# Copyright (c) 2014-2019 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: DarkComet, DarkKomet

# Reference: https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Backdoor:Win32/Fynloski.A

slimx.comule.com
slimmy.noip.me

# Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Fynlosk-AC/detailed-analysis.aspx

malka-reklama.com

# Reference: https://www.virustotal.com/en/file/88b322f35736cb13ecaba8539366da9282321945f37deded86aab3a6d3418d95/analysis/
# Reference: https://malwr.com/analysis/ZTFkNTkyOTIyYWY5NGQxNDg3OThhOThmMDY5NGM0OWQ/
# Reference: https://malwr.com/analysis/NTliNzQ4MmUwODVlNGMxNWJiZmExMDViYTJjNzRkNmM/

nobodywithyou.quicksytes.com
unfaithfull.mine.nu
nobodylikeyou.broke-it.net
unfaithfull.golffan.us
noremotenj.dnsfor.me

# Reference: https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html (Win.Dropper.Darkkomet-6680876-0)

val.myftp.org

# Reference: https://citizenlab.ca/2016/08/group5-syria/

alienfiend.3utilities.com
alirezaz74.no-ip.info
amiir.ddns.net
ashiyane.ddns.net

# Reference: https://citizenlab.ca/2015/10/mapping-finfishers-continuing-proliferation/

a.ddns.me
r.ddns.me

# Reference: https://twitter.com/Racco42/status/1046878564359000064

elumadns.eluma101.com

# Reference: https://twitter.com/ScumBots/status/1048377827765223430

control-pc.ddns.net

# Reference: https://twitter.com/fumik0_/status/1050643239273779200

fanddes.ddns.net

# Reference: https://twitter.com/JAMESWT_MHT/status/1108304088477900801

malconwire.ddns.net
mstanley.ufcfan.org
winningstar.ddns.net

# Reference: https://twitter.com/JAMESWT_MHT/status/1118088254224515072
# Reference: https://app.any.run/tasks/99fa923c-c2dd-4915-83d5-9ce6c00263ed
# Reference: https://www.virustotal.com/gui/file/9a35d2cb233f438f07289232971a82c0b70ada771a4769194686c83414abfed6/detection

egusi.duckdns.org
197.210.47.22:1007

# Reference: https://twitter.com/James_inthe_box/status/1029772632638382080

51.254.93.85:22475

# Reference: https://twitter.com/MalwareConfig/status/1110622163579609089

jorqoad.ddns.net

# Reference: https://twitter.com/MalwareConfig/status/1109895184962281472

cystau.ddns.net

# Reference: https://twitter.com/MalwareConfig/status/1093695806681595904

cometdb.ddns.net

# Reference: https://twitter.com/MalwareConfig/status/1070995860169900033

anees123.ddns.net

# Reference: https://twitter.com/MalwareConfig/status/1066549338007064581

zedofrus.duckdns.org

# Reference: https://twitter.com/MalwareConfig/status/1050203774235619329

findmeifyoucan.ddns.net

# Reference: https://twitter.com/MalwareConfig/status/1040695642690076672
# Reference: https://malwareconfig.com/config/b6d5270e6708908ff56aa91b1819be27/

194.44.227.222:1604

# Reference: https://twitter.com/MalwareConfig/status/1036255817845153792

allachaib54.ddns.net

# Reference: https://twitter.com/MalwareConfig/status/1036008342295064576

kurusuntirki.duckdns.org

# Reference: https://twitter.com/MalwareConfig/status/1024410533049643008

tifil.duckdns.org

# Reference: https://twitter.com/MalwareConfig/status/1024275294688030721

idkh.duckdns.org

# Reference: https://twitter.com/MalwareConfig/status/1023488007721181185

kctgame.hopto.org

# Reference: https://twitter.com/MalwareConfig/status/1021734919297552385

beratrat.duckdns.org

# Reference: https://twitter.com/MalwareConfig/status/1021660959155388418
# Reference: https://malwareconfig.com/config/349a4cbe64bbecf8a43ca004ba48ea41/

172.116.36.28:1604

# Reference: https://twitter.com/MalwareConfig/status/1021047304143466497

ratlikecomet.ddns.net

# Reference: https://twitter.com/MalwareConfig/status/1016305113152008192

alone.sytes.net

# Reference: https://twitter.com/MalwareConfig/status/1015594560356003843
# Reference: https://malwareconfig.com/config/706eeefbac3de4d58b27d964173999c3/

