# Copyright (c) 2014-2023 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.welivesecurity.com/2019/08/01/banking-trojans-amavaldo/

clausdomain.homeunix.com
balacimed.mine.nu
fbclinica.game-server.cc
newcharlesxl.scrapping.cc

# Reference: https://twitter.com/huntingneo/status/1332014388207886338
# Reference: https://twitter.com/huntingneo/status/1331681054474838017

emissaovivofaturasonline.eastus.cloudapp.azure.com
faturadigitalvivopdf.brazilsouth.cloudapp.azure.com
faturavivoemaberto.brazilsouth.cloudapp.azure.com
vivodigitalfaturapdfvia.brazilsouth.cloudapp.azure.com

# Reference: https://twitter.com/linecon0/status/1268862151214710787

notafiscal2020.brazilsouth.cloudapp.azure.com

# Reference: https://twitter.com/r3dbU7z/status/1414100367256731648
# Reference: https://www.virustotal.com/gui/file/78cb19e14cd4eb99db6fe1af47fb043ccbe735203a048d73464227ead1cdfed5/detection

lubagalord.duckdns.org

# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-04-19-IOCS-for-infection-from-Brazil-malspam.txt

projeto-nota.com
download.kicks-ass.org
gssfsfgf.scrapping.cc
iofajfioshnguiosfui.from-pa.com
sgfghfhdghdd.doesntexist.org

# Reference: https://www.virustotal.com/gui/file/768c1e503c9a0c4a81afc764ada950e6353f47d8dddc9e59695e741e446e5885/detection

claco.kicks-ass.net
claco.kicks-ass.org

# Reference: https://twitter.com/dodo_sec/status/1516906963623456768
# Reference: https://bazaar.abuse.ch/sample/6cb693b434ef3c9155fd802d07ef6e3d77fb2ca90435d89fa945ddf525170a0a

invoices.sappleserve.com