# Copyright (c) 2014-2022 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Reference: https://krabsonsecurity.com/2020/08/22/bitrat-the-latest-in-copy-pasted-malware-by-incompetent-developers/ unknownposdhmyrm.onion # Reference: https://twitter.com/InQuest/status/1306629050052509698 # Reference: https://twitter.com/James_inthe_box/status/1306632726594740228 212.8.246.213:4858 a2204a0w.beget.tech # Reference: https://twitter.com/James_inthe_box/status/1312131470119510017 # Reference: https://www.virustotal.com/gui/file/ba318072fe85e168c5fd55a30760ac306f75fa76c2d5ec40533b0505cda1c26d/detection 193.239.147.16:4561 # Reference: https://www.virustotal.com/gui/file/1309f6fa224d2fd53c8fd1399fdb06cc602c80456650fcac7a99ff972ef33fa9/detection 193.239.147.16:5995 # Reference: https://app.any.run/tasks/33316cee-cc80-4b93-afa1-a7d986787900/ 86.105.252.202:1337 # Reference: https://app.any.run/tasks/cb155241-20d8-4544-b8fb-bc094c6b4a41/ 185.244.128.7:9944 # Reference: https://app.any.run/tasks/698342fb-4581-496e-bcef-d372de715556/ 62.173.149.200:1488 # Reference: https://twitter.com/wwp96/status/1328339029021118465 # Reference: https://app.any.run/tasks/27a07edd-459f-47d7-895b-30be0fa69ccb/ # Reference: https://app.any.run/tasks/ecc90db0-667c-4848-a3a7-42763f7de0bd/ 79.134.225.14:8070 nexty.dnsupdate.info # Reference: https://twitter.com/wwp96/status/1336838211008667651 # Reference: https://app.any.run/tasks/53b96245-a143-47f7-bd16-764eb7ff6c6c/ http://192.236.195.143 192.236.195.143:44220 # Reference: https://app.any.run/tasks/716bb70e-5d69-4d95-a090-8b9fd091ff46/ 5.9.86.48:4559 watchmovie.world # Reference: https://twitter.com/reecdeep/status/1345411411829260289 # Reference: https://twitter.com/James_inthe_box/status/1345428580499509248 # Reference: https://app.any.run/tasks/73fc7745-00d6-4ad3-839a-0b615a9143c0/ # Reference: https://www.virustotal.com/gui/file/f5d02bf8a1a6612e21e2165e2008c66347e60436a43b3bf7cae2edc323f50d44/detection 45.15.143.195:5366 kabuto.tk # Reference: https://twitter.com/executemalware/status/1348826729176059905 # Reference: https://pastebin.com/riNucR5r 45.15.143.216:5210 # Reference: https://app.any.run/tasks/76f62a1a-a1b5-468c-bb08-132270b8736d/ 185.239.242.74:5505 # Reference: https://app.any.run/tasks/adcf19e2-10b0-41c7-a224-409b3ed01c53/ 76.6.213.195:1337 iceyrattedyou.ddns.net # Reference: https://app.any.run/tasks/d192b25d-d66f-4860-a80a-25b618431c27/ 51.81.241.89:8331 # Reference: https://twitter.com/James_inthe_box/status/1366773490112630786 # Reference: https://app.any.run/tasks/0974f171-7f1d-4086-a33e-0907f343d2fb/ 192.227.217.243:5060 bitmama.ddns.net # Reference: https://twitter.com/wwp96/status/1366840097719652359 # Reference: https://app.any.run/tasks/c56eff7f-f8c5-4c54-9ca4-4365650c380f/ 185.118.164.167:2442 ps5gaming.ddns.net # Reference: https://app.any.run/tasks/031a6166-c9bd-4c62-bab7-de2f9ea03cc1/ 51.195.57.232:4480 bbtratlopaspm21.net # Reference: https://twitter.com/JAMESWT_MHT/status/1367780791711858689 # Reference: https://app.any.run/tasks/21ba270a-dc77-4c47-a62f-3f646a72b75f/ 192.129.178.226:8080 # Reference: https://twitter.com/JAMESWT_MHT/status/1369611654800044033 