# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/Racco42/status/1044562743519584257

ahyanari.duckdns.org

# Reference: https://twitter.com/Racco42/status/1040353263579738113

hicham9risa.duckdns.org

# Reference: https://twitter.com/securitydoggo/status/938750437913776128

blackuser.zapto.org

# Reference: https://twitter.com/securitydoggo/status/919906367254728706

localical.duckdns.org

# Reference: https://twitter.com/alphasoc/status/905590729774309377
# Reference: https://www.hybrid-analysis.com/sample/dce8919a6c8460b43894701e86259a4291afd50530aed579ff4709de40d32d41?environmentId=100

total-virus.myq-see.com

# Reference: https://twitter.com/Racco42/status/1095739216582070274

jidennagrace.ddns.net

# Reference: https://twitter.com/Racco42/status/1097498140452810752

unknownsoft.hopto.org

# Reference: https://twitter.com/Racco42/status/1108660192407928833

103.1.184.108:8897

# Reference: https://twitter.com/securitydoggo/status/821328472945606656

baderke.hopto.org

# Reference: https://twitter.com/James_inthe_box/status/1099845879387701248

94.237.44.31:9935

# Reference: https://twitter.com/James_inthe_box/status/1113510929738547200

unknownsoft.duckdns.org

# Reference: https://www.hybrid-analysis.com/sample/c967628280e9021ad5c5da6b0174c4ba4c3b34dafc936951ce67f71d479f14a9?environmentId=100

vigo147.duckdns.org

# Reference: https://twitter.com/James_inthe_box/status/1066354476032782337

mikon.ddns.net

# Reference: https://twitter.com/HONKONE_K/status/1115138016836587521
# Reference: https://app.any.run/tasks/1e12de01-e208-48dc-890a-1767e6521fe4

firefoxsystem.sytes.net
201.95.138.11:2000

# Reference: https://twitter.com/Racco42/status/1102879193631731713

185.198.26.245:8769

# Reference: https://twitter.com/pmelson/status/1141318191483904004

soucdtevoceumcuzao.duckdns.org

# Reference: https://github.com/edchavarro/RAT_IoCs/blob/master/README.md

46.246.82.66:2000
115.duckdns.org

# Reference: https://www.virustotal.com/gui/file/1b6515d5d9a1eda84fa8446b67136a38f135202390eb48b0f2457653a75f6409/detection

79.134.225.105:3360
pro111.ddns.net

# Reference: https://www.virustotal.com/gui/file/f2f4b5810518d30c63ad4a9414f6218cb79bffa55fd7924be03aaa38523242dd/detection

money1234.duckdns.org

# Reference: https://www.virustotal.com/gui/file/32a148fe79c3725ba6d942fcf7831e3c7dc7a1ecf713d4a00e29cf16de8bb762/detection

79.134.225.126:3360
79.134.225.99:3360

# Reference: https://www.virustotal.com/gui/file/6ba459128261265c1be418c654deeafb9d8906877c7b7561003dca11d911e66c/detection

79.134.225.105:7974

# Reference: https://www.virustotal.com/gui/file/62a14d579dc19797680324b806c7b79fe0a21bc230f92a6452fc90d47127c163/detection

192.69.169.25:1116
sosclient.duckdns.org

# Reference: https://www.virustotal.com/gui/file/ec5bf201bc21e14b3b4759c2420a751f38489bfc98d3e250b26f93b279aeb812/detection

anahowaana.theworkpc.com

# Reference: https://www.virustotal.com/gui/file/9419903da3ba711c2a897b3d8a22150b0c203e8a7a6a5badfd59bb9dae03da53/detection

elinakos.kozow.com

# Reference: https://www.virustotal.com/gui/file/c1d5e335396556c6ac592e6612b7860c9c7b3d3d9d6ce340f41295848b547c69/detection

170.83.100.97:1337
papu3.ddns.net

# Reference: https://www.virustotal.com/gui/file/611e3ca28cf6c29a310c9e1151df0c8e7386d9d6accb781aa221648cf407b325/detection

170.83.100.53:3360

# Reference: https://www.virustotal.com/gui/file/f7a2611f5a564b25204e9369e5e1bd1829385eca483ef4f675550e5b3a5b5ff2/detection

177.40.130.119:7974

# Reference: https://www.virustotal.com/gui/file/f18d8ca644e9a9ef1eb3207085d1e1b1c020255ad14e0921745c3b3594c927c9/detection

