# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Reference: https://twitter.com/Timele9527/status/1144069969845481474 # Reference: https://app.any.run/tasks/69351273-5fd3-4590-a5a5-da639f86f9ec/ # Reference: https://www.virustotal.com/gui/file/bf34be94275f5b05d82b3805bccb30f217020d88f501d156324f98b5eda9ba7e/detection # Reference: https://www.virustotal.com/gui/file/071c2ac354452d484a37e7af15dd4685061dd4af93abad4308f41df673132ff0/detection 192.99.241.4:4915 # Reference: https://twitter.com/Timele9527/status/1130670958971215873 # Reference: https://www.virustotal.com/gui/file/386ed7ba502e7bf0e60c546476c1c762cbc951eb2a2ba1f5b505be08d60310ef/detection # Reference: https://vtbehaviour.commondatastorage.googleapis.com/386ed7ba502e7bf0e60c546476c1c762cbc951eb2a2ba1f5b505be08d60310ef_Tencent%20HABO.html 95.168.176.141:4864 95.168.176.141:16672 # Reference: https://twitter.com/HONKONE_K/status/1122327639249698816 # Reference: https://www.freebuf.com/articles/network/197398.html bdrive.club bdrive.space cloudserve.online cynqms.com data-backup.online firebasebox.com scan9t.com tprlink.com # Reference: https://twitter.com/Timele9527/status/1121607912676261890 # Reference: https://www.virustotal.com/gui/file/b80635fed8c7fce92385ddb66fb6f58337a8a150c4a1d158888adaa8db0cfebc/detection # Reference: https://vtbehaviour.commondatastorage.googleapis.com/b80635fed8c7fce92385ddb66fb6f58337a8a150c4a1d158888adaa8db0cfebc_Tencent%20HABO.html peechtrees.com # Reference: https://twitter.com/HONKONE_K/status/1104951156730544128 # Reference: https://www.virustotal.com/gui/file/500f8798dd582b22928097f24d8516893beb84d155f5a2a6ebf30bbcf4d91dae/detection # Reference: https://vtbehaviour.commondatastorage.googleapis.com/500f8798dd582b22928097f24d8516893beb84d155f5a2a6ebf30bbcf4d91dae_Tencent%20HABO.html 81.17.56.226:3864 # Reference: https://www.proofpoint.com/sites/default/files/proofpoint-operation-transparent-tribe-threat-insight-en.pdf 178.238.228.113:7861 178.238.235.143:80 178.238.235.143:9001 193.37.152.28:9990 213.136.87.122:10001 5.189.143.225:11114 5.189.145.248:10032 5.189.145.248:1453 5.189.145.248:6318 62.4.23.46:1500 ad2.admart.tv afgcloud7.com avadhnama.com bbmdroid.com bbmsync2727.com bhai123.no-ip.biz bhai1.ddns.net brooksidebiblefellowship.org cdrfox.xyz intribune.blogspot.com lolxone.com mvssync8767.com ordering-checks.com thefriendsmedia.com sahirlodhi.com sms.totalworthy.com sudhir71nda.no-ip.org winupdatess.no-ip.biz comdtoscc.attachment.biz ceengrmes.attachment.biz email.attachment.biz fileshare.attachment.biz # Reference: https://twitter.com/Timele9527/status/1167626219916972032 kmcodecs.com # Reference: https://twitter.com/Timele9527/status/1186816375857139712 isroddp.com /rEmt1t_pE7o_pe0Ry/ # Reference: https://twitter.com/Arkbird_SOLG/status/1219769450989334528 198.46.177.73:6421 198.46.177.73:4920 198.46.177.73:10422 198.46.177.73:14823 198.46.177.73:16824 # Reference: https://twitter.com/_re_fox/status/1232402275181703169 185.136.163.197:4442 # Reference: https://twitter.com/_re_fox/status/1226344529046929408 awsyscloud.com /E@t!aBbU0le8hiInks/ /H!pT0pNSc3nd/ /eNn!T5eals/ /Pon0N.php /Cor2PoRJSet!On.php /f3dlPr00f.php /pR0T5o-Niums.php /Dev3l2Nmpo7nt.php /xwunThedic@t6.php # Reference: https://twitter.com/spider_girl22/status/1246082462649683968 # Reference: https://www.virustotal.com/gui/file/94fc14e5c961c1dd8ff63330f0bdd11c8f5e1563468d7d35127ae486144c3dd2/detection 107.175.1.103:3268 # Reference: https://twitter.com/ShadowChasing1/status/1250303709013147650 # Reference: https://www.virustotal.com/gui/file/3c7eb76db2a503d495d1332dc50acbcf511d56a6ff5a7f1a5f9c16c5efc10b5d/detection 64.188.25.205:3692 # Reference: https://twitter.com/ShadowChasing1/status/1257268847175860224 # Reference: https://twitter.com/KodaES/status/1257265452654497792 # Reference: https://app.any.run/tasks/250c2c2d-fdfb-4f46-8565-a9b2538c1ace/ 107.175.64.251:6286 # Reference: https://twitter.com/_re_fox/status/1286826493335805953 # Reference: https://www.virustotal.com/gui/file/99b24003e4d5a19430653760db6492d920dfda94194ba8aaa9e82d2949aab740/detection 164.68.101.194:3312 # Reference: https://twitter.com/ShadowChasing1/status/1296988003911360516 # Reference: https://www.virustotal.com/gui/file/e91836bbf90b1eafd5cdcf8868408309470d4a06c5239dfee7dd74eca1a7f222/detection 64.188.12.126:4676 # Reference: https://securelist.com/transparent-tribe-part-2/98233/ # Reference: https://otx.alienvault.com/pulse/5f46861db7f081f8c83140dc http://212.8.240.221 212.8.240.221:5987 sharemydrives.com sharingmymedia.com tryanotherhorse.com # Reference: https://twitter.com/ShadowChasing1/status/1311590568674291712 servicesmail.site # Reference: https://twitter.com/DeadlyLynn/status/1318006847949819912 # Reference: https://www.virustotal.com/gui/file/d4b36731cb37ad05b0b9678b568c10a56f2e84967b393b626afb19d2df41c9b9/detection 173.249.14.104:6630