# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.malware-traffic-analysis.net/2018/07/05/index.html

desjardinscourriel818654.pw

# Reference: https://app.any.run/tasks/9de1c3d6-745d-4b89-b653-f8f4414a40f1

desjardinsmail6as6545g.pw

# Reference: https://twitter.com/James_inthe_box/status/1099365566928760834
# Reference: https://pastebin.com/C5XYY221
# Reference: https://www.virustotal.com/gui/ip-address/77.83.174.70/relations

http://77.83.174.70
77.83.174.70:2077
thedokatrade.com
highnoon2.com
copylanco.com
glekrg.com

# Reference: https://twitter.com/James_inthe_box/status/1079757827030142976
# Reference: https://www.virustotal.com/gui/ip-address/5.45.73.63/relations

http://5.45.73.63
5.45.73.63:2131
donbwh.com

# Reference: https://twitter.com/BroadAnalysis/status/967357851520897024

http://94.242.198.167
ebalodauna1488.com
printscreens.info

# Reference: https://twitter.com/JAMESWT_MHT/status/927523630778650627

bmwfastcar1337.com

# Reference: https://twitter.com/anyrun_app/status/912276794648272897
# Reference: https://app.any.run/tasks/f1a72d72-2e96-4d8b-9ad7-1f74e162d585

overwbuff.com
http://195.123.211.9
195.123.211.9:13378

# Reference: https://twitter.com/JAMESWT_MHT/status/906086386377379845

pudgenormpers.com

# Reference: https://twitter.com/VK_Intel/status/1135507293573931008
# Reference: https://www.virustotal.com/gui/file/11918aadc1e4942a1e458afab5c10971fb87d84b693b2c31f5497aa289fa20da/detection

176.119.30.142:8765

# Reference: https://twitter.com/VK_Intel/status/1143606935373172736

31.7.62.214:443

# Reference: https://twitter.com/JAMESWT_MHT/status/1166106371403763714

179.43.146.90:443

# Reference: https://twitter.com/James_inthe_box/status/1178692652700590085

http://179.43.159.246

# Reference: https://www.fireeye.com/blog/threat-research/2019/10/head-fake-tackling-disruptive-ransomware-attacks.html
# Reference: https://otx.alienvault.com/pulse/5d9378b8f36a91c436c5f93c

track.amishbrand.com
gnf6.ruscacademy.in
backup.awarfaregaming.com
link.easycounter210.com

# Reference: https://habr.com/ru/company/pt/blog/471960/ (Russian)

185.225.17.66:443

# Reference: https://twitter.com/P3pperP0tts/status/1188946654768091136

http://179.43.146.90

# Reference: https://pastebin.com/iqcg0Ys7

http://185.225.19.35

# Reference: http://broadanalysis4.rssing.com/chan-65366183/latest.php

http://91.243.80.120
http://94.242.198.167
179.43.191.122:2259
31.31.196.204:1488
94.242.198.167:1488
ebalodauna1488.com
printscreens.info

# Reference: https://twitter.com/tkanalyst/status/1196033182694379527

http://103.16.228.173

# Reference: https://twitter.com/VK_Intel/status/1196136022658207750
# Reference: https://www.virustotal.com/gui/ip-address/94.158.245.91/relations

94.158.245.91:1488
ololoev.duckdns.org

# Reference: https://twitter.com/James_inthe_box/status/1199078758298206208

5.181.156.36:1321

# Reference: https://twitter.com/VK_Intel/status/1224647173872193538

gjuauyfhjha.cn
sasggegzui.cn

# Reference: https://twitter.com/JAMESWT_MHT/status/1222152295724593152

103.16.228.173:1488

# Reference: https://app.any.run/tasks/32eeb667-b66b-4dea-b343-ae43941f7b20/

micrdata.com
safuuf7774.pw
wobada.com

# Reference: https://unit42.paloaltonetworks.com/cortex-xdr-detects-netsupport-manager-rat-campaign/
# Reference: https://github.com/pan-unit42/iocs/blob/master/NetSupportManager

http://185.163.45.88
http://94.158.245.182
94.158.245.182:443
unclebillswv.com/verisign.php
firstteamcareer.com/user.php
busyserviceinc.com/webdoc.php
edisonlee.net/maildir.phpq
newtontool.ca/wp-contents.php
brotherselectricco.com/host.php
innovativemasonry.net/hostgator-welcome.php
greenheartmed.org/captcha.php
ultraeventgroup.com/wp-element.php
jnachb.com/wp-comment.php
adroitpmps.com/wp-list.php
ledampenergy.net/wp-comment.php
hostfleek.com/backup.msi
alpinehandlingsystems.com/backup.msi
jintsung.cn
4ourkidsky.com

# Reference: https://twitter.com/killamjr/status/1234547286807584773

http://185.163.45.118

# Reference: https://twitter.com/malwrhunterteam/status/1236215722885464064
# Reference: https://www.virustotal.com/gui/file/870972fabfb6c59f1c3959cea9201d3c4d48756585970de869d063ec69983ab8/detection

http://23.227.207.138
23.227.207.138:12233
browserinstallup.com

# Reference: https://twitter.com/jcarndt/status/1241090163008307206
# Reference: https://app.any.run/tasks/b46069d5-ec22-481e-af2b-c14474978f79/

tardigradeventures.com

# Reference: https://www.virustotal.com/gui/file/1a08a65d4199f08d60644f2aee1182d87f29b36d38257239e5c80965ed65e0d1/detection
# Reference: https://twitter.com/olihough86/status/1243561290439839745
# Reference: https://app.any.run/tasks/aa3e41ee-b1c0-4333-939e-e4199c1daa56/

http://5.181.156.14
5.181.156.14:443
covidpreventandcure.com
komnop.com

# Reference: https://unit42.paloaltonetworks.com/how-cybercriminals-prey-on-the-covid-19-pandemic/ (# NetSupportManagerRAT)

covidpreventandcure.com
covidwhereandhow.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1255849588788953088

62.173.145.56:2721
avheaven.icu
bssupport.duckdns.org

# Reference: https://twitter.com/JAMESWT_MHT/status/1260492238758588419
# Reference: https://app.any.run/tasks/0b4ce298-496a-4b15-9e94-0fbbb616422e/

62.173.154.94:2145
avheaven.space
brassaffid.com

# Reference: https://twitter.com/jcarndt/status/1275108512046211074
# Reference: https://app.any.run/tasks/c9e195d3-227c-480a-8515-1cdadcf29485/

membersonlytraining.com

# Reference: https://app.any.run/tasks/cc3ac8a1-394f-4488-89e1-6107017b2360/

http://45.133.245.57

# Reference: https://twitter.com/JAMESWT_MHT/status/1285170628656615424
# Reference: https://bazaar.abuse.ch/sample/8ab3b9367304dccac78095808260417a46c0f37720051592b9a32ba3b030743d
# Reference: https://www.virustotal.com/gui/file/68313d4b45cc908f541dd581d7b9d1e8ccadcbf205714c12c36b58083ada7345/detection

http://62.173.138.41
62.173.138.41:2071
numienimfe2.com
ysanhumeg1.com

# Reference: https://www.virustotal.com/gui/file/72a908033a308ec5da4e384c2c6efb33405afc50688033849783267e6fb1bddc/detection

http://5.45.74.219

# Reference: https://www.virustotal.com/gui/file/86fc3e58537ac903356866de03df56baaba69b2641f90da283560a08fc60786b/detection

http://45.133.245.192

# Reference: https://twitter.com/malware_traffic/status/1321482374044069888

http://46.17.106.230
46.17.106.230:3543

# Reference: https://www.virustotal.com/gui/file/8781b76845a95237e38d007e1ce0c5743e3eb95717e13b85a6b2a963cf4c0d2d/detection
# Reference: https://www.virustotal.com/gui/file/5f7f2f6e7ed3cc8243fad060f0b64267ceb629456eab62215847419eb7f4494e/detection

