# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: korat, lsslogger, remcos

# Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Remcos-G/detailed-analysis.aspx

remcos.legacyrealestateadvisors.net
remcos2.legacyrealestateadvisors.net

# Reference: https://blog.talosintelligence.com/2018/08/picking-apart-remcos.html

dboynyz.pdns.cz
streetz.club
mdformo.ddns.net
mdformo1.ddns.net
vitlop.ddns.net
ns1.madeinserverwick.club
uploadtops.is
prince.jumpingcrab.com
timmason2.com
lenovoscanner.duckdns.org
lenovoscannertwo.duckdns.org
lenovoscannerone.duckdns.org
google.airdns.org
civita2.no-ip.biz
pimmas.com.tr
mervinsaat.com.tr
samurmakina.com.tr
paulocamarao.com
midatacreditoexperian.com.co
lebontour.com
businesslisting.igg.biz
unifscon.com

# Reference: https://twitter.com/MaelSecurity/status/1036551872008605696

test200.dynu.net

# Reference: https://twitter.com/ps66uk/status/1040576968750706689
# Reference: https://www.virustotal.com/#/ip-address/185.163.100.45

gclarke77.gotdns.ch
gclarke7.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1040620171692466176

yvonne.ddns.net

# Reference: https://twitter.com/avman1995/status/1040472512356855808

top.taijh.xyz

# Reference: https://twitter.com/Racco42/status/1040154199592509440

auxlorenagomez.ddns.net

# Reference: https://twitter.com/luc4m/status/1021670673247285248

worldwide.weldwire.top

# Reference: https://twitter.com/luc4m/status/1019948492947709953

gatewayglobal.strangled.net

# Reference: https://twitter.com/James_inthe_box/status/1018792273574678528

http://185.62.190.232

# Reference: https://twitter.com/ps66uk/status/1046900765493739520

menaxe.duckdns.org

# Reference: https://www.cyren.com/blog/articles/fake-invoice-carries-rescoms-malware-targeting-businesses-globally

infocolornido.publicvm.com

# Reference: https://twitter.com/ScumBots/status/1051360120834265088

satan969.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1044204804354957312

ddns.njegidi888.xyz

# Reference: https://twitter.com/Racco42/status/1027883312252108800

2419.damnserver.com
2419.duckdns.org
2419.geekgalaxy.com
2419.health-carereform.com
2419.pgafan.net

# Reference: https://twitter.com/Jan0fficial/status/986580332135829506

remrem.onmypc.net

# Reference: https://twitter.com/Jan0fficial/status/975661898363559937

emilylatta411.servehttp.com

# Reference: https://twitter.com/James_inthe_box/status/939146342357536768/photo/1

gemalto788.ddns.net

# Reference: https://twitter.com/Racco42/status/1054384363524235264

eskimoz.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1102437794025295872

112.204.228.252:2323

# Reference: https://www.cert-pa.it/notizie/analisi-del-malware-remcos-veicolato-tramite-packer-delphi/

pekniecza.hopto.org

# Reference: https://twitter.com/dvk01uk/status/1108949343074054144
# Reference: https://app.any.run/tasks/5e5404b2-4018-4da4-a6a3-19465fa7cc9c

185.244.29.73:6767

# Reference: https://twitter.com/malwrhunterteam/status/1111352801693782016

castelfable.duckdns.org

# Reference: https://twitter.com/malwrhunterteam/status/1104327117309968384

infosblogwar.duckdns.org

# Reference: https://twitter.com/James_inthe_box/status/1098553609375993856

194.68.59.41:1956

# Reference: https://twitter.com/pollo290987/status/1083401581670875136

194.5.98.173:7081

# Reference: https://twitter.com/ps66uk/status/1062514051165704192

argonsa.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1060547624418168839

cjmoney.duckdns.org

# Reference: https://twitter.com/ps66uk/status/1049011930411794432

185.148.241.58:2442

# Reference: https://twitter.com/FewAtoms/status/1104355364391305216

196.127.74.118:2402

# Reference: https://twitter.com/Racco42/status/1088469487387664384

utchmann.bounceme.net

# Reference: https://twitter.com/pancak3lullz/status/1075888625261387777

info1.duckdns.org
185.244.30.126:5552

# Reference: https://twitter.com/James_inthe_box/status/1063118942095331328

449ers.ddns.net

# Reference: https://twitter.com/Jan0fficial/status/986580332135829506

remrem.onmypc.net

# Reference: https://twitter.com/Jan0fficial/status/975661898363559937

emilylatta411.servehttp.com

# Reference: https://twitter.com/ViriBack/status/971430374919122944

top.carolp1.xyz
185.62.189.72:1992

# Reference: https://twitter.com/pollo290987/status/963073970542129152

jerryemperror2.punkdns.top

# Reference: https://twitter.com/avman1995/status/960419643704913920

obereagu.ddns.net

# Reference: https://twitter.com/Antelox/status/884773449520095232

178.73.210.233:100

# Reference: https://twitter.com/makflwana/status/1104376804293263360
# Reference: https://app.any.run/tasks/8149d283-b550-4b31-9adf-4b4c85962e7d

juanbouyant.ddns.net

# Reference: https://twitter.com/x42x5a/status/1114133426708340736

prueba00223.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1115258819473317888

triggerd.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1121754056517537792

winsec.ddns.net
46.246.86.67:2606

# Reference: https://twitter.com/dvk01uk/status/1123210727483957248
# Reference: https://app.any.run/tasks/0e57a079-57d4-4c2d-8e01-82d316ac2d55

ablegod.hopto.org
79.134.225.6:6691

# Reference: https://github.com/edchavarro/RAT_IoCs

lacoste587.lacoste587.agency
dsquared21.dsquared21.rocks
hugoboss01.hugoboss01.store
luisvuitton.luisvuitton.tech
supreme12.supreme12.recipes
automovil1.peugeot10.cc
comida2.kfc52.club
auto14.wolsvagen7.mobi
telefonia1.telcel75.asia
consola2.nintendo3.life
microsofteup.pdns.cz
lexusempresa.100chickens.me
mojarracompany.pdns.cz
camilo6541.pdns.cz
balvinnew.100chickens.me
mercadolibre.pdns.cz
ebayeup.pdns.cz
antonio6532.pdns.cz
daniel6536.pdns.cz
181.57.221.10:4450
181.57.221.10:4452
181.57.221.10:4851

# Reference: https://twitter.com/pancak3lullz/status/1009524847314194434

185.209.85.75:7921

# Reference: https://twitter.com/suyog41/status/1129322130078916608
# Reference: https://www.virustotal.com/gui/file/817e345ac4e63947b592e28774c71c4a01d7c0f2005324b028871e0dedd7c4ef/detection

bego.hopto.org

# Reference: https://twitter.com/HerbieZimmerman/status/1131977968950099968

185.244.31.137:6666

# Reference: https://twitter.com/James_inthe_box/status/1132292966062518272

manihackz.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1132294012100960257

amanihackz.ddns.net

# Reference: https://twitter.com/ffforward/status/1133631211337912320

mgc2.hopto.org

# Reference: https://twitter.com/dvk01uk/status/1133667461335801857
# Reference: https://app.any.run/tasks/5c919ea0-0f27-481a-af41-42057d090096/

185.244.31.137:6767

# Reference: https://twitter.com/dvk01uk/status/1134014391249252357
# Reference: https://app.any.run/tasks/8d26c7f7-70bc-40c7-bfe2-b664d555054b/

185.244.31.34:6868

# Reference: https://www.malware-traffic-analysis.net/2017/12/22/index.html

darlz.freeddns.org
185.62.190.214:1695

# Reference: https://twitter.com/anyrun_app/status/1138078003815206912
# Reference: https://app.any.run/tasks/2aa81217-cd73-41af-901b-d578b5bbf041/

13.250.1.111:1986
13.250.1.111:1992
194.67.209.128:1992
194.67.209.128:7707
216.38.8.168:1986
216.38.8.168:7707

# Reference: https://twitter.com/James_inthe_box/status/1139839056748011520

xcv87xcv7xc7sd5f67s5dxc67vxdsfwe342.publicvm.com

# Reference: https://twitter.com/James_inthe_box/status/1139881993607380993

stainlessplc.ddns.net
184.75.209.163:6799

# Reference: https://twitter.com/dvk01uk/status/1141314328362176512
# Reference: https://app.any.run/tasks/8f80f415-a02e-451b-9797-96a3d03c793d/

185.247.228.199:6868

# Reference: https://twitter.com/x42x5a/status/1142113259044179968

jaybaba2.bounceme.net

# Reference: https://twitter.com/James_inthe_box/status/1142187271283548160

91.189.180.203:3480

# Reference: https://twitter.com/x42x5a/status/1142436174755192833

cemileorucs.ddns.net

# Reference: https://twitter.com/DbgShell/status/1143669818652069894

vubhijk.duckdns.org

# Reference: https://twitter.com/gorimpthon/status/1144186368483975168
# Reference: https://app.any.run/tasks/e5283183-af56-4628-bff3-b12572b43896/

185.247.228.99:1998
terrymamela.ddns.net

# Reference: https://twitter.com/reecdeep/status/1145646210398773249
# Reference: https://app.any.run/tasks/e89b3c70-50a6-421a-b639-299a918e147c/

jerryo.duckdns.org
185.247.228.236:8815

# Reference: https://pastebin.com/S4ggik78

du4alr0ute.sendsmtp.com

# Reference: https://twitter.com/killamjr/status/1154121304213094401

talkmess.dns-cloud.net

# Reference: https://twitter.com/Racco42/status/1157207083382652928

newrr.duckdns.org

# Reference: https://twitter.com/Racco42/status/1157242080932089856

191.101.150.90:2950

# Reference: https://blog.talosintelligence.com/2019/08/threat-roundup-0726-0802.html (# Win.Malware.Remcos-7089920-1)

abeasinf.duckdns.org
remsalvados2019.duckdns.org

# Reference: https://twitter.com/killamjr/status/1161983614197936128

185.244.31.32:2404

# Reference: https://twitter.com/James_inthe_box/status/1148692646942015488
# Reference: https://twitter.com/killamjr/status/1167454907676467201
# Reference: https://app.any.run/tasks/1c8c17b6-2628-4a06-8c2a-deb889e3e010/

185.244.31.96:3090
top.subaroone.waw.pl

# Reference: https://twitter.com/reecdeep/status/1163796233363906560
# Reference: https://app.any.run/tasks/e990631e-57b0-49db-b0b0-750dc33927dc/

185.244.31.26:6265
safer.ddns.net

# Reference: https://twitter.com/wwp96/status/1163788636036501504

evergraced.ddns.net

# Reference: https://twitter.com/Paladin3161/status/1164517058672906241

daya4659.ddns.net

# Reference: https://twitter.com/killamjr/status/1165459331912888320
# Reference: https://app.any.run/tasks/211498a3-95a8-44ee-a87b-25cdac3d8edc/
# Reference: https://www.virustotal.com/gui/file/6b32d6a32540884c3fb1a195b32b02aec9dd06797c464dee1c02bbb6ee97ffd1/detection
# Reference: https://twitter.com/killamjr/status/1168575703656189952
# Reference: https://app.any.run/tasks/346f19a6-7cd8-4da7-b7ba-76651bc540f1/

193.56.28.241:4444
193.56.28.241:8888
23.105.131.202:8888
crackme.hopto.org
noface55.kozow.com

# Reference: https://twitter.com/oguzpamuk/status/1166293812714659841
# Reference: https://app.any.run/tasks/d069fcb1-1c81-4f87-97bc-d4afb40a06e7/
# Reference: https://twitter.com/Racco42/status/1168449724724084737

193.56.28.173:2404
95.216.17.186:2404
23.105.131.169:2404
rownip.3utilities.com
rownip.dyndnss.net
rownip.theworkpc.com

# Reference: https://twitter.com/ps66uk/status/1167016794260946944
# Reference: https://app.any.run/tasks/121e7cd1-6954-44be-a1b4-825c2615c11c/
# Reference: https://www.virustotal.com/gui/file/15b83a6155f1aba3acb68e4ecb475bb742790b82de364d1df4dd918a31f7872e/detection

79.134.225.48:3765
79.134.225.86:3765
79.134.225.87:3765
79.134.225.89:3765
remcoss.onmypc.org

# Reference: https://twitter.com/de_aviation/status/1097547526763433985

du4alr0ute.sendsmtp.com
helloweenhagga.ddns.net
hhlari.ddns.net
moneybag123.ddns.net
revengerx111.sytes.net

# Reference: https://twitter.com/malware_traffic/status/1169050682386763776

37.19.193.217:2404
37.19.193.217:2405

# Reference: https://twitter.com/KorbenD_Intel/status/1169996681259245569

charlesremcos.duckdns.org

# Reference: https://twitter.com/wwp96/status/1170314034564018180

uaeoffice999.warzonedns.com

# Reference: https://twitter.com/wwp96/status/1170332469960331266

66.154.113.142:2404
jkharding2014.myddns.rocks
tomharry.ddns.net

# Reference: https://twitter.com/wwp96/status/1170334923892371459
# Reference: https://app.any.run/tasks/e2340ee4-ba30-44ec-b748-1d625e65db63/

79.134.225.77:2019
gratefulheart.ddns.net

# Reference: https://twitter.com/wwp96/status/1171448440535973888
# Reference: https://app.any.run/tasks/fcbb836f-7ade-44f1-bbeb-9c7d9047fbe1/

185.4.29.140:24009
inf111.ddns.net
inf111.hopto.org

# Reference: https://twitter.com/luc4m/status/1171783171677065217

charstiago6.dynu.net

# Reference: https://twitter.com/DynamicAnalysis/status/1172221575376134144

79.134.225.105:3368
sub2.haircaresupertouch.waw.pl

# Reference: https://twitter.com/dvk01uk/status/1176383495339483136

217.20.114.220:1010
myhousedubem.ddns.net

# Reference: https://twitter.com/VK_Intel/status/1176933671389081601

79.134.225.101:1188
sciano.duckdns.org

# Reference: https://twitter.com/Racco42/status/1179472593927200774
# Reference: https://twitter.com/Racco42/status/1179880257438003200
# Reference: https://www.virustotal.com/gui/ip-address/185.105.236.187/relations

185.105.236.187:5001
cepastr.ddns.net
manafuuh.ddns.net
teryts1802.sytes.net
updatechrome.duckdns.org

# Reference: https://twitter.com/VK_Intel/status/1179782506465366020

ulnews.duckdns.org

# Reference: https://twitter.com/Dashowl/status/1179833764651962369
# Reference: https://app.any.run/tasks/e38aa085-4cc2-43e6-befe-0b4d5caeb0b6/

204.152.219.70:5731
abundantgrace1.ddns.net

# Reference: https://app.any.run/tasks/9bfe4193-bfea-4523-be81-68953435e7b7/

181.215.247.18:2404

# Reference: https://twitter.com/MalwareConfig/status/1180886611602612224
# Reference: https://malwareconfig.com/config/daca573a51e9b080e2f3f6303611ee83

160.116.15.149:35364
henryofonyiri.ddns.net

# Reference: https://twitter.com/killamjr/status/1180968029858910209
# Reference: https://app.any.run/tasks/f9985b06-08a9-41dd-b2d4-d051e02f8c08/

137.116.73.45:2404
reneelauto.ddns.net

# Reference: https://twitter.com/teoseller/status/1179318648718188545
# Reference: https://www.virustotal.com/gui/file/550baa07a33c62d24636d672c5a0973dbb1babc8ddc75e434d316ece595296f6/detection

185.81.157.41:2404
santzo.warzonedns.com

# Reference: https://app.any.run/tasks/cb0e97af-6122-4181-87e5-842dedde0d77/

178.239.21.116:1795

# Reference: https://app.any.run/tasks/7634c4dc-dee9-41e0-a2c0-32b4ef3d1885/

213.184.126.134:1337

# Reference: https://twitter.com/P3pperP0tts/status/1181578274394251264
# Reference: https://www.hybrid-analysis.com/sample/47232b513efbd2c6fcd3dd1778aa00ca018710c8afd597d238ab1c94433747c4/5d9c9ed50288383e19febfe6

185.158.249.88:2404

# Reference: https://twitter.com/killamjr/status/1183421884794204160
# Reference: https://app.any.run/tasks/deed1a67-8d99-4e3c-9e87-5e63c39cb4c6/

top.intelprovidejordan.waw.pl

# Reference: https://github.com/edchavarro/RAT_IoCs/blob/master/README.md (# Remcos section)

181.57.204.130:4452
46.246.82.66:2000
bolso.gucci12.cc
celularmovil.huawei10.digital
consola2.nintendo3.life
consolajuego.nintendowii12.email
telefonia.claromovil1.work
tennis1.adidas3.tech

# Reference: https://any.run/report/613f437f01744740c4e96d84c970c51128929fcdaa1a9d7e31a1ee063bf49f8e/3ae8d7b9-9a47-4ac4-b564-96510dc901d7

185.217.1.173:2404
algheithcompany.duckdns.org

# Reference: https://twitter.com/smica83/status/1186542376355094529

91.189.180.214:7890

# Reference: https://twitter.com/killamjr/status/1188630140076658690
# Reference: https://app.any.run/tasks/a9de27e3-1bdc-43e9-8349-25bbe9c6cd90/

192.169.69.25:8077
redditmercy.duckdns.org

# Reference: https://twitter.com/James_inthe_box/status/1189251481943363586
# Reference: https://pastebin.com/H5UqcHv1

37.19.193.217:2398
toptoptop2.online
toptoptop2.site
toptoptop3.online
toptoptop3.site

