# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Aliases: neurevt # Reference: https://twitter.com/James_inthe_box/status/1131561504375836673 zolaelectrics.com # Reference: https://twitter.com/pollo290987/status/1100450079515783169 moscow11.host # Reference: https://twitter.com/justmlwhunting/status/1088734644072255489 kas919be.pw # Reference: https://twitter.com/pollo290987/status/1083026735841587202 moscow77.online # Reference: https://twitter.com/jorgemieres/status/1136354513592307712 russk3.icu # Reference: https://twitter.com/P3pperP0tts/status/1142245531604934656 bundasteels.com # Reference: http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Trojan:Win32/Neurevt.A#tab=2 strike-file-hosting.us # Reference: https://threatrecon.wapacklabs.com/malware/betabot/dnsmh6Ew2rsF8V9Ipwy7RtjSKcFv6JQ6lBm37nriIHM%3D upcomingsong.com # Reference: https://pastebin.com/CenCYkHs sinsec.net wachaoutlol.com # Reference: https://www.virustotal.com/gui/domain/hellokiwi.in/relations # Reference: https://www.virustotal.com/gui/file/978527e2afa1887c75a995f7271942d7735fbefc13f2caef5a85010943c90996/detection hellokiwi.in # Reference: https://blog.talosintelligence.com/2019/10/threat-roundup-for-september-27-to.html (# Win.Malware.Neurevt-7192122-0) 12thegamejuststarted10k12.com 2uandmearevideos2k2.com 6worldwipemek6.com allegro.ga doombringer.pw dqwjnewkwefewaaaaa3.com emicrosoft.eu fapncam.com frizzcams.com frky7.name kasn5.name marklou1.eu myssfii.eu pl1.co.vu s1allegro.net theafam.info up-windows.in update-silo.com # Reference: http://tracker.viriback.com/dump.php (# 2019-11-04, BetaBot) piszej.xyz squickycab.ga usb-drive.ru xiaodaoj.club # Reference: https://app.any.run/tasks/4b59b6c9-f5da-4134-ae98-46a885ff30e2/ russk6.icu russk7.icu russk8.icu russk9.icu # Reference: https://app.any.run/tasks/1add35db-0da6-44dd-8020-135abe5196db/ pitchstak.ga # Reference: https://app.any.run/tasks/dbdbcdc9-8903-48f5-aa5c-b89928456031/ russk11.icu # Reference: https://pastebin.com/p0vBRBTE betabot.pw mandahp.ie riyanshoppingbags.com rollscar.pk # Reference: https://pastebin.com/EscWd1Cx asdsadasrdc.ug cvxmhbfghdsd.ug micozup.ru puruntis.ug timecheck.ug # Reference: https://news.sophos.com/en-us/2020/05/14/raticate/ negrodesigns.ga stngpetty.ga webxpo.ga # Reference: https://www.virustotal.com/gui/file/33ea7a0d037f1c8f8ef8f567e83fde7329a4158986d5c331ded698eaa2408410/detection 173.46.85.68:2016 # Reference: https://twitter.com/ganeshnathan28/status/1298112354631155712 # Reference: https://www.virustotal.com/gui/domain/winqits.com/relations winqits.com # Reference: https://app.any.run/tasks/5585447c-1870-4140-9cbe-1566c51f5d3c/ sinomatics.ga # Reference: https://app.any.run/tasks/7331a0a9-6747-4ae4-a94f-cf11c6d57261/ # Reference: https://www.virustotal.com/gui/file/d55d2d63aad9a8d3ca2c5f7fbbd8074d792c2a58ebc6e8dd00b369256cf2a1c8/behavior/Dr.Web%20vxCube # Reference: https://app.any.run/tasks/9a16b195-297a-4f0d-8c27-9be517448789/ russk16.icu beyondthebold.com # Reference: https://www.virustotal.com/gui/file/634ad02fba5314a9c69334923a448c452550e08427ca7edb11d2d984eb66c115/detection # Reference: https://www.virustotal.com/gui/file/548b424bedcb831086fb9ab5b6e284a7a71a53e430acad99155153a869844570/detection # Reference: https://www.virustotal.com/gui/file/72ce154f40ba7fe038a21f18c4be45ab20e7d0a7759b072503c506ad3ba56d30/detection # Reference: https://www.virustotal.com/gui/file/65c1b7b845bb0bf116c7a72fbf146e351c8e3138ec99f9015e502f96640e264d/detection alldayever231.su askjhdaskdhshjfhf.ru fdsfsgagdfgdf.ru kanorkanor23.ru kdfrghdkfj34.ru kikidoyoulabme222.ru micozup.ru skdjgfbsdkjbfns3423.ru sprakitiktitkitik2322225431.ru tantarantantan23.ru tarssdsfdfsdr23.ru # Reference: https://github.com/stamparm/maltrail/commit/733a4d2029755ad71c84caf07fc8dfb0e8332e60 (# Betabot) adamestrde.in androcp.cloudns.pw clivertradesbiz.in dqwjnewkwefewaaaaa1.com exchangeprofitchop.biz fallencrafts.info germoetwa.com leadstome.fr liklemvor.sx lovingthe.crabdance.com mypaintdressk13.com securedcomputer.eu tempotac.biz theshangai.info truslibiz.in # Reference: https://www.hybrid-analysis.com/sample/c41082bc8e07d463a822f4c159d19520dcf9b1679912fe0d702856012ae6a22a?environmentId=100 # Reference: https://www.virustotal.com/gui/file/43f5b7549f48647435bd16f0b3de6af89b9c290ab9ae258b6d5d3f171e58b22f/behavior i784we65o4ikes.pw i784we65o4ikes.ru i784we65o4ikes.org.ru bmwirving.com weqrandcx.su # Reference: https://open.appscan.io/article-235.html bitdefenderesupdate.ru bothobo.ru downstars.ru gongotraa.com gtrtoolie.com ilous.ru indexer4.ru jfijalgjiookfuje.su kolno.pw krovne.win krustpil.top magoooo.su opixib.bid paweln1.ru vulica.top # Generic /panels_encoded/login.php /panels_encoded/logout.php /skins/betpla/PHP/ /div/me.exe /wid/logout.php /kin/logout.php