# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: veletrix loader

# Reference: https://twitter.com/MichalKoczwara/status/1643578019242442752
# Reference: https://twitter.com/MichalKoczwara/status/1643598384610017281
# Reference: https://search.censys.io/search?resource=hosts&sort=RELEVANCE&per_page=25&virtual_hosts=EXCLUDE&q=073fb179ccb5a8ecad40fad2c940ef3bd3ce06f1

103.45.142.118:8082
114.132.56.160:8082
119.3.204.38:8082
164.88.255.246:8082
180.76.179.154:8082
185.80.202.166:8082
216.83.44.138:8087
216.83.44.139:8087
216.83.44.140:8087
216.83.44.139:8082
216.83.44.13:8082
216.83.44.138:8789
216.83.44.140:8082
39.98.173.197:8082
43.136.116.140:8082
45.76.231.62:8082
45.76.97.205:8082
45.94.42.61:8082
45.94.42.61:19090
64.176.37.78:8082
66.181.36.244:8082
8.222.140.105:8082
82.157.154.3:8082

# Reference: https://x.com/malwrhunterteam/status/1889287149863702646
# Reference: https://www.virustotal.com/gui/file/a921ee9bac3903adf360d901cc9a9235c4b88e6dfcccdea23edd60057014f6ff/detection
# Reference: https://www.virustotal.com/gui/file/3606842ac4a7627426ad78fbac2cad392647f1be031edb9a2046a846f191a585/detection
# Reference: https://www.virustotal.com/gui/file/1ae30e2698772e0dfade7d3cb3d79eb01fd90e650d9fb94f10368f1dff7e0c93/detection

103.30.76.254:8084
548125.com

# Reference: https://x.com/malwrhunterteam/status/1896920306562027960
# Reference: https://www.virustotal.com/gui/file/0d9d9319c7e198dc7e5ad16fcb32e0208e9ae9c597d6ef55529fd1e70f2fd92c/detection
# Reference: https://www.virustotal.com/gui/file/a7d4c0752ade8e254cbabdffc49f3fff1b6e9173ca05058f905c4594e4ab3a14/detection
# Reference: https://www.virustotal.com/gui/file/800524ead4ea37033a31f3815afc2149c7c49b071d2b12eaab43d137b7558a60/detection

113.44.89.162:443

# Reference: https://x.com/malwrhunterteam/status/1900535978650972297
# Reference: https://www.virustotal.com/gui/file/125eec79530dff6b987af22b338a68cd1e4cec95fbbe3667f793195fab9e202a/detection
# Reference: https://www.virustotal.com/gui/file/39e6cb3ab100c14154a21ea52e5fd239e45bf6b8c494f859ee82bd5e255a8c32/detection

45.145.228.118:7799

# Reference: https://x.com/Jane_0sint/status/1902333528534073802
# Reference: https://app.any.run/tasks/a3bcac8e-51f2-4922-a4a8-677345e7393f
# Reference: https://app.any.run/tasks/288d9045-7562-4f86-b41d-87176654e5c5
# Reference: https://app.any.run/tasks/28fb84a7-f49a-4d84-8ef5-87035a3fbc23

198.98.48.4:55689
43.128.85.89:8084

# Reference: https://x.com/malwrhunterteam/status/1907164500383441392
# Reference: https://www.virustotal.com/gui/file/5a172a716f2772d09186164da34e1aad536d71cbd6aa0f1ddb2fa201ca1a79f7/detection

147.93.122.8:8084

# Reference: https://x.com/malwrhunterteam/status/1911746330952622573
# Reference: https://www.virustotal.com/gui/file/d1168d09e64f7a6e0048c0c3a4197166e0536b61d6db00a162b3a31f8e1a4af4/detection

27.25.151.34:12345

# Reference: https://x.com/malwrhunterteam/status/1911749743958503876
# Reference: https://www.virustotal.com/gui/file/09f4bd9a9b9c35a8aa398ecd0bd86ab5cbf12fd6b0391ed966e4bdf24ba0bed6/detection
# Reference: https://www.virustotal.com/gui/file/1efa3a940ab68db66ab5498b51944e0095085db5d3504fed9c0ebb55beda045b/detection

54.250.244.150:8084

# Reference: https://x.com/malwrhunterteam/status/1912922319187476738
# Reference: https://www.virustotal.com/gui/file/f3b1c933afe9b3fc366bfbc311683c6643c04720eb2d04c52d49e63c3fbb7ef4/detection
# Reference: https://www.virustotal.com/gui/file/a15f30f20e3df05032445697c906c3a2accf576ecef5da7fad3730ca5f9c141c/detection
# Reference: https://www.virustotal.com/gui/file/9cb6f45e3fe2fdd035c6e7634986aaadde625d68e1f0344558f262818f58385f/detection

121.37.80.227:8084

# Reference: https://x.com/malwrhunterteam/status/1913547725502640265
# Reference: https://www.virustotal.com/gui/file/157ccecda80b1deee56a722aba14eafc231899939365a2842b4f660f92a11a24/detection

198.252.107.249:443

# Reference: https://x.com/malwrhunterteam/status/1913535502533140530
# Reference: https://www.virustotal.com/gui/file/6321bb2e4134db7704f5371ff6deca2e89ab9a0fdf3f2bb86b34b4ae11283c13/detection

