# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: TA866

# Reference: https://twitter.com/WhichbufferArda/status/1608089945985486852
# Reference: https://www.virustotal.com/gui/file/f8cf2f07b20419758fbeaa23abae285c917df9c4e94a5259679993f8e9f37cab/detection
# Reference: https://www.virustotal.com/gui/file/aebb1578371dbf62e37c8202d0a3b1e0ecbce8dd8ca3065ab26946e8449d60ae/detection

http://141.98.82.254
/blob/8gu4bf.la5z
/blob/is4mlw.suqp

# Reference: https://tria.ge/221227-ktbbsshg51/behavioral1

http://116.202.18.132
/blob/q3k6tk.xi8o

# Reference: https://twitter.com/AnFam17/status/1607477672057208835
# Reference: https://twitter.com/AnFam17/status/1607479956870950913
# Reference: https://www.joesandbox.com/analysis/733720/0/html
# Reference: https://www.virustotal.com/gui/file/00f6b0a064a86b2566643178456211043732edbde4f6a5e9f829791c10e47141/detection
# Reference: https://www.virustotal.com/gui/file/4f9ad8a74aca60bf0cf3750c876313acc1e70d74e07a52dfeb3cb3c21f545b7a/detection

http://185.145.245.124

# Reference: https://www.virustotal.com/gui/file/4f9ad8a74aca60bf0cf3750c876313acc1e70d74e07a52dfeb3cb3c21f545b7a/detection

http://85.208.136.26
/blob/5iqmtn.iq54

# Reference: https://twitter.com/malware_traffic/status/1608673979132436481
# Reference: https://app.any.run/tasks/ceef5e3f-1f42-473b-8c7d-4692dcd117f1/

http://162.33.178.106
noetpode.com
/blob/5mloob.qqvr

# Reference: https://twitter.com/malware_traffic/status/1610385687781449730
# Reference: https://www.malware-traffic-analysis.net/2023/01/03/index.html

noteepad.hasankahrimanoglu.com.tr
/gjntrrm/zznb2o.hgfq

# Reference: https://twitter.com/1ZRR4H/status/1610590795278712832
# Reference: https://twitter.com/1ZRR4H/status/1610590799112159232

http://45.82.176.11
45.82.176.11:443
anydesk-for-desktop.com
aromaindianrestaurantlounge.com
install-anydesk.com
istaller-zoom.com
zoom-for-desktop.com
/blob/hf00ob.u4zc

# Reference: https://twitter.com/ViriBack/status/1610999181459738624

http://165.232.186.202
http://212.23.222.49
http://65.109.161.133
http://79.137.206.68
http://95.214.53.95

# Reference: https://twitter.com/Merlax_/status/1610830108373270530
# Reference: https://pastebin.com/yPBahSAk

http://104.168.32.136
http://107.148.130.121
http://146.70.157.76
http://152.89.196.174
http://167.235.202.111
http://172.86.123.86
http://179.43.142.109
http://179.43.142.142
http://179.43.142.29
http://179.43.142.37
http://179.43.154.157
http://179.43.154.168
http://179.43.154.212
http://179.43.155.136
http://179.43.155.144
http://179.43.156.145
http://179.43.156.151
http://179.43.162.115
http://179.43.162.79
http://179.43.163.118
http://179.43.175.136
http://179.43.175.230
http://179.43.175.34
http://179.43.176.13
http://179.43.176.39
http://179.43.176.54
http://179.43.176.68
http://179.43.176.78
http://179.43.187.233
http://179.43.187.95
http://185.209.160.18
http://185.209.160.99
http://185.223.93.141
http://193.233.234.13
http://193.38.55.7
http://193.42.33.180
http://193.42.33.42
http://193.42.33.73
http://193.47.61.174
http://194.4.49.152
http://217.12.201.112
http://31.41.244.157
http://31.41.244.38
http://34.150.88.233
http://45.138.74.237
http://45.144.30.114
http://45.182.189.195
http://45.66.151.81
http://45.81.39.102
http://47.57.236.111
http://5.182.39.203
http://5.230.73.134
http://5.75.171.154
http://62.204.41.57
http://62.233.50.246
http://62.233.51.95
http://78.46.190.160
http://79.137.194.240
http://79.137.202.78
http://85.209.135.172
http://88.210.12.126
http://89.22.230.175
http://91.202.5.208
http://95.179.136.89
104.168.32.136:443
107.148.130.121:443
146.70.157.76:443
152.89.196.174:443
167.172.69.255:443
167.235.202.111:443
172.86.123.86:443
179.43.142.109:443
179.43.142.142:443
179.43.142.29:443
179.43.142.37:443
179.43.154.157:443
179.43.154.168:443
179.43.154.212:443
179.43.155.136:443
179.43.155.144:443
179.43.156.145:443
179.43.156.151:443
179.43.162.115:443
179.43.162.79:443
179.43.163.118:443
179.43.175.136:443
179.43.175.230:443
179.43.175.34:443
179.43.176.13:443
179.43.176.39:443
179.43.176.54:443
179.43.176.68:443
179.43.176.78:443
179.43.187.233:443
179.43.187.95:443
185.209.160.18:443
185.209.160.99:443
185.223.93.141:443
193.233.234.13:443
193.38.55.7:443
193.42.33.180:443
193.42.33.42:443
193.42.33.73:443
193.47.61.174:443
194.4.49.152:443
217.12.201.112:443
31.41.244.157:443
31.41.244.38:443
34.150.88.233:443
45.138.74.237:443
45.144.30.114:443
45.182.189.195:443
45.66.151.81:443
45.81.39.102:443
47.57.236.111:443
5.182.39.203:443
5.230.73.134:443
5.75.171.154:443
62.204.41.57:443
62.233.50.246:443
62.233.51.95:443
78.46.190.160:443
79.137.194.240:443
79.137.202.78:443
85.209.135.172:443
88.210.12.126:443
89.22.230.175:443
91.202.5.208:443
95.179.136.89:443

# Reference: https://twitter.com/ViriBack/status/1611091230779138072

http://116.202.18.132
http://141.98.82.254
http://179.43.154.212
http://179.43.163.118
http://194.4.49.152
elon-first.com
myada2x.com
myevent22.net
v1477680.hosted-by-vdsina.ru

# Reference: https://twitter.com/0xrb/status/1611241904917876737

http://192.30.243.151
http://216.250.255.148
http://216.250.255.149
http://5.44.251.17
http://5.44.251.20
http://82.115.223.169
http://85.192.49.170
116.202.18.132:443
141.98.82.254:443
162.33.178.106:443
165.232.186.202:443
192.30.243.151:443
193.56.146.6:443
212.23.222.49:443
216.250.255.148:443
216.250.255.149:443
5.44.251.17:443
5.44.251.20:443
65.109.161.133:443
79.137.206.68:443
82.115.223.169:443
85.192.49.170:443
95.214.53.95:443

# Reference: https://twitter.com/suyog41/status/1611326908041682952
# Reference: https://www.virustotal.com/gui/file/ae82c37e4a6ec833aa743244b942033dcdd10f163cc45af519fa693ce035a002/detection

/blob/oay66h.aw7p

# Reference: https://twitter.com/Merlax_/status/1611412523663912961

kukazanatena.co.ke
theabevalle.com

# Reference: https://twitter.com/idclickthat/status/1612268584020971520
# Reference: https://twitter.com/1ZRR4H/status/1612472092326346752

install-zoom.com
virtualbse.com

# Reference: https://twitter.com/1ZRR4H/status/1613275088098304002

bluestacks-install.com
zoom-meetings-download.com
zoom-meetings-install.com
zoomus-install.com

# Reference: https://blog.cyble.com/2023/01/12/rhadamanthys-new-stealer-spreading-through-google-ads/

anydleslk-download.com
install-anydeslk.com
zoom-video-install.com
zoomvideo-install.com

# Reference: https://threatfox.abuse.ch/ioc/1068137/

textedit-notepad.com

# Reference: https://threatfox.abuse.ch/ioc/1068138/

http://164.90.172.224

# Reference: https://www.virustotal.com/gui/file/a2e9a2389faf04b67fbbd6fc71134860a145db7643d88ba312390493d5619302/detection

/blob/jb59sc.rk2g

# Reference: https://www.virustotal.com/gui/file/da16f2574eeab4267e24f416d625ed8ced553ed25bc51f22860ef565fa1c3f92/detection

http://31.41.244.16
/chachacha/ec3wm4.8xb6

# Reference: https://twitter.com/1ZRR4H/status/1614728368334716932
# Reference: https://twitter.com/1ZRR4H/status/1614728371644125187
# Reference: https://twitter.com/1ZRR4H/status/1614821592550326275

http://77.91.122.230
fargonding.store
hughtexeideas.store
mororead.store
rontr.store
montofagasta.store
rontreal.store
slavyanmar.store
toysbrasnovo.store
obs-project.festcommerzblog.com

# Reference: https://twitter.com/IronNetTR/status/1615757537273315365
# Reference: https://github.com/IronNetCybersecurity/IronNetTR/blob/main/ironradar/rhadamanthys/ironradar_1d_rhadamanthys_2022_1_18.csv

152.89.198.59:443
157.254.194.23:443
172.105.5.70:443
179.43.142.40:443
179.43.156.132:443
179.43.175.114:443
179.43.187.233:3306
185.209.160.43:443
185.225.74.144:443
185.225.74.200:443
185.81.68.104:443
memtromeds.com
moosdies.top

# Reference: https://twitter.com/DonPasci/status/1616428435550740482

sourcegimp.com
sourcsegimp.com
soursegimp.com

# Reference: https://www.virustotal.com/gui/file/c27d7174b52a423cdd51187de5c53bd0f3dfebbc76f92575864f3ba4abf2f012/detection

http://79.137.197.29
/rfbqtotg/Dpcejhz.bmp

# Reference: https://twitter.com/crep1x/status/1623394701456859137
# Reference: https://tria.ge/230208-kpd7wshc6t/behavioral2
# Reference: https://www.virustotal.com/gui/file/b2a3e00ad2ee588b552137c94d5f3a4611c2f40d0be23ef6b6b12227baa24ae4/detection
# Reference: https://www.virustotal.com/gui/file/9b6f87d991b04b9eb7c1b5e4bff6b2fff7c8b53156396c1e60ee9523ddd9ece9/detection
# Reference: https://www.virustotal.com/gui/file/04aca53d460d19c73283bcd131e56ccbd4384d5303400dc318d3371b2edba522/detection

http://109.206.243.168
http://144.76.33.241
http://179.43.154.216
http://179.43.154.219
http://78.47.79.11
http://91.215.85.157
193.149.180.103:3301
193.149.180.103:666
/dewight1/colibri.api
/update/nti4ta.3dhh
/nti4ta.3dhh

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Rhadamanthys/Rhadamanthys_Stealer_Panels_10_02_2023.txt

http://179.43.142.71
http://179.43.154.164
http://179.43.176.21
http://94.142.138.26
179.43.142.71:443
179.43.154.164:443
179.43.176.21:443
94.142.138.26:443

# Reference: https://twitter.com/nao_sec/status/1625691518509121537

http://79.137.204.54
/custints/g73lab.id9x

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Rhadamanthys/Rhadamanthys_Panel_scan_16-02-2023_01-03-32.txt

45.137.66.211:443

# Reference: https://twitter.com/BroadAnalysis/status/1630680889771323392
# Reference: https://www.virustotal.com/gui/file/001e6a0bc8566e594f377a33e4d108bba5821e407d38ddd745fe2477ae23a7ff/detection

http://191.101.14.159
/abctop/rfvnq4.co0l

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Aurora_Stealer/txt/Aurora_Panel_scan_02-03-2023_19-30-23.txt

179.43.142.172:443
195.3.223.120:443
195.3.223.218:443

# Reference: https://www.proofpoint.com/us/blog/threat-insight/screentime-sometimes-it-feels-like-somebodys-watching-me
# Reference: https://otx.alienvault.com/pulse/63e3c458fe346cfc050d6880
# Reference: https://www.virustotal.com/gui/file/09c26bfe15d9ac65a9a4a73ccaf20c352d496feecb6a7fd3d5ce3b27d16faeea/detection

http://79.137.198.60
annemarieotey.com
anyfisolusi.com
black-socks.org
bluecentury.org
duinvest.info
duncan-technologies.net
enigma-soft.com
expresswebstores.com
fgpprlaw.com
footballmeta.com
gfcitservice.net
listfoo.org
mikefaw.com
otameyshan.com
peak-pjv.com
repossessionheadquarters.org
samsontech.mobi
shiptrax24.com
southfirstarea.com
styleselect.com
thebtcrevolution.com
virtualmediaoffice.com

# Reference: https://www.zscaler.com/blogs/security-research/technical-analysis-rhadamanthys-obfuscation-techniques
# Reference: https://otx.alienvault.com/pulse/63f63a41659035a81b740554

/blob/vpuu9i.7b4x

# Reference: https://twitter.com/AuCyble/status/1632625549964361730
# Reference: https://www.virustotal.com/gui/ip-address/185.137.235.119/relations

chatgptsinstall.com
exchangecash.online
getchatgptapi.com
getchatgptapp.com
gpt-chat-app.org
gptchatdownload.com
gptchatdownloadpc.com
gptchatdownlod.com
hyperplayofficial.com
inkscapeapps.com
installchatgpt.me
installchatgpt.online
installchatgpt.org
installwebex.com
installwebex.online
lastpass-app.com
lastpassinstall.com
lastpassofficial.com
lastpassofficial.me
lhyperplay.com
metamask-apps.com
officialhyperplay.com
officialschatgpt.com
officialstargate.com
setupchatgpt.com
sketchup-tool.com
snapclhats.com
snapclnats.com
web-ex-app.com
webex-meetings.com
webex.icu
webexsign.com
webexsign.org

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Rhadamanthys/txt/Rhadamanthys_Panel_scan_10-03-2023_23-22-36.txt

193.149.185.118:443
45.77.66.151:443

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Rhadamanthys/txt/Rhadamanthys_Panel_scan_16-03-2023_19-43-54.txt

87.251.67.40:443
91.215.85.157:443

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Rhadamanthys/txt/Rhadamanthys_Panel_scan_23-03-2023_19-17-12.txt

185.225.73.180:443

# Reference: https://www.virustotal.com/gui/file/90bfffe7bfde826f6204ef3546d139b6293d37ef59dbf2cc9d685eb6bb6c8d23/detection
# Reference: https://www.virustotal.com/gui/file/4130ce135fbfab00618f261a0397e88479d2f61e1ed0d09ebcde525439774f3e/detection

/ggkanor/0mv8dc.bqmu
/0mv8dc.bqmu

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Rhadamanthys/csv/Rhadamanthys_2023-04-13_16-24-28.csv

http://108.61.189.120

# Reference: https://twitter.com/crep1x/status/1649067627996672000
# Reference: https://www.virustotal.com/gui/file/58105a9ffb1d4675481d1c945d20630807f9dc2dc3d107a66f2d928125508226/detection

http://104.156.149.126

# Reference: https://twitter.com/g0njxa/status/1645559497987850241

/fredom/YTmeta.api

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Rhadamanthys/txt/Rhadamanthys_Panel_scan_27-04-2023_16-34-09.txt

http://179.43.142.172
http://185.225.73.180
http://45.77.66.151
179.43.142.172:443
185.225.73.180:443
45.77.66.151:443

# Reference: https://twitter.com/powershellcode/status/1678470714024939520

http://185.228.234.189
185.228.234.189:443

# Reference: https://twitter.com/g0njxa/status/1682332969451569153

rhadwikiwwzr6sfzygsr3qh7lwu5ghnaoupxwpsj2xuxjcgcebikh7id.onion
stealerskymtni3tiagmx3pqktjgkm2iigwj6e2touws773emrfjvoyd.onion

