# Copyright (c) 2014-2026 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: snowlight, vshell

# Reference: https://x.com/malwrhunterteam/status/1925919454099054740
# Reference: https://sysdig.com/blog/unc5174-chinese-threat-actor-vshell/
# Reference: https://www.virustotal.com/gui/file/7cbcf84de28d4bc3b21773babe730c8cc57e91dfd8b561d0dc338ea7f6f0423f/detection

124.221.120.25:2222
bootstrapcdn.fun
c1oudf1are.com
chmobank.com
googlespays.com
huionepay.me
mcafeecdn.xyz
samsungcdn.com
telegrams.icu
virustotal.xyz
https.sex666vr.com
apib.googlespays.com
btt.evil.gooogleasia.com
javaw.virustotal.xyz
ks.evil.gooogleasia.com
lin.c1oudf1are.com
lin.huionepay.me
lin.telegrams.icu
mtls.sex666vr.com
start.bootstrapcdn.fun
vs.gooogleasia.com
wg.gooogleasia.com

# Reference: https://x.com/nahamike01/status/2041035954950230099
# Reference: https://www.virustotal.com/gui/file/44c3885cb5ae32059e201fd3f5b87738d5e88706d1fbcf30798883c3498f9eb1/detection
# Reference: https://www.virustotal.com/gui/file/8225ced200725fcce20ce365c4bafc391df92eaf9476b5fe7c0c11c76c83866f/detection

84.32.22.130:8848
topayapp.org
l1.topayapp.org
w1.topayapp.org