38.91.118.218:9002
value-keys.com
alicloud.value-keys.com

# Reference: https://x.com/malwrhunterteam/status/1913536150439932103
# Reference: https://www.virustotal.com/gui/file/8932c191212aa44562de0b7cedd12a813945f6e72f612a92db6bbe78a4561d85/detection

123.60.50.172:60001

# Reference: https://x.com/malwrhunterteam/status/1914626415292489985
# Reference: https://www.virustotal.com/gui/file/a7c6da7c4d76a53996a8ae57ccfd6c804c25a8cfeb528a918c685e7a338ea316/detection
# Reference: https://www.virustotal.com/gui/file/850277a7a28bac6837698cc52125d06e3a5fe4334b6fade7df00e7c44e654cd7/detection
# Reference: https://www.virustotal.com/gui/file/300fec8f396f0f51d5db594b095ae09150d09731667b8f979709022dbfb44df8/detection

23.226.136.169:38084
23.226.136.169:65535

# Reference: https://x.com/malwrhunterteam/status/1915032715289661731
# Reference: https://www.virustotal.com/gui/file/5eaaf8af492b74fe6aefc76879fefa86f221e369cc242600e5f36f9267a75d65/detection
# Reference: https://www.virustotal.com/gui/file/2817e26773a18ea6185fa22ab0060338e227b97d4eb3f7b65921f00805fb6120/detection

134.175.254.142:8000
81.71.246.226:8882

# Reference: https://x.com/malwrhunterteam/status/1915361972750582270
# Reference: https://www.virustotal.com/gui/file/00920e109f16fe61092e70fca68a5219ade6d42b427e895202f628b467a3d22e/detection

103.30.76.206:443

# Reference: https://x.com/malwrhunterteam/status/1917189837267886295
# Reference: https://www.virustotal.com/gui/file/0efbda15a1785e1b395b9744841097dc6943b585fa00724105f06d3c7dbd088b/detection

1.15.95.229:53351

# Reference: https://x.com/malwrhunterteam/status/1922188146080350520
# Reference: https://www.virustotal.com/gui/file/fef69f8747c368979a9e4c62f4648ea233314b5f41981d9c01c1cdd96fb07365/detection

62.234.24.38:9999

# Reference: https://x.com/malwrhunterteam/status/1922950235891920966
# Reference: https://www.virustotal.com/gui/file/8a7f4c90b72851d1cbf297542a3ee6703def01a5cd0839607d9be253fea89461/detection

38.55.198.20:8084

# Reference: https://www.virustotal.com/gui/file/2c8910f552168cd6b491c2e1d7662452addd8398e323f51dc49db18fd7759b3d/detection

106.15.105.78:65320

# Reference: https://x.com/malwrhunterteam/status/1928941538001703225
# Reference: https://www.virustotal.com/gui/file/a0f4ee6ea58a8896d2914176d2bfbdb9e16b700f52d2df1f77fe6ce663c1426a/detection
# Reference: https://www.virustotal.com/gui/file/77b0f0861bec071f18e14f3b26c95e46b4c64e61d688de50b5880f4c30d61a24/detection
# Reference: https://www.virustotal.com/gui/file/689751d26d4cc9e17729653e6d1b4078eb3613d666a9669c4d86453c6b6fd523/detection

96.9.125.82:8082
96.9.125.82:8085

# Reference: https://x.com/ElementalX2/status/1931062614970581451
# Reference: https://www.seqrite.com/blog/operation-dragonclone-chinese-telecom-veletrix-vshell-malware/
# Reference: https://www.virustotal.com/gui/file/2206cc6bd9d15cf898f175ab845b3deb4b8627102b74e1accefe7a3ff0017112/detection

47.96.172.80:10088

# Reference: https://x.com/malwrhunterteam/status/1931450753442287839
# Reference: https://www.virustotal.com/gui/file/1b56142f8457af1b488607dc9c004a0e2fc6bb097e472f6c4a3ce83ad513e12e/detection

13.213.71.156:8084

# Reference: https://www.trellix.com/blogs/research/the-silent-fileless-threat-of-vshell/
# Reference: https://www.virustotal.com/gui/file/54585ddae14b24d0100fe85c9e18e44f936368a9f48ae189ccf2cc40cd7c1b7c/detection
# Reference: https://www.virustotal.com/gui/file/fa99edf1270fd67575f1c35d183629fb5bf92a8f5de5280ccc5f638bd79c2867/detection

http://47.98.194.60
47.98.194.60:443
47.98.194.60:8084

# Reference: https://x.com/58_158_177_102/status/1975704382328218113
# Reference: https://www.virustotal.com/gui/file/719bb84cca932f7d3f09e5e5358d79e954dab80ffad9c43b42bb03209a679997/detection
# TITLE-HOST=セキュリティプラグインのダウンロード

47.245.30.54:8888
bookinghotelnow.com
golfpoolinvitational.com
hilarygrace.com
instatechtrendings.com
sbi-zondowal.com
weknowweddings.com
yu123sp.com
zdfhcl.com

# Reference: https://x.com/smica83/status/1978591124269797549
# Reference: https://x.com/skocherhan/status/1978594157493997620
# Reference: https://www.virustotal.com/gui/file/6fa4949992c9f261ed7848d44577149ea11d4c5269e891578d66a1c3d4629109/detection
# Reference: https://www.virustotal.com/gui/file/fad397bbf868b50b0fccc8bdb9930edee9d05ad25a0f330a5551d1529d6662c8/detection

13.210.13.81:8081
snlper5.com
my.snlper5.com
vs.snlper5.com
