# update.exe NSIS installer downloaded from this IP
95.179.213.0

# Chrysalis backdoor Command and Control (C2) url
https://api.skycloudcenter.com/a/chat/s/70521ddf-a2ef-4adf-9cf0-6d8e24aaa821
61.4.102.97


# loader 1 - Cobalt Strike (CS) HTTPS beacon download url
http://59.110.7.32:8880/uffhxpSy

# loader 1 - Cobalt Strike (CS) HTTPS beacon get and post
http://59.110.7.32:8880/api/getBasicInfo/v1
http://59.110.7.32:8880/api/Metadata/submit


# loader 2 - Cobalt Strike (CS) HTTPS beacon download url
http://124.222.137.114:9999/3yZR31VK

# loader 2 - Cobalt Strike (CS) HTTPS beacon get and post
http://124.222.137.114:9999/api/updateStatus/v1
http://124.222.137.114:9999/api/Info/submit


# conf.c - Cobalt Strike (CS) HTTPS beacon download url
https://api.wiresguard.com/users/admin

# conf.c - Cobalt Strike (CS) HTTPS beacon get and post
https://api.wiresguard.com/update/v1
https://api.wiresguard.com/api/FileUpload/submit


# loader 3, 4 - Cobalt Strike (CS) HTTPS beacon download url
https://api.wiresguard.com/users/system

# loader 3, 4 - Cobalt Strike (CS) HTTPS beacon get and post
https://api.wiresguard.com/api/getInfo/v1
https://api.wiresguard.com/api/Info/submit