# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: TA866

# Reference: https://twitter.com/WhichbufferArda/status/1608089945985486852
# Reference: https://www.virustotal.com/gui/file/f8cf2f07b20419758fbeaa23abae285c917df9c4e94a5259679993f8e9f37cab/detection
# Reference: https://www.virustotal.com/gui/file/aebb1578371dbf62e37c8202d0a3b1e0ecbce8dd8ca3065ab26946e8449d60ae/detection

http://141.98.82.254
/blob/8gu4bf.la5z
/blob/is4mlw.suqp

# Reference: https://tria.ge/221227-ktbbsshg51/behavioral1

http://116.202.18.132
/blob/q3k6tk.xi8o

# Reference: https://twitter.com/AnFam17/status/1607477672057208835
# Reference: https://twitter.com/AnFam17/status/1607479956870950913
# Reference: https://www.joesandbox.com/analysis/733720/0/html
# Reference: https://www.virustotal.com/gui/file/00f6b0a064a86b2566643178456211043732edbde4f6a5e9f829791c10e47141/detection
# Reference: https://www.virustotal.com/gui/file/4f9ad8a74aca60bf0cf3750c876313acc1e70d74e07a52dfeb3cb3c21f545b7a/detection

http://185.145.245.124

# Reference: https://www.virustotal.com/gui/file/4f9ad8a74aca60bf0cf3750c876313acc1e70d74e07a52dfeb3cb3c21f545b7a/detection

http://85.208.136.26
/blob/5iqmtn.iq54

# Reference: https://twitter.com/malware_traffic/status/1608673979132436481
# Reference: https://app.any.run/tasks/ceef5e3f-1f42-473b-8c7d-4692dcd117f1/

http://162.33.178.106
noetpode.com
/blob/5mloob.qqvr

# Reference: https://twitter.com/malware_traffic/status/1610385687781449730
# Reference: https://www.malware-traffic-analysis.net/2023/01/03/index.html

noteepad.hasankahrimanoglu.com.tr
/gjntrrm/zznb2o.hgfq

# Reference: https://twitter.com/1ZRR4H/status/1610590795278712832
# Reference: https://twitter.com/1ZRR4H/status/1610590799112159232

http://45.82.176.11
45.82.176.11:443
anydesk-for-desktop.com
aromaindianrestaurantlounge.com
install-anydesk.com
istaller-zoom.com
zoom-for-desktop.com
/blob/hf00ob.u4zc

# Reference: https://twitter.com/ViriBack/status/1610999181459738624

http://165.232.186.202
http://212.23.222.49
http://65.109.161.133
http://79.137.206.68
http://95.214.53.95

# Reference: https://twitter.com/Merlax_/status/1610830108373270530
# Reference: https://pastebin.com/yPBahSAk

http://104.168.32.136
http://107.148.130.121
http://146.70.157.76
http://152.89.196.174
http://167.235.202.111
http://172.86.123.86
http://179.43.142.109
http://179.43.142.142
http://179.43.142.29
http://179.43.142.37
http://179.43.154.157
http://179.43.154.168
http://179.43.154.212
http://179.43.155.136
http://179.43.155.144
http://179.43.156.145
http://179.43.156.151
http://179.43.162.115
http://179.43.162.79
http://179.43.163.118
http://179.43.175.136
http://179.43.175.230
http://179.43.175.34
http://179.43.176.13
http://179.43.176.39
http://179.43.176.54
http://179.43.176.68
http://179.43.176.78
http://179.43.187.233
http://179.43.187.95
http://185.209.160.18
http://185.209.160.99
http://185.223.93.141
http://193.233.234.13
http://193.38.55.7
http://193.42.33.180
http://193.42.33.42
http://193.42.33.73
http://193.47.61.174
http://194.4.49.152
http://217.12.201.112
http://31.41.244.157
http://31.41.244.38
http://34.150.88.233
http://45.138.74.237
http://45.144.30.114
http://45.182.189.195
http://45.66.151.81
http://45.81.39.102
http://47.57.236.111
http://5.182.39.203
http://5.230.73.134
http://5.75.171.154
http://62.204.41.57
http://62.233.50.246
http://62.233.51.95
http://78.46.190.160
http://79.137.194.240
http://79.137.202.78
http://85.209.135.172
http://88.210.12.126
http://89.22.230.175
http://91.202.5.208
http://95.179.136.89
104.168.32.136:443
107.148.130.121:443
146.70.157.76:443
152.89.196.174:443
167.172.69.255:443
167.235.202.111:443
172.86.123.86:443
179.43.142.109:443
179.43.142.142:443
179.43.142.29:443
179.43.142.37:443
179.43.154.157:443
179.43.154.168:443
179.43.154.212:443
179.43.155.136:443
179.43.155.144:443
179.43.156.145:443
179.43.156.151:443
179.43.162.115:443
179.43.162.79:443
179.43.163.118:443
179.43.175.136:443
179.43.175.230:443
179.43.175.34:443
179.43.176.13:443
179.43.176.39:443
179.43.176.54:443
179.43.176.68:443
179.43.176.78:443
179.43.187.233:443
179.43.187.95:443
185.209.160.18:443
185.209.160.99:443
185.223.93.141:443
193.233.234.13:443
193.38.55.7:443
193.42.33.180:443
193.42.33.42:443
193.42.33.73:443
193.47.61.174:443
194.4.49.152:443
217.12.201.112:443
31.41.244.157:443
31.41.244.38:443
34.150.88.233:443
45.138.74.237:443
45.144.30.114:443
45.182.189.195:443
45.66.151.81:443
45.81.39.102:443
47.57.236.111:443
5.182.39.203:443
5.230.73.134:443
5.75.171.154:443
62.204.41.57:443
62.233.50.246:443
62.233.51.95:443
78.46.190.160:443
79.137.194.240:443
79.137.202.78:443
85.209.135.172:443
88.210.12.126:443
89.22.230.175:443
91.202.5.208:443
95.179.136.89:443

# Reference: https://twitter.com/ViriBack/status/1611091230779138072

http://116.202.18.132
http://141.98.82.254
http://179.43.154.212
http://179.43.163.118
http://194.4.49.152
elon-first.com
myada2x.com
myevent22.net
v1477680.hosted-by-vdsina.ru

# Reference: https://twitter.com/0xrb/status/1611241904917876737

http://192.30.243.151
http://216.250.255.148
http://216.250.255.149
http://5.44.251.17
http://5.44.251.20
http://82.115.223.169
http://85.192.49.170
116.202.18.132:443
141.98.82.254:443
162.33.178.106:443
165.232.186.202:443
192.30.243.151:443
193.56.146.6:443
212.23.222.49:443
216.250.255.148:443
216.250.255.149:443
5.44.251.17:443
5.44.251.20:443
65.109.161.133:443
79.137.206.68:443
82.115.223.169:443
85.192.49.170:443
95.214.53.95:443

# Reference: https://twitter.com/suyog41/status/1611326908041682952
# Reference: https://www.virustotal.com/gui/file/ae82c37e4a6ec833aa743244b942033dcdd10f163cc45af519fa693ce035a002/detection

/blob/oay66h.aw7p

# Reference: https://twitter.com/Merlax_/status/1611412523663912961

kukazanatena.co.ke
theabevalle.com

# Reference: https://twitter.com/idclickthat/status/1612268584020971520
# Reference: https://twitter.com/1ZRR4H/status/1612472092326346752

install-zoom.com
virtualbse.com

# Reference: https://twitter.com/1ZRR4H/status/1613275088098304002

bluestacks-install.com
zoom-meetings-download.com
zoom-meetings-install.com
zoomus-install.com

# Reference: https://blog.cyble.com/2023/01/12/rhadamanthys-new-stealer-spreading-through-google-ads/

anydleslk-download.com
install-anydeslk.com
zoom-video-install.com
zoomvideo-install.com

# Reference: https://threatfox.abuse.ch/ioc/1068137/

textedit-notepad.com

# Reference: https://threatfox.abuse.ch/ioc/1068138/

http://164.90.172.224

# Reference: https://www.virustotal.com/gui/file/a2e9a2389faf04b67fbbd6fc71134860a145db7643d88ba312390493d5619302/detection