# Reference: https://twitter.com/James_inthe_box/status/1189202165161529344

79.134.225.95:4050
79.134.225.95:6080
mnx.duckdns.org

# Reference: https://twitter.com/w3ndige/status/1189301538142990339
# Reference: https://app.any.run/tasks/a8a4f079-0296-41fa-bcb0-546a54db9e56/

109.202.103.170:8733
213.152.161.40:8733
213.152.162.89:8733
213.152.162.109:8733

# Reference: https://twitter.com/VK_Intel/status/1189602729498464257
# Reference: https://www.virustotal.com/gui/file/9235b1f5f9cc8efbf0ad96e4b48872a4043286fcdd182423746ed2e3700e1559/detection

79.134.225.20:2404
hobbotgy.duckdns.org

# Reference: https://twitter.com/Paladin3161/status/1190072879242596352
# Reference: https://www.virustotal.com/gui/file/6e366fd065815118100c0a7fe8fa95208e87944b9dd4ce9df556c6d9f31151ec/detection

menaxe.nsupdate.info

# Reference: https://www.virustotal.com/gui/file/d23189d4520692301d6a013f60d59972fb61fd4bc3f011693411b20e9bdbd1e6/detection

185.244.31.85:4050
menaxe212.duckdns.org

# Reference: https://www.virustotal.com/gui/file/6ddca5e1a4a9a4afd6663da5c05252d4150c8e271fbe28a81b3ae3af4cbca49c/detection

185.165.153.185:4050

# Reference: https://pastebin.com/29uSdMAk

sub.thebest1jewels.waw.pl

# Reference: https://pastebin.com/29uSdMAk
# Reference: https://www.virustotal.com/gui/ip-address/79.134.225.29/relations

79.134.225.29:3018
bzsoftwaress.hopto.org
faxjohn01.dyn.ddnss.de
londonchap.duckdns.org
samuelcity.ddns.net
top.citycentrejo.waw.pl
sub.winkcaffe.waw.pl

# Reference: https://twitter.com/killamjr/status/1191192709727506438

79.134.225.73:2404

# Reference: https://app.any.run/tasks/508a6b73-18b4-490e-a1f3-69341ba72512/

79.134.225.80:2404
clintonlog.hopto.org
joseph3m.ddns.net

# Reference: https://app.any.run/tasks/880d03b6-ed40-4688-a1ee-7f27e9873013/

91.189.180.214:7890

# Reference: https://twitter.com/malwrhunterteam/status/1060836685771087873

35.237.81.215:1604
fuckerswashere.duckdns.org

# Reference: https://twitter.com/wwp96/status/1191790897714913281
# Reference: https://app.any.run/tasks/4e587628-821c-42e9-ae52-ad84fd05ba85/

91.193.75.51:4343

# Reference: https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html (# Win.Dropper.Remcos-7376444-0)
# Reference: https://www.virustotal.com/gui/ip-address/179.33.152.127/relations

msipro2019.duckdns.org

# Reference: https://twitter.com/wwp96/status/1191486608249368581
# Reference: https://app.any.run/tasks/4ca60fe6-eb65-48eb-8f80-eb28e19ecfa4/

79.134.225.11:5198
mpremx.duckdns.org

# Reference: https://twitter.com/wwp96/status/1191443761563353089
# Reference: https://app.any.run/tasks/bd34ac22-9167-4ae5-a91f-e5600e21e72f/

115.133.245.72:3908
115.133.245.72:4101
115.133.245.72:4421
ego9.ddns.net

# Reference: https://twitter.com/JayTHL/status/1189778893298970624
# Reference: https://www.virustotal.com/gui/file/1511d64209925c818d7db8eb1d0229e54debbea0d2a60bba094a05edd8d76a1d/detection
# Reference: https://www.virustotal.com/gui/file/0634fc3acc43e1b3a357a28e4f0e20edac01ea07aa5de6e0373b8eb521bfd150/detection

194.5.97.96:22940
194.5.97.96:7493
lekwahouse.ddns.net
pirorityclient.ddns.net

# Reference: https://twitter.com/JayTHL/status/1189761540251103232

82.112.40.135:1604

# Reference: https://twitter.com/VK_Intel/status/1194260473631428608
# Reference: https://twitter.com/VK_Intel/status/1194338499085778944
# Reference: https://www.virustotal.com/gui/file/73cd4a5fd5d4670ecfa8d3e1d64055b76373e7730e0f7947ae850dbf2ee41549/detection

194.5.97.119:1000
nanoprivv.duckdns.org
zotizieweb1.duckdns.org

# Reference: https://twitter.com/wwp96/status/1196471158054494208
# Reference: https://app.any.run/tasks/66e92f07-3225-4d85-838f-cb3ccdbd90c8/

79.134.225.99:4387
respainc.duckdns.org

# Reference: https://twitter.com/wwp96/status/1196491717572222977
# Reference: https://app.any.run/tasks/594a9510-e48a-4dd5-89ea-73fe6929c225/

185.140.53.168:5980

# Reference: https://www.virustotal.com/gui/file/db21285f8f62e182c6cb217073632a0c878c44e6b9d7dd2cf68df573391aa924/detection

154.16.93.170:8320
185.217.1.186:8320
217.79.184.12:8320
79.134.225.29:8320
faxjohn01.dyn.ddnss.de

# Reference: https://app.any.run/tasks/c735b356-3ad6-47b2-8db9-4b820fba23ce/

pharmalobster.duckdns.org

# Reference: https://app.any.run/tasks/1c7dc445-3d6f-4219-a2e1-afc99d3916a0/

rt.sexsweet.vip

# Reference: https://www.virustotal.com/gui/ip-address/79.134.225.105/relations
# Reference: https://www.virustotal.com/gui/file/331003b87d0c8194b40ca96740295c74a3695331e917a9d0511c62e6ffdd7e80/detection

79.134.225.105:3368
sub2.haircaresupertouch.waw.pl
top1.supertouchhaircare.waw.pl

# Reference: https://www.virustotal.com/gui/file/4a43fde440d91d130acd096114cfbe5e965100793f354297657d6595e2a4b941/detection

electroking444.hopto.org

# Reference: https://www.virustotal.com/gui/file/2478c6c90b6c4ecfc0a010b111bde48456898aba2946625784ecc083960f683a/detection

electroking444.ddns.net

# Reference: https://www.virustotal.com/gui/file/10c47670d9b565e7911364006e01fc545ef9b313bf5d230405f067b6a7795b50/detection

79.134.225.89:2501

# Reference: https://www.virustotal.com/gui/file/31022c5eb483f3b105050ab054e45541b206583996aec342b20fad359b1978ce/detection

199.195.250.222:6464
leebase.nsupdate.info

# Reference: https://www.virustotal.com/gui/file/3692d98da1a9c209fe3f7789caa282a374eb39acde6d3b6690297773cd201c2a/detection

79.134.225.89:6464
filebase.duckdns.org

# Reference: https://www.virustotal.com/gui/file/3121062c6478104325d7bdf59a08f9c416c2c8343ee4eb80829775c984a06310/detection

79.134.225.89:3369
fucktoto.duckdns.org

# Reference: https://www.virustotal.com/gui/file/9e0d19b6ddfce89c11868bd8afdcfb53fa8d8c7c17623d25d04065aac411b521/detection

79.134.225.89:32002
work1234.duckdns.org

# Reference: https://blog.talosintelligence.com/2019/11/threat-roundup-1115-1122.html (# Win.Dropper.Remcos-7395733-0)
# Reference: https://www.virustotal.com/gui/ip-address/186.170.64.85/relations

186.170.64.85:2404
msipro2019.duckdns.org
nashpink2019.duckdns.org
proyectobasevirtualcol.com
recuperaciondecartera.website

# Reference: https://www.virustotal.com/gui/file/c382f97e5303ea6f171e7a1a1d1f305fa228dd368857d57035c70b7c1dbe4c2e/detection

186.170.64.85:6404

# Reference: https://www.virustotal.com/gui/file/c382f97e5303ea6f171e7a1a1d1f305fa228dd368857d57035c70b7c1dbe4c2e/detection

161.18.215.40:6404
179.33.63.205:6404

# Reference: https://www.virustotal.com/gui/file/ec3c174d36d5f8faa784d42a6972406d5ad258b770a308027a0bea1bb04a2fa3/detection

186.170.70.152:3370

# Reference: https://www.virustotal.com/gui/file/a0f495716cd691031cef9c3e92aa0c19f6f97a1179a60518797f1fdb5e1d82f7/detection

79.134.225.90:6553

# Reference: https://www.virustotal.com/gui/file/bb81e35d7d90e9d2a97408c256c4a498d85cfd36568e85b631766d34a9182b57/detection

79.134.225.90:2404
graceofgod.duckdns.org

# Reference: https://www.virustotal.com/gui/file/9d22fa075c100254780f36d4ece00b40fad5cad6c5be21e15ed929c99680b904/detection

79.134.225.90:24197
registerme.warzonedns.com

# Reference: https://www.virustotal.com/gui/file/646178cbc5b2452e1f3ee34500f039ab15f1f4d81533e1abc7db290fe43a10e7/detection

79.134.225.90:54985
1338099.ddns.net
jaden222.kozow.com

# Reference: https://www.virustotal.com/gui/file/eb712d5bb30e21cac53acdac476e526371534827486ad228c592facad084d220/detection

79.134.225.90:7331
7331.duckdns.org

# Reference: https://www.virustotal.com/gui/file/04393c8b23e1742c3ca20a081739b7bb959274adc61f83158d0ef96ef575779e/detection

79.134.225.90:1720
jack2019.warzonedns.com

# Reference: https://www.virustotal.com/gui/file/5689e69c5f46ab06f7b5b8d4aaaf235210ce6cf014fb3324c6d6c785ccb688c7/detection

79.134.225.90:5656

# Reference: https://www.virustotal.com/gui/file/330e409e8edbecfd1e3146c7dd09670e6d3364fb3f16ff0b2c129aea37b03e2f/detection

79.134.225.90:5001
teryts1802.sytes.net

# Reference: https://www.virustotal.com/gui/file/83c8a487ae867ea10107a1a6a93a5c1b6b54744a384338e166317049a53f97ec/detection

79.134.225.90:5355

# Reference: https://www.virustotal.com/gui/file/8bbfa7a830568b039465d6abf3c517422c94d3abfe6455410a1437430a48e2de/detection

64.42.179.59:33089
sdkljsdf89237487428974wrewrwrereerwerw.linkpc.net

# Reference: https://www.virustotal.com/gui/file/747cc60bf20b60daa1441457d74becb38f01564068d56e8eed000a1f9557d344/detection

199.249.230.22:33089

# Reference: https://www.virustotal.com/gui/file/da9f70611fc313108dfd69262954d2b926761528e20acda0593878ba0bd7a0ab/detection

198.203.28.43:33089

# Reference: https://www.virustotal.com/gui/file/60fc1a6f625150ec93ea5eb5cc91252542f15bd91dda6ea27d389b828a383061/detection

192.69.169.25:4864
abeasinf.duckdns.org

# Reference: https://www.virustotal.com/gui/file/97571694c24fc14cfb658d7620d74c69ef42a78e2bad32ca047022b984edf922/detection

186.170.76.206:4864

# Reference: https://www.virustotal.com/gui/file/45f8ba1f2b1456f4192a0ac31b2788c18b957fdec9d94da8f3c3a581cf0e0591/detection

192.69.169.25:1626
wiskiriski15.duckdns.org

# Reference: https://www.virustotal.com/gui/file/1daf168cc60d73346093932e5db44e055166da7e26c06e7fa7453ced43cffd42/detection

192.69.169.25:3864
pichicoyote.duckdns.org

# Reference: https://www.virustotal.com/gui/file/060231c7729f65f39c1cc05fbe097d9c872dabd9391cc20eaf60c8d3c3cb0b5a/detection

79.134.225.80:3360

# Reference: https://www.virustotal.com/gui/file/e8a34e6e1db7c73ffea0618863c3d4ce31f3b32c4a16ec04b11460efb13a195e/detection

79.134.225.99:3360

# Reference: https://www.virustotal.com/gui/file/d96c1dc0ea3859660cd97e0f88b0cb0fab0a974ac0f07c7eadd45f48407a0224/detection

79.134.225.123:3360
79.134.225.125:3360

# Reference: https://www.virustotal.com/gui/file/1f6baac0b57ae8c9a3dfe83c6c4bf14ed0b00c785c333cfd905f3b403c036077/detection

79.134.225.122:3360
79.134.225.124:3360

# Reference: https://www.virustotal.com/gui/file/29bd4d55cb24fd04eabdc27eabcabe11f348ed1fc60b4c066af3be4c5eed869c/detection

185.165.153.113:3360
185.165.153.198:3360

# Reference: https://www.virustotal.com/gui/file/cc0f030f39bfc8c65c10bbcee2ce8679f313687dcce2ea8218e2a8fc8cd5c14d/detection

79.134.225.58:5609
remcus.chickenkiller.com

# Reference: https://any.run/malware-trends/remcos (Note: as seen on 2019-12-04)

ubananocore.ddns.net
sandra.myddns.me
prayersanswered.hopto.org
gratefulheart.ddns.net
888rats.duckdns.org
grafeulheart.ddns.net
ijomsdavis1.ddns.net
blessingfollowme.myddns.me
slimyuyo.duckdns.org
vemvemserver.duckdns.org
3forall2019.servesarcasm.com
mozillamaintenanceservice.duckdns.org
spenzmarine-56499.portmap.io
fobeno-42652.portmap.io
lololol-54262.portmap.io
Theprohd-59801.portmap.io

# Reference: https://pastebin.com/r5ZV1TCJ

menaxe.nsupdate.info

# Reference: https://twitter.com/wwp96/status/1203002510765707264
# Reference: https://app.any.run/tasks/30aa42c6-1bf5-4eed-84fc-099cc2f69404/

174.127.99.167:8970

# Reference: https://pastebin.com/7Ak2nP2T

reverse.spamassasins.icu
top.multigamingjo.waw.pl

# Reference: https://www.virustotal.com/gui/file/80120be87db5c64640fbd69a55cfd335601de08d5bcff393e66ff6f51c460850/detection

79.134.225.121:22940

# Reference: https://twitter.com/smica83/status/1205000837430468608

top.phonefix1.waw.pl

# Reference: https://twitter.com/Paladin3161/status/1197842954037018625

192.169.69.25:1116
ashawo.duckdns.org
wecollect11.duckdns.org

# Reference: https://www.virustotal.com/gui/file/3e444ad341b93f3150b1eae401b84c1b8afd73a80345b4b328bd26c9e5dc5d66/detection

185.148.241.48:1115

# Reference: https://www.virustotal.com/gui/file/a22ede52f14be480dd478fa0ec955b807e4b91a14fbe1b5d46c07bbb5cacccbb/detection

185.244.30.116:1116

# Reference: https://www.virustotal.com/gui/file/53a20bb94b5f34076b98b161b786e24a3fe4c1d3ba36892a901f0709461d096e/detection

185.244.30.116:2444
proudsoldier.duckdns.org

# Reference: https://www.virustotal.com/gui/file/bf16f2332e28ac589939efd41ce77fafeed6c9f8b20661f55a0e1264c78bebd0/detection

91.193.75.49:1116

# Reference: https://www.virustotal.com/gui/file/efda9ecdddba583c653b76dbc825daaba070e16d4e6be3f6439278c6c023450a/detection

185.165.153.231:2404

# Reference: https://twitter.com/ActorExpose/status/1196103594845593600
# Reference: https://app.any.run/tasks/4be5595d-4651-40ae-b24d-917a47b26fbb/

79.134.225.46:1960
mgc1.duckdns.org

# Reference: https://twitter.com/coderippers/status/1194935759775641600

185.165.153.186:5132
91.193.75.51:3434

# Reference: https://twitter.com/Paladin3161/status/1194813271494148096

192.169.69.25:100
jamesremcos.duckdns.org
savagesquad.ooguy.com

# Reference: https://www.virustotal.com/gui/file/a8c80446c78199908f9187795627a6111e765b7abf20662cd0f1762ba80abaa1/detection

185.165.153.27:100

# Reference: https://app.any.run/tasks/4e587628-821c-42e9-ae52-ad84fd05ba85/
# Reference: https://www.virustotal.com/gui/file/9b4585e342acf00e8d7c0f0b215af2f74ce1a0b428583c30868dbc616d87e1dd/detection

srvc50.turhost.com

# Reference: https://www.virustotal.com/gui/file/1efc346c6761b933adc7a10ab7e6da5e6c65369b5b90f3ddd528ce2bcc3116ab/detection

91.193.75.51:4343

# Reference: https://research.checkpoint.com/2019/decypherit-all-eggs-in-one-basket/

rmagent.biz

# Reference: https://www.virustotal.com/gui/file/8003d7af85e3d328eb0c789e32bba3de456523c109847eca2ace5ae0252c1ee2/detection

185.165.153.22:2211

# Reference: https://www.virustotal.com/gui/file/04455422ee74836e38315b4ac9740470c963e45d5cf61fb3927f02ed9be4d995/detection

185.165.153.22:11011

# Reference: https://www.virustotal.com/gui/file/606aee9e6f0ec6e51dd94cda76b4978392bf5c7f505e049fbd936e7b97928387/detection

185.165.153.22:3330

# Reference: https://www.virustotal.com/gui/file/9fe933614e864926edb99dd6a6c1df31e3db0f74fb8c0d622ef73fd1c6e14104/detection

91.192.100.37:23850

# Reference: https://www.virustotal.com/gui/file/444a412bebf61392e5368bd1464f5773024d1c8758626cd7c5f061ba7688403a/detection

88.172.243.236:23850

# Reference: https://www.virustotal.com/gui/file/d2ddf0997db4b87a354abacba8f0b22f5923eeff7f01bcf3e2bae535160c579a/detection

