# Copyright (c) 2014-2023 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.malware-traffic-analysis.net/2018/07/05/index.html

desjardinscourriel818654.pw

# Reference: https://app.any.run/tasks/9de1c3d6-745d-4b89-b653-f8f4414a40f1

desjardinsmail6as6545g.pw

# Reference: https://twitter.com/James_inthe_box/status/1099365566928760834
# Reference: https://pastebin.com/C5XYY221
# Reference: https://www.virustotal.com/gui/ip-address/77.83.174.70/relations

http://77.83.174.70
77.83.174.70:2077
thedokatrade.com
highnoon2.com
copylanco.com
glekrg.com

# Reference: https://twitter.com/James_inthe_box/status/1079757827030142976
# Reference: https://www.virustotal.com/gui/ip-address/5.45.73.63/relations

http://5.45.73.63
5.45.73.63:2131
donbwh.com

# Reference: https://twitter.com/BroadAnalysis/status/967357851520897024

http://94.242.198.167
ebalodauna1488.com
printscreens.info

# Reference: https://twitter.com/JAMESWT_MHT/status/927523630778650627

bmwfastcar1337.com

# Reference: https://twitter.com/anyrun_app/status/912276794648272897
# Reference: https://app.any.run/tasks/f1a72d72-2e96-4d8b-9ad7-1f74e162d585

overwbuff.com
http://195.123.211.9
195.123.211.9:13378

# Reference: https://twitter.com/JAMESWT_MHT/status/906086386377379845

pudgenormpers.com

# Reference: https://twitter.com/VK_Intel/status/1135507293573931008
# Reference: https://www.virustotal.com/gui/file/11918aadc1e4942a1e458afab5c10971fb87d84b693b2c31f5497aa289fa20da/detection

176.119.30.142:8765

# Reference: https://twitter.com/VK_Intel/status/1143606935373172736

31.7.62.214:443

# Reference: https://twitter.com/JAMESWT_MHT/status/1166106371403763714

179.43.146.90:443

# Reference: https://twitter.com/James_inthe_box/status/1178692652700590085

http://179.43.159.246

# Reference: https://www.fireeye.com/blog/threat-research/2019/10/head-fake-tackling-disruptive-ransomware-attacks.html
# Reference: https://otx.alienvault.com/pulse/5d9378b8f36a91c436c5f93c

track.amishbrand.com
gnf6.ruscacademy.in
backup.awarfaregaming.com
link.easycounter210.com

# Reference: https://habr.com/ru/company/pt/blog/471960/ (Russian)

185.225.17.66:443

# Reference: https://twitter.com/P3pperP0tts/status/1188946654768091136

http://179.43.146.90

# Reference: https://pastebin.com/iqcg0Ys7

http://185.225.19.35

# Reference: http://broadanalysis4.rssing.com/chan-65366183/latest.php

http://91.243.80.120
http://94.242.198.167
179.43.191.122:2259
31.31.196.204:1488
94.242.198.167:1488
ebalodauna1488.com
printscreens.info

# Reference: https://twitter.com/tkanalyst/status/1196033182694379527

http://103.16.228.173

# Reference: https://twitter.com/VK_Intel/status/1196136022658207750
# Reference: https://www.virustotal.com/gui/ip-address/94.158.245.91/relations

94.158.245.91:1488
ololoev.duckdns.org

# Reference: https://twitter.com/James_inthe_box/status/1199078758298206208

5.181.156.36:1321

# Reference: https://twitter.com/VK_Intel/status/1224647173872193538

gjuauyfhjha.cn
sasggegzui.cn

# Reference: https://twitter.com/JAMESWT_MHT/status/1222152295724593152

103.16.228.173:1488

# Reference: https://app.any.run/tasks/32eeb667-b66b-4dea-b343-ae43941f7b20/

micrdata.com
safuuf7774.pw
wobada.com

# Reference: https://unit42.paloaltonetworks.com/cortex-xdr-detects-netsupport-manager-rat-campaign/
# Reference: https://github.com/pan-unit42/iocs/blob/master/NetSupportManager

http://185.163.45.88
http://94.158.245.182
94.158.245.182:443
unclebillswv.com/verisign.php
firstteamcareer.com/user.php
busyserviceinc.com/webdoc.php
edisonlee.net/maildir.phpq
newtontool.ca/wp-contents.php
brotherselectricco.com/host.php
innovativemasonry.net/hostgator-welcome.php
greenheartmed.org/captcha.php
ultraeventgroup.com/wp-element.php
jnachb.com/wp-comment.php
adroitpmps.com/wp-list.php
ledampenergy.net/wp-comment.php
hostfleek.com/backup.msi
alpinehandlingsystems.com/backup.msi
jintsung.cn
4ourkidsky.com