/blob/jb59sc.rk2g

# Reference: https://www.virustotal.com/gui/file/da16f2574eeab4267e24f416d625ed8ced553ed25bc51f22860ef565fa1c3f92/detection

http://31.41.244.16
/chachacha/ec3wm4.8xb6

# Reference: https://twitter.com/1ZRR4H/status/1614728368334716932
# Reference: https://twitter.com/1ZRR4H/status/1614728371644125187
# Reference: https://twitter.com/1ZRR4H/status/1614821592550326275

http://77.91.122.230
fargonding.store
hughtexeideas.store
mororead.store
rontr.store
montofagasta.store
rontreal.store
slavyanmar.store
toysbrasnovo.store
obs-project.festcommerzblog.com

# Reference: https://twitter.com/IronNetTR/status/1615757537273315365
# Reference: https://github.com/IronNetCybersecurity/IronNetTR/blob/main/ironradar/rhadamanthys/ironradar_1d_rhadamanthys_2022_1_18.csv

152.89.198.59:443
157.254.194.23:443
172.105.5.70:443
179.43.142.40:443
179.43.156.132:443
179.43.175.114:443
179.43.187.233:3306
185.209.160.43:443
185.225.74.144:443
185.225.74.200:443
185.81.68.104:443
memtromeds.com
moosdies.top

# Reference: https://twitter.com/DonPasci/status/1616428435550740482

sourcegimp.com
sourcsegimp.com
soursegimp.com

# Reference: https://www.virustotal.com/gui/file/c27d7174b52a423cdd51187de5c53bd0f3dfebbc76f92575864f3ba4abf2f012/detection

http://79.137.197.29
/rfbqtotg/Dpcejhz.bmp

# Reference: https://twitter.com/crep1x/status/1623394701456859137
# Reference: https://tria.ge/230208-kpd7wshc6t/behavioral2
# Reference: https://www.virustotal.com/gui/file/b2a3e00ad2ee588b552137c94d5f3a4611c2f40d0be23ef6b6b12227baa24ae4/detection
# Reference: https://www.virustotal.com/gui/file/9b6f87d991b04b9eb7c1b5e4bff6b2fff7c8b53156396c1e60ee9523ddd9ece9/detection
# Reference: https://www.virustotal.com/gui/file/04aca53d460d19c73283bcd131e56ccbd4384d5303400dc318d3371b2edba522/detection

http://109.206.243.168
http://144.76.33.241
http://179.43.154.216
http://179.43.154.219
http://78.47.79.11
http://91.215.85.157
193.149.180.103:3301
193.149.180.103:666
/dewight1/colibri.api
/update/nti4ta.3dhh
/nti4ta.3dhh

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Rhadamanthys/Rhadamanthys_Stealer_Panels_10_02_2023.txt

http://179.43.142.71
http://179.43.154.164
http://179.43.176.21
http://94.142.138.26
179.43.142.71:443
179.43.154.164:443
179.43.176.21:443
94.142.138.26:443

# Reference: https://twitter.com/nao_sec/status/1625691518509121537

http://79.137.204.54
/custints/g73lab.id9x

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Rhadamanthys/Rhadamanthys_Panel_scan_16-02-2023_01-03-32.txt

45.137.66.211:443

# Reference: https://twitter.com/BroadAnalysis/status/1630680889771323392
# Reference: https://www.virustotal.com/gui/file/001e6a0bc8566e594f377a33e4d108bba5821e407d38ddd745fe2477ae23a7ff/detection

http://191.101.14.159
/abctop/rfvnq4.co0l

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Aurora_Stealer/txt/Aurora_Panel_scan_02-03-2023_19-30-23.txt

179.43.142.172:443
195.3.223.120:443
195.3.223.218:443

# Reference: https://www.proofpoint.com/us/blog/threat-insight/screentime-sometimes-it-feels-like-somebodys-watching-me
# Reference: https://otx.alienvault.com/pulse/63e3c458fe346cfc050d6880
# Reference: https://www.virustotal.com/gui/file/09c26bfe15d9ac65a9a4a73ccaf20c352d496feecb6a7fd3d5ce3b27d16faeea/detection

http://79.137.198.60
annemarieotey.com
anyfisolusi.com
black-socks.org
bluecentury.org
duinvest.info
duncan-technologies.net
enigma-soft.com
expresswebstores.com
fgpprlaw.com
footballmeta.com
gfcitservice.net
listfoo.org
mikefaw.com
otameyshan.com
peak-pjv.com
repossessionheadquarters.org
samsontech.mobi
shiptrax24.com
southfirstarea.com
styleselect.com
thebtcrevolution.com
virtualmediaoffice.com

# Reference: https://www.zscaler.com/blogs/security-research/technical-analysis-rhadamanthys-obfuscation-techniques
# Reference: https://otx.alienvault.com/pulse/63f63a41659035a81b740554

/blob/vpuu9i.7b4x

# Reference: https://twitter.com/AuCyble/status/1632625549964361730
# Reference: https://www.virustotal.com/gui/ip-address/185.137.235.119/relations

chatgptsinstall.com
exchangecash.online
getchatgptapi.com
getchatgptapp.com
gpt-chat-app.org
gptchatdownload.com
gptchatdownloadpc.com
gptchatdownlod.com
hyperplayofficial.com
inkscapeapps.com
installchatgpt.me
installchatgpt.online
installchatgpt.org
installwebex.com
installwebex.online
lastpass-app.com
lastpassinstall.com
lastpassofficial.com
lastpassofficial.me
lhyperplay.com
metamask-apps.com
officialhyperplay.com
officialschatgpt.com
officialstargate.com
setupchatgpt.com
sketchup-tool.com
snapclhats.com
snapclnats.com
web-ex-app.com
webex-meetings.com
webex.icu
webexsign.com
webexsign.org

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Rhadamanthys/txt/Rhadamanthys_Panel_scan_10-03-2023_23-22-36.txt

193.149.185.118:443
45.77.66.151:443

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Rhadamanthys/txt/Rhadamanthys_Panel_scan_16-03-2023_19-43-54.txt

87.251.67.40:443
91.215.85.157:443

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Rhadamanthys/txt/Rhadamanthys_Panel_scan_23-03-2023_19-17-12.txt

185.225.73.180:443

# Reference: https://www.virustotal.com/gui/file/90bfffe7bfde826f6204ef3546d139b6293d37ef59dbf2cc9d685eb6bb6c8d23/detection
# Reference: https://www.virustotal.com/gui/file/4130ce135fbfab00618f261a0397e88479d2f61e1ed0d09ebcde525439774f3e/detection

/ggkanor/0mv8dc.bqmu
/0mv8dc.bqmu

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Rhadamanthys/csv/Rhadamanthys_2023-04-13_16-24-28.csv

http://108.61.189.120

# Reference: https://twitter.com/crep1x/status/1649067627996672000
# Reference: https://www.virustotal.com/gui/file/58105a9ffb1d4675481d1c945d20630807f9dc2dc3d107a66f2d928125508226/detection

http://104.156.149.126

# Reference: https://twitter.com/g0njxa/status/1645559497987850241

/fredom/YTmeta.api

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Rhadamanthys/txt/Rhadamanthys_Panel_scan_27-04-2023_16-34-09.txt

http://179.43.142.172
http://185.225.73.180
http://45.77.66.151
179.43.142.172:443
185.225.73.180:443
45.77.66.151:443

# Reference: https://twitter.com/powershellcode/status/1678470714024939520

http://185.228.234.189
185.228.234.189:443

# Reference: https://twitter.com/g0njxa/status/1682332969451569153

rhadwikiwwzr6sfzygsr3qh7lwu5ghnaoupxwpsj2xuxjcgcebikh7id.onion
stealerskymtni3tiagmx3pqktjgkm2iigwj6e2touws773emrfjvoyd.onion

