# Copyright (c) 2014-2022 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/wastedlocker-ransomware-us
# Reference: https://research.nccgroup.com/2020/06/23/wastedlocker-a-new-ransomware-variant-developed-by-the-evil-corp-group/
# Reference: https://otx.alienvault.com/pulse/5ef67e89cde1d0c1b00dd02c

adsmarketart.com
advancedanalysis.be
advertstv.com
advokat-hodonin.info
amazingdonutco.com
bettyware.xyz
celebratering.xyz
cofeedback.com
consultane.com
devicelease.xyz
fakeframes.xyz
feedbackgive.com
flablenitev.site
gadgetops.xyz
guiapocos.xyz
hotphonecall.xyz
justbesarnia.xyz
kordelservers.xyz
lendojekam.xyz
lgrarcosbann.club
lpequdeliren.fun
ludwoodgroup.xyz
msoftwares.info
mwebsoft.com
net-giftshop.info
paiolets.com
penaz.info
respondcritique.xyz
rostraffic.com
szn.services
traffichi.com
transvil2.xyz
triomigratio.xyz
tritravlife.xyz
typiconsult.com
uplandcaraudio.xyz
utenti.info
utenti.live
veisllc.xyz
websitelistbuilder.com
websitesbuilder.info
wineguroo.xyz
woofwoofacademy.xyz
backup.awarfaregaming.com
click.clickanalytics208.com
connect.clevelandskin.com
connect.clevelandskin.net
connect.clevelandskin.org
cushion.aiimss.com
dns.proactiveads.be
link.easycounter210.com
rocket2.new10k.com
track.positiverefreshment.org

# Reference: https://www.menlosecurity.com/blog/increase-in-attack-socgholish
# Reference: https://twitter.com/BushidoToken/status/1370429928160759812

news.pocketstay.com

# Reference: https://twitter.com/tosscoinwitcher/status/1379505361787359233

5e7936bb.news.pocketstay.com

# Reference: https://twitter.com/Wanna_VanTa/status/1392537130396700681
# Reference: https://www.virustotal.com/gui/ip-address/81.4.122.193/relations

login.wwpcrisis.com

# Reference: https://twitter.com/malware_traffic/status/1420490383881129990
# Reference: https://www.virustotal.com/gui/ip-address/141.255.161.180/relations

certification.mountainaireautoglass.com
public.clickstat360.com
fe1eaf89.office.drpease.com

# Reference: https://blog.group-ib.com/prometheus-tds

4107e577.payment.refinedwebs.com
e186aeb2.news.pocketstay.com

# Reference: https://twitter.com/neonprimetime/status/1475841620428062724

80e16d50.xen.hill-family.us
a962296f.xen.hill-family.us

# Reference: https://twitter.com/MBThreatIntel/status/1466107514030751747
# Reference: https://www.virustotal.com/gui/ip-address/179.43.169.31/relations

jobs.tracybrey.com
popcorn.net-zerodesign.com
second.pmservicespr.com
eba80de9.xen.hill-family.us

# Reference: https://twitter.com/th3_protoCOL/status/1460356964140007424
# Reference: https://www.virustotal.com/gui/ip-address/87.249.50.201/relations
# Reference: https://www.virustotal.com/gui/file/89380aa78a9797c1906c1c8c8a646c08155eb3d16b79d8ad502789a59f0f7f9f/detection

upstream.fishslayerjigco.com
xen.hill-family.us

# Reference: https://www.virustotal.com/gui/file/89380aa78a9797c1906c1c8c8a646c08155eb3d16b79d8ad502789a59f0f7f9f/detection

368757c6.upstream.fishslayerjigco.com

# Reference: https://www.virustotal.com/gui/file/9e663136610eb7a07dafe19a706445c2c0527ef586b7d3fbaa36e54173ac7394/detection

05579f9d.xen.hill-family.us

# Reference: https://www.virustotal.com/gui/file/d1ed30acb9aee0c8ee12c4ce10102ab732b9f304cabf9b3df302654c667e6beb/detection

0e9ff460.xen.hill-family.us

# Reference: https://www.virustotal.com/gui/file/1913554c81ea9fa5004189f067bc8618d628b85ca6dbc8964ec6bf7a4bfc0385/detection

71d665d8.xen.hill-family.us

# Reference: https://twitter.com/MBThreatIntel/status/1478515956968083456

255e7219.xen.hill-family.us
second.pmservicespr.com

# Reference: https://twitter.com/MBThreatIntel/status/1440443682369388549
# Reference: https://www.virustotal.com/gui/ip-address/81.4.122.101/relations

e73fb99b.push.youbyashboutique.com
push.youbyashboutique.com
paggy.parmsplace.com

# Reference: https://twitter.com/MBThreatIntel/status/1480595880629587971

bfa73f60.xen.hill-family.us

# Reference: https://twitter.com/SecurityAura/status/1487564086929936388

7a3a7f86.xen.hill-family.us

# Reference: https://expel.com/blog/incident-report-spotting-socgholish-wordpress-injection/

notify.aproposaussies.com

# Reference: https://twitter.com/cr4shtest/status/1494365444421128203

a5b420bd.host.integrativehealthpartners.com

# Reference: https://twitter.com/MBThreatIntel/status/1494453598087835673

staticvisit.net
20go.staticvisit.net
43cbb37d.host.integrativehealthpartners.com
go.staticvisit.net
rotation.ahrealestatepr.com

# Reference: https://twitter.com/bryceabdo/status/1499048636319162371
# Reference: https://www.virustotal.com/gui/ip-address/91.219.236.192/relations

12cff833.widget.windsorbongvape.com
1dd355b6.widget.windsorbongvape.com
48bb0f7a.widget.windsorbongvape.com
b94c3406.widget.windsorbongvape.com
widget.windsorbongvape.com

# Reference: https://twitter.com/MBThreatIntel/status/1508575992041771013

design.lawrencetravelco.com

# Generic

/Chrome.Update.3b1362.js
/Chrome.Update.88fe59.js
/Opera.Update.426482.js
