# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: sidecopy, falseflag, apt36, mythic leopard, actionrat, elizarat, fetarat, scarimson, crimsonrat, seedoor

# Reference: https://twitter.com/Timele9527/status/1144069969845481474
# Reference: https://app.any.run/tasks/69351273-5fd3-4590-a5a5-da639f86f9ec/
# Reference: https://www.virustotal.com/gui/file/bf34be94275f5b05d82b3805bccb30f217020d88f501d156324f98b5eda9ba7e/detection
# Reference: https://www.virustotal.com/gui/file/071c2ac354452d484a37e7af15dd4685061dd4af93abad4308f41df673132ff0/detection

192.99.241.4:4915

# Reference: https://twitter.com/Timele9527/status/1130670958971215873
# Reference: https://www.virustotal.com/gui/file/386ed7ba502e7bf0e60c546476c1c762cbc951eb2a2ba1f5b505be08d60310ef/detection
# Reference: https://vtbehaviour.commondatastorage.googleapis.com/386ed7ba502e7bf0e60c546476c1c762cbc951eb2a2ba1f5b505be08d60310ef_Tencent%20HABO.html

95.168.176.141:4864
95.168.176.141:16672

# Reference: https://twitter.com/HONKONE_K/status/1122327639249698816
# Reference: https://www.freebuf.com/articles/network/197398.html

bdrive.club
bdrive.space
cloudserve.online
cynqms.com
data-backup.online
firebasebox.com
scan9t.com
tprlink.com

# Reference: https://twitter.com/Timele9527/status/1121607912676261890
# Reference: https://www.virustotal.com/gui/file/b80635fed8c7fce92385ddb66fb6f58337a8a150c4a1d158888adaa8db0cfebc/detection
# Reference: https://vtbehaviour.commondatastorage.googleapis.com/b80635fed8c7fce92385ddb66fb6f58337a8a150c4a1d158888adaa8db0cfebc_Tencent%20HABO.html

peechtrees.com

# Reference: https://twitter.com/HONKONE_K/status/1104951156730544128
# Reference: https://www.virustotal.com/gui/file/500f8798dd582b22928097f24d8516893beb84d155f5a2a6ebf30bbcf4d91dae/detection
# Reference: https://vtbehaviour.commondatastorage.googleapis.com/500f8798dd582b22928097f24d8516893beb84d155f5a2a6ebf30bbcf4d91dae_Tencent%20HABO.html

81.17.56.226:3864

# Reference: https://www.proofpoint.com/sites/default/files/proofpoint-operation-transparent-tribe-threat-insight-en.pdf

178.238.228.113:7861
178.238.235.143:80
178.238.235.143:9001
193.37.152.28:9990
213.136.87.122:10001
5.189.143.225:11114
5.189.145.248:10032
5.189.145.248:1453
5.189.145.248:6318
62.4.23.46:1500
ad2.admart.tv
afgcloud7.com
avadhnama.com
bbmdroid.com
bbmsync2727.com
bhai123.no-ip.biz
bhai1.ddns.net
brooksidebiblefellowship.org
cdrfox.xyz
intribune.blogspot.com
lolxone.com
mvssync8767.com
ordering-checks.com
thefriendsmedia.com
sahirlodhi.com
sms.totalworthy.com
sudhir71nda.no-ip.org
winupdatess.no-ip.biz
comdtoscc.attachment.biz
ceengrmes.attachment.biz
email.attachment.biz
fileshare.attachment.biz

# Reference: https://twitter.com/Timele9527/status/1167626219916972032

kmcodecs.com

# Reference: https://twitter.com/Timele9527/status/1186816375857139712

isroddp.com
/rEmt1t_pE7o_pe0Ry/

# Reference: https://twitter.com/Arkbird_SOLG/status/1219769450989334528

198.46.177.73:6421
198.46.177.73:4920
198.46.177.73:10422
198.46.177.73:14823
198.46.177.73:16824

# Reference: https://twitter.com/_re_fox/status/1232402275181703169

185.136.163.197:4442

# Reference: https://twitter.com/_re_fox/status/1226344529046929408

awsyscloud.com
/E@t!aBbU0le8hiInks/
/H!pT0pNSc3nd/
/eNn!T5eals/
/Pon0N.php
/Cor2PoRJSet!On.php
/f3dlPr00f.php
/pR0T5o-Niums.php
/Dev3l2Nmpo7nt.php
/xwunThedic@t6.php

# Reference: https://twitter.com/spider_girl22/status/1246082462649683968
# Reference: https://twitter.com/teamcymru_S2/status/1382724143444004866
# Reference: https://www.virustotal.com/gui/file/94fc14e5c961c1dd8ff63330f0bdd11c8f5e1563468d7d35127ae486144c3dd2/detection
# Reference: https://www.virustotal.com/gui/file/736c9682399885ca1219cb10472b406d381ce66bd3a5cdc919cb28ee59b898fe/detection

107.175.1.103:14686
107.175.1.103:3268
107.175.1.103:5418
107.175.1.103:7646
107.175.1.103:9348

# Reference: https://twitter.com/ShadowChasing1/status/1250303709013147650
# Reference: https://www.virustotal.com/gui/file/3c7eb76db2a503d495d1332dc50acbcf511d56a6ff5a7f1a5f9c16c5efc10b5d/detection

64.188.25.205:3692

# Reference: https://twitter.com/ShadowChasing1/status/1257268847175860224
# Reference: https://twitter.com/KodaES/status/1257265452654497792
# Reference: https://app.any.run/tasks/250c2c2d-fdfb-4f46-8565-a9b2538c1ace/

107.175.64.251:6286

# Reference: https://twitter.com/_re_fox/status/1286826493335805953
# Reference: https://www.virustotal.com/gui/file/99b24003e4d5a19430653760db6492d920dfda94194ba8aaa9e82d2949aab740/detection

164.68.101.194:3312

# Reference: https://twitter.com/ShadowChasing1/status/1296988003911360516
# Reference: https://www.virustotal.com/gui/file/e91836bbf90b1eafd5cdcf8868408309470d4a06c5239dfee7dd74eca1a7f222/detection

64.188.12.126:4676

# Reference: https://securelist.com/transparent-tribe-part-2/98233/
# Reference: https://otx.alienvault.com/pulse/5f46861db7f081f8c83140dc

http://212.8.240.221
212.8.240.221:5987
sharemydrives.com
sharingmymedia.com
tryanotherhorse.com

# Reference: https://twitter.com/ShadowChasing1/status/1311590568674291712

servicesmail.site

# Reference: https://twitter.com/DeadlyLynn/status/1318006847949819912
# Reference: https://www.virustotal.com/gui/file/d4b36731cb37ad05b0b9678b568c10a56f2e84967b393b626afb19d2df41c9b9/detection

173.249.14.104:6630

# Reference: https://twitter.com/ShadowChasing1/status/1337000347810729984
# Reference: https://www.virustotal.com/gui/file/6257ab26547f390bfd67d60766a708a95998452eb487d6d7208a52dc3e9840e0/detection

198.12.90.116:3691

# Reference: https://twitter.com/ShadowChasing1/status/1338077086896963584
# Reference: https://twitter.com/c3rb3ru5d3d53c/status/1338177112059088903
# Reference: https://www.virustotal.com/gui/file/2714b12d0c65cb6fe783571a2d103866c4059f40b2905f58a6cd5de80eefeb73/detection
# Reference: https://www.virustotal.com/gui/file/26a4d9bd2961d724ef07aaec5cbbd120891c600ab7932e5e4ddef38aa3ee9700/detection

89.249.65.206:4816
89.249.65.206:49483

# Reference: https://twitter.com/ShadowChasing1/status/1338507666373558273
# Reference: https://www.virustotal.com/gui/file/48f662986a80c5c73a878b0f46cd7e3a548e556ad9c3f76c4eb867968b240eaf/detection

172.217.15.110:4876

# Reference: https://twitter.com/ShadowChasing1/status/1360018043703762945
# Reference: https://www.virustotal.com/gui/file/86d43578ba26f02cf845f16a38ab29a48ad86c17f4a2ec3b69fc0d5fe82b4af7/detection

64.188.25.143:4586

# Reference: https://twitter.com/h2jazi/status/1367102521400053767
# Reference: https://twitter.com/h2jazi/status/1367105848544284676
# Reference: https://twitter.com/teamcymru_S2/status/1367436864941150208
# Reference: https://www.virustotal.com/gui/file/f6bec3c2d0503978f88734c6d52f2a01552c1d24b8e014ab835827ba3c9cc548/detection

23.254.119.118:11214
23.254.119.118:15822
23.254.119.118:17443
23.254.119.118:6128
23.254.119.118:8761

# Reference: https://twitter.com/InQuest/status/1368879546695618561
# Reference: https://twitter.com/ShadowChasing1/status/1368902119051325447
# Reference: https://www.virustotal.com/gui/file/d0a5ffa3b9c40eb1e4277e7c41a100b0836c9424b36fb9bbe281711c0b116883/detection

173.249.14.104:4568
templatesmanagersync.info

# Reference: https://twitter.com/modubyk/status/1215690858131066881
# Reference: https://www.virustotal.com/gui/file/3cbb07af5c85a539ba970bd831de6ad53473afe6d99b3cdbb963711e2b1ee9c3/detection
# Reference: https://www.virustotal.com/gui/file/fde8b0e2ce949e09070d6788194f63131070afab0ebd479bedd545091e7cc8aa/detection

cfrbackup.com
/P0urWa1t3_r!es/
/P0urWa1t3_r!es/iptonps.php

# Reference: https://twitter.com/h2jazi/status/1374754308676280323
# Reference: https://www.virustotal.com/gui/file/8bd2a1aa58cd9fb15ce499be7131e810abbdcc7770806ebfbd83b8e8f701c5e4/detection

75.119.139.169:4568

# Reference: https://twitter.com/ShadowChasing1/status/1374713010472685569

185.136.169.155:8761

# Reference: https://twitter.com/h2jazi/status/1385577616606961664
# Reference: https://www.virustotal.com/gui/file/f87d8b4376bdb341964801a836bb7ae4843351ded70801d401e951cbbe05d613/detection

167.160.166.177:4698

# Reference: https://team-cymru.com/blog/2021/04/16/transparent-tribe-apt-infrastructure-mapping/

134.119.181.15:6818
134.119.181.15:8561
134.119.181.15:8861
151.106.14.125:14618
151.106.14.125:16418
151.106.14.125:3468
151.106.14.125:8722
151.106.19.220:2682
172.245.247.112:11824
172.245.247.112:14624
172.245.247.112:8666
172.245.87.12:12447
172.245.87.12:18856
172.245.87.12:4586
172.245.87.12:8443
173.212.192.229:16564
173.249.22.30:10864
173.249.22.30:16582
173.249.22.30:4228
173.249.14.104:3312
173.249.14.104:9808
173.249.42.113:8148
185.136.169.155:11214
185.136.169.155:15882
185.136.169.155:17443
185.136.169.155:6128
185.174.102.105:54131
198.12.90.116:3691
198.12.90.116:4684
198.12.90.116:6582
23.254.119.11:3163
23.254.119.11:4828
23.254.119.11:5661
23.254.119.11:6614
45.32.151.155:11427
45.32.151.155:12835
45.77.246.69:16185
5.189.134.216:5156
64.188.12.126:12824
64.188.12.126:49747
64.188.12.126:9666
64.188.25.206:11422
64.188.25.206:16621
64.188.25.206:4125
64.188.25.206:6522
66.154.113.38:3878
66.154.113.38:8666

# Reference: https://twitter.com/ShadowChasing1/status/1385561727559864321
# Reference: https://www.virustotal.com/gui/file/fafcbb35db7cd2725d2f3f4268ffb32390f0e7602263841914fae72f37baca5b/detection

109.236.85.16:5987
myabcxyz1.ddns.net

# Reference: https://twitter.com/ShadowChasing1/status/1387357625013080064

167.86.89.53:1443
167.86.89.53:16688
167.86.89.53:24619
167.86.89.53:6118
167.86.89.53:8843

# Reference: https://twitter.com/cyber__sloth/status/1383394061965348867
# Reference: https://twitter.com/ShadowChasing1/status/1383217637853831169
# Reference: https://twitter.com/_re_fox/status/1383207625874083841
# Reference: https://www.seqrite.com/documents/en/white-papers/Seqrite-WhitePaper-Operation-SideCopy.pdf
# Reference: https://www.virustotal.com/gui/file/54759951089f44a3918e164b8bf29c8f388cfd41f9930f81b8103852947fed93/detection
# Reference: https://www.virustotal.com/gui/file/5bc838b11eadb3fec80a7e6bb46183b868096d8c2e499bedd9c976f3d70d41b1/detection

http://161.97.142.96/htt_p
http://173.212.224.110/h_ttp
144.91.65.100:6102
144.91.91.236:6102
164.68.108.22:6102
173.212.224.110:6102
173.249.50.230:3245
drivetoshare.com
mailfourms.com
iiieyehealth.com
socialistfourm.com
updatedportal.com
mfahost.ddns.net
newsindia.ddns.net
tor-relay2.innonetlife.com
vmi192147.contaboserver.net
vmi268056.contaboserver.net
vmi296708.contaboserver.net
vmi312537.contaboserver.net
vmi314646.contaboserver.net
demo.smart-hospital.in/uploads/staff_documents/18/html/
demo.smart-hospital.in/uploads/staff_documents/18/h-xmlhttp/
demo.smart-hospital.in/uploads/staff_documents/19/Armed-Forces-Spl-Allowance-Order/html/
demo.smart-hospital.in/uploads/staff_documents/19/Defence-Production-Policy-2020/html/
demo.smart-hospital.in/uploads/staff_documents/19/Images/8534
demo.smart-hospital.in/uploads/staff_documents/19/IncidentReport/html/
demo.smart-hospital.in/uploads/staff_documents/19/ParaMil-Forces-Spl-Allowance-Order/html/
demo.smart-hospital.in/uploads/staff_documents/19/Req-Data/html
demo.smart-hospital.in/uploads/staff_documents/19/Sheet_Roll/html
demo.smart-school.in/uploads/staff_documents/9/Sheet_Roll/html
demo.smart-school.in/uploads/student_documents/12/css/
drivetoshare.com/mod.gov.in_dod_sites_default_files_Revisedrates/html
sparc.org.in/wp-content/uploads/2020/06/now/rt.rtf

# Reference: https://twitter.com/ShadowChasing1/status/1391680709207609347

londonkids.in/preschool/video/Emergency_Vaccination/css/

# Reference: https://twitter.com/KseProso/status/1392063980961734657
# Reference: https://www.virustotal.com/gui/file/2491caddf4445d9297404493c7707b54591c989b94fd4634a7afdf54c0d22e9c/detection

vmi433658.contaboserver.net

# Reference: https://twitter.com/KseProso/status/1392063980961734657
# Reference: https://www.virustotal.com/gui/file/871cab3256acdbc3c27650adde878658568a85b87e85d3e3c137bdeb4592fb2c/detection

173.249.14.104:6140

# Reference: https://twitter.com/KseProso/status/1392064101103378437
# Reference: https://www.virustotal.com/gui/file/c7dbca435039a6148dc25208f04b734465e8b7c92010ede1401d88f5f8003f2d/detection

173.249.14.104:5670

# Reference: https://twitter.com/pollo290987/status/1564886555306692608
# Reference: https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html
# Reference: https://otx.alienvault.com/pulse/609d7a98443a742cd63c2784
# Reference: https://www.virustotal.com/gui/file/ee4615ba6097bde423549aadac4caea4e74493f93c91ad6cfa3372f2d1fae04d/detection

139.28.36.141:6922
7thcpcupdates.info
armypostalservice.com
clawsindia.com
isroddp.com
larsentobro.com
millitarytocorp.com
pmayindia.com
tprlink.com
awsyscloud.com
cloudsbox.net
datacyncorize.com
digiphotostudio.live
drivestransfer.com
emailhost.network
file-attachment.com
filelinks.live
filestudios.net
hostflix.live
maildrive.email
mediabox.live
mediaclouds.live
mediadrive.cc
mediafiles.live
mediaflix.net
medialinks.cc
mediashare.cc
onedrives.cc
servicesmail.site
shareboxs.net
shareflix.co
sharemydrives.com
shareone.live
sharingmymedia.com
studioflix.net
templatesmanagersync.info
urservices.net
bjorn111.duckdns.org
micrsoft.ddns.net
newsupdates.myftp.org
share.medialinks.cc
social.medialinks.cc
systemsupdated.duckdns.org
tgservermax.duckdns.org
vmd41059.contaboserver.net
vmi433658.contaboserver.net
email.gov.in.attachment.drive.servicesmail.site
email.gov.in.maildrive.email
india.gov.in.attachments.downloads.7thcpcupdates.info
mail.clawsindia.com
mail.isroddp.com
mailer.pmayindia.com
mailout.pmayindia.com

