# Copyright (c) 2014-2023 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Reference: https://twitter.com/MaelSecurity/status/1039752010713718785 endbars.co readact.co # Reference: https://twitter.com/K_N1kolenko/status/1109030275395342336 # Reference: https://twitter.com/PhishFindR/status/1184743844962803712 kaosjdoaaf6.pw kadosjdoafa.pw kadosjdoaaf6.pw hostyourhe.xyz offerswides.xyz /fk/f2.php /hc/f2.php # Reference: https://twitter.com/0x1xday/status/1115541156434202624 deluxemattress.ca # Reference: https://twitter.com/K_N1kolenko/status/1098500517272137728 cba.demdex.uk.com hegorevent.online /googleads # Reference: https://twitter.com/K_N1kolenko/status/1097488279279226881 businesmol.pw hegorevent.club # Reference: https://twitter.com/K_N1kolenko/status/1095997980614770688 unilear.pw 236.16.27.121:443 158.95.73.22:443 185.92.222.238:443 212.11.167.110:443 242.5.247.180:443 64.34.94.27:443 134.90.213.11:443 72.125.213.163:443 237.236.131.48:443 192.71.249.51:443 # Reference: https://twitter.com/malware_traffic/status/1119331956217585664 business4good.eu # Reference: https://twitter.com/devnullek/status/1097871459752599552 driverssoftware.info messagesupport.info softwaresearch.info traderssoftware.info # Reference: https://twitter.com/James_inthe_box/status/1122156673299173377 frezyderm-orders.gr/sites/all/notused/not/ponto.php # Reference: https://twitter.com/devnullek/status/1123208253566005248 # Reference: https://app.any.run/tasks/a86516d1-07c3-4417-b4ad-bd8ce026acee piosnoksld.info zaratoons.info 212.73.150.207:443 # Reference: https://twitter.com/0xE9FBFFFFFF/status/1140946344137416704 fiuiert.xyz lulipcxulci.info statusnim.info # Reference: https://otx.alienvault.com/pulse/5d0b9cbf63180da44379580a # Reference: https://research.checkpoint.com/danabot-demands-a-ransom-payment/ braksiolsa.top brekwinarew.site brukaisloap.club brukiloapos.xyz bruksialopws.icu goskilindad.site gousikolka.space guksuoiew.top gustemiaksa.icu gustokiloe.xyz jklfsdkfjhwefjosdf.top jklfsdkfjhwefjosdf.xyz kadosjdoaaf6.pw kadosjdoaf6.pw kadosjdoafa.pw kadosjdoiafa.pw kaosjdoaaf6.pw kaosutdoaaf.pw kaosutdoaaf6.pw kdguwoewpew.pw kdosjdoiafa.pw kduwouewpew.pw kipokahynr.top kipokahynr.xyz lidaskiheg.site lidaskiheg.space lindakiski.top lnet4-data.com mon-sta.com muabolksae.club muoklaiow.xyz nautorern.xyz net4-data.com okjauwbueiws.top okjauwbueiws.xyz oneuisopeweh.icu onueilsndsuywe.xyz sfjskdjfwoiewwegroup.tech thegiksjoute.online thenautorern.tech # Reference: https://twitter.com/Bank_Security/status/1146296727349157888 # Reference: https://pastebin.com/QyYHnKMH derikaosos.info sinoposdssf.info statusnim.info tefidnsops.info # Reference: https://twitter.com/w3ndige/status/1164148967413878788 # Reference: https://app.any.run/tasks/5b6c027d-dc71-4d67-9dff-9343e8095969/ http://74.118.138.146 109.202.103.170:8733 213.152.161.229:8733 114.26.195.117:443 146.229.67.12:443 154.94.158.126:443 5.188.86.20:443 66.165.187.11:443 gazgrsrto.xyz # Reference: https://research.checkpoint.com/danabot-demands-a-ransom-payment/ encrypter.webfoxsecurity.com braksiolsa.top brekwinarew.site brukaisloap.club brukiloapos.xyz bruksialopws.icu goskilindad.site gousikolka.space guksuoiew.top gustemiaksa.icu gustokiloe.xyz jklfsdkfjhwefjosdf.top jklfsdkfjhwefjosdf.xyz kadosjdoaaf6.pw kadosjdoaf6.pw kadosjdoafa.pw kadosjdoiafa.pw kaosjdoaaf6.pw kaosutdoaaf.pw kaosutdoaaf6.pw kdguwoewpew.pw kdosjdoiafa.pw kduwouewpew.pw kipokahynr.top kipokahynr.xyz lidaskiheg.site lidaskiheg.space lindakiski.top lnet4-data.com maintrump.org mon-sta.com muabolksae.club muoklaiow.xyz nautorern.xyz net4-data.com okjauwbueiws.top