# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Aliases: kaiten, tsunami # Reference: https://www.virustotal.com/gui/file/ca42237354f76bd8aebb97635887c286cddc8d3b6cca2581fa228acf335b3a8c/detection 111.230.241.23:2407 46.149.233.35:2407 # Reference: https://www.virustotal.com/gui/file/29f6d8954e676d9260e308a1bc756edb1063cfa72fd6bfedd5f4fb10ba162043/detection 185.61.149.22:2407 # Reference: https://www.virustotal.com/gui/file/c474957d40c9ed89392bdde1b787455ab31a9df891a4c74fab2bf98b39f2c846/detection 145.239.93.125:9090 46.149.233.35:9090 # Reference: https://www.virustotal.com/gui/file/1a4e0aa435da8d3c79e7dbd80b0eefe4e555cce41fab475f7f7859a293f86c0b/detection 147.135.210.184:9090 216.58.203.46:9090 # Reference: https://www.virustotal.com/gui/file/4284f64189359326e4bbbeb329aee11e0db96824d5fae1de96a95ad4949ffedf/detection 153.92.210.165:2407 # Reference: https://www.virustotal.com/gui/file/903ebfde5701b26c60656ee466fee31633448c37188d18318db9d2c7bfded076/detection 51.68.124.148:2407 # Reference: https://www.virustotal.com/gui/file/eb2433bf487a405b631464430f9ba5f02d95f7d63a59dd288a3db9d2d0611373/detection 176.58.123.223:2407 # Reference: https://www.virustotal.com/gui/file/13bcf15acbf45759342cd62e2e112dd0c46acf9a14af7784dda17f5ee6fc749b/detection 107.191.110.201:2407 # Reference: https://www.virustotal.com/gui/file/283a67dd7536db0e316282d437c2917c336d97045ce867df2d326e588f5922c0/detection 176.10.127.126:2407 # Reference: https://www.virustotal.com/gui/file/8dcdccf9fcb42c1f6c191ced0347711297c88efc51518ea1ab29bbda001661a4/detection 68.66.253.100:2407 # Reference: https://twitter.com/MalwarePatrol/status/1334346751805939718 bash.givemexyz.in # Reference: https://twitter.com/r3dbU7z/status/1341404311771881478 small.anondns.net # Reference: https://www.virustotal.com/gui/file/94224bbc8f9a24bf162cc9635a07a3863dfa46d234c96ccf37162b9ffbbe3e29/detection 46.29.163.28:6667 # Reference: https://www.lacework.com/8220-gangs-recent-use-of-custom-miner-and-botnet/ # Reference: https://otx.alienvault.com/pulse/60a81875fa39fe6dbbe6f7d1 givemexyz.in givemexyz.xyz pwndns.pw thegov.win winscp.top # Reference: https://www.virustotal.com/gui/file/b8dcadd2affaa6c9ea5629958ccb8e4c19a5c412dd3fb83cfd210dc079359196/detection 185.130.104.131:443 # Reference: https://www.virustotal.com/gui/file/137b3b10a347a78a8ce0c167befd35a187e2923ae3c782e0b69102cd5069fcbb/detection # Reference: https://www.virustotal.com/gui/file/0c2d6843d5c00616cd4823b71206c8efcdc43b09a0f0682e3200e9822343f979/detection derpcity.ru exposedbotnets.ru fflyy.su wired.kei.su wireless.kei.su # Reference: https://twitter.com/abuse_ch/status/1473561613634609153 144.172.71.180:8080 # Reference: https://tria.ge/211223-mgh7zsacfq/behavioral1 156.67.220.165:8080 198.8.91.14:8080 45.132.241.68:8080 # Reference: https://threatfox.abuse.ch/browse/tag/log4j/ 91.200.103.249:8080 l33t-ppl.info # Reference: https://www.sentinelone.com/blog/from-the-front-lines-8220-gang-massively-expands-cloud-botnet-to-30000-infected-hosts/ # Reference: https://otx.alienvault.com/pulse/62d67a7459b9250ab5c7cc96 bashgo.pw letmaker.top onlypirate.top oracleservice.top a.oracleservice.top b.oracleservice.top jira.letmaker.top jira.onlypirate.top pwn.letmaker.top pwn.onlypirate.top pwn.oracleservice.top # Reference: https://twitter.com/r3dbU7z/status/1569694183723601922 # Reference: https://elfdigest.com/brief/8a04585157033b86cb2c104f441d236bc3255b46127355f8342b75ab40eb3e35 # Reference: https://www.virustotal.com/gui/file/c79afea44f153d74b5019e90fa7728b00dcb6ab6abd4649fd474d3a883fa96ad/detection 93.95.229.203:8080 lesliejust.is whatwill.be irc.whatwill.be # Reference: https://www.virustotal.com/gui/file/0013b356966c3d693b253cdf00c7fdf698890c9b75605be07128cac446904ad9/detection c4k-ircd.pwndns.pw # Reference: https://www.virustotal.com/gui/file/7d82f5f3e1dd21e9cf32fc39caa9d07f85830e48d1961727193fdcea7354cffa/detection 213.171.212.254:4443 koro.root.sx # Reference: https://www.virustotal.com/gui/file/19ab31fa87af2250e61ca847252de21bb966b29aad477eea6c7046b210545e54/detection