# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: xarcen

# Reference: http://bartblaze.blogspot.hr/2015/09/notes-on-linuxxorddos.html
# Reference: https://otx.alienvault.com/pulse/560559844637f21ecf297f9a/

dsaj2a.com
hcxiaoao.com
hostasa.org
dsaj2a1.org
wangzongfacai.com
dsaj2a.org

# Reference: http://blog.malwaremustdie.org/2015/06/mmd-0033-2015-linuxxorddos-infection_23.html

hostasa.org

# Reference: https://blog.checkpoint.com/wp-content/uploads/2015/10/sb-report-threat-intelligence-groundhog.pdf

gggatat456.com
xxxatat456.com
aaa.gggatat456.com
aaa.xxxatat456.com
www1.gggatat456.com
jq.cfdddos.com
gh.dsaj2a1.org
ndns.dsaj2a1.org
ndns.dsaj2a.org
ndns.hcxiaoao.com
ndns.dsaj2a.com
linux.bc5j.com
uc.f1122.org
navert0p.com
wangzongfacai.com
ns1.hostasa.org
ns2.hostasa.org
ns3.hostasa.org
ns4.hostasa.org
zhegege.3322.org

# Reference: https://www.welivesecurity.com/2018/10/18/new-linux-chachaddos-malware-distributed-servers-vestacp-installed/

193.201.224.238:8852
7mfsdfasdmkgmrk.com
8masaxsssaqrk.com
9fdmasaxsssaqrk.com
efbthmoiuykmkjkjgt.com
zxcvbmnnfjjfwq.com
/RTEGFN01

# Reference: https://www.virustotal.com/gui/file/e99b77c5a469018e9543bff5bf3b1798ae62146b5763979659d951451d7ef77f/detection

222.186.128.172:5535
syn4.f3322.org

# Reference: https://www.lacework.com/groundhog-botnet-rapidly-infecting-cloud/
# Reference: https://otx.alienvault.com/pulse/6011e0e8fe4caceec3d71f63/

112.213.127.156:9393
222.186.128.172:5523
2017fly.com
2018fly.com
2019fly.com
3000uc.com
8uc.linux1.cc
911ddos.com
aa.finance1num.org
aa.hostasa.org
aaa.dsaj2a.org
aaa.gggatat456.com
aaa.xxxatat456.com
assword.xyz
baidu.gddos.com
bc5j.com
benniao.date
benniaogg.benniao.date
caiyundaifu.top
cdn.cloud2cdn.com
cdn.finance1num.com
cdn.netflix2cdn.com
cdn.search2c.com
cloud2cdn.com
ddd.dddgata789.com
dddgata789.com
dnstells.com
dsaj2a.com
dsaj2a.org
dsaj2a1.org
finance1num.com
finance1num.org
fly1989.com
gddos.com
gggatat456.com
gh.dsaj2a1.org
gzcfr5axf6.com
gzcfr5axf7.com
hcxiaoao.com
hostasa.org
info.3000uc.com
k1.2018fly.com
kill.2019fly.com
linux.bc5j.com
linux1.cc
lpjulidny7.com
lzjxn.me
myserv012.com
ndns.dsaj2a.com
ndns.dsaj2a.org
ndns.dsaj2a1.org
ndns.hcxiaoao.com
netflix2cdn.com
ns1.hostasa.org
ns2.hostasa.org
ns3.hostasa.org
ns4.hostasa.org
p.assword.xyz
p10.2017fly.com
p10.2018fly.com
p10.sb1024.net
p12.2017fly.com
p12.2018fly.com
p12.sb1024.net
p2.2019fly.com
p2.fly1989.com
p2.sb1024.net
p4.2019fly.com
p4.fly1989.com
p4.sb1024.net
p5.2017fly.com
p5.2018fly.com
p5.dddgata789.com
p5.lpjulidny7.com
p5.sb1024.net
p6.2017fly.com
p6.2018fly.com
p6.2019fly.com
p6.fly1989.com
p6.sb1024.net
pcdown.gddos.com
pincco.cn
ppp.gggatat456.com
ppp.xxxatat456.com
qq360bidu.me
rouji.pincco.cn
sb1024.net
search2c.com
shaoqian.f3322.org
soft8.gddos.com
suc80.linux1.cc
suc80.twjiasu.com
syn4.f3322.org
twjiasu.com
uc.twjiasu.com
w.qq360bidu.me
wnegerf.com
ww.dnstells.com
ww.gzcfr5axf6.com
ww.gzcfr5axf7.com
ww.myserv012.com
ww.search2c.com
xo.lzjxn.me
xxxatat456.com

