# Copyright (c) 2014-2023 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: veil

# Reference: https://www.virustotal.com/gui/file/67d8a0e47628fad2ac3c107361712fbd62baafd6765cebe27050799467ece1d3/detection

3.19.3.150:18789

# Reference: https://www.virustotal.com/gui/file/a1a8571463e9eb9eec7d5c97ec0abe6fd857b0ca194368323e9e67a6b6950cf5/detection

18.223.41.243:17796
3.19.3.150:17796

# Reference: https://www.virustotal.com/gui/file/658f70cc473ac26588b8bcae90590d580149fbec14391d2e1ee3975d7f64a0f7/detection

3.19.3.150:16490

# Reference: https://www.virustotal.com/gui/file/a3ed5434cd0962e13e85377f3e2737b027d75f46445ce2410dc5538164242be9/detection

3.17.202.129:17299

# Reference: https://www.virustotal.com/gui/file/e9d549022bb6cca4724e0c4ba327090feed28274ca2d34753a53c7d62fc691f5/detection

3.19.3.150:17499

# Reference: https://www.virustotal.com/gui/file/b44b3bf9f2e8ec761a3523d45cde7eb11b13f4092c0c5c537f2b8951eaee3f9a/detection

3.19.3.150:18664

# Reference: https://www.virustotal.com/gui/file/1607f9a67c6d215557a5d6eb013a7bf0b09ea485717318d2f596c6231a4b3e13/detection

3.135.90.78:13947
3.20.98.123:13947

# Reference: https://twitter.com/malwrhunterteam/status/1291329141124616194
# Reference: https://bazaar.abuse.ch/browse/tag/RITEIL%20SERVIS%20OOO/
# Reference: https://www.virustotal.com/gui/file/485fcf4c2834e20d71b6765eccd79f6b0880d6a9fdc5d3e519a943862e9b8246/detection

77.52.245.101:8080

# Reference: https://bazaar.abuse.ch/browse/tag/RITEIL%20SERVIS%20OOO/
# Reference: https://www.virustotal.com/gui/file/30eb8727af3b8a2f4551574c7d826e9f27480e79d242b92d392b1f64091acf12/detection

77.52.149.197:8080

# Reference: https://bazaar.abuse.ch/browse/tag/RITEIL%20SERVIS%20OOO/
# Reference: https://www.virustotal.com/gui/file/314ce9b62cecb9435d9ff2338943e4e784cbfbaf9a65dbda7fe1064f477afe41/detection

77.52.147.162:591

# Reference: https://bazaar.abuse.ch/browse/tag/RITEIL%20SERVIS%20OOO/
# Reference: https://www.virustotal.com/gui/file/11123fd370dfdb5d9d5cade853fa923679377c7791bda00d2f415078e2729e65/detection

77.52.245.101:8008

# Reference: https://bazaar.abuse.ch/browse/tag/RITEIL%20SERVIS%20OOO/
# Reference: https://www.virustotal.com/gui/file/ea1213c0a684662e8305cfe1c6eeebbb12a9d1404e7571438d3730cc1df1caab/detection

77.52.149.197:11371

# Reference: https://www.virustotal.com/gui/file/8b960bc33cfb67c684a678041c828c2bf9ad9f8786c9bc53783bcc7cac158ecb/detection

156.204.54.101:1234
freenote20.ddns.net

# Reference: https://www.virustotal.com/gui/file/4d8714d498d56758f59f6a4e1e65767d01b5a8fa07442895b5d4469b39caa8e3/detection

193.161.193.99:28503
private147-28503.portmap.host

# Reference: https://www.virustotal.com/gui/file/72b9e6cddd3b847e45835a7d32afbc37a2d07065217d21966c9538590b4b4317/detection

114.255.25.23:39999

# Reference: https://www.virustotal.com/gui/file/409f9f3a71decc2746cfa80d821916dcc93f30bccd0d0970335b634fa89ac68e/detection

120.78.194.220:8080

# Reference: https://www.virustotal.com/gui/file/968f0fd6bda81147e5838dec62dc524c899590dbf809c6d66ecf9deebcf0c8c2/detection
# Reference: https://www.virustotal.com/gui/file/07a35f757860a3e154ba22422ffe5d3346d1b9d35d512ea71eb2c14c8104c1a4/detection

http://8.210.57.138
8.210.57.138:443
mozi.fun

# Reference: https://www.virustotal.com/gui/file/3aa7e67de95a64bb63449c70845a262fc29deeeea15da925d92301dabbd06c45/detection
# Reference: https://www.virustotal.com/gui/file/189dd6d63e9ef007d479d7abc6a3e66a09036b92a8e22b5808e78a53ad3d23e6/detection

