# Copyright (c) 2014-2022 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/KorbenD_Intel/status/1406007597027708933
# Reference: https://twitter.com/AcooEdi/status/1409265045200986112
# Reference: https://github.com/its-a-feature/Mythic
# Reference: https://www.virustotal.com/gui/file/3560fce6eb996380b8daf223fe10d55086b9582593c6e2f62511cc5995f18005/detection
# Reference: https://www.virustotal.com/gui/file/8043d6c07fbd1e122c91eedf782c6ed7a539ab089a0eab48a50b2ab71127fa51/detection

20.86.10.75:7443

# Reference: https://twitter.com/MichalKoczwara/status/1438943089528348680

106.52.103.154:7443
107.155.81.125:7443
143.198.42.198:7443
157.230.93.100:7443
172.105.254.138:7443
194.5.212.165:7443
35.244.90.180:7443
52.13.1.165:7443
8.130.55.52:7443

# Reference: https://twitter.com/benkow_/status/1542047469860683777

cryptolvl-rsa-check.com

# Reference: https://github.com/conexioninversa/MalwareIntel/blob/main/C2_All.csv
# Reference: https://github.com/conexioninversa/MalwareIntel/blob/main/C2_Mythic.txt

101.35.90.253:7443
103.134.19.125:7443
103.134.19.126:7443
104.248.136.18:7443
109.248.6.212:7443
109.248.6.231:7443
121.196.173.138:7443
121.37.166.111:7443
124.156.19.110:7443
124.221.250.89:7443
13.214.180.60:7443
13.69.157.231:7443
134.0.116.185:7443
134.122.109.56:7443
134.209.28.232:7443
135.181.207.18:7443
137.184.207.189:7443
137.184.3.67:7443
138.68.127.9:7443
138.68.76.238:7443
139.144.19.118:7443
139.59.144.58:7443
139.59.249.255:7443
139.59.72.48:7443
142.44.129.32:7443
142.93.141.182:7443
142.93.166.252:7443
142.93.246.237:7443
143.110.178.9:7443
143.198.191.206:7443
143.198.226.82:7443
144.91.122.255:7443
145.131.8.169:7443
145.239.197.84:7443
147.182.157.114:7443
147.182.231.226:7443
152.136.200.244:7443
157.230.93.100:7443
159.203.182.27:7443
159.203.59.54:7443
159.223.193.246:7443
159.223.194.254:7443
159.223.234.22:7443
159.89.190.80:7443
159.89.229.33:7443
159.89.53.38:7443
16.170.83.102:7443
16.171.18.142:7443
160.20.147.34:7443
164.90.158.199:7443
165.227.45.251:7443
165.232.130.91:7443
165.3.120.26:7443
167.88.180.75:7443
170.187.201.243:7443
172.104.138.192:7443
172.104.175.112:7443
172.105.254.138:7443
173.255.226.84:7443
173.82.110.148:7443
178.62.99.183:7443
18.156.197.101:7443
185.158.94.217:7443
185.16.39.178:7443
185.173.34.42:7443
185.21.191.88:7443
185.225.68.201:7443
185.225.68.202:7443
185.238.32.198:7443
188.225.73.137:7443
192.34.58.198:7443
193.41.237.173:7443
194.156.120.146:7443
194.233.164.157:7443
195.97.212.20:7443
20.106.123.23:7443
20.220.187.29:7443
20.97.116.145:7443
204.44.85.16:7443
205.126.0.212:7443
207.148.5.58:7443
208.67.105.91:7443
208.68.38.191:7443
209.249.134.13:7443
209.249.134.3:7443
209.249.134.6:7443
3.128.135.199:7443
3.141.125.92:7443
3.212.113.251:7443
3.6.38.215:7443
3.87.23.190:7443
34.150.132.170:7443
34.240.115.152:7443
34.67.166.244:7443
35.202.0.124:7443
37.139.128.156:7443
38.242.229.200:7443
43.142.174.15:7443
43.142.60.207:7443
45.87.154.87:7443
45.9.191.137:7443
46.101.153.42:7443
46.243.186.22:7443
47.250.53.207:7443
47.96.177.12:7443
5.2.79.164:7443
51.13.165.60:7443
51.77.214.92:7443
52.205.104.104:7443
52.206.182.102:7443
52.221.205.86:7443
52.79.54.36:7443
52.89.133.37:7443
54.149.124.173:7443
54.173.67.191:7443
54.180.25.135:7443
54.197.245.200:7443
54.253.207.220:7443
54.74.215.121:7443
59.110.169.183:7443
62.113.196.46:7443
62.182.159.147:7443
63.250.44.170:7443
64.227.107.179:7443
64.227.113.73:7443
66.228.45.170:7443
66.29.155.178:7443
68.183.132.227:7443
68.183.56.37:7443
69.30.254.194:7443
70.34.195.186:7443
70.34.214.252:7443
70.34.223.234:7443
74.208.91.38:7443
78.108.182.240:7443
83.252.26.43:7443
86.105.252.221:7443
94.140.115.118:7443
moofasa.grayhatfreelancing.com
mythic-ceramic.braindeadideas.com

# Reference: https://twitter.com/IronNetTR/status/1588154026297675777

ukreiif.live
c2.b1o.it
v56119.php-friends.de