192.169.6.95:3294
http://192.169.6.95
http://45.138.172.158

# Reference: https://twitter.com/cyb3rops/status/1372941834104807426
# Reference: https://github.com/blackorbird/APT_REPORT/blob/master/SunBurst/SilverFish_Solarwinds.pdf

mgdsoufjgh4hgba.xyz
nefvnvudygct4.xyz
huntaget.cn
moreeu.cn
moreofit.cn
torpoa.cn

# Reference: https://www.virustotal.com/gui/file/2add4e3f9acd88b53c97989b309bccdf35456c444d7b4436bd0b9b04f1d16cf4/detection

http://88.119.171.110
88.119.171.110:443

# Reference: https://www.virustotal.com/gui/file/672eebccfb00a9a4cc11fec4232eff3c87f7870d1cef4c647d364801cab814ca/detection

http://37.61.213.242
37.61.213.242:2549

# Reference: https://www.virustotal.com/gui/file/45ff625f17a1e9ad65dd94c376034148d6d8eee8a41b1209f566a907f5d6d6c7/detection

http://46.161.40.59
46.161.40.59:3085

# Reference: https://www.virustotal.com/gui/file/c8425cf994f02784d3f8eeb570b6ac1edc5876908b64b40b532e2534a84a19ad/detection

http://62.173.140.217
62.173.140.217:1337
coinduck.duckdns.org

# Reference: https://www.virustotal.com/gui/file/c5962e29f3f752f3fe8ae5cef5022fb819eb8dfad91ba81c9e1ccd44ac8d5fd5/detection

185.156.172.130:2549
fiseddaniret1.com
fiseddaniret2.com

# Reference: https://www.virustotal.com/gui/file/131586137654c8774dc2ba571834e7d20881c53e2e91421fe832159004954ab8/detection

http://1.254.1.1
http://192.64.119.126
visualmultiplicationsinc.club
worktwork3.xyz

# Reference: https://www.virustotal.com/gui/file/013928987cd0092ef2f5de55f2ae076ff67297ccd75bc6a2959eff4301591ddf/detection

findmemolite.com
dvqyswmvahrqd.cloudfront.net

# Reference: https://github.com/pr0xylife/NetSupportRAT/commit/8ce0fa44a9a9c899031dc3340f23aa601e3ffeaa

http://5.252.178.213
contentcdns.net

# Reference: https://medium.com/walmartglobaltech/socgholish-campaigns-and-initial-access-kit-4c4283fea8ee
# Reference: https://www.virustotal.com/gui/file/552f65f0ae7b001df20dc2875b136f55669daa09ba02d10d9b688a3511cbb4ca/detection
# Reference: https://www.virustotal.com/gui/file/ccc0204486cbf8b6db43711ddf8d847cfc15d5f713c60b53c461c4e4eeeb1a4f/detection
# Reference: https://www.virustotal.com/gui/file/617c331b65e0d26e1e64a04f06555891e719b578fd2bdc41065458176821f0c1/detection

http://149.28.68.114
http://194.180.158.173
http://45.76.172.113
http://45.77.87.77
http://5.252.178.213
http://87.120.8.141
aasdig8g7b448ugudf.cn
asaasdivu73774vbaa33.cn
businessaudit.tax
hlmequipment.com
mixerspring.cn
nsncasicuasyca831cs3vvz.cn
sjvuvja.com

# Reference: https://twitter.com/idclickthat/status/1550876054440509445
# Reference: https://www.virustotal.com/gui/file/4a6e542f77e622f7084e5b5bddab43ae4e80a07ade56e3063e3959fd03040dd0/detection

http://95.217.35.62
95.217.35.62:1337
pokemongo-nft.io

# Reference: https://github.com/0xToxin/Malware-IOCs/blob/main/Riskware/Riskware%20-%2008082022
# Reference: https://www.virustotal.com/gui/file/080fa496d57ca79f09b2717b384a3a34080bbfcef8a1198bbea1901e4b571991/detection

http://108.61.207.16
108.61.207.16:49760
telemetry-cdn-ny.com

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-08-16%20NetSupport%20RAT%20IOCs

http://23.88.96.2
asdbgbwi8ww.icu

# Reference: https://twitter.com/pollo290987/status/1561042448683618304

http://151.236.14.69
7nt.at

# Reference: https://twitter.com/0xToxin/status/1558007700180582400

duvje6egvuas.com
sdhbuh474jhguakfi3jgh3.cn

# Reference: https://github.com/executemalware/Malware-IOCs/commit/5db274edcb157e7d003c1201211674b6bc140fc2

http://78.47.32.144
asdjdoo3vsd.icu

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-08-22%20NetSupport%20RAT%20IOCs

http://167.235.67.199
ghev.top
tojh5roh4.top

# Reference: https://twitter.com/mojoesec/status/1561805273651617793

52226asdiobioboioie.com
jjdfu.fun

# Reference: https://twitter.com/phage_nz/status/1562229369669828608

aisdyhvuekmfa33.cn
dfuy.fun
iurb.top
sdfijiusgydygbugjsadifr.com

# Reference: https://twitter.com/pollo290987/status/1562535463251898369

asdbjhsdf63.cn
rijd.fun
sadvi8ejvas.icu
sdsdfnjdsfhis6g4fr.com

# Reference: https://tria.ge/220829-t7q4vacahl/behavioral2

adhkjdlkasd.icu
riut.top

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-09-08%20NetSupport%20RAT%20IOCs

ghvab.xyz

# Reference: https://twitter.com/pollo290987/status/1568312124799176704

http://103.153.183.74

# Reference: https://twitter.com/pollo290987/status/1570114932041043972

http://94.130.179.90
fbueg.top

# Reference: https://twitter.com/pollo290987/status/1572284261721591808

http://78.47.255.163
eruge.xyz

# Reference: https://twitter.com/pollo290987/status/1573375977178234881

http://88.198.178.95
fygba.fun

# Reference: https://twitter.com/pollo290987/status/1574770057460211712

http://78.47.81.171
gunbj.top

# Reference: https://twitter.com/nosecurething/status/1574939506566135809

fhb7dhb8z84ehg.xyz
rgkiboinas.men
sdgjoujhbsiuhdisd.com

# Reference: https://twitter.com/pollo290987/status/1576941098483998722

http://75.102.34.39

# Reference: https://twitter.com/pollo290987/status/1578047035793711110

http://23.88.52.251
db8ew.top

# Reference: https://twitter.com/pollo290987/status/1580579019543568385
# Reference: https://twitter.com/phage_nz/status/1592273345185468416
# Reference: https://tria.ge/221114-1cg11sab4z/behavioral1
# Reference: https://www.virustotal.com/gui/file/2a968ae38c10430c37a108f6919d0d5eb4e8e10415f927437a051e1fbd3ae7d4/detection
# Reference: https://www.virustotal.com/gui/file/157b4754d3cc372bb4b236c37036eb0729cff6bba01220f3d0cc1c9f340d68ea/detection

