# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Reference: http://blog.morphisec.com/threat-alert-ave-maria-infostealer-on-the-rise-with-new-stealthier-delivery list131.ignorelist.com # Reference: https://twitter.com/guelfoweb/status/1105493553030053888 # Reference: https://twitter.com/JaromirHorejsi/status/1105447086361923584 schoolfurniturecompany.com # Reference: https://twitter.com/x42x5a/status/1111247631223791617 tsesser.duckdns.org # Reference: https://twitter.com/pollo290987/status/1113335382878425088 fada101.servehttp.com # Reference: https://twitter.com/James_inthe_box/status/1113423296211562497 91.192.100.8:47583 # Reference: https://twitter.com/Racco42/status/1115259915877146625 maxcoopart80.ddns.net # Reference: https://twitter.com/x42x5a/status/1116608057268527105 # Reference: https://app.any.run/tasks/e89ec46a-0637-4b24-9802-08cc19459bef 185.140.53.17:2888 # Reference: https://twitter.com/James_inthe_box/status/1118904407792345090 mydnssbox.gleeze.com # Reference: https://reaqta.com/2019/04/ave_maria-malware-part1/ maxibrainz.warzonedns.com 91.192.100.61:2580 # Reference: https://securelist.com/fin7-5-the-infamous-cybercrime-rig-fin7-continues-its-activities/90703/ (# AveMaria) tain.warzonedns.com noreply377.ddns.net server.mtcc.me doddyfire.dyndns.org toekie.ddns.net warmaha.warzonedns.com 185.162.131.97:222 # Reference: https://twitter.com/Racco42/status/1130511314537918465 mailsle001.duckdns.org mazzet990.duckdns.org # Reference: https://twitter.com/Lvanoel/status/1131441015922057217 # Reference: https://app.any.run/tasks/b00d980c-615c-433a-b549-36253786f9cb/ 145.239.202.109:1013 145.239.202.109:1018 # Reference: https://twitter.com/Racco42/status/1132911306472919040 hiswar45.warzonedns.com # Reference: https://twitter.com/abuse_ch/status/1145697917161934856 fuckoffesetdetectmysleep.com # Reference: https://twitter.com/HerbieZimmerman/status/1151196743201173507 respainc.duckdns.org # Reference: https://twitter.com/James_inthe_box/status/1151953182869741568 masterprof.warzonedns.com # Reference: https://twitter.com/James_inthe_box/status/1156163867744935938 dephantomz.duckdns.org # Reference: https://blog.team-cymru.com/2019/07/25/unmasking-ave_maria/ anglekeys.warzonedns.com # Reference: https://twitter.com/ps66uk/status/1159446703185047552 95.168.191.77:1436 dd122.duckdns.org # Reference: https://twitter.com/anyrun_app/status/1159700318478897152 # Reference: https://app.any.run/tasks/b89006cd-dba0-4bc3-8a16-002f4ccc416b/ 37.120.159.243:21204 aidsweden.serveblog.net # Reference: https://twitter.com/James_inthe_box/status/1161273917689880576 millionways.duckdns.org # Reference: https://twitter.com/Lvanoel/status/1161511143174823936 # Reference: https://app.any.run/tasks/bf09de69-e3b4-41d6-9d1e-d4875f9bca16/ 79.134.225.39:2134 ndubaba45.warzonedns.com # Reference: https://twitter.com/killamjr/status/1163429097273516032 wealthyblessed.warzonedns.com # Reference: https://twitter.com/tkanalyst/status/1167210316406484992 # Reference: https://app.any.run/tasks/bf11ba41-b5bf-4fed-8769-eebdf6b50760/ 185.70.184.34:3367 # Reference: https://www.virustotal.com/gui/file/544b299edea483bae81f71b7225aaa835ab025bcb6bd79b2d4ea9e2fe015c28f/behavior/Tencent%20HABO wealthyme.warzonedns.com # Reference: https://www.virustotal.com/gui/file/25a549daef7a464b48239af1d40f8aebba64dbadcbda0e99ce66b501aab7e36f/behavior/VirusTotal%20Jujubox ebase.duckdns.org # Reference: https://www.virustotal.com/gui/file/ece090a78dd15d62d2135e97df60c4aadd91a47febfa871394155bf367fde6fd/behavior/VirusTotal%20Jujubox warzo.duckdns.org # Reference: https://www.virustotal.com/gui/file/7c76424b56e4a678617fa9020a57c8342947ad883f747344f14520dee6f124a9/behavior/Dr.Web%20vxCube levelup.publicvm.com # Reference: https://www.virustotal.com/gui/file/da626882f225ded5ba58cefb4585de0c5a42f8e5fc9eb5b7762ef297187bf3fc/behavior/Lastline helloworld.ddnsking.com # Reference: https://www.virustotal.com/gui/file/2fdb79ca19e2ff06973e49b53ae627adfdf34a6f166f167fbceebb6c1cd60da3/behavior/Lastline millionways.duckdns.org # Reference: https://www.virustotal.com/gui/file/e8c68dd2e6fc0c1cacb27461dff68dcf16a8aa41af9e84b38b0cad8457789a6f/behavior/Lastline amariceo.duckdns.org # Reference: https://www.virustotal.com/gui/file/733a272f202c9917b877be278df24368daa6de101a2b804ccb45b48c6119c6fa/behavior/Lastline eclass47.duckdns.org # Reference: