# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: gamarue

# Reference: http://www.microsoft.com/security/portal/threat/Encyclopedia/Entry.aspx?Name=Win32/Gamarue#tab=2

cityhotlove.com
clothesshopuppy.com
conpastcon.com
freefinder.me
grrrff24213402.com
grrrff2452.com
iurhjfnmflsdf.com
lanamakotrue.com
mgrsdfkprogerg.com
pastinwest.com
puppyclothesshop1.net
puppyclothesshop2.net

# Reference: http://www.malware-traffic-analysis.net/2015/10/20/index.html

motherbeing-news.com
mindfucktoys.com
mommycums.com
musictocheer.com
731pro.pw

# Reference: https://www.aldeid.com/wiki/48e29119b03641499492336695c29ffd

suckmycocklameavindustry.in
xdqzpbcgrvkj.ru
anam0rph.su
orzdwjtvmein.in
ygiudewsqhct.in
bdcrqgonzmwuehky.nl
somicrososoft.ru

# Reference: https://www.virustotal.com/gui/file/06f7c12171e1608547eb5ae2d39af72835519fdf56aaaeb1dcc6be853dac22a9/behavior/VirusTotal%20Jujubox

tvrstrynyvwstrtve.com
somicrososoft.ru
rtvwerjyuver.com
ygiudewsqhct.in
anam0rph.su
orzdwjtvmein.in
suckmycocklameavindustry.in

# Reference: https://blogs.quickheal.com/worm-gamarue-what-it-is-and-how-does-it-evolve/
# Reference: https://app.any.run/tasks/956e225d-f0cd-4439-a0ab-ceb7547327ac/
# Reference: https://app.any.run/tasks/6bef4110-7ca8-49ff-b3bb-136f4cfdc462/

sobea.in
thesecond.in

# Reference: https://www.virustotal.com/en/domain/amnsreiuojy.ru/information/
# Reference: https://www.threatcrowd.org/malware.php?md5=8bdfb5f4f2292eba9a2e68eb1aab7840

amnsreiuojy.ru
morphed.ru
deltaheavy.ru

# Reference: https://www.virustotal.com/en/domain/bdcrqgonzmwuehky.nl/information/

bdcrqgonzmwuehky.nl

# Reference: https://malwr.com/analysis/YzA2MGY4MDE2NzNmNDEyMmE3OWEzZDQ5ZTEwMjZmZTc/

amnsreiuojy.ru
xdqzpbcgrvkj.ru
anam0rph.su
orzdwjtvmein.in
ygiudewsqhct.in
bdcrqgonzmwuehky.nl
somicrososoft.ru
rentipod.ru
lnx-games.su

# Reference: https://blog.avast.com/andromeda-under-the-microscope

atomictrivia.ru
designthefuture.ru
gvaq70s7he.ru
getuptateserv.eu
disorderstatus.ru
ac6ruv8t.ru

# Reference: https://www.virustotal.com/gui/domain/4nbizac8.ru/relations

4nbizac8.ru

# Reference: https://blog.avast.com/andromeda-under-the-microscope

differentia.ru
disorderstatus.ru
http://differentia.ru/diff.php
http://disorderstatus.ru/order.php

# Reference: https://lists.openinfosecfoundation.org/pipermail/oisf-users/2018-October/016203.html

atomictrivia.ru
http://atomictrivia.ru/atomic.php

# Reference: https://www.threatcrowd.org/malware.php?md5=3044af3a89e9e110889ba9d0923f25f3

xxtyr0xg4w.ru
76236osm1.ru
sxxtyr0xg4w.ru

# Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/W32~Gamarue-AT/detailed-analysis.aspx

hzmksreiuojy.biz
hzmksreiuojy.com
hzmksreiuojy.in
hzmksreiuojy.nl
hzmksreiuojy.ru

# Reference: https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html (Win.Dropper.Gamarue-6682684-0)

awele.duckdns.org
dogged.cf
genpral.top
pafindo.me
safemann.tk
siyaghasourccing.com
www.greenfleld.com
www.slompbit.xyz

