# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://x.com/kddx0178318/status/1834545168403296409
# Reference: https://app.any.run/tasks/b81c945b-3c42-4385-ba54-331fd7f7b367
# Reference: https://www.virustotal.com/gui/file/fcbd0b82a5a16a712ca5d39f049f9ee3abeee4462f13a57995c1d1cddf3b0c08/detection
# Reference: https://www.virustotal.com/gui/file/82d6ffab386dcfad2fbe3916a0bf54e718afeffef27cf1e04e648dbe31fb67aa/detection

64.94.84.70:443
newtactical.buzz
mesh.newtactical.buzz

# Reference: https://x.com/s1dhy/status/1842884556438790364
# Reference: https://x.com/banthisguy9349/status/1842895170708144581
# Reference: https://urlscan.io/search/#filename:%22LoginView.74796495.css%22

http://109.123.237.16
http://168.138.139.218
http://185.216.13.242
http://185.234.67.49
http://212.83.189.8
http://50.253.176.117
http://50.255.118.246
http://64.94.84.70
109.123.237.16:443
168.138.139.218:443
185.216.13.242:443
185.234.67.49:443
212.83.189.8:443
50.253.176.117:443
50.255.118.246:443
91.92.241.101:443
91.92.241.82:443
2mx9gsnexms2.users.rport.io
70ravnzq.users.openrport.io
accesvpn.bermex.ca
adbs.info.calculadoradecarbono.store
admin.rmm.silvertech.net
aminternal.care
api.domainservice.site
api.trustt.com.br
auth.aptechnologies.io
auth.moffettas.com
auth.retro-gamer.org
bitwarden.pcguys.org
bwrw0kgb.users.openrport.io
concentrix.de
connectsecure-demo.mytrmm.com
connectsecure-demo.pages.dev
consolevpn.g3f.com.br
contabilirj.mabbix.com.br
contabo2.id3145.pt
control.lenshead.sbs
counterstriketactical.com
customers.savethebit.it
dash.rmm.fortera.au
dashboard.rmm.kdt-solutions.ch
defaultuser.rocks
demo.tacticalrmm.com
dev.client.ransomplan.com
devtec.systems
domainservice.site
doublecoin.buzz
epxpsecurity.net
first-app.ashah.dev
fw01-de.kcs9-services.de
gateway.swedata.net
helpdesk.acerticonsultoria.com.br
helpdesk.nunda.net
helpdesk.techmaisbh.com.br
helpdeskv3.hminformatica.com
helpdeskv3api.hminformatica.com
identity-verify-secured3d-gateway.ikwb.com
igorkot.com
imd1xux7zn2n.users.rport.io
internalrmm.lan.okepc.nl
iv.xmade-systems.com
kawaii-cat.moe
kvpn.catafrildo.com.br
login.colourrepubic.com
lunarstudio.app.br
m3-userserver.direct.quickconnect.to
mas-admin04ds.direct.quickconnect.to
mesh.aschenerbach.ddns.net
mesh.domainservice.site
monitoring.fuchsedv.cloud
monitoring.net-e.de
mseh.lk-it.ddnss.de
nas.hektrack.com
news.chrisjourdian.com
officesupdater.com
osticket.voberts.com
patch.digialert.com
pendletontechsupport.com
post.cm93.de
postfixadmin.igm-data.fr
rdm.support.8amarketing.com
remote.secure.cafe
rmm.alcaloid.ddnss.org
rmm.aschenerbach.ddns.net
rmm.azole.cloud
rmm.bellcybersecurity.com
rmm.billingyourway.com
rmm.bl-support.de
rmm.ccthelpdesk.com
rmm.chaselabs.net
rmm.cloudsupport.icu
rmm.contatoinformatica.com
rmm.demirci.nyc
rmm.domainservice.site
rmm.ebsi-informatique.fr
rmm.fastsupport.hu
rmm.fudi.ing
rmm.hermesnetwork.cloud
rmm.home.billenstein.net
rmm.infoservice.tec.br
