# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: Fatal RAT

# Reference: https://us-cert.cisa.gov/ncas/analysis-reports/ar20-216a
# Reference: https://otx.alienvault.com/pulse/5f2865f69cb2faed57caf33a
# Reference: https://www.virustotal.com/gui/ip-address/210.68.69.82/detection

http://210.68.69.82
210.68.69.82:443
cnaweb.mrslove.com
infonew.dubya.net
unitytst.icrown.tw

# Reference: https://blog.reversinglabs.com/blog/taidoor-a-truly-persistent-threat
# Reference: https://blog.reversinglabs.com/hubfs/Blog/Taidoor_SHA1_list.txt
# Reference: https://blog.reversinglabs.com/hubfs/Blog/Taidoor_C2_list.txt
# Reference: https://otx.alienvault.com/pulse/5f73728047c24e9b842215ad

accountinfo.authorizeddns.us
boomboo.tk
cnaweb.mrslove.com
dynamic.fdkc.jumpingcrab.com
findback.dynssl.com
google.sec-c.ga
hireg.fdkc.ignorelist.com
hsr.col.tracer.tk
hsr.net.redisk.ga
info.dynamic-dns.net
infonew.dubya.net
kd.dynamic-dns.net
kmoud.mooo.com
kwords.hpc.tw
kyoto.farted.net
lotussed.2waky.com
mitac.com.knick.tw
nfa.jps.ucolor.jp
obamaus.mooo.com
retry.server.dynamicdns.biz
sslvpn.protecting.dsmtp.com
sslvpn.reverse.b0tnet.com
syscom.com.skies.tw
twnic.almostmy.com

# Reference: https://twitter.com/c3rb3ru5d3d53c/status/1399791063284563975
# Reference: https://www.virustotal.com/gui/file/c55f542c30e31612f7d171bf389dcadf866c71c89e610984da0ec954ffc6dd49/detection

103.119.44.102:8081

# Reference: https://twitter.com/c3rb3ru5d3d53c/status/1400075253695537155
# Reference: https://www.virustotal.com/gui/file/210990e36122e0facc7c74373569f052fa0651ab06644330fe00b685793ee0fd/detection

103.119.44.93:8081

# Reference: https://www.virustotal.com/gui/file/e52af19dce25d51f9cf258613988b8edc583f7c7e134d3e1b834d9aab9c7c4c4/detection
# Reference: https://www.virustotal.com/gui/file/34f37327a0154d644854a723e0557c733931e2366a19bdb4cfe6f6ae6770c50f/detection

103.119.44.100:8081