# Reference: https://tria.ge/210514-fsd2fkks9a/behavioral1

5.189.134.216:12538
5.189.134.216:7218
5.189.134.216:9686

# Reference: https://twitter.com/ShadowChasing1/status/1394229310911762434
# Reference: https://www.virustotal.com/gui/file/7f800784b00354dd15eee129317a63bd3f7bb25622e898c873603e5b142cbb09/detection

5-135-125-106.cinfuserver.com

# Reference: https://twitter.com/ShadowChasing1/status/1399012433520324617
# Reference: https://www.virustotal.com/gui/file/71a8e488b3d142bfdfcc4092ac35cf32e7d5e55b68acd262d16707f6a09f9321/detection

134.119.181.142:6672

# Reference: https://twitter.com/bofheaded/status/1399384209353969667
# Reference: https://www.virustotal.com/gui/file/cad6dcfe6942bb5ac648fb25b8aa3359f1d30b6671c132ce8c7c8c3cd08e8825/detection

178.238.229.192:11884
178.238.229.192:15285
178.238.229.192:3687
178.238.229.192:6782
178.238.229.192:8529

# Reference: https://twitter.com/ShadowChasing1/status/1402526383293624323

http://167.86.75.119
selforder.in/wp-content/uploads/wp-commerce/04/05/

# Reference: https://www.virustotal.com/gui/file/d228c1186003ae37e6c9e26222782291fa97580a254e77f290b46c2376b712e4/detection

185.136.169.155:15822

# Reference: https://twitter.com/ShadowChasing1/status/1406962468010614785
# Reference: https://www.virustotal.com/gui/file/907f594f49e498f0526684e03afd76e953b46b2c4947dd260f90f2665b7ff875/detection

afghannewsnetwork.com
dadsasoa.in/font/js/images/files/My-CV/css

# Reference: https://www.virustotal.com/gui/ip-address/144.91.65.100/relations
# Reference: https://www.virustotal.com/gui/file/1ac0288aaebbe07b6145f20dc3ba2c0107ab00b47a4fe90215a784c887bad35d/detection

mmfaa.ddns.net

# Reference: https://www.virustotal.com/gui/file/149b121b8f5755bc841ddd38f8dbcb6f857b00c8943b446ab85e1706e2216bde/detection

http://144.91.65.100

# Reference: https://blog.lumen.com/suspected-pakistani-actor-compromises-indian-power-company-with-new-reverserat/
# Reference: https://otx.alienvault.com/pulse/60d2f18dfd693f4314446f84
# Reference: https://twitter.com/0xrb/status/1409729774956597250

ankaraembassy.hopto.org
certindia.chickenkiller.com
certindia.ignorelist.com
coronavirusupdate.ddns.net
coronavirusupdate.ddnsking.com
defencecyberorg.myddns.me
frankooxyz2.ddns.net
minofdefence.mooo.com
minofdefenceindia.ddns.net
pmreference.ddnsking.com
iiieyehealth.com/fonts/times/files/Call-for-Proposal-DGSP-COAS-Chair-Excellance/css/
ikiranastore.com/images/files/ist/doc/i.php
londonkids.in/echoolz/assets/css/front/hwo/DATE-OF-NEXT-INCREMENT-ON-UP-GRADATION-OF-PAY-ON-01-JAN-AND-01-JUL/css
londonkids.in/preschool/video/Emergency_Vaccination/css/
minervacollege.co.in/fonts/plugins/mrt/Image-7563/css2

# Reference: https://twitter.com/h2jazi/status/1407788867260923908
# Reference: https://www.virustotal.com/gui/file/aadaa8d23cc2e49f9f3624038566c3ebb38f5d955b031d47b79dcfc94864ce40/detection

5.189.170.84:3901

# Reference: https://www.virustotal.com/gui/file/2bb2a640376a52b1dc9c2b7560a027f07829ae9c5398506dc506063a3e334c3a/detection
# Reference: https://www.virustotal.com/gui/file/d2113b820db894f08c47aa905b6f643b1e6f38cce7adf7bf7b14d8308c3eaf6e/detection

5.189.170.84:3312
iwestcloud.com
/Pick@Whatsoever/Mac.php
/Pick@Whatsoever/Qu33nRocQCl!mbing.php
/Pick@Whatsoever/S3r&eryvUed.php
/Pick@Whatsoever/
/Qu33nRocQCl!mbing.php
/S3r&eryvUed.php

# Reference: https://twitter.com/ShadowChasing1/status/1410157094343364609
# Reference: https://www.virustotal.com/gui/file/af5dec1a8eed98bbab9c03dd76a980edc987347c43798d726b0ca538376f27be/detection

drigablockszip.sytes.net
medizz.co/wp-content/base/phr/shareddocuments/Agenda

# Reference: https://twitter.com/BaoshengbinCumt/status/1411963177626046467
# Reference: https://www.virustotal.com/gui/file/c3e56af0c0a13e8ab4e6f2269d1c15586e72f9b7a90c22980f976e6786388a03/detection

185.233.202.230:44567
templateworkshop.site
/template_storage/normal_template/template48.dot

# Reference: https://twitter.com/ShadowChasing1/status/1411991006489112582
# Reference: https://www.virustotal.com/gui/file/49387b1a799944bb19f5b83cd5a05e421bcaff8ddc59750aba800ec03c447245/detection

167.86.105.43:6588

# Reference: https://twitter.com/teamcymru_S2/status/1412397642286522368
# Reference: https://team-cymru.com/blog/2021/07/02/transparent-tribe-apt-infrastructure-mapping-2/

107.173.204.38:6576
107.173.204.38:8586

# Reference: https://github.com/blackorbird/APT_REPORT/blob/master/SideCopy/Network_IOCs_list_for_coverage.txt

digitalfilestores.com
filehubspot.com
freewindowssoftware.com
mailupdater.net
mfahost.ddns.net
mffatool.ddns.net
nscinfo.ddns.net
vmi240582.contaboserver.net
vmi281634.contaboserver.net
vmi312537.contaboserver.net
vmi369553.contaboserver.net
vmi388643.contaboserver.net
vmi420862.contaboserver.net
vmi475662.contaboserver.net
vmi489177.contaboserver.net
vmi512038.contaboserver.net
vmi532529.contaboserver.net

# Reference: https://github.com/blackorbird/APT_REPORT/blob/master/SideCopy/Network_IOCs_list_for_coverage.txt
# Reference: https://www.virustotal.com/gui/file/132870a1ae6a0bdecaa52c03cfe97a47df8786f148fa8ca113ac2a8d59e3624a/detection

173.249.50.230:1238
muzicmirchi.000webhostapp.com

# Reference: https://github.com/blackorbird/APT_REPORT/blob/master/SideCopy/Network_IOCs_list_for_coverage.txt
# Reference: https://www.virustotal.com/gui/file/71bbf2394fe4909a6ce0f7085ca41f21cf5e05e3d761620e4d7f307183fb1e1b/detection

167.86.70.194:9091

# Reference: https://github.com/blackorbird/APT_REPORT/blob/master/SideCopy/Network_IOCs_list_for_coverage.txt
# Reference: https://www.virustotal.com/gui/file/852612666095aec2e9f3456ec4f8a9566be2c690c8583aff6055d180507d5476/detection

167.86.70.194:9092

# Reference: https://github.com/blackorbird/APT_REPORT/blob/master/SideCopy/Network_IOCs_list_for_coverage.txt
# Reference: https://www.virustotal.com/gui/file/956f0f369082068ef24b76ec162cfc2119adbffda94e33e41b40f39d2f192ffe/detection

161.97.90.175:8080

# Reference: https://twitter.com/bofheaded/status/1420466901466030083
# Reference: https://twitter.com/teamcymru_S2/status/1423281518034575363
# Reference: https://github.com/blackorbird/APT_REPORT/blob/master/SideCopy/Network_IOCs_list_for_coverage.txt
# Reference: https://www.virustotal.com/gui/file/57466da1095f6c28d5d7c56d171417bb796b153f1c545e846fee1743cacc15fc/detection
# Reference: https://www.virustotal.com/gui/file/772bc22f6238eb368c47f4d34fb98db9124a44b8443cee92d73c6086609fd2f1/detection

http://149.248.52.61
/vpn-update/vpn-update.php
/weisenborn/aziroboro.php

# Reference: https://github.com/blackorbird/APT_REPORT/blob/master/SideCopy/Network_IOCs_list_for_coverage.txt

144.91.65.100:3245
144.91.65.100:4145
144.91.91.236:4140
144.91.91.236:4145
149.248.52.61:2323
149.248.52.61:5656
149.248.52.61:87
149.248.52.61:89
149.248.52.61:8989
161.97.90.175:6666
164.68.104.126:3245
164.68.104.126:4140
173.212.224.110:4140
173.212.224.110:4145
173.249.50.230:1144
173.249.50.230:1244
173.249.50.230:1245
173.249.50.230:1289
173.249.50.230:3245
173.249.50.230:4145

# Reference: https://github.com/blackorbird/APT_REPORT/blob/master/SideCopy/Network_IOCs_list_for_coverage.txt

http://109.236.85.152
http://164.68.104.126
http://161.97.142.96
http://167.86.75.119
http://173.249.41.175

# Reference: https://twitter.com/Timele9527/status/1419853559860920320
# Reference: https://twitter.com/Timele9527/status/1419853918293544967
# Reference: https://www.virustotal.com/gui/file/8b20b81f05c0acebb97200b5cfa3bec23ddeb9f7307e47c9b942c6f9bee91b44/detection
# Reference: https://www.virustotal.com/gui/file/70fab64895bcfaf7e9bd713e3b3b4c354e19ff9d083285b791d43bb39c5d3253/detection
# Reference: https://www.virustotal.com/gui/file/670bf2bad23645b731a67e3299f4f1692da3bdaa711c588b17024ed916e55438/detection

122.166.149.57:8888
161.97.164.143:20121
161.97.164.143:2121
161.97.164.143:2123
161.97.164.143:2124
161.97.164.143:2122
161.97.164.143:2125
161.97.164.143:8011
161.97.164.143:9512
161.97.164.143:9515
182.188.181.224:2255
certindia.ignorelist.com
certindia.chickenkiller.com
defencecyberorg.myddns.me
email-govin.duia.eu
emailgov-in.sytes.net
kavachhost.ddns.net
nicindia.mywire.org
/005056A0A34C-X-061544/
/005056A052CF-X-445817/
/005056A05902-X-088753/
/005056A0A34C-X-061544/file.pdf
/005056A052CF-X-445817/fastag.jpg
/005056A05902-X-088753/fastag.jpg

# Reference: https://twitter.com/teamcymru_S2/status/1420446957961625602
# Reference: https://www.virustotal.com/gui/file/67a225feedc5ce4adf75acb41e8b0e746e7daaec779225cd72f860a263b92a6e/detection

191.101.172.44:11422
191.101.172.44:14624
191.101.172.44:16621
191.101.172.44:4125
191.101.172.44:6522
64.188.25.206:3389

# Reference: https://www.virustotal.com/gui/ip-address/104.227.146.200/relations

http://104.227.146.200
/KingEfulefu/
/KingEfulefu/login.php

# Reference: https://twitter.com/ShadowChasing1/status/1422452244079779841
# Reference: https://twitter.com/360CoreSec/status/1422403743354482692
# Reference: https://www.virustotal.com/gui/file/8554b5cace52a0fdf0fd3378e4df6606efb45b8ee686ed5b3c1657633405eb85/detection
# Reference: https://www.virustotal.com/gui/file/f5e7b8dddd4137ac008186a4c5e9cb644dc1bbddb61612c29c2087b1efe48974/detection
# Reference: https://www.virustotal.com/gui/file/bc3ff3fb73736649a9aad6ccb811819a912c03aaa9ec81c6fa733f1459e66af9/detection
# Reference: https://www.virustotal.com/gui/file/640ffa981ef531f5ceb98c59cfa1c65a9da9a088dc3157f78ffa0fa6cd5e8e02/detection
# Reference: https://www.virustotal.com/gui/file/72950c1a7d26f9bb6acc0e33d1cd65310db31f5b03c3b3e722ce216bb20f12fe/detection
# Reference: https://www.virustotal.com/gui/file/bc3ff3fb73736649a9aad6ccb811819a912c03aaa9ec81c6fa733f1459e66af9/detection

66.154.112.206:6188

# Reference: https://twitter.com/ShadowChasing1/status/1422914152381616134
# Reference: https://otx.alienvault.com/pulse/610baec1825b7a6f14ae8c21
# Reference: https://www.virustotal.com/gui/file/dc9002bc8fec5e678ae60285dd9fc303e87a9ea15b037be76285e41b50f62f8b/detection

149.248.52.61:91
149.248.52.61:92
149.248.52.61:93
bsnlplots.com/css/css/

# Reference: https://twitter.com/ShadowChasing1/status/1423194120512688133
# Reference: https://www.virustotal.com/gui/file/460c098565a7f5866bb96281ebada37d8e3a7f9e4112de663a05bba470e27929/detection

pafwa.info
independenceday.pafwa.info

# Reference: https://twitter.com/ShadowChasing1/status/1460614611200217093
# Reference: https://www.virustotal.com/gui/file/f79445105ab2dc3c3be899c1e1fd1adca60723f613c242ce4e0b95ee835ac82a/detection

isteandhrapradesh.in/NewSite/Admin/try/b/

# Reference: https://twitter.com/h2jazi/status/1460744936635224064
# Reference: https://twitter.com/h2jazi/status/1460744939105669132
# Reference: https://www.virustotal.com/gui/file/9836cfb7c54febcbbf2b252414dbdc95784ed429c228a363b65b7586ffcc3b0c/detection

194.233.67.90:6785
securedesk.one

# Reference: https://twitter.com/0xrb/status/1460900779175276550
# Reference: https://www.virustotal.com/gui/file/df87afed0b9bef37d4ff79b0065e95b65cb3ffd320dc258548a229720e4bf99f/detection
# Reference: https://www.virustotal.com/gui/file/ac80eb10f16f3da1651b8fcb7dbc714255f4ec9719e922baeeb3499d9bd89e23/detection

mojochamps.com
assessment.mojochamps.com

# Reference: https://twitter.com/RedDrip7/status/1486656925320183809
# Reference: https://www.virustotal.com/gui/file/476c183a7ac3435b0085d652c816b07910d081a92c83b85dfda7ba630cd4957f/detection

45.138.172.222:3691

# Reference: https://twitter.com/ShadowChasing1/status/1490988027354648576
# Reference: https://twitter.com/ShadowChasing1/status/1491261131800780810
# Reference: https://twitter.com/0xrb/status/1491021258741653511
# Reference: https://www.virustotal.com/gui/file/d15f76acb846b237956a6373bd6646ef804419dd9a9fd3c9501acc241fcddff9/detection
# Reference: https://www.virustotal.com/gui/file/46828fb51abae8b9ca21090f56d90d63270464318cd81235872a8fba35ce3064/detection

http://144.91.87.179
144.91.87.179:6659
softwiz.xyz
singleseller.blueappsoftware.com

# Reference: https://twitter.com/bofheaded/status/1491350274937868291
# Reference: https://www.virustotal.com/gui/file/14f4fe625daf1ac498d8557a4fddc67f8183f6a097e84b52f311bf436640d7cc/detection

5.189.182.93:6659

# Reference: https://twitter.com/0xrb/status/1491344919155589124
# Reference: https://www.virustotal.com/gui/file/0d7fdeea6cd1f7732db11f78c2dfd2c4bc5053b6f1bc590d3963705b4a256f22/detection

kokotech.xyz

# Reference: https://twitter.com/0xrb/status/1493801814005022723

161.97.85.89:12786
173.249.50.34:12182
198.12.91.240:18876
198.23.213.22:7776
198.23.213.22:7778
207.180.245.93:12184
209.127.19.241:10284

