# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Reference: https://twitter.com/suyog41/status/1130804704152305664 mikus192091.ddns.net # Reference: https://twitter.com/luc4m/status/1106618159522635776 queda212.duckdns.org # Reference: https://twitter.com/CERT_Polska/status/1072793091856392192 # Reference: https://www.cert.pl/news/single/trojan-oraz-ransomware-w-kampanii-podszywajacej-sie-pod-inpost/ 213.152.161.99:47390 213.152.161.100:47390 213.152.161.101:47390 213.152.161.102:47390 213.152.161.103:47390 213.152.161.232:47390 213.152.161.233:47390 213.152.161.234:47390 213.152.161.235:47390 213.152.161.99:47392 213.152.161.100:47392 213.152.161.101:47392 213.152.161.102:47392 213.152.161.103:47392 213.152.161.232:47392 213.152.161.233:47392 213.152.161.234:47392 213.152.161.235:47392 # Reference: https://twitter.com/Threat_hunts/status/1135810121227882499 # Reference: https://app.any.run/tasks/5ad34df1-b5a8-415f-9496-334d9bfdd7b1/ 95.167.151.253:7707 # Reference: https://twitter.com/James_inthe_box/status/1141072205771448320 kizzoyi.duckdns.org # Reference: https://twitter.com/powershellcode/status/1148234398703030273 internetexploter.duckdns.org systenfailued.ddns.com.br # Reference: https://twitter.com/DynamicAnalysis/status/1165901579536539649 79.134.225.90:4782 # Reference: https://twitter.com/James_inthe_box/status/1167217092245872640 # Reference: https://app.any.run/tasks/8eb2d184-08ec-40ab-8742-32f6988c5638/ 23.105.131.169:6606 193.56.28.173:7707 193.56.28.173:8808 rownip.3utilities.com rownip.mooo.com rownip.theworkpc.com rownip.dyndnss.net rowanyne.ooo # Reference: https://twitter.com/JAMESWT_MHT/status/1169142417754337281 # Reference: https://app.any.run/tasks/308651b4-37c0-4c66-87ba-5bf05d1ff411/ 79.134.225.115:4404 eg-east.com # Reference: https://twitter.com/dcTavvy/status/1188352813937463298 # Reference: https://app.any.run/tasks/6aedb064-1078-4304-b1e8-a8205a5ba698/ 193.161.193.99:43158 Lolikot-43158.portmap.host # Reference: https://twitter.com/JayTHL/status/1197240502699073537 5.62.41.111:5320 91.193.75.151:5320 netty.myftp.biz ify.insidedns.com # Reference: https://www.virustotal.com/gui/file/598ba7562062467fbf05d47bfadf27578a8ed4d5d5abdf17a5a4820ad71651bf/detection 3.19.3.150:6606 # Reference: https://twitter.com/w3ndige/status/1214596648644620288 # Reference: https://app.any.run/tasks/509acd2f-9474-44d4-aac2-d186a4716bef/ g.top4top.io # Reference: https://twitter.com/killamjr/status/1217630017116499968 # Reference: https://app.any.run/tasks/2517942c-3364-4d56-93ab-cfa47fd14299/ 101.86.170.36:1199 45.11.19.240:7707 xred.mooo.com # Reference: https://www.virustotal.com/gui/file/cc7a634047451f72a51766d1b6e33ce8a154579d80f6abcf9a109ff64c22f3a6/detection 177.98.43.164:7707 skypeprocesshost.ddns.com.br # Reference: https://www.virustotal.com/gui/file/0c8a1d1eb4a0ee3ca2cf22cb4ede61f85e5170885549769984110edb6b64a236/detection 179.95.221.147:6606 179.95.221.147:7707 179.95.221.147:8808 workwinrarhost.ddns.com.br # Reference: https://www.virustotal.com/gui/file/b1a7fda679c569e51e4b1239d044bb6e6e1f3557ccd2060c32a11b0978919b2d/detection 177.206.102.68:7707 177.206.102.68:9830 # Reference: https://www.virustotal.com/gui/file/366c8707d33501338e524e4c70f8b10ac993341134aa28b32a550f06911ba646/detection 191.32.227.90:7707 # Reference: https://www.virustotal.com/gui/file/d60372f5bbed48ea826b894402e4412a478979b590bed2b9b0d1d84017549bd0/detection 177.133.237.246:9830 179.180.17.194:7707 # Reference: https://www.virustotal.com/gui/file/9fbc310b2579816b488dbc44485acd418b20a72ef8dceb558f645a735fe10f05/detection 177.98.43.164:6606 # Reference: https://www.virustotal.com/gui/file/4913ae8055d7c6f225c0bd63ffceb28138483b39d9887de8ebcc8773e9d0d46f/detection 177.98.43.164:9830 workwinrarhost.ddns.com.br # Reference: https://www.virustotal.com/gui/file/9a3e8a5bd3bfae58180089d27f1e23ba5f8118272b903a4ce99047969874a989/detection 177.133.246.134:9830 # Reference: https://www.virustotal.com/gui/file/ef332bc4cca2207ceb999f77d3e8a02b9d3b2c475d39310d2f1b09ae8f335de9/detection 177.133.246.134:7707 # Reference: https://www.virustotal.com/gui/file/6ede0a69b6d4d7b9cddc97ed35f58a284427fa92923d7a3e9e1442a5a0ad1b46/detection 177.98.127.109:7707 177.98.127.109:8808 # Reference: https://www.virustotal.com/gui/file/87571c558c0c211cd407d87217a3a64240736fb6645919e970dadef3680975ef/detection 177.133.235.48:6606 177.133.235.48:8808 177.133.235.48:9830 # Reference: https://www.virustotal.com/gui/file/d0ca0770e89e27b72703029c7900853a655be67c65fb1bcbd0c652eceb3b384f/detection 177.75.41.182:6606