forked from stamparm/maltrail
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathapt_gref.txt
181 lines (165 loc) · 4.47 KB
/
apt_gref.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission
# Reference: https://www.fireeye.com/blog/threat-research/2014/09/forced-to-adapt-xslcmd-backdoor-now-on-os-x.html
allshell.net
attoo1s.com
kasparsky.net
kocrmicrosoft.com
microsoft.org.tw
microsoftdomainadmin.com
microsoftsp3.com
softwareupdatevmware.com
windowsnine.net
cdngoogle.com
cisco-inc.net
mremote.biz
officescan.biz
oprea.biz
battle.com.tw
diablo-iii.mobi
microsoftupdate.ws
msftncsl.com
square-enix.us
updatamicrosoft.com
powershell.com.tw
gefacebook.com
attoo1s.com
msnupdate.bz
googlemapsoftware.com
# Reference: https://blog.lookout.com/multiyear-surveillance-campaigns-discovered-targeting-uyghurs
# Reference: https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf
# Reference: https://otx.alienvault.com/pulse/5efca5ec3da9c1ceace695fc
androidsapps.ml
babyedu-online.com
googleanalyseservice.net
googlleservice.com
symantecupdate.net
vipappdownload.com
wephone.top
6006.secpert.com
6006.upupdate.cn
amote-366.vicp.cc
android.apps.us.to
androidapps.duia.in
androidapps.fvk.cc
androidapps.home.hn.org
androidapps.jetos.com
androidapps.linkpc.net
androidapps.myfirewall.org
androidapps.nerdpol.ovh
androidapps.npff.co
androidapps.nsupdate.info
androidapps.spdns.eu
androidapps.spdns.org
androidapps.tempors.com
coco.wikaba.com
cookedu-online.com
englishedu-online.com
heartsys.dnsapi.info
joke.upupdate.cn
nortonservice.net
phpyahoo.mrbasic.com
s101.secpert.com
s2.upupdate.cn
ss903.w3.ezua.com
ss904.w3.ezua.com
sz.secpert.com
tree.ddns.us
turknews-online.com
turkyedu-online.com
umare.zyns.com
vipapkdownload.com
youtube.dynamicdns.org.uk
# Reference: https://www.welivesecurity.com/en/eset-research/badbazaar-espionage-tool-targets-android-users-trojanized-signal-telegram-apps/
148.251.87.245:4432
185.239.227.14:3023
217.163.29.84:7011
45.133.238.92:6023
45.154.12.132:4332
45.63.89.238:1011
62.210.28.116:2011
flygram.org
signalplus.org
# Reference: https://threatfox.abuse.ch/browse/tag/BadBazaar/
103.27.186.156:443
103.27.186.195:443
154.202.59.169:443
45.154.12.151:443
45.154.12.202:443
92.118.189.164:443
# Reference: https://www.volexity.com/blog/2023/09/22/evilbamboo-targets-mobile-devices-in-multi-year-campaign/
# Reference: https://github.com/volexity/threat-intel/blob/main/2023/2023-09-22%20EvilBamboo/indicators/iocs.csv
# Reference: https://www.virustotal.com/gui/file/0fea799ce00c7d6f26ccb52a2ecbe6b9605cfb9910f2a309a841caedf3b102d7/detection
# Reference: https://www.virustotal.com/gui/file/1caf33e5cb45de1d3616bda85bea6c4d915365eb7444c8d7c56cebd12b69d105/detection
# Reference: https://www.virustotal.com/gui/file/f7132750db2a8ca8eb9e9e5a32377aa506395d02bacbb918f835041f5f035c4c/detection
# Reference: https://www.virustotal.com/gui/ip-address/45.154.12.132/relations
142.132.131.28:10433
142.132.131.28:10434
142.132.131.28:10435
142.132.131.28:3251
148.251.87.247:10433
148.251.87.247:10434
148.251.87.247:10435
148.251.87.247:3251
195.154.60.3:10433
195.154.60.3:10434
195.154.60.3:10435
195.154.60.3:3251
23.88.28.222:4432
62.210.30.158:10433
62.210.30.158:10434
62.210.30.158:10435
62.210.30.158:3251
95.216.187.21:6656
adoptewer.com
allwhatsapp.net
bhvghg.com
comeflxyr.com
everydayinfo.top
fgttgvh.com
flygram.orgproxy1.signalplus.org
fufijxgkg.com
ggl.whoscaller.net
goldplusapp.net
graphicdata.net
ignitetibet.net
in7n.com
jindjjdtc.com
kmcuft.com
o21q.com
omarwhatsapp.org
orgproxy1.signalplus.org
thetubeplus.com
tibetone.org
tinmf.org
tryhrwserf.com
tubevideoplus.org
upd.whoscaller.net
uyghurdict.com
uyghurinfo.net
whoscaller.net
# Reference: https://twitter.com/naumovax/status/172042145649913054
# Reference: https://tria.ge/231103-l385vsfh7v
# Reference: https://tria.ge/231103-nfveasbe23
# Reference: https://tria.ge/231005-2xj7jshg69
# Reference: https://www.virustotal.com/gui/file/f86420f5a92a39d92beef7279f219da3efad85dfb64fad06809d8add6dc451df/detection
telegram5.org
telegramrc.com
telegramxo.com
api.telegram5.org
api.telegramrc.com
app.telegramrc.com
down.telegramxo.com
tgpc.telegramrc.com
/cc/adr/mobi
/cc/info/rep
# Reference: https://threatfox.abuse.ch/browse/tag/BadBazaar/
154.212.147.129:443
789aa654.top
jkapp88.top
k1-ai-jk.789aa654.top
k3-ai-jk.jkapp88.top
# Reference: https://twitter.com/naumovax/status/1744741775661756421
# Reference: https://tria.ge/240109-rhyraacacq/behavioral1
# Reference: https://www.virustotal.com/gui/file/bdb84b702752c4065fa36f7c6f7038eed2bfda6d09c32d69512896077b66c097/detection
api--telegram.ru