
46.246.80.9:5000
46.246.82.12:7000
46.246.82.18:6000
46.246.82.4:5000
46.246.84.23:5000
46.246.84.3:6000
46.246.84.3:7000
46.246.84.8:5000
46.246.86.15:6000
46.246.86.15:7000
47.242.231.229:65503
47.242.64.202:65503
47.243.4.123:65503
47.76.41.68:65503
51.116.96.182:4000
51.68.169.77:443
58.87.70.252:8848
8.210.3.81:65503
8.217.225.19:65503
8.217.88.225:65503
8.218.27.81:65503
85.209.195.22:1337
88.214.59.115:8848
88.99.214.187:3232
89.105.201.158:4444
89.105.201.158:591
89.105.201.158:8080
89.105.201.158:8090
89.105.201.98:591
91.102.163.73:1024
91.92.250.207:8081
91.92.255.244:8845
91.92.255.244:8848
91.92.255.249:8845
91.92.255.249:8848
94.156.10.201:8848
94.156.71.184:8848
94.156.71.212:2222
95.172.23.98:8848
nyashland.top
nyashsens.top
131217cm.n9shteam3.top
267097cm.n9shteam1.top
490523cm.nyashland.top
531995cl.nyashtop.top
878497cm.nyashsens.top
93757283cm.whiteproducts.ru
a0869574.xsph.ru
a0881216.xsph.ru
a0917913.xsph.ru
a0933252.xsph.ru
a0933702.xsph.ru
a0934860.xsph.ru
a0935095.xsph.ru
a0935883.xsph.ru
a0936238.xsph.ru
a0938327.xsph.ru
a0938575.xsph.ru
a0938913.xsph.ru
ca87122.tw1.ru
cf73329.tw1.ru
ct22043.tw1.ru
f0934723.xsph.ru
fire-studio.000webhostapp.com
firerebbit.top
huinyao.hunamuna.ru
kuailianv.com
opratio.top

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-04-14)

http://109.107.182.28
http://45.195.54.195
http://77.221.158.35
http://79.174.94.153
107.167.92.76:8848
162.33.178.99:4567
172.94.39.213:2016
178.73.218.12:5000
45.195.54.195:8080
45.195.54.195:8888
46.246.14.2:5000
46.246.82.21:8000
46.246.82.6:6000
46.246.86.18:8000
52.185.161.226:8080
52.185.161.226:8848
a0917747.xsph.ru

# Reference: https://twitter.com/K_N1kolenko/status/1779794083990343939

276261cm.nyashkoon.top

# Reference: https://www.virustotal.com/gui/file/d79a750ee167a5091e3b3d72a7d0e818e4eb816d74cbf173bc65c54f8563f986/detection
# Reference: https://www.virustotal.com/gui/file/af15dba7febd481bc561896f504ca39da7856f28d33ae9d41968fc63b064fe15/detection

179.13.0.175:7095
186.169.60.250:7084
procesoexitos1.duckdns.org

# Reference: https://www.virustotal.com/gui/file/236831b10dd11048659f6ecedff1f2020e0158eb1dda70f9a3c114c6913faa20/detection

179.13.0.175:7092
companianuevoano.duckdns.org
newdcrat777.duckdns.org
newservices1.duckdns.org

# Reference: https://www.virustotal.com/gui/file/52074a60b7b1235c0688d7d923c80ecff27d1b19c7e1485d3bb0a8acd9460946/detection

srv416860.hstgr.cloud

# Reference: https://www.virustotal.com/gui/file/7c190a66de1e69720ea226dab36f86d3d26d15e60fe20a6b20cfbd20e548bc02/detection

185.161.209.155:8848

# Reference: https://www.virustotal.com/gui/file/fa244cc3fa7784bd21fc95a6e7a311686b6875ba0b770a1e6383481edc95973a/detection

179.13.0.175:7097
comercialnuevoan20.casacam.net

# Reference: https://twitter.com/naumovax/status/1788226040277484029
# Reference: https://tria.ge/240401-2sr2lahc7x/behavioral1
# Reference: https://www.virustotal.com/gui/file/20846a4d12bfec2dcada815d04167bb471a0e7b173c7ba1ca6a2bfad1573d5cf/detection

18.158.249.75:11097
3.125.102.39:11097

# Reference: https://www.virustotal.com/gui/file/15c37fc34c843c04dd97fdb40a9c767c0964a02ee7c0d9b22fd67a85fcf39a8a/detection

172.94.108.75:7786

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-05-27)

http://109.107.182.145
http://146.0.73.222
http://147.45.44.3
http://154.248.27.182
http://176.123.168.151
http://185.221.198.248
http://185.43.4.41
http://188.120.242.235
http://193.17.183.196
http://199.231.191.222
http://20.117.109.69
http://212.109.196.215
http://45.130.42.16
http://45.141.102.40
http://5.35.98.20
http://62.109.13.68
http://62.109.7.179
http://77.221.157.108
http://82.146.61.164
http://85.159.231.54
http://89.111.173.112
http://89.23.98.112
http://91.240.84.178
005514cm.n9shteam1.top
044913cm.n9shteam2.top
046408cm.n9shteam3.top
055442cm.n9shteam2.top
065963cm.nyashkoon.top
1.92.114.234:8000
101.43.186.30:8848
101.43.49.80:8848
103.187.4.53:8080
103.187.4.53:8848
103.195.236.62:6789
103.254.73.247:63305
103.254.73.248:63305
103.254.73.249:63305
103.45.173.142:4444
104.238.167.85:1024
107.167.18.2:7979
107.167.18.3:7979
107.167.18.4:7979
107.167.18.5:7979
107.167.18.6:7979
120.46.37.189:8848
123.207.198.252:8848
137.175.123.61:8848
137.175.123.62:8848
137.175.123.63:8848
137.175.123.64:8848
137.175.123.65:8848
137.175.68.193:8848
137.175.68.194:8848
137.175.68.195:8848
137.175.68.196:8848
137.175.68.197:8848
137.175.68.198:8848
137.175.68.199:8848
137.175.68.200:8848
137.175.68.201:8848
137.175.68.202:8848
137.175.68.203:8848
137.175.68.204:8848
137.175.68.205:8848
137.175.68.206:8848
137.175.68.207:8848
137.175.68.208:8848
137.175.68.209:8848
137.175.68.210:8848
137.175.68.211:8848
137.175.68.212:8848
137.175.68.213:8848
137.175.68.214:8848
137.175.68.215:8848
137.175.68.216:8848
137.175.68.217:8848
137.175.68.218:8848
137.175.68.219:8848
137.175.68.220:8848
137.175.68.221:8848
137.175.68.222:8848
137.175.68.223:8848
137.175.68.224:8848
137.175.68.225:8848
137.175.68.226:8848
137.175.68.227:8848
137.175.68.228:8848
137.175.68.229:8848
137.175.68.230:8848
137.175.68.231:8848
137.175.68.232:8848
137.175.68.233:8848
137.175.68.234:8848
137.175.68.235:8848
137.175.68.236:8848
137.175.68.237:8848
137.175.68.238:8848
137.175.68.239:8848
137.175.68.240:8848
137.175.68.241:8848
137.175.68.242:8848
137.175.68.243:8848
137.175.68.244:8848
137.175.68.245:8848
137.175.68.246:8848
137.175.68.247:8848
137.175.68.248:8848
137.175.68.249:8848
137.175.68.250:8848
137.175.68.251:8848
137.175.68.252:8848
137.175.68.253:8848
137.175.70.100:8848
137.175.70.101:8848
137.175.70.102:8848
137.175.70.103:8848
137.175.70.104:8848
137.175.70.105:8848
137.175.70.106:8848
137.175.70.107:8848
137.175.70.108:8848
137.175.70.109:8848
137.175.70.110:8848
137.175.70.111:8848
137.175.70.112:8848
137.175.70.113:8848
137.175.70.114:8848
137.175.70.115:8848
137.175.70.116:8848
137.175.70.117:8848
137.175.70.118:8848
137.175.70.119:8848
137.175.70.120:8848
137.175.70.121:8848
137.175.70.122:8848
137.175.70.123:8848
137.175.70.124:8848
137.175.70.125:8848
137.175.70.65:8848
137.175.70.66:8848
137.175.70.67:8848
137.175.70.68:8848
137.175.70.69:8848
137.175.70.70:8848
137.175.70.71:8848
137.175.70.72:8848
137.175.70.73:8848
137.175.70.74:8848
137.175.70.75:8848
137.175.70.76:8848
137.175.70.77:8848
137.175.70.78:8848
137.175.70.79:8848
137.175.70.80:8848
137.175.70.81:8848
137.175.70.82:8848
137.175.70.83:8848
137.175.70.84:8848
137.175.70.85:8848
137.175.70.86:8848
137.175.70.87:8848
137.175.70.88:8848
137.175.70.89:8848
137.175.70.90:8848
137.175.70.91:8848
137.175.70.92:8848
137.175.70.93:8848
137.175.70.94:8848
137.175.70.95:8848
137.175.70.96:8848
137.175.70.97:8848
137.175.70.98:8848
137.175.70.99:8848
137.175.73.100:8848
137.175.73.101:8848
137.175.73.102:8848
137.175.73.103:8848
137.175.73.104:8848
137.175.73.105:8848
137.175.73.106:8848
137.175.73.107:8848
137.175.73.108:8848
137.175.73.109:8848
137.175.73.110:8848
137.175.73.111:8848
137.175.73.112:8848
137.175.73.113:8848
137.175.73.114:8848
137.175.73.115:8848
137.175.73.116:8848
137.175.73.117:8848
137.175.73.118:8848
137.175.73.119:8848
137.175.73.120:8848
137.175.73.121:8848
137.175.73.122:8848
137.175.73.123:8848
137.175.73.124:8848
137.175.73.125:8848
137.175.73.65:8848
137.175.73.66:8848
137.175.73.67:8848
137.175.73.68:8848
137.175.73.69:8848
137.175.73.70:8848
137.175.73.71:8848
137.175.73.72:8848
137.175.73.73:8848
137.175.73.74:8848
137.175.73.75:8848
137.175.73.76:8848
137.175.73.77:8848
137.175.73.78:8848
137.175.73.79:8848
137.175.73.80:8848
137.175.73.81:8848
137.175.73.82:8848
137.175.73.83:8848
137.175.73.84:8848
137.175.73.85:8848
137.175.73.86:8848
137.175.73.87:8848
137.175.73.88:8848
137.175.73.89:8848
137.175.73.90:8848
137.175.73.91:8848
137.175.73.92:8848
137.175.73.93:8848
137.175.73.94:8848
137.175.73.95:8848
137.175.73.96:8848
137.175.73.97:8848
137.175.73.98:8848
137.175.73.99:8848
137.175.77.100:8848
137.175.77.101:8848
137.175.77.102:8848
137.175.77.103:8848
137.175.77.104:8848
137.175.77.105:8848
137.175.77.106:8848
137.175.77.107:8848
137.175.77.108:8848
137.175.77.109:8848
137.175.77.110:8848
137.175.77.111:8848
137.175.77.112:8848
137.175.77.113:8848
137.175.77.114:8848
137.175.77.115:8848
137.175.77.116:8848
137.175.77.117:8848
137.175.77.118:8848
137.175.77.119:8848
137.175.77.120:8848
137.175.77.121:8848
137.175.77.122:8848
137.175.77.123:8848
137.175.77.124:8848
137.175.77.125:8848
137.175.77.65:8848
137.175.77.66:8848
137.175.77.67:8848
137.175.77.68:8848
137.175.77.69:8848
137.175.77.70:8848
137.175.77.71:8848
137.175.77.72:8848
137.175.77.73:8848
137.175.77.74:8848
137.175.77.75:8848
137.175.77.76:8848
137.175.77.77:8848
137.175.77.78:8848
137.175.77.79:8848
137.175.77.80:8848
137.175.77.81:8848
137.175.77.82:8848
137.175.77.83:8848
137.175.77.84:8848
137.175.77.85:8848
137.175.77.86:8848
137.175.77.87:8848
137.175.77.88:8848
137.175.77.89:8848
137.175.77.90:8848
137.175.77.91:8848
137.175.77.92:8848
137.175.77.93:8848
137.175.77.94:8848
137.175.77.95:8848
137.175.77.96:8848
137.175.77.97:8848
137.175.77.98:8848
137.175.77.99:8848
139.162.178.159:2003
147.78.103.197:4443
149.88.82.88:8888
154.248.27.182:1024
154.248.27.182:10258
154.248.27.182:10298
154.248.27.182:11112
154.248.27.182:11261
154.248.27.182:1200
154.248.27.182:12881
154.248.27.182:13760
154.248.27.182:15284
154.248.27.182:15443
154.248.27.182:16501
154.248.27.182:17150
154.248.27.182:1723
154.248.27.182:18082
154.248.27.182:18084
154.248.27.182:18245
154.248.27.182:18260
154.248.27.182:18351
154.248.27.182:19181
154.248.27.182:20547
154.248.27.182:2077
154.248.27.182:20815
154.248.27.182:2096
154.248.27.182:222
154.248.27.182:22222
154.248.27.182:2281
154.248.27.182:23
154.248.27.182:23019
154.248.27.182:2323
154.248.27.182:2434
154.248.27.182:25290
154.248.27.182:26350
154.248.27.182:2762
154.248.27.182:28983
154.248.27.182:28987
154.248.27.182:29144
154.248.27.182:319
154.248.27.182:3306
154.248.27.182:3318
154.248.27.182:33389
154.248.27.182:34365
154.248.27.182:34540
154.248.27.182:35062
154.248.27.182:36161
154.248.27.182:389
154.248.27.182:41115
154.248.27.182:41909
154.248.27.182:4369
154.248.27.182:445
154.248.27.182:46829
154.248.27.182:4840
154.248.27.182:49152
154.248.27.182:49664
154.248.27.182:5000
154.248.27.182:502
154.248.27.182:5060
154.248.27.182:5061
154.248.27.182:51445
154.248.27.182:52101
154.248.27.182:52200
154.248.27.182:53151
154.248.27.182:53419
154.248.27.182:55295
154.248.27.182:56512
154.248.27.182:56670
154.248.27.182:5672
154.248.27.182:56910
154.248.27.182:58000
154.248.27.182:5900
154.248.27.182:5905
154.248.27.182:6000
154.248.27.182:6001
154.248.27.182:6005
154.248.27.182:6006
154.248.27.182:6009
154.248.27.182:61616
154.248.27.182:61753
154.248.27.182:62422
154.248.27.182:62757
154.248.27.182:6697
154.248.27.182:6699
154.248.27.182:7704
154.248.27.182:8008
154.248.27.182:8010
154.248.27.182:8080
154.248.27.182:8159
154.248.27.182:830
154.248.27.182:831
154.248.27.182:888
154.248.27.182:9024
154.248.27.182:9508
154.248.27.182:993
154.248.27.182:995
159.65.235.56:9005
171.80.235.140:25565
172.207.236.31:8080
172.207.236.31:8848
177.255.88.222:8000
178.73.192.14:5000
178546cm.n9shteam3.top
179.13.4.37:8000
179.13.4.37:8010
185.241.225.213:3389
185.94.29.85:2222
190.70.119.188:4859
20.240.192.104:80
203.189.234.25:65503
210.56.49.230:8848
211.194.139.155:8080
266026cm.n9shteam3.top
330745cm.nyashkoon.top
339380cm.n9shteam3.top
34844.clmonth.nyashteam.ru
37.235.56.182:5000
38.180.25.208:8000
38.59.124.16:8848
38.59.124.49:8848
45.195.54.195:2558
45.61.132.242:443
45.63.56.64:1024
45.74.46.58:8848
45.77.65.118:1024
46.246.12.25:6000
46.246.12.25:8000
46.246.12.25:9000
46.246.12.2:8000
46.246.12.3:9000
46.246.14.12:6000
46.246.14.12:9000
46.246.14.16:6000
46.246.14.19:9000
46.246.4.24:9000
46.246.4.7:6000
46.246.4.7:8000
46.246.6.23:6000
46.246.6.23:8000
46.246.6.23:9000
46.246.6.5:3000
46.246.6.6:8000
46.246.80.2:6000
46.246.80.2:8000
46.246.80.7:8000
46.246.80.8:6000
46.246.80.8:8000
46.246.82.10:6000
46.246.82.10:8000
46.246.82.10:9000
46.246.82.14:6000
46.246.82.14:9000
46.246.82.21:6000
46.246.84.12:6000
46.246.84.12:8000
46.246.84.8:6000
46.246.84.8:8000
46.246.86.14:6000
46.246.86.14:8000
46.246.86.15:8000
46.246.86.15:9000
46.246.86.16:6000
46.246.86.7:9000
47.208.30.4:2222
47.238.162.247:65503
47.98.97.75:8848
470927cm.n9shteam3.top
49.1.239.101:8080
51.68.169.120:443
52.155.97.150:8080
53473cm.easyswap.space
54.37.74.73:8848
550515cm.n9shteam2.top
579050cm.nyashkoon.top
642229cm.n9shteam3.top
65.109.22.155:7777
729231cm.n9shteam1.top
759931cm.n9shteam1.top
78.142.245.78:8443
78.40.117.167:4444
796367cm.n9shteam2.top
8.130.69.96:8001
8.138.108.192:8848
8.210.250.14:6603
8.217.113.1:65503
8.217.14.132:65503
8.218.163.207:8848
815622cm.n9shteam3.top
822987529cm.whiteproducts.ru
83.229.87.144:8080
842614cm.n9shteam2.top
85.159.231.54:80
85.192.63.194:7777
87.120.84.220:8848
87.121.105.212:8848
91.92.249.117:3232
937039cm.n9shteam3.top
94.156.10.208:8848
94.156.10.31:8848
95.179.165.102:1024
956330cm.n9shteam2.top
967183cm.nyashkoon.top
98.66.160.134:8848
994609cm.n9shteam2.top
a0804818.xsph.ru
a0835675.xsph.ru
a0929453.xsph.ru
a0938829.xsph.ru
a0940040.xsph.ru
a0941925.xsph.ru
a0941979.xsph.ru
a0942630.xsph.ru
a0942660.xsph.ru
a0943092.xsph.ru
a0943999.xsph.ru
a0944507.xsph.ru
a0945069.xsph.ru
a0945627.xsph.ru
a0946931.xsph.ru
a0947008.xsph.ru
a0947291.xsph.ru
a0947994.xsph.ru
a0948305.xsph.ru
a0948640.xsph.ru
a0949002.xsph.ru
a0949311.xsph.ru
a0949502.xsph.ru
a0949584.xsph.ru
a0950024.xsph.ru
a0950683.xsph.ru
a0950998.xsph.ru
a0951137.xsph.ru
a0951158.xsph.ru
a0951334.xsph.ru
a0951529.xsph.ru
a0952196.xsph.ru
a0974467.xsph.ru
a0980477.xsph.ru
a0981008.xsph.ru
a0981341.xsph.ru
a0981474.xsph.ru
a0981582.xsph.ru
a0982032.xsph.ru
a0982114.xsph.ru
a0982137.xsph.ru
a0982456.xsph.ru
a0982894.xsph.ru
a0983585.xsph.ru
a0984236.xsph.ru
a0984678.xsph.ru
a0984800.xsph.ru
a0984984.xsph.ru
a0985701.xsph.ru
a0985859.xsph.ru
aery-messages.000webhostapp.com
betabag.top
budding-knives.000webhostapp.com
cj32434.tw1.ru
clientright.top
cn80908.tw1.ru
co29474.tw1.ru
cq77272.tw1.ru
cv76387.tw1.ru
cx53027.tw1.ru
cz24519.tw1.ru
cz63343.tw1.ru
dist2118.duckdns.org
easyswap.space
esdjasd.maxkrnldc.online
fanskrairg.temp.swtest.ru
fghjdtgujkjdgkdettygdbnbbn.000webhostapp.com
golovkcc.beget.tech
intopart.top
jewokfweteto.skibiteamx.top
mikilo39.beget.tech
minecrafthyipixel.xyz
objectiveci.top
porpabor.top
preachy-multiplex.000webhostapp.com
reallysrv.top
remotetable.top
skibiteamx.top
softworker.top
taketa.top
vladiez8.beget.tech
whiteproducts.ru
ytere.elementfx.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-06-02)