# Reference: https://twitter.com/killamjr/status/1234547286807584773

http://185.163.45.118

# Reference: https://twitter.com/malwrhunterteam/status/1236215722885464064
# Reference: https://www.virustotal.com/gui/file/870972fabfb6c59f1c3959cea9201d3c4d48756585970de869d063ec69983ab8/detection

http://23.227.207.138
23.227.207.138:12233
browserinstallup.com

# Reference: https://twitter.com/jcarndt/status/1241090163008307206
# Reference: https://app.any.run/tasks/b46069d5-ec22-481e-af2b-c14474978f79/

tardigradeventures.com

# Reference: https://www.virustotal.com/gui/file/1a08a65d4199f08d60644f2aee1182d87f29b36d38257239e5c80965ed65e0d1/detection
# Reference: https://twitter.com/olihough86/status/1243561290439839745
# Reference: https://app.any.run/tasks/aa3e41ee-b1c0-4333-939e-e4199c1daa56/

http://5.181.156.14
5.181.156.14:443
covidpreventandcure.com
komnop.com

# Reference: https://unit42.paloaltonetworks.com/how-cybercriminals-prey-on-the-covid-19-pandemic/ (# NetSupportManagerRAT)

covidpreventandcure.com
covidwhereandhow.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1255849588788953088

62.173.145.56:2721
avheaven.icu
bssupport.duckdns.org

# Reference: https://twitter.com/JAMESWT_MHT/status/1260492238758588419
# Reference: https://app.any.run/tasks/0b4ce298-496a-4b15-9e94-0fbbb616422e/

62.173.154.94:2145
avheaven.space
brassaffid.com

# Reference: https://twitter.com/jcarndt/status/1275108512046211074
# Reference: https://app.any.run/tasks/c9e195d3-227c-480a-8515-1cdadcf29485/

membersonlytraining.com

# Reference: https://app.any.run/tasks/cc3ac8a1-394f-4488-89e1-6107017b2360/

http://45.133.245.57

# Reference: https://twitter.com/JAMESWT_MHT/status/1285170628656615424
# Reference: https://bazaar.abuse.ch/sample/8ab3b9367304dccac78095808260417a46c0f37720051592b9a32ba3b030743d
# Reference: https://www.virustotal.com/gui/file/68313d4b45cc908f541dd581d7b9d1e8ccadcbf205714c12c36b58083ada7345/detection

http://62.173.138.41
62.173.138.41:2071
numienimfe2.com
ysanhumeg1.com

# Reference: https://www.virustotal.com/gui/file/72a908033a308ec5da4e384c2c6efb33405afc50688033849783267e6fb1bddc/detection

http://5.45.74.219

# Reference: https://www.virustotal.com/gui/file/86fc3e58537ac903356866de03df56baaba69b2641f90da283560a08fc60786b/detection

http://45.133.245.192

# Reference: https://twitter.com/malware_traffic/status/1321482374044069888

http://46.17.106.230
46.17.106.230:3543

# Reference: https://www.virustotal.com/gui/file/8781b76845a95237e38d007e1ce0c5743e3eb95717e13b85a6b2a963cf4c0d2d/detection
# Reference: https://www.virustotal.com/gui/file/5f7f2f6e7ed3cc8243fad060f0b64267ceb629456eab62215847419eb7f4494e/detection

192.169.6.95:3294
http://192.169.6.95
http://45.138.172.158

# Reference: https://twitter.com/cyb3rops/status/1372941834104807426
# Reference: https://github.com/blackorbird/APT_REPORT/blob/master/SunBurst/SilverFish_Solarwinds.pdf

mgdsoufjgh4hgba.xyz
nefvnvudygct4.xyz
huntaget.cn
moreeu.cn
moreofit.cn
torpoa.cn

