# Copyright (c) 2014-2022 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: korat, lsslogger, remcos

# Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Remcos-G/detailed-analysis.aspx

remcos.legacyrealestateadvisors.net
remcos2.legacyrealestateadvisors.net

# Reference: https://blog.talosintelligence.com/2018/08/picking-apart-remcos.html

dboynyz.pdns.cz
streetz.club
mdformo.ddns.net
mdformo1.ddns.net
vitlop.ddns.net
ns1.madeinserverwick.club
uploadtops.is
prince.jumpingcrab.com
timmason2.com
lenovoscanner.duckdns.org
lenovoscannertwo.duckdns.org
lenovoscannerone.duckdns.org
google.airdns.org
civita2.no-ip.biz
pimmas.com.tr
mervinsaat.com.tr
samurmakina.com.tr
paulocamarao.com
midatacreditoexperian.com.co
lebontour.com
businesslisting.igg.biz
unifscon.com

# Reference: https://twitter.com/MaelSecurity/status/1036551872008605696

test200.dynu.net

# Reference: https://twitter.com/ps66uk/status/1040576968750706689
# Reference: https://www.virustotal.com/#/ip-address/185.163.100.45

gclarke77.gotdns.ch
gclarke7.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1040620171692466176

yvonne.ddns.net

# Reference: https://twitter.com/avman1995/status/1040472512356855808

top.taijh.xyz

# Reference: https://twitter.com/Racco42/status/1040154199592509440

auxlorenagomez.ddns.net

# Reference: https://twitter.com/luc4m/status/1021670673247285248

worldwide.weldwire.top

# Reference: https://twitter.com/luc4m/status/1019948492947709953

gatewayglobal.strangled.net

# Reference: https://twitter.com/James_inthe_box/status/1018792273574678528

http://185.62.190.232

# Reference: https://twitter.com/ps66uk/status/1046900765493739520

menaxe.duckdns.org

# Reference: https://www.cyren.com/blog/articles/fake-invoice-carries-rescoms-malware-targeting-businesses-globally

infocolornido.publicvm.com

# Reference: https://twitter.com/ScumBots/status/1051360120834265088

satan969.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1044204804354957312

ddns.njegidi888.xyz

# Reference: https://twitter.com/Racco42/status/1027883312252108800

2419.damnserver.com
2419.duckdns.org
2419.geekgalaxy.com
2419.health-carereform.com
2419.pgafan.net

# Reference: https://twitter.com/Jan0fficial/status/986580332135829506

remrem.onmypc.net

# Reference: https://twitter.com/Jan0fficial/status/975661898363559937

emilylatta411.servehttp.com

# Reference: https://twitter.com/James_inthe_box/status/939146342357536768/photo/1

gemalto788.ddns.net

# Reference: https://twitter.com/Racco42/status/1054384363524235264

eskimoz.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1102437794025295872

112.204.228.252:2323

# Reference: https://www.cert-pa.it/notizie/analisi-del-malware-remcos-veicolato-tramite-packer-delphi/

pekniecza.hopto.org

# Reference: https://twitter.com/dvk01uk/status/1108949343074054144
# Reference: https://app.any.run/tasks/5e5404b2-4018-4da4-a6a3-19465fa7cc9c

185.244.29.73:6767

# Reference: https://twitter.com/malwrhunterteam/status/1111352801693782016

castelfable.duckdns.org

# Reference: https://twitter.com/malwrhunterteam/status/1104327117309968384

infosblogwar.duckdns.org

# Reference: https://twitter.com/James_inthe_box/status/1098553609375993856

194.68.59.41:1956

# Reference: https://twitter.com/pollo290987/status/1083401581670875136

194.5.98.173:7081

# Reference: https://twitter.com/ps66uk/status/1062514051165704192

argonsa.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1060547624418168839

cjmoney.duckdns.org

# Reference: https://twitter.com/ps66uk/status/1049011930411794432

185.148.241.58:2442

# Reference: https://twitter.com/FewAtoms/status/1104355364391305216

196.127.74.118:2402

# Reference: https://twitter.com/Racco42/status/1088469487387664384

utchmann.bounceme.net

# Reference: https://twitter.com/pancak3lullz/status/1075888625261387777

info1.duckdns.org
185.244.30.126:5552

# Reference: https://twitter.com/James_inthe_box/status/1063118942095331328

449ers.ddns.net

# Reference: https://twitter.com/Jan0fficial/status/986580332135829506

remrem.onmypc.net

# Reference: https://twitter.com/Jan0fficial/status/975661898363559937

emilylatta411.servehttp.com

# Reference: https://twitter.com/ViriBack/status/971430374919122944

top.carolp1.xyz
185.62.189.72:1992

# Reference: https://twitter.com/pollo290987/status/963073970542129152

jerryemperror2.punkdns.top

# Reference: https://twitter.com/avman1995/status/960419643704913920

obereagu.ddns.net

# Reference: https://twitter.com/Antelox/status/884773449520095232

178.73.210.233:100

# Reference: https://twitter.com/makflwana/status/1104376804293263360
# Reference: https://app.any.run/tasks/8149d283-b550-4b31-9adf-4b4c85962e7d

juanbouyant.ddns.net

# Reference: https://twitter.com/x42x5a/status/1114133426708340736

prueba00223.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1115258819473317888

triggerd.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1121754056517537792

winsec.ddns.net
46.246.86.67:2606

# Reference: https://twitter.com/dvk01uk/status/1123210727483957248
# Reference: https://app.any.run/tasks/0e57a079-57d4-4c2d-8e01-82d316ac2d55

ablegod.hopto.org
79.134.225.6:6691

# Reference: https://github.com/edchavarro/RAT_IoCs

lacoste587.lacoste587.agency
dsquared21.dsquared21.rocks
hugoboss01.hugoboss01.store
luisvuitton.luisvuitton.tech
supreme12.supreme12.recipes
automovil1.peugeot10.cc
comida2.kfc52.club
auto14.wolsvagen7.mobi
telefonia1.telcel75.asia
consola2.nintendo3.life
microsofteup.pdns.cz
lexusempresa.100chickens.me
mojarracompany.pdns.cz
camilo6541.pdns.cz
balvinnew.100chickens.me
mercadolibre.pdns.cz
ebayeup.pdns.cz
antonio6532.pdns.cz
daniel6536.pdns.cz
181.57.221.10:4450
181.57.221.10:4452
181.57.221.10:4851

# Reference: https://twitter.com/pancak3lullz/status/1009524847314194434

185.209.85.75:7921

# Reference: https://twitter.com/suyog41/status/1129322130078916608
# Reference: https://www.virustotal.com/gui/file/817e345ac4e63947b592e28774c71c4a01d7c0f2005324b028871e0dedd7c4ef/detection

bego.hopto.org

# Reference: https://twitter.com/HerbieZimmerman/status/1131977968950099968

185.244.31.137:6666

# Reference: https://twitter.com/James_inthe_box/status/1132292966062518272

manihackz.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1132294012100960257

amanihackz.ddns.net

# Reference: https://twitter.com/ffforward/status/1133631211337912320

mgc2.hopto.org

# Reference: https://twitter.com/dvk01uk/status/1133667461335801857
# Reference: https://app.any.run/tasks/5c919ea0-0f27-481a-af41-42057d090096/

185.244.31.137:6767

# Reference: https://twitter.com/dvk01uk/status/1134014391249252357
# Reference: https://app.any.run/tasks/8d26c7f7-70bc-40c7-bfe2-b664d555054b/

185.244.31.34:6868

# Reference: https://www.malware-traffic-analysis.net/2017/12/22/index.html

darlz.freeddns.org
185.62.190.214:1695

# Reference: https://twitter.com/anyrun_app/status/1138078003815206912
# Reference: https://app.any.run/tasks/2aa81217-cd73-41af-901b-d578b5bbf041/

13.250.1.111:1986
13.250.1.111:1992
194.67.209.128:1992
194.67.209.128:7707
216.38.8.168:1986
216.38.8.168:7707

# Reference: https://twitter.com/James_inthe_box/status/1139839056748011520

xcv87xcv7xc7sd5f67s5dxc67vxdsfwe342.publicvm.com

# Reference: https://twitter.com/James_inthe_box/status/1139881993607380993

stainlessplc.ddns.net
184.75.209.163:6799

# Reference: https://twitter.com/dvk01uk/status/1141314328362176512
# Reference: https://app.any.run/tasks/8f80f415-a02e-451b-9797-96a3d03c793d/

185.247.228.199:6868

# Reference: https://twitter.com/x42x5a/status/1142113259044179968

jaybaba2.bounceme.net

# Reference: https://twitter.com/James_inthe_box/status/1142187271283548160

91.189.180.203:3480

# Reference: https://twitter.com/x42x5a/status/1142436174755192833

cemileorucs.ddns.net

# Reference: https://twitter.com/DbgShell/status/1143669818652069894

vubhijk.duckdns.org

# Reference: https://twitter.com/gorimpthon/status/1144186368483975168
# Reference: https://app.any.run/tasks/e5283183-af56-4628-bff3-b12572b43896/

185.247.228.99:1998
terrymamela.ddns.net

# Reference: https://twitter.com/reecdeep/status/1145646210398773249
# Reference: https://app.any.run/tasks/e89b3c70-50a6-421a-b639-299a918e147c/

jerryo.duckdns.org
185.247.228.236:8815

# Reference: https://pastebin.com/S4ggik78

du4alr0ute.sendsmtp.com

# Reference: https://twitter.com/killamjr/status/1154121304213094401

talkmess.dns-cloud.net

# Reference: https://twitter.com/Racco42/status/1157207083382652928

newrr.duckdns.org

# Reference: https://twitter.com/Racco42/status/1157242080932089856

191.101.150.90:2950

# Reference: https://blog.talosintelligence.com/2019/08/threat-roundup-0726-0802.html (# Win.Malware.Remcos-7089920-1)

abeasinf.duckdns.org
remsalvados2019.duckdns.org

# Reference: https://twitter.com/killamjr/status/1161983614197936128

185.244.31.32:2404

# Reference: https://twitter.com/James_inthe_box/status/1148692646942015488
# Reference: https://twitter.com/killamjr/status/1167454907676467201
# Reference: https://app.any.run/tasks/1c8c17b6-2628-4a06-8c2a-deb889e3e010/

185.244.31.96:3090
top.subaroone.waw.pl

# Reference: https://twitter.com/reecdeep/status/1163796233363906560
# Reference: https://app.any.run/tasks/e990631e-57b0-49db-b0b0-750dc33927dc/

185.244.31.26:6265
safer.ddns.net

# Reference: https://twitter.com/wwp96/status/1163788636036501504

evergraced.ddns.net

# Reference: https://twitter.com/Paladin3161/status/1164517058672906241

daya4659.ddns.net

# Reference: https://twitter.com/killamjr/status/1165459331912888320
# Reference: https://app.any.run/tasks/211498a3-95a8-44ee-a87b-25cdac3d8edc/
# Reference: https://www.virustotal.com/gui/file/6b32d6a32540884c3fb1a195b32b02aec9dd06797c464dee1c02bbb6ee97ffd1/detection
# Reference: https://twitter.com/killamjr/status/1168575703656189952
# Reference: https://app.any.run/tasks/346f19a6-7cd8-4da7-b7ba-76651bc540f1/

193.56.28.241:4444
193.56.28.241:8888
23.105.131.202:8888
crackme.hopto.org
noface55.kozow.com

# Reference: https://twitter.com/oguzpamuk/status/1166293812714659841
# Reference: https://app.any.run/tasks/d069fcb1-1c81-4f87-97bc-d4afb40a06e7/
# Reference: https://twitter.com/Racco42/status/1168449724724084737

193.56.28.173:2404
95.216.17.186:2404
23.105.131.169:2404
rownip.3utilities.com
rownip.dyndnss.net
rownip.theworkpc.com

# Reference: https://twitter.com/ps66uk/status/1167016794260946944
# Reference: https://app.any.run/tasks/121e7cd1-6954-44be-a1b4-825c2615c11c/
# Reference: https://www.virustotal.com/gui/file/15b83a6155f1aba3acb68e4ecb475bb742790b82de364d1df4dd918a31f7872e/detection

79.134.225.48:3765
79.134.225.86:3765
79.134.225.87:3765
79.134.225.89:3765
remcoss.onmypc.org

# Reference: https://twitter.com/de_aviation/status/1097547526763433985

du4alr0ute.sendsmtp.com
helloweenhagga.ddns.net
hhlari.ddns.net
moneybag123.ddns.net
revengerx111.sytes.net

# Reference: https://twitter.com/malware_traffic/status/1169050682386763776

37.19.193.217:2404
37.19.193.217:2405

# Reference: https://twitter.com/KorbenD_Intel/status/1169996681259245569

charlesremcos.duckdns.org

# Reference: https://twitter.com/wwp96/status/1170314034564018180

uaeoffice999.warzonedns.com

# Reference: https://twitter.com/wwp96/status/1170332469960331266

66.154.113.142:2404
jkharding2014.myddns.rocks
tomharry.ddns.net

# Reference: https://twitter.com/wwp96/status/1170334923892371459
# Reference: https://app.any.run/tasks/e2340ee4-ba30-44ec-b748-1d625e65db63/

79.134.225.77:2019
gratefulheart.ddns.net

# Reference: https://twitter.com/wwp96/status/1171448440535973888
# Reference: https://app.any.run/tasks/fcbb836f-7ade-44f1-bbeb-9c7d9047fbe1/

185.4.29.140:24009
inf111.ddns.net
inf111.hopto.org

# Reference: https://twitter.com/luc4m/status/1171783171677065217

charstiago6.dynu.net

# Reference: https://twitter.com/DynamicAnalysis/status/1172221575376134144

79.134.225.105:3368
sub2.haircaresupertouch.waw.pl

# Reference: https://twitter.com/dvk01uk/status/1176383495339483136

217.20.114.220:1010
myhousedubem.ddns.net

# Reference: https://twitter.com/VK_Intel/status/1176933671389081601

79.134.225.101:1188
sciano.duckdns.org

# Reference: https://twitter.com/Racco42/status/1179472593927200774
# Reference: https://twitter.com/Racco42/status/1179880257438003200
# Reference: https://www.virustotal.com/gui/ip-address/185.105.236.187/relations

185.105.236.187:5001
cepastr.ddns.net
manafuuh.ddns.net
teryts1802.sytes.net
updatechrome.duckdns.org

# Reference: https://twitter.com/VK_Intel/status/1179782506465366020

ulnews.duckdns.org

# Reference: https://twitter.com/Dashowl/status/1179833764651962369
# Reference: https://app.any.run/tasks/e38aa085-4cc2-43e6-befe-0b4d5caeb0b6/

204.152.219.70:5731
abundantgrace1.ddns.net

# Reference: https://app.any.run/tasks/9bfe4193-bfea-4523-be81-68953435e7b7/

181.215.247.18:2404

# Reference: https://twitter.com/MalwareConfig/status/1180886611602612224
# Reference: https://malwareconfig.com/config/daca573a51e9b080e2f3f6303611ee83

160.116.15.149:35364
henryofonyiri.ddns.net

# Reference: https://twitter.com/killamjr/status/1180968029858910209
# Reference: https://app.any.run/tasks/f9985b06-08a9-41dd-b2d4-d051e02f8c08/

137.116.73.45:2404
reneelauto.ddns.net

# Reference: https://twitter.com/teoseller/status/1179318648718188545
# Reference: https://www.virustotal.com/gui/file/550baa07a33c62d24636d672c5a0973dbb1babc8ddc75e434d316ece595296f6/detection

185.81.157.41:2404
santzo.warzonedns.com

# Reference: https://app.any.run/tasks/cb0e97af-6122-4181-87e5-842dedde0d77/

178.239.21.116:1795

# Reference: https://app.any.run/tasks/7634c4dc-dee9-41e0-a2c0-32b4ef3d1885/

213.184.126.134:1337

# Reference: https://twitter.com/P3pperP0tts/status/1181578274394251264
# Reference: https://www.hybrid-analysis.com/sample/47232b513efbd2c6fcd3dd1778aa00ca018710c8afd597d238ab1c94433747c4/5d9c9ed50288383e19febfe6

185.158.249.88:2404

# Reference: https://twitter.com/killamjr/status/1183421884794204160
# Reference: https://app.any.run/tasks/deed1a67-8d99-4e3c-9e87-5e63c39cb4c6/

top.intelprovidejordan.waw.pl

# Reference: https://github.com/edchavarro/RAT_IoCs/blob/master/README.md (# Remcos section)

181.57.204.130:4452
46.246.82.66:2000
bolso.gucci12.cc
celularmovil.huawei10.digital
consola2.nintendo3.life
consolajuego.nintendowii12.email
telefonia.claromovil1.work
tennis1.adidas3.tech

# Reference: https://any.run/report/613f437f01744740c4e96d84c970c51128929fcdaa1a9d7e31a1ee063bf49f8e/3ae8d7b9-9a47-4ac4-b564-96510dc901d7

185.217.1.173:2404
algheithcompany.duckdns.org

# Reference: https://twitter.com/smica83/status/1186542376355094529

91.189.180.214:7890

# Reference: https://twitter.com/killamjr/status/1188630140076658690
# Reference: https://app.any.run/tasks/a9de27e3-1bdc-43e9-8349-25bbe9c6cd90/

192.169.69.25:8077
redditmercy.duckdns.org

# Reference: https://twitter.com/James_inthe_box/status/1189251481943363586
# Reference: https://pastebin.com/H5UqcHv1

37.19.193.217:2398
toptoptop2.online
toptoptop2.site
toptoptop3.online
toptoptop3.site

# Reference: https://twitter.com/James_inthe_box/status/1189202165161529344

79.134.225.95:4050
79.134.225.95:6080
mnx.duckdns.org

# Reference: https://twitter.com/w3ndige/status/1189301538142990339
# Reference: https://app.any.run/tasks/a8a4f079-0296-41fa-bcb0-546a54db9e56/

109.202.103.170:8733
213.152.161.40:8733
213.152.162.89:8733
213.152.162.109:8733

# Reference: https://twitter.com/VK_Intel/status/1189602729498464257
# Reference: https://www.virustotal.com/gui/file/9235b1f5f9cc8efbf0ad96e4b48872a4043286fcdd182423746ed2e3700e1559/detection

79.134.225.20:2404
hobbotgy.duckdns.org

# Reference: https://twitter.com/Paladin3161/status/1190072879242596352
# Reference: https://www.virustotal.com/gui/file/6e366fd065815118100c0a7fe8fa95208e87944b9dd4ce9df556c6d9f31151ec/detection

menaxe.nsupdate.info

# Reference: https://www.virustotal.com/gui/file/d23189d4520692301d6a013f60d59972fb61fd4bc3f011693411b20e9bdbd1e6/detection

185.244.31.85:4050
menaxe212.duckdns.org

# Reference: https://www.virustotal.com/gui/file/6ddca5e1a4a9a4afd6663da5c05252d4150c8e271fbe28a81b3ae3af4cbca49c/detection

185.165.153.185:4050

# Reference: https://pastebin.com/29uSdMAk

sub.thebest1jewels.waw.pl

# Reference: https://pastebin.com/29uSdMAk
# Reference: https://www.virustotal.com/gui/ip-address/79.134.225.29/relations

79.134.225.29:3018
bzsoftwaress.hopto.org
faxjohn01.dyn.ddnss.de
londonchap.duckdns.org
samuelcity.ddns.net
top.citycentrejo.waw.pl
sub.winkcaffe.waw.pl

# Reference: https://twitter.com/killamjr/status/1191192709727506438

79.134.225.73:2404

# Reference: https://app.any.run/tasks/508a6b73-18b4-490e-a1f3-69341ba72512/

79.134.225.80:2404
clintonlog.hopto.org
joseph3m.ddns.net

# Reference: https://app.any.run/tasks/880d03b6-ed40-4688-a1ee-7f27e9873013/

91.189.180.214:7890

# Reference: https://twitter.com/malwrhunterteam/status/1060836685771087873

35.237.81.215:1604
fuckerswashere.duckdns.org

# Reference: https://twitter.com/wwp96/status/1191790897714913281
# Reference: https://app.any.run/tasks/4e587628-821c-42e9-ae52-ad84fd05ba85/

91.193.75.51:4343

# Reference: https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html (# Win.Dropper.Remcos-7376444-0)
# Reference: https://www.virustotal.com/gui/ip-address/179.33.152.127/relations

msipro2019.duckdns.org

# Reference: https://twitter.com/wwp96/status/1191486608249368581
# Reference: https://app.any.run/tasks/4ca60fe6-eb65-48eb-8f80-eb28e19ecfa4/

79.134.225.11:5198
mpremx.duckdns.org

# Reference: https://twitter.com/wwp96/status/1191443761563353089
# Reference: https://app.any.run/tasks/bd34ac22-9167-4ae5-a91f-e5600e21e72f/

115.133.245.72:3908
115.133.245.72:4101
115.133.245.72:4421
ego9.ddns.net

# Reference: https://twitter.com/JayTHL/status/1189778893298970624
# Reference: https://www.virustotal.com/gui/file/1511d64209925c818d7db8eb1d0229e54debbea0d2a60bba094a05edd8d76a1d/detection
# Reference: https://www.virustotal.com/gui/file/0634fc3acc43e1b3a357a28e4f0e20edac01ea07aa5de6e0373b8eb521bfd150/detection

194.5.97.96:22940
194.5.97.96:7493
lekwahouse.ddns.net
pirorityclient.ddns.net

# Reference: https://twitter.com/JayTHL/status/1189761540251103232

82.112.40.135:1604

# Reference: https://twitter.com/VK_Intel/status/1194260473631428608
# Reference: https://twitter.com/VK_Intel/status/1194338499085778944
# Reference: https://www.virustotal.com/gui/file/73cd4a5fd5d4670ecfa8d3e1d64055b76373e7730e0f7947ae850dbf2ee41549/detection

194.5.97.119:1000
nanoprivv.duckdns.org
zotizieweb1.duckdns.org

# Reference: https://twitter.com/wwp96/status/1196471158054494208
# Reference: https://app.any.run/tasks/66e92f07-3225-4d85-838f-cb3ccdbd90c8/

79.134.225.99:4387
respainc.duckdns.org

# Reference: https://twitter.com/wwp96/status/1196491717572222977
# Reference: https://app.any.run/tasks/594a9510-e48a-4dd5-89ea-73fe6929c225/

185.140.53.168:5980

# Reference: https://www.virustotal.com/gui/file/db21285f8f62e182c6cb217073632a0c878c44e6b9d7dd2cf68df573391aa924/detection

154.16.93.170:8320
185.217.1.186:8320
217.79.184.12:8320
79.134.225.29:8320
faxjohn01.dyn.ddnss.de

# Reference: https://app.any.run/tasks/c735b356-3ad6-47b2-8db9-4b820fba23ce/

pharmalobster.duckdns.org

# Reference: https://app.any.run/tasks/1c7dc445-3d6f-4219-a2e1-afc99d3916a0/

rt.sexsweet.vip

# Reference: https://www.virustotal.com/gui/ip-address/79.134.225.105/relations
# Reference: https://www.virustotal.com/gui/file/331003b87d0c8194b40ca96740295c74a3695331e917a9d0511c62e6ffdd7e80/detection

79.134.225.105:3368
sub2.haircaresupertouch.waw.pl
top1.supertouchhaircare.waw.pl

# Reference: https://www.virustotal.com/gui/file/4a43fde440d91d130acd096114cfbe5e965100793f354297657d6595e2a4b941/detection

electroking444.hopto.org

# Reference: https://www.virustotal.com/gui/file/2478c6c90b6c4ecfc0a010b111bde48456898aba2946625784ecc083960f683a/detection

electroking444.ddns.net

# Reference: https://www.virustotal.com/gui/file/10c47670d9b565e7911364006e01fc545ef9b313bf5d230405f067b6a7795b50/detection

79.134.225.89:2501

# Reference: https://www.virustotal.com/gui/file/31022c5eb483f3b105050ab054e45541b206583996aec342b20fad359b1978ce/detection

199.195.250.222:6464
leebase.nsupdate.info

# Reference: https://www.virustotal.com/gui/file/3692d98da1a9c209fe3f7789caa282a374eb39acde6d3b6690297773cd201c2a/detection

79.134.225.89:6464
filebase.duckdns.org

# Reference: https://www.virustotal.com/gui/file/3121062c6478104325d7bdf59a08f9c416c2c8343ee4eb80829775c984a06310/detection

79.134.225.89:3369
fucktoto.duckdns.org

# Reference: https://www.virustotal.com/gui/file/9e0d19b6ddfce89c11868bd8afdcfb53fa8d8c7c17623d25d04065aac411b521/detection

79.134.225.89:32002
work1234.duckdns.org

# Reference: https://blog.talosintelligence.com/2019/11/threat-roundup-1115-1122.html (# Win.Dropper.Remcos-7395733-0)
# Reference: https://www.virustotal.com/gui/ip-address/186.170.64.85/relations

186.170.64.85:2404
msipro2019.duckdns.org
nashpink2019.duckdns.org
proyectobasevirtualcol.com
recuperaciondecartera.website

# Reference: https://www.virustotal.com/gui/file/c382f97e5303ea6f171e7a1a1d1f305fa228dd368857d57035c70b7c1dbe4c2e/detection

186.170.64.85:6404

# Reference: https://www.virustotal.com/gui/file/c382f97e5303ea6f171e7a1a1d1f305fa228dd368857d57035c70b7c1dbe4c2e/detection

161.18.215.40:6404
179.33.63.205:6404

# Reference: https://www.virustotal.com/gui/file/ec3c174d36d5f8faa784d42a6972406d5ad258b770a308027a0bea1bb04a2fa3/detection

186.170.70.152:3370

# Reference: https://www.virustotal.com/gui/file/a0f495716cd691031cef9c3e92aa0c19f6f97a1179a60518797f1fdb5e1d82f7/detection

79.134.225.90:6553

# Reference: https://www.virustotal.com/gui/file/bb81e35d7d90e9d2a97408c256c4a498d85cfd36568e85b631766d34a9182b57/detection

79.134.225.90:2404
graceofgod.duckdns.org

# Reference: https://www.virustotal.com/gui/file/9d22fa075c100254780f36d4ece00b40fad5cad6c5be21e15ed929c99680b904/detection

79.134.225.90:24197
registerme.warzonedns.com

# Reference: https://www.virustotal.com/gui/file/646178cbc5b2452e1f3ee34500f039ab15f1f4d81533e1abc7db290fe43a10e7/detection

79.134.225.90:54985
1338099.ddns.net
jaden222.kozow.com

# Reference: https://www.virustotal.com/gui/file/eb712d5bb30e21cac53acdac476e526371534827486ad228c592facad084d220/detection

79.134.225.90:7331
7331.duckdns.org

# Reference: https://www.virustotal.com/gui/file/04393c8b23e1742c3ca20a081739b7bb959274adc61f83158d0ef96ef575779e/detection

79.134.225.90:1720
jack2019.warzonedns.com

# Reference: https://www.virustotal.com/gui/file/5689e69c5f46ab06f7b5b8d4aaaf235210ce6cf014fb3324c6d6c785ccb688c7/detection

79.134.225.90:5656

# Reference: https://www.virustotal.com/gui/file/330e409e8edbecfd1e3146c7dd09670e6d3364fb3f16ff0b2c129aea37b03e2f/detection

79.134.225.90:5001
teryts1802.sytes.net

# Reference: https://www.virustotal.com/gui/file/83c8a487ae867ea10107a1a6a93a5c1b6b54744a384338e166317049a53f97ec/detection

79.134.225.90:5355

# Reference: https://www.virustotal.com/gui/file/8bbfa7a830568b039465d6abf3c517422c94d3abfe6455410a1437430a48e2de/detection

64.42.179.59:33089
sdkljsdf89237487428974wrewrwrereerwerw.linkpc.net

# Reference: https://www.virustotal.com/gui/file/747cc60bf20b60daa1441457d74becb38f01564068d56e8eed000a1f9557d344/detection

199.249.230.22:33089

# Reference: https://www.virustotal.com/gui/file/da9f70611fc313108dfd69262954d2b926761528e20acda0593878ba0bd7a0ab/detection

198.203.28.43:33089

# Reference: https://www.virustotal.com/gui/file/60fc1a6f625150ec93ea5eb5cc91252542f15bd91dda6ea27d389b828a383061/detection

192.69.169.25:4864
abeasinf.duckdns.org

# Reference: https://www.virustotal.com/gui/file/97571694c24fc14cfb658d7620d74c69ef42a78e2bad32ca047022b984edf922/detection

186.170.76.206:4864

# Reference: https://www.virustotal.com/gui/file/45f8ba1f2b1456f4192a0ac31b2788c18b957fdec9d94da8f3c3a581cf0e0591/detection

192.69.169.25:1626
wiskiriski15.duckdns.org

# Reference: https://www.virustotal.com/gui/file/1daf168cc60d73346093932e5db44e055166da7e26c06e7fa7453ced43cffd42/detection

