# Copyright (c) 2014-2022 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Aliases: dinihou, duhini, hworm, h-worm, wshrat # Reference: https://twitter.com/DissectMalware/status/986467663353442305 pm2bitcoin.com # Reference: https://twitter.com/Racco42/status/1047173279553900551 toheeb.publicvm.com # Reference: https://twitter.com/Racco42/status/1044562743519584257 185.141.27.177:4123 # Reference: https://twitter.com/Racco42/status/1040353263579738113 # Reference: https://app.any.run/tasks/f6eca300-7137-4e88-bd28-7f9a507a17d3/ 46.243.189.128:6969 # Reference: https://twitter.com/Racco42/status/1053747018835869696 fud.fudcrypt.com # Reference: https://twitter.com/Racco42/status/1102879193631731713 185.198.26.245:3843 # Reference: https://twitter.com/Racco42/status/1110868159492489216 brothersjoy.nl newmenow.duckdns.org # Reference: https://twitter.com/James_inthe_box/status/1016808667692204032 windefendeupdate.duckdns.org # Reference: https://twitter.com/Jan0fficial/status/1009009607988187137 # Reference: https://pastebin.com/MxR1p5wG stanman.linkpc.net # Reference: https://twitter.com/avman1995/status/963273945955864577 ines0049.ddns.net # Reference: https://www.securityartwork.es/2019/01/25/wirte-group-attacking-the-middle-east/ # Reference: https://www.virustotal.com/gui/file/65d61cf1481749565fc8f4186c92c7b4f499b39e4d93295551ece4ec9560cd27/detection 149.28.14.103:535 149.28.14.103:80 mighty-dead.ddns.net mighty-dead.spdns.de mightydead.webredirect.org # Reference: https://twitter.com/pmelson/status/1119756002503606272 updatesystem.linkpc.net # Reference: https://twitter.com/Racco42/status/1120981890947854336 185.101.94.172:3018 # Reference: https://twitter.com/Racco42/status/1121350734350413824 # Reference: https://www.virustotal.com/en/file/5efd79ed3058f656b6df2164a37f86e80978d8ebb5f8d5222be03decb03fc28b/analysis/1556133044/ 194.187.249.104:7777 # Reference: https://twitter.com/chen_erlich/status/1121406324884086787 # Reference: https://www.hybrid-analysis.com/sample/4ff921531d9cb5c21b3ee081a5fd1c52d12690332dd1ea1608230b8de918ac09 105.105.218.193:4433 # Reference: https://twitter.com/chen_erlich/status/1121406324884086787 # Reference: https://www.virustotal.com/gui/file/b2dc457d16afa43c943b31021052b939d58aedfcdf2fad8e25e5b96edc71d180/detection updatefacebook.ddns.net 197.162.66.49:2 # Reference: https://twitter.com/chen_erlich/status/1121406324884086787 # Reference: https://www.virustotal.com/gui/file/61c96cdb88877b3c737a1022bb6355e8489d2cc2019ecbcc15be978186552174/detection 23.227.201.158:3047 # Reference: https://www.hybrid-analysis.com/sample/442fe9bb6820ba79ca48429df8e5a01e991302be2a0d45a35c99c5d006a1d64a office-update.services 104.24.112.139:2082 # Reference: https://twitter.com/JAMESWT_MHT/status/1130449106663616513 savelifes.tech # Reference: https://twitter.com/James_inthe_box/status/1138092566820212737 # Reference: https://app.any.run/tasks/13e72f97-139b-4441-9bc6-9b5e9e08d622/ doughnut-snack.live mynameisstaff.warzonedns.com 20.54.72.33:4444 # Reference: https://twitter.com/luc4m/status/1138430833533104128 unknownsoft.duckdns.org # Reference: https://twitter.com/Racco42/status/1139458016611356672 sirkashmoremoney.duckdns.org # Reference: https://twitter.com/Racco42/status/1139461501113311232 chance2019.ddns.net # Reference: https://twitter.com/HONKONE_K/status/1141181986523844612 bylgay.hopto.org microsoftoutlook.duckdns.org soucdtevoceumcuzao.duckdns.org # Reference: https://twitter.com/Bank_Security/status/1141388470293655552 # Reference: https://pastebin.com/P4h3NHJE tcoolsoul.com # Reference: https://twitter.com/Racco42/status/1143054336563564544 # Reference: https://twitter.com/dvk01uk/status/1143027551151042560 # Reference: https://app.any.run/tasks/b6ac016b-3439-4710-9942-e1645343a261/ microsoft.btc-crypto-rewards.cash 160.202.163.246:9966 185.247.228.14:7755 # Reference: https://twitter.com/coderippers/status/1154003951152484352 9d1.myq-see.com mzu.publicvm.com # Reference: https://twitter.com/Timele9527/status/1159673642332016640 mmksba.dyndns.org 64.188.25.230:4455 # Reference: https://twitter.com/smica83/status/1166275236741955585 dbin240.ddns.net # Reference: https://twitter.com/luc4m/status/1166765980489584640 91.132.139.181:9999 # Reference: https://twitter.com/wwp96/status/1171069954881392641 # Reference: https://app.any.run/tasks/d3b840d6-520a-4529-a561-b2ce8c05b432/ 79.134.225.72:1104 165.22.129.173:7756 ablerightventures.duckdns.org pluginsrv1.duckdns.org # Reference: https://twitter.com/Paladin3161/status/1172178725959397378 plunder.nsupdate.info # Reference: https://twitter.com/malware_traffic/status/1172610957929062410 81.92.202.176:5200 tain0077.warzonesdns.com # Reference: https://twitter.com/KorbenD_Intel/status/1133469852579106816 pleasurekeys.hopto.org suzuki-dc.biz unknownsoft.duckdns.org # Reference: https://www.virustotal.com/gui/domain/dz47.cf/relations dz47.cf # Reference: https://www.threatcrowd.org/listMalware.php?antivirus=Worm.VBS.Dinihou 4ever4.zapto.org 999mostafa999.no-ip.org 999mostafa999.sytes.net aboodzainuddin.ddns.net adda.no-ip.org adolf2013.sytes.net alfhaddd-hakr.no-ip.biz anarqe77.no-ip.biz anassrojola.ddnsking.com androidupdate.myq-see.com avg-antivirus.zapto.org blackr00t5.no-ip.org blkisdz.ddns.net bog5151.zapto.org bogus911.no.ip.biz bogus911.no-ip.biz brigittenetwork.hopto.org chrome00.sytes.com chuckey1.no-ip.org cupidon.zapto.org desermyth.dyndns.org devil.hopto.org diiimaria.zapto.org dmar123.no-ip.biz dodaaa.zapto.org dz-drs.no-ip.biz dz47.myq-see.com elisou19.ddns.net eroor.ddns.net exxilero.ddns.net ffff99fff.no-ip.biz gerssy.zapto.org google-1.linkpc.net google00.ddns.net google7.no-ip.org greekwebtv.viewdns.net h-w0rm.zapto.org hadizz.no-ip.biz haydar93.no-ip.biz helps.zapto.org introworld.no-ip.org introworld.zapto.org iphack.no-ip.info j2w2d.no-ip.biz jaberlovee.ddns.net jhk.no-ip.org khalode4me.no-ip.biz killer---204.no-ip.biz king25.zapto.org kiyoma200.no-ip.biz klonkino.no-ip.org kusaisouf.no-ip.org lastdance.ddns.net lolokamal.zapto.org maxxx12.serveftp.org maxy.no-ip.info mda.no-ip.org memo8.no-ip.org memo9.no-ip.org mesopotemia222.zapto.org microsoftsystem.sytes.net microsoftwindows.sytes.net migalou2012.no-ip.biz mlcrosoft.serveftp.com monas04.no-ip.info mootje01.no-ip.org mrkiller.no-ip.org nouna1985.no-ip.org pilo-raouf.no-ip.biz pscho546.hopto.org qqwe.hopto.org qwqhack.no-ip.biz redex.no-ip.info righi.linkpc.net rndaso.no-ip.info romyo333.sytes.net ronaldo-123.no-ip.biz s-mz.sytes.net saifnjrat55.no-ip.biz sexcam.3utilities.com shawaf.sytes.net