# Reference: https://threatfox.abuse.ch/ioc/1146917/

45.81.39.169:8889

# Reference: https://threatfox.abuse.ch/browse/malware/win.rhadamanthys/ (# 2023-08-03)

http://104.156.149.126
http://109.206.240.181
http://109.206.243.168
http://116.202.18.132
http://116.203.136.70
http://143.198.207.43
http://144.76.33.241
http://156.227.6.50
http://162.33.178.106
http://162.33.178.64
http://164.90.172.224
http://179.43.142.201
http://179.43.142.29
http://179.43.142.39
http://179.43.142.40
http://179.43.154.181
http://179.43.154.216
http://179.43.154.219
http://179.43.155.198
http://179.43.155.206
http://179.43.156.145
http://179.43.162.87
http://179.43.176.6
http://179.43.187.95
http://185.209.160.43
http://185.209.160.99
http://185.225.73.180
http://185.246.221.59
http://185.250.205.73
http://191.101.14.159
http://193.233.20.1
http://193.37.70.80
http://193.38.55.238
http://193.42.33.73
http://195.3.223.120
http://198.135.54.147
http://216.250.255.149
http://31.192.237.70
http://31.41.244.38
http://31.41.244.80
http://35.220.153.89
http://40.82.159.41
http://45.12.253.133
http://45.128.234.63
http://45.131.66.61
http://45.15.159.234
http://45.150.65.4
http://45.66.151.81
http://45.82.176.11
http://45.9.74.71
http://46.36.219.3
http://5.206.224.182
http://5.230.73.134
http://62.233.50.246
http://62.233.51.122
http://62.233.51.95
http://65.109.161.133
http://68.183.230.60
http://77.91.122.230
http://78.47.79.11
http://79.110.62.195
http://79.137.204.54
http://79.137.206.68
http://79.137.248.54
http://81.161.229.234
http://85.192.49.170
http://85.208.136.26
http://89.22.230.175
http://91.215.85.157
http://91.215.85.173
http://95.214.53.95
101.99.91.115:443
104.156.149.126:443
107.148.129.135:443
108.61.189.120:443
109.123.252.250:443
109.206.240.223:443
139.28.37.187:443
141.98.11.18:5351
141.98.6.20:2050
141.98.6.78:2205
142.11.215.202:443
144.76.33.241:443
146.190.162.187:443
146.190.228.125:443
159.65.13.48:443
162.0.217.254:443
163.123.142.243:443
164.90.172.224:443
165.22.48.84:443
167.235.139.187:443
176.113.115.86:443
179.43.142.104:443
179.43.142.107:443
179.43.142.23:443
179.43.154.183:443
179.43.154.219:443
179.43.154.224:443
179.43.154.240:443
179.43.154.245:443
179.43.156.141:443
179.43.156.143:443
179.43.162.2:443
179.43.162.87:443
179.43.162.89:443
179.43.162.94:443
179.43.162.99:443
179.43.163.126:443
179.43.175.195:443
179.43.175.197:443
179.43.176.6:443
179.43.187.197:443
179.43.187.201:443
179.43.187.217:443
179.43.187.80:443
185.107.237.56:443
185.17.0.142:4348
185.209.161.81:2022
185.209.162.190:8080
185.224.129.51:8080
185.225.73.181:443
185.242.87.157:443
185.246.222.251:7469
185.246.222.75:443
185.250.205.73:443
185.250.205.73:8080
185.254.37.92:443
185.43.223.200:443
185.99.133.136:443
188.225.35.87:443
193.149.180.103:443
193.233.20.1:443
193.37.70.80:443
193.37.70.91:443
193.38.55.238:443
193.42.32.236:9070
193.42.33.123:443
194.180.48.102:443
194.180.48.19:443
195.133.40.229:443
195.201.37.208:443
195.3.223.214:5130
212.192.246.118:443
212.193.30.57:8080
212.87.204.3:8080
23.106.124.111:443
23.254.167.32:5892
31.41.244.16:443
37.220.87.35:443
45.12.253.133:443
45.12.253.181:443
45.12.253.92:7079
45.128.234.197:443
45.128.234.63:443
45.150.67.45:443
45.153.186.15:443
45.159.188.236:6779
45.159.188.66:6893
45.159.189.31:3047
45.77.32.158:443
45.81.39.169:8889
45.9.74.150:8080
45.9.74.71:443
46.175.150.169:443
5.206.224.182:443
5.230.68.142:443
5.230.73.94:443
5.230.75.236:443
5.75.142.184:443
5.75.168.236:443
62.204.41.88:443
62.233.51.121:443
62.233.51.122:443
77.91.68.146:8080
79.133.180.168:443
79.137.195.45:8080
79.137.197.174:443
79.137.199.193:443
79.137.204.54:443
79.137.248.54:443
80.66.88.72:443
81.161.229.177:443
81.19.140.83:2077
82.115.223.174:8080
84.54.50.158:443
84.54.50.159:443
85.192.49.170:6636
85.217.144.82:443
87.120.88.209:5211
87.251.67.77:443
91.103.252.25:5894
91.213.50.62:443
91.215.85.145:443
91.228.197.254:443
94.131.106.71:443
94.142.138.27:443
95.214.25.203:4033
95.214.27.17:443
95.214.27.198:443
95.214.27.214:443
/blob/hiu6qd.5u17
/blob/swz9lm.1e3k
/blob/u4z70m.ft7e
/bnlib/upc0ac.61j3
/cylook/ki5lbl.zdvr
/logimamonta/LEND.api
/logimamonta/youtube.api
/modlib/o6u3ke.661c
/work/nfw74d.xos1
/84x7k7op.1fspl

# Reference: https://www.virustotal.com/gui/ip-address/5.255.107.172/detection

http://5.255.107.172

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Rhadamanthys/txt/Rhadamanthys_C2_21_07_to_31_08_2023.txt

136.243.177.54:8010
179.43.142.126:6546
185.17.0.221:3709
185.221.67.14:3142
185.225.73.49:4851
185.244.48.109:7314
192.236.147.141:1642
193.109.85.76:6623
208.91.189.147:2905
212.23.221.72:4907
23.152.0.240:7033
45.66.230.106:8748
91.103.252.25:4681
94.156.102.83:4925
94.156.253.150:7546
95.216.58.127:3364
95.217.10.109:7820

# Reference: https://www.virustotal.com/gui/file/717c6d49e4df554a386191492a5b0096dc3d07000de5ed58d2862872ef3b83cc/detection
# Reference: https://www.virustotal.com/gui/file/b904fa91c8949cb19ba7a9b91e87da13cc47facd826f8bf31f71bbd5ce201928/detection
# Reference: https://www.virustotal.com/gui/file/96a42e9c48bdff00a465e584305b5f031510da8e49409e78518022a8ee232304/detection
# Reference: https://www.virustotal.com/gui/file/457175fc2d1304df94e6e411944f188a97f11753991caf80f6e9f15e34d478b4/detection
# Reference: https://www.virustotal.com/gui/file/08f91bf3a2c4bc8e1cbf4c15a19c4d83ce3af95b2c36260e6ace75450ccc5df0/detection

http://172.217.16.206
http://45.12.253.137
connecteds.online
/files/wdssbp/Azaza
/files/wdssbp/Azaza3
/files/wdssbp/Fido
/files/wdssbp/Fido2
/files/wdssbp/GameBoy
/files/wdssbp2/Bronder
/files/wdssbp2/DoomInstaller
/files/wdssbp2/SensApiD
/files/wdssbp2/SensApiE
/files/wdssbp/
/files/wdssbp2/
/wdssbp/Azaza
/wdssbp/Azaza3
/wdssbp/Fido
/wdssbp/Fido2
/wdssbp/GameBoy
/wdssbp2/Bronder
/wdssbp2/DoomInstaller
/wdssbp2/SensApiD
/wdssbp2/SensApiE

# Reference: https://twitter.com/karol_paciorek/status/1703732303367672306
# Reference: https://tria.ge/230918-mx2dhagg7t/behavioral2
# Reference: https://tria.ge/230918-nbz4zsgh4s/behavioral1
# Reference: https://www.virustotal.com/gui/file/1aafbb728f50518d78e14ef7018338f07453a9715f5bc037606ce6c140ee44c3/detection

171.22.28.205:8181
185.244.48.240:3619
194.180.49.48:9715
31.222.238.209:7702
49.13.68.19:6435
79.133.180.126:3886
94.131.112.209:9856
94.156.102.165:443
95.214.55.177:2474

# Reference: https://twitter.com/JAMESWT_MHT/status/1717514680422313988
# Reference: https://twitter.com/reecdeep/status/1727969240756441236
# Reference: https://app.any.run/tasks/cc1a66bf-8b29-400e-967b-9687e2411abb/
# Reference: https://www.virustotal.com/gui/file/28ee2b81591ace7a552b3a921e9efb6128041cdf6634d5570283225ea3db7a20/detection

23.152.0.240:3957
/835a189ccf9d6badf60eacc/6rs81itm.nx5p8
/835a189ccf9d6badf60eacc/oafcpjjl.sp0ps
/835a189ccf9d6badf60eacc/oafcpjjl.sp0
/6rs81itm.nx5p8
/oafcpjjl.sp0ps
/oafcpjjl.sp0

# Reference: https://threatfox.abuse.ch/ioc/1196609/

65.21.101.233:4714

# Reference: https://threatfox.abuse.ch/browse/malware/win.rhadamanthys/ (# 2023-11-10)

http://163.123.142.243
185.170.144.159:6918
185.221.196.69:5127
185.250.45.93:8925
212.23.221.72:7797
31.192.236.94:6642
5.42.65.27:4811
82.115.223.128:9081
87.121.221.145:9271
91.103.252.25:1033
91.103.252.25:1746
91.103.253.174:1199
94.103.94.153:7414
94.156.102.175:443
95.181.173.164:9397
95.214.55.177:1689

# Reference: https://twitter.com/karol_paciorek/status/1727314303752208410
# Reference: https://www.virustotal.com/gui/file/a96d1f994a40cde4bb1bf6f80ce96af5b7e7d934edbb95100ab2fb777f8f2d84/detection

http://185.221.196.81

# Reference: https://research.checkpoint.com/2023/rhadamanthys-v0-5-0-a-deep-dive-into-the-stealers-components/
# Reference: https://www.virustotal.com/gui/file/bb8bbcc948e8dca2e5a0270c41c062a29994a2d9b51e820ed74d9b6e2a01ddcf/detection

104.129.128.188:9537

# Reference: https://twitter.com/g0njxa/status/1743248482750652723
# Reference: https://app.any.run/tasks/616d2fa4-9595-4b0b-be84-dd5580df2fc5/

176.113.115.224:6230
185.130.226.143:6575
kms-full.com
kms-product.eu
kms-product.pro

# Reference: https://threatfox.abuse.ch/browse/malware/win.rhadamanthys/ (# 2024-01-05)

http://217.197.107.138
165.232.87.210:5945
185.209.161.162:19000
193.233.132.95:3699
195.3.223.126:4287
77.246.104.220:3422
91.92.242.217:19000
91.92.249.101:443
91.92.253.159:19000
91.92.253.3:19000
95.214.25.71:1645
95.217.82.39:19000

# Reference: https://twitter.com/reecdeep/status/1745391796706795673
# Reference: https://app.any.run/tasks/877c5718-df46-40e8-af49-4f9c139205ca/

141.105.68.140:9392

# Reference: https://any.run/malware-trends/rhadamanthys (# 2024-01-25)
# Reference: https://www.virustotal.com/gui/file/3cfb7fec43036027f8bde45526ecd6d3d4ee2a51fb6d4476d5cd398ced8a3c17/detection
# Reference: https://www.virustotal.com/gui/file/3778411ff33576685f13f163cac7b3452ea7bdce7caa92924ff5194d4b5d0785/detection

http://212.193.30.32
http://31.220.57.50
amxt25.xyz
motorline.pw
mylangroups.com
8002.motorline.pw
api.mylangroups.com
/CRYPTORPROLIV
/a6ba5b1ae6dec5f7c/
/a6ba5b1ae6dec5f7c/8tkf22v9.ed2jd
/a6ba5b1ae6dec5f7c/j5e4ok98.h44x9
/abctop/oy7xup.thms
/api/59ywc1.5oic
/api/5uwuz3.sr4b
/api/9wcnem.x0vs
/api/CRYPTORPROLIV
/api/mpnz0d.fxbz
/modlib/79q4x9.fkc9
/modlib/8q85xm.zmam
/wgetlist/in60fc.j42a

# Reference: https://twitter.com/banthisguy9349/status/1753719065007239582
# Reference: https://www.virustotal.com/gui/file/b2345de696d1605616e1c5264570288737796e7b39dfa176d882d96b47e4bede/detection

http://185.216.70.80
185.216.70.80:1799
/5ceebbbb9bccc4449a/b42ta04b.sp33o
/5ceebbbb9bccc4449a/
/b42ta04b.sp33o

# Reference: https://twitter.com/h2jazi/status/1758507658791862627
# Reference: https://www.virustotal.com/gui/file/5cb65b469023dcc77ede21c66a753fa9cbe67597aae142958fce4936ce3974aa/detection

185.23.108.220:6339

# Reference: https://twitter.com/doc_guard/status/1760295318808121348
# Reference: https://www.virustotal.com/gui/file/1c7476c33f0d56e970dbfad87da96739d74bbd1928c4a044715ea75f61e72192/detection

whitemansearch.shop

# Reference: https://twitter.com/ViriBack/status/1769336570459386268
# Reference: https://twitter.com/ViriBack/status/1769340643883581816
# Reference: https://www.virustotal.com/gui/file/098318e3517c6d2f526bc6aaccb02a5f37fb615069b1656b5ba176dd6385a581/detection

http://185.172.128.170
wexe.ink

# Reference: https://www.malwarebytes.com/blog/threat-intelligence/2024/03/new-go-loader-pushes-rhadamanthys
# Reference: https://www.virustotal.com/gui/file/bea1d58d168b267c27b1028b47bd6ad19e249630abb7c03cfffede8568749203/detection

151.236.21.128:4738
192.121.16.228:22
astrosphere.world
puttyconnect.info
zodiacrealm.info

# Reference: https://twitter.com/r3dbU7z/status/1772940912919740719
# Reference: https://www.virustotal.com/gui/ip-address/188.40.171.105/relations
# Reference: https://www.virustotal.com/gui/file/1910a3ea0c95c9a15e6695eaff4c1c4a71ad7440a56fc4df893ea506146661e8/detection
# Reference: https://www.virustotal.com/gui/file/8568a043bbf74369e69ddc8d59d78f10260810e4b551ab4b0284106f3cfbbbd3/detection

45.147.199.21:2314
bedispio.wiki
cilyseyann.org
daikenn.club
inatekrin.ink
keauniolas.org
ndsikapher.cloud
sarianarg.com
winoxarl.pro
zahogon.vip
zesteka.pro

# Reference: https://www.malwarebytes.com/blog/threat-intelligence/2024/03/new-go-loader-pushes-rhadamanthys
# Reference: https://otx.alienvault.com/pulse/66017db30442d5ba6d624260

arnaudpairoto.com
/onserver3.php

# Reference: https://www.proofpoint.com/us/blog/threat-insight/security-brief-ta866-returns-large-email-campaign
# Reference: https://www.virustotal.com/gui/ip-address/37.1.212.198/relations
# Reference: https://otx.alienvault.com/pulse/65a98e9c335df7bc26b4d81a

http://37.1.212.198
mycasemembers.icu
scanner-ip-adv.com
tradingviewapp.icu
tradingviewapp.sbs

# Reference: https://www.virustotal.com/gui/file/0b2fe8188163d143a4c7fe09ce892dcf45fe0e43ca869ec8e65cca020ee06cb2/detection

http://77.221.137.22
77.221.137.22:443
/a8bdd0312f3daae757dcbbe2/s7gxggiw.fsc1l
/s7gxggiw.fsc1l

# Reference: https://www.proofpoint.com/us/blog/threat-insight/security-brief-ta547-targets-german-organizations-rhadamanthys-stealer

indscpm.xyz
94.131.104.223:443

# Reference: https://twitter.com/K_N1kolenko/status/1779788792552906932
# Reference: https://www.virustotal.com/gui/file/c829be0e78641329583de11672027a67cb3fc2ba31059e258a87001953b8f4ac/detection
# Reference: https://www.virustotal.com/gui/file/4d7ff7ef62614937e0cbebbd3f454a1df8f1752788a29709a1256d78393c0662/detection

185.234.216.132:2130
/5cd712a757a55321d4/ecvfk21e.20bg8
/5cd712a757a55321d4/dpddjk53.13lbs
/dpddjk53.13lbs
/ecvfk21e.20bg8

# Reference: https://twitter.com/x3ph1/status/1765502001469636955
# Reference: https://tria.ge/240306-z2rq3sae4y/behavioral1

91.92.251.50:3399
viewdocsfile.xyz
hv.viewdocsfile.xyz

# Reference: https://twitter.com/johnk3r/status/1790387254315118707

opensun.monster
stand-dog.com
/2704e.bs64

# Reference: https://x.com/malwrhunterteam/status/1813432141486665759
# Reference: https://www.virustotal.com/gui/file/52a1115da23f47ccb3b9f0cb5b96741472e757c833082434ef6f7fe4a39d4d21/detection
# Reference: https://www.virustotal.com/gui/file/03011232c01450af9a42fb5f3954dcb40c36c9ba9ad06d6a213febda03c5bd8f/detection
# Reference: https://www.virustotal.com/gui/file/b940bf46f79be84b95f0cc1718cd020f76ee1a99a64023a859c25f9b53543e76/detection

79.110.49.242:2075
/8f30b20831bade7a2/bmtox8we.0cepo
/8f30b20831bade7a2/63qlt2hh.c7rth
/8f30b20831bade7a2/
/63qlt2hh.c7rth
/bmtox8we.0cepo

