# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://github.com/eset/malware-ioc/tree/master/sshdoor

http://198.23.187.46
http://94.75.207.3
176.9.47.34:28739

# Reference: https://twitter.com/ESETresearch/status/1410864752948043778
# Reference: https://twitter.com/ESETresearch/status/1410864779229548546
# Reference: https://www.virustotal.com/gui/file/0bff46518b35ddfe37f4a7820286aab829d81f1480d9eeca5aaedc9ceda6724f/detection
# Reference: https://www.virustotal.com/gui/file/be97d7ae3b2d876f027d99d8d61dbca92513f4975336c2ebc26cf8a0839b67b6/detection

45.67.230.53:443

# Reference: https://twitter.com/r3dbU7z/status/1584713099806126080
# Reference: https://www.virustotal.com/gui/file/3eac3dce42c59c37a826537f4f3b9c580db2d18d09df1fc23cd45d4f8309ac63/detection

http://181.115.207.243
181.115.207.243:443
3.133.207.110:17715
3.136.65.236:17715
3.138.180.119:17715
/hS7PV4gUa-XphOiGisRung-yxu84TF5wsYDHEtrIBL

# Reference: https://twitter.com/1ZRR4H/status/1774355839165280493
# Reference: https://twitter.com/1ZRR4H/status/1774356908897419376
# Reference: https://www.virustotal.com/gui/file/910077fa834a5a156c40c9dba7637611522c248b1b32d32fef23b42dfab11896/detection
# Reference: https://www.virustotal.com/gui/file/7c636f1c9e4d9032d66a58f263b3006788047488e00fc26997b915e9d1f174bf/detection

http://45.133.74.48
147.45.40.125:9999
45.133.74.48:22
77.221.137.93:4444
shield.surf
aeza.shield.surf
tratata.shield.surf

# Reference: https://threatfox.abuse.ch/browse/tag/SSH-C2/ (# 2024-04-16)

103.174.73.85:9900
134.255.218.111:1337
134.255.218.111:8081
141.98.7.218:1337
141.98.7.237:1337
147.135.119.43:1337
147.135.119.43:8081
15.204.12.150:1337
15.235.149.123:9999
162.214.103.215:2052
162.214.103.216:2052
172.65.152.34:22
185.196.8.230:1337
185.254.198.211:9900
193.34.69.249:1337
209.141.50.91:1337
209.141.59.146:1337
209.141.62.176:1337
45.128.232.185:1337
45.128.232.219:1337
45.133.74.121:1337
5.181.80.35:999
51.38.67.91:888
51.81.0.240:666
51.89.30.114:9999
64.95.13.160:10000
89.187.28.15:2222
94.156.66.16:1337
94.156.66.184:1337
94.156.66.225:1337
94.156.67.43:1337
94.156.67.74:1337
94.228.168.28:1337
pickthecotton.xyz
royalparac2.xyz
royalparadisec2.xyz
zopz-api.com

# Reference: https://urlhaus.abuse.ch/browse.php?search=6f1bbcaa6efc41ee257919a85acc9ea5b1f82c8def103e39629e0b5161800ccc

http://14.165.172.148
http://14.245.204.22

# Reference: https://pastebin.com/JGcvfvAJ

http://188.92.72.129
http://188.92.79.110
http://188.92.79.115
http://188.92.79.116
http://92.118.39.81

