# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Reference: https://www.malware-traffic-analysis.net/2018/07/05/index.html desjardinscourriel818654.pw # Reference: https://app.any.run/tasks/9de1c3d6-745d-4b89-b653-f8f4414a40f1 desjardinsmail6as6545g.pw # Reference: https://twitter.com/James_inthe_box/status/1099365566928760834 # Reference: https://pastebin.com/C5XYY221 # Reference: https://www.virustotal.com/gui/ip-address/77.83.174.70/relations http://77.83.174.70 77.83.174.70:2077 thedokatrade.com highnoon2.com copylanco.com glekrg.com # Reference: https://twitter.com/James_inthe_box/status/1079757827030142976 # Reference: https://www.virustotal.com/gui/ip-address/5.45.73.63/relations http://5.45.73.63 5.45.73.63:2131 donbwh.com # Reference: https://twitter.com/BroadAnalysis/status/967357851520897024 http://94.242.198.167 ebalodauna1488.com printscreens.info # Reference: https://twitter.com/JAMESWT_MHT/status/927523630778650627 bmwfastcar1337.com # Reference: https://twitter.com/anyrun_app/status/912276794648272897 # Reference: https://app.any.run/tasks/f1a72d72-2e96-4d8b-9ad7-1f74e162d585 overwbuff.com http://195.123.211.9 195.123.211.9:13378 # Reference: https://twitter.com/JAMESWT_MHT/status/906086386377379845 pudgenormpers.com # Reference: https://twitter.com/VK_Intel/status/1135507293573931008 # Reference: https://www.virustotal.com/gui/file/11918aadc1e4942a1e458afab5c10971fb87d84b693b2c31f5497aa289fa20da/detection 176.119.30.142:8765 # Reference: https://twitter.com/VK_Intel/status/1143606935373172736 31.7.62.214:443 # Reference: https://twitter.com/JAMESWT_MHT/status/1166106371403763714 179.43.146.90:443 # Reference: https://twitter.com/James_inthe_box/status/1178692652700590085 http://179.43.159.246 # Reference: https://www.fireeye.com/blog/threat-research/2019/10/head-fake-tackling-disruptive-ransomware-attacks.html # Reference: https://otx.alienvault.com/pulse/5d9378b8f36a91c436c5f93c track.amishbrand.com gnf6.ruscacademy.in click.clickanalytics208.com backup.awarfaregaming.com link.easycounter210.com track.positiverefreshment.org # Reference: https://habr.com/ru/company/pt/blog/471960/ (Russian) 185.225.17.66:443 # Reference: https://twitter.com/P3pperP0tts/status/1188946654768091136 http://179.43.146.90 # Reference: https://pastebin.com/iqcg0Ys7 http://185.225.19.35 # Reference: http://broadanalysis4.rssing.com/chan-65366183/latest.php http://91.243.80.120 http://94.242.198.167 179.43.191.122:2259 31.31.196.204:1488 94.242.198.167:1488 ebalodauna1488.com printscreens.info # Reference: https://twitter.com/tkanalyst/status/1196033182694379527 http://103.16.228.173 # Reference: https://twitter.com/VK_Intel/status/1196136022658207750 # Reference: https://www.virustotal.com/gui/ip-address/94.158.245.91/relations 94.158.245.91:1488 ololoev.duckdns.org # Reference: https://twitter.com/James_inthe_box/status/1199078758298206208 5.181.156.36:1321 # Generic trails /JSX/testpost.php /fakeurl.htm