# Copyright (c) 2014-2023 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Aliases: crypminal # Reference: https://twitter.com/malwrhunterteam/status/1121825095792590849 # Reference: https://twitter.com/James_inthe_box/status/1121825506133811201 olex.live # Reference: https://twitter.com/malwrhunterteam/status/1121858510441132032 # Reference: https://twitter.com/James_inthe_box/status/1121868484642631680 branchesv.com # Reference: https://twitter.com/malwrhunterteam/status/1126013665155670016 # Reference: https://twitter.com/James_inthe_box/status/1126096193862287360 159.69.88.115:443 # Reference: https://twitter.com/James_inthe_box/status/1185530740911423488 vdscloud.net # Reference: https://research.checkpoint.com/2020/bandook-signed-delivered/ # Reference: https://otx.alienvault.com/pulse/5fc6a8431725dbaccdb8b860 2ndprog.monster branchesv.com ercuc.com ewsdocs.com horizongb.com htname.info idcmht.com jtoolbox.org mainsrv.top mxtms.com nopejohn.com ntsclouds.com olex.live p2020.xyz pronews.icu raysdoor.com styleco.me tancredis.com vdscloud.net vsimperial.com # Reference: https://twitter.com/JAMESWT_MHT/status/1340931119454281728 # Reference: https://app.any.run/tasks/fee6dab8-02dd-4978-8254-251725f98360/ pdafact.com # Reference: https://www.welivesecurity.com/2021/07/07/bandidos-at-large-spying-campaign-latin-america/ # Reference: https://otx.alienvault.com/pulse/60e6c811e797f56de6d1689a # Reference: https://www.virustotal.com/gui/file/9bed6ae8561bb3c54099044c461f305ae0214e8e9972c5ab362f493e2ac07e38/detection # Reference: https://www.virustotal.com/gui/file/435fa80c1088c8e2b821cf86d5f5a6c2cebf41e3b12d067473c79ab5773d3862/detection # Reference: https://www.virustotal.com/gui/file/bc089259a1da012b1331933427fdf29e62e0c66cc4ca69c2319dd45f13a95c5d/detection 185.243.114.89:7891 194.5.250.103:7891 45.142.214.31:7892 ladvsa.club ngobmc.com d1.ngobmc.com d2.ngobmc.com # Reference: https://www.virustotal.com/gui/file/ba153e449ee926c019b548997c32d0579b9c6f350b1590a025d5d9a216ddbffd/detection # Reference: https://www.virustotal.com/gui/file/59825e4ff55b539a70952ab80643aaee6499b9d0153fb3b8a19eea74a0a425c4/detection 185.106.122.71:7891 194.87.48.126:7893 megawoc.com panjo.club r1.panjo.club s1.megawoc.com # Reference: https://twitter.com/d4rksystem/status/1479166627757182977 # Reference: https://www.virustotal.com/gui/file/afb157bd39e2433f203487c3e69a299413cf762a3ba25c927e82f258672e3ad9/detection # Reference: https://www.virustotal.com/gui/file/4bf9325fe8d721e60c2a5beee8dbdf275ab9c5de309e162ecc81d1cdf7369cef/detection 5.34.182.29:4443 91.238.50.105:4441 cumumberpro.org # Reference: https://twitter.com/pollo290987/status/1570071111773351942 # Reference: https://tria.ge/220720-vhh8dacddr # Reference: https://www.virustotal.com/gui/file/9dccab9f649757289944f61121e2502f7b3a1ae74a64a35f06dace2001c219d1/detection 193.200.16.175:9991 193.200.16.175:9995 80.233.134.242:9991 80.233.134.242:9995 91.193.18.203:9991 91.193.18.203:9995 deapproved.ru # Reference: https://tria.ge/220624-raj8xsfeb2 # Reference: https://tria.ge/220710-y5araschbp # Reference: https://tria.ge/220624-q4th1sfdf7 iamgood.blogdns.net # Reference: https://twitter.com/AttackTrends/status/1618708133114970115 # Reference: https://www.virustotal.com/gui/file/dd2c5cbd606b64013fb99910089d5f449de478381ad491f8044fffd7ca10ff48/detection # Reference: https://www.virustotal.com/gui/file/c1c7a5fe3203fe7ecd6b4581a12f85803174d5e2b8df2e98cccb8a5d740b1d36/detection # Reference: https://www.virustotal.com/gui/file/353dcc4479725da180b0c12fdc433d46fddefdced3a967e7fe528d030a61a791/detection 83.97.20.141:7072 83.97.20.141:7073 83.97.20.141:7075 bomes.ru