# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Aliases: xarcen # Reference: http://bartblaze.blogspot.hr/2015/09/notes-on-linuxxorddos.html # Reference: https://otx.alienvault.com/pulse/560559844637f21ecf297f9a/ dsaj2a.com hcxiaoao.com hostasa.org dsaj2a1.org wangzongfacai.com dsaj2a.org # Reference: http://blog.malwaremustdie.org/2015/06/mmd-0033-2015-linuxxorddos-infection_23.html hostasa.org # Reference: https://blog.checkpoint.com/wp-content/uploads/2015/10/sb-report-threat-intelligence-groundhog.pdf gggatat456.com xxxatat456.com aaa.gggatat456.com aaa.xxxatat456.com www1.gggatat456.com jq.cfdddos.com gh.dsaj2a1.org ndns.dsaj2a1.org ndns.dsaj2a.org ndns.hcxiaoao.com ndns.dsaj2a.com linux.bc5j.com uc.f1122.org navert0p.com wangzongfacai.com ns1.hostasa.org ns2.hostasa.org ns3.hostasa.org ns4.hostasa.org zhegege.3322.org # Reference: https://www.welivesecurity.com/2018/10/18/new-linux-chachaddos-malware-distributed-servers-vestacp-installed/ 193.201.224.238:8852 7mfsdfasdmkgmrk.com 8masaxsssaqrk.com 9fdmasaxsssaqrk.com efbthmoiuykmkjkjgt.com zxcvbmnnfjjfwq.com /RTEGFN01 # Reference: https://www.virustotal.com/gui/file/e99b77c5a469018e9543bff5bf3b1798ae62146b5763979659d951451d7ef77f/detection 222.186.128.172:5535 syn4.f3322.org # Reference: https://www.lacework.com/groundhog-botnet-rapidly-infecting-cloud/ # Reference: https://otx.alienvault.com/pulse/6011e0e8fe4caceec3d71f63/ 112.213.127.156:9393 222.186.128.172:5523 2017fly.com 2018fly.com 2019fly.com 3000uc.com 8uc.linux1.cc 911ddos.com aa.finance1num.org aa.hostasa.org aaa.dsaj2a.org aaa.gggatat456.com aaa.xxxatat456.com assword.xyz baidu.gddos.com bc5j.com benniao.date benniaogg.benniao.date caiyundaifu.top cdn.cloud2cdn.com cdn.finance1num.com cdn.netflix2cdn.com cdn.search2c.com cloud2cdn.com ddd.dddgata789.com dddgata789.com dnstells.com dsaj2a.com dsaj2a.org dsaj2a1.org finance1num.com finance1num.org fly1989.com gddos.com gggatat456.com gh.dsaj2a1.org gzcfr5axf6.com gzcfr5axf7.com hcxiaoao.com hostasa.org info.3000uc.com k1.2018fly.com kill.2019fly.com linux.bc5j.com linux1.cc lpjulidny7.com lzjxn.me myserv012.com ndns.dsaj2a.com ndns.dsaj2a.org ndns.dsaj2a1.org ndns.hcxiaoao.com netflix2cdn.com ns1.hostasa.org ns2.hostasa.org ns3.hostasa.org ns4.hostasa.org p.assword.xyz p10.2017fly.com p10.2018fly.com p10.sb1024.net p12.2017fly.com p12.2018fly.com p12.sb1024.net p2.2019fly.com p2.fly1989.com p2.sb1024.net p4.2019fly.com p4.fly1989.com p4.sb1024.net p5.2017fly.com p5.2018fly.com p5.dddgata789.com p5.lpjulidny7.com p5.sb1024.net p6.2017fly.com p6.2018fly.com p6.2019fly.com p6.fly1989.com p6.sb1024.net pcdown.gddos.com pincco.cn ppp.gggatat456.com ppp.xxxatat456.com qq360bidu.me rouji.pincco.cn sb1024.net search2c.com shaoqian.f3322.org soft8.gddos.com suc80.linux1.cc suc80.twjiasu.com syn4.f3322.org twjiasu.com uc.twjiasu.com w.qq360bidu.me wnegerf.com ww.dnstells.com ww.gzcfr5axf6.com ww.gzcfr5axf7.com ww.myserv012.com ww.search2c.com xo.lzjxn.me xxxatat456.com # Reference: https://twitter.com/honeymoon_ioc/status/1480003904616210436 # Reference: https://www.virustotal.com/gui/ip-address/23.228.113.246/relations enoan2107.com gzcfr5axf6.com imagetw0.com myserv012.com s9xk32c.com # Reference: https://www.virustotal.com/gui/file/474893179caa590fbbf3da828ebed1715a7591f9b7c259b52d641c436fd29a4a/detection linux.jum2.com # Reference: https://www.virustotal.com/gui/file/125abfa4bc8fcacb07016ad093c4e992d42e5c6960acaa7e4faef7eca18f5a8f/detection # Reference: https://www.virustotal.com/gui/file/80f35b3e6694e8b4ffb297b52cb9001cd53afdd1edbd2df5c2adb94074b04871/detection 118.24.26.156:999 re67das.com aaaaaaaaaa.re67das.com # Reference: https://www.virustotal.com/gui/file/0001735cf6c4957497af12437ae6f9762a7152b608041547efb74e1d9160d5b1/detection 103.223.120.131:8809 # Reference: https://www.virustotal.com/gui/file/b7596ec8533098af77fd3b2915f102ed3286c437140cc49ba60fbad80b466cbe/detection googtg.com a.googtg.com # Reference: https://www.virustotal.com/gui/file/00013dbdf0e7e5654f31942bfaed21b5c1436c6518b23107a5b87c240805c582/detection # Reference: https://www.virustotal.com/gui/file/0001735cf6c4957497af12437ae6f9762a7152b608041547efb74e1d9160d5b1/detection a-dns-google.com dns-google.org # Reference: https://www.virustotal.com/gui/file/004a00c222adcabc72bbb4650219273adbfa8bb61f960a31ef5a8aa3e951051f/detection 103.213.247.92:3307 # Reference: https://www.virustotal.com/gui/file/0000c4d3da732d5d47827d4e85557e8f701bd881d6855a6b8e84f9c0da52583b/detection 34.98.99.30:60000 # Reference: https://tria.ge/220602-vewz3aghc6/behavioral1 221.58.22.55:5993 topbannersun.com wowapplecar.com # Reference: https://elfdigest.com/brief/848e332e6cdb89a577c665bb79ff87c369379cfdc3b7f3db86590cca9401128a b12.dddgata789.com b12.xxxatat456.com # Reference: https://elfdigest.com/brief/b84cf164fde12dd07192aa44f1b943044610539fd979e0f9359d44062f21a612 54.36.15.96:6003 # Reference: https://elfdigest.com/brief/5a7d7f1d53f039e7b69cf8d040cc043d1264b14107a8a73034e6b90d8e81f87a 54.36.145.104:1523 # Reference: https://www.virustotal.com/gui/file/ea40ecec0b30982fbb1662e67f97f0e9d6f43d2d587f2f588525fae683abea73/detection http://203.205.254.157 # Reference: https://www.virustotal.com/gui/file/002edfb7593a624139251b08eb986b7a84559dde12b95d1172800b49f27a7c54/detection 54.36.145.106:1523 54.36.15.98:1523 54.36.15.99:1523 # Reference: https://www.virustotal.com/gui/file/0004812beeb3e07a834488a8683b10a9f53ba28f7fdf4565ffd83d839d3a1b3d/detection 23.248.237.29:8000 47.91.170.222:8000 s9xk32a.com s9xk32b.com ww.s9xk32a.com ww.s9xk32b.com ww.s9xk32c.com # Reference: https://unit42.paloaltonetworks.com/new-linux-xorddos-trojan-campaign-delivers-malware/ # Reference: https://otx.alienvault.com/pulse/652d705e2bb9be9c8d9bdc7c 0o557.com 2w5.mc150.cn 604418589.xyz 8uc.gwd58.com 98syn.com a381422.f3322.net aldz.xyz b12.gggatat456.com bb.wordpressau.com bbb.wordpressau.com d14.dddgata789.com g14.gggatat456.com nishabud.com p0.lpjulidny7.com p2.lpjulidny7.com p3.lpjulidny7.com p4.lpjulidny7.com ssh.upx.wang syn.aldz.xyz wordpressau.com x14.xxxatat456.com xran.xyz zryl.online