sidisalim.myvnc.com smoky29902332.hopto.org swanox.no-ip.org tariqalr.zapto.org terminator9.zapto.org twiti2390.no-ip.biz vpn-hacker.no-ip.biz waforex2011.no-ip.info winup.serveftp.com wkooora.sytes.net wvvw.sytes.net x.dvr-ddns.com yah00.sytes.net ycemufkk6g.bounceme.net youcef142.no-ip.biz ysf.no-ip.biz # Reference: https://www.securityhome.eu/malware/malware.php?mal_id=51549698551bff97f583c51.51712090 abdnjworm.no-ip.biz abocasse.zapto.org ahmedghost.no-ip.info b-trese.no-ip.biz boucraa.no-ip.org dd.no-ip.bz debili1.no-ip.biz fuck-all.no-ip.info hackers1990.no-ip.org heartbraker.no-ip.biz jnyn-99.no-ip.org mda.no-ip.org mmrick.zapto.org mntm.no-ip.biz mootje01.no-ip.org mozaya46415.zapto.org rouge166821.no-ip.biz vanonymous.no-ip.org vichtorio-israeli.zapto.org zkzak.np-ip.biz # Reference: http://ddos-info.weebly.com/blog/h-worm-plus-public-in-depth-analysis adamdam.zapto.org adolf2013.sytes.net ahmad212.no-ip.biz alii007.zapto.org am1.no-ip.info ballgogo.no-ip.biz basss.no-ip.info bg1337.zapto.org bog5151.zapto.org dataday3.no-ip.org docteuur13.no-ip.org doda.redirectme.net dzhacker15.no-ip.org g00gle.sytes.net gerssy.zapto.org googlechrome.servegame.com hackediraq.no-ip.biz hackeralbasrah.no-ip.biz hattouma12.no-ip.biz hmode123.no-ip.biz karimstar.zapto.org kiyoma200.no-ip.biz koko.myftp.org mda.no-ip.org medolife.no-ip.biz microsoftsystem.sytes.net mootje01.no-ip.org msgbox.zapto.org new-hacker.no-ip.org njnj.redirectme.net no99.zapto.org noooot.no-ip.biz pess-123.zapto.org pess-12.zapto.org portipv6.redirectme.net ronaldo-123.no-ip.biz sawdz.no-ip.biz securityfocus.bounceme.net shagagy21.no-ip.biz sidisalim.myvnc.com silent9.zapto.org terminator9.zapto.org vpn-hacker.no-ip.biz xbox720.zapto.org xkiller.no-ip.info yahia17.no-ip.org zeusback.no-ip.biz zoia.no-ip.org # Reference: http://www.microsoft.com/security/portal/threat/Encyclopedia/Entry.aspx?Name=Win32/Jenxcus#tab=2 # Reference: http://www.microsoft.com/security/portal/threat/Encyclopedia/Entry.aspx?Name=Worm:VBS/Jenxcus#tab=2 a.servecounterstrike.com eqe.sytes.net jnj.redirectme.net winlogon.servecounterstrike.com 3dmntk.no-ip.biz 999mostafa999.no-ip.biz 9d1.no-ip.org a.servecounterstrike.com abanas19.no-ip.biz abdo1abdo.no-ip.biz adolf2013.sytes.net ahmad909.no-ip.biz ajeeb.zapto.org ali2010.no-ip.biz aljabiry1.no-ip.biz alnazee.no-ip.org alnazee.no-ip.org alsha2e.zapto.org amere-ali.no-ip.biz aore.no-ip.org asmarany.no-ip.biz asmarany.np-ip.biz aymen112233.no-ip.org bifrost-jordan.zapto.org big-hack.no-ip.com blackhawk.myftp.biz cggfhddsscds.no-ip.biz cxxz.no-ip.biz damla.no-ip.org dhuaa.no-ip.org dnsip.servehttp.com doopy99.zapto.org fadliking.sytes.net fons.no-ip.info frostate.no-ip.biz ghoster13.no-ip.biz gmail2013.no-ip.info hackeralbasrah.no-ip.biz haedar.no-ip.biz hanan96.no-ip.bizport iraqi2013.servemp3.com jn.redirectme.net klagord.no-ip.org kurd2013.no-ip.biz localh0st.servehttp.com loll1.no-ip.biz m4b.no-ip.org mda.no-ip.org microsoftsystem.sytes.net milito.no-ip.org mohez.no-ip.org msy.myvnc.com naza.no-ip.biz new-hacker.no-ip.org oscar-bif.zapto.org portipv6.redirectme.net pthacker.no-ip.org ramadan.zapto.org sdgsg.no-ip.biz shawaf.sytes.net shee5iq.no-ip.biz shee5iq.no-p.biz sro7.no-ip.info systemsxp.sytes.net theghostholako.no-ip.org thescorpionking.no-ip.org utilesat.zapto.org uty.myq-see.com wahidhackerdz.no-ip.biz xkiller.no-ip.info xmx.no-ip.info xxsc.no-ip.org xxxxxx.no-ip.biz yahoomail.3utilities.com zilol.no-ip.org # Reference: https://twitter.com/Racco42/status/1174605204353949697 # Reference: https://app.any.run/tasks/27a475ac-c113-49be-b947-f580662600e4/ 91.132.139.181:9999 # Reference: https://twitter.com/Littl3field/status/1174624023709454336 178.124.140.148:3571 # Reference: https://www.menlosecurity.com/hubfs/pdfs/Menlo_Houdini_Report%20WEB_R.pdf dz47.servehttp.com maroco.linkpc.net maroco.myq-see.com maroco.redirectme.net # Reference: https://twitter.com/pmelson/status/1175928909264838660 185.251.38.91:5555 # Reference: https://twitter.com/dvk01uk/status/1176483058058440705 # Reference: https://app.any.run/tasks/62990e45-e920-48b0-a3b3-9ce2e83f99dc/ 192.169.69.25:7757 79.134.225.100:2813 2813.noip.me # Reference: https://twitter.com/Racco42/status/1178932126588297217 45.79.41.137:2344 # Reference: http://blog.morphisec.com/hworm-houdini-aka-njrat chroms.linkpc.net finix5.hopto.org finixalg11.ddns.net salh.linkpc.net # Reference: https://twitter.com/fletchsec/status/1179891198615531521 # Reference: https://www.hybrid-analysis.com/sample/a1da7465c3893cb30408820ee821210c0c1c008dcfde0af167f33e9db61975a2/5d965b610288389582043002 186.85.86.96:1235 nfiefbwihf48h9wun3foisnc98ehfb9uwfu.duckdns.org # Reference: https://twitter.com/Racco42/status/1131130800630579200 admin1960.linkpc.net savelifes.tech # Reference: https://twitter.com/Racco42/status/1111615130272444416 181.52.113.177:8105 socketw3.duckdns.org # Reference: https://twitter.com/James_inthe_box/status/1092764605766483969 194.5.99.53:5732 # Reference: https://twitter.com/luc4m/status/1092483141619601408 easyresa.ddns.net shkis.publicvm.com # Reference: https://twitter.com/luc4m/status/1073257560625569792 goz.unknowncrypter.com # Reference: https://twitter.com/Racco42/status/1064880890277494785 185.141.27.177:6544 # Reference: https://twitter.com/DissectMalware/status/1008387935199260672 # Reference: https://www.virustotal.com/gui/domain/suport.ddns.net/relations 141.255.145.240:233 141.255.145.255:233 141.255.145.87:233 141.255.146.205:233 141.255.146.59:233 141.255.148.251:233 141.255.148.91:233 141.255.149.205:233 141.255.151.184:233 141.255.152.112:233 141.255.153.20:233 141.255.153.7:233 141.255.155.127:233 141.255.157.34:233 141.255.158.240:233 141.255.158.49:233 141.255.158.62:233 141.255.159.223:233 179.89.100.165:233 196.70.42.129:233 93.182.168.132:233 93.182.168.14:233 93.182.168.15:233 93.182.168.16:233 93.182.168.29:233 93.182.168.31:233 93.182.168.36:233 93.182.168.6:233 93.182.168.8:233 93.182.169.10:233 93.182.169.29:233 93.182.169.30:233 93.182.169.32:233 93.182.170.11:233 93.182.170.141:233 93.182.170.145:233 93.182.170.33:233 93.182.170.5:233 93.182.171.131:233 93.182.171.146:233 93.182.171.164:233 93.182.171.22:233 93.182.171.25:233 93.182.171.26:233 93.182.171.5:233 93.182.172.21:233 93.182.173.20:233 93.182.173.21:233 93.182.173.37:233 93.182.173.6:233 93.182.174.23:233 141.255.145.240:322 141.255.145.255:322 141.255.145.87:322 141.255.146.205:322 141.255.146.59:322 141.255.148.251:322 141.255.148.91:322 141.255.149.205:322 141.255.151.184:322 141.255.152.112:322 