# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Reference: https://twitter.com/MaelSecurity/status/1039752010713718785 endbars.co readact.co # Reference: https://twitter.com/K_N1kolenko/status/1109030275395342336 # Reference: https://twitter.com/PhishFindR/status/1184743844962803712 kaosjdoaaf6.pw kadosjdoafa.pw kadosjdoaaf6.pw hostyourhe.xyz offerswides.xyz /fk/f2.php /hc/f2.php # Reference: https://twitter.com/0x1xday/status/1115541156434202624 deluxemattress.ca # Reference: https://twitter.com/K_N1kolenko/status/1098500517272137728 cba.demdex.uk.com hegorevent.online /googleads # Reference: https://twitter.com/K_N1kolenko/status/1097488279279226881 businesmol.pw hegorevent.club # Reference: https://twitter.com/K_N1kolenko/status/1095997980614770688 unilear.pw 236.16.27.121:443 158.95.73.22:443 185.92.222.238:443 212.11.167.110:443 242.5.247.180:443 64.34.94.27:443 134.90.213.11:443 72.125.213.163:443 237.236.131.48:443 192.71.249.51:443 # Reference: https://twitter.com/malware_traffic/status/1119331956217585664 business4good.eu # Reference: https://twitter.com/devnullek/status/1097871459752599552 driverssoftware.info messagesupport.info softwaresearch.info traderssoftware.info # Reference: https://twitter.com/James_inthe_box/status/1122156673299173377 frezyderm-orders.gr/sites/all/notused/not/ponto.php # Reference: https://twitter.com/devnullek/status/1123208253566005248 # Reference: https://app.any.run/tasks/a86516d1-07c3-4417-b4ad-bd8ce026acee piosnoksld.info zaratoons.info 212.73.150.207:443 # Reference: https://twitter.com/0xE9FBFFFFFF/status/1140946344137416704 fiuiert.xyz lulipcxulci.info statusnim.info # Reference: https://otx.alienvault.com/pulse/5d0b9cbf63180da44379580a # Reference: https://research.checkpoint.com/danabot-demands-a-ransom-payment/ braksiolsa.top brekwinarew.site brukaisloap.club brukiloapos.xyz bruksialopws.icu goskilindad.site gousikolka.space guksuoiew.top gustemiaksa.icu gustokiloe.xyz jklfsdkfjhwefjosdf.top jklfsdkfjhwefjosdf.xyz kadosjdoaaf6.pw kadosjdoaf6.pw kadosjdoafa.pw kadosjdoiafa.pw kaosjdoaaf6.pw kaosutdoaaf.pw kaosutdoaaf6.pw kdguwoewpew.pw kdosjdoiafa.pw kduwouewpew.pw kipokahynr.top kipokahynr.xyz lidaskiheg.site lidaskiheg.space lindakiski.top lnet4-data.com mon-sta.com muabolksae.club muoklaiow.xyz nautorern.xyz net4-data.com okjauwbueiws.top okjauwbueiws.xyz oneuisopeweh.icu onueilsndsuywe.xyz sfjskdjfwoiewwegroup.tech thegiksjoute.online thenautorern.tech # Reference: https://twitter.com/Bank_Security/status/1146296727349157888 # Reference: https://pastebin.com/QyYHnKMH derikaosos.info sinoposdssf.info statusnim.info tefidnsops.info # Reference: https://twitter.com/w3ndige/status/1164148967413878788 # Reference: https://app.any.run/tasks/5b6c027d-dc71-4d67-9dff-9343e8095969/ http://74.118.138.146 109.202.103.170:8733 213.152.161.229:8733 114.26.195.117:443 146.229.67.12:443 154.94.158.126:443 5.188.86.20:443 66.165.187.11:443 gazgrsrto.xyz # Reference: https://research.checkpoint.com/danabot-demands-a-ransom-payment/ encrypter.webfoxsecurity.com braksiolsa.top brekwinarew.site brukaisloap.club brukiloapos.xyz bruksialopws.icu goskilindad.site gousikolka.space guksuoiew.top gustemiaksa.icu gustokiloe.xyz jklfsdkfjhwefjosdf.top jklfsdkfjhwefjosdf.xyz kadosjdoaaf6.pw kadosjdoaf6.pw kadosjdoafa.pw kadosjdoiafa.pw kaosjdoaaf6.pw kaosutdoaaf.pw kaosutdoaaf6.pw kdguwoewpew.pw kdosjdoiafa.pw kduwouewpew.pw kipokahynr.top kipokahynr.xyz lidaskiheg.site lidaskiheg.space lindakiski.top lnet4-data.com maintrump.org mon-sta.com muabolksae.club muoklaiow.xyz nautorern.xyz net4-data.com okjauwbueiws.top okjauwbueiws.xyz oneuisopeweh.icu onueilsndsuywe.xyz sfjskdjfwoiewwegroup.tech thegiksjoute.online thenautorern.tech # Reference: https://www.virustotal.com/gui/file/baa1a65fc9c1e7e68cd39efd486275b306c5f25a440bc06f9c0adfbd7ede22b6/detection # Reference: https://app.any.run/tasks/5a323554-ea21-4a2d-a1d6-adff379b8ef9/ # Reference: https://twitter.com/Artilllerie/status/1168539710769303552 149.154.159.213:443 151.236.14.84:443 168.248.43.207:443 172.237.125.185:443 184.98.44.103:443 195.123.246.209:443 # Reference: https://twitter.com/ostinjohn/status/1169603418211737601 # Reference: https://app.any.run/tasks/5d945c76-26aa-45bb-8c6d-07cf2a635bdd/ 139.113.48.33:443 149.154.159.213:443 149.53.185.172:443 187.198.70.207:443 195.123.246.209:443 2.255.189.191:443 222.175.52.161:443 58.58.210.181:443 81.63.70.192:443 # Reference: https://twitter.com/JAMESWT_MHT/status/1174239640011845638 # Reference: https://app.any.run/tasks/63239269-d5a9-478c-8314-6d67cae2c786/ fepolomokmmas.xyz mustve.site seioooi.xyz # Reference: https://twitter.com/Mesiagh/status/1184533873545359360 bluewaters.space djeudnsj.xyz eroutks.co euiobol.xyz gontaseesl.website gontaseonar.site gontaseopa.site gontaseopa.website heuirnst.space heuirnst.website jeudnsjkd.xyz jeudnsju.xyz jeuisjr.xyz joskaejw.club loperatys.site loreteo.xyz loretoi.xyz ujaioep.site ujaioep.website # Reference: https://app.any.run/tasks/9c77ec66-4d42-48be-ae11-2c97a9d2e528/ avgsupport.info esetsupport.info # Reference: https://twitter.com/w3ndige/status/1189301539535556614 everythingtogeta.xyz # Reference: https://any.run/malware-trends/danabot (Note: as seen on 2019-12-04) qxq.ddns.net thuocnam.tk # Reference: https://twitter.com/VK_Intel/status/1020236244020867072 http://176.119.1.112 farzona.co /injj/777.php # Reference: https://twitter.com/0xFrost/status/1205187802629070853 # Reference: https://www.virustotal.com/gui/file/995378f5a47357f7dc2dab638263cf42ab67f800b82df29d23ab29bb985cd80d/detection digidimag.com # Reference: https://twitter.com/K_N1kolenko/status/1209733370013519872 145.249.107.168:443 145.249.107.201:443 145.249.107.78:443 199.247.16.30:443 209.250.243.55:443 luxurylive.org # Reference: https://twitter.com/Racco42/status/1217763274537754625 # Reference: https://twitter.com/Racco42/status/1217764284383596545 64.188.22.122:443 64.188.22.153:443 64.188.22.154:443 64.188.22.33:443 64.188.23.155:443 # Reference: https://www.virustotal.com/gui/ip-address/89.144.25.174/relations # Reference: https://www.virustotal.com/gui/file/d37ed2e77d73875a20605a198986b008eb8b4c8bcfb84783b7b0f329ec1a5384/detection 113.102.102.121:443 186.174.47.177:443 89.144.25.243:443 # Reference: https://twitter.com/K_N1kolenko/status/1237322223586852865 # Reference: https://pastebin.com/2HbabLQa formaulist.com # Reference: https://twitter.com/K_N1kolenko/status/1240553870633336833 # Reference: https://www.virustotal.com/gui/ip-address/195.123.225.167/relations digidonaud.com finburgers.com # Reference: https://twitter.com/K_N1kolenko/status/1209733370013519872 signin.luxurylive.org # Reference: https://twitter.com/casual_malware/status/1239687496692387841 # Reference: https://app.any.run/tasks/0473bb63-11bc-4b98-864d-df00082d60cb/ # Reference: https://twitter.com/malwrhunterteam/status/1239628249136758786 # Reference: https://urlhaus.abuse.ch/host/corona-virus-map.net/ corona-virus-map.net corona-map-data.com 202.195.34.6:443 /map1.jnlp /map.jar /mapdata.jar # Reference: https://twitter.com/luc4m/status/1245750938465378304 # Reference: https://app.any.run/tasks/0f31129d-a473-4cd7-92fa-1ea817950f9e/ 123.236.244.164:443 129.255.179.202:443 177.40.161.5:443 185.181.8.49:443 187.237.21.167:443 27.109.5.166:443 28.63.88.50:443 64.188.12.140:443 64.188.19.39:443 78.103.173.2:443 # Reference: https://twitter.com/w3ndige/status/1258128183527956487 # Reference: https://app.any.run/tasks/9448b002-1b67-48f5-beb7-f4ee357abb46/ 172.81.129.196:443 192.236.179.73:443 192.99.219.207:443 23.82.140.201:443 45.147.228.92:443 51.255.134.130:443 54.38.22.65:443 # Reference: https://www.virustotal.com/gui/file/adc20c4626d99f2a35d7d58043b9b57946b21485ece1356e223d0b661824d9de/detection sfsdfpizdatrtu.space # Reference: https://app.any.run/tasks/e54dcc1c-ff39-41e4-a164-15d15c94414b/ 2.56.213.39:443 5.61.56.192:443 5.61.58.130:443 # Reference: https://twitter.com/reecdeep/status/1261206870037008385 post-990094.at 172.81.129.196:443 192.236.179.73:443 192.99.219.207:443 23.82.140.201:443 45.147.228.92:443 51.255.134.130:443 54.38.22.65:443 # Reference: https://app.any.run/tasks/91d61bf3-e8a8-4df6-9c4f-ed087b0563e6/ post-990094.at # Reference: https://twitter.com/w3ndige/status/1262652047884779521 belayedd.at # Reference: https://app.any.run/tasks/93bccdd5-3204-4daf-aa30-26cf49722e45/ http://137.74.64.245 45.153.240.84:443 # Reference: https://app.any.run/tasks/3590ee62-eae7-4d2b-802c-2d02281ed82c/ 45.153.240.84:443 192.236.161.25:443 93.115.21.108:443 173.234.155.181:443 2.56.212.137:443 # Reference: https://urlscan.io/result/13a9e931-a88e-43ec-8744-ee00294a7d98/ # Reference: https://www.virustotal.com/gui/ip-address/47.90.210.107/relations impresscop.xyz # Reference: https://twitter.com/killamjr/status/1351893396726624256 # Reference: https://app.any.run/tasks/177367bc-5d4c-498b-b54f-332e0548e39f/ 47.254.174.158:1024