# Copyright (c) 2014-2019 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: http://www.symantec.com/security_response/writeup.jsp?docid=2009-050707-0639-99&tabid=2

abc-hobbies.com
acadubai.org
adserv.co.in
alfamex.com
b.nt002.cn
b.rtbn2.cn
b.tn001.cn
bckp01.in
boogiewoogiekid.com
buldrip.com
cdcdcdcdc212121cdsfdfd.com
cdcdcdcdc2121cdsfdfd.com
citypromo.info
du01.in
du02.in
ftp.acmeinformation.com
ftp.hunterscentral.com
ftp.periodicopuruvida.com
gator862.hostgator.com
googcnt.co.in
hostrmeter.com
inetrate.info
laststat.co.in
nt002.cn
nt010.cn
nt101.cn
nt13.co.in
nt16.in
nt17.in
nt20.in
nt202.cn
ppcimg.in
prstat.in
redserver.com.ua
s046.panelboxmanager.com
saper.in
spotrate.info
successful-marketers.com
swallowthewhistle.com
up002.cn
up003.com.ua
up004.cn
up01.co.in
up02.co.in
up03.in
whitepix.info
yimg.com.ua
zenpayday.com
zurnretail.com

# Reference: https://twitter.com/VK_Intel/status/1025017793245315072

webcoremetrics.com

# Reference: https://twitter.com/abuse_ch/status/1116023921894219778

216.221.73.45:2222
d221-73-45.commercial.cgocable

# Reference: https://twitter.com/Bank_Security/status/1124209952019689472
# Reference: https://pastebin.com/pTXbXVnZ
# Reference: https://blog.talosintelligence.com/2019/05/qakbot-levels-up-with-new-obfuscation.html
# Reference: https://twitter.com/_Bear_Crawl_/status/1124357801906716672
# Reference: https://pastebin.com/Tq6ji8uV

lg.prodigyprinting.com
hp.prodigyprinting.com
layering.wyattspaintbody.net
painting.duncan-plumbing.com
rss.thulos.com
wordpress.4ainternacional.com
feedback.couponpx.com
10tillcom.montgomerytech.com

# Reference: https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html (# Win.Dropper.Qakbot-6956539-0)

jpfdtbmvuygvyyrebxfxy.info
hknkmwfdngcfavzhqd.biz
ywubouysdukndoakclnr.org
uwujtnymeyeqovftsc.org
kaaovcddwmwwlolecr.org
ijdlykvhnvrnauvz.com
lunkduuumhmgpnoxkbcjqcex.org
hsyglhiwqfc.org
forumity.com
zebxhuvsz.com
yxssppysgteyylwwprsyyvgf.com
fcptxaleu.net
olosnxfocnlmuw.biz
cbqjxatxrumjpyvp.biz
sproccszyne.org
uschunmmotkylgsfe.biz
wgysvrmqugtimwhozoyst.biz
tkpxkpgldkuyjduoauvwoiwcg.org
cufgghfrxaujbdb.com

# Reference: https://blog.talosintelligence.com/2019/07/threat-roundup-0719-0726.html (# Win.Dropper.Qakbot-7079811-0)

aqksafpuovjyfrzit.org
aulmkpipscpopgwrtzhlnqmjk.info
bmbtgoova.com
cagkhrabktfwkuroydfwtta.org
doiknfcneeeydnyofyurzy.info
erbqfnvqsahyshygeglwhxhvd.org
hibqrywwciwhbks.net
jkijlzrsvic.com
jueafvkiigmul.org
mgpepssjlpytbdktejekl.net
nwocsvuw.net
pzsbodhuinrzhcjin.org
tvntnfczmfiewin.info
uofdwoxezbdujgadioqvy.net
vljfhvniqpl.org
vwsbvkpkzgsvyhapfcm.org
wlakhytkctowfowlzyehtt.net
wupgkipgaiu.biz
yaznaovutvzwgp.net
ymoabqpo.com
zqpbnjvmfkfzbyko.info

# Reference: https://blog.talosintelligence.com/2019/10/threat-roundup-1004-1011.html (# Win.Dropper.Qakbot-7287972-0)

ageanrzekiycakzrswcq.com
cyiynudufvqmswxgtdkgyal.org
evvedpvqyno.net
fmncuwynktocekwqmthsr.net
hrmmnxigwodcsbqhcezedv.net
ocqfamsdr.org
ohfckvgylddiulbtgcrdijtpl.org
ohnzjsjoyxmkfpafaouujked.biz
qguuivkqppwohlzzvjv.org
rpagfveavil.com
tnqnpjthcwhhit.biz
utglavlafksmzfcniumfwwbm.biz
wpaoyqevfvmqquvpfwo.com
wyrlmssiybtkxemblgkturpw.net
zhkclrrbgufzsgljzohs.com