192.69.169.25:3864
pichicoyote.duckdns.org

# Reference: https://www.virustotal.com/gui/file/060231c7729f65f39c1cc05fbe097d9c872dabd9391cc20eaf60c8d3c3cb0b5a/detection

79.134.225.80:3360

# Reference: https://www.virustotal.com/gui/file/e8a34e6e1db7c73ffea0618863c3d4ce31f3b32c4a16ec04b11460efb13a195e/detection

79.134.225.99:3360

# Reference: https://www.virustotal.com/gui/file/d96c1dc0ea3859660cd97e0f88b0cb0fab0a974ac0f07c7eadd45f48407a0224/detection

79.134.225.123:3360
79.134.225.125:3360

# Reference: https://www.virustotal.com/gui/file/1f6baac0b57ae8c9a3dfe83c6c4bf14ed0b00c785c333cfd905f3b403c036077/detection

79.134.225.122:3360
79.134.225.124:3360

# Reference: https://www.virustotal.com/gui/file/29bd4d55cb24fd04eabdc27eabcabe11f348ed1fc60b4c066af3be4c5eed869c/detection

185.165.153.113:3360
185.165.153.198:3360

# Reference: https://www.virustotal.com/gui/file/cc0f030f39bfc8c65c10bbcee2ce8679f313687dcce2ea8218e2a8fc8cd5c14d/detection

79.134.225.58:5609
remcus.chickenkiller.com

# Reference: https://any.run/malware-trends/remcos (Note: as seen on 2019-12-04)

ubananocore.ddns.net
sandra.myddns.me
prayersanswered.hopto.org
gratefulheart.ddns.net
888rats.duckdns.org
grafeulheart.ddns.net
ijomsdavis1.ddns.net
blessingfollowme.myddns.me
slimyuyo.duckdns.org
vemvemserver.duckdns.org
3forall2019.servesarcasm.com
mozillamaintenanceservice.duckdns.org
spenzmarine-56499.portmap.io
fobeno-42652.portmap.io
lololol-54262.portmap.io
Theprohd-59801.portmap.io

# Reference: https://pastebin.com/r5ZV1TCJ

menaxe.nsupdate.info

# Reference: https://twitter.com/wwp96/status/1203002510765707264
# Reference: https://app.any.run/tasks/30aa42c6-1bf5-4eed-84fc-099cc2f69404/

174.127.99.167:8970

# Reference: https://pastebin.com/7Ak2nP2T

reverse.spamassasins.icu
top.multigamingjo.waw.pl

# Reference: https://www.virustotal.com/gui/file/80120be87db5c64640fbd69a55cfd335601de08d5bcff393e66ff6f51c460850/detection

79.134.225.121:22940

# Reference: https://twitter.com/smica83/status/1205000837430468608

top.phonefix1.waw.pl

# Reference: https://twitter.com/Paladin3161/status/1197842954037018625

192.169.69.25:1116
ashawo.duckdns.org
wecollect11.duckdns.org

# Reference: https://www.virustotal.com/gui/file/3e444ad341b93f3150b1eae401b84c1b8afd73a80345b4b328bd26c9e5dc5d66/detection

185.148.241.48:1115

# Reference: https://www.virustotal.com/gui/file/a22ede52f14be480dd478fa0ec955b807e4b91a14fbe1b5d46c07bbb5cacccbb/detection

185.244.30.116:1116

# Reference: https://www.virustotal.com/gui/file/53a20bb94b5f34076b98b161b786e24a3fe4c1d3ba36892a901f0709461d096e/detection

185.244.30.116:2444
proudsoldier.duckdns.org

# Reference: https://www.virustotal.com/gui/file/bf16f2332e28ac589939efd41ce77fafeed6c9f8b20661f55a0e1264c78bebd0/detection

91.193.75.49:1116

# Reference: https://www.virustotal.com/gui/file/efda9ecdddba583c653b76dbc825daaba070e16d4e6be3f6439278c6c023450a/detection

185.165.153.231:2404

# Reference: https://twitter.com/ActorExpose/status/1196103594845593600
# Reference: https://app.any.run/tasks/4be5595d-4651-40ae-b24d-917a47b26fbb/

79.134.225.46:1960
mgc1.duckdns.org

# Reference: https://twitter.com/coderippers/status/1194935759775641600

185.165.153.186:5132
91.193.75.51:3434

# Reference: https://twitter.com/Paladin3161/status/1194813271494148096

192.169.69.25:100
jamesremcos.duckdns.org
savagesquad.ooguy.com

# Reference: https://www.virustotal.com/gui/file/a8c80446c78199908f9187795627a6111e765b7abf20662cd0f1762ba80abaa1/detection

185.165.153.27:100

# Reference: https://app.any.run/tasks/4e587628-821c-42e9-ae52-ad84fd05ba85/
# Reference: https://www.virustotal.com/gui/file/9b4585e342acf00e8d7c0f0b215af2f74ce1a0b428583c30868dbc616d87e1dd/detection

srvc50.turhost.com

# Reference: https://www.virustotal.com/gui/file/1efc346c6761b933adc7a10ab7e6da5e6c65369b5b90f3ddd528ce2bcc3116ab/detection

91.193.75.51:4343

# Reference: https://research.checkpoint.com/2019/decypherit-all-eggs-in-one-basket/

rmagent.biz

# Reference: https://www.virustotal.com/gui/file/8003d7af85e3d328eb0c789e32bba3de456523c109847eca2ace5ae0252c1ee2/detection

185.165.153.22:2211

# Reference: https://www.virustotal.com/gui/file/04455422ee74836e38315b4ac9740470c963e45d5cf61fb3927f02ed9be4d995/detection

185.165.153.22:11011

# Reference: https://www.virustotal.com/gui/file/606aee9e6f0ec6e51dd94cda76b4978392bf5c7f505e049fbd936e7b97928387/detection

185.165.153.22:3330

# Reference: https://www.virustotal.com/gui/file/9fe933614e864926edb99dd6a6c1df31e3db0f74fb8c0d622ef73fd1c6e14104/detection

91.192.100.37:23850

# Reference: https://www.virustotal.com/gui/file/444a412bebf61392e5368bd1464f5773024d1c8758626cd7c5f061ba7688403a/detection

88.172.243.236:23850

# Reference: https://www.virustotal.com/gui/file/d2ddf0997db4b87a354abacba8f0b22f5923eeff7f01bcf3e2bae535160c579a/detection

79.134.225.122:23850
79.134.225.122:3366

# Reference: https://www.virustotal.com/gui/file/bd6220c705c6f321f59d1f45eea1e13c5171f7a2061dec9f907ffa291f3b9ec1/detection

79.134.225.122:2404

# Reference: https://www.virustotal.com/gui/file/c176c510cdc4c587528c7b3fd414ff373f966e669243ade0f76bc674e8053a9f/detection

23.105.131.156:2404

# Reference: https://www.virustotal.com/gui/file/abb4c76901b644cb756fe3727d3933d6a614d0709b62c78c9c54f2dd3ba6aea0/detection

192.253.246.140:23850

# Reference: https://otx.alienvault.com/pulse/5c4543d7fa493a3bac56ae13

jaxboss.publicvm.com

# Reference: https://www.virustotal.com/gui/file/fffb52d51e9688cc08c2a2ad0d818528174eda3e9738c7df8d009301bd127419/detection

173.242.125.75:7241
mysit.space

# Reference: https://www.virustotal.com/gui/file/8e99fca6285e318095ad693fa35b922f88743bf7743a1a8316eb0138fb771e2c/detection

185.82.202.149:7241
uploadtops.is

# Reference: https://www.virustotal.com/gui/file/a0dd3cf4f046432c109448c53687a0cf06cdc1d287fda725c7c15397dab984f0/detection

66.85.185.105:7241

# Reference: https://www.virustotal.com/gui/file/6caecb1c499dfb5b9a00c1eed46b7c6b223893f5a95a10dbb7dc41515a132c7e/detection

66.85.185.105:1427

# Reference: https://twitter.com/DynamicAnalysis/status/1205555781095108608

79.134.225.99:2018

# Reference: https://www.virustotal.com/gui/file/8c49d633a12c6ea14ac72e58de6c9f7ba239403f21cc25c6f1ae867b5df29b36/detection

41.203.78.140:2888
41.203.78.93:2888

# Reference: https://twitter.com/wwp96/status/1210224614149939200

185.140.53.26:2404
michaelking102.hopto.org
michaelking102.loseyourip.com
rennelautos.zapto.org
sunwap878.ddns.net
sunwap878.dynu.net

# Reference: https://app.any.run/tasks/8541d798-8243-46a8-8631-f54e6ed5d19e/

redsocial.instagram21.best

# Reference: https://twitter.com/James_inthe_box/status/1211999781721006081
# Reference: https://www.virustotal.com/gui/file/a05be2b7d477cf006794c746d241b4dad0a392f59d19238f17bc7128418108f2/detection
# Reference: https://www.virustotal.com/gui/file/76b700b072fd5820e296c1fd9a62f2a63c8c6715e778ad32213cdfcae5bae878/detection

108.62.12.134:4922
nolim.duckdns.org

# Reference: https://www.virustotal.com/gui/file/472aa23054d16bcf70e18d254613161d80cb345229aafca5e0b103e0afb65271/detection

aprsgkpc-51401.portmap.host

# Reference: https://www.virustotal.com/gui/file/51ba982bff7c5afbb35f5ce500570bf94aacda560e649e32fa9445155a31994c/detection

193.161.193.99:54120

# Reference: https://www.virustotal.com/gui/file/7a7060976e2908d0202c7c318be3226718cc324db2976e5423eb71b3851bad31/detection

tunedd30.duckdns.org

# Reference: https://www.virustotal.com/gui/file/e4f477f955ae23cb599858715626e86d3c5a8869d7cfd340af87147e2e7c9818/detection

178.124.140.136:6640

# Reference: https://www.virustotal.com/gui/file/28842367cd70d14f0776b246cb821275ff817051813b3ad4090eb412496d319c/detection

178.124.140.136:1284
dfrannk.hopto.org

# Reference: https://www.virustotal.com/gui/file/63e1f393cbd4bfe5c8e431af3de70b382482ed3e11b967db8caccf4c38ada733/detection

expertyline.mooo.com

# Reference: https://www.virustotal.com/gui/file/4c407408ea383edc394a84baed80b6991581a5df5d9cbcb818f83dfc1c6b4317/detection

ddfranks.ddns.net

# Reference: https://www.virustotal.com/gui/file/eb91f6ed14de853b1d987e199eaede7005c4cf6671321315d22e4626677bfb7c/detection

178.124.140.136:1515

# Reference: https://www.virustotal.com/gui/file/72b74037adf3cf0cf6e9ead907f565d4976b0ed15a8b62e2c8a8cde28a09867b/detection

178.124.140.136:2033
blessederic.ddns.net

# Reference: https://www.virustotal.com/gui/file/978b349faa2c6e8894897bb1cc54d1f92ca9613af0078528fab4f10466c2667b/detection

178.124.140.136:2669
dfranki.ddns.net

# Reference: https://www.virustotal.com/gui/file/b57e631645446ad3744528b05f961ea2c4cb23f426f0a6a6dea8203786c9e528/detection

178.124.140.136:3333
menorte.ddns.net

# Reference: https://www.virustotal.com/gui/file/2bd9dd47981f11b696c2ad7c6b11723da0f091c658210799e2fdd1efd326172a/detection

104.244.75.220:9300

# Reference: https://www.virustotal.com/gui/file/26d109f07bff6ad6142cc1e2c455849a3f641ac43660372686aad7381527fe00/detection

103.136.43.131:7368
104.244.75.220:7368
105.112.99.44:7368
194.5.98.25:7368
sam555.ddns.net

# Reference: https://www.virustotal.com/gui/file/48fafbbccc345ad4f5b9d525107cd139bde73ec2b4eb54432336bf6450943a5f/detection

91.193.75.49:2016
91.193.75.49:3001
proud.duckdns.org

# Reference: https://www.virustotal.com/gui/file/bf76c5ca49445e8aacb161337d1d333cf481c4ea7eaecfd2c2a3170e70a69ce7/detection

91.193.75.49:3111

# Reference: https://www.virustotal.com/gui/file/7618cd1e9e2ca86f97552e1c3584f418ffd17141832c913021b5c3694914106d/detection

79.134.225.97:54985
tools4money1.duckdns.org

# Reference: https://www.virustotal.com/gui/file/254a0ac154ebc83d9838fb52af5dc8118cfc31d81571cfdac3d3bf4f75be5d6a/detection

remcos.got-game.org

# Reference: https://www.virustotal.com/gui/file/f9aae3f8af4a70b5634a9ec9f069ac3458ff6835547107e42955fa12c5a2cf8a/detection

91.193.75.66:3039

# Reference: https://www.virustotal.com/gui/file/223e21cb4169999a2086cbcb4d56013d151b81745a541f300ffbbfd838c1a8f5/detection

79.134.225.72:4564
ebuxxxxx.duckdns.org

# Reference: https://www.virustotal.com/gui/file/8889736c0a30eb477236a624f55e66d38f52025db003cf7fe621fd084109db5e/detection

79.134.225.72:7676

# Reference: https://www.virustotal.com/gui/file/166e944c81082a59ffbf8cf5a2ae228913dc8656990d71238ad2db19cd2221b5/detection

top.pubgstores1.waw.pl

# Reference: https://www.virustotal.com/gui/file/5ee090b3c5b98a33e60f2a3eeb6f8429ffabc5ac0ea932e373c6a383cfce5289/detection

smart0147.ddns.net

# Reference: https://www.virustotal.com/gui/file/2170aa91350c123fa9a2319492afbd73c2b5fbe29a84c001efd545980c330856/detection

79.134.225.73:6569
passwrdboss.duckdns.org

# Reference: https://www.virustotal.com/gui/file/e4538221d4740b28f2aa439fddfba69448a2751a0a4f78b54145ddd7ef7d6992/detection

79.134.225.73:18943
cashoutmoney.ddns.net

# Reference: https://www.virustotal.com/gui/domain/top.fishingjoco.waw.pl/relations

top.fishingjoco.waw.pl

# Reference: https://www.virustotal.com/gui/file/72e6c5ce4b7844eee3a6b293f54aeedd38d572bd5ff7c3609507030da46041fe/detection

185.158.139.238:9334

# Reference: https://www.virustotal.com/gui/file/cbf1a3f24d6fb4c163cdc540dc6df98779b16e491017c9534c58a9f23df47941/detection

185.140.53.93:9334

# Reference: https://www.virustotal.com/gui/file/38de8ff2bdcad25f923d0d22138c23541991c3f96095a0ee22de5e1849f3f20e/detection

185.140.53.59:9334

# Reference: https://www.virustotal.com/gui/file/ad74423af971f9d55f4fb2ca010f6dc81ef98a6dd36fd18b833c2623d17eb913/detection

185.140.53.192:9334

# Reference: https://www.virustotal.com/gui/file/d99ac8879353bd8cbc3ca502cdc6cf5581652f1a26f7de6337644758d6370e16/detection

185.140.53.107:8787
185.140.53.107:9334

# Reference: https://www.virustotal.com/gui/file/0bca93258e81977fd667e4ceab83f2e3460dd5fa5d5f4e88549bd4bfad20ee12/detection

185.140.53.52:9334

# Reference: https://www.virustotal.com/gui/file/c7b6e9095074b013ff9e5f9f1b3a7a15493b8b4f099deda31f2cffc308cdfa61/detection

185.140.53.26:5200
185.140.53.26:8153
185.140.53.26:8787
185.140.53.26:9334

# Reference: https://www.virustotal.com/gui/file/63f7dcd1893c84eae20fe494fd9d0bda10dd809ead94eb4d2c271d25208fc992/detection

185.140.53.222:5200
185.140.53.222:8153
185.140.53.222:8787
185.140.53.222:9334
185.140.53.52:5200
185.140.53.52:8153
185.140.53.52:8787

# Reference: https://www.virustotal.com/gui/file/8fdf5d5c5cf41f4f80a563d12f07d6f59bdeed91028eaa888a982a45df76bd09/detection

185.140.53.115:9334

# Reference: https://www.virustotal.com/gui/file/44558aeedee27b83942c4e33a0c0f060035f2ef4beaf66af23f719f121934194/detection

185.140.53.94:9334

# Reference: https://www.virustotal.com/gui/file/f5a7efd0ffb5145945fed2f92b2df8a79847085547333ec841e3e0b1fc5e1133/detection

185.140.53.50:5200
185.140.53.50:8153
185.140.53.50:8787
185.140.53.50:9334
185.140.53.149:9334

# Reference: https://www.virustotal.com/gui/file/4d51a099cfcab43ebfdaef8d4bc8bd0560c933c665cb6ca353f63d2d97bb2f18/detection

185.140.53.91:9334

# Reference: https://www.virustotal.com/gui/file/225c850cfd1f040c9b7f3513eb77aa5830a4b37b9cb1a516cd128e7841429537/detection

185.140.53.162:8787
185.140.53.162:9334

# Reference: https://www.virustotal.com/gui/file/49e01999814d095689ceda6247ccaea14bcd21d0267e8705b393de930e883667/detection

185.140.53.114:8787
185.140.53.114:9334

# Reference: https://www.virustotal.com/gui/file/cbe362033ba85e20d7b86bc9108c1d1db1786febfbf0b99258e755ac8b6297b2/detection

185.140.53.194:8787
185.140.53.194:9334

# Reference: https://www.virustotal.com/gui/file/27d2f7b50dc11a146fd7d950a1d3eec3031882b970463b7b685b516849071fe1/detection

185.140.53.232:9334
185.247.228.103:9334

# Reference: https://www.virustotal.com/gui/file/d4487b370ba2645516192a1461cb25ed3d11d02e4d0fdce3025269ca7d63aefa/detection

185.247.228.251:8153
185.247.228.251:8787
185.247.228.251:9334

# Reference: https://www.virustotal.com/gui/file/c68b820b65097d851e33a977e562fd51d12d852613b43caba3b325dd74b0e618/detection

185.140.53.96:8787
185.140.53.96:9334
185.247.228.103:8787
23.105.131.142:8787
23.105.131.142:9334

# Reference: https://www.virustotal.com/gui/file/b4f87be6ab41d1216a36822bf791212e29eb07c469059571d916221f0508ef97/detection

185.140.53.208:5200
185.140.53.208:8153
185.140.53.208:8787
185.140.53.208:9334
79.134.225.10:9334

# Reference: https://www.virustotal.com/gui/file/a246556f34f23f1e8c67a4aadda22bd03324521aadf4526b0db5f696b6761d35/detection

23.105.131.216:9334

# Reference: https://www.virustotal.com/gui/file/eae3e753b4461e78f7f0206f2d3434f9ced9c302ec509e952e69332b2be73ee4/detection

sub.jofishingco.waw.pl

# Reference: https://www.virustotal.com/gui/file/cfc1e1ff16319b95761d4b4b950bd46e7c7b8cab339cbf556b21fa56cc7f069a/detection

23.105.131.216:5200
23.105.131.216:8153
23.105.131.216:8787
173.254.195.173:5200
173.254.195.173:8153
173.254.195.173:8787
173.254.195.173:9334

# Reference: https://www.virustotal.com/gui/file/590fac000e2f4cbe9a27520e6cf3223e045bc3386633c25088e55439679150f7/detection

173.254.223.68:5200
173.254.223.68:8153
173.254.223.68:8787
173.254.223.68:9334
91.193.75.128:8787
91.193.75.128:9334
98.143.144.221:9334
98.143.144.243:5200
98.143.144.243:8153
98.143.144.243:8787
98.143.144.243:9334

# Reference: https://www.virustotal.com/gui/file/9f945ca391310fb2880045f5bd60393d62b2a0c65f06aa57396d9bcb313128a7/detection

173.254.195.172:8152
173.254.195.172:8153
173.254.195.172:9334
173.254.223.121:8152
173.254.223.121:8153
173.254.223.68:8152
173.254.223.74:9334
204.152.219.119:8152
204.152.219.119:8153
204.152.219.119:9334

# Reference: https://www.virustotal.com/gui/file/96158e53f76c37ba6590d80f10bbc5009bdc758d388d456274fb065a5ce8f325/detection

173.254.195.173:8152
173.254.195.173:8153
173.254.195.173:9334
173.254.223.110:8152
173.254.223.110:8153
173.254.223.110:9334
185.140.53.236:8152
185.140.53.236:8153
185.140.53.236:9334
73.0.71.4:8152
73.0.71.4:9334
98.143.144.217:8152
98.143.144.217:8153
98.143.144.217:9334
98.143.144.243:8152
98.203.61.135:8152
98.203.61.135:9334

# Reference: https://www.virustotal.com/gui/file/5cac3d994fcc5eefdaef9ffd6b9fae41dd49f1a699e88746e17fb51a49f73bd2/detection

204.152.219.90:8152
204.152.219.90:8153
204.152.219.90:9334
91.193.75.126:8152
91.193.75.126:8153
91.193.75.126:9334
91.193.75.220:8152
91.193.75.220:8153
91.193.75.220:9334
91.193.75.128:8152
91.193.75.128:8153

# Reference: https://www.virustotal.com/gui/file/a26302049b7fbfa6d107b726717cc1a29c7b1dc04d3ad07b6a2f56fd3ca9cd1d/detection

185.247.228.103:5200
185.247.228.103:8153
173.254.223.110:5200
173.254.223.110:8787
73.0.71.4:8787
98.203.61.135:8787
91.193.75.126:8787

# Reference: https://www.virustotal.com/gui/file/0c92e3f679873eae4f540f6f62d29bd80abd6bdc7267221c5a0ba1f82c9e90f7/detection

185.140.53.213:8152
185.140.53.213:8153
185.140.53.213:9334
91.193.75.232:8152
91.193.75.232:8153
91.193.75.232:9334
91.193.75.238:8152
91.193.75.238:8153
91.193.75.238:9334
91.193.75.97:8152
91.193.75.97:8153
91.193.75.97:9334
98.143.144.211:8153
98.143.144.211:9334

# Reference: https://www.virustotal.com/gui/file/4b5c755f37994c6474cabd023f83ec8d58ff7f875d25fb788ec9770383833af5/detection

173.254.223.124:8152
173.254.223.124:8153
173.254.223.124:9334
204.152.219.93:8152
204.152.219.93:8153
204.152.219.93:9334

# Reference: https://www.virustotal.com/gui/file/1053aed27e83dc8f682739c0d1716060b1fa525d3a8cef7fb066e8103a3fe50b/detection

91.193.75.107:9334

# Reference: https://www.virustotal.com/gui/file/82889980e77fab696835eb230b3d3b04ade235e7a2442f267bfeae32dcb189f0/detection

173.254.223.121:9334
173.254.223.92:8152
173.254.223.92:8153
173.254.223.92:9334
98.143.144.207:8152
98.143.144.207:8153
98.143.144.207:9334

# Reference: https://www.virustotal.com/gui/file/925e39df3d71d49ed7c31790de157fd50e6bfc7eed6d151fa0c89760b059937e/detection

204.152.219.94:8152
204.152.219.94:8153
204.152.219.94:9334

# Reference: https://www.virustotal.com/gui/file/daaa67b875f56060c05fae1fa635f9a30786054b3efb9c3ef82204b30f6dd7fe/detection

185.140.53.137:9334

# Reference: https://twitter.com/wwp96/status/1214559701280722945
# Reference: https://app.any.run/tasks/fa298bab-4c01-4269-93af-1808d94595fd/

jessene.ddns.net
rennelautos.kozow.com

# Reference: https://app.any.run/tasks/ef3a8b4d-0d5b-4f7a-a187-336b1327884c/

successfulghost.duckdns.org
185.244.30.35:2009

# Reference: https://twitter.com/wwp96/status/1214925176632225799
# Reference: https://app.any.run/tasks/1ad4f2da-7513-4d09-bd27-f6cf3327b489/

209.127.18.228:2424
roboscchi.duckdns.org

# Reference: https://twitter.com/killamjr/status/1216571369892139008
# Reference: https://app.any.run/tasks/a58e0909-6db7-4a3e-961d-02dcb6800803/

161.117.86.44:2500
88.198.205.179:2500
devicenet.org
devicenet1.org
devicenet2.org
devicenet3.org
devicenet4.org
devicenet5.org

# Reference: https://www.virustotal.com/gui/file/3bcfb4fec5c49609ce2e1688f24ae874728e9fd53a1769673d2ad3ac0c5554aa/detection

174.127.99.211:9493
vision2020.ddns.net

# Reference: https://www.virustotal.com/gui/file/0c2912541176b553f2d4595ea338f88bc8d6110ac43cb892cf86dd06ca49307c/detection

41.242.137.4:9493
41.242.138.53:9493

# Reference: https://www.virustotal.com/gui/file/6e5a7c74c609d6363a56cca712900ec5ab4ffa4e22c0307adf9b30f56b7eb218/detection

185.244.31.31:9493

# Reference: https://www.virustotal.com/gui/file/972cd696927d9d1804566fe6a610a67ca4f9a1bd631769ba7a2d3b06f8413497/detection

79.134.225.104:1871
umc621.myftp.biz

# Reference: https://twitter.com/DynamicAnalysis/status/1217873533310816257
# Reference: https://app.any.run/tasks/a948d44d-9d3b-4675-8c4f-6ec951a9346a/

79.134.225.36:2121
79.134.225.98:2030
srvr1.serverpubg1.pw
srvr2.serverpubg3.pw

# Reference: https://twitter.com/Racco42/status/1221707041615630336
# Reference: https://app.any.run/tasks/ced5f8bb-826d-4ece-9e0b-35408f6e3b90/

91.189.180.199:672
srvr2.callofdutyserver.pw

# Reference: https://twitter.com/Racco42/status/1221721585868058625

80.209.240.101:2030

# Reference: https://twitter.com/wwp96/status/1221878428623872001
# Reference: https://app.any.run/tasks/d41682fc-e350-4a38-a2b2-397fbf22a3d6/

185.244.30.53:2404
lupend.ga
lupendbackup.ga
lupend.duckdns.org
lupendbackup.duckdns.org
rownip.lupends.com
rownip.mailredirect.ooo
rownip.schneidstore.com
rownipbackup.ga
rownipbackup.tk

# Reference: https://pastebin.com/R6JP78G1
# Reference: https://www.virustotal.com/gui/file/5cfda191c0a46c7849afb2014c290dbd57101d20407ef9bfcaacac5886a80814/detection

103.145.255.163:4040
103.145.255.163:6566
vip6654.live

# Reference: https://app.any.run/tasks/8b8041c8-7f80-4bed-944b-1e28edacaf3d/

olavroy.duckdns.org

# Reference: https://app.any.run/tasks/1d360fda-c2a3-48d3-9c0a-5d5911a5574b/

66.154.98.108:24046

# Reference: https://twitter.com/wwp96/status/1222574424450355201
# Reference: https://app.any.run/tasks/75213c65-a28d-4053-b6ce-691a95f2b91b/

91.193.75.248:1005
mohit36241.ddns.net

# Reference: https://twitter.com/Racco42/status/1222614871293845504

178.124.140.136:7894
xyz345.spdns.de

# Reference: https://www.virustotal.com/gui/file/5a0d3279a6a703f809a0526fb425c8f4d2d42a3794b35315d1ae05c9960702e9/detection

185.148.241.50:9727
lawwena.ddns.net

# Reference: https://pastebin.com/SamC9MPD
# Reference: https://www.virustotal.com/gui/file/a309e11a1eb76c83efa58d90a6870234603c819636e7acefea389790b6d83d32/detection

37.1.207.27:5555

# Reference: https://twitter.com/wwp96/status/1224385908394352642
# Reference: https://app.any.run/tasks/092bbf7f-4edc-4073-972b-e98000608a8d/

154.16.93.178:3376

# Reference: https://twitter.com/wwp96/status/1224777426305196038
# Reference: https://app.any.run/tasks/06d959a6-057c-43e2-af0b-41971499e6c2/

chommyflozy.duckdns.org
milky123.casacam.net

# Reference: https://twitter.com/wwp96/status/1225528218209394689
# Reference: https://app.any.run/tasks/255e11a7-fd7f-470a-b0a2-e4c557aeb2d2/

41.242.139.6:8484
legacy2020.ddns.net

# Reference: https://www.virustotal.com/gui/file/0230436c843aff9c00a762954bb2317e6a90c3c8b25d453fe3405805b22020b2/detection

184.75.223.227:56699
213.152.161.20:56699
213.152.162.109:56699

# Reference: https://app.any.run/tasks/45613eaa-cd76-409c-abd6-57d49c3245fb/

104.37.1.38:7902
rolandgeraldinelacotta.mywire.org

# Reference: https://app.any.run/tasks/7839af44-a26a-4b1e-885d-edee4e9aa7ae/

nj2ratt.ddns.net

# Reference: https://twitter.com/wwp96/status/1228361945780232192
# Reference: https://app.any.run/tasks/67e987d3-8e12-495e-a04a-aa965765cc6c/