176.113.115.91:2145
31.41.244.112:2145
89.185.85.44:2145
89.208.103.208:2145
8ltd8.com
npinmclaugh11.com
npinmclaugh14.com

# Reference: https://www.virustotal.com/gui/file/05bb07f3dfae2584a5f6382f23ba58bbea9feeea01509c446a1c75e47a9dfa13/detection

http://140.82.15.232
140.82.15.232:2970

# Reference: https://www.virustotal.com/gui/file/498d6c9301e100f9b7752a6ee34b6873747efa876a9767f51c8eb8dd6a2ff63a/detection

http://116.202.22.58
sdfuubw.icu

# Reference: https://isc.sans.edu/diary/rss/29170
# Reference: https://otx.alienvault.com/pulse/6352a4f01abba547918c8a4d

http://176.124.216.159
176.124.216.159:5511

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-10-26%20NetSupport%20RAT%20IOCs

she32rn1.com

# Reference: https://www.virustotal.com/gui/file/bfa0f0a9d939eb766c9fd81be03e3b2cd4ed43b977832a21e73156a7201ff1ed/detection

http://193.106.191.152
185.158.251.35:4421
193.106.191.152:4421
dcejartints16.com
dcejartints17.com

# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-12-28-IOCs-for-NetSupport-RAT-infection.txt

http://89.185.85.44

# Reference: https://www.virustotal.com/gui/file/058118f80fc1a977d07f012560d2ca6109709d20ba6a81e017f294f6e37f2f28/detection

151.236.14.69:2940
pinustamilbe10.com

# Reference: https://twitter.com/x3ph1/status/1612583145257275392
# Reference: https://twitter.com/x3ph1/status/1612636188212338690

gkdkr.icu
gubje.top
noinmsyvhruhjbi4hs.cn
sdvubjser.top

# Reference: https://www.virustotal.com/gui/file/e0f1dc2d0d42622578b3d4e609a5f428edcc41273c60640711f092570cda132c/detection

http://142.132.188.48
fasfybue.icu
rgkiboinas.men

# Reference: https://twitter.com/BroadAnalysis/status/1613255257789693953

http://94.158.244.38
52226asdiobioboioie.com

# Reference: https://www.virustotal.com/gui/file/12d2c229d192506c13f8dfbb5e9edb5b9b369a6e0b5ddc7cb2647d02d7fcdae5/detection

http://194.180.174.152
194.180.174.152:1203
pro1vin7ce.top

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-01-27%20GoogleAds_NetSupport%20RAT%20IOCs

http://185.161.210.23

# Reference: https://twitter.com/dlevyny7/status/1619081793344512000
# Reference: https://www.virustotal.com/gui/ip-address/185.161.210.23/relations
# Reference: https://www.virustotal.com/gui/file/8301d30f35705f82c85b56c51fc9f79f9071c3cb3e984b9c55aefe98b830cfc6/detection

anydeks-access.com
mindamiedolis19.com

# Reference: https://twitter.com/1ZRR4H/status/1620141013686968320

http://176.124.216.31

# Reference: https://twitter.com/crep1x/status/1620542075082260480
# Reference: https://tria.ge/230131-z4s2xscd3t/behavioral2

any-desk-app.life
audacity-app-official.site
canva-app-official.site
handbrake-app-official.site
ledger-app-official.site
libreoffice-app-official.site
teamviewer-app-official.site
tronlink-official.site
dkimqwertyasd.com
harddrystamp.com

# Reference: https://twitter.com/Iamdeadlyz/status/1626286424713736194
# Reference: https://www.virustotal.com/gui/file/2bee969bf4dd2fc0e5b6de9f835a037b486fe6f599ec20485231710b06033837/detection
# Reference: https://www.virustotal.com/gui/file/84520291f6556c00cb44314d2994037e0b098bc97c73826c6b6d3e03564b243d/detection

http://89.107.10.44
89.107.10.44:9999
arponet.duckdns.org

# Reference: https://twitter.com/Iamdeadlyz/status/1626286411879190528

http://195.133.197.185
pokemoncards-nft.com

# Reference: https://twitter.com/AnFam17/status/1628995393143832576

94.158.244.118:1203

# Reference: https://twitter.com/nosecurething/status/1631005059302522900

dssdgihbiuieyygvkdsiy4.cn
gunhdr.top

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2023-03-09-v10262/351

gybvhxu.top
itugbjhb.xyz

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-03-23%20NetSupport%20RAT%20IOCs

http://116.203.241.111
dirjbrb.fun
dvjurtt.top
sdfojbeufibibsuu8u.cn

# Reference: https://twitter.com/JAMESWT_MHT/status/1641700979434217475

glorrytertyds1.com
glorrytertyds15.com
howcankfhns.com
ktalarisa18.com
ktalarisa19.com
plshaquntarav31.com
plshaquntarav32.com
uzurtela1.com
uzurtela42.com
xjmko311.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1641714810696998916

http://51.195.53.204
dcanalirder12.com
dcanalirder15.com
jalalymola11.com
jalalymola17.com
mindamiedolis20.com
whatulookingat.duckdns.org

# Reference: https://www.trendmicro.com/en_us/research/23/c/new-opcjacker-malware-distributed-via-fake-vpn-malvertising.html
# Reference: https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/c/new-opcjacker-malware-distributed-via-fake-vpn-malvertising/ioc-new-opcJacker-malware-distributed-via-fake-vpn-malvertising.txt
# Reference: https://otx.alienvault.com/pulse/6424417d4f7e34fdcc85af29

alle13net1.com
alle13net2.com
comes1.com
comes2.com
gattri1.com
gattri2.com
installer-xvpn-g.site
installer-xvpn-h.site
installer-xvpn-k.site
installer-xvpn-n.site
irbxvpn.site
irexvpn.site
irfxvpn.site
irhxvpn.site
irixvpn.site
irkxvpn.site
irqxvpn.site
irtxvpn.site
iruxvpn.site
irwxvpn.site
manigiajabae32.com
manigiajabae35.com
neskrab1.com
neskrab2.com
nesupcli.com
uhcoxvpn.site

# Reference: https://twitter.com/1ZRR4H/status/1643512391940952064
# Reference: https://www.virustotal.com/gui/ip-address/162.33.178.129/relations

http://91.107.198.110
gsdgtruhu45.cn
irejhg.fun
retbr.fun
tumnt.top

# Reference: https://www.virustotal.com/gui/file/12e68953eac99f92a4bad4dc8263fd21837a119ec3830569c3f6205b2bc4726c/detection

rtern.top

# Reference: https://www.virustotal.com/gui/file/12e68953eac99f92a4bad4dc8263fd21837a119ec3830569c3f6205b2bc4726c/detection

dfrgb.fun

# Reference: https://twitter.com/abuse_ch/status/1646397352469577728
# Reference: https://www.virustotal.com/gui/file/26cad4ec29bc07d7b2c32c94dbbef397391babf1c78cc533950b325aaf11bba8/detection

http://79.137.207.54
79.137.207.54:5222
balbalz1.com

# Reference: https://twitter.com/StopMalvertisin/status/1648223628067237890
# Reference: https://twitter.com/souiten/status/1648250631600373760
# Reference: https://www.virustotal.com/gui/file/e927e79de25207d548965e90ec87c26021b9549b5108ac0de99cc9c85556841b/detection

http://87.251.67.111
87.251.67.111:1935
glazgo141.com
glazgo142.com

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-04-17%20NetSupport%20RAT%20IOCs

http://23.88.125.55
erbieiv.top
rubjbz.fun
ssgdubuerx4.cn

# Reference: https://twitter.com/pollo290987/status/1653139934956363777
# Reference: https://twitter.com/pollo290987/status/1653486646774362112
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-05-01%20NetSupport%20RAT%20IOCs
# Reference: https://www.virustotal.com/gui/file/e3d142307cbbf3d0d8eac76364993e52833d1ba7318a9ca93dc7f950c49e8ec5/detection

http://195.201.237.50
eduvu.top
erigb.top
sdjbizirebz.cn

# Reference: https://twitter.com/pollo290987/status/1653796442723475458

asdyg.fun
dsauvsiv.top

# Reference: https://twitter.com/pollo290987/status/1654206717251530753
# Reference: https://www.virustotal.com/gui/file/026d17e445821b1d208cb399f451f688f2ba1882a0596661c5d728213aa70e18/detection

http://193.233.232.218
http://89.22.237.94
89.22.237.94:5222
blahadfurtik.com
blahadfurtik2.com

