# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: qakbot, qbot, pikabot

# Reference: http://www.symantec.com/security_response/writeup.jsp?docid=2009-050707-0639-99&tabid=2

abc-hobbies.com
acadubai.org
adserv.co.in
alfamex.com
b.nt002.cn
b.rtbn2.cn
b.tn001.cn
bckp01.in
boogiewoogiekid.com
buldrip.com
cdcdcdcdc212121cdsfdfd.com
cdcdcdcdc2121cdsfdfd.com
citypromo.info
du01.in
du02.in
ftp.acmeinformation.com
ftp.hunterscentral.com
ftp.periodicopuruvida.com
gator862.hostgator.com
googcnt.co.in
hostrmeter.com
inetrate.info
laststat.co.in
nt002.cn
nt010.cn
nt101.cn
nt13.co.in
nt16.in
nt17.in
nt20.in
nt202.cn
ppcimg.in
prstat.in
redserver.com.ua
s046.panelboxmanager.com
saper.in
spotrate.info
successful-marketers.com
swallowthewhistle.com
up002.cn
up003.com.ua
up004.cn
up01.co.in
up02.co.in
up03.in
whitepix.info
yimg.com.ua
zenpayday.com
zurnretail.com

# Reference: https://twitter.com/VK_Intel/status/1025017793245315072

webcoremetrics.com

# Reference: https://twitter.com/abuse_ch/status/1116023921894219778

d221-73-45.commercial.cgocable

# Reference: https://twitter.com/Bank_Security/status/1124209952019689472
# Reference: https://pastebin.com/pTXbXVnZ
# Reference: https://blog.talosintelligence.com/2019/05/qakbot-levels-up-with-new-obfuscation.html
# Reference: https://twitter.com/_Bear_Crawl_/status/1124357801906716672
# Reference: https://pastebin.com/Tq6ji8uV

lg.prodigyprinting.com
hp.prodigyprinting.com
layering.wyattspaintbody.net
painting.duncan-plumbing.com
rss.thulos.com
wordpress.4ainternacional.com
feedback.couponpx.com
10tillcom.montgomerytech.com

# Reference: https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html (# Win.Dropper.Qakbot-6956539-0)

jpfdtbmvuygvyyrebxfxy.info
hknkmwfdngcfavzhqd.biz
ywubouysdukndoakclnr.org
uwujtnymeyeqovftsc.org
kaaovcddwmwwlolecr.org
ijdlykvhnvrnauvz.com
lunkduuumhmgpnoxkbcjqcex.org
hsyglhiwqfc.org
forumity.com
zebxhuvsz.com
yxssppysgteyylwwprsyyvgf.com
fcptxaleu.net
olosnxfocnlmuw.biz
cbqjxatxrumjpyvp.biz
sproccszyne.org
uschunmmotkylgsfe.biz
wgysvrmqugtimwhozoyst.biz
tkpxkpgldkuyjduoauvwoiwcg.org
cufgghfrxaujbdb.com

# Reference: https://blog.talosintelligence.com/2019/07/threat-roundup-0719-0726.html (# Win.Dropper.Qakbot-7079811-0)

aqksafpuovjyfrzit.org
aulmkpipscpopgwrtzhlnqmjk.info
bmbtgoova.com
cagkhrabktfwkuroydfwtta.org
doiknfcneeeydnyofyurzy.info
erbqfnvqsahyshygeglwhxhvd.org
hibqrywwciwhbks.net
jkijlzrsvic.com
jueafvkiigmul.org
mgpepssjlpytbdktejekl.net
nwocsvuw.net
pzsbodhuinrzhcjin.org
tvntnfczmfiewin.info
uofdwoxezbdujgadioqvy.net
vljfhvniqpl.org
vwsbvkpkzgsvyhapfcm.org
wlakhytkctowfowlzyehtt.net
wupgkipgaiu.biz
yaznaovutvzwgp.net
ymoabqpo.com
zqpbnjvmfkfzbyko.info

# Reference: https://blog.talosintelligence.com/2019/10/threat-roundup-1004-1011.html (# Win.Dropper.Qakbot-7287972-0)

ageanrzekiycakzrswcq.com
cyiynudufvqmswxgtdkgyal.org
evvedpvqyno.net
fmncuwynktocekwqmthsr.net
hrmmnxigwodcsbqhcezedv.net
ocqfamsdr.org
ohfckvgylddiulbtgcrdijtpl.org
ohnzjsjoyxmkfpafaouujked.biz
qguuivkqppwohlzzvjv.org
rpagfveavil.com
tnqnpjthcwhhit.biz
utglavlafksmzfcniumfwwbm.biz
wpaoyqevfvmqquvpfwo.com
wyrlmssiybtkxemblgkturpw.net
zhkclrrbgufzsgljzohs.com

# Reference: https://twitter.com/killamjr/status/1183831240090312706

mottosfer.com
sosanhapp.com

# Reference: https://twitter.com/killamjr/status/1184219573664530437

ivoireboutique.net
newbestacademy.com

# Reference: https://twitter.com/DGAFeedAlerts/status/1186130743241707520

veadymnpvxjxzicecamltc.com

# Reference: https://www.vkremez.com/2018/07/lets-learn-in-depth-reversing-of-qakbot.html
# Reference: https://tria.ge/reports/191119-kdqwsphw2e/task1
# Reference: https://twitter.com/malware_traffic/status/1223044973836361729



content.markdutchinc.com

# Reference: https://twitter.com/reecdeep/status/1218172158633029632

deccolab.com
helpvan.su

# Reference: https://twitter.com/reecdeep/status/1222429871621709824

productsphotostudio.com/wp-content/uploads/2020/01/lane/444444.png

# Reference: https://twitter.com/ps66uk/status/1244784860927004672

stickit.ae/direct/444444.png
suaritmaservisi.co/direct/444444.png
worldplaces.in/direct/444444.png

# Reference: https://resources.baesystems.com/pages/view.php?ref=39115&k=46713a20f9

411foru.biz
411foru.com
411foru.info
411foru.net
411foru.org
aecfdpuspicop.biz
aifrbgvit.org
akurktsicohzxrfoynqaixspe.org
americansvoice.com
americasvoice.net
angelandthebackbeat.com
angelandthebackbeats.info
angelandthebackbeats.net
angelandthebackbeats.org
anthonybryanauthor.com
aoznszhhyhktgb.com
awtptzoblgkkdmfb.biz
ballbutter.com
bbostybfmaa.org
bdbprqhsomsonztxios.net
beverlyhillsaestheticplasticsurgery.com
beverlyhillsaestheticplasticsurgeryassociates.com
beverlyhillsshrinkwrapliposuction.com
bhapsa.com
bogtdrfdeqabyyxdg.net
bookhotelonlinetoday.com
boomer-talk.com
boomerstalk.com
boomersvoice.com
boomersvoice.net
brpnkctjvgdmnbwtv.biz
bryhitenwzmdtakavoofanp.org
bwzxubzdgaq.biz
bzkgskajhmcwrbk.net
candcbuilding.com
candcplumbing.com
casinobettingpoker.com
cecate.net
cio-inspired.com
cioemea.com
cioeurope.com
cioinnovate.com
cisoinspired.com
cmoinspired.com
cortezs.com
cortezs.net
costcoexpress.com
coxrwiuxkcausxnlbgjmakxrw.net
coxrwiuxkcausxnlbgjmakxrw.net
cpoinspired.com
creinspired.com
csgoclimb.ru
csgoevent.com
csgohs.ru
czkwuxvndxrjsprm.org
dandymanscrubs.com
dandyscrub.com
dandyscrubs.com
dejyjcwo.info
dfnchvkjlzlkdaygzdakqhn.info
dkdjezurex.org
doctorraffi.com
domandvilma.com
dpsjwmwzuwnicaq.biz
dpsjwmwzuwnicaq.biz
drhovsepian.com
drhovsepianbeverlyhillsbotchedme.com
drhovsepianbeverlyhillsbotchedmeup.com
drhovsepianbeverlyhillsexperience.com
drhovsepianbeverlyhillsreview.com
drhovsepianbeverlyhillsreviews.com
drhovsepianbotched.com
drhovsepianbotchedme.com
drhovsepianbotchedmeup.com
drhovsepianplasticsurgeon.com
drhovsepianplasticsurgery.com
drhovsepianreview.com
drhovsepianreviews.com
drhovsepianruinedme.com
drraffibeverlyhills.com
drraffibeverlyhillsbotched.com
drraffibeverlyhillsbotchedme.com
drraffibeverlyhillsbotchedmeup.com
drraffibeverlyhillsreview.com
drraffibeverlyhillsreviews.com
drraffibotched.com
drraffibotchedme.com
drraffibotchedmeup.com
drraffihovsepian.com
drraffihovsepianbeverlyhillsbotched.com
drraffihovsepianbeverlyhillsbotchedme.com
drraffihovsepianbeverlyhillsbotchedmeup.com
drraffihovsepianbeverlyhillsexperience.com
drufxhimmwwnfhegujbutyw.com
drufxhimmwwnfhegujbutyw.com
dslmkpgjvuisnqa.com
dslmkpgjvuisnqa.com
dtvsxudgnort.biz
dynamicwords.us
eeaforums.org
ejnkyujcazyyrehecjmox.net
engeniusforum.com
facilitiesmanagementforum.com
fbptaqbegdpqfkqeniulcz.com
felruzatqofkxlzkrskrbcilq.org
fgmbdteifejszcmn.org
fm-inspired.com
fminnovate.com
fmpevent.com
fobccpaug.org
frcblvtmpuygvxzdjsdw.net
gandhiprobably.com
gdfqutzvshhgzheqksxj.biz
gfapuxkfzsddekagqyvtibckx.org
gfsbfuaogfwrcvstpnvuskqjh.net
gilkeyphotography.com
gjcybzvmvir.com
gjcybzvmvir.com
gkvimqrvoscnuvggw.net
godbetter.com
godbigger.com
godonlinetv.com
gvyxwaslgliazuilhtyl.com
hbjzvgyej.org
hernandezenterprise.com
hernandezenterprise.info
hernandezenterprise.mobi
hernandezenterprise.net
hernandezenterprise.org
hhwkqccfvmbxvgsrfodzblfk.org
hihybiipewmutcpqjsnnn.org
hr-inspired.com
htibkjlyhffmhnetwvaia.net
hvjhbdtxslkr.net
hyfotrom.biz
hyfpcoogiuxackrjlvqfoa.org
iaahouston1.com
inspiredbusinessmedia.com
internetmarketingenterprise.net
izfrynscrek.net
jaxmksttqwcfycm.org
jdqmdauuzavhvzmchymtn.com
jekawtzb.net
jfgsifrptbirusgs.net
jghgaukpemdsitwrbkm.org
jhsjqyopeiivfjonxfd.com
justportraits.ca
jyemfaceteeg.info
kvwyoivqwydfdlpzd.org
kyimozmtezqaghxaqbykf.net
kzdmlrtrdfmuvyczjeoysnnr.com
lifewavechina.com
lifewavedenmark.com
lifewavedistributor.com
lifewaveforever.com
lifewaveindia.com
lifewaveuk.com
listentoamericans.com
listentoamericans.net
ljiececesruwqsiaafspjb.biz
ljiececesruwqsiaafspjb.biz
lowtechinternational.com
lssteedshlf.org
lzxrbgvcpdefafmtkmypd.org
marcelohernandez.net
marcelohernandez.org
messifootball.com
messimessimessi.com
messistar.com
messistars.com
mlmbonus.com
modernhide.com
mushroomalley.com
my-voice.net
myvoiceamerica.com
myvoiceusa.com
mzvmmsedkr.biz
naughtytimebooks.com
nknpagmexfmpivpfkej.org
nkwnfcvlqvouqyspcpfxdbmkv.org
nwqsckeoatb.biz
nyqvjyehgmyzwsutaoeqrzdff.net
oabtwabgoyatl.info
oeisvpck.com
ofcource.com
ohjnxkcqhyzcqxoxyrqsvmovb.org
ohnzjsjoyxmkfpafaouujked.biz
ohpjbauaztbcqjwbxyepjg.info
olecram.info
olecram.org
olecramproductions.info
olecramproductions.net
olecramproductions.org
onlineredwine.com
onlyportraits.com
onpzjbvxnbvuhrjbjb.info
osnyjaaliqdpegehd.com
oxpsuqkej.org
pgnioogwlucnv.com
pptyqmktluqnpameptwtzno.org
pqmqomkgjnfdng.org
pzmftmgqnxaqgrznm.net
qfdjjouamlbqtfyewaxci.org
qotavczeb.info
raymondelectronics.com
rdnzplgrz.net
reckchfhtndingqrynjdgpbjy.net
revivearizona.com
reviveindiana.net
reviveindiana.org
revivejerusalem.org
revivelondon.org
revivemilwaukee.org
reviveminnesota.com
reviveminnesota.info
reviveminnesota.net
reviveminnesota.org
revivemississippi.net
revivemississippi.org
revivemsp.org
reviverichmondca.org
revivesarasota.org
reviveseattle.org
revivesoutherncaribbean.com
revivesoutherncaribbean.org
revivetheholyland.com
revivetheholyland.org
revivethepromisedland.com
revivethepromisedland.org
revivetupelo.com
revivetupelo.org
revivetwincities.org
revivewisconsin.org
rhjbkrqiekhdxlgzrzdzw.net
riiqynnpolhrrqtjq.com
rkdxaovlaoltxnorwhtqo.com
rss.dimadimapress.com
rtachicago.com
rudedogbrewery.com
rudedogbrewery.info
rudedogbrewery.net
rudedogbrewery.org
rudedogbrewing.co
rudedogbrewing.net
rustywallacefordtennessee.com
saveonfordtrucks.com
saveonscion.com
saveontoyotas.com
sda-courier24.biz
sdacourier.info
senior-voice.com
sexlag.com
shehtaamozvljiemrijsgzff.com
shoprustywallace.com
shoprustywallaceford.com
silent-majority.net
simnewsdaily.com
sportsbettingrace.com
stat.nickspizzade.com
tnqnpjthcwhhit.biz
trackbonus.com
ttzioiyzupuntyceqbwqr.org
tybsrwyftchsd.biz
uisfhfwqrcsqcvo.org
uitutnmieyxfk.org
usobtaaxtdkpzqqvkahae.com
utalkhere.com
utalkhere.net
uvaphhxjmijvuvobqfezgnc.com
uvaphhxjmijvuvobqfezgnc.com
uzjwupjsjfpcezlchdsmzodkm.org
vcavovfkbnxdi.org
vpsbrubhqlrpqfnadsvc.net
vvdpprlurgnja.biz
vxozgiucpq.com
vyffojtfi.net
vzdrlswljtpgsmvddeehav.org
walmgvyongcjrfpjjlwiweyiv.biz
wolfgnards.com
wybmdazfdaapjtabgbamyuq.biz
xkwczygvqosxx.com
xykrgjnhkhjgpkdi.net
year2018.com
year2019.com
year2023.com
year2024.com
yliolxjywjpmtpxwkcsc.biz
yqwjvhxgaiszygziq.org
yqwjvhxgaiszygziq.org
yrkinsiwejn.biz
yuhjomyygtrbcr.info
zlczwkjposmtcawsga.org
zvwidimzmcbsrdbrtk.org
zwdhqcthdwlugocbiqn.info

# Reference: https://www.varonis.com/blog/varonis-discovers-global-cyber-campaign-qbot/

content.bigflimz.com
fixdoctorsfirst.net
help.postsupport.net
ontario.postsupport.net
portla.mlcsoft.com
qt.files.diggerspecialities.com
store.thecenterforyoga.com
store.birthtothreeipswich.org
uhfudshfduhsf.com

# Reference: https://twitter.com/Bank_Security/status/1121684786068611072

apps.theandroidstore.tv

# Reference: https://twitter.com/killamjr/status/1184564829140291584

baytk-ksa.com

# Reference: https://twitter.com/VK_Intel/status/1025017793245315072

webcoremetrics.com

# Reference: https://app.any.run/tasks/affb8f2b-864b-4919-94f9-628bb8de9c1c/

maishousemeovac.com

# Reference: https://twitter.com/Arkbird_SOLG/status/1230436957693632512

http://91.196.70.103

# Reference: https://twitter.com/shiftybitshiftr/status/1231422937799856128

qthrebadf.mrbonus.com

# Reference: https://twitter.com/Jouliok/status/1235446560735080449
# Reference: https://app.any.run/tasks/35172a93-5c37-44c2-aac8-7697c4682667/

murreeweather.com

# Reference: https://app.any.run/tasks/4e308047-6593-4aa7-9ca6-aab1d55d324f/

a-o-concepts.ch

# Reference: https://twitter.com/JAMESWT_MHT/status/1244933553151979520
# Reference: https://app.any.run/tasks/d1f38527-29f0-4367-8b65-68896c52ebf6/
# Reference: https://app.any.run/tasks/65300f66-2666-427f-815e-a155b346ceab/

stickit.ae/direct/444444.png
suaritmaservisi.co/direct/444444.png
t.unplugrevolution.com/articles/18928/2910.png
worldplaces.in/direct/444444.png

# Reference: https://twitter.com/ps66uk/status/1245050707180498947

worldsatellitemedia.com/tools/444444.png

# Reference: https://twitter.com/lazyactivist192/status/1246089064182435840

wizcapture.com/Branding/444444.png
swisscleantechreport.ch/Branding/444444.png
aaronfickling.com/Branding/444444.png
5.unplugrevolution.com/234/4324/43.png

# Reference: https://app.any.run/tasks/4eed74e1-5dd0-4a78-8e92-6a0351adf6e5/

darcscc.org/wp-content/themes/twentytwenty/ktfGuekkNp/cursors/444444.png
decorenovacion.cl/wp-content/plugins/ziss/classes/cursors/444444.png
kritids.com/assets/style/images/gradient/cursors/444444.png

# Reference: https://twitter.com/0xCARNAGE/status/1235716209540296704

samphaopet.com/wp-content/uploads/2020/02/idle/111111.png
icietdemain.fr/contents/2020/02/idle/222222.png
careers.sorint.it/idle/33333.png
uniluisgpaez.edu.co/wp-content/uploads/2020/02/idle/444444.png

# Reference: https://pastebin.com/3ZzD5N51

tubolso.cl/wp-content/uploads/2020/02/white/444444.png
samphaopet.com/wp-content/uploads/2020/02/idle/111111.png
icietdemain.fr/contents/2020/02/idle/222222.png
murreeweather.com/wp-content/white/444444.png

# Reference: https://twitter.com/wwp96/status/1234919547590905856

samphaopet.com/wp-content/uploads/2020/02/idle/444444.png

# Reference: https://twitter.com/wwp96/status/1230183193300676609

g2creditsolutions.com/trusty/444444.png

# Reference: https://twitter.com/wwp96/status/1229887414069579777

kantei-center.com/wp/wp-content/uploads/2020/02/safety/444444.png

# Reference: https://twitter.com/c3rb3ru5d3d53c/status/1227767571547590657

mostasharanetalim.ir/wp-content/uploads/2020/02/recent/444444.png

# Reference: https://twitter.com/JAMESWT_MHT/status/1246109511473037312

darcscc.org/wp-content/themes/twentytwenty/ktfGuekkNp/cursors/444444.png
kritids.com/assets/style/images/gradient/cursors/444444.png
decorenovacion.cl/wp-content/plugins/ziss/classes/cursors/444444.png
4.unplugrevolution.com/189/24/4788.png

# Reference: https://twitter.com/lazyactivist192/status/1247179930821177344

a.assignmentproff.com/ashduhfudsf.png
corbucrochet.com/cursors/444444.png
stajer.eu/cursors/444444.png

# Reference: https://twitter.com/lazyactivist192/status/1247530680776417282
# Reference: https://app.any.run/tasks/23430199-4079-4202-a847-683ef164c392/

b.assignmentproff.com/amyceyaihd.png
kramo.pl/wp-content/plugins/apikey/slider/444444.png
wppunk.com/wp-content/uploads/2020/04/slider/444444.png
retroband.uk/wp-content/uploads/2020/04/slider/444444.png
almohadonera.clichead.club/slider/825381.zip

# Reference: https://pastebin.com/C9Jmzvdu

greenmagicbd.com/wp-content/themes/calliope/previous/444444.png
higigs.com/wp-content/themes/calliope/previous/444444.png
intermed19.com/wp-content/themes/calliope/previous/444444.png
dctechdelhi.com/wp-content/plugins/advanced-ads-genesis/previous/444444.png
himthailand.org/wp-content/themes/calliope/previous/444444.png
b.teamworx.ph/jksaho/wihf/3284.png

# Reference: https://pastebin.com/pN5DfFyS

millionsawesomeproducts.com/string/444444.png
common-factor.nl/string/444444.png
funpartyrent.com/string/444444.png
leukkado.be/string/444444.png
unik-evenements.fr/string/444444.png
d.teamworx.ph/1839/20/279.png

# Reference: https://twitter.com/JAMESWT_MHT/status/1250473025012711424

greenmagicbd.com/wp-content/themes/calliope/previous/444444.png
higigs.com/wp-content/themes/calliope/previous/444444.png
intermed19.com/wp-content/themes/calliope/previous/444444.png
dctechdelhi.com/wp-content/themes/calliope/previous/444444.png
himthailand.org/wp-content/themes/calliope/previous/444444.png
b.teamworx.ph/jksaho/wihf/3284.png

# Reference: https://pastebin.com/hYd6S8YT
# Reference: https://otx.alienvault.com/pulse/5e97740b990dafad240cf9e7

bizzlon-realty.com/wp-content/themes/calliope/beads/444444.png
pakgt.com/wp-content/themes/calliope/beads/444444.png
marinerevetement.com/wp-content/themes/calliope/beads/444444.png
chattosport.com/wp-content/themes/calliope/beads/444444.png
a.coolbreeze.uk/213/312d/6748.png

# Reference: https://twitter.com/secret_return/status/1250574408566976512

/wp-content/themes/calliope/db.php?u=true
/wp-content/themes/calliope/wp-data.php
/wp-content/themes/calliope/wp_class_datalib.php

# Reference: https://twitter.com/ActorExpose/status/1252183338141601793
# Reference: https://app.any.run/tasks/be4a431b-fdb7-4dec-ad40-f67201493494/

greindustry.com
paceldelivery.express

# Reference: https://www.virustotal.com/gui/domain/automatischer-staubsauger.com/relations

automatischer-staubsauger.com

# Reference: https://www.virustotal.com/gui/file/9a8206be5f1eeca651f0d858f752fd84e7014ab561a3b7a8ad2a56971e5f338f/detection

anamikaindanegas.in
demo.caglificioclerici.com

# Reference: https://twitter.com/lazyactivist192/status/1252946567780319233
# Reference: https://pastebin.com/L0g5fRgv
# Reference: https://app.any.run/tasks/286bb4a8-6392-4b31-8e36-ae143522d0d6/

hasumvina.nrglobal.top/wp-content/themes/mapro/pump/55555.png
4mco.com.pk/wp/wp-content/themes/mapro/pump/55555.png
cloud.wmsinfo.com.br/wordpress/wp-content/themes/mapro/pump/55555.png
jeromenetpanel.ml/wp-content/themes/mapro/pump/55555.png
cheshirecheetah.com/wp-content/themes/mapro/pump/55555.png

# Reference: https://pastebin.com/7bYzetJF

170.82.210.138:2222
178.193.33.121:2222
184.167.2.251:2222
188.26.150.82:2222
195.162.106.93:2222
68.14.210.246:2222
72.204.242.138:50003
75.117.128.20:2222
atn24live.com/spool/8888.png
bg142.caliphs.my/spool/8888.png
afsholdings.com.my/spool/8888.png
alphapioneer.com/spool/8888.png
kbzsa.cn/wp-content/plugins/apikey/spool/8888.png

# Reference: https://pastebin.com/55uiNwYC

auxiliumassessoria.com.br/docs_tmj/8888.png
inglesdoribas.com.br/docs_cyq/8888.png
adamdtmassage.co.uk/docs_394/8888.png
adwokat-pleszka.pl/docs_v6n/8888.png
afterdrugs.life/docs_kxk/8888.png

# Reference: https://pastebin.com/BSe9sHVR

arcyten.cl/iulbxki/88888.png
beforeshithappens.com/docs_2re/55555.png
can-media.de/e/88888.png
cirugiagenital.com.mx/rrigg/88888.png
clair-salon.info/docs_xgy/55555.png
clubtempel.de/zeksv/88888.png
delmaestro.cl/uyc/88888.png
mytex.pe/phsse/88888.png
svvlive.com/docs_fbz/55555.png
themmacoach.com/wp-content/uploads/2020/04/docs_cv0/55555.png
tianmaouae.com/docs_9qu/55555.png
y-sani.com/docs_bcx/55555.png

# Reference: https://pastebin.com/SbZvFXPa

batdongsanbentre.com.vn/vbtbnvxnrl/22222.png
betopceo.com/ivbglae/22222.png
capath.vn/yxrw/22222.png
cerisiers.be/fczjua/22222.png
daricci.de/wp-content/uploads/2020/04/owkf/22222.png

# Reference: https://pastebin.com/Qsf0XmFj

tradingwithharmony.com/wp-content/uploads/2020/04/phsse/8888.png
moinmo.de/phsse/8888.png
herrfischer.me/phsse/8888.png
ngon10.com/phsse/8888.png
gmassurance.fr/wp-content/uploads/2020/04/phsse/8888.png

# Reference: https://app.any.run/tasks/173baaa3-8577-49a3-b525-04dddc3ed2a5/
# Reference: https://app.any.run/tasks/23781225-7661-48b5-a3bb-4f3c22b99252/

tristatehs.com
new.tristatehs.com

# Reference: https://app.any.run/tasks/20fdc52d-21bd-4a76-aa4e-0a0b6729c66f/

hotelbharatpurpalace.com/fjtpbqbq/88888.png

# Reference: https://pastebin.com/czHZP8AJ

beachtour14.fr/bpqlrau/2222.png
casadospa.com.br/wp-content/uploads/2020/05/fougrzbplzd/2222.png
chapaitoday.com/olsce/2222.png
ecogold.com.au/wp-content/uploads/2020/05/ggmjmxnvzabj/2222.png
en.goldwin1.ir/sysaasdyrwt/2222.png
cupid.ninja/jbwyga/3333.png
era.co.id/jwpgqgdwcg/3333.png
escriba.art/wp-content/uploads/2020/05/volbgwi/3333.png
flowersforfuneral.net/zkqsxgiuc/3333.png
ftluae.com/wp-content/uploads/2020/05/nkwyacugcyjt/3333.png

# Reference: https://twitter.com/JAMESWT_MHT/status/1258057381637955586
# Reference: https://app.any.run/tasks/84e1beae-8ca6-484e-9124-c9ffd0116307/

alhussain.pk/ioxix/88888.png
beta.enerbras.com.br/muvolifvmg/88888.png
blog.saigon247.vn/wp-content/uploads/2020/05/axtcud/88888.png
it.shopforever.pk/ewbaleo/88888.png
limonauto.com.ua/gdjcigc/88888.png

# Reference: https://pastebin.com/j5tcBGZR

p2b.in/tpgcy/6666.png
cjemskayyoor.com/wp-content/uploads/2020/05/yaakhc/6666.png
cosmea.pl/wp-content/uploads/2020/05/lqauk/6666.png
hobsnchimney.in/dawfxassh/6666.png
hyundainamdinh.org/wp-content/uploads/2020/05/nxacxffh/6666.png

# Reference: https://pastebin.com/jmh7jtHb

landing1.allencarr.co.il/wp-content/themes/danfe/itfmy/4444.png
laraib.freelancefront.com/wp-content/themes/danfe/seobfszigf/4444.png
learn.milwayresources.com/wp/wp-content/plugins/wp-block-pack/yaziwtgpugnl/4444.png
kazemart.com/wp-content/themes/danfe/eupsvyto/4444.png
kenfendi.com/wp-content/themes/danfe/abfbbq/4444.png

# Reference: https://pastebin.com/NfiYEGRW

datphatlocsg.com/wp-content/uploads/2020/05/scfcgmbjsv/77777.png
moydom.md/wp-content/uploads/2020/05/hflhgo/77777.png
renobarapp.es/wp-content/uploads/2020/05/ahrtqqlwe/77777.png
league265.com/awoaokzq/77777.png
doryfotografia.com/wordpress_1/valoub/77777.png

# Reference: https://pastebin.com/drJgf5aZ

conference.vlgprojects.ru/fsxijcpft/5555.png
sjabbens.xyz/wp-content/uploads/2020/05/xngij/5555.png
telefonrammen.dk/pcixoheru/5555.png
vdovira.net.ua/qjzcgusihgg/5555.png
formationcap.tn/wp-content/uploads/2020/05/avxvwjxvpzh/5555.png

# Reference: https://pastebin.com/55RY1qcm

fitoluri.cat/wp-content/themes/twentyseventeen/inc/turns/55555.png
mrdgrupointegral.com/wp-content/themes/twentytwenty/inc/turns/55555.png
demo.dehliwalalunch.com/wp-content/themes/twentyseventeen/inc/turns/55555.png
dr-nano.ir/wp-content/themes/twentytwenty/classes/turns/55555.png
bondarenkopjatk.ru/wp-content/themes/twentyseventeen/inc/turns/55555.png

# Reference: https://pastebin.com/PwQfddsP

new.myoc.com.au/pqurjvfpjl/8888888.png
uhuru.online/krtxtkiajk/8888888.png
one2onedriving.co.uk/zxzhmxut/8888888.png
kancelariaziolkowscy.pl/xfyinzwfwqv/8888888.png
shop.luisvillalonga.com/fztdvmyodegs/8888888.png

# Reference: https://pastebin.com/15vppTwk

idea-development.ru/afqwno/8888888.png
rifey-zlat.ru/oezwkp/8888888.png
m.alt-hospital.ru/dsancifk/8888888.png
6pond.com/yjssrdxwb/8888888.png
redletterliving.org/iqoehhnywvt/8888888.png

# Reference: https://twitter.com/ffforward/status/1268905190041759744

test.acdlec.be/ilxjzhky/8888888.png

# Reference: https://pastebin.com/HkmkarTG
# Reference: https://app.any.run/tasks/68251632-8093-4ae1-9a33-99c8b2437e21/

salwadm.com/tcphx/8888888.png
flipkenya.com/nujazbwrhjy/8888888.png
10x45.com/zfbjvvqxktx/8888888.png
iamployed.nl/lbbiujdyjy/8888888.png
aptociudadamuralladacartagena.com/gddqez/8888888.png
autoescolaciganos.com.br/gezzf/8888888.png

# Reference: https://twitter.com/lazyactivist192/status/1271079253988093953
# Reference: https://pastebin.com/Kx6ADJ3z

amandadecardy.com/NSUEdD/wp-includes/js/tinymce/plugins/directionality/pdvav/8888888.jpg
ameliasmoments.com/wp-includes/js/thickbox/wifgyfro/8888888.jpg
digitalschoolfaridabad.in/courses/images/parallax/mjogqxakfxg/8888888.jpg
sometechsense.com/wp-includes/js/tinymce/plugins/wptextpattern/tbpfdfelf/8888888.jpg
uniquehindunames.com/wp-content/uploads/cnesco/8888888.jpg

# Reference: https://twitter.com/JAMESWT_MHT/status/1271486893188886531
# Reference: https://pastebin.com/L8JGi5nE

leeephee.top
withifceale.top
wpsnoum.pw
wsaexdig.pw
xeemoquo.top

# Reference: https://twitter.com/JAMESWT_MHT/status/1272522078252609538
# Reference: https://pastebin.com/wfQduHVS
# Reference: https://app.any.run/tasks/c5fe9c77-58b8-4e45-9df9-a0fa5e41a627/

sehgalestates.co.in/zvufsph/8888888.png
dentixdentalcare.com/ftoddj/8888888.png
fooodshooters.com/enlokgqs/8888888.png
new.carfinancehotline.ca/lqjdqsckuihv/8888888.png
altuspsg.com/fyhhqlmq/8888888.png

# Reference: https://twitter.com/Bank_Security/status/1272787094319095809

w1.plenimusic.com/fakes/

# Reference: https://twitter.com/0xCARNAGE/status/1274062746716438528
# Reference: https://app.any.run/tasks/78977d8c-8907-418d-87ae-bfbddd3d611d/

savemall.store/shiolmqj/33333333.png
tshirtstirupur.com/zbdmzdogdptt/33333333.png
maxacerna.org/ekasrroy/33333333.png
kwickshop.co.tz/lwhtksmfrbyh/33333333.png
paschalhildreth.com/bnqcndfbrfc/33333333.png

# Reference: https://pastebin.com/sEPSHH4j

test.africanamericangolfersdigest.com/kkmthjsvf/5555555.png
frankiptv.com/liehyidqtu/5555555.png
klubnika-malina.by/utgritefmjq/5555555.png
centr-toshiba.by/wogvynkombk/5555555.png
marokeconstruction.com.au/hhmzmlqct/5555555.png

# Reference: https://app.any.run/tasks/26bee149-383f-4e98-91b9-3f1a36f821e6/

digisham.ir/cbroi/33333333.png
renukagraphics.com/ttgoccwx/33333333.png
tempusout.co.uk/qqzweuuwqo/33333333.png

# Reference: https://twitter.com/JAMESWT_MHT/status/1275434967418327041

girandolegiobas.it/jvhum/33333333.png

# Reference: https://app.any.run/tasks/133c6579-ee89-45d8-ad4b-ab64bac3a9e7/

40chorr.com/xlgkqwjt/8888888.png

# Reference: https://pastebin.com/WVeqdZu6

hospitaisipiranga.com.br/ewtxh/8888888.png
tahanikhawaji.com/imbya/8888888.png
whichworx.com/bmktzamm/8888888.png

# Reference: https://blog.morphisec.com/qakbot-qbot-maldoc-two-new-techniques
# Reference: https://otx.alienvault.com/pulse/5f40159bcca40ac86178f5a1

forum.insteon.com/suowb/111111.png
marineworks.eu/dwaunrsamlbq/111111.png
nashsbornik.com/rqzvoxtjyhw/555555.png
craniotylla.ch/vzufnt/111111.png
atsepetine.com/evuyrurweyib/555555.png
studiomascellaro.it/wnzzsbzbd/111111.png
nanfeiqiaowang.com/tsxwe/111111.png
maplewoodstore.com/rmwclxnbeput/555555.png
quickinsolutions.com/wfqggeott/111111.png
ankaramekanlari.net/vmnzwr/555555.png
rijschoolfastandserious.nl/rprmloaw/111111.png
akindustrieschair.com/smuvtnrgvmd/55555.png
optovik.store/bkatah/555555.png
akersblog.top/kipql/555555.png
quoraforum.com/btmlxjxmyxb/111111.png
duvarsaatcisi.com/gbmac/555555.png
all-instal.eu/mgpui/555555.png
store.anniebags.com/qyvbyjaiu/555555.png
bronco.is/pdniovzkgwwt/111111.png

# Reference: https://www.virustotal.com/gui/file/c11dccbc459882fa6098a1022c5bb187890ea4ab6ef60d69a11af722ab6699e2/detection

poxclip.com

# Reference: https://research.checkpoint.com/2020/exploring-qbots-latest-attack-methods/
# Reference: https://otx.alienvault.com/pulse/5f484a9c3331ef2fad5e0b74

klubnika-malina.by
centr-toshiba.by
kiesow-auto.de
fortinet-cloud.com
requirejscdn.com
frankiptv.com
factory-hot.com
cersomab.com
marokeconstruction.com.au
callunaconycatcher.com
chs.zarifbarbari.com
asn.crs.com.pa
backup.justthebooks.com
test.africanamericangolfersdigest.com

# Reference: https://twitter.com/malware_traffic/status/1303845647691505667
# Reference: https://pastebin.com/XV3PCBTH

acrinetshop.com.br/arnphkv/55555555.png
anawabighschool.com/lipun/55555555.png
dellenbene.de/wpfsjfcrp/55555555.png
emulatorgame.ir/ocdxvkhvmtjx/55555555.png
evutt.ee/imjzrilmu/55555555.png
hillsborobookkeeping.com/yowyvoux/55555555.png
lojacorpoemente.com.br/beuefuqpd/55555555.png
papadeilumi.it/kupmmngtbbn/55555555.png
sulduzkhabar.ir/fhrhowc/55555555.png
talantinua.com/apawn/55555555.png
corbettasalvatore.com/bolcv/55555555.png
crippacostruzioni.it/jnatzwzp/55555555.png
pauwstoffering.nl/pqwwmqzgjot/55555555.png
serramentispada.it/odisaehjgg/55555555.png

# Reference: https://twitter.com/JAMESWT_MHT/status/1310629325285322752

condochicks.com/ynwnx/222222.png

# Reference: https://twitter.com/j_dubp/status/1310604638404710401

mahathi2.ondemandcreative.com/24.gif

# Reference: https://otx.alienvault.com/pulse/5f734f0ea4be892f4e48a71e

donostiayocio.com/jqmapuowktbb/555555555555.png

# Reference: https://github.com/pan-unit42/tweets/blob/master/2020-09-28-Qakbot-IOCs.txt

condochicks.com/ynwnx/222222.png
ideskonline.com/vzpcwa/222222.png
matterandhome.com/twtao/222222.png
pramars.xyz/psswhqxs/222222.png
exploshot.com/24.gif
foundation.shanto-mariamfoundation.org/24.gif
mahathi2.ondemandcreative.com/24.gif
staging.stikbot.toys/24.gif
pramars.xyz