41.242.138.29:8484
remcos247.ddns.net

# Reference: https://twitter.com/DynamicAnalysis/status/1229458649694769155
# Reference: https://app.any.run/tasks/657b7a80-7a29-4353-9fbb-d73b24100c39/

185.244.31.114:3090
backup1.gam2ng.pw

# Reference: https://twitter.com/wwp96/status/1229495413281054721
# Reference: https://app.any.run/tasks/d5332906-8319-4e81-a1b7-3cf6ee4f54d3/

185.244.30.16:8484

# Reference: https://twitter.com/wwp96/status/1229816791876198403
# Reference: https://app.any.run/tasks/091c477d-f4c1-41ea-a55d-8d6b6a70842a/

216.38.7.245:7279

# Reference: https://twitter.com/wwp96/status/1229810377959116800
# Reference: https://app.any.run/tasks/bff65255-585a-489e-a9a6-b9b31ccf56ca/

79.134.225.77:5151
mygodissogoodtome.ddns.net

# Reference: https://twitter.com/wwp96/status/1229843377711128577
# Reference: https://app.any.run/tasks/a38c2851-2556-4f73-863f-fd895d152cb1/

185.244.30.19:1930

# Reference: https://app.any.run/tasks/48f66baa-9be1-4325-9d78-54da7353f337/

jacksonsmit.ddns.net
185.244.30.16:8484

# Reference: https://twitter.com/yvesago/status/1230414301221019648
# Reference: https://app.any.run/tasks/3211cb34-3ead-4e2f-96d3-30d887c1a208/

79.134.225.52:1994
experience1994.hopto.org

# Reference: https://twitter.com/500mk500/status/1230557502862843904

191.101.22.21:1005

# Reference: https://www.virustotal.com/gui/file/3909a024c17e133fea95cbdc7e54a25d1144a24a78d43af4e84de35e00227b68/detection

79.134.225.38:4000
79.134.225.79:4000
iyamahrem45.warzonedns.com

# Reference: https://www.virustotal.com/gui/file/d97f1dc45bb4cc7224ac9fd00306abc925b8af72e0bc0520fd5a072f78318277/detection

79.134.225.38:1989
agshrf.ddns.net

# Reference: https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html (# Win.Packed.Generickdz-7586813-0)
# Reference: https://www.virustotal.com/gui/file/dfb75c837ea961311b96c32257c46ebfa53d679834cc6fbd207dae4c2a8297b9/detection

46.105.98.53:4782

# Reference: https://www.virustotal.com/gui/file/74c3a5f44d545c7eb905dced1d5b0ffb4a56a81e5b722c2252d0f60fba627318/detection

185.165.153.29:3636

# Reference: https://www.virustotal.com/gui/file/6a6784d34afba70572cc188f5853e06ee3ea5422fe80fc5e42bf3ff6203b5527/detection

185.140.53.139:3636

# Reference: https://www.virustotal.com/gui/file/7f9d115776d5a404d6b02a64473f3f4b2e36aa13bdd22b2437dc220385b65e09/detection

79.134.225.75:1234
sixteen147.ddns.net

# Reference: https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html (# Win.Ransomware.Remcos-7586925-1)

secure.jagexlaucher.top

# Reference: https://www.virustotal.com/gui/file/c5193ef79fb9a0e616eeb7904bc66b9aeb9b1c42aee393b6829f9617462664b0/detection

186.118.80.105:3201
186.118.93.21:3201
elcamionsr.duckdns.org
impindusltdz.duckdns.org
induspals.duckdns.org
induspalse.duckdns.org
msyswintxl.duckdns.org

# Reference: https://www.virustotal.com/gui/file/db12191309c125be008c08d8ba8444cf7a0240ea36b1f54aace2ba46bb3228d8/detection

167.0.102.88:3201
167.0.104.40:3201

# Reference: https://www.virustotal.com/gui/file/a352d00e0322a0e397f167c1164f7667c672935ba14d29c4f4b60f26d0a88f5d/detection

186.116.218.183:9134

# Reference: https://www.virustotal.com/gui/file/963abe7aa94c8b3e12e231e10c62ba00e3f89948edb77e017cb2eb25bc24ca56/detection

179.32.78.10:9134

# Reference: https://www.virustotal.com/gui/file/e20b3ae04270e83b45f08235d3f8e9ad1dcc8f6966a2dc03aaeddfc8982090cc/detection
# Reference: https://app.any.run/tasks/aab68fdc-ebbb-4416-be92-6469b1145c0c/

149.167.94.36:8754
167.0.101.103:3201
toolpres.duckdns.org

# Reference: https://www.virustotal.com/gui/file/6416daf02055125dd7a513058a8c5a3e1bb97c049ae428ccb5c7600ab576ccb1/detection

94.73.22.187:83
bobbylight.zapto.org

# Reference: https://twitter.com/DynamicAnalysis/status/1231999794035535875

185.140.53.214:1898
mercy01.ddns.net

# Reference: https://twitter.com/killamjr/status/1232457439229820928
# Reference: https://app.any.run/tasks/47b0c22e-98c8-4234-99af-5d23b31c74c3/

79.134.225.102:2030

# Reference: http://benkow.cc/export_rat.php  (Note: as seen on 2020-02-26 - filtered)

agbero.duckdns.org
civita2.no-ip.biz
dixenweb.ddns.net
ejiroprecious.ddns.net
emilylattaa4111.serveftp.com
firstclass197007.hopto.org
ichie.hopto.org
jaxboss.publicvm.com
keypay033.dynu.net
mdformo.ddns.net
microsoft24515062.serveftp.com
opitalia.ddns.net
provafood.ddns.net
semonsemon.zapto.org
vice.hopto.org
wecollect.duckdns.org

# Reference: https://app.any.run/tasks/4ed77208-4026-4fdf-b990-a66732c6e7f8/

jload06.xyz

# Reference: https://twitter.com/wwp96/status/1236003598812753921
# Reference: https://app.any.run/tasks/70206853-5fda-45bb-b99b-387b79dbd42a/

87.101.92.68:1067
servr1.willbeban1fabuses.xyz

# Reference: https://twitter.com/wwp96/status/1235999989685420033

185.140.53.4:5151
goddywin.freedynamicdns.net

# Reference: https://twitter.com/wwp96/status/1236020295225536512
# Reference: https://app.any.run/tasks/77f4fcf4-962a-4552-a70d-6a73b79bb901/

chommyflozy.casacam.net
unitransports.duckdns.org

# Reference: https://twitter.com/58_158_177_102/status/1236812973156364289
# Reference: https://app.any.run/tasks/00c5eeea-f240-4a69-9e30-b68676cdd2d2/

185.244.30.14:7171
favournwa.ddns.net

# Reference: https://twitter.com/wwp96/status/1237468685415178242
# Reference: https://app.any.run/tasks/ae5b24b1-2e57-4986-ad20-ade9b057f9bf/

u864246.nsupdate.info
u864246.nerdpol.ovh
fs03n2.sendspace.com

# Reference: https://app.any.run/tasks/3b110d0e-15aa-4f3a-b592-fa1da1444a88/

185.208.211.64:2020

# Reference: https://www.virustotal.com/gui/file/d86075425ffb3c196e64ca71bcf7a0846df91444e53987638cf212dae52e5961/detection

79.134.225.112:2404
79.134.225.95:2404
41.190.31.245:2404

# Reference: https://www.virustotal.com/gui/file/da0f330f3e5992eb6c9dd0b38eaa332be093b04153c0fa1852b0b5309543c5a6/detection

79.134.225.74:8906

# Reference: https://www.virustotal.com/gui/file/44c13aa211c5571aec2cdb56f461d2f4309b4070a271dfaca037e8e56db87804/detection

104.37.1.38:7650
79.134.225.74:7650
Nanomoney.entrydns.org

# Reference: https://www.virustotal.com/gui/file/08dcfa6f7dcd4c907f01000ea4890dfaea8a386d9c3fee253127d1c6f6974810/detection

79.134.225.74:7890

# Reference: https://www.virustotal.com/gui/file/66137b5faf49de1ffa5990b57f6f4d8543ddb7b7a19d0e8bce53446dc1ee91d6/detection

79.134.225.87:5001

# Reference: https://www.virustotal.com/gui/file/1f524e469d0ee3bdb24feff5dead9b188f609c74beb90888cbde4c042a1075ca/detection

79.134.225.87:888
primspa1.duckdns.org

# Reference: https://www.virustotal.com/gui/file/8b3f39059e7f85c0312423abd50a311e6f1df8e04136bf8e4bedb9884229e11a/detection

79.134.225.87:999
ziccusu00.duckdns.org

# Reference: https://www.virustotal.com/gui/file/776eaa3b21ac18c01341a09b6db2dddd6049a70e3c5285de6474da7097049fc3/detection

185.165.153.158:3765

# Reference: https://www.virustotal.com/gui/file/e0f393f5a884cf5d65640260db9aa2b6d68a4be9e4ab8d0a27a911a0b3c876ce/detection

79.134.225.87:2404
lpisback.duckdns.org

# Reference: https://www.virustotal.com/gui/file/39046a68d3a0b89281dd3e8d5713f76ba6cd15497279586cbf016bf6bac5eedb/detection

79.134.225.87:40099

# Reference: https://www.virustotal.com/gui/file/00bf0217afa40f1d254bb60b4885151fc8e7b0d22bbcc64e7c6c88144296cb76/detection

79.134.225.87:5578
osloc1.duckdns.org

# Reference: https://www.virustotal.com/gui/file/ac96d8c75320162a4e4e32760ece2b5ad066899ee5204c99bc2b2b17012fe4a4/detection

79.134.225.87:1630
tmppaparazi.dynu.net

# Reference: https://www.virustotal.com/gui/file/6eefcc4df76863d15eb7dd46148a156465db96d2a7c3a44c77a17c1434d06a86/detection

flasback.duckdns.org

# Reference: https://www.virustotal.com/gui/file/a770498f38ef674902cfc8879eb0ae88d2201d7fb5b61e63541244e10c2de7c8/detection

79.134.225.113:2404

# Reference: https://www.virustotal.com/gui/file/79843b0bc5b7770bf06ab747a069a34ef8933045b3a64c021f67823a602e90cc/detection

79.134.225.113:5355
79.134.225.121:5355
richarddsimps.ddns.net

# Reference: https://www.virustotal.com/gui/file/a13a787fe0a742da7f9d147e80dcb122b9fe8eaf60a78ca506c9a21149f99373/detection

79.134.225.117:666

# Reference: https://www.virustotal.com/gui/file/64551b04da5c87e5ecaa8e315cdd186fac570fbf47ad3cf5eb3daf4b1138859d/detection

185.244.30.251:1122
shabi1144.ddns.net

# Reference: https://www.virustotal.com/gui/file/545212a4eb881f34fc2d3adb1f2bf62aa4e5ca37e7a1c7a8e4b5fabec0525386/detection

178.124.140.145:8652
pcent4real.ddns.net

# Reference: https://www.virustotal.com/gui/file/db2524104c83282dd3d42a07f0cfe4fad0ed9b7a3e664caefe4b2669b027e083/detection

178.124.140.145:5132

# Reference: https://www.virustotal.com/gui/file/10f04c28ff3663fb84394c007d8d170e0a3b78bfd9c5b5a39c79ca7254037559/detection

178.124.140.145:7272
5.135.67.231:2404
aboki.ignorelist.com

# Reference: https://www.virustotal.com/gui/file/ddc1be7028b2502d6d9fd951e420decfe6346df4d9c5c98cdbbda0ec317e1690/detection

178.124.140.145:5000

# Reference: https://www.virustotal.com/gui/file/c52767fc4b82c893fddbe94767d0c488469ad05332f0216cbb07b7be3aecd62c/detection

178.124.140.145:1994
experience1994.ddns.net

# Reference: https://www.virustotal.com/gui/file/719d66b11a535ce3fc2cde6cd2dbc8de9ba14701ff39ed372fd0bb17e734a6f5/detection

91.193.75.137:1969
papi231.duckdns.org

# Reference: https://twitter.com/MSteve25/status/1240341489101803521

185.244.30.12:8970
remkill.duckdns.org

# Reference: https://www.virustotal.com/gui/file/38cf49c1fb4e9090ffaca117d64bb985e1df8d0b88952c2322b3230c76b44538/detection

216.38.8.179:777
newvision.ddns.net

# Reference: https://www.virustotal.com/gui/file/8cb4eb249cb024561fd1949a44f98356b95e60ba14c17f4ae4962fc0234df011/detection

216.38.8.179:1379
airsack.ddns.net

# Reference: https://www.virustotal.com/gui/file/a2e020e6642854a20d9b7523c29bb5e1a7fb730ddafbeccd53f5595ce596d179/detection

185.165.153.228:6868
bukamm.warzonedns.com

# Reference: https://twitter.com/JayTHL/status/1241125967424360458
# Reference: https://www.virustotal.com/gui/file/9a555e49a8804460c067fff544fba3663c8cc0be92a1a0ad92bb6fe1b8f206c6/detection

185.244.30.125:2404
jbarn.sytes.net
kenthomas.giize.com
rex2015.freeddns.org
rex2016.freeddns.org
rex2016.hopto.org
rex2017.freeddns.org
rex2017.hopto.org

# Reference: https://www.virustotal.com/gui/file/3eb378421462244e5ec0a6d50eca01badfe1f88160e0a758a567c7930dfb8290/detection

brhsapir.hopto.org
protopacink.gleeze.com
rex.hopto.org
rex2013.freeddns.org
rex2014.ddnsfree.com

# Reference: https://www.virustotal.com/gui/file/a90d204e48d815b3c3376552f5fc5a01ebcf115d6022abb3f97b1b111b079c0d/detection

financeff.hopto.org
jkharding2013.ga
jkharding2014.ga
joyceedwards2013.casacam.net
tylerfreer.ooguy.com
wrtan21.hopto.org

# Reference: https://www.virustotal.com/gui/file/753883fa972dda966abb3adad3cfc94f0a82ca128d1908df58bac3ba93e60bd3/detection

37.47.79.124:132
nocpnv.ddns.net

# Reference: https://twitter.com/w3ndige/status/1242138938501926915
# Reference: https://app.any.run/tasks/aa3e9e89-05d5-474c-a3c8-706699312a72/

91.193.75.7:7171
onyeoma111.ddns.net

# Reference: https://www.virustotal.com/gui/file/9b31dab1a7fa6a0e3bc6f3fe2d856869d16c84f374b64e5ceca1bd73b18ab186/detection

185.19.85.158:7100

# Reference: https://www.virustotal.com/gui/file/02d100b77777705d86a940c8f3142fb4b125fdcb91a3be68797d40f19c6410eb/detection

178.124.140.144:7100

# Reference: https://www.virustotal.com/gui/file/f0dc6049711ee06b8f28bf1e9f596d9fbb3075d0aba1f3a0561127c97091fb9e/detection

178.124.140.148:7100

# Reference: https://twitter.com/baberpervez2/status/1242335218901663747

u864246.tk

# Reference: https://www.virustotal.com/gui/file/5560a23de5ed8b729830c1c515a9f5459e9e29cb6888d119638a4770b79754c1/detection

185.244.30.124:2404

# Reference: https://twitter.com/ScumBots/status/1242425273079017472
# Reference: https://www.virustotal.com/gui/file/abd4e6ee8152822c0545bd27a4f4c5114728873873e227044dfb48ecf1ecb37f/detection

149.248.160.226:7005

# Reference: https://twitter.com/James_inthe_box/status/1242507257574719488
# Reference: https://www.virustotal.com/gui/file/c7e7638b84b5f2803bfc41cc5833110f90fd32eaf8ba8f3c31288222a67f9574/detection

185.244.30.78:24048
185.244.30.78:34046
54.37.160.139:34049

# Reference: https://www.virustotal.com/gui/file/c23b6f93d8449166426d90a1cf9d468037f62e641bc50e7c1005da6f8be69608/detection

185.165.153.228:2019

# Reference: https://twitter.com/ScumBots/status/1244176813699616769

193.161.193.99:49483
193.161.193.99:50721
193.161.193.99:62254

# Reference: https://www.virustotal.com/gui/file/397f1ec81db07d97dc246c38a16ecf1eb5b7bbf900218a60197d2db446585e32/detection

41.103.10.32:5673

# Reference: https://app.any.run/tasks/e9a9e116-924d-4411-a454-9a841c51c39d/

185.244.30.123:5149
kirtasiye.myq-see.com

# Reference: https://twitter.com/James_inthe_box/status/1245714128695521280
# Reference:  https://app.any.run/tasks/cc60c746-1cf8-4adf-8055-4964111c1c9f/

23.105.131.161:7279

# Reference: https://app.any.run/tasks/d54e08fd-f22a-4beb-9ac1-633ebbe77584/

199.249.230.42:2492

# Reference: https://www.virustotal.com/gui/file/28e8568f488b4573da6b13cd3d8601e6a624098e45d773f37e4aa6f78a4d9fc4/detection

91.170.144.1:16800
themaster3314.ddns.net

# Reference: https://www.virustotal.com/gui/file/284b368d39d240ce2cda28e143d8d48205fc211379ace30e4abbb888402058d4/detection

79.134.225.122:5001

# Reference: https://www.virustotal.com/gui/file/ff66c3616bcc13713378f0b89c7f9a7d754ebdadd027b511a4599b1675b4841a/detection

79.134.225.114:5052
neshoitry.ddns.net

# Reference: https://www.virustotal.com/gui/file/b39a30e55d55c69ad75cd21cebb5be1749325cb10a05dbcc334964ef963f5d65/detection

79.134.225.114:2332
owensmith.linkpc.net

# Reference: https://app.any.run/tasks/0618ea81-3606-4992-be9d-d296c03d679c/

79.134.225.72:3800
vision2020success.ddns.net

# Reference: https://twitter.com/malwrhunterteam/status/1248696301275025409

162.218.115.147:7070

# Reference: https://blog.talosintelligence.com/2020/04/threat-roundup-0403-0410.html (# Win.Dropper.Remcos-7647550-0)

malu1234.duckdns.org
erunski22.ddns.net
barrywill.hopto.org
chacert.gq
alljobnew.duckdns.org
elintec.site

# Reference: https://www.virustotal.com/gui/file/c3832484e342390c0a3c406da30af7d2536ff2e615714a95ed143f5ecd73be89/detection
# Reference: https://twitter.com/malwrhunterteam/status/1036972726404177921?lang=ca

140.82.57.249:8003
svchost.club

# Reference: https://www.virustotal.com/gui/file/eed983f0eedd7a3f07f49177b8fe0e18d89fa885359e70b02433afd4fb099818/detection

kabiru.ru

# Reference: https://www.virustotal.com/gui/file/b71f954a6371076f9c87b1005208bf5e712806af1f5e037b5eeaa6aadac6d7fb/detection

binexeupload.ru
stubbackup.ru

# Reference: https://www.virustotal.com/gui/file/df560a99f2f4fbd221ddfe1b9f6a9e3bea247677cd4512f74538568160d95126/detection

5.253.114.116:2404
sponsored-ads.co

# Reference: https://www.virustotal.com/gui/file/8f79778cf67b649928a83b3367814f15a2c74119acc90b6ccc819dedc1b83a28/detection

5.253.114.116:2405

# Reference: https://www.virustotal.com/gui/file/f761911e8a45e794bf89a605b14aa7b97785541a186ad593d3ec71e5a1494724/detection

5.253.114.116:2406

# Reference: https://twitter.com/pancak3lullz/status/1250862951185121287
# Reference: https://www.virustotal.com/gui/file/28ac3a50d51131f60e087aace3c06a5a9181f19f1b5830ca5a906074bb7cb449/detection

79.134.225.37:1332
gaming.smartbuyjordan.xyz

# Reference: https://blog.talosintelligence.com/2020/04/threat-roundup-0410-0417.html (# Win.Dropper.Remcos-7662156-0)

brockmax2v2.hopto.org
ch31238.tmweb.ru
danishcent.duckdns.org
harri2gud.duckdns.org
hjkgfhsf.ru
menaxe.nsupdate.info
omorem.duckdns.org
onelove03.duckdns.org
sabbbb.ddns.net
securehub.top
snooper113.duckdns.org

# Reference: https://app.any.run/tasks/9cb9db8b-9cb1-4bb0-9f94-8d692ea983c3/

185.140.53.21:2404

# Reference: https://twitter.com/malwrhunterteam/status/1253767947325235200

185.244.30.22:8970
79.134.225.9:8686

# Reference: https://twitter.com/malwrhunterteam/status/1254097817162915843
# Reference: https://twitter.com/James_inthe_box/status/1254102265876508672

185.140.53.9:47580
lachattemouilleee387538783444.duckdns.org

# Reference: https://twitter.com/Racco42/status/1255448660646735875
# Reference: https://app.any.run/tasks/67f663a3-1513-4aa3-9769-3e3cd9bb7ce3/

top.gaminjo1.pw

# Reference: https://twitter.com/Racco42/status/1257561671268208647
# Reference: https://app.any.run/tasks/af0223e5-6920-4b03-9df1-d3e0cc4e9856/

154.16.93.185:672

# Reference: https://www.virustotal.com/gui/file/71ae4c1afb9db6641a4bc94c7d48b83d5b2d0af8507620588e971c9c609c88d7/detection

103.125.217.169:2310
105.112.100.65:2310

# Reference: https://app.any.run/tasks/4914378f-0c6c-4348-944e-f332f7cc88dc/

181.52.103.140:1011
remcquince.duckdns.org

# Reference: https://www.virustotal.com/gui/file/f69fcfb9de5546dc7b98f20d6d4f387f66e4583637f29a494cb664138d441a73/detection

79.134.225.73:7650

# Reference: https://twitter.com/JayTHL/status/1258880410416799746
# Reference: https://www.virustotal.com/gui/file/8ac973617b45c5d0ea2711e9ba025a2cd19a65a97cf82273845472c9ae74f2e9/detection

79.134.225.81:2266
coolta66.gq
coolta67.ga
coolta68.ga
coolta69.ga
coolta70.ga

# Reference: https://www.virustotal.com/gui/file/54c528daf8bbe5f232464f76e3f3ab482486b590009e5b4121896dfbca152ac7/detection

91.193.75.239:2266

# Reference: https://www.virustotal.com/gui/file/7ebf6d9d55089b045426dad354ba80120db475f16dc13dc9401e4ebbd10f647c/detection

79.134.225.105:2266

# Reference: https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html (# Win.Dropper.Remcos-7724400-0)

dolxxrem.hopto.org
goddywin.freedynamicdns.net
godspower19566.hopto.org
khalifa.dynamic-dns.net
mide1.ddns.net
millionaire232.ddns.net
myb22.camdvr.org
remcos.got-game.org
rex2017.hopto.org
rex2018.hopto.org
youngboss23.ddns.net

# Reference: https://www.virustotal.com/gui/file/4f704c20024f02d19c096f82158d891dce7bf7a1b261dcce3226fd6d43b7fc64/detection

104.248.133.59:2403

# Reference: https://www.virustotal.com/gui/file/4b13bb36220d46ab9fa89c4163c8ec571fe0c113af00773d0968fa51c4056bbd/detection
# Reference: https://www.virustotal.com/gui/file/8df9bddf123ffa3fa0f312d56bedde096310a02676e2b023530d8cd6856caa37/detection

185.140.53.18:7082
freenigga.ddns.net

# Reference: https://www.virustotal.com/gui/file/678cbb81b782c58df5e2790b34e9a9a8a4d3af1b0a17fd320bf27111e959bc6d/detection

185.140.53.43:2404
godwin12.warzonedns.com

# Reference: https://news.sophos.com/en-us/2020/05/14/raticate/

cashout2018.ddns.de

# Reference: https://twitter.com/JayTHL/status/1261339604239646723
# Reference: https://www.virustotal.com/gui/file/d76de8b8be89cd4dbe4f861cd4152eae2fafa783bace624cae1b231d8de8da3e/detection

194.5.99.146:1982
testbush.duckdns.org

# Reference: https://twitter.com/dynamicsoaring/status/1261048946438397953
# Reference: https://app.any.run/tasks/3f7e4a16-00dd-4168-9552-db30c5194c05/

185.140.53.69:2404
doc4.ddns.net
doc5.duckdns.org
donald30m.gleeze.com

# Reference: https://blog.talosintelligence.com/2020/05/threat-roundup-0508-0515.html (# Win.Dropper.Remcos-7771461-0)

experience2477.ddns.net
godsfavoured.ddns.net
jbcbeads.myddns.rocks
johnhoff2.hopto.org
lakeside007.awsmppl.com
myb50.myddns.me
nagod.ddns.net
rex2018.myddns.me
rex2020.myddns.me
u863495.awsmppl.com
xxxxza.dynamic-dns.net

# Reference: https://www.virustotal.com/gui/file/98f031407df4d599b9027f8e672436f1b61876048529a1304bc3118c82d42bd6/detection

185.244.30.247:4045
enmark81.duckdns.org

# Reference: https://www.virustotal.com/gui/file/e5171603aba08d750c97604eb510f3586245b86eaae0cb08461d734c72258e95/detection

185.165.153.238:9210
mtz11.duckdns.org

# Reference: https://twitter.com/Bl4ng3l/status/1264862595082788866

194.5.99.143:6666

# Reference: https://twitter.com/DynamicAnalysis/status/1265346721795715073

79.134.225.98:6996

# Reference: https://www.virustotal.com/gui/file/95e5e81e7413f7c7c5294525ec7e0ed2f1f022d0e2ce02717483d7e3ba438bf9/detection

193.218.118.190:42017
site.ptbagasps.co.id

# Reference: https://blog.talosintelligence.com/2020/06/threat-roundup-0529-0605.html (# Win.Malware.Remcos-7914589-1)

boot.awsmppl.com
coolcc1.xzy
coolget1.xzy
coolta1.xzy
coolta2.xzy
coolta71.com
dolxxrem.hopto.org
goddywin.freedynamicdns.net
latua.nsupdate.info
newdawn4me.ddns.net
thankyoulord.ddns.net

# Reference: https://www.virustotal.com/gui/file/91842f75fd9b77f4e8d171b6103d26ed7fde38232ef520ee2b066c2ba7381bef/detection

41.111.43.45:1337
sh.sytes.net

# Reference: https://www.virustotal.com/gui/file/0ffdd28e152681a8abca0a9c7f88ba1cd7b945c7ee2df82af6606adf4a426f0f/detection

197.207.171.72:1337

# Reference: https://www.virustotal.com/gui/file/2830a6a923b2d7ff9c4839672db11f64675732aa4d44343b9b7573ca4d6486a1/detection

45.74.35.38:1144

# Reference: https://www.virustotal.com/gui/file/d76483dd726209229a345e0d3856094275e62326ba800cff3b506ba6b7aaca5e/detection

197.207.191.156:1144

# Reference: https://twitter.com/ScumBots/status/1270113968649113604

134.249.160.9:7777

# Reference: https://twitter.com/JAMESWT_MHT/status/1270365125464203264
# Reference: https://app.any.run/tasks/5f6b1ed2-3f06-4a9c-b4f6-b8bc9c757a17/

193.104.197.27:4229
193.234.95.68:4229
newrem.duckdns.org
servr2.plzbanif3abused.xyz

# Reference: https://twitter.com/reecdeep/status/1270747853573537792

185.244.30.113:6996
eastsidebandit.myddns.rocks

# Reference: https://twitter.com/JAMESWT_MHT/status/1270981434703056899
# Reference: https://app.any.run/tasks/821468ce-9c90-48fb-afe5-7df3e1096df4/

194.5.99.132:42017

# Reference: https://twitter.com/MalwareConfig/status/1271561068167512065
# Reference: https://www.virustotal.com/gui/file/d810038d3a2198564a3fe1a23260f4adef32385f265f1d79f77ff1b282f09710/detection

144.217.255.52:10134
phazeonrunescape.ddns.net

# Reference: https://www.virustotal.com/gui/file/09a16ee256f6a7b289e4a65013e3cd9f2c271d14ab1bf44ed89b856aeb13f2c2/detection

36.70.188.129:9798
uqm.ddns.net

# Reference: https://www.virustotal.com/gui/file/48404246cff844b59a4734b2ac30a05b4fa1a6f8750a7eb6ef403db312b7ba42/detection

23.105.131.141:8811
nagod.ddns.net

# Reference: https://www.virustotal.com/gui/file/15d899d86ec22da49666a2e19883acf76c17f8c0fb4cc79f6860de2e687b7061/detection

216.38.7.231:8811

# Reference: https://www.virustotal.com/gui/file/4691e58de9940ece438bdf64bcfd43d3186a1a19c9fe43b5164e6a83d60f5f08/detection
# Reference: https://www.virustotal.com/gui/domain/dns.dunamix.me/relations

