# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: bizzana, remote manipulator system, rms, remote utilities

# Note: https://www.welivesecurity.com/2019/08/14/balkans-businesses-double-barreled-weapon/

# Reference: https://twitter.com/James_inthe_box/status/1118968911590907904
# Reference: https://twitter.com/James_inthe_box/status/1121513004627927040

159.69.48.50:5655

# Reference: https://twitter.com/dave_daves/status/1130471755783573504
# Reference: https://app.any.run/tasks/f363c1d5-45ed-4b08-ab3c-54f1f5ac1636/

kentona.su
66.111.2.131:9030

# Reference: https://twitter.com/Bank_Security/status/1148471450422140929
# Reference: https://pastebin.com/0XNMhLP2
# Reference: https://blog.yoroi.company/research/ta505-is-expanding-its-operations/

217.12.201.159:5655

# Reference: https://www.proofpoint.com/us/threat-insight/post/ta505-targets-us-retail-industry-personalized-attachments

89.144.25.32:5655

# Reference: https://twitter.com/raby_mr/status/1184430613165572097
# Reference: https://app.any.run/tasks/90aaff29-18fe-4ad1-b385-a4e0d7f19564/
# Reference: https://twitter.com/nao_sec/status/1240581594999472128
# Reference: https://app.any.run/tasks/1cc1c195-5f71-4279-a8eb-336a10d2c354/
# Reference: https://twitter.com/smica83/status/1052107791673020416

109.234.156.180:5655
109.234.156.180:5656
rms-server.tektonit.ru
rmansys.ru

# Reference: https://twitter.com/JAMESWT_MHT/status/1185131622263377923
# Reference: https://app.any.run/tasks/b79dcfcd-5b9b-404f-aaf6-a9ea55109284/

79.134.225.73:3175
britianica.uk.com

# Reference: https://www.virustotal.com/gui/file/81315a77d8494695ba4453cd8f15278f214ad26373c69ef925b4711c4dda0bf6/detection

94.73.36.254:3175
biofaction.no-ip.biz

# Reference: https://www.virustotal.com/gui/file/0b96700873fba0b74c534ffcaee852b976f92de18b7ccd723dd464b56110ea06/detection

94.73.32.235:3175
enterbotvn.no-ip.info

# Reference: https://www.virustotal.com/gui/file/87a8d33209840bd40e858624cbd2952416118962b2c923b277a7796a3e4e9b02/detection

dr9.no-ip.info

# Reference: https://app.any.run/tasks/c6797f0b-722f-4f85-be9c-6957415b1c1d/
# Reference: https://www.virustotal.com/gui/file/cfcd9808e91122903281706de3d96d8249e282555d87a02c177cb705ac06fd2d/behavior/VirusTotal%20Jujubox

id.remoteutilities.com
server.remoteutilities.com
108.163.130.184:5655

# Reference: https://www.virustotal.com/gui/file/dda1fc31d4d4d37d544a3ff537863a909706b861dcaebb33c084d29f4ead488e/detection

185.121.166.28:9030
poulty55.chickenkiller.com

# Reference: https://www.virustotal.com/gui/file/78f90e9e2fa31727e50bf9c8358556f768cf8a8f847888ff8af8b920d4ddf33c/detection

194.5.98.50:9030

# Reference: https://www.virustotal.com/gui/file/e7183b9653a49d85ba53b786d844c609ee3328c973d463041f07a889a143aad0/detection

194.5.98.83:9030

# Reference: https://www.virustotal.com/gui/file/5adef384ca8b56ae3524fdde2c69c0ab25801f1fde94375696a646cef4fba2c5/detection

194.5.98.139:9030

# Reference: https://www.virustotal.com/gui/file/160a4f5e4fee2d948a2da1708418c398505fdcb2bf3804a323db2452599a4fcf/detection

184.75.209.165:9030

# Reference: https://www.virustotal.com/gui/file/4ea812dfa9ec344fecf52d0a47c6db58ef22f5fa1fa720cae96ace032438843d/detection

95.167.151.233:9030
sickly.jumpingcrab.com

# Reference: https://twitter.com/blackorbird/status/1222878160187838465 (# Wuhan)
# Reference: https://www.virustotal.com/gui/file/e6f0274fe4f0ebc7323ce86d6aceb991ae0242c8d514a1e241cbdfe88921e50d/relations

202.58.105.80:5073
9.wqkwc.cn

# Reference: https://app.any.run/tasks/54196a1e-3729-4d07-8518-c1f73a6b17ff/

wsus.eu
id.remoteutilities.com
108.163.130.184:5655
66.240.205.51:5655
23.235.252.66:5655

# Generic trails

/utils/inet_id_notify.php