103.1.40.82:8848
172.111.174.67:8081
20.199.91.184:1024
46.246.12.11:6000
46.246.6.4:9000
46.246.80.15:6000
46.246.80.15:9000
46.246.86.18:9000
434778cm.n9shteam1.top
501046cm.n9shteam3.top
a0913612.xsph.ru
a0982426.xsph.ru
a0985805.xsph.ru
a0986534.xsph.ru
a0986754.xsph.ru
a0987339.xsph.ru
a0987361.xsph.ru
a0987707.xsph.ru
a0988934.xsph.ru
chernobyl-cheat.fun
optimal-expert.000webhostapp.com

# Reference: https://cert.gov.ua/article/6279561 (# UAC-0200)
# Reference: https://www.virustotal.com/gui/file/02d657729837838d18bbe6b4bae44cab0e6d3a357836d7cd6a9bb7288543facb/detection

http://188.245.50.32

# Reference: https://x.com/ScumBots/status/1798710029673222193
# Reference: https://www.virustotal.com/gui/file/5eef5607e73cbe3b62c0c4adf6ea924acc471de57e86f3f0b66fe8320d3fcdc9/detection

cvbnhgjh.duckdns.org
gfhfdhutr.duckdns.org
hbvcmrwe.duckdns.org

# Reference: https://www.virustotal.com/gui/file/4b6ae15c7b22a1e0d0cad2676c4e78226e8d8e1ecbdbb51b9fe17697451287d5/detection

http://77.91.77.51

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-06-08)

http://103.145.191.123
179.13.2.154:2250
222.239.101.244:8888
46.246.14.21:9000
46.246.86.19:9000
46.246.86.8:3000
333376cm.n9shteam1.top
a0988327.xsph.ru
a0988419.xsph.ru

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-06-12)

http://103.30.78.218
http://185.180.231.214
http://37.46.130.54
http://38.147.186.117
http://38.180.165.153
203.104.42.92:2233
45.157.233.27:2222
46.246.6.17:9000
46.246.86.17:6000
505732cm.n9shteam2.top
901329cm.n9shteam2.top
972464cm.nyashkoon.top
a0988426.xsph.ru
a0991129.xsph.ru
a0991200.xsph.ru
a0991246.xsph.ru
a0991598.xsph.ru
a0991799.xsph.ru
a0992229.xsph.ru
a0992445.xsph.ru
bbill.freehostpro.com
d1namias.beget.tech
egorostroux.000webhostapp.com
f0992583.xsph.ru
securitytransfer.top

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-06-16)

http://5.42.104.243
46.246.12.14:9000
46.246.4.13:8000
46.246.4.3:6000
46.246.4.3:9000
a0992098.xsph.ru
a0992844.xsph.ru
a0993016.xsph.ru
a0993204.xsph.ru
a0993445.xsph.ru
a0993651.xsph.ru
a0994027.xsph.ru
cq83230.tw1.ru
n9shteam1.top
196844cm.n9shteam1.top
751120cm.n9shteam2.top
l0sscommun.temp.swtest.ru

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-06-22)

http://103.30.78.8
http://212.57.118.94
171.80.217.247:25565
46.246.12.19:8000
46.246.4.12:8000
46.246.4.17:8000
46.246.84.24:9000
46.246.84.3:9000
91.92.248.143:1011
235566cm.n9shteam2.top
424673cm.n9shteam2.top
951669cm.n9shteam1.top
a0986195.xsph.ru
a0986288.xsph.ru
a0987400.xsph.ru
a0992097.xsph.ru
a0993996.xsph.ru
a0994533.xsph.ru
a0994622.xsph.ru
a0994812.xsph.ru
a0994900.xsph.ru
a0995122.xsph.ru
a0995485.xsph.ru
a0995598.xsph.ru
a0995830.xsph.ru
cq11142.tw1.ru
cudohub.ru
cz61028.tw1.ru
f0996251.xsph.ru
gotsuspended.000webhostapp.com
host1871899.hostland.pro
j282895d.beget.tech

# Reference: https://x.com/lontze7/status/1810175784872489463
# Reference: https://www.virustotal.com/gui/file/1bf9f5d49df45385cd8df0f6cfebb3b380b30a6f97e3894fe2f60ec76dc679a8/detection

93.115.10.211:1604

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s.csv

http://51.103.218.125
http://74.241.248.254
103.147.185.18:8848
121.127.232.86:443
121.127.232.87:443
121.127.232.88:443
143.92.60.11:9999
143.92.60.20:9999
143.92.60.22:9999
147.189.168.82:6002
162.212.158.246:22
162.212.158.246:443
171.80.249.15:25565
172.111.151.128:8081
179.13.4.125:8008
179.13.4.125:8010
185.169.54.165:7331
20.19.32.238:1024
20.19.36.45:1024
20.199.84.103:1024
206.238.42.216:8848
216.83.46.43:8080
4.233.217.53:1024
46.246.12.12:8000
46.246.14.16:2222
46.246.14.3:9000
46.246.14.9:8000
46.246.14.9:9000
46.246.4.17:9000
46.246.4.19:2222
46.246.4.2:9000
46.246.6.12:9000
46.246.6.14:2222
46.246.6.14:8000
46.246.6.16:8000
46.246.6.18:9000
46.246.6.5:2222
46.246.80.11:2222
46.246.80.18:8000
46.246.82.15:2222
46.246.82.17:8000
46.246.82.21:2222
46.246.82.21:9000
46.246.82.4:2222
46.246.84.17:2222
46.246.84.22:5000
46.246.84.25:8000
46.246.84.26:8000
46.246.84.29:9000
46.246.84.4:9000
46.246.86.10:2222
46.246.86.6:8000
81.69.247.188:8848

# Reference: https://www.validin.com/blog/practical_malware_infrastructure_discovery_with_pdns/

nyashka.top
000366cm.nyashka.top
023119cm.nyashka.top
040179cm.nyashka.top
078519cm.nyashka.top
080099cm.nyashka.top
082650cm.nyashka.top
114591cm.nyashka.top
120747cm.nyashka.top
126433cm.nyashka.top
169833cm.nyashka.top
183050cm.nyashka.top
186014cm.nyashka.top
193046cm.nyashka.top
196419cm.nyashka.top
199719cm.nyashka.top
208659cm.nyashka.top
228282cm.nyashka.top
234671cm.nyashka.top
271910cm.nyashka.top
281363cm.nyashka.top
306577cm.nyashka.top
309245cm.nyashka.top
314957cm.nyashka.top
318239cm.nyashka.top
335980cm.nyashka.top
344958cm.nyashka.top
357473cm.nyashka.top
363476cm.nyashka.top
373292cm.nyashka.top
388876cm.nyashka.top
398730cm.nyashka.top
445798cm.nyashka.top
483130cm.nyashka.top
513971cm.nyashka.top
519487cm.nyashka.top
545267cm.nyashka.top
574056cm.nyashka.top
578603cm.nyashka.top
585213cm.nyashka.top
596530cm.nyashka.top
631597cm.nyashka.top
640740cm.nyashka.top
660256cm.nyashka.top
664732cm.nyashka.top
673304cm.nyashka.top
728023cm.nyashka.top
737397cm.nyashka.top
759442cm.nyashka.top
760859cm.nyashka.top
790009cm.nyashka.top
796646cm.nyashka.top
843427cm.nyashka.top
859520cm.nyashka.top
868920cm.nyashka.top
870331cm.nyashka.top
910741cm.nyashka.top
911628cm.nyashka.top
940499cm.nyashka.top
947438cm.nyashka.top
949542cm.nyashka.top
973845cm.nyashka.top

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-08-10)

http://146.19.128.52
http://149.154.66.1
http://172.187.227.79
http://178.208.86.27
http://178.250.158.121
http://185.146.157.164
http://185.177.59.141
http://185.244.219.53
http://194.26.232.193
http://194.58.103.90
http://194.58.42.154
http://194.87.145.83
http://213.159.64.146
http://217.28.222.194
http://5.42.104.244
http://62.109.18.87
http://62.109.22.14
http://87.251.77.55
http://89.208.14.64
http://89.23.97.228
http://92.63.101.139
http://92.63.193.127
http://94.156.67.121
http://94.228.166.75
101.43.47.165:4449
103.144.240.21:8888
103.244.226.241:65503
103.244.226.252:65503
104.156.247.38:9090
107.149.163.118:8080
117.18.12.93:8880
123.60.58.162:90
144.172.76.78:443
154.205.147.125:60000
154.212.146.156:65503
154.212.146.175:65503
156.251.137.156:8888
157.20.182.100:4449
157.20.182.101:4449
157.20.182.172:3232
165.154.224.19:4449
185.121.169.214:65503
192.197.113.223:65503
192.248.163.171:10066
20.205.58.253:8880
39.99.206.34:8880
46.246.12.22:5000
46.246.4.19:9090
46.246.6.11:9090
46.246.6.13:2121
46.246.6.13:5000
46.246.6.9:5000
46.246.82.24:8000
46.246.86.17:5000
47.148.68.129:8197
47.238.143.105:8443
47.238.183.60:65503
47.238.194.61:65503
47.238.38.102:65503
47.242.122.228:65503
47.243.187.196:65503
47.243.233.199:65503
47.76.105.152:65503
47.76.98.21:65503
51.89.253.9:7878
59.27.223.225:443
8.217.13.16:65503
8.217.215.116:65503
8.218.129.126:65503
8.218.235.124:65503
91.92.255.91:3232
94.156.79.231:2011
024460cm.n9shteam2.top
034928cm.n9shteam2.top
040943cm.n9shteam2.top
041018cm.n9shteam2.top
047138cm.n9shteam2.top
054717cm.n9shteam3.top
072212cm.nyashsens.top
080864cm.n9shteam2.top
096241cm.n9shteam2.top
112880cm.n9shteam2.top
113313cm.n9shteam2.top
115583cm.n9shteam2.top
118621cm.n9shteam2.top
126776cm.nyashsens.top
130727cm.n9shteam2.top
152810cm.nyashka.top
173920cm.n9shteam2.top
182785cm.n9shteam3.top
206481cm.n9shteam2.top
218629cm.n9shteam2.top
226037cm.n9shteam2.top
234540cm.n9shteam2.top
241622cm.n9shteam1.top
256435cm.n9shteam2.top
266468cm.nyashka.top
272450cm.n9shteam2.top
283743cm.nyashka.top
284739cm.n9shteam3.top
288583cm.n9shteam2.top
297037cm.n9shteam2.top
306003cm.n9shteam2.top
314172cm.n9shteam2.top
318907cm.n9shteam2.top
327882cm.nyashsens.top
338453cm.n9shteam2.top
351866cm.n9shteam2.top
356137cm.n9shteam2.top
367191cm.n9shteam2.top
373430cm.n9shteam2.top
378418cm.n9shteam2.top
382119cm.n9shteam2.top
411260cm.nyashka.top
415566cm.n9shteam2.top
417847cm.nyashsens.top
429517cm.nyashka.top
445443cm.n9shteam2.top
452132cm.n9shteam2.top
462708cm.n9shteam2.top
463281cm.n9shteam2.top
466037cm.n9shteam2.top
466329cm.n9shteam2.top
473366cm.n9shteam2.top
474452cm.n9shteam2.top
476258cm.n9shteam2.top
478925cm.n9shteam2.top
484997.prohoster.biz
485006.prohoster.biz
502647cm.n9shteam2.top
545735cm.n9shteam2.top
596048cm.n9shteam2.top
621287cm.n9shteam2.top
625492cm.n9shteam2.top
651186lm.nyashmyash.top
656709cm.n9shteam2.top
677846cm.n9shteam2.top
722659cl.nyashtop.top
741211cm.n9shteam2.top
782652cm.n9sh.top
784334cm.n9shteam2.top
791660cm.n9shteam2.top
797441cm.n9shteam2.top
800453cm.n9shteam2.top
810755cm.n9shteam2.top
812375cm.nyashkoon.top
815156cm.n9shteam2.top
826969cm.n9shteam2.top
849188cm.nyashka.top
851594cm.n9shteam2.top
865461cm.n9shteam2.top
913987cm.n9shteam2.top
918938cm.n9shteam2.top
931740cm.n9shteam2.top
93752cm.darkproducts.ru
946663cm.n9shteam2.top
a0798240.xsph.ru
a0988574.xsph.ru
a0988906.xsph.ru
a0990027.xsph.ru
a0990904.xsph.ru
a0992484.xsph.ru
a0994587.xsph.ru
a0995213.xsph.ru
a0995880.xsph.ru
a0996046.xsph.ru
a0996099.xsph.ru
a0996277.xsph.ru
a0996330.xsph.ru
a0996803.xsph.ru
a0996805.xsph.ru
a0997029.xsph.ru
a0997172.xsph.ru
a0997235.xsph.ru
a0997287.xsph.ru
a0997452.xsph.ru
a0997464.xsph.ru
a0997564.xsph.ru
a0997621.xsph.ru
a0997718.xsph.ru
a0998491.xsph.ru
a0998535.xsph.ru
a0998701.xsph.ru
a0998722.xsph.ru
a0998768.xsph.ru
a0998803.xsph.ru
a0998834.xsph.ru
a0998932.xsph.ru
a0999045.xsph.ru
a0999075.xsph.ru
a0999252.xsph.ru
a0999337.xsph.ru
a0999396.xsph.ru
a0999665.xsph.ru
a0999723.xsph.ru
a0999792.xsph.ru
a0999840.xsph.ru
a0999929.xsph.ru
a1000048.xsph.ru
a1000056.xsph.ru
a1000330.xsph.ru
a1000383.xsph.ru
a1000454.xsph.ru
a1000492.xsph.ru
a1001668.xsph.ru
a1002079.xsph.ru
a1002185.xsph.ru
a1002962.xsph.ru
a1003569.xsph.ru
a1003574.xsph.ru
a1004647.xsph.ru
a1005337.xsph.ru
a1005682.xsph.ru
a1005850.xsph.ru
a1005873.xsph.ru
a1006461.xsph.ru
a1006920.xsph.ru
a1007516.xsph.ru
a1008223.xsph.ru
a1008296.xsph.ru
a1008315.xsph.ru
a1008817.xsph.ru
a1008986.xsph.ru
a1009043.xsph.ru
a1009060.xsph.ru
a1009150.xsph.ru
a1009608.xsph.ru
a1010381.xsph.ru
a1010630.xsph.ru
a1010765.xsph.ru
a1011033.xsph.ru
a1011177.xsph.ru
a1011239.xsph.ru
a1011347.xsph.ru
a1011643.xsph.ru
a1011702.xsph.ru
a1011924.xsph.ru
a1012110.xsph.ru
a1012449.xsph.ru
a1013249.xsph.ru
a1013311.xsph.ru
a1013404.xsph.ru
a1013814.xsph.ru
abort.top
an.cloudto.ru
animefull.atwebpages.com
antivirusaway.top
article-coal.gl.at.ply.gg
bakusw0t.beget.tech
bedabeda.top
boldenis44.top
cb22792.tw1.ru
cb87290.tw1.ru
cc53534.tw1.ru
cd40479.tw1.ru
cf30785.tw1.ru
cg69956.tw1.ru
cg99620.tw1.ru
ci15096.tw1.ru
ck66916.tw1.ru
cl14041.tw1.ru
cl71096.tw1.ru
co30059.tw1.ru
co44847.tw1.ru
code-yandex.ru
coolray.top
cp34023.tw1.ru
cp57330.tw1.ru
cp57435.tw1.ru
cr47539.tw1.ru
cr55307.tw1.ru
cr94982.tw1.ru
ct54429.tw1.ru
cu12485.tw1.ru
cu82103.tw1.ru
cv10369.tw1.ru
cw35214.tw1.ru
cx76022.tw1.ru
cy61024.tw1.ru
cy70322.tw1.ru
cz28920.tw1.ru
cz36357.tw1.ru
cz41806.tw1.ru
cz45007.tw1.ru
cz61492.tw1.ru
f0979909.xsph.ru
f0999104.xsph.ru
f0999105.xsph.ru
f0999297.xsph.ru
f0999352.xsph.ru
f1002548.xsph.ru
f1003430.xsph.ru
f1006727.xsph.ru
f1007612.xsph.ru
f1010716.xsph.ru
f1011238.xsph.ru
fqq121.beget.tech
frrvoavx.beget.tech
fsin.top
hendai.top
kolasau6.beget.tech
loxlas.000webhostapp.com
main-although.gl.at.ply.gg
mortilove9.temp.swtest.ru
novatek.top
offsetupdater.top
ozero.top
papka.top
podval.top
romangw5.beget.tech
sogaz.top
testprogs.shop
unsight-pistons.000webhostapp.com
uwuerkz9.beget.tech
yenot.top

# Reference: https://x.com/banthisguy9349/status/1824132183889678795

http://147.45.44.145

# Reference: https://www.virustotal.com/gui/file/208d29a5abf1c101de44f416464e50a9c8bbe85fc2359e286b180b57e862d760/detection

n9sh.top
798167cm.n9sh.top
/providerVmpollServer.php

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-0818)

178.73.192.10:5000
178.73.192.6:5000
178.73.218.16:5000
179.13.4.125:8013
46.246.12.18:5000
46.246.12.19:5000
46.246.12.7:9000
46.246.14.17:5000
46.246.14.17:9000
46.246.14.21:9090
46.246.4.13:5000
46.246.4.14:9090
46.246.6.12:5000
46.246.6.7:2121
46.246.80.13:5000
46.246.80.14:8000
46.246.80.22:9000
46.246.82.24:4040
46.246.82.26:5000
46.246.84.13:5060
46.246.84.19:9000
46.246.84.20:5000
46.246.86.11:5000
46.246.86.13:9090
5.238.25.214:22

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-08-18)

149387cm.n9sh.top
376294cm.n9sh.top
396218cm.n9shteam1.top
423836cm.nyashsens.top
613761cm.n9shteam1.top
764337cm.nyashsens.top
a1013213.xsph.ru
a1017163.xsph.ru
cd45046.tw1.ru
cg01126.tw1.ru
ck93874.tw1.ru
knafi2hc.beget.tech

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-08-24)

http://20.90.89.160
http://210.126.67.141
http://4.235.120.231
147.45.44.58:7777
179.13.4.53:8081
188.126.90.26:5000
193.233.74.21:7777
193.233.74.94:7777
46.246.12.10:9000
46.246.14.15:3000
46.246.14.15:5000
46.246.4.16:9000
46.246.4.18:9090
46.246.80.20:9090
46.246.82.13:5000
46.246.82.14:5000
46.246.84.12:5000

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-08-25)

http://147.45.228.97
http://147.45.44.51
http://185.188.183.218
http://89.23.100.125
011949cm.n9sh.top
097430cm.n9sh.top
120555cm.n9sh.top
248810cm.n9sh.top
389075cm.n9sh.top
494375cm.n9sh.top
509349cm.n9sh.top
572335cm.n9sh.top
826430cl.nyashtop.top
941699cm.nyashsens.top
996175cm.nyashka.top
a0929423.xsph.ru
a1016039.xsph.ru
a1017117.xsph.ru
a1018296.xsph.ru
a1018688.xsph.ru
a1019243.xsph.ru
a1019427.xsph.ru
a1019796.xsph.ru
agusha.top
alp901g7.beget.tech
cb23294.tw1.ru
cb34021.tw1.ru
ce63117.tw1.ru
cf11739.tw1.ru
cg77726.tw1.ru
ci54113.tw1.ru
cj11210.tw1.ru
ck96248.tw1.ru
cl35792.tw1.ru
co74548.tw1.ru
cx46156.tw1.ru
cz23272.tw1.ru
dmitreku.beget.tech
dongga.beget.tech
f1009203.xsph.ru
f1019804.xsph.ru
f1020631.xsph.ru
fizika.top
gopfopj6.beget.tech
i3557434gm.temp.swtest.ru
leroplan.beget.tech
nekto2wj.beget.tech
pw190.castledev.ru
qfedorpmai.temp.swtest.ru
qweqwe9i.beget.tech
shizofrenia.top
volki.top

# Reference: https://www.virustotal.com/gui/file/70d06001f1172ce35fa5af56f7b6adb3800251ab9dfafcb8e1dc039300ff8952/detection

http://89.22.230.240

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-07)

http://20.151.56.117
http://4.204.24.194
http://4.248.59.179
119.91.157.193:8848
154.216.17.18:22078
178.73.192.20:5000
207.246.99.14:1024
23.237.106.58:9999
23.237.106.59:9999
23.237.106.60:9999
23.237.106.62:9999
27.124.45.77:8848
46.246.12.9:5000
46.246.4.10:5000
46.246.4.3:5000
46.246.4.4:5000
46.246.6.6:8080
46.246.6.6:9090
46.246.80.11:5000
46.246.80.16:4040
46.246.80.17:5000
46.246.80.7:5000
46.246.82.14:4040
46.246.84.12:8080
46.246.84.15:9000
46.246.84.4:5000
46.246.86.12:8000
46.246.86.16:8000
46.246.86.20:8080
46.246.86.2:9090
46.246.86.5:5000
94.156.68.149:25565