# Reference: https://www.virustotal.com/en/file/198dbf18747c4592fcce43c3b1c45f9706f9c3fb781e8ac9f23f0c2418caa5ca/analysis/

differentia.ru
atomictrivia.ru
39slxu3bw.ru
76236osm1.ru

# Reference: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor:Win32/Gamarue
# Reference: https://totalhash.cymru.com/analysis/?ab3a71d5d1dfec699ccfbaddbb4ac5a2ad34c617
# Reference: https://totalhash.cymru.com/analysis/?767f89633e21fc96b430a17058b572720eaf7228

faumoussuperstars.ru
a.nas.ru
b.nas.ru
c.nas.ru
powerrembo.ru
lunaizemlya.ru
/intro/data.php

# Reference: https://www.threatcrowd.org/malware.php?md5=3845acda05dcf834d9f2237fd3db40b4

sbws3v7zh.ru

# Reference: https://blog.talosintelligence.com/2019/07/threat-roundup-0628-0705.html (# Win.Trojan.Gamarue-7008527-0)

srv1000.ru
srv1100.ru
srv1200.ru
srv1300.ru
srv1400.ru
trkhaus.ru

# Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Androm-PE/detailed-analysis.aspx

afawydymss.blogoveg.org
azipev.blogoveg.org
ikvbog.blogoveg.org
ipufukavyd.blogoveg.org
iqtpyty.blogoveg.org
odenatl.blogoveg.org
omomeqygex.blogoveg.org
ozywopesb.blogoveg.org
ugejiju.blogoveg.org
uglz.blogoveg.org
ujoparq.blogoveg.org
ules.blogoveg.org
uxykeh.blogoveg.org
ysoc.blogoveg.org
yzuhk.blogoveg.org

# Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Androm-NE/detailed-analysis.aspx

ie.n502.com
900cpa.cc

# Reference: https://www.group-ib.com/resources/threat-research/Anunak_APT_against_financial_institutions.pdf
# Reference: https://www.virustotal.com/gui/file/98413cf9281d4b00f6503c18256aab3b7cb5b2c7017f3579388cc4641e8a1696/detection

ddnservice10.ru
ddnservice11.ru
/and/jopagate.php

# Reference: https://www.proofpoint.com/sites/default/files/proofpoint-operation-transparent-tribe-threat-insight-en.pdf

dvdonlinestore.net
eastmedia2112.com
mustache-styles.com
onlinestoreonsale.com
pradahandbagsshoes.com
vhideip.com
wisheshub.com
99mesotheliomalawyers.com

# Reference: https://twitter.com/malwrhunterteam/status/1188056259209158656
# Reference: https://www.virustotal.com/gui/file/8faa02e77c596d1c0e443de4939df308b27f163bae6268ad864d96a3d3e5ff84/detection

45.14.15.15:777

# Reference: https://www.virustotal.com/gui/file/5fc7a819f5640918045e0431b4c31c8fa87c1c1485a4f6da7103ad9da620251b/detection

212.7.208.155:10001
rogerfries8.ddns.net

# Reference: https://www.virustotal.com/gui/file/4550db4e0c0f9e871b99164c94185e3b8cc92d3d5463d20092e8559aefe454d7/detection
# Reference: https://www.virustotal.com/gui/file/4550db4e0c0f9e871b99164c94185e3b8cc92d3d5463d20092e8559aefe454d7/detection

mikemonk88.ddns.net

# Reference: https://www.welivesecurity.com/2017/12/04/eset-takes-part-global-operation-disrupt-gamarue/

/last.so
/nonc.so

# Reference: https://app.any.run/tasks/ad7d17b0-bb0f-4e2a-a2d9-7d567af9ff10/
# Reference: https://www.virustotal.com/gui/file/828ba0c795e14a3c712ca8d0f14ef2514ed4b20c97e12f8d684938ff1cba5bc4/detection

cs-server1.biz
/forums/gate.php

# Reference: https://www.virustotal.com/gui/file/3d38f6288716d6999a04bbc008dd4e6a38feb189f5dd6931d761a406410a6c21/detection

139.60.162.173:500

# Reference: https://www.virustotal.com/gui/file/e9a38bfedb18323cccc332b57e03ddd777233cf7fc9b0a24e19d8bf0da8cff9b/detection

