# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: slrat, spymax

# Reference: https://twitter.com/LukasStefanko/status/1239494265618694147

assdsiwi.ddns.net

# Reference: https://www.virustotal.com/gui/file/eb5db64f88a09cf8b5c72d2b3a0a45439c678bb513fb7adb59b335f0354cd095/detection

41.253.52.89:1515
41.253.23.12:1515
41.253.23.12:28028
216.38.7.245:6666
41.252.167.210:1515
41.252.167.210:28028
172.217.194.188:443
172.217.194.188:5228
172.217.194.139:443
82.205.176.250:1515
41.252.139.115:1515
41.252.139.115:28028
165.16.67.82:1515
165.16.67.82:28028
41.253.168.216:1515
41.253.168.216:28028
assdsiwi.duckdns.org

# Reference: https://www.virustotal.com/gui/file/988ba9665b44a2791f4ea3d6b95b885287212e0fecac8bb517784a6a69c0c6ff/detection

shakermohammd19999.ddns.net

# Reference: https://www.virustotal.com/gui/file/07ae6fa0f804e16f24ed052ef25349780195bfa95b557e9be52f29f9abbf39db/detection

187.122.224.72:5214

# Reference: https://www.virustotal.com/gui/file/4d5e47d30b62dcb134f3c2964f70e18efd73df1e6c8da5cc1e6582ec62fe366d/detection

177.64.155.133:5214

# Reference: https://twitter.com/malwrhunterteam/status/1248661416791465984

anti-corona.app

# Reference: https://www.virustotal.com/gui/ip-address/144.76.30.213/relations

144.76.30.213:443

# Reference: https://twitter.com/LukasStefanko/status/1250451829877587968
# Reference: https://www.virustotal.com/gui/domain/pataraha.com/relations

pataraha.com/apps/downloads/

# Reference: https://twitter.com/malwrhunterteam/status/1251514856114737154
# Reference: https://www.virustotal.com/gui/file/234fab850c14c91c9e0cd0b2a003c5ce9d17aeba5e88b24abd29c7cab89181ba/detection

frewasss.myq-see.com

# Reference: https://www.virustotal.com/gui/file/74cea86b03f5a3f31a8b5f262f3ff8349eb406f3ea0221d34ea85cde46717f4c/detection
# Reference: https://www.virustotal.com/gui/file/9a436bf2e60a9682d5cd5c4c74fa87c56e094ebaec03b8818d84298af1fd8b05/detection
# Reference: https://www.virustotal.com/gui/file/043c30441bde4a1f839bbbb06aa0651fb80f043510848c7a22cea33ddc966136/detection
# Reference: https://www.virustotal.com/gui/file/3aff643f9121af2881b7995c7cfc7fe456e87bf189765576c96a0a6e4273dead/detection

141.255.147.237:2492
91.192.6.212:2392
91.192.6.212:2492
q1q1q1.ddns.net

# Reference: https://twitter.com/malwrhunterteam/status/1252909522605277184
# Reference: https://www.virustotal.com/gui/file/ccb7c588115211956598f8af7ac66c0feabf6ba7b6b6832a7f66ad2edf2492d3/detection

39.53.94.143:4444
tandertx.ddns.net

# Reference: https://twitter.com/ReBensk/status/1254691066298511360
# Reference: https://www.virustotal.com/gui/file/253262aa1b7eb99796acbcccdedb3cf627e32042ab35a75544c23af9e25a76b3/detection
# Reference: https://www.virustotal.com/gui/file/bdffec168572196309fd356c26e0db5180d083297f76264945f463635fc5ed98/detection

197.206.139.184:71
41.105.255.65:71
steemit.hopto.org

# Reference: https://www.virustotal.com/gui/file/f733ded73d4f498327480d232e415465c0f5654a69b431da081f83998b49ead2/detection

193.161.193.99:45467
gwennie.duckdns.org

# Reference: https://twitter.com/malwrhunterteam/status/1256471836457684992
# Reference: https://www.virustotal.com/gui/file/c140c29382aae632858fdb39f0fd9fe0737b7d758c818b582cea89354524937a/detection

185.166.27.9:5555
whoami769.hopto.org

# Reference: https://twitter.com/malwrhunterteam/status/1258671300777783297
# Reference: https://www.virustotal.com/gui/file/638f7ae0adb26c5f57243c098a5f47781a981318c2461f9a3a2759ba9ef33cae/detection

111.94.75.182:2219
202.162.210.172:2219
mikymouse.ddns.net

# Reference: https://www.virustotal.com/gui/file/15ad81a58df7a8fdf5f1f0d4fe6917989ae51d0fa0b3584b3ab7aebbe19af8f9/detection

105.105.215.75:3210
141.255.159.128:3210

# Reference: https://www.virustotal.com/gui/domain/hammoud777.ddns.net/relations
# Reference: https://www.virustotal.com/gui/file/e701dfabda46e950db66fca6823198765f7226c9cda0f9bdb301d0af4045243b/detection

141.255.147.63:1177
141.255.155.10:1177

# Reference: https://twitter.com/malwrhunterteam/status/1260890636737273858
# Reference: https://www.virustotal.com/gui/file/3f69bc4b7fc50db582b13835206d2480acc66919db9123b37cf97f7f3da3b443/detection

193.161.193.99:37916
johnnj2-37916.portmap.io

# Reference: https://www.virustotal.com/gui/file/97a286e006d2233f0a2b9d2d0b680dcf9a163b3d2646d0b9fd5f12aec5a61cbf/detection

