# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.fortinet.com/blog/threat-research/circle-of-the-fraud-more-information-about-bitcoin-orcus-rat-campaign.html

adobe.br.com
bitcolntalk.com
bitcolntalk.org
bltcointalk.com
bltcointalk.org
bltcolntalk.com
bltcolntalk.org
githvb.com
qithub.org
qunthy.org
wcx.nz
wex.ac.nz
wex.ms

# Reference: https://twitter.com/oguzpamuk/status/1165739004974817280
# Reference: https://app.any.run/tasks/bc90ea8c-24fd-43d1-a831-2246eca40e32/

65.49.81.174:1337

# Reference: https://twitter.com/JayTHL/status/1188666712813719552
# Reference: https://www.virustotal.com/gui/ip-address/176.227.191.12/relations
# Reference: https://www.virustotal.com/gui/file/ab27de99f9af5b25c51a452734624d275be3f375acb8e2e196753f58edd7ff61/detection

176.227.191.12:1337
176.227.191.12:8080
fbkw.tk
glared.ga
kekw.tk

# Reference: https://www.virustotal.com/gui/file/246ed49ede850eaafddff2794415bb71eca90238b8c3ef7969f2a2d9247761a5/detection

176.227.191.12:10134

# Reference: https://www.virustotal.com/gui/file/ba6ac57263f886ec57dbc7d91705bc997a6ee9e0e4753bb1e28036245fa5d954/detection

176.227.191.12:1564

# Reference: https://www.virustotal.com/gui/file/abbf1a3dc2074173f0679edbc25b7e835a799684151f4f5ceb2174515a30f2b6/detection

176.227.191.12:2002

# Reference: https://www.virustotal.com/gui/file/a83458a20fa9f2dd5f58d8bb0b08f9e3c64640b4898d14d4f1494130b9ef2357/detection

176.227.191.12:6666

# Reference: https://www.virustotal.com/gui/file/84a550cd5c0ab129a3e7ddf222e6e20b30e8126abf297d1765c17ef079c8ca9e/detection

176.227.191.12:7007

# Reference: https://twitter.com/JayTHL/status/1199555057513046017
# Reference: https://www.virustotal.com/gui/file/49bd78001249923b28dc30e6c52e121fea38fb58f29c15968379488b4de53c30/detection
# Reference: https://www.virustotal.com/gui/file/fc04d2256cdf30a4fcf5eba79c9d451e3e3d20ba01740edce82c0fe697ffa191/detection

6.6.6.6:5631
warfram3client.duckdns.org

# Reference: https://www.virustotal.com/gui/file/f1e09e33334341d3a91e93a1cf44d5c4d7ac420c5e7a1b7d608b6388174de1d0/detection

154.234.192.165:500

# Reference: https://twitter.com/JAMESWT_MHT/status/961905004960468992
# Reference: https://app.any.run/tasks/d8405f6a-e8a5-45e0-abd2-c7fa5ec899ec/

stinkletjet.me

# Reference: https://twitter.com/James_inthe_box/status/948880929342173184

88.150.189.98:9989

# Reference: https://twitter.com/James_inthe_box/status/913131729233133568

212.83.170.126:2325

# Reference: https://www.fortinet.com/blog/threat-research/a-peculiar-case-of-orcus-rat-targeting-bitcoin-investors.html
# Reference: https://www.virustotal.com/gui/file/6554fabddabac2b14cb3209393a13471e7fe985750f1a9a8f030d1ebbc8dff35/detection

172.111.160.213:10134

# Reference: https://www.virustotal.com/gui/file/851f5ea787e9a287880c4a6d05c57e1014605e9a42bae5e3cf770fcd0fe8fb3a/detection

192.69.169.25:10132
ssniper.duckdns.org

# Reference: https://www.virustotal.com/gui/file/bf9bb8e1d8bf2de2b73ae7c8e8c5c58083ebe55b0981364e4b976260b3880350/detection

162.200.139.146:1337
voltaire.zapto.org

# Reference: https://www.virustotal.com/gui/file/14eb56236bfd39bd8f7cf62c1ec4d50aeaac64d1e17ebf6772a3c259959e0bbb/detection

162.200.139.146:1604

# Reference: https://www.virustotal.com/gui/file/a7d7820eb3ac86718b610030e814fc10da5bc9e5612f35a640e797e23fba6ca4/detection

mistervoltaire.duckdns.org

# Reference: https://www.virustotal.com/gui/file/11f1090f1ae7cf8bb9a811f7eb6e1f18d33bd44d639e06e031d0ba071eaabd23/detection

