# Copyright (c) 2014-2023 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Reference: https://twitter.com/fumik0_/status/1016767284122214400 cookiesdough.tk # Reference: https://twitter.com/ViriBack/status/1046896338892406784 very.ruvmp.ru /gate/setOnline.php # Reference: https://twitter.com/fumik0_/status/1050643239273779200 testantik.ml # Reference: https://twitter.com/James_inthe_box/status/1109835474493829120 # Reference: https://pastebin.com/tvn8EMyS search.ac.ug # Reference: http://tracker.viriback.com/dump.php (# 2019-11-04, Arkei) slipcentral.com # Reference: https://twitter.com/benkow_/status/1055005039733944320 filipmoris.ru.com # Reference: https://www.virustotal.com/gui/file/3f706cae67af4a80592cb751dc6615d8b094381c6d39a3c2c734b7399c374e07/detection arkei.foxovsky.ru # Reference: https://www.virustotal.com/gui/file/0e4ed11a85e1b9f33695d12541f546b832c71466d9028ef1d783bfab3f948901/detection a0446764.xsph.ru # Reference: https://app.any.run/tasks/98681d08-941f-4b16-a0bc-263c1d0e55ba/ # Reference: https://github.com/tjnel/yara_repo/blob/master/trojans/arkei_stealer.yara # Reference: https://infosec.cert-pa.it/analyze/536fc78ee97d2eea3a0e4b58364cd957.pdf # Reference: https://otx.alienvault.com/indicator/file/d683da1f88fd8aaa0645c95aa1c2396e31f81dc1d0dd529c8d13179d654b9620/ # Reference: https://any.run/report/ef347bff5f4f139d04a50bc9272323d17714b638e5645047bfa9e0bf90d38635/b85be957-a60f-4b36-812b-009bed2acc57 # Reference: https://otx.alienvault.com/indicator/file/c06c94d831aa3170ecf8f0fddd33c383696ca2169cad412c77f64848ccf2817b/ # Reference: https://any.run/report/3895c8d1bc26750d298e9fa09b47642940cba88736cbc2fc3dbb9ad67ee9f1e0/29e69c61-a7d6-41f0-b1ab-5b4757803136 synchronization.ml privatlux.pw fdsgdsfg543.zzz.com.ua kolyanologi.zzz.com.ua nagiby.zzz.com.ua spawnmas.ru # Reference: https://www.virustotal.com/gui/file/74e5bf86405ad3d894b95c70d21d75dbde5233967254ec7048ed283f0a719da6/detection doeros.xyz funzel.info hqans.com nezzzo.com poderoa.com vromus.com vxeudy.com # Reference: https://twitter.com/maldatabase/status/1388826892246081537 # Reference: https://otx.alienvault.com/pulse/608e9574fe0220cf9bb407bf/ bestbundledealer.com macakslcaq.ug malcacnba.ac.ug # Reference: https://tria.ge/211116-jr5bescgh2 file-file-host4.com /tratata.php # Reference: https://www.virustotal.com/gui/ip-address/8.209.69.161/relations host-file-host0.com host-file-host6.com # Reference: https://www.virustotal.com/gui/ip-address/47.74.89.149/detection # Reference: https://www.virustotal.com/gui/file/364e6eb302ea9226c69d3efc8485f827e61bab6e2ea34fb85c8a87a604e3ed5c/detection file-file-host8.com host-host-file6.com host-host-file8.com # Reference: https://www.virustotal.com/gui/ip-address/178.218.220.198/relations file-file-host6.com file-host-host6.com # Reference: https://www.silentpush.com/blog/privacy-tools-not-for-you coin-coin-coin-2.com file-file-file1.com file-file-file2.com file-file-host4.com file-file-host6.com file-file-host8.com file-host-host0.com file-host-host6.com host-coin-data-1.com host-data-coin-11.com host-file-file0.com host-file-file4.com host-file-host-3.com host-file-host0.com host-file-host6.com host-file-host9.com host-host-file6.com host-host-file8.com host-host-host5.com # Reference: https://www.virustotal.com/gui/file/9c64e3f0031d56a3def2ca8f059af3c7c8d7a38d09c74e3a8284a9484ec55e59/detection coin-coin-data-6.com data-file-data-7.com # Reference: https://www.virustotal.com/gui/file/1022aed4c67e1fd0bc605d815bf9152d040a3288e91391f9637cbb55e54f0a03/detection data-host-coin-8.com # Reference: https://twitter.com/xuy1202/status/1479098379422793734 # Reference: https://pastebin.com/58R86i8C file-coin-data-5.com host-file-coin-4.com # Reference: https://www.virustotal.com/gui/file/469a4633e8a76e67f66ce8917c0797943b383289f1d317c06aa79977d8bfae79/detection coin-coin-file-9.com # Reference: https://tria.ge/220110-pt27qseeeq http://185.7.214.239 /POeNDXYchB.php # Reference: https://tria.ge/220103-lnnwdahfan homesteadr.link # Reference: https://tria.ge/220119-t22cmabeh7 /7vlcKuayFx.php # Reference: https://tria.ge/220204-rbkabaahbk 195124.prohoster.biz # Reference: https://tria.ge/220204-rblhdaahbl sadasew94okl234.000webhostapp.com # Reference: https://blogs.blackberry.com/en/2022/02/threat-thursday-arkei-infostealer # Reference: https://otx.alienvault.com/pulse/6213a2e1681a9a5b5de9634d # Reference: https://otx.alienvault.com/pulse/621cfae42fb5d419780687b5 http://37.252.15.126 http://85.208.185.13 coin-file-file-19.com googe.link saskatche.link tuntutul.link /dhbuc2mgys.php /kyhvowljlf.php # ReferencE: https://twitter.com/ViriBack/status/1502469584003215368 http://45.61.137.204 file-coin-coin-10.com # Reference: https://www.virustotal.com/gui/ip-address/45.10.244.53/relations file-coin-host-12.com # Reference: https://www.virustotal.com/gui/file/3841c77465ae42152868692241e9fd883a48d1a8a72eadbfb266e9a34eb660a9/detection data-file-data-18.com # Reference: https://www.virustotal.com/gui/file/0287ac2500cd06804c3264d535d6c78cf9f3bd8bfb7014a0c4658d60f887ee9b/behavior/Zenbox data-host-file-16.com # Reference: https://www.virustotal.com/gui/file/00c750cd38d99194ed9f19540f3a7668a8e88a317694d926a95351db00466121/detection data-coin-data-13.com artiskzsh.com authymysexy.info eamfighttacticstools.info nftmatrixed.info # Reference: https://www.virustotal.com/gui/file/616cfd724afe8376aae36c9f065ebdf0a17590c0d1b71c95d6b1d960091807a6/detection host-coin-file-17.com # Reference: https://www.virustotal.com/gui/file/aa4e3080ea3f2be26633502137be3e95f41ab43d4966fd9201b0b68fb66c7cfe/detection 1landota.click janolavave.xyz # Reference: https://www.virustotal.com/gui/file/1aa2d32ab883de5d4097a6d4fe7718a401f68ce95e0d2aea63212dd905103948/detection 2rundota.click # Reference: https://twitter.com/l205306/status/1601581548893274112 tradinview.co # Generic /server/grubConfig /server/checkingLicense