dump.giraffe.su # Reference: https://unit42.paloaltonetworks.com/gobruteforcer-golang-botnet/ # Reference: https://otx.alienvault.com/pulse/640ff035d461c89f3f2c4472 # Reference: https://www.virustotal.com/gui/file/426b573363277554c7c8a04da524ddbf57c5ff570ea23017bdc25d0c7fd80218/detection http://5.253.84.159 fi.warmachine.su # Reference: https://www.virustotal.com/gui/file/4f363c0a8685134c06355fbe7a92b56423a2e50d687bfad72cf2650a5fbc1b7c/detection hsbc-irc.pwndns.pw # Reference: https://elfdigest.com/brief/fac919fc38c456cd30216a6d190fc258049ceb9ede4cefcc60f666d66178f641 96.49.241.146:6667 irc.byroe.org li1094-151.members.linode.com # Reference: https://elfdigest.com/brief/03318a0061d4ee846a5fffd3d613f228dfced98b8be589d40842724e047de1f6 121.130.2.180:6667 # Reference: https://blog.malwaremustdie.org/2016/02/mmd-0052-2016-skidddos-elf-distribution.html#tsunami binarys.x10.mx /DOGDICKS/Binarys.sh /qbot/Binarys.sh /Sharky/gb.sh # Reference: https://blog.malwaremustdie.org/2016/04/mmd-0053-2016-bit-about-elfstd-irc-bot.html#stdbot # Reference: https://www.virustotal.com/gui/file/492780a9ac9f03305538b360d8a836c038da4920e8c1ae620988b120613c0b1f/detection 148.81.111.111:8080 49.231.211.193:8080 51.210.8.204:8080 pokemoninc.com bnet.pokemoninc.com xxx.pokemoninc.com # Reference: https://twitter.com/sicehice/status/1672091400647872513 # Reference: https://www.virustotal.com/gui/file/6ce7c8c27da5fea91c1d4ac53cdf54c1b73262b4afa74c0b89f48c7dd6543936/detection http://106.246.224.219 http://160.16.103.108 /.l/pty1 /.l/pty2 /.l/pty3 /.l/pty4 /.l/pty5 /.l/pty6 /.l/pty7 /.l/pty8 /.l/pty9 /.l/pty10 /.l/pty11 /.l/pty12 /.l/pty1?ddos /.l/pty2?ddos /.l/pty3?ddos /.l/pty4?ddos /.l/pty5?ddos /.l/pty6?ddos /.l/pty7?ddos /.l/pty8?ddos /.l/pty9?ddos /.l/pty10?ddos /.l/pty11?ddos /.l/pty12?ddos /.p/pty1 /.p/pty2 /.p/pty3 /.p/pty4 /.p/pty5 /.p/pty6 /.p/pty7 /.p/pty8 /.p/pty9 /.p/pty10 /.p/pty11 /.p/pty12 /pty1?ddos /pty2?ddos /pty3?ddos /pty4?ddos /pty5?ddos /pty6?ddos /pty7?ddos /pty8?ddos /pty9?ddos /pty10?ddos /pty11?ddos /pty12?ddos # Reference: https://elfdigest.com/brief/039704e9624f6695984a7963651e08485ddbe1c9c318af55f32d4f9c56a08bf0 66.172.9.3:8080 # Reference: https://twitter.com/sicehice/status/1673820114737856515 # Reference: https://www.virustotal.com/gui/file/1807074f3f44725948ad31ed5ec4d3e4470a92f7a90a32f7b5c9b1db426efe4c/detection http://129.146.245.251 194.59.165.52:8080 deutschland-zahlung.eu bin.deutschland-zahlung.eu bins.deutschland-zahlung.eu dasan.deutschland-zahlung.eu i.deutschland-zahlung.eu irc.deutschland-zahlung.eu oiii.deutschland-zahlung.eu p.deutschland-zahlung.eu tomato.deutschland-zahlung.eu w.deutschland-zahlung.eu # Reference: https://twitter.com/sicehice/status/1672091588670140417 http://160.16.103.108 http://34.141.20.101 # Reference: https://twitter.com/sicehice/status/1660409111983398913 http://190.211.252.19 # Reference: https://asec.ahnlab.com/en/54647/ # Reference: https://otx.alienvault.com/pulse/6491a53dfa6ec351f8b52557 ircx.us.to ircxx.us.to # Reference: https://www.virustotal.com/gui/file/fe4b75a8ddc0fa7ee2fda3a9dd066b122acbd672ec5fb34946e68879959d4887/detection 138.197.78.18:8080 de-zahlung.eu p.de-zahlung.eu # Reference: https://www.virustotal.com/gui/file/dd9d84c78e0caea7c8a0eb5d20580d65ab1ac3794b528f3a97636cf9b0d4437b/detection 138.197.78.18:2407 162.249.2.189:2407 173.255.240.191:2407 185.61.149.22:2407 185.62.137.56:2407 68.66.253.100:2407 irc.de-zahlung.eu # Reference: https://www.virustotal.com/gui/file/ba5a6709c81fdf71420a81742fc9b5ab02d83c6d9dda77bd6e0e0dd6ad8f265b/detection 194.59.165.21:8080 dkrd.exposedbotnets.ru # Reference: https://www.virustotal.com/gui/file/b4cbd5ce32c87b5fc2dab1c544e0a8c89708984d3264221fc515ba4a6622ab4e/detection http://139.180.185.248 # Reference: https://www.virustotal.com/gui/file/1f9cda58cea6c8dd07879df3e985499b18523747482e8f7acd6b4b3a82116957/detection 85.120.225.141:8080 # Reference: https://twitter.com/redrabytes/status/1774918859339808843 94.156.8.116:1337