# Reference: https://twitter.com/ps66uk/status/1313495882495655936
# Reference: https://app.any.run/tasks/5723181d-5681-44e1-b166-08ed4daf7eb1/
# Reference: https://www.virustotal.com/gui/file/be22c42d30ca60a3839bac35e79917944ba74f3912e7327093fd1006c840089e/detection

etlapgyartas.hu/0510.gif

# Reference: https://twitter.com/JAMESWT_MHT/status/1314186304414986240
# Reference: https://app.any.run/tasks/a6075bef-0ca8-4565-bb7e-e2091ffbb979/

rapidlending.club/0810.gif

# Generic

/TealeafTarget.php
/treusparq.php
/tpan/azep.php
/uQnED83/tltZT3.php
/tltZT3.php
/vbtbnvxnrl/22222.png
/ivbglae/22222.png
/yxrw/22222.png
/fczjua/22222.png
/owkf/22222.png
/bpqlrau/2222.png
/fougrzbplzd/2222.png
/olsce/2222.png
/ggmjmxnvzabj/2222.png
/sysaasdyrwt/2222.png
/ynwnx/222222.png
/ynwnx/222222.png
/vzpcwa/222222.png
/twtao/222222.png
/psswhqxs/222222.png
/jbwyga/3333.png
/jwpgqgdwcg/3333.png
/volbgwi/3333.png
/zkqsxgiuc/3333.png
/nkwyacugcyjt/3333.png
/cbroi/33333333.png
/jvhum/33333333.png
/ttgoccwx/33333333.png
/qqzweuuwqo/33333333.png
/bnqcndfbrfc/33333333.png
/ekasrroy/33333333.png
/lwhtksmfrbyh/33333333.png
/shiolmqj/33333333.png
/zbdmzdogdptt/33333333.png
/itfmy/4444.png
/seobfszigf/4444.png
/yaziwtgpugnl/4444.png
/eupsvyto/4444.png
/abfbbq/4444.png
/beads/444444.png
/previous/444444.png
/slider/444444.png
/string/444444.png
/differ/999999.png
/ahrtqqlwe/77777.png
/awoaokzq/77777.png
/hflhgo/77777.png
/scfcgmbjsv/77777.png
/valoub/77777.png
/feature/777777.png
/tpgcy/6666.png
/yaakhc/6666.png
/lqauk/6666.png
/dawfxassh/6666.png
/nxacxffh/6666.png
/pump/55555.png
/spool/8888.png
/docs_tmj/8888.png
/docs_cyq/8888.png
/docs_394/8888.png
/docs_v6n/8888.png
/docs_kxk/8888.png
/cnesco/8888888.jpg
/mjogqxakfxg/8888888.jpg
/pdvav/8888888.jpg
/tbpfdfelf/8888888.jpg
/wifgyfro/8888888.jpg
/fztdvmyodegs/8888888.png
/ilxjzhky/8888888.png
/krtxtkiajk/8888888.png
/pqurjvfpjl/8888888.png
/xfyinzwfwqv/8888888.png
/zxzhmxut/8888888.png
/fyhhqlmq/8888888.png
/afqwno/8888888.png
/oezwkp/8888888.png
/dsancifk/8888888.png
/yjssrdxwb/8888888.png
/iqoehhnywvt/8888888.png
/tcphx/8888888.png
/nujazbwrhjy/8888888.png
/zfbjvvqxktx/8888888.png
/lbbiujdyjy/8888888.png
/gddqez/8888888.png
/gezzf/8888888.png
/zvufsph/8888888.png
/ftoddj/8888888.png
/enlokgqs/8888888.png
/lqjdqsckuihv/8888888.png
/xlgkqwjt/8888888.png
/ewtxh/8888888.png
/imbya/8888888.png
/bmktzamm/8888888.png
/fsxijcpft/5555.png
/turns/55555.png
/xngij/5555.png
/pcixoheru/5555.png
/qjzcgusihgg/5555.png
/avxvwjxvpzh/5555.png
/docs_2re/55555.png
/docs_9qu/55555.png
/docs_bcx/55555.png
/docs_cv0/55555.png
/docs_fbz/55555.png
/docs_xgy/55555.png
/kkmthjsvf/5555555.png
/liehyidqtu/5555555.png
/utgritefmjq/5555555.png
/wogvynkombk/5555555.png
/hhmzmlqct/5555555.png
/arnphkv/55555555.png
/lipun/55555555.png
/wpfsjfcrp/55555555.png
/ocdxvkhvmtjx/55555555.png
/imjzrilmu/55555555.png
/yowyvoux/55555555.png
/beuefuqpd/55555555.png
/kupmmngtbbn/55555555.png
/fhrhowc/55555555.png
/apawn/55555555.png
/bolcv/55555555.png
/jnatzwzp/55555555.png
/pqwwmqzgjot/55555555.png
/odisaehjgg/55555555.png
/e/88888.png
/fjtpbqbq/88888.png
/iulbxki/88888.png
/phsse/88888.png
/rrigg/88888.png
/uyc/88888.png
/zeksv/88888.png
/ioxix/88888.png
/muvolifvmg/88888.png
/axtcud/88888.png
/ewbaleo/88888.png
/gdjcigc/88888.png
/bkatah/555555.png
/btmlxjxmyxb/111111.png
/dwaunrsamlbq/111111.png
/evuyrurweyib/555555.png
/gbmac/555555.png
/kipql/555555.png
/mgpui/555555.png
/pdniovzkgwwt/111111.png
/qyvbyjaiu/555555.png
/rmwclxnbeput/555555.png
/rprmloaw/111111.png
/rqzvoxtjyhw/555555.png
/smuvtnrgvmd/55555.png
/suowb/111111.png
/tsxwe/111111.png
/vmnzwr/555555.png
/vzufnt/111111.png
/wfqggeott/111111.png
/wnzzsbzbd/111111.png
/rqfardzsgihu/555555555.png
/jqmapuowktbb/555555555555.png

# IP connections

104.153.240.6:2222
104.173.119.54:2222
104.174.71.153:2222
104.221.4.11:2222
104.32.185.213:2222
107.15.153.110:8443
108.184.57.213:8443
108.190.151.108:2222
109.106.69.138:2222
109.209.94.165:2222
111.125.70.30:2222
116.30.4.51:2222
116.72.208.166:2222
116.72.213.83:2222
118.93.167.173:2222
119.157.106.105:3389
120.147.65.97:2222
120.147.83.120:2222
122.148.156.131:995
130.25.130.19:2222
142.117.191.18:2222
144.202.38.185:2222
144.202.38.185:995
146.199.132.233:2222
146.200.250.17:2222
146.200.250.36:2222
149.28.101.90:2222
149.28.101.90:8443
149.28.101.90:995
149.28.98.196:2222
149.28.98.196:995
149.28.99.97:2222
149.28.99.97:995
150.143.128.70:2222
151.242.43.85:32103
151.242.62.59:32103
166.62.180.194:2078
171.100.86.168:2222
172.115.177.204:2222
172.58.107.229:2222
172.87.157.235:3389
173.163.115.89:2078
173.18.126.193:2222
173.197.22.90:2222
173.21.10.71:2222
173.22.120.11:2222
173.22.125.129:2222
173.247.186.90:2087
173.26.65.44:50010
174.30.165.242:2222
174.34.67.106:2222
176.193.14.165:2222
176.202.187.129:61201
176.205.222.30:2078
176.205.222.30:2222
176.223.0.185:2222
176.223.35.19:2222
176.223.43.145:2222
176.223.7.75:2222
178.193.33.121:2222
178.193.38.188:2222
182.190.19.241:3389
183.82.100.249:2222
184.167.2.251:2222
184.180.157.203:2222
184.191.61.13:32100
184.90.139.176:2222
186.47.208.238:50000
186.94.173.62:2078
187.194.16.208:2222
187.250.238.164:995
188.127.231.114:2222
188.25.223.107:2222
188.25.233.157:2222
188.26.150.82:2222
188.26.178.176:2222
188.27.166.186:2222
188.52.106.206:20
189.163.230.27:2222
189.222.216.44:443
189.222.59.177:443
189.250.115.177:2222
190.198.124.212:2078
190.204.58.240:2078
190.75.167.44:2222
190.75.173.8:2078
193.248.221.184:2222
193.248.44.2:2222
195.162.106.93:2222
195.6.1.154:2222
196.194.28.127:2222
196.194.74.33:2222
196.194.76.68:2222
196.194.77.181:2222
196.194.84.165:2222
196.221.15.34:6881
196.221.207.137:995
197.210.96.222:995
197.45.110.165:995
2.232.253.79:995
2.45.53.40:2222
2.50.153.20:2222
2.50.159.112:2222
2.50.161.6:2222
2.50.47.97:2222
2.7.116.188:2222
2.7.202.106:2222
2.7.65.32:2222
2.7.69.217:2222
2.86.41.23:2222
200.140.154.174:2222
201.209.0.55:2078
201.209.218.89:2078
201.209.22.209:2078
201.209.4.83:2078
201.248.122.51:2078
206.51.202.106:5000
206.51.202.106:50002
206.51.202.106:50003
207.246.116.237:2222
207.246.116.237:8443
207.246.116.237:995
207.246.77.75:2222
207.246.77.75:8443
207.246.77.75:995
207.255.161.8:2078
207.255.161.8:2087
207.255.161.8:2222
207.255.161.8:32100
207.255.161.8:32102
207.255.161.8:32103
209.182.121.133:2222
209.210.187.52:995
213.120.109.73:2222
213.31.203.38:2222
216.137.140.236:2222
216.150.207.100:2222
216.21.168.27:32101
216.21.168.27:50000
216.215.77.18:2078
216.221.73.45:2222
216.8.170.82:2222
217.133.54.140:32100
217.165.164.57:2222
220.135.31.140:2222
222.195.69.36:2078
23.49.13.33:7000
24.100.46.201:2222
24.110.14.40:3389
24.136.33.120:2222
24.184.5.251:2222
24.184.6.58:2222
24.201.61.153:2078
24.201.68.105:2078
24.201.68.105:2087
24.201.79.208:2078
24.202.42.48:2222
24.203.221.252:2222
24.203.36.180:2222
24.203.64.26:2222
24.228.185.224:2222
24.229.150.54:995
24.231.54.185:2222
24.26.1.14:2222
24.27.82.216:2222
24.44.142.213:2222
24.44.180.236:2222
24.46.40.189:2222
31.50.210.205:2222
31.53.49.169:2222
35.142.12.163:2222
35.142.24.147:2222
37.116.152.122:2222
37.182.238.170:2222
37.210.160.50:61201
45.32.211.207:2222
45.32.211.207:8443
45.32.211.207:995
45.37.57.119:2222
45.45.51.182:2222
45.46.53.140:2222
45.63.107.192:2222
45.63.107.192:995
45.67.231.247:995
45.77.115.208:2222
45.77.115.208:8443
45.77.115.208:995
45.77.117.108:2222
45.77.117.108:8443
45.77.117.108:995
47.39.177.171:2222
47.48.236.98:2222
49.144.81.46:8443
49.28.99.97:2222
5.107.144.131:2222
5.107.157.6:2222
5.107.208.94:2222
5.107.229.6:2222
5.107.232.32:2222
5.12.213.152:2222
5.12.214.109:2222
5.14.44.173:2222
5.15.90.159:2222
5.193.175.12:2078
5.193.178.241:2078
5.193.181.221:2078
5.193.61.212:2222
5.233.222.211:61202
5.233.232.81:61202
5.89.115.73:2222
50.198.141.161:2078
50.29.166.232:995
51.9.198.164:2222
54.36.108.120:65400
62.38.111.70:2222
63.155.9.141:995
63.230.11.201:2083
63.230.2.205:2083
64.72.102.10:2222
65.100.247.6:2083
65.169.66.123:2222
65.30.213.13:6882
66.25.168.167:2222
66.76.255.133:2078
67.200.146.98:2222
67.209.195.198:3389
67.214.201.117:2222
67.5.33.229:2078
67.60.113.253:2222
67.7.2.109:2222
67.82.244.199:2222
67.83.122.112:2222
67.83.54.76:2222
67.87.38.242:2222
68.14.210.246:22
68.14.210.246:2222
68.207.33.232:2222
68.207.39.244:2222
69.58.147.82:2078
70.123.92.175:2222
70.168.130.172:995
70.21.182.149:2222
70.54.25.76:2222
70.62.160.186:6883
70.74.159.126:2222
70.95.94.91:2078
70.95.94.91:2222
71.12.214.209:2222
71.163.224.206:443
71.217.112.41:2222
71.220.186.241:2222
71.221.224.19:2222
71.222.141.81:61200
71.41.184.10:3389
71.57.230.51:50000
71.69.128.2:2222
71.77.252.14:2222
72.204.242.138:2078
72.204.242.138:2087
72.204.242.138:32100
72.204.242.138:32102
72.204.242.138:50001
72.204.242.138:50003
72.204.242.138:53
72.204.242.138:6881
72.224.213.98:2222
72.231.224.122:2222
72.240.200.181:2222
72.255.200.129:2222
72.255.200.69:2222
72.29.181.77:2078
72.29.181.77:2083
72.29.181.77:2222
72.29.181.78:2078
72.36.59.46:2222
73.152.213.187:80
73.183.145.218:2222
73.216.60.90:2222
73.25.124.140:2222
74.222.204.82:995
74.73.120.197:443
74.88.112.250:2222
74.90.76.128:2222
75.109.193.173:2087
75.109.193.173:8443
75.131.72.82:2087
75.161.36.21:2222
75.165.112.82:50002
75.182.220.196:2222
75.183.171.155:3389
75.86.193.144:2222
76.14.129.53:2222
76.172.59.56:2222
76.182.33.43:2222
76.187.97.98:2222
76.67.162.70:2222
76.86.57.179:2222
76.94.200.148:995
77.132.113.187:2222
77.211.30.202:995
77.27.204.204:995
78.94.55.26:50003
79.129.252.62:2222
79.166.83.103:2222
80.106.85.24:2222
80.11.173.82:8443
80.11.5.65:2222
80.14.209.42:2222
80.195.103.146:2222
81.133.234.36:2222
81.147.42.176:2222
81.147.42.195:2222
81.147.42.227:2222
81.150.181.168:2222
81.214.126.173:2222
82.12.157.95:995
82.127.125.209:990
82.127.193.151:2222
82.77.169.118:2222
83.110.108.100:2222
83.110.108.161:2222
83.110.108.181:2222
83.110.108.38:2222
83.110.109.155:2222
83.110.109.164:2222
83.110.109.252:2222
83.110.12.140:2222
83.110.9.71:2222
83.196.56.65:2222
83.202.68.220:2222
83.25.10.201:2222
83.25.14.84:2222
83.25.18.252:2222
83.25.3.51:2222
83.25.31.13:2222
83.79.2.218:2222
84.232.252.202:2222
84.247.55.190:8443
84.78.128.76:2078
85.132.36.111:2222
85.25.211.31:65400
85.52.72.32:2222
85.58.200.50:2222
85.7.22.186:2222
86.121.121.14:2222
86.121.95.169:2222
86.121.95.197:2222
86.122.251.89:2222
86.122.254.67:2222
86.123.95.59:2222
86.125.140.0:2222
86.126.108.242:2222
86.126.97.183:2222
86.127.144.244:2222
86.153.98.125:2222
86.153.98.2:2222
86.153.98.35:2222
86.153.98.37:2222
86.153.98.75:2222
86.163.174.7:2222
86.182.234.245:2222
86.183.127.100:2222
86.218.67.235:2222
86.220.60.133:2222
86.220.60.247:2222
86.220.62.251:2222
86.233.4.153:2222
86.236.77.68:2222
86.248.16.253:2222
86.97.146.204:2222
86.98.49.75:2078
86.98.89.78:2222
86.98.93.124:2078
87.115.53.122:2222
87.202.87.210:2222
88.106.237.152:2222
88.111.255.235:2222
89.137.211.239:995
89.35.93.254:2222
89.45.102.218:2222
90.101.117.122:2222
90.101.62.189:2222
90.174.217.251:2222
90.175.88.99:2222
90.43.120.113:2222
90.43.6.185:2222
90.65.234.26:2222
90.65.236.181:2222
90.68.84.121:2222
92.1.83.210:2222
92.137.138.52:2222
92.154.83.96:2078
92.154.83.96:2222
92.17.167.87:2222
92.5.146.37:2222
92.59.35.196:2222
93.118.214.168:2222
93.149.253.201:2222
96.20.108.17:2222
96.20.238.2:2078
96.20.238.2:2083
96.20.238.2:2087
96.20.238.2:2222
96.20.238.2:61201
96.21.251.127:2222
96.22.239.27:2222
96.23.62.35:2222
96.27.47.70:2222
96.35.170.82:2078
96.35.170.82:2222
96.56.237.174:32103
96.57.188.174:2222
97.127.144.203:2222
97.69.160.4:2222
97.84.210.38:2222
98.16.70.197:2222
98.207.89.76:2222
98.23.52.168:2222
98.30.44.223:2222

# Reference: https://app.any.run/tasks/b9a2ae6f-4feb-451d-adbf-779e82c45009/

piket.smkyaspim.sch.id

# Reference: https://app.any.run/tasks/7c061adf-e2e1-45b3-91dc-81151117dd9d/

citycarmen.com/lvhyf/

# Reference: https://blog.malwarebytes.com/cybercrime/2020/11/qbot-delivered-via-malspam-campaign-exploiting-us-election-uncertainties/

http://95.77.144.238
china.asiaspain.com/tertgev/1247015.png

# Reference: https://twitter.com/ankit_anubhav/status/1324306444334764033
# Reference: https://app.any.run/tasks/84f1e2cb-577f-4582-9cd8-36e92d60b897/

nics.co.id/yftxdru/1254750.png

# Reference: https://www.virustotal.com/gui/ip-address/172.87.157.235/relations

http://172.87.157.235/t3

# Reference: https://twitter.com/dark0pcodes/status/1327297011155152896
# Reference: https://twitter.com/1ZRR4H/status/1327358754501877762
# Reference: https://twitter.com/dark0pcodes/status/1333788584009101315
# Reference: https://twitter.com/jfslowik/status/1336354790192758785

cloudplatformsnq.com
fortinet-cloud-storage.com
fortinet-storage.com
fortinet-storage-class.com

# Reference: https://twitter.com/jstrosch/status/1332576642493984769

/lxjhux/923753.jpg

# Reference: https://www.virustotal.com/gui/file/a07e0fbaa48ba6e7fed7f97d46e32d78fe45f0a64fe0c59661ca12a1122b6057/detection
# Reference: https://www.virustotal.com/gui/domain/auroratd.cf/relations

auroratd.cf

# Reference: https://twitter.com/p5yb34m/status/1334216244308844545
# Reference: https://twitter.com/InQuest/status/1334427406027927553
# Reference: https://twitter.com/dms1899/status/1334420005887291392
# Reference: https://twitter.com/malware_traffic/status/1334969751509094402
# Reference: https://twitter.com/baberpervez2/status/1334653257197768704
# Reference: https://twitter.com/malware_traffic/status/1336136217004478465

/acavskwwkh/423323.jpg
/mmyubbktjopl/423323.jpg
/sqkqkx/423323.jpg
/eksmablcflfg/423323.jpg
/bxdskxok/423323.jpg
/rrblvgkx/423323.jpg
/uqiyr/423323.jpg
/yvwyz/423323.jpg
/nkmqsjd/904400.jpg
/aflwjjneuxg/904400.jpg
/mjbgpabrmph/590906.jpg
/glpmfgve/590906.jpg
/jjjjrfkb/590906.jpg
/uxpjm/590906.jpg
/cnevzpw/590906.jpg
/pmiore/590906.jpg
/wrfebtq/590906.jpg
/wlbleqhpxy/590906.jpg

# Reference: https://app.any.run/tasks/aab68f80-e4df-46cd-9dd6-8f6127336a0f/

/svgqcnjto/590906.jpg

# Reference: https://twitter.com/killamjr/status/1338924486419165186

ventas.website
/lewhqfhdky/5555555555.jpg

# Reference: https://twitter.com/MSteve25/status/1339181272812441601
# Reference: https://twitter.com/Mesiagh/status/1338946344174538752
# Reference: https://twitter.com/bit_dam/status/1341820952196251648

/aypgwsssu/5555555555.jpg
/criizszfsx/5555555555.jpg
/ddqgokffk/5555555555.jpg
/dubpsw/5555555555.jpg
/fvrxhmox/5555555555.jpg
/hjqipbuqsis/5555555555.jpg
/ozkuclxvlgjf/5555555555.jpg
/svwcp/5555555555.jpg
/xhrcex/5555555555.jpg
/zhsvrgfcs/5555555555.jpg

# Reference: https://twitter.com/reecdeep/status/1339973819470114823

demex.ro
onelink.com.bd/ds/1712.gif
/ds/1712.gif

# Reference: https://twitter.com/reecdeep/status/1352267772886216709
# Reference: https://tria.ge/210121-napv9vzmda

bbpqtf.com/qextstpcuumf/5555555555.jpg
digital-box.fr/hjmrcv/5555555555.jpg
leafybuy.com/norzygt/5555555555.jpg
rishtee.com/zbpxyo/5555555555.jpg
webdevelopmentinlahore.com/whoqvn/5555555555.jpg
/hjmrcv/5555555555.jpg
/norzygt/5555555555.jpg
/qextstpcuumf/5555555555.jpg
/whoqvn/5555555555.jpg
/zbpxyo/5555555555.jpg

# Reference: https://www.virustotal.com/gui/file/43fae3b384cd8ca7215b4baf9fd92d753be82b8eaf534b61b9762ee0f5843107/detection
# Reference: https://www.virustotal.com/gui/file/350e16ad2db661167dad6a457aa6970568fb24948001eb1c389cee57504237d5/detection

kangaroo.techonext.com/spywwafea/5555555555.jpg
/spywwafea/5555555555.jpg

# Reference: https://twitter.com/reecdeep/status/1356957674114580483

farias.art.br/ds/0302.gif

# Reference: https://twitter.com/reecdeep/status/1357280290427842561

mywebscrap.com/ds/0402.gif

# Reference: https://twitter.com/reecdeep/status/1357709480587382794

awakenbeautyhq.com/ds/0502.gif

# Reference: https://twitter.com/reecdeep/status/1358787552753430528

fastswitch.org/ds/0702.gif
flipahousebook.com/ds/0702.gif

# Reference: https://twitter.com/reecdeep/status/1359172653442039808

batarey.net/bcorucporp
panic-studios.dk/zqbvc
unit4.space/bjpeqzfvs
interluxcargo.kz/xncvbcbzw
immanta.com/zrqzfrsvu
lagacetadelopositor.com/sdrbzodvwi
test.frogmood.com/wssxsgqu

# Reference: https://twitter.com/reecdeep/status/1359467670148698113

upgradedagent.com/ds/1002.gif

# Reference: https://twitter.com/ps66uk/status/1361302529871654912
# Reference: https://twitter.com/reecdeep/status/1361305219016101891

darmatic.co.rs/ds/1502.gif
lmvidros.com.br/ds/1502.gif
zmprintingbd.com/ds/1502.gif

# Reference: https://twitter.com/reecdeep/status/1362030594264358914

intellectsmart.in/ds/1702.gif
transcription.net.au/ds/1702.gif

# Reference: https://twitter.com/reecdeep/status/1362404765137788929

lloydsindian.co.uk/ds/1802.gif

# Reference: https://urlhaus.abuse.ch/browse/tag/SilentBuilder/

118travel.net/ds/1512.gif
12.ossmarcial.com/ds/0812.gif
123sellfast.com/ds/2312.gif
62.113.113.250/ds/11.gif
62.113.117.225/ds/11.gif
81.4.106.224/ds/1002.gif
acarchidesign.com/ds/0402.gif
adapttostress.co.za/ds/0502.gif
africaincoming.com/ds/1002.gif
alkem.ro/ds/021220.gif
alnujaifi-portal.com/ds/3101.gif
alphabravo.com.br/ds/1702.gif
artwebsite.uk/ds/1512.gif
asimarsy.mycpanel.rs/ds/0902.gif
aula-web.space/ds/2112.gif
aurobliss.com/ds/1502.gif
auroratd.cf/ds/291120.gif
autoabi.pl/ds/021220.gif
awakenbeautyhq.com/ds/0502.gif
axwaydatamasters.com/ds/0502.gif
backup.agewsage.com/ds/1412.gif
bagrover.com/ds/291120.gif
barastea.com/ds/061220.gif
behendige-boxers.nl/ds/0902.gif
bellababy.com.sa/ds/0902.gif
bhtt.vn/ds/021220.gif
birdexim.com/ds/231120.gif
bizarrestudio.net/ds/1612.gif
body.inmedlabs.co.ke/ds/1702.gif
boomideas.pro/ds/0902.gif
bsma.com.bd/ds/2112.gif
bucklindata.net/ds/061220.gif
bumka.com.ua/ds/291120.gif
cacso.org.ng/ds/041220.gif
cards.vaults.ga/ds/0812.gif
casadodestino.com/ds/1802.gif
castingparaguay.com/ds/3101.gif
ccvip.ca/ds/021220.gif
chili.id/ds/041220.gif
clinica-cristal.com/ds/3101.gif
cloud.sofal.com.my/ds/2112.gif
cnc-burundi.bi/ds/2112.gif
compucamp.ink/ds/0502.gif
comunaolari.ro/ds/2112.gif
cpc-spa.cl/ds/021220.gif
crizal.gr/ds/1002.gif
curs.mariamarian.md/ds/1702.gif
cyantech.com/ds/041220.gif
dahasa.danaweb.vn/ds/061220.gif
dailyswail.org/ds/1612.gif
dcain.physio123.com/ds/1602.gif
debragordon.com/ds/1712.gif
demex.ro/ds/1712.gif
depositoclara.com.br/ds/0702.gif
dev.northzone.it/ds/2312.gif
dev.zemp.com/ds/291120.gif
distribuidoramc.com/ds/0502.gif
dpoonabakers.com/ds/1512.gif
dropclose.com/excel/shared.xls
dtmh.gr/ds/231120.gif
duburimusic.com/ds/0812.gif
duniaraha.com/ds/0902.gif
eliteblogspot.com/ds/0702.gif
elixerdigitall.com/ds/1412.gif
ermi.co.zw/ds/2312.gif
etechpk.net/ds/1512.gif
events.sayphin.org/ds/0302.gif
expandcpa.com/ds/291120.gif
eyeqoptical.ca/ds/0302.gif
eyeqoptical.ca/ds/3101.gif
fangs.co.in/ds/1512.gif
farias.art.br/ds/0302.gif
fcco1936.com/ds/231120.gif
ffa.odessa.ua/ds/1512.gif
foresah.com/ds/1712.gif
fotospek.com/ds/2112.gif
ftabajamexicali.com/ds/1002.gif
fu5on.com/ds/231120.gif
furgonsuperior.com/ds/2112.gif
gbhtrade.com.br/ds/3101.gif
gener8media.gi/ds/061220.gif
gerrusi.ru/ds/021220.gif
globaltravel-jo.com/ds/2112.gif
gotoshopping.pk/ds/1502.gif
gravitysoft.in/ds/1712.gif
groupeicaetudes.com/ds/0302.gif
gst-system.com/ds/0902.gif
gtroot.edulinellc.mn/ds/0502.gif
guarartloja.com.br/ds/2112.gif
halalcosmetics.uz/ds/2112.gif
hannesc.com/ds/2112.gif
he.thenamestork.com/ds/1512.gif
hoyamu.tellwhom.com/ds/1512.gif
hwsm-global.com/ds/2312.gif
icveritas.pe/ds/1002.gif
imzps.co.za/ds/041220.gif
inpulsion.net/ds/0702.gif
instamef.webd.pl/ds/0812.gif
israrulhaq.me/ds/1312.gif
izmirburo.com/ds/0812.gif
jathra.co.uk/ds/0402.gif
joostpieter.com/ds/1412.gif
jordanbetterworkplace.org/ds/1802.gif
jordanembassy.or.id/ds/1502.gif
joycapas.com.br/ds/0402.gif
kabinarf.ru/ds/0402.gif
kashful.softwarebd.biz/ds/1802.gif
kavok.ind.br/ds/2312.gif
kbpertiwi.sch.id/ds/0702.gif
keatonberry.me/ds/1412.gif
kelwinsales.com/ds/1702.gif
kgvidhyashram.in/ds/1512.gif
khaugalliindia.com/ds/0812.gif
kientrucadhome.vn/ds/1512.gif
kiniti.net/ds/0402.gif
kliksini.web.id/ds/061220.gif
l.loungu.com/ds/231120.gif
legalpyramids.com/ds/1312.gif
lenimar.com/ds/021220.gif
level-travel.com/ds/2112.gif
linhtumblr.com/ds/2312.gif
luxtorcred.com.br/ds/1002.gif
m2melectronica.com.ar/ds/1002.gif
man.myanmarfas.com/ds/2112.gif
mapleleafnetwork.net/ds/1502.gif
marcostrombetta.com.br/ds/1802.gif
marka.mikronexus.net/ds/0302.gif
martastrubing.com/ds/1002.gif
masadahtime.com/ds/0812.gif
me48.ru/ds/231120.gif
mecamath.com/ds/1712.gif
medstori.com/ds/0902.gif
mempresariales.com/ds/061220.gif
mercados247.com/ds/1602.gif
micmart.store/ds/291120.gif
minet-it.com/ds/021220.gif
miraclecollagen.co.za/ds/1802.gif
mmsesquadrias.com.br/ds/1002.gif
my.loungu.com/ds/1312.gif
mygrandmomskitchen.com/ds/1802.gif
narumi.mn/ds/041220.gif
nearlearn.com/ds/1612.gif
net.cyantech.com/ds/0402.gif
news24mrl.com/ds/1312.gif
newstimeurdu.com/ds/3101.gif
ngoonlinebd.com/ds/0402.gif
novavista.com.py/ds/1612.gif
nrdsbd.org/ds/0702.gif
nyuscape.xyz/ds/291120.gif
ochko123.net/details.xls
oleohitec.com.co/ds/1612.gif
omenstyle.pk/ds/2112.gif
onelink.com.bd/ds/1712.gif
outdoorsphoto.net/ds/1512.gif
p-clone.net/ds/021220.gif
pamltd.co.uk/ds/1502.gif
pin.crptechs.com/ds/0702.gif
planetaiphone.com.mx/ds/0902.gif
platechmold.co.id/ds/1002.gif
pos.staysafe.pk/ds/1412.gif
pqrs.enelar.net.co/ds/1002.gif
prisecomparer.com/ds/1512.gif
probit.digital/ds/0402.gif
proco.lt/ds/021220.gif
rdpspuraini.com/ds/1612.gif
rebeccaumblewhite.com/ds/0502.gif
remacon.net/ds/3101.gif
remedial.aaua.edu.ng/ds/1502.gif
rhinoclothes.com/ds/2312.gif
ruggedcall.com/ds/1002.gif
s-system.ba/ds/1702.gif
sadgad.ru/ds/231120.gif
safetylad.com/ds/2312.gif
saisoftwareinc.com/ds/1002.gif
savasaachi.systems/ds/0302.gif
secam.mycpanel.rs/ds/1002.gif
seligue.net/ds/231120.gi
servicespro.com.pk/ds/3101.gif
shop.paritetdom.ru/ds/1612.gif
shopee.gr/ds/021220.gif
skconstruction.info/ds/3101.gif
ski-travel.pl/ds/231120.gif
skycitymall.co.in/ds/0812.gif
smartgal.us/ds/041220.gif
smf.design4u.ca/ds/0702.gif
softwarecpanel.com/ds/2112.gif
starminimall.com/ds/061220.gif
stevie-m.co.uk/ds/0302.gif
sunmarkholidays.com/ds/0702.gif
surmaconcrete.com/ds/1412.gif
swedenfoods.net/ds/1712.gif
syifabioderma.com/ds/0902.gif
tacefradio.com/ds/1312.gif
tact9.in/ds/1612.gif
talkeasy.in/ds/2312.gif
tearsoftheearth.org/ds/0702.gif
test.dawwie.com/ds/0812.gif
tetek.ru/ds/041220.gif
th.czonediver.com/ds/061220.gif
thetravelingcard.com/ds/0302.gif
tiesta.in/ds/291120.gif
titanautomobiles.com/ds/1002.gif
tolensociety.com/ds/1312.gif
toptipsoffice.us/data_order.php
toptoffice.us/data_order.php
toyotacollege.ac.th/ds/1312.gif
tt-office.us/data_order.php
ttoffices.us/order_data.php
tv5a.com.br/ds/1612.gif
upsfrance-download.com/ireo.png
used-jeans.fr/ds/1702.gif
utbapp.poweritbd.com/ds/0302.gif
vdonkihot.ru/ds/041220.gif
vendedorfenix.com/ds/1602.gif
vestelbd.com/ds/1802.gif
viraugra.com/ds/291120.gif
vmusicsound.com/ds/1412.gif
vytyazhki.by/ds/291120.gif
xn--72c0bbr3dtble.com/ds/0902.gif
yamm.com.my/ds/2312.gif
yanyosa.com/ds/021220.gif

# Reference: https://twitter.com/p5yb34m/status/1362469846634491904
# Reference: https://pastebin.com/raw/7mH09Yyv

biblicalisraeltours.com/otmchxmxeg/
jugueterialatorre.com.ar/xjzpfwc/
pathinanchilearthmovers.com/eznwcdhx/
rzminc.com/fdzgprclatqo/
rzminc.com/xklyulyijvn/

# Reference: https://twitter.com/wato_dn/status/1362661494198996993
# Reference: https://tria.ge/210219-velay7211j

7ruzezendegi.com/samsgtlfwzt/
batikentklinik.com/qtuofsxtov/
chandni.pk/ictrljsfuh/
dindorf.com.ar/ntpnttfypqs/
miaovideo.com/wwdtfgdlijlr/

# Reference: https://twitter.com/p5yb34m/status/1362879210952400902
# Reference: https://pastebin.com/raw/8rth91je

erp.demosoftware.biz/focahjqevd/
jayshreewoods.com/gvazzbwlvyk/
parama-college.id/yxpmmmg/
raivens.com/zdmqwymhhza/
sportsmarquee.com/hmffuzbolyio/

# Reference: https://twitter.com/reecdeep/status/1362716892792823809

i345999.hera.fhict.nl/ds/1902.gif

# Reference: https://twitter.com/reecdeep/status/1363853849283428354

mavenconsulting.com.pk/ds/2202.gif

# Reference: https://twitter.com/p5yb34m/status/1364646433517752322

fernway.com/xjhuljbqv/
hdmedia.pro/noexyryqori/
stadt-fuchs.net/gwixglx/
sumonpro.xyz/nseoqnwbbvmc/
vngkinderopvang.nl/rmyjq/

# Reference: https://twitter.com/pmmkowalczyk/status/1364850641433219074

dicomm-001-site35.ctempurl.com/pmslsda/
dnvillas.com/ncmlzqphuqma/
eventpeople.pro/cfuizfotpz/

# Reference: https://twitter.com/fr0s7_/status/1365308651636989954

rlyrt26rnxw02vqijgs.com

# Reference: https://twitter.com/reecdeep/status/1366406191312683009
# Reference: https://twitter.com/peterkruse/status/1366407348202389505
# Reference: https://twitter.com/InQuest/status/1366447657904992259
# Reference: https://github.com/pan-unit42/tweets/blob/master/2021-03-01-IcedID-IOCs.txt

emqjj27ljgl02hqqzi.com
jqilt27xsbz02anaeu.com
nygvj27cvlk02cktf.com
rlvq27rmjej02sfvb.com
vyw27lfrvoj02kkxo.com
wnah27frybfe02sadb.com
/fedara.gif

# Reference: https://isc.sans.edu/forums/diary/Qakbot+infection+with+Cobalt+Strike/27158/
# Reference: https://otx.alienvault.com/pulse/603fd483e52dabf8b0e6223d
# Reference: https://www.virustotal.com/gui/ip-address/8.209.64.96/relations

beazf26awkee02gvog.com
cyh26wcekai02atpeax.com
emqjj27ljgl02hqqzi.com
fb25d3a23hy.com
fb25d3add23hy.com
fb25d3as23hy.com
fb25d3asddd23hy.com
fb25d3erda23hfy.com
fb25era23hfy.com
fb25erhfy.com
gbza26rngn02bekll.com
ghtyrncjf2df.com
hqn27dyhvwp02wznv.com
hqzf28ebdjjm02ywyxek.com
jqilt27xsbz02anaeu.com
kfzhm28pwzrlk02bmjy.com
nvrih26coxejl02enyfn.com
nwvv27dwmy02bgznc.com
nygvj27cvlk02cktf.com
pbdq26xjey02uprxwx.com
pxiw28jgmb02slcqxq.com
qab26utxb02pquc.com
qcywk28rcywfw02ehij.com
qxloq28vhjko02eiiagg.com
rea26ypgvle02hcbunp.com
rlvq27rmjej02sfvb.com
rlyrt26rnxw02vqijgs.com
sbr28gizur02fcxtz.com
sfhbv28xhvi02fbok.com
toj27nlpr02irajz.com
toqku26hwpu02shuroh.com
ugrl28bxsnh02kohk.com
uovxx28jqdgp02kzseg.com
vyhml26anpfyb02aqsehz.com
vyw27lfrvoj02kkxo.com
wlog28dzzmi02spfin.com
wnah27frybfe02sadb.com
ydw27hfhbk02zpidmv.com

# Reference: https://pastebin.com/XvH8rDBD

cidn02mjco03pobx.com
dskl02touc03jeby.com
etysu02scnabr03wzaxue.com
hqcaz02egeq03bvmhm.com
inpa02lzjvt03anas.com
lic02uiccnh03nruvp.com
ououz02naba03oiyd.com
ppk02dmgmzj03dxekog.com
uhfa02eknih03swzdku.com
zkkn02lffiff03zkmh.com

