# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: sidecopy, falseflag, apt36, mythic leopard

# Reference: https://twitter.com/Timele9527/status/1144069969845481474
# Reference: https://app.any.run/tasks/69351273-5fd3-4590-a5a5-da639f86f9ec/
# Reference: https://www.virustotal.com/gui/file/bf34be94275f5b05d82b3805bccb30f217020d88f501d156324f98b5eda9ba7e/detection
# Reference: https://www.virustotal.com/gui/file/071c2ac354452d484a37e7af15dd4685061dd4af93abad4308f41df673132ff0/detection

192.99.241.4:4915

# Reference: https://twitter.com/Timele9527/status/1130670958971215873
# Reference: https://www.virustotal.com/gui/file/386ed7ba502e7bf0e60c546476c1c762cbc951eb2a2ba1f5b505be08d60310ef/detection
# Reference: https://vtbehaviour.commondatastorage.googleapis.com/386ed7ba502e7bf0e60c546476c1c762cbc951eb2a2ba1f5b505be08d60310ef_Tencent%20HABO.html

95.168.176.141:4864
95.168.176.141:16672

# Reference: https://twitter.com/HONKONE_K/status/1122327639249698816
# Reference: https://www.freebuf.com/articles/network/197398.html

bdrive.club
bdrive.space
cloudserve.online
cynqms.com
data-backup.online
firebasebox.com
scan9t.com
tprlink.com

# Reference: https://twitter.com/Timele9527/status/1121607912676261890
# Reference: https://www.virustotal.com/gui/file/b80635fed8c7fce92385ddb66fb6f58337a8a150c4a1d158888adaa8db0cfebc/detection
# Reference: https://vtbehaviour.commondatastorage.googleapis.com/b80635fed8c7fce92385ddb66fb6f58337a8a150c4a1d158888adaa8db0cfebc_Tencent%20HABO.html

peechtrees.com

# Reference: https://twitter.com/HONKONE_K/status/1104951156730544128
# Reference: https://www.virustotal.com/gui/file/500f8798dd582b22928097f24d8516893beb84d155f5a2a6ebf30bbcf4d91dae/detection
# Reference: https://vtbehaviour.commondatastorage.googleapis.com/500f8798dd582b22928097f24d8516893beb84d155f5a2a6ebf30bbcf4d91dae_Tencent%20HABO.html

81.17.56.226:3864

# Reference: https://www.proofpoint.com/sites/default/files/proofpoint-operation-transparent-tribe-threat-insight-en.pdf

178.238.228.113:7861
178.238.235.143:80
178.238.235.143:9001
193.37.152.28:9990
213.136.87.122:10001
5.189.143.225:11114
5.189.145.248:10032
5.189.145.248:1453
5.189.145.248:6318
62.4.23.46:1500
ad2.admart.tv
afgcloud7.com
avadhnama.com
bbmdroid.com
bbmsync2727.com
bhai123.no-ip.biz
bhai1.ddns.net
brooksidebiblefellowship.org
cdrfox.xyz
intribune.blogspot.com
lolxone.com
mvssync8767.com
ordering-checks.com
thefriendsmedia.com
sahirlodhi.com
sms.totalworthy.com
sudhir71nda.no-ip.org
winupdatess.no-ip.biz
comdtoscc.attachment.biz
ceengrmes.attachment.biz
email.attachment.biz
fileshare.attachment.biz

# Reference: https://twitter.com/Timele9527/status/1167626219916972032

kmcodecs.com

# Reference: https://twitter.com/Timele9527/status/1186816375857139712

isroddp.com
/rEmt1t_pE7o_pe0Ry/

# Reference: https://twitter.com/Arkbird_SOLG/status/1219769450989334528

198.46.177.73:6421
198.46.177.73:4920
198.46.177.73:10422
198.46.177.73:14823
198.46.177.73:16824

# Reference: https://twitter.com/_re_fox/status/1232402275181703169

185.136.163.197:4442

# Reference: https://twitter.com/_re_fox/status/1226344529046929408

awsyscloud.com
/E@t!aBbU0le8hiInks/
/H!pT0pNSc3nd/
/eNn!T5eals/
/Pon0N.php
/Cor2PoRJSet!On.php
/f3dlPr00f.php
/pR0T5o-Niums.php
/Dev3l2Nmpo7nt.php
/xwunThedic@t6.php

# Reference: https://twitter.com/spider_girl22/status/1246082462649683968
# Reference: https://twitter.com/teamcymru_S2/status/1382724143444004866
# Reference: https://www.virustotal.com/gui/file/94fc14e5c961c1dd8ff63330f0bdd11c8f5e1563468d7d35127ae486144c3dd2/detection
# Reference: https://www.virustotal.com/gui/file/736c9682399885ca1219cb10472b406d381ce66bd3a5cdc919cb28ee59b898fe/detection

107.175.1.103:14686
107.175.1.103:3268
107.175.1.103:5418
107.175.1.103:7646
107.175.1.103:9348

# Reference: https://twitter.com/ShadowChasing1/status/1250303709013147650
# Reference: https://www.virustotal.com/gui/file/3c7eb76db2a503d495d1332dc50acbcf511d56a6ff5a7f1a5f9c16c5efc10b5d/detection

64.188.25.205:3692

# Reference: https://twitter.com/ShadowChasing1/status/1257268847175860224
# Reference: https://twitter.com/KodaES/status/1257265452654497792
# Reference: https://app.any.run/tasks/250c2c2d-fdfb-4f46-8565-a9b2538c1ace/

107.175.64.251:6286

# Reference: https://twitter.com/_re_fox/status/1286826493335805953
# Reference: https://www.virustotal.com/gui/file/99b24003e4d5a19430653760db6492d920dfda94194ba8aaa9e82d2949aab740/detection

164.68.101.194:3312

# Reference: https://twitter.com/ShadowChasing1/status/1296988003911360516
# Reference: https://www.virustotal.com/gui/file/e91836bbf90b1eafd5cdcf8868408309470d4a06c5239dfee7dd74eca1a7f222/detection

64.188.12.126:4676

# Reference: https://securelist.com/transparent-tribe-part-2/98233/
# Reference: https://otx.alienvault.com/pulse/5f46861db7f081f8c83140dc

http://212.8.240.221
212.8.240.221:5987
sharemydrives.com
sharingmymedia.com
tryanotherhorse.com

# Reference: https://twitter.com/ShadowChasing1/status/1311590568674291712

servicesmail.site

# Reference: https://twitter.com/DeadlyLynn/status/1318006847949819912
# Reference: https://www.virustotal.com/gui/file/d4b36731cb37ad05b0b9678b568c10a56f2e84967b393b626afb19d2df41c9b9/detection

173.249.14.104:6630

# Reference: https://twitter.com/ShadowChasing1/status/1337000347810729984
# Reference: https://www.virustotal.com/gui/file/6257ab26547f390bfd67d60766a708a95998452eb487d6d7208a52dc3e9840e0/detection

198.12.90.116:3691

# Reference: https://twitter.com/ShadowChasing1/status/1338077086896963584
# Reference: https://twitter.com/c3rb3ru5d3d53c/status/1338177112059088903
# Reference: https://www.virustotal.com/gui/file/2714b12d0c65cb6fe783571a2d103866c4059f40b2905f58a6cd5de80eefeb73/detection
# Reference: https://www.virustotal.com/gui/file/26a4d9bd2961d724ef07aaec5cbbd120891c600ab7932e5e4ddef38aa3ee9700/detection

89.249.65.206:4816
89.249.65.206:49483

# Reference: https://twitter.com/ShadowChasing1/status/1338507666373558273
# Reference: https://www.virustotal.com/gui/file/48f662986a80c5c73a878b0f46cd7e3a548e556ad9c3f76c4eb867968b240eaf/detection

172.217.15.110:4876

# Reference: https://twitter.com/ShadowChasing1/status/1360018043703762945
# Reference: https://www.virustotal.com/gui/file/86d43578ba26f02cf845f16a38ab29a48ad86c17f4a2ec3b69fc0d5fe82b4af7/detection

64.188.25.143:4586

# Reference: https://twitter.com/h2jazi/status/1367102521400053767
# Reference: https://twitter.com/h2jazi/status/1367105848544284676
# Reference: https://twitter.com/teamcymru_S2/status/1367436864941150208
# Reference: https://www.virustotal.com/gui/file/f6bec3c2d0503978f88734c6d52f2a01552c1d24b8e014ab835827ba3c9cc548/detection

23.254.119.118:11214
23.254.119.118:15822
23.254.119.118:17443
23.254.119.118:6128
23.254.119.118:8761

# Reference: https://twitter.com/InQuest/status/1368879546695618561
# Reference: https://twitter.com/ShadowChasing1/status/1368902119051325447
# Reference: https://www.virustotal.com/gui/file/d0a5ffa3b9c40eb1e4277e7c41a100b0836c9424b36fb9bbe281711c0b116883/detection

173.249.14.104:4568
templatesmanagersync.info

# Reference: https://twitter.com/modubyk/status/1215690858131066881
# Reference: https://www.virustotal.com/gui/file/3cbb07af5c85a539ba970bd831de6ad53473afe6d99b3cdbb963711e2b1ee9c3/detection
# Reference: https://www.virustotal.com/gui/file/fde8b0e2ce949e09070d6788194f63131070afab0ebd479bedd545091e7cc8aa/detection

cfrbackup.com
/P0urWa1t3_r!es/
/P0urWa1t3_r!es/iptonps.php

# Reference: https://twitter.com/h2jazi/status/1374754308676280323
# Reference: https://www.virustotal.com/gui/file/8bd2a1aa58cd9fb15ce499be7131e810abbdcc7770806ebfbd83b8e8f701c5e4/detection

75.119.139.169:4568

# Reference: https://twitter.com/ShadowChasing1/status/1374713010472685569

185.136.169.155:8761

# Reference: https://twitter.com/h2jazi/status/1385577616606961664
# Reference: https://www.virustotal.com/gui/file/f87d8b4376bdb341964801a836bb7ae4843351ded70801d401e951cbbe05d613/detection

167.160.166.177:4698

# Reference: https://team-cymru.com/blog/2021/04/16/transparent-tribe-apt-infrastructure-mapping/

134.119.181.15:6818
134.119.181.15:8561
134.119.181.15:8861
151.106.14.125:14618
151.106.14.125:16418
151.106.14.125:3468
151.106.14.125:8722
151.106.19.220:2682
172.245.247.112:11824
172.245.247.112:14624
172.245.247.112:8666
172.245.87.12:12447
172.245.87.12:18856
172.245.87.12:4586
172.245.87.12:8443
173.212.192.229:16564
173.249.22.30:10864
173.249.22.30:16582
173.249.22.30:4228
173.249.14.104:3312
173.249.14.104:9808
173.249.42.113:8148
185.136.169.155:11214
185.136.169.155:15882
185.136.169.155:17443
185.136.169.155:6128
185.174.102.105:54131
198.12.90.116:3691
198.12.90.116:4684
198.12.90.116:6582
23.254.119.11:3163
23.254.119.11:4828
23.254.119.11:5661
23.254.119.11:6614
45.32.151.155:11427
45.32.151.155:12835
45.77.246.69:16185
5.189.134.216:5156
64.188.12.126:12824
64.188.12.126:49747
64.188.12.126:9666
64.188.25.206:11422
64.188.25.206:16621
64.188.25.206:4125
64.188.25.206:6522
66.154.113.38:3878
66.154.113.38:8666

# Reference: https://twitter.com/ShadowChasing1/status/1385561727559864321
# Reference: https://www.virustotal.com/gui/file/fafcbb35db7cd2725d2f3f4268ffb32390f0e7602263841914fae72f37baca5b/detection

109.236.85.16:5987
myabcxyz1.ddns.net

# Reference: https://twitter.com/ShadowChasing1/status/1387357625013080064

167.86.89.53:1443
167.86.89.53:16688
167.86.89.53:24619
167.86.89.53:6118
167.86.89.53:8843

# Reference: https://twitter.com/cyber__sloth/status/1383394061965348867
# Reference: https://twitter.com/ShadowChasing1/status/1383217637853831169
# Reference: https://twitter.com/_re_fox/status/1383207625874083841
# Reference: https://www.seqrite.com/documents/en/white-papers/Seqrite-WhitePaper-Operation-SideCopy.pdf
# Reference: https://www.virustotal.com/gui/file/54759951089f44a3918e164b8bf29c8f388cfd41f9930f81b8103852947fed93/detection
# Reference: https://www.virustotal.com/gui/file/5bc838b11eadb3fec80a7e6bb46183b868096d8c2e499bedd9c976f3d70d41b1/detection

http://161.97.142.96/htt_p
http://173.212.224.110/h_ttp
144.91.65.100:6102
144.91.91.236:6102
164.68.108.22:6102
173.212.224.110:6102
173.249.50.230:3245
drivetoshare.com
mailfourms.com
iiieyehealth.com
socialistfourm.com
updatedportal.com
mfahost.ddns.net
newsindia.ddns.net
tor-relay2.innonetlife.com
vmi192147.contaboserver.net
vmi268056.contaboserver.net
vmi296708.contaboserver.net
vmi312537.contaboserver.net
vmi314646.contaboserver.net
demo.smart-hospital.in/uploads/staff_documents/18/html/
demo.smart-hospital.in/uploads/staff_documents/18/h-xmlhttp/
demo.smart-hospital.in/uploads/staff_documents/19/Armed-Forces-Spl-Allowance-Order/html/
demo.smart-hospital.in/uploads/staff_documents/19/Defence-Production-Policy-2020/html/
demo.smart-hospital.in/uploads/staff_documents/19/Images/8534
demo.smart-hospital.in/uploads/staff_documents/19/IncidentReport/html/
demo.smart-hospital.in/uploads/staff_documents/19/ParaMil-Forces-Spl-Allowance-Order/html/
demo.smart-hospital.in/uploads/staff_documents/19/Req-Data/html
demo.smart-hospital.in/uploads/staff_documents/19/Sheet_Roll/html
demo.smart-school.in/uploads/staff_documents/9/Sheet_Roll/html
demo.smart-school.in/uploads/student_documents/12/css/
drivetoshare.com/mod.gov.in_dod_sites_default_files_Revisedrates/html
sparc.org.in/wp-content/uploads/2020/06/now/rt.rtf