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-09-08)

http://121.199.58.53
http://185.106.93.197
http://188.120.227.56
http://193.233.203.181
http://45.14.165.5
http://45.93.9.248
http://91.214.78.75
http://92.63.98.227
http://94.158.244.70
101.99.94.128:3232
111.230.96.32:8848
123.249.104.74:8848
125.124.181.56:22
154.216.17.18:22077
154.44.26.105:8848
159.65.169.173:8181
176.96.138.192:2222
182.188.47.2:7777
185.146.88.217:1024
193.233.203.181:1194
193.233.203.181:443
202.228.199.54:2323
209.126.4.168:8848
43.199.93.110:4433
45.14.165.5:1194
45.14.165.5:443
45.93.9.248:1194
45.93.9.248:443
47.120.52.176:8848
47.242.234.131:8848
51.77.103.216:8520
51.81.168.153:2000
54.94.248.37:11978
78.135.83.58:6666
80.76.49.178:3232
857728cm.n9sh.top
89.105.201.98:4443
89.105.201.98:4444
89.105.201.98:8080
89.105.201.98:8090
91.193.18.135:1194
91.193.18.135:443
91.92.246.196:8080
222725cm.n9shka.top
290277cm.nyashkoon.top
304550cm.n9shka.top
334972cm.n9shka.top
380681cm.n9shka.top
426314cm.n9sh.top
438772cm.n9shka.top
621196cl.nyashtop.top
671893cm.n9shka.top
692143cm.n9shka.top
728996cm.n9sh.top
732376cm.nyashkoon.top
917166cm.n9shka.top
921773cm.n9sh.top
966193cm.n9shka.top
a1009742.xsph.ru
a1014692.xsph.ru
a1020713.xsph.ru
a1021235.xsph.ru
a1021266.xsph.ru
a1021292.xsph.ru
a1023624.xsph.ru
a1023737.xsph.ru
a1024319.xsph.ru
a1024868.xsph.ru
baevanbw.beget.tech
cb41196.tw1.ru
ce73945.tw1.ru
ce80336.tw1.ru
cm17453.tw1.ru
co60610.tw1.ru
cq96782.tw1.ru
cu14777.tw1.ru
cv30339.tw1.ru
cv79241.tw1.ru
cw67355.tw1.ru
cz38275.tw1.ru
did1.uebki.one
f1017118.xsph.ru
f1022242.xsph.ru
gugol.top
hvatit.top
ludocju4.beget.tech
mamka.top
mioww.uebki.one
moscowteslaclub.top
n9shka.top
okidoki.top
otkaz.top
rbgamer-filespro.ru
rtx4090.top
uebki.one

# Reference: https://www.virustotal.com/gui/file/3bdd649201ba70b2484745554f2f008fc76862312375e4913b1774dd29445ac9/detection

185.241.208.90:8848

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-14)

http://185.203.241.115
http://4.233.193.26
136.244.80.89:1024
148.113.165.11:4242
217.195.197.55:1604
45.77.179.49:8443
46.246.12.15:5000
46.246.12.5:5000
46.246.14.16:5000
46.246.80.13:8080
46.246.80.13:9090
46.246.80.22:9090
46.246.82.8:8000
46.246.84.17:9090
94.156.65.202:1337

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-22)

102.186.190.17:8080
124.221.231.247:8848
185.216.71.46:7777
188.126.90.5:5000
45.77.66.31:1024
46.246.12.23:9000
46.246.14.24:5000
46.246.4.17:9090
46.246.80.17:4040
46.246.82.10:5000
46.246.84.12:9000

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-09-22)

http://31.177.108.211
http://45.154.99.246
http://89.208.79.252
103.74.101.154:4449
124.221.231.247:8848
159.69.241.51:2011
185.216.71.46:7777
188.126.90.5:5000
197.60.80.16:4444
217.195.197.230:1604
39.50.160.221:6906
45.77.66.31:1024
46.246.12.23:9000
46.246.14.24:5000
46.246.4.17:9090
46.246.80.17:4040
46.246.82.10:5000
46.246.84.12:9000
65.38.120.76:8080
77.0.77.52:10000
20789cm.darkproducts.ru
292192cl.nyashtop.top
383852cm.n9shka.top
468198cl.nyashtop.top
598828cm.n9shka.top
696969cm.n9shka.top
a1017742.xsph.ru
a1028861.xsph.ru
a1030351.xsph.ru
a1031033.xsph.ru
cd73139.tw1.ru
cn54248.tw1.ru
cq36570.tw1.ru
f1019049.xsph.ru
govnos3z.beget.tech
naratnik888.whf.bz
/vm_httpUpdateAuthsqlWp.php

# Reference: https://x.com/Gi7w0rm/status/1838836517013233815
# Reference: https://www.virustotal.com/gui/file/e9450aa208965d3e3d5efccf2fd9ae3642abcdede294d5dee508a0ca626c039e/detection

190.9.223.135:8848
191.98.25.251:8848
192.169.69.26:8848
dcrat2024.duckdns.org

# Reference: https://www.virustotal.com/gui/file/677b4709af196f4218f038449bd9959a7fe63b2ee2554e69879c04bfaa7e191c/detection

209.105.248.135:6060
centrodecontrol2050.duckdns.org
respaldo2.duckdns.org

# Reference: https://www.netskope.com/blog/dcrat-targets-users-with-html-smuggling
# Reference: https://github.com/netskopeoss/NetskopeThreatLabsIOCs/tree/main/Malware/DCRat/IOCs
# Reference: https://www.virustotal.com/gui/file/763c1f21d22b7215d36e2dbd52d141d71d9e540c19f631f63f151c283b91f0d8/detection

cr87986.tw1.ru

# Reference: https://www.virustotal.com/gui/ip-address/80.211.144.156/relations (# 2024-09-29)
# Reference: https://www.virustotal.com/gui/file/4f9c83cd1a87d23bee4377b34806e9fc669aac598db042f4b98bac1a00359a7d/detection

002806cm.nyashka.top
002944cm.nyashland.top
003958cm.nyashland.top
004649m.dccrk.top
005185cm.nyashsens.top
005334cm.nyashsens.top
005662cm.n9shteam3.top
005664cm.nyashnyash.top
006122cm.n9shka.top
006765cm.nyashkoon.top
010239cm.nyashland.top
011966cm.n9sh.top
012257cm.nyashnyash.top
012909cm.n9shka.top
013230cm.nyashland.top
016502cm.n9shteam1.top
017731cm.nyashsens.top
017766cm.nyashland.top
018910cm.n9shteam1.top
021473ll.nyashmyash.top
027243cm.nyashland.top
027582cm.n9shteam1.top
027715cm.n9shteam3.top
029179cm.nyashland.top
029604cm.n9shteam1.top
036108cm.n9shteam3.top
036935cm.nyashsens.top
040948cm.nyashcrack.top
041240cm.nyashkoon.top
041510cm.n9shteam1.top
041833lm.nyashmyash.top
043122cm.n9shteam1.top
043159cm.n9shteam1.top
043409cm.nyashkoon.top
043460cm.nyashcrack.top
044849lm.nyashkoon.top
045412lm.nyashmyash.top
046827cm.n9shteam1.top
048229cm.n9shteam3.top
048363cm.nyashka.top
049939cm.nyashcrack.top
054885cm.nyashsens.top
056446cm.nyashkoon.top
056618cm.nyashsens.top
056973lm.nyashnyash.top
058828cm.nyashcrack.top
059221cm.nyashcrack.top
061636cm.nyashnyash.top
061657cm.nyashkoon.top
063428cm.nyashsens.top
068166cm.n9sh.top
068654lm.nyashmyash.top
072585cm.n9shteam1.top
072638cm.nyashtyan.top
073218cm.n9shka.top
074212cm.nyashcrack.top
078417cm.nyashkoon.top
080456cm.nyashka.top
080467lm.nyashnyash.top
083053cm.nyashnyash.top
086192cm.nyashcrack.top
088312lm.nyashkoon.top
088347lm.nyashmyash.top
089429cm.n9shteam3.top
092152cm.nyashmyash.top
092655cm.n9shteam3.top
095414lm.nyashmyash.top
095845cm.nyashnyash.top
096931cm.nyashsens.top
098042cm.n9shteam1.top
099209cm.nyashcrack.top
101344cm.n9shteam3.top
103841cm.nyashka.top
105187cm.nyashtech.top
105833lm.nyashmyash.top
107364cm.nyashkoon.top
107683ll.nyashmyash.top
119719cm.nyashkoon.top
120706cm.nyashsens.top
123848cm.n9shka.top
124027m.dccrk.top
126613cm.nyashkoon.top
126810cm.n9sh.top
127733cm.nyashkoon.top
128293cm.n9shteam3.top
128441m.dccrk.top
128538cm.n9shteam3.top
128929lm.nyashmyash.top
133727cm.nyashnyash.top
134716lm.nyashnyash.top
136337cm.n9shteam3.top
141217cm.n9shteam3.top
142716cm.n9shka.top
146217cm.n9shteam1.top
146348cm.n9shteam1.top
14655m.dccrk.top
153039cm.nyashkoon.top
153912m.dccrk.top
155054cm.n9shteam1.top
155560cm.n9shteam1.top
156359cm.n9shka.top
156704cm.n9shteam1.top
157306cm.nyashkoon.top
157949cm.nyashmyash.top
159893lm.nyashnyash.top
165767cm.nyashka.top
166970cm.n9sh.top
167463cm.nyashsens.top
167731cm.n9shteam1.top
169394cm.n9shka.top
169981cm.n9shteam1.top
171470cm.nyashkoon.top
172454cm.nyashnyash.top
172515cm.nyashnyash.top
175353cm.nyashnyash.top
175635cm.nyashkoon.top
176706cm.n9shteam1.top
180495cm.nyashsens.top
186255m.dccrk.top
187368cm.nyashland.top
195007cm.n9shteam3.top
195015cm.nyashsens.top
197771cm.nyashkoon.top
197816m.dccrk.top
198908cm.n9shteam1.top
199058m.dccrk.top
200616cm.n9shteam3.top
205351cm.nyashnyash.top
206171cm.nyashcrack.top
206407cm.nyashmyash.top
207872cm.nyashsens.top
209730cm.nyashsens.top
209808cm.n9sh.top
211277cm.nyashland.top
211648cm.nyashsens.top
213695cm.nyashka.top
218200cm.nyashkoon.top
218772cm.nyashtyan.top
223233lm.nyashsens.top
226723cm.nyashnyash.top
229261cl.nyashtop.top
233416cm.n9shteam3.top
23412lm.aidvwbpa.top
234478cm.nyashland.top
234783cm.n9shteam3.top
238891cm.n9shteam1.top
241746cm.n9sh.top
242106cm.nyashtech.top
244576m.dccrk.top
245918cm.n9sh.top
246693cm.nyashkoon.top
250259cm.nyashcrack.top
250317cm.n9sh.top
251891cm.n9shteam3.top
253965m.dccrk.top
256705cm.nyashkoon.top
257270cm.nyashnyash.top
258345cm.nyashmyash.top
258414cm.n9shka.top
262155cm.nyashtyan.top
267581cm.nyashkoon.top
267991cm.n9shka.top
268064cm.n9shteam3.top
273604lm.nyashkoon.top
274249cm.n9shteam3.top
275877cm.n9sh.top
276067lm.nyashkoon.top
278375cm.nyashland.top
278494cm.nyashnyash.top
280023cm.n9shteam1.top
282697cm.nyashcrack.top
285935lm.nyashnyash.top
286420cm.nyashland.top
287013lm.nyashmyash.top
287327lm.nyashkoon.top
288263cm.n9shteam3.top
289259cm.nyashkoon.top
290693cm.nyashtyan.top
293709cm.n9sh.top
294401cm.n9shteam1.top
295615cm.nyashkoon.top
297701cm.n9shka.top
298518cm.n9shteam3.top
299962cm.nyashsens.top
300276cm.n9sh.top
301152cm.nyashkoon.top
303449cm.nyashka.top
305701cm.n9shteam1.top
306039cm.nyashcrack.top
310095cm.nyashkoon.top
311291cm.nyashcrack.top
314657lm.nyashmyash.top
315162cm.n9shteam3.top
316897cm.newnyash.top
317140cm.nyashkoon.top
318874cm.n9sh.top
319983cm.n9sh.top
322879lm.nyashmyash.top
322914cm.nyashland.top
328737cm.n9shteam1.top
330350cm.n9shteam1.top
330785cm.nyashtech.top
334188cm.n9sh.top
341549cm.n9shteam2.top
345435cm.nyashland.top
346560cm.nyashkoon.top
347760cm.nyashnyash.top
34897cm.nyashland.top
349786cl.nyashtop.top
350575cm.nyashland.top
351450cm.n9shteam3.top
353501cm.n9shteam1.top
353735lm.nyashmyash.top
353915cm.n9shteam3.top
354690cm.n9shka.top
356753cm.nyashkoon.top
360427cm.n9shka.top
365011cm.nyashnyash.top
365908m.dccrk.top
365939cm.n9shteam1.top
368031cm.nyashland.top
368271cm.nyashcrack.top
370270cm.n9shteam3.top
370946cm.nyashtyan.top
373563cm.nyashland.top
374286cm.n9shteam3.top
374865cm.nyashcrack.top
376136cm.nyashkoon.top
377950cm.n9shteam1.top
379803cm.nyashland.top
380905cm.nyashnyash.top
385725cm.nyashkoon.top
387617cm.nyashkoon.top
391369cm.nyashnyash.top
391685cm.nyashkoon.top
395882cm.nyashtyan.top
396046lm.nyashsens.top
396388cm.nyashcrack.top
398029cm.nyashkoon.top
399327lm.nyashsens.top
399491cm.nyashcrack.top
402523cm.nyashland.top
402951cm.nyashtyan.top
404705cm.n9shteam1.top
406577cm.n9shteam1.top
407575cm.nyashmyash.top
407916cm.n9shka.top
409728cm.nyashkoon.top
411434cm.nyashsens.top
413466cm.n9shteam2.top
413955cm.nyashtyan.top
414436cm.n9shteam3.top
414636cm.n9sh.top
414792cm.n9shteam3.top
415366cm.nyashka.top
417012lm.nyashmyash.top
417668cm.nyashka.top
418257cm.n9shteam1.top
423159cm.nyashsens.top
424983cm.nyashkoon.top
429625cm.nyashcrack.top
429680cm.n9shteam1.top
430236lm.nyashmyash.top
432581cm.nyashkoon.top
438288cl.nyashtop.top
439157cm.n9shteam1.top
439875cm.nyashnyash.top
441160cm.n9shka.top
442883cm.n9shka.top
443056cm.nyashtyan.top
445742cm.nyashsens.top
446068cm.nyashsens.top
449040cm.n9shteam1.top
450314cm.n9shteam1.top
451203cm.n9shka.top
452568lm.nyashmyash.top
454189cm.nyashkoon.top
454374cm.nyashsens.top
454431cm.n9sh.top
456424cm.n9sh.top
457041cm.nyashnyash.top
464287lm.nyashmyash.top
464701m.dccrk.top
465584cm.nyashnyash.top
468841cm.nyashkoon.top
469208m.dccrk.top
472704cm.n9shteam1.top
473941cm.n9shteam1.top
476072cm.nyashsens.top
477102cm.nyashkoon.top
478225cm.nyashnyash.top
478712cm.n9shteam1.top
479898cm.nyashsens.top
479926cm.n9shteam1.top
480666cm.n9sh.top
481374cm.nyashsens.top
484393cm.nyashtyan.top
486630lm.nyashnyash.top
488150cm.n9sh.top
488417cm.n9shteam1.top
491131cm.n9shteam1.top
492028lm.nyashsens.top
495626cm.nyashcrack.top
496238cm.nyashland.top
498288cm.nyashsens.top
498984cm.nyashland.top
499862cl.nyashmyash.top
503213m.dccrk.top
508474cm.nyashland.top
510061cm.nyashkoon.top
510978lm.nyashnyash.top
512325cm.nyashcrack.top
512795cm.n9sh.top
519519cm.n9sh.top
519600cl.nyashtop.top
522815cm.n9shteam1.top
523027lm.nyashmyash.top
523185cm.nyashtyan.top
525632cm.nyashsens.top
528238cm.nyashkoon.top
529258cm.n9shka.top
531054cm.nyashland.top
531423cm.nyashnyash.top
531481cm.nyashtyan.top
533577cm.nyashcrack.top
535700cl.nyashtop.top
539545m.dccrk.top
540137cm.nyashsens.top
541396cm.nyashnyash.top
542032cm.nyashcrack.top
543888cl.nyashtop.top
544147cm.nyashtyan.top
546474cm.nyashland.top
547186cm.n9shteam1.top
549578cm.n9sh.top
550074lm.nyashkoon.top
552906cm.n9shteam1.top
555661cm.nyashcrack.top
556462cm.nyashnyash.top
556822cm.n9shteam1.top
560135cm.n9shteam1.top
560216cm.n9shteam2.top
562581cm.n9shteam1.top
565138cm.n9shteam1.top
567146cm.nyashcrack.top
567331cm.n9shka.top
568547cm.nyashkoon.top
571019cm.n9shteam1.top
572810cm.nyashkoon.top
573932cm.nyashkoon.top
573936cm.nyashmyash.top
574565cm.renyash.top
576138cm.nyashkoon.top
576585cm.n9shteam1.top
576919cm.nyashcrack.top
577072cm.n9shteam1.top
583538cm.nyashsens.top
583784cm.n9shka.top
585362lm.nyashkoon.top
586238cm.n9shteam3.top
587986cm.n9shteam2.top
588842cl.nyashmyash.top
590908cm.nyashka.top
591416cm.n9shteam3.top
592065m.dccrk.top
592486cm.nyashka.top
593011cm.nyashsens.top
594712cm.nyashkoon.top
595506cm.n9shka.top
595918cm.nyashkoon.top
598239cm.n9shteam1.top
601693cm.nyashkoon.top
602463cm.nyashsens.top
604164cm.n9shteam3.top
607896cm.nyashsens.top
608901cm.nyashland.top
613809lm.nyashkoon.top
614818cm.n9shteam1.top
615994cm.nyashnyash.top
617866cm.nyashkoon.top
618628cm.nyashcrack.top
619697cm.n9sh.top
619757cm.nyashnyash.top
621756cm.n9shteam1.top
626299cm.nyashcrack.top
628902cm.nyashcrack.top
631047cm.n9shka.top
632976cm.n9shteam1.top
633618cm.n9shteam1.top
636906cm.nyashsens.top
637472cm.nyashcrack.top
638220cm.n9shteam1.top
638250cm.nyashnyash.top
641489cm.nyashcrack.top
644143cm.nyashkoon.top
644882lm.nyashsens.top
645446cm.n9shteam1.top
646667lm.nyashkoon.top
649987cm.nyashcrack.top
651949lm.nyashkoon.top
652739cm.nyashcrack.top
657001cm.nyashsens.top
657896cm.nyashkoon.top
658966cm.n9shka.top
659257cm.n9shteam1.top
659417cm.nyashka.top
661549cm.n9shteam3.top
662675cm.n9shteam3.top
663715cm.n9shteam2.top
664930cm.n9shka.top
666497cm.nyashnyash.top
668798cm.nyashsens.top
669630cm.n9shteam1.top
671550cm.n9shteam1.top
672971cm.nyashkoon.top
674341cm.n9shteam3.top
679335cm.n9shteam1.top
680690cm.n9shteam1.top
680736cm.n9sh.top
682036lm.nyashmyash.top
684248cm.nyashcrack.top
684288lm.nyashsens.top
686694m.dccrk.top
687155cm.n9shteam1.top
688096cm.nyashcrack.top
690000cm.n9shteam3.top
690038lm.nyashkoon.top
690769cm.nyashtyan.top
692215cm.n9sh.top
694478cm.n9shteam1.top
695776cm.nyashka.top
695867cm.nyashnyash.top
695928cm.nyashland.top
696588cm.nyashland.top
697028cm.nyashcrack.top
697469cm.nyashsens.top
698257cm.n9shteam1.top
699671cm.nyashnyash.top
699837cm.nyashtech.top
7007lc.nyashkoon.top
700908cm.nyashkoon.top
701541cm.nyashka.top
702684cm.n9shteam1.top
703115ll.nyashmyash.top
703506cm.n9shteam1.top
706391lm.nyashsens.top
706812ll.nyashmyash.top
707078cm.n9shteam1.top
707500cm.n9shteam1.top
710734m.dccrk.top
710998cm.n9shteam1.top
712600cm.nyashland.top
717182cm.nyashland.top
718244cm.nyashsens.top
720466cm.nyashnyash.top
724156cm.nyashland.top
724714cm.nyashnyash.top
729538lm.nyashnyash.top
730980cm.nyashland.top
730994cm.n9sh.top
731065cm.n9shteam3.top
736021cm.n9shteam1.top
737201cm.nyashsens.top
737484cm.nyashsens.top
741402cm.nyashkoon.top
742667cm.n9shteam1.top
743919cm.nyashtyan.top
749312cm.nyashnyash.top
749563cm.n9shka.top
750538cm.n9shka.top
752518cm.nyashmyash.top
756451cm.n9shteam1.top
756772cm.n9shteam3.top
757221cm.nyashkoon.top
758069cm.nyashka.top
758936cm.newnyash.top
761245cm.nyashcrack.top
762229cm.nyashkoon.top
762250cm.nyashkoon.top
762449cl.nyashmyash.top
763167cl.nyashmyash.top
763927cm.n9sh.top
764133cm.nyashkoon.top
767348cm.n9shteam3.top
767361m.dccrk.top
768237cm.nyashtyan.top
772131cm.nyashsens.top
773531cm.nyashsens.top
776854cm.nyashnyash.top
777019cm.nyashland.top
778617lm.nyashmyash.top
779642cm.nyashland.top
781919cm.n9shka.top
783640cm.nyashkoon.top
784323cm.nyashland.top
786029cm.n9shteam3.top
791009cm.n9shteam3.top
792288cm.nyashkoon.top
794480cm.nyashnyash.top
795467cm.nyashnyash.top
795748cm.nyashland.top
796027cm.n9shteam1.top
797918cm.nyashmyash.top
799761cm.nyashcrack.top
800935cl.nyashtop.top
803914cm.nyashtyan.top
808416cm.n9shteam1.top
809624cm.nyashland.top
809829lm.nyashmyash.top
812140cm.n9shka.top
812613cm.nyashland.top
812728lm.nyashsens.top
813882cm.nyashnyash.top
815983cm.n9shteam3.top
816056cm.nyashtyan.top
816600cm.nyashtyan.top
818328cm.nyashland.top
819956cm.n9shteam3.top
822243cm.nyashtyan.top
822797cm.n9shka.top
822817cm.nyashsens.top
826522cl.nyashmyash.top
827539m.dccrk.top
831199cm.nyashsens.top
831960cm.nyashcrack.top
834329cm.n9shteam3.top
841019cm.nyashnyash.top
842174cm.n9sh.top
847687cm.nyashland.top
847952ll.nyashmyash.top
848452cm.nyashkoon.top
848748lm.nyashkoon.top
853719cm.nyashland.top
854242cm.n9sh.top
856622cm.nyashsens.top
856918cm.n9shteam3.top
857377cm.nyashsens.top
858915cm.nyashtyan.top
860108cm.nyashka.top
860618cm.nyashkoon.top
866199cm.nyashkoon.top
867043lm.nyashsens.top
867059m.dccrk.top
868047cm.nyashnyash.top
871720cm.n9shteam3.top
872900cm.nyashsens.top
878926cm.n9shteam3.top
879315cm.nyashland.top
879618cm.nyashka.top
879747cl.nyashmyash.top
881783cm.nyashland.top
882574cm.nyashkoon.top
884050cm.n9shteam3.top
887953cm.n9shka.top
88888cl.n9shteam1.top
891483cm.nyashkoon.top
892188cm.nyashnyash.top
892534cm.nyashtyan.top
896389cm.n9shteam3.top
896906cm.nyashcrack.top
896933cm.nyashkoon.top
897270cm.nyashkoon.top
897712cm.n9shka.top
899848cm.n9shteam1.top
902241cm.nyashkoon.top
902893lm.nyashmyash.top
904130cm.n9shka.top
904908cm.nyashka.top
905533cm.n9shka.top
905719cm.nyashland.top
906597cm.n9sh.top
911520cm.nyashtyan.top
912308cm.n9shka.top
912729m.dccrk.top
915197cm.nyashtop.top
915651cm.n9shteam3.top
915932m.dccrk.top
918576cm.n9shteam1.top
924580cm.nyashcrack.top
931620cm.n9shteam1.top
933009cm.nyashkoon.top
934211cm.nyashsens.top
935056cm.nyashcrack.top
935913cm.nyashmyash.top
936699m.dccrk.top
937509cm.n9shteam1.top
941100lm.nyashkoon.top
941806cm.nyashsens.top
945197cl.nyashtop.top
945424cm.nyashsens.top
946576cm.n9shteam3.top
947044cm.nyashmyash.top
954354cl.nyashmyash.top
954591cm.nyashsens.top
955715cm.n9shteam3.top
956977cm.nyashsens.top
958647cm.n9shteam1.top
959719cm.nyashcrack.top
961760cm.n9shteam1.top
962045cl.nyashtop.top
962473cm.nyashkoon.top
964838cm.nyashtyan.top
966974cm.nyashland.top
967918cm.n9shteam1.top
968085cm.nyashkoon.top
968620cm.nyashkoon.top
971936lm.nyashkoon.top
973164cm.nyashsens.top
973800cm.nyashsens.top
975763cm.n9shteam1.top
976435cm.nyashtyan.top
978393cm.nyashnyash.top
981800cm.n9shka.top
981904ll.nyashmyash.top
984720lm.nyashsens.top
984746cm.nyashtyan.top
992894lm.nyashmyash.top
993485cm.nyashland.top
994110cm.n9shteam1.top
996506cm.nyashnyash.top
aezakmid.top
aidvwbpa.top
alphauser.top
alwaysupdate.top
animegame.top
ariarea.top
astonmartin.top
autovaz.top
balashiha.top
barashek.top
batya.top
bonedino.top
braindown.top
brainoclock.top
brokendus.top
bundlepro.top
campingtop.top
cartofheart.top
checkme.top
chenhuahua.top
codeproga.top
coneforest.top
controlreg.top
cpcontacts.securitycheck.top
cryptoaboba.top
d0k.top
dablyat.top
dc.dccr.ru
dc.dccrk.top
decription.top
desyatochek.top
devnyash.top
diksi.top
dirol.top
dmacard.top
domneed.top
doorplace.top
dotspace.top
durka.top
dvatri.top
easyanime.top
engupto.top
eternitysys.top
expectum.top
faceuptable.top
fbiopenup.top
finalbattle.top
flipupto.top
fls-fe.securitycheck.top
fls-na.securitycheck.top
freeputin.top
galochka.top
glagol.top
golenos.top
googlechromeportable.top
googlizamenya.top
goski.top
gosnarkocontrol.top
gpdwin.top
hardsystem.top
haval.top
healthya.top
hellokitty.top
hesoyam.top
housedown.top
hvhmovie.top
hypetrain.top
iddqd.top
images-na.securitycheck.top
ironres.top
jqueryui.top
katcut.top
kimonomagic.top
kitaets.top
kitekat.top
klodvandam.top
ladno.top
lapki.top
lgg6.top
liberalspawned.top
lk.sudorat.ru
localcdndownload.top
lololowka.top
lolzteam.top
m-media-amazon.securitycheck.top
magnit.top
marchapril.top
megaengine.top
megaforce.top
megapascal.top
megaphone.top
megaproject.top
memegen.top
memflow.top
merlion.top
mersedes.top
micropatch.top
mihoyolab.top
milasya.top
minedownload.top
mitsubishi.top
monitortraf.top
morzyanka.top
moskvich.top
mshta.top
multiofficial.top
mvdrf.top
mvidio.top
namesearch.top
nazvanie.top
neurokek.top
nixware.top
noburo.top
nogami.top
notactual.top
notbalbec.top
nothost.top
novolink.top
nukebomb.top
nyanya.top
offlinewas.top
ogurec.top
opensrc.top
orphanor.top
otval.top
patronusus.top
perepelka.top
perfecteasy.top
petuh.top
pohooy.top
porshe.top
porzhat.top
postpre.top
pphud.top
premiumultra.top
projectt.top
proprietary.top
prosti.top
prowaifu.top
prre.top
publicdata.top
pyaterochka.top
rabbitcsgo.top
ratelimit.top
razreshayu.top
rdponline.top
recoder.top
registratio.top
renyash.top
rlynottop.top
rollsroys.top
rosatom.top
rostelecom.top
rostex.top
royalmail.novatek.top
samsa.top
sanandreas.top
sardelka.top
sasok.top
secureupdate.top
securitycheck.top
seouptime.top
seroi.top
serviceworker.top
shto.top
shtuka.top
smartpaid.top
socksmy.top
softline.top
soglasen.top
spacexyz.top
sportloto.top
strepsils.top
subscribeme.top
supporthere.top
tagaz.top
tatneft.top
tavoetogo.top
tazik.top
tele2.top
teroborona.top
test.magnit.top
todoany.top
tonna.top
topnomer.top
tryagain.top
typebloom.top
uffyaa.top
ultratop.top
umvd.top
unagi-fe.securitycheck.top
vetka.top
virtualreal.top
vkontakt.top
vsratost.top
warpath.top
wentaway.top
whoisyou.top
whware.top
x5group.top
yeahnot.top
yetanotherpaste.top
yourwfu.top
zelenka.top
zelensky.top
/RequestlongpolllinuxTrafficlocalpublicUploads.php

