207.244.242.177 mikepedro207yyyxx.ddns.net donmikeyyyx.ddns.net mikexwormxxxyy.ddns.net 66.94.122.207 mikepedro207yyyxx.ddns.net donmikeyyyx.ddns.net 207.244.233.229 donmikeyyyx.ddns.net 209.145.55.12 donmikeyyyx.ddns.net 207.244.244.133 donmikeyyyx.ddns.net 207.244.235.47 donmikeyyyx.ddns.net mikludoykxx.ddns.net 207.244.236.205 quasharr.ddns.net newtryex.ddns.net wormxwar.ddns.net retsuportm.ddnsfree.com mywormtwon.ddns.net spreadrem1.ddnsfree.com 5.189.130.151 mywarswar.ddnsfree.com wormxwar.ddns.net quasharr.ddns.net retsuportm.ddnsfree.com spreadrem1.ddnsfree.com 154.53.45.198 quasharr.ddns.net wormxwar.ddns.net retsuportm.ddnsfree.com spreadrem1.ddnsfree.com 66.154.110.53 (Quadranet Global) wormxwar.ddns.net febnew1.ddns.net febnew2.ddns.net 209.145.56.157 retsuportm.ddnsfree.com spreadrem1.ddnsfree.com wormxwar.ddns.net newtryex.ddns.net quasharr.ddns.net 207.244.236.205 spreadrem1.ddnsfree.com mywormtwon.ddns.net retsuportm.ddnsfree.com wormxwar.ddns.net newtryex.ddns.net quasharr.ddns.net 154.12.234.207 quasharr.ddns.net fresh12.ddns.net wormxwar.ddns.net newtryex.ddns.net retsuportm.ddnsfree.com backupjuly2022.ddns.net 2ndspreading1.ddns.net spreadrem1.ddnsfree.com 154.12.233.76 quasharr.ddns.net asyrwart.ddns.net mynewfresh.ddns.net freshinxworm.ddns.net 154.53.52.101 mywarswarw.ddns.net mynewfresh.ddns.net 161.97.106.212 backupjuly2022.ddns.net febbit2.ddns.net febbit1.ddns.net 2ndspreading1.ddns.net july202022.ddns.net fresh12.ddns.net 154.53.32.96 2ndspreading1.ddns.net july202022.ddns.net febnew2.ddns.net febnew1.ddns.net febnew.ddns.net backupjuly2022.ddns.net fresh12.ddns.net febnew3.ddns.net febrem1.ddns.net febrem.ddns.net 142.11.211.90 2ndspreading1.ddns.net july202022.ddns.net backupjuly2022.ddns.net febnew3.ddns.net freshspread.ddnsking.com febrem1.ddns.net fresh12.ddns.net febnew.ddns.net febnew3.ddns.net febbit1.ddns.net febrem.ddns.net newwarr.ddns.net 209.126.83.213 newtryex.ddns.net febrem1.ddns.net fresh12.ddns.net 2ndspreading1.ddns.net retsuportm.ddnsfree.com backupjuly2022.ddns.net 209.126.77.229 fresh12.ddns.net 2ndspreading1.ddns.net febrem1.ddns.net backupjuly2022.ddns.net 66.94.108.214 frspeed.ddns.net fresh12.ddns.net febrem1.ddns.net 2ndspreading1.ddns.net july202022.ddns.net febbit2.ddns.net febbit1.ddns.net backupjuly2022.ddns.net 104.168.190.126 febbit2.ddns.net febrem1.ddns.net febrem.ddns.net febnew2.ddns.net febnew1.ddns.net febnew3.ddns.net febnew.ddns.net febbit1.ddns.net 45.133.174.97 2ndspreading1.ddns.net july202022.ddns.net febbit1.ddns.net fresh12.ddns.net backupjuly2022.ddns.net 144.126.144.172 frspeed.ddns.net july202022.ddns.net backupjuly2022.ddns.net 2ndspreading1.ddns.net febrem1.ddns.net 191.101.130.52 febbit3.ddns.net fresh12.ddns.net