# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/MalwareConfig/status/1003675255804751872

commands.control.demo

# Reference: https://twitter.com/MalwareConfig/status/862075209372884993

news.sexxxy.biz

# Reference: https://twitter.com/MalwareConfig/status/817391154698260480

iloveyoustar.no-ip.biz

# Reference: https://twitter.com/MalwareConfig/status/790195481741852672

aysemis.no-ip.info

# Reference: https://twitter.com/Sebdraven/status/1148930721077182466
# Reference: https://app.any.run/tasks/76022ed7-4c80-4512-b62e-dc65759b60bb/

capture.kozow.com

# Reference: https://www.proofpoint.com/us/threat-insight/post/chinese-apt-operation-lagtime-it-targets-government-information-technology

f1news.vzglagtime.net
news.vzglagtime.net

# Reference: https://lab52.io/blog/icefog-apt-group-abusing-recent-conflict-between-iran-and-eeuu/
# Reference: https://otx.alienvault.com/pulse/5e1885c58e7a91cb6b0164e7

95.179.131.29:443
95.179.131.29:8080

# Reference: https://www.threatcrowd.org/malware.php?md5=f9f93e66125819cb5cafc83bb26bb460

hmm.no-ip.info

# Reference: https://www.threatcrowd.org/malware.php?md5=4248dd1a1253e12e9f693d274ce819cf

fastlink455.no-ip.org

# Reference: https://www.threatcrowd.org/malware.php?md5=78c5c2462d9275df58afea2107859efb

majed1243.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=8b4f76c7034ccb3d87a5fbe689cf4a07

ls-id.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=fe90b092042b1b4cd116de17f5479230

blach.zapto.org

# Reference: https://www.threatcrowd.org/malware.php?md5=0cd0eea3e9d332d22c28a5544bd1b8ef

h-07.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=22bb0b4febf0c51b52c7b12719075f97

h-07.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=5fdfc3c59e63dcb079d840f7a3ea5568

nirvana.no-ip.info

# Reference: https://www.threatcrowd.org/malware.php?md5=457a0282f80c0ce3ebc1f4c8443e1ab6

key.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=0ca9514048d59d1f6d430cee4603e3b5

dmar3.no-ip.info

# Reference: https://www.threatcrowd.org/malware.php?md5=1f38570eedfb3ca643dff5b941ebe350

rajy.no-ip.info

# Reference: https://www.threatcrowd.org/malware.php?md5=495a208cd41b76c255d334b6bf7899b4

rajy.no-ip.info

# Reference: https://www.threatcrowd.org/malware.php?md5=6ca50a8bae45431cfc09f640dd70625f

too.no-ip.info

# Reference: https://www.threatcrowd.org/malware.php?md5=711c8c3d7870548fc7ef72699b5a22c0

rajy.no-ip.info

# Reference: https://www.threatcrowd.org/malware.php?md5=cd5b7ef50aa737380dfbd51442965930

too.no-ip.info

# Reference: https://www.threatcrowd.org/malware.php?md5=ff5eab2b5d136d8cf91c981b5f03d8aa

rajy.no-ip.info

# Reference: https://www.threatcrowd.org/malware.php?md5=137909663a8640db7ec8320d7d507581

kingshahrani.sytes.net

# Reference: https://www.threatcrowd.org/malware.php?md5=2744c0ce6e52e162ddab546a6fb09fa9

domain12.no-ip.org

# Reference: https://www.threatcrowd.org/malware.php?md5=36e38cb6903062b2315ef36087f061d0

pauvre01.zapto.org

# Reference: https://www.threatcrowd.org/malware.php?md5=3deda0f9f50f48806d04915dd0d01b48

miladnj78.zapto.org

# Reference: https://www.threatcrowd.org/malware.php?md5=4e73564e31848349160399e70a46b389

spider-iq.zapto.org

# Reference: https://www.threatcrowd.org/malware.php?md5=526d7d7f7d273afdf2949cde45c47500

qet13579.noip.me

# Reference: https://www.threatcrowd.org/malware.php?md5=8f86782122d9eda394144cd006967810

dave2trip.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=b00ed600a30245cf4e942df535cbcea3