# Reference: https://www.virustotal.com/gui/file/2ba36fbdb1ade985521f651d2fef8667b788658b87423297fddb88f70fbbd411/detection

http://79.137.203.68
79.137.203.68:5222
hdwarframebot.com

# Reference: https://twitter.com/pollo290987/status/1654357341314117633

dsauvsiv.top
erivhx.fun

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-05-04%20NetSupport%20RAT%20IOCs

dubhd.top

# Reference: https://twitter.com/pollo290987/status/1654540593756872706

http://45.138.74.89

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-05-08%20NetSupport%20IOCs
# Reference: https://www.virustotal.com/gui/file/9488e05b2be4ef6494ed61a15246de5a1b9e2e7a1673c660a35a162a4e29f339/detection

http://94.130.187.192
pruvb.fun

# Reference: https://twitter.com/pollo290987/status/1658540867840270337
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-05-15%20NetSupport%20RAT%20IOCs

http://128.140.14.43
sdfhr.top
tryxe.fun
sasfyvuaseyzzs.cn

# Reference: https://gist.github.com/kirk-sayre-work/1a7ec92ab9018ffac71ee5826de9aba8

http://193.233.233.92
http://91.193.43.96

# Reference: https://twitter.com/JAMESWT_MHT/status/1658779419043942402
# Reference: https://www.virustotal.com/gui/file/d885b84d8d8059451a119b32d164280284d428350d2bfcfaf7b84f1b2223a42a/detection

176.124.198.7:5222
alnama.net/realty/license.php
itsupportadminguy.info/itsurjia/homeps.php
/itsurjia/homeps.php

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-05-18%20NetSupport%20RAT%20IOCs

rszee.top

# Reference: https://threatfox.abuse.ch/ioc/1119451/

77.105.146.153:5222

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-05-23%20NetSupport%20RAT%20IOCs

http://5.75.145.41
ergtu.top
reubhh.fun
sertte56gzxes.cn
/rt.php?i=NOT-A-RESEARCHER

# Reference: https://tria.ge/230526-gyq19sea99/behavioral11

91.215.85.180:5222

# Reference: https://twitter.com/JAMESWT_MHT/status/1662371119532318720
# Reference: https://tria.ge/230527-hj77nsba65/behavioral2
# Reference: https://www.virustotal.com/gui/file/faf9b23508c4445bf9017cacb3b4f08f39d0cd0cd48cc17156320abb6083d9c7/detection

http://188.227.59.169
http://80.66.88.143
80.66.88.143:1935
golden-scalen.com
xoomep1.com
xoomep2.com

# Reference: https://twitter.com/doc_guard/status/1668890440324579329
# Reference: https://www.virustotal.com/gui/file/7e9362b520bf227bfa1c152710b76b7ff83f41f4a7cae42bbb3cfa1473bb0edc/detection

http://91.107.213.253
sizie.fun

# Reference: https://www.virustotal.com/gui/file/0ab1ccca6453218c59fbff6aa2af85ec62a790bcf18426a86f12ba5fe9ed96b3/detection

asuxtp.fun

# Reference: https://www.virustotal.com/gui/file/2817e17cbaa3588d1f1d8fb8a371489693bbdea53a05a34fac71b41bf91e7081/detection

fyzyxe.top

# Reference: https://twitter.com/FirstWatchCyber/status/1678473223678074882
# Reference: https://www.virustotal.com/gui/ip-address/143.244.162.145/relations
# Reference: https://www.virustotal.com/gui/ip-address/157.90.249.226/relations

asfgze.fun
digibi.fun
regibd.fun
sdguzx.fun
ahmgbgjhdlmmlnf.top
cmbefalcljjblia.top
deediinlfifelek.top
ejhbmdagngcglaf.top
jenililhdcaegeg.top
kiknaijcgclkdnl.top
knifdjhlkchdaic.top
nbjhllilknbjldk.top

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-07-13%20AsyncRAT%20IOCs

prigze.top
zegfze.top

# Reference: https://gist.github.com/kirk-sayre-work/f9748c3cae156b56a0751679085b3f8e

bisiv.top
dubpv.top
eovze.fun
igsufb.top
izrvb.top
lvuse.top
lvvmze.top
sdifiv.top
tvfzie.top
vizhez.top

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-07-24%20AsyncRAT%20IOCs

rigjz.fun

# Reference: https://twitter.com/abuse_ch/status/1685911335719100416
# Reference: https://www.virustotal.com/gui/ip-address/176.111.174.101/relations
# Reference: https://twitter.com/JAMESWT_MHT/status/1685921789539389440
# Reference: https://twitter.com/JAMESWT_MHT/status/1685923203141582848
# Reference: https://www.virustotal.com/gui/file/37cb07ef75c90beb2af9df3faf02283c71ef48cbffce24bcd46049b38939d26b/detection
# Reference: https://www.virustotal.com/gui/file/5e6c05f47399616a63798cb40df75b90912f3dffa84b310ee26db960fc62522f/detection
# Reference: https://www.virustotal.com/gui/file/b75b778b3ca3698225351e0e36376be5da90ec890f4dcf5db970a1f08d8ed37c/detection

http://95.179.150.54
http://95.179.189.207
95.179.189.207:1313
95.179.150.54:1315
95.179.150.54:1414
archivde.xyz
luckyday0728.org
sambireact1.com
sambireact2.com
unclesrug31.com
unclesrug32.com
yeah07.online

