Rectifyq📃Title: Chinese Malware Delivery Websites
📅Date: 2025-01-13
🔗References:
Description
A cluster of over 400 domains have been registered since June 2024 to host spoofed websites delivering malware to Chinese-speaking users. The sites imitate popular applications like web browsers, VPNs, messaging apps, and crypto wallets. Identified malware includes Gh0stRAT, ValleyRAT, RemKos RAT, LummaStealer, and RedLine. The domains share registration details, infrastructure, and website configurations. Lures include fake login pages and software downloads. The activity shows similarities to the previously reported APT group SilverFox, suggesting an organized hack-for-hire or state-sponsored operation targeting Chinese speakers, possibly for credential theft and system access.
🔖Rectifyq Taxonomies:
- relevancy: 🔴 Highly Relevant
- category: ⚔Threat
- sub-category: malware-analysis
- target: broad-based
- MY-relevancy: relevant
🔖MISP Galaxies:
- producer Domaintools
- target-information=“China”
- target-information=“Malaysia”
- target-information=“Hong Kong”
- malpedia=“Ghost RAT”
- malpedia=“Lumma Stealer”
- malpedia=“RedLine Stealer”
- malpedia=“Remcos”
- malpedia=“ValleyRAT”
- mitre-attack-pattern=[‘T1033’, ‘T1114’, ‘T1119’, ‘T1120’, ‘T1082’, ‘T1071’, ‘T1005’, ‘T1555’, ‘T1219’, ‘T1016’, ‘T1059’, ‘T1083’, ‘T1497’, ‘T1204’, ‘T1057’, ‘T1566’, ‘T1553’, ‘T1573’, ‘T1056’, ‘T1012’, ‘T1132’, ‘T1518’]
MISP event uuid: 2d00aaa6-8c68-4ac1-8197-2c2471fe9ade
Indicator of Compromise (IoCs)
type,value,comment
domain, 007z.top, 'Suspected Malware Delivery Domain'
domain, 1633.site, 'Suspected Malware Delivery Domain'
domain, 163e.top, 'Suspected Malware Delivery Domain'
domain, 163i.top, 'Suspected Malware Delivery Domain'
domain, 16cilz.xyz, 'Suspected Malware Delivery Domain'
domain, 1o2mp.cyou, 'Suspected Malware Delivery Domain'
domain, 2345kantup.xyz, 'Suspected Malware Delivery Domain'
domain, 2345kingtuwang.com, 'Suspected Malware Delivery Domain'
domain, 2345ktws.xyz, 'Suspected Malware Delivery Domain'
domain, 360browsap.top, 'Suspected Malware Delivery Domain'
domain, 360z.fit, 'Suspected Malware Delivery Domain'
domain, 6h4s3s.top, 'Suspected Malware Delivery Domain'
domain, 70ka.club, 'Suspected Malware Delivery Domain'
domain, a1shung.club, 'Suspected Malware Delivery Domain'
domain, adober.club, 'Suspected Malware Delivery Domain'
domain, adspowerr.top, 'Suspected Malware Delivery Domain'
domain, aisbb.cyou, 'Suspected Malware Delivery Domain'
domain, andesksr.com, 'Suspected Malware Delivery Domain'
domain, anydeisk.top, 'Suspected Malware Delivery Domain'
domain, anydesik.com, 'Suspected Malware Delivery Domain'
domain, anydesik.top, 'Suspected Malware Delivery Domain'
domain, anydesikq.top, 'Suspected Malware Delivery Domain'
domain, anydeskcn.top, 'Suspected Malware Delivery Domain'
domain, anydeskq.online, 'Suspected Malware Delivery Domain'
domain, anydeslk.top, 'Suspected Malware Delivery Domain'
domain, avez.top, 'Suspected Malware Delivery Domain'
domain, avre.work, 'Suspected Malware Delivery Domain'
domain, baidu-a.cyou, 'Suspected Malware Delivery Domain'
domain, baidu-a.top, 'Suspected Malware Delivery Domain'
domain, baili888.club, 'Suspected Malware Delivery Domain'
domain, bananagun.fit, 'Suspected Malware Delivery Domain'
domain, bananagunn.cyou, 'Suspected Malware Delivery Domain'
domain, bananaguns.club, 'Suspected Malware Delivery Domain'
domain, baofupay.top, 'Suspected Malware Delivery Domain'
domain, baofuupay.com, 'Suspected Malware Delivery Domain'
domain, bitbrowcer.xyz, 'Suspected Malware Delivery Domain'
domain, bitbrowsec.top, 'Suspected Malware Delivery Domain'
domain, bitbrowseq.top, 'Suspected Malware Delivery Domain'
domain, bitbrowsers.work, 'Suspected Malware Delivery Domain'
domain, bitbrowsez.top, 'Suspected Malware Delivery Domain'
