# Copyright (c) 2014-2023 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/struppigel/status/1272867849682530304
# Reference: https://www.gdatasoftware.com/blog/strrat-crimson
# Reference: https://www.virustotal.com/gui/file/08dfcc18d872fc9c6f9623537aba7d4e8f8bab921dbee452facad8a8c581db29/detection

jbfrost.live
lauzon-ent.com

# Reference: https://www.virustotal.com/gui/file/08dfcc18d872fc9c6f9623537aba7d4e8f8bab921dbee452facad8a8c581db29/detection

79.134.225.80:1984
pplugin.duckdns.org
snpfud.duckdns.org

# Reference: https://app.any.run/tasks/aaccdf6d-c3ca-4ae1-b1f3-b955e7c5b05b/

chance2021.ddns.net
tasklistmgr.duckdns.org

# Reference: https://twitter.com/reecdeep/status/1384499057708650499
# Reference: https://app.any.run/tasks/8409bd89-fe8c-4cb6-954b-4834d9621432/

185.38.142.241:5151
punisher.shacknet.us
str-master.pw

# Reference: https://www.virustotal.com/gui/file/54b5c60571ec31235f28e1bc5ee7f48d60dbaccf3dd05f0403fd56755a3429cf/detection

45.137.22.103:9913

# Reference: https://www.virustotal.com/gui/file/518b83f18ce0797f992954af3619b9c3d34400219d19cf3f6aeb58985d2f9e6b/detection
# Reference: https://www.virustotal.com/gui/file/518b83f18ce0797f992954af3619b9c3d34400219d19cf3f6aeb58985d2f9e6b/detection
# Reference: https://www.virustotal.com/gui/file/4bd1d4e99c7b80fbaa2234f44458a4f7d9588c7be794d0c521aab0524548af96/detection
# Reference: https://www.virustotal.com/gui/file/ab3afa8a20a9da80744282ddd13bb9a8a9b411324cd12562c1d3ba4424b4efc2/detection
# Reference: https://www.virustotal.com/gui/file/3cdadd4d8492cfe342f9f74529566ed6c1b451ba669509b59ffaf2965bce0750/detection
# Reference: https://www.virustotal.com/gui/file/107dd50b42ddff0c7953aebf62727778e5225c2e81fc9fba0bcecbbd4b2689a7/detection
# Reference: https://www.virustotal.com/gui/file/210b0615842c4ccb92dc12ed2a5c01bb094286a77c15aedaa40ce2123fae1fba/detection
# Reference: https://www.virustotal.com/gui/file/d49766168ba2ae59cef439103793d02da7c6ef1280517a8b56f1e305863085f7/detection
# Reference: https://www.virustotal.com/gui/file/44c6e89af3a487caaab73e7d503fddbc9d62394c099da3ca9fbf737b6a30c867/detection
# Reference: https://www.virustotal.com/gui/file/bf003b3d71959015aab619fadc3ac14eec1238f5b85915f969c056b0fb92c801/detection
# Reference: https://www.virustotal.com/gui/file/45752b9a5276e167fcfd613f6330f0e254b116563734cf58287884b236f3d26c/detection
# Reference: https://www.virustotal.com/gui/file/9ba8f246d7da56356f4487fec6e70609c9406857da2f747b642573e8b0b8cb03/detection
# Reference: https://www.virustotal.com/gui/file/bcf78cd0bbb72682031d2abd1edfe1498f9d2c26a96a6831e88008b4a0ece6a7/detection
# Reference: https://www.virustotal.com/gui/file/bcf78cd0bbb72682031d2abd1edfe1498f9d2c26a96a6831e88008b4a0ece6a7/detection
# Reference: https://www.virustotal.com/gui/file/47483768f06311345c545c2774ef3592dfd568ed2172690d67e97b871fbb5dae/detection
# Reference: https://www.virustotal.com/gui/file/472a16d5af7173eb77bce00e965d573a4657252bd0af5eb87ae9c29e025e2c26/detection
# Reference: https://www.virustotal.com/gui/file/0338d383faded72a6762c5f14d3804fe46bc3e0c0bbdcb2f7921a3b913192355/detection
# Reference: https://www.virustotal.com/gui/file/96d522cdf1e656d2be40994ea9c37eb22e4e555d9da32a6725b2fa2c4a000963/detection
# Reference: https://www.virustotal.com/gui/file/20d2347ec017a64191327dba9cedf7ed5af921df7fc43390a6b745703de9f831/detection
# Reference: https://www.virustotal.com/gui/file/8dea5cc4b16ecd3eda0e53a13048cec88939109374f69a9eb4e2c90d230793a9/detection
# Reference: https://www.virustotal.com/gui/file/b98031c2167cf9b07dea6e4d031956b85e2f52414ac60a2694765bf72f6bc624/detection
# Reference: https://www.virustotal.com/gui/file/0bbb92a61b4f0773ccfea0dfe75ba26fddf5dcdfc6845e59debf6ca4f41c7ff1/detection
# Reference: https://www.virustotal.com/gui/file/b756109104742cbdab8dfc98fb41d5bb364b078686004f694d5c6762e0449012/detection