# Reference: https://www.virustotal.com/gui/file/c395a71bfd66e923a94cbdc32e5257e51e43b3262bdbd2c75afb36fefed9f3b8/detection

http://94.158.247.27
94.158.247.27:5051
conluase62.com

# Reference: https://twitter.com/x3ph1/status/1686554084294152192

94.158.247.23:5050
magydostravel.com

# Reference: https://www.virustotal.com/gui/file/6318e4335b1098781e35d7464d20b7f92015e86f21c5aad3147e18d6bf9bba7d/detection

http://94.158.244.41

# Reference: https://www.virustotal.com/gui/file/18f2356888cd0909399b77211c732a3f808b06b4fd740e32c5e8105193296706/detection

http://91.215.85.176
91.215.85.176:5222
norominis1.com
norominis2.com

# Reference: https://bazaar.abuse.ch/sample/f5f167423d31cdd7e742d6ae85d6170f26203ec7496d4e098f9e16f40e864c0a/
# Reference: https://www.virustotal.com/gui/file/f5f167423d31cdd7e742d6ae85d6170f26203ec7496d4e098f9e16f40e864c0a/detection
# Reference: https://www.virustotal.com/gui/file/845087bb407b34d8003174a3b63b6c50c7ab4b13ef81636b8344740bb7a8559c/detection

http://185.225.75.33
185.225.75.33:443

# Reference: https://bazaar.abuse.ch/sample/933861b75227a3f4727b5872fa9da1b049e420632f8a9198987e8bfbaf7da9e6/
# Reference: https://www.virustotal.com/gui/file/5ffb5e9942492f15460e58660dd121b31d4065a133a6f8461554ea8af5c407aa/detection

http://45.15.158.212
45.15.158.212:1412
jokosampbulid1.com
jokosampbulid2.com

# Reference: https://twitter.com/malware_traffic/status/1691546307683352576
# Reference: https://www.virustotal.com/gui/file/de3d0a11dec2e3b4afce991a690024e96dca389f8a0a3c6a65b559c9f1c12d59/detection

http://94.156.6.111
94.156.6.111:443
xcelcareers.com

# Reference: https://twitter.com/1ZRR4H/status/1692484935947563405
# Reference: https://www.virustotal.com/gui/ip-address/64.52.80.202/relations

eyftze.top

# Reference: https://www.virustotal.com/gui/file/38669dd5ccced3c29f3eb6bad7a04fbdc2cc81ea6f7c76b03cf1c4fee6c5f3f0/detection

http://185.163.45.36
185.163.45.36:5051

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-08-22%20AsyncRAT%20IOCs

rigujze.fun

# Reference: https://www.virustotal.com/gui/file/00c9a25198c62d243549a458be44f24a71bc999bdb279fc6336ddedeccf637a1/detection
# Reference: https://threatfox.abuse.ch/ioc/1152573/

http://79.137.205.69
79.137.205.69:3725
falafelgoo1.com

# Reference: https://www.virustotal.com/gui/file/cf4b26813e325da0c821da65e1417bea0045f8349204518b58381609b6662803/detection
# Reference: https://www.virustotal.com/gui/file/8d0f88f0a641392f67dcba2a15d18dc3023bc3de35d6ed6e4664948ed928d36e/detection

http://94.158.244.56

# Reference: https://www.virustotal.com/gui/file/9f5feccfcce9d5a6af03e983c7fce6a38cf40fd0cfc518a612c696c572ba2fd5/detection

http://139.60.163.37
139.60.163.37:2940
pinustamilbe12.com

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-08-29%20AsyncRAT%20IOCs

easdiv.top

# Reference: https://twitter.com/0xToxin/status/1697254384932184572
# Reference: https://app.any.run/tasks/fc8794c8-ef16-4102-9be4-70b5745c08ab/

zpeifujz.top

# Reference: https://gist.github.com/kirk-sayre-work/f3ff9633cea04c7eed5f00962a6a666d

docusec.top
eividsy.top
euuvua3.top
fahzza.fun
fiauta.top
fuzuci.top
prizba.top
rubize.top
saifozi.fun
sdfuzien.top
secdoct.top
sevyr.top

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-08-31%20NetSupport%20RAT%20IOCs
# Reference: https://www.virustotal.com/gui/file/d4f6598a76b92b919bccac6394429a94e7e28da1a86d53e3cd5b204e9c9dc8a8/detection

http://5.252.177.126
http://5.252.178.51
5.252.177.126:443
5.252.178.51:443

# Reference: https://www.virustotal.com/gui/file/9101403bb729cabebd79206aad130293890154cd7a6fba3417471a645ea3ef25/detection
# Reference: https://www.virustotal.com/gui/file/1b74c1fcbe83096cd703bfe9343163894f3a0a83c3708edf97fac42c43ebee83/detection

http://5.42.82.229
http://79.137.205.69
5.42.82.229:3725
79.137.205.69:3725

# Reference: https://www.virustotal.com/gui/file/343d63ff67300da163c035fd16eeaf73ca0d8b472725be1cf501addbc205c487/detection

79.137.202.177:3725

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-09-05%20AsyncRAT%20IOCs

sdfuvy.top

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-09-07%20AsyncRAT%20IOCs

ehxevg.top

# Reference: https://threatfox.abuse.ch/browse/malware/win.netsupportmanager_rat/ (# 2023-09-10)
# Reference: https://www.virustotal.com/gui/file/cc625f2839019ee79af16b580a5248ea119e1a69411cd7498e68d0fb93257f32/detection

http://5.39.110.142
http://5.79.72.218
http://91.92.242.229
5.39.110.142:1770
5.79.72.218:1770
91.92.242.229:443
pkvithtosh11.com
pkvithtosh17.com

# Reference: https://www.virustotal.com/gui/file/6a507c4b04ecd8052a518e77c2cadaf32b89018ae7bc7857b0b799c82c8fe23b/detection

http://185.163.46.93

# Reference: https://www.virustotal.com/gui/file/4a9f42167f399abfbb42a5ee4d52922eb3f7f1ce88d23824f01d13e50609b8b9/detection

http://94.158.245.150

# Reference: https://www.virustotal.com/gui/file/c38c08aa33317d483b8c3f2572189deffd054a8805d463ef2437d4e7aa458436/detection

http://95.216.186.137
95.216.186.137:2701
dmforinenam17.com
dmforinenam18.com

# Reference: https://www.virustotal.com/gui/file/1a011068e00ff24aaef338efc5d21f51abbf47cf1f1006b1b79c78bc84b1d3c6/detection

http://5.252.178.48
5.252.178.48:443

# Reference: https://threatfox.abuse.ch/ioc/1183943/

http://5.252.177.214
5.252.177.214:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.netsupportmanager_rat/ (# 2023-10-12)

http://5.252.177.111
5.252.177.111:443
sdjfnvnbbz.pw

# Reference: https://twitter.com/reecdeep/status/1715053326859895210
# Reference: https://www.virustotal.com/gui/file/c418c883f8d85ed6de3ca033f925c29bf5f5ef4926d62e04d61b6c015dbeb841/detection
# Reference: https://www.virustotal.com/gui/file/d4085ca36709f3b3a2d5a38cba70fbcd439dbc3be024c29829bfa10d8ef44f53/detection

orivzije.top

# Reference: https://twitter.com/x3ph1/status/1719115004530581756
# Reference: https://www.virustotal.com/gui/file/18df68d1581c11130c139fa52abb74dfd098a9af698a250645d6a4a65efcbf2d/detection
# Reference: https://www.virustotal.com/gui/file/2725bdb19861c6bd2d4156040473da04abe32c8701e6a7d0cbeeca8425127c10/detection

http://185.163.47.243
185.163.47.243:443

# Reference: https://thedfirreport.com/2023/10/30/netsupport-intrusion-results-in-domain-compromise/
# Reference: https://www.virustotal.com/gui/file/b910500a9fce47fa4db13b2ad2aea72f20df4743a66b6099fb4b9a4d71912e50/detection

http://79.137.206.37
79.137.206.37:133
wsus-isv-internal.tech
wsus-isv-local.tech