domain, bitbrowsri.top, 'Suspected Malware Delivery Domain'
domain, bitbrowszer.top, 'Suspected Malware Delivery Domain'
domain, bitbrwoser.fit, 'Suspected Malware Delivery Domain'
domain, bitbrwoser.top, 'Suspected Malware Delivery Domain'
domain, bitbrwwser.top, 'Suspected Malware Delivery Domain'
domain, bitpiez.club, 'Suspected Malware Delivery Domain'
domain, bitteroser.top, 'Suspected Malware Delivery Domain'
domain, b-jipay.com, 'Suspected Malware Delivery Domain'
domain, b-jlpay.top, 'Suspected Malware Delivery Domain'
domain, bmgsn6.top, 'Suspected Malware Delivery Domain'
domain, bntbrowcer.xyz, 'Suspected Malware Delivery Domain'
domain, bpss5vp.top, 'Suspected Malware Delivery Domain'
domain, browseri.vip, 'Suspected Malware Delivery Domain'
domain, btbrowserq.top, 'Suspected Malware Delivery Domain'
domain, btxueo.top, 'Suspected Malware Delivery Domain'
domain, cgpay.vip, 'Suspected Malware Delivery Domain'
domain, chachap.top, 'Suspected Malware Delivery Domain'
domain, chme1.xyz, 'Suspected Malware Delivery Domain'
domain, chmole.club, 'Suspected Malware Delivery Domain'
domain, chrmpw.top, 'Suspected Malware Delivery Domain'
domain, chromexn.com, 'Suspected Malware Delivery Domain'
domain, clashcn.club, 'Suspected Malware Delivery Domain'
domain, clashcn.top, 'Suspected Malware Delivery Domain'
domain, clashcn.xyz, 'Suspected Malware Delivery Domain'
domain, cnacn3.top, 'Suspected Malware Delivery Domain'
domain, comprz.top, 'Suspected Malware Delivery Domain'
domain, cpgpay.site, 'Suspected Malware Delivery Domain'
domain, crlg1wm.com, 'Suspected Malware Delivery Domain'
domain, cs-quickq.com, 'Suspected Malware Delivery Domain'
domain, deepil.top, 'Suspected Malware Delivery Domain'
domain, deepli.top, 'Suspected Malware Delivery Domain'
domain, deepll.top, 'Suspected Malware Delivery Domain'
domain, deepll.xyz, 'Suspected Malware Delivery Domain'
domain, deeplti.xyz, 'Suspected Malware Delivery Domain'
domain, deeplx.top, 'Suspected Malware Delivery Domain'
domain, dexscreener.fit, 'Suspected Malware Delivery Domain'
domain, dexscreeners.icu, 'Suspected Malware Delivery Domain'
domain, dezscreener.work, 'Suspected Malware Delivery Domain'
domain, dfapp188.world, 'Suspected Malware Delivery Domain'
domain, easytran.top, 'Suspected Malware Delivery Domain'
domain, ecprss.com, 'Suspected Malware Delivery Domain'
domain, eiyy.top, 'Suspected Malware Delivery Domain'
domain, enigmar.fit, 'Suspected Malware Delivery Domain'
domain, eniigme.club, 'Suspected Malware Delivery Domain'
domain, eu0af6.club, 'Suspected Malware Delivery Domain'
domain, eyy350.top, 'Suspected Malware Delivery Domain'
domain, eyyqp.top, 'Suspected Malware Delivery Domain'
domain, eyys.xyz, 'Suspected Malware Delivery Domain'
domain, eyysi.top, 'Suspected Malware Delivery Domain'
domain, eyysm.com, 'Suspected Malware Delivery Domain'
domain, eyyz.top, 'Suspected Malware Delivery Domain'
domain, f3jb5x.top, 'Suspected Malware Delivery Domain'
domain, fckjo9.club, 'Suspected Malware Delivery Domain'
domain, firefoxz.top, 'Suspected Malware Delivery Domain'
domain, flashproxy.cc, 'Suspected Malware Delivery Domain'
domain, freetalk.online, 'Suspected Malware Delivery Domain'
domain, g2ks0z.com, 'Suspected Malware Delivery Domain'
domain, g465cn.com, 'Suspected Malware Delivery Domain'
domain, gckgmwc1.top, 'Suspected Malware Delivery Domain'
domain, gmaib.top, 'Suspected Malware Delivery Domain'
domain, gmgmai.club, 'Suspected Malware Delivery Domain'
domain, gmgmai.work, 'Suspected Malware Delivery Domain'
domain, goe.icu, 'Suspected Malware Delivery Domain'
domain, googleseso.top, 'Suspected Malware Delivery Domain'
domain, googlez.top, 'Suspected Malware Delivery Domain'
domain, googlre1.top, 'Suspected Malware Delivery Domain'
domain, goople.top, 'Suspected Malware Delivery Domain'