https://twitter.com/wwp96/status/1170333909982285824 # Reference: https://app.any.run/tasks/32422cdd-19d0-40cf-87d9-cb08e706405a/ 185.165.153.12:1033 jsbcdns.warzonedns.com # Reference: https://twitter.com/wwp96/status/1171410401885589509 # Reference: https://app.any.run/tasks/9e8d008e-653e-4af0-bfa4-ac05910853d4/ 79.134.225.107:6703 naval.duckdns.org # Reference: https://twitter.com/w3ndige/status/1179711138981957633 # Reference: https://app.any.run/tasks/a5a9e2f9-45bc-4760-8fad-3683d76aaf56/ 94.237.114.17:59221 linuxpro1.warzonedns.com # Reference: https://twitter.com/killamjr/status/1189750151155474432 # Reference: https://app.any.run/tasks/abcdb43f-c221-4ffe-9598-c7d6a2301395/ # Reference: https://www.virustotal.com/gui/file/80c027aea4017e2a6ef61cb5d2da2f5cd5c47a6bb082f3172be668fa85f3b3ef/detection 142.44.161.51:5371 # Reference: https://pastebin.com/29uSdMAk # Reference: https://www.virustotal.com/gui/file/a75dad61090b4575f360310d59647560ce9faaff047ad7513fde736ea90aec4e/detection # Reference: https://www.virustotal.com/gui/file/546dcac6a5fc155afcc19a4b74effff13414636362129cdbe73d47e994dc39b4/detection # Reference: https://www.virustotal.com/gui/file/a2bf4a9a1d776cf793a97d0b6fc37b63dcb55f7e4793070df5cc265f59e06f97/detection 185.165.153.46:83 # Reference: https://pastebin.com/29uSdMAk # Reference: https://www.virustotal.com/gui/file/c3b48986b1377673856f5500f9c79ec3de25c51c10e44e09e9385ce779dd0f6b/detection # Reference: https://www.virustotal.com/gui/file/a11b7ef1b9ae4b05deec96035b8173d79861f3c661a66cb08ec5b7cb7993981a/detection 173.254.223.68:5005 37.49.225.237:5009 79.134.225.21:2244 favour.ddnsgeek.com # Reference: https://twitter.com/wwp96/status/1191754793737428993 # Reference: https://app.any.run/tasks/941b2543-3fdf-49f1-ab81-4ef621930c66/ # Reference: https://app.any.run/tasks/461f8149-bc37-4081-920f-002c2ece10be/ 185.165.153.150:6703 rentals.insidedns.com # Reference: https://www.virustotal.com/gui/file/01018330ea410c2b49df4ec0ef0b5867a708b9102a780fa230aabf0391c0b82d/detection craftedfollowing.duckdns.org # Reference: https://www.virustotal.com/gui/file/cde18266fd65ee26cd546a95f7e3b629b4f13b8101d0a7ced282b2fee1d4c673/detection 185.222.202.74:1515 79.134.225.105:2404 # Reference: https://www.virustotal.com/gui/file/456b827c946facaadae9a11182d864e21db248f17a24309eaee0798c1043d5bb/detection 79.134.225.89:3366 # Reference: https://www.virustotal.com/gui/file/d84fdbc7ba1461fa0609661a13b434e2c791d6d0e6d2bba1c431175ad6d13731/detection 79.134.225.89:5200 # Reference: https://www.virustotal.com/gui/file/52cca8d3b984b5116ba625d2379b3d171e0e4a3d932a8afc740c136db2b611ea/detection ventm.warzonedns.com # Reference: https://www.virustotal.com/gui/file/dbfe4a369975251fd14e5d160f2edde33942723a9bb3b4e6b5f445dd5b9dc549/detection 75.127.5.164:4741 # Reference: https://www.virustotal.com/gui/file/e8c68dd2e6fc0c1cacb27461dff68dcf16a8aa41af9e84b38b0cad8457789a6f/detection 185.244.31.248:4741 # Reference: https://www.virustotal.com/gui/file/6059d33a2b43a5a840dd6525d7eeae99675e969a7d34f9a3fde663abec093abd/detection 41.111.120.82:5200 # Reference: https://www.virustotal.com/gui/file/f73bb2cac3348f9a3154d9c3761aaab9480c22c90272b8c6a2d12d03026545bd/detection 185.62.190.76:5200 # Reference: https://www.virustotal.com/gui/file/f92a5c1fbc216d4fa074f16df7cd779c7df900a8c83850fa28d375ae651a1ede/detection 194.5.98.28:1033 jsbcdns.warzonedns.com # Reference: https://www.virustotal.com/gui/file/a059e3d18e6769f4b57c0e6703194d490d4acfaac10d51e97deccf97ebdc543b/detection 194.5.98.82:6093 importa.100chickens.me # Reference: https://www.virustotal.com/gui/file/9c4d9735c010d737541d4992ea3263c7d9197892184ff1809b0bb57e4ce2f0fe/detection 51.77.254.184:2324 7fantasma.duckdns.org # Reference: https://www.virustotal.com/gui/file/12ed11e75e0520eea52213b3f9f5f727d3639af2539d38642a2d8306ec19104a/detection 79.134.225.25:6558 chukdominic.duckdns.org # Reference: https://www.virustotal.com/gui/file/f617de752f017722e0771b83b3f69ce38a4ba84602511ba91fccb84ea2fda7fc/detection 192.169.69.25:4070 benzkartel.duckdns.org # Reference: https://www.virustotal.com/gui/file/77819732b5a4837ca3594ef86d606a48c064441411d08a539514fcc5d91218cd/detection # Reference: https://www.virustotal.com/gui/file/0a4462d6b14ff52e9b445e260194357900ba7dbbe80774eb010b44e1bd4ee9a9/detection 192.169.69.25:5399 eclass47.duckdns.org # Reference: