forked from stamparm/maltrail
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathapt_ghostemperor.txt
47 lines (40 loc) · 1.45 KB
/
apt_ghostemperor.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission
# Aliases: entryshell, sparrowdoor, xiangoop
# Reference: https://securelist.com/ghostemperor-from-proxylogon-to-kernel-mode/104407/
aftercould.com
datacentreonline.com
freedecrease.com
newfreepre.com
newlylab.com
reclubpress.com
webdignusdata.com
game.newfreepre.com
imap.newlylab.com
imap.webdignusdata.com
mail.reclubpress.com
27.102.113.57:443
27.102.113.57:80
27.102.114.55:443
27.102.114.55:80
27.102.115.51:443
27.102.115.51:80
27.102.113.240:443
27.102.113.240:80
27.102.129.120:443
27.102.129.120:80
107.148.165.158:443
107.148.165.158:80
154.223.135.214:443
154.223.135.214:80
# Reference: https://www.sygnia.co/blog/ghost-emperor-demodex-rootkit/
# Reference: https://www.virustotal.com/gui/ip-address/193.239.86.168/relations
# Reference: https://www.virustotal.com/gui/file/f81a2e8a2a272e0bdae4e267fa220d6d40e23214087f33bdcdab6c7ad10b60b8/detection
dateupdata.com
imap.dateupdata.com
# Reference: https://www.welivesecurity.com/en/eset-research/you-will-always-remember-this-as-the-day-you-finally-caught-famoussparrow/
# Reference: https://www.virustotal.com/gui/ip-address/45.131.179.24/relations
# Reference: https://www.virustotal.com/gui/ip-address/43.254.216.195/relations
# Reference: https://www.virustotal.com/gui/file/b696fe2f31279af1e006d89beb0ff0c1915df4f8a6d3a201ccda54505688840c/detection
103.85.25.166:8444
amelicen.com