177.133.235.48:7974

# Reference: https://www.virustotal.com/gui/file/cb80b7a552b846e1a7c53bbc50f96c11a1478c40d208fe62bf7b0353b04c008e/detection

179.181.225.203:7974

# Reference: https://blog.talosintelligence.com/2020/01/vivin-cryptomining-campaigns.html
# Reference: https://otx.alienvault.com/pulse/5e29b7189d749995b2d4ea71

67.214.175.69:8002
116.203.234.128:8094
winlogon.publicvm.com
spoolsv.linkpc.net
mstsc.publicvm.com
mmc.publicvm.com
lsass.publicvm.com
dwm.publicvm.com
csrss.publicvm.com
csrss.linkpc.net
ddl3.data.hu

# Reference: https://www.virustotal.com/gui/file/f7e36848143feafb8e7ef877f2ba4365692713d9cdc81c57b57909bb3178fbd1/detection

152.238.106.214:7974

# Reference: https://www.virustotal.com/gui/file/2f30a7efe9ee331445aef032f5b854069ef626fd13057b1dc3293d9874b8e225/detection

149.28.14.103:515

# Reference: https://twitter.com/c3rb3ru5d3d53c/status/1223790397744390146
# Reference: https://www.virustotal.com/gui/file/ea59411c081c6fa100b6d57f1dfa06221834dd22243272e8fd450e89655b0d49/detection

197.162.66.49:6

# Reference: https://www.virustotal.com/gui/file/03571693645ff1f2b2bf934a239ab23fb180e552f41526dfdbe6e437d973b518/detection

104.28.18.40:8880

# Reference: https://www.virustotal.com/gui/file/991c0f534a52bbfb98dc63e7dc586467916e5cc752587ce0e48a364859b3f614/detection

104.28.19.40:8880

# Reference: https://www.virustotal.com/gui/file/b2235c99c2db088ae60f0d33fd7223b2fcd0098331c3d1f7c62009276f30e277/detection

172.64.100.30:8880

# Reference: https://www.virustotal.com/gui/file/539646179984c441b9ca00e863e6dfcf3b72fcbeae42819b5c54932a6e1a692a/detection

172.64.133.33:8880
172.64.98.30:8880

# Reference: https://www.virustotal.com/gui/file/c2ab0d81e8a1b35ff2dab1c3dcc5e4f14f4f4605f78bf1ccc529dc007644f53a/detection

172.64.143.32:8880

# Reference: https://www.virustotal.com/gui/file/5837b9bd5c895ce9012432d59d2efe0e1f3c8020ccc11dac2a35af3171ca3136/detection

172.64.161.2:8880

# Reference: https://www.virustotal.com/gui/file/794b3f7e0a58720c93dbb3d63ea1237dc59819e75cac70343710c7a138f5fb2a/detection

172.64.192.14:8880

# Reference: https://www.virustotal.com/gui/file/682dfa834c1f658722c6fd4ef80ce3c1cdc34ffd1dbc7467096dad6a65881fa5/detection

172.64.174.36:8880

# Reference: https://www.virustotal.com/gui/file/6a1e57b777aa56010e79408ca469c9a8c6359d8d44fe46d3c08c61710cae028b/detection

172.64.193.22:8880

# Reference: https://www.virustotal.com/gui/file/76cf11c50de23ebaac2438fb32feae89a92ec9e123b0881d96086dd8bbd207d3/detection

172.64.142.23:8880

# Reference: https://www.virustotal.com/gui/file/667d4732d68e711f0e4061603c4a34c26f4ac56970c532042d9b0ce9bee7a1d8/detection

172.64.200.22:8880

# Reference: https://www.virustotal.com/gui/file/25fa6b6923fff515c7298e202c08e7200dfc16e2f0caf242aa2b1f4c27a7d744/detection

172.64.175.36:8880

# Reference: https://www.virustotal.com/gui/file/9e63d2ac3dc280a25c27a126752fdde1c8c5a0c4b4990f479a44dd8441b22ab3/detection

172.64.104.22:8880

# Reference: https://www.virustotal.com/gui/file/c82d512cbd78daf152374bb4300db614b779ae6cb288b670f09ccdf100f7dda9/detection

172.64.143.23:8880

# Reference: https://www.virustotal.com/gui/file/69323b77879368060e4573f076a33b41fa37608136bff3af43b64b6de5c6fa92/detection

172.64.194.23:8880

# Reference: https://www.virustotal.com/gui/file/f797c98462e9f1b94e4c63e6c2de5c981af89d317b02769d3351b15e4a5784c8/detection

