# Copyright (c) 2014-2022 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: ostap, sload

# Reference: https://www.proofpoint.com/us/threat-insight/post/sload-and-ramnit-pairing-sustained-campaigns-against-uk-and-italy

maleass.eu

# Reference: https://twitter.com/VK_Intel/status/1021453551975817217

wjcqsstycdujc.eu

# Reference: https://twitter.com/reecdeep/status/1136581953770205185

casasmocambique.com

# Reference: https://twitter.com/reecdeep/status/1138006570934185987

consciousrevolutionist.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1167351884367237120

/angola/mabutu.php

# Reference: https://twitter.com/reecdeep/status/1172122826251415552

cvrwe.eu
ijve.eu
rdtber.eu
uilomiku.eu

# Reference: https://twitter.com/reecdeep/status/1185090113929388032

bohuffsite.com

# Reference: https://twitter.com/reecdeep/status/1186179780468719617

howeconsultingsf.com
nvroe.eu
rtexo.eu

# Reference: https://app.any.run/tasks/b6f6bfe1-c483-46c5-8abc-899c1e08f5d5/
# Reference: https://www.virustotal.com/gui/file/148d74e453e49bc21169b7cca683e5764d0f02941b705aaa147977ffd1501376/detection

dempoloka.com

# Reference: https://twitter.com/reecdeep/status/1192094807470030848

avs.bohuffsite.com
bohuffsite.com

# Reference: https://twitter.com/reecdeep/status/1216640918067056640

clubdeajedrezmatamoros.com

# Reference: https://twitter.com/reecdeep/status/1216659090941915137

hnerert2.eu
nweryh2.eu

# Reference: https://twitter.com/reecdeep/status/1221703060256325633
# Reference: https://twitter.com/reecdeep/status/1221708126824562689
# Reference: https://twitter.com/CertPa/status/1221774114446368774
# Reference: https://www.virustotal.com/gui/ip-address/185.197.74.169/relations

cramelcorp.com
delight-plus.com
hnerert.eu
hnerert1.eu
hnerert3.eu
nweryh.eu
oilkjhg.eu
turthgr.eu
tuyukj.eu
uybwer.eu
uyikjtn2.eu

# Reference: https://www.proofpoint.com/us/threat-insight/post/sload-and-ramnit-pairing-sustained-campaigns-against-uk-and-italy

cflfuppn.cn
ellapod.eu
xityeksmwi.eu

# Reference: https://twitter.com/reecdeep/status/1252531768462319617

nephemp.com/neplod/02581650393.jpg
joplock.eu
zarwrite.eu

# Reference: https://twitter.com/guelfoweb/status/1252552464651468801
# Reference: https://twitter.com/malwrhunterteam/status/1253347810537353217

zoomovers.com/momo/
woodlandislamiccenter.com/disop/

# Reference: https://twitter.com/VirITeXplorer/status/1259752786599829504

ptankers.com
bilkas.eu
tarfros.eu
illionback.eu
zapforyou.eu

# Reference: https://twitter.com/reecdeep/status/1277921837146652673

hnmrtew.eu
nerfvbg.eu

# Reference: https://twitter.com/reecdeep/status/1282637448699416577
# Reference: https://twitter.com/rootella_/status/1282570904539738112

lwyhef.eu
mzgotech.com
ponmer.eu

# Reference: https://www.virustotal.com/gui/file/3e9720f20d45daddeffbdff3a6543d0e12a75f323b5172c30bb2b7b16c277319/detection
# Note: ```/.well-known/pki-validation/w.php``` belongs to ```lokibot.txt``` trail

/.well-known/pki-validation/2c.jpg

# Reference: https://twitter.com/reecdeep/status/1305399383911997441

cvbyti.eu
uykjhfgn.eu

# Reference: https://twitter.com/JAMESWT_MHT/status/1305480728684232704
# Reference: https://www.virustotal.com/gui/file/147e1d26153de7bd5033968d64104bb9df597d1913f237f4f5b172f06414b775/detection

alkwti.com
designologyng.com
devopotamus.com
idrivehrcenter.com
innerearthartistry.com
sapphireloading.com
unequipoganador.com
weavehairstyle.com

# Reference: https://www.virustotal.com/gui/domain/geundik.com/relations
# Reference: https://www.virustotal.com/gui/file/6cc54a52311cd07394327c4e1b4f6aee3797665200f215abfaf4607b71829757/detection