# Reference: https://tria.ge/210305-z4hdat5hzs/static1

dzw10jpcgj03fckc.com

# Reference: https://www.virustotal.com/gui/ip-address/8.208.97.177/relations

cfkko03vvxohq03taep.com
cidn02mjco03pobx.com
cyh26wcekai02atpeax.com
emqjj27ljgl02hqqzi.com
etysu02scnabr03wzaxue.com
fb25d3add23hy.com
fb25d3as23hy.com
fb25d3asddd23hy.com
fb25d3erda23hfy.com
ftkaq03ihfbh03rehx.com
gbza26rngn02bekll.com
ghtyrncjf2df.com
hei03tfxv03mahl.com
ihjpn03sijjl03dtmtr.com
jam03iofwv03jniedf.com
kyvws03ndah03hecon.com
lic02uiccnh03nruvp.com
pbdq26xjey02uprxwx.com
qab26utxb02pquc.com
sal03gicu03qcwtif.com
toqku26hwpu02shuroh.com
vpu03jivmm03qncgx.com
xgka03stox03cloeqz.com
yar03jmtvr03jtqg.com
ydw27hfhbk02zpidmv.com
zkkn02lffiff03zkmh.com

# Reference: https://www.virustotal.com/gui/ip-address/35.228.62.27/relations
# Reference: https://www.virustotal.com/gui/file/d9eded39c99656747708e72c395c9a542d427e588c5343c8e512262f3a42f35b/detection

jhj10jtvwu03zsjwk.com
tmrz10fxhy03ntxjf.com
ttj10qrrqx03kdts.com
xjw10whta03ytgdi.com
ywgiu10zmnwcx03vpnyp.com

# Reference: https://twitter.com/reecdeep/status/1370032331914895360

caqp10snyod03msvsqu.com

# Reference: https://www.virustotal.com/gui/file/e15245fdf2ed6b28499cddd0961265247df5c69158016d0a6e125abbdee49ebb/detection
# Reference: https://www.virustotal.com/gui/ip-address/8.210.31.137/relations

ablefullrun.xyz
actschoolserious.xyz
actsincenose.xyz
actuallyrecognizepack.xyz
afterfreecolou.xyz
agentteartoward.xyz
agreekillsleep.xyz
airtinybrother.xyz
alreadyemptylock.xyz
ammotionmany.xyz
amr16pzcp03omerd.com
amr16pzcp03omerd.xyz
anywayhourtrue.xyz
apartmentmomentgod.xyz
armhowlettershouldr.xyz
armycertainblade.xyz
aroundlatebeen.xyz
attentiongrowdistance.xyz
bedwhoelevator.xyz
belowshopboat.xyz
bpxe15jijmh03ubiwhh.xyz
bqx12lnjk03rrdio.xyz
burstuniformreturn.xyz
calmshipchance.xyz
caqp10snyod03msvsqu.com
cfkko03vvxohq03taep.com
cidn02mjco03pobx.com
commandbebetween.xyz
coollivingmind.xyz
cyh26wcekai02atpeax.com
darkfoodlight.xyz
dskl02touc03jeby.com
dzw10jpcgj03fckc.com
emqjj27ljgl02hqqzi.com
etysu02scnabr03wzaxue.com
everythincausenews.xyz
evz15lmlir03sygmyr.xyz
fb25d3a23hy.com
fb25d3add23hy.com
fb25d3as23hy.com
fb25d3asddd23hy.com
fb25d3erda23hfy.com
fb25era23hfy.com
fb25erhfy.com
fqzzj16gndioz03mxadr.com
fqzzj16gndioz03mxadr.xyz
frownexpressionfoot.xyz
ftkaq03ihfbh03rehx.com
fyz10eijkl03mytjfb.com
gbza26rngn02bekll.com
gcfxb12aefoyn03epdoji.xyz
ghtyrncjf2df.com
glassmuchhuge.xyz
hei03tfxv03mahl.com
holeenoughmore.xyz
hqcaz02egeq03bvmhm.com
hqn27dyhvwp02wznv.com
ihjpn03sijjl03dtmtr.com
inpa02lzjvt03anas.com
ipok12bcame03shzpiq.xyz
jam03iofwv03jniedf.com
jgu16cbxdr03ehqvx.com
jgu16cbxdr03ehqvx.xyz
jhj10jtvwu03zsjwk.com
jqilt27xsbz02anaeu.com
klhlh16zldwun03vlpq.com
klhlh16zldwun03vlpq.xyz
kyvws03ndah03hecon.com
lbgyn15pchoit03azhs.xyz
lic02uiccnh03nruvp.com
lxoyw10bipu03ilyig.com
nvelj12qyyfi03kqxy.xyz
nvrih26coxejl02enyfn.com
nwvv27dwmy02bgznc.com
nygvj27cvlk02cktf.com
openalreadygather.xyz
ououz02naba03oiyd.com
pbdq26xjey02uprxwx.com
ppk02dmgmzj03dxekog.com
qab26utxb02pquc.com
quitelifebreak.xyz
rcj16whwaqg03pmrp.com
rcj16whwaqg03pmrp.xyz
rdraj16rwjw03xnli.com
rdraj16rwjw03xnli.xyz
rea26ypgvle02hcbunp.com
rlvq27rmjej02sfvb.com
rlyrt26rnxw02vqijgs.com
sal03gicu03qcwtif.com
showcertainlychair.com
somebodysergeantshop.xyz
spreadgathertruth.xyz
tmrz10fxhy03ntxjf.com
todayfewnear.xyz
toj27nlpr02irajz.com
toqku26hwpu02shuroh.com
ttj10qrrqx03kdts.com
uhfa02eknih03swzdku.com
uqtgo16datx03ejjz.com
uqtgo16datx03ejjz.xyz
uqw16atsxge03cbwwx.com
uqw16atsxge03cbwwx.xyz
usy15wycqme03dymh.xyz
vad12mhpfp03vyfl.xyz
vdk10pfsny03tzfva.com
vpu03jivmm03qncgx.com
vyhml26anpfyb02aqsehz.com
vyw27lfrvoj02kkxo.com
wecrashdoctor.xyz
whiteotherwhole.xyz
wnah27frybfe02sadb.com
wquwb16swlxr03miuell.com
wquwb16swlxr03miuell.xyz
xgka03stox03cloeqz.com
xjw10whta03ytgdi.com
yar03jmtvr03jtqg.com
ydw27hfhbk02zpidmv.com
ykv16cmtign03mfeen.com
ykv16cmtign03mfeen.xyz
ywgiu10zmnwcx03vpnyp.com
zkkn02lffiff03zkmh.com
zltw15tzezi03nbmru.xyz

# Reference: https://twitter.com/ps66uk/status/1370078419879362572

lxoyw10bipu03ilyig.com
tmrz10fxhy03ntxjf.com
vdk10pfsny03tzfva.com

# Reference: https://twitter.com/James_inthe_box/status/1370430017830756356

/44265.6787289352.dat

# Reference: https://twitter.com/pmmkowalczyk/status/1370072095925927941

/44266.6080112269.dat

# Reference: https://twitter.com/malware_traffic/status/1370115044734861312

/44266.8078175926.dat

# Reference: https://twitter.com/p5yb34m/status/1370436549691645954

/44267.7472592593.dat

# Reference: https://twitter.com/malware_traffic/status/1370520363520696336

/44267.9354760417.dat

# Reference: https://twitter.com/p5yb34m/status/1371509011825057794

/44270.7073414352.dat

# Reference: https://github.com/pan-unit42/tweets/blob/master/2021-03-15-IcedID-IOCs.txt

/44270.7145450231.dat

# Reference: https://twitter.com/James_inthe_box/status/1372268803833294852
# Reference: https://www.virustotal.com/gui/file/cd90621a36e92dfa4b49a804478522670685f234a3916c648779be639f553284/detection

/44272.6229643519.dat

# Reference: https://www.virustotal.com/gui/file/5aaef4f77b79d4bca0df0eae1e2d695da65cd858421f243273fc273afee30b3c/detection

/44272.3462201389.dat

# Reference: https://twitter.com/reecdeep/status/1372511120502759424
# Reference: https://app.any.run/tasks/d46b7411-f9ec-4fd0-ac24-bc9424a5671e/

http://185.82.219.219
http://188.127.231.55
http://45.140.146.180
/44273.5055075232.dat

# Reference: https://twitter.com/peterkruse/status/1372515989913530371

http://185.82.219.80
http://188.119.112.125
http://188.127.230.133
/44272.8138383102.dat

# Reference: https://www.malware-traffic-analysis.net/2021/03/19/index.html

http://185.82.219.225
http://188.127.237.152
/44274.6591174769.dat

# Reference: https://twitter.com/malware_traffic/status/1370520363520696336

# Reference: https://twitter.com/reecdeep/status/1370324080340168704
# Reference: https://twitter.com/reecdeep/status/1370331381277016068
# Reference: https://app.any.run/tasks/cb8d105e-f9b6-4c70-9df5-c1ce912b8586/

bqx12lnjk03rrdio.xyz
gcfxb12aefoyn03epdoji.xyz
ipok12bcame03shzpiq.xyz
nvelj12qyyfi03kqxy.xyz

# Reference: https://twitter.com/InQuest/status/1370473713888542722

fyz10eijkl03mytjfb.com

# Reference: https://twitter.com/reecdeep/status/1371794991614398466

ykv16cmtign03mfeen.com

# Reference: https://otx.alienvault.com/pulse/6050fb82f9a8e34a3ce2b4c1

ablefullrun.xyz
actschoolserious.xyz
actsincenose.xyz
actuallyrecognizepack.xyz
afterfreecolou.xyz
agentteartoward.xyz
agreekillsleep.xyz
airtinybrother.xyz
alreadyemptylock.xyz
ammotionmany.xyz
amr16pzcp03omerd.com
amr16pzcp03omerd.xyz
anywayhourtrue.xyz
apartmentmomentgod.xyz
armhowlettershouldr.xyz
armycertainblade.xyz
aroundlatebeen.xyz
attentiongrowdistance.xyz
beazf26awkee02gvog.com
bedwhoelevator.xyz
belowshopboat.xyz
bpxe15jijmh03ubiwhh.xyz
bqx12lnjk03rrdio.xyz
burstuniformreturn.xyz
calmshipchance.xyz
caqp10snyod03msvsqu.com
cfkko03vvxohq03taep.com
cidn02mjco03pobx.com
commandbebetween.xyz
coollivingmind.xyz
cyh26wcekai02atpeax.com
dskl02touc03jeby.com
dzw10jpcgj03fckc.com
emqjj27ljgl02hqqzi.com
etysu02scnabr03wzaxue.com
everythincausenews.xyz
evz15lmlir03sygmyr.xyz
fb25d3a23hy.com
fb25d3add23hy.com
fb25d3as23hy.com
fb25d3asddd23hy.com
fb25d3erda23hfy.com
fb25era23hfy.com
fb25erhfy.com
fqzzj16gndioz03mxadr.com
frownexpressionfoot.xyz
ftkaq03ihfbh03rehx.com
fyz10eijkl03mytjfb.com
gbza26rngn02bekll.com
gcfxb12aefoyn03epdoji.xyz
ghtyrncjf2df.com
hei03tfxv03mahl.com
holeenoughmore.xyz
hqcaz02egeq03bvmhm.com
hqn27dyhvwp02wznv.com
hqzf28ebdjjm02ywyxek.com
ihjpn03sijjl03dtmtr.com
inpa02lzjvt03anas.com
ipok12bcame03shzpiq.xyz
jam03iofwv03jniedf.com
jgu16cbxdr03ehqvx.com
jgu16cbxdr03ehqvx.xyz
jhj10jtvwu03zsjwk.com
jqilt27xsbz02anaeu.com
kfzhm28pwzrlk02bmjy.com
klhlh16zldwun03vlpq.com
kyvws03ndah03hecon.com
lbgyn15pchoit03azhs.xyz
lic02uiccnh03nruvp.com
lxoyw10bipu03ilyig.com
march-socat01.com
march-socat01.xyz
marchassl01.com
marchassl012.com
mearmyarea.xyz
nvelj12qyyfi03kqxy.xyz
nvrih26coxejl02enyfn.com
nwvv27dwmy02bgznc.com
nygvj27cvlk02cktf.com
openalreadygather.xyz
ououz02naba03oiyd.com
pbdq26xjey02uprxwx.com
ppk02dmgmzj03dxekog.com
pxiw28jgmb02slcqxq.com
qab26utxb02pquc.com
qcywk28rcywfw02ehij.com
quitelifebreak.xyz
qxloq28vhjko02eiiagg.com
rcj16whwaqg03pmrp.com
rdraj16rwjw03xnli.com
rea26ypgvle02hcbunp.com
rlvq27rmjej02sfvb.com
rlyrt26rnxw02vqijgs.com
sal03gicu03qcwtif.com
sbr28gizur02fcxtz.com
sfhbv28xhvi02fbok.com
spreadgathertruth.xyz
testframeline.xyz
theredearmovie.xyz
tirephonerun.xyz
tmrz10fxhy03ntxjf.com
todayfewnear.xyz
togetheremptymind.xyz
toj27nlpr02irajz.com
toqku26hwpu02shuroh.com
ttj10qrrqx03kdts.com
ugrl28bxsnh02kohk.com
uhfa02eknih03swzdku.com
uovxx28jqdgp02kzseg.com
uqtgo16datx03ejjz.com
uqw16atsxge03cbwwx.com
usy15wycqme03dymh.xyz
vad12mhpfp03vyfl.xyz
vdk10pfsny03tzfva.com
vpu03jivmm03qncgx.com
vyhml26anpfyb02aqsehz.com
vyw27lfrvoj02kkxo.com
walkwellquite.xyz
whiteotherwhole.xyz
wishdadwhisper.xyz
wlog28dzzmi02spfin.com
wnah27frybfe02sadb.com
wquwb16swlxr03miuell.com
xgka03stox03cloeqz.com
xjw10whta03ytgdi.com
yar03jmtvr03jtqg.com
ydw27hfhbk02zpidmv.com
ykv16cmtign03mfeen.com
ywgiu10zmnwcx03vpnyp.com
zkkn02lffiff03zkmh.com
zltw15tzezi03nbmru.xyz

# Reference: https://otx.alienvault.com/pulse/605274d69b83780319fac22a
# Reference: https://app.any.run/tasks/0ebbef51-244d-4f9f-9bfb-5bd1db5d2dda
# Reference: https://app.any.run/tasks/04d6eb2d-9548-48d4-8968-a1b079e9cd19
# Reference: https://app.any.run/tasks/c3132802-4657-44df-a7f9-00dff79dfd85

fqzzj16gndioz03mxadr.xyz
rcj16whwaqg03pmrp.xyz
uqtgo16datx03ejjz.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1372559634150592512

lem18iuru03vwvqwt.xyz

# Reference: https://twitter.com/reecdeep/status/1372890526203179009
# Reference: https://www.virustotal.com/gui/ip-address/35.228.48.27/relations

caqp10snyod03msvsqu.com
dfyf19fytrc03magy.xyz
dzw10jpcgj03fckc.com
evz15lmlir03sygmyr.xyz
ghtyrncjf2df.com
ppk02dmgmzj03dxekog.com
qsklc19fboh03zlewu.xyz
qsmbo18vxondw03uimrc.xyz
rcj16whwaqg03pmrp.com
rlyrt26rnxw02vqijgs.com
rmdwk19obfzrq03ohby.xyz
ttj10qrrqx03kdts.com
wyhfi19vkwt03hcrle.xyz
ywgiu10zmnwcx03vpnyp.com

# Reference: https://www.virustotal.com/gui/ip-address/34.65.218.17/relations

aath22rzmo03mvewdj.xyz
drt22uhfjmz03ltxc.xyz
ewiak22wbzmpq03ysileo.xyz
rcwj22jxyvt03swnlt.xyz
tvzhp22pzrh03vdawn.xyz
wnsx22gdouo03tuyu.xyz
xsd22aeofw03lqzf.xyz

# Reference: https://twitter.com/malware_traffic/status/1374800753173352450
# Reference: https://twitter.com/reecdeep/status/1374361487205089282
# Reference: https://www.virustotal.com/gui/ip-address/35.204.191.93/relations
# Reference: https://otx.alienvault.com/pulse/605a414709647aca906c467c/

http://45.150.67.226
/44279.7753403935.dat
amr16pzcp03omerd.xyz
beg23crlsak03wwzwc.xyz
brannon-powlowski25d.xyz
crooks-cooper24g.xyz
demetris9127f.com
dennis-hill25lw.xyz
fegr23ylwp03yfvm.xyz
ghtyrncjf2df.com
hardy-parker27ea.com
hprosacco25i.xyz
ire22wndw03opoq.xyz
kassandra5024d.xyz
lvv23blili03ujrxcp.xyz
lxoyw10bipu03ilyig.com
mtk23gqakwj03bzds.xyz
olfs23kvri03wyyb.xyz
ovesf23knfg03eixqds.xyz
plangosh27a.com
qvqy23thdsed03xjeqtf.xyz
rgleason25s.xyz
rlyrt26rnxw02vqijgs.com
rosenbaum-jaida24nz.xyz
rsjb23tnxjng03dgiy.xyz
sarai7227dl.com
treutel-jamir25ju.xyz
usy15wycqme03dymh.xyz
virgie-will27pn.com
vyhml26anpfyb02aqsehz.com
wsbc23imtnnc03lrmpxa.xyz
xherzog24pv.xyz
yar03jmtvr03jtqg.com
yzq24meogxq03bsvfu.xyz

# Reference: https://twitter.com/JRoosen/status/1376994339281309699

agenbolatermurah.com/ds/3003.gif
columbia.aula-web.net/ds/3003.gif
metaflip.io/ds/3003.gif
partsapp.com.br/ds/3003.gif
tajushariya.com/ds/3003.gif

# Reference: https://twitter.com/fr0s7_/status/1377588184226336772
# Reference: https://pastebin.com/fnd1tHh6

ieclb.com.br/ds/3103.gif
maharaniworld.com/ds/3103.gif
aycconsultoriaempresarial.com/ds/3103.gif
hashmati.com/ds/3103.gif
sgb.ac.ke/ds/3103.gif

# Reference: https://twitter.com/JAMESWT_MHT/status/1377929158593032192

jaishritours.com/ds/0204.gif
digitalcreations.co.in/ds/0204.gif
unityindiversity.in/ds/0204.gif
utabmis.ac.rw/ds/0204.gif
pinkpaprika.co.uk/ds/0204.gif

# Reference: https://twitter.com/JAMESWT_MHT/status/1379339978526883840

jacktech.jackindia.com/ds/0204.gif
moumitas.com/ds/0204.gif

# Reference: https://intel471.com/blog/ettersilent-maldoc-builder-macro-trickbot-qbot/
# Reference: https://otx.alienvault.com/pulse/606f2e77342bd3d1fa7e8d34

http://188.127.254.114
holmesservices.mobiledevsite.co/ds/2803.gif
kfzhm28pwzrlk02bmjy.com
pokojewewladyslawowie.pl
/44270.5684626157.dat
/44270.7082388889.dat

# Reference: https://twitter.com/pmmkowalczyk/status/1382039816968212491

cesiroinsurance.com/ds/0604.gif
innermetransformation.com/ds/0604.gif
shalombaptistchapel.com/ds/0604.gif

# Reference: https://twitter.com/JAMESWT_MHT/status/1385643227538247680

shapoorjipallonji.online/drms/ind.html
studio.joellemagazine.com/drms/ind.html

# Reference: https://twitter.com/d4rksystem/status/1382979851892748290

glsiba.org/drms/body.html
jahthroneafricancrafts.com/drms/body.html

# Reference: https://twitter.com/teamcymru_S2/status/1387085777482489858

185.250.149.187:443

# Reference: https://twitter.com/MBThreatIntel/status/1390375540595507201

http://185.45.193.74
http://195.123.220.175
http://45.144.29.253
/44313.6048108796.dat

# Reference: https://madlabs.dsu.edu/madrid/blog/2021/04/30/qbot-analyzing-php-proxy-scripts-from-compromised-web-server/

http://91.193.180.161
91.193.180.161:7080
/first_loader/first_loader_qbz001.php
/first_loader_qbz001.php

# Reference: https://twitter.com/jstrosch/status/1354913027762622469
# Reference: https://github.com/jstrosch/malware-samples/tree/master/malware_infrastructure/2021/January/qbot_compromised_server

selfstoragemillionaires.com
/hxevjccijc.php
/mhqiFVdEBo.php

# Reference: https://www.virustotal.com/gui/file/521e6ab3da29cda2fc6399ac88289ed9762577ff4e9742a56ec89bf4521be6c1/detection

8.209.64.96:4039

# Reference: https://twitter.com/tosscoinwitcher/status/1384575076293439492

/44300.5396033565.dat

# Reference: https://twitter.com/JAMESWT_MHT/status/1392514493100531714

dsafarm.com/h03itpGP/ue.html
stateoftheartacademy.com.br/E4V8njAb2/ue.html
/E4V8njAb2/ue.html
/h03itpGP/ue.html

# Reference: https://twitter.com/JAMESWT_MHT/status/1393123509090533381

/44330.3435314815.dat

# Reference: https://www.virustotal.com/gui/file/1ecf737a0bd1cb4a25e09d8be8ce9700a8905fcc5891d2a80dbc17677b623553/detection

/44333.8078178241.dat

# Reference: https://www.virustotal.com/gui/file/14bfd4407897eb27a12125e23d08ac7c9be13e69959ffa77b4f7cea1cba2dae4/detection

/44333.7737885417.dat

# Reference: https://www.virustotal.com/gui/file/6befb1bcec9588b17d893ccdfdc0d4c008ce3cbe1671e792eea73829e93268f8/detection

/43976.6705686343.dat

# Reference: https://www.virustotal.com/gui/file/a6bcd1310d0703904889958ffb1bdc1e616ad5a4861519a2f055b03088a96a72/detection

http://185.183.98.29
http://188.165.62.17
http://195.123.221.179
/43976.835568287.dat

# Reference: https://twitter.com/bit_dam/status/1395471492427755525

http://190.14.38.106
http://193.38.54.246
http://51.89.73.152
/44336.7336625.dat

# Reference: https://twitter.com/reecdeep/status/1395296845375619076

http://103.155.93.169
http://45.67.228.153
http://51.89.73.149
/44329.6550195602.dat

# Reference: https://twitter.com/1ZRR4H/status/1395287974309474304
# Reference: https://pastebin.com/3Bmm16zt
# Reference: https://www.virustotal.com/gui/file/6d858e68b298e851836a55f5570c502b9a7bba79afd89c49c1345309f49a91f5/detection

droneteamproject.gr/BfWvudjrIQMF/utka.html
rallyautosport.com/CA2Sz1Pz33Sn/utka.html
dev.favterest.com/VBPFHU4UdmdT/filter.html
ethioshare.com/q22UgZzM3PV7/filter.html
digitrac.org/g31Qro72rb4Q/heart.html
swedish.askochembla.nl/6PNITEcbA/heart.html
academy.haleemcampus.com/GxaCS5azoZlJ/filter.html
tahaffuzenamooserisalat.com/YgUmSu/
jk-systems.in

# Reference: https://twitter.com/papa_anniekey/status/1402066103912697900

http://101.99.95.176
http://185.117.73.153
http://45.67.228.169
/44355.2896359954.dat

# Reference: https://twitter.com/ffforward/status/1401905278501670917

ibcu.cu.edu.eg/0eqB2jiJS/yy.html

# Reference: https://twitter.com/ffforward/status/1402973963853172741

control.sahum.gob.ve/ORqVv3i5b5e/zv.html

# Reference: https://twitter.com/pancak3lullz/status/1405566965553545225

http://101.99.95.230
http://103.155.92.217
http://185.219.43.60
http://190.14.37.2
http://194.36.189.154
http://45.67.230.241
/44364.4585763888.dat
/44364.3929405093.dat

# Reference: https://twitter.com/killamjr/status/1412461591090675713
# Reference: https://app.any.run/tasks/a8785302-6c45-4f32-92d2-5e37298a02bc/

thousandsyears.download
uppercilio.fun
voopeople.fun
/44376,8555986111.jpg
/44376.8555986111.jpg

# Reference: https://www.virustotal.com/gui/file/b2f4a24f66b08be7c8738c363c8d085d6c201bec77530bf3ee6ad97b49ce8eff/detection

http://101.99.95.204
http://185.117.73.134
http://217.147.172.75
/4450064.dat

# Reference: https://blog.group-ib.com/prometheus-tds

aramiglobal.com/ds/0502.gif

# Reference: https://twitter.com/pr0xylife/status/1440322035310153738

/44460.6828835648.dat

# Reference: https://www.virustotal.com/gui/file/358deadbd530adb5b625aae1a82bf3920ca1348982a21ee7bd26a4054a752ac3/behavior

216.238.71.31:443

# Reference: https://twitter.com/tosscoinwitcher/status/1459272591391158272

http://111.90.148.79
http://185.141.26.231
http://91.217.76.197
/44508.5578762731.dat

# Reference: https://twitter.com/Max_Mal_/status/1474423912490545153

83.110.91.18:2222

# Reference: https://www.virustotal.com/gui/file/65f57d55ef72665264daa8789af2c64ef6ccda1be7c753f2d0a8032839d260d7/detection

190.73.3.148:2222

# Reference: https://www.virustotal.com/gui/file/e2a30919eb834e89c192b619a2d824febf6f5a92d75429ec134a8de13fba41ab/detection

189.252.140.141:32101
65.100.174.110:8443
75.169.58.229:32100
173.21.10.71:2222
176.35.109.202:2222
190.73.3.148:2222
27.5.5.31:2222
45.46.53.140:2222
71.13.93.154:2222
73.25.109.183:2222
81.149.119.231:2222
81.250.153.227:2222
85.226.176.123:2222
85.54.179.210:2222
86.220.112.26:2222
92.59.35.196:2222
93.48.58.123:2222
96.21.251.127:2222

# Reference: https://www.virustotal.com/gui/file/46ee2b547901f428122e7d77186c8fda2db19a98d80a564fde1b08acc517dbec/detection

http://144.217.50.241
http://185.117.89.226
http://185.252.144.23
/44538.472677662.dat
/44538.472677662.dat2

# Reference: https://github.com/pan-unit42/tweets/blob/master/2021-11-15-IOCs-for-Matanbuchus-Qakbot-CobaltStrike-and-spambot-activity.txt

23.111.114.52:65400
71.13.93.154:6881

# Reference: https://www.virustotal.com/gui/file/53214f4721ef1221632de09fd853580056811ac6632b517d77fb326956129530/detection

103.139.242.30:990
103.143.8.71:6881
106.51.48.170:50001
117.248.109.38:21
121.175.104.13:32100
14.96.108.245:61202
173.21.10.71:2222
190.73.3.148:2222
209.210.95.228:32100
217.128.93.27:2222
217.164.247.241:2222
217.165.11.65:61200
217.165.123.47:61200
24.178.196.158:2222
37.210.226.125:61202
38.70.253.226:2222
45.9.20.200:2211
59.6.7.83:61200
65.100.174.110:8443
70.51.134.181:2222
74.15.2.252:2222
75.169.58.229:32100
76.169.147.192:32103
78.101.89.174:2222
80.14.196.176:2222
86.198.237.51:2222
92.167.4.71:2222
93.48.58.123:2222
96.21.251.127:2222

# Reference: https://twitter.com/James_inthe_box/status/1485684311504216072

/1NDTGG7e4/ght.png
/NoGYhhhaj0/ght.png
/Wis1k1q15zI/ght.png

# Reference: https://twitter.com/pr0xylife/status/1471502590617686022

/arOmtsqbPv/ji.png
/V3yGBDoJ0SCs/ji.png
/xXh8TKVYFik/ji.png

# Reference: https://twitter.com/JAMESWT_MHT/status/1489576918328516611
# Reference: https://www.virustotal.com/gui/file/54d8230199caabbab5472a7c92343960101223744e0cab53f7029113d144d77f/detection

/2O8mGI9Oqg/hn.png
/3NkFv46T/hn.png
/DtKuN3PsJAdz/hn.png

# Reference: https://twitter.com/JAMESWT_MHT/status/1493825391395549187

/bMtWWFJEH1dl/ghy.png
/CZqEc6SxYM/ghy.png
/Xy2Di9Dg/ghy.png

# Reference: https://twitter.com/JAMESWT_MHT/status/1488164364565848068

http://51.195.38.36
http://74.119.194.108
http://79.141.167.194
/8643842914630250.dat

# Reference: https://twitter.com/1ZRR4H/status/1493321773009494019

http://103.155.93.225
http://185.61.151.52
http://188.119.148.108
/1621832826316290.dat

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_15.02.2022.txt

103.123.225.38:6881
162.210.220.137:2222
173.21.10.71:2222
182.121.70.122:2222
190.73.3.148:2222
193.251.59.245:2222
2.50.41.69:61200
217.128.171.34:2222
217.128.93.27:2222
217.164.115.166:2222
220.255.25.1:2222
24.178.196.158:2222
31.215.116.182:2222
31.215.142.105:2078
31.215.23.29:2222
37.210.157.12:2222
38.70.253.226:2222
45.46.53.140:2222
64.231.96.211:2222
70.50.147.95:2222
70.51.137.204:2222
73.67.152.98:2222
74.15.2.252:2222
80.14.196.176:2222
86.198.170.170:2222
86.98.156.24:32101
96.21.251.127:2222

# Reference: https://twitter.com/James_inthe_box/status/1494082168519213056

http://185.61.151.16
http://193.42.36.228
http://91.194.11.253
/9317677760640200.dat

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama157_17.02.2022.txt

107.171.241.236:2222
122.96.50.104:2222
180.183.99.37:2222
184.149.30.83:2222
217.128.122.65:2222
217.164.117.243:2222
37.211.176.26:61202
47.180.172.159:50010
67.69.166.79:2222
72.12.115.90:2078
72.12.115.90:2083
72.12.115.90:3389
72.252.201.34:990
75.99.168.194:61201
89.211.179.202:2222
92.177.45.46:2078

# Reference: https://twitter.com/fr0s7_/status/1494696852763070467

qekaoa.info

# Reference: https://twitter.com/JAMESWT_MHT/status/1496127499130056706

/082zfyXzL7/vg.png
/hceKoEWDRT7/vg.png
/W29qmbvqaq4/vg.png

# Reference: https://twitter.com/nate2x4/status/1496224056198438912

communitybusinesses.info
njmcdirectpay.online
proteogenix.us

# Reference: https://twitter.com/SquiblydooBlog/status/1497203490837434371
# Reference: https://www.virustotal.com/gui/file/a7cf76ca1a8dc312d1669ab90d3f770cbda44b78cf474dd31936876dcd427928/detection

/5Asp1RevTb/56.png
/bgCEPIZO/56.png
/zDRcRDl2Ck/56.png

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama160_28.02.2022.txt

http://111.90.147.222
http://146.19.170.74
http://51.195.37.137
/44620.645818287.dat
/44620.6497204861.dat
/44620.6635916667.dat
/44620.7119049769.dat
103.87.95.131:2222
121.7.223.188:2222
139.228.65.100:2222
173.21.10.71:2222
180.183.100.147:2222
190.73.3.148:2222
193.253.44.249:2222
217.128.122.65:2222
217.164.121.201:2222
24.178.196.158:2222
31.215.84.57:2222
38.70.253.226:2222
45.46.53.140:2222
64.231.96.211:2222
70.51.153.159:2222
74.15.2.252:2222
76.69.155.202:2222
76.70.9.169:2222
86.198.170.170:2222
89.211.185.240:2222
96.21.251.127:2222
190.200.231.217:61202
58.105.167.35:50000
78.100.194.138:6883
78.101.152.231:61202
84.241.8.23:32103

# Reference: https://twitter.com/JAMESWT_MHT/status/1498553873216200710

http://23.106.215.210
http://37.120.247.240
http://91.193.18.68
/44621.280440625.dat

# Reference: https://twitter.com/JAMESWT_MHT/status/1498646486153838594

/20HtGYkXdys/fn.png
/CxOxnOoTqPv/fn.png
/PQR7lz0kJGW/fn.png

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama163_03.03.2022.txt

http://185.244.149.152
http://66.70.218.62
http://79.141.171.33
64.231.210.71:2222
80.11.74.81:2222
80.14.188.219:2222
86.195.158.178:2222
92.99.229.158:2222
94.59.139.37:2222
118.189.242.45:2083
190.189.33.6:32101
209.210.95.228:32100
47.180.172.159:50010
58.105.167.35:50000
75.99.168.194:61201
76.169.147.192:32103
78.100.194.138:6883
83.110.218.94:32101
89.249.215.26:61202
92.177.45.46:2078
/8494228.dat

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama161_01.03.2022.txt

http://185.82.126.154
http://190.14.37.159
http://46.17.107.177
/44621.6449424769.dat
/44621.8128211806.dat

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama164_09.03.2022.txt

http://101.99.95.195
http://190.14.37.231
http://23.227.202.198
/3772809.dat
/7796124.dat

# Reference: https://twitter.com/pr0xylife/status/1502004854960664585

3639optical.ga
/41ypRER4/6.png
/eO9TWNAUzS/6.png
/j058gDRty3C7/6.png

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_AA_11.03.2022.txt

5.95.58.211:2087
83.110.153.238:61200
83.110.218.135:32101
180.183.125.141:2222
183.88.63.73:2222
217.164.120.130:2222
69.159.200.138:2222
70.51.139.58:2222
85.1.164.37:2222
86.97.209.134:2222
89.211.187.132:2222
3635optical.ga
plokoto.cf
/IB61RO0Z6C/33.png
/JSHi41WBfv/33.png
/YFPzuOmr/33.png

# Reference: https://isc.sans.edu/diary/28448

http://101.99.95.190
http://146.70.81.64
http://190.14.37.12
/6537991.dat

# Reference: https://twitter.com/0xhido/status/1504096707759464449

autoplacasdilger.com.br
mustafaksoy.com
/ECg8m6oX27/gmkox.png
/S4ABFgxnWO/gmkox.png
/UMWPpecHvg/gmkox.png

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama167_15.03.2022.txt

201.172.31.135:2222
217.164.119.130:2222
50.192.106.153:2222
70.51.135.39:2222
78.100.227.241:2222
78.100.194.196:6883
83.110.154.202:61200
90.74.16.2:6881
http://146.70.79.77
http://185.106.120.100
http://185.82.126.140
/9338160.dat
/9403565.dat

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-03-14%20Qakbot%20(AA)%20IOCs

69.159.200.40:2222
69.159.200.82:2222
70.51.139.165:2222
70.51.139.248:2222
70.51.139.53:2222
71.13.93.237:2222
71.13.93.25:2222
71.13.93.3:2222
74.15.2.12:2222
74.15.2.160:2222
74.15.2.224:2222
76.69.155.49:2222
76.69.155.68:2222
76.69.155.7:2222
76.70.9.134:2222
76.70.9.221:2222
76.70.9.98:2222
80.11.74.178:2222
80.11.74.68:2222
80.11.74.96:2222
80.14.188.107:2222
80.14.188.169:2222
80.14.188.73:2222
80.14.188.8:2222
85.1.164.106:2222
85.1.164.138:2222
85.1.164.147:2222
85.1.164.184:2222
86.195.158.156:2222
86.195.158.181:2222
86.195.158.48:2222
86.198.170.111:2222
86.198.170.165:2222
86.198.170.1:2222
86.97.209.208:2222
86.97.209.241:2222
86.97.209.50:2222
89.211.187.114:2222
89.211.187.130:2222
89.211.187.56:2222
92.99.229.183:2222
92.99.229.19:2222
92.99.229.71:2222
96.21.251.19:2222
96.21.251.236:2222
96.21.251.39:2222
209.210.95.136:32100
209.210.95.38:32100
209.210.95.63:32100
47.180.172.135:50010
47.180.172.242:50010
47.180.172.79:50010
58.105.167.123:50000
58.105.167.156:50000
58.105.167.164:50000
58.105.167.180:50000
75.99.168.1:61201
75.99.168.11:61201
75.99.168.92:61201
76.169.147.131:32103
76.169.147.136:32103
78.100.194.12:6883
78.100.194.142:6883
78.100.194.200:6883
83.110.153.171:61200
83.110.153.41:61200
83.110.153.43:61200
83.110.218.110:32101
83.110.153.148:61200
83.110.218.160:32101
83.110.218.252:32101
90.74.16.202:6881
90.74.16.3:6881
92.177.45.11:2078
92.177.45.177:2078
/D2AGySOhfNEZ/ety.png
/M0m4x0HO1NQM/ety.png
/u5DqWRqHP/ety.png

# Reference: https://tria.ge/220317-t2h62scfa7

131.154.102.171:32100
5.81.177.71:2078
103.87.95.131:2222
31.215.116.39:2222
38.70.253.226:2222
74.15.2.252:2222
80.11.74.81:2222
92.99.229.158:2222
/5395601.dat

# Reference: https://twitter.com/JAMESWT_MHT/status/1507304731613487126

/7ZflR1ubibNT/Hnfho.png
/cyL5fzZgbH8/Hnfho.png
/L2Xe4PaSpwYi/Hnfho.png

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_AA_28.03.2022.txt

179.100.109.11:32101
200.100.246.85:32101
202.134.152.2:2222
79.52.204.9:50001
81.132.186.248:2078
86.98.208.214:2222
90.120.65.153:2078
92.96.183.242:2222
e2ekijutol.tk
/8VUrJk0a/NchonhNh.png
/McvmGTWB48/NchonhNh.png
/tbTcC1DRWTmC/NchonhNh.png
/NchonhNh.png