# Reference: https://threatfox.abuse.ch/browse/tag/SSH-C2/ (# 2024-09-22)

103.178.234.178:9900
103.211.201.207:9900
103.69.96.242:9900
109.120.157.133:1337
109.120.157.133:666
109.120.157.133:777
141.98.7.23:25565
142.44.236.7:15017
146.59.34.134:1337
147.182.227.94:1337
152.42.244.186:1337
158.51.96.150:1225
158.51.96.150:6969
158.69.129.106:25565
158.69.129.110:10000
159.65.82.152:1337
167.114.127.88:25565
167.114.127.94:25565
185.112.83.65:888
185.208.158.103:1337
185.208.158.145:1337
191.96.94.56:1337
198.251.81.118:1337
198.251.83.208:222
198.27.107.173:1337
198.50.207.22:10000
198.98.53.133:1337
202.158.249.20:1337
209.141.33.129:1337
209.141.39.25:222
209.141.43.48:1337
217.144.184.45:1337
37.114.46.120:2052
37.114.56.86:1337
41.216.183.210:1337
45.11.229.162:1337
45.137.198.11:1337
45.137.207.152:1337
45.14.245.240:9900
45.148.244.127:1337
45.202.33.16:1337
45.45.237.115:10000
45.90.12.127:1337
45.90.12.217:1337
45.90.12.81:1337
45.90.13.246:1337
45.95.169.33:1337
5.39.34.47:187
5.39.34.47:222
5.42.100.115:1337
51.222.196.58:808
51.254.156.24:10000
51.38.93.187:888
51.68.202.203:1337
51.75.166.195:1337
51.77.74.141:1337
51.81.228.213:888
51.81.230.244:9090
51.81.38.136:1337
51.81.69.5:1225
51.81.69.5:6969
57.128.159.119:5050
62.182.84.156:4040
64.176.217.111:1337
66.78.40.115:1337
68.183.180.68:1337
69.30.200.99:4398
77.105.146.225:1010
77.221.148.78:1337
77.221.151.154:1337
77.221.156.254:7070
77.91.66.27:1337
77.91.66.67:10000
78.40.116.170:1337
79.137.202.45:1337
79.137.203.182:1337
83.147.29.35:1337
83.168.110.33:1337
83.168.69.39:1337
83.168.69.39:6969
85.192.56.249:999
89.208.103.203:4122
91.92.244.41:6969
91.92.247.71:1337
91.92.255.205:1337
92.246.138.78:1337
92.249.48.17:1337
92.249.48.65:1337
94.156.66.163:1337
94.156.66.184:10000
94.156.66.205:1337
94.156.66.84:1337
95.214.27.140:1337
95.214.27.200:1337
95.214.27.230:1337
95.214.27.242:1337
admin.craftsteal.me
advisors.hardbacon.ca
atov.xyz
backup-drrugs.xyz
cad-capostoa-aa.top
canada-capost-aee.top
canada-capost-bb.com
canada-capost-bee.top
canada-capost-dd.com
canada-capostoa.top
connectionrandom.xyz
correo-paraguayotb.top
drupbox.com
frostedservices.us
gdew59.scma.zorinmc.tech
gg-net.cc
gob-pe-seepost.top
hyperleaks.xyz
it.sakel.eu
kymev.com
kymev.coma
logicc2.com
login.wrldsecurity.ru
luciferc2.net
medusa-network.sbs
mta01.jjp59.com
node.craftsteal.me
omerta-btc.com
panel.austria-host.de
proxy-c2.online
proxy.kaitenc2.de
rxqtxyz.xyz
streaming.siciliavera.com
tcp-connect.xyz
tcp-proxy.live
usreorj.com
usreorm.com
usreory.com
vanilla.vin
weeping.lol
wireguard.wtools.us
zelrvn.xyz
ziw.tyblue.net