172.64.102.22:8880

# Reference: https://www.virustotal.com/gui/file/4bb342c21ff563454d2fdc25eb3e63731d06d20c1fca2522061ad1ef38a53c89/detection

104.27.170.155:8880

# Reference: https://www.virustotal.com/gui/file/4509710cc46e9f2d0972c2ed4ff600060f73975020ad982e8dcad37655a49ada/detection

172.64.195.23:8880

# Reference: https://www.virustotal.com/gui/file/9e20426e68924538ec0d73deec7f6067030a494ea18a1700ae6fd2984c81ce41/detection

172.64.105.22:8880

# Reference: https://www.virustotal.com/gui/file/65cb35d1b09097aa64b89062a060b3bb680bc4c962ff116f32edf92735f401eb/detection

172.64.107.22:8880

# Reference: https://www.virustotal.com/gui/file/da6e4d8554f239ff422586cda609d201fd3a8577abe723c2c9cceb15715c148c/detection

172.64.175.37:8880

# Reference: https://www.virustotal.com/gui/file/a0e4398c15353e593e986b6d30fc55abf8ca5ce1c6ef03d5799ee334c14120ce/detection

104.27.153.198:8880

# Reference: https://app.any.run/tasks/fad3bec3-1cd6-41c1-9e91-ae3b35fdc46d/

anahowaana.theworkpc.com
dhanaolaipallets.com
51.178.27.97:8181

# Reference: https://maltiverse.com/sample/fd71687c5bd104b0979fb91a275562f68f043a7efc26ff34ad86f24d6243e17c

android.myvnc.com

# Reference: https://www.virustotal.com/gui/file/3ffc60a7d92086e73ef200e9e82151463edf22a41294bf7abf6f896c29e067d2/detection

105.155.226.200:42030

# Reference: https://www.virustotal.com/gui/file/661f52553c374d882dbcd5e8b1c7cbe8431e31a56b619b080348dd7e1de46e6d/detection

196.89.54.89:42030

# Reference: https://www.virustotal.com/gui/file/0d7c2b1e9252b0ec0be997c919bb0943997dc4dc63c409a9f272266954bb614c/detection

160.177.249.173:42014
160.178.74.96:42014
196.217.80.252:42014
196.89.49.7:42014

# Reference: https://www.virustotal.com/gui/file/c10ad67e8a23417a8b21bef25e89e3c436750f776e7527737f6b557e2aeffe49/detection

105.155.224.111:42026
105.155.229.147:42026
160.177.249.173:42026
160.177.251.71:42026
160.178.233.229:42026
160.178.234.66:42026
160.178.74.96:42026
41.249.230.167:42026

# Reference: https://www.virustotal.com/gui/file/de2808efd8173cea71b405a4e7379eefec1a3a9699e63dd782a419cf95ddb0a5/detection

149.200.189.174:190

# Reference: https://www.virustotal.com/gui/file/36baa3ae8030bdc88e47172e259ac88660c460250dc84f261dd46e405017f1b9/detection

91.109.184.5:190
149.200.191.144:190

# Reference: https://www.virustotal.com/gui/file/a005f2ef2b6dcccdbaba11edbcf0a4ba433daeed5591de33cb00705690aa9359/detection

149.200.189.1:190

# Reference: https://www.virustotal.com/gui/file/2b0f828ea7ccc071a4defeab284188a893abba8896fc9ba3c07f5b9edf4396fd/detection

46.185.191.200:190

# Reference: https://twitter.com/JayTHL/status/1240395083398156290

178.73.192.67:7000
348.duckdns.org

# Reference: https://www.virustotal.com/gui/file/6213933d3a19b63c4089ca55e6fabdd13970dfc27086c03885a92e0787b1cdfc/detection

46.246.86.67:2000

# Reference: https://www.virustotal.com/gui/file/f27bf58f139135d555d138492260c91b91e95ec338225667b1510f5df4e4f3ec/detection

46.246.4.72:2000

# Reference: https://www.virustotal.com/gui/file/d89e9f0cc852dc2da2f3249e8470f730c52124f4426ced9ddd4ae116cd0b325e/detection

46.246.26.68:2000

# Reference: https://twitter.com/malwrhunterteam/status/1241028761044344840
# Reference: https://www.virustotal.com/gui/file/81eec45f37af555aeec261e805420c010c950af00ed13c296607f5318ac1122d/detection