# Reference: https://threatfox.abuse.ch/ioc/1146917/

45.81.39.169:8889

# Reference: https://threatfox.abuse.ch/browse/malware/win.rhadamanthys/ (# 2023-08-03)

http://104.156.149.126
http://109.206.240.181
http://109.206.243.168
http://116.202.18.132
http://116.203.136.70
http://143.198.207.43
http://144.76.33.241
http://156.227.6.50
http://162.33.178.106
http://162.33.178.64
http://164.90.172.224
http://179.43.142.201
http://179.43.142.29
http://179.43.142.39
http://179.43.142.40
http://179.43.154.181
http://179.43.154.216
http://179.43.154.219
http://179.43.155.198
http://179.43.155.206
http://179.43.156.145
http://179.43.162.87
http://179.43.176.6
http://179.43.187.95
http://185.209.160.43
http://185.209.160.99
http://185.225.73.180
http://185.246.221.59
http://185.250.205.73
http://191.101.14.159
http://193.233.20.1
http://193.37.70.80
http://193.38.55.238
http://193.42.33.73
http://195.3.223.120
http://198.135.54.147
http://216.250.255.149
http://31.192.237.70
http://31.41.244.38
http://31.41.244.80
http://35.220.153.89
http://40.82.159.41
http://45.12.253.133
http://45.128.234.63
http://45.131.66.61
http://45.15.159.234
http://45.150.65.4
http://45.66.151.81
http://45.82.176.11
http://45.9.74.71
http://46.36.219.3
http://5.206.224.182
http://5.230.73.134
http://62.233.50.246
http://62.233.51.122
http://62.233.51.95
http://65.109.161.133
http://68.183.230.60
http://77.91.122.230
http://78.47.79.11
http://79.110.62.195
http://79.137.204.54
http://79.137.206.68
http://79.137.248.54
http://81.161.229.234
http://85.192.49.170
http://85.208.136.26
http://89.22.230.175
http://91.215.85.157
http://91.215.85.173
http://95.214.53.95
101.99.91.115:443
104.156.149.126:443
107.148.129.135:443
108.61.189.120:443
109.123.252.250:443
109.206.240.223:443
139.28.37.187:443
141.98.11.18:5351
141.98.6.20:2050
141.98.6.78:2205
142.11.215.202:443
144.76.33.241:443
146.190.162.187:443
146.190.228.125:443
159.65.13.48:443
162.0.217.254:443
163.123.142.243:443
164.90.172.224:443
165.22.48.84:443
167.235.139.187:443
176.113.115.86:443
179.43.142.104:443
179.43.142.107:443
179.43.142.23:443
179.43.154.183:443
179.43.154.219:443
179.43.154.224:443
179.43.154.240:443
179.43.154.245:443
179.43.156.141:443
179.43.156.143:443
179.43.162.2:443
179.43.162.87:443
179.43.162.89:443
179.43.162.94:443
179.43.162.99:443
179.43.163.126:443
179.43.175.195:443
179.43.175.197:443
179.43.176.6:443
179.43.187.197:443
179.43.187.201:443
179.43.187.217:443
179.43.187.80:443
185.107.237.56:443
185.17.0.142:4348
185.209.161.81:2022
185.209.162.190:8080
185.224.129.51:8080
185.225.73.181:443
185.242.87.157:443
185.246.222.251:7469
185.246.222.75:443
185.250.205.73:443
185.250.205.73:8080
185.254.37.92:443
185.43.223.200:443
185.99.133.136:443
188.225.35.87:443
193.149.180.103:443
193.233.20.1:443
193.37.70.80:443
193.37.70.91:443
193.38.55.238:443
193.42.32.236:9070
193.42.33.123:443
194.180.48.102:443
194.180.48.19:443
195.133.40.229:443
195.201.37.208:443
195.3.223.214:5130
212.192.246.118:443
212.193.30.57:8080
212.87.204.3:8080
23.106.124.111:443
23.254.167.32:5892
31.41.244.16:443
37.220.87.35:443
45.12.253.133:443
45.12.253.181:443
45.12.253.92:7079
45.128.234.197:443
45.128.234.63:443
45.150.67.45:443
45.153.186.15:443
45.159.188.236:6779
45.159.188.66:6893
45.159.189.31:3047
45.77.32.158:443
45.81.39.169:8889
45.9.74.150:8080
45.9.74.71:443
46.175.150.169:443
5.206.224.182:443
5.230.68.142:443
5.230.73.94:443
5.230.75.236:443
5.75.142.184:443
5.75.168.236:443
62.204.41.88:443
62.233.51.121:443
62.233.51.122:443
77.91.68.146:8080
79.133.180.168:443
79.137.195.45:8080
79.137.197.174:443
79.137.199.193:443
79.137.204.54:443
79.137.248.54:443
80.66.88.72:443
81.161.229.177:443
81.19.140.83:2077
82.115.223.174:8080
84.54.50.158:443
84.54.50.159:443
85.192.49.170:6636
85.217.144.82:443
87.120.88.209:5211
87.251.67.77:443
91.103.252.25:5894
91.213.50.62:443
91.215.85.145:443
91.228.197.254:443
94.131.106.71:443
94.142.138.27:443
95.214.25.203:4033
95.214.27.17:443
95.214.27.198:443
95.214.27.214:443
/blob/hiu6qd.5u17
/blob/swz9lm.1e3k
/blob/u4z70m.ft7e
/bnlib/upc0ac.61j3
/cylook/ki5lbl.zdvr
/logimamonta/LEND.api
/logimamonta/youtube.api
/modlib/o6u3ke.661c
/work/nfw74d.xos1
/84x7k7op.1fspl

# Reference: https://www.virustotal.com/gui/ip-address/5.255.107.172/detection

http://5.255.107.172

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Rhadamanthys/txt/Rhadamanthys_C2_21_07_to_31_08_2023.txt

100.95.210.126:443
136.243.177.54:8010
179.43.142.126:6546
185.17.0.221:3709
185.221.67.14:3142
185.225.73.49:4851
185.244.48.109:7314
192.236.147.141:1642
193.109.85.76:6623
208.91.189.147:2905
212.23.221.72:4907
23.152.0.240:7033
45.66.230.106:8748
91.103.252.25:4681
94.156.102.83:4925
94.156.253.150:7546
95.216.58.127:3364
95.217.10.109:7820

# Reference: https://www.virustotal.com/gui/file/717c6d49e4df554a386191492a5b0096dc3d07000de5ed58d2862872ef3b83cc/detection
# Reference: https://www.virustotal.com/gui/file/b904fa91c8949cb19ba7a9b91e87da13cc47facd826f8bf31f71bbd5ce201928/detection
# Reference: https://www.virustotal.com/gui/file/96a42e9c48bdff00a465e584305b5f031510da8e49409e78518022a8ee232304/detection
# Reference: https://www.virustotal.com/gui/file/457175fc2d1304df94e6e411944f188a97f11753991caf80f6e9f15e34d478b4/detection
# Reference: https://www.virustotal.com/gui/file/08f91bf3a2c4bc8e1cbf4c15a19c4d83ce3af95b2c36260e6ace75450ccc5df0/detection

http://172.217.16.206
http://45.12.253.137
connecteds.online
/files/wdssbp/Azaza
/files/wdssbp/Azaza3
/files/wdssbp/Fido
/files/wdssbp/Fido2
/files/wdssbp/GameBoy
/files/wdssbp2/Bronder
/files/wdssbp2/DoomInstaller
/files/wdssbp2/SensApiD
/files/wdssbp2/SensApiE
/files/wdssbp/
/files/wdssbp2/
/wdssbp/Azaza
/wdssbp/Azaza3
/wdssbp/Fido
/wdssbp/Fido2
/wdssbp/GameBoy
/wdssbp2/Bronder
/wdssbp2/DoomInstaller
/wdssbp2/SensApiD
/wdssbp2/SensApiE

# Reference: https://twitter.com/karol_paciorek/status/1703732303367672306
# Reference: https://tria.ge/230918-mx2dhagg7t/behavioral2
# Reference: https://tria.ge/230918-nbz4zsgh4s/behavioral1
# Reference: https://www.virustotal.com/gui/file/1aafbb728f50518d78e14ef7018338f07453a9715f5bc037606ce6c140ee44c3/detection

171.22.28.205:8181
185.244.48.240:3619
194.180.49.48:9715
31.222.238.209:7702
49.13.68.19:6435
79.133.180.126:3886
94.131.112.209:9856
94.156.102.165:443
95.214.55.177:2474

# Reference: https://twitter.com/JAMESWT_MHT/status/1717514680422313988
# Reference: https://twitter.com/reecdeep/status/1727969240756441236
# Reference: https://app.any.run/tasks/cc1a66bf-8b29-400e-967b-9687e2411abb/
# Reference: https://www.virustotal.com/gui/file/28ee2b81591ace7a552b3a921e9efb6128041cdf6634d5570283225ea3db7a20/detection

