# Copyright (c) 2014-2023 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: SOVA

# Reference: https://www.f5.com/labs/articles/threat-intelligence/f5-labs-investigates-malibot
# Reference: https://www.cleafy.com/cleafy-labs/sova-malware-is-back-and-is-evolving-rapidly
# Reference: https://www.virustotal.com/gui/ip-address/5.101.0.44/relations
# Reference: https://www.virustotal.com/gui/file/bfa9a861d953247eea496f4a587f59e9ee847e47a68c67a4946a927c37b042c4/detection
# Reference: https://www.virustotal.com/gui/file/90ce9980da2d0b4b5493061de20b482d0410468977ff97f4abef088e2d133ad2/detection
# Reference: https://www.virustotal.com/gui/file/4f9fb1830f47c3107b2c865a169fab46f02f6e3aeb9a3673877e639755af172a/detection
# Reference: https://www.virustotal.com/gui/file/0c9616a945dd44871c7e0b76de33ed92c88ab69bb55dbd180ad75df030a0210b/detection
# Reference: https://www.virustotal.com/gui/file/0c9616a945dd44871c7e0b76de33ed92c88ab69bb55dbd180ad75df030a0210b/detection

81.19.139.34:1080
91.232.105.4:1080
busthetrel.xyz
cialarynan.xyz
covid19-hhs.com
dorelicinycass.xyz
juradannagaha.xyz
malemasenafis.xyz
mining-x.tech
mycrypto-app.com
qusahaunad.xyz
trust-nft.app
udapppacel.xyz
walananlpi.xyz
xireycicin.xyz

# Reference: https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html
# Reference: https://otx.alienvault.com/pulse/613b490772350348717d33b0
# Reference: https://www.virustotal.com/gui/file/795b279f312a773f7f556a978387f1b682f93470db4c1b5f9cd6ca2cab1399b6/detection

a0545193.xsph.ru
l8j1nsk3j5h1msal973nk37.fun

# Reference: https://www.cleafy.com/cleafy-labs/sova-malware-is-back-and-is-evolving-rapidly
# Reference: https://www.virustotal.com/gui/ip-address/185.106.93.34/relations
# Reference: https://www.virustotal.com/gui/ip-address/65.108.243.141/relations
# Reference: https://www.virustotal.com/gui/ip-address/81.19.139.34/relations
# Reference: https://www.virustotal.com/gui/file/f050effef52d04feafe277f40064caf220a4acf5dd442975533c8135b952f17e/detection
# Reference: https://www.virustotal.com/gui/file/9621358e53377ab8b0145ea3b8c01c90be60604825d37bd085557845e63dd3a4/detection
# Reference: https://www.virustotal.com/gui/file/f8077bb0ace3caea945cacf74c57153b4af35b8198fa9e07c657b3e8200eadfd/detection
# Reference: https://www.virustotal.com/gui/file/6a83410c79f9e58e134f07f6e5c953e43c7dfa10046b04a9be14a822cb5d0eb0/detection
# Reference: https://www.virustotal.com/gui/file/0b1f76ccc734fa7f9e533b839d85c4bd7ed676e7c3e581fc4a0b1cb989fe4a58/detection

apinerqpinsad.site
domain4ghost.site
domainwpatnlfq.site
inj4ghost.site
inj4ka.space
injqvadpyrs.site
miningaitubriat.site
omainwpatnlfq.site
panel2jueprasqb.site
panel3ghost.site
panel4ghost.site
panel4ka.site
panel4ka.space
panelquartiquf.site
socrersutagans.site
squareapp.online
trustpquegpan.site
satandemantenimiento.com
wecrvtbyutrcewwretyntrverfd.xyz
/api/?access=0&accounts=%5B%5D&botid=
/api/?access=1&accounts=%5B%5D&botid=
/api/?access=0&accounts=[]&botid=
/api/?access=1&accounts=[]&botid=
/api/?method=accessinfo&accessibility=0&botid=
/api/?method=accessinfo&accessibility=1&botid=
/api/?method=admininfo&admin=0&botid=
/api/?method=admininfo&admin=1&botid=
/api/?param=accessibility&value=0&botid=
/api/?param=accessibility&value=1&botid=
/api/?param=admin&value=0&botid=
/api/?param=screen&value=0&botid=
/api/?param=screen&value=1&botid=
/api/?param=sms&value=0&botid=
/api/?param=sms&value=1&botid=

# Reference: https://twitter.com/malwrhunterteam/status/1567876515613786117
# Reference: https://www.virustotal.com/gui/file/aba460774bb3f99be3be6a0fa08845f75a8c55ba2663c7bcbd9713139844cebf/detection

zasxdcfvgbhnjmkazsxdcfvgbhnjmk.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1603105037399605250
# Reference: https://www.virustotal.com/gui/file/76d4de84e32bc7f40a131f51e1fc56213b05391cb3a809330a4296c224f9cc22/detection

azqewrtynuytcdrxrszaesxcdtfvbgu.shop
azqewrtynuytcdrxrszaesxcdtfvbgu.xyz
bvgcfxdzsexrectvyubinmlklnjbhvgyctxrry.xyz
odeialaipodushkijdutrebeatrafinat.shop
zomiapppcalisis.shop

# Reference: https://twitter.com/malwrhunterteam/status/1621230303133024256
# Reference: https://www.virustotal.com/gui/file/d9fa9002accd6020f5e605f906268b90731015e34a6f33aa25fe396151012f14/detection

http://176.107.160.43

# Reference: https://www.virustotal.com/gui/file/463ced138092bb7c3086256ecb22c4d2688ad9ca7227e30cbf1e9b64bf1c9191/detection

5.161.22.162:5000
letmetakebaby.net