# Reference: https://www.virustotal.com/gui/file/209314d8a75568265d25c58ab5be74f4793d314a1fa6031c5fc51dde38baff45/detection

http://147.45.77.108
193.233.113.198:1726

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-10-13)

171.113.130.94:6079
171.80.251.128:25565
178.159.43.116:10443
179.13.2.251:9090
185.181.0.20:1024
185.181.0.21:1024
190.70.117.83:7998
216.241.141.4:8848
217.195.197.135:1604
23.237.174.2:7979
23.237.174.3:7979
39.101.122.168:9999
4.233.217.245:1024
43.138.225.212:8888
45.74.34.32:1995
46.246.12.11:5000
46.246.12.18:9090
46.246.14.13:8080
46.246.4.22:8080
46.246.6.14:8080
46.246.6.6:5000
46.246.80.12:6060
46.246.80.4:8080
46.246.80.5:9090
46.246.82.4:8080
46.246.82.8:8080
46.246.84.12:4040
46.246.84.15:8080
46.246.86.17:9000
87.120.127.57:1024
91.92.254.114:3030
91.92.254.46:3030
93.123.39.131:1337

# Reference: https://x.com/Tac_Mangusta/status/1846329712433680557
# Reference: https://www.joesandbox.com/analysis/1534777#iocs

corp-grass-plastic-ventures.trycloudflare.com
playing-res-alert-rational.trycloudflare.com

# Reference: https://www.virustotal.com/gui/ip-address/190.240.48.29/relations
# Reference: https://www.virustotal.com/gui/file/a74cc5cddbc77c63f202cc198442b0982c30a2e192b65f61fa9162278cb429b8/detection

190.240.48.29:2727
12septiembre.con-ip.com
agosto13.con-ip.com
azul.accesscam.org
castanojulian1111.chickenkiller.com
fuertefuerte.accesscam.org
octubre100.con-ip.com
octubre18.ydns.eu
octubre212024.giize.com
octubre242024.casacam.net
octubre7.con-ip.com
octubre8.con-ip.com
octubre9.con-ip.com
septiembre09.con-ip.com
septiembre11.con-ip.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2024-11-06)

http://141.8.192.217
http://185.114.245.123
a1049078.xsph.ru
a1049238.xsph.ru
ca26657.tw1.ru
f1032430.xsph.ru
pedrobyst.beget.tech
pizdi2m7.beget.tech
web4067.craft-host.ru

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-11-10)

http://103.124.101.168
104.234.30.23:4444
121.127.232.86:1433
121.127.232.87:1433
121.127.232.88:1433
152.201.184.235:8000
152.201.184.91:2000
152.204.165.90:8000
154.198.50.4:8080
167.0.196.114:2000
179.13.10.157:8081
181.236.112.169:8000
194.190.152.111:1194
23.237.174.4:7979
45.77.91.238:10066
46.246.12.17:8000
46.246.14.10:5000
46.246.14.11:5000
46.246.14.12:8080
46.246.14.18:5000
46.246.4.15:9000
46.246.4.20:8000
46.246.6.19:8000
46.246.82.11:8080
46.246.82.14:8080
46.246.82.15:8000
46.246.82.15:9090
46.246.82.17:5000
46.246.82.21:8080
46.246.82.5:8080
46.246.82.7:9090
46.246.84.17:5000
93.123.109.33:8848
93.123.109.34:8848

# Reference: https://www.virustotal.com/gui/file/48ee878fefc7d5d9df66fc978dfaafcfb61129acf92b1143e1b865ab292be9f0/detection

45.135.232.38:35650
dckast.duckdns.org

# Reference: https://www.virustotal.com/gui/file/9707cb0a265a33cfe0f452c65a67fcf2a2cd839ae5db5fb3e824c764b279ee72/detection

179.14.9.145:3016
dcrat24.duckdns.org

# Reference: https://www.virustotal.com/gui/file/b026259f2b7111c2f22846579fee6daf50b10a983eaa91d4e1f93c65d4887348/detection
# Reference: https://www.virustotal.com/gui/file/fa0819b8d077102f6b7da46aadc38de45c0b1a60521b13d87defc1ab5fffef1b/detection

179.14.9.145:3013
dcrat13.duckdns.org

# Reference: https://www.virustotal.com/gui/ip-address/179.14.9.145/relations

envnue1024.duckdns.org
sostexampp.duckdns.org

# Reference: https://x.com/banthisguy9349/status/1866947676245463090

http://141.8.192.138
http://141.8.192.151
http://195.201.34.199
http://62.60.246.26
http://81.169.145.78
http://87.236.19.78
21567cm.darkproducts.ru
28951cm.darkproducts.ru
a0534681.xsph.ru
a1039170.xsph.ru
a1043195.xsph.ru
a1043329.xsph.ru
a1046988.xsph.ru
a1047148.xsph.ru
a1047149.xsph.ru
a1047204.xsph.ru
a1047552.xsph.ru
a1047563.xsph.ru
a1047595.xsph.ru
a1047756.xsph.ru
a1047782.xsph.ru
a1047839.xsph.ru
a1048005.xsph.ru
a1048313.xsph.ru
a1048372.xsph.ru
a1048688.xsph.ru
a1048969.xsph.ru
a1049140.xsph.ru
a1049588.xsph.ru
a1049638.xsph.ru
a1049698.xsph.ru
a1050789.xsph.ru
a1050793.xsph.ru
a1051092.xsph.ru
a1051246.xsph.ru
a1051443.xsph.ru
a1051469.xsph.ru
a1051742.xsph.ru
a1051820.xsph.ru
a1051905.xsph.ru
a1052154.xsph.ru
a1052268.xsph.ru
a1052429.xsph.ru
a1052477.xsph.ru
a1052676.xsph.ru
a1053204.xsph.ru
a1053300.xsph.ru
a1053365.xsph.ru
a1053784.xsph.ru
a1053795.xsph.ru
a1053995.xsph.ru
a1054006.xsph.ru
a1054138.xsph.ru
a1054327.xsph.ru
a1054696.xsph.ru
a1055021.xsph.ru
a1055365.xsph.ru
a1055553.xsph.ru
a1055874.xsph.ru
a1055970.xsph.ru
a1056005.xsph.ru
a1057638.xsph.ru
a1057856.xsph.ru
a1058850.xsph.ru
a1059028.xsph.ru
a1059196.xsph.ru
a1060175.xsph.ru
a1060367.xsph.ru
a1060391.xsph.ru
a1060878.xsph.ru
a1060897.xsph.ru
a1060903.xsph.ru
a1061758.xsph.ru
a1062249.xsph.ru
a1062538.xsph.ru
a1062569.xsph.ru
a1062767.xsph.ru
a1062999.xsph.ru
a1063206.xsph.ru
a1063944.xsph.ru
a1064048.xsph.ru
a1064570.xsph.ru
a1064609.xsph.ru
a1064909.xsph.ru
a1066271.xsph.ru
a1066275.xsph.ru
a1066603.xsph.ru
a1066647.xsph.ru
a1066999.xsph.ru
a1067376.xsph.ru
a1067494.xsph.ru
a1068232.xsph.ru
a1068999.xsph.ru
a1069594.xsph.ru
a1069666.xsph.ru
a1069976.xsph.ru
a1070052.xsph.ru
a1070053.xsph.ru
a1070073.xsph.ru
a1070107.xsph.ru
a1070366.xsph.ru
a1070438.xsph.ru
a1070590.xsph.ru
a1070666.xsph.ru
a1070702.xsph.ru
a1070985.xsph.ru
a1071097.xsph.ru
a1071121.xsph.ru
a1071196.xsph.ru
a1071290.xsph.ru
a1071405.xsph.ru
a1071602.xsph.ru
a1071664.xsph.ru
a1071765.xsph.ru
a1071864.xsph.ru
a1071976.xsph.ru
a1072183.xsph.ru
a1072517.xsph.ru
a1072615.xsph.ru
a1072830.xsph.ru
a1072840.xsph.ru
arabna4a.beget.tech
assitsguard.xyz
brovetop.beget.tech
buddyqr.beget.tech
burjuiwm.beget.tech
ca91547.tw1.ru
cheateyh.beget.tech
cj46586.tw1.ru
cx70760.tw1.ru
darkproducts.ru
f0503304.xsph.ru
f0516078.xsph.ru
f0854165.xsph.ru
f1037098.xsph.ru
f1039112.xsph.ru
f1040987.xsph.ru
f1047246.xsph.ru
f1047670.xsph.ru
f1048020.xsph.ru
f1048353.xsph.ru
f1051546.xsph.ru
f1052241.xsph.ru
f1052635.xsph.ru
f1057735.xsph.ru
f1058331.xsph.ru
f1059060.xsph.ru
f1060404.xsph.ru
f1060604.xsph.ru
f1061210.xsph.ru
f1062095.xsph.ru
f1062357.xsph.ru
f1063431.xsph.ru
f1064330.xsph.ru
f1064905.xsph.ru
f1065720.xsph.ru
f1066369.xsph.ru
f1066481.xsph.ru
f1067254.xsph.ru
f1067441.xsph.ru
f1067989.xsph.ru
f1068729.xsph.ru
f1069581.xsph.ru
f1069670.xsph.ru
f1069813.xsph.ru
f1070213.xsph.ru
f1070307.xsph.ru
f1070465.xsph.ru
f1070743.xsph.ru
f1070781.xsph.ru
f1070818.xsph.ru
f1071349.xsph.ru
f1072057.xsph.ru
f1072181.xsph.ru
f1072439.xsph.ru
ffdgsmsw.beget.tech
fuckyou.pzdk.ru
gameovw4.beget.tech
itunfiles.beget.tech
jyk1038b.beget.tech
kolesnhy.beget.tech
koner17n.beget.tech
kosta65f.beget.tech
kotoswin.darkproducts.ru
krakenyd.beget.tech
l98588cv.beget.tech
laposrefs.beget.tech
lololocu.beget.tech
miraculos.ru
monrul3t.beget.tech
n92652r0.beget.tech
nikitfdl.beget.tech
nosanonf.beget.tech
q92470lk.beget.tech
securedism.beget.tech
securedpdf.beget.tech
sergri7g.beget.tech
store.assitsguard.xyz
sulimeo6.beget.tech
svch0st.ru
u90218fp.beget.tech
w93726zy.beget.tech
wh19292.web2.maze-tech.ru
withcwallet.com
xuttd6xz.beget.tech
xxmodgtv.beget.tech
yangri7x.beget.tech
yaroslfn.beget.tech
yegorlpx.beget.tech
yyyjckhj.beget.tech
zeromaee.beget.tech
zetka08d.beget.tech

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-01-02)

