# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/James_inthe_box/status/1605596153567117312
# Reference: https://flashpoint.io/blog/risepro-stealer-and-pay-per-install-malware-privateloader/

gamefilescript.com
neo-files.com

# Reference: https://blog.sekoia.io/new-risepro-stealer-distributed-by-the-prominent-privateloader/

http://108.174.198.132
http://108.174.199.249
http://108.174.200.11
accesstostofilestorage.com
best24-files.com
boost-files.com
digitalskillset1.com
elite-hacks.ru
factor1right.com
filecryptobur.com
files-rate.com
files-sender.com
filesredproflex.com
filessite.com
filessoftpc.com
filesuk.com
fileswhiteprosoft.com
first-mirror.com
fixgroupfactor.com
fvp-files.com
get-24files.com
get-files24.com
gg-download.com
gg-loader.com
greatsofteasy.com
gs24softeasy.com
hero-files.com
jojo-files.com
m-rise.pro
my-rise.cc
my-rise.pro
myrise.pro
pickofiles.com
pin-files.com
pu-file.com
qd-file.com
rate-files.com
smartfilegen.com
socialfiletest.com
softs-portal.com
speedtestfile.com
teleportsoft.com
testitsoft.com
torggissoft.com
uc-files.com
uni-files.com
upxlead.com
vi-files.com
vip-space.com
webproduct25.com
xx1-files.com
api.my-rise.cc

# Reference: https://twitter.com/James_inthe_box/status/1625235716379930624
# Reference: https://app.any.run/tasks/236e360f-e88e-4d24-bca2-66431114e22a/
# Reference: https://www.virustotal.com/gui/file/3e8ac08892d633b002ebe862b10025b870e33a7a69435886c2203aa352fd2025/detection

d-rise.cc
/MWTSL/get_marks.php
/MWTSL/get_settings.php

# Reference: https://tria.ge/230302-ra5vmacg9y/behavioral1

http://94.142.138.113

# Reference: https://twitter.com/Jane_0sint/status/1667565169461919746
# Reference: https://app.any.run/tasks/44c1fb6d-7771-47d0-ab9d-bb0d2fc98e82/

194.169.175.128:50500

# Reference: https://app.any.run/tasks/7fa313e3-fa28-493f-ae5a-a66525b29fd5/

194.169.175.133:50500

# Reference: https://twitter.com/powershellcode/status/1682017018562715654

194.169.175.128:8081
38.47.220.202:8081
79.110.49.141:8081

# Reference: https://app.any.run/tasks/07d48cef-8f74-4755-96c9-c793a8ede462/

http://45.15.156.229

# Reference: https://threatfox.abuse.ch/browse/malware/win.risepro/

168.119.230.141:50500
171.22.28.230:50500
171.22.28.230:8081
185.173.38.198:8081
194.169.175.125:50500
194.169.175.220:50500
194.169.175.220:8081
194.169.175.233:50500
194.169.175.233:8081
45.15.159.248:8081
77.105.147.123:50500
77.105.147.123:8081
79.110.49.141:50500
79.110.62.11:50500
79.137.202.91:50500
95.214.25.231:8081
95.214.25.236:50500

# Reference: https://threatfox.abuse.ch/ioc/1148772/

194.169.175.123:50500

# Reference: https://threatfox.abuse.ch/ioc/1149414/

168.100.10.122:50500

# Reference: https://threatfox.abuse.ch/ioc/1149500/

168.100.10.122:8081

# Reference: https://threatfox.abuse.ch/ioc/1149698/

195.85.114.171:50500

# Reference: https://twitter.com/karol_paciorek/status/1693925974310617506

194.169.175.125:8081
194.169.175.249:8081
45.74.19.132:8081

# Reference: https://search.censys.io/search?resource=hosts&sort=RELEVANCE&per_page=25&virtual_hosts=EXCLUDE&q=services.http.response.html_title%3D%22Login+%E2%80%94+RisePro%22

