# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/anyrun_app/status/1747624307541323795
# Reference: https://app.any.run/tasks/b30207fd-d690-425d-90f2-834a1e000e6b
# Reference: https://www.virustotal.com/gui/file/6d5f577a21297e41d2341e6ae029edb997d4b4feca6f40f9410e94e0e01ac8a4/detection

91.92.252.40:5050
94.156.64.213:5050
swiftwealth.ddns.net
wealthxeno.ddnsfree.com
wealthyman.ddnsfree.com

# Reference: https://app.any.run/tasks/4bf50208-0a9d-4c39-9a53-82a417ebac4d/
# Reference: https://app.any.run/tasks/efcd6fc0-75a4-4628-b367-9a17e4254834/
# Reference: https://www.virustotal.com/gui/file/2e178c46ca41da7fdfd9d26b66d2c33122dbc69455a16df76911109ee93fd2af/detection
# Reference: https://www.virustotal.com/gui/file/d7f7bfd471f21a91aad6bd2726cc3899440665c6fd6522374e8850bd1ef79a90/detection

185.104.184.43:45010
213.152.161.30:45010
213.152.186.168:45010
jctestwindows.airdns.org

# Reference: https://www.virustotal.com/gui/file/5dce4965a06ff99f96e200346282cf80746e08337447095a49ec69bd1c0db12a/detection

86.68.222.14:7011
dentiste.ddns.net

# Reference: https://asec.ahnlab.com/en/66429/
# Reference: https://www.virustotal.com/gui/file/facf3b40a2b99cc15eee7b7aee3b36a57f0951cda45931fcde311c0cc21cdc71/detection
# Reference: https://www.virustotal.com/gui/file/b8233fe9e903ca08b9b1836fe6197e7d3e98e36b13815d8662de09832367a98a/detection
# Reference: https://www.virustotal.com/gui/file/97ba8d30cf8393c39f61f7e63266914ecafd07bd49911370afb866399446f37d/detection
# Reference: https://www.virustotal.com/gui/file/44e492d5b9c48c1df7ef5e0fe9a732f271234219d8377cf909a431a386759555/detection
# Reference: https://www.virustotal.com/gui/file/0b8897103135d92b89a83093f00d1da845a1eae63da7b57f638bab48a779808e/detection

159.100.29.122:5885
159.100.29.122:8811
159.100.29.122:8989
159.100.29.122:9654

# Reference: https://x.com/suyog41/status/1804058160954581326
# Reference: https://www.virustotal.com/gui/file/5621cb1bf48b91330ab432ed40281f48dc40bc58d220fbe96b60e526ac6ceecb/detection
# Reference: https://www.virustotal.com/gui/file/02c6cba00aa332bf33e30f7afa7f8dc104f90249ce813b1744c5fecdf5c448dc/detection

91.92.248.167:1278
91.92.248.167:1280
busyestinglsv.site

# Reference: https://x.com/karol_paciorek/status/1808862180793569760
# Reference: https://www.virustotal.com/gui/file/58fdc1b6ce4744d6331f8e2efc4652d754e803cae4cc16101fc78438184995e6/detection
# Reference: https://www.virustotal.com/gui/file/4108c5096a62c0a6664eed781c39bb042eb0adf166fcc5d64d7c89139d525d4f/detection

http://95.164.86.148
95.164.86.148:9999

# Reference: https://www.virustotal.com/gui/file/8fbe734f092fe38ef0ad6fdffe8437560a8f5251a0839c019babd195d54eb10c/detection

172.93.222.33:35549
nanoshd.pro
nanoshield.pro
fusionmelonate.duckdns.org

# Reference: https://blog.talosintelligence.com/moonpeak-malware-infrastructure-north-korea/
# Reference: https://www.virustotal.com/gui/file/8a4fbcdec5c08e6324e3142f8b8c41da5b8e714b9398c425c47189f17a51d07b/detection
# Reference: https://www.virustotal.com/gui/file/458641936e2b41c425161a9b892d2aa08d1de2bc0db446f214b5f87a6a506432/detection
# Reference: https://www.virustotal.com/gui/file/1ad43ddfce147c1ec71b37011d522c11999a974811fead11fee6761ceb920b10/detection
# Reference: https://www.virustotal.com/gui/file/148c69a7a1e06dc06e52db5c3f5895de6adc3d79498bc3ccc2cbd8fdf28b2070/detection

167.88.173.173:9936
167.88.173.173:9966
45.87.153.79:9936
45.87.153.79:9966
45.95.11.52:9936
45.95.11.52:9966
80.71.157.55:3389
95.164.86.148:3389

# Reference: https://www.virustotal.com/gui/file/0c925ec360ee46fde6d755d23a8338a0859a7609290ee3ff9d17f9c498a274f4/detection

148.113.165.11:4444

# Reference: https://x.com/angel11VR/status/1830680013022056680

111.90.147.147:5652

# Reference: https://www.virustotal.com/gui/file/e9474dd93bab71fb65b860706a82ab9eaf856829fff8d6fde6d181a3b126a37c/detection
# Reference: https://www.virustotal.com/gui/file/1f5a96dccf8f699667be50423183c723e4412061fea603fcdb0d4889bb05d481/detection

45.66.231.24:1356
45.66.231.26:1356
roollingstonen.sytes.net

# Reference: https://x.com/Huntio/status/1838942583911063895
# Reference: https://www.virustotal.com/gui/file/f770b7e25d959f700c9119cb1d9a5ef444634a335ea9f230f06b51fdaa487ad1/detection
# Reference: https://www.virustotal.com/gui/file/c69792d8a8ef30f50d118949aee702a01be0cafb4e9f6c9b544a8bb193ea5994/detection
# Reference: https://www.virustotal.com/gui/file/31ea0b97393741bcea9df8e044162bc159209f61d71792452119791badf14322/detection

45.89.247.109:443
45.89.247.109:4444
45.89.247.109:5555
zenofs.zapto.org