107.150.23.137:9909
108.181.199.23:3000
108.181.199.23:5000
109.230.200.236:22
109.236.87.67:7001
148.113.165.11:8848
148.178.16.16:8848
152.201.182.125:8000
152.202.226.52:8000
152.202.233.48:8000
167.0.225.167:8000
171.113.130.129:6079
179.13.5.17:8010
181.236.124.54:8000
185.8.172.13:22
191.91.177.119:8010
192.129.178.58:9001
192.129.178.59:9001
192.129.178.60:9001
192.129.178.61:9001
192.129.178.62:9001
217.195.197.73:1604
36.137.5.78:22
38.14.254.188:8888
38.46.13.170:8080
38.46.13.171:8080
38.46.13.172:8080
38.46.13.173:8080
38.46.13.174:8080
4.233.220.9:1024
4.251.96.80:1024
43.155.93.125:22
45.149.241.10:4444
45.154.98.226:1024
46.246.12.14:9090
46.246.12.20:8080
46.246.12.3:5000
46.246.14.14:5000
46.246.14.15:8080
46.246.14.15:9090
46.246.14.4:8080
46.246.4.11:5000
46.246.4.14:5000
46.246.4.19:5000
46.246.6.2:5000
46.246.80.11:8080
46.246.80.12:9000
46.246.80.14:5000
46.246.80.16:9000
46.246.80.18:5000
46.246.80.28:9090
46.246.80.6:8080
46.246.82.17:4040
46.246.82.20:5000
46.246.82.23:4040
46.246.84.13:5000
46.246.84.21:9000
46.246.84.22:8080
46.246.84.9:9000
46.246.86.12:9000
46.246.86.13:8000
46.246.86.9:5050
83.147.38.235:2404
85.209.133.29:8848
87.120.116.179:1500
98.66.177.116:1024

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2025-02-10)

http://121.127.37.30
http://147.45.45.201
http://147.45.47.156
http://154.29.71.9
http://176.123.1.211
http://185.177.239.121
http://185.177.239.237
http://185.177.239.66
http://185.230.138.58
http://185.239.51.56
http://185.246.113.224
http://185.246.65.175
http://185.246.67.73
http://185.43.5.145
http://185.43.5.93
http://188.120.228.203
http://188.120.251.105
http://193.124.185.16
http://193.3.168.50
http://193.32.162.64
http://193.58.121.137
http://194.135.20.4
http://194.33.43.197
http://195.10.205.157
http://195.2.79.32
http://206.188.197.24
http://213.108.22.118
http://31.177.108.176
http://31.177.109.102
http://31.177.109.24
http://31.58.58.231
http://37.1.214.137
http://37.44.238.250
http://37.46.131.145
http://38.180.145.185
http://38.180.228.120
http://45.88.91.89
http://45.89.110.133
http://5.42.66.51
http://5.42.92.37
http://62.109.1.101
http://62.109.16.145
http://62.109.25.165
http://62.109.31.116
http://62.109.6.177
http://77.222.47.117
http://77.73.39.158
http://78.24.221.196
http://80.66.81.173
http://80.66.89.37
http://80.87.197.189
http://82.146.37.234
http://82.146.42.97
http://82.146.53.9
http://86.110.194.28
http://86.110.212.203
http://87.120.127.117
http://89.110.93.210
http://89.23.100.242
http://89.23.96.180
http://91.107.151.211
http://91.199.45.187
http://91.211.249.46
http://91.214.78.88
http://91.227.41.9
http://91.92.42.1
http://94.141.122.137
http://94.250.249.125
http://95.164.6.175
1.94.33.219:8848
103.77.209.70:8848
103.84.89.222:4444
105.101.179.169:38672
113.45.153.3:8000
113.45.153.3:8080
116.203.56.216:8081
12.202.180.114:7878
12.202.180.114:8890
121.206.52.110:9997
121.37.128.90:8848
143.92.56.14:8888
143.92.56.19:8888
143.92.56.21:8888
147.185.221.22:52881
147.185.221.24:18545
148.113.165.11:2323
154.12.25.226:8080
156.238.227.79:8848
157.97.11.134:18246
157.97.11.134:2083
157.97.11.134:40380
157.97.11.134:5672
157.97.11.134:6190
157.97.11.134:64818
158.51.123.171:8888
170.238.45.112:6000
170.238.45.112:7000
171.41.199.170:25565
171.41.252.7:25565
171.80.217.208:25565
171.80.251.38:25565
172.94.108.143:7788
176.31.147.216:7878
179.13.3.202:8080
179.14.11.213:4010
181.235.11.209:8090
181.235.12.51:8090
185.172.175.125:1337
186.169.34.19:8090
186.169.52.131:8090
186.169.57.33:1000
186.169.66.68:8090
186.169.95.130:2020
187.201.155.62:8848
192.129.178.58:9002
192.129.178.59:9002
192.129.178.60:9002
192.129.178.61:9002
192.129.178.62:9002
195.177.95.241:8443
201.220.174.16:99
212.47.70.85:3388
217.156.50.170:5901
31.58.58.187:25565
37.32.22.233:8848
38.46.13.170:443
38.46.13.171:443
38.46.13.172:443
38.46.13.173:443
38.46.13.174:443
39.46.125.107:6906
4.228.228.120:8080
42.193.99.173:8848
43.199.119.135:443
45.135.232.38:35550
45.135.232.38:46452
45.145.43.222:4444
45.61.159.148:1111
46.246.12.17:8080
46.246.12.18:8000
46.246.12.20:9090
46.246.12.21:8000
46.246.14.11:8000
46.246.14.9:5000
46.246.14.9:8080
46.246.4.17:8080
46.246.4.18:8000
46.246.4.2:5000
46.246.4.7:8080
46.246.6.25:8080
46.246.6.2:7000
46.246.6.5:8000
46.246.6.9:9000
46.246.80.10:8080
46.246.80.11:9000
46.246.80.14:9000
46.246.80.17:8000
46.246.80.6:8000
46.246.80.9:9000
46.246.82.20:8080
46.246.82.6:9000
46.246.84.10:3000
46.246.84.11:9000
46.246.84.15:8000
46.246.84.9:8000
46.246.86.14:5000
46.246.86.14:8080
46.246.86.9:9000
47.95.201.133:8848
5.206.227.44:5000
51.89.253.9:8890
62.60.248.28:1604
65.38.120.211:33486
68.168.118.3:8848
69.4.232.1:25565
78.135.83.58:7777
79.110.49.207:7001
8.134.254.31:8848
80.76.49.17:3232
85.209.133.15:111
85.209.133.220:111
87.120.116.155:8080
87.120.126.140:3232
87.120.127.215:4444
87.120.84.111:591
87.120.84.111:8008
87.120.84.111:8080
87.120.84.111:8090
93.185.167.219:8520
94.141.122.230:443
94.156.167.42:4449
94.156.167.68:2000
94.156.167.86:2000
95.111.239.205:5900
001031cm.nyashteam.ru
024171cm.newnyash.top
045849cm.shnyash.ru
048038cm.renyash.ru
072486cm.n9shteam.ru
083098cm.n9shteam.in
101349cm.renyash.ru
112025ct.darkproducts.ru
114936cm.nyashcrack.top
115653cm.shnyash.ru
117813cm.n9shteam.in
122295cm.n9shteam.in
123863.darkproducts.ru
126987cm.renyash.ru
138231cm.n9shteam.in
143840cm.nyashteam.ru
14881cm.darkproducts.ru
188387cm.n9shteam.in
192592cm.shnyash.ru
221580cm.nyashkoon.in
228472cm.n9shka.top
23742.darkproducts.ru
250345cm.renyash.ru
284386cm.renyash.ru
28954cm.darkproducts.ru
29358cm.darkproducts.ru
304773cm.n9shteam.in
319351cm.nyashteam.ru
321723cm.renyash.ru
328579cm.renyash.ru
337703cm.n9sh.top
38165cm.darkproducts.ru
390412cm.n9shteam.in
427176cm.nyashkoon.in
438286cm.nyashnyash.ru
447320cm.nyashnyash.ru
452399cm.renyash.ru
464064cm.shnyash.ru
480344cm.renyash.ru
487997cm.renyash.top
492668cm.newnyash.top
495112cm.renyash.ru
500154cm.n9shteam.in
500817cm.renyash.top
501799.prohoster.biz
505905cm.n9shka.top
506691cm.renyash.ru
517300cm.renyash.ru
525833cm.nyashnyash.ru
52952cm.darkproducts.ru
568327cm.shnyash.ru
586580cm.renyash.ru
588538cm.renyash.ru
59035cm.darkproducts.ru
604647cm.renyash.ru
623127cm.nyashk.ru
649521cm.renyash.ru
697548cm.nyashnyash.ru
703035cm.nyashk.ru
703648cm.newnyash.top
703648cm.renyash.top
71941.darkproducts.ru
723223cm.renyash.ru
723486cm.nyashnyash.ru
733812cm.n9shteam.in
741300cm.nyashnyash.ru
749858cm.renyash.ru
77777cm.nyashtyan.in
788464cm.shnyash.ru
799615cm.nyashnyash.ru
817087cm.nyashteam.ru
838596cm.nyafka.top
861848cm.nyashkoon.ru
863811cm.nyafka.top
886972cm.renyash.ru
88888cm.nyashtyan.in
890959cm.newnyash.top
891781cm.renyash.ru
895157cm.nyashteam.ru
92542cm.darkproducts.ru
92713cm.darkproducts.ru
955792cm.nyashk.ru
976794cm.shnyash.ru
977255cm.nyashkoon.in
a0592551.xsph.ru
a0984458.xsph.ru
a0990484.xsph.ru
a0994456.xsph.ru
a1022792.xsph.ru
a1035834.xsph.ru
a1035960.xsph.ru
a1036037.xsph.ru
a1036503.xsph.ru
a1036589.xsph.ru
a1037709.xsph.ru
a1038038.xsph.ru
a1038934.xsph.ru
a1039629.xsph.ru
a1040171.xsph.ru
a1040350.xsph.ru
a1041198.xsph.ru
a1043540.xsph.ru
a1043943.xsph.ru
a1044352.xsph.ru
a1044520.xsph.ru
a1044603.xsph.ru
a1045065.xsph.ru
a1045237.xsph.ru
a1045278.xsph.ru
a1045626.xsph.ru
a1045709.xsph.ru
a1047806.xsph.ru
a1047912.xsph.ru
a1048068.xsph.ru
a1048400.xsph.ru
a1048697.xsph.ru
a1048940.xsph.ru
a1049460.xsph.ru
a1049646.xsph.ru
a1050477.xsph.ru
a1050733.xsph.ru
a1052930.xsph.ru
a1053620.xsph.ru
a1056109.xsph.ru
a1056424.xsph.ru
a1060905.xsph.ru
a1063331.xsph.ru
a1063683.xsph.ru
a1067345.xsph.ru
a1067559.xsph.ru
a1067734.xsph.ru
a1068004.xsph.ru
a1068994.xsph.ru
a1069038.xsph.ru
a1069635.xsph.ru
a1070154.xsph.ru
a1070463.xsph.ru
a1070543.xsph.ru
a1071370.xsph.ru
a1071470.xsph.ru
a1071997.xsph.ru
a1072021.xsph.ru
a1073080.xsph.ru
a1073086.xsph.ru
a1073401.xsph.ru
a1074338.xsph.ru
a1075044.xsph.ru
a1075328.xsph.ru
a1075712.xsph.ru
a1075950.xsph.ru
a1075974.xsph.ru
a1076034.xsph.ru
a1076044.xsph.ru
a1076119.xsph.ru
a1076350.xsph.ru
a1076459.xsph.ru
a1076662.xsph.ru
a1076687.xsph.ru
a1076853.xsph.ru
a1077057.xsph.ru
a1077792.xsph.ru
a1078067.xsph.ru
a1078080.xsph.ru
a1078143.xsph.ru
a1078153.xsph.ru
a1078682.xsph.ru
a1078904.xsph.ru
a1080505.xsph.ru
a1080708.xsph.ru
a1080904.xsph.ru
a1081338.xsph.ru
a1081724.xsph.ru
a1082676.xsph.ru
a1083100.xsph.ru
a1083255.xsph.ru
a1083407.xsph.ru
abdulbek.top
activequestion.ru
adsdadbp.beget.tech
alishosn.beget.tech
andre2tn.beget.tech
aroslawo.beget.tech
arsenik2.beget.tech
artema1m.beget.tech
artemccf.beget.tech
artemcw8.beget.tech
artemcy5.beget.tech
asme0534-51572.portmap.host
b902470r.beget.tech
baallsn3.beget.tech
babos.top
bagnakgt.beget.tech
bobaprog.ru
burjuip7.beget.tech
ca54823.tw1.ru
cb53940.tw1.ru
cb83927.tw1.ru
cc82394.tw1.ru
cc96011.tw1.ru
cd29847.tw1.ru
cd35171.tw1.ru
cd38713.tw1.ru
cd44549.tw1.ru
cd60197.tw1.ru
cd77746.tw1.ru
ce17561.tw1.ru
ce58027.tw1.ru
cf17360.tw1.ru
cf83712.tw1.ru
cf97623.tw1.ru
cg15356.tw1.ru
cg26785.tw1.ru
cg37346.tw1.ru
cg39171.tw1.ru
cg79561.tw1.ru
cg83870.tw1.ru
ch28439.tw1.ru
ch67763.tw1.ru
ch68434.tw1.ru
chwerfw63932.macan.chost.com.ua
ci07006.tw1.ru
ci26757.tw1.ru
cj05364.tw1.ru
cj15501.tw1.ru
cj37718.tw1.ru
cj46058.tw1.ru
cj79318.tw1.ru
cj94096.tw1.ru
ck25000.tw1.ru
cl04317.tw1.ru
cl08054.tw1.ru
cl41253.tw1.ru
cl85533.tw1.ru
cm34393.tw1.ru
cm36861.tw1.ru
cm38152.tw1.ru
cm45075.tw1.ru
cn40185.tw1.ru
cn67735.tw1.ru
co91798.tw1.ru
comatagcom.temp.swtest.ru
cp52181.tw1.ru
cp89183.tw1.ru
cp91897.tw1.ru
cq02494.tw1.ru
cq12403.tw1.ru
cq13555.tw1.ru
cq38273.tw1.ru
cq65040.tw1.ru
cr35340.tw1.ru
cr39969.tw1.ru
cs55120.tw1.ru
cs68173.tw1.ru
ct10906.tw1.ru
cu00054.tw1.ru
cu09209.tw1.ru
cu10009.tw1.ru
cu35742.tw1.ru
cv38351.tw1.ru
cw95073.tw1.ru
cx79992.tw1.ru
cy08450.tw1.ru
cy52165.tw1.ru
cyberpotato.ru
cz15171.tw1.ru
cz25672.tw1.ru
cz34133.tw1.ru
cz37182.tw1.ru
cz44917.tw1.ru
cz59288.tw1.ru
cz68521.tw1.ru
cz91659.tw1.ru
cz93002.tw1.ru
daniibcy.beget.tech
daxon.giize.com
dcrat1337.atwebpages.com
ddosbo0r.beget.tech
deeplo4f.beget.tech
deniszuz.beget.tech
dimksseo.beget.tech
dimkssfx.beget.tech
dimkssud.beget.tech
dmitrievan.temp.swtest.ru
dragon-rp.com
drenow.atwebpages.com
drgost.duckdns.org
drlas.duckdns.org
drpras.duckdns.org
durok.ru
dvvldvvz.beget.tech
eesdtr23c4e.atwebpages.com
epicgramm1.temp.swtest.ru
eternitysystems.online
ezrar.atwebpages.com
f0908023.xsph.ru
f1039159.xsph.ru
f1045855.xsph.ru
f1064463.xsph.ru
f1068822.xsph.ru
f1069418.xsph.ru
f1070723.xsph.ru
f1071409.xsph.ru
f1072253.xsph.ru
f1076005.xsph.ru
f1076998.xsph.ru
f1077757.xsph.ru
f1078098.xsph.ru
f1079650.xsph.ru
f1080003.xsph.ru
f1082530.xsph.ru
f1082777.xsph.ru
f1082834.xsph.ru
fantomri.beget.tech
frozeemodtest.freewebhostmost.com
gaming0558.mygamesonline.org
getipinfo.duckdns.org
gqcsmfau.beget.tech
gsfaggsagsgasfgg.x10.mx
has1350.beget.tech
host1877066.hostland.pro
hvhpolak.ru
i97889ae.beget.tech
ilusharx.beget.tech
it-ords.ru
jamuro-52920.portmap.io
jumaisimba.x10.mx
k83398f9.beget.tech
k91100v5.beget.tech
kazart4q.beget.tech
kendalcp.beget.tech
kitaygorod.top
klospegh.beget.tech
konsolxq.beget.tech
kreker.top
l99250gh.beget.tech
lastic6p.beget.tech
lenkaa6t.beget.tech
lflgklpx.beget.tech
lolkeky8.beget.tech
lopatasovka.ru
mak1nt0sh.ru
mas9kan0.beget.tech
meowmeowmeow.onlinewebshop.net
mervyamat.ru.swtest.ru
mrpon108.beget.tech
mstrelaz.beget.tech
necobox.ru
nutipa.ru
olegpivo.tw1.ru
otkazaza.ru
pdiroasdasadas.atwebpages.com
penisgw9.beget.tech
petrasl7.beget.tech
phoeni13.beget.tech
phoenior.beget.tech
pole4udes.ru
ponos228.mywebcommunity.org
ponos22834.mywebcommunity.org
ppasovtv.beget.tech
premove.ru
pseudoironia.ru
pw267.castledev.ru
pw322.castledev.ru
pw323.castledev.ru
pw334.castledev.ru
qlauncher.ru
qwerty3032.temp.swtest.ru
ratts.s07002yx.beget.tech
record-lopez.gl.at.ply.gg
romanopi.beget.tech
root.darkproducts.ru
rsakinc8.beget.tech
rsakinmu.beget.tech
rustpidc.beget.tech
s1004864.smrtp.ru
s1mpld00.beget.tech
s936550.ha005.t.mydomain.zone
samsuka.ru
sashapae22.temp.swtest.ru
savehal3.beget.tech
sh1goto.org.swtest.ru
shydooac.beget.tech
sigma14881499.atwebpages.com
sigmaphpog.atwebpages.com
srv226957.hoster-test.ru
steamtp2.beget.tech
stendr9y.beget.tech
stepancy.beget.tech
taccaroi.beget.tech
takiqskiqg.temp.swtest.ru
test-site.com.s61.hhos.net
testedark.writesthisblog.com
thehikwp.beget.tech
tsukanjz.beget.tech
uffyaa.ru
unasnetds.ru
vadgko6t.beget.tech
vimewonf.beget.tech
visualstudionews.x10.mx
vitamind3.top
web3373.craft-host.ru
web4200.craft-host.ru
windowsxp.top
xard77xe.beget.tech
xclre2wq.beget.tech
zaebator23.temp.swtest.ru
zloyvah4.beget.tech

# Reference: https://www.virustotal.com/gui/file/b875598478872e91797af75764bef4c8489574fdef5f782ca960de7eda843780/detection

191.104.103.121:2013
dcrat2013.duckdns.org

# Reference: https://www.virustotal.com/gui/file/f158eb862c6f9700b85433cf1aceae4c0a84578a185b60e66df44da9374e73c0/detection

178.215.224.234:8848
favor.ydns.eu

# Reference: https://cert.gov.ua/article/6282536

http://193.233.48.166
http://194.0.234.155
http://87.120.126.48
194.0.234.155:443
87.120.126.48:443
89.105.201.98:11371
89.105.201.98:8888
91.92.246.18:443
upnow-prod.ff45e40d1a1c8f7e7de4e976d0c9e555.r2.cloudflarestorage.com

# Reference: https://www.virustotal.com/gui/file/36cdb54c76cc9457a56c1f3731cb757f101442e7a569972ddb5ac207847255b5/detection
# Reference: https://www.virustotal.com/gui/file/29eac43040dd9d513bc340a3ac7f384fe77e9221f361571335f76e5eb6814508/detection

http://77.239.121.198

# Reference: https://x.com/greenplan_it/status/1896852077835583797
# Reference: https://www.virustotal.com/gui/file/b8fc29c02005c84131f34de083c2e81cdf615ff405877f9e73400bf35513c053/detection

