# Copyright (c) 2014-2022 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/Unit42_Intel/status/1545207290919264258
# Reference: https://twitter.com/MichalKoczwara/status/1544403381539717121
# Reference: https://twitter.com/MichalKoczwara/status/1544566096837152769
# Reference: https://twitter.com/MichalKoczwara/status/1544944208250904582
# Reference: https://unit42.paloaltonetworks.com/brute-ratel-c4-tool/

104.6.92.229:443
13.82.141.216:443
137.184.199.17:443
138.68.50.218:443
138.68.58.43:443
139.162.195.169:443
139.180.187.179:443
142.93.230.121:443
146.190.225.113:443
146.190.225.33:443
147.182.247.103:443
149.154.100.151:443
15.206.84.52:443
152.67.78.82:443
159.223.49.16:443
159.65.186.50:443
162.216.240.61:443
164.90.181.205:443
170.254.185.1:443
172.105.102.247:443
172.81.62.82:443
174.129.157.251:443
178.33.38.76:443
178.79.143.149:443
178.79.168.110:443
178.79.172.35:443
18.130.233.249:443
18.133.26.247:443
18.176.11.157:443
18.217.179.8:443
18.236.92.31:443
185.138.164.112:443
185.166.214.143:443
188.166.230.164:443
194.29.186.67:443
194.87.70.14:443
20.74.155.146:443
213.168.249.232:443
3.110.56.219:443
3.113.109.1:443
3.133.7.69:443
3.27.18.66:443
31.184.198.83:443
34.195.122.225:443
34.243.172.90:443
34.250.32.179:443
35.170.243.216:443
45.144.225.3:443
45.76.155.71:443
45.79.36.192:443
52.199.127.115:443
52.48.51.67:443
52.90.228.203:443
54.229.102.30:443
54.90.137.213:443
54.92.22.199:443
70.34.214.250:443
85.208.22.36:443
89.100.107.65:443
92.255.85.173:443
92.255.85.44:443
94.130.130.43:443
ds.windowsupdate.eu.org
spectrumofinnovation.org

# Reference: https://twitter.com/MichalKoczwara/status/1553781412133838848

digitalhealthrecord.live

# Reference: https://github.com/conexioninversa/MalwareIntel/blob/main/C2_All.csv
# Reference: https://github.com/conexioninversa/MalwareIntel/blob/main/C2_BruteRatel.txt

http://13.113.188.183
http://13.114.203.227
http://13.115.214.254
http://159.65.114.157
http://170.254.185.1
http://18.163.6.122
http://18.176.11.157
http://18.198.216.248
http://3.114.23.145
http://3.127.118.115
http://35.156.199.19
http://35.74.220.117
http://35.77.140.201
http://45.137.117.219
http://52.198.179.162
http://54.178.240.29
http://54.238.217.34
http://54.249.104.32
http://54.249.138.251
http://54.92.22.199
http://54.92.4.22
107.148.27.54:443
107.148.27.54:8443
13.114.203.227
13.79.28.122:443
13.82.141.216:443
146.190.225.79:443
152.67.78.82:443
159.65.114.157:443
159.65.144.75:443
159.69.175.197:8443
162.216.240.61:4443
162.216.240.61:8443
164.90.181.205:443
167.172.140.210:443
167.71.12.46:443
176.34.152.127:443
178.128.98.154:443
178.33.38.76:8443
178.33.49.56:8443
185.193.125.142:443
185.198.26.229:443
194.87.70.14:10443
2.37.28.171:9002
216.250.96.208:443
3.144.154.208:443
3.17.10.52:443
3.25.139.251:443
3.99.59.202:443
34.226.141.245:443
44.204.63.95:443
45.137.117.219:443
45.43.2.62:443
47.242.33.173:443
54.194.184.233:443
54.235.16.137:443
54.93.134.133:443
64.227.11.231:443
70.34.214.250:8443
79.3.12.7:9002
94.102.49.64:443

# Reference: https://twitter.com/IronNetTR/status/1603042127251877889

systemresync.com

# Reference: https://twitter.com/MichalKoczwara/status/1606419631601762304

213.227.155.115:1337
