# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/Racco42/status/1216993503118577665
# Reference: https://www.virustotal.com/gui/file/4d7b06f10359312ac6b13883831e725c649665936acedc506be40e954d4b1208/detection

185.140.53.134:7776

# Reference: https://www.virustotal.com/gui/file/4c9b503d9fece2134e97eb34c3bb3847b9deca9ba05df999b59a5fb5e63c26ca/detection

185.140.53.134:9095
185.140.53.134:9096
wealthybillza.insidedns.com

# Reference: https://twitter.com/wwp96/status/1224779467215855619
# Reference: https://app.any.run/tasks/75ddb147-59d7-49a1-a3a0-1c6b7de58f37/

45.147.229.52:7071

# Reference: https://twitter.com/James_inthe_box/status/1227213715860144128
# Reference: https://pastebin.com/Re5jj5j2

79.134.225.111:8141
vahlallha.duckdns.org

# Reference: https://twitter.com/VK_Intel/status/1237447871764496388
# Reference: https://www.virustotal.com/gui/file/0a689281e5c807412fd9fca5f4a2d02f90e149da1ecc16179a09d88fa88eed74/detection
# Reference: https://www.virustotal.com/gui/file/cd41b2a08b3b38cd8ce7a2420a635bd1d1780bce12218f93ee6f2366a19e2aeb/detection

185.244.30.237:4181
192.169.69.25:4181
roboticsnetwork.duckdns.org

# Reference: https://twitter.com/James_inthe_box/status/1247190083825848321
# Reference: https://twitter.com/James_inthe_box/status/1247191401403564033

hope.doomdns.org

# Reference: https://www.virustotal.com/gui/file/f899a317b88fe6fc9dedcda1620b37c907082223244804df60ca664fc04ff265/detection

105.112.176.133:1759

# Reference: https://www.virustotal.com/gui/file/2a6cfd85bcb241ce4c4c1dcd325d9d85da8ae49a8f721632d319806085818408/detection

216.38.7.237:7310

# Reference: https://twitter.com/James_inthe_box/status/1247280998359789575

franco20.dvrdns.org

# Reference: https://twitter.com/malwrhunterteam/status/1250743756925677569

5.253.114.116:7073

# Reference: https://www.virustotal.com/gui/file/8c7262c3e94a7c143b0c8b76b051f7eef7b8a7e903dee5b1868b0230c19cc725/detection

5.253.114.116:7072

# Reference: https://www.virustotal.com/gui/file/1dfc66968527fbd4c0df2ea34c577a7ce7a2ba9b54ba00be62120cc88035fa65/detection

23.105.131.162:2019

# Reference: https://twitter.com/malwrhunterteam/status/1253290466717687808
# Reference: https://www.virustotal.com/gui/file/2f370ffe4e15fde26e43812a3809fbaa3a8974c0a7cb6c5677985dbe8e46f782/detection

kiht.felehton.ga

# Reference: https://twitter.com/malwrhunterteam/status/1253345383163613184
# Reference: https://www.virustotal.com/gui/file/00185cc085f284ece264e3263c7771073a65783c250c5fd9afc7a85ed94acc77/detection

185.19.85.182:7310

# Reference: https://twitter.com/abuse_ch/status/1255135289766363138
# Reference: https://bazaar.abuse.ch/sample/4723ab5ed01fb642eb602ff59309d4d698e6011145ca1b757bb223b5a67fe159

79.134.225.51:5147
bhg.canadacentralregistrar.ca

# Reference: https://twitter.com/malwrhunterteam/status/1260616207427928071
# Reference: https://app.any.run/tasks/9b3c82f6-a2cc-465b-8958-be625d344f46/

194.5.98.83:7310

# Reference: https://twitter.com/James_inthe_box/status/1260634288044691456
# Reference: https://www.virustotal.com/gui/file/6cf91b93dd7a3a6aca9878a5cf252af90000628486161243a086d6477d5d1f04/detection
# Reference: https://www.virustotal.com/gui/file/d71ea69b5e2fa547ef05778e28b35398077e08f5a65aa2c38b46f1eddc78b373/detection