79.134.225.122:23850
79.134.225.122:3366

# Reference: https://www.virustotal.com/gui/file/bd6220c705c6f321f59d1f45eea1e13c5171f7a2061dec9f907ffa291f3b9ec1/detection

79.134.225.122:2404

# Reference: https://www.virustotal.com/gui/file/c176c510cdc4c587528c7b3fd414ff373f966e669243ade0f76bc674e8053a9f/detection

23.105.131.156:2404

# Reference: https://www.virustotal.com/gui/file/abb4c76901b644cb756fe3727d3933d6a614d0709b62c78c9c54f2dd3ba6aea0/detection

192.253.246.140:23850

# Reference: https://otx.alienvault.com/pulse/5c4543d7fa493a3bac56ae13

jaxboss.publicvm.com

# Reference: https://www.virustotal.com/gui/file/fffb52d51e9688cc08c2a2ad0d818528174eda3e9738c7df8d009301bd127419/detection

173.242.125.75:7241
mysit.space

# Reference: https://www.virustotal.com/gui/file/8e99fca6285e318095ad693fa35b922f88743bf7743a1a8316eb0138fb771e2c/detection

185.82.202.149:7241
uploadtops.is

# Reference: https://www.virustotal.com/gui/file/a0dd3cf4f046432c109448c53687a0cf06cdc1d287fda725c7c15397dab984f0/detection

66.85.185.105:7241

# Reference: https://www.virustotal.com/gui/file/6caecb1c499dfb5b9a00c1eed46b7c6b223893f5a95a10dbb7dc41515a132c7e/detection

66.85.185.105:1427

# Reference: https://twitter.com/DynamicAnalysis/status/1205555781095108608

79.134.225.99:2018

# Reference: https://www.virustotal.com/gui/file/8c49d633a12c6ea14ac72e58de6c9f7ba239403f21cc25c6f1ae867b5df29b36/detection

41.203.78.140:2888
41.203.78.93:2888

# Reference: https://twitter.com/wwp96/status/1210224614149939200

185.140.53.26:2404
michaelking102.hopto.org
michaelking102.loseyourip.com
rennelautos.zapto.org
sunwap878.ddns.net
sunwap878.dynu.net

# Reference: https://app.any.run/tasks/8541d798-8243-46a8-8631-f54e6ed5d19e/

redsocial.instagram21.best

# Reference: https://twitter.com/James_inthe_box/status/1211999781721006081
# Reference: https://www.virustotal.com/gui/file/a05be2b7d477cf006794c746d241b4dad0a392f59d19238f17bc7128418108f2/detection
# Reference: https://www.virustotal.com/gui/file/76b700b072fd5820e296c1fd9a62f2a63c8c6715e778ad32213cdfcae5bae878/detection

108.62.12.134:4922
nolim.duckdns.org

# Reference: https://www.virustotal.com/gui/file/472aa23054d16bcf70e18d254613161d80cb345229aafca5e0b103e0afb65271/detection

aprsgkpc-51401.portmap.host

# Reference: https://www.virustotal.com/gui/file/51ba982bff7c5afbb35f5ce500570bf94aacda560e649e32fa9445155a31994c/detection

193.161.193.99:54120

# Reference: https://www.virustotal.com/gui/file/7a7060976e2908d0202c7c318be3226718cc324db2976e5423eb71b3851bad31/detection

tunedd30.duckdns.org

# Reference: https://www.virustotal.com/gui/file/e4f477f955ae23cb599858715626e86d3c5a8869d7cfd340af87147e2e7c9818/detection

178.124.140.136:6640

# Reference: https://www.virustotal.com/gui/file/28842367cd70d14f0776b246cb821275ff817051813b3ad4090eb412496d319c/detection

178.124.140.136:1284
dfrannk.hopto.org

# Reference: https://www.virustotal.com/gui/file/63e1f393cbd4bfe5c8e431af3de70b382482ed3e11b967db8caccf4c38ada733/detection

expertyline.mooo.com

# Reference: https://www.virustotal.com/gui/file/4c407408ea383edc394a84baed80b6991581a5df5d9cbcb818f83dfc1c6b4317/detection

ddfranks.ddns.net

# Reference: https://www.virustotal.com/gui/file/eb91f6ed14de853b1d987e199eaede7005c4cf6671321315d22e4626677bfb7c/detection

178.124.140.136:1515

# Reference: https://www.virustotal.com/gui/file/72b74037adf3cf0cf6e9ead907f565d4976b0ed15a8b62e2c8a8cde28a09867b/detection

178.124.140.136:2033
blessederic.ddns.net

# Reference: https://www.virustotal.com/gui/file/978b349faa2c6e8894897bb1cc54d1f92ca9613af0078528fab4f10466c2667b/detection

178.124.140.136:2669
dfranki.ddns.net

# Reference: https://www.virustotal.com/gui/file/b57e631645446ad3744528b05f961ea2c4cb23f426f0a6a6dea8203786c9e528/detection

178.124.140.136:3333
menorte.ddns.net

# Reference: https://www.virustotal.com/gui/file/2bd9dd47981f11b696c2ad7c6b11723da0f091c658210799e2fdd1efd326172a/detection

104.244.75.220:9300

# Reference: https://www.virustotal.com/gui/file/26d109f07bff6ad6142cc1e2c455849a3f641ac43660372686aad7381527fe00/detection

103.136.43.131:7368
104.244.75.220:7368
105.112.99.44:7368
194.5.98.25:7368
sam555.ddns.net

# Reference: https://www.virustotal.com/gui/file/48fafbbccc345ad4f5b9d525107cd139bde73ec2b4eb54432336bf6450943a5f/detection

91.193.75.49:2016
91.193.75.49:3001
proud.duckdns.org

# Reference: https://www.virustotal.com/gui/file/bf76c5ca49445e8aacb161337d1d333cf481c4ea7eaecfd2c2a3170e70a69ce7/detection

91.193.75.49:3111

# Reference: https://www.virustotal.com/gui/file/7618cd1e9e2ca86f97552e1c3584f418ffd17141832c913021b5c3694914106d/detection

79.134.225.97:54985
tools4money1.duckdns.org

# Reference: https://www.virustotal.com/gui/file/254a0ac154ebc83d9838fb52af5dc8118cfc31d81571cfdac3d3bf4f75be5d6a/detection

remcos.got-game.org

# Reference: https://www.virustotal.com/gui/file/f9aae3f8af4a70b5634a9ec9f069ac3458ff6835547107e42955fa12c5a2cf8a/detection

91.193.75.66:3039

# Reference: https://www.virustotal.com/gui/file/223e21cb4169999a2086cbcb4d56013d151b81745a541f300ffbbfd838c1a8f5/detection

79.134.225.72:4564
ebuxxxxx.duckdns.org

# Reference: https://www.virustotal.com/gui/file/8889736c0a30eb477236a624f55e66d38f52025db003cf7fe621fd084109db5e/detection

79.134.225.72:7676

# Reference: https://www.virustotal.com/gui/file/166e944c81082a59ffbf8cf5a2ae228913dc8656990d71238ad2db19cd2221b5/detection

top.pubgstores1.waw.pl

# Reference: https://www.virustotal.com/gui/file/5ee090b3c5b98a33e60f2a3eeb6f8429ffabc5ac0ea932e373c6a383cfce5289/detection

smart0147.ddns.net

# Reference: https://www.virustotal.com/gui/file/2170aa91350c123fa9a2319492afbd73c2b5fbe29a84c001efd545980c330856/detection

79.134.225.73:6569
passwrdboss.duckdns.org

# Reference: https://www.virustotal.com/gui/file/e4538221d4740b28f2aa439fddfba69448a2751a0a4f78b54145ddd7ef7d6992/detection

79.134.225.73:18943
cashoutmoney.ddns.net

# Reference: https://www.virustotal.com/gui/domain/top.fishingjoco.waw.pl/relations

top.fishingjoco.waw.pl

# Reference: https://www.virustotal.com/gui/file/72e6c5ce4b7844eee3a6b293f54aeedd38d572bd5ff7c3609507030da46041fe/detection

185.158.139.238:9334

# Reference: https://www.virustotal.com/gui/file/cbf1a3f24d6fb4c163cdc540dc6df98779b16e491017c9534c58a9f23df47941/detection

185.140.53.93:9334

# Reference: https://www.virustotal.com/gui/file/38de8ff2bdcad25f923d0d22138c23541991c3f96095a0ee22de5e1849f3f20e/detection

185.140.53.59:9334

# Reference: https://www.virustotal.com/gui/file/ad74423af971f9d55f4fb2ca010f6dc81ef98a6dd36fd18b833c2623d17eb913/detection

185.140.53.192:9334

# Reference: https://www.virustotal.com/gui/file/d99ac8879353bd8cbc3ca502cdc6cf5581652f1a26f7de6337644758d6370e16/detection

185.140.53.107:8787
185.140.53.107:9334

# Reference: https://www.virustotal.com/gui/file/0bca93258e81977fd667e4ceab83f2e3460dd5fa5d5f4e88549bd4bfad20ee12/detection

185.140.53.52:9334

# Reference: https://www.virustotal.com/gui/file/c7b6e9095074b013ff9e5f9f1b3a7a15493b8b4f099deda31f2cffc308cdfa61/detection

185.140.53.26:5200
185.140.53.26:8153
185.140.53.26:8787
185.140.53.26:9334

# Reference: https://www.virustotal.com/gui/file/63f7dcd1893c84eae20fe494fd9d0bda10dd809ead94eb4d2c271d25208fc992/detection

185.140.53.222:5200
185.140.53.222:8153
185.140.53.222:8787
185.140.53.222:9334
185.140.53.52:5200
185.140.53.52:8153
185.140.53.52:8787

# Reference: https://www.virustotal.com/gui/file/8fdf5d5c5cf41f4f80a563d12f07d6f59bdeed91028eaa888a982a45df76bd09/detection

185.140.53.115:9334

# Reference: https://www.virustotal.com/gui/file/44558aeedee27b83942c4e33a0c0f060035f2ef4beaf66af23f719f121934194/detection

185.140.53.94:9334

# Reference: https://www.virustotal.com/gui/file/f5a7efd0ffb5145945fed2f92b2df8a79847085547333ec841e3e0b1fc5e1133/detection

185.140.53.50:5200
185.140.53.50:8153
185.140.53.50:8787
185.140.53.50:9334
185.140.53.149:9334

# Reference: https://www.virustotal.com/gui/file/4d51a099cfcab43ebfdaef8d4bc8bd0560c933c665cb6ca353f63d2d97bb2f18/detection

185.140.53.91:9334

# Reference: https://www.virustotal.com/gui/file/225c850cfd1f040c9b7f3513eb77aa5830a4b37b9cb1a516cd128e7841429537/detection

185.140.53.162:8787
185.140.53.162:9334

# Reference: https://www.virustotal.com/gui/file/49e01999814d095689ceda6247ccaea14bcd21d0267e8705b393de930e883667/detection

185.140.53.114:8787
185.140.53.114:9334

# Reference: https://www.virustotal.com/gui/file/cbe362033ba85e20d7b86bc9108c1d1db1786febfbf0b99258e755ac8b6297b2/detection

185.140.53.194:8787
185.140.53.194:9334

# Reference: https://www.virustotal.com/gui/file/27d2f7b50dc11a146fd7d950a1d3eec3031882b970463b7b685b516849071fe1/detection

185.140.53.232:9334
185.247.228.103:9334

# Reference: https://www.virustotal.com/gui/file/d4487b370ba2645516192a1461cb25ed3d11d02e4d0fdce3025269ca7d63aefa/detection

185.247.228.251:8153
185.247.228.251:8787
185.247.228.251:9334

# Reference: https://www.virustotal.com/gui/file/c68b820b65097d851e33a977e562fd51d12d852613b43caba3b325dd74b0e618/detection

185.140.53.96:8787
185.140.53.96:9334
185.247.228.103:8787
23.105.131.142:8787
23.105.131.142:9334

# Reference: https://www.virustotal.com/gui/file/b4f87be6ab41d1216a36822bf791212e29eb07c469059571d916221f0508ef97/detection

185.140.53.208:5200
185.140.53.208:8153
185.140.53.208:8787
185.140.53.208:9334
79.134.225.10:9334

# Reference: https://www.virustotal.com/gui/file/a246556f34f23f1e8c67a4aadda22bd03324521aadf4526b0db5f696b6761d35/detection

23.105.131.216:9334

# Reference: https://www.virustotal.com/gui/file/eae3e753b4461e78f7f0206f2d3434f9ced9c302ec509e952e69332b2be73ee4/detection

sub.jofishingco.waw.pl

# Reference: https://www.virustotal.com/gui/file/cfc1e1ff16319b95761d4b4b950bd46e7c7b8cab339cbf556b21fa56cc7f069a/detection

23.105.131.216:5200
23.105.131.216:8153
23.105.131.216:8787
173.254.195.173:5200
173.254.195.173:8153
173.254.195.173:8787
173.254.195.173:9334

# Reference: https://www.virustotal.com/gui/file/590fac000e2f4cbe9a27520e6cf3223e045bc3386633c25088e55439679150f7/detection

173.254.223.68:5200
173.254.223.68:8153
173.254.223.68:8787
173.254.223.68:9334
91.193.75.128:8787
91.193.75.128:9334
98.143.144.221:9334
98.143.144.243:5200
98.143.144.243:8153
98.143.144.243:8787
98.143.144.243:9334

# Reference: https://www.virustotal.com/gui/file/9f945ca391310fb2880045f5bd60393d62b2a0c65f06aa57396d9bcb313128a7/detection

173.254.195.172:8152
173.254.195.172:8153
173.254.195.172:9334
173.254.223.121:8152
173.254.223.121:8153
173.254.223.68:8152
173.254.223.74:9334
204.152.219.119:8152
204.152.219.119:8153
204.152.219.119:9334

# Reference: https://www.virustotal.com/gui/file/96158e53f76c37ba6590d80f10bbc5009bdc758d388d456274fb065a5ce8f325/detection

173.254.195.173:8152
173.254.195.173:8153
173.254.195.173:9334
173.254.223.110:8152
173.254.223.110:8153
173.254.223.110:9334
185.140.53.236:8152
185.140.53.236:8153
185.140.53.236:9334
73.0.71.4:8152
73.0.71.4:9334
98.143.144.217:8152
98.143.144.217:8153
98.143.144.217:9334
98.143.144.243:8152
98.203.61.135:8152
98.203.61.135:9334

# Reference: https://www.virustotal.com/gui/file/5cac3d994fcc5eefdaef9ffd6b9fae41dd49f1a699e88746e17fb51a49f73bd2/detection

204.152.219.90:8152
204.152.219.90:8153
204.152.219.90:9334
91.193.75.126:8152
91.193.75.126:8153
91.193.75.126:9334
91.193.75.220:8152
91.193.75.220:8153
91.193.75.220:9334
91.193.75.128:8152
91.193.75.128:8153

# Reference: https://www.virustotal.com/gui/file/a26302049b7fbfa6d107b726717cc1a29c7b1dc04d3ad07b6a2f56fd3ca9cd1d/detection

185.247.228.103:5200
185.247.228.103:8153
173.254.223.110:5200
173.254.223.110:8787
73.0.71.4:8787
98.203.61.135:8787
91.193.75.126:8787

# Reference: https://www.virustotal.com/gui/file/0c92e3f679873eae4f540f6f62d29bd80abd6bdc7267221c5a0ba1f82c9e90f7/detection

185.140.53.213:8152
185.140.53.213:8153
185.140.53.213:9334
91.193.75.232:8152
91.193.75.232:8153
91.193.75.232:9334
91.193.75.238:8152
91.193.75.238:8153
91.193.75.238:9334
91.193.75.97:8152
91.193.75.97:8153
91.193.75.97:9334
98.143.144.211:8153
98.143.144.211:9334

# Reference: https://www.virustotal.com/gui/file/4b5c755f37994c6474cabd023f83ec8d58ff7f875d25fb788ec9770383833af5/detection

173.254.223.124:8152
173.254.223.124:8153
173.254.223.124:9334
204.152.219.93:8152
204.152.219.93:8153
204.152.219.93:9334

# Reference: https://www.virustotal.com/gui/file/1053aed27e83dc8f682739c0d1716060b1fa525d3a8cef7fb066e8103a3fe50b/detection

91.193.75.107:9334

# Reference: https://www.virustotal.com/gui/file/82889980e77fab696835eb230b3d3b04ade235e7a2442f267bfeae32dcb189f0/detection

173.254.223.121:9334
173.254.223.92:8152
173.254.223.92:8153
173.254.223.92:9334
98.143.144.207:8152
98.143.144.207:8153
98.143.144.207:9334

# Reference: https://www.virustotal.com/gui/file/925e39df3d71d49ed7c31790de157fd50e6bfc7eed6d151fa0c89760b059937e/detection

204.152.219.94:8152
204.152.219.94:8153
204.152.219.94:9334

# Reference: https://www.virustotal.com/gui/file/daaa67b875f56060c05fae1fa635f9a30786054b3efb9c3ef82204b30f6dd7fe/detection

185.140.53.137:9334

# Reference: https://twitter.com/wwp96/status/1214559701280722945
# Reference: https://app.any.run/tasks/fa298bab-4c01-4269-93af-1808d94595fd/

jessene.ddns.net
rennelautos.kozow.com

# Reference: https://app.any.run/tasks/ef3a8b4d-0d5b-4f7a-a187-336b1327884c/

successfulghost.duckdns.org
185.244.30.35:2009

# Reference: https://twitter.com/wwp96/status/1214925176632225799
# Reference: https://app.any.run/tasks/1ad4f2da-7513-4d09-bd27-f6cf3327b489/