167.235.130.175:50500
167.235.130.175:8081
168.119.230.141:8081
172.86.68.5:50500
172.86.68.5:8081
194.169.175.113:50500
194.169.175.113:8081
194.169.175.123:8081
194.169.175.124:8081
194.169.175.128:50505
194.169.175.133:8081
194.169.175.249:50500
195.85.114.171:8081
198.23.174.185:50500
198.23.174.185:8081
45.11.91.14:50500
45.11.91.14:8081
45.15.159.248:50500
45.74.19.132:50500
5.42.79.238:50500
5.42.79.238:8081
78.47.242.225:50500
78.47.242.225:8081

# Reference: https://twitter.com/salmanvsf/status/1701826371054707190

http://175.24.178.202
http://38.47.220.202
http://38.47.221.56
http://8.140.18.150

# Reference: https://twitter.com/noexceptcpp/status/1702045665423950243

171.22.28.214:8081
171.22.28.243:8081
193.31.118.35:8081
193.56.255.166:8081
194.169.175.117:8081
194.169.175.124:50500
194.87.71.215:8081
208.64.33.102:8081
213.252.245.28:8081
45.135.232.54:8081
79.110.62.11:8081
79.137.202.91:8081
95.214.25.236:8081
95.214.25.240:8081
p-rise.online

# Reference: https://threatfox.abuse.ch/browse/malware/win.risepro/ (# 2023-09-26)

http://94.228.168.51
141.98.10.48:50500
141.98.10.48:8081
171.22.28.224:50500
171.22.28.224:8081
194.169.175.122:50500
194.169.175.122:8081
45.15.156.175:50500
45.15.156.175:8081
94.142.138.35:50500
94.142.138.35:8081
94.142.138.44:50500
94.142.138.44:8081
94.228.168.51:50500
94.228.168.51:8081
95.214.25.235:50500
95.214.25.235:8081

# Reference: https://threatfox.abuse.ch/ioc/1163670/

171.22.28.214:50500

# Reference: https://threatfox.abuse.ch/browse/malware/win.risepro/ (# 2023-09-29)

171.22.28.227:50500
171.22.28.227:8081
194.169.175.239:50500
194.169.175.239:8081
45.15.156.137:50500
45.15.156.137:8081
51.89.205.213:50500
51.89.205.213:8081
94.142.138.43:8081

# Reference: https://threatfox.abuse.ch/browse/malware/win.risepro/ (# 2023-10-22)

109.107.182.9:50500
109.107.182.9:8081
171.22.28.220:50500
171.22.28.220:8081
171.22.28.222:50500
171.22.28.222:8081
171.22.28.229:50500
171.22.28.229:8081
185.216.70.222:50500
185.216.70.222:8081
194.169.175.136:50500
194.169.175.136:8081
194.169.175.144:50500
194.169.175.144:8081
194.49.94.150:50500
194.49.94.150:8081
194.49.94.152:50500
194.49.94.152:8081
194.49.94.41:50500
194.49.94.41:8081
194.49.94.53:50500
194.49.94.53:8081
43.128.18.131:50500
43.128.18.131:8081
45.153.242.188:50500
45.153.242.188:8081
45.81.39.247:50500
45.81.39.247:8081
5.161.143.161:50500
5.161.143.161:8081
5.42.92.51:50500
5.42.92.51:8081
91.103.253.146:50500
91.103.253.146:8081
91.103.253.151:50500
91.103.253.151:8081
91.92.242.226:50500
91.92.242.226:8081
94.142.138.116:50500
94.142.138.116:8081
94.142.138.143:50500
94.142.138.143:8081
91.92.252.212:50500
91.92.252.212:8081
95.214.27.231:50500
95.214.27.231:8081
95.217.34.19:50500
95.217.34.19:8081
mediaskollsoft.com

# Reference: https://embee-research.ghost.io/identifying-risepro-panels-using-censys/

128.140.73.191:50500
128.140.73.191:8081
152.89.198.49:50500
152.89.198.49:8081
185.216.70.233:50500
185.216.70.233:8081
185.216.70.238:50500
185.216.70.238:8081
37.27.22.139:50500
37.27.22.139:8081
85.209.11.247:50500
85.209.11.247:8081

