# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/Artilllerie/status/1115258738368294913

/rnm226.php
/rnm238.php

# Reference: https://twitter.com/malware_traffic/status/732996960953622528

/xtrfgdb7.php

# Reference: https://twitter.com/malware_traffic/status/723237083851022337

/ckjvgphz.php

# Reference: https://twitter.com/teoseller/status/648537487397289984

/ajuno.php

# Reference: https://twitter.com/malware_traffic/status/1138999824613687298

http://80.85.155.70
work.a-poster.info

# Reference: https://twitter.com/VK_Intel/status/1139926661162512384
# Reference: https://github.com/k-vitali/Malware-Misc-RE/blob/master/2019-06-14-tofsee-spambot-modules.notes.vk.txt

/pchfv.php
144.76.199.2:416
144.76.199.43:416
176.111.49.43:416
46.4.52.109:416
85.25.119.25:416

# Reference: https://blog.talosintelligence.com/2019/08/threat-roundup-0726-0802.html (# Win.Malware.Tofsee-7090196-1)

gordinka.xyz

# Reference: https://blog.talosintelligence.com/2019/10/threat-roundup-1018-1025.html (# Win.Malware.Tofsee-7349716-1)

nekfad.xyz
ponedobla.bit

# Reference: https://www.virustotal.com/gui/domain/gmqil.com/relations

gmqil.com

# Reference: https://www.virustotal.com/gui/file/4de062a251b1b38575f8e815823b27f05e8a8eba69aec44b89bfa5a88155c747/detection

/vbyjqfw.php
/dhmuswvy.php
/bvmrgqc.php
/codfxpwuq.php
/psfyclat.php
/qxxrym.php
/frwxpvpm.php
/rusehw.php
/hmrlyx.php
/ckhadxg.php
/sslkzbml.php
/mwwqjy.php
/hrlaguph.php

# Reference: https://www.virustotal.com/gui/ip-address/51.91.31.87/relations
# Reference: https://www.virustotal.com/gui/file/b0a8c4f50a4fbddd68c67fd25f04c72c8bc82164c4cc1c63773b48d51194173b/detection
# Reference: https://www.virustotal.com/gui/file/8294d7ef6650dda837626df88d3af1f4ae21440ee5a85e3cdf9222baacea5583/detection

51.91.31.87:13333

# Reference: https://www.virustotal.com/gui/file/0de56d003ad4b2ec2b3baefc186761c0d6e7ecc957cee322b337d8317ccfdeab/detection

93.171.200.64:35000

# Reference: https://www.virustotal.com/gui/ip-address/45.128.204.56/relations

45.128.204.56:8087

# Reference: https://www.virustotal.com/gui/file/71ac7ffe233607924e6475dc2537d28a1647e78fd0e2d85f3af8760e87009e06/detection

176.9.114.177:416
188.165.238.150:416
46.28.66.2:416
78.31.67.23:416
93.179.69.109:416

# Reference: https://www.virustotal.com/gui/file/c77be7705adde8882fe9b8d2ae1120ffc978ce8993c39a1b908a595c34a44f62/detection

176.9.114.177:419
188.165.238.150:419
46.28.66.2:419
46.4.52.109:419
78.31.67.23:419
93.179.69.109:419

# Reference: https://www.virustotal.com/gui/file/401defb46887dfb03a9359ebbb257f228204b5bdbc669e1f6e48a2390ffe7737/detection

176.9.114.177:418
188.165.238.150:418
46.28.66.2:418
46.4.52.109:418
78.31.67.23:418
93.179.69.109:418

# Reference: https://www.virustotal.com/gui/file/abfe24e0c4203696a78fce0947d0badb0add61798317346d6d68942330c7ad16/detection

176.9.114.177:420
188.165.238.150:420
46.28.66.2:420
46.4.52.109:420
78.31.67.23:420
93.179.69.109:420

# Reference: 	https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html (# Win.Packed.Tofsee-7586819-1)

bestladies.cn
bestdates.cn
bestgirlsdates.cn
sex-finder4you1.com

# Reference: https://www.virustotal.com/gui/file/29ddb2d3b572e9d87505f655c114f35acb083d726c73c1e4ee3a796302960f3c/detection

43.231.4.7:443
85.114.134.88:486
sex-finder4you4.com

# Reference: https://www.virustotal.com/gui/file/ea9a07e2c8c8bae733c472099b4a8819ecb035d978ae10fb12de0162192ec241/detection

85.114.134.88:487

# Reference: https://www.virustotal.com/gui/file/94b9e7576fdb55902edf135d96a5d0bf48886753d4e236fc9ae77e53b5ccea36/detection

176.9.114.177:423
188.165.238.150:423
46.28.66.2:423
46.4.52.109:423
78.31.67.23:423
93.179.69.109:423

# Reference: https://www.virustotal.com/gui/ip-address/176.119.28.112/relations
# Reference: https://www.virustotal.com/gui/file/37f4c5a020461568f4870b7f55be47911575fe3ea45e8ed893f5dd47134ce5cf/detection

176.119.28.112:3333

# Reference: https://www.virustotal.com/gui/file/31cc99bdafbb1cca9fbc8ed4e909cc087471eb3ecb3343c1d5e5ee2467398032/detection

32ggswww2.info
jssbwtgssq.com
rwsb3tsgw.xyz
vyefb543.ru

# Reference: https://www.virustotal.com/gui/file/56742b2b280832be53db097ffc3cf69947588f367627151198938d683ed0afee/detection

45.126.183.208:8087