148.113.214.176:7878
watchonlinehotvideos.top

# Reference: https://x.com/malwrhunterteam/status/1901910982420512915
# Reference: https://www.virustotal.com/gui/file/0c450b7b9c7f17fd4a1ddf8a140303fac55d95bc5a674730cdecbbaf4601a395/detection

http://96.9.210.135
176.65.134.105:9852
goodsvibes.dynuddns.net

# Reference: https://cert.gov.ua/article/6282737

http://217.25.91.61
http://45.130.214.237
http://62.60.235.190
http://83.147.253.138
http://87.249.50.64

# Reference: https://x.com/malwrhunterteam/status/1905187307189068275
# Reference: https://www.virustotal.com/gui/file/4f42b9c0ef40bc5d935cf145a765ca390887f5fdd722c0d4b96f81fa76f79503/detection

watchonlinemoveis.net

# Reference: https://x.com/skocherhan/status/1906469346722906266
# Reference: https://www.virustotal.com/gui/file/01fd713cc9ff2c7dea4d20b314217879bbd8af9f294ccd71d4530bf52589d5b4/detection

147.185.221.27:12288
45.138.16.240:8100
contract-issued.gl.at.ply.gg

# Reference: https://x.com/JAMESWT_WT/status/1910964823522705752
# Reference: https://www.virustotal.com/gui/file/81e50dc7874d36bfd680e61ecea8dfa255a64bb337bc986c014355a9d99d6d28/detection

http://77.223.119.85
77.223.119.85:1414

# Reference: https://www.virustotal.com/gui/file/18558f597aee7d7a87cadf4bef334322f57f2d0135e90a760f78ed5ffa36e224/detection

92.255.85.66:1414

# Reference: https://www.virustotal.com/gui/file/38c265404f8a5625f733b330a0d3344d0bc67b36f8953db8fff911b8e6e26e5c/detection

http://193.176.22.172
193.176.22.172:1414

# Reference: https://www.virustotal.com/gui/file/cae7ab4aa07028e0d52b0a62bd5bc58398f457ff7896e8cb177eec10efab5fdf/detection

92.255.85.207:1414
92.255.85.207:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2025-04-21)

http://138.68.80.167
http://147.185.221.25
http://147.45.185.85
http://185.180.230.239
http://185.246.66.165
http://194.87.99.40
http://199.83.103.6
http://213.159.215.238
http://213.21.237.235
http://217.144.98.170
http://3.127.121.101
http://37.114.39.29
http://37.230.113.179
http://43.249.233.80
http://45.144.52.152
http://45.94.31.18
http://5.252.155.127
http://62.60.148.130
http://77.91.76.102
http://81.94.156.41
http://83.217.209.253
http://87.120.84.108
http://87.251.66.162
http://89.111.152.13
http://91.132.59.41
http://92.53.120.241
http://93.123.84.246
http://94.159.104.203
http://94.250.249.79
http://95.163.86.252
http://95.182.122.208
101.99.91.30:2013
102.43.198.127:4445
103.237.92.118:8080
103.60.148.10:8848
103.60.148.10:8849
103.60.148.11:8848
103.60.148.11:8849
103.60.148.12:8848
103.60.148.12:8849
103.60.148.13:8848
103.60.148.13:8849
103.60.148.14:8848
103.60.148.14:8849
107.178.104.186:4444
108.252.227.16:3001
109.242.10.124:9000
110.10.98.18:8848
110.40.68.104:8089
110.42.227.156:8848
110.42.57.248:8089
111.180.190.199:31880
111.180.190.199:8848
112.213.116.35:8848
115.91.26.76:9999
134.122.128.85:4433
134.122.128.86:4433
134.122.128.87:4433
137.184.219.32:3232
139.99.23.210:1000
143.92.36.187:443
143.92.36.191:443
146.70.49.42:7045
146.70.49.42:8080
146.70.49.42:9090
147.124.213.50:8848
147.185.221.25:3064
147.185.221.25:3232
147.185.221.25:51578
147.185.221.26:15319
147.185.221.26:2935
147.185.221.27:7503
148.113.214.176:555
148.66.21.234:443
148.66.21.234:4433
148.66.21.235:443
148.66.21.235:4433
148.66.21.236:443
148.66.21.236:4433
148.66.21.237:443
148.66.21.237:4433
148.66.21.238:443
148.66.21.238:4433
151.236.9.205:2009
154.201.68.239:443
154.207.55.249:443
154.207.55.98:443
154.213.48.66:8848
154.213.48.67:8848
154.213.48.68:8848
154.213.48.69:8848
154.213.48.70:8848
154.213.48.71:8848
154.213.48.72:8848
154.213.48.73:8848
154.213.48.74:8848
154.213.48.75:8848
154.213.48.76:8848
154.213.48.77:8848
154.213.48.78:8848
154.213.48.79:8848
154.213.48.80:8848
154.213.48.81:8848
154.213.48.82:8848
154.213.48.83:8848
154.213.48.84:8848
154.213.48.85:8848
154.213.48.86:8848
154.213.48.87:8848
154.213.48.88:8848
154.213.48.89:8848
154.213.48.90:8848
154.213.48.91:8848
154.213.48.92:8848
154.213.48.93:8848
154.213.48.94:8848
154.216.35.10:8848
154.216.35.10:8849
154.216.35.11:8848
154.216.35.11:8849
154.216.35.12:8848
154.216.35.12:8849
154.216.35.13:8848
154.216.35.13:8849
154.216.35.14:8848
154.216.35.14:8849
154.216.35.15:8848
154.216.35.15:8849
154.216.35.16:8848
154.216.35.16:8849
154.216.35.17:8848
154.216.35.17:8849
154.216.35.18:8848
154.216.35.18:8849
154.216.35.19:8848
154.216.35.19:8849
154.216.35.20:8848
154.216.35.20:8849
154.216.35.21:8848
154.216.35.21:8849
154.216.35.22:8848
154.216.35.22:8849
154.216.35.23:8848
154.216.35.23:8849
154.216.35.24:8848
154.216.35.24:8849
154.216.35.25:8848
154.216.35.25:8849
154.216.35.26:8848
154.216.35.26:8849
154.216.35.27:8848
154.216.35.27:8849
154.216.35.28:8848
154.216.35.28:8849
154.216.35.29:8848
154.216.35.29:8849
154.216.35.2:8848
154.216.35.2:8849
154.216.35.30:8848
154.216.35.30:8849
154.216.35.3:8848
154.216.35.3:8849
154.216.35.4:8848
154.216.35.4:8849
154.216.35.5:8848
154.216.35.5:8849
154.216.35.6:8848
154.216.35.6:8849
154.216.35.7:8848
154.216.35.7:8849
154.216.35.8:8848
154.216.35.8:8849
154.216.35.9:8848
154.216.35.9:8849
154.92.54.162:8848
154.92.54.162:8849
154.92.54.163:8848
154.92.54.163:8849
154.92.54.164:8848
154.92.54.164:8849
154.92.54.165:8848
154.92.54.165:8849
154.92.54.166:8848
154.92.54.166:8849
154.92.54.167:8848
154.92.54.167:8849
154.92.54.168:8848
154.92.54.168:8849
154.92.54.169:8848
154.92.54.169:8849
154.92.54.170:8848
154.92.54.170:8849
154.92.54.171:8848
154.92.54.171:8849
154.92.54.172:8848
154.92.54.172:8849
154.92.54.173:8848
154.92.54.173:8849
154.92.54.174:8848
154.92.54.174:8849
154.92.54.175:8848
154.92.54.175:8849
154.92.54.176:8848
154.92.54.176:8849
154.92.54.177:8848
154.92.54.177:8849
154.92.54.178:8848
154.92.54.178:8849
154.92.54.179:8848
154.92.54.179:8849
154.92.54.180:8848
154.92.54.180:8849
154.92.54.181:8848
154.92.54.181:8849
154.92.54.182:8848
154.92.54.182:8849
154.92.54.183:8848
154.92.54.183:8849
154.92.54.184:8848
154.92.54.184:8849
154.92.54.185:8848
154.92.54.185:8849
154.92.54.186:8848
154.92.54.186:8849
154.92.54.187:8848
154.92.54.187:8849
154.92.54.188:8848
154.92.54.188:8849
154.92.54.189:8848
154.92.54.189:8849
154.92.54.190:8848
154.92.54.190:8849
156.208.31.143:4445
158.255.74.231:22
160.124.135.162:8848
160.124.135.162:8849
160.124.135.163:8848
160.124.135.163:8849
160.124.135.164:8848
160.124.135.164:8849
160.124.135.165:8848
160.124.135.165:8849
160.124.135.166:8848
160.124.135.166:8849
160.124.135.167:8848
160.124.135.167:8849
160.124.135.168:8848
160.124.135.168:8849
160.124.135.169:8848
160.124.135.169:8849
160.124.135.170:8848
160.124.135.170:8849
160.124.135.171:8848
160.124.135.171:8849
160.124.135.172:8848
160.124.135.172:8849
160.124.135.173:8848
160.124.135.173:8849
160.124.135.174:8848
160.124.135.174:8849
160.124.135.175:8848
160.124.135.175:8849
160.124.135.176:8848
160.124.135.176:8849
160.124.135.177:8848
160.124.135.177:8849
160.124.135.178:8848
160.124.135.178:8849
160.124.135.179:8848
160.124.135.179:8849
160.124.135.180:8848
160.124.135.180:8849
160.124.135.181:8848
160.124.135.181:8849
160.124.135.182:8848
160.124.135.182:8849
160.124.135.183:8848
160.124.135.183:8849
160.124.135.184:8848
160.124.135.184:8849
160.124.135.185:8848
160.124.135.185:8849
160.124.135.186:8848
160.124.135.186:8849
160.124.135.187:8848
160.124.135.187:8849
160.124.135.188:8848
160.124.135.188:8849
160.124.135.189:8848
160.124.135.189:8849
160.124.135.190:8848
160.124.135.190:8849
160.124.30.34:8848
160.124.30.34:8849
160.124.30.35:8848
160.124.30.35:8849
160.124.30.36:8848
160.124.30.36:8849
160.124.30.37:8848
160.124.30.37:8849
160.124.30.38:8848
160.124.30.38:8849
160.124.30.39:8848
160.124.30.39:8849
160.124.30.40:8848
160.124.30.40:8849
160.124.30.41:8848
160.124.30.41:8849
160.124.30.42:8848
160.124.30.42:8849
160.124.30.43:8848
160.124.30.43:8849
160.124.30.44:8848
160.124.30.44:8849
160.124.30.45:8848
160.124.30.45:8849
160.124.30.46:8848
160.124.30.46:8849
160.124.30.47:8848
160.124.30.47:8849
160.124.30.48:8848
160.124.30.48:8849
160.124.30.49:8848
160.124.30.49:8849
160.124.30.50:8848
160.124.30.50:8849
160.124.30.51:8848
160.124.30.51:8849
160.124.30.52:8848
160.124.30.52:8849
160.124.30.53:8848
160.124.30.53:8849
160.124.30.54:8848
160.124.30.54:8849
160.124.30.55:8848
160.124.30.55:8849
160.124.30.56:8848
160.124.30.56:8849
160.124.30.57:8848
160.124.30.57:8849
160.124.30.58:8848
160.124.30.58:8849
160.124.30.59:8848
160.124.30.59:8849
160.124.30.60:8848
160.124.30.60:8849
160.124.30.61:8848
160.124.30.61:8849
160.124.30.62:8848
160.124.30.62:8849
160.124.65.226:8848
160.124.65.226:8849
160.124.65.227:8848
160.124.65.227:8849
160.124.65.228:8848
160.124.65.228:8849
160.124.65.229:8848
160.124.65.229:8849
160.124.65.230:8848
160.124.65.230:8849
160.124.65.231:8848
160.124.65.231:8849
160.124.65.232:8848
160.124.65.232:8849
160.124.65.233:8848
160.124.65.233:8849
160.124.65.234:8848
160.124.65.234:8849
160.124.65.235:8848
160.124.65.235:8849
160.124.65.236:8848
160.124.65.236:8849
160.124.65.237:8848
160.124.65.237:8849
160.124.65.238:8848
160.124.65.238:8849
160.124.65.239:8848
160.124.65.239:8849
160.124.65.240:8848
160.124.65.240:8849
160.124.65.241:8848
160.124.65.241:8849
160.124.65.242:8848
160.124.65.242:8849
160.124.65.243:8848
160.124.65.243:8849
160.124.65.244:8848
160.124.65.244:8849
160.124.65.245:8848
160.124.65.245:8849
160.124.65.246:8848
160.124.65.246:8849
160.124.65.247:8848
160.124.65.247:8849
160.124.65.248:8848
160.124.65.248:8849
160.124.65.249:8848
160.124.65.249:8849
160.124.65.250:8848
160.124.65.250:8849
160.124.65.251:8848
160.124.65.251:8849
160.124.65.252:8848
160.124.65.252:8849
160.124.65.253:8848
160.124.65.253:8849
160.124.65.254:8848
160.124.65.254:8849
161.97.113.198:3000
162.250.190.150:14188
162.250.190.150:18188
162.250.190.150:8848
165.227.112.105:3232
165.73.252.176:9999
166.108.236.192:8848
174.70.151.61:2406
175.178.37.75:8848
176.65.134.55:3470
176.65.140.20:8520
176.65.144.27:4000
178.73.218.13:8090
179.13.2.158:8080
179.13.5.203:8010
179.43.152.178:8825
181.131.216.154:2030
181.206.158.190:8848
181.235.4.114:8090
185.208.159.120:4443
185.208.159.120:591
185.208.159.120:8080
185.208.159.120:8090
185.208.159.45:3030
185.254.28.9:5566
185.255.92.151:5000
185.7.214.2:1414
186.169.36.44:8090
186.169.38.242:8090
186.169.46.42:8090
186.169.47.146:8090
186.169.55.158:8090
186.169.55.183:8090
186.169.61.26:8090
186.169.67.20:8090
186.169.67.83:8090
186.169.68.250:8090
186.169.72.217:1000
186.169.90.226:1000
186.169.93.49:8090
190.89.245.97:3000
192.129.178.58:5020
192.129.178.59:5020
192.129.178.60:5020
192.129.178.61:5020
192.129.178.62:5020
192.140.163.10:8089
192.159.99.113:2296
192.159.99.113:2298
193.83.224.70:4444
193.83.226.60:4444
194.36.26.109:25514
195.82.146.19:4443
195.82.146.19:4444
195.82.146.19:591
195.82.146.19:8080
195.82.146.19:8090
195.82.146.32:4443
195.82.146.32:4444
195.82.146.32:591
195.82.146.32:8080
195.82.146.32:8090
195.82.147.35:4443
195.82.147.35:4444
195.82.147.35:591
195.82.147.35:8080
195.82.147.35:8090
195.85.207.145:1024
196.251.71.168:2000
196.251.71.169:2000
196.251.71.233:2000
196.251.72.206:2000
196.251.83.37:2000
196.251.84.169:4444
196.251.85.154:2000
196.251.85.235:8848
196.251.90.56:2000
196.251.90.57:2000
20.197.224.169:6000
20.229.103.183:4000
201.220.178.36:99
201.220.180.250:99
202.61.136.134:443
202.95.14.159:443
202.95.14.161:443
202.95.14.164:443
206.233.130.150:3389
206.233.130.7:3389
207.180.205.17:674
208.109.38.138:65503
208.110.72.224:9999
209.105.242.112:7777
216.219.83.86:3976
216.250.251.245:8848
217.18.210.142:1998
23.235.146.66:8848
23.235.146.66:8849
23.235.146.67:8848
23.235.146.67:8849
23.235.146.68:8848
23.235.146.68:8849
23.235.146.69:8848
23.235.146.69:8849
23.235.146.70:8848
23.235.146.70:8849
23.235.146.71:8848
23.235.146.71:8849
23.235.146.72:8848
23.235.146.72:8849
23.235.146.73:8848
23.235.146.73:8849
23.235.146.74:8848
23.235.146.74:8849
23.235.146.75:8848
23.235.146.75:8849
23.235.146.76:8848
23.235.146.76:8849
23.235.146.77:8848
23.235.146.77:8849
23.235.146.78:8848
23.235.146.78:8849
23.235.146.79:8848
23.235.146.79:8849
23.235.146.80:8848
23.235.146.80:8849
23.235.146.81:8848
23.235.146.81:8849
23.235.146.82:8848
23.235.146.82:8849
23.235.146.83:8848
23.235.146.83:8849
23.235.146.84:8848
23.235.146.84:8849
23.235.146.85:8848
23.235.146.85:8849
23.235.146.86:8848
23.235.146.86:8849
23.235.146.87:8848
23.235.146.87:8849
23.235.146.88:8848
23.235.146.88:8849
23.235.146.89:8848
23.235.146.89:8849
23.235.146.90:8848
23.235.146.90:8849
23.235.146.91:8848
23.235.146.91:8849
23.235.146.92:8848
23.235.146.92:8849
23.235.146.93:8848
23.235.146.93:8849
23.235.146.94:8848
23.235.146.94:8849
23.235.158.10:8848
23.235.158.10:8849
23.235.158.11:8848
23.235.158.11:8849
23.235.158.12:8848
23.235.158.12:8849
23.235.158.13:8848
23.235.158.13:8849
23.235.158.14:8848
23.235.158.14:8849
23.235.158.15:8848
23.235.158.15:8849
23.235.158.16:8848
23.235.158.16:8849
23.235.158.17:8848
23.235.158.17:8849
23.235.158.18:8848
23.235.158.18:8849
23.235.158.19:8848
23.235.158.19:8849
23.235.158.20:8848
23.235.158.20:8849
23.235.158.21:8848
23.235.158.21:8849
23.235.158.22:8848
23.235.158.22:8849
23.235.158.23:8848
23.235.158.23:8849
23.235.158.24:8848
23.235.158.24:8849
23.235.158.25:8848
23.235.158.25:8849
23.235.158.26:8848
23.235.158.26:8849
23.235.158.27:8848
23.235.158.27:8849
23.235.158.28:8848
23.235.158.28:8849
23.235.158.29:8848
23.235.158.29:8849
23.235.158.2:8848
23.235.158.2:8849
23.235.158.30:8848
23.235.158.30:8849
23.235.158.3:8848
23.235.158.3:8849
23.235.158.4:8848
23.235.158.4:8849
23.235.158.5:8848
23.235.158.5:8849
23.235.158.6:8848
23.235.158.6:8849
23.235.158.7:8848
23.235.158.7:8849
23.235.158.8:8848
23.235.158.8:8849
23.235.158.9:8848
23.235.158.9:8849
23.235.176.56:443
23.235.176.76:443
23.235.176.89:443
27.124.38.117:6667
27.124.38.137:6667
27.124.38.150:6667
27.124.41.250:65503
27.124.41.252:65503
27.124.41.253:65503
3.127.121.101:3064
3.68.171.119:18876
3.69.115.178:12672
31.57.33.159:3740
37.27.58.254:1024
38.225.209.116:9898
38.49.40.240:8848
38.49.40.240:8888
38.49.43.182:8848
43.138.115.214:1818
45.128.36.154:8080
45.133.180.130:5050
45.133.180.130:9000
45.133.180.138:8000
45.133.180.154:5050
45.133.180.154:8000
45.133.180.154:9000
45.138.16.158:1337
45.141.233.142:7777
45.145.229.196:1414
45.155.53.49:4400
45.195.54.195:5858
45.32.213.58:1337
45.88.186.160:1337
46.153.112.54:9090
46.246.12.10:8080
46.246.12.15:8080
46.246.12.2:9000
46.246.12.9:9000
46.246.14.13:9090
46.246.14.20:8080
46.246.14.20:9090
46.246.14.3:9090
46.246.4.11:8080
46.246.4.11:9000
46.246.4.12:8080
46.246.4.2:8080
46.246.4.3:8080
46.246.6.12:8000
46.246.6.3:8080
46.246.6.7:9000
46.246.80.12:8080
46.246.80.12:9090
46.246.82.12:2000
46.246.82.12:8000
46.246.82.16:2000
46.246.82.30:8080
46.246.84.20:9000
46.246.84.3:8000
46.246.84.4:9999
46.246.86.10:9000
46.246.86.3:8000
46.246.86.8:2000
46.246.86.8:8080
46.31.79.56:7777
47.115.225.92:8848
47.239.188.78:8080
5.200.210.1:55476
62.60.191.138:8000
65.38.120.211:7000
68.168.118.2:8848
68.168.118.4:8848
68.168.118.5:8848
77.105.161.9:3232
8.141.114.182:8545
8.152.218.67:8080
8.218.97.73:65503
85.235.74.114:1024
87.248.145.252:22
88.224.24.88:9090
91.199.42.188:7000
93.185.167.219:7878
94.223.186.150:3389
036356cm.nyashnyash.ru
047506cm.nyanyash.ru
070687cm.nyashk.ru
075185cm.nyashk.ru
112664cm.nyashk.ru
136601cm.shnyash.ru
140061cm.nyanyash.ru
167345cm.nyashk.ru
17329.cllt.nyashteam.ru
176449cm.nyashk.ru
cllt.nyashteam.ru
207405cm.nyashk.ru
222390cm.nyashnyash.ru
230852cm.nyashk.ru
27.ip.gl.ply.gg
285790259cm.whiteproducts.ru
285857cm.nyanyash.ru
289029cm.nyashk.ru
289098cm.shnyash.ru
297856cm.nyashnyash.ru
317827cm.shnyash.ru
331545cm.nyashru.ru
342613cm.nyashk.ru
368456cm.nyashk.ru
383281cm.nyashk.ru
396608cm.nyashk.ru
439153cm.nyashk.ru
469473cm.nyashware.ru
542148cm.nyanyash.ru
557844cm.nyashnyash.ru
593412cm.nyanyash.ru
596306cm.nyashteam.ru
610188cm.nyanyash.ru
657355cm.shnyash.ru
635207cm.nyashk.ru
692218cm.nyanyash.ru
697580cm.nyashk.ru
697624cm.nyanyash.ru
714280cm.nyanyash.ru
723499cm.shnyash.ru
776437cm.nyanyash.ru
800811cm.nyashk.ru
821518cm.nyanyash.ru
839805cm.nyashk.ru
908457cm.nyashk.ru
91141ncm.darkproducts.ru
921935cm.nyashk.ru
940706cm.nyashnyash.ru
961570cm.nyashk.ru
a0691925.xsph.ru
a0723684.xsph.ru
a0768683.xsph.ru
a0993730.xsph.ru
a1002438.xsph.ru
a1003563.xsph.ru
a1040668.xsph.ru
a1046211.xsph.ru
a1059347.xsph.ru
a1069655.xsph.ru
a1072193.xsph.ru
a1080277.xsph.ru
a1080799.xsph.ru
a1080822.xsph.ru
a1081046.xsph.ru
a1081343.xsph.ru
a1082411.xsph.ru
a1083054.xsph.ru
a1083178.xsph.ru
a1083519.xsph.ru
a1085017.xsph.ru
a1085424.xsph.ru
a1085615.xsph.ru
a1086186.xsph.ru
a1086695.xsph.ru
a1087172.xsph.ru
a1087470.xsph.ru
a1087552.xsph.ru
a1087981.xsph.ru
a1088471.xsph.ru
a1088535.xsph.ru
a1088592.xsph.ru
a1088739.xsph.ru
a1088759.xsph.ru
a1089122.xsph.ru
a1089267.xsph.ru
a1089269.xsph.ru
a1089520.xsph.ru
a1089604.xsph.ru
a1089655.xsph.ru
a1089746.xsph.ru
a1090709.xsph.ru
a1090962.xsph.ru
a1091043.xsph.ru
a1096844.xsph.ru
a1097362.xsph.ru
a1097571.xsph.ru
a1099935.xsph.ru
a1099965.xsph.ru
a1100394.xsph.ru
a1100551.xsph.ru
a1100737.xsph.ru
a1100962.xsph.ru
a1101487.xsph.ru
a1101496.xsph.ru
a1101946.xsph.ru
a1102442.xsph.ru
a1102719.xsph.ru
a1104037.xsph.ru
a1104094.xsph.ru
a1106540.xsph.ru
a1106561.xsph.ru
a1106670.xsph.ru
a1108039.xsph.ru
a1113201.xsph.ru
a1113269.xsph.ru
a1113351.xsph.ru
a1113503.xsph.ru
a1113623.xsph.ru
a1113861.xsph.ru
a1114157.xsph.ru
a1114171.xsph.ru
a1114349.xsph.ru
a1114645.xsph.ru
a1115106.xsph.ru
above-aspect.gl.at.ply.gg
advanced-contributing.gl.at.ply.gg
again-duck.gl.at.ply.gg
all-trans.online
artemcd9.beget.tech
asasac313v.work.gd
asasedc0.beget.tech
asdff123fsdafasdf.ru
assikapr25.temp.swtest.ru
assikapr27.temp.swtest.ru
autozakfull.ru
avensrp.fvds.ru
azamatpa.beget.tech
b929273h.beget.tech
beginvost53.x10.bz
benefits-convention.gl.at.ply.gg
boards-essential.gl.at.ply.gg
born-me.gl.at.ply.gg
c0re-50342.portmap.host
ca09284.tw1.ru
ca71441.tw1.ru
ca97087.tw1.ru
cc28022.tw1.ru
cd99222.tw1.ru
ce11914.tw1.ru
ce43370.tw1.ru
ce64450.tw1.ru
cg26081.tw1.ru
cg55176.tw1.ru
cherniychay.ru
cj98865.tw1.ru
cjturs3.localto.net
cl32012.tw1.ru
cm48994.tw1.ru
cn09381.tw1.ru
cn63230.tw1.ru
co35066.tw1.ru
core.sportsontheweb.net
countries-discovery.gl.at.ply.gg
cp37219.tw1.ru
cp90262.tw1.ru
cr32765.tw1.ru
cs2weaponpaints.ru.s29.hhos.net
cs38450.tw1.ru
cs44110.tw1.ru
ct18031.tw1.ru
ct20978.tw1.ru
ct61476.tw1.ru
ct78524.tw1.ru
cut-peripherals.gl.at.ply.gg
cv83561.tw1.ru
cw18001.tw1.ru
cw42306.tw1.ru
cx04402.tw1.ru
cy10907.tw1.ru
cz23695.tw1.ru
cz34019.tw1.ru
cz69577.tw1.ru
cz91472.tw1.ru
dakdkkldkd.temp.swtest.ru
earth-schedules.gl.at.ply.gg
emerso63.beget.tech
eowgbnoewrgberg.getenjoyment.net
erik16r1.beget.tech
f1068264.xsph.ru
f1080509.xsph.ru
f1081725.xsph.ru
f1083567.xsph.ru
f1085679.xsph.ru
f1085813.xsph.ru
f1085892.xsph.ru
f1086012.xsph.ru
f1088688.xsph.ru
f1090404.xsph.ru
f1090532.xsph.ru
f1090540.xsph.ru
f1096627.xsph.ru
f1099947.xsph.ru
f1100076.xsph.ru
fair-functionality.gl.at.ply.gg
fairwarning.ru
fdgfddgfgfdgfddfggfdfho.ru
fidodido.ddns.net
flash-recovered.gl.at.ply.gg
fluf5ikyan.temp.swtest.ru
fnafbox1gm.temp.swtest.ru
fupnikitag.temp.swtest.ru
g321nosp.beget.tech
gerais481g.temp.swtest.ru
getting-regulation.gl.at.ply.gg
given-neither.gl.at.ply.gg
i99522h5.beget.tech
jocer66c.be
jocer66c.beget.tech
kis2110wnk.temp.swtest.ru
kitai1245-43780.portmap.io
komronbekn.temp.swtest.ru
letaryzipthone.ddns.net
loveme123ru.ru
maxsim87.beget.tech
navalny.top
neittqgmai.temp.swtest.ru
nurlasdxc.atwebpages.com
nurpukan.x10.bz
o-la.gl.at.ply.gg
phentermine-colleagues.gl.at.ply.gg
pobudil.ru
porsik9j.beget.tech
porsikgq.beget.tech
powerinyou.org
pro-ram.gl.at.ply.gg
propere.ru
pw402.castledev.ru
rartwn76g2.temp.swtest.ru
rat.portal2707070.keenetic.pro
registration-delayed.gl.at.ply.gg
rodina.space
rules-binary.gl.at.ply.gg
sigmabioaef.atwebpages.com
skwiz1k133.temp.swtest.ru
stastom01g.temp.swtest.ru
stvann.onlinewebshop.net
summer-malaysia.gl.at.ply.gg
technical-equally.gl.at.ply.gg
these-suites.gl.at.ply.gg
timofezq.beget.tech
up.nemesissoftlab.com
villagerae.temp.swtest.ru
virustotalprotect.mygamesonline.org
vord1x1gma.temp.swtest.ru
wednesday-classified.gl.at.ply.gg
went-postcard.gl.at.ply.gg
whole-contract.gl.at.ply.gg
y0sxz-23886.portmap.host
yariksca.beget.tech

