# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Aliases: warzone # Reference: http://blog.morphisec.com/threat-alert-ave-maria-infostealer-on-the-rise-with-new-stealthier-delivery list131.ignorelist.com # Reference: https://twitter.com/guelfoweb/status/1105493553030053888 # Reference: https://twitter.com/JaromirHorejsi/status/1105447086361923584 schoolfurniturecompany.com # Reference: https://twitter.com/x42x5a/status/1111247631223791617 tsesser.duckdns.org # Reference: https://twitter.com/pollo290987/status/1113335382878425088 fada101.servehttp.com # Reference: https://twitter.com/James_inthe_box/status/1113423296211562497 91.192.100.8:47583 # Reference: https://twitter.com/Racco42/status/1115259915877146625 maxcoopart80.ddns.net # Reference: https://twitter.com/x42x5a/status/1116608057268527105 # Reference: https://app.any.run/tasks/e89ec46a-0637-4b24-9802-08cc19459bef 185.140.53.17:2888 # Reference: https://twitter.com/James_inthe_box/status/1118904407792345090 mydnssbox.gleeze.com # Reference: https://reaqta.com/2019/04/ave_maria-malware-part1/ maxibrainz.warzonedns.com 91.192.100.61:2580 # Reference: https://securelist.com/fin7-5-the-infamous-cybercrime-rig-fin7-continues-its-activities/90703/ (# AveMaria) tain.warzonedns.com noreply377.ddns.net server.mtcc.me doddyfire.dyndns.org toekie.ddns.net warmaha.warzonedns.com 185.162.131.97:222 # Reference: https://twitter.com/Racco42/status/1130511314537918465 mailsle001.duckdns.org mazzet990.duckdns.org # Reference: https://twitter.com/Lvanoel/status/1131441015922057217 # Reference: https://app.any.run/tasks/b00d980c-615c-433a-b549-36253786f9cb/ 145.239.202.109:1013 145.239.202.109:1018 # Reference: https://twitter.com/Racco42/status/1132911306472919040 hiswar45.warzonedns.com # Reference: https://twitter.com/abuse_ch/status/1145697917161934856 fuckoffesetdetectmysleep.com # Reference: https://twitter.com/HerbieZimmerman/status/1151196743201173507 respainc.duckdns.org # Reference: https://twitter.com/James_inthe_box/status/1151953182869741568 masterprof.warzonedns.com # Reference: https://twitter.com/James_inthe_box/status/1156163867744935938 dephantomz.duckdns.org # Reference: https://blog.team-cymru.com/2019/07/25/unmasking-ave_maria/ anglekeys.warzonedns.com # Reference: https://twitter.com/ps66uk/status/1159446703185047552 95.168.191.77:1436 dd122.duckdns.org # Reference: https://twitter.com/anyrun_app/status/1159700318478897152 # Reference: https://app.any.run/tasks/b89006cd-dba0-4bc3-8a16-002f4ccc416b/ 37.120.159.243:21204 aidsweden.serveblog.net # Reference: https://twitter.com/James_inthe_box/status/1161273917689880576 millionways.duckdns.org # Reference: https://twitter.com/Lvanoel/status/1161511143174823936 # Reference: https://app.any.run/tasks/bf09de69-e3b4-41d6-9d1e-d4875f9bca16/ 79.134.225.39:2134 ndubaba45.warzonedns.com # Reference: https://twitter.com/killamjr/status/1163429097273516032 wealthyblessed.warzonedns.com # Reference: https://twitter.com/tkanalyst/status/1167210316406484992 # Reference: https://app.any.run/tasks/bf11ba41-b5bf-4fed-8769-eebdf6b50760/ 185.70.184.34:3367 # Reference: https://www.virustotal.com/gui/file/544b299edea483bae81f71b7225aaa835ab025bcb6bd79b2d4ea9e2fe015c28f/behavior/Tencent%20HABO wealthyme.warzonedns.com # Reference: https://www.virustotal.com/gui/file/25a549daef7a464b48239af1d40f8aebba64dbadcbda0e99ce66b501aab7e36f/behavior/VirusTotal%20Jujubox ebase.duckdns.org # Reference: https://www.virustotal.com/gui/file/ece090a78dd15d62d2135e97df60c4aadd91a47febfa871394155bf367fde6fd/behavior/VirusTotal%20Jujubox warzo.duckdns.org # Reference: https://www.virustotal.com/gui/file/7c76424b56e4a678617fa9020a57c8342947ad883f747344f14520dee6f124a9/behavior/Dr.Web%20vxCube levelup.publicvm.com # Reference: https://www.virustotal.com/gui/file/da626882f225ded5ba58cefb4585de0c5a42f8e5fc9eb5b7762ef297187bf3fc/behavior/Lastline helloworld.ddnsking.com # Reference: https://www.virustotal.com/gui/file/2fdb79ca19e2ff06973e49b53ae627adfdf34a6f166f167fbceebb6c1cd60da3/behavior/Lastline millionways.duckdns.org # Reference: https://www.virustotal.com/gui/file/e8c68dd2e6fc0c1cacb27461dff68dcf16a8aa41af9e84b38b0cad8457789a6f/behavior/Lastline amariceo.duckdns.org # Reference: https://www.virustotal.com/gui/file/733a272f202c9917b877be278df24368daa6de101a2b804ccb45b48c6119c6fa/behavior/Lastline eclass47.duckdns.org # Reference: https://twitter.com/wwp96/status/1170333909982285824 # Reference: https://app.any.run/tasks/32422cdd-19d0-40cf-87d9-cb08e706405a/ 185.165.153.12:1033 jsbcdns.warzonedns.com # Reference: https://twitter.com/wwp96/status/1171410401885589509 # Reference: https://app.any.run/tasks/9e8d008e-653e-4af0-bfa4-ac05910853d4/ 79.134.225.107:6703 naval.duckdns.org # Reference: https://twitter.com/w3ndige/status/1179711138981957633 # Reference: https://app.any.run/tasks/a5a9e2f9-45bc-4760-8fad-3683d76aaf56/ 94.237.114.17:59221 linuxpro1.warzonedns.com # Reference: https://twitter.com/killamjr/status/1189750151155474432 # Reference: https://app.any.run/tasks/abcdb43f-c221-4ffe-9598-c7d6a2301395/ # Reference: https://www.virustotal.com/gui/file/80c027aea4017e2a6ef61cb5d2da2f5cd5c47a6bb082f3172be668fa85f3b3ef/detection 142.44.161.51:5371 # Reference: https://pastebin.com/29uSdMAk # Reference: https://www.virustotal.com/gui/file/a75dad61090b4575f360310d59647560ce9faaff047ad7513fde736ea90aec4e/detection # Reference: https://www.virustotal.com/gui/file/546dcac6a5fc155afcc19a4b74effff13414636362129cdbe73d47e994dc39b4/detection # Reference: https://www.virustotal.com/gui/file/a2bf4a9a1d776cf793a97d0b6fc37b63dcb55f7e4793070df5cc265f59e06f97/detection 185.165.153.46:83 # Reference: https://pastebin.com/29uSdMAk # Reference: https://www.virustotal.com/gui/file/c3b48986b1377673856f5500f9c79ec3de25c51c10e44e09e9385ce779dd0f6b/detection # Reference: https://www.virustotal.com/gui/file/a11b7ef1b9ae4b05deec96035b8173d79861f3c661a66cb08ec5b7cb7993981a/detection 173.254.223.68:5005 37.49.225.237:5009 79.134.225.21:2244 favour.ddnsgeek.com # Reference: https://twitter.com/wwp96/status/1191754793737428993 # Reference: https://app.any.run/tasks/941b2543-3fdf-49f1-ab81-4ef621930c66/ # Reference: https://app.any.run/tasks/461f8149-bc37-4081-920f-002c2ece10be/ 185.165.153.150:6703 rentals.insidedns.com # Reference: https://www.virustotal.com/gui/file/01018330ea410c2b49df4ec0ef0b5867a708b9102a780fa230aabf0391c0b82d/detection craftedfollowing.duckdns.org # Reference: https://www.virustotal.com/gui/file/cde18266fd65ee26cd546a95f7e3b629b4f13b8101d0a7ced282b2fee1d4c673/detection 185.222.202.74:1515 79.134.225.105:2404 # Reference: https://www.virustotal.com/gui/file/456b827c946facaadae9a11182d864e21db248f17a24309eaee0798c1043d5bb/detection 79.134.225.89:3366 # Reference: https://www.virustotal.com/gui/file/d84fdbc7ba1461fa0609661a13b434e2c791d6d0e6d2bba1c431175ad6d13731/detection 79.134.225.89:5200 # Reference: https://www.virustotal.com/gui/file/52cca8d3b984b5116ba625d2379b3d171e0e4a3d932a8afc740c136db2b611ea/detection ventm.warzonedns.com # Reference: https://www.virustotal.com/gui/file/dbfe4a369975251fd14e5d160f2edde33942723a9bb3b4e6b5f445dd5b9dc549/detection 75.127.5.164:4741 # Reference: https://www.virustotal.com/gui/file/e8c68dd2e6fc0c1cacb27461dff68dcf16a8aa41af9e84b38b0cad8457789a6f/detection 185.244.31.248:4741 # Reference: https://www.virustotal.com/gui/file/6059d33a2b43a5a840dd6525d7eeae99675e969a7d34f9a3fde663abec093abd/detection 41.111.120.82:5200 # Reference: https://www.virustotal.com/gui/file/f73bb2cac3348f9a3154d9c3761aaab9480c22c90272b8c6a2d12d03026545bd/detection 185.62.190.76:5200 # Reference: https://www.virustotal.com/gui/file/f92a5c1fbc216d4fa074f16df7cd779c7df900a8c83850fa28d375ae651a1ede/detection 194.5.98.28:1033 jsbcdns.warzonedns.com # Reference: https://www.virustotal.com/gui/file/a059e3d18e6769f4b57c0e6703194d490d4acfaac10d51e97deccf97ebdc543b/detection 194.5.98.82:6093 importa.100chickens.me # Reference: https://www.virustotal.com/gui/file/9c4d9735c010d737541d4992ea3263c7d9197892184ff1809b0bb57e4ce2f0fe/detection 51.77.254.184:2324 7fantasma.duckdns.org # Reference: https://www.virustotal.com/gui/file/12ed11e75e0520eea52213b3f9f5f727d3639af2539d38642a2d8306ec19104a/detection 79.134.225.25:6558 chukdominic.duckdns.org # Reference: https://www.virustotal.com/gui/file/f617de752f017722e0771b83b3f69ce38a4ba84602511ba91fccb84ea2fda7fc/detection 192.169.69.25:4070 benzkartel.duckdns.org # Reference: https://www.virustotal.com/gui/file/77819732b5a4837ca3594ef86d606a48c064441411d08a539514fcc5d91218cd/detection # Reference: https://www.virustotal.com/gui/file/0a4462d6b14ff52e9b445e260194357900ba7dbbe80774eb010b44e1bd4ee9a9/detection 192.169.69.25:5399 eclass47.duckdns.org # Reference: https://www.virustotal.com/gui/file/b7346a155d02bd68ff67f5546609f9d75057d5efd90a6376e977ef7ea869e2f2/detection 45.61.49.107:5240 tunechi101.warzonedns.com # Reference: https://www.virustotal.com/gui/file/07392385f56ddda989d5ad8bd8de01b108412982b159ac75e204be143d68b240/detection 185.62.188.136:5200 # Reference: https://www.virustotal.com/gui/file/dbfe4a369975251fd14e5d160f2edde33942723a9bb3b4e6b5f445dd5b9dc549/detection 75.127.5.164:4741 # Reference: https://www.virustotal.com/gui/file/c586ff7830ff31f8c053edb8f2629df87906bb01ec30f9e35bd29022ebea8419/detection 79.134.225.106:1177 praize19791.duckdns.org # Reference: https://www.virustotal.com/gui/file/d441cff2ab9244e49f4bc3b05eca90d9249a6e2618e5e4bd9b0a54097facb48b/detection 93.177.75.154:3151 dinibel11.webhop.org # Reference: https://www.virustotal.com/gui/file/e066a5143b342f5c231f97bb7f4eb49635abcde57d786f33fa1038ddd6ede11a/detection 170.130.31.104:1670 madmulla.duckdns.org # Reference: https://www.virustotal.com/gui/file/4b6259416f03b0f5af3674e7bd388a4463c24d21de53a02dfcb9c662adf22e8f/detection 172.93.228.235:5880 genericmoney.duckdns.org # Reference: https://www.virustotal.com/gui/file/a24048a30789ba42ceb68f5cd75a408d5de9497cd5d2aa12b2577fcba6a69d9c/detection 192.69.169.25:5200 egonbute.duckdns.org # Reference: https://www.virustotal.com/gui/file/bf81ce4168621e55a21d9f2dcb7a4ece8d36872ee6ef907345c99c272cea4e99/detection 79.134.225.58:7555 # Reference: https://any.run/malware-trends/avemaria (Note: as seen on 2019-12-04) sub.winkcaffe.waw.pl vemvemserver.duckdns.org tain.rapiddns.ru info1.duckdns.org googleman.duckdns.org moran101.duckdns.org duc1234.duckdns.org onelove03.duckdns.org benzkartel.duckdns.org westernautoweb.duckdns.org qxq.ddns.net kenw16570.ddns.net johnevans04.ddns.net sub007.duckdns.org hustle4eva2.3utilities.com sandshoe.duckdns.org olavroy.duckdns.org chance2019.ddns.net # Reference: https://www.virustotal.com/gui/file/78ed84dd60c338ceb78a4d358f07437a383e435c385000404da66e570e2321cc/detection 91.193.75.181:3367 # Reference: https://www.virustotal.com/gui/file/7b15afbcaa1bcb0d2a6bdf83f6c93658817962b19c35326b8077d7be44b39a69/detection 79.134.225.71:5437 # Reference: https://www.virustotal.com/gui/file/b496ddb8d4c141887c11ea69fdce376b172a0fc194cb2de6c95599aecbb537ab/detection cush007.ddns.net # Reference: https://www.virustotal.com/gui/file/fe8703808c3f40b46b07af0e129c2102524347869710b02174c72a153d137760/detection 129.56.70.249:8282 # Reference: https://www.virustotal.com/gui/file/a984da90a5ad37b1ce550f33ff607095db19355c04025e38b3ee45ac8f693eb5/detection 79.134.225.39:9090 parospp.duckdns.org # Reference: https://www.virustotal.com/gui/file/572f87602151f3338afa66ad3e732149fe3e360e3fa2e215f23a0a6925ce4d3d/detection benrohr442.zapto.org # Reference: https://www.virustotal.com/gui/file/f0f94d21b0f262127a2ded52cb7a1f4259f23dbf964d7df85d531c183212174b/detection 185.247.228.208:2888 # Reference: https://www.virustotal.com/gui/file/6bdff20a07a44acf12e43805c730c7ff7f38cbeafe921217c03d3dd1617a4880/detection 5.181.234.14:2888 # Reference: https://www.virustotal.com/gui/file/1b9ddb40b3935d58544774f7c6b7e95343be5dc0a8bf98b3105163a5afbb8c65/detection 79.134.225.71:84 # Reference: https://www.virustotal.com/gui/file/7b4f34a769a9e9c7c2624154a5573e195e0988cea062b374c03304f7478fc961/detection 79.134.225.71:5500 grounderwarone.freeddns.org # Reference: https://www.virustotal.com/gui/file/e87773b992b99b6efd4c74e564d08eb67d315cc59d23a8c9b69abb33ea950dd4/detection 79.134.225.105:11896 # Reference: https://www.virustotal.com/gui/file/ac98d1565e8f687a0c631996c5029e6240f6e729042dca8e7858d35022b209b3/detection marknagy44565-36386.portmap.host # Reference: https://www.virustotal.com/gui/file/b7cf331992b5483898c5e8193c660a245b09bcb058988835a30cb1692892273c/detection 193.161.193.99:47765 # Reference: https://www.virustotal.com/gui/file/da2eb53310a9b8d6c4131288fcce98602f0e7b77085a02f7d7f69ac11565687b/detection 193.161.193.99:37648 # Reference: https://www.virustotal.com/gui/file/a0f6f5047ec47503ec7cbb61e04ebb9b97bfa9746392f7c3ed08182db8be8138/detection 193.161.193.99:45947 officialkezmuzik-45947.portmap.host # Reference: https://www.virustotal.com/gui/file/5ff6e4edbf3c902b9a813d59800a60264373eb60f7babefe4dff54fedddb65e4/detection 185.101.92.3:1690 # Reference: https://www.virustotal.com/gui/file/ee4c2071e9030b4387111797f6d11f092f8781cdc5aac999139963fdcb63ff42/detection 185.140.53.95:5216 # Reference: https://www.virustotal.com/gui/file/15cae950567d2811ad51b7eb71c6b1bfc451548179931cdcfbbb498e24c2f661/detection 185.140.53.95:5200 # Reference: https://www.virustotal.com/gui/file/90852481986c5563f93a7615fd4a0f3d238ab62811603aca14585bcbd0c6e71c/detection 91.193.75.66:2088 # Reference: https://app.any.run/tasks/10544624-bea9-442e-98b9-8e862f612f6b/ ultrablank.linkpc.net 46.4.156.46:3008 # Reference: https://www.virustotal.com/gui/file/f100dd11620426161e6e36d5778c458dcb92b1cd551df338007bb52dfff4cdbc/detection 213.152.161.5:45315 # Reference: https://www.virustotal.com/gui/file/3c0180e5c2e750dd5f2af5d2cb94e17189b5e89381e8292b249eb02e7bdc7f37/detection 193.161.193.99:27190 scharo-27190.portmap.host # Reference: