# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/Antelox/status/768023996923277312

193.164.131.58:10000

# Reference: https://twitter.com/James_inthe_box/status/1080521422823337984

193.42.107.7:3687

# Reference: https://twitter.com/ostinjohn/status/994560995615039488
# Reference: https://www.hybrid-analysis.com/sample/3aca697f1ac623ac970764dd1b248339d03f18acd5ba1b4a443ff9d5016f8e4e/5af3d6237ca3e179812bdfc5

178.238.230.52:3828
178.238.230.52:6828
178.238.230.52:11226 

# Reference: https://twitter.com/Antelox/status/810488762140684288
# Reference: https://www.virustotal.com/gui/file/f0b27a8c47f6d9f82489e0e5fba75f70fab8acdbb63b05c93cb3cceec90295ae/community

37.48.84.229:9901

# Reference: https://twitter.com/Antelox/status/770613975662796803
# Reference: https://www.virustotal.com/gui/file/c88095a28fea80409da7b2fc601b4c68828f0d31b7faebe4453217887f9e3241/community

5.189.161.200:7865

# Reference: https://www.proofpoint.com/sites/default/files/proofpoint-operation-transparent-tribe-threat-insight-en.pdf (# Crimson C&C)

bhai123.no-ip.biz
bhai1.ddns.net
sudhir71nda.no-ip.org
178.238.228.113:7861
193.37.152.28:9990
213.136.87.122:10001
5.189.143.225:11114

# Reference: https://twitter.com/killamjr/status/1190456533588598784

139.28.36.82:53631

# Reference: https://twitter.com/DynamicAnalysis/status/1197938882026901504

5.196.210.44:33401

# Reference: https://twitter.com/DeadlyLynn/status/1213338265308155904
# Reference: https://www.virustotal.com/gui/file/6078b55381e39779f915032533a93d725bab98982b303998fa8ba2ecfc675737/detection
# Reference: https://www.virustotal.com/gui/file/ecd7d7a27a2a043919a233bb91e3b009c05b7c81ff132a7c29228e1c45d2b6a6/detection

167.114.138.12:6828

# Reference: https://twitter.com/DynamicAnalysis/status/1220432888019214337
# Reference: https://medium.com/@dinu135dk/revive-of-crimson-rat-6b8838920c02

160.20.147.59:2987
bjorn111.duckdns.org
newsupdates.myftp.org

# Reference: https://www.virustotal.com/gui/file/d27474625cdc0c3456918edfa58bfaf910c8b98c6168a506ac14afc1a41fb58f/detection

192.169.69.25:2987

# Reference: https://app.any.run/tasks/9ca972d6-3574-4d85-bd68-a9cd26c203ee/

185.140.53.91:6711

# Reference: https://twitter.com/malwrhunterteam/status/1229780080517357568

64.188.25.232:3263

# Reference: https://twitter.com/w3ndige/status/1235184651699998721
# Reference: https://www.virustotal.com/gui/file/370a108b98b8652aacd4acec5d140cab685291ad77e2a4a0821734aad614eb6a/detection

185.174.100.63:34891
185.174.100.63:3920
transfer-shopping-malls.webredirect.org

# Reference: https://app.any.run/tasks/8527edcf-6459-48f6-aee2-85eaf817571c/

198.46.177.73:6421

# Reference: https://twitter.com/killamjr/status/1232071072096239617
# Reference: https://app.any.run/tasks/2eeeb372-d6ba-4f9f-add7-8b1532f938ec/

alrazi-pharrna.com

# Reference: https://twitter.com/_re_fox/status/1236483115037704192

198.46.168.28:2581

# Reference: https://twitter.com/_re_fox/status/1235941826634354688
# Reference: https://app.any.run/tasks/d8b93681-2730-4d03-b796-c52562260328/

181.215.47.169:3368

# Reference: https://twitter.com/_re_fox/status/1232493185475104771

107.175.64.209:6728

# Reference: https://twitter.com/_re_fox/status/1232402275181703169

185.136.163.197:4442

# Reference: https://twitter.com/srcr/status/1232288977790668801

185.244.30.102:4590

# Reference: https://twitter.com/killamjr/status/1232071072096239617

185.244.30.102:4950

# Reference: https://twitter.com/_re_fox/status/1237740569293701120

64.188.25.205:3692

# Reference: https://blog.malwarebytes.com/threat-analysis/2020/03/apt36-jumps-on-the-coronavirus-bandwagon-delivers-crimson-rat/
# Reference: https://otx.alienvault.com/pulse/5e6fa2a12088756147d24648

email.gov.in.maildrive.email

# Reference: https://app.any.run/tasks/7fe802ae-9d74-4e40-91e3-bb65cd06a458/

107.175.95.107:6790
westvalleyhospicecare.theworkpc.com

# Reference: https://www.virustotal.com/gui/file/9f7bc1ac97d28d614f9b1965709a284511b9b13f3bd9685707f8f377b949efe5/detection

78.159.131.80:10001
superingtest.zapto.org

# Reference: https://app.any.run/tasks/250c2c2d-fdfb-4f46-8565-a9b2538c1ace/

107.175.64.251:6286
