# Copyright (c) 2014-2019 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.fireeye.com/blog/threat-research/2017/05/threat-actors-leverage-eternalblue-exploit-to-deliver-non-wannacry-payloads.html

hackqz.f3322.org
120.209.40.157:8880

# Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Nitol-P/detailed-analysis.aspx

dingtao333.3322.org

# Reference: https://twitter.com/securiteoff/status/739574861543149568
# Reference: https://www.virustotal.com/gui/file/20d841afa96e58fb7d2b4c5e8bb25d07ff36e25bbb14fc176f3f46c650cb016e/detection

feng12763.3322.org
qlsb.f3322.net

# Reference: https://twitter.com/P3pperP0tts/status/1153026768590258179

520yxsf.com

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2012/2012-04-19-digging-into-the-nitol-ddos-botnet/digging-into-the-nitol-ddos-botnet.csv

aisini1314.3322.org
bcl5736120.3322.org
ccddos.net
erwbtkidthetcwerc.com
fangqi.6600.org
fangqi.7766.org
fuck0313.6600.org
guangkuo119.3322.org
kankan902.3322.org
ksattack.6600.org
maguss.3322.org
maple110.3322.org
mybaccy.3322.org
rterybrstutnrsbberve.com
rvbwtbeitwjeitv.com
sousou123.3322.org
xin9liao.gnway.net
xinxin168.3322.org
xiong97.3322.org
yezi999.3322.org
ylddos.3322.org
zwx5060.3322.org

# Reference: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/tale-of-the-two-payloads-trickbot-and-nitol/
# Reference: https://github.com/AlienVault-OTX/Threat-Trends/blob/master/MaliciousDomains_UmbrellaRanking.csv

e.googlex.me