# Copyright (c) 2014-2023 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/MichalKoczwara/status/1551632627387473920
# Reference: https://github.com/blackorbird/APT_REPORT/blob/master/summary/2022/Russian%20Ransomware%20C2%20Network%20Discovered%20in%20Censys%20Data.pdf

3.133.59.113:8090
5.101.4.196:8443
5.101.5.196:8443
80.211.130.78:8443

# Reference: https://github.com/conexioninversa/MalwareIntel/blob/main/C2_Deimos.txt

103.231.172.147:8443
103.231.172.148:8443
165.227.45.251:8443
217.73.62.166:8443
34.28.124.78:8443
34.88.231.68:8443
45.143.201.95:8443
45.88.3.113:8443
5.101.4.196:8443
5.101.5.196:8443
83.220.173.29:8443
peterkinsadvil.ptr1.ru

# Reference: https://threatfox.abuse.ch/browse/malware/win.deimos/

103.44.253.115:10000
104.196.56.239:443
106.75.229.132:10000
112.29.177.100:10036
112.29.177.101:10036
112.29.177.103:10036
112.29.177.104:10036
112.29.177.105:10036
112.29.177.107:10036
112.29.177.108:10036
112.29.177.109:10036
112.29.177.10:10036
112.29.177.110:10036
112.29.177.111:10036
112.29.177.112:10036
112.29.177.114:10036
112.29.177.115:10036
112.29.177.116:10036
112.29.177.117:10036
112.29.177.118:10036
112.29.177.11:10036
112.29.177.120:10036
112.29.177.123:10036
112.29.177.13:10036
112.29.177.14:10036
112.29.177.15:10036
112.29.177.17:10036
112.29.177.199:10036
112.29.177.205:10036
112.29.177.207:10036
112.29.177.209:10036
112.29.177.210:10036
112.29.177.211:10036
112.29.177.212:10036
112.29.177.213:10036
112.29.177.215:10036
112.29.177.216:10036
112.29.177.217:10036
112.29.177.218:10036
112.29.177.219:10036
112.29.177.220:10036
112.29.177.221:10036
112.29.177.222:10036
112.29.177.223:10036
112.29.177.226:10036
112.29.177.227:10036
112.29.177.228:10036
112.29.177.229:10036
112.29.177.22:10036
112.29.177.230:10036
112.29.177.231:10036
112.29.177.232:10036
112.29.177.233:10036
112.29.177.234:10036
112.29.177.235:10036
112.29.177.236:10036
112.29.177.237:10036
112.29.177.238:10036
112.29.177.23:10036
112.29.177.241:10036
112.29.177.242:10036
112.29.177.243:10036
112.29.177.249:10036
112.29.177.250:10036
112.29.177.251:10036
112.29.177.252:10036
112.29.177.27:10036
112.29.177.29:10036
112.29.177.30:10036
112.29.177.31:10036
112.29.177.32:10036
112.29.177.37:10036
112.29.177.39:10036
112.29.177.3:10036
112.29.177.40:10036
112.29.177.41:10036
112.29.177.42:10036
112.29.177.46:10036
112.29.177.48:10036
112.29.177.49:10036
112.29.177.4:10036
112.29.177.50:10036
112.29.177.51:10036
112.29.177.52:10036
112.29.177.53:10036
112.29.177.56:10036
112.29.177.59:10036
112.29.177.5:10036
112.29.177.62:10036
112.29.177.66:10036
112.29.177.68:10036
112.29.177.69:10036
112.29.177.6:10036
112.29.177.70:10036
112.29.177.73:10036
112.29.177.74:10036
112.29.177.75:10036
112.29.177.76:10036
112.29.177.77:10036
112.29.177.78:10036
112.29.177.79:10036
112.29.177.7:10036
112.29.177.80:10036
112.29.177.81:10036
112.29.177.82:10036
112.29.177.83:10036
112.29.177.84:10036
112.29.177.85:10036
112.29.177.8:10036
112.29.177.90:10036
112.29.177.91:10036
112.29.177.92:10036
112.29.177.93:10036
112.29.177.94:10036
112.29.177.95:10036
112.29.177.96:10036
112.29.177.97:10036
112.29.177.98:10036
112.29.177.99:10036
112.29.177.9:10036
112.29.180.11:10036
112.29.180.15:10036
112.29.180.19:10036
112.29.180.25:10036
112.29.180.29:10036
112.29.180.35:10036
112.29.180.36:10036
112.29.180.37:10036
112.29.180.38:10036
112.29.180.42:10036
112.29.180.45:10036
112.29.180.46:10036
112.29.180.47:10036
112.29.180.48:10036
112.29.180.49:10036
112.29.180.53:10036
112.29.180.54:10036
112.29.180.55:10036
112.29.180.57:10036
112.29.180.60:10036
112.29.180.7:10036
112.29.180.8:10036
112.29.180.9:10036
113.108.52.214:30016
115.178.77.142:8800
115.178.77.142:9879
115.178.77.145:8800
118.128.205.8:2376
129.159.88.174:443
134.79.106.208:10250
134.79.106.212:10250
134.79.106.213:10250
134.79.129.112:10250
134.79.129.122:10250
134.79.129.123:10250
134.79.129.88:10250
14.29.118.239:19013
150.136.195.7:443
150.230.194.159:9444
152.70.165.103:443
153.127.6.127:8800
165.227.45.251:4443
165.227.45.251:4444
167.172.100.213:443
173.242.121.206:443
176.122.155.194:8888
18.162.155.202:443
18.162.193.120:443
185.142.98.14:9090
202.98.224.214:28090
213.155.247.7:8443
220.130.28.152:443
3.139.182.36:8443
3.140.170.199:8443
3.209.12.178:3060
34.147.114.77:8800
34.91.254.205:8800
36.95.131.171:9091
39.106.36.96:443
43.198.73.212:443
44.230.201.248:443
45.77.7.58:443
54.151.143.251:443
58.250.32.16:30016
59.46.210.116:30016
61.216.149.32:9444
64.254.19.142:443
64.254.28.121:443
64.254.28.122:443
79.137.203.70:443
8.218.26.114:443
88.99.17.3:9919
88.99.17.5:9919
81.70.24.179:10000
92.116.24.76:443