212.83.170.126:1604
walter2013.noip.me

# Reference: https://www.virustotal.com/gui/file/6b6ff1efd1dd41901c9c23dfd6d03ff6c1f6d846bf8ac8002b3af61744426e11/detection

192.69.169.25:3636
lucas1mhood.chickenkiller.com

# Reference: https://www.virustotal.com/gui/file/ef9af3475e2eee26db26435fc16bb6801e6128534c8938c3112137ebb7f4a87e/detection

hitech.hopto.org

# Reference: https://www.virustotal.com/gui/file/cd4783ab3a4d1bf09e7d0bd110fb4311c276ccf41d6de73f54d0d27011e31871/detection

192.69.169.25:3434
13344.duckdns.org

# Reference: https://www.virustotal.com/gui/file/c326d1a58d4744381a1855999fba0d086dc64122cab26fe5c8c44e4c9cbe57f7/detection

noipman.duckdns.org

# Reference: https://www.virustotal.com/gui/file/cd560bc3c0e51d8fa03083cd7d3a82635323ff51d829f7ec510921985f0fd7fb/detection

192.69.169.25:4360

# Reference: https://twitter.com/pancak3lullz/status/743214087882964993

gainsgul.com

# Reference: https://www.virustotal.com/gui/file/922ee5638720359e21cff65edf319d48308006624dee8f9e748badba96d3a46d/detection

185.125.205.79:1994
194.5.97.219:1994

# Reference: https://blog.talosintelligence.com/2019/12/threat-roundup-1206-1213.html (# Win.Trojan.Gamarue-7440316-0)

v1.eakalra.ru
v1.op17.ru

# Reference: https://www.virustotal.com/gui/file/cacbd08d64993a3bd970009d9995123a6560a7933ee2b33a7a8ecb8cdc4e105a/detection

23.105.131.156:1204

# Reference: https://www.virustotal.com/gui/file/229726fcfbf8428b459f3b06fe29a79a7d7e8af6f4e91bf8349613de0c67f209/detection

80.69.173.234:3317
94.237.60.17:3317
bonding79.ddns.net
chrisle79.ddns.net
engine79.ddns.net
goodgt79.ddns.net
jacknop79.ddns.net
smath79.ddns.net
whatis79.ddns.net

# Reference: https://www.virustotal.com/gui/file/ad1ca75a4a53cabc0c79880e75c9e3dedbfd0e58060c3636b22309d671ad3afd/detection

31.220.15.39:3317

# Reference: https://www.virustotal.com/gui/file/ec92ac95fdff2353122e835649c26f0eaedd3bbb17ff0c01426df4d1eba83257/detection

142.44.161.51:3317
178.209.46.144:3317
185.101.92.3:3317

# Reference: https://www.virustotal.com/gui/file/ee9145a92b10c2b670da3621c5178f487393cbc2b637d8cacb4ab27177be14bd/detection

103.136.43.131:3317
168.235.111.253:3317
205.185.125.42:3317

# Reference: https://www.virustotal.com/gui/file/d2214c4a547a6e8ad01b18812d29fb7f6b41d0bc95aa6c968ac4cdaafe2e50b9/detection

103.125.217.169:3317
105.112.99.176:3317
199.195.250.222:3317
209.182.219.33:3317

# Reference: https://www.virustotal.com/gui/file/f3a4ebd570b06ed0579deb807f38d0f79db560abdbc3d0d6e632975aa66e161d/detection

79.134.225.112:3421
ceo221.hopto.org

# Reference: https://www.virustotal.com/gui/file/74f31b810bdefbbfdfc62983c7ef36e4acdcad5d193ab20639164161c4b56a17/detection

againme666.ddns.net

# Reference: https://www.virustotal.com/gui/file/c6ef5c97443a3612b0bd662c502b5712ab46579600cafb8d800d27aebe21212a/detection

103.200.6.79:3330

# Reference: https://www.virustotal.com/gui/file/b1cf88b282a213caf2e41be175e24b480f9d5e3719a5c32e0ba09f0d9845852f/detection