https://www.virustotal.com/gui/file/a2f8c2d56df5bd28fe6524c0a41ecefbf43700f89c6bf083516109d021cb5a46/detection 193.161.193.99:2719 # Reference: https://www.virustotal.com/gui/file/e25774ea715ce20d9608948df1831b1f258df07e2b2065014c85c2fb6ad14213/detection 194.5.98.8:33033 # Reference: https://www.virustotal.com/gui/file/e909c918287b835821e26e1076693d426d127fdd5a589953deabf77717c2ef62/detection # Reference: https://www.virustotal.com/gui/file/9826ff5418fe35cbab6465dd359968ffe56bd7b725dbc26d0d8d21c7e3dbc0ec/detection # Reference: https://twitter.com/James_inthe_box/status/1214169622380834816 185.140.53.232:5211 # Reference: https://www.virustotal.com/gui/file/6733088fefa603350dd9904a49763b2e628c10f6f32a90e1f30789ae91b0bd28/detection 141.255.155.122:3008 palhacinhacker.ddns.net # Reference: https://twitter.com/Racco42/status/1216993503118577665 79.134.225.103:5216 # Reference: https://www.virustotal.com/gui/file/1a0374f3f7a51bd877212c37b642a7980a27ea2b38c68b009a80ece64147beec/detection 141.255.154.127:5200 qayshaija.ddns.net # Reference: https://www.virustotal.com/gui/file/03be3c7214fe1b769d22c4e8f93dab67b0d8aa399715bea4e37529438300f376/detection 141.255.147.80:5200 # Reference: https://www.virustotal.com/gui/file/b1d85b2e44628774c5706b05ba05a3ff66976258d3bbeeadb5db33fa0778341b/detection 179.180.11.89:5061 179.180.11.89:6008 # Reference: https://www.virustotal.com/gui/file/e92ba8c91051a2491c7b0c7a6310a3381734c11e54045e687c1591e2d757d8ab/detection 187.59.229.214:5200 # Reference: https://www.virustotal.com/gui/file/dd6a6d312452055ab81cee64848fa088feab2c197c177d10b9edc4569739954a/detection 177.133.237.246:5000 # Reference: https://www.virustotal.com/gui/file/3c8c14bc831c980fb43d33d23b59e2932785f410228908e17e69a9485b1893c6/detection 179.162.69.48:2020 191.35.36.143:2013 # Reference: https://www.virustotal.com/gui/file/87571c558c0c211cd407d87217a3a64240736fb6645919e970dadef3680975ef/detection 177.133.235.48:6606 177.133.235.48:8808 177.133.235.48:9830 # Reference: https://www.virustotal.com/gui/file/d5b2fbcf5a08b47f077f7ef5b703fb54c6d5b35af67a7d5d5a57d70d045b9ef4/detection 191.250.235.230:83 191.250.235.230:200 # Reference: https://www.virustotal.com/gui/file/ed3e1f7e8672d12735ca0e61a0d148d77c19c11e1857433d511ad91d84885207/detection 191.32.188.158:83 191.32.188.158:200 191.32.188.158:6060 # Reference: https://www.virustotal.com/gui/file/935226940893b40ce02be1230be2df7dce8cbd846013543298bf1d3d191462f2/detection 177.157.217.116:83 177.157.217.116:200 177.157.217.116:6060 # Reference: https://www.virustotal.com/gui/file/ed30e9e2d1ff9616faf3c5a67fec892453294b7e6b3f56aa3c8d265f4b04e56d/detection 179.183.44.100:83 179.183.44.100:200 179.183.44.100:6060 # Reference: https://www.virustotal.com/gui/file/c9a7c30772ea01a05608d2eea76f2863aec5cd35d0512ae64c914d224bc5a2fe/detection 191.35.44.154:83 # Reference: https://app.any.run/tasks/941be3bd-df60-4b2f-a187-7d7c924ab0fa/ info1.dynu.net 185.19.85.177:5552 # Reference: https://app.any.run/tasks/ce150998-fd3f-4c31-bf55-21f04c5a65b6/ 108.61.178.121:5252 # Reference: https://app.any.run/tasks/d68dbb4d-232b-4fcb-8d9a-abd4f3e97118/ 79.134.225.29:1960 # Reference: https://www.virustotal.com/gui/file/a62fe2c19d26ca8461fcd98993124b43a32629e25f801b78c680f209310632e3/detection 45.147.228.135:5200 # Reference: https://app.any.run/tasks/d280eef6-999f-4287-a6a0-02a450178525/ 147.135.100.70:5200 # Reference: https://twitter.com/KorbenD_Intel/status/1227346517960167424 # Reference: https://www.virustotal.com/gui/file/f1b85bfab8eea64e43bce246eaa9cecea2b39013f210a7951d933a93c8242f39/detection 179.43.166.45:1194 # Reference: https://app.any.run/tasks/364eba32-8d5d-4705-98c5-ba9ccc82912c/ 185.140.53.245:5200 # Reference: https://app.any.run/tasks/ff7b2301-a409-47ae-a005-bcad22c85850/ 66.154.98.108:24045 # Reference: https://twitter.com/wwp96/status/1230504598852526080 # Reference: https://app.any.run/tasks/75847a13-7af5-435e-a42e-d2baf062fa23/ 111.90.146.27:66 # Reference: https://www.virustotal.com/gui/file/084d5e723767035ee218186a0c7d35523875d2852f4779a582944cb3b7e2a988/detection 45.247.223.97:2020 # Reference: https://app.any.run/tasks/ce245328-2593-4f8c-8ace-e3b089739c98/ 147.135.100.70:3380 # Reference: https://app.any.run/tasks/ae902f14-c192-4ed0-b85c-707fd2fe9f68/ 193.161.193.99:27522 server12511.sytes.net # Reference: https://twitter.com/JAMESWT_MHT/status/1238208398069465088 # Reference: https://app.any.run/tasks/552ebaee-410b-4928-bcb2-7d65f7666297/ 185.244.30.26:5157 notmine.duckdns.org # Reference: https://www.virustotal.com/gui/file/2c9e8db68838c23e36adf1b4add15c79dc8be361a1f3110005ed12308eb4f606/detection 79.134.225.74:4531 t3am007.dynu.net # Reference: https://www.virustotal.com/gui/file/234ff45642617c1afbfeba3c88d42dcdf4742d3951d0f6d7e0687bf9619c03b5/detection 79.134.225.87:5200 # Reference: https://www.virustotal.com/gui/file/6e0636df4571d7dfa44c3451e0a869119d9763f877c77469aa15890cb098b880/detection 79.134.225.113:1972 # Reference: https://app.any.run/tasks/dec1759f-0b65-42a5-b9b5-4a8026abc2ed/ 79.134.225.123:5200 # Reference: https://www.virustotal.com/gui/file/f8a43d2ec2692d54c75bed8a5ddfcd2e3c0b8414e2d5f2b9e89948e0354957b7/detection 185.19.85.155:1960 # Reference: https://www.virustotal.com/gui/file/c1757ac3a2e435f607ec591c58d747407951158cd534c4efa3ef2f66520918b6/detection 185.165.153.39:8021 # Reference: https://twitter.com/James_inthe_box/status/1242183150022701062 fuckrat.000webhostapp.com # Reference: https://clickallthethings.wordpress.com/2020/03/23/avemaria-rat-xls-ads-and-eqnedt32/ # Reference: https://app.any.run/tasks/ce33bea3-9f2d-4507-ae43-2a96bb814bc5/ 5.199.143.127:5200 # Reference: https://www.virustotal.com/gui/file/36c4c7d76f7de9b21530cb4bdd38320e1255b0275b5d7999628e95f52839026a/detection 185.165.153.90:5200 # Reference: https://www.virustotal.com/gui/file/995ce74589c2ee66545a62d9f715b26735a5a18106015f1f3179629d83a55e9c/detection 45.147.231.168:5200 phantom101.duckdns.org # Reference: https://www.virustotal.com/gui/file/a58d37e03d37e6ba7fe426e2f8bc3e4a3c3618d8eae9cb7f9f62b391b92fce82/detection 91.218.65.24:5200 # Reference: https://www.virustotal.com/gui/file/16063a26361551b941684b336e20e311da78f53d65c803cf55b2290ccd2c42c5/detection 91.218.65.24:1515 # Reference: https://app.any.run/tasks/1f1d77d3-f131-46ac-b3f6-ea3705c65690/ 94.177.123.177:52544 # Reference: https://www.virustotal.com/gui/file/9b96a245dcff530e0c9e44e46ec3d7b2a0d2c979f2eab45d034ff66ac0323aa9/detection 185.247.228.246:5200 79.134.225.122:5200 # Reference: https://csirt.bank.gov.ua/news-ioc/78 (Ukrainian) # Reference: https://www.virustotal.com/gui/domain/unlimitedimportandexport.com/detection 79.134.225.114:49168 79.134.225.114:49169 79.134.225.114:49170 # Reference: https://twitter.com/JayTHL/status/1247913539924307968 winx.xcapdatap.capetown # Reference: https://www.virustotal.com/gui/file/b9626de5d7262ab3985c0a064e3855f7a40fb9a6a941a29f55c2cb67df503fcf/detection 198.50.243.173:52001 mfonwar.duckdns.org # Reference: https://www.virustotal.com/gui/file/328a5c568c870758cf0cab65296ad6b6a43e83346f03609fe84a3f25ec18ec57/detection 5.253.114.116:6667 # Reference: https://app.any.run/tasks/ee9a3ce7-1c43-4767-9f7d-5bd836afb695/ 79.134.225.54:7200 purchase.ddns.net # Reference: https://www.virustotal.com/gui/file/8e944862dbed48bf69c402e4d8b58b87092b9154e127f6786ef47132148177b7/detection 51.83.200.169:5554 # Reference: https://www.virustotal.com/gui/file/78ae67bcd77b61bb3351ea259ce5d73a87461e627dab8e81a6eabcd7c1641831/detection 194.5.98.22:4040 # Reference: https://www.virustotal.com/gui/file/ce49af22dbaeddc0d973256a12b169621404baaf617a7f8bc093d974ab0c5f2e/detection ab6b64b3.ngrok.io ef94c2ec.ngrok.io # Reference: https://www.virustotal.com/gui/file/c4f91744a0c1ef1b26212936537e430a333e7b6a94b5d351bace5168aee3c719/detection 2fff5496.ngrok.io # Reference: https://www.virustotal.com/gui/file/0d55101bad40167bfe9ee6cace2571db0a700b746e3a306036301936fe80b6bb/detection 23.82.140.14:433 # Reference: https://www.virustotal.com/gui/file/ebddbf171d569ce4db44a0284ac1cbe390e075854749713aa9186276036cacd6/detection qlox.duckdns.org # Reference: https://www.virustotal.com/gui/file/a102c4a2dfca8c218f1e65cbb5050012da856c3deba018d8c238fa9b09dd3a2b/detection securitysr.duckdns.org # Reference: https://www.virustotal.com/gui/file/061aba0cc132ebe2c8e666ffa001677463d9592b719247b3effb0d7e34a05614/detection 66.128.136.158:6667 # Reference: https://www.virustotal.com/gui/file/b4fa30c9108e903849b0a006ed91f4908e884c0214714e08895d7d8251931015/detection 185.165.153.212:5678 185.165.153.247:5678 smiggle.ddns.net # Reference: https://www.virustotal.com/gui/file/267b96f4e47346ccd8e19d7a6ffe38204b88ebf614f13268e27fe564e8caf934/detection 39.41.105.37:1996 grayspott.ddns.net # Reference: https://www.virustotal.com/gui/file/a560a69ff3ce3f6705ecde244b404055abf2865a3cf9c8caf4545bc127b74186/detection 79.134.225.5:1975 79.134.225.5:5556 maxcoopar.ddns.net maxcoopar80.hopto.org maxcoopart80.ddns.net # Reference: https://www.virustotal.com/gui/file/12caab7fa1930479e36119bd979a727539b9e2fb213aaeb8d02c8d232c97d43c/detection 179.14.168.79:1999 192.169.69.25:1999 dia9dejunio2020.duckdns.org # Reference: https://twitter.com/58_158_177_102/status/1280377733466345472 # Reference: https://app.any.run/tasks/db7a8d7e-36ae-4eb7-abab-d7b67a42d385/ 185.140.53.91:1867 # Reference: https://twitter.com/VirITeXplorer/status/1280415278774595584 20.185.199.35:5800 # Reference: https://www.virustotal.com/gui/file/931271a7d61eb05a68882f90042d1e109da4249bbc87f9480f6250484f81f131/detection 155.94.198.169:9115 waz.no-ip.ca # Reference: https://www.virustotal.com/gui/file/de8efff765420227a449b89e3398131fc2949d7b7be0b5794fd6b6b9dbccfacb/detection wazone.duckdns.org # Reference: https://app.any.run/tasks/097eed92-7211-44fe-a6f0-4959546bcb0b/ 4610215325.redirectme.net # Reference: https://twitter.com/James_inthe_box/status/1293267162258272256 # Reference: https://app.any.run/tasks/49ba0acb-fd7a-47ec-9998-cacc6eb875d5/ 185.157.162.81:20058 uknwn.linkpc.net # Reference: https://twitter.com/James_inthe_box/status/1295764954306326529 # Reference: https://app.any.run/tasks/db85aadd-841c-47ba-b331-541c7b8d70ff/ story43.ddns.net # Reference: https://www.virustotal.com/gui/file/b5397e498dcc57edb5746a9aea3b86c60933d567e2fcfce376efb7e1da0732b2/detection # Reference: https://www.virustotal.com/gui/file/0c89ea82f6be13d98bed32712966f66d2664264e026ca1d822b174a2483ed63c/detection # Reference: https://www.virustotal.com/gui/file/6c51877004df7e830c9afa8d698ad3102c3327c2d486b554ce6a4787931d40a9/detection 196.157.29.41:5200 41.233.195.30:5200 41.35.217.21:5200 # Reference: https://www.virustotal.com/gui/file/db2377b06ca2fa51438e54a011c5d04266c2c115806ec0b36f6138e4ca721a8a/detection 5.196.102.89:4342 # Reference: https://app.any.run/tasks/0eb62769-7d77-4371-988f-5e3ccf12bc0d/ bigmoney2020.ath.cx # Reference: https://app.any.run/tasks/0bc9ba17-1bac-43e2-b3ea-84948ca3b95a/ 103.207.39.83:1021 # Reference: https://www.virustotal.com/gui/file/fb9e1f0ad494ffc39d06ba6b0df33c1aa5e059e10e1c366d9a3a2bc462c4ff59/detection # Reference: https://www.virustotal.com/gui/file/6534a7953482135c6b462c90fb9d33dcf7ed9094fd42704266debab1cc775524/detection 93.174.89.30:5200 # Reference: https://app.any.run/tasks/71d495f0-d275-412c-9523-b89c3952ca45/ 192.236.249.173:2709 # Reference: https://app.any.run/tasks/42df4e1e-29ad-4b1e-9359-ae37142102c5/ 150.242.14.61:5552 iphanyi.mywire.org # Reference: https://app.any.run/tasks/c1d64385-f10d-420c-aee8-b7b752d5779e/ 94.158.245.3:6969 # Reference: https://app.any.run/tasks/f79cdfd6-8c81-4a56-afc6-9084473730d6/ 185.32.221.45:5200 minekroft.duckdns.org # Reference: https://app.any.run/tasks/615af023-eeb1-432f-bc62-763a2d2eba28/ # Reference: https://app.any.run/tasks/9fb314c8-72f9-4a82-87be-e035d52ce071/ 178.170.138.163:4554 # Reference: https://app.any.run/tasks/42fdc696-a9f8-48ec-b94e-59b91a73910a/ 185.19.85.177:5200 # Reference: https://twitter.com/h2jazi/status/1321867657956806656 # Reference: https://twitter.com/h2jazi/status/1321867659605086209 # Reference: https://www.virustotal.com/gui/file/a3cd781b14d75de94e5263ce37a572cdf5fe5013ec85ff8daeee3783ff95b073/detection # Reference: https://www.virustotal.com/gui/file/1c41a03c65108e0d965b250dc9b3388a267909df9f36c3fefffbd26d512a2126/detection recent.wordupdate.com wordupdate.com # Reference: https://gist.github.com/silence-is-best/0aa844b003c62c6ce491e91e168ac662 # Reference: https://www.virustotal.com/gui/file/71435231f2c9636b8286fbc31f59a95fc8a2f9a598525f4c9c65c7b1f6c3c634/detection 79.134.225.95:2442 bestsuccess.ddns.net # Reference: https://www.virustotal.com/gui/file/ac6fe5d0dc9129225e65b82c6b992641ed6f036c1ae62f8e889821580416ebab/detection 194.5.97.15:9901 wzefi.duckdns.org # Reference: https://app.any.run/tasks/5b60dcaa-7155-48ff-8428-722bd4b2872b/ 52.146.42.226:5600 # Reference: https://app.any.run/tasks/37e8edc3-4e05-40c3-a8ff-355da5f73564/ 209.127.186.228:5200 warzonecastro.ddns.net # Reference: https://www.virustotal.com/gui/file/d0ef59cdc766a5abb2c652273bcd713aaf660c6631154f78c1fc028934ebd083/detection 91.193.75.6:5988 # Reference: https://urlhaus.abuse.ch/browse/tag/AveMariaRAT/ # Reference: https://www.virustotal.com/gui/file/6cb291e90e6b603de38931adb89ca89d0745a487169ed46e10669d2890eb627d/detection 5.196.207.55:7272 # Reference: https://www.virustotal.com/gui/file/3b84ae0d295425279c7636ff3de98950d1f6ebf935b79a23049842d85c9d905c/detection 34.208.109.201:5200 # Reference: https://www.virustotal.com/gui/file/788fb7921aa27add6ee4a6e7927c8475236eb9cf82faef193c4d113b8da886c0/detection 141.255.157.54:1605 # Reference: https://www.virustotal.com/gui/file/08c0209ce6617b4737872ac19223aacd84a752b8f4b013823ac6107f7f1d74ab/detection 136.243.31.186:1608 # Reference: https://www.virustotal.com/gui/file/f3f654a41d57053362f7306f9a432c1341cbd57dce82f0940108a73917a8a934/detection 193.161.193.99:40377 # Reference: https://www.virustotal.com/gui/file/535b6e5e8cd0fd9610c321d9b5e7fb95d18e0161a8a8d63a8a35913d6e6a4866/detection 