23.152.0.240:3957
/835a189ccf9d6badf60eacc/6rs81itm.nx5p8
/835a189ccf9d6badf60eacc/oafcpjjl.sp0ps
/835a189ccf9d6badf60eacc/oafcpjjl.sp0
/6rs81itm.nx5p8
/oafcpjjl.sp0ps
/oafcpjjl.sp0

# Reference: https://threatfox.abuse.ch/ioc/1196609/

65.21.101.233:4714

# Reference: https://threatfox.abuse.ch/browse/malware/win.rhadamanthys/ (# 2023-11-10)

http://163.123.142.243
185.170.144.159:6918
185.221.196.69:5127
185.250.45.93:8925
212.23.221.72:7797
31.192.236.94:6642
5.42.65.27:4811
82.115.223.128:9081
87.121.221.145:9271
91.103.252.25:1033
91.103.252.25:1746
91.103.253.174:1199
94.103.94.153:7414
94.156.102.175:443
95.181.173.164:9397
95.214.55.177:1689

# Reference: https://twitter.com/karol_paciorek/status/1727314303752208410
# Reference: https://www.virustotal.com/gui/file/a96d1f994a40cde4bb1bf6f80ce96af5b7e7d934edbb95100ab2fb777f8f2d84/detection

http://185.221.196.81

# Reference: https://research.checkpoint.com/2023/rhadamanthys-v0-5-0-a-deep-dive-into-the-stealers-components/
# Reference: https://www.virustotal.com/gui/file/bb8bbcc948e8dca2e5a0270c41c062a29994a2d9b51e820ed74d9b6e2a01ddcf/detection

104.129.128.188:9537

# Reference: https://twitter.com/g0njxa/status/1743248482750652723
# Reference: https://app.any.run/tasks/616d2fa4-9595-4b0b-be84-dd5580df2fc5/

176.113.115.224:6230
185.130.226.143:6575
kms-full.com
kms-product.eu
kms-product.pro

# Reference: https://threatfox.abuse.ch/browse/malware/win.rhadamanthys/ (# 2024-01-05)

http://217.197.107.138
165.232.87.210:5945
185.209.161.162:19000
193.233.132.95:3699
195.3.223.126:4287
77.246.104.220:3422
91.92.242.217:19000
91.92.249.101:443
91.92.253.159:19000
91.92.253.3:19000
95.214.25.71:1645
95.217.82.39:19000

# Reference: https://twitter.com/reecdeep/status/1745391796706795673
# Reference: https://app.any.run/tasks/877c5718-df46-40e8-af49-4f9c139205ca/

141.105.68.140:9392

# Reference: https://any.run/malware-trends/rhadamanthys (# 2024-01-25)
# Reference: https://www.virustotal.com/gui/file/3cfb7fec43036027f8bde45526ecd6d3d4ee2a51fb6d4476d5cd398ced8a3c17/detection
# Reference: https://www.virustotal.com/gui/file/3778411ff33576685f13f163cac7b3452ea7bdce7caa92924ff5194d4b5d0785/detection

http://212.193.30.32
http://31.220.57.50
amxt25.xyz
motorline.pw
mylangroups.com
8002.motorline.pw
api.mylangroups.com
/CRYPTORPROLIV
/a6ba5b1ae6dec5f7c/
/a6ba5b1ae6dec5f7c/8tkf22v9.ed2jd
/a6ba5b1ae6dec5f7c/j5e4ok98.h44x9
/abctop/oy7xup.thms
/api/59ywc1.5oic
/api/5uwuz3.sr4b
/api/9wcnem.x0vs
/api/CRYPTORPROLIV
/api/mpnz0d.fxbz
/modlib/79q4x9.fkc9
/modlib/8q85xm.zmam
/wgetlist/in60fc.j42a

# Reference: https://twitter.com/banthisguy9349/status/1753719065007239582
# Reference: https://www.virustotal.com/gui/file/b2345de696d1605616e1c5264570288737796e7b39dfa176d882d96b47e4bede/detection

http://185.216.70.80
185.216.70.80:1799
/5ceebbbb9bccc4449a/b42ta04b.sp33o
/5ceebbbb9bccc4449a/
/b42ta04b.sp33o

# Reference: https://twitter.com/h2jazi/status/1758507658791862627
# Reference: https://www.virustotal.com/gui/file/5cb65b469023dcc77ede21c66a753fa9cbe67597aae142958fce4936ce3974aa/detection

185.23.108.220:6339

# Reference: https://twitter.com/doc_guard/status/1760295318808121348
# Reference: https://www.virustotal.com/gui/file/1c7476c33f0d56e970dbfad87da96739d74bbd1928c4a044715ea75f61e72192/detection

whitemansearch.shop

# Reference: https://twitter.com/ViriBack/status/1769336570459386268
# Reference: https://twitter.com/ViriBack/status/1769340643883581816
# Reference: https://www.virustotal.com/gui/file/098318e3517c6d2f526bc6aaccb02a5f37fb615069b1656b5ba176dd6385a581/detection

http://185.172.128.170
wexe.ink

# Reference: https://www.malwarebytes.com/blog/threat-intelligence/2024/03/new-go-loader-pushes-rhadamanthys
# Reference: https://www.virustotal.com/gui/file/bea1d58d168b267c27b1028b47bd6ad19e249630abb7c03cfffede8568749203/detection

151.236.21.128:4738
192.121.16.228:22
astrosphere.world
puttyconnect.info
zodiacrealm.info

# Reference: https://twitter.com/r3dbU7z/status/1772940912919740719
# Reference: https://www.virustotal.com/gui/ip-address/188.40.171.105/relations
# Reference: https://www.virustotal.com/gui/file/1910a3ea0c95c9a15e6695eaff4c1c4a71ad7440a56fc4df893ea506146661e8/detection
# Reference: https://www.virustotal.com/gui/file/8568a043bbf74369e69ddc8d59d78f10260810e4b551ab4b0284106f3cfbbbd3/detection

45.147.199.21:2314
bedispio.wiki
cilyseyann.org
daikenn.club
inatekrin.ink
keauniolas.org
ndsikapher.cloud
sarianarg.com
winoxarl.pro
zahogon.vip
zesteka.pro

# Reference: https://www.malwarebytes.com/blog/threat-intelligence/2024/03/new-go-loader-pushes-rhadamanthys
# Reference: https://otx.alienvault.com/pulse/66017db30442d5ba6d624260

arnaudpairoto.com
/onserver3.php

# Reference: https://www.proofpoint.com/us/blog/threat-insight/security-brief-ta866-returns-large-email-campaign
# Reference: https://www.virustotal.com/gui/ip-address/37.1.212.198/relations
# Reference: https://otx.alienvault.com/pulse/65a98e9c335df7bc26b4d81a

http://37.1.212.198
mycasemembers.icu
scanner-ip-adv.com
tradingviewapp.icu
tradingviewapp.sbs

# Reference: https://www.virustotal.com/gui/file/0b2fe8188163d143a4c7fe09ce892dcf45fe0e43ca869ec8e65cca020ee06cb2/detection

http://77.221.137.22
77.221.137.22:443
/a8bdd0312f3daae757dcbbe2/s7gxggiw.fsc1l
/s7gxggiw.fsc1l

# Reference: https://www.proofpoint.com/us/blog/threat-insight/security-brief-ta547-targets-german-organizations-rhadamanthys-stealer

indscpm.xyz
94.131.104.223:443

# Reference: https://twitter.com/K_N1kolenko/status/1779788792552906932
# Reference: https://www.virustotal.com/gui/file/c829be0e78641329583de11672027a67cb3fc2ba31059e258a87001953b8f4ac/detection
# Reference: https://www.virustotal.com/gui/file/4d7ff7ef62614937e0cbebbd3f454a1df8f1752788a29709a1256d78393c0662/detection

185.234.216.132:2130
/5cd712a757a55321d4/ecvfk21e.20bg8
/5cd712a757a55321d4/dpddjk53.13lbs
/dpddjk53.13lbs
/ecvfk21e.20bg8

# Reference: https://twitter.com/x3ph1/status/1765502001469636955
# Reference: https://tria.ge/240306-z2rq3sae4y/behavioral1