# Reference: https://twitter.com/drb_ra/status/1654014623421460482

3.209.12.178:3060

# Reference: https://twitter.com/drb_ra/status/1654014635584962561

8.218.26.114:443

# Reference: https://twitter.com/drb_ra/status/1654014646955786241

18.162.155.202:443

# Reference: https://twitter.com/drb_ra/status/1654014658234261505

18.162.193.120:443

# Reference: https://twitter.com/drb_ra/status/1654014669428781061

36.95.131.171:9091

# Reference: https://twitter.com/drb_ra/status/1654014681269321730

39.106.36.96:443

# Reference: https://twitter.com/drb_ra/status/1654014693072154628

43.198.73.212:443

# Reference: https://twitter.com/drb_ra/status/1654014704774160387

44.230.201.248:443

# Reference: https://twitter.com/drb_ra/status/1654014718577704960

54.151.143.251:443

# Reference: https://twitter.com/drb_ra/status/1654014749867122688

185.142.98.14:9090

# Reference: https://twitter.com/drb_ra/status/1654014760805888000

202.98.224.214:28090

# Reference: https://twitter.com/drb_ra/status/1654196028281704472

34.147.114.77:8800

# Reference: https://twitter.com/drb_ra/status/1654196063987814424

153.127.6.127:8800

# Reference: https://threatfox.abuse.ch/browse/malware/win.deimos/

109.192.42.61:8772
115.178.77.142:9877
115.178.77.142:9878
115.178.77.145:9877
115.178.77.145:9878
115.178.77.145:9879
120.196.99.51:30016
120.196.99.59:30016
120.196.99.65:30016
176.122.155.194:7777
196.188.31.81:443
202.105.134.43:30016
202.98.224.206:28090
202.98.224.210:28090
202.98.224.218:28090
202.98.224.222:28090
202.98.226.202:28090
202.98.226.206:28090
202.98.226.210:28090
202.98.226.214:28090
202.98.226.218:28090
204.13.154.239:9551
211.95.133.19:30249
213.246.183.28:443
34.81.252.215:10091
58.251.128.117:30016
65.153.151.175:10011
80.240.131.27:443
88.99.17.2:9919
88.99.17.6:9919

# Reference: https://threatfox.abuse.ch/browse/malware/win.deimos/ (# 2023-07-30)

120.196.99.89:30016
13.33.49.168:443
153.127.33.186:8800
222.204.197.12:9100
44.216.250.133:443
47.97.166.129:10443