# Reference: https://x.com/r3dbU7z/status/1815405709972193765
# Reference: https://www.virustotal.com/gui/ip-address/144.76.48.53/relations
# Reference: https://www.virustotal.com/gui/ip-address/94.130.255.143/relations

afternburner.org
alerstat.org
amorefysuop.pro
bidalopswer.org
brarve.com
brlave.com
coverahug.org
discoverahuge.org
dogpoorse.com
doweoanst.pro
finsthis.cloud
foojerwa.ink
fostoopas.cloud
fostoopas.site
hoopsature.click
imbajodoobveb.pro
mireiaskqans.com
notion.ws
proxybrowse.org

# Reference: https://x.com/r3dbU7z/status/1815738131439632828
# Reference: https://app.validin.com/detail?find=5.9.198.36&type=ip4&ref_id=7210e896344#tab=resolutions

koloosdas.life
iit-consulting.org
macrium.org

# Reference: https://x.com/JAMESWT_MHT/status/1815399555183034464
# Reference: https://app.any.run/tasks/7662f569-af72-4c37-a1ed-f4ef3d14c0a7/
# Reference: https://www.virustotal.com/gui/file/7568695926acc0184a6d8364e55c2fec814fc7800641ae30e8a69a4f2c39e5b5/detection

http://74.119.195.176
109.120.176.41:4394
109.120.176.41:443
74.119.195.176:4443

# Reference: https://www.virustotal.com/gui/file/d94ffbeb0ca3a1ed919281dc57e95cd34064bc053f59ec69d9cdbb5d6a714b36/detection

http://217.197.107.154
/e0bd9c1f4515facb49/m58gpf5u.6eabm
/e0bd9c1f4515facb49/
/m58gpf5u.6eabm

# Reference: https://www.virustotal.com/gui/file/7587be1d73dd90015c6200921d320ff0edcec19d7465b64d8ab8d12767c0f328/detection

http://85.28.47.139
/e0bd9c1f4515facb49/gj28n35o.2n73x
/gj28n35o.2n73x

# Reference: https://www.virustotal.com/gui/file/35a70792a57447358477e5ca678420f14f577ed8e7956c9ee9013b8633d7feac/detection
# Reference: https://www.virustotal.com/gui/file/141ee34a8afb8f5a9d47e4910395bc70098a40ab46eb65bf3fb0b8e7c415c956/detection

176.124.198.186:443
77.91.77.200:443
/e0bd9c1f4515facb49/tcg5blro.3wf1o
/tcg5blro.3wf1o

# Reference: https://www.virustotal.com/gui/file/7a1a58f0b66bc1a1c0920c247f6a150e50bcd28c8c6092e2c65f7c499e1dd40f/detection
# Reference: https://www.virustotal.com/gui/file/209c1b59720cd3e725445eb2b41f6fdc3ce523b88a9d9e5f581118e50dfa6bfa/detection

45.15.159.127:8287
/f530c8c20d51d6283e9594a/1b9n5xj5.5c38n
/f530c8c20d51d6283e9594a/6vox1v1p.ssmgs
/f530c8c20d51d6283e9594a/
/1b9n5xj5.5c38n
/6vox1v1p.ssmgs

# Reference: https://www.virustotal.com/gui/file/d247f757d8b0b96aa59a1d1af2f06677a4bf88d4ec9d9bf2087988159157888a/detection
# Reference: https://www.virustotal.com/gui/file/059b0277ed5bbf9978f41482d69177840201223cd6001788d0de6d3c9ea990a2/detection

http://41.216.183.3
91.92.243.113:3099
/a9f45d765b01a030d5d/cft96hcx.2grjb
/a9f45d765b01a030d5d/
/cft96hcx.2grjb

# Reference: https://research.checkpoint.com/2024/stargazers-ghost-network/
# Reference: https://www.virustotal.com/gui/file/64a49ff6862b2c924280d5e906bc36168112c85d9acc2eb778b72ea1d4c17895/detection
# Reference: https://www.virustotal.com/gui/file/060de3b4cf3056f24de882b4408020cee0510cb1ff0e5007c621bc98e5b4bdf3/detection

147.45.44.73:1488
147.78.103.199:2529
89.23.98.116:1444

# Reference: https://www.virustotal.com/gui/file/1fd5d4bbe948c9c60602392c338ea07fdbe44dea6216013a62c180aea97d2c1f/detection
# Reference: https://www.virustotal.com/gui/file/2003e381ae90e155ee9e413ecb9d696b5e01b0774a619fd72a02d31b85e74177/detection

195.85.250.221:4827
/dd66d96a09e5b9d57/6k1r96p5.g2eon
/dd66d96a09e5b9d57/
/6k1r96p5.g2eon

# Reference: https://www.virustotal.com/gui/file/0977091d893c69b8e301044c06e4f6a8016b4ee4d79c5810c6d21951598aa195/detection
# Reference: https://www.virustotal.com/gui/file/0b0b55d288891d1e995aa5c0a187f86388155156d1075b1279a82b9a33101754/detection

82.115.223.43:25565
82.115.223.93:3869

# Reference: https://www.virustotal.com/gui/file/2812bff1ead67a077addcb6191a223fb213d4382610ba78c30bd410190195dc5/detection

94.156.8.76:4283

# Reference: https://www.virustotal.com/gui/file/1444be93622b4eb94453dc89c3b2d547db6e4a6c45de0f3ad7ccdf19e89ad756/detection

147.45.44.27:2656
/5dc721849275d2052d68b45e/ut5m8tlp.n072k
/5dc721849275d2052d68b45e/
/ut5m8tlp.n072k

# Reference: https://www.virustotal.com/gui/file/4d475ad0c121a381c0997ba4a608c54ad5c5c0e5fe80561cfeab39c15486472d/detection

147.45.44.25:5877
/d36cbb23c68ffaff25/vjj0dpxt.ggr8h
/d36cbb23c68ffaff25/
/vjj0dpxt.ggr8h

# Reference: https://www.virustotal.com/gui/file/2ae394f90549041bd6e745e28feab1eb7b9d3c24128c3dc9782ca4ed2e978d04/detection
# Reference: https://www.virustotal.com/gui/file/0c91e714ce9cead2e439338d29c60619e3328feb2de9ae4e07aab5840b17f8f5/detection

94.156.8.83:4785
94.156.8.85:3195
uploadex.pw

# Reference: https://www.virustotal.com/gui/file/d1458d4c7ecd0cc55ae9927830540bd459157d36023e0b41003a3518add76898/detection
# Reference: https://www.virustotal.com/gui/file/c5ac047b3b5f6742f0eae476426e5819318707594694015b352d217df94f5071/detection

185.125.50.70:1731
/2c51ed20daec0b6c42/4cnct69r.js6ns
/2c51ed20daec0b6c42/ko5nvi8o.d9gia
/2c51ed20daec0b6c42/
/4cnct69r.js6ns
/ko5nvi8o.d9gia

# Reference: https://www.virustotal.com/gui/file/22597d205a140d83e71c3aeea8746b1a874cc8d426894249ae07aa69d0710781/detection
# Reference: https://www.virustotal.com/gui/file/7ea29ccdacab4fddd741533bb17032d011fbed4b46a6b957bbb049f597923907/detection

185.74.255.29:2080
/f2ca4fdf02e2a/6actks26.1x8bf
/f2ca4fdf02e2a/
/6actks26.1x8bf

# Reference: https://www.virustotal.com/gui/file/ba258c42715c601d7fea188f662275e1fb6a665718a96124f8a2be1a5de27d44/detection

94.156.10.37:2036
/efc85e6acdfc3a785/1evgkhav.3ltvh
/efc85e6acdfc3a785/
/1evgkhav.3ltvh

# Reference: https://www.virustotal.com/gui/file/28529afc2b353bdce2236eef5bf274a36d979313c13f46aa8986b3546428a44d/detection
# Reference: https://www.virustotal.com/gui/file/29123023532e125720424f1eb38d0f783ffcf24660c2728a20130d2cedbade16/detection

147.78.103.93:4394

# Reference: https://www.virustotal.com/gui/file/eed6fd889c8f54304bd8ef1da4c5596251f4445925835a36d834575ce687d6cb/detection
# Reference: https://www.virustotal.com/gui/file/88d9096edf055555d97736d8d306b66f7ad4ee5f3b13a68f885480faee80e5ea/detection

http://37.1.214.238
38.180.80.23:1636
/08f40fa940d4d07730cea/stb9aujf.q2gqf
/08f40fa940d4d07730cea/
/stb9aujf.q2gqf

# Reference: https://www.virustotal.com/gui/file/940c4215db10e957a76db5c360a590d894640bc811831ac53a50fe90953c9208/detection

94.156.8.211:2096
/255d808fda21a5/00v7tdtm.gtsv5
/255d808fda21a5/
/00v7tdtm.gtsv5

# Reference: https://www.virustotal.com/gui/file/0500e5ad7e344d32ee26da988aeb30f6344a0c89a68eacce5d6a5683d1fee0e1/detection
# Reference: https://www.virustotal.com/gui/file/17ba2754f7671b6fa7ec2311d45e8874988b6fd65e799a9551bb16a9ce986e7d/detection

159.69.186.28:8914
240506192407915.mar.tari91.shop

# Reference: https://www.virustotal.com/gui/file/5578a78576a35a6a95c8a5372e7d498fd4d2a4d5d7abe7369a14307d578192c6/detection

147.45.68.131:5888

# Reference: https://www.virustotal.com/gui/file/d34f63df04faa6c172ccacc9ac4b7572a28d332e27f2130c7eb2dee9a49a0f04/detection

45.61.137.165:2297
/60e467a6b549721041a09/efv4104h.1i0da
/60e467a6b549721041a09/
/efv4104h.1i0da

# Reference: https://www.virustotal.com/gui/file/52038c38dc147fbb2ae03a8569cf07cb2d1d29c14d7fa30215757afd3076c89a/detection
# Reference: https://www.virustotal.com/gui/file/936e7754b3df49aa5149332aecf193ea1753dc844f63284a25a43363df6d9e1f/detection
# Reference: https://www.virustotal.com/gui/file/4be740b7411f644b92749c5fd9be10b827f885c13690aaf7857a6d58b44e9c8c/detection
# Reference: https://www.virustotal.com/gui/file/9e495b41518154b5c5cb3fff866aa26c894adf164b2639f05ba23bb5e75be5ef/detection
# Reference: https://www.virustotal.com/gui/file/c50326e6b68e807eaf188f95ff6e2a17df11efbfd0936395b452946085b83fcd/detection
# Reference: https://www.virustotal.com/gui/file/f1b77c35dabb24df4429eed471f1846b46e5f25c353bbed277a8a4f0ffef06d6/detection

87.120.84.232:2084
/2b6c01e7a6591d730234fd/cmrdfs08.9h6cm
/2b6c01e7a6591d730234fd/h6h29p5o.tu8eo
/2b6c01e7a6591d730234fd/m82butue.apqnl
/2b6c01e7a6591d730234fd/nwodv9oe.x0oo4
/2b6c01e7a6591d730234fd/rwe52hcc.4w485
/2b6c01e7a6591d730234fd/
/cmrdfs08.9h6cm
/h6h29p5o.tu8eo
/m82butue.apqnl
/nwodv9oe.x0oo4
/rwe52hcc.4w485

# Reference: https://www.virustotal.com/gui/file/53bda0f58bb516a31caeed5a0616648cc0f47233514d3a6c8b8cded2110fa955/detection

94.156.8.156:1886
5.255.117.197:6073
any-data.org
rx.any-data.org
/b67624e7e58bd8c44e0bf769/32i2lnpi.9u8b6
/b67624e7e58bd8c44e0bf769/
/32i2lnpi.9u8b6

# Reference: https://www.virustotal.com/gui/file/f4dde5135d892a3b27afc4a95376e7880eee75c2d0b1b711baf4a9bd93bda187/detection
# Reference: https://www.virustotal.com/gui/file/16bf28c3de807beac1635ac6e78925024379d6d53943ec1dd74a565b4885e150/detection

147.124.221.241:1149
/9c59034ac60846f8/mrx8h4of.prxvo
/9c59034ac60846f8/
/mrx8h4of.prxvo

# Reference: https://www.virustotal.com/gui/file/442dce3fa625e1c45830c63504935e764512a5176ee26f3b0595f09cf9c78a07/detection
# Reference: https://www.virustotal.com/gui/file/d77f17d94ea95f79b848b654e3db77df05cda581b210380143516764f30e3f57/detection

147.45.68.112:3423
/29c9ef0d81fe7ec2a5239/kmja9t4f.063i9
/29c9ef0d81fe7ec2a5239/
/kmja9t4f.063i9

# Reference: https://www.virustotal.com/gui/file/0518892b68d9401cee558e0615322ba2a902d759e36b315a55fe7238aff71d72/detection

185.125.50.38:3034
/739bd3e91cd40ca83/tg.api
/739bd3e91cd40ca83/

# Reference: https://www.virustotal.com/gui/file/6124b3aef8d816372e8e6a4d7bf5452e1752c8689aefac2654e1be8de81149a8/detection

http://94.232.249.139
94.232.249.139:443
/0555b35654ad1656/bkks8cde.s5cev
/0555b35654ad1656/
/bkks8cde.s5cev

# Reference: https://www.virustotal.com/gui/file/53218d2a6a643f61f191b955d34b2e3ada7ea1fe464c3ed44ecf66bbe4c90d9c/detection

94.232.249.140:2025
silentpulse.space

# Reference: https://www.virustotal.com/gui/file/321af007759c75bf0614fae50fcb64c0e64d5e9f148d9a2480fde468f216bfeb/detection
# Reference: https://www.virustotal.com/gui/file/2a8326edeb3ca0debbe32ab0d0a0c36e00ab88aaeb2ec6566592c75d4d6b532b/detection
# Reference: https://www.virustotal.com/gui/file/8924deb5685d7dfda380016b361d3380f4b970858a1410c6c26f419711d5db14/detection

94.156.8.61:5562
/8752b9a6a0c711d/1kseoq27.jhdfj
/8752b9a6a0c711d/
/1kseoq27.jhdfj

# Reference: https://www.virustotal.com/gui/file/06c1138caa402a130fdb039247285891d1e2d17d687aec131c60ab0165f5900b/detection

188.119.112.100:7811

# Reference: https://www.virustotal.com/gui/file/19989f80ebbeb884d3b48f1e83cd433eaff1f2e8bcc98a5c1262d4bf2f44a957/detection

168.119.96.63:6965
240103190656685.mar.tari91.shop
/09ae997ff691fd2fc/for1j5wk.5rlin
/09ae997ff691fd2fc/
/for1j5wk.5rlin

# Reference: https://www.virustotal.com/gui/file/67543d2d1bc9ef32ead244089fa2cd86e4834ccfef7a06637a1896e8686ea725/detection

193.233.132.109:7268
/55eda4145b3ded541/kts5r0mj.id4op
/55eda4145b3ded541/
/kts5r0mj.id4op

# Reference: https://www.virustotal.com/gui/file/90b1fa4e026c28ba9cf5ffb6a4c5889ead247384a9b55cc881a96ff8cd3c1f13/detection
# Reference: https://www.virustotal.com/gui/file/a9fc15804622a1e0cba35575ea7e2245b6bf4f459fb2272bf9c2624cf1c2265e/detection

http://94.156.8.129
185.216.70.91:6327
94.156.8.129:443
/68c8ee7d3c216cd1fa3c/siploou6.qgojr
/68c8ee7d3c216cd1fa3c/
/siploou6.qgojr

# Reference: https://www.virustotal.com/gui/file/b2f74bf89381c3e684b6aa102cfe029cfe5c4f88038920d003321814fc670777/detection
# Reference: https://www.virustotal.com/gui/file/cc50b23f42573a44922f18b0ea76ae8096eafa1cfda126eb4e26503f20729464/detection

94.156.8.225:1647
/3a1d417ab1b4633fb1ae7841/6pqmvpif.tecx5
/3a1d417ab1b4633fb1ae7841/
/6pqmvpif.tecx5

# Reference: https://www.virustotal.com/gui/file/342b579d05db5b5220e63b71df78339efe2c94437c1d18832e66cf52974d2428/detection
# Reference: https://www.virustotal.com/gui/file/5da24471ee10bbface1bbb376fe60fc75bdf677c9c906606fe0d61635496ad28/detection

http://49.13.61.146
49.13.61.146:443
240103190656685.mar.tari91.shop
/09ae997ff691fd2fc/0dj1hnai.ratr2
/09ae997ff691fd2fc/
/0dj1hnai.ratr2

# Reference: https://www.virustotal.com/gui/file/425d4992f51bac167484250968197f5cd0d5ef7c655286dfef05c44723a06a7c/detection
# Reference: https://www.virustotal.com/gui/file/8ea6e5baa67f2bbdcf33e69cab0a78992d9f6d8e8ff2b6c8d053ee9ac416af45/detection
# Reference: https://www.virustotal.com/gui/file/cd2dba4557a92c72e571c6031769621b1f019b32f2f2c3771b07e11612754f55/detection
# Reference: https://www.virustotal.com/gui/file/f90d8200d482bc9cf35a9b64a5bb1da69b3c0f0529c1ebc9d9cff1ef078fe353/detection