192.169.69.25:5200 # Reference: https://www.virustotal.com/gui/file/0356ea425eda4c9b1d7a8d58879c441e29919d491b85e84eb4f96c9113052818/detection 177.75.41.196:5200 # Reference: https://www.virustotal.com/gui/file/dd0c8701d0d9e62c7b354e97e41cfec6aa85da269cfa6a6490ba68cce58b2385/detection 91.193.75.5:7711 versi.duckdns.org # Reference: https://www.virustotal.com/gui/file/90001df66b709685e2654b9395f8ce67e9b070cbaa624d001a7dd2adbc8d8eda/detection 155.94.198.169:1991 pounds1991.duckdns.org # Reference: https://www.virustotal.com/gui/file/7ca83349bed484f6eda4ad1dce51d4b1ed79c76a535f56c85033977b3728a3b5/detection 162.218.122.109:1117 # Reference: https://www.virustotal.com/gui/file/1a9644d007b728f70a743529ea97b910baf33351a405d35c065c4d7eccda2b2c/detection # Reference: https://www.virustotal.com/gui/file/4083be0a99183e9b1da84b0a360b67c452b09302ce536c5b3cfa3ccdd36fea0a/detection 69.65.7.134:3890 eldragon.ooguy.com # Reference: https://twitter.com/Racco42/status/1329057446787215360 # Reference: https://app.any.run/tasks/72ef6190-f792-4672-b679-591641f92913/ 156.96.44.201:5200 auditor3.duckdns.org 8e3d-wzr.duckdns.org # Reference: https://www.virustotal.com/gui/file/43401d61e09bbe698a38b98a0a74e46f5d2daf28d2d115339a67d8a18a86e71a/detection # Reference: https://www.virustotal.com/gui/file/3c2952b8e4351727e26025036532b31841b06c45b5e0e3faec4110d1959aad8b/detection 79.134.225.37:5200 91.134.167.159:5200 icey.awsmppl.com # Reference: https://www.virustotal.com/gui/file/5385cc5d2b11648b15c2d43657b85092dce7effdadad1c98c5e7ef597f2e7ee4/detection c.awsmppl.com jikk.duckdns.org /iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii/ /iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii/Ynte # Reference: https://www.virustotal.com/gui/file/a050a83263058dd2a74f2b7490e8bffb188a3a7a241ad83032b3d10c701ce39c/detection 183.104.220.151:5555 kwen0939.codns.com # Reference: https://app.any.run/tasks/88df6565-81e6-4774-80d6-d05d3cb3c4de/ 195.140.214.82:6703 aogmphregion.org.za # Reference: https://app.any.run/tasks/0a43f51f-93e7-4f01-8a9a-6b1785fdb7d8/ 45.147.231.232:5200 syncronize.3utilities.com # Reference: https://app.any.run/tasks/4fd30ffe-3e23-4032-8522-03eb6ae4a33e/ 149.28.115.223:3404 # Reference: https://www.virustotal.com/gui/file/d0e70f2ede6386eb36547cc0bfb0b972ea402ea569505cfd97c740c9d5e28d63/detection 79.134.225.9:1313 2c04mm.hopto.org # Reference: https://www.virustotal.com/gui/file/43884a1b9effdb7893f607139d10d82eb42a1b6dd66af3c9935b692d9a694791/detection 37.221.115.52:40701 psalm21.duckdns.org # Reference: https://app.any.run/tasks/4bf7a851-6342-4886-a321-5ae2972e029a/ # Reference: https://app.any.run/tasks/9da5599d-a818-443e-b960-ad35d0fa3e54/ 185.150.24.27:5200 185.140.53.227:5200 goodyear21.duckdns.org # Reference: https://www.virustotal.com/gui/file/504e0489472d6107d56d6d4f88600200b055bd97c3158ef1c9a54ea38074351a/detection 37.46.150.86:5200 # Reference: https://www.virustotal.com/gui/file/492b57cab7d4eed865141cff12e5c0a9cc551f848b5bce90a36b5868b6be926c/detection # Reference: https://www.virustotal.com/gui/file/7ec6ac9a3213f3a69d19a3209b763cb429b331fda2cf1ab02cc0cd4cff953a70/detection 91.193.75.251:43526 ie2z2.ddns.net # Reference: https://twitter.com/reecdeep/status/1354070251911213057 # Reference: https://app.any.run/tasks/291734ae-12f5-4350-a320-2da1583ed5e7/ 52.146.42.226:5600 # Reference: https://app.any.run/tasks/d7f182ab-5a09-4a5f-8741-6063eb65cddc/ 185.244.43.60:5200 # Reference: https://app.any.run/tasks/a063c378-3cca-464e-a95a-2e8e39b240da/ 79.134.225.115:7112 yetye.ddns.net # Reference: https://twitter.com/executemalware/status/1359294408814956546 # Reference: https://pastebin.com/E2bbqwqC # Reference: https://www.virustotal.com/gui/file/ee0b28949b01044f151f04743d49f6310a70de7339ad4936afd79b5c8a724025/detection http://45.145.185.153 45.145.185.153:5210 # Reference: https://twitter.com/satontonton/status/1359507457362415617 # Reference: https://app.any.run/tasks/f71d16ef-1e0b-4789-b86b-fc980af5c619/ # Reference: https://www.virustotal.com/gui/file/4d05a527675f1cf3d6192a8336a174df03a542c69b126ef0263706fa1537d921/detection # Reference: https://www.virustotal.com/gui/file/3ed44cbe5246f325af70060e29e1ac6b9cd154cbbf1491c04f3fe4add9d2d442/detection http://111.90.149.168/autom.html 107.175.1.186:54213 # Reference: https://app.any.run/tasks/e131bcfa-6402-4c90-9bf5-b89a1305b59f/ 139.28.235.223:1234 # Reference: https://twitter.com/reecdeep/status/1361276747392704513 # Reference: https://app.any.run/tasks/7effca1a-1ffa-4e27-89e0-599c42df2e70/ 137.116.87.64:8400 # Reference: https://tria.ge/210215-q6gln4q3wj/behavioral1 37.46.150.67:5211 # Reference: https://app.any.run/tasks/77aeaadc-ce9e-45a6-8ad9-edb1b6db4b25/ 185.140.53.243:11754 # Reference: https://www.virustotal.com/gui/file/200b6e75f3cf519f4e85c2ca1ed0aa458f6c0fca011f5e7c76dec1911c23b0e5/detection 95.165.5.79:1340 # Reference: https://twitter.com/reecdeep/status/1369975299664908290 # Reference: https://app.any.run/tasks/23c27210-a6c6-4d8f-8af1-cfb338707b78/ # Reference: https://otx.alienvault.com/pulse/604b58f15d9f775f69553290 79.134.225.26:3141 cbngroup.duckdns.org # Reference: https://www.virustotal.com/gui/file/b92de2b0a516b39be2debd436167dc0fce504f98e1fb95230393b8745b9f85dd/detection # Reference: https://www.virustotal.com/gui/file/d0c9866eae91701201a24089089e04c6e7aed78997c04d5e681c3e731e56e816/detection 185.19.85.151:1990 farahpower45.warzonedns.com # Reference: https://www.virustotal.com/gui/file/20fdfd5f97c412473ef17a980fd6ec16d59092ef1f9da5532344acbfb534649f/detection mit.warzonedns.com # Reference: https://www.virustotal.com/gui/file/86539dd3983a0edd712ab3831130ddf317e92944bf6ace1f6846b886f31a1ccd/detection 193.56.28.206:5200 black.warzonedns.com # Reference: https://www.virustotal.com/gui/file/c7e9a961c18f29d0c87232ed3a3829db6658b83fa693bce257079dbba8c19a65/detection au.warzonedns.com # Reference: https://app.any.run/tasks/95e995ad-a108-4b3d-bfbb-03def6144333/ 104.209.133.4:7500 # Reference: https://twitter.com/neonprimetime/status/1381955462967476228 # Reference: https://twitter.com/ps66uk/status/1381962342200606723 # Reference: https://app.any.run/tasks/0cf85641-e5be-4979-9e97-8afc0f30fa67/ # Reference: https://app.any.run/tasks/65952547-7f8a-4505-a425-0422ac4f40cf/ # Reference: https://www.joesandbox.com/analysis/384058/0/html # Reference: https://tria.ge/210413-mp9t774whx # Reference: https://www.virustotal.com/gui/file/6cb41881b598c60c42e387639f439de19d8d38d8ab7decc539275da86f44d57e/detection 178.170.138.116:6021 beda.remcosagent.com cfr.eur-import.com maskcovld.ga # Reference: https://www.virustotal.com/gui/file/8c08527b2f800a885e149e4885d48f881460a7a95f87aed31e34265e7720ef5a/detection 91.207.57.51:57797 rat1234.ddns.net # Reference: https://www.virustotal.com/gui/file/d7df4ac0cb45d0a0e9e6d237ffc95b19c557a6d8a8753dfbea41b5425ffb84f1/detection 185.244.30.118:9090 parosp1.duckdns.org # Reference: https://www.virustotal.com/gui/file/067e134111d09e1a91aa5466c485189b33aff7c3bd6efb09056f1edddb1296ad/detection 194.5.99.47:9090 parobk1.duckdns.org # Reference: https://www.virustotal.com/gui/file/afec970c19cf52710146bad6dbcf78328ce88891bbd9cf726a7dac38545b39bc/detection warrsppa.duckdns.org # Reference: https://www.virustotal.com/gui/file/342cb4abad3390f7ee7443b8b007f8b767d88afe846fe0c096acb6b68449cf4c/detection 165.22.238.120:56812 round-brush.auto.playit.gg tor2.playit.gg # Reference: https://www.virustotal.com/gui/file/7b49cb94af4e1f43b5197c7ab0d0a6a0c59cd33abba978d877a7933e31e7aa9f/detection 134.122.66.170:59829 brash-bite.auto.playit.gg # Reference: https://www.virustotal.com/gui/file/95aa5e6660ad096f6f3273f0f2bda2a935a5674d6904f91a0394c9cef9279ad0/detection # Reference: https://www.virustotal.com/gui/file/7f3169ecdc795f8b01afb05e074dbd62bf24407dabaeb635918e71db23579af1/detection 134.209.194.210:1604 134.209.194.210:54950 134.209.194.210:55180 134.209.194.210:57183 defective-experience.auto.playit.gg miniature-car.auto.playit.gg normal-knife.auto.playit.gg # Reference: https://www.virustotal.com/gui/file/b5bc70d63ab20ffded67bbc999d1db56d93e7a0e17fa2f9304ef15f0a6e89a48/detection white-fuel.auto.playit.gg # Reference: https://www.virustotal.com/gui/file/e69548a8006b100284c6c1f6429bc1625e69994333041a35ce98803381b71dc7/detection 188.244.63.241:25565 # Reference: https://www.virustotal.com/gui/file/5dde5153e0385b320c18aede7cc5c6208aa7791e2f44ecb8e676973640614976/detection 88.124.75.73:6766 warzone.ddnsking.com # Reference: https://tria.ge/210608-nj6t2mfqqe/behavioral2 79.110.52.7:65535 hongphilxxx.duckdns.org # Reference: https://twitter.com/MBThreatIntel/status/1408064073963429900 # Reference: https://www.virustotal.com/gui/file/2960795548bdc081bce7c2b6931113fc2dbceec5778a0de4e988ace7522594aa/detection 13.82.24.228:5918 # Reference: https://twitter.com/ffforward/status/1410316799288168449 # Reference: https://tria.ge/210630-x1j748z73s 185.157.160.215:2211 # Reference: https://twitter.com/pmmkowalczyk/status/1413072265231618050 # Reference: https://www.virustotal.com/gui/file/698af940b3ff533826faf92c237801109ded9a8fa32ca6ff50d5f33dc002c98c/detection 194.5.98.48:6397 # Reference: https://otx.alienvault.com/pulse/60f175f21b10b1685963b86a dar123.hopto.org dfdgdsasedw.ydns.eu freebeeskatobi.ydns.eu hutyrtit.ydns.eu sdafsdffssffs.ydns.eu # Reference: https://www.virustotal.com/gui/file/1c2e2cbb43d0e1fb959efad9fb85730d708ca9a4e55fda7fcd1eb54f4c9b4533/detection 95.217.123.5:5200 gecisdiktatura.chickenkiller.com # Reference: https://twitter.com/James_inthe_box/status/1417475970571718660 mechenchan.duckdns.org # Reference: https://www.virustotal.com/gui/file/086c0b29b43cdcfd00353fa67eeb543249679751e7f094a3ab9e9e73ecd26427/detection 94.187.0.44:1337 outlast.ddns.net # Reference: https://gist.github.com/silence-is-best/ac1440dcf7aec90a53905ae86559e621 # Reference: https://www.virustotal.com/gui/file/3177069234115aa28299e1afde950a6c33b82be8216631eb7536096d41d4de4c/detection 185.222.57.73:4557 # Reference: https://www.virustotal.com/gui/file/e150f981d43106895ce64ebce7b41ae17b0eed49baa4cfc0d8d09c98dd208e8f/detection 37.0.8.164:34566 37.0.8.88:34566 dfdgdsasedw.ydns.eu freebeeskatobi.ydns.eu # Reference: https://www.virustotal.com/gui/file/7a2efc884ed3f2c590ab5f93423e06ed2451376c980e707698e3c2e5eddecca8/detection 91.193.75.162:50501 # Reference: https://www.virustotal.com/gui/file/9d43e942f513a32e1c0db58de3d63abb24a8a4bc7bef3da4a6106656b9a64a5f/detection 136.144.41.126:5032 # Reference: https://www.virustotal.com/gui/file/775cfcf79ac7d82a18e8b6ff0f9af25a9a491845701eff20fada7d25f614c697/detection # Reference: https://www.virustotal.com/gui/file/775cfcf79ac7d82a18e8b6ff0f9af25a9a491845701eff20fada7d25f614c697/detection # Reference: https://www.virustotal.com/gui/file/c062384d4e1440157f122e34cde7c95211081e656fa90293d4d900c4842305fa/detection 185.118.164.226:4545 185.140.53.43:4545 185.244.30.72:4545 princekelvin.ddns.net # Reference: https://twitter.com/Racco42/status/1438245360191905802 # Reference: https://app.any.run/tasks/4990b05f-79d6-405d-8985-3ce79bd17e01/ 45.9.20.52:5200 # Reference: https://twitter.com/reecdeep/status/1459121655482040343 152.67.253.163:5300 # Reference: https://www.virustotal.com/gui/file/e49b3840ec14e4bcc2daa9e5a313cf2c89917d908d06ea4a8b3c020d9c5039d9/detection 45.61.136.106:443 # Reference: https://twitter.com/pr0xylife/status/1463431274467663880 158.69.21.251:5200 # Reference: https://twitter.com/pr0xylife/status/1462797688068530180 # Reference: https://www.virustotal.com/gui/file/8a95c7538769ac54ee75a5dfa3f86b5405c3b2ffe7f4e6044495f4878f5904c8/detection 45.137.22.79:4520 newmanserverug.ddns.net # Reference: https://www.virustotal.com/gui/file/302c3f1d8be76f1fe6d51f4f2b8dd0061448b6fcfd6b3adc4350682443e883d5/detection # Reference: https://www.virustotal.com/gui/file/71009577073b8bb81aa03ae1297593944de423e05066062fcb24bbfa2ed8f891/detection # Reference: https://www.virustotal.com/gui/file/6e39e977c4fc8fe87ac857a349fdeaf40873cb296e46ca715a223fdf012b0143/detection 79.134.225.112:9010 91.193.75.203:28888 91.193.75.203:9010 win64pooldrv.ddns.net # Reference: https://www.virustotal.com/gui/file/d5b6dc368085386ec8aeaee8f7f4d19403adaaccaaf5f5e59186141998c42c9a/detection # Reference: https://www.virustotal.com/gui/file/6072185720cbcf2add1e2ada668484a4d55c601fcb2840ca6b7fbf9dfacdefb8/detection 135.125.21.72:60977 51.161.104.181:60977 pentester01.duckdns.org # Reference: https://twitter.com/ScarletSharkSec/status/1458085120502636544 # Reference: https://app.any.run/tasks/9607714f-d156-4a26-a3aa-eb92fba3f448/ 198.46.132.206:5270 darkworldblackerlocker.dumb1.com # Reference: https://www.virustotal.com/gui/file/5b185af278fe0bdf4ed8724f98efa63f50c2bfc5a3d704d31e7a1d08a8089d39/detection 37.0.11.51:6703 hutyrtit.ydns.eu sdafsdffssffs.ydns.eu # Reference: https://twitter.com/sS55752750/status/1467934024899432448 # Reference: https://www.virustotal.com/gui/file/ee75541416cd73e6e97e746b48d7300a98628ed655556e9be9347b8d0e3ee1d8/detection 46.246.86.7:2022 warzone22.duckdns.org warzone33.duckdns.org # Reference: https://www.virustotal.com/gui/file/c9b3673536c85cdc9f5497f81937c40d103f046d3cb0712be89d29b54addbe37/detection 149.56.200.165:5200 # Reference: https://www.virustotal.com/gui/file/8defc909ab30f1e694bda9aa5e71aeaa738c5649979f40c998b134460e511164/detection 23.227.199.106:5200 # Reference: https://www.virustotal.com/gui/file/d2e1b53d1f7bb3384d2a9fb6264eb721b2696be80b7ec806588bdfdb983d20cc/detection aldaet.linkpc.net # Reference: https://www.virustotal.com/gui/file/11a19c8822a580d276155e75981b3445d48b51728bd9b4a9067e62544cd80f48/detection 185.200.116.203:46012 actonacornpany.com host.actonacornpany.com # Reference: https://www.virustotal.com/gui/file/3e52503cc1b664efb9fa89c2bed4adff5d460bffbe0dba536363edb5cda1c603/detection 194.5.98.244:4545 engkaa.ddns.net # Reference: https://gist.github.com/silence-is-best/e2af8aa61000e4b740934331291c619b # Reference: https://www.virustotal.com/gui/file/db9a4982fb755dfd0e0373171e7a39961c9e97ede3a46941f433f756f5b2f5f1/detection 