forked from stamparm/maltrail
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ammyyrat.txt
106 lines (64 loc) · 2.99 KB
/
ammyyrat.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission
# Reference: https://twitter.com/avman1995/status/1052467368851636225
msboxoffice.com
# Reference: https://twitter.com/Jan0fficial/status/1121738294277169152
# Reference: https://app.any.run/tasks/b50aa97f-0dc2-4515-99e4-942030cc687c
# Reference: https://www.virustotal.com/gui/domain/rl.ammyy.com/details
# Reference: https://www.virustotal.com/gui/ip-address/209.239.123.75/relations
209.239.123.75:443
rl.ammyy.com
# Reference: https://twitter.com/James_inthe_box/status/1067100582152876032
# Reference: https://app.any.run/tasks/fb0e8309-59a9-4c15-9c07-44c99967970c
office365id.com
# Reference: https://twitter.com/James_inthe_box/status/1067806790182625280
office365homedep.com
# Reference: https://twitter.com/pollo290987/status/1004729116833218560
thespecsupportservice.com
# Reference: https://twitter.com/hexlax/status/988881472403763200
169.239.129.38:443
# Reference: https://twitter.com/anyrun_app/status/1095559956429004801
# Reference: https://app.any.run/tasks/d6de545d-f1fd-4db9-a04e-1ecb2c53a357
update365office.com
# Reference: https://twitter.com/James_inthe_box/status/1134032089383297027
79.141.168.132:80
# Reference: https://twitter.com/VK_Intel/status/1135497995351449600
# Reference: https://www.virustotal.com/gui/file/c76e57800aa901071a462a0fe0bb5dddb6433cba5cf2cc26337dc10625409d51/behavior/VirusTotal%20Cuckoofork
185.117.89.130:80
# Reference: https://twitter.com/James_inthe_box/status/1138411458830655488
185.117.89.139:80
# Reference: https://twitter.com/VK_Intel/status/1141437268349083649
149.154.157.229:80
# Reference: https://twitter.com/VK_Intel/status/1142292041189273600
169.239.128.185:80
# Reference: https://twitter.com/James_inthe_box/status/1121111654899388417
169.239.128.119:80
# Reference: https://twitter.com/VK_Intel/status/1144618818494447616
94.156.133.185:80
# Reference: https://twitter.com/malware_traffic/status/1019300011396517891
t69c.com
# Reference: https://tccontre.blogspot.com/2019/07/interesting-com-object-abused-by.html
54.38.127.28:80
# Reference: https://asec.ahnlab.com/1242
# Reference: https://otx.alienvault.com/pulse/5d39d735d1f1f7e30a26b767
# Reference: https://twitter.com/VK_Intel/status/1154452221255278593
# Reference: https://www.virustotal.com/gui/file/3a79c6de1954d53bce81924e0bd2cbd5906005b2a87458320ca4c72fbd5c6f54/detection
# Reference: https://blog.alyac.co.kr/2437 (Korean)
http://139.180.195.36
http://169.239.128.36
http://27.102.70.196
http://45.67.229.36
http://92.38.135.67
# Reference: https://twitter.com/James_inthe_box/status/1159149234974625793
http://109.94.209.91
http://45.84.0.82
# Reference: https://www.virustotal.com/gui/file/cb114123ca1c33071cf6241c3e5054a39b6f735d374491da0b33dfdaa1f7ea22/detection
http://185.117.89.145
http://54.38.127.28
# Reference: https://twitter.com/hexlax/status/988881472403763200
untorsnot.in
# Generic trail
/date1.dat
/duo.dat
/uno.dat
/dat3.omg