185.14.31.9 # ROVNIX loader 61.67.114.73 # Regin 202.71.144.113 # Regin 203.199.89.80 # Regin 194.183.237.145 # Regin 94.23.58.217 # SoakSo 5.9.188.148 # Dridex - http://securityblog.s21sec.com/2014/11/dridex-learns-new-trick-p2p-over-http.html 46.4.232.200 # Dridex 37.1.208.21 # Dridex 108.61.198.191 # Dridex 188.40.240.20 # Dridex 37.1.215.144 # Dridex 188.116.40.35 # Dridex 80.79.114.72 # Dridex 78.140.164.160 # Dridex 54.84.136.229 # Dridex 130.209.101.62 # Dridex 209.54.58.186 # Cridex - http://stopmalvertising.com/malware-reports/analysis-of-dridex-cridex-feodo-bugat.html 91.121.162.48 # Cridex 89.31.144.214 # Cridex 89.188.121.106 # Cridex 72.249.190.70 # Cridex 50.56.200.226 # Cridex 212.111.1.212.226 # Cridex 194.28.132.33 # Cridex 173.203.208.139 # Cridex 5.135.28.118 # Cridex 37.187.156.123 # Cridex 62.76.44.174 # Cridex 46.165.241.0/24 # Cridex 80.94.160.129 # Dridex - http://stopmalvertising.com/spam-scams/fake-bh-live-e-tickets-for-peter-pan-lead-to-dridex.html 92.222.46.165 # Dridex 108.166.70.44 # Dridex 130.153.198.148 # Dridex 184.106.64.151 # Dridex 188.226.255.127 # Dridex 87.248.244.72 # Dridex 195.225.168.72 # Dridex 217.21.42.239 # Dridex 74.53.91.100 # Dridex 80.240.137.88 # Dridex 82.194.167.2 # Dridex 203.131.222.102 # US_CERT TA14-353A: Targeted Destructive Malware 217.96.33.164 # US_CERT TA14-353A 88.53.215.64 # US_CERT TA14-353A 200.87.126.116 # US_CERT TA14-353A 58.185.154.99 # US_CERT TA14-353A 212.31.102.100 # US_CERT TA14-353A 208.105.226.235 # US_CERT TA14-353A 198.252.73.124 # Zeus - http://blog.phishlabs.com/one-man-operation-leverages-phishing-and-browser-alerts-to-distribute-new-variant-of-zeus-banking-trojan 95.211.20.182 # Zeus 5.196.41.3 # http://www.cyphort.com/isc-org-infected/ 95.211.226.158 93.179.68.167 149.12.71.2 # http://securelist.com/blog/research/68750/equation-the-death-star-of-malware-galaxy/ 190.242.96.212 190.60.202.4 195.128.235.227 195.128.235.231 195.128.235.233 195.128.235.235 195.81.34.67 202.95.84.33 203.150.231.49 203.150.231.73 210.81.52.120 212.61.54.239 41.222.35.70 62.216.152.67 64.76.82.52 80.77.4.3 81.31.34.175 81.31.36.174 81.31.38.163 81.31.38.166 84.233.205.99 85.112.1.83 87.255.38.2 89.18.177.3 103.41.124.0/24 # https://www.fireeye.com/blog/threat-research/2015/02/anatomy_of_a_brutef.html 103.25.9.228 103.25.9.229 179.111.212.221 # http://vulnerabledisclosures.blogspot.ca/2015/03/large-botnet-exposed.html 81.149.12.77 89.156.44.210 38.108.61.227 37.110.214.124 86.126.135.242 80.82.64.201 112.211.182.241 125.62.97.218 95.31.88.21 37.139.6.7 # http://vulnerabledisclosures.blogspot.ca/2015/02/theory-utilizing-porn-sites-to-infect.html 80.82.65.0/24 # http://blog.trendmicro.com/trendlabs-security-intelligence/newposthings-has-new-pos-things/ 80.82.65.112 # Blocking full /24 for good measure 91.121.87.188 62.68.96.173 192.10.10.1 5.39.88.204 80.82.65.23 85.143.217.196 # http://blog.fox-it.com/2015/04/07/liveblog-malvertising-from-google-advertisements-via-possibly-compromised-reseller/ 62.76.44.174 174.36.217.82 85.143.217.196 87.236.215.246 # http://www.securityweek.com/russia-linked-hackers-used-two-zero-days-recent-targeted-attack-fireeye 62.76.177.179 # https://blog.sucuri.net/ (Magento ShopLift in the Wild) 185.22.232.218 217.71.50.57 # https://www.recordedfuture.com/lizard-squad-analysis/ 5.39.90.132 198.100.144.122 194.54.81.162 # http://www.welivesecurity.com/wp-content/uploads/2015/04/mumblehard.pdf 194.54.81.163 194.54.81.164 194.54.81.165 194.54.81.166 184.106.208.157 50.28.24.79 67.221.183.105 195.242.70.4 151.236.11.167 # http://blogs.cisco.com/security/talos/poseidon 185.13.32.132 185.13.32.48 31.184.192.196 91.220.131.116 91.220.131.87 185.82.216.86 # http://malware.dontneedcoffee.com/2015/05/an-exploit-kit-dedicated-to-csrf.html 217.12.202.93 37.139.50.45 85.17.142.21 # http://community.websense.com/blogs/securitylabs/archive/2015/06/10/large-malvertizing-campaign-leads-to-angler-ek-amp-bunitu-malware.aspx 95.211.58.100 95.211.233.121 46.183.216.247 110.201.214.114 110.201.5.111 31.173.52.225 85.17.142.21 80.242.123.211 # http://documents.trendmicro.com/assets/GamaPOS_Technical_Brief.pdf 80.242.123.144 185.61.138.148 76.73.47.90 # http://www.welivesecurity.com/2014/10/08/sednit-espionage-group-now-using-custom-exploit-kit/ 223.25.233.248 # http://www.volexity.com/blog/?p=158 66.172.11.207 # http://www.isightpartners.com/2015/07/microsoft-office-zero-day-cve-2015-2424-leveraged-by-tsar-team/ 97.75.120.45 # https://www.f-secure.com/weblog/archives/00002822.html 58.80.109.59 198.200.45.112 # http://www.threatconnect.com/the-anthem-hack-all-roads-lead-to-china/ 142.91.76.134 192.199.254.126 46.166.160.41 # https://www.trustwave.com/Resources/SpiderLabs-Blog/RIG-Reloaded---Examining-the-Architecture-of-RIG-Exploit-Kit-3-0/ 49.143.192.221 # http://www.secureworks.com/cyber-threat-intelligence/threats/threat-group-3390-targets-organizations-for-cyberespionage/ 49.143.205.30 66.63.178.142 67.215.232.179 67.215.232.181 67.215.232.182 72.11.141.133 72.11.148.220 74.63.195.236 74.63.195.237 74.63.195.238 96.44.177.195 96.44.182.243 96.44.182.245 96.44.182.246 103.24.0.142 103.24.1.54 106.187.45.162 192.151.236.138 192.161.61.19 192.161.61.20 192.161.61.22 208.115.242.36 208.115.242.37 208.115.242.38 46.30.41.159 # https://blog.team-cymru.org/2015/06/poseidon-and-the-backoff-pos-link/ 46.166.168.106 89.144.2.148 89.144.2.149 89.144.2.150 93.171.202.168 146.120.110.104 162.244.32.164 178.62.208.238 193.230.220.53 216.246.98.85 46.30.41.159 46.161.40.106 89.144.2.151 91.220.131.182 128.199.73.152 210.209.89.162 # http://research.zscaler.com/2015/08/chinese-cyber-espionage-apt-group.html 115.144.107.55 # https://heimdalsecurity.com/blog/security-alert-millions-exposed-internet-explorer-vulnerability/ 182.253.220.29 # https://securelist.com/blog/research/70504/the-mystery-of-duqu-2-0-a-sophisticated-cyberespionage-actor-returns/?utm_content=15857818&utm_medium=social&utm_source=twitter 186.226.56.103 93.171.205.64 # http://research.zscaler.com/2015/08/neutrino-campaign-leveraging-wordpress.html 185.44.105.7 197.251.168.227 # http://www.threatgeek.com/2015/08/good-malware-never-dies-alienspy-reborn-as-jsocket-1.html 198.91.81.2 98.126.67.114 # http://researchcenter.paloaltonetworks.com/2015/09/musical-chairs-multi-year-campaign-involving-new-variant-of-gh0st-malware/ 68.68.105.174 98.126.121.202 173.254.223.24 192.52.166.115 # https://securelist.com/blog/research/72283/gaza-cybergang-wheres-your-ir-team/ 131.72.136.28 109.200.23.207 131.72.136.124 66.155.23.36 172.227.95.162 162.220.246.117 162.220.246.117 192.253.246.169 192.99.111.228 192.52.167.125 185.33.168.150 198.105.117.37 185.45.193.4 198.105.122.96 131.72.136.11 131.72.136.171 84.200.17.147 166.62.28.107 # http://www.scmagazineuk.com/googles-adwords-have-been-hijacked-by-crooks/article/441894/ 192.126.126.64 # http://blog.malwaremustdie.org/2015/09/mmd-0042-2015-polymorphic-in-elf.html 107.160.40.9 210.92.18.118 # http://blog.malwaremustdie.org/2015/09/mmd-0042-2015-hunting-mr-black-ids-via.html 222.186.34.220 24.33.131.116 # https://www.proofpoint.com/us/threat-insight/post/Dyreza-Campaigners-Sights-On-Fulfillment-Warehousing-Industry 24.148.217.188 27.109.20.53 37.57.144.177 42.47.213.123 45.64.159.18 46.174.237.115 63.248.156.246 65.33.236.173 67.207.229.215 67.221.146.67 67.221.146.107 67.221.147.66 67.221.147.103 67.221.156.105 67.221.156.165 67.221.156.216 67.221.195.6 67.222.201.61 67.222.201.222 68.70.242.203 69.9.204.114 69.27.57.164 69.144.171.44 72.175.10.116 72.230.82.80 73.38.228.117 77.48.30.156 78.8.9.55 78.8.174.25 78.72.233.105 78.108.101.67 82.100.4.60 82.115.76.211 82.160.64.45 83.241.176.230 84.54.191.170 85.135.104.170 87.249.142.189 89.140.63.207 89.161.51.115 89.174.116.76 89.239.120.43 91.232.45.40 91.232.45.149 91.238.241.26 91.239.244.187 91.246.105.164 94.40.82.66 94.141.130.9 103.230.220.8 109.86.226.85 109.87.63.98 109.199.11.51 112.133.203.43 114.30.73.130 115.119.250.245 142.47.213.123 150.129.48.147 150.129.49.11 150.129.49.139 150.129.49.162 173.185.166.94 