54.39.221.47:3990
pollianoammr22ja1.com
secrfastexamplerepco998.info

# Reference: https://twitter.com/James_inthe_box/status/1283740986087112705

mikonsrebtlolli.info

# Reference: https://www.virustotal.com/gui/file/828d51c52964a466fe6fc0fa5a1486c29493406b56e33314a6256487ea9d58c3/detection

69.12.94.8:2233

# Reference: https://www.virustotal.com/gui/file/7d82b25772cf7ffcdd2ba1db1f628ce7d931c0bb2861909f359f4b6c55a331c4/detection

69.12.94.12:2233

# Reference: https://www.virustotal.com/gui/file/6cf3ca79d3b6a05beb86f2641a03e9cb5cb8aa9cb085087830b5c27cf26a4fd1/detection
# Reference: https://www.virustotal.com/gui/file/e3d9fba192a6ac072a26d8fe01bd46e588b8ac1a1884a9631bf065eda1030c4e/detection

69.12.94.12:2555
restreamnewsp1ot5s8.net

# Reference: https://www.virustotal.com/gui/file/5ef891964f967642e02934a933984b6af3ba5043cac2bdc769d3296550a0f264/detection

blupaycryptoexchange.com

# Reference: https://www.virustotal.com/gui/file/f83198c03626e0cd56156ebe79ac221f9a875aa32a3a1aa783aba69f1df1e604/detection

5.2.68.87:2111
airgorobblelulu.tw

# Reference: https://www.virustotal.com/gui/file/02343d32f41876a3ceaad992777865be673c9b331c018555ed135726f8ec0244/detection

5.2.68.87:2555

# Reference: https://www.virustotal.com/gui/file/95ecd030bb00219d1a549839f5b24d02b5fd3df7e967f8a38fceecb05cee5b1e/detection

69.12.94.12:5550
riposterpostnewapp.ml

# Reference: https://www.virustotal.com/gui/file/c62e5304821abc306872ea97c88a8d7dc800f7b63380b2cf89153c639de4704c/detection
# Reference: https://bazaar.abuse.ch/sample/c62e5304821abc306872ea97c88a8d7dc800f7b63380b2cf89153c639de4704c/

69.12.94.12:9003
rimi98wutsals.me

# Reference: https://twitter.com/malwrhunterteam/status/1322141882516938753
# Reference: https://www.virustotal.com/gui/file/d0dc216e6253b34bee652e5610a678235b5ff6f78b61a46455aa6d6d1969168e/detection
# Reference: https://www.virustotal.com/gui/file/812ffdf59994608aafb5feabac1aa96c81a9af8de5f197d57c06b8f28b83aadc/detection
# Reference: https://www.virustotal.com/gui/file/932265196175f2b8a3ac274ee1679119cf2bb7a5ee19fd359b7dc8bd258ae6a7/detection

5.2.68.77:5550
dudafersam1ina5ch8ilu.org
hbreaspoksjdhzax8a1s5a.me

# Reference: https://www.virustotal.com/gui/file/c2382986d2bacaacd5399abca6ba33ee39fec2e9f331b8493a7511bc23578adc/detection

154.16.168.6:8910
risptinshoppedtales193.ga

# Reference: https://twitter.com/malwrhunterteam/status/1318505047102267394
# Reference: https://www.virustotal.com/gui/file/ceb7af06283244c5fe9cba4e1c71013289d253229e15d68d6110fe9d19f3fa0d/detection

5.2.68.77:2555
jhpalettad158era.com

# Reference: https://tria.ge/201127-133jlvst66/behavioral2

179.43.166.58:2555

# Reference: https://twitter.com/JAMESWT_MHT/status/1340590881804529670
# Reference: https://app.any.run/tasks/bea35519-8b19-4c03-b62a-cb39afc96d66/

51.195.57.228:2340
cascapplxmain.ga

# Reference: https://twitter.com/malwrhunterteam/status/1341713730623725568
# Reference: https://www.virustotal.com/gui/file/8f9d53981687f9cb6b3e49f03565cdda8e4ca9ccce56122f435f8851d7425f2b/detection

aprteb221ack.ga

# Reference: https://twitter.com/malwrhunterteam/status/1351558775505879051
# Reference: https://www.virustotal.com/gui/file/ac6a3cc9495a74bab45e1ef81bc4fec79dde5942547043629086937628fb321b/detection
# Reference: https://www.virustotal.com/gui/file/eed8318b910689eafca6b4525253274aaea964bcb46a51f8c8033629d6d70e8f/detection

