# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/h2jazi/status/1573309097021444096
# Reference: https://www.virustotal.com/gui/file/c75d905cd7826182505c15d39ebe952dca5b4c80fb62b8f7283fa09d7f51c815/detection

http://185.166.217.184
/CFVJKXIUPHESRHUSE4FHUREHUIFERAY97A4FXA/

# Reference: https://twitter.com/h2jazi/status/1636768039273377797
# Reference: https://www.virustotal.com/gui/ip-address/95.142.39.88/relations
# Reference: https://www.virustotal.com/gui/file/2df66c8258ca164e2138997754c9226d88748612e4df16cfdcb0aa89c5c874f4/detection

servicehost-update.net

# Reference: https://securelist.com/bad-magic-apt/109087/ (# CommonMagic/PowerMagic)
# Reference: https://www.virustotal.com/gui/ip-address/31.31.198.109/relations

webservice-srv.online
webservice-srv1.online

# Reference: https://twitter.com/ShadowChasing1/status/1377973764164476932
# Reference: https://twitter.com/ShadowChasing1/status/1377973769579360258
# Reference: https://www.malwarebytes.com/blog/threat-intelligence/2023/05/redstinger
# Reference: https://www.virustotal.com/gui/ip-address/45.154.116.147/relations
# Reference: https://www.virustotal.com/gui/file/fb48b9102388620bb02d1a47297ba101f755632f9a421d09e9ab419cbeb65db8/detection
# Reference: https://www.virustotal.com/gui/file/301e819008e19b9803ad8b75ecede9ecfa5b11a3ecd8df0316914588b95371c8/detection

http://176.114.9.192
http://45.154.116.147
http://91.234.33.108
http://91.234.33.185
185.166.217.184:2380
securitysearch.ddns.net

# Reference: https://twitter.com/ginkgo_g/status/1730523884649402872
# Reference: https://www.virustotal.com/gui/ip-address/5.35.100.31/relations
# Reference: https://www.virustotal.com/gui/file/fa89cbcc99939914e8655aac1f62e01d5bab35b6b4862441366290280be33e0c/detection
# Reference: https://www.virustotal.com/gui/file/c1be9aa6f4ee71180d9779ab8ebae5a84c85b72083829d24e31787cfc9da6a96/detection
# Reference: https://www.virustotal.com/gui/file/b748d7f3083d6868e1e71469dcbc2d3f6b92b4962d05040d92a0ab9378ad0da3/detection
# Reference: https://www.virustotal.com/gui/file/22eb4239b472a868ca0ab01bda28203b0b58e1788ef779ec8858c4a4fb57aa40/detection

5.35.100.31:443
kassperskylaw.ru

# Reference: https://bi.zone/eng/expertise/blog/core-werewolf-protiv-opk-i-kriticheskoy-infrastruktury/

autotimesvc.com
clodmail.ru
contileservices.net
licensecheckout.net
passportyandex.net
savebrowsing.net
softdownloaderonline.net
statusgeotrust.com
tapiservicemgr.com
uploaderonline.com
uploadingonline.com
versusmain.com
winupdateronline.com
winuptodate.com