# Reference: https://twitter.com/pmmkowalczyk/status/1509164029310341128
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_AA_30.03.2022.txt

103.87.95.133:2222
180.183.128.80:2222
191.205.7.5:32101
201.211.64.196:2222
58.105.167.36:50000
70.51.134.168:2222
75.113.214.234:2222
78.101.91.50:2222
80.14.52.110:2222
82.84.66.211:2222
83.110.157.57:2222
87.17.45.67:50001
92.132.135.233:2222
94.59.56.162:2222
/gVrvSKJK/Gnp.png
/lSfw4WE7W07S/Gnp.png
/VgStWXMu3/Gnp.png

# Reference: https://twitter.com/fr0s7_/status/1509507027575394316
# Reference: https://pastebin.com/mWbKWgrM

142.118.77.41:2222
175.138.246.117:2222
217.164.117.187:2222
78.100.225.12:2222
95.247.42.198:50001
/0cpRIDGdkB/PomK.png
/2RZvX0fN33u/PomK.png
/jQti5hjVS/PomK.png

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-04-06%20Qakbot%20(obama174)%20IOCs

http://185.141.26.231
http://91.199.147.18
http://94.140.115.210
187.207.48.194:61202
191.17.223.93:32101
31.56.197.90:32103
144.136.35.102:2222
187.102.135.142:2222
31.215.185.114:2222
83.110.75.97:2222
86.220.98.71:2222
89.211.187.3:2222
92.154.9.41:2222
94.36.195.250:2222
webdesignme.xyz
/7790983516.dat

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama172_04.04.2022.txt

http://149.255.36.223
http://185.82.126.17
http://185.33.86.42
176.205.119.81:2078
187.207.7.231:61202
78.101.150.251:61202
140.0.161.213:2222
42.235.149.83:2222
78.100.227.177:2222
92.96.182.192:2222
/44651.6679619213.dat
/44651,6679619213.dat

# Reference: https://twitter.com/Max_Mal_/status/1512043876269400067

http://173.232.146.31

# Reference: https://twitter.com/malware_traffic/status/1516242488855564289

http://146.70.87.163
http://5.254.118.198
http://91.194.11.15
179.174.52.27:32101
/44666.6175321759.dat
/44666,6175321759.dat

# Reference: https://twitter.com/JAMESWT_MHT/status/1516302904231088129

/07jMiafn/Asnhfn.png
/DAZYS42a/Asnhfn.png
/uRl2nqDPMH/Asnhfn.png

# Reference: https://twitter.com/JAMESWT_MHT/status/1516404783334277125

/088aFy0Xc8ap/NbVfNbhn.png
/HLpeQJZi/NbVfNbhn.png
/OHTvXEr9c/NbVfNbhn.png

# Reference: https://twitter.com/JAMESWT_MHT/status/1519635413174005760

/JIXkz3NEYo/Fvnnff.png
/MIwL5j9E1yP/Fvnnff.png
/uZAriaGwYF/Fvnnff.png

# Reference: https://twitter.com/lazy_daemon/status/1531605300045828098

digitallyremastering.xyz
/hQfHMUFZg/FF.png

# Reference: https://twitter.com/JAMESWT_MHT/status/1531631741714288648

transportesromano.com

# Reference: https://isc.sans.edu/diary/rss/28728
# Reference: https://otx.alienvault.com/pulse/62a31cf4127145c9fb126ef6

http://104.36.229.139
http://185.234.247.119
http://85.239.55.228

# Reference: https://twitter.com/Max_Mal_/status/1536697935861362688

http://85.17.9.19

# Reference: https://twitter.com/pr0xylife/status/1536780369223110657

/8NMlHT/EWw.png

# Reference: https://twitter.com/pr0xylife/status/1536386977863442432

http://194.36.191.227

# Reference: https://twitter.com/Max_Mal_/status/1535252652161912832

altosieg.com
/10Mh/D2.png

# Reference: https://twitter.com/0xhido/status/1536989383886258176

http://185.198.59.103
http://193.29.104.123
http://66.70.218.63
http://91.199.147.26
http://91.234.254.106

# Reference: https://otx.alienvault.com/pulse/62bdd2563351c47da5562b26
# Reference: https://www.virustotal.com/gui/file/e85c3d74bd674383230c752ba6cdfbd49ce03e324c59ee72813211bfd8cd90d3/detection

elblogdeloscachanillas.com.mx/S3sY8RQ10/Ophn.png
lalualex.com/mJYvpo2xhx/Ophn.png
lizety.com
/ApUUBp1ccd/Ophn.png
/mJYvpo2xhx/Ophn.png
/S3sY8RQ10/Ophn.png

# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-09-29-IOCs-for-Obama207-Qakbot-and-Cobalt-Strike.txt

186.90.144.235:2222

# Reference: https://www.virustotal.com/gui/file/0498778878d53eb969283fde2c9a570ac1cc199aef8dd5dd8c18a7608ed9dccf/detection

adboat.live
alexadrivingschool.online
uniross.site
/SVmGtFWUNWs/I.png
/TCA1oiqkA/I.png
/ViaawNBw/I.png
/SVmGtFWUNWs/
/TCA1oiqkA/
/ViaawNBw/

# Reference: https://tria.ge/220908-lzag5aecb2/

104.34.212.7:32103
121.7.223.38:2222
157.51.47.233:50001
188.136.218.20:61202
200.100.55.252:32101
200.161.62.126:32101
217.164.121.130:1194
217.164.237.54:2222
70.51.153.182:2222
72.252.157.93:990
78.101.202.75:50010
81.131.161.131:2078
86.213.191.206:2078
89.211.179.14:2222
99.232.140.205:2222

# Reference: https://twitter.com/cr4shtest/status/1542075025817313281
# Reference: https://twitter.com/TheDFIRReport/status/1587051781267374083
# Reference: https://twitter.com/Max_Mal_/status/1542053741259522049
# Reference: https://twitter.com/pr0xylife/status/1541847827218931714
# Reference: https://twitter.com/pr0xylife/status/1541814062211907587
# Reference: https://twitter.com/pr0xylife/status/1465252246975885315
# Reference: https://twitter.com/Max_Mal_/status/1463909174279090185
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB05_04.11.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB05_03.11.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB05_02.11.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama220_02.11.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB05_01.11.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB05_31.10.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama217_26.10.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama216_25.10.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB04_25.10.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama215_24.10.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB04_24.10.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB04_20.10.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama214_18.10.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB03_18.10.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama213_17.10.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB02_14.10.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB_12.10.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB_11.10.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB_10.10.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB_06.10.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama210_06.10.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama209_05.10.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB_05.10.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB_03.10.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB_30.09.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama207_28.09.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB_28.09.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB_26.09.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB_22.09.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB_20.09.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB_16.09.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama203_15.09.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB_14.09.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB_13.09.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB_08.09.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_vip01_12.07.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_vip01_13.07.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama201_14.07.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama200_11.07.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama199_08.07.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama198_01.07.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama197_30.06.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama195_28.06.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_AA_28.06.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_AA_27.06.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_AA_23.06.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_AA_22.06.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_AA_21.06.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama189_13.06.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_AA_09.06.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama187_08.06.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama186_07.06.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_AA_02.06.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_AA_31.05.2022_new_lnk.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama185_26.05.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_AA_25.05.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_AA_23.05.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_AA_19.05.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_AA_16.05.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_AA_13.05.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_AA_12.05.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_AA_11.05.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_AA_10.05.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama182_05.05.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama180_26.04.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama179_21.04.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama177_20.04.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama176_18.04.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_AA_14.04.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_AA_13.04.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_AA_12.04.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama175_12.04.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_AA_07.04.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama174_06.04.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama172_04.04.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_biden56_31.03.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama173_31.03.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_AA_30.03.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_AA_25.03.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama169_23.03.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama168_22.03.2022.txt
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-11-03%20Qakbot%20(BB05)%20IOCs
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-10-31%20Qakbot%20(BB05)%20IOCs
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-10-26%20Qakbot%20(BB04)%20IOCs
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-10-24%20Qakbot%20(obama215)%20IOCs
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-10-18%20Qakbot%20(obama214)%20IOCs
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-10-14%20Qakbot%20(BB02)%20IOCs
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-10-11%20Qakbot%20(obama212)%20IOCs
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-10-10%20Qakbot%20(BB)%20IOCs
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-10-03%20Qakbot%20(BB)%20IOCs
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-09-12%20Qakbot%20(BB)%20IOCs
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-07-14%20Qakbot%20(obama201)%20IOCs
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-30%20Qakbot%20(obama197)%20IOCs
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-29%20Qakbot%20IOCs
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-24%20Qakbot%20(obama193)%20IOCs
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-22%20Qakbot%20(obama191)%20IOCs
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-08%20Qakbot%20(obama187)%20IOCs
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-07%20Qakbot%20(obama186)%20IOCs
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-05-13%20Qakbot%20(obama183)%20IOCs
# Reference: https://github.com/0xToxin/Malware-IOCs/blob/main/Quakbot/Quakbot-%2009072022
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-05-12%20Qakbot%20(AA)%20IOCs
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-05-05%20Qakbot%20(obama182)%20IOCs
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-04-29%20Qakbot%20(obama181)%20IOCs
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-04-21%20Qakbot%20(obama179)%20IOCs
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-04-18%20Qakbot%20(obama176)%20IOCs
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2021-12-27%20Qakbot%20IOCs
# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-06-21-IOCs-for-AA-distribution-Qakbot-with-DarkVNC-and-Cobalt-Strike.txt
# Reference: https://github.com/pan-unit42/tweets/blob/master/2021-12-07-IOCs-for-Qakbot-and-Matanbuchus-activity.txt
# Reference: https://tria.ge/reports/221027-l5mpmsbhak
# Reference: https://tria.ge/221026-zxgqbahah4
# Reference: https://tria.ge/221026-w9ngvagfar
# Reference: https://tria.ge/221018-qsd9ysgcan
# Reference: https://tria.ge/221017-rtlabsccck
# Reference: https://tria.ge/221014-1stpraefa6
# Reference: https://tria.ge/221013-1z6mwsfhf5
# Reference: https://tria.ge/220926-ps571abhhq
# Reference: https://tria.ge/220920-yqgajahhcl
# Reference: https://tria.ge/220915-13skfahhcp
# Reference: https://tria.ge/reports/220913-qg8dnabdhm
# Reference: https://tria.ge/220908-11w5vadaeq
# Reference: https://tria.ge/220712-tyx6ssaahj
# Reference: https://tria.ge/220627-3fnzvadhdq
# Reference: https://tria.ge/220411-q74hdsagc9

http://101.99.90.115
http://101.99.90.73
http://101.99.94.76
http://101.99.95.143
http://103.155.93.201
http://103.155.93.77
http://111.90.151.109
http://138.124.184.233
http://141.98.169.72
http://143.202.163.216
http://144.217.60.52
http://158.247.204.173
http://162.19.135.167
http://167.88.15.126
http://172.96.137.171
http://178.23.190.8
http://185.106.123.103
http://185.117.90.162
http://185.123.53.229
http://185.123.53.48
http://185.141.26.240
http://185.141.26.245
http://185.244.149.138
http://185.244.149.89
http://185.82.126.11
http://185.82.126.193
http://185.82.126.45
http://185.82.127.209
http://185.82.200.35
http://188.119.113.3
http://188.127.237.46
http://190.14.37.165
http://190.14.37.236
http://190.14.37.238
http://190.14.37.244
http://190.14.37.247
http://190.14.37.254
http://194.36.189.211
http://194.36.191.13
http://194.36.191.16
http://194.36.191.243
http://194.36.191.30
http://194.36.191.35
http://194.38.20.30
http://194.62.42.128
http://202.182.116.198
http://212.46.38.249
http://213.109.192.242
http://213.109.192.31
http://213.109.192.61
http://217.195.153.111
http://217.195.153.187
http://23.106.122.207
http://23.106.122.40
http://37.120.234.12
http://45.133.216.76
http://5.149.255.195
http://5.196.247.11
http://5.196.247.5
http://51.161.42.94
http://51.195.38.40
http://51.89.115.113
http://67.43.234.71
http://74.119.193.29
http://77.83.198.21
http://77.91.72.75
http://79.141.167.24
http://80.92.205.44
http://80.92.205.91
http://84.246.85.56
http://85.239.55.212
http://91.193.18.167
http://91.194.11.121
http://91.194.11.27
http://91.194.11.67
http://91.199.147.183
http://91.199.154.137
http://91.234.254.233
http://91.242.229.89
http://94.140.112.52
http://94.140.115.118
http://95.174.65.251
http://95.179.137.172
1.104.105.37:49572
1.156.197.160:30467
1.156.220.169:30723
1.161.100.47:995
1.161.101.20:995
1.161.104.149:995
1.161.104.31:995
1.161.116.40:995
1.161.118.53:995
1.161.121.58:995
1.161.123.180:995
1.161.123.53:995
1.161.124.241:995
1.161.126.64:995
1.161.66.82:995
1.161.67.235:995
1.161.70.129:995
1.161.71.109:995
1.161.72.70:995
1.161.75.18:995
1.161.76.70:995
1.161.79.116:995
1.161.80.99:995
1.161.81.21:995
1.181.56.171:771
1.57.114.95:2222
100.1.5.250:995
100.38.242.113:995
101.109.135.60:995
101.109.44.197:995
101.109.57.236:995
101.50.103.193:995
101.50.110.17:995
101.50.120.124:995
101.50.120.166:995
101.50.67.155:995
101.50.67.212:995
101.50.67.7:995
102.156.82.38:995
102.157.250.192:995
102.158.228.70:995
102.159.110.79:995
102.159.77.134:995
102.182.232.3:995
102.184.151.194:995
102.185.146.113:995
102.185.86.69:995
102.187.59.86:995
102.187.63.127:995
102.188.100.131:995
102.188.91.158:995
102.189.184.12:995
102.189.242.128:995
102.190.190.242:995
102.38.96.108:995
102.38.97.229:995
102.38.97.72:995
102.40.236.32:995
103.104.54.213:2222
103.108.180.52:2222
103.116.178.85:995
103.133.11.10:995
103.139.242.30:22
103.139.242.30:995
103.139.242.57:990
103.139.243.207:990
103.139.243.207:993
103.150.40.76:995
103.157.122.130:21
103.207.85.38:995
103.233.141.26:2222
103.73.101.14:995
103.82.211.39:990
103.82.211.39:993
103.82.211.39:995
103.91.182.114:2222
105.111.60.60:995
105.154.214.130:995
105.154.56.232:995
105.154.60.233:995
105.155.151.29:995
105.156.0.235:995
105.158.118.241:8443
105.159.49.123:995
105.184.13.131:995
105.184.133.198:995
105.184.195.104:995
105.184.56.118:995
105.186.127.127:995
105.197.192.21:995
105.197.208.168:995
105.198.236.99:995
105.208.24.120:59473
105.225.175.168:995
105.226.83.196:995
105.247.171.130:995
105.69.142.130:995
105.69.147.88:995
105.69.155.85:995
105.69.189.28:995
105.99.213.235:995
105.99.214.62:995
105.99.217.147:995
106.193.213.197:995
106.51.48.188:50001
108.56.213.219:995
109.128.221.164:995
109.133.67.116:995
109.151.171.116:2222
109.155.5.164:993
109.158.159.179:993
109.159.119.162:2222
109.177.77.83:50000
109.178.178.110:995
109.249.181.70:995
110.23.76.9:2222
111.125.245.116:995
111.125.245.118:995
111.91.87.187:995
112.141.184.246:995
112.199.148.55:995
113.11.89.165:995
113.11.89.170:995
113.110.253.185:995
113.110.253.82:995
113.53.59.10:995
113.8.18.249:2222
113.89.5.252:995
113.89.6.31:995
114.143.36.16:61202
114.38.161.124:995
115.34.223.65:24926
115.50.79.104:2222
115.70.203.2:995
115.96.64.9:995
116.253.204.85:2222
116.30.161.215:995
116.30.5.32:995
116.30.6.16:995
117.202.161.73:2222
117.95.81.95:2222
118.161.14.242:995
118.161.15.217:995
118.161.34.21:995
118.161.37.101:995
118.161.9.45:995
118.173.7.219:995
118.174.200.169:995
118.174.207.134:995
118.174.213.11:995
118.175.242.26:995
118.175.247.124:995
119.158.103.16:995
119.158.120.114:995
119.158.121.244:995
119.158.122.112:995
119.158.126.69:995
119.158.97.217:995
120.150.218.241:995
121.236.113.177:14197
121.7.223.250:2222
121.7.223.45:2222
121.7.223.59:2222
121.74.167.191:995
121.74.178.16:995
121.74.182.236:995
122.118.129.227:995
122.118.131.132:995
122.118.146.205:995
122.118.154.106:995
122.125.236.31:0
122.60.71.201:995
123.201.44.86:6881
123.3.240.16:995
124.109.35.171:995
124.109.35.32:995
124.40.244.115:2222
124.40.244.118:2222
124.58.65.86:13247
125.168.47.127:2222
125.25.73.17:995
125.25.77.249:995
125.25.77.80:995
125.26.193.137:995
125.26.54.57:995
125.43.87.167:2222
128.234.26.174:995
129.208.0.52:995
129.208.147.188:995
129.208.151.177:995
129.208.158.180:995
129.208.5.147:995
129.208.61.75:995
129.35.116.77:990
130.255.238.245:61202
131.100.40.13:995
136.232.184.134:995
136.66.66.194:40287
139.195.132.210:2222
139.195.43.166:2222
139.195.63.45:2222
139.228.33.176:2222
139.242.121.12:23370
139.84.167.18:995
140.0.79.30:2222
140.82.63.183:995
141.237.86.114:995
141.237.95.186:995
142.115.159.36:2222
142.115.84.88:2222
142.118.239.135:2222
142.161.120.116:2222
142.181.183.42:2222
142.184.161.168:2222
142.186.49.224:2222
143.0.219.6:995
144.202.15.58:995
144.202.2.175:995
144.202.3.39:995
146.70.9.13:2222
148.213.109.165:995
148.64.96.100:993
149.254.111.67:39052
149.28.238.199:995
149.28.38.16:995
149.28.63.197:995
151.213.183.141:995
151.231.60.200:2083
151.234.63.48:990
151.234.97.239:990
151.234.99.49:990
154.181.136.133:995
154.181.199.80:995
154.181.203.230:995
154.183.135.35:995
154.237.235.43:995
154.237.49.4:995
154.237.60.254:995
154.238.151.197:995
154.247.15.173:2078
154.247.15.173:32103
154.247.15.173:990
154.247.15.173:993
154.247.15.173:995
154.247.31.51:32103
154.247.31.51:993
154.247.31.51:995
155.28.49.2:51545
156.146.55.173:2222
156.197.160.119:995
156.197.230.148:995
156.205.3.210:993
156.213.107.29:995
156.216.134.70:995
156.216.39.119:995
156.217.140.150:995
156.217.185.90:995
156.217.60.239:995
156.218.169.48:995
156.219.10.43:995
156.219.49.22:995
156.220.14.160:993
156.220.169.120:993
156.220.185.41:993
156.220.4.75:993
156.221.50.226:995
157.231.42.190:995
159.146.13.168:995
159.146.13.189:995
159.196.166.193:58136
16.95.145.59:42025
160.152.135.188:2222
160.176.151.70:995
160.176.187.142:995
160.176.249.11:995
160.177.168.51:995
160.177.207.113:8443
160.177.47.116:6881
160.179.220.87:995
160.179.32.101:995
166.33.149.229:19515
167.56.53.143:995
167.58.124.198:995
167.58.86.35:995
167.60.82.242:995
168.13.24.67:37382
169.159.95.135:2222
17.219.125.20:59669
171.248.157.128:995
172.102.164.60:43562
172.112.37.112:2222
172.114.160.81:995
172.117.139.142:995
172.219.147.156:3389
172.249.99.143:2087
173.189.167.21:995
173.71.147.134:995
174.124.34.188:14831
174.80.15.101:2083
174.95.174.163:2222
176.205.194.245:2078
176.205.194.245:2222
176.205.209.183:2222
176.205.21.139:1194
176.205.21.139:2222
176.205.23.138:2222
176.205.23.170:1194
176.205.23.170:2222
176.205.23.48:2222
176.42.245.2:995
176.45.216.134:995
176.45.218.138:995
176.45.232.204:995
176.45.233.14:995
176.88.238.122:995
176.90.193.145:2222
177.102.2.175:32101
177.102.84.28:32101
177.103.94.155:32101
177.134.208.155:993
177.134.208.155:995
177.139.44.173:32101
177.17.210.208:2222
177.189.180.214:32101
177.205.74.14:2222
177.209.202.242:2222
177.255.14.99:995
177.27.225.16:32101
177.45.18.42:32101
177.45.64.254:32101
177.45.78.52:993
177.62.254.60:32101
177.76.251.27:995
177.94.57.126:32101
177.94.65.26:32101
178.143.168.245:48707
178.192.56.13:2222
178.197.228.37:2222
179.100.109.130:32101
179.100.20.32:32101
179.105.126.196:995
179.105.182.216:995
179.111.111.88:32101
179.111.23.186:32101
179.111.8.52:32101
179.113.97.4:32101
179.145.13.69:32101
179.158.64.147:2222
179.179.162.9:993
179.223.89.154:995
179.225.221.169:32101
179.24.245.193:995
179.25.144.177:995
179.25.153.200:995
179.251.119.206:995
179.60.29.80:995
179.99.49.37:32101
180.127.90.0:2222
180.129.102.214:995
180.129.108.214:995
180.129.18.199:995
180.129.20.164:995
180.129.26.139:995
180.129.97.57:995
180.179.25.125:42514
180.180.213.94:995
180.183.102.114:2222
180.183.134.56:2222
180.183.97.165:2222
180.233.150.134:995
181.222.130.143:993
181.56.171.3:995
182.121.68.188:2222
182.182.197.34:995
182.182.206.5:995
182.182.228.80:995
182.182.255.93:995
182.183.211.163:995
182.185.29.69:995
182.191.92.203:995
182.253.189.74:2222
183.88.61.229:2222
184.162.156.115:2222
184.74.22.12:50436
184.82.110.50:995
185.233.79.238:995
185.253.160.134:2222
186.154.189.162:995
186.155.62.161:995
186.177.93.18:2222
186.213.214.13:2222
186.48.174.77:995
186.48.206.63:995
186.50.137.148:995
186.50.139.45:995
186.50.245.74:995
186.52.96.202:995
186.53.115.151:995
186.54.172.237:995
186.72.236.88:995
186.90.13.85:2222
186.90.153.162:2222
186.93.143.86:2222
187.0.1.109:34115
187.0.1.151:54711
187.0.1.160:45243
187.0.1.186:39742
187.0.1.197:7017
187.0.1.207:52344
187.0.1.24:17751
187.0.1.59:24056
187.0.1.74:23795
187.0.1.97:30597
187.1.1.190:4844
187.101.200.186:995
187.102.135.141:2222
187.114.156.142:993
187.116.126.216:32101
187.135.153.221:2222
187.143.114.3:2222
187.143.131.190:2222
187.143.143.58:2222
187.16.64.193:2222
187.16.64.194:2222
187.189.168.121:22
187.199.171.252:32103
187.207.131.50:61202
187.207.47.198:61202
187.213.18.52:22
187.213.21.78:22
187.251.132.144:22
187.251.132.155:22
187.37.47.42:995
187.56.91.215:995
187.58.79.229:993
187.75.66.160:995
188.136.218.225:61202
188.161.200.40:995
188.211.181.237:61202
188.236.139.240:3389
188.50.2.220:995
188.50.241.63:995
188.50.49.149:995
188.55.215.137:995
188.55.248.211:995
188.55.249.231:995
189.110.3.60:2222
189.129.38.158:2222
189.148.124.243:2222
189.159.2.152:2222
189.174.46.65:995
189.178.217.247:22
189.178.44.144:22
189.19.189.222:32101
189.203.103.109:22
189.203.103.147:22
189.224.99.142:995
189.252.201.83:32101
189.78.107.163:32101
189.79.27.174:995
19.168.189.106:26139
190.100.149.122:995
190.199.109.80:2222
190.199.161.250:993
190.199.186.117:2222
190.199.97.108:993
190.199.99.171:993
190.200.10.82:2222
190.203.106.109:2222
190.203.116.63:2222
190.203.51.133:2222
190.204.101.210:2222
190.204.112.207:2222
190.204.74.4:2222
190.204.83.110:2222
190.205.229.67:2222
190.206.68.150:2222
190.206.95.220:2222
190.207.121.156:2222
190.207.137.189:2222
190.207.196.66:2222
190.24.45.24:995
190.24.54.187:995
190.26.159.133:995
190.27.103.174:995
190.27.77.14:995
190.36.189.154:2222
190.36.189.34:993
190.36.232.221:2222
190.36.233.41:2222
190.37.112.223:2222
190.37.174.11:2222
190.39.23.63:2222
190.44.40.48:995
190.59.247.136:995
190.74.239.37:2222
190.75.151.66:2222
190.75.37.178:2222
190.75.67.21:993
190.78.69.192:993
190.78.83.246:993
190.78.89.157:993
190.79.133.56:2222
191.165.254.63:2222
191.17.223.222:32101
191.254.53.134:995
191.254.74.89:32101
191.33.187.192:2222
191.84.204.214:995
191.96.67.93:995
191.97.234.238:995
193.27.13.28:32100
194.166.205.204:995
194.166.207.160:995
195.244.180.161:995
195.44.25.26:29277
196.206.133.114:995
196.207.140.40:995
196.64.230.149:8443
196.65.103.80:995
196.65.123.130:995
196.65.217.253:995
196.65.230.248:995
196.65.255.151:995
196.70.77.11:995
196.89.213.40:995
196.92.172.24:8443
197.1.227.26:995
197.1.252.96:995
197.120.66.183:995
197.145.137.210:995
197.161.135.169:993
197.161.137.196:993
197.161.137.67:993
197.161.46.181:993
197.161.54.85:993
197.162.109.164:995
197.162.117.38:995
197.162.118.178:993
197.164.163.81:993
197.164.175.205:995
197.164.182.46:993
197.165.163.159:995
197.167.27.20:993
197.167.5.180:993
197.167.61.123:993
197.167.62.14:993
197.167.63.31:993
197.2.193.4:995
197.27.105.165:995
197.27.75.232:995
197.37.7.47:995
197.41.235.69:995
197.49.45.244:995
197.49.68.15:995
197.53.0.166:995
197.63.250.197:993
198.2.51.242:993
2.152.181.194:995
2.178.120.112:61202
2.178.166.220:61202
2.182.104.151:990
2.185.201.50:990
2.185.206.148:990
2.237.74.121:2222
2.50.17.128:2222
2.89.78.130:993
200.100.126.210:32101
200.109.204.20:2222
200.109.56.159:2222
200.148.9.225:32101
200.155.61.245:995
200.233.108.153:993
200.233.108.153:995
200.44.222.59:2222
200.93.11.28:2222
201.1.202.82:32101
201.128.252.151:58865
201.13.50.41:32101
201.172.20.105:2222
201.172.20.167:2222
201.172.23.68:2222
201.172.23.72:2222
201.176.6.24:995
201.205.130.251:995
201.208.45.23:2222
201.208.58.92:2222
201.210.119.28:993
201.210.121.173:2222
201.210.121.49:2222
201.210.121.95:993
201.210.162.138:2222
201.223.166.250:32100
201.223.169.238:32100
201.223.175.208:32100
201.242.175.29:2222
201.242.206.44:2222
201.245.250.192:995
201.249.100.208:995
201.42.3.27:32101
201.68.209.47:32101
201.68.60.118:995
202.170.206.61:995
206.1.199.156:2087
206.1.199.69:2087
206.1.208.223:2087
206.1.216.19:2087
206.1.222.56:2087
206.1.223.234:2087
206.1.225.5:2087
206.1.230.114:2087
206.1.233.162:2087
206.1.251.127:2087
206.1.254.89:2087
206.217.0.154:995
209.197.176.40:995
210.195.18.76:2222
210.246.4.69:995
211.47.11.62:33850
211.76.239.250:34506
212.133.85.240:62503
212.204.93.86:48405
212.251.122.147:995
212.70.96.76:995
213.194.234.75:995
216.131.22.236:995
216.238.108.61:995
216.238.83.82:995
216.44.143.70:26851
217.118.46.41:2222
217.164.117.187:1194
217.164.117.199:1194
217.164.117.199:2222
217.164.117.22:1194
217.164.117.22:2222
217.164.117.87:1194
217.164.117.87:2222
217.164.118.117:1194
217.164.118.117:2222
217.164.118.252:2222
217.164.118.38:1194
217.164.118.38:2222
217.164.119.236:1194
217.164.119.236:2222
217.164.119.30:2222
217.164.119.69:1194
217.164.119.69:2222
217.164.120.195:1194
217.164.120.195:2222
217.164.121.161:1194
217.164.121.161:2222
217.164.121.25:2222
217.164.76.203:2078
217.165.109.10:993
217.165.109.187:993
217.165.109.52:993
217.165.109.72:993
217.165.146.136:993
217.165.146.158:993
217.165.146.223:993
217.165.146.249:993
217.165.146.41:993
217.165.147.77:993
217.165.147.83:993
217.165.157.202:995
217.165.176.49:2222
217.165.21.84:995
217.165.68.122:993
217.165.68.125:993
217.165.77.134:995
217.165.79.31:995
217.165.84.103:993
217.165.84.153:993
217.165.84.177:993
217.165.84.253:993
217.165.85.191:993
217.165.85.223:993
217.165.85.224:993
217.165.85.73:32101
217.165.97.141:993
217.165.97.237:993
217.165.97.52:993
218.101.110.3:995
218.253.234.82:2222
220.134.54.185:2222
220.255.25.187:2222
220.255.25.28:2222
220.68.130.196:7948
222.169.71.98:2222
223.237.237.100:2222
23.86.160.130:53103
24.152.219.253:995
24.158.23.166:995
24.231.209.2:2083
24.231.209.2:2222
24.231.209.2:6881
24.64.114.59:2222
24.64.114.59:3389
27.109.19.90:2078
27.110.134.202:995
27.223.92.142:995
27.73.215.46:32102
31.215.102.193:2078
31.215.118.154:1194
31.215.118.154:2222
31.215.184.140:1194
31.215.184.140:2222
31.215.184.145:1194
31.215.184.145:2222
31.215.185.114:1194
31.215.185.136:1194
31.215.185.213:1194
31.215.185.213:2222
31.215.185.244:1194
31.215.185.244:2222
31.215.185.26:1194
31.215.185.26:2222
31.215.185.49:1194
31.215.185.49:2222
31.215.214.189:1194
31.215.214.189:2222
31.215.215.152:1194
31.215.215.152:2222
31.215.67.68:2222
31.219.154.176:32101
31.22.202.71:32101
31.48.166.122:2078
31.48.174.63:2078
31.51.7.55:2078
31.54.39.153:2078
31.56.252.29:32103
32.221.224.140:995
32.221.225.247:995
36.152.128.2:2222
36.152.128.7:2078
37.117.191.19:2222
37.186.54.166:995
37.186.54.254:995
37.186.54.96:995
37.186.58.115:995
37.186.58.99:995
37.208.128.172:6883
37.208.129.81:6883
37.208.131.49:50010
37.208.132.102:6883
37.208.132.76:50010
37.208.135.172:6883
37.208.138.247:6883
37.208.145.168:6883
37.208.155.29:6883
37.208.158.83:6883
37.210.148.30:995
37.210.149.61:2222
37.210.155.239:995
37.210.156.191:2222
37.210.156.247:2222
37.210.158.242:2222
37.210.160.58:2222
37.210.164.171:2222
37.210.169.150:2222
37.210.170.123:2222
37.210.238.79:61202
37.245.136.135:2222
37.245.56.205:2222
37.36.84.34:3389
37.37.206.87:995
37.37.80.2:3389
39.33.163.183:995
39.33.164.181:995
39.33.168.236:995
39.33.170.57:995
39.33.181.190:995
39.33.182.192:995
39.33.198.164:995
39.33.211.246:995
39.33.216.128:995
39.40.37.70:32100
39.41.10.170:995
39.41.101.74:995
39.41.114.133:995
39.41.116.234:995
39.41.142.101:995
39.41.148.211:995
39.41.155.156:995
39.41.158.185:995
39.41.16.210:995
39.41.17.134:995
39.41.173.204:995
39.41.177.36:995
39.41.18.76:995
39.41.194.118:995
39.41.194.45:995
39.41.196.34:995
39.41.2.45:995
39.41.217.75:995
39.41.225.204:995
39.41.23.220:995
39.41.247.72:995
39.41.249.181:995
39.41.250.39:995
39.41.252.110:995
39.41.29.200:995
39.41.59.177:995
39.41.59.211:995
39.41.82.68:995
39.41.89.221:995
39.41.90.210:995
39.44.106.187:995
39.44.116.107:995
39.44.120.20:995
39.44.127.250:995
39.44.144.159:995
39.44.144.64:995
39.44.146.220:995
39.44.151.234:995
39.44.151.33:995
39.44.158.215:995
39.44.164.54:995
39.44.178.7:995
39.44.206.162:995
39.44.213.68:995
39.44.215.70:995
39.44.223.101:995
39.44.23.250:995
39.44.235.10:995
39.44.30.209:995
39.44.34.119:995
39.44.46.206:995
39.44.5.102:995
39.44.5.104:995
39.44.60.200:995
39.44.62.55:995
39.44.66.76:995
39.44.86.21:995
39.49.101.104:995
39.49.106.26:995
39.49.107.255:995
39.49.111.194:995
39.49.112.64:995
39.49.115.85:995
39.49.121.174:995
39.49.123.123:995
39.49.17.215:995
39.49.23.148:995
39.49.23.236:995
39.49.3.84:995
39.49.31.161:995
39.49.35.170:995
39.49.39.239:995
39.49.4.147:995
39.49.41.221:995
39.49.42.164:995
39.49.44.239:995
39.49.46.114:995
39.49.48.167:995
39.49.48.82:995
39.49.56.93:995
39.49.6.42:995
39.49.64.108:995
39.49.67.4:995
39.49.69.112:995
39.49.69.116:995
39.49.7.132:995
39.49.71.247:995
39.49.71.64:995
39.49.81.128:995
39.49.82.115:995
39.49.82.253:995
39.49.84.44:995
39.49.85.29:995
39.49.9.134:995
39.49.94.35:995
39.49.96.122:995
39.52.105.156:995
39.52.114.18:995
39.52.114.251:995
39.52.115.81:995
39.52.119.141:995
39.52.12.84:993
39.52.12.84:995
39.52.121.43:995
39.52.13.230:995
39.52.15.220:995
39.52.2.90:995
39.52.221.9:995
39.52.224.154:995
39.52.28.146:995
39.52.31.233:995
39.52.34.138:995
39.52.38.164:995
39.52.40.18:995
39.52.41.80:995
39.52.44.132:995
39.52.48.91:995
39.52.54.195:993
39.52.55.99:995
39.52.59.14:995
39.52.59.184:995
39.52.59.221:995
39.52.61.174:993
39.52.66.201:995
39.52.67.40:995
39.52.7.77:995
39.52.72.51:995
39.52.74.226:995
39.52.74.55:995
39.52.75.201:995
39.52.77.102:995
39.52.77.241:995
39.52.78.146:995
39.52.78.252:995
39.52.80.230:995
39.52.93.195:995
39.52.94.22:995
39.53.124.57:995
39.53.139.2:995
39.53.139.94:995
39.53.156.127:995
39.53.160.99:995
39.53.165.129:995
39.57.111.109:995
39.57.112.37:995
39.57.119.44:995
39.57.12.26:995
39.57.23.116:995
39.57.23.5:995
39.57.40.50:995
39.57.56.11:995
39.57.56.19:995
39.57.60.246:995
39.57.76.82:995
40.134.246.185:995
40.134.247.125:995
41.104.28.115:995
41.107.112.236:995
41.107.78.223:995
41.109.170.156:995
41.109.199.129:995
41.109.228.108:995
41.111.1.60:995
41.111.121.4:995
41.111.126.13:995
41.111.72.234:995
41.129.82.125:995
41.130.124.40:993
41.130.140.32:993
41.140.98.37:995
41.141.216.137:995
41.141.239.223:995
41.143.109.111:61202
41.215.148.84:995
41.215.149.92:995
41.215.150.246:995
41.215.151.247:995
41.215.152.154:995
41.215.152.211:995
41.215.153.104:995
41.228.249.243:995
41.230.166.34:995
41.230.62.211:993
41.230.62.211:995
41.234.116.241:993
41.248.155.126:995
41.248.72.229:8443
41.249.123.100:995
41.251.15.7:990
41.36.159.36:993
41.38.167.179:995
41.40.146.5:995
41.43.205.42:995
41.44.11.227:995
41.62.204.250:995
41.68.209.102:995
41.69.103.179:995
41.69.107.192:995
41.69.118.117:995
41.69.236.243:995
41.8.154.58:7614
41.84.226.103:995
41.84.229.11:995
41.84.229.153:995
41.84.229.83:995
41.84.232.168:995
41.84.232.39:995
41.84.232.77:995
41.84.233.226:995
41.84.233.25:995
41.84.234.161:995
41.84.236.153:995
41.84.236.245:995
41.84.237.10:995
41.84.237.118:995
41.84.238.50:995
41.84.240.210:995
41.84.241.23:995
41.84.242.5:995
41.84.246.143:995
41.84.246.159:995
41.84.246.168:995
41.84.247.0:995
41.84.248.41:995
41.84.249.56:995
41.84.249.88:995
41.86.42.158:995
42.103.128.35:2222
42.103.132.91:2222
42.228.224.249:2222
42.235.146.7:2222
43.248.68.33:2222
43.252.72.97:2222
45.160.124.211:995
45.184.179.188:2222
45.227.251.167:2222
45.230.169.132:993
45.230.169.132:995
45.240.140.233:995
45.241.139.60:993
45.241.140.181:995
45.241.140.203:995
45.241.140.246:993
45.241.145.100:995
45.241.145.155:993
45.241.145.252:995
45.241.152.155:993
45.241.160.25:993
45.241.169.86:993
45.241.173.232:993
45.241.202.203:995
45.241.205.91:993
45.241.207.212:995
45.241.214.192:995
45.241.215.15:993
45.241.222.104:993
45.241.228.188:995
45.241.231.78:993
45.241.232.25:995
45.241.254.110:993
45.241.254.69:993
45.48.36.226:2087
45.51.148.111:993
45.63.1.12:995
45.63.10.144:995
45.76.167.26:995
45.77.159.252:995
46.100.25.239:61202
46.103.163.104:995
46.103.169.248:995
46.103.186.43:995
46.176.192.130:995
46.176.222.34:995
46.186.216.41:32100
46.190.93.247:50000
46.198.215.152:995
46.198.215.60:995
46.198.231.232:995
46.9.77.245:995
47.2.191.47:32393
47.205.209.7:2222
47.23.89.60:993
47.23.89.61:993
47.23.89.61:995
47.23.89.62:993
47.23.89.62:995
47.40.196.233:2222
49.128.172.7:2222
49.93.218.109:41033
5.193.104.246:2222
5.193.122.139:2222
5.193.138.70:2222
5.203.199.157:995
5.54.49.78:995
5.54.50.169:995
5.54.53.124:995
50.194.160.233:32100
50.194.160.233:995
50.237.134.22:995
50.33.112.74:995
50.6.212.181:17804
50.68.204.71:993
50.68.204.71:995
51.219.234.104:2222
57.33.10.57:17737
58.247.115.126:995
6.55.240.195:27003
60.15.135.203:2222
61.166.221.46:995
61.166.221.67:995
62.114.193.186:995
62.204.41.187:2078
62.204.41.187:2222
62.204.41.187:61201
62.204.41.187:990
62.204.41.187:995
62.36.24.8:2222
63.143.92.99:995
63.172.177.141:57252
64.55.103.194:9151
65.100.174.110:32103
65.100.174.110:6881
65.100.174.110:995
66.180.226.117:2222
66.180.227.170:2222
66.37.239.222:2078
66.37.239.222:995
67.10.175.47:2222
67.165.206.193:993
67.209.195.198:990
67.212.106.154:59890
68.103.242.126:995
68.151.196.147:995
68.53.110.74:995
7.122.114.191:33775
70.187.0.87:2078
70.49.33.200:2222
70.51.132.161:2222
70.51.132.197:2222
70.51.133.230:2222
70.51.135.90:2222
70.51.137.244:2222
70.51.137.64:2222
70.51.138.126:2222
70.51.138.133:2222
70.51.139.148:2222
70.51.152.186:2222
70.51.152.61:2222
70.51.153.189:2222
70.51.153.227:2222
70.51.153.90:2222
70.60.142.214:2222
70.81.121.237:2222
70.93.80.154:995
71.10.27.196:2222
72.12.115.71:22
72.12.115.78:22
72.12.115.90:22
72.252.157.172:990
72.252.157.172:995
72.252.157.93:993
72.252.157.93:995
72.252.201.34:993
72.252.201.34:995
72.252.201.69:995
72.27.84.16:995
72.66.116.235:995
72.66.96.129:995
72.80.249.39:995
73.252.27.208:995
74.14.5.179:2222
74.14.7.71:2222
74.59.46.149:2222
74.92.243.113:50000
74.92.243.113:995
75.116.87.44:14933
75.156.125.215:995
75.163.118.79:995
75.71.96.226:995
75.99.125.238:2222
76.169.76.44:2222
76.23.237.163:995
76.68.34.167:2222
78.100.192.210:6883
78.100.197.230:6883
78.100.206.189:6883
78.100.210.132:6883
78.100.219.38:50010
78.100.225.202:2222
78.100.225.34:2222
78.100.228.93:995
78.100.234.143:2222
78.100.235.8:2222
78.100.254.17:2222
78.101.139.15:6883
78.101.193.241:6883
78.101.194.193:6883
78.101.84.56:2222
78.101.88.134:2222
78.101.91.101:2222
78.12.148.155:2222
78.168.87.170:2222
78.180.66.163:995
78.187.65.132:995
78.191.24.189:995
78.71.154.58:2222
78.71.167.243:2222
78.87.196.125:995
78.87.206.213:995
79.129.121.68:995
79.130.115.197:2222
79.167.192.206:995
79.167.206.144:995
79.45.134.162:22
79.80.80.29:2222
8.81.30.103:64297
80.214.68.88:40730
81.129.112.49:2078
81.132.186.218:2078
81.158.239.251:2078
81.159.35.141:2222
81.241.252.59:2078
81.250.191.49:2222
81.56.22.251:995
81.60.216.223:995
81.60.217.218:995
81.60.218.17:995
83.11.89.137:2222
83.110.218.147:993
83.110.218.155:993
83.110.219.59:993
83.110.219.9:32101
83.110.75.225:2222
83.110.85.209:995
83.110.95.167:995
83.199.144.45:2222
83.79.122.192:2222
83.79.89.141:2222
84.17.43.161:2222
84.35.26.14:995
85.139.203.42:32101
85.59.61.52:2222
85.6.232.221:2222
85.60.147.26:2078
85.60.147.26:2222
85.61.165.153:2222
85.74.48.5:995
85.94.178.73:995
85.98.206.165:995
86.105.44.249:61202
86.129.13.178:2222
86.132.13.105:2078
86.132.13.49:2078
86.132.13.91:2078
86.132.14.70:2078
86.176.180.223:993
86.196.181.62:2222
86.200.151.188:2222
86.213.75.30:2078
86.217.167.235:2222
86.225.214.138:2222
86.97.209.138:2222
86.97.209.157:2222
86.97.246.166:1194
86.97.246.166:2222
86.97.246.216:1194
86.97.246.216:2222
86.97.247.101:2222
86.97.247.161:1194
86.97.247.161:2222
86.97.247.20:1194
86.97.247.20:2222
86.98.149.168:2222
86.98.150.187:995
86.98.151.244:2222
86.98.156.176:993
86.98.156.198:993
86.98.156.250:993
86.98.157.114:993
86.98.157.14:993
86.98.157.42:993
86.98.33.141:995
86.98.78.118:993
86.98.78.177:993
86.98.78.42:993
86.98.78.51:993
87.109.229.215:995
87.139.163.216:995
87.218.114.203:2222
87.220.229.164:2222
87.220.68.51:2222
87.243.113.104:995
88.122.208.197:32100
88.171.156.150:50000
88.231.221.198:995
88.233.194.154:2222
88.237.6.72:53
88.242.228.16:53
88.245.103.132:2222
88.245.168.200:2222
88.253.171.236:995
89.211.179.247:2222
89.211.181.64:2222
89.211.182.31:2222
89.211.185.1:2222
89.211.209.234:2222
89.211.217.38:995
89.211.218.88:2222
89.211.223.138:2222
90.104.22.28:2222
90.114.10.16:2222
90.120.209.197:2078
90.165.109.4:2222
90.29.227.242:1085
91.165.188.74:50000
91.169.12.198:32100
91.171.72.214:32100
91.177.173.10:995
91.178.126.51:995
91.73.77.234:995
91.75.85.128:1194
92.132.132.81:2222
92.132.172.197:2222
92.137.225.8:2222
92.154.9.41:50002
92.185.204.18:2078
92.24.200.226:995
92.26.102.243:995
92.96.182.192:1194
92.96.183.242:1194
92.96.187.206:2222
93.48.80.198:995
94.140.8.13:2222
94.140.8.249:2222
94.140.8.55:2222
94.200.181.154:995
94.26.122.9:995
94.36.191.129:2222
94.36.193.176:2222
94.36.195.102:2222
94.59.138.43:2222
94.59.138.62:1194
94.59.138.62:2222
94.59.15.180:2222
94.59.252.166:2222
94.59.56.162:1194
94.59.57.24:2222
94.60.141.48:995
94.62.161.77:995
94.71.169.156:995
94.71.169.212:995
94.99.110.157:995
95.159.33.115:995
96.234.66.76:995
96.246.158.154:995
96.37.113.36:993
96.45.66.216:61202
96.80.109.57:995
96.9.66.118:995
97.184.129.40:2118
97.92.4.205:8443
98.143.70.147:2222
jickhargaura.com
/07jMiafn/Asnhfn.png
/0BDRCN8DXn/n3.html
/10Mh/D2.png
/1rGwJ/sd.html
/26w65d4rS80/Vbfhnoom.png
/4REat6sBv0/1.png
/4XWLQ0Ttz/090322.gif
/5jajRnhLV0/Cvnhfn.png
/7FSBEwva7VvZ/y.png
/7mpBmsflb7fe/n1.html
/BuQQdjLrrO19/li.html
/DAZYS42a/Asnhfn.png
/FZayiWyMa/Cbvnh.png
/FbX5r/09.png
/HSDvRJ/13.html
/HdIJOEW4X0/Dnchnf.png
/JQWj78/Y.png
/LosZkUvr/B.png
/NfbpkuFXSS/NhfmN.png
/OYcMRJbL/ji.html
/Pheo/1309.html
/QUU/1209.html
/RL7bKiI/05.html
/SVmGtFWUNWs/I.png
/TBFQsJiVAv/Pmnhf.png
/TCA1oiqkA/I.png
/VgStWXMu3/Gnp.png
/ViaawNBw/I.png
/WUK4Q/q.png
/XGLCPZf6et/Cvnhfn.png
/XjLiTfgYn/090322.gif
/Yfk5ePLYERFM/Nvhnfhpm.png
/aYMst/A.png
/bHFj5k/206.png
/bMV2pzMI/090322.gif
/caaVmFUbkzV5/Vbfhnoom.png
/czAzb2BcXg/Cbvnh.png
/dFk5quE7t/Dnchnf.png
/eCPwo9Ae/Vbfhnoom.png
/fbmKk6n48G/ji.html
/fo8Lwyr0/Cbvnh.png
/fui6yOqX0Wyb/li.html
/gVrvSKJK/Gnp.png
/gZPZb6yK/n2.html
/gZugqifRD/NhfmN.png
/hjeBrBwMdY/Pmnhf.png
/i8wqDQ0uV/q.png
/iSx1Ch/0509.html
/ke6iyv8o0UfS/NhfmN.png
/lSfw4WE7W07S/Gnp.png
/nluGZ/082.html
/rmaS/Es.png
/ryrwQGN3wPpT/li.html
/s4Y/0.html
/soIBZcwNfoui/Nvhnfhpm.png
/uRl2nqDPMH/Asnhfn.png
/vNQEgKwUwti8/Pmnhf.png
/vWPPYeRiHKF/Nvhnfhpm.png
/vlaq7GFVbI/AQ.png
/w2X7dAxp/Cvnhfn.png
/wKQ/272.png
/wiw02luwJ/Dnchnf.png
/yVuL6RYk/EW.png
/zxywJAC24KJ/ji.html
/auo/lacepaat
/ei/rietestvitas
/et/mpoedteri
/iq/nonnits
/mfuu/emnilihni
/nm/upmaaettmvonmagl
/nroi/iieiasvtrtvtea
/nsni/imioetsranneencetctiux
/siai/cnbssmeieestvatutolaptui
/siua/relsugnltapuedeif
/td/loqttpeuavuodm
/uet/musraetietobqrpua
/umqs/poraiualrlti
/vnpu/qtnuuniaiicd
/teua/qastutei
/ln/trsdepteereinreh
/cnbssmeieestvatutolaptui
/emnilihni
/iieiasvtrtvtea
/imioetsranneencetctiux
/lacepaat
/loqttpeuavuodm
/mpoedteri
/musraetietobqrpua
/nonnits
/poraiualrlti
/qtnuuniaiicd
/qastutei
/trsdepteereinreh
/relsugnltapuedeif
/rietestvitas
/upmaaettmvonmagl
/Asnhfn.png
/Cbvnh.png
/Cvnhfn.png
/Dnchnf.png
/NhfmN.png
/Hnfho.png
/Nvhnfhpm.png
/Pmnhf.png
/Vbfhnoom.png

