# Copyright (c) 2014-2019 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/ScumBots/status/1047543566594179073

queda2122.ddns.net

# Reference: https://twitter.com/ScumBots/status/1047422769712046080

trotokolenigers.onthewifi.com

# Reference: https://twitter.com/ScumBots/status/1046815013401501701

mdformo1.ddns.net

# Reference: https://twitter.com/ScumBots/status/1041469793625407489

farida.ddns.net

# Reference: https://twitter.com/ScumBots/status/1037351538732294145

zxcvbn123456.ddns.net

# Reference: https://twitter.com/ScumBots/status/1038158542736445441

mondns.myftp.biz

# Reference: https://twitter.com/ScumBots/status/1040311939073826816

morfey.hldns.ru

# Reference: https://twitter.com/ScumBots/status/1050046306016747521

office365update.duckdns.org
systen32.ddns.net

# Reference: https://twitter.com/ScumBots/status/1052526398924095488

quedabesouro.ddns.net

# Reference: https://twitter.com/ScumBots/status/1053262497673891841

seekers.hopto.org

# Reference: https://twitter.com/ScumBots/status/1054081645400260608

duckdate.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1063996828516012033

morfey.myftp.org

# Reference: https://twitter.com/ScumBots/status/1064254932528832512

itachituff.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1067565492322410497

farida.ddns.net

# Reference: https://twitter.com/ScumBots/status/1069517101654777857

updatefacebook.ddns.net

# Reference: https://twitter.com/ScumBots/status/1080998862574309377

vivivi.myftp.org

# Reference: https://twitter.com/ScumBots/status/1081317358206156800

nerv7.ddns.net

# Reference: https://twitter.com/ScumBots/status/1081378115526582273

mondns.myftp.biz

# Reference: https://twitter.com/ScumBots/status/1082132730715037696

queda212.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1089336859912744960

microsoftsecure.myq-see.com

# Reference: https://twitter.com/ScumBots/status/1090260035312275456

498408.ddns.net
olhomagicocdt.duckdns.org
systenfailued.ddns.com.br

# Reference: https://twitter.com/ScumBots/status/1090736985315201025

helloweenhagga.ddns.net
helloweenhagga1.ddns.net
helloweenhagga2.ddns.net
helloweenhagga3.ddns.net

# Reference: https://twitter.com/ScumBots/status/1095149123517534208

helloweenhagga4.ddns.net

# Reference: https://twitter.com/ScumBots/status/1095760026923352066

updatesystem.linkpc.net

# Reference: https://twitter.com/ScumBots/status/1097587061329154055

easykill.servebeer.com
easykill1.servepics.com
easykill2.servepics.com
easykill3.servebeer.com

# Reference: https://twitter.com/ScumBots/status/1098145754185633793

haggasinger.ddns.net
haggasinger1.ddns.net
haggasinger2.ddns.net

# Reference: https://twitter.com/ScumBots/status/1101890548661698560

rat24695.ddns.net

# Reference: https://twitter.com/ScumBots/status/1102445323417542658

mastermana1.serveirc.com
mastermana2.serveirc.com
mastermana3.serveirc.com
mastermana4.serveirc.com

# Reference: https://twitter.com/ScumBots/status/1103351296768331776

seskoal7rbe.ddns.net

# Reference: https://twitter.com/ScumBots/status/1103751431318892546

fouirux-59789.portmap.io

81.106.30.119:4444

# Reference: https://twitter.com/ScumBots/status/1104736674087665665

173.46.85.160:5555

# Reference: https://twitter.com/James_inthe_box/status/1107686616624037890
# Reference: https://twitter.com/JAMESWT_MHT/status/1107682800134750211

nobody120.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1108802212543848450

5.9.171.235:333

# Reference: https://twitter.com/ScumBots/status/1110489582494203904

91.192.100.5:1604

# Reference: https://twitter.com/Racco42/status/1112628162872119296

82.223.9.232:98

# Reference: https://twitter.com/TweeterCyber/status/1112919582635745281

kronozzz2.duckdns.org

# Reference: https://twitter.com/F_kZ_/status/1047054463570186241

37.187.155.228:85
nojjdjamel.hopto.org
nojjdjamel2251.hopto.org

# Reference: https://twitter.com/malware_traffic/status/935703820889358336

oamentyga.duckdns.org

# Reference: https://twitter.com/Racco42/status/884324767809056768

37.187.92.171:621

# Reference: https://twitter.com/Racco42/status/882123509350236160

hagroonayazabiiiiii.com
82.165.147.250:621

# Reference: https://twitter.com/luc4m/status/1113433242689052672

oldmandnsch.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1117986483196055552
# Reference: https://twitter.com/ScumBots/status/1123048893170769922
# Reference: https://twitter.com/ScumBots/status/1123675214980833280