185.244.30.82:2048
192.169.69.25:2048
dns.dunamix.me
easter87.duckdns.org
oluchi.ddns.net

# Reference: https://www.virustotal.com/gui/file/a8d761e48b662116fd637b656e6138e3cfb902af76ecdb31e73ddde18f0affa5/detection

216.38.8.168:8787

# Reference: https://www.virustotal.com/gui/file/0b4964c33138a53c916b451fdaec7372f9e238361a9bbcde428cdd941f1d7f11/detection

216.38.8.168:7070

# Reference: https://www.virustotal.com/gui/file/d1649b71e9c38f0dc10838f258998914a966fdb2caccd78f210cc34707420497/detection

23.105.131.154:7070

# Reference: https://www.virustotal.com/gui/file/efe9c3a82e0b98a6b144d86f06ec68e8f6b3d735117de23dacc598ad2ab1dc37/detection

23.105.131.154:5050

# Reference: https://www.virustotal.com/gui/file/e0d227ec8d25b5d6b05b931435fed286895edbfe9990a388c925e0b91911e9d3/detection

185.244.30.82:2048
igbo.hopto.org

# Reference: https://www.virustotal.com/gui/file/063cee4d23dc9351a9805b239fb6ddd531af5d7a4657919b5feeab757f877ec7/detection

185.244.30.17:1965
ifeanyiogbunebe.ddns.net

# Reference: https://www.virustotal.com/gui/file/eefb8c8f6588ed3c764a1384fae0da22874ba64bedac4ba1a7b92fa08878cb8d/detection

91.193.75.27:7070

# Reference: https://www.virustotal.com/gui/file/0cdfbe3c9db21651126b282d338539c625748118f6a1045c3d5c12d5e12f0d3c/detection

91.193.75.27:1990

# Reference: https://www.virustotal.com/gui/file/20c0e5b7620d51b026ce693ce54ccdf0dad76fcda9747913feeba3f8d34f25e8/detection

185.165.153.17:1120

# Reference: https://www.virustotal.com/gui/file/373a778ae1a96ec5470097f7dcda115ac9b48ff1e646f37837a2547c10af2cd3/detection

185.165.153.17:1010

# Reference: https://www.virustotal.com/gui/file/b097d38be9a17b46ba76b5eb4c22b3201af79492bef21a8a765128337a55f57b/detection

91.193.75.5:8678

# Reference: https://www.virustotal.com/gui/file/2003c5fea62a63caca412982a0a5d7288fe7b5a063eebc7c9b84ea7baab539b6/detection

3.126.37.18:10752

# Reference: https://www.virustotal.com/gui/file/14cd5671644e47f0336603c7abfd8868c066e52e2d1411f42b2987d35b00ce2e/detection

18.197.239.5:10752
3.127.138.57:10752

# Reference: https://www.virustotal.com/gui/file/63955e38216c81a4fcee2be6cbb14273bd57abab9e7b2042fbe2100e44aad91b/detection

185.140.53.11:8090
newbackomo.duckdns.org

# Reference: https://twitter.com/JAMESWT_MHT/status/1272889477430722562
# Reference: https://www.virustotal.com/gui/file/af167bda48f2c529f5c40634b0656e1a200806b7f04fa340c6f2cc649da6cde4/detection
# Reference: https://app.any.run/tasks/f7950d7e-918d-4044-b82e-aca79ba124d7/

http://91.235.143.133
185.244.30.113:6996
twistednerd.mywire.org

# Reference: https://twitter.com/reecdeep/status/1273201836858716166

flambouyantpapi.myq-see.com

# Reference: https://www.virustotal.com/gui/file/414d4369268bd3d1c22d2c295e2b5af0cf11c09a754a99be438c4a14f37f6896/detection

185.140.53.18:7082
baby212.ddns.net

# Reference: https://pastebin.com/eifTii1e
# Reference: https://app.any.run/tasks/cc1f12e5-66d8-4b74-b1e7-904a2c2b3dfa/

194.5.99.29:1400
protondata.myq-see.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1275720358658793474
# Reference: https://app.any.run/tasks/de05898e-058b-4955-a98b-fe7d2e1c5e31/

cobbtownholiness.com/king/search/frontend/host/town/index/crewe/Attack.jpg

# Reference: https://www.virustotal.com/gui/file/fd446f0c654fd5e240c025a49b22c82391e94fcb7d3c6c98cb99137ff665c13d/detection

194.5.98.111:5422
morrishittu.ddns.net

# Reference: https://www.virustotal.com/gui/file/35095733c5364f67a3226c5de81ff2caaf0524a097a3c1c3e06272d5706d00f9/detection

185.125.205.73:5422

# Reference: https://www.virustotal.com/gui/file/7db77a40561aa86261d37b5e5941d5b1bfa3e0d9aeb62abea87bf7e6a26ed71d/detection

185.247.228.165:5422

# Reference: https://www.virustotal.com/gui/file/587a47a6e509433e808a3d6aec6cd7fe4602f331f94c44eb7b35a643852b4bb8/detection

85.203.22.68:1419
95.0.134.226:1419
91.193.75.235:1047
morrishittu.linkpc.net

# Reference: https://www.virustotal.com/gui/file/813643336711b2753845b25bf7ce235e06dceaa4066e32fb9c986cea0b458c83/detection

91.193.75.235:1047
91.193.75.235:1419

# Reference: https://www.virustotal.com/gui/file/8b5f39b1886022b9eb1e343f2c050fa263a5c7f121942b421d27d8548df90a2d/detection

129.205.114.28:5422

# Reference: https://twitter.com/pmelson/status/1280322293965688832

boleto.duckdns.org
camera02.ddns.net
cdtsupremo.duckdns.org
guestbooking.ddnsking.com

# Reference: https://twitter.com/Bl4ng3l/status/1280415293521739778
# Reference: https://www.virustotal.com/gui/file/18f32daab9bac5909cf9fe9bfaba3183104ae5ec60bdafc8091214887e966195/detection

194.5.98.23:1965

# Reference: https://twitter.com/iamwinstonm/status/1281715105391140864

fgdjhksdfsdxcbv.ru
karimgoussd.ug
smiothmadara.ug

# Reference: https://inquest.net/flash-alerts/IQ-FA008_Remcos_Maldoc_Utilizing_Macrosheets

47.106.112.106:8032
update.huobibtc.net
update.office365excel.org

# Reference: https://www.virustotal.com/gui/file/30973f3f141356fa1b6f7435575dec35971702185013e246ba7a68a8e51c391c/detection

185.140.53.10:7171
zimchi2020.ddns.net

# Reference: https://www.virustotal.com/gui/file/00475692be68c9b147238676446142bf183700deeb8cd32e143353e77ab09a73/detection

79.134.225.111:20207
magiobi.myq-see.com

# Reference: https://www.virustotal.com/gui/file/b718c4fe8e03c60658ddf0a98496c0cfd06bddae6884b28c57d5897c837ad57d/detection
# Reference: https://www.virustotal.com/gui/file/767509d1864123651103929b145e83d3c56d230935ff11a2a1d8b5566aedc7b6/detection

185.165.153.37:9111
194.5.97.125:9111
rem-pounds.zapto.org

# Reference: https://twitter.com/JAMESWT_MHT/status/1285177330508464133
# Reference: https://app.any.run/tasks/097bbd0b-74c4-47b4-9f4d-201ee4c38a4a/

185.165.153.90:3949
myfrontmanny.duckdns.org
myfrontmanny.ddnsfree.com
myfrontmanny.ddns.net

# Reference: https://app.any.run/tasks/1bc823c2-5852-41d3-b745-9eb26008de1b/

107.175.32.212:58826
79.134.225.32:8950
babushkaboy.myq-see.com
rapture666.myq-see.com

# Reference: https://www.virustotal.com/gui/file/5b9361351db7c650fa5ebbd9eca3f9601da77d6165f7a02a0f7c3b694ac2872c/detection

95.181.157.6:3333
rem.payeermine.com

# Reference: https://www.virustotal.com/gui/file/43a7ad11c500e6f3338f620a4056ae808ef5b61cd13b621bbf7d2e04122a61ec/detection

51.161.96.106:3001

# Reference: https://www.virustotal.com/gui/file/93241314c69219ff7ad7f7be291a8320a20ea4153898f7c660976812bfb57e0e/detection

194.5.97.15:3871
okamoto.hopto.org

# Reference: https://www.virustotal.com/gui/file/3bfa63455e4936d261be757e92b1acae0b3a03870e7b81b5581a0ef46b954ddc/detection

194.5.97.23:3871

# Reference: https://www.virustotal.com/gui/file/b673fe86224dba05fa6b976aaa6561709b8b3fc370dcef01c798d7f5d3414728/detection

46.38.151.236:3871

# Reference: https://twitter.com/reecdeep/status/1293089692418822145
# Reference: https://app.any.run/tasks/38a328b5-b9f5-4be5-8ece-635692b6893d/

79.134.225.52:6666

# Reference: https://bazaar.abuse.ch/sample/10ec185be9504c09a3c52c97abc34b879f4224459f154a57a56ab15df1829208/

185.244.30.243:46617
79.134.225.32:46617
boyflourish.myq-see.com

# Reference: https://www.virustotal.com/gui/file/52e7edc928a8ebe518c76972d45dec866927a7f7fc672a99f92b0d92a4479826/detection

86.99.25.192:5552
empirepvp.zapto.org

# Reference: https://www.virustotal.com/gui/file/1f38232ff5cc0a22f104f4efff9724183cc4551e7d93047a28df6496ea13a59d/detection

deeminol063.hopto.org

# Reference: https://www.virustotal.com/gui/file/67680350052c8774c2173e716367760200dcdcee362d317e5ee3dd97222ed887/detection

194.5.97.11:2404

# Reference: https://www.virustotal.com/gui/file/9308214d32419cfd7af3203fb1982798b270554888a50679655959dbab1ad957/detection

216.38.2.205:4050

# Reference: https://www.virustotal.com/gui/file/81abcabdc6ec5f22cf55310f31d596bdbbac2fe24adbed126fb5124d74d85800/detection

94.194.4.192:2404

# Reference: https://www.virustotal.com/gui/file/54695494b42242c0b442851febff5eff3ae97b457278323ea32ed70bb9397e36/detection

51.15.22.167:20202
regfrodom.ru

# Reference: https://www.virustotal.com/gui/file/68a42b25fb48d8337952e1dda259ef0c1922817b8bd8eb5c13ad199fb9cca4ce/detection

51.15.22.167:20402

# Reference: https://www.virustotal.com/gui/file/e546566be4ea436e1fa7a62f7ffd531525fddc4484b83e571025984d12a4fe77/detection

216.38.7.231:8811
nagod1.ddns.net

# Reference: https://www.virustotal.com/gui/file/14f58e94b51704d4f0d0540f47cf1a06175e9919aeb9ba58d209adece64a737a/detection
# Reference: https://www.virustotal.com/gui/file/bdfd5e1d7d560ce9656e4b4594ff1bddbb6b44993c8e7d2aa6ae21a10c08a6e0/detection

82.102.211.13:2404
82.205.33.194:2404
googledrive.dynu.net
googledrive.linkpc.net
googledrive.myftp.org

# Reference: https://www.virustotal.com/gui/file/52b9c393d076fe63033126e342e7987e464f016bb70601356365481738042670/detection

centos4u.strangled.net
kellop114.myftp.biz
ostopol.myftp.net
satell990.dyndns.org
wertopol.strangled.net

# Reference: https://www.virustotal.com/gui/file/d5c98032ca72405fef0d8d88380730fa85bc892ea2a38ef42395bb3fca861bdc/detection

spartanrulz-32158.portmap.io

# Reference: https://app.any.run/tasks/e90145d2-b04c-46ee-b58b-708ef4472880/

185.19.85.159:672

# Reference: https://twitter.com/58_158_177_102/status/1302863025121058816
# Reference: https://app.any.run/tasks/9f56a787-bd36-4741-adb6-2ad5e556ae23/

193.218.118.190:42020
style.ptbagasps.co.id

# Reference: https://blog.talosintelligence.com/2020/09/threat-roundup-0911-0918.html (# Win.Trojan.Remcos-9753190-0)

eysk.city
edhrtyujffd.xyz
muhoste.ddnsfree.com
menstyle.duckdns.org
boyflourish.myq-see.com
mysticalsailor.myq-see.com
vikingo1928.duckdns.org
3houturk.casacam.net
foustraje.mywire.org
koustaeik.dynu.net
2houtie.kozow.com
houstus.gleeze.com
keking.myq-see.com

# Reference: https://twitter.com/reecdeep/status/1311252180670742529
# Reference: https://app.any.run/tasks/df3d660c-3bc6-405c-9efd-4cad0b9bf066/

79.134.225.83:8638
incidencias6645.ddns.net

# Reference: https://app.any.run/tasks/f2301ec1-9e5a-488e-a351-dc94c209860f/

103.147.184.53:4042

# Reference: https://www.virustotal.com/gui/file/689dcaa3c134cbccfb0c10d14c668c7b71334da8f7710503e03ed5bc8d714b97/detection
# Reference: https://www.virustotal.com/gui/file/a46df0abf052617a893f0d4093f77021f2c23e7e133f10ba2f222fae03020cd0/detection
# Reference: https://www.virustotal.com/gui/file/575bdd6efa08ed4ec3a18034716e35fd2444f1d37a43de6edaaf4ff0a18c5b60/detection

103.212.228.68:2404
103.212.228.68:7271
45.138.209.39:2404
45.138.209.39:7271
we.fanasp.co.kr
we.fanasp.com
we.oneasiaex.com

# Reference: https://otx.alienvault.com/pulse/5f7c5d703a6e8fae8295a637

doublegrace2020.ddns.net

# Reference: https://twitter.com/InQuest/status/1316097241489301505
# Reference: https://www.virustotal.com/gui/file/c1092cf4a7c2ddf97cc2e18a63fa7b7aae817995e995de5e774c8b141785d18f/detection

185.244.30.243:40619
voodooangel.myq-see.com

# Reference: https://twitter.com/ps66uk/status/1316126806232256514
# Reference: https://app.any.run/tasks/730d0464-45fb-4b4d-823c-db1ef0cc9a07/

79.134.225.48:1011

# Reference: https://blog.talosintelligence.com/2020/10/threat-roundup-1009-1016.html (# Win.Dropper.Remcos-9775269-0)

bushuc009.duckdns.org
fuckfuck0.ddns.net
insidelife1.ddns.net
rromaniitalfoodsinc.zapto.org
u875414.ddns.net
zubbymoney4life.ddns.net

# Reference: https://twitter.com/malwrhunterteam/status/1318087844359974912/
# Reference: https://tria.ge/201019-w9w13727jx/

95.217.144.93:5864

# Reference: https://twitter.com/reecdeep/status/1318469829268000768
# Reference: https://app.any.run/tasks/c05755c4-b1f3-4ddf-a3b1-9e368976d6fc/

115.134.23.40:2910
115.134.23.40:6639
115.134.23.40:7762
194.127.179.245:7762
rromaniitalfoodsinc.zapto.org

# Reference: https://www.virustotal.com/gui/file/4dad95676736402a2fe6368eb4efed088f4898cf85c8f6e2abda6e94efd8e77e/detection

185.19.85.141:8808
21421412515215.ddns.net

# Reference: https://www.virustotal.com/gui/file/d90248d8d9d8fb8bdd69bca18f09acaebfbe2935292bcf54def3b21195e920b4/detection

193.161.193.99:34775
revenge01-34775.portmap.host

# Reference: https://app.any.run/tasks/f9925414-f338-4f5b-8add-f9e34fa9500e/

79.134.225.20:1980
bushremcos.duckdns.org

# Reference: https://www.virustotal.com/gui/file/0bedf163c25f8a5728ff01ff7e163eaa6205e05d9811397ce3e8ab0a151d53e1/detection

185.165.153.243:2021
79.134.225.30:2244

# Reference: https://www.virustotal.com/gui/ip-address/23.105.131.166/relations
# Reference: https://www.virustotal.com/gui/file/7845e2797aaa8ebce29c1fee5704578cb15211bc85447cea5b2c7da9010c0ba7/detection

23.105.131.166:2888
gsky.warzonedns.com
ounixpro.duckdns.org

# Reference: https://gist.github.com/silence-is-best/0aa844b003c62c6ce491e91e168ac662
# Reference: https://www.virustotal.com/gui/file/1a1924da9d272ea46f8a0a62d7e2ecf01746e9a7621c8b1c36950788c3a3bd8c/detection

u875414.ddns.net
u875414.duckdns.org
u875414.nsupdate.info

# Reference: https://www.virustotal.com/gui/file/62d88acc465626086cf8a5e266f2fbcd2f51bc3c462a236b0c9349e70b5194a9/detection

185.19.85.149:6667
jaffinryu.loseyourip.com

# Reference: https://gist.github.com/silence-is-best/0aa844b003c62c6ce491e91e168ac662
# Reference: https://www.virustotal.com/gui/file/81940f757b93af4af9c146ed068abe089baaff3181863ba9e6ddae54ec5cb5d9/detection

198.23.192.204:41289
jollymorgan.myq-see.com

# Reference: https://www.virustotal.com/gui/file/b71e07e53baaeb13a8f617b56ba6944529401798ef32c55f9fb362f0531983ab/detection

79.134.225.50:42025

# Reference: https://gist.github.com/silence-is-best/0aa844b003c62c6ce491e91e168ac662
# Reference: https://www.virustotal.com/gui/file/dbabf85d66c08e57af2a3ffc46b5e915291849b19aa00f1ab9ab61d5b0fe7bfc/detection

185.244.30.226:2267
kay34.duckdns.org

# Reference: https://twitter.com/reecdeep/status/1323941877918388226
# Reference: https://app.any.run/tasks/9de16759-7dfb-4c15-9c2d-26e1951b9fe8/

185.140.53.129:4354
uzbektourism8739.ddns.net

# Reference: https://twitter.com/anyrun_app/status/1326050738607452161
# Reference: https://app.any.run/tasks/bbfccd29-2c3b-4a71-8713-63285f610029/
# Reference: https://www.virustotal.com/gui/domain/indoreisenslovenia.com/detection

indoreisenslovenia.com

# Reference: https://www.virustotal.com/gui/file/75250cab773991fd76bf14b8c397b2f143100cf5b13f3213528167e43409a537/detection

5.2.68.77:2404
hassavanarel22k1.xyz

# Reference: https://www.virustotal.com/gui/file/f21dc0aa7ef43f5799073c250f581c7c8ec1f7a1ec8518fb90b3df4759075472/detection

64.188.18.166:1983
honoexpress.linkpc.net

# Reference: https://app.any.run/tasks/66dadbe4-2d6e-4f7a-8d17-6a833d0a5ce5/
# Reference: https://www.virustotal.com/gui/file/680998e260bbd7b843f923f3ae3c1fcadbd1037fbd795c7da98149876f791e7b/detection

205.185.125.42:3014
cupidwap.com

# Reference: https://www.virustotal.com/gui/file/6ba00445a5c30db7e57de9335d2afc28a63315badef37d97af8b602b9e820aeb/detection

185.140.53.231:5050

# Reference: https://www.virustotal.com/gui/file/a20bf2ab10263ca3dd2ada84854a22d9e6fd9029925ed65cef91765f6347aa66/detection

79.134.225.37:4050

# Reference: https://www.virustotal.com/gui/file/9128e156ef2c0ed95d615729316ff82615354d6509e30a2e931913cb574dd4dc/detection

185.185.3.40:2404

# Reference: https://twitter.com/James_inthe_box/status/1331333639464841219
# Reference: https://www.virustotal.com/gui/file/e18773082c76655f9222fd26198eab9011af2bebea85fb4c7d525e37e3e84024/detection

79.134.225.120:12489
daemontime.myq-see.com

# Reference: https://otx.alienvault.com/pulse/5fbe488fe0a954169992d27e

al-sharqgroup.com
deviatefromnorm.com
sandshoe.myfirewall.org

# Reference: https://www.virustotal.com/gui/file/52e6d14ed04c5d7b44a0966a6357a62c8ab7550cda38c37f3c6c11bc0ff19f60/detection

5.39.11.47:2404
citym.camdvr.org

# Reference: https://app.any.run/tasks/b3ddcec2-f0ee-4a87-9fef-5ae96671dffe/

45.10.88.89:2404

# Reference: https://app.any.run/tasks/f5fde18d-e250-4011-a63a-bb63732935ba/

185.19.85.183:5004
stellionlab.com

# Reference: https://otx.alienvault.com/pulse/5fcf6bf6695f8abeb583b291

agentpapple.ac.ug
agentpurple.ac.ug
agentttt.ac.ug
brice.ac.ug
darkangel.ac.ug
nilemixitupd.biz.pl
taenaia.ac.ug
doublegrace2020.ddns.net
softg.duckdns.org
u875414.ddns.net
u875414.duckdns.org
u875414.nsupdate.info

# Reference: https://twitter.com/JAMESWT_MHT/status/1336585927221768193
# Reference: https://www.virustotal.com/gui/file/e4adc99ec527422ee85c7260633d9e7abe452215f6c68bee28b4d4e8ac48d4db/detection

85.114.134.130:5850
85.114.134.130:5851

# Reference: https://app.any.run/tasks/cd97dd8f-a088-4c78-80c7-66c6b47e297a/

194.5.97.32:959
softgee.duckdns.org

# Reference: https://blog.talosintelligence.com/2020/12/threat-roundup-1204-1211.html (# Win.Dropper.Remcos-9802952-0)
# Reference: https://www.virustotal.com/gui/file/f862eb253778c7b1c35349d798736124d7ee97db446217b2e5962fe2431d1e46/detection

185.140.53.129:3871
waxb.ddns.net

# Reference: https://app.any.run/tasks/d73cc422-8f5d-4d45-9f4d-b58a2ecb5baf/

181.48.139.42:6695
postreg.caserogourmet.me

# Reference: https://twitter.com/JAMESWT_MHT/status/1339442811092013056

mute-saga-0240.lovesick.jp

# Reference: https://app.any.run/tasks/8cf679a2-d1e1-4bd9-be0d-93da9c9fa041/

185.140.53.225:6609
cato.fingusti.club

# Reference: https://www.virustotal.com/gui/file/94ec48d884762cb9f15584b01baa677445daa83d4093ccae7f70f6773b949799/detection

81.136.50.222:1604
hamstro1.hopto.org

# Reference: https://www.virustotal.com/gui/file/5cbed2f8a5fdadbd99816c4c8792bd51a2db7479f80bf70409f0f257f942d0c9/detection
# Reference: https://www.virustotal.com/gui/file/6db24529273edf15b17110e6abd8c2c530f183071b34155bbab3c24634a96275/detection

185.244.30.180:4902
185.140.53.202:4902
4sureme.ddns.net

# Reference: https://www.virustotal.com/gui/file/134a6f4d0867df4570a3c569a0a5be3cca92537e8f27ff169e89c3eefa59fe6b/detection

194.5.97.198:2021

# Reference: https://www.virustotal.com/gui/file/849c170a469dc6f5b1bc190923744b08c51ea0ea593e435f0121b874af58c3ec/detection

185.140.53.221:2404
194.5.98.145:2404

# Reference: https://www.virustotal.com/gui/file/fde81d8213468a66ed189297ca748d5c4f07963d5cf33d622f245cd76135ccc8/detection
# Reference: https://www.virustotal.com/gui/file/80eb23e554c801edb57a51883e0ac40d26fa6aa8f764a2d30d31e451359486cf/detection

109.163.234.141:19109
185.206.225.59:19109
86.105.9.67:19109
sub2.xboxjordan.waw.pl

# Reference: https://www.virustotal.com/gui/file/72afbcd580f1ab2994b13938db2fad12fdd7619961d346a220fc2110d348490f/detection

89.249.74.213:50119
wghavenn.airdns.org

# Reference: https://www.virustotal.com/gui/file/03e055979496752e7f81aed9884a6acbcbeda20148e60f7b5d8eda30852e4e23/detection

2.58.47.203:50119
wghavennn.airdns.org

# Reference: https://www.virustotal.com/gui/file/461aeaa36397feb9322660fb537a2c976f6ef41509d428993c924279ca6c7f56/detection

79.134.225.28:24007
mariasteven1.ddns.net
mariasteven1.hopto.org

# Reference: https://twitter.com/malware_traffic/status/1346947588075868161
# Reference: https://www.malware-traffic-analysis.net/2021/01/06/index.html

79.134.225.92:2889
whatgodcannotdodoestnotexist.duckdns.org

# Reference: https://www.trendmicro.com/en_us/research/17/h/cve-2017-0199-new-malware-abuses-powerpoint-slide-show.html

192.166.218.230:3550
5.134.116.146:3550

# Reference: https://app.any.run/tasks/837b76df-3fc8-4b34-8a61-f25d1a32c4b8/

45.137.22.52:8780

# Reference: https://www.virustotal.com/gui/file/15598151d970675376778697c2c6498a104856b88a58fdc2c663a35574892abe/detection

193.161.193.99:31403
35.225.160.245:5762
agaoajz1hrvevre.info
bcbncq393z3hplq.club
cbiq1neygyp1wno.info
cedsxoisslv2nim.club
cwt1u0vv8ic357ov.info
gwty0fig58dcq6f.xyz
maui16azsncpo97.info
mj99puoba6c3gun.info
pgqduoyxvzennam.xyz
pmfiryhhkin98px.xyz
poykoqnl7jkj632.info
se2qwz60l2oxznm.xyz
tu90to3b4q4uqze.info
usd7o88wemlutx5.xyz

# Reference: https://twitter.com/fr0s7_/status/1353668898994999296
# Reference: https://app.any.run/tasks/5e41e266-b135-4604-b58b-9facafe8d0dd/

54.39.198.228:6332
moneyds.ddns.net

# Reference: https://app.any.run/tasks/2c8c2f47-e965-4ca7-ab5f-bf8bcefd74b2/

185.140.53.149:6969

# Reference: https://www.virustotal.com/gui/file/ed33a55395aa0b7061266a9c61b87fdecfb3fd0605ac1ca342751f9deaf25930/detection

185.140.53.12:1170
185.140.53.12:1180
anonfriendz.duckdns.org

# Reference: https://www.virustotal.com/gui/file/b77ee0649ca157f9c5bfa3f1a81425bb8a72d704e7298fff81936843c2714443/detection

185.244.30.3:1170
185.244.30.3:1180

# Reference: https://www.virustotal.com/gui/file/54943c180b2fa915dd676406c3ef2c61597da86b982de4a685d59288e08888dd/detection

185.140.53.138:1170
185.140.53.138:1180
96.47.236.78:1190
tradeworld.duckdns.org

# Reference: https://app.any.run/tasks/ac3857dd-b08b-4dbf-8d37-1e941949eee0/

46.243.248.15:2177
gdyhjjdhbvxgsfe.gotdns.ch

# Reference: https://www.virustotal.com/gui/file/375f949cba028f5722641af5c2b8d62086639d0663796ea01ac18cd1470184d2/detection

13.59.15.185:16391
3.138.45.170:16391
3.22.53.161:16391
3.128.107.74:16391
52.14.18.129:16391

# Reference: https://twitter.com/malwrhunterteam/status/1356889417030500353

datamicrotransfer.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1356909089746530304
# Reference: https://www.virustotal.com/gui/file/df2b517d9777fb1b734d1f25e7eac6f5217988596427086c7821a272f1fd9abb/detection

185.244.128.34:2404

# Reference: https://twitter.com/petrovic082/status/1357010449909350408
# Reference: https://app.any.run/tasks/91c4e993-c6d9-45e4-8863-8c6d6baed913/

79.134.225.114:1814
covid19safety.myftp.org
mercyofgod.myftp.biz
mercyof4god.myftp.biz

# Reference: https://app.any.run/tasks/b0dc1122-9b02-4592-996a-6a27952af5bf/

37.252.11.23:6969

# Reference: https://www.virustotal.com/gui/file/3efd0b10958683468b618a94f3b3888d6879c190b7e1c7425a23fc434f64271d/detection

66.42.107.233:1337

# Reference: https://otx.alienvault.com/pulse/602128ef6c24b8ff3a8da56b
# Reference: https://www.virustotal.com/gui/file/95977953d059ed0e495628fc2906d05c1bfce1d8154adce122db8e19b01ba398/detection

starbuckscoffeeohyea.duckdns.org

# Reference: https://www.virustotal.com/gui/file/5a4991196a119e42c7256e986d66df9b2b8f8bf5e43353c195cd495634231103/detection

46.243.230.51:2177

# Reference: https://twitter.com/reecdeep/status/1359110973009899520
# Reference: https://www.virustotal.com/gui/file/1e5a328f760c35f905390fb4bcf0eefa75936c79a43e22ca7557da0e315c72ed/detection
# Reference: https://www.virustotal.com/gui/file/926da3334135961ff0c19ecf4358201ba4734ab01186061c423deeb081ec1cff/detection

