# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: korat, lsslogger, remcos

# Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Remcos-G/detailed-analysis.aspx

remcos.legacyrealestateadvisors.net
remcos2.legacyrealestateadvisors.net

# Reference: https://blog.talosintelligence.com/2018/08/picking-apart-remcos.html

dboynyz.pdns.cz
streetz.club
mdformo.ddns.net
mdformo1.ddns.net
vitlop.ddns.net
ns1.madeinserverwick.club
uploadtops.is
prince.jumpingcrab.com
timmason2.com
lenovoscanner.duckdns.org
lenovoscannertwo.duckdns.org
lenovoscannerone.duckdns.org
google.airdns.org
civita2.no-ip.biz
pimmas.com.tr
mervinsaat.com.tr
samurmakina.com.tr
paulocamarao.com
midatacreditoexperian.com.co
lebontour.com
businesslisting.igg.biz
unifscon.com

# Reference: https://twitter.com/MaelSecurity/status/1036551872008605696

test200.dynu.net

# Reference: https://twitter.com/ps66uk/status/1040576968750706689
# Reference: https://www.virustotal.com/#/ip-address/185.163.100.45

gclarke77.gotdns.ch
gclarke7.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1040620171692466176

yvonne.ddns.net

# Reference: https://twitter.com/avman1995/status/1040472512356855808

top.taijh.xyz

# Reference: https://twitter.com/Racco42/status/1040154199592509440

auxlorenagomez.ddns.net

# Reference: https://twitter.com/luc4m/status/1021670673247285248

worldwide.weldwire.top

# Reference: https://twitter.com/luc4m/status/1019948492947709953

gatewayglobal.strangled.net

# Reference: https://twitter.com/James_inthe_box/status/1018792273574678528

http://185.62.190.232

# Reference: https://twitter.com/ps66uk/status/1046900765493739520

menaxe.duckdns.org

# Reference: https://www.cyren.com/blog/articles/fake-invoice-carries-rescoms-malware-targeting-businesses-globally

infocolornido.publicvm.com

# Reference: https://twitter.com/ScumBots/status/1051360120834265088

satan969.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1044204804354957312

ddns.njegidi888.xyz

# Reference: https://twitter.com/Racco42/status/1027883312252108800

2419.damnserver.com
2419.duckdns.org
2419.geekgalaxy.com
2419.health-carereform.com
2419.pgafan.net

# Reference: https://twitter.com/Jan0fficial/status/986580332135829506

remrem.onmypc.net

# Reference: https://twitter.com/Jan0fficial/status/975661898363559937

emilylatta411.servehttp.com

# Reference: https://twitter.com/James_inthe_box/status/939146342357536768/photo/1

gemalto788.ddns.net

# Reference: https://twitter.com/Racco42/status/1054384363524235264

eskimoz.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1102437794025295872

112.204.228.252:2323

# Reference: https://www.cert-pa.it/notizie/analisi-del-malware-remcos-veicolato-tramite-packer-delphi/

pekniecza.hopto.org

# Reference: https://twitter.com/dvk01uk/status/1108949343074054144
# Reference: https://app.any.run/tasks/5e5404b2-4018-4da4-a6a3-19465fa7cc9c

185.244.29.73:6767

# Reference: https://twitter.com/malwrhunterteam/status/1111352801693782016

castelfable.duckdns.org

# Reference: https://twitter.com/malwrhunterteam/status/1104327117309968384

infosblogwar.duckdns.org

# Reference: https://twitter.com/James_inthe_box/status/1098553609375993856

194.68.59.41:1956

# Reference: https://twitter.com/pollo290987/status/1083401581670875136

194.5.98.173:7081

# Reference: https://twitter.com/ps66uk/status/1062514051165704192

argonsa.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1060547624418168839

cjmoney.duckdns.org

# Reference: https://twitter.com/ps66uk/status/1049011930411794432

185.148.241.58:2442

# Reference: https://twitter.com/FewAtoms/status/1104355364391305216

196.127.74.118:2402

# Reference: https://twitter.com/Racco42/status/1088469487387664384

utchmann.bounceme.net

# Reference: https://twitter.com/pancak3lullz/status/1075888625261387777

info1.duckdns.org
185.244.30.126:5552

# Reference: https://twitter.com/James_inthe_box/status/1063118942095331328

449ers.ddns.net

# Reference: https://twitter.com/Jan0fficial/status/986580332135829506

remrem.onmypc.net

# Reference: https://twitter.com/Jan0fficial/status/975661898363559937

emilylatta411.servehttp.com

# Reference: https://twitter.com/ViriBack/status/971430374919122944

top.carolp1.xyz
185.62.189.72:1992

# Reference: https://twitter.com/pollo290987/status/963073970542129152

jerryemperror2.punkdns.top

# Reference: https://twitter.com/avman1995/status/960419643704913920

obereagu.ddns.net

# Reference: https://twitter.com/Antelox/status/884773449520095232

178.73.210.233:100

# Reference: https://twitter.com/makflwana/status/1104376804293263360
# Reference: https://app.any.run/tasks/8149d283-b550-4b31-9adf-4b4c85962e7d

juanbouyant.ddns.net

# Reference: https://twitter.com/x42x5a/status/1114133426708340736

prueba00223.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1115258819473317888

triggerd.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1121754056517537792

winsec.ddns.net
46.246.86.67:2606

# Reference: https://twitter.com/dvk01uk/status/1123210727483957248
# Reference: https://app.any.run/tasks/0e57a079-57d4-4c2d-8e01-82d316ac2d55

ablegod.hopto.org
79.134.225.6:6691

# Reference: https://github.com/edchavarro/RAT_IoCs

lacoste587.lacoste587.agency
dsquared21.dsquared21.rocks
hugoboss01.hugoboss01.store
luisvuitton.luisvuitton.tech
supreme12.supreme12.recipes
automovil1.peugeot10.cc
comida2.kfc52.club
auto14.wolsvagen7.mobi
telefonia1.telcel75.asia
consola2.nintendo3.life
microsofteup.pdns.cz
lexusempresa.100chickens.me
mojarracompany.pdns.cz
camilo6541.pdns.cz
balvinnew.100chickens.me
mercadolibre.pdns.cz
ebayeup.pdns.cz
antonio6532.pdns.cz
daniel6536.pdns.cz
181.57.221.10:4450
181.57.221.10:4452
181.57.221.10:4851

# Reference: https://twitter.com/pancak3lullz/status/1009524847314194434

185.209.85.75:7921

# Reference: https://twitter.com/suyog41/status/1129322130078916608
# Reference: https://www.virustotal.com/gui/file/817e345ac4e63947b592e28774c71c4a01d7c0f2005324b028871e0dedd7c4ef/detection

bego.hopto.org

# Reference: https://twitter.com/HerbieZimmerman/status/1131977968950099968

185.244.31.137:6666

# Reference: https://twitter.com/James_inthe_box/status/1132292966062518272

manihackz.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1132294012100960257

amanihackz.ddns.net

# Reference: https://twitter.com/ffforward/status/1133631211337912320

mgc2.hopto.org

# Reference: https://twitter.com/dvk01uk/status/1133667461335801857
# Reference: https://app.any.run/tasks/5c919ea0-0f27-481a-af41-42057d090096/

185.244.31.137:6767

# Reference: https://twitter.com/dvk01uk/status/1134014391249252357
# Reference: https://app.any.run/tasks/8d26c7f7-70bc-40c7-bfe2-b664d555054b/

185.244.31.34:6868

# Reference: https://www.malware-traffic-analysis.net/2017/12/22/index.html

darlz.freeddns.org
185.62.190.214:1695

# Reference: https://twitter.com/anyrun_app/status/1138078003815206912
# Reference: https://app.any.run/tasks/2aa81217-cd73-41af-901b-d578b5bbf041/

13.250.1.111:1986
13.250.1.111:1992
194.67.209.128:1992
194.67.209.128:7707
216.38.8.168:1986
216.38.8.168:7707

# Reference: https://twitter.com/James_inthe_box/status/1139839056748011520

xcv87xcv7xc7sd5f67s5dxc67vxdsfwe342.publicvm.com

# Reference: https://twitter.com/James_inthe_box/status/1139881993607380993

stainlessplc.ddns.net
184.75.209.163:6799

# Reference: https://twitter.com/dvk01uk/status/1141314328362176512
# Reference: https://app.any.run/tasks/8f80f415-a02e-451b-9797-96a3d03c793d/

185.247.228.199:6868

# Reference: https://twitter.com/x42x5a/status/1142113259044179968

jaybaba2.bounceme.net

# Reference: https://twitter.com/James_inthe_box/status/1142187271283548160

91.189.180.203:3480

# Reference: https://twitter.com/x42x5a/status/1142436174755192833

cemileorucs.ddns.net

# Reference: https://twitter.com/DbgShell/status/1143669818652069894

vubhijk.duckdns.org

# Reference: https://twitter.com/gorimpthon/status/1144186368483975168
# Reference: https://app.any.run/tasks/e5283183-af56-4628-bff3-b12572b43896/

185.247.228.99:1998
terrymamela.ddns.net

# Reference: https://twitter.com/reecdeep/status/1145646210398773249
# Reference: https://app.any.run/tasks/e89b3c70-50a6-421a-b639-299a918e147c/

jerryo.duckdns.org
185.247.228.236:8815

# Reference: https://pastebin.com/S4ggik78

du4alr0ute.sendsmtp.com

# Reference: https://twitter.com/killamjr/status/1154121304213094401

talkmess.dns-cloud.net

# Reference: https://twitter.com/Racco42/status/1157207083382652928

newrr.duckdns.org

# Reference: https://twitter.com/Racco42/status/1157242080932089856

191.101.150.90:2950

# Reference: https://blog.talosintelligence.com/2019/08/threat-roundup-0726-0802.html (# Win.Malware.Remcos-7089920-1)

abeasinf.duckdns.org
remsalvados2019.duckdns.org

# Reference: https://twitter.com/killamjr/status/1161983614197936128

185.244.31.32:2404

# Reference: https://twitter.com/James_inthe_box/status/1148692646942015488
# Reference: https://twitter.com/killamjr/status/1167454907676467201
# Reference: https://app.any.run/tasks/1c8c17b6-2628-4a06-8c2a-deb889e3e010/

185.244.31.96:3090
top.subaroone.waw.pl

# Reference: https://twitter.com/reecdeep/status/1163796233363906560
# Reference: https://app.any.run/tasks/e990631e-57b0-49db-b0b0-750dc33927dc/

185.244.31.26:6265
safer.ddns.net

# Reference: https://twitter.com/wwp96/status/1163788636036501504

evergraced.ddns.net

# Reference: https://twitter.com/Paladin3161/status/1164517058672906241

daya4659.ddns.net

# Reference: https://twitter.com/killamjr/status/1165459331912888320
# Reference: https://app.any.run/tasks/211498a3-95a8-44ee-a87b-25cdac3d8edc/
# Reference: https://www.virustotal.com/gui/file/6b32d6a32540884c3fb1a195b32b02aec9dd06797c464dee1c02bbb6ee97ffd1/detection
# Reference: https://twitter.com/killamjr/status/1168575703656189952
# Reference: https://app.any.run/tasks/346f19a6-7cd8-4da7-b7ba-76651bc540f1/

193.56.28.241:4444
193.56.28.241:8888
23.105.131.202:8888
crackme.hopto.org
noface55.kozow.com

# Reference: https://twitter.com/oguzpamuk/status/1166293812714659841
# Reference: https://app.any.run/tasks/d069fcb1-1c81-4f87-97bc-d4afb40a06e7/
# Reference: https://twitter.com/Racco42/status/1168449724724084737