# Reference: https://blog.lumen.com/reverserat-reemerges-with-a-nightfury-new-campaign-and-new-developments-same-familiar-side-actor/ (# preBotHta)
# Reference: https://github.com/blacklotuslabs/IOCs/blob/main/ReverseRat2.0_NightFury_IoCs.txt

http://62.171.191.230
62.171.191.230:5310
zimbrasoft.ddns.net

# Reference: https://twitter.com/malwrhunterteam/status/1494655193002266625
# Reference: https://twitter.com/malwrhunterteam/status/1494655193002266625
# Reference: https://twitter.com/JAMESWT_MHT/status/1494664440175865865
# Reference: https://app.any.run/tasks/5dc8d5eb-b9c0-4c08-b2b1-ae80cd25da62/

160.20.147.202:7421
highexpresspass.zapto.org
/softwaredailyupdate

# Reference: https://twitter.com/h2jazi/status/1495825063299403785
# Reference: https://www.virustotal.com/gui/file/656124b7148dd8c72add0bfcc1a1ec856232c9e6dd13d8ea9d0f1d0a148889a4/detection
# Reference: https://www.virustotal.com/gui/file/7d834e9caaaadd4f7e43777873550dd195d552038e7bd7ce4319f5cd51ed5c9d/detection

107.150.18.166:6849

# Reference: https://twitter.com/s1ckb017/status/1499312004426870788
# Reference: https://www.virustotal.com/gui/file/f66c2e249931b4dfab9b79beb69b84b5c7c4a4e885da458bc10759c11a97108f/detection
# Reference: https://www.virustotal.com/gui/file/d9037f637566d20416c37bad76416328920997f22ffec9340610f2ea871522d8/detection

45.147.228.195:5524

# Reference: https://twitter.com/ShadowChasing1/status/1499704398284345345
# Reference: https://www.virustotal.com/gui/file/ec9b9a711f81df91d3b243c4e90d2f33abe2dffe4ebb2ed284bd6d0e11cdfb6c/detection

gdcrvpm.ac.in

# Reference: https://twitter.com/0xrb/status/1501061897604730881
# Reference: https://twitter.com/GGGGh0st/status/1513477203828559876
# Reference: https://www.virustotal.com/gui/file/d10e90484ebdeea8a5d2b15820d067f99139a76302e3cc558d942d77fe7fb9f3/detection
# Reference: https://www.virustotal.com/gui/file/bdeb9d019a02eb49c21f7c04169406ac586d630032a059f63c497951303b8d00/detection

161.97.176.42:10019
161.97.176.42:33009
161.97.176.42:47834
161.97.176.42:57000
161.97.176.42:35010
161.97.176.52:10015
161.97.176.52:47822
sunjaydut.ddns.net
swissaccount.ddns.net

# Reference: https://twitter.com/teamcymru_S2/status/1501955807499403270

194.163.139.250:3389

# Reference: https://twitter.com/ShadowChasing1/status/1505893006070583301
# Reference: https://www.virustotal.com/gui/file/94f50d46f72e533ffceb464f2824ef1e0bb2b6638de918ced25123e741339e40/detection

inapharma.in

# Reference: https://twitter.com/0xrb/status/1506155286289326085
# Reference: https://www.virustotal.com/gui/file/2e1ebb72b3b483797564fe541e4b0bb23ec57373a825a927407c17dc107c1888/detection
# Reference: https://www.virustotal.com/gui/file/2ace3b4ea7ecacb6ef8b4da7f5c315a31663523808a685d3600bc57571c1eb83/detection

209.145.55.95:3676

# Reference: https://www.virustotal.com/gui/file/7778f344aae32175751c4f3ec2c43abe637ff6aa67d2731dfa072fd86a9c9b47/detection

209.145.55.95:6659

# Reference: https://www.virustotal.com/gui/file/94f50d46f72e533ffceb464f2824ef1e0bb2b6638de918ced25123e741339e40/detection

209.145.55.95:443

# Reference: https://twitter.com/malwareforme/status/1505935361234677760

209.145.55.95:3285

# Reference: https://twitter.com/0xrb/status/1506879902146269184
# Reference: https://www.virustotal.com/gui/file/868b3d9c6431e57b5a10b04c2c385ee4e507395224e431fdef8012c1351d5325/detection
# Reference: https://www.virustotal.com/gui/file/694e9f128904c4e456c76cff2d7534d43afb53384999fd32e4f0b72dd078385e/detection

95.111.230.252:3349
95.111.230.252:4098

# Reference: https://ti.qianxin.com/blog/articles/transparent-tribe-and-sidecopy-share-infrastructure/ (Chinese)
# Reference: https://blog.talosintelligence.com/2022/03/transparent-tribe-new-campaign.html
# Reference: https://www.virustotal.com/gui/file/a0f6963845d7aeae328048da66059059fdbcb6cc30712fd10a34018caf0bd28a/detection
# Reference: https://www.virustotal.com/gui/file/45ed0b23cc90fbe8eade520bdc230e4103435c6e0d64f779b12da90bc1f1596f/detection

144.91.79.40:12427
194.163.129.89:14427
directfileshare.net
dsoi.info
kavach-app.in
otbmail.com
secure256.net
zoneflare.com
download.kavach-app.in
/C2L!Dem0&PeN/A@llPack3Ts/
/A@llPack3Ts/
/C2L!Dem0&PeN/
/C2L!Dem0&PeN/A@llPack3Ts/Cor2PoRJSet!On.php
/C2L!Dem0&PeN/A@llPack3Ts/Dev3l2Nmpo7nt.php
/C2L!Dem0&PeN/A@llPack3Ts/f3dlPr00f.php
/C2L!Dem0&PeN/A@llPack3Ts/xwunThedic@t6.php
/Pick@Whatsoever/Qu33nRocQCl!mbing.php
/Pick@Whatsoever/S3r&eryvUed.php
/R!bB0nBr3@k3r/FunBreaker.php
/R!bB0nBr3@k3r/tallerthanhills.php
/Pick@Whatsoever/
/R!bB0nBr3@k3r/

# Reference: https://twitter.com/h2jazi/status/1509887066204745743
# Reference: https://www.virustotal.com/gui/file/388f212dfca2bfb5db0a8b9958a43da6860298cdd4fcd53ed2c75e3b059ee622/detection
# Reference: https://www.virustotal.com/gui/file/e2cf71c78d198fdc0017b7bfd6ce8115301174302b3eaaf50cfc384db96bc573/detection

sunnyleone.ddns.net

# Reference: https://twitter.com/h2jazi/status/1513360845807534081
# Reference: https://www.virustotal.com/gui/file/bdeb9d019a02eb49c21f7c04169406ac586d630032a059f63c497951303b8d00/detection

studentsportal.live

# Reference: https://twitter.com/0xrb/status/1515979150515122178
# Reference: https://www.virustotal.com/gui/file/477147271a54e32ef184030393f17c30d68d4aeb8bd6202a225e354f1800b279/detection

66.154.112.251:5235

# Reference: https://twitter.com/0xrb/status/1517052777167732736
# Reference: https://www.virustotal.com/gui/file/4342dd4999d1247fc9032003bafb7d3d58d2cbefe1705d5d91e258d0ed1fef86/detection
# Reference: https://www.virustotal.com/gui/file/bc3441864f2e9276261733b35e2473b7beed0e6ed14ad8fa13d99d15ee5477b6/detection

185.197.249.247:16252
185.197.249.247:18696
185.197.249.247:20862
185.197.249.247:4858

# Reference: https://twitter.com/h2jazi/status/1518382259228844033
# Reference: https://www.virustotal.com/gui/file/b3f8e026f39056ec5e66700e03eeaf57454ee9c0bc1c719d74e10f5702957305/detection

sunnyleone.hopto.org

# Reference: https://www.virustotal.com/gui/file/4841e73697c846f33ffa09d38c0ce58e978b06e32c6807cd21c22dfeadbfd0fa/detection

206.189.185.75:8000
66.63.162.16:4788

# Reference: https://twitter.com/0xrb/status/1523929430238035968
# Reference: https://www.virustotal.com/gui/file/1e0fe0c057163e5cc1a2598b7de1adf06db8bfe814e172557383eea3acbf9a2b/detection
# Reference: https://www.virustotal.com/gui/file/5091ca8bcfee8d3980700de91d3b1f6286420f85be9069bde944ffceac2b02fd/detection
# Reference: https://www.virustotal.com/gui/file/b53e73189ad4db83a5891d0dd73fd86d290fb7de8ab9378a1b9f29cddfc14d8c/detection
# Reference: https://www.virustotal.com/gui/file/b9e1c9e0e8a169b7055d39720b862782922090f0a08cf73de730e2e6ce73eac8/detection

104.129.42.102:16862
104.129.42.102:21584
104.129.42.102:28184
104.129.42.102:6276
104.129.42.102:8891

# Reference: https://twitter.com/ShadowChasing1/status/1526583480867758084
# Reference: https://twitter.com/ShadowChasing1/status/1526583490732781568

indianblog.xyz
indiantrainer.in
dns1.indianblog.xyz

# Reference: https://twitter.com/RedDrip7/status/1533659387277221888
# Reference: https://www.virustotal.com/gui/file/0d61d5fe8dbf69c6e61771451212fc8e587d93246bd866adf1031147d6d4f8c2/detection
# Reference: https://www.virustotal.com/gui/file/f3a1ac021941b481ac7e2335b74ebf1e44728e8917381728f1f5b390c6f34706/detection
# Reference: https://www.virustotal.com/gui/file/fc34f9087ab199d0bac22aa97de48e5592dbf0784342b9ecd01b4a429272ab5b/detection

192.3.99.68:10268
192.3.99.68:16098
192.3.99.68:25822
192.3.99.68:28441
192.3.99.68:7514

# Reference: https://twitter.com/RedDrip7/status/1545363738991403009
# Reference: https://www.virustotal.com/gui/file/21721fe37e170ac53bcfe9dde528dad341dcce6df4abacbaacf50ba804108f2f/detection
# Reference: https://www.virustotal.com/gui/file/fa8c21188ab5a2425f7909d720c54fb1a86be418d1f69e92f5c7ee61af32cb6e/detection

38.74.14.137:12267
38.74.14.137:18197
38.74.14.137:25821
38.74.14.137:26442
38.74.14.137:7516

# Reference: https://www.virustotal.com/gui/file/2dd0416a1a530a56357887709cd37d691a32a30326b75218c5e92b34773d00f3/detection

http://167.86.97.221

# Reference: http://blog.talosintelligence.com/2022/07/transparent-tribe-targets-education.html

cloud-drive.store
drive-phone.online
geo-news.tv
studentsportal.co
studentsportal.website
user-onedrive.live
cloud-drive.geo-news.tv
drive-phone.geo-news.tv
studentsportal.geo-news.tv
user-onedrive.geo-news.tv

# Reference: https://twitter.com/bofheaded/status/1547801705198518272
# Reference: https://www.virustotal.com/gui/file/085f9bfbb1ff54afe4a562824470aeff4d69b1ce3eeeedd4dbef537d2015f627/detection

209.126.80.23:3281
209.126.80.23:6391

# Reference: https://twitter.com/souiten/status/1548952536257679361
# Reference: https://www.virustotal.com/gui/file/1db3adc06f4dccee2cc936333367f1e611092396a21102d9a54296c5a67c89af/detection
# Reference: https://www.virustotal.com/gui/file/ee4615ba6097bde423549aadac4caea4e74493f93c91ad6cfa3372f2d1fae04d/detection

207.180.221.51:5731
test1480.000webhostapp.com

# Reference: https://twitter.com/ShadowChasing1/status/1562072883580764165

ryanglobalschools.com/js/files/IMPL_OF_SPL_ALLCE_ORDER

# Reference: https://twitter.com/InQuest/status/1561659933808119810
# Reference: https://twitter.com/InQuest/status/1561999463933157377
# Reference: https://twitter.com/InQuest/status/1562019017879175169
# Reference: https://twitter.com/InQuest/status/1562043288860991489
# Reference: https://www.virustotal.com/gui/file/bc32040a1ebb05c38e9d564b576b158c71390011c4812aa8ba810e462f62d4d6/detection
# Reference: https://www.virustotal.com/gui/file/6cac8225634748e673e5ae53a14c3c8d403d7e979280874663cea129b0ee5849/detection

http://192.3.108.11
/https/www_a/
/https/www_b/
/https/www_c/
/https/www_d/
/https/www_e/
/https/www_f/
/https/www_g/
/https/www_h/
/https/www_i/
/https/www_j/
/https/www_k/
/https/www_l/
/https/www_m/
/https/www_n/
/https/www_o/
/https/www_p/
/https/www_q/
/https/www_r/
/https/www_s/
/https/www_t/
/https/www_u/
/https/www_v/
/https/www_w/
/https/www_x/
/https/www_y/
/https/www_z/
/www/https_a/
/www/https_b/
/www/https_c/
/www/https_d/
/www/https_e/
/www/https_f/
/www/https_g/
/www/https_h/
/www/https_i/
/www/https_j/
/www/https_k/
/www/https_l/
/www/https_m/
/www/https_n/
/www/https_o/
/www/https_p/
/www/https_q/
/www/https_r/
/www/https_s/
/www/https_t/
/www/https_u/
/www/https_v/
/www/https_w/
/www/https_x/
/www/https_y/
/www/https_z/

# Reference: https://twitter.com/0xrb/status/1577981859287293952
# Reference: https://www.virustotal.com/gui/file/ca74472613129855bd7fc79c4a245a2f27de85086cfd191506f1c9906b9ae460/detection
# Reference: https://www.virustotal.com/gui/file/905fb292dc983a9d731f4716aa2e1ee289975330d11e82df95491f5a9dd7e3ed/detection
# Reference: https://www.virustotal.com/gui/file/396a46e9595fe6bdae709ab3171900ebd4fd1c6e1cd8ad94d17d2dcacb6bf6b6/detection
# Reference: https://www.virustotal.com/gui/file/1c9024f2d696f949091be27aced113f4e98bc46c0580eb93e644a51b269c76e4/detection
# Reference: https://www.virustotal.com/gui/file/18029be2b0bf5284713f9cf61ba5e160ae10a581f346fdd396065d5728906768/detection

164.68.96.32:11232
164.68.96.32:15828
164.68.96.32:3468
164.68.96.32:8169

# Reference: https://twitter.com/h2jazi/status/1580302226597478401
# Reference: https://www.virustotal.com/gui/file/7658cc15e65b9000860658e8d2c7e6c305d972254d21072dfb4955e79649d1f9/detection
# Reference: https://www.virustotal.com/gui/file/0d865bdcd75c4ec6fc1e182c4e68fc34db36cde8467988221d742413609da8c3/detection
# Reference: https://www.virustotal.com/gui/file/77259c0d236c96450663fcf1d0837ebf4d10e024293cc89de1082a76e3e9ce10/detection

23.254.119.234:6178
23.254.119.234:8989

# Reference: https://twitter.com/Des00464472/status/1581873684478046208

161.97.119.238:7778

# Reference: https://www.zscaler.com/blogs/security-research/apt-36-uses-new-ttps-and-new-tools-target-indian-governmental-organizations

http://139.59.23.88
http://139.59.79.86
acmarketsapp.com
gcloudsvc.com
kavach.mail.nic-updates.in
kavachauthentication.blogspot.com
kavachmail-govin.rf.gd
ncloudup.com
nic-updates.in
wzxdao.com

# Reference: https://twitter.com/0xrb/status/1589502482786713600
# Reference: https://www.virustotal.com/gui/file/5d2b37c02e60bbed036c9bb6e4f2c75de6e42c03b69c713c33d3b9325ed1b1ea/detection

154.127.54.168:35010
154.127.54.168:47834

# Reference: https://twitter.com/Des00464472/status/1597845527168970752
# Reference: https://www.virustotal.com/gui/file/46262d79b7e21b5536dc1910a78a6db2b11789503e44a6a89d22a1c169220426/detection

185.225.19.165:4862
185.225.19.165:5350
185.225.19.165:8419

# Reference: https://twitter.com/0xrb/status/1605485461874491393
# Reference: https://www.virustotal.com/gui/file/5e7edf2d81717a0c76e2ad426d1b5610566ef0d86c964a050866e50737660cef/detection
# Reference: https://www.virustotal.com/gui/file/db54820a956615536550e4f78085f23be65bc796d0a636632c9a328a50d97e20/detection