# Reference: https://twitter.com/JAMESWT_MHT/status/1719446999420846529
# Reference: https://www.virustotal.com/gui/file/2a2d79f2b08ecfc76c536c2c9f17922f8272ada7ee318e359529a38d769973ac/detection
# Reference: https://www.virustotal.com/gui/file/f21aea9606f94eba27674cfb40a4aeccd5c73577a3997e4687accc63eaa2efa7/detection

sduyvzep.top
/m0t3hg0h8uyx
/wsjdfghd

# Reference: https://twitter.com/reecdeep/status/1720122106854166900
# Reference: https://app.any.run/tasks/5139943d-a620-4a3b-a062-264460825126/

lzlzy4e.top

# Reference: https://threatfox.abuse.ch/browse/malware/win.netsupportmanager_rat/ (# 2023-11-07)

http://185.163.47.137
http://5.181.156.60
http://91.92.242.5
185.163.47.137:443
5.181.156.235:443
5.181.156.60:443
91.92.242.5:443
91.92.244.196:443
91.92.247.248:443

# Reference: https://www.virustotal.com/gui/file/48ff224a396a4583990cb16a88a555817bff10ffbd85597ad941c6d2f5e78dda/detection

speedsupport.duckdns.org

# Reference: https://twitter.com/JAMESWT_MHT/status/1727335614805078515
# Reference: https://www.virustotal.com/gui/file/3407337dea12501ed2d524ed049d69a8e188bcd585f1a4055b60d4369cfc348b/detection

http://185.225.17.47
185.225.17.47:136
glaciecrw.cfd
huggertlow.top

# Reference: https://twitter.com/1ZRR4H/status/1731019006318985352
# Reference: https://www.virustotal.com/gui/file/0fdc3d43677d406fb68b434d25a5757f5981ecc19ec616f8ddcd9126ba548014/detection

46.149.74.125:1061
andater393.net
svanaten1.com
svanaten2.com

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-12-22%20AsyncRAT%20IOCs
# Reference: https://app.validin.com/axon?source=DNS&zone_filter=top&limit=100&type=ip&find=206.166.251.17

prozvegz.top
sossoshn.top
ruzivre.top

# Reference: https://www.virustotal.com/gui/file/01caca23428e0f6d56feda4b411d989f4b0c8ad4dd28664f5f2b7de428b76004/detection

http://194.38.21.53
194.38.21.53:1203

# Reference: https://threatfox.abuse.ch/browse/malware/win.netsupportmanager_rat/ (# 2024-01-24)

136.244.108.223:1411
152.89.218.212:443
185.163.46.93:443
185.26.239.180:443
45.61.147.162:3301
45.67.230.205:443
5.181.156.45:443
91.92.245.80:443
94.158.244.56:443
94.158.245.150:443

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2024-01-23%20NetSupport%20RAT%20IOCs

hsdiagnostico.com

# Reference: https://twitter.com/1ZRR4H/status/1750170408463008120
# Reference: https://www.virustotal.com/gui/file/a04f3d2be0b51c4c302bc4b881ee6c6b507bc432272fc37d7c531060607e7932/detection

blawx.com/letter.php
defigmi.com/1/GetData.php
core-click.net
helasirasi.com
helasiras1i13.com

# Reference: https://www.virustotal.com/gui/file/09c64c1e380b08904417424f0335f960ae10bebb57dda489028084db71fb6a17/detection

http://95.142.47.11
95.142.47.11:1203

# Reference: https://twitter.com/doc_guard/status/1764652970682048592/history
# Reference: https://www.virustotal.com/gui/file/56fe0d3edd415c0ca1b7fc7bf960300e085465cd2a6d0ec3600191aac25a66e4/detection
# Reference: https://www.virustotal.com/gui/file/7144b8408b3ad9ae2d035cf122f9311673a38e9f26177c3c12d390c68ecb54b4/detection

http://79.132.130.233
79.132.130.233:443
compactgrill.hu

# Reference: https://twitter.com/seguridadyredes/status/1767900519094235335
# Reference: https://twitter.com/1ZRR4H/status/1767915425097044097
# Reference: https://www.virustotal.com/gui/file/387b55861b370471596725c10e55a33e82834f711aa24b01cd23a9ac9f27a721/detection

http://192.236.192.48
rahnoturkey.com
nes.cosmopeople.in
/nyhjkszpcccggjukfgnattexybnfgziizyh.txt

# Reference: https://twitter.com/k3yp0d/status/1767934844061794764
# Reference: https://www.virustotal.com/gui/file/f72cb853fcec9002c9c5fb978bc5ebcd0e6d4b86cc4a778d5fd4c2c7dc619095/detection

custompcadvisor.com

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2024-03-21%20FakeUpdates_IOCs

http://5.181.156.5
5.181.156.5:443

# Reference: https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2024-03-27-IOCs-for-Google-ad-leading-to-Netsupport-RAT.txt

http://45.155.249.55
45.155.249.55:443

# Reference: https://www.virustotal.com/gui/file/f455dbcd58ae3f4ba10bfcb0357b9828774c29f3f5bc48005efd6123f46cebfb/detection

http://45.11.180.127
45.11.180.127:3120
dcnlaleanae8.com
dcnlaleanae9.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1784900827930349915
# Reference: https://twitter.com/ValidinLLC/status/1784948155051610425

arts.ghazalamini.ir
arts.spotylife.ir
cdn.ghazalamini.ir
cnwsj.2060y.workers.dev
finacial.patrickring.net
financial.patrickring.net
fl.7s9r.ir
fl.aghanima.ir
fl.aronafsharmeds.ir
fl.daryayebikaran.ir
fl.derakhtedaneshi.ir
fl.libraryriazi.ir
fl.musicbarani.ir
fl.nimartltd.ir
fl.samsungshopify.ir
flcdn.7s9r.ir
flcdn.aronafsharmeds.ir
flcdn.asbeabijoon.ir
flcdn.daryayebikaran.ir
flcdn.myoldgames.ir
flcdn.samsungshopify.ir
flcdn.youroldgames.ir
ghazalamini.ir
herkolvg.amir27386.win
hero.morphling.ir
home.morphling.ir
irc10.spotylife.ir
irc11.spotylife.ir
irc13.spotylife.ir
irc2.spotylife.ir
irc5.spotylife.ir
irc6.spotylife.ir
irc7.spotylife.ir
mrfl.morphling.ir
nimartltd.ir
smtl.spotylife.ir
srv2.spotylife.ir
sub.nimartltd.ir
testsite2023.store
wls.lbcc.workers.dev
wsj.pm
wsj.webserve.workers.dev

# Reference: https://twitter.com/JAMESWT_MHT/status/1784942910057648537
# Reference: https://www.virustotal.com/gui/ip-address/38.180.62.49/relations