142.202.240.40:2222
164.90.144.14:7577
167.160.166.133:7888
185.136.159.232:7888
185.136.170.108:8078
185.140.53.35:7188
185.140.53.35:8887
185.174.101.254:1977
185.234.216.112:1033
185.234.216.112:5200
193.218.118.85:8078
193.26.21.227:8887
194.5.97.10:9073
23.105.131.186:6677
23.239.31.129:54556
23.239.31.129:54557
66.11.124.196:7777
66.154.103.241:7123
69.65.7.138:6677
77.247.127.138:2222
79.134.225.70:47580
79.155.26.66:9999 
79.155.26.66:10000
jbfrost.live
chance2021.ddns.net
install-java.myq-see.com
jegstrig.duckdns.org
mineqroft.publicvm.com
networkip.duckdns.org
pluginserver.duckdns.org
pplugin.duckdns.org
redlan.mywire.org
tasklistmgr.duckdns.org
nectarclampplaza.com
okomas.com
7cmqghpupqiquxkfgmotxv6nfl366hyekx4mulez6rdgwdmq7hn72rad.onion

# Reference: https://app.any.run/tasks/963ab6c6-1165-4b14-8aa0-9a3721a73208/

185.140.53.159:3008
rhid08.ddnsking.com

# Reference: https://twitter.com/fr0s7_/status/1403331077775794176
# Reference: https://www.virustotal.com/gui/file/f3024442a64390d6ef55147674b67a32f6de35e9461befc539f4b39c65cb5e3b/detection

178.170.46.153:3030
invlookiing.com
frhb61552ds.ikexpress.com

# Reference: https://twitter.com/Racco42/status/1420399297959448581
# Reference: https://app.any.run/tasks/3b3f05eb-0226-4149-92e1-3e7c20add9bb/

172.93.164.112:2525

# Reference: https://twitter.com/petrovic082/status/1420425980607406094
# Reference: https://app.any.run/tasks/5e3e7a2f-b541-4bb8-9811-c38c03b2f29e/

172.93.164.112:5252
stunted.bounceme.net

# Reference: https://twitter.com/SecneurX/status/1438483029190606853

http://35.163.204.167

# Reference: https://twitter.com/phage_nz/status/1475693654601650179
# Reference: https://tria.ge/211228-e5q9hacaaq/behavioral1

144.217.68.78:75

# Reference: https://github.com/ti-research-io/ti/blob/main/ioc_extender/TF_STRRAT.json

idgerowner.duckdns.org

# Reference: https://gist.github.com/silence-is-best/e2af8aa61000e4b740934331291c619b
# Reference: https://www.virustotal.com/gui/file/3b62c9baf4cb51156750162fefaafee99f14f9b7ecec6e6a0b57589897e3ffb2/detection

194.85.248.87:8555
strigoiltd.duckdns.org

# Reference: https://www.virustotal.com/gui/file/f7c024f6e1a765a45b71af619039a8503f73b43d0e592b6264a23d51ad142314/detection

185.19.85.176:3002
str02.ddnsking.com

# Reference: https://www.virustotal.com/gui/file/79ea26629fd38ce4c143c225e669dafe337ab88c90afd3bfadf4b2e0294d3886/detection

79.134.225.79:3004
str04.bounceme.net

# Reference: https://www.virustotal.com/gui/file/f148e9a2089039a66fa624e1ffff5ddc5ac5190ee9fdef35a0e973725b60fbc9/detection

http://54.202.26.55

# Reference: https://www.virustotal.com/gui/file/c841617864a556382a41b99e48e6fda74b80c3d163f15f9c2f30e49a5d277f7d/detection

http://18.222.206.129
105.110.114.88:1

# Reference: https://www.virustotal.com/gui/file/5cd1c8b7425fcfd1d23acb3056262203b86174d87d6b8feb2087790694ea48b5/detection

http://37.1.216.135

# Reference: https://www.virustotal.com/gui/file/2cd289033bd19bf0bdb229b8cc98a496d80eac284c54c60a04c48352fb5eaac6/detection

http://94.140.112.183

# Reference: https://isc.sans.edu/diary/rss/27798
# Reference: https://otx.alienvault.com/pulse/612f3ff8335de1797a464005
# Reference https://www.virustotal.com/gui/file/31f5c289daf8c7fa2c8652f1686e208f6d25784bc9bed2a166c906031e70d449/detection