178.32.64.21:81

# Reference: https://twitter.com/MalwareConfig/status/1000913617460580352
# Reference: https://malwareconfig.com/config/c65c3c8c4035481a6833394476c82ff1/

176.114.132.28:1605

# Reference: https://twitter.com/MalwareConfig/status/993336313163276288
# Reference: https://malwareconfig.com/config/41c60a7201487465e7e06921b20c3ec8/

5.68.159.105:1337

# Reference: https://twitter.com/MalwareConfig/status/992510560636997639
# Reference: https://malwareconfig.com/config/d953a90802ca685f564ee9a4562f8304/

81.177.118.99:1604

# Reference: https://twitter.com/MalwareConfig/status/988144017291476993

1kd2sd8hj59et7.ddns.net

# Reference: https://twitter.com/MalwareConfig/status/985184013752197120

bitcometer.ddns.net

# Reference: https://twitter.com/MalwareConfig/status/982174275128909824
# Reference: https://malwareconfig.com/config/f58e5c0213c3d16c0735d5a53ff2b2ce/

88.135.201.49:1604

# Reference: https://twitter.com/MalwareConfig/status/980798013642862593
# Reference: https://malwareconfig.com/config/ad20b1d4c948a33f0ffbfdc2aaf5275a/

46.133.93.140:1604

# Reference: https://twitter.com/MalwareConfig/status/978382269709799425

melsamt2.sytes.net

# Reference: https://twitter.com/MalwareConfig/status/967183823904571393
# Reference: https://malwareconfig.com/config/dac38cf99b17d169152e53c1909896ca/

31.29.110.138:1604

# Reference: https://twitter.com/MalwareConfig/status/964901768357347330

malware_darkcomet.no-ip.com

# Reference: https://twitter.com/MalwareConfig/status/958360238100541440

ndudim.hopto.org

# Reference: https://twitter.com/MalwareConfig/status/956435746155528192
# Reference: https://malwareconfig.com/config/d0827f339213526025e5d25806eb1bf9/

84.83.77.156:1605

# Reference: https://twitter.com/MalwareConfig/status/956352184676945920
# Reference: https://malwareconfig.com/config/94a3ba517774ec75c2928879087f64ef/

54.38.22.64:2808

# Reference: https://twitter.com/MalwareConfig/status/956085348664270848

ykrop.hopto.org

# Reference: https://twitter.com/MalwareConfig/status/953463824681717760

anh.zapto.org

# Reference: https://twitter.com/MalwareConfig/status/951441936099012611
# Reference: https://malwareconfig.com/config/742a341678f66bc969401a6afccd1a7e/

37.195.251.26:1604

# Reference: https://twitter.com/MalwareConfig/status/951196978117038080

1xdemre.sytes.net

# Reference: https://twitter.com/MalwareConfig/status/950352270692179968

mobie.ddns.net

# Reference: https://twitter.com/MalwareConfig/status/946043994164940800

suicrat.ddns.net

# Reference: https://twitter.com/MalwareConfig/status/937772819055816704

irat4ever.ddns.net

# Reference: https://twitter.com/MalwareConfig/status/932320480694030336

perdrix21.hopto.org

# Reference: https://twitter.com/MalwareConfig/status/928402828158267395

itsbrad.ddns.net

# Reference: https://twitter.com/MalwareConfig/status/927721815413329920

evgeniy1983.no-ip.biz

# Reference: https://twitter.com/MalwareConfig/status/925781063170961415

topbasbatu000.ddns.net

# Reference: https://twitter.com/MalwareConfig/status/922866417594232832

guanyu2017.hopto.org

# Reference: https://twitter.com/MalwareConfig/status/921413570440695808
# Reference: https://malwareconfig.com/config/cf86e1fe687c4c3dd7f1c2fc5c662f2d/

185.61.149.134:1148

# Reference: https://twitter.com/MalwareConfig/status/919255144545562625
# Reference: https://malwareconfig.com/config/c19af36a86eca599c5a24ef3582255cb/

109.94.66.144:1604

# Reference: https://twitter.com/MalwareConfig/status/912167055285264384
# Reference: https://malwareconfig.com/config/7257431744eb3247e7bf6f58a8eb2691/

