# Copyright (c) 2014-2022 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.proofpoint.com/us/threat-insight/post/systembc-christmas-july-socks5-malware-and-exploit-kits
# Reference: https://otx.alienvault.com/pulse/5d4431e60c6bf943f7f039aa

http://146.0.75.34
amnsns.com
calacs-laurentides.com
crypto-crypto.site
dsntu.top
elienne.net
gougounu.site
mmasl.com

# Reference: https://twitter.com/VK_Intel/status/1176927389328261121
# Reference: https://www.virustotal.com/gui/file/7976bfcea5c86a0b12266993b17176398d3eabe817f3c44f1a212bca9234698d/detection

fresher.at

# Reference: https://twitter.com/pancak3lullz/status/1334638629654814720

172.105.253.97:4001
http://172.105.253.97

# Reference: https://news.sophos.com/en-us/2020/12/16/systembc/
# Reference: https://otx.alienvault.com/pulse/5fe3992846c25c7182e066ed

advertrex20.xyz
advertsp74.xyz
asdasd08.com
asdasd08.xyz
decatos30.com
decatos30.xyz
gentexman37.xyz
mexstat128.com
sdadvert197.com
shopweb95.xyz

# Reference: https://isc.sans.edu/forums/diary/Excel+spreadsheets+push+SystemBC+malware/27060/
# Reference: https://otx.alienvault.com/pulse/601aedb7c7c215c1dc3bb6db/

alnujaifi-portal.com/ds/3101.gif
clinica-cristal.com/ds/3101.gif
eyeqoptical.ca/ds/3101.gif
gbhtrade.com.br/ds/3101.gif
newstimeurdu.com/ds/3101.gif
remacon.net/ds/3101.gif
skconstruction.info/ds/3101.gif
/ds/3101.gif

# Reference: https://labs.f-secure.com/blog/prelude-to-ransomware-systembc/
# Reference: https://otx.alienvault.com/pulse/609abec825e7816948042cc0
# Reference: https://www.virustotal.com/gui/file/2dc93817039e6fa4fae014e1386cffa7ac35b89feac59d8abe7f51be1c089580/detection

23.227.202.22:4142
79.110.52.9:4142
193.29.104.187:443

# Reference: http://www.intel471.com/blog/cobalt-strike-cybercriminals-trickbot-qbot-hancitor

172.105.253.97:4001
80.85.84.79:4001

# Reference: https://www.virustotal.com/gui/file/114e10d27381de27f9442d15a57fd5a4afec3e287176cd793d7cd1689e96cf17/detection
# Reference: https://www.virustotal.com/gui/file/04eac372fbe81ab6bc47ea4d728323026a08324b5edc7aa62c9ebfc664eef824/detection

109.234.39.169:4001
adirtasolution.co.id

# Reference: https://www.virustotal.com/gui/file/5398d64f2fdfb55776a0ae2eec9d8702223356ff327a91e502eaa45f14d88632/detection

139.60.161.24:4658
192.53.123.202:4658

# Reference: https://www.virustotal.com/gui/file/00d563277c832ba6a0d12f7b32f5ba19aac623bfaaabc8837d47bd6e985cd555/detection

31.44.185.11:4001
31.44.185.6:4001
michaelstefensson.com

# Reference: https://twitter.com/0xrb/status/1509072321155579907

http://31.44.185.11
http://31.44.185.6

# Generic

/systembc/exec.vbs
/systembc/post.php