okjauwbueiws.xyz oneuisopeweh.icu onueilsndsuywe.xyz sfjskdjfwoiewwegroup.tech thegiksjoute.online thenautorern.tech # Reference: https://www.virustotal.com/gui/file/baa1a65fc9c1e7e68cd39efd486275b306c5f25a440bc06f9c0adfbd7ede22b6/detection # Reference: https://app.any.run/tasks/5a323554-ea21-4a2d-a1d6-adff379b8ef9/ # Reference: https://twitter.com/Artilllerie/status/1168539710769303552 149.154.159.213:443 151.236.14.84:443 168.248.43.207:443 172.237.125.185:443 184.98.44.103:443 195.123.246.209:443 # Reference: https://twitter.com/ostinjohn/status/1169603418211737601 # Reference: https://app.any.run/tasks/5d945c76-26aa-45bb-8c6d-07cf2a635bdd/ 139.113.48.33:443 149.154.159.213:443 149.53.185.172:443 187.198.70.207:443 195.123.246.209:443 2.255.189.191:443 222.175.52.161:443 58.58.210.181:443 81.63.70.192:443 # Reference: https://twitter.com/JAMESWT_MHT/status/1174239640011845638 # Reference: https://app.any.run/tasks/63239269-d5a9-478c-8314-6d67cae2c786/ fepolomokmmas.xyz mustve.site seioooi.xyz # Reference: https://twitter.com/Mesiagh/status/1184533873545359360 bluewaters.space djeudnsj.xyz eroutks.co euiobol.xyz gontaseesl.website gontaseonar.site gontaseopa.site gontaseopa.website heuirnst.space heuirnst.website jeudnsjkd.xyz jeudnsju.xyz jeuisjr.xyz joskaejw.club loperatys.site loreteo.xyz loretoi.xyz ujaioep.site ujaioep.website # Reference: https://app.any.run/tasks/9c77ec66-4d42-48be-ae11-2c97a9d2e528/ avgsupport.info esetsupport.info # Reference: https://twitter.com/w3ndige/status/1189301539535556614 everythingtogeta.xyz # Reference: https://any.run/malware-trends/danabot (Note: as seen on 2019-12-04) qxq.ddns.net thuocnam.tk # Reference: https://twitter.com/VK_Intel/status/1020236244020867072 http://176.119.1.112 farzona.co /injj/777.php # Reference: https://twitter.com/0xFrost/status/1205187802629070853 # Reference: https://www.virustotal.com/gui/file/995378f5a47357f7dc2dab638263cf42ab67f800b82df29d23ab29bb985cd80d/detection digidimag.com # Reference: https://twitter.com/K_N1kolenko/status/1209733370013519872 145.249.107.168:443 145.249.107.201:443 145.249.107.78:443 199.247.16.30:443 209.250.243.55:443 luxurylive.org # Reference: https://twitter.com/Racco42/status/1217763274537754625 # Reference: https://twitter.com/Racco42/status/1217764284383596545 64.188.22.122:443 64.188.22.153:443 64.188.22.154:443 64.188.22.33:443 64.188.23.155:443 # Reference: https://www.virustotal.com/gui/ip-address/89.144.25.174/relations # Reference: https://www.virustotal.com/gui/file/d37ed2e77d73875a20605a198986b008eb8b4c8bcfb84783b7b0f329ec1a5384/detection 113.102.102.121:443 186.174.47.177:443 89.144.25.243:443 # Reference: https://twitter.com/K_N1kolenko/status/1237322223586852865 # Reference: https://pastebin.com/2HbabLQa formaulist.com # Reference: https://twitter.com/K_N1kolenko/status/1240553870633336833 # Reference: https://www.virustotal.com/gui/ip-address/195.123.225.167/relations digidonaud.com finburgers.com # Reference: https://twitter.com/K_N1kolenko/status/1209733370013519872 signin.luxurylive.org # Reference: https://twitter.com/casual_malware/status/1239687496692387841 # Reference: https://app.any.run/tasks/0473bb63-11bc-4b98-864d-df00082d60cb/ # Reference: https://twitter.com/malwrhunterteam/status/1239628249136758786 # Reference: https://urlhaus.abuse.ch/host/corona-virus-map.net/ corona-virus-map.net corona-map-data.com 202.195.34.6:443 /map1.jnlp /map.jar /mapdata.jar # Reference: https://twitter.com/luc4m/status/1245750938465378304 # Reference: https://app.any.run/tasks/0f31129d-a473-4cd7-92fa-1ea817950f9e/ 123.236.244.164:443 129.255.179.202:443 