# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor:Win32/Farfli.I

w.qq-uc.cn
baoge.9966.org
mmd178.cn
oiuyt.net

# Reference: https://www.virustotal.com/gui/file/4a9c646136c527e9669fcada5319678c77bd98218f77d8cce79c04ff475d3194/behavior/Tencent%20HABO

cccd02.codns.com

# Reference: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor:Win32/Farfli.AV&threatId=-2147286376

hackxiaoben.3322.org

# Reference: https://www.virustotal.com/gui/file/5418c6786bc04eb939a9febc8cfa0411f463fbf2a957189b2dc46ba3d5885652/behavior/VirusTotal%20Cuckoofork

4263604.meibu.net

# Reference: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor:Win32/Farfli.DA&threatId=-2147261103

binbinkam.cn

# Reference: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanDownloader:Win32/Farfli.K!bit&threatId=-2147249070

cdn_server_word9500.xxus.us

# Reference: https://www.virustotal.com/gui/file/24ecf8d68c313a9cff7c801eb8108b61f9bd5a6bfcb17434f71ab74d3d6b444a/behavior/VirusTotal%20Cuckoofork

a2.qwsazx.com

# Reference: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanDownloader:Win32/Farfli.C&threatId=-2147258877

b1a23.meibu.net

# Reference: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanDownloader:Win32/Farfli.E&threatId=-2147258594

m1.yea.im

# Reference: https://twitter.com/K_N1kolenko/status/1281163539223363584
# Reference: https://www.virustotal.com/gui/file/ec65dff6c8c64535d441d9d3c1a2a7c6c2a0a42ca304041bde9cdd8f7d5b1628/detection

qch1jjlb7.bkt.clouddn.com

# Reference: https://www.virustotal.com/gui/file/b9c5b00ecbfe17abc48ee5df3f4a4725f90218c5ef596d16ffd7a1e59864fa98/detection

linenews.mypicture.info

# Reference: https://www.virustotal.com/gui/file/893859a6cee37a556d2368c1ca39b7c9e100983a0822c14b59f59224c5e41639/detection

nutqauytva[0-9]{1,3}azxd\.com

# Reference: https://twitter.com/Jirehlov/status/1385068574889234439
# Reference: https://www.virustotal.com/gui/ip-address/43.128.26.244/relations
# Reference: https://www.virustotal.com/gui/file/7b1bd6931e3e0d9592205a4945661f053d7f696dbf57ced2d6467e4775135290/detection
# Reference: https://www.virustotal.com/gui/file/bea0dfb403684642d6612a653bf18dbbff35574ff7166b6ea5e433258df3a7b2/detection
# Reference: https://www.virustotal.com/gui/file/52589fbf2352bb762bd1b2a18bf20d60ceaeb0b829034edf77ea4e73d4711e8a/detection

http://43.128.26.244
43.128.26.244:99
/2021/0???????????.db
/2021/03usdt????????.db
/2021/04??????.db
/2021/042021????.db
/2021/062021Excel.db
/2021/20218036/kb.jpg
/2021/20218036/TY.png

# Reference: https://www.virustotal.com/gui/file/3ee01bd64bb58a4d892fa0994fec5c32faa089346e0bc3d4fe00a08b6890be18/detection

rat.microsoftups.com

# Reference: https://www.virustotal.com/gui/file/bae1270981c0a2d595677a7a1fefe8087b07ffea061571d97b5cd4c0e3edb6e0/detection

193.164.223.77:7456

# Reference: https://www.virustotal.com/gui/file/385c92e3d2b1dc253eac89889157258df64586cad653dccfd3f3d6b240b9efba/detection

144.48.243.79:1002
202.8.123.81:6547

# Reference: https://www.virustotal.com/gui/file/9a5cae26a14962475b1d9e3011aa16cf7fbd421f2f3f9caa4299c98e3cf018f7/detection

193.164.222.131:4567

# Reference: https://www.virustotal.com/gui/file/e3c418133e17bd7ddd99ef252fb220852a0ab1d827e28c57fcb2645d89899c43/detection

107.151.94.66:4397

# Reference: https://www.virustotal.com/gui/file/2122180333641dee3a0ef7b9966ef035dc010e9857867c247517fe4ec8f566cc/detection

107.151.64.99:4398

# Reference: https://www.virustotal.com/gui/file/00f89613a5add3497b0da5c69bf7e39d88f312f2251f1f7cd3eb678584795931/detection