2.58.149.180:768 officelogs20.duckdns.org # Reference: https://www.virustotal.com/gui/file/3c4f9e2ee772689549b460628a78cc6f0c04255d3195e69f5ac9d4e30cf14461/detection 213.152.161.211:30132 blaq.nerdpol.ovh # Reference: https://www.virustotal.com/gui/file/9f3104bf3f5c271ba04c5038a615dfcbc4b9baca3daffe86689b535d4a047a7b/detection 79.134.225.79:3073 softwarehost3.ddns.net # Reference: https://twitter.com/reecdeep/status/1481997298326556677 152.67.253.163:5300 # Reference: https://www.virustotal.com/gui/file/cf4e53b7758ebb9a9470cb6fd3a2c69fcd96e045534ab80a44eac752c09e50f0/detection 129.232.17.6:5200 129.232.17.6:5500 jerenyankipong.duckdns.org # Reference: https://www.virustotal.com/gui/file/d7ccb616fe7cb8a33d18db6b40c9221db0d7eab713d189306fd7e7565c5d2da8/detection 152.67.253.163:5300 # Reference: https://www.virustotal.com/gui/file/c37a27f67059a2781034c6c88fb0c4df654700c75d384b25ca3d7fb07858200b/detection 20.114.22.8:7740 # Reference: https://www.virustotal.com/gui/file/89ed16f9214919470861795805ab79f483805c5857d744dbf3677df8f975b91d/detection 172.241.27.208:5200 # Reference: https://www.virustotal.com/gui/file/b5cea089bb899e75deef98dc1569dc3af17a070f6fa594377b49299d63bbbd8f/detection 45.137.22.142:4546 subwayblessings2022.ddns.net # Reference: https://twitter.com/c3rb3ru5d3d53c/status/1263284829027786752 # Reference: https://twitter.com/malwrhunterteam/status/1263197050713358336 # Reference: https://twitter.com/InQuest/status/1484639512231874562 # Reference: https://app.any.run/tasks/610c989b-c7b9-468f-8b49-4a8042b040dc/ the-moondelight.96.lt # Reference: https://twitter.com/pr0xylife/status/1486344615934537739 194.5.97.106:29607 # Reference: https://www.virustotal.com/gui/file/aac09011a3c3e7adce5c2fa1672b428d6a565993641bf350dd65f8c0319dbfd8/detection 104.168.144.44:6655 samav.ddns.net samav13.ddns.net samav15.ddns.net # Reference: https://www.virustotal.com/gui/file/541edd0b23eb209ff5c4dba556e429099a86e6aa2d1ac57213dffb43bc5d0f2a/detection # Reference: https://www.virustotal.com/gui/file/abc5f306aae4ed8a42216e5b16b14b312eac674877724fe3b9beb56b8e6cfb47/detection 79.134.225.71:3659 udokakingsley08064153012.duckdns.org # Reference: https://www.virustotal.com/gui/file/1c79a3cb93cc750d4489ae93af166de60ba9a907d0d13d6d8f5221ba11868728/detection 194.5.98.42:5200 ekuroekuro.duckdns.org # Reference: https://www.virustotal.com/gui/file/a9da8a923591403edd5525367e54c18530a140a42606460cf2941e0792b726e0/detection # Reference: https://www.virustotal.com/gui/file/5cf15c819fc015b90e40578520b91f1f7f08953b86b297b4614c7edda7fb3140/detection 65.108.47.204:1111 65.108.47.204:4119 mobibanewdan.duckdns.org # Reference: https://www.virustotal.com/gui/file/0b820ea2abf59d6499f192ba4d8278abf58fbb5f62ae58fcb2def5776f616586/detection 194.5.98.11:8593 hafiznor336.duckdns.org # Reference: https://www.virustotal.com/gui/file/1af3e85910824617005e4800b65b02ada8c8e523c2a2acd9dd62d30292a77b1d/detection 182.191.208.74:5100 john0071.duckdns.org # Reference: https://www.virustotal.com/gui/file/979cb2c1639a9346a24f90d7285cb65698e28be3665e3987485778ed6de6133a/detection 2.56.59.218:4802 davewarzone22.ddns.net # Reference: https://www.virustotal.com/gui/file/df89b24a6d5aa863a8f74587615c997510a46dc5fe6dc52389047b8d0753b1f2/detection 104.168.190.126:9090 febbit2.ddns.net # Reference: https://www.virustotal.com/gui/file/229a02b7daf1a8531508d2cea0b8496286c011e56453a48485928f3c853528a3/detection 206.189.139.209:1609 grace.adds-only.xyz # Reference: https://www.virustotal.com/gui/file/85fa43c3f84b31fbe34bf078af5a614612d32282d7b14523610a13944aadaacb/detection dost.igov-service.net # Reference: https://www.virustotal.com/gui/file/ab476ce105370135bc45ee9b3d946f99647203d61396f8c626139de16cfbcf84/detection 212.192.241.50:110 # Reference: https://www.virustotal.com/gui/file/de9bc3a4498c44e9dd876a38ec704dbd9c8a0830abd6d1be8a18a9593d913066/detection 91.193.75.132:7890 guiller.ddns.net # Reference: https://www.virustotal.com/gui/file/a8c67a11ed522bf597feb8b50a5b63f12a5ac724ae6adcc945475654128f6d64/detection 64.188.13.46:13372 # Reference: https://blog.talosintelligence.com/2021/09/operation-armor-piercer.html # Reference: https://otx.alienvault.com/pulse/614d8464e04053aeca2a69b6 # Reference: https://www.virustotal.com/gui/file/b891fad315c540439dba057a0f4895ae8bae6eed982b0bf3fb46801a237c8678/detection 5.252.179.221:6200 # Reference: https://www.virustotal.com/gui/file/0df12b0f704dbd5709f86804db5863bd0e6d6668d45a8ff568eefbaa2ebfb9fd/detection 64.188.13.46:65535 # Reference: https://www.virustotal.com/gui/file/405f55cef9980bfa086c1d5a20d515aaba814c31eda2b8e63141cd4157fe8078/detection 194.5.98.225:4545 hotboy01.ddns.net # Reference: https://www.virustotal.com/gui/file/b1eb60b93f25d7ffc3307601d540a001f3ea810b5aa2a7ea2c95a55f3662117e/detection # Reference: https://www.virustotal.com/gui/file/19f738a808d73f6898982f97921b81a5ac0f867813377c185a4c8bb4001e2ea5/detection 102.129.214.34:5200 olypath.com # Reference: https://www.virustotal.com/gui/file/f7bfcd8b5f729f84312dff4ad0bcafb2f18b34782fd6d8a32db906fb0019bed4/detection 217.138.215.19:5200 # Reference: https://app.any.run/tasks/5e177c75-0d36-469f-bd70-e3d1c452539b/ 76.8.53.133:1198 # Reference: https://tria.ge/220504-kvfmxagbgk 45.83.129.166:6746 nweke.ddnsgeek.com # Reference: https://www.virustotal.com/gui/file/f80d495f6507cc801c676971413517e0364668271f09898a6ac564f1a347d362/detection 45.61.136.244:5200 # Reference: https://www.virustotal.com/gui/file/e8e7cf611bfb468ddf6f73abccd708d9f25b9b2c76e2c4f7f9a1e10af38304a9/detection 185.183.98.169:5678 warzone.ddns.net # Reference: https://www.virustotal.com/gui/file/dc67ab4d180cb48d29a4c66f0fe0df17b45b2c75fdf9dd22399f056b4a294858/detection 185.183.98.169:20911 # Reference: https://www.virustotal.com/gui/file/44c98acf2c565b1b1412c002590b7870c8edc5f64d99af311873355c532edeeb/detection # Reference: https://www.virustotal.com/gui/file/3e7aaa1c9cd3e4ea1535a84520cd98fa06ab5ae0893291bdfe4a03991a9def92/detection 136.144.41.223:3864 georgerandome253.hopto.org userrandome253.hopto.org # Reference: https://www.virustotal.com/gui/file/f72d78438de45cac03cd9145af801de62abc023cf0a7766b3eb0802c2de26b99/detection 79.134.225.8:8593 worryless346.duckdns.org # Reference: https://www.virustotal.com/gui/file/bce1723245d13050d1de61f9c8d4ebdf13442208f3baba2326c79d62c3709983/detection # Reference: https://www.virustotal.com/gui/file/2775f8771630ffad088473e525e9f7f5bbea7e3314569480eb9efb4767ad1dc6/detection 45.144.225.207:2612 45.144.225.207:42543 dreams2reality.duckdns.org lunovim957.duckdns.org # Reference: https://blog.morphisec.com/syk-crypter-discord # Reference: https://otx.alienvault.com/pulse/627e53f1eb6450408e7f1873 185.19.85.163:9961 # Reference: https://www.virustotal.com/gui/file/f31590418c1f1d2e5919cfb0110446d51d0c61b3e7d8647009a5426277c81646/detection 45.153.241.55:1334 # Reference: https://www.virustotal.com/gui/file/d4806d471b5129fa9fdfdeac62f5324c8e4902ff45972ce74e12ad6b6ae8ffe1/detection 87.251.79.126:5200 # Reference: https://www.joesandbox.com/analysis/1003536#iocs a0678326.xsph.ru # Reference: https://twitter.com/JAMESWT_MHT/status/1531671840376213506 # Reference: https://tria.ge/220531-tmxqwsfdbj/behavioral1 185.222.57.173:3408 morientlines.com moseslogs2022.ddns.net /xerofileupshsgdydpdfseudidofndhehuplosdsdocumentghy/ # Reference: https://www.virustotal.com/gui/file/8261319746473bcd13288e3108479e3d69f0f4c50ed73a07bb7d4e14604502d4/detection 72.11.143.47:999 mubbibun.duckdns.org # Reference: https://www.virustotal.com/gui/file/aeb7df40c4885a1fdb53f69f223c4a6dd6e3f8efc5228467ac968d6b8f21dc06/detection 195.133.18.195:2022 danseeeee.duckdns.org # Reference: https://www.virustotal.com/gui/file/bed5cb0cf5b1a2c39f99f8db9b824c3cf1bab420c889d86e564087a08abb0cf2/detection 2.56.59.20:1107 onye22.chickenkiller.com # Reference: https://www.virustotal.com/gui/file/635b4f2a2db2866c53365195cc148984a185bd5402bd820a092044b270d8a3e0/detection 185.29.8.57:5200 zoneproess.duckdns.org # Reference: https://tria.ge/220601-gb96maegb2/behavioral1 185.222.57.146:4048 subwayhost2022.ddns.net # Reference: https://twitter.com/reecdeep/status/1532669837150982144 # Reference: https://app.any.run/tasks/f96ceaaf-fc1f-43db-b104-0579a188605e/ 185.140.53.12:8833 # Reference: https://app.any.run/tasks/fb045a2d-1371-4cef-84e4-62ab2bdff68e/ 23.105.131.186:5050 ratagain.gleeze.com # Reference: https://twitter.com/James_inthe_box/status/1534907517691580416 # Reference: https://app.any.run/tasks/bb383f1c-313d-471c-97b5-658bdb4b5701/ 45.137.22.35:5200 officeday2022.ddns.net # Reference: https://www.virustotal.com/gui/file/618205672ba54905202194e797f61aa69fd967d0cc23a33f4244450ff1d59877/detection 91.109.176.13:7771 trueapp.myftp.org # Reference: https://www.virustotal.com/gui/file/8e5b309b3ece072bcf7a9e4a0b55630ad28840fbcd88b321fd432ec5145ed85e/detection 185.222.57.146:4048 subwayhost2022.ddns.net # Reference: https://twitter.com/StopMalvertisin/status/1539870882625376256 # Reference: https://www.virustotal.com/gui/file/0e4ad18e1078eccf7911e552ca943984c583c1efe7fa4672dbaa9ee6fc759424/detection 37.0.11.237:1956 vasticbless.hopto.org # Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-24%20AveMaria_Warzone%20RAT%20IOCs 184.75.221.179:47449 secureyourdataarea1.duckdns.org # Reference: https://github.com/0xToxin/Malware-IOCs/blob/main/Warzone%20RAT/Warzone%20RAT%20-%2025062022 91.192.100.49:11101 # Reference: https://gist.github.com/silence-is-best/7b71542e9713d9e8c2546090a1358789 # Reference: https://www.virustotal.com/gui/file/4773e7cef2bdb468e3b4f8a3cc282319c697f6b390a7d0674e48fd43849d8108/detection 37.0.11.205:1339 # Reference: https://www.virustotal.com/gui/file/1a3ac49b9cc0b78da7d8cf410a4be97481115da2ff1a06a06c4d1a9ba57f38a3/detection 197.210.226.167:5050 kashbilly222.ddns.net # Reference: https://www.virustotal.com/gui/file/9f703f3f4b595a08f818bffcca7b4aa7738773509cd1fd02b8a2675689c7afdf/detection 37.0.8.20:5800 babajay.ddns.net # Reference: https://www.virustotal.com/gui/file/c1c8d9b5633bd87a8281c47f6b6670b9fde46113fa6ac0513bc9fb98ac20719e/detection luckyfavour2022.ddns.net # Reference: https://www.virustotal.com/gui/file/d09591792ea775c3df325fa9d40e239b1ddafef7a92078fd5fdfdc7a4b2a306d/detection 45.137.22.143:4926 mynewserver2022.ddns.net # Reference: https://www.virustotal.com/gui/file/ebcf3aeae13aefe1081740f50900a39816f4d8cc4b6699365001b79fdd69d22b/detection 217.64.151.102:50327 # Reference: https://github.com/0xToxin/Malware-IOCs/blob/main/AveMaria%20RAT/AveMaria%20RAT%20-%2004072022 # Reference: https://tria.ge/220704-nl4vxsghej/behavioral1 79.134.225.54:5050 # Reference: https://www.virustotal.com/gui/file/00395714d69de889f1e3e178bd5d25e9ba3f9f8f353b6ccc4acc1580e80a1bf1/detection 185.140.53.130:8800 # Reference: https://github.com/0xToxin/Malware-IOCs/blob/main/AveMaria%20RAT/AveMaria%20RAT%20-%2007072022 104.144.69.139:2025 # Reference: https://github.com/0xToxin/Malware-IOCs/blob/main/AveMaria%20RAT/AveMaria%20RAT%20-%2011072022 172.93.165.201:73 dkhurams.duckdns.org # Reference: https://github.com/0xToxin/Malware-IOCs/blob/main/AveMaria%20RAT/AveMaria%20RAT%20-%2019072022 172.93.165.156:55 bed.fastestmaking.com # Reference: https://twitter.com/StopMalvertisin/status/1549826315884572672 # Reference: https://tria.ge/220720-wbe3tadde9/behavioral2 # Reference: https://www.virustotal.com/gui/file/019c8e9b891f39e6ee22a2cbe59301c0a7c9063dc0db178ace9db0724fe83a72/detection 172.86.75.12:5427 mt4blog.com # Reference: https://www.virustotal.com/gui/file/8da032f8ee789e10a1bfe21e86c7a320a99c25a7d79561e4e6f33dcb730ac49a/detection 45.154.98.232:1996 vbnuxy.hopto.org # Reference: https://github.com/0xToxin/Malware-IOCs/blob/main/AveMaria%20RAT/AveMaria%20RAT%20-%2026072022 # Reference: https://tria.ge/220726-ghde8seccn/ 185.222.57.164:4256 shalroy2022server.zapto.org # Reference: https://twitter.com/James_inthe_box/status/1551605691701374977 # Reference: https://app.any.run/tasks/b8f6b5fb-523f-4569-991b-44942a1a027b/ 185.222.57.173:4980 mosesmanservernew.hopto.org # Reference: https://twitter.com/ankit_anubhav/status/1553048821407436800 185.62.86.145:42020 # Reference: https://tria.ge/220728-tvg1eahhbm 64.52.80.27:5200 # Reference: https://tria.ge/220726-tgs6hsbdam 163.123.143.201:5200 # Reference: https://tria.ge/220726-jjnnpsfccp 51.195.145.82:5252 # Reference: https://tria.ge/220725-rsz24aehcn 51.75.209.232:5200 # Reference: https://www.virustotal.com/gui/file/ce67dd2cbfbc22d1ee45c2429da775036c0894f72021df6ab0eb849e96e29daf/detection # Reference: https://www.virustotal.com/gui/file/f192b7572fa5c725e9b4d297d76c5e57b9e53ecd916bf3a7d4b4675c1f7b5e4b/detection # Reference: https://www.virustotal.com/gui/file/81bc33ce9bf2c1eaec168f5a5a4c2da715a2fcbc8972daa23834e22e3d27c547/detection # Reference: https://www.virustotal.com/gui/file/724b0ad46f22cbce63245e2e819e244e606e5081bd4cad054523a2c5fefd6cc3/detection 179.43.154.139:9954 213.152.162.79:25256 38.242.139.142:9954 63.141.237.188:9954 63.141.237.188:9955 vivald21.hopto.org # Reference: https://github.com/0xToxin/Malware-IOCs/blob/main/AveMaria%20RAT/AveMaria%20RAT%20-%2007082022 # Reference: https://tria.ge/220807-rndcjacaaq/ 194.147.140.163:6667 # Reference: https://www.virustotal.com/gui/file/c70d1e7ac06660467b335080255c4f6896a5546c86d0162a4bf3b719059be505/detection 45.164.103.176:2222 45.164.103.176:3303 chromedata.accesscam.org datacontrol.ddns.net # Reference: https://www.virustotal.com/gui/file/dcfb0cce714ca24b3761fc37b8f70a0abfb28abd4525e8524713070fe54064d1/detection rasiones.ddns.net # Reference: https://bazaar.abuse.ch/sample/da87c5ea8c8e8cb30dac44a6d04ec2576fafe4f7fb09f9595ba21b820ebfff8a/ 142.11.211.90:5200 # Reference: https://twitter.com/pollo290987/status/1559943836515897346 # Reference: https://www.virustotal.com/gui/file/66fe35bea283335f4fc67950ca3f4a73f5a937bf1b7144435ca68078aef1da75/detection 37.120.206.69:5200 # Reference: https://twitter.com/pollo290987/status/1559944421281497089 # Reference: https://www.virustotal.com/gui/file/f8c4a7c6de28c5a36033868de0a5c82a1906e87f1756e31055c8859218c54067/detection 152.67.253.163:5300 # Reference: https://twitter.com/pollo290987/status/1562069470776102912 # Reference: https://www.virustotal.com/gui/file/871d1f18410ac31d443111d6a55ad02d9f74f26cb00d21eeb649f9ab47281ae8/detection 185.222.57.164:4248 shallom2022server.sytes.net # Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-08-23%20AveMaria%20IOCs 109.206.241.77:5050 kashbilly.duckdns.org # Reference: https://twitter.com/pollo290987/status/1564612479849734154 # Reference: https://www.virustotal.com/gui/file/c9f11fdeb8abbc1f8e5f99b4bb2d7f95e149874cfbf3d214916f8d6b35a04e39/detection 23.105.131.186:2309 harjahwool.ddnsfree.com # Reference: https://twitter.com/pollo290987/status/1565225398857879559 # Reference: https://www.virustotal.com/gui/file/29824b969da3b9237bf59813a07dea7c3294e2506be355a26e19932a9d8f82d3/detection 23.105.131.228:2539 hannoyputa.giize.com # Reference: https://twitter.com/tosscoinwitcher/status/1567574867888975873 # Reference: https://tria.ge/220907-wjzr7acff7 20.38.45.196:5200 zoppw.mywire.org # Reference: https://www.virustotal.com/gui/file/f24d707fa75b81ddd51ff597f98cd38951ce0558cd653b392bca75c15fdeb1ed/detection 81.161.229.137:4120 willia2.ddns.net # Reference: https://twitter.com/pollo290987/status/1571906607373590535 # Reference: https://www.virustotal.com/gui/file/93aa448f073adc27069fc7fd7b23f9a7bc6fdebdfa25922c264cdc7b8c164e20/detection 81.161.229.75:5200 # Reference: https://twitter.com/pollo290987/status/1572232914464555014 20.126.95.155:6701 # Reference: https://twitter.com/pollo290987/status/1576940615786692609 # Reference: https://www.virustotal.com/gui/file/95c0369a04185f31bedf1c33add90bc3f06b0b68f54e643992410c39d13617e1/detection 51.75.209.245:5883 # Reference: https://www.virustotal.com/gui/file/0d4a3bfbe869c2ae0f0713b38b6e4fe4d73ee2b35c94ec17568fdecf2aaee894/detection # Reference: https://tria.ge/220705-lqn9xsfhck/behavioral2 217.64.149.171:6006 netwirew.duckdns.org # Reference: https://www.virustotal.com/gui/file/00a912cbd05d4e3301b2a4133904bd158d756359023acd4fa22593dc1b2b08d7/detection 91.192.100.39:2345 gameofthrone.ddns.net # Reference: https://www.virustotal.com/gui/file/32d010d563c618ff582ba5e5db5973a196d52f5fcb8197f6c77474ee5e000930/detection 45.133.116.121:4923 elboasin.ddns.net # Reference: https://www.virustotal.com/gui/file/372d582f70d029d31526f39075e6f20941b2ef0d69da360191dfe1755798c0f1/detection 79.134.225.5:6548 visuals7.duckdns.org # Reference: https://twitter.com/Racco42/status/1582664755357306882 # Reference: https://tria.ge/221019-k8ggcsfbe4 # Reference: https://www.virustotal.com/gui/file/bc13d0f7d2786848d32c1bd433516954ceeebbcb2c8aada145d63ae8f859add4/detection 37.0.14.202:5200 windnsch.freeddns.org # Reference: https://www.virustotal.com/gui/file/049b4eaf435ac6dc4740381a72f62b7cba841c73a8fb149177a1fcaf5c4b535d/detection 141.98.6.108:15243 37.0.14.202:8880 mynicesubdomainrig123.loseyourip.com # Reference: https://www.virustotal.com/gui/file/2278d1bca473d91247e01794a1202297bda4bce23c3a1e74c43abc67d8d7b371/detection 111.90.151.174:5200 # Reference: https://twitter.com/0xToxin/status/1585541699086045186 # Reference: https://www.virustotal.com/gui/file/21599d9cd809bbe1e5676696f5cf9e0f9fa5054672bb504e48a2df1e8350a629/detection 158.69.134.53:53078 pentester0.accesscam.org # Reference: https://twitter.com/ScumBots/status/1590450993795416065 # Reference: https://www.virustotal.com/gui/file/0bb084679cd7cc438060f3767431e46a6ca4b45cead37ca807fb60856ef811bc/detection 185.140.53.159:5576 # Reference: https://twitter.com/James_inthe_box/status/1598437133135798273 # Reference: https://app.any.run/tasks/cc160afb-141f-4394-ab84-ed358fd75ed6/ # Reference: https://www.virustotal.com/gui/file/a9ebe1475e9ad71cd40e392c88df69ee9bd14b981081dec3bfaa28db80debcac/detection 79.134.225.31:5200 zqpispa.it mask.zqpispa.it # Reference: https://www.virustotal.com/gui/file/e6d89604af1df906d2a20791f6cf0444ab5d489b94b69977b5fd9db4b1fa5c4f/detection 192.3.101.17:5200 # Reference: https://twitter.com/h2jazi/status/1600948637361922049 # Reference: https://www.virustotal.com/gui/file/fa06b71c4c18bffd0283d07fa13a113a6999d2b597cd91eacdc5da3f240a54fb/detection 193.188.20.163:8080 hbfyewtuvfbhsbdjhjwebfy.net # Reference: https://twitter.com/jaydinbas/status/1603757502092427264 # Reference: https://www.virustotal.com/gui/file/6d28cc21516060b0c31dae6a4a8f3c4a23ab261e9cc00fa8a836e0efaf700e3b/detection 85.209.135.171:3517 pliblu-fax.home-webserver.de # Reference: https://twitter.com/TeamDreier/status/1605188263463063555 # Reference: https://twitter.com/phage_nz/status/1604960603722117120 160.152.169.228:4207 160.152.21.66:4207 185.216.71.245:4207 rqiscogroup.me warzone.ws jayurbf.gleeze.com # Reference: https://www.virustotal.com/gui/file/b66c6f65a68d26cc8f26abeff53e6033ebccec66b9c85150675e4dbecfc3b84f/detection 37.120.222.54:5200 # Reference: https://www.virustotal.com/gui/file/64673063af00fe19163cd66a5d58cedaded2253d37f17c9a5af51498243a4ffa/detection 45.137.65.132:7410 mcmac.duckdns.org # Reference: https://www.virustotal.com/gui/file/fbce192478c1952f7e804769770bdf9b3bcbb58e56530ebad53ddfc01fb56319/detection 193.42.33.225:2023 bluemoon7.duckdns.org # Reference: https://threatfox.abuse.ch/ioc/1068151/ # Reference: https://www.virustotal.com/gui/file/be660d63fdf3657cc219d02b22e914ea5b8856c9df581d96ade00ae2495323cd/detection 79.134.225.81:1640 # Reference: https://www.virustotal.com/gui/file/c070f2444079cb38a079f2836b3946c8c6cc59218fd0e551eebcc0ee5d07251d/detection 46.246.12.4:19281 spamworzon.duckdns.org # Reference: https://www.zscaler.com/blogs/security-research/dynamic-approaches-seen-avemarias-distribution-strategy # Reference: https://www.virustotal.com/gui/file/30e9297e2b78f6c17eab14b74df59f219f1908f0e2d65075cda7d42880faf245/detection http://80.76.51.222 171.22.30.72:5151 80.76.51.88:1956 odessa-gov.ddns.net # Reference: https://www.virustotal.com/gui/file/8a2bcfd67d24695e9d73070e6f75aec23d136c3c17f63b6f41fabcf92ef2868f/detection 160.20.147.172:5200 # Reference: https://www.virustotal.com/gui/file/4f00de3ca48a203fbb325c29880471fe32c971fc5b9f9f8b9cbcb0934d2c4ed9/detection 185.33.234.172:1313 # Reference: https://twitter.com/wwp96/status/1628429131896479747 # Reference: https://app.any.run/tasks/d7690c67-5d40-48b6-870a-7d4f76400fe5/ 103.231.91.59:17873 # Reference: https://twitter.com/wwp96/status/1628520430737973248 # Reference: https://app.any.run/tasks/385c0ad8-d3d0-4cb7-b01c-5e225f3bafef/ 195.133.40.92:5200 # Reference: https://www.virustotal.com/gui/ip-address/46.246.14.12/relations warzon19.duckdns.org # Reference: https://www.virustotal.com/gui/file/6d8d016eca41acf6b9e69b0b81b82077a06cdb001eaf9d5364c1773538fa901c/detection wshrt.sbs mylab.wshrt.sbs mylabnewswshrt.linkpc.net # Reference: https://www.virustotal.com/gui/file/c4c41f2f4ded88ddbd670142f5983d4a27e680cfa8f69d9b15888ccc6b5bf85f/detection 172.111.9.225:8443 windows.wshrt.sbs # Reference: https://twitter.com/c_APT_ure/status/1635270050356817920 # Reference: https://www.virustotal.com/gui/file/05efd5e8ef7aa14ae1e09270ada66a8f431ba1380469ee5d09e9dad38a787581/detection 185.216.71.78:5287 185.254.37.238:5287 # Reference: https://www.virustotal.com/gui/file/e34ca71289bfb42bbf51bfa9739f3a561112b46dbbe59f665942b9a1f7f32190/detection # Reference: https://www.virustotal.com/gui/file/382bb1ca5fb48747a7f3fa6fc3acd4225874fea3ba5009e8d057b4e4f3352d25/detection 193.42.33.124:5353 45.139.105.231:5353 onyem.duckdns.org # Reference: https://www.virustotal.com/gui/file/b5c84212b5cf6d9dab9c0de531d6eadef106a54e373554fb8d741450c4b50ff4/detection # Reference: https://www.virustotal.com/gui/file/34e8a8e132f37f3330380dd166bd5e0696f4494037ebab94a311196430863a60/detection # Reference: https://www.virustotal.com/gui/file/192211bfb1cc70cea3e4e1bd86f62388a36278017042e3e020f6668a79e88e31/detection 23.236.174.169:5200 thedevilcoder556677.000webhostapp.com trendyfela.myftp.biz # Reference: https://twitter.com/tosscoinwitcher/status/1643685937631887360 # Reference: https://tria.ge/230405-w36d3sag7w/behavioral1 # Reference: https://tria.ge/230405-w68nlsgg36/behavioral1 185.90.61.181:4545 honeywelltradeintl.shop donelpacino.ddns.net # Reference: https://twitter.com/58_158_177_102/status/1645296540192489472 # Reference: https://tria.ge/230410-fwcv7ahb8s/behavioral2 45.143.147.226:5200 # Reference: https://threatfox.abuse.ch/browse/malware/win.ave_maria/ 101.99.93.147:5200 102.89.32.249:5552 103.125.189.167:1998 103.176.113.85:5200 103.207.38.192:5200 103.212.81.153:5687 103.212.81.155:7362 103.224.240.224:5552 103.27.76.113:6666 103.28.70.185:9090 104.168.53.78:20911 104.250.170.27:5200 104.254.90.195:10378 104.255.168.158:68 104.37.174.205:1984 107.172.81.23:6532 107.173.62.99:5200 109.206.240.226:5200 109.206.241.141:20624 109.206.241.141:41142 109.206.241.55:772 109.206.241.68:5220 109.206.241.91:6689 109.206.243.107:8025 109.248.144.240:5200 109.248.150.150:65535 111.90.149.147:5200 122.180.86.185:5552 13.65.211.207:5200 130.51.40.239:9876 130.51.41.31:2000 134.19.179.171:36864 134.19.179.243:9145 141.98.102.235:44902 142.202.191.142:5200 146.70.88.80:14203 147.124.212.215:4301 147.124.213.81:4032 147.124.214.156:5200 151.106.19.203:5204 154.16.106.40:4441 154.247.90.104:9111 154.53.32.96:5200 158.69.134.53:44902 159.223.57.212:4110 160.152.137.3:5552 161.129.44.221:9999 162.55.126.123:1111 163.123.142.169:2900 165.73.81.45:4789 170.39.187.231:7890 171.22.30.72:50045 171.22.30.72:52011 172.111.177.30:5200 172.111.204.106:5199 172.111.204.106:5200 172.111.211.103:5200 172.111.253.160:2478 172.245.251.219:2323 172.81.131.113:5255 172.81.61.215:5200 172.93.165.156:11 172.93.165.201:5200 172.93.165.202:85 172.93.188.64:26771 172.93.189.122:84 172.93.189.85:179 172.93.222.158:84 172.94.88.130:2030 173.240.15.13:6060 176.124.201.210:5200 176.124.215.147:5200 178.170.138.49:5200 184.75.221.171:5201 184.75.221.59:7350 185.102.170.90:9076 185.136.165.163:5900 185.140.53.130:3649 185.140.53.73:5200 185.156.172.41:22669 185.174.40.141:8780 185.20.187.44:1866 185.200.116.131:52239 185.216.71.160:1605 185.216.71.167:6304 185.216.71.58:1856 185.219.80.143:6269 185.225.73.100:7706 185.225.74.4:3535 185.225.74.4:3735 185.236.228.102:4301 185.29.9.38:3456 185.99.253.109:5200 188.215.92.120:5200 191.101.130.189:700 191.101.130.52:5200 192.227.196.194:5200 192.228.105.24:6454 192.3.101.190:2323 192.3.111.154:5200 192.3.193.136:2017 193.149.189.91:1337 193.169.255.114:5200 193.233.185.89:5200 193.239.86.132:9009 193.29.104.252:33202 193.31.30.138:2527 193.42.33.160:5050 193.42.33.27:5200 193.47.61.26:5200 193.56.29.183:5050 194.147.140.145:4032 194.147.140.156:6476 194.147.140.161:5200 194.147.140.188:7231 194.147.140.3:8657 194.147.140.4:3479 194.147.140.92:2626 194.31.98.227:49110 194.5.212.164:8336 194.5.97.20:4424 194.5.97.23:4693 194.5.97.6:7007 194.5.97.8:4424 194.5.98.107:5200 194.5.98.119:5200 194.5.98.140:4545 194.5.98.147:9975 194.5.98.171:5200 194.5.98.174:3355 194.5.98.180:5454 194.5.98.187:1990 194.5.98.18:6476 194.5.98.190:5454 194.5.98.200:4545 194.5.98.20:5200 194.5.98.236:3885 194.5.98.39:4020 194.5.98.62:5200 194.5.98.66:4545 194.5.98.91:4545 194.87.84.131:4739 195.133.18.117:5746 195.178.120.120:3702 195.178.120.192:51990 195.246.120.51:33540 196.196.210.3:62520 197.210.45.224:5191 198.167.200.94:10140 198.20.177.169:5202 198.23.207.34:3333 199.102.44.154:5200 199.127.59.196:5200 199.66.93.31:7200 2.56.57.181:56789 2.56.57.85:52947 2.56.59.131:5200 2.56.59.70:5200 20.110.119.15:5200 20.112.127.113:5200 20.114.4.132:5200 20.115.34.57:5526 20.126.95.155:7800 20.168.33.220:7800 20.91.187.223:5707 20.93.112.114:9706 20.94.63.195:6488 20.98.138.214:2222 206.123.140.245:5888 206.189.139.209:2626 208.67.105.196:5252 208.67.106.224:772 209.127.19.218:23991 209.58.184.199:5202 212.193.30.230:3443 212.193.30.230:4545 212.193.30.230:7820 212.193.30.96:5059 212.86.115.220:1992 213.152.161.85:56491 213.152.162.154:9145 213.152.162.79:25257 213.152.187.195:55868 213.208.129.212:3214 216.126.225.240:7890 23.226.130.102:5200 23.227.203.214:5200 23.99.225.116:5200 24.152.37.45:5200 3.126.224.214:10200 3.92.200.97:5200 34.92.152.18:5200 35.171.18.39:4301 37.0.14.195:8585 37.0.14.198:4424 37.0.14.201:5200 37.0.14.205:8444 37.0.14.206:4424 37.0.14.207:5200 37.0.14.208:40 37.0.14.210:2345 37.0.14.210:29221 37.0.14.210:5689 37.0.14.211:5200 37.0.14.212:3030 37.0.14.212:3387 37.0.14.215:4821 37.0.14.216:3267 37.0.14.217:5577 37.0.8.145:55588 37.139.129.100:2323 37.139.129.47:5200 37.220.87.3:5200 38.117.65.122:1668 38.132.114.178:5200 41.185.97.216:5200 41.216.183.52:8888 45.12.253.146:5439 45.12.253.202:3219 45.12.253.202:4017 45.12.253.22:5200 45.127.101.18:5552 45.132.106.37:1104 45.133.1.34:5200 45.135.164.194:5200 45.137.116.170:5200 45.137.22.70:4198 45.137.65.229:6513 45.139.105.147:5200 45.139.105.174:5200 45.139.105.174:6900 45.139.105.207:8808 45.139.105.7:1992 45.143.144.94:3333 45.143.146.56:1234 45.143.147.226:5200 45.144.225.22:9671 45.147.230.113:5200 45.162.228.171:30445 45.59.119.153:1111 45.59.119.212:1111 45.66.230.108:5200 45.72.96.199:55081 45.74.4.244:5199 45.81.150.32:4451 45.87.61.139:1010 45.87.62.181:6532 45.87.63.121:2345 45.88.67.103:3072 45.88.67.145:5222 45.88.67.63:3443 45.88.67.9:5230 45.90.222.97:26771 46.183.220.120:5200 46.183.222.62:5353 46.183.222.70:4763 47.98.61.215:5200 5.161.139.79:5200 5.161.206.28:5200 5.2.68.82:1198 5.206.224.164:1984 51.161.104.138:7082 51.161.104.181:54788 51.195.145.82:5200 51.75.209.245:5200 51.81.216.18:5200 51.89.201.38:5200 52.246.251.51:5200 54.246.255.105:5740 54.36.226.168:5200 63.141.237.141:5200 64.112.87.127:6789 64.112.87.245:1000 64.112.87.6:2222 65.108.68.54:4449 65.21.9.53:5540 66.154.111.120:1998 66.85.173.44:5200 66.94.108.214:5200 74.201.28.114:3900 74.201.28.92:2222 76.8.53.133:10090 76.8.53.133:5939 76.8.53.143:62520 