# Copyright (c) 2014-2019 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: http://blog.morphisec.com/threat-alert-ave-maria-infostealer-on-the-rise-with-new-stealthier-delivery

list131.ignorelist.com

# Reference: https://twitter.com/guelfoweb/status/1105493553030053888
# Reference: https://twitter.com/JaromirHorejsi/status/1105447086361923584

schoolfurniturecompany.com

# Reference: https://twitter.com/x42x5a/status/1111247631223791617

tsesser.duckdns.org

# Reference: https://twitter.com/pollo290987/status/1113335382878425088

fada101.servehttp.com

# Reference: https://twitter.com/James_inthe_box/status/1113423296211562497

91.192.100.8:47583

# Reference: https://twitter.com/Racco42/status/1115259915877146625

maxcoopart80.ddns.net

# Reference: https://twitter.com/x42x5a/status/1116608057268527105
# Reference: https://app.any.run/tasks/e89ec46a-0637-4b24-9802-08cc19459bef

185.140.53.17:2888

# Reference: https://twitter.com/James_inthe_box/status/1118904407792345090

mydnssbox.gleeze.com

# Reference: https://reaqta.com/2019/04/ave_maria-malware-part1/

maxibrainz.warzonedns.com
91.192.100.61:2580

# Reference: https://securelist.com/fin7-5-the-infamous-cybercrime-rig-fin7-continues-its-activities/90703/ (# AveMaria)

tain.warzonedns.com
noreply377.ddns.net
server.mtcc.me
doddyfire.dyndns.org
toekie.ddns.net
warmaha.warzonedns.com
185.162.131.97:222

# Reference: https://twitter.com/Racco42/status/1130511314537918465

mailsle001.duckdns.org
mazzet990.duckdns.org

# Reference: https://twitter.com/Lvanoel/status/1131441015922057217
# Reference: https://app.any.run/tasks/b00d980c-615c-433a-b549-36253786f9cb/

145.239.202.109:1013
145.239.202.109:1018

# Reference: https://twitter.com/Racco42/status/1132911306472919040

hiswar45.warzonedns.com

# Reference: https://twitter.com/abuse_ch/status/1145697917161934856

fuckoffesetdetectmysleep.com

# Reference: https://twitter.com/HerbieZimmerman/status/1151196743201173507

respainc.duckdns.org

# Reference: https://twitter.com/James_inthe_box/status/1151953182869741568

masterprof.warzonedns.com

# Reference: https://twitter.com/James_inthe_box/status/1156163867744935938

dephantomz.duckdns.org

# Reference: https://blog.team-cymru.com/2019/07/25/unmasking-ave_maria/

anglekeys.warzonedns.com

# Reference: https://twitter.com/ps66uk/status/1159446703185047552

95.168.191.77:1436
dd122.duckdns.org

# Reference: https://twitter.com/anyrun_app/status/1159700318478897152
# Reference: https://app.any.run/tasks/b89006cd-dba0-4bc3-8a16-002f4ccc416b/

37.120.159.243:21204
aidsweden.serveblog.net

# Reference: https://twitter.com/James_inthe_box/status/1161273917689880576

millionways.duckdns.org

# Reference: https://twitter.com/Lvanoel/status/1161511143174823936
# Reference: https://app.any.run/tasks/bf09de69-e3b4-41d6-9d1e-d4875f9bca16/

79.134.225.39:2134
ndubaba45.warzonedns.com

# Reference: https://twitter.com/killamjr/status/1163429097273516032

wealthyblessed.warzonedns.com