# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.fireeye.com/blog/threat-research/2017/05/threat-actors-leverage-eternalblue-exploit-to-deliver-non-wannacry-payloads.html

hackqz.f3322.org
120.209.40.157:8880

# Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Nitol-P/detailed-analysis.aspx

dingtao333.3322.org

# Reference: https://twitter.com/securiteoff/status/739574861543149568
# Reference: https://www.virustotal.com/gui/file/20d841afa96e58fb7d2b4c5e8bb25d07ff36e25bbb14fc176f3f46c650cb016e/detection

feng12763.3322.org
qlsb.f3322.net

# Reference: https://twitter.com/P3pperP0tts/status/1153026768590258179

520yxsf.com

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2012/2012-04-19-digging-into-the-nitol-ddos-botnet/digging-into-the-nitol-ddos-botnet.csv

aisini1314.3322.org
bcl5736120.3322.org
ccddos.net
erwbtkidthetcwerc.com
fangqi.6600.org
fangqi.7766.org
fuck0313.6600.org
guangkuo119.3322.org
kankan902.3322.org
ksattack.6600.org
maguss.3322.org
maple110.3322.org
mybaccy.3322.org
rterybrstutnrsbberve.com
rvbwtbeitwjeitv.com
sousou123.3322.org
xin9liao.gnway.net
xinxin168.3322.org
xiong97.3322.org
yezi999.3322.org
ylddos.3322.org
zwx5060.3322.org

# Reference: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/tale-of-the-two-payloads-trickbot-and-nitol/
# Reference: https://github.com/AlienVault-OTX/Threat-Trends/blob/master/MaliciousDomains_UmbrellaRanking.csv

e.googlex.me

# Reference: https://asec.ahnlab.com/1031

b.googlex.me

# Reference: https://www.virustotal.com/gui/file/62010ae6b25999cbc37c935c163285f571294f4732965c66b9233a7573c13c10/detection

w.googlex.me
m.googlex.me

# Reference: https://totalhash.cymru.com/network/?dnsrr:*.googlex.me

w.googlex.me
m.googlex.me
googlex.me

# Reference: https://twitter.com/pancak3lullz/status/748172641131847681
# Reference: https://www.virustotal.com/gui/ip-address/110.173.30.68/relations

110.173.30.68:1111
110.173.30.68:1150
110.173.30.68:1380
110.173.30.68:1472
110.173.30.68:2013
110.173.30.68:2014
110.173.30.68:6666
110.173.30.68:8080
110.173.30.68:8085
110.173.30.68:8089
xiaoaolong.f3322.org

# Reference: https://twitter.com/pancak3lullz/status/744918444265578496
# Reference: https://www.virustotal.com/gui/file/a2d02236c2a9684310d95d5a98734d17d226da16607f98903e0a5f9d62298521/detection
# Reference: https://www.virustotal.com/gui/file/40ac46478014d0a89f787c25dd380424b0e16913bd5ff03db90c32b75aa10c35/detection

173.254.236.5:8900
45.34.191.179:8900
119.147.145.218:8511
wx137672811.f3322.net

# Reference: https://twitter.com/pancak3lullz/status/740562923639046146
# Reference: https://www.virustotal.com/gui/file/e39a3ca5574dfba2bd29a71b933c9bf22633baad10c7fcac5abbc700e5b8f175/detection

183.60.202.97:1993
longge520.f3322.net
qlsb.f3322.net

# Reference: https://twitter.com/pancak3lullz/status/739878964064194560

aabao.top
a.aklianfa.com

# Reference: https://www.virustotal.com/gui/domain/leiyan.hk/relations

leiyan.hk

# Reference: https://twitter.com/pancak3lullz/status/739573412973150208

zhaojinyi5045.f3322.org

# Reference: https://twitter.com/pancak3lullz/status/742832969539158017

125.88.146.61:9595
hackxiao.top

# Reference: https://www.virustotal.com/gui/file/9ea76521dacafc0437c12d3e7b2db5e4cd27054c476e87dfe9fb2934bbd3668b/detection

gyddos.com

# Reference: https://www.virustotal.com/gui/file/87c00a2dbc7aad92c63afe8633dde5253da9dd8c663dfe257ab17c087c967b16/detection

61.160.232.140:65534
5302000.publicvm.com

# Reference: https://www.virustotal.com/gui/file/f5ce87456cad6b035e20df4e3c8cfd6f68353913dbb78be8383036842c54ec69/detection

103.226.124.222:65534

# Reference: https://www.virustotal.com/gui/file/a624fd04789db3e1327fd981ac01b79c1d432819e752291843e4e4778794d6aa/detection

112.74.75.143:6666

# Reference: https://www.virustotal.com/gui/file/96a8382fe8bd91e1cf9ab358cb03f597dc3bcef66503275c17b914e28b438c92/detection

210.222.25.223:6666

# Reference: https://www.virustotal.com/gui/file/22bd3e766de31699464b08467a47b6c44f4825e4984221f74209cdb9c2b26756/detection

61.84.56.105:1234

# Reference: https://www.virustotal.com/gui/file/1b9c5b63df29807ca8dd96c4878d33dc2b1a3bed6a11e8e7bb29ba7a868ac341/detection

sexgb.codns.com

# Reference: https://www.virustotal.com/gui/file/bcf7e416d7fdb066b831720789ffffcde71e4e1ba99294a159ff342175d9c069/detection

182.225.123.146:8080
tv1004.codns.com

# Reference: https://www.virustotal.com/gui/file/6bf39bbb04edf94d46ba9f1a80ac41a3113eac9befc02dc72444aa8e5a68ea55/detection
# Reference: https://www.virustotal.com/gui/file/4406f6e797db9308fb2e7d37483f96c71f91fadc98d45539bbe4137f6a8bb241/detection

173.208.243.3:8090
173.208.243.4:8914
74.91.16.130:8089
74.91.16.132:8914
74.91.16.133:6688
imddos.my03.com

# Reference: https://www.virustotal.com/gui/file/8b7539df3ca2a8d75f9ce1da69b66b761ff1661fe42b03f18103cd0b0f068956/detection

103.30.40.76:881
103.70.77.18:881
185.207.154.26:881
185.207.154.91:881
185.239.225.133:881
193.42.27.224:881
194.156.132.105:881
222.186.59.89:881
23.236.68.162:881
23.236.68.175:881
23.236.68.185:881
23.236.68.213:881
23.236.68.213:9999
23.236.68.89:881
23.236.68.89:9999
23.236.68.99:881
43.224.249.211:881
45.116.77.70:881
45.116.77.70:9999
45.117.102.172:881
45.120.156.139:881
45.120.156.160:881
45.120.156.160:9999
45.120.156.178:881
45.120.156.178:9999
45.13.199.120:881
45.13.199.120:9999
45.137.10.85:881
45.138.81.176:881
45.138.81.176:9999
78.142.194.122:881
5123.2288.org

# Reference: https://www.virustotal.com/gui/file/1d15ccc6dc69f1f0a40f2b1396220120577396a18a9d09ca79a0c267a50e23cf/detection

211.243.120.137:2
ghkdtldhs.p-e.kr