141.255.153.20:322 141.255.153.7:322 141.255.155.127:322 141.255.157.34:322 141.255.158.240:322 141.255.158.49:322 141.255.158.62:322 141.255.159.223:322 179.89.100.165:322 196.70.42.129:322 93.182.168.132:322 93.182.168.14:322 93.182.168.15:322 93.182.168.16:322 93.182.168.29:322 93.182.168.31:322 93.182.168.36:322 93.182.168.6:322 93.182.168.8:322 93.182.169.10:322 93.182.169.29:322 93.182.169.30:322 93.182.169.32:322 93.182.170.11:322 93.182.170.141:322 93.182.170.145:322 93.182.170.33:322 93.182.170.5:322 93.182.171.131:322 93.182.171.146:322 93.182.171.164:322 93.182.171.22:322 93.182.171.25:322 93.182.171.26:322 93.182.171.5:322 93.182.172.21:322 93.182.173.20:322 93.182.173.21:322 93.182.173.37:322 93.182.173.6:322 93.182.174.23:322 141.255.145.240:323 141.255.145.255:323 141.255.145.87:323 141.255.146.205:323 141.255.146.59:323 141.255.148.251:323 141.255.148.91:323 141.255.149.205:323 141.255.151.184:323 141.255.152.112:323 141.255.153.20:323 141.255.153.7:323 141.255.155.127:323 141.255.157.34:323 141.255.158.240:323 141.255.158.49:323 141.255.158.62:323 141.255.159.223:323 179.89.100.165:323 196.70.42.129:323 93.182.168.132:323 93.182.168.14:323 93.182.168.15:323 93.182.168.16:323 93.182.168.29:323 93.182.168.31:323 93.182.168.36:323 93.182.168.6:323 93.182.168.8:323 93.182.169.10:323 93.182.169.29:323 93.182.169.30:323 93.182.169.32:323 93.182.170.11:323 93.182.170.141:323 93.182.170.145:323 93.182.170.33:323 93.182.170.5:323 93.182.171.131:323 93.182.171.146:323 93.182.171.164:323 93.182.171.22:323 93.182.171.25:323 93.182.171.26:323 93.182.171.5:323 93.182.172.21:323 93.182.173.20:323 93.182.173.21:323 93.182.173.37:323 93.182.173.6:323 93.182.174.23:323 141.255.145.240:324 141.255.145.255:324 141.255.145.87:324 141.255.146.205:324 141.255.146.59:324 141.255.148.251:324 141.255.148.91:324 141.255.149.205:324 141.255.151.184:324 141.255.152.112:324 141.255.153.20:324 141.255.153.7:324 141.255.155.127:324 141.255.157.34:324 141.255.158.240:324 141.255.158.49:324 141.255.158.62:324 141.255.159.223:324 179.89.100.165:324 196.70.42.129:324 93.182.168.132:324 93.182.168.14:324 93.182.168.15:324 93.182.168.16:324 93.182.168.29:324 93.182.168.31:324 93.182.168.36:324 93.182.168.6:324 93.182.168.8:324 93.182.169.10:324 93.182.169.29:324 93.182.169.30:324 93.182.169.32:324 93.182.170.11:324 93.182.170.141:324 93.182.170.145:324 93.182.170.33:324 93.182.170.5:324 93.182.171.131:324 93.182.171.146:324 93.182.171.164:324 93.182.171.22:324 93.182.171.25:324 93.182.171.26:324 93.182.171.5:324 93.182.172.21:324 93.182.173.20:324 93.182.173.21:324 93.182.173.37:324 93.182.173.6:324 93.182.174.23:324 suport.ddns.net # Reference: https://twitter.com/DissectMalware/status/986467663353442305 # Reference: https://www.hybrid-analysis.com/sample/f0a1aeaf2a6f3c6098696d3802675097072459b89213177f1e4f1494a67c250a 185.209.85.177:5000 # Reference: https://twitter.com/Racco42/status/1017007079813451778 tune.tym-internationals.com # Reference: https://twitter.com/Racco42/status/995955505221730304 ihsann.casacam.net # Reference: https://app.any.run/tasks/505c6e4c-723b-46b0-8917-c200c65817ea/ 181.215.247.18:3339 185.198.59.114:5000 # Reference: https://twitter.com/Racco42/status/982731639301267459 lordsdoing2017.ddns.net # Reference: https://github.com/silence-is-best/c2db#dunihi 192.186.145.93:8885 # Reference: https://github.com/silence-is-best/c2db#houdini-aka-vjworm-vjw0rm jihanenouhaila.ddns.net # Reference: https://twitter.com/Racco42/status/1183666041706168321 194.5.98.216:10122 # Reference: https://twitter.com/JAMESWT_MHT/status/1185131622263377923 # Reference: https://app.any.run/tasks/b79dcfcd-5b9b-404f-aaf6-a9ea55109284/ 186.147.55.19:5473 186.147.55.19:8371 186.147.55.19:8372 192.169.69.25:8370 mozillamaintenanceservice.duckdns.org papeleradereciclaje.duckdns.org seguridaddewindows.duckdns.org # Reference: https://app.any.run/tasks/1bd816aa-3764-480e-ba70-b57b36551bc7 # Reference: https://www.virustotal.com/gui/ip-address/213.208.152.217/relations nascoman.ddnsgeek.com 213.208.152.217:14337 60.50.181.240:14337 # Reference: https://www.virustotal.com/gui/ip-address/79.134.225.80/relations 79.134.225.80:7776 # Reference: https://pastebin.com/29uSdMAk 185.165.153.172:3642 homi.doomdns.org # Reference: https://twitter.com/wwp96/status/1193987577323360256 # Reference: https://app.any.run/tasks/dc2b37db-6f22-4d4c-b13e-ae863ddc9004/ 185.165.153.45:2014 # Reference: https://www.binarydefense.com/revenge-is-a-dish-best-served-obfuscated/ # Reference: https://otx.alienvault.com/pulse/5dcad67ae098a56db0a277d5 # Reference: https://www.virustotal.com/gui/file/d55d5b0c6f41cc6a86764a07715a1a38f2fddda9b90ec641d902be8946939d14/detection # Reference: https://www.virustotal.com/gui/ip-address/185.84.181.102/relations # Reference: https://www.virustotal.com/gui/ip-address/193.56.28.179/relations 185.165.153.14:4132 185.84.181.102:5478 193.56.28.134:5478 07actnewdocreview.servebeer.com 247accountreview.hopto.org 2d0low.warzonedns.com acountfordocreview.redirectme.net alertnewdoc.3utilities.com aloc21.ddns.net alphazone12.bounceme.net britianica.uk.com cboss33.hopto.org glotin.zapto.org hazaz12.hopto.org info1.nowddns.com kartelicemoney.duckdns.org newdocreviewonline.3utilities.com omada91.ddns.net ubadaddy.ddns.net zamza.hopto.org # Reference: https://twitter.com/Racco42/status/1194915765755031554 185.29.10.15:7777 # Reference: https://mp.weixin.qq.com/s/lUtXwWjPVMHXfR6oLnXYhQ # Reference: https://otx.alienvault.com/pulse/5dd27af757b18947b0544345 # Reference: https://ti.qianxin.com/blog/articles/anatomy-of-moonLight-attack-on-the-middle-east/ 192.119.111.4:4521 192.119.111.4:4587 # Reference: https://twitter.com/cyber__sloth/status/1197120949755219968 microsoftntdll.sytes.net # Reference: https://twitter.com/JayTHL/status/1199347277510270977 188.76.111.76:21125 # Reference: https://www.virustotal.com/gui/file/ca4299f39f28700d8e667451f756fb9637403bb2051d916e90378afe15ff3a57/detection 188.76.111.76:21926 # Reference: https://www.virustotal.com/gui/file/ed7e46b0cf27b8f728cdd71a7c4ae98afde8d2e63f0817eb322c8e77bdd767c5/detection new2019.mine.nu webhoptest.webhop.info # Reference: https://www.virustotal.com/gui/file/141d48379222c0866a009713d0fd18d5ab6ceb5d98a93f63f2c9f1b9aea25f25/detection 192.236.194.169:4422 192.236.194.169:4455 31.13.79.17:4433 31.13.82.23:4433 mmksba.dyndns.org mmksba.simple-url.com # Reference: https://www.virustotal.com/gui/file/b7f8a55906d7246ab2b6222f10f38e33947aaa9d0e2a182688129386b11b0759/detection 176.58.72.195:4424 5.133.24.135:4424 