# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-319a
# Reference: https://www.fortinet.com/content/dam/fortinet/assets/threat-reports/rhysida-ransomware-intrusion.pdf
# Reference: https://otx.alienvault.com/pulse/655537ff05840a2a8d7b3d3d
# Referecne: https://www.virustotal.com/gui/file/e79960b3fbeab8656f2edaa2bedda6e58f774542a14d79246eec1a51e203d5ec/detection

http://5.255.127.20
5.255.113.37:4001
5.255.127.20:443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv

http://109.176.207.22
http://139.64.133.194
http://159.100.6.103
http://173.46.80.206
http://185.216.144.51
http://216.74.123.41
http://5.161.252.127
http://51.68.216.13
http://51.89.137.8
http://65.108.49.36
http://78.47.60.67
http://85.239.53.94
109.176.207.22:443
139.64.133.194:443
159.100.6.103:443
173.46.80.206:443
185.216.144.51:443
216.74.123.41:443
37.59.205.5:443
5.161.252.127:443
51.68.216.13:443
51.89.137.8:443
57.128.166.214:443
65.108.49.36:443
78.47.60.67:443
85.239.53.94:443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-08-24)

http://159.100.17.21
http://5.161.45.18
http://89.117.109.134
159.100.17.21:443
5.161.45.18:443
89.117.109.134:443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-08)

http://37.59.132.162
37.59.132.162:443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-15)

http://191.96.235.177
http://216.107.136.57
http://5.152.222.100
191.96.235.177:443
216.107.136.57:443
5.152.222.100:443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-10-13)

http://146.70.87.109
http://188.245.80.52
http://5.161.115.34
188.245.80.52:443
5.161.115.34:443

# Reference: https://x.com/RakeshKrish12/status/1853703793101492487

152.53.38.103:8080

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-11-10)

http://38.132.122.156
http://54.39.83.169
http://91.231.186.174
38.132.122.156:443
54.39.83.169:443
91.231.186.174:443

# Reference: https://github.com/marktsec/Ransomware_Official_Domains#rhysida

grhysidafc6lm7qa2mkiukbezh7zuth3i4wof4mh2audkymscjm6yegad.onion
rhysidafc6lm7qa2mkiukbezh7zuth3i4wof4mh2audkymscjm6yegad.onion
rhysidafohrhyy2aszi7bm32tnjat5xri65fopcxkdfxhi4tidsg7cad.onion

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-01-02)

http://108.170.60.190
http://109.200.24.102
http://15.222.251.55
http://151.236.22.90
http://192.241.181.179
http://31.57.243.18
http://35.182.112.88
108.170.60.190:443
109.200.24.102:443
15.222.251.55:443
151.236.22.90:443
192.241.181.179:443
31.57.243.18:443
35.182.112.88:443

# Reference: https://x.com/orlof_v/status/1919843927491776993
# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-05-07)

http://146.70.87.138
http://147.124.211.116
http://149.56.205.44
http://185.233.166.107
http://46.21.153.146
http://49.12.69.80
http://51.222.96.9
http://64.94.84.85
http://85.239.62.195
http://91.231.186.25
http://96.62.214.11
146.70.87.138:443
147.124.211.116:443
149.56.205.44:443
185.233.166.107:443
46.21.153.146:443
49.12.69.80:443
49.12.69.80:8080
51.222.96.9:443
64.94.84.85:443
85.239.62.195:443
91.231.186.25:443
96.62.214.11:443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-06-15)

http://141.195.119.86
http://37.59.132.163
http://93.95.225.190
141.195.119.86:443
37.59.132.163:443
93.95.225.190:443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-10-05)

http://191.96.235.185
http://38.146.25.131
http://82.25.35.44
191.96.235.185:443
38.146.25.131:443
82.25.35.44:443