# Reference: https://twitter.com/killamjr/status/1183831240090312706

mottosfer.com
sosanhapp.com

# Reference: https://twitter.com/killamjr/status/1184219573664530437

ivoireboutique.net
newbestacademy.com

# Reference: https://twitter.com/DGAFeedAlerts/status/1186130743241707520

veadymnpvxjxzicecamltc.com

# Reference: https://www.vkremez.com/2018/07/lets-learn-in-depth-reversing-of-qakbot.html

104.153.240.6:2222
105.227.20.203:443
107.15.153.110:8443
12.196.116.242:443
12.2.201.35:443
146.135.9.64:443
150.200.247.87:443
172.164.17.102:443
172.87.188.2:443
173.160.3.209:443
173.160.3.209:995
173.191.238.124:995
173.248.24.230:443
173.70.44.171:443
173.80.75.177:443
173.81.42.136:21
174.109.117.152:443
174.48.72.160:443
181.93.205.181:443
184.174.166.107:443
184.180.157.203:2222
184.191.61.13:32100
185.219.83.73:443
189.175.147.195:443
190.185.219.110:443
204.85.12.25:443
204.85.12.26:443
205.169.108.194:443
206.67.215.7:443
207.178.109.161:443
207.243.48.26:443
209.180.154.97:995
209.213.24.194:443
216.201.159.118:443
216.21.168.27:32101
216.21.168.27:50000
216.21.168.27:995
216.218.74.196:443
216.93.143.182:995
24.100.46.201:2222
24.11.50.136:443
24.141.179.121:443
24.155.191.156:995
24.163.66.146:443
24.175.103.122:995
24.180.160.192:443
24.180.246.147:443
24.190.226.234:443
24.209.137.134:443
24.228.185.224:2222
24.252.80.93:443
24.6.31.163:443
24.93.104.154:443
47.134.236.166:443
47.186.93.228:443
47.221.46.163:443
47.223.85.33:443
47.40.29.239:443
47.48.236.98:2222
50.111.32.211:443
50.198.141.161:2078
50.32.243.36:443
50.42.189.206:993
63.79.135.0:443
65.116.179.83:443
65.132.30.18:443
65.169.66.123:2222
65.191.128.99:443
65.191.74.248:443
65.40.207.151:995
66.189.228.49:995
67.11.27.100:443
67.197.104.90:443
67.197.97.144:443
67.55.174.194:443
67.76.37.105:443
67.83.122.112:2222
68.113.142.24:465
68.129.231.84:443
68.133.47.150:443
68.173.55.51:443
68.206.135.146:443
68.207.33.232:2222
68.207.33.242:443
68.207.43.173:443
68.207.45.236:443
68.226.136.96:443
68.49.120.179:443
68.59.209.183:995
69.129.12.186:21
70.118.18.242:443
70.169.12.141:443
70.182.79.66:443
70.21.182.149:2222
71.10.155.97:443
71.172.250.114:443
71.190.202.120:443
71.210.153.133:443
71.222.141.81:61200
71.33.192.23:995
71.48.218.91:995
71.77.22.206:443
71.85.72.9:443
72.133.105.155:443
72.133.75.134:443
72.174.25.139:443
72.179.39.89:443
72.193.162.108:443
73.106.122.121:443
73.130.229.200:443
73.152.213.187:80
73.183.145.218:2222
73.231.147.128:443
73.40.24.158:443
73.52.101.153:80
73.74.72.141:443
74.88.210.56:995
75.106.233.194:443
75.109.193.173:1194
75.109.193.173:2087
75.109.193.173:8443
75.127.141.50:995
75.189.235.216:443
75.189.239.153:443
76.101.165.66:443
76.176.7.41:443
76.182.33.43:2222
76.186.82.51:443
76.73.202.82:443
85.25.211.31:65400
93.108.180.227:443
96.248.15.254:995
96.32.171.132:443
96.40.85.72:443
96.73.55.193:993
97.70.129.250:443
97.70.85.248:443
97.84.166.64:443
97.84.210.38:2222
97.97.160.42:443
98.103.2.226:443
98.16.70.197:2222
98.225.141.232:443
98.243.166.148:443
98.26.2.182:443
99.197.182.183:443
content.markdutchinc.com