https://www.virustotal.com/gui/file/b7346a155d02bd68ff67f5546609f9d75057d5efd90a6376e977ef7ea869e2f2/detection 45.61.49.107:5240 tunechi101.warzonedns.com # Reference: https://www.virustotal.com/gui/file/07392385f56ddda989d5ad8bd8de01b108412982b159ac75e204be143d68b240/detection 185.62.188.136:5200 # Reference: https://www.virustotal.com/gui/file/dbfe4a369975251fd14e5d160f2edde33942723a9bb3b4e6b5f445dd5b9dc549/detection 75.127.5.164:4741 # Reference: https://www.virustotal.com/gui/file/c586ff7830ff31f8c053edb8f2629df87906bb01ec30f9e35bd29022ebea8419/detection 79.134.225.106:1177 praize19791.duckdns.org # Reference: https://www.virustotal.com/gui/file/d441cff2ab9244e49f4bc3b05eca90d9249a6e2618e5e4bd9b0a54097facb48b/detection 93.177.75.154:3151 dinibel11.webhop.org # Reference: https://www.virustotal.com/gui/file/e066a5143b342f5c231f97bb7f4eb49635abcde57d786f33fa1038ddd6ede11a/detection 170.130.31.104:1670 madmulla.duckdns.org # Reference: https://www.virustotal.com/gui/file/4b6259416f03b0f5af3674e7bd388a4463c24d21de53a02dfcb9c662adf22e8f/detection 172.93.228.235:5880 genericmoney.duckdns.org # Reference: https://www.virustotal.com/gui/file/a24048a30789ba42ceb68f5cd75a408d5de9497cd5d2aa12b2577fcba6a69d9c/detection 192.69.169.25:5200 egonbute.duckdns.org # Reference: https://www.virustotal.com/gui/file/bf81ce4168621e55a21d9f2dcb7a4ece8d36872ee6ef907345c99c272cea4e99/detection 79.134.225.58:7555 # Reference: https://any.run/malware-trends/avemaria (Note: as seen on 2019-12-04) sub.winkcaffe.waw.pl vemvemserver.duckdns.org tain.rapiddns.ru info1.duckdns.org googleman.duckdns.org moran101.duckdns.org duc1234.duckdns.org onelove03.duckdns.org benzkartel.duckdns.org westernautoweb.duckdns.org qxq.ddns.net kenw16570.ddns.net johnevans04.ddns.net sub007.duckdns.org hustle4eva2.3utilities.com sandshoe.duckdns.org olavroy.duckdns.org chance2019.ddns.net # Reference: https://www.virustotal.com/gui/file/78ed84dd60c338ceb78a4d358f07437a383e435c385000404da66e570e2321cc/detection 91.193.75.181:3367 # Reference: https://www.virustotal.com/gui/file/7b15afbcaa1bcb0d2a6bdf83f6c93658817962b19c35326b8077d7be44b39a69/detection 79.134.225.71:5437 # Reference: https://www.virustotal.com/gui/file/b496ddb8d4c141887c11ea69fdce376b172a0fc194cb2de6c95599aecbb537ab/detection cush007.ddns.net # Reference: https://www.virustotal.com/gui/file/fe8703808c3f40b46b07af0e129c2102524347869710b02174c72a153d137760/detection 129.56.70.249:8282 # Reference: https://www.virustotal.com/gui/file/a984da90a5ad37b1ce550f33ff607095db19355c04025e38b3ee45ac8f693eb5/detection 79.134.225.39:9090 parospp.duckdns.org # Reference: https://www.virustotal.com/gui/file/572f87602151f3338afa66ad3e732149fe3e360e3fa2e215f23a0a6925ce4d3d/detection benrohr442.zapto.org # Reference: https://www.virustotal.com/gui/file/f0f94d21b0f262127a2ded52cb7a1f4259f23dbf964d7df85d531c183212174b/detection 185.247.228.208:2888 # Reference: https://www.virustotal.com/gui/file/6bdff20a07a44acf12e43805c730c7ff7f38cbeafe921217c03d3dd1617a4880/detection 5.181.234.14:2888 # Reference: https://www.virustotal.com/gui/file/1b9ddb40b3935d58544774f7c6b7e95343be5dc0a8bf98b3105163a5afbb8c65/detection 79.134.225.71:84 # Reference: https://www.virustotal.com/gui/file/7b4f34a769a9e9c7c2624154a5573e195e0988cea062b374c03304f7478fc961/detection 79.134.225.71:5500 grounderwarone.freeddns.org # Reference: https://www.virustotal.com/gui/file/e87773b992b99b6efd4c74e564d08eb67d315cc59d23a8c9b69abb33ea950dd4/detection 79.134.225.105:11896 # Reference: https://www.virustotal.com/gui/file/ac98d1565e8f687a0c631996c5029e6240f6e729042dca8e7858d35022b209b3/detection marknagy44565-36386.portmap.host # Reference: https://www.virustotal.com/gui/file/b7cf331992b5483898c5e8193c660a245b09bcb058988835a30cb1692892273c/detection 193.161.193.99:47765 # Reference: https://www.virustotal.com/gui/file/da2eb53310a9b8d6c4131288fcce98602f0e7b77085a02f7d7f69ac11565687b/detection 193.161.193.99:37648 # Reference: https://www.virustotal.com/gui/file/a0f6f5047ec47503ec7cbb61e04ebb9b97bfa9746392f7c3ed08182db8be8138/detection 193.161.193.99:45947 officialkezmuzik-45947.portmap.host # Reference: https://www.virustotal.com/gui/file/5ff6e4edbf3c902b9a813d59800a60264373eb60f7babefe4dff54fedddb65e4/detection 185.101.92.3:1690 # Reference: https://www.virustotal.com/gui/file/ee4c2071e9030b4387111797f6d11f092f8781cdc5aac999139963fdcb63ff42/detection 185.140.53.95:5216 # Reference: https://www.virustotal.com/gui/file/15cae950567d2811ad51b7eb71c6b1bfc451548179931cdcfbbb498e24c2f661/detection 185.140.53.95:5200 # Reference: https://www.virustotal.com/gui/file/90852481986c5563f93a7615fd4a0f3d238ab62811603aca14585bcbd0c6e71c/detection 91.193.75.66:2088 # Reference: https://app.any.run/tasks/10544624-bea9-442e-98b9-8e862f612f6b/ ultrablank.linkpc.net 46.4.156.46:3008 # Reference: https://www.virustotal.com/gui/file/f100dd11620426161e6e36d5778c458dcb92b1cd551df338007bb52dfff4cdbc/detection 213.152.161.5:45315 # Reference: https://www.virustotal.com/gui/file/3c0180e5c2e750dd5f2af5d2cb94e17189b5e89381e8292b249eb02e7bdc7f37/detection 193.161.193.99:27190 scharo-27190.portmap.host # Reference: https://www.virustotal.com/gui/file/a2f8c2d56df5bd28fe6524c0a41ecefbf43700f89c6bf083516109d021cb5a46/detection 193.161.193.99:2719 # Reference: https://www.virustotal.com/gui/file/e25774ea715ce20d9608948df1831b1f258df07e2b2065014c85c2fb6ad14213/detection 194.5.98.8:33033 # Reference: https://www.virustotal.com/gui/file/e909c918287b835821e26e1076693d426d127fdd5a589953deabf77717c2ef62/detection # Reference: https://www.virustotal.com/gui/file/9826ff5418fe35cbab6465dd359968ffe56bd7b725dbc26d0d8d21c7e3dbc0ec/detection # Reference: https://twitter.com/James_inthe_box/status/1214169622380834816 185.140.53.232:5211 # Reference: https://www.virustotal.com/gui/file/6733088fefa603350dd9904a49763b2e628c10f6f32a90e1f30789ae91b0bd28/detection 141.255.155.122:3008 palhacinhacker.ddns.net # Reference: https://twitter.com/Racco42/status/1216993503118577665 79.134.225.103:5216 # Reference: https://www.virustotal.com/gui/file/1a0374f3f7a51bd877212c37b642a7980a27ea2b38c68b009a80ece64147beec/detection 141.255.154.127:5200 qayshaija.ddns.net # Reference: https://www.virustotal.com/gui/file/03be3c7214fe1b769d22c4e8f93dab67b0d8aa399715bea4e37529438300f376/detection 141.255.147.80:5200 # Reference: https://www.virustotal.com/gui/file/b1d85b2e44628774c5706b05ba05a3ff66976258d3bbeeadb5db33fa0778341b/detection 179.180.11.89:5061 179.180.11.89:6008 # Reference: https://www.virustotal.com/gui/file/e92ba8c91051a2491c7b0c7a6310a3381734c11e54045e687c1591e2d757d8ab/detection 187.59.229.214:5200 # Reference: https://www.virustotal.com/gui/file/dd6a6d312452055ab81cee64848fa088feab2c197c177d10b9edc4569739954a/detection 177.133.237.246:5000 # Reference: https://www.virustotal.com/gui/file/3c8c14bc831c980fb43d33d23b59e2932785f410228908e17e69a9485b1893c6/detection 179.162.69.48:2020 191.35.36.143:2013 # Reference: https://www.virustotal.com/gui/file/87571c558c0c211cd407d87217a3a64240736fb6645919e970dadef3680975ef/detection 177.133.235.48:6606 177.133.235.48:8808 177.133.235.48:9830 # Reference: https://www.virustotal.com/gui/file/d5b2fbcf5a08b47f077f7ef5b703fb54c6d5b35af67a7d5d5a57d70d045b9ef4/detection 191.250.235.230:83 191.250.235.230:200 # Reference: https://www.virustotal.com/gui/file/ed3e1f7e8672d12735ca0e61a0d148d77c19c11e1857433d511ad91d84885207/detection 191.32.188.158:83 191.32.188.158:200 191.32.188.158:6060 # Reference: https://www.virustotal.com/gui/file/935226940893b40ce02be1230be2df7dce8cbd846013543298bf1d3d191462f2/detection 177.157.217.116:83 177.157.217.116:200 177.157.217.116:6060 # Reference: https://www.virustotal.com/gui/file/ed30e9e2d1ff9616faf3c5a67fec892453294b7e6b3f56aa3c8d265f4b04e56d/detection 179.183.44.100:83 179.183.44.100:200 179.183.44.100:6060 # Reference: https://www.virustotal.com/gui/file/c9a7c30772ea01a05608d2eea76f2863aec5cd35d0512ae64c914d224bc5a2fe/detection 191.35.44.154:83 # Reference: https://app.any.run/tasks/941be3bd-df60-4b2f-a187-7d7c924ab0fa/ info1.dynu.net 185.19.85.177:5552 # Reference: https://app.any.run/tasks/ce150998-fd3f-4c31-bf55-21f04c5a65b6/ 108.61.178.121:5252 # Reference: https://app.any.run/tasks/d68dbb4d-232b-4fcb-8d9a-abd4f3e97118/ 79.134.225.29:1960 # Reference: https://www.virustotal.com/gui/file/a62fe2c19d26ca8461fcd98993124b43a32629e25f801b78c680f209310632e3/detection 45.147.228.135:5200 # Reference: https://app.any.run/tasks/d280eef6-999f-4287-a6a0-02a450178525/ 147.135.100.70:5200 # Reference: https://twitter.com/KorbenD_Intel/status/1227346517960167424 # Reference: https://www.virustotal.com/gui/file/f1b85bfab8eea64e43bce246eaa9cecea2b39013f210a7951d933a93c8242f39/detection 179.43.166.45:1194 # Reference: https://app.any.run/tasks/364eba32-8d5d-4705-98c5-ba9ccc82912c/ 