forked from stamparm/maltrail
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathapt_luckycat.txt
97 lines (82 loc) · 2.51 KB
/
apt_luckycat.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission
# Aliases: sepulcher, ta413, exilerat, luckycat, shadownet
# Reference: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_luckycat_redux.pdf
89757.x.gg
bailianlan.c.dwyu.com
cattree.1x.biz
charlesbrain.shop.co
clbest.greenglassint.net
duojee.info
fidk.rkntils.dnset.com
fireequipment.website.org
footballworldcup.website.org
frankwhales.shop.co
goodwell.all.co.uk
havefuns.rkntils.10dig.net
hi21222325.x.gg
jeepvihecle.shop.co
johnnees.rkntils.10dig.net
killmannets.0fees.net
kinkeechow.shop.co
kittyshop.kilu.org
lucysmith.0fees.net
maritimemaster.kilu.org
masterchoice.shop.co
perfect.shop.co
pumasports.website.org
rkntils.10dig.net
rkntils.dnset.com
rukiyeangel.dyndns.pro
sunshine.shop.co
tb123.xoomsite.com
tbda123.gwchost.com
tennissport.website.org
toms.0fees.net
tomsburs.shop.co
tomygreen.0fees.net
vpoasport.shopping2000.com
waterpool.website.org
# Reference: https://blog.talosintelligence.com/2019/02/exilerat-shares-c2-with-luckycat.html
27.126.188.212:80
27.126.188.212:8003
27.126.188.212:8005
mondaynews.tk
peopleoffreeworld.tk
gmailcom.tw
# Reference: https://www.proofpoint.com/us/blog/threat-insight/chinese-apt-ta413-resumes-targeting-tibet-following-covid-19-themed-economic
# Reference: https://otx.alienvault.com/pulse/5f4faad08bc69edf206bf6b6
http://107.151.194.197
107.151.194.197:443
107.151.194.197:8080
118.99.13.4:1234
118.99.13.4:8099
dalailamatrustindia.ddns.net
welfaretibet.tk
# Reference: https://www.proofpoint.com/us/blog/threat-insight/ta413-leverages-new-friarfox-browser-extension-target-gmail-accounts-global
# Reference: https://otx.alienvault.com/pulse/6037c5dff774e1d70491bf0d/
167.179.99.136:443
indiatrustdalailama.com
nangsihistory.vip
vaccine-icmr.net
vaccine-icmr.org
you-tube.tv
# Reference: https://twitter.com/threatinsight/status/1531688214993555457
tibet-gov.web.app
# Reference: https://www.recordedfuture.com/chinese-state-sponsored-group-ta413-adopts-new-capabilities-in-pursuit-of-tibetan-targets
# Reference: https://www.virustotal.com/gui/ip-address/134.122.129.102/relations
# Reference: https://www.virustotal.com/gui/ip-address/172.105.35.111/relations
# Reference: https://www.virustotal.com/gui/ip-address/192.46.213.63/relations
airjaldi.online
applestatic.com
flex-jobs.in
freetibet.in
jobflex.in
newsindian.xyz
rediffpapers.com
tibet.bet
tibetancongress.com
tibetanyouthcongress.com
# Generic trails
/aqqee
/qqqzqa