117.252.180.207:8081
59.98.19.237:8086
server441.ddns.net

# Reference: https://www.virustotal.com/gui/file/26e872bffc7855d27db5202f64ce052780e9011a3a0d044a5e58c904668446db/detection

http://65.49.209.210
65.49.209.210:8123
panda.homes

# Reference: https://twitter.com/luc4m/status/1473016100208193538
# Reference: https://www.virustotal.com/gui/file/07d2c7e6ad2f889fc3ab3313b01f2c4fdb698a273309d9674a539bb49e935096/detection
# Reference: https://www.virustotal.com/gui/file/d7e30e17c271be6e32c4492c65432d96addde5de51b5a2f296f6bb0c9b8e73d1/detection

185.254.196.122:4445

# Reference: https://www.virustotal.com/gui/file/e537a63ffbb92e25061fd4e8d210b8c9ba96c9c74c8f3c5683e06fa766c095dc/detection

freename.no-ip.biz

# Reference: https://www.virustotal.com/gui/file/78a5601d6e622921b5364d265445316aa7a7a83c508150c133e0bfb0ffb8f69e/detection

f0589740.xsph.ru

# Reference: https://www.virustotal.com/gui/file/8f9995aaaf8096437e625027c31650ccf8a2d35bf841c0fe489e267f6cfe4c16/detection

http://110.42.170.219
110.42.170.219:8080

# Reference: https://twitter.com/malwrhunterteam/status/1492139766409748487
# Reference: https://www.virustotal.com/gui/file/afe1274014f8b9221aba0dbab08fd3cc7bb8a436745e65697fb8c88ac37fbb82/detection

hublinklogistics.online
mail.hublinklogistics.online

# Reference: https://www.virustotal.com/gui/file/2e2a71e5f2139a640b436f6894a944b3d02c85744c211aaa266e12761543efc5/detection

120.79.99.82:6666

# Reference: https://www.virustotal.com/gui/file/1821113b7134dcaebd9004a1c84b862e97be6b9a8dbce62fe4b4440656430fb9/detection

1qaz5tgb.vaiwan.com

# Reference: https://www.virustotal.com/gui/file/af469070fb16d7cefd7f19240629483575764a59049f6cca4180d2518f4bf969/detection
# Reference: https://www.virustotal.com/gui/file/b7bcb5ec0b229b7547f9b24524b1964b997025db1437a14c27ef6b698e14c6bb/detection

83.41.130.122:1337
83.41.130.122:1338
83.41.130.122:1339
/payloads/n71.py
/payloads/sQs.py
/stagers/n71.py
/stagers/sQs.py
/flask_wtf/

# Reference: https://www.virustotal.com/gui/file/2f7258db6cebcdc2ed7082576ed37580c9061010356c0be0f69876ee4b8033aa/detection

51.81.133.91:956
ramziv.com

# Reference: https://www.virustotal.com/gui/file/899719a27c8b0648d94db95975b53a262f735024714b18135ac4ced227df6950/detection

5.39.217.212:1338

# Reference: https://lists.emergingthreats.net/pipermail/emerging-sigs/2022-May/030667.html

anti-theft-web.herokuapp.com

# Reference: https://github.com/blacklotuslabs/IOCs/blob/main/WSL%20samples.txt
# Reference: https://www.virustotal.com/gui/file/53854c6d163bfd0c56d8b297ac43bd25c21f696de6063031241e792ee65df441/detection

185.63.90.137:1338

# Reference: https://www.virustotal.com/gui/file/92b901f3e6d45ab35153af340ea89d52aa3cc10bea0c2ad73cc6dfc51c8dd8de/detection

