# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Reference: https://twitter.com/ViriBack/status/1035683053459460098 3dchesmellltda.club # Reference: https://researchcenter.paloaltonetworks.com/2016/03/banload-malware-affecting-brazil-exhibits-unusually-complex-infection-process/ compra-da-sorte.com vemsorte2015.com # Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Banloa-CRQ/detailed-analysis.aspx triocar.web1629.kinghost.net www.inducar.kinghost.net # Reference: https://twitter.com/pancak3lullz/status/1040343104564473865 beladoces.online/wp/wp-includes/brazilkrisemundial/index.php # Reference: https://twitter.com/James_inthe_box/status/1242573224006696961 /AppCounter20032020-001/index.php # Reference: https://twitter.com/1ZRR4H/status/1243178915507703810 seguridadsucursal.online tma8sjw.myftp.org # Reference: https://blog.scilabs.mx/blog/2019/12/06/campana-cosmic-banker-sigue-activa-y-revela-vinculo-con-banload/ # Reference: https://www.virustotal.com/gui/ip-address/51.79.31.28/relations http://51.79.31.28 comprobantes.sytes.net dgi1b2n3m4.ddns.net /RO3473I4R4Y.php # Reference: https://twitter.com/James_inthe_box/status/1245427754977263617 receitafazenda.webcindario.com /primo/verifique.php # Reference: https://twitter.com/NtSetDefault/status/1253292071877820416 4up4.com/uploads/file_2020-04-13_031927.jpg # Reference: https://twitter.com/Bank_Security/status/1258359587729813504 # Reference: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/ # Reference: https://www.virustotal.com/gui/file/ed1e2a3767b575cce54e13e05112f30156590cc080a0d0865aaf85686c4e51be/detection 23.108.57.243:3389 http://23.106.124.20/avs/img1/index.php # Reference: https://twitter.com/sevenofnull/status/1275342947068915713 # Reference: https://app.any.run/tasks/141db5f3-0e93-43c3-96e9-ebf0e69bccda/ (# MALWARE [PTsecurity] Trojan-Spy.Win32.Delf(Banload)) # Reference: https://www.virustotal.com/gui/ip-address/104.154.43.185/relations # Reference: https://www.virustotal.com/gui/file/b22f8eaf82e15fe8118617cd7db703486696a82924dbafcbc31d8ce1262fcdb5/detection # Reference: https://www.virustotal.com/gui/file/2f4db2bd529b5705308afd647b26d1a172d34b31d3382da57bac67aa3373a43c/detection # Reference: https://www.virustotal.com/gui/file/507b299b76133f4ee7a30c12e23e45fa6fe9a1990ac87cb39136c25cc015e011/detection 104.154.43.185:60001 # Reference: https://twitter.com/NtSetDefault/status/1282277236423512065 # Reference: https://www.virustotal.com/gui/file/bc0073b75adda338d994361b4ebc1bc964197826ee75cf790948f128785780bc/detection # Reference: https://app.any.run/tasks/637f560b-00da-442c-aef5-6ebc990a0646/ outlook39923.autodesk360.com # Reference: https://twitter.com/NtSetDefault/status/1285909036815323136 # Reference: https://twitter.com/NtSetDefault/status/1285914518095302656 # Reference: https://app.any.run/tasks/599e1eb9-a1c9-4d80-b33d-281cd619cc6c/ correiosbrasilsedex.serveftp.org enviocorreios.serveftp.org sendcorreiosbr.serveftp.org seusedexrapido.serveftp.org m0380933669.s3-us-west-1.amazonaws.com u3028903369.s3-us-west-1.amazonaws.com # Reference: https://twitter.com/NtSetDefault/status/1273040649542131713 emissaocontadigital.eastus.cloudapp.azure.com # Reference: https://twitter.com/sirpedrotavares/status/1305076741107519488 # Reference: https://www.virustotal.com/gui/file/e6cbaf9d2d01467048c758ba5e6ef3b68e624f67ece32dd68ebfeab235ed7ce5/detection # Reference: https://www.virustotal.com/gui/file/cd878cd53b60f3bd950dc84ca731e07b4b49e18aed28f7e5d0bb39e5ab9c4ae7/detection # Reference: https://www.virustotal.com/gui/file/373386e10c2e71329f0e8b4f51bef1fc0c4eb716f459cdf8a93941cff336b89b/detection # Reference: https://www.virustotal.com/gui/file/8e9e5c2e16c8712f9e1ebfd4c295a1afe9373b95580ca73352f32e37d07408b6/detection # Reference: https://www.virustotal.com/gui/file/4227332820fffcae05ae9d12a0e0b20f2291eb7b6bf8982b5301f24caadfbe8e/detection # Reference: https://www.virustotal.com/gui/file/c05e9c1b155559d500ed0a2b3ca4c02d2a679db4191a7b35b9c44c2bdd61210d/detection # Reference: https://www.virustotal.com/gui/file/985485888ef165eba912578cceb76981e9e5841bf928db739afbf472ea09deff/detection # Reference: https://www.virustotal.com/gui/file/23892054f9494f0ee6f4aa8749ab3ee6ac13741a0455e189596edfcdf96416b3/detection # Reference: https://www.virustotal.com/gui/ip-address/191.235.99.13/relations # Reference: https://www.virustotal.com/gui/ip-address/52.91.227.152/relations http://191.235.99.13 http://52.91.227.152 # Reference: https://otx.alienvault.com/pulse/5f75c5efcce31cfc583bafaa 58sky.com wdx.go890.com khelpdesk.com.br go890.com mg.5636.com master.khelpdesk.com.br # Reference: https://www.virustotal.com/gui/ip-address/31.220.59.65/relations # Reference: https://www.virustotal.com/gui/file/3c23a8a65d78c035753bc0a437ed1bcab53f4a981608c10dbf936de28be4f3e3/detection # Reference: https://www.virustotal.com/gui/file/99ba789471d2df7249bddf5741a0d5fa58147af4e3865490a93fcd1ea609c3ec/detection # Reference: https://www.virustotal.com/gui/file/8aff76bef1eaed56b46d983051e8a817a893905c82cda79573316adc823baa54/detection # Reference: https://www.virustotal.com/gui/file/1e6aaee1a283c652812fec6a70f8d1759de53a723af4ea415d3a4fa2ea083166/detection defaqw.duckdns.org fyjftn.duckdns.org hsjkse.duckdns.org jddrtj.duckdns.org lokj.duckdns.org xcgt.duckdns.org xder.duckdns.org xeida.duckdns.org yiydk.duckdns.org zere.duckdns.org zxcw.duckdns.org # Reference: https://www.virustotal.com/gui/domain/novelsim.shacknet.us/relation # Reference: https://www.virustotal.com/gui/file/7ca842d8f2c83eddf6bd393415c4cff54ec7fa5c51f34738bb6aa1114714c6ec/detection novelsim.shacknet.us /troBEROamkr0192013.php # Reference: https://twitter.com/JAMESWT_MHT/status/1329728270326247425 # Reference: https://bazaar.abuse.ch/sample/5c3f5dec5271e020a29643f1e75b7a6b07bb52562ee8426b21e7d76e9a46661b/ # Reference: https://www.virustotal.com/gui/file/5c3f5dec5271e020a29643f1e75b7a6b07bb52562ee8426b21e7d76e9a46661b/detection # Reference: https://analyze.intezer.com/analyses/55ad918a-ba00-497f-a2c5-262c957aa52f/sub/dc9bf2d0-cfce-46e1-8b22-6034f5df3d68 217.8.117.74:8364 # Reference: https://twitter.com/wwp96/status/1337112340001681411 gassmp.podzone.org /Bebroms29129MSKEdrf.php # Reference: https://www.virustotal.com/gui/file/3f15a5000fe56acf94ddaf281bbb634cc14d0d84ffed7b244ac38f97c4b23a0c/detection lojinha-deroupas.com.br /muralavisos.php # Reference: https://www.virustotal.com/gui/file/9d4e819a148f6f3ba4d205cf7f3e383ba5c1e6510e34968c38f192dc0e8b3e07/detection guardasnoturnos.com.br # Reference: https://otx.alienvault.com/pulse/5ffc3ef208af976d9393d1e2 # Reference: https://www.virustotal.com/gui/domain/cp2.sanandresplazza.com/relations # Reference: https://www.virustotal.com/gui/file/87c87de35dcd8832043ead5aee4d937ad57f60eb7b68506bd2d976c52d694f3a/detection # Reference: https://www.virustotal.com/gui/file/cb28fb0cd8281caab59fd57ed18619d9d8c41cfbd01e6e8ed1b35399d2d36d73/detection