209.127.18.228:2424
roboscchi.duckdns.org

# Reference: https://twitter.com/killamjr/status/1216571369892139008
# Reference: https://app.any.run/tasks/a58e0909-6db7-4a3e-961d-02dcb6800803/

161.117.86.44:2500
88.198.205.179:2500
devicenet.org
devicenet1.org
devicenet2.org
devicenet3.org
devicenet4.org
devicenet5.org

# Reference: https://www.virustotal.com/gui/file/3bcfb4fec5c49609ce2e1688f24ae874728e9fd53a1769673d2ad3ac0c5554aa/detection

174.127.99.211:9493
vision2020.ddns.net

# Reference: https://www.virustotal.com/gui/file/0c2912541176b553f2d4595ea338f88bc8d6110ac43cb892cf86dd06ca49307c/detection

41.242.137.4:9493
41.242.138.53:9493

# Reference: https://www.virustotal.com/gui/file/6e5a7c74c609d6363a56cca712900ec5ab4ffa4e22c0307adf9b30f56b7eb218/detection

185.244.31.31:9493

# Reference: https://www.virustotal.com/gui/file/972cd696927d9d1804566fe6a610a67ca4f9a1bd631769ba7a2d3b06f8413497/detection

79.134.225.104:1871
umc621.myftp.biz

# Reference: https://twitter.com/DynamicAnalysis/status/1217873533310816257
# Reference: https://app.any.run/tasks/a948d44d-9d3b-4675-8c4f-6ec951a9346a/

79.134.225.36:2121
79.134.225.98:2030
srvr1.serverpubg1.pw
srvr2.serverpubg3.pw

# Reference: https://twitter.com/Racco42/status/1221707041615630336
# Reference: https://app.any.run/tasks/ced5f8bb-826d-4ece-9e0b-35408f6e3b90/

91.189.180.199:672
srvr2.callofdutyserver.pw

# Reference: https://twitter.com/Racco42/status/1221721585868058625

80.209.240.101:2030

# Reference: https://twitter.com/wwp96/status/1221878428623872001
# Reference: https://app.any.run/tasks/d41682fc-e350-4a38-a2b2-397fbf22a3d6/

185.244.30.53:2404
lupend.ga
lupendbackup.ga
lupend.duckdns.org
lupendbackup.duckdns.org
rownip.lupends.com
rownip.mailredirect.ooo
rownip.schneidstore.com
rownipbackup.ga
rownipbackup.tk

# Reference: https://pastebin.com/R6JP78G1
# Reference: https://www.virustotal.com/gui/file/5cfda191c0a46c7849afb2014c290dbd57101d20407ef9bfcaacac5886a80814/detection

103.145.255.163:4040
103.145.255.163:6566
vip6654.live

# Reference: https://app.any.run/tasks/8b8041c8-7f80-4bed-944b-1e28edacaf3d/

olavroy.duckdns.org

# Reference: https://app.any.run/tasks/1d360fda-c2a3-48d3-9c0a-5d5911a5574b/

66.154.98.108:24046

# Reference: https://twitter.com/wwp96/status/1222574424450355201
# Reference: https://app.any.run/tasks/75213c65-a28d-4053-b6ce-691a95f2b91b/

91.193.75.248:1005
mohit36241.ddns.net

# Reference: https://twitter.com/Racco42/status/1222614871293845504

178.124.140.136:7894
xyz345.spdns.de

# Reference: https://www.virustotal.com/gui/file/5a0d3279a6a703f809a0526fb425c8f4d2d42a3794b35315d1ae05c9960702e9/detection

185.148.241.50:9727
lawwena.ddns.net

# Reference: https://pastebin.com/SamC9MPD
# Reference: https://www.virustotal.com/gui/file/a309e11a1eb76c83efa58d90a6870234603c819636e7acefea389790b6d83d32/detection

37.1.207.27:5555

# Reference: https://twitter.com/wwp96/status/1224385908394352642
# Reference: https://app.any.run/tasks/092bbf7f-4edc-4073-972b-e98000608a8d/

154.16.93.178:3376

# Reference: https://twitter.com/wwp96/status/1224777426305196038
# Reference: https://app.any.run/tasks/06d959a6-057c-43e2-af0b-41971499e6c2/

chommyflozy.duckdns.org
milky123.casacam.net

# Reference: https://twitter.com/wwp96/status/1225528218209394689
# Reference: https://app.any.run/tasks/255e11a7-fd7f-470a-b0a2-e4c557aeb2d2/

41.242.139.6:8484
legacy2020.ddns.net

# Reference: https://www.virustotal.com/gui/file/0230436c843aff9c00a762954bb2317e6a90c3c8b25d453fe3405805b22020b2/detection

184.75.223.227:56699
213.152.161.20:56699
213.152.162.109:56699

# Reference: https://app.any.run/tasks/45613eaa-cd76-409c-abd6-57d49c3245fb/

104.37.1.38:7902
rolandgeraldinelacotta.mywire.org

# Reference: https://app.any.run/tasks/7839af44-a26a-4b1e-885d-edee4e9aa7ae/

nj2ratt.ddns.net

# Reference: https://twitter.com/wwp96/status/1228361945780232192
# Reference: https://app.any.run/tasks/67e987d3-8e12-495e-a04a-aa965765cc6c/

41.242.138.29:8484
remcos247.ddns.net

# Reference: https://twitter.com/DynamicAnalysis/status/1229458649694769155
# Reference: https://app.any.run/tasks/657b7a80-7a29-4353-9fbb-d73b24100c39/

185.244.31.114:3090
backup1.gam2ng.pw

# Reference: https://twitter.com/wwp96/status/1229495413281054721
# Reference: https://app.any.run/tasks/d5332906-8319-4e81-a1b7-3cf6ee4f54d3/

185.244.30.16:8484

# Reference: https://twitter.com/wwp96/status/1229816791876198403
# Reference: https://app.any.run/tasks/091c477d-f4c1-41ea-a55d-8d6b6a70842a/

216.38.7.245:7279

# Reference: https://twitter.com/wwp96/status/1229810377959116800
# Reference: https://app.any.run/tasks/bff65255-585a-489e-a9a6-b9b31ccf56ca/

79.134.225.77:5151
mygodissogoodtome.ddns.net

# Reference: https://twitter.com/wwp96/status/1229843377711128577
# Reference: https://app.any.run/tasks/a38c2851-2556-4f73-863f-fd895d152cb1/

185.244.30.19:1930

# Reference: https://app.any.run/tasks/48f66baa-9be1-4325-9d78-54da7353f337/

jacksonsmit.ddns.net
185.244.30.16:8484

# Reference: https://twitter.com/yvesago/status/1230414301221019648
# Reference: https://app.any.run/tasks/3211cb34-3ead-4e2f-96d3-30d887c1a208/

79.134.225.52:1994
experience1994.hopto.org

# Reference: https://twitter.com/500mk500/status/1230557502862843904

191.101.22.21:1005

# Reference: https://www.virustotal.com/gui/file/3909a024c17e133fea95cbdc7e54a25d1144a24a78d43af4e84de35e00227b68/detection

79.134.225.38:4000
79.134.225.79:4000
iyamahrem45.warzonedns.com

# Reference: https://www.virustotal.com/gui/file/d97f1dc45bb4cc7224ac9fd00306abc925b8af72e0bc0520fd5a072f78318277/detection

79.134.225.38:1989
agshrf.ddns.net

# Reference: https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html (# Win.Packed.Generickdz-7586813-0)
# Reference: https://www.virustotal.com/gui/file/dfb75c837ea961311b96c32257c46ebfa53d679834cc6fbd207dae4c2a8297b9/detection

46.105.98.53:4782

# Reference: https://www.virustotal.com/gui/file/74c3a5f44d545c7eb905dced1d5b0ffb4a56a81e5b722c2252d0f60fba627318/detection

185.165.153.29:3636

# Reference: https://www.virustotal.com/gui/file/6a6784d34afba70572cc188f5853e06ee3ea5422fe80fc5e42bf3ff6203b5527/detection

185.140.53.139:3636

# Reference: https://www.virustotal.com/gui/file/7f9d115776d5a404d6b02a64473f3f4b2e36aa13bdd22b2437dc220385b65e09/detection

79.134.225.75:1234
sixteen147.ddns.net

# Reference: https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html (# Win.Ransomware.Remcos-7586925-1)

secure.jagexlaucher.top

# Reference: https://www.virustotal.com/gui/file/c5193ef79fb9a0e616eeb7904bc66b9aeb9b1c42aee393b6829f9617462664b0/detection

186.118.80.105:3201
186.118.93.21:3201
elcamionsr.duckdns.org
impindusltdz.duckdns.org
induspals.duckdns.org
induspalse.duckdns.org
msyswintxl.duckdns.org

# Reference: https://www.virustotal.com/gui/file/db12191309c125be008c08d8ba8444cf7a0240ea36b1f54aace2ba46bb3228d8/detection

167.0.102.88:3201
167.0.104.40:3201

# Reference: https://www.virustotal.com/gui/file/a352d00e0322a0e397f167c1164f7667c672935ba14d29c4f4b60f26d0a88f5d/detection

186.116.218.183:9134

# Reference: https://www.virustotal.com/gui/file/963abe7aa94c8b3e12e231e10c62ba00e3f89948edb77e017cb2eb25bc24ca56/detection

179.32.78.10:9134

# Reference: https://www.virustotal.com/gui/file/e20b3ae04270e83b45f08235d3f8e9ad1dcc8f6966a2dc03aaeddfc8982090cc/detection
# Reference: https://app.any.run/tasks/aab68fdc-ebbb-4416-be92-6469b1145c0c/

149.167.94.36:8754
167.0.101.103:3201
toolpres.duckdns.org

# Reference: https://www.virustotal.com/gui/file/6416daf02055125dd7a513058a8c5a3e1bb97c049ae428ccb5c7600ab576ccb1/detection

94.73.22.187:83
bobbylight.zapto.org

# Reference: https://twitter.com/DynamicAnalysis/status/1231999794035535875

185.140.53.214:1898
mercy01.ddns.net

# Reference: https://twitter.com/killamjr/status/1232457439229820928
# Reference: https://app.any.run/tasks/47b0c22e-98c8-4234-99af-5d23b31c74c3/

79.134.225.102:2030

# Reference: http://benkow.cc/export_rat.php  (Note: as seen on 2020-02-26 - filtered)

agbero.duckdns.org
civita2.no-ip.biz
dixenweb.ddns.net
ejiroprecious.ddns.net
emilylattaa4111.serveftp.com
firstclass197007.hopto.org
ichie.hopto.org
jaxboss.publicvm.com
keypay033.dynu.net
mdformo.ddns.net
microsoft24515062.serveftp.com
opitalia.ddns.net
provafood.ddns.net
semonsemon.zapto.org
vice.hopto.org
wecollect.duckdns.org

# Reference: https://app.any.run/tasks/4ed77208-4026-4fdf-b990-a66732c6e7f8/

jload06.xyz

# Reference: https://twitter.com/wwp96/status/1236003598812753921
# Reference: https://app.any.run/tasks/70206853-5fda-45bb-b99b-387b79dbd42a/

87.101.92.68:1067
servr1.willbeban1fabuses.xyz

# Reference: https://twitter.com/wwp96/status/1235999989685420033

185.140.53.4:5151
goddywin.freedynamicdns.net

# Reference: https://twitter.com/wwp96/status/1236020295225536512
# Reference: https://app.any.run/tasks/77f4fcf4-962a-4552-a70d-6a73b79bb901/

chommyflozy.casacam.net
unitransports.duckdns.org

# Reference: https://twitter.com/58_158_177_102/status/1236812973156364289
# Reference: https://app.any.run/tasks/00c5eeea-f240-4a69-9e30-b68676cdd2d2/

185.244.30.14:7171
favournwa.ddns.net

# Reference: https://twitter.com/wwp96/status/1237468685415178242
# Reference: https://app.any.run/tasks/ae5b24b1-2e57-4986-ad20-ade9b057f9bf/

u864246.nsupdate.info
u864246.nerdpol.ovh
fs03n2.sendspace.com

# Reference: https://app.any.run/tasks/3b110d0e-15aa-4f3a-b592-fa1da1444a88/

185.208.211.64:2020

# Reference: https://www.virustotal.com/gui/file/d86075425ffb3c196e64ca71bcf7a0846df91444e53987638cf212dae52e5961/detection

79.134.225.112:2404
79.134.225.95:2404
41.190.31.245:2404

# Reference: https://www.virustotal.com/gui/file/da0f330f3e5992eb6c9dd0b38eaa332be093b04153c0fa1852b0b5309543c5a6/detection

79.134.225.74:8906

# Reference: https://www.virustotal.com/gui/file/44c13aa211c5571aec2cdb56f461d2f4309b4070a271dfaca037e8e56db87804/detection

104.37.1.38:7650
79.134.225.74:7650
Nanomoney.entrydns.org

# Reference: https://www.virustotal.com/gui/file/08dcfa6f7dcd4c907f01000ea4890dfaea8a386d9c3fee253127d1c6f6974810/detection

79.134.225.74:7890

# Reference: https://www.virustotal.com/gui/file/66137b5faf49de1ffa5990b57f6f4d8543ddb7b7a19d0e8bce53446dc1ee91d6/detection

79.134.225.87:5001

# Reference: https://www.virustotal.com/gui/file/1f524e469d0ee3bdb24feff5dead9b188f609c74beb90888cbde4c042a1075ca/detection

79.134.225.87:888
primspa1.duckdns.org

# Reference: https://www.virustotal.com/gui/file/8b3f39059e7f85c0312423abd50a311e6f1df8e04136bf8e4bedb9884229e11a/detection

79.134.225.87:999
ziccusu00.duckdns.org

# Reference: https://www.virustotal.com/gui/file/776eaa3b21ac18c01341a09b6db2dddd6049a70e3c5285de6474da7097049fc3/detection

185.165.153.158:3765

# Reference: https://www.virustotal.com/gui/file/e0f393f5a884cf5d65640260db9aa2b6d68a4be9e4ab8d0a27a911a0b3c876ce/detection

79.134.225.87:2404
lpisback.duckdns.org

# Reference: https://www.virustotal.com/gui/file/39046a68d3a0b89281dd3e8d5713f76ba6cd15497279586cbf016bf6bac5eedb/detection

79.134.225.87:40099

# Reference: https://www.virustotal.com/gui/file/00bf0217afa40f1d254bb60b4885151fc8e7b0d22bbcc64e7c6c88144296cb76/detection

79.134.225.87:5578
osloc1.duckdns.org

# Reference: https://www.virustotal.com/gui/file/ac96d8c75320162a4e4e32760ece2b5ad066899ee5204c99bc2b2b17012fe4a4/detection

79.134.225.87:1630
tmppaparazi.dynu.net

# Reference: https://www.virustotal.com/gui/file/6eefcc4df76863d15eb7dd46148a156465db96d2a7c3a44c77a17c1434d06a86/detection

flasback.duckdns.org

# Reference: https://www.virustotal.com/gui/file/a770498f38ef674902cfc8879eb0ae88d2201d7fb5b61e63541244e10c2de7c8/detection

79.134.225.113:2404

# Reference: https://www.virustotal.com/gui/file/79843b0bc5b7770bf06ab747a069a34ef8933045b3a64c021f67823a602e90cc/detection

79.134.225.113:5355
79.134.225.121:5355
richarddsimps.ddns.net

# Reference: https://www.virustotal.com/gui/file/a13a787fe0a742da7f9d147e80dcb122b9fe8eaf60a78ca506c9a21149f99373/detection

79.134.225.117:666

# Reference: https://www.virustotal.com/gui/file/64551b04da5c87e5ecaa8e315cdd186fac570fbf47ad3cf5eb3daf4b1138859d/detection

185.244.30.251:1122
shabi1144.ddns.net

# Reference: https://www.virustotal.com/gui/file/545212a4eb881f34fc2d3adb1f2bf62aa4e5ca37e7a1c7a8e4b5fabec0525386/detection

178.124.140.145:8652
pcent4real.ddns.net

# Reference: https://www.virustotal.com/gui/file/db2524104c83282dd3d42a07f0cfe4fad0ed9b7a3e664caefe4b2669b027e083/detection

178.124.140.145:5132

# Reference: https://www.virustotal.com/gui/file/10f04c28ff3663fb84394c007d8d170e0a3b78bfd9c5b5a39c79ca7254037559/detection

178.124.140.145:7272
5.135.67.231:2404
aboki.ignorelist.com

# Reference: https://www.virustotal.com/gui/file/ddc1be7028b2502d6d9fd951e420decfe6346df4d9c5c98cdbbda0ec317e1690/detection

178.124.140.145:5000

# Reference: https://www.virustotal.com/gui/file/c52767fc4b82c893fddbe94767d0c488469ad05332f0216cbb07b7be3aecd62c/detection

178.124.140.145:1994
experience1994.ddns.net

# Reference: https://www.virustotal.com/gui/file/719d66b11a535ce3fc2cde6cd2dbc8de9ba14701ff39ed372fd0bb17e734a6f5/detection

91.193.75.137:1969
papi231.duckdns.org

# Reference: https://twitter.com/MSteve25/status/1240341489101803521

185.244.30.12:8970
remkill.duckdns.org

# Reference: https://www.virustotal.com/gui/file/38cf49c1fb4e9090ffaca117d64bb985e1df8d0b88952c2322b3230c76b44538/detection

216.38.8.179:777
newvision.ddns.net

# Reference: https://www.virustotal.com/gui/file/8cb4eb249cb024561fd1949a44f98356b95e60ba14c17f4ae4962fc0234df011/detection

