# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/struppigel/status/1272867849682530304
# Reference: https://www.gdatasoftware.com/blog/strrat-crimson
# Reference: https://www.virustotal.com/gui/file/08dfcc18d872fc9c6f9623537aba7d4e8f8bab921dbee452facad8a8c581db29/detection

jbfrost.live
lauzon-ent.com

# Reference: https://www.virustotal.com/gui/file/08dfcc18d872fc9c6f9623537aba7d4e8f8bab921dbee452facad8a8c581db29/detection

79.134.225.80:1984
pplugin.duckdns.org
snpfud.duckdns.org

# Reference: https://app.any.run/tasks/aaccdf6d-c3ca-4ae1-b1f3-b955e7c5b05b/

chance2021.ddns.net
tasklistmgr.duckdns.org

# Reference: https://twitter.com/reecdeep/status/1384499057708650499
# Reference: https://app.any.run/tasks/8409bd89-fe8c-4cb6-954b-4834d9621432/

185.38.142.241:5151
punisher.shacknet.us
str-master.pw

# Reference: https://www.virustotal.com/gui/file/54b5c60571ec31235f28e1bc5ee7f48d60dbaccf3dd05f0403fd56755a3429cf/detection

45.137.22.103:9913

# Reference: https://www.virustotal.com/gui/file/518b83f18ce0797f992954af3619b9c3d34400219d19cf3f6aeb58985d2f9e6b/detection
# Reference: https://www.virustotal.com/gui/file/518b83f18ce0797f992954af3619b9c3d34400219d19cf3f6aeb58985d2f9e6b/detection
# Reference: https://www.virustotal.com/gui/file/4bd1d4e99c7b80fbaa2234f44458a4f7d9588c7be794d0c521aab0524548af96/detection
# Reference: https://www.virustotal.com/gui/file/ab3afa8a20a9da80744282ddd13bb9a8a9b411324cd12562c1d3ba4424b4efc2/detection
# Reference: https://www.virustotal.com/gui/file/3cdadd4d8492cfe342f9f74529566ed6c1b451ba669509b59ffaf2965bce0750/detection
# Reference: https://www.virustotal.com/gui/file/107dd50b42ddff0c7953aebf62727778e5225c2e81fc9fba0bcecbbd4b2689a7/detection
# Reference: https://www.virustotal.com/gui/file/210b0615842c4ccb92dc12ed2a5c01bb094286a77c15aedaa40ce2123fae1fba/detection
# Reference: https://www.virustotal.com/gui/file/d49766168ba2ae59cef439103793d02da7c6ef1280517a8b56f1e305863085f7/detection
# Reference: https://www.virustotal.com/gui/file/44c6e89af3a487caaab73e7d503fddbc9d62394c099da3ca9fbf737b6a30c867/detection
# Reference: https://www.virustotal.com/gui/file/bf003b3d71959015aab619fadc3ac14eec1238f5b85915f969c056b0fb92c801/detection
# Reference: https://www.virustotal.com/gui/file/45752b9a5276e167fcfd613f6330f0e254b116563734cf58287884b236f3d26c/detection
# Reference: https://www.virustotal.com/gui/file/9ba8f246d7da56356f4487fec6e70609c9406857da2f747b642573e8b0b8cb03/detection
# Reference: https://www.virustotal.com/gui/file/bcf78cd0bbb72682031d2abd1edfe1498f9d2c26a96a6831e88008b4a0ece6a7/detection
# Reference: https://www.virustotal.com/gui/file/bcf78cd0bbb72682031d2abd1edfe1498f9d2c26a96a6831e88008b4a0ece6a7/detection
# Reference: https://www.virustotal.com/gui/file/47483768f06311345c545c2774ef3592dfd568ed2172690d67e97b871fbb5dae/detection
# Reference: https://www.virustotal.com/gui/file/472a16d5af7173eb77bce00e965d573a4657252bd0af5eb87ae9c29e025e2c26/detection
# Reference: https://www.virustotal.com/gui/file/0338d383faded72a6762c5f14d3804fe46bc3e0c0bbdcb2f7921a3b913192355/detection
# Reference: https://www.virustotal.com/gui/file/96d522cdf1e656d2be40994ea9c37eb22e4e555d9da32a6725b2fa2c4a000963/detection
# Reference: https://www.virustotal.com/gui/file/20d2347ec017a64191327dba9cedf7ed5af921df7fc43390a6b745703de9f831/detection
# Reference: https://www.virustotal.com/gui/file/8dea5cc4b16ecd3eda0e53a13048cec88939109374f69a9eb4e2c90d230793a9/detection
# Reference: https://www.virustotal.com/gui/file/b98031c2167cf9b07dea6e4d031956b85e2f52414ac60a2694765bf72f6bc624/detection
# Reference: https://www.virustotal.com/gui/file/0bbb92a61b4f0773ccfea0dfe75ba26fddf5dcdfc6845e59debf6ca4f41c7ff1/detection
# Reference: https://www.virustotal.com/gui/file/b756109104742cbdab8dfc98fb41d5bb364b078686004f694d5c6762e0449012/detection

142.202.240.40:2222
164.90.144.14:7577
167.160.166.133:7888
185.136.159.232:7888
185.136.170.108:8078
185.140.53.35:7188
185.140.53.35:8887
185.174.101.254:1977
185.234.216.112:1033
185.234.216.112:5200
193.218.118.85:8078
193.26.21.227:8887
194.5.97.10:9073
23.105.131.186:6677
23.239.31.129:54556
23.239.31.129:54557
66.11.124.196:7777
66.154.103.241:7123
69.65.7.138:6677
77.247.127.138:2222
79.134.225.70:47580
79.155.26.66:9999 
79.155.26.66:10000
jbfrost.live
chance2021.ddns.net
install-java.myq-see.com
jegstrig.duckdns.org
mineqroft.publicvm.com
networkip.duckdns.org
pluginserver.duckdns.org
pplugin.duckdns.org
redlan.mywire.org
tasklistmgr.duckdns.org
nectarclampplaza.com
okomas.com
7cmqghpupqiquxkfgmotxv6nfl366hyekx4mulez6rdgwdmq7hn72rad.onion

# Reference: https://app.any.run/tasks/963ab6c6-1165-4b14-8aa0-9a3721a73208/

185.140.53.159:3008
rhid08.ddnsking.com

# Reference: https://twitter.com/fr0s7_/status/1403331077775794176
# Reference: https://www.virustotal.com/gui/file/f3024442a64390d6ef55147674b67a32f6de35e9461befc539f4b39c65cb5e3b/detection

178.170.46.153:3030
invlookiing.com
frhb61552ds.ikexpress.com

# Generic

/strigoi/
/strigoi/lib.zip
/strigoi/server/?hwid=
/strigoi/server/ping.php