# Reference: https://www.virustotal.com/gui/file/2add4e3f9acd88b53c97989b309bccdf35456c444d7b4436bd0b9b04f1d16cf4/detection

http://88.119.171.110
88.119.171.110:443

# Reference: https://www.virustotal.com/gui/file/672eebccfb00a9a4cc11fec4232eff3c87f7870d1cef4c647d364801cab814ca/detection

http://37.61.213.242
37.61.213.242:2549

# Reference: https://www.virustotal.com/gui/file/45ff625f17a1e9ad65dd94c376034148d6d8eee8a41b1209f566a907f5d6d6c7/detection

http://46.161.40.59
46.161.40.59:3085

# Reference: https://www.virustotal.com/gui/file/c8425cf994f02784d3f8eeb570b6ac1edc5876908b64b40b532e2534a84a19ad/detection

http://62.173.140.217
62.173.140.217:1337
coinduck.duckdns.org

# Reference: https://www.virustotal.com/gui/file/c5962e29f3f752f3fe8ae5cef5022fb819eb8dfad91ba81c9e1ccd44ac8d5fd5/detection

185.156.172.130:2549
fiseddaniret1.com
fiseddaniret2.com

# Reference: https://www.virustotal.com/gui/file/131586137654c8774dc2ba571834e7d20881c53e2e91421fe832159004954ab8/detection

http://1.254.1.1
http://192.64.119.126
visualmultiplicationsinc.club
worktwork3.xyz

# Reference: https://www.virustotal.com/gui/file/013928987cd0092ef2f5de55f2ae076ff67297ccd75bc6a2959eff4301591ddf/detection

findmemolite.com
dvqyswmvahrqd.cloudfront.net

# Reference: https://github.com/pr0xylife/NetSupportRAT/commit/8ce0fa44a9a9c899031dc3340f23aa601e3ffeaa

http://5.252.178.213
contentcdns.net

# Reference: https://medium.com/walmartglobaltech/socgholish-campaigns-and-initial-access-kit-4c4283fea8ee
# Reference: https://www.virustotal.com/gui/file/552f65f0ae7b001df20dc2875b136f55669daa09ba02d10d9b688a3511cbb4ca/detection
# Reference: https://www.virustotal.com/gui/file/ccc0204486cbf8b6db43711ddf8d847cfc15d5f713c60b53c461c4e4eeeb1a4f/detection
# Reference: https://www.virustotal.com/gui/file/617c331b65e0d26e1e64a04f06555891e719b578fd2bdc41065458176821f0c1/detection

http://149.28.68.114
http://194.180.158.173
http://45.76.172.113
http://45.77.87.77
http://5.252.178.213
http://87.120.8.141
aasdig8g7b448ugudf.cn
asaasdivu73774vbaa33.cn
businessaudit.tax
hlmequipment.com
mixerspring.cn
nsncasicuasyca831cs3vvz.cn
sjvuvja.com

# Reference: https://twitter.com/idclickthat/status/1550876054440509445
# Reference: https://www.virustotal.com/gui/file/4a6e542f77e622f7084e5b5bddab43ae4e80a07ade56e3063e3959fd03040dd0/detection

http://95.217.35.62
95.217.35.62:1337
pokemongo-nft.io

# Reference: https://github.com/0xToxin/Malware-IOCs/blob/main/Riskware/Riskware%20-%2008082022
# Reference: https://www.virustotal.com/gui/file/080fa496d57ca79f09b2717b384a3a34080bbfcef8a1198bbea1901e4b571991/detection

http://108.61.207.16
108.61.207.16:49760
telemetry-cdn-ny.com

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-08-16%20NetSupport%20RAT%20IOCs

http://23.88.96.2
asdbgbwi8ww.icu

# Reference: https://twitter.com/pollo290987/status/1561042448683618304

http://151.236.14.69
7nt.at

# Reference: https://twitter.com/0xToxin/status/1558007700180582400

duvje6egvuas.com
sdhbuh474jhguakfi3jgh3.cn

# Reference: https://github.com/executemalware/Malware-IOCs/commit/5db274edcb157e7d003c1201211674b6bc140fc2

http://78.47.32.144
asdjdoo3vsd.icu

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-08-22%20NetSupport%20RAT%20IOCs

