# Copyright (c) 2014-2023 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.virustotal.com/gui/file/06e3abeed1bc98ed56d5587e9732c9d39ea41879c250dff68ce8815953fcf7ad/detection

196.217.98.188:8080
liouas.ddns.net

# Reference: https://www.virustotal.com/gui/file/ed91f9fee04d08dc613e56eedf98b8c56a6e1e6be8ff3f29360550a2ef98c886/detection

91.193.75.132:2343
2343.hopto.org

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-01-10%20XWorm%20IOCs
# Reference: https://www.virustotal.com/gui/file/a86d61c62ad71f43dc2ad27a876ddccffab8d038d1f8b70248f4d4586c64d1ea/detection

su1d.nerdpol.ovh

# Reference: https://twitter.com/c_APT_ure/status/1621579054888501249

147.185.221.223:30420

# Reference: https://www.virustotal.com/gui/file/e6bf87ec571628e096e6505ee87f617f594ed7664782bf4f82810be28028147b/detection
# Reference: https://www.virustotal.com/gui/file/e58026e101ae93162cbf114997a2a2c78a80adfb6e6469823dd0d90572cef140/detection

154.12.234.207:7000
207.244.236.205:7000
mywormtwon.ddns.net
wormxwar.ddns.net

# Reference: https://twitter.com/InQuest/status/1626758679843205120
# Reference: https://twitter.com/Gi7w0rm/status/1626763227643224064
# Reference: https://tria.ge/230218-b9ngmaad96/behavioral2

45.139.105.105:7000
stanthely2023.duckdns.org

# Reference: https://www.virustotal.com/gui/file/2b786b8895d814c5d825f4eac99b009eb6aa16f66f6e5191b023e4ebc99fda66/detection
# Reference: https://www.joesandbox.com/analysis/811606?idtype=analysisid#iocs

209.145.51.44:7000

# Reference: https://twitter.com/suyog41/status/1631191121660444674
# Reference: https://www.virustotal.com/gui/file/098c9ebce4811fd2bb86654911581f21eb473f7afd5d27f7c09db57d5bfc1b62/detection
# Reference: https://www.virustotal.com/gui/file/aca8bf1de89203e445270f3cc76b3eaf9190b57fa35ef0d4425528ee639366cb/detection

209.25.140.180:38979
209.25.141.180:38979
according-psp.at.ply.gg

# Reference: https://www.virustotal.com/gui/file/a7c707d2409f0190693aa7a7223c2576262b5bcd9da42ff5c3b375826c32b222/detection

91.193.75.191:55443
vcmkpl.duckdns.org

# Reference: https://twitter.com/petrovic082/status/1638652084492070912
# Reference: https://app.any.run/tasks/500f883b-fe97-44e1-a87f-67101bd0c30c/

95.214.24.38:5000
updateccdata.duckdns.org
urlcallinghta6.blogspot.com

# Reference: https://twitter.com/ScumBots/status/1639388448967766016
# Reference: https://www.virustotal.com/gui/file/01407e324f0b8090467eded47a97acbdb3ef42d0f12820cd57b0bc5b87ffe510/detection

181.141.1.67:3737
wormsito.duckdns.org

# Reference: https://www.virustotal.com/gui/file/3964d69f2a321257a8a745aa9583eaed3cb53c070f79eba3945f6506dda0a2cb/detection

31.220.76.124:2137

# Reference: https://twitter.com/phage_nz/status/1653173706951397376
# Reference: https://www.virustotal.com/gui/file/5814ab23cf46820a0f911fac078dbe77a521ee36722ae2ac313c54c04e0c5601/detection

141.98.6.220:7001

# Reference: https://www.securonix.com/blog/securonix-threat-labs-security-meme4chan-advisory/
# Reference: https://otx.alienvault.com/pulse/64624bf528c55e0976f2bf71

kbowlingslaw.com