179.180.11.225:7974
authy.winconnection.net

# Reference: https://twitter.com/Racco42/status/1243283862958100487
# Reference: https://app.any.run/tasks/d897ec3e-e047-4250-b9d5-ecca57de3794/
# Reference: https://app.any.run/tasks/7f29a544-8929-45b1-a57f-9504defb906d/

185.81.157.136:6353
185.81.157.221:7755
anahowaana.theworkpc.com
usausa.gleeze.com

# Reference: https://twitter.com/KorbenD_Intel/status/1243644138555183104
# Reference: https://twitter.com/James_inthe_box/status/1243646413755404289

35.247.209.230:7974
jornaldacidade.store

# Reference:

177.126.146.1:7974
177.126.146.12:7974
177.126.146.14:7974
177.126.146.27:7974
177.126.146.58:7974
553636.duckdns.org

# Reference: https://www.virustotal.com/gui/file/309e22ca759d8db0f6fb5b1b55e09af56f76a5a7f5608424711597b26969aaee/detection

45.161.63.1:7974

# Reference: https://twitter.com/James_inthe_box/status/1249745344381870080

xboxones.duckdns.org

# Reference: https://app.any.run/tasks/e6286845-b34d-44ba-af1e-bd1cbfae64a1/
# Reference: https://www.virustotal.com/gui/file/0d052e3f58b028741712bbf96c3c28361527e5e0bc86d90b6d915a3af96cc5b8/detection

http://185.244.30.27
185.244.30.27:7833

# Reference: https://www.virustotal.com/gui/domain/accer.sytes.net/relations

170.83.100.236:1010
170.83.100.38:1010
170.83.101.172:1010
177.115.35.243:1010
177.124.77.198:1010
177.124.77.202:1010
177.208.246.201:1010
185.244.31.26:1010
185.244.31.67:1010
185.247.228.19:1010
185.247.228.8:1010
189.104.133.153:1010
189.104.178.61:1010
194.5.98.22:1010
201.48.209.82:1010
79.134.225.73:1010
170.83.100.236:7974
170.83.100.38:7974
170.83.101.172:7974
177.115.35.243:7974
177.124.77.198:7974
177.124.77.202:7974
177.208.246.201:7974
185.244.31.26:7974
185.244.31.67:7974
185.247.228.19:7974
185.247.228.8:7974
189.104.133.153:7974
189.104.178.61:7974
194.5.98.22:7974
201.48.209.82:7974
79.134.225.73:7974
accer.sytes.net

# Reference: https://www.virustotal.com/gui/file/356f82b4eebafbee66d7d5c37d69382ad2ce567dc9843fdd715cc59bce5120ec/detection

78.237.226.172:81
82.252.136.13:81

# Reference: https://www.virustotal.com/gui/file/f66c470d8caf4ff624e2af9f0723577b4e26b5dc95c965292958adfa89ba3fa5/detection

5.135.68.245:1555
freehost222.ddns.net

# Reference: https://www.virustotal.com/gui/file/e6b8f52f375e7b16377fbdaa5aa5b885fac1374c01461a6c534d2910eaeedf59/detection

197.62.112.99:1177
hpop.ddns.net

# Reference: https://app.any.run/tasks/21d5b597-5201-44ce-908a-76ee5d378653/

40.89.159.9:20000
macakou.ddnsgeek.com

# Reference: https://twitter.com/Racco42/status/1323965081974165509

185.250.240.7:2121

# Reference: https://twitter.com/Racco42/status/1323963659895427072

193.239.147.64:7042

# Reference: https://app.any.run/tasks/a794aba2-397c-4dad-81df-d6ef507b195d/

13.86.117.93:1111
optionadd.ooguy.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1328224305277231104
# Reference: https://twitter.com/James_inthe_box/status/1328320676931850241

194.5.98.177:6649

# Reference: https://www.virustotal.com/gui/file/fa556c466086d32584b7630430aeb83412e5e97de8abc8fc6777f26fee6f17cb/detection

185.19.85.181:7788

# Reference: https://app.any.run/tasks/ec5ea06b-775b-409f-8216-df61356c1324/

185.19.85.181:3216

# Reference: https://www.virustotal.com/gui/file/76de87a4ce6128b46b10966d8e0be7b6b974ac08b40c7aef8ddb6724ffee66c7/detection

185.81.157.188:8081
wsearch.linkpc.net

# Reference: https://app.any.run/tasks/e92ad5b4-8577-4c4d-87d9-da35903f4cc0/

20.186.91.251:7561
serviceoutlook87896.myq-see.com

# Reference: https://www.virustotal.com/gui/file/769b597d78ee623ae664531f4628cd8e4f89b01c9e57dd8f107fabfb4c0611ad/detection