rmm.isafe.com.br
rmm.it-homelab.de
rmm.jcpitsupport.com.au
rmm.jeangaston.xyz
rmm.jobcost.com
rmm.karmasangsthanbank.gov.bd
rmm.lk-it.ddnss.de
rmm.localdadmin.com
rmm.mzi-services.fr
rmm.oktocontrol.hu
rmm.optionsistemas.com.br
rmm.orestech.com.ar
rmm.powerservice.com.br
rmm.ppttech.net
rmm.rawlsgrouphelpdesk.com
rmm.saas.supportit.com.pl
rmm.sandstoneit.com
rmm.secure.cafe
rmm.service.fractalit.com.au
rmm.support.twade.io
rmm.supportgates.com
rmm.supportportal.org
rmm.tactical.internal.2squaredbytes.com
rmm.tacticalrmm.lab.oke-it-services.nl
rmm.taise.tech
rmm.tiesso.com
rmm.tpinformatica.com.br
rmm.ubernix.com
rmm.unified-support.co.za
rmm.websiteapicloud.com
rmm.xpertus-service.de
rmm.yourdesktopsupport.com
rmm.zoicloud.au
rmmlot.ru
romalcos.direct.quickconnect.to
rust.albert.coach
rustdesk.stadel.info
rustnwam.freeddns.org
scottysplace.net
security.consultoriago.com.br
servicedesk.zealsp.com
servicioselectronicos.direct.quickconnect.to
servicioselectronicos2.direct.quickconnect.to
smartcontrol.sunvig.com
srv.suportemais.com
support.8amarketing.com
support.davange.com.au
support.dylan-perso.fr
support.glaztech.cloud
support.hminformatica.com
support.kroytechnologygroup.com
support.kvix.ca
support.ppttech.ca
support.retailit.lk
support.sysdan.com
support.titanitsolutions.com.au
support.topsemence.com
support.ubiquitas.co.uk
supporto.ddns.net
supportproactive.direct.quickconnect.to
synoinstall-7smvkuoonla2oedh.direct.quickconnect.to
synoinstall-8zi2vkre1scn05mo.direct.quickconnect.to
synoinstall-ed1nhp6mr4tr4l3l.direct.quickconnect.to
synoinstall-oz51ipi9zwcv48so.direct.quickconnect.to
synoinstall-s93q23775sum8aa2.direct.quickconnect.to
synoinstall-t5u59vipgvanop9w.direct.quickconnect.to
synoinstall-upx9k8fh1illqqv8.direct.quickconnect.to
synoinstall-yu3a3t3k2nqyjypp.direct.quickconnect.to
tac.securityarsenal.com
tactical.abd.ong
tactical.sucres-et-services.fr
tacticalrmm.lab.oke-it-services.nl
tekysupport.ca
ticket.pioan.ca
uicontrol.jtnetworx.com
unificloud.zoiamedia.com
updateapps.online
updatestore.site
viewgateway12.iccchem.com
voip.infoservice.tec.br
vpn-gkm.ddns.berlin
vpn.corridorts.com
vpn.itresource.se
vpn.martyn-s.com
vpn.mitw.ru
vpn.mstech.feira.br
vpn.organic.digital
vulcancomputer.systems
web.rmm.xpertus-service.de
whaticket.mstech.feira.br
wtapi.atssolucoesemti.com.br
wvsupport.au
xemir.pw
xtekrmm.com
y0833up8tkig.users.rport.io
zoi-nebulafiles.zoicloud.au

# Reference: https://securelist.com/awaken-likho-apt-new-implant-campaign/114101/

kwazindernuren.com

# Reference: https://x.com/James_inthe_box/status/1853445030876447060
# Reference: https://www.virustotal.com/gui/file/db8174175cec245f15f117503fd9e178307fb3763ea7e2e47541e80bfc953746/detection

94.232.43.185:443

# Reference: https://x.com/WhichbufferArda/status/1940451607558361286

152.67.84.123:443
152.67.84.123:8080

# Generic

/Meshcleaner.exe
/Meshcleaner.exe.bak
/Meshcleaner.exe.bak2