103.219.154.223:7865

# Reference: https://www.exposedbotnets.com/2012/10/cheatmodernwarfarecom-multiple-http.html

cheatmodernwarfare.com

# Reference: http://cybercrime-tracker.net/index.php?s=0&m=1000&search=Andromeda

crdshop.club
starmanspo.com
backofficemail3.com
www.shopbaite.ru
lipetskrulit.com
and4.junglebeariwtc1.com
deluxearmy.pw
www.hfaggron.tk
botghoster.livehost.fr
poppingb.com
dnshksd3asdns1421344d.com
poppingx.com
knockknock-jokes.com
youbeboom.pw
the8020.info
www.dnshdakjasdns14213.com
1natojobservice.ru
a2kiaymoster1902.com
ladylee.pw
mynew1337bots.com
just-a-downloader.su
akiaymoster1.com
tom91jerry.ws
sonic4us.ws
porn4us.ws
androbandrofand02.com
hfcool.info
letsgetfreemovies.info
androbeta.0pu.ru
styxb1tch35.su
j1nxfyr3.su
premium.zam99.com
darkness.su
ghostink.sytes.net
internationaltravelconsultantsinc.com
xylox.su
adobe-helper.cloudapp.net
dortnath.com
ns1.androha.com
xvident.pw
voscomptesenligne.eu
theassassinscreedrevolution.com
belakey.com
localmw.org
skyline2050.net
whitewidow.ciscofreak.com
televisionhunter.com
www.mydowncenter.me
www.welovegiveaways.net
checkbs.com
www.istanbulnakliyecileri.com
solutionswiki.com
flambiipanel.zz.mu
www.panel-gc.co.uk
crispershf.hc0.me
moneybooster.info
fahfasd.pw
stateqa.biz
myinstalls.info
coco.3chp.tk
devbug.su
techmanagement.info
down4life.hopto.org

# Reference: https://www.virustotal.com/gui/file/b3d54955c9ca43f6ef179cb6028e7db400a93b1c968e7c9688f4df636222998d/behavior/SNDBOX
# Reference: https://www.virustotal.com/gui/file/4ff01b3b9719b2e70578028c2ccc940c8f6dd1e3a76c99996c6a7ee967dc21e4/behavior/Dr.Web%20vxCube
# Reference: https://www.virustotal.com/gui/file/05d11121fc781001e2909495c9c0790d4df3a366be0982ade0bd53e357a67c52/behavior/Yomi%20Hunter
# Reference: https://app.any.run/tasks/beb1b1d4-3050-42b2-b1b7-0c33d3970a5c/

bighecks.net
imageshells.com
sonic4us.ru
sonic4me.com
yahgodz.com

# Reference: https://www.virustotal.com/gui/file/8bb670d4647757345f1f42e06d4ff367e8d3ac6953806ad1b89cee34eba6bc5a/behavior/SecondWrite

dom-adobe-directs.com
list-adobe-directs.com

# Reference: https://www.virustotal.com/gui/file/45bc69145ccdd28e465e49ba22e8f53597fc3466ee939600d0687dc6893e60b3/detection

ceraslog.com

# Reference: https://www.virustotal.com/gui/file/22877da44952a51311553e3a0af27dc96af1b484c7c69d9735b2734c6f901fd7/detection

192.169.69.22:7997
ifraneifrane.duckdns.org

# Reference: https://twitter.com/campuscodi/status/1228185851533971456
# Reference: https://securitynews.sonicwall.com/xmlpost/project-androm-backdoor-trojan/
# Reference: https://www.virustotal.com/gui/file/1ea6b3e99bbb67719c56ad07f5a12501855068a4a866f92db8dcdefaffa48a39/detection

159.100.250.231:8080

# Reference: https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.html (# Win.Packed.Gamarue-7580018-0)

delvernet.info
faumoussuperstars.ru
junglebeariwtc1.com
martivitapoint.info
nutqauytva100azxd.com
nutqauytva10azxd.com
nutqauytva11azxd.com
nutqauytva2azxd.com
nutqauytva3azxd.com
nutqauytva4azxd.com
nutqauytva5azxd.com
nutqauytva6azxd.com
nutqauytva7azxd.com
nutqauytva8azxd.com
nutqauytva9azxd.com
oingee.pw
otter.pw
powerrembo.ru
spotxte.com
uzuzuseubumaandro.com
uzuzuseubumaandro1.com
vedivenivici.ml

