# Copyright (c) 2014-2019 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Reference: https://twitter.com/MaelSecurity/status/1039752010713718785 endbars.co readact.co # Reference: https://twitter.com/K_N1kolenko/status/1109030275395342336 # Reference: https://twitter.com/PhishFindR/status/1184743844962803712 kaosjdoaaf6.pw kadosjdoafa.pw kadosjdoaaf6.pw hostyourhe.xyz offerswides.xyz /fk/f2.php /hc/f2.php # Reference: https://twitter.com/0x1xday/status/1115541156434202624 deluxemattress.ca # Reference: https://twitter.com/K_N1kolenko/status/1098500517272137728 hegorevent.online /googleads # Reference: https://twitter.com/K_N1kolenko/status/1097488279279226881 businesmol.pw hegorevent.club # Reference: https://twitter.com/K_N1kolenko/status/1095997980614770688 unilear.pw 236.16.27.121:443 158.95.73.22:443 185.92.222.238:443 212.11.167.110:443 242.5.247.180:443 64.34.94.27:443 134.90.213.11:443 72.125.213.163:443 237.236.131.48:443 192.71.249.51:443 # Reference: https://twitter.com/malware_traffic/status/1119331956217585664 business4good.eu # Reference: https://twitter.com/devnullek/status/1097871459752599552 driverssoftware.info messagesupport.info softwaresearch.info traderssoftware.info # Reference: https://twitter.com/James_inthe_box/status/1122156673299173377 frezyderm-orders.gr/sites/all/notused/not/ponto.php # Reference: https://twitter.com/devnullek/status/1123208253566005248 # Reference: https://app.any.run/tasks/a86516d1-07c3-4417-b4ad-bd8ce026acee piosnoksld.info zaratoons.info 212.73.150.207:443 # Reference: https://twitter.com/0xE9FBFFFFFF/status/1140946344137416704 fiuiert.xyz lulipcxulci.info statusnim.info # Reference: https://otx.alienvault.com/pulse/5d0b9cbf63180da44379580a # Reference: https://research.checkpoint.com/danabot-demands-a-ransom-payment/ braksiolsa.top brekwinarew.site brukaisloap.club brukiloapos.xyz bruksialopws.icu goskilindad.site gousikolka.space guksuoiew.top gustemiaksa.icu gustokiloe.xyz jklfsdkfjhwefjosdf.top jklfsdkfjhwefjosdf.xyz kadosjdoaaf6.pw kadosjdoaf6.pw kadosjdoafa.pw kadosjdoiafa.pw kaosjdoaaf6.pw kaosutdoaaf.pw kaosutdoaaf6.pw kdguwoewpew.pw kdosjdoiafa.pw kduwouewpew.pw kipokahynr.top kipokahynr.xyz lidaskiheg.site lidaskiheg.space lindakiski.top lnet4-data.com mon-sta.com muabolksae.club muoklaiow.xyz nautorern.xyz net4-data.com okjauwbueiws.top okjauwbueiws.xyz oneuisopeweh.icu onueilsndsuywe.xyz sfjskdjfwoiewwegroup.tech thegiksjoute.online thenautorern.tech # Reference: https://twitter.com/Bank_Security/status/1146296727349157888 # Reference: https://pastebin.com/QyYHnKMH derikaosos.info sinoposdssf.info statusnim.info tefidnsops.info # Reference: https://twitter.com/w3ndige/status/1164148967413878788 # Reference: https://app.any.run/tasks/5b6c027d-dc71-4d67-9dff-9343e8095969/ http://74.118.138.146 109.202.103.170:8733 213.152.161.229:8733 114.26.195.117:443 146.229.67.12:443 154.94.158.126:443 5.188.86.20:443 66.165.187.11:443 gazgrsrto.xyz # Reference: https://research.checkpoint.com/danabot-demands-a-ransom-payment/ encrypter.webfoxsecurity.com braksiolsa.top brekwinarew.site brukaisloap.club brukiloapos.xyz bruksialopws.icu goskilindad.site gousikolka.space guksuoiew.top gustemiaksa.icu gustokiloe.xyz jklfsdkfjhwefjosdf.top jklfsdkfjhwefjosdf.xyz kadosjdoaaf6.pw kadosjdoaf6.pw kadosjdoafa.pw kadosjdoiafa.pw kaosjdoaaf6.pw kaosutdoaaf.pw kaosutdoaaf6.pw kdguwoewpew.pw kdosjdoiafa.pw kduwouewpew.pw kipokahynr.top kipokahynr.xyz lidaskiheg.site lidaskiheg.space lindakiski.top lnet4-data.com maintrump.org mon-sta.com muabolksae.club muoklaiow.xyz nautorern.xyz net4-data.com okjauwbueiws.top okjauwbueiws.xyz oneuisopeweh.icu onueilsndsuywe.xyz sfjskdjfwoiewwegroup.tech thegiksjoute.online thenautorern.tech # Reference: https://www.virustotal.com/gui/file/baa1a65fc9c1e7e68cd39efd486275b306c5f25a440bc06f9c0adfbd7ede22b6/detection # Reference: https://app.any.run/tasks/5a323554-ea21-4a2d-a1d6-adff379b8ef9/ # Reference: https://twitter.com/Artilllerie/status/1168539710769303552 149.154.159.213:443 151.236.14.84:443 168.248.43.207:443 172.237.125.185:443 184.98.44.103:443 195.123.246.209:443 23.47.206.127 # Reference: https://twitter.com/ostinjohn/status/1169603418211737601 # Reference: https://app.any.run/tasks/5d945c76-26aa-45bb-8c6d-07cf2a635bdd/ 139.113.48.33:443 149.154.159.213:443 149.53.185.172:443 187.198.70.207:443 195.123.246.209:443 2.255.189.191:443 222.175.52.161:443 58.58.210.181:443 81.63.70.192:443 # Reference: https://twitter.com/JAMESWT_MHT/status/1174239640011845638 # Reference: https://app.any.run/tasks/63239269-d5a9-478c-8314-6d67cae2c786/ fepolomokmmas.xyz mustve.site seioooi.xyz # Reference: https://twitter.com/Mesiagh/status/1184533873545359360 bluewaters.space djeudnsj.xyz eroutks.co euiobol.xyz gontaseesl.website gontaseonar.site gontaseopa.site gontaseopa.website heuirnst.space heuirnst.website jeudnsjkd.xyz jeudnsju.xyz jeuisjr.xyz joskaejw.club loperatys.site loreteo.xyz loretoi.xyz ujaioep.site ujaioep.website # Reference: https://app.any.run/tasks/9c77ec66-4d42-48be-ae11-2c97a9d2e528/ avgsupport.info esetsupport.info # Reference: https://twitter.com/w3ndige/status/1189301539535556614 everythingtogeta.xyz # Reference: https://any.run/malware-trends/danabot (Note: as seen on 2019-12-04) qxq.ddns.net thuocnam.tk