185.101.92.3:1919

# Reference: https://www.virustotal.com/gui/file/05040a3af990ed78d087cbaa1e29220f2810b200ce6a0db37dfe869c93381379/detection

104.244.75.220:9340

# Reference: https://www.virustotal.com/gui/file/933dc2ab7637ebaa57187cd43b1ea700499ea53a0e2e5ef7c768b0d43833532b/detection

193.56.28.134:2222

# Reference: https://app.any.run/tasks/5308b1f1-fc1d-41df-9a51-36d9f209caba/

13.68.91.206:9337

# Reference: https://www.virustotal.com/gui/file/48be5ae5cb8e6155352d0936f4785d3da1c1e2a8d0f86f14b240627b378f3a56/detection

66.26.181.172:10134

# Reference: https://www.virustotal.com/gui/file/3fea35061269dd2ecfd1a3561d6490df0586584fd7273510da3602359128e9cf/detection

185.114.225.60:1337

# Reference: https://www.virustotal.com/gui/file/352d043e9d06d67fbc5250dd1183edf4b6b6efc72c86584ab1af183034e345c2/detection

104.128.234.104:1337
takethei.duckdns.org

# Reference: https://www.virustotal.com/gui/file/f456d4d5a9233fd787622e0827eeaf5a945e1a808de5312fb57fe4d8feaacecc/detection

45.76.57.32:1337

# Reference: https://www.virustotal.com/gui/file/906f097c2e91c5fafcc8a4d5b480e6cb89d45977d799615a68d6f0689e6c3a52/detection

185.198.26.245:1337

# Reference: https://www.virustotal.com/gui/file/65f750af58456ce7ff79936dba02c53bb4802f0c9acd81e7e37039a21ed06063/detection

206.189.192.66:1337

# Reference: https://www.virustotal.com/gui/file/802f6b02bcfe6cb847a055acdceb8ce3caf1cee6a42ea82baa13e510288bca0d/detection

185.198.26.245:1337
192.169.69.25:1337

# Reference: https://www.virustotal.com/gui/file/6df589eb6933aecc36c73ec13878188843ff7ea2754dc4e05906846524ee99d5/detection

51.68.92.105:1337
1337hax0rs.hopto.org

# Reference: https://www.virustotal.com/gui/file/72a9bcb559629c758cbc4da43d78ff0402eee8b1037534fd50d9c5c9435b8f67/detection

185.114.225.60:1337
51.68.81.247:1337

# Reference: https://www.threatcrowd.org/malware.php?md5=2777e5b529531cb2ce4dfaf51e029cc1

menusbyxarva.tk
menusbyxarva.ga
menusbyxarva.ml
menusbyxarva.cf

# Reference: https://twitter.com/abuse_ch/status/1233659527989325825

35.192.205.70:6969

# Reference: https://www.virustotal.com/gui/file/aa43e982c2852d515224124f835c5222895525d4dfba78215dfab38421448197/detection

196.89.40.35:3365

# Reference: https://www.virustotal.com/gui/file/713111b19f47264a55f126daeb8e0cdcfa477caad3c62dafceb6dfb726a9b858/detection

91.218.65.24:3333

# Reference: https://www.virustotal.com/gui/file/4491b49ec07c3c0cb02ce71fe84f42dc3f51e31d37d2773d81a64c27fa266076/detection

91.218.65.24:10134

# Reference: https://www.virustotal.com/gui/file/0f788b53c047325fa4478a4e35532547fb4e6f16c14d9b7bc6d7eb2606faa25e/detection

91.218.65.24:5634

# Reference: https://www.virustotal.com/gui/file/dd746a6d73f73034d24ae56938ad02370bbdade419c2bfe7cebba1efb9c29072/detection

91.218.65.24:1337

# Reference: https://www.virustotal.com/gui/file/10f9c60cae4b545950b7c92893d5c163f5a7d961346f2b3e9f3cc98069e509db/detection

91.218.65.24:7777

# Reference: https://www.virustotal.com/gui/file/edf5f9bb676e7108c411eed1c1cd1cd322621b7f874b67dc585828dc9d9c5214/detection

140.82.57.249:9876

# Reference: https://app.any.run/tasks/4348840b-74d2-4a36-8b4f-30f7c5c78ac4/

193.161.193.99:40601
nickman12-40601.portmap.io