193.233.48.102:8082
193.233.48.103:8082
193.233.48.104:8082
193.233.48.105:8082
193.233.48.106:8082
193.233.48.112:8082
193.233.48.114:8082
193.233.48.119:8082
193.233.48.11:8082
193.233.48.120:8082
193.233.48.123:8082
193.233.48.124:8082
193.233.48.125:8082
193.233.48.128:8082
193.233.48.130:8082
193.233.48.131:8082
193.233.48.133:8082
193.233.48.134:8082
193.233.48.136:8082
193.233.48.137:8082
193.233.48.138:8082
193.233.48.143:8082
193.233.48.144:8082
193.233.48.150:8082
193.233.48.152:8082
193.233.48.156:8082
193.233.48.157:8082
193.233.48.159:8082
193.233.48.161:8082
193.233.48.163:8082
193.233.48.165:8082
193.233.48.166:8082
193.233.48.16:8082
193.233.48.171:8082
193.233.48.172:8082
193.233.48.174:8082
193.233.48.176:8082
193.233.48.177:8082
193.233.48.179:8082
193.233.48.17:8082
193.233.48.180:8082
193.233.48.185:8082
193.233.48.186:8082
193.233.48.188:8082
193.233.48.190:8082
193.233.48.191:8082
193.233.48.195:8082
193.233.48.196:8082
193.233.48.199:8082
193.233.48.201:8082
193.233.48.202:8082
193.233.48.208:8082
193.233.48.209:8082
193.233.48.20:8082
193.233.48.210:8082
193.233.48.213:8082
193.233.48.219:8082
193.233.48.21:8082
193.233.48.221:8082
193.233.48.222:8082
193.233.48.228:8082
193.233.48.230:8082
193.233.48.232:8082
193.233.48.235:8082
193.233.48.238:8082
193.233.48.240:8082
193.233.48.243:8082
193.233.48.251:8082
193.233.48.25:8082
193.233.48.29:8082
193.233.48.30:8082
193.233.48.31:8082
193.233.48.32:8082
193.233.48.38:8082
193.233.48.39:8082
193.233.48.42:8082
193.233.48.43:8082
193.233.48.46:8082
193.233.48.51:8082
193.233.48.54:8082
193.233.48.55:8082
193.233.48.59:8082
193.233.48.61:8082
193.233.48.70:8082
193.233.48.72:8082
193.233.48.75:8082
193.233.48.7:8082
193.233.48.81:8082
193.233.48.82:8082
193.233.48.88:8082
193.233.48.8:8082
193.233.48.92:8082
193.233.48.93:8082
193.233.48.95:8082
193.233.48.97:8082
193.233.48.99:8082
194.87.218.105:8082
194.87.218.107:8082
194.87.218.108:8082
194.87.218.113:8082
194.87.218.114:8082
194.87.218.115:8082
194.87.218.116:8082
194.87.218.11:8082
194.87.218.129:8082
194.87.218.12:8082
194.87.218.130:8082
194.87.218.132:8082
194.87.218.143:8082
194.87.218.144:8082
194.87.218.151:8082
194.87.218.155:8082
194.87.218.159:8082
194.87.218.161:8082
194.87.218.166:8082
194.87.218.16:8082
194.87.218.172:8082
194.87.218.175:8082
194.87.218.182:8082
194.87.218.188:8082
194.87.218.191:8082
194.87.218.199:8082
194.87.218.19:8082
194.87.218.200:8082
194.87.218.202:8082
194.87.218.207:8082
194.87.218.20:8082
194.87.218.211:8082
194.87.218.220:8082
194.87.218.229:8082
194.87.218.22:8082
194.87.218.232:8082
194.87.218.235:8082
194.87.218.245:8082
194.87.218.246:8082
194.87.218.30:8082
194.87.218.41:8082
194.87.218.45:8082
194.87.218.50:8082
194.87.218.52:8082
194.87.218.54:8082
194.87.218.55:8082
194.87.218.62:8082
194.87.218.63:8082
194.87.218.65:8082
194.87.218.69:8082
194.87.218.7:8082
194.87.218.91:8082
194.87.218.98:8082
194.87.218.99:8082

# Reference: https://www.virustotal.com/gui/file/56c71771fe95f622e089af65b0eb8eada4b540d05a5ca62266066076b11cb0a2/detection

104.21.36.13:2096
175.178.253.29:8078

# Reference: https://www.virustotal.com/gui/file/16a40c4043a9eb9b0a08856304fb1212e28d445d86b81d7c4d22a6b5f6e7754e/detection

172.67.183.14:2096

# Reference: https://twitter.com/jaydinbas/status/1555252921381621763
# Reference: https://twitter.com/r3dbU7z/status/1609167125159071746
# Reference: https://twitter.com/malwrhunterteam/status/1612878799707983873
# Reference: https://www.joesandbox.com/analysis/781545?idtype=analysisid#iocs
# Reference: https://www.virustotal.com/gui/ip-address/199.188.206.3/relations
# Reference: https://www.virustotal.com/gui/ip-address/206.166.251.12/relations
# Reference: https://www.virustotal.com/gui/file/24d66c7d5c6250403a957c282772b01c9edab85a29bcea8e0690ad7672f74ddf/detection
# Reference: https://www.virustotal.com/gui/file/4a32aa89a5250801c53d19370d98682e0561b642901bdd2987831bc983e0a544/detection
# Reference: https://www.virustotal.com/gui/file/f4354796c7aee104f6cfe1f66aef5bd03cdefde90409cc8ae529024ce60e09ee/detection

http://206.166.251.12
169.239.129.108:5555
bbprizz.com
prizebb.com
securewares.site
secureway.fun
files.secureway.fun
login.securewares.site
login.secureway.fun
install.realproheros.com