193.56.28.173:2404
95.216.17.186:2404
23.105.131.169:2404
rownip.3utilities.com
rownip.dyndnss.net
rownip.theworkpc.com

# Reference: https://twitter.com/ps66uk/status/1167016794260946944
# Reference: https://app.any.run/tasks/121e7cd1-6954-44be-a1b4-825c2615c11c/
# Reference: https://www.virustotal.com/gui/file/15b83a6155f1aba3acb68e4ecb475bb742790b82de364d1df4dd918a31f7872e/detection

79.134.225.48:3765
79.134.225.86:3765
79.134.225.87:3765
79.134.225.89:3765
remcoss.onmypc.org

# Reference: https://twitter.com/de_aviation/status/1097547526763433985

du4alr0ute.sendsmtp.com
helloweenhagga.ddns.net
hhlari.ddns.net
moneybag123.ddns.net
revengerx111.sytes.net

# Reference: https://twitter.com/malware_traffic/status/1169050682386763776

37.19.193.217:2404
37.19.193.217:2405

# Reference: https://twitter.com/KorbenD_Intel/status/1169996681259245569

charlesremcos.duckdns.org

# Reference: https://twitter.com/wwp96/status/1170314034564018180

uaeoffice999.warzonedns.com

# Reference: https://twitter.com/wwp96/status/1170332469960331266

66.154.113.142:2404
jkharding2014.myddns.rocks
tomharry.ddns.net

# Reference: https://twitter.com/wwp96/status/1170334923892371459
# Reference: https://app.any.run/tasks/e2340ee4-ba30-44ec-b748-1d625e65db63/

79.134.225.77:2019
gratefulheart.ddns.net

# Reference: https://twitter.com/wwp96/status/1171448440535973888
# Reference: https://app.any.run/tasks/fcbb836f-7ade-44f1-bbeb-9c7d9047fbe1/

185.4.29.140:24009
inf111.ddns.net
inf111.hopto.org

# Reference: https://twitter.com/luc4m/status/1171783171677065217

charstiago6.dynu.net

# Reference: https://twitter.com/DynamicAnalysis/status/1172221575376134144

79.134.225.105:3368
sub2.haircaresupertouch.waw.pl

# Reference: https://twitter.com/dvk01uk/status/1176383495339483136

217.20.114.220:1010
myhousedubem.ddns.net

# Reference: https://twitter.com/VK_Intel/status/1176933671389081601

79.134.225.101:1188
sciano.duckdns.org

# Reference: https://twitter.com/Racco42/status/1179472593927200774
# Reference: https://twitter.com/Racco42/status/1179880257438003200
# Reference: https://www.virustotal.com/gui/ip-address/185.105.236.187/relations

185.105.236.187:5001
cepastr.ddns.net
manafuuh.ddns.net
teryts1802.sytes.net
updatechrome.duckdns.org

# Reference: https://twitter.com/VK_Intel/status/1179782506465366020

ulnews.duckdns.org

# Reference: https://twitter.com/Dashowl/status/1179833764651962369
# Reference: https://app.any.run/tasks/e38aa085-4cc2-43e6-befe-0b4d5caeb0b6/

204.152.219.70:5731
abundantgrace1.ddns.net

# Reference: https://app.any.run/tasks/9bfe4193-bfea-4523-be81-68953435e7b7/

181.215.247.18:2404

# Reference: https://twitter.com/MalwareConfig/status/1180886611602612224
# Reference: https://malwareconfig.com/config/daca573a51e9b080e2f3f6303611ee83

160.116.15.149:35364
henryofonyiri.ddns.net

# Reference: https://twitter.com/killamjr/status/1180968029858910209
# Reference: https://app.any.run/tasks/f9985b06-08a9-41dd-b2d4-d051e02f8c08/

137.116.73.45:2404
reneelauto.ddns.net

# Reference: https://twitter.com/teoseller/status/1179318648718188545
# Reference: https://www.virustotal.com/gui/file/550baa07a33c62d24636d672c5a0973dbb1babc8ddc75e434d316ece595296f6/detection

185.81.157.41:2404
santzo.warzonedns.com

# Reference: https://app.any.run/tasks/cb0e97af-6122-4181-87e5-842dedde0d77/

178.239.21.116:1795

# Reference: https://app.any.run/tasks/7634c4dc-dee9-41e0-a2c0-32b4ef3d1885/

213.184.126.134:1337

# Reference: https://twitter.com/P3pperP0tts/status/1181578274394251264
# Reference: https://www.hybrid-analysis.com/sample/47232b513efbd2c6fcd3dd1778aa00ca018710c8afd597d238ab1c94433747c4/5d9c9ed50288383e19febfe6

185.158.249.88:2404

# Reference: https://twitter.com/killamjr/status/1183421884794204160
# Reference: https://app.any.run/tasks/deed1a67-8d99-4e3c-9e87-5e63c39cb4c6/

top.intelprovidejordan.waw.pl

# Reference: https://github.com/edchavarro/RAT_IoCs/blob/master/README.md (# Remcos section)

181.57.204.130:4452
46.246.82.66:2000
bolso.gucci12.cc
celularmovil.huawei10.digital
consola2.nintendo3.life
consolajuego.nintendowii12.email
telefonia.claromovil1.work
tennis1.adidas3.tech

# Reference: https://any.run/report/613f437f01744740c4e96d84c970c51128929fcdaa1a9d7e31a1ee063bf49f8e/3ae8d7b9-9a47-4ac4-b564-96510dc901d7

185.217.1.173:2404
algheithcompany.duckdns.org

# Reference: https://twitter.com/smica83/status/1186542376355094529

91.189.180.214:7890

# Reference: https://twitter.com/killamjr/status/1188630140076658690
# Reference: https://app.any.run/tasks/a9de27e3-1bdc-43e9-8349-25bbe9c6cd90/

192.169.69.25:8077
redditmercy.duckdns.org

# Reference: https://twitter.com/James_inthe_box/status/1189251481943363586
# Reference: https://pastebin.com/H5UqcHv1

37.19.193.217:2398
toptoptop2.online
toptoptop2.site
toptoptop3.online
toptoptop3.site

# Reference: https://twitter.com/James_inthe_box/status/1189202165161529344

79.134.225.95:4050
79.134.225.95:6080
mnx.duckdns.org

# Reference: https://twitter.com/w3ndige/status/1189301538142990339
# Reference: https://app.any.run/tasks/a8a4f079-0296-41fa-bcb0-546a54db9e56/

109.202.103.170:8733
213.152.161.40:8733
213.152.162.89:8733
213.152.162.109:8733

# Reference: https://twitter.com/VK_Intel/status/1189602729498464257
# Reference: https://www.virustotal.com/gui/file/9235b1f5f9cc8efbf0ad96e4b48872a4043286fcdd182423746ed2e3700e1559/detection

79.134.225.20:2404
hobbotgy.duckdns.org

# Reference: https://twitter.com/Paladin3161/status/1190072879242596352
# Reference: https://www.virustotal.com/gui/file/6e366fd065815118100c0a7fe8fa95208e87944b9dd4ce9df556c6d9f31151ec/detection

menaxe.nsupdate.info

# Reference: https://www.virustotal.com/gui/file/d23189d4520692301d6a013f60d59972fb61fd4bc3f011693411b20e9bdbd1e6/detection

185.244.31.85:4050
menaxe212.duckdns.org

# Reference: https://www.virustotal.com/gui/file/6ddca5e1a4a9a4afd6663da5c05252d4150c8e271fbe28a81b3ae3af4cbca49c/detection

185.165.153.185:4050

# Reference: https://pastebin.com/29uSdMAk

sub.thebest1jewels.waw.pl

# Reference: https://pastebin.com/29uSdMAk
# Reference: https://www.virustotal.com/gui/ip-address/79.134.225.29/relations

79.134.225.29:3018
bzsoftwaress.hopto.org
faxjohn01.dyn.ddnss.de
londonchap.duckdns.org
samuelcity.ddns.net
top.citycentrejo.waw.pl
sub.winkcaffe.waw.pl

# Reference: https://twitter.com/killamjr/status/1191192709727506438

79.134.225.73:2404

# Reference: https://app.any.run/tasks/508a6b73-18b4-490e-a1f3-69341ba72512/

79.134.225.80:2404
clintonlog.hopto.org
joseph3m.ddns.net

# Reference: https://app.any.run/tasks/880d03b6-ed40-4688-a1ee-7f27e9873013/

91.189.180.214:7890

# Reference: https://twitter.com/malwrhunterteam/status/1060836685771087873

35.237.81.215:1604
fuckerswashere.duckdns.org

# Reference: https://twitter.com/wwp96/status/1191790897714913281
# Reference: https://app.any.run/tasks/4e587628-821c-42e9-ae52-ad84fd05ba85/

91.193.75.51:4343

# Reference: https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html (# Win.Dropper.Remcos-7376444-0)
# Reference: https://www.virustotal.com/gui/ip-address/179.33.152.127/relations

msipro2019.duckdns.org

# Reference: https://twitter.com/wwp96/status/1191486608249368581
# Reference: https://app.any.run/tasks/4ca60fe6-eb65-48eb-8f80-eb28e19ecfa4/

79.134.225.11:5198
mpremx.duckdns.org

# Reference: https://twitter.com/wwp96/status/1191443761563353089
# Reference: https://app.any.run/tasks/bd34ac22-9167-4ae5-a91f-e5600e21e72f/

115.133.245.72:3908
115.133.245.72:4101
115.133.245.72:4421
ego9.ddns.net

# Reference: https://twitter.com/JayTHL/status/1189778893298970624
# Rereference: https://www.virustotal.com/gui/file/1511d64209925c818d7db8eb1d0229e54debbea0d2a60bba094a05edd8d76a1d/detection
# Reference: https://www.virustotal.com/gui/file/0634fc3acc43e1b3a357a28e4f0e20edac01ea07aa5de6e0373b8eb521bfd150/detection

194.5.97.96:22940
194.5.97.96:7493
lekwahouse.ddns.net
pirorityclient.ddns.net

# Reference: https://twitter.com/JayTHL/status/1189761540251103232

82.112.40.135:1604

# Reference: https://twitter.com/VK_Intel/status/1194260473631428608
# Reference: https://twitter.com/VK_Intel/status/1194338499085778944
# Reference: https://www.virustotal.com/gui/file/73cd4a5fd5d4670ecfa8d3e1d64055b76373e7730e0f7947ae850dbf2ee41549/detection

194.5.97.119:1000
nanoprivv.duckdns.org
zotizieweb1.duckdns.org

# Reference: https://twitter.com/wwp96/status/1196471158054494208
# Reference: https://app.any.run/tasks/66e92f07-3225-4d85-838f-cb3ccdbd90c8/

79.134.225.99:4387
respainc.duckdns.org

# Reference: https://twitter.com/wwp96/status/1196491717572222977
# Reference: https://app.any.run/tasks/594a9510-e48a-4dd5-89ea-73fe6929c225/

185.140.53.168:5980

# Reference: https://www.virustotal.com/gui/file/db21285f8f62e182c6cb217073632a0c878c44e6b9d7dd2cf68df573391aa924/detection

154.16.93.170:8320
185.217.1.186:8320
217.79.184.12:8320
79.134.225.29:8320
faxjohn01.dyn.ddnss.de