# Reference: https://www.virustotal.com/gui/file/1ae48f847c4102031c47453078508d1006b888890cae7421ab7262b88b52b91f/detection

http://88.214.48.26
88.214.48.26:1414

# Reference: https://x.com/skocherhan/status/1922823068969299980
# Reference: https://www.virustotal.com/gui/file/f4cc83df502e52e7bf58de1f498cc5f5c657eacdc1aebfeaae97258d23726b26/detection
# Reference: https://www.virustotal.com/gui/file/eef569f5ac7602fc56d952f878c2ca5854582085a129e3c5cf683aabf5fa0f12/detection

194.58.33.244:6455
ayugram.one
imgdown.shop
lookthis.space
723499cm.shnyash.ru
update.ayugram.one

# Reference: https://www.virustotal.com/gui/file/8615d7300624d906f0621bcdab4869d895cca8b589d255bc74ededdac131f366/detection

http://89.23.99.246
188.37.160.41:7706

# Reference: https://x.com/JAMESWT_WT/status/1927975973179265369
# Reference: https://www.virustotal.com/gui/file/01481af91d711522c16a205b7d5428cb76251db97a61a72aa5efbd36e156eb9b/behavior

46.173.214.176:7777
fshjaifhajfa.click
hekpaharma.com
hfjaohf9q3.click
hfjwfheiwf.click
jfhaowhfjk.click
partnervrft.com
sevstats.top
sixtestats.top
thirtstat.top
twelvestats.top

# Reference: https://x.com/JAMESWT_WT/status/1928306522880160045
# Reference: https://www.virustotal.com/gui/file/1d681ba797934bd0183e8a324bccc19c1404acd45d70c12828d5cbf0a8342ada/detection

95.182.101.174:7777
bkngnet.com

# Reference: https://x.com/skocherhan/status/1931571964482625903
# Reference: https://www.virustotal.com/gui/file/b16588e0e2c6a0c8ff080ded57abe8159008d040aea78b2e801c17ce79f05863/detection

chakarnaga.com

# Reference: https://censys.com/blog/unmasking-the-infrastructure-of-a-spearphishing-campaign

213.209.150.22:55140
45.141.233.60:55330
dcaw.duckdns.org
dckaws.duckdns.org
dcupdate.duckdns.org
dgflex.duckdns.org
dgost.duckdns.org
drgrootp.duckdns.org
glost.duckdns.org
soscop.duckdns.org

# Reference: https://x.com/1ZRR4H/status/1933008526542008622
# Reference: https://www.virustotal.com/gui/ip-address/146.70.51.42/relations
# Reference: https://www.virustotal.com/gui/file/fbae94dddc8f9655174a03968656459516608bc7144e4a088c7d45aa01ead6c5/detection
# Reference: https://www.virustotal.com/gui/file/b49dfaa0d915524049eb0eed26115dac421cd307551284a054a27cbbdb9aad81/detection
# Reference: https://www.virustotal.com/gui/file/aa8b92535e690da968234d639af28caf881f03ad1f4dcad1c692b846830d0d87/detection

146.70.51.42:3040
envio1010.duckdns.org
envio1919.duckdns.org
envio2020.duckdns.org
envio2121.duckdns.org
envio2222.duckdns.org
envio55.duckdns.org
envio666.duckdns.org

# Reference: https://www.virustotal.com/gui/file/53118724a324f0d1ded9fa9ef77401fcb6ad3fb3c867237f08b3f7b3570ee316/detection

124.198.132.234:666
tao081018.ddnsfree.com

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-06-14)

110.40.77.62:888
111.170.171.242:8080
114.66.58.133:8995
13.48.133.107:1024
143.92.48.130:8000
143.92.48.133:8000
143.92.48.137:8000
146.70.51.74:3000
146.70.51.74:5000
156.234.114.138:888
156.234.114.139:888
156.234.114.140:888
156.234.114.141:888
156.234.114.142:888
172.111.182.5:2025
172.190.216.61:8081
172.94.111.105:8848
172.94.111.195:8848
173.249.29.108:8000
176.143.53.10:81
176.65.137.186:2118
176.65.137.186:3000
176.65.137.186:5000
176.65.138.30:6204
179.13.1.144:8081
179.13.10.232:8080
179.13.11.235:2248
179.13.7.0:8010
181.131.217.135:9002
181.206.158.190:1000
181.235.5.14:8090
186.169.35.50:8010
186.169.63.145:8090
186.169.87.231:8090
186.169.95.151:8090
193.26.115.124:8848
193.26.115.156:8848
201.220.163.234:99
203.104.42.92:2234
217.154.216.29:2030
217.18.210.142:1995
24.205.128.150:2004
27.124.2.7:114
5.200.249.139:22
5.252.153.181:7000
64.20.59.130:7000
74.48.49.233:8080
94.26.90.82:4444

# Reference: https://x.com/smica83/status/1938510562566238429
# Reference: https://www.virustotal.com/gui/file/c0e219359c8e6e755ce8e4db6233554e79980e7519519f17e6a1b388275138d7/detection

37.187.37.111:5555
ofkkfd24.work.gd

# Reference: https://www.virustotal.com/gui/file/50599fdad90eb6b31e8f23ec9dbd01f4a9bb0c050054f6eed861fd0643aba1b0/detection

http://5.252.155.185

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-07-26)

103.20.102.180:8848
103.230.69.188:6000
108.165.100.252:9898
146.19.215.141:9090
148.178.18.39:8000
171.22.31.199:9000
179.13.0.54:8081
181.235.10.10:8010
185.242.5.90:4040
186.169.36.120:8090
186.169.61.249:8090
23.94.99.5:8848
37.187.37.111:9999
45.141.26.64:1160
46.246.12.5:2003
46.246.12.7:3000
46.246.12.7:5000
46.246.4.7:5000
46.246.82.3:5000
46.246.82.4:3000
46.246.82.7:1963
46.246.84.22:3000
46.246.84.2:5000
47.113.229.193:8080
85.208.84.26:8808
86.54.42.116:8855
86.54.42.147:6699
86.54.42.17:8854
86.54.42.17:8855
94.141.122.114:1337
98.66.208.234:1024

# Reference: https://x.com/RexorVc0/status/1955878647220281669
# Reference: https://www.virustotal.com/gui/ip-address/146.70.137.90/relations
# Reference: https://www.virustotal.com/gui/file/2e82689cc5a2d9beb0bce4da3330122e5cad896a04b1296c5fb9b54fe3e92f52/detection
# Reference: https://www.virustotal.com/gui/file/1987ff3d881dbe2ee399c5e2df37c6223f80f6a217776380861a64d1e20d9595/detection

146.70.137.90:3020
envio05-06.duckdns.org
envio14-05.duckdns.org
envio15-005.duckdns.org
envio16-05.duckdns.org
envio19-055.duckdns.org
envio20-05.duckdns.org
envio21-005.duckdns.org
envio23-05.duckdns.org
envio25-04.duckdns.org
envio6-06.duckdns.org
usooo205.duckdns.org

# Reference: https://www.virustotal.com/gui/file/76a7abda8935c4bdd714601830fcffe581a0fc5cc6e7898309cb4de7d614d936/detection

142.202.191.102:8848
saynomoreplz.1cooldns.com

# Reference: https://www.virustotal.com/gui/file/f5de4a64544531993e7985b43eeb96b21ca7b33f5f12136f260eeb60e190fa0b/detection

186.169.63.216:7645
quasar12agos.duckdns.org

# Reference: https://x.com/skocherhan/status/1958833100823175433
# Reference: https://www.virustotal.com/gui/file/7eff5e9a93dd90f0151ea02e0e8b29db775258e353823218668ee6041fda57cc/detection
# Reference: https://www.virustotal.com/gui/file/bb4c4b228883ee62437050385b77285de9cc0862e8d9904cc9c7706697790045/detection

seguroagost21.duckdns.org

# Reference: https://www.virustotal.com/gui/file/e64b1e9366a0e779367263374c5f57a85616a8809e1cdeb4df55164e1eea9fa4/detection

agostodc20.duckdns.org

# Reference: https://www.virustotal.com/gui/file/c838824b005e8fee11b87d19be65f62a895be28dca962a70c2aac42b97290212/detection

94.154.35.160:8848
cardvaultcc.com
ohmy0hs.dynuddns.net

# Reference: https://www.virustotal.com/gui/file/895fac78d58af96575f3cdbcaa3d716e6b861a21a616ae1d84777d61682f7db3/detection

coquitoxxx.dynuddns.net

# Reference: https://x.com/smica83/status/1962050910760174004
# Reference: https://www.virustotal.com/gui/ip-address/94.154.35.160/relations
# Reference: https://www.virustotal.com/gui/file/1311118fcad1d976e50d8013f652ccea7e356a8c065ebc1a6a24de8094114503/detection

0hteas1.dynuddns.com
koketexx.dynuddns.net
otoekekasa233.dynuddns.com
putaleamadreeeee.dynuddns.net
toktotkttok244.dynuddns.net
tururleca41414.dynuddns.net

# Reference: https://x.com/FalconFeedsio/status/1962494410471739490
# Reference: https://www.virustotal.com/gui/file/7d406ea4f3c94f86228662495df35517c89df991b672eb804d5ec796fa0a2a63/detection
# Reference: https://www.virustotal.com/gui/file/69c701375910e21a3ce02a97f8cd53be662da5f160e1f219f9eb3ea4ca148b0b/detection

http://92.53.96.145
ca40866.tw1.ru
/8aabfefb.php

# Reference: https://www.virustotal.com/gui/file/104da4a6a9f13d9b3c36e71838fbe5adf66dbaa68f2ae4b4a7067c9511ca3cac/detection

186.169.40.245:1515
dcrat0106.duckdns.org

# Reference: https://app.validin.com/detail?find=31agosto.vbs&type=dom&ref_id=7c6cac13d30#tab=host_pairs (# 2025-09-15)

dcoctubre9.duckdns.org
dcsosrat.duckdns.org
hijosdeperra.duckdns.org

# Reference: https://www.virustotal.com/gui/file/4e9fe0cea90778a4b8ea1c2748e6084cf15f9c288fda2daf8dc5d31dd7fc3db1/detection

186.169.73.108:7645

# Reference: https://app.validin.com/detail?find=sostener1.vbs&type=dom&ref_id=313f3cd9a6e#tab=host_pairs (# 2025-09-15)

http://158.94.209.243

# Reference: https://www.virustotal.com/gui/file/8635b498be98d750486f1a5e832bb862fe8c2248e983435546459bf101632221/detection

23.160.168.165:7096
johnsonbarbor.ddns.net

# Reference: https://www.virustotal.com/gui/file/6947dc1c5a2bc28eb7dc2ef49f3ee0b3565a22a9f4b4d5f1c6ce5e63387cf63d/detection

178.16.53.106:3232

# Reference: https://x.com/smica83/status/1970587113872875771
# Reference: https://tria.ge/250923-zapseaer2y/behavioral2
# Reference: https://www.virustotal.com/gui/ip-address/124.198.132.234/relations

amercansecurityog.workisboring.com
instantaoprime.dynuddns.net
southgangfree.ooguy.com
taohh081018.zapto.org

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-10-05)