173.216.247.74 173.248.31.6 173.252.48.79 173.252.50.124 176.101.135.103 176.120.201.9 180.233.123.210 181.112.153.202 181.174.91.90 184.190.64.35 185.74.84.55 185.89.64.160 186.46.142.66 186.68.94.38 188.120.194.101 188.125.38.100 188.255.154.180 193.189.77.76 194.28.191.245 195.117.104.102 195.154.105.117 195.154.106.76 195.191.34.245 197.149.90.166 197.210.199.21 203.115.103.27 203.129.197.50 206.116.171.216 206.123.58.42 206.123.60.93 206.222.25.58 208.117.68.78 208.123.135.106 209.27.49.117 212.109.179.197 212.182.101.2 213.92.138.154 213.92.204.37 216.57.165.182 217.12.202.99 188.40.106.84 # http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-operation-arid-viper.pdf 188.40.75.132 188.40.81.136 192.254.132.26 54.255.143.112 182.62.211.45 # Foxit Ponmcup - A giant hiding in the shadows v1.1 November, 30, 2015 185.17.184.249 214.66.10.71 217.23.3.243 217.23.3.244 217.23.3.249 232.187.207.67 26.252.164.23 28.16.103.211 62.212.68.230 78.109.28.248 78.109.28.249 78.109.28.250 85.17.133.193 85.17.133.194 89.172.227.240 93.115.88.220 95.211.240.193 95.211.240.194 45.63.13.175 # https://blog.malwarebytes.org/malvertising-2/2015/12/spike-in-malvertising-attacks-via-nuclear-ek-pushes-ransomware/ 104.131.212.117 31.184.192.206 # http://www.threatgeek.com/2015/12/the-many-paths-to-angler.html 31.184.192.197 31.184.192.216 31.184.192.202 85.143.220.153 85.143.217.31 85.143.219.167 85.143.220.95 85.143.216.253 85.143.220.44 85.143.220.18 85.143.219.200 85.143.220.109 85.143.217.50 85.143.219.77 85.143.219.65 85.143.219.232 85.143.219.163 178.33.200.161 188.227.74.75 188.227.19.86 85.143.217.191 212.116.121.51 46.161.2.73 185.104.8.50 5.9.212.53 # http://researchcenter.paloaltonetworks.com/2015/12/proxyback-malware-turns-user-systems-into-proxies-without-consent/ 5.79.85.212 46.38.51.49 46.165.193.67 46.165.222.212 46.165.223.193 62.75.255.52 69.64.32.110 85.17.30.89 91.121.193.50 91.185.215.137 93.189.40.164 93.189.42.9 93.189.42.43 104.238.173.238 108.59.9.15 185.72.244.171 185.72.246.23 194.247.12.11 194.247.12.49 213.229.102.157 217.172.179.88 14.4.0.0/15 # http://www.spamhaus.org/news/article/726/verizon-routing-millions-of-ips-for-cybercrime-gangs 14.6.0.0/15 42.128.0.0/12 42.160.0.0/13 42.168.0.0/13 43.250.64.0/22 103.41.180.0/22 116.129.0.0/16 116.132.0.0/15 116.136.0.0/15 116.138.0.0/15 116.140.0.0/15 116.142.0.0/15 116.148.0.0/15 116.150.0.0/16 116.152.0.0/15 116.156.0.0/14 116.160.0.0/14 116.164.0.0/14 116.168.0.0/15 116.179.0.0/16 116.184.0.0/13 120.46.0.0/15 120.48.0.0/15 155.40.0.0/16 192.185.21.183 # https://heimdalsecurity.com/blog/security-alert-exploit-kits-activity-spike-packs-improved-payloads-new-servers-predilection-flash-player/ 78.24.220.229 # https://heimdalsecurity.com/blog/security-alert-fileless-kovter-teams-modular-corebot-malware-irs-spam-campaign/ 213.136.92.111 # http://research.zscaler.com/2016/01/yet-another-signed-malware-spymel.html 188.138.68.30 # https://blog.malwarebytes.org/malvertising-2/2016/01/malvertising-campaign-via-pop-under-ads-sends-cryptowall-4/ 93.190.143.110 # http://www.talosintel.com/angler-exposed/ 93.190.138.162 95.211.162.166 # http://www.talosintel.com/files/additional_resources/angler_exposed/sept_ips_final.txt 104.207.130.65 104.238.185.98 104.238.191.3 104.45.9.15 108.61.177.149 109.234.38.86 144.76.143.121 144.76.172.201 148.251.98.68 151.80.201.165 185.117.72.109 185.117.72.111 185.117.72.112 185.117.72.113 185.117.72.114 185.49.68.102 185.49.68.136 185.77.129.140 185.77.129.142 185.77.129.180 185.77.129.183 185.77.129.192 185.77.129.216 185.77.129.224 185.77.129.244 185.82.200.117 185.82.200.225 188.120.226.224 188.120.226.226 188.120.236.206 188.120.236.212 188.120.236.228 188.120.242.147 188.120.243.138 188.120.247.192 188.138.105.124 188.138.57.179 188.138.57.73 188.138.70.112 188.227.16.107 188.227.19.72 198.204.226.244 198.204.226.245 198.204.226.246 207.182.129.154 207.182.129.158 207.182.130.187 207.182.130.188 207.182.130.189 212.109.219.39 212.116.121.142 212.116.121.168 212.116.121.69 212.116.121.88 31.148.220.164 31.148.220.168 31.148.220.169 31.148.220.175 31.148.220.181 31.148.220.182 31.148.220.185 31.148.220.191 31.148.220.234 37.220.14.235 45.32.237.204 45.40.133.180 46.165.199.230 46.165.223.160 46.165.247.178 46.165.247.179 46.28.55.116 5.63.150.138 51.254.116.93 52.11.202.209 62.109.13.72 62.109.14.87 62.109.28.111 62.109.5.12 62.109.8.231 62.75.203.106 64.79.70.202 64.79.70.203 64.79.70.204 64.79.70.205 64.79.70.206 64.79.87.170 64.79.87.171 64.79.87.174 66.199.240.244 74.63.253.82 74.63.253.83 74.63.253.84 82.146.34.94 82.146.43.174 85.17.15.33 85.17.214.61 85.25.102.3 85.25.104.142 85.25.104.153 85.25.43.230 85.25.79.185 85.25.79.186 85.25.79.187 85.25.79.188 86.105.235.18 86.105.235.44 86.105.235.56 86.105.235.60 86.105.235.81 86.105.235.96 87.117.226.14 92.63.101.211 93.115.240.158 95.211.104.193 # http://www.talosintel.com/files/additional_resources/angler_exposed/july_ips.txt 5.1.82.186 5.79.85.235 5.79.85.241 5.79.85.242 5.135.16.205 5.196.183.76 5.196.183.77 45.34.75.102 45.64.105.43 46.4.213.132 46.4.213.133 62.109.13.130 62.109.14.244 62.109.15.242 62.109.24.231 62.109.30.119 62.109.30.123 62.109.30.124 63.143.53.46 64.79.70.148 69.162.64.154 69.162.64.155 69.162.64.156 69.162.64.158 69.162.66.70 69.162.73.90 69.162.73.91 69.162.73.92 69.162.73.93 69.162.73.94 69.162.76.35 69.162.76.36 69.162.76.38 69.162.86.34 69.162.86.36 69.162.86.37 69.162.86.38 69.162.89.27 69.162.89.28 69.162.89.29 69.162.89.30 69.162.90.107 69.162.90.108 69.162.112.181 69.162.112.182 69.162.116.123 69.162.116.124 69.162.116.125 69.162.116.126 69.162.116.253 69.162.116.254 74.63.217.218 74.63.217.219 74.63.217.220 74.63.217.221 74.63.217.222 74.63.237.178 74.63.237.179 74.63.237.180 74.63.237.181 74.63.237.182 78.46.252.108 78.46.252.109 78.46.252.110 82.146.39.182 82.195.144.49 85.17.72.3 85.17.72.4 85.17.72.5 88.198.54.212 92.63.103.178 92.63.103.179 94.131.14.33 94.131.14.34 94.131.14.35 94.131.14.36 94.131.14.37 94.250.248.138 104.238.189.68 104.238.189.212 128.199.188.214 136.243.96.94 136.243.210.198 136.243.211.78 148.251.49.239 148.251.133.230 148.251.167.52 148.251.167.57 148.251.167.60 148.251.167.62 148.251.167.97 148.251.167.98 148.251.167.99 148.251.167.100 148.251.167.102 148.251.167.104 148.251.167.105 148.251.167.106 148.251.167.107 173.0.51.81 173.244.164.54 176.9.35.148 176.9.245.138 176.9.245.139 176.9.245.140 176.9.245.141 176.9.245.142 178.63.173.165 178.63.173.166 185.43.220.56 185.43.223.162 185.43.223.163 185.43.223.164 185.43.223.165 185.48.56.76 185.48.57.64 185.48.57.105 185.48.58.51 185.48.58.52 185.48.59.76 188.120.232.41 188.120.232.46 188.120.233.175 188.120.236.58 188.120.236.59 188.120.247.21 188.120.247.117 188.120.247.161 206.190.134.188 206.190.134.189 206.190.134.190 207.182.159.219 209.190.51.210 209.190.51.212 209.190.51.213 209.190.51.214 213.136.76.36 216.144.244.147 216.144.244.148 216.245.209.2 216.245.209.4 216.245.209.5 216.245.209.6 216.245.213.138 216.245.213.139 216.245.213.141 216.245.213.142 216.245.218.27 216.245.218.28 216.245.218.29 216.245.218.30 # https://securelist.com/securelist/files/2016/02/KL_AdwindPublicReport_2016.pdf 103.25.58.218 199.255.138.38 199.255.138.43 204.152.219.120 204.152.219.70 204.45.207.49 204.45.207.53 212.7.208.71 212.7.208.86 212.7.208.88 212.7.218.136 213.184.126.142 213.208.129.204 213.208.129.211 213.208.129.218 213.208.129.220 213.208.152.218 216.107.152.237 216.185.114.219 216.38.2.192 216.38.2.216 216.38.8.189 23.105.128.147 23.105.128.148 23.105.131.155 23.105.131.188 23.105.131.209 23.227.196.198 23.227.196.207 23.227.199.118 23.227.199.121 23.227.199.72 23.231.23.182 31.171.155.72 46.151.208.242 46.20.33.104 46.20.33.76 5.187.34.231 5.254.106.208 5.254.106.251 5.254.112.21 5.254.112.24 5.254.112.36 5.254.112.56 5.254.112.60 5.79.79.67 5.79.79.70 50.7.199.164 51.254.21.25 67.215.4.74 67.215.4.75 67.215.9.231 67.215.9.232 67.215.9.235 69.65.7.141 79.172.242.87 79.172.242.97 91.236.116.105 91.236.116.136 94.156.219.237 95.140.125.35 95.140.125.37 95.140.125.46 