# Reference: https://isc.sans.edu/diary/28804

/butPeopleOur.dat

# Reference: https://tria.ge/220124-tvkrasfec4

101.50.120.112:995
103.139.242.30:993
111.119.252.178:995
114.143.84.25:61202
116.86.26.140:995
142.186.63.108:2222
217.164.76.107:2078
217.165.109.189:32101
217.165.21.244:995
27.5.4.194:2078
31.215.226.115:2222
36.234.184.238:995
37.210.172.200:2222
39.49.110.129:995
70.51.153.245:2222
71.163.110.53:995
75.139.7.190:2083
75.168.192.223:2222
78.101.147.76:61202
78.180.191.206:995
78.191.27.236:995
78.87.44.54:995
86.97.246.244:1194
86.97.246.244:2222
86.98.47.119:61200
89.114.156.182:995
90.8.56.248:2222
91.185.131.89:61202
92.98.33.251:995
94.59.253.222:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB05_14.11.2022.txt

105.103.27.80:2078
105.103.27.80:22
105.103.27.80:32103
105.103.27.80:990
109.11.175.42:2222
109.152.70.207:50000
188.4.196.132:995
2.84.98.228:2222
206.1.223.209:2087
213.67.255.57:2222
24.228.132.224:2222
24.49.232.96:995
24.64.114.59:2078
24.64.114.59:61202
27.99.45.237:2222
41.109.78.231:995
62.31.130.138:465
70.120.228.205:2083
78.253.154.211:50000
78.69.251.252:2222
81.159.252.167:2222
81.229.117.95:2222
82.121.237.106:2222
82.127.174.33:2222
83.11.84.105:2222
85.74.158.150:2222
86.129.13.128:2222
87.202.101.164:50000
87.220.205.14:2222
87.65.160.87:995
88.126.94.4:50000
89.129.109.27:2222
89.240.102.164:995
91.180.68.95:2222
92.106.70.62:2222
92.137.74.174:2222
92.207.132.174:2222
92.27.86.48:2222
93.24.192.142:20

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama221_14.11.2022.txt

105.103.33.225:32103
105.103.33.225:990
105.103.33.225:993
105.103.33.225:995
109.149.147.221:2222
109.218.233.44:2222
125.27.3.221:995
142.119.40.220:2222
142.161.27.232:2222
176.137.187.206:995
177.205.114.49:2222
178.147.24.70:995
2.98.146.106:995
200.44.208.217:2222
200.84.201.101:993
37.128.17.176:2222
46.177.99.230:995
60.48.250.151:2222
72.133.240.122:2083
79.166.120.168:995
79.169.119.144:2222
80.103.77.44:2222
80.13.179.151:2222
80.189.213.49:2222
80.233.87.78:995
86.167.26.227:2222
86.45.66.141:2222
90.78.85.59:2222
92.149.205.238:2222
92.189.214.236:2222
92.191.49.255:2222
95.94.33.189:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB05_15.11.2022.txt

102.157.73.215:995
137.186.193.226:3389
156.217.219.147:995
172.90.139.138:2222
190.78.64.132:993
193.92.233.183:995
200.93.14.206:2222
209.171.163.72:995
70.121.198.103:2078
70.50.3.214:2222
76.80.180.154:993
76.80.180.154:995
90.89.95.158:2222
94.70.37.145:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB06_16.11.2022.txt

105.103.50.1:2078
105.103.50.1:22
105.103.50.1:32103
105.105.232.103:995
121.122.99.151:995
177.205.92.100:2222
177.46.111.176:995
183.82.100.110:2222
186.28.85.119:995
187.199.224.16:32103
193.251.52.34:2222
197.148.17.17:2078
2.99.47.198:2222
37.14.229.220:2222
47.16.73.77:2222
66.191.69.18:995
70.51.153.72:2222
77.129.205.124:995
80.121.8.212:995
82.121.73.56:2222
86.165.15.180:2222
86.176.144.225:2222
86.195.32.149:2222
86.217.250.15:2222
90.162.45.154:2222
90.4.98.190:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB06_17.11.2022.txt

102.157.69.217:995
103.141.50.117:995
12.172.173.82:2087
12.172.173.82:21
12.172.173.82:22
12.172.173.82:465
12.172.173.82:993
12.172.173.82:995
154.247.95.119:2078
180.156.240.239:995
184.176.154.83:995
217.128.91.196:2222
23.240.47.58:995
69.119.123.159:2222
71.247.10.63:50003
71.247.10.63:995
83.114.60.6:2222
85.139.176.42:2222
86.130.9.167:2222
86.99.15.243:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama222_17.11.2022.txt

105.111.45.51:995
12.172.173.82:50001
154.247.94.160:32103
188.54.79.88:995
2.8.39.175:2222
41.228.223.122:995
41.35.196.18:995
70.115.104.126:995
76.184.95.190:993
81.156.198.115:2222
81.250.33.243:2222
83.79.150.24:2222
86.180.222.237:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB06_18.11.2022.txt

102.158.245.248:995
117.186.222.30:993
12.172.173.82:990
130.43.107.232:995
174.112.25.29:2078
174.112.25.29:2222
188.4.142.139:995
71.247.10.63:2083

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-11-18%20Qakbot%20(obama223)%20IOCs

64.228.191.212:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB07_21.11.2022.txt

102.47.130.52:995
105.103.41.128:2078
105.103.41.128:22
105.103.41.128:32103
105.103.41.128:465
105.103.41.128:990
190.75.150.58:2222
2.91.187.6:995
213.22.188.57:2222
83.110.90.214:995
83.31.254.67:2222
86.130.9.140:2222
86.176.144.202:2222
86.213.224.109:2222
86.98.15.100:995
92.11.189.236:2222

# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-11-28-IOCs-for-BB08-Qakbot-with-Cobalt-Strike.txt

86.159.48.25:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB08_28.11.2022.txt

103.144.201.62:2078
105.109.140.201:32103
108.162.6.34:995
109.218.104.206:2222
121.122.99.223:995
122.178.197.139:995
130.43.99.103:995
190.207.253.41:2222
197.3.64.204:995
2.91.184.252:995
216.196.245.102:2083
216.196.245.102:2222
24.64.114.59:50010
75.99.125.235:2222
83.21.138.251:2222
85.52.73.34:2222
85.7.61.22:2222
86.98.182.30:2222
87.221.197.110:2222
90.116.219.167:2222
92.186.69.229:2222
92.98.228.28:2222

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-11-30%20Qakbot%20(obama224)%20IOCs
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama224_30.11.2022.txt

106.212.18.255:995
109.177.245.176:2222
156.217.158.177:995
176.133.4.230:995
188.54.99.243:995
197.2.209.208:995
216.196.245.102:2078
46.246.245.152:995
75.161.233.194:995
81.198.136.151:995
85.231.105.49:2222
92.98.72.220:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama225_02.12.2022.txt

109.159.119.169:2222
156.216.253.65:995
201.208.139.250:2222
41.34.106.203:993
41.62.220.86:995
70.51.136.94:2222
72.68.175.55:2222
78.100.230.10:995
90.119.197.132:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB09_05.12.2022.txt

102.46.139.82:993
105.103.56.28:2078
105.103.56.28:990
109.150.179.158:2222
188.48.123.229:995
190.206.70.80:2222
2.14.82.210:2222
201.210.107.223:993
31.167.254.199:995
38.166.242.12:2087
41.44.19.36:995
65.30.139.145:995
85.245.221.87:2078
86.96.75.237:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB09_06.12.2022.txt

200.109.14.93:2222
74.93.148.97:995
81.248.77.37:2222

# Reference: https://twitter.com/0xToxin/status/1601561676356419584
# Reference: https://tria.ge/221210-prj85sac51

150.107.231.59:2222
156.220.229.249:993
182.75.189.42:995
184.68.116.146:2078
184.68.116.146:2222
184.68.116.146:3389
184.68.116.146:61202
190.199.169.127:993
37.56.111.49:995
70.55.120.16:2222
83.213.201.104:993
86.130.9.250:2222
86.169.19.140:2222
86.176.83.127:2222
90.66.229.185:2222
92.154.17.149:2222
92.8.190.211:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB10_12.12.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_azd_12.12.2022.txt

121.121.100.148:995
69.159.156.133:2222
72.80.7.6:995
74.83.128.70:2083
75.99.125.236:2222
78.101.91.215:2222
80.44.148.126:2222
86.99.14.46:2222
87.221.154.65:2222
92.145.203.167:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama227_13.12.2022.txt

100.36.249.75:995
102.40.202.189:995
103.141.50.151:995
147.148.234.231:2222
156.220.0.161:993
190.199.126.108:993
23.242.141.218:2222
31.53.29.245:2222
62.102.228.245:2222
87.221.215.41:2222
90.79.129.166:2222
91.178.75.146:2222
92.154.45.81:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB10_13.12.2022.txt

109.136.130.9:2222
109.159.118.162:2222
216.160.116.140:2222
41.231.232.134:995

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB10_14.12.2022.txt

184.68.116.146:50010
188.48.116.37:995
49.245.119.12:2222
60.234.194.12:2222
79.77.142.22:2222
94.71.209.47:2222

# Reference: https://tria.ge/221215-3ye5nadg58

175.139.130.191:2222
49.205.231.75:2222
75.99.125.234:2222
84.219.213.130:6881

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB10_15.12.2022.txt

181.118.206.65:995
87.149.127.43:995
91.231.172.236:995
96.246.158.46:995

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama230_19.12.2022.txt

109.219.126.249:2222
109.220.196.24:2222
12.172.173.82:32101
174.112.22.106:2078
187.199.184.14:32103
2.14.96.234:2222
202.187.239.67:995
31.53.29.141:2222
37.15.128.31:2222
72.80.7.6:50003
86.176.144.240:2222
86.183.251.169:2222
87.220.205.65:2222
90.27.44.76:2222
90.4.190.217:2222
90.48.151.17:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB11_19.12.2022

103.212.19.254:995
103.42.86.42:995
176.44.121.220:995
217.128.200.114:2222
76.170.252.153:995
78.100.238.92:995
83.110.95.209:995
86.196.35.232:2222
86.99.15.254:2222
90.78.138.217:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama231_20.12.2022.txt

109.159.119.186:2222
206.166.209.170:2222
86.195.14.72:2222
92.148.54.239:2222
94.30.98.134:32100
96.255.66.51:995

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama232_22.12.2022.txt

103.195.16.175:995
109.50.131.204:2222
175.139.207.179:2222
176.44.58.217:995
201.244.108.183:995
202.142.98.62:995
31.53.29.201:2222
41.228.201.138:995
41.237.141.34:993
86.222.191.162:2222
87.252.106.197:995
92.8.187.85:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB11_21.12.2022.txt

142.118.49.193:2222
149.74.159.67:2222
201.210.114.115:993
208.180.17.32:2222
38.166.221.92:2087
65.95.85.172:2222
67.253.226.137:995
70.51.136.204:2222
76.68.151.148:2222
86.176.246.195:2222
95.23.15.84:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB11_22.12.2022.txt

192.164.157.52:995
47.16.68.188:2222
47.61.51.44:2078
50.26.197.236:993
82.31.37.241:995

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB11_23.12.2022.txt

188.52.183.146:995
190.199.157.49:2222
190.78.77.15:993
2.14.140.222:2222
222.35.203.59:995
27.0.62.241:995
41.227.93.13:995
46.24.136.17:2078
84.219.213.130:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama233_23.12.2022.txt

130.43.25.249:995
156.217.79.168:995
70.51.134.110:2222
85.72.107.2:2222

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-12-27%20Qakbot%20(azd)%20IOCs

109.159.119.203:2222
121.121.100.88:995
188.48.85.14:995
201.210.79.16:2222
213.31.90.183:2222
41.228.225.131:995
85.85.34.201:993
86.160.217.36:50000
87.221.196.217:2222

# Reference: https://www.virustotal.com/gui/file/0301cd732181509ff95b939094f1c70fca0fa99a26ecf4ac865e25a25ef1dcf9/detection

http://111.90.148.10
http://111.90.148.104
http://190.14.37.173
http://51.89.115.111

# Reference: https://blog.eclecticiq.com/qakbot-malware-used-unpatched-vulnerability-to-bypass-windows-os-security-feature
# Reference: https://otx.alienvault.com/pulse/63c815a9e4a051d0f689a848

83.114.60.171:2222

# Reference: https://twitter.com/TrackerC2Bot/status/1605276306287087625
# Reference: https://www.virustotal.com/gui/file/bfee539a38f06cdd72cfd33e571ece9d5e7a76545333b115880cbd14dc045a16/detection

98.50.191.202:443

# Reference: https://twitter.com/TrackerC2Bot/status/1605631153108549651
# Reference: https://www.virustotal.com/gui/file/59c21d357e179042f57a8c45cb17c912c383b5b5907cdb69f67032de280bf861/detection

31.167.72.198:443

# Reference: https://twitter.com/TrackerC2Bot/status/1606355089345609748

173.76.49.61:443

# Reference: https://twitter.com/TrackerC2Bot/status/1613512613572349958
# Reference: https://www.virustotal.com/gui/file/4790886698ac26cbb4017c0b4ca8d8797e4104c7dd86e20684defd267f0f000a/detection

189.216.29.135:443

# Reference: https://twitter.com/pr0xylife/status/1625181615889563669

casualscollection.com
casualcollection.shop
casualcollection.store

# Reference: https://twitter.com/idclickthat/status/1623340976344559619
# Reference: https://www.virustotal.com/gui/ip-address/89.117.9.58/relations

download-oculus.com
oculus-download.com
oculusg.com
oculusj.com
oculuso.com
oculusq.com

# Reference: https://www.virustotal.com/gui/file/9f1db11fb3b0cf5eaf28ece66ed13ee78fcd264e6fd566e98c46714c8c4fd504/detection

/crtfc/kmK2kBNW.dll
/kmK2kBNW.dll

# Reference: https://twitter.com/James_inthe_box/status/1621536918529007616
# Reference: https://www.virustotal.com/gui/file/b84903b8761580c1b40fdf7b40af2bdd8847f0e3c4f578b71ab094df6ed4992b/detection

http://216.238.76.210

# Reference: https://twitter.com/TrackerC2Bot/status/1619778597098606593

99.247.60.103:465

# Reference: https://twitter.com/TrackerC2Bot/status/1620409518332022785

92.8.190.175:2222

# Reference: https://twitter.com/TrackerC2Bot/status/1620760841338470405

93.238.63.3:995
95.94.41.77:2222

# Reference: https://twitter.com/TrackerC2Bot/status/1623032491115221031

188.49.124.57:995
200.84.210.63:2222

# Reference: https://twitter.com/TrackerC2Bot/status/1623032538624102404

92.8.191.120:2222
93.190.140.122:32100

# Reference: https://twitter.com/TrackerC2Bot/status/1623394957191946240

15.181.199.242:2083
161.142.105.32:995
169.150.196.131:32100
188.116.62.165:995
2.88.198.90:995

# Reference: https://twitter.com/TrackerC2Bot/status/1623394958395822080

35.143.97.145:995
88.111.182.118:2222

# Reference: https://twitter.com/TrackerC2Bot/status/1623759112419913731

184.176.35.223:2222

# Reference: https://twitter.com/TrackerC2Bot/status/1624024032751370243

37.56.105.165:995

# Reference: https://twitter.com/TrackerC2Bot/status/1628471938615050240

108.190.203.42:995
109.149.147.146:2222
161.142.107.68:995
185.107.56.214:32100
188.49.125.169:995
190.75.95.164:2222
202.187.232.161:995
41.228.236.143:995
68.173.170.110:8443
71.212.147.224:2222
78.84.123.237:995
80.47.57.131:2222
86.130.9.146:2222
86.180.74.35:2222
89.32.159.192:995
92.17.122.33:2222
92.97.197.177:2222
95.242.101.251:995
97.93.192.2:2083
98.22.28.34:995

# Reference: https://twitter.com/embee_research/status/1623142315073351682
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-01-31%20Qakbot%20(obama234)%20IOCs
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-02-22%20Qakbot%20(BB16)%20IOCs
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB12_01.02.2023.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB12_02.02.2023.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB14_07.02.2023.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB14_08.02.2023.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB15_13.02.2023.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB15_15.02.2023.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB15_17.02.2023.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB16_22.02.2023.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_azd_14.02.2023.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama234_31.01.2023.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama236_03.02.2023.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama239_09.02.2023.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama240_15.02.2023.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama241_22.02.2023.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_tok01_15.02.2023.txt

http://103.214.71.45
http://104.236.1.43
http://128.254.207.55
http://135.148.144.191
http://139.99.117.17
http://139.99.247.43
http://144.202.127.44
http://147.182.206.33
http://149.28.202.165
http://154.7.253.191
http://165.22.160.25
http://174.139.150.45
http://185.231.204.245
http://193.57.138.12
http://198.44.140.78
http://213.169.148.78
http://216.120.201.100
http://45.155.37.124
http://45.8.191.141
http://45.86.231.23
http://49.50.84.121
http://5.43.221.117
http://51.222.199.226
http://64.225.8.202
http://77.75.230.128
http://77.83.199.118
http://77.83.199.12
http://79.141.175.208
http://87.236.146.124
http://91.235.234.97
103.111.70.115:995
103.12.133.134:2222
103.140.174.19:2222
103.141.50.102:995
103.144.201.53:2078
103.42.86.110:995
103.42.86.238:995
103.42.86.246:995
105.184.159.223:995
105.186.138.165:995
105.186.229.144:995
107.146.12.26:2222
108.2.111.66:995
109.149.147.177:2222
109.150.179.236:2222
109.159.118.60:2222
109.159.119.95:2222
109.49.52.108:2222
114.79.180.14:995
114.92.98.210:995
116.86.252.13:2222
119.155.227.81:995
121.121.100.207:995
130.43.172.217:2222
14.192.241.76:995
142.182.109.233:2222
143.159.167.231:2222
156.216.125.255:995
156.217.208.137:995
156.217.247.173:995
161.142.104.187:995
175.139.129.94:2222
180.158.187.35:995
190.199.188.186:2222
190.206.75.58:2222
190.75.132.158:2222
193.253.100.236:2222
193.92.232.75:995
2.13.73.146:2222
2.14.144.105:2222
2.50.137.46:995
200.109.207.186:2222
206.188.201.143:2222
209.142.97.83:995
216.228.41.244:2222
217.165.1.53:2222
217.165.186.116:2222
24.64.112.40:2078
24.64.112.40:2222
24.64.112.40:3389
24.64.112.40:50010
24.64.112.40:61202
31.166.48.125:995
31.53.29.145:2222
31.53.29.161:2222
37.111.194.36:2078
41.231.232.68:995
45.246.235.113:995
46.24.103.218:2078
46.27.231.50:2078
47.21.51.138:995
47.61.70.188:2078
49.245.82.178:2222
5.163.163.51:995
5.193.84.234:2222
50.60.157.175:995
66.35.126.223:2222
67.70.5.159:2222
69.159.158.183:2222
70.27.104.2:2222
70.51.133.160:2222
70.51.153.37:2222
72.203.216.98:2222
76.64.202.44:2222
76.64.202.88:2222
79.67.165.149:995
79.9.64.37:995
80.13.205.69:2222
81.157.202.71:995
81.157.227.223:2222
82.121.195.187:2222
82.127.204.82:2222
83.202.26.241:2222
85.74.149.3:2222
86.128.15.66:2222
86.130.9.182:2222
86.130.9.197:2222
86.130.9.232:2222
86.138.7.220:2222
86.151.21.134:2222
86.161.143.7:2222
86.176.144.213:2222
86.194.156.14:2222
86.196.12.21:2222
86.202.48.142:2222
86.207.227.152:2222
86.236.114.212:2222
86.250.12.217:2222
86.96.34.182:2222
86.96.72.139:2222
86.98.44.165:2222
86.99.54.39:2222
87.221.197.113:2222
88.126.112.14:50000
88.169.33.180:2222
89.32.157.195:995
89.32.158.118:995
90.23.19.86:2222
90.78.51.182:2222
91.170.115.68:32100
91.171.148.162:50000
91.231.173.199:995
92.11.194.53:995
92.136.182.108:2222
92.177.204.2:2222
92.57.227.146:2222
92.97.203.51:2222
94.59.56.206:2222
95.255.60.223:995
98.175.176.254:995

# Reference: https://github.com/pan-unit42/tweets/blob/master/2023-01-31-BB12-Qakbot-infection-IOCs.txt

aixjobsonline.net
rmbonlineshop.com

# Reference: https://twitter.com/TrackerC2Bot/status/1630279363945017345

161.142.102.110:995
188.49.116.2:995
212.69.141.168:995
80.47.61.240:2222
86.130.9.136:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB17_28.02.2023.txt

http://142.93.76.59
109.149.147.104:2222
118.250.180.74:995
119.155.246.94:995
167.56.52.254:995
86.190.223.11:2222
86.250.10.160:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB17_02.03.2023.txt

http://138.197.74.198
http://143.244.147.175
http://157.245.254.227
105.186.229.134:995
109.158.144.102:995
109.218.13.132:2222
142.118.23.130:2222
142.118.243.5:2222
184.174.138.70:2222
184.176.110.61:61202
187.199.238.208:32103
212.70.98.183:2222
31.53.29.205:2222
45.243.201.24:995
47.16.69.185:2222
49.37.96.184:2222
65.92.221.105:2222
66.35.125.42:2222
70.27.163.177:2222
78.192.109.105:2222
81.157.206.138:2222
86.152.112.216:2222
86.208.35.220:2222
87.221.197.34:2222

# Reference: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/html-smuggling-the-hidden-threat-in-your-inbox/
# Reference: https://otx.alienvault.com/pulse/63e5060938acb74e57470d90
# Reference: https://www.virustotal.com/gui/file/3b33129fa1e5f921dee595e62430986891d5055a4036ae25e36212fc93190695/detection

huhuwarcanoefestival.com
purepowerinc.net

# Reference: https://minerva-labs.com/blog/beepin-out-of-the-sandbox-analyzing-a-new-extremely-evasive-malware/
# Reference: https://otx.alienvault.com/pulse/63ebf5b30b9daf087b543dc7
# Reference: https://www.virustotal.com/gui/file/67c61f649ec276eb57fcfe70dbd6e33b4c05440ee10356a3ef10fad9d0e224ef/detection

37.1.215.220:443

# Reference: https://isc.sans.edu/diary/rss/29592
# Reference: https://otx.alienvault.com/pulse/640130d681b7a59ce9aa50ee

meieou.info

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB18_06.03.2023.txt

http://134.209.216.163
http://142.93.250.152
http://146.190.116.245
http://161.35.58.146
http://162.243.186.39
102.46.73.102:995
105.186.229.25:995
109.149.148.242:2222
176.205.188.253:2222
180.158.186.175:995
202.187.239.34:995
217.165.230.100:2222
27.99.34.220:2222
31.167.215.175:995
37.186.55.152:2222
86.99.51.33:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB18_07.03.2023.txt

http://45.66.248.9
http://45.66.249.78
http://85.239.52.29
http://85.239.52.47
105.109.157.34:2078
105.109.157.34:990
105.109.157.34:993
187.199.103.21:32103
190.75.151.215:2222
200.109.20.215:2222
24.187.145.201:2222
41.228.236.70:995
47.16.77.136:2222
64.229.202.224:995
69.159.158.197:2222
70.24.104.146:2222
70.51.133.238:2222
70.55.187.152:2222
81.158.112.20:2222
92.98.139.2:2222
95.95.175.98:2222

# Reference: https://twitter.com/Hercux7/status/1633830775555764226

http://194.213.18.142

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB18_09.03.2023.txt

http://85.239.53.83
http://85.239.54.236
118.250.110.98:995
154.246.62.48:993
2.14.45.117:2222
202.187.95.12:995
212.70.107.156:2222
92.159.173.52:2222

# Reference: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/a-noteworthy-threat-how-cybercriminals-are-abusing-onenote-part-1/
# Reference: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/a-noteworthy-threat-how-cybercriminals-are-abusing-onenote-part-2/
# Reference: https://otx.alienvault.com/pulse/6408e41498a0d60be89c252e

codezian.com
ezintern.com
notefudeal.com
oiartzunirratia.eus
ozcontests.com
shifa365.com
somosacce.org
thetwindollar.com
vielagroglobal.com

# Reference: https://twitter.com/pr0xylife/status/1634189944691257344

http://45.66.249.196
http://85.239.54.220

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB18_10.03.2023.txt

http://149.255.35.153
http://149.255.35.189
http://194.213.18.132
http://194.213.18.84
http://194.37.97.154
http://37.72.174.5
http://85.239.53.76
http://85.239.53.88
http://85.239.54.233

# Reference: https://www.secneurx.com/post/malware-starts-up-abusing-microsoft-s-onenote
# Reference: https://www.virustotal.com/gui/file/bf8c7c35cb5b8f47ad7fe7e89322960e105efa754360953ca854925a6b914092/detection

http://194.26.192.24

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB19_13.03.2023.txt

105.186.191.24:995
180.162.231.210:995
2.49.58.47:2222
200.84.195.17:2222
201.249.12.75:2222
202.187.87.178:995
212.70.98.141:2222
223.176.7.23:2222
31.166.152.157:995
39.55.251.26:995
47.61.70.76:2078
70.53.96.223:995
86.98.216.189:2222
90.55.105.42:2222
92.20.204.198:2222
94.200.183.66:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB19_14.03.2023.txt