# Reference: https://www.virustotal.com/gui/file/cd4f887b06895f619e594f0d76b4ae482bf9a43a7ed890633ebbda91847a48e9
# Reference: https://www.virustotal.com/gui/file/7f1d2b99b1ef2e823cadbac1c60602dbb981b7c52527eb61c0f5671ccb559171/

megascor.no-ip.biz
megascor.no-ip.info

# Reference: https://www.virustotal.com/gui/file/f924757fb5fe3afdd09f8aedb2fc9070fa06d3dc4482c8481ef63583d78a05d9/detection

168.235.111.253:4415

# Reference: https://www.virustotal.com/gui/file/ce6d7cf3883ed8caaf2628f51350058e5064e1b48c8336f35cf42b0228935409/detection

105.112.96.56:3317

# Reference: https://www.virustotal.com/gui/file/252f598736cac5b295bf7ea563323765cbdcf68298bb78eed87189b7efa18175/detection

william1979.ddns.net

# Reference: https://www.virustotal.com/gui/file/712b588b3ccbe530cbb146c90a97622b99f468fa323caf5f6edeb962c186d14b/detection

168.235.111.253:9889
rss99.mooo.com

# Reference: https://www.virustotal.com/gui/file/bd8112f04dcf2b238e82d40fb834bd2dd917d37cacd827562d67531f7d3312fa/detection

miedoo.no-ip.org
medo0.myq-see.com
medoo.publicvm.com

# Reference: https://www.virustotal.com/gui/domain/cp.wf0lr73a.ru/relations

wf0lr73a.ru

# Reference: https://www.virustotal.com/gui/domain/cp.0iiqjolt.ru/relations

0iiqjolt.ru

# Reference: https://www.virustotal.com/gui/file/fbcdd5c542bb5c66303e621829f0cd654be0bfb38ed0c50a335ef3c9dae0201f/detection

196.70.51.118:2020
njtttts.ddnsgeek.com

# Reference: https://www.virustotal.com/gui/file/c3affb76ff0fad78d77b0153b5c2a99d5bbd8d829ef13661c0af58d2988db344/detection

194.127.179.195:8901
rolpositive.ddns.net

# Reference: https://www.virustotal.com/gui/file/b575e9afc3c85dfaa992c9abd8f96374f5940b69d57cb419192612acffd41315/detection

79.134.225.97:3421

# Reference: https://www.virustotal.com/gui/file/66e1c6c1d989dd81fe43174e2b6ae5de46a05e2215a0812acd23aba776e3a08b/detection

79.134.225.123:54567

# Reference: https://www.virustotal.com/gui/file/eee70c6f6c2808d5f6673c3ecf1ac719473c88e7ddb6bafe4b797e3ae680b0b8/detection

178.124.140.138:1000

# Reference: https://www.virustotal.com/gui/file/6836f63b647319ea9122c7cb7170deced0ea5be098849eb11676e3c49e50f11b/detection

178.124.140.145:1000

# Reference: https://www.virustotal.com/gui/file/fb233f14d4303e3afe6f3bcc2cf5782384caf179e9bb5deeaf96389ce33073b4/detection

178.124.140.144:5000

# Reference: https://www.virustotal.com/gui/file/7de873a85f31d324dfca704270914ee2b2b97e62003990a781204d94ff2f3f86/detection

140.82.57.249:8989

# Reference: https://blog.talosintelligence.com/2020/05/threat-roundup-0508-0515.html (# Win.Trojan.Chthonic-7770498-0)
# Reference: https://www.virustotal.com/gui/file/cba9bf98c34bf75ec7458f6f06b381484d38ec087f915d57d441564dbc07e161/detection
# Reference: https://www.virustotal.com/gui/file/2f66ded6ef7996170c47e2a5caa56f2d95fd827ffbbe51779813d37ff5576a11/detection

baidishenko111.in
karaokeboom.ru
tangchenbeijianhealth.com
/system4_1030.php
/gate777.php