domain, gotonesms.xyz, 'Suspected Malware Delivery Domain'
domain, gotonesn.top, 'Suspected Malware Delivery Domain'
domain, heepayx.xyz, 'Suspected Malware Delivery Domain'
domain, hellowordx.club, 'Suspected Malware Delivery Domain'
domain, hellowordx.fit, 'Suspected Malware Delivery Domain'
domain, hellowordz.top, 'Suspected Malware Delivery Domain'
domain, helloworldcz.xyz, 'Suspected Malware Delivery Domain'
domain, helloworldw.site, 'Suspected Malware Delivery Domain'
domain, helloworldw.top, 'Suspected Malware Delivery Domain'
domain, helloworldz.top, 'Suspected Malware Delivery Domain'
domain, helloworlids.top, 'Suspected Malware Delivery Domain'
domain, hgb4hxl070.com, 'Suspected Malware Delivery Domain'
domain, huifub.club, 'Suspected Malware Delivery Domain'
domain, huionepay.vip, 'Suspected Malware Delivery Domain'
domain, huorong.online, 'Suspected Malware Delivery Domain'
domain, huorong.site, 'Suspected Malware Delivery Domain'
domain, huorong.work, 'Suspected Malware Delivery Domain'
domain, huoroug.top, 'Suspected Malware Delivery Domain'
domain, huorrong.xyz, 'Suspected Malware Delivery Domain'
domain, huoswe.top, 'Suspected Malware Delivery Domain'
domain, huurongs.top, 'Suspected Malware Delivery Domain'
domain, hvr3ez.work, 'Suspected Malware Delivery Domain'
domain, i4app.top, 'Suspected Malware Delivery Domain'
domain, i4b6.club, 'Suspected Malware Delivery Domain'
domain, i4sa.xyz, 'Suspected Malware Delivery Domain'
domain, i4sapp.top, 'Suspected Malware Delivery Domain'
domain, i4sp.top, 'Suspected Malware Delivery Domain'
domain, i4toos.life, 'Suspected Malware Delivery Domain'
domain, i4z.xyz, 'Suspected Malware Delivery Domain'
domain, ibzeha.vip, 'Suspected Malware Delivery Domain'
domain, iilne.fit, 'Suspected Malware Delivery Domain'
domain, iilne.top, 'Suspected Malware Delivery Domain'
domain, iines.xyz, 'Suspected Malware Delivery Domain'
domain, ilren.top, 'Suspected Malware Delivery Domain'
domain, imbken.club, 'Suspected Malware Delivery Domain'
domain, immersivetranslate.top, 'Suspected Malware Delivery Domain'
domain, interhclp.com, 'Suspected Malware Delivery Domain'
domain, isdndjsq.top, 'Suspected Malware Delivery Domain'
domain, j6ahar4i.top, 'Suspected Malware Delivery Domain'
domain, jdad7q.work, 'Suspected Malware Delivery Domain'
domain, jiguang.icu, 'Suspected Malware Delivery Domain'
domain, kantu2345.club, 'Suspected Malware Delivery Domain'
domain, karlospt.top, 'Suspected Malware Delivery Domain'
domain, karlosqp.xyz, 'Suspected Malware Delivery Domain'
domain, karlost.club, 'Suspected Malware Delivery Domain'
domain, keuailian.top, 'Suspected Malware Delivery Domain'
domain, kingtelmfng.top, 'Suspected Malware Delivery Domain'
domain, kipkshsa.top, 'Suspected Malware Delivery Domain'
domain, klxiazopai.com, 'Suspected Malware Delivery Domain'
domain, kuaiiam.fit, 'Suspected Malware Delivery Domain'
domain, kuaiilianoo.icu, 'Suspected Malware Delivery Domain'
domain, kuaiiyian.com, 'Suspected Malware Delivery Domain'
domain, kuai-lian.xyz, 'Suspected Malware Delivery Domain'
domain, kuailian0.com, 'Suspected Malware Delivery Domain'
domain, kuailian8.com, 'Suspected Malware Delivery Domain'
domain, kuailiani.net, 'Suspected Malware Delivery Domain'
domain, kuailianlow.com, 'Suspected Malware Delivery Domain'
domain, kuailiant.com, 'Suspected Malware Delivery Domain'
domain, kuailianz.com, 'Suspected Malware Delivery Domain'
domain, kuailiien.xyz, 'Suspected Malware Delivery Domain'
domain, kuailijen.xyz, 'Suspected Malware Delivery Domain'
domain, kuailim.buzz, 'Suspected Malware Delivery Domain'
domain, kuailxian.com, 'Suspected Malware Delivery Domain'
domain, kuaizip.top, 'Suspected Malware Delivery Domain'
domain, kualien.xyz, 'Suspected Malware Delivery Domain'
domain, kueliien.xyz, 'Suspected Malware Delivery Domain'