105.186.229.59:995
174.21.72.135:2222
217.165.247.145:2222
220.77.183.218:6881
24.178.201.230:2222
5.192.141.187:2222
80.42.186.99:2222
84.216.198.124:6881
85.84.119.210:993
92.1.170.110:995

# Reference: https://twitter.com/TrackerC2Bot/status/1635705959682125824

186.48.181.17:995
190.75.139.66:2222
37.186.55.60:2222
86.130.9.213:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB19_15.03.2023.txt

109.145.96.251:2222
173.185.50.218:995
193.92.214.52:995
2.14.105.160:2222
23.251.92.171:2222
45.243.162.199:995
65.94.87.200:2222
65.95.49.237:2222
66.35.125.114:2222
76.71.137.91:2222
80.107.149.84:2222
86.178.33.20:2222
89.32.159.107:995

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama243_15.03.2023.txt

http://128.254.207.26
http://139.180.170.206
http://198.44.132.63
http://206.53.48.51
http://87.236.146.84
http://94.131.115.19
109.218.83.111:2222
174.93.5.232:2222
2.51.44.191:2222
41.227.92.194:995
47.16.77.194:2222
82.127.172.214:2222
87.220.204.179:2222
88.122.133.88:32100

# Reference: https://twitter.com/TrackerC2Bot/status/1636161760926261248

109.205.204.229:2222
109.48.28.129:2222
154.247.7.119:993
173.47.125.178:995
174.54.24.110:995
176.44.88.234:995
187.213.136.249:995
187.227.87.235:995
189.140.45.48:995
189.222.242.165:995
193.248.154.174:2222
201.127.76.175:2222
201.152.69.198:995
206.183.190.53:993
37.210.133.63:995
39.45.175.245:995
41.215.148.115:995
47.153.115.154:465
47.153.115.154:993
47.187.49.3:2222
50.60.166.59:995
65.131.47.74:995
67.237.68.126:2222
67.40.253.209:995
68.224.121.148:993
68.46.142.48:995
73.51.245.231:995
77.145.0.57:2222
78.101.145.96:61201
79.115.171.106:2222
81.247.148.252:995
82.10.43.130:2222
82.76.238.65:2222
85.122.141.42:995
87.238.133.187:995
87.27.110.90:2222
87.65.204.240:995

# Reference: https://twitter.com/TrackerC2Bot/status/1637880887650951181

161.142.103.5:995
175.143.63.68:2222
190.199.184.114:2222
78.159.144.244:995
80.76.163.207:2222
91.2.135.211:995

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama244_20.03.2023.txt

http://109.49.47.10
http://185.205.187.235
http://192.99.207.65
http://216.238.106.231
http://85.239.54.184
http://87.236.146.102
http://94.131.12.37
175.156.65.126:2222
176.224.85.237:995
2.14.137.60:2222
41.228.211.91:995
49.245.95.124:2222
70.53.31.142:2222
80.12.88.148:2222
86.191.9.6:995
92.149.250.113:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB19_20.03.2023.txt

105.186.191.244:995
2.98.147.157:995
201.210.105.249:2222
31.53.29.195:2222
47.61.11.253:2078
81.133.163.79:2222
86.97.85.42:2222
87.221.197.44:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB20_20.03.2023.txt

109.146.46.4:50000
182.178.178.105:995
188.79.242.89:2222
197.207.61.243:2078
200.109.6.16:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB20_22.03.2023.txt

103.111.70.66:995
105.186.229.70:995
109.159.118.229:2222
2.14.137.211:2222
2.237.150.131:2222
2.50.16.41:995
217.165.246.19:2222
217.165.69.89:2222
223.167.12.241:995
37.186.55.238:2222
67.10.2.240:995
70.48.233.117:995
70.55.67.13:2222
75.90.114.237:995
86.209.22.193:2222
86.97.68.68:2222
90.55.106.37:2222

# Reference: https://twitter.com/0xToxin/status/1638599955517415431
# Reference: https://tria.ge/230322-v3x72aad27/behavioral2

http://139.180.209.206
http://151.80.5.50
http://185.231.204.114
http://195.20.17.142
http://203.96.177.121
http://87.236.146.162
/FIvB5lhB.dat

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB20_23.03.2023.txt

103.140.174.20:2222
112.222.83.147:6881
124.246.122.199:2222
174.21.64.35:2222
182.185.248.125:995
209.216.123.118:3389
212.70.98.161:2222
5.192.141.211:2222
99.252.190.205:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB21_30.03.2023.txt
# Reference: https://twitter.com/TrackerC2Bot/status/1641413202746523649

105.186.191.229:995
109.154.254.126:2222
109.218.220.228:2222
174.115.79.40:2222
187.199.156.176:32103
200.84.207.143:2222
209.93.207.224:2222
213.66.245.200:2222
24.236.90.196:2078
70.48.189.240:2222
74.92.243.115:50000
75.90.87.37:995
86.130.9.243:2222
86.154.216.221:2222
86.97.67.62:2222
88.164.20.177:21
90.93.132.149:2222
90.94.143.158:2222
91.160.70.68:32100
92.98.76.164:2222
93.150.183.229:2222
94.30.31.47:50000
95.60.243.24:995
96.87.28.170:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama247_31.03.2023.txt

http://104.225.129.114
http://141.94.86.90
http://199.247.30.203
http://216.146.25.129
http://85.239.41.205
http://94.131.117.111
109.159.119.176:2222
109.218.244.210:2222
142.126.173.85:2222
27.99.32.26:2222
41.228.56.8:995
45.243.143.141:995
47.16.74.194:2222
65.94.84.173:2222
66.35.127.94:2222
70.51.153.108:2222
84.155.13.118:995
86.143.119.184:995
92.136.51.189:2222
92.186.32.33:2222
92.97.45.55:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB22_04.04.2023.txt

109.150.179.215:2222
109.218.86.223:2222
139.226.47.229:995
176.171.4.107:2222
82.41.36.110:22

# Reference: https://twitter.com/Unit42_Intel/status/1643011286618259464

172.107.98.3:65400

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB22_05.04.2023.txt

105.225.50.146:995
109.159.118.65:2222
109.50.143.218:2222
190.78.69.250:2222
213.67.139.53:2222
71.31.232.65:995
82.122.128.149:2222
92.20.199.185:2222
92.9.45.20:2222
92.97.115.255:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama248_05.04.2023.txt

http://162.19.130.46
http://192.95.55.65
http://45.66.248.25
http://45.95.18.115
http://51.254.78.3
http://95.179.162.104
176.145.84.217:2222
201.210.85.178:2222
27.253.11.10:2222
76.178.148.107:2222
95.60.243.32:995

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB22_06.04.2023.txt

105.184.103.142:995
2.36.64.159:2078
36.152.128.5:6883
70.28.50.223:1194
70.28.50.223:2083
70.28.50.223:2087
70.28.50.223:32100
83.77.208.166:2222
86.176.87.35:2222
86.209.8.236:2222
86.97.66.70:2222
99.228.131.116:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama249_06.04.2023.txt

http://193.200.17.207
http://206.53.48.21
http://45.59.170.48
http://45.63.69.116
http://91.199.147.177
http://94.131.117.30
36.152.128.2:6883
69.123.4.221:2222
95.60.243.64:995

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB23_10.04.2023.txt

103.141.50.79:995
195.74.245.190:995
23.30.22.225:50003
70.28.50.223:2078
78.159.145.17:995
85.2.185.70:2222
90.104.151.37:2222
90.70.150.94:2222
92.97.227.224:2222

# Reference: https://twitter.com/malware_traffic/status/1644029208757149703

94.103.85.86:65400

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB23_11.04.2023.txt

200.90.67.216:2222
23.30.22.225:993
23.30.22.225:995
70.28.50.223:3389
86.130.9.222:2222
86.99.79.136:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama250_11.04.2023.txt

http://149.102.243.204
http://45.159.249.33
http://45.66.248.187
http://5.42.221.124
http://51.222.199.244
http://87.236.146.34
95.60.243.61:995

# Reference: https://twitter.com/James_inthe_box/status/1646200273017409536
# Reference: https://app.any.run/tasks/c3c2e0b5-a8c2-43b2-af6d-42ff776e2e0b/

http://154.47.17.180
http://70.34.218.85

# Reference: https://twitter.com/TrackerC2Bot/status/1646214033815502871

212.70.98.78:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB23_12.04.2023.txt

101.184.134.98:2222
105.184.209.37:995
109.159.118.107:2222
213.240.106.71:995
37.166.25.168:21
86.180.120.159:2222
90.4.110.221:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama251_12.04.2023.txt

http://147.135.248.250
http://74.119.193.49
http://79.141.174.253
http://87.236.146.93
109.218.12.137:2222
180.156.215.130:995
182.185.159.137:995
76.64.99.251:2222

# Reference: https://twitter.com/TrackerC2Bot/status/1646396256057450496

75.188.35.168:995

# Reference: https://twitter.com/TrackerC2Bot/status/1646396256057450496
# Reference: https://twitter.com/TrackerC2Bot/status/1646396253645811712

http://187.192.68.210
181.4.52.159:465
188.55.203.55:995
75.188.35.168:995

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama252_13.04.2023.txt

http://194.165.59.51
http://203.96.177.111
http://87.236.146.236
http://91.193.19.217
http://94.131.101.15
http://94.131.117.45
103.144.201.56:2078
124.149.143.189:2222
74.102.98.63:2222
78.159.147.45:995
86.176.144.145:2222
90.78.147.141:2222
95.60.243.84:995

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama253_18.04.2023.txt

http://216.238.80.217
http://45.125.67.156
105.184.209.7:995
109.146.76.176:2222
161.142.104.40:995
45.243.231.146:995
71.31.232.156:995
86.171.131.244:995
86.178.33.125:2222
86.99.49.64:2222
91.231.173.14:995
93.238.52.211:995
95.60.243.102:995

# Reference: https://twitter.com/TrackerC2Bot/status/1648388459730444300

187.199.234.229:32103
41.227.79.177:995
86.130.9.214:2222
91.35.212.133:995

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB24_19.04.2023.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama254_19.04.2023.txt

http://103.20.235.243
http://5.252.23.94
http://77.91.100.135
http://85.239.53.73
105.186.216.2:995
109.153.252.176:2222
109.218.242.15:2222
118.249.191.32:995
187.199.85.154:32103
23.30.22.225:2083
41.228.47.155:995
68.14.195.55:995
71.30.208.174:995
85.85.160.57:993
87.221.196.82:2222
92.136.62.50:2222
95.60.243.119:995

# Reference: https://twitter.com/TrackerC2Bot/status/1648663672724570113

103.157.122.198:995
103.246.130.114:1194
103.246.130.122:20
103.246.130.2:20
103.246.130.35:21
122.11.220.212:2222
190.75.64.251:2222
217.17.56.163:2078
217.17.56.163:465
37.210.152.224:995
66.177.215.152:50010
69.30.190.105:995
75.163.81.130:995
78.145.153.73:995
82.18.173.253:2222
98.22.92.139:995

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama255_20.04.2023.txt

http://104.156.232.97
http://104.238.190.98
http://51.222.96.42
105.186.242.17:995
161.142.98.36:995
70.26.75.148:2222
75.90.41.108:995
86.176.80.98:2222
89.36.206.220:995
96.56.197.26:2078
96.56.197.26:2083

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB24_20.04.2023.txt

190.206.92.41:2222
45.246.235.177:995
5.194.64.194:2222
87.221.197.91:2222
95.60.243.16:995
96.56.197.26:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB25_24.04.2023.txt

105.186.229.208:995
187.199.153.185:32103
2.14.24.66:2222
85.240.173.251:2078
86.176.80.81:2222
86.96.72.175:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB25_25.04.2023.txt

105.184.103.214:995
109.149.148.20:2222
147.147.30.126:2222
151.213.66.34:995
200.90.68.166:2222
31.53.29.207:2222
86.130.9.135:2222
95.60.243.19:995

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama256_25.04.2023.txt

http://172.96.137.33
http://185.39.18.107
http://94.131.100.149

# Reference: https://twitter.com/TrackerC2Bot/status/1650834732995706880

85.214.93.93:8080

# Reference: https://twitter.com/TrackerC2Bot/status/1651287581596741632

109.50.147.18:2222
46.24.47.205:995
87.67.214.236:995

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama257_27.04.2023.txt

http://149.102.255.183
http://155.138.132.190
http://185.117.89.76
http://193.243.147.185
http://209.182.225.155
http://45.59.170.61
109.149.147.12:2222
175.139.205.73:2222
175.156.119.219:2222
2.50.16.10:995
24.69.137.232:2222
5.192.142.238:2222
65.94.85.74:2222
75.106.110.100:995

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama258_28.04.2023.txt

http://128.254.207.196
http://149.102.249.66
http://185.33.87.23
http://51.161.204.236
http://94.131.12.213
105.184.103.151:995
217.128.147.6:2222
24.236.90.197:2078
31.50.179.221:50000
31.53.29.232:2222
46.24.47.206:995
70.51.137.58:2222
71.104.102.13:2222
82.127.153.75:2222
86.130.9.180:2222
86.250.12.86:2222
92.136.62.153:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama259_02.05.2023.txt

http://104.36.229.105
http://185.205.187.238
http://45.89.55.145
http://66.135.3.99
http://85.239.52.150
http://94.131.119.113
105.184.209.10:995
109.218.108.3:2222
31.53.29.198:2222
46.24.47.243:995
62.35.230.21:995
64.40.4.89:995
86.130.9.128:2222
86.140.160.231:2222
87.220.204.177:2222
92.97.119.138:2222
/aMS8jtw13s6.dat

# Reference: https://twitter.com/TrackerC2Bot/status/1653402160321687553

100.12.173.247:995
108.58.9.238:995
116.202.36.62:21
189.159.144.227:995
203.213.104.25:995
66.222.88.126:995
71.213.29.14:995
72.132.249.144:995
72.204.242.138:990
72.204.242.138:993
72.204.242.138:995
81.245.66.237:995
86.124.215.242:21

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama260_03.05.2023.txt

http://104.238.172.90
http://185.117.88.214
http://207.246.114.83
http://45.155.37.150
http://45.8.191.173
http://98.142.254.175
105.184.209.139:995
109.159.119.82:2222
109.50.128.59:2222
193.253.53.157:2078
194.118.121.231:995
217.44.108.89:2222
217.55.0.153:995
67.10.9.125:995
71.78.95.86:995
99.230.89.236:2078
99.230.89.236:2083
/rentfree.dat

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB26_04.05.2023.txt

http://104.234.118.153
http://104.234.119.79
http://172.86.123.103
81.240.235.122:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama261_05.05.2023.txt

http://104.238.191.69
http://185.104.195.77
http://209.182.225.132
http://45.66.249.5
http://5.42.221.155
http://51.195.157.108
201.208.46.165:2222
70.51.136.238:2222
85.53.128.200:3389
94.59.122.53:2222
98.19.224.125:995

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB26_05.05.2023.txt

http://151.236.14.127
http://192.121.16.232
http://192.121.16.233
105.184.115.147:995
45.243.237.211:995
88.168.199.84:50000

# Reference: https://twitter.com/TrackerC2Bot/status/1654574131910680578

204.112.31.4:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB27_10.05.2023.txt

http://151.236.22.158
http://158.255.213.110
http://158.255.213.247
http://162.252.175.224
105.184.99.42:995
173.61.50.155:3389
178.167.139.197:995
2.49.63.193:2222
2.50.16.167:995
200.93.26.107:2222
201.208.135.167:2222
66.180.226.58:2222
66.35.125.74:2222
67.70.122.196:2222
81.224.201.143:2222
86.130.9.208:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama262_10.05.2023.txt

http://144.208.127.242
http://149.102.225.18
http://207.148.14.105
http://45.155.37.101
http://5.42.221.144
http://91.193.16.139
/a2nZbs476.dat

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB27_11.05.2023.txt

http://77.91.87.158
http://77.91.87.198
http://79.137.248.163
http://91.193.43.101
http://91.193.43.98
105.184.108.82:995
142.189.121.178:2222
186.52.239.187:995
212.70.98.236:2222
37.14.97.206:2222
47.16.75.99:2222
69.157.243.204:2222
69.158.56.94:2222
70.28.50.223:2222
70.54.65.197:2222
84.216.198.201:6881
85.209.11.185:2222
86.222.100.184:2222
86.244.255.82:2222
86.99.48.130:2222

# Reference: https://twitter.com/Unit42_Intel/status/1657015363593203713

46.151.30.109:443

# Reference: https://twitter.com/1ZRR4H/status/1657506155801763840

aezaj.com
aiea.mobi
aiueuebdep.org
akpaiy.info
aotineabvut.biz
aouzguwmnu.com
apeiome.mobi
areomikc.info
arinu.biz
avbxl.us
awkec.org
axaitoqo.net
axajn.info
befjoliwxz.mobi
bkehavtkr.com
cfbivshk.com
clfqnok.com
deoltctat.us
dipbi.info
eaohoug.info
ecxibjyllat.org
elbi.info
epooohruieo.us
escmcz.us
etatd.info
evaq.org
ezmc.org
ezspcoa.com
fourtpoapx.biz
ghnxsrb.org
goreoti.info
hayvygpxclb.mobi
heivr.com
hetiaxuozbo.mobi
hoveohntx.biz
ientoztz.com
imifeikekt.biz
jameft.org
jegadaqeydn.us
jirtehtie.info
jkjea.info
jwzdhemzdot.biz
kblnfxjf.mobi
kxce.biz
ltwgirv.biz
maibeuguc.com
maoaretv.net
nekt.com
nltapwej.net
nozme.info
nsnvadcskwj.biz
ntax.mobi
obajfyeera.org
oeacote.org
oejciku.info
oeovb.info
oioj.org
opnika.org
oysgtfoeiej.biz
peitqtciwo.com
preg.biz
ptnrumh.org
pujalhdekd.com
rjnwxeutz.com
rouheure.org
seiauoalth.info
shoflmsoiws.info
syfeyrswn.us
tbnzi.biz
tdowvt.biz
tfhwyiakz.mobi
tjasdrn.mobi
tnodk.com
totieclge.org
toxupoi.biz
tqhiaey.net
trjyiouilhc.us
uaqoaoza.com
uewasoiewh.mobi
unpcnbyuois.info
vkbkayf.mobi
vtmyfu.info
wayabrigai.us
wemkiepw.net
wetpalyspo.org
xaigmbjimp.info
xtqtaqyi.net
yfgozyu.mobi
yjyenqafs.us
ylzen.org
yqadkcf.org
zoolret.mobi

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB28_15.05.2023.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB28_16.05.2023.txt

http://109.172.45.9
http://151.236.22.114
http://151.236.22.87
http://158.255.213.192
http://77.91.86.122
http://91.193.43.119
105.186.242.203:995
12.20.0.235:2222
142.181.206.222:2222
182.185.181.202:995
200.109.16.12:2222
201.208.136.202:2222
37.186.59.197:2222
51.14.29.227:2222
65.95.141.84:2078
65.95.141.84:2083
65.95.141.84:2222
70.50.83.139:2222
70.53.193.201:2222
82.7.145.109:22
86.128.15.167:2222
86.130.9.227:2222
86.178.33.63:2222
91.2.143.185:995
92.98.159.9:2222
98.19.234.243:995

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB28_Pikabot_17.05.2023.txt

http://149.154.158.91
http://158.255.213.181
http://162.252.172.54
129.153.135.83:2078
132.148.79.222:2222
45.154.24.57:2078
45.85.235.39:2078
94.199.173.6:2222

# Reference: https://github.com/pan-unit42/tweets/blob/master/2023-05-17-IOCs-for-Pikabot-with-Cobalt-Strike.txt

129.153.22.231:32999
129.213.54.49:2078
129.80.164.200:32999
144.172.126.136:2222
185.87.148.132:1194
193.122.200.171:2078

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB28_Pikabot_18.05.2023.txt

http://176.124.198.214
http://77.91.85.124
http://77.91.87.226
104.233.193.227:2078
192.213.54.49:2078
192.9.135.73:1194
123mkv.dev

# Reference: https://twitter.com/TrackerC2Bot/status/1660257492905984004

188.211.190.128:61202

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB29_Pikabot_23.05.2023.txt

http://151.236.14.179
http://192.121.17.68
http://192.121.17.92
38.54.33.239:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB29_Pikabot_22.05.2023.txt

http://109.172.45.79
http://176.124.198.212
http://176.124.198.213

# Reference: https://twitter.com/yvesago/status/1669311556927082496
# Reference: https://www.virustotal.com/gui/file/cbf9387fc73a0bf270b8bde639723a15c377a3593c6142dbf41261db6430c04a/detection

http://151.236.14.139
http://151.236.28.181
http://192.121.16.225
cautions.kitchen
spotless.bingo

# Reference: https://www.virustotal.com/gui/file/04b46a5cf4add15d6d3bf71449ee547eac6d84c841daf418dbb47b00a4361af5/detection

http://190.14.37.245
http://193.203.202.55
http://194.67.214.216
/44300.5396033565.dat
/44300,5396033565.dat

# Reference: https://www.team-cymru.com/post/visualizing-qakbot-infrastructure
# Reference: https://otx.alienvault.com/pulse/64664ae7e409a29a7716fdfa

103.11.80.148:443
103.111.70.115:443
103.111.70.66:443
103.113.68.33:443
103.12.133.134:443
103.123.221.16:443
103.123.223.121:443
103.123.223.130:443
103.123.223.131:443
103.123.223.132:443
103.123.223.141:443
103.123.223.144:443
103.123.223.168:443
103.123.223.171:443
103.123.223.76:443
103.212.19.254:443
103.231.216.238:443
103.252.7.228:443
103.252.7.231:443
103.252.7.238:443
103.42.86.110:443
103.42.86.238:443
103.42.86.246:443
103.42.86.42:443
103.71.20.249:443
103.71.21.107:443
103.87.128.228:443
109.49.47.10:443
114.143.176.234:443
114.143.176.235:443
117.248.109.38:443
119.82.120.15:443
119.82.120.175:443
119.82.121.251:443
119.82.121.87:443
119.82.122.226:443
119.82.123.160:443
157.119.85.203:443
174.171.10.179:443
174.171.130.96:443
174.58.146.57:443
180.151.104.240:443
180.151.108.14:443
183.82.107.190:443
183.82.112.209:443
183.87.163.165:443
183.87.192.196:443
189.151.95.176:443
197.92.136.122:443
197.94.78.32:443
197.94.95.20:443
201.130.119.176:443
201.142.195.172:443
201.142.207.183:443
201.142.213.13:443
202.142.98.62:443
23.30.173.133:443
23.30.22.225:443
24.9.220.167:443
27.0.48.205:443
27.0.48.233:443
27.109.19.90:443
43.243.215.206:443
43.243.215.210:443
59.153.96.4:443
64.237.207.9:443
64.237.212.162:443
64.237.221.254:443
64.237.245.195:443
64.237.251.199:443
67.187.130.101:443
68.62.199.70:443
69.242.31.249:443
73.155.10.79:443
73.161.176.218:443
73.161.178.173:443
73.165.119.20:443
73.215.22.78:443
73.22.121.210:443
73.223.248.31:443
73.228.158.175:443
73.230.28.7:443
73.29.92.128:443
73.36.196.11:443
73.60.227.230:443
73.78.215.104:443
73.88.173.113:443
74.92.243.113:443
74.92.243.115:443
74.93.148.97:443
75.149.21.157:443
76.16.49.134:443
76.27.40.189:443
89.203.252.238:443
96.87.28.170:443
98.159.33.25:443
98.222.212.149:443
98.37.25.99:443
99.251.67.229:443
99.252.190.205:443
99.254.167.145:443

# Reference: https://cybersecurity.att.com/blogs/security-essentials/stories-from-the-soc-onenote-malspam-detection-response
# Reference: https://otx.alienvault.com/pulse/64b0196a91718cb2daa72a1e
# Reference: https://www.virustotal.com/gui/file/83f0f1b491fa83d72a819e3de69455a0b20c6cb48480bcd8cc9c64dbbbc1b581/detection

cancelation.one
minaato.com
olimobile.com
sellscentre.com
simonoo.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.pikabot/

http://114.238.202.191
http://151.236.22.142
http://158.255.213.72
http://162.252.172.156
http://169.216.46.239
http://186.168.187.62
http://214.143.82.176
http://76.115.120.231
http://81.254.128.85
103.151.20.137:2078
132.148.73.117:2222
135.125.124.72:2078
148.153.34.82:2078
152.174.73.141:1194
154.80.229.105:2078
154.80.229.112:2078
154.80.229.76:1194
45.182.189.107:443
67.21.33.188:2222
67.21.33.208:2078
8.20.255.249:2078
85.215.162.167:2078
89.116.131.40:2222
91.134.126.43:1194

# Reference: https://threatfox.abuse.ch/browse/malware/win.pikabot/ (# 2023-10-03)
# Reference: https://github.com/pr0xylife/Pikabot/blob/main/Pikabot_03.10.2023.txt

http://207.246.78.68
http://45.76.233.103
104.243.45.170:2222
167.86.81.87:2222
167.86.96.3:2222
192.254.69.35:2078
209.126.9.47:2078
217.170.204.197:32999
38.242.240.28:1194
79.141.175.96:2078

# Reference: https://github.com/pr0xylife/Pikabot/blob/main/Pikabot_04.10.2023.txt

102.129.139.65:32999
144.64.204.81:2078
45.131.108.250:1194

# Reference: https://github.com/pr0xylife/Pikabot/blob/main/Pikabot_05.10.2023.txt

102.129.139.65:32999
45.131.108.250:1194

# Reference: https://threatfox.abuse.ch/browse/malware/win.pikabot/

185.106.94.174:5000
80.85.140.152:5938
94.228.169.221:2083

# Reference: https://twitter.com/drb_ra (# historical data for May 2023-Oct 2023 period, thank you words to @drb_ra)

http://196.203.37.215
http://45.78.202.22
100.4.162.221:2222
100.4.163.158:2222
100.4.182.169:2222
100.4.182.170:2222
100.4.182.242:2222
101.184.136.45:2222
101.184.178.178:2222
102.130.200.134:2078
103.107.36.56:995
103.12.133.135:2222
103.141.50.43:995
103.144.200.89:2078
103.144.200.90:2078
103.144.201.48:2078
103.144.201.52:2078
103.144.201.63:2078
103.153.180.55:995
103.153.180.59:995
103.219.61.161:995
103.248.119.82:995
103.248.119.83:995
103.248.119.84:995
103.248.119.85:995
103.59.196.146:995
103.59.196.147:995
103.59.196.148:995
103.59.196.149:995
103.59.196.150:995
105.103.43.13:993
105.103.43.13:995
105.108.19.180:995
105.108.241.208:993
105.108.43.99:995
105.108.95.241:993
105.108.95.241:995
105.184.103.218:995
105.184.103.97:995
105.184.108.127:995
105.184.108.40:995
105.184.108.41:995
105.184.115.10:995
105.184.115.119:995
105.184.115.128:995
105.184.115.148:995
105.184.115.164:995
105.184.115.175:995
105.184.115.220:995
105.184.159.181:995
105.184.209.110:995
105.184.209.117:995
105.184.209.58:995
105.184.209.6:995
105.184.8.17:995
105.184.8.199:995
105.184.83.141:995
105.184.83.146:995
105.184.83.161:995
105.184.83.27:995
105.184.99.120:995
105.184.99.204:995
105.184.99.98:995
105.186.128.133:995
105.186.128.187:995
105.186.128.2:995
105.186.128.89:995
105.186.138.113:995
105.186.138.229:995
105.186.138.88:995
105.186.216.101:995
105.186.242.215:995
105.186.242.78:995
108.173.87.43:995
109.115.156.42:2078
109.130.247.84:2222
109.145.177.181:2222
109.149.147.195:2222
109.149.147.245:2222
109.150.179.202:2222
109.153.10.32:2222
109.153.10.81:2222
109.220.83.213:2222
109.221.161.67:2222
109.242.116.62:995
109.50.149.241:2222
109.50.154.9:2222
115.186.158.144:50001
116.120.145.170:995
117.195.21.42:993
117.195.27.157:993
117.200.217.195:993
117.200.223.71:993
117.202.202.224:993
117.202.205.136:993
117.215.23.20:993
117.215.26.54:993
118.249.188.44:995
118.249.188.62:995
121.121.100.202:995
121.121.108.120:995
121.122.99.12:995
121.209.140.5:2222
124.149.130.151:2222
124.149.132.112:2222
124.149.135.47:2222
125.209.114.181:995
125.238.197.157:995
130.43.54.94:995
130.43.58.61:995
135.19.158.248:2222
141.237.72.145:995
142.112.133.14:2222
142.115.116.184:2222
142.115.159.127:2222
142.117.161.238:2222
142.117.240.85:2222
142.118.107.222:2222
142.119.122.66:2222
142.119.34.18:2222
142.127.25.253:2222
142.184.50.134:2222
142.188.88.42:2222
142.188.91.223:2222
142.198.123.33:2222
142.198.125.203:2222
142.198.147.146:2222
149.74.60.93:2222
151.213.180.115:995
151.213.180.225:995
151.213.67.195:995
152.254.162.118:995
154.246.186.29:993
154.246.189.145:995
154.246.50.255:995
154.246.62.35:2078
154.246.62.35:995
154.247.114.253:993
154.247.17.83:993
154.247.225.213:993
154.247.7.226:995
156.211.194.243:995
156.211.219.158:995
160.223.223.110:995
161.142.100.114:995
161.142.102.116:995
161.142.103.148:995
161.142.103.187:995
161.142.107.120:995
161.142.96.70:995
161.142.98.188:995
161.142.99.126:995
165.120.169.171:2222
165.120.174.99:2222
165.120.244.223:2222
167.56.108.248:995
167.56.123.176:995
167.56.123.186:995
167.56.192.210:995
167.56.202.246:995
167.56.67.143:995
167.58.142.88:995
167.58.255.105:995
167.58.82.176:995
172.243.117.21:995
173.182.152.69:995
173.24.83.160:2222
173.30.189.100:2222
173.33.15.171:995
173.61.52.245:3389
174.21.75.227:2222
174.89.121.82:2222
174.91.90.206:2222
174.93.245.36:2222
174.94.103.89:2222
174.95.144.112:2222
175.143.63.247:2222
175.156.217.7:2222
176.44.123.169:995
176.44.91.141:995
177.118.188.209:995
177.170.92.205:995
177.42.92.42:995
179.25.231.39:995
182.178.175.48:995
182.75.189.41:995
183.214.198.69:995
184.146.66.60:2222
184.96.146.13:993
185.164.186.150:995
185.164.186.5:995
186.50.143.61:995
186.54.175.50:995
186.73.231.11:2222
187.170.228.252:995
188.116.62.225:995
188.49.120.0:995
188.54.85.183:995
189.177.50.253:995
189.177.64.36:995
189.177.81.177:995
189.241.128.154:995
190.133.132.0:995
190.133.137.223:995
190.134.54.109:995
190.135.124.136:995
190.135.194.226:995
190.135.202.177:995
190.135.219.189:995
190.141.11.17:995
190.141.190.139:995
190.199.147.209:2222
190.199.149.133:2222
190.199.152.233:2222
190.199.177.241:2222
190.199.190.97:2222
190.199.228.254:2222
190.203.35.172:2222
190.203.46.164:2222
190.205.241.186:2222
190.33.20.235:2222
190.33.214.172:2222
190.34.103.234:2222
190.34.24.159:2222
190.35.7.26:2222
190.36.168.16:2222
190.38.132.5:2222
190.75.128.156:2222
190.75.134.240:2222
190.75.158.216:2222
190.75.72.44:2222
190.75.88.133:2222
190.75.90.51:2222
190.78.71.44:2222
191.191.1.254:995
192.252.161.27:80
192.252.161.27:8080
192.252.163.7:80
192.252.164.186:80
192.252.166.24:80
192.252.166.24:8080
192.252.166.6:80
192.252.169.218:8080
192.252.172.194:8080
193.80.73.200:995
195.155.8.90:2222
197.161.134.140:993
197.26.147.241:995
2.14.104.108:2222
2.14.173.248:2222
2.14.232.15:2222
2.50.137.167:995
2.50.137.55:995
2.50.140.30:995
2.50.16.180:995
2.50.16.6:995
2.50.166.115:2222
2.50.28.157:2222
2.51.46.59:2222
2.51.46.63:2222
2.88.135.63:995
2.99.47.252:2222
200.100.33.31:995
200.109.192.34:2222
200.109.29.33:2222
200.165.61.119:995
200.44.192.169:2222
200.44.198.47:2222
200.44.216.29:2222
200.84.211.255:2222
200.90.71.222:2222
200.93.14.173:2222
200.93.25.6:2222
201.208.135.13:2222
201.208.49.187:2222
201.210.86.175:2222
201.225.164.181:2222
201.225.216.60:2222
201.226.214.84:2222
201.226.226.88:2222
201.226.240.51:2222
201.226.241.213:2222
201.227.16.142:2222
201.249.24.238:2222
202.187.234.139:995
202.187.236.209:995
203.109.44.236:995
205.237.67.69:995
206.163.237.124:22
207.204.111.236:993
209.171.160.69:995
209.93.207.140:2222
210.187.148.118:2222
210.187.148.12:2222
212.169.233.141:3389
212.69.141.196:995
212.69.141.228:995
212.70.107.186:2222
212.70.107.194:2222
212.70.107.36:2222
212.70.107.56:2222
212.70.107.87:2222
212.70.98.253:2222
212.70.98.86:2222
212.70.98.97:2222
213.120.82.194:995
213.122.88.41:2222
213.64.33.61:2222
213.64.33.92:2222
216.215.94.46:995
217.165.14.94:22
217.165.233.236:22
218.82.117.10:995
222.65.183.25:995
223.166.13.95:995
23.91.184.29:80
23.91.184.29:8080
24.122.48.63:995
24.187.255.114:993
24.187.255.115:993
24.187.255.116:993
24.187.255.117:993
24.198.114.130:995
24.234.220.88:465
24.234.220.88:990
24.234.220.88:993
24.234.220.88:995
24.234.80.122:995
31.111.81.188:2222
31.117.145.155:2222
31.117.160.214:2222
31.117.169.11:2222
31.117.180.203:2222
31.17.195.13:8443
31.185.54.51:995
31.185.54.53:995
31.53.29.136:2222
31.53.29.140:2222
31.53.29.151:2222
31.53.29.153:2222
31.53.29.156:2222
31.53.29.186:2222
31.53.29.199:2222
31.53.29.216:2222
31.53.29.230:2222
31.53.29.235:2222
31.53.29.246:2222
35.143.97.141:995
36.152.128.6:2222
37.152.205.85:2222
37.186.54.172:995
37.186.55.125:2222
37.186.55.145:2222
37.186.55.16:2222
37.186.55.179:2222
37.186.55.46:2222
37.186.55.8:2222
37.186.59.120:2222
37.186.59.68:2222
37.186.59.83:2222
37.210.168.96:995
37.6.248.2:995
37.6.55.202:995
37.97.193.130:25
38.69.136.177:995
39.110.150.81:995
39.32.182.250:50001
39.40.203.39:995
39.40.228.232:995
39.40.235.54:995
39.40.65.152:2222
39.44.155.143:50001
39.49.102.166:995
39.49.107.42:995
39.49.112.28:995
39.49.150.158:995
39.49.17.105:995
39.49.17.170:995
39.49.173.6:995
39.49.232.142:995
39.49.24.165:995
39.49.244.206:995
39.49.252.165:995
39.49.32.188:995
39.49.48.18:995
39.49.68.37:995
39.49.77.48:995
39.49.79.35:995
39.49.98.112:995
39.51.167.12:50001
39.51.188.223:995
39.58.254.145:50001
41.227.68.39:995
41.228.203.72:995
41.228.224.161:995
41.228.232.170:995
41.230.210.90:995
41.68.248.239:995
45.2.61.134:3389
45.241.187.203:993
45.241.249.37:993
45.241.254.76:993
45.243.142.31:995
45.243.150.223:995
45.243.227.108:995
45.243.231.247:995
45.243.246.67:995
45.246.224.116:995
45.246.236.229:995
46.109.133.87:995
46.198.224.75:995
46.198.230.134:995
46.198.231.254:995
46.246.152.214:995
46.246.211.36:995
46.246.232.45:995
47.16.64.215:2222
47.16.66.86:2222
47.16.67.55:2222
47.16.71.182:2222
47.16.75.156:2222
47.16.77.99:2222
47.187.58.22:2222
47.22.21.180:995
49.245.1.181:2222
49.245.116.127:8443
5.107.153.132:2222
5.54.48.152:995
5.54.78.224:995
5.54.79.204:995
5.80.85.133:2222
5.80.86.185:2222
59.88.166.218:993
59.88.27.148:993
59.88.31.188:993
59.88.31.209:993
60.189.130.84:995
60.189.154.183:995
60.189.157.90:995
60.189.190.127:995
61.1.37.136:993
62.1.22.187:995
62.38.114.12:2222
64.229.117.102:2078
64.229.117.102:2222
64.229.117.208:2222
64.229.198.170:2222
64.229.199.241:2222
64.229.199.64:2222
64.229.252.101:2222
64.231.113.66:2222
64.237.72.129:995
64.237.92.116:995
65.92.221.162:2222
65.93.35.185:2222
65.94.85.237:2222
65.95.141.177:2222
65.95.141.20:2222
65.95.141.235:2222
66.180.226.67:2222
66.180.234.4:2222
66.35.102.37:2222
66.35.121.181:2222
66.35.121.44:2222
66.35.121.89:2222
66.35.122.221:2222
66.35.125.199:2222
66.35.125.69:2222
66.35.126.117:2222
66.35.127.23:2222
66.35.127.81:2222
67.70.119.49:2222
67.70.120.249:2222
67.70.18.202:2222
67.70.21.11:2222
67.70.21.62:2222
67.70.22.155:2222
67.71.9.29:2222
67.71.9.30:2222
67.87.119.216:2078
67.87.119.216:2083
67.87.119.216:2222
69.114.91.79:993
69.114.94.211:993
69.114.94.71:993
69.119.123.186:2222
69.156.55.170:2222
69.158.122.202:2222
69.159.156.196:2222
69.159.156.8:2222
69.159.157.194:2222
69.159.157.2:2222
70.121.156.34:995
70.27.1.161:2222
70.27.1.248:2222
70.27.1.254:2222
70.27.163.191:2222
70.27.163.209:2222
70.29.120.124:2222
70.29.120.52:2222
70.29.122.116:2222
70.29.122.190:2222
70.29.122.227:2222
70.29.123.104:2222
70.29.123.212:2222
70.29.123.54:2222
70.48.45.207:2222
70.48.46.235:2222
70.48.75.126:2222
70.49.106.9:2222
70.49.133.93:2222
70.49.205.191:2222
70.49.205.198:2222
70.49.241.80:2222
70.50.1.252:2222
70.50.83.132:2222
70.50.83.216:2222
70.51.111.182:2222
70.51.132.145:2222
70.51.132.153:2222
70.51.132.7:2222
70.51.134.178:2222
70.51.247.250:2222
70.52.230.19:2222
70.52.230.210:2222
70.53.192.205:2222
70.53.192.55:2222
70.53.193.161:2222
70.53.193.177:2222
70.53.31.201:2222
70.53.71.151:2222
70.54.111.35:2222
70.55.15.42:2083
70.55.15.96:2222
71.29.114.93:995
71.29.69.95:995
71.30.208.132:995
71.31.9.226:995
71.31.9.49:995
72.252.153.64:995
73.226.175.11:995
74.12.144.146:2078
74.12.144.146:2083
74.12.144.146:2222
74.12.144.156:2078
74.12.144.156:2083
74.12.144.156:2222
74.12.145.206:2222
74.12.146.117:2083
74.12.146.117:2222
74.12.146.145:2083
74.12.146.205:2083
74.12.146.207:2078
74.12.146.207:2083
74.12.146.210:2078
74.12.146.210:2083
74.12.146.210:2222
74.12.146.220:2222
74.12.146.221:2083
74.12.146.221:2222
74.12.146.229:2083
74.12.146.236:2222
74.12.146.246:2078
74.12.146.246:2083
74.12.146.246:2222
74.12.146.30:2083
74.12.146.30:2222
74.12.146.44:2222
74.12.146.45:2078
74.12.146.45:2083
74.12.146.45:2222
74.12.146.4:2083
74.12.146.54:2222
74.12.146.93:2083
74.12.146.96:2078
74.12.146.96:2083
74.12.146.96:2222
74.12.147.102:2078
74.12.147.102:2083
74.12.147.102:2222
74.12.147.111:2222
74.12.147.112:2083
74.12.147.112:2222
74.12.147.121:2083
74.12.147.121:2222
74.12.147.139:2078
74.12.147.139:2222
74.12.147.149:2222
74.12.147.170:2083
74.12.147.170:2222
74.12.147.178:2083
74.12.147.178:2222
74.12.147.211:2078
74.12.147.211:2083
74.12.147.211:2222
74.12.147.214:2222
74.12.147.242:2083
74.12.147.242:2222
74.12.147.43:2083
74.12.147.59:2222
74.12.147.68:2222
74.12.147.72:2083
74.12.147.74:2083
74.12.147.74:2222
74.12.187.217:2222
74.12.245.63:2222
74.14.39.7:2222
74.14.68.187:2222
74.14.69.105:2222
74.14.69.21:2222
74.56.145.215:2222
75.156.126.33:995
75.90.40.229:995
75.90.41.83:995
75.90.81.22:995
76.142.13.8:2222
76.68.170.182:2222
76.68.170.211:2222
76.68.170.65:2222
76.71.119.9:2222
77.85.160.38:995
78.100.242.45:995
78.147.206.40:995
78.159.144.240:995
78.159.145.186:995
78.159.146.65:995
78.159.147.1:995
78.159.147.83:995
78.18.244.225:2222
78.69.150.56:2222
78.82.143.154:2222
78.87.242.218:995
78.87.244.147:995
78.87.248.225:995
78.87.249.106:995
79.107.136.188:995
79.107.141.79:995
79.107.148.139:995
79.107.149.43:995
79.107.149.66:995
79.130.51.242:2222
79.131.122.127:2222
79.131.122.129:2222
79.131.125.8:2222
79.131.182.35:2222
79.167.206.93:995
79.167.223.198:995
79.168.224.165:2222
80.201.208.115:2222
80.76.163.185:2222
80.76.163.187:2222
80.76.163.238:2222
80.76.163.38:2222
80.76.163.93:2222
81.150.169.174:2078
81.150.169.174:2083
81.150.169.174:2087
81.150.169.174:2222
81.254.198.114:2222
82.125.44.236:2222
83.110.223.7:22
83.110.72.242:2222
83.110.73.124:2222
83.110.74.222:2222
83.249.198.100:2222
84.213.236.225:995
85.247.67.210:2222
85.57.212.13:3389
85.84.114.251:993
86.126.125.245:2222
86.128.15.251:2222
86.130.9.139:2222
86.130.9.143:2222
86.130.9.144:2222
86.130.9.149:2222
86.130.9.155:2222
86.130.9.166:2222
86.130.9.178:2222
86.130.9.181:2222
86.130.9.186:2222
86.130.9.195:2222
86.130.9.211:2222
86.130.9.215:2222
86.130.9.219:2222
86.130.9.233:2222
86.130.9.242:2222
86.139.0.44:2222
86.142.237.226:2222
86.150.32.228:2222
86.153.18.118:2222
86.164.33.69:995
86.165.15.246:2222
86.165.225.165:2222
86.173.2.12:2222
86.176.144.144:2222
86.176.144.175:2222
86.176.144.208:2222
86.176.237.198:2222
86.178.219.105:2222
86.178.238.140:50000
86.178.33.62:2222
86.179.87.118:995
86.183.251.160:2222
86.183.251.253:2222
86.215.62.128:2078
86.222.101.244:2222
86.222.103.217:2222
86.222.153.88:2222
86.222.228.159:2222
86.222.77.167:2222
86.222.83.81:2222
86.222.92.165:2222
86.248.228.57:2078
86.96.75.225:2222
86.97.84.192:2222
86.97.100.95:2222
86.97.52.82:2222
86.97.70.4:2222
86.97.96.62:2222
86.98.110.234:2222
86.98.182.182:2222
86.99.51.64:2222
86.99.79.190:2222
87.149.116.32:995
87.149.121.9:995
87.220.204.58:2222
87.221.153.182:2222
87.221.196.10:2222
87.221.197.81:2222
87.252.106.235:995
87.252.107.125:995
87.252.107.29:995
89.152.20.11:2222
89.181.227.42:2222
89.32.156.21:995
89.32.156.4:995
89.32.156.5:995
89.32.157.169:995
89.32.158.24:995
89.32.159.148:995
89.36.204.135:995
89.36.206.188:995
89.36.206.3:995
89.36.206.69:995
90.164.29.160:3389
90.26.152.228:2222
90.28.169.79:2222
90.29.86.138:2222
90.4.184.29:2222
90.4.234.17:2222
90.59.204.6:2222
90.63.198.45:995
90.7.72.46:2222
90.74.114.35:3389
90.75.188.155:2222
90.90.21.132:2222
90.93.86.137:2222
91.35.220.47:995
91.35.223.215:995
92.135.0.154:2222
92.136.178.51:2222
92.17.119.217:2222
92.17.88.70:2222
92.17.93.207:2222
92.177.137.131:2222
92.186.137.74:2222
92.251.225.94:995
92.59.250.137:3389
92.9.44.234:2222
92.97.115.117:2222
92.97.115.206:2222
92.97.115.233:2222
92.97.115.25:2222
92.97.227.66:2222
92.98.108.85:2222
92.98.55.221:2222
92.99.0.152:2222
93.187.148.45:995
93.210.162.76:995
93.210.165.238:995
94.200.183.65:2222
94.59.123.30:2222
95.16.149.148:2222
95.230.110.222:995
95.45.50.93:2222
95.94.44.23:2222
96.237.16.36:995
96.242.126.116:2222
96.248.1.183:995
96.61.23.88:995
97.80.93.207:993
97.93.196.74:2083
98.19.227.246:995
99.199.102.29:3389