# Reference: https://app.any.run/tasks/c735b356-3ad6-47b2-8db9-4b820fba23ce/

pharmalobster.duckdns.org

# Reference: https://app.any.run/tasks/1c7dc445-3d6f-4219-a2e1-afc99d3916a0/

rt.sexsweet.vip

# Reference: https://www.virustotal.com/gui/ip-address/79.134.225.105/relations
# Reference: https://www.virustotal.com/gui/file/331003b87d0c8194b40ca96740295c74a3695331e917a9d0511c62e6ffdd7e80/detection

79.134.225.105:3368
sub2.haircaresupertouch.waw.pl
top1.supertouchhaircare.waw.pl

# Reference: https://www.virustotal.com/gui/file/4a43fde440d91d130acd096114cfbe5e965100793f354297657d6595e2a4b941/detection

electroking444.hopto.org

# Reference: https://www.virustotal.com/gui/file/2478c6c90b6c4ecfc0a010b111bde48456898aba2946625784ecc083960f683a/detection

electroking444.ddns.net

# Reference: https://www.virustotal.com/gui/file/10c47670d9b565e7911364006e01fc545ef9b313bf5d230405f067b6a7795b50/detection

79.134.225.89:2501

# Reference: https://www.virustotal.com/gui/file/31022c5eb483f3b105050ab054e45541b206583996aec342b20fad359b1978ce/detection

199.195.250.222:6464
leebase.nsupdate.info

# Reference: https://www.virustotal.com/gui/file/3692d98da1a9c209fe3f7789caa282a374eb39acde6d3b6690297773cd201c2a/detection

79.134.225.89:6464
filebase.duckdns.org

# Reference: https://www.virustotal.com/gui/file/3121062c6478104325d7bdf59a08f9c416c2c8343ee4eb80829775c984a06310/detection

79.134.225.89:3369
fucktoto.duckdns.org

# Reference: https://www.virustotal.com/gui/file/9e0d19b6ddfce89c11868bd8afdcfb53fa8d8c7c17623d25d04065aac411b521/detection

79.134.225.89:32002
work1234.duckdns.org

# Reference: https://blog.talosintelligence.com/2019/11/threat-roundup-1115-1122.html (# Win.Dropper.Remcos-7395733-0)
# Reference: https://www.virustotal.com/gui/ip-address/186.170.64.85/relations

186.170.64.85:2404
msipro2019.duckdns.org
nashpink2019.duckdns.org
proyectobasevirtualcol.com
recuperaciondecartera.website

# Reference: https://www.virustotal.com/gui/file/c382f97e5303ea6f171e7a1a1d1f305fa228dd368857d57035c70b7c1dbe4c2e/detection

186.170.64.85:6404

# Reference: https://www.virustotal.com/gui/file/c382f97e5303ea6f171e7a1a1d1f305fa228dd368857d57035c70b7c1dbe4c2e/detection

161.18.215.40:6404
179.33.63.205:6404

# Reference: https://www.virustotal.com/gui/file/ec3c174d36d5f8faa784d42a6972406d5ad258b770a308027a0bea1bb04a2fa3/detection

186.170.70.152:3370

# Reference: https://www.virustotal.com/gui/file/a0f495716cd691031cef9c3e92aa0c19f6f97a1179a60518797f1fdb5e1d82f7/detection

79.134.225.90:6553

# Reference: https://www.virustotal.com/gui/file/bb81e35d7d90e9d2a97408c256c4a498d85cfd36568e85b631766d34a9182b57/detection

79.134.225.90:2404
graceofgod.duckdns.org

# Reference: https://www.virustotal.com/gui/file/9d22fa075c100254780f36d4ece00b40fad5cad6c5be21e15ed929c99680b904/detection

79.134.225.90:24197
registerme.warzonedns.com

# Reference: https://www.virustotal.com/gui/file/646178cbc5b2452e1f3ee34500f039ab15f1f4d81533e1abc7db290fe43a10e7/detection

79.134.225.90:54985
1338099.ddns.net
jaden222.kozow.com

# Reference: https://www.virustotal.com/gui/file/eb712d5bb30e21cac53acdac476e526371534827486ad228c592facad084d220/detection

79.134.225.90:7331
7331.duckdns.org

# Reference: https://www.virustotal.com/gui/file/04393c8b23e1742c3ca20a081739b7bb959274adc61f83158d0ef96ef575779e/detection

79.134.225.90:1720
jack2019.warzonedns.com

# Reference: https://www.virustotal.com/gui/file/5689e69c5f46ab06f7b5b8d4aaaf235210ce6cf014fb3324c6d6c785ccb688c7/detection

79.134.225.90:5656

# Reference: https://www.virustotal.com/gui/file/330e409e8edbecfd1e3146c7dd09670e6d3364fb3f16ff0b2c129aea37b03e2f/detection

79.134.225.90:5001
teryts1802.sytes.net

# Reference: https://www.virustotal.com/gui/file/83c8a487ae867ea10107a1a6a93a5c1b6b54744a384338e166317049a53f97ec/detection

79.134.225.90:5355

# Reference: https://www.virustotal.com/gui/file/8bbfa7a830568b039465d6abf3c517422c94d3abfe6455410a1437430a48e2de/detection

64.42.179.59:33089
sdkljsdf89237487428974wrewrwrereerwerw.linkpc.net

# Reference: https://www.virustotal.com/gui/file/747cc60bf20b60daa1441457d74becb38f01564068d56e8eed000a1f9557d344/detection

199.249.230.22:33089

# Reference: https://www.virustotal.com/gui/file/da9f70611fc313108dfd69262954d2b926761528e20acda0593878ba0bd7a0ab/detection

198.203.28.43:33089

# Reference: https://www.virustotal.com/gui/file/60fc1a6f625150ec93ea5eb5cc91252542f15bd91dda6ea27d389b828a383061/detection

192.69.169.25:4864
abeasinf.duckdns.org

# Reference: https://www.virustotal.com/gui/file/97571694c24fc14cfb658d7620d74c69ef42a78e2bad32ca047022b984edf922/detection

186.170.76.206:4864

# Reference: https://www.virustotal.com/gui/file/45f8ba1f2b1456f4192a0ac31b2788c18b957fdec9d94da8f3c3a581cf0e0591/detection

192.69.169.25:1626
wiskiriski15.duckdns.org

# Reference: https://www.virustotal.com/gui/file/1daf168cc60d73346093932e5db44e055166da7e26c06e7fa7453ced43cffd42/detection

192.69.169.25:3864
pichicoyote.duckdns.org

# Reference: https://www.virustotal.com/gui/file/060231c7729f65f39c1cc05fbe097d9c872dabd9391cc20eaf60c8d3c3cb0b5a/detection

79.134.225.80:3360

# Reference: https://www.virustotal.com/gui/file/e8a34e6e1db7c73ffea0618863c3d4ce31f3b32c4a16ec04b11460efb13a195e/detection

79.134.225.99:3360

# Reference: https://www.virustotal.com/gui/file/d96c1dc0ea3859660cd97e0f88b0cb0fab0a974ac0f07c7eadd45f48407a0224/detection

79.134.225.123:3360
79.134.225.125:3360

# Reference: https://www.virustotal.com/gui/file/1f6baac0b57ae8c9a3dfe83c6c4bf14ed0b00c785c333cfd905f3b403c036077/detection

79.134.225.122:3360
79.134.225.124:3360

# Reference: https://www.virustotal.com/gui/file/29bd4d55cb24fd04eabdc27eabcabe11f348ed1fc60b4c066af3be4c5eed869c/detection

185.165.153.113:3360
185.165.153.198:3360

# Reference: https://www.virustotal.com/gui/file/cc0f030f39bfc8c65c10bbcee2ce8679f313687dcce2ea8218e2a8fc8cd5c14d/detection

79.134.225.58:5609
remcus.chickenkiller.com

# Reference: https://any.run/malware-trends/remcos (Note: as seen on 2019-12-04)

ubananocore.ddns.net
sandra.myddns.me
prayersanswered.hopto.org
gratefulheart.ddns.net
888rats.duckdns.org
grafeulheart.ddns.net
ijomsdavis1.ddns.net
blessingfollowme.myddns.me
slimyuyo.duckdns.org
vemvemserver.duckdns.org
3forall2019.servesarcasm.com
mozillamaintenanceservice.duckdns.org
spenzmarine-56499.portmap.io
fobeno-42652.portmap.io
lololol-54262.portmap.io
Theprohd-59801.portmap.io

# Reference: https://pastebin.com/r5ZV1TCJ

menaxe.nsupdate.info

# Reference: https://twitter.com/wwp96/status/1203002510765707264
# Reference: https://app.any.run/tasks/30aa42c6-1bf5-4eed-84fc-099cc2f69404/

174.127.99.167:8970

# Reference: https://pastebin.com/7Ak2nP2T

reverse.spamassasins.icu
top.multigamingjo.waw.pl

# Reference: https://www.virustotal.com/gui/file/80120be87db5c64640fbd69a55cfd335601de08d5bcff393e66ff6f51c460850/detection

79.134.225.121:22940

# Reference: https://twitter.com/smica83/status/1205000837430468608

top.phonefix1.waw.pl

# Reference: https://twitter.com/Paladin3161/status/1197842954037018625

192.169.69.25:1116
ashawo.duckdns.org
wecollect11.duckdns.org

# Reference: https://www.virustotal.com/gui/file/3e444ad341b93f3150b1eae401b84c1b8afd73a80345b4b328bd26c9e5dc5d66/detection

185.148.241.48:1115

# Reference: https://www.virustotal.com/gui/file/a22ede52f14be480dd478fa0ec955b807e4b91a14fbe1b5d46c07bbb5cacccbb/detection

185.244.30.116:1116

# Reference: https://www.virustotal.com/gui/file/53a20bb94b5f34076b98b161b786e24a3fe4c1d3ba36892a901f0709461d096e/detection

185.244.30.116:2444
proudsoldier.duckdns.org

# Reference: https://www.virustotal.com/gui/file/bf16f2332e28ac589939efd41ce77fafeed6c9f8b20661f55a0e1264c78bebd0/detection

91.193.75.49:1116

# Reference: https://www.virustotal.com/gui/file/efda9ecdddba583c653b76dbc825daaba070e16d4e6be3f6439278c6c023450a/detection

185.165.153.231:2404

# Reference: https://twitter.com/ActorExpose/status/1196103594845593600
# Reference: https://app.any.run/tasks/4be5595d-4651-40ae-b24d-917a47b26fbb/

79.134.225.46:1960
mgc1.duckdns.org

# Reference: https://twitter.com/coderippers/status/1194935759775641600

185.165.153.186:5132
91.193.75.51:3434

# Reference: https://twitter.com/Paladin3161/status/1194813271494148096

192.169.69.25:100
jamesremcos.duckdns.org
savagesquad.ooguy.com

# Reference: https://www.virustotal.com/gui/file/a8c80446c78199908f9187795627a6111e765b7abf20662cd0f1762ba80abaa1/detection

185.165.153.27:100

# Reference: https://app.any.run/tasks/4e587628-821c-42e9-ae52-ad84fd05ba85/
# Reference: https://www.virustotal.com/gui/file/9b4585e342acf00e8d7c0f0b215af2f74ce1a0b428583c30868dbc616d87e1dd/detection

srvc50.turhost.com

# Reference: https://www.virustotal.com/gui/file/1efc346c6761b933adc7a10ab7e6da5e6c65369b5b90f3ddd528ce2bcc3116ab/detection

91.193.75.51:4343

# Reference: https://research.checkpoint.com/2019/decypherit-all-eggs-in-one-basket/

rmagent.biz

# Reference: https://www.virustotal.com/gui/file/8003d7af85e3d328eb0c789e32bba3de456523c109847eca2ace5ae0252c1ee2/detection