178.158.128.49:1604

# Reference: https://twitter.com/MalwareConfig/status/910913066316988416

lossehelin.duckdns.org

# Reference: https://twitter.com/MalwareConfig/status/910912902118420480

qwerty123456.duckdns.org

# Reference: https://twitter.com/MalwareConfig/status/910911784063729664

watsapp.duckdns.org

# Reference: https://twitter.com/MalwareConfig/status/906945447423508480

faruk01.duckdns.org

# Reference: https://twitter.com/MalwareConfig/status/906276838221205504

convict.duckdns.org

# Reference: https://twitter.com/MalwareConfig/status/905548741087809536

hamo55.hopto.org

# Reference: https://twitter.com/MalwareConfig/status/904080750647095301

mrwhite8391.ddns.net

# Reference: https://twitter.com/MalwareConfig/status/903754437151293440
# Reference: https://malwareconfig.com/config/10a1dbde59ddeb9bc757974c5cffe372/

85.104.8.203:4554

# Reference: https://twitter.com/MalwareConfig/status/903144131630911488
# Reference: https://malwareconfig.com/config/0401f5024825df5f58fd63cd2568fc2b/

37.193.25.56:1604

# Reference: https://twitter.com/MalwareConfig/status/900228130908102656

emir695.duckdns.org

# Reference: https://twitter.com/MalwareConfig/status/900217070968872961

286128.duckdns.org

# Reference: https://twitter.com/MalwareConfig/status/900057371027918848

owelemre2.sytes.net

# Reference: https://twitter.com/MalwareConfig/status/899777027351474177

memelek.duckdns.org

# Reference: https://twitter.com/MalwareConfig/status/899708530349010945

cevadergn.duckdns.org

# Reference: https://twitter.com/MalwareConfig/status/899704791420588033

ambuk.duckdns.org

# Reference: https://twitter.com/MalwareConfig/status/898699148358291456

ehenderson1996.zapto.org

# Reference: https://twitter.com/MalwareConfig/status/898451580386541568
# Reference: https://malwareconfig.com/config/a61b1388bd22975c6558a3cbe5286f8c/

61.34.250.106:1604

# Reference: https://twitter.com/MalwareConfig/status/898356313406791680

rodrigonj99.ddns.net

# Reference: https://twitter.com/MalwareConfig/status/898316265323864064

kingeyes.duckdns.org

# Reference: https://twitter.com/MalwareConfig/status/898312613301497857

mekan077.duckdns.org

# Reference: https://twitter.com/MalwareConfig/status/898300001096544256

aliasbond.duckdns.org

# Reference: https://twitter.com/MalwareConfig/status/898254456587829248

loafer00.duckdns.org

# Reference: https://twitter.com/MalwareConfig/status/898247023060701185

thewalkers.duckdns.org

# Reference: https://twitter.com/MalwareConfig/status/897472908498481152

ehenderson32.zapto.org

# Reference: https://twitter.com/MalwareConfig/status/894159512730578944

bentester.duckdns.org

# Reference: https://twitter.com/MalwareConfig/status/893438443224784897

fannii.ddns.net

# Reference: https://twitter.com/MalwareConfig/status/893438328065986560

rmznsinstr.duckdns.org

# Reference: https://twitter.com/MalwareConfig/status/893002193254723585

legacylol.duckdns.org

# Reference: https://twitter.com/MalwareConfig/status/890017219060649984

ihack.ddns.net

# Reference: https://twitter.com/MalwareConfig/status/888531040230309888

refflexx.hopto.org

# Reference: https://twitter.com/MalwareConfig/status/882871663934812160

darkcomete.ddns.net

# Reference: https://twitter.com/MalwareConfig/status/880781602158194688

chapropaxas.zapto.org

# Reference: https://twitter.com/MalwareConfig/status/879114139486101504

ecofriendster.com

# Reference: https://twitter.com/MalwareConfig/status/863803239791292416

csgohacker2017.ddns.net

# Reference: https://twitter.com/MalwareConfig/status/863327587187249152

zxmn.ddns.net

# Reference: https://twitter.com/MalwareConfig/status/861251179367587841

enesmt2-logo.duckdns.org

# Reference: https://twitter.com/MalwareConfig/status/861012250810888192

enesmt2.ddns.net

# Reference: https://twitter.com/MalwareConfig/status/857675716036526080

billhosts.ddns.net

# Reference: https://twitter.com/MalwareConfig/status/857344636381270016

yunuscan.ddns.net

# Reference: https://twitter.com/MalwareConfig/status/857101248243396609

dc1604kzl.duckdns.org

# Reference: https://twitter.com/MalwareConfig/status/856747439105159168

ahmetbay.duckdns.org

# Reference: https://twitter.com/MalwareConfig/status/856232287985438725

vahdi12.duckdns.org

# Reference: https://twitter.com/MalwareConfig/status/852138277377388545
# Reference: https://malwareconfig.com/config/9026246afcc01ef5c5c8961dc1c6bc37/