# Reference: https://threatfox.abuse.ch/browse/malware/win.risepro/ (# 2023-11-22)

194.49.94.126:50500
194.49.94.126:8081
194.49.94.158:50500
194.49.94.158:8081
194.49.94.164:50500
194.49.94.164:8081
194.49.94.166:50500
194.49.94.166:8081
194.49.94.168:50500
194.49.94.168:8081
194.49.94.171:50500
194.49.94.171:8081
194.49.94.172:50500
194.49.94.172:8081
194.49.94.183:50500
194.49.94.183:8081
194.49.94.184:50500
194.49.94.184:8081
195.10.205.24:50500
195.10.205.24:8081
46.4.10.254:50500
46.4.10.254:8081
5.188.159.44:50500
5.188.159.44:8081
51.255.78.213:50500
51.255.78.213:8081
82.115.223.71:50500
82.115.223.71:8081

# Reference: https://twitter.com/g0njxa/status/1730274705691529683

194.49.94.126:47002

# Reference: https://threatfox.abuse.ch/browse/malware/win.risepro/ (# 2023-12-04)

152.89.198.222:50500
152.89.198.222:8081
152.89.198.229:8081
159.203.86.11:50500
159.203.86.11:8081
193.233.132.51:50500
193.233.132.51:8081
194.49.94.96:50500
194.49.94.96:8081
195.20.16.45:50500
195.20.16.45:8081
205.234.181.9:50500
205.234.181.9:8081
45.32.92.30:50500
45.32.92.30:8081
51.81.131.161:8081
82.147.85.246:8081
91.212.166.58:8081
91.92.241.214:8081
91.92.251.191:50500
91.92.251.191:8081
91.92.251.47:50500
91.92.251.47:8081
95.217.5.29:8081

# Reference: https://www.virustotal.com/gui/file/00d1f5a79ae5c2d5fe9125408473e2d3cf1bf2be593ffba52bb258b1b8ddbce3/detection

91.92.249.253:50500
91.92.249.253:8081

# Reference: https://threatfox.abuse.ch/browse/malware/win.risepro/ (# 2023-12-24)

152.89.198.222:50500
152.89.198.222:8081
152.89.198.229:8081
159.203.86.11:50500
159.203.86.11:8081
172.234.57.195:8081
185.149.146.75:50500
185.149.146.75:8081
185.216.70.238:50500
193.163.170.166:50500
193.163.170.166:8081
193.163.170.172:8081
193.233.132.116:50500
193.233.132.116:8081
193.233.132.49:50500
193.233.132.49:8081
193.233.132.51:50500
193.233.132.51:8081
193.233.132.55:50500
193.233.132.55:8081
193.233.132.61:50500
193.233.132.61:8081
193.233.132.62:50500
193.233.132.62:8081
193.233.132.67:50500
193.233.132.67:50505
193.233.132.67:8081
193.233.132.74:50500
193.233.132.74:8081
193.233.132.88:50500
193.233.132.88:8081
193.233.255.91:50500
193.42.33.14:8081
193.42.33.150:8081
194.36.177.30:8081
195.20.16.207:50500
195.20.16.207:8081
195.20.16.210:50500
195.20.16.210:8081
195.20.16.224:50500
195.20.16.224:8081
195.20.16.45:50500
195.20.16.45:8081
195.3.223.172:50500
195.3.223.172:8081
205.234.181.9:8081
209.145.58.236:50500
209.145.58.236:8081
45.153.242.202:50500
45.153.242.202:8081
45.32.92.30:50500
45.32.92.30:8081
5.101.0.60:50500
5.101.0.60:8081
5.101.1.60:50500
5.101.1.60:8081
51.81.131.161:50500
51.81.131.161:8081
78.153.130.249:50500
78.153.130.249:8081
82.115.223.26:50500
82.115.223.26:8081
82.147.85.246:50500
82.147.85.246:8081
87.121.87.59:50500
87.121.87.59:8081
91.208.127.168:50500
91.208.127.168:8081
91.212.166.206:50500
91.212.166.206:8081
91.212.166.58:8081
91.92.241.214:8081
91.92.249.253:50500
91.92.249.253:8081
91.92.251.191:50500
91.92.251.191:8081
91.92.251.47:50500
91.92.251.47:8081
91.92.253.38:50500
91.92.253.38:8081
92.246.138.90:50500
92.246.138.90:8081
93.123.39.164:8081
95.217.5.29:50500
95.217.5.29:8081
digitalskillset1.com
mediaskollsoft.com