# Reference: https://www.virustotal.com/gui/file/a64245a5843cf289fb23169c561f9136c873165eb9d883bec47faeb73d3b8f4e/detection
# Reference: https://www.virustotal.com/gui/file/936ab5649f300aeab28640239bdf7e8eb62f8dc5344ffffe87912c97e28fe389/detection
# Reference: https://www.virustotal.com/gui/file/72fbcc57dc384ded926a96bbf82cac503f3986f2cb96178be259b91f961dbe41/detection
# Reference: https://www.virustotal.com/gui/file/53dc1be94450eeb91f1d36f27d056e834e05ee35a0b44f0c1818dfe684ce08c8/detection
# Reference: https://www.virustotal.com/gui/file/3a6d373f3bc8e36145a7e5d48465836fe80bf3cdde30377ac90a03eb1df5a371/detection

43.143.162.153:8080

# Reference: https://www.virustotal.com/gui/file/1fe0162e3b68d41262d29b77005d2e13e0af309dcd0b1a4f09d350bc1614afea/detection

11.23.33.44:47143
dumb5206-47143.portmap.host

# Reference: https://blog.talosintelligence.com/threat-roundup-1021-1028-2/ (# Win.Malware.Python-9975702-0)

foxlocfe.beget.tech
hacker.my1.ru
s30.ucoz.net
s51.ucoz.net
s54.ucoz.net

# Reference: https://www.virustotal.com/gui/file/991db79632f6f6f4a5d6a6575aed744492aa2954e2c09f01242422061b3593c7/detection

139.162.77.242:8080

# Reference: https://twitter.com/r3dbU7z/status/1595181847016767493
# Reference: https://twitter.com/r3dbU7z/status/1595727153567498242
# Reference: https://www.virustotal.com/gui/file/f2819b77b1061be1f6f32c8c142df471f3771dbfb4d26c89c14faae8048af7b7/detection

139.162.77.242:8081
139.59.11.24:8080
139.59.11.24:8081

# Reference: https://twitter.com/malwrhunterteam/status/1599021885173379072
# Reference: https://www.virustotal.com/gui/file/f73ccd67a7a37668cbba6a8015a177373593252a83eeb7a1c0302ba2b648ecaa/detection
# Reference: https://www.virustotal.com/gui/file/4ba80767469a39af019984693582f006395b5fada1f68a407417d6b9595d0aea/detection

44.230.248.34:22

# Reference: https://www.virustotal.com/gui/file/181fcaee6492e81918abb48e75a1ec7ee441f30814f927458a86896c3d686872/detection

145.14.144.98:42439
145.14.145.4:43668

# Reference: https://twitter.com/Purp1eW0lf/status/1602989967776808961

179.60.149.28:4427

# Reference: https://www.virustotal.com/gui/file/1c88ebbedebe88e9de3b0694fcfc50db071201ec03b515ed7e383ce7701d3499/detection
# Reference: https://www.virustotal.com/gui/file/8c96f68983d2121849c035f840232fa2882fe36d3330ba7751fe5087e39274f5/detection

178.250.158.229:443

# Reference: https://twitter.com/r3dbU7z/status/1608014855084072962
# Reference: https://www.virustotal.com/gui/ip-address/168.138.130.12/relations
# Reference: https://www.virustotal.com/gui/file/c3d211758a1061afe67cfeb1e63a4c3cc870534e8b6bab2fbb5423e56268ff96/detection
# Reference: https://www.virustotal.com/gui/file/f3b47d77553a489ab492849a3d8045f33d978d785b270e4d79309b41d8f91aa9/detection

updateptbr.online
archive.updateptbr.online
mail.updateptbr.online
mx.updateptbr.online

# Reference: https://www.virustotal.com/gui/file/bebb0109b37c20614dd423fac267883f1d82b57e361e66ec215f0560a415d5f3/detection

http://108.61.117.30

# Reference: https://www.virustotal.com/gui/file/27e69c96af1f692ce43706904de61f841abec45a57ff0b7a7d3cbbb417455a53/detection

http://179.60.150.118
179.60.150.118:443

# Reference: https://twitter.com/malwrhunterteam/status/1616055391045156866
# Reference: https://www.virustotal.com/gui/file/74dd9c8896969dac4e61de8a790dc8e11f1683ddb800f841574c27984b6b82c3/detection

152.136.105.53:801

# Reference: https://twitter.com/Artilllerie/status/1628774019380961282

free-gptchat.com