177.40.161.5:443 185.181.8.49:443 187.237.21.167:443 27.109.5.166:443 28.63.88.50:443 64.188.12.140:443 64.188.19.39:443 78.103.173.2:443 # Reference: https://twitter.com/w3ndige/status/1258128183527956487 # Reference: https://app.any.run/tasks/9448b002-1b67-48f5-beb7-f4ee357abb46/ 172.81.129.196:443 192.236.179.73:443 192.99.219.207:443 23.82.140.201:443 45.147.228.92:443 51.255.134.130:443 54.38.22.65:443 # Reference: https://www.virustotal.com/gui/file/adc20c4626d99f2a35d7d58043b9b57946b21485ece1356e223d0b661824d9de/detection sfsdfpizdatrtu.space # Reference: https://app.any.run/tasks/e54dcc1c-ff39-41e4-a164-15d15c94414b/ 2.56.213.39:443 5.61.56.192:443 5.61.58.130:443 # Reference: https://twitter.com/reecdeep/status/1261206870037008385 post-990094.at 172.81.129.196:443 192.236.179.73:443 192.99.219.207:443 23.82.140.201:443 45.147.228.92:443 51.255.134.130:443 54.38.22.65:443 # Reference: https://app.any.run/tasks/91d61bf3-e8a8-4df6-9c4f-ed087b0563e6/ post-990094.at # Reference: https://twitter.com/w3ndige/status/1262652047884779521 belayedd.at # Reference: https://app.any.run/tasks/93bccdd5-3204-4daf-aa30-26cf49722e45/ http://137.74.64.245 45.153.240.84:443 # Reference: https://app.any.run/tasks/3590ee62-eae7-4d2b-802c-2d02281ed82c/ 45.153.240.84:443 192.236.161.25:443 93.115.21.108:443 173.234.155.181:443 2.56.212.137:443 # Reference: https://urlscan.io/result/13a9e931-a88e-43ec-8744-ee00294a7d98/ # Reference: https://www.virustotal.com/gui/ip-address/47.90.210.107/relations impresscop.xyz # Reference: https://twitter.com/killamjr/status/1351893396726624256 # Reference: https://app.any.run/tasks/177367bc-5d4c-498b-b54f-332e0548e39f/ 47.254.174.158:1024 # Reference: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot # Reference: https://otx.alienvault.com/pulse/60108cc47e31884e434c0258 # Reference: https://www.virustotal.com/gui/file/c0eb802f394e758da4feb0d6c3b817bf1f64880ab9bc851937d5ef774161585d/detection 104.144.64.163:443 108.62.141.152:443 # Reference: https://twitter.com/wwp96/status/1365401963974828033 # Reference: https://twitter.com/wwp96/status/1365402205432541189 # Reference: https://app.any.run/tasks/aefe1a14-684e-4dae-bacf-52876bd4f630/ 192.161.48.5:443 arizonacruz.com # Reference: https://www.virustotal.com/gui/file/36f82bc3bcd30f18bb210cd10881cfe13e9a22e06e26930828bb6c8a951bfafe/detection # Reference: https://tria.ge/210211-8wd7dd262x 104.168.156.222:443 134.119.186.199:443 172.93.201.39:443 192.236.192.241:443 # Reference: https://www.virustotal.com/gui/ip-address/34.90.236.200/relations # Reference: https://www.virustotal.com/gui/ip-address/8.208.88.231/relations breasuala32.top breasuala57.top breasuala63.top breasualb24.top breasualb27.top breasualc17.top breasuald52.top breasuald74.top breasuale31.top breasualf37.top breasualf62.top breasualf64.top breasualg54.top breasualg72.top breasuali12.top breasuali45.top breasuall73.top breasualm44.top breasualn34.top breasualp22.top breasualq11.top breasualr41.top breasuals42.top breasualt15.top breasualt47.top breasualt51.top breasualu35.top breasualu67.top breasualu71.top breasualv14.top breasualw21.top breasualx77.top breasualy25.top breasualy61.top cotraresa09.top cotraresd11.top cotraresf12.top cotraresi07.top cotraresm01.top cotraresp08.top cotraresq02.top cotraresr04.top cotraress10.top cotrarest05.top cotraresu06.top cotraresw03.top eressedb36.top ewsjasea09.top ewsjasei07.top ewsjasep08.top ewsjases10.top fhjweheed74.top fhjweheee75.top fhjweheef62.top fhjweheef64.top fhjweheeg72.top fhjweheeh13.top fhjweheej23.top fhjweheek33.top fhjweheel43.top fhjweheeu67.top fhjweheeu71.top