95.213.251.165:7070
95.213.251.165:9090
95.213.191.230:9090

# Reference: https://unit42.paloaltonetworks.com/aggah-campaign-bit-ly-blogspot-and-pastebin-used-for-c2-in-large-scale-campaign

frankmana.duckdns.org
workfine11.duckdns.org
oldmandnsch.duckdns.org
blackhagga.duckdns.org
skyrocket1.duckdns.org
kronoz.duckdns.org
oldmandnsch.duckdns.org
kronozzz2.duckdns.org
lulla.duckdns.org
decent.myvnc.com
decent5.myvnc.com
jayztools1.ddns.net
jayztools2.ddns.net
jayztools3.ddns.net
totallol.duckdns.org
totallol1.duckdns.org
totallol2.duckdns.org
totallol3.duckdns.org
decent2.myvnc.com
decent3.myvnc.com
decent1.myvnc.com
decent4.myvnc.com
jordanchen736.sytes.net
jordanchen7361.sytes.net
jordanchen7362.sytes.net
jordanchen7363.sytes.net
lalacious1.serveftp.com
lalacious2.serveftp.com
lalacious3.serveftp.com
lalacious4.serveftp.com
mastermana1.serveirc.com
mastermana2.serveirc.com
mastermana3.serveirc.com
mastermana4.serveirc.com
mastermana5.serveirc.com
lullikhao.ddns.net
lullikhao1.ddns.net
lullikhao2.ddns.net
bullol.duckdns.org
cocomo.ddns.net
haggasinger2.ddns.net
haggasinger.ddns.net
haggasinger1.ddns.net
loramer1.ddnsking.com
easykill.servebeer.com
easykill3.servebeer.com
easykill2.servepics.com
easykill1.servepics.com
easykill3.servepics.com
helloweenhagga.ddns.net
helloweenhagga3.ddns.net
helloweenhagga4.ddns.net
helloweenhagga2.ddns.net
revengerx211.sytes.net
revengerx212.sytes.net
revengerx213.sytes.net
revengerx214.sytes.net
revengerx215.sytes.net
revengerx216.sytes.net
revengerx217.sytes.net
revengerx218.sytes.net
revengerx219.sytes.net
revengerx210.sytes.net
office365update.duckdns.org
systen32.ddns.net
bhenchood.ddns.net
emmanuelstevo.ddns.net
zinderhola1.ddns.net
zinderhola.ddns.net
myownlogs.duckdns.org
cocomo1.ddns.net
cocomo10.serveblog.net
cocomo2.ddns.net
cocomo2.serveblog.net
cocomo3.serveblog.net
cocomo4.serveblog.net
cocomo5.serveblog.net
cocomo6.serveblog.net
cocomo7.serveblog.net
cocomo8.serveblog.net
cocomo9.serveblog.net
mrcode.hopto.org
mrcode1.hopto.org
mrcode2.hopto.org
pussi2442.ddns.net

# Reference: https://twitter.com/malwrhunterteam/status/1076166793054556160

presentationx.sytes.net

# Reference: https://twitter.com/ScumBots/status/1121497114532618246

5.9.171.229:777

# Reference: https://twitter.com/illegalFawn/status/1122767858126266368

jorenimo55.hopto.org

# Reference: https://twitter.com/ScumBots/status/1126966907511480321

151.80.241.114:666

# Reference: https://twitter.com/HONKONE_K/status/1135760982385483777

queda212.duckdns.org

# Reference: https://twitter.com/James_inthe_box/status/1144358899429986304

185.165.153.250:5478
193.56.28.134:5478

# Reference: https://twitter.com/ScumBots/status/1145116725970657281

93.90.193.146:213

# Reference: https://twitter.com/ps66uk/status/1145640316856340480

cheryl11.duckdns.org

# Reference: https://twitter.com/powershellcode/status/1148234398703030273

bylgay.hopto.org 
microsoftoutlook.duckdns.org
soucdtevoceumcuzao.duckdns.org

# Reference: https://twitter.com/coderippers/status/1153267389632602114

blackhill.ddns.net

# Reference: https://twitter.com/coderippers/status/1154003951152484352

mzu.publicvm.com

# Reference: https://twitter.com/ScumBots/status/1154429111198203910

204.152.219.67:1003

# Reference: https://twitter.com/RedDrip7/status/1154696058846322688
# Reference: https://ti.qianxin.com/blog/articles/gorgon-group-campaign-aggah-with-pastebin/

kronozzz2.duckdns.org
microsoftoutlook.duckdns.org
tonypp.duckdns.org
yahakhan.duckdns.org
zoebin.duckdns.org

# Reference: https://twitter.com/Racco42/status/1158745916653920257

194.5.98.242:1212

# Reference: https://twitter.com/James_inthe_box/status/1165603800230481920
# Reference: https://www.virustotal.com/gui/ip-address/82.146.50.128/relations
# Reference: https://www.virustotal.com/gui/ip-address/37.203.214.30/relations

