# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-319a
# Reference: https://www.fortinet.com/content/dam/fortinet/assets/threat-reports/rhysida-ransomware-intrusion.pdf
# Reference: https://otx.alienvault.com/pulse/655537ff05840a2a8d7b3d3d
# Referecne: https://www.virustotal.com/gui/file/e79960b3fbeab8656f2edaa2bedda6e58f774542a14d79246eec1a51e203d5ec/detection

http://5.255.127.20
5.255.113.37:4001
5.255.127.20:443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv

http://109.176.207.22
http://139.64.133.194
http://159.100.6.103
http://173.46.80.206
http://185.216.144.51
http://216.74.123.41
http://5.161.252.127
http://51.68.216.13
http://51.89.137.8
http://65.108.49.36
http://78.47.60.67
http://85.239.53.94
109.176.207.22:443
139.64.133.194:443
159.100.6.103:443
173.46.80.206:443
185.216.144.51:443
216.74.123.41:443
37.59.205.5:443
5.161.252.127:443
51.68.216.13:443
51.89.137.8:443
57.128.166.214:443
65.108.49.36:443
78.47.60.67:443
85.239.53.94:443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-08-24)

http://159.100.17.21
http://5.161.45.18
http://89.117.109.134
159.100.17.21:443
5.161.45.18:443
89.117.109.134:443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-08)

http://37.59.132.162
37.59.132.162:443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-15)

http://191.96.235.177
http://216.107.136.57
http://5.152.222.100
191.96.235.177:443
216.107.136.57:443
5.152.222.100:443
