C2 (Censys): 162.33.178.63:2351

########################################

http://195.211.98.105/public/gffdgfdgfdg.msi <- Darkgate
C2: http://greadeaoptimalle.com (alternative port 443)

Historical DNS:
sylv.sylvalawcorp.com ->
sylvalawcorp.com -> 162.241.224.167 + 45.79.132.153 + 34.197.89.244


omgy.omgyardsignstx.com -> also pointed at 	45.88.67.16
omgyardsignstx.com -> 162.241.225.36 ( Briefly pointed at 34.102.136.180 in the past)

also C2 hosted: 195.211.98.105:2351

########################################

C2 (Censys): 89.248.193.66:2351

# Campaign likely targeting Asian victims with a Cosmetic Lure, an ECommerce Lure and a toothcleaning ad
http://148.113.1.180:8080/
http://148.113.1.180:8080/CD.hta
http://148.113.1.180:8080/LG.hta
http://148.113.1.180:8080/otoke.vbs
http://148.113.1.180:8080/TMDT.hta
http://148.113.1.180:8080/HomeCd/PRODUCTS%20-%20Sale%20Campains.pdf.lnk
http://148.113.1.180:8080/HomeTMDT/ECOMMERCE%20PLATFORM%20AGREEMENT.pdf.lnk
http://148.113.1.180:8080/HomeLingiang/Lingiang%20Cosmetic%20Campaign%202023.pdf.lnk
http://148.113.1.180:8080/Content/CD/PRODUCTS%20-%20Sale%20Campains.pdf
http://148.113.1.180:8080/Content/Lingiang/Lingiang%20Cosmetic%20Campaign%202023.pdf
http://148.113.1.180:8080/Content/TMDT/ECOMMERCE%20PLATFORM%20AGREEMENT.pdf
C2 (Censys): 148.113.1.180:2351

########################################

C2 (Censys): 162.33.179.65:2351

C2 (Censys): 81.19.135.139:2351

C2 (Censys): 149.248.0.82:2351

C2 (Censys): 185.130.227.202:2351

C2 (Censys): 94.130.49.223:2351

C2 (Censys): 54.39.198.245:2351