# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.welivesecurity.com/2019/08/01/banking-trojans-amavaldo/

clausdomain.homeunix.com
balacimed.mine.nu
fbclinica.game-server.cc
newcharlesxl.scrapping.cc

# Reference: https://twitter.com/huntingneo/status/1332014388207886338
# Reference: https://twitter.com/huntingneo/status/1331681054474838017

emissaovivofaturasonline.eastus.cloudapp.azure.com
faturadigitalvivopdf.brazilsouth.cloudapp.azure.com
faturavivoemaberto.brazilsouth.cloudapp.azure.com
vivodigitalfaturapdfvia.brazilsouth.cloudapp.azure.com

# Reference: https://twitter.com/linecon0/status/1268862151214710787

notafiscal2020.brazilsouth.cloudapp.azure.com

# Reference: https://twitter.com/r3dbU7z/status/1414100367256731648
# Reference: https://www.virustotal.com/gui/file/78cb19e14cd4eb99db6fe1af47fb043ccbe735203a048d73464227ead1cdfed5/detection

lubagalord.duckdns.org

# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-04-19-IOCS-for-infection-from-Brazil-malspam.txt

projeto-nota.com
download.kicks-ass.org
gssfsfgf.scrapping.cc
iofajfioshnguiosfui.from-pa.com
sgfghfhdghdd.doesntexist.org

# Reference: https://www.virustotal.com/gui/file/768c1e503c9a0c4a81afc764ada950e6353f47d8dddc9e59695e741e446e5885/detection

claco.kicks-ass.net
claco.kicks-ass.org

# Reference: https://twitter.com/dodo_sec/status/1516906963623456768
# Reference: https://bazaar.abuse.ch/sample/6cb693b434ef3c9155fd802d07ef6e3d77fb2ca90435d89fa945ddf525170a0a

invoices.sappleserve.com

# Reference: https://twitter.com/Merlax_/status/1772815651154935896
# Reference: https://twitter.com/Merlax_/status/1776027433528967425
# Reference: https://www.virustotal.com/gui/file/7010753c9d03382aed58ef5cd98fbd52f99151e6fec8ee6219fb70ea7259a786/detection
# Reference: https://www.virustotal.com/gui/file/cc75e586b0786c4892d8097f65e21fde305f996be9e6d31bf66ac9c3346e2def/detection

http://154.205.156.120
http://5.181.156.5
http://92.205.129.120
http://92.205.232.18
5.181.156.56:443
alphavilleceara1e2.likescandy.com
mod01geracaomambore.getmyip.com
vdeptoscampitell.likes-pie.com

# Reference: https://twitter.com/Merlax_/status/1783605653422190771

http://92.205.231.161
3illeceara1e2.likescandy.com
copyringhtseguro.simple-url.com