217.44.145.105:1604

# Reference: https://twitter.com/MalwareConfig/status/848914914274140164

rat12411.ddns.net

# Reference: https://twitter.com/MalwareConfig/status/848135538007838720

Hierro1.ddns.net

# Reference: https://twitter.com/MalwareConfig/status/846713975190556672
# Reference: https://malwareconfig.com/config/0487fed0aa52334d15911e5384c0d410/

80.61.35.94:1600

# Reference: https://twitter.com/MalwareConfig/status/846688338153230336

xose01.ddns.net

# Reference: https://twitter.com/MalwareConfig/status/843832787610320900

1po4tip.3utilities.com

# Reference: https://twitter.com/MalwareConfig/status/842080814074605571

mavileylek.ddns.net

# Reference: https://twitter.com/MalwareConfig/status/842080723624439810
# Reference: https://malwareconfig.com/config/8858d5a020fe2ae5a03574a7103702d8/

emircanaktas.duckdns.org

# Reference: https://twitter.com/MalwareConfig/status/841597432337203200

batuhan32200269116.duckdns.org

# Reference: https://twitter.com/MalwareConfig/status/839149275791704065

siradanpc12.dynu.net

# Reference: https://twitter.com/MalwareConfig/status/838150119476310016

kagero-grup.sytes.net

# Reference: https://twitter.com/MalwareConfig/status/821970069358084097

cemal334.duckdns.org

# Reference: https://twitter.com/MalwareConfig/status/821302409813262336

cw.ddns.net

# Reference: https://twitter.com/MalwareConfig/status/818865344886558724

tstdc.3utilities.com

# Reference: https://twitter.com/MalwareConfig/status/817421933608370176

sanana.hdd.com

# Reference: https://twitter.com/MalwareConfig/status/816026893631844352

ketref38.dynu.net

# Reference: https://twitter.com/MalwareConfig/status/812818261347893248
# Reference: https://malwareconfig.com/config/2d9bf3f12890104ecd523f844859489f/

81.100.129.159:4789

# Reference: https://twitter.com/MalwareConfig/status/806979375040233472
# Reference: https://malwareconfig.com/config/61f07e2d14ece932f5e520bf4c9916c3/

149.255.62.14:1604

# Reference: https://twitter.com/MalwareConfig/status/804458441976725505
# Reference: https://malwareconfig.com/config/c72a7164844dca1a6386d4d5a3585815/

82.103.140.48:1604

# Reference: https://twitter.com/MalwareConfig/status/803636805279031296

massarbaba.ddns.net

# Reference: https://twitter.com/MalwareConfig/status/803500980214124544

banthisbitxh.zapto.org

# Reference: https://twitter.com/MalwareConfig/status/798276892864421888
# Reference: https://malwareconfig.com/config/db1136d52bb1f563253c9dd7b9e33dfb/

86.128.42.185:100

# Reference: https://twitter.com/MalwareConfig/status/796589840192143360

samuli.ddns.net

# Reference: https://twitter.com/MalwareConfig/status/796110751744266245

blessedchuks.ddns.net

# Reference: https://twitter.com/MalwareConfig/status/791971477671280640

jimmybob231.ddns.net

# Reference: https://twitter.com/MalwareConfig/status/790199387590889472

ahmedsaleh.no-ip.info

# Reference: https://twitter.com/MalwareConfig/status/790183969413357572

elopasemq.no-ip.biz

# Reference: https://twitter.com/MalwareConfig/status/790180399452389378

tacidreaq.no-ip.info

# Reference: https://twitter.com/MalwareConfig/status/790178614490779648

hackman83.no-ip.org

# Reference: https://twitter.com/MalwareConfig/status/790171154778554370

tatuti.no-ip.biz

# Reference: https://twitter.com/MalwareConfig/status/790170953212985344

abod12345.no-ip.info

# Reference: https://twitter.com/MalwareConfig/status/790167660034220036

ratyou.no-ip.biz

# Reference: https://twitter.com/MalwareConfig/status/790165889551306752

oxhacker5.no-ip.info

# Reference: https://twitter.com/MalwareConfig/status/790161745495097344

anasek.no-ip.biz

# Reference: https://twitter.com/MalwareConfig/status/790156009704685568
# Reference: https://malwareconfig.com/config/fb6fe9ce3fb60662de59b0d3f2f1a900/