185.165.153.22:2211

# Reference: https://www.virustotal.com/gui/file/04455422ee74836e38315b4ac9740470c963e45d5cf61fb3927f02ed9be4d995/detection

185.165.153.22:11011

# Reference: https://www.virustotal.com/gui/file/606aee9e6f0ec6e51dd94cda76b4978392bf5c7f505e049fbd936e7b97928387/detection

185.165.153.22:3330

# Reference: https://www.virustotal.com/gui/file/9fe933614e864926edb99dd6a6c1df31e3db0f74fb8c0d622ef73fd1c6e14104/detection

91.192.100.37:23850

# Reference: https://www.virustotal.com/gui/file/444a412bebf61392e5368bd1464f5773024d1c8758626cd7c5f061ba7688403a/detection

88.172.243.236:23850

# Reference: https://www.virustotal.com/gui/file/d2ddf0997db4b87a354abacba8f0b22f5923eeff7f01bcf3e2bae535160c579a/detection

79.134.225.122:23850
79.134.225.122:3366

# Reference: https://www.virustotal.com/gui/file/bd6220c705c6f321f59d1f45eea1e13c5171f7a2061dec9f907ffa291f3b9ec1/detection

79.134.225.122:2404

# Reference: https://www.virustotal.com/gui/file/c176c510cdc4c587528c7b3fd414ff373f966e669243ade0f76bc674e8053a9f/detection

23.105.131.156:2404

# Reference: https://www.virustotal.com/gui/file/abb4c76901b644cb756fe3727d3933d6a614d0709b62c78c9c54f2dd3ba6aea0/detection

192.253.246.140:23850

# Reference: https://otx.alienvault.com/pulse/5c4543d7fa493a3bac56ae13

jaxboss.publicvm.com

# Reference: https://www.virustotal.com/gui/file/fffb52d51e9688cc08c2a2ad0d818528174eda3e9738c7df8d009301bd127419/detection

173.242.125.75:7241
mysit.space

# Reference: https://www.virustotal.com/gui/file/8e99fca6285e318095ad693fa35b922f88743bf7743a1a8316eb0138fb771e2c/detection

185.82.202.149:7241
uploadtops.is

# Reference: https://www.virustotal.com/gui/file/a0dd3cf4f046432c109448c53687a0cf06cdc1d287fda725c7c15397dab984f0/detection

66.85.185.105:7241

# Reference: https://www.virustotal.com/gui/file/6caecb1c499dfb5b9a00c1eed46b7c6b223893f5a95a10dbb7dc41515a132c7e/detection

66.85.185.105:1427

# Reference: https://twitter.com/DynamicAnalysis/status/1205555781095108608

79.134.225.99:2018

# Reference: https://www.virustotal.com/gui/file/8c49d633a12c6ea14ac72e58de6c9f7ba239403f21cc25c6f1ae867b5df29b36/detection

41.203.78.140:2888
41.203.78.93:2888

# Reference: https://twitter.com/wwp96/status/1210224614149939200

185.140.53.26:2404
michaelking102.hopto.org
michaelking102.loseyourip.com
rennelautos.zapto.org
sunwap878.ddns.net
sunwap878.dynu.net

# Reference: https://app.any.run/tasks/8541d798-8243-46a8-8631-f54e6ed5d19e/

redsocial.instagram21.best

# Reference: https://twitter.com/James_inthe_box/status/1211999781721006081
# Reference: https://www.virustotal.com/gui/file/a05be2b7d477cf006794c746d241b4dad0a392f59d19238f17bc7128418108f2/detection
# Reference: https://www.virustotal.com/gui/file/76b700b072fd5820e296c1fd9a62f2a63c8c6715e778ad32213cdfcae5bae878/detection

108.62.12.134:4922
nolim.duckdns.org

# Reference: https://www.virustotal.com/gui/file/472aa23054d16bcf70e18d254613161d80cb345229aafca5e0b103e0afb65271/detection

aprsgkpc-51401.portmap.host

# Reference: https://www.virustotal.com/gui/file/51ba982bff7c5afbb35f5ce500570bf94aacda560e649e32fa9445155a31994c/detection

193.161.193.99:54120

# Reference: https://www.virustotal.com/gui/file/7a7060976e2908d0202c7c318be3226718cc324db2976e5423eb71b3851bad31/detection

tunedd30.duckdns.org

# Reference: https://www.virustotal.com/gui/file/e4f477f955ae23cb599858715626e86d3c5a8869d7cfd340af87147e2e7c9818/detection

178.124.140.136:6640

# Reference: https://www.virustotal.com/gui/file/28842367cd70d14f0776b246cb821275ff817051813b3ad4090eb412496d319c/detection

178.124.140.136:1284
dfrannk.hopto.org

# Reference: https://www.virustotal.com/gui/file/63e1f393cbd4bfe5c8e431af3de70b382482ed3e11b967db8caccf4c38ada733/detection

expertyline.mooo.com

# Reference: https://www.virustotal.com/gui/file/4c407408ea383edc394a84baed80b6991581a5df5d9cbcb818f83dfc1c6b4317/detection

ddfranks.ddns.net

# Reference: https://www.virustotal.com/gui/file/eb91f6ed14de853b1d987e199eaede7005c4cf6671321315d22e4626677bfb7c/detection

178.124.140.136:1515

# Reference: https://www.virustotal.com/gui/file/72b74037adf3cf0cf6e9ead907f565d4976b0ed15a8b62e2c8a8cde28a09867b/detection

178.124.140.136:2033
blessederic.ddns.net

# Reference: https://www.virustotal.com/gui/file/978b349faa2c6e8894897bb1cc54d1f92ca9613af0078528fab4f10466c2667b/detection

178.124.140.136:2669
dfranki.ddns.net

# Reference: https://www.virustotal.com/gui/file/b57e631645446ad3744528b05f961ea2c4cb23f426f0a6a6dea8203786c9e528/detection

178.124.140.136:3333
menorte.ddns.net

# Reference: https://www.virustotal.com/gui/file/2bd9dd47981f11b696c2ad7c6b11723da0f091c658210799e2fdd1efd326172a/detection

104.244.75.220:9300

# Reference: https://www.virustotal.com/gui/file/26d109f07bff6ad6142cc1e2c455849a3f641ac43660372686aad7381527fe00/detection

103.136.43.131:7368
104.244.75.220:7368
105.112.99.44:7368
194.5.98.25:7368
sam555.ddns.net

# Reference: https://www.virustotal.com/gui/file/48fafbbccc345ad4f5b9d525107cd139bde73ec2b4eb54432336bf6450943a5f/detection

91.193.75.49:2016
91.193.75.49:3001
proud.duckdns.org

# Reference: https://www.virustotal.com/gui/file/bf76c5ca49445e8aacb161337d1d333cf481c4ea7eaecfd2c2a3170e70a69ce7/detection

91.193.75.49:3111

# Reference: https://www.virustotal.com/gui/file/7618cd1e9e2ca86f97552e1c3584f418ffd17141832c913021b5c3694914106d/detection

79.134.225.97:54985
tools4money1.duckdns.org

# Reference: https://www.virustotal.com/gui/file/254a0ac154ebc83d9838fb52af5dc8118cfc31d81571cfdac3d3bf4f75be5d6a/detection

remcos.got-game.org

# Reference: https://www.virustotal.com/gui/file/f9aae3f8af4a70b5634a9ec9f069ac3458ff6835547107e42955fa12c5a2cf8a/detection

91.193.75.66:3039

# Reference: https://www.virustotal.com/gui/file/223e21cb4169999a2086cbcb4d56013d151b81745a541f300ffbbfd838c1a8f5/detection

79.134.225.72:4564
ebuxxxxx.duckdns.org

# Reference: https://www.virustotal.com/gui/file/8889736c0a30eb477236a624f55e66d38f52025db003cf7fe621fd084109db5e/detection

79.134.225.72:7676

# Reference: https://www.virustotal.com/gui/file/166e944c81082a59ffbf8cf5a2ae228913dc8656990d71238ad2db19cd2221b5/detection

top.pubgstores1.waw.pl

# Reference: https://www.virustotal.com/gui/file/5ee090b3c5b98a33e60f2a3eeb6f8429ffabc5ac0ea932e373c6a383cfce5289/detection

smart0147.ddns.net

# Reference: https://www.virustotal.com/gui/file/2170aa91350c123fa9a2319492afbd73c2b5fbe29a84c001efd545980c330856/detection

79.134.225.73:6569
passwrdboss.duckdns.org

# Reference: https://www.virustotal.com/gui/file/e4538221d4740b28f2aa439fddfba69448a2751a0a4f78b54145ddd7ef7d6992/detection

79.134.225.73:18943
cashoutmoney.ddns.net

# Reference: https://www.virustotal.com/gui/domain/top.fishingjoco.waw.pl/relations

top.fishingjoco.waw.pl

# Reference: https://www.virustotal.com/gui/file/72e6c5ce4b7844eee3a6b293f54aeedd38d572bd5ff7c3609507030da46041fe/detection

185.158.139.238:9334

# Reference: https://www.virustotal.com/gui/file/cbf1a3f24d6fb4c163cdc540dc6df98779b16e491017c9534c58a9f23df47941/detection

185.140.53.93:9334

# Reference: https://www.virustotal.com/gui/file/38de8ff2bdcad25f923d0d22138c23541991c3f96095a0ee22de5e1849f3f20e/detection

185.140.53.59:9334

# Reference: https://www.virustotal.com/gui/file/ad74423af971f9d55f4fb2ca010f6dc81ef98a6dd36fd18b833c2623d17eb913/detection

185.140.53.192:9334

# Reference: https://www.virustotal.com/gui/file/d99ac8879353bd8cbc3ca502cdc6cf5581652f1a26f7de6337644758d6370e16/detection

185.140.53.107:8787
185.140.53.107:9334

# Reference: https://www.virustotal.com/gui/file/0bca93258e81977fd667e4ceab83f2e3460dd5fa5d5f4e88549bd4bfad20ee12/detection

185.140.53.52:9334

# Reference: https://www.virustotal.com/gui/file/c7b6e9095074b013ff9e5f9f1b3a7a15493b8b4f099deda31f2cffc308cdfa61/detection

185.140.53.26:5200
185.140.53.26:8153
185.140.53.26:8787
185.140.53.26:9334

# Reference: https://www.virustotal.com/gui/file/63f7dcd1893c84eae20fe494fd9d0bda10dd809ead94eb4d2c271d25208fc992/detection

185.140.53.222:5200
185.140.53.222:8153
185.140.53.222:8787
185.140.53.222:9334
185.140.53.52:5200
185.140.53.52:8153
185.140.53.52:8787

# Reference: https://www.virustotal.com/gui/file/8fdf5d5c5cf41f4f80a563d12f07d6f59bdeed91028eaa888a982a45df76bd09/detection

185.140.53.115:9334

# Reference: https://www.virustotal.com/gui/file/44558aeedee27b83942c4e33a0c0f060035f2ef4beaf66af23f719f121934194/detection

185.140.53.94:9334

# Reference: https://www.virustotal.com/gui/file/f5a7efd0ffb5145945fed2f92b2df8a79847085547333ec841e3e0b1fc5e1133/detection

185.140.53.50:5200
185.140.53.50:8153
185.140.53.50:8787
185.140.53.50:9334
185.140.53.149:9334