fhjweheew65.top fhjweheex77.top fhjweheey61.top lorearsb24.top lorearsi12.top lorearsp22.top lorearsq11.top lorearst15.top lorearsv14.top lorearsy25.top luspaserg13.xyz luspaserh14.xyz luspaserj15.xyz morfagrtem01.top morteisati07.top morteisatm01.top morteisatq02.top morteisatr04.top morteisatt05.top morteisatu06.top morteisatw03.top morteqabi07.top morteqabu06.top petroscm01.top petroscq02.top petroscw03.top seetsaysaw03.top # Reference: https://www.virustotal.com/gui/file/67f34083ebd237d33065f1f31f1cf09d9b6a051b97bc7db08d5237139f081e80/detection torinboo.com # Reference: https://tria.ge/210412-tsf6alc8ka 192.3.26.107:443 23.106.123.141:443 23.106.123.185:443 23.81.246.201:443 # Reference: https://twitter.com/ESETresearch/status/1420734522581295106 # Reference: https://twitter.com/ESETresearch/status/1420734529468256261 142.11.206.50:443 142.11.244.124:443 152.89.247.31:443 173.254.204.95:443 192.52.166.169:443 192.52.166.92:443 192.52.167.44:443 192.52.167.45:443 23.254.201.233:443 37.220.31.27:443 45.146.164.24:443 coinsupport.ml # Reference: https://twitter.com/MBThreatIntel/status/1425952093936947205 bonusesfound.ml # Reference: https://twitter.com/ffforward/status/1461417895129501701 34.125.68.94:443 34.129.21.53:443 34.72.122.178:443 kittencloud.top parrotcloud.top rabbitcloud.top turtlecloud.top puppycloud.top # Reference: https://twitter.com/1ZRR4H/status/1456355831470071809 185.106.123.228:443 185.117.90.36:443 192.119.110.73:443 192.236.192.201:443 192.236.147.206:443 193.42.36.59:443 193.56.146.53:443 citationsherbe.at pastorcryptograph.at /3/sdd.dll # Reference: https://tria.ge/220106-qkhmeabcd2 142.11.244.223:443 192.119.110.4:443 192.236.194.72:443 # Reference: https://www.virustotal.com/gui/file/03cb517c97a50b60f46329dedde33f7580062db8531fbceb159928d573490b26/detection 185.45.193.50:443 193.34.166.247:443 92.204.160.54:443 # Reference: https://www.virustotal.com/gui/file/08a5e977a2e5b6041adcc87e2ee4bf6858da93b39ce0abe498dbf24e122c991d/detection 185.238.168.174:443 185.238.168.83:443 2.56.213.39:443 5.61.58.130:443 93.115.20.183:443 93.115.20.189:443 # Reference: https://twitter.com/th3_protoCOL/status/1503731559718797312 cyst.online goldfishcloud.top mousecloud.top qmap.club moneyunclaimed.net unclaimed2.com unclaimedfinders.com unclaimedexperts.com unclaimedhq.com # Reference: https://twitter.com/Abjuri5t/status/1521352577677512712 192.236.147.212:443 192.236.154.150:443 192.236.160.249:443 192.236.176.108:443 # Reference: https://tria.ge/210101-gnf7dwq5wx 104.144.64.163:443 108.62.141.152:443 23.106.123.249:443 23.226.132.92:443 # Reference: https://tria.ge/201203-p9cfx4whpa 104.227.34.227:443 23.254.118.230:443 23.254.215.116:443 51.195.73.129:443 # Reference: https://twitter.com/abuse_ch/status/1545677016665673728 # Reference: https://bazaar.abuse.ch/sample/68027593e9c91fe4f0e1412ed861dcd1d70b4bf1e101d907fd32d58fa95d3c04/ 26.18.10.2:5662 58.50.42.34:13886 60.52.44.36:14400 aquaprodive.com/images/main/index.php # Reference: https://tria.ge/220709-jnnt9sfee9 139.60.163.160:443 139.60.163.37:443 5.39.222.5:443 5.39.222.7:443 # Reference: https://tria.ge/220716-we61psebel 142.44.224.16:443 192.236.146.203:443 192.3.26.107:443 193.34.167.88:443 # Reference: https://tria.ge/220728-v24y7aachk/behavioral1 aktualizieren-wolke.de # Reference: https://www.virustotal.com/gui/file/3d9270024568518b9ff1f4ce9759338a3ac7b3ee8829256285e1e9b6334d39b8/detection # Reference: https://www.virustotal.com/gui/file/ae6388c4444a409c22290c69b36fc683ca22945b92adbefe6413553136be4304/detection 139.60.163.159:443 139.60.163.160:443 139.60.163.161:443 139.60.163.37:443