173.249.0.199:10484
173.249.0.199:14882

# Reference: https://twitter.com/SethKingHi/status/1613839332158361600
# Reference: https://www.virustotal.com/gui/file/0a6144cad9483d578d642ed6366afc36291562deb6fa9d4284ffee1d7e98c417/detection

kaspesrky.live

# Reference: https://twitter.com/Des00464472/status/1614174297962188802

194.9.178.85:51512

# Reference: https://twitter.com/suyog41/status/1788434198833045901
# Reference: https://www.virustotal.com/gui/file/8b87459483248d7b95424cd52b7d4f3031e89c6644adc2e167556e071d9ec3aa/detection
# Reference: https://www.virustotal.com/gui/file/0bec6c0c27cc25e96201f1fd4f3f81d4e912d1aaf963a74ec79a74c95af10425/detection

http://185.174.102.54
185.174.102.54:443
/-dsfjslkdjfweoirwsdfkjweirw

# Reference: https://www.virustotal.com/gui/file/73850abc86944209d17ade2b0942401f7c1d30372cf2da158d6019ef96a1a035/detection

sunriseschoolsystem.xyz

# Reference: https://twitter.com/souiten/status/1620629752863404032
# Reference: https://twitter.com/HaoZhixiang/status/1620716673543315464
# Reference: https://www.virustotal.com/gui/file/b277a824b2671f40298ce03586a2ccc0fca2a081a66230c57a3060c2028f13ee/detection

luckyoilpk.com
wellsfargopaymentservices.com

# Reference: https://twitter.com/0xrb/status/1620724303984721920

185.174.102.54:2121

# Reference: https://twitter.com/RedDrip7/status/1622908094606094338
# Reference: https://www.virustotal.com/gui/file/5046947524c39601b5e8e4d8772e4273a3618bba9ea609fd001660d152f3963a/detection
# Reference: https://www.virustotal.com/gui/file/6fb82ca662f7e3f55cdd0f930507f2add996eef09c0f60a9924f469648c915f8/detection

151.106.19.20:12197
151.106.19.20:16867
151.106.19.20:23123
151.106.19.20:24784
151.106.19.20:8248

# Reference: https://twitter.com/RedDrip7/status/1627503544130752513
# Reference: https://www.virustotal.com/gui/file/86f6738c27ca4195813ec1b84d70eaad00670ae043158885cf7a68ad6ba924b1/detection

172.245.80.12:14198
172.245.80.12:18818
172.245.80.12:24224
172.245.80.12:26781
172.245.80.12:8149

# Reference: https://www.welivesecurity.com/2023/03/07/love-scam-espionage-transparent-tribe-lures-indian-pakistani-officials/

meetup-chat.com
phone-drive.online
share-lienk.info
meetsapp.org

# Reference: https://twitter.com/StopMalvertisin/status/1634101674066448387
# Reference: https://www.virustotal.com/gui/file/ecd7d7a27a2a043919a233bb91e3b009c05b7c81ff132a7c29228e1c45d2b6a6/detection

167.114.138.12:10614
167.114.138.12:14822
167.114.138.12:18443
167.114.138.12:6828
167.114.138.12:8661

# Reference: https://twitter.com/suyog41/status/1635983614906187778
# Reference: https://www.virustotal.com/gui/file/ba203358836bd59ffab1e993433765511844ffd3b0985b25e4772d37a28ecfa0/detection

84.46.250.78:8080
84.46.250.78:9812
kwalityproducts.com/bootstrap/jquery/files/details

# Reference: https://twitter.com/0xrb/status/1638049660895100928
# Reference: https://www.virustotal.com/gui/file/c89806e27ecefa3a05ba84b2dd46b148aef007ffa0ef80f6b34621d7777fbd65/detection
# Reference: https://www.virustotal.com/gui/file/bca2ae73987fd0f3f9c7cd984c55b3a0881333ced9a666f375d684d72f082acb/detection

185.229.119.60:9134
89.117.63.146:9921

# Reference: https://twitter.com/StopMalvertisin/status/1640798678649827329
# Reference: https://www.virustotal.com/gui/file/b74250a2259c947073225bbb24f11f4239d0ea4dabc45f4a40a4bbd46793fa6b/detection

richa-sharma.ddns.net

# Reference: https://twitter.com/StopMalvertisin/status/1645805949234597889
# Reference: https://www.virustotal.com/gui/file/c33ee5a2d9df04d07df9f02678f1f880d271dd4d21140f51468eb6affc38a8e8/detection

104.168.48.210:12267
104.168.48.210:18197
104.168.48.210:7516

# Reference: https://twitter.com/jaydinbas/status/1648246659170672640
# Reference: https://twitter.com/fr0s7_/status/1648697733182627841
# Reference: https://www.virustotal.com/gui/file/6d1d3801e227f99c75687b486d0b6879347d6b231de311ad6b5be8661d49d3a3/detection
# Reference: https://www.virustotal.com/gui/file/806c9f3f5ac1d04991776baa627161a1808166ca6d958de756c09f884cb2f000/detection

209.126.81.42:444
ssynergy.in

# Reference: https://www.team-cymru.com/post/allakore-d-the-sidecopy-train

144.91.72.17:9468
185.229.119.60:7469
66.219.22.252:3389
66.219.22.252:8080
66.219.22.252:82
66.219.22.252:9467
89.117.63.146:7439

# Reference: https://twitter.com/teamcymru_S2/status/1649417705269723140

38.242.207.36:2244
38.242.207.36:3764
38.242.207.36:9467

# Reference: https://twitter.com/suyog41/status/1646528247772110853
# Reference: https://twitter.com/suyog41/status/1650377206571618304
# Reference: https://www.virustotal.com/gui/file/5ecbc33fe3b345f2956cff566203e33b9390a3ed9923b990a46804880ae2f59b/detection
# Reference: https://www.virustotal.com/gui/file/efa5a2cbc174b0dba15a453e70f632a23f2213fa7e6473cb8fa66ed0dc8a3a15/detection

78.47.204.216:443
defenseinsight.in
insight.defenseinsight.in

# Reference: https://twitter.com/suyog41/status/1652927978802925568
# Reference: https://www.virustotal.com/gui/file/136fdbc6edec659ef19c4e57b2db005fe8e5a59bbe913f0603698699465e5589/detection

31.187.72.107:443

# Reference: https://www.virustotal.com/gui/file/f63c9c67ef1cc74f3936d637217b1812e04794316cc3895665688068cb31b50e/detection

144.91.65.100:3245

# Reference: https://www.virustotal.com/gui/file/4e110011e8467c77c2de3a335d291b45b24633b2d22169552c200a1095355111/detection

144.91.65.100:4145

# Reference: https://www.virustotal.com/gui/file/587f77cdd90078107928360213536ee69fd7164c4682d44a571bb469795ea06c/detection

144.126.143.138:8080
144.126.143.138:9813

# Reference: https://twitter.com/RedDrip7/status/1666624522408333313
# Reference: https://www.virustotal.com/gui/file/3656a664cde158cf5c3220fb2fdb468fbc8c4e4ff21b951259a9cc10e6bf5615/detection

64.188.21.102:12267
64.188.21.102:18197
64.188.21.102:25821
64.188.21.102:26442
64.188.21.102:7516

# Reference: https://twitter.com/StopMalvertisin/status/1676869449394327553
# Reference: https://www.virustotal.com/gui/file/3859ecfffaf16065a45fce44988e197cc56838a7f6bfb27cb4e8bdc5e43f87db/detection
# Reference: https://www.virustotal.com/gui/file/86eccc88dcae9d1890a43f35b1a30c63b19176f5bff371b21588ee4a7519ab56/detection
# Reference: https://www.virustotal.com/gui/file/f0176c4de5bdac87cc1db60abf64f0736ac101548417cba6a16f7481fccf907e/detection

173.232.44.69:9149

# Reference: https://twitter.com/StopMalvertisin/status/1676869451776671745
# Reference: https://www.virustotal.com/gui/file/c2342e96f7443a221336cd4ff46905a9c30ee54fc02f6c0da11b13b7503bdd53/detection
# Reference: https://www.virustotal.com/gui/file/c3497181b42c520ead76a8ced713c4a2b307f869903b288cc0528895bedf7fdf/detection

185.187.235.186:14198
185.187.235.186:18818
185.187.235.186:24224
185.187.235.186:26781
185.187.235.186:8149

# Reference: https://twitter.com/StopMalvertisin/status/1676869453987086341
# Reference: https://www.virustotal.com/gui/file/86f6738c27ca4195813ec1b84d70eaad00670ae043158885cf7a68ad6ba924b1/detection
# Reference: https://www.virustotal.com/gui/file/f77205a9238a123b74b764be6e2132777e1f3eda9c515f31219387c45629e3ea/detection
# Reference: https://www.virustotal.com/gui/file/6d372ac5ea7270b83a04ef72eaed5a87258cf612f4c52e4dd2a7e073e5913c5c/detection

172.245.80.12:14198
172.245.80.12:18818
172.245.80.12:24224
172.245.80.12:26781
172.245.80.12:8149

# Reference: https://twitter.com/suyog41/status/1677224671790473216
# Reference: https://www.virustotal.com/gui/file/19a5c5472d299f153bab581f4fba6d678ee3055b3d9c605c1467b9991b207087/detection

144.126.154.84:8080
144.126.154.84:9813
politicalclearance.serveftp.com

# Reference: https://twitter.com/StopMalvertisin/status/1677317772072693766
# Reference: https://twitter.com/StopMalvertisin/status/1677317776514375690

aadiloans.co.in/asset/css/cat/
aadiloans.co.in/asset/css/files/pre/
aadiloans.co.in/asset/js/files/pre/

# Reference: https://twitter.com/StopMalvertisin/status/1682064332547555328
# Reference: https://www.virustotal.com/gui/file/a9007c0f22dc7ef45ee7a4acea4d39af897642e618f3eb0c73da83887f3471ea/detection

http://211.135.21.210
185.136.163.197:10926
185.136.163.197:14286
185.136.163.197:443
185.136.163.197:6982

# Reference: https://twitter.com/StopMalvertisin/status/1680989559373582336
# Reference: https://www.virustotal.com/gui/file/9d2404b27788b96562a13cfddff8d66ef82b0b606d3db55c22f55d9f72445ddb/detection

104.168.48.210:25821
104.168.48.210:26442

# Reference: https://twitter.com/StopMalvertisin/status/1689669636940570624
# Reference: https://www.virustotal.com/gui/file/462fe328cb5cff68bea48c2a96896e998d238118f2b372ef444f9b4230e9eeb5/detection
# Reference: https://www.virustotal.com/gui/file/94b8a01ad4b53d202984afb6781d7f88cb5cd329349791516e985ea88e08ad66/detection
# Reference: https://www.virustotal.com/gui/file/7c744de5dcaa8cf88db4e852405ada4ac99bfd166d671f7c476cb2085c6438ed/detection

64.188.19.199:8158

# Reference: https://twitter.com/StopMalvertisin/status/1696155037758591159
# Reference: https://twitter.com/fr0s7_/status/1696161980887744961
# Reference: https://www.virustotal.com/gui/file/5427d381fead7350478cd36eb05d379d4a61b43276fb440525a040b34f784316/detection
# Reference: https://www.virustotal.com/gui/file/2947a56a5485ca6871e15a26b0e05f9623023cdd2d6b69e1915c60e5ea39b3b8/detection

207.180.194.63:8080
207.180.194.63:9813
isometricsindia.co.in
createdaliyplan.serveftp.com

# Reference: https://twitter.com/suyog41/status/1697568816862261250
# Reference: https://www.virustotal.com/gui/file/e4de853a5f51105586ebca91c6ef9927d689f3317b6dafcbdbe4903ded529328/detection

http://66.135.2.62
/rivoblog

# Reference: https://twitter.com/SinghSoodeep/status/1702071866750390512
# Reference: https://www.zscaler.com/blogs/security-research/peek-apt36-s-updated-arsenal
# Reference: https://www.virustotal.com/gui/ip-address/153.92.220.59/relations
# Reference: https://otx.alienvault.com/pulse/65081462b23b4d1d7d561645

http://134.209.159.9
http://64.227.138.127
http://64.227.133.222
103.2.232.82:8081
admin-br.in
admin-dept.in
admin-desk.in
adminbr.in
admincell.in
admindept.in
admindesk.in
adminsec.in
apkzones.com
baseuploads.com
ccmsnew.in
civillist.in
coordbr.in
coordbranch.in
cs1.in
e0ffice.in
email9ov.in
govdopt.in
indiauc.com
ndcdelhi.in
pcdapune.in
rsbpunjab.in
sapcs.in

# Reference: https://twitter.com/0xrb/status/1702542474911371578
# Reference: https://www.virustotal.com/gui/file/0decd978542b52e4fe2cca7f540887ed097e972264306afada649b7965c36bfe/detection
# Reference: https://www.virustotal.com/gui/file/3c31ac10af1a3273041d897bfa25f0ceed2949f2f672d8d95ea4ccfe96d37e50/detection
# Reference: https://www.virustotal.com/gui/file/8fec0edf8264b4aae46e448d81bd8f29246f6dcd150ec89a2ea0f34764c4fa5d/detection

64.188.25.43:16868
64.188.25.43:20851
64.188.25.43:26150
64.188.25.43:30486
64.188.25.43:6816

# Reference: https://www.sentinelone.com/labs/capratube-transparent-tribes-caprarat-mimics-youtube-to-hijack-android-phones/
# Reference: https://www.virustotal.com/gui/file/f2d43369016b6c106f07cb214afdfb9807b808fc5fe6fd6cf7a6405271cafdd5/detection
# Reference: https://www.virustotal.com/gui/file/c3776e1e1b82e3e07fd94b7b9090d29c3410371c0d61d27301d38daf4a1f2c4d/detection
# Reference: https://www.virustotal.com/gui/file/c3776e1e1b82e3e07fd94b7b9090d29c3410371c0d61d27301d38daf4a1f2c4d/detection
# Reference: https://www.virustotal.com/gui/file/9fdbe6f05d2ce4baa7819a0789caa3b49a835093193370ba49bdc4dfd4d9c7c7/detection
# Reference: https://www.virustotal.com/gui/file/8cb542f5793279b8a11af28e9352f41d400856a28e40ed1daa323b47f9ea3e3c/detection
# Reference: https://www.virustotal.com/gui/file/2259c89d2c5e1d8324f075135b03492f393860b9911855e84f50ed6b3699ac4d/detection

209.127.19.241:10284
95.111.247.73:18892
newsbizshow.net
ptzbubble.shop

# Reference: https://twitter.com/suyog41/status/1683440871260188672
# Reference: https://www.virustotal.com/gui/file/bdee4edbe7adf842b519a47d964e64b219700b2ba1d7faf4b899e34bd63006b7/detection
# Reference: https://www.virustotal.com/gui/file/bbe0fa619435a89b6c054d9ef84574e05cb1ae76dd707d6c27155bf6951a01e5/detection

6jxbmkpe.torontobotdns.com
8tqxpf27.torontobotdns.com
cangpeitaoke.oss-cn-hangzhou.aliyuncs.com

# Reference: https://twitter.com/suyog41/status/1704368376456610172
# Reference: https://www.virustotal.com/gui/file/4662be09fce319b69ed4365e2e4fb3654ae9f597bb060cf2a0cc8b567f445848/detection

http://151.236.218.158

# Reference: https://twitter.com/0xrb/status/1704827410695528554
# Reference: https://www.virustotal.com/gui/file/e34a7a3f2204fb292b2c9a9d5526f440ba6b31cf0bc8171d2874f25d372b8774/detection

162.245.190.24:10108
162.245.190.24:16197
162.245.190.24:18968
162.245.190.24:20103
162.245.190.24:26784

# Reference: https://twitter.com/ginkgo_g/status/1711284161712124079
# Reference: https://www.virustotal.com/gui/file/a833dbdc5c2113da51bf778351834682bc6220461394050e04592cd9096e0aba/detection
# Reference: https://www.virustotal.com/gui/file/2110af4e9c7a4f7a39948cdd696fcd8b4cdbb7a6a5bf5c5a277b779cc1bf8577/detection

162.245.191.217:15198
162.245.191.217:17818
162.245.191.217:27781
162.245.191.217:29224
162.245.191.217:9149
210.115.11.107:15198
210.115.11.107:17818
210.115.11.107:27781
210.115.11.107:29224
210.115.11.107:9149