http://167.235.67.199
ghev.top
tojh5roh4.top

# Reference: https://twitter.com/mojoesec/status/1561805273651617793

52226asdiobioboioie.com
jjdfu.fun

# Reference: https://twitter.com/phage_nz/status/1562229369669828608

aisdyhvuekmfa33.cn
dfuy.fun
iurb.top
sdfijiusgydygbugjsadifr.com

# Reference: https://twitter.com/pollo290987/status/1562535463251898369

asdbjhsdf63.cn
rijd.fun
sadvi8ejvas.icu
sdsdfnjdsfhis6g4fr.com

# Reference: https://tria.ge/220829-t7q4vacahl/behavioral2

adhkjdlkasd.icu
riut.top

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-09-08%20NetSupport%20RAT%20IOCs

ghvab.xyz

# Reference: https://twitter.com/pollo290987/status/1568312124799176704

http://103.153.183.74

# Reference: https://twitter.com/pollo290987/status/1570114932041043972

http://94.130.179.90
fbueg.top

# Reference: https://twitter.com/pollo290987/status/1572284261721591808

http://78.47.255.163
eruge.xyz

# Reference: https://twitter.com/pollo290987/status/1573375977178234881

http://88.198.178.95
fygba.fun

# Reference: https://twitter.com/pollo290987/status/1574770057460211712

http://78.47.81.171
gunbj.top

# Reference: https://twitter.com/nosecurething/status/1574939506566135809

fhb7dhb8z84ehg.xyz
rgkiboinas.men
sdgjoujhbsiuhdisd.com

# Reference: https://twitter.com/pollo290987/status/1576941098483998722

http://75.102.34.39

# Reference: https://twitter.com/pollo290987/status/1578047035793711110

http://23.88.52.251
db8ew.top

# Reference: https://twitter.com/pollo290987/status/1580579019543568385
# Reference: https://twitter.com/phage_nz/status/1592273345185468416
# Reference: https://tria.ge/221114-1cg11sab4z/behavioral1
# Reference: https://www.virustotal.com/gui/file/2a968ae38c10430c37a108f6919d0d5eb4e8e10415f927437a051e1fbd3ae7d4/detection
# Reference: https://www.virustotal.com/gui/file/157b4754d3cc372bb4b236c37036eb0729cff6bba01220f3d0cc1c9f340d68ea/detection

176.113.115.91:2145
31.41.244.112:2145
89.185.85.44:2145
89.208.103.208:2145
8ltd8.com
npinmclaugh11.com
npinmclaugh14.com

# Reference: https://www.virustotal.com/gui/file/05bb07f3dfae2584a5f6382f23ba58bbea9feeea01509c446a1c75e47a9dfa13/detection

http://140.82.15.232
140.82.15.232:2970

# Reference: https://www.virustotal.com/gui/file/498d6c9301e100f9b7752a6ee34b6873747efa876a9767f51c8eb8dd6a2ff63a/detection

http://116.202.22.58
sdfuubw.icu

# Reference: https://isc.sans.edu/diary/rss/29170
# Reference: https://otx.alienvault.com/pulse/6352a4f01abba547918c8a4d

http://176.124.216.159
176.124.216.159:5511

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-10-26%20NetSupport%20RAT%20IOCs

she32rn1.com

# Reference: https://www.virustotal.com/gui/file/bfa0f0a9d939eb766c9fd81be03e3b2cd4ed43b977832a21e73156a7201ff1ed/detection

http://193.106.191.152
185.158.251.35:4421
193.106.191.152:4421
dcejartints16.com
dcejartints17.com

# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-12-28-IOCs-for-NetSupport-RAT-infection.txt

http://89.185.85.44

# Reference: https://www.virustotal.com/gui/file/058118f80fc1a977d07f012560d2ca6109709d20ba6a81e017f294f6e37f2f28/detection