79.134.225.118:1604 79.134.225.16:4545 79.134.225.19:6565 79.134.225.20:4020 79.134.225.26:9162 79.134.225.27:6667 79.134.225.39:4567 79.134.225.51:7890 79.134.225.54:6626 79.134.225.69:4157 79.134.225.6:6667 79.134.225.70:8593 79.134.225.82:2023 79.134.225.86:5995 79.134.225.88:5555 79.134.225.96:2345 8.212.151.157:5200 80.66.64.142:2626 80.76.51.101:58346 81.161.229.109:1515 81.161.229.148:5252 84.38.130.181:5200 84.38.130.200:52048 84.38.130.203:8234 84.38.130.235:5200 84.38.132.36:5200 84.38.133.137:5200 84.38.133.19:5200 84.38.133.217:5888 85.208.136.239:6991 85.217.144.17:5200 85.31.46.136:8008 85.31.46.17:6033 85.31.46.198:5200 85.31.46.94:5353 87.251.79.118:5200 88.119.171.248:8155 89.22.232.145:443 89.44.9.154:52621 91.109.188.2:3999 91.121.228.166:5200 91.192.100.11:11101 91.192.100.17:9723 91.192.100.18:179 91.192.100.26:11101 91.192.100.31:9961 91.192.100.35:8709 91.192.100.50:9721 91.192.100.53:7200 91.192.100.56:47104 91.192.100.57:2442 91.192.100.5:20391 91.192.100.60:9950 91.192.100.7:6548 91.192.100.9:2928 91.193.75.131:1690 91.193.75.133:1645 91.193.75.134:33202 91.193.75.134:6667 91.193.75.141:3236 91.193.75.149:3630 91.193.75.152:2345 91.193.75.178:1919 91.193.75.183:1014 91.193.75.184:46564 91.193.75.188:2345 91.193.75.194:15832 91.193.75.206:3657 91.193.75.238:9974 91.193.75.244:9951 91.193.75.247:9961 91.207.57.115:5079 91.92.120.179:65535 92.118.190.15:3308 92.118.190.181:8443 92.222.212.90:5200 94.46.246.70:57668 95.179.156.219:5200 95.214.27.180:55868 95.214.27.197:6969 95.214.27.57:5200 95.216.55.134:5200 96.9.231.122:5200 banta.ddns.net cusomtamon.freeddns.org diamante.mywire.org divine2022.duckdns.org e-eykairies.gr enginekeysmoney.ddns.net fghj.nerdpol.ovh grace2nation.ddns.net guest.maximos.quest huhuhu.ooguy.com kqz.ugo.si lefteriskkokkiskikinew.ydns.eu lionlee.nerdpol.ovh lionleee.nerdpol.ovh membership.myddns.rocks mgc2090.duckdns.org remote.msoftupdate.me rtyui.nerdpol.ovh topimoiofnfiomog.freedynamicdns.org verifysec0.myftp.biz warzonepw.ddns.net # Reference: https://www.virustotal.com/gui/file/901de515209abfaa11681106d0f7c0697077037fd275ef6963579c7218daf073/detection http://92.118.190.195 msoftupdate.me oraclevm.msoftupdate.me # Reference: https://www.virustotal.com/gui/file/91893562af732965ae5f90453a22af6b1d7a49f043730b900df20f6506569633/detection newsfeed.msoftupdate.me # Reference: https://www.virustotal.com/gui/file/01425e336e2be2c3ff51c10fd6de97295375f34798e941114624bce1abe1a6af/detection 92.118.190.181:8443 remote.msoftupdate.me # Reference: https://www.virustotal.com/gui/file/5a7be56b39bc3251512abd81278a617f1fd7d9fcd792ecdb34b1dbf4842be87f/detection 178.87.9.3:5200 178.87.9.3:5500 0xlisa.ddns.net # Reference: https://www.virustotal.com/gui/file/5a39f9dbd5c6cee8dce9d113c484d794045d72f3258e1959d34c14e673803260/detection macking.duckdns.org # Reference: https://www.virustotal.com/gui/file/da029a807d20d6ab41299ae370424cc78fab56d7ee97d11f1156f4e99e54c87a/detection blackroots7.duckdns.org # Reference: https://www.virustotal.com/gui/file/6e7bc3ff697b8e701e64804bd01a0bd6237c7b5f854baabbbbc131205181f744/detection bostrata.duckdns.org # Reference: https://www.virustotal.com/gui/file/f414083748cc21bc3aa8ccee9d012734d8052ea7f7ca41c55cfbd35ce53731c5/detection # Reference: https://www.virustotal.com/gui/file/4f28ee7984759256fdaf5b2a190a5a16f6df2925248550dae5d85fdce9e027b6/detection micasamiwedding.duckdns.org # Reference: https://www.virustotal.com/gui/file/b2b023679cca197b057144f1f73956271374f1c721f13ec334bec6c694e84816/detection none0468.ddns.net # Reference: https://www.virustotal.com/gui/file/bbd7836098f79197644992b2c3dc1e52ce506202cd2870042e72a09d2e402b46/detection kellerwarzone.ddns.net # Reference: https://gist.github.com/silence-is-best/d168f4c94f59e444a1081751e9dc79ca 72.18.215.2:6473 panchak.duckdns.org # Reference: https://www.virustotal.com/gui/file/ff8c79939cb030f093d795ddfb6b0a115c46bbe8c035fd22e895471b5bb5a83c/detection 2.58.56.250:5200 # Reference: https://www.virustotal.com/gui/file/839af94fe56cfd10e4e5e524c5e656170a8f5cb6a285bc1838386f7000b431a9/detection 108.174.198.253:5200 jeffdfehjhsda.ddns.net markwar54124.ddns.net # Reference: https://www.virustotal.com/gui/file/396346640d472168f07c041e8dfb3648050e2d36f16e93416cafc2354f3a857e/detection # Reference: https://www.virustotal.com/gui/file/2047a65033eb3a6d3ddbc02e52ab955b9042b6ff9bf7567e4df6ef59172773b6/detection 155.94.150.100:6473 # Reference: https://www.virustotal.com/gui/file/fdafe32c0a60e82305426118d16b5181852cb37f95b9bc1a15f1797357f7548b/detection 194.49.94.6:65535 # Reference: https://www.virustotal.com/gui/file/d82c8b26b89f37dc001cd489570e5e3ed2c84d7604c4aea6346ad898c6537b57/detection 51.254.246.45:5989 # Reference: https://www.virustotal.com/gui/file/ed5f71edcd297159229c6f8eb7894d5df258826136a6631f9107381da63f678b/detection 212.8.244.201:2905 jeron7.duckdns.org # Reference: https://www.virustotal.com/gui/file/242c10a4b86083380104370e9d78bd721fd37bdb9bd499a21741d45e9493f58e/detection 109.248.144.235:5200 # Reference: https://www.virustotal.com/gui/file/ae5fdff92e288e704b7af003d36d97742c8993ad2c6de42b2011091dc7b4c6c1/detection 194.187.251.91:33770 metroboomiin.duckdns.org # Reference: https://threatfox.abuse.ch/browse/malware/win.ave_maria/ (# 2023-07-26) 103.179.142.121:5200 103.212.81.151:5322 103.212.81.152:5687 103.212.81.155:6186 103.212.81.156:6344 103.212.81.158:6138 104.250.170.27:5199 104.37.175.45:52100 109.206.242.61:6200 130.51.40.126:8978 141.98.6.25:2007 154.53.48.39:2299 154.53.52.101:5200 161.129.33.242:4567 161.129.40.8:7890 167.94.81.224:9801 172.93.222.150:5200 173.212.207.73:5200 179.43.162.58:5200 185.206.215.165:5165 185.222.58.252:4244 185.92.149.180:4244 193.42.32.184:4432 194.147.140.197:3601 194.180.48.206:6991 194.180.48.228:5200 198.37.105.166:4244 207.244.242.177:5200 35.181.21.143:37880 37.187.222.230:5200 45.150.65.8:4040 45.155.37.81:5200 45.61.128.246:5200 45.8.146.20:5200 45.81.39.33:5300 45.81.39.55:1909 45.81.39.89:38411 45.88.67.63:4545 45.88.67.72:5200 51.210.66.231:5200 77.220.215.70:7722 79.110.49.161:3443 79.110.49.161:4545 79.110.49.161:5656 79.134.225.112:6138 79.134.225.69:5273 79.134.225.96:9962 84.38.134.109:6504 84.54.50.66:6060 85.208.139.45:8520 85.217.144.110:6138 85.217.144.110:6186 89.117.76.41:22091 89.117.76.41:2299 89.117.76.41:30011 89.117.76.67:5200 91.228.10.173:3203 95.214.26.185:5200 95.214.26.68:5200 95.214.27.108:4567 95.214.27.90:6739 backup1212.ddns.net testing1212.ddns.net # Reference: https://threatfox.abuse.ch/browse/malware/win.ave_maria/ (# 2023-08-01) 161.129.33.214:2345 89.117.76.41:4422 93.95.27.64:2312 # Reference: https://threatfox.abuse.ch/ioc/1149400/ 103.47.144.15:49746 # Reference: https://www.virustotal.com/gui/file/1f025be9b61691a60f6d7c2baa88c4f0a400e1b29cfc226188dab97bdbd4a74d/detection 103.47.144.39:49746 103.47.144.39:7045 onedirve.info # Reference: https://www.virustotal.com/gui/file/1f32b6a5b5b88e7b31eab4461d59dc67a228745f65da06d63272a59d80079b6e/detection 35.181.21.143:37880 baotao.3utilities.com bratzen.duckdns.org # Reference: https://twitter.com/kienbigmummy/status/1692710418039586877 # Reference: https://www.virustotal.com/gui/ip-address/62.102.148.185/relations # Reference: https://www.virustotal.com/gui/file/55334f31717b5e840b39cbd24b441f3f51fc66b5e8ebd9214b5c5160e836415c/detection 62.102.148.185:64544 cam0outfront.jumpingcrab.com comaand-marc-21.duckdns.org duep.airdns.org evilrdp.airdns.org test12345.airdns.org # Reference: https://www.virustotal.com/gui/file/6954548b5da8aaf8acbb65595e8e4bcba34ea699b6de4f66b13c21d7cdbb8cc7/detection # Reference: https://www.virustotal.com/gui/file/304056766a435082388d7db9000b48f3c19c5e26404ec06280e0cb1280f8805d/detection 161.129.36.35:4567 # Reference: https://twitter.com/sicehice/status/1694532065050468464 # Reference: https://www.virustotal.com/gui/file/979f80f4b81f1d052e8d11edda23c8e5b75e87d30e75b0218d907bd3048ab383/detection 79.110.48.58:5200 # Reference: https://threatfox.abuse.ch/ioc/1151947/ 46.183.223.66:7890 # Reference: https://www.virustotal.com/gui/file/e3082e8163342c8c2c30a3ff27651cba80ed720b37ecb17448a1a19f36ca057b/detection # Reference: https://www.virustotal.com/gui/file/c2603fdcd24aba4629f3a8e3822f8c8ca84a97c89f163e05f9f5e1492da81036/detection 194.180.48.209:5200 akbeyaztckstil.com biopharmzpharma.com/mdrp/255_Nsmhenzvvhd biopharmzpharma.com/mdrp/255_Wjmdrzktfws /mdrp/255_Nsmhenzvvhd /mdrp/255_Wjmdrzktfws /255_Nsmhenzvvhd /255_Wjmdrzktfws # Reference: https://www.virustotal.com/gui/file/e8f931a95f84c45cf8d4eb49abc461ce308b7d1688d4dff9eed1f695e8fb2091/detection 167.94.158.42:5200 91.192.100.37:5200 strip4burky.ddns.net # Reference: https://threatfox.abuse.ch/ioc/1152357/ # Reference: https://www.virustotal.com/gui/file/a6a7c972a0937e0389f8608b680ff088d1c6ea683f50bcc586ead5d266cc5b7e/detection 147.124.210.169:1471 captainkwado.duckdns.org # Reference: https://threatfox.abuse.ch/browse/malware/win.ave_maria/ (# 2023-09-15) 103.212.81.150:1690 103.47.144.27:49746 130.51.40.194:1313 161.129.33.79:1212 163.5.169.46:5200 185.225.75.68:2222 193.42.32.223:5200 194.180.48.160:4898 194.180.48.209:9409 45.143.146.186:6789 5.181.80.131:5200 66.118.237.107:9879 80.76.51.231:5203 89.23.101.93:5200 89.117.55.98:4499 # Reference: https://www.virustotal.com/gui/file/f955b0f0937f91a2954fa2aca5ec99d08e43330d0b4e854339300ec10d5fe92f/detection http://205.209.122.236 205.209.122.236:5200 # Reference: https://www.virustotal.com/gui/file/1c98acdc1ce850010b0806ffa288cbed445663fe2d5725c29b34888ee8137405/detection 91.193.75.175:5200 warzonedns.myq-see.com # Reference: https://www.virustotal.com/gui/file/3aa3ae8068a7b1750d9db1f587c13dcc590d0c00d055d5676b546bdd775cd786/detection 46.183.222.77:5200 # Reference: https://www.virustotal.com/gui/file/ee08c1db4371f69e281b0456a4a0f6f8fc54e85aafa1f5937a438154125548fa/detection 5.189.130.151:5200 mywarswar.ddnsfree.com # Reference: https://www.virustotal.com/gui/file/cd26009a2cfa0a5f8b8e44786b045b4a0d8faf78ae5ae044a64226f3ced2bda7/detection mywarswarw.ddns.net # Reference: https://www.virustotal.com/gui/file/cd26009a2cfa0a5f8b8e44786b045b4a0d8faf78ae5ae044a64226f3ced2bda7/detection newwarr.ddns.net # Reference: https://www.virustotal.com/gui/file/8a7ea6fa92042a82b6ee354c055e8579dd08bdf297aa5c0b54346405afca76be/detection 41.216.188.29:5200 # Reference: https://www.virustotal.com/gui/file/2971e5da098d377ac8ade109510d953b7a8ce44adb0e0f0e2f9352112b7c5973/detection 93.123.118.3:46308 # Reference: https://www.virustotal.com/gui/file/27bf61182f09c2d4fdafc0c1f406b972861ea31f2e615028defcbaaa483f6f30/detection 101.99.92.121:5200 # Reference: https://threatfox.abuse.ch/ioc/1162658/ 45.133.174.153:8787 # Reference: https://threatfox.abuse.ch/ioc/1163044/ 38.170.239.42:6991 # Reference: https://www.virustotal.com/gui/file/1df652cc00fc5d79f97886e2056713907cf9a819c22eba3562d88b776003c39c/detection 66.118.239.36:9090 # Reference: https://www.virustotal.com/gui/file/deb17c9130c0ee72f14ae02df88af930fb5261a5795f68950609f27636e96324/detection septembre.duckdns.org # Reference: https://twitter.com/JAMESWT_MHT/status/1704041604934185325 91.207.102.163:26167 # Reference: https://www.virustotal.com/gui/file/c49c53f8f905bd007eddbf379a93d5786dbc17c8c80f5be65af18e2e29d99610/detection 103.212.81.159:10900 altfriend.mooo.com # Reference: https://www.virustotal.com/gui/file/411763b0b0062ddf7c633c18e282527b82b23c099492af79a9cf22cf95ee0a6d/detection 94.177.217.207:5200 # Reference: https://threatfox.abuse.ch/ioc/1165945/ 154.53.51.233:5200 # Reference: https://www.virustotal.com/gui/file/fa8925dbf94cc8ff9313583135269b81bcf921cd9f56777f4da9cb54aeae8727/detection # Reference: https://www.virustotal.com/gui/file/a4a4738732996b7b60e51ad837f1880b273bffc7cb6437eebc2bbbcf951b3cc2/detection # Reference: https://www.virustotal.com/gui/file/3067dc8a71a95cfca88a27048106edff5bd65a162993c90d2621ebed05df804d/detection 79.134.225.28:5200 79.134.225.5:5200 79.134.225.54:5200 hustle.treatwellshome.xyz # Reference: https://raw.githubusercontent.com/Gi7w0rm/MalwareConfigLists/main/WarzoneRAT_AveMaria/warzonerat_c2s_2020_to_2023.txt http://95.179.178.117 100.26.221.183:5200 101.99.91.200:5200 101.99.91.227:5200 101.99.92.161:5200 101.99.94.158:5200 101.99.94.209:5200 103.114.104.42:5200 103.114.217.251:5987 103.125.191.85:1111 103.125.191.85:2222 103.133.109.176:7600 103.145.255.163:5200 103.147.185.99:5200 103.153.77.2:5200 103.155.83.189:1289 103.199.17.185:5200 103.207.38.225:5200 103.207.38.23:5200 103.207.39.184:1998 103.212.81.157:11011 103.212.81.157:5167 103.212.81.157:5300 103.212.81.160:10011 103.231.91.59:56128 103.99.0.188:5200 104.128.191.44:8080 104.129.43.19:5634 104.156.229.188:5200 104.156.254.72:5200 104.207.138.207:4531 104.223.19.96:5200 104.223.20.133:5200 104.223.22.105:5200 104.37.172.226:5200 104.37.175.247:5200 107.150.19.18:5200 107.152.99.41:14457 107.173.62.82:1998 107.182.129.97:5200 108.170.60.184:5200 108.62.141.204:5400 109.219.206.14:1333 109.234.38.71:5205 109.248.144.163:5200 111.90.143.155:5200 111.90.146.200:5200 111.90.148.53:5200 111.90.149.108:5200 13.77.222.77:5200 13.78.194.137:8006 13.90.94.8:2050 130.51.40.163:5566 130.51.40.39:1444 135.181.123.150:5200 136.144.41.122:5207 136.144.41.180:5200 136.144.41.220:91 136.144.41.66:5200 136.144.41.92:5200 137.117.59.51:5200 139.180.211.4:5200 139.60.160.160:5200 141.255.164.13:5200 141.98.101.133:45078 141.98.6.154:5555 142.44.161.51:1631 144.202.124.151:5334 144.202.45.143:4582 146.255.88.214:4040 146.70.124.112:5200 146.70.143.154:5200 146.70.76.43:43206 146.70.94.3:17554 146.70.94.3:17873 146.70.94.3:36679 147.124.212.196:1111 147.124.212.196:5555 147.124.213.132:5200 148.251.242.107:5200 148.251.48.16:5200 149.202.29.116:25 149.28.111.108:3331 149.28.115.223:6565 149.28.117.236:5200 149.28.124.150:5200 151.106.2.153:9911 151.106.30.104:3021 151.106.30.104:3088 152.89.160.131:47795 154.0.164.36:5200 154.127.53.127:53127 154.209.249.131:5200 154.53.32.211:8808 