216.38.8.179:1379
airsack.ddns.net

# Reference: https://www.virustotal.com/gui/file/a2e020e6642854a20d9b7523c29bb5e1a7fb730ddafbeccd53f5595ce596d179/detection

185.165.153.228:6868
bukamm.warzonedns.com

# Reference: https://twitter.com/JayTHL/status/1241125967424360458
# Reference: https://www.virustotal.com/gui/file/9a555e49a8804460c067fff544fba3663c8cc0be92a1a0ad92bb6fe1b8f206c6/detection

185.244.30.125:2404
jbarn.sytes.net
kenthomas.giize.com
rex2015.freeddns.org
rex2016.freeddns.org
rex2016.hopto.org
rex2017.freeddns.org
rex2017.hopto.org

# Reference: https://www.virustotal.com/gui/file/3eb378421462244e5ec0a6d50eca01badfe1f88160e0a758a567c7930dfb8290/detection

brhsapir.hopto.org
protopacink.gleeze.com
rex.hopto.org
rex2013.freeddns.org
rex2014.ddnsfree.com

# Reference: https://www.virustotal.com/gui/file/a90d204e48d815b3c3376552f5fc5a01ebcf115d6022abb3f97b1b111b079c0d/detection

financeff.hopto.org
jkharding2013.ga
jkharding2014.ga
joyceedwards2013.casacam.net
tylerfreer.ooguy.com
wrtan21.hopto.org

# Reference: https://www.virustotal.com/gui/file/753883fa972dda966abb3adad3cfc94f0a82ca128d1908df58bac3ba93e60bd3/detection

37.47.79.124:132
nocpnv.ddns.net

# Reference: https://twitter.com/w3ndige/status/1242138938501926915
# Reference: https://app.any.run/tasks/aa3e9e89-05d5-474c-a3c8-706699312a72/

91.193.75.7:7171
onyeoma111.ddns.net

# Reference: https://www.virustotal.com/gui/file/9b31dab1a7fa6a0e3bc6f3fe2d856869d16c84f374b64e5ceca1bd73b18ab186/detection

185.19.85.158:7100

# Reference: https://www.virustotal.com/gui/file/02d100b77777705d86a940c8f3142fb4b125fdcb91a3be68797d40f19c6410eb/detection

178.124.140.144:7100

# Reference: https://www.virustotal.com/gui/file/f0dc6049711ee06b8f28bf1e9f596d9fbb3075d0aba1f3a0561127c97091fb9e/detection

178.124.140.148:7100

# Reference: https://twitter.com/baberpervez2/status/1242335218901663747

u864246.tk

# Reference: https://www.virustotal.com/gui/file/5560a23de5ed8b729830c1c515a9f5459e9e29cb6888d119638a4770b79754c1/detection

185.244.30.124:2404

# Reference: https://twitter.com/ScumBots/status/1242425273079017472
# Reference: https://www.virustotal.com/gui/file/abd4e6ee8152822c0545bd27a4f4c5114728873873e227044dfb48ecf1ecb37f/detection

149.248.160.226:7005

# Reference: https://twitter.com/James_inthe_box/status/1242507257574719488
# Reference: https://www.virustotal.com/gui/file/c7e7638b84b5f2803bfc41cc5833110f90fd32eaf8ba8f3c31288222a67f9574/detection

185.244.30.78:24048
185.244.30.78:34046
54.37.160.139:34049

# Reference: https://www.virustotal.com/gui/file/c23b6f93d8449166426d90a1cf9d468037f62e641bc50e7c1005da6f8be69608/detection

185.165.153.228:2019

# Reference: https://twitter.com/ScumBots/status/1244176813699616769

193.161.193.99:49483
193.161.193.99:50721
193.161.193.99:62254

# Reference: https://www.virustotal.com/gui/file/397f1ec81db07d97dc246c38a16ecf1eb5b7bbf900218a60197d2db446585e32/detection

41.103.10.32:5673

# Reference: https://app.any.run/tasks/e9a9e116-924d-4411-a454-9a841c51c39d/

185.244.30.123:5149
kirtasiye.myq-see.com

# Reference: https://twitter.com/James_inthe_box/status/1245714128695521280
# Reference:  https://app.any.run/tasks/cc60c746-1cf8-4adf-8055-4964111c1c9f/

23.105.131.161:7279

# Reference: https://app.any.run/tasks/d54e08fd-f22a-4beb-9ac1-633ebbe77584/

199.249.230.42:2492

# Reference: https://www.virustotal.com/gui/file/28e8568f488b4573da6b13cd3d8601e6a624098e45d773f37e4aa6f78a4d9fc4/detection

91.170.144.1:16800
themaster3314.ddns.net

# Reference: https://www.virustotal.com/gui/file/284b368d39d240ce2cda28e143d8d48205fc211379ace30e4abbb888402058d4/detection

79.134.225.122:5001

# Reference: https://www.virustotal.com/gui/file/ff66c3616bcc13713378f0b89c7f9a7d754ebdadd027b511a4599b1675b4841a/detection

79.134.225.114:5052
neshoitry.ddns.net

# Reference: https://www.virustotal.com/gui/file/b39a30e55d55c69ad75cd21cebb5be1749325cb10a05dbcc334964ef963f5d65/detection

79.134.225.114:2332
owensmith.linkpc.net

# Reference: https://app.any.run/tasks/0618ea81-3606-4992-be9d-d296c03d679c/

79.134.225.72:3800
vision2020success.ddns.net

# Reference: https://twitter.com/malwrhunterteam/status/1248696301275025409

162.218.115.147:7070

# Reference: https://blog.talosintelligence.com/2020/04/threat-roundup-0403-0410.html (# Win.Dropper.Remcos-7647550-0)

malu1234.duckdns.org
erunski22.ddns.net
barrywill.hopto.org
chacert.gq
alljobnew.duckdns.org
elintec.site

# Reference: https://www.virustotal.com/gui/file/c3832484e342390c0a3c406da30af7d2536ff2e615714a95ed143f5ecd73be89/detection
# Reference: https://twitter.com/malwrhunterteam/status/1036972726404177921?lang=ca

140.82.57.249:8003
svchost.club

# Reference: https://www.virustotal.com/gui/file/eed983f0eedd7a3f07f49177b8fe0e18d89fa885359e70b02433afd4fb099818/detection

kabiru.ru

# Reference: https://www.virustotal.com/gui/file/b71f954a6371076f9c87b1005208bf5e712806af1f5e037b5eeaa6aadac6d7fb/detection

binexeupload.ru
stubbackup.ru

# Reference: https://www.virustotal.com/gui/file/df560a99f2f4fbd221ddfe1b9f6a9e3bea247677cd4512f74538568160d95126/detection

5.253.114.116:2404
sponsored-ads.co

# Reference: https://www.virustotal.com/gui/file/8f79778cf67b649928a83b3367814f15a2c74119acc90b6ccc819dedc1b83a28/detection

5.253.114.116:2405

# Reference: https://www.virustotal.com/gui/file/f761911e8a45e794bf89a605b14aa7b97785541a186ad593d3ec71e5a1494724/detection

5.253.114.116:2406

# Reference: https://twitter.com/pancak3lullz/status/1250862951185121287
# Reference: https://www.virustotal.com/gui/file/28ac3a50d51131f60e087aace3c06a5a9181f19f1b5830ca5a906074bb7cb449/detection

79.134.225.37:1332
gaming.smartbuyjordan.xyz

# Reference: https://blog.talosintelligence.com/2020/04/threat-roundup-0410-0417.html (# Win.Dropper.Remcos-7662156-0)

brockmax2v2.hopto.org
ch31238.tmweb.ru
danishcent.duckdns.org
harri2gud.duckdns.org
hjkgfhsf.ru
menaxe.nsupdate.info
omorem.duckdns.org
onelove03.duckdns.org
sabbbb.ddns.net
securehub.top
snooper113.duckdns.org

# Reference: https://app.any.run/tasks/9cb9db8b-9cb1-4bb0-9f94-8d692ea983c3/

185.140.53.21:2404

# Reference: https://twitter.com/malwrhunterteam/status/1253767947325235200

185.244.30.22:8970
79.134.225.9:8686

# Reference: https://twitter.com/malwrhunterteam/status/1254097817162915843
# Reference: https://twitter.com/James_inthe_box/status/1254102265876508672

185.140.53.9:47580
lachattemouilleee387538783444.duckdns.org

# Reference: https://twitter.com/Racco42/status/1255448660646735875
# Reference: https://app.any.run/tasks/67f663a3-1513-4aa3-9769-3e3cd9bb7ce3/

top.gaminjo1.pw

# Reference: https://twitter.com/Racco42/status/1257561671268208647
# Reference: https://app.any.run/tasks/af0223e5-6920-4b03-9df1-d3e0cc4e9856/

154.16.93.185:672

# Reference: https://www.virustotal.com/gui/file/71ae4c1afb9db6641a4bc94c7d48b83d5b2d0af8507620588e971c9c609c88d7/detection

103.125.217.169:2310
105.112.100.65:2310

# Reference: https://app.any.run/tasks/4914378f-0c6c-4348-944e-f332f7cc88dc/

181.52.103.140:1011
remcquince.duckdns.org

# Reference: https://www.virustotal.com/gui/file/f69fcfb9de5546dc7b98f20d6d4f387f66e4583637f29a494cb664138d441a73/detection

79.134.225.73:7650

# Reference: https://twitter.com/JayTHL/status/1258880410416799746
# Reference: https://www.virustotal.com/gui/file/8ac973617b45c5d0ea2711e9ba025a2cd19a65a97cf82273845472c9ae74f2e9/detection

79.134.225.81:2266
coolta66.gq
coolta67.ga
coolta68.ga
coolta69.ga
coolta70.ga

# Reference: https://www.virustotal.com/gui/file/54c528daf8bbe5f232464f76e3f3ab482486b590009e5b4121896dfbca152ac7/detection

91.193.75.239:2266

# Reference: https://www.virustotal.com/gui/file/7ebf6d9d55089b045426dad354ba80120db475f16dc13dc9401e4ebbd10f647c/detection

79.134.225.105:2266

# Reference: https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html (# Win.Dropper.Remcos-7724400-0)

dolxxrem.hopto.org
goddywin.freedynamicdns.net
godspower19566.hopto.org
khalifa.dynamic-dns.net
mide1.ddns.net
millionaire232.ddns.net
myb22.camdvr.org
remcos.got-game.org
rex2017.hopto.org
rex2018.hopto.org
youngboss23.ddns.net

# Reference: https://www.virustotal.com/gui/file/4f704c20024f02d19c096f82158d891dce7bf7a1b261dcce3226fd6d43b7fc64/detection

104.248.133.59:2403

# Reference: https://www.virustotal.com/gui/file/4b13bb36220d46ab9fa89c4163c8ec571fe0c113af00773d0968fa51c4056bbd/detection
# Reference: https://www.virustotal.com/gui/file/8df9bddf123ffa3fa0f312d56bedde096310a02676e2b023530d8cd6856caa37/detection

185.140.53.18:7082
freenigga.ddns.net

# Reference: https://www.virustotal.com/gui/file/678cbb81b782c58df5e2790b34e9a9a8a4d3af1b0a17fd320bf27111e959bc6d/detection

185.140.53.43:2404
godwin12.warzonedns.com

# Reference: https://news.sophos.com/en-us/2020/05/14/raticate/

cashout2018.ddns.de

# Reference: https://twitter.com/JayTHL/status/1261339604239646723
# Reference: https://www.virustotal.com/gui/file/d76de8b8be89cd4dbe4f861cd4152eae2fafa783bace624cae1b231d8de8da3e/detection

194.5.99.146:1982
testbush.duckdns.org

# Reference: https://twitter.com/dynamicsoaring/status/1261048946438397953
# Reference: https://app.any.run/tasks/3f7e4a16-00dd-4168-9552-db30c5194c05/

185.140.53.69:2404
doc4.ddns.net
doc5.duckdns.org
donald30m.gleeze.com

# Reference: https://blog.talosintelligence.com/2020/05/threat-roundup-0508-0515.html (# Win.Dropper.Remcos-7771461-0)

experience2477.ddns.net
godsfavoured.ddns.net
jbcbeads.myddns.rocks
johnhoff2.hopto.org
lakeside007.awsmppl.com
myb50.myddns.me
nagod.ddns.net
rex2018.myddns.me
rex2020.myddns.me
u863495.awsmppl.com
xxxxza.dynamic-dns.net

# Reference: https://www.virustotal.com/gui/file/98f031407df4d599b9027f8e672436f1b61876048529a1304bc3118c82d42bd6/detection

185.244.30.247:4045
enmark81.duckdns.org

# Reference: https://www.virustotal.com/gui/file/e5171603aba08d750c97604eb510f3586245b86eaae0cb08461d734c72258e95/detection

185.165.153.238:9210
mtz11.duckdns.org

# Reference: https://twitter.com/Bl4ng3l/status/1264862595082788866

194.5.99.143:6666

# Reference: https://twitter.com/DynamicAnalysis/status/1265346721795715073

79.134.225.98:6996

# Reference: https://www.virustotal.com/gui/file/95e5e81e7413f7c7c5294525ec7e0ed2f1f022d0e2ce02717483d7e3ba438bf9/detection

193.218.118.190:42017
site.ptbagasps.co.id

# Reference: https://blog.talosintelligence.com/2020/06/threat-roundup-0529-0605.html (# Win.Malware.Remcos-7914589-1)

boot.awsmppl.com
coolcc1.xzy
coolget1.xzy
coolta1.xzy
coolta2.xzy
coolta71.com
dolxxrem.hopto.org
goddywin.freedynamicdns.net
latua.nsupdate.info
newdawn4me.ddns.net
thankyoulord.ddns.net

# Reference: https://www.virustotal.com/gui/file/91842f75fd9b77f4e8d171b6103d26ed7fde38232ef520ee2b066c2ba7381bef/detection

41.111.43.45:1337
sh.sytes.net

# Reference: https://www.virustotal.com/gui/file/0ffdd28e152681a8abca0a9c7f88ba1cd7b945c7ee2df82af6606adf4a426f0f/detection

197.207.171.72:1337

# Reference: https://www.virustotal.com/gui/file/2830a6a923b2d7ff9c4839672db11f64675732aa4d44343b9b7573ca4d6486a1/detection

45.74.35.38:1144

# Reference: https://www.virustotal.com/gui/file/d76483dd726209229a345e0d3856094275e62326ba800cff3b506ba6b7aaca5e/detection

197.207.191.156:1144

# Reference: https://twitter.com/ScumBots/status/1270113968649113604

134.249.160.9:7777

# Reference: https://twitter.com/JAMESWT_MHT/status/1270365125464203264
# Reference: https://app.any.run/tasks/5f6b1ed2-3f06-4a9c-b4f6-b8bc9c757a17/

193.104.197.27:4229
193.234.95.68:4229
newrem.duckdns.org
servr2.plzbanif3abused.xyz

# Reference: https://twitter.com/reecdeep/status/1270747853573537792

185.244.30.113:6996
eastsidebandit.myddns.rocks

# Reference: https://twitter.com/JAMESWT_MHT/status/1270981434703056899
# Reference: https://app.any.run/tasks/821468ce-9c90-48fb-afe5-7df3e1096df4/

194.5.99.132:42017

# Reference: https://twitter.com/MalwareConfig/status/1271561068167512065
# Reference: https://www.virustotal.com/gui/file/d810038d3a2198564a3fe1a23260f4adef32385f265f1d79f77ff1b282f09710/detection

144.217.255.52:10134
phazeonrunescape.ddns.net

# Reference: https://www.virustotal.com/gui/file/09a16ee256f6a7b289e4a65013e3cd9f2c271d14ab1bf44ed89b856aeb13f2c2/detection

36.70.188.129:9798
uqm.ddns.net

# Reference: https://www.virustotal.com/gui/file/48404246cff844b59a4734b2ac30a05b4fa1a6f8750a7eb6ef403db312b7ba42/detection

23.105.131.141:8811
nagod.ddns.net

# Reference: https://www.virustotal.com/gui/file/15d899d86ec22da49666a2e19883acf76c17f8c0fb4cc79f6860de2e687b7061/detection

216.38.7.231:8811

# Reference: https://www.virustotal.com/gui/file/4691e58de9940ece438bdf64bcfd43d3186a1a19c9fe43b5164e6a83d60f5f08/detection
# Reference: https://www.virustotal.com/gui/domain/dns.dunamix.me/relations

185.244.30.82:2048
192.169.69.25:2048
dns.dunamix.me
easter87.duckdns.org
oluchi.ddns.net

# Reference: https://www.virustotal.com/gui/file/a8d761e48b662116fd637b656e6138e3cfb902af76ecdb31e73ddde18f0affa5/detection

216.38.8.168:8787

# Reference: https://www.virustotal.com/gui/file/0b4964c33138a53c916b451fdaec7372f9e238361a9bbcde428cdd941f1d7f11/detection

216.38.8.168:7070

# Reference: https://www.virustotal.com/gui/file/d1649b71e9c38f0dc10838f258998914a966fdb2caccd78f210cc34707420497/detection

23.105.131.154:7070

# Reference: https://www.virustotal.com/gui/file/efe9c3a82e0b98a6b144d86f06ec68e8f6b3d735117de23dacc598ad2ab1dc37/detection

23.105.131.154:5050

# Reference: https://www.virustotal.com/gui/file/e0d227ec8d25b5d6b05b931435fed286895edbfe9990a388c925e0b91911e9d3/detection

185.244.30.82:2048
igbo.hopto.org

# Reference: https://www.virustotal.com/gui/file/063cee4d23dc9351a9805b239fb6ddd531af5d7a4657919b5feeab757f877ec7/detection

