# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.welivesecurity.com/2018/10/18/new-linux-chachaddos-malware-distributed-servers-vestacp-installed/
# Reference: https://news.sophos.com/en-us/2018/10/22/chalubo-botnet-wants-to-ddos-from-your-server-or-iot-device/

103.51.13.52:8852
193.201.224.202:8852
193.201.224.238:8852
193.201.224.239:8852
10afdmasaxsssaqrk.com
7mfsdfasdmkgmrk.com
8masaxsssaqrk.com
9fdmasaxsssaqrk.com
efbthmoiuykmkjkjgt.com
hackucdt.com
linwudi.f3322.net
lkjhgfdsatryuio.com
marchdom4.com
mnbvcxzzz12.com
poiuytyuiopkjfnf.com
q111333.top
rfjejnfjnefje.com
sq520.f3322.net
uctkone.com
zxcvbmnnfjjfwq.com

# Reference: https://twitter.com/zom3y3/status/1201354714480144384

http://103.27.185.139

# Reference: https://www.virustotal.com/gui/file/983b7d21fd6b6d21aff2e3100bed3f738ec50a31d2219afdd7dacc5670bfe017/detection

193.201.224.84:8080
lakusdvroa.com

# Reference: https://twitter.com/zom3y3/status/1229258375189262336
# Reference: https://www.virustotal.com/gui/ip-address/103.82.143.51/relations
# Reference: https://twitter.com/Dinosn/status/1243929863410667520
# Reference: https://blog.netlab.360.com/two-zero-days-are-targeting-draytek-broadband-cpe-devices-en/

103.82.143.51:58172
103.82.143.51:58443
dojustok.com
justokdo.com
okjustdo.com
/vig/tcpst1
/vig/mailsend.sh1
/LSOCAISJDANSB.php
/uploLSkciajUS.php

# Reference: https://twitter.com/0xrb/status/1229351611757056001

156.255.121.102:8080
46.21.147.113:58126
dtd5686.com

# Generic trails

/ASDFRE/
/ASDFREM/
/CATLSIDWU
/DAAADF/
/GHJFFGND/
/JHKDSAG/
/RTEGF/
/RTEGFN01/
/YTRFDA/
/ASDFRE.dat
/GHJFFGND.dat
/JHKDSAG.dat
/RTEGFN01.dat
/YTRFDA.dat
/test/res.dat
/libsdes