# Reference: https://twitter.com/honeymoon_ioc/status/1480003904616210436
# Reference: https://www.virustotal.com/gui/ip-address/23.228.113.246/relations

enoan2107.com
gzcfr5axf6.com
imagetw0.com
myserv012.com
s9xk32c.com

# Reference: https://www.virustotal.com/gui/file/474893179caa590fbbf3da828ebed1715a7591f9b7c259b52d641c436fd29a4a/detection

linux.jum2.com

# Reference: https://www.virustotal.com/gui/file/125abfa4bc8fcacb07016ad093c4e992d42e5c6960acaa7e4faef7eca18f5a8f/detection
# Reference: https://www.virustotal.com/gui/file/80f35b3e6694e8b4ffb297b52cb9001cd53afdd1edbd2df5c2adb94074b04871/detection

118.24.26.156:999
re67das.com
aaaaaaaaaa.re67das.com

# Reference: https://www.virustotal.com/gui/file/0001735cf6c4957497af12437ae6f9762a7152b608041547efb74e1d9160d5b1/detection

103.223.120.131:8809

# Reference: https://www.virustotal.com/gui/file/b7596ec8533098af77fd3b2915f102ed3286c437140cc49ba60fbad80b466cbe/detection

googtg.com
a.googtg.com

# Reference: https://www.virustotal.com/gui/file/00013dbdf0e7e5654f31942bfaed21b5c1436c6518b23107a5b87c240805c582/detection
# Reference: https://www.virustotal.com/gui/file/0001735cf6c4957497af12437ae6f9762a7152b608041547efb74e1d9160d5b1/detection

a-dns-google.com
dns-google.org

# Reference: https://www.virustotal.com/gui/file/004a00c222adcabc72bbb4650219273adbfa8bb61f960a31ef5a8aa3e951051f/detection

103.213.247.92:3307

# Reference: https://www.virustotal.com/gui/file/0000c4d3da732d5d47827d4e85557e8f701bd881d6855a6b8e84f9c0da52583b/detection

34.98.99.30:60000

# Reference: https://tria.ge/220602-vewz3aghc6/behavioral1

221.58.22.55:5993
topbannersun.com
wowapplecar.com

# Reference: https://elfdigest.com/brief/848e332e6cdb89a577c665bb79ff87c369379cfdc3b7f3db86590cca9401128a

b12.dddgata789.com
b12.xxxatat456.com

# Reference: https://elfdigest.com/brief/b84cf164fde12dd07192aa44f1b943044610539fd979e0f9359d44062f21a612

54.36.15.96:6003

# Reference: https://elfdigest.com/brief/5a7d7f1d53f039e7b69cf8d040cc043d1264b14107a8a73034e6b90d8e81f87a

54.36.145.104:1523

# Reference: https://www.virustotal.com/gui/file/ea40ecec0b30982fbb1662e67f97f0e9d6f43d2d587f2f588525fae683abea73/detection

http://203.205.254.157

# Reference: https://www.virustotal.com/gui/file/002edfb7593a624139251b08eb986b7a84559dde12b95d1172800b49f27a7c54/detection

54.36.145.106:1523
54.36.15.98:1523
54.36.15.99:1523

# Reference: https://www.virustotal.com/gui/file/0004812beeb3e07a834488a8683b10a9f53ba28f7fdf4565ffd83d839d3a1b3d/detection

23.248.237.29:8000
47.91.170.222:8000
s9xk32a.com
s9xk32b.com
ww.s9xk32a.com
ww.s9xk32b.com
ww.s9xk32c.com

# Reference: https://unit42.paloaltonetworks.com/new-linux-xorddos-trojan-campaign-delivers-malware/
# Reference: https://otx.alienvault.com/pulse/652d705e2bb9be9c8d9bdc7c

0o557.com
2w5.mc150.cn
604418589.xyz
8uc.gwd58.com
98syn.com
a381422.f3322.net
aldz.xyz
b12.gggatat456.com
bb.wordpressau.com
bbb.wordpressau.com
d14.dddgata789.com
g14.gggatat456.com
nishabud.com
p0.lpjulidny7.com
p2.lpjulidny7.com
p3.lpjulidny7.com
p4.lpjulidny7.com
ssh.upx.wang
syn.aldz.xyz
wordpressau.com
x14.xxxatat456.com
xran.xyz
zryl.online