58.56.66.45:1111
kk321.f3322.net

# Reference: https://www.virustotal.com/gui/file/d7a35dac1206d1b11cc5d7f27cd5c41831a71b9384de993bd22997686782d8c9/detection

updatedns.serveuser.com

# Reference: https://www.virustotal.com/gui/file/669c73d43ee10805a49260331dc5c2f278a84191b96c32ffe0ffc46365722b70/detection

27.124.3.138:5002

# Reference: https://www.virustotal.com/gui/file/1665b6af7f0f2be925ffccde88aa85d442c22dd95617ef79195cfb3ceca73b97/detection

113.90.168.19:8000

# Reference: https://www.virustotal.com/gui/file/9c8275d340bd29999a4d8f21e846225fdbb3fd67e82df6da810ec6913786cdc1/detection

180.215.203.34:36060

# Reference: https://www.virustotal.com/gui/file/880ee211e61938ce2b52c191b52a670be2cd83385fe573ef1ab5ac3fcb6d3eea/detection

180.215.203.34:24690
180.215.203.34:443

# Reference: https://www.virustotal.com/gui/file/7dbb6b9b81c564c8843000cfa156512057f783abb7b1b036362b36a3a23c1ef8/detection

43.139.138.38:2002

# Reference: https://www.virustotal.com/gui/file/f810b7e70b092c28f444de6782676e2d6c2d754340359be3278ce8957d2a3486/detection

124.220.35.63:7777

# Reference: https://www.virustotal.com/gui/file/a261d2dd247ae794de54eeb729b5336d945e7d5406d96cc8b41d6546e912705b/detection

124.220.35.63:8000

# Reference: https://www.virustotal.com/gui/file/9a2112fa4bb5f16b6e7a61b50fe0abb25aade5d0b50930699db1f195891d50bd/detection

124.220.35.63:4088

# Reference: https://www.virustotal.com/gui/file/83534b5f34717ef561cb855f2611710bad259e0ca42cae2252d00d986b73d7be/detection

154.91.230.44:8225

# Reference: https://www.virustotal.com/gui/file/614c1ce944cd52468289e806685ab58ce6bccb33b87d991bf376eb144dd03c1e/detection

104.233.151.40:8225

# Reference: https://www.virustotal.com/gui/file/e759df6f0df75856657945fc8bfcc0abc3def918e847956ad7c361fc72d0e19c/detection

40.83.115.43:8001
81.69.6.161:992
bot.nodefunction.vip

# Reference: https://app.any.run/tasks/51ac8482-d809-4a2b-a601-89be388f3f13/

27.124.43.55:8000

# Reference: https://twitter.com/obfusor/status/1685588560760709120
# Reference: https://www.virustotal.com/gui/file/1e3c8d40ac25f58439cd1eeb3e69066bfb7f7554d79b125b4c2213152496eeb8/detection
# Reference: https://www.virustotal.com/gui/file/363f2bc3f3f5da3147689f5d66f7fcad1199e1c654326e40767df6fd9fbd6233/detection
# Reference: https://www.virustotal.com/gui/file/da387187f3ae143bc874f27acb5bb04a5e208ca0f4d0200917eee0c6ccd33781/detection
# Reference: https://www.virustotal.com/gui/file/5f4c86793dc182bbdbca017a15a26213cf07bcc7d5a3038db3b728fcd421c581/detection
# Reference: https://www.virustotal.com/gui/file/d4cfd0cf4f253c6cb6d6b1aa8475d6a2a58de7b87e51cbb5affd9e65eb47224b/detection

103.229.126.5:7700
122.10.24.216:7700
154.38.114.192:7700
164.155.255.38:7700
43.129.71.79:7700
8.218.190.138:7700

# Reference: https://www.virustotal.com/gui/file/4027995b0a77793ccb5b415d66ba3b6ea1dfdbdc70249ab2f7f66a35f97a80d3/detection
# Reference: https://www.virustotal.com/gui/file/43ecc26f16080ee7c67b9ed6fd75b45b3aae99862733a0824b03d8e53904778c/detection

106.55.160.12:2012
192.252.182.100:2012
216.83.40.189:2012
8.134.97.32:2012

# Reference: https://twitter.com/ThreatBookLabs/status/1691451361014272000
# Reference: https://www.virustotal.com/gui/file/27ae3c21f27cf73b34ef7f2fecf9ed1bf319a7acb155d9b36341ac821ec35216/detection