194.5.98.14:7369
highwayraider2021.ddns.net

# Reference: https://malwargsecurity.com/2021/02/08/remcos-rat-net-unpacking/
# Reference: https://www.virustotal.com/gui/file/3908ede26aad1fc2a1db9d3a26a017549b40ebc7d73d731fcb5691aab82b830f/detection

68.9.207.24:37845
transcendentalistschool.com

# Reference: https://twitter.com/r3dbU7z/status/1359374669921550336
# Reference: https://www.virustotal.com/gui/file/c062b4a790666b338f7955ea792605bf0244a8d36cb1050c602727ff6d654e36/detection

37.120.137.254:30288
remmyma.duckdns.org

# Reference: https://otx.alienvault.com/pulse/6023cbf090368b63de15730a

tanjiim19713.sytes.net
xchilogs.duckdns.org

# Reference: https://app.any.run/tasks/711e1f28-747f-4e74-b634-dd377aa9531d/

186.169.39.242:3202
resener.duckdns.org

# Reference: https://www.virustotal.com/gui/file/52f07520a01a6da3c6bc7545fbc53fc567cd4cdce70f25d849cd32d163474d45/detection

obereagujnr.damnitjim.xyz

# Reference: https://app.any.run/tasks/f1e86c26-0af4-4181-ab13-ed53844fa708/
# Reference: https://app.any.run/tasks/7d1dad7c-6c33-44f4-82be-1cf81a5ae55c/

185.86.106.202:3234
79.134.225.96:5397
gentamakina.com/tt/
marstonstyl247.ddns.net

# Reference: https://twitter.com/reecdeep/status/1361943725354741761
# Reference: https://app.any.run/tasks/02066148-b1e0-4e0c-b503-b468d1929467/

79.134.225.11:2021
talkmyown.kozow.com
talkmyyown.kozow.com

# Reference: https://app.any.run/tasks/bc1c9de5-d4ad-4293-ab89-0336089d0c9c/

78.198.121.158:666
yifflez.ddns.net

# Reference: https://otx.alienvault.com/pulse/602fa97362b6279a63a34907
# Reference: https://www.virustotal.com/gui/file/adda1acb8d885b3725058cf0a26d22b0c98a80673126a7bf7216ac7f6ba86005/detection
# Reference: https://www.virustotal.com/gui/file/d10921fef4f5d706859246d7e4f988f7df830d59e2ba6daab16665fd5637a16c/detection
# Reference: https://www.virustotal.com/gui/file/8a59bb0e1678af1df0b5d32e17ecc543310876b8b27ed18350ffced305ac32bd/detection
# Reference: https://www.virustotal.com/gui/file/71321f5d0edaa1d1bd1a9f4f931233a02cf2bf4919954b4c8337aea75f100feb/detection

103.151.124.64:2243
103.153.76.111:2667
103.89.88.238:4299
160.177.121.69:59
adadwdgfgdfg.ddns.net
sknre.duckdns.org

# Reference: https://twitter.com/reecdeep/status/1363765805314420739
# Reference: https://app.any.run/tasks/e79ebc0c-f8fe-483c-a4df-3419b26895b5/

194.127.178.174:4021

# Reference: https://otx.alienvault.com/pulse/60379278fbce7ab73ca18941

greenfieldsde.duckdns.org
j8.andnolikeandtoo.ru

# Reference: https://blog.talosintelligence.com/2021/02/threat-roundup-0219-0226.html (# Win.Trojan.Remcos-9835338-1)

ghdyuienah123.freedynamicdns.org
ghsgatvxbznmklopwagdhusvxbznxgtewuahjkop.ydns.eu
gsyagvxnzmkoplbhduisbagtevcnxmzlopljdgye.ydns.eu
hjduiebcvzcalpmjdbcnwqadhsiybcnzxswedgap.ydns.eu
hsyuwbvxczbansmloiujdhsbnbcgywqauaghxvz.ydns.eu
mtspsmjeli.sch.id
swryijgrvcsgkopnmcdertvgdswbvmophtfdczxs.ydns.eu

# Reference: https://blog.talosintelligence.com/2021/03/threat-roundup-0226-0305.html (# Win.Trojan.Remcos-9835542-0)

cwzxas.ddns.net
rem1.camdvr.org

# Reference: https://www.virustotal.com/gui/file/076943b4bde772d9f6c5239dae006557e6ea21a6c72307a98475a422b75b618a/detection

193.161.193.99:50915
artemlok134-50915.portmap.io

# Reference: https://otx.alienvault.com/pulse/6047646f1a9d70bd963228bb

asnrg84tr15e.ddns.net
vpsnnog.ddns.net
kazeni.ru

# Reference: https://www.virustotal.com/gui/file/425125474825c83c556ddb9686d06c0fe3bed8fd1a6a7058b60a26189aec81ca/detection

46.21.147.203:5850
fasdf324v4355642dfssbzsdfv23vasvf12.xyz
w8s.graviimaster.ru

# Reference: https://tria.ge/210315-t7r5mz9tv2

37.48.89.8:4783

# Reference: https://www.virustotal.com/gui/file/1cf604ac116b7d480da4fff508c4ef036ab842df708c8ce0b8e81e4b6f37efd8/detection

79.134.225.46:2405
ogidikasi.hopto.org

# Reference: https://www.virustotal.com/gui/file/84cf1bbee36c2424d48072b0f3cc8083ab37e04b93e72d455f9d545ea3a72c4f/detection

23.83.132.179:1414
bu250653.hopto.org

# Reference: https://www.virustotal.com/gui/file/c38b0ffb44c8586dff8c8ec3546b3bfd332c4e84f9b636fceb322522fe2ed409/detection

164.68.122.235:7775

# Reference: https://www.virustotal.com/gui/file/5e0fe09b76750751f25ee170f4e3f5d3de441614a887316e3a62334d859b769c/detection

176.111.174.72:3139

# Reference: https://www.virustotal.com/gui/file/38e003f280936ad6c0cacd7a57e6864de55b11058f5c0d45f8b3e42313bfdf84/detection

5.172.199.55:3513
dfxczaqwvcutbnmewxvfqwercfgrwzxcdcdfvgws.ydns.eu

# Reference: https://www.virustotal.com/gui/file/ef91414c679b45b0100bac70a53d65eac5c0b280feffe3350c803d215bb7607a/detection
# Reference: https://www.virustotal.com/gui/file/17c742f29afb5c4352f3fb0079fbb0b2d72da1e65cfc59695f9a7259088b4615/detection
# Reference: https://www.virustotal.com/gui/file/d34d907900597c60df794fea4bc35e8ecafe3359f8cc8ef32742ba4e0747afbc/detection

185.140.53.133:4344
23.105.131.132:4344
79.134.225.73:4344
ongod4life.ddns.net

# Reference: https://www.virustotal.com/gui/file/7f0cb02c449739d35bc024bd78983126dbba1b3c78f566184177f8e0206f1b60/detection

159.89.86.174:4810
oberenwa.ddns.net

# Reference: https://www.virustotal.com/gui/file/5adf963b1c92ba79a5003d87943b4cb6c8a72fb9db63d8922c43f6631ad27995/detection

46.243.239.31:1996
wedsazxcvfghyuiokjhbnvfcdsaweyplmhbvrtud.ydns.eu

# Reference: https://www.virustotal.com/gui/file/1b49da172b79de32c6df4e87385e57c0e3768b0b227b84cc38cd746b05200720/detection

172.94.24.120:2177
172.94.110.79:2177
gsyagvxnzmkoplbhduisbagtevcnxmzlopljdgye.ydns.eu

# Reference: https://www.virustotal.com/gui/file/13bde9ef7157ee47c6906c69e6fe0d810b04ce60b8b4f2e74743da33e526dbf2/detection

37.230.130.89:1996
wedsazxcvfghyuiokjhbnvfcdsaweyplmhbvrtud.ydns.eu

# Reference: https://www.virustotal.com/gui/file/631c6d3b1c526c8bb366cc72b009da37ec83994c72b210b0132650fef93c147c/detection

sfghfsfjskdjkdfbvndcnfjskaklwrrfw.ydns.eu

# Reference: https://www.virustotal.com/gui/file/f4385738ec4059ccdb1cdc3d0027ea44d002dbbbaebcb300ec8591bc9397e184/detection

104.247.222.46:2404
agdyieyrtghbncmloawghdvbxcvztyijgrtwqbcs.ydns.eu

# Reference: https://www.virustotal.com/gui/file/5a5e322d26a9565ef099e9c62ded4b7430e13cb13303bb97000d720e023f30a2/detection

172.94.16.38:2486
wywtrwbnmhtytrebsgwtfcvzcxgjhyegvbcnmgte.ydns.eu

# Reference: https://www.virustotal.com/gui/file/0905d7304968596830e1a0fc7bdec0954a625fadce64a784b45f8905de7f022e/detection

moep123.warzonedns.com

# Reference: https://www.virustotal.com/gui/file/f1f8906bdbdffe1be2f02db42adeb93dc23bac4dbaba91904fce2d3810223c5d/detection

irukdns.warzonedns.com

# Reference: https://www.virustotal.com/gui/file/d1c41d983e4fd40ab80cc8b393d39bb8290836c2793075b9c8fb41f0ce44238d/detection

niftywar2.warzonedns.com

# Reference: https://www.virustotal.com/gui/file/c9f0e613181a2a984e46341992a601596462e80aa9bdee144b27fa2c76b04b74/detection

bc3.warzonedns.com

# Reference: https://www.virustotal.com/gui/file/178d7aba3b04fb8ae4cd50e7e3f8da86565b93f724e2d38acbf9789411e79395/detection

79.134.225.84:6767
steve200.warzonedns.com

# Reference: https://www.virustotal.com/gui/file/eb7b058c625b1306c70d8a76546af054bd769347ca067f5db5e1b0b1c7306298/detection

185.158.115.38:5000

# Reference: https://www.virustotal.com/gui/file/4922d66a76f44ddb8fef492d8ba36d40c57c9e6fd40e1df87a0c9ca135b76da7/detection

185.158.115.38:5001

# Reference: https://www.virustotal.com/gui/file/b250bb73821f32afff2287989bbb61b5470efdc3d14fa1006bea3602da8b3328/detection

185.158.115.38:5002

# Reference: https://www.joesandbox.com/analysis/373731/0/html

185.158.115.38:5004

# Reference: https://otx.alienvault.com/pulse/605c7c79a457812f750a15cc

0e19yo.grinchim.ru
5sis5z2.grinchim.ru
d.kaunieni.ru
hz.tudara.ru
rgc1.grinchim.ru
ynoil.asubeshi.ru

# Reference: https://www.virustotal.com/gui/file/e5ed9e5b1976279f51d9c47d275ad01143b62e23c83692981c74c367a34e0b25/detection
# Reference: https://www.virustotal.com/gui/file/e058733307afcc2954f7ae1e98d25d6778dee869fdd92355b0117a783648a690/detection

185.140.53.7:2012
185.140.53.7:7171
greatful111.ddns.net

# Reference: https://www.virustotal.com/gui/file/a1efb13491a849b91ae8ddea21fe86f42b725c3f89bd5d4abf57adbaf03c7fee/detection

193.161.193.99:24405
actcoolbro-24405.portmap.host

# Reference: https://app.any.run/tasks/8ec193ba-d31d-4aa6-a3da-aec198ece841/

52.14.18.129:11797

# Reference: https://www.virustotal.com/gui/file/25b789678cb803bcb9ce9f1b7a375846812a83c89d9d4ff8abe1b90a8aa54a47/detection

45.15.143.140:5200
creeping123.ddns.net

# Reference: https://www.virustotal.com/gui/file/85adbdc2d0f35bf0a922251edd55f4a44d6aee52f2945eb71177a73a88a86fef/detection

demco.hopto.org

# Reference: https://twitter.com/Racco42/status/1380048908391448585
# Reference: https://app.any.run/tasks/05c3497d-fee9-4a3c-98ea-0a6dd6d048c0/

79.134.225.118:2405
osisego.ddns.net

# Reference: https://www.virustotal.com/gui/file/9fad68bbaba3bcd69e3b8100eb5c035ea2caf59e0f9115e36667a62b2dce84bb/detection

194.5.97.173:10001
remcosagent.com
1.remcosagent.com

# Reference: https://www.virustotal.com/gui/file/60716f52814e9b88c1c69b16058ed783a6ca59b125b34c7f0af0e87a8e05c546/detection
# Reference: https://www.virustotal.com/gui/file/a52615bd2b0c2fd4d1070030206c07fee192d00b7c307b4bf9babcc53dd38bd4/detection
# Reference: https://www.virustotal.com/gui/file/1bd08a5a9fa260ba34749b97d3a31d9de432f7fe74abc51ddbc7cdeab16ecbd4/detection

194.5.97.173:10004
23.105.131.188:10004
45.90.222.101:10004
1.ispnano.dns-cloud.net

# Reference: https://www.virustotal.com/gui/file/40ce7df3b4b481626b5082a1516631b05530819fb9ba434028103474ad959ab0/detection

185.140.53.9:8905
zubby2468.hopto.org

# Reference: https://otx.alienvault.com/pulse/60855af69ecf01b490310da4

brainy-example.auto.playit.gg
pleasant-ant.auto.playit.gg
tasty-comfort.auto.playit.gg
johanvargas97832.duckdns.org

# Reference: https://www.virustotal.com/gui/file/40043c77c684191274bbf6d72c932ffb34f55b09033f631fdf9abe106349d637/detection

poiarmex247.ddns.net

# Reference: https://www.virustotal.com/gui/file/3253409d3bc8d987a390ca661d46c81e7f4b98636867d1b323de10e3f0e54784/detection
# Reference: https://www.virustotal.com/gui/file/936f3a9ae7a98440c6a63c0efcd91c145dbbc665773c69c7404c56de2495db9e/detection
# Reference: https://www.virustotal.com/gui/file/841c9a9df354e8e904f06a41a3ad5a9fc63213bd0070f9cf2b3f1ed07f036abc/detection

194.5.99.25:9950
197.210.29.184:9950
91.192.100.4:9950
kzi.ddns.net

# Reference: https://www.virustotal.com/gui/file/6d9f887bef0ec963729f0484a302b846d0cb024cf861d16f99f0ea21d02614a7/detection

108.170.13.104:1144
jaxfriend.publicvm.com

# Reference: https://www.virustotal.com/gui/file/7364b6f75f48db8f3a34910e562dc12ad06b1dbed250606383b86d7e1b083293/detection

191.101.22.150:1313
204.11.56.48:1300
youtube.proxy8080.com

# Reference: https://www.virustotal.com/gui/file/a8284b3545fbef308d3c11d3d1d4547521a662e521363f32519a71279946839a/detection

drkao2.publicvm.com

# Reference: https://www.virustotal.com/gui/file/6e889790fc403f49ed9e7537fbf1573d7d835c66a8937c134b1e2d2f58b2d70d/detection
# Reference: https://www.virustotal.com/gui/file/4c9428c3afaec204fde3cd2ae46cc7f4db5501c28dc52ea2d72b64e5f063d1d0/detection
# Reference: https://www.virustotal.com/gui/file/4b3b08c356b54f95bca518bd5c12ec1ec0cd32fbfac860f5a1a1a8e36da66c26/detection
# Reference: https://www.virustotal.com/gui/file/9293ff8bf51a6345a7bf3600fa9a8734b2184ac9c68ec534e382197bcfee2755/detection

107.173.140.145:500
41.102.107.65:500
41.102.126.56:500
41.102.222.13:500
41.103.179.251:100
jessads14.publicvm.com

# Reference: https://www.virustotal.com/gui/file/9af05c1cb783bb50a2f280fd22bdc4a8b5160488afc7093a383e6e60cac4d90e/detection
# Reference: https://www.virustotal.com/gui/file/bbceef2cd8724fc87db474357e3e08d064ae4211ec9d7bc8367720794c867bd6/detection

79.134.225.50:83
nassiru1166.webhop.me
weloveplayinggames.servegame.com

# Reference: https://www.virustotal.com/gui/file/6b0eea8aa1f1b8232bb5be47b581d06030fd457a3e92654f949ca8dd474b4bae/detection

194.5.97.16:3866
blessmegod.ddns.net

# Reference: https://www.virustotal.com/gui/file/57c784d345d5da29536127681d5831917418835f23021ba2797a36c2d970ed22/detection

185.202.175.208:54604
salonirang.duckdns.org

# Reference: https://blog.talosintelligence.com/2021/04/threat-roundup-0423-0430.html (# Win.Dropper.Remcos-9855176-0)

urchamadi.ddns.net

# Reference: https://www.virustotal.com/gui/file/b80bd7a65be99417565de85e074fca3ee71c3d065bdfbce60bd38772883d1c8f/detection
# Reference: https://www.virustotal.com/gui/file/bbf876e3bcfddf50eb4eeb30a318061f8f882cc37f9a3ac0ebca8fde5ac7c8b5/detection

172.111.192.30:5100
172.111.192.30:5101
tangaza.ddns.net

# Reference: https://www.virustotal.com/gui/file/fa42adf2a52de72f3332a57e26d420aa900d4e37cb074defc96b0fb2e91cc8bb/detection

193.176.87.173:5556
sfilm.ddns.net

# Reference: https://www.virustotal.com/gui/file/56fe55a19838b565147a2cb69b67c400d82dcfe628e7945094a85b0ca433cdbd/detection

5.133.11.56:1843
link2.hopto.org

# Reference: https://www.virustotal.com/gui/file/526a55fde827d3e610e4e63553f3aa104debba5c7ab27c209b2c3135a58e0b6e/detection

194.5.98.168:1181
wassimaldo.hopto.org

# Reference: https://www.virustotal.com/gui/file/96e975e9e509e40c6b069f4fe4ef338ddaa76472a30e3115374d5ae3b25c7616/detection

45.137.22.107:5888

# Reference: https://www.virustotal.com/gui/file/4c6f0e6133b1b9d709c39c94d3e51facc2f840c550fbf900ceb2cd2d67d8d0c3/detection
# Reference: https://www.virustotal.com/gui/file/af4c8495dd4f20c61cd4e12e3eba996da63965245c781a06cfb03cc2a6ecf4b9/detection

185.244.30.118:7255
192.169.69.25:7255
money4life.duckdns.org

# Reference: https://www.virustotal.com/gui/file/fe719ecb5f04ed964bd5fdecc2085bdb1518358c65d12462fcddb66a6015740d/detection

23.105.131.201:2021
igatyou.mywire.org

# Reference: https://www.virustotal.com/gui/file/25e031c016e316abfdc7fcd4125a0f1e018864369d56b55429aaca841e2b4e49/detection
# Reference: https://www.virustotal.com/gui/file/77f3963993f7fd03fa8722eddb591e2dd348eaea7f9f04cca095f1cd13ae52d0/detection
# Reference: https://www.virustotal.com/gui/file/576148808d739c615fe9d015588bd767467a504d0272abfb4c7475ab758e9177/detection
# Reference: https://www.virustotal.com/gui/file/1fdbad9bf3d6647702d79ea8d13de188be6c9c290c7b0349a476f218d3f10428/detection

185.140.53.19:5149
185.244.30.87:5149
194.5.98.58:5149
45.156.31.56:5149
noapology.myq-see.com

# Reference: https://www.virustotal.com/gui/file/a17bc1d444f1da0570f4a2eb986b582b13603e8d48c5ff285bc30640e4fed9b8/detection

79.134.225.18:5749
zabdy.myq-see.com

# Reference: https://www.virustotal.com/gui/file/d32d689d49f6978dfb2855d35e42a4fecfb34dce218d6b87ef2752d7a501fddd/detection

89.160.26.37:8811

# Reference: https://www.virustotal.com/gui/file/8d2bdeec509458f3b1734e4f63bc29c679ea66214e42fabc5b4f83453a96bc56/detection

181.141.13.58:1717
gabriel64.duckdns.org

# Reference: https://www.virustotal.com/gui/file/2e81ce0a08b7e6ad6210b1068d6583628d8ebb11d93ce4f1b424fede249a39df/detection

45.144.225.94:4145
brownfilleds.duckdns.org
ghytrty.duckdns.org

# Reference: https://www.virustotal.com/gui/file/c841bc4893813d54a5b6d044bafa4d50bc508a8d0ff0eafa1f395cd1db98ee6e/detection

45.144.225.94:6553
aaeeerbbbeee.duckdns.org
fieldsdegreenf.duckdns.org

# Reference: https://otx.alienvault.com/pulse/60a80e420ee6b40903ac9f67
# Reference: https://www.virustotal.com/gui/file/70a7510210a1e2316407273b03185c5bdf293f37f25d74e72e9efcfbe3730205/detection
# Reference: https://www.virustotal.com/gui/file/ac72c88ac869b33d667fe46ba26647c6faba1629ccd9f4d4b9dc7bbbb05755aa/detection
# Reference: https://www.virustotal.com/gui/file/d8a77ade2160a14931640aa5117db27d70755cb53465a036e03770216d661b90/detection
# Reference: https://www.virustotal.com/gui/file/e0bd17f8c8cc6a994c6b22b21a781d3c52c42e0b5bf5fa39aef843254baab035/detection
# Reference: https://www.virustotal.com/gui/file/7513d01b0a6429c8fa0313ad11d546ecbd7d4ac4ae4c660901bfe113b641c266/detection
# Reference: https://www.virustotal.com/gui/file/73525db851cd3b329df6fc009e0a478f21655947188fccfb0b0f56558a9b56f5/detection
# Reference: https://www.virustotal.com/gui/file/bc2de67edc62f73bc31759317d846a3e3fdc9a74624b52cc51ddbe1008c01a91/detection
# Reference: https://www.virustotal.com/gui/file/219d8dc53843abf0fca983501c395c9dd5a188de9bfd2a4077112f357154b5c8/detection

37.1.206.16:5656
37.1.206.16:5757
37.1.206.16:6161
37.1.206.16:7071
37.1.206.16:7272
37.1.206.16:7474
37.1.206.16:7575
37.1.206.16:7676

# Reference: https://www.virustotal.com/gui/file/9df7d15ccf6f6fa896936b3a1547aa0a862ebc735551cbcd41aa7813efd9a585/detection

142.44.161.51:2065
91.193.75.136:2065
kingmethod.duckdns.org

# Reference: https://www.virustotal.com/gui/file/9c873107151e9c3ef157e81665f402ebeaea2c73638e6d2d66c4ccaf549b6d8c/detection

147.124.219.204:3303

# Reference: https://www.virustotal.com/gui/file/649be52b6b0d362efcfc6f1dd79a6b8fbcf85eb2b68f0138f87b6e1cc7e5a418/detection

31.214.157.40:1312

# Reference: https://otx.alienvault.com/pulse/60b773ef50d74a062977cfbe
# Reference: https://www.virustotal.com/gui/file/a52ef1b90c14bc6cb890c0c7710e3988310fdfe3a0b29887d39bdab8b6f521fb/detection
# Reference: https://www.virustotal.com/gui/file/0bb724b323436b461068d01ef83c6f06e322a8f6543f6f3c752f864ebd651f09/detection
# Reference: https://www.virustotal.com/gui/file/15f2c8def8807cb5391448f40e71f5871f75195dbb46bc0dfbad7c5978212550/detection
# Reference: https://www.virustotal.com/gui/file/9f110e4425fb423e422fae6f90e17f6c3420fb5a94da388204017780c952fc42/detection
# Reference: https://www.virustotal.com/gui/file/424e0801ba42dbae1f4b2e9669c8a628168ceaff00dfe9ef1417093477bea9ac/detection

116.203.140.78:2404
162.246.186.170:8199
177.255.91.0:8199
arangojuancarlos45.duckdns.org
mexch.ddnsking.com

# Reference: https://twitter.com/_CPResearch_/status/1400467814117478404

hncbeyghfsbvcuabgsbncvzgaioiuyegdbhabbbw.ydns.eu

# Reference: https://www.virustotal.com/gui/file/8e8e7ed17c0cc7d20256d8ca0b3288e8c0d9499ec097fb8ebfa9a20c8fcecca1/detection

105.112.38.206:1181
oxbornl211.hopto.org

# Reference: https://twitter.com/phage_nz/status/1404992038030897163
# Reference: https://tria.ge/210616-1sgjg7wrga/

79.134.225.106:2050
collectionsdpt.me
eter101.dvrlists.com

# Reference: https://tria.ge/210615-dswhaekpxn

194.5.98.147:12489
killedifabused1.xyz
top.killedifabused1.xyz

# Reference: https://twitter.com/Circuitous__/status/1407099611030900737
# Reference: https://app.any.run/tasks/20920674-4a35-45bb-a113-9831bce57e28/

185.19.85.134:6666

# Reference: https://twitter.com/petrovic082/status/1407102524478431233
# Reference: https://app.any.run/tasks/995d8193-ec44-468d-b25d-dcfd8d528218/

192.3.146.165:3543

# Reference: https://www.virustotal.com/gui/file/f709da4edb2f6bfbac3267a9b28e58191fd2d47e14efd09819b900670828dbf5/detection

191.88.249.118:9803
dominoduck2116.duckdns.org

# Reference: https://twitter.com/petrovic082/status/1408502242320302086

alonso.luda.ydns.eu

# Reference: https://twitter.com/pmmkowalczyk/status/1412756604362149895
# Reference: https://www.virustotal.com/gui/file/dc06bb2257a6c4b556fb02ea5741c4cf6ddbe47a08d3308f7dd87b5ac23baed7/detection

194.5.98.195:2098
mrplayplay009.ddns.net
mypayday0091.duckdns.org

# Reference: https://www.virustotal.com/gui/file/8578bda62e4c8d883e6a75a13cefa9c465a860f05f1f0c54d95314b44d7e01da/detection
# Reference: https://www.virustotal.com/gui/file/f18df8366f69c337b373482151cf5732c7155b55b88db0f78fdc511ab4992f5f/detection

185.244.29.132:2130
185.244.30.4:2130
194.5.97.26:2130
23.105.131.132:2130
91.193.75.131:2130
cashoutooooh.ddns.net

# Reference: https://www.virustotal.com/gui/file/5c519e625e4132e5806da10504cda9e2fc92dad8d27edb7109ad036965ef4200/detection

181.141.3.23:1616
madryurs22.duckdns.org

# Reference: https://www.virustotal.com/gui/file/d380178c93ba5b323f915df1d3f0ab7953630bdd502b699093874cae4b581d40/detection

191.88.249.118:9804
dominoduck2117.duckdns.org

# Reference: https://blog.malwarebytes.com/threat-analysis/2021/07/remcos-rat-delivered-via-visual-basic/

185.19.85.168:8888
randyphoenix.hopto.org
tippet.duckdns.org

# Reference: https://otx.alienvault.com/pulse/60fd537344fd67bcd96f659f
# Reference: https://www.virustotal.com/gui/file/384ac24ef5f4566364596166c5c90b3cc17b4d55679ee359439d395e51015e54/detection

45.155.173.48:30755
xcrew1991.kozow.com

# Reference: https://otx.alienvault.com/pulse/61029970bf4dd605cb62ec4d

duck50501.hopto.org
fosterpapi.dvrlists.com
plantaincutter1809.ddns.net

# Reference: https://www.virustotal.com/gui/file/0b95c91f6e73b5c87727bba93de2f435e6695ad884b9faa932df5cb3357e0d47/detection
# Reference: https://www.virustotal.com/gui/file/33b1629dc01123f78d568c7638f33ca6619834daad9866f666c00062920b13da/detection
# Reference: https://www.virustotal.com/gui/file/a9fdfe935ff4adda29a2302a61368d2168f534b18a790a48b2bb00212ce65656/detection

141.98.102.243:41078
185.189.112.27:8618
213.152.187.215:41078
twistednerd.dvrlists.com

# Reference: https://twitter.com/petrovic082/status/1422131119542185987

ibotool.com/Kuhfcgvxvdmngzrvwucoqaisbrmnaqvahk.exe

# Reference: https://www.virustotal.com/gui/file/f77ee1da37991ac453867f3ec63c1e0d18f139d6585c5158fc92b78aa4f07b02/detection

79.134.225.95:6060
kashbilly2.ddns.net

# Reference: https://www.virustotal.com/gui/file/239d05f508f2055daa1e4bf62f465f3ccbe7104fcb3c98504630d40d37466e02/detection

79.134.225.95:5050
kashbilly.ddns.net

# Reference: https://www.virustotal.com/gui/file/44e5e569ffc3aaafaa238edb4371abdeb03f449f64b230b6deccb19c2ea56a46/detection

45.137.22.101:5888

# Reference: https://www.virustotal.com/gui/file/e7f428e6ab2a008daad896a354a1544d76993b88587b9ac77cb52df09ee7364a/detection

45.137.22.101:8787

# Reference: https://www.virustotal.com/gui/file/a10a6b45a930f2de06af77ac304a249af70978bb3346bc1bd64ca556d0856bb8/detection

