# Copyright (c) 2014-2019 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: http://blog.morphisec.com/threat-alert-ave-maria-infostealer-on-the-rise-with-new-stealthier-delivery

list131.ignorelist.com

# Reference: https://twitter.com/guelfoweb/status/1105493553030053888
# Reference: https://twitter.com/JaromirHorejsi/status/1105447086361923584

schoolfurniturecompany.com

# Reference: https://twitter.com/x42x5a/status/1111247631223791617

tsesser.duckdns.org

# Reference: https://twitter.com/pollo290987/status/1113335382878425088

fada101.servehttp.com

# Reference: https://twitter.com/James_inthe_box/status/1113423296211562497

91.192.100.8:47583

# Reference: https://twitter.com/Racco42/status/1115259915877146625

maxcoopart80.ddns.net

# Reference: https://twitter.com/x42x5a/status/1116608057268527105
# Reference: https://app.any.run/tasks/e89ec46a-0637-4b24-9802-08cc19459bef

185.140.53.17:2888

# Reference: https://twitter.com/James_inthe_box/status/1118904407792345090

mydnssbox.gleeze.com

# Reference: https://reaqta.com/2019/04/ave_maria-malware-part1/

maxibrainz.warzonedns.com
91.192.100.61:2580

# Reference: https://securelist.com/fin7-5-the-infamous-cybercrime-rig-fin7-continues-its-activities/90703/ (# AveMaria)

tain.warzonedns.com
noreply377.ddns.net
server.mtcc.me
doddyfire.dyndns.org
toekie.ddns.net
warmaha.warzonedns.com
185.162.131.97:222

# Reference: https://twitter.com/Racco42/status/1130511314537918465

mailsle001.duckdns.org
mazzet990.duckdns.org

# Reference: https://twitter.com/Lvanoel/status/1131441015922057217
# Reference: https://app.any.run/tasks/b00d980c-615c-433a-b549-36253786f9cb/

145.239.202.109:1013
145.239.202.109:1018

# Reference: https://twitter.com/Racco42/status/1132911306472919040

hiswar45.warzonedns.com