# Copyright (c) 2014-2023 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Aliases: romcom # CERT-UA: UAC-0132 # Reference: https://unit42.paloaltonetworks.com/cuba-ransomware-tropical-scorpius/ # Reference: https://otx.alienvault.com/pulse/62f36c89909d6b719ba8d340 combinedresidency.org optasko.com # Reference: https://cert.gov.ua/article/2394117 (Ukrainian) # Reference: https://www.virustotal.com/gui/file/c149474f97140c3381bda3ad2451f253e08e7ad4be76a68ac3a6f15bc4bd4e63/detection 185.56.137.104:4444 69.49.231.103:4444 69.49.245.55:4444 4qzm.com advanced-ip-scaner.com advanced-ip-scanners.com aspx.io notfiled.com mill.co.ua ua.aspx.io mil.ua.aspx.io gov.mil.ua.aspx.io # Reference: https://twitter.com/Unit42_Intel/status/1588199843981402114 # Reference: https://twitter.com/malware_traffic/status/1588211727891570688 wveeam.com # Reference: https://www.proofpoint.com/us/daily-ruleset-update-summary-20221104 keepas.org you-supported.com # Reference: https://twitter.com/TLP_R3D/status/1655687889391431680 # Reference: https://twitter.com/TLP_R3D/status/1655844785075224576 # Reference: https://twitter.com/TLP_R3D/status/1656270702700273666 # Reference: https://twitter.com/k3yp0d/status/1655840102638137347 # Reference: https://twitter.com/k3yp0d/status/1655841493934800896 # Reference: https://www.virustotal.com/gui/ip-address/104.234.10.207/relations # Reference: https://www.virustotal.com/gui/file/c118895776e75eaa291d2a5f54f1de4f48756aec28cebaa1bf6fd9beb5d36301/detection # Reference: https://www.virustotal.com/gui/file/1308146f161ed60c86532dd2d2de8de8b0401e27023fc56f83903f137fccacfd/detection # Reference: https://www.virustotal.com/gui/file/a5dae9b7ff88276f699eece44eb4b183f1b1de6bef9e159c417ba621a949f744/detection 104.234.10.207:7931 15.235.203.250:444 2.57.90.16:7931 217.195.153.39:7931 46.246.98.15:7931 postnordpakker.com rdp-devolutions.com startleague.net wexonlake.com /itrdd/kcrs/file1.txt /itrdd/kcrs/file2.txt /itrdd/kcrs/