194.5.97.183:8888

# Reference: https://www.virustotal.com/gui/file/28195c5efb0785a7e261e8ea1a3d76ecac4c1639e7df6d9b9309e436437547b8/detection
# Reference: https://www.virustotal.com/gui/file/84638535fc6db5df3d5029b7417810c3d70fa83c6f9a380df0066db5f5955c51/detection
# Reference: https://www.virustotal.com/gui/file/1c33eed32ee64e2abbc1b66486b46f93b5ca61d42e384d3dd49810c73f48147f/detection

185.19.85.133:8231
185.19.85.133:7735
79.134.225.76:8898
typejimbo.ddns.net

# Reference: https://www.virustotal.com/gui/file/e6a3c1c7df2e3310ec079de07f3b5a6d2d1fe95a607ab15405f92a43d26e97cd/detection

135.181.17.47:4783

# Reference: https://twitter.com/Racco42/status/1422922614348165122

194.5.98.7:3759
june248.ddns.net

# Reference: https://www.virustotal.com/gui/file/274f593f9355f88c70b5cfa1514c7f450761e26d2b8cda5c2a5055173be937ac/detection

194.29.101.219:42022

# Reference: https://www.virustotal.com/gui/file/2171810fe0b26c614280e7d94577eb1ffb589b5e0a053b46f014d813fca4baca/detection
# Reference: https://www.virustotal.com/gui/file/7026331983c26573b4f9c17b3aa3f83c6f80256eabe5cdb812499d6c13831286/detection

79.134.225.109:4202
79.134.225.109:6005
damuztech.com

# Reference: https://www.virustotal.com/gui/file/d8fa4fc5f326fb18e73af1a0fff52453eb7244ae53d8e236579fe43e8c11fa2a/detection

51.68.170.39:5551
dd90.phatbois.biz

# Reference: https://www.virustotal.com/gui/file/734d4eb7d217d43cf71f0ab2cb9a9866da75ae3fae5368a94ab74ad32b2e2f87/detection

cicada3310.phatbois.biz

# Reference: https://www.virustotal.com/gui/file/b888c007a3c361a462f736cb14ad487a96d4a0b09b4d7ffce2cb47546810e22f/detection

181.57.221.10:4850 
54.72.130.67:4850
infomevi.100chickens.biz
mundoinc.phatbois.biz
publicidad.100chickens.me
sexyhost.madinson.club
thastk.grupoexito18.online

# Reference: https://www.virustotal.com/gui/file/44db2df3f3bb2525bc7d36ea6d15cc0f457791c4b9d957f6835ce6facbecfffb/detection

79.134.225.109:1759
defias3343.ddns.net

# Reference: https://www.virustotal.com/gui/file/0d2b945884ac6edf81b42d5d74fbaacc95453d05cb4497b70555067cc16834aa/detection

185.140.53.8:6397
ventasmayorista.ddns.net

# Reference: https://twitter.com/JAMESWT_MHT/status/1435499213845147648
# Reference: https://tria.ge/210908-g6n7mshbap

204.44.86.179:49151
123qwegus.duckdns.org

# Reference: https://twitter.com/JAMESWT_MHT/status/1438728921944666113
# Reference: https://www.virustotal.com/gui/file/c865520d5f85982cd38ed5cb6ced866e69b8b133bedf008f2237ca6b7024de6f/detection

204.44.86.179:49151
123qwegus.duckdns.org

# Reference: https://www.virustotal.com/gui/file/c1c4626b824597dd40d841d91258029fb26f4075ebd6c4437a209c53426ff4d7/detection

195.133.40.125:2404
nan.ydns.eu

# Reference: https://www.virustotal.com/gui/file/18e7778ca7011e78b0c8bcf8e4c72d7c7ee26bbe4ea30d4003c799cb5740fa40/detection
# Reference: https://www.virustotal.com/gui/file/2a51f81fe3b66e5d065e15fccc4c0e767a01ceafcee23d8ab66c04c48b9bc8f9/detection

185.140.53.130:6642
185.244.30.19:6642
manneedmoney.ddns.net

# Reference: https://twitter.com/peterkruse/status/1440593007376416774

sonofgrace.ddns.net

# Reference: https://twitter.com/Racco42/status/1446163693507579916
# Reference: https://tria.ge/210907-lwm9taccf3

212.192.246.191:2310
Officialsw.chickenkiller.com
hurricane.ydns.eu
official.ydns.eu

# Reference: https://www.virustotal.com/gui/file/be6a62531303bf8b02db40d9e0215cab0bce1f27e8468384656df2d765353f25/detection

194.5.97.16:4479
wealthgod456.ddns.net

# Reference: https://www.virustotal.com/gui/file/f0cb4cbb5ee6badf310de6b82b7d5b469e2d5126bc417dc0791f74f502e70c92/detection
# Reference: https://www.virustotal.com/gui/file/b60594a558a504fe8cfdb49b563ba69a4b055a5a3bbd30d108f39865becf53d6/detection

103.1.184.108:3365
103.1.184.108:46594
45.61.49.107:46594
ndu.testfood.ml

# Reference: https://www.virustotal.com/gui/file/c9fad97fbc7d306ae0a8b6ba457d295786934e6580b279e40ab2ca7ad5bd818c/detection

194.147.140.17:6041
mirroronthewall.hopto.org

# Reference: https://www.virustotal.com/gui/file/5a9a65eda5013bb8b73ac76236ce34bef1e5f3a78efb328abeb452c131b93fc1/detection

markaug.ddns.net

# Reference: https://www.virustotal.com/gui/file/2f9a0a3e221a74f1829eb643c472c3cc81ddf2dc0bed6eb2795b4f5c0d444bc9/detection

185.244.26.201:2405
mychi.hopto.org

# Reference: https://blog.talosintelligence.com/2021/08/threat-roundup-0813-0820.html (# Win.Dropper.Remcos-9885489-0)

freelife.hopto.org
freelife1.hopto.org
freelife2.hopto.org
freelife01.hopto.org
freelife3.hopto.org
freelife4.hopto.org
freelife5.hopto.org
pentester01.duckdns.org
sinzu1.camdvr.org
thankyoulord4real.ddns.net

# Reference: https://www.virustotal.com/gui/file/2435ea27d49ac33d5edffc4cffdc9a91bfaa21fcffc9e695ba13ff4158a5c502/detection

mmiri1.ddns.net

# Reference: https://www.virustotal.com/gui/file/8a1308e82ca707444939e3c946b0830859ff63b08c0fa3a5c37e8c5481c71fb9/detection

37.0.11.231:6932
kingsley1124.bounceme.net

# Reference: https://www.virustotal.com/gui/file/5bf0ade6b571ef4341d48d1e795daebce85d24969ca082e9a7b0d45c863bc787/detection

185.19.85.139:24007
cfo11.camdvr.org
cfo11.dynu.net
gpaul9178.ddns.net
gpaul9178.hopto.org

# Reference: https://www.virustotal.com/gui/file/7ca71e9c5e42d6cf04d0d14011e6c94147628d4bbbe758c241a8d7279cf59bd3/detection
# Reference: https://www.virustotal.com/gui/file/fa66310d09441ef074ebec4df91a8210a710a44c5ddb7d7040a1aabce1679f59/detection
# Reference: https://www.virustotal.com/gui/file/8bec6a9b8df3b417e9e9857a7989722b7aadd5db806ee428e3b772185605a9dd/detection

104.243.251.163:1707
172.94.103.58:1707
45.74.35.194:1707
45.74.35.61:1707
mrbigs.hopto.org

# Reference: https://twitter.com/pr0xylife/status/1468228012269355015
# Reference: https://www.virustotal.com/gui/file/1814342a47e6ea264ef34d80e36d9363a83d4a2d09a6eaf8fb2759f59697dd74/detection
# Reference: https://www.virustotal.com/gui/file/ef6a74a99e6f3945eda8bd082a0adbcc2df584aff03838ed1b5face974a4a6b7/detection
# Reference: https://www.virustotal.com/gui/file/60532512eccc2ead7f39fa3eed5d22e10375f1a3177ddf3bcdc1db06740146b9/detection

185.157.161.174:1975
185.157.161.174:53030
185.157.161.174:9090
hotmarzz.eu

# Reference: https://otx.alienvault.com/pulse/61b4940461d3f7f1b900cf62
# Reference: https://www.virustotal.com/gui/file/791f5d4b43f59f51f06c67ae979f371c15d302125d2211528e9b7c2926e1b431/detection

178.238.8.177:32095
kent0mushinec0n3t.casacam.net

# Reference: https://twitter.com/pr0xylife/status/1447556826451611649
# Reference: https://www.virustotal.com/gui/file/bf6251175fb2a5ae101238d7dc36f284235d68d64384a65c385956b183985a70/detection

184.75.221.171:5119
185.103.96.143:5119
185.104.184.43:5119
199.249.230.27:5119
213.152.162.181:5119

# Reference: https://www.virustotal.com/gui/file/39539756528b3c4add76725c5b686460fb936cc890a76f60603e81a78219a0ec/detection

scream.ddns.net

# Reference: https://www.virustotal.com/gui/file/7e9b81278965632f7c3dca8877fc074fb8747cce3468ffdb5cc5bfe056c9336b/detection

http://194.85.248.219
216.250.97.121:1025
divinecryn2021.nerdpol.ovh
/token_gn65gy.txt

# Reference: https://otx.alienvault.com/pulse/61d1950b8eab0b4e59ac29a7
# Reference: https://www.virustotal.com/gui/file/dd05f19aebc70bca6d6acd3f4018a8b7da6fdca6b6fe88d76e633ec228080a1d/detection
# Reference: https://www.virustotal.com/gui/file/bc4fa81780292b761443a2d5aeb14975fe3f5b713310e5e38867b5e2741cb044/detection
# Reference: https://www.virustotal.com/gui/file/53e5013bf8fb9f6958aceefd4a542f15a25c02d185d1a0964068e88ed3853bfc/detection

152.89.162.59:2404
193.161.193.99:24403
20.106.94.110:2404
20.110.185.77:2404
dynasty1.ddns.net
dynasty2.ddns.net
dynasty3.ddns.net
gene.ddnsgeek.com
generem.hopto.org
generem1.hopto.org
henderson.camdvr.org
henderson1.camdvr.org
hendersonk.hopto.org
hendersonk1.hopto.org
xotic69-24403.portmap.host

https://otx.alienvault.com/pulse/61d0437832aa76dcc2167235
# Reference: https://www.virustotal.com/gui/file/5ea1922e49e15289a0cf38d03742ca50da001d40df0dd0df8ff745453b1fd51d/detection
# Reference: https://www.virustotal.com/gui/file/99dd413a8dd8cabbc22b5ddf6c1bc057a1bb2957ea7e9b952a68f198f2d06e99/detection
# Reference: https://www.virustotal.com/gui/file/edbb7af2f834817e6abc370701371e360567fd46d4a63a23f138212432a2d401/detection

176.186.212.241:2404
199.195.253.181:48656
2.56.56.2:2404

# Reference: https://blog.talosintelligence.com/2021/09/threat-roundup-0910-0917.html (# Win.Dropper.Remcos-9892963-1)

mgc001.hopto.org
mgc0147.hopto.org
mgc007.ddns.net

# Reference: https://blog.talosintelligence.com/2021/09/threat-roundup-0917-0924.html (# Win.Dropper.Remcos-9894274-0)

obinwa.ddns.net

# Reference: https://gist.github.com/silence-is-best/e2af8aa61000e4b740934331291c619b
# Reference: https://www.virustotal.com/gui/file/8bd0820c812a195244553470e5ca299bfb863244040852981e2e937bb78dedbf/detection

trapboijiggy.dvrlists.com

# Reference: https://www.virustotal.com/gui/file/80b5832b3cfb5142bfa2d3a34c0c8e5b77ec519aee7d6e0361b750df17057d7c/detection

79.134.225.119:2404

# Reference: https://www.virustotal.com/gui/file/fe47a56654e3bf83e05578c422202548ec194af30edee1338d1a3d1f4c7bb7a1/detection

185.244.29.216:4050

# Reference: https://www.virustotal.com/gui/file/8dcebb614aab265875408dd5226c8b6cfdf5d68caba830744d827fda81529c16/detection

185.140.53.37:1900

# Reference: https://blog.talosintelligence.com/2021/10/threat-roundup-1015-1022.html (# Win.Dropper.Remcos-9903276-0)

hwzpgovt.nsupdate.info
remman1.ddns.net
remman2.ddns.net

# Reference: https://blog.talosintelligence.com/2021/10/threat-roundup-1022-1029.html (# Win.Dropper.Remcos-9903810-0)

fdsfsga.ru
fdsdfgdfgdf.ru
okugbawaha.icu
nickdns123.duckdns.org

# Reference: https://www.virustotal.com/gui/file/86c58706bb8e8602ea034ca99b3835a7d82f10714e270c2c3c0972ce567e0293/detection

103.167.85.148:1012
2.56.57.112:1012
xp18.ddns.net

# Reference: https://www.virustotal.com/gui/file/a6d7f2c76e49ea8e18f7768aeec228514a2e346a843a0a454e799014018acbb7/detection

2.56.57.112:1996
xp19.ddns.net

# Reference: https://otx.alienvault.com/pulse/61d97dfc3437895ce4479b58

lot0s.ddns.net
shiestynerd.dvrlists.com

# Reference: https://www.virustotal.com/gui/file/4d5e431a79433ce5d8a7ace14564c4e645888fd821007c041793e7b3f8deb953/detection

217.131.82.22:35890
emedoo.ddns.net

# Reference: https://www.virustotal.com/gui/file/d9dba72f5ed7e52ea12d6c30826cd468a4285058c8cd6e87af1ec36c6ad24b3a/detection

rattim.ddnsking.com
rempower45.warzonedns.com
securefbi.ddns.net

# Reference: https://blog.talosintelligence.com/2021/11/threat-roundup-1112-1119.html (# Win.Trojan.Remcos-9909797-0)

hdgavzxcniopkjhsvcbnxmnzvqaswyiokdseacbu.ydns.eu
rhbavzcmkopdhunbsgwtfcvzcxgjhyegvbcnmgte.ydns.eu

# Reference: https://www.virustotal.com/gui/file/85648195f2224ec1ad0531e85ae3128ef57d59b408edbfb5a3c817812960429a/detection

79.134.225.77:3457
mateking3888.linkpc.net

# Reference: https://twitter.com/JAMESWT_MHT/status/1481146363496865793
# Reference: https://www.virustotal.com/gui/file/04bb50786dcd75cc530486e6e306d6d9f982d2f0519a7c62c7c544b6fb9967c0/detection

91.193.75.224:2142

# Reference: https://www.virustotal.com/gui/file/a3a67c8e9cea416eac9ff526588d49b8d52e2d69b3e601190e572dfe2c0b3483/detection

13.77.222.211:7828
20.196.222.122:7828
wz303811.duckdns.org

# Reference: https://www.virustotal.com/gui/file/b9c0b6dd76212644b551d5b8ea745b3f14f6c92365e767836382a4c8ea54906b/detection

tochmini.mooo.com

# Reference: https://www.virustotal.com/gui/file/d407be0656a3b89dd4d6789df741efceeaaf7b756e10e7be13d2c5efb1dce9e9/detection

doggydoc.mooo.com

# Reference: https://www.virustotal.com/gui/file/856abd55c2d6a761dc2e335ab73e44853653c5a5403034291e8bb463d1b0133e/detection

leavemylinkpls.mooo.com

# Reference: https://twitter.com/petrovic082/status/1483798599238656003
# Reference: https://app.any.run/tasks/138451ce-f933-4045-b8da-4c39a6ac826e/

193.161.193.99:35767
193.161.193.99:36189
193.161.193.99:45369
193.161.193.99:50443
cloverbeats-35767.portmap.io
DarkVader94-36189.portmap.host
lanzopunch-45369.portmap.host
ZeldorisPiety-50433.portmap.host

# Reference: https://twitter.com/petrovic082/status/1484252860879618057
# Reference: https://app.any.run/tasks/ade09391-8ece-4e8b-bfff-bbf554f907e3/

103.231.91.59:39207
saptransmissions.dvrlists.com

# Reference: https://www.virustotal.com/gui/file/c4ca06766b0b2f5a7aeb24aa39d3b3695bcbe94b96a506dd9950e795064d875c/detection

5.2.68.94:6080
amarkilopaccasa.info

# Reference: https://twitter.com/milannshrestga/status/1489299227381727232
# Reference: https://twitter.com/ffforward/status/1489515500363259905
# Reference: https://www.virustotal.com/gui/ip-address/185.212.130.218/relations

avalaunch-app.com
diviprojects.com
pancakeswaps.fund

# Reference: https://twitter.com/milannshrestga/status/1489510860049752067

server-storage-dwl.com

# Reference: https://twitter.com/ffforward/status/1489522013454671876
# Reference: https://tria.ge/220204-kcm92afhcr/behavioral1

157.90.1.54:4783

# Reference: https://twitter.com/dubstard/status/1489527460458811392

sushi-v3.app

# Reference: https://twitter.com/ffforward/status/1491120270866006017
# Reference: https://www.virustotal.com/gui/ip-address/64.42.179.67/relations

nobullshyt1.xyz
nobullshyt2.xyz
sub.nobullshyt2.xyz
top.nobullshyt1.xyz

# Reference: https://www.virustotal.com/gui/file/3de5e117f449ed7422118dd4325d8ed9a75eb928f15d4f66f54d03b491125be2/detection

134.19.179.179:13293
198.12.105.44:48242
198.12.105.44:48243

# Reference: https://twitter.com/reecdeep/status/1491738743723733000

79.134.225.121:1200

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-02-10%20Remcos%20IOCs

194.5.98.156:10174

# Reference: https://www.virustotal.com/gui/file/843e4aea82147be3450a58c9ccbd518a89b33f1687e2544d3f2c39be4e48e358/detection

167.71.56.116:22494

# Reference: https://www.virustotal.com/gui/file/eaea1ea1cae4ddbf919993f52eb7646b11146769cc3d4965477ab668f3be46f2/detection

206.189.80.59:22380

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2021-08-17%20Remcos%20IOCs

91.92.120.140:4973
govdouglas.ydns.eu

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2021-08-19%20Remcos%20RAT%20IOCs

194.5.98.207:691
freightmgmt.duckdns.org

# Reference: https://app.any.run/tasks/d4a9cdfa-6961-4622-aaa9-418c9d4c2c10/

62.102.148.152:8618
twistednerd.dvrlists.com

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2021-10-12%20Remcos%20IOCs

lplazadtemins.duckdns.org

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2021-11-04%20Remcos%20IOCs

23.105.131.222:2040
moneyrem.cc.dvrlists.com

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2021-12-06%20Remcos%20IOCs

185.19.85.155:119
following.dvrlists.com

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2021-12-15%20Remcos%20IOCs

104.254.90.235:54614

# Reference:https://github.com/executemalware/Malware-IOCs/blob/main/2021-12-16%20Remcos%20RAT%20IOCs

104.254.90.251:54614

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-01-05%20Remcos%20IOCs

79.134.225.79:10174

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-01-12%20Remcos%20IOCs

185.19.85.169:2050

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-01-19%20Remcos%20IOCs

194.5.98.156:47893
gherbo.dvrlists.com

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-02-01%20Remcos%202%20IOCs

191.101.130.129:2050
eter103.dvrlists.com

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-02-01%20Remcos%20IOCs

2.58.47.203:39207
saptransmissions.dvrlists.com

# Reference: https://www.virustotal.com/gui/file/f5fd0bf12d34abb670da1d115e7c842932874f366b22d7f7016a1b56847e8562/detection

199.195.253.181:30040
dextority.ddns.net

# Reference: https://tria.ge/220211-n56hvscfb9/static1

69.174.98.123:49505

# Reference: https://www.virustotal.com/gui/file/d39304eea7c64cacd19e7a86a539d248b620e8e3a169a7ced02b6f54fc9c1fdf/detection
# Reference: https://www.virustotal.com/gui/file/c2e2791ef2c1021d84648d57975dc4cb28c1f0be1f8d46859394ef31340eba56/detection
# Reference: https://www.virustotal.com/gui/file/b61bcb861e27356973e4b41c0e430753ad753fcd898c3375422ec38f7a837b69/detection
# Reference: https://www.virustotal.com/gui/file/600b2251ae4efebfc6e8c882a546ec7f6d86ebebe1e359c88793a83dc778fe01/detection
# Reference: https://www.virustotal.com/gui/file/1549aea6b4b91525d4f3b776335e448b9f8080f300150b31e1f6f7bff634f571/detection

159.148.186.15:3927
159.148.186.19:3927
159.148.186.28:3927
159.148.186.32:3927
46.183.220.203:3927
destinyrem.kozow.com

# Reference: https://www.virustotal.com/gui/file/fa9feaa6941e0f79585ebce2bfff5d59b88df8b22a7d0a90d85ad1d6754048ef/detection

142.11.215.106:2404
secured1.hopto.org
secured2.hopto.org
secured3.hopto.org
sumag.hopto.org
sumav1.hopto.org
sumav2.hopto.org

# Reference: https://www.virustotal.com/gui/file/e53122230df3df822e7e4476d12fe580f5b6a18e793b42703e00fb58e9f2547b/detection

u876134.nsupdate.info
u876135.nsupdate.info
u876136.nsupdate.info
u876137.nsupdate.info

# Reference: https://www.virustotal.com/gui/file/01bbb9d854552376059f89a143d487e714665432c104cdaf9b3f79b5262ace65/detection

217.64.149.78:2404
salford1.ddns.net
salford2.ddns.net
salford3.ddns.net

# Reference: https://www.virustotal.com/gui/file/0042c5d32b87ea97030b99df29c04c179d8ec29be9110eeb7246683bea97694b/detection

37.120.138.222:2404
rem1.camdvr.org
rem16.camdvr.org
rem16.hopto.org
rem166.hopto.org
rem1666.hopto.org
remmusic.freeddns.org
sunwap1.ddns.net

# Reference: https://www.virustotal.com/gui/file/280a8b23bac630e32859fccdeb3dd2eb98990ae94de255d97113aadc6150a693/detection

79.134.225.118:2405
ogidi.ddns.net

# Reference: https://www.virustotal.com/gui/file/128de1f0afc928bcbbcd321202a1704aa25db3950cbaff7da96c5ebfe59620c2/detection

194.5.98.11:691
hawman.cc.dvrlists.com

# Reference: https://www.virustotal.com/gui/file/226d0ea20dccb9f0b091d02ccacaec73b537fc9b61157eff759b74d742d48b00/detection

23.105.131.220:3956
edwardjamie.duckdns.org

# Reference: https://www.virustotal.com/gui/file/164a1de7f4395ede6d18bc0f4a597cb5864897c42d9d5245ab6a79ade67050be/detection

185.86.106.246:9090
palmetto22.ddns.net

# Reference: https://www.virustotal.com/gui/file/29dd2b13f081a0c7f8312c4b4c433ccdcc3b3a83b91a16a88393370dda44f60b/detection

23.94.54.231:3050
eter102.dvrlists.com

# Reference: https://www.virustotal.com/gui/file/f2b2d82456c636e2198b4f59c5fdec27bb86299e1582c872a1a1d92fed6feddc/detection

194.5.98.213:2405
23.105.131.236:2405
79.134.225.118:2405
79.134.225.95:2405
disabel.hopto.org

# Reference: https://otx.alienvault.com/pulse/620e39f7e76aa32ed2070f90

amlls.servegame.com
chujcidodupy1.ddns.net

# Reference: https://tria.ge/220218-j5f6radbep/behavioral1

193.56.29.242:4783

# Reference: https://isc.sans.edu/diary/28354
# Reference: https://www.virustotal.com/gui/file/d710708424046250ccef3424c9c758d1750e4a7a2b18f49862501a06d3febff5/detection

176.218.11.210:4376
176.218.11.210:5267
185.140.53.67:4376
185.140.53.67:5267
194.5.98.127:4376
194.5.98.127:5267
91.193.75.249:4376
91.193.75.249:5267
notme.linkpc.net

# Reference: http://blog.talosintelligence.com/2022/02/threat-roundup-0211-0218.html (# Win.Dropper.Remcos-9938935-0)

febbit1.ddns.net
generem2022.hopto.org
private0091113.duckdns.org
xxxanonymous147.duckdns.org

# Reference: https://www.virustotal.com/gui/file/fb1dddc298eb8e049c053ebc2e1585d7338769af53d60a635c296ad47d559dff/detection

2.56.59.252:1338

# Reference: https://www.virustotal.com/gui/file/3a579576db5f3660a4683f356ff06b3820661c656ed0fa81ee449fdfbd7187b5/detection

2.58.149.114:1338

# Reference: https://www.virustotal.com/gui/file/9adada1eea936515bebe468ee4c1bc040d58ef4f1e4cc09e03c569a4d117e47b/detection

40.71.25.32:1337

# Reference: https://github.com/pr0xylife/RemcosRAT/blob/main/RemcosRAT_07.03.2022.txt
# Reference: https://www.virustotal.com/gui/file/44d963269f8d6e5ec5c15354be28c9078f58eea78943d39eb78c6485dea5065d/detection

79.134.225.9:7838
91.193.75.132:7838
boysgoblow.hopto.org

# Reference: https://www.virustotal.com/gui/file/874bbdc6aaa2bd45e2249e5f728e29055b3c83cd4e91c58d31e685a8a8ee1970/detection

31.167.60.221:5552
mjrm2022.ddns.net

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-03-08%20Remcos_2%20IOCs

79.134.225.48:10174

# Reference: https://www.virustotal.com/gui/file/e72f87a66620c131f1f53fab099f2c8e40ced0a7d314570e5a813e326c43ea64/detection

103.73.64.115:1025
rem2021.nerdpol.ovh

# Reference: https://www.virustotal.com/gui/file/9e4d3c31e6cb0e034025bed1ea265d53c843dfe255129760d907f4718bc79882/detection

185.105.37.136:2404
dofusexploit.sytes.net

# Reference: https://www.virustotal.com/gui/file/a2a55a376e4bcf3772a0311f1063d0398a8f374f95a5ae7d50627fd1185e6f8b/detection

104.215.112.107:2404
hobbyhrs.zapto.org
hobbyhrs1.zapto.org
hobbyhrs2.zapto.org



# Reference: https://www.virustotal.com/gui/file/9395c1e6ca8f59400a742d292ba944d420396fec84d0dcbec9f2e4f0aeff02b0/detection

91.243.44.22:5621

# Reference: https://www.virustotal.com/gui/file/fc91425305ce4217b675c66b6cafa440960bbcc5cbb466d529e1c9b9303cc699/detection

91.243.44.22:5533

# Reference: https://www.virustotal.com/gui/file/e4e72188c2ac639908bc523023366f3b6b9022a800ad399d7c9c66c25264df4c/detection

91.243.44.22:4201

# Reference: https://www.virustotal.com/gui/file/c7abab8ec67577eb3aabc2591c7c284c34fcc1eb0491058220dfe9d4c3c7e9a0/detection

91.243.44.22:3048

# Reference: https://www.virustotal.com/gui/file/c635c1c96ad08183eab3a1515feed9c796c7cbfc0074bc0c5f2bd631ac05403c/detection

91.243.44.22:2954

# Reference: https://www.virustotal.com/gui/file/c41e2f6660e2ac81d7eada76784c03f2a7eeda5abe6a8ccb1dd00013ef1bc5bf/detection

91.243.44.22:2596

# Reference: https://www.virustotal.com/gui/file/b4102aeaa1b388e05f418f6a1d84d972b9079ba8fe68b5eab35359c5abb97d7b/detection

91.243.44.22:3612

# Reference: https://www.virustotal.com/gui/file/b2e4a9f5900fa31bd7daee73fbad3b1e44fa35a75adc768a6f2236d1a8fa400d/detection

91.243.44.22:3628

# Reference: https://www.virustotal.com/gui/file/91715312cd2c862bc26eb9192a03dd061bbfba4f1668030377b99dfb13400a85/detection

91.243.44.22:3785

# Reference: https://www.virustotal.com/gui/file/6c886424408b30c171b78d2b9bfc8b34942a37b4d55f6cc9e89f1697a0c09ebb/detection

91.243.44.22:4128

# Reference: https://www.virustotal.com/gui/file/5634fe55d27efc9de13da86394d7c187d1d3096c79d3e1549daabf9fb4dfc88a/detection

91.243.44.22:4009

# Reference: https://www.virustotal.com/gui/file/5404b2dd7e94c3a0eab6f4712d85651e172d1b984c46bdbbf5aa2ec83c74d9ab/detection

91.243.44.22:4045

# Reference: https://www.virustotal.com/gui/file/53f28e88e0ff9ce047d46ebd3718ceaf4d27e7bb76aa21baef3491a52bff40e9/detection

91.243.44.22:3523

# Reference: https://www.virustotal.com/gui/file/4bca1b86326dc0a328a3d4e65a77dec11d1006351624052e3cb2fe207bfbe74b/detection