1.15.25.105:8000
100.42.176.116:4333
103.20.102.130:8848
103.20.102.255:8848
103.236.70.158:8000
104.194.153.225:6000
104.194.154.152:6000
104.194.154.152:7000
104.194.154.161:6000
104.194.154.161:7000
124.156.225.126:8848
146.70.215.50:5000
148.178.16.11:8000
154.64.254.216:9090
163.227.239.216:6000
167.160.161.43:1888
172.94.111.217:8898
177.255.88.14:8081
178.16.53.2:7777
178.73.218.16:3000
178.73.218.5:5000
178.73.218.6:1963
178.73.218.9:2003
179.13.4.196:8080
179.13.4.92:8080
181.235.3.119:8092
185.18.222.5:8848
185.208.159.208:4000
190.255.85.13:4100
191.91.178.101:8081
191.91.178.217:1521
192.159.99.13:8848
196.251.72.146:1597
20.199.80.166:1024
207.174.1.242:6667
213.14.158.35:5050
217.131.34.203:2000
23.237.106.61:9999
23.27.169.64:8848
23.27.52.175:9898
4.248.184.170:8080
42.96.11.48:8848
45.133.180.154:2296
45.133.180.154:4000
45.153.34.67:9977
46.246.12.7:1963
46.246.14.17:3000
46.246.14.2:1963
46.246.14.4:1963
46.246.14.7:5000
46.246.4.22:5000
46.246.4.2:2003
46.246.4.2:4000
46.246.6.14:1963
46.246.6.16:2003
46.246.6.16:5000
46.246.6.18:1963
46.246.6.20:2003
46.246.6.20:3000
46.246.6.22:1963
46.246.6.22:5000
46.246.6.2:2003
46.246.80.14:3000
46.246.80.7:3000
46.246.82.12:1963
46.246.82.12:5000
46.246.82.15:3000
46.246.82.2:1963
46.246.84.12:1963
46.246.84.12:3000
46.246.84.12:4000
46.246.84.21:1963
46.246.86.13:5000
46.246.86.3:2003
46.246.86.6:5000
61.158.72.86:8848
74.124.24.240:8000
8.211.156.87:443
83.147.37.31:555
88.247.16.132:4788
94.154.35.114:9999

# Reference: https://threatfox.abuse.ch/browse/malware/win.dcrat/ (# 2025-10-05)

http://108.165.164.231
http://109.172.6.232
http://109.69.58.22
http://144.172.94.186
http://146.185.239.29
http://147.78.67.188
http://149.154.69.131
http://18.193.74.212
http://185.246.65.153
http://188.208.103.26
http://193.23.3.32
http://193.233.126.53
http://193.233.126.60
http://195.62.49.187
http://202.181.148.70
http://45.150.34.142
http://62.109.31.71
http://80.49.182.145
http://82.24.200.65
http://83.166.244.118
http://83.217.208.37
http://83.217.220.30
http://85.209.2.63
http://89.150.35.144
http://89.38.128.49
http://91.92.46.53
http://92.42.99.73
http://93.123.84.204
http://95.215.56.233
102.46.109.60:4445
103.112.99.205:8888
103.171.34.67:8080
103.171.34.67:9999
103.97.178.163:10086
104.194.154.39:7000
104.243.35.242:8000
107.150.0.29:6696
107.150.0.29:7778
110.42.61.91:8997
111.180.190.199:18008
111.92.240.189:443
111.92.240.215:443
111.92.240.219:443
112.213.108.154:443
112.213.108.176:443
112.213.123.48:1337
115.91.26.119:6000
115.91.26.119:6005
115.91.26.119:9999
116.203.56.216:8060
116.211.150.196:1234
118.107.46.82:443
118.107.46.92:443
118.107.46.97:443
121.127.246.231:443
137.184.46.150:5545
137.220.152.126:9091
137.220.154.104:8081
137.220.154.120:8081
138.2.16.164:8060
140.245.40.189:8060
141.8.199.79:7777
143.92.51.102:443
146.59.156.28:4444
146.70.215.45:25565
146.70.215.50:3000
147.185.221.18:51207
147.185.221.18:6969
147.185.221.29:30601
147.185.221.29:62304
147.185.221.29:63482
147.185.221.31:4510
147.45.45.130:3232
148.66.21.234:403
148.66.21.235:403
148.66.21.236:403
148.66.21.237:403
148.66.21.238:403
152.228.206.127:22
154.12.87.24:8000
154.205.10.197:4444
154.44.186.53:3112
154.83.211.234:65503
154.83.211.77:65503
156.253.13.10:4444
170.82.207.50:9090
172.203.240.47:8888
176.65.137.186:8090
178.16.53.2:4444
178.250.186.16:8888
178.73.218.6:3000
179.13.11.235:2143
181.206.158.190:9000
181.206.158.190:9002
185.156.72.67:6565
185.185.70.248:7777
185.221.215.43:7777
185.221.215.43:8888
188.34.155.101:7575
194.60.231.178:22
194.62.248.177:8848
194.87.238.216:4444
194.87.238.216:8888
195.133.49.180:8888
195.66.114.70:8888
196.251.80.106:8080
2.59.161.168:7777
2.59.161.75:4444
2.59.161.75:8888
206.119.174.116:443
206.119.174.117:443
206.119.174.118:443
206.206.126.179:22
206.238.40.189:65503
213.171.5.199:4444
213.226.125.85:7777
23.27.169.64:9898
23.94.232.5:3232
24.18.111.156:4444
3.69.157.220:13372
31.56.39.138:443
31.57.38.194:4949
31.57.46.108:7777
31.57.55.16:65503
31.57.55.69:65503
31.57.55.85:65503
31.58.58.26:7777
35.222.231.196:4000
37.114.63.27:4444
37.187.37.111:7777
37.27.220.239:8060
38.69.14.226:3232
43.226.17.43:8018
43.226.17.46:8018
43.226.17.50:8018
43.250.175.218:8080
45.141.87.243:4444
45.141.87.243:8888
45.146.255.160:4449
45.149.172.66:8060
45.153.34.67:2000
45.204.207.236:2323
45.204.207.236:8888
45.204.218.149:65503
45.91.8.136:4444
45.91.8.136:7777
45.91.8.136:8888
46.173.214.158:4444
46.173.214.158:8888
46.173.214.61:8888
46.173.214.64:8888
46.173.214.8:8888
46.246.12.7:2003
46.246.6.16:1963
46.246.6.9:1963
46.246.6.9:3000
46.246.80.14:1963
46.246.82.10:2003
46.246.82.13:3000
47.159.136.79:3232
47.243.67.46:8888
47.245.111.218:8081
62.60.187.17:8888
66.63.187.20:8080
77.110.112.33:8888
77.132.88.57:8848
78.135.82.65:7777
78.135.82.65:8888
8.148.178.255:18008
81.250.127.67:8080
83.136.209.153:3012
83.147.247.70:7777
85.208.9.145:4449
85.239.40.214:443
86.54.42.116:8854
86.54.42.116:8857
86.54.42.17:8857
87.248.145.252:8848
89.106.1.57:4444
89.34.230.109:8080
89.35.130.147:5810
89.35.130.147:58819
90.12.18.30:4444
92.112.127.237:4449
92.118.113.110:7777
93.127.138.116:1111
96.9.124.195:2404
98.80.102.215:8888
nyash.es
nyashk.ru
nyashru.ru
nyashvibe.ru
nyashware.ru
shnyash.ru
003659cm.nyash.es
020854cm.nyashvibe.ru
027894cm.nyash.es
055871cm.nyash.es
064790cm.nyash.es
075229cm.nyash.es
075641cm.nyashvibe.ru
120907cm.nyash.es
132961cm.nyash.es
144403cm.nyash.es
162838cm.nyashvibe.ru
167472cm.nyashru.ru
201906cm.nyash.es
223451cm.nyashvibe.ru
239024cm.nyash.es
247471cm.nyash.es
304542cm.nyashware.ru
346720cm.nyashvibe.ru
357129cm.nyash.es
387780cm.nyashvibe.ru
391316cm.nyashvibe.ru
402317cm.nyashvibe.ru
404830cm.nyashvibe.ru
407440cm.nyash.es
413426cm.nyash.es
431188cm.nyashvibe.ru
453971cm.nyash.es
463957cm.nyash.es
476301cm.nyashk.ru
512920cm.nyash.es
516063cm.nyash.es
530182cm.nyashvibe.ru
539068cm.nyashvibe.ru
542733cm.nyash.es
543672cm.nyashvibe.ru
590178cm.nyashvibe.ru
603646cm.nyashvibe.ru
706858cm.nyashvibe.ru
715239cm.nyashvibe.ru
716244cm.nyashvibe.ru
724499cm.renyash.top
726346cm.nyash.es
730294cm.nyashvibe.ru
737347cm.nyash.es
776162cm.shnyash.ru
841333cm.nyash.es
843801cm.nyashvibe.ru
881035cm.nyashvibe.ru
892408cm.nyash.es
901730cm.nyash.es
929693cm.nyash.es
982361cm.nyash.es
a0595798.xsph.ru
a0747299.xsph.ru
a0924483.xsph.ru
a0931898.xsph.ru
a0991666.xsph.ru
a0992716.xsph.ru
a1055919.xsph.ru
a1078194.xsph.ru
a1080242.xsph.ru
a1097913.xsph.ru
a1104725.xsph.ru
a1107667.xsph.ru
a1108904.xsph.ru
a1112546.xsph.ru
a1113081.xsph.ru
a1114067.xsph.ru
a1114094.xsph.ru
a1115856.xsph.ru
a1119311.xsph.ru
a1120527.xsph.ru
a1120742.xsph.ru
a1121106.xsph.ru
a1121348.xsph.ru
a1121500.xsph.ru
a1124682.xsph.ru
a1125912.xsph.ru
a1128455.xsph.ru
a1129386.xsph.ru
a1130104.xsph.ru
a1130357.xsph.ru
a1130764.xsph.ru
a1130890.xsph.ru
a1133268.xsph.ru
a1133485.xsph.ru
a1134815.xsph.ru
a1135341.xsph.ru
a1136426.xsph.ru
a1136728.xsph.ru
a1136783.xsph.ru
a1136805.xsph.ru
a1136850.xsph.ru
a1137989.xsph.ru
a1138040.xsph.ru
a1138046.xsph.ru
a1138565.xsph.ru
a1139064.xsph.ru
a1139089.xsph.ru
a1139192.xsph.ru
a1139452.xsph.ru
a1139671.xsph.ru
a1139694.xsph.ru
a1139711.xsph.ru
a1141375.xsph.ru
a1141531.xsph.ru
a1141936.xsph.ru
a1143266.xsph.ru
a1144783.xsph.ru
a1144817.xsph.ru
a1144925.xsph.ru
a1147050.xsph.ru
a1148213.xsph.ru
a1153936.xsph.ru
a1154992.xsph.ru
a1155862.xsph.ru
a1155962.xsph.ru
a1155967.xsph.ru
a1156364.xsph.ru
a1156498.xsph.ru
a1156681.xsph.ru
a1158558.xsph.ru
a1160130.xsph.ru
a1160620.xsph.ru
a1160686.xsph.ru
a1160945.xsph.ru
a1161183.xsph.ru
a1161282.xsph.ru
a1163093.xsph.ru
a1163330.xsph.ru
a1163354.xsph.ru
a1163794.xsph.ru
a1163876.xsph.ru
a1163887.xsph.ru
a1164019.xsph.ru
a1164274.xsph.ru
a1164290.xsph.ru
a1164361.xsph.ru
a1164480.xsph.ru
a1164989.xsph.ru
a1165341.xsph.ru
a1165370.xsph.ru
a1165381.xsph.ru
a1166255.xsph.ru
a1167258.xsph.ru
a1167812.xsph.ru
a1168056.xsph.ru
a1168763.xsph.ru
a1168949.xsph.ru
adobesystem.duckdns.org
ads-leaf.gl.at.ply.gg
affiliate-47437.portmap.io
animals713.temp.swtest.ru
anthonymus.temp.swtest.ru
aodwahszxo.temp.swtest.ru
asdyaeblan.temp.swtest.ru
ban1zons.beget.tech
batyatj6.beget.tech
bprof.dobriyk8.beget.tech
ca26973.tw1.ru
ca33575.tw1.ru
ca44340.tw1.ru
ca54422.tw1.ru
cable-knife.gl.at.ply.gg
cancersincura02.ddns.net
cancersincura03.ddns.net
cancersincura04.ddns.net
cancersincura05.ddns.net
cancersincura06.ddns.net
cancersincura07.ddns.net
cancersincura08.ddns.net
cancersincura09.ddns.net
cancersincura10.ddns.net
cancersincura11.ddns.net
cancersincura12.ddns.net
cancersincura13.ddns.net
cancersincura14.ddns.net
cancersincura15.ddns.net
catlavanng.temp.swtest.ru
cb25083.tw1.ru
cb74197.tw1.ru
cc18300.tw1.ru
cc81860.tw1.ru
cd41415.tw1.ru
cd52577.tw1.ru
cd53575.tw1.ru
cd58767.tw1.ru
cd66377.tw1.ru
ce12403.tw1.ru
ce84720.tw1.ru
ce99157.tw1.ru
cf01909.tw1.ru
cf33425.tw1.ru
cf39442.tw1.ru
cf46796.tw1.ru
cg22156.tw1.ru
cg34141.tw1.ru
cg41011.tw1.ru
cg93942.tw1.ru
cg95189.tw1.ru
cg97957.tw1.ru
ch25498.tw1.ru
ci03912.tw1.ru
ci33128.tw1.ru
ci35578.tw1.ru
ci52171.tw1.ru
ci77996.tw1.ru
ci82856.tw1.ru
cj05317.tw1.ru
cj13224.tw1.ru
cj22621.tw1.ru
cj46418.tw1.ru
cj74400.tw1.ru
ck06120.tw1.ru
ck11102.tw1.ru
ck63922.tw1.ru
ck68098.tw1.ru
cl07667.tw1.ru
cl14976.tw1.ru
cl84177.tw1.ru
cm31471.tw1.ru
cm41241.tw1.ru
cm76089.tw1.ru
cn12257.tw1.ru
cn71919.tw1.ru
cn85153.tw1.ru
co22720.tw1.ru
co34970.tw1.ru
co55281.tw1.ru
cp16932.tw1.ru
cp71691.tw1.ru
cq24072.tw1.ru
cq68815.tw1.ru
cr48547.tw1.ru
cr60627.tw1.ru
cs16566.tw1.ru
cs37962.tw1.ru
cs61835.tw1.ru
cs99879.tw1.ru
ct51064.tw1.ru
ct75800.tw1.ru
ct82487.tw1.ru
ct83204.tw1.ru
ct87061.tw1.ru
cu03417.tw1.ru
cu08926.tw1.ru
cu10874.tw1.ru
cu21409.tw1.ru
cu95767.tw1.ru
cv09400.tw1.ru
cv16139.tw1.ru
cv34454.tw1.ru
cv83502.tw1.ru
cv88767.tw1.ru
cv98306.tw1.ru
cw15693.tw1.ru
cw56267.tw1.ru
cx12805.tw1.ru
cx74809.tw1.ru
cx98298.tw1.ru
cy63408.tw1.ru
cy69121.tw1.ru
cy94611.tw1.ru
cz08047.tw1.ru
cz11730.tw1.ru
cz27224.tw1.ru
cz48006.tw1.ru
cz52511.tw1.ru
cz57985.tw1.ru
cz75749.tw1.ru
cz77268.tw1.ru
cz93437.tw1.ru
darwinnet.atwebpages.com
dc.tseytlin.su
decena10.duckdns.org
deer75432a.temp.swtest.ru
dm17549502.temp.swtest.ru
dobriydl.beget.tech
eliteaffiliate-24198.portmap.io
envio30-09.duckdns.org
etogavno.ru
exteriumsiteofficial.atwebpages.com
f1096594.xsph.ru
f1150727.xsph.ru
f1155683.xsph.ru
f1159963.xsph.ru
ffffgmail2.temp.swtest.ru
follow-solved.gl.at.ply.gg
football-confident.gl.at.ply.gg
forgta135g.temp.swtest.ru
fsdas3421fds.x10.mx
galikgalil.temp.swtest.ru
ghetto5f.beget.tech
gopgop21.beget.tech
horse18643.temp.swtest.ru
itself-thou.gl.at.ply.gg
jksban.duckdns.org
ladniskoy2.temp.swtest.ru
length-coverage.gl.at.ply.gg
litkosbj.beget.tech
lol.proxxied.serv00.net
megavdslolkekcheburek.atwebpages.com
merilcraft.ru
n-survivors.gl.at.ply.gg
negrickma2.temp.swtest.ru
nitelume.shop
nyash.es
nyashteamshop.online
nyashteamshop.ru
nyashvibe.ru
pavlovski3.temp.swtest.ru
piotr2222-40866.portmap.host
pw577.castledev.ru
qwekqcwiomz.atwebpages.com
resolver.qcopy.lol
ripme.ru.swtest.ru
sashad4w.beget.tech
sep1809.duckdns.org
sgbusibo.beget.tech
sigmaboy.com.swtest.ru
siymik2037.temp.swtest.ru
teamvievwerup.duckdns.org
tel-dv.gl.at.ply.gg
ulljq8tna.localto.net
uzbekovda2.temp.swtest.ru
which-submission.gl.at.ply.gg
x1le.atwebpages.com
xxnxxxx-38365.portmap.io
zerhoeqcdx.temp.swtest.ru


# Generic trails

/DCRS/dsock/
/DCRS/index.php
/DCRS/main.php
/ExternalDbtesttrack.php
/externalLowgeotrack.php
/externalVideoBasetest.php
/lineTosecureapi.php
/packetlowcpuProtect.php
/PipePacketDbLinuxFlower.php
/PollGameServerUniversal.php
/videoToLowtest.php
/212bad81b4208a2b412dfca05f1d9fa7.php
/2d02004c59e9a1f5d7d2a313711996eaafd017e3.php
/56743785cf97084d3a49a8bf0956f2c744a4a3e0.php
/fd1845d9489997784fcdca5feff97ba2a4cb81e5.php
/akcii239myzon0xwjlxqnn3b34w/
/46kqbjvyklunp1z56txzkhen7gjci3cyx8ggkptx25i74mo6myqpx9klvv3/
/ksezblxlvou3kcmbq8l7hf3f4cy5xgeo4udla91dueu3qa54/
/98ylfy7k5pip6yuvr84qv7jb9v/
/r28anfb76lulvjxx7mdxcxa1yz7jfvt4pi5njv7ekeqrnmfh3vaic2y1rd3i488ah0uvo/
/jyba2srpuv77j5f41hv215o9m7czm84v8i9dt30tb2ntgrw45xoojrhukd606vtla3xdbx0xqppwczn/
/f5b75b6939d095db0eaf37fdfecac963030f7aa1.php
/g8vsjcvnifd9gvlbbyb1ucmozewmyptloe5coey74juv1p1r0s/
/wih70f23q9voven47mcjf9q/
/c596a246010ddf201f7264927e5c39b8d20eba79.php
/98ylfy7k5pip6yuvr84qv7jb9v/
/r28anfb76lulvjxx7mdxcxa1yz7jfvt4pi5njv7ekeqrnmfh3vaic2y1rd3i488ah0uvo/
/e59293a35848addcc181d5a0ab38266868d77ff4.php
/2nwsr5yiv4oi4zfjoduq2ettv6rwkao/
/e5qx69ffszv9vbudkm/
/d6d4cbd9296a555615601b85dedaceaffd7120b5.php
/9rf1tdedhn5u6lrzm79afxj0gl48tstycq2szp8/
/1ce78a902db7a61523b13afcb20d91f8.php
/rb7u7g360qkxfkhcd/
/8e6k8lyhijw1y8aehkxbkytcoligdz2xc6pzmg49frcndn2kd63ejjrfnqwf6xsw9mo74ly5tr5i15m0z1acma4/
/44ab0bfd824936290de450263b2aaa06b01412a9.php
/38ad2f43f6b9c1367674eb1b7f1db337.php
/hyhwe8lxnty/j07u3xb0zwfka8ohvggymgmz/8d62d1a2a79fe42b5a214943336f449f2c83f18d.php
/hyhwe8lxnty/j07u3xb0zwfka8ohvggymgmz/
/hyhwe8lxnty/
/j07u3xb0zwfka8ohvggymgmz/
/8d62d1a2a79fe42b5a214943336f449f2c83f18d.php
/c76ae15161b4078c040462271a89caa06686cf38.php
/twwhd4iu597yifaawuodsmuedbq3vm4754g8nko19l8rgk3f24jklz3ynngosa6q6jtx0gmb5l1vpps5zcit6pzt/
/og7th0bl0euzfxawae8yx/zm4lw7zacc7uxbb52b5p11up338yia5q6/207d160bdae62c6cd38c8d66bad1e59246befd46.php
/og7th0bl0euzfxawae8yx/zm4lw7zacc7uxbb52b5p11up338yia5q6/
/og7th0bl0euzfxawae8yx/
/zm4lw7zacc7uxbb52b5p11up338yia5q6/
/207d160bdae62c6cd38c8d66bad1e59246befd46.php
/7Voiddb8Image/VmToJsTrackCentral.php
/7Voiddb8Image/
/VmToJsTrackCentral.php