mmksba100.linkpc.net # Reference: https://www.virustotal.com/gui/file/d4055047fcbc3424694d071ab30c96b696aa47353464e2a648627aaae5474493/detection 103.136.43.131:1425 138.68.229.219:7744 159.65.75.168:7744 192.169.69.25:1425 192.169.69.25:7744 # Reference: https://www.virustotal.com/gui/file/929e7fdd01a604fa8070d752365af3651f6ac82fd90e4fd6eb8c7e10b1d0711f/detection 185.92.220.177:3030 sokomoko.duckdns.org xbacks.duckdns.org # Reference: https://www.virustotal.com/gui/file/2ab9443a1d793828f9adfe0736bb7a9b45cc6d968847b5f75fcce678af71424f/detection 192.69.169.25:1000 njhost.hopto.org todoaqui.duckdns.org # Reference: https://www.virustotal.com/gui/file/7aff993ed971c40aa483a334f5cb4c71e07278fb1a78d422c3d378bdb07360cd/detection 79.134.225.71:10001 thankyoulord.sytes.net # Reference: https://twitter.com/wwp96/status/1211677791822983170 # Reference: https://app.any.run/tasks/aa27eb28-6432-4e46-891f-4cc804ff29d3/ 37.120.145.184:9999 wshsoft.company # Reference: https://www.virustotal.com/gui/file/dc99eb7e9bc0d251c19893f5fade268b5bcc7f148a2b549edd555758a1eb080d/detection 193.161.193.99:35778 193.161.193.99:47195 blackid-35778.portmap.io blackid-47195.portmap.io # Reference: https://www.virustotal.com/gui/file/053f4d8ec5c79e12c0214a38475d2adf80eb66dd910b279bd8547996bbc1be02/detection vemvemserver.duckdns.org # Reference: https://www.virustotal.com/gui/file/bedc43be4177fb73172a6ca0a9520e096b567fbfdb0c549b5aa65b2135268d56/detection 216.38.8.175:2356 216.38.8.175:2357 doughnuthoney.com emisintl.com # Reference: https://www.virustotal.com/gui/file/192d31f001c6551081873a98a4d14575bab6003f143e916fb9b7eeef4273bbf8/detection 186.85.86.50:8210 socketw4.duckdns.org # Reference: https://www.virustotal.com/gui/file/a1215d5e03dbfce21bc1000f57e0ea955427bc3314471518b1771e4fbad53f67/detection 181.141.4.105:6363 microsuftplay656.duckdns.org # Reference: https://www.virustotal.com/gui/file/3f3989ddb1dd14df5b937cca78ec5e039e9cccad59e726c2196c758c2c5d0990/detection 185.165.153.14:4132 # Reference: https://www.virustotal.com/gui/file/ad3b52dccec40e7924bb59f320ae536e5eb2903456a284113bf9609ae2e582ab/detection 185.84.181.102:5478 193.56.28.134:5478 # Reference: https://www.virustotal.com/gui/file/64af7d8a5d13fc5523f55eaef17a5ae8bdbe69f47c4d77a6fa2273d3d751ea28/detection 175.140.1.8:14337 175.144.118.127:14337 # Reference: https://www.virustotal.com/gui/file/93201744ed9d58b1cfdffe2404abd8b43571c32aa894d2250226ae9bfa180cd0/detection 216.38.8.175:2359 # Reference: https://www.virustotal.com/gui/file/a82079d073c6aa574c7bdaf6fbb4d92150b589ac7c64cbc879493d347adec691/detection 79.134.225.105:9213 # Reference: https://www.virustotal.com/gui/file/368fbed374ff8ddcfdb713ab32b74e58611f0e399a1fb550294c087bea54dc71/detection 92.38.86.175:1337 # Reference: https://www.virustotal.com/gui/file/20a9591cddd7876dca477f912f4af83e4a7f859bbb6f618dbc64576a8680df1f/detection 69.171.224.40:9094 79.134.225.72:4132 toustruksd.mywire.org # Reference: https://www.virustotal.com/gui/file/3c2596940559732bc88a38c163c70bf9f9a9d49fc065be8aa4bcef7a299418f2/detection plugnsrv2.duckdns.org # Reference: https://www.virustotal.com/gui/file/fea25a627fc28d92aea6a51b74d6b71ef9aae27fb9ca1f4041b262434423ee0a/detection 185.244.30.19:5000 # Reference: https://www.virustotal.com/gui/file/c229c614c9bd2b347fd24ad12e3c157c686eb86bc0a02df1c7080cf40b659e10/detection 194.5.98.46:4132 # Reference: https://www.virustotal.com/gui/url/76ac2d4c2a0552c632071f062bdaa4ea158b98b610305a35f51ffe5151964b5a/details 141.255.155.122:9988 wrk99.ddns.net # Reference: https://app.any.run/tasks/7492c122-a646-468c-9531-50d40a2da425/ updatewinrar.duckdns.org chance2019.ddns.net 185.165.153.165:1036 # Reference: https://app.any.run/tasks/90163f12-f649-4689-8e02-f8f0f036d0bb/ dhanaolaipallets.com 185.244.30.19:5000 # Reference: https://www.virustotal.com/gui/domain/dabadaba225.duckdns.org/relations 192.169.69.25:43300 dabadaba225.duckdns.org # Reference: https://www.virustotal.com/gui/file/14862182488371811658558c0024e78b6d81419b4f2bdb8628e2184ccd9ebfff/detection 213.152.162.154:3903 # Reference: https://www.virustotal.com/gui/ip-address/197.27.69.48/relations 197.27.69.48:3010 # Reference: https://twitter.com/JAMESWT_MHT/status/1220027808791044096 # Reference: https://app.any.run/tasks/52b380ef-b29d-48fe-b63b-8160f4bec416/ 194.5.99.45:44300 deepweb212.duckdns.org # Reference: https://pastebin.com/0ZxSHAWi 192.169.69.25:44300 # Reference: https://www.virustotal.com/gui/file/581d0676872101e1eb9c3dab54da43eaf4bc70141ed1985e8c8018aea0418ed3/detection 192.169.69.22:8884 psnpsnpsn.duckdns.org # Reference: https://www.virustotal.com/gui/file/221c20f334ad19314517b53b997694a8dfacb6974137686079f6c54449fa35dd/detection 192.169.69.22:1922 # Reference: https://www.virustotal.com/gui/file/24f2322b8ee33c26bddbf7aa62a8835cfa1a6c5145ca26ba3441254d7dbd9d35/detection # Reference: https://www.virustotal.com/gui/file/f4f74c829121448d70bef413e6cd9c43f3de9084f03cf90656dcc0f1d5dce980/detection joker500.mywire.org # Reference: https://www.virustotal.com/gui/file/2550cd813fa1375087c78d715f182cb3b480254b741adaf442b1d9bdf479c4c4/detection jbarynhsn.duckdns.org # Reference: https://www.virustotal.com/gui/file/3acbad45d8730e3658b6cf926339f239953dd933190f75cf9bb3db81c299c0c7/detection 79.134.225.24:70 # Reference: https://www.virustotal.com/gui/file/e91e821c14a5fe33982952d83be3917515e720dc8d6e7e91bc91b504a2fe7d95/detection 152.245.176.96:70 152.246.206.5:70 79.134.225.20:70 # Reference: https://www.virustotal.com/gui/file/7c85327300dcf7266b90c49c46a31d36de4689229f3433757cc451ec803aaccb/detection 185.62.189.77:5000 # Reference: https://app.any.run/tasks/06046cbc-8a54-4bfe-8297-372cd60eeb3a/ 185.244.30.92:4587 # Reference: https://www.virustotal.com/gui/file/f0f425ab50a4839e3fcf9a69d944473ae37813e076aed3d6bc3b44ce8ae206b5/detection 95.233.69.34:1188 # Reference: https://www.virustotal.com/gui/file/e52ea99a66bcbed844d7ba2f439b59e45c2566e80dfa486f2392be4a38a0ee13/detection 79.35.43.177:81 # Reference: https://www.virustotal.com/gui/file/933b42479f92cc0682576621d139316a503e7217bb50fe0341405e8d6a60332d/detection 79.30.198.114:81 # Reference: https://www.virustotal.com/gui/file/77ba7bba82eabb82fd6d35ce24bf45150da2461cb0e6f794960b7ca0cb52e08e/detection 87.16.46.48:81 95.247.42.192:81 # Reference: https://www.virustotal.com/gui/file/9a73a75bfea3da19e4b3a9d0f92e611ad3c6fb2e17d92b927b89e4521d935b96/detection 79.33.46.247:81 # Reference: https://www.virustotal.com/gui/file/511c799d7b661092314c00b762f2e6726759d2bc699bcd8d16d2724610f2f290/detection 79.30.213.227:81 # Reference: https://app.any.run/tasks/83f88cce-cdf7-48d1-9915-4da55f6241a1/ sexylegs.ddns.net # Reference: http://benkow.cc/export_rat.php (Note: as seen on 2020-02-26 - filtered) anahowa.duckdns.org bellevie.duckdns.org ghanaandco.sytes.net loginsecure.mywire.org mouqgsud.duckdns.org ozill619.ddns.net shore.kozow.com ssss22.ddns.net sub2.qaysarpizzajo.xyz top2.alqaysarpizza.xyz total-virus.myq-see.com # Reference: https://app.any.run/tasks/e264efca-90d4-4c69-b86d-074e3f213ea5/ 185.244.30.92:3546 # Reference: https://www.virustotal.com/gui/domain/arseisa.no-ip.org/relations arseisa.no-ip.org # Reference: https://www.threatminer.org/sample.php?q=3020b84a6e350dd10ad070aa184209b5 ali2627.ddns.net # Reference: https://www.threatminer.org/sample.php?q=ce434374314444912254af88faa3c204 microsoftaccount.myvnc.com # Reference: https://www.threatminer.org/sample.php?q=d499243df4e1405b18fd411032bcdedb mimi06.zapto.org # Reference: https://www.threatminer.org/sample.php?q=75be7737707a3c6fbb732d6c3fa46c99 tatabatata.hopto.org # Reference: https://www.threatminer.org/sample.php?q=151e1983c54690c9d6972d91cb5f5011 xn8n8.sytes.net # Reference: https://www.threatminer.org/sample.php?q=68217e8092e97336f143489a6cf9804d 23df.myq-see.com # Reference: https://www.threatminer.org/sample.php?q=37d212a09a72bc79781b19311d061767 absiii.ddns.net absikwt.ddns.net absikwt88.ddns.net # Reference: https://www.threatminer.org/sample.php?q=2b664826552bf37b23f185e7675f310c avfucker.com # Reference: https://www.threatminer.org/sample.php?q=3c6b003e50a9c72ed12942afe897718d coobra.zapto.org # Reference: https://www.threatminer.org/sample.php?q=7415faef2d164505e450e181b6d69d0d ecu-sec.hacked.jp # Reference: https://www.threatminer.org/sample.php?q=bac1e4bc667f3a14e83a82a8f029bc9e hllll.no-ip.biz # Reference: https://www.threatminer.org/sample.php?q=26a8615022bac8666804fe2f1add8ba6 jrmodas.no-ip.org # Reference: https://www.threatminer.org/sample.php?q=2a2e7d3844f735687c8d8e8ad22112f4 kfr.sytes.net # Reference: https://www.threatminer.org/sample.php?q=c0df9b9539b2b9a36d38340c24bb1f6a ludvanjohnson.zapto.org # Reference: https://www.threatminer.org/sample.php?q=9bbbcfd508fbe11ba52e4f4b1ed40e49 mlkm33.no-ip.biz # Reference: https://www.threatminer.org/sample.php?q=1a82cbb7eb48319a6fe56ccaa4c1bba6 mzab47.myq-see.com # Reference: https://www.threatminer.org/sample.php?q=38c6a71f408395993540493a5e2d0067 profess3ional.no-ip.biz # Reference: https://www.threatminer.org/sample.php?q=209cc75973f0d896e078350eb404751a raouf-vbs.no-ip.biz # Reference: https://www.threatminer.org/sample.php?q=e6e7cd28c5f8a4fcf557d46d0efe9393 tcp.nightowldvr.com # Reference: https://www.threatminer.org/sample.php?q=cb4ab603c5d31677099bf54805b95d54 tdiod.zapto.org # Reference: https://www.threatminer.org/sample.php?q=9e55e00fd5e2420ad7b14adcf70f7e53 vipx.zapto.org # Reference: https://www.threatminer.org/sample.php?q=bec5d7e5df05bd02d6ba81aeb29407ce whisher.no-ip.org # Reference: https://www.threatminer.org/sample.php?q=171dabfb315dec64e52691e93c432300 winup.publicvm.com # Reference: https://www.threatminer.org/sample.php?q=e7b3ff4591a4c026bfdd9e42af03807c wiredmax.no-ip.org # Reference: https://www.virustotal.com/gui/file/db4fe7e43c19a1d17e4b7738c36b85ebfb5cc5d91db25ac5ac4b94af82a0b68a/detection 213.45.7.218:1188 sensual2020.ddns.net # Reference: https://www.virustotal.com/gui/file/38df912352f1d4e3e871261be13ad8eef44dcf2979e6603f6888c531111d3ede/detection 82.55.251.22:1188 # Reference: https://www.virustotal.com/gui/file/17e58d20dbd15ecbf1ac9a8482b2273581860abbcfd3d093cbbdcbefa0d2a158/detection 82.61.221.212:1188 # Reference: https://www.virustotal.com/gui/file/9097ae5f5d63fa5a74c67384bcc6fee14e046d0c21a18424edc479f16052e8eb/detection 192.121.247.97:1414 # Reference: https://www.virustotal.com/gui/file/7a556ed1083575a556b4bc3b4b7e35c4419367e5bb0bcf7285e7862343022ec8/detection 194.35.115.16:1414 # Reference: https://www.virustotal.com/gui/file/c7f5e679b44ff70d1f0cb302b0727744decd967fd0984e6b5d62bbe904cf6a8f/detection 194.35.115.43:1414 # Reference: https://www.virustotal.com/gui/file/98644e0e9ec41617fb8baea461bd7eec879e8504397a01a2098ffe53d3564b38/detection 102.69.4.170:1414 # Reference: https://www.virustotal.com/gui/file/4f5e28b7c22bfb6d9c5279b5be1d7b62ddca3c94c1350f19b0e7dce309504bb5/detection 102.69.2.129:1414 # Reference: https://www.virustotal.com/gui/file/d8fefc2f17dff156f575c36b7fc2ce84f4f1d55b3bb01d9e29965478ee51a6eb/detection 172.111.196.133:1414 # Reference: https://www.virustotal.com/gui/file/063efa057d9ba0e91f3f9ca461cf73ad96e3ab67718a1c71e8143f477d7460bd/detection 102.69.4.88:1414 # Reference: https://www.virustotal.com/gui/file/5406475d295f7cb80a87dc2858d2af48594714d65a3bec9da048753f4116ada7/detection 46.243.141.97:1414 # Reference: https://twitter.com/Bl4ng3l/status/1236946300463190017 # Reference: https://app.any.run/tasks/62f5c5aa-4a3d-483f-a737-d3a39c20f7fd/ 78.138.105.191:7504 pphndirmm.hopto.org # Reference: https://www.virustotal.com/gui/file/36a8d97504bb0437a0dfdb35fcb161b8169f4b77c3a75184e40c4f129f1a61d7/detection 196.234.188.115:3008 # Reference: https://www.virustotal.com/gui/file/0d9cbd75a3a1f154b2cee4efe4bd6bf1ab00340f45289113ce6ab00fdd69cf27/detection 196.234.207.160:3008 # Reference: https://twitter.com/malwrhunterteam/status/1238790854514532353 # Reference: https://www.virustotal.com/gui/ip-address/181.141.13.108/relations 181.141.13.108:1900 marzo132020.duckdns.org marzo42020.duckdns.org # Reference: https://www.virustotal.com/gui/file/526bc4ebea1c78d540ffb273a477ede65d2e97fb2af35b7cea80d9de0ce13890/detection 149.200.190.218:190 # Reference: https://www.virustotal.com/gui/file/99b0705fb9c26482904efbb35507d9d6eed783414a9f85a03ebe169839fb2800/detection # Reference: https://www.virustotal.com/gui/file/6f78d9ae6a2bed1789868849bd7cef8503973785193c8c3a20173104017b0057/detection 149.200.189.60:190 # Reference: https://www.virustotal.com/gui/file/570b6d49bb0667b868293bc432fe325f46237e1f8249d3756561a062986359df/detection 91.109.176.5:190 # Reference: https://www.virustotal.com/gui/file/cfb3b7886160198eb36879727e9c5a142f733af13acd65e3680e190f0dcdcefa/detection 188.247.73.175:190 # Reference: https://www.virustotal.com/gui/file/05910bef557bb3f0acbc198ae78017011c75349f45bac028f51d329436259279/detection 217.138.215.125:190 # Reference: https://www.virustotal.com/gui/url/609b9405352293863e2f41d5648a1861f4455f388e85e31d71b5ec60ab7989d4/details 185.19.85.155:9045 # Reference: https://www.virustotal.com/gui/file/2da8f420290e7068297d77c15aed0327eed74380cdc68e8990e2add41654bc57/detection igfx.ddns.net # Reference: https://www.virustotal.com/gui/file/27b749b33e052473fdd1045493b0eeca34a4b8a5e2863f2e838e561d60088880/detection 185.165.153.228:2014 kimjoy007.dyndns.org # Reference: https://app.any.run/tasks/4b73163e-c948-43ce-ac2d-a2df4bddbab7/ 192.169.69.25:8000 # Reference: https://www.virustotal.com/gui/file/f12113dfd58eebfc534a60d5b4d095f9bd6e1c4631fc2e15fa74e6b769dda6c0/detection 193.26.21.80:4025 # Reference: https://twitter.com/Racco42/status/1243523523013992448 # Reference: https://app.any.run/tasks/238a152a-5bb6-40a5-937a-e7b472957dee/ 102.141.212.9:2003 2003wsh.ddns.net # Reference: https://www.virustotal.com/gui/file/f26944ff49e0437533df291a1ce454631cbb77eae51e0757e2ca4393aeaed70b/detection 156.223.86.230:4000 # Reference: https://www.virustotal.com/gui/domain/uty2.no-ip.org/relations 204.95.99.86:5510 # Reference: https://twitter.com/0xCARNAGE/status/1246422142427770881 # Reference: https://app.any.run/tasks/a25d886d-bec7-43d4-9015-302f051844de/ 192.169.69.25:8899 # Reference: https://www.virustotal.com/gui/file/51fba0dc5149e23b697d955c63feaec88cad72d77b97a02ec559ac8057edb569/detection 204.95.99.26:22 boss21121.no-ip.org # Reference: https://bazaar.abuse.ch/sample/b8ac5893e69e9e99d02d7498c2a68ae4b44dcb025ec2886e46f0d1703ad93db9 185.62.58.109:2208 musicport.duckdns.org # Reference: https://twitter.com/FaLconIntel/status/1255665102264528898 # Reference: https://app.any.run/tasks/3f461626-f5e7-4a6c-8b5b-f517bb5619e2/ # Reference: https://www.virustotal.com/gui/file/a609076b02f19b4dd1ce2b365cdfacd2bb89042fbede90b698a5a1f9003138b4/detection # Reference: https://www.virustotal.com/gui/file/053721878d63edba7b43ea65c0fe11e6fdbdd969376d34a107d689609b47035f/detection 188.76.111.85:21125 191.101.124.8:21125 217.216.90.29:21125 # Reference: https://twitter.com/James_inthe_box/status/1257624020490436610 79.134.225.80:7060 # Reference: https://twitter.com/ActorExpose/status/1257617349286510593 # Reference: https://www.virustotal.com/gui/domain/dsaety.hopto.org/relations # Reference: https://app.any.run/tasks/061c2039-0a08-48e6-bf99-f6c040586aa1/ 79.134.225.80:807 dsaety.hopto.org # Reference: https://twitter.com/JAMESWT_MHT/status/1263801108444712967 # Reference: https://app.any.run/tasks/78c84285-5569-43bc-916a-8e2fa61010d2/ suka-mht.duckdns.org # Reference: https://www.virustotal.com/gui/file/1e09e5b0f0a2b92dd508bd1b9a3d2094b16076e879e74a8e137ef92b10b0f7fa/detection 37.106.167.17:4343 94.99.52.125:4343 94.97.34.100:4343 # Reference: https://www.virustotal.com/gui/file/7e892538f59ed8025147b3a1c333ef39b9633b71dcccbd939157ed9ba7869032/detection 154.66.19.253:4191 ghostwsh4191.ddns.net # Reference: https://www.virustotal.com/gui/file/20313c395789a155d8bc37d3ec617bd6641724e540246c088061c7ad06b6ec67/detection 31.13.76.16:7800 69.63.181.12:7800 # Reference: https://www.virustotal.com/gui/file/24ecc1a35f077c65e1fcc1a127ff3e6727808c2791fda3a0711a895bb450f9b2/detection 188.52.123.43:7800 # Reference: https://www.virustotal.com/gui/file/c67648c0016e1d66ec344ff329a3ab288ffca75034869e8606c736eb7d07dd8a/detection 188.52.27.9:7800 # Reference: https://www.virustotal.com/gui/file/0d6754f45501de6dd8f63917c09ab884691475a1e7da6f4c7458d578cc940544/detection 69.63.176.59:7800 # Reference: https://app.any.run/tasks/9c5d42c7-c22e-4070-b1cf-5a3bad6ffbc8/ 84.38.134.21:6696 # Reference: https://www.virustotal.com/gui/file/2cc18a9def3d2f33ebfc7d6ec9e49fbf69259014376098842e378ca4376ff6f7/detection 185.22.32.53:1987 life698.ddns.net # Reference: https://www.virustotal.com/gui/file/aa85a5f32b8f57f2714edfd8f18d7c6f8e0031667997dcb3e920515952658a50/detection 185.97.93.0:1987 # Reference: https://www.virustotal.com/gui/file/70c1dde88e26977f33048b549468d847c34e22e592c62d040564d7cf59a69446/detection 195.33.241.242:6464 # Reference: https://www.virustotal.com/gui/file/652d991541bd96a23dfed6e96460222796718b226ab932036ece3777f5035353/detection 194.5.98.191:3021 rwsh.duckdns.org # Reference: https://app.any.run/tasks/024b86d5-6f92-43d4-9b36-1aa7c213c461/ 185.244.30.3:47580 microsoftnetframework4820190418.duckdns.org # Reference: https://www.virustotal.com/gui/file/7ece6173931237b004f4d24c8bd5ff5808a310f35fd6e630d04272f1e1f4c30e/detection 185.244.30.27:4521 # Reference: https://www.virustotal.com/gui/file/e871009c75f8bd31875c40d541d0364ae26ce07840bdec5eb6c21016fa491822/detection 196.68.159.250:85 migatol.myq-see.com # Reference: https://www.virustotal.com/gui/file/a4587f4d355ab9205cdf10d26db5080f4c59b07aeb6af5b79dac2e88eec5f174/detection 105.159.99.251:85 # Reference: https://www.virustotal.com/gui/file/f7bdbe29f5a2dfbc57bb87466b012af8baa98159218280a66bdf0f6c938ecd6d/detection # Reference: https://www.virustotal.com/gui/file/378e0087d858c175bb95b1a08ced7dfa556793fd37ce8cc94ebf2acbca4fa513/detection 160.179.168.197:1981 160.179.168.197:85 # Reference: https://www.virustotal.com/gui/file/fdd949fdb65732453e4b329606f34bdb177f8407c40c96f17a03e6b6f8acff83/detection 105.131.160.44:85 # Reference: https://www.virustotal.com/gui/file/6ba34249975b968ff26779a4b561413d8c044975b8f5f99d8829ae3be2ca5bda/detection 196.75.182.209:85 # Reference: https://www.virustotal.com/gui/file/be113396177388c07f95180ba097eab29d30d44c18914ca969fb78259ddc629d/detection 41.224.113.186:9988 # Misc (incidents) tablet.system-ns.net # Reference: https://twitter.com/Racco42/status/1301120815421968386 # Reference: https://app.any.run/tasks/24992ec2-23f5-4ca4-bd10-4aa588131bde/ 185.244.30.22:8899 # Reference: https://www.virustotal.com/gui/file/ed957c2024e104cecdc42223f57b6be5f55cc42a50b17bcafd6a019f7f1258ab/detection # Reference: https://www.virustotal.com/gui/file/29dd5e402c0749c0b6b3cf5d88908309b124d2d47aec2f7ef9a2b28bbfbd916a/detection # Reference: https://www.virustotal.com/gui/file/83200d64a920af3351f315a0c51b854e287917b94579eb4d455c7c1ab945ab0e/detection 129.174.188.113:11069 129.174.188.155:11069 193.218.118.190:16039 194.9.70.179:16039 31.13.65.17:16039 51.254.56.13:16039 66.220.149.18:16039 niogem1171.3utilities.com niogem1171.bounceme.net niogem1171.ddns.net niogem1171.ddnsking.com niogem1171.freedynamicdns.net niogem1171.freedynamicdns.org niogem1171.gotdns.ch niogem1171.hopto.org niogem1171.myftp.biz niogem1171.myftp.org niogem1171.myvnc.com niogem1171.onthewifi.com niogem1171.redirectme.net niogem1171.servebeer.com niogem1171.serveblog.net niogem1171.servecounterstrike.com niogem1171.serveftp.com niogem1171.servegame.com niogem1171.servehalflife.com niogem1171.servehttp.com niogem1171.serveirc.com niogem1171.serveminecraft.net niogem1171.servemp3.com niogem1171.servepics.com niogem1171.servequake.com