# Reference: https://twitter.com/suyog41/status/1713820527209680985
# Reference: https://www.virustotal.com/gui/file/435f3d02d94628698034f511e5e25f5996a977b6094e28f787e470a671d2f6a3/detection
# Reference: https://www.virustotal.com/gui/file/ba77adcff701f6c6116a6be12d127f43b82c7229c1bb6a172f9b8b2f25c91f70/detection
# Reference: https://www.virustotal.com/gui/file/60fbdc3d9404f9577848e5fc9137df0d63186d250ce132df5e1ef89f4ff3fca0/detection

mazagondoc.com
vocport.com
/khalistanLeaderprotest

# Reference: https://twitter.com/k3yp0d/status/1716386958253985927
# Reference: https://twitter.com/k3yp0d/status/1721490170027839638
# Reference: https://twitter.com/suyog41/status/1721762652366454788
# Reference: https://twitter.com/d1spat0h/status/1730106955195363573
# Reference: https://www.virustotal.com/gui/ip-address/162.241.85.104/relations
# Reference: https://www.virustotal.com/gui/file/32c629af8f602f18b9bf4b557e9ecf6cfd81c62dc1fa103e269a3fa1e7233526/detection
# Reference: https://www.virustotal.com/gui/file/47358f1f45fcf25b33d79ebf23770afd5cf6217fd58b44a87e9ff62db8c703a1/detection
# Reference: https://www.virustotal.com/gui/file/6beaf25f0fbe83e64d5f5271a1ed5320f8d8740c468f072d93e29e482cb0ec6f/detection
# Reference: https://www.virustotal.com/gui/file/324ab6f36d61a5a89992a267271f2b433e1cd595a54e262e04f91c0230c4be23/detection

185.213.27.94:8080
185.213.27.94:9813
inniaromas.com
masterrealtors.in
sunfireglobal.in
basicdailywork.webhop.me

# Reference: https://twitter.com/suyog41/status/1716709552543162496
# Reference: https://www.virustotal.com/gui/file/fa6aa00418f7c7e2c8c840f89acee25dac55e0623e7e5e6641880ffa3dd161ec/detection

tx.welxin.cn

# Reference: https://twitter.com/ginkgo_g/status/1719193143785259030
# Reference: https://www.virustotal.com/gui/file/29465f87bd3e6731668f3d3020924db55dae04d8cec335088d49072013900685/detection
# Reference: https://www.virustotal.com/gui/file/6935999ee4b2f88cf74ec299c24a212a2c4b0f95105fb773e920d88153eab3c3/detection

207.180.192.77:6023
futureuniform.ca/wp/wp-content/files/01/

# Reference: https://twitter.com/ginkgo_g/status/1720277345876262975
# Reference: https://www.virustotal.com/gui/file/fa48fbe37d6172bfb3c3bda961c7024ec41f5c3b2bbe0decd9dbf34f15127db1/detection

185.187.235.185:8896

# Reference: https://twitter.com/k3yp0d/status/1722213819681017947
# Reference: https://www.seqrite.com/blog/sidecopys-multi-platform-onslaught-leveraging-winrar-zero-day-and-linux-variant-of-ares-rat/
# Reference: https://www.virustotal.com/gui/file/5893b58d6a6a772f8ecd491a4dace11007fd1aac90e5f4a0363288d1376e1ce5/detection

207.180.220.55:8015
38.242.149.89:9828
elfinindia.com
occoman.com

# Reference: https://twitter.com/k3yp0d/status/1722217627328897057
# Reference: https://www.virustotal.com/gui/file/00fed27ac3b5b4703266c15f43841ab2cb8e85f61f790c51c1fb019ec4295ecf/detection

185.217.125.195:7208

# Reference: https://twitter.com/StopMalvertisin/status/1722948447689695235
# Reference: https://www.virustotal.com/gui/file/a0632cecfd478fbef1a69daae3d760041c6af2cc88965633d3837e076793cc82/detection

64.188.21.202:6826
tugpisacrev.com

# Reference: https://twitter.com/0xrb/status/1729787008954819065
# Reference: https://twitter.com/PrakkiSathwik/status/1729915833886085136
# Reference: https://www.virustotal.com/gui/ip-address/64.188.13.140/detection

64.188.13.140:18917
64.188.13.140:9649

# Reference: https://twitter.com/BaoshengbinCumt/status/1740666203679732077
# Reference: https://www.virustotal.com/gui/ip-address/195.35.38.44/relations

zomatofoods.info

# Reference: https://twitter.com/ginkgo_g/status/1719193850395369545
# Reference: https://www.virustotal.com/gui/file/9645299e58c7521d811fbdcdbd57db45160191db7c7b73eae5d97e4530136da8/detection

38.242.220.166:9012
rockwellroyalhomes.com
/api/root_149371139681480/hello
/api/root_168683512566649/hello
/api/root_149371139681480/upload
/api/root_168683512566649/upload
/api/root_149371139681480/
/api/root_168683512566649/

# Reference: https://www.virustotal.com/gui/file/61b898f4254d8c6d3d375584a1109367f9e86d221e2d404bf6768fb81b1b48b5/detection

161.97.151.220:7015
/api/root_36854582802642/hello
/api/root_36854582802642/upload
/api/root_36854582802642/

# Reference: https://twitter.com/PrakkiSathwik/status/1742161478021743080
# Reference: https://www.virustotal.com/gui/file/03888813079d01e1ba2d2675cf35724e529d58a78b9efd8161c746e8e33c643d/detection
# Reference: https://www.virustotal.com/gui/file/35eeba173fb481ac30c40c1659ccc129eae2d4d922e27cf071047698e8d95aea/detection

164.68.127.81:8149
riddhifoods.in
/api/root_228574257745523/hello
/api/root_228574257745523/upload
/api/root_228574257745523/

# Reference: https://twitter.com/h2jazi/status/1745544900106424336
# Reference: https://www.virustotal.com/gui/file/51a372fee89f885741515fa6fdf0ebce860f98145c9883f2e3e35c0fe4432885/detection

clawsindia.in

# Reference: https://twitter.com/Cyberteam008/status/1746030429856235837
# Reference: https://www.virustotal.com/gui/ip-address/142.11.216.84/relations
# Reference: https://www.virustotal.com/gui/ip-address/31.220.103.127/relations

govn-in.site
email.govn-in.site

# Reference: https://twitter.com/ginkgo_g/status/1753326069359460471
# Reference: https://www.virustotal.com/gui/file/e87978f0af9bb550ab4686a7d3657e6cbfd92347744dfce8ff2321781ac2eee0/detection
# Reference: https://www.virustotal.com/gui/file/c59b2d6a70bc5b84998aebb2d21241a8adef33724838e92db4dee36a1ce46f43/detection

164.68.122.64:11128
164.68.122.64:18187
164.68.122.64:19986
164.68.122.64:25123
164.68.122.64:27684
mus09.duckdns.org

# Reference: https://twitter.com/Cyberteam008/status/1757378890631406027
# Reference: https://www.virustotal.com/gui/ip-address/74.50.94.41/relations

casedetail.info
casedetails.info
casesnews.info
casesreports.info
corruptioncase.info
corruptioncasedetails.info
corruptioncases.in
detailscases.info
detailsreport.info
harassmentcases.info
reportdetail.info
reportsdetail.info
supoortwindownlinux.cyou
mfa.gov.ir.corruptioncase.info
mod.gov.in.harassmentcases.info
nia.gov.in.casedetail.info
nia.gov.in.casedetails.info
nia.gov.in.casesnews.info
nia.gov.in.casesreports.info
nia.gov.in.detailscases.info
nia.gov.in.detailsreport.info
nia.gov.in.reportsdetail.info

# Reference: https://twitter.com/PrakkiSathwik/status/1770447142357741737

164.68.102.44:6663
164.68.102.44:9828

# Reference: https://twitter.com/PrakkiSathwik/status/1771846752489841135
# Reference: https://www.virustotal.com/gui/ip-address/162.241.85.104/relations
# Reference: https://www.virustotal.com/gui/domain/smokeworld.in/relations

joyworld.in
joyworldjw.in
maidmart.in
smokeworld.in
whm.maidmart.in

# Reference: https://twitter.com/Cyberteam008/status/1770748710567153783
# Reference: https://pastebin.com/058WtrX2

http://176.57.189.202
http://185.161.208.100
http://185.20.184.6
http://193.42.33.59
http://45.12.253.35
http://45.66.230.167
http://66.23.229.245
http://79.110.48.64
http://91.92.241.198
http://91.92.252.90
176.57.189.202:443
185.161.208.100:443
185.20.184.6:443
193.42.33.59:443
45.12.253.35:443
45.66.230.167:443
66.23.229.245:443
79.110.48.64:443
91.92.241.198:443
91.92.252.90:443
case-detail.info
casereported.info
harassmentcase.info
preventivemeasures.info
publicationsinfo.cyou
in.casereported.info
gov.in.casereported.info
ddp.gov.in.case-detail.info
dod.gov.in.publicationsinfo.cyou
mail.harassmentcase.info
mod.gov.in.casereported.info
mod.gov.in.harassmentcase.info
mod.gov.in.preventivemeasures.info
mod.gov.in.reportcases.info

# Reference: https://twitter.com/Cyberteam008/status/1773208866441851277

awarenessprogram.info
casesdetails.info
casesreport.info
harassmentcases.cyou
csk.gov.in.awarenessprogram.info
gov.in.awarenessprogram.info
gov.in.casesdetails.info
gov.in.casesreport.info
gov.in.harassmentcases.cyou
mod.gov.in.casesdetails.info
mod.gov.in.casesreport.info
modgov.in.casesreport.info
nia.gov.in.case-detail.info
nia.gov.in.harassmentcases.cyou

# Reference: https://app.validin.com/detail?find=casesdetail.info&type=dom#tab=subdomains

casesdetail.info
gov.in.casesdetail.info
in.casesdetail.info
mod.gov.in.casesdetail.info
nia.gov.in.casesdetail.info
niagov.in.casesdetail.info

# Reference: https://app.validin.com/detail?find=casesdetails.cyou&type=dom#tab=subdomains

casesdetails.cyou
gov.in.casesdetails.cyou
in.casesdetails.cyou
nia.gov.in.casesdetails.cyou

# Reference: https://twitter.com/MichalKoczwara/status/1774454226044817798

casereport.cyou
casereports.cyou
casereports.info
casesreported.info
cbi.gov.in.casereport.cyou
dgqa.gov.in.casereport.cyou
gov.in.casereport.cyou
gov.in.casereports.cyou
gov.in.casereports.info
gov.in.casesreported.info
mea.gov.in.casereports.info
mod.gov.in.casereport.cyou
mod.gov.in.casesreported.info
nia.gov.in.casereport.cyou
nia.gov.in.casereports.cyou

# Reference: https://www.virustotal.com/gui/ip-address/198.54.116.114/relations
# Reference: https://www.virustotal.com/gui/ip-address/79.110.62.89/relations

accountsinfo.site
in.accountsinfo.site
gov.in.accountsinfo.site
dod.gov.in.accountsinfo.site
mail.gov.in.accountsinfo.site
kavach.mail.gov.in.accountsinfo.site

# Reference: https://app.validin.com/detail?type=dom&find=harassmentreports.info#tab=subdomains

harassmentreports.info
in.harassmentreports.info
gov.in.harassmentreports.info
mod.gov.in.harassmentreports.info

# Reference: https://twitter.com/Cyberteam008/status/1774723849403449523
# Reference: https://www.virustotal.com/gui/ip-address/68.65.121.178/relations

aiapplication.chat
in.aiapplication.chat
gov.in.aiapplication.chat
drdo.gov.in.aiapplication.chat

# Reference: https://twitter.com/Cyberteam008/status/1775469548566937667
# Reference: https://twitter.com/bofheaded/status/1775527176710099220
# Reference: https://www.virustotal.com/gui/ip-address/35.154.100.195/relations
# Reference: https://www.virustotal.com/gui/ip-address/52.66.136.7/relations

caselist.vip
cbigov-in.cc
cbigov-in.com
cbigov-in.net
cbigov-in.site
dailycourt.in
mainscigv.in
scigovt-in.cc
api.caselist.vip
api.cbigov-in.com
casedetails.dailycourt.in
sci.goovv.in
scigovt.caselist.vip
main.sci.goovv.in

# Reference: https://twitter.com/Cyberteam008/status/1775485100534423613
# Reference: https://www.virustotal.com/gui/ip-address/118.107.41.11/relations

caseinfo.in
caseinspection.in
caselist.in
caselists.top
casesubmit.in
caseterms.in
courtdelhi.in
courtpublic.in
judicature.in
justiceorder.in
scigovt.in
ad.caselist.in
api.caseinfo.in
api.caselist.in
api.caselists.top
api.caseterms.in
api.justiceorder.in
scigovt.caseinfo.in
scigovt.caseinspection.in
scigovt.caselist.in
scigovt.caselists.top
scigovt.casesubmit.in
scigovt.caseterms.in
scigovt.courtdelhi.in
scigovt.courtpublic.in
scigovt.judicature.in
scigovt.justiceorder.in
scigovt.maincases.in
scigovt.supremeorders.in
supreme.scigovt.in
supremeorders.in
main.scigovt.maincases.in
main.supreme.scigovt.in

# Reference: https://www.virustotal.com/gui/ip-address/13.126.2.62/relations
# Reference: https://www.virustotal.com/gui/ip-address/172.67.134.15/relations

detailscheck.in
reportstatus.in
api.detailscheck.in
api.reportstatus.in
scigovt.detailscheck.in
scigovt.reportstatus.in

# Reference: https://app.validin.com/detail?find=casedetails.in&type=dom#tab=subdomains

casedetails.in
api.casedetails.in

# Reference: https://www.virustotal.com/gui/ip-address/172.67.217.169/relations

scigv.in
cbins.scigv.in

# Reference: https://twitter.com/Cyberteam008/status/1777531938552914291
# Reference: https://www.virustotal.com/gui/ip-address/91.225.217.103/relations

check-suspicious-activity-on-account.support
in.check-suspicious-activity-on-account.support
gov.in.check-suspicious-activity-on-account.support
cert-in.org.in.check-suspicious-activity-on-account.support
mail.gov.in.check-suspicious-activity-on-account.support
kavach.mail.gov.in.check-suspicious-activity-on-account.support

# Reference: https://twitter.com/PrakkiSathwik/status/1778300773912231966

vparking.online

# Reference: https://www.virustotal.com/gui/file/02f409e239ceeb38adf50bd878b7479c341752f3a37469a4735caefffafcc1f1/detection

ivinfotech.com

# Reference: https://twitter.com/PrakkiSathwik/status/1778392598421332212
# Reference: https://www.virustotal.com/gui/file/a9dce1db2cc56d9ea3ad6c1a53f42d43564ff042c48342f22082ffeb5037cde9/detection
# Reference: https://www.virustotal.com/gui/file/500502342f3d4fee9a415798af83e1d63129d70034b4b269a649ee275f08f5ac/detection
# Reference: https://www.virustotal.com/gui/file/cb2ba7b9aedb38a6ae248e9f54ccce781b62829b3670238268e6e942571bdcdd/detection

204.44.124.134:15597
204.44.124.134:18518
204.44.124.134:26791
204.44.124.134:28329
204.44.124.134:9149

# Reference: https://twitter.com/Cyberteam008/status/1778648573967847710
# Reference: https://www.virustotal.com/gui/file/a2d1e37fac01d2f72e51181b2e79ecfda2c6569346c5d67dc8af6c772cfe236f/detection
# Reference: https://www.virustotal.com/gui/file/3925dd34feb2d1b3eb24cb07564b0e2a2d81722a3891b4c7379d2f0c7a04f182/detection

162.245.191.214:909
176.107.182.55:909
juichangchi.online

# Reference: https://www.virustotal.com/gui/file/bc7fe650362c72b8de1fb2235d2607ac90eec14fe165151210ba96115959dd04/detection

155.94.209.4:8888

# Reference: https://www.seqrite.com/blog/pakistani-apts-escalate-attacks-on-indian-gov-seqrite-labs-unveils-threats-and-connections/

155.94.209.4:33678
155.94.209.4:9009
176.107.182.55:121
176.107.182.55:65
176.107.182.55:67

# Reference: https://twitter.com/Cyberteam008/status/1786247582005793091
# Reference: https://pastebin.com/KpS9FG8L

http://78.40.117.141
http://78.40.117.194
http://78.40.117.207
http://78.40.117.208
http://78.40.117.98
78.40.117.141:443
78.40.117.194:443
78.40.117.207:443
78.40.117.208:443
78.40.117.98:443
detailedcases.info
detailedreport.info
reportedcase.info
reportedcases.info
gov.in.detailedcases.info
gov.in.detailedreport.info
gov.in.reportedcase.info
gov.in.reportedcases.info
in.detailedcases.info
in.detailedreport.info
in.reportedcase.info
in.reportedcases.info
mod.gov.in.detailedcases.info
mod.gov.in.detailedreport.info
mod.gov.in.reportedcase.info
mod.gov.in.reportedcases.info