# Reference: https://github.com/pr0xylife/Pikabot/blob/main/Pikabot_17.10.2023.txt

http://116.203.159.191
http://140.82.31.164
http://195.201.90.237
http://45.63.106.193
185.106.94.152:13720
185.106.94.177:13721
80.85.140.43:9785
85.106.94.167:5631
/CouncillaryConurbation/ChPfsiBdKMzP4y?EpisiotomiesComendite=
/ChPfsiBdKMzP4y?EpisiotomiesComendite=
/ChPfsiBdKMzP4y

# Reference: https://twitter.com/DavidTy03461965/status/1600247738360553473

/index.php?QBOT.zip

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-10-17%20PikaBot_pdf%20IOCs

185.106.94.167:5631

# Reference: https://threatfox.abuse.ch/browse/malware/win.pikabot/ (# 2023-10-20)

112.17.156.233:5000
13.74.63.253:5000
136.144.250.203:5000
138.68.181.13:5000
139.144.61.197:5000
162.55.162.160:5000
178.62.83.104:5000
180.164.4.122:5000
180.165.50.68:5000
185.173.157.5:5000
20.8.169.71:5000
209.38.234.91:5000
211.97.132.10:5000
27.0.172.250:5000
3.110.15.165:5000
34.41.95.1:5000
46.101.42.93:5000
5.44.41.223:5000
78.128.216.142:5000
79.192.179.91:5000
79.192.184.205:5000
79.192.186.241:5000
79.192.187.162:5000
84.177.194.19:5000
93.214.157.247:5000
93.46.22.251:5000

# Reference: https://threatfox.abuse.ch/browse/malware/win.qakbot/ (# 2023-10-21)

103.12.133.137:2222
103.141.50.67:995
103.156.170.229:995
103.212.121.159:2087
104.157.102.161:995
105.103.32.59:995
105.103.4.173:2078
105.103.4.173:993
105.103.4.173:995
105.103.47.54:995
105.108.15.91:993
105.108.241.208:995
105.109.175.169:995
108.4.77.65:995
109.128.233.165:995
109.145.252.40:2222
109.153.244.129:2222
117.195.17.160:993
117.215.21.245:993
117.215.23.117:993
117.215.23.136:993
121.121.100.14:995
121.121.101.31:995
121.209.149.131:2222
123.3.240.16:6881
149.109.244.197:2087
154.246.116.114:993
154.246.116.114:995
154.246.155.34:993
154.246.183.217:995
154.246.187.75:2078
154.246.187.75:995
154.246.230.147:993
154.246.27.228:2078
154.246.27.228:993
154.246.40.101:2078
154.246.62.35:993
154.247.162.174:995
154.247.162.40:993
154.247.166.34:995
154.247.17.83:995
154.247.41.123:993
154.247.93.3:993
161.142.98.51:995
167.56.64.193:995
167.56.65.55:995
176.44.107.223:995
176.44.77.18:995
176.44.90.218:995
185.51.171.119:2222
188.48.113.130:995
188.49.64.23:995
189.177.16.50:995
190.133.143.232:995
190.134.140.205:995
193.92.178.156:995
2.50.16.113:995
2.50.16.128:995
2.88.202.44:995
200.109.11.231:2222
201.124.62.185:995
217.165.235.169:22
24.191.213.132:2083
31.117.136.251:2222
31.117.143.39:2222
31.117.18.15:2222
31.117.219.190:2222
37.210.162.30:995
37.6.55.225:995
39.40.157.96:995
39.40.190.194:995
39.40.191.36:995
45.243.214.108:995
50.60.142.170:995
70.121.206.30:2078
70.29.101.16:2222
70.29.135.118:2222
70.48.203.137:2222
70.49.245.46:2222
70.49.34.218:2222
70.49.35.13:2222
70.49.35.198:2222
70.52.230.48:2222
74.12.145.206:2083
74.12.145.207:2222
74.12.146.184:2222
74.12.146.225:2222
74.12.146.52:2083
74.12.146.52:2222
74.12.146.78:2078
74.12.147.233:2083
74.12.147.233:2222
76.68.170.117:2222
77.49.187.148:995
77.49.51.13:995
78.19.226.207:2222
78.19.233.19:2222
79.107.159.93:995
79.130.56.110:2222
79.130.61.1:2222
84.155.11.37:995
84.155.8.44:995
84.177.192.91:5000
84.177.201.3:5000
86.144.119.95:2222
86.192.202.10:2222
86.222.89.196:2222
90.119.132.253:2078
90.4.113.105:2222
90.4.65.117:2222
92.191.244.29:2222
94.49.28.3:995
97.118.24.246:993

# Reference: https://github.com/pr0xylife/Pikabot/blob/main/Pikabot_23.10.2023.txt

http://144.202.21.156
http://144.202.90.10
http://45.32.194.209
http://64.176.214.231
http://65.108.145.212
http://65.108.81.144
http://66.42.96.41
http://95.216.153.152
154.221.30.136:13724
154.92.19.139:2222
15.235.143.190:2224
155.138.156.94:5243
51.68.146.19:5242
/angarepPlasmophagous/P1WaaD9XaxgjV9?theatronCingulectomy=
/P1WaaD9XaxgjV9?theatronCingulectomy=
/P1WaaD9XaxgjV9

# Reference: https://twitter.com/Threatlabz/status/1716492689036951591

103.231.93.15:5631
139.99.216.90:13720
154.12.252.84:23399
156.251.137.134:5000
196.218.123.202:13783
197.207.16.196:2078
5.163.177.151:995
74.12.146.225:2083
77.49.83.103:995
85.215.218.128:5243

# Reference: https://github.com/pr0xylife/Pikabot/blob/main/Pikabot_24.10.2023.txt

http://155.138.224.36
http://216.128.135.12
http://45.63.67.40
139.144.215.192:13785
139.144.31.103:1194
139.177.198.199:2226
172.232.188.124:2083
172.232.24.58:2226
172.233.186.50:5632
172.233.187.145:2226
172.234.29.13:2224
176.58.102.36:2225
185.106.94.167:5631
198.244.141.4:9785
217.69.8.229:13782
216.128.176.211:2222
45.33.76.163:2223
45.79.147.119:9785
45.79.174.92:1194
/holdable/aeoAdIPXrgFyXmJ1?TapetaCockbilled=
/holdable/aeoAdIPXrgFyXmJ1
/aeoAdIPXrgFyXmJ1

# Reference: https://twitter.com/Tac_Mangusta/status/1717173093855101178
# Reference: https://twitter.com/pr0xylife/status/1717188151175696769
# Reference: https://app.any.run/tasks/0e9ec157-67fa-4338-a498-3f237d9ba38b/

http://49.13.119.72
http://49.13.119.73

# Reference: https://twitter.com/Threatlabz/status/1717243502181208208

154.61.75.156:2078

# Reference: https://github.com/pr0xylife/Pikabot/blob/main/Pikabot_27.10.2023.txt

http://65.108.216.128
http://95.216.204.145
/nastier/YaEq5oFpdVHuvOuYK?SuperannuitiesConsolidant=
/nastier/YaEq5oFpdVHuvOuYK
/YaEq5oFpdVHuvOuYK

# Reference: https://twitter.com/James_inthe_box/status/1719006281405731081
# Reference: https://app.any.run/tasks/28cc4691-5e13-4ec2-ae90-c2f835af242e/

http://128.140.77.217

# Reference: https://twitter.com/Threatlabz/status/1719031924134711713 (# Pikabot)

104.200.28.75:2222
139.162.147.197:2225
158.247.210.203:2222
172.233.185.220:5242
172.234.16.175:2083
202.182.121.203:2083
45.76.208.235:23399
50.116.54.138:13724

# Reference: https://threatfox.abuse.ch/browse/malware/win.pikabot/ (# 2023-10-30)

65.20.82.17:5938
79.192.178.52:5000
84.177.193.163:5000

# Reference: https://github.com/pr0xylife/Pikabot/blob/main/Pikabot_31.10.2023.txt

http://49.13.119.242
http://49.13.94.145
15.235.45.155:2221
15.235.47.80:23399
51.195.232.97:13782
51.79.143.215:13783

# Reference: https://threatfox.abuse.ch/browse/malware/win.pikabot/ (# 2023-10-31)

http://149.28.72.201
http://188.34.192.184
http://208.167.242.194
http://45.76.171.107
139.144.97.180:2224
140.82.56.164:5632
51.68.147.114:2083

# Reference: https://threatfox.abuse.ch/browse/malware/win.pikabot/ (# 2023-11-01)
# Reference: https://github.com/pr0xylife/Pikabot/blob/main/Pikabot_01.11.2023.txt

http://128.140.71.198
http://45.77.79.67
http://49.13.94.147
http://64.176.193.25
104.237.145.83:2083
105.186.229.243:995
15.235.202.109:2226
15.235.47.206:13783
167.179.103.206:2083
172.233.154.98:13785
222.65.177.80:995
45.32.140.39:2078
45.33.85.73:13721
51.68.144.135:2083
74.12.145.223:2083
84.177.201.52:5000
85.209.11.185:2083
/centenarians/lKPg1pFErZsGA?mbunda=
/centenarians/lKPg1pFErZsGA
/lKPg1pFErZsGA
/GrahamPerissodactylous/YPk8vJZ76hyzQ?wolffianismCoiffeurs=
/GrahamPerissodactylous/YPk8vJZ76hyzQ
/YPk8vJZ76hyzQ

# Reference: https://twitter.com/reecdeep/status/1720042047162204215
# Reference: https://app.any.run/tasks/2a3c4585-dd12-4f81-88d0-d4bceb7674b5/

http://216.128.185.29
188.26.127.4:13785

# Reference: https://github.com/pr0xylife/Pikabot/blob/main/Pikabot_02.11.2023.txt

http://216.128.185.35
http://45.77.72.139
/clotheshorsesFieldman/9jotehkMFmvUEZ?superlied=
/clotheshorsesFieldman/9jotehkMFmvUEZ
/9jotehkMFmvUEZ

# Reference: https://github.com/threatlabz/iocs/blob/main/pikabot/c2s_20231102.txt

15.235.44.231:5938
210.243.8.247:23399

# Reference: https://twitter.com/marqufabi/status/1720451443113570316
# Reference: https://www.virustotal.com/gui/file/a343e73212e34e59fbecf73785e1c162ce85986b744a3eb14c91adbf0722f2c6/detection

65.20.84.254:13783

# Reference: https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2023-11-02-IOCs-for-TA577-Pikabot-activity.txt

104.238.144.171:2221
158.247.197.73:23399
158.247.202.180:13783
198.13.58.126:2223
65.20.84.3:2221
95.179.141.41:1194

# Reference: https://twitter.com/reecdeep/status/1720415372669592047
# Reference: https://app.any.run/tasks/06e4d0e3-00f1-436e-bdd4-ac2c52fe0ca5/

http://104.238.156.73
http://149.28.15.251
http://216.128.180.51

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-11-02%20TA577_PikaBot%20IOCs

http://128.140.101.167
http://49.12.245.25
http://49.13.28.84

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-11-03%20TA577_PikaBot%20IOCs

/DecussoriumAprioristic/aj1sEe8eFDbHUUY2N?UnbledUnfatigueable=
/DecussoriumAprioristic/aj1sEe8eFDbHUUY2N
/aj1sEe8eFDbHUUY2N

# Reference: https://github.com/pr0xylife/Pikabot/blob/main/Pikabot_06.11.2023.txt
# Reference: https://twitter.com/reecdeep/status/1721536564214313220

http://149.248.1.76
http://45.32.80.240
http://66.42.101.54
136.244.98.80:13783
149.248.53.65:2221
154.221.30.136:13724
158.247.246.182:2226
207.246.111.127:13786
45.76.103.152:13720
/interlopedParabolically/7Yt6ScQ2bs3NtweY?BowspritTympanicity=
/interlopedParabolically/7Yt6ScQ2bs3NtweY
/7Yt6ScQ2bs3NtweY

# Reference: https://twitter.com/phage_nz/status/1721635163288048039
# Reference: https://app.any.run/tasks/3cc5bf98-6c7b-46d4-8248-46079c973607/

http://167.235.241.120

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-11-06%20TA577%20PikaBot%20IOCs

http://49.13.119.230

# Reference: https://github.com/pr0xylife/Pikabot/blob/main/Pikabot_07.11.2023.txt

http://108.61.219.39
http://188.34.163.57
http://45.32.206.198
http://45.32.223.151
http://49.12.74.9
/TrichinopolyUncontriving/uiDV6mKfgGakdg?unshelledSplitnut=
/TrichinopolyUncontriving/uiDV6mKfgGakdg
/uiDV6mKfgGakdg

# Reference: https://twitter.com/reecdeep/status/1722616366719779304

http://49.13.31.14
http://49.13.31.229
http://49.13.75.67

# Reference: https://twitter.com/reecdeep/status/1722628068328829343
# Reference: https://app.any.run/tasks/1092cd8b-7a17-40c3-87de-c4c91f45722b/

141.164.56.189:1194
149.28.49.170:23399
154.12.255.254:23399
158.247.215.68:2225
217.69.14.55:13724
65.20.77.19:5242
95.179.182.147:2078
95.179.206.77:13782
/offense/EAYnKzfbY60bQMG?Calligram=
/offense/EAYnKzfbY60bQMG
/EAYnKzfbY60bQMG

# Reference: https://twitter.com/Tac_Mangusta/status/1722994869868625946
# Reference: https://threatfox.abuse.ch/browse/malware/win.pikabot/ (# 2023-11-10)

http://128.140.59.162
http://137.22.52.180
http://137.220.52.180
http://149.28.104.11
http://168.119.154.12
http://49.13.6.174
139.180.168.216:13786
167.179.100.211:2221
70.34.223.131:5938
70.34.242.159:5243
91.215.85.154:60859
95.179.214.49:5242

# Reference: https://github.com/pr0xylife/Pikabot/blob/main/Pikabot_15.11.2023.txt

158.247.196.155:9785
45.32.232.31:13782

# Reference: https://threatfox.abuse.ch/browse/malware/win.pikabot/ (# 2023-11-15)

155.138.132.163:13786
172.104.12.76:5242
172.232.189.83:5243
172.232.189.84:23399
45.33.69.35:5242
97.107.131.224:13782

# Reference: https://github.com/pr0xylife/Pikabot/blob/main/Pikabot_17.11.2023.txt

172.233.156.100:13721
207.148.93.23:2221
45.32.244.94:9785
64.176.190.166:2222
/Dowable/2EzQoMJW0E7sBJdFc?carman=
/Dowable/2EzQoMJW0E7sBJdFc
/2EzQoMJW0E7sBJdFc

# Reference: https://github.com/pr0xylife/Pikabot/blob/main/Pikabot_21.11.2023.txt

137.220.55.190:2223
139.180.216.25:2967
154.61.75.156:2078
154.92.19.139:2222
158.247.253.155:2225
172.233.156.100:13721
70.34.209.101:13720
/cervicobrachial/oIP7xH86DZ6hb?vermixUnintermixed=
/cervicobrachial/oIP7xH86DZ6hb
/oIP7xH86DZ6hb

# Reference: https://github.com/threatlabz/iocs/blob/main/pikabot/c2s_20231121.txt

64.176.5.228:13783
64.176.67.194:2967
65.20.78.68:13721

# Reference: https://threatfox.abuse.ch/browse/malware/win.qakbot/

105.103.32.59:2078
105.103.32.59:993
105.108.190.169:993
105.108.190.169:995
105.108.244.33:995
105.108.28.61:993
105.108.34.102:993
105.108.67.184:2078
105.108.67.184:995
108.49.159.2:990
116.240.153.7:6881
117.215.21.86:993
121.121.100.15:995
154.246.142.0:995
154.247.138.6:993
154.247.138.6:995
154.247.164.68:2078
154.247.164.68:995
154.247.26.20:993
154.247.26.20:995
154.247.49.145:995
154.247.78.2:993
167.58.248.182:995
176.92.103.90:995
178.191.199.121:995
189.177.78.206:995
190.133.226.233:995
190.133.226.55:995
195.74.225.69:995
197.207.16.196:993
197.207.16.196:995
2.50.137.105:995
2.50.137.63:995
2.50.140.194:995
2.50.140.239:995
2.50.16.232:995
2.50.51.180:22
201.210.66.73:2222
202.187.224.69:995
218.82.116.209:995
218.82.118.55:995
222.65.182.181:995
31.117.163.31:2222
39.40.170.3:995
39.40.176.9:995
39.40.185.182:995
41.228.217.54:995
41.228.9.213:995
45.243.149.89:995
45.243.150.130:995
5.163.121.139:995
5.163.176.106:995
59.88.173.195:993
64.229.117.137:2078
70.27.15.45:2222
70.27.167.188:2222
74.12.145.223:2222
74.12.146.31:2083
74.12.146.31:2222
74.12.146.78:2083
74.12.146.78:2222
74.12.147.74:2078
78.19.233.36:2222
79.107.143.244:995
79.130.58.74:2222
81.151.251.196:2222
83.110.90.112:995
85.209.11.185:2078
85.209.11.185:8443
85.49.243.230:2222
86.177.13.103:2222
86.207.26.60:2222
86.236.11.235:2222
86.96.83.12:2222
90.4.110.244:2222
90.4.74.222:2222
90.75.186.255:2222
91.180.67.255:2222
92.20.206.17:2222
97.118.20.114:993
97.118.9.180:993

# Reference: https://github.com/pr0xylife/IcedID/blob/main/icedID_28.11.2023.txt

http://128.140.36.37
http://157.90.166.88
http://162.55.217.30
/0.7071057850127558.dat
/0.8392080340563924.dat
/0.8566793715190715.dat

# Reference: https://threatfox.abuse.ch/browse/tag/QakBot/ (# 2023-12-03)

105.184.83.153:995
109.145.253.114:2222
117.215.20.211:993
119.82.91.203:2078
154.247.143.65:2078
158.220.90.199:2083
176.44.74.186:995
188.48.72.229:995
188.54.108.188:995
190.133.135.49:995
190.133.154.174:995
190.134.148.34:995
2.50.137.133:995
2.50.16.126:995
201.103.222.151:995
201.210.77.83:2222
201.249.29.196:2222
31.117.215.3:2222
31.117.63.201:2222
37.186.58.149:995
37.210.154.95:995
39.40.144.179:995
39.40.147.178:995
46.246.164.179:995
50.60.129.187:995
62.1.61.208:995
65.95.192.151:2222
67.71.53.228:2222
69.159.156.197:2222
70.27.15.38:2222
70.55.15.128:2222
74.12.145.135:2222
74.12.145.202:2222
74.12.146.100:2222
74.12.146.185:2222
74.12.147.243:2222
78.101.93.137:995
78.18.235.102:2222
79.107.143.68:995
79.107.150.55:995
84.155.4.20:995
85.49.243.234:2222
85.95.113.17:995
86.135.53.12:2222
86.175.81.191:2222
86.176.237.252:2222
86.222.183.241:2222
86.99.54.50:2222
90.75.186.255:2222
93.210.174.102:995
95.219.208.187:2087
95.68.46.156:995

# Reference: https://threatfox.abuse.ch/ioc/1210918/

199.247.15.68:5938

# Reference: https://github.com/pr0xylife/Pikabot/blob/main/Pikabot_06.12.2023.txt

154.221.30.136:13724
154.61.75.156:2078
207.148.103.233:2967
210.243.8.247:23399
45.63.26.148:2224
65.20.77.81:5242
78.141.222.198:13786
/hostless/6lwGSLU3l36WZlbmu?thrombus=
/hostless/6lwGSLU3l36WZlbmu
/6lwGSLU3l36WZlbmu

# Reference: https://twitter.com/reecdeep/status/1732728405332775279
# Reference: https://app.any.run/tasks/23f60840-fea1-43dd-afb6-8835f00f614a/

108.61.224.209:2967
139.84.235.8:2225
192.248.151.140:23399
216.128.136.231:13786
45.32.235.46:5242

# Reference: https://threatfox.abuse.ch/browse/malware/win.pikabot/ (# 2023-12-07)

109.107.182.10:64876
155.138.203.158:1194
158.220.103.150:5632
158.220.90.198:2083
161.97.97.181:2083
161.97.98.95:2083
31.220.96.162:2224
45.137.192.63:23399
45.137.192.84:2223
45.32.188.56:2967
46.250.241.191:13721
46.250.241.197:5000
46.250.242.53:5000
64.176.218.254:9785
64.176.225.21:2225
65.20.74.26:2221
70.34.207.219:5000

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-12-07%20TA577%20PikaBot%20IOCs

/Septibranchiata/0Ks0OROrheWMXy?ConjurisonHarmonizable=
/Septibranchiata/0Ks0OROrheWMXy
/0Ks0OROrheWMXy

# Reference: https://github.com/pr0xylife/Pikabot/blob/main/Pikabot_08.12.2023.txt

/turkologist/27mCKqTxucaAPu5fl?upbredPreferrers=
/turkologist/27mCKqTxucaAPu5fl
/27mCKqTxucaAPu5fl

# Reference: https://twitter.com/reecdeep/status/1734211904724214039
# Reference: https://app.any.run/tasks/ef141de6-b1a7-424b-ae48-1a3582208c54/

109.123.227.50:13782
109.123.227.54:13785
154.38.184.5:9785
65.20.82.254:5243
65.20.98.24:13783
66.42.80.169:5631
/Grithbreach/RsQMVvI2icgPQDx?outrances=
/Grithbreach/RsQMVvI2icgPQDx
/RsQMVvI2icgPQDx

# Reference: https://threatfox.abuse.ch/browse/malware/win.pikabot/ (# 2023-12-12)

139.180.185.171:2222
154.38.184.18:2225
154.38.184.3:2223
feritins.com
graytoner.com
kulasid.com
liokinch.com
rosceman.com
rositan.com

# Reference: https://github.com/pr0xylife/Pikabot/blob/main/Pikabot_12.12.2023.txt

filersed.com
frasana.com
kelsoret.com
lorented.com
martenesid.com

# Reference: https://github.com/pr0xylife/Pikabot/blob/main/Pikabot_13.12.2023.txt

107.191.47.85:5243
149.28.17.176:1194
172.232.163.111:5938
172.232.163.208:2224
172.232.164.159:5632
172.232.164.77:5000
172.232.175.59:5938
192.248.183.93:5632
199.247.8.136:13786
45.32.253.21:2083
64.176.66.137:5000
64.176.68.223:13785
95.179.212.178:13782
fertelion.com
limperus.com
orionparti.com
/soliciteePhaeophyceae/2EzQoMO1Bzd7h?Matriliny=
/soliciteePhaeophyceae/2EzQoMO1Bzd7h
/2EzQoMO1Bzd7h

# Reference: https://twitter.com/doc_guard/status/1735304628047065322
# Reference: https://app.docguard.io/d36e65cba784859cf1d201563c489bdd4ad51913955612a68a6d2b9919d511d7/results/dashboard

brouweres.com
egnersi.com
hukerpinta.com
/0.13499419908719057.dat
/0.6736360513138666.dat
/0.8979626840778223.dat

# Reference: https://github.com/pr0xylife/Pikabot/blob/main/Pikabot_14.12.2023.txt

172.232.162.198:13721
172.232.173.219:5938
172.232.186.251:5632
51.83.253.102:9785
57.128.108.132:13785
57.128.164.11:5242
57.128.83.129:2078
/spleuchan/48GpJ9LiTcaZZIk4b?fofarraw=
/spleuchan/48GpJ9LiTcaZZIk4b
/48GpJ9LiTcaZZIk4b

# Reference: https://github.com/pr0xylife/Pikabot/blob/main/Pikabot_15.12.2023.txt

13.68.199.77:8443
139.99.222.29:5631
141.95.108.252:2078
154.211.12.126:2967
172.232.173.141:2226
39.99.222.29:5631
45.76.98.136:2221
51.83.253.102:9785
54.84.110.180:443
57.128.108.132:13785
57.128.109.221:13724
57.128.164.11:5242
baumbachers.com
ionister.com
keebling.com
/0.0697576491133986.dat
/0.535636157609684.dat
/0.8189976546523916.dat
/MegazoosporeOmnigerent/7Yt6SQKVAaTrIFZ?Telescopist=
/MegazoosporeOmnigerent/7Yt6SQKVAaTrIFZ
/7Yt6SQKVAaTrIFZ

# Reference: https://twitter.com/MsftSecIntel/status/1735856754427047985
# Reference: https://twitter.com/Threatlabz/status/1735863156738871470
# Reference: https://twitter.com/1ZRR4H/status/1735944522075386332

45.138.74.191:443
65.108.218.24:443
78.46.200.68:443
85.209.11.185:8443
95.215.108.29:443
/teorema505

# Reference: https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2023-12-15-IOCs-for-TA577-Pikabot-infection.txt

/0.0489649759978486.dat
/0.10875332025895956.dat
/0.8975268370755537.dat

# Reference: https://threatfox.abuse.ch/browse/malware/win.pikabot/ (# 2023-12-17)

141.95.108.72:443
149.28.189.244:2222
167.179.93.21:1194
172.232.163.182:2222
172.232.170.25:13724
31.210.51.93:443
46.250.241.188:1194
54.37.79.82:2223
57.128.103.99:2078
65.20.115.154:5243
66.135.31.146:2078
feeneypol.com
frensterol.com
re-tend.com
rimaflower.com
smithroses.com
/0.1038985448688931.dat
/0.3471177474760533.dat
/0.34937124772636113.dat
/0.4035500292244842.dat
/0.6922216472156167.dat
/0.9664885522260009.dat

# Reference: https://threatfox.abuse.ch/browse/tag/QakBot/ (# 2023-12-17)

121.121.101.66:995
146.90.54.217:2222
154.246.129.44:2078
154.247.212.17:2078
154.247.69.81:2078
157.125.39.240:2222
176.44.74.147:995
2.99.39.197:2222
202.187.231.188:995
204.112.31.191:2222
212.70.96.40:995
31.117.89.179:2222
37.210.152.94:995
37.210.173.38:995
39.40.129.186:995
59.88.27.251:993
74.12.145.230:2078
74.12.145.230:2222
74.12.146.140:2222
78.100.247.56:995
78.18.253.32:2222
83.110.89.159:995
83.110.94.40:995
83.110.95.233:995
86.151.194.13:2222
89.211.179.184:995
90.4.96.247:2222
92.97.230.204:2222
94.49.43.7:995

# Reference: https://github.com/pr0xylife/Pikabot/blob/main/Pikabot_18.12.2023.txt

149.28.100.66:5243
172.232.189.166:1194
172.232.54.192:2224
45.56.71.218:13724
45.76.96.172:2223
51.161.81.190:13721
65.20.85.39:2967
78.141.200.111:5938
/GarbureRustred/cOm3SjHPWZsK6N?GlazenUrticant=
/GarbureRustred/cOm3SjHPWZsK6N
/cOm3SjHPWZsK6N

# Reference: https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2023-12-18-IOCs-for-Pikabot-with-Cobalt-Strike.txt

155.138.140.156:13720
208.76.221.253:13724
216.238.79.12:2221
45.33.15.215:2967
45.76.119.22:13724
45.76.22.139:13786
64.176.13.28:2083
69.164.213.141:5631
70.34.196.219:2226
78.141.223.212:1194
95.179.247.197:13782

# Reference: https://github.com/pr0xylife/Pikabot/blob/main/Pikabot_20.12.2023.txt

104.207.143.168:2222
107.191.56.230:13783
139.180.137.30:5000
149.28.252.250:5000
172.232.161.248:13783
172.232.162.62:2083
172.232.190.249:5631
216.128.151.26:13782
216.128.179.120:2967
64.176.67.92:2078
65.20.78.70:2967
/NonqualitativeSextern/OFPV4IblU94camoq?Leafless=
/NonqualitativeSextern/OFPV4IblU94camoq
/OFPV4IblU94camoq

# Reference: https://github.com/pr0xylife/Pikabot/blob/main/Pikabot_21.12.2023.txt

109.123.227.147:5243
109.123.227.166:5938
109.123.227.170:5632
109.123.227.174:23399
144.91.113.0:13721
154.38.164.50:5243
154.38.185.132:13786
154.38.185.135:13782
154.38.185.136:5243
154.38.185.138:13786
172.232.172.171:13721
172.232.172.228:2221
172.232.189.134:2221
172.232.189.141:2078
172.232.7.224:9785
172.234.224.202:13785
185.187.235.158:23399
46.250.253.58:5243
5.180.151.180:2224
5.180.151.194:5631
85.239.237.153:5632
89.117.55.178:2083
/0.021897107532453885.dat
/0.047309185337448434.dat
/0.10488555301618846.dat
/0.13824204127652134.dat
/0.17061133165068715.dat
/0.20412468885981988.dat
/0.44170515690096146.dat
/0.45625095726666564.dat
/0.4591530178148502.dat
/0.5119460133828262.dat
/0.5687043298865158.dat
/0.5720348080422888.dat
/0.5991546204420577.dat
/0.6508004520633979.dat
/0.6552612703498036.dat
/0.6803039392149672.dat
/0.7070941415013887.dat
/0.7466311972818431.dat
/0.7525996060696272.dat
/0.844468240812589.dat
/0.9681228263349928.dat
/0.9908375425521456.dat
/unbosom/1WqM4mFBGRWNDnhRL?octapody=
/unbosom/1WqM4mFBGRWNDnhRL?
/1WqM4mFBGRWNDnhRL

