# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.fireeye.com/blog/threat-research/2017/05/threat-actors-leverage-eternalblue-exploit-to-deliver-non-wannacry-payloads.html

hackqz.f3322.org
120.209.40.157:8880

# Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Nitol-P/detailed-analysis.aspx

dingtao333.3322.org

# Reference: https://twitter.com/securiteoff/status/739574861543149568
# Reference: https://www.virustotal.com/gui/file/20d841afa96e58fb7d2b4c5e8bb25d07ff36e25bbb14fc176f3f46c650cb016e/detection

feng12763.3322.org
qlsb.f3322.net

# Reference: https://twitter.com/P3pperP0tts/status/1153026768590258179

520yxsf.com

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2012/2012-04-19-digging-into-the-nitol-ddos-botnet/digging-into-the-nitol-ddos-botnet.csv

aisini1314.3322.org
bcl5736120.3322.org
ccddos.net
erwbtkidthetcwerc.com
fangqi.6600.org
fangqi.7766.org
fuck0313.6600.org
guangkuo119.3322.org
kankan902.3322.org
ksattack.6600.org
maguss.3322.org
maple110.3322.org
mybaccy.3322.org
rterybrstutnrsbberve.com
rvbwtbeitwjeitv.com
sousou123.3322.org
xin9liao.gnway.net
xinxin168.3322.org
xiong97.3322.org
yezi999.3322.org
ylddos.3322.org
zwx5060.3322.org

# Reference: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/tale-of-the-two-payloads-trickbot-and-nitol/
# Reference: https://github.com/AlienVault-OTX/Threat-Trends/blob/master/MaliciousDomains_UmbrellaRanking.csv

e.googlex.me

# Reference: https://asec.ahnlab.com/1031

b.googlex.me

# Reference: https://www.virustotal.com/gui/file/62010ae6b25999cbc37c935c163285f571294f4732965c66b9233a7573c13c10/detection

w.googlex.me
m.googlex.me

# Reference: https://totalhash.cymru.com/network/?dnsrr:*.googlex.me

w.googlex.me
m.googlex.me
googlex.me

# Reference: https://twitter.com/pancak3lullz/status/748172641131847681
# Reference: https://www.virustotal.com/gui/ip-address/110.173.30.68/relations

110.173.30.68:1111
110.173.30.68:1150
110.173.30.68:1380
110.173.30.68:1472
110.173.30.68:2013
110.173.30.68:2014
110.173.30.68:6666
110.173.30.68:8080
110.173.30.68:8085
110.173.30.68:8089
xiaoaolong.f3322.org

# Reference: https://twitter.com/pancak3lullz/status/744918444265578496
# Reference: https://www.virustotal.com/gui/file/a2d02236c2a9684310d95d5a98734d17d226da16607f98903e0a5f9d62298521/detection
# Reference: https://www.virustotal.com/gui/file/40ac46478014d0a89f787c25dd380424b0e16913bd5ff03db90c32b75aa10c35/detection

173.254.236.5:8900
45.34.191.179:8900
119.147.145.218:8511
wx137672811.f3322.net

# Reference: https://twitter.com/pancak3lullz/status/740562923639046146
# Reference: https://www.virustotal.com/gui/file/e39a3ca5574dfba2bd29a71b933c9bf22633baad10c7fcac5abbc700e5b8f175/detection

183.60.202.97:1993
longge520.f3322.net
qlsb.f3322.net

# Reference: https://twitter.com/pancak3lullz/status/739878964064194560

aabao.top
a.aklianfa.com

# Reference: https://www.virustotal.com/gui/domain/leiyan.hk/relations

leiyan.hk

# Reference: https://twitter.com/pancak3lullz/status/739573412973150208

zhaojinyi5045.f3322.org

# Reference: https://twitter.com/pancak3lullz/status/742832969539158017

125.88.146.61:9595
hackxiao.top

# Reference: https://www.virustotal.com/gui/file/9ea76521dacafc0437c12d3e7b2db5e4cd27054c476e87dfe9fb2934bbd3668b/detection

gyddos.com

# Reference: https://www.virustotal.com/gui/file/87c00a2dbc7aad92c63afe8633dde5253da9dd8c663dfe257ab17c087c967b16/detection

61.160.232.140:65534
5302000.publicvm.com

# Reference: https://www.virustotal.com/gui/file/f5ce87456cad6b035e20df4e3c8cfd6f68353913dbb78be8383036842c54ec69/detection