156.96.113.219:5200 156.96.58.237:5199 157.55.136.23:5300 158.69.115.206:5200 160.116.15.155:5200 160.20.147.209:49999 162.216.47.148:59226 162.251.165.185:5200 165.22.5.66:1111 165.22.5.66:3333 165.22.5.66:6666 165.22.5.66:7777 168.119.184.182:5200 168.61.222.215:5400 171.22.30.72:5150 171.22.30.74:5151 172.111.134.200:5201 172.111.210.207:2829 172.111.242.20:2030 172.111.242.20:2031 172.245.119.60:5200 172.86.75.51:1337 172.93.165.166:5200 172.93.187.146:1998 172.93.187.92:1717 172.93.189.85:5200 172.94.127.185:2030 172.94.127.185:2031 172.94.18.167:9441 173.254.223.118:7785 176.107.177.197:5200 176.113.82.95:5200 176.126.86.243:2021 176.126.86.243:5432 176.126.86.243:7070 176.31.159.203:18970 176.31.159.203:5200 178.132.2.230:5200 178.170.138.224:1010 178.20.45.110:5200 178.238.8.111:2626 179.43.134.170:5578 179.43.142.37:5200 18.221.80.225:1605 180.214.238.216:5200 180.214.238.96:5200 184.164.77.132:49160 184.164.77.132:5369 185.102.170.254:32922 185.105.236.172:2525 185.105.236.179:1975 185.128.25.29:5200 185.140.53.10:4876 185.140.53.129:4799 185.140.53.131:8585 185.140.53.133:3344 185.140.53.134:7480 185.140.53.136:5780 185.140.53.137:4479 185.140.53.137:5200 185.140.53.146:2829 185.140.53.154:6234 185.140.53.199:5200 185.140.53.213:5200 185.140.53.21:1297 185.140.53.230:11001 185.140.53.231:8383 185.140.53.233:6767 185.140.53.41:2104 185.140.53.45:5200 185.140.53.46:5200 185.140.53.48:5401 185.140.53.69:4080 185.140.53.6:5200 185.150.25.243:3543 185.154.20.21:5200 185.156.175.51:47010 185.156.175.51:64832 185.157.161.174:9019 185.157.161.69:9494 185.157.162.81:5200 185.165.153.147:100 185.165.153.247:5200 185.165.153.249:2626 185.165.153.251:5200 185.174.40.148:6731 185.19.85.141:7543 185.19.85.150:5203 185.19.85.152:179 185.19.85.154:9971 185.19.85.155:1997 185.19.85.155:50411 185.19.85.155:9951 185.19.85.158:8887 185.19.85.162:5200 185.19.85.183:9301 185.19.85.183:9305 185.195.237.203:29168 185.205.209.203:5202 185.209.29.179:5578 185.213.26.169:3536 185.215.151.139:2104 185.219.132.157:5200 185.219.134.245:5200 185.219.135.196:5200 185.222.57.141:5200 185.222.57.213:5200 185.222.57.226:3554 185.222.57.242:1004 185.222.57.245:5200 185.222.57.253:4782 185.222.57.66:5200 185.222.57.68:5200 185.222.57.71:5200 185.222.57.88:5200 185.222.57.92:5200 185.222.58.105:5200 185.222.58.116:5200 185.222.58.120:1993 185.222.58.151:4808 185.222.58.156:5200 185.225.73.31:11598 185.227.82.72:5200 185.234.219.56:52001 185.239.242.133:5200 185.239.242.145:4442 185.239.242.18:5200 185.239.242.77:5200 185.244.218.89:5200 185.244.29.130:5200 185.244.30.176:5288 185.244.30.200:6373 185.244.30.23:5200 185.244.30.94:2626 185.244.31.243:5200 185.247.228.182:1414 185.254.37.231:5200 185.29.10.101:5202 185.29.10.206:60567 185.29.10.25:2468 185.29.9.20:5200 185.29.9.58:1023 185.32.221.66:6065 185.44.77.84:2000 185.61.138.112:5200 188.72.124.14:1986 190.2.142.239:4566 191.101.130.113:8907 191.101.130.254:30254 191.101.151.14:9422 191.96.184.151:5200 192.119.71.216:5199 192.121.246.82:5200 192.152.0.94:4040 192.227.173.22:5200 192.3.141.154:5200 192.3.193.53:55533 192.3.53.82:1007 192.30.241.52:3830 192.95.0.200:6768 192.99.219.206:4081 193.109.78.123:5200 193.142.58.21:1998 193.142.59.216:5200 193.161.193.99:45013 193.161.193.99:48883 193.169.255.128:2626 193.203.203.96:5200 193.233.182.217:2022 193.239.147.32:5210 193.239.86.151:5200 193.29.104.157:4296 193.29.104.92:65535 193.39.184.4:5200 193.42.32.191:8282 193.42.33.144:5200 193.56.28.104:5200 193.56.28.129:5200 193.56.29.251:5200 194.127.179.121:5010 194.147.140.138:9922 194.147.140.159:8153 194.147.140.211:9897 194.147.140.213:10011 194.147.140.22:5200 194.31.98.142:5200 194.31.98.180:1339 194.33.45.40:5200 194.5.97.10:6022 194.5.97.116:1360 194.5.97.123:9971 194.5.97.145:9976 194.5.97.14:2854 194.5.97.15:4411 194.5.97.165:5200 194.5.97.168:3640 194.5.97.174:1360 194.5.97.212:6677 194.5.97.21:3650 194.5.97.224:20201 194.5.97.23:3344 194.5.97.246:6736 194.5.97.34:1405 194.5.97.48:3141 194.5.97.4:5200 194.5.98.138:3232 194.5.98.138:4689 194.5.98.139:2022 194.5.98.158:4570 194.5.98.178:666 194.5.98.18:5200 194.5.98.201:1010 194.5.98.201:9951 194.5.98.21:5893 194.5.98.220:4693 194.5.98.243:7010 194.5.98.26:8044 194.5.98.46:5200 194.5.98.7:2511 194.5.98.94:5200 194.68.59.48:2318 195.133.18.105:5200 195.133.18.148:1947 195.133.40.109:5200 195.140.213.91:5200 195.178.120.187:5200 195.206.105.227:47010 195.62.33.174:7777 195.93.173.192:5578 198.12.84.39:5200 198.23.213.12:5200 198.46.177.102:5200 198.50.128.23:16276 198.55.115.13:7342 199.249.230.2:58749 199.83.210.132:3028 2.56.57.66:5200 2.56.57.85:56925 2.56.59.217:5200 2.58.47.203:17873 2.58.47.203:51806 20.106.217.83:5200 20.150.137.35:7400 20.190.63.69:8600 20.216.177.36:5200 20.230.7.174:7830 20.58.39.19:5200 20.69.158.38:7400 20.91.186.187:6880 201.97.121.207:6700 202.55.132.213:7744 203.159.80.113:50327 206.123.129.143:5120 208.67.107.127:62641 209.127.19.81:8080 212.192.241.211:5990 212.192.241.54:5200 212.192.246.126:5200 212.193.30.125:3657 212.193.30.217:5200 212.193.30.38:5200 212.86.115.108:5200 212.87.204.251:5200 213.152.186.168:57619 213.208.129.202:6078 213.208.129.211:5200 216.126.225.82:665 216.170.114.25:5200 216.170.119.24:5200 216.170.123.196:5200 216.244.73.139:5200 216.38.2.206:5199 216.38.2.212:5200 216.38.8.163:40951 217.64.127.195:9448 23.105.131.153:1606 23.105.131.156:5300 23.105.131.193:1969 23.105.131.198:5300 23.105.131.207:1024 23.105.131.243:3363 23.106.121.172:4321 23.227.202.157:8080 23.254.230.117:5200 23.83.133.186:5200 23.94.199.19:5144 23.94.54.224:5277 3.91.29.212:5200 31.210.20.155:5200 31.210.20.207:5200 31.210.20.231:1004 31.210.20.4:5200 37.0.10.141:1339 37.0.10.166:5200 37.0.10.69:5207 37.0.14.197:1997 37.0.14.201:5888 37.0.14.204:1604 37.0.14.207:70 37.0.14.209:5520 37.120.155.179:43128 37.120.155.179:52920 37.120.208.43:55908 37.120.210.211:22612 37.120.247.13:5200 37.120.247.211:5200 37.139.34.62:5200 37.187.186.28:5281 37.19.193.217:5200 37.221.113.65:5200 37.46.150.67:5200 37.49.225.194:8978 37.49.230.168:7272 38.68.41.122:5200 40.83.20.77:8700 40.83.220.150:7098 40.84.216.183:7600 43.226.229.43:2031 45.124.54.94:5210 45.124.54.94:5211 45.137.22.107:4445 45.137.22.117:5200 45.137.22.123:5200 45.137.22.131:5200 45.137.22.143:5200 45.137.22.45:5100 45.137.22.62:4231 45.137.22.89:5277 45.138.172.34:5200 45.138.172.56:56421 45.143.147.163:5200 45.144.225.112:5207 45.145.185.52:5200 45.147.231.60:6703 45.15.143.216:5511 45.15.156.33:5200 45.154.98.130:5200 45.61.136.129:9001 45.61.136.88:5200 45.61.175.241:934 45.74.4.244:5203 45.87.61.105:2345 45.87.61.202:1998 45.88.67.63:5790 45.88.79.162:5200 45.95.168.83:5200 46.101.159.120:5200 46.183.216.163:24626 46.183.220.113:4080 46.183.221.107:4082 46.183.221.21:5200 46.183.222.7:5200 46.183.222.93:49159 46.21.147.99:7006 46.3.197.239:5200 46.3.199.112:5200 5.2.68.67:11940 5.2.68.67:1198 5.2.68.91:62520 5.206.224.194:3080 5.75.169.94:7781 51.178.11.185:5200 51.195.140.234:5200 51.210.65.37:4141 51.75.209.245:5252 51.81.143.252:6633 51.81.236.218:511 51.89.0.147:5271 51.89.157.228:5200 51.89.204.165:52001 51.89.255.221:5200 52.168.163.161:5200 54.39.198.162:8842 62.102.148.158:62641 62.197.136.188:4178 62.197.136.237:55788 63.141.237.235:5200 64.112.87.36:5678 64.52.80.214:5200 65.108.48.156:5200 66.70.140.25:1188 67.205.143.54:5555 72.11.156.207:5300 74.119.192.210:5200 75.102.34.38:5200 76.8.53.133:11940 76.8.53.133:2303 76.8.53.138:1198 76.8.53.144:1198 77.83.174.211:5200 78.138.105.197:5200 78.141.193.203:5200 78.47.249.233:4497 79.134.225.102:1414 79.134.225.105:5200 79.134.225.10:4930 79.134.225.10:5200 79.134.225.111:5200 79.134.225.114:5200 79.134.225.115:1024 79.134.225.115:5200 79.134.225.116:4040 79.134.225.119:9584 79.134.225.11:5789 79.134.225.11:6569 79.134.225.17:4449 79.134.225.23:5200 79.134.225.27:8945 79.134.225.30:5590 79.134.225.33:5200 79.134.225.34:5200 79.134.225.34:8518 79.134.225.39:1990 79.134.225.39:5621 79.134.225.42:5743 79.134.225.48:3214 79.134.225.48:5201 79.134.225.50:5367 79.134.225.50:5751 79.134.225.51:5757 79.134.225.52:5300 79.134.225.54:4923 79.134.225.54:5200 79.134.225.69:4693 79.134.225.6:3210 79.134.225.70:4782 79.134.225.71:6779 79.134.225.71:8044 79.134.225.73:6668 79.134.225.75:2314 79.134.225.79:5300 79.134.225.7:1996 79.134.225.7:1997 79.134.225.81:2022 79.134.225.82:1918 79.134.225.82:3443 79.134.225.86:5200 79.134.225.90:9757 79.134.225.94:5352 79.134.225.9:2854 79.134.225.9:8724 80.208.225.197:5200 80.66.64.132:4331 80.89.238.208:5200 81.161.229.138:65535 81.161.229.248:2303 82.102.28.107:37875 84.101.180.244:5200 84.38.129.119:3543 84.38.129.152:1014 84.38.129.37:5022 84.38.130.205:58146 84.38.132.11:5200 84.38.132.126:63030 84.38.132.23:49265 84.38.133.199:5200 84.38.134.46:5200 84.38.135.139:4081 85.17.126.20:5200 85.208.139.75:5200 85.217.145.55:5200 88.198.148.231:5200 89.22.232.145:1080 89.23.101.105:5200 89.23.96.35:5200 89.238.166.235:12562 91.110.235.57:123 91.189.180.216:7788 91.192.100.10:10011 91.192.100.15:11011 91.192.100.19:26771 91.192.100.45:7192 91.192.100.4:11101 91.192.100.60:5208 91.192.100.60:9961 91.192.100.8:4441 91.193.75.120:2525 91.193.75.124:5200 91.193.75.129:2626 91.193.75.132:2780 91.193.75.142:5234 91.193.75.152:3131 91.193.75.154:4449 91.193.75.173:6667 91.193.75.237:6666 91.193.75.66:2035 91.207.102.163:23795 91.207.102.163:3823 91.227.17.32:5200 91.229.76.26:5200 91.92.120.108:5200 91.92.120.132:5200 91.92.120.197:5200 91.92.120.27:1339 91.92.120.27:5200 91.92.136.123:5578 92.119.178.3:63879 92.223.89.200:5578 92.63.192.153:5200 93.95.224.139:14237 94.156.253.141:5200 94.198.40.14:85 95.140.125.98:6262 95.168.173.176:5200 95.214.24.231:65535 95.214.27.90:1337 95.217.123.11:22113 95.217.123.11:5541 95.217.251.120:5200 96.44.130.119:1998 96.9.210.115:5200 1000usd.duckdns.org 1140.ninqshing.net 1988life.myq-see.com 21421412515215.duckdns.org 2x5v.2p.fm 32w4tgef4ehyr5t564rthy.from-nc.com 411184r.duckdns.org 4410.fhpaul.com 4catalyzer.cam 4kr4m0.ddns.net 54369253290033.sytes.net 6620.jianhong356.com 8830.sygcarpets.com absolut7.duckdns.org accessability042.ddns.net acommand.duckdns.org adebaree.duckdns.org aeasc541ac56sa65c.hopto.org afada.duckdns.org agent47.ddns.net akubig1.ath.cx alexxaan.duckdns.org alliedofficewarz.ddns.net amaraciiiiiiii.duckdns.org amospete26.duckdns.org andronmatskiv20.sytes.net ankarab.ddns.net apiv1.duckdns.org apponfly.mywire.org arronsterritfamilyplan.duckdns.org asdfwrkhl.warzonedns.com asiumasium.ddns.net asscum.ddns.net ast3rhost.ddns.net atifgabuying.ddns.net avarian717.duckdns.org avira-antivirus.ydns.eu badnulls.warzonedns.com balayinkudi.duckdns.org bar2020.ddns.net baramac.duckdns.org barr2.ddns.net batashoes.ddns.net bc.gta5modmenu.net bedahogs.100chickens.me benson12.ddns.net benztel.hopto.org bestgrace.mywire.org bestme.mywire.org bestsuccess.duckdns.org bigissssss.zzux.com bigleaks3.ddns.net binancino.hopto.org blacice24.hopto.org blackbenz.duckdns.org blackish.hopto.org blackpyramid.duckdns.org blaq56491.nerdpol.ovh blasterblast.warzonedns.com blessed232.duckdns.org blessing.maximos.quest blessingscomemyway.ddns.net blessnbwz.istmein.de blessthychild.ddns.net blowblue.duckdns.org bluemail-fax.home-webserver.de boobsy.duckdns.org bovigar.duckdns.org brf1.secondaryservicelog.cloudns.cx bryandatabase.duckdns.org bugsy.ddnsgeek.com businessdministration.webredirect.org buzornn.ddns.net byx.z86.ru ca-fax123.home-webserver.de cachepallioniwarznpa.icu caebd.ddns.net casasma.casacam.net ch12345.hopto.org chardomin.duckdns.org charlesdnsoh.duckdns.org checkingss.duckdns.org chefdnshost.ddns.net chefdnshost.duckdns.org chefdnshot.ddns.net chezam.giize.com chinagov.duckdns.org chukwuoma.duckdns.org cjlumberslimited.ddns.net clientss777.duckdns.org cmark.duckdns.org cornerload.dynu.net cowboyd.ddns.net crossedward26.duckdns.org crossllc.ddns.net crow1234.ddns.net cx212x.ddns.net cx212xc.ddns.net cxww2.ddns.net danbochie.dynv6.net danngh.ddns.net darkfox.ddns.net delta212.ddns.net designed-nodes.at.ply.gg dezember22.duckdns.org dfgedee.duckdns.org dhkwufrsfhrgrsw.duckdns.org divy.nerdpol.ovh dnmpbczm0963fxtdplc.duckdns.org dns.rusetinz.xyz dompe.awsmppl.com donafriend.ddns.net donstan.ddns.net dubem2021.duckdns.org eazeeflo.warzonedns.com eccoclean.hopto.org eeddfr.duckdns.org emaildayo24.duckdns.org eriwauwa.duckdns.org esserc.ooguy.com esureforme100.myddns.rocks evakarpati.ddns.net evet.mywire.org expressdelivery.info fagbishop.duckdns.org faith.zapto.org favormelord.ddns.net fbi101.ddns.net feeders.ninqshing.net fileservices.ddns.net flytin.duckdns.org forcema002.duckdns.org frdedsgf.duckdns.org fukfndru.ddns.net gds1733.my.to genasispony.publicvm.com general.wifi-app.net gerogexcsdf234234sdfsvxc341242324.publicvm.com ghjklhgteg.strangled.net global22.ddns.net godhlep.ddns.net godismyhope.ddns.net goldfiner.dyn-ip24.de govcbn.duckdns.org gpent.duckdns.org graceandfavour.ddns.net gratiyupo.ddnsfree.com greatr.warzonedns.com grekris.freeddns.org grotomniponmyte.sytes.net grounderwarone.rapiddns.ru group.loseyourip.com guykj.ddns.net hamzzaogolozar77.toythieves.com hannijelrt.myddns.me healings.duckdns.org helpme20.duckdns.org herold.gotdns.ch hightense.duckdns.org hijodelavida.duckdns.org hilipizie.hopto.org hive01.duckdns.org hjjhjkk.ydns.eu hotelbr.minhacasa.tv hsfdhhoop.ooguy.com hussanmohammed.duckdns.org ifedinma.duckdns.org ijele22.ooguy.com imunstoppable.duckdns.org instac.duckdns.org iphanyi.entrydns.org iron19.ddns.net iron65.ddns.net iron66.ddns.net items.myq-see.com jabsgu.kozow.com jackpiaau.ddns.net jaiban.duckdns.org jasphet.duckdns.org jeanellasimonsxxx.ddns.net jeffreyrobertsrnama.ddns.net jenniferhong.publicvm.com jevron.duckdns.org jiaxin.ddns.net jude77.duckdns.org juner234.ddns.net just-fax207.home-webserver.de just-fax303.home-webserver.de kali123.hopto.org kawasapi.co.in kaymt.ddns.net kazt.duckdns.org kempes.ddns.net kezlkelz.duckdns.org killabean.duckdns.org