# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.fireeye.com/blog/threat-research/2015/12/latentbot_trace_me.html

remotesupport.aariverside.com
office.ontimedatasolutions.com
estream.homelinux.com
sba-vig.vig.pl
sba2-vig.vig.pl
itmanager.maspex.com
gate.spacesoft.kr
supremogw2.nanosstems.it
cmc.counterp.com
dataroad.iptime.org

# Reference: https://twitter.com/OttoScav/status/1150816480432459776

http://18.218.52.120
floresbelasflore.online

# Reference: https://twitter.com/BroadAnalysis/status/796379886738874368

http://104.232.39.109

# Reference: https://twitter.com/tmmalanalyst/status/796650651631505408

http://108.61.186.143

# Reference: https://twitter.com/malware_traffic/status/856924240158896128

http://37.72.175.221

# Reference: https://twitter.com/JAMESWT_MHT/status/1233304373394014209
# Reference: https://app.any.run/tasks/1ab4fd49-b2cd-4594-becc-1526f33b495a/

23.81.246.246:6260
35.180.191.157:443

# Reference: https://twitter.com/casual_malware/status/1235056986762309634

http://3.136.20.196

# Reference: https://twitter.com/casual_malware/status/1235379921616240640

35.180.191.157:443
45.147.229.21:1942

# Reference: https://twitter.com/malwrhunterteam/status/1238045857527840769
# Reference: https://www.virustotal.com/gui/file/dd4e0a45af01b740dd516db513e8eccc47b7c7efc8da10fc9ce05029118459a6/detection

http://45.147.228.82
144.208.127.96:4548
45.147.228.82:44562

# Reference: https://www.virustotal.com/gui/ip-address/168.62.217.235/relations

http://168.62.217.235

# Reference: https://www.virustotal.com/gui/file/6d895905107555a59600ea6bae6cb3392d758654a7258cb70f3d40fc16eafc8f/detection

http://167.114.179.73
167.114.179.73:12129

# Reference: https://www.virustotal.com/gui/ip-address/160.20.147.130/relations

http://160.20.147.130
160.20.147.130:1942
160.20.147.130:1948

# Reference: https://www.virustotal.com/gui/ip-address/146.71.87.161/relations

http://146.71.87.161
146.71.87.161:4921
146.71.87.161:9141

# Reference: https://www.virustotal.com/gui/ip-address/45.147.231.27/relations

http://45.147.231.27
45.147.231.27:1942

# Reference: https://twitter.com/JayTHL/status/1243263282963714049

167.114.179.73:9093

# Reference: https://www.virustotal.com/gui/ip-address/52.171.138.139/relations

http://52.171.138.139

# Reference: https://www.virustotal.com/gui/ip-address/144.208.127.96/relations

http://144.208.127.96
144.208.127.96:4548
144.208.127.96:7197

# Reference: https://twitter.com/ScumBots/status/1243605306262855681

http://45.147.231.94
45.147.231.94:1942

# Reference: https://www.virustotal.com/gui/ip-address/52.172.31.99/relations

http://52.172.31.99

# Reference: https://twitter.com/ScumBots/status/1245010065792344069

45.147.231.37:1948

# Reference: https://twitter.com/baberpervez2/status/1252754482548617216

http://13.77.122.15
http://3.134.118.103

# Reference: https://twitter.com/JAMESWT_MHT/status/1255412539317465088

192.236.147.100:51224
192.236.147.100:1950

# Reference: https://app.any.run/tasks/8dc4772c-0619-456c-86da-4cf946230712/

192.236.147.100:1950
192.236.147.100:51224

# Reference: https://app.any.run/tasks/0def6418-2cf6-4ac7-a53f-12ec4b6871eb/

http://152.67.44.175
152.67.44.175:9010

# Generic

/$rdgate
/A3A39HFYUV8HS5D.php
/gkidofull.iso
/blkoiunder.iso
