# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Aliases: modiloader # Reference: https://twitter.com/Artilllerie/status/1299249738764689413 # Reference: https://www.virustotal.com/gui/file/94dc4632159764895ff15118dacc7c5b4c3f84722b4ae5c89b9b120adeec92bf/detection # Reference: https://www.virustotal.com/gui/file/e832fe2b9251b58442d1c9e380ae5f5d338af57a43329f79786e333c15507ec4/detection # Reference: https://app.any.run/tasks/30d9b08f-32f4-4587-aa9b-3763a75158d1/ # Reference: https://www.virustotal.com/gui/ip-address/5.45.65.79/relations 5.45.65.79:2480 eebucks.com malwarebytes-antiav.club # Reference: https://www.virustotal.com/gui/file/4b63c982aee1f4c3e13daae7b9b0e759886868ee8f4023273d24872f9cb134dc/detection 5.45.65.79:3970 # Reference: https://www.virustotal.com/gui/file/e8ab9b3a12a13d810cda38eebe879f86eb8ce05df931f3779d6f7d12117b114a/detection 5.45.65.79:3590 # Reference: https://www.virustotal.com/gui/file/463cc27ff212d544c70cc300dc0b604480133b282dc34b3c396cb6a12d0056ba/detection 5.45.65.79:2980 # Reference: https://www.virustotal.com/gui/file/2edafdccbc4a5c27a318ff171fcc8ac4a87d0794a32fd0a78b5bc6eb7e67bc2b/detection # Reference: https://www.virustotal.com/gui/file/bd00e5680241c32c2e1daa90c0c8423b849ed28493a357f6dbc41df3a2387e5d/detection http://37.1.206.213 5.45.65.79:2780 greencolor.top # Reference: https://app.any.run/tasks/648bae3a-f1e7-4da4-a36e-76d077f4e768/ 217.8.117.53:3590 # Reference: https://www.virustotal.com/gui/file/e9ee1c2f01a7d2a469388977f47916e6ccc9efe5fb2c1191c7b5e92781f5e70d/detection 195.22.26.248:8000 # Reference: https://www.virustotal.com/gui/file/10028099a0d2c2aaa8e940228b415688d958b7b9fa5649f9577b96cfd0b96c51/detection 217.8.117.79:16481 # Reference: https://www.virustotal.com/gui/file/d968dc2aabd69cae18f1ffc2f6c6f2ce06447176b2278f09c4b3d923c8314afe/detection 217.8.117.79:54193 # Reference: https://www.virustotal.com/gui/file/4e64ca30a26bdd2acf5caac9455287f38e2d0dc383bbdbf7c46b15c1820e578d/detection 217.8.117.74:3590 # Reference: https://twitter.com/JAMESWT_MHT/status/1329728270326247425 # Reference: https://bazaar.abuse.ch/sample/5c3f5dec5271e020a29643f1e75b7a6b07bb52562ee8426b21e7d76e9a46661b/ # Reference: https://analyze.intezer.com/analyses/55ad918a-ba00-497f-a2c5-262c957aa52f/sub/dc9bf2d0-cfce-46e1-8b22-6034f5df3d68 217.8.117.74:8364 # Reference: https://www.virustotal.com/gui/file/ed5215be40b05fe324dfd185a741a48c604215482095e1953bfdad62725c8092/detection hwwleqqwkjdfuy.com # Reference: https://www.virustotal.com/gui/file/b2f7094f521419809d946a68870b02bdd3a928c5a4d57ccdaea3b8f49bb96151/detection 217.8.117.97:33025 # Reference: https://github.com/pan-unit42/tweets/blob/master/2020-12-10-IOCs-from-Ursnif-infection-with-Delf-variant.txt # Reference: https://www.virustotal.com/gui/file/b2cc1c54c3bbde2a7c0c0a32396bc6dba4d327d7a83278f478dce2f59d6751ef/detection 79.110.52.28:15497 # Reference: https://www.virustotal.com/gui/file/669946cb003998b4a5ab68a9c6d5ae5c2f5f61a17944e27f9337f2cf60b4c0c5/detection arikazan-tr.com /xvxaetxvxaetxvxaet/ /Gerrmeuhzjkespaxdqqgkgrrtmeeuao /Okeaedjbdqjkshokyzlnkxiegvbzpqm12345 /xvxaetxvxaetxvxaet/xvxa/Gerrmeuhzjkespaxdqqgkgrrtmeeuao /xvxaetxvxaetxvxaet/xvxa/Okeaedjbdqjkshokyzlnkxiegvbzpqm12345 # Reference: https://www.virustotal.com/gui/file/e6d71dba4a3176c7fdb65a537049abc924b71a0bbd4930d33f26f98fe25c7041/detection 185.140.53.4:7645 blessings4x4.hopto.org # Reference: https://otx.alienvault.com/pulse/622f4f68476d6fb93502ddb8 # Reference: https://www.virustotal.com/gui/file/0f4d50c980e179099c572e34e0bfde32460ab9ce844465ba2640ea68b64ffaea/detection http://92.53.105.248 http://92.53.127.77 /tst/ins_cont.php # Reference: https://twitter.com/wwp96/status/1635317482834767872 # Reference: https://app.any.run/tasks/c3e70af0-64f1-4ad8-88ff-0b41ddd034ee/ # Reference: https://www.virustotal.com/gui/file/9f8afb109c9b23b3b9645ecf1d44dd25d866472242239c766cac33a31d66a98d/detection cloud-doc.nerdpol.ovh # Reference: https://urlhaus.abuse.ch/host/87.121.221.212 # Reference: https://www.virustotal.com/gui/file/09cd06d0f424d0bd748bc22933dea5e0e5ffe527fb4e686bb17c57ca702dc991/detection http://87.121.221.212 87.121.221.212:7888 adaisreal.ddns.net # Reference: https://www.virustotal.com/gui/file/61c50d45592f4facf7f845e14b2268edcbf7096492e5c5d61a319b8062328a6b/detection 213.152.162.10:24535 dwk.ddns.net # Reference: https://www.virustotal.com/gui/file/013a0521531b96d98a0a7a8ba08111cb6d8c51d30b895503a3e1eeac3949a75c/detection lordlucifer.freetcp.com # Reference: https://isc.sans.edu/diary/rss/30388 # Reference: https://otx.alienvault.com/pulse/654ce52f3a03158c76e694a8 # Reference: https://www.virustotal.com/gui/file/e3471a6c13327493f5d5990cce84c095e66d83a4554e01f3eb891c15750acf60/detection 5528981.com betaplex.click grupolubriso.live k1l1b1.top xbavju.top /mvbg/?ZqHTM15= /?ZqHTM15= # Reference: https://twitter.com/karol_paciorek/status/1751972910191784072 # Reference: https://www.virustotal.com/gui/file/47e114da6c23a27f3819cf2196a32ecce21d35af8e85d4ebebcdea6edc5e7914/detection 147.50.253.30:8888 # Reference: https://twitter.com/karol_paciorek/status/1782384606378967350 209.126.87.92:8888 premiere-coal-tonight-procedure.trycloudflare.com # Reference: https://twitter.com/banthisguy9349/status/1782385827080802708 209.126.87.35:8080