# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/siri_urz/status/1582325545031069697
# Reference: https://www.virustotal.com/gui/file/2a0047fe9748f2a45196dbf75e4f1a951d249daad380cbc9eab85ff66fb35814/detection

medusa-stealer.cc

# Reference: https://twitter.com/g0njxa/status/1670054103899152384

http://77.105.147.140

# Reference: https://twitter.com/FalconFeedsio/status/1681963953507774464

http://193.233.133.153
http://193.233.133.198
http://193.233.133.243
http://193.233.133.97
http://5.61.49.177
http://77.105.146.254
http://79.137.199.199

# Reference: https://www.virustotal.com/gui/file/f0c730ae57d07440a0de0889db93705c1724f8c3c628ee16a250240cc4f91858/detection

79.137.203.39:15666

# Reference: https://www.virustotal.com/gui/file/ddf3604bdfa1e5542cfee4d06a4118214a23f1a65364f44e53e0b68cbfc588ea/detection
# Reference: https://www.virustotal.com/gui/file/91efe60eb46d284c3cfcb584d93bc5b105bf9b376bee761c504598d064b918d4/detection

79.137.203.37:15666

# Reference: https://www.virustotal.com/gui/file/d2ab97a60d2ed615e91c640fe0ee59e5ddc63fe985cdf5e9f24e0bce80e9870d/detection
# Reference: https://www.virustotal.com/gui/file/cbc07d45dd4967571f86ae75b120b620b701da11c4ebfa9afcae3a0220527972/detection
# Reference: https://www.virustotal.com/gui/file/a73e95fb7ba212f74e0116551ccba73dd2ccba87d8927af29499bba9b3287ea7/detection

79.137.207.132:15666

# Reference: https://www.virustotal.com/gui/file/e2cc35ec3dcbd33d5d75fe7cabe4400dcdf06cf5e7fc3e94a1b3b6f2d8cbd125/detection
# Reference: https://www.virustotal.com/gui/file/9e2b8c3888b8a93e8ebab39e7a6b636f921888edb7d15a6ab56b2e119693aaa8/detection

77.105.147.140:15666

# Reference: https://www.virustotal.com/gui/file/6d8ed1dfcb2d8a9e3c2d51fa106b70a685cbd85569ffabb5692100be75014803/detection

185.106.94.105:15666

# Reference: https://www.virustotal.com/gui/file/29cf1ba279615a9f4c31d6441dd7c93f5b8a7d95f735c0daa3cc4dbb799f66d4/detection

167.88.15.114:15666

# Reference: https://russianpanda.com/2023/06/28/Meduza-Stealer-or-The-Return-of-The-Infamous-Aurora-Stealer/
# Reference: https://otx.alienvault.com/pulse/64a2f554317bc46cc4bdb6e7

http://89.185.85.245

# Reference: https://www.virustotal.com/gui/file/1bce735ad1009327c2cc1ba36aa3cad6ec6f4dc3d0b3fff104d283845670c674/detection

5.42.72.7:15666

# Reference: https://twitter.com/g0njxa/status/1717563999984717991
# Reference: https://en.fofa.info/result?qbase64=aWNvbl9oYXNoPSItNTU5NjA4OTIwIg%3D%3D