niogem1171.sytes.net niogem1171.viewdns.net niogem1171.webhop.me niogem1171.zapto.org rinot972.3utilities.com rinot972.bounceme.net rinot972.ddns.net rinot972.ddnsking.com rinot972.freedynamicdns.net rinot972.freedynamicdns.org rinot972.gotdns.ch # Reference: https://www.virustotal.com/gui/file/331a71820d68e3cf3ada7f655a3ac6996a3e234e77d5f40a628ee998894495fd/detection gitanes82.zapto.org # Reference: https://www.virustotal.com/gui/file/ec953dd723a474294f5e19a05bc9e89fd0bdeb13c7d9c5149a3d65c032b37a08/detection 23.239.31.129:8001 strserver1.duckdns.org # Reference: https://www.virustotal.com/gui/file/b3857d5bfbd6ec70f7a05de0e5b3432b8b0327d7c9da4eeeed25410805d613a5/detection 197.211.61.172:2003 # Reference: https://www.virustotal.com/gui/file/9b61e86cf6899344b6e9564e1dbfacc24c8a99e9e9be8cd8f764dba7d4f7927e/detection 147.135.191.81:5005 147.135.191.81:5040 147.135.191.81:5070 donphilongz.org # Reference: https://www.virustotal.com/gui/file/1f7e9c6aed2b8cb929e3677818bd2b72142254e17f79007f984bb1b8472d99c8/detection 87.98.152.254:1196 jrandjcpa.org # Reference: https://www.virustotal.com/gui/file/7434e1d301e428fef2c5d8d624fc823112cf6a2c093087bc4c2331886dd228b0/detection 104.194.220.63:2003 104.194.220.63:2004 2004para.ddns.net # Reference: https://www.virustotal.com/gui/file/14d0d94d31663eee9e5dfd2755680f67c042ddbad81f076da2aeabb1306cfa15/detection 185.202.173.218:1777 # Reference: https://www.virustotal.com/gui/file/0aa70e7306349ec1f3b27d683bfb3fd717f242e86b508b4051e3691c584fbf8d/detection blackid-43205.portmap.io # Reference: https://twitter.com/Racco42/status/1315764795023515648 # Reference: https://app.any.run/tasks/f76cb393-c9b7-4965-b69e-19c8b9b85c2e/ 3.83.110.207:3410 79.134.225.73:6670 mparrain10.duckdns.org # Reference: https://twitter.com/Racco42/status/1316999916888227841 # Reference: https://app.any.run/tasks/f1421938-0553-4d85-aefe-7ba5dabbfecf/ 185.165.153.140:1608 miracle.hopto.org # Reference: https://www.virustotal.com/gui/file/fb7b9f4f9ea8a4678a154090f1d922cc0b8ae5c049276a529201235767c99d31/detection 2.50.98.178:1155 # Reference: https://twitter.com/abuse_ch/status/1332589889989324800 # Reference: https://bazaar.abuse.ch/sample/75fc8c0d30fd0d486fe39cb39b5ebfc4f2858a65dcdde6c23c6ce70310030958/ 148.72.153.208:1312 # Reference: https://app.any.run/tasks/e27b1f90-3f16-4b60-b2ad-8a97b9dd2294/ 197.15.26.125:1177 elbouma.hopto.org # Reference: https://www.virustotal.com/gui/file/daecfd8bf6f156e830af21deb87484af9cb2baef64fd232b0984aef22672652f/detection 197.204.16.193:99 197.207.32.40:99 204.95.99.154:99 school-pc.sytes.net # Reference: https://www.virustotal.com/gui/file/8ac2c16c1460b87563f189cb37256625e3e595dfb1a2f5ace4e79ed7d31d8388/detection hslh.sytes.net # Reference: https://www.virustotal.com/gui/file/f6e410911e8b66dec8230ddb2a465d96449520967b80325f1d1492a847c6846c/detection # Reference: https://www.virustotal.com/gui/file/d803bb1b53c1c654fb22d95597e6fc3c3a85814569832394befd6e1f374b3c1e/detection # Reference: https://www.virustotal.com/gui/file/00b51a8e8653ea7bee4555f4ecc3ff6525cbf14b75c0ba3a957dc33d74a2905d/detection # Reference: https://www.virustotal.com/gui/file/8d0605918535aaf5b101c68f4751e1922349a764a24a29baa78347a3a95d0b13/detection http://185.141.27.177 173.46.85.14:3360 185.141.27.177:6544 185.244.30.119:1604 192.254.74.210:1604 67.214.175.69:1604 jsbc-rpdr.linkpc.net jsbc-pcs.linkpc.net # Reference: https://app.any.run/tasks/77e30c7a-5bef-4f5e-a33b-0851e83809cc/ 185.19.85.172:7723 mercedez.duckdns.org # Reference: https://twitter.com/luc4m/status/1359557240970043392 # Reference: https://twitter.com/James_inthe_box/status/1359557728209805313 # Reference: https://www.virustotal.com/gui/file/3f73a4cc7c6caf091af3625073e39c6ec824bc2b6e879fc92e285673cbe0266c/detection 185.19.85.172:7723 # Reference: https://www.virustotal.com/gui/file/bb1c34ee1e140f3471e7442a9c4dfbbd716292a07723edcda766bcda7f912d6b/detection 107.151.194.144:1987 41.143.73.175:1987 zawianet.system-ns.net # Reference: https://app.any.run/tasks/7f273b9c-cdee-48e3-980b-ab7c4f0df2b3/ 181.141.8.116:2027 enero13.con-ip.com # Reference: https://www.virustotal.com/gui/file/513d393c4188ecea5e050a259a28f385d6e155772841cfd62698c1b3cf5aeadf/detection 139.28.36.247:7121 # Reference: https://www.virustotal.com/gui/file/9e081e12740f807d5b60f13ecb8c1a5d8ec6c287caf28438291bd75450eed207/detection 157.245.118.233:7121 # Reference: https://www.virustotal.com/gui/file/62a013c310452140c54cbf12bedb7c917bab2b69b7675046849a5fa9493f96b3/detection upgradegoogle.duckdns.org # Reference: https://twitter.com/wwp96/status/1370610041536065538 # Reference: https://app.any.run/tasks/3998a673-d5b1-4324-adef-ac192814c9e1/ 79.134.225.73:35500 subsnet.duckdns.org # Reference: https://www.virustotal.com/gui/file/31345f36e1718d260e5c33ad6c1375ffe6a604fe1776e91bd119ff3f1a8fe384/detection # Reference: https://www.virustotal.com/gui/file/c3af01260766e2639b478d111789c9a2c5e5e4e48ebeaef67f47b5af26c2ca4e/detection # Reference: https://www.virustotal.com/gui/file/87bf216bccf4ff65ecfc6cfdad9cc50db51857247e6d2a527474f2da03817d21/detection 197.36.121.175:1111 197.36.121.175:5552 197.36.121.175:8888 197.36.197.53:5552 197.49.24.4:8888 emo131986.ddns.net # Reference: https://twitter.com/whitehoodie4/status/1374696287820464128 # Reference: https://twitter.com/James_inthe_box/status/1374722893200781316 # Reference: https://app.any.run/tasks/c1b07bf7-4f00-4d16-9211-bb92b71391fd/ 160.152.76.109:4750 5.62.56.255:4750 4750wsh25.ddns.net # Reference: https://www.virustotal.com/gui/file/5fa6a6fab7e38fca35214017927d0c1f437222b496dae7603082dc800699bc68/detection 31.180.202.92:9292 zoomix82.ddns.net # Reference: https://www.group-ib.com/blog/rats_nigeria 79.134.225.43:3397 # Reference: https://www.virustotal.com/gui/file/943b70f97713875e8e7bd5487b5dd1aa6745df26ce2eba37737207ee86092b8b/detection 194.37.97.172:1133 # Reference: https://www.virustotal.com/gui/file/e2f16421eccdbd3630bf62bdae76bcc2996c5ac43ad44d6246486a0562627cbb/detection 104.248.53.108:8898 # Reference: https://www.virustotal.com/gui/domain/viruoos.no-ip.biz/relations 37.106.105.26:81 37.107.99.207:81 94.99.30.85:81 # Reference: https://www.virustotal.com/gui/file/49e109a4d9fa02c06e9473ee72a3754cfc34591366add7936113dcd6258a8051/detection 89.40.206.121:1133 # Reference: https://www.virustotal.com/gui/file/bc847cdc5b4f6874f60bdb369ac2fe411df29a815e3028281bfb34263ddda2d8/detection 89.40.206.121:1166 # Reference: https://www.virustotal.com/gui/file/d57432ac5dbf372762c4ca3f6b039c48c2a69604268a489bf254d620fd171196/detection 41.228.7.192:666 # Reference: https://www.virustotal.com/gui/file/d6d07c27f5bf942aba27af2d56189bcd9679aa66fe37e27f48832bd46e5f2cd2/detection spacerusa13.ddns.net # Reference: https://www.virustotal.com/gui/file/fb8799ce1371689377771fb2368cf307693fca3fec98cd9e1629790055e696d0/detection houdinicasa.mywire.org # Reference: https://twitter.com/d4rksystem/status/1405535148423081997 23.146.242.162:1030 # Reference: https://app.any.run/tasks/94308d99-f70f-4725-88b6-28f1a6794c6c/ 103.73.64.115:449 # Reference: https://www.virustotal.com/gui/file/b71a8efc99a6581edd716c7254db6e795c16b9cf94d1768e34e023eba4d17523/detection 78.159.135.230:9893 unppo.no-ip.info # Reference: https://twitter.com/James_inthe_box/status/1409980230379311105 cjoint.com/doc/21_06/ # Reference: https://ioc.finsin.cl/Output_FINSIN_URL (# /is-ready) 104.161.42.236:6500 134.122.118.122:7121 185.140.53.71:4541 194.5.98.96:5675 abrilwsh2021.duckdns.org doggyumu.duckdns.org guasonmedallo.con-ip.com java12k.duckdns.org trabajovalle2021.duckdns.org trabajovalle2022.duckdns.org # Reference: https://www.virustotal.com/gui/file/2fb7877ad035abe25c17e3609f73638d87341df107f761e82c30b93878b19c58/detection # Reference: https://www.joesandbox.com/analysis/419585/0/html conts1.freedynamicdns.org /ghj672aGIDGIDGIDGID /QIVGCIRIUIJGDIJIKIMGKGLGGIDGID # Reference: https://www.virustotal.com/gui/file/332c20ba171a8f2c29fd88fda1d022f3fd43ef621ed5bafb36e7d925da897b25/detection 93.144.32.235:1188 93.149.222.236:1188 lollipop.no-ip.biz # Reference: https://www.virustotal.com/gui/file/78d66d4ab304270f542435c60f5d1a14a9a2dfcab0f48ac652e3b0eb53a3fd0b/detection al9nass.no-ip.info # Reference: https://www.virustotal.com/gui/file/76304b10072097bdc377d172dad626728c6273879fed80e426013803cee0051b/detection mralaa.no-ip.biz # Reference: https://www.virustotal.com/gui/file/63c8aab5375ab14c863b5deb602677b5ecd7b0b1b50b77ad1a4ec2970ab7743d/detection 176.199.209.53:1604 185.183.96.230:7789 91.192.100.40:1604 goz.unknowncrypter.com scophils.duckdns.org # Reference: https://www.virustotal.com/gui/file/e6865c49e3041b155d902bfad37a0d7df7d913e4a03558c91dea185de9d4a2a5/detection 149.255.200.182:443 alihack1234.no-ip.biz alihack1234567.no-ip.biz skoon1234.no-ip.biz # Reference: https://www.virustotal.com/gui/file/1ca9a795d97f7be26c7b2f84427c4cdf928e9894c8a844d53e70fcfa3abce211/detection 213.244.123.150:31 mo.njrat.info # Reference: https://www.virustotal.com/gui/file/0ebe86f6961ee4e55edf6ae267c9812afec3ef54fb32294f8aeebed12c7dfddb/detection 188.33.154.104:2020 213.244.123.150:2020 217.217.62.154:2020 rootx.ddns.net # Reference: https://www.virustotal.com/gui/file/512c43c1562839f0d33d6d095f98e3fb03f7384125e749c04321342f9d7e0065/detection 79.152.235.2:8000 redlan.linkpc.net # Reference: https://twitter.com/petrovic082/status/1484254808311832577 # Reference: https://app.any.run/tasks/8ea68c78-d367-4c03-bae2-932919ab241e/ # Reference: https://www.virustotal.com/gui/file/3ffe442067ba0a21fc23ab42846e2549b88fb523e4f3efcfd1430499858dc056/detection neverlose2.temp.swtest.ru /command_url.php # Reference: https://www.virustotal.com/gui/file/0d7c5048fff8f4b82e0c1c9ee6a370b26b52783227ecf5b9ec459e57586526e3/detection 41.129.30.195:13 # Reference: https://www.virustotal.com/gui/file/125678ab9692bc4a39747bec0061b2444801447ed8251cbeaca1b35fdb4c9f0c/detection # Reference: https://www.virustotal.com/gui/file/0501ce958de8a700120a09dac2c98a0bc6652c1fc1574622cd2adce199b9a7a6/detection 37.8.72.80:4578 37.8.72.80:99 hp500.linkpc.net # Reference: https://www.virustotal.com/gui/file/f9490f2e724d5ca5edd30a552f09f27b59b608361143e95edcc3ef860958ea5e/detection 54.38.124.52:5555 # Reference: https://www.virustotal.com/gui/file/5aef9424e8ecb40c383f76a54079dd72465922ac6abc38ffe6570403eb3a6fd4/detection 64.188.13.46:5542 # Reference: https://www.virustotal.com/gui/file/14637b58aeecdcfcbf569665ae299fb9ca8c61c7709040868cd2de1ef65cc903/detection vbs.ddnsfree.com # Reference: https://www.virustotal.com/gui/file/3ffa2c5e1872edbe18c8afeee7834255fbc3bdbd93b9728db414e1bb562414b1/detection 46.246.82.15:9897 knig214.ddnsfree.com # Reference: https://www.virustotal.com/gui/file/448ad5730e6c4d43b5aeee7ef74a8c8fafb81ffe6aa01082271771284f84e93e/detection 178.73.192.3:9897 # Reference: https://www.virustotal.com/gui/file/e6fe9d46a578fd284e033764ad8ec59314ae96f088116eb05167d1e7eb2f28d5/detection # Reference: https://www.virustotal.com/gui/file/94835e8b6547547c6a5da69fe529d337e1ae0466c5a721eecf0a3ddac6f636c6/detection # Reference: https://www.virustotal.com/gui/file/8337c393d7dcac64993dc567084edcf5e422fb8b5132261eec4b0482726a8c02/detection 194.31.98.214:7878 hwprocessing.duckdns.org # Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-20%20Vjw0rm%20and%20Houdini%20IOCs # Reference: https://app.any.run/tasks/7ad2be3c-3d98-4b67-8350-f5af5b8513d6/ 194.5.97.7:1000 # Reference: https://github.com/0xToxin/Malware-IOCs/blob/main/Wshrat/Wshrat-%2027062022 # Reference: https://tria.ge/220627-khceqahhcp/behavioral1 196.77.4.85:1111 # Reference: https://www.virustotal.com/gui/file/f83f97906efd20133a4be1b5020fcc303d916ca71626ed255d1c7bfd0590c694/detection 141.255.146.167:2022 bhs.myq-see.com # Reference: https://tria.ge/220722-sb92eagbbm/behavioral1 192.227.128.163:7070 # Reference: https://twitter.com/StopMalvertisin/status/1552176802571091968 # Reference: https://www.virustotal.com/gui/file/d6356866d600a2be0fc8589b1dd09b2d04c8bd1bf98699be5f1376f9d88ad4cd/detection 13.238.81.219:25993 3.104.112.132:25993 3.105.0.121:25993 3.24.145.55:25993 52.62.254.166:25993 54.153.239.159:25993 54.206.32.23:25993 54.252.142.240:25993 ht-nail.de # Reference: https://www.virustotal.com/gui/file/e70d04eb93d1856bbc264dc2c5ed1a1597cc9f07b14e29e3b9cf9dc40d1cabd4/detection 46.246.80.13:3128 46.246.82.5:3128 files.ddrive.online # Reference: https://www.virustotal.com/gui/file/6f94b74818b516f87c63aceb48b9472caceafdf7e141581b81c4ee1dc879578d/detection 194.5.98.249:2256 fresh01.ddns.net # Reference: https://www.virustotal.com/gui/file/1464ab1a8a6126fee05995f1b503083b5d0fe98dde6a69a46959e346ecb75586/detection 78.10.208.82:7913 afair.ddns.net # Reference: https://tria.ge/220923-jmkq8aded2/behavioral1 37.0.14.211:2888 goods.camdvr.org # Reference: https://twitter.com/peterkruse/status/1573281262126899200 dansa.duckdns.org wizzydd.duckdns.org # Generic trails /give-me-chpv /give-me-ffpv /i_am_ready /is-bekle /is-cmd-shell /is-enum-driver /is-enum-faf /is-enum-path /is-enum-process /is-logs /is-processes /is-ready /is-readyrecordid /is-recving /is-rinoy /is-rlsartg /is-sending /is-sxtyuig /im-azerty /send-to-me| /Try-Connect /update-status|