# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/MaelSecurity/status/1039752010713718785

endbars.co
readact.co

# Reference: https://twitter.com/K_N1kolenko/status/1109030275395342336
# Reference: https://twitter.com/PhishFindR/status/1184743844962803712

kaosjdoaaf6.pw
kadosjdoafa.pw
kadosjdoaaf6.pw
hostyourhe.xyz
offerswides.xyz
/fk/f2.php
/hc/f2.php

# Reference: https://twitter.com/0x1xday/status/1115541156434202624

deluxemattress.ca

# Reference: https://twitter.com/K_N1kolenko/status/1098500517272137728

cba.demdex.uk.com
hegorevent.online
/googleads

# Reference: https://twitter.com/K_N1kolenko/status/1097488279279226881

businesmol.pw
hegorevent.club

# Reference: https://twitter.com/K_N1kolenko/status/1095997980614770688

unilear.pw
236.16.27.121:443
158.95.73.22:443
185.92.222.238:443
212.11.167.110:443
242.5.247.180:443
64.34.94.27:443
134.90.213.11:443
72.125.213.163:443
237.236.131.48:443
192.71.249.51:443

# Reference: https://twitter.com/malware_traffic/status/1119331956217585664

business4good.eu

# Reference: https://twitter.com/devnullek/status/1097871459752599552

driverssoftware.info
messagesupport.info
softwaresearch.info
traderssoftware.info

# Reference: https://twitter.com/James_inthe_box/status/1122156673299173377

frezyderm-orders.gr/sites/all/notused/not/ponto.php

# Reference: https://twitter.com/devnullek/status/1123208253566005248
# Reference: https://app.any.run/tasks/a86516d1-07c3-4417-b4ad-bd8ce026acee

piosnoksld.info
zaratoons.info
212.73.150.207:443

# Reference: https://twitter.com/0xE9FBFFFFFF/status/1140946344137416704

fiuiert.xyz
lulipcxulci.info
statusnim.info

# Reference: https://otx.alienvault.com/pulse/5d0b9cbf63180da44379580a
# Reference: https://research.checkpoint.com/danabot-demands-a-ransom-payment/

braksiolsa.top
brekwinarew.site
brukaisloap.club
brukiloapos.xyz
bruksialopws.icu
goskilindad.site
gousikolka.space
guksuoiew.top
gustemiaksa.icu
gustokiloe.xyz
jklfsdkfjhwefjosdf.top
jklfsdkfjhwefjosdf.xyz
kadosjdoaaf6.pw
kadosjdoaf6.pw
kadosjdoafa.pw
kadosjdoiafa.pw
kaosjdoaaf6.pw
kaosutdoaaf.pw
kaosutdoaaf6.pw
kdguwoewpew.pw
kdosjdoiafa.pw
kduwouewpew.pw
kipokahynr.top
kipokahynr.xyz
lidaskiheg.site
lidaskiheg.space
lindakiski.top
lnet4-data.com
mon-sta.com
muabolksae.club
muoklaiow.xyz
nautorern.xyz
net4-data.com
okjauwbueiws.top
okjauwbueiws.xyz
oneuisopeweh.icu
onueilsndsuywe.xyz
sfjskdjfwoiewwegroup.tech
thegiksjoute.online
thenautorern.tech

# Reference: https://twitter.com/Bank_Security/status/1146296727349157888
# Reference: https://pastebin.com/QyYHnKMH

derikaosos.info
sinoposdssf.info
statusnim.info
tefidnsops.info

# Reference: https://twitter.com/w3ndige/status/1164148967413878788
# Reference: https://app.any.run/tasks/5b6c027d-dc71-4d67-9dff-9343e8095969/

http://74.118.138.146
109.202.103.170:8733
213.152.161.229:8733
114.26.195.117:443
146.229.67.12:443
154.94.158.126:443
5.188.86.20:443
66.165.187.11:443
gazgrsrto.xyz

# Reference: https://research.checkpoint.com/danabot-demands-a-ransom-payment/

encrypter.webfoxsecurity.com

braksiolsa.top
brekwinarew.site
brukaisloap.club
brukiloapos.xyz
bruksialopws.icu
goskilindad.site
gousikolka.space
guksuoiew.top
gustemiaksa.icu
gustokiloe.xyz
jklfsdkfjhwefjosdf.top
jklfsdkfjhwefjosdf.xyz
kadosjdoaaf6.pw
kadosjdoaf6.pw
kadosjdoafa.pw
kadosjdoiafa.pw
kaosjdoaaf6.pw
kaosutdoaaf.pw
kaosutdoaaf6.pw
kdguwoewpew.pw
kdosjdoiafa.pw
kduwouewpew.pw
kipokahynr.top
kipokahynr.xyz
lidaskiheg.site
lidaskiheg.space
lindakiski.top
lnet4-data.com
maintrump.org
mon-sta.com
muabolksae.club
muoklaiow.xyz
nautorern.xyz
net4-data.com
okjauwbueiws.top
okjauwbueiws.xyz
oneuisopeweh.icu
onueilsndsuywe.xyz
sfjskdjfwoiewwegroup.tech
thegiksjoute.online
thenautorern.tech

# Reference: https://www.virustotal.com/gui/file/baa1a65fc9c1e7e68cd39efd486275b306c5f25a440bc06f9c0adfbd7ede22b6/detection
# Reference: https://app.any.run/tasks/5a323554-ea21-4a2d-a1d6-adff379b8ef9/
# Reference: https://twitter.com/Artilllerie/status/1168539710769303552