allplainbartatibotr.com # Reference: https://www.virustotal.com/gui/file/e2acc1548804137b072871cac70133b33fc2c81906c0b5454eb3ca721b2487ef/detection # Reference: https://www.virustotal.com/gui/file/102a1c8cb0870145e85fb2ef39e407559b9ee06cf493b1a1c0a8b3cafa154060/detection # Reference: https://www.virustotal.com/gui/file/e3cb90b326221bd741b7d25101723686645d3cee8a15e2e2aa70cc08f5a7932f/detection 105.112.108.188:4567 185.244.30.156:4567 79.134.225.13:4567 primo1.hopto.org # Reference: https://twitter.com/Circuitous__/status/1395078617709826052 # Reference: https://twitter.com/ffforward/status/1395083197776646146 # Reference: https://tria.ge/210519-lwckr1nhex/behavioral1 37.153.1.10:9001 5.9.29.183:9002 92.38.163.191:9001 94.130.246.106:9001 cajyn27ifx3cmmfj.com et5bjiyeg33jmp.com itzdfcc.com lwbgzobn3.com nazwe6jz.com spvnm.com xegkrcp52yyadqby4jxta.com # Reference: https://twitter.com/StopMalvertisin/status/1396136539520786432 # Reference: https://tria.ge/210522-96v87ajff6/behavioral1 # Reference: https://www.virustotal.com/gui/file/1c63ebb7a2f131b8f7a79c14dde26f4bedcc30409c780057e08b193ccbdf4e7c/detection 193.169.254.216:6464 # Reference: https://app.any.run/tasks/746e2df0-b32c-46e8-b119-bb9050c4b252/ 79.134.225.75:7739 # Reference: https://twitter.com/reecdeep/status/1400481387258552326 # Reference: https://www.virustotal.com/gui/file/960908cfb5d254bac4b09f16688589ec62197ba1372f8bb06915b6db03ccf437/detection 79.142.76.244:43147 0b1.duckdns.org # Reference: https://twitter.com/phage_nz/status/1402796421691056130 # Reference: https://tria.ge/210610-tvq26cva56 45.133.1.212:50855 faithheals.duckdns.org # Reference: https://twitter.com/James_inthe_box/status/1408506126157504515 # Reference: https://app.any.run/tasks/95bb54c8-f98f-4063-ac8b-9cb392a4c831/ 20.98.18.253:2222 resereved.nerdpol.ovh # Reference: https://twitter.com/pollo290987/status/1411593842160189440 # Reference: https://www.virustotal.com/gui/file/827db97b1bc0843a4098668d4571804efdcc68a9047b0df4963bf0d1262dfe7e/detection 192.121.245.14:9088 publiquilla.linkpc.net # Reference: https://gist.github.com/silence-is-best/ac1440dcf7aec90a53905ae86559e621 # Reference: https://www.virustotal.com/gui/file/18b96a50da281d031e2ce58c2143a9c1bf4868c710bbcc61b7d147038b449e2b/detection 191.101.130.145:2880 eewe.ddns.net # Reference: https://twitter.com/Racco42/status/1422325067577495552 # Reference: https://app.any.run/tasks/33ed2642-b879-4507-a0c2-66136fde62ae/ 20.194.35.6:7904 # Reference: https://twitter.com/b3ard3dav3ng3r/status/1445892714965340167 redlabelvacation.com # Reference: https://twitter.com/tosscoinwitcher/status/1484599260108574722 # Reference: https://twitter.com/James_inthe_box/status/1484606522667663362 # Reference: https://www.virustotal.com/gui/file/61f2d36c819dbbdc6d78cb574b399788fedc0b74b253144a3421f3363f7716d9/detection bitranew3500.duckdns.org # Reference: https://www.virustotal.com/gui/file/55afaccb3c05610eefaa5cbe314c9809d38a0665cfbe12ae7e30f6e0be9f1493/detection 5.39.217.241:7500 privatemicrosoft.ddns.net # Generic /step_1.php?hwid= /step_2.php?hwid= /hwid_update.php?hwid_old= /client/clientcreate.php?hwid=