# Copyright (c) 2014-2019 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Win32/Dorkbot#tab=2

av.shannen.cc
lovealiy.com
shuwhyyu.com
syegyege.com

# Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Dorkbot-AO/detailed-analysis.aspx

negro001.com
negro002.com
negro003.com
thismynew.info
thismynew1.info
thismynew2.info
negro004.com
negro0045.com
negro005.com

# Reference: http://research.zscaler.com/2015/04/irc-botnets-alive-effective-evolving.html

api1.wipmania.com.wipmsc.ru
api2.wipmania.com.wipmsc.ru
api3.wipmania.com.wipmsc.ru
api4.wipmania.com.wipmsc.ru
api5.wipmania.com.wipmsc.ru
api6.wipmania.com.wipmsc.ru
api7.wipmania.com.wipmsc.ru
api8.wipmania.com.wipmsc.ru
api9.wipmania.com.wipmsc.ru
api.wipmania.com.fowd.ru
api.wipmania.com.selfmg.ru
api.wipmania.com.lotus5.ru
api.wipmania.com.wipmania.ru
api.wipmania.com.lotys.ru
api.wipmania.com.bwats.ru
api.wipmania.com.stcus.ru
api.wipmania.com.cmoen.ru
api.wipmania.com.artbcon3.ru
api.wipmania.com.yeloto.ru
update.wipmania.com.raulhost.ru

# Reference: https://www.malwareviz.com/static/html/MalwareViz_497b25ea944d382e5a6fa5ccd8d447c6.html

api1.wipmania.net

# Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Mdrop-GQC/detailed-analysis.aspx