# Reference: https://www.virustotal.com/gui/file/4d51a099cfcab43ebfdaef8d4bc8bd0560c933c665cb6ca353f63d2d97bb2f18/detection

185.140.53.91:9334

# Reference: https://www.virustotal.com/gui/file/225c850cfd1f040c9b7f3513eb77aa5830a4b37b9cb1a516cd128e7841429537/detection

185.140.53.162:8787
185.140.53.162:9334

# Reference: https://www.virustotal.com/gui/file/49e01999814d095689ceda6247ccaea14bcd21d0267e8705b393de930e883667/detection

185.140.53.114:8787
185.140.53.114:9334

# Reference: https://www.virustotal.com/gui/file/cbe362033ba85e20d7b86bc9108c1d1db1786febfbf0b99258e755ac8b6297b2/detection

185.140.53.194:8787
185.140.53.194:9334

# Reference: https://www.virustotal.com/gui/file/27d2f7b50dc11a146fd7d950a1d3eec3031882b970463b7b685b516849071fe1/detection

185.140.53.232:9334
185.247.228.103:9334

# Reference: https://www.virustotal.com/gui/file/d4487b370ba2645516192a1461cb25ed3d11d02e4d0fdce3025269ca7d63aefa/detection

185.247.228.251:8153
185.247.228.251:8787
185.247.228.251:9334

# Reference: https://www.virustotal.com/gui/file/c68b820b65097d851e33a977e562fd51d12d852613b43caba3b325dd74b0e618/detection

185.140.53.96:8787
185.140.53.96:9334
185.247.228.103:8787
23.105.131.142:8787
23.105.131.142:9334

# Reference: https://www.virustotal.com/gui/file/b4f87be6ab41d1216a36822bf791212e29eb07c469059571d916221f0508ef97/detection

185.140.53.208:5200
185.140.53.208:8153
185.140.53.208:8787
185.140.53.208:9334
79.134.225.10:9334

# Reference: https://www.virustotal.com/gui/file/a246556f34f23f1e8c67a4aadda22bd03324521aadf4526b0db5f696b6761d35/detection

23.105.131.216:9334

# Reference: https://www.virustotal.com/gui/file/eae3e753b4461e78f7f0206f2d3434f9ced9c302ec509e952e69332b2be73ee4/detection

sub.jofishingco.waw.pl

# Reference: https://www.virustotal.com/gui/file/cfc1e1ff16319b95761d4b4b950bd46e7c7b8cab339cbf556b21fa56cc7f069a/detection

23.105.131.216:5200
23.105.131.216:8153
23.105.131.216:8787
173.254.195.173:5200
173.254.195.173:8153
173.254.195.173:8787
173.254.195.173:9334

# Reference: https://www.virustotal.com/gui/file/590fac000e2f4cbe9a27520e6cf3223e045bc3386633c25088e55439679150f7/detection

173.254.223.68:5200
173.254.223.68:8153
173.254.223.68:8787
173.254.223.68:9334
91.193.75.128:8787
91.193.75.128:9334
98.143.144.221:9334
98.143.144.243:5200
98.143.144.243:8153
98.143.144.243:8787
98.143.144.243:9334

# Reference: https://www.virustotal.com/gui/file/9f945ca391310fb2880045f5bd60393d62b2a0c65f06aa57396d9bcb313128a7/detection

173.254.195.172:8152
173.254.195.172:8153
173.254.195.172:9334
173.254.223.121:8152
173.254.223.121:8153
173.254.223.68:8152
173.254.223.74:9334
204.152.219.119:8152
204.152.219.119:8153
204.152.219.119:9334

# Reference: https://www.virustotal.com/gui/file/96158e53f76c37ba6590d80f10bbc5009bdc758d388d456274fb065a5ce8f325/detection

173.254.195.173:8152
173.254.195.173:8153
173.254.195.173:9334
173.254.223.110:8152
173.254.223.110:8153
173.254.223.110:9334
185.140.53.236:8152
185.140.53.236:8153
185.140.53.236:9334
73.0.71.4:8152
73.0.71.4:9334
98.143.144.217:8152
98.143.144.217:8153
98.143.144.217:9334
98.143.144.243:8152
98.203.61.135:8152
98.203.61.135:9334

# Reference: https://www.virustotal.com/gui/file/5cac3d994fcc5eefdaef9ffd6b9fae41dd49f1a699e88746e17fb51a49f73bd2/detection

204.152.219.90:8152
204.152.219.90:8153
204.152.219.90:9334
91.193.75.126:8152
91.193.75.126:8153
91.193.75.126:9334
91.193.75.220:8152
91.193.75.220:8153
91.193.75.220:9334
91.193.75.128:8152
91.193.75.128:8153

# Reference: https://www.virustotal.com/gui/file/a26302049b7fbfa6d107b726717cc1a29c7b1dc04d3ad07b6a2f56fd3ca9cd1d/detection

185.247.228.103:5200
185.247.228.103:8153
173.254.223.110:5200
173.254.223.110:8787
73.0.71.4:8787
98.203.61.135:8787
91.193.75.126:8787

# Reference: https://www.virustotal.com/gui/file/0c92e3f679873eae4f540f6f62d29bd80abd6bdc7267221c5a0ba1f82c9e90f7/detection

185.140.53.213:8152
185.140.53.213:8153
185.140.53.213:9334
91.193.75.232:8152
91.193.75.232:8153
91.193.75.232:9334
91.193.75.238:8152
91.193.75.238:8153
91.193.75.238:9334
91.193.75.97:8152
91.193.75.97:8153
91.193.75.97:9334
98.143.144.211:8153
98.143.144.211:9334

# Reference: https://www.virustotal.com/gui/file/4b5c755f37994c6474cabd023f83ec8d58ff7f875d25fb788ec9770383833af5/detection

173.254.223.124:8152
173.254.223.124:8153
173.254.223.124:9334
204.152.219.93:8152
204.152.219.93:8153
204.152.219.93:9334

# Reference: https://www.virustotal.com/gui/file/1053aed27e83dc8f682739c0d1716060b1fa525d3a8cef7fb066e8103a3fe50b/detection

91.193.75.107:9334

# Reference: https://www.virustotal.com/gui/file/82889980e77fab696835eb230b3d3b04ade235e7a2442f267bfeae32dcb189f0/detection

173.254.223.121:9334
173.254.223.92:8152
173.254.223.92:8153
173.254.223.92:9334
98.143.144.207:8152
98.143.144.207:8153
98.143.144.207:9334

# Reference: https://www.virustotal.com/gui/file/925e39df3d71d49ed7c31790de157fd50e6bfc7eed6d151fa0c89760b059937e/detection

204.152.219.94:8152
204.152.219.94:8153
204.152.219.94:9334

# Reference: https://www.virustotal.com/gui/file/daaa67b875f56060c05fae1fa635f9a30786054b3efb9c3ef82204b30f6dd7fe/detection

185.140.53.137:9334

# Reference: https://twitter.com/wwp96/status/1214559701280722945
# Reference: https://app.any.run/tasks/fa298bab-4c01-4269-93af-1808d94595fd/

jessene.ddns.net
rennelautos.kozow.com

# Reference: https://app.any.run/tasks/ef3a8b4d-0d5b-4f7a-a187-336b1327884c/

successfulghost.duckdns.org
185.244.30.35:2009

# Reference: https://twitter.com/wwp96/status/1214925176632225799
# Reference: https://app.any.run/tasks/1ad4f2da-7513-4d09-bd27-f6cf3327b489/

209.127.18.228:2424
roboscchi.duckdns.org

# Reference: https://twitter.com/killamjr/status/1216571369892139008
# Reference: https://app.any.run/tasks/a58e0909-6db7-4a3e-961d-02dcb6800803/

161.117.86.44:2500
88.198.205.179:2500
devicenet.org
devicenet1.org
devicenet2.org
devicenet3.org
devicenet4.org
devicenet5.org

# Reference: https://www.virustotal.com/gui/file/3bcfb4fec5c49609ce2e1688f24ae874728e9fd53a1769673d2ad3ac0c5554aa/detection

174.127.99.211:9493
vision2020.ddns.net

# Reference: https://www.virustotal.com/gui/file/0c2912541176b553f2d4595ea338f88bc8d6110ac43cb892cf86dd06ca49307c/detection

41.242.137.4:9493
41.242.138.53:9493

# Reference: https://www.virustotal.com/gui/file/6e5a7c74c609d6363a56cca712900ec5ab4ffa4e22c0307adf9b30f56b7eb218/detection

185.244.31.31:9493

# Reference: https://www.virustotal.com/gui/file/972cd696927d9d1804566fe6a610a67ca4f9a1bd631769ba7a2d3b06f8413497/detection

79.134.225.104:1871
umc621.myftp.biz

# Reference: https://twitter.com/DynamicAnalysis/status/1217873533310816257
# Reference: https://app.any.run/tasks/a948d44d-9d3b-4675-8c4f-6ec951a9346a/

79.134.225.36:2121
79.134.225.98:2030
srvr1.serverpubg1.pw
srvr2.serverpubg3.pw

# Reference: https://twitter.com/Racco42/status/1221707041615630336
# Reference: https://app.any.run/tasks/ced5f8bb-826d-4ece-9e0b-35408f6e3b90/

91.189.180.199:672
srvr2.callofdutyserver.pw

# Reference: https://twitter.com/Racco42/status/1221721585868058625

80.209.240.101:2030

# Reference: https://twitter.com/wwp96/status/1221878428623872001
# Reference: https://app.any.run/tasks/d41682fc-e350-4a38-a2b2-397fbf22a3d6/

185.244.30.53:2404
lupend.ga
lupendbackup.ga
lupend.duckdns.org
lupendbackup.duckdns.org
rownip.lupends.com
rownip.mailredirect.ooo
rownip.schneidstore.com
rownipbackup.ga
rownipbackup.tk

# Reference: https://pastebin.com/R6JP78G1
# Reference: https://www.virustotal.com/gui/file/5cfda191c0a46c7849afb2014c290dbd57101d20407ef9bfcaacac5886a80814/detection

103.145.255.163:4040
103.145.255.163:6566
vip6654.live

# Reference: https://app.any.run/tasks/8b8041c8-7f80-4bed-944b-1e28edacaf3d/

olavroy.duckdns.org

# Reference: https://app.any.run/tasks/1d360fda-c2a3-48d3-9c0a-5d5911a5574b/

66.154.98.108:24046

# Reference: https://twitter.com/wwp96/status/1222574424450355201
# Reference: https://app.any.run/tasks/75213c65-a28d-4053-b6ce-691a95f2b91b/

91.193.75.248:1005
mohit36241.ddns.net

# Reference: https://twitter.com/Racco42/status/1222614871293845504

178.124.140.136:7894
xyz345.spdns.de

# Reference: https://www.virustotal.com/gui/file/5a0d3279a6a703f809a0526fb425c8f4d2d42a3794b35315d1ae05c9960702e9/detection

185.148.241.50:9727
lawwena.ddns.net

# Reference: https://pastebin.com/SamC9MPD
# Reference: https://www.virustotal.com/gui/file/a309e11a1eb76c83efa58d90a6870234603c819636e7acefea389790b6d83d32/detection

37.1.207.27:5555

# Reference: https://twitter.com/wwp96/status/1224385908394352642
# Reference: https://app.any.run/tasks/092bbf7f-4edc-4073-972b-e98000608a8d/

