# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://blog.talosintelligence.com/2019/08/threat-roundup-0726-0802.html (# Win.Trojan.Zegost-7086512-0)
# Reference: https://www.virustotal.com/gui/file/33dec68634d566b64b824855ad65a2c4c9737060bac34f9189b574b9d25c71a8/detection
# Reference: https://www.virustotal.com/gui/ip-address/104.165.160.85/relations
# NoteL online games stealers

110.110.110.5:2011
110.110.110.6:2011
110.110.110.7:2011
110.110.110.8:2011
110.110.110.11:2011
110.110.110.12:2011
110.110.110.13:2011
110.110.110.14:2011
110.110.110.17:2011
110.110.110.20:2011
110.110.110.21:2011
110.110.110.22:2011
110.110.110.23:2011
110.110.110.24:2011
110.110.110.25:2011
110.110.110.26:2011
110.110.110.27:2011
110.110.110.28:2011
af0575.com
bjerfogxz.ddns.net
fz0575.com
q9p6.com
rktmcnd123.codns.com
wk1888.com
z8q5.com

# Reference: https://twitter.com/Paladin3161/status/1179228516329635842

nxxxn.ga

# Reference: https://www.virustotal.com/gui/file/b8367eca44a6dff6b6084bd1ac48185b849b30e6d330d0d2ab619db02754728f/detection

projectteammu.no-ip.biz

# Reference: https://www.virustotal.com/gui/file/e9f03e471142e13875bd639bfd0eeb2c329a3713cd11813e8ceadb4647aba6c6/detection

96.44.160.131:5060
moqi.f3322.net

# Reference: https://www.virustotal.com/gui/file/cfafd7cad1a07d89ef14cfa3b6c45a32205b92eb5c106ffca1c9bbdcb021d07b/detection

111.229.231.218:5060

# Reference: https://www.virustotal.com/gui/file/b8a2f27eb955f7e71e90d82dfcb129f82e00224de2f01f5db48b46b1e46bd0e2/detection

121.185.22.160:8000
125.188.2.167:5453
dltmdcks78.codns.com
zzxx9508.codns.com

# Reference: https://www.virustotal.com/gui/file/282ea10b68805909fa2008c81b35ab2d3166e30c0a3c92834fbf9699e694ce1f/detection

kiss58.myvnc.com
kiss58.myvnc.com.ovh.net
lmshusheng.com

# Reference: https://twitter.com/Lokesh42651261/status/1285513089706635264
# Reference: https://www.virustotal.com/gui/domain/ssh.22ssh.com/relations
# Reference: https://www.virustotal.com/gui/file/5fb20cca77d85fedf3653f24c8109d985c946955ad50ffd18bff9e33d64bc5ef/detection

117.25.145.178:22
ssh.22ssh.com

# Reference: https://www.virustotal.com/gui/file/26084ab8e995c4614ed9b787290b937a64a8f57b7377b638d96128e14b4137f8/detection

59.46.53.214:22
ssh.361com.com

# Reference: https://www.virustotal.com/gui/file/7456e451f3c209fda2c5dd276acbb84e6c6055c48c28773396c87355c027ec4f/detection

124.207.174.197:22
ssh.4i7i.com

# Reference: https://www.virustotal.com/gui/file/ab33788b1fb4976e023c9d4885e6b7761aec25df8826b5d7fef80089a4c99251/detection

47.111.82.157:10000
lock-domain.vicp.net
wshdhk.gicp.net

# Reference: https://blog.talosintelligence.com/2020/11/threat-roundup-1106-1113.html (# Win.Trojan.Zegost-9787396-0)
# Reference: https://www.virustotal.com/gui/file/5d21dc1acd0a1dc1f3eee5da9a1fd8caa2830fc17cc1bbb7d48322c20c528e3b/detection
# Reference: https://www.virustotal.com/gui/file/7348169666e09fb7a97643248db6c8dd42d6f05f51c27ded7d2fdf6cf5bc1c49/detection

106.54.180.66:2018
128.1.136.235:2018
4s.net579.com
xiao7.in.3322.org
2017.5im.top
fs1.f3322.org
2017.64pr.com
v2.3322.net