febrem.ddns.net newwarr.ddns.net febnew3.ddns.net febrem1.ddns.net 185.157.162.187 febnew3.ddns.net febnew2.ddns.net febnew1.ddns.net febnew.ddns.net 152.89.162.58 febnew2.ddns.net febnew1.ddns.net febnew3.ddns.net febnew.ddns.net 154.12.254.251 retsuportm.ddnsfree.com spreadrem1.ddnsfree.com quasharr.ddns.net 154.53.55.72 retsuportm.ddnsfree.com spreadrem1.ddnsfree.com fresh12.ddns.net backupjuly2022.ddns.net 2ndspreading1.ddns.net 87.249.134.92 fresh12.ddns.net 146.70.104.94 (1 day only) febnew.ddns.net febnew1.ddns.net febnew2.ddns.net febnew3.ddns.net 66.94.108.243 febnew.ddns.net febnew1.ddns.net febnew2.ddns.net febbit2.ddns.net 89.117.72.232 quasharr.ddns.net freshinxworm.ddns.net secoundxwormm.ddns.net 89.117.76.67 quasharr.ddns.net 194.163.172.117 febnew1.ddns.net febnew2.ddns.net 154.53.63.206 freshwarsmi.ddns.net 209.145.63.57 Darwin090.gleeze.com 46.142.89.251 quasharr21.ddns.net 45.90.222.15 febnew1.ddns.net febnew2.ddns.net #### From here, relation is made via stickerpix.co.uk which was used to drop both samples for above and below this line 144.126.151.207 genekol.nsupdate.info 185.176.220.169 genekol.nsupdate.info mulla2022.hopto.org 185.176.220.29 genekol.nsupdate.info generem.camdvr.org harrywlike.ddns.net bit100.accesscam.org mulla2022.hopto.org 154.12.255.13 genekol.nsupdate.info generem.camdvr.org harrywlike.ddns.net bit100.accesscam.org 209.145.61.216 genekol.nsupdate.info harrywlike.ddns.net bit100.accesscam.org 38.242.134.118 genekol.nsupdate.info generem.camdvr.org harrywlike.ddns.net 185.176.220.230 genekol.nsupdate.info generem.camdvr.org harrywlike.ddns.net 94.46.246.39 genekol.nsupdate.info 94.46.246.63 generem.camdvr.org hobbyhrs2.zapto.org 20.231.31.0 generem.camdvr.org 94.46.246.38 harrywlike.ddns.net 209.126.84.214 harrywlike.ddns.net genekol.nsupdate.info 173.205.93.135 bit100.accesscam.org 192.3.53.69 bit100.accesscam.org 104.168.152.36 mulla2022.hopto.org 208.101.60.87 centplus1.serveftp.com 157.240.12.36 centplus1.serveftp.com 93.46.8.90 henderson1.camdvr.org 46.82.174.69 henderson1.camdvr.org 11.23.33.44 henderson1.camdvr.org 140.228.29.164 bit100.accesscam.org 152.89.162.59 bit100.accesscam.org gene.ddnsgeek.com rem16.hopto.org rem166.hopto.org rem1666.hopto.org rem1.camdvr.org 37.120.138.200 bit100.accesscam.org rem16.camdvr.org www.rem16.camdvr.org rem1.camdvr.org rem16.hopto.org rem166.hopto.org rem1666.hopto.org sunwap1.ddns.net rennelautos.kozow.com www.rem16.camdvr.org www.rennelautos.kozow.com 104.215.112.107 gene.ddnsgeek.com generem1.hopto.org hobbyhrs.zapto.org rem1.camdvr.org henderson.camdvr.org rem16.hopto.org rem166.hopto.org hendersonk.hopto.org generem.hopto.org 192.236.154.231 gene.ddnsgeek.com hendersonk.hopto.org generem.hopto.org