# Copyright (c) 2014-2023 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Aliases: SOVA # Reference: https://www.f5.com/labs/articles/threat-intelligence/f5-labs-investigates-malibot # Reference: https://www.cleafy.com/cleafy-labs/sova-malware-is-back-and-is-evolving-rapidly # Reference: https://www.virustotal.com/gui/ip-address/5.101.0.44/relations # Reference: https://www.virustotal.com/gui/file/bfa9a861d953247eea496f4a587f59e9ee847e47a68c67a4946a927c37b042c4/detection # Reference: https://www.virustotal.com/gui/file/90ce9980da2d0b4b5493061de20b482d0410468977ff97f4abef088e2d133ad2/detection # Reference: https://www.virustotal.com/gui/file/4f9fb1830f47c3107b2c865a169fab46f02f6e3aeb9a3673877e639755af172a/detection # Reference: https://www.virustotal.com/gui/file/0c9616a945dd44871c7e0b76de33ed92c88ab69bb55dbd180ad75df030a0210b/detection # Reference: https://www.virustotal.com/gui/file/0c9616a945dd44871c7e0b76de33ed92c88ab69bb55dbd180ad75df030a0210b/detection 81.19.139.34:1080 91.232.105.4:1080 busthetrel.xyz cialarynan.xyz covid19-hhs.com dorelicinycass.xyz juradannagaha.xyz malemasenafis.xyz mining-x.tech mycrypto-app.com qusahaunad.xyz trust-nft.app udapppacel.xyz walananlpi.xyz xireycicin.xyz # Reference: https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html # Reference: https://otx.alienvault.com/pulse/613b490772350348717d33b0 # Reference: https://www.virustotal.com/gui/file/795b279f312a773f7f556a978387f1b682f93470db4c1b5f9cd6ca2cab1399b6/detection a0545193.xsph.ru l8j1nsk3j5h1msal973nk37.fun # Reference: https://www.cleafy.com/cleafy-labs/sova-malware-is-back-and-is-evolving-rapidly # Reference: https://www.virustotal.com/gui/ip-address/185.106.93.34/relations # Reference: https://www.virustotal.com/gui/ip-address/65.108.243.141/relations # Reference: https://www.virustotal.com/gui/ip-address/81.19.139.34/relations # Reference: https://www.virustotal.com/gui/file/f050effef52d04feafe277f40064caf220a4acf5dd442975533c8135b952f17e/detection # Reference: https://www.virustotal.com/gui/file/9621358e53377ab8b0145ea3b8c01c90be60604825d37bd085557845e63dd3a4/detection # Reference: https://www.virustotal.com/gui/file/f8077bb0ace3caea945cacf74c57153b4af35b8198fa9e07c657b3e8200eadfd/detection # Reference: https://www.virustotal.com/gui/file/6a83410c79f9e58e134f07f6e5c953e43c7dfa10046b04a9be14a822cb5d0eb0/detection # Reference: https://www.virustotal.com/gui/file/0b1f76ccc734fa7f9e533b839d85c4bd7ed676e7c3e581fc4a0b1cb989fe4a58/detection apinerqpinsad.site domain4ghost.site domainwpatnlfq.site inj4ghost.site inj4ka.space injqvadpyrs.site miningaitubriat.site omainwpatnlfq.site panel2jueprasqb.site panel3ghost.site panel4ghost.site panel4ka.site panel4ka.space panelquartiquf.site socrersutagans.site squareapp.online trustpquegpan.site satandemantenimiento.com wecrvtbyutrcewwretyntrverfd.xyz /api/?access=0&accounts=%5B%5D&botid= /api/?access=1&accounts=%5B%5D&botid= /api/?access=0&accounts=[]&botid= /api/?access=1&accounts=[]&botid= /api/?method=accessinfo&accessibility=0&botid= /api/?method=accessinfo&accessibility=1&botid= /api/?method=admininfo&admin=0&botid= /api/?method=admininfo&admin=1&botid= /api/?param=accessibility&value=0&botid= /api/?param=accessibility&value=1&botid= /api/?param=admin&value=0&botid= /api/?param=screen&value=0&botid= /api/?param=screen&value=1&botid= /api/?param=sms&value=0&botid= /api/?param=sms&value=1&botid= # Reference: https://twitter.com/malwrhunterteam/status/1567876515613786117 # Reference: https://www.virustotal.com/gui/file/aba460774bb3f99be3be6a0fa08845f75a8c55ba2663c7bcbd9713139844cebf/detection zasxdcfvgbhnjmkazsxdcfvgbhnjmk.xyz # Reference: https://twitter.com/malwrhunterteam/status/1603105037399605250 # Reference: https://www.virustotal.com/gui/file/76d4de84e32bc7f40a131f51e1fc56213b05391cb3a809330a4296c224f9cc22/detection azqewrtynuytcdrxrszaesxcdtfvbgu.shop azqewrtynuytcdrxrszaesxcdtfvbgu.xyz bvgcfxdzsexrectvyubinmlklnjbhvgyctxrry.xyz odeialaipodushkijdutrebeatrafinat.shop zomiapppcalisis.shop # Reference: https://twitter.com/malwrhunterteam/status/1621230303133024256 # Reference: https://www.virustotal.com/gui/file/d9fa9002accd6020f5e605f906268b90731015e34a6f33aa25fe396151012f14/detection http://176.107.160.43