# Reference: https://twitter.com/ShadowChasing1/status/1391680709207609347

londonkids.in/preschool/video/Emergency_Vaccination/css/

# Reference: https://twitter.com/KseProso/status/1392063980961734657
# Reference: https://www.virustotal.com/gui/file/2491caddf4445d9297404493c7707b54591c989b94fd4634a7afdf54c0d22e9c/detection

vmi433658.contaboserver.net

# Reference: https://twitter.com/KseProso/status/1392063980961734657
# Reference: https://www.virustotal.com/gui/file/871cab3256acdbc3c27650adde878658568a85b87e85d3e3c137bdeb4592fb2c/detection

173.249.14.104:6140

# Reference: https://twitter.com/KseProso/status/1392064101103378437
# Reference: https://www.virustotal.com/gui/file/c7dbca435039a6148dc25208f04b734465e8b7c92010ede1401d88f5f8003f2d/detection

173.249.14.104:5670

# Reference: https://twitter.com/pollo290987/status/1564886555306692608
# Reference: https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html
# Reference: https://otx.alienvault.com/pulse/609d7a98443a742cd63c2784
# Reference: https://www.virustotal.com/gui/file/ee4615ba6097bde423549aadac4caea4e74493f93c91ad6cfa3372f2d1fae04d/detection

139.28.36.141:6922
7thcpcupdates.info
armypostalservice.com
clawsindia.com
isroddp.com
larsentobro.com
millitarytocorp.com
pmayindia.com
tprlink.com
awsyscloud.com
cloudsbox.net
datacyncorize.com
digiphotostudio.live
drivestransfer.com
emailhost.network
file-attachment.com
filelinks.live
filestudios.net
hostflix.live
maildrive.email
mediabox.live
mediaclouds.live
mediadrive.cc
mediafiles.live
mediaflix.net
medialinks.cc
mediashare.cc
onedrives.cc
servicesmail.site
shareboxs.net
shareflix.co
sharemydrives.com
shareone.live
sharingmymedia.com
studioflix.net
templatesmanagersync.info
urservices.net
bjorn111.duckdns.org
micrsoft.ddns.net
newsupdates.myftp.org
share.medialinks.cc
social.medialinks.cc
systemsupdated.duckdns.org
tgservermax.duckdns.org
vmd41059.contaboserver.net
vmi433658.contaboserver.net
email.gov.in.attachment.drive.servicesmail.site
email.gov.in.maildrive.email
india.gov.in.attachments.downloads.7thcpcupdates.info
mail.clawsindia.com
mail.isroddp.com
mailer.pmayindia.com
mailout.pmayindia.com

# Reference: https://tria.ge/210514-fsd2fkks9a/behavioral1

5.189.134.216:12538
5.189.134.216:7218
5.189.134.216:9686

# Reference: https://twitter.com/ShadowChasing1/status/1394229310911762434
# Reference: https://www.virustotal.com/gui/file/7f800784b00354dd15eee129317a63bd3f7bb25622e898c873603e5b142cbb09/detection

5-135-125-106.cinfuserver.com

# Reference: https://twitter.com/ShadowChasing1/status/1399012433520324617
# Reference: https://www.virustotal.com/gui/file/71a8e488b3d142bfdfcc4092ac35cf32e7d5e55b68acd262d16707f6a09f9321/detection

134.119.181.142:6672

# Reference: https://twitter.com/bofheaded/status/1399384209353969667
# Reference: https://www.virustotal.com/gui/file/cad6dcfe6942bb5ac648fb25b8aa3359f1d30b6671c132ce8c7c8c3cd08e8825/detection

178.238.229.192:11884
178.238.229.192:15285
178.238.229.192:3687
178.238.229.192:6782
178.238.229.192:8529

# Reference: https://twitter.com/ShadowChasing1/status/1402526383293624323

http://167.86.75.119
selforder.in/wp-content/uploads/wp-commerce/04/05/

# Reference: https://www.virustotal.com/gui/file/d228c1186003ae37e6c9e26222782291fa97580a254e77f290b46c2376b712e4/detection

185.136.169.155:15822

# Reference: https://twitter.com/ShadowChasing1/status/1406962468010614785
# Reference: https://www.virustotal.com/gui/file/907f594f49e498f0526684e03afd76e953b46b2c4947dd260f90f2665b7ff875/detection

afghannewsnetwork.com
dadsasoa.in/font/js/images/files/My-CV/css

# Reference: https://www.virustotal.com/gui/ip-address/144.91.65.100/relations
# Reference: https://www.virustotal.com/gui/file/1ac0288aaebbe07b6145f20dc3ba2c0107ab00b47a4fe90215a784c887bad35d/detection

mmfaa.ddns.net

# Reference: https://www.virustotal.com/gui/file/149b121b8f5755bc841ddd38f8dbcb6f857b00c8943b446ab85e1706e2216bde/detection

http://144.91.65.100

# Reference: https://blog.lumen.com/suspected-pakistani-actor-compromises-indian-power-company-with-new-reverserat/
# Reference: https://otx.alienvault.com/pulse/60d2f18dfd693f4314446f84
# Reference: https://twitter.com/0xrb/status/1409729774956597250

ankaraembassy.hopto.org
certindia.chickenkiller.com
certindia.ignorelist.com
coronavirusupdate.ddns.net
coronavirusupdate.ddnsking.com
defencecyberorg.myddns.me
frankooxyz2.ddns.net
minofdefence.mooo.com
minofdefenceindia.ddns.net
pmreference.ddnsking.com
iiieyehealth.com/fonts/times/files/Call-for-Proposal-DGSP-COAS-Chair-Excellance/css/
ikiranastore.com/images/files/ist/doc/i.php
londonkids.in/echoolz/assets/css/front/hwo/DATE-OF-NEXT-INCREMENT-ON-UP-GRADATION-OF-PAY-ON-01-JAN-AND-01-JUL/css
londonkids.in/preschool/video/Emergency_Vaccination/css/
minervacollege.co.in/fonts/plugins/mrt/Image-7563/css2

# Reference: https://twitter.com/h2jazi/status/1407788867260923908
# Reference: https://www.virustotal.com/gui/file/aadaa8d23cc2e49f9f3624038566c3ebb38f5d955b031d47b79dcfc94864ce40/detection

5.189.170.84:3901

# Reference: https://www.virustotal.com/gui/file/2bb2a640376a52b1dc9c2b7560a027f07829ae9c5398506dc506063a3e334c3a/detection
# Reference: https://www.virustotal.com/gui/file/d2113b820db894f08c47aa905b6f643b1e6f38cce7adf7bf7b14d8308c3eaf6e/detection

5.189.170.84:3312
iwestcloud.com
/Pick@Whatsoever/Mac.php
/Pick@Whatsoever/Qu33nRocQCl!mbing.php
/Pick@Whatsoever/S3r&eryvUed.php
/Pick@Whatsoever/
/Qu33nRocQCl!mbing.php
/S3r&eryvUed.php

# Reference: https://twitter.com/ShadowChasing1/status/1410157094343364609
# Reference: https://www.virustotal.com/gui/file/af5dec1a8eed98bbab9c03dd76a980edc987347c43798d726b0ca538376f27be/detection

drigablockszip.sytes.net
medizz.co/wp-content/base/phr/shareddocuments/Agenda

# Reference: https://twitter.com/BaoshengbinCumt/status/1411963177626046467
# Reference: https://www.virustotal.com/gui/file/c3e56af0c0a13e8ab4e6f2269d1c15586e72f9b7a90c22980f976e6786388a03/detection

185.233.202.230:44567
templateworkshop.site
/template_storage/normal_template/template48.dot

# Reference: https://twitter.com/ShadowChasing1/status/1411991006489112582
# Reference: https://www.virustotal.com/gui/file/49387b1a799944bb19f5b83cd5a05e421bcaff8ddc59750aba800ec03c447245/detection

167.86.105.43:6588

# Reference: https://twitter.com/teamcymru_S2/status/1412397642286522368
# Reference: https://team-cymru.com/blog/2021/07/02/transparent-tribe-apt-infrastructure-mapping-2/

107.173.204.38:6576
107.173.204.38:8586

# Reference: https://github.com/blackorbird/APT_REPORT/blob/master/SideCopy/Network_IOCs_list_for_coverage.txt

digitalfilestores.com
filehubspot.com
freewindowssoftware.com
mailupdater.net
mfahost.ddns.net
mffatool.ddns.net
nscinfo.ddns.net
vmi240582.contaboserver.net
vmi281634.contaboserver.net
vmi312537.contaboserver.net
vmi369553.contaboserver.net
vmi388643.contaboserver.net
vmi420862.contaboserver.net
vmi475662.contaboserver.net
vmi489177.contaboserver.net
vmi512038.contaboserver.net
vmi532529.contaboserver.net

# Reference: https://github.com/blackorbird/APT_REPORT/blob/master/SideCopy/Network_IOCs_list_for_coverage.txt
# Reference: https://www.virustotal.com/gui/file/132870a1ae6a0bdecaa52c03cfe97a47df8786f148fa8ca113ac2a8d59e3624a/detection

173.249.50.230:1238
muzicmirchi.000webhostapp.com

# Reference: https://github.com/blackorbird/APT_REPORT/blob/master/SideCopy/Network_IOCs_list_for_coverage.txt
# Reference: https://www.virustotal.com/gui/file/71bbf2394fe4909a6ce0f7085ca41f21cf5e05e3d761620e4d7f307183fb1e1b/detection

167.86.70.194:9091

# Reference: https://github.com/blackorbird/APT_REPORT/blob/master/SideCopy/Network_IOCs_list_for_coverage.txt
# Reference: https://www.virustotal.com/gui/file/852612666095aec2e9f3456ec4f8a9566be2c690c8583aff6055d180507d5476/detection

167.86.70.194:9092

# Reference: https://github.com/blackorbird/APT_REPORT/blob/master/SideCopy/Network_IOCs_list_for_coverage.txt
# Reference: https://www.virustotal.com/gui/file/956f0f369082068ef24b76ec162cfc2119adbffda94e33e41b40f39d2f192ffe/detection

161.97.90.175:8080

# Reference: https://twitter.com/bofheaded/status/1420466901466030083
# Reference: https://twitter.com/teamcymru_S2/status/1423281518034575363
# Reference: https://github.com/blackorbird/APT_REPORT/blob/master/SideCopy/Network_IOCs_list_for_coverage.txt
# Reference: https://www.virustotal.com/gui/file/57466da1095f6c28d5d7c56d171417bb796b153f1c545e846fee1743cacc15fc/detection
# Reference: https://www.virustotal.com/gui/file/772bc22f6238eb368c47f4d34fb98db9124a44b8443cee92d73c6086609fd2f1/detection

http://149.248.52.61
/vpn-update/vpn-update.php
/weisenborn/aziroboro.php

# Reference: https://github.com/blackorbird/APT_REPORT/blob/master/SideCopy/Network_IOCs_list_for_coverage.txt

144.91.65.100:3245
144.91.65.100:4145
144.91.91.236:4140
144.91.91.236:4145
149.248.52.61:2323
149.248.52.61:5656
149.248.52.61:87
149.248.52.61:89
149.248.52.61:8989
161.97.90.175:6666
164.68.104.126:3245
164.68.104.126:4140
173.212.224.110:4140
173.212.224.110:4145
173.249.50.230:1144
173.249.50.230:1244
173.249.50.230:1245
173.249.50.230:1289
173.249.50.230:3245
173.249.50.230:4145

# Reference: https://github.com/blackorbird/APT_REPORT/blob/master/SideCopy/Network_IOCs_list_for_coverage.txt

http://109.236.85.152
http://164.68.104.126
http://161.97.142.96
http://167.86.75.119
http://173.249.41.175

# Reference: https://twitter.com/Timele9527/status/1419853559860920320
# Reference: https://twitter.com/Timele9527/status/1419853918293544967
# Reference: https://www.virustotal.com/gui/file/8b20b81f05c0acebb97200b5cfa3bec23ddeb9f7307e47c9b942c6f9bee91b44/detection
# Reference: https://www.virustotal.com/gui/file/70fab64895bcfaf7e9bd713e3b3b4c354e19ff9d083285b791d43bb39c5d3253/detection
# Reference: https://www.virustotal.com/gui/file/670bf2bad23645b731a67e3299f4f1692da3bdaa711c588b17024ed916e55438/detection

