# Copyright (c) 2014-2023 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Aliases: kaiten, tsunami # Reference: https://www.virustotal.com/gui/file/ca42237354f76bd8aebb97635887c286cddc8d3b6cca2581fa228acf335b3a8c/detection 111.230.241.23:2407 46.149.233.35:2407 # Reference: https://www.virustotal.com/gui/file/29f6d8954e676d9260e308a1bc756edb1063cfa72fd6bfedd5f4fb10ba162043/detection 185.61.149.22:2407 # Reference: https://www.virustotal.com/gui/file/c474957d40c9ed89392bdde1b787455ab31a9df891a4c74fab2bf98b39f2c846/detection 145.239.93.125:9090 46.149.233.35:9090 # Reference: https://www.virustotal.com/gui/file/1a4e0aa435da8d3c79e7dbd80b0eefe4e555cce41fab475f7f7859a293f86c0b/detection 147.135.210.184:9090 216.58.203.46:9090 # Reference: https://www.virustotal.com/gui/file/4284f64189359326e4bbbeb329aee11e0db96824d5fae1de96a95ad4949ffedf/detection 153.92.210.165:2407 # Reference: https://www.virustotal.com/gui/file/903ebfde5701b26c60656ee466fee31633448c37188d18318db9d2c7bfded076/detection 51.68.124.148:2407 # Reference: https://www.virustotal.com/gui/file/eb2433bf487a405b631464430f9ba5f02d95f7d63a59dd288a3db9d2d0611373/detection 176.58.123.223:2407 # Reference: https://www.virustotal.com/gui/file/13bcf15acbf45759342cd62e2e112dd0c46acf9a14af7784dda17f5ee6fc749b/detection 107.191.110.201:2407 # Reference: https://www.virustotal.com/gui/file/283a67dd7536db0e316282d437c2917c336d97045ce867df2d326e588f5922c0/detection 176.10.127.126:2407 # Reference: https://www.virustotal.com/gui/file/8dcdccf9fcb42c1f6c191ced0347711297c88efc51518ea1ab29bbda001661a4/detection 68.66.253.100:2407 # Reference: https://twitter.com/MalwarePatrol/status/1334346751805939718 bash.givemexyz.in # Reference: https://twitter.com/r3dbU7z/status/1341404311771881478 small.anondns.net # Reference: https://www.virustotal.com/gui/file/94224bbc8f9a24bf162cc9635a07a3863dfa46d234c96ccf37162b9ffbbe3e29/detection 46.29.163.28:6667 # Reference: https://www.lacework.com/8220-gangs-recent-use-of-custom-miner-and-botnet/ # Reference: https://otx.alienvault.com/pulse/60a81875fa39fe6dbbe6f7d1 givemexyz.in givemexyz.xyz pwndns.pw thegov.win winscp.top # Reference: https://www.virustotal.com/gui/file/b8dcadd2affaa6c9ea5629958ccb8e4c19a5c412dd3fb83cfd210dc079359196/detection 185.130.104.131:443 # Reference: https://www.virustotal.com/gui/file/137b3b10a347a78a8ce0c167befd35a187e2923ae3c782e0b69102cd5069fcbb/detection # Reference: https://www.virustotal.com/gui/file/0c2d6843d5c00616cd4823b71206c8efcdc43b09a0f0682e3200e9822343f979/detection derpcity.ru exposedbotnets.ru fflyy.su wired.kei.su wireless.kei.su # Reference: https://twitter.com/abuse_ch/status/1473561613634609153 144.172.71.180:8080 # Reference: https://tria.ge/211223-mgh7zsacfq/behavioral1 156.67.220.165:8080 198.8.91.14:8080 45.132.241.68:8080 # Reference: https://threatfox.abuse.ch/browse/tag/log4j/ 91.200.103.249:8080 l33t-ppl.info # Reference: https://www.sentinelone.com/blog/from-the-front-lines-8220-gang-massively-expands-cloud-botnet-to-30000-infected-hosts/ # Reference: https://otx.alienvault.com/pulse/62d67a7459b9250ab5c7cc96 bashgo.pw letmaker.top onlypirate.top oracleservice.top a.oracleservice.top b.oracleservice.top jira.letmaker.top jira.onlypirate.top pwn.letmaker.top pwn.onlypirate.top pwn.oracleservice.top # Reference: https://twitter.com/r3dbU7z/status/1569694183723601922 # Reference: https://elfdigest.com/brief/8a04585157033b86cb2c104f441d236bc3255b46127355f8342b75ab40eb3e35 # Reference: https://www.virustotal.com/gui/file/c79afea44f153d74b5019e90fa7728b00dcb6ab6abd4649fd474d3a883fa96ad/detection 93.95.229.203:8080 lesliejust.is whatwill.be irc.whatwill.be # Reference: https://www.virustotal.com/gui/file/0013b356966c3d693b253cdf00c7fdf698890c9b75605be07128cac446904ad9/detection c4k-ircd.pwndns.pw # Reference: https://www.virustotal.com/gui/file/7d82f5f3e1dd21e9cf32fc39caa9d07f85830e48d1961727193fdcea7354cffa/detection 213.171.212.254:4443 koro.root.sx # Reference: https://www.virustotal.com/gui/file/19ab31fa87af2250e61ca847252de21bb966b29aad477eea6c7046b210545e54/detection dump.giraffe.su # Reference: https://unit42.paloaltonetworks.com/gobruteforcer-golang-botnet/ # Reference: https://otx.alienvault.com/pulse/640ff035d461c89f3f2c4472 # Reference: https://www.virustotal.com/gui/file/426b573363277554c7c8a04da524ddbf57c5ff570ea23017bdc25d0c7fd80218/detection http://5.253.84.159 fi.warmachine.su # Reference: https://www.virustotal.com/gui/file/4f363c0a8685134c06355fbe7a92b56423a2e50d687bfad72cf2650a5fbc1b7c/detection hsbc-irc.pwndns.pw # Reference: https://elfdigest.com/brief/fac919fc38c456cd30216a6d190fc258049ceb9ede4cefcc60f666d66178f641 96.49.241.146:6667 irc.byroe.org li1094-151.members.linode.com # Reference: https://elfdigest.com/brief/03318a0061d4ee846a5fffd3d613f228dfced98b8be589d40842724e047de1f6 121.130.2.180:6667