
# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.hybrid-analysis.com/sample/6712718d0ef08b5f73421e85fd35d3bb475f167ff657448164887e5e75f2fb2f?environmentId=100
# Reference: https://www.virustotal.com/#/file/6712718d0ef08b5f73421e85fd35d3bb475f167ff657448164887e5e75f2fb2f/detection

microsoft-net.myq-see.com
yuotube.myq-see.com

# Reference: https://www.virustotal.com/en/file/0aad3aa5a60e7f43a9c02d4157897e46007a0579e1e31d3565276a483025d369/analysis/1393442949/

elmagic530.no-ip.info

# Reference: https://www.virustotal.com/en/file/7dca5d237e5ae5dc8f5309ba88a991e2adcaa5abd97071915418369b2d65a262/analysis/1392547350/

jokerhacking.no-ip.biz

# Reference: https://www.virustotal.com/gui/file/b5244b5b67630706481d91da2cae09bcd6598d5f896498c558497b485ce04fb1/detection

192.169.69.25:1607
192.69.169.25:1607

# Reference: https://www.virustotal.com/gui/file/915164e31542c1e1c581afa4c26014932b79dac6f307e411d1316b8839485ffd/detection

192.69.169.25:6060
ipvhost.duckdns.org

# Reference: https://www.virustotal.com/gui/file/8100fa867eb75f312ac7dd0fb7dbb22a330dd9e1e709bca91d58a7b79746de19/detection

141.255.156.154:4444
141.255.152.84:4444
141.255.152.202:4444
sleev.ddns.net

# Reference: https://www.virustotal.com/gui/file/36e2cab17f1d577ce8bdd06d9350d2e664dd6e1eb160b6124b0bc5d6cd7472ad/detection

194.5.98.31:1177

# Reference: https://www.virustotal.com/gui/file/3a8c972e050d71832a5c4eaa64a122458da03907ba00e11ea77414b37549c5cf/detection

78.159.135.230:28692
showix.no-ip.biz

# Reference: https://www.virustotal.com/gui/file/fe13c6ba03871e66fdb90b899c7fd1e3c93178116afb7c78e3bf44fdcd020aa8/detection

exploor.no-ip.biz

# Reference: https://www.virustotal.com/gui/file/9143323bf038e1434c9679097f69dc63f1c28a5636f77b41f781ecef78a709d9/detection

kieffeng.zapto.org

# Reference: https://www.virustotal.com/gui/file/0fd2c99f46d064b583b378d44f2505f0d45b6fe42743a4eb8339e14f5e235df8/detection

cool-t.no-ip.biz

# Reference: https://www.virustotal.com/gui/file/f1eee2cc43d0fe4d34063676f0d7d9bfebb09d4e17c1fbb35e2144e7b98ac302/detection

79.134.225.122:8152

# Reference: https://twitter.com/ScumBots/status/1210236846145515520

actionmtasa.ddns.net

# Reference: https://www.virustotal.com/gui/file/6e81745c75f8665737f2943577221d3e6aa87bb5d98e9f0cb01c52a46b3fba62/detection

18.223.41.243:18090

# Reference: https://www.virustotal.com/gui/file/9b13c262b60990077089f8d289d8b09f8b84e4dcdc0d6227e235270bf229bf6e/detection

193.161.193.99:40197
carmino77-40197.portmap.io

# Reference: https://www.virustotal.com/gui/file/da2eb53310a9b8d6c4131288fcce98602f0e7b77085a02f7d7f69ac11565687b/detection

193.161.193.99:37648

# Reference: https://www.virustotal.com/gui/file/7bc4e604accf951f11e281e027a93b29fb62fa52496d60344b19b2c82d9b1181/detection

kims1998.ddns.net

# Reference: https://www.virustotal.com/gui/file/3bdc0b41d42dd4fb0d801dbbcabef21fc5d4dd074bd85f2317104cb43a1ddd8d/detection
# Reference: https://www.virustotal.com/gui/file/dc77a97aac9c747896b617d5d818f5759c5b89daf01b17550dce69ec37189bc1/detection
# Reference: https://www.virustotal.com/gui/file/ccbc2811197023ceb8a9827b0d7492598f808e9b6da59bec6aa9c1d7b580d8ae/detection