149.154.159.213:443
151.236.14.84:443
168.248.43.207:443
172.237.125.185:443
184.98.44.103:443
195.123.246.209:443
23.47.206.127

# Reference: https://twitter.com/ostinjohn/status/1169603418211737601
# Reference: https://app.any.run/tasks/5d945c76-26aa-45bb-8c6d-07cf2a635bdd/

139.113.48.33:443
149.154.159.213:443
149.53.185.172:443
187.198.70.207:443
195.123.246.209:443
2.255.189.191:443
222.175.52.161:443
58.58.210.181:443
81.63.70.192:443

# Reference: https://twitter.com/JAMESWT_MHT/status/1174239640011845638
# Reference: https://app.any.run/tasks/63239269-d5a9-478c-8314-6d67cae2c786/

fepolomokmmas.xyz
mustve.site
seioooi.xyz

# Reference: https://twitter.com/Mesiagh/status/1184533873545359360

bluewaters.space
djeudnsj.xyz
eroutks.co
euiobol.xyz
gontaseesl.website
gontaseonar.site
gontaseopa.site
gontaseopa.website
heuirnst.space
heuirnst.website
jeudnsjkd.xyz
jeudnsju.xyz
jeuisjr.xyz
joskaejw.club
loperatys.site
loreteo.xyz
loretoi.xyz
ujaioep.site
ujaioep.website

# Reference: https://app.any.run/tasks/9c77ec66-4d42-48be-ae11-2c97a9d2e528/

avgsupport.info
esetsupport.info

# Reference: https://twitter.com/w3ndige/status/1189301539535556614

everythingtogeta.xyz

# Reference: https://any.run/malware-trends/danabot (Note: as seen on 2019-12-04)

qxq.ddns.net
thuocnam.tk

# Reference: https://twitter.com/VK_Intel/status/1020236244020867072

http://176.119.1.112
farzona.co
/injj/777.php

# Reference: https://twitter.com/0xFrost/status/1205187802629070853
# Reference: https://www.virustotal.com/gui/file/995378f5a47357f7dc2dab638263cf42ab67f800b82df29d23ab29bb985cd80d/detection

digidimag.com

# Reference: https://twitter.com/K_N1kolenko/status/1209733370013519872

145.249.107.168:443
145.249.107.201:443
145.249.107.78:443
199.247.16.30:443
209.250.243.55:443
luxurylive.org

# Reference: https://twitter.com/Racco42/status/1217763274537754625
# Reference: https://twitter.com/Racco42/status/1217764284383596545

64.188.22.122:443
64.188.22.153:443
64.188.22.154:443
64.188.22.33:443
64.188.23.155:443

# Reference: https://www.virustotal.com/gui/ip-address/89.144.25.174/relations
# Reference: https://www.virustotal.com/gui/file/d37ed2e77d73875a20605a198986b008eb8b4c8bcfb84783b7b0f329ec1a5384/detection

113.102.102.121:443
186.174.47.177:443
89.144.25.243:443

# Reference: https://twitter.com/K_N1kolenko/status/1237322223586852865
# Reference: https://pastebin.com/2HbabLQa

formaulist.com

# Reference: https://twitter.com/K_N1kolenko/status/1240553870633336833
# Reference: https://www.virustotal.com/gui/ip-address/195.123.225.167/relations

digidonaud.com
finburgers.com

# Reference: https://twitter.com/K_N1kolenko/status/1209733370013519872

signin.luxurylive.org

# Reference: https://twitter.com/casual_malware/status/1239687496692387841
# Reference: https://app.any.run/tasks/0473bb63-11bc-4b98-864d-df00082d60cb/
# Reference: https://twitter.com/malwrhunterteam/status/1239628249136758786
# Reference: https://urlhaus.abuse.ch/host/corona-virus-map.net/

corona-virus-map.net
corona-map-data.com
202.195.34.6:443
/map1.jnlp
/map.jar
/mapdata.jar

# Reference: https://twitter.com/luc4m/status/1245750938465378304
# Reference: https://app.any.run/tasks/0f31129d-a473-4cd7-92fa-1ea817950f9e/

123.236.244.164:443
129.255.179.202:443
177.40.161.5:443
185.181.8.49:443
187.237.21.167:443
27.109.5.166:443
28.63.88.50:443
64.188.12.140:443
64.188.19.39:443
78.103.173.2:443

# Reference: https://twitter.com/w3ndige/status/1258128183527956487
# Reference: https://app.any.run/tasks/9448b002-1b67-48f5-beb7-f4ee357abb46/

172.81.129.196:443
192.236.179.73:443
192.99.219.207:443
23.82.140.201:443
45.147.228.92:443
51.255.134.130:443
54.38.22.65:443

# Reference: https://www.virustotal.com/gui/file/adc20c4626d99f2a35d7d58043b9b57946b21485ece1356e223d0b661824d9de/detection

sfsdfpizdatrtu.space

# Reference: https://app.any.run/tasks/e54dcc1c-ff39-41e4-a164-15d15c94414b/

2.56.213.39:443
5.61.56.192:443
5.61.58.130:443

# Reference: https://twitter.com/reecdeep/status/1261206870037008385

post-990094.at
172.81.129.196:443
192.236.179.73:443
192.99.219.207:443
23.82.140.201:443
45.147.228.92:443
51.255.134.130:443
54.38.22.65:443

# Reference: https://app.any.run/tasks/91d61bf3-e8a8-4df6-9c4f-ed087b0563e6/

post-990094.at

# Reference: https://twitter.com/w3ndige/status/1262652047884779521

belayedd.at