122.166.149.57:8888
161.97.164.143:20121
161.97.164.143:2121
161.97.164.143:2123
161.97.164.143:2124
161.97.164.143:2122
161.97.164.143:2125
161.97.164.143:8011
161.97.164.143:9512
161.97.164.143:9515
182.188.181.224:2255
certindia.ignorelist.com
certindia.chickenkiller.com
defencecyberorg.myddns.me
email-govin.duia.eu
emailgov-in.sytes.net
kavachhost.ddns.net
nicindia.mywire.org
/005056A0A34C-X-061544/
/005056A052CF-X-445817/
/005056A05902-X-088753/
/005056A0A34C-X-061544/file.pdf
/005056A052CF-X-445817/fastag.jpg
/005056A05902-X-088753/fastag.jpg

# Reference: https://twitter.com/teamcymru_S2/status/1420446957961625602
# Reference: https://www.virustotal.com/gui/file/67a225feedc5ce4adf75acb41e8b0e746e7daaec779225cd72f860a263b92a6e/detection

191.101.172.44:11422
191.101.172.44:14624
191.101.172.44:16621
191.101.172.44:4125
191.101.172.44:6522
64.188.25.206:3389

# Reference: https://www.virustotal.com/gui/ip-address/104.227.146.200/relations

http://104.227.146.200
/KingEfulefu/
/KingEfulefu/login.php

# Reference: https://twitter.com/ShadowChasing1/status/1422452244079779841
# Reference: https://twitter.com/360CoreSec/status/1422403743354482692
# Reference: https://www.virustotal.com/gui/file/8554b5cace52a0fdf0fd3378e4df6606efb45b8ee686ed5b3c1657633405eb85/detection
# Reference: https://www.virustotal.com/gui/file/f5e7b8dddd4137ac008186a4c5e9cb644dc1bbddb61612c29c2087b1efe48974/detection
# Reference: https://www.virustotal.com/gui/file/bc3ff3fb73736649a9aad6ccb811819a912c03aaa9ec81c6fa733f1459e66af9/detection
# Reference: https://www.virustotal.com/gui/file/640ffa981ef531f5ceb98c59cfa1c65a9da9a088dc3157f78ffa0fa6cd5e8e02/detection
# Reference: https://www.virustotal.com/gui/file/72950c1a7d26f9bb6acc0e33d1cd65310db31f5b03c3b3e722ce216bb20f12fe/detection
# Reference: https://www.virustotal.com/gui/file/bc3ff3fb73736649a9aad6ccb811819a912c03aaa9ec81c6fa733f1459e66af9/detection

66.154.112.206:6188

# Reference: https://twitter.com/ShadowChasing1/status/1422914152381616134
# Reference: https://otx.alienvault.com/pulse/610baec1825b7a6f14ae8c21
# Reference: https://www.virustotal.com/gui/file/dc9002bc8fec5e678ae60285dd9fc303e87a9ea15b037be76285e41b50f62f8b/detection

149.248.52.61:91
149.248.52.61:92
149.248.52.61:93
bsnlplots.com/css/css/

# Reference: https://twitter.com/ShadowChasing1/status/1423194120512688133
# Reference: https://www.virustotal.com/gui/file/460c098565a7f5866bb96281ebada37d8e3a7f9e4112de663a05bba470e27929/detection

pafwa.info
independenceday.pafwa.info

# Reference: https://twitter.com/ShadowChasing1/status/1460614611200217093
# Reference: https://www.virustotal.com/gui/file/f79445105ab2dc3c3be899c1e1fd1adca60723f613c242ce4e0b95ee835ac82a/detection

isteandhrapradesh.in/NewSite/Admin/try/b/

# Reference: https://twitter.com/h2jazi/status/1460744936635224064
# Reference: https://twitter.com/h2jazi/status/1460744939105669132
# Reference: https://www.virustotal.com/gui/file/9836cfb7c54febcbbf2b252414dbdc95784ed429c228a363b65b7586ffcc3b0c/detection

194.233.67.90:6785
securedesk.one

# Reference: https://twitter.com/0xrb/status/1460900779175276550
# Reference: https://www.virustotal.com/gui/file/df87afed0b9bef37d4ff79b0065e95b65cb3ffd320dc258548a229720e4bf99f/detection
# Reference: https://www.virustotal.com/gui/file/ac80eb10f16f3da1651b8fcb7dbc714255f4ec9719e922baeeb3499d9bd89e23/detection

mojochamps.com
assessment.mojochamps.com

# Reference: https://twitter.com/RedDrip7/status/1486656925320183809
# Reference: https://www.virustotal.com/gui/file/476c183a7ac3435b0085d652c816b07910d081a92c83b85dfda7ba630cd4957f/detection

45.138.172.222:3691

# Reference: https://twitter.com/ShadowChasing1/status/1490988027354648576
# Reference: https://twitter.com/ShadowChasing1/status/1491261131800780810
# Reference: https://twitter.com/0xrb/status/1491021258741653511
# Reference: https://www.virustotal.com/gui/file/d15f76acb846b237956a6373bd6646ef804419dd9a9fd3c9501acc241fcddff9/detection
# Reference: https://www.virustotal.com/gui/file/46828fb51abae8b9ca21090f56d90d63270464318cd81235872a8fba35ce3064/detection

http://144.91.87.179
144.91.87.179:6659
softwiz.xyz
singleseller.blueappsoftware.com

# Reference: https://twitter.com/bofheaded/status/1491350274937868291
# Reference: https://www.virustotal.com/gui/file/14f4fe625daf1ac498d8557a4fddc67f8183f6a097e84b52f311bf436640d7cc/detection

5.189.182.93:6659

# Reference: https://twitter.com/0xrb/status/1491344919155589124
# Reference: https://www.virustotal.com/gui/file/0d7fdeea6cd1f7732db11f78c2dfd2c4bc5053b6f1bc590d3963705b4a256f22/detection

kokotech.xyz

# Reference: https://twitter.com/0xrb/status/1493801814005022723

161.97.85.89:12786
173.249.50.34:12182
198.12.91.240:18876
198.23.213.22:7776
198.23.213.22:7778
207.180.245.93:12184
209.127.19.241:10284

# Reference: https://blog.lumen.com/reverserat-reemerges-with-a-nightfury-new-campaign-and-new-developments-same-familiar-side-actor/ (# preBotHta)
# Reference: https://github.com/blacklotuslabs/IOCs/blob/main/ReverseRat2.0_NightFury_IoCs.txt

http://62.171.191.230
62.171.191.230:5310
zimbrasoft.ddns.net

# Reference: https://twitter.com/malwrhunterteam/status/1494655193002266625
# Reference: https://twitter.com/malwrhunterteam/status/1494655193002266625
# Reference: https://twitter.com/JAMESWT_MHT/status/1494664440175865865
# Reference: https://app.any.run/tasks/5dc8d5eb-b9c0-4c08-b2b1-ae80cd25da62/

160.20.147.202:7421
highexpresspass.zapto.org
/softwaredailyupdate

# Reference: https://twitter.com/h2jazi/status/1495825063299403785
# Reference: https://www.virustotal.com/gui/file/656124b7148dd8c72add0bfcc1a1ec856232c9e6dd13d8ea9d0f1d0a148889a4/detection
# Reference: https://www.virustotal.com/gui/file/7d834e9caaaadd4f7e43777873550dd195d552038e7bd7ce4319f5cd51ed5c9d/detection

107.150.18.166:6849

# Reference: https://twitter.com/s1ckb017/status/1499312004426870788
# Reference: https://www.virustotal.com/gui/file/f66c2e249931b4dfab9b79beb69b84b5c7c4a4e885da458bc10759c11a97108f/detection
# Reference: https://www.virustotal.com/gui/file/d9037f637566d20416c37bad76416328920997f22ffec9340610f2ea871522d8/detection

45.147.228.195:5524

# Reference: https://twitter.com/ShadowChasing1/status/1499704398284345345
# Reference: https://www.virustotal.com/gui/file/ec9b9a711f81df91d3b243c4e90d2f33abe2dffe4ebb2ed284bd6d0e11cdfb6c/detection

gdcrvpm.ac.in

# Reference: https://twitter.com/0xrb/status/1501061897604730881
# Reference: https://twitter.com/GGGGh0st/status/1513477203828559876
# Reference: https://www.virustotal.com/gui/file/d10e90484ebdeea8a5d2b15820d067f99139a76302e3cc558d942d77fe7fb9f3/detection
# Reference: https://www.virustotal.com/gui/file/bdeb9d019a02eb49c21f7c04169406ac586d630032a059f63c497951303b8d00/detection

161.97.176.42:10019
161.97.176.42:33009
161.97.176.42:47834
161.97.176.42:57000
161.97.176.42:35010
161.97.176.52:10015
161.97.176.52:47822
sunjaydut.ddns.net
swissaccount.ddns.net

# Reference: https://twitter.com/teamcymru_S2/status/1501955807499403270

194.163.139.250:3389

# Reference: https://twitter.com/ShadowChasing1/status/1505893006070583301
# Reference: https://www.virustotal.com/gui/file/94f50d46f72e533ffceb464f2824ef1e0bb2b6638de918ced25123e741339e40/detection

inapharma.in

# Reference: https://twitter.com/0xrb/status/1506155286289326085
# Reference: https://www.virustotal.com/gui/file/2e1ebb72b3b483797564fe541e4b0bb23ec57373a825a927407c17dc107c1888/detection
# Reference: https://www.virustotal.com/gui/file/2ace3b4ea7ecacb6ef8b4da7f5c315a31663523808a685d3600bc57571c1eb83/detection

209.145.55.95:3676

# Reference: https://www.virustotal.com/gui/file/7778f344aae32175751c4f3ec2c43abe637ff6aa67d2731dfa072fd86a9c9b47/detection

209.145.55.95:6659

# Reference: https://www.virustotal.com/gui/file/94f50d46f72e533ffceb464f2824ef1e0bb2b6638de918ced25123e741339e40/detection

209.145.55.95:443

# Reference: https://twitter.com/malwareforme/status/1505935361234677760

209.145.55.95:3285

# Reference: https://twitter.com/0xrb/status/1506879902146269184
# Reference: https://www.virustotal.com/gui/file/868b3d9c6431e57b5a10b04c2c385ee4e507395224e431fdef8012c1351d5325/detection
# Reference: https://www.virustotal.com/gui/file/694e9f128904c4e456c76cff2d7534d43afb53384999fd32e4f0b72dd078385e/detection

95.111.230.252:3349
95.111.230.252:4098

# Reference: https://ti.qianxin.com/blog/articles/transparent-tribe-and-sidecopy-share-infrastructure/ (Chinese)
# Reference: https://blog.talosintelligence.com/2022/03/transparent-tribe-new-campaign.html
# Reference: https://www.virustotal.com/gui/file/a0f6963845d7aeae328048da66059059fdbcb6cc30712fd10a34018caf0bd28a/detection
# Reference: https://www.virustotal.com/gui/file/45ed0b23cc90fbe8eade520bdc230e4103435c6e0d64f779b12da90bc1f1596f/detection

144.91.79.40:12427
194.163.129.89:14427
directfileshare.net
dsoi.info
kavach-app.in
otbmail.com
secure256.net
zoneflare.com
download.kavach-app.in
/C2L!Dem0&PeN/A@llPack3Ts/
/A@llPack3Ts/
/C2L!Dem0&PeN/
/C2L!Dem0&PeN/A@llPack3Ts/Cor2PoRJSet!On.php
/C2L!Dem0&PeN/A@llPack3Ts/Dev3l2Nmpo7nt.php
/C2L!Dem0&PeN/A@llPack3Ts/f3dlPr00f.php
/C2L!Dem0&PeN/A@llPack3Ts/xwunThedic@t6.php
/Pick@Whatsoever/Qu33nRocQCl!mbing.php
/Pick@Whatsoever/S3r&eryvUed.php
/R!bB0nBr3@k3r/FunBreaker.php
/R!bB0nBr3@k3r/tallerthanhills.php
/Pick@Whatsoever/
/R!bB0nBr3@k3r/

# Reference: https://twitter.com/h2jazi/status/1509887066204745743
# Reference: https://www.virustotal.com/gui/file/388f212dfca2bfb5db0a8b9958a43da6860298cdd4fcd53ed2c75e3b059ee622/detection
# Reference: https://www.virustotal.com/gui/file/e2cf71c78d198fdc0017b7bfd6ce8115301174302b3eaaf50cfc384db96bc573/detection

sunnyleone.ddns.net

# Reference: https://twitter.com/h2jazi/status/1513360845807534081
# Reference: https://www.virustotal.com/gui/file/bdeb9d019a02eb49c21f7c04169406ac586d630032a059f63c497951303b8d00/detection

studentsportal.live

# Reference: https://twitter.com/0xrb/status/1515979150515122178
# Reference: https://www.virustotal.com/gui/file/477147271a54e32ef184030393f17c30d68d4aeb8bd6202a225e354f1800b279/detection

66.154.112.251:5235

# Reference: https://twitter.com/0xrb/status/1517052777167732736
# Reference: https://www.virustotal.com/gui/file/4342dd4999d1247fc9032003bafb7d3d58d2cbefe1705d5d91e258d0ed1fef86/detection
# Reference: https://www.virustotal.com/gui/file/bc3441864f2e9276261733b35e2473b7beed0e6ed14ad8fa13d99d15ee5477b6/detection