103.212.180.234:4433
147.50.241.204:4433
182.232.217.172:4433
182.232.217.182:4433
182.232.217.194:4433
182.232.225.43:4433
182.232.228.46:4433
182.232.46.30:4433
223.205.80.236:4433
223.205.82.15:4433
223.205.82.192:4433
223.205.82.213:4433
223.205.83.13:4433
223.205.86.102:4433
223.205.86.13:4433
223.205.86.146:4433
223.205.87.7:4433
223.206.144.116:4433
223.206.144.152:4433
223.206.144.41:4433
223.206.144.9:4433
223.206.145.243:4433
223.206.145.82:4433
223.206.146.120:4433
223.206.146.15:4433
223.206.147.149:4433
223.206.148.100:4433
223.206.148.194:4433
223.206.149.109:4433
223.206.151.150:4433
223.206.151.156:4433
223.206.151.33:4433
223.206.64.227:4433
223.206.65.2:4433
223.206.65.33:4433
223.206.66.199:4433
223.206.67.132:4433
223.206.67.230:4433
223.206.67.245:4433
223.206.68.104:4433
223.206.70.166:4433
223.206.70.198:4433
223.206.71.133:4433
223.206.71.28:4433
43.229.151.248:4433
77.78.103.20:4433
94.229.67.133:4433
103.212.180.234:4560
147.50.241.204:4560
182.232.217.172:4560
182.232.217.182:4560
182.232.217.194:4560
182.232.225.43:4560
182.232.228.46:4560
182.232.46.30:4560
223.205.80.236:4560
223.205.82.15:4560
223.205.82.192:4560
223.205.82.213:4560
223.205.83.13:4560
223.205.86.102:4560
223.205.86.13:4560
223.205.86.146:4560
223.205.87.7:4560
223.206.144.116:4560
223.206.144.152:4560
223.206.144.41:4560
223.206.144.9:4560
223.206.145.243:4560
223.206.145.82:4560
223.206.146.120:4560
223.206.146.15:4560
223.206.147.149:4560
223.206.148.100:4560
223.206.148.194:4560
223.206.149.109:4560
223.206.151.150:4560
223.206.151.156:4560
223.206.151.33:4560
223.206.64.227:4560
223.206.65.2:4560
223.206.65.33:4560
223.206.66.199:4560
223.206.67.132:4560
223.206.67.230:4560
223.206.67.245:4560
223.206.68.104:4560
223.206.70.166:4560
223.206.70.198:4560
223.206.71.133:4560
223.206.71.28:4560
43.229.151.248:4560
77.78.103.20:4560
94.229.67.133:4560

# Reference: https://www.virustotal.com/gui/file/ae4eaf56217d5fd04988802042dd2579bcd6815dbccefb57f9986ac2869eb308/detection

kinginho9508.codns.com

# Reference: https://www.virustotal.com/gui/file/91384d1426485aa5d0c7da0ee5f7b262f664c81c814c104d9ba9391216b850d0/detection

45.247.189.120:1010

# Reference: https://www.virustotal.com/gui/file/f9bfffe39d452b5ca52d260692c1d80dea08738b7cf3115f59795b790656f6c5/detection

45.247.214.36:1010

# Reference: https://www.virustotal.com/gui/file/f5aa0690692498ae2f00ba166d603e37180136723496f6e95e9beb5a86f6f97c/detection

45.247.169.81:1010

# Reference: https://www.threatcrowd.org/malware.php?md5=c5e78fde3fa65bf0d7fc6f2dc5984fb9

freedns2020.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=86c35eaff071aedf65bc752fc43d3ed7

coolkhaled.zapto.org

# Reference: https://www.threatcrowd.org/malware.php?md5=dac68e02e32caa52e7f786af37680279

ash1.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=e7377022966bd07a9af7616a42c8377c

ayoubbousalem1.ddns.net

# Reference: https://twitter.com/ScumBots/status/1238325752141144064

164.163.39.186:2000
libertadores.duckdns.org

# Reference: https://www.virustotal.com/gui/file/b23b48241e996ce0563311b0eb4f551f037c0134c3f5927c4eaaf2d9e8d32139/detection