# Reference: https://urlhaus.abuse.ch/browse/tag/sshdkit/ (# 2024-09-23)

http://102.216.105.81
http://103.42.198.20
http://104.131.131.50
http://104.131.237.245
http://109.69.8.230
http://113.165.173.221
http://116.103.156.94
http://116.103.163.15
http://116.105.113.118
http://117.202.0.15
http://117.202.0.54
http://121.202.143.135
http://125.168.166.40
http://14.165.170.160
http://14.176.160.169
http://14.245.201.19
http://147.182.177.199
http://149.248.44.196
http://161.43.205.67
http://172.115.81.23
http://173.255.230.192
http://182.239.84.154
http://182.239.84.156
http://182.239.84.210
http://182.239.84.86
http://182.239.84.87
http://182.239.84.88
http://182.239.84.89
http://183.171.48.228
http://194.105.59.47
http://2.54.83.23
http://2.55.116.44
http://2.57.122.121
http://202.3.248.178
http://202.3.248.179
http://219.70.106.89
http://36.67.155.2
http://36.95.166.82
http://45.32.126.172
http://45.55.115.133
http://45.77.247.71
http://45.79.100.217
http://45.79.190.114
http://46.125.89.13
http://50.116.26.12
http://62.12.138.141
http://66.70.242.174
http://68.183.74.40
http://77.211.17.249
http://78.132.114.66
http://79.124.49.158
http://83.224.163.3
http://86.221.95.134
http://86.93.35.33
http://90.117.44.182
http://91.39.188.217
http://95.182.31.10
http://95.230.215.65
http://95.47.248.146
1.179.62.255:8080
1.179.62.255:8081
102.165.122.114:6100
102.223.106.188:8025
102.223.106.188:9023
102.23.88.134:8082
102.23.88.134:8083
103.42.198.103:1025
103.42.198.106:1025
103.42.198.20:1025
107.145.144.57:5180
109.127.9.41:81
109.127.9.41:82
109.158.46.249:94
109.158.46.249:95
109.69.8.230:7878
109.69.8.230:8080
111.75.151.121:8888
113.160.251.236:8080
113.165.5.209:8080
115.160.162.10:4500
115.72.178.33:8081
115.79.183.216:8082
117.216.139.132:2008
117.216.139.218:2002
117.241.74.26:2002
118.69.157.212:9111
118.69.157.212:9112
118.69.157.212:9114
118.71.172.12:8080
119.13.179.133:8081
119.13.179.180:8080
119.13.179.180:8081
119.13.179.183:8080
119.13.179.183:8081
119.13.179.184:8080
119.13.179.184:8081
119.13.179.185:8080
119.13.179.185:8081
119.13.179.186:8080
119.13.179.186:8081
119.13.179.187:8080
119.13.179.187:8081
119.13.179.189:8080
119.13.179.189:8081
119.13.179.191:8081
119.13.179.215:8080
119.13.179.215:8081
119.13.179.222:8080
119.13.179.222:8081
119.13.179.227:8080
119.13.179.227:8081
119.13.179.75:8080
119.13.179.78:8080
119.13.179.78:8081
119.13.179.84:8080
119.13.179.84:8081
119.13.179.92:8080
119.13.179.92:8081
120.157.13.69:8000
123.143.141.75:10001
123.143.141.75:10002
123.143.141.75:10003
123.143.141.75:10005
123.143.141.75:10006
123.200.171.184:8081
123.209.115.252:8081
123.28.166.179:8001
123.28.195.117:8081
123.28.195.117:8082
124.19.77.89:8000
124.19.79.176:8000
124.19.91.120:8000
124.19.92.48:8081
132.255.192.122:9001
14.161.45.250:8888
14.164.61.33:8181
14.164.61.33:8383
14.164.61.33:8484
14.164.61.33:8585
14.164.61.33:8686
14.164.61.33:8787
14.164.61.33:8888
14.171.72.133:37771
14.171.72.133:37773
14.171.72.133:37775
14.171.72.133:37779
14.185.164.136:8080
14.254.135.96:8181
141.134.214.217:8003
14stirling.dyndns.org
151.71.98.227:8080
152.173.150.196:8080
159.196.71.244:8083
159.196.71.244:8084
161.43.195.146:8080
161.43.195.146:8081
161.43.196.13:8000
161.43.196.13:9000
161.43.202.65:8081
161.43.207.55:8080
161.43.207.55:8081
161.43.207.65:8080
161.43.207.65:8081
162.191.190.249:81
162.191.190.249:82
165.73.108.6:8020
165.73.108.6:8021
165.73.108.6:8022
165.73.108.6:8025
165.73.108.6:8027
165.73.108.6:8028
165.73.108.6:8029
166.140.147.185:8001
166.140.147.185:8002
166.140.147.185:8003
166.140.147.185:8004
166.144.131.188:8045
166.144.131.188:8052
170.254.152.248:8080
171.233.24.60:8080
174.67.82.219:1167
174.71.237.86:1101
174.71.237.86:1103
174.71.247.18:1188
174.71.253.35:1101
174.71.253.35:1103
178.156.67.184:2220
178.176.204.240:84
178.176.204.250:84
178.182.253.59:8081
178.182.253.59:8082
178.182.253.59:8083
178.182.253.59:8084
178.182.253.59:8085
178.183.184.59:8088
178.183.208.134:8080
178.183.208.134:8081
178.183.85.67:10081
178.183.85.67:10082
178.183.85.67:10083
178.183.99.195:8089
178.84.167.164:8080
179.87.223.249:8083
183.191.215.135:8000
185.127.22.75:8080
185.143.139.103:2221
185.43.16.46:82
185.43.19.103:9043
185.49.168.84:197
188.147.175.138:5002
188.147.175.18:8085