dark6.zapto.org

# Reference: https://www.threatcrowd.org/malware.php?md5=bf5325c2b3806855a2ecc53dba2c6791

atp.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=6e521471b7028a1b84b2be99e7aefd30

blaxx3.no-ip.org

# Reference: https://www.threatcrowd.org/malware.php?md5=a591417e9ae4f59ee0f7a21d173c29ad

hacked17.dyndns.org

# Reference: https://www.threatcrowd.org/malware.php?md5=bf263bd2e81fe99b9eea926281a49906

danieldel3.no-ip.info

# Reference: https://www.threatcrowd.org/malware.php?md5=f24fbeaf4c557beeddb090fd63526a43

danieldel3.no-ip.info

# Reference: https://www.threatcrowd.org/malware.php?md5=fb45f51d7b407c893d5af1cd3467af35

idmser.opendns.be

# Reference: https://www.threatcrowd.org/malware.php?md5=6e521471b7028a1b84b2be99e7aefd30

blaxx3.no-ip.org

# Reference: https://www.threatcrowd.org/malware.php?md5=fb45f51d7b407c893d5af1cd3467af35

idmser.opendns.be

# Reference: https://www.threatcrowd.org/malware.php?md5=ae61cfe210ec4ae41da237bd088cd84b

marnet.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=f580eaac62c3b14e3992de9821c55980

bah1.no-ip.org

# Reference: https://www.threatcrowd.org/malware.php?md5=075a7f40be9ae6b149355a1022b44638

easyconnect.no-ip.org

# Reference: https://www.threatcrowd.org/malware.php?md5=0ed5c089f128748dd890d8c75fe7ff13

http-taz.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=4b7a89c17fccdb13b1927179e4349196

manso-yassine.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=560723bb73a9ea83778e5f871f73cb73

smr100.dyndns.org

# Reference: https://www.threatcrowd.org/malware.php?md5=6a3d7c834ddac614c74b7e05b93c8b5d

checkspeed.no-ip.org

# Reference: https://www.threatcrowd.org/malware.php?md5=6ba9d92c56ec4c444de169c16f7d21e3

zayan4.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=78ef837a5495af44546b0c2ab989bf60

jessenotsure.no-ip.com

# Reference: https://www.threatcrowd.org/malware.php?md5=828c2137d3077c7e1aa1b88774200a44

drman.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=94cab99283b9d0e6ac3d3369789bdd71

wqehn4r.zapto.org

# Reference: https://www.threatcrowd.org/malware.php?md5=dd4892b759a7d659fbf01ddbcfa844ae

danzo.no-ip.org

# Reference: https://www.threatcrowd.org/malware.php?md5=075a7f40be9ae6b149355a1022b44638

easyconnect.no-ip.org

# Reference: https://www.threatcrowd.org/malware.php?md5=0ed5c089f128748dd890d8c75fe7ff13

http-taz.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=276bd2dfa83e7bdf4533c9070d2ab4c7

cem2308.no-ip.org

# Reference: https://www.threatcrowd.org/malware.php?md5=3514f5c6e5b49a211b6be95e728afbd1

msho.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=a9c726273ae7057e16810f7a220b2514

cxs.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=3514f5c6e5b49a211b6be95e728afbd1

msho.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=a9c726273ae7057e16810f7a220b2514

cxs.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=02d997ec8c50477c728af5575003006f

lovelove5.no-ip.info

# Reference: https://www.threatcrowd.org/malware.php?md5=5c599b96be183fe098183bdd62884a7e

impacker.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=80766bdbcc564899fde7993b01469cb2

misvictimas.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=80766bdbcc564899fde7993b01469cb2

misvictimas.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=80766bdbcc564899fde7993b01469cb2

misvictimas.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=d0f56aae2f35e289fef87d06c27efa86

r00thackzor.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=3b8d70a017856e7d4f4beaec9e929098

kaj.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=083e4c63494f417aac671a24cd868de3