103.226.124.222:65534

# Reference: https://www.virustotal.com/gui/file/a624fd04789db3e1327fd981ac01b79c1d432819e752291843e4e4778794d6aa/detection

112.74.75.143:6666

# Reference: https://www.virustotal.com/gui/file/96a8382fe8bd91e1cf9ab358cb03f597dc3bcef66503275c17b914e28b438c92/detection

210.222.25.223:6666

# Reference: https://www.virustotal.com/gui/file/22bd3e766de31699464b08467a47b6c44f4825e4984221f74209cdb9c2b26756/detection

61.84.56.105:1234

# Reference: https://www.virustotal.com/gui/file/1b9c5b63df29807ca8dd96c4878d33dc2b1a3bed6a11e8e7bb29ba7a868ac341/detection

sexgb.codns.com

# Reference: https://www.virustotal.com/gui/file/bcf7e416d7fdb066b831720789ffffcde71e4e1ba99294a159ff342175d9c069/detection

182.225.123.146:8080
tv1004.codns.com

# Reference: https://www.virustotal.com/gui/file/6bf39bbb04edf94d46ba9f1a80ac41a3113eac9befc02dc72444aa8e5a68ea55/detection
# Reference: https://www.virustotal.com/gui/file/4406f6e797db9308fb2e7d37483f96c71f91fadc98d45539bbe4137f6a8bb241/detection

173.208.243.3:8090
173.208.243.4:8914
74.91.16.130:8089
74.91.16.132:8914
74.91.16.133:6688
imddos.my03.com

# Reference: https://www.virustotal.com/gui/file/8b7539df3ca2a8d75f9ce1da69b66b761ff1661fe42b03f18103cd0b0f068956/detection

103.30.40.76:881
103.70.77.18:881
185.207.154.26:881
185.207.154.91:881
185.239.225.133:881
193.42.27.224:881
194.156.132.105:881
222.186.59.89:881
23.236.68.162:881
23.236.68.175:881
23.236.68.185:881
23.236.68.213:881
23.236.68.213:9999
23.236.68.89:881
23.236.68.89:9999
23.236.68.99:881
43.224.249.211:881
45.116.77.70:881
45.116.77.70:9999
45.117.102.172:881
45.120.156.139:881
45.120.156.160:881
45.120.156.160:9999
45.120.156.178:881
45.120.156.178:9999
45.13.199.120:881
45.13.199.120:9999
45.137.10.85:881
45.138.81.176:881
45.138.81.176:9999
78.142.194.122:881
5123.2288.org

# Reference: https://www.virustotal.com/gui/file/1d15ccc6dc69f1f0a40f2b1396220120577396a18a9d09ca79a0c267a50e23cf/detection

211.243.120.137:2
ghkdtldhs.p-e.kr

# Reference: https://www.virustotal.com/gui/file/295708d2a5ebd22cebe29b3f23a74e2d6f7f1056715324b35f5afc5e1d30ea57/detection

112.152.98.136:1212

# Reference: https://www.virustotal.com/gui/file/3eb70dc98b72cb6e0350f99848e4312fa37ca279c16bb011a9ff676ce530b879/detection

a1104.r-e.kr

# Reference: https://www.virustotal.com/gui/file/4dea27a086a7fe58de28b8fcd61df55d8656dbcb1803e3ff385cb1e2beded384/detection

chlehdgj.r-e.kr

# Reference: https://www.virustotal.com/gui/file/54171f4fd9b873b381f597c5b029433d325f27f7d1f1b7b1a131aaf182a47fe6/detection

116.38.148.166:1542
118.40.137.174:1542
wnsdud0430.kro.kr

# Reference: https://www.virustotal.com/gui/file/9619b87a5b19e587227eba60171d2763b1fe9f81b27c0207fb3d52233ffbd059/detection

116.38.148.174:1542
116.38.148.175:1542

# Reference: https://www.virustotal.com/gui/file/21f59a60d6632320cad5a25dad18ec42d57bb4d3aebd3afac85ba7d81a5e09f1/detection

175.118.59.183:8125

# Reference: https://www.virustotal.com/gui/file/eb1982fba971cd54894c5755c6bb239ef92b1afcf21f16329f16580f5a103847/detection