193.161.193.99:48572
wajikhan.duckdns.org

# Reference: https://twitter.com/malwrhunterteam/status/1260892816307367937
# Reference: https://www.virustotal.com/gui/file/885d07d1532dcce08ae8e0751793ec30ed0152eee3c1321e2d051b2f0e3fa3d7/detection

204.48.26.131:29491
prettysavantwholesale.com

# Reference: https://twitter.com/ReBensk/status/1261155044059222016

contactsocialmedia.tk

# Reference: https://twitter.com/Sh1ttyKids/status/1261022463002947584

spynote.us

# Reference: https://twitter.com/ReBensk/status/1261647350579097601

microsoftupdating.online

# Reference: https://www.virustotal.com/gui/file/af50e1ae653109062254c5fadc030cc7d61db21272e56d5754572f21faf903c6/detection

thecreator2020.ddns.net

# Reference: https://twitter.com/malwrhunterteam/status/1262430537714728960

aragerot.com

# Reference: https://twitter.com/malwrhunterteam/status/1262454926074093569

156.220.5.128:1337
spynotesooker17.ddns.net

# Reference: https://www.virustotal.com/gui/file/efb8414f3d653685de5c0cc421d64fb36f757f462d51ac41f8fd6b5a76f1772a/detection

193.161.193.99:39546
farhad5010-39546.portmap.io

# Reference: https://twitter.com/ReBensk/status/1268742575537549316

m8dmkw.dynu.net

# Reference: https://twitter.com/malwrhunterteam/status/1269300424693239809
# Reference: https://www.virustotal.com/gui/file/ab079c5e6189c241000ce4da51f9e18b9f68d408d524bc88ea695f3280c42349/detection

105.155.228.6:3210
imsgms.myvnc.com

# Reference: https://www.virustotal.com/gui/file/36ff6698d50a85504bc876f4878de1b911082effa6d3c445ebf9924184fd17a2/detection

193.161.193.99:62364
antorkhan-62364.portmap.io

# Reference: https://www.virustotal.com/gui/file/9aa01a909ccd2300d0c196fa2b408fe63c9b2aae0abe5acd1e2c2d03ec1ebdc4/detection

217.54.133.82:4444

# Reference: https://www.virustotal.com/gui/file/0cb7e42bd7f9bfbd6e048f59cce4a0e3f1e963981b7f0c5970a86a70583d2b68/detection

62.114.186.254:9999

# Reference: https://www.virustotal.com/gui/file/d710bd370bac3ea7cfd737ad243d107ba870e03886ca7fa945b838e66fe867c4/detection

217.54.88.221:9999

# Reference: https://www.virustotal.com/gui/file/6f129c7805b6997974bf1a1939f0e473708711cfb896460ea02a52ae6818259f/detection

62.114.215.21:4000

# Reference: https://www.virustotal.com/gui/file/cc5b7eb74dd0f51ed76a061350fec6b1b61b8262ddb6288ee981ac080c31a5c4/detection

62.114.207.156:9999

# Reference: https://twitter.com/malwrhunterteam/status/1271855227411587072
# Reference: https://www.virustotal.com/gui/file/ccf588a728abb3f9a1f1b1d0d8f02b1a3a0ff4198589b25575969d0428a8a66b/detection

82.137.218.185:215

# Reference: https://www.virustotal.com/gui/file/aa9133d68ebbb8f777b685ec15a358e0fb2d572bd30ce962d3d1b0c53b785523/detection

185.255.46.114:5551

# Reference: https://www.virustotal.com/gui/file/40836373cb307d6472e20f2c65916ee2ab291fdb27864d456fc5fbe2ec927d21/detection

192.169.69.25:24306

# Reference: https://www.virustotal.com/gui/file/5fc0d6fe1d249ed433dba8f9ad03307748434ca08a6ae729858c2382861c4d04/detection

190.74.113.35:8000
enrike653.ddns.net

# Reference: https://www.virustotal.com/gui/file/45ef21cca5c70be1f607252c89ebf4873795fe53fa214ed627b24f9000d1852f/detection

190.73.153.239:8000

# Reference: https://www.virustotal.com/gui/file/592bdfea96900f38525b6afe0b353cca422923052360c771b3fd1d3729824494/detection

141.255.146.170:3210
mlh123.ddns.net

# Reference: https://www.virustotal.com/gui/file/6f046db5bbd119d9d383a46ead8c1369ac597c37ea567144c341ea5e9ebed3e9/detection

141.255.145.115:3210

# Reference: https://www.virustotal.com/gui/file/c6954678b39e121c60fd691275238267f97f5ce4264255458c06e155a232423c/detection

141.255.153.22:5214

# Reference: https://www.virustotal.com/gui/file/ce4db4c837defde7461daa1a8a77a0232629b881a21a5741cdb072cf4d897552/detection

141.255.157.158:5214

# Reference: https://www.virustotal.com/gui/file/90d5a6b010901ed67c861d0c3bfdd21f894c13c094a06b78cccc16625c6147de/detection

37.8.24.221:5214

# Reference: https://twitter.com/SecuriTears/status/1276907531231727616
# Reference: https://www.virustotal.com/gui/file/41b2e5473836a59bbba209b9a0d346b22f7e9bb9d1b4c90ca9b5f1626112ee31/detection

http://49.233.182.150
49.233.182.150:3210
