# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: ficker stealer, merkava, zudochka

# Reference: https://twitter.com/malwrhunterteam/status/1330249483045785604
# Reference: https://www.virustotal.com/gui/file/3b1dc7e0c9154fe384c695f8eec5622ab2ba88bf59d990def6b2c11d8519cecf/detection

45.90.218.220:8000
tracker-place.top

# Reference: https://www.domaintools.com/resources/blog/identifying-network-infrastructure-related-to-a-who-spoofing-campaign
# Reference: https://otx.alienvault.com/pulse/5fc7b50f3599afc7ab4cc5a7

adverting-cdn.com
european-who.com
health-world-org.com
office-pulgin.com
who-international.com

# Reference: https://twitter.com/anyrun_app/status/1338471840902213635
# Reference: https://app.any.run/tasks/44cd1390-8ea7-414f-9d8c-d24668623f5a/

brokstrot.com

# Reference: https://www.virustotal.com/gui/file/872e60f7287bd2382587dacdf69b70f3c2e7c7e2ceb5677b58cd540a97369bbc/detection
# Reference: https://www.virustotal.com/gui/file/94e60de577c84625da69f785ffe7e24c889bfa6923dc7b017c21e8a313e4e8e1/detection

ferguslawn.com
sweyblidian.com

# Reference: https://www.virustotal.com/gui/file/90929f4e6bd28d6a197fef323930502ac1a3dcc9de8d4dba02dc6702fd570e14/detection

mobilesuit.top

# Reference: https://app.any.run/tasks/24af325e-9770-47a1-affd-6659f99c7a49/

47.91.94.48:4153
venecia.club
gambinos.club

# Reference: https://app.any.run/tasks/0d19c78e-e054-4b16-b199-96d614d7e0b8/

93.114.128.74:80

# Reference: https://twitter.com/James_inthe_box/status/1358787345886048257

roanokemortgages.com
satursed.com
sweyblidian.com

# Reference: https://twitter.com/James_inthe_box/status/1364956102815801348

wouatiareves.ru

# Reference: https://twitter.com/malware_traffic/status/1364984475944427521

sweyblildian.com