185.244.30.17:1965
ifeanyiogbunebe.ddns.net

# Reference: https://www.virustotal.com/gui/file/eefb8c8f6588ed3c764a1384fae0da22874ba64bedac4ba1a7b92fa08878cb8d/detection

91.193.75.27:7070

# Reference: https://www.virustotal.com/gui/file/0cdfbe3c9db21651126b282d338539c625748118f6a1045c3d5c12d5e12f0d3c/detection

91.193.75.27:1990

# Reference: https://www.virustotal.com/gui/file/20c0e5b7620d51b026ce693ce54ccdf0dad76fcda9747913feeba3f8d34f25e8/detection

185.165.153.17:1120

# Reference: https://www.virustotal.com/gui/file/373a778ae1a96ec5470097f7dcda115ac9b48ff1e646f37837a2547c10af2cd3/detection

185.165.153.17:1010

# Reference: https://www.virustotal.com/gui/file/b097d38be9a17b46ba76b5eb4c22b3201af79492bef21a8a765128337a55f57b/detection

91.193.75.5:8678

# Reference: https://www.virustotal.com/gui/file/2003c5fea62a63caca412982a0a5d7288fe7b5a063eebc7c9b84ea7baab539b6/detection

3.126.37.18:10752

# Reference: https://www.virustotal.com/gui/file/14cd5671644e47f0336603c7abfd8868c066e52e2d1411f42b2987d35b00ce2e/detection

18.197.239.5:10752
3.127.138.57:10752

# Reference: https://www.virustotal.com/gui/file/63955e38216c81a4fcee2be6cbb14273bd57abab9e7b2042fbe2100e44aad91b/detection

185.140.53.11:8090
newbackomo.duckdns.org

# Reference: https://twitter.com/JAMESWT_MHT/status/1272889477430722562
# Reference: https://www.virustotal.com/gui/file/af167bda48f2c529f5c40634b0656e1a200806b7f04fa340c6f2cc649da6cde4/detection
# Reference: https://app.any.run/tasks/f7950d7e-918d-4044-b82e-aca79ba124d7/

http://91.235.143.133
185.244.30.113:6996
twistednerd.mywire.org

# Reference: https://twitter.com/reecdeep/status/1273201836858716166

flambouyantpapi.myq-see.com

# Reference: https://www.virustotal.com/gui/file/414d4369268bd3d1c22d2c295e2b5af0cf11c09a754a99be438c4a14f37f6896/detection

185.140.53.18:7082
baby212.ddns.net

# Reference: https://pastebin.com/eifTii1e
# Reference: https://app.any.run/tasks/cc1f12e5-66d8-4b74-b1e7-904a2c2b3dfa/

194.5.99.29:1400
protondata.myq-see.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1275720358658793474
# Reference: https://app.any.run/tasks/de05898e-058b-4955-a98b-fe7d2e1c5e31/

cobbtownholiness.com/king/search/frontend/host/town/index/crewe/Attack.jpg

# Reference: https://www.virustotal.com/gui/file/fd446f0c654fd5e240c025a49b22c82391e94fcb7d3c6c98cb99137ff665c13d/detection

194.5.98.111:5422
morrishittu.ddns.net

# Reference: https://www.virustotal.com/gui/file/35095733c5364f67a3226c5de81ff2caaf0524a097a3c1c3e06272d5706d00f9/detection

185.125.205.73:5422

# Reference: https://www.virustotal.com/gui/file/7db77a40561aa86261d37b5e5941d5b1bfa3e0d9aeb62abea87bf7e6a26ed71d/detection

185.247.228.165:5422

# Reference: https://www.virustotal.com/gui/file/587a47a6e509433e808a3d6aec6cd7fe4602f331f94c44eb7b35a643852b4bb8/detection

85.203.22.68:1419
95.0.134.226:1419
91.193.75.235:1047
morrishittu.linkpc.net

# Reference: https://www.virustotal.com/gui/file/813643336711b2753845b25bf7ce235e06dceaa4066e32fb9c986cea0b458c83/detection

91.193.75.235:1047
91.193.75.235:1419

# Reference: https://www.virustotal.com/gui/file/8b5f39b1886022b9eb1e343f2c050fa263a5c7f121942b421d27d8548df90a2d/detection

129.205.114.28:5422

# Reference: https://twitter.com/pmelson/status/1280322293965688832

boleto.duckdns.org
camera02.ddns.net
cdtsupremo.duckdns.org
guestbooking.ddnsking.com

# Reference: https://twitter.com/Bl4ng3l/status/1280415293521739778
# Reference: https://www.virustotal.com/gui/file/18f32daab9bac5909cf9fe9bfaba3183104ae5ec60bdafc8091214887e966195/detection

194.5.98.23:1965

# Reference: https://twitter.com/iamwinstonm/status/1281715105391140864

fgdjhksdfsdxcbv.ru
karimgoussd.ug
smiothmadara.ug

# Reference: https://inquest.net/flash-alerts/IQ-FA008_Remcos_Maldoc_Utilizing_Macrosheets

47.106.112.106:8032
update.huobibtc.net
update.office365excel.org

# Reference: https://www.virustotal.com/gui/file/30973f3f141356fa1b6f7435575dec35971702185013e246ba7a68a8e51c391c/detection

185.140.53.10:7171
zimchi2020.ddns.net

# Reference: https://www.virustotal.com/gui/file/00475692be68c9b147238676446142bf183700deeb8cd32e143353e77ab09a73/detection

79.134.225.111:20207
magiobi.myq-see.com

# Reference: https://www.virustotal.com/gui/file/b718c4fe8e03c60658ddf0a98496c0cfd06bddae6884b28c57d5897c837ad57d/detection
# Reference: https://www.virustotal.com/gui/file/767509d1864123651103929b145e83d3c56d230935ff11a2a1d8b5566aedc7b6/detection

185.165.153.37:9111
194.5.97.125:9111
rem-pounds.zapto.org

# Reference: https://twitter.com/JAMESWT_MHT/status/1285177330508464133
# Reference: https://app.any.run/tasks/097bbd0b-74c4-47b4-9f4d-201ee4c38a4a/

185.165.153.90:3949
myfrontmanny.duckdns.org
myfrontmanny.ddnsfree.com
myfrontmanny.ddns.net

# Reference: https://app.any.run/tasks/1bc823c2-5852-41d3-b745-9eb26008de1b/

107.175.32.212:58826
79.134.225.32:8950
babushkaboy.myq-see.com
rapture666.myq-see.com

# Reference: https://www.virustotal.com/gui/file/5b9361351db7c650fa5ebbd9eca3f9601da77d6165f7a02a0f7c3b694ac2872c/detection

95.181.157.6:3333
rem.payeermine.com

# Reference: https://www.virustotal.com/gui/file/43a7ad11c500e6f3338f620a4056ae808ef5b61cd13b621bbf7d2e04122a61ec/detection

51.161.96.106:3001

# Reference: https://www.virustotal.com/gui/file/93241314c69219ff7ad7f7be291a8320a20ea4153898f7c660976812bfb57e0e/detection

194.5.97.15:3871
okamoto.hopto.org

# Reference: https://www.virustotal.com/gui/file/3bfa63455e4936d261be757e92b1acae0b3a03870e7b81b5581a0ef46b954ddc/detection

194.5.97.23:3871

# Reference: https://www.virustotal.com/gui/file/b673fe86224dba05fa6b976aaa6561709b8b3fc370dcef01c798d7f5d3414728/detection

46.38.151.236:3871

# Reference: https://twitter.com/reecdeep/status/1293089692418822145
# Reference: https://app.any.run/tasks/38a328b5-b9f5-4be5-8ece-635692b6893d/

79.134.225.52:6666

# Reference: https://bazaar.abuse.ch/sample/10ec185be9504c09a3c52c97abc34b879f4224459f154a57a56ab15df1829208/

185.244.30.243:46617
79.134.225.32:46617
boyflourish.myq-see.com

# Reference: https://www.virustotal.com/gui/file/52e7edc928a8ebe518c76972d45dec866927a7f7fc672a99f92b0d92a4479826/detection

86.99.25.192:5552
empirepvp.zapto.org

# Reference: https://www.virustotal.com/gui/file/1f38232ff5cc0a22f104f4efff9724183cc4551e7d93047a28df6496ea13a59d/detection

deeminol063.hopto.org

# Reference: https://www.virustotal.com/gui/file/67680350052c8774c2173e716367760200dcdcee362d317e5ee3dd97222ed887/detection

194.5.97.11:2404

# Reference: https://www.virustotal.com/gui/file/9308214d32419cfd7af3203fb1982798b270554888a50679655959dbab1ad957/detection

216.38.2.205:4050

# Reference: https://www.virustotal.com/gui/file/81abcabdc6ec5f22cf55310f31d596bdbbac2fe24adbed126fb5124d74d85800/detection

94.194.4.192:2404

# Reference: https://www.virustotal.com/gui/file/54695494b42242c0b442851febff5eff3ae97b457278323ea32ed70bb9397e36/detection

51.15.22.167:20202
regfrodom.ru

# Reference: https://www.virustotal.com/gui/file/68a42b25fb48d8337952e1dda259ef0c1922817b8bd8eb5c13ad199fb9cca4ce/detection

51.15.22.167:20402

# Reference: https://www.virustotal.com/gui/file/e546566be4ea436e1fa7a62f7ffd531525fddc4484b83e571025984d12a4fe77/detection

216.38.7.231:8811
nagod1.ddns.net

# Reference: https://www.virustotal.com/gui/file/14f58e94b51704d4f0d0540f47cf1a06175e9919aeb9ba58d209adece64a737a/detection
# Reference: https://www.virustotal.com/gui/file/bdfd5e1d7d560ce9656e4b4594ff1bddbb6b44993c8e7d2aa6ae21a10c08a6e0/detection

82.102.211.13:2404
82.205.33.194:2404
googledrive.dynu.net
googledrive.linkpc.net
googledrive.myftp.org

# Reference: https://www.virustotal.com/gui/file/52b9c393d076fe63033126e342e7987e464f016bb70601356365481738042670/detection

centos4u.strangled.net
kellop114.myftp.biz
ostopol.myftp.net
satell990.dyndns.org
wertopol.strangled.net

# Reference: https://www.virustotal.com/gui/file/d5c98032ca72405fef0d8d88380730fa85bc892ea2a38ef42395bb3fca861bdc/detection

spartanrulz-32158.portmap.io

# Reference: https://app.any.run/tasks/e90145d2-b04c-46ee-b58b-708ef4472880/

185.19.85.159:672

# Reference: https://twitter.com/58_158_177_102/status/1302863025121058816
# Reference: https://app.any.run/tasks/9f56a787-bd36-4741-adb6-2ad5e556ae23/

193.218.118.190:42020
style.ptbagasps.co.id

# Reference: https://blog.talosintelligence.com/2020/09/threat-roundup-0911-0918.html (# Win.Trojan.Remcos-9753190-0)

eysk.city
edhrtyujffd.xyz
muhoste.ddnsfree.com
menstyle.duckdns.org
boyflourish.myq-see.com
mysticalsailor.myq-see.com
vikingo1928.duckdns.org
3houturk.casacam.net
foustraje.mywire.org
koustaeik.dynu.net
2houtie.kozow.com
houstus.gleeze.com
keking.myq-see.com

# Reference: https://twitter.com/reecdeep/status/1311252180670742529
# Reference: https://app.any.run/tasks/df3d660c-3bc6-405c-9efd-4cad0b9bf066/

79.134.225.83:8638
incidencias6645.ddns.net

# Reference: https://app.any.run/tasks/f2301ec1-9e5a-488e-a351-dc94c209860f/

103.147.184.53:4042

# Reference: https://www.virustotal.com/gui/file/689dcaa3c134cbccfb0c10d14c668c7b71334da8f7710503e03ed5bc8d714b97/detection
# Reference: https://www.virustotal.com/gui/file/a46df0abf052617a893f0d4093f77021f2c23e7e133f10ba2f222fae03020cd0/detection
# Reference: https://www.virustotal.com/gui/file/575bdd6efa08ed4ec3a18034716e35fd2444f1d37a43de6edaaf4ff0a18c5b60/detection

103.212.228.68:2404
103.212.228.68:7271
45.138.209.39:2404
45.138.209.39:7271
we.fanasp.co.kr
we.fanasp.com
we.oneasiaex.com

# Reference: https://otx.alienvault.com/pulse/5f7c5d703a6e8fae8295a637

doublegrace2020.ddns.net

# Reference: https://twitter.com/InQuest/status/1316097241489301505
# Reference: https://www.virustotal.com/gui/file/c1092cf4a7c2ddf97cc2e18a63fa7b7aae817995e995de5e774c8b141785d18f/detection

185.244.30.243:40619
voodooangel.myq-see.com

# Reference: https://twitter.com/ps66uk/status/1316126806232256514
# Reference: https://app.any.run/tasks/730d0464-45fb-4b4d-823c-db1ef0cc9a07/

79.134.225.48:1011

# Reference: https://blog.talosintelligence.com/2020/10/threat-roundup-1009-1016.html (# Win.Dropper.Remcos-9775269-0)

bushuc009.duckdns.org
fuckfuck0.ddns.net
insidelife1.ddns.net
rromaniitalfoodsinc.zapto.org
u875414.ddns.net
zubbymoney4life.ddns.net

# Reference: https://twitter.com/malwrhunterteam/status/1318087844359974912/
# Reference: https://tria.ge/201019-w9w13727jx/

95.217.144.93:5864

# Reference: https://twitter.com/reecdeep/status/1318469829268000768
# Reference: https://app.any.run/tasks/c05755c4-b1f3-4ddf-a3b1-9e368976d6fc/

115.134.23.40:2910
115.134.23.40:6639
115.134.23.40:7762
194.127.179.245:7762
rromaniitalfoodsinc.zapto.org

# Reference: https://www.virustotal.com/gui/file/4dad95676736402a2fe6368eb4efed088f4898cf85c8f6e2abda6e94efd8e77e/detection

185.19.85.141:8808
21421412515215.ddns.net

# Reference: https://www.virustotal.com/gui/file/d90248d8d9d8fb8bdd69bca18f09acaebfbe2935292bcf54def3b21195e920b4/detection

193.161.193.99:34775
revenge01-34775.portmap.host

# Reference: https://app.any.run/tasks/f9925414-f338-4f5b-8add-f9e34fa9500e/

79.134.225.20:1980
bushremcos.duckdns.org

# Reference: https://www.virustotal.com/gui/file/0bedf163c25f8a5728ff01ff7e163eaa6205e05d9811397ce3e8ab0a151d53e1/detection

185.165.153.243:2021
79.134.225.30:2244

# Reference: https://www.virustotal.com/gui/ip-address/23.105.131.166/relations
# Reference: https://www.virustotal.com/gui/file/7845e2797aaa8ebce29c1fee5704578cb15211bc85447cea5b2c7da9010c0ba7/detection

23.105.131.166:2888
gsky.warzonedns.com
ounixpro.duckdns.org

# Reference: https://gist.github.com/silence-is-best/0aa844b003c62c6ce491e91e168ac662
# Reference: https://www.virustotal.com/gui/file/1a1924da9d272ea46f8a0a62d7e2ecf01746e9a7621c8b1c36950788c3a3bd8c/detection

u875414.ddns.net
u875414.duckdns.org
u875414.nsupdate.info

# Reference: https://www.virustotal.com/gui/file/62d88acc465626086cf8a5e266f2fbcd2f51bc3c462a236b0c9349e70b5194a9/detection

185.19.85.149:6667
jaffinryu.loseyourip.com

# Reference: https://gist.github.com/silence-is-best/0aa844b003c62c6ce491e91e168ac662
# Reference: https://www.virustotal.com/gui/file/81940f757b93af4af9c146ed068abe089baaff3181863ba9e6ddae54ec5cb5d9/detection

198.23.192.204:41289
jollymorgan.myq-see.com

# Reference: https://www.virustotal.com/gui/file/b71e07e53baaeb13a8f617b56ba6944529401798ef32c55f9fb362f0531983ab/detection

79.134.225.50:42025

# Reference: https://gist.github.com/silence-is-best/0aa844b003c62c6ce491e91e168ac662
# Reference: https://www.virustotal.com/gui/file/dbabf85d66c08e57af2a3ffc46b5e915291849b19aa00f1ab9ab61d5b0fe7bfc/detection

185.244.30.226:2267
kay34.duckdns.org

# Reference: https://twitter.com/reecdeep/status/1323941877918388226
# Reference: https://app.any.run/tasks/9de16759-7dfb-4c15-9c2d-26e1951b9fe8/

185.140.53.129:4354
uzbektourism8739.ddns.net

# Reference: https://twitter.com/anyrun_app/status/1326050738607452161
# Reference: https://app.any.run/tasks/bbfccd29-2c3b-4a71-8713-63285f610029/
# Reference: https://www.virustotal.com/gui/domain/indoreisenslovenia.com/detection

indoreisenslovenia.com

# Reference: https://www.virustotal.com/gui/file/75250cab773991fd76bf14b8c397b2f143100cf5b13f3213528167e43409a537/detection

5.2.68.77:2404
hassavanarel22k1.xyz

# Reference: https://www.virustotal.com/gui/file/f21dc0aa7ef43f5799073c250f581c7c8ec1f7a1ec8518fb90b3df4759075472/detection

64.188.18.166:1983
honoexpress.linkpc.net

# Reference: https://app.any.run/tasks/66dadbe4-2d6e-4f7a-8d17-6a833d0a5ce5/
# Reference: https://www.virustotal.com/gui/file/680998e260bbd7b843f923f3ae3c1fcadbd1037fbd795c7da98149876f791e7b/detection

205.185.125.42:3014
cupidwap.com

# Reference: https://www.virustotal.com/gui/file/6ba00445a5c30db7e57de9335d2afc28a63315badef37d97af8b602b9e820aeb/detection