zo0o0o0z.no-ip.info

# Reference: https://www.threatcrowd.org/malware.php?md5=092aa2c4bef0429e2f651377e3302ddc

qu90.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=139fcd22b2b58c9c8004969faa945e09

bymardinli4747.no-ip.org

# Reference: https://www.threatcrowd.org/malware.php?md5=142ff54833bd089aa4764c63d570df6a

hakalutschi.dyndns.org

# Reference: https://www.threatcrowd.org/malware.php?md5=1a3906e423c0747811f506ed50bebcdc

infotime.no-ip.info

# Reference: https://www.threatcrowd.org/malware.php?md5=276bd2dfa83e7bdf4533c9070d2ab4c7

cem2308.no-ip.org

# Reference: https://www.threatcrowd.org/malware.php?md5=278007720c975a78df870fc4fa5d5a8d

kjhk.zapto.org

# Reference: https://www.threatcrowd.org/malware.php?md5=3cef56cfaa3066f47b4bcf11ba5382cc

sce-kap.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=7ce0c92797db244715a719ed708dfa7d

qu90.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=ca19e6b3eec02e6b16594df23f44cd2b

mybadthing.dyndns.com

# Reference: https://www.threatcrowd.org/malware.php?md5=560de5dcc7cca55ea3c09995fc9f87ea

fucklife.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=e577fdce46b7e338c7caf3c9f64542a7

ilkkan.no-ip.org

# Reference: https://www.threatcrowd.org/malware.php?md5=d7396bb575c36a7b838ccd88b261a7fc

00-xx-00.no-ip.info

# Reference: https://www.threatcrowd.org/malware.php?md5=44891f1f7a9b5b362c5a774dd1e4a636

mnmkmlmn1122.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=7a9ae8b37e1776bbbb09df82d607986e

g79.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=9fd54d42830d9e47c0e2a3d0fecef5ba

break-your-neck.no-ip.biz

# Reference: https://www.virustotal.com/gui/file/17aa3691a7f9f48ef05fadc7b6d34d21776e7dc723365648cce88e20782a62c0/detection

myhost18244-31939.portmap.io

# Reference: https://www.virustotal.com/gui/file/335a52db5b4a1a2927394e859dead515dce43b5661f938faa010d19cc12381b1/detection

darknosora.no-ip.org

# Reference: https://www.virustotal.com/gui/ip-address/58.158.177.102/relations

rdvfdfsh365243.no-ip.biz

# Reference: https://www.virustotal.com/gui/ip-address/58.158.177.102/relations

wolffox.no-ip.biz

# Reference: https://www.virustotal.com/gui/file/2f59b4990b38f840230c9bbe7665eff175bf42e7ad36e45601fbbaf2e4be9580/detection

58.158.177.102:3460
romancy2005.no-ip.biz

# Reference: https://www.virustotal.com/gui/domain/roro326.no-ip.info/relations

roro326.no-ip.info

# Reference: https://www.virustotal.com/gui/domain/masta-flow94.no-ip.biz/detection

masta-flow94.no-ip.biz

# Reference: https://www.virustotal.com/gui/file/8bbb1edf94824fd591f2bf25cb6f6f884da6883b7e51474ec05d4686f7b78522/detection

updatee.servegame.com

# Reference: https://www.virustotal.com/gui/file/b40628907f2d628f5567b3d46770a803edcb2bc0f85f1acbc2f605e86ef97386/detection

monttanarokabores.servehttp.com
ilinariosondakota.zapto.org
shoplahohanoda.zapto.org
lupipasokondera.servehttp.com

# Reference: https://www.virustotal.com/gui/file/272d82b011d7225658ccabbf4a066e7e4e479c224dc1b0a60d328c3e2bd5bf68/detection

58.158.177.102:3462

# Reference: https://www.virustotal.com/gui/file/9a514687139950fba7e8600b01cd7b6907a0aeb759bfdd1f15f8ec308a605591/detection

58.158.177.102:3330

# Reference: https://www.virustotal.com/gui/file/337cf21e800948502ba83d42d93213271743c50e23b10630320ad7937ef4afc4/detection

58.158.177.102:81
t9876.sytes.net