astylo.net guiama.is /plugins/authentication/ldap/Des_x_.png # Reference: https://s3.amazonaws.com/snort-org/www/rules/community/community-rules.tar.gz # Reference: https://snort-org-site.s3.amazonaws.com/production/release_files/files/000/012/156/original/snort3-community-rules.tar.gz # Reference: https://www.virustotal.com/gui/domain/lucas.digitaldesk.biz/relations lucas.digitaldesk.biz prepara.biricell.com.br # Reference: https://www.virustotal.com/gui/file/02131c8c30c6852ea1094661960d8cd697e014c2327582b9bbfc8440100d08ef/detection casting.diamondhostess.hu uslugi-ryazan.ru # Reference: https://www.virustotal.com/gui/file/f8d9e056bfaa7ee2d74c2fcd5411de3868f47c1301e1cf55a0180b774df1d348/detection # Reference: https://www.virustotal.com/gui/file/42575b866129035b28068456fa9d988ff86d5573e86a8138ba63c0b3423f6820/detection mssql.maurosouza9899.kinghost.net # Reference: https://twitter.com/dgarcianet/status/1352235429160955904 web.groupe-convergence.com # Reference: https://www.virustotal.com/gui/file/34e16a68835f05ec748e2928409c3f07bdc5268eae0916cfef8a182e031cf6d1/detection # Reference: https://www.virustotal.com/gui/file/7c019dca867ba21a5d8bb6eabd5750d0f06778fb82ff8866d4900a793d7bcc5c/detection # Reference: https://www.virustotal.com/gui/file/43ea536308e35b15858237ff4b4b565ca70c1434af0b40dc7336c90c5362e99d/detection critichotshot.com # Reference: https://otx.alienvault.com/pulse/6023cbfddb978ba4bf15730b 5636.com 58sky.com go890.com jxwan.com wanyouxi7.com lordstark.dynamic-dns.net # Reference: https://twitter.com/Unit42_Intel/status/1369043270429466634 # Reference: https://github.com/pan-unit42/tweets/blob/master/2021-03-08-IOCs-from-Banload-infection.txt arquivomes03.brazilsouth.cloudapp.azure.com casaprodutosportal.net hirotrindade.webcindario.com shonitrohifi.com # Reference: https://www.virustotal.com/gui/file/8e95a0564b92cc9285ab0f74076c2aa5c666658a3933ceeaa9942d1a3823a7e2/detection nwdnydxxxeo.hosthampster.com # Reference: https://www.virustotal.com/gui/file/a9045a3692c91964dcb62966c7d44f6c00344bf11b5784374b7b64eef9c3ed31/detection br12jh87te87lkre63a.servepics.com /hhrytn35/lw1.php # Reference: https://blog.talosintelligence.com/2021/05/threat-roundup-0514-0521.html (# Win.Downloader.Banload-9861199-0) brasilcargas.space cabanadosol.net # Reference: https://www.virustotal.com/gui/file/d51886e1555a1a94472f639a4cc9d670993011eafa7be4a3ea93219cd2a7b975/detection http://74.125.230.247 http://98.137.201.117 deliverycards.sytes.net rdsbox.no-ip.info # Reference: https://www.virustotal.com/gui/file/e62d5c2402f3455766839f357ae4a4c9ff48cb82451e7a06329fe7186dc9fbcc/detection 41.100.82.137:1891 salah-dz.no-ip.biz # Reference: https://www.virustotal.com/gui/file/48739c53c560536f074d4b4ad5e98e6be128ea137ecf6658d31fb4dbe98a1038/detection http://3.96.187.180 /zebudega/5CG46H2J8740503TR.php /5CG46H2J8740503TR.php # Reference: https://www.virustotal.com/gui/domain/universal101.com/relations universal101.com # Reference: https://www.virustotal.com/gui/file/5a0d1b0431f975ee227c77a951711e749095cf872b2761c3370e3cdb7726d003/detection raimundex.no-ip.biz raimundex.no-ip.biz.ovh.net # Reference: https://www.virustotal.com/gui/file/07eb52e969a2bfb9181e132b235e161516264934edd24a197d7f09505a24c4e0/detection 187.113.20.62:11891 klinspect3.no-ip.info # Reference: https://www.virustotal.com/gui/file/455f4167f9f057c160956e9e1a27e662dfc5abd820cfe1be99c7728403af67b4/detection ret.space # Reference: https://www.virustotal.com/gui/file/ec124a8ed148e2f6943dffc8cc2b072ae2ef887aa2ce87de5c93e4006bc9a846/detection 172.105.155.183:7777 getmalware.com # Reference: https://www.virustotal.com/gui/file/85ee41bba3c7946de4d8b807a6aa07019fa27bdd7d923906773135f541c893b9/detection myserverok.myftp.org # Reference: https://www.virustotal.com/gui/domain/upsvcm.myftp.org/detection upsvcm.myftp.org # Reference: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/banking-trojan-latam-brazil # Reference: https://otx.alienvault.com/pulse/617bc3fe39fce40899c10840 http://13.36.240.208 http://15.237.27.77 http://15.237.60.133 http://52.47.163.237 centralcfconsulta.net centreldaconsulta.com /ando998.002 /carindodone.ways /esperanca.lig2 /esperanca.liga /microsft.crts /msftq.doge /nanananao.uooo # Reference: https://twitter.com/r3dbU7z/status/1456797053317701633 # Reference: https://twitter.com/r3dbU7z/status/1489192209119387649 # Reference: https://twitter.com/r3dbU7z/status/1489548681154076676 # Reference: https://www.virustotal.com/gui/file/d97e54139ae34a8aeefff4d5ac760caa5b8cbb1a91af6fa5d725a0cfba6dfeb0/detection 147.182.207.189:8000 googlyconnect.tk googlyconnect.xyz ngetconnect.tk tatamagicexpress.tk # Reference: https://twitter.com/ffforward/status/1490419292202012677 lamboarrived.com lamboarrivesssd.com # Reference: https://www.virustotal.com/gui/file/e46f8a434d8935182491ccb8cd4d17e120458af5821b12613931ee3bb826c706/detection scan-x9.gleeze.com # Reference: https://twitter.com/abuse_ch/status/1491102298642157569 http://18.222.122.216 # Reference: https://twitter.com/JAMESWT_MHT/status/1511574103316221952 # Reference: https://twitter.com/1ZRR4H/status/1511588774618169350 # Reference: https://twitter.com/pr0xylife/status/1511753527827353606 filtrosefioseletricosd.eastus.cloudapp.azure.com pdf-nfe82234018756.australiaeast.cloudapp.azure.com toystorehuewjir2341234.norwayeast.cloudapp.azure.com # Reference: https://twitter.com/malwrhunterteam/status/1512501726410166280 # Reference: https://www.virustotal.com/gui/file/c07afe27b4f94dbeb6a21e23deb331a3ede658975471c689226162fda28325e0/detection bussines.click # Reference: http://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.html (# Win.Downloader.Banload-9943209-0) # Reference: https://www.virustotal.com/gui/file/6e88c0fc568192968be1ea2c0242bce09141b8b151b469a9d378b66c32909207/detection # Reference: https://www.virustotal.com/gui/file/f4dc20793b32c7fe417de28cbe15e158f6e71e984dae1aaca9fd0d6db91b3bbb/detection # Reference: https://www.virustotal.com/gui/file/ab52085f0cb9a9466f526defcc6535793ea415eea35c9bd89afdd2250f61f4da/detection # Reference: https://www.virustotal.com/gui/file/197218e9d34b526633f525d0b4287cb2a7822b5eca468706861e9305975001f2/detection # Reference: https://www.virustotal.com/gui/file/357e7e3938085403df07804b7df5bfb204383383e471dcc8fadc621e0827fae6/detection acreunagoias.com.br arquivos2011.net bamcodedados.com bancodados.com ceyfad.com divixonde.com.br encontragoiania.com.br # Reference: https://twitter.com/b3ard3dav3ng3r/status/1522554429836509185 http://135.148.155.27 # Reference: https://www.virustotal.com/gui/file/157650a417bac6874b180b9e1603ce39347940c605ec3229d99771992c394ea5/detection # Reference: https://www.virustotal.com/gui/file/ef8457a60771b1eefdbd53cf09b30b546d96736748db2e3e325b26993abe1afe/detection 193.124.22.17:23520 # Reference: https://www.virustotal.com/gui/file/c192c4a8647935e35a756e0e9cb71a2b4536f927bee108ec1580e6d31fcca785/detection