154.16.93.178:3376

# Reference: https://twitter.com/wwp96/status/1224777426305196038
# Reference: https://app.any.run/tasks/06d959a6-057c-43e2-af0b-41971499e6c2/

chommyflozy.duckdns.org
milky123.casacam.net

# Reference: https://twitter.com/wwp96/status/1225528218209394689
# Reference: https://app.any.run/tasks/255e11a7-fd7f-470a-b0a2-e4c557aeb2d2/

41.242.139.6:8484
legacy2020.ddns.net

# Reference: https://www.virustotal.com/gui/file/0230436c843aff9c00a762954bb2317e6a90c3c8b25d453fe3405805b22020b2/detection

184.75.223.227:56699
213.152.161.20:56699
213.152.162.109:56699

# Reference: https://app.any.run/tasks/45613eaa-cd76-409c-abd6-57d49c3245fb/

104.37.1.38:7902
rolandgeraldinelacotta.mywire.org

# Reference: https://app.any.run/tasks/7839af44-a26a-4b1e-885d-edee4e9aa7ae/

nj2ratt.ddns.net

# Reference: https://twitter.com/wwp96/status/1228361945780232192
# Reference: https://app.any.run/tasks/67e987d3-8e12-495e-a04a-aa965765cc6c/

41.242.138.29:8484
remcos247.ddns.net

# Reference: https://twitter.com/DynamicAnalysis/status/1229458649694769155
# Reference: https://app.any.run/tasks/657b7a80-7a29-4353-9fbb-d73b24100c39/

185.244.31.114:3090
backup1.gam2ng.pw

# Reference: https://twitter.com/wwp96/status/1229495413281054721
# Reference: https://app.any.run/tasks/d5332906-8319-4e81-a1b7-3cf6ee4f54d3/

185.244.30.16:8484

# Reference: https://twitter.com/wwp96/status/1229816791876198403
# Reference: https://app.any.run/tasks/091c477d-f4c1-41ea-a55d-8d6b6a70842a/

216.38.7.245:7279

# Reference: https://twitter.com/wwp96/status/1229810377959116800
# Reference: https://app.any.run/tasks/bff65255-585a-489e-a9a6-b9b31ccf56ca/

79.134.225.77:5151
mygodissogoodtome.ddns.net

# Reference: https://twitter.com/wwp96/status/1229843377711128577
# Reference: https://app.any.run/tasks/a38c2851-2556-4f73-863f-fd895d152cb1/

185.244.30.19:1930

# Reference: https://app.any.run/tasks/48f66baa-9be1-4325-9d78-54da7353f337/

jacksonsmit.ddns.net
185.244.30.16:8484

# Reference: https://twitter.com/yvesago/status/1230414301221019648
# Reference: https://app.any.run/tasks/3211cb34-3ead-4e2f-96d3-30d887c1a208/

79.134.225.52:1994
experience1994.hopto.org

# Reference: https://twitter.com/500mk500/status/1230557502862843904

191.101.22.21:1005

# Reference: https://www.virustotal.com/gui/file/3909a024c17e133fea95cbdc7e54a25d1144a24a78d43af4e84de35e00227b68/detection

79.134.225.38:4000
79.134.225.79:4000
iyamahrem45.warzonedns.com

# Reference: https://www.virustotal.com/gui/file/d97f1dc45bb4cc7224ac9fd00306abc925b8af72e0bc0520fd5a072f78318277/detection

79.134.225.38:1989
agshrf.ddns.net

# Reference: https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html (# Win.Packed.Generickdz-7586813-0)
# Reference: https://www.virustotal.com/gui/file/dfb75c837ea961311b96c32257c46ebfa53d679834cc6fbd207dae4c2a8297b9/detection

46.105.98.53:4782

# Reference: https://www.virustotal.com/gui/file/74c3a5f44d545c7eb905dced1d5b0ffb4a56a81e5b722c2252d0f60fba627318/detection

185.165.153.29:3636

# Reference: https://www.virustotal.com/gui/file/6a6784d34afba70572cc188f5853e06ee3ea5422fe80fc5e42bf3ff6203b5527/detection

185.140.53.139:3636

# Reference: https://www.virustotal.com/gui/file/7f9d115776d5a404d6b02a64473f3f4b2e36aa13bdd22b2437dc220385b65e09/detection

79.134.225.75:1234
sixteen147.ddns.net

# Reference: https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html (# Win.Ransomware.Remcos-7586925-1)

secure.jagexlaucher.top

# Reference: https://www.virustotal.com/gui/file/c5193ef79fb9a0e616eeb7904bc66b9aeb9b1c42aee393b6829f9617462664b0/detection

186.118.80.105:3201
186.118.93.21:3201
elcamionsr.duckdns.org
impindusltdz.duckdns.org
induspals.duckdns.org
induspalse.duckdns.org
msyswintxl.duckdns.org

# Reference: https://www.virustotal.com/gui/file/db12191309c125be008c08d8ba8444cf7a0240ea36b1f54aace2ba46bb3228d8/detection

167.0.102.88:3201
167.0.104.40:3201

# Reference: https://www.virustotal.com/gui/file/a352d00e0322a0e397f167c1164f7667c672935ba14d29c4f4b60f26d0a88f5d/detection

186.116.218.183:9134

# Reference: https://www.virustotal.com/gui/file/963abe7aa94c8b3e12e231e10c62ba00e3f89948edb77e017cb2eb25bc24ca56/detection

179.32.78.10:9134

# Reference: https://www.virustotal.com/gui/file/e20b3ae04270e83b45f08235d3f8e9ad1dcc8f6966a2dc03aaeddfc8982090cc/detection

149.167.94.36:8754
167.0.101.103:3201
toolpres.duckdns.org

# Reference: https://www.virustotal.com/gui/file/6416daf02055125dd7a513058a8c5a3e1bb97c049ae428ccb5c7600ab576ccb1/detection

94.73.22.187:83
bobbylight.zapto.org

# Reference: https://twitter.com/DynamicAnalysis/status/1231999794035535875

185.140.53.214:1898
mercy01.ddns.net

# Reference: https://twitter.com/killamjr/status/1232457439229820928
# Reference: https://app.any.run/tasks/47b0c22e-98c8-4234-99af-5d23b31c74c3/

79.134.225.102:2030

# Reference: http://benkow.cc/export_rat.php  (Note: as seen on 2020-02-26 - filtered)

agbero.duckdns.org
civita2.no-ip.biz
dixenweb.ddns.net
ejiroprecious.ddns.net
emilylattaa4111.serveftp.com
firstclass197007.hopto.org
ichie.hopto.org
jaxboss.publicvm.com
keypay033.dynu.net
mdformo.ddns.net
microsoft24515062.serveftp.com
opitalia.ddns.net
provafood.ddns.net
semonsemon.zapto.org
vice.hopto.org
wecollect.duckdns.org

# Reference: https://app.any.run/tasks/4ed77208-4026-4fdf-b990-a66732c6e7f8/

jload06.xyz

# Reference: https://twitter.com/wwp96/status/1236003598812753921
# Reference: https://app.any.run/tasks/70206853-5fda-45bb-b99b-387b79dbd42a/

87.101.92.68:1067
servr1.willbeban1fabuses.xyz

# Reference: https://twitter.com/wwp96/status/1235999989685420033

185.140.53.4:5151
goddywin.freedynamicdns.net

# Reference: https://twitter.com/wwp96/status/1236020295225536512
# Reference: https://app.any.run/tasks/77f4fcf4-962a-4552-a70d-6a73b79bb901/

chommyflozy.casacam.net
unitransports.duckdns.org

# Reference: https://twitter.com/58_158_177_102/status/1236812973156364289
# Reference: https://app.any.run/tasks/00c5eeea-f240-4a69-9e30-b68676cdd2d2/

185.244.30.14:7171
favournwa.ddns.net

# Reference: https://twitter.com/wwp96/status/1237468685415178242
# Reference: https://app.any.run/tasks/ae5b24b1-2e57-4986-ad20-ade9b057f9bf/

u864246.nsupdate.info
u864246.nerdpol.ovh
fs03n2.sendspace.com

# Reference: https://app.any.run/tasks/3b110d0e-15aa-4f3a-b592-fa1da1444a88/

185.208.211.64:2020

# Reference: https://securitytrails.com/domain/academy.3utilities.com/dns
# Reference: https://www.virustotal.com/gui/domain/academy.3utilities.com/relations
# Reference: https://www.virustotal.com/gui/ip-address/185.153.222.198/relations
# Reference: https://www.virustotal.com/gui/ip-address/143.225.142.37/relations
# Reference: https://www.virustotal.com/gui/file/411710d80a807b73891dcab235eb63c1b33541ead286794fc740563ca62c63ba/

185.153.222.198:2404
academy.3utilities.com

# Reference: https://www.virustotal.com/gui/file/d86075425ffb3c196e64ca71bcf7a0846df91444e53987638cf212dae52e5961/detection

79.134.225.112:2404
79.134.225.95:2404
41.190.31.245:2404

# Reference: https://www.virustotal.com/gui/file/da0f330f3e5992eb6c9dd0b38eaa332be093b04153c0fa1852b0b5309543c5a6/detection

79.134.225.74:8906

# Reference: https://www.virustotal.com/gui/file/44c13aa211c5571aec2cdb56f461d2f4309b4070a271dfaca037e8e56db87804/detection

104.37.1.38:7650
79.134.225.74:7650
Nanomoney.entrydns.org

# Reference: https://www.virustotal.com/gui/file/08dcfa6f7dcd4c907f01000ea4890dfaea8a386d9c3fee253127d1c6f6974810/detection

79.134.225.74:7890

# Reference: https://www.virustotal.com/gui/file/66137b5faf49de1ffa5990b57f6f4d8543ddb7b7a19d0e8bce53446dc1ee91d6/detection

79.134.225.87:5001

# Reference: https://www.virustotal.com/gui/file/1f524e469d0ee3bdb24feff5dead9b188f609c74beb90888cbde4c042a1075ca/detection

79.134.225.87:888
primspa1.duckdns.org

# Reference: https://www.virustotal.com/gui/file/8b3f39059e7f85c0312423abd50a311e6f1df8e04136bf8e4bedb9884229e11a/detection

79.134.225.87:999
ziccusu00.duckdns.org

# Reference: https://www.virustotal.com/gui/file/776eaa3b21ac18c01341a09b6db2dddd6049a70e3c5285de6474da7097049fc3/detection

185.165.153.158:3765

# Reference: https://www.virustotal.com/gui/file/e0f393f5a884cf5d65640260db9aa2b6d68a4be9e4ab8d0a27a911a0b3c876ce/detection

79.134.225.87:2404
lpisback.duckdns.org

# Reference: https://www.virustotal.com/gui/file/39046a68d3a0b89281dd3e8d5713f76ba6cd15497279586cbf016bf6bac5eedb/detection

79.134.225.87:40099

# Reference: https://www.virustotal.com/gui/file/00bf0217afa40f1d254bb60b4885151fc8e7b0d22bbcc64e7c6c88144296cb76/detection

79.134.225.87:5578
osloc1.duckdns.org

# Reference: https://www.virustotal.com/gui/file/ac96d8c75320162a4e4e32760ece2b5ad066899ee5204c99bc2b2b17012fe4a4/detection

79.134.225.87:1630
tmppaparazi.dynu.net

# Reference: https://www.virustotal.com/gui/file/6eefcc4df76863d15eb7dd46148a156465db96d2a7c3a44c77a17c1434d06a86/detection

flasback.duckdns.org

# Reference: https://www.virustotal.com/gui/file/a770498f38ef674902cfc8879eb0ae88d2201d7fb5b61e63541244e10c2de7c8/detection