188.147.175.18:8088
188.147.175.18:8091
188.147.175.18:8094
188.170.32.148:84
188.26.129.216:9090
188.28.165.123:8083
188.28.167.142:8081
188.28.167.142:8082
188.28.167.142:8083
188.29.34.164:8081
188.29.34.164:8082
188.29.34.164:8083
188.30.200.232:8081
188.30.201.55:8084
189.223.203.43:8080
193.160.86.39:8080
195.135.42.75:38185
195.135.42.75:38187
195.135.42.75:38188
200.187.93.158:37020
201.110.70.11:8080
202.22.143.159:9020
202.22.143.159:9021
204.11.227.214:1103
209.162.229.229:2003
209.162.229.229:2004
212.14.98.61:10092
212.3.211.157:50080
217.160.26.97:8001
217.35.225.65:81
217.35.225.65:82
218.108.181.2:84
218.108.181.2:87
221.10.233.217:8618
222.145.26.8:50005
222.252.15.21:8081
223.108.58.13:37780
223.108.58.15:37780
223.82.83.143:8888
223.83.194.100:8080
223.83.194.100:8081
223.83.194.100:8082
24.120.13.5:1101
24.120.13.5:1103
24.120.175.134:1111
24.120.42.254:1212
24.120.42.254:1214
24.234.159.5:1111
24.234.159.5:1112
24.234.172.44:1101
24.234.172.44:1111
24.234.172.44:1112
3.109.239.113:8406
31.0.241.65:8081
31.0.241.65:8082
31.125.243.56:8181
31.173.70.100:86
31.217.117.2:8081
31.217.117.2:8082
31.217.117.2:8084
39.175.56.202:9001
39.175.56.248:9006
39.175.56.249:9005
39.175.56.250:9003
41.144.133.44:8081
41.144.133.44:8083
41.144.133.44:8084
41.146.5.125:8083
41.71.51.243:8080
42.113.68.50:8888
45.234.218.54:8099
45.90.2.195:999
46.103.200.106:8080
46.171.144.226:1081
46.250.54.75:83
46.250.54.75:84
47.152.114.31:8104
47.152.114.31:8105
5.161.79.118:8563
50.175.37.218:1141
50.175.37.222:1141
50.243.106.237:1101
50.243.106.237:1103
50.243.106.237:1188
59.154.239.132:8000
59.154.252.26:8000
61.88.48.247:8000
61.88.50.73:8000
61.88.50.74:8000
61.88.50.76:8000
62.45.143.203:9012
66.214.27.140:8111
66.49.95.131:8131
66.49.95.131:8132
68.107.218.106:1101
68.226.36.150:1122
69.75.168.226:8007
70.173.248.138:1101
70.173.248.138:1103
74.72.72.247:8000
74.72.72.247:8002
76.53.38.126:8081
76.53.38.126:8082
76.53.38.126:8085
76.53.38.126:8086
76.53.38.126:8087
76.53.38.126:8090
76.53.38.126:8888
77.237.29.219:2025
77.237.29.219:2027
77.73.166.186:8001
77.73.166.186:8002
78.21.148.41:4002
78.21.148.41:4003
78.23.174.181:8810
78.23.174.181:8811
79.142.152.214:10001
79.162.222.118:8083
79.162.222.118:8089
79.8.63.122:8081
80.14.38.66:1081
80.15.181.173:2501
80.24.87.77:8056
80.24.87.77:8057
80.24.87.77:8058
80.64.76.65:8002
81.156.181.101:60030
81.196.96.73:1030
81.42.247.62:8082
81.42.247.62:8083
81.42.247.62:8084
81.42.247.62:8085
81.42.247.62:8086
81.42.247.62:8087
82.148.194.54:9013
82.76.12.91:1030
82.76.12.91:1031
82.76.12.91:1032
82.77.57.16:8585
83.220.108.132:8081
83.220.108.132:8082
83.220.108.132:8083
83.220.108.132:8084
83.220.108.132:8085
84.199.4.170:8005
84.29.231.9:8080
85.99.124.65:8001
86.121.112.111:1031
86.121.112.111:1032
86.121.112.188:1032
86.121.112.188:1033
86.121.112.70:1031
86.121.112.70:1032
86.121.113.72:1032
86.121.113.72:1033
86.121.113.87:1025
86.121.221.111:50102
86.122.141.80:8002
86.127.104.61:1300
86.127.104.61:1301
86.127.104.61:1302
86.127.104.61:1303
86.127.104.61:1304
86.127.104.61:1306
86.127.104.61:1309
86.127.104.61:1310
86.127.104.61:1311
86.221.95.134:81
86.221.95.134:82
86.221.95.134:83
87.119.173.73:8080
87.251.249.41:8082
87.26.194.197:8884
88.123.92.100:8000
88.208.213.73:8004
88.24.46.77:10062
88.24.46.77:10072
88.8.54.152:10042
89.31.226.224:8085
90.102.76.1:1216
90.102.76.1:1220
91.164.39.142:50002
91.164.39.142:50003
91.164.39.142:50004
91.164.39.142:50005
91.164.39.142:50006
91.164.39.142:50008
91.170.130.84:8080
91.231.190.163:8080
92.40.60.119:8001
92.41.12.160:8083
93.63.154.162:38000
94.190.215.76:37781
94.196.58.35:8081
94.196.58.35:8082
94.196.58.35:8083
94.254.244.246:1111
94.60.242.252:9091
94.60.242.252:9094
94.60.242.252:9095
95.60.186.19:9001
96.76.18.90:8081
96.76.18.90:8082
99.139.100.137:1101
99.139.100.137:1104
99.139.100.137:1107
99.139.100.137:1110
99.139.100.137:1188
99.71.130.109:8021
99.71.130.109:8022
99.71.130.109:8025
99.71.130.109:8027
99.71.130.109:8028
99.71.130.109:8034
99.71.130.109:8035
99.71.130.109:8039
99.71.130.109:8040
99.71.130.109:8041
99.71.130.109:8042
99.71.130.109:8048
99.71.130.109:8049
99.71.130.109:8050
99.71.130.109:8054
99.71.130.109:8055
173-255-238-129.ip.linodeusercontent.com
article.se
hksswbhjd.com
v1.article.se

