# Copyright (c) 2014-2019 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.virustotal.com/#/ip-address/185.10.68.163
# Reference: https://twitter.com/luc4m/status/1044148790008205312

/miner.sh
/scanner.sh
/worlswest.sh
/bruteforce_ssh
/bruteforce_ssh_386
/bruteforce_ssh_arm
/tcpconnect_zmap_386
/tcpconnect_zmap_arm

# Reference: https://twitter.com/bad_packets/status/1127110083429654528

r00ts.online

# Reference: https://twitter.com/bad_packets/status/1127450801834680320

104.128.230.16:8000

# Reference: https://www.fortinet.com/blog/threat-research/closer-look-satan-ransomwares-propagation-technics.html

/conn32
/conn64

# Reference: https://twitter.com/ankit_anubhav/status/1132974251194011648
# Reference: https://twitter.com/0xrb/status/1133055807572959232

nadns.info
222.186.15.231:5555

# Reference: https://twitter.com/bad_packets/status/1133534604030169088

185.239.226.167:8480

# Reference: https://twitter.com/ankit_anubhav/status/1133682276045164544

cyberium.xyz

# Reference: https://twitter.com/smii_mondher/status/1134068251951083521

http://54.37.70.249

# Reference: https://twitter.com/bad_packets/status/1134920520644714496
# Reference: https://twitter.com/bad_packets/status/1140065934926684162

45.79.9.153:8000
110.40.14.13:8000

# Reference: https://twitter.com/bad_packets/status/1135623419670646784

216.176.179.106:9090

# Misc.

http://173.212.214.137
http://46.22.220.21
45.32.200.190:443
85.25.84.99:443

# Reference: https://otx.alienvault.com/pulse/5d020fb5a91466d30ad51fa2

146.185.171.227:443
5.255.86.129:3333
/.satan
/.x15cache

# Reference: https://twitter.com/P3pperP0tts/status/1140335879493492737

qqxh888.785sou.xyz

# Reference: https://twitter.com/P3pperP0tts/status/1140528607766466560

hjghj.cn

# Reference: https://twitter.com/P3pperP0tts/status/1140927899824005125

154.218.1.63:9

# Reference: https://nvd.nist.gov/vuln/detail/CVE-2019-10149
# Reference: https://github.com/bananaphones/exim-rce-quickfix
# Reference: https://habr.com/ru/company/first/blog/455636/ (Russian)
# Reference: https://www.cybereason.com/blog/new-pervasive-worm-exploiting-linux-exim-server-vulnerability
# Reference: https://twitter.com/bad_packets/status/1140719767961001984

# Aliases: CVE-2019-10149, CVE-2019-1003029

an7kmd2wp4xo7hpr.tor2web.io
an7kmd2wp4xo7hpr.tor2web.su
an7kmd2wp4xo7hpr.onion.sh
http://185.10.68.193
http://185.162.235.211

# Reference: https://twitter.com/P3pperP0tts/status/1145813992297914368

58.218.66.92:520

# Reference: https://twitter.com/360Netlab/status/1146269649887272960
# Reference: https://www.virustotal.com/gui/file/6756d024d005e926370298882dc358c1c3129db62e0d097085d9e8286ee77d10/detection
# Reference: https://twitter.com/huiwangeth/status/1147024047798046720

bruhitsnot.cf
emptiness.web2tor.cf
emp.web2tor.cf

# Reference: https://twitter.com/ankit_anubhav/status/1147172115516293121
# Reference: https://twitter.com/Jouliok/status/1143947867910004742

222.186.52.155:21541

# Reference: https://twitter.com/0xrb/status/1147447320595685376

/s1g3.sh