http://193.124.22.17 # Reference: https://twitter.com/James_inthe_box/status/1562089001124708354 # Reference: https://twitter.com/Computeus7/status/1562108381187522561 # Reference: https://app.any.run/tasks/10bd0f91-2556-4574-8acb-bdf67441a276/ 51.161.108.106:44233 # Reference: https://www.virustotal.com/gui/file/c94d2ab86cd34531f591a849b3b4a7349e9c57ab7eb53dd58f4aa9a69e1eff0e/detection lordgunz.com.br # Reference: https://twitter.com/Merlax_/status/1614742984943181824 # Reference: https://www.virustotal.com/gui/file/2f04292fac6ce3a8ab250dc256894f037e302f82912f365d93f915cb184ed3f7/detection # Reference: https://www.virustotal.com/gui/file/4b9fc4775b932ff14eab52b990e61e7a2277b4d53c6cf3ac38902ceec8e55101/detection # Reference: https://www.virustotal.com/gui/file/56f827c9a7df7f2ad1666ff803f79a99bc2005591a7095b1d36f65c2e2c46ecd/detection # Reference: https://www.virustotal.com/gui/file/414acda5515a33333d51720b26fd80f51d15840294502fe253320c0aa49cbd8b/detection http://194.180.191.50 http://51.77.193.20 comiteradvogadosbr.com adsshfitletgowchatwi.ukwest.cloudapp.azure.com aniversarioagostovw.servesarcasm.com hown1301.s3.us-east-2.amazonaws.com imobiliariapacheco.ciscofreak.com modonlineservletgowads.southafricanorth.cloudapp.azure.com # Reference: https://twitter.com/Merlax_/status/1617673017181736960 http://20.226.125.180 joliedocescapnhalida.com hownter2301.blob.core.windows.net /brumnx2301fff/ /KKKK/nmhjhghhhjh.php /nmhjhghhhjh.php # Reference: https://www.virustotal.com/gui/file/9c1732d555a02453ad01c3a2555980d2722a2e49a5c58385ca91efc3af54a526/detection 4.235.112.145:30000 # Reference: https://www.virustotal.com/gui/file/863dbdb4a47448c7ed262700f0e5f7dbae552c196ffdd906a6407717789b3873/detection 162.33.178.82:4411 # Reference: https://twitter.com/0xToxin/status/1655558045810688001 # Reference: https://twitter.com/0xToxin/status/1655568340520148992 # Reference: https://app.validin.com/axon?type=ip&limit=100&find=161.35.75.27 # Reference: https://www.virustotal.com/gui/ip-address/161.35.75.27/relations # Reference: https://tria.ge/230508-p2pavacd8v/behavioral2 # Reference: https://www.virustotal.com/gui/file/009744efc6add254a302d5f13316dbc3e949210a50ad284e8f74f9a83436b494/detection # Reference: https://www.virustotal.com/gui/file/8dd25b5662494e16c5a0926aa0439a249fe99eda604f86e2f523bb7404ccd476/detection # Reference: https://www.virustotal.com/gui/file/76cc21b1dfe2b839f5bba0e90a2c3cb9ce3d29f9b5e70c50d04f69bf9c21f1e1/detection # Reference: https://www.virustotal.com/gui/file/3c758a47e63a69f826091543c4b3ebe8198f4928f769cdf571b3b3ffdf9cea9b/detection 194.15.216.218:11940 alemaoautopecas.com arquivosclientes.online atendimento-arquivos.com contatosclientes.services fantasiacinematica.online cartolabrasil.com # Reference: https://twitter.com/JAMESWT_MHT/status/1686693663600959488 # Reference: https://www.virustotal.com/gui/ip-address/38.60.216.75/relations # Reference: https://app.any.run/tasks/e493067a-3c2b-480e-9d4d-fe7dee17b16e/ # Reference: https://www.virustotal.com/gui/file/eb7422a5e1d44906531dc6e5357468200c57eeb616bb288acd9b9e4d526b5c49/detection espinafrehome.com # Reference: https://twitter.com/ThreatBookLabs/status/1688184398653382656 # Reference: https://www.virustotal.com/gui/file/59fc50d5d9400a0402cd5510d7a0158d20d1cf9a566e8c65b4045a46ef257839/detection kingalem.no-ip.org # Reference: https://www.virustotal.com/gui/file/bee71f38e39043227cd2454d3fbc1a9f260248c92c797ef404ca90669a2e24f2/detection novossim.com