geundik.com

# Reference: https://twitter.com/VirITeXplorer/status/1348551960941776896
# Reference: https://twitter.com/JAMESWT_MHT/status/1348569630449790978
# Reference: https://www.virustotal.com/gui/ip-address/185.156.172.108/relations
# Reference: https://www.virustotal.com/gui/file/cac189a5012b3ca0c2b420d5dcbadd0b20d377514baf4450219e37e19363e2ae/detection
# Reference: https://www.virustotal.com/gui/file/d61754005944686cef24924802bd7c192ee11f3e222f3f2b4a321a2cebc61dc6/detection
# Reference: https://www.virustotal.com/gui/file/f4e443285e418182fe8f11f755957ca096db495c94a1946bca1d69f0e29e8de1/detection
# Reference: https://www.virustotal.com/gui/file/d1e8b81e6f2874db743397c4fe0346a886b8539c4e0bb9a67a1ec4e2866fd678/detection
# Reference: https://www.virustotal.com/gui/file/d5ff868de414488362507dfc8a20f3df47114da6c5518ac0be9bd216bee01e59/detection

antivirucidal.com
belfetproduction.com
cxminute.com
ladiesincode.com
letonguesc.com
univirtek.com
ryunrth1.eu

# Reference: https://twitter.com/VirITeXplorer/status/1412000658698477568

opoietj.eu
sertyty.eu

# Reference: https://www.virustotal.com/gui/file/7f0195a75477d51b4f28d8509cbda22c2611d75e877276859498b074b773c322/detection

chinghsiang.com

# Reference: https://www.virustotal.com/gui/file/9655ea42cd676422eca02ae2c81c9caa7f1d7667d7c6e37d47733be16bda0045/detection

floridaprotiles.com

# Reference: https://www.virustotal.com/gui/ip-address/146.70.35.206/relations

compucema.com
jrsawesomebuilds.com
laserunlimitedindia.com

# Reference: https://www.virustotal.com/gui/ip-address/185.80.53.202/relations

bthfdr.eu
bthfdr1.eu
dgrtj.eu
erthgyrteh.eu
fgjusatik.eu
gjyke.eu
gyoin.eu
hjrdsyj.eu
hjui.eu
kuyikryf.eu
kuyikryf1.eu
rebnow1.eu
reybve.eu
rtyht.eu
ryunrth.eu
tytrgv.eu
tytrgv1.eu

# Reference: https://www.virustotal.com/gui/file/b23d4059edb249e79913e27a7e166017d4a50bb6f1220ef175830826d9b484a4/detection

http://195.123.241.180
/kiytrscuvbuytnkudjvt/

# Reference: https://www.virustotal.com/gui/file/81404cb0efe62dd91dbf7259d34fa1577cd2d74c353a4cc1a9b7eede24720592/detection

tuktuk24.pw

# Reference: https://twitter.com/vinopaljiri/status/1481707473534951428
# Reference: https://bazaar.abuse.ch/sample/e39c7edbd6d906a8c2c3b5bd2825dd11b7e0ca57a80802da11c202f9a5154c13/#comments
# Reference: https://www.virustotal.com/gui/file/7e1f267168a9c065009aedae592610e35c37eb59a04167bb5d982ca54fab2536/detection
# Reference: https://www.virustotal.com/gui/file/62128124274283114c9e1a4ee695bdbb3ef9892d8588830820dd2049bcb054d7/detection

http://193.56.146.34
193.56.146.34:6666
193.56.146.34:7777

# Reference: https://twitter.com/reecdeep/status/1490667104705650688
# Reference: https://www.virustotal.com/gui/ip-address/185.117.91.147/relations

hgjui.eu
hkjt.eu

# Reference: https://www.virustotal.com/gui/file/affe48775d86f29b81657a2d916ea72d9ea313286487df3f455523db1abc4992/detection
# Reference: https://www.virustotal.com/gui/file/d863704583bd135ddb01295ec8df0d7e23b7d036dd29205433f976c447b31ea4/detection

energyreviews.info

# Reference: https://www.virustotal.com/gui/file/84c88c3462ce8586c3123bbf0eb330e7ede6cc334ca29eccfd593ac54a612f89/detection

hostlan.ddns.net

# Reference: https://www.virustotal.com/gui/file/701a3bea607466d8695b0529154db8ad8f612079cc387e170a379df22fd26423/detection

documentfiles.org

# Reference: https://www.virustotal.com/gui/file/862f90934b1e70fcba4d100ec6a2525e72fc9f5564ca578f8b638144995d98f4/detection

culiacanmexapp.com

# Refereence: https://twitter.com/malwrhunterteam/status/1505117542284673029
# Reference: https://www.virustotal.com/gui/file/8b78abdcbf1f920e48cd6b2f0f98f054722aeed85dad2156510c7345dc79adb1/detection
# Reference: https://www.virustotal.com/gui/file/eaf65589091d918eed715bfdcdc58693003bde48ebbb251a7bc4e55a52ba83a5/detection

webtenders.top
39eedg.webtenders.top
86eiwv.webtenders.top

# Reference: https://www.virustotal.com/gui/file/fc95c2c59d3abdff84fbf0bae9f65a24e2f3b27096134a425f58ff9bf9eca9ea/detection

md2022.3utilities.com

# Reference: https://twitter.com/reecdeep/status/1506170018437992453
# Reference: https://www.virustotal.com/gui/ip-address/185.117.91.152/relations

nmhholiut2.eu
pluner.eu
trehge1.eu
yjtyhm2.eu

# Reference: https://twitter.com/reecdeep/status/1513468470041661442

tyhretj.pw
tutyjk.eu

# Reference: https://www.virustotal.com/gui/file/45fbcd97f558df487706a5efee45fcd56a53d6d0225c4da2b3f5e07f44d6573c/detection