59.42.71.178:876
wanyaqing.3322.org

# Reference: https://blog.cyble.com/2023/06/16/new-malware-campaign-targets-letsvpn-users/
# Reference: https://otx.alienvault.com/pulse/64906a888558bdb91b9f4495

latavpn.world
lestvpn.com
letevpn.world
letsvpn.club
letsvpn.cyou
letsvpnaa.com

# Reference: https://www.virustotal.com/gui/file/0b4eb7fdae7e90c0bd0dbfc7552865ba6d7dcd03e77efd91b5e246c71f9f2f7c/detection
# Reference: https://www.virustotal.com/gui/file/7ec0d3e3dc4222f34c482926ce1f971b51929e95b9d097140bc1f4b1c84dafd9/detection

182.42.105.12:2022
182.42.105.12:9000
lqwljs.cn
lqwljs.top

# Reference: https://www.virustotal.com/gui/file/075f5138060a476a449b2134c53abfa13ddd233d2151fa6576c5c7c6c5badcf2/detection

222.186.160.169:40869
sjlwql.cn

# Reference: https://www.virustotal.com/gui/file/0383b4607310f8e98a2d2ee93cbea1a9e5d66dfaf8755e6b3e1e4398ae42ca71/detection

43.248.191.125:7999
sjlwql.top

# Reference: https://www.virustotal.com/gui/file/b6bc28566acdd68792cf2393993f01e992e23be2ba275d74bf697300cb1b250e/detection

103.142.146.92:8000
103.143.29.28:3325

# Reference: https://www.virustotal.com/gui/file/490e63ba4abec4b9935c8edf0df01e34c9f9d00e326f084bc52b3ca9853a5623/detection

222.211.72.102:8018
hackerinvasion.f3322.net

# Reference: https://www.virustotal.com/gui/file/4cf0f2fd200e4c941e940044c23784061390936caf5b15d666766e0ae6086d92/detection

222.211.72.102:8068

# Reference: https://twitter.com/naumovax/status/1706663843571904622
# Reference: https://tria.ge/230925-dhhheadb52/behavioral2
# Reference: https://tria.ge/230925-dhd5zsdb49/behavioral2

222.211.72.102:7029
222.211.72.102:7088

# Reference: https://www.virustotal.com/gui/file/3084e166be386ff331ebb3321d9fc55239b909264b5b7f0ddeb1cf3690ad8656/detection

20.187.77.247:53762
one188.one
gd.one188.one

# Reference: https://www.virustotal.com/gui/file/06ca956b3574a6514803b2682f8dd6cda6e81111ae6e7ebc8d71de68964dbe03/detection

141.255.146.160:7077

# Reference: https://www.virustotal.com/gui/file/44773329fdd390d4321f01dd301736de74606062a8e6b8ce79f302a316d9e598/detection

42.51.37.132:8000

# Reference: https://www.virustotal.com/gui/file/6e6c6c7dd4b27ec3ba17135aa99d5166405a3e0512c9ca092c4b14718fa39045/detection

43.248.117.189:37558
s4.v100.vip

# Reference: https://www.malwarebytes.com/blog/threat-intelligence/2024/01/malicious-ads-for-restricted-messaging-applications-target-chinese-users
# Reference: https://www.virustotal.com/gui/file/a366710645856803e6d4cd0babd1b11d6eaef7ce0bca7254d499164d4b26abfb/detection
# Reference: https://www.virustotal.com/gui/file/acf6c75533ef9ed95f76bf10a48d56c75ce5bbb4d4d9262be9631c51f949c084/detection
# Reference: https://www.virustotal.com/gui/file/e3edfb7d2c5b95a0eba0070f0f735a78ea3dffc73a7d5f97bf9b886931bcf047/detection
# Reference: https://www.virustotal.com/gui/file/fb7b9f25adc2a0f6fb6a80666072783e34cb2fa2cb7412b14f4ff12ab36961a3/detection

216.83.56.247:36061
45.195.148.73:15628
47.75.116.234:19858
5443654.site
5443654.world
telagsmn.com
teleglarm.com
teleglren.com

# Reference: https://www.virustotal.com/gui/file/287a4430ea2c76838bf97bae597209017f62a7bbacdfd472508afcea2f184524/detection

91.204.226.63:8000

# Reference: https://x.com/K_N1kolenko/status/1796542852681596972
# Reference: https://www.virustotal.com/gui/file/4403fcd4791990c2a228398f6282c5cc419f23970f67ede03d7004e07c953076/detection

110.6.28.25:88
123.129.229.68:5656
154.222.224.99:7000
4.233.222.144:8848
0qsf.com
dnf60.online
a.0qsf.com
dnf.dnf60.online