# Reference: https://x.com/banthisguy9349/status/1838857986887876834

http://113.182.105.128
http://116.103.166.146
http://116.110.194.14
1.179.63.129:8080
1.179.63.129:8081
1.179.63.130:8080
1.179.63.130:8081
1.179.63.145:8080
1.179.63.145:8081
1.179.63.146:8081
1.54.31.240:8888
102.223.106.188:8022
102.223.106.188:8026
102.23.89.134:8082
102.23.89.134:8083
102.68.74.28:8055
102.68.74.45:8055
102.68.74.46:8055
102.68.74.69:8055
105.184.90.162:8081
109.166.211.222:6201
109.166.211.222:6202
110.239.6.20:8080
110.239.6.20:8081
112.4.110.22:37780
113.161.57.162:8080
113.165.91.189:8080
119.13.179.133:8080
119.13.179.136:8080
119.13.179.16:8080
119.13.179.16:8081
119.13.179.225:8080
119.13.179.225:8081
119.13.179.75:8081

# Reference: https://x.com/DaveLikesMalwre/status/1853203655911973324
# Reference: https://app.validin.com/detail?type=raw&find=Login+-+Nosviak4#tab=host_pairs

http://15.204.132.49
http://188.212.101.73
http://198.251.80.196
http://198.251.81.118
http://198.251.83.85
http://205.185.117.147
http://5.183.171.160
http://51.81.104.127
http://51.81.135.240
http://51.81.135.241
http://54.39.226.40
http://62.146.182.2
http://93.123.85.50
api-flowerc2.online
flowerstresser.online
ip240.ip-51-81-135.us
ip241.ip-51-81-135.us
ns2.opennet.cloud
rxqtuest.top

# Reference: https://x.com/SecureSh3ll/status/1855051575498055687
# Reference: https://www.virustotal.com/gui/ip-address/135.181.56.30/detection
# Reference: https://www.virustotal.com/gui/file/3f0ec748d8a083529098aa9181deba63508bb1d5863ff01bb528ebf4f53642e5/detection

http://135.181.56.30
http://2.59.134.66
135.181.56.30:4411
static.30.56.181.135.clients.your-server.de

# Reference: https://x.com/banthisguy9349/status/1869018664789569901

http://176.96.136.133
http://45.148.10.176
http://51.81.121.129