91.92.251.50:3399
viewdocsfile.xyz
hv.viewdocsfile.xyz

# Reference: https://twitter.com/johnk3r/status/1790387254315118707

opensun.monster
stand-dog.com
/2704e.bs64

# Reference: https://x.com/malwrhunterteam/status/1813432141486665759
# Reference: https://www.virustotal.com/gui/file/52a1115da23f47ccb3b9f0cb5b96741472e757c833082434ef6f7fe4a39d4d21/detection
# Reference: https://www.virustotal.com/gui/file/03011232c01450af9a42fb5f3954dcb40c36c9ba9ad06d6a213febda03c5bd8f/detection
# Reference: https://www.virustotal.com/gui/file/b940bf46f79be84b95f0cc1718cd020f76ee1a99a64023a859c25f9b53543e76/detection

79.110.49.242:2075
/8f30b20831bade7a2/bmtox8we.0cepo
/8f30b20831bade7a2/63qlt2hh.c7rth
/8f30b20831bade7a2/
/63qlt2hh.c7rth
/bmtox8we.0cepo

# Reference: https://x.com/r3dbU7z/status/1815405709972193765
# Reference: https://www.virustotal.com/gui/ip-address/144.76.48.53/relations
# Reference: https://www.virustotal.com/gui/ip-address/94.130.255.143/relations

afternburner.org
alerstat.org
amorefysuop.pro
bidalopswer.org
brarve.com
brlave.com
coverahug.org
discoverahuge.org
dogpoorse.com
doweoanst.pro
finsthis.cloud
foojerwa.ink
fostoopas.cloud
fostoopas.site
hoopsature.click
imbajodoobveb.pro
mireiaskqans.com
notion.ws
proxybrowse.org

# Reference: https://x.com/r3dbU7z/status/1815738131439632828
# Reference: https://app.validin.com/detail?find=5.9.198.36&type=ip4&ref_id=7210e896344#tab=resolutions

koloosdas.life
iit-consulting.org
macrium.org

# Reference: https://x.com/JAMESWT_MHT/status/1815399555183034464
# Reference: https://app.any.run/tasks/7662f569-af72-4c37-a1ed-f4ef3d14c0a7/
# Reference: https://www.virustotal.com/gui/file/7568695926acc0184a6d8364e55c2fec814fc7800641ae30e8a69a4f2c39e5b5/detection

http://74.119.195.176
109.120.176.41:4394
109.120.176.41:443
74.119.195.176:4443

# Reference: https://www.virustotal.com/gui/file/d94ffbeb0ca3a1ed919281dc57e95cd34064bc053f59ec69d9cdbb5d6a714b36/detection

http://217.197.107.154
/e0bd9c1f4515facb49/m58gpf5u.6eabm
/e0bd9c1f4515facb49/
/m58gpf5u.6eabm

# Reference: https://www.virustotal.com/gui/file/7587be1d73dd90015c6200921d320ff0edcec19d7465b64d8ab8d12767c0f328/detection

http://85.28.47.139
/e0bd9c1f4515facb49/gj28n35o.2n73x
/gj28n35o.2n73x

# Reference: https://www.virustotal.com/gui/file/35a70792a57447358477e5ca678420f14f577ed8e7956c9ee9013b8633d7feac/detection
# Reference: https://www.virustotal.com/gui/file/141ee34a8afb8f5a9d47e4910395bc70098a40ab46eb65bf3fb0b8e7c415c956/detection

176.124.198.186:443
77.91.77.200:443
/e0bd9c1f4515facb49/tcg5blro.3wf1o
/tcg5blro.3wf1o

# Reference: https://www.virustotal.com/gui/file/7a1a58f0b66bc1a1c0920c247f6a150e50bcd28c8c6092e2c65f7c499e1dd40f/detection
# Reference: https://www.virustotal.com/gui/file/209c1b59720cd3e725445eb2b41f6fdc3ce523b88a9d9e5f581118e50dfa6bfa/detection

45.15.159.127:8287
/f530c8c20d51d6283e9594a/1b9n5xj5.5c38n
/f530c8c20d51d6283e9594a/6vox1v1p.ssmgs
/f530c8c20d51d6283e9594a/
/1b9n5xj5.5c38n
/6vox1v1p.ssmgs

# Reference: https://www.virustotal.com/gui/file/d247f757d8b0b96aa59a1d1af2f06677a4bf88d4ec9d9bf2087988159157888a/detection
# Reference: https://www.virustotal.com/gui/file/059b0277ed5bbf9978f41482d69177840201223cd6001788d0de6d3c9ea990a2/detection

http://41.216.183.3
91.92.243.113:3099
/a9f45d765b01a030d5d/cft96hcx.2grjb
/a9f45d765b01a030d5d/
/cft96hcx.2grjb

# Reference: https://research.checkpoint.com/2024/stargazers-ghost-network/
# Reference: https://www.virustotal.com/gui/file/64a49ff6862b2c924280d5e906bc36168112c85d9acc2eb778b72ea1d4c17895/detection
# Reference: https://www.virustotal.com/gui/file/060de3b4cf3056f24de882b4408020cee0510cb1ff0e5007c621bc98e5b4bdf3/detection

147.45.44.73:1488
147.78.103.199:2529
89.23.98.116:1444

# Reference: https://www.virustotal.com/gui/file/1fd5d4bbe948c9c60602392c338ea07fdbe44dea6216013a62c180aea97d2c1f/detection
# Reference: https://www.virustotal.com/gui/file/2003e381ae90e155ee9e413ecb9d696b5e01b0774a619fd72a02d31b85e74177/detection

195.85.250.221:4827
/dd66d96a09e5b9d57/6k1r96p5.g2eon
/dd66d96a09e5b9d57/
/6k1r96p5.g2eon

# Reference: https://www.virustotal.com/gui/file/0977091d893c69b8e301044c06e4f6a8016b4ee4d79c5810c6d21951598aa195/detection
# Reference: https://www.virustotal.com/gui/file/0b0b55d288891d1e995aa5c0a187f86388155156d1075b1279a82b9a33101754/detection

82.115.223.43:25565
82.115.223.93:3869

# Reference: https://www.virustotal.com/gui/file/2812bff1ead67a077addcb6191a223fb213d4382610ba78c30bd410190195dc5/detection

94.156.8.76:4283

# Reference: https://www.virustotal.com/gui/file/1444be93622b4eb94453dc89c3b2d547db6e4a6c45de0f3ad7ccdf19e89ad756/detection

147.45.44.27:2656
/5dc721849275d2052d68b45e/ut5m8tlp.n072k
/5dc721849275d2052d68b45e/
/ut5m8tlp.n072k

# Reference: https://www.virustotal.com/gui/file/4d475ad0c121a381c0997ba4a608c54ad5c5c0e5fe80561cfeab39c15486472d/detection

147.45.44.25:5877
/d36cbb23c68ffaff25/vjj0dpxt.ggr8h
/d36cbb23c68ffaff25/
/vjj0dpxt.ggr8h

# Reference: https://www.virustotal.com/gui/file/2ae394f90549041bd6e745e28feab1eb7b9d3c24128c3dc9782ca4ed2e978d04/detection
# Reference: https://www.virustotal.com/gui/file/0c91e714ce9cead2e439338d29c60619e3328feb2de9ae4e07aab5840b17f8f5/detection

94.156.8.83:4785
94.156.8.85:3195
uploadex.pw

# Reference: https://www.virustotal.com/gui/file/d1458d4c7ecd0cc55ae9927830540bd459157d36023e0b41003a3518add76898/detection
# Reference: https://www.virustotal.com/gui/file/c5ac047b3b5f6742f0eae476426e5819318707594694015b352d217df94f5071/detection

185.125.50.70:1731
/2c51ed20daec0b6c42/4cnct69r.js6ns
/2c51ed20daec0b6c42/ko5nvi8o.d9gia
/2c51ed20daec0b6c42/
/4cnct69r.js6ns
/ko5nvi8o.d9gia

# Reference: https://www.virustotal.com/gui/file/22597d205a140d83e71c3aeea8746b1a874cc8d426894249ae07aa69d0710781/detection
# Reference: https://www.virustotal.com/gui/file/7ea29ccdacab4fddd741533bb17032d011fbed4b46a6b957bbb049f597923907/detection

