# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Reference: https://twitter.com/avman1995/status/1052467368851636225 msboxoffice.com # Reference: https://twitter.com/Jan0fficial/status/1121738294277169152 # Reference: https://app.any.run/tasks/b50aa97f-0dc2-4515-99e4-942030cc687c # Reference: https://www.virustotal.com/gui/domain/rl.ammyy.com/details # Reference: https://www.virustotal.com/gui/ip-address/209.239.123.75/relations 209.239.123.75:443 rl.ammyy.com # Reference: https://twitter.com/James_inthe_box/status/1067100582152876032 # Reference: https://app.any.run/tasks/fb0e8309-59a9-4c15-9c07-44c99967970c office365id.com # Reference: https://twitter.com/James_inthe_box/status/1067806790182625280 office365homedep.com # Reference: https://twitter.com/pollo290987/status/1004729116833218560 thespecsupportservice.com # Reference: https://twitter.com/hexlax/status/988881472403763200 169.239.129.38:443 # Reference: https://twitter.com/anyrun_app/status/1095559956429004801 # Reference: https://app.any.run/tasks/d6de545d-f1fd-4db9-a04e-1ecb2c53a357 update365office.com # Reference: https://twitter.com/James_inthe_box/status/1134032089383297027 79.141.168.132:80 # Reference: https://twitter.com/VK_Intel/status/1135497995351449600 # Reference: https://www.virustotal.com/gui/file/c76e57800aa901071a462a0fe0bb5dddb6433cba5cf2cc26337dc10625409d51/behavior/VirusTotal%20Cuckoofork 185.117.89.130:80 # Reference: https://twitter.com/James_inthe_box/status/1138411458830655488 185.117.89.139:80 # Reference: https://twitter.com/VK_Intel/status/1141437268349083649 149.154.157.229:80 # Reference: https://twitter.com/VK_Intel/status/1142292041189273600 169.239.128.185:80 # Reference: https://twitter.com/James_inthe_box/status/1121111654899388417 169.239.128.119:80 # Reference: https://twitter.com/VK_Intel/status/1144618818494447616 94.156.133.185:80 # Reference: https://twitter.com/malware_traffic/status/1019300011396517891 t69c.com # Reference: https://tccontre.blogspot.com/2019/07/interesting-com-object-abused-by.html 54.38.127.28:80 # Reference: https://asec.ahnlab.com/1242 # Reference: https://otx.alienvault.com/pulse/5d39d735d1f1f7e30a26b767 # Reference: https://twitter.com/VK_Intel/status/1154452221255278593 # Reference: https://www.virustotal.com/gui/file/3a79c6de1954d53bce81924e0bd2cbd5906005b2a87458320ca4c72fbd5c6f54/detection # Reference: https://blog.alyac.co.kr/2437 (Korean) http://139.180.195.36 http://169.239.128.36 http://27.102.70.196 http://45.67.229.36 http://92.38.135.67 # Reference: https://twitter.com/James_inthe_box/status/1159149234974625793 http://109.94.209.91 http://45.84.0.82 # Reference: https://www.virustotal.com/gui/file/cb114123ca1c33071cf6241c3e5054a39b6f735d374491da0b33dfdaa1f7ea22/detection http://185.117.89.145 http://54.38.127.28 # Reference: https://twitter.com/hexlax/status/988881472403763200 untorsnot.in # Reference: https://twitter.com/AttackTrends/status/1638537592458170370 # Reference: https://www.virustotal.com/gui/file/d34545c4f89d3cfc70e755f31c883715eec25d0e692e40810aab9682c5830c0c/detection 179.60.146.3:443 # Reference: https://twitter.com/JAMESWT_MHT/status/1699376219777650821 # Reference: https://app.any.run/tasks/e5b1b737-fcbc-483a-9d15-66468d271740/ # Reference: https://www.virustotal.com/gui/file/c4c0df629f8dbb15bf56089c1bb1f31e4fcc485376ec771942a997bb1654ee9b/detection 94.46.246.100:2727 newstte.giize.com # Reference: https://twitter.com/Cyberteam008/status/1769709515241312306 136.243.104.235:3222 136.243.104.235:82 136.243.104.242:3222 136.243.104.242:82 136.243.18.122:3222 136.243.18.122:82 136.243.18.81:3222 136.243.18.81:82 23.105.254.132:3222 23.105.254.132:82 23.111.102.192:3222 23.111.102.192:82 23.111.200.64:3222 23.111.200.64:82 23.111.203.68:3222 23.111.203.68:82 # Generic trail /date1.dat /duo.dat /uno.dat /dat3.omg