147.45.79.165:9621
/b39580502b0cd76c55/5w4gsj2q.af5nl
/b39580502b0cd76c55/vtjgppbt.82r25
/b39580502b0cd76c55/
/5w4gsj2q.af5nl
/vtjgppbt.82r25

# Reference: https://www.virustotal.com/gui/file/074591a5e410d0b4fb1eb9b29a0ea837470341c348ce0b19fc1cd694ce5002bc/detection
# Reference: https://www.virustotal.com/gui/file/0017c10d57b9cb90cf9aba8b1d9085995c841fb65ca3680ebcb9876bfbe8cc49/detection

147.45.44.13:1849
/90a878e6a80b4c105d7a4/ab1g67kh.ou2sb
/90a878e6a80b4c105d7a4/
/ab1g67kh.ou2sb

# Reference: https://www.virustotal.com/gui/file/102c9038f311da53770861f410d59c9bb49f5a94800902a9a7ac173a7321c89b/detection

185.216.70.103:3951
/23fa5e4c813bef61/9wb4gxku.2go4e
/23fa5e4c813bef61/
/9wb4gxku.2go4e

# Reference: https://www.virustotal.com/gui/file/6d38ecc7c7421b3294ece31e257138dba7c1e933d5d4aecac68acd1b0395f7f8/detection

/5cd712a757a55321d4/vas3cqwt.tv428
/5cd712a757a55321d4/
/vas3cqwt.tv428

# Reference: https://www.virustotal.com/gui/file/62ea8ac2927d5de142414964ba812d8fbd18b890569f39d2ed9ef79a538eac49/detection
# Reference: https://www.virustotal.com/gui/file/0b1701a5efd9f0ac27fa5ca8f058ce3a099bc9fd04611c3eb906fbab8f6bacde/detection

http://147.78.103.70
http://94.156.8.232
94.156.8.232:1622
94.156.8.232:443
z-kasino.com
/Zwdfqj12932WFNp/2CWQd71234x/zm1r3c216DFxrtf34213z/
/2CWQd71234x/
/Zwdfqj12932WFNp/
/zm1r3c216DFxrtf34213z/
/c1402fa62dc004/s209r0u5.lrdw9
/c1402fa62dc004/
/s209r0u5.lrdw9

# Reference: https://www.virustotal.com/gui/file/a4d516143d9796db7f937013ec6321699fbc745f20d87b0d9c463773f803c46a/detection
# Reference: https://www.virustotal.com/gui/file/9c94294cce93ccc24ae8b5fdbd0e40872283dff512f651aa801540742a7d22aa/detection
# Reference: https://www.virustotal.com/gui/file/884e2b61f3c5983302018dbd67630d7882e5b0985fa1fd88c521526654560ddd/detection

147.78.103.158:9164
/4464cbf7b7e4c5f57/1g59us79.sq8ti
/4464cbf7b7e4c5f57/
/1g59us79.sq8ti

# Reference: https://www.virustotal.com/gui/file/807f3be1bbb99c0806287883de81b45480a89f6a1841bd71571ca49b6edec5cf/detection

147.124.220.235:5751
/fc60589c694beb0/l02kh86w.la6pm
/fc60589c694beb0/
/l02kh86w.la6pm

# Reference: https://www.virustotal.com/gui/file/195567e33ccb27a635787ffb1f3bd82e880d9dc96b526a6df4a1b4135336bbd0/detection
# Reference: https://www.virustotal.com/gui/file/cace661f64a437760f75f1dc0a4d27ddde7bc0d7131d082baa6ecf95c12c3796/detection
# Reference: https://www.virustotal.com/gui/file/d32800752f254903ea73376bc6c83f5c21d317957f086f8c5b7dc1c1e3264a51/detection

45.77.90.90:2584
/231d3e8d1e3b2d2991/3wma888e.b3sug
/231d3e8d1e3b2d2991/ck4hpiqq.vp2pe
/231d3e8d1e3b2d2991/ll3kcjfm.t205o
/231d3e8d1e3b2d2991/
/3wma888e.b3sug
/ck4hpiqq.vp2pe
/ll3kcjfm.t205o

# Reference: https://www.virustotal.com/gui/file/1d7e535034b97ce822224434275527340ed50c9f3d1682697fd4a8ccfde06a46/detection

147.78.103.128:2118
/e00d19ef9c162f804fafdc43/61gnehbk.p9c7c
/e00d19ef9c162f804fafdc43/
/61gnehbk.p9c7c

# Reference: https://www.virustotal.com/gui/file/0db89dcb32a731ba535ccc4a5f92c1a6d28aaf47707cef8b8164e9f7746092e6/detection
# Reference: https://www.virustotal.com/gui/file/4ae463fc2c0c26e51550cd7d0999811397858232cad471073479b714bdbbed66/detection

141.105.68.140:9392
/720531aa55999f9/MainFlow
/720531aa55999f9/

# Reference: https://www.virustotal.com/gui/file/0085b52ad7a33767afd7604a1a31e19666f5c03623fd33f0a87d7d8762c44bcc/detection

93.123.39.67:2031
/de7de69c81a8945fd/n416bgd3.dd6fj
/de7de69c81a8945fd/
/n416bgd3.dd6fj

# Reference: https://www.virustotal.com/gui/file/38f73590bb0ccb8ce5d4cf6714d07b00c22fe94c43ca29bee7c83f26e279d3b5/detection

91.92.247.20:7206
/c981cfa3ff0e7f967ace7/grhi7ar6.h46ua
/c981cfa3ff0e7f967ace7/
/grhi7ar6.h46ua

# Reference: https://www.virustotal.com/gui/file/acb7082e84d5687566cda40061ce24bb930cf68b9954bf023abb5798e1c3a3ad/detection

80.66.79.88:7691

# Reference: https://www.virustotal.com/gui/file/e61c77eb8d6efcd53a4f606ad4c911932ca90f838354082ebae7250f260bddc9/detection
# Reference: https://www.virustotal.com/gui/file/c34f02d2d0ae81b32ee2ac5128161812a69b798f0d9554207412b51309a0c37b/detection
# Reference: https://www.virustotal.com/gui/file/ad612957cfbcbc6b35d4c99f866c91715acb65f96541c86abbcd019d11f0c2e0/detection

94.156.67.91:6939
/063f04131db66c38e7/qksewsl3.7linm
/063f04131db66c38e7/r5ja48vi.18otd
/063f04131db66c38e7/
/qksewsl3.7linm
/r5ja48vi.18otd

# Reference: https://www.virustotal.com/gui/file/c054e087aebd717a9114793976e36fa9ad0f0b423c62cb972136cdc817c90907/detection
# Reference: https://www.virustotal.com/gui/file/2a4a5dd292f61bc749a25978da5db1f25a1b399a6d739305a5625c9c3c430918/detection

94.232.249.135:8690
/22513b90cc606fc/pal8qjsq.fb5je
/22513b90cc606fc/
/pal8qjsq.fb5je

# Reference: https://www.virustotal.com/gui/file/fefa72d1ece93c77c259c007f83b3e2126188b6106ae2f0de46d0b30e7a2e440/detection

107.189.3.166:1873/e1bb991a5d5d7be581/m0l1adip.7j5ws
107.189.3.166:1873
/e1bb991a5d5d7be581/m0l1adip.7j5ws
/e1bb991a5d5d7be581/
/m0l1adip.7j5ws

# Reference: https://www.virustotal.com/gui/file/d77f22addf2f22fb23de403112ad96a5f34b00eaa168929c876dfbba8f9e65a5/detection
# Reference: https://www.virustotal.com/gui/file/e3163d0270f568156eab48f5a88d4b9f397936105e6f1ec81a3bdebf5957cb5a/detection

95.164.85.120:7272
/57d86f8c23390a/hghxxchl.860j3
/57d86f8c23390a/
/hghxxchl.860j3

# Reference: https://medium.com/walmartglobaltech/rhadamanthys-v0-6-0-automating-config-decryption-06eb0f28b55f

carssell.online
dyk3j10rcxd1av9.xyz
hankirit.asia
kelimzorro.xyz
pdfiso.com
qxugb3qpfpafmlto.xyz
renzoprotocols.co
uaabcvsolwgl.xyz
wanderpics.net
xt6drjp542fz6j7xt.xyz
api.dyk3j10rcxd1av9.xyz
api.hankirit.asia
api.kelimzorro.xyz
api.pdfiso.com
api.qxugb3qpfpafmlto.xyz
api.uaabcvsolwgl.xyz
api.xt6drjp542fz6j7xt.xyz
one.renzoprotocols.co

# Reference: https://threatfox.abuse.ch/browse/malware/win.rhadamanthys/ (# 2024-08-17)

185.209.30.112:9202
188.208.197.140:5906
pastratas.ac.ug

# Reference: https://x.com/ShanHolo/status/1828083266236363185
# Reference: https://www.virustotal.com/gui/file/269f16510e12acc4fdacb0891c605e944cce9845517ec817ea5a06f0c6c362f5/detection

147.124.222.184:7232
foojerwa.ink
yoganesteron.wiki
/2ff7fa032802244/tnvi7gis.n72p2
/2ff7fa032802244/
/tnvi7gis.n72p2

# Reference: https://www.virustotal.com/gui/file/39ccc224c2c6d89d0bce3d9e2c677465cbc7524f2d2aa903f79ad26b340dec3d/detection

147.78.103.162:44480
93.123.39.72:5171
/f0905302a725dad1c/s9hbb0ou.11791
/f0905302a725dad1c/
/s9hbb0ou.11791

# Reference: https://x.com/r3dbU7z/status/1824472050028679486
# Reference: https://www.virustotal.com/gui/ip-address/136.243.209.210/relations
# Reference: https://www.virustotal.com/gui/file/a063acc37f8c2a6df7f3c7d685ca0f9ae0fa5cfce867f124ed425c18dafa95c3/detection

amplosurestob.homes
atlaissian.com
dopsry.ink
gpasoobater.pro
ipcheadoop.pro
loasdpyreasoonjop.cloud
nooaasdzasg.live
roobsadlov.cloud
saprinoduys.ink
shawnydne.org
silobsatewpes.click
simonasoshiop.click
wokodloisa.pro

# Reference: https://x.com/StrikeReadyLabs/status/1830420330541703309
# Reference: https://www.virustotal.com/gui/file/4a9e11f3a1b5b7543f00f4f662b4602c5449c78f7181a139af3b804aa7316006/detection
# Reference: https://www.virustotal.com/gui/file/fd65a36e69c42ab79d3511669560c83de0aad638a178029363aff56afe144911/detection

51.75.171.9:5151
57.128.169.122:4104
/9640d96bbead45f349f3ab9/Xteam1.api
/9640d96bbead45f349f3ab9/Xteam2.api

# Reference: https://x.com/JAMESWT_MHT/status/1831706666087104793
# Reference: https://x.com/StrikeReadyLabs/status/1834412449291706503
# Reference: https://app.any.run/tasks/297f7bcd-3070-4381-9168-561ff6f17016
# Reference: https://www.virustotal.com/gui/file/34918278f6eb6b5e3afa8da406eb3c5a4cc3b7c4a1cee55320fecdbef4e0a463/detection
# Reference: https://www.virustotal.com/gui/file/e0b4e3f7d35c182ca48c49c635138ab343c4415dae32a086ba19c0ecaf41936e/detection
# Reference: https://www.virustotal.com/gui/file/01c3e4114427cce7ab6bf90cfa72164a8cfd37dcadddb69817c31679e12fd263/detection

63.141.252.2:3715
63.141.252.2:3736
deadmunky.nl
/b607677f1d5be7bf651f2/q1bwmeni.33ap7
/b607677f1d5be7bf651f2/
/q1bwmeni.33ap7

# Reference: https://x.com/banthisguy9349/status/1836062997141225964

mexs.xyz

# Reference: https://x.com/crep1x/status/1838884440543465937
# Reference: https://www.virustotal.com/gui/file/b2a9ce1b9474564ed479861222f41161bca44bf584953f5c13348b0d5d3ab8ab/detection
# Reference: https://www.virustotal.com/gui/file/2ffc8acfe1c879ca0b6e411738145814d5205107f52e99a22903c16d55e211cf/detection

http://91.103.140.200
91.103.140.200:443
/3936a074a2f65761a5eb8/6fmfpmi7.fwf4p
/3936a074a2f65761a5eb8/
/6fmfpmi7.fwf4p

# Reference: https://www.recordedfuture.com/research/rhadamanthys-stealer-even-demigods-can-die
# Reference: https://go.recordedfuture.com/hubfs/reports/mtp-2024-0926.pdf

103.148.58.146:5199
103.148.58.151:5199
103.148.58.152:5199
103.173.179.189:443
104.234.167.212:443
107.189.28.160:7705
135.181.4.162:2423
139.99.17.158:443
142.132.161.168:443
144.76.133.166:8034
147.124.220.233:7843
147.45.44.107:443
147.45.44.126:443
147.45.44.143:443
147.45.44.187:443
147.45.44.195:443
147.45.70.184:1525
149.102.143.198:9586
154.216.17.126:4501
154.216.17.181:443
154.216.17.85:443
154.216.18.122:2013
154.216.19.149:2047
162.254.34.46:443
167.88.170.44:443
170.205.38.149:443
172.236.107.96:443
178.22.31.64:443
185.161.251.67:6777
185.161.251.6:5545
185.184.26.10:4928
185.196.10.175:6491
185.196.11.237:9697
185.209.161.207:2421
185.234.216.132:2018
192.30.242.19:9480
192.30.242.44:6581
193.124.205.63:7404
193.143.1.77:1640
193.143.1.77:1641
193.188.20.191:443
193.200.134.94:9880
198.135.48.191:3090
38.180.100.139:443
38.180.188.69:443
45.152.84.68:443
45.159.188.37:443
45.202.35.41:2085
45.61.166.131:443
5.230.67.168:5140
57.128.169.122:443
74.81.56.118:8039
77.221.148.235:443
77.238.245.97:2017
77.238.248.142:443
77.91.78.112:443
80.66.75.110:9176
81.19.131.103:2013
83.217.209.45:5902
83.217.209.52:443
85.209.90.135:443
88.99.62.143:3674
89.117.152.231:443
89.117.152.61:443
89.208.103.86:8537
89.23.103.235:443
92.246.139.134:443
94.232.249.76:443
94.232.249.92:443
95.216.91.91:1614
95.217.44.124:7584

# Reference: https://x.com/banthisguy9349/status/1842512698136793543
# Reference: https://www.virustotal.com/gui/file/04564c481b2b3c094bef173df90782f6fc83bd7a02c028024676ee1036d8fa1f/detection

/97e9fc994198e76/ok9djscw.jxh0g
/97e9fc994198e76/
/ok9djscw.jxh0g

# Reference: https://x.com/JAMESWT_MHT/status/1843729226836648237
# Reference: https://www.virustotal.com/gui/file/5089ec3c865e6c490ee27dff0b7dbe81ff882fbbeebf280c213ed9914ade6848/detection
# Reference: https://www.virustotal.com/gui/file/a83e7ec9997f8e98ae0a3e27c20430d9711215bc71591406688312f8663c7e1b/detection
# Reference: https://www.virustotal.com/gui/file/b4dabf844bceeb5b1fa448549735296b4bdf289f346f960228d52a7a09e35ea1/detection

bemostake.space
rocketdocs.lol
1h982d.bemostake.space

# Reference: https://x.com/malwrhunterteam/status/1844262367355600988
# Reference: https://x.com/malwrhunterteam/status/1848292183419297971
# Reference: https://www.virustotal.com/gui/file/1ca01541cf2d8141f08f18dc2c95e84e9b7e016a1d6cb0f4d21d05480e78677b/detection
# Reference: https://www.virustotal.com/gui/file/49a5952350cbf535bc0d8fd8351acf8113f5ab041cb78e14eb050b16b3106f5c/detection
# Reference: https://www.virustotal.com/gui/file/831b7a08fa6df2d4a1726814a0ade5edb11750bee767c94db2b90347528d46cf/detection

198.251.84.78:6495
filecloudvv235.life
fileclousee533.life
screenpalss.online

# Reference: https://blog.talosintelligence.com/threat-actors-use-copyright-infringement-phishing-lure-to-deploy-infostealers/

139.99.82.239:443
139.99.82.239:6658

# Reference: https://www.virustotal.com/gui/file/1bc2cc52a0a789c84d04a6e2bf3a6ce092bb365e93b27d8a075b90cdf4cfcb5c/detection

83.217.208.134:5675

# Reference: https://www.virustotal.com/gui/file/1103d24428005f23b7c88bdaafc615d1b4ed4320f3554e096712c80dfc4048f8/detection

