# Copyright (c) 2014-2019 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.fireeye.com/blog/threat-research/2017/05/threat-actors-leverage-eternalblue-exploit-to-deliver-non-wannacry-payloads.html

hackqz.f3322.org
120.209.40.157:8880

# Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Nitol-P/detailed-analysis.aspx

dingtao333.3322.org

# Reference: https://twitter.com/securiteoff/status/739574861543149568
# Reference: https://www.virustotal.com/gui/file/20d841afa96e58fb7d2b4c5e8bb25d07ff36e25bbb14fc176f3f46c650cb016e/detection

feng12763.3322.org
qlsb.f3322.net

# Reference: https://twitter.com/P3pperP0tts/status/1153026768590258179

520yxsf.com

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2012/2012-04-19-digging-into-the-nitol-ddos-botnet/digging-into-the-nitol-ddos-botnet.csv

aisini1314.3322.org
bcl5736120.3322.org
ccddos.net
erwbtkidthetcwerc.com
fangqi.6600.org
fangqi.7766.org
fuck0313.6600.org
guangkuo119.3322.org
kankan902.3322.org
ksattack.6600.org
maguss.3322.org
maple110.3322.org
mybaccy.3322.org
rterybrstutnrsbberve.com
rvbwtbeitwjeitv.com
sousou123.3322.org
xin9liao.gnway.net
xinxin168.3322.org
xiong97.3322.org
yezi999.3322.org
ylddos.3322.org
zwx5060.3322.org

# Reference: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/tale-of-the-two-payloads-trickbot-and-nitol/
# Reference: https://github.com/AlienVault-OTX/Threat-Trends/blob/master/MaliciousDomains_UmbrellaRanking.csv

e.googlex.me

# Reference: https://twitter.com/pancak3lullz/status/748172641131847681
# Reference: https://www.virustotal.com/gui/ip-address/110.173.30.68/relations

110.173.30.68:1111
110.173.30.68:1150
110.173.30.68:1380
110.173.30.68:1472
110.173.30.68:2013
110.173.30.68:2014
110.173.30.68:6666
110.173.30.68:8080
110.173.30.68:8085
110.173.30.68:8089
xiaoaolong.f3322.org

# Reference: https://twitter.com/pancak3lullz/status/744918444265578496
# Reference: https://www.virustotal.com/gui/file/a2d02236c2a9684310d95d5a98734d17d226da16607f98903e0a5f9d62298521/detection
# Reference: https://www.virustotal.com/gui/file/40ac46478014d0a89f787c25dd380424b0e16913bd5ff03db90c32b75aa10c35/detection

173.254.236.5:8900
45.34.191.179:8900
119.147.145.218:8511
wx137672811.f3322.net

# Reference: https://twitter.com/pancak3lullz/status/740562923639046146
# Reference: https://www.virustotal.com/gui/file/e39a3ca5574dfba2bd29a71b933c9bf22633baad10c7fcac5abbc700e5b8f175/detection

183.60.202.97:1993
longge520.f3322.net
qlsb.f3322.net

# Reference: https://twitter.com/pancak3lullz/status/739878964064194560

aabao.top
a.aklianfa.com

# Reference: https://www.virustotal.com/gui/domain/leiyan.hk/relations

leiyan.hk

# Reference: https://twitter.com/pancak3lullz/status/739573412973150208

zhaojinyi5045.f3322.org