# Reference: https://twitter.com/ginkgo_g/status/1789235055417843988
# Reference: https://www.virustotal.com/gui/file/bc1acdca196f1ff72722243be2afe1429b88122afb9d4852d6d6e57689411d3d/detection
# Reference: https://www.virustotal.com/gui/file/81038a217237afd16d80da7fc9219cbd145f9698bb512e2b625559a47ba73fec/detection
# Reference: https://www.virustotal.com/gui/file/d777bcb6fba73faf96cb422383404c3b81a8afa5aebbc8ed70076081de7daa0c/detection
# Reference: https://www.virustotal.com/gui/file/116589b0ef0a11f5012ea80cfbcd8bcbe85116e515a05f77e2b86e533cad5ba4/detection

64.188.27.144:5863
reviewassignment.in
reviewassignment.online
checkdailytips.servehttp.com

# Reference: https://twitter.com/PrakkiSathwik/status/1789619166460178694

62.169.30.39:6660
62.169.30.39:7884
springfielduniversity.info

# Reference: https://twitter.com/PrakkiSathwik/status/1789989542621004049

84.247.170.237:8080
84.247.170.237:9813
ddbl.co.uk/js/files/autz/ctr/

# Reference: https://twitter.com/Cyberteam008/status/1790334538436194622

reportdetails.info
in.reportdetails.info
gov.in.reportdetails.info
mod.gov.in.reportdetails.info

# Reference: https://twitter.com/Jane_0sint/status/1714636442482176274
# Reference: https://app.any.run/tasks/4c9948bb-9599-4fd7-9d30-c2e2ed685741/
# Reference: https://www.virustotal.com/gui/file/fa86b5bc5343ca92c235304b8dcbcf4188c6be7d4621c625564bebd5326ed850/detection
# Reference: https://www.virustotal.com/gui/file/c328cec5d6062f200998b7680fab4ac311eafaf805ca43c487cda43498479e60/detection
# Reference: https://www.virustotal.com/gui/file/6ffed1bb706a5eb205294f9287a9182d71e293b3b131415bfbe24b99e28ccd67/detection

38.242.149.89:61101

# Reference: https://x.com/DmitriyMelikov/status/1793346094048461014
# Reference: https://blogs.blackberry.com/en/2024/05/transparent-tribe-targets-indian-government-defense-and-aerospace-sectors
# Reference: https://www.virustotal.com/gui/file/320a792ff9efcdaf56bdc828d0b352221f3e3c0f89192e17648768aa9f51dff7/detection
# Reference: https://www.virustotal.com/gui/file/544f7462dc0d61491b7502df6836692dff680a6a562ba2d8b81c127c355be840/detection
# Reference: https://www.virustotal.com/gui/file/f516c70f9c52aa2ed7ed14e87435d9b13ef1f1b3a9ae9651b14afb935a359f63/detection

admincoord.in
apsdelhicantt.in
awesindia.online
certdehli.in
coordoffice.in
coordsec2.in
emailnic-tech.email
eoffice-sparrow.online
estbsec.in
esttsec.in
infosec2.in
publicinfo.in
secy-org.in
tensupports.com
tpt123.com
twff247.cloud
warfarestudies.in
winp247.cloud
zedcinema.com
files.tpt123.com

# Reference: https://x.com/ValidinLLC/status/1793379580117745788
# Reference: https://www.virustotal.com/gui/ip-address/158.220.93.96/relations

aaloochaat.com
supportuploads.info
tensupports.com
zedcinema.com
zedsinema.com

# Reference: https://x.com/suyog41/status/1793547347877892448
# Reference: https://x.com/Cyberteam008/status/1795715878228832263
# Reference: https://www.virustotal.com/gui/file/dde5bae636602527eda591be7e45510996c2e56ad51ea7f61d3932a9a388647e/detection
# Reference: https://www.virustotal.com/gui/file/eb0b75756287fb3038fbcd2cc4cd261ec83dd8fd0fca3acabb12d4565ba8cddd/detection
# Reference: https://www.virustotal.com/gui/file/6bcc3e6c23017d7246352c2db0eb13bde264a7252a3ec6ae6e44714c1cbbd970/detection

104.223.106.8:11248
94.72.105.227:11248
94.72.105.227:16896
waqers.duckdns.org

# Reference: https://x.com/PrakkiSathwik/status/1795075152343908743
# Reference: https://x.com/PrakkiSathwik/status/1795082594037469349
# Reference: https://www.virustotal.com/gui/file/d0aef9bd02b6dfdaf6e71a485057728b55c8336391f1fbaa414d06f66c593329/detection

66.63.163.148:10168
66.63.163.148:12258
66.63.163.148:14267
66.63.163.148:16686
66.63.163.148:34153
qheelsec.duckdns.org

# Reference: https://x.com/PrakkiSathwik/status/1797634685302178167
# Reference: https://www.virustotal.com/gui/file/708e5d06a457bba1adb5b4cf81214ea4c7f73a813c86c0d2cec99ba54968f228/detection

162.218.122.3:12228
162.218.122.3:16897
162.218.122.3:18986
162.218.122.3:22665
162.218.122.3:26823
govsec.duckdns.org

# Reference: https://x.com/Cyberteam008/status/1798902051793174567
# Reference: https://www.virustotal.com/gui/ip-address/185.196.10.80/relations

investigationreport.info
reportscases.info
gov.in.investigationreport.info
gov.in.reportscases.info
in.investigationreport.info
in.reportscases.info
mod.gov.in.reportscases.info
nia.gov.in.investigationreport.info

# Reference: https://x.com/PrakkiSathwik/status/1799103555619672315
# Reference: https://www.virustotal.com/gui/file/2e8e1a221ed40614d1d1f28c6d37e1f3991169967aadab0ccb4e7756ec77bcbe/detection

utkalsevasamitikanjurmarg.in/assets/
windowupdatecache.in
defender.windowupdatecache.in
utkalsevasamitikanjurmarg.in.aintssa.in/assets/

# Reference: https://x.com/Cyberteam008/status/1800351661837390076
# Reference: https://x.com/akaclandestine/status/1800651122291478530
# Reference: https://pastebin.com/x13K7XWC

http://152.42.162.105
http://161.35.207.209
http://165.22.221.71
http://178.128.166.148
marketing11.porcmtecnologia.com
segmail54.laonwona.com

# Reference: https://x.com/PrakkiSathwik/status/1800933629012447376
# Reference: https://www.virustotal.com/gui/ip-address/84.247.170.237/relations
# Reference: https://www.virustotal.com/gui/file/e7d7d45677d1552950f74dbb72f214995382baaffea9465da1a412108210335d/detection
# Reference: https://www.virustotal.com/gui/file/683c61f8dda90ea3b1e76f2ff5ad78dc03ebe3827d56536988a9c5e4490eabd2/detection

84.247.170.237:4858
dipl.site
supplyprodaily.servehttp.com

# Reference: https://x.com/Cyberteam008/status/1806529081732694202
# Reference: https://pastebin.com/w0F6pVa7
# Reference: https://www.virustotal.com/gui/ip-address/154.12.41.46/relations
# Reference: https://www.virustotal.com/gui/file/6724ab0e718cd422dd2d2bf6a3244996cc35000253ea725dfbe474901e4279c7/detection

34667.fun
56184.fun
78990.fun
89204.fun
88c.34667.fun
903.78990.fun
9123.89204.fun
cbigovin.site
cbigovin.top
cbigovins.site
cbigovins.top

# Reference: https://www.sentinelone.com/labs/capratube-remix-transparent-tribes-android-spyware-targeting-gamers-weapons-enthusiasts/
# Reference: https://www.virustotal.com/gui/file/5cc20a3be2265c52eccf36a6d0a8d0a0fd90ab2cb6d7c65204ef2c487e38a8c3/detection
# Reference: https://www.virustotal.com/gui/file/7f981fc12dcb4621ac2a8c4f3882d24f113ac98fe4fb24207743ae24be762978/detection
# Reference: https://www.virustotal.com/gui/file/9f12f0bf13ff9a15e65065bc1fd95cdacb0072e0765aa781c920cfdd3506bde6/detection
# Reference: https://www.virustotal.com/gui/file/a1836f86daa774e0c9718343dbc2466c4851b86631dfd199e39a656404c237ac/detection

173.212.206.227:18582
173.249.50.243:18582

# Reference: https://x.com/ValidinLLC/status/1810978537517494672

casesreported.cc
incidentreports.info
incidentsreports.info
in.casesreported.cc
in.incidentreports.info
in.incidentsreports.info
gov.in.casesreported.cc
gov.in.incidentreports.info
gov.in.incidentsreports.info
nia.gov.in.casesreported.cc
nia.gov.in.incidentreports.info
nia.gov.in.incidentsreports.info

# Reference: https://x.com/ValidinLLC/status/1810980371850265046

danidns.com
deputation.info
hqrihq.cc
niapublication.cyou
niapublications.cyou
reportcases.info
reportsdetail.cyou
in.danidns.com
in.deputation.info
in.hqrihq.cc
in.niapublication.cyou
in.niapublications.cyou
in.reportcases.info
in.reportsdetail.cyou
gov.in.danidns.com
gov.in.deputation.info
gov.in.hqrihq.cc
gov.in.niapublication.cyou
gov.in.niapublications.cyou
gov.in.reportcases.info
gov.in.reportsdetail.cyou
nia.gov.in.danidns.com
nia.gov.in.deputation.info
nia.gov.in.hqrihq.cc
nia.gov.in.niapublication.cyou
nia.gov.in.niapublications.cyou
nia.gov.in.reportcases.info
nia.gov.in.reportsdetail.cyou
nia2.broadwayinfotech.net.au
nia4.broadwayinfotech.net.au

# Reference: https://x.com/Cyberteam008/status/1814126506899325309
# Reference: https://www.virustotal.com/gui/file/7ae13cf9080a0903670e6e6371d3625e3852b1a03bddebac68aa3b91a13ba0bf/detection

googleservices.live
/dakshf_upload.php

# Reference: https://x.com/PrakkiSathwik/status/1813934519231357159
# Reference: https://www.virustotal.com/gui/file/0993c7d97646641c7685000a045fbf04ac90568b3b785cdcb40522d5f9654a75/detection

66.154.103.133:11248
66.154.103.133:16896
66.154.103.133:18868
66.154.103.133:22245
66.154.103.133:26424
suwaq.duckdns.org

# Reference: https://x.com/NSFOCUS_Intl/status/1816009178298868140
# Reference: https://x.com/ValidinLLC/status/1816159394494660832
# Reference: https://www.virustotal.com/gui/ip-address/111.90.156.191/relations
# Reference: https://www.virustotal.com/gui/ip-address/179.43.170.230/relations
# Reference: https://www.virustotal.com/gui/ip-address/78.40.117.194/relations
# Reference: https://nsfocusglobal.com/transparenttribes-spear-phishing-targeting-indian-government-departments/

64.188.21.202:18828
64.188.21.202:22821
64.188.21.202:28120
confidentialreports.info
meacases.report
in.confidentialreports.info
in.meacases.report
gov.in.confidentialreports.info
gov.in.meacases.report
mea.gov.in.confidentialreports.info
mea.gov.in.meacases.report

# Reference: https://www.virustotal.com/gui/ip-address/198.187.31.100/relations

onedrive-storage.in
in.onedrive-storage.in
gov.in.onedrive-storage.in
mea.gov.in.onedrive-storage.in

# Reference: https://x.com/PrakkiSathwik/status/1816500997457375424
# Reference: https://www.virustotal.com/gui/file/ac63594e5040fc6a001791ef4a67f0de4ff7a2991cb99095733ce7067abf6948/detection
# Reference: https://www.virustotal.com/gui/file/69424ccb2129cc51348f4fe5e39b746c68190773ea4bb55e812808a1d0de65e9/detection
# Reference: https://www.virustotal.com/gui/file/5bfb024d5323b715db6c27ac59b768ed7df94d4e07dbc5aec2770edfdcf4c8d8/detection

http://157.245.100.177
http://159.223.224.93
http://159.65.146.80
http://165.232.177.53

# Reference: https://www.seqrite.com/blog/umbrella-of-pakistani-threats-converging-tactics-of-cyber-operations-targeting-india/

http://149.28.95.195
campusportals.in

# Reference: https://x.com/ValidinLLC/status/1819072543850221625
# Reference: https://x.com/raghav127001/status/1835203246480408951
# Reference: https://app.validin.com/detail?type=ip&find=185.196.9.113#tab=resolutions

aboutcase.nl
army.aboutcase.nl
in.aboutcase.nl
in.army.aboutcase.nl
gov.in.aboutcase.nl
gov.in.army.aboutcase.nl
mod.gov.in.aboutcase.nl
mod.gov.in.army.aboutcase.nl

# Reference: https://x.com/ValidinLLC/status/1819074034526548244
# Reference: https://x.com/Cyberteam008/status/1819226280509747419
# Reference: https://www.virustotal.com/gui/ip-address/78.40.117.194/relations

armycases.report
updater-cloud.us
in.armycases.report
gov.in.armycases.report
mea.gov.in.armycases.report
mod.gov.in.armycases.report

# Reference: https://x.com/k3yp0d/status/1822511399337165225
# Reference: https://www.zscaler.com/blogs/security-research/apt-36-uses-new-ttps-and-new-tools-target-indian-governmental-organizations
# Reference: https://www.virustotal.com/gui/file/9393842b3738281fb1d200fdb1ac328157e7d70e571f94533c7e18a8f7234bce/detection

185.137.122.247:3389
get-kavach.in
getkavach.com
kavach-app.com
kavachdownload.in
kavachguide.com
kavachsupport.com
/C2L!Dem0&PeN/A@llPack3Ts/Cert.php

# Reference: https://x.com/TIntel2255/status/1822978019478454652
# Reference: https://x.com/Malwar3Ninja/status/1823043571383173444
# Reference: https://x.com/Malwar3Ninja/status/1823043724156559526

aboutcase.nl
admin-mcas-df.ms
crsorgi-goy.in
mcas-df.ms
orgi.live
in.aboutcase.nl
in.admin-mcas-df.ms
in.crsorgi-goy.in
in.mcas-df.ms
in.mcas.ms
in.orgi.live
gov.in.admin-mcas-df.ms
gov.in.admin-mcas.ms
gov.in.crsorgi-goy.in
gov.in.mcas-df.ms
gov.in.mcas.ms
gov.in.orgi.live
nic.in.aboutcase.nl
nic.in.admin-mcas-df.ms
nic.in.mcas-df.ms
nic.in.mcas.ms
amssdelhi.gov.in.admin-mcas-df.ms
amssdelhi.gov.in.admin-mcas.ms
amssdelhi.gov.in.mcas-df.ms
amssdelhi.gov.in.mcas.ms
crsorgi.gov.in.crsorgi-goy.in
crsorgi.gov.in.orgi.live
indiacode.nic.in.admin-mcas-df.ms
indiacode.nic.in.admin-mcas.ms
indiacode.nic.in.mcas-df.ms
indiacode.nic.in.mcas.ms
indianarmy.nic.in.aboutcase.nl
sebi.gov.in.admin-mcas-df.ms
sebi.gov.in.admin-mcas.ms
sebi.gov.in.mcas-df.ms
sebi.gov.in.mcas.ms

# Reference: https://x.com/Huntio/status/1823470041624666376

indiagstgov.org
services.indiagstgov.org

# Reference: https://x.com/Malwar3Ninja/status/1825115113361420548

ashifdigitalseva.xyz
birthdeath.in
counciling.com
gov-certificate.com
nbssedelhi.org
nimsme.org
verifycertificate.info
viewss.click

# Reference: https://x.com/k3yp0d/status/1825505181951316093
# Reference: https://www.virustotal.com/gui/file/de0edf22fbd5758ca9118e029802c09f8394abea3b58af4446611529b9bb2a9b/detection
# Reference: https://www.virustotal.com/gui/file/c12708e6829d7207b16a4fccf65ed05758c676cd70d3e9746c375f5d27bff501/detection