199.102.48.251:1433
sql8001.site4now.net

# Reference: https://twitter.com/f3d__/status/1526134628993716225
# Reference: https://www.virustotal.com/gui/file/04c5bd98c76723f2dc52ed506de1aadcd9c523655ee290954ded5064557a79b3/detection

jopkerto.tech

# Reference: https://www.virustotal.com/gui/file/013ad204ea94407ae80f99de9d790b1dc4881a228b841ff2a7edafe327971891/detection

powerdust.digital
restoreuseroffers-api.com

# Reference: https://www.virustotal.com/gui/file/49b6d7bcd5df2820a565cb74d420aa9bebca88a5ef77e5cb512996a064be33ec/detection

http://54.254.255.10

# Reference: https://www.virustotal.com/gui/file/a2bc4705df30cf44e95978b9ae8f48b5a79b2d43e42a87ad3e7bfdad23aad5fe/detection

199.102.48.248:1433
sql8003.site4now.net

# Reference: https://lists.emergingthreats.net/pipermail/emerging-sigs/2022-May/030669.html

truecolor8.xyz

# Reference: https://www.virustotal.com/gui/file/b20f82311894af0f53a50b90959503676f95ccea983a331acc4ef23a300c5383/detection
# Reference: https://www.virustotal.com/gui/file/4e0c08afd422a68d4908cd18f47694e089f916e81d53e05adfb2ddf689be5927/detection

http://170.187.237.76

# Reference: https://www.virustotal.com/gui/file/0926c663a25cbea1ce98b2ec061c31b7493ab6494f5c6c6c765576da139d5896/detection

5.206.224.233:445

# Reference: https://www.virustotal.com/gui/file/d9d32cc03cd04e5b2bd3f1158424451b253880d139c0309e13170f353d1ab51a/detection

sanggap.vn

# Reference: https://cert-agid.gov.it/wp-content/uploads/2022/06/sLoad_09-06-2022.json_.txt

bertfhop.eu
bertfhop1.eu
bertfhop10.eu
bertfhop11.eu
bertfhop12.eu
bertfhop13.eu
bertfhop14.eu
bertfhop15.eu
bertfhop16.eu
bertfhop17.eu
bertfhop18.eu
bertfhop19.eu
bertfhop2.eu
bertfhop20.eu
bertfhop3.eu
bertfhop4.eu
bertfhop5.eu
bertfhop6.eu
bertfhop7.eu
bertfhop8.eu
bertfhop9.eu

# Reference: https://www.virustotal.com/gui/file/3a4356af5c91c4e46877dacb2b88502763dfc1af0064339fa7f2b9bdad11cf78/detection

supportcheck-dns14.ga
wilkino.ml

# Reference: https://twitter.com/malwrhunterteam/status/1536428969188261890
# Reference: https://www.virustotal.com/gui/file/20d194fe98e33e152bd6a652188bb0da42e243780e718f88999fa1d4029b0f81/detection

coalminners.shop

# Reference: https://www.virustotal.com/gui/file/2e9fe6cb074abe9e4d34ca1ce2ab1e4da5f55d70ceaa349a96df00a6e2502379/detection

liveonedgessprinkle.xyz

# Reference: https://www.virustotal.com/gui/file/ab790bf86be272ed47cd9c13f060a8bf28e4d424d7716780f9e8fb27301212bd/detection

riquepuge.xyz

# Reference: https://www.virustotal.com/gui/file/12eb1cec67cb261d33c202f79ba0fad5468aaa3fcfc76f663b1618f3a7ece58c/detection

heltayokke.temp.swtest.ru

# Reference: https://twitter.com/malwrhunterteam/status/1539331504081453057
# Reference: https://www.virustotal.com/gui/file/d5fc8f42b8ec97ce6ae6007b994c855dd2b07e98697d0c2d2990d9b080d044c1/detection

http://185.66.88.250

# Reference: https://cert-agid.gov.it/wp-content/uploads/2022/06/sLoad_30-06-2022.json_.txt

caretui.eu
hgrtjutyik.eu

# Reference: https://tria.ge/201130-hvly2vhsjs/behavioral1

estebankott.com

# Reference: https://tria.ge/201123-tcqt2tttye/behavioral1

fhivelifestyle.online

# Reference: https://tria.ge/201123-m56x24578n/behavioral1

owensii.com

# Reference: https://cert-agid.gov.it/wp-content/uploads/2022/08/sLoad_01-08-2022.json_.txt

fdhtyi.eu
fredcoi.eu
