# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: zhong stealer

# Reference: https://x.com/anyrun_app/status/1891818695875244400
# Reference: https://any.run/cybersecurity-blog/zhong-stealer-malware-analysis/
# Reference: https://app.any.run/tasks/a84e322a-a5e5-469e-98b3-1235f8069cbb/

156.245.23.188:1311
47.79.64.228:1311
kkuu.oss-cn-hongkong.aliyuncs.com

# Reference: https://x.com/malwrhunterteam/status/1910011168501948816
# Reference: https://x.com/naumovax/status/1912518911678890032
# Reference: https://tria.ge/250309-1el3rastay/behavioral2
# Reference: https://www.virustotal.com/gui/file/e4169e6d20af66bfea82aec4eb599d3c4a4df52fc884638fce408cdffdef5671/detection
# Reference: https://www.virustotal.com/gui/file/422d8d1f652be8790b7b54cc2e05d67f8b1b94e74da9dd6b3733c8968171447b/detection
# Reference: https://www.virustotal.com/gui/file/caefa709a7a0bb48657f0844b356651b5aa6b1d3b01b4c7a57b21942f8e4d651/detection
# Reference: https://www.virustotal.com/gui/file/5f5f8914a61f4adc249574d6c06d4e1b7197dea4a3103bbf25006d45c079b7dd/detection
# Reference: https://www.virustotal.com/gui/file/28f54babb02c9f6a3b1fb4ffd723c4e7130fbfb0888afeb908ca3b466f0187b6/detection

http://182.16.35.197
104.233.164.131:2869
112.121.170.66:3133
112.121.170.66:3158
118.107.47.151:5836
13.208.251.115:3158
134.122.137.141:15888
15.168.37.31:3158
182.16.63.194:5188
216.118.240.42:5188
arpuu.com
exbibi.com
ku9qn.com
opopl.com
fa.opopl.com
m.ku9qn.com
u.arpuu.com
uu.opopl.com
imagesyd.s3.ap-southeast-1.amazonaws.com
kkusd.s3.ap-southeast-1.amazonaws.com

# Reference: https://x.com/malwrhunterteam/status/1929826384437793087
# Reference: https://www.virustotal.com/gui/file/c6a09aa45cf4a7fc1633bf5fd85ccff7d3becdc03d112efbd45e81b9104baed4/detection

myvideomanagerentry.s3.ap-northeast-1.amazonaws.com

# Reference: https://x.com/SquiblydooBlog/status/1928377113221972346
# Reference: https://www.virustotal.com/gui/file/be5d6c4aa4b27548a06c2afaef3b4035abf65566e9a8bfd642b4a2032729656e/detection

newvideoupdat.s3.ap-northeast-1.amazonaws.com

# Reference: https://x.com/malwrhunterteam/status/1931225292976124024
# Reference: https://www.virustotal.com/gui/file/441ef8aa13409660cedb9a557619f60cbf90c3f0d28f7191b8385a6d147acf46/detection
# Reference: https://www.virustotal.com/gui/file/103e3f16182a7da8b96e9b0510d80787be3e585705f46067687bcf91804df788/detection

56.155.36.99:3158
updatervideo.s3.ap-northeast-1.amazonaws.com