# Reference: https://www.virustotal.com/gui/file/e813076a2f031757f2edd919c87a842e192074eae0de81fa6d8cd0b4fcbfdd6a/detection

bestbrightday.ru
connect-s3892.ru
connect-support-server.ru

# Reference: https://www.welivesecurity.com/2017/12/04/eset-takes-part-global-operation-disrupt-gamarue/
# Reference: https://www.platinbilisim.com.tr/TR/Medya/Duyurular/gamarue-andromeda-botnet
# Reference: https://otx.alienvault.com/pulse/5a27c085ace18f318adf4707

designfuture.ru
4nbizac8.ru

# Reference: https://www.virustotal.com/gui/file/7819f9c809a1ae0789faf865668adc5c0989f022d8c9a139de250ba999562fbd/detection

bastbot.com

# Reference: https://www.virustotal.com/gui/file/d308d078d4af0ed2b7036a773c6e7fc9ccaf06ddac965ea0ff489a2b52baae47/detection

79.134.225.59:9877

# Reference: https://www.virustotal.com/gui/file/16fb367c0f26b94aef6b68375c48235cea6bfdd7df222f5becce8133d4802390/detection

2020logs.duckdns.org

# Reference: https://blog.talosintelligence.com/2020/12/threat-roundup-1211-1218.html (# Win.Trojan.Gamarue-9809766-0)

bolte.pw
ggell.pw
xviesse.pw
kpxkubowvkllwf.cc
kqhmknyidxjuxx.com
kwnyotlewqgwyl.cc
llswdkqmxgjcnu.com
lpblgqdmnjnjqa.net
lxybtvndxcfnbx.net
maxbyulweifvcy.net
mhaclspkylcgle.in
mpqjgedlgobigs.com
mvrayrcjuobjly.tw
obifmsurqodhbb.com
ongyichcmybdrb.cc
pktthwxaqvmktb.net
pmkgfsxvuqlovm.cc
qalhugqpkgbeyk.com
qglscxdeacnhnx.in
qjjvlpqqfmiixq.in
qojpalhvxdmrqn.tw
qpragpmmbglnkk.in
qudqihusnvymjx.cc

# Reference: https://www.virustotal.com/gui/file/55a753ad229fddda9d7c63bb2ee52bdd2a4eb9e4dc66c570b44bc6e785631588/detection

somethingnice.hc0.me

# Reference: https://github.com/stamparm/maltrail/commit/733a4d2029755ad71c84caf07fc8dfb0e8332e60

aaa18aaa18.pw
aboula.pw
androcp.cloudns.pw
anene.info
armi.blutu.pl
brooksidebiblefellowship.org
daddystar.info
daretosay.webege.com
deadhost.info
dxg-darren.info
dxg-tommy.info
eastmedia2112.com
filer.comeze.com
furysro.com
ghost12.eu
gibson-ventures.info
gogalaxy.info
hfcool.info
hussainibuilder.com
internationaltravelconsultantsinc.com
jobtwitterz.biz
juanita.esy.es
kdp-ventures.info
knockknock-jokes.com
kompirisojajca.servepics.com
ladylee.pw
londonpaerl.co.uk
longroad.nl
macdaviddfirst.info
mustache-styles.com
mynew1337bots.com
nav1111sto.mcdir.ru
nav555asto.mcdir.ru
serwer1440854.home.pl
serwer1455415.home.pl
simpleone.info
strongshild.net
theshangai.info
tom91jerry.ws
tovia.info
tumor.hostoi.com
wtfshogunatemacabrewtf.in

# Reference: https://www.virustotal.com/gui/file/5e7255d226436680b2238c47580ead1ff27bea44d4cc6f2ab66294d022212f1a/detection

captioncodes.ru
eriksiversen.ru
finley.su
juliussdietz.ru
offparking.ru

# Reference: https://github.com/stamparm/maltrail/commit/733a4d2029755ad71c84caf07fc8dfb0e8332e60 (# skyload)
# Reference: https://www.virustotal.com/gui/domain/flashbox.pw/relations

flashbox.pw
nettlerok.net

# Reference: https://www.virustotal.com/gui/file/8fdfe6a44d63b089160ca3bacdb87965184a43e0ec577c4400b98846f263f72d/detection

pacifista.ru
restless.su

# Reference: https://s3.amazonaws.com/snort-org/www/rules/community/community-rules.tar.gz
# Reference: https://snort-org-site.s3.amazonaws.com/production/release_files/files/000/012/156/original/snort3-community-rules.tar.gz

