forked from stamparm/maltrail
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathapt_ke3chang.txt
132 lines (103 loc) · 4.16 KB
/
apt_ke3chang.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission
# Aliases: apt15, Ke3chang, Mirage, Vixen Panda, Royal APT, Playful Dragon
# Reference: https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/march/apt15-is-alive-and-strong-an-analysis-of-royalcli-and-royaldns/
# Reference: https://twitter.com/VK_Intel/status/976977927072985088
memozilla.org
news.memozilla.org
video.memozilla.org
run.linodepower.com
singa.linodepower.com
log.autocount.org
andspurs.com
micakiz.wikaba.org
cavanic9.net
ridingduck.com
zipcodeterm.com
dnsapp.info
# Reference: https://www.intezer.com/miragefox-apt15-resurfaces-with-new-tools-based-on-old-ones/
buy.healthcare-internet.com
# Reference: https://www.welivesecurity.com/2019/07/18/okrum-ke3chang-targets-diplomatic-missions/
# Reference: https://otx.alienvault.com/pulse/5d3040c20c143e436cc113d8
compatsec.com
inicializacion.com
menorustru.com
buy.babytoy-online.com
center.nmsvillage.com
chart.healthcare-internet.com
control.mimepanel.org
cv.livehams.com
daily.huntereim.com
dream.zepotac.com
dsmanfacture.privatedns.org
dyname.europemis.com
finance.globaleducat.com
forcan.hausblow.com
grek.freetaxbar.com
info.audioexp.com
item.amazonout.com
items.babytoy-online.com
items.burgermap.org
login.allionhealth.com
misiones.soportesisco.com
newflow.babytoy-online.com
press.premlist.com
promise.miniaturizate.org
rain.nmsvillage.com
store.ufmsecret.org
support.slovakmaps.com
translate.europemis.com
upcv.inciohali.com
view.beleimprensa.org
wind.deltimesweb.com
www1.sanpaulostat.com
# Reference: https://twitter.com/MeltX0R/status/1174069208709312512
# Reference: https://www.virustotal.com/gui/file/b5db7cfe22de56d292c83ea9ffa25f28d1e126d16b14cb3734b7396dcf5a6e0c/detection
halimatoudi.com
# Reference: https://twitter.com/MeltX0R/status/1174442212412809216
# Reference: https://app.any.run/tasks/8d777de7-d51d-4c97-8e91-d0e54461fc2b/
# Reference: Reference: https://pastebin.com/qdDymcuy
tick.ondemand-sport.com
# Reference: https://twitter.com/in_threat/status/735472063247421440
goback.strangled.net
# Reference: https://www.virustotal.com/gui/domain/edit.centrozhlan.com/relations
# Reference: https://www.virustotal.com/gui/file/689f121c4a7309644c37141742abed0f111b6fa60632c54002a5ce898af36397/community
centrozhlan.com
# Reference: https://www.intezer.com/blog/research/the-evolution-of-apt15s-codebase-2020/
# Reference: https://otx.alienvault.com/pulse/5ec7f55daebc94b5857d69f1
thehuguardian.com
menu.thehuguardian.com
# Reference: https://twitter.com/malwrhunterteam/status/1616138902938746882
# Reference: https://www.virustotal.com/gui/file/29f2616dc26a02216d8e17a52cc6938fd130c2feffa6e08143432ed0941fdde7/detection
# Reference: https://www.virustotal.com/gui/file/100bb87b7dc3455b2aaef93753a44d3b149b1f68b0c21a9607da45b16412a9ba/detection
http://172.104.143.75
172.104.143.75:443
172.104.143.75:8000
# Reference: https://twitter.com/malwrhunterteam/status/1616438178055094275
# Reference: https://www.virustotal.com/gui/file/64ef2b23808484c9310408f7b530af6b71b5101a1e757cd6f6f70052858b35bc/detection
106.75.99.101:8989
# Reference: https://twitter.com/malwrhunterteam/status/1616438178055094275
# Reference: https://www.virustotal.com/gui/file/45bcc4da58aacc018a36eb8a0b3125dcae84b3a2313513153614f3a6a55b0f7b/detection
123.60.31.114:7005
# Reference: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/flea-backdoor-microsoft-graph-apt15
# Reference: https://otx.alienvault.com/pulse/6492f2af01c58203dd0bcd3b
beltsymd.org
cyclophilit.com
cyprus-villas.org
perusmartcity.com
verisims.com
# Reference: https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2024-03-25-Timeline-for-misake-by-Playful-Taurus.txt
# Reference: https://www.virustotal.com/gui/file/bfb44ed70b5096b9884245af952b979241811e49ec96d1463bd9384c360e484e/detection
adobeonline.net
update.adobeonline.net
updateadobeappscom.adobeonline.net
# Generic trails (From Reference: https://pastebin.com/qdDymcuy)
/wikipedia.aspx?content=
/feeyo.aspx?who=
/airliners.aspx?para=
/playlist.aspx?yf=
/pprune.aspx?yf=
/dutchops.aspx?yf=
/iTunes.aspx?e1=
/paidai.aspx?e1=
/shopmall.aspx?e1=