157.173.198.190:15124
swachbharat.xyz

# Reference: https://x.com/PrakkiSathwik/status/1826238464222011661
# Reference: https://www.virustotal.com/gui/file/18ade2d13833dc1054e0d16ad03f56bb2f67b3009f178a326d397ec42f4731bf/detection
# Reference: https://www.virustotal.com/gui/file/2019fec607e8955b79d194e1c6408e5c50269dac60b6f5864f36814774713361/detection
# Reference: https://www.virustotal.com/gui/file/5f607374431d77a7398927f45c5d1efc57513250622e23535dbc0a0a0584c3a1/detection

http://138.68.134.123
http://165.232.138.173
http://170.64.132.144
http://64.23.138.81

# Reference: https://x.com/Cyberteam008/status/1827913665539952755
# Reference: https://www.virustotal.com/gui/file/2e6bc46b4a5959dcba2791b68cdb70a938cf974a4153f2ec13390bc8c5761de2/detection
# Reference: https://www.virustotal.com/gui/file/7486ff26c68a4362572accab3308bc81cc45b121b31366173dbc71a4e7fc3af5/detection

154.216.18.90:67
154.216.18.90:909

# Reference: https://x.com/PrakkiSathwik/status/1831368562742882598
# Reference: https://www.virustotal.com/gui/file/7eb32944ecbcf386aeff5b9ac5276b4e8e7280346d9a14faae233a6d16eca852/detection
# Reference: https://www.virustotal.com/gui/file/48b8c5703ff73125cb373b9a05e959ea467038a1391f368a863b7734b92f44ae/detection

http://72.11.156.132
72.11.156.132:5863

# Reference: https://x.com/PrakkiSathwik/status/1833113297278644602
# Reference: https://www.virustotal.com/gui/file/3326ba81b48ab03f7f49d2da70d3bbe4ea0e163d33e7399d528152b7c3da9170/detection

http://143.198.64.151
http://157.245.139.146
http://159.89.165.86
http://206.189.134.185

# Reference: https://app.validin.com/detail?find=%2FC%3D--%2FST%3DSomeState%2FL%3DSomeCity%2FO%3DSomeOrganization%2FOU%3DSomeOrganizationalUnit%2FCN%3Dganditghal.com%2FemailAddress%3Droot%40ganditghal.com&type=raw&ref_id=b03d0e384b6#tab=host_pairs_v2

http://78.40.117.108
http://78.40.117.146
http://78.40.117.168
http://78.40.117.202
http://78.40.117.229
http://78.40.117.244
http://78.40.117.245
http://78.40.117.30
http://78.40.117.37
http://78.40.117.41
http://78.40.117.70
78.40.117.108:443
78.40.117.146:443
78.40.117.168:443
78.40.117.202:443
78.40.117.229:443
78.40.117.244:443
78.40.117.245:443
78.40.117.30:443
78.40.117.37:443
78.40.117.41:443
78.40.117.70:443

# Reference: https://x.com/Cyberteam008/status/1835514106641600734
# Reference: https://x.com/iam_rajhans/status/1835935106734694589
# Reference: https://en.fofa.info/result?qbase64=dGl0bGU9PSJTdXByZW1lIENvdXJ0IG9mIEluZGlhIHwgSW5kaWEi
# Reference: https://app.validin.com/detail?type=raw&find=Supreme+Court+of+India+%7C+India#tab=host_pairs_v2

http://103.231.254.55
http://129.227.206.99
http://198.252.103.101
http://207.148.99.243
http://43.228.125.28
http://45.115.39.3
http://45.115.39.69
http://47.246.50.178
http://47.76.72.16
http://65.2.164.102
http://79.133.176.214
103.231.254.55:443
129.227.206.99:443
198.252.103.101:443
207.148.99.243:443
43.228.125.28:443
45.115.39.3:443
45.115.39.69:443
47.246.50.178:443
47.76.72.16:443
79.133.176.214:443
incicourtgov.com
incourtsci.com
laoy-ajab.top
lx-yindu.top
mfpa.hk
phimp3.com
saxojp.com
sci-dailyorderssecurelogin.in 
scicourtgov.com
scicourtin.com
scidailyordercure-login.in
scigov.cc
scigov.cn
scigov.online
scigovin.com
scigovs.in
scingov.com
scingovin.com
scoi-qov.in
supreme-court-of-india.com
supremejudical.in
yindu4.top
sci.supremejudical.in
api.yindu4.top
test.yindu4.top
43-228-125-28.cprapid.com
mail.43-228-125-28.cprapid.com
mail.cocojojo-pet.com
webmail.cocojojo-pet.com

# Reference: https://x.com/Cyberteam008/status/1835875339425222966
# Reference: https://www.virustotal.com/gui/file/41accf41733ddcd65dc479a0c369f90894870ce10e4410ea2ffa7ce0f51672d9/detection
# Reference: https://www.virustotal.com/gui/file/4f946de9b5ebcc003274ad95125d80a805c5359643074fc6e756a08303d673e5/detection

http://139.59.34.138
http://165.232.180.251

# Reference: https://x.com/malwrhunterteam/status/1836835278348243086
# Reference: https://x.com/StrikeReadyLabs/status/1836841368875835575
# Reference: https://app.validin.com/detail?find=78.40.116.210&type=ip4&ref_id=422094cf4f4#tab=resolutions
# Reference: https://www.virustotal.com/gui/file/5a06b3dc09b3a2c309d0f20536e1a11f168ff76d96d15a3233ede322788ab280/detection

briefreport.nl
casereports.nl
publications.ltd
webiaf.link
in.briefreport.nl
in.casereports.nl
in.webiaf.link
in.publications.ltd
gov.in.briefreport.nl
gov.in.casereports.nl
gov.in.publications.ltd
gov.in.webiaf.link
email.gov.in.briefreport.nl
email.gov.in.publications.ltd
email.gov.in.webiaf.link
jkpolice.gov.in.casereports.nl

# Reference: https://x.com/Cyberteam008/status/1859873454805458996
# Reference: https://app.validin.com/detail?find=Email%20Web%20Client%20Sign%20In&type=raw&ref_id=fbd42482808#tab=host_pairs_v2

email-gov-in.a5e1.com
indiagov.pw
indiagov.ws
in.indiagov.pw
in.indiagov.ws
gov.in.indiagov.pw
gov.in.indiagov.ws
email.gov.in.indiagov.pw
email.gov.in.indiagov.ws

# Reference: https://x.com/Cyberteam008/status/1838407864961892569
# Reference: https://x.com/Aarn63373424/status/1838464659428655505
# Reference: https://www.zoomeye.hk/searchResult?q=%22%5Cx0c%5Cx00%5Cx00%5Cx00%5Cx00info%3Dcommand%22&page=2&pageSize=10

134.119.181.142:10443
161.97.119.238:7776
172.245.244.42:14443
198.23.213.44:7778
207.180.245.93:7788
64.188.25.143:8529
75.119.133.15:7788

# Referecne: https://x.com/PrakkiSathwik/status/1839967368493068733
# Reference: https://www.virustotal.com/gui/file/690cb1f68b15a54438509e1ec1ce57bd1c617ce6c429a62a694b85da9c09542c/detection

64.188.21.199:14257
64.188.21.199:16267
64.188.21.199:22682
64.188.21.199:26153
64.188.21.199:6257

# Reference: https://x.com/Malwar3Ninja/status/1845062755843440807

cscegov.org
crsorgigov.site
crsorgigoovi.live
auth.crsorgigoovi.live
crsorgi-gov-com.fastportal.cloud
crsorgi-gov.co
crsorgi-gvo.tech
crsorgi.g0v.site
crsorgi.gov.in.amvvd0kewrewreowkjk4elkwrmpwkkkyzz093d3d.live
crsorgi.gov.in.apib.ltd
crsorgi.gov.in.verificationbwf4vexrzc9gtnhbwkhtztnrdwhuzz09.com
crsorgi.gov.in.web.index.php.viewcerti.xyz
crsorgi.gov.orgi.indnd.xyz
crsorgi.gpov.in
crsorgi.gov.in.aut.printh.shop
crsorgi.gov.in.coorv.org
crsorgi.gov.in.crs.verifycertificate.inoex.in
crsorgi.gov.in.index-csc.shop
crsorgi.gov.in.indexin.me
crsorgi.gov.in.inoex.in.birthportal.life
crsorgi.gov.in.inoex.in.inoex.in
crsorgi.gov.in.print.shop
crsorgi.gov.in.servicecertificate.in.net
crsorgi.gov.in.web.printh.shop
crsorgi.gov.in.dashboardbirth.in.net
crsorgigoov.co.in
crsorgigoovi.live
crsorgidc.co.in
dc.crsorgi.gov.in.aut.printh.shop
dc.crsorgi.gov.in.coorv.org
dc.crsorgi.gov.in.crs.verifycertificate.inoex.in
dc.crsorgi.gov.in.index-csc.shop
dc.crsorgi.gov.in.indexin.me
dc.crsorgi.gov.in.inoex.in.birthportal.life
dc.crsorgi.gov.in.inoex.in.inoex.in
dc.crsorgi.gov.in.print.shop
dc.crsorgi.gov.in.servicecertificate.in.net
dc.crsorgi.gov.in.web.printh.shop
dc.crsorgi.gov.in.dashboardbirth.in.net
dkprintportal.xyz.crsorgidc.co.in

# Reference: https://x.com/suyog41/status/1849420956114022526
# Reference: https://x.com/PrakkiSathwik/status/1849423423052620023
# Reference: https://www.virustotal.com/gui/file/2cf03b9eb39a6a17f83dbbce249acd7a284dc53ab687f3bb6323ae57bce77bac/detection

http://178.128.246.38
http://178.128.89.173
/libyajl2
/libxfixes3

# Reference: https://x.com/malwrhunterteam/status/1850821170032984194
# Reference: https://www.virustotal.com/gui/file/0cd4dbd246ef2e1e157f899c52ebc409a157507722ada5222da53883b135e928/detection

indianarmy.pl
in.indianarmy.pl
gov.in.indianarmy.pl
email.gov.in.indianarmy.pl

# Reference: https://twitter.com/bofheaded/status/1577197626852003840
# Reference: https://www.virustotal.com/gui/ip-address/173.249.18.251/relations
# Reference: https://www.virustotal.com/gui/file/e5ca4a6c4d2dbd0343cf59d7eb7fb034f45b86c13c8d80b92f289b464828d3bf/detection
# Reference: https://www.virustotal.com/gui/file/7034fd95d764429b5b4b84fc7e63fa259879c10a7c0786fa47e86f911970614e/detection

http://173.249.18.251
drivebrox.xyz
vaultsecure.xyz

# Reference: https://x.com/Cyberteam008/status/1851127191578288218
# Reference: https://www.virustotal.com/gui/file/72987ad4dd79861c3edab1125342f41beefa7e796b50d125c21eac0dde729590/detection
# Reference: https://www.virustotal.com/gui/file/e1d01b57e90312803b2d707fcf7d2e4dac44ea562d9b6680347d816a3bfb8f6b/detection

173.249.18.251:3945

# Reference: https://x.com/Cyberteam008/status/1851127191578288218
# Reference: https://www.virustotal.com/gui/file/99ee9f703b9fbac1d1e980cd32ce37fc8e2d0068b301aff44c05bf02a65612b9/detection
# Reference: https://www.virustotal.com/gui/file/b74e17337ea9be338bbac6022eafc63a3ba3a961bf8a4d9848ee9b6c24beedf6/detection

173.249.18.251:6659

# Reference: https://x.com/Cyberteam008/status/1851127191578288218
# Reference: https://www.virustotal.com/gui/file/2383289c1f14cbc7de650f5f79c8b3ff7b737f93179dfb5cfd5c583ce9653f42/detection

173.249.18.251:9794

# Reference: https://research.checkpoint.com/2024/the-evolution-of-transparent-tribes-new-malware/

http://143.110.179.176
http://38.54.84.83
http://64.227.134.248
http://83.171.248.67
84.247.135.235:8080

# Reference: https://x.com/bofheaded/status/1855017264980148711
# Reference: https://app.validin.com/detail?find=Supreme%20Court%20of%20India%20%7C%20India&type=raw&ref_id=026d14c44ed#tab=host_pairs (# 2024-11-09)

indiajudicialinfo.com
indiajudiciallive.cc
indiajudiciallive.com
judicialsearchinia.com
sciinfo.cc
scindia.info
supremecourt.sc

# Reference: https://app.validin.com/detail?find=Email%20Web%20Client%20Sign%20In&type=raw#tab=host_pairs (# 2024-11-09)

indianarmy.ml
in.indianarmy.ml
gov.in.indianarmy.ml
email.gov.in.indianarmy.ml
putir.shop
mail.putir.shop
webmail.putir.shop

# Reference: https://x.com/raghav127001/status/1853625255484633381

courtfiles.net
hotel99world.com
india-sci.com
india-sci.in
india-sci.net
sci-gov-in.com
sci-gov-in.net
sci-gov.net
smlgovb-in.cc
vb-in.cfd
vb-in.top
vb-in.xyz
smlgo.vb-in.cfd
smlgo.vb-in.top
smlgo.vb-in.xyz
smlgovb-in.com

# Reference: https://x.com/PrakkiSathwik/status/1855224137871978808

158.220.94.60:9813
pmshriggssssiwan.in
vmi1529454.contaboserver.net
vmi1877385.contaboserver.net

# Reference: https://x.com/bofheaded/status/1858780617493934279

scigove.com

# Reference: https://x.com/Cyberteam008/status/1859067522043322663

kavachapp.io

# Reference: https://x.com/Cyberteam008/status/1860987009910853898
# Reference: https://www.virustotal.com/gui/file/8941dead07922712a56bc8a891714657726cc8b63d2cf27f59d337672c3669ab/detection
# Reference: https://www.virustotal.com/gui/file/58a7bb1c4534b2ab9d967c4fd05a0b48797665bca3e874d32b18213a0414bbff/detection
# Reference: https://www.virustotal.com/gui/file/3e8c155ff5bfedceb60892f30e819ead65ca276b4553cd43bed47ad71c5d6cbf/detection

167.160.167.18:12165
167.160.167.18:14268
167.160.167.18:16265
167.160.167.18:18626
167.160.167.18:32123
qhev18.duckdns.org

# Reference: https://twitter.com/Antelox/status/768023996923277312

193.164.131.58:10000

# Reference: https://twitter.com/James_inthe_box/status/1080521422823337984

193.42.107.7:3687

# Reference: https://twitter.com/ostinjohn/status/994560995615039488
# Reference: https://www.hybrid-analysis.com/sample/3aca697f1ac623ac970764dd1b248339d03f18acd5ba1b4a443ff9d5016f8e4e/5af3d6237ca3e179812bdfc5

178.238.230.52:3828
178.238.230.52:6828
178.238.230.52:11226 

# Reference: https://twitter.com/Antelox/status/810488762140684288
# Reference: https://www.virustotal.com/gui/file/f0b27a8c47f6d9f82489e0e5fba75f70fab8acdbb63b05c93cb3cceec90295ae/community

37.48.84.229:9901

# Reference: https://twitter.com/Antelox/status/770613975662796803
# Reference: https://www.virustotal.com/gui/file/c88095a28fea80409da7b2fc601b4c68828f0d31b7faebe4453217887f9e3241/community

5.189.161.200:7865

# Reference: https://www.proofpoint.com/sites/default/files/proofpoint-operation-transparent-tribe-threat-insight-en.pdf (# Crimson C&C)

bhai123.no-ip.biz
bhai1.ddns.net
sudhir71nda.no-ip.org
178.238.228.113:7861
193.37.152.28:9990
213.136.87.122:10001
5.189.143.225:11114

# Reference: https://twitter.com/killamjr/status/1190456533588598784

139.28.36.82:53631

# Reference: https://twitter.com/DynamicAnalysis/status/1197938882026901504

5.196.210.44:33401

# Reference: https://twitter.com/DeadlyLynn/status/1213338265308155904
# Reference: https://www.virustotal.com/gui/file/6078b55381e39779f915032533a93d725bab98982b303998fa8ba2ecfc675737/detection
# Reference: https://www.virustotal.com/gui/file/ecd7d7a27a2a043919a233bb91e3b009c05b7c81ff132a7c29228e1c45d2b6a6/detection

167.114.138.12:6828

# Reference: https://twitter.com/DynamicAnalysis/status/1220432888019214337
# Reference: https://medium.com/@dinu135dk/revive-of-crimson-rat-6b8838920c02

