# Copyright (c) 2014-2022 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/James_inthe_box/status/1193539893000986624
# Reference: https://www.virustotal.com/gui/ip-address/130.185.238.32/relations
# Reference: https://www.virustotal.com/gui/file/179349534f184774b18b7dbcf7442a537fe640e373f5c4cc6b39d3076240c11b/detection
# Reference: https://www.virustotal.com/gui/file/9cc448001e8ed355520e26c328d33f1b8031b26796923608cdf920fb6617dbb2/detection
# Reference: https://www.virustotal.com/gui/file/b078b3cba73f7dc905d395b014f610000ab37cc1500be00d64ce48c7cd9378b2/detection

http://130.185.238.32
coinstolkbr79.dyndns.org

# Reference: https://twitter.com/reecdeep/status/1291002877633331201
# Reference: https://app.any.run/tasks/1c5c1fef-a022-4143-b3d8-e365a38b8a20/
# Reference: https://www.virustotal.com/gui/file/8df61999996b08c2f77e53869f75e2ea399f1bad5a5dc5d5969f4b5e9d8d5751/detection

142.11.212.211:8081
pizzacircusbarcelona.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1291013627680624642

167.114.217.220:9090

# Reference: https://twitter.com/Dashowl/status/1296886074053099520

http://173.0.54.19

# Reference: https://twitter.com/JAMESWT_MHT/status/1303248634507657216

155.138.137.44:3030

# Reference: https://twitter.com/K_N1kolenko/status/1328605692643713025

146.59.193.20:1948

# Reference: https://twitter.com/ESETresearch/status/1390263927859208193
# Reference: https://twitter.com/ESETresearch/status/1390263930833063938

binanceassistance.com
spotifyannounce.com

# Reference: https://twitter.com/johnk3r/status/1524847789766852630

24.152.38.130:4398

# Reference: https://twitter.com/da_667/status/1530296455981936646
# Reference: https://www.virustotal.com/gui/ip-address/167.114.88.99/relations
# Reference: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/grandoreiro-banking-malware-resurfaces-for-tax-season/

167.114.43.27:4433
belfaro.com.br
iuc1tab1tatitbw.freedynamicdns.org
iuc1tag1sjsdtbb.freedynamicdns.org
iuc1tan1xatmtkk.freedynamicdns.org
iuc1tan1xqs4tjf.freedynamicdns.org
iuc1tas1satjtjo.freedynamicdns.org
iuc1tas1xao3taf.freedynamicdns.org
iuc1tbb0sqpmtak.freedynamicdns.org
iuc1tbs0taoztjw.freedynamicdns.org
iuc1tbw0sasztjb.freedynamicdns.org
iuc1tbw1xjoztko.freedynamicdns.org
iuc1tjf0satltbs.freedynamicdns.org
iuc1tjj0uas0tbs.freedynamicdns.org
iuc1tjk0sqpltbo.freedynamicdns.org
iuc1tjk0xqpltbo.freedynamicdns.org
iuc1tko1sqs5tjg.freedynamicdns.org

# Reference: https://twitter.com/JAMESWT_MHT/status/1531566144594841601

http://20.187.91.219
20.187.91.219:44441

# Reference: https://twitter.com/1ZRR4H/status/1549261002725679105
# Reference: https://www.virustotal.com/gui/ip-address/20.70.2.177/relations

http://20.70.2.177
a404140024b44.servehalflife.com
a40494449.servehalflife.com
a4049475a475955.servehalflife.com
a404e4306.servecounterstrike.com
a40595c5747595c.servehalflife.com
a41534548.servequake.com
a425b4159455043.zapto.org
a44504159455043.zapto.org
a44504605.zapto.org
a44504959.zapto.org
a44524358475241.servehalflife.com
a4452435e475959.servehalflife.com
a445b525b.zapto.org
a454b4603.zapto.org
a45504205455053.zapto.org
a45504603.zapto.org
a455b5303.zapto.org
a455b5e02455b42.zapto.org
a46404600.zapto.org
a46405259.zapto.org
a46405e00455b5a.zapto.org
a464b4205455a5a.zapto.org
a464b534b.zapto.org
a46524b5b.servehalflife.com
a46594b5a.servehalflife.com
a4742475f475858.servehalflife.com
a49405305.zapto.org
a4940534b.zapto.org
a495b5258.zapto.org
a4a585057.servequake.com
a4b42435b475155.servehalflife.com
a4b424b5a.servehalflife.com
a4b42505f.servehalflife.com
a4b425c57475144.servehalflife.com
a4b52505a.servehalflife.com
a4b525c06475151.servehalflife.com
a4b59505f.servehalflife.com
a4c454c5d.servecounterstrike.com
ftpbtag1sjoztbf.freedynamicdns.org
ftpbtao1sztitjf.freedynamicdns.org
ftpbtbs0uatmtko.freedynamicdns.org
ftpbtjw0xaphtaw.freedynamicdns.org
ftpxtak1wqo1tjk.freedynamicdns.org
ftpxtan0xas5tab.freedynamicdns.org
ftpxtjj0uaphtar.freedynamicdns.org
iuc1tbw0tas4tab.freedynamicdns.org
iuc1tjg0xjsftbo.freedynamicdns.org
iuc1tjn1tjo3tjs.freedynamicdns.org
iuc1tjs0xasftbo.freedynamicdns.org
xacjtjozxaw3.freedynamicdns.org
xaxhtbkzsqcm.freedynamicdns.org

# Generic

/Adkflgog30.iso
/dyngcdnefn_03.iso
/nivyjlzhdj_04.iso
/nnkokysdggit.iso
/obmkumjoxq_05.iso
/ugqvhozczb_04.iso
/yqcnfempzc.iso
/ronivon.txt