154.216.19.63:4766
/4ce7d48214581d0e9ece8758/bljd7jsh.rk9oq
/4ce7d48214581d0e9ece8758/
/bljd7jsh.rk9oq

# Reference: https://www.virustotal.com/gui/file/42edc53eec43edfe500967882f8e7f7e787614223466817b25d71565fdf3b49c/detection

154.216.17.46:3673

# Reference: https://www.virustotal.com/gui/file/491057285068c1f71efba4e3dc274aceab23d0c174c8e36e7628267a88e3a523/detection

62.60.154.229:4883

# Reference: https://www.virustotal.com/gui/file/5c1917c63fc09983d5f31cb7278122405f28364b93956a96cf635e52f7381f2a/detection

185.196.8.56:4907
5.252.153.125:4447

# Reference: https://x.com/JAMESWT_MHT/status/1862039746505048119
# Reference: https://www.virustotal.com/gui/file/0949242082c2b9d1335b4116a3beb48762782560add525b894fa2a9aa136bd98/detection

185.196.8.68:9367
11-14hotelmain.blogspot.com

# Reference: https://x.com/TLP_R3D/status/1862605486790521119
# Reference: https://www.virustotal.com/gui/file/d0187a569804b3ba422f2e927efcfbf649cd6a721c8d2be884b59ead1475f264/detection

31.41.244.193:7991

# Reference: https://x.com/TLP_R3D/status/1862605486790521119
# Reference: https://www.virustotal.com/gui/file/c19e8b675ea6a89461d8023c1d68756eea6356b7d4558f293741fa7325e17280/detection

185.234.66.205:4056

# Reference: https://x.com/TLP_R3D/status/1862605486790521119
# Reference: https://www.virustotal.com/gui/file/9508758950052518fbbd72dfcc957f8d30763e8e7e556cf9881d03be798b7074/detection

31.41.244.193:443
94.131.123.94:8252

# Reference: https://x.com/TLP_R3D/status/1862605486790521119
# Reference: https://www.virustotal.com/gui/file/631a2412a411043eb5b571a865fe9d030a5801244e8690ad7a0fee070235cd93/detection

45.87.153.188:1831

# Reference: https://x.com/TLP_R3D/status/1862605486790521119
# Reference: https://www.virustotal.com/gui/file/c3159d554310d51982d1eaa16b3b5b87e8b5bc90598fd4f1749596d8bd8c9e4b/detection

193.124.205.63:7390
/1d7c07d7f0b063/xtt6wabb.8qt3e
/1d7c07d7f0b063/
/xtt6wabb.8qt3e

# Reference: https://x.com/TLP_R3D/status/1862605486790521119

http://103.148.202.31
http://103.20.102.9
http://179.43.171.196
http://185.106.176.178
http://185.196.10.135
http://185.196.8.76
http://185.208.156.152
http://45.150.32.106
http://45.150.32.136
http://45.202.35.162
http://5.22.159.192
http://64.7.199.25
http://87.247.158.115
103.148.202.31:443
103.20.102.9:443
179.43.171.196:443
185.196.10.135:443
185.106.176.178:443
185.196.8.76:443
185.208.156.152:443
45.150.32.106:443
45.150.32.136:443
45.202.35.162:443
5.22.159.192:443
64.7.199.25:443
87.247.158.115:443

# Reference: https://x.com/TLP_R3D/status/1862605486790521119
# Reference: https://www.virustotal.com/gui/file/39e509d2d00f75d6681ae91e5a77324a70969853b50d326aee2966a765a267b7/detection

45.202.35.152:3222

# Reference: https://x.com/TLP_R3D/status/1862605486790521119
# Reference: https://www.virustotal.com/gui/file/504dc704fd2ba043ea2c2b23ba83a202121aac7b4fedebfe74296a16394dca73/detection

45.200.149.30:15556
45.202.35.156:5942

# Reference: https://x.com/TLP_R3D/status/1862605486790521119
# Reference: https://www.virustotal.com/gui/file/73f608926b7cadc48ad656faf26c8ff319cfa9dbfbab6aad6621e44d145c82b8/detection

185.147.124.244:2456

# Reference: https://x.com/TLP_R3D/status/1862605486790521119
# Reference: https://www.virustotal.com/gui/file/7f714d1fe31c0e0b58f6e98c86717c8e62dcf722513de35d25e9f31330d4027f/detection

92.255.85.148:3574

# Reference: https://x.com/TLP_R3D/status/1862605486790521119
# Reference: https://www.virustotal.com/gui/file/5aadbf4040d7821fe13103773317f2424e0dc24e7685ff6f3334a283b874fdfa/detection

104.37.175.221:7575
/1b422f87470a4ca5005/plk6hnkc.rs0vh
/1b422f87470a4ca5005/
/plk6hnkc.rs0vh

# Reference: https://x.com/TLP_R3D/status/1862605486790521119
# Reference: https://www.virustotal.com/gui/file/67213378b7fde5c985f7c1758ad26a1480e3f328ecc6f361240e39359fc142ed/detection
# Reference: https://www.virustotal.com/gui/file/3369e82f4fabd069ac3f0be325ea691a61a450902b699becf6fd93ab52516e98/detection

185.196.11.18:443
185.196.11.18:9367
/ab43097ee4f6e091aed46f79/egwnwtg7.7xr4h
/ab43097ee4f6e091aed46f79/88pw46v5.ki88g
/ab43097ee4f6e091aed46f79/
/88pw46v5.ki88g
/egwnwtg7.7xr4h

# Reference: https://x.com/TLP_R3D/status/1862605486790521119
# Reference: https://www.virustotal.com/gui/file/dc4e6d0d214d0e62dd445a4dbbd875ebd1e895cf834989437956f873f624ec10/detection

185.196.11.18:7257

# Reference: https://x.com/TLP_R3D/status/1862605486790521119
# Reference: https://www.virustotal.com/gui/file/b085058d74dcc62af15c4c52aaa7bc716e7c42617b0109338199d7830adab058/detection

185.208.158.117:1650

# Reference: https://x.com/TLP_R3D/status/1862605486790521119
# Reference: https://www.virustotal.com/gui/file/d09f663a2d0eb8e668be62b0b9fa2d649c3928dde99ecdc5f76c4fc94995533a/detection
# Reference: https://www.virustotal.com/gui/file/c6d23f8e39a10cc03c9f28bc08e0a27a275277c1a767d38ec10735aa975896a5/detection

185.209.162.23:1962
185.209.162.23:443

# Reference: https://x.com/TLP_R3D/status/1862605486790521119
# Reference: https://www.virustotal.com/gui/file/11aaef331823d119378e98bf0ab89217c8de81148ac44f192f6500e771b7db80/detection
# Reference: https://www.virustotal.com/gui/file/23cc51f11fb3d06260787a8347c6bd5103ab8de986d73e00095c5326ef8b02a2/detection
# Reference: https://www.virustotal.com/gui/file/3b4a1126725e6029e56fae177fdf0869594528b7c48d7cde366fcefb946672e3/detection
# Reference: https://www.virustotal.com/gui/file/677b8ff45ebb9486a99aecf8dd2b4b362010573ecc4d0d082eda6a36a7cab671/detection
# Reference: https://www.virustotal.com/gui/file/9deb3a89994c9d207b36dba0469c6fdc68d7a088144f1d7fc83a00bf892ef001/detection

185.196.11.237:9697
193.149.185.109:443
/f002171ab05c7/11expj05.4wccc
/f002171ab05c7/73434jqg.jxviu
/f002171ab05c7/9xqdctgg.ir1fr
/f002171ab05c7/hip4946p.881o6
/f002171ab05c7/
/11expj05.4wccc

# Reference: https://x.com/TLP_R3D/status/1862605486790521119
# Reference: https://www.virustotal.com/gui/file/95e7c2825d5a105294febf85a335d9fdb79bdff77ecea2f4ae4344339396a11e/detection
# Reference: https://www.virustotal.com/gui/file/686366aabba69733ff18ebf79d03e9fd73677eb7c69aaff9a468bbf6b038cdab/detection
# Reference: https://www.virustotal.com/gui/file/676aaaa306c6424ed630fa94cbca0564eb9de3ffc9c12b451beaa69b2be28e16/detection

198.251.84.107:9254
/dc33e47f6acdb4eefe/k190bd7f.hlxtp
/dc33e47f6acdb4eefe/wrgcq32k.7w09v
/dc33e47f6acdb4eefe/
/k190bd7f.hlxtp
/wrgcq32k.7w09v
/73434jqg.jxviu
/9xqdctgg.ir1fr
/hip4946p.881o6

# Reference: https://x.com/JAMESWT_MHT/status/1863143295200764308

b00king.com.ng

# Reference: https://x.com/malwrhunterteam/status/1862635245742223598
# Reference: https://www.virustotal.com/gui/file/9c54c04af9444408bb7439bbfcba5dd1e3af9c654e74f27a4d59c9274c8babe0/detection

185.196.8.56:4907

# Reference: https://x.com/JAMESWT_MHT/status/1865698568256065868
# Reference: https://app.any.run/tasks/87088349-321e-45cc-bf9f-909f1dd503ef
# Reference: https://www.virustotal.com/gui/file/d34b820b8da5cc2e9c33d6b50019aff7eaf9ba61e1f54567c845f8b7fef6a759/detection

http://185.236.228.92
185.236.228.92:445

# Reference: https://x.com/banthisguy9349/status/1866026387368493113

107.189.28.160:19000 
154.216.17.167:19000
154.216.17.46:19000
154.216.20.133:19000
154.216.20.133:4983
154.216.20.204:19000
154.216.20.204:4879
154.216.20.224:19000
154.216.20.224:9773
154.216.20.89:19000
162.254.34.46:19000
185.196.10.135:19000
185.196.11.18:19000
185.196.8.56:19000
185.196.8.68:19000
185.196.8.76:19000
193.124.205.63:19000
198.251.84.107:19000
81.19.131.103:19000
81.19.131.103:4381
83.217.208.134:19000
/2348b54ec82726c89b/9hfirt08.0j81o
/2348b54ec82726c89b/cq6wlswe.fcd2t
/56550f5c2153d/b8rt6fk9.jxflo
/1vp6sfe1.3qdp1
/9hfirt08.0j81o
/b8rt6fk9.jxflo
/cq6wlswe.fcd2t
/rr2fjdbd.7m9po

# Reference: https://x.com/JAMESWT_MHT/status/1868977756635382026
# Reference: https://www.virustotal.com/gui/file/09f8248e67a54fec5a43f9afe0924963a7ab783c16481a2801519c2d14ed8ee1/detection

104.161.43.18:2845
1zf9cygs0q3iviyowq83ddwzwtgf78rh.ngrok.app

# Reference: https://x.com/suyog41/status/1869329098675499282
# Reference: https://www.virustotal.com/gui/ip-address/91.212.166.105/relations
# Reference: https://www.virustotal.com/gui/file/d50ef6dfe673c64ea281f842b3971efeebdf61844fb3bab92f3a77331cd9378a/detection
# Reference: https://www.virustotal.com/gui/file/73f608926b7cadc48ad656faf26c8ff319cfa9dbfbab6aad6621e44d145c82b8/detection

floratranslator.live
floratranslator.ddns.net
/b3ad89898301a3d857946a/r5p0n0t5.vxx0f
/b3ad89898301a3d857946a/
/r5p0n0t5.vxx0f

# Reference: https://x.com/JAMESWT_MHT/status/1869457468268683771
# Reference: https://app.any.run/tasks/9501045c-5bfd-4fe0-8268-6b3d8c991d49
# Reference: https://www.virustotal.com/gui/file/1770daf26ce48b85a1a92a5890b8d290158cf83c24cd033d64232a5fa5c14602/detection

http://87.120.112.91
www.astenterprises.com.pk/ef/ef.vbs
www.tdejb.com/ef/Skifterne.sea

# Reference: https://x.com/JAMESWT_MHT/status/1869667603863736615
# Reference: https://www.virustotal.com/gui/file/1676766aa84245f0c139b5c38772af13b24a16140c7e552fee00c21784952ad2/detection
# Reference: https://www.virustotal.com/gui/file/2d4c300ef566b5b93590ecc1be25a8bd8c14fbc2de0bf5032af67ca31be1e6ea/detection
# Reference: https://www.virustotal.com/gui/file/392604ab2bec909bac2b3ca93504934e7f9d70aa5233d07769154c5a10006a3f/detection

5.35.36.120:7957
solus.today
ebitm.co.uk/salah/wp-includes/assets/ping.php

# Reference: https://x.com/K_N1kolenko/status/1871066835619365345

185.245.105.64:7289

# Reference: https://x.com/JAMESWT_MHT/status/1876905709603889630
# Reference: https://app.any.run/tasks/f9106b5b-cd37-460a-894a-91f873f506ce

185.196.11.217:7257
adminbooking.blob.core.windows.net
/6d5f5120d519e2005/jqrh3upi.r9xlf
/6d5f5120d519e2005/
/jqrh3upi.r9xlf

# Reference: https://x.com/suyog41/status/1878774517407027315
# Reference: https://www.virustotal.com/gui/file/46de7f030e1a91a8549ab0d358cb55453895237ef61c5e84f540efa5ce329ba5/detection
# Reference: https://www.virustotal.com/gui/file/3124f0b02db0da7e65f0dd833bf966063495be392f78d92c0c812ba21dc4703d/detection

floradocs.live

# Reference: https://x.com/lontze7/status/1881618330504851772

alibababet.space
bitcoin4u.store
dirtysocks.phd
firstcoltd.com
floratechnology.live
floratrans.live
rtpneraca69.site

# Reference: https://x.com/JAMESWT_MHT/status/1881642391373005030
# Reference: https://www.virustotal.com/gui/file/30f9628ef1da3569de65c2b70f9ee8e738148952c25860730c3978f246a31f97/detection

66.181.33.65:443
66.181.33.65:5664

# Reference: https://x.com/JAMESWT_MHT/status/1887044731974103292
# Reference: https://www.virustotal.com/gui/file/76b250356e4134b077c2325b72113047f2499b54625a584fa8c908572562b43d/detection
# Reference: https://www.virustotal.com/gui/file/a0295663c005e7515aa5d3ef0af36efbe4fd1dce9fb31609037c4eb0ab68a014/detection
# Reference: https://www.virustotal.com/gui/file/d1fa29e5e267bed728d5a215e5c13cc61ccbf4b75b0e2afe546bf28effbae285/detection
# Reference: https://www.virustotal.com/gui/file/1ae54c1b5ede07c8eac0abd823f52491bcf80565be46ea362b0aac00613947e7/detection

http://89.23.103.39
138.124.53.206:2718
147.45.71.230:41593
194.87.31.237:5000
89.23.103.143:5000
89.23.103.143:5001
89.23.103.143:5002

# Reference: https://x.com/ShanHolo/status/1887095662791004181

dadejsbehdurugovz.lol
dopomogaforukrainepeople247.buzz
dopomoogaw823.world
dopooomogaa247247dopomoga.world
fearkeltlthepomogat.world
homebitlite24.sbs
pomshedhekshe.buzz
rsmemdjsaj.buzz
sadons.online
sadonsgithub.site
somsnanehdhbrth.buzz
vesmpomoshvhs.buzz
vsemdopomoga24na7grazdanam.buzz

# Reference: https://x.com/JAMESWT_MHT/status/1891413090677264779
# Reference: https://www.virustotal.com/gui/file/1ace6a4e90dcba06e63d381e9ec9bd0b5d855d82f00cbb4232aa97597a5d0961/detection
# Reference: https://www.virustotal.com/gui/file/605d3c423ded09d3f91fb86a3389eac14147d61b573429824b9d60d4bf475fbc/detection

185.196.11.201:7257
2-13-25-hotel.blogspot.com

# Reference: https://x.com/salmanvsf/status/1892131569806299520
# Reference: https://www.virustotal.com/gui/file/609a86b92de9f0152066f1e5422e519d2b200f3f9bf0ae224a0ccd2022e972e0/detection
# Reference: https://www.virustotal.com/gui/file/b1dab04cc0e3a975dbd6fb815ad87f3401f039676c2c64667735a6e7d03ef6dc/detection

103.108.66.218:8879

# Reference: https://x.com/skocherhan/status/1892062428269081020
# Reference: https://www.virustotal.com/gui/file/83fa16f72c36b0003cdc4dd717f6da1f3a4526b3ab5300f6a1df9a7a304e4946/detection
# Reference: https://www.virustotal.com/gui/file/224a7155f8fe52dac59f0176ca5c0a85a0faece8383dddf34d88b2b6e065a68e/detection

93.88.203.13:5000
93.88.203.13:7001
feb-13-25-cpa-only.blogspot.com
feballcpa2025.blogspot.com
manachutiya2025.duckdns.org
manachutiyagandonew2025.duckdns.org

# Reference: https://x.com/skocherhan/status/1893291986519572789
# Reference: https://www.virustotal.com/gui/file/6040d0533be2cf1f3da0f2b2657c4caa496e665f4c8f1c57634053070c530779/detection