79.134.225.113:2404

# Reference: https://www.virustotal.com/gui/file/79843b0bc5b7770bf06ab747a069a34ef8933045b3a64c021f67823a602e90cc/detection

79.134.225.113:5355
79.134.225.121:5355
richarddsimps.ddns.net

# Reference: https://www.virustotal.com/gui/file/a13a787fe0a742da7f9d147e80dcb122b9fe8eaf60a78ca506c9a21149f99373/detection

79.134.225.117:666

# Reference: https://www.virustotal.com/gui/file/64551b04da5c87e5ecaa8e315cdd186fac570fbf47ad3cf5eb3daf4b1138859d/detection

185.244.30.251:1122
shabi1144.ddns.net

# Reference: https://www.virustotal.com/gui/file/545212a4eb881f34fc2d3adb1f2bf62aa4e5ca37e7a1c7a8e4b5fabec0525386/detection

178.124.140.145:8652
pcent4real.ddns.net

# Reference: https://www.virustotal.com/gui/file/db2524104c83282dd3d42a07f0cfe4fad0ed9b7a3e664caefe4b2669b027e083/detection

178.124.140.145:5132

# Reference: https://www.virustotal.com/gui/file/10f04c28ff3663fb84394c007d8d170e0a3b78bfd9c5b5a39c79ca7254037559/detection

178.124.140.145:7272
5.135.67.231:2404
aboki.ignorelist.com

# Reference: https://www.virustotal.com/gui/file/ddc1be7028b2502d6d9fd951e420decfe6346df4d9c5c98cdbbda0ec317e1690/detection

178.124.140.145:5000

# Reference: https://www.virustotal.com/gui/file/c52767fc4b82c893fddbe94767d0c488469ad05332f0216cbb07b7be3aecd62c/detection

178.124.140.145:1994
experience1994.ddns.net

# Reference: https://www.virustotal.com/gui/file/719d66b11a535ce3fc2cde6cd2dbc8de9ba14701ff39ed372fd0bb17e734a6f5/detection

91.193.75.137:1969
papi231.duckdns.org

# Reference: https://twitter.com/MSteve25/status/1240341489101803521

185.244.30.12:8970
remkill.duckdns.org

# Reference: https://www.virustotal.com/gui/file/38cf49c1fb4e9090ffaca117d64bb985e1df8d0b88952c2322b3230c76b44538/detection

216.38.8.179:777
newvision.ddns.net

# Reference: https://www.virustotal.com/gui/file/8cb4eb249cb024561fd1949a44f98356b95e60ba14c17f4ae4962fc0234df011/detection

216.38.8.179:1379
airsack.ddns.net

# Reference: https://www.virustotal.com/gui/file/a2e020e6642854a20d9b7523c29bb5e1a7fb730ddafbeccd53f5595ce596d179/detection

185.165.153.228:6868
bukamm.warzonedns.com

# Reference: https://twitter.com/JayTHL/status/1241125967424360458
# Reference: https://www.virustotal.com/gui/file/9a555e49a8804460c067fff544fba3663c8cc0be92a1a0ad92bb6fe1b8f206c6/detection

185.244.30.125:2404
jbarn.sytes.net
kenthomas.giize.com
rex2015.freeddns.org
rex2016.freeddns.org
rex2016.hopto.org
rex2017.freeddns.org
rex2017.hopto.org

# Reference: https://www.virustotal.com/gui/file/3eb378421462244e5ec0a6d50eca01badfe1f88160e0a758a567c7930dfb8290/detection

brhsapir.hopto.org
protopacink.gleeze.com
rex.hopto.org
rex2013.freeddns.org
rex2014.ddnsfree.com

# Reference: https://www.virustotal.com/gui/file/a90d204e48d815b3c3376552f5fc5a01ebcf115d6022abb3f97b1b111b079c0d/detection

financeff.hopto.org
jkharding2013.ga
jkharding2014.ga
joyceedwards2013.casacam.net
tylerfreer.ooguy.com
wrtan21.hopto.org

# Reference: https://www.virustotal.com/gui/file/753883fa972dda966abb3adad3cfc94f0a82ca128d1908df58bac3ba93e60bd3/detection

37.47.79.124:132
nocpnv.ddns.net

# Reference: https://twitter.com/w3ndige/status/1242138938501926915
# Reference: https://app.any.run/tasks/aa3e9e89-05d5-474c-a3c8-706699312a72/

91.193.75.7:7171
onyeoma111.ddns.net

# Reference: https://www.virustotal.com/gui/file/9b31dab1a7fa6a0e3bc6f3fe2d856869d16c84f374b64e5ceca1bd73b18ab186/detection

185.19.85.158:7100

# Reference: https://www.virustotal.com/gui/file/02d100b77777705d86a940c8f3142fb4b125fdcb91a3be68797d40f19c6410eb/detection

178.124.140.144:7100

# Reference: https://www.virustotal.com/gui/file/f0dc6049711ee06b8f28bf1e9f596d9fbb3075d0aba1f3a0561127c97091fb9e/detection

178.124.140.148:7100

# Reference: https://twitter.com/baberpervez2/status/1242335218901663747

u864246.tk

# Reference: https://www.virustotal.com/gui/file/5560a23de5ed8b729830c1c515a9f5459e9e29cb6888d119638a4770b79754c1/detection

185.244.30.124:2404

# Reference: https://twitter.com/ScumBots/status/1242425273079017472
# Reference: https://www.virustotal.com/gui/file/abd4e6ee8152822c0545bd27a4f4c5114728873873e227044dfb48ecf1ecb37f/detection

149.248.160.226:7005

# Reference: https://twitter.com/James_inthe_box/status/1242507257574719488
# Reference: https://www.virustotal.com/gui/file/c7e7638b84b5f2803bfc41cc5833110f90fd32eaf8ba8f3c31288222a67f9574/detection

185.244.30.78:24048
185.244.30.78:34046
54.37.160.139:34049

# Reference: https://www.virustotal.com/gui/file/c23b6f93d8449166426d90a1cf9d468037f62e641bc50e7c1005da6f8be69608/detection

185.165.153.228:2019

# Reference: https://twitter.com/ScumBots/status/1244176813699616769

193.161.193.99:49483
193.161.193.99:50721
193.161.193.99:62254

# Reference: https://www.virustotal.com/gui/file/397f1ec81db07d97dc246c38a16ecf1eb5b7bbf900218a60197d2db446585e32/detection

41.103.10.32:5673

# Reference: https://app.any.run/tasks/e9a9e116-924d-4411-a454-9a841c51c39d/

185.244.30.123:5149
kirtasiye.myq-see.com

# Reference: https://twitter.com/James_inthe_box/status/1245714128695521280
# Reference:  https://app.any.run/tasks/cc60c746-1cf8-4adf-8055-4964111c1c9f/

23.105.131.161:7279

# Reference: https://app.any.run/tasks/d54e08fd-f22a-4beb-9ac1-633ebbe77584/

199.249.230.42:2492

# Reference: https://www.virustotal.com/gui/file/28e8568f488b4573da6b13cd3d8601e6a624098e45d773f37e4aa6f78a4d9fc4/detection

91.170.144.1:16800
themaster3314.ddns.net

# Reference: https://www.virustotal.com/gui/file/284b368d39d240ce2cda28e143d8d48205fc211379ace30e4abbb888402058d4/detection

79.134.225.122:5001

# Reference: https://www.virustotal.com/gui/file/ff66c3616bcc13713378f0b89c7f9a7d754ebdadd027b511a4599b1675b4841a/detection

79.134.225.114:5052
neshoitry.ddns.net

# Reference: https://www.virustotal.com/gui/file/b39a30e55d55c69ad75cd21cebb5be1749325cb10a05dbcc334964ef963f5d65/detection

79.134.225.114:2332
owensmith.linkpc.net

# Reference: https://app.any.run/tasks/0618ea81-3606-4992-be9d-d296c03d679c/

79.134.225.72:3800
vision2020success.ddns.net

# Reference: https://twitter.com/malwrhunterteam/status/1248696301275025409

162.218.115.147:7070

# Reference: https://blog.talosintelligence.com/2020/04/threat-roundup-0403-0410.html (# Win.Dropper.Remcos-7647550-0)

malu1234.duckdns.org
erunski22.ddns.net
barrywill.hopto.org
chacert.gq
alljobnew.duckdns.org
elintec.site

# Reference: https://www.virustotal.com/gui/file/c3832484e342390c0a3c406da30af7d2536ff2e615714a95ed143f5ecd73be89/detection
# Reference: https://twitter.com/malwrhunterteam/status/1036972726404177921?lang=ca

140.82.57.249:8003
svchost.club

# Reference: https://www.virustotal.com/gui/file/eed983f0eedd7a3f07f49177b8fe0e18d89fa885359e70b02433afd4fb099818/detection

kabiru.ru

# Reference: https://www.virustotal.com/gui/file/b71f954a6371076f9c87b1005208bf5e712806af1f5e037b5eeaa6aadac6d7fb/detection

binexeupload.ru
stubbackup.ru

# Reference: https://www.virustotal.com/gui/file/df560a99f2f4fbd221ddfe1b9f6a9e3bea247677cd4512f74538568160d95126/detection

5.253.114.116:2404
sponsored-ads.co

# Reference: https://www.virustotal.com/gui/file/8f79778cf67b649928a83b3367814f15a2c74119acc90b6ccc819dedc1b83a28/detection

5.253.114.116:2405

# Reference: https://www.virustotal.com/gui/file/f761911e8a45e794bf89a605b14aa7b97785541a186ad593d3ec71e5a1494724/detection

5.253.114.116:2406

# Reference: https://twitter.com/pancak3lullz/status/1250862951185121287
# Reference: https://www.virustotal.com/gui/file/28ac3a50d51131f60e087aace3c06a5a9181f19f1b5830ca5a906074bb7cb449/detection

79.134.225.37:1332
gaming.smartbuyjordan.xyz

# Reference: https://blog.talosintelligence.com/2020/04/threat-roundup-0410-0417.html (# Win.Dropper.Remcos-7662156-0)

brockmax2v2.hopto.org
ch31238.tmweb.ru
danishcent.duckdns.org
harri2gud.duckdns.org
hjkgfhsf.ru
menaxe.nsupdate.info
omorem.duckdns.org
onelove03.duckdns.org
sabbbb.ddns.net
securehub.top
snooper113.duckdns.org

# Reference: https://app.any.run/tasks/9cb9db8b-9cb1-4bb0-9f94-8d692ea983c3/

185.140.53.21:2404

# Reference: https://twitter.com/malwrhunterteam/status/1253767947325235200

185.244.30.22:8970
79.134.225.9:8686

# Reference: https://twitter.com/malwrhunterteam/status/1254097817162915843
# Reference: https://twitter.com/James_inthe_box/status/1254102265876508672

185.140.53.9:47580
lachattemouilleee387538783444.duckdns.org

# Reference: https://twitter.com/Racco42/status/1255448660646735875
# Reference: https://app.any.run/tasks/67f663a3-1513-4aa3-9769-3e3cd9bb7ce3/

top.gaminjo1.pw

# Reference: https://twitter.com/Racco42/status/1257561671268208647
# Reference: https://app.any.run/tasks/af0223e5-6920-4b03-9df1-d3e0cc4e9856/

154.16.93.185:672

# Reference: https://www.virustotal.com/gui/file/71ae4c1afb9db6641a4bc94c7d48b83d5b2d0af8507620588e971c9c609c88d7/detection