185.140.53.231:5050

# Reference: https://www.virustotal.com/gui/file/a20bf2ab10263ca3dd2ada84854a22d9e6fd9029925ed65cef91765f6347aa66/detection

79.134.225.37:4050

# Reference: https://www.virustotal.com/gui/file/9128e156ef2c0ed95d615729316ff82615354d6509e30a2e931913cb574dd4dc/detection

185.185.3.40:2404

# Reference: https://twitter.com/James_inthe_box/status/1331333639464841219
# Reference: https://www.virustotal.com/gui/file/e18773082c76655f9222fd26198eab9011af2bebea85fb4c7d525e37e3e84024/detection

79.134.225.120:12489
daemontime.myq-see.com

# Reference: https://otx.alienvault.com/pulse/5fbe488fe0a954169992d27e

al-sharqgroup.com
deviatefromnorm.com
sandshoe.myfirewall.org

# Reference: https://www.virustotal.com/gui/file/52e6d14ed04c5d7b44a0966a6357a62c8ab7550cda38c37f3c6c11bc0ff19f60/detection

5.39.11.47:2404
citym.camdvr.org

# Reference: https://app.any.run/tasks/b3ddcec2-f0ee-4a87-9fef-5ae96671dffe/

45.10.88.89:2404

# Reference: https://app.any.run/tasks/f5fde18d-e250-4011-a63a-bb63732935ba/

185.19.85.183:5004
stellionlab.com

# Reference: https://otx.alienvault.com/pulse/5fcf6bf6695f8abeb583b291

agentpapple.ac.ug
agentpurple.ac.ug
agentttt.ac.ug
brice.ac.ug
darkangel.ac.ug
nilemixitupd.biz.pl
taenaia.ac.ug
doublegrace2020.ddns.net
softg.duckdns.org
u875414.ddns.net
u875414.duckdns.org
u875414.nsupdate.info

# Reference: https://twitter.com/JAMESWT_MHT/status/1336585927221768193
# Reference: https://www.virustotal.com/gui/file/e4adc99ec527422ee85c7260633d9e7abe452215f6c68bee28b4d4e8ac48d4db/detection

85.114.134.130:5850
85.114.134.130:5851

# Reference: https://app.any.run/tasks/cd97dd8f-a088-4c78-80c7-66c6b47e297a/

194.5.97.32:959
softgee.duckdns.org

# Reference: https://blog.talosintelligence.com/2020/12/threat-roundup-1204-1211.html (# Win.Dropper.Remcos-9802952-0)
# Reference: https://www.virustotal.com/gui/file/f862eb253778c7b1c35349d798736124d7ee97db446217b2e5962fe2431d1e46/detection

185.140.53.129:3871
waxb.ddns.net

# Reference: https://app.any.run/tasks/d73cc422-8f5d-4d45-9f4d-b58a2ecb5baf/

181.48.139.42:6695
postreg.caserogourmet.me

# Reference: https://twitter.com/JAMESWT_MHT/status/1339442811092013056

mute-saga-0240.lovesick.jp

# Reference: https://app.any.run/tasks/8cf679a2-d1e1-4bd9-be0d-93da9c9fa041/

185.140.53.225:6609
cato.fingusti.club

# Reference: https://www.virustotal.com/gui/file/94ec48d884762cb9f15584b01baa677445daa83d4093ccae7f70f6773b949799/detection

81.136.50.222:1604
hamstro1.hopto.org

# Reference: https://www.virustotal.com/gui/file/5cbed2f8a5fdadbd99816c4c8792bd51a2db7479f80bf70409f0f257f942d0c9/detection
# Reference: https://www.virustotal.com/gui/file/6db24529273edf15b17110e6abd8c2c530f183071b34155bbab3c24634a96275/detection

185.244.30.180:4902
185.140.53.202:4902
4sureme.ddns.net

# Reference: https://www.virustotal.com/gui/file/134a6f4d0867df4570a3c569a0a5be3cca92537e8f27ff169e89c3eefa59fe6b/detection

194.5.97.198:2021

# Reference: https://www.virustotal.com/gui/file/849c170a469dc6f5b1bc190923744b08c51ea0ea593e435f0121b874af58c3ec/detection

185.140.53.221:2404
194.5.98.145:2404

# Reference: https://www.virustotal.com/gui/file/fde81d8213468a66ed189297ca748d5c4f07963d5cf33d622f245cd76135ccc8/detection
# Reference: https://www.virustotal.com/gui/file/80eb23e554c801edb57a51883e0ac40d26fa6aa8f764a2d30d31e451359486cf/detection

109.163.234.141:19109
185.206.225.59:19109
86.105.9.67:19109
sub2.xboxjordan.waw.pl

# Reference: https://www.virustotal.com/gui/file/72afbcd580f1ab2994b13938db2fad12fdd7619961d346a220fc2110d348490f/detection

89.249.74.213:50119
wghavenn.airdns.org

# Reference: https://www.virustotal.com/gui/file/03e055979496752e7f81aed9884a6acbcbeda20148e60f7b5d8eda30852e4e23/detection

2.58.47.203:50119
wghavennn.airdns.org

# Reference: https://www.virustotal.com/gui/file/461aeaa36397feb9322660fb537a2c976f6ef41509d428993c924279ca6c7f56/detection

79.134.225.28:24007
mariasteven1.ddns.net
mariasteven1.hopto.org

# Reference: https://twitter.com/malware_traffic/status/1346947588075868161
# Reference: https://www.malware-traffic-analysis.net/2021/01/06/index.html

79.134.225.92:2889
whatgodcannotdodoestnotexist.duckdns.org

# Reference: https://www.trendmicro.com/en_us/research/17/h/cve-2017-0199-new-malware-abuses-powerpoint-slide-show.html

192.166.218.230:3550
5.134.116.146:3550

# Reference: https://app.any.run/tasks/837b76df-3fc8-4b34-8a61-f25d1a32c4b8/

45.137.22.52:8780

# Reference: https://www.virustotal.com/gui/file/15598151d970675376778697c2c6498a104856b88a58fdc2c663a35574892abe/detection

193.161.193.99:31403
35.225.160.245:5762
agaoajz1hrvevre.info
bcbncq393z3hplq.club
cbiq1neygyp1wno.info
cedsxoisslv2nim.club
cwt1u0vv8ic357ov.info
gwty0fig58dcq6f.xyz
maui16azsncpo97.info
mj99puoba6c3gun.info
pgqduoyxvzennam.xyz
pmfiryhhkin98px.xyz
poykoqnl7jkj632.info
se2qwz60l2oxznm.xyz
tu90to3b4q4uqze.info
usd7o88wemlutx5.xyz

# Reference: https://twitter.com/fr0s7_/status/1353668898994999296
# Reference: https://app.any.run/tasks/5e41e266-b135-4604-b58b-9facafe8d0dd/

54.39.198.228:6332
moneyds.ddns.net

# Reference: https://app.any.run/tasks/2c8c2f47-e965-4ca7-ab5f-bf8bcefd74b2/

185.140.53.149:6969

# Reference: https://www.virustotal.com/gui/file/ed33a55395aa0b7061266a9c61b87fdecfb3fd0605ac1ca342751f9deaf25930/detection

185.140.53.12:1170
185.140.53.12:1180
anonfriendz.duckdns.org

# Reference: https://www.virustotal.com/gui/file/b77ee0649ca157f9c5bfa3f1a81425bb8a72d704e7298fff81936843c2714443/detection

185.244.30.3:1170
185.244.30.3:1180

# Reference: https://www.virustotal.com/gui/file/54943c180b2fa915dd676406c3ef2c61597da86b982de4a685d59288e08888dd/detection

185.140.53.138:1170
185.140.53.138:1180
96.47.236.78:1190
tradeworld.duckdns.org

# Reference: https://app.any.run/tasks/ac3857dd-b08b-4dbf-8d37-1e941949eee0/

46.243.248.15:2177
gdyhjjdhbvxgsfe.gotdns.ch

# Reference: https://www.virustotal.com/gui/file/375f949cba028f5722641af5c2b8d62086639d0663796ea01ac18cd1470184d2/detection

13.59.15.185:16391
3.138.45.170:16391
3.22.53.161:16391
3.128.107.74:16391
52.14.18.129:16391

# Reference: https://twitter.com/malwrhunterteam/status/1356889417030500353

datamicrotransfer.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1356909089746530304
# Reference: https://www.virustotal.com/gui/file/df2b517d9777fb1b734d1f25e7eac6f5217988596427086c7821a272f1fd9abb/detection

185.244.128.34:2404

# Reference: https://twitter.com/petrovic082/status/1357010449909350408
# Reference: https://app.any.run/tasks/91c4e993-c6d9-45e4-8863-8c6d6baed913/

79.134.225.114:1814
covid19safety.myftp.org
mercyofgod.myftp.biz
mercyof4god.myftp.biz

# Reference: https://app.any.run/tasks/b0dc1122-9b02-4592-996a-6a27952af5bf/

37.252.11.23:6969

# Reference: https://www.virustotal.com/gui/file/3efd0b10958683468b618a94f3b3888d6879c190b7e1c7425a23fc434f64271d/detection

66.42.107.233:1337

# Reference: https://otx.alienvault.com/pulse/602128ef6c24b8ff3a8da56b
# Reference: https://www.virustotal.com/gui/file/95977953d059ed0e495628fc2906d05c1bfce1d8154adce122db8e19b01ba398/detection

starbuckscoffeeohyea.duckdns.org

# Reference: https://www.virustotal.com/gui/file/5a4991196a119e42c7256e986d66df9b2b8f8bf5e43353c195cd495634231103/detection

46.243.230.51:2177

# Reference: https://twitter.com/reecdeep/status/1359110973009899520
# Reference: https://www.virustotal.com/gui/file/1e5a328f760c35f905390fb4bcf0eefa75936c79a43e22ca7557da0e315c72ed/detection
# Reference: https://www.virustotal.com/gui/file/926da3334135961ff0c19ecf4358201ba4734ab01186061c423deeb081ec1cff/detection

194.5.98.14:7369
highwayraider2021.ddns.net

# Reference: https://malwargsecurity.com/2021/02/08/remcos-rat-net-unpacking/
# Reference: https://www.virustotal.com/gui/file/3908ede26aad1fc2a1db9d3a26a017549b40ebc7d73d731fcb5691aab82b830f/detection

68.9.207.24:37845
transcendentalistschool.com

# Reference: https://twitter.com/r3dbU7z/status/1359374669921550336
# Reference: https://www.virustotal.com/gui/file/c062b4a790666b338f7955ea792605bf0244a8d36cb1050c602727ff6d654e36/detection

37.120.137.254:30288
remmyma.duckdns.org

# Reference: https://otx.alienvault.com/pulse/6023cbf090368b63de15730a

tanjiim19713.sytes.net
xchilogs.duckdns.org

# Reference: https://app.any.run/tasks/711e1f28-747f-4e74-b634-dd377aa9531d/

186.169.39.242:3202
resener.duckdns.org

# Reference: https://www.virustotal.com/gui/file/52f07520a01a6da3c6bc7545fbc53fc567cd4cdce70f25d849cd32d163474d45/detection

obereagujnr.damnitjim.xyz

# Reference: https://app.any.run/tasks/f1e86c26-0af4-4181-ab13-ed53844fa708/
# Reference: https://app.any.run/tasks/7d1dad7c-6c33-44f4-82be-1cf81a5ae55c/

185.86.106.202:3234
79.134.225.96:5397
gentamakina.com/tt/
marstonstyl247.ddns.net

# Reference: https://twitter.com/reecdeep/status/1361943725354741761
# Reference: https://app.any.run/tasks/02066148-b1e0-4e0c-b503-b468d1929467/

79.134.225.11:2021
talkmyown.kozow.com
talkmyyown.kozow.com

# Reference: https://app.any.run/tasks/bc1c9de5-d4ad-4293-ab89-0336089d0c9c/

78.198.121.158:666
yifflez.ddns.net

# Reference: https://otx.alienvault.com/pulse/602fa97362b6279a63a34907
# Reference: https://www.virustotal.com/gui/file/adda1acb8d885b3725058cf0a26d22b0c98a80673126a7bf7216ac7f6ba86005/detection
# Reference: https://www.virustotal.com/gui/file/d10921fef4f5d706859246d7e4f988f7df830d59e2ba6daab16665fd5637a16c/detection
# Reference: https://www.virustotal.com/gui/file/8a59bb0e1678af1df0b5d32e17ecc543310876b8b27ed18350ffced305ac32bd/detection
# Reference: https://www.virustotal.com/gui/file/71321f5d0edaa1d1bd1a9f4f931233a02cf2bf4919954b4c8337aea75f100feb/detection

103.151.124.64:2243
103.153.76.111:2667
103.89.88.238:4299
160.177.121.69:59
adadwdgfgdfg.ddns.net
sknre.duckdns.org

# Reference: https://twitter.com/reecdeep/status/1363765805314420739
# Reference: https://app.any.run/tasks/e79ebc0c-f8fe-483c-a4df-3419b26895b5/

194.127.178.174:4021

# Reference: https://otx.alienvault.com/pulse/60379278fbce7ab73ca18941

greenfieldsde.duckdns.org
j8.andnolikeandtoo.ru

# Reference: https://blog.talosintelligence.com/2021/02/threat-roundup-0219-0226.html (# Win.Trojan.Remcos-9835338-1)

ghdyuienah123.freedynamicdns.org
ghsgatvxbznmklopwagdhusvxbznxgtewuahjkop.ydns.eu
gsyagvxnzmkoplbhduisbagtevcnxmzlopljdgye.ydns.eu
hjduiebcvzcalpmjdbcnwqadhsiybcnzxswedgap.ydns.eu
hsyuwbvxczbansmloiujdhsbnbcgywqauaghxvz.ydns.eu
mtspsmjeli.sch.id
swryijgrvcsgkopnmcdertvgdswbvmophtfdczxs.ydns.eu

# Reference: https://blog.talosintelligence.com/2021/03/threat-roundup-0226-0305.html (# Win.Trojan.Remcos-9835542-0)

cwzxas.ddns.net
rem1.camdvr.org

# Reference: https://www.virustotal.com/gui/file/076943b4bde772d9f6c5239dae006557e6ea21a6c72307a98475a422b75b618a/detection

193.161.193.99:50915
artemlok134-50915.portmap.io

# Reference: https://otx.alienvault.com/pulse/6047646f1a9d70bd963228bb

asnrg84tr15e.ddns.net
vpsnnog.ddns.net
kazeni.ru

# Reference: https://www.virustotal.com/gui/file/425125474825c83c556ddb9686d06c0fe3bed8fd1a6a7058b60a26189aec81ca/detection

46.21.147.203:5850
fasdf324v4355642dfssbzsdfv23vasvf12.xyz
w8s.graviimaster.ru

# Reference: https://tria.ge/210315-t7r5mz9tv2

37.48.89.8:4783

# Reference: https://www.virustotal.com/gui/file/1cf604ac116b7d480da4fff508c4ef036ab842df708c8ce0b8e81e4b6f37efd8/detection

79.134.225.46:2405
ogidikasi.hopto.org

# Reference: https://www.virustotal.com/gui/file/84cf1bbee36c2424d48072b0f3cc8083ab37e04b93e72d455f9d545ea3a72c4f/detection

23.83.132.179:1414
bu250653.hopto.org

# Reference: https://www.virustotal.com/gui/file/c38b0ffb44c8586dff8c8ec3546b3bfd332c4e84f9b636fceb322522fe2ed409/detection

164.68.122.235:7775

# Reference: https://www.virustotal.com/gui/file/5e0fe09b76750751f25ee170f4e3f5d3de441614a887316e3a62334d859b769c/detection

176.111.174.72:3139

# Reference: https://www.virustotal.com/gui/file/38e003f280936ad6c0cacd7a57e6864de55b11058f5c0d45f8b3e42313bfdf84/detection

5.172.199.55:3513
dfxczaqwvcutbnmewxvfqwercfgrwzxcdcdfvgws.ydns.eu

# Reference: https://www.virustotal.com/gui/file/ef91414c679b45b0100bac70a53d65eac5c0b280feffe3350c803d215bb7607a/detection
# Reference: https://www.virustotal.com/gui/file/17c742f29afb5c4352f3fb0079fbb0b2d72da1e65cfc59695f9a7259088b4615/detection
# Reference: https://www.virustotal.com/gui/file/d34d907900597c60df794fea4bc35e8ecafe3359f8cc8ef32742ba4e0747afbc/detection

185.140.53.133:4344
23.105.131.132:4344
79.134.225.73:4344
ongod4life.ddns.net

# Reference: https://www.virustotal.com/gui/file/7f0cb02c449739d35bc024bd78983126dbba1b3c78f566184177f8e0206f1b60/detection

159.89.86.174:4810
oberenwa.ddns.net

# Reference: https://www.virustotal.com/gui/file/5adf963b1c92ba79a5003d87943b4cb6c8a72fb9db63d8922c43f6631ad27995/detection

46.243.239.31:1996
wedsazxcvfghyuiokjhbnvfcdsaweyplmhbvrtud.ydns.eu

# Reference: https://www.virustotal.com/gui/file/1b49da172b79de32c6df4e87385e57c0e3768b0b227b84cc38cd746b05200720/detection

172.94.24.120:2177
172.94.110.79:2177
gsyagvxnzmkoplbhduisbagtevcnxmzlopljdgye.ydns.eu

# Reference: https://www.virustotal.com/gui/file/13bde9ef7157ee47c6906c69e6fe0d810b04ce60b8b4f2e74743da33e526dbf2/detection