176.65.134.127:4889
45.125.66.252:443
supportappme.com
/9791c7440f275517fcd8f6/hghaoj4o.mbvai
/9791c7440f275517fcd8f6/
/hghaoj4o.mbvai

# Reference: https://x.com/1ZRR4H/status/1894844136454529367

185.196.11.46:3340

# Reference: https://www.seqrite.com/blog/unmasking-grasscall-campaign-the-apt-behind-job-recruitment-cyber-scams/
# Reference: https://www.virustotal.com/gui/file/b63367bd7da5aad9afef5e7531cac4561c8a671fd2270ade14640cf03849bf52/detection

45.129.185.24:1896
rustaisolutionnorisk.com
/22c0d31ace677b/digpu6k5.xditc
/22c0d31ace677b/
/digpu6k5.xditc

# Reference: https://x.com/malwrhunterteam/status/1897999690810966528
# Reference: https://www.virustotal.com/gui/file/60c30c405411231afd4b9bb14e145a3ef7f80fedabe1da90ca161f32e7159ab0/detection
# Reference: https://www.virustotal.com/gui/file/e19625c4c8e18a63235e872ccee0a2291c5b40aa535cab21e8ef8091ccf12641/detection

135.181.181.109:2595
195.82.147.72:3499

# Reference: https://x.com/malwrhunterteam/status/1897999690810966528

usernetid.com
api.usernetid.com
/8db5b1425c52a4ca5fd9/uvvmvkni.ln8gh
/8db5b1425c52a4ca5fd9/
/uvvmvkni.ln8gh

# Reference: https://www.virustotal.com/gui/file/076ca7150777c3c1d8a9d3c2d56525f78dd77c4fb06118635fbfde1a93a10e4b/detection
# Reference: https://app.validin.com/detail?find=MW325R&type=raw&ref_id=8d207c8aa7a#tab=host_pairs (2025-03-02)

updateubuntu.com
api.updateubuntu.com

# Reference: https://www.virustotal.com/gui/file/58a0d36aa8594bbe16e635f8c4ddefc990d040220c964b981af84111fc75a0ce/detection
# Reference: https://www.virustotal.com/gui/file/5565dfd01e83091015a6324c1f045b3120584cbf998b51075448e29f1f9deac7/detection

185.33.87.209:2637
/18e4b46e0a73729f/ivjmmeoe.aw1cj
/18e4b46e0a73729f/
/ivjmmeoe.aw1cj

# Reference: https://x.com/salmanvsf/status/1901891226322014623
# Reference: https://www.virustotal.com/gui/file/7158d0d349116ab884f6396466d378dd31fd2d2db28243e0272452d70f9c822f/detection

147.124.219.157:3243
147.124.219.157:443

# Reference: https://www.virustotal.com/gui/file/23be6128d09cf14d356eb1bb653624155b636cb089bbb7cfe689c2971d610cfd/detection

185.208.158.7:9355

# Reference: https://x.com/JAMESWT_MHT/status/1902731923186737389
# Reference: https://app.any.run/tasks/934fb7f2-78a8-42cc-b78f-622c392a54c6

104.37.172.175:1057
104.37.172.175:443
51.79.188.221:56001

# Reference: https://x.com/tosscoinwitcher/status/1903152024923115746
# Reference: https://www.virustotal.com/gui/file/79212a76f167cf5628a51517f503531daf063d04f0aa5e115b5671121d1ac052/detection

/20b914549e22319594/xqi18be9.xp6h6
/20b914549e22319594/

# Reference: https://x.com/1ZRR4H/status/1904750322943218098
# Reference: https://app.validin.com/detail?find=7f63a8c0a71a90af8274d42b34c9bd71&type=hash&ref_id=a2caf9091d8#tab=host_pairs (# 2025-03-26)
# Reference: https://www.virustotal.com/gui/file/9632bbed44c3e3a51074fcd3b63ad4322c39a54c92c3c7dc13938cc7c34e639c/detection
# Reference: https://www.virustotal.com/gui/file/39705f7bef4ace3fb6f3970c2d954c721b31975f0a6e975bc32a023afd680c6e/detection

23.95.32.229:9743
alfa-communication.com
astriia.com
playshowdown.xyz
playswd.xyz
playswdbtc.xyz
showdowngame.io
swdbtc.xyz
swdgame.xyz
/f96fa30b9bc142e9d5c/ie2scj3f.m2e4b
/f96fa30b9bc142e9d5c/
/ie2scj3f.m2e4b

# Reference: https://x.com/malwrhunterteam/status/1905204544029483058
# Reference: https://www.virustotal.com/gui/file/a63060468bd709eff8ab35c0cf0abab5b1e4818e189f00dd1338b52307715ec8/detection
# Reference: https://www.virustotal.com/gui/file/39c0b0e85410bdd8517ca23f94a960d0f79fa1c99fa7185c8d67dec0bf981f5f/detection

5.180.30.120:4016
xiaomi-sync.com
/f6dc68640e717e025e93/ulqg22vr.d8inn
/f6dc68640e717e025e93/
/ulqg22vr.d8inn

# Reference: https://x.com/SquiblydooBlog/status/1920065836779462705
# Reference: https://x.com/James_inthe_box/status/1920163408990908539
# Reference: https://www.virustotal.com/gui/ip-address/185.40.86.132/relations
# Reference: https://www.virustotal.com/gui/ip-address/91.220.8.106/relations
# Reference: https://app.any.run/tasks/c9759b61-3e1e-4f14-be82-8482100b97a2
# Reference: https://www.virustotal.com/gui/file/aec4e5e79e5690c6f8f97334da9aa9898fb5ea68c6458efee70a45a88863c925/detection

cloud-acer.pro
xiaomi-sync.shop
zoom-meeting-conference.com
sftp.xiaomi-sync.com
smb.xiaomi-sync.shop

# Reference: https://x.com/RacWatchin8872/status/1905402246566666490

http://77.239.96.51
ypp-studio.com

# Reference: https://x.com/netresec/status/1911755970415391204
# Reference: https://x.com/naumovax/status/1912085949879644473
# Reference: https://www.virustotal.com/gui/file/e35b505de844f1c473307ae7fc372ca4eb9baa6c7eb4026fee7c49c8aa50f51c/detection
# Reference: https://www.virustotal.com/gui/file/4c21b40c94fcd13b60b99ef1e4f372126a86e6f526c6cc134f205794c4357bd7/detection
# Reference: https://www.virustotal.com/gui/file/06989b502e0cadb46535def4eb7ec5032ff49134ad1fabc4d0d7f5d4ab7da967/detection
# Reference: https://www.virustotal.com/gui/file/3cb57f7e67ee1985e513f6e591fe143c1b8b2d0178f06e39e39da1e0f51484d4/detection

185.40.86.132:7705
/d39b1f1167408636e0ae1fed/mo7v9dps.bdv6q
/d39b1f1167408636e0ae1fed/
/mo7v9dps.bdv6q

# Reference: https://x.com/SquiblydooBlog/status/1920065836779462705
# Reference: https://www.virustotal.com/gui/file/2dbf5ed2c82bcee9a3f7993d512cefef781f2f0472273c94ac310a83ff65efa1/detection
# Reference: https://www.virustotal.com/gui/file/de1571f8e87faed7d1fd7a9cbf0dd337057a554739830164d626ae2c716aebcd/detection

185.40.86.132:7005
/d39b1f1167408636e0ae1fed/5j9er6fp.pw49i
/5j9er6fp.pw49i

# Reference: https://app.validin.com/detail?find=Responsive%20Portfolio%20Website&type=raw&ref_id=3a40fcda49f#tab=host_pairs (# 2025-05-07)

0ctf.net
108.61.207.182.nip.io
21.dontkillmyapp.com
aadityaray.com
aasthamahapatra.tech
abdelhadi-portfolio.netlify.app
abdelmoneim-benaicha.tech
academynaimoun.dz
acat-portfolio.pages.dev
adarshrajghimire.com.np
adeeteeh.com
adri-portfolio.duckdns.org
akmalikhsan-responsiveweb-portfolio.pages.dev
alanarthur.net
aliasiri.com
alicewebdesigner.altervista.org
anantakandel.com.np
anas-arif-01.github.io
ankitsinghrathore.com
api-facebook.pro
api.blog-mi.pro
api.webacer.net
api.xiaomi-sync.pro
aryan.anantakandel.com.np
asus-helpmecenter.com
asus-web.com
ateaautret.eu
azami.thevos.jp
besi94.ch
bibekbhasinkshrestha.com.np
blog-mi.pro
blog-mi.shop
blog.haut.vip
ceshi5634.xyz
cloud.xiaomi-sync.pro
cloudflare-1k8.pages.dev
codefactory.live
constania.info
coul.top
cv-github-io.pages.dev
cv1-github-io.pages.dev
dustinbehnke.de
eversayno.xyz
facuerhardt.github.io
fiqi.dev
flavien-alonzo.fr
flawlessdelvs.pages.dev
ftp.alicewebdesigner.altervista.org
ftp.lenovo-sync.com
ftp.rutiglianojoele.altervista.org
ftp.share-facebook.shop
ganesh-portfolio.pages.dev
harckhan.netlify.app
harpreetdawar.com
haut.vip
hemant.vercel.app
hiivarun.in
huawei-blog.com
jewhearts.com
jl-9ro.pages.dev
jony-dev.netlify.app
kashisportfolio.pages.dev
kevinlermitte-portfolio.pages.dev
knight.uxiaod.com
kt-network.cn
laela.noc-gpm.xyz
leadclickzhosting.com
lenovo-sync.com
liangyinstar.cloud
lumnix1115151451.xyz
mail.sophia.codefactory.live
mail.yeshiworkgeorge.com
martin-mohammed.com
mcifald.com
me.yuzaoyah.site
menghongdao.com
mi.coul.top
minakrv.netlify.app
my-portfolio-4zh.pages.dev
my-portfolio-58q.pages.dev
my-portfolio-9yv.pages.dev
my-portfolio-website-8zz.pages.dev
myself-h3e10.kinsta.page
nehal4.netlify.app
nirajan.pages.dev
omaralakel.pages.dev
ou.coul.top
pers-26k.pages.dev
personal-portfolio-snowy-chi.vercel.app
personal-website-01t.pages.dev
pglocalservice.com
portfolio-67g.pages.dev
portfolio-e9s.pages.dev
portfolio-euy.pages.dev
portfolio.moabdurrakib.com
portfolioabdelbasset.pages.dev
potfolio-zk8.pages.dev
profile.coul.top
responsive-portfolio-websit-gtdk3.kinsta.page
rifakath.techylens.com
robinzhaopx.com
rokib.pages.dev
rokib.tech
ruthikaportfolio.pages.dev
ruthiportfolio.pages.dev
ruthiportfolio05.pages.dev
rutiglianojoele.altervista.org
ryan-djebbar.fr
sabby.vercel.app
salmi-zakaria.com
saran-portfolio-page.netlify.app
sftp.api-facebook.pro
sftp.blog-mi.shop
sftp.sync-facebook.com
sftp.xiaomi-sync.com
sg3.teknologibangsacerdas.com
share-facebook.shop
shekharshashank.in
shetype.com
shiamip.pages.dev
silly-mahavira-65d3e4.netlify.app
smb.sync-facebook.com
smb.xiaomi-sync.pro
smb.xiaomi-sync.shop
sophia.codefactory.live
ssh.api-facebook.pro
ssh.lenovo-sync.com
ssh.share-facebook.shop
ssh.sync-facebook.com
ssh.xiaomi-sync.shop
staging.kirankatuwal.com.np
stellajimenez.com
still-production.com
sync-facebook.com
sync.blog-mi.shop
sync.xiaomi-sync.pro
technoleg.online
the-coder-ahmed.pages.dev
tvx.mobi
vrccoin.site
webacer.net
wondrous-bunny-9c59a6.netlify.app
xbuzztech.site
xiaomi-sync.com
xiaomi-sync.pro
xiaomi-sync.shop
yaniszf.my.id
yasanga.me
yeshiworkgeorge.com
yunse.dev
yunsecode.com
zackym.com

# Reference: https://x.com/skocherhan/status/1924814510436618495
# Reference: https://www.virustotal.com/gui/file/9d2eb97d89a1d979bf2a57aedf8c1ff77cd934895d890fc45686d547ca0faf11/detection

104.245.240.4:1792

# Reference: https://x.com/Threatlabz/status/1925228814503952444

107.189.28.160:4096
/HbTaQwW5z38xHKTdU6J2SRpwSzq9kzhg/5dw66tsl.h19u5
/HbTaQwW5z38xHKTdU6J2SRpwSzq9kzhg/
/5dw66tsl.h19u5

# Reference: https://www.virustotal.com/gui/file/0b2746c3bff6cbeef1575a377f41d95cd100e50ec818a935655a7646ac985633/detection

154.81.179.131:9645
/73a997a43140cbc86fa65e/8xd79oqk.0uunf
/73a997a43140cbc86fa65e/
/8xd79oqk.0uunf

# Reference: https://x.com/skocherhan/status/1931046796714967480
# Reference: https://www.virustotal.com/gui/file/ed03d68d1696cca4c7e5345f3abbb856762e7c24923bc8f9eb68924c53af1832/detection

65.109.160.160:4433

# Reference: https://www.virustotal.com/gui/file/357829b06c1c185e44efa729dd8671487a43778a3be1b6f46c7956f4d4cb49e2/detection

104.37.175.218:7982
/da03ab84e7f8187e6/v3iuaiea.tsf2o
/da03ab84e7f8187e6/
/v3iuaiea.tsf2o

# Reference: https://www.elastic.co/security-labs/taking-shellter
# Reference: https://www.virustotal.com/gui/file/ff5ba6ae965654b8838ff39ab28395296e7805d1790988c4ec9e1565e17ea801/detection
# Reference: https://www.virustotal.com/gui/file/c865f24e4b9b0855b8b559fc3769239b0aa6e8d680406616a13d9a36fbbc2d30/detection
# Reference: https://www.virustotal.com/gui/file/68a71f74c21e542a7594c8e883adf4f6eee036440bdb7773e9bbe03780eba233/detection

http://94.141.123.182
45.138.74.1:5553
94.141.123.182:4133
plotoraus.shop
/gaDERGEteway/3pls2pun.u78t9
/gaDERGEteway/fjgcuo8u.t0caq
/gaDERGEteway/
/3pls2pun.u78t9
/fjgcuo8u.t0caq

# Reference: https://x.com/bluish_red_/status/1940822456492872040
# Reference: https://app.validin.com/detail?type=raw&find=%2FCN%3Dcharon#tab=host_pairs (# 2025-07-03)
# Reference: https://www.virustotal.com/gui/file/bfc55dcd25b2ef66c5be52d67eada7fc143431a1c7d0049b6c2345f74f75ebbf/detection

http://45.153.34.174
/SgDatFeway/smxe0xdr.sah5v
/SgDatFeway/
/smxe0xdr.sah5v

# Reference: https://www.virustotal.com/gui/ip-address/5.35.38.7/relations
# Reference: https://www.virustotal.com/gui/file/02e28e37bc221381afb888f6c4699df1315a3493ead40ecc1d3d610077c555a4/detection

178.20.45.155:3872
5.35.38.7:443
gameforlikaks.top
globaltexp.top
magicdogeh.top
api.gameforlikaks.top
api.globaltexp.top
api.magicdogeh.top
v2795105.hosted-by-vdsina.ru

# Reference: https://www.virustotal.com/gui/file/2c4b10eb957cfedd63ce2fc88c49b4acefd3d25fe8c31a5f151e4b58161b8a56/detection
# Reference: https://www.virustotal.com/gui/file/7f483a420ccdb801418f9c1fd88063668367ff9c886de491f394fac794b04286/detection
# Reference: https://www.virustotal.com/gui/file/3eb1de1edb6da38d9833366ab69b6506ef266a124ae5abdc3900a05a8fb0ac8b/detection
# Reference: https://www.virustotal.com/gui/file/3eb1de1edb6da38d9833366ab69b6506ef266a124ae5abdc3900a05a8fb0ac8b/detection

http://178.20.45.155
178.20.45.155:3872
/76ece4d3ab5c60ead288414/3mlviepo.413xr
/76ece4d3ab5c60ead288414/j01nngp3.cf686
/76ece4d3ab5c60ead288414/l6nh5uuv.c7hhk
/76ece4d3ab5c60ead288414/t852dovi.awtac
/76ece4d3ab5c60ead288414/
/3mlviepo.413xr
/j01nngp3.cf686
/l6nh5uuv.c7hhk
/t852dovi.awtac

# Reference: https://x.com/bluish_red_/status/1940822456492872040
# Reference: https://app.validin.com/detail?type=raw&find=%2FCN%3Dcharon#tab=host_pairs (# 2025-07-03)
# Reference: https://www.virustotal.com/gui/file/3464c59c857e90012b23478e93e95d1d3c58ee788dd801f253d61168c0edc02c/detection