124.111.116.108:8125

# Reference: https://www.virustotal.com/gui/file/45b6991cbb39b1598a993ff5b36eafc1308488ebdade8dbda7fe5a5d86c712c4/detection

218.238.223.33:8080
sexymon12.kro.kr

# Reference: https://www.virustotal.com/gui/file/4685ce889d2e1ea74385dc9d0da97f279e258db237ca3c057fca0017c011d874/detection

218.238.223.33:6414

# Reference: https://www.virustotal.com/gui/file/4f0248164f3d33045922b8fb8e049df752abb52a4682164aa0dfeff2c1711d89/detection
# Reference: https://www.virustotal.com/gui/file/e0e00179548df8be9a772b12744810e6ee3a1e48af967c8af3495ed7c541fac4/detection

103.95.240.43:2018
105.234.35.162:2018
122.213.24.236:2018
124.98.73.100:2018
132.233.176.72:2018
136.106.125.33:2018
148.226.138.194:2018
153.22.87.11:2018
158.73.36.83:2018
164.144.233.221:2018 
182.224.234.115:2018
182.224.234.115:2018 
182.227.60.248:2018
189.156.42.74:2018 
193.207.245.146:2018 
202.76.11.129:2018
212.22.201.53:2018
218.91.182.254:2018 
246.135.36.50:2018
253.205.144.251:2018 
28.207.215.223:2018
43.249.242.252:2018 
48.45.191.69:2018
49.175.99.121:2018
9.89.177.30:2018
95.79.19.64:2018

# Reference: https://www.virustotal.com/gui/file/fbbba2a2aadb00fdc81cbbd79523414297de75496ff3f2d11498fb1e5016d249/detection
# Reference: https://www.virustotal.com/gui/file/13446373e14035431a35d0f9b1543cf5067c774b999f750fe43ba4e97ee66ab1/detection
# Reference: https://www.virustotal.com/gui/file/f393bba5f1252dd68fec310b8f89cda0ec8f59816edb9602f5446df4ba6f6cb3/detection
# Reference: https://www.virustotal.com/gui/file/09733d736979f2192a205d576ea3d792740a8cabef8b0e6827b824cc89ef7903/detection
# Reference: https://www.virustotal.com/gui/file/96c68339d429c7bc375d18241952caf4e4c58b1c556aa66784288078a738c2d4/detection

101.152.154.58:1800
107.190.198.28:1800
114.249.167.81:1800
116.35.216.50:1800
118.134.172.15:1800
124.193.141.68:1800
128.78.147.2:1800
135.137.116.55:1800
136.121.120.128:1800
14.5.119.153:1800
14.5.119.153:8808
141.171.69.199:1800
142.48.159.25:1800
148.108.129.78:1800
15.187.26.11:1800
15.246.205.111:1800
152.248.134.12:1800
159.52.103.65:1800
165.90.147.35:1800
166.33.192.121:1800
169.161.107.143:1800
174.212.56.214:1800
175.198.201.12:1800
176.105.39.108:1800
176.34.121.22:1800
182.224.234.115:1800
187.234.223.9:1800
187.49.14.95:1800
190.143.255.30:1800
2.89.141.243:1800
200.147.27.118:1800
200.204.108.32:1800
201.87.103.17:1800
211.91.1.105:1800
212.73.235.170:1800
213.164.82.189:1800
217.77.220.79:1800
222.128.169.151:1800
222.17.210.157:1800
222.35.230.92:1800
247.29.146.10:1800
25.190.52.98:1800
252.63.182.76:1800
32.142.109.126:1800
32.60.209.254:1800
37.110.158.71:1800
37.193.185.198:1800
39.228.13.20:1800
4.242.51.24:1800
42.244.134.15:1800
44.149.116.88:1800
49.175.99.121:1800
50.172.115.7:1800
51.6.147.64:1800
55.93.90.75:1800
66.38.193.62:1800
67.180.18.75:1800
79.135.77.85:1800
84.135.45.77:1800
86.171.185.13:1800
89.186.249.149:1800
90.221.6.85:1800
94.92.185.5:1800

# Reference: https://www.virustotal.com/gui/file/b5fabc8dc9e2516642cac9e4bfbda280b6312f1ceb107436f723902c8ee2e841/detection

