# Copyright (c) 2014-2022 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/bad_packets/status/1118612997620895744
# Reference: https://twitter.com/bad_packets/status/1116054197789544448
# Reference: https://www.virustotal.com/gui/file/16d7ca4e46d7f1ed7600f62164bae51e748efb64f7d49670514b58d4c84bddd6/detection

/timo.vm
/timo1.vm
/timo2.vm
/timo3.vm

# Reference: https://otx.alienvault.com/pulse/5cc3284bddf8a06c649d6336
# Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/aesddos-botnet-malware-exploits-cve-2019-3396-to-perform-remote-code-execution-ddos-attacks-and-cryptocurrency-mining/

23.224.59.34:48080

# Reference: https://www.symantec.com/security-center/writeup/2015-070812-0012-99

61.160.213.49:48080
183.60.149.199:48080

# Reference: https://twitter.com/P3pperP0tts/status/1148511098724933632
# Reference: https://www.hybrid-analysis.com/sample/c9d3ffab53ba686df1de7142f4bdb1f8115e1119b354a7c34434d02ef87751e7/
# Reference: https://www.virustotal.com/gui/file/c9d3ffab53ba686df1de7142f4bdb1f8115e1119b354a7c34434d02ef87751e7/detection

pptvv.3322.org

# Reference: https://www.kernelmode.info/forum/viewtopic.php?t=3483&start=30
# Reference: https://blog.0day.jp/2015/07/linuxaesddosarm.html

a1203.f3322.org
a.lq4444.com
yxs.f3322.org
104984629.f3322.org
1.93.11.200:80
1.93.19.203:6969
1.93.19.203:7878
104.194.25.172:36114
104.194.25.172:48080
104.194.25.180:36114
104.194.25.180:48080
115.231.219.147:48080
116.255.162.80:37943
116.255.162.80:48080
119.147.145.213:8019
119.147.145.215:4134
119.147.145.215:48080
121.41.74.174:8000
123.249.29.244:11024
124.173.118.167:4134
180.97.215.111:8080
183.60.149.208:48080
183.60.202.224:991
210.92.18.118:2342
210.92.18.118:7523
218.244.148.150:37963
222.186.34.123:1285
222.186.34.152:23650
222.186.34.152:48080
222.186.34.152:8998
222.186.34.220:2016
222.211.86.205:38283
222.211.86.205:48080
38.72.114.63:28052
58.221.60.138:50000
59.56.110.233:48080
59.56.110.233:8081
61.139.5.22:63692
61.160.213.58:1302
61.160.213.58:1774
61.160.213.58:1799
61.160.213.58:2120
61.160.213.58:2180
61.160.213.58:2523
61.160.213.58:3388
61.160.213.58:3623
61.160.213.58:4182
61.160.213.58:4889
61.160.213.58:4985
61.160.213.58:9999

# Reference: https://twitter.com/bad_packets/status/1231465511914897408

122.114.57.92:8888

# Reference: https://www.virustotal.com/gui/file/d98be2d50924f341d57a02ebcd2a9742bdf8662190def32742ceefd1c2c00c99/detection

119.10.151.120:48080

# Reference: https://threatfox.abuse.ch/browse/tag/log4j/

49.0.248.230:2017

# Reference: https://blog.netlab.360.com/public-cloud-threat-intelligence-202203/
# Reference: https://otx.alienvault.com/pulse/625e6af73b7b0982c6920d17

http://51.81.133.90
14.1.98.226:8880
/ff.elf
/NWWW.6
/qweasd

# Reference: https://www.virustotal.com/gui/file/e6d98f12ad2177571076e261e2bedce0f1dc9685f3fbb42bbafe386a784c1501/detection
# Reference: https://www.virustotal.com/gui/file/e6f2b4f3dd706a54c02c950a0a5ecc271e9d4f24c077be9b655df1161e10b902/detection

103.126.100.13:10210