# Copyright (c) 2014-2023 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Reference: https://www.mandiant.com/resources/seo-poisoning-batloader-atera # Reference: https://www.virustotal.com/gui/file/e3d7f1af2bc790cf143827d2335b594dc3d54a0f49cb61e0b8d6a2d1f0ad27cb/detection # Reference: https://www.virustotal.com/gui/file/0c3b0dda9f006860a3dfa7be0adb0194a5dfd5a4a1377933e7fb3681b8aadef7/detection bartmaaz.com cloudfiletehnology.com clouds222.com cmdadminu.com commandaadmin.com firsone1.online kdsjdsadas.online pornofilmspremium.com sweepcakesoffers.com team-viewer.site websekir.com zoomvideo-s.com zoomvideo.site # Reference: https://assets.sentinelone.com/sentinellabs/SentinelLabs-Zloader # Reference: https://otx.alienvault.com/pulse/614056687e876ee92b3f7a1e teamviewerdownload.fastforbusinessandpersonaluserourserviceaugust.alightindarkplacesbook.com # Reference: https://tracker.viriback.com/ (# Batloader) # Reference: https://twitter.com/1ZRR4H/status/1575364101148114944 a1a2a3b4.com /013x1s/index/login /01ex93/index/login /g5i0nq/index/login /p01kpc/index/login /p3dr01/index/login /sh1z01/index/login /t1mw0r/index/login /tyr4i1/index/login /013x1s/index/ /01ex93/index/ /g5i0nq/index/ /p01kpc/index/ /p3dr01/index/ /sh1z01/index/ /t1mw0r/index/ /tyr4i1/index/ # Reference: https://twitter.com/1ZRR4H/status/1575364113542389762 anydeskos.com logmein-cloud.com teamcloudcomputing.com teamviewclouds.com zoomcloudcomputing.tech # Reference: https://twitter.com/AlbertPriego/status/1575494025875927041 adueledem.online appszik.com /amzccadvadmin # Reference: https://twitter.com/r3dbU7z/status/1579235837833011201 hank2004.kr hkmts.kr # Reference: https://twitter.com/nosecurething/status/1584674460577124352 externalchecksso.com # Reference: https://twitter.com/SquiblydooBlog/status/1584927323916500993 zoomyclouds.com # Reference: https://twitter.com/nosecurething/status/1585442441175482368 internalchecksso.com # Reference: https://twitter.com/th3_protoCOL/status/1587823143854698497 cloudanydesk.com cloudsintheslack.com cloudsteamview.com zoomyinclouds.com # Reference: https://twitter.com/th3_protoCOL/status/1590469424804663297 photo-editor-mark.com # Reference: https://twitter.com/nosecurething/status/1593037461915303938 # Reference: https://twitter.com/nosecurething/status/1593037467858644992 24xpixeladvertising.com # Reference: https://twitter.com/mojoesec/status/1593351287835222016 t1pixel.com t1pixelsite.com # Reference: https://twitter.com/1ZRR4H/status/1596563151956619265 clodtechnology.com # Reference: https://twitter.com/ian_kenefick/status/1596604099524726786 grammarlycheck2.com # Reference: https://twitter.com/ViriBack/status/1597693963649323008 installationupgrade6.com /0ssdt1/index/login # Reference: https://twitter.com/nosecurething/status/1598394820665524224 installationsoftware1.com # Reference: https://twitter.com/mojoesec/status/1598415404036128769 updatecloudservice1.com # Reference: https://twitter.com/AdamTheAnalyst/status/1599798656886247424 installationsoftware2.com installationupgrade20.com slackoffercloud.com teamoffercloud.com # Reference: https://twitter.com/mojoesec/status/1599854170692935680 anydeskinvestingo.com updateclientssoftware.com zoominvestingoffer.com # Reference: https://twitter.com/1ZRR4H/status/1600002894207803394 anydeskofferblackfriday.com logmeinofferblackfriday.com zoomofferblackfriday.com # Reference: https://twitter.com/nosecurething/status/1603560949511774208 ads-check.com # Reference: https://www.trendmicro.com/en_us/research/23/a/batloader-malware-abuses-legitimate-tools-uses-obfuscated-javasc.html # Reference: https://otx.alienvault.com/pulse/63c9447eb94ba08faec4307d 105105105015.com internalcheckssso.com slackcloudservices.com # Reference: https://twitter.com/ian_kenefick/status/1616929484879368192 statisticpixels.com