185.74.255.29:2080
/f2ca4fdf02e2a/6actks26.1x8bf
/f2ca4fdf02e2a/
/6actks26.1x8bf

# Reference: https://www.virustotal.com/gui/file/ba258c42715c601d7fea188f662275e1fb6a665718a96124f8a2be1a5de27d44/detection

94.156.10.37:2036
/efc85e6acdfc3a785/1evgkhav.3ltvh
/efc85e6acdfc3a785/
/1evgkhav.3ltvh

# Reference: https://www.virustotal.com/gui/file/28529afc2b353bdce2236eef5bf274a36d979313c13f46aa8986b3546428a44d/detection
# Reference: https://www.virustotal.com/gui/file/29123023532e125720424f1eb38d0f783ffcf24660c2728a20130d2cedbade16/detection

147.78.103.93:4394

# Reference: https://www.virustotal.com/gui/file/eed6fd889c8f54304bd8ef1da4c5596251f4445925835a36d834575ce687d6cb/detection
# Reference: https://www.virustotal.com/gui/file/88d9096edf055555d97736d8d306b66f7ad4ee5f3b13a68f885480faee80e5ea/detection

http://37.1.214.238
38.180.80.23:1636
/08f40fa940d4d07730cea/stb9aujf.q2gqf
/08f40fa940d4d07730cea/
/stb9aujf.q2gqf

# Reference: https://www.virustotal.com/gui/file/940c4215db10e957a76db5c360a590d894640bc811831ac53a50fe90953c9208/detection

94.156.8.211:2096
/255d808fda21a5/00v7tdtm.gtsv5
/255d808fda21a5/
/00v7tdtm.gtsv5

# Reference: https://www.virustotal.com/gui/file/0500e5ad7e344d32ee26da988aeb30f6344a0c89a68eacce5d6a5683d1fee0e1/detection
# Reference: https://www.virustotal.com/gui/file/17ba2754f7671b6fa7ec2311d45e8874988b6fd65e799a9551bb16a9ce986e7d/detection

159.69.186.28:8914
240506192407915.mar.tari91.shop

# Reference: https://www.virustotal.com/gui/file/5578a78576a35a6a95c8a5372e7d498fd4d2a4d5d7abe7369a14307d578192c6/detection

147.45.68.131:5888

# Reference: https://www.virustotal.com/gui/file/d34f63df04faa6c172ccacc9ac4b7572a28d332e27f2130c7eb2dee9a49a0f04/detection

45.61.137.165:2297
/60e467a6b549721041a09/efv4104h.1i0da
/60e467a6b549721041a09/
/efv4104h.1i0da

# Reference: https://www.virustotal.com/gui/file/52038c38dc147fbb2ae03a8569cf07cb2d1d29c14d7fa30215757afd3076c89a/detection
# Reference: https://www.virustotal.com/gui/file/936e7754b3df49aa5149332aecf193ea1753dc844f63284a25a43363df6d9e1f/detection
# Reference: https://www.virustotal.com/gui/file/4be740b7411f644b92749c5fd9be10b827f885c13690aaf7857a6d58b44e9c8c/detection
# Reference: https://www.virustotal.com/gui/file/9e495b41518154b5c5cb3fff866aa26c894adf164b2639f05ba23bb5e75be5ef/detection
# Reference: https://www.virustotal.com/gui/file/c50326e6b68e807eaf188f95ff6e2a17df11efbfd0936395b452946085b83fcd/detection
# Reference: https://www.virustotal.com/gui/file/f1b77c35dabb24df4429eed471f1846b46e5f25c353bbed277a8a4f0ffef06d6/detection

87.120.84.232:2084
/2b6c01e7a6591d730234fd/cmrdfs08.9h6cm
/2b6c01e7a6591d730234fd/h6h29p5o.tu8eo
/2b6c01e7a6591d730234fd/m82butue.apqnl
/2b6c01e7a6591d730234fd/nwodv9oe.x0oo4
/2b6c01e7a6591d730234fd/rwe52hcc.4w485
/2b6c01e7a6591d730234fd/
/cmrdfs08.9h6cm
/h6h29p5o.tu8eo
/m82butue.apqnl
/nwodv9oe.x0oo4
/rwe52hcc.4w485

# Reference: https://www.virustotal.com/gui/file/53bda0f58bb516a31caeed5a0616648cc0f47233514d3a6c8b8cded2110fa955/detection

94.156.8.156:1886
5.255.117.197:6073
any-data.org
rx.any-data.org
/b67624e7e58bd8c44e0bf769/32i2lnpi.9u8b6
/b67624e7e58bd8c44e0bf769/
/32i2lnpi.9u8b6

# Reference: https://www.virustotal.com/gui/file/f4dde5135d892a3b27afc4a95376e7880eee75c2d0b1b711baf4a9bd93bda187/detection
# Reference: https://www.virustotal.com/gui/file/16bf28c3de807beac1635ac6e78925024379d6d53943ec1dd74a565b4885e150/detection

147.124.221.241:1149
/9c59034ac60846f8/mrx8h4of.prxvo
/9c59034ac60846f8/
/mrx8h4of.prxvo

# Reference: https://www.virustotal.com/gui/file/442dce3fa625e1c45830c63504935e764512a5176ee26f3b0595f09cf9c78a07/detection
# Reference: https://www.virustotal.com/gui/file/d77f17d94ea95f79b848b654e3db77df05cda581b210380143516764f30e3f57/detection

147.45.68.112:3423
/29c9ef0d81fe7ec2a5239/kmja9t4f.063i9
/29c9ef0d81fe7ec2a5239/
/kmja9t4f.063i9

# Reference: https://www.virustotal.com/gui/file/0518892b68d9401cee558e0615322ba2a902d759e36b315a55fe7238aff71d72/detection

185.125.50.38:3034
/739bd3e91cd40ca83/tg.api
/739bd3e91cd40ca83/

# Reference: https://www.virustotal.com/gui/file/6124b3aef8d816372e8e6a4d7bf5452e1752c8689aefac2654e1be8de81149a8/detection

http://94.232.249.139
94.232.249.139:443
/0555b35654ad1656/bkks8cde.s5cev
/0555b35654ad1656/
/bkks8cde.s5cev

# Reference: https://www.virustotal.com/gui/file/53218d2a6a643f61f191b955d34b2e3ada7ea1fe464c3ed44ecf66bbe4c90d9c/detection

94.232.249.140:2025
silentpulse.space

# Reference: https://www.virustotal.com/gui/file/321af007759c75bf0614fae50fcb64c0e64d5e9f148d9a2480fde468f216bfeb/detection
# Reference: https://www.virustotal.com/gui/file/2a8326edeb3ca0debbe32ab0d0a0c36e00ab88aaeb2ec6566592c75d4d6b532b/detection
# Reference: https://www.virustotal.com/gui/file/8924deb5685d7dfda380016b361d3380f4b970858a1410c6c26f419711d5db14/detection

94.156.8.61:5562
/8752b9a6a0c711d/1kseoq27.jhdfj
/8752b9a6a0c711d/
/1kseoq27.jhdfj

# Reference: https://www.virustotal.com/gui/file/06c1138caa402a130fdb039247285891d1e2d17d687aec131c60ab0165f5900b/detection

188.119.112.100:7811

# Reference: https://www.virustotal.com/gui/file/19989f80ebbeb884d3b48f1e83cd433eaff1f2e8bcc98a5c1262d4bf2f44a957/detection

168.119.96.63:6965
240103190656685.mar.tari91.shop
/09ae997ff691fd2fc/for1j5wk.5rlin
/09ae997ff691fd2fc/
/for1j5wk.5rlin

# Reference: https://www.virustotal.com/gui/file/67543d2d1bc9ef32ead244089fa2cd86e4834ccfef7a06637a1896e8686ea725/detection

193.233.132.109:7268
/55eda4145b3ded541/kts5r0mj.id4op
/55eda4145b3ded541/
/kts5r0mj.id4op

# Reference: https://www.virustotal.com/gui/file/90b1fa4e026c28ba9cf5ffb6a4c5889ead247384a9b55cc881a96ff8cd3c1f13/detection
# Reference: https://www.virustotal.com/gui/file/a9fc15804622a1e0cba35575ea7e2245b6bf4f459fb2272bf9c2624cf1c2265e/detection

http://94.156.8.129
185.216.70.91:6327
94.156.8.129:443
/68c8ee7d3c216cd1fa3c/siploou6.qgojr
/68c8ee7d3c216cd1fa3c/
/siploou6.qgojr