37.230.130.89:1996
wedsazxcvfghyuiokjhbnvfcdsaweyplmhbvrtud.ydns.eu

# Reference: https://www.virustotal.com/gui/file/631c6d3b1c526c8bb366cc72b009da37ec83994c72b210b0132650fef93c147c/detection

sfghfsfjskdjkdfbvndcnfjskaklwrrfw.ydns.eu

# Reference: https://www.virustotal.com/gui/file/f4385738ec4059ccdb1cdc3d0027ea44d002dbbbaebcb300ec8591bc9397e184/detection

104.247.222.46:2404
agdyieyrtghbncmloawghdvbxcvztyijgrtwqbcs.ydns.eu

# Reference: https://www.virustotal.com/gui/file/5a5e322d26a9565ef099e9c62ded4b7430e13cb13303bb97000d720e023f30a2/detection

172.94.16.38:2486
wywtrwbnmhtytrebsgwtfcvzcxgjhyegvbcnmgte.ydns.eu

# Reference: https://www.virustotal.com/gui/file/0905d7304968596830e1a0fc7bdec0954a625fadce64a784b45f8905de7f022e/detection

moep123.warzonedns.com

# Reference: https://www.virustotal.com/gui/file/f1f8906bdbdffe1be2f02db42adeb93dc23bac4dbaba91904fce2d3810223c5d/detection

irukdns.warzonedns.com

# Reference: https://www.virustotal.com/gui/file/d1c41d983e4fd40ab80cc8b393d39bb8290836c2793075b9c8fb41f0ce44238d/detection

niftywar2.warzonedns.com

# Reference: https://www.virustotal.com/gui/file/c9f0e613181a2a984e46341992a601596462e80aa9bdee144b27fa2c76b04b74/detection

bc3.warzonedns.com

# Reference: https://www.virustotal.com/gui/file/178d7aba3b04fb8ae4cd50e7e3f8da86565b93f724e2d38acbf9789411e79395/detection

79.134.225.84:6767
steve200.warzonedns.com

# Reference: https://www.virustotal.com/gui/file/eb7b058c625b1306c70d8a76546af054bd769347ca067f5db5e1b0b1c7306298/detection

185.158.115.38:5000

# Reference: https://www.virustotal.com/gui/file/4922d66a76f44ddb8fef492d8ba36d40c57c9e6fd40e1df87a0c9ca135b76da7/detection

185.158.115.38:5001

# Reference: https://www.virustotal.com/gui/file/b250bb73821f32afff2287989bbb61b5470efdc3d14fa1006bea3602da8b3328/detection

185.158.115.38:5002

# Reference: https://www.joesandbox.com/analysis/373731/0/html

185.158.115.38:5004

# Reference: https://otx.alienvault.com/pulse/605c7c79a457812f750a15cc

0e19yo.grinchim.ru
5sis5z2.grinchim.ru
d.kaunieni.ru
hz.tudara.ru
rgc1.grinchim.ru
ynoil.asubeshi.ru

# Reference: https://www.virustotal.com/gui/file/e5ed9e5b1976279f51d9c47d275ad01143b62e23c83692981c74c367a34e0b25/detection
# Reference: https://www.virustotal.com/gui/file/e058733307afcc2954f7ae1e98d25d6778dee869fdd92355b0117a783648a690/detection

185.140.53.7:2012
185.140.53.7:7171
greatful111.ddns.net

# Reference: https://www.virustotal.com/gui/file/a1efb13491a849b91ae8ddea21fe86f42b725c3f89bd5d4abf57adbaf03c7fee/detection

193.161.193.99:24405
actcoolbro-24405.portmap.host

# Reference: https://app.any.run/tasks/8ec193ba-d31d-4aa6-a3da-aec198ece841/

52.14.18.129:11797

# Reference: https://www.virustotal.com/gui/file/25b789678cb803bcb9ce9f1b7a375846812a83c89d9d4ff8abe1b90a8aa54a47/detection

45.15.143.140:5200
creeping123.ddns.net

# Reference: https://www.virustotal.com/gui/file/85adbdc2d0f35bf0a922251edd55f4a44d6aee52f2945eb71177a73a88a86fef/detection

demco.hopto.org

# Reference: https://twitter.com/Racco42/status/1380048908391448585
# Reference: https://app.any.run/tasks/05c3497d-fee9-4a3c-98ea-0a6dd6d048c0/

79.134.225.118:2405
osisego.ddns.net

# Reference: https://www.virustotal.com/gui/file/9fad68bbaba3bcd69e3b8100eb5c035ea2caf59e0f9115e36667a62b2dce84bb/detection

194.5.97.173:10001
remcosagent.com
1.remcosagent.com

# Reference: https://www.virustotal.com/gui/file/60716f52814e9b88c1c69b16058ed783a6ca59b125b34c7f0af0e87a8e05c546/detection
# Reference: https://www.virustotal.com/gui/file/a52615bd2b0c2fd4d1070030206c07fee192d00b7c307b4bf9babcc53dd38bd4/detection
# Reference: https://www.virustotal.com/gui/file/1bd08a5a9fa260ba34749b97d3a31d9de432f7fe74abc51ddbc7cdeab16ecbd4/detection

194.5.97.173:10004
23.105.131.188:10004
45.90.222.101:10004
1.ispnano.dns-cloud.net

# Reference: https://www.virustotal.com/gui/file/40ce7df3b4b481626b5082a1516631b05530819fb9ba434028103474ad959ab0/detection

185.140.53.9:8905
zubby2468.hopto.org

# Reference: https://otx.alienvault.com/pulse/60855af69ecf01b490310da4

brainy-example.auto.playit.gg
pleasant-ant.auto.playit.gg
tasty-comfort.auto.playit.gg
johanvargas97832.duckdns.org

# Reference: https://www.virustotal.com/gui/file/40043c77c684191274bbf6d72c932ffb34f55b09033f631fdf9abe106349d637/detection

poiarmex247.ddns.net

# Reference: https://www.virustotal.com/gui/file/3253409d3bc8d987a390ca661d46c81e7f4b98636867d1b323de10e3f0e54784/detection
# Reference: https://www.virustotal.com/gui/file/936f3a9ae7a98440c6a63c0efcd91c145dbbc665773c69c7404c56de2495db9e/detection
# Reference: https://www.virustotal.com/gui/file/841c9a9df354e8e904f06a41a3ad5a9fc63213bd0070f9cf2b3f1ed07f036abc/detection

194.5.99.25:9950
197.210.29.184:9950
91.192.100.4:9950
kzi.ddns.net

# Reference: https://www.virustotal.com/gui/file/6d9f887bef0ec963729f0484a302b846d0cb024cf861d16f99f0ea21d02614a7/detection

108.170.13.104:1144
jaxfriend.publicvm.com

# Reference: https://www.virustotal.com/gui/file/7364b6f75f48db8f3a34910e562dc12ad06b1dbed250606383b86d7e1b083293/detection

191.101.22.150:1313
204.11.56.48:1300
youtube.proxy8080.com

# Reference: https://www.virustotal.com/gui/file/a8284b3545fbef308d3c11d3d1d4547521a662e521363f32519a71279946839a/detection

drkao2.publicvm.com

# Reference: https://www.virustotal.com/gui/file/6e889790fc403f49ed9e7537fbf1573d7d835c66a8937c134b1e2d2f58b2d70d/detection
# Reference: https://www.virustotal.com/gui/file/4c9428c3afaec204fde3cd2ae46cc7f4db5501c28dc52ea2d72b64e5f063d1d0/detection
# Reference: https://www.virustotal.com/gui/file/4b3b08c356b54f95bca518bd5c12ec1ec0cd32fbfac860f5a1a1a8e36da66c26/detection
# Reference: https://www.virustotal.com/gui/file/9293ff8bf51a6345a7bf3600fa9a8734b2184ac9c68ec534e382197bcfee2755/detection

107.173.140.145:500
41.102.107.65:500
41.102.126.56:500
41.102.222.13:500
41.103.179.251:100
jessads14.publicvm.com

# Reference: https://www.virustotal.com/gui/file/9af05c1cb783bb50a2f280fd22bdc4a8b5160488afc7093a383e6e60cac4d90e/detection
# Reference: https://www.virustotal.com/gui/file/bbceef2cd8724fc87db474357e3e08d064ae4211ec9d7bc8367720794c867bd6/detection

79.134.225.50:83
nassiru1166.webhop.me
weloveplayinggames.servegame.com

# Reference: https://www.virustotal.com/gui/file/6b0eea8aa1f1b8232bb5be47b581d06030fd457a3e92654f949ca8dd474b4bae/detection

194.5.97.16:3866
blessmegod.ddns.net

# Reference: https://www.virustotal.com/gui/file/57c784d345d5da29536127681d5831917418835f23021ba2797a36c2d970ed22/detection

185.202.175.208:54604
salonirang.duckdns.org

# Reference: https://blog.talosintelligence.com/2021/04/threat-roundup-0423-0430.html (# Win.Dropper.Remcos-9855176-0)

urchamadi.ddns.net

# Reference: https://www.virustotal.com/gui/file/b80bd7a65be99417565de85e074fca3ee71c3d065bdfbce60bd38772883d1c8f/detection
# Reference: https://www.virustotal.com/gui/file/bbf876e3bcfddf50eb4eeb30a318061f8f882cc37f9a3ac0ebca8fde5ac7c8b5/detection

172.111.192.30:5100
172.111.192.30:5101
tangaza.ddns.net

# Reference: https://www.virustotal.com/gui/file/fa42adf2a52de72f3332a57e26d420aa900d4e37cb074defc96b0fb2e91cc8bb/detection

193.176.87.173:5556
sfilm.ddns.net

# Reference: https://www.virustotal.com/gui/file/56fe55a19838b565147a2cb69b67c400d82dcfe628e7945094a85b0ca433cdbd/detection

5.133.11.56:1843
link2.hopto.org

# Reference: https://www.virustotal.com/gui/file/526a55fde827d3e610e4e63553f3aa104debba5c7ab27c209b2c3135a58e0b6e/detection

194.5.98.168:1181
wassimaldo.hopto.org

# Reference: https://www.virustotal.com/gui/file/96e975e9e509e40c6b069f4fe4ef338ddaa76472a30e3115374d5ae3b25c7616/detection

45.137.22.107:5888

# Reference: https://www.virustotal.com/gui/file/4c6f0e6133b1b9d709c39c94d3e51facc2f840c550fbf900ceb2cd2d67d8d0c3/detection
# Reference: https://www.virustotal.com/gui/file/af4c8495dd4f20c61cd4e12e3eba996da63965245c781a06cfb03cc2a6ecf4b9/detection

185.244.30.118:7255
192.169.69.25:7255
money4life.duckdns.org

# Reference: https://www.virustotal.com/gui/file/fe719ecb5f04ed964bd5fdecc2085bdb1518358c65d12462fcddb66a6015740d/detection

23.105.131.201:2021
igatyou.mywire.org

# Reference: https://www.virustotal.com/gui/file/25e031c016e316abfdc7fcd4125a0f1e018864369d56b55429aaca841e2b4e49/detection
# Reference: https://www.virustotal.com/gui/file/77f3963993f7fd03fa8722eddb591e2dd348eaea7f9f04cca095f1cd13ae52d0/detection
# Reference: https://www.virustotal.com/gui/file/576148808d739c615fe9d015588bd767467a504d0272abfb4c7475ab758e9177/detection
# Reference: https://www.virustotal.com/gui/file/1fdbad9bf3d6647702d79ea8d13de188be6c9c290c7b0349a476f218d3f10428/detection

185.140.53.19:5149
185.244.30.87:5149
194.5.98.58:5149
45.156.31.56:5149
noapology.myq-see.com

# Reference: https://www.virustotal.com/gui/file/a17bc1d444f1da0570f4a2eb986b582b13603e8d48c5ff285bc30640e4fed9b8/detection

79.134.225.18:5749
zabdy.myq-see.com

# Reference: https://www.virustotal.com/gui/file/d32d689d49f6978dfb2855d35e42a4fecfb34dce218d6b87ef2752d7a501fddd/detection

89.160.26.37:8811

# Reference: https://www.virustotal.com/gui/file/8d2bdeec509458f3b1734e4f63bc29c679ea66214e42fabc5b4f83453a96bc56/detection

181.141.13.58:1717
gabriel64.duckdns.org

# Reference: https://www.virustotal.com/gui/file/2e81ce0a08b7e6ad6210b1068d6583628d8ebb11d93ce4f1b424fede249a39df/detection

45.144.225.94:4145
brownfilleds.duckdns.org
ghytrty.duckdns.org

# Reference: https://www.virustotal.com/gui/file/c841bc4893813d54a5b6d044bafa4d50bc508a8d0ff0eafa1f395cd1db98ee6e/detection

45.144.225.94:6553
aaeeerbbbeee.duckdns.org
fieldsdegreenf.duckdns.org

# Reference: https://otx.alienvault.com/pulse/60a80e420ee6b40903ac9f67
# Reference: https://www.virustotal.com/gui/file/70a7510210a1e2316407273b03185c5bdf293f37f25d74e72e9efcfbe3730205/detection
# Reference: https://www.virustotal.com/gui/file/ac72c88ac869b33d667fe46ba26647c6faba1629ccd9f4d4b9dc7bbbb05755aa/detection
# Reference: https://www.virustotal.com/gui/file/d8a77ade2160a14931640aa5117db27d70755cb53465a036e03770216d661b90/detection
# Reference: https://www.virustotal.com/gui/file/e0bd17f8c8cc6a994c6b22b21a781d3c52c42e0b5bf5fa39aef843254baab035/detection
# Reference: https://www.virustotal.com/gui/file/7513d01b0a6429c8fa0313ad11d546ecbd7d4ac4ae4c660901bfe113b641c266/detection
# Reference: https://www.virustotal.com/gui/file/73525db851cd3b329df6fc009e0a478f21655947188fccfb0b0f56558a9b56f5/detection
# Reference: https://www.virustotal.com/gui/file/bc2de67edc62f73bc31759317d846a3e3fdc9a74624b52cc51ddbe1008c01a91/detection
# Reference: https://www.virustotal.com/gui/file/219d8dc53843abf0fca983501c395c9dd5a188de9bfd2a4077112f357154b5c8/detection

37.1.206.16:5656
37.1.206.16:5757
37.1.206.16:6161
37.1.206.16:7071
37.1.206.16:7272
37.1.206.16:7474
37.1.206.16:7575
37.1.206.16:7676

# Reference: https://www.virustotal.com/gui/file/9df7d15ccf6f6fa896936b3a1547aa0a862ebc735551cbcd41aa7813efd9a585/detection

142.44.161.51:2065
91.193.75.136:2065
kingmethod.duckdns.org

# Reference: https://www.virustotal.com/gui/file/9c873107151e9c3ef157e81665f402ebeaea2c73638e6d2d66c4ccaf549b6d8c/detection

147.124.219.204:3303

# Reference: https://www.virustotal.com/gui/file/649be52b6b0d362efcfc6f1dd79a6b8fbcf85eb2b68f0138f87b6e1cc7e5a418/detection

31.214.157.40:1312

# Reference: https://otx.alienvault.com/pulse/60b773ef50d74a062977cfbe
# Reference: https://www.virustotal.com/gui/file/a52ef1b90c14bc6cb890c0c7710e3988310fdfe3a0b29887d39bdab8b6f521fb/detection
# Reference: https://www.virustotal.com/gui/file/0bb724b323436b461068d01ef83c6f06e322a8f6543f6f3c752f864ebd651f09/detection
# Reference: https://www.virustotal.com/gui/file/15f2c8def8807cb5391448f40e71f5871f75195dbb46bc0dfbad7c5978212550/detection
# Reference: https://www.virustotal.com/gui/file/9f110e4425fb423e422fae6f90e17f6c3420fb5a94da388204017780c952fc42/detection
# Reference: https://www.virustotal.com/gui/file/424e0801ba42dbae1f4b2e9669c8a628168ceaff00dfe9ef1417093477bea9ac/detection

116.203.140.78:2404
162.246.186.170:8199
177.255.91.0:8199
arangojuancarlos45.duckdns.org
mexch.ddnsking.com

# Reference: https://twitter.com/_CPResearch_/status/1400467814117478404

hncbeyghfsbvcuabgsbncvzgaioiuyegdbhabbbw.ydns.eu

# Reference: https://www.virustotal.com/gui/file/8e8e7ed17c0cc7d20256d8ca0b3288e8c0d9499ec097fb8ebfa9a20c8fcecca1/detection

105.112.38.206:1181
oxbornl211.hopto.org

# Reference: https://twitter.com/phage_nz/status/1404992038030897163
# Reference: https://tria.ge/210616-1sgjg7wrga/

79.134.225.106:2050
collectionsdpt.me
eter101.dvrlists.com

# Reference: https://tria.ge/210615-dswhaekpxn

194.5.98.147:12489
killedifabused1.xyz
top.killedifabused1.xyz

# Reference: https://twitter.com/Circuitous__/status/1407099611030900737
# Reference: https://app.any.run/tasks/20920674-4a35-45bb-a113-9831bce57e28/

185.19.85.134:6666

# Reference: https://twitter.com/petrovic082/status/1407102524478431233
# Reference: https://app.any.run/tasks/995d8193-ec44-468d-b25d-dcfd8d528218/

192.3.146.165:3543

# Reference: https://www.virustotal.com/gui/file/f709da4edb2f6bfbac3267a9b28e58191fd2d47e14efd09819b900670828dbf5/detection

191.88.249.118:9803
dominoduck2116.duckdns.org

# Reference: https://twitter.com/petrovic082/status/1408502242320302086

alonso.luda.ydns.eu

# Generic

/TT_2021_Remcos%20v2_DDoOoaFhuj99.bin