babolk1.com
greekpool.com
rewilivak13.com

# Reference: https://twitter.com/crep1x/status/1786150754983575656

http://103.106.2.16
http://103.159.132.236
http://103.159.133.234
http://104.194.156.214
http://104.234.118.78
http://104.237.234.27
http://104.41.179.80
http://107.6.74.93
http://110.141.253.13
http://139.162.120.150
http://139.28.220.180
http://142.132.190.124
http://142.132.238.181
http://142.202.205.89
http://149.248.8.148
http://150.14.52.17
http://157.90.248.115
http://157.98.255.23
http://159.69.186.8
http://162.33.179.238
http://162.55.56.201
http://165.127.124.33
http://166.1.160.205
http://167.235.159.22
http://167.235.207.169
http://167.235.49.247
http://167.235.75.93
http://168.100.11.196
http://176.107.184.61
http://176.124.217.215
http://179.43.159.76
http://184.106.79.117
http://185.163.45.124
http://185.163.45.186
http://185.163.45.43
http://185.163.47.150
http://185.181.229.215
http://185.209.22.198
http://185.212.44.49
http://185.225.17.250
http://185.225.19.176
http://185.243.112.80
http://185.31.160.130
http://185.34.234.106
http://185.4.65.191
http://185.87.49.233
http://185.91.107.158
http://187.86.226.73
http://188.127.224.196
http://193.106.191.132
http://193.16.147.35
http://193.25.182.217
http://193.65.70.211
http://194.180.191.107
http://194.230.77.110
http://194.38.20.14
http://194.38.21.18
http://194.40.243.233
http://194.74.71.172
http://198.144.189.68
http://198.239.91.160
http://199.102.91.7
http://199.127.38.75
http://199.16.199.2
http://199.188.205.15
http://199.255.38.118
http://199.34.228.77
http://2.58.15.67
http://20.40.140.199
http://201.192.253.111
http://204.90.181.2
http://208.35.209.64
http://212.140.133.235
http://213.252.244.126
http://217.126.98.85
http://220.233.64.142
http://23.108.57.114
http://23.88.100.249
http://23.99.231.137
http://3.94.229.245
http://31.7.62.214
http://37.1.205.73
http://37.1.220.113
http://40.115.136.93
http://45.11.180.120
http://45.133.245.38
http://45.139.236.20
http://45.140.146.49
http://45.15.157.194
http://45.159.248.241
http://45.61.136.72
http://45.67.228.248
http://46.149.74.125
http://47.48.212.100
http://5.181.156.11
http://5.181.156.110
http://5.181.156.144
http://5.181.156.168
http://5.181.156.177
http://5.181.156.235
http://5.181.156.45
http://5.195.23.13
http://5.224.19.90
http://5.45.74.233
http://5.61.44.162
http://5.75.193.206
http://5.75.224.41
http://5.8.54.81
http://5.8.63.140
http://50.116.17.41
http://52.1.65.139
http://59.145.88.11
http://62.173.125.171
http://62.173.145.56
http://62.173.154.94
http://62.22.15.151
http://65.109.164.238
http://65.52.150.29
http://66.42.103.163
http://67.36.85.34
http://77.246.104.53
http://77.52.201.106
http://77.91.101.205
http://77.91.101.44
http://78.141.198.19
http://78.47.174.223
http://78.47.198.6
http://79.132.132.129
http://80.154.112.190
http://81.223.83.70
http://81.45.131.56
http://81.91.178.23
http://83.206.126.185
http://85.23.132.21
http://85.94.194.169
http://87.121.52.81
http://89.144.47.4
http://89.187.117.133
http://89.208.103.208
http://91.215.85.171
http://91.215.85.180
http://91.217.80.31
http://91.228.10.140
http://94.158.244.26
http://94.158.244.47
http://94.158.245.166
http://94.158.245.186
http://94.158.247.101
http://94.158.247.26
http://94.158.247.61
http://94.158.247.80
http://94.158.247.87
http://95.164.37.152
http://95.179.253.195
http://96.57.25.203
http://94.158.245.182
103.106.2.16:443
1win-a.com
claimguardgp.com
fileexchange.thyssenkrupp.com
healthcatchers.com
helpdesk.pattisonsign.com
laserexposer.de
mybmswarehouse.com
rrcs-24-227-166-90.sw.biz.rr.com
rrcs-97-79-156-184.sw.biz.rr.com
sftp.tredence.com
shares.tr.mufg.jp
vlive.vodacom.co.za

# Reference: https://x.com/suyog41/status/1793926087082389599
# Reference: https://www.virustotal.com/gui/ip-address/51.89.111.5/relations
# Reference: https://www.virustotal.com/gui/file/3ff315a489945596e594a58be67541c3a9fbbe98febfd985423d57f3bbea665e/detection
# Reference: https://www.virustotal.com/gui/file/5974347c962c2cf11a05c151440fb0741d27ae79b73d3801389be78edf373779/detection

http://51.89.111.5
51.89.111.5:1771
pbkvithtosh07.com
pbkvithtosh08.com
beliefreport.online

# Reference: https://x.com/Threat_Down/status/1800919313798537505
# Reference: https://www.virustotal.com/gui/ip-address/74.119.194.232/relations
# Reference: https://www.virustotal.com/gui/file/473dcdb2f3a7dc1695db6c8c7b0521f9509007298669125bf97a829f85eb3d4b/detection
# Reference: https://www.virustotal.com/gui/file/ea5ec5bd69cfa7597edb4572762471ebd7408a26295ea95c4e67b6e1dbba9f38/detection

http://94.158.245.103
94.158.245.103:443
goyardblue.online
psk777.casa
r6pedihosi.website

# Reference: https://x.com/JAMESWT_MHT/status/1802973030160990460
# Reference: https://app.any.run/tasks/d224ed9c-af50-4877-8776-5970dc96e017/

http://173.44.141.66
173.44.141.66:3121
dcnvahedforil31.com
dcnvahedforil38.com

# Reference: https://x.com/JAMESWT_MHT/status/1805500877081293197
# Reference: https://app.any.run/tasks/ac26a2f9-c3fe-47c9-b93c-3a198d6e7965/

http://91.202.5.209
91.202.5.209:443
nld360.com
nld360180.com

# Reference: https://x.com/malwrhunterteam/status/1806319685295546755
# Reference: https://www.virustotal.com/gui/file/63da1609061ef7c4a77d4f76e8fa2f8775f8a08320e7d83221e470f916edad1d/detection
# Reference: https://www.virustotal.com/gui/file/3828c533000b04734fe9772c4651deb619cfbf84fb1464f1d2122a53dfb56d83/detection
# Reference: https://www.virustotal.com/gui/file/048efbaf310a62e02f180b26cb8cb2f8c8c2286f6dad126a78467c81e5173899/detection

http://77.238.233.175
77.238.233.175:443

# Reference: https://x.com/JAMESWT_MHT/status/1810573140751176178
# Reference: https://app.any.run/tasks/35f89c70-db1a-4771-8a57-e1cea88c35f5/

45.11.59.217:443

# Reference: https://x.com/silentpush/status/1811079662518382739
# Reference: https://www.silentpush.com/blog/fin7/

166.88.159.37:443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv

http://210.249.114.153
http://210.249.114.154
101.108.13.204:7443
101.108.135.200:7443
103.159.133.234:25661
107.22.165.49:443
109.195.102.70:443
109.195.124.16:3321
110.13.35.37:443
120.25.239.36:443
168.119.132.233:443
178.124.152.84:8443
178.188.188.211:5500
178.188.188.212:5500
178.188.188.213:5500
179.159.167.251:3085
179.49.112.238:3085
179.95.122.211:9990
181.116.72.52:5609
181.167.199.179:5603
181.4.0.8:9000
183.96.100.53:443
185.11.51.242:4433
185.23.192.33:444
185.243.112.80:12521
185.83.148.30:3085
186.0.139.220:443
186.0.139.220:444
186.225.10.251:3085
186.236.112.114:3085
189.115.194.186:9990
189.203.156.164:3085
190.210.247.1:5909
191.242.219.204:9990
193.19.242.55:1443
195.16.128.11:3085
195.245.189.240:443
196.117.5.252:443
196.127.164.213:443
198.244.197.118:9443
2.136.235.200:3085
2.139.253.110:3085
2.58.15.67:25661
20.105.139.205:443
200.116.185.173:3085
200.152.101.176:9090
200.180.67.154:9444
200.243.0.50:443
203.157.208.2:3085
206.210.123.104:8888
210.249.114.153:443
210.249.114.154:443
212.170.14.98:443
212.231.195.19:3085
212.55.27.214:3085
213.149.181.121:469
23.24.178.33:3085
23.24.178.35:3085
40.85.218.196:59595
41.142.248.254:443
5.236.37.121:443
61.96.204.117:443
62.119.81.101:58573
62.156.170.137:1111
62.157.233.146:5555
82.71.120.166:443
83.48.66.207:3085
84.28.36.114:443
86.53.241.21:447
88.17.122.156:443
88.17.27.121:443
91.196.170.88:5555
92.186.214.11:3085
92.187.191.119:3085
93.188.122.139:4433
93.198.179.203:81
93.198.180.127:81
93.232.107.227:81
93.232.107.227:82
93.232.108.46:81
95.189.100.119:443