185.197.249.247:16252
185.197.249.247:18696
185.197.249.247:20862
185.197.249.247:4858

# Reference: https://twitter.com/h2jazi/status/1518382259228844033
# Reference: https://www.virustotal.com/gui/file/b3f8e026f39056ec5e66700e03eeaf57454ee9c0bc1c719d74e10f5702957305/detection

sunnyleone.hopto.org

# Reference: https://www.virustotal.com/gui/file/4841e73697c846f33ffa09d38c0ce58e978b06e32c6807cd21c22dfeadbfd0fa/detection

206.189.185.75:8000
66.63.162.16:4788

# Reference: https://twitter.com/0xrb/status/1523929430238035968
# Reference: https://www.virustotal.com/gui/file/1e0fe0c057163e5cc1a2598b7de1adf06db8bfe814e172557383eea3acbf9a2b/detection
# Reference: https://www.virustotal.com/gui/file/5091ca8bcfee8d3980700de91d3b1f6286420f85be9069bde944ffceac2b02fd/detection
# Reference: https://www.virustotal.com/gui/file/b53e73189ad4db83a5891d0dd73fd86d290fb7de8ab9378a1b9f29cddfc14d8c/detection
# Reference: https://www.virustotal.com/gui/file/b9e1c9e0e8a169b7055d39720b862782922090f0a08cf73de730e2e6ce73eac8/detection

104.129.42.102:16862
104.129.42.102:21584
104.129.42.102:28184
104.129.42.102:6276
104.129.42.102:8891

# Reference: https://twitter.com/ShadowChasing1/status/1526583480867758084
# Reference: https://twitter.com/ShadowChasing1/status/1526583490732781568

indianblog.xyz
indiantrainer.in
dns1.indianblog.xyz

# Reference: https://twitter.com/RedDrip7/status/1533659387277221888
# Reference: https://www.virustotal.com/gui/file/0d61d5fe8dbf69c6e61771451212fc8e587d93246bd866adf1031147d6d4f8c2/detection
# Reference: https://www.virustotal.com/gui/file/f3a1ac021941b481ac7e2335b74ebf1e44728e8917381728f1f5b390c6f34706/detection
# Reference: https://www.virustotal.com/gui/file/fc34f9087ab199d0bac22aa97de48e5592dbf0784342b9ecd01b4a429272ab5b/detection

192.3.99.68:10268
192.3.99.68:16098
192.3.99.68:25822
192.3.99.68:28441
192.3.99.68:7514

# Reference: https://twitter.com/RedDrip7/status/1545363738991403009
# Reference: https://www.virustotal.com/gui/file/21721fe37e170ac53bcfe9dde528dad341dcce6df4abacbaacf50ba804108f2f/detection
# Reference: https://www.virustotal.com/gui/file/fa8c21188ab5a2425f7909d720c54fb1a86be418d1f69e92f5c7ee61af32cb6e/detection

38.74.14.137:12267
38.74.14.137:18197
38.74.14.137:25821
38.74.14.137:26442
38.74.14.137:7516

# Reference: https://www.virustotal.com/gui/file/2dd0416a1a530a56357887709cd37d691a32a30326b75218c5e92b34773d00f3/detection

http://167.86.97.221

# Reference: http://blog.talosintelligence.com/2022/07/transparent-tribe-targets-education.html

cloud-drive.store
drive-phone.online
geo-news.tv
studentsportal.co
studentsportal.website
user-onedrive.live
cloud-drive.geo-news.tv
drive-phone.geo-news.tv
studentsportal.geo-news.tv
user-onedrive.geo-news.tv

# Reference: https://twitter.com/bofheaded/status/1547801705198518272
# Reference: https://www.virustotal.com/gui/file/085f9bfbb1ff54afe4a562824470aeff4d69b1ce3eeeedd4dbef537d2015f627/detection

209.126.80.23:3281
209.126.80.23:6391

# Reference: https://twitter.com/souiten/status/1548952536257679361
# Reference: https://www.virustotal.com/gui/file/1db3adc06f4dccee2cc936333367f1e611092396a21102d9a54296c5a67c89af/detection
# Reference: https://www.virustotal.com/gui/file/ee4615ba6097bde423549aadac4caea4e74493f93c91ad6cfa3372f2d1fae04d/detection

207.180.221.51:5731
test1480.000webhostapp.com

# Reference: https://twitter.com/ShadowChasing1/status/1562072883580764165

ryanglobalschools.com/js/files/IMPL_OF_SPL_ALLCE_ORDER

# Reference: https://twitter.com/InQuest/status/1561659933808119810
# Reference: https://twitter.com/InQuest/status/1561999463933157377
# Reference: https://twitter.com/InQuest/status/1562019017879175169
# Reference: https://twitter.com/InQuest/status/1562043288860991489
# Reference: https://www.virustotal.com/gui/file/bc32040a1ebb05c38e9d564b576b158c71390011c4812aa8ba810e462f62d4d6/detection
# Reference: https://www.virustotal.com/gui/file/6cac8225634748e673e5ae53a14c3c8d403d7e979280874663cea129b0ee5849/detection

http://192.3.108.11
/https/www_a/
/https/www_b/
/https/www_c/
/https/www_d/
/https/www_e/
/https/www_f/
/https/www_g/
/https/www_h/
/https/www_i/
/https/www_j/
/https/www_k/
/https/www_l/
/https/www_m/
/https/www_n/
/https/www_o/
/https/www_p/
/https/www_q/
/https/www_r/
/https/www_s/
/https/www_t/
/https/www_u/
/https/www_v/
/https/www_w/
/https/www_x/
/https/www_y/
/https/www_z/
/www/https_a/
/www/https_b/
/www/https_c/
/www/https_d/
/www/https_e/
/www/https_f/
/www/https_g/
/www/https_h/
/www/https_i/
/www/https_j/
/www/https_k/
/www/https_l/
/www/https_m/
/www/https_n/
/www/https_o/
/www/https_p/
/www/https_q/
/www/https_r/
/www/https_s/
/www/https_t/
/www/https_u/
/www/https_v/
/www/https_w/
/www/https_x/
/www/https_y/
/www/https_z/

# Reference: https://twitter.com/0xrb/status/1577981859287293952
# Reference: https://www.virustotal.com/gui/file/ca74472613129855bd7fc79c4a245a2f27de85086cfd191506f1c9906b9ae460/detection
# Reference: https://www.virustotal.com/gui/file/905fb292dc983a9d731f4716aa2e1ee289975330d11e82df95491f5a9dd7e3ed/detection
# Reference: https://www.virustotal.com/gui/file/396a46e9595fe6bdae709ab3171900ebd4fd1c6e1cd8ad94d17d2dcacb6bf6b6/detection
# Reference: https://www.virustotal.com/gui/file/1c9024f2d696f949091be27aced113f4e98bc46c0580eb93e644a51b269c76e4/detection
# Reference: https://www.virustotal.com/gui/file/18029be2b0bf5284713f9cf61ba5e160ae10a581f346fdd396065d5728906768/detection

164.68.96.32:11232
164.68.96.32:15828
164.68.96.32:3468
164.68.96.32:8169

# Reference: https://twitter.com/h2jazi/status/1580302226597478401
# Reference: https://www.virustotal.com/gui/file/7658cc15e65b9000860658e8d2c7e6c305d972254d21072dfb4955e79649d1f9/detection
# Reference: https://www.virustotal.com/gui/file/0d865bdcd75c4ec6fc1e182c4e68fc34db36cde8467988221d742413609da8c3/detection
# Reference: https://www.virustotal.com/gui/file/77259c0d236c96450663fcf1d0837ebf4d10e024293cc89de1082a76e3e9ce10/detection

23.254.119.234:6178
23.254.119.234:8989

# Reference: https://twitter.com/Des00464472/status/1581873684478046208

161.97.119.238:7778

# Reference: https://www.zscaler.com/blogs/security-research/apt-36-uses-new-ttps-and-new-tools-target-indian-governmental-organizations

http://139.59.23.88
http://139.59.79.86
acmarketsapp.com
gcloudsvc.com
kavach.mail.nic-updates.in
kavachauthentication.blogspot.com
kavachmail-govin.rf.gd
ncloudup.com
nic-updates.in
wzxdao.com

# Reference: https://twitter.com/0xrb/status/1589502482786713600
# Reference: https://www.virustotal.com/gui/file/5d2b37c02e60bbed036c9bb6e4f2c75de6e42c03b69c713c33d3b9325ed1b1ea/detection

154.127.54.168:35010
154.127.54.168:47834

# Reference: https://twitter.com/Des00464472/status/1597845527168970752
# Reference: https://www.virustotal.com/gui/file/46262d79b7e21b5536dc1910a78a6db2b11789503e44a6a89d22a1c169220426/detection

185.225.19.165:4862
185.225.19.165:5350
185.225.19.165:8419

# Reference: https://twitter.com/0xrb/status/1605485461874491393
# Reference: https://www.virustotal.com/gui/file/5e7edf2d81717a0c76e2ad426d1b5610566ef0d86c964a050866e50737660cef/detection
# Reference: https://www.virustotal.com/gui/file/db54820a956615536550e4f78085f23be65bc796d0a636632c9a328a50d97e20/detection

173.249.0.199:10484
173.249.0.199:14882

# Reference: https://twitter.com/SethKingHi/status/1613839332158361600
# Reference: https://www.virustotal.com/gui/file/0a6144cad9483d578d642ed6366afc36291562deb6fa9d4284ffee1d7e98c417/detection

kaspesrky.live

# Reference: https://twitter.com/Des00464472/status/1614174297962188802

194.9.178.85:51512

# Reference: https://twitter.com/suyog41/status/1788434198833045901
# Reference: https://www.virustotal.com/gui/file/8b87459483248d7b95424cd52b7d4f3031e89c6644adc2e167556e071d9ec3aa/detection
# Reference: https://www.virustotal.com/gui/file/0bec6c0c27cc25e96201f1fd4f3f81d4e912d1aaf963a74ec79a74c95af10425/detection

http://185.174.102.54
185.174.102.54:443
/-dsfjslkdjfweoirwsdfkjweirw

# Reference: https://www.virustotal.com/gui/file/73850abc86944209d17ade2b0942401f7c1d30372cf2da158d6019ef96a1a035/detection

sunriseschoolsystem.xyz

# Reference: https://twitter.com/souiten/status/1620629752863404032
# Reference: https://twitter.com/HaoZhixiang/status/1620716673543315464
# Reference: https://www.virustotal.com/gui/file/b277a824b2671f40298ce03586a2ccc0fca2a081a66230c57a3060c2028f13ee/detection

luckyoilpk.com
wellsfargopaymentservices.com

# Reference: https://twitter.com/0xrb/status/1620724303984721920

185.174.102.54:2121

# Reference: https://twitter.com/RedDrip7/status/1622908094606094338
# Reference: https://www.virustotal.com/gui/file/5046947524c39601b5e8e4d8772e4273a3618bba9ea609fd001660d152f3963a/detection
# Reference: https://www.virustotal.com/gui/file/6fb82ca662f7e3f55cdd0f930507f2add996eef09c0f60a9924f469648c915f8/detection

151.106.19.20:12197
151.106.19.20:16867
151.106.19.20:23123
151.106.19.20:24784
151.106.19.20:8248

# Reference: https://twitter.com/RedDrip7/status/1627503544130752513
# Reference: https://www.virustotal.com/gui/file/86f6738c27ca4195813ec1b84d70eaad00670ae043158885cf7a68ad6ba924b1/detection

172.245.80.12:14198
172.245.80.12:18818
172.245.80.12:24224
172.245.80.12:26781
172.245.80.12:8149

# Reference: https://www.welivesecurity.com/2023/03/07/love-scam-espionage-transparent-tribe-lures-indian-pakistani-officials/

meetup-chat.com
phone-drive.online
share-lienk.info
meetsapp.org

# Reference: https://twitter.com/StopMalvertisin/status/1634101674066448387
# Reference: https://www.virustotal.com/gui/file/ecd7d7a27a2a043919a233bb91e3b009c05b7c81ff132a7c29228e1c45d2b6a6/detection

167.114.138.12:10614
167.114.138.12:14822
167.114.138.12:18443
167.114.138.12:6828
167.114.138.12:8661

# Reference: https://twitter.com/suyog41/status/1635983614906187778
# Reference: https://www.virustotal.com/gui/file/ba203358836bd59ffab1e993433765511844ffd3b0985b25e4772d37a28ecfa0/detection

84.46.250.78:8080
84.46.250.78:9812
kwalityproducts.com/bootstrap/jquery/files/details

# Reference: https://twitter.com/0xrb/status/1638049660895100928
# Reference: https://www.virustotal.com/gui/file/c89806e27ecefa3a05ba84b2dd46b148aef007ffa0ef80f6b34621d7777fbd65/detection
# Reference: https://www.virustotal.com/gui/file/bca2ae73987fd0f3f9c7cd984c55b3a0881333ced9a666f375d684d72f082acb/detection