cc23c237.thaieasydns.com mastercash237237.servehttp.com mastercash237238.servehttp.com mastercash237239.servehttp.com nostra23770.thaieasydns.com # Reference: https://threatfox.abuse.ch/browse/malware/jar.banload/ bagnovo.duckdns.org felfacturas.serveexchange.com pancinhabrasil.duckdns.org # Reference: https://www.virustotal.com/gui/ip-address/4.228.57.28/relations # Reference: https://www.virustotal.com/gui/file/102d058393d47801d714fa7af1d7a68280984f325f2af731dfaa80d3757d1ba6/detection # Reference: https://www.virustotal.com/gui/file/96eee4f2533216ed17187439a80704beb001458772a51253a00c385605f7caed/detection contabilidade3irmaos.com marmitariasaobernado.com # Reference: https://www.virustotal.com/gui/file/1608dc13532992176305dd7ee7e5574d1750edd20bd7481b145566d2771fdef4/detection 27.124.36.23:12345 27.124.36.23:8080 jnybf.gotdns.com xdks.selfip.com # Reference: https://www.virustotal.com/gui/file/e83d77bc8516a2b79979e15193f29293f81ddede663babdffadda31b6816c378/detection carcarah.game-server.cc # Reference: https://www.virustotal.com/gui/file/d2359d42fb8b0b4dcd4ad2fba4239440600b31b2fcf1e9c70997024e808fd2d5/detection avisos-kalitop.duckdns.org /bnmyj35/lw1.php # Reference: https://www.virustotal.com/gui/file/61e2b01ecd0591e16907a64e0064bb25305cf2714898af952767500d77373920/detection servidoressmtps.sytes.net # Reference: https://twitter.com/JAMESWT_MHT/status/1729109795905413587 # Reference: https://www.virustotal.com/gui/file/cefcb2def056527eb0f8c63019b0fb1f080cb430fabc345cd5784c7d71439fe2/detection jf27z.app.goo.gl # Reference: https://www.virustotal.com/gui/file/0269114cddff224ac896111843a7a4c7d61696933ce1d8b9d0940e46c43511b4/detection thekiwi.club petitbrun1.websiteseguro.com # Reference: https://threatfox.abuse.ch/ioc/1211203/ arenterprese2023.is-a-caterer.com # Reference: https://www.virustotal.com/gui/file/11f7dd1f31a21800737152a2146f25f4f19ebe1399351dc8f93da0960ab59c01/detection srv434307.hstgr.cloud # Reference: https://twitter.com/naumovax/status/1783157180482330859 # Reference: https://www.virustotal.com/gui/file/21ea08b654bff294ac1266fdac15711e1436f66a29053117b4128e48226f247f/detection # Reference: https://www.virustotal.com/gui/file/25517d74909089984bc23d6ed441fad051fa75919efe31a59e28c0adef7a65f0/detection http://67.23.231.76 /bbs/.dc/infecteds.php /bbs/.dc/infecteds.php?&vit= /bbs/.dc/phpiespana.php /bbs/.dc/phpiespana.php?&vit= # Reference: https://twitter.com/banthisguy9349/status/1783064442210513213 # Reference: https://www.virustotal.com/gui/file/bafd74790fa95d49afac2710dd231ec413dfd0078b57efd75e20704e28a36fe8/detection # Reference: https://www.virustotal.com/gui/file/9baba9e4c8cbdc25b71ed0ab4ea7586c6bc3f0639b6a96c828a52a5dafe16c9a/detection # Reference: https://www.virustotal.com/gui/file/06a9de0b7a1ce8a57375a10ea12f030a618e5f56d695f7e582c6ff79e7554757/detection 45.88.90.32:5000 45.88.90.68:5000 dsahgduoi.ddns.net # Reference: https://twitter.com/naumovax/status/1783461745954013309 # Reference: https://www.virustotal.com/gui/file/f1dfdb145e5eaa6dbdc6e5b15ef04832476f5602aab19262e28552e11dcd6e7d/detection # Reference: https://www.virustotal.com/gui/file/d97e3271b25dacc5bba07b56524fb72586efdd34e09732331efed207ac98fb4e/detection # Reference: https://www.virustotal.com/gui/file/ba75a09cb2c7a3bdce016eef3ff72d4a8035842716ddc1b1b73fa18b08ad9804/detection ormskirkhistoricalsociety.co.uk/site/content/users/themes/index1.php # Generic /ezemeneotewdoiazbi.djx /ezemeneroaelenozi.djx