# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: http://bartblaze.blogspot.hr/2015/09/notes-on-linuxxorddos.html
# Reference: https://otx.alienvault.com/pulse/560559844637f21ecf297f9a/

dsaj2a.com
hcxiaoao.com
hostasa.org
dsaj2a1.org
wangzongfacai.com
dsaj2a.org

# Reference: http://blog.malwaremustdie.org/2015/06/mmd-0033-2015-linuxxorddos-infection_23.html

hostasa.org

# Reference: https://blog.checkpoint.com/wp-content/uploads/2015/10/sb-report-threat-intelligence-groundhog.pdf

gggatat456.com
xxxatat456.com
aaa.gggatat456.com
aaa.xxxatat456.com
www1.gggatat456.com
jq.cfdddos.com
gh.dsaj2a1.org
ndns.dsaj2a1.org
ndns.dsaj2a.org
ndns.hcxiaoao.com
ndns.dsaj2a.com
linux.bc5j.com
uc.f1122.org
navert0p.com
wangzongfacai.com
ns1.hostasa.org
ns2.hostasa.org
ns3.hostasa.org
ns4.hostasa.org
zhegege.3322.org

# Reference: https://www.welivesecurity.com/2018/10/18/new-linux-chachaddos-malware-distributed-servers-vestacp-installed/

193.201.224.238:8852
7mfsdfasdmkgmrk.com
8masaxsssaqrk.com
9fdmasaxsssaqrk.com
efbthmoiuykmkjkjgt.com
zxcvbmnnfjjfwq.com
/RTEGFN01

# Reference: https://www.virustotal.com/gui/file/e99b77c5a469018e9543bff5bf3b1798ae62146b5763979659d951451d7ef77f/detection

222.186.128.172:5535
syn4.f3322.org

# Reference: https://www.lacework.com/groundhog-botnet-rapidly-infecting-cloud/
# Reference: https://otx.alienvault.com/pulse/6011e0e8fe4caceec3d71f63/

112.213.127.156:9393
222.186.128.172:5523
2017fly.com
2018fly.com
2019fly.com
3000uc.com
8uc.linux1.cc
911ddos.com
aa.finance1num.org
aa.hostasa.org
aaa.dsaj2a.org
aaa.gggatat456.com
aaa.xxxatat456.com
assword.xyz
baidu.gddos.com
bc5j.com
benniao.date
benniaogg.benniao.date
caiyundaifu.top
cdn.cloud2cdn.com
cdn.finance1num.com
cdn.netflix2cdn.com
cdn.search2c.com
cloud2cdn.com
ddd.dddgata789.com
dddgata789.com
dnstells.com
dsaj2a.com
dsaj2a.org
dsaj2a1.org
finance1num.com
finance1num.org
fly1989.com
gddos.com
gggatat456.com
gh.dsaj2a1.org
gzcfr5axf6.com
gzcfr5axf7.com
hcxiaoao.com
hostasa.org
info.3000uc.com
k1.2018fly.com
kill.2019fly.com
linux.bc5j.com
linux1.cc
lpjulidny7.com
lzjxn.me
myserv012.com
ndns.dsaj2a.com
ndns.dsaj2a.org
ndns.dsaj2a1.org
ndns.hcxiaoao.com
netflix2cdn.com
ns1.hostasa.org
ns2.hostasa.org
ns3.hostasa.org
ns4.hostasa.org
p.assword.xyz
p10.2017fly.com
p10.2018fly.com
p10.sb1024.net
p12.2017fly.com
p12.2018fly.com
p12.sb1024.net
p2.2019fly.com
p2.fly1989.com
p2.sb1024.net
p4.2019fly.com
p4.fly1989.com
p4.sb1024.net
p5.2017fly.com
p5.2018fly.com
p5.dddgata789.com
p5.lpjulidny7.com
p5.sb1024.net
p6.2017fly.com
p6.2018fly.com
p6.2019fly.com
p6.fly1989.com
p6.sb1024.net
pcdown.gddos.com
pincco.cn
ppp.gggatat456.com
ppp.xxxatat456.com
qq360bidu.me
rouji.pincco.cn
sb1024.net
search2c.com
shaoqian.f3322.org
soft8.gddos.com
suc80.linux1.cc
suc80.twjiasu.com
syn4.f3322.org
twjiasu.com
uc.twjiasu.com
w.qq360bidu.me
wnegerf.com
ww.dnstells.com
ww.gzcfr5axf6.com
ww.gzcfr5axf7.com
ww.myserv012.com
ww.search2c.com
xo.lzjxn.me
xxxatat456.com