151.236.14.69:2940
pinustamilbe10.com

# Reference: https://twitter.com/x3ph1/status/1612583145257275392
# Reference: https://twitter.com/x3ph1/status/1612636188212338690

gkdkr.icu
gubje.top
noinmsyvhruhjbi4hs.cn
sdvubjser.top

# Reference: https://www.virustotal.com/gui/file/e0f1dc2d0d42622578b3d4e609a5f428edcc41273c60640711f092570cda132c/detection

http://142.132.188.48
fasfybue.icu
rgkiboinas.men

# Reference: https://twitter.com/BroadAnalysis/status/1613255257789693953

http://94.158.244.38
52226asdiobioboioie.com

# Reference: https://www.virustotal.com/gui/file/12d2c229d192506c13f8dfbb5e9edb5b9b369a6e0b5ddc7cb2647d02d7fcdae5/detection

http://194.180.174.152
194.180.174.152:1203
pro1vin7ce.top

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-01-27%20GoogleAds_NetSupport%20RAT%20IOCs

http://185.161.210.23

# Reference: https://twitter.com/dlevyny7/status/1619081793344512000
# Reference: https://www.virustotal.com/gui/ip-address/185.161.210.23/relations
# Reference: https://www.virustotal.com/gui/file/8301d30f35705f82c85b56c51fc9f79f9071c3cb3e984b9c55aefe98b830cfc6/detection

anydeks-access.com
mindamiedolis19.com

# Reference: https://twitter.com/1ZRR4H/status/1620141013686968320

http://176.124.216.31

# Reference: https://twitter.com/crep1x/status/1620542075082260480
# Reference: https://tria.ge/230131-z4s2xscd3t/behavioral2

any-desk-app.life
audacity-app-official.site
canva-app-official.site
handbrake-app-official.site
ledger-app-official.site
libreoffice-app-official.site
teamviewer-app-official.site
tronlink-official.site
dkimqwertyasd.com
harddrystamp.com

# Reference: https://twitter.com/Iamdeadlyz/status/1626286424713736194
# Reference: https://www.virustotal.com/gui/file/2bee969bf4dd2fc0e5b6de9f835a037b486fe6f599ec20485231710b06033837/detection
# Reference: https://www.virustotal.com/gui/file/84520291f6556c00cb44314d2994037e0b098bc97c73826c6b6d3e03564b243d/detection

http://89.107.10.44
89.107.10.44:9999
arponet.duckdns.org

# Reference: https://twitter.com/Iamdeadlyz/status/1626286411879190528

http://195.133.197.185
pokemoncards-nft.com

# Reference: https://twitter.com/AnFam17/status/1628995393143832576

94.158.244.118:1203

# Reference: https://twitter.com/nosecurething/status/1631005059302522900

dssdgihbiuieyygvkdsiy4.cn
gunhdr.top

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2023-03-09-v10262/351

gybvhxu.top
itugbjhb.xyz

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-03-23%20NetSupport%20RAT%20IOCs

http://116.203.241.111
dirjbrb.fun
dvjurtt.top
sdfojbeufibibsuu8u.cn

# Reference: https://twitter.com/JAMESWT_MHT/status/1641700979434217475

glorrytertyds1.com
glorrytertyds15.com
howcankfhns.com
ktalarisa18.com
ktalarisa19.com
plshaquntarav31.com
plshaquntarav32.com
uzurtela1.com
uzurtela42.com
xjmko311.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1641714810696998916

http://51.195.53.204
dcanalirder12.com
dcanalirder15.com
jalalymola11.com
jalalymola17.com
mindamiedolis20.com
whatulookingat.duckdns.org

# Reference: https://www.trendmicro.com/en_us/research/23/c/new-opcjacker-malware-distributed-via-fake-vpn-malvertising.html
# Reference: https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/c/new-opcjacker-malware-distributed-via-fake-vpn-malvertising/ioc-new-opcJacker-malware-distributed-via-fake-vpn-malvertising.txt
# Reference: https://otx.alienvault.com/pulse/6424417d4f7e34fdcc85af29

alle13net1.com
alle13net2.com
comes1.com
comes2.com
gattri1.com
gattri2.com
installer-xvpn-g.site
installer-xvpn-h.site
installer-xvpn-k.site
installer-xvpn-n.site
irbxvpn.site
irexvpn.site
irfxvpn.site
irhxvpn.site
irixvpn.site
irkxvpn.site
irqxvpn.site
irtxvpn.site
iruxvpn.site
irwxvpn.site
manigiajabae32.com
manigiajabae35.com
neskrab1.com
neskrab2.com
nesupcli.com
uhcoxvpn.site