176.44.226.232:7776
176.45.212.125:7776
yzeddd.no-ip.biz

# Reference: https://www.virustotal.com/gui/file/887c2355f4f99efa22d1f0f8a8c9ca04706fb137b94b179df41a06c1a9372d51/detection
# Reference: https://www.virustotal.com/gui/file/63bbdf24d55f50144b93fbf64f6d44d6bc4f322af68a219a88aaabee76b1c917/detection

78.42.70.24:10562
systeme38.system-ns.net

# Reference: https://twitter.com/James_inthe_box/status/1362148644435030016
# Reference: https://app.any.run/tasks/509845c7-929c-42dc-b78b-5b14f499b3bf/

194.5.97.237:4093
kennethlhughesk.duckdns.org

# Reference: https://twitter.com/peterkruse/status/1362159077485338626
# Reference: https://www.virustotal.com/gui/file/b59d2b9a39dc0fe9c1d99c87e73e6c1b610d294b1ba5ace1f371868c12409130/detection

icecubee.ddns.net
lachattemouilleee3875383444.duckdns.org
nanobackup301.duckdns.org
weretogoto.ddns.net

# Reference: https://app.any.run/tasks/32693d5f-a1ad-4ed8-ac9e-a935b77f6d59/

179.14.170.49:2020
2021j.duckdns.org

# Reference: https://twitter.com/wwp96/status/1366836424851488768
# Reference: https://app.any.run/tasks/03f066cb-ee7e-4d0e-8ecd-64c513ea6c4d/

52.142.149.244:1001
wodmainenew.xyz

# Reference: https://www.virustotal.com/gui/file/1458e55e8b7800f8a2dc372e725451619f74f0fb90a3331ca48477e0439b4ef9/detection

79.134.225.26:7974

# Reference: https://www.virustotal.com/gui/file/128644d8ea3bbcaac05e927288d20bb91cd344fda0e422f9aab34e63b3bb07f2/detection

194.37.97.172:1122

# Reference: https://www.virustotal.com/gui/file/ac0b1c48b5342b3602404cca7b915bbbaffa193ba181a20aa13e6902744887b7/detection

http://89.40.206.121
89.40.206.121:1122

# Reference: https://www.virustotal.com/gui/file/b0d017c497f44f80ffad99488d687c31a29ea856277c59b1a8d4aadd9d98efd0/detection

http://194.37.97.135
194.37.97.135:1177

# Reference: https://www.virustotal.com/gui/file/d5f5ddf9f82f0b757883d8e0fa319c95f2c30a10436ba820384967822ddd9fc8/detection

194.37.97.135:1155

# Reference: https://www.virustotal.com/gui/file/2b3b749b4ac9ea892e2c14b5cf016a9c79fbaa3cdfb27a2ba04a68a6e0f9f86c/detection

194.37.97.135:1145

# Reference: https://www.virustotal.com/gui/file/5893cbdb7d3f443668a3d48c3d1ab559d33bafe553e0e988c5d32889276229e5/detection

194.37.97.135:1111

# Reference: https://www.virustotal.com/gui/file/93875d799ab91a2cc3f21fe899a7e167053d3e2013430792ab997c1dbd40fbfb/detection

52.231.103.159:5901
jon-steak.duckdns.org

# Reference: https://www.virustotal.com/gui/file/a89127ec0c19df41166916cfa4c199d97eade3ec4f0cf4d2281408cfe2790c2a/detection

103.151.125.57:8094

# Reference: https://www.virustotal.com/gui/file/edfc2ab4dda22155a535eade581e2acf7b7eb4ad340812901b74c8383026d5a5/detection

148.251.10.115:1006
servicesslwindows.myq-see.com

# Reference: https://www.virustotal.com/gui/file/f3de898b1a825ac83fa3af60eaf80016738021cb01218d53c37514299a2e219f/detection

149.28.59.56:8082
wmpnetwk.myq-see.com

# Reference: https://www.virustotal.com/gui/file/e4932fd389212d411b83b2bcee8b63314ecb57b5c2f798a6fd2d99b83b1c78b4/detection

159.69.142.67:90
88.99.99.222:90

# Reference: https://app.any.run/tasks/134eabf5-f587-4702-ba8f-d75ef1fb117f/

103.147.185.192:7974

# Generic trail

/Vre