37.203.214.30:5000
82.146.50.128:5000
ahhahaasdas.ddns.net
dafg124.ddns.net
darckcometa.ddns.net
denisvpn2.ddns.net
devedeev.hopto.org
don4ik228.ddns.net
ewqewqewq.ddns.net
hostvimeworld.ddns.net
killler40000.ddns.net
lis1033.hopto.org
makot123.ddns.net
nikolaykolyabb.hopto.org
noinmy.ddns.net
werder3456.hopto.org
anonim001.ddns.net
asfadsvasdfsd.ddns.net
hedswjhrjkwe.freedynamicdns.net
matvey.ddns.net
micromax111.ddns.net
minecrafter1337.ddns.net
nargaroth.ddns.net
orcusbam.ddns.net
q12345gg.hopto.org
q312820ressivr.hopto.org
syka228228ppppp.ddns.net
talgat.ddns.net
uksivthack.mein-vigor.de
vhjrtyg.hldns.ru

# Reference: https://twitter.com/de_aviation/status/1097547526763433985

helloweenhagga.ddns.net
revengerx111.sytes.net

# Reference: https://blog.talosintelligence.com/2019/08/rat-ratatouille-revrat-orcus.html

qstorm.chickenkiller.com
skymast231-001-site1.htempurl.com

# Reference: https://twitter.com/ScumBots/status/1175338135573684224

3.19.114.185:11400

# Reference: https://blog.prevailion.com/2019/10/mastermana-botnet.html

rgalldmn.duckdns.org
speeddfox.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1180817132763963394

144.76.134.221:333

# Reference: https://twitter.com/P3pperP0tts/status/1181546654169800705

34.95.176.194:443
bkil.ddns.net

# Reference: https://twitter.com/ScumBots/status/1184367636941029377

18.216.157.58:333

# Reference: https://twitter.com/ScumBots/status/1185658643720626176

193.161.193.99:56282

# Reference: https://twitter.com/ScumBots/status/1185983283408134145

192.241.133.27:5555

# Reference: https://twitter.com/ScumBots/status/1186745945154838528

148.251.11.102:333

# Reference: https://unit42.paloaltonetworks.com/aggah-campaign-bit-ly-blogspot-and-pastebin-used-for-c2-in-large-scale-campaign/

bhenchood.ddns.net
blackhagga.duckdns.org
bullol.duckdns.org
cocomo.ddns.net
cocomo1.ddns.net
cocomo10.serveblog.net
cocomo2.ddns.net
cocomo2.serveblog.net
cocomo3.serveblog.net
cocomo4.serveblog.net
cocomo5.serveblog.net
cocomo6.serveblog.net
cocomo7.serveblog.net
cocomo8.serveblog.net
cocomo9.serveblog.net
cycbra.duckdns.org
decent.myvnc.com
decent1.myvnc.com
decent2.myvnc.com
decent3.myvnc.com
decent4.myvnc.com
decent5.myvnc.com
easykill.servebeer.com
easykill1.servepics.com
easykill2.servepics.com
easykill3.servebeer.com
easykill3.servepics.com
emmanuelstevo.ddns.net
frankmana.duckdns.org
haggasinger.ddns.net
haggasinger1.ddns.net
haggasinger2.ddns.net
helloweenhagga.ddns.net
helloweenhagga2.ddns.net
helloweenhagga3.ddns.net
helloweenhagga4.ddns.net
jayztools1.ddns.net
jayztools2.ddns.net
jayztools3.ddns.net
jordanchen736.sytes.net
jordanchen7361.sytes.net
jordanchen7362.sytes.net
jordanchen7363.sytes.net
kronoz.duckdns.org
kronozzz2.duckdns.org
lalacious1.serveftp.com
lalacious2.serveftp.com
lalacious3.serveftp.com
lalacious4.serveftp.com
loramer1.ddnsking.com
lulla.duckdns.org
lullikhao.ddns.net
lullikhao1.ddns.net
lullikhao2.ddns.net
majorsss.duckdns.org
mastermana1.serveirc.com
mastermana2.serveirc.com
mastermana3.serveirc.com
mastermana4.serveirc.com
mastermana5.serveirc.com
mrcode.hopto.org
mrcode1.hopto.org
mrcode2.hopto.org
myownlogs.duckdns.org
office365update.duckdns.org
oldmandnsch.duckdns.org
pussi2442.ddns.net
revengerx210.sytes.net
revengerx211.sytes.net
revengerx212.sytes.net
revengerx213.sytes.net
revengerx214.sytes.net
revengerx215.sytes.net
revengerx216.sytes.net
revengerx217.sytes.net
revengerx218.sytes.net
revengerx219.sytes.net
skyrocket1.duckdns.org
systen32.ddns.net
totallol.duckdns.org
totallol1.duckdns.org
totallol2.duckdns.org
totallol3.duckdns.org
workfine11.duckdns.org
zinderhola.ddns.net
zinderhola1.ddns.net

# Reference: https://www.virustotal.com/gui/file/96a008b46c9acacccb03a31c01c9c28dac64b621eb819b8c92f242288207973a/detection

45.236.130.17:2022
d0rian2022.ddns.net

# Reference: https://twitter.com/P3pperP0tts/status/1190316504304246786

156.215.159.57:333
lapoire1.hopto.org

# Reference: https://twitter.com/ScumBots/status/1191396450497974274

193.161.193.99:56282