160.20.147.59:2987
bjorn111.duckdns.org
newsupdates.myftp.org

# Reference: https://www.virustotal.com/gui/file/d27474625cdc0c3456918edfa58bfaf910c8b98c6168a506ac14afc1a41fb58f/detection

192.169.69.25:2987

# Reference: https://app.any.run/tasks/9ca972d6-3574-4d85-bd68-a9cd26c203ee/

185.140.53.91:6711

# Reference: https://twitter.com/malwrhunterteam/status/1229780080517357568

64.188.25.232:3263

# Reference: https://twitter.com/w3ndige/status/1235184651699998721
# Reference: https://www.virustotal.com/gui/file/370a108b98b8652aacd4acec5d140cab685291ad77e2a4a0821734aad614eb6a/detection

185.174.100.63:34891
185.174.100.63:3920
transfer-shopping-malls.webredirect.org

# Reference: https://app.any.run/tasks/8527edcf-6459-48f6-aee2-85eaf817571c/

198.46.177.73:6421

# Reference: https://twitter.com/killamjr/status/1232071072096239617
# Reference: https://app.any.run/tasks/2eeeb372-d6ba-4f9f-add7-8b1532f938ec/

alrazi-pharrna.com

# Reference: https://twitter.com/_re_fox/status/1236483115037704192

198.46.168.28:2581

# Reference: https://twitter.com/_re_fox/status/1235941826634354688
# Reference: https://app.any.run/tasks/d8b93681-2730-4d03-b796-c52562260328/

181.215.47.169:3368

# Reference: https://twitter.com/_re_fox/status/1232493185475104771

107.175.64.209:6728

# Reference: https://twitter.com/_re_fox/status/1232402275181703169

185.136.163.197:4442

# Reference: https://twitter.com/srcr/status/1232288977790668801

185.244.30.102:4590

# Reference: https://twitter.com/killamjr/status/1232071072096239617

185.244.30.102:4950

# Reference: https://twitter.com/_re_fox/status/1237740569293701120

64.188.25.205:3692

# Reference: https://blog.malwarebytes.com/threat-analysis/2020/03/apt36-jumps-on-the-coronavirus-bandwagon-delivers-crimson-rat/
# Reference: https://otx.alienvault.com/pulse/5e6fa2a12088756147d24648

email.gov.in.maildrive.email

# Reference: https://app.any.run/tasks/7fe802ae-9d74-4e40-91e3-bb65cd06a458/

107.175.95.107:6790
westvalleyhospicecare.theworkpc.com

# Reference: https://www.virustotal.com/gui/file/9f7bc1ac97d28d614f9b1965709a284511b9b13f3bd9685707f8f377b949efe5/detection

78.159.131.80:10001
superingtest.zapto.org

# Reference: https://app.any.run/tasks/250c2c2d-fdfb-4f46-8565-a9b2538c1ace/

107.175.64.251:6286

# Reference: https://twitter.com/_re_fox/status/1280221170307137538
# Reference: https://app.any.run/tasks/3b6fa50a-2496-400e-b7cf-fd2d4d48f405/

173.212.226.184:3169

# Reference: https://app.any.run/tasks/26933c3a-127f-4b12-8396-8684d7bdec44/

185.136.161.124:8761

# Reference: https://twitter.com/JAMESWT_MHT/status/1290952335192195072
# Reference: https://www.virustotal.com/gui/file/f2e2cb71a06ac2a95a02168fc3d91f160e6e07ca19c5e6d3d708a9a486dd3f92/detection

193.142.59.56:1131
lawdvmercy.site

# Reference: https://www.virustotal.com/gui/file/6d3982d6c6ca753d6d1daa71d88678c07718dd1919a874959a0c7975619c37fc/detection

151.106.56.32:3561

# Reference: https://www.virustotal.com/gui/file/db37f6755e954367a3365c3264e3916e5fd00c4c3e4c609515fa8599d36ca681/detection

64.188.26.219:4820

# Reference: https://securelist.com/transparent-tribe-part-1/98127/
# Reference: https://www.virustotal.com/gui/file/a860ba3861df2ae0add2b695071c04468f83c0973525519d62679dd4cd4d0026/detection
# Reference: https://www.virustotal.com/gui/file/59c6721a5ec5f97ef9b35e17057a5edb4f0075d1430c0cbd3eecfd44ccfe272c/detection
# Reference: https://www.virustotal.com/gui/file/e4d1f8ff1282ac60adc0134aec2420aa652250ac8ddafe866e56d2fab165a132/detection
# Reference: https://www.virustotal.com/gui/file/d2cc95b72c3e72b3888e9fa35f6fe0563f9dbbd08b76d0c3546065ceca3c5961/detection

173.212.192.229:3364
173.212.192.229:8264
173.249.14.119:6865
newsbizupdates.net
uronlinestores.net

# Reference: https://twitter.com/ShadowChasing1/status/1298268550340067329
# Reference: https://twitter.com/CyS_Centrum/status/1298565025985069057

209.127.16.126:4768
209.127.16.126:6758
209.127.16.126:11066
209.127.16.126:14824
209.127.16.126:18614

# Reference: https://twitter.com/ShadowChasing1/status/1304347789917212672
# Reference: https://www.virustotal.com/gui/file/9e305566f7d342adc8eaf30471aa3eb95c049acffc742ae23a5830a44f96e51d/detection

185.174.102.105:2991
tasnimnewstehran.club

# Reference: https://www.virustotal.com/gui/file/a5f02bb70acdf335bed9c0fc8439ab3a220027a28c7eb44f459afda0ec7b62eb/detection

151.106.14.125:6818

# Reference: https://www.virustotal.com/gui/file/137c059adda4df22eb29785fada54ebc00a22d150bfdc423f87ff1f6093bd827/detection

185.136.161.124:11614

# Reference: https://www.virustotal.com/gui/file/87f51b4632c5fbc351a59a234dfefef506d807f2c173aac23162b85d0d73c2ad/detection

185.136.161.124:6128

# Reference: https://www.virustotal.com/gui/file/60d46513d3473c2cb4fdfcf64229f4e99d1e202a2f840503d77fa07978dcb025/detection

104.227.97.53:2548

# Reference: https://twitter.com/mg2_tracy1/status/1314754343124365312
# Reference: https://www.virustotal.com/gui/file/dba5d00a87ad96b74d234d1415ca5172285cd7d781556d45b6609fd738bfc747/detection

172.245.247.112:3878
172.245.247.112:5648

# Reference: https://www.virustotal.com/gui/file/e3fe87254b405fa132a52daf1651d2ff11296691131956bf3f0059031135dcdd/detection

45.147.231.191:3626

# Reference: https://twitter.com/_re_fox/status/1317499039932362753
# Reference: https://app.any.run/tasks/355396a2-6711-4750-98ec-e492625d4d54/

45.147.231.191:8226

# Reference: https://twitter.com/c3rb3ru5d3d53c/status/1338192738135789570
# Reference: https://www.virustotal.com/gui/file/47b99e50430e9abad7326d1837ecdda5f995112b0b12406d23df5ef603d52a4e/detection
# Reference: https://www.virustotal.com/gui/file/b9446d663f2aef34efdb579ae02e62923b5c3bc02b9d0fe537f5974ae439a422/detection
# Reference: https://www.virustotal.com/gui/file/5a449782c6d286a5af7fd5cbab5d5d46dd4dd153cbc46e4aeae0ea54f2785980/detection

64.188.12.126:6658

# Reference: https://app.any.run/tasks/b129aead-e7cb-4ba7-ba72-842644cf7c97/

173.212.246.247:4368

# Reference: https://twitter.com/_re_fox/status/1337411756818395136
# Reference: https://www.virustotal.com/gui/file/5920a3300107b7b1cf8c230a071a0e5f2f5ff5941a5c450ef911582a7ce08346/detection

45.32.151.155:6126

# Reference: https://twitter.com/ShadowChasing1/status/1369196724544106504
# Reference: https://www.virustotal.com/gui/file/4c8e0459524380a9f00ffc58913f461c3e1d8737dd18252881f09e2d416e4f73/detection

172.245.87.12:6276

# Reference: https://twitter.com/ShadowChasing1/status/1397419326160793600
# Reference: https://www.virustotal.com/gui/file/eb7c34343944a6ae52b052bb263d29e2c627368aeee2080da0481f33a72f2085/detection

142.105.157.110:8181

# Reference: https://twitter.com/teamcymru_S2/status/1402607930046832645

185.136.169.139:14565
185.136.169.139:20555
185.136.169.139:28443
185.136.169.139:4561

# Reference: https://www.virustotal.com/gui/file/5f736d23d5d7f7382afb78acdc3b125ec101c0629327fb9a7fc5545b32ec0c38/detection

167.160.166.80:12214
167.160.166.80:16441
167.160.166.80:18822
167.160.166.80:6288
167.160.166.80:8868

# Reference: https://www.virustotal.com/gui/file/e052a90bdb716da64928b1286d86b3670efe5192115175ba25bf0c191398323d/detection

104.144.198.105:12816
104.144.198.105:14572
104.144.198.105:16286
104.144.198.105:4289
104.144.198.105:6722

# Reference: https://www.virustotal.com/gui/file/899a755ff675dbbf66d8bbcf6300bca7aa0c13d794430a1173f6fdc5cb87bd66/detection

178.238.239.176:7624

# Reference: https://www.virustotal.com/gui/file/0335de8eadbbd5dc7cbe92ef869bcea6f6596ac39a38680142c982ec6e97ecde/detection

185.136.161.124:15822
185.136.161.124:17443

# Reference: https://twitter.com/RedDrip7/status/1486997244310351873
# Reference: https://www.virustotal.com/gui/file/cffb0b0695abe36c0d23894650214f9329c530703f52cf44bc8853ca79a107cf/detection

96.47.234.102:12961
96.47.234.102:20886
96.47.234.102:22668
96.47.234.102:5898
96.47.234.102:8796

# Reference: https://twitter.com/James_inthe_box/status/1488987814066753538
# Reference: https://app.any.run/tasks/c1ccd827-a257-4598-aa9b-5872cdc44a40/

92.12.144.246:5321

# Reference: https://twitter.com/0xrb/status/1491665998382247938
# Reference: https://www.virustotal.com/gui/file/d5484ddde1ea4aefcbf40f9845f911b059818ec0bb57d0d48922ed25d161e0ea/detection

78.138.107.166:16864

# Reference: https://twitter.com/0xrb/status/1492030514035060741

161.97.164.144:9168
164.68.108.169:16292
164.68.108.169:16484
164.68.108.169:6681
164.68.112.101:20864
164.68.96.32:8543
168.119.98.243:12184
173.249.14.119:12865
173.249.19.32:8866
173.249.50.243:22464
173.249.50.243:9248
185.136.161.169:18556
185.136.161.169:28443
185.136.169.214:11262
185.136.169.214:3561
185.136.169.214:8164
185.197.249.247:8543
207.180.227.55:10666
5.189.170.4:4268
5.189.170.4:8843
5.189.176.185:12262
75.119.133.15:10101
75.119.133.15:4401
75.119.133.15:8832
79.143.177.122:10468
79.143.177.122:14486
95.111.230.252:1051

# Reference: https://twitter.com/0xrb/status/1493467587619221507

139.28.36.77:2012

# Reference: https://twitter.com/PrakkiSathwik/status/1733923613437460525
# Reference: https://www.virustotal.com/gui/file/da298e4d09a9e151c6bf60e8ebfdd8fc2e633d078c705db768e3284acdad0678/detection

204.44.124.81:19182
204.44.124.81:20917
204.44.124.81:28791
204.44.124.81:26376
204.44.124.81:9159
adiptv.duckdns.org

# Reference: https://www.virustotal.com/gui/file/8ff61163c7b74653da80dd1990123dd1977a5ec4e774f0c2f47d37f1360a6a9d/detection

95.119.198.38:3898
r6xyvcqm04wp1i4p.myfritz.net

# Reference: https://www.virustotal.com/gui/file/ffa0b1fcdf51cc0851a0b878df16577ea180a9d245e31166d81670372bc8b338/detection
# Reference: https://www.virustotal.com/gui/file/feda78f1dff8bd9d850a154a627bcfb4041dc36c325be0db436ca85fe565f767/detection
# Reference: https://www.virustotal.com/gui/file/b922698e7884f524cee2dd334f611b0cac193568c9de9f8073ef9c637f5833f0/detection
# Reference: https://www.virustotal.com/gui/file/b5db0dd322656c19a05bc78f3ce1d8bed30e72fb8c1ac5071fce4afa720f2696/detection
# Reference: https://www.virustotal.com/gui/file/7a07fbc4903e443f237fc7c99976a8cdb751a983860ea17b891a8c617a820ad0/detection
# Reference: https://www.virustotal.com/gui/file/2ab7a3c53e31187bab9675b184bf1e891bd76ceb2967b609a6aa66c4e7626419/detection

173.212.228.121:12460
173.212.228.121:16484
173.212.228.121:2836
173.212.228.121:5638
173.212.228.121:8626

# Reference: https://threatfox.abuse.ch/browse/malware/win.crimson/ (# 2024-01-01)

107.172.76.170:11408
119.157.27.213:16780
144.91.125.70:8489
144.91.72.22:8484
154.127.54.168:10019
160.20.147.56:6582
161.97.139.248:12262
161.97.139.248:8143
161.97.176.42:12184
161.97.176.52:12468
161.97.176.52:18584
164.68.112.101:14684
164.68.96.32:12861
167.86.71.146:3482
168.119.111.43:12184
173.249.0.199:12168
173.249.14.119:3285
173.249.50.57:2642
178.238.235.88:12536
185.137.122.104:8484
185.161.208.57:1912
194.163.139.252:4698
194.61.120.134:999
194.9.178.85:9109
198.23.144.126:10480
198.23.145.12:10480
198.23.210.211:4898
198.23.213.44:7776
23.226.132.105:6959
38.242.211.87:8143
45.14.194.253:10243
5.189.183.63:16568
62.171.130.47:2201
62.171.135.174:8589
66.154.103.101:9108
66.235.175.91:1051
66.235.175.91:23001
79.143.177.122:8682
79.143.181.178:8861
84.46.251.145:1717
84.46.251.145:901
91.229.77.1:999

# Reference: https://www.virustotal.com/gui/file/3cd76330e2cbcf7c37d6fc9d21779c60fd3552ba5d777a32ba49ca949379019f/detection

185.161.208.46:909
indiamails.info

# Reference: https://x.com/Cyberteam008/status/1867403358086013034
# Reference: https://www.virustotal.com/gui/file/5c0b5c2805dc1c22b86c6289f57207a34c4b345324d7459c1534549531634ef7/detection

mailindia.one
in.mailindia.one
gov.in.mailindia.one
email.gov.in.mailindia.one

# Reference: https://x.com/TIntel2255/status/1872524302157070579

kavach-nic.in

# Reference: https://x.com/Cyberteam008/status/1872467826881232901
# Reference: https://www.virustotal.com/gui/file/22b043bbf8fd39dc3433b1b54b8a78b70f44000e97711244f6f915b418cb56a3/detection

indiandefence.link
in.indiandefence.link
gov.in.indiandefence.link
email.gov.in.indiandefence.link

# Reference: https://x.com/PrakkiSathwik/status/1872727076954075316
# Reference: https://www.virustotal.com/gui/ip-address/157.20.51.28/relations
# Reference: https://www.virustotal.com/gui/file/7fb2ab732966e984b009880d116c16c08a57c10ad2400f619076e38444b7397c/detection
# Reference: https://www.virustotal.com/gui/file/a0dcf5d5c1bac633d44c99d43f3032ad5d9ae48814fc5a43e8edc2123da91742/detection

dssworld.in
egovservice.in
npvadgaon.in
rtsnmmconline.in
forest.dssworld.in
gadchiroli.egovservice.in
mail.egovservice.in
pakora.egovservice.in
pen.egovservice.in
trade.npvadgaon.in

# Generic

/h_ttp
/h_tt_p
/htt_p
/h_t_t_p
/h-xmlhttp/
/streamcmd?AV=
/classics/abnormal.php
/classifieds/classifieds.php
/classification/updatecs.php
/Armed-Forces-Spl-Allowance-Order/
/Defence-Production-Policy-2020/
/IMPL_OF_SPL_ALLCE_ORDER/
/ParaMil-Forces-Spl-Allowance-Order/
/mod.gov.in_dod_sites_default_files_Revisedrates/