# Reference: https://twitter.com/1ZRR4H/status/1643512391940952064
# Reference: https://www.virustotal.com/gui/ip-address/162.33.178.129/relations

http://91.107.198.110
gsdgtruhu45.cn
irejhg.fun
retbr.fun
tumnt.top

# Reference: https://www.virustotal.com/gui/file/12e68953eac99f92a4bad4dc8263fd21837a119ec3830569c3f6205b2bc4726c/detection

rtern.top

# Reference: https://www.virustotal.com/gui/file/12e68953eac99f92a4bad4dc8263fd21837a119ec3830569c3f6205b2bc4726c/detection

dfrgb.fun

# Reference: https://twitter.com/abuse_ch/status/1646397352469577728
# Reference: https://www.virustotal.com/gui/file/26cad4ec29bc07d7b2c32c94dbbef397391babf1c78cc533950b325aaf11bba8/detection

http://79.137.207.54
79.137.207.54:5222
balbalz1.com

# Reference: https://twitter.com/StopMalvertisin/status/1648223628067237890
# Reference: https://twitter.com/souiten/status/1648250631600373760
# Reference: https://www.virustotal.com/gui/file/e927e79de25207d548965e90ec87c26021b9549b5108ac0de99cc9c85556841b/detection

http://87.251.67.111
87.251.67.111:1935
glazgo141.com
glazgo142.com

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-04-17%20NetSupport%20RAT%20IOCs

http://23.88.125.55
erbieiv.top
rubjbz.fun
ssgdubuerx4.cn

# Reference: https://twitter.com/pollo290987/status/1653139934956363777
# Reference: https://twitter.com/pollo290987/status/1653486646774362112
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-05-01%20NetSupport%20RAT%20IOCs
# Reference: https://www.virustotal.com/gui/file/e3d142307cbbf3d0d8eac76364993e52833d1ba7318a9ca93dc7f950c49e8ec5/detection

http://195.201.237.50
eduvu.top
erigb.top
sdjbizirebz.cn

# Reference: https://twitter.com/pollo290987/status/1653796442723475458

asdyg.fun
dsauvsiv.top

# Reference: https://twitter.com/pollo290987/status/1654206717251530753
# Reference: https://www.virustotal.com/gui/file/026d17e445821b1d208cb399f451f688f2ba1882a0596661c5d728213aa70e18/detection

http://193.233.232.218
http://89.22.237.94
89.22.237.94:5222
blahadfurtik.com
blahadfurtik2.com

# Reference: https://www.virustotal.com/gui/file/2ba36fbdb1ade985521f651d2fef8667b788658b87423297fddb88f70fbbd411/detection

http://79.137.203.68
79.137.203.68:5222
hdwarframebot.com

# Reference: https://twitter.com/pollo290987/status/1654357341314117633

dsauvsiv.top
erivhx.fun

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-05-04%20NetSupport%20RAT%20IOCs

dubhd.top

# Reference: https://twitter.com/pollo290987/status/1654540593756872706

http://45.138.74.89

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-05-08%20NetSupport%20IOCs
# Reference: https://www.virustotal.com/gui/file/9488e05b2be4ef6494ed61a15246de5a1b9e2e7a1673c660a35a162a4e29f339/detection

http://94.130.187.192
pruvb.fun

# Reference: https://twitter.com/pollo290987/status/1658540867840270337
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-05-15%20NetSupport%20RAT%20IOCs

http://128.140.14.43
sdfhr.top
tryxe.fun
sasfyvuaseyzzs.cn

# Reference: https://gist.github.com/kirk-sayre-work/1a7ec92ab9018ffac71ee5826de9aba8

http://193.233.233.92
http://91.193.43.96

# Reference: https://twitter.com/JAMESWT_MHT/status/1658779419043942402
# Reference: https://www.virustotal.com/gui/file/d885b84d8d8059451a119b32d164280284d428350d2bfcfaf7b84f1b2223a42a/detection