95.140.125.62 95.140.125.76 95.140.125.85 # https://www.anomali.com/blog/three-month-frameworkpos-malware-campaign-nabs-43000-credits-cards-from-poi 45.63.71.150 # http://www.deependresearch.org/2016/02/jan-feb-2016-domains-associated-with.html 162.247.12.207 # https://www.fireeye.com/blog/threat-research/2016/03/treasurehunt_a_cust.html 91.232.29.83 179.43.160.34 # http://www.welivesecurity.com/2016/03/30/meet-remaiten-a-linux-bot-on-steroids-targeting-routers-and-potentially-other-iot-devices/ 185.130.104.131 185.130.5.201 185.130.5.202 # https://www.fireeye.com/blog/threat-research/2016/03/surge_in_spam_campai.html 188.138.88.184 31.41.47.37 5.34.183.136 91.121.97.170 # http://blog.talosintel.com/2016/04/nuclear-tor.html 188.166.27.134 # https://blog.sucuri.net/2011/03/brenz-pl-is-back-with-malicious-iframes.html 91.188.59.197 # Qbot https://resources.baesystems.com/pages/view.php?ref=39115&k=46713a20f9 162.144.12.241 181.224.138.240 188.227.16.59 188.227.18.185 193.111.140.236 46.30.43.188 46.30.43.213 50.87.150.203 69.195.124.60 85.25.210.196 # https://www.fireeye.com/blog/threat-research/2016/04/ghosts_in_the_endpoi.html 220.128.223.75 31.168.144.18 84.11.146.62 94.70.155.253 # https://www.fireeye.com/blog/threat-research/2016/04/new_downloader_forl.html 185.130.7.22 # http://blog.trendmicro.com/trendlabs-security-intelligence/locky-ransomware-spreads-flash-windows-kernel-exploits/ 202.102.110.204 # https://blogs.forcepoint.com/security-labs/jaku 101.99.68.5 43.252.36.195 103.13.229.20 27.254.44.207 202.142.223.144 27.254.96.222 27.254.55.23 27.254.96.223 202.150.220.93 91.44.233.77 # SAPHARUS-PC # http://threatglass.com/malicious_urls/popbest-net # https://malwr.com/analysis/ZTgzZjViMzI5OGQzNDc1ZDkwN2JjMjFlNjAyNTY5YTM/ 85.93.0.0/18 # http://malware-traffic-analysis.net/2016/05/09/index.html 185.118.66.154 82.141.230.141 104.193.252.241 162.244.34.11 188.138.105.185 # http://researchcenter.paloaltonetworks.com/2016/05/unit42-bucbi-ransomware-is-back-with-a-ukrainian-makeover/ 31.184.197.69 31.44.191.251 79.117.151.236 46.161.40.11 191.101.31.126 87.249.215.196 # https://www.proofpoint.com/us/threat-insight/post/Exploit-Kit-Deja-Vu 207.244.95.42 83.149.99.43 212.200.96.25 212.227.162.50 50.31.146.101 # https://www.proofpoint.com/us/threat-insight/post/cryptxxx2-ransomware-authors-strike-back-against-free-decryption-tool 217.23.13.153 # https://www.microsoft.com/en-us/download/details.aspx?id=51956 200.61.248.8 209.45.65.163 190.96.47.9 192.192.114.1 61.31.203.98 # https://twitter.com/Techhelplistcom 212.7.208.81 211.75.82.207 128.199.246.105 210.65.11.155 86.130.166.5 105.184.215.209 92.27.245.158 86.135.163.38 81.136.142.29 86.139.81.45 200.74.241.151 14.97.18.93 14.99.8.219 165.255.60.173 203.45.13.29 5.2.145.23 68.200.154.229 70.164.35.105 72.27.189.56 78.146.221.200 86.175.137.132 89.230.226.187 174.34.164.106 8.254.200.222 185.82.216.45 107.6.184.117 5.101.152.96 192.185.222.20 212.227.33.186 193.9.28.13 62.212.95.69 14.97.199.78 14.99.144.160 24.37.152.62 66.116.1.87 67.197.181.63 68.235.139.37 72.27.40.48 75.106.84.242 75.154.173.79 75.164.106.249 76.164.64.111 86.135.141.72 86.147.208.204 88.122.10.129 89.230.226.192 96.58.197.43 99.236.206.72 122.62.188.136 206.188.254.60 216.18.198.229 216.45.83.67 109.123.114.197 109.123.114.198 185.38.184.0/24 109.168.95.40 88.86.117.154 213.205.40.169 107.181.187.12 178.63.238.188 69.195.129.70 176.99.4.16 176.57.209.57 176.57.209.25 193.218.145.32 212.109.219.162 85.17.82.122 185.66.9.184 185.36.102.39 104.171.113.104 46.16.188.17 104.145.234.84 195.254.135.18 178.170.189.57 # 744922229217992705 91.217.90.125 195.42.183.110 91.186.0.4 # 745324269354131456 77.221.130.6 # 747493850638213121 81.177.140.141 82.140.32.172 192.186.246.134 195.208.0.136 195.208.1.146 198.54.115.218 207.210.108.162 210.171.0.30 216.218.93.172 217.172.226.2 210.171.0.30 # 747436111430057984 217.73.226.220 107.6.169.61 86.106.30.71 107.180.24.238 217.73.226.220 67.227.166.55 # 746043420918046720 144.76.19.241 217.28.218.223 # 746012349316816896 194.67.201.123 # 747850693294198784 178.57.216.22 92.53.126.72 178.57.216.22 91.203.5.144 91.230.211.84 92.53.126.72 176.114.1.205 185.31.162.63 37.1.202.5 # 948295014634917889 217.23.13.20 91.209.70.107 # 976587805848756224 104.168.177.9 # 996976272357183489 162.219.250.21 # 998778509408522241 # https://twitter.com/_operations6_ 185.141.25.108 178.63.238.185 51.254.181.120 212.109.219.31 204.11.58.39 14.156.32.77 118.179.198.66 80.68.177.153 178.254.62.11 93.170.253.80 168.227.171.254 112.140.176.15 77.232.66.157 46.30.46.218 149.255.62.53 194.58.121.186 196.41.123.34 # 742995019984994304 149.255.58.2 # 743399246112657408 104.255.35.102 # 743484787357278211 185.66.175.253 # 744823026135425024 85.93.0.0/24 # 744843960456257536 85.93.1.0/24 54.93.102.86 193.203.99.115 # 745622463132753920 91.219.29.41 195.114.0.86 81.169.145.159 195.114.0.86 184.168.143.94 # 745706140244258817 69.49.101.51 109.237.208.29 213.254.13.74 23.229.171.33 # 746330714765934592 80.109.240.71 93.170.123.219 # 748068104232665088 149.154.159.112 151.236.15.226 151.236.17.45 151.236.17.47 194.31.59.147 93.170.123.219 # 748134761999273985 149.154.159.125 151.236.17.45 # https://twitter.com/pancak3lullz 213.186.33.17 5.254.106.219 198.57.247.233 188.138.70.183 222.186.21.170 208.123.67.243 192.185.16.132 81.201.141.119 94.102.63.7 104.28.1.104 217.12.199.94 185.92.247.46 184.164.156.210 188.138.33.0/24 62.75.207.0/24 85.93.93.0/24 219.234.6.206 31.41.44.246 87.236.19.13 146.185.155.126 139.59.166.196 176.114.3.173 107.170.20.33 46.20.33.98 31.184.194.100 104.160.176.116 31.184.195.114 198.58.116.24 110.136.244.128 54.149.248.132 5.189.150.246 91.234.33.215 119.17.253.225 213.229.118.3 72.29.175.234 66.96.133.9 196.12.12.88 91.199.120.147 50.87.114.63 91.206.31.136 5.196.199.235 5.101.174.170 185.58.227.227 212.47.208.0/24 84.245.33.104 108.175.157.102 158.85.253.245 193.200.80.26 220.130.183.13 220.130.196.145 185.118.164.42 85.25.160.124 209.126.120.8 104.193.252.236 93.190.141.27 207.182.148.92 85.25.79.211 95.211.205.228 192.169.190.97 5.199.141.203 192.169.189.167 95.211.205.218 85.171.195.89 54.186.122.88 194.149.138.49 168.235.72.204 82.13.46.90 33.38.160.238 59.116.23.197 70.58.60.21 21.221.249.200 21.26.242.199 184.11.83.2 90.253.197.36 108.222.64.168 102.247.192.26 5.154.240.145 98.45.51.8 165.203.213.15 9.166.23.197 203.124.118.1 23.94.97.5 217.219.107.150 46.165.228.119 92.243.29.148 24.71.248.218 198.143.180.166 67.102.190.171 93.190.69.10 109.237.111.168 192.121.16.196 185.82.216.213 46.108.39.224 31.184.197.126 78.47.110.82 91.226.93.113 91.219.29.64 89.32.40.0/24 81.177.141.229 54.68.74.174 185.108.128.5 92.222.5.193 193.132.119.122 188.165.157.176 83.217.8.155 95.154.199.55 103.255.60.221 179.43.133.37 208.67.1.9 208.67.1.62 208.67.1.182 217.29.58.163 185.29.11.188 69.30.204.13 91.134.169.86 213.171.218.186 185.117.75.131 200.144.182.130 178.79.190.156 192.185.14.130 209.239.114.139 185.117.75.170 148.81.111.121 193.166.255.171 178.32.208.148 192.185.21.133 195.20.44.109 83.69.233.121 185.27.134.216 89.45.67.200 181.215.236.213 212.92.57.70 176.9.174.220 178.32.208.147 158.69.9.184 65.117.69.231 63.77.93.12 181.60.142.27 200.76.89.52 175.110.116.248 201.6.125.231 189.203.180.24 187.223.245.220 175.106.14.186 5.42.240.18 213.233.85.50 179.43.160.68 23.229.153.132 78.129.205.2 72.167.252.88 67.222.1.10 207.154.33.12 31.184.233.109 94.177.249.150 95.213.192.70 195.211.153.40 85.93.5.0/24 192.42.116.41 54.200.80.127 68.169.62.24 82.196.6.143 91.233.244.103 112.78.2.141 195.16.127.157 23.21.187.40 82.25.194.116 74.208.133.234 146.0.42.68 104.193.252.245 103.56.157.90 200.0.24.42 222.124.202.178 46.180.7.231 195.16.127.102 112.175.184.65 50.116.32.177 104.168.188.170 213.186.33.82 43.250.226.174 42.60.60.157 160.176.170.32 52.28.240.134 160.153.51.64 111.74.238.109 43.248.9.100 88.198.69.43 58.221.36.235 45.34.191.159 58.221.44.4 88.198.69.43 117.21.224.222 58.221.44.37 216.121.96.21 125.88.186.67 118.99.23.184 31.11.33.35 58.215.79.72 52.51.20.225 183.60.202.97 