# Reference: https://x.com/DonPasci/status/1792981948631007391
# Reference: https://www.virustotal.com/gui/ip-address/103.192.209.60/relations
# Reference: https://www.virustotal.com/gui/file/0150b8a808a9ba4dc2e5093839a75ceba632e3668fe3f2977e604257f02757fc/detection
# Reference: https://www.virustotal.com/gui/file/2bdd6c549e4314db5c888ef891cf869d018af003a614bb9f43d26e23a758bfe3/detection
# Reference: https://www.virustotal.com/gui/file/65594cd00b59b33c7d31f57048e329a24b3e1c2c29b2fda682ea01e157d447d3/detection
# Reference: https://www.virustotal.com/gui/file/857ebb67b4be23b01e2feacaee45d0650b39c3f6306416ac19b319d14cd68e69/detection
# Reference: https://www.virustotal.com/gui/file/db969801fdf2511b44c442e0b7a762f35a2dab99abfe089672535362654d8198/detection

http://103.84.110.94
103.192.209.60:7474
103.192.209.60:7575
103.192.209.60:7778
154.39.251.77:13799
996cq.com
aadij.top
aaojg.top
aclhl.top
acole.top
adbck.top
ahdpb.top
aheoe.top
ajhei.top
banol.top
beapn.top
bfjdn.top
blhlc.top
bmhhk.top
bobmg.top
bohon.top
cacnj.top
caehc.top
caied.top
cbnco.top
cfbkb.top
cjpka.top
ckkib.top
cniac.top
cofim.top
dbacn.top
dboka.top
ddchg.top
dghbb.top
dgknd.top
dhiin.top
dhjcp.top
digjf.top
djhna.top
dljol.top
ebnih.top
edgip.top
edmap.top
eeilh.top
efogb.top
ehoca.top
ekgie.top
emhob.top
emomg.top
enhjb.top
facbc.top
fbfnc.top
fjojf.top
flaio.top
fmjfc.top
fpiff.top
gchfp.top
gcnij.top
gdaog.top
geohh.top
gkeco.top
gpnjf.top
hcfpo.top
hdmnh.top
hejhp.top
hfidd.top
hhjdn.top
hiccf.top
hknki.top
hlifk.top
hlilm.top
hlmlh.top
hmamb.top
hmoan.top
hpfpn.top
ienjd.top
ihomi.top
iicmk.top
ikgbl.top
iomca.top
ipebj.top
jaaja.top
jbbpe.top
jbffm.top
jdllm.top
jfbnb.top
jffop.top
jiigm.top
jjmjj.top
jkfkh.top
jmimn.top
jnael.top
kelka.top
kgtejsaf.com
khhbo.top
kidbe.top
kjaga.top
knhgk.top
kpgia.top
lajca.top
lbnfl.top
ldbom.top
lffkl.top
liapp.top
ligkl.top
lmfga.top
lnbgj.top
lnlgh.top
loicg.top
macfh.top
mdkol.top
meion.top
mpifi.top
najom.top
nakbm.top
nbjme.top
ncnih.top
nfjge.top
ngfca.top
nhmln.top
ninid.top
nkkan.top
nlinn.top
nnepl.top
nocda.top
oagij.top
oaibo.top
obafe.top
odjkl.top
ogagp.top
ohnag.top
ohppf.top
oikpk.top
oipoi.top
ojlob.top
okcdg.top
okmib.top
olekf.top
oljee.top
ommpg.top
omopp.top
onhid.top
onldm.top
oople.top
oplda.top
paegj.top
pcjmk.top
pejof.top
pgoac.top
pijon.top
pkdhe.top
pldnc.top
plgbd.top
pmeca.top
pojlg.top
ppifh.top
bba.odjkl.top
cdc.ogagp.top
lip.cjpka.top
lip.jkfkh.top
ning.meion.top
ning.oople.top
sss.cjpka.top
sss.onldm.top
tieb.kjaga.top
xxhh.acole.top
xxhh.gcnij.top
xxhh.hiccf.top
xxhh.liapp.top
xxhh.pejof.top
zscm.996cq.com
zzz.emomg.top
zzz.hiccf.top
zzz.liapp.top
zzz.pejof.top
https.bba.odjkl.top
https.lip.cjpka.top

# Reference: https://www.virustotal.com/gui/file/07edde3f52e5adfc2f689ebe8ff5701ada4be0daac06a98bc865aa369aa98e14/detection

110.8.29.195:2014
q7481.codns.com

# Reference: https://www.virustotal.com/gui/file/1793cdd631cd51f5e6551e1db4032b50df4c7708a67ea3a0f01e70f02d6ddbcd/detection

34.124.242.160:8898
34.126.127.177:7333
34.87.157.1:7333

# Generic

/newfiz7/tasks.php
