# Copyright (c) 2014-2026 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Note: "The malware is called Anubis and uses code forked from Loki malware to steal system info, credentials, credit card details, cryptocurrency wallets"

# Reference: https://twitter.com/MsftSecIntel/status/1298752223321546754
# Reference: https://twitter.com/MsftSecIntel/status/1298752226425413633
# Reference: https://www.virustotal.com/gui/file/c2ca3c7810fbd2eb4933299433a0e58ffe0707700c780fe420b2c258e32ebe18/detection

webgethack.com

# Reference: https://www.virustotal.com/gui/file/895b3b6890d192de8bc3744ce0757edb909351081744403663a9c3b04e409125/detection
# Reference: https://www.virustotal.com/gui/file/341b474228bf3d99a3570a3b55b4a9b965db00cfbc52988236ffb49990aa8aef/detection

logsbanks.xyz

# Reference: https://seguranca-informatica.pt/anubis-networks-is-back-with-new-c2-server/

anubisnetwork.com
anubisnetwork.net
anubisnetwork.one
operador.anubisnetwork.net
operador.anubisnetwork.one

# Reference: https://x.com/Fact_Finder03/status/2011017902540144759
# Reference: https://www.virustotal.com/gui/file/70a3a579dfe59954c5fcaf2053585c55a8969223d680bca79cbd3a229d2657e0/detection
# Reference: https://www.virustotal.com/gui/file/a0e2ed2550ed0bf5b27295fb6252dbec216a70342380705f2f74f88445e0a486/detection
# Reference: https://www.virustotal.com/gui/file/a182b03055e6119263db0248c1ede9bc308c30383307678d391025f950a33966/detection

195.24.236.69:3000
195.24.236.69:5000