# Copyright (c) 2014-2022 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: kaiten, tsunami

# Reference: https://www.virustotal.com/gui/file/ca42237354f76bd8aebb97635887c286cddc8d3b6cca2581fa228acf335b3a8c/detection

111.230.241.23:2407
46.149.233.35:2407

# Reference: https://www.virustotal.com/gui/file/29f6d8954e676d9260e308a1bc756edb1063cfa72fd6bfedd5f4fb10ba162043/detection

185.61.149.22:2407

# Reference: https://www.virustotal.com/gui/file/c474957d40c9ed89392bdde1b787455ab31a9df891a4c74fab2bf98b39f2c846/detection

145.239.93.125:9090
46.149.233.35:9090

# Reference: https://www.virustotal.com/gui/file/1a4e0aa435da8d3c79e7dbd80b0eefe4e555cce41fab475f7f7859a293f86c0b/detection

147.135.210.184:9090
216.58.203.46:9090

# Reference: https://www.virustotal.com/gui/file/4284f64189359326e4bbbeb329aee11e0db96824d5fae1de96a95ad4949ffedf/detection

153.92.210.165:2407

# Reference: https://www.virustotal.com/gui/file/903ebfde5701b26c60656ee466fee31633448c37188d18318db9d2c7bfded076/detection

51.68.124.148:2407

# Reference: https://www.virustotal.com/gui/file/eb2433bf487a405b631464430f9ba5f02d95f7d63a59dd288a3db9d2d0611373/detection

176.58.123.223:2407

# Reference: https://www.virustotal.com/gui/file/13bcf15acbf45759342cd62e2e112dd0c46acf9a14af7784dda17f5ee6fc749b/detection

107.191.110.201:2407

# Reference: https://www.virustotal.com/gui/file/283a67dd7536db0e316282d437c2917c336d97045ce867df2d326e588f5922c0/detection

176.10.127.126:2407

# Reference: https://www.virustotal.com/gui/file/8dcdccf9fcb42c1f6c191ced0347711297c88efc51518ea1ab29bbda001661a4/detection

68.66.253.100:2407

# Reference: https://twitter.com/MalwarePatrol/status/1334346751805939718

bash.givemexyz.in

# Reference: https://twitter.com/r3dbU7z/status/1341404311771881478

small.anondns.net

# Reference: https://www.virustotal.com/gui/file/94224bbc8f9a24bf162cc9635a07a3863dfa46d234c96ccf37162b9ffbbe3e29/detection

46.29.163.28:6667

# Reference: https://www.lacework.com/8220-gangs-recent-use-of-custom-miner-and-botnet/
# Reference: https://otx.alienvault.com/pulse/60a81875fa39fe6dbbe6f7d1

givemexyz.in
givemexyz.xyz
pwndns.pw
thegov.win
winscp.top

# Reference: https://www.virustotal.com/gui/file/b8dcadd2affaa6c9ea5629958ccb8e4c19a5c412dd3fb83cfd210dc079359196/detection

185.130.104.131:443

# Reference: https://www.virustotal.com/gui/file/137b3b10a347a78a8ce0c167befd35a187e2923ae3c782e0b69102cd5069fcbb/detection
# Reference: https://www.virustotal.com/gui/file/0c2d6843d5c00616cd4823b71206c8efcdc43b09a0f0682e3200e9822343f979/detection

derpcity.ru
exposedbotnets.ru
fflyy.su
wired.kei.su
wireless.kei.su

# Reference: https://twitter.com/abuse_ch/status/1473561613634609153

144.172.71.180:8080

# Reference: https://tria.ge/211223-mgh7zsacfq/behavioral1

156.67.220.165:8080
198.8.91.14:8080
45.132.241.68:8080

# Reference: https://threatfox.abuse.ch/browse/tag/log4j/

91.200.103.249:8080
l33t-ppl.info

# Reference: https://www.sentinelone.com/blog/from-the-front-lines-8220-gang-massively-expands-cloud-botnet-to-30000-infected-hosts/
# Reference: https://otx.alienvault.com/pulse/62d67a7459b9250ab5c7cc96

bashgo.pw
letmaker.top
onlypirate.top
oracleservice.top
a.oracleservice.top
b.oracleservice.top
jira.letmaker.top
jira.onlypirate.top
pwn.letmaker.top
pwn.onlypirate.top
pwn.oracleservice.top

# Reference: https://twitter.com/r3dbU7z/status/1569694183723601922
# Reference: https://elfdigest.com/brief/8a04585157033b86cb2c104f441d236bc3255b46127355f8342b75ab40eb3e35

93.95.229.203:8080
whatwill.be
irc.whatwill.be

# Reference: https://www.virustotal.com/gui/file/0013b356966c3d693b253cdf00c7fdf698890c9b75605be07128cac446904ad9/detection

c4k-ircd.pwndns.pw