103.125.217.169:2310
105.112.100.65:2310

# Reference: https://app.any.run/tasks/4914378f-0c6c-4348-944e-f332f7cc88dc/

181.52.103.140:1011
remcquince.duckdns.org

# Reference: https://www.virustotal.com/gui/file/f69fcfb9de5546dc7b98f20d6d4f387f66e4583637f29a494cb664138d441a73/detection

79.134.225.73:7650

# Reference: https://twitter.com/JayTHL/status/1258880410416799746
# Reference: https://www.virustotal.com/gui/file/8ac973617b45c5d0ea2711e9ba025a2cd19a65a97cf82273845472c9ae74f2e9/detection

79.134.225.81:2266
coolta66.gq
coolta67.ga
coolta68.ga
coolta69.ga
coolta70.ga

# Reference: https://www.virustotal.com/gui/file/54c528daf8bbe5f232464f76e3f3ab482486b590009e5b4121896dfbca152ac7/detection

91.193.75.239:2266

# Reference: https://www.virustotal.com/gui/file/7ebf6d9d55089b045426dad354ba80120db475f16dc13dc9401e4ebbd10f647c/detection

79.134.225.105:2266

# Reference: https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html (# Win.Dropper.Remcos-7724400-0)

dolxxrem.hopto.org
goddywin.freedynamicdns.net
godspower19566.hopto.org
khalifa.dynamic-dns.net
mide1.ddns.net
millionaire232.ddns.net
myb22.camdvr.org
remcos.got-game.org
rex2017.hopto.org
rex2018.hopto.org
youngboss23.ddns.net

# Reference: https://www.virustotal.com/gui/file/4f704c20024f02d19c096f82158d891dce7bf7a1b261dcce3226fd6d43b7fc64/detection

104.248.133.59:2403

# Reference: https://www.virustotal.com/gui/file/4b13bb36220d46ab9fa89c4163c8ec571fe0c113af00773d0968fa51c4056bbd/detection
# Reference: https://www.virustotal.com/gui/file/8df9bddf123ffa3fa0f312d56bedde096310a02676e2b023530d8cd6856caa37/detection

185.140.53.18:7082
freenigga.ddns.net

# Reference: https://www.virustotal.com/gui/file/678cbb81b782c58df5e2790b34e9a9a8a4d3af1b0a17fd320bf27111e959bc6d/detection

185.140.53.43:2404
godwin12.warzonedns.com

# Reference: https://news.sophos.com/en-us/2020/05/14/raticate/

cashout2018.ddns.de

# Reference: https://twitter.com/JayTHL/status/1261339604239646723
# Reference: https://www.virustotal.com/gui/file/d76de8b8be89cd4dbe4f861cd4152eae2fafa783bace624cae1b231d8de8da3e/detection

194.5.99.146:1982
testbush.duckdns.org

# Reference: https://twitter.com/dynamicsoaring/status/1261048946438397953
# Reference: https://app.any.run/tasks/3f7e4a16-00dd-4168-9552-db30c5194c05/

185.140.53.69:2404
doc4.ddns.net
doc5.duckdns.org
donald30m.gleeze.com

# Reference: https://blog.talosintelligence.com/2020/05/threat-roundup-0508-0515.html (# Win.Dropper.Remcos-7771461-0)

experience2477.ddns.net
godsfavoured.ddns.net
jbcbeads.myddns.rocks
johnhoff2.hopto.org
lakeside007.awsmppl.com
myb50.myddns.me
nagod.ddns.net
rex2018.myddns.me
rex2020.myddns.me
u863495.awsmppl.com
xxxxza.dynamic-dns.net

# Reference: https://www.virustotal.com/gui/file/98f031407df4d599b9027f8e672436f1b61876048529a1304bc3118c82d42bd6/detection

185.244.30.247:4045
enmark81.duckdns.org

# Reference: https://www.virustotal.com/gui/file/e5171603aba08d750c97604eb510f3586245b86eaae0cb08461d734c72258e95/detection

185.165.153.238:9210
mtz11.duckdns.org

# Reference: https://twitter.com/Bl4ng3l/status/1264862595082788866

194.5.99.143:6666

# Reference: https://twitter.com/DynamicAnalysis/status/1265346721795715073

79.134.225.98:6996

# Reference: https://www.virustotal.com/gui/file/95e5e81e7413f7c7c5294525ec7e0ed2f1f022d0e2ce02717483d7e3ba438bf9/detection

193.218.118.190:42017
site.ptbagasps.co.id

# Reference: https://blog.talosintelligence.com/2020/06/threat-roundup-0529-0605.html (# Win.Malware.Remcos-7914589-1)

boot.awsmppl.com
coolcc1.xzy
coolget1.xzy
coolta1.xzy
coolta2.xzy
coolta71.com
dolxxrem.hopto.org
goddywin.freedynamicdns.net
latua.nsupdate.info
newdawn4me.ddns.net
thankyoulord.ddns.net

# Reference: https://www.virustotal.com/gui/file/91842f75fd9b77f4e8d171b6103d26ed7fde38232ef520ee2b066c2ba7381bef/detection

41.111.43.45:1337
sh.sytes.net

# Reference: https://www.virustotal.com/gui/file/0ffdd28e152681a8abca0a9c7f88ba1cd7b945c7ee2df82af6606adf4a426f0f/detection

197.207.171.72:1337

# Reference: https://www.virustotal.com/gui/file/2830a6a923b2d7ff9c4839672db11f64675732aa4d44343b9b7573ca4d6486a1/detection

45.74.35.38:1144

# Reference: https://www.virustotal.com/gui/file/d76483dd726209229a345e0d3856094275e62326ba800cff3b506ba6b7aaca5e/detection

197.207.191.156:1144

# Reference: https://twitter.com/ScumBots/status/1270113968649113604

134.249.160.9:7777

# Reference: https://twitter.com/JAMESWT_MHT/status/1270365125464203264
# Reference: https://app.any.run/tasks/5f6b1ed2-3f06-4a9c-b4f6-b8bc9c757a17/

193.104.197.27:4229
193.234.95.68:4229
newrem.duckdns.org
servr2.plzbanif3abused.xyz

# Reference: https://twitter.com/reecdeep/status/1270747853573537792

185.244.30.113:6996
eastsidebandit.myddns.rocks

# Reference: https://twitter.com/JAMESWT_MHT/status/1270981434703056899
# Reference: https://app.any.run/tasks/821468ce-9c90-48fb-afe5-7df3e1096df4/

194.5.99.132:42017

# Reference: https://twitter.com/MalwareConfig/status/1271561068167512065
# Reference: https://www.virustotal.com/gui/file/d810038d3a2198564a3fe1a23260f4adef32385f265f1d79f77ff1b282f09710/detection

144.217.255.52:10134
phazeonrunescape.ddns.net

# Reference: https://www.virustotal.com/gui/file/09a16ee256f6a7b289e4a65013e3cd9f2c271d14ab1bf44ed89b856aeb13f2c2/detection

36.70.188.129:9798
uqm.ddns.net

# Reference: https://www.virustotal.com/gui/file/48404246cff844b59a4734b2ac30a05b4fa1a6f8750a7eb6ef403db312b7ba42/detection

23.105.131.141:8811
nagod.ddns.net

# Reference: https://www.virustotal.com/gui/file/15d899d86ec22da49666a2e19883acf76c17f8c0fb4cc79f6860de2e687b7061/detection

216.38.7.231:8811

# Reference: https://www.virustotal.com/gui/file/4691e58de9940ece438bdf64bcfd43d3186a1a19c9fe43b5164e6a83d60f5f08/detection

185.244.30.82:2048
192.169.69.25:2048
easter87.duckdns.org
oluchi.ddns.net

# Reference: https://www.virustotal.com/gui/file/a8d761e48b662116fd637b656e6138e3cfb902af76ecdb31e73ddde18f0affa5/detection

216.38.8.168:8787

# Reference: https://www.virustotal.com/gui/file/0b4964c33138a53c916b451fdaec7372f9e238361a9bbcde428cdd941f1d7f11/detection

216.38.8.168:7070

# Reference: https://www.virustotal.com/gui/file/d1649b71e9c38f0dc10838f258998914a966fdb2caccd78f210cc34707420497/detection

23.105.131.154:7070

# Reference: https://www.virustotal.com/gui/file/efe9c3a82e0b98a6b144d86f06ec68e8f6b3d735117de23dacc598ad2ab1dc37/detection

23.105.131.154:5050

# Reference: https://www.virustotal.com/gui/file/e0d227ec8d25b5d6b05b931435fed286895edbfe9990a388c925e0b91911e9d3/detection

185.244.30.82:2048
igbo.hopto.org

# Reference: https://www.virustotal.com/gui/file/063cee4d23dc9351a9805b239fb6ddd531af5d7a4657919b5feeab757f877ec7/detection

185.244.30.17:1965
ifeanyiogbunebe.ddns.net

# Reference: https://www.virustotal.com/gui/file/eefb8c8f6588ed3c764a1384fae0da22874ba64bedac4ba1a7b92fa08878cb8d/detection

91.193.75.27:7070

# Reference: https://www.virustotal.com/gui/file/0cdfbe3c9db21651126b282d338539c625748118f6a1045c3d5c12d5e12f0d3c/detection

91.193.75.27:1990

# Reference: https://www.virustotal.com/gui/file/20c0e5b7620d51b026ce693ce54ccdf0dad76fcda9747913feeba3f8d34f25e8/detection

185.165.153.17:1120

# Reference: https://www.virustotal.com/gui/file/373a778ae1a96ec5470097f7dcda115ac9b48ff1e646f37837a2547c10af2cd3/detection

185.165.153.17:1010

# Reference: https://www.virustotal.com/gui/file/b097d38be9a17b46ba76b5eb4c22b3201af79492bef21a8a765128337a55f57b/detection

91.193.75.5:8678

# Reference: https://www.virustotal.com/gui/file/2003c5fea62a63caca412982a0a5d7288fe7b5a063eebc7c9b84ea7baab539b6/detection

3.126.37.18:10752

# Reference: https://www.virustotal.com/gui/file/14cd5671644e47f0336603c7abfd8868c066e52e2d1411f42b2987d35b00ce2e/detection

18.197.239.5:10752
3.127.138.57:10752

# Reference: https://www.virustotal.com/gui/file/63955e38216c81a4fcee2be6cbb14273bd57abab9e7b2042fbe2100e44aad91b/detection

185.140.53.11:8090
newbackomo.duckdns.org

# Reference: https://twitter.com/JAMESWT_MHT/status/1272889477430722562
# Reference: https://www.virustotal.com/gui/file/af167bda48f2c529f5c40634b0656e1a200806b7f04fa340c6f2cc649da6cde4/detection
# Reference: https://app.any.run/tasks/f7950d7e-918d-4044-b82e-aca79ba124d7/

http://91.235.143.133
185.244.30.113:6996
twistednerd.mywire.org

# Reference: https://twitter.com/reecdeep/status/1273201836858716166

flambouyantpapi.myq-see.com

# Reference: https://www.virustotal.com/gui/file/414d4369268bd3d1c22d2c295e2b5af0cf11c09a754a99be438c4a14f37f6896/detection

185.140.53.18:7082
baby212.ddns.net

# Reference: https://pastebin.com/eifTii1e
# Reference: https://app.any.run/tasks/cc1f12e5-66d8-4b74-b1e7-904a2c2b3dfa/

194.5.99.29:1400
protondata.myq-see.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1275720358658793474
# Reference: https://app.any.run/tasks/de05898e-058b-4955-a98b-fe7d2e1c5e31/

cobbtownholiness.com/king/search/frontend/host/town/index/crewe/Attack.jpg
