# Copyright (c) 2014-2023 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: bobik, ddosia, killnet

# Reference: https://decoded.avast.io/martinchlumecky/bobik/
# Reference: https://www.virustotal.com/gui/ip-address/2.57.122.243/relations
# Reference: https://www.virustotal.com/gui/ip-address/2.57.122.82/relations
# Reference: https://github.com/avast/ioc/tree/master/Bobik

q7zemy6zc7ptaeks.servehttp.com
v9agm8uwtjmz.sytes.net

# Reference: https://decoded.avast.io/martinchlumecky/ddosia-project/

109.107.181.130:4200
109.107.181.130:5001

# Reference: https://www.sentinelone.com/labs/noname05716-the-pro-russian-hacktivist-group-targeting-nato/
# Reference: https://www.virustotal.com/gui/ip-address/31.13.195.87/relations

tom56gaz6poh13f28.myftp.org
zig35m48zur14nel40.myftp.org

# Reference: https://www.team-cymru.com/post/a-blog-with-noname

http://31.13.195.87
109.107.184.11:27017
185.173.37.220:5672
185.173.37.220:6379
31.13.195.87:9100
91.142.79.201:5051
91.142.79.201:9100
87.121.52.9:5001

# Reference: https://twitter.com/teamcymru_S2/status/1620019172712550401

http://212.73.134.208

# Generic

/27bff71b-42c0-4a47-ba39-04c83f2f40bb/update?id=
/bcaa8752-51ff-4e35-8ef9-4aefbf42b482/update?id=
/d380f816-7412-400a-9b64-78e35dd51f6e/update?id=
/fb82275d-6255-4463-8261-ef65d439b83b/update?id=
/fb82275d-6255-4463-8261-ef65d439b83b/AdminService.exe
/fb82275d-6255-4463-8261-ef65d439b83b/afVAcUJTvDvM.exe
/fb82275d-6255-4463-8261-ef65d439b83b/BAebY2lBT7ee.exe
/fb82275d-6255-4463-8261-ef65d439b83b/Q7yheyG7.exe
/fb82275d-6255-4463-8261-ef65d439b83b/xLZ6auza.exe
/fb82275d-6255-4463-8261-ef65d439b83b/XuS1qxZa.exe