185.140.53.245:5200 # Reference: https://app.any.run/tasks/ff7b2301-a409-47ae-a005-bcad22c85850/ 66.154.98.108:24045 # Reference: https://twitter.com/wwp96/status/1230504598852526080 # Reference: https://app.any.run/tasks/75847a13-7af5-435e-a42e-d2baf062fa23/ 111.90.146.27:66 # Reference: https://www.virustotal.com/gui/file/084d5e723767035ee218186a0c7d35523875d2852f4779a582944cb3b7e2a988/detection 45.247.223.97:2020 # Reference: https://app.any.run/tasks/ce245328-2593-4f8c-8ace-e3b089739c98/ 147.135.100.70:3380 # Reference: https://app.any.run/tasks/ae902f14-c192-4ed0-b85c-707fd2fe9f68/ 193.161.193.99:27522 server12511.sytes.net # Reference: https://twitter.com/JAMESWT_MHT/status/1238208398069465088 # Reference: https://app.any.run/tasks/552ebaee-410b-4928-bcb2-7d65f7666297/ 185.244.30.26:5157 notmine.duckdns.org # Reference: https://www.virustotal.com/gui/file/2c9e8db68838c23e36adf1b4add15c79dc8be361a1f3110005ed12308eb4f606/detection 79.134.225.74:4531 t3am007.dynu.net # Reference: https://www.virustotal.com/gui/file/234ff45642617c1afbfeba3c88d42dcdf4742d3951d0f6d7e0687bf9619c03b5/detection 79.134.225.87:5200 # Reference: https://www.virustotal.com/gui/file/6e0636df4571d7dfa44c3451e0a869119d9763f877c77469aa15890cb098b880/detection 79.134.225.113:1972 # Reference: https://app.any.run/tasks/dec1759f-0b65-42a5-b9b5-4a8026abc2ed/ 79.134.225.123:5200 # Reference: https://www.virustotal.com/gui/file/f8a43d2ec2692d54c75bed8a5ddfcd2e3c0b8414e2d5f2b9e89948e0354957b7/detection 185.19.85.155:1960 # Reference: https://www.virustotal.com/gui/file/c1757ac3a2e435f607ec591c58d747407951158cd534c4efa3ef2f66520918b6/detection 185.165.153.39:8021 # Reference: https://twitter.com/James_inthe_box/status/1242183150022701062 fuckrat.000webhostapp.com # Reference: https://clickallthethings.wordpress.com/2020/03/23/avemaria-rat-xls-ads-and-eqnedt32/ # Reference: https://app.any.run/tasks/ce33bea3-9f2d-4507-ae43-2a96bb814bc5/ 5.199.143.127:5200 # Reference: https://www.virustotal.com/gui/file/36c4c7d76f7de9b21530cb4bdd38320e1255b0275b5d7999628e95f52839026a/detection 185.165.153.90:5200 # Reference: https://www.virustotal.com/gui/file/995ce74589c2ee66545a62d9f715b26735a5a18106015f1f3179629d83a55e9c/detection 45.147.231.168:5200 phantom101.duckdns.org # Reference: https://www.virustotal.com/gui/file/a58d37e03d37e6ba7fe426e2f8bc3e4a3c3618d8eae9cb7f9f62b391b92fce82/detection 91.218.65.24:5200 # Reference: https://www.virustotal.com/gui/file/16063a26361551b941684b336e20e311da78f53d65c803cf55b2290ccd2c42c5/detection 91.218.65.24:1515 # Reference: https://app.any.run/tasks/1f1d77d3-f131-46ac-b3f6-ea3705c65690/ 94.177.123.177:52544 # Reference: https://www.virustotal.com/gui/file/9b96a245dcff530e0c9e44e46ec3d7b2a0d2c979f2eab45d034ff66ac0323aa9/detection 185.247.228.246:5200 79.134.225.122:5200 # Reference: https://csirt.bank.gov.ua/news-ioc/78 (Ukrainian) # Reference: https://www.virustotal.com/gui/domain/unlimitedimportandexport.com/detection 79.134.225.114:49168 79.134.225.114:49169 79.134.225.114:49170 # Reference: https://twitter.com/JayTHL/status/1247913539924307968 winx.xcapdatap.capetown # Reference: https://www.virustotal.com/gui/file/b9626de5d7262ab3985c0a064e3855f7a40fb9a6a941a29f55c2cb67df503fcf/detection 198.50.243.173:52001 mfonwar.duckdns.org # Reference: https://www.virustotal.com/gui/file/328a5c568c870758cf0cab65296ad6b6a43e83346f03609fe84a3f25ec18ec57/detection 5.253.114.116:6667 # Reference: https://app.any.run/tasks/ee9a3ce7-1c43-4767-9f7d-5bd836afb695/ 79.134.225.54:7200 purchase.ddns.net # Reference: https://www.virustotal.com/gui/file/8e944862dbed48bf69c402e4d8b58b87092b9154e127f6786ef47132148177b7/detection 51.83.200.169:5554 # Reference: https://www.virustotal.com/gui/file/78ae67bcd77b61bb3351ea259ce5d73a87461e627dab8e81a6eabcd7c1641831/detection 194.5.98.22:4040 # Reference: https://www.virustotal.com/gui/file/ce49af22dbaeddc0d973256a12b169621404baaf617a7f8bc093d974ab0c5f2e/detection ab6b64b3.ngrok.io ef94c2ec.ngrok.io # Reference: https://www.virustotal.com/gui/file/c4f91744a0c1ef1b26212936537e430a333e7b6a94b5d351bace5168aee3c719/detection 2fff5496.ngrok.io # Reference: https://www.virustotal.com/gui/file/0d55101bad40167bfe9ee6cace2571db0a700b746e3a306036301936fe80b6bb/detection 23.82.140.14:433 # Reference: https://www.virustotal.com/gui/file/ebddbf171d569ce4db44a0284ac1cbe390e075854749713aa9186276036cacd6/detection