# Copyright (c) 2014-2023 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.welivesecurity.com/2019/10/03/casbaneiro-trojan-dangerous-cooking/
# Reference: https://otx.alienvault.com/pulse/5d95e1d8a958c288f7e3d6ed

4d9p5678.myvnc.com
agosto2019.servepics.com
hostsize.sytes.net
noturnis.zapto.org
seradessavez.ddns.net

# Reference: https://twitter.com/JAMESWT_MHT/status/1245383637442482178

newlife2020.club
vqz8.gotdns.ch

# Reference: https://twitter.com/JAMESWT_MHT/status/1245399620945092609

jkue.myftp.biz

# Reference: https://twitter.com/JAMESWT_MHT/status/1268811438707159040

nhoquemassa.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1272427444486766592
# Reference: https://app.any.run/tasks/7ac99b76-0ac3-4764-bfa3-e35925ecb39b/

albumdepremios.com.br
hostmeusite.ddns.net

# Reference: https://twitter.com/JAMESWT_MHT/status/1277476249988972544
# Reference: https://app.any.run/tasks/00594f1b-f778-49ea-bfc5-2a0853a41347/

apkelites10.com
baza.alta-bars.ru

# Reference: https://twitter.com/ffforward/status/1329507229066801153
# Reference: https://www.virustotal.com/gui/ip-address/128.199.139.227/relations
# Reference: https://pastebin.com/gNgD4PS2

09dfwss6g1v73sya.online
2xo0uaqv4cqds331mart.online
3n1ujw621vaxpro.online
4atcj6ygql4l.online
4yw2twoy438df9qt.online
6c48ax07dy25hvu0hub.online
ah0nm2v13mhl8ynn.online
cevda3jvv5oz1t37.online
fd8nvvlufung.website
k6ue95v1ca2r.online
l155vcram2hl6ws0.online
mpy8n37wvwu2.website
mpy8n37wvwu2now.online
p77x09sqwx37j1l2.online
udndtiho0q7r.online
v6pa59086808a28mpro.online
x50zbqev4po5.online
x6vl9710f400g7alstar.online
yuphsa6qwtg5.online
z5im1ou9o480se02pro.online
zfi8ny6yi30s.website
zfi8ny6yi30shub.online

# Reference: https://www.virustotal.com/gui/file/be1ff9ea0cd1d99838eedabc9d4faba081d1fbf9c7c94d2575b70c64ba2298ed/detection

chooseanother.com

# Reference: https://twitter.com/ESETresearch/status/1367456126195924993
# Reference: https://twitter.com/ESETresearch/status/1367456135389851648

http://178.32.119.184/upa/2302
http://46.4.141.206a21/ld/index.php
a8b.site
cnn2602.gotdns.ch
fiscal.canadaeast.cloudapp.azure.com

# Reference: https://twitter.com/ffforward/status/1485619226023018498

hunntjadhfgempresafactura.com
solitudeempresasfactura.com
tyjghhasdempresasfactura.com

# Reference: https://twitter.com/ffforward/status/1486067904814764036
# Reference: https://www.virustotal.com/gui/ip-address/77.243.85.107/relations

down425.xyz
down5861.serveblog.net
62rdsfvcxza.freedynamicdns.net

# Reference: https://twitter.com/1ZRR4H/status/1486075893596491785

mgjw.zapto.org

# Reference: https://twitter.com/pr0xylife/status/1486082528578576386
# Reference: https://www.virustotal.com/gui/ip-address/149.248.50.230/relations
# Reference: https://www.virustotal.com/gui/file/84da58457b87687c8247d862ca1c0c709a29e5e2856af27e52e433931fc1d0d5/detection
# Reference: https://www.virustotal.com/gui/file/ee1869a4c8346e495891f8234258e1112363538bd84b102f5e57df6902488293/detection

contmxlk.gotdns.ch
contmx1.website
contxm3.ddnsking.com

# Reference: https://twitter.com/StopMalvertisin/status/1491336673518813184

/Contador/serv.php

# Reference: https://twitter.com/malware_traffic/status/1491514321309822978

158.69.110.217:42112
fischerpersianas.duckdns.org
obarrielsoluctionssx.com
/DocBr20?VF9C32I0402/4L84VA5UEVELFX0Q76L9S1K8J9/
/DocBr20?VF9C32I0402/
/4L84VA5UEVELFX0Q76L9S1K8J9/

# Reference: https://twitter.com/1ZRR4H/status/1525175056283877379

http://172.105.111.154
/a1a/10/index.php

# Reference: https://www.virustotal.com/gui/file/a41185db4d4c0accc3339f07a63965f0cbd7920fd38564f0c78944def57abfb6/detection

mercadoenvios1.loseyourip.com

# Reference: https://twitter.com/AvastThreatLabs/status/1560562872932978689

http://172.105.111.154
http://192.46.216.151
tributaria.website
vin6.icu

# Reference: https://twitter.com/pollo290987/status/1571897876988719106
# Reference: https://twitter.com/johnk3r/status/1572626297339224064
# Reference: https://www.virustotal.com/gui/file/e35bc9f085d3c7ec459e11452913b20fb44bf32ecd9b5e6dd3e12598d127dae9/detection

http://40.124.25.196
/cliente/vamoqvamo.php
/vamospracima/seligamano.php
/vamospracima/vamoqvamo.php
/vamoqvamo.php

# Reference: https://twitter.com/nuria_imeq/status/1583106258202394625

recibopagosmx2022.blob.core.windows.net

# Generic

/J8v0x5a3a6v4x0BTCsc/