# Reference: https://www.virustotal.com/gui/file/b2f74bf89381c3e684b6aa102cfe029cfe5c4f88038920d003321814fc670777/detection
# Reference: https://www.virustotal.com/gui/file/cc50b23f42573a44922f18b0ea76ae8096eafa1cfda126eb4e26503f20729464/detection

94.156.8.225:1647
/3a1d417ab1b4633fb1ae7841/6pqmvpif.tecx5
/3a1d417ab1b4633fb1ae7841/
/6pqmvpif.tecx5

# Reference: https://www.virustotal.com/gui/file/342b579d05db5b5220e63b71df78339efe2c94437c1d18832e66cf52974d2428/detection
# Reference: https://www.virustotal.com/gui/file/5da24471ee10bbface1bbb376fe60fc75bdf677c9c906606fe0d61635496ad28/detection

http://49.13.61.146
49.13.61.146:443
240103190656685.mar.tari91.shop
/09ae997ff691fd2fc/0dj1hnai.ratr2
/09ae997ff691fd2fc/
/0dj1hnai.ratr2

# Reference: https://www.virustotal.com/gui/file/425d4992f51bac167484250968197f5cd0d5ef7c655286dfef05c44723a06a7c/detection
# Reference: https://www.virustotal.com/gui/file/8ea6e5baa67f2bbdcf33e69cab0a78992d9f6d8e8ff2b6c8d053ee9ac416af45/detection
# Reference: https://www.virustotal.com/gui/file/cd2dba4557a92c72e571c6031769621b1f019b32f2f2c3771b07e11612754f55/detection
# Reference: https://www.virustotal.com/gui/file/f90d8200d482bc9cf35a9b64a5bb1da69b3c0f0529c1ebc9d9cff1ef078fe353/detection

147.45.79.165:9621
/b39580502b0cd76c55/5w4gsj2q.af5nl
/b39580502b0cd76c55/vtjgppbt.82r25
/b39580502b0cd76c55/
/5w4gsj2q.af5nl
/vtjgppbt.82r25

# Reference: https://www.virustotal.com/gui/file/074591a5e410d0b4fb1eb9b29a0ea837470341c348ce0b19fc1cd694ce5002bc/detection
# Reference: https://www.virustotal.com/gui/file/0017c10d57b9cb90cf9aba8b1d9085995c841fb65ca3680ebcb9876bfbe8cc49/detection

147.45.44.13:1849
/90a878e6a80b4c105d7a4/ab1g67kh.ou2sb
/90a878e6a80b4c105d7a4/
/ab1g67kh.ou2sb

# Reference: https://www.virustotal.com/gui/file/102c9038f311da53770861f410d59c9bb49f5a94800902a9a7ac173a7321c89b/detection

185.216.70.103:3951
/23fa5e4c813bef61/9wb4gxku.2go4e
/23fa5e4c813bef61/
/9wb4gxku.2go4e

# Reference: https://www.virustotal.com/gui/file/6d38ecc7c7421b3294ece31e257138dba7c1e933d5d4aecac68acd1b0395f7f8/detection

/5cd712a757a55321d4/vas3cqwt.tv428
/5cd712a757a55321d4/
/vas3cqwt.tv428

# Reference: https://www.virustotal.com/gui/file/62ea8ac2927d5de142414964ba812d8fbd18b890569f39d2ed9ef79a538eac49/detection
# Reference: https://www.virustotal.com/gui/file/0b1701a5efd9f0ac27fa5ca8f058ce3a099bc9fd04611c3eb906fbab8f6bacde/detection

http://147.78.103.70
http://94.156.8.232
94.156.8.232:1622
94.156.8.232:443
z-kasino.com
/Zwdfqj12932WFNp/2CWQd71234x/zm1r3c216DFxrtf34213z/
/2CWQd71234x/
/Zwdfqj12932WFNp/
/zm1r3c216DFxrtf34213z/
/c1402fa62dc004/s209r0u5.lrdw9
/c1402fa62dc004/
/s209r0u5.lrdw9

# Reference: https://www.virustotal.com/gui/file/a4d516143d9796db7f937013ec6321699fbc745f20d87b0d9c463773f803c46a/detection
# Reference: https://www.virustotal.com/gui/file/9c94294cce93ccc24ae8b5fdbd0e40872283dff512f651aa801540742a7d22aa/detection
# Reference: https://www.virustotal.com/gui/file/884e2b61f3c5983302018dbd67630d7882e5b0985fa1fd88c521526654560ddd/detection

147.78.103.158:9164
/4464cbf7b7e4c5f57/1g59us79.sq8ti
/4464cbf7b7e4c5f57/
/1g59us79.sq8ti

# Reference: https://www.virustotal.com/gui/file/807f3be1bbb99c0806287883de81b45480a89f6a1841bd71571ca49b6edec5cf/detection

147.124.220.235:5751
/fc60589c694beb0/l02kh86w.la6pm
/fc60589c694beb0/
/l02kh86w.la6pm

# Reference: https://www.virustotal.com/gui/file/195567e33ccb27a635787ffb1f3bd82e880d9dc96b526a6df4a1b4135336bbd0/detection
# Reference: https://www.virustotal.com/gui/file/cace661f64a437760f75f1dc0a4d27ddde7bc0d7131d082baa6ecf95c12c3796/detection
# Reference: https://www.virustotal.com/gui/file/d32800752f254903ea73376bc6c83f5c21d317957f086f8c5b7dc1c1e3264a51/detection

45.77.90.90:2584
/231d3e8d1e3b2d2991/3wma888e.b3sug
/231d3e8d1e3b2d2991/ck4hpiqq.vp2pe
/231d3e8d1e3b2d2991/ll3kcjfm.t205o
/231d3e8d1e3b2d2991/
/3wma888e.b3sug
/ck4hpiqq.vp2pe
/ll3kcjfm.t205o

# Reference: https://www.virustotal.com/gui/file/1d7e535034b97ce822224434275527340ed50c9f3d1682697fd4a8ccfde06a46/detection

147.78.103.128:2118
/e00d19ef9c162f804fafdc43/61gnehbk.p9c7c
/e00d19ef9c162f804fafdc43/
/61gnehbk.p9c7c

# Reference: https://www.virustotal.com/gui/file/0db89dcb32a731ba535ccc4a5f92c1a6d28aaf47707cef8b8164e9f7746092e6/detection
# Reference: https://www.virustotal.com/gui/file/4ae463fc2c0c26e51550cd7d0999811397858232cad471073479b714bdbbed66/detection

141.105.68.140:9392
/720531aa55999f9/MainFlow
/720531aa55999f9/

# Reference: https://www.virustotal.com/gui/file/0085b52ad7a33767afd7604a1a31e19666f5c03623fd33f0a87d7d8762c44bcc/detection

93.123.39.67:2031
/de7de69c81a8945fd/n416bgd3.dd6fj
/de7de69c81a8945fd/
/n416bgd3.dd6fj

# Reference: https://www.virustotal.com/gui/file/38f73590bb0ccb8ce5d4cf6714d07b00c22fe94c43ca29bee7c83f26e279d3b5/detection

91.92.247.20:7206
/c981cfa3ff0e7f967ace7/grhi7ar6.h46ua
/c981cfa3ff0e7f967ace7/
/grhi7ar6.h46ua

# Reference: https://www.virustotal.com/gui/file/acb7082e84d5687566cda40061ce24bb930cf68b9954bf023abb5798e1c3a3ad/detection

80.66.79.88:7691

# Reference: https://www.virustotal.com/gui/file/e61c77eb8d6efcd53a4f606ad4c911932ca90f838354082ebae7250f260bddc9/detection
# Reference: https://www.virustotal.com/gui/file/c34f02d2d0ae81b32ee2ac5128161812a69b798f0d9554207412b51309a0c37b/detection
# Reference: https://www.virustotal.com/gui/file/ad612957cfbcbc6b35d4c99f866c91715acb65f96541c86abbcd019d11f0c2e0/detection