176.124.198.7:5222
alnama.net/realty/license.php
itsupportadminguy.info/itsurjia/homeps.php
/itsurjia/homeps.php

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-05-18%20NetSupport%20RAT%20IOCs

rszee.top

# Reference: https://threatfox.abuse.ch/ioc/1119451/

77.105.146.153:5222

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-05-23%20NetSupport%20RAT%20IOCs

http://5.75.145.41
ergtu.top
reubhh.fun
sertte56gzxes.cn
/rt.php?i=NOT-A-RESEARCHER

# Reference: https://tria.ge/230526-gyq19sea99/behavioral11

91.215.85.180:5222

# Reference: https://twitter.com/JAMESWT_MHT/status/1662371119532318720
# Reference: https://tria.ge/230527-hj77nsba65/behavioral2
# Reference: https://www.virustotal.com/gui/file/faf9b23508c4445bf9017cacb3b4f08f39d0cd0cd48cc17156320abb6083d9c7/detection

http://188.227.59.169
http://80.66.88.143
80.66.88.143:1935
golden-scalen.com
xoomep1.com
xoomep2.com

# Reference: https://twitter.com/doc_guard/status/1668890440324579329
# Reference: https://www.virustotal.com/gui/file/7e9362b520bf227bfa1c152710b76b7ff83f41f4a7cae42bbb3cfa1473bb0edc/detection

http://91.107.213.253
sizie.fun

# Reference: https://www.virustotal.com/gui/file/0ab1ccca6453218c59fbff6aa2af85ec62a790bcf18426a86f12ba5fe9ed96b3/detection

asuxtp.fun

# Reference: https://www.virustotal.com/gui/file/2817e17cbaa3588d1f1d8fb8a371489693bbdea53a05a34fac71b41bf91e7081/detection

fyzyxe.top

# Reference: https://twitter.com/FirstWatchCyber/status/1678473223678074882
# Reference: https://www.virustotal.com/gui/ip-address/143.244.162.145/relations
# Reference: https://www.virustotal.com/gui/ip-address/157.90.249.226/relations

asfgze.fun
digibi.fun
regibd.fun
sdguzx.fun
ahmgbgjhdlmmlnf.top
cmbefalcljjblia.top
deediinlfifelek.top
ejhbmdagngcglaf.top
jenililhdcaegeg.top
kiknaijcgclkdnl.top
knifdjhlkchdaic.top
nbjhllilknbjldk.top

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-07-13%20AsyncRAT%20IOCs

prigze.top
zegfze.top

# Reference: https://gist.github.com/kirk-sayre-work/f9748c3cae156b56a0751679085b3f8e

bisiv.top
dubpv.top
eovze.fun
igsufb.top
izrvb.top
lvuse.top
lvvmze.top
sdifiv.top
tvfzie.top
vizhez.top

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-07-24%20AsyncRAT%20IOCs

rigjz.fun

# Reference: https://twitter.com/abuse_ch/status/1685911335719100416
# Reference: https://www.virustotal.com/gui/ip-address/176.111.174.101/relations
# Reference: https://twitter.com/JAMESWT_MHT/status/1685921789539389440
# Reference: https://twitter.com/JAMESWT_MHT/status/1685923203141582848
# Reference: https://www.virustotal.com/gui/file/37cb07ef75c90beb2af9df3faf02283c71ef48cbffce24bcd46049b38939d26b/detection
# Reference: https://www.virustotal.com/gui/file/5e6c05f47399616a63798cb40df75b90912f3dffa84b310ee26db960fc62522f/detection
# Reference: https://www.virustotal.com/gui/file/b75b778b3ca3698225351e0e36376be5da90ec890f4dcf5db970a1f08d8ed37c/detection

http://95.179.150.54
http://95.179.189.207
95.179.189.207:1313
95.179.150.54:1315
95.179.150.54:1414
archivde.xyz
luckyday0728.org
sambireact1.com
sambireact2.com
unclesrug31.com
unclesrug32.com
yeah07.online

# Generic trails

/iplog/newg.php
/JSX/testpost.php
/fakeurl.htm