cd5c5c.com
disk57.com

# Reference: https://www.virustotal.com/gui/file/299790ad7148fcae3d433c8265533e2fcbb620c04ab4896d44a1f9dc5b8e3f61/detection

tiptronic.soxx.us

# Reference: https://www.virustotal.com/gui/file/69904a0d0ec00db94dc780b7a594f7f802f809b8462dc1206d11f21287e68d3e/detection

tanparranbely.info
tindidntenyco.win

# Reference: https://www.virustotal.com/gui/file/83156627debe5f0f4076f3bda3e4022ff59e555557567fd7df51de2367197289/detection

178.34.151.27:81

# Reference: https://blog.talosintelligence.com/2021/04/threat-roundup-0326-0402.html (# Win.Trojan.Gamarue-9847820-0)
# Reference: https://www.virustotal.com/gui/file/73e47101d430251d0c38797726970270391bd3d6be996eb44cb7caa06f4bb5a2/detection
# Reference: https://www.virustotal.com/gui/file/e87ed54a3f88bcd0445e7dd4e0aa2426de0a062921612401910289316c9cd58f/detection

http://176.103.56.116
http://185.141.27.206
adventurernw.top
conclusionsig.ru
disarmamentjy.bid
encampmentev.top
kuwiran.top
permittedsm.net
po-sutoshno.ru
principleoe.ru
reconnaissancebm.top

# Reference: https://www.virustotal.com/gui/file/d577fbe0863045ae0b7cf5785e7a1de614248d261e159ad47ff62e8c92b7a2d9/detection

nni.noip.me

# Reference: https://www.virustotal.com/gui/file/9f126a9083f4dfad8d401004da13bf385c448549f489ffedc32d72708f2cac85/detection

fykqx.ru

# Reference: https://github.com/hardenedlinux/hardenedlinux-zeek-script/blob/master/scripts/frameworks/intel/OSINT/CYBERCRiME-03-03-19.txt

/bot/andromeda/
/bot/andro/

# Reference: https://www.virustotal.com/gui/file/5c50555a33fcc0ed8b4aaf0884f44e8fe6d5f8567f3f600307850189c146676f/detection
# Reference: https://www.virustotal.com/gui/file/518999aef358f1161d48d65e928b7efaedc80c28973be19bbc702c855f3e7f1f/detection

googlecdn1.com

# Reference: https://www.virustotal.com/gui/file/2418fe492073621aa81bf922d8f2c792c47be04e6777cf3a9c6b68b5b26caf16/detection

tessatiszue.com

# Reference: https://www.virustotal.com/gui/file/3eb684a9ffe92d0a14763313981355b91333ae1b4c160f681172dc740234f6e3/detection
# Reference: https://www.virustotal.com/gui/file/82a3358ea0ea9a5e4d00357591ad43aee90a24f165e4c5e2aaec8d0c957af149/detection

184.105.192.2:8080
185.20.226.41:8080
5.135.28.118:8080
5.63.155.195:8080
briangriffinforever.com
onemoreres-bbb.com

# Reference: https://www.virustotal.com/gui/file/42e50aab4e532ac25dfae283c2d14ddd3b4c9d74a06dcb469537f7519a0ff1a9/detection

217.12.209.122:8080
91.215.153.21:8080
91.215.153.60:8080

# Reference: https://www.virustotal.com/gui/file/07498877e79ec7e25b488ff9c1504d6a1eb3f51640dc91216b1713d73f518646/detection

clavierimsiom.sytes.net

# Reference: https://www.virustotal.com/gui/file/3484edee44e7922bbe9fb852535e30609ad6f55449a46be7359e9de20ddd030d/detection

197.52.152.255:9003
yoworldservices.space

# Reference: https://www.virustotal.com/gui/file/a4caa86960de5591889c9b5285ca5f6e5a0c1f16a4e4f57609de38ba4d873b3f/detection

205.185.118.52:8090

# Reference: https://www.virustotal.com/gui/file/6bae0686b6e895bb9096b11255c42827f303abb2e31116366baab930831a27ed/detection

