# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Reference: https://www.fireeye.com/blog/threat-research/2017/05/threat-actors-leverage-eternalblue-exploit-to-deliver-non-wannacry-payloads.html hackqz.f3322.org 120.209.40.157:8880 # Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Nitol-P/detailed-analysis.aspx dingtao333.3322.org # Reference: https://twitter.com/securiteoff/status/739574861543149568 # Reference: https://www.virustotal.com/gui/file/20d841afa96e58fb7d2b4c5e8bb25d07ff36e25bbb14fc176f3f46c650cb016e/detection feng12763.3322.org qlsb.f3322.net # Reference: https://twitter.com/P3pperP0tts/status/1153026768590258179 520yxsf.com # Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2012/2012-04-19-digging-into-the-nitol-ddos-botnet/digging-into-the-nitol-ddos-botnet.csv aisini1314.3322.org bcl5736120.3322.org ccddos.net erwbtkidthetcwerc.com fangqi.6600.org fangqi.7766.org fuck0313.6600.org guangkuo119.3322.org kankan902.3322.org ksattack.6600.org maguss.3322.org maple110.3322.org mybaccy.3322.org rterybrstutnrsbberve.com rvbwtbeitwjeitv.com sousou123.3322.org xin9liao.gnway.net xinxin168.3322.org xiong97.3322.org yezi999.3322.org ylddos.3322.org zwx5060.3322.org # Reference: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/tale-of-the-two-payloads-trickbot-and-nitol/ # Reference: https://github.com/AlienVault-OTX/Threat-Trends/blob/master/MaliciousDomains_UmbrellaRanking.csv e.googlex.me # Reference: https://asec.ahnlab.com/1031 b.googlex.me # Reference: https://www.virustotal.com/gui/file/62010ae6b25999cbc37c935c163285f571294f4732965c66b9233a7573c13c10/detection w.googlex.me m.googlex.me # Reference: https://totalhash.cymru.com/network/?dnsrr:*.googlex.me w.googlex.me m.googlex.me googlex.me # Reference: https://twitter.com/pancak3lullz/status/748172641131847681 # Reference: https://www.virustotal.com/gui/ip-address/110.173.30.68/relations 110.173.30.68:1111 110.173.30.68:1150 110.173.30.68:1380 110.173.30.68:1472 110.173.30.68:2013 110.173.30.68:2014 110.173.30.68:6666 110.173.30.68:8080 110.173.30.68:8085 110.173.30.68:8089 xiaoaolong.f3322.org # Reference: https://twitter.com/pancak3lullz/status/744918444265578496 # Reference: https://www.virustotal.com/gui/file/a2d02236c2a9684310d95d5a98734d17d226da16607f98903e0a5f9d62298521/detection # Reference: https://www.virustotal.com/gui/file/40ac46478014d0a89f787c25dd380424b0e16913bd5ff03db90c32b75aa10c35/detection 173.254.236.5:8900 45.34.191.179:8900 119.147.145.218:8511 wx137672811.f3322.net # Reference: https://twitter.com/pancak3lullz/status/740562923639046146 # Reference: https://www.virustotal.com/gui/file/e39a3ca5574dfba2bd29a71b933c9bf22633baad10c7fcac5abbc700e5b8f175/detection 183.60.202.97:1993 longge520.f3322.net qlsb.f3322.net # Reference: https://twitter.com/pancak3lullz/status/739878964064194560 aabao.top a.aklianfa.com # Reference: https://www.virustotal.com/gui/domain/leiyan.hk/relations leiyan.hk # Reference: https://twitter.com/pancak3lullz/status/739573412973150208 zhaojinyi5045.f3322.org # Reference: https://twitter.com/pancak3lullz/status/742832969539158017 125.88.146.61:9595 hackxiao.top # Reference: https://www.virustotal.com/gui/file/9ea76521dacafc0437c12d3e7b2db5e4cd27054c476e87dfe9fb2934bbd3668b/detection gyddos.com # Reference: https://www.virustotal.com/gui/file/87c00a2dbc7aad92c63afe8633dde5253da9dd8c663dfe257ab17c087c967b16/detection 61.160.232.140:65534 5302000.publicvm.com # Reference: https://www.virustotal.com/gui/file/f5ce87456cad6b035e20df4e3c8cfd6f68353913dbb78be8383036842c54ec69/detection 103.226.124.222:65534 # Reference: https://www.virustotal.com/gui/file/a624fd04789db3e1327fd981ac01b79c1d432819e752291843e4e4778794d6aa/detection 112.74.75.143:6666 # Reference: https://www.virustotal.com/gui/file/96a8382fe8bd91e1cf9ab358cb03f597dc3bcef66503275c17b914e28b438c92/detection 210.222.25.223:6666 # Reference: https://www.virustotal.com/gui/file/22bd3e766de31699464b08467a47b6c44f4825e4984221f74209cdb9c2b26756/detection 61.84.56.105:1234