domain, kuellien.xyz, 'Suspected Malware Delivery Domain'
domain, kwgiz1.club, 'Suspected Malware Delivery Domain'
domain, lanlevp.top, 'Suspected Malware Delivery Domain'
domain, lediam.xyz, 'Suspected Malware Delivery Domain'
domain, letrscp.fit, 'Suspected Malware Delivery Domain'
domain, lets-alyays-connect.com, 'Suspected Malware Delivery Domain'
domain, letsbutr.com, 'Suspected Malware Delivery Domain'
domain, letscdn.world, 'Suspected Malware Delivery Domain'
domain, letscgn.top, 'Suspected Malware Delivery Domain'
domain, letscqn.top, 'Suspected Malware Delivery Domain'
domain, letskuail.icu, 'Suspected Malware Delivery Domain'
domain, letspcm.top, 'Suspected Malware Delivery Domain'
domain, letspcn.icu, 'Suspected Malware Delivery Domain'
domain, letspcn.xyz, 'Suspected Malware Delivery Domain'
domain, letspqc.top, 'Suspected Malware Delivery Domain'
domain, letspqw.fit, 'Suspected Malware Delivery Domain'
domain, letspw.top, 'Suspected Malware Delivery Domain'
domain, letsqpr.top, 'Suspected Malware Delivery Domain'
domain, letsqpw.club, 'Suspected Malware Delivery Domain'
domain, letsqpz.club, 'Suspected Malware Delivery Domain'
domain, letsqqp.club, 'Suspected Malware Delivery Domain'
domain, letsrpm.top, 'Suspected Malware Delivery Domain'
domain, letsrqn.top, 'Suspected Malware Delivery Domain'
domain, letsvpn-ui.top, 'Suspected Malware Delivery Domain'
domain, letsvqm.xyz, 'Suspected Malware Delivery Domain'
domain, letsvqr.xyz, 'Suspected Malware Delivery Domain'
domain, letwvpn.com, 'Suspected Malware Delivery Domain'
domain, lianlianpoy.com, 'Suspected Malware Delivery Domain'
domain, liien.top, 'Suspected Malware Delivery Domain'
domain, liine.fit, 'Suspected Malware Delivery Domain'
domain, liine.work, 'Suspected Malware Delivery Domain'
domain, llnes.world, 'Suspected Malware Delivery Domain'
domain, lltslian.life, 'Suspected Malware Delivery Domain'
domain, loubom.club, 'Suspected Malware Delivery Domain'
domain, lttslian.xyz, 'Suspected Malware Delivery Domain'
domain, luoboo.online, 'Suspected Malware Delivery Domain'
domain, m7neqzz.fit, 'Suspected Malware Delivery Domain'
domain, mavishub.xyz, 'Suspected Malware Delivery Domain'
domain, mctuqqe4z.top, 'Suspected Malware Delivery Domain'
domain, me18qiyg.xyz, 'Suspected Malware Delivery Domain'
domain, meipai.work, 'Suspected Malware Delivery Domain'
domain, meiqias.xyz, 'Suspected Malware Delivery Domain'
domain, mesenger.club, 'Suspected Malware Delivery Domain'
domain, messengers.work, 'Suspected Malware Delivery Domain'
domain, messengerz.club, 'Suspected Malware Delivery Domain'
domain, mexiko.cn, 'Suspected Malware Delivery Domain'
domain, mi163.top, 'Suspected Malware Delivery Domain'
domain, miitu.top, 'Suspected Malware Delivery Domain'
domain, miluvpn.com, 'Suspected Malware Delivery Domain'
domain, mwai1.xyz, 'Suspected Malware Delivery Domain'
domain, nexchattc.cc, 'Suspected Malware Delivery Domain'
domain, nn3cotp.top, 'Suspected Malware Delivery Domain'
domain, nsmnst.club, 'Suspected Malware Delivery Domain'
domain, officeim.club, 'Suspected Malware Delivery Domain'
domain, oggie.club, 'Suspected Malware Delivery Domain'
domain, oggie.fit, 'Suspected Malware Delivery Domain'
domain, oggie.top, 'Suspected Malware Delivery Domain'
domain, oggiechr.work, 'Suspected Malware Delivery Domain'
domain, ogglchomr.top, 'Suspected Malware Delivery Domain'
domain, oggle.club, 'Suspected Malware Delivery Domain'
domain, oggle.top, 'Suspected Malware Delivery Domain'
domain, oggle.xyz, 'Suspected Malware Delivery Domain'
domain, oggles.xyz, 'Suspected Malware Delivery Domain'
domain, ogglesr.top, 'Suspected Malware Delivery Domain'
domain, oiggle.club, 'Suspected Malware Delivery Domain'
domain, okyi.work, 'Suspected Malware Delivery Domain'
