# Copyright (c) 2014-2019 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: gh0st, pcrat

# Reference: https://www.fireeye.com/blog/threat-research/2017/05/threat-actors-leverage-eternalblue-exploit-to-deliver-non-wannacry-payloads.html

bj6po.a1free9bird.com
beiyeye.401hk.com

# Reference: https://otx.alienvault.com/pulse/5c9900511d123a6d16e75561/

mdzz2019.noip.cn

# Reference: https://twitter.com/lazyactivist192/status/1112449219653193736
# Reference: https://www.virustotal.com/gui/file/f1cd38bbb504b38d115b5c127afa913572cef4233395416b5b08aff5f718cfea/relations

z-hacker-y.win

# Reference: https://twitter.com/Jan0fficial/status/1102912998975434752
# Reference: https://pastebin.com/D2pUSzcS
# Reference: https://app.any.run/tasks/1837b1d1-a62c-4e1b-9223-b6d40dc32d9f

haohai.hopto.org
116.196.18.237:8082

# Reference: https://twitter.com/malware_traffic/status/949057588250865665
# Reference: http://www.malware-traffic-analysis.net/2018/01/04/index.html

etybh.com

# Reference: https://twitter.com/JAMESWT_MHT/status/843829412370046977

45.125.17.15:443

# Reference: https://medium.com/@Sebdraven/chineses-actor-apt-target-ministry-of-justice-vietnamese-14f13cc1c906

nicetiss54.lflink.com

# Reference: https://blog.talosintelligence.com/2019/06/threat-roundup-0607-0614.html (# Win.Trojan.Gh0stRAT-6993126-0)
# Reference: https://otx.alienvault.com/pulse/5d074c94248332bdb80099af

278267882.f3322.org
850967012.f3322.org
a3328657.f3322.org
a678157.oicp.net
cfhx.f3322.org
ddos-cc.vicp.cc
guduyinan.gnway.com
guduyinan.gnway.net
jie0109.hackxd.net
linchen1.3322.org
q727446006.gicp.net
touzi1616.com
xm974192128.3322.org
xueyang22.gicp.net
y927.f3322.org
zy520.f3322.org
sweety2001.dating4you.cn
paleb.no-ip.org
honeypus.rusladies.cn
marina99.ruladies.cn
youwave932.no-ip.biz
x.93ne.com
ns1.helpchecks.at
ns1.helpchecks.by
ns1.helpchecks.com
ns1.helpchecks.eu
ns1.helpchecks.info
ns1.helpcheck1.com
ns1.helpcheck1.net
ns1.helpcheck1.org
mskgh.ddns.net
yeswecan.duckdns.org
sabridz.no-ip.biz
mskhe.ddns.net
karem.no-ip.org
cdn.zry97.com
dmar-ksa.ddns.net
alkhorsan2016.no-ip.biz
amiramir.noip.me
katarinasw.date4you.cn

# Reference: https://blog.talosintelligence.com/2019/07/threat-roundup-0712-0719.html (# Win.Trojan.Gh0stRAT-7059563-0)

79575465.f3322.net
chhacke.win
cx820329965.f3322.net
e2.luyouxia.net
guxiaosen.f3322.net
labixiaoxin.e2.luyouxia.net
mf123.f3322.net
mingyemo.3322.org
yaoyao.f3322.net

# Reference: https://blog.talosintelligence.com/2019/07/threat-roundup-0719-0726.html (# Win.Dropper.Gh0stRAT-7073937-0)

1321.f3322.org
254143.f3322.net
53ca.meibu.net
feng12763.3322.org
jwl520.xicp.net
pass.5sfox.com
pzss.f3322.org
pzss.foxdos.cc
separa.f3322.org
wfs2015.f3322.net

# Reference: https://twitter.com/P3pperP0tts/status/1157179581348163584

haohai.ddns.net

# Reference: https://twitter.com/dcTavvy/status/1168906154602373122

154.221.22.25:8080
