# Copyright (c) 2014-2023 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Aliases: modiloader # Reference: https://twitter.com/Artilllerie/status/1299249738764689413 # Reference: https://www.virustotal.com/gui/file/94dc4632159764895ff15118dacc7c5b4c3f84722b4ae5c89b9b120adeec92bf/detection # Reference: https://www.virustotal.com/gui/file/e832fe2b9251b58442d1c9e380ae5f5d338af57a43329f79786e333c15507ec4/detection # Reference: https://app.any.run/tasks/30d9b08f-32f4-4587-aa9b-3763a75158d1/ # Reference: https://www.virustotal.com/gui/ip-address/5.45.65.79/relations 5.45.65.79:2480 eebucks.com malwarebytes-antiav.club # Reference: https://www.virustotal.com/gui/file/4b63c982aee1f4c3e13daae7b9b0e759886868ee8f4023273d24872f9cb134dc/detection 5.45.65.79:3970 # Reference: https://www.virustotal.com/gui/file/e8ab9b3a12a13d810cda38eebe879f86eb8ce05df931f3779d6f7d12117b114a/detection 5.45.65.79:3590 # Reference: https://www.virustotal.com/gui/file/463cc27ff212d544c70cc300dc0b604480133b282dc34b3c396cb6a12d0056ba/detection 5.45.65.79:2980 # Reference: https://www.virustotal.com/gui/file/2edafdccbc4a5c27a318ff171fcc8ac4a87d0794a32fd0a78b5bc6eb7e67bc2b/detection # Reference: https://www.virustotal.com/gui/file/bd00e5680241c32c2e1daa90c0c8423b849ed28493a357f6dbc41df3a2387e5d/detection http://37.1.206.213 5.45.65.79:2780 greencolor.top # Reference: https://app.any.run/tasks/648bae3a-f1e7-4da4-a36e-76d077f4e768/ 217.8.117.53:3590 # Reference: https://www.virustotal.com/gui/file/e9ee1c2f01a7d2a469388977f47916e6ccc9efe5fb2c1191c7b5e92781f5e70d/detection 195.22.26.248:8000 # Reference: https://www.virustotal.com/gui/file/10028099a0d2c2aaa8e940228b415688d958b7b9fa5649f9577b96cfd0b96c51/detection 217.8.117.79:16481 # Reference: https://www.virustotal.com/gui/file/d968dc2aabd69cae18f1ffc2f6c6f2ce06447176b2278f09c4b3d923c8314afe/detection 217.8.117.79:54193 # Reference: https://www.virustotal.com/gui/file/4e64ca30a26bdd2acf5caac9455287f38e2d0dc383bbdbf7c46b15c1820e578d/detection 217.8.117.74:3590 # Reference: https://twitter.com/JAMESWT_MHT/status/1329728270326247425 # Reference: https://bazaar.abuse.ch/sample/5c3f5dec5271e020a29643f1e75b7a6b07bb52562ee8426b21e7d76e9a46661b/ # Reference: https://analyze.intezer.com/analyses/55ad918a-ba00-497f-a2c5-262c957aa52f/sub/dc9bf2d0-cfce-46e1-8b22-6034f5df3d68 217.8.117.74:8364 # Reference: https://www.virustotal.com/gui/file/ed5215be40b05fe324dfd185a741a48c604215482095e1953bfdad62725c8092/detection hwwleqqwkjdfuy.com # Reference: https://www.virustotal.com/gui/file/b2f7094f521419809d946a68870b02bdd3a928c5a4d57ccdaea3b8f49bb96151/detection 217.8.117.97:33025 # Reference: https://github.com/pan-unit42/tweets/blob/master/2020-12-10-IOCs-from-Ursnif-infection-with-Delf-variant.txt # Reference: https://www.virustotal.com/gui/file/b2cc1c54c3bbde2a7c0c0a32396bc6dba4d327d7a83278f478dce2f59d6751ef/detection 79.110.52.28:15497 # Reference: https://www.virustotal.com/gui/file/669946cb003998b4a5ab68a9c6d5ae5c2f5f61a17944e27f9337f2cf60b4c0c5/detection arikazan-tr.com /xvxaetxvxaetxvxaet/ /Gerrmeuhzjkespaxdqqgkgrrtmeeuao /Okeaedjbdqjkshokyzlnkxiegvbzpqm12345 /xvxaetxvxaetxvxaet/xvxa/Gerrmeuhzjkespaxdqqgkgrrtmeeuao /xvxaetxvxaetxvxaet/xvxa/Okeaedjbdqjkshokyzlnkxiegvbzpqm12345 # Reference: https://www.virustotal.com/gui/file/e6d71dba4a3176c7fdb65a537049abc924b71a0bbd4930d33f26f98fe25c7041/detection 185.140.53.4:7645 blessings4x4.hopto.org # Reference: https://otx.alienvault.com/pulse/622f4f68476d6fb93502ddb8 # Reference: https://www.virustotal.com/gui/file/0f4d50c980e179099c572e34e0bfde32460ab9ce844465ba2640ea68b64ffaea/detection http://92.53.105.248 http://92.53.127.77 /tst/ins_cont.php # Reference: https://twitter.com/wwp96/status/1635317482834767872 # Reference: https://app.any.run/tasks/c3e70af0-64f1-4ad8-88ff-0b41ddd034ee/ # Reference: https://www.virustotal.com/gui/file/9f8afb109c9b23b3b9645ecf1d44dd25d866472242239c766cac33a31d66a98d/detection cloud-doc.nerdpol.ovh