forked from stamparm/maltrail
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathandroxgh0st.txt
89 lines (81 loc) · 2.65 KB
/
androxgh0st.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission
# Reference: https://www.lacework.com/blog/androxghost-the-python-malware-exploiting-your-aws-keys/
# Reference: https://blog.sicehice.com/2023/03/androxgh0st-stealing-your-aws-key-pairs.html
# Reference: https://otx.alienvault.com/pulse/63d43565fa3638d6d936705e
http://109.237.97.180
http://185.83.146.154
# Reference: https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-016a
# Reference: https://otx.alienvault.com/pulse/65a7d3eed9b9cc8a7ed724cd
rockylinux.si
mc.rockylinux.si
# Reference: https://x.com/banthisguy9349/status/1855870231861715197
# Reference: https://search.censys.io/search?q=services.http.response.body%3D%220x%255B%255D%3Dandroxgh0st%22&resource=hosts&cursor=eyJhbGciOiJFZERTQSJ9.eyJub25jZSI6InhxVFIySXdiRkFZYk1FZXVWRDZHU2hQWHFJTUgxK3NXL2lUQk5ERFRFZUkiLCJwYWdlIjozLCJyZXZlcnNlZCI6ZmFsc2UsInNlYXJjaF9hZnRlciI6WzEuMCwxNzMxMzI2NTU0MDc3LCIzNy44Mi43LjUzIixudWxsXSwic29ydCI6W3siX3Njb3JlIjp7Im9yZGVyIjoiZGVzYyJ9fSx7Imxhc3RfdXBkYXRlZF9hdCI6eyJtaXNzaW5nIjoiX2xhc3QiLCJtb2RlIjoibWluIiwib3JkZXIiOiJkZXNjIn19LHsiaXAiOnsibWlzc2luZyI6Il9sYXN0IiwibW9kZSI6Im1pbiIsIm9yZGVyIjoiYXNjIn19LHsibmFtZS5fX3JhdyI6eyJtaXNzaW5nIjoiX2xhc3QiLCJtb2RlIjoibWluIiwib3JkZXIiOiJhc2MifX1dLCJ2ZXJzaW9uIjoxfQ.6Mr8RmlYVp5R5_Yw_ZR1WLWpxD-OKQcjrlfGrSdp4HyZAH01-pOvz-RMiz5RJPlwA7DsFXojRmwPtnX4k3DDAg
http://136.255.200.154
http://14.0.131.117
http://178.115.252.206
http://188.5.35.227
http://193.105.228.36
http://213.158.146.148
http://213.158.146.226
http://217.245.68.118
http://217.91.39.102
http://34.199.68.218
http://34.202.222.133
http://37.189.61.33
http://5.26.129.52
http://77.239.46.106
http://79.205.123.185
http://81.200.163.186
http://84.169.35.14
http://89.123.194.20
http://94.168.56.100
http://94.227.42.150
176.30.202.242:40080
178.242.0.119:40080
178.242.103.252:82
178.242.156.191:11082
178.242.44.226:83
178.242.5.231:82
178.242.82.62:10080
188.38.122.169:81
188.59.107.168:85
188.59.134.105:85
188.59.2.169:82
213.200.229.12:8000
213.233.116.106:1025
213.233.116.106:1026
213.233.116.106:502
213.43.160.13:82
31.177.41.57:9004
31.177.41.57:9005
37.80.81.108:8089
37.80.9.207:86
37.82.64.78:8089
37.84.163.238:120
37.84.170.135:85
37.85.48.170:83
45.79.69.171:60402
46.104.88.51:40080
46.104.89.21:40080
46.97.202.150:83
5.11.151.151:40080
5.11.240.244:90
5.11.241.48:40080
5.26.117.32:81
5.26.165.2:84
5.26.178.232:81
5.26.198.55:40080
5.26.213.203:85
5.26.228.111:81
5.26.229.220:10082
5.26.60.144:83
5.26.64.201:81
77.129.105.125:82
77.130.118.223:82
8.136.7.221:8000
86.71.99.76:82
87.139.197.249:82
92.95.255.227:82
# Generic
/data="0x%5B%5D=androxgh0st"