domain, oogchrm.club, 'Suspected Malware Delivery Domain'
domain, ooggie.top, 'Suspected Malware Delivery Domain'
domain, ooggie.xyz, 'Suspected Malware Delivery Domain'
domain, ooggle.top, 'Suspected Malware Delivery Domain'
domain, ooggles.top, 'Suspected Malware Delivery Domain'
domain, oogglez.top, 'Suspected Malware Delivery Domain'
domain, oogglez.xyz, 'Suspected Malware Delivery Domain'
domain, oogie.club, 'Suspected Malware Delivery Domain'
domain, oogie.fit, 'Suspected Malware Delivery Domain'
domain, oogiel.top, 'Suspected Malware Delivery Domain'
domain, oogiew.work, 'Suspected Malware Delivery Domain'
domain, oogiie.top, 'Suspected Malware Delivery Domain'
domain, oogles.top, 'Suspected Malware Delivery Domain'
domain, ooglex.top, 'Suspected Malware Delivery Domain'
domain, ooglex.xyz, 'Suspected Malware Delivery Domain'
domain, ooglie.xyz, 'Suspected Malware Delivery Domain'
domain, ooglz.top, 'Suspected Malware Delivery Domain'
domain, ooglze.fit, 'Suspected Malware Delivery Domain'
domain, ooigle.xyz, 'Suspected Malware Delivery Domain'
domain, oolqow.top, 'Suspected Malware Delivery Domain'
domain, opjs.club, 'Suspected Malware Delivery Domain'
domain, oracl.top, 'Suspected Malware Delivery Domain'
domain, orayi.world, 'Suspected Malware Delivery Domain'
domain, orays.top, 'Suspected Malware Delivery Domain'
domain, orey.online, 'Suspected Malware Delivery Domain'
domain, oreyr.work, 'Suspected Malware Delivery Domain'
domain, oreyz.top, 'Suspected Malware Delivery Domain'
domain, ouggle.fit, 'Suspected Malware Delivery Domain'
domain, paga1io.top, 'Suspected Malware Delivery Domain'
domain, paopaom.online, 'Suspected Malware Delivery Domain'
domain, paydocs8.com, 'Suspected Malware Delivery Domain'
domain, pgaab.icu, 'Suspected Malware Delivery Domain'
domain, pht0j.cyou, 'Suspected Malware Delivery Domain'
domain, potatocn.xyz, 'Suspected Malware Delivery Domain'
domain, pppicd.icu, 'Suspected Malware Delivery Domain'
domain, pqqle.club, 'Suspected Malware Delivery Domain'
domain, q0nmsl.fit, 'Suspected Malware Delivery Domain'
domain, qeaick.buzz, 'Suspected Malware Delivery Domain'
domain, qmail.work, 'Suspected Malware Delivery Domain'
domain, qmails.top, 'Suspected Malware Delivery Domain'
domain, qqgj.online, 'Suspected Malware Delivery Domain'
domain, qqis.work, 'Suspected Malware Delivery Domain'
domain, qqsgs.com, 'Suspected Malware Delivery Domain'
domain, quarki.top, 'Suspected Malware Delivery Domain'
domain, quicka.top, 'Suspected Malware Delivery Domain'
domain, quickiq.top, 'Suspected Malware Delivery Domain'
domain, quickq0101.cyou, 'Suspected Malware Delivery Domain'
domain, quickq2.cc, 'Suspected Malware Delivery Domain'
domain, quickqgf.com, 'Suspected Malware Delivery Domain'
domain, quickqgf.net, 'Suspected Malware Delivery Domain'
domain, quickqgw.com, 'Suspected Malware Delivery Domain'
domain, quickqgw.net, 'Suspected Malware Delivery Domain'
domain, quickqi.net, 'Suspected Malware Delivery Domain'
domain, quickqi.top, 'Suspected Malware Delivery Domain'
domain, quickqza.icu, 'Suspected Malware Delivery Domain'
domain, quickqzc.top, 'Suspected Malware Delivery Domain'
domain, quickxq.xyz, 'Suspected Malware Delivery Domain'
domain, quiicka.xyz, 'Suspected Malware Delivery Domain'
domain, quiickqz.top, 'Suspected Malware Delivery Domain'
domain, quiirkq.club, 'Suspected Malware Delivery Domain'
domain, quirkq.work, 'Suspected Malware Delivery Domain'
domain, qwf123.cyou, 'Suspected Malware Delivery Domain'
domain, rggmo7j.club, 'Suspected Malware Delivery Domain'
domain, salesmart.top, 'Suspected Malware Delivery Domain'
domain, sanderpay.top, 'Suspected Malware Delivery Domain'
domain, sandipay.top, 'Suspected Malware Delivery Domain'
domain, sandlpay.top, 'Suspected Malware Delivery Domain'
domain, sandpray.top, 'Suspected Malware Delivery Domain'