falumir24h.servegame.com

# Reference: https://twitter.com/MalwareConfig/status/790155881015087106

onetwone007.zapto.org

# Reference: https://twitter.com/MalwareConfig/status/790153534738169856

jjleo.no-ip.biz

# Reference: https://twitter.com/MalwareConfig/status/790151613247782916

dnnirfan.zapto.org

# Reference: https://twitter.com/MalwareConfig/status/790149013370724352

lanremoteadmin.no-ip.org

# Reference: https://twitter.com/MalwareConfig/status/790146263614455808

dedilivisoft.ddns.net

# Reference: https://twitter.com/MalwareConfig/status/784740796281065472

zirconpvp.ddns.net

# Reference: https://twitter.com/MalwareConfig/status/784717845582274560
# Reference: https://malwareconfig.com/config/39360b2ac89e3f789632a498635ea53d/

88.75.173.240:81

# Reference: https://twitter.com/MalwareConfig/status/783251715151818752

Flythief.no-ip.biz

# Reference: https://twitter.com/MalwareConfig/status/779638685151166464

duckysiker.ddns.net

# Reference: https://twitter.com/MalwareConfig/status/778618987848601600

brokerr1.ddns.net

# Reference: https://twitter.com/MalwareConfig/status/776415665246920706

at0x.ddns.net

# Reference: https://twitter.com/MalwareConfig/status/774130450746871808

arrivals.ddns.net

# Reference: https://twitter.com/MalwareConfig/status/772097961165778945

azarxd.duckdns.org

# Reference: https://twitter.com/MalwareConfig/status/769232194959183872

sozluk.duckdns.org

# Reference: https://twitter.com/MalwareConfig/status/765431761195134976

pisr.no-ip.biz

# Reference: https://twitter.com/MalwareConfig/status/765276865913298945

tytusandronicus.suroot.com

# Reference: https://twitter.com/MalwareConfig/status/762934405761527812
# Reference: https://malwareconfig.com/config/bb042ea1efbb153eceb81ead99ca40c8/

174.61.87.89:1604

# Reference: https://twitter.com/MalwareConfig/status/753691591337017344
# Reference: https://malwareconfig.com/config/e10407f76f1f68cfd15419b9f9fbe8a2/

100.7.41.35:1604

# Reference: https://twitter.com/MalwareConfig/status/753244223584043009

eprice.ddns.net

# Reference: https://twitter.com/MalwareConfig/status/752960699287101441

testpourvoirkimahack.no-ip.org

# Reference: https://twitter.com/MalwareConfig/status/751129638970200064

dakdns1.duckdns.org

# Reference: https://twitter.com/MalwareConfig/status/750828815656558592
# Reference: https://malwareconfig.com/config/9e516fadabf7246a846af83715c6c961/

94.183.16.82:1604

# Reference: https://twitter.com/MalwareConfig/status/748820464617807872
# Reference: https://malwareconfig.com/config/afaf914aa49af9ab06cfecf21439a778/

89.164.152.8:1605

# Reference: https://twitter.com/MalwareConfig/status/748818887526014976

destinyhacked.ddns.net

# Reference: https://twitter.com/luc4m/status/1072888268528779264

pd1n.ddns.net

# Reference: https://twitter.com/MalwareConfig/status/1127517851852713984

abdoaks-41628.portmap.io
193.161.193.99:41628

# Reference: https://twitter.com/MalwareConfig/status/1128313177253535744
# Reference: https://malwareconfig.com/config/df577ed4df4a7ff3f219b54793fa4249/

nonmo.duckdns.org
95.65.129.254:3323

# Reference: https://www.fireeye.com/blog/threat-research/2014/04/crimeware-or-apt-malwares-fifty-shades-of-grey.html

akuna.mcdir.ru
privatecode.zapto.org

# Reference: https://www.proofpoint.com/sites/default/files/proofpoint-operation-transparent-tribe-threat-insight-en.pdf

5.189.145.248:1453

# Reference: https://twitter.com/KorbenD_Intel/status/1169996681259245569

newdarkcomet.daniel2you.com