194.164.245.9:6296
89.110.87.119:443
cheperblast.top
deadmonkey.ru
godfatheralive.top
goolagstalinmore.top
managerfjo.top
metafamily.cfd
mfriend.online
shimforfreal.top
shimoneaprel.top
starolymx.com
api.godfatheralive.top
api.goolagstalinmore.top
api.managerfjo.top
api.shimforfreal.top
api.shimoneaprel.top
get.cheperblast.top
/32229be74bbb5ed8/ub59gtuk.niruc
/32229be74bbb5ed8/
/ub59gtuk.niruc

# Reference: https://www.virustotal.com/gui/file/8cff04f47b22b1080899abe5a4aedbb1157f291b5902ddc5390806507818fa8b/detection

171.22.120.227:443
/6519b3d55998bf5e49d571/11kp499q.9esmx
/6519b3d55998bf5e49d571/
/11kp499q.9esmx

# Reference: https://www.virustotal.com/gui/file/4996c632b8b6c5f14e73bb2928e66aa2ed5b3e1be6e7ca9955c2ef45773fbae2/detection

5.180.52.4:443
85.209.157.5:443
85.209.157.10:443
85.209.158.10:443
sftp.aprosgestion.com
/gateway/2jel50b6.amlpi
/2jel50b6.amlpi

# Reference: https://www.virustotal.com/gui/file/85f35708f062078f9ff0b7dc224fe18fdd9b6b7e5b5e0418f3dec2de1361775d/detection

193.233.113.173:443
185.170.154.149:4433
/gateway/mhocu4wc.kstvf
/mhocu4wc.kstvf

# Reference: https://www.virustotal.com/gui/file/90368efed1cb835dcb06176b71d5309dc4c46e414812013ecfc72178ba8498d3/detection
# Reference: https://www.virustotal.com/gui/file/b3e16ccc29fc8bfa6b2788d865fe21abc7c17d5b930268ddb68f126a6d80a70c/detection

lafmhjatioaper.help
/gateway/wx63hdsg.mk9hj
/wx63hdsg.mk9hj

# Reference: https://x.com/bluish_red_/status/1940822456492872040
# Reference: https://app.validin.com/detail?type=raw&find=%2FCN%3Dcharon#tab=host_pairs (# 2025-07-03)

http://91.84.99.97
144.202.41.72:443
149.28.237.131:443
18.188.140.168:443
192.124.178.188:443
195.82.147.73:443
216.250.253.125:443
38.244.193.60:443
45.153.34.129:443
45.153.34.139:443
45.153.34.152:443
45.153.34.175:443
45.153.34.178:443
45.153.34.192:443
45.74.10.124:443
45.74.16.154:443
45.74.16.156:443
5.187.2.166:443
62.3.15.94:443
66.248.206.240:443
77.110.127.54:443
77.239.96.100:443
85.209.156.5:443
91.216.169.19:443
91.84.99.97:443

# Reference: https://www.virustotal.com/gui/file/5195b5e0359d94d709b1bf3e05cb309226617447b989ba0ea86e8896d5965770/detection

89.169.12.138:443

# Reference: https://www.virustotal.com/gui/file/2246feb7c6a79ca7c54b900b01f799b184aa9e0f156c0b3c775fba4ce880c642/detection
# Reference: https://www.virustotal.com/gui/file/945336ea9a5aa86b985dfbfbbe1c381099ecfcb6da10f2742fcdd29475907801/detection
# Reference: https://www.virustotal.com/gui/file/d7bc381eef47591c2f1a4052bf87f37fcca072f393a9142c8d8e46a4922cea6f/detection

http://89.169.12.140
/gateway/9ns74a2g.2g2nc
/9ns74a2g.2g2nc

# Reference: https://www.virustotal.com/gui/file/88d1186ae755d6044ea9e64371300ab0a523bbc9ba8b4cc38cda57de4c158f59/detection
# Reference: https://www.virustotal.com/gui/file/9529510c3347ed8eb9abd39579314f5501549b37ab1e4c82e76fd038546f65a6/detection

http://62.60.226.194
62.60.226.194:443
/DDFDSSS/ctfplwn8.oo1en
/DDFDSSS/xsjp70np.mslj4
/ctfplwn8.oo1en
/xsjp70np.mslj4

# Reference: https://www.virustotal.com/gui/file/f393d94c657302843222bb609c9667f05bf0e1840dbe7ae2cf69013c09cd5c7e/detection

http://185.170.154.252
185.170.154.252:443
/gateway/ardjqg74.espbm
/ardjqg74.espbm

# Reference: https://x.com/banthisguy9349/status/1969380548427587641
# Reference: https://www.virustotal.com/gui/file/193beb52288d6940b319a340f9e3f58baef16e113381ef1acdb5ccd2b2e1863c/detection
# Reference: https://www.virustotal.com/gui/file/5195e59ef4c5c82a02e37723976a17670f5f1e8b41df868e7d0600d2396e23a5/detection

107.150.0.79:443
/gateway/16crvv1a.d7sga
/gate12837912way/kxulk3af.wnpid
/16crvv1a.d7sga
/kxulk3af.wnpid
/gate2hj45g2kway/lpr307k4.ka879
/gate2hj45g2kway/
/lpr307k4.ka879

# Reference: https://www.virustotal.com/gui/file/ba8d5fe15f61989f663220e6433aa76ebbf6a49ae4f604c5f4cbceb665115751/detection

http://195.10.205.78
/gateway/0ppn39ki.sqtj6
/0ppn39ki.sqtj6

# Reference: https://www.virustotal.com/gui/file/7cf145b7bcae1b31bd67939f116d18b9bbccb9f730658fc4cdc34c0d2a1187be/detection

176.65.142.101:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.rhadamanthys/ (# 2025-07-05)

http://66.63.187.190
104.37.172.175:19000
104.37.175.226:19000
104.37.175.249:443
104.37.175.249:8888
107.150.0.77:19000
107.150.0.77:443
107.150.0.77:8888
107.167.93.210:19000
107.173.180.117:443
107.175.30.197:443
107.178.103.74:19000
108.61.117.233:8088
116.202.22.233:443
135.181.10.139:19000
135.181.122.216:19000
135.181.181.109:19000
135.181.4.162:19000
136.243.242.29:8113
138.199.152.79:443
138.199.152.79:8888
147.124.219.157:19000
147.124.221.148:19000
147.124.221.148:443
147.124.221.148:8888
148.135.119.47:443
151.242.2.20:19000
157.90.14.147:14321
165.22.154.195:19000
165.22.154.195:443
165.22.154.195:8888
176.123.7.193:443
176.123.7.193:8888
176.65.134.127:19000
176.65.134.145:19000
176.65.134.153:19000
176.65.134.153:9912
176.65.134.33:19000
176.65.134.33:443
176.65.138.143:19000
176.65.140.26:19000
176.65.140.26:443
176.65.140.26:8888
176.65.140.27:19000
176.65.140.27:443
176.65.140.27:8888
176.65.141.165:8587
176.65.141.166:2405
176.65.141.207:19000
176.65.141.207:443
176.65.141.207:8888
176.65.141.209:19000
176.65.141.219:19000
176.65.141.250:19000
176.65.141.48:19000
176.65.141.62:19000
176.65.142.201:19000
176.65.142.21:19000
176.65.142.34:19000
176.65.142.61:19000
176.65.142.92:19000
176.65.143.149:19000
176.65.143.152:19000
176.65.143.204:8049
176.65.144.105:8888
176.65.144.106:19000
176.65.144.168:19000
176.65.144.179:19000
178.255.126.19:443
178.255.126.19:8888
179.43.141.35:443
179.43.176.17:19000
179.43.176.5:443
179.43.176.5:8888
179.43.176.8:19000
179.43.182.221:19000
179.43.182.221:443
179.43.182.221:8888
179.43.182.61:19000
180.178.189.34:8181
185.106.176.178:19000
185.107.74.8:8088
185.149.146.41:14431
185.149.146.41:1912
185.196.11.170:19000
185.196.8.215:19000
185.196.8.26:443
185.208.156.43:19000
185.208.158.7:19000
185.208.158.91:19000
185.208.159.170:19000
185.21.13.139:19000
185.245.105.118:19000
185.39.206.250:8888
188.245.239.55:19000
192.153.57.185:19000
192.30.242.216:443
192.30.242.216:8888
192.30.242.248:19000
192.30.242.44:19000
193.124.205.11:19000
193.124.205.45:19000
193.124.205.45:443
193.124.205.45:8888
193.233.112.103:11010
193.24.123.213:19000
194.113.245.11:8474
194.164.245.8:443
194.164.245.8:8888
194.5.62.208:19000
194.87.29.221:443
194.87.29.221:8888
195.10.205.101:19481
195.10.205.70:19000
195.10.205.78:19000
195.10.205.78:443
195.82.146.172:8888
195.82.146.180:8811
195.82.146.47:8704
195.82.147.21:19000
195.82.147.24:19000
195.82.147.26:19000
195.82.147.36:19000
195.82.147.73:19000
195.82.147.84:19000
196.251.69.173:1915
198.135.48.192:19000
198.135.48.192:443
198.135.48.192:8888
198.135.48.94:19000
198.135.48.94:443
198.135.48.94:8888
198.135.52.142:19000
198.135.55.145:19000
198.144.183.226:443
206.123.145.22:443
212.34.154.50:443
212.34.154.50:8888
213.209.150.104:8181
213.209.150.140:443
213.209.150.140:8888
213.209.150.143:19000
213.209.150.143:4233
213.209.150.20:443
213.209.150.20:8888
216.250.252.47:19000
216.250.252.47:443
216.250.252.47:5026
217.156.122.3:19000
23.88.69.148:443
23.94.122.150:11453
23.95.32.229:19000
31.172.74.175:19000
37.27.239.58:8888
37.27.239.58:8899
38.180.152.36:19000
43.255.158.248:11453
43.255.158.248:19000
45.12.219.193:19000
45.12.219.193:443
45.12.219.193:8888
45.125.66.142:19000
45.134.26.140:19000
45.137.99.191:19000
45.137.99.58:19000
45.141.87.119:9000
45.142.194.131:443
45.142.194.131:8888
45.142.194.141:443
45.142.194.141:8888
45.142.194.47:19000
45.142.194.48:19000
45.144.53.186:443
45.144.53.186:8888
45.150.32.106:19000
45.153.34.116:19000
45.153.34.119:19000
45.153.34.122:19000
45.153.34.122:8888
45.153.34.127:8888
45.153.34.130:19000
45.153.34.134:8888
45.153.34.135:19000
45.153.34.137:19000
45.153.34.138:19000
45.153.34.140:19000
45.153.34.140:443
45.153.34.140:8888
45.153.34.143:19000
45.153.34.147:1199
45.153.34.147:19000
45.153.34.147:4433
45.153.34.147:8888
45.153.34.148:19000
45.153.34.167:19000
45.153.34.168:19000
45.153.34.168:443
45.153.34.168:8888
45.153.34.171:19000
45.153.34.173:4413
45.153.34.181:4243
45.153.34.199:19000
45.153.34.229:19000
45.153.34.229:443
45.153.34.235:19000
45.153.34.237:443
45.153.34.242:442
45.153.34.28:19000
45.153.34.85:1912
45.156.87.109:19000
45.156.87.126:19000
45.74.10.208:8888
46.101.114.89:19000
49.12.168.200:443
49.12.168.200:8888
49.13.0.36:443
49.13.0.36:8888
5.149.250.166:9915
5.175.234.99:443
5.175.234.99:8888
5.252.153.226:443
5.252.155.208:443
5.252.155.208:8888
62.60.226.118:443
62.60.226.118:8888
62.60.226.128:443
62.60.226.128:8888
62.60.226.143:19000
62.60.226.143:443
62.60.226.143:8888
62.60.226.173:19000
62.60.226.176:19000
62.60.226.185:19000
62.60.226.185:443
62.60.226.185:44333
62.60.226.193:19000
62.60.226.19:443
62.60.226.19:8888
62.60.226.24:19000
62.60.226.44:443
62.60.226.44:8888
62.60.226.79:443
62.60.226.79:8888
62.60.226.84:19000
62.60.226.89:19000
65.108.129.23:443
65.108.129.23:8888
65.108.206.243:443
65.108.206.243:8888
65.108.207.18:8888
65.21.118.116:443
72.5.42.44:1587
74.117.196.250:19000
77.110.116.74:19000
77.73.129.44:5902
77.83.207.146:19000
77.83.207.146:443
77.83.207.146:8888
81.19.131.173:19000
83.217.209.230:443
83.222.191.196:11000
84.200.154.49:19000
85.158.108.139:19892
85.158.108.184:19014
85.158.110.87:8899
86.54.42.145:19000
86.54.42.154:19000
86.54.42.215:19000
86.54.42.217:19000
86.54.42.224:19000
88.198.15.183:19000
88.210.34.29:19000
88.210.34.29:4178
88.210.34.29:443
89.23.98.145:8900
89.34.230.116:8888
89.34.230.119:19000
89.34.230.169:19000
89.34.230.16:19000
89.34.230.184:19000
89.34.230.69:19000
91.240.118.2:19000
91.240.118.2:9769
92.60.47.178:19000
93.113.25.244:19000
94.141.123.182:29300
94.141.123.182:443
94.156.227.14:19000
95.214.53.17:19000
95.214.53.17:443
95.214.53.17:8888
95.216.19.115:19000
api.blue-pencil-wave.today
api.strawberry-fruit.shop
asp.hankeringcrestedwrist.shop
blue-pencil-wave.today
bv.yuoei.shop
cf.jolttapestry.fun
everydayitstimeto.christmas
fuzzikittenhaus.com
hankeringcrestedwrist.shop
i.jolttapestry.fun
jolttapestry.fun
mail.miliao.cc
ovalre.us
partopikoto.live
playing-music.oss-ap-southeast-7.aliyuncs.com
sk2.boxingcasualty.shop
strawberry-fruit.shop
vvrn.akkba.cloud
w1.discoverconicalcrouton.shop
yuoei.shop
/0721217eab03d184996db/0c8607s1.q8xnq
/0721217eab03d184996db/jks0dfje.0f4gv
/0721217eab03d184996db/uihhm5or.adx0l
/0c8607s1.q8xnq
/192xrm94.kf4
/1bsv4t78.ugtje
/20abda5e27a457d5bae88f8/smgx4whh.hodau
/2ptlciku.20d33
/78fc5131525a9e8d335b1/192xrm94.kf4
/78fc5131525a9e8d335b1/2ptlciku.20d33
/78fc5131525a9e8d335b1/bu4x10qt.a1
/7b10d5d78fdd0/p09qs22q.4xr9s
/7fbe5fb3ba958a77f17d1d400555809e71d86fe8999830c1.wpd
/EDHGFDSDFG/1bsv4t78.ugtje
/bu4x10qt.a1
/jks0dfje.0f4gv
/p09qs22q.4xr9s
/smgx4whh.hodau
/uihhm5or.adx0l

# Reference: https://www.virustotal.com/gui/file/a96fdd10d8c3531841ae89c755b9718933b29169d7848de63cf3b9dd898ff5ab/detection
185.209.161.182:9057
/c406104e77bccd507d/ck9m16vt.l8rlx
/ck9m16vt.l8rlx

# Reference: https://www.virustotal.com/gui/file/5826336df34ba4f5d2e645c82122c2cc9d5fe61d4b10d2282d880293e568d2ee/detection
# Reference: https://www.virustotal.com/gui/file/c6cee0adfe511e99fa64af9d939d4c1d115dd56b17df1c7e60a165d122f50a57/detection

http://176.65.142.184
176.65.142.184:443
185.21.13.139:4433
/gateway/dxavsfuw.06d5c
/gateway/vwdnrjpb.h1pcn
/dxavsfuw.06d5c
/vwdnrjpb.h1pcn

# Reference: https://www.virustotal.com/gui/file/0c493fc4f0be85073e5087cd3a990da53bd96245e952585f01c9ef8be24e492e/detection

193.68.89.45:7055

# Reference: https://www.virustotal.com/gui/file/1cfc3b32aeb66367c054ac339add02b24805f90a3d0b53bd61b4670d0edf8a55/detection

http://194.143.146.43
/gateway/ssv15b6p.dnpel
/ssv15b6p.dnpel

# Reference: https://www.virustotal.com/gui/file/80d7caf2863c1b2e8bcbfeaf02a0fcd84b376b052658ce09e4d9dd2450cb16dc/detection

178.255.126.19:8888
178.255.126.223:4433

# Reference: https://www.virustotal.com/gui/file/0a5bb6b29e70f99c51cc97726ceab44771dca068cc5d56780c9abf71662bb287/detection

http://83.217.208.52
/gateway/1wqt7kjq.lvck8
/1wqt7kjq.lvck8

# Reference: https://www.virustotal.com/gui/file/3de30cac1e834e75ae41446551445fd3fe44f603ce30015f3ffcc1218f36f051/detection

http://159.69.59.93
/gateway/ju1o2hgj.8o8e5
/ju1o2hgj.8o8e5

# Reference: https://www.virustotal.com/gui/file/fb9b41850c4e97d3ade67534d5444f40da37099e47b1431ab9d8c7842c68f300/detection