185.229.119.60:9134
89.117.63.146:9921

# Reference: https://twitter.com/StopMalvertisin/status/1640798678649827329
# Reference: https://www.virustotal.com/gui/file/b74250a2259c947073225bbb24f11f4239d0ea4dabc45f4a40a4bbd46793fa6b/detection

richa-sharma.ddns.net

# Reference: https://twitter.com/StopMalvertisin/status/1645805949234597889
# Reference: https://www.virustotal.com/gui/file/c33ee5a2d9df04d07df9f02678f1f880d271dd4d21140f51468eb6affc38a8e8/detection

104.168.48.210:12267
104.168.48.210:18197
104.168.48.210:7516

# Reference: https://twitter.com/jaydinbas/status/1648246659170672640
# Reference: https://twitter.com/fr0s7_/status/1648697733182627841
# Reference: https://www.virustotal.com/gui/file/6d1d3801e227f99c75687b486d0b6879347d6b231de311ad6b5be8661d49d3a3/detection
# Reference: https://www.virustotal.com/gui/file/806c9f3f5ac1d04991776baa627161a1808166ca6d958de756c09f884cb2f000/detection

209.126.81.42:444
ssynergy.in

# Reference: https://www.team-cymru.com/post/allakore-d-the-sidecopy-train

144.91.72.17:9468
185.229.119.60:7469
66.219.22.252:3389
66.219.22.252:8080
66.219.22.252:82
66.219.22.252:9467
89.117.63.146:7439

# Reference: https://twitter.com/teamcymru_S2/status/1649417705269723140

38.242.207.36:2244
38.242.207.36:3764
38.242.207.36:9467

# Reference: https://twitter.com/suyog41/status/1646528247772110853
# Reference: https://twitter.com/suyog41/status/1650377206571618304
# Reference: https://www.virustotal.com/gui/file/5ecbc33fe3b345f2956cff566203e33b9390a3ed9923b990a46804880ae2f59b/detection
# Reference: https://www.virustotal.com/gui/file/efa5a2cbc174b0dba15a453e70f632a23f2213fa7e6473cb8fa66ed0dc8a3a15/detection

78.47.204.216:443
defenseinsight.in
insight.defenseinsight.in

# Reference: https://twitter.com/suyog41/status/1652927978802925568
# Reference: https://www.virustotal.com/gui/file/136fdbc6edec659ef19c4e57b2db005fe8e5a59bbe913f0603698699465e5589/detection

31.187.72.107:443

# Reference: https://www.virustotal.com/gui/file/f63c9c67ef1cc74f3936d637217b1812e04794316cc3895665688068cb31b50e/detection

144.91.65.100:3245

# Reference: https://www.virustotal.com/gui/file/4e110011e8467c77c2de3a335d291b45b24633b2d22169552c200a1095355111/detection

144.91.65.100:4145

# Reference: https://www.virustotal.com/gui/file/587f77cdd90078107928360213536ee69fd7164c4682d44a571bb469795ea06c/detection

144.126.143.138:8080
144.126.143.138:9813

# Reference: https://twitter.com/RedDrip7/status/1666624522408333313
# Reference: https://www.virustotal.com/gui/file/3656a664cde158cf5c3220fb2fdb468fbc8c4e4ff21b951259a9cc10e6bf5615/detection

64.188.21.102:12267
64.188.21.102:18197
64.188.21.102:25821
64.188.21.102:26442
64.188.21.102:7516

# Reference: https://twitter.com/StopMalvertisin/status/1676869449394327553
# Reference: https://www.virustotal.com/gui/file/3859ecfffaf16065a45fce44988e197cc56838a7f6bfb27cb4e8bdc5e43f87db/detection
# Reference: https://www.virustotal.com/gui/file/86eccc88dcae9d1890a43f35b1a30c63b19176f5bff371b21588ee4a7519ab56/detection
# Reference: https://www.virustotal.com/gui/file/f0176c4de5bdac87cc1db60abf64f0736ac101548417cba6a16f7481fccf907e/detection

173.232.44.69:9149

# Reference: https://twitter.com/StopMalvertisin/status/1676869451776671745
# Reference: https://www.virustotal.com/gui/file/c2342e96f7443a221336cd4ff46905a9c30ee54fc02f6c0da11b13b7503bdd53/detection
# Reference: https://www.virustotal.com/gui/file/c3497181b42c520ead76a8ced713c4a2b307f869903b288cc0528895bedf7fdf/detection

185.187.235.186:14198
185.187.235.186:18818
185.187.235.186:24224
185.187.235.186:26781
185.187.235.186:8149

# Reference: https://twitter.com/StopMalvertisin/status/1676869453987086341
# Reference: https://www.virustotal.com/gui/file/86f6738c27ca4195813ec1b84d70eaad00670ae043158885cf7a68ad6ba924b1/detection
# Reference: https://www.virustotal.com/gui/file/f77205a9238a123b74b764be6e2132777e1f3eda9c515f31219387c45629e3ea/detection
# Reference: https://www.virustotal.com/gui/file/6d372ac5ea7270b83a04ef72eaed5a87258cf612f4c52e4dd2a7e073e5913c5c/detection

172.245.80.12:14198
172.245.80.12:18818
172.245.80.12:24224
172.245.80.12:26781
172.245.80.12:8149

# Reference: https://twitter.com/suyog41/status/1677224671790473216
# Reference: https://www.virustotal.com/gui/file/19a5c5472d299f153bab581f4fba6d678ee3055b3d9c605c1467b9991b207087/detection

144.126.154.84:8080
144.126.154.84:9813
politicalclearance.serveftp.com

# Reference: https://twitter.com/StopMalvertisin/status/1677317772072693766
# Reference: https://twitter.com/StopMalvertisin/status/1677317776514375690

aadiloans.co.in/asset/css/cat/
aadiloans.co.in/asset/css/files/pre/
aadiloans.co.in/asset/js/files/pre/

# Reference: https://twitter.com/StopMalvertisin/status/1682064332547555328
# Reference: https://www.virustotal.com/gui/file/a9007c0f22dc7ef45ee7a4acea4d39af897642e618f3eb0c73da83887f3471ea/detection

http://211.135.21.210
185.136.163.197:10926
185.136.163.197:14286
185.136.163.197:443
185.136.163.197:6982

# Reference: https://twitter.com/StopMalvertisin/status/1680989559373582336
# Reference: https://www.virustotal.com/gui/file/9d2404b27788b96562a13cfddff8d66ef82b0b606d3db55c22f55d9f72445ddb/detection

104.168.48.210:25821
104.168.48.210:26442

# Reference: https://twitter.com/StopMalvertisin/status/1689669636940570624
# Reference: https://www.virustotal.com/gui/file/462fe328cb5cff68bea48c2a96896e998d238118f2b372ef444f9b4230e9eeb5/detection
# Reference: https://www.virustotal.com/gui/file/94b8a01ad4b53d202984afb6781d7f88cb5cd329349791516e985ea88e08ad66/detection
# Reference: https://www.virustotal.com/gui/file/7c744de5dcaa8cf88db4e852405ada4ac99bfd166d671f7c476cb2085c6438ed/detection

64.188.19.199:8158

# Reference: https://twitter.com/StopMalvertisin/status/1696155037758591159
# Reference: https://twitter.com/fr0s7_/status/1696161980887744961
# Reference: https://www.virustotal.com/gui/file/5427d381fead7350478cd36eb05d379d4a61b43276fb440525a040b34f784316/detection
# Reference: https://www.virustotal.com/gui/file/2947a56a5485ca6871e15a26b0e05f9623023cdd2d6b69e1915c60e5ea39b3b8/detection

207.180.194.63:8080
207.180.194.63:9813
isometricsindia.co.in
createdaliyplan.serveftp.com

# Reference: https://twitter.com/suyog41/status/1697568816862261250
# Reference: https://www.virustotal.com/gui/file/e4de853a5f51105586ebca91c6ef9927d689f3317b6dafcbdbe4903ded529328/detection

http://66.135.2.62
/rivoblog

# Reference: https://twitter.com/SinghSoodeep/status/1702071866750390512
# Reference: https://www.zscaler.com/blogs/security-research/peek-apt36-s-updated-arsenal
# Reference: https://www.virustotal.com/gui/ip-address/153.92.220.59/relations
# Reference: https://otx.alienvault.com/pulse/65081462b23b4d1d7d561645

http://134.209.159.9
http://64.227.138.127
http://64.227.133.222
103.2.232.82:8081
admin-br.in
admin-dept.in
admin-desk.in
adminbr.in
admincell.in
admindept.in
admindesk.in
adminsec.in
apkzones.com
baseuploads.com
ccmsnew.in
civillist.in
coordbr.in
coordbranch.in
cs1.in
e0ffice.in
email9ov.in
govdopt.in
indiauc.com
ndcdelhi.in
pcdapune.in
rsbpunjab.in
sapcs.in

# Reference: https://twitter.com/0xrb/status/1702542474911371578
# Reference: https://www.virustotal.com/gui/file/0decd978542b52e4fe2cca7f540887ed097e972264306afada649b7965c36bfe/detection
# Reference: https://www.virustotal.com/gui/file/3c31ac10af1a3273041d897bfa25f0ceed2949f2f672d8d95ea4ccfe96d37e50/detection
# Reference: https://www.virustotal.com/gui/file/8fec0edf8264b4aae46e448d81bd8f29246f6dcd150ec89a2ea0f34764c4fa5d/detection

64.188.25.43:16868
64.188.25.43:20851
64.188.25.43:26150
64.188.25.43:30486
64.188.25.43:6816

# Reference: https://www.sentinelone.com/labs/capratube-transparent-tribes-caprarat-mimics-youtube-to-hijack-android-phones/
# Reference: https://www.virustotal.com/gui/file/f2d43369016b6c106f07cb214afdfb9807b808fc5fe6fd6cf7a6405271cafdd5/detection
# Reference: https://www.virustotal.com/gui/file/c3776e1e1b82e3e07fd94b7b9090d29c3410371c0d61d27301d38daf4a1f2c4d/detection
# Reference: https://www.virustotal.com/gui/file/c3776e1e1b82e3e07fd94b7b9090d29c3410371c0d61d27301d38daf4a1f2c4d/detection
# Reference: https://www.virustotal.com/gui/file/9fdbe6f05d2ce4baa7819a0789caa3b49a835093193370ba49bdc4dfd4d9c7c7/detection
# Reference: https://www.virustotal.com/gui/file/8cb542f5793279b8a11af28e9352f41d400856a28e40ed1daa323b47f9ea3e3c/detection
# Reference: https://www.virustotal.com/gui/file/2259c89d2c5e1d8324f075135b03492f393860b9911855e84f50ed6b3699ac4d/detection

209.127.19.241:10284
95.111.247.73:18892
newsbizshow.net
ptzbubble.shop

# Reference: https://twitter.com/suyog41/status/1683440871260188672
# Reference: https://www.virustotal.com/gui/file/bdee4edbe7adf842b519a47d964e64b219700b2ba1d7faf4b899e34bd63006b7/detection
# Reference: https://www.virustotal.com/gui/file/bbe0fa619435a89b6c054d9ef84574e05cb1ae76dd707d6c27155bf6951a01e5/detection

6jxbmkpe.torontobotdns.com
8tqxpf27.torontobotdns.com
cangpeitaoke.oss-cn-hangzhou.aliyuncs.com

# Reference: https://twitter.com/suyog41/status/1704368376456610172
# Reference: https://www.virustotal.com/gui/file/4662be09fce319b69ed4365e2e4fb3654ae9f597bb060cf2a0cc8b567f445848/detection

http://151.236.218.158

# Reference: https://twitter.com/0xrb/status/1704827410695528554
# Reference: https://www.virustotal.com/gui/file/e34a7a3f2204fb292b2c9a9d5526f440ba6b31cf0bc8171d2874f25d372b8774/detection

162.245.190.24:10108
162.245.190.24:16197
162.245.190.24:18968
162.245.190.24:20103
162.245.190.24:26784

# Reference: https://twitter.com/ginkgo_g/status/1711284161712124079
# Reference: https://www.virustotal.com/gui/file/a833dbdc5c2113da51bf778351834682bc6220461394050e04592cd9096e0aba/detection
# Reference: https://www.virustotal.com/gui/file/2110af4e9c7a4f7a39948cdd696fcd8b4cdbb7a6a5bf5c5a277b779cc1bf8577/detection

162.245.191.217:15198
162.245.191.217:17818
162.245.191.217:27781
162.245.191.217:29224
162.245.191.217:9149
210.115.11.107:15198
210.115.11.107:17818
210.115.11.107:27781
210.115.11.107:29224
210.115.11.107:9149