37.49.224.139:8080

# Reference: https://www.virustotal.com/gui/file/6d76908697cbb0957e65bd47d0b88c563ed53c7ba7133f6f26f4c84193407e79/detection

37.49.224.139:8088

# Reference: https://www.virustotal.com/gui/file/f59a248f39d52510c4a03b5c1788553039f297e3e33602fd009dbf0133cc7cd3/detection
# Reference: https://www.virustotal.com/gui/file/b3dc6c845f8a7858a5f5ed41fc775d68759d97483ecbdf31e0d84eeef49b646c/detection

45.144.225.26:4871
juwsdbgje.ratkings.net

# Reference: https://blog.talosintelligence.com/2022/06/threat-roundup-0617-0624.html (# Win.Malware.Gamarue-9952453-0)

aega.co.kr
hellobetta.com

# Reference: https://www.virustotal.com/gui/file/aa6cd85b2786ee3d927f133474dd5ac42a3166cca2a2d7cc52eba78bf542dafe/detection

79.110.62.174:81
1235125125125.hopto.org
23631251235.ddns.net
36123623672437247.zapto.org
365123561235125.mooo.com
373462345235235.kozow.com
58457643534.chickenkiller.com
63663113.crabdance.com
73456345345.sytes.net
8248124892849.awsmppl.com
89696969.ignorelist.com

# Reference: https://www.virustotal.com/gui/file/092910024190a2521f21658be849c4ac9ae6fa4d5f2ecd44c9055cc353a26875/detection

nefosferta.com

# Reference: https://www.virustotal.com/gui/file/01124095bab86e66b7ec98013e2cf128eb346f5618109c541ccfe487506fc823/detection

11111.dtdns.net

# Reference: https://www.virustotal.com/gui/file/1b5f80dc2902e202e19d9a6b5bec1b8d807085c71ab0e8d73d871bab76541abf/detection

11189.dtdns.net

# Reference: https://www.virustotal.com/gui/file/0295a5c10eb8153ce949967f60dd1c6dce4660ee7ec1fc94557aa0c15d576bb6/detection

12231.dtdns.net

# Reference: https://www.virustotal.com/gui/file/015af3a97c3277381d8f1d85830e6e30a4978365a96accc882fca25698d9d64b/detection

23321.dtdns.net

# Reference: https://www.virustotal.com/gui/file/001a998cd84266f89f3499bd4181b1eca31feffb00fc9087f65a9f8735ba0068/detection

90394.dtdns.net

# Reference: https://www.virustotal.com/gui/file/011221cfeb93b12146fa71229aa34baecd3837534810ce2dfd92fe7957261895/detection

67655.dtdns.net

# Reference: https://www.virustotal.com/gui/file/0ce793800f932bf62f8c42225950badc276c3e1035007ce506300635daf4eb84/detection

87787.dtdns.net

# Reference: https://www.mandiant.com/resources/blog/turla-galaxy-opportunity
# Reference: https://www.virustotal.com/gui/file/71d6772d62124342b158e27f8b6ce7d78dba93ed19d24bf8938516efa2510891/detection

yelprope.cloudns.cl

# Reference: https://www.virustotal.com/gui/file/e8147a4899d9c10e6f8a61a9ddfa9e329991f0f8706b85391143177507f44a9e/detection
# Reference: https://www.virustotal.com/gui/file/a1b01b4d5e384a322f725b1de0ed10dcf68c0040f7421694d5c28fb34ee42cd3/detection

185.65.135.177:12962
ugxrgmmq.duckdns.org

# Reference: https://www.virustotal.com/gui/file/72164510a007742bb233421f25a00a974292b745b44a9a172faced8c0c4cec82/detection

103.212.81.154:3342
7fxcmft-olcmjfjxdk.duckdns.org

# Reference: https://www.virustotal.com/gui/file/09360fd5c956e6e80683e3749211e7a5511d94c992adc739f4d92b98bf60ac4f/detection

0000.no-ip.biz

# Reference: https://threatfox.abuse.ch/browse/malware/win.andromeda/

chaseonlineprivatebanking.blogspot.com
privatebankinghsbc.blogspot.com

# Generic

/0011ldr.php
/0022ldr.php
/00044ldr.php
/00055ldr.php
/blob64.php
