# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: gobrut, marut, stealthworker

# Reference: https://twitter.com/gwillem/status/1125363285883346945

193.57.40.47:8081

# Reference: https://blog.malwarebytes.com/threat-analysis/2019/02/new-golang-brute-forcer-discovered-amid-rise-e-commerce-attacks/

5.45.69.149:7000

# Reference: https://twitter.com/rommeljoven17/status/1126392967986438145

198.245.61.201:7000
94.156.189.176:7000

# Reference: https://twitter.com/VK_Intel/status/1178766622686941184

194.147.32.239:5693

# Reference: https://www.fortinet.com/blog/threat-research/unveiling-stealthworker-campaign.html
# Reference: https://otx.alienvault.com/pulse/5db180ab5034fd0844577b86

109.94.110.24:7000
162.213.249.72:8081
185.180.199.26:8081
185.180.199.26:8085
185.205.209.131:7000
185.206.147.79:7000
190.97.167.130:8081
190.97.167.241:8081
193.109.69.52:7000
193.37.213.69:8086
193.57.40.44:8082
193.57.40.47:8081
194.147.32.239:5693
194.61.24.231:8081
198.245.61.201:7000
2.56.242.128:12568
212.129.52.141:7000
212.73.150.182:7000
37.252.5.154:8081
45.227.255.213:8089
45.89.228.105:28080
46.17.43.23:11679
5.101.0.13:7000
5.188.86.19:6000
5.188.86.29:7000
5.45.69.149:7000
54.39.219.79:8085
69.12.66.194:11679
81.22.45.137:7000
81.22.45.137:8081
85.217.171.124:7000
91.92.128.77:7000
92.63.192.247:8081
92.63.197.158:7000
94.156.189.176:7000
95.211.194.136:7000
formfactset.org
gofermouse.top
linuxserverb.xyz
prioritywirreles.com
sontorap.top
swiftrocky.org
teamsystems.info

# Reference: https://twitter.com/tkanalyst/status/1226125887256416256
# Reference: https://app.any.run/tasks/36f61504-d0ce-4bfe-be53-3f4a21817677/

176.121.14.156:8888
o4s98myt4.top

# Reference: https://www.virustotal.com/gui/file/46204d823592d0586eee168f4b83d2a3d255bd2b1b92c55b9c089ce3c277554f/detection

195.154.232.139:8888

# Reference: https://www.virustotal.com/gui/file/a3bfec359a9f54a10f2660a5587cedd9d9bc7724d4c29aacb4e791b0992ad912/detection

176.121.14.118:8888

# Reference: https://twitter.com/The_d0c_T0R/status/1127233691451891712

88.184.237.14:8888

# Generic

/bots/chkVersion?currVers=
/bots/knock?worker=
/gw?worker=