# Reference: https://www.virustotal.com/gui/file/ad47ac369abea2a95403ea5297d95bfdb9de47de481511f4b977a307e890089d/detection

45.64.113.197:6666

# Reference: https://www.virustotal.com/gui/file/e88c154139db59428a473e662931621a8aa76d56db7cb697b0c420b377c71e57/detection

120.24.231.105:7458
47.101.191.149:30000
kks.tbfull.com

# Reference: https://www.virustotal.com/gui/file/6f835f8087c3d8b8f4ba8271441a71cf793df38d101890fc45ac5e28e5581c7b/detection

43.248.201.133:29089

# Reference: https://www.virustotal.com/gui/file/8e08db7f90390be23fd9539250ab927edc92f8fe931ef63d08a291d6b1a3fbd4/detection

119.8.103.117:8080

# Reference: https://www.virustotal.com/gui/file/27c61168094d5403096d8557e3cf94b449001aa9c9793a9f2d7ff35f49bb8643/detection

43.248.201.209:20451

# Reference: https://www.virustotal.com/gui/file/617eb393c34f20b2d9ec357fb60e40d70bcdc5e47c2be8f29b9175a1c974bd62/detection

49.234.219.172:33331

# Reference: https://www.virustotal.com/gui/file/7b5b566fbad6b738724de4caf5eafbdec95cf3f51214d43c802c7aa7d4f0d814/detection

bbs.tbfull.com

# Reference: https://www.virustotal.com/gui/file/524c91310e1db181c4d58eee43fdccf03f5e66a0b7dcc445e12887fc846354a7/detection
# Reference: https://www.virustotal.com/gui/file/28737af6b92c685b444089c3fdcb649d8978bd700c5ff9716d829ba3d1624a0f/detection

122.114.120.114:14993
125.77.29.181:2020
aaf.tbfull.com
xsdhbh.f3322.net

# Reference: https://www.virustotal.com/gui/file/b14e15bad86cdbb1fd936fed536b54316649812686dcf40a5e9cb2ff4fd27a6c/detection

114.221.193.207:2020
211.157.109.231:14993
sss.tbfull.com

# Reference: https://www.virustotal.com/gui/file/0c90bc30f5b52b580533156d6fa9849eaaaa9f065646650e7ae6cf140008398c/detection

106.12.163.200:14995

# Reference: https://www.virustotal.com/gui/file/e3280c977a5d732087bde3e98cbefe78636da37da990ec4d9d7a3da07e0cd5be/detection
# Reference: https://www.virustotal.com/gui/file/8e551b73db9971cd238a469fe46199921b380a4cec99ec8a977cfa8951d3bbf6/detection

44082288.nat123.cc

# Reference: https://www.virustotal.com/gui/file/0b23f953d2a93845adb25019df3a20e7c4872d91289fc8f7439a2204b3d5de40/detection

http://121.40.167.210
/netsyst81.dll

# Reference: https://www.virustotal.com/gui/file/2a5ab7f4ce909fa0b313e2c01e5c7340ed8058319f7ec1995fb1606f23c6e8d2/detection
# Reference: https://www.virustotal.com/gui/file/1f54af21f0f969b5b5848eaf891f19c9841035093f27bdf984d7118b7f9471e2/detection

172.247.132.147:228
221.212.158.114:228
221.212.158.114:229
vip79318901.f3322.net

# Reference: https://www.virustotal.com/gui/file/db0a89d1e507573c31c2210cf0bf19206a66cb0c7f4e811d0885b01d86538ab5/detection

61.147.103.140:17000

# Reference: https://www.virustotal.com/gui/file/7eb666c6fb0d25770eb749fda2ec1da6ea56b0c3a974e971f393234c053354b8/detection

139.162.27.37:1356
139.162.60.232:1356

# Reference: https://www.virustotal.com/gui/file/fa11e68313e87e65e8413a13c6c63962b089939f3f97e11b37c5dfe4032c9d52/detection

139.162.71.92:1356
195.128.124.140:1356

# Reference: https://www.virustotal.com/gui/file/452fec0a680e9f11334e75a0ad8f7f2b837676f08303d935b5ad188f218dcd8b/detection

139.162.71.92:57890