qlox.duckdns.org # Reference: https://www.virustotal.com/gui/file/a102c4a2dfca8c218f1e65cbb5050012da856c3deba018d8c238fa9b09dd3a2b/detection securitysr.duckdns.org # Reference: https://www.virustotal.com/gui/file/061aba0cc132ebe2c8e666ffa001677463d9592b719247b3effb0d7e34a05614/detection 66.128.136.158:6667 # Reference: https://www.virustotal.com/gui/file/b4fa30c9108e903849b0a006ed91f4908e884c0214714e08895d7d8251931015/detection 185.165.153.212:5678 185.165.153.247:5678 smiggle.ddns.net # Reference: https://www.virustotal.com/gui/file/267b96f4e47346ccd8e19d7a6ffe38204b88ebf614f13268e27fe564e8caf934/detection 39.41.105.37:1996 grayspott.ddns.net # Reference: https://www.virustotal.com/gui/file/a560a69ff3ce3f6705ecde244b404055abf2865a3cf9c8caf4545bc127b74186/detection 79.134.225.5:1975 79.134.225.5:5556 maxcoopar.ddns.net maxcoopar80.hopto.org maxcoopart80.ddns.net # Reference: https://www.virustotal.com/gui/file/12caab7fa1930479e36119bd979a727539b9e2fb213aaeb8d02c8d232c97d43c/detection 179.14.168.79:1999 192.169.69.25:1999 dia9dejunio2020.duckdns.org # Reference: https://twitter.com/58_158_177_102/status/1280377733466345472 # Reference: https://app.any.run/tasks/db7a8d7e-36ae-4eb7-abab-d7b67a42d385/ 185.140.53.91:1867 # Reference: https://twitter.com/VirITeXplorer/status/1280415278774595584 20.185.199.35:5800 # Reference: https://www.virustotal.com/gui/file/931271a7d61eb05a68882f90042d1e109da4249bbc87f9480f6250484f81f131/detection 155.94.198.169:9115 waz.no-ip.ca # Reference: https://www.virustotal.com/gui/file/de8efff765420227a449b89e3398131fc2949d7b7be0b5794fd6b6b9dbccfacb/detection wazone.duckdns.org # Reference: https://app.any.run/tasks/097eed92-7211-44fe-a6f0-4959546bcb0b/ 4610215325.redirectme.net # Reference: https://twitter.com/James_inthe_box/status/1293267162258272256 # Reference: https://app.any.run/tasks/49ba0acb-fd7a-47ec-9998-cacc6eb875d5/ 185.157.162.81:20058 uknwn.linkpc.net # Reference: https://twitter.com/James_inthe_box/status/1295764954306326529 # Reference: https://app.any.run/tasks/db85aadd-841c-47ba-b331-541c7b8d70ff/ story43.ddns.net # Reference: https://www.virustotal.com/gui/file/b5397e498dcc57edb5746a9aea3b86c60933d567e2fcfce376efb7e1da0732b2/detection # Reference: https://www.virustotal.com/gui/file/0c89ea82f6be13d98bed32712966f66d2664264e026ca1d822b174a2483ed63c/detection # Reference: https://www.virustotal.com/gui/file/6c51877004df7e830c9afa8d698ad3102c3327c2d486b554ce6a4787931d40a9/detection 196.157.29.41:5200 41.233.195.30:5200 41.35.217.21:5200 # Reference: https://www.virustotal.com/gui/file/db2377b06ca2fa51438e54a011c5d04266c2c115806ec0b36f6138e4ca721a8a/detection 5.196.102.89:4342 # Reference: https://app.any.run/tasks/0eb62769-7d77-4371-988f-5e3ccf12bc0d/ bigmoney2020.ath.cx # Reference: https://app.any.run/tasks/0bc9ba17-1bac-43e2-b3ea-84948ca3b95a/ 103.207.39.83:1021 # Reference: https://www.virustotal.com/gui/file/fb9e1f0ad494ffc39d06ba6b0df33c1aa5e059e10e1c366d9a3a2bc462c4ff59/detection # Reference: https://www.virustotal.com/gui/file/6534a7953482135c6b462c90fb9d33dcf7ed9094fd42704266debab1cc775524/detection 93.174.89.30:5200 # Reference: https://app.any.run/tasks/71d495f0-d275-412c-9523-b89c3952ca45/ 192.236.249.173:2709 # Reference: https://app.any.run/tasks/42df4e1e-29ad-4b1e-9359-ae37142102c5/ 150.242.14.61:5552 iphanyi.mywire.org # Reference: https://app.any.run/tasks/c1d64385-f10d-420c-aee8-b7b752d5779e/ 94.158.245.3:6969 # Reference: https://app.any.run/tasks/f79cdfd6-8c81-4a56-afc6-9084473730d6/ 185.32.221.45:5200 minekroft.duckdns.org # Reference: https://app.any.run/tasks/615af023-eeb1-432f-bc62-763a2d2eba28/ # Reference: https://app.any.run/tasks/9fb314c8-72f9-4a82-87be-e035d52ce071/ 178.170.138.163:4554 # Reference: https://app.any.run/tasks/42fdc696-a9f8-48ec-b94e-59b91a73910a/ 185.19.85.177:5200 # Reference: https://twitter.com/h2jazi/status/1321867657956806656 # Reference: https://twitter.com/h2jazi/status/1321867659605086209 # Reference: https://www.virustotal.com/gui/file/a3cd781b14d75de94e5263ce37a572cdf5fe5013ec85ff8daeee3783ff95b073/detection # Reference: https://www.virustotal.com/gui/file/1c41a03c65108e0d965b250dc9b3388a267909df9f36c3fefffbd26d512a2126/detection recent.wordupdate.com wordupdate.com # Reference: https://gist.github.com/silence-is-best/0aa844b003c62c6ce491e91e168ac662 # Reference: https://www.virustotal.com/gui/file/71435231f2c9636b8286fbc31f59a95fc8a2f9a598525f4c9c65c7b1f6c3c634/detection 79.134.225.95:2442 bestsuccess.ddns.net # Reference: https://www.virustotal.com/gui/file/ac6fe5d0dc9129225e65b82c6b992641ed6f036c1ae62f8e889821580416ebab/detection 194.5.97.15:9901 wzefi.duckdns.org # Reference: https://app.any.run/tasks/5b60dcaa-7155-48ff-8428-722bd4b2872b/ 52.146.42.226:5600 # Reference: https://app.any.run/tasks/37e8edc3-4e05-40c3-a8ff-355da5f73564/ 209.127.186.228:5200 warzonecastro.ddns.net # Reference: https://www.virustotal.com/gui/file/d0ef59cdc766a5abb2c652273bcd713aaf660c6631154f78c1fc028934ebd083/detection 91.193.75.6:5988 # Reference: https://urlhaus.abuse.ch/browse/tag/AveMariaRAT/ # Reference: https://www.virustotal.com/gui/file/6cb291e90e6b603de38931adb89ca89d0745a487169ed46e10669d2890eb627d/detection 5.196.207.55:7272 # Reference: https://www.virustotal.com/gui/file/3b84ae0d295425279c7636ff3de98950d1f6ebf935b79a23049842d85c9d905c/detection 34.208.109.201:5200 # Reference: https://www.virustotal.com/gui/file/788fb7921aa27add6ee4a6e7927c8475236eb9cf82faef193c4d113b8da886c0/detection 141.255.157.54:1605 # Reference: https://www.virustotal.com/gui/file/08c0209ce6617b4737872ac19223aacd84a752b8f4b013823ac6107f7f1d74ab/detection 136.243.31.186:1608 # Reference: https://www.virustotal.com/gui/file/f3f654a41d57053362f7306f9a432c1341cbd57dce82f0940108a73917a8a934/detection 193.161.193.99:40377 # Reference: https://www.virustotal.com/gui/file/535b6e5e8cd0fd9610c321d9b5e7fb95d18e0161a8a8d63a8a35913d6e6a4866/detection 192.169.69.25:5200 # Reference: https://www.virustotal.com/gui/file/0356ea425eda4c9b1d7a8d58879c441e29919d491b85e84eb4f96c9113052818/detection 177.75.41.196:5200 # Reference: https://www.virustotal.com/gui/file/dd0c8701d0d9e62c7b354e97e41cfec6aa85da269cfa6a6490ba68cce58b2385/detection 91.193.75.5:7711 versi.duckdns.org # Reference: https://www.virustotal.com/gui/file/90001df66b709685e2654b9395f8ce67e9b070cbaa624d001a7dd2adbc8d8eda/detection 155.94.198.169:1991 pounds1991.duckdns.org # Reference: https://www.virustotal.com/gui/file/7ca83349bed484f6eda4ad1dce51d4b1ed79c76a535f56c85033977b3728a3b5/detection 162.218.122.109:1117 # Reference: https://www.virustotal.com/gui/file/1a9644d007b728f70a743529ea97b910baf33351a405d35c065c4d7eccda2b2c/detection # Reference: https://www.virustotal.com/gui/file/4083be0a99183e9b1da84b0a360b67c452b09302ce536c5b3cfa3ccdd36fea0a/detection 69.65.7.134:3890 eldragon.ooguy.com # Reference: https://twitter.com/Racco42/status/1329057446787215360 # Reference: https://app.any.run/tasks/72ef6190-f792-4672-b679-591641f92913/ 156.96.44.201:5200 auditor3.duckdns.org 8e3d-wzr.duckdns.org # Reference: https://www.virustotal.com/gui/file/43401d61e09bbe698a38b98a0a74e46f5d2daf28d2d115339a67d8a18a86e71a/detection # Reference: https://www.virustotal.com/gui/file/3c2952b8e4351727e26025036532b31841b06c45b5e0e3faec4110d1959aad8b/detection 79.134.225.37:5200 91.134.167.159:5200 icey.awsmppl.com # Reference: https://www.virustotal.com/gui/file/5385cc5d2b11648b15c2d43657b85092dce7effdadad1c98c5e7ef597f2e7ee4/detection c.awsmppl.com jikk.duckdns.org /iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii/ /iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii/Ynte # Reference: https://www.virustotal.com/gui/file/a050a83263058dd2a74f2b7490e8bffb188a3a7a241ad83032b3d10c701ce39c/detection 183.104.220.151:5555 kwen0939.codns.com # Reference: https://app.any.run/tasks/88df6565-81e6-4774-80d6-d05d3cb3c4de/ 195.140.214.82:6703 aogmphregion.org.za # Reference: https://app.any.run/tasks/0a43f51f-93e7-4f01-8a9a-6b1785fdb7d8/ 45.147.231.232:5200 syncronize.3utilities.com # Reference: https://app.any.run/tasks/4fd30ffe-3e23-4032-8522-03eb6ae4a33e/ 149.28.115.223:3404 # Reference: https://www.virustotal.com/gui/file/d0e70f2ede6386eb36547cc0bfb0b972ea402ea569505cfd97c740c9d5e28d63/detection 79.134.225.9:1313 2c04mm.hopto.org # Reference: https://www.virustotal.com/gui/file/43884a1b9effdb7893f607139d10d82eb42a1b6dd66af3c9935b692d9a694791/detection 37.221.115.52:40701 psalm21.duckdns.org # Reference: https://app.any.run/tasks/4bf7a851-6342-4886-a321-5ae2972e029a/ # Reference: https://app.any.run/tasks/9da5599d-a818-443e-b960-ad35d0fa3e54/ 185.150.24.27:5200 185.140.53.227:5200 goodyear21.duckdns.org # Reference: https://www.virustotal.com/gui/file/504e0489472d6107d56d6d4f88600200b055bd97c3158ef1c9a54ea38074351a/detection 37.46.150.86:5200 # Reference: https://www.virustotal.com/gui/file/492b57cab7d4eed865141cff12e5c0a9cc551f848b5bce90a36b5868b6be926c/detection # Reference: https://www.virustotal.com/gui/file/7ec6ac9a3213f3a69d19a3209b763cb429b331fda2cf1ab02cc0cd4cff953a70/detection 91.193.75.251:43526 ie2z2.ddns.net # Reference: https://twitter.com/reecdeep/status/1354070251911213057 # Reference: https://app.any.run/tasks/291734ae-12f5-4350-a320-2da1583ed5e7/ 52.146.42.226:5600 # Reference: https://app.any.run/tasks/d7f182ab-5a09-4a5f-8741-6063eb65cddc/ 185.244.43.60:5200 # Reference: https://app.any.run/tasks/a063c378-3cca-464e-a95a-2e8e39b240da/ 79.134.225.115:7112 yetye.ddns.net # Reference: https://twitter.com/executemalware/status/1359294408814956546 # Reference: https://pastebin.com/E2bbqwqC # Reference: https://www.virustotal.com/gui/file/ee0b28949b01044f151f04743d49f6310a70de7339ad4936afd79b5c8a724025/detection http://45.145.185.153 45.145.185.153:5210 # Reference: https://twitter.com/satontonton/status/1359507457362415617 # Reference: https://app.any.run/tasks/f71d16ef-1e0b-4789-b86b-fc980af5c619/ # Reference: https://www.virustotal.com/gui/file/4d05a527675f1cf3d6192a8336a174df03a542c69b126ef0263706fa1537d921/detection # Reference: https://www.virustotal.com/gui/file/3ed44cbe5246f325af70060e29e1ac6b9cd154cbbf1491c04f3fe4add9d2d442/detection http://111.90.149.168/autom.html 107.175.1.186:54213 # Reference: https://app.any.run/tasks/e131bcfa-6402-4c90-9bf5-b89a1305b59f/ 139.28.235.223:1234 # Reference: https://twitter.com/reecdeep/status/1361276747392704513 # Reference: https://app.any.run/tasks/7effca1a-1ffa-4e27-89e0-599c42df2e70/ 137.116.87.64:8400 # Reference: https://tria.ge/210215-q6gln4q3wj/behavioral1 37.46.150.67:5211 # Reference: https://app.any.run/tasks/77aeaadc-ce9e-45a6-8ad9-edb1b6db4b25/ 185.140.53.243:11754 # Reference: https://www.virustotal.com/gui/file/200b6e75f3cf519f4e85c2ca1ed0aa458f6c0fca011f5e7c76dec1911c23b0e5/detection 95.165.5.79:1340 # Reference: https://twitter.com/reecdeep/status/1369975299664908290 # Reference: https://app.any.run/tasks/23c27210-a6c6-4d8f-8af1-cfb338707b78/ # Reference: https://otx.alienvault.com/pulse/604b58f15d9f775f69553290 79.134.225.26:3141 cbngroup.duckdns.org # Reference: https://www.virustotal.com/gui/file/b92de2b0a516b39be2debd436167dc0fce504f98e1fb95230393b8745b9f85dd/detection # Reference: https://www.virustotal.com/gui/file/d0c9866eae91701201a24089089e04c6e7aed78997c04d5e681c3e731e56e816/detection 185.19.85.151:1990 farahpower45.warzonedns.com # Reference: https://www.virustotal.com/gui/file/20fdfd5f97c412473ef17a980fd6ec16d59092ef1f9da5532344acbfb534649f/detection mit.warzonedns.com # Reference: https://www.virustotal.com/gui/file/86539dd3983a0edd712ab3831130ddf317e92944bf6ace1f6846b886f31a1ccd/detection 193.56.28.206:5200 black.warzonedns.com # Reference: https://www.virustotal.com/gui/file/c7e9a961c18f29d0c87232ed3a3829db6658b83fa693bce257079dbba8c19a65/detection au.warzonedns.com # Reference: https://app.any.run/tasks/95e995ad-a108-4b3d-bfbb-03def6144333/ 104.209.133.4:7500 # Reference: https://twitter.com/neonprimetime/status/1381955462967476228 # Reference: https://twitter.com/ps66uk/status/1381962342200606723 # Reference: https://app.any.run/tasks/0cf85641-e5be-4979-9e97-8afc0f30fa67/ # Reference: https://app.any.run/tasks/65952547-7f8a-4505-a425-0422ac4f40cf/ # Reference: https://www.joesandbox.com/analysis/384058/0/html # Reference: https://tria.ge/210413-mp9t774whx # Reference: https://www.virustotal.com/gui/file/6cb41881b598c60c42e387639f439de19d8d38d8ab7decc539275da86f44d57e/detection 178.170.138.116:6021 beda.remcosagent.com cfr.eur-import.com maskcovld.ga # Reference: https://www.virustotal.com/gui/file/8c08527b2f800a885e149e4885d48f881460a7a95f87aed31e34265e7720ef5a/detection 91.207.57.51:57797 rat1234.ddns.net # Reference: https://www.virustotal.com/gui/file/d7df4ac0cb45d0a0e9e6d237ffc95b19c557a6d8a8753dfbea41b5425ffb84f1/detection 185.244.30.118:9090 parosp1.duckdns.org # Reference: https://www.virustotal.com/gui/file/067e134111d09e1a91aa5466c485189b33aff7c3bd6efb09056f1edddb1296ad/detection 194.5.99.47:9090 parobk1.duckdns.org # Reference: https://www.virustotal.com/gui/file/afec970c19cf52710146bad6dbcf78328ce88891bbd9cf726a7dac38545b39bc/detection warrsppa.duckdns.org