# Reference: https://github.com/pr0xylife/Pikabot/blob/main/Pikabot_22.12.2023.txt

adanacamasiryikama.com
adanacigkoftesiparis.com
doorbell.api.net.bd
expressreparation.com
ezprocess.com.br
fineclippingpath.com
humaurapp.com
iniofer.com
kartvizitfiyatlari.com
mexicopostalcode.com
sakshiconstructioncompany.com
techcloudes.com
trenierad.com
ucakbiletsorgulama.com
/slowness/YeLLdXhxPozWAJMhK?spinosity=
/slowness/YeLLdXhxPozWAJMhK?
/YeLLdXhxPozWAJMhK

# Reference: https://threatfox.abuse.ch/browse/tag/QakBot/ (# 2023-12-24)

101.184.150.149:2222
108.173.65.146:995
117.195.19.125:993
149.74.155.98:2222
154.246.232.161:2078
154.246.4.124:2078
154.247.156.61:2078
154.247.243.68:2078
180.162.229.35:995
188.49.121.152:995
188.54.122.204:995
188.54.54.75:995
2.50.137.78:995
200.44.216.55:2222
31.117.121.90:2222
37.186.58.134:995
5.163.188.229:995
67.247.14.242:995
69.156.151.155:2222
69.159.0.71:2222
74.12.145.104:2222
74.12.145.72:2078
74.12.145.72:2222
79.130.49.76:2222
79.130.53.195:2222
83.213.202.225:993
89.211.213.245:995
92.99.190.143:2222
93.210.172.20:995
94.49.0.237:995
94.49.34.145:995
95.215.108.41:2222
97.99.69.38:2222
deracak.com
fikqso.com
ilapset.com
utokra.com
weswtef.com
wewesuga.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.pikabot/ (# 2023-12-24)

109.123.227.104:2221
109.123.227.158:2223
109.123.227.167:5938
172.232.172.117:1194
172.232.188.4:2226
172.232.189.146:2078
192.248.174.52:5631
78.47.233.121:443
85.239.243.3:23399
89.117.55.179:2083
seovdetech.com
shakyastatuestrade.com

# Reference: https://twitter.com/K_N1kolenko/status/1739181776033997077

adanacamasiryikama.com/BDs19Ul/
adanacigkoftesiparis.com/ViUbB/
allengi.com.ng/QwN/
bajarangabali.com.np/OW8i/
doorbell.api.net.bd/j2l1/
easycartbd.com/5pj6O/
empreenda.vc/VjX/
expressreparation.com/cBB/
sakshiconstructioncompany.com/bc1WDy2/
ucakbiletsorgulama.com/U14/
fineclippingpath.com/zD6AAu/
kartvizitfiyatlari.com/rLhb/
mexicopostalcode.com/51h6Kn/
mrenterprises.tech/OUiujYU/
nacolnist.edu.np/8CwNbP/
newsnarayan.com/N44a38c/
po-iq.org/l8BFIV6/

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-12-19%20TA577%20PikaBot%20IOCs

/Pashaship/Y7FfckjVh26GlV7TK?geryonidCentripetal=
/Pashaship/Y7FfckjVh26GlV7TK?
/Y7FfckjVh26GlV7TK

# Reference: https://threatfox.abuse.ch/browse/tag/QakBot/ (# 2024-01-03)

103.156.171.39:995
104.157.2.130:995
108.173.84.82:995
108.173.85.144:995
109.242.113.157:995
146.198.234.107:2222
154.246.208.179:2078
154.246.34.250:2078
167.56.198.104:995
172.242.145.126:995
173.24.8.121:2222
176.143.232.60:995
176.44.122.88:995
176.44.67.57:995
184.96.134.78:993
184.96.139.136:993
185.117.90.142:2222
188.116.26.246:2222
188.173.33.11:993
190.133.134.78:995
190.134.210.144:995
190.134.40.100:995
193.92.197.7:995
193.92.72.247:995
196.77.31.193:995
2.50.137.114:995
2.50.16.116:995
2.50.16.175:995
2.50.16.211:995
2.50.16.38:995
2.50.16.89:995
2.50.44.179:22
2.6.197.29:2222
2.6.248.148:2222
2.6.65.183:2222
2.88.137.97:995
2.91.186.255:995
200.109.203.57:2222
201.124.131.54:995
212.70.106.243:995
212.70.96.106:995
217.165.232.250:22
24.45.146.88:995
24.46.78.214:2222
24.46.79.89:2222
27.99.41.173:2222
31.117.111.217:2222
31.117.127.145:2222
31.117.179.232:2222
31.117.230.129:2222
31.117.56.211:2222
31.117.79.172:2222
37.186.54.251:995
37.186.58.51:995
37.56.101.159:995
39.40.158.169:995
39.40.159.189:995
39.40.168.159:995
39.51.167.185:995
41.111.0.243:2078
5.163.116.174:995
51.211.216.76:995
69.156.55.183:2222
69.159.0.230:2222
70.27.15.149:2222
74.12.145.184:2078
74.12.145.184:2222
74.12.146.125:2078
74.12.146.125:2222
74.12.146.165:2078
74.12.146.183:2222
74.12.146.19:2078
74.12.146.19:2222
74.12.146.31:2078
74.12.146.61:2078
74.12.146.61:2222
74.12.146.79:2078
74.12.146.79:2222
74.12.146.80:2078
74.12.146.80:2222
74.12.147.43:2078
74.12.147.43:2222
74.12.147.6:2078
77.49.83.47:995
77.73.39.175:1194
78.100.225.8:995
78.100.236.181:995
78.100.238.179:995
78.101.236.188:995
78.101.91.145:995
78.17.151.18:2222
78.19.226.168:2222
79.130.54.8:2222
79.131.125.119:2222
79.131.126.152:2222
83.110.92.202:995
85.54.165.23:2222
86.122.248.34:2222
86.190.166.153:2222
86.236.26.94:2222
86.96.74.166:2222
86.96.75.73:2222
90.4.110.126:2222
90.4.191.148:2222
90.4.242.46:2222
92.97.118.181:2222
92.97.227.10:2222
94.49.28.52:995
94.49.45.216:995
95.215.108.41:1194

# Reference: https://twitter.com/Cryptolaemus1/status/1750664440138043544
# Reference: https://twitter.com/Cryptolaemus1/status/1750894328661094410

http://91.92.248.152
116.202.110.87:443
146.70.158.28:6882
185.117.90.142:6882
185.156.172.62:443
77.73.39.175:32103
amacey.com
kitronits.com

# Reference: https://threatfox.abuse.ch/browse/tag/QakBot/ (# 2024-02-04)

154.246.150.122:2078
154.246.153.209:2078
154.247.198.92:2078
154.247.28.232:2078
194.219.192.97:995
2.49.56.253:2222
2.87.13.117:2222
31.117.0.33:2222
45.243.218.9:995
47.17.109.197:2222
5.163.239.151:995
74.12.144.248:2078
74.12.144.248:2222
74.12.146.248:2078
74.12.146.248:2222
79.107.138.79:995
79.107.143.65:995
79.130.53.226:2222
86.122.235.152:2222
86.190.166.133:2222
86.222.181.33:2222
90.42.9.121:2222
91.140.64.57:995
94.98.74.63:2087
96.87.28.171:2222

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2024-02-09%20TA577%20PikaBot%20IOCs

158.220.80.167:2967
178.18.246.136:2078
23.226.138.143:2083
23.226.138.161:5242
37.60.242.85:9785
37.60.242.86:2967
85.239.243.155:5000

# Reference: https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2024-02-08-IOCs-from-TA577-Pikabot-infection.txt

104.129.55.103:2224
158.220.80.157:9785
gloverstech.com
/0.526635390798647.dat

# Reference: https://github.com/pr0xylife/Pikabot/blob/main/Pikabot_08.02.2024.txt

104.129.55.104:2223
139.84.237.229:2967
65.20.66.218:5938
95.179.191.137:5938

# Reference: https://threatfox.abuse.ch/browse/tag/QakBot/ (# 2024-02-11)

105.155.185.229:995
109.145.252.188:2222
109.255.66.174:995
121.121.101.183:995
121.121.101.33:995
149.109.109.136:2087
154.247.41.221:2078
160.176.66.130:995
167.56.197.73:995
176.44.89.132:995
187.170.239.221:995
188.54.98.85:995
201.124.86.37:995
31.117.188.253:2222
39.40.155.114:995
41.201.100.168:2078
41.251.199.21:995
45.243.131.12:995
5.194.147.107:2222
67.71.30.49:2078
67.71.30.57:2078
67.71.30.57:2222
69.58.144.52:2078
70.31.125.60:2078
78.18.250.125:2222
78.19.61.12:2222
79.107.157.38:995
84.155.10.84:995
84.237.209.170:995
86.194.132.111:2222
97.118.34.90:993

# Reference: https://twitter.com/Cryptolaemus1/status/1755984962979795433

professionalficars.com
wealthygradi.com

# Reference: https://github.com/pr0xylife/Pikabot/blob/main/Pikabot_12.02.2024.txt

86.38.225.105:13721
86.38.225.106:2221
86.38.225.108:2226
berringtonnews.com
finderunion.com
musicclubcompany.com
/0.015044926305028627.dat
/0.16410464051883017.dat
/0.7619553765651503.dat

# Reference: https://github.com/pr0xylife/Pikabot/blob/main/Pikabot_13.02.2024.txt

103.82.243.5:13785
104.129.55.105:2223
104.129.55.106:13783
45.32.248.100:2226
45.76.251.190:5631

# Reference: https://github.com/pr0xylife/Pikabot/blob/main/Pikabot_14.02.2024.txt

104.156.233.235:2226
108.61.78.17:13783
131.153.231.178:2221
155.138.147.62:2223
172.232.162.97:13783
172.232.189.10:1194
172.232.189.219:2224
198.44.187.12:2224
45.32.21.184:5242
86.38.225.109:13724
95.179.135.3:2225

# Reference: https://cert-agid.gov.it/wp-content/uploads/2024/02/pikabot_15-02-2024.json
# Reference: https://www.virustotal.com/gui/file/bf6df7058875f9bb932ddb5c1af31e9a314cde21ede07c3b5440618d20b8fd59/detection

http://77.245.76.113
globalpanelinc.com
realponti.com

# Reference: https://github.com/pr0xylife/Pikabot/blob/main/Pikabot_15.02.2024.txt

http://85.195.115.20
85.195.115.20:445

# Reference: https://github.com/pr0xylife/Pikabot/blob/main/Pikabot_20.02.2024.txt

109.199.99.131:13721
141.95.106.106:2967
145.239.135.24:5243
148.113.141.220:2224
154.12.233.66:2224
154.12.248.41:5000
154.38.175.241:13721
57.128.165.176:13721
89.117.23.185:2221
89.117.23.186:5632
89.117.23.34:5938
allterra24.com
funredblog.com
introwebllc.com
newssocialwork.com
powerglobalstore.com
realsleeper.com
vendercompany.com
yournutrientsolutions.com

# Reference: https://twitter.com/i/bookmarks?post_id=1762081212124827948

http://103.124.104.22
http://103.124.104.76
http://104.129.20.167
http://204.44.125.68
http://66.63.188.19
103.124.104.22:445
103.124.104.76:445
104.129.20.167:445
204.44.125.68:445
66.63.188.19:445

# Reference: https://twitter.com/reecdeep/status/1762882943549141294

http://103.124.105.208
http://103.124.105.233
http://103.124.106.224
http://205.234.244.112
103.124.105.208:445
103.124.105.233:445
103.124.106.224:445
205.234.244.112:445

# Reference: https://twitter.com/reecdeep/status/1765394275909468327

154.12.236.248:13786
154.53.55.165:13783
158.247.240.58:5632
198.38.94.213:2224
209.126.86.48:1194
45.77.63.237:5632
70.34.199.64:9785
70.34.223.164:5000
84.46.240.42:2083
94.72.104.77:13724
94.72.104.80:5000

# Reference: https://github.com/pr0xylife/Pikabot/blob/main/Pikabot_06.03.2024.txt

topflowersclub.com
yourunitedlaws.com

# Reference: https://www.virustotal.com/gui/file/0c780b7d09a6ec539d5209c42e8031423b8ff23ed2a4702248a67c5f0318e361/detection

http://195.123.210.173
http://195.123.210.250
http://45.150.67.235
/44285,5327891204.dat
/44285.5327891204.dat

# Reference: https://threatfox.abuse.ch/browse/tag/QakBot/ (# 2024-03-24)

105.108.32.227:2078
105.108.32.227:993
105.155.177.133:995
124.149.139.54:2222
154.246.13.166:2078
154.246.189.64:2078
154.246.249.128:2078
154.246.82.173:2078
154.246.82.173:995
154.247.12.253:993
154.247.12.253:995
154.247.162.241:2078
154.247.214.2:2078
154.247.237.145:2078
154.247.237.145:993
154.247.5.62:993
160.176.70.45:995
167.56.121.249:995
167.56.207.201:995
167.56.207.87:995
167.56.66.0:995
167.56.71.240:995
175.10.220.200:4432
175.10.222.136:4432
175.10.223.19:4432
175.13.35.124:4432
175.13.35.49:4432
185.51.171.169:2222
187.170.224.77:995
188.54.71.27:995
189.177.0.136:995
189.177.47.82:995
189.177.83.188:995
190.133.143.235:995
190.134.48.89:995
190.134.52.14:995
193.92.248.35:995
2.49.60.224:2222
2.50.137.96:995
2.50.45.215:22
2.50.45.90:22
2.6.198.137:2222
201.124.218.102:995
201.124.231.216:995
31.117.122.184:2222
31.117.164.92:2222
31.117.25.91:2222
31.117.7.53:2222
39.40.128.22:995
39.40.148.240:995
39.40.162.179:995
39.40.163.25:995
39.40.175.239:995
39.40.180.234:995
39.40.181.3:995
39.40.183.67:995
39.51.186.81:995
41.129.178.57:995
41.250.184.191:995
45.245.101.32:995
45.245.103.58:995
5.163.163.158:995
50.67.6.160:995
69.159.0.252:2222
70.27.138.200:2078
70.27.138.200:2222
70.31.125.101:2222
70.31.125.111:2078
70.31.125.111:2222
70.31.125.174:2222
70.31.125.177:2222
70.31.125.184:2222
70.31.125.20:2222
70.31.125.235:2222
70.31.125.31:2222
70.31.125.53:2222
70.31.125.60:2222
70.31.127.214:2222
75.164.85.121:995
75.90.82.104:995
76.142.23.238:2222
77.105.162.176:995
77.49.51.87:995
77.49.56.209:995
79.107.137.189:995
79.107.151.150:995
79.130.49.211:2222
79.131.125.30:2222
79.131.125.79:2222
82.120.216.108:2222
86.121.139.203:2222
86.225.209.225:2222
86.98.212.14:22
90.52.128.121:2222
91.35.211.80:995
92.177.126.152:2222
92.251.173.191:995
92.97.115.164:2222
94.49.14.17:995
97.118.56.247:993

# Reference: https://github.com/pr0xylife/Pikabot/blob/main/Pikabot_26.03.2024.txt

158.220.95.214:5243
158.220.95.215:5242
172.232.208.90:2223
194.233.91.144:5000
213.199.41.33:13721
64.23.199.206:1194
84.247.157.112:13783

# Reference: https://threatfox.abuse.ch/browse/tag/QakBot/ (# 2024-03-31)

105.103.18.143:2078
105.97.193.91:2078
130.43.22.207:995
130.43.60.51:995
154.246.154.178:2078
154.246.204.189:2078
154.247.228.146:2078
154.247.80.100:2078
175.10.220.47:4432
175.13.33.64:4432
189.177.5.229:995
190.134.136.148:995
217.165.15.163:22
39.40.139.74:995
39.40.151.24:995
39.40.158.94:995
39.40.187.88:995
45.241.37.251:995
45.241.43.95:995
62.1.168.180:995
70.31.125.114:2222
70.31.125.206:2222
70.31.125.224:2222
70.31.125.37:2222
86.185.5.114:2222
92.251.131.147:995
97.118.50.67:993
97.118.60.71:993

# Reference: https://twitter.com/Cryptolaemus1/status/1775560254090072552

chotsolo2nhay.info
countdownx.info
glowchamps.info
mesdemarches.info
oradifitness.info
techhooks.info
wobilya.info
womansmedia.info
yellowbooks.info
loginmlcrosoftonline.wobilya.info

# Reference: https://threatfox.abuse.ch/browse/malware/win.pikabot (# 2024-05-30)

104.45.153.104:8443
13.92.183.218:8443
135.125.124.72:2222
172.232.173.13:2083
172.232.185.9:2222
172.232.186.100:2083
172.232.188.170:2083
172.234.244.189:1194
172.234.250.178:2222
20.67.206.46:443
201.222.146.184:1194
24.199.109.6:2222
4.157.252.211:8443
40.85.178.51:8443
45.76.223.93:1194
94.16.122.250:2078

# Reference: https://threatfox.abuse.ch/browse/tag/QakBot/ (# 2024-06-01)

101.184.153.168:2222
125.239.206.199:995
154.246.228.229:2078
154.246.248.213:2078
167.56.67.81:995
175.10.45.89:4432
175.10.46.187:4432
187.170.72.64:995
187.170.75.34:995
190.134.50.121:995
190.135.209.105:995
193.92.65.11:995
194.219.106.103:995
194.219.215.105:995
2.50.33.176:22
2.50.34.153:22
2.50.34.255:22
2.50.38.57:22
2.50.39.105:22
2.50.4.36:22
2.50.7.121:22
2.50.7.137:22
2.50.7.21:22
201.124.50.186:995
217.165.79.196:22
37.14.238.189:2222
39.40.142.133:995
39.40.148.170:995
39.40.159.20:995
39.40.172.160:995
39.40.174.210:995
39.40.177.113:995
39.40.189.62:995
41.129.161.179:995
41.251.193.48:995
45.241.46.65:995
46.246.181.110:995
46.246.247.138:995
64.229.116.108:2222
69.157.7.219:2222
69.159.0.152:2222
69.159.0.21:2222
69.159.0.52:2222
70.31.125.116:2222
70.31.125.171:2222
70.31.125.221:2222
70.31.125.232:2222
70.31.125.90:2222
78.69.198.113:2222
79.107.155.247:995
79.107.156.73:995
83.213.204.133:993
84.213.214.124:995
86.166.47.91:2222
86.185.5.61:2222
87.110.49.55:995
89.148.139.184:2222
89.148.151.61:2222
96.237.16.249:995
96.70.92.177:465

# Reference: https://threatfox.abuse.ch/browse/tag/QakBot/ (#2024-06-22)

101.200.152.191:46287
102.51.5.67:47820
106.146.239.56:49679
108.87.254.103:36138
111.143.132.167:9985
117.180.92.184:46633
162.74.55.118:4571
167.159.67.2:42455
173.210.161.232:27188
175.10.44.100:4432
194.127.196.112:59762
196.64.171.157:995
196.64.174.125:995
2.50.34.69:22
2.50.37.55:22
212.251.109.161:995
214.9.213.13:12523
218.86.11.123:62100
22.155.219.162:29117
29.119.168.182:51370
39.40.210.126:995
39.40.212.144:995
45.241.42.55:995
45.241.44.65:995
48.220.224.248:32917
54.106.172.208:21101
64.184.233.29:48193
64.229.116.2:2222
69.157.7.226:2222
70.31.125.88:2222
71.182.193.130:5327
73.23.253.56:17393
75.86.4.24:35165
76.55.174.209:2746
80.214.112.151:9618
9.252.189.253:60714

# Reference: https://threatfox.abuse.ch/browse/tag/QakBot/ (# 2024-07-04)

105.108.91.84:2078
105.158.106.197:995
175.10.46.1:4432
175.139.204.138:2222
175.156.109.139:8443
187.170.246.38:995
188.4.193.176:995
188.4.59.14:995
193.92.212.40:995
196.206.85.8:995
196.77.36.25:995
2.50.32.14:22
201.124.100.22:995
201.124.19.156:995
217.165.74.94:22
39.40.129.100:995
39.40.138.21:995
39.40.146.84:995
39.40.152.201:995
39.40.162.118:995
39.40.164.166:995
39.40.164.86:995
39.40.167.160:995
39.40.170.160:995
39.40.174.34:995
39.40.195.127:995
39.40.221.239:995
39.40.230.249:995
39.40.236.248:995
39.40.240.191:995
39.60.177.99:50001
41.129.166.168:995
41.129.187.88:995
41.250.190.189:995
45.241.39.172:995
46.246.153.167:995
46.246.224.242:995
62.1.21.255:995
62.1.232.30:995
62.1.63.185:995
64.229.116.154:2222
64.229.116.37:2222
64.229.116.44:2222
69.157.7.144:2078
69.157.7.144:2222
70.27.138.141:2078
70.27.138.141:2222
70.27.138.15:2078
70.27.138.15:2222
70.27.138.222:2222
70.27.138.96:2222
70.31.125.139:2222
70.31.125.13:2078
70.31.125.13:2222
70.31.125.190:2222
79.107.142.212:995
79.107.150.48:995
79.107.156.160:995
86.190.166.243:2222
89.148.149.203:2222
89.148.151.98:2222

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-08-18)

109.145.252.103:2222
130.43.84.192:995
201.103.144.177:995
222.152.11.124:995
39.40.184.106:995
39.40.202.16:995
39.40.238.240:995
39.60.136.49:50001
39.60.187.197:50001
41.143.52.244:995
46.246.136.148:995
64.229.116.100:2222
64.229.116.207:2222
64.229.116.76:2222
70.31.125.129:2222
70.31.125.154:2222
70.31.125.50:2078
77.49.90.73:995
79.107.136.15:995
82.79.31.204:2222
96.237.16.156:995

# Reference: https://www.virustotal.com/gui/file/cd720ff60e90b72b0ff26648336b6f23d485ee9a4081b3e3cadcd180133c8d17/detection

188.127.237.46:33231
194.62.42.128:33231
213.109.192.31:33231

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-08)

175.10.45.234:4432
175.10.46.164:4432
175.13.33.127:4432
175.13.33.47:4432
193.92.116.175:995
201.103.116.91:995
222.152.66.41:995
39.40.182.51:995
45.245.102.254:995
46.246.145.161:995
62.1.234.127:995
70.31.125.10:2222
70.31.125.234:2078
70.31.125.234:2222
95.68.45.140:995
95.67.9.133:8443
99.232.50.225:2222

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-15)

13.72.110.215:8443
173.187.24.151:995
39.60.128.117:50001
41.143.32.188:995
41.68.74.193:995
64.229.116.116:2222
69.157.7.22:2222
74.14.157.138:2222
85.54.164.99:2222

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-22)

3.78.53.151:443
52.168.85.23:8443
89.110.72.7:443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-22)

109.242.113.81:995
130.43.56.1:995
213.16.241.39:995
39.40.130.137:995
45.245.100.164:995
47.16.76.4:2222
70.31.125.251:2222
70.31.125.73:2222
79.107.154.12:995
81.198.98.61:995
99.231.167.212:2222

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-10-13)

101.184.159.44:2222
154.246.134.205:2078
154.247.57.244:2078
188.4.195.98:995
201.103.69.113:995
212.251.119.99:995
39.40.157.56:995
39.40.187.96:995
39.60.146.233:50001
39.60.164.131:50001
41.129.173.150:995
64.229.116.14:2222
67.71.45.157:2222
69.157.7.160:2222
70.27.138.145:2222
70.27.138.85:2222
70.31.125.218:2222
74.12.125.156:2222
74.235.249.12:8443
77.49.240.1:995
86.185.5.89:2222
90.114.174.146:2222

# Reference: https://www.virustotal.com/gui/file/06390d480bbb40bb5727431a90439164c1467a47210766e525a1b4e98c935dd6/detection

http://103.155.92.95
http://45.144.31.105
http://51.89.115.125
/43976.8238450232.dat
/44364.1129555555.dat

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-11-10)

101.184.137.78:2222
101.184.177.193:2222
108.61.171.180:443
142.181.162.98:2222
154.246.199.159:2078
175.10.44.147:4432
188.4.139.209:995
188.4.205.30:995
188.4.231.170:995
193.92.46.55:995
201.103.20.15:995
213.16.209.247:995
3.1.40.229:443
37.6.55.151:995
37.6.55.86:995
37.6.55.91:995
39.40.133.94:995
39.40.134.159:995
39.40.149.164:995
39.40.153.109:995
39.40.165.181:995
45.241.46.77:995
46.246.155.234:995
62.1.106.250:995
62.1.93.166:995
67.71.30.173:2222
70.27.138.183:2222
70.27.138.232:2222
70.27.138.46:2222
70.31.125.109:2222
70.31.125.131:2078
70.31.125.181:2222
70.31.125.23:2222
70.31.125.69:2078
74.12.14.126:2222
76.142.28.37:2222
77.49.107.169:995
77.49.191.194:995
89.148.132.38:2222
95.216.168.225:25
95.216.168.225:587
95.216.168.225:7071

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-01-02)

138.124.51.162:443
147.50.252.73:443
175.41.161.109:443
20.198.160.6:443
8.140.235.93:443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-01-02)

1.161.94.41:443
1.161.99.29:443
121.209.163.185:2222
130.43.22.126:995
138.207.139.80:443
139.216.164.122:443
140.141.244.100:443
142.247.174.189:443
142.247.190.75:443
142.247.209.40:443
142.247.221.81:443
148.74.227.176:443
149.109.107.149:443
149.75.147.46:443
154.246.44.138:443
159.235.44.62:443
159.235.44.6:443
160.178.165.44:995
172.251.171.170:443
173.160.3.209:443
173.88.109.167:443
175.10.221.49:4432
175.10.223.5:4432
175.13.34.123:4432
176.44.55.31:443
176.44.98.66:443
181.120.25.163:443
184.63.132.209:443
184.66.10.104:443
186.105.106.226:443
186.105.111.253:443
186.105.120.207:443
186.105.123.125:443
187.170.186.235:995
187.213.201.219:443
188.176.179.89:443
188.4.231.116:995
188.4.56.238:995
188.48.102.188:995
188.48.117.73:443
188.48.96.191:443
188.49.53.154:995
188.49.62.200:995
188.49.88.137:995
188.54.101.246:443
188.54.63.176:443
188.54.98.136:995
189.140.14.189:443
189.140.20.179:443
189.140.22.125:443
189.140.29.142:443
189.140.46.18:443
189.140.55.161:443
191.112.29.138:443
191.112.31.144:443
191.112.4.240:443
191.112.7.146:443
194.219.104.67:995
195.74.238.205:995
197.88.224.71:443
197.88.238.71:443
197.91.23.168:443
2.50.46.246:443
2.88.109.42:995
2.88.158.112:995
2.88.158.42:443
2.88.193.149:995
201.194.200.62:443
211.169.158.12:443
213.16.215.171:995
24.158.33.39:443
24.181.50.26:443
24.181.50.2:443
24.190.33.167:443
24.241.8.50:443
32.220.186.30:443
37.107.53.223:443
37.107.53.246:443
37.107.58.210:443
37.107.59.8:443
37.56.96.91:995
37.56.99.216:443
37.6.55.97:995
39.40.136.218:995
39.40.136.8:995
39.40.147.177:995
39.40.151.135:995
39.40.159.5:995
39.40.160.218:995
39.40.167.156:995
39.40.174.148:995
41.141.216.113:995
41.62.208.14:443
45.245.107.219:995
45.245.109.246:995
46.246.213.22:995
46.69.82.56:443
47.158.240.70:443
5.163.174.181:443
5.163.185.66:443
5.163.233.236:995
5.163.241.116:443
50.35.131.14:443
50.35.131.25:443
50.35.131.63:443
50.60.157.40:443
50.61.42.255:443
50.99.8.5:443
62.1.20.135:995
62.1.221.26:995
62.1.222.116:995
64.229.116.242:2222
65.185.148.247:443
66.131.154.213:443
67.191.202.17:443
67.61.157.123:443
67.61.42.235:443
67.71.30.168:2222
67.71.45.170:2222
67.71.45.69:2078
67.71.45.99:2222
68.1.192.196:443
68.102.151.129:443
68.188.148.193:443
69.157.7.15:2222
70.27.138.183:2078
70.31.125.117:2078
70.31.125.119:2222
70.31.125.136:2222
70.31.125.138:2078
70.31.125.164:2078
70.31.125.22:2078
70.31.125.22:2222
70.31.125.250:2078
71.255.230.137:443
71.79.177.75:443
71.88.240.34:443
72.132.174.169:443
72.66.32.18:443
72.66.32.59:443
72.66.32.70:443
73.237.244.188:443
74.12.15.136:2222
75.127.137.158:2222
75.134.201.239:443
75.161.199.71:443
75.161.209.252:443
75.161.247.10:443
75.164.30.216:995
76.164.11.132:443
76.68.7.158:2222
77.49.189.216:995
77.49.243.208:995
77.99.136.235:443
78.166.49.113:443
78.168.2.18:443
78.176.251.137:443
78.73.98.185:2222
79.107.142.160:995
79.107.151.48:995
79.119.43.159:443
79.119.53.100:443
81.213.221.120:443
82.78.26.222:443
83.110.196.152:443
83.110.197.203:443
83.110.223.247:443
84.212.127.234:443
84.232.204.74:443
84.98.228.231:443
85.103.143.76:443
85.104.36.162:443
85.106.24.11:443
85.107.143.6:443
85.110.189.110:443
85.110.190.143:443
85.99.29.195:443
85.99.83.193:443
86.124.47.162:443
86.126.220.210:443
86.126.251.205:443
86.98.18.122:443
88.226.238.218:443
88.228.230.60:443
88.229.252.10:443
88.232.102.233:443
88.232.99.33:443
88.234.24.219:443
88.234.26.154:443
94.49.197.109:443
94.49.201.13:443
94.49.33.9:995
94.49.8.251:995
94.99.41.189:443
95.216.168.225:465
95.216.64.208:13927
95.6.72.229:443
95.76.193.223:443
98.5.43.51:443
99.248.67.170:443

# Reference: https://x.com/G60930953/status/1928302007623827924
# Reference: https://dmpdump.github.io/posts/Possible-Ocean-LotusInstaller-Abusing-MST-Transforms/
# Reference: https://bazaar.abuse.ch/sample/ced7fe9c5ec508216e6dd9a59d2d5193a58bdbac5f41a38ea97dd5c7fceef7a5
# Reference: https://tria.ge/250521-jg4xxafp71/behavioral2

http://194.87.108.94

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-06-14)

103.151.95.174:2222
105.156.110.103:995
109.242.113.18:995
121.209.146.4:2222
130.43.22.239:995
130.43.6.250:995
154.246.12.204:22
154.246.28.120:22
154.246.7.106:22
154.247.122.149:22
154.247.28.115:22
173.187.24.23:995
173.187.25.121:995
173.187.25.146:995
173.187.25.55:995
173.187.25.9:995
176.44.115.163:995
176.44.119.27:995
176.44.122.135:995
176.44.51.78:995
176.44.55.132:995
176.44.59.208:995
187.170.213.104:995
187.170.51.238:995
188.4.199.72:995
188.4.205.235:995
188.49.122.255:995
188.49.58.85:995
188.49.76.191:995
188.49.85.130:995
188.49.90.22:995
188.49.91.110:995
188.52.177.55:995
188.52.184.184:995
189.146.233.179:995
193.92.179.43:995
193.92.232.166:995
193.92.250.206:995
194.118.243.13:995
194.219.251.137:995
194.219.39.205:995
2.88.108.213:995
2.88.110.72:995
2.88.157.123:995
2.88.83.176:995
2.88.86.152:995
2.88.94.239:995
2.88.96.47:995
2.89.27.110:995
2.91.184.1:995
201.103.116.94:995
201.103.78.162:995
201.124.112.137:995
212.251.111.35:995
212.251.62.136:995
23.24.41.225:995
24.188.137.62:2222
37.56.106.1:995
39.40.131.191:995
39.40.136.162:995
39.40.139.205:995
39.40.144.37:995
39.40.145.128:995
39.40.151.69:995
39.40.164.79:995
39.40.166.133:995
39.40.168.178:995
39.40.175.142:995
39.40.175.175:995
39.40.176.82:995
39.40.183.133:995
39.40.184.19:995
39.40.186.30:995
46.246.134.27:995
46.246.143.30:995
46.246.210.158:995
46.246.241.166:995
46.246.250.176:995
5.163.175.108:995
5.163.183.111:995
50.106.3.62:995
50.35.63.195:995
50.46.237.192:995
50.46.255.143:995
50.60.138.108:995
62.1.109.30:995
62.1.144.146:995
62.1.222.131:995
62.1.223.123:995
64.229.116.158:2222
64.229.116.177:2222
64.229.116.58:2222
67.71.30.198:2222
67.71.30.23:2222
67.71.45.148:2222
67.71.45.223:2222
69.157.7.189:2222
69.157.7.21:2222
69.157.7.227:2222
69.159.0.149:2222
69.159.0.205:2222
70.27.138.120:2222
70.27.138.128:2222
70.27.138.134:2222
70.27.138.169:2222
70.27.138.189:2078
70.27.138.189:2222
70.27.138.218:2222
70.27.138.240:2222
70.27.138.244:2222
70.27.138.2:2078
70.27.138.41:2078
70.27.138.63:2222
70.27.138.65:2078
70.27.138.65:2222
70.27.138.69:2222
70.27.138.78:2222
70.31.125.100:2222
70.31.125.144:2078
70.31.125.144:2222
70.31.125.14:2222
70.31.125.150:2222
70.31.125.152:2078
70.31.125.152:2222
70.31.125.162:2222
70.31.125.167:2222
70.31.125.182:2222
70.31.125.18:2222
70.31.125.193:2078
70.31.125.203:2222
70.31.125.222:2222
70.31.125.227:2078
70.31.125.227:2222
70.31.125.238:2222
70.31.125.239:2222
70.31.125.242:2222
70.31.125.33:2222
70.31.125.3:2222
70.31.125.64:2222
70.31.125.66:2222
70.31.125.8:2222
71.187.100.156:2222
74.102.197.54:2222
74.14.29.226:2222
76.66.169.89:2222
76.68.7.231:2222
77.49.195.47:995
77.49.59.201:995
79.107.152.170:995
81.49.67.85:2222
84.212.64.20:995
84.76.193.166:2222
86.133.208.101:2222
86.133.208.15:2222
86.185.5.17:2222
86.190.166.154:2222
86.190.166.160:2222
89.148.131.186:2222
89.148.137.44:2222
90.162.241.102:2222
94.98.39.158:2087
96.242.126.171:2222
98.153.157.146:993

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-07-26)

103.141.50.146:995
105.108.32.34:22
105.96.53.240:32103
109.145.252.38:2222
109.145.253.19:2222
109.181.99.59:2222
142.181.177.77:2222
149.74.105.22:2222
154.246.3.228:22
154.246.71.41:22
173.187.24.139:995
174.92.89.190:2222
176.44.48.186:995
176.44.55.45:995
188.4.206.249:995
188.4.60.216:995
188.49.72.165:995
189.146.162.241:995
189.146.167.13:995
189.228.171.242:995
189.235.176.160:995
193.92.239.215:995
39.40.146.191:995
39.40.151.109:995
39.40.161.234:995
46.246.165.122:995
46.246.166.149:995
46.246.212.103:995
46.246.222.215:995
46.246.244.86:995
51.211.213.23:995
51.211.214.44:995
67.71.30.106:2222
69.157.7.239:2222
70.27.138.201:2222
70.27.138.55:2222
70.31.125.17:2222
70.31.125.208:2222
70.31.125.225:2222
70.31.125.253:2222
70.31.125.34:2078
70.31.125.48:2078
70.31.125.78:2078
70.31.125.78:2222
70.31.125.87:2222
71.187.162.200:2222
72.133.241.6:2083
74.104.205.212:995
76.66.169.248:2222
76.68.146.89:2222
77.49.252.171:995
94.49.37.25:995
94.49.43.20:995
94.49.8.198:995

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-10-05)

101.184.132.71:2222
101.184.172.145:2222
109.145.252.102:2222
109.145.252.219:2222
109.242.116.231:995
173.187.24.194:995
173.187.24.232:995
173.187.25.156:995
173.187.25.18:995
173.187.25.89:995
176.44.118.62:995
176.44.67.235:995
187.170.136.171:995
187.170.167.53:995
187.170.177.19:995
188.4.192.92:995
188.4.81.152:995
188.48.83.169:995
188.54.105.118:995
189.146.255.120:995
195.74.233.114:995
217.165.159.39:22
37.6.52.100:995
37.6.52.87:995
39.40.133.150:995
39.40.153.104:995
39.40.179.239:995
46.246.145.99:995
46.246.236.40:995
5.163.120.247:995
5.163.122.46:995
5.163.185.134:995
50.60.152.89:995
51.211.212.16:995
62.1.22.212:995
67.71.45.64:2222
69.157.7.104:2222
69.157.7.165:2222
69.157.7.180:2078
69.157.7.180:2222
69.157.7.52:2222
69.157.7.55:2222
69.157.7.71:2222
70.27.138.135:2222
70.27.138.170:2222
70.31.125.197:2078
70.31.125.47:2222
70.31.125.7:2222
77.49.53.53:995
79.107.156.181:995
89.148.132.137:2222
91.105.93.128:995
92.187.137.1:2222
92.251.143.8:995
92.59.62.40:2222
94.49.43.74:995