82.195.224.108 210.253.108.243 141.8.224.221 92.53.96.57 185.154.12.134 124.158.10.82 31.177.94.109 188.42.242.67 188.42.242.91 188.42.244.218 112.78.2.43 110.164.126.64 112.175.184.65 82.165.25.210 195.22.28.197 144.76.106.114 142.0.138.222 128.31.0.39 91.216.107.195 220.165.9.89 23.229.221.104 128.31.0.39 162.144.156.241 185.93.108.132 91.220.131.68 144.76.249.26 92.53.121.171 93.171.202.176 96.90.244.189 213.157.215.229 178.79.190.156 # 737325985327022080 50.116.32.177 173.230.158.166 183.61.165.228 # 743123575146586112 94.126.171.211 # 743116839689953280 185.27.134.171 # 744942079055376384 93.171.202.176 # 744928763012653058 185.20.186.51 # 745270229580800000 95.128.201.170 46.4.105.20 91.216.163.91 # 745266950486495232 217.146.69.1 # 745263747015540737 162.253.41.144 # 745619915336409088 204.16.169.2 162.253.41.87 141.6.226.14 216.244.80.92 # 745613248838270980 200.219.245.117 74.91.236.57 # 745685949259014147 213.226.246.120 # 745674128456192002 69.194.235.100 # 746821965801914368 89.42.39.67 # 746337709774430208 188.40.80.188 # 746402316316606464 160.153.35.5 64.31.54.150 # 746040971675131906 64.31.54.149 144.76.145.166 115.47.18.252 # 748153504615694338 88.86.120.181 # 748137296889675776 95.170.90.21 217.119.54.167 # https://www.proofpoint.com/us/threat-insight/post/abaddonpos-now-targeting-specific-pos-software 50.7.124.178 85.93.5.136 143.107.42.227 85.15.231.195 31.170.164.228 115.239.229.196 222.163.80.69 111.74.238.109 # https://malwr.com/analysis/YTAxZWUwOTcyZjhhNGJkMzg4OWJlZDczMWViMzE3NDQ/ 37.58.127.155 206.188.192.96 162.249.6.22 162.210.102.89 176.114.0.200 103.6.198.228 # http://malware-traffic-analysis.net/2016/05/12/index.html 69.162.126.171 144.76.82.19 # https://twitter.com/benkow_ 46.22.145.57 # 743054179418185728 67.205.10.59 # 743817815971536896 112.251.5.107 # 744815941624594432 95.46.98.221 # 747450303172206593 192.232.216.115 # 745988568112316416 193.232.55.194 # 747813034006020096 # https://blog.sucuri.net/2016/05/test0test5-com-redirect-hack-new-wave.html 199.48.227.25 # https://myonlinesecurity.co.uk/spam-malware-attached-picture-from-scanner-copier-at-your-own-email-address/ 81.88.48.79 # https://labs.opendns.com/2016/05/16/black-hat-2016-fast-flux-ssl-unique-popular-bulletproof-hosting-option-cyber-criminals/ 109.86.110.190 # https://twitter.com/MalwareKiwi 185.56.82.82 # https://twitter.com/ConradLongmore 37.130.229.96/28 209.190.96.232/29 138.201.162.164 85.93.0.0/24 80.82.64.0/24 188.165.157.176/30 45.63.25.106 # 743818662730170368 83.217.27.178 # 744840846822932480 217.12.223.88 # 747408709349941248 195.123.209.227 185.82.216.61 91.219.29.41 # 745915370402385921 217.12.223.88 195.123.209.227 193.203.99.111 195.208.0.136 212.46.196.141 93.170.123.219 # 748134670466949120 149.154.159.125 151.236.17.45 151.236.17.47 194.31.59.147 # https://www.virustotal.com/en/file/e6d3c977810949624807c50cdd732e4a08c0561ee3b3c857421933dcc2db7119/analysis/1463485866/ 125.212.220.11 # https://www.virustotal.com/en/file/5962c039820c882e22dac13f9ea74c1763f8c7a95cf3be69902379506385e7f2/analysis/ 103.230.189.210 46.249.199.87 50.63.60.96 68.169.148.133 74.92.81.105 86.139.85.163 86.149.0.206 # https://www.virustotal.com/en/file/070b7bd6fc066201724e854b79303c4963dd9d177b12b91d737b35d39b4efbcd/analysis/ 217.12.199.151 107.181.174.15 93.170.169.52 # https://www.virustotal.com/en/file/bd5c2b7f75f629436ac8458c7d994d5246f5537571c865dd3dde9cb1a9401193/analysis/1463417415/ 217.76.130.137 # https://www.virustotal.com/en/file/068c5a04584e0687bb57de1a3165f87dd9d9f4ef318eef6ef99eaa523dd7edce/analysis/ 79.96.153.93 176.53.21.105 # https://www.virustotal.com/en/file/b42121af9bab7b66bab495a97128170a7536d10707ed47896865dcfc60a568f5/analysis/1463505756/ 54.212.162.6 138.186.148.162 190.242.70.182 # https://www.virustotal.com/en/file/88bba2b3075c67a40a5b3f57e31ff52fbf82299e1983320998c686dd43e37838/analysis/1463514873/ 24.199.222.250 12.109.210.123 12.227.176.187 14.96.182.161 14.97.53.204 165.255.100.201 197.96.139.253 216.106.253.76 5.2.130.10 67.22.207.161 72.27.187.107 74.207.137.87 76.171.201.163 82.109.41.179 89.116.116.118 43.225.53.214 37.59.128.65 # http://www.nyxbone.com/malware/SkidLocker.html 23.227.199.83 23.227.199.175 # https://www.proofpoint.com/us/threat-insight/post/ransomware-explosion-continues-cryptflle2-brlock-mm-locker-discovered 93.170.168.60 # http://phishme.com/bolek-leaked-carberp-kbot-source-code-complicit-new-phishing-campaigns/ 141.105.69.251 160.202.168.105 191.101.239.161 217.28.218.217 45.30.53.96 46.32.254.136 50.125.238.102 52.74.127.205 64.235.33.221 93.111.155.134 # https://myonlinesecurity.co.uk/spam-malware-you-got-a-voice-message-whatsapp-delivers-locky/ 92.63.87.48 89.108.84.155 # https://isc.sans.edu/forums/diary/EITest+campaign+still+going+strong/21081 85.93.0.0/24 104.238.185.187 185.117.75.219 95.183.52.215 # https://virustotal.com/en/file/6133cc2d093c640753c2788cdea905963083d3861de7770fe332ad50eb4f7172/analysis/1463720462/ 162.250.191.61 # https://www.virustotal.com/en/domain/wifi-spreader.ilovecollege.info/information/ 109.18.250.24 # https://www.virustotal.com/en/file/c669e4b9da815fce109355c0052514513f9a27f8919eb1c61f080b421f0d6918/analysis/ 101.187.28.8 12.109.210.112 135.26.29.213 14.97.225.11 14.99.13.19 206.223.199.159 222.255.121.202 24.8.213.200 64.203.222.43 72.35.204.239 75.67.214.42 82.140.160.54 82.152.47.41 86.147.175.243 96.93.247.161 206.217.196.88 91.184.55.145 # https://www.proofpoint.com/us/threat-insight/post/In-The-Shadows?utm_content=buffera79ce&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer 185.66.10.57 # https://twitter.com/JAMESWT_MHT 198.105.221.6 166.62.10.226 199.175.48.94 200.98.146.115 90.156.241.111 37.1.192.81 62.75.196.125 185.68.16.81 93.174.90.117 113.10.243.78 23.229.128.32 212.92.97.33 69.172.201.217 37.140.192.169 94.140.120.170 91.180.105.209 86.106.93.230 92.169.82.86 105.112.42.98 46.165.208.108 86.106.93.230 185.141.25.74 92.53.122.16 46.188.81.206 87.117.201.6 192.185.214.24 5.9.253.171 37.140.192.110 143.95.93.32 80.85.84.72 46.165.221.166 76.26.203.243 194.109.206.212 78.46.55.227 176.58.106.242 178.16.208.60 89.46.104.46 89.45.10.191 167.114.17.37 92.53.125.158 69.65.17.35 131.72.137.174 186.202.127.132 192.185.183.82 70.39.250.162 200.118.252.93 181.52.252.32 93.104.215.155 216.113.194.65 200.63.101.103 103.13.97.199 # 743059628867657728 178.236.74.50 # 743023672122822656 103.241.147.124 # 743057509037019136 62.149.128.157 # 743471054065123328 91.134.150.148 104.28.27.94 97.74.4.191 # 743444054097170432 72.167.131.76 # 743455443045990400 104.168.189.222 # 743376640693133312 107.180.26.72 # 743752583819341824 192.185.0.218 # 744813673328185346 195.230.101.113 # 744837104820232192 192.185.88.86 # 744799560434778112 62.149.128.151 # 744810775861047296 178.170.123.35 # 745173844235673600 62.138.152.170 # 747377681092644864 45.34.81.11 # 747367438954684416 192.254.189.64 # 747363951143432192 217.223.170.163 # 747361785716563968 192.185.216.145 # 747347456736792576 173.247.248.50 # 747342227643346944 104.152.110.255 173.247.251.159 173.247.244.73 205.134.255.7 173.247.252.221 202.191.62.205 # 747336632722849792 27.121.64.87 # 747336389323173889 202.191.62.219 # 747332868121100289 52.28.101.64 # 747326372792537088 50.63.25.127 38.113.1.157 # 746368509517631488 205.144.171.114 67.23.253.165 # 746349615721680896 50.63.25.127 # 746294157329731584 192.185.216.13 # 746276773227270144 200.129.163.16 # 746263640718839808 205.144.171.139 195.208.4.197 # 746252791681802240 188.225.76.139 # 746246198034599936 81.177.23.38 # 745895538780934144 138.201.154.135 104.255.35.102 # 745885202568847360 46.242.145.99 # 748142844582436865 # https://twitter.com/x0rz 200.98.174.16 200.74.240.117 2.50.41.54 14.96.64.6 41.189.45.58 67.7.100.241 67.197.110.60 68.235.137.123 92.222.204.59 121.245.156.167 138.201.44.19 140.186.100.71 107.180.41.45 198.58.93.56 203.124.114.1 198.57.136.155 83.145.194.172 198.57.236.4 192.185.162.175 114.215.155.227 209.202.252.50 192.185.216.39 198.252.101.221 46.252.149.140 # 743099521933168643 116.0.20.77 # 743095694274244608 