# Copyright (c) 2014-2022 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/fbgwls245/status/1408632067181604865
# Reference: https://otx.alienvault.com/pulse/60db5d29be7b348bae7da15f
# Reference: https://github.com/thetanz/ransomwatch/blob/main/docs/INDEX.md
# Reference: https://www.virustotal.com/gui/file/77a398c870ad4904d06d455c9249e7864ac92dda877e288e5718b3c8d9fc6618/detection

hivecust6vhekztbqgdnkks64ucehqacge3dij3gyrrpdp57zoq3ooqd.onion
hiveleakdbtnp76ulyhi52eag6c6tyc3xw7ez7iqy6wc34gd2nekazyd.onion

# Reference: https://twitter.com/ESETresearch/status/1454101625409265665
# Reference: https://www.virustotal.com/gui/file/6a0449a0b92dc1b17da219492487de824e86a25284f21e6e3af056fe3f4c4ec0/detection
# Reference: https://www.virustotal.com/gui/file/bdf3d5f4f1b7c90dfc526340e917da9e188f04238e772049b2a97b4f88f711e3/detection

http://194.5.212.190

# Reference: https://twitter.com/ChristiaanBeek/status/1473649747487506444
# Reference: https://twitter.com/ankit_anubhav/status/1473651830068371460
# Reference: https://www.virustotal.com/gui/domain/msupdate.us/relations
# Reference: https://www.cybereason.com/blog/powerless-trojan-iranian-apt-phosphorus-adds-new-powershell-backdoor-for-espionage
# Reference: https://www.virustotal.com/gui/file/bdf347ce89860bdde9e0b4eba3673fbcb0c5a521e4887b620106dc73650358da/detection
# Reference: https://www.virustotal.com/gui/file/1604e69d17c0f26182a3e3ff65694a49450aafd56a7e8b21697a932409dfd81e/detection
# Reference: https://www.virustotal.com/gui/file/2bc46b0362fa7f8f658ce472958a70385b772ab9361625edc0a730211629a3c4/detection

http://148.251.71.182
148.251.71.182:1389
msupdate.us
newdesk.top
symantecserver.co
cp443.newdesk.top
kcp53.msupdate.us
kw.newdesk.top
me.newdesk.top
mimt.newdesk.top
mint.newdesk.top
tcp443.msupdate.us
tcp.newdesk.top
tcp43.newdesk.top
tcp433.newdesk.top
tcp443.newdesk.top
tvp443.newdesk.top
work.newdesk.top
kcp53.symantecserver.co
tcp.symantecserver.co
tcp443.symantecserver.co
update.symantecserver.co
/symantec_linux.x86
/symantec.tmp

# Reference: https://twitter.com/r3dbU7z/status/1493685356260122628
# Reference: https://www.virustotal.com/gui/file/21774b77bbf7739178beefe647e7ec757b08367c2a2db6b5bbc0d2982310ef12/detection
# Reference: https://www.virustotal.com/gui/file/56e19d98b9490e9ea5d3328f99f6955c671f116843a7026af07ab49fe1f7c808/detection

149.28.54.212:443
ntdtv.tk

# Reference: https://twitter.com/KorbenD_Intel/status/1505929192285913089
# Reference: https://www.virustotal.com/gui/ip-address/107.173.231.114/relations

aptmirror.eu
kcp53.aptmirror.eu
tcp443.aptmirror.eu