# Reference: https://twitter.com/suyog41/status/1713820527209680985
# Reference: https://www.virustotal.com/gui/file/435f3d02d94628698034f511e5e25f5996a977b6094e28f787e470a671d2f6a3/detection
# Reference: https://www.virustotal.com/gui/file/ba77adcff701f6c6116a6be12d127f43b82c7229c1bb6a172f9b8b2f25c91f70/detection
# Reference: https://www.virustotal.com/gui/file/60fbdc3d9404f9577848e5fc9137df0d63186d250ce132df5e1ef89f4ff3fca0/detection

mazagondoc.com
vocport.com
/khalistanLeaderprotest

# Reference: https://twitter.com/k3yp0d/status/1716386958253985927
# Reference: https://twitter.com/k3yp0d/status/1721490170027839638
# Reference: https://twitter.com/suyog41/status/1721762652366454788
# Reference: https://twitter.com/d1spat0h/status/1730106955195363573
# Reference: https://www.virustotal.com/gui/ip-address/162.241.85.104/relations
# Reference: https://www.virustotal.com/gui/file/32c629af8f602f18b9bf4b557e9ecf6cfd81c62dc1fa103e269a3fa1e7233526/detection
# Reference: https://www.virustotal.com/gui/file/47358f1f45fcf25b33d79ebf23770afd5cf6217fd58b44a87e9ff62db8c703a1/detection
# Reference: https://www.virustotal.com/gui/file/6beaf25f0fbe83e64d5f5271a1ed5320f8d8740c468f072d93e29e482cb0ec6f/detection
# Reference: https://www.virustotal.com/gui/file/324ab6f36d61a5a89992a267271f2b433e1cd595a54e262e04f91c0230c4be23/detection

185.213.27.94:8080
185.213.27.94:9813
inniaromas.com
masterrealtors.in
sunfireglobal.in
basicdailywork.webhop.me

# Reference: https://twitter.com/suyog41/status/1716709552543162496
# Reference: https://www.virustotal.com/gui/file/fa6aa00418f7c7e2c8c840f89acee25dac55e0623e7e5e6641880ffa3dd161ec/detection

tx.welxin.cn

# Reference: https://twitter.com/ginkgo_g/status/1719193143785259030
# Reference: https://www.virustotal.com/gui/file/29465f87bd3e6731668f3d3020924db55dae04d8cec335088d49072013900685/detection
# Reference: https://www.virustotal.com/gui/file/6935999ee4b2f88cf74ec299c24a212a2c4b0f95105fb773e920d88153eab3c3/detection

207.180.192.77:6023
futureuniform.ca/wp/wp-content/files/01/

# Reference: https://twitter.com/ginkgo_g/status/1720277345876262975
# Reference: https://www.virustotal.com/gui/file/fa48fbe37d6172bfb3c3bda961c7024ec41f5c3b2bbe0decd9dbf34f15127db1/detection

185.187.235.185:8896

# Reference: https://twitter.com/k3yp0d/status/1722213819681017947
# Reference: https://www.seqrite.com/blog/sidecopys-multi-platform-onslaught-leveraging-winrar-zero-day-and-linux-variant-of-ares-rat/
# Reference: https://www.virustotal.com/gui/file/5893b58d6a6a772f8ecd491a4dace11007fd1aac90e5f4a0363288d1376e1ce5/detection

207.180.220.55:8015
38.242.149.89:9828
elfinindia.com
occoman.com

# Reference: https://twitter.com/k3yp0d/status/1722217627328897057
# Reference: https://www.virustotal.com/gui/file/00fed27ac3b5b4703266c15f43841ab2cb8e85f61f790c51c1fb019ec4295ecf/detection

185.217.125.195:7208

# Reference: https://twitter.com/StopMalvertisin/status/1722948447689695235
# Reference: https://www.virustotal.com/gui/file/a0632cecfd478fbef1a69daae3d760041c6af2cc88965633d3837e076793cc82/detection

64.188.21.202:6826
tugpisacrev.com

# Reference: https://twitter.com/0xrb/status/1729787008954819065
# Reference: https://twitter.com/PrakkiSathwik/status/1729915833886085136
# Reference: https://www.virustotal.com/gui/ip-address/64.188.13.140/detection

64.188.13.140:18917
64.188.13.140:9649

# Reference: https://twitter.com/BaoshengbinCumt/status/1740666203679732077
# Reference: https://www.virustotal.com/gui/ip-address/195.35.38.44/relations

zomatofoods.info

# Reference: https://twitter.com/ginkgo_g/status/1719193850395369545
# Reference: https://www.virustotal.com/gui/file/9645299e58c7521d811fbdcdbd57db45160191db7c7b73eae5d97e4530136da8/detection

38.242.220.166:9012
rockwellroyalhomes.com
/api/root_149371139681480/hello
/api/root_168683512566649/hello
/api/root_149371139681480/upload
/api/root_168683512566649/upload
/api/root_149371139681480/
/api/root_168683512566649/

# Reference: https://www.virustotal.com/gui/file/61b898f4254d8c6d3d375584a1109367f9e86d221e2d404bf6768fb81b1b48b5/detection

161.97.151.220:7015
/api/root_36854582802642/hello
/api/root_36854582802642/upload
/api/root_36854582802642/

# Reference: https://twitter.com/PrakkiSathwik/status/1742161478021743080
# Reference: https://www.virustotal.com/gui/file/03888813079d01e1ba2d2675cf35724e529d58a78b9efd8161c746e8e33c643d/detection
# Reference: https://www.virustotal.com/gui/file/35eeba173fb481ac30c40c1659ccc129eae2d4d922e27cf071047698e8d95aea/detection

164.68.127.81:8149
riddhifoods.in
/api/root_228574257745523/hello
/api/root_228574257745523/upload
/api/root_228574257745523/

# Reference: https://twitter.com/h2jazi/status/1745544900106424336
# Reference: https://www.virustotal.com/gui/file/51a372fee89f885741515fa6fdf0ebce860f98145c9883f2e3e35c0fe4432885/detection

clawsindia.in

# Reference: https://twitter.com/Cyberteam008/status/1746030429856235837
# Reference: https://www.virustotal.com/gui/ip-address/142.11.216.84/relations
# Reference: https://www.virustotal.com/gui/ip-address/31.220.103.127/relations

govn-in.site
email.govn-in.site

# Reference: https://twitter.com/ginkgo_g/status/1753326069359460471
# Reference: https://www.virustotal.com/gui/file/e87978f0af9bb550ab4686a7d3657e6cbfd92347744dfce8ff2321781ac2eee0/detection
# Reference: https://www.virustotal.com/gui/file/c59b2d6a70bc5b84998aebb2d21241a8adef33724838e92db4dee36a1ce46f43/detection

164.68.122.64:11128
164.68.122.64:18187
164.68.122.64:19986
164.68.122.64:25123
164.68.122.64:27684
mus09.duckdns.org

# Reference: https://twitter.com/Cyberteam008/status/1757378890631406027
# Reference: https://www.virustotal.com/gui/ip-address/74.50.94.41/relations

casedetail.info
casedetails.info
casesnews.info
casesreports.info
corruptioncase.info
corruptioncasedetails.info
corruptioncases.in
detailscases.info
detailsreport.info
harassmentcases.info
reportdetail.info
reportsdetail.info
supoortwindownlinux.cyou
mfa.gov.ir.corruptioncase.info
mod.gov.in.harassmentcases.info
nia.gov.in.casedetail.info
nia.gov.in.casedetails.info
nia.gov.in.casesnews.info
nia.gov.in.casesreports.info
nia.gov.in.detailscases.info
nia.gov.in.detailsreport.info
nia.gov.in.reportsdetail.info

# Reference: https://twitter.com/PrakkiSathwik/status/1770447142357741737

164.68.102.44:6663
164.68.102.44:9828

# Reference: https://twitter.com/PrakkiSathwik/status/1771846752489841135
# Reference: https://www.virustotal.com/gui/ip-address/162.241.85.104/relations
# Reference: https://www.virustotal.com/gui/domain/smokeworld.in/relations

joyworld.in
joyworldjw.in
maidmart.in
smokeworld.in
whm.maidmart.in

# Reference: https://twitter.com/Cyberteam008/status/1770748710567153783
# Reference: https://pastebin.com/058WtrX2

http://176.57.189.202
http://185.161.208.100
http://185.20.184.6
http://193.42.33.59
http://45.12.253.35
http://45.66.230.167
http://66.23.229.245
http://79.110.48.64
http://91.92.241.198
http://91.92.252.90
176.57.189.202:443
185.161.208.100:443
185.20.184.6:443
193.42.33.59:443
45.12.253.35:443
45.66.230.167:443
66.23.229.245:443
79.110.48.64:443
91.92.241.198:443
91.92.252.90:443
case-detail.info
casereported.info
harassmentcase.info
preventivemeasures.info
publicationsinfo.cyou
in.casereported.info
gov.in.casereported.info
ddp.gov.in.case-detail.info
dod.gov.in.publicationsinfo.cyou
mail.harassmentcase.info
mod.gov.in.casereported.info
mod.gov.in.harassmentcase.info
mod.gov.in.preventivemeasures.info
mod.gov.in.reportcases.info

# Reference: https://twitter.com/Cyberteam008/status/1773208866441851277

awarenessprogram.info
casesdetails.info
casesreport.info
harassmentcases.cyou
csk.gov.in.awarenessprogram.info
gov.in.awarenessprogram.info
gov.in.casesdetails.info
gov.in.casesreport.info
gov.in.harassmentcases.cyou
mod.gov.in.casesdetails.info
mod.gov.in.casesreport.info
modgov.in.casesreport.info
nia.gov.in.case-detail.info
nia.gov.in.harassmentcases.cyou

# Reference: https://app.validin.com/detail?find=casesdetail.info&type=dom#tab=subdomains

casesdetail.info
gov.in.casesdetail.info
in.casesdetail.info
mod.gov.in.casesdetail.info
nia.gov.in.casesdetail.info
niagov.in.casesdetail.info

# Reference: https://app.validin.com/detail?find=casesdetails.cyou&type=dom#tab=subdomains

casesdetails.cyou
gov.in.casesdetails.cyou
in.casesdetails.cyou
nia.gov.in.casesdetails.cyou

# Reference: https://twitter.com/MichalKoczwara/status/1774454226044817798

casereport.cyou
casereports.cyou
casereports.info
casesreported.info
cbi.gov.in.casereport.cyou
dgqa.gov.in.casereport.cyou
gov.in.casereport.cyou
gov.in.casereports.cyou
gov.in.casereports.info
gov.in.casesreported.info
mea.gov.in.casereports.info
mod.gov.in.casereport.cyou
mod.gov.in.casesreported.info
nia.gov.in.casereport.cyou
nia.gov.in.casereports.cyou

# Reference: https://www.virustotal.com/gui/ip-address/198.54.116.114/relations
# Reference: https://www.virustotal.com/gui/ip-address/79.110.62.89/relations

accountsinfo.site
in.accountsinfo.site
gov.in.accountsinfo.site
dod.gov.in.accountsinfo.site
mail.gov.in.accountsinfo.site
kavach.mail.gov.in.accountsinfo.site

# Reference: https://app.validin.com/detail?type=dom&find=harassmentreports.info#tab=subdomains

harassmentreports.info
in.harassmentreports.info
gov.in.harassmentreports.info
mod.gov.in.harassmentreports.info

# Reference: https://twitter.com/Cyberteam008/status/1774723849403449523
# Reference: https://www.virustotal.com/gui/ip-address/68.65.121.178/relations

aiapplication.chat
in.aiapplication.chat
gov.in.aiapplication.chat
drdo.gov.in.aiapplication.chat

# Reference: https://twitter.com/Cyberteam008/status/1775469548566937667
# Reference: https://twitter.com/bofheaded/status/1775527176710099220
# Reference: https://www.virustotal.com/gui/ip-address/35.154.100.195/relations
# Reference: https://www.virustotal.com/gui/ip-address/52.66.136.7/relations

caselist.vip
cbigov-in.cc
cbigov-in.com
cbigov-in.net
cbigov-in.site
dailycourt.in
mainscigv.in
scigovt-in.cc
api.caselist.vip
api.cbigov-in.com
casedetails.dailycourt.in
sci.goovv.in
scigovt.caselist.vip
main.sci.goovv.in

# Reference: https://twitter.com/Cyberteam008/status/1775485100534423613
# Reference: https://www.virustotal.com/gui/ip-address/118.107.41.11/relations

caseinfo.in
caseinspection.in
caselist.in
caselists.top
casesubmit.in
caseterms.in
courtdelhi.in
courtpublic.in
judicature.in
justiceorder.in
scigovt.in
ad.caselist.in
api.caseinfo.in
api.caselist.in
api.caselists.top
api.caseterms.in
api.justiceorder.in
scigovt.caseinfo.in
scigovt.caseinspection.in
scigovt.caselist.in
scigovt.caselists.top
scigovt.casesubmit.in
scigovt.caseterms.in
scigovt.courtdelhi.in
scigovt.courtpublic.in
scigovt.judicature.in
scigovt.justiceorder.in
scigovt.maincases.in
scigovt.supremeorders.in
supreme.scigovt.in
supremeorders.in
main.scigovt.maincases.in
main.supreme.scigovt.in

# Reference: https://www.virustotal.com/gui/ip-address/13.126.2.62/relations
# Reference: https://www.virustotal.com/gui/ip-address/172.67.134.15/relations

detailscheck.in
reportstatus.in
api.detailscheck.in
api.reportstatus.in
scigovt.detailscheck.in
scigovt.reportstatus.in

# Reference: https://app.validin.com/detail?find=casedetails.in&type=dom#tab=subdomains

casedetails.in
api.casedetails.in

# Reference: https://www.virustotal.com/gui/ip-address/172.67.217.169/relations

scigv.in
cbins.scigv.in

# Reference: https://twitter.com/Cyberteam008/status/1777531938552914291
# Reference: https://www.virustotal.com/gui/ip-address/91.225.217.103/relations

check-suspicious-activity-on-account.support
in.check-suspicious-activity-on-account.support
gov.in.check-suspicious-activity-on-account.support
cert-in.org.in.check-suspicious-activity-on-account.support
mail.gov.in.check-suspicious-activity-on-account.support
kavach.mail.gov.in.check-suspicious-activity-on-account.support

