
# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/ViriBack/status/1035683053459460098

3dchesmellltda.club

# Reference: https://researchcenter.paloaltonetworks.com/2016/03/banload-malware-affecting-brazil-exhibits-unusually-complex-infection-process/

compra-da-sorte.com
vemsorte2015.com

# Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Banloa-CRQ/detailed-analysis.aspx

triocar.web1629.kinghost.net
www.inducar.kinghost.net

# Reference: https://twitter.com/pancak3lullz/status/1040343104564473865

beladoces.online/wp/wp-includes/brazilkrisemundial/index.php

# Reference: https://twitter.com/James_inthe_box/status/1242573224006696961

/AppCounter20032020-001/index.php

# Reference: https://twitter.com/1ZRR4H/status/1243178915507703810

seguridadsucursal.online
tma8sjw.myftp.org

# Reference: https://blog.scilabs.mx/blog/2019/12/06/campana-cosmic-banker-sigue-activa-y-revela-vinculo-con-banload/
# Reference: https://www.virustotal.com/gui/ip-address/51.79.31.28/relations

http://51.79.31.28
comprobantes.sytes.net
dgi1b2n3m4.ddns.net
/RO3473I4R4Y.php

# Reference: https://twitter.com/James_inthe_box/status/1245427754977263617

receitafazenda.webcindario.com
/primo/verifique.php

# Reference: https://twitter.com/NtSetDefault/status/1253292071877820416

4up4.com/uploads/file_2020-04-13_031927.jpg

# Reference: https://twitter.com/Bank_Security/status/1258359587729813504
# Reference: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
# Reference: https://www.virustotal.com/gui/file/ed1e2a3767b575cce54e13e05112f30156590cc080a0d0865aaf85686c4e51be/detection

23.108.57.243:3389
http://23.106.124.20/avs/img1/index.php

# Reference: https://twitter.com/sevenofnull/status/1275342947068915713
# Reference: https://app.any.run/tasks/141db5f3-0e93-43c3-96e9-ebf0e69bccda/ (# MALWARE [PTsecurity] Trojan-Spy.Win32.Delf(Banload))
# Reference: https://www.virustotal.com/gui/ip-address/104.154.43.185/relations
# Reference: https://www.virustotal.com/gui/file/b22f8eaf82e15fe8118617cd7db703486696a82924dbafcbc31d8ce1262fcdb5/detection
# Reference: https://www.virustotal.com/gui/file/2f4db2bd529b5705308afd647b26d1a172d34b31d3382da57bac67aa3373a43c/detection
# Reference: https://www.virustotal.com/gui/file/507b299b76133f4ee7a30c12e23e45fa6fe9a1990ac87cb39136c25cc015e011/detection

104.154.43.185:60001

# Reference: https://twitter.com/NtSetDefault/status/1282277236423512065
# Reference: https://www.virustotal.com/gui/file/bc0073b75adda338d994361b4ebc1bc964197826ee75cf790948f128785780bc/detection
# Reference: https://app.any.run/tasks/637f560b-00da-442c-aef5-6ebc990a0646/

outlook39923.autodesk360.com

# Reference: https://twitter.com/NtSetDefault/status/1285909036815323136
# Reference: https://twitter.com/NtSetDefault/status/1285914518095302656
# Reference: https://app.any.run/tasks/599e1eb9-a1c9-4d80-b33d-281cd619cc6c/

correiosbrasilsedex.serveftp.org
enviocorreios.serveftp.org
sendcorreiosbr.serveftp.org
seusedexrapido.serveftp.org
m0380933669.s3-us-west-1.amazonaws.com
u3028903369.s3-us-west-1.amazonaws.com

# Reference: https://twitter.com/NtSetDefault/status/1273040649542131713

emissaocontadigital.eastus.cloudapp.azure.com

# Reference: https://twitter.com/sirpedrotavares/status/1305076741107519488
# Reference: https://www.virustotal.com/gui/file/e6cbaf9d2d01467048c758ba5e6ef3b68e624f67ece32dd68ebfeab235ed7ce5/detection
# Reference: https://www.virustotal.com/gui/file/cd878cd53b60f3bd950dc84ca731e07b4b49e18aed28f7e5d0bb39e5ab9c4ae7/detection
# Reference: https://www.virustotal.com/gui/file/373386e10c2e71329f0e8b4f51bef1fc0c4eb716f459cdf8a93941cff336b89b/detection
# Reference: https://www.virustotal.com/gui/file/8e9e5c2e16c8712f9e1ebfd4c295a1afe9373b95580ca73352f32e37d07408b6/detection
# Reference: https://www.virustotal.com/gui/file/4227332820fffcae05ae9d12a0e0b20f2291eb7b6bf8982b5301f24caadfbe8e/detection
# Reference: https://www.virustotal.com/gui/file/c05e9c1b155559d500ed0a2b3ca4c02d2a679db4191a7b35b9c44c2bdd61210d/detection
# Reference: https://www.virustotal.com/gui/file/985485888ef165eba912578cceb76981e9e5841bf928db739afbf472ea09deff/detection
# Reference: https://www.virustotal.com/gui/file/23892054f9494f0ee6f4aa8749ab3ee6ac13741a0455e189596edfcdf96416b3/detection
# Reference: https://www.virustotal.com/gui/ip-address/191.235.99.13/relations
# Reference: https://www.virustotal.com/gui/ip-address/52.91.227.152/relations

http://191.235.99.13
http://52.91.227.152

# Reference: https://otx.alienvault.com/pulse/5f75c5efcce31cfc583bafaa

58sky.com
wdx.go890.com
khelpdesk.com.br
go890.com
mg.5636.com
master.khelpdesk.com.br