n.ezjhyxxbf.ru
n.hmiblgoja.ru
n.jntbxduhz.ru
n.lotys.ru
n.yqqufklho.ru

# Reference: http://www.lavasoft.com/mylavasoft/malware-descriptions/blog/TrojanGenericKD18294833413650c55

n.lotys.ru
n.jntbxduhz.ru
n.hmiblgoja.ru
n.ezjhyxxbf.ru
n.yqqufklho.ru
n.vbemnggcj.ru
n.yxntnyrap.ru
n.oceardpku.ru
n.zhgcuntif.ru
n.jupoofsnc.ru
n.aoyylwyxd.ru
n.kvupdstwh.ru
n.spgpemwqk.ru
n.zhjdwkpaz.ru
n.dclhmfkcb.ru
n.yugypkhvl.ru
n.srobpranm.ru
n.zccgyxwfa.ru
n.lgcpogvly.ru
n.mqjcctzdu.ru
n.jthxriotb.ru
n.eoifjgjxl.ru
n.mmhjrarii.ru
n.lurgcdqwk.ru
n.adkxlenod.ru
n.lumzwlhum.ru
n.spdsazjaj.ru
n.rzyyjafvk.ru
n.orvjwcvqt.ru
n.nikejqiis.ru
n.uhwumfxht.ru
n.gznzenuve.ru
n.ipdcuzrbj.ru
n.axitdflcr.ru
n.gbckjrrzu.ru
n.kntrejzkq.ru
n.srxkwklks.ru
n.knyszaijv.ru
n.yjeuatihg.ru
n.zgfvfhtli.ru
n.hceymatul.ru
n.xiabhaoii.ru
n.oysaqcxbi.ru
n.raqimfebe.ru
n.kbwuxntle.ru
n.xcuygznmk.ru
n.fxazudqiv.ru
n.keqenlhsc.ru
n.hpufkdrqr.ru
n.yfxmjmbpd.ru
n.wbakrhdqe.ru
n.fxagapbcw.ru
n.bkgywvtsx.ru
n.zervwpzra.ru
n.akyjwkkqj.ru
n.heiylmruc.ru
n.yothepdgz.ru
n.jqltfflhx.ru
n.gbfelbdjz.ru
n.sjkguntum.ru
n.lxbluoryz.ru
n.khqrqoqoe.ru
n.lujjeazun.ru
n.votjsbqxi.ru
n.whukpjket.ru
n.jspowmxsl.ru
n.bhsbqjysh.ru
n.epbdyornt.ru
n.iclcakajd.ru
n.lbxfqfcxj.ru
n.zdxappufr.ru
n.wxvwsagfj.ru
n.phbndvdsy.ru
n.gxltnbgks.ru
n.jveblfxqs.ru
n.cfqqxfduf.ru
n.bjadvjfdx.ru
n.ggxvmjwgy.ru
n.avebiwdbf.ru
n.jractocvx.ru
n.srcbrtetb.ru
n.tekwkrsll.ru
n.hbukvpirg.ru
n.rpbzpxiyg.ru
n.cdtclxicx.ru
n.cjwxfmimx.ru
n.sabqauqxz.ru
n.ysmilxqbp.ru
n.oaclzemyh.ru
n.sokjrsoge.ru
n.rqbupminx.ru
n.tsmdeqpxz.ru
n.uqeuhlpbo.ru
n.owjbbpdam.ru
n.zjadtsvrd.ru
n.cusviecqs.ru
n.plrbchand.ru
n.zqpkvolqc.ru
n.qktjrlxil.ru
n.xyxbbuxhw.ru
n.nnzykujty.ru
n.elnytydma.com
n.mrjwqrvhe.com
n.nmdlqnsqv.com
n.eoxhxlxax.com
n.kpypmhotd.com
n.iegvyabpm.com
n.vvspbjbsj.com
n.rejtobfsz.com
n.kyhoimuag.com
n.nfjmrolyt.com
n.zfluvuuez.com
n.krpjpyuvr.com
n.jijvoiiqf.com
n.pszpnkbib.com
n.zhlhvgfpj.com
n.mvhrrpbab.com
n.xqbwkgtli.com
n.yykzejasl.com
n.uafvkahxq.com
n.onnaznfpi.com
n.bvjbygkhq.com
n.celujntse.com
n.nothauweh.com
n.bffihxjxo.com
n.onqxlsjsu.com
n.nzebzahio.com
n.ylbotqjmk.com
n.cbceluvnf.com
n.gurvnrthi.com
n.ckcwacpts.com
n.irhwtkyov.com
n.wnkgkwbbb.com
n.eepixnqaa.com
n.zodoyucra.com
n.dsnkjlkfu.com
n.wpsnxnegs.com
n.cvnuxxysj.com
n.wewhftcna.com
n.zjfprawyu.com
n.ukgorgrqm.com
n.nwsxkwjtb.com
n.rzhfwlaaj.com
n.cygzrpdct.com
n.uahauuzyr.com
n.cirgfzcxh.com
n.pxktczqpg.com
n.lwoucvztu.com
n.fwmfdsrdo.com
n.ysrzbwrhy.com
n.lsisqkwax.com
n.obfzdniwo.com
n.koiqczjzt.com
n.sbliadsxt.com
n.jxgxgdmnh.com
n.pubacyixo.com
n.xqrrrfjkk.com
n.ivqxnsonc.com
n.nxnpcnedd.com
n.nxoyntdzt.com
n.rxehjwklo.com
n.igmkzotyp.com
n.aumzkzwrl.com
n.jcawsrxup.com
n.abmadwhcr.com
n.lmfbywtms.com
n.hhxxcplyd.com
n.bjlajcvcy.com
n.kpmcbjlmz.com
n.ghovcuips.com
n.pucpdbgjm.com
n.zzwwnrwum.com
n.odeujslqf.com
n.ecnpjynwc.com
n.ynxjwgdec.com
n.xrbqavrjw.com
n.ipzfjqnzj.com
n.ulffiidks.com
n.qtcyitbce.com
n.abjuylahr.com
n.zepjdorss.com
n.vlwibqnup.com
n.eaxeebvnx.com
n.rjywkggko.com
n.zmvlqrhsl.com
n.unvsceumt.com
n.vimaspimf.com
n.myyhalxbr.com
n.rsxnjdvgu.com
n.kdrlowylf.com
n.tnylqmwer.com
n.wesocfgdj.com
n.sgteglshe.com
n.kbsdxnoqc.com
n.offbizvki.com
n.msosxcmuh.com
n.uczcgpuxv.com
n.wxctgbeou.com
n.lhklpacah.com
n.adhelcnoh.com
n.jcapalebj.com

# Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/W32~Dorkbot-FO/detailed-analysis.aspx

f.eastmoon.pl
gigasbh.org
gigasphere.su
h.opennews.su
o.dailyradio.su
photobeat.su
s.richlab.pl
uranus.kei.su
xixbh.com
xixbh.net

# Reference: https://blog.talosintelligence.com/2018/08/threat-roundup-0824-0831.html

aliluya.in

# Reference: https://www.threatcrowd.org/malware.php?md5=b3cf7cf6672708125946436c2fd0970a

otcu.co.cc

# Reference: https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-fresh-variant-dorkbot-botnet/

abcxyz.com
api.wipmania.net/icon/n.api

# Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Dorkbot-KL/detailed-analysis.aspx

app.wipmania.net/icon/n.api
/icon/n.api

# Reference: http://secure.lavasoft.com/mylavasoft/malware-descriptions/blog/WormWin32Dorkbotcdde5fec37

h.k211128.com
y.cae1r699.ru
y.jo1rv99.com

# Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Mal~Dorkbot-H/detailed-analysis.aspx

blueverse.kz
gigasphere.su

# Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Mal~Dorkbot-I/detailed-analysis.aspx

appupdate.org
appupdate02.info
0days.me
0dayx.com
a7aneek.net