# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://otx.alienvault.com/pulse/642d624ccd3a7cca31c9e252
# Reference: https://www.virustotal.com/gui/ip-address/43.154.239.14/relations
# Reference: https://www.virustotal.com/gui/file/ca47e4505cc84c087d20cadc78aabc01ff6adb44503d86224eb2bd8015016feb/detection
# Reference: https://www.virustotal.com/gui/file/c8e6da627a59a00f043fed05556b738a86fb0f69029748cff206b96a32644f03/detection
# Reference: https://www.virustotal.com/gui/file/bbaa917065d2ca0ba5151b17598789c0125b91c6d7e96ea9b157309e9bf9e2a4/detection
# Reference: https://www.virustotal.com/gui/file/5b5bf1eae9fdd580e2cd491710fbb2504e2f732b17859081eb29801ba61910d7/detection
# Reference: https://www.virustotal.com/gui/file/4d87ad44fb99c42fd5ae0cdba4efcf887574f533a8576d020a24e1ab98809263/detection

154.197.14.38:1523
43.154.189.105:7093
43.154.239.14:7093
43.154.55.253:7093
43.155.98.18:7093
43.249.30.41:1523
43.249.30.41:1524
haiwai2.xyz
liangjiang33.top
liangjiang3344.top
liangjiang44.top
telegramsi.site
club.liangjiang44.top

# Reference: https://cert.360.cn/warning/detail?id=6528fd63ea0822e915605dc6
# Reference: https://otx.alienvault.com/pulse/652d51197fbe59ec2dd072a8

ccgbub296.qty592.com
dianpiao4-1320808414.cos.ap-nanjing.myqcloud.com
dianpiao5-1320808414.cos.ap-nanjing.myqcloud.com
fapao-1320364328.cos.ap-guangzhou.myqcloud.com

# Reference: https://x.com/malwrhunterteam/status/1817829163186733082
# Reference: https://www.virustotal.com/gui/file/7decebabc2d6d61421f8ee3eb86930aa4748887469d76d153db59af63452991e/detection
# Reference: https://www.virustotal.com/gui/file/911a322297f8fcd094434e0715e276e85adb150454cd36588841cbd77fb7c89d/detection

154.92.19.81:6666
154.92.19.81:8888
39.109.114.74:10009
39.109.114.74:10010

# Reference: https://x.com/JAMESWT_MHT/status/1869343624061989127
# Reference: https://www.virustotal.com/gui/file/7b2d2c13f652b5172c9930aa164163caeda8820935cccd9983d924aa90d294d0/detection

27.50.63.8:10443
27.50.63.8:4433
anydesk17.s3.ap-east-1.amazonaws.com

# Reference: https://www.forescout.com/blog/healthcare-malware-hunt-part-1-silver-fox-apt-targets-philips-dicom-viewers/

8.217.60.40:8917
vien3h.oss-cn-beijing.aliyuncs.com

# Reference: https://x.com/skocherhan/status/1926556842492150221
# Reference: https://www.virustotal.com/gui/file/1f946a4714e8b05d449b4cb75ad0c711c630260075e67dd2adad307b49f9f4c6/detection

43.248.173.209:10471
43.248.173.209:10472
43.248.173.209:18852
k0e.xyz
k0l.xyz

# Reference: https://www.fortinet.com/blog/threat-research/threat-group-targets-companies-in-taiwan

00-1321729461.cos.ap-guangzhou.myqcloud.com
6-1321729461.cos.ap-guangzhou.myqcloud.com
twzfte-1340224852.cos.ap-guangzhou.myqcloud.com
cq1tw.top
twcz.pro
twczb.com
twnc.ink
twnic.icu
twnic.ink
twnic.ltd
twnic.xin
twsa.top
twsw.cc
twsw.club
twsw.info
twsw.ink
twsw.ltd
twsw.pro
twsww.vip
twsww.xin
twswz.top
twswzz.xin
twtgtw.net
twzfw.vip
z2tw.xin

# Reference: https://x.com/Cyber_O51NT/status/1947500223061791178
# Reference: https://mp.weixin.qq.com/s?__biz=MzU2OTcxNjE4Mw==&mid=2247486072&idx=1&sn=ce36707ae3974cc872b4432a8edf2dee&poc_token=HMo1f2ijBV0u5OvP3CmpxsqaacBtvRszX0VCBbPP
# Reference: https://www.virustotal.com/gui/file/061588b2a2b1c2044fe99d99bac0529d99d708802ead6da37aae29b590921bfe/detection

45.13.161.179:8880
ailletll.top