# Reference: https://twitter.com/PrakkiSathwik/status/1778300773912231966

vparking.online

# Reference: https://www.virustotal.com/gui/file/02f409e239ceeb38adf50bd878b7479c341752f3a37469a4735caefffafcc1f1/detection

ivinfotech.com

# Reference: https://twitter.com/PrakkiSathwik/status/1778392598421332212
# Reference: https://www.virustotal.com/gui/file/a9dce1db2cc56d9ea3ad6c1a53f42d43564ff042c48342f22082ffeb5037cde9/detection
# Reference: https://www.virustotal.com/gui/file/500502342f3d4fee9a415798af83e1d63129d70034b4b269a649ee275f08f5ac/detection
# Reference: https://www.virustotal.com/gui/file/cb2ba7b9aedb38a6ae248e9f54ccce781b62829b3670238268e6e942571bdcdd/detection

204.44.124.134:15597
204.44.124.134:18518
204.44.124.134:26791
204.44.124.134:28329
204.44.124.134:9149

# Reference: https://twitter.com/Cyberteam008/status/1778648573967847710
# Reference: https://www.virustotal.com/gui/file/a2d1e37fac01d2f72e51181b2e79ecfda2c6569346c5d67dc8af6c772cfe236f/detection
# Reference: https://www.virustotal.com/gui/file/3925dd34feb2d1b3eb24cb07564b0e2a2d81722a3891b4c7379d2f0c7a04f182/detection

162.245.191.214:909
176.107.182.55:909
juichangchi.online

# Reference: https://www.virustotal.com/gui/file/bc7fe650362c72b8de1fb2235d2607ac90eec14fe165151210ba96115959dd04/detection

155.94.209.4:8888

# Reference: https://www.seqrite.com/blog/pakistani-apts-escalate-attacks-on-indian-gov-seqrite-labs-unveils-threats-and-connections/

155.94.209.4:33678
155.94.209.4:9009
176.107.182.55:121
176.107.182.55:65
176.107.182.55:67

# Reference: https://twitter.com/Cyberteam008/status/1786247582005793091
# Reference: https://pastebin.com/KpS9FG8L

http://78.40.117.141
http://78.40.117.194
http://78.40.117.207
http://78.40.117.208
http://78.40.117.98
78.40.117.141:443
78.40.117.194:443
78.40.117.207:443
78.40.117.208:443
78.40.117.98:443
detailedcases.info
detailedreport.info
reportedcase.info
reportedcases.info
gov.in.detailedcases.info
gov.in.detailedreport.info
gov.in.reportedcase.info
gov.in.reportedcases.info
in.detailedcases.info
in.detailedreport.info
in.reportedcase.info
in.reportedcases.info
mod.gov.in.detailedcases.info
mod.gov.in.detailedreport.info
mod.gov.in.reportedcase.info
mod.gov.in.reportedcases.info

# Reference: https://twitter.com/ginkgo_g/status/1789235055417843988
# Reference: https://www.virustotal.com/gui/file/bc1acdca196f1ff72722243be2afe1429b88122afb9d4852d6d6e57689411d3d/detection
# Reference: https://www.virustotal.com/gui/file/81038a217237afd16d80da7fc9219cbd145f9698bb512e2b625559a47ba73fec/detection
# Reference: https://www.virustotal.com/gui/file/d777bcb6fba73faf96cb422383404c3b81a8afa5aebbc8ed70076081de7daa0c/detection
# Reference: https://www.virustotal.com/gui/file/116589b0ef0a11f5012ea80cfbcd8bcbe85116e515a05f77e2b86e533cad5ba4/detection

64.188.27.144:5863
reviewassignment.in
reviewassignment.online
checkdailytips.servehttp.com

# Reference: https://twitter.com/PrakkiSathwik/status/1789619166460178694

62.169.30.39:6660
62.169.30.39:7884
springfielduniversity.info

# Reference: https://twitter.com/PrakkiSathwik/status/1789989542621004049

84.247.170.237:8080
84.247.170.237:9813
ddbl.co.uk/js/files/autz/ctr/

# Reference: https://twitter.com/Cyberteam008/status/1790334538436194622

reportdetails.info
in.reportdetails.info
gov.in.reportdetails.info
mod.gov.in.reportdetails.info

# Reference: https://twitter.com/Jane_0sint/status/1714636442482176274
# Reference: https://app.any.run/tasks/4c9948bb-9599-4fd7-9d30-c2e2ed685741/
# Reference: https://www.virustotal.com/gui/file/fa86b5bc5343ca92c235304b8dcbcf4188c6be7d4621c625564bebd5326ed850/detection
# Reference: https://www.virustotal.com/gui/file/c328cec5d6062f200998b7680fab4ac311eafaf805ca43c487cda43498479e60/detection
# Reference: https://www.virustotal.com/gui/file/6ffed1bb706a5eb205294f9287a9182d71e293b3b131415bfbe24b99e28ccd67/detection

38.242.149.89:61101

# Reference: https://x.com/DmitriyMelikov/status/1793346094048461014
# Reference: https://blogs.blackberry.com/en/2024/05/transparent-tribe-targets-indian-government-defense-and-aerospace-sectors
# Reference: https://www.virustotal.com/gui/file/320a792ff9efcdaf56bdc828d0b352221f3e3c0f89192e17648768aa9f51dff7/detection
# Reference: https://www.virustotal.com/gui/file/544f7462dc0d61491b7502df6836692dff680a6a562ba2d8b81c127c355be840/detection
# Reference: https://www.virustotal.com/gui/file/f516c70f9c52aa2ed7ed14e87435d9b13ef1f1b3a9ae9651b14afb935a359f63/detection

admincoord.in
apsdelhicantt.in
awesindia.online
certdehli.in
coordoffice.in
coordsec2.in
emailnic-tech.email
eoffice-sparrow.online
estbsec.in
esttsec.in
infosec2.in
publicinfo.in
secy-org.in
tensupports.com
tpt123.com
twff247.cloud
warfarestudies.in
winp247.cloud
zedcinema.com
files.tpt123.com

# Reference: https://x.com/ValidinLLC/status/1793379580117745788
# Reference: https://www.virustotal.com/gui/ip-address/158.220.93.96/relations

aaloochaat.com
supportuploads.info
tensupports.com
zedcinema.com
zedsinema.com

# Reference: https://x.com/suyog41/status/1793547347877892448
# Reference: https://x.com/Cyberteam008/status/1795715878228832263
# Reference: https://www.virustotal.com/gui/file/dde5bae636602527eda591be7e45510996c2e56ad51ea7f61d3932a9a388647e/detection
# Reference: https://www.virustotal.com/gui/file/eb0b75756287fb3038fbcd2cc4cd261ec83dd8fd0fca3acabb12d4565ba8cddd/detection
# Reference: https://www.virustotal.com/gui/file/6bcc3e6c23017d7246352c2db0eb13bde264a7252a3ec6ae6e44714c1cbbd970/detection

104.223.106.8:11248
94.72.105.227:11248
94.72.105.227:16896
waqers.duckdns.org

# Reference: https://x.com/PrakkiSathwik/status/1795075152343908743
# Reference: https://x.com/PrakkiSathwik/status/1795082594037469349
# Reference: https://www.virustotal.com/gui/file/d0aef9bd02b6dfdaf6e71a485057728b55c8336391f1fbaa414d06f66c593329/detection

66.63.163.148:10168
66.63.163.148:12258
66.63.163.148:14267
66.63.163.148:16686
66.63.163.148:34153
qheelsec.duckdns.org

# Reference: https://x.com/PrakkiSathwik/status/1797634685302178167
# Reference: https://www.virustotal.com/gui/file/708e5d06a457bba1adb5b4cf81214ea4c7f73a813c86c0d2cec99ba54968f228/detection

162.218.122.3:12228
162.218.122.3:16897
162.218.122.3:18986
162.218.122.3:22665
162.218.122.3:26823
govsec.duckdns.org

# Reference: https://x.com/Cyberteam008/status/1798902051793174567
# Reference: https://www.virustotal.com/gui/ip-address/185.196.10.80/relations

investigationreport.info
reportscases.info
gov.in.investigationreport.info
gov.in.reportscases.info
in.investigationreport.info
in.reportscases.info
mod.gov.in.reportscases.info
nia.gov.in.investigationreport.info

# Reference: https://x.com/PrakkiSathwik/status/1799103555619672315
# Reference: https://www.virustotal.com/gui/file/2e8e1a221ed40614d1d1f28c6d37e1f3991169967aadab0ccb4e7756ec77bcbe/detection

utkalsevasamitikanjurmarg.in/assets/
windowupdatecache.in
defender.windowupdatecache.in
utkalsevasamitikanjurmarg.in.aintssa.in/assets/

# Reference: https://x.com/Cyberteam008/status/1800351661837390076
# Reference: https://x.com/akaclandestine/status/1800651122291478530
# Reference: https://pastebin.com/x13K7XWC

http://152.42.162.105
http://161.35.207.209
http://165.22.221.71
http://178.128.166.148
marketing11.porcmtecnologia.com
segmail54.laonwona.com

# Reference: https://x.com/PrakkiSathwik/status/1800933629012447376
# Reference: https://www.virustotal.com/gui/ip-address/84.247.170.237/relations
# Reference: https://www.virustotal.com/gui/file/e7d7d45677d1552950f74dbb72f214995382baaffea9465da1a412108210335d/detection
# Reference: https://www.virustotal.com/gui/file/683c61f8dda90ea3b1e76f2ff5ad78dc03ebe3827d56536988a9c5e4490eabd2/detection

84.247.170.237:4858
dipl.site
supplyprodaily.servehttp.com

# Reference: https://x.com/Cyberteam008/status/1806529081732694202
# Reference: https://pastebin.com/w0F6pVa7
# Reference: https://www.virustotal.com/gui/ip-address/154.12.41.46/relations
# Reference: https://www.virustotal.com/gui/file/6724ab0e718cd422dd2d2bf6a3244996cc35000253ea725dfbe474901e4279c7/detection

34667.fun
56184.fun
78990.fun
89204.fun
88c.34667.fun
903.78990.fun
9123.89204.fun
cbigovin.site
cbigovin.top
cbigovins.site
cbigovins.top

# Reference: https://www.sentinelone.com/labs/capratube-remix-transparent-tribes-android-spyware-targeting-gamers-weapons-enthusiasts/
# Reference: https://www.virustotal.com/gui/file/5cc20a3be2265c52eccf36a6d0a8d0a0fd90ab2cb6d7c65204ef2c487e38a8c3/detection
# Reference: https://www.virustotal.com/gui/file/7f981fc12dcb4621ac2a8c4f3882d24f113ac98fe4fb24207743ae24be762978/detection
# Reference: https://www.virustotal.com/gui/file/9f12f0bf13ff9a15e65065bc1fd95cdacb0072e0765aa781c920cfdd3506bde6/detection
# Reference: https://www.virustotal.com/gui/file/a1836f86daa774e0c9718343dbc2466c4851b86631dfd199e39a656404c237ac/detection

173.212.206.227:18582
173.249.50.243:18582

# Reference: https://x.com/ValidinLLC/status/1810978537517494672

casesreported.cc
incidentreports.info
incidentsreports.info
in.casesreported.cc
in.incidentreports.info
in.incidentsreports.info
gov.in.casesreported.cc
gov.in.incidentreports.info
gov.in.incidentsreports.info
nia.gov.in.casesreported.cc
nia.gov.in.incidentreports.info
nia.gov.in.incidentsreports.info

# Reference: https://x.com/ValidinLLC/status/1810980371850265046

danidns.com
deputation.info
hqrihq.cc
niapublication.cyou
niapublications.cyou
reportcases.info
reportsdetail.cyou
in.danidns.com
in.deputation.info
in.hqrihq.cc
in.niapublication.cyou
in.niapublications.cyou
in.reportcases.info
in.reportsdetail.cyou
gov.in.danidns.com
gov.in.deputation.info
gov.in.hqrihq.cc
gov.in.niapublication.cyou
gov.in.niapublications.cyou
gov.in.reportcases.info
gov.in.reportsdetail.cyou
nia.gov.in.danidns.com
nia.gov.in.deputation.info
nia.gov.in.hqrihq.cc
nia.gov.in.niapublication.cyou
nia.gov.in.niapublications.cyou
nia.gov.in.reportcases.info
nia.gov.in.reportsdetail.cyou
nia2.broadwayinfotech.net.au
nia4.broadwayinfotech.net.au

# Reference: https://x.com/Cyberteam008/status/1814126506899325309
# Reference: https://www.virustotal.com/gui/file/7ae13cf9080a0903670e6e6371d3625e3852b1a03bddebac68aa3b91a13ba0bf/detection

googleservices.live
/dakshf_upload.php

# Reference: https://x.com/PrakkiSathwik/status/1813934519231357159
# Reference: https://www.virustotal.com/gui/file/0993c7d97646641c7685000a045fbf04ac90568b3b785cdcb40522d5f9654a75/detection

