# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Aliases: krbanker # Reference: https://twitter.com/Paladin3161/status/1185196100220665856 0x0x0x0x0.best 0x0x0x0x0.club 0x0x0x0x0.xyz 1c1c1c1c.best oiwcvbnc2e.stream # Reference: https://twitter.com/Kafan_MalwareHT/status/1359153542783774727 # Reference: https://app.any.run/tasks/7200fdbe-b752-41d1-8a74-9822e75cd2fc/ # Reference: https://www.virustotal.com/gui/file/1ac1a77ff3cf20c46f132c214a737ec2c2086f4ab42068a55a8ac30abfea432d/detection r.pengyou.com users.qzone.qq.com/fcg-bin/cgi_get_portrait.fcg?uins= # Reference: https://www.virustotal.com/gui/file/008e45f4d75d423d8f77cec6b80ae4f87248b4c66ca6efba019329ea735e8eda/detection 14.18.141.27:33355 # Reference: https://www.virustotal.com/gui/file/eb603df8f80f6863a6602e73e335a0b3eb35087e19e5b518a141ad5189055fdc/detection 14.18.141.27:8668 # Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.krbanker # Reference: https://www.virustotal.com/gui/file/008c859fb13090cf9a14190cbadf0aa6176264e18b2c9c34389f18f993fa5e42/detection /fcg-bin/cgi_get_portrait.fcg?uins= # Reference: https://tria.ge/220725-kbamjsbeck/behavioral1 # Reference: https://tria.ge/220725-kh522aagg8/behavioral1 91.208.245.116:10020 nxxxn.ga r.nxxxn.ga fuck88.f3322.net # Reference: https://tria.ge/220722-pea5psfccn/behavioral1 http://106.126.11.167 # Reference: https://tria.ge/220624-mg3lmabfdq/behavioral1 110.42.64.64:11022 # Reference: https://tria.ge/220710-qc7xbsbegj/behavioral1 43.248.201.209:24303 qq2457600534.e2.luyouxia.net # Reference: https://www.virustotal.com/gui/file/b313ca691222060976a9e84c2844ef65adca90aa71edfd236114fc4af316bc7e/detection 42.192.232.209:3650 58.247.212.48:6666 # Reference: https://www.virustotal.com/gui/file/43459add0078b6a62c05541b6c4c1c4b8447019635b1d3b2fe41f306fc149820/detection 42.192.232.209:8896 # Reference: https://www.virustotal.com/gui/file/76e37df391e311f92a1030c3a2a68f35e8c5308e5b07eea741164b9400d3f69d/detection 118.112.248.123:3650 42.192.232.209:8000 # Reference: https://www.virustotal.com/gui/file/efdd712dc7ccee416dc25ee6b80cab926708d74ed65e4d905703a3729a7239bc/detection 45.32.212.57:3650 # Reference: https://www.virustotal.com/gui/file/b6573c414cddba0170719c4a5d82bd7b38b2042793c4ff0064cd9bdd81d572ed/detection 42.192.232.209:8888 # Reference: https://www.virustotal.com/gui/file/9dec29df40e9a23c04321040e36ae0c84f686af11ce7115642431e879b7fbceb/detection 103.39.222.89:3650 # Reference: https://www.virustotal.com/gui/file/83d9bd147a4b5903426cc01c0b5592a5ad0c405f74ca13c873e8593c2b7f7bc3/detection 103.27.109.51:3650 # Reference: https://www.virustotal.com/gui/file/2ebf6b0c3c6c42169746f3c8da7069a74c77a92b7783a50160f8f3f9c38f931a/detection 111.67.196.146:3650 # Reference: https://www.virustotal.com/gui/file/0f4d1a9ac1322f2bb0ae03ff90a2ef81237e626965c33098e49be650050caf8c/detection 27.124.4.165:3650 # Reference: https://twitter.com/AttackTrends/status/1610266530046001152 # Reference: https://tria.ge/230103-nl53zsbc37/behavioral1 110.88.128.233:5210 # Reference: https://app.any.run/tasks/4f1dcbf3-ca4d-4b60-9067-2571e59bd99f/ http://45.119.55.12 103.97.131.17:3366 # Reference: https://tria.ge/221107-vfn1vabadk/behavioral1 http://139.196.217.38 139.196.217.38:8089 # Reference: https://www.virustotal.com/gui/domain/a1free9bird.com/relations # Reference: https://tria.ge/221106-a9r95sadg5/behavioral1 a1free9bird.com bj6po.a1free9bird.com dhl4mql.a1free9bird.com do6fli.a1free9bird.com do7fli.a1free9bird.com do8fli.a1free9bird.com do9fli.a1free9bird.com jg5epm.a1free9bird.com ka7ds.a1free9bird.com w1upte.a1free9bird.com # Reference: https://www.virustotal.com/gui/file/0918b05df1a6cd88ceb4cafd219b376aa40753145c5ea627cb57c9917edac033/detection 47.98.62.252:11420 tomyun.320.io # Reference: https://www.virustotal.com/gui/file/0545f4dd8f18e92ac706629803628ebb1cefc62b27e65edcc9cc8f8278d9659d/detection lovesnow.320.io /mainhttp.snow # Reference: https://twitter.com/JustWantToQ1/status/1688984468755722241 # Reference: https://twitter.com/tosscoinwitcher/status/1689108220772761600 # Reference: https://tria.ge/230809-c8dfpsgf64/behavioral1 118.123.237.35:12345 # Reference: https://twitter.com/naumovax/status/1716436449392804049 # Reference: https://tria.ge/231013-qkln3abh97/behavioral2 # Reference: https://tria.ge/231015-rcnzwshe36/behavioral2 # Reference: https://tria.ge/231018-j2ehradh45/behavioral2 124.223.107.201:8899 gcstcp.com # Reference: https://twitter.com/naumovax/status/1716832738777694593 # Reference: https://pastebin.com/4NNs1s2S # Reference: https://tria.ge/231014-htx5fsae49/behavioral1 # Reference: https://www.virustotal.com/gui/file/9fa041f6e4e3c863bc19a93f9b4ffe92cf098e38605fa3877b6370021e1c3eb4/detection 101.32.211.148:9999 103.148.186.25:54188 103.97.229.172:2022 110.249.149.5:5667 110.40.188.162:11451 115.238.196.227:1314 123.99.198.148:5253 124.220.3.178:5667 144.48.8.94:2022 154.23.176.18:2022 154.23.178.149:2022 154.23.178.57:2022 154.23.182.22:2022 154.34.112.223:2035 154.55.128.124:2022 156.236.64.97:2022 206.119.81.10:2022 206.119.82.44:2022 206.238.199.63:2022 38.181.21.52:2022 38.181.22.72:2022 38.181.22.72:56700 38.55.205.246:2022 # Reference: https://twitter.com/Artilllerie/status/1734242372165234931 # Reference: https://tria.ge/231211-nk1rwaegb3/behavioral1 8.218.159.17:2123 anydesk.cyou # Reference: https://twitter.com/Gi7w0rm/status/1767161955733696771 43.248.188.181:2222 43.248.188.181:8181 43.248.188.181:9003