# Copyright (c) 2014-2023 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Reference: https://www.welivesecurity.com/2019/08/01/banking-trojans-amavaldo/ clausdomain.homeunix.com balacimed.mine.nu fbclinica.game-server.cc newcharlesxl.scrapping.cc # Reference: https://twitter.com/huntingneo/status/1332014388207886338 # Reference: https://twitter.com/huntingneo/status/1331681054474838017 emissaovivofaturasonline.eastus.cloudapp.azure.com faturadigitalvivopdf.brazilsouth.cloudapp.azure.com faturavivoemaberto.brazilsouth.cloudapp.azure.com vivodigitalfaturapdfvia.brazilsouth.cloudapp.azure.com # Reference: https://twitter.com/linecon0/status/1268862151214710787 notafiscal2020.brazilsouth.cloudapp.azure.com # Reference: https://twitter.com/r3dbU7z/status/1414100367256731648 # Reference: https://www.virustotal.com/gui/file/78cb19e14cd4eb99db6fe1af47fb043ccbe735203a048d73464227ead1cdfed5/detection lubagalord.duckdns.org # Reference: https://github.com/pan-unit42/tweets/blob/master/2022-04-19-IOCS-for-infection-from-Brazil-malspam.txt projeto-nota.com download.kicks-ass.org gssfsfgf.scrapping.cc iofajfioshnguiosfui.from-pa.com sgfghfhdghdd.doesntexist.org # Reference: https://www.virustotal.com/gui/file/768c1e503c9a0c4a81afc764ada950e6353f47d8dddc9e59695e741e446e5885/detection claco.kicks-ass.net claco.kicks-ass.org # Reference: https://twitter.com/dodo_sec/status/1516906963623456768 # Reference: https://bazaar.abuse.ch/sample/6cb693b434ef3c9155fd802d07ef6e3d77fb2ca90435d89fa945ddf525170a0a invoices.sappleserve.com