henderson.camdvr.org 37.120.206.175 rem1.camdvr.org rem166.hopto.org 107.175.32.198 rem1.camdvr.org sunwap1.ddns.net rem16.hopto.org rem1666.hopto.org 5.181.234.140 rem1.camdvr.org sunwap1.ddns.net rem16.hopto.org rem166.hopto.org rem1666.hopto.org 143.244.46.154 rem1.camdvr.org 173.44.50.151 rem1.camdvr.org sunwap1.ddns.net 5.181.234.139 rem1.camdvr.org rem16.hopto.org rem1666.hopto.org sunwap1.ddns.net 37.120.138.222 rem1.camdvr.org rem1666.hopto.org sunwap1.ddns.net rem16.hopto.org 217.138.204.41 rem1.camdvr.org 37.120.138.210 rem1.camdvr.org 185.236.203.124 rem1.camdvr.org 152.89.162.33 rem1.camdvr.org 217.64.151.37 rem1.camdvr.org 45.148.17.18 rem16.hopto.org rem166.hopto.org 20.110.185.77 rem16.hopto.org hendersonk.hopto.org generem.hopto.org henderson.camdvr.org sunwap1.ddns.net rem1666.hopto.org rem166.hopto.org 94.46.246.30 hobbyhrs1.zapto.org hobbyhrs.zapto.org generem1.hopto.org 185.244.30.164 halwachi50.mymediapc.net (very out of time frame... 2020-02-02 for 1 day - but malware history - same pattern. 1 IP, several dyndns ) rennelautos.kozow.com 137.116.73.45 reneelauto.dynu.net 185.244.30.45 halwachi50.mymediapc.net ansrt.duckdns.org amechi.duckdns.org www.amechi.duckdns.org robinmmadi.servehumour.com 51.75.155.78 halwachi50.mymediapc.net robinmmadi.servehumour.com 185.140.53.20 halwachi50.mymediapc.net haash.duckdns.org judge2020.ddns.net believe2021.ddns.net accept.ddns.net 185.244.30.80 halwachi50.mymediapc.net gefide5.ddns.net robinmmadi.servehumour.com 194.5.97.119 halwachi50.mymediapc.net robinmmadi.servehumour.com oluwa103.hopto.org #joey.daniel2you.com# <- Netwire / NanoCore related 185.140.53.145 halwachi50.mymediapc.net remcoss11.ddns.net robinmmadi.servehumour.com #workstation.homeip.net# <- Loda RAT ( 2021-02, rest is 2020-01 and 2020-05) 185.140.53.34 halwachi50.mymediapc.net robinmmadi.servehumour.com ongod2020.ddns.net coconuthead.ddns.net 45.138.172.161 halwachi50.mymediapc.net robinmmadi.servehumour.com 185.217.1.165 halwachi50.mymediapc.net mmdedi02.freeddns.org melvintravels.ddns.net robinmmadi.servehumour.com 37.120.153.2 halwachi50.mymediapc.net #micahserver.dyndns.org #telo1928.ddns.net #luphen.ddns.net #luphen.redirectme.net 185.19.85.142 halwachi50.mymediapc.net tonymario.chickenkiller.com robinmmadi.servehumour.com tonymaris7342.ddns.net www.amariceo.duckdns.org amariceo.duckdns.org bitendhatung.servebeer.com ( www.fresh22.duckdns.org fresh22.duckdns.org 185.217.1.163 halwachi50.mymediapc.net 419millions.chickenkiller.com 194.5.98.41 halwachi50.mymediapc.net robinmmadi.servehumour.com greataggy2.linkpc.net chimarem.duckdns.org alonso.ydns.eu javaautorun.duia.ro 185.217.1.148 halwachi50.mymediapc.net robinmmadi.servehumour.com mmdedi02.freeddns.org