91.243.44.22:4041

# Reference: https://www.virustotal.com/gui/file/116b263706dadd499131e81478ab369076fb40f14d0f20d0cbc72045b6971c74/detection

91.243.44.22:3831

# Reference: https://www.virustotal.com/gui/file/006008640cd22a03d8702bfb2a65d2974f5c719e3d05fcd5bf381c12d2537ac7/detection

91.243.44.22:3215
91.243.44.22:3354
91.243.44.22:3521
91.243.44.22:3621
91.243.44.22:3852
91.243.44.22:3921

# Reference: https://twitter.com/James_inthe_box/status/1504843053730738179
# Reference: https://twitter.com/James_inthe_box/status/1504843176846131201
# Reference: https://www.virustotal.com/gui/file/f1a61a31c172f4b21d34d099ecf544609dfc528a981ff8572e7b4c393bef84a8/detection

185.19.85.155:162
breakingsecurity.dvrlists.com

# Reference: https://www.virustotal.com/gui/file/e2be1e3ac94168c1090867610af82e77a9ea318ea5042f4a962f9e7e58044b61/detection

185.19.85.155:50708
alilockincadmin.ddns.net
olashostadmin.ddns.net

# Reference: https://www.virustotal.com/gui/file/fc4b62bf81d0ab27f687255c8e95188e01524b8f7d425b77f244efa0d0c8a9c7/detection

185.19.85.155:1619

# Reference: https://www.virustotal.com/gui/file/c9543baa2ba0d7d8b670213c02ba258041823cf79f558a3c7e4c9ad7923b2bc3/detection

hayhaytv.biz

# Reference: https://www.virustotal.com/gui/file/f400d36892785b2f2bd25e3b8797b8626bd3985dddd3760920ae5c96e3858dfe/detection
# Reference: https://www.virustotal.com/gui/file/a6ccb6bb7e81ed05f95e23d941f491d182ffff03809c8f639149d8a32f2fd3ce/detection

104.215.84.159:2404
harveyautos110.ddns.net

# Reference: https://www.virustotal.com/gui/file/8ec9d95f0e4a49043f69017eefba8f73b29484cbc15bc614510052e834a21a64/detection

81.110.133.241:4782
wallass.ddns.net

# Reference: https://www.virustotal.com/gui/file/e9c4316b6ada458ce1d7cab0cf31449631f33a24a314ea19fd68afd7d92c9e39/detection

212.193.30.96:3535
sungito3.ddns.net

# Reference: https://www.virustotal.com/gui/file/42720ffc4a7f017d0ca760fc2288d462cacb64f11bfad6910519571d631a6f75/detection

194.5.98.46:5050
remcoss12.ddns.net

# Reference: https://www.virustotal.com/gui/file/0741ed5681e40443d25c89040297c1bb4f943b43ff88a8a218b4cd26cfb5c604/detection

157.90.152.72:5202

# Reference: https://twitter.com/malwrhunterteam/status/1509578549535064065
# Reference: https://blog.morphisec.com/remcos-trojan-analyzing-attack-chain
# Reference: https://www.virustotal.com/gui/file/f40b0b7ba6036c4d53d9572c1aa00d4014ba40a66eb16abab0d75f48ab8057bd/detection

185.19.85.174:119
freshdirect.dvrlists.com
gotovacoil.com
kingspalmhomes.com
dreamwatchevent.com/wsalptza/
dreamwatchevent.com/zp-user/
fisintegrateds.com/zp-admin/

# Reference: https://www.virustotal.com/gui/file/f31dace8463709ef3916f3e2b51168c06ca78e9df379ce98bd112556e2634d41/detection

79.134.225.76:2311
achimumuazi.hopto.org

# Reference: https://www.virustotal.com/gui/file/08a4e96444eab85c7d841f25fcbce6f9f77cceeed3206bb51e0f82f6b275dad4/detection

212.192.241.50:1010

# Reference: https://www.virustotal.com/gui/file/0605c2c0504437a3e2dff8452001a6b547919525594fa84dd5d713022e8395ba/detection

20.225.154.34:2404
xoftmanrem001.camdvr.org

# Reference: https://www.virustotal.com/gui/file/4ce893ef0bd7abeb769c3c3e57863700f41882befbee770733f0da86e015e7cb/detection

20.110.197.26:2404
flexyval01.hopto.org
flexyval02.hopto.org
flexyval03.hopto.org
flexyval04.hopto.org
flexyval05.hopto.org
flexyval06.hopto.org
flexyval07.hopto.org

# Reference: https://www.virustotal.com/gui/file/56ac1555cc21d3400c4168a52da00cab97bfb205f0b43ab417fbaa85e02def9c/detection

20.106.76.138:7782
pandemic4u.awsmppl.com
pandemic4u0.awsmppl.com
pandemic4u1.nerdpol.ovh
pandemic4u2.awsmppl.com

# Reference: https://www.virustotal.com/gui/file/68a0057f18e9c4b63ba1247db4b21a83cc3a2adebac3dacff282a4577b35dc06/detection

31.210.20.25:2030
davidwongwarzone.zapto.org

# Reference: https://www.virustotal.com/gui/file/a6ccc05556ccbb60a723a57a8a584cc150e2f4819ef7b11c76e947e84dff0e10/detection

104.214.103.50:2404
amalar.camdvr.org
moroga.camdvr.org
stopeet.camdvr.org
stopeet1.camdvr.org
stopeet2.camdvr.org
stopeet3.camdvr.org

# Reference: https://www.virustotal.com/gui/file/f216501f3a4213b738c07cc290e3b5eceb2f35ea410b2ae1b1b188e27ebddc7d/detection

31.210.20.130:2828
vkllaw.com

# Reference: https://www.virustotal.com/gui/file/c96d9d1cd9a19f89a578b97b7f0e7b426f90916239d63c39f0381b02e91c7c50/detection
# Reference: https://www.virustotal.com/gui/file/6daadbef2fe61209a6bb5d9a938c0978890af2ec274064bdec966b71a353765a/detection
# Reference: https://www.virustotal.com/gui/file/251c1a1c793a99db5db99d80d4ffce0ffe63be7316c8da165b7e54b8ad276a7a/detection

203.159.80.136:4981
viabouhm.ratkings.net

# Reference: https://twitter.com/peterkruse/status/1510929891944022017

1harvey205.camdvr.org
1harvey206.casacam.net
1harvey207.accesscam.org
1harveyautos111.hopto.org
1harveyautos112.ddns.net
harvey205.camdvr.org
harvey206.casacam.net
harvey207.accesscam.org
harveyautos110.ddns.net
harveyautos111.hopto.org
harveyautos112.ddns.net

# Reference: https://www.virustotal.com/gui/file/dc3406cfa902a5245fc7fa8bd110f02c236d04d1a80c312ebc43dd208f3a0adb/detection
# Reference: https://www.virustotal.com/gui/file/c4c6dc73fd49a18f2070e68d5de3503961ee5754164b231db5e0cc6f5a799611/detection
# Reference: https://www.virustotal.com/gui/file/3e9ccff518cd3800a268847b9e66cdda1b2ee9d1969607069c3c1e3e9427b9c8/detection

105.112.122.238:8181
88.235.51.237:4923
91.193.75.132:4923
remcoss11.ddns.net

# Reference: https://www.virustotal.com/gui/file/eabe284e5c499c80125043b351693551e84b94276a0bed00345af8613cf3491e/detection

91.193.75.132:1199
recmcozjan22.ddns.net

# Reference: https://www.virustotal.com/gui/file/632dd54f1fc0c1d3fcb5de2710648265fa48ef67c94696e0f81c0ec1049546dd/detection
# Reference: https://www.virustotal.com/gui/file/2666bb71e611ddf80450eedc51f64210ea0cd8a190f84b7384fdc55af6269dac/detection

79.134.225.75:3370
91.193.75.132:2882
richyigboks.duckdns.org

# Reference: https://www.virustotal.com/gui/file/a5d2d4c2feb0080390e1e6b8ebac4487ebbcd14e9bf183415b862112dbbb6369/detection

82.222.99.2:5050
zoonm.ddns.net

# Reference: https://www.virustotal.com/gui/file/a3d08a4bcf30bc1eb141643c55025dd2d03550262e21b04624baf368b18f653e/detection
# Reference: https://www.virustotal.com/gui/file/a3d08a4bcf30bc1eb141643c55025dd2d03550262e21b04624baf368b18f653e/detection

91.193.75.132:45901
menz.ddns.net

# Reference: https://www.virustotal.com/gui/file/87e1f0731c3fda7489b0c2f71261182d4f510a79bca666d6c0379863d5298d8b/detection

91.243.44.85:2404

# Reference: https://www.virustotal.com/gui/file/fdc5cd9307d2298bc150b68203dd71982f4d88de40f838d0eb91ec26569caed4/detection
# Reference: https://www.virustotal.com/gui/file/8ae7581b43a54b58ceb0b9f5b75762d3befdb584008cf734785aa32b71eb8f81/detection

194.5.98.213:1942
mimi44.ddns.net
rbfoods.us

# Reference: https://www.virustotal.com/gui/file/8ae7581b43a54b58ceb0b9f5b75762d3befdb584008cf734785aa32b71eb8f81/detection

194.5.98.213:1987

# Reference: https://www.virustotal.com/gui/file/e6de286b094197f95411d10400f85549dc619254190c6664615cc3ac3c64a8f3/detection

37.120.212.230:2404
xhangzhi.duckdns.org

# Reference: https://www.fortinet.com/blog/threat-research/latest-remcos-rat-phishing

23.226.128.197:2404

# Reference: https://twitter.com/0xrb/status/1513733548800634888
# Reference: https://www.virustotal.com/gui/file/27836b6948d7ce67236c868845032376044afac9a92214d44f6f73c428ac9098/detection
# Reference: https://www.virustotal.com/gui/file/b3393118d47aee3ea17dcb3051e609275bd3ca9e18341e9de833d11ab09d047e/detection

http://91.243.44.85
91.243.44.85:47823

# Reference: https://twitter.com/0xhido/status/1513801393907417094
# Reference: https://www.virustotal.com/gui/file/b0966b0b2a38cb845932231c04b16d79f2c434a0171ebe151585f154a418e02c/detection
# Reference: https://www.virustotal.com/gui/file/453408c1b42c5747704808c0226169d58c4947c248734bf99514a7ae84a257e3/detection
# Reference: https://www.virustotal.com/gui/file/2b7bed63bef18e380e05de0f668bc534c045d94c02c26fc83ce4ebf57a9a1af8/detection

145.239.253.176:4782
hector.fund

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-04-12%20Remcos%20IOCs

199.195.253.181:162
hawman.cc.dvrlists.com

# Reference: https://twitter.com/Bank_Security/status/1514493778018643968
# Reference: https://twitter.com/Artilllerie/status/1514591697195442178
# Reference: https://pastebin.com/iYuLKpRS
# Reference: https://www.virustotal.com/gui/file/44c144fb9b610b5927a9553468bb262c5b2b5c5d24a64cc05cfd4b098ec644fa/detection

45.15.16.162:2404
afbd-bad.org
afdb-bad.org
afdb-za.org
ns.atps-proximo.pt

# Reference: https://www.telsy.com/remcos-and-agent-tesla-loaded-into-memory-with-rezer0-loader/Cyber-Report-1-REMCOS-and-Agent-Tesla-loaded-into-memory-with-Rezer0-loader.pdf
# Reference: https://otx.alienvault.com/pulse/614c8b0439d5b0b66f92cbf7

psm-ir.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1517395274532114433
# Reference: https://app.any.run/tasks/83cb500f-a79b-406d-bc4d-6021eb02aff1/

136.144.41.237:6061

# Reference: https://isc.sans.edu/diary/rss/28616
# Reference: https://otx.alienvault.com/pulse/62739c7e3592b057d33aef7a

http://198.12.89.134

# Reference: https://twitter.com/James_inthe_box/status/1524398222352871424

hydrogiene.co.za

# Reference: https://twitter.com/pr0xylife/status/1524412708895997952
# Reference: https://www.virustotal.com/gui/file/2dca59fd8d72332b1040af729fe0904a58f325db9543c787f0706fca0f21bb10/detection

84.38.133.58:3363
treatcode.dvrlists.com

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-05-11%20Remcos%202%20IOCs
# Reference: https://www.virustotal.com/gui/file/12f26a0678ead6807a30af5f667c5b08288254c0c5ef1ba5817a3330f4445940/detection

37.0.14.217:2295
pounds22.dvrlists.com

# Reference: https://www.virustotal.com/gui/file/39f270492601de9bc4fe67dc145af5fa3bf115ac214246d495202e3f153670c6/detection

194.5.99.51:8090

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-05-18%20Remcos_1%20IOCs

94.46.246.63:2404
generem.camdvr.org
generem2023.hopto.org
hobbyhrs6.zapto.org

# Reference: https://www.virustotal.com/gui/file/77c2b80009f8dbe9d42283b32bb93decbe26179a171c233c078c49bd629bef6c/detection

62.197.136.97:2080
skygroupt6.zapto.org

# Reference: https://www.virustotal.com/gui/file/05c8613bd93d233e369ece36d36ac8a92dec5cb31d7b8ba9fafa61ff343c97a7/detection

434864347.com
434864347.casacam.net
434864347.ddnsfree.com

# Reference: https://www.virustotal.com/gui/file/4575a46f553ce382b57d50f8c9255f57ffd14777667cb86d537f9d162339aa8f/detection

185.157.162.101:2404
185.244.30.113:2404
tprem.ddnsfree.com
tprem009.hopto.org
tprem4g.ddns.net
tpremm.hopto.org
tprerem2.ddnsfree.com
tpreremb2.ddnsfree.com

# Reference: https://twitter.com/reecdeep/status/1528634853469609985
# Reference: https://www.virustotal.com/gui/file/c4fd685384b5522ed7cd531245667504871064828ea317a1c8cc8ec9e9d9bded/detection
# Reference: https://www.virustotal.com/gui/file/15c47516d1be5ea577ea79aa35d01ca1100fbb40af42e51782b106bf06734fab/detection

185.157.162.137:59085
blackwealth001.duckdns.org

# Reference: https://twitter.com/satontonton/status/1529448532360384513
# Reference: https://tria.ge/220525-p3eg2aeddl

172.94.127.61:5888

# Reference: https://www.virustotal.com/gui/file/ee0e3ef0d4e024fee83ad9744a0c2fda54ea009c099144d7f3f5972b0e3c7c4d/detection

194.5.98.38:1684
anyinew.duckdns.org

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-06%20Remcos%20RAT%20IOCs

185.199.224.92:551
remittance5443.dvrlists.com

# Reference: https://www.virustotal.com/gui/file/20f688a5ad9f3a97a06fbe687bc519f77d68dff4e227cd92c2e377d1f91b6456/detection

192.169.69.25:2996
mastermissis.duckdns.org

# Reference: https://www.virustotal.com/gui/file/9d66451cba895543944a91ec8f2230f0e7b1f708d38e830a6502472448379e41/detection

okehieugochukwucassperkroosdavid.duckdns.org

# Reference: https://twitter.com/smica83/status/1536263039464382465
# Reference: https://tria.ge/220613-hebynsecbr/behavioral1

176.119.28.51:9492
power22.myftp.org

# Reference: https://www.virustotal.com/gui/file/138d6b7c14089c460dac2f723c91acb6436fdcc1b9dd9f03e711e035d4bd6620/detection

194.31.98.250:2080

# Reference: https://twitter.com/ffforward/status/1537376671489175552
# Reference: https://www.virustotal.com/gui/file/cc1ad7582d16db389c1b15a1cccdc188a85398165623876f4c7887743e54a9f9/detection

noneabusers.xyz
top.noneabusers.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1537394567129059328
# Reference: https://www.virustotal.com/gui/file/1051d3690e70e4227a2b0a0aa87367fb09c49c55360c7a1880b2acfba0b77490/detection

213.152.162.154:19833
213.152.186.19:19833
mine4eva.duckdns.org

# Reference: https://www.virustotal.com/gui/file/428931fca8865aa94ecab4da479ece8f2d82171566d62ef2378825f752b9cb40/detection

2.58.149.33:4333
hsgu2.chickenkiller.com

# Reference: https://otx.alienvault.com/pulse/62b3057069c7fe037d5a21fd

centplus.serveftp.com
centplus1.serveftp.com
fresh12.ddns.net
harrywlike.ddns.net
hobbyhrz1.zapto.org

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-23%20Remcos%20IOCs

192.3.152.173:2356

# Reference: https://tria.ge/220626-q9te7sbbcq/behavioral1

91.193.75.131:3060
rawman.ddns.net

# Reference: https://github.com/0xToxin/Malware-IOCs/blob/main/Remcos%20RAT/Remcos-%2028062022
# Reference: https://tria.ge/220628-ynswjscaam/behavioral1

103.156.90.165:4053
remcosmoney.duckdns.org

# Reference: https://gist.github.com/silence-is-best/7b71542e9713d9e8c2546090a1358789
# Reference: https://www.virustotal.com/gui/file/1f6b2f123b907738cbb9ec1cc074a4a10a8be6a2a0d4f12e528bc1cd361a0627/detection

23.105.131.237:2405
deoneogidi.hopto.org

# Reference: https://www.virustotal.com/gui/file/ce195de0b69a9f6c6e5aca39cc107917fa06e6d283acbeb79de45e6c85c5cb3f/detection

45.133.174.55:2404
mckennadevelopments.co.uk
darwin06.casacam.net
leaflet308.casacam.net
nunez115.accesscam.org
nunez118.camdvr.org
nuvez110.camdvr.org

# Reference: https://www.virustotal.com/gui/file/e0d0304a43fc6323b1d18b22faa263bfb9b7327028a2a1dc27eccd10b6f98f08/detection

91.193.75.191:6677
csolpflow.duckdns.org

# Reference: https://www.virustotal.com/gui/file/01f187b666a8f17996e6446772b67aaef1de9ecbc573d2b043a007a3bedeaca6/detection

172.111.234.100:5888

# Reference: https://www.virustotal.com/gui/file/a32fd5a09b3ce2abffd7943be510cc0b728d123f69ba9298d41478dd7a6c941f/detection

172.111.153.127:3033

# Reference: https://www.virustotal.com/gui/file/e04e4c474ded78364c1f802de5a653e2d495bc1a0ddb78325962778a221970e6/detection

172.94.127.61:5888

# Reference: https://twitter.com/1ZRR4H/status/1543339315756994563
# Reference: https://www.virustotal.com/gui/file/388c0d40658e7617789643be3aab11bb7462d4b212825527e45aa9e1dd2ead75/detection
# Reference: https://www.virustotal.com/gui/file/dea8443217c19368810fd390a6b5da86d6a07c3c37421e037ee40524e370ea31/detection
# Reference: https://www.virustotal.com/gui/file/19b985c2cd4448f9294948b58c3622c4d2118fb860f75cefdd4fccc01ac1a467/detection

80.66.75.88:2807

# Reference: https://www.virustotal.com/gui/file/5115241c4d951b005e4e38ff34fc53121bc9eb8e62805a157e0358623c258732/detection

80.66.75.88:2407

# Reference: https://twitter.com/malwrhunterteam/status/1544050660433399813
# Reference: https://www.virustotal.com/gui/file/452c3bd1e8cdf19bd89704c81540b995e887ba06e13a9cd12c67977feddfdfba/detection

162.55.210.243:2404
162.55.210.243:8000
/Remcos%20v3.5.1%20Pro.exe
/Remcos_Settings.ini
/remcos_a.exe

# Reference: https://www.virustotal.com/gui/file/14fa8b6b9e28da8046340ddd654b6636852dd113aec964b6297add3bcaa5e558/detection

185.140.53.130:2404
servicepro.ddnsfree.com

# Reference: https://github.com/0xToxin/Malware-IOCs/blob/main/Remcos%20RAT/Remcos-%2017072022
# Reference: https://tria.ge/220717-xlxahsefa8/behavioral1

194.5.98.20:2160
kekeze21.ddns.net

# Reference: https://twitter.com/tosscoinwitcher/status/1549081272063889409
# Reference: https://tria.ge/220718-vlxvyabhgq/behavioral1

212.192.246.194:3542
xpremcuz300622.ddns.net

# Reference: https://www.virustotal.com/gui/file/f79d3098bfb090b6aaa390943e247178f3acff7c8214467df000cd3f102a2382/detection

20.230.127.16:2404
3.132.159.158:10880
3.140.223.7:10880
windda.ddns.net
windda1.ddns.net

# Reference: https://www.virustotal.com/gui/file/9b823d785286362e9cbf36967ce34b278638f528d4f4681c4dd080e6b652c371/detection

87.98.236.198:8080
msft.serveftp.com

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-07-26%20Remcos%20IOCs
# Reference: https://www.virustotal.com/gui/file/0a327f7ef9cb260159b10942e80d9c378d9fa29727e2d92e4a146b8a2ab0c563/detection

91.193.75.239:10171
topboysully.dvrlists.com

# Reference: https://www.virustotal.com/gui/file/f5fcd1c154f0ad8e635cef464f0f28ba6fbabf07f9379aa2a1cfec9ea59a173d/detection
# Reference: https://www.virustotal.com/gui/file/ed6feff2985efc50e550c04b9c0613c2749c039ce985fb386fdb17c56482df2a/detection
# Reference: https://www.virustotal.com/gui/file/d91e4b8a4169b75730e7dbf1ae01f7408e99bf843a36317579e762faba640153/detection
# Reference: https://www.virustotal.com/gui/file/b4b96d09b65bbe3acc31f204b489e55ccf41ae4170d6163a5ddc801153191d5c/detection

37.0.14.195:3840
37.0.14.198:2830
homesforiiiudgf.ddns.net

# Reference: https://www.virustotal.com/gui/file/f5b62ae366411bf1ded6d25e0788eeb4325fa6ddc58ad819488ad2de2dd1f267/detection

37.0.14.198:3655
stronger.ddns.net

# Reference: https://www.virustotal.com/gui/file/e4eee67f649702026eb3287b7d1e77ab44af7204e9770b31b3e17adff3cd923c/detection

37.0.14.195:5074
godslove1.ddns.net

# Reference: https://www.virustotal.com/gui/file/e6759048cbaa66dec4ee4160d2f6d643fe7a38e2887e458f70a4257a5bca55bf/detection

ramalubegroup.ydns.eu

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-08-02%20Remcos%20IOCs

91.192.100.38:2050

# Reference: https://www.virustotal.com/gui/file/3cd2459f1d568d4aaaf422c284892810f7cb60dc69af99adb060f84a1c94ece6/detection
# Reference: https://tria.ge/220805-hvb9dagcg6/behavioral1

194.5.98.53:991
instment.ga
williamsmack.duckdns.org

# Reference: https://www.virustotal.com/gui/file/5a80d33725dc44720c5bf641ba8adc05c49194bed8f073b4efccaeec17e8d871/detection

179.43.154.139:6121

# Reference: https://www.virustotal.com/gui/file/5910b251032dcd4f32fac230adf2f86a529a2ab45ada09afcea63f23dc300846/detection

45.156.31.217:6121

# Reference: https://www.virustotal.com/gui/file/4b8d5c7a726e4489e3e527b36d433a23a225bbb32a45dca7b2e3f7786e8beb08/detection

91.193.75.131:7446
julygoals.hopto.org

# Reference: https://www.virustotal.com/gui/file/4accc392a8e545d936119e4eb2f97c9e7779e94829cd52f62d945d1714abf6f5/detection
# Reference: https://www.virustotal.com/gui/file/22997c55858e21d73b43b397d371379cc2acd48b657cb6dfc8c2d472045abede/detection

91.193.75.131:3060
bossraw.ddns.net

# Reference: https://www.virustotal.com/gui/file/56b9e1a9f0704305007504a26661905930387fc49d0fb0f9938d28fd1d46e60a/detection

3.131.207.170:17041

# Reference: https://www.virustotal.com/gui/file/c1b0147d71f0505d82102f1d0db65752604dee80508723ce8a78453e96af358a/detection
# Reference: https://www.virustotal.com/gui/file/de6fbb6cfbf7bb74ea9d0e9dcaa07883dc357d0cfe09562ed45afc726e287607/detection
# Reference: https://www.virustotal.com/gui/file/addd9fa23db5ff36bb8407273637a4d6d20e83888dca5ad9aea3184c6e2d006d/detection

181.141.11.124:2404
181.141.11.124:2405
190.28.170.105:2404
190.28.170.105:2405
nod.con-ip.com

# Reference: https://www.virustotal.com/gui/file/883bb860b3a9a3a3940c54fd2ed5bbc757c1cd762e2962017caea38942b132a5/detection
# Reference: https://www.virustotal.com/gui/file/2b0441416dcfaeb908cf69343fc3c2af82772c0dfd3a2af8cca9659c31cbb1d0/detection

190.28.170.105:2100
190.28.170.105:2101
190.28.226.59:2100
190.28.226.59:2101
avastupdate.con-ip.com

# Reference: https://www.virustotal.com/gui/file/fd42eba50bc383aedeebedea992b3990e3a9fa04a73b574c0528d3cf2f2f9749/detection
# Reference: https://www.virustotal.com/gui/file/37d7e923eea7260124283d599c85c253323dc8c4aa0a55687fc8293f88614d07/detection

190.28.131.226:2200
190.28.202.144:2200
apartachord2.con-ip.com

# Reference: https://www.virustotal.com/gui/file/52bb7d7faf8f4575721894d514eb02d5f9c7d6a8144c50ae985a8a4bce3cf582/detection

177.41.46.96:7777

# Reference: https://www.virustotal.com/gui/file/4a2af578e2798d675503781ba8915b87fb48a109800aa09ac905e8412d27dcb0/detection

187.115.252.56:7777

# Reference: https://www.virustotal.com/gui/file/2bca2ddb0d37c48969f9ca795248774bc84b2408240e8a26a6bf2df03ea3caf7/detection

179.176.129.87:7777

# Reference: https://www.virustotal.com/gui/file/d74343f85e1546e3a5991838d2302793e4f0517ec828692e655e763269e43393/detection

185.140.53.170:55442
55440.duckdns.org

# Reference: https://www.virustotal.com/gui/file/c2e0d247c0342212dc915382e86cb4afee5a22bcd2658e50ba51f47b2e928f0b/detection
# Reference: https://www.virustotal.com/gui/file/a6a2fac02178b0f60c9f33bd587dd7dbbc0f1906585cd72b76c3028bc1495251/detection
# Reference: https://www.virustotal.com/gui/file/a3452537122e1a6b4682461c79036cea1916f358a6cb44e6a7045ff3c17aeb93/detection

185.140.53.170:55443
45.125.239.219:55442
45.125.239.219:55443
55441r.duckdns.org

# Reference: https://www.virustotal.com/gui/file/7a15ae3009674997a8205d2e0aa0ce03fc592a544f2340e1cd2d6b5f61e64a0b/detection

194.5.98.186:55442
194.5.98.186:55443

# Reference: https://www.virustotal.com/gui/file/a0911f69ebcbc93540e63bf007fcab0bbece1a9f55c780ea29fc0a4935e2b93b/detection

67.211.213.207:444

# Reference: https://www.virustotal.com/gui/file/6862cf51b5546665e90e27a0a188ea8c468097f86b8b5d68fa0521f4cd3a9550/detection

94.79.220.83:5330
asmarany.ddns.me

# Reference: https://www.virustotal.com/gui/file/e0b6bc3a80979c9698dc1a45ec43f00b0a35841706e1414fb29996eb57962c44/detection

109.202.103.170:8733
213.152.161.40:8733

# Reference: https://www.virustotal.com/gui/file/766ab97dc545207fe08d285356fa47298904585e8f2690c7d0532d0456d40fb6/detection

172.94.42.34:5555
kklink.duckdns.org

# Reference: https://www.virustotal.com/gui/file/98bd9ce6256c71da1189ff7552bc318b6e9e2e895612248601581b32d85a8e8b/detection

194.5.98.53:9596

# Reference: https://twitter.com/tosscoinwitcher/status/1558136237566767104
# Reference: https://tria.ge/220812-t9qk4ahha9
# Reference: https://tria.ge/220812-vckt1sfefr

184.75.221.163:44850
spy24.online
sfcarbotexpl.ddns.net

# Reference: https://www.virustotal.com/gui/file/dacac52a378ad8d74430d29733767e2b8e6282a86e29aef40e8e0f8544c8b16a/detection
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-08-17%20Remcos%20IOCs

142.11.211.90:2404
2ndspreading1.ddns.net
july202022.ddns.net
july20220spread.ddns.net
july20220spread2.ddns.net

# Refereence: https://www.virustotal.com/gui/file/50365c827bd768ec7fdf1a5b688d19ec0645042e92f04dad712a1955e9bb4c8b/detection

febrem.ddns.net
febrem1.ddns.net
febrem2.ddns.net
febrem3.ddns.net
febrem4.ddns.net
febrem5.ddns.net
marrem1.ddnsking.com
marrem2.ddnsking.com
marrem3.ddnsking.com