144.195.3.213:3478
206.247.34.213:3478
206.247.34.213:3479

# Reference: https://www.virustotal.com/gui/file/8cc2854d14061632ea0e427f4c0bbd60c6f6fd35c70860fed8ad22d148fead42/detection

http://89.150.40.77
89.150.40.77:443
/windowsiis2022/g1ci1mt7.8u9p8
/windowsiis2022/
/g1ci1mt7.8u9p8

# Reference: https://www.virustotal.com/gui/file/0f72603467745275eb5c43871e0295bc9b89659010fbf1650e1c82196a5e29a4/detection

45.159.248.242:6339

# Reference: https://www.virustotal.com/gui/file/ed597a341853ca2040d200f9450e4a7f0d393129d613db96b3aed7dbe8a15976/detection

sync.sagargolf.com

# Reference: https://x.com/galkofahi/status/1947990984580567097
# Reference: https://www.virustotal.com/gui/file/9b04ba3901bf0de8609dcc7854d11f83849b7ff88347d52959f3c439343164c8/detection
# Reference: https://www.virustotal.com/gui/file/c309ac17d39fb13751882787b3f97a4053641d33ac537291575333d4db9ae3d0/detection

http://185.196.8.26
185.196.8.26:4200
/lund/gqiuheg9.d743d
/gqiuheg9.d743d

# Reference: https://x.com/Threatlabz/status/1950949733935223110
# Reference: https://www.virustotal.com/gui/file/eb5558d414c6f96efeb30db704734c463eb08758a3feacf452d743ba5f8fe662/detection

192.30.242.210:8888
/gateway/qq7o8k3h.fnliq
/qq7o8k3h.fnliq

# Reference: https://g0njxa.medium.com/meowsterio-weaponizing-clickonce-in-2025-8c2595a817c8

185.39.206.236:443
/gateway/aoaowmat.s0srx
/aoaowmat.s0srx

# Reference: https://x.com/anyrun_app/status/1955261592087458195
# Reference: https://app.validin.com/detail?find=d6fe9b51105378c746287ad700ec55db&type=hash&ref_id=c3d31df9ce7#tab=host_pairs (# 2025-08-12)
# Reference: https://www.virustotal.com/gui/file/924f21d03e7f7835f76c84bb6875cb01d4e5a9ef5608bc2aebebfab5340686cd/detection

194.87.29.253:443
80.253.249.108:4356
84.200.80.8:443
bro-flashy-cat88.xyz
flaxergaurds.com
loanauto.cloud
temopix.com
wetotal.net
winmic.live
zerontwoposh.live
/gateway/6caqmphx.fan5l
/gateway/n5eepk7n.2a6s4
/6caqmphx.fan5l
/n5eepk7n.2a6s4

# Reference: https://x.com/SquiblydooBlog/status/1955686642934800694
# Reference: https://www.virustotal.com/gui/file/8a2590c9a17beff4632e5c888cee885f37901a664d21309b8b3b803462b160d7/detection
# Reference: https://www.virustotal.com/gui/file/abf052189d7c4ecb828806ff3e559de0e4bd0ba5e69c01575a8f8217bf2868d6/detection

194.55.137.74:443
glokdrofko.top
unared-cdn.asia

# Reference: https://x.com/g0njxa/status/1959989875404366284
# Reference: https://x.com/netresec/status/1960248042554081784
# Reference: https://www.virustotal.com/gui/file/7908c78041ece2129127d26500321b09f094e41c66f535454884bb4d79573b9b/detection

198.135.48.43:18088
/gateway/tsf0eqxx.dju47
/tsf0eqxx.dju47

# Reference: https://x.com/K_N1kolenko/status/1960961408780095864
# Refereence: https://www.virustotal.com/gui/file/b18aa5a1a02bcd28e242c1d23585d565f88063e6c1b251873e5872c95652679a/detection

185.102.115.18:44533
185.102.115.18:58834

# Reference: https://x.com/JAMESWT_WT/status/1968934473740833091
# Reference: https://app.any.run/tasks/0df667b4-b779-483b-933d-a9b78fc41b75
# Reference: https://www.virustotal.com/gui/file/4a98e39be920cf2a999e3d5a25bf4f0192dc574eab6b47c69a76222c0cb2d69a/detection

80.253.249.210:443
91.235.132.129:3478
/gateway/xkcuwr37.ogwja
/xkcuwr37.ogwja

# Reference: https://www.virustotal.com/gui/file/00b2fcef0757d618e1e8fb107096d2c4b65855eb3e16021206ccb5c4f03fcac3/detection

176.46.152.62:5858

# Reference: https://x.com/thebitdoodler/status/1971655864793850200
# Reference: https://www.virustotal.com/gui/file/9b488286cdf0d6025096bac071a9d1068e1ac2e4348f231f5c3b241db2051534/detection

http://64.188.91.83
64.188.91.83:54433
spawnstars1.shop
/gateway/ii0wjcja.3p5xf
/ii0wjcja.3p5xf

# Reference: https://www.virustotal.com/gui/file/59ff0305c48efa67262ff44c6dc719a03f297acd61d66f54d78496aff03d79a6/detection
# Reference: https://www.virustotal.com/gui/file/bd322aca125d095bb81195df86f43772187bc4f5133ff8f78c84c7ee11a9b8d1/detection
# Reference: https://www.virustotal.com/gui/file/59ff0305c48efa67262ff44c6dc719a03f297acd61d66f54d78496aff03d79a6/detection

80.253.249.208:4231
82.22.174.33:443
shiporitoy.sbs
shiteathre.sbs
shiwa.sbs
snaifre.sbs
trelev.live
treten.live
tretwe.live
wieish.sbs
wisev.sbs
/gateway/202hphki.v8dkr
/202hphki.v8dkr

# Reference: https://www.virustotal.com/gui/file/07696e89e560cff18a41c9cedcbdf7d1732b072a00631155759d8ee1edb542c5/detection

193.233.126.173:443
/gateway/excak9i5.wd6ow
/excak9i5.wd6ow

# Reference: https://www.virustotal.com/gui/file/5517dc210ae01f2bb76ea06afebcfdc25065ce5f9ab4c900e1c496451ff6686e/detection

ganjasmokeha.top
api.ganjasmokeha.top

# HEADER_HASH-HOST=f060620cf4f86b6481dc

akbweb.top
apreldown.top
blagomezbart.top
filtergoyrdo.top
gabrielnonstops.top
gigachatglob.top
gnomeblocks.top
goodfatherbab.top
newphilshim.top
newshimforjune.top
newshimone.top
newshimtwo.top
voinaimurtols.top
api.akbweb.top
api.apreldown.top
api.blagomezbart.top
api.filtergoyrdo.top
api.gabrielnonstops.top
api.gigachatglob.top
api.gnomeblocks.top
api.goodfatherbab.top
api.newphilshim.top
api.newshimforjune.top
api.newshimone.top
api.newshimtwo.top
api.voinaimurtols.top

# Reference: https://www.virustotal.com/gui/file/7a8fc9266ee3f169e22833bfdf0ff5c7dc3b59fa0a6d612a01905f27362ddf10/detection

adolfcjgos.top
api.adolfcjgos.top
/76ece4d3ab5c60ead288414/fi3cxhti.l1g9r
/76ece4d3ab5c60ead288414/
/fi3cxhti.l1g9r

# BANNER_0_HASH-HOST=254b8175e050e3d0844beed9d894d030

globalshimserv.top
glpovmdasda.top
majesticpoison.top
mancotacobell.top
nl2.stablepod1.top
rnsddse.top
stablepod1.top

# Reference: https://x.com/JAMESWT_WT/status/1972690379066474773
# Reference: https://www.virustotal.com/gui/file/7b08010f90000aebb4e4fe941cf0f5126c040691b7c2eb1abe5bc100f7005a76/detection

185.196.9.212:443
5.252.153.112:8000
5.252.153.240:8000
bthizkquvq.pw
intuite.site
intuite.tech
hotel.intuite.tech
hotel.intuite.site
hotelsep.blogspot.com
potalgonabunbunsed.blogspot.com
/master/5208wlg6.vnad9
/5208wlg6.vnad9

# Reference: https://www.virustotal.com/gui/file/76790344db486db20af8caf3a3045a9c15d88bd1bb1d440adb3a3faeb625e681/detection
# Reference: https://www.virustotal.com/gui/file/ea1556f31371a93603d5d7325e865c313f3b3a59d0a7ac4a4728c338f2049619/detection

oneltak.top

# Reference: https://www.virustotal.com/gui/file/abd92c6d1d75a6d018906b0f56bfb793056e8b9054ebb1fbf79ac496e65f875b/detection

http://212.11.64.215

# Reference: https://www.virustotal.com/gui/file/c87990f603179c0f6c6fe57c82e578b502b87797761861043d7b2e347931be3d/detection

/gDatDeDway/f55ciojg.ew56r
/gDatDeDway/
/f55ciojg.ew56r

# Reference: https://www.virustotal.com/gui/ip-address/185.208.159.226/relations
# Reference: https://www.virustotal.com/gui/file/d21c9ea71b552edbf0fed362c8dcb7f71f6f06208371cb65fe526c65546d6c89/detection

bradseek.top
falconmx.top
menslaks.top
petsloot.top

# Reference: https://www.virustotal.com/gui/file/ea26270b360f4c2d2d73db3959e905872ab59ea680b91f76aa87ec4a58a92fd4/detection
# Reference: https://www.virustotal.com/gui/file/ff14429d2ec2104a1c7f61e7561d3eef27f476ef8a943307890eb37f1e6529d5/detection

144.172.106.201:4133

# Reference: https://www.virustotal.com/gui/file/0146b0e2b5c59abe56321f0a8913c9f18b9bdb67425a31f1e08fb7f15c60cfb7/detection

185.208.159.226:8888

# Reference: https://www.virustotal.com/gui/file/be5e9e2e0d43feb54b0cffbc54e4150e7f1bc22d8c033f9c23789ec683b56734/detection

185.33.84.159:443
194.55.137.26:2022
194.55.137.30:443
5.180.52.28:443
77.91.75.254:443
79.141.168.224:443
85.208.119.17:443
85.209.156.7:443
85.209.157.6:443
85.209.158.14:443
/gateway/calh79rb.cjjfi
/calh79rb.cjjfi

# Reference: https://www.virustotal.com/gui/file/f1d45569c2f00002de673d4c7502a2af613d69a84af84dc8fd7a43b38ca37937/detection

http://77.105.136.71
/gateway/9o5fknci.dm9qh
/9o5fknci.dm9qh

# Reference: https://www.virustotal.com/gui/file/456660eb6695d1ba9e569abedb1ce42b0f56a80c8eb331ea8ba0bdb4358880d0/detection

77.105.136.71:443
diamomong.top
api.diamomong.top

# Reference: https://www.virustotal.com/gui/file/572fee73ab64f53b68589e37cdf30f28c2b94776ed87f17229e448aa6d6fe524/detection

http://77.73.129.35
77.73.129.44:41433
/gateway/ofcfljv6.pme0l
/ofcfljv6.pme0l

# Reference: https://www.virustotal.com/gui/file/fa9bf2db089d568182b184a7e2084dc9e0cd600d57a6c79f6bc0ee169b18dce9/detection

http://185.149.146.172
185.149.146.172:443
/zdesbilvova/qhdigs9k.6c26b
/qhdigs9k.6c26b

# Reference: https://www.virustotal.com/gui/file/93b5030357aa13dd7b27238143af70bf19966bde05fd59786eadc8b68a5556d9/detection

45.142.193.98:5418
77.90.185.70:443
/get/8i5s7jan.ugmwg
/8i5s7jan.ugmwg

# Reference: https://www.virustotal.com/gui/ip-address/5.9.198.36/relations

anaivilonamand.xyz
bodeleialinnsa.xyz
canadadelhoyo.com
debindaianeree.xyz
hnofinjarcisen.xyz
holinswincetta.xyz
lisonneringeer.xyz
navivawsisonau.xyz
ndelevielolipr.xyz
oneazasharilli.xyz
owerneodonereo.xyz
quminathingach.xyz
unbelentenengn.xyz
viliatarizeril.xyz
xartamarakatha.xyz
zaloniarshiabr.xyz

# Reference: https://research.checkpoint.com/2025/rhadamanthys-0-9-x-walk-through-the-updates/
# Reference: https://www.virustotal.com/gui/file/0877849f6d367539d0e9d895e42a1c94d8f288c748428bb8e2634ed0dc927389/detection

193.84.71.81:443
/gateway/xhfc6bab.jg3hl
/gateway/wcm6paht.htbq1
/xhfc6bab.jg3hl
/wcm6paht.htbq1

# Reference: https://www.virustotal.com/gui/file/19801ee4c790ff671259d4a47f3cbd48bae686d2d9967a440e00cef35041ace9/detection
# Reference: https://www.virustotal.com/gui/file/8f9eab6f52ecaa2412126c0a1bbd0fe6415a5345ad970ea3ec285284f8ffe9e0/detection
# Reference: https://www.virustotal.com/gui/file/a54faa6500ada27d2a1ea3bb298897fbda25240a170bc40af8e6f39bce930d4f/detection
# Reference: https://www.virustotal.com/gui/file/ccbcbf8d6399bce1f3df74c2e3f2919f2c343c646689ecffe3f773b68b1e04d2/detection

193.8.184.120:54433

# Reference: https://www.virustotal.com/gui/file/a4240b24d90590d356c4c6e7f6d9c5604a52a2b76c16d1b90c54ab1f74826d42/detection

109.234.36.180:443

# Reference: https://www.virustotal.com/gui/file/26d3f212f445da539cfd857ad5199d0f20baa341296fb4051656c55823630256/detection

146.103.99.179:443

# Reference: https://www.virustotal.com/gui/file/3aa535904d599508d7be920a414a5e9c28ebbc6729557b7b872ad8b86ad16d91/detection

5.180.46.40:44313

# Reference: https://www.virustotal.com/gui/file/bd322aca125d095bb81195df86f43772187bc4f5133ff8f78c84c7ee11a9b8d1/detection

shiteatwop.sbs

# Reference: https://www.virustotal.com/gui/file/28c92680092fe5179ef00d0996b5e627476d8aec574a5d17cc4abb4c41934d52/detection

84.21.189.85:443
qsetshi.live

# Reference: https://www.virustotal.com/gui/file/ee25ba77afab31fd892f99ac868c83a11a2e86ee55b11235d57d0c039d4e09d3/detection
# Reference: https://www.virustotal.com/gui/file/c7a88bf748cccc547490018a222b339fc5574e38ecd59109a841eb0360b14aec/detection

176.46.158.19:43433
193.68.89.57:443
/gateway/wg60jsfj.t62os
/wg60jsfj.t62os

# Reference: https://www.virustotal.com/gui/file/6f29573ba5b8764610549510c146f9346c710534af4783dd9d622dd18a573115/detection

185.177.239.153:443
/gateway/ehqqu17t.n576u
/ehqqu17t.n576u

# Reference: https://www.virustotal.com/gui/file/77ea1145bc499b42106c56b1e3487a6c54d338235b7bdfc2cccd2926127ea1c4/detection

fivadm.sbs
fouradm.sbs
tesshi.live
thretadm.sbs
twetadm.sbs

# Reference: https://www.virustotal.com/gui/file/4ee662939cd683ba9a3aa8335a0dbad15d433b73cc4d23d144c9a628ddbfdb44/detection

78.40.193.42:443
glpombjghty.top
api.glpombjghty.top

# Reference: https://www.virustotal.com/gui/file/15d04f836366ee6e340f21d8deaacae6661a9233c0d421f1864d4e0d6feb7aab/detection
# Reference: https://www.virustotal.com/gui/file/27a620c3e613c203be54a3e2865e63a656b57d52404b0232553c963d006e5a08/detection
# Reference: https://www.virustotal.com/gui/file/46792d2af5e0263583d77ba0bdc050aa568a9e4b246dba8eb3bbfedce826ca79/detection
# Reference: https://www.virustotal.com/gui/file/f1f3e54d6b7f14b5945e4078779cd55073380287df217744e508918ce23f9020/detection

192.52.242.79:443
192.52.242.79:54433

# Reference: https://www.joesecurity.org/reports/report-4991369.html
# Reference: https://www.virustotal.com/gui/ip-address/141.98.80.175/relations
# Reference: https://www.virustotal.com/gui/file/4cb16ea1c2b2a8119822a6a54236056b5296e6141233092fbd424f5f06900fa5/detection

194.87.10.203:44333
securitysettings.live
xoiiasdpsdoasdpojas.com