64.52.164.169:1111
demonz.ddns.net

# Reference: https://www.virustotal.com/gui/file/c8ee655113de05731cb117c6192be8c716d452889f2eaad5cc616aa44732638c/detection

zdcgdgawr3.ddns.net

# Reference: https://www.virustotal.com/en/file/6c18145ff39653968002e268066144ccabc61a6da4373a6bc0db9494374c484b/analysis/

nerujeo.zapto.org
nerujeo.no-ip.org

# Reference: https://www.virustotal.com/gui/file/7c5078167c0f4f9c9889086585c055240df13c8a71612c48a0f68d74c0f8614e/detection

141.255.152.244:82
windowslive.ddns.net

# Reference: https://www.virustotal.com/gui/file/82b31882742f1fd219dcb1911218dbb9a6ba2847d478d3d723c4d3893c3b659d/detection

goodview1.ddns.net

# Reference: https://www.virustotal.com/gui/file/445aed632342a6fb12b80843b1d818ff28cbeb38f10002f9a8af20ee51f51c80/detection

nandos.hopto.org

# Reference: https://www.virustotal.com/gui/file/e6b2b7696d3e986b8c9256f29d052cb0d1bfdd691ae01a4d43ff5c397d4a284b/detection

141.255.158.206:3333

# Reference: https://www.virustotal.com/gui/file/5072c8f2f159c8ef7687128ca90c6ce4209fbb1d6754bcb3c06d171a45932e10/detection

etiphgkl9hj.duckdns.org

# Reference: https://www.virustotal.com/gui/file/234befabf415bbb030d02ba3fce6b2a441e08beea7589ccc0a1a3ee1861b70a6/detection

aazzoo74.no-ip.org

# Reference: https://twitter.com/ScumBots/status/1259181921503973376

185.19.85.184:3008
updateinfomcs.hopto.org

# Reference: https://www.virustotal.com/gui/file/717fe12773df62261b136b85bb37f08b56cd94dfa0e51bcd5c80e4431bce1e28/detection

141.255.153.81:4545
windowsapplication.ddns.net

# Reference: https://www.virustotal.com/gui/file/f9cfd6ba5df8eafa98f1156122e73ab5998dc787a7ff41def70a6e4654e819a7/detection

207.244.113.46:6060

# Reference: https://www.virustotal.com/gui/domain/hammoud777.ddns.net/relations
# Reference: https://www.virustotal.com/gui/file/f96a93ff908d215ff19f1e80e6d4535b2312c984a1fb5ae04dce7c1d6a012947/detection

141.255.147.63:4444
141.255.155.10:4444

# Reference: https://www.virustotal.com/gui/file/94eb8962825a9a1472fff5b8f70c381e05992b38c506a3d5cedee4ba9cae13fd/detection

14.48.6.22:8458

# Reference: https://www.virustotal.com/gui/file/4df3facb47904d7af4723f97e3000c87d8db8fee8e196201dda09f927a37f5ea/detection

190.73.144.189:1332

# Reference: https://www.virustotal.com/gui/file/a143d26f2de1818bf2a2696dc046625e5801b6bf5d02b2cf545e9d4389252fe6/detection

62.215.122.90:5554
tsm1.ddns.net

# Reference: https://www.virustotal.com/gui/file/d580739fc1ddd55c6cae6273787c317ca72bfb79c6869ac74291dedf71d65fbc/detection

189.27.135.149:2000
189.27.135.149:81
corvo1997.ddns.net

# Reference: https://www.virustotal.com/gui/file/1dbdb667d0cada523ec1fa168e0ef5f7638f44344e0503063b27c59536898805/detection

179.178.22.180:2000
179.178.22.180:81
