# Copyright (c) 2014-2023 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Reference: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor:Win32/Farfli.I w.qq-uc.cn baoge.9966.org mmd178.cn oiuyt.net # Reference: https://www.virustotal.com/gui/file/4a9c646136c527e9669fcada5319678c77bd98218f77d8cce79c04ff475d3194/behavior/Tencent%20HABO cccd02.codns.com # Reference: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor:Win32/Farfli.AV&threatId=-2147286376 hackxiaoben.3322.org # Reference: https://www.virustotal.com/gui/file/5418c6786bc04eb939a9febc8cfa0411f463fbf2a957189b2dc46ba3d5885652/behavior/VirusTotal%20Cuckoofork 4263604.meibu.net # Reference: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor:Win32/Farfli.DA&threatId=-2147261103 binbinkam.cn # Reference: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanDownloader:Win32/Farfli.K!bit&threatId=-2147249070 cdn_server_word9500.xxus.us # Reference: https://www.virustotal.com/gui/file/24ecf8d68c313a9cff7c801eb8108b61f9bd5a6bfcb17434f71ab74d3d6b444a/behavior/VirusTotal%20Cuckoofork a2.qwsazx.com # Reference: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanDownloader:Win32/Farfli.C&threatId=-2147258877 b1a23.meibu.net # Reference: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanDownloader:Win32/Farfli.E&threatId=-2147258594 m1.yea.im # Reference: https://twitter.com/K_N1kolenko/status/1281163539223363584 # Reference: https://www.virustotal.com/gui/file/ec65dff6c8c64535d441d9d3c1a2a7c6c2a0a42ca304041bde9cdd8f7d5b1628/detection qch1jjlb7.bkt.clouddn.com # Reference: https://www.virustotal.com/gui/file/b9c5b00ecbfe17abc48ee5df3f4a4725f90218c5ef596d16ffd7a1e59864fa98/detection linenews.mypicture.info # Reference: https://www.virustotal.com/gui/file/893859a6cee37a556d2368c1ca39b7c9e100983a0822c14b59f59224c5e41639/detection nutqauytva\d{1,3}azxd\.com # Reference: https://twitter.com/Jirehlov/status/1385068574889234439 # Reference: https://www.virustotal.com/gui/ip-address/43.128.26.244/relations # Reference: https://www.virustotal.com/gui/file/7b1bd6931e3e0d9592205a4945661f053d7f696dbf57ced2d6467e4775135290/detection # Reference: https://www.virustotal.com/gui/file/bea0dfb403684642d6612a653bf18dbbff35574ff7166b6ea5e433258df3a7b2/detection # Reference: https://www.virustotal.com/gui/file/52589fbf2352bb762bd1b2a18bf20d60ceaeb0b829034edf77ea4e73d4711e8a/detection http://43.128.26.244 43.128.26.244:99 /2021/0???????????.db /2021/03usdt????????.db /2021/04??????.db /2021/042021????.db /2021/062021Excel.db /2021/20218036/kb.jpg /2021/20218036/TY.png # Reference: https://www.virustotal.com/gui/file/3ee01bd64bb58a4d892fa0994fec5c32faa089346e0bc3d4fe00a08b6890be18/detection rat.microsoftups.com # Reference: https://www.virustotal.com/gui/file/bae1270981c0a2d595677a7a1fefe8087b07ffea061571d97b5cd4c0e3edb6e0/detection 193.164.223.77:7456 # Reference: https://www.virustotal.com/gui/file/385c92e3d2b1dc253eac89889157258df64586cad653dccfd3f3d6b240b9efba/detection 144.48.243.79:1002 202.8.123.81:6547 # Reference: https://www.virustotal.com/gui/file/9a5cae26a14962475b1d9e3011aa16cf7fbd421f2f3f9caa4299c98e3cf018f7/detection 193.164.222.131:4567 # Reference: https://www.virustotal.com/gui/file/e3c418133e17bd7ddd99ef252fb220852a0ab1d827e28c57fcb2645d89899c43/detection 107.151.94.66:4397 # Reference: https://www.virustotal.com/gui/file/2122180333641dee3a0ef7b9966ef035dc010e9857867c247517fe4ec8f566cc/detection 107.151.64.99:4398 # Reference: https://www.virustotal.com/gui/file/00f89613a5add3497b0da5c69bf7e39d88f312f2251f1f7cd3eb678584795931/detection 58.56.66.45:1111 kk321.f3322.net # Reference: https://www.virustotal.com/gui/file/d7a35dac1206d1b11cc5d7f27cd5c41831a71b9384de993bd22997686782d8c9/detection updatedns.serveuser.com # Reference: https://www.virustotal.com/gui/file/669c73d43ee10805a49260331dc5c2f278a84191b96c32ffe0ffc46365722b70/detection 27.124.3.138:5002 # Reference: https://www.virustotal.com/gui/file/1665b6af7f0f2be925ffccde88aa85d442c22dd95617ef79195cfb3ceca73b97/detection 113.90.168.19:8000 # Reference: https://www.virustotal.com/gui/file/9c8275d340bd29999a4d8f21e846225fdbb3fd67e82df6da810ec6913786cdc1/detection 180.215.203.34:36060 # Reference: https://www.virustotal.com/gui/file/880ee211e61938ce2b52c191b52a670be2cd83385fe573ef1ab5ac3fcb6d3eea/detection 180.215.203.34:24690 180.215.203.34:443 # Reference: https://www.virustotal.com/gui/file/7dbb6b9b81c564c8843000cfa156512057f783abb7b1b036362b36a3a23c1ef8/detection 43.139.138.38:2002 # Reference: https://www.virustotal.com/gui/file/f810b7e70b092c28f444de6782676e2d6c2d754340359be3278ce8957d2a3486/detection 124.220.35.63:7777 # Reference: https://www.virustotal.com/gui/file/a261d2dd247ae794de54eeb729b5336d945e7d5406d96cc8b41d6546e912705b/detection 124.220.35.63:8000 # Reference: https://www.virustotal.com/gui/file/9a2112fa4bb5f16b6e7a61b50fe0abb25aade5d0b50930699db1f195891d50bd/detection 124.220.35.63:4088 # Reference: https://www.virustotal.com/gui/file/83534b5f34717ef561cb855f2611710bad259e0ca42cae2252d00d986b73d7be/detection 154.91.230.44:8225 # Reference: https://www.virustotal.com/gui/file/614c1ce944cd52468289e806685ab58ce6bccb33b87d991bf376eb144dd03c1e/detection 104.233.151.40:8225 # Reference: https://www.virustotal.com/gui/file/e759df6f0df75856657945fc8bfcc0abc3def918e847956ad7c361fc72d0e19c/detection 40.83.115.43:8001 81.69.6.161:992 bot.nodefunction.vip # Reference: https://app.any.run/tasks/51ac8482-d809-4a2b-a601-89be388f3f13/ 27.124.43.55:8000 # Generic /newfiz7/tasks.php