domain, shandpay.top, 'Suspected Malware Delivery Domain'
domain, shandpey.world, 'Suspected Malware Delivery Domain'
domain, shanghud.com, 'Suspected Malware Delivery Domain'
domain, shengfuton.com, 'Suspected Malware Delivery Domain'
domain, shimoc.club, 'Suspected Malware Delivery Domain'
domain, signall.xyz, 'Suspected Malware Delivery Domain'
domain, signel.top, 'Suspected Malware Delivery Domain'
domain, skyes1.top, 'Suspected Malware Delivery Domain'
domain, slqdgo.club, 'Suspected Malware Delivery Domain'
domain, sms-activation.club, 'Suspected Malware Delivery Domain'
domain, smsactive.top, 'Suspected Malware Delivery Domain'
domain, smsnet.top, 'Suspected Malware Delivery Domain'
domain, snapcheat.club, 'Suspected Malware Delivery Domain'
domain, snipaste.top, 'Suspected Malware Delivery Domain'
domain, soogoo.icu, 'Suspected Malware Delivery Domain'
domain, soogou.store, 'Suspected Malware Delivery Domain'
domain, sougoo.site, 'Suspected Malware Delivery Domain'
domain, sougous.top, 'Suspected Malware Delivery Domain'
domain, sougous.xyz, 'Suspected Malware Delivery Domain'
domain, soulgou.club, 'Suspected Malware Delivery Domain'
domain, steams.top, 'Suspected Malware Delivery Domain'
domain, sublitmext.xyz, 'Suspected Malware Delivery Domain'
domain, subllmatxt.top, 'Suspected Malware Delivery Domain'
domain, surrl9oa.top, 'Suspected Malware Delivery Domain'
domain, t0v0hlp.top, 'Suspected Malware Delivery Domain'
domain, taufp6.top, 'Suspected Malware Delivery Domain'
domain, teamviewers.club, 'Suspected Malware Delivery Domain'
domain, teiegram.ing, 'Suspected Malware Delivery Domain'
domain, telagrmaxjsq.top, 'Suspected Malware Delivery Domain'
domain, teleagrmone.top, 'Suspected Malware Delivery Domain'
domain, teleepcrme.work, 'Suspected Malware Delivery Domain'
domain, teleeqcrme.top, 'Suspected Malware Delivery Domain'
domain, telegcvme.fit, 'Suspected Malware Delivery Domain'
domain, telegczem.club, 'Suspected Malware Delivery Domain'
domain, telegramn.vip, 'Suspected Malware Delivery Domain'
domain, telegrcm.ing, 'Suspected Malware Delivery Domain'
domain, telegrimz.club, 'Suspected Malware Delivery Domain'
domain, telegrinxkam.top, 'Suspected Malware Delivery Domain'
domain, telegrpcm.xyz, 'Suspected Malware Delivery Domain'
domain, teleigpcm.club, 'Suspected Malware Delivery Domain'
domain, teleigpcm.vip, 'Suspected Malware Delivery Domain'
domain, telepcem.club, 'Suspected Malware Delivery Domain'
domain, telepcems.fit, 'Suspected Malware Delivery Domain'
domain, telepeqrm.fit, 'Suspected Malware Delivery Domain'
domain, telepqrm.work, 'Suspected Malware Delivery Domain'
domain, teleprzm.fit, 'Suspected Malware Delivery Domain'
domain, telepwam.club, 'Suspected Malware Delivery Domain'
domain, teleqcam.club, 'Suspected Malware Delivery Domain'
domain, teleqcrmn.club, 'Suspected Malware Delivery Domain'
domain, teleqcrmn.fit, 'Suspected Malware Delivery Domain'
domain, teleqercm.work, 'Suspected Malware Delivery Domain'
domain, teleqpczm.club, 'Suspected Malware Delivery Domain'
domain, tgsheng.top, 'Suspected Malware Delivery Domain'
domain, tittia.top, 'Suspected Malware Delivery Domain'
domain, tletsvpn.xyz, 'Suspected Malware Delivery Domain'
domain, todaskek.xyz, 'Suspected Malware Delivery Domain'
domain, todaski.club, 'Suspected Malware Delivery Domain'
domain, todesik.top, 'Suspected Malware Delivery Domain'
domain, todeskc.top, 'Suspected Malware Delivery Domain'
domain, todeskei.xyz, 'Suspected Malware Delivery Domain'
domain, todeskeq.top, 'Suspected Malware Delivery Domain'
domain, todeskiz.club, 'Suspected Malware Delivery Domain'
domain, todeskze.top, 'Suspected Malware Delivery Domain'
domain, todeskzis.xyz, 'Suspected Malware Delivery Domain'
domain, tradingview.trade, 'Suspected Malware Delivery Domain'
