# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: bobik, ddosia, killnet

# Reference: https://decoded.avast.io/martinchlumecky/bobik/
# Reference: https://www.virustotal.com/gui/ip-address/2.57.122.243/relations
# Reference: https://www.virustotal.com/gui/ip-address/2.57.122.82/relations
# Reference: https://github.com/avast/ioc/tree/master/Bobik

q7zemy6zc7ptaeks.servehttp.com
v9agm8uwtjmz.sytes.net

# Reference: https://decoded.avast.io/martinchlumecky/ddosia-project/

109.107.181.130:4200
109.107.181.130:5001

# Reference: https://www.sentinelone.com/labs/noname05716-the-pro-russian-hacktivist-group-targeting-nato/
# Reference: https://www.virustotal.com/gui/ip-address/31.13.195.87/relations

tom56gaz6poh13f28.myftp.org
zig35m48zur14nel40.myftp.org

# Reference: https://www.team-cymru.com/post/a-blog-with-noname

http://31.13.195.87
109.107.184.11:27017
185.173.37.220:5672
185.173.37.220:6379
31.13.195.87:9100
91.142.79.201:5051
91.142.79.201:9100
87.121.52.9:5001

# Reference: https://twitter.com/teamcymru_S2/status/1620019172712550401

http://212.73.134.208

# Reference: https://decoded.avast.io/martinchlumecky/ddosia-project-how-noname05716-is-trying-to-improve-the-efficiency-of-ddos-attacks/

http://161.35.199.2
http://87.121.52.9
http://94.140.114.239
http://94.140.115.129
161.35.199.2:22
87.121.52.9:22
94.140.114.239:22
94.140.115.129:22
161.35.199.2:5001
87.121.52.9:5001
94.140.114.239:5001
94.140.115.129:5001

# Reference: https://x.com/skocherhan/status/1898214290655428964
# Reference: https://www.virustotal.com/gui/file/9707920bd84a9aafcb5efc112ed19ec2d23b5e36dcc3caba33f5e6aadf0c558f/detection
# Reference: https://www.virustotal.com/gui/file/5588d1c5901d61bb09cd2fc86d523e2ccbc35a0565fd63c73b62757ac2ee51f5/detection

77.91.66.85:5000
77.91.66.85:5005

# Generic

/27bff71b-42c0-4a47-ba39-04c83f2f40bb/update?id=
/bcaa8752-51ff-4e35-8ef9-4aefbf42b482/update?id=
/d380f816-7412-400a-9b64-78e35dd51f6e/update?id=
/fb82275d-6255-4463-8261-ef65d439b83b/update?id=
/fb82275d-6255-4463-8261-ef65d439b83b/AdminService.exe
/fb82275d-6255-4463-8261-ef65d439b83b/afVAcUJTvDvM.exe
/fb82275d-6255-4463-8261-ef65d439b83b/BAebY2lBT7ee.exe
/fb82275d-6255-4463-8261-ef65d439b83b/Q7yheyG7.exe
/fb82275d-6255-4463-8261-ef65d439b83b/xLZ6auza.exe
/fb82275d-6255-4463-8261-ef65d439b83b/XuS1qxZa.exe