kingmeth.ddns.net kinosoft.hopto.org kk101.ddns.net kkemopes.ddns.net kkkindo.ddns.net konkation.duckdns.org kts666.publicvm.com kurtangle082.publicvm.com kw9d0w.duckdns.org lesbianporn.duckdns.org light319.warzonedns.com lindsaystewart113.hopto.org linelink-linesn.com livinglogs.servehalflife.com logcollector.xyz love.pure-luck.xyz ls.pickzznoz.bar luckynovember4good.ddns.net lumberr.duckdns.org m1.swooptopnet.com macsucc.ddns.net mailporty.ddns.net maine007.hopto.org makavi.hopto.org maulo.duckdns.org meduska.ddns.net mercenarywarzone.ddns.net miner.fckinpwned.cn minerz.duckdns.org mitty.ultraddns.com mobibatubobo.duckdns.org mohbeebnew.duckdns.org mokoolm.gleeze.com mondaynew22.3utilities.com moneybank.ddns.net morggy11.ooguy.com msdos.treatwellshome.xyz msteel1759.ddns.net msteelwar.ddns.net mvp.shzhouheng.com myblessingsfor2022.ddns.net mydomain007.duckdns.org mykassa.zapto.org myserversmp.ddns.net mywarswarw.ddnsfree.com n.nerdpol.ovh nasas.dnsupdate.info nchijindu2.hopto.org nestssow.ddns.net netw.infiinite.com newpart.cam newvic.myvnc.com newzone.from-ne.com ngray.duckdns.org niggalips.hopto.org nojonxn.duckdns.org nonsomawardns.ddns.net nonyserver001.duckdns.org normanaman.duckdns.org nyambe.duckdns.org obibryme.ddns.net obilafia.giize.com obyhost.ddns.net ofenja.zapto.org office101.warzonedns.com officedesktop004018.webredirect.org oficina3030.duckdns.org ojo123.ddns.net oklahamaa.ydns.eu oluwabless.ddns.net omc2015asm.ddns.net omerlan.duckdns.org oneness.duckdns.org online-3450.home-webserver.de onlythefamily.duckdns.org ontmintuejio.sytes.net opaqueslots.duckdns.org osairus.duckdns.org osas212.ddns.net osas212.duckdns.org ozcall.duckdns.org p2.is-by.us papi1.ddns.net papiguy1.ddns.net pastorcc.duckdns.org pato01.ddns.net patront.duckdns.org pc.khenz-pc.com peggy.ddnsgeek.com peggyboo.duckdns.org phaz6434325328.redirectme.net pradeepprabhu705.ddns.net princsa.ddns.net privatexpo.duckdns.org promotrans54185.ddns.net provent.ddns.net pstericdd.duckdns.org publicvm.casacam.net pussy12.duckdns.org putmein.zapto.org qgexserver.hopto.org rajsavindia.hopto.org rakcha.ddns.net ranggamuffin.duckdns.org remote.isubi.sbs remotes1338.hopto.org renajazi.linkpc.net rencos121.duckdns.org resultbox0147logs.ddns.net retrieverconnection.ga revive147.duckdns.org richiealvin2021.ddns.net rikpoman.mywire.org rodasiter.duckdns.org rootsec.linkpc.net safe2202.ddns.net samguys2.duckdns.org samirsana2019.myftp.biz sams1234.ddns.net sanchuza.warzonedns.com santa.hopto.org sapsurro.duckdns.org satusdei.ddns.net securedbag2021-48502.portmap.host seencroundercontroller.webredirect.org sept5th.ddns.net septubandas.sytes.net sgstgfahdg7126edha.duckdns.org sgzi.e20.ru shawcn1.sytes.net shawgod1.sytes.net sheb.ddns.net simpol.duckdns.org sirbanty.ddnsgeek.com skyrocket.ooguy.com smartconnect.duckdns.org smartconnect1.duckdns.org smartupdater.lignarn.com smcxzhu.ddnsking.com smila.ddns.net smilecat.ddns.net smsv4.ufcfan.org soft.maximos.quest speedfoxx1.hopto.org spicydojo.duckdns.org steam007.duckdns.org steam9.duckdns.org stoic.gleeze.com subwaynovember4good.ddns.net suitehvd2.home-webserver.de tain77.duckdns.org taker1234.hopto.org tamidem.duckdns.org tawk.duckdns.org tef-co-ir.com telegrammylink.ddns.net telenaxty.ddns.net thankme.ddns.net thankme1.ddns.net thatd6whnhdyd56jd.duckdns.org thedonaldman77.warzonedns.com tiger22.ddns.net tokyooffice1.duckdns.org toomuchego.ydns.eu trenchesrelax.duckdns.org tresor2020.ddns.net turdtaco.xyz udooiuyt.dynamic-dns.net ugblackblessing2022.ddns.net ugob.ddns.net ugoguy01.ddns.net uhie2021.duckdns.org unload.duckdns.org untyaru.casacam.net uomz1.ddns.net update.aquaholic.dev urchy.duckdns.org value747.duckdns.org victorycolum.ddns.net vieir.warzonedns.com vladisdns.rapiddns.ru vodahelp.myvnc.com vtzjnphtvnpckznxhxpb.duckdns.org wakar.duckdns.org wapt.myhome-server.de war.servebeer.com war101.ddns.net war3785host.ddns.net warkarwaka.duckdns.org warmoni147.duckdns.org warnonmobina.duckdns.org waromo6700.duckdns.org warsone.duckdns.org warvm.duckdns.org warwin.duckdns.org warz.viewdns.net warzon.duckdns.org warzone05b.duckdns.org warzone109983runnerhacker.duckdns.org warzone12.ddns.net warzone121.hopto.org warzone2020.duckdns.org warzonez.linkpc.net warzonlicen1304.ddns.net warzonne.publicvm.com warzonnee.duckdns.org warzzz.duckdns.org wazminister.duckdns.org wealthymanr.kozow.com weurtdgfjs.rapiddns.ru windows-updates.co windows2012.theworkpc.com windows2023update.duckdns.org windows453update.ddns.net windowsupdate.ligrnan.com windowsupdater64x.theworkpc.com wizzycheddah1.duckdns.org wizzyfdgod.gotdns.com workbro.duckdns.org worrynot.duckdns.org wrzone-srvr-connector-port.windows-updates.co wtwrrtxhssbqsm-fk.duckdns.org wz-patient001.duckdns.org wz.servehttp.com wzxbrian.duckdns.org xilogrid.info xls.medicelcoolers.cn xmowa.ddns.net xpcehopsford.ddns.net xpwarzonlicns2.ddns.net xpwarzonlin2.ddns.net xxxanonymoussom.duckdns.org ydess.duckdns.org year2021best.mine.nu yggtccccchgr.duckdns.org yulanda.hopto.org zaki29.ddns.net zcv2ngnfg69354253.3utilities.com zingx1.ddns.net zone.facebook-shoping.com # Reference: https://www.virustotal.com/gui/file/a3772fc5522823c8a0952a6562a822058b6b9b9d9704e53fd61bb51168cae71f/detection 185.140.53.230:5200 # Reference: https://www.virustotal.com/gui/file/6cc99c09a40c47a90d892650315d0267602d1fe89ddadb11b496523f3219e778/detection 5.181.80.111:5200 # Reference: https://threatfox.abuse.ch/ioc/1182614/ 185.225.74.106:5200 # Reference: https://threatfox.abuse.ch/ioc/1182832/ 185.236.228.161:4345 # Reference: https://www.virustotal.com/gui/file/1a0cd2b643a7e0bfe005231bf3bd2d4552d02e9dde1b442ac61a4fb822a3074d/detection # Reference: https://www.virustotal.com/gui/file/ddb61652772dfbae79ce10a2f92cfe6f585b7851afce2b3eb8bf70605f419154/detection http://79.110.48.52 194.180.49.39:2936 79.134.225.108:2936 werberyouse.kozow.com # Reference: https://www.virustotal.com/gui/file/36e9cc2afe989974b0e5103674ac4eb8c0832711a4e6d38c4d7e411b4a21454f/detection 5.75.169.94:7782 # Reference: https://threatfox.abuse.ch/browse/malware/win.ave_maria/ (# 2023-10-25) 103.212.81.156:1751 130.51.42.169:7702 130.51.42.8:7890 163.123.143.8:8901 170.130.165.120:5200 173.212.199.134:4411 185.216.71.13:1993 185.216.71.8:1990 185.254.37.81:5200 194.147.140.140:1769 194.147.140.205:1994 194.169.175.232:5200 38.255.42.252:5678 45.138.16.214:5200 45.151.122.57:5200 45.42.45.245:5890 45.66.230.22:5200 46.183.222.97:5555 5.2.68.90:1198 64.188.20.119:5200 66.70.247.194:5890 79.134.225.6:7910 91.92.247.146:14977 91.92.248.59:5201 91.92.252.13:4244 94.156.64.213:5200 # Reference: https://otx.alienvault.com/pulse/651e8e42e47767b4a87002ec # Reference: https://www.virustotal.com/gui/file/20d9336d31c28b4621f8fafce1d379cc6c8ebb0913c877ec3a15ca61425c0738/detection # Reference: https://www.virustotal.com/gui/file/edbd121bc9d95625251652a5a4ba8621cd150cdf3e8f410b93a72693ec770ec4/detection # Reference: https://www.virustotal.com/gui/file/bb5211bf2d569590ad3bc5ee64b5ed1d582d632f3868576c83123e74b5fb48ed/detection # Reference: https://www.virustotal.com/gui/file/4cdf85c75ba162b8755d742bc4aae5e812378a3d1c7f6feffaf5a79a53badd3b/detection 176.223.131.107:5000 176.223.131.107:5800 176.223.131.107:6969 185.225.74.106:6000 95.214.27.6:5200 95.214.27.6:5800 95.214.27.6:6000 95.214.27.6:6969 freecryptorobot.com superguy.camdvr.org superpowerman.accesscam.org # Reference: https://www.virustotal.com/gui/file/4e5e506e399707d8f3672fe58972a736f1ab3b6c8cdf88a6024e9407551948f1/detection 49.36.222.191:5200 hellboyhk.duckdns.org # Reference: https://www.virustotal.com/gui/file/5efaa73ae9ed471ea8027592dd3e1f1abe477cd414c4dfd2a93a5332d1e96381/detection 194.180.48.169:5200 # Reference: https://www.virustotal.com/gui/file/e2f3021bc73f08aa48347fd1319b1922e4462cc6b15bea4d9d53021ab33d0fe4/detection 187.123.165.92:7777 emailpriv82023.ddns.net # Reference: https://www.virustotal.com/gui/file/0584e275d2a9843b758f66e9a11609a71eed57c4979b93959606c42f236d5daa/detection 20.88.27.180:2223 oka.nerdpol.ovh # Reference: https://www.virustotal.com/gui/file/9fdbb6b777179115ce7a04af0ee68cc60dc5ed033279698043fc8519aef7fee6/detection # Reference: https://www.virustotal.com/gui/file/80ba4649cf38c016dceaa3471569bb6b3726a729373db3579f035a9490203e3b/detection waswift.ddns.net # Reference: https://www.virustotal.com/gui/file/ec0d5142d807b607b231d6e3bbfed1a35749a2b0460c14716c16d72cc0927134/detection # Reference: https://www.virustotal.com/gui/file/4037665fb5a8ca2de8e3252ed5ebf8d7b07890278d547caf704206508749ad6e/detection rat.ddos.cx rat.packets.sx # Reference: https://www.virustotal.com/gui/ip-address/103.212.81.158/relations ssp.theworkpc.com # Reference: https://www.virustotal.com/gui/file/887b114812975e53c911f1c95d40d760d8cd8daf765c8a0bac66a7754835537d/detection 103.212.81.151:8671 uchnexswin.3utilities.com # Reference: https://threatfox.abuse.ch/browse/malware/win.ave_maria/ (# 2023-11-21) 103.212.81.154:6028 155.94.136.130:5200 173.249.196.201:5077 194.147.140.186:5200 23.227.199.39:1976 38.255.42.181:5566 45.133.235.148:5200 46.183.223.122:29873 72.11.156.74:5199 85.239.237.141:5200 91.193.75.147:6789 donpapajay.ddns.net jilnsmclein.3utilities.com segun.ddns.net tende.dvrdns.org # Reference: https://www.virustotal.com/gui/file/0936065283886a9d596eceaccb81aa572093322574a42348c4e0678621521f3d/detection 134.19.179.203:42490 thebeast420.duckdns.org # Reference: https://www.virustotal.com/gui/file/060b5ad7f697bac3c488e50b6d7c14301c32a04e4cf74ad6fd8a960689e6eb5b/detection 213.152.161.118:52095 timduckdns0123.duckdns.org # Reference: https://www.virustotal.com/gui/file/bfe5cdc4fee65eb416952bb3c6e3b85ae6e1f0e34d3cc2f0e1f3eae5fb267313/detection # Reference: https://www.virustotal.com/gui/file/b4d1a0d2546b7125f3e3aaaa44954827ffb0b844e7346976713688ba5a80aa42/detection 179.13.1.70:7638 warzone2021.duckdns.org # Reference: https://threatfox.abuse.ch/browse/malware/win.ave_maria/ (# 2023-12-03) 103.67.162.119:4040 213.65.233.25:5200 45.61.171.47:8901 45.87.61.156:8899 91.92.243.245:3245 91.92.250.47:2025 91.92.251.22:5122 91.92.251.65:5202 sanael-62946.portmap.host # Reference: https://www.virustotal.com/gui/ip-address/141.255.146.151/relations # Reference: https://www.virustotal.com/gui/file/45b0ebd57ec71b6f93a8578d8bab13c142f48ea6eb33fb7a6c8bd24224ce6a2d/detection 141.255.146.151:1177 141.255.153.107:1177 a01yato.duckdns.org ajx910441.ddns.net biskrastan.ddns.net botdiscordself.ddns.net ddos900.duckdns.org godcheat.duckdns.org hacker2022.ddns.net info123.ddns.net marianagostosa.ddns.net mathsssz.duckdns.org mostafax.ddns.net sexycam.myq-see.com tokyosama.ddns.net videoaula123.duckdns.org win86.ddns.net xegise6532.ddns.net zaidwwwee.ddns.net # Reference: https://www.virustotal.com/gui/file/74c3473ba21368dd1d193713341591d5e4d458e9a0ad5106b1fa0a085960b81b/detection 154.38.188.188:5200 spectrami12.ddns.net # Reference: https://www.virustotal.com/gui/file/bc0501a091732551d0a528b16ea7e63cac32281e1bed3a6f6d8a5f0064bb11dd/detection 46.246.6.5:16891 46.246.12.6:16891 46.246.12.6:509 05042109.duckdns.org # Reference: https://www.virustotal.com/gui/file/0f81f0af73f86d3898d6226cf894176e50eead5780f74d5c73e563ccdd3605d5/detection 46.246.84.18:9000 # Reference: https://www.virustotal.com/gui/file/b49bb08ecd6c6b2d3d27ed33560267cf65e83494aaf6ebfe92321e248a43c1c2/detection 46.246.4.8:16891 # Reference: https://threatfox.abuse.ch/browse/malware/win.ave_maria/ (# 2023-12-17) 213.152.186.35:46260 31.220.99.254:5200 38.170.239.48:7506 85.195.105.96:4040 91.92.252.239:5201 95.168.174.55:5200 aimbotexee-22359.portmap.host aimbotexee-47825.portmap.host androidonline.ddnsgeek.com doldbolcein.crabdance.com funkytothebone.giize.com gggb.dvrdns.org osiarus.duckdns.org peterzag63.ddns.net qgexserver.hopto.orgmodify satgobleien.jumpingcrab.com spoudel.mywire.org superherocan.mywire.org zonewar.ddnsking.com # Reference: https://www.virustotal.com/gui/file/62db9befc302fe0b08ea77bc6ea87a37100ce343f5ef87b6ca589f3b264bd9cf/detection /klvsailorwarzoneslinkwithkenny.txt # Reference: https://www.virustotal.com/gui/file/7f748d47f13f046e1b6213975db3888384853e33e66ca03ddc7f552fa192c182/detection 194.5.98.235:5200 maraoke.duckdns.org # Reference: https://threatfox.abuse.ch/browse/malware/win.ave_maria/ (# 2024-02-12) 103.67.162.154:4040 109.248.151.213:45682 155.254.24.167:5400 172.93.222.149:8809 173.249.202.75:5200 185.202.175.208:54600 185.236.203.102:54600 2.58.14.224:443 23.106.121.172:2026 38.255.33.106:7896 38.255.40.137:3451 43.230.202.77:4568 45.137.116.2:443 45.156.84.190:443 74.50.93.170:4040 85.209.11.168:443 91.92.245.248:1985 91.92.247.108:1986 91.92.254.111:1977 91.92.254.42:6548 94.156.64.202:4036 94.156.68.226:3787 # Reference: https://www.virustotal.com/gui/file/bacb2b79191a756abd1151f3832dc524721d0fa5a1c1b933aeb650403a6a1d52/detection 91.193.75.10:2019 # Reference: https://www.virustotal.com/gui/file/eb0a193694e1ccdcebfdd9b73c74ef509029501c2e8afb9c58b4bfe3de527ff8/detection 91.92.251.65:5202 qoldwold.zanity.net # Reference: https://www.virustotal.com/gui/file/bdeab4aacc7637fa9db5faaaf4b33564386f07ed0473ea96e494d4c16e0d5db3/detection 194.147.140.183:5208 boldwold.home.kg # Reference: https://www.virustotal.com/gui/file/74f9ba880152fbae0dddc5aa7ff8d3b1bd92b141e5638aac0c610015025bd202/detection 178.73.192.18:1000 warzzzoneez.duckdns.org # Reference: https://www.virustotal.com/gui/file/dd5379e78f94fe990937f2a1404c3dc5562c68db77e4f8927ef45fcd9d663a89/detection 162.246.186.123:9002 # Reference: https://www.virustotal.com/gui/file/e13e0435182d7e550e67bea1cbf7c709d6cec76fcc7bffe7584de0ec07d49a9f/detection 46.246.86.8:5200 # Reference: https://www.virustotal.com/gui/file/7c6c180635f5329b270bfa6fd56ec15604cca270687d0a0bc2fc5edd78dc4c9c/detection 91.92.247.21:1988 mrrichie.ddnsfree.com # Reference: https://www.virustotal.com/gui/file/7712424f2dec2d08630237c737e5f81789d2e92edc31111c72eaa0388b6df1dc/detection http://91.92.247.21 91.92.247.21:8405