140.143.145.162:29134

# Reference: https://www.virustotal.com/gui/file/fe5855d961748d6922d5687f0d0f10f07e6c8555cc042d73ba1188801fab7367/detection

gdownpack.jomodns.com

# Reference: https://www.virustotal.com/gui/file/45d34e4733c9b34cf8e43e13515ebd02c5a3dc9a7a04304caea7f6199b3c1e8c/detection

175.210.132.122:3
194.120.222.177:3
207.217.235.199:3
21.190.31.193:3
218.35.210.186:3
45.232.19.203:3
56.176.248.190:3

# Reference: https://www.virustotal.com/gui/file/aaf036cbf8b7436e69dcc517576c4a01a002f1e204c729469e4217b71e1a8285/detection

49.166.162.113:8080
1145678.p-e.kr

# Reference: https://www.virustotal.com/gui/file/e259c7d12802a94129632c8287da2ef5d6ca2f06cac46eb4a0e264e2e69ce5be/detection
# Reference: https://www.virustotal.com/gui/file/03d1ae34d48f1da0515fd077dc3a3c9d368dd884a605ee30096c32b4d0469e37/detection

159.58.62.229:1900
172.155.75.252:1900
175.198.201.12:1900
18.56.156.205:1900
182.100.50.239:1900
206.14.37.248:1900
21.114.88.242:1900
217.213.11.235:1900
32.154.41.228:1900
42.98.143.215:1900
53.42.117.202:1900
66.140.130.225:1900
77.212.105.212:1900
8.112.53.218:1900
88.156.79.199:1900
bkhwa123.p-e.kr

# Reference: https://www.virustotal.com/gui/file/2a315ec1fbd8a3dfb70ba259699a660389c8a13a158f0c29cace1e1d67131130/detection

121.164.182.43:7327
185.53.179.29:8889

# Reference: https://www.virustotal.com/gui/file/bcf17bd4576d7494a71db278478a1f78112324c5bf847853e4d82c6c8dcde604/detection
# Reference: https://www.virustotal.com/gui/file/441f5b8b76b7708eec2250570c714e1d5a35e0bdc867cfae54d639b4b1c4a200/detection
# Reference: https://www.virustotal.com/gui/file/a31a9f60e27390091a25f134511f09c7776efab4b758b99cfdfe0498f88caf6d/detection
# Reference: https://www.virustotal.com/gui/file/4c9fdb66f53b71a4c98892b62b26939006dd5d6b6353795a6181767b9258e2cc/detection
# Reference: https://www.virustotal.com/gui/file/3dcca6757b9dd064348e0897dca21bf4cb8d7a5ce3fa5f54d934e7748684d908/detection

105.209.90.18:2
108.20.136.155:2
116.153.65.5:2
12.195.52.15:2
129.250.78.28:2
143.214.133.34:2
148.108.158.204:2
149.28.251.67:2
153.159.107.21:2
182.227.151.35:2
220.122.152.173:2
220.122.152.173:3
36.109.39.24:2
47.54.142.11:2
60.151.26.34:2
71.95.129.21:2
81.167.103.8:2
95.10.116.31:2

# Reference: https://www.virustotal.com/gui/file/6e2bfdaf17806fa35c8b113fcf6931e22a6fcb8516c2f741bac6cbd63d62ca32/detection

220.122.152.173:12

# Reference: https://www.virustotal.com/gui/file/0a352acc084973c5ccbc13dd487fc5e3e746bb902c5420f98f6c74eb0c120c71/detection

mhddos.kro.kr

# Reference: https://www.virustotal.com/gui/file/37d02d69a4404525f924954e7ed61b389ae10283ca4cba9fa3e3a6fd66f5b102/detection
# Reference: https://www.virustotal.com/gui/file/9bd0184051693d604f2b16ee748b3c4d1a9c988eef4f90fbd933db188dc7ab56/detection

31.13.72.54:6300
67.228.74.123:6300
85.155.231.209:6300
ziscoll.hopto.org

# Reference: https://www.virustotal.com/gui/file/b7c16208e51ff8fed8e00a1a203b25f5dbab43f7dd3022f457995b8b726569c3/detection

211.209.68.52:4368
211.209.68.52:8080
211.209.68.52:8500
jjh0547.ddns.net

# Referenc: https://www.virustotal.com/gui/file/7f3f596898d41c390b96b234f6c7e6582004e2d2f0915186f679c4e1d786dc84/detection

58.227.92.15:1234