103.53.199.99 92.53.96.66 # 742997894450565121 192.169.82.86 # 743056956303216640 67.231.20.80 # 743785701314072581 74.201.86.28 # 745599444637331456 198.50.156.106 # 745579173511585792 107.180.44.223 # 747422851658092544 46.166.164.252 # 747352399027789825 123.30.132.171 # 746357129431375872 69.89.31.178 # 746279975066603520 162.254.207.74 # 746256330181255168 79.170.40.36 # 747805953156866049 (pdns) 79.170.44.77 79.170.44.78 79.170.44.90 79.170.44.97 79.170.44.117 176.32.230.6 217.199.187.193 217.199.187.197 104.31.78.178 # 748159303257890817 104.27.144.175 # https://twitter.com/PhysicalDrive0 174.127.112.103 # https://twitter.com/malware_traffic 91.134.206.131 98.158.184.27 188.227.17.83 45.32.181.201 172.98.199.100 108.167.188.125 # 743472000455188480 104.223.114.15 146.185.181.235 # 746697153838387201 136.243.126.122 # 746531397267918848 184.154.146.157 212.231.129.64 # 746119373010534400 108.163.224.94 # http://www.cyphort.com/teepr-com-yet-another-top-alexa-site-spreading-ransomware/?utm_content=buffer7b017&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer 217.23.6.40 # https://twitter.com/JaromirHorejsi 185.141.25.175 67.23.226.12 80.13.113.62 198.23.67.100 88.150.220.116 # 745249631609683968 208.97.176.242 # 745246981644255232 192.185.16.209 # 745987162768838656 185.45.193.36 # 745892893777334273 23.227.135.34 # 745885382307364864 74.208.147.184 # 747992449478332417 # http://blog.dynamoo.com/2016/05/phish-tnt-consignment-notification-via.html 87.106.178.108 # http://blog.dynamoo.com/2016/05/malware-spam-account-compromised.html 210.245.92.63 162.251.84.219 80.88.89.222 213.192.1.171 # http://blog.dynamoo.com/2016/05/malware-spam-please-find-attached-file.html 188.166.168.250 31.41.44.45 92.63.87.53 176.31.47.100 # http://blog.dynamoo.com/2016/05/malware-spam-i-have-attached-revised.html 188.127.231.124 31.184.197.72 92.222.71.26 149.202.109.202 # http://blog.dynamoo.com/2016/05/malware-spam-emailing-photo-05-11-2016.html 185.82.202.170 # http://blog.dynamoo.com/2016/05/malware-spam-as-promised-document-you.html 5.34.183.40 185.14.28.51 88.214.236.11 # https://securelist.com/analysis/publications/74828/cve-2015-2545-overview-of-current-threats/ 180.150.227.135 74.208.4.200 74.208.4.201 115.144.69.54 115.144.107.9 103.61.136.120 118.193.12.252 59.188.13.204 180.128.10.28 # http://phishme.com/paypal-customers-targeted-stealthy-html-attachment-phish/ 123.56.206.251 203.195.235.135 58.10.74.221 82.78.169.138 122.155.197.70 103.63.135.225 140.121.102.112 123.59.80.208 181.49.142.143 94.102.49.33 81.95.13.41 188.68.235.69 # http://blog.dynamoo.com/2016/05/malware-spam-weekly-report-please-find.html 138.201.93.46 91.200.14.139 164.132.40.47 # https://twitter.com/criznash 46.166.162.225 46.30.43.54 # http://blog.dynamoo.com/2016/05/malware-spam-urgent-delivery-jobin.html 104.131.182.103 # https://twitter.com/sudosev 122.10.90.110 # http://malware-traffic-analysis.net/2016/05/26/index.html 178.62.235.45 50.21.187.40 # https://twitter.com/malwrhunterteam 50.115.165.110 148.251.249.99 208.91.198.0/23 198.54.114.220 92.53.96.16 185.119.173.25 123.1.153.150 138.201.22.85 103.55.24.7 85.204.49.128 45.32.21.193 62.102.148.181 # 743840080373092352 213.152.162.99 109.163.226.153 95.211.229.148 31.171.155.48 176.107.177.210 89.207.130.43 # 744821552496050176 192.185.0.218 # 744816701322076160 192.64.78.11 216.170.122.130 81.138.132.221 46.119.127.129 185.31.19.193 54.230.46.166 63.245.213.44 31.170.164.118 54.231.17.57 107.180.3.136 203.189.232.57 131.72.137.174 192.185.183.82 185.46.120.234 5.55.114.2 188.0.236.7 185.116.215.205 166.62.10.144 # 743158107757477888 143.95.76.213 # 743772250344726528 89.207.130.43 # 744828919459643396 93.125.99.45 # 744870385523499008 89.111.176.132 50.63.202.55 # 747345842575577088 50.63.202.52 107.180.27.234 50.63.202.34 166.62.26.27 # 747351832964435971 # https://twitter.com/dvk01uk 69.90.193.5 198.58.93.28 # 745312768060882945 104.244.124.101 # 747338551868547072 82.223.243.43 # 746030709706416128 5.2.228.65 # 746014861927161856 192.186.209.5 # 745654656479666176 177.12.163.97 # 745486375206588416 162.251.81.210 # 747505923309056001 190.14.38.161 # 748185277114396672 158.69.193.61 # 748226759628316672 # https://blog.mxlab.eu/2016/05/26/new-javascript-malware-re-copy/ 188.93.229.73 # https://twitter.com/thedefensedude 5.152.199.70 37.140.192.214 46.102.232.140 69.16.243.28 79.98.24.9 81.19.186.131 85.9.56.193 85.17.87.153 89.146.221.106 94.73.146.179 101.0.77.74 103.7.8.45 104.131.101.154 108.179.252.59 125.212.248.6 149.202.49.120 166.62.27.59 166.62.28.104 166.62.28.112 176.223.121.193 177.70.27.149 177.185.192.136 188.116.19.98 188.166.41.182 188.241.117.134 191.101.152.144 192.163.252.46 192.254.189.252 195.208.1.161 202.52.146.56 210.48.153.240 217.160.230.183 217.198.115.56 91.218.89.74 188.165.157.176 208.73.210.214 184.168.221.1 89.31.72.177 64.69.219.91 185.14.56.96 149.115.19.219 64.124.16.204 27.254.33.31 50.87.144.196 142.4.60.226 103.6.198.219 94.73.146.80 23.229.189.110 144.76.82.6 204.232.192.84 94.73.151.190 160.153.77.2 123.242.226.30 46.226.47.21 91.239.232.79 187.17.111.104 109.248.33.212 216.55.149.9 # https://twitter.com/securityemploy 169.159.98.88 95.211.141.215 # http://malware-traffic-analysis.net/2016/05/27/index.html 109.95.159.1 # https://twitter.com/hasherezade 109.234.109.142 109.234.109.199 109.234.109.138 23.254.167.231 87.72.73.231 92.222.9.70 128.31.0.39 163.172.149.122 171.25.193.9 178.254.26.244 188.40.128.246 192.80.146.170 193.23.244.244 194.109.206.212 208.83.223.34 212.47.253.41 5.9.253.168 # https://twitter.com/Tears0fSky 90.7.200.200 92.142.115.63 # https://www.virustotal.com/en/file/40ea07c850897db3198c23eb2b2e056088f2325f2566b6dfb56678a093d5031b/analysis/1464372145/ 5.39.70.7 23.229.130.200 23.229.210.128 24.131.207.220 45.33.123.139 45.56.70.171 46.38.190.12 46.101.146.228 46.237.127.3 49.50.76.239 50.62.82.12 50.62.218.1 50.63.49.1 50.63.181.19 50.87.32.83 54.79.59.85 54.232.82.35 69.89.31.162 69.89.31.189 69.195.82.219 70.40.199.215 74.208.9.32 78.129.161.19 78.153.216.155 81.169.137.204 85.159.67.205 90.156.201.83 94.73.146.30 95.85.58.75 99.198.116.211 103.7.40.140 103.15.49.21 103.53.168.220 104.131.76.239 104.151.72.116 104.238.74.65 107.180.4.152 107.180.41.126 107.180.50.237 108.163.206.185 108.163.240.17 109.74.8.64 112.213.89.97 128.65.195.64 134.0.10.46 134.0.15.116 144.76.95.27 158.69.180.179 160.153.43.193 160.153.45.1 162.13.176.213 162.144.120.200 162.210.102.200 162.243.69.163 166.62.10.35 166.62.28.96 166.62.28.109 166.62.28.111 166.62.28.116 166.62.28.132 166.78.76.248 173.82.21.210 173.254.41.32 178.159.7.57 184.106.55.69 184.107.174.122 186.202.153.26 186.202.161.96 187.45.195.177 188.65.117.70 188.213.20.188 192.111.157.127 193.46.83.106 193.200.255.37 198.1.102.252 198.57.169.13 198.58.82.148 198.58.93.8 198.143.153.132 203.162.96.80 203.185.28.41 205.147.98.130 205.251.133.203 # https://www.virustotal.com/en/file/1f68fce7f92364a22ef3bc3d21e12924d2b5cc69106ef21fdf21bd9a4cb65d15/analysis/ 38.65.39.158 45.29.139.155 46.231.112.74 50.63.157.171 50.112.249.10 51.255.102.41 52.11.38.122 52.62.149.4 54.232.178.167 81.169.152.253 93.89.232.14 94.73.151.210 101.100.204.46 103.11.191.170 103.13.242.34 103.255.238.155 104.131.51.187 108.179.196.18 109.228.51.230 122.15.60.189 128.199.147.115 138.201.48.106 141.8.192.56 142.4.22.48 162.144.86.172 162.144.121.16 162.243.62.70 166.62.10.36 166.62.28.117 166.62.28.118 173.201.38.2 177.12.164.84 177.12.174.101 177.70.106.248 185.87.51.115 185.119.173.236 186.202.141.67 186.202.153.171 187.17.111.96 198.54.114.193 198.58.82.132 200.98.190.41 209.126.107.209 216.170.203.69 217.160.95.235 217.160.166.40 217.174.248.139 # https://heimdalsecurity.com/blog/torrentlocker-spoofs-telia-ransomware-attack/ 54.218.66.17 54.192.46.49 # https://twitter.com/peterkruse 103.208.86.7 185.44.105.210 5.34.183.158 # 745624354814304257 51.254.24.48 # 745916790761488384 217.12.223.88 116.0.23.213 # 745526664889663488 107.180.40.0/24 # 768031024672538624 93.190.139.196 # 949686336335831041 # http://malware-traffic-analysis.net/2016/06/01/index2.html 173.201.92.1 173.201.243.128 192.230.81.211 208.109.52.233 192.185.225.245 142.54.230.137 # https://twitter.com/GossiTheDog 61.67.218.137 83.166.243.206 # 1042810441897000961 103.253.25.201 145.249.104.238 5.188.87.10 # 1053312410046611459 # http://malware-traffic-analysis.net/2016/06/01/index.html 23.96.52.53 27.76.200.236 46.30.46.6 68.171.129.152 78.96.223.247 86.101.172.244 88.247.23.60 94.111.35.133 103.62.255.92 104.40.211.35 112.201.214.21 115.73.16.161 120.63.221.199 122.160.166.241 122.163.24.91 122.163.193.181 123.28.166.92 176.113.145.235 180.183.195.29 184.173.167.98 202.91.73.186 111.121.193.242 # https://twitter.com/bartblaze 103.208.86.18 69.30.210.254 # 748132592550092801 92.222.66.214 149.202.242.80 208.67.1.15 # https://twitter.com/demonslay335 158.69.241.183 # Mixed 172.99.89.199 185.53.179.8 # 743106570217623552 # https://www.proofpoint.com/us/threat-insight/post/cryptxxx-ransomware-learns-samba-other-new-tricks-with-version3100 85.25.194.116 # https://www.proofpoint.com/us/threat-insight/post/malicious-macros-add-to-sandbox-evasion-techniques-to-distribute-new-dridex?utm_content=buffere7dd2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer 173.254.28.35 23.239.206.87 192.186.204.105 93.170.141.22 45.32.246.100 45.32.149.66 142.126.57.60 154.58.222.139 206.114.64.228 70.212.173.116 96.3.53.77 14.99.114.250 14.97.218.67 82.120.94.63 68.238.144.42 # http://malware-traffic-analysis.net/2016/06/02/index.html 98.126.83.188 98.126.83.189 114.207.113.229 220.95.232.236 212.231.130.9 162.252.83.62 162.252.83.76 # https://www.virustotal.com/en/file/d378d1a2aae028e8aaa7640c79e7e3deda105f0f4f241f776617beb43ae1373f/analysis/ 85.25.214.50 103.198.0.2 # https://twitter.com/christianpanton 85.93.5.139 # https://twitter.com/_jsoo_ # https://www.virustotal.com/en/ip-address/206.72.199.201/information/ 206.72.199.201 # https://github.com/Daxda/malware-analysis/tree/master/malware_samples/LinuxNet_perlbot 173.208.245.170 146.0.36.68 217.172.189.70 5.9.152.208 75.127.10.40 78.46.59.13 # https://otx.alienvault.com/pulse/575579d7b1b78e0134101728 93.190.137.240 # https://otx.alienvault.com/pulse/575526aeb1b78e01341016c6 103.195.185.94 8.100.156.107 5.100.156.107 148.251.8.173 # http://malware-traffic-analysis.net/2016/06/06/index.html 45.32.183.118 67.215.187.94 5.200.55.117 104.238.171.123 # https://blog.fox-it.com/2016/06/07/linkedin-information-used-to-spread-banking-malware-in-the-netherlands/ 107.171.187.182 # https://twitter.com/malekal_morte 5.135.111.139 # 742279720927121408 193.169.194.168 # mixed 104.20.68.21 52.84.27.148 198.134.112.232 173.192.117.206 174.137.155.139 62.210.192.114 5.200.55.51 46.30.46.27 5.9.5.184 69.172.201.153 # 743071753379938304 91.134.161.58 # https://sonar.labs.rapid7.com/ 71.6.216.32/27 # https://www.proofpoint.com/us/threat-insight/post/cryptxxx2-ransomware-authors-strike-back-against-free-decryption-tool?utm_content=bufferce8cf&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer 217.23.13.153 # https://www.proofpoint.com/us/threat-insight/post/hancitor-ruckguv-reappear?utm_content=buffer19521&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer 192.185.48.154 198.57.151.22 187.45.195.17 81.88.48.78 94.73.151.90 # https://twitter.com/malm0u53 185.53.179.6 # 742321153163825152 139.129.174.148 # 741998595210129408 195.208.1.104 46.30.212.49 92.53.118.117 185.127.27.215 # 740455432263729152 62.213.79.112 155.94.243.59 95.213.135.226 # 739038055466733568 167.114.182.29 5.8.63.31 185.96.94.210 # mixed 37.140.192.237 133.48.156.209 121.193.89.201 183.234.242.168 76.185.173.111 209.174.233.25 53.1.70.40 93.72.171.255 157.165.6.183 23.155.252.153 72.167.53.101 95.46.99.8 46.8.255.106 185.109.144.122 155.94.243.59 37.140.192.199 80.93.54.37 92.53.112.201 # https://isc.sans.edu/forums/diary/Neutrino+EK+and+CryptXXX/21141 45.32.183.118 # https://otx.alienvault.com/pulse/575782996eb8c60135a9e3c6 213.136.85.203 5.189.151.14 82.192.81.129 91.109.22.107 91.134.177.136 87.236.215.113 # https://twitter.com/da_667 91.134.177.136 43.240.13.59 192.64.81.136 # https://blogs.mcafee.com/mcafee-labs/locky-ransomware-hides-under-multiple-obfuscated-layers-of-javascript/ # https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/26000/PD26383/en_US/McAfee_Labs_Threat_Advisory-Ransomware-Locky.pdf 195.22.28.196 195.22.28.198 # https://riskanalytics.com/Dark_Cloud_Network_Facilitates_Crimeware.pdf 109.229.27.208 109.229.11.81 178.214.176.42 91.196.54.239 159.224.34.90 213.231.28.222 37.229.107.205 80.242.97.69 212.87.182.133 # BBcan177 Mail Spam IOCs 37.187.67.27 52.38.192.140 69.94.151.29 77.104.129.120 93.127.228.2 98.129.229.73 103.233.250.250 104.18.40.33 104.18.46.84 104.18.53.41 104.24.97.244 104.24.120.241 104.27.135.233 104.27.146.91 104.27.150.4 104.28.2.168 104.28.9.91 104.28.24.55 104.28.28.239 104.31.64.190 104.31.71.22 104.31.80.136 104.31.87.43 104.31.89.219 104.31.93.62 107.150.166.243 119.9.30.112 158.69.219.115 163.172.248.108 173.240.168.87 174.36.59.160 184.173.76.108 190.183.222.150 192.254.189.17 195.43.150.212 198.12.145.135 198.55.28.172 216.55.168.220 216.87.168.211 64.95.100.84 92.40.249.134 188.29.164.0/24 198.46.131.0/24 # https://www.virustotal.com/en/file/0c357e3d47167b7370ce5578bb25c4f1c8b1cd87dbd398ecc07bccdac5087aa1/analysis/ 13.84.157.153 23.229.147.2 23.229.160.9 23.229.226.35 23.229.231.39 37.200.66.30 38.229.70.4 40.76.58.209 46.16.62.124 46.249.204.170 62.149.128.151 62.149.142.131 63.143.47.112 64.71.33.177 65.181.113.254 68.164.182.11 69.58.188.40 69.175.33.26 74.50.28.190 74.201.86.21 77.245.68.162 78.26.131.2 78.46.89.154 82.223.210.154 84.116.32.65 85.128.151.195 86.65.123.70 86.109.170.226 87.106.240.27 87.242.73.72 89.106.12.61 91.142.215.77 93.89.224.190 94.73.148.164 94.102.7.42 95.110.231.63 95.211.144.68 104.16.55.3 104.20.31.3 104.27.182.85 107.180.51.237 109.248.32.195 128.31.0.39 134.0.14.194 142.217.193.140 149.3.144.205 159.253.45.219 162.210.102.62 162.222.225.77 166.62.89.69 177.185.192.141 178.218.164.132 187.33.0.252 191.252.2.146 191.252.2.148 192.35.177.64 192.64.117.188 192.186.225.35 194.27.72.146 195.228.39.223 198.144.36.150 200.98.116.70 200.155.86.74 202.170.69.9 205.144.171.55 205.186.187.83 208.109.47.170 208.123.212.37 210.55.230.195 216.47.227.188 216.70.228.110 217.149.7.213 217.160.231.143 217.197.83.197 # https://twitter.com/InfoSec_DD 193.200.241.142 149.62.98.3 # 742855018793963520 # https://otx.alienvault.com/pulse/5758c4e8377bbb01340e895d 93.174.90.126 # https://www.zscaler.com/blogs/research/malicious-documents-leveraging-new-anti-vm-anti-sandbox-techniques 204.93.177.102 # https://isc.sans.edu/forums/diary/Searching+for+malspam/21145 46.173.92.4 62.149.132.43 62.149.140.183 65.181.113.29 65.181.113.187 95.215.46.153 185.61.149.93 188.165.157.176 188.190.33.93 198.105.244.228 217.160.6.96 # https://reaqta.com/2016/06/nemucod-meets-php/ 37.140.192.209 89.31.108.3 92.53.121.36 185.26.122.180 # https://otx.alienvault.com/pulse/5759741f78e335013763cea0 8.5.1.35 58.158.177.102 # https://www.hybrid-analysis.com/sample/e6f8bd93246e534ba73cdce9e6596f2913b9f32cc08c4d14c685f59441e42e1a?environmentId=100 185.26.122.180 # https://www.arbornetworks.com/blog/asert/communications-bolek-trojan/ 91.215.154.155 # https://twitter.com/mesa_matt 93.174.94.135 37.112.59.79 # 745698957314113536 166.78.145.90 173.237.190.72 185.139.0.217 91.220.131.220 # https://blog.malwarebytes.org/cybercrime/exploits/2016/06/neutrino-exploit-kit-fills-in-for-angler-ek-in-recent-malvertising-campaigns/ # https://www.virustotal.com/en/domain/watch.pnwpga.com/information/ 69.30.229.132 # https://blogs.mcafee.com/mcafee-labs/thrones-jon-snow-appears-to-employ-neutrino-exploit-kit/ # http://viewdns.info/reversewhois/?q=yaplakal.r%40gmail.com # https://www.virustotal.com/en/domain/23iujasdhaskj.top/information/ # https://www.virustotal.com/en/domain/injec-software-me.com/information/ # https://www.virustotal.com/en/domain/gugendolik.com/information/ # https://www.virustotal.com/en/domain/newserver-newscompnay.com/information/ # https://www.virustotal.com/en/domain/diahatvietnam.com/information/ 188.93.211.27 188.93.211.67 194.58.121.54 74.57.205.136 184.168.221.39 69.197.18.183 104.28.20.75 104.28.21.75 # http://malware.dontneedcoffee.com/2016/06/is-it-end-of-angler.html 66.150.114.20 103.194.112.36 138.201.162.161 184.73.178.140 85.143.209.61 104.238.173.205 185.117.73.124 139.59.188.227 45.32.182.43 # https://twitter.com/JanneFI 31.170.163.90 # https://www.arbornetworks.com/blog/asert/communications-bolek-trojan/ 91.215.154.155 # https://twitter.com/F_kZ_ 107.181.175.15 88.127.231.124 58.206.126.28 162.144.156.241 # 744838342337007616 1.35.32.95 # 742370496046583808 2.226.228.33 3.177.177.160 4.4.137.168 4.88.158.184 7.87.41.16 8.134.27.251 14.221.219.225 15.22.130.149 16.167.234.192 17.160.190.25 18.176.47.78 19.34.61.18 20.89.101.250 20.123.164.86 22.224.76.149 26.204.147.126 28.32.221.17 29.207.100.120 30.232.78.239 31.140.207.13 32.120.71.1 34.90.91.110 35.47.222.13 36.27.192.47 38.97.170.78 38.114.57.173 38.234.124.213 47.98.26.246 49.139.190.13 51.181.119.128 53.2.186.19 57.17.67.112 57.66.143.78 60.103.72.217 61.125.246.31 64.25.212.40 67.226.101.210 68.96.164.94 69.11.90.163 70.215.19.187 71.250.234.148 73.115.66.24 73.134.157.228 73.238.111.174 74.51.90.52 74.133.61.231 82.187.81.4 83.133.52.236 88.151.101.129 88.204.156.90 89.99.54.140 89.205.122.234 90.130.74.91 91.32.196.167 92.243.219.229 95.94.180.114 98.44.76.218 102.144.251.22 107.5.150.38 107.82.36.164 107.107.116.161 112.232.40.194 113.22.225.129 115.199.234.253 116.243.53.245 117.158.35.35 119.132.244.145 123.230.219.179 125.99.186.180 134.75.158.226 134.77.10.29 134.169.176.194 137.69.222.215 138.124.12.228 139.60.79.248 143.50.110.138 143.92.58.174 145.242.121.115 145.254.247.7 146.164.65.135 148.22.255.219 150.15.97.232 150.130.130.31 151.75.178.198 151.220.234.186 153.114.118.250 155.94.67.23 155.220.210.239 163.20.178.10 166.164.58.107 166.176.46.71 168.5.2.25 169.0.158.243 169.164.117.136 172.188.162.144 176.168.136.171 177.16.14.56 179.188.3.63 183.177.176.53 183.182.89.222 185.66.95.10 187.178.176.10 190.85.72.92 191.32.105.11 192.70.226.155 193.60.170.10 193.100.138.58 194.170.179.45 195.1.71.220 196.201.156.226 198.36.81.78 198.42.82.132 200.140.196.192 202.45.91.27 204.95.85.50 206.5.53.128 206.48.132.155 210.4.135.1 210.205.88.28 211.99.83.223 212.237.238.105 213.157.44.176 216.73.211.178 216.132.93.156 217.42.9.62 220.15.121.157 225.24.137.64 226.194.205.42 228.18.238.173 228.160.131.206 229.90.213.181 233.244.139.112 235.148.76.158 236.74.71.200 239.230.119.73 240.116.193.19 241.225.220.134 244.88.36.226 244.184.154.158 245.250.2.209 246.137.215.198 249.56.97.85 249.63.207.73 250.122.14.85 254.55.46.193 179.43.133.38 51.255.19.179 # 747408054627377152 # http://malware.dontneedcoffee.com/2016/06/is-it-end-of-angler.html 5.133.179.79 74.201.85.74 45.32.183.83 104.238.173.205 # https://twitter.com/DrolSecurity 78.170.189.17 # https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/ 185.100.84.134 58.49.58.58 218.1.98.203 187.33.33.8 185.86.148.227 45.32.129.185 23.227.196.217 # https://twitter.com/CyberScimitar 178.170.189.17 92.53.121.171 185.93.108.132 93.171.202.176 188.127.230.5 195.54.162.33 37.139.29.105 81.177.23.247 # 743470119838486528 94.142.139.214 178.170.189.17 93.171.202.176 46.254.21.69 88.214.236.194 # https://twitter.com/in_threat 204.152.203.99 192.52.167.118 84.200.68.163 # https://twitter.com/chmod1777 104.168.180.192 # https://twitter.com/Antelox 59.180.231.54 # 743109421400752129 94.102.50.50 # 743504417090113536 77.222.56.251 # 744202025286639616 31.220.17.11 198.211.115.134 93.89.224.8 212.129.55.87 46.30.212.111 # 744187915824152577 88.208.252.204 206.222.19.250 188.40.248.65 # 744125834596876288 81.177.165.93 # 744113839785009152 120.26.59.61 # 744899390024880129 212.129.55.87 84.45.72.224 # 744930566538207236 195.208.1.157 5.101.152.55 104.207.244.16 # 745302311241719808 91.216.107.154 46.41.144.46 # 745531040286932992 87.236.19.41 5.101.153.64 5.101.153.43 5.101.152.120 121.41.90.205 # 746596735649255424 103.224.22.12 74.124.24.164 5.101.152.71 173.247.249.189 5.101.153.0/24 # 746279030069002245 5.101.152.67 87.236.19.17 # 745930202530852864 91.106.207.19 87.236.19.60 87.236.19.26 # https://twitter.com/GossiTheDog 50.87.44.134 # 682164539689938944 # https://blog.fox-it.com/2016/06/15/mofang-a-politically-motivated-information-stealing-adversary/ 103.229.124.1 103.39.78.131 107.191.61.105 112.213.117.52 116.251.210.77 116.251.216.165 116.251.216.227 116.251.216.72 116.251.219.142 117.17.10.10 151.236.14.53 176.31.220.160 178.209.51.164 178.209.52.72 192.157.229.164 198.98.103.7 210.245.85.83 23.89.200.128 23.89.201.173 38.109.190.55 49.213.18.15 50.117.47.66 50.117.47.67 61.250.92.79 # https://twitter.com/Simpo13 46.254.21.84 # 743086368205705216 4.198.232.114 # https://twitter.com/jeromesegura 45.63.26.202 # 743165744054046720 # http://malware-traffic-analysis.net/2016/05/16/index.html 188.93.211.67 # https://otx.alienvault.com/pulse/57616f7b5804b00134147bda 5.56.133.145 # https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/22000/PD22960/en_US/McAfee-Labs-ThreatAdvisory-Pinkslipbot_RevA.pdf 216.227.214.95 72.29.86.119 66.219.30.219 110.4.45.64 74.220.215.107 162.144.12.241 # https://www.virustotal.com/en/file/5a878ac22eb059159c2976d11840bdae09111ba8e17933794dbfb23435d89bdd/analysis/1466045706/ 85.170.19.102 # https://twitter.com/James_inthe_box 69.36.165.48 # 743502699069464576 107.180.14.68 # 743515050980188162 66.175.222.234 # 743532746446766080 # https://blog.malwarebytes.com/cybercrime/exploits/2016/06/a-look-at-the-angler-less-exploit-kit-scene/ 46.30.47.110 # https://twitter.com/BroadAnalysis 46.30.47.116 # 743835993644597249 185.133.72.122 # 743433394533576704 5.200.55.156 # 742370461133180928 93.114.65.96 115.74.159.3 84.232.212.135 49.48.216.228 85.93.0.43 # 742067919157366784 45.63.41.234 85.93.0.72 # 740920663876198400 74.208.110.67 # 739465362157277185 109.248.32.173 # 738360899015180288 185.106.122.81 # 738047398417694720 198.105.254.228 66.240.194.139 67.215.187.94 # 737452923551133696 5.200.55.71 46.30.46.190 185.141.27.2 # 736199577175461888 185.141.27.170 # 735503054301200386 158.69.183.24 81.2.240.180 # 734923510489944064 80.87.205.115 5.8.63.0/24 85.93.0.81 # 734893549641175041 185.141.27.143 93.170.169.160 95.213.139.116 5.101.152.83 # 728793786738982912 192.185.215.103 5.144.130.40 46.28.68.46 51.254.93.2 75.126.171.192 178.210.171.15 75.126.217.39 87.98.183.207 65.110.76.229 217.160.230.9 193.124.185.87 185.86.78.3 5.8.63.54 # 734411289011838977 85.93.0.33 # 732655882039885825 108.61.221.86 204.155.30.124 89.145.89.1 # 732297976887037956 185.93.0.33 # 732250080317739008 85.117.75.136 185.117.75.136 176.8.211.57 85.25.95.39 # 744555497987186688 185.119.173.35 146.185.173.25 # 745335484461780992 212.67.205.58 74.208.77.101 74.208.166.84 74.208.161.216 185.49.68.215 58.64.142.89 # 745641395092865025 46.30.47.137 # 746733497918853120 45.35.86.57 115.28.36.224 46.30.46.170 # 746180434199986177 185.127.25.247 95.163.127.184 108.163.224.94 # 746058357874761728 # https://otx.alienvault.com/pulse/576453a7f15dc60134d27471 151.80.9.92 136.243.126.105 5.196.241.192 79.174.73.100 178.33.188.146 176.126.71.5 # https://twitter.com/ochsenmeier 5.56.133.100 # 742448375312863233 # https://www.fireeye.com/blog/threat-research/2016/06/resurrection-of-the-evil-miner.html 198.204.254.82 88.214.200.145 # https://twitter.com/LowsonWebmin 67.227.182.157 # 744932198709661696 # https://twitter.com/_odisseus 78.31.66.161 # 744962399548096512 # https://twitter.com/jedisct1 51.254.240.48 # 745315081852837888 185.82.216.55 217.12.223.83 93.170.104.107 # 745339163550023681 91.219.29.41 # 745624598809546753 93.170.169.188 217.12.223.88 # 746348458852950016 195.123.209.227 185.82.216.61 217.12.223.89 5.61.37.139 # 745994532009943040 195.123.209.227 # 745743267170488321 185.82.216.60 217.12.223.88 # https://blogs.forcepoint.com/security-labs/highly-popular-anime-site-jkanime-compromised-redirecting-users-neutrino-ek#st_refDomain=t.co&st_refQuery=/xjOrgjTNtC 