66.154.103.133:11248
66.154.103.133:16896
66.154.103.133:18868
66.154.103.133:22245
66.154.103.133:26424
suwaq.duckdns.org

# Reference: https://x.com/NSFOCUS_Intl/status/1816009178298868140
# Reference: https://x.com/ValidinLLC/status/1816159394494660832
# Reference: https://www.virustotal.com/gui/ip-address/111.90.156.191/relations
# Reference: https://www.virustotal.com/gui/ip-address/179.43.170.230/relations
# Reference: https://www.virustotal.com/gui/ip-address/78.40.117.194/relations
# Reference: https://nsfocusglobal.com/transparenttribes-spear-phishing-targeting-indian-government-departments/

64.188.21.202:18828
64.188.21.202:22821
64.188.21.202:28120
confidentialreports.info
meacases.report
in.confidentialreports.info
in.meacases.report
gov.in.confidentialreports.info
gov.in.meacases.report
mea.gov.in.confidentialreports.info
mea.gov.in.meacases.report

# Reference: https://www.virustotal.com/gui/ip-address/198.187.31.100/relations

onedrive-storage.in
in.onedrive-storage.in
gov.in.onedrive-storage.in
mea.gov.in.onedrive-storage.in

# Reference: https://x.com/PrakkiSathwik/status/1816500997457375424
# Reference: https://www.virustotal.com/gui/file/ac63594e5040fc6a001791ef4a67f0de4ff7a2991cb99095733ce7067abf6948/detection
# Reference: https://www.virustotal.com/gui/file/69424ccb2129cc51348f4fe5e39b746c68190773ea4bb55e812808a1d0de65e9/detection
# Reference: https://www.virustotal.com/gui/file/5bfb024d5323b715db6c27ac59b768ed7df94d4e07dbc5aec2770edfdcf4c8d8/detection

http://157.245.100.177
http://159.223.224.93
http://159.65.146.80
http://165.232.177.53

# Reference: https://www.seqrite.com/blog/umbrella-of-pakistani-threats-converging-tactics-of-cyber-operations-targeting-india/

http://149.28.95.195
campusportals.in

# Reference: https://x.com/ValidinLLC/status/1819072543850221625
# Reference: https://x.com/raghav127001/status/1835203246480408951
# Reference: https://app.validin.com/detail?type=ip&find=185.196.9.113#tab=resolutions

aboutcase.nl
army.aboutcase.nl
in.aboutcase.nl
in.army.aboutcase.nl
gov.in.aboutcase.nl
gov.in.army.aboutcase.nl
mod.gov.in.aboutcase.nl
mod.gov.in.army.aboutcase.nl

# Reference: https://x.com/ValidinLLC/status/1819074034526548244
# Reference: https://x.com/Cyberteam008/status/1819226280509747419
# Reference: https://www.virustotal.com/gui/ip-address/78.40.117.194/relations

armycases.report
updater-cloud.us
in.armycases.report
gov.in.armycases.report
mea.gov.in.armycases.report
mod.gov.in.armycases.report

# Reference: https://x.com/k3yp0d/status/1822511399337165225
# Reference: https://www.zscaler.com/blogs/security-research/apt-36-uses-new-ttps-and-new-tools-target-indian-governmental-organizations
# Reference: https://www.virustotal.com/gui/file/9393842b3738281fb1d200fdb1ac328157e7d70e571f94533c7e18a8f7234bce/detection

185.137.122.247:3389
get-kavach.in
getkavach.com
kavach-app.com
kavachdownload.in
kavachguide.com
kavachsupport.com
/C2L!Dem0&PeN/A@llPack3Ts/Cert.php

# Reference: https://x.com/TIntel2255/status/1822978019478454652
# Reference: https://x.com/Malwar3Ninja/status/1823043571383173444
# Reference: https://x.com/Malwar3Ninja/status/1823043724156559526

aboutcase.nl
admin-mcas-df.ms
admin-mcas.ms
crsorgi-goy.in
mcas-df.ms
orgi.live
in.aboutcase.nl
in.admin-mcas-df.ms
in.admin-mcas.ms
in.crsorgi-goy.in
in.mcas-df.ms
in.mcas.ms
in.orgi.live
gov.in.admin-mcas-df.ms
gov.in.admin-mcas.ms
gov.in.crsorgi-goy.in
gov.in.mcas-df.ms
gov.in.mcas.ms
gov.in.orgi.live
nic.in.aboutcase.nl
nic.in.admin-mcas-df.ms
nic.in.admin-mcas.ms
nic.in.mcas-df.ms
nic.in.mcas.ms
amssdelhi.gov.in.admin-mcas-df.ms
amssdelhi.gov.in.admin-mcas.ms
amssdelhi.gov.in.mcas-df.ms
amssdelhi.gov.in.mcas.ms
crsorgi.gov.in.crsorgi-goy.in
crsorgi.gov.in.orgi.live
indiacode.nic.in.admin-mcas-df.ms
indiacode.nic.in.admin-mcas.ms
indiacode.nic.in.mcas-df.ms
indiacode.nic.in.mcas.ms
indianarmy.nic.in.aboutcase.nl
sebi.gov.in.admin-mcas-df.ms
sebi.gov.in.admin-mcas.ms
sebi.gov.in.mcas-df.ms
sebi.gov.in.mcas.ms

# Reference: https://x.com/Huntio/status/1823470041624666376

indiagstgov.org
services.indiagstgov.org

# Reference: https://x.com/Malwar3Ninja/status/1825115113361420548

ashifdigitalseva.xyz
birthdeath.in
counciling.com
gov-certificate.com
nbssedelhi.org
nimsme.org
verifycertificate.info
viewss.click

# Reference: https://x.com/k3yp0d/status/1825505181951316093
# Reference: https://www.virustotal.com/gui/file/de0edf22fbd5758ca9118e029802c09f8394abea3b58af4446611529b9bb2a9b/detection
# Reference: https://www.virustotal.com/gui/file/c12708e6829d7207b16a4fccf65ed05758c676cd70d3e9746c375f5d27bff501/detection

157.173.198.190:15124
swachbharat.xyz

# Reference: https://x.com/PrakkiSathwik/status/1826238464222011661
# Reference: https://www.virustotal.com/gui/file/18ade2d13833dc1054e0d16ad03f56bb2f67b3009f178a326d397ec42f4731bf/detection
# Reference: https://www.virustotal.com/gui/file/2019fec607e8955b79d194e1c6408e5c50269dac60b6f5864f36814774713361/detection
# Reference: https://www.virustotal.com/gui/file/5f607374431d77a7398927f45c5d1efc57513250622e23535dbc0a0a0584c3a1/detection

http://138.68.134.123
http://165.232.138.173
http://170.64.132.144
http://64.23.138.81

# Reference: https://x.com/Cyberteam008/status/1827913665539952755
# Reference: https://www.virustotal.com/gui/file/2e6bc46b4a5959dcba2791b68cdb70a938cf974a4153f2ec13390bc8c5761de2/detection
# Reference: https://www.virustotal.com/gui/file/7486ff26c68a4362572accab3308bc81cc45b121b31366173dbc71a4e7fc3af5/detection

154.216.18.90:67
154.216.18.90:909

# Reference: https://x.com/PrakkiSathwik/status/1831368562742882598
# Reference: https://www.virustotal.com/gui/file/7eb32944ecbcf386aeff5b9ac5276b4e8e7280346d9a14faae233a6d16eca852/detection
# Reference: https://www.virustotal.com/gui/file/48b8c5703ff73125cb373b9a05e959ea467038a1391f368a863b7734b92f44ae/detection

http://72.11.156.132
72.11.156.132:5863

# Reference: https://x.com/PrakkiSathwik/status/1833113297278644602
# Reference: https://www.virustotal.com/gui/file/3326ba81b48ab03f7f49d2da70d3bbe4ea0e163d33e7399d528152b7c3da9170/detection

http://143.198.64.151
http://157.245.139.146
http://159.89.165.86
http://206.189.134.185

# Reference: https://app.validin.com/detail?find=%2FC%3D--%2FST%3DSomeState%2FL%3DSomeCity%2FO%3DSomeOrganization%2FOU%3DSomeOrganizationalUnit%2FCN%3Dganditghal.com%2FemailAddress%3Droot%40ganditghal.com&type=raw&ref_id=b03d0e384b6#tab=host_pairs_v2

http://78.40.117.108
http://78.40.117.146
http://78.40.117.168
http://78.40.117.202
http://78.40.117.229
http://78.40.117.244
http://78.40.117.245
http://78.40.117.30
http://78.40.117.37
http://78.40.117.41
http://78.40.117.70
78.40.117.108:443
78.40.117.146:443
78.40.117.168:443
78.40.117.202:443
78.40.117.229:443
78.40.117.244:443
78.40.117.245:443
78.40.117.30:443
78.40.117.37:443
78.40.117.41:443
78.40.117.70:443

# Reference: https://x.com/Cyberteam008/status/1835514106641600734
# Reference: https://x.com/iam_rajhans/status/1835935106734694589
# Reference: https://en.fofa.info/result?qbase64=dGl0bGU9PSJTdXByZW1lIENvdXJ0IG9mIEluZGlhIHwgSW5kaWEi
# Reference: https://app.validin.com/detail?type=raw&find=Supreme+Court+of+India+%7C+India#tab=host_pairs_v2

http://103.231.254.55
http://129.227.206.99
http://198.252.103.101
http://207.148.99.243
http://43.228.125.28
http://45.115.39.3
http://45.115.39.69
http://47.246.50.178
http://47.76.72.16
http://65.2.164.102
http://79.133.176.214
103.231.254.55:443
129.227.206.99:443
198.252.103.101:443
207.148.99.243:443
43.228.125.28:443
45.115.39.3:443
45.115.39.69:443
47.246.50.178:443
47.76.72.16:443
79.133.176.214:443
incicourtgov.com
incourtsci.com
laoy-ajab.top
lx-yindu.top
mfpa.hk
phimp3.com
saxojp.com
sci-dailyorderssecurelogin.in 
scicourtgov.com
scicourtin.com
scidailyordercure-login.in
scigov.cc
scigov.cn
scigov.online
scigovin.com
scigovs.in
scingov.com
scingovin.com
scoi-qov.in
supreme-court-of-india.com
supremejudical.in
yindu4.top
sci.supremejudical.in
api.yindu4.top
test.yindu4.top
43-228-125-28.cprapid.com
mail.43-228-125-28.cprapid.com
mail.cocojojo-pet.com
webmail.cocojojo-pet.com

# Reference: https://x.com/Cyberteam008/status/1835875339425222966
# Reference: https://www.virustotal.com/gui/file/41accf41733ddcd65dc479a0c369f90894870ce10e4410ea2ffa7ce0f51672d9/detection
# Reference: https://www.virustotal.com/gui/file/4f946de9b5ebcc003274ad95125d80a805c5359643074fc6e756a08303d673e5/detection

http://139.59.34.138
http://165.232.180.251

# Reference: https://x.com/malwrhunterteam/status/1836835278348243086
# Reference: https://x.com/StrikeReadyLabs/status/1836841368875835575
# Reference: https://app.validin.com/detail?find=78.40.116.210&type=ip4&ref_id=422094cf4f4#tab=resolutions
# Reference: https://www.virustotal.com/gui/file/5a06b3dc09b3a2c309d0f20536e1a11f168ff76d96d15a3233ede322788ab280/detection

briefreport.nl
casereports.nl
publications.ltd
in.briefreport.nl
in.casereports.nl
in.publications.ltd
gov.in.briefreport.nl
gov.in.casereports.nl
gov.in.publications.ltd
email.gov.in.briefreport.nl
email.gov.in.publications.ltd
jkpolice.gov.in.casereports.nl

# Reference: https://app.validin.com/detail?find=Email%20Web%20Client%20Sign%20In&type=raw&ref_id=fbd42482808#tab=host_pairs_v2

email-gov-in.a5e1.com

# Reference: https://x.com/Cyberteam008/status/1838407864961892569
# Reference: https://x.com/Aarn63373424/status/1838464659428655505
# Reference: https://www.zoomeye.hk/searchResult?q=%22%5Cx0c%5Cx00%5Cx00%5Cx00%5Cx00info%3Dcommand%22&page=2&pageSize=10

134.119.181.142:10443
161.97.119.238:7776
172.245.244.42:14443
198.23.213.44:7778
207.180.245.93:7788
64.188.25.143:8529
75.119.133.15:7788

# Referecne: https://x.com/PrakkiSathwik/status/1839967368493068733
# Reference: https://www.virustotal.com/gui/file/690cb1f68b15a54438509e1ec1ce57bd1c617ce6c429a62a694b85da9c09542c/detection

64.188.21.199:14257
64.188.21.199:16267
64.188.21.199:22682
64.188.21.199:26153
64.188.21.199:6257

# Generic

/h_ttp
/h_tt_p
/htt_p
/h_t_t_p
/h-xmlhttp/
/streamcmd?AV=
/classics/abnormal.php
/classifieds/classifieds.php
/classification/updatecs.php
/Armed-Forces-Spl-Allowance-Order/
/Defence-Production-Policy-2020/
/IMPL_OF_SPL_ALLCE_ORDER/
/ParaMil-Forces-Spl-Allowance-Order/
/mod.gov.in_dod_sites_default_files_Revisedrates/