domain, ttcy365.com, 'Suspected Malware Delivery Domain'
domain, ui4.club, 'Suspected Malware Delivery Domain'
domain, uletsvpn.xyz, 'Suspected Malware Delivery Domain'
domain, upcupe.xyz, 'Suspected Malware Delivery Domain'
domain, uphot.net, 'Suspected Malware Delivery Domain'
domain, uq7djw.xyz, 'Suspected Malware Delivery Domain'
domain, utuncloud.world, 'Suspected Malware Delivery Domain'
domain, vb0ep.club, 'Suspected Malware Delivery Domain'
domain, vejm60.top, 'Suspected Malware Delivery Domain'
domain, viber.cc, 'Suspected Malware Delivery Domain'
domain, viber.cyou, 'Suspected Malware Delivery Domain'
domain, viberi.xyz, 'Suspected Malware Delivery Domain'
domain, vibers.site, 'Suspected Malware Delivery Domain'
domain, vibers.top, 'Suspected Malware Delivery Domain'
domain, vibers.work, 'Suspected Malware Delivery Domain'
hostname, villa.yiluying.com, 'Suspected Malware Delivery Domain'
domain, visvpn.cyou, 'Suspected Malware Delivery Domain'
domain, vletsvpn.xyz, 'Suspected Malware Delivery Domain'
domain, vzvlco.top, 'Suspected Malware Delivery Domain'
domain, wangr.club, 'Suspected Malware Delivery Domain'
domain, wangwangtalk.club, 'Suspected Malware Delivery Domain'
domain, wgoole.fit, 'Suspected Malware Delivery Domain'
domain, whapps.club, 'Suspected Malware Delivery Domain'
domain, whapps.fit, 'Suspected Malware Delivery Domain'
domain, whapps.work, 'Suspected Malware Delivery Domain'
domain, whatsacppy.club, 'Suspected Malware Delivery Domain'
domain, whhapps.club, 'Suspected Malware Delivery Domain'
domain, whhapps.fit, 'Suspected Malware Delivery Domain'
domain, whtpps.club, 'Suspected Malware Delivery Domain'
domain, whtpps.fit, 'Suspected Malware Delivery Domain'
domain, whtpps.work, 'Suspected Malware Delivery Domain'
domain, whtsaps.club, 'Suspected Malware Delivery Domain'
domain, whtsaps.fit, 'Suspected Malware Delivery Domain'
domain, whtsaps.vip, 'Suspected Malware Delivery Domain'
domain, whtsaps.work, 'Suspected Malware Delivery Domain'
domain, wiinrar.top, 'Suspected Malware Delivery Domain'
domain, winrarsz.top, 'Suspected Malware Delivery Domain'
domain, winzips.work, 'Suspected Malware Delivery Domain'
domain, wipses.fit, 'Suspected Malware Delivery Domain'
domain, wletsvpn.xyz, 'Suspected Malware Delivery Domain'
domain, wppsi.top, 'Suspected Malware Delivery Domain'
domain, wpsco.xyz, 'Suspected Malware Delivery Domain'
domain, wpsei.com, 'Suspected Malware Delivery Domain'
domain, wpsie.top, 'Suspected Malware Delivery Domain'
domain, wpsim.top, 'Suspected Malware Delivery Domain'
domain, wpsio.top, 'Suspected Malware Delivery Domain'
domain, wpsiz.xyz, 'Suspected Malware Delivery Domain'
domain, wpsla.site, 'Suspected Malware Delivery Domain'
domain, wpsma.top, 'Suspected Malware Delivery Domain'
domain, wpsqm.com, 'Suspected Malware Delivery Domain'
domain, wpsqr.xyz, 'Suspected Malware Delivery Domain'
domain, wpsqx.top, 'Suspected Malware Delivery Domain'
domain, wpsrc.top, 'Suspected Malware Delivery Domain'
domain, wpsrc.work, 'Suspected Malware Delivery Domain'
domain, wpsrs.xyz, 'Suspected Malware Delivery Domain'
domain, wpss.xyz, 'Suspected Malware Delivery Domain'
domain, wpssq.top, 'Suspected Malware Delivery Domain'
domain, wpsxi.club, 'Suspected Malware Delivery Domain'
domain, wpsxm.xyz, 'Suspected Malware Delivery Domain'
domain, wpsxz.xyz, 'Suspected Malware Delivery Domain'
domain, wpsyz.top, 'Suspected Malware Delivery Domain'
domain, wpszm.top, 'Suspected Malware Delivery Domain'
domain, wudps.xyz, 'Suspected Malware Delivery Domain'
domain, wuyoujieee.com, 'Suspected Malware Delivery Domain'
domain, wymusic.fit, 'Suspected Malware Delivery Domain'
domain, wymusic.top, 'Suspected Malware Delivery Domain'
domain, xiaohuojians.top, 'Suspected Malware Delivery Domain'
domain, ximmlang.club, 'Suspected Malware Delivery Domain'