104.25.159.13 146.185.173.25 # https://twitter.com/mikko 113.10.158.114 # 745182672549359616 203.189.232.1 118.193.246.157 182.16.4.2 103.242.3.47 182.16.4.6 # https://blog.malwarebytes.com/threat-analysis/2016/03/scammers-impersonate-isps-in-new-tech-support-campaign/ 190.97.163.85 130.211.186.109 74.220.199.6 # https://twitter.com/0xtadavie 91.219.29.41 # 745581758217883648 # https://labs.opendns.com/2016/06/20/bitcoin-wallet-phishes-reveal-rogue-hosts/ 89.248.171.0/24 91.218.247.0/24 104.28.30.195 93.174.91.42 # 23.236.62.147 162.213.255.53 50.116.61.95 # https://otx.alienvault.com/pulse/576a6ba4f15dc60d70d2777a 129.121.5.191 213.205.38.24 46.30.213.77 93.190.41.97 160.153.73.4 203.124.43.226 45.40.143.233 192.186.200.134 162.213.157.131 217.160.177.243 89.107.186.4 123.30.145.20 213.205.38.28 195.14.0.150 213.205.38.25 103.6.198.138 109.71.40.52 192.186.209.5 23.229.133.197 112.78.2.153 # https://otx.alienvault.com/pulse/576ad190f9467301352cdbfb 176.126.71.5 # https://twitter.com/malcatmewmew 85.128.210.66 193.203.99.113 # https://twitter.com/0xtadavie 185.82.216.61 # 747360136843399168 217.12.223.89 195.123.209.227 # 745955826423177216 # https://blog.fortinet.com/2016/06/21/the-curious-case-of-an-unknown-trojan-targeting-german-speaking-users 82.165.37.26 # https://twitter.com/ReaQta 103.6.198.185 # 745917278181523456 104.152.168.29 107.180.24.238 107.6.169.61 109.234.160.30 112.140.178.249 143.95.250.67 146.120.112.197 160.153.73.196 162.210.102.232 166.63.125.135 175.45.184.160 176.62.167.160 185.149.90.4 188.40.0.214 192.185.146.153 192.185.225.43 192.185.65.228 192.186.246.98 192.254.188.98 193.203.99.111 193.203.99.113 195.208.0.136 199.204.248.105 199.241.184.10 202.124.241.203 203.132.10.3 216.120.252.191 217.73.226.220 217.76.156.98 23.229.131.128 46.226.62.141 46.226.62.145 65.39.184.151 66.33.222.26 69.156.240.29 75.119.198.150 79.174.64.15 80.78.166.19 83.96.159.64 85.118.237.109 85.25.235.209 89.36.135.166 92.53.126.193 94.247.170.75 95.38.60.148 98.131.20.17 # 745909797707464704 195.234.4.64 173.225.21.34 94.46.167.10 213.189.197.201 67.231.20.224 108.160.148.6 149.255.34.144 87.239.18.13 23.229.135.101 212.227.33.91 88.208.252.194 81.177.140.141 90.156.201.56 77.221.130.6 195.208.1.146 # 748174104633679872 14.31.59.147 62.42.230.17 85.9.56.201 88.86.120.126 93.170.123.219 95.170.90.21 149.154.159.125 151.236.17.45 151.236.17.47 188.116.19.59 207.204.30.14 212.23.8.80 213.158.72.90 216.239.136.136 216.239.136.223 217.31.51.180 217.119.54.167 208.71.106.37 # 748113712880435200 46.19.218.30 205.236.147.16 # https://twitter.com/tmmalanalyst 62.76.188.61 # 746896087164719104 40.30.47.137 # 746743875998343168 # http://researchcenter.paloaltonetworks.com/2016/06/unit42-prince-of-persia-game-over/ 5.9.94.34 5.79.71.225 46.101.115.221 69.195.129.72 83.125.22.161 85.17.31.82 85.17.31.122 138.201.0.134 138.201.47.150 138.201.47.153 138.201.47.158 144.76.250.205 178.162.217.107 178.162.203.202 178.162.203.211 178.162.203.226 # https://twitter.com/h3x2b 89.111.177.133 # 747738867877421056 193.203.99.112 86.106.30.71 62.14.3.195 62.37.237.59 64.50.161.218 66.147.244.210 69.27.174.10 78.24.186.235 80.74.144.35 81.24.1.16 81.196.20.133 83.235.64.44 85.193.69.29 89.42.39.160 91.223.216.66 112.140.42.29 166.62.10.52 178.254.62.52 188.40.77.144 192.185.36.128 192.186.251.225 195.3.96.72 198.1.71.135 198.169.132.17 208.71.106.219 # https://twitter.com/Simpo13 51.236.15.226 # 747844999467892740 194.9.94.117 # https://twitter.com/dez_ 139.59.191.79 # 747807234684379137 78.46.167.130 # https://twitter.com/JaiGuill 95.59.26.88 # 748081704171151364 107.181.255.246 # https://twitter.com/IgnotumAliquis 82.221.139.0/24 # 785990081043496960 # https://www.reddit.com/r/Malware/comments/4tfrja/malware_served_from_reddit_ad_xpost_from_rads/ 104.243.35.138 # https://www.proofpoint.com/us/threat-insight/post/massive-adgholas-malvertising-campaigns-use-steganography-and-file-whitelisting-to-hide-in-plain-sight 5.187.5.206 50.7.124.160 50.7.124.184 50.7.124.215 50.7.143.14 50.7.143.70 95.154.199.67 95.154.199.79 95.154.199.135 95.154.199.181 95.154.199.182 95.154.199.183 162.247.14.213 179.43.147.195 179.43.147.242 192.240.97.164 193.109.69.212 46.183.219.105 46.183.220.156 46.183.221.146 91.219.239.113 184.171.243.62 184.171.243.63 185.29.11.167 191.101.250.49 191.101.251.1 191.101.251.12 192.169.7.226 # http://researchcenter.paloaltonetworks.com/2016/07/unit-42-attack-delivers-9002-trojan-through-google-drive/ 222.239.91.30 210.209.118.30 43.225.56.138 # http://researchcenter.paloaltonetworks.com/2016/08/unit42-vb-dropper-and-shellcode-for-hancitor-reveal-new-techniques-behind-uptick/ 62.141.54.153 213.239.192.240 # http://www.kahusecurity.com/2016/javascript-leads-to-browser-hijacking/ 95.153.31.22 # https://www.us-cert.gov/hiddencobra 104.192.193.149 111.207.78.204 117.232.100.154 119.10.74.66 122.114.89.131 122.114.94.26 125.160.213.239 125.212.132.222 139.217.27.203 173.0.129.65 173.0.129.83 175.100.189.174 181.119.19.118 181.119.19.141 181.119.19.196 181.119.19.5 181.119.19.50 181.119.19.54 181.119.19.56 181.119.19.58 181.119.19.74 190.105.225.232 190.82.74.66 190.82.86.164 191.233.33.177 191.234.40.112 195.74.38.115 196.25.89.30 197.211.212.14 199.167.100.46 200.57.90.108 203.160.191.116 208.180.64.10 208.78.33.70 208.78.33.82 209.183.21.222 210.202.40.35 216.163.20.178 221.208.194.72 221.235.53.229 27.123.221.66 36.71.90.4 41.92.208.194 41.92.208.196 41.92.208.197 5.79.99.169 50.62.168.157 59.90.93.138 62.243.45.227 64.29.144.201 66.175.41.191 66.232.121.65 66.242.128.11 66.242.128.12 66.242.128.13 66.242.128.134 66.242.128.140 66.242.128.158 66.242.128.162 66.242.128.163 66.242.128.164 66.242.128.170 66.242.128.173 66.242.128.179 66.242.128.181 66.242.128.185 66.242.128.186 66.242.128.223 71.125.1.130 71.125.1.132 71.125.1.133 71.125.1.138 72.167.53.183 75.103.110.134 77.78.100.101 81.0.213.173 82.223.213.115 82.223.73.81 91.116.139.195 96.65.90.58 98.101.211.140 98.101.211.162 98.101.211.170 98.101.211.251 98.113.84.130 98.159.16.132 # https://securingtomorrow.mcafee.com/mcafee-labs/android-malware-appears-linked-to-lazarus-cybercrime-group/ 14.139.200.107 175.100.189.174 197.211.212.31 199.180.148.134 110.45.145.103 217.117.4.110 61.106.2.96 181.119.19.100 124.248.228.30 119.29.11.203 139.96.55.146 114.215.130.173 # https://twitter.com/CraneHassold 178.159.36.241 # 937389328648560647 # https://twitter.com/Techhelplistcom 202.181.24.235 # 940805468271804416 91.234.99.151 # 965345305578409984 80.211.245.223 # 992044061216460800 217.61.108.26 # 992252017065189380 # https://twitter.com/JayTHL 176.74.30.18 # 1118021886808612865 # https://twitter.com/switchingtoguns 185.110.132.218 # 946413033349369857 # https://twitter.com/bad_packets 181.214.87.0/24 # 976644371364773888 185.8.51.39 # 982106706292367360 5.188.9.135 198.211.99.33 # 1064325625123500032 111.90.158.225 # https://twitter.com/bry_campbell 111.90.138.178 # 983649159508054017 # https://twitter.com/aa419 64.20.39.27 # 991440987162460160 # https://blog.talosintelligence.com/2018/05/VPNFilter.html 91.121.109.209 # 217.12.202.40 (TOR Node) 94.242.222.68 # 82.118.242.124 (TOR Node) 46.151.209.33 217.79.179.14 91.214.203.144 95.211.198.231 195.154.180.60 5.149.250.54 91.200.13.76 94.185.80.82 62.210.180.229 # https://twitter.com/BBcan177 5.45.79.15 # 1003344397176537088 92.40.248.0/24 # Spammer 92.40.249.0/24 # Spammer # https://twitter.com/bad_packets 166.63.127.154 # 1031286141654204416 185.82.200.87 # 1068567506070102017 # https://twitter.com/alphasoc 206.189.40.55 # 1039355203609223170 213.174.157.150 # 1056792558284619776 # https://www.fireeye.com/blog/threat-research/2018/11/not-so-cozy-an-uncomfortable-examination-of-a-suspected-apt29-phishing-campaign.html 95.216.59.92 # https://twitter.com/JayTHL 101.99.90.67 # 1165861042859253760 103.254.208.44 104.194.11.41 104.243.245.155 104.244.74.119 107.173.125.119 107.174.14.10 142.11.211.58 162.144.78.83 173.82.206.243 176.53.12.17 178.159.36.167 178.159.36.236 181.41.215.48