5.2.68.115:8090
cam3ik1ze9sre.co

# Reference: https://twitter.com/JAMESWT_MHT/status/1354027942049968128
# Reference: https://app.any.run/tasks/550f0f0c-43cb-4a3c-a2d6-6a0cea39fecb/

5.2.68.115:2340
madresakamikzre.pw

# Reference: https://www.virustotal.com/gui/file/c0054f47a3edfcc977871a0e19413b9596ea15be86a338568333044ff10e07df/detection

armatikamczparsll.co

# Reference: https://app.any.run/tasks/32d37cb1-c5c7-4d78-99a3-20ddeb389428/

saspkawaskioparls.pw

# Reference: https://twitter.com/JAMESWT_MHT/status/1357292679378460680
# Reference: https://www.virustotal.com/gui/file/3361515c7847b7f3aa44b45da30581ad9e5af35fdc2489ff95d312a3f4a5e4a7/detection
# Reference: https://www.virustotal.com/gui/file/1f54c4b578cdcaf15c817f18ee715a8cf2b7944c44e268ae8fa8bc9427922bf2/detection
# Reference: https://www.virustotal.com/gui/file/3e8962da569e1d2ab460b1713859a54d0f8f930a2b5113c95d109e94f231ecb0/detection
# Reference: https://www.virustotal.com/gui/file/65b5b6932408f05edcbdf55630889e43b6dc105fa7f79d5949a83224c252a457/detection

45.76.172.113:1331
45.76.172.113:1336
45.76.172.113:1339

# Reference: https://twitter.com/malwrhunterteam/status/1362392047290834945
# Reference: https://www.virustotal.com/gui/ip-address/5.2.68.114/relations
# Reference: https://www.virustotal.com/gui/file/a4cad2ac92b79ee5a3c0b19e182832b2a6e3fd2ea731e65571561b0b307768a1/detection

5.2.68.114:5555
apopospmrte2021spm.info
astrazetpcalfaspm.nl

# Reference: https://www.virustotal.com/gui/file/89f0eed05def6bd2d4beb05d5e7021b866233cdb2e7e0ce61f785e41359fb233/detection

faiterasianspmprlx.nl

# Reference: https://twitter.com/vk_intel/status/1275997504702689282

firestatedteam.com
albaweatherstats.com

# Reference: https://www.virustotal.com/gui/file/ebf0083ad227764b7963171f0c2d156f56ad5a5835ce1a74e3c85b4902b04695/detection

51.195.57.232:5555
granittloos.co

# Reference: https://www.virustotal.com/gui/file/0cfa9021ddabb0a9f3306397234f3f19ce70da1082b4291bfe9477c974aebbec/detection

caxxospmparllxmigo.nl

# Reference: https://www.virustotal.com/gui/file/d4b6d8677ede31f299e565034f3d29009cb73910b6e156768f8e2e47649ede1d/detection

103.92.29.151:6100

# Reference: https://www.virustotal.com/gui/file/c7ef0948c014456a5ca8aa1d06114135720bfd540611ba7c2d5dd7898e1c46a9/detection

borelli1spa.duckdns.org

# Reference: https://www.virustotal.com/gui/file/762d0dd4af7de2c8518562a993bb4203e0bbf01ef58a23df5fb12e37191e21c7/detection

45.146.164.111:20190

# Reference: https://www.joesandbox.com/analysis/781293#iocs
# Reference: https://www.virustotal.com/gui/file/385eb4274de2282360a7010b5739769fb6dd69a889626c0fddc6a3a6d4c1251f/detection

5.2.68.82:8090
strattonprlxmaespm.com

# Reference: https://www.virustotal.com/gui/file/8c6e507be687fd725cf66f3a4d405a43fc575a275024a5ed164e90b873fe447c/detection

5.2.68.82:5555
parallspmcachire.nl
pigghiamlnwwe.nl