# Reference: https://www.virustotal.com/gui/file/b73f5ec0edd2b9aa57244e524b327db0f27f89d15433f9a0fca45f33ea3a6a18/detection

http://194.180.191.69
194.180.191.69:443

# Reference: https://x.com/malwrhunterteam/status/1817959103282692598
# Reference: https://www.virustotal.com/gui/file/5b2c19c32d0a4725f4d5057bab96ebc00a60774926c04daa451f628677762603/detection

http://5.181.156.26
5.181.156.26:443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-08-03)

178.188.188.210:5500
189.168.203.234:443
196.117.164.141:443
206.210.123.104:8889
79.239.99.165:65385
84.154.179.217:81

# Reference: https://x.com/CyberRaiju/status/1821486680290861521
# Reference: https://x.com/CyberRaiju/status/1821486689186922844
# Reference: https://www.virustotal.com/gui/file/4be1f385cb4c1bc4d055568807a8d632c0e550184817fcdb602d1a75134336f9/detection

http://194.180.191.32
194.180.191.32:443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-08-18)

http://104.250.238.120
122.99.131.253:443
130.164.171.194:443
167.86.160.188:443
178.188.188.214:5500
190.231.88.140:5609
191.242.219.160:9990
37.74.45.12:443
79.241.107.168:82
88.211.117.186:3085
89.130.137.6:3085
90.173.96.4:3085
93.232.97.216:82

# Reference: https://threatfox.abuse.ch/browse/malware/win.netsupportmanager_rat/ (# 2024-08-18)

157.173.210.213:443
173.46.80.233:443
194.180.191.183:443
45.11.59.216:443
45.82.84.13:443
5.181.159.28:443
91.222.175.247:443
94.232.42.28:443

# Reference: https://x.com/pollo290987/status/1825769268354417144
# Reference: https://www.virustotal.com/gui/file/347c7a6cf37657f08e2c4cf3606edb4b183ccf256830917159f665489091ff26/detection
# Reference: https://www.virustotal.com/gui/file/5108c65ba3d5e5e529a342f5b105a7b11a66d1a097bd191169eaf46acee8358d/detection
# Reference: https://www.virustotal.com/gui/file/72ae89edb920e6a7dbf5c9b02dd60028318273c10d8ebe62b2bc0e3fbe462c98/detection
# Reference: https://www.virustotal.com/gui/file/9866d79a4565b247956540e85a639715b8b6de0485bc412444b4c119ef1c7a5c/detection

fossilbay.net
khertz.net
mujerymadre.org
staradeal.com
vissalia.me
/4ftdjoe9sj4jswmtcrjo77mbnwm2pyzq/avatar.webp
/cutonw43pexve2jpbuzjijyoib2buumd/avatar.webp
/g28j2itwo6y0joruhzfcq8i3snymtpu4/avatar.webp
/om9qkcoqbwd25kzgyc5fmh3gfv4955gg/avatar.webp
/viq2a62nt3u1ox5i5d0nkn8c4plqjb92/avatar.webp
/4ftdjoe9sj4jswmtcrjo77mbnwm2pyzq/
/cutonw43pexve2jpbuzjijyoib2buumd/
/g28j2itwo6y0joruhzfcq8i3snymtpu4/
/om9qkcoqbwd25kzgyc5fmh3gfv4955gg/
/viq2a62nt3u1ox5i5d0nkn8c4plqjb92/

# Reference: https://x.com/r3dbU7z/status/1827345358181052509
# Reference: https://www.virustotal.com/gui/file/82956b9e19565685a9c1fdaeea5e77643f2486df5ecd5f7c79bb4f772fd19ac3/detection

mysecureserveronlinefolder.com
hulolawyo199jestie01.duckdns.org
hulolawyo199jestie02.duckdns.org

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-08-24)

101.108.9.24:7443
189.133.140.188:443
62.119.81.149:58573
62.119.81.74:58573
93.198.189.5:81

# Reference: https://x.com/silentpush_labs/status/1831716500597809506
# Reference: https://www.virustotal.com/gui/file/0dc3a40e9f726f18e3ebac92ee5944d9c12b2ee71252f2b711434c3628877ca1/detection

http://194.180.191.183
194.180.191.183:443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-08)

130.164.171.81:443
179.95.173.13:9990

# Reference: https://threatfox.abuse.ch/browse/malware/win.netsupportmanager_rat/ (# 2024-09-08)

166.88.159.187:443
172.208.117.89:443
5.181.159.137:443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-14)

101.108.253.7:7443
179.95.202.160:9990
187.173.200.31:443

# Reference: https://x.com/smica83/status/1835971412588208440
# Reference: https://x.com/JAMESWT_MHT/status/1835980550613459316
# Reference: https://www.virustotal.com/gui/file/3d0838ea4a847f62ef9ef3f14289d119e06837538152e787ba1a1c57e4e7bf2b/detection
# Reference: https://www.virustotal.com/gui/file/a3cdd57cf75f0e1eeaf4f0d46acb509799629dfa05be139707baf164260c4be2/detection

juchesoviet48.com
taurihostmetrics.com
trustgiron.com
trustgiron3332.com
wiresapplication.com

# Reference: https://www.virustotal.com/gui/file/ad5c03186f34fe73b386fe0c08f34620953753f6575ddf111556cdf2dc9b6f2c/detection

http://95.164.115.224
95.164.115.224:2080
barsukenotikejik.com
enotikkrolikzayac.com
update-ledger.net

# Reference: https://app.validin.com/detail?type=ip&find=91.208.127.61#tab=resolutions
# Reference: https://www.virustotal.com/gui/file/1629e330badb4eac4694f7bd7418544737d6aa434c2e941584fb80ce4137a522/detection

http://91.208.127.61
91.208.127.61:2080
ghub-application.top
obs-studio.ltd
tablebusiness.us

# Reference: https://www.virustotal.com/gui/file/03f48716ab05974447b0eac981b623388c365059b76b2efc64278a15248814a2/detection

http://162.33.178.156
162.33.178.156:3122
amnahuseta19.com

# Reference: https://www.virustotal.com/gui/file/850f464e8c0fc382d8c597c1c6f3d4ccc74498176e2302b94c850f8235c658b3/detection

http://37.1.209.225
37.1.209.225:443
armayalitim.com
mlm-cdn.com

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-22)

189.115.194.189:9990
196.127.51.182:443

# Reference: https://www.proofpoint.com/au/blog/threat-insight/clipboard-compromise-powershell-self-pwn

cdn3535.shop

# Generic trails

/iplog/newg.php
/JSX/testpost.php
/fakeurl.htm