94.156.67.91:6939
/063f04131db66c38e7/qksewsl3.7linm
/063f04131db66c38e7/r5ja48vi.18otd
/063f04131db66c38e7/
/qksewsl3.7linm
/r5ja48vi.18otd

# Reference: https://www.virustotal.com/gui/file/c054e087aebd717a9114793976e36fa9ad0f0b423c62cb972136cdc817c90907/detection
# Reference: https://www.virustotal.com/gui/file/2a4a5dd292f61bc749a25978da5db1f25a1b399a6d739305a5625c9c3c430918/detection

94.232.249.135:8690
/22513b90cc606fc/pal8qjsq.fb5je
/22513b90cc606fc/
/pal8qjsq.fb5je

# Reference: https://www.virustotal.com/gui/file/fefa72d1ece93c77c259c007f83b3e2126188b6106ae2f0de46d0b30e7a2e440/detection

107.189.3.166:1873/e1bb991a5d5d7be581/m0l1adip.7j5ws
107.189.3.166:1873
/e1bb991a5d5d7be581/m0l1adip.7j5ws
/e1bb991a5d5d7be581/
/m0l1adip.7j5ws

# Reference: https://www.virustotal.com/gui/file/d77f22addf2f22fb23de403112ad96a5f34b00eaa168929c876dfbba8f9e65a5/detection
# Reference: https://www.virustotal.com/gui/file/e3163d0270f568156eab48f5a88d4b9f397936105e6f1ec81a3bdebf5957cb5a/detection

95.164.85.120:7272
/57d86f8c23390a/hghxxchl.860j3
/57d86f8c23390a/
/hghxxchl.860j3

# Reference: https://medium.com/walmartglobaltech/rhadamanthys-v0-6-0-automating-config-decryption-06eb0f28b55f

carssell.online
dyk3j10rcxd1av9.xyz
hankirit.asia
kelimzorro.xyz
pdfiso.com
qxugb3qpfpafmlto.xyz
renzoprotocols.co
uaabcvsolwgl.xyz
wanderpics.net
xt6drjp542fz6j7xt.xyz
api.dyk3j10rcxd1av9.xyz
api.hankirit.asia
api.kelimzorro.xyz
api.pdfiso.com
api.qxugb3qpfpafmlto.xyz
api.uaabcvsolwgl.xyz
api.xt6drjp542fz6j7xt.xyz
one.renzoprotocols.co

# Reference: https://threatfox.abuse.ch/browse/malware/win.rhadamanthys/ (# 2024-08-17)

185.209.30.112:9202
188.208.197.140:5906
pastratas.ac.ug

# Reference: https://x.com/ShanHolo/status/1828083266236363185
# Reference: https://www.virustotal.com/gui/file/269f16510e12acc4fdacb0891c605e944cce9845517ec817ea5a06f0c6c362f5/detection

147.124.222.184:7232
foojerwa.ink
yoganesteron.wiki
/2ff7fa032802244/tnvi7gis.n72p2
/2ff7fa032802244/
/tnvi7gis.n72p2

# Reference: https://www.virustotal.com/gui/file/39ccc224c2c6d89d0bce3d9e2c677465cbc7524f2d2aa903f79ad26b340dec3d/detection

147.78.103.162:44480
93.123.39.72:5171
/f0905302a725dad1c/s9hbb0ou.11791
/f0905302a725dad1c/
/s9hbb0ou.11791

# Reference: https://x.com/r3dbU7z/status/1824472050028679486
# Reference: https://www.virustotal.com/gui/ip-address/136.243.209.210/relations
# Reference: https://www.virustotal.com/gui/file/a063acc37f8c2a6df7f3c7d685ca0f9ae0fa5cfce867f124ed425c18dafa95c3/detection

amplosurestob.homes
atlaissian.com
dopsry.ink
gpasoobater.pro
ipcheadoop.pro
loasdpyreasoonjop.cloud
nooaasdzasg.live
roobsadlov.cloud
saprinoduys.ink
shawnydne.org
silobsatewpes.click
simonasoshiop.click
wokodloisa.pro

# Reference: https://x.com/StrikeReadyLabs/status/1830420330541703309
# Reference: https://www.virustotal.com/gui/file/4a9e11f3a1b5b7543f00f4f662b4602c5449c78f7181a139af3b804aa7316006/detection
# Reference: https://www.virustotal.com/gui/file/fd65a36e69c42ab79d3511669560c83de0aad638a178029363aff56afe144911/detection

51.75.171.9:5151
57.128.169.122:4104
/9640d96bbead45f349f3ab9/Xteam1.api
/9640d96bbead45f349f3ab9/Xteam2.api

# Reference: https://x.com/JAMESWT_MHT/status/1831706666087104793
# Reference: https://x.com/StrikeReadyLabs/status/1834412449291706503
# Reference: https://app.any.run/tasks/297f7bcd-3070-4381-9168-561ff6f17016
# Reference: https://www.virustotal.com/gui/file/34918278f6eb6b5e3afa8da406eb3c5a4cc3b7c4a1cee55320fecdbef4e0a463/detection
# Reference: https://www.virustotal.com/gui/file/e0b4e3f7d35c182ca48c49c635138ab343c4415dae32a086ba19c0ecaf41936e/detection
# Reference: https://www.virustotal.com/gui/file/01c3e4114427cce7ab6bf90cfa72164a8cfd37dcadddb69817c31679e12fd263/detection

63.141.252.2:3715
63.141.252.2:3736
deadmunky.nl
/b607677f1d5be7bf651f2/q1bwmeni.33ap7
/b607677f1d5be7bf651f2/
/q1bwmeni.33ap7

# Reference: https://x.com/banthisguy9349/status/1836062997141225964

mexs.xyz

# Reference: https://x.com/crep1x/status/1838884440543465937
# Reference: https://www.virustotal.com/gui/file/b2a9ce1b9474564ed479861222f41161bca44bf584953f5c13348b0d5d3ab8ab/detection
# Reference: https://www.virustotal.com/gui/file/2ffc8acfe1c879ca0b6e411738145814d5205107f52e99a22903c16d55e211cf/detection

http://91.103.140.200
91.103.140.200:443
/3936a074a2f65761a5eb8/6fmfpmi7.fwf4p
/3936a074a2f65761a5eb8/
/6fmfpmi7.fwf4p

# Reference: https://www.recordedfuture.com/research/rhadamanthys-stealer-even-demigods-can-die
# Reference: https://go.recordedfuture.com/hubfs/reports/mtp-2024-0926.pdf

103.148.58.146:5199
103.148.58.151:5199
103.148.58.152:5199
103.173.179.189:443
104.234.167.212:443
107.189.28.160:7705
135.181.4.162:2423
139.99.17.158:443
142.132.161.168:443
144.76.133.166:8034
147.124.220.233:7843
147.45.44.107:443
147.45.44.126:443
147.45.44.143:443
147.45.44.187:443
147.45.44.195:443
147.45.70.184:1525
149.102.143.198:9586
154.216.17.126:4501
154.216.17.181:443
154.216.17.85:443
154.216.18.122:2013
154.216.19.149:2047
162.254.34.46:443
167.88.170.44:443
170.205.38.149:443
172.236.107.96:443
178.22.31.64:443
185.161.251.67:6777
185.161.251.6:5545
185.184.26.10:4928
185.196.10.175:6491
185.196.11.237:9697
185.209.161.207:2421
185.234.216.132:2018
192.30.242.19:9480
192.30.242.44:6581
193.124.205.63:7404
193.143.1.77:1640
193.143.1.77:1641
193.188.20.191:443
193.200.134.94:9880
198.135.48.191:3090
38.180.100.139:443
38.180.188.69:443
45.152.84.68:443
45.159.188.37:443
45.202.35.41:2085
45.61.166.131:443
5.230.67.168:5140
57.128.169.122:443
74.81.56.118:8039
77.221.148.235:443
77.238.245.97:2017
77.238.248.142:443
77.91.78.112:443
80.66.75.110:9176
81.19.131.103:2013
83.217.209.45:5902
83.217.209.52:443
85.209.90.135:443
88.99.62.143:3674
89.117.152.231:443
89.117.152.61:443
89.208.103.86:8537
89.23.103.235:443
92.246.139.134:443
94.232.249.76:443
94.232.249.92:443
95.216.91.91:1614
95.217.44.124:7584
