# Copyright (c) 2014-2022 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Reference: https://twitter.com/bad_packets/status/1118612997620895744 # Reference: https://twitter.com/bad_packets/status/1116054197789544448 # Reference: https://www.virustotal.com/gui/file/16d7ca4e46d7f1ed7600f62164bae51e748efb64f7d49670514b58d4c84bddd6/detection /timo.vm /timo1.vm /timo2.vm /timo3.vm # Reference: https://otx.alienvault.com/pulse/5cc3284bddf8a06c649d6336 # Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/aesddos-botnet-malware-exploits-cve-2019-3396-to-perform-remote-code-execution-ddos-attacks-and-cryptocurrency-mining/ 23.224.59.34:48080 # Reference: https://www.symantec.com/security-center/writeup/2015-070812-0012-99 61.160.213.49:48080 183.60.149.199:48080 # Reference: https://twitter.com/P3pperP0tts/status/1148511098724933632 # Reference: https://www.hybrid-analysis.com/sample/c9d3ffab53ba686df1de7142f4bdb1f8115e1119b354a7c34434d02ef87751e7/ # Reference: https://www.virustotal.com/gui/file/c9d3ffab53ba686df1de7142f4bdb1f8115e1119b354a7c34434d02ef87751e7/detection pptvv.3322.org # Reference: https://www.kernelmode.info/forum/viewtopic.php?t=3483&start=30 # Reference: https://blog.0day.jp/2015/07/linuxaesddosarm.html a1203.f3322.org a.lq4444.com yxs.f3322.org 104984629.f3322.org 1.93.11.200:80 1.93.19.203:6969 1.93.19.203:7878 104.194.25.172:36114 104.194.25.172:48080 104.194.25.180:36114 104.194.25.180:48080 115.231.219.147:48080 116.255.162.80:37943 116.255.162.80:48080 119.147.145.213:8019 119.147.145.215:4134 119.147.145.215:48080 121.41.74.174:8000 123.249.29.244:11024 124.173.118.167:4134 180.97.215.111:8080 183.60.149.208:48080 183.60.202.224:991 210.92.18.118:2342 210.92.18.118:7523 218.244.148.150:37963 222.186.34.123:1285 222.186.34.152:23650 222.186.34.152:48080 222.186.34.152:8998 222.186.34.220:2016 222.211.86.205:38283 222.211.86.205:48080 38.72.114.63:28052 58.221.60.138:50000 59.56.110.233:48080 59.56.110.233:8081 61.139.5.22:63692 61.160.213.58:1302 61.160.213.58:1774 61.160.213.58:1799 61.160.213.58:2120 61.160.213.58:2180 61.160.213.58:2523 61.160.213.58:3388 61.160.213.58:3623 61.160.213.58:4182 61.160.213.58:4889 61.160.213.58:4985 61.160.213.58:9999 # Reference: https://twitter.com/bad_packets/status/1231465511914897408 122.114.57.92:8888 # Reference: https://www.virustotal.com/gui/file/d98be2d50924f341d57a02ebcd2a9742bdf8662190def32742ceefd1c2c00c99/detection 119.10.151.120:48080 # Reference: https://threatfox.abuse.ch/browse/tag/log4j/ 49.0.248.230:2017 # Reference: https://blog.netlab.360.com/public-cloud-threat-intelligence-202203/ # Reference: https://otx.alienvault.com/pulse/625e6af73b7b0982c6920d17 http://51.81.133.90 14.1.98.226:8880 /ff.elf /NWWW.6 /qweasd # Reference: https://www.virustotal.com/gui/file/e6d98f12ad2177571076e261e2bedce0f1dc9685f3fbb42bbafe386a784c1501/detection # Reference: https://www.virustotal.com/gui/file/e6f2b4f3dd706a54c02c950a0a5ecc271e9d4f24c077be9b655df1161e10b902/detection 103.126.100.13:10210