# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/Timele9527/status/1144069969845481474
# Reference: https://app.any.run/tasks/69351273-5fd3-4590-a5a5-da639f86f9ec/
# Reference: https://www.virustotal.com/gui/file/bf34be94275f5b05d82b3805bccb30f217020d88f501d156324f98b5eda9ba7e/detection
# Reference: https://www.virustotal.com/gui/file/071c2ac354452d484a37e7af15dd4685061dd4af93abad4308f41df673132ff0/detection

192.99.241.4:4915

# Reference: https://twitter.com/Timele9527/status/1130670958971215873
# Reference: https://www.virustotal.com/gui/file/386ed7ba502e7bf0e60c546476c1c762cbc951eb2a2ba1f5b505be08d60310ef/detection
# Reference: https://vtbehaviour.commondatastorage.googleapis.com/386ed7ba502e7bf0e60c546476c1c762cbc951eb2a2ba1f5b505be08d60310ef_Tencent%20HABO.html

95.168.176.141:4864
95.168.176.141:16672

# Reference: https://twitter.com/HONKONE_K/status/1122327639249698816
# Reference: https://www.freebuf.com/articles/network/197398.html

bdrive.club
bdrive.space
cloudserve.online
cynqms.com
data-backup.online
firebasebox.com
scan9t.com
tprlink.com

# Reference: https://twitter.com/Timele9527/status/1121607912676261890
# Reference: https://www.virustotal.com/gui/file/b80635fed8c7fce92385ddb66fb6f58337a8a150c4a1d158888adaa8db0cfebc/detection
# Reference: https://vtbehaviour.commondatastorage.googleapis.com/b80635fed8c7fce92385ddb66fb6f58337a8a150c4a1d158888adaa8db0cfebc_Tencent%20HABO.html

peechtrees.com

# Reference: https://twitter.com/HONKONE_K/status/1104951156730544128
# Reference: https://www.virustotal.com/gui/file/500f8798dd582b22928097f24d8516893beb84d155f5a2a6ebf30bbcf4d91dae/detection
# Reference: https://vtbehaviour.commondatastorage.googleapis.com/500f8798dd582b22928097f24d8516893beb84d155f5a2a6ebf30bbcf4d91dae_Tencent%20HABO.html

81.17.56.226:3864

# Reference: https://www.proofpoint.com/sites/default/files/proofpoint-operation-transparent-tribe-threat-insight-en.pdf

178.238.228.113:7861
178.238.235.143:80
178.238.235.143:9001
193.37.152.28:9990
213.136.87.122:10001
5.189.143.225:11114
5.189.145.248:10032
5.189.145.248:1453
5.189.145.248:6318
62.4.23.46:1500
ad2.admart.tv
afgcloud7.com
avadhnama.com
bbmdroid.com
bbmsync2727.com
bhai123.no-ip.biz
bhai1.ddns.net
brooksidebiblefellowship.org
cdrfox.xyz
intribune.blogspot.com
lolxone.com
mvssync8767.com
ordering-checks.com
thefriendsmedia.com
sahirlodhi.com
sms.totalworthy.com
sudhir71nda.no-ip.org
winupdatess.no-ip.biz
comdtoscc.attachment.biz
ceengrmes.attachment.biz
email.attachment.biz
fileshare.attachment.biz

# Reference: https://twitter.com/Timele9527/status/1167626219916972032

kmcodecs.com

# Reference: https://twitter.com/Timele9527/status/1186816375857139712

isroddp.com
/rEmt1t_pE7o_pe0Ry/

# Reference: https://twitter.com/Arkbird_SOLG/status/1219769450989334528

198.46.177.73:6421
198.46.177.73:4920
198.46.177.73:10422
198.46.177.73:14823
198.46.177.73:16824

# Reference: https://twitter.com/_re_fox/status/1232402275181703169

185.136.163.197:4442

# Reference: https://twitter.com/_re_fox/status/1226344529046929408

awsyscloud.com
/E@t!aBbU0le8hiInks/
/H!pT0pNSc3nd/
/eNn!T5eals/
/Pon0N.php
/Cor2PoRJSet!On.php
/f3dlPr00f.php
/pR0T5o-Niums.php
/Dev3l2Nmpo7nt.php
/xwunThedic@t6.php

# Reference: https://twitter.com/spider_girl22/status/1246082462649683968
# Reference: https://www.virustotal.com/gui/file/94fc14e5c961c1dd8ff63330f0bdd11c8f5e1563468d7d35127ae486144c3dd2/detection

107.175.1.103:3268

# Reference: https://twitter.com/ShadowChasing1/status/1250303709013147650
# Reference: https://www.virustotal.com/gui/file/3c7eb76db2a503d495d1332dc50acbcf511d56a6ff5a7f1a5f9c16c5efc10b5d/detection

64.188.25.205:3692

# Reference: https://twitter.com/ShadowChasing1/status/1257268847175860224
# Reference: https://twitter.com/KodaES/status/1257265452654497792
# Reference: https://app.any.run/tasks/250c2c2d-fdfb-4f46-8565-a9b2538c1ace/

107.175.64.251:6286