# Reference: https://www.virustotal.com/gui/file/fe2a7bd815aa82979362973574a4432be639fdb0487839eb4a665c2862a62744/detection

freshspread.ddnsking.com

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-08-18%20Remcos%202%20IOCs
# Reference: https://www.virustotal.com/gui/file/6c232920b9bb1f2c3bf71124f93f06f49fdf41c3bae35237f7b031bebba14cc5/detection

patronkingoopsalmghandnaiojamexicoquadaras.s3.sa-east-1.amazonaws.com

# Reference: https://www.virustotal.com/gui/file/27b4a6f09b24a1f951811105ca5bf9d93074a352a37497374ef12807646ca502/detection

181.141.11.124:2425
defenderos.con-ip.com
defenderos2.con-ip.com

# Reference: https://www.virustotal.com/gui/file/07521351177667d93bba36bc8e3ae4bf8f96ec3915f69a23617e5c3c92f2129b/detection

181.141.11.124:33893
serviciosnecesarios.con-ip.com

# Reference: https://twitter.com/malwaremustd1e/status/1561771687720325120
# Reference: https://www.virustotal.com/gui/file/79aba8df0169a2d90b4fad63a8df8f6635f7016276079a2517a263e4b2322fa4/detection

194.5.98.244:4044
67.214.175.69:4044
obologs.work.gd

# Reference: https://www.virustotal.com/gui/file/146e9314dabcad733e15ab5e796c53fda2be2b34ea00a0bc03efda9ea674202f/detection

45.133.174.108:2404

# Reference: https://www.virustotal.com/gui/file/5d2b715da7eafff42396f80ed3fedc8be5fb818da6bd9e476d59d49a8db260bc/detection

45.133.174.47:2404
prosir.casacam.net

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-08-23%20Remcos%20IOCs

79.134.225.115:6061
bitm.dvrlists.com

# Reference: https://github.com/0xToxin/Malware-IOCs/blob/main/Remcos%20RAT/Remcos%20-%2024082022

184.75.221.195:22614
184.75.221.195:35749
191.101.30.16:22614
184.75.221.195:35749
safetysystemarea.duckdns.org
securewebareaxxx.ddns.net

# Reference: https://twitter.com/c_APT_ure/status/1563259349757468672

103.231.91.59:55026
185.165.153.84:6699
bustabantu1996.ddns.net

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-08-26%20Remcos%20IOCs

kopadd.yunethosting.rs
mandingo.dvrlists.com

# Reference: https://www.virustotal.com/gui/file/aef88e2d45f4df7c140ed966a391de2da9ebe34936a3300a6cd5ebd90729be0b/detection

http://120.92.102.194
181.141.5.226:8021
dfdgsfgfg.duckdns.org

# Reference: https://www.socinvestigation.com/remcos-rat-new-ttps-detection-response/
# Reference: https://otx.alienvault.com/pulse/630cbb6eb1975f82211a702f
# Reference: https://www.virustotal.com/gui/file/e2816883a7a514fe1a3fbce95c04c2fc735f0c7ab872f7c23978388c42aea5c2/detection

194.147.140.29:4456
falimore001.hopto.org

# Reference: https://tria.ge/220831-e1g52aghak

185.158.251.159:2404

# Reference: https://twitter.com/pollo290987/status/1565474724309778435
# Reference: https://www.virustotal.com/gui/file/0495c0518c4d8f7cb71cdfdd10f4736e11d5d2c7bddbebdd735cf79a86390981/detection

134.19.179.235:31598
mastercoa.co
zbshort.live
vp.mastercoa.co

# Reference: https://twitter.com/c_APT_ure/status/1565631428754345986

163.123.143.143:1664
tzitziklishop1.ddns.net

# Reference: https://otx.alienvault.com/pulse/631737749da32d502398b8d0
# Reference: https://www.virustotal.com/gui/file/f3f903bfd8ee2b9c902e22977a2804ac523c478b0fbd87d5034e39e875782ed1/detection

65.21.9.51:1760
appntw.website

# Reference: https://app.any.run/tasks/daacb7d0-96a7-46c6-8af8-7e8dd7684294/
# Reference: https://www.virustotal.com/gui/file/9e3c6d2f7b4a61b99f97c864da82a42d4e8ab8eacc729618172fbe44bf237155/detection

194.5.98.195:4545
freetogo01.ddns.net

# Reference: https://twitter.com/pollo290987/status/1568310541541580801
# Reference: https://www.virustotal.com/gui/file/48bca1c51f164b95e2f73675cfefdf525bde055caf5c3942bfcee88ff950792d/detection

192.111.146.184:5564
45.83.129.166:5564
newehmpage.webredirect.org

# Reference: https://twitter.com/tosscoinwitcher/status/1570085217507082241
# Reference: https://tria.ge/220914-th1lzsagd4

209.145.61.216:2404
genekol.nsupdate.info
genekol1.nsupdate.info
harrywlike1.ddns.net
hendersonk2022.hopto.org

# Reference: https://twitter.com/pmmkowalczyk/status/1571843321428955137
# Reference: https://www.virustotal.com/gui/file/398fdb77c5178377193497b1d19116c647fda7d2d5a7e542ac3628366e7ce8ff/detection

194.147.140.242:10101
194.5.97.59:10101
37.0.14.209:10101
themillions.duckdns.org

# Reference: https://twitter.com/reecdeep/status/1571863696615395329

192.121.102.15:3464
192.121.102.67:3464
193.104.197.103:3464
193.104.197.110:3464
193.104.197.30:3464
193.104.197.79:3464
193.104.197.88:3464
193.104.211.212:3464
37.0.14.204:3464
45.148.4.109:3464
45.148.4.12:3464
45.148.4.3:3464
remnewyear.myddns.me
septrem.duckdns.org

# Reference: https://twitter.com/pollo290987/status/1571900350583508993
# Reference: https://www.virustotal.com/gui/file/22bcff5827e858e9f22a1edeeccc577897103ece173b47c10f7e3a7d0ae6d3f3/detection

163.123.143.208:57952

# Reference: https://twitter.com/pollo290987/status/1572627967137792006
# Reference: https://www.virustotal.com/gui/file/6454523a7bb0aec9d2c66c43447ea65bfe8cff6659b4b4fea26d8919571de430/detection
# Reference: https://www.virustotal.com/gui/file/a646ae729b3f8412fa1e2fd7fe6f4c5a592b3ff7446466c0258bee74f9ef2a62/detection

172.111.234.110:5888
212.192.246.154:41900

# Reference: https://otx.alienvault.com/pulse/6324668c34562390e99611e8

flyerenergy.com
mutaalofomaha.com

# Reference: https://www.virustotal.com/gui/file/28b582488eb5318ec99c37bd78932ea8e641c9ca49cab73145cf25b79935826c/detection

http://194.38.23.170

# Reference: https://twitter.com/StopMalvertisin/status/1576927905652756485
# Reference: https://www.virustotal.com/gui/file/3b44d9aa4abd608f2dd1ec103d734c6402d3cb751dc2f38a46dc682aaa05a6bb/detection

37.0.14.206:6081

# Reference: https://twitter.com/pollo290987/status/1576940654588198917

45.155.165.160:40567

# Reference: https://twitter.com/pollo290987/status/1577292591493545984

185.140.53.160:2404
194.5.98.63:2404
dapsan.duckdns.org

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-10-04%20Remcos%20IOCs
# Reference: https://www.virustotal.com/gui/ip-address/69.49.230.231/relations
# Reference: https://www.virustotal.com/gui/file/a4a20a36599949af2301f68e5e636daf2ab4957d1080ead17bedc5050aea755f/detection

194.5.97.174:6268
37.0.14.208:6268
13-9whm.tk
blhlqqip2.site
blhlqqip3.site
blhlqqip4.site
blhlqqip5.site
kiadsadw1.ga
kiadsadw1.gq
kiadsadw1.ml
kiadsadw1.tk
kiadsadw2.ga
kiadsadw2.gq
kiadsadw2.ml
kiadsadw2.tk
kiadsadw3.cf
kiadsadw3.ga
kiadsadw3.gq
kiadsadw3.tk
kiadsadw4.cf
kiadsadw4.ga
kiadsadw4.ml
kiadsadw4.tk
kiadsadw5.cf
kiadsadw5.ga
kiadsadw5.gq
kiadsadw5.ml
kiadsadw5.tk
kiadsadw6.cf
kiadsadw6.ga
kiadsadw6.gq
kiadsadw6.ml
kiadsadw6.tk
kiadsadw7.cf
kiadsadw7.ga
kiadsadw7.gq
kiadsadw7.ml
kiadsadw7.tk
kiadsadw8.cf
kiadsadw8.ga
kiadsadw8.gq
kiadsadw8.ml
kiadsadw8.tk
kiadsadw9.cf
oclkcwpz5.site
server-ellcz1.cf
server-ellcz1.ga
server-ellcz1.gq
server-ellcz1.ml
server-ellcz1.tk
server-ellcz2.ga
server-ellcz2.gq
server-ellcz2.ml
server-ellcz2.tk
server-ellcz3.cf
server-ellcz3.ga
server-ellcz3.gq
server-ellcz3.ml
server-ellcz3.tk
server-ellcz4.cf
server-ellcz4.ga
server-ellcz4.gq
server-ellcz4.ml
server-ellcz4.tk
server-ellcz5.cf
server-ellcz5.ga
server-ellcz5.gq
server-ellcz5.ml
server-ellcz5.tk
server-ellcz6.cf
server-ellcz6.ga
server-ellcz6.gq
server-ellcz6.ml
server-ellcz6.tk
server-ellcz7.cf
server-ellcz7.ga
server-ellcz7.gq
server-ellcz7.ml
server-ellcz7.tk
server-ellcz8.cf
server-ellcz8.ga
server-ellcz8.gq
server-ellcz8.ml
server-ellcz8.tk
server-ellcz9.cf
server-goeif1.cf
server-goeif1.ga
server-goeif1.gq
server-goeif1.ml
server-goeif1.tk
server-goeif2.cf
server-goeif2.ga
server-goeif2.gq
server-goeif2.ml
server-goeif2.tk
server-goeif3.ga
server-goeif3.gq
server-goeif3.ml
server-goeif3.tk
server-goeif4.cf
server-goeif4.ga
server-goeif4.gq
server-goeif4.ml
server-goeif4.tk
server-goeif5.cf
server-goeif5.ga
server-goeif5.ml
server-goeif5.tk
server-goeif6.cf
server-goeif6.ga
server-goeif6.gq
server-goeif6.ml
server-goeif7.cf
server-goeif7.ga
server-goeif7.gq
server-goeif7.ml
server-goeif7.tk
server-goeif8.cf
server-goeif8.ga
server-goeif8.gq
server-goeif8.ml
server-goeif8.tk
server-goeif9.cf
server-hrmpb1.cf
server-hrmpb1.ga
server-hrmpb1.gq
server-hrmpb1.ml
server-hrmpb1.tk
server-hrmpb2.cf
server-hrmpb2.ga
server-hrmpb2.gq
server-hrmpb2.ml
server-hrmpb2.tk
server-hrmpb3.cf
server-hrmpb3.ga
server-hrmpb3.gq
server-hrmpb3.ml
server-hrmpb4.cf
server-hrmpb4.ga
server-hrmpb4.gq
server-hrmpb4.ml
server-hrmpb4.tk
server-hrmpb5.cf
server-hrmpb5.ga
server-hrmpb5.gq
server-hrmpb5.ml
server-hrmpb5.tk
server-hrmpb6.cf
server-hrmpb6.ga
server-hrmpb6.gq
server-hrmpb6.ml
server-hrmpb6.tk
server-hrmpb7.cf
server-hrmpb7.ga
server-hrmpb7.gq
server-hrmpb7.ml
server-hrmpb7.tk
server-hrmpb8.cf
server-hrmpb8.ga
server-hrmpb8.gq
server-hrmpb8.ml
server-hrmpb8.tk
server-jmxhz1.cf
server-jmxhz1.ga
server-jmxhz1.gq
server-jmxhz1.ml
server-jmxhz2.cf
server-jmxhz2.ga
server-jmxhz2.gq
server-jmxhz2.ml
server-jmxhz2.tk
server-jmxhz3.cf
server-jmxhz3.ga
server-jmxhz3.gq
server-jmxhz3.ml
server-jmxhz3.tk
server-jmxhz4.ga
server-jmxhz4.gq
server-jmxhz4.ml
server-jmxhz4.tk
server-jmxhz5.cf
server-jmxhz5.ga
server-jmxhz5.gq
server-jmxhz5.ml
server-jmxhz5.tk
server-jmxhz6.cf
server-jmxhz6.ga
server-jmxhz6.gq
server-jmxhz6.ml
server-jmxhz6.tk
server-jmxhz7.cf
server-jmxhz7.ga
server-jmxhz7.gq
server-jmxhz7.ml
server-jmxhz7.tk
server-jmxhz8.cf
server-jmxhz8.ga
server-jmxhz8.gq
server-jmxhz8.ml
server-jmxhz8.tk
server-jmxhz9.cf
server-nrcje1.cf
server-nrcje1.gq
server-nrcje1.ml
server-nrcje1.tk
server-nrcje2.cf
server-nrcje2.ga
server-nrcje2.gq
server-nrcje2.ml
server-nrcje2.tk
server-nrcje3.cf
server-nrcje3.ga
server-nrcje3.gq
server-nrcje3.ml
server-nrcje3.tk
server-nrcje4.cf
server-nrcje4.ga
server-nrcje4.gq
server-nrcje4.tk
server-nrcje5.cf
server-nrcje5.ga
server-nrcje5.gq
server-nrcje5.ml
server-nrcje5.tk
server-nrcje6.cf
server-nrcje6.ga
server-nrcje6.ml
server-nrcje6.tk
server-nrcje7.cf
server-nrcje7.ga
server-nrcje7.gq
server-nrcje7.ml
server-nrcje7.tk
server-nrcje8.gq
server-nrcje8.ml
server-nrcje8.tk
server-nrcje9.cf
server-nymyq1.cf
server-nymyq1.ga
server-nymyq1.gq
server-nymyq1.ml
server-nymyq1.tk
server-nymyq2.cf
server-nymyq2.ga
server-nymyq2.gq
server-nymyq2.tk
server-nymyq3.cf
server-nymyq3.ga
server-nymyq3.gq
server-nymyq3.ml
server-nymyq3.tk
server-nymyq4.cf
server-nymyq4.ga
server-nymyq4.gq
server-nymyq4.ml
server-nymyq4.tk
server-nymyq5.cf
server-nymyq5.ga
server-nymyq5.gq
server-nymyq5.ml
server-nymyq6.cf
server-nymyq6.ga
server-nymyq6.gq
server-nymyq6.ml
server-nymyq6.tk
server-nymyq7.cf
server-nymyq7.ga
server-nymyq7.gq
server-nymyq7.tk
server-nymyq8.cf
server-nymyq8.ga
server-nymyq8.gq
server-nymyq8.ml
server-nymyq8.tk
server-nymyq9.cf
server-pxhop1.cf
server-pxhop1.ga
server-pxhop1.gq
server-pxhop1.ml
server-pxhop1.tk
server-pxhop2.cf
server-pxhop2.ga
server-pxhop2.ml
server-pxhop2.tk
server-pxhop3.ga
server-pxhop3.gq
server-pxhop3.ml
server-pxhop3.tk
server-pxhop4.cf
server-pxhop4.gq
server-pxhop4.ml
server-pxhop4.tk
server-pxhop5.cf
server-pxhop5.ga
server-pxhop5.gq
server-pxhop5.ml
server-pxhop5.tk
server-pxhop6.cf
server-pxhop6.ga
server-pxhop6.gq
server-pxhop6.ml
server-pxhop6.tk
server-pxhop7.cf
server-pxhop7.ga
server-pxhop7.gq
server-pxhop7.ml
server-pxhop7.tk
server-pxhop8.cf
server-pxhop8.ga
server-pxhop8.gq
server-pxhop8.ml
server-pxhop8.tk
server-sadwb1.cf
server-sadwb1.ga
server-sadwb1.gq
server-sadwb1.ml
server-sadwb1.tk
server-sadwb2.cf
server-sadwb2.ga
server-sadwb2.gq
server-sadwb2.ml
server-sadwb2.tk
server-sadwb3.cf
server-sadwb3.ga
server-sadwb3.gq
server-sadwb3.ml
server-sadwb3.tk
server-sadwb4.cf
server-sadwb4.ga
server-sadwb4.gq
server-sadwb4.ml
server-sadwb4.tk
server-sadwb5.cf
server-sadwb5.ga
server-sadwb5.gq
server-sadwb5.ml
server-sadwb5.tk
server-sadwb6.cf
server-sadwb6.ga
server-sadwb6.gq
server-sadwb6.ml
server-sadwb6.tk
server-sadwb7.cf
server-sadwb7.gq
server-sadwb7.ml
server-sadwb7.tk
server-sadwb8.cf
server-sadwb8.ga
server-sadwb8.gq
server-sadwb8.ml
server-sadwb8.tk
server-sadwb9.cf
server-uewit1.cf
server-uewit1.ga
server-uewit1.gq
server-uewit1.ml
server-uewit1.tk
server-uewit2.cf
server-uewit2.ga
server-uewit2.gq
server-uewit2.tk
server-uewit3.cf
server-uewit3.ga
server-uewit3.gq
server-uewit3.ml
server-uewit3.tk
server-uewit4.cf
server-uewit4.ga
server-uewit4.gq
server-uewit4.ml
server-uewit4.tk
server-uewit5.cf
server-uewit5.ga
server-uewit5.gq
server-uewit5.ml
server-uewit5.tk
server-uewit6.cf
server-uewit6.ga
server-uewit6.gq
server-uewit6.ml
server-uewit6.tk
server-uewit7.cf
server-uewit7.ga
server-uewit7.gq
server-uewit7.ml
server-uewit7.tk
server-uewit8.cf
server-uewit8.gq
server-uewit8.ml
server-uewit8.tk
server-uewit9.cf
server-uewit9.ga
server-waajo1.cf
server-waajo1.gq
server-waajo1.ml
server-waajo1.tk
server-waajo2.cf
server-waajo2.ga
server-waajo2.gq
server-waajo2.ml
server-waajo2.tk
server-waajo3.ga
server-waajo3.gq
server-waajo3.ml
server-waajo3.tk
server-waajo4.cf
server-waajo4.ga
server-waajo4.gq
server-waajo4.ml
server-waajo4.tk
server-waajo5.cf
server-waajo5.ga
server-waajo5.gq
server-waajo5.ml
server-waajo5.tk
server-waajo6.cf
server-waajo6.ga
server-waajo6.gq
server-waajo6.ml
server-waajo6.tk
server-waajo7.cf
server-waajo7.ga
server-waajo7.gq
server-waajo7.ml
server-waajo7.tk
server-waajo8.cf
server-waajo8.ga
server-waajo8.gq
server-waajo8.ml
server-waajo8.tk
server-waajo9.cf
server-wxmqf1.cf
server-wxmqf1.ga
server-wxmqf1.gq
server-wxmqf1.ml
server-wxmqf2.cf
server-wxmqf2.ga
server-wxmqf2.gq
server-wxmqf2.ml
server-wxmqf2.tk
server-wxmqf3.cf
server-wxmqf3.ga
server-wxmqf3.gq
server-wxmqf3.ml
server-wxmqf3.tk
server-wxmqf4.cf
server-wxmqf4.ga
server-wxmqf4.gq
server-wxmqf4.ml
server-wxmqf4.tk
server-wxmqf5.cf
server-wxmqf5.ga
server-wxmqf5.gq
server-wxmqf5.ml
server-wxmqf5.tk
server-wxmqf6.cf
server-wxmqf6.ga
server-wxmqf6.gq
server-wxmqf6.ml
server-wxmqf6.tk
server-wxmqf7.cf
server-wxmqf7.ga
server-wxmqf7.gq
server-wxmqf7.ml
server-wxmqf7.tk
server-wxmqf8.cf
server-wxmqf8.ga
server-wxmqf8.gq
server-wxmqf8.ml
server-wxmqf8.tk
server-wxmqf9.cf
server-xdkhf1.ga
server-xdkhf1.gq
server-xdkhf1.ml
server-xdkhf1.tk
server-xdkhf2.ga
server-xdkhf2.gq
server-xdkhf2.ml
server-xdkhf2.tk
server-xdkhf3.cf
server-xdkhf3.ga
server-xdkhf3.gq
server-xdkhf3.ml
server-xdkhf3.tk
server-xdkhf4.cf
server-xdkhf4.ga
server-xdkhf4.gq
server-xdkhf4.ml
server-xdkhf4.tk
server-xdkhf5.cf
server-xdkhf5.ga
server-xdkhf5.ml
server-xdkhf5.tk
server-xdkhf6.cf
server-xdkhf6.ga
server-xdkhf6.gq
server-xdkhf6.ml
server-xdkhf6.tk
server-xdkhf7.cf
server-xdkhf7.ga
server-xdkhf7.gq
server-xdkhf7.ml
server-xdkhf7.tk
server-xdkhf8.cf
server-xdkhf8.ga
server-xdkhf8.gq
server-xdkhf8.ml
server-xdkhf8.tk
server-xdkhf9.cf
server-xdkhf9.ga
zelthin.dvrlists.com

# Reference: https://twitter.com/reecdeep/status/1577668826149306370

45.155.165.117:50005

# Reference: https://twitter.com/MalwarePatrol/status/1577725883074256896

http://194.190.152.126

# Reference: https://www.virustotal.com/gui/file/575b64f8214eb883148c52f8231326446c513181646708e34aa5d7638175527a/detection

carsond5.hopto.org

# Reference: https://twitter.com/pollo290987/status/1578047147676778497
# Reference: https://www.virustotal.com/gui/file/c699c6b1b668b088471e74e8ac09145ced97a45a0db6c59657040257fdc8508e/detection

163.123.142.150:1492
ban318937.sytes.net

# Reference: https://twitter.com/pollo290987/status/1579485354012573696

nonprofit2.mywire.org

# Reference: https://www.virustotal.com/gui/file/a125e30eb975835c5dc09562a25c94891270b1e3ca4f920435aecd1a5ea5653b/detection

81.161.229.148:5050
valvesco.duckdns.org

# Reference: https://tria.ge/220810-txhpqacdfn/behavioral1

212.193.30.230:1024
zyt2.dvrlists.com

# Reference: https://www.virustotal.com/gui/file/1009c900538dc157a378812cec6b2528219cf5133b59b4832456ad0bfa06c139/detection

194.87.84.40:2718

# Reference: https://www.virustotal.com/gui/file/d1a2c9b8c53aac7c1b54ef1356ed4ef8af9c0e5cca965bb757ddad436d30bf1b/detection

173.254.223.68:4040
royal.giize.com

# Reference: https://www.virustotal.com/gui/file/eb6b893999f716633ae89a1ace89ae407e07017ff347b23a5b7753f44732014d/detection

141.98.6.108:15672

# Reference: https://www.virustotal.com/gui/file/0516858d158e7596381b33f25fbd178516e5d6260ddc1e96ad0de562c282af7d/detection

91.192.100.7:1995
ableyahweh.ddns.net

# Reference: https://www.virustotal.com/gui/file/0ebf9e88c69338a8acd1bda024bf02c79e3ab357277f885dbdfb4f601623d5d6/detection

91.193.75.9:1990
amblessed.ddns.net

# Reference: https://www.virustotal.com/gui/file/a9399adef4f9beec911d353838ce6cbd5a4eeb83e1a6261b61d2b705c87d765a/detection

46.246.6.73:3669
46.246.84.6:3669

# Reference: https://twitter.com/0xToxin/status/1585274213438472194
# Reference: https://www.virustotal.com/gui/file/8c298764818ca42411115429c1f819577f5ece4d0c3dad949ea46a9ec4b49634/detection

185.225.18.106:2404
hotsdefender.webredirect.org

# Reference: https://www.virustotal.com/gui/file/929df8a15e583ad6b64698fb702cf44183f0d726d86cada07cf072d7f9f74913/detection

193.47.61.205:3542

# Reference: https://www.virustotal.com/gui/file/2f152a8da309e2878e0414477e27d6d041237de92c90f15e371c26ed9344cc40/detection

188.214.106.88:50943

# Reference: https://twitter.com/r3dbU7z/status/1589781653693804544
# Reference: https://tria.ge/221107-j1421shgaj/behavioral2

46.246.6.17:2404
46.246.6.5:2404
nuevosremcs.duckdns.org

# Reference: https://tria.ge/221117-kq1saaaa7y/behavioral1

207.244.231.35:35280
rmcos.duckdns.org

# Reference: https://twitter.com/malware_traffic/status/1597421863139160064
# Reference: https://tria.ge/221129-c4pyyaha78/behavioral1

185.246.220.39:1307
drremcoz1.ddns.net

# Reference: https://gist.github.com/silence-is-best/213f7b2112a46acd56ceb78bf79286a8
# Reference: https://www.virustotal.com/gui/file/08a87793c7ca10af688ef68cf54f4e5a632bef11145a60c6e48027ca91c386a5/detection

http://79.110.63.18
79.110.62.46:50499

# Reference: https://gist.github.com/silence-is-best/213f7b2112a46acd56ceb78bf79286a8
# Reference: https://www.virustotal.com/gui/file/284749a242c7dcee6d5f8d71bb4de12ccbc7f7acc24a8fb795859b0393f23577/detection

41.216.183.226:41900

# Reference: https://gist.github.com/silence-is-best/213f7b2112a46acd56ceb78bf79286a8
# Reference: https://www.virustotal.com/gui/file/3202335b43868780fc9f77d4b021c64615ba8bd148684a5d707b64f115d6fa82/detection

79.134.225.16:7967

# Reference: https://gist.github.com/silence-is-best/213f7b2112a46acd56ceb78bf79286a8
# Reference: https://www.virustotal.com/gui/file/7f6e79aba77c7a0d80ae08f8dabf96e340c06b9da219bc3d6c8fe38b6b33e9c1/detection

91.193.75.214:16662
obscurelegend.dvrlists.com

# Reference: https://gist.github.com/silence-is-best/213f7b2112a46acd56ceb78bf79286a8
# Reference: https://www.virustotal.com/gui/file/af967c81efde1833856442e497edcfc5da28b6af7940d985bb297fe8c6e3d0f7/detection

84.21.172.33:5763

# Reference: https://www.virustotal.com/gui/file/fa965dc6edbb0e244cef4ecab1dabb2d04c9c174e42ac25c60f463237bcea16b/detection

194.180.48.184:3542

# Reference: https://www.virustotal.com/gui/file/38eaa97605a5428cd10700e2fbfe0bd84c75052abdc963bf6ad151fee74f6130/detection

84.21.172.179:1988
dianmelek.duckdns.org

# Reference: https://www.virustotal.com/gui/file/e85461238ebb99ee7d96d576e2b9a6b9e886ef11da937cf9c4cdc7c4746dde7f/detection

84.21.172.179:58001

# Reference: https://twitter.com/c_APT_ure/status/1603349872735920128
# Reference: https://bazaar.abuse.ch/sample/b13c979dae8236f1e7f322712b774cedb05850c989fc08312a348e2385ed1b21/

213.152.161.219:19888
213.152.161.79:19888
toornavigator.sytes.net

# Reference: https://www.virustotal.com/gui/file/cd676ef098fec646d192a9c14099ade8f10709ee793ee820457e6dc46c02fc5e/detection
# Reference: https://www.virustotal.com/gui/file/ce4085be9c0cea2fdaa6145e86166b051222fcc96eac12e1668d803a6b97ebfe/detection

194.5.97.174:656
tpergtbe2.ml

# Reference: https://www.virustotal.com/gui/file/dfdfddf99781b2553c12dc0eaa764c585279eaa29b70654a11bdc238b6af945e/detection
# Reference: https://www.virustotal.com/gui/file/c4fa78775e976b5e30d4f2fb71d48b068b3dc27d625972296fd5cc28c58eb1c0/detection

79.134.225.28:161
pharmacologicalembrz.ml

# Reference: https://www.virustotal.com/gui/file/3b2c104c6eb24ddf6033a3d0b437b9cb7f58484166b85b2424fe6722fe98c324/detection

41.58.118.71:37186
79.134.225.74:37186
whizzle456.duckdns.org
whizzle654321.serveftp.com

# Reference: https://www.virustotal.com/gui/file/c17492c8733386e70b6a3c5432da0a049e1f659f00a767e086a73813a9162c29/detection

209.209.238.36:16152
209.209.238.36:5880
15prill.dyndns.tv
15prill.sytes.net

# Generic

/invoice_Qkdxcnmk.bmp
/swlu_Gmgzhmnp.png
/litupin_Kywfvjxv.bmp
/remcos_a_rgzXPLek0.bin
/TT_2021_Remcos%20v2_DDoOoaFhuj99.bin
/Xrllqxvmom.png