domain, xingqiiu.club, 'Suspected Malware Delivery Domain'
domain, xingzuan.club, 'Suspected Malware Delivery Domain'
domain, xingzuan.fit, 'Suspected Malware Delivery Domain'
domain, xingzuan.online, 'Suspected Malware Delivery Domain'
domain, xingzuan.xyz, 'Suspected Malware Delivery Domain'
domain, xinlang.work, 'Suspected Malware Delivery Domain'
domain, xinmeng.xyz, 'Suspected Malware Delivery Domain'
domain, xinzuan.top, 'Suspected Malware Delivery Domain'
domain, xmengapp.top, 'Suspected Malware Delivery Domain'
domain, xxyy.work, 'Suspected Malware Delivery Domain'
domain, xzpay.work, 'Suspected Malware Delivery Domain'
domain, yiiji.xyz, 'Suspected Malware Delivery Domain'
domain, yiijifu.com, 'Suspected Malware Delivery Domain'
domain, yijfu.com, 'Suspected Malware Delivery Domain'
domain, yoadao.xyz, 'Suspected Malware Delivery Domain'
domain, yodaou.top, 'Suspected Malware Delivery Domain'
domain, yoodao.fit, 'Suspected Malware Delivery Domain'
domain, yoodaoi.club, 'Suspected Malware Delivery Domain'
domain, yoodaou.xyz, 'Suspected Malware Delivery Domain'
domain, yoodau.top, 'Suspected Malware Delivery Domain'
domain, yoodau.xyz, 'Suspected Malware Delivery Domain'
domain, yoodou.top, 'Suspected Malware Delivery Domain'
domain, youdaoie.top, 'Suspected Malware Delivery Domain'
domain, youdaox.top, 'Suspected Malware Delivery Domain'
domain, youdaoz.top, 'Suspected Malware Delivery Domain'
domain, youdoau.top, 'Suspected Malware Delivery Domain'
domain, youdoo.top, 'Suspected Malware Delivery Domain'
domain, youdou.xyz, 'Suspected Malware Delivery Domain'
domain, yqdesk.top, 'Suspected Malware Delivery Domain'
domain, yuanq.top, 'Suspected Malware Delivery Domain'
domain, yuduba.xyz, 'Suspected Malware Delivery Domain'
domain, z42f1m.top, 'Suspected Malware Delivery Domain'
domain, zhekou838.cn, 'Suspected Malware Delivery Domain'
domain, ziniao.fit, 'Suspected Malware Delivery Domain'
domain, zoomi.fit, 'Suspected Malware Delivery Domain'
url, kipkshsa.top/download/letsvppn-latest.msi, 'Download URL'
url, https://fs-im-kefu.7moor-fs1.com/ly/4d2c3f00-7d4c-11e5-af15-41bf63ae4ea0/1733466890455/3.txt, 'Stage 2 Download URL'
url, https://ni1kpuro.oss-ap-southeast-1.aliyuncs.com/QuickQ.zip, 'Download URL'
domain, quickq.zip, ''
url, kuailiani.net/download/kuailian64.52.msi, 'Download URL'
url, https://caiyun1688.oss-cn-shenzhen.aliyuncs.com/QuickQ-18.zip, 'Download URL'
sha256, 5283873308336ae1011ebfe1d057621413b7d528340e45d76359850d5589e662, 'No sample in VT\r\nLast check:18/01/2025'
url, quickqi.net/assets/download/quicqk66.12.msi, 'Download URL'
url, quickiq.top/assets/download/win32-quicq.msi, 'Download URL'
url, isdndjsq.top/assets/download/win32-quicq.msi, 'Download URL'
url, https://letscdn.world/assets/download/letsvpn-latest.rar, 'Download URL'
url, https://telegrinxkam.top/assets/download/Ttsetuphdmgj.exe, 'Download URL'
domain, eyy5201.top, ''
url, https://eyy5201.top/static/download/yiwaiwai66.31.msi, 'Download URL'
url, https://letsvpn-ui.top/assets/download/letsvpn-latest.exe, 'Download URL'
url, https://chrmpw.top/download.html, 'Download URL'
url, https://pub-bbd4563a163f414086e62f5cf87a6b4e.r2.dev/fah-0.zip, 'Download URL'
domain, fah-0.zip, ''
domain, qwapmuuq.com, ''
domain, fsquhgne.com, ''
domain, rtuoxxsr.com, ''
domain, fzqecfyi.com, ''
domain, modbydto.com, ''
domain, szyyotmp.com, ''
domain, vltlpung.com, ''
domain, twyudoft.com, ''
url, https://quiiqq.com/win32-quickq.zip, 'Download URL'
domain, win32-quickq.zip, ''
sha256, 005bdfdde6a0d0718ac60bcc7071bd87d0ac869308cf8dd7ed8afa7478709ba9, 'No sample in VT\r\nLast check:18/01/2025'
domain, quickq.fit, ''
url, http://quickq.fit/sdk/win32-quickq.exe, 'Download URL'
url, https://setupx64.oss-cn-hongkong.aliyuncs.com/QuickSetup.msi, ''
Full IOCs available in Rectifyq's MISP```