http://103.178.234.127
http://104.194.128.75
http://109.107.173.48
http://109.107.181.169
http://109.172.45.21
http://116.202.205.243
http://116.203.191.125
http://146.70.161.13
http://154.91.90.121
http://162.33.179.114
http://178.20.43.135
http://178.20.46.217
http://178.236.246.253
http://178.236.246.39
http://178.236.247.9
http://185.106.92.204
http://185.106.94.31
http://185.106.94.70
http://185.149.146.159
http://185.161.251.204
http://185.17.0.222
http://193.233.133.81
http://194.87.71.159
http://20.0.25.177
http://212.113.116.56
http://212.118.52.90
http://41.208.73.44
http://45.150.65.121
http://45.155.249.38
http://45.74.19.107
http://5.182.87.160
http://5.182.87.27
http://5.42.72.48
http://5.42.72.7
http://5.42.77.121
http://5.42.77.239
http://5.42.78.61
http://51.81.243.237
http://74.50.93.136
http://77.105.147.136
http://77.105.147.90
http://78.141.239.24
http://79.137.195.27
http://79.137.202.225
http://79.137.203.233
http://79.137.203.254
http://79.137.203.80
http://79.137.205.179
http://79.137.205.201
http://79.137.207.226
http://79.137.207.240
http://79.137.207.251
http://79.137.207.44
http://8.217.23.144
http://85.192.63.240
http://85.192.63.35
http://85.192.63.65
http://89.185.85.132
http://89.185.85.34
http://89.208.103.215
http://89.208.107.135
http://89.208.107.158
http://91.92.242.146
http://94.228.162.22
http://94.228.170.3
http://94.228.170.86
http://95.181.173.181
http://95.181.173.233
http://95.181.173.235
http://95.181.173.28
http://95.181.173.8
http://95.216.100.78
185.26.239.246:81
202.92.4.174:8000
izh-85-232.nm-s.ru
journalpatrol.com
knoxdevelopers.com
limaxmakeup.com
makinika.com
markertingsbritishcouncil.com
tehranuniversity.website
dl.tehranuniversity.website
xxmc-h5.xinxinmuchang.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.meduza/ (# 2023-12-07)

http://5.182.86.32
http://5.42.94.65
adsmahsa.xyz
appblendemulator.info
appblendstacks.top
basta-tourmoscow.ru
cdn.morisniff.ir
concert-uz.ru
convhandvideo.info
d1.morisniff.ir
easyvideoconverters.com
fhipp-dbms.top
handbrakeconv.top
highqualityconverter.com
hp22.weket.shop
ideastradeai.com
ideastradeai.top
ii.nggg.fun
marz6.adsmahsa.xyz
morisniff.cloudns.ph
morisniff.ir
nggg.fun
nimmajic.online
sc.nimmajic.online
test.morisniff.cloudns.ph
trustpilots.cam
xampp.info

# Reference: https://twitter.com/ShilpeshTrivedi/status/1737813215395074421
# Reference: https://www.virustotal.com/gui/file/0a7fea34c7f7732b275a6b4422fa2868937a97bcb4465a2dcb9e7abb1bb3d3db/detection

103.241.72.56:15666
103.241.72.56:8080

# Reference: https://threatfox.abuse.ch/browse/malware/win.meduza/ (# 2023-12-25)

http://5.182.87.130
http://80.85.241.169
http://85.192.63.29
http://89.208.106.112
http://91.103.253.190
http://92.246.136.222

# Reference: https://twitter.com/FalconFeedsio/status/1741002630602883320

http://79.137.194.188
http://79.137.203.12

# Reference: https://twitter.com/FalconFeedsio/status/1743260044857397436
# Reference: https://twitter.com/RakeshKrish12/status/1743515007441322357

http://141.98.83.242
http://185.225.200.120
http://45.141.215.173
http://45.93.20.207
http://51.195.28.168
http://77.232.142.8
http://85.192.63.57
http://91.103.253.184
http://91.92.248.223
http://94.228.162.149
http://94.228.168.159

# Reference: https://twitter.com/banthisguy9349/status/1744362094869241869

37.110.19.55:88
ams-k-node1.vleo.ru
bloodyservice.online
cricketastroking.com
dddd-new.vreexy.top
fbadearnings.com
first.bloodyservice.online
game2.netbaazi.sbs
iamabdulqadeer.com
netbaazi.sbs
rahgozargermany21.vreexy.top
server-fr1.vreexy.top
third.bloodyservice.online
vreexy.top
zeaas.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.meduza/ (# 2024-01-23)

http://193.233.255.60
http://212.113.116.110
http://77.73.131.73
goldelya.tech
kharej.goldelya.tech
medusa.goldelya.tech