212.192.246.56:3219
blesd.gotdns.ch
myroyailrubin2019.duia.ro
ngofav.hopto.org
str-master.pw

# Reference: https://www.virustotal.com/gui/file/ec48d708eb393d94b995eb7d0194bded701c456c666c7bb967ced016d9f1eff5/detection

31.210.20.38:3219
palaintermine.duckdns.org

# Reference: https://www.virustotal.com/gui/file/00402faf91cfc9a4ee7482a7caf04bfa652c496c34126140a93bb517e0323617/detection

176.10.104.240:8443
178.254.7.88:8443

# Reference: https://twitter.com/James_inthe_box/status/1487179374461739014
# Reference: https://app.any.run/tasks/b5531413-56b4-4b33-9f25-bde051fbf71b/

151.229.173.33:4411
feksake.ddns.net

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2021-10-27%20STRRat%20IOCs

72.10.160.246:1010

# Reference: https://app.any.run/tasks/58b7641f-8a9d-4692-9c88-b01305c89b2e/

156.96.60.167:9985
strms.duckdns.org

# Reference: https://www.virustotal.com/gui/file/24275ebc1a7d2e6fac65d932c55f34a5c885d768103cafb546a4b52b36af0060/detection
# Reference: https://www.virustotal.com/gui/file/b1f56b6b2c12227cb5da5ad6029cab7fd4766c9a174891675038cc630d36cacd/detection

23.105.131.181:1609
win.adds-only.xyz

# Reference: https://twitter.com/James_inthe_box/status/1506678550278991872
# Reference: https://app.any.run/tasks/9edff075-559c-4a31-bc59-2d148ed71303/
# Reference: https://app.any.run/tasks/ae76d700-c723-4746-840b-b667ff1f0284/

172.111.141.114:5888

# Reference: https://twitter.com/James_inthe_box/status/1519336035561353217
# Reference: https://app.any.run/tasks/b949b032-bce1-4837-88fb-904ca794918a/

185.29.11.5
fileshaaringdocumseign.pages.dev
streelifes.duckdns.org

# Reference: https://tria.ge/201118-8cwkg4vaha/behavioral2

185.244.30.139:8760
23.239.31.129:54555
finishfarm.duckdns.org

# Reference: https://tria.ge/201104-sw3mtjzhb2/behavioral1

198.199.121.122:2112

# Reference: https://twitter.com/James_inthe_box/status/1545409233901854720
# Reference: https://app.any.run/tasks/9afe9845-1bae-497a-83a3-66fa4b2a1a69/

62.197.136.159:2022

# Reference: https://twitter.com/James_inthe_box/status/1574800034398605312
# Reference: https://app.any.run/tasks/6b0ac73f-90ec-462a-bdca-296ddd205989/

23.227.196.195:7456

# Reference: https://any.run/cybersecurity-blog/strrat-malware-analysis-of-a-jar-archive/

91.193.75.134:7650

# Reference: https://app.any.run/tasks/22ca1640-fcd8-4411-9757-8349af4d163f/

172.93.193.117:4589

# Reference: https://app.any.run/tasks/56076b18-886b-46ca-aadb-e1d7d5de62cd/

208.67.105.233:1981

# Reference: https://twitter.com/0xToxin/status/1590357375311302656
# Reference: https://tria.ge/221109-r2gxwabcdm/behavioral1

172.93.220.135:1780
172.93.220.135:1781
egodds.longmusic.com

# Reference: https://www.deepinstinct.com/blog/malicious-jars-and-polyglot-files-who-do-you-think-you-jar
# Reference: https://www.virustotal.com/gui/file/a93327ea596098dbd51cfcafcd049c2c1bc634c720bdb83e7bf45901b2387813/detection
# Reference: https://www.virustotal.com/gui/file/4df6972bede97d0cfb9f3a723d36ad97835b86ac9e27cf2c4819167b758a3024/detection

104.237.5.137:1050
donutz.ddns.net

# Generic

/strigoi/
/strigoi/lib.zip
/strigoi/server/?hwid=
/strigoi/server/ping.php
/esfsdghfrzeqsdffgfrtsfd.zip
