# IOCs/Chaos_IoCs.txt

**[github.com/blacklotuslabs/IOCs/blob/main/Chaos_IoCs.txt](https://github.com/blacklotuslabs/IOCs/blob/main/Chaos_IoCs.txt)**

blacklotuslabs

Hashes:

Windows:

upx packed:
3c908b576e0ddadb5c94122e8f11b6701201518fa99e6cc33f69f17168da6d88

unpacked:
2b935b3c308727d46ddd00ea776caeb1137a2cc3b43b055667dfdea42f98170a

Linux:

x86: ebe0f9855eb8f6bd980ed60c26e3a877dc1ace5d664e248bb0558996fe0bd06f

ARM: fecfa6e2e6d4224082e09da7b42878f9e6ab9966a6f7a4cd120603f0bd59e72a

MIPS: e0e3d23222d71bbebae6afd37dcc436f9f5c8e56dd6ece8c8d63c162826dd99c

PPC: db412892acc683df340211b28ca3545d550e0a1de4bf0a2565b2b83bb31e0357

Kaiji sample from TrendMicro blog:

d315b83e772dfddbd2783f016c38f021225745eb43c06bbdfd92364f68fa4c56


-----

Embedded C2s:

quanquandd[.]top:8888

linuxddos[.]net:2323

ai.nqb001[.]com:7812

tomca1[.]com:10099

are.nishabig[.]pro:7777

198.98.55[.]123:8080

js.wanpay1[.]cn:8332

a.nqb001[.]com:36991

43.155.37[.]192:9949

kivspace[.]xyz:8567

xiaomai233.f3322[.]net:8080

botnet.ddoswow[.]site:10010

23.225.194[.]65:8080

tf.xiaozhuddos[.]co:1997

154.209.91[.]133:1997

skyeda[.]vip:3580

bitantcoins[.]pro

112.132.212[.]55:8080

bb.hash3688[.]com

20.90.110[.]121:8080

115.126.74[.]200:8888

x.xlg360[.]xyz:8087

abc.cfed[.]cc:8086

ars1.wemix[.]cc:9090


-----

Staging C2s (September 2022)

154.211.21[.]221

154.19.202[.]14

5.180.44[.]53

103.214.140[.]15

47.242.15[.]186

169.129.117[.]68

23.225.194[.]65

216.250.106[.]198

205.185.125[.]40

172.93.101[.]107

104.208.110[.]120

104.208.104[.]44

103.254.72[.]193

156.254.126[.]18

43.142.157[.]239

23.224.132[.]58

137.175.17[.]80

180.76.101[.]231

47.99.44[.]19

20.187.95[.]103

155.94.141[.]226

104.244.78[.]243

194.36.170[.]149

23.226.76[.]122

112.132.215[.]95


-----

45.125.44[.]251

45.125.44[.]237


-----