# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Aliases: neurevt # Reference: https://twitter.com/James_inthe_box/status/1131561504375836673 zolaelectrics.com # Reference: https://twitter.com/pollo290987/status/1100450079515783169 moscow11.host # Reference: https://twitter.com/justmlwhunting/status/1088734644072255489 kas919be.pw # Reference: https://twitter.com/pollo290987/status/1083026735841587202 moscow77.online # Reference: https://twitter.com/jorgemieres/status/1136354513592307712 russk3.icu # Reference: https://twitter.com/P3pperP0tts/status/1142245531604934656 bundasteels.com # Reference: http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Trojan:Win32/Neurevt.A#tab=2 strike-file-hosting.us # Reference: https://threatrecon.wapacklabs.com/malware/betabot/dnsmh6Ew2rsF8V9Ipwy7RtjSKcFv6JQ6lBm37nriIHM%3D upcomingsong.com # Reference: https://pastebin.com/CenCYkHs sinsec.net wachaoutlol.com # Reference: https://www.virustotal.com/gui/domain/hellokiwi.in/relations # Reference: https://www.virustotal.com/gui/file/978527e2afa1887c75a995f7271942d7735fbefc13f2caef5a85010943c90996/detection hellokiwi.in # Reference: https://blog.talosintelligence.com/2019/10/threat-roundup-for-september-27-to.html (# Win.Malware.Neurevt-7192122-0) 12thegamejuststarted10k12.com 2uandmearevideos2k2.com 6worldwipemek6.com allegro.ga doombringer.pw dqwjnewkwefewaaaaa3.com emicrosoft.eu fapncam.com frizzcams.com frky7.name kasn5.name marklou1.eu myssfii.eu pl1.co.vu s1allegro.net theafam.info up-windows.in update-silo.com # Reference: http://tracker.viriback.com/dump.php (# 2019-11-04, BetaBot) piszej.xyz squickycab.ga usb-drive.ru xiaodaoj.club # Reference: https://app.any.run/tasks/4b59b6c9-f5da-4134-ae98-46a885ff30e2/ russk6.icu russk7.icu russk8.icu russk9.icu # Reference: https://app.any.run/tasks/1add35db-0da6-44dd-8020-135abe5196db/ pitchstak.ga # Reference: https://app.any.run/tasks/dbdbcdc9-8903-48f5-aa5c-b89928456031/ russk11.icu # Reference: https://pastebin.com/p0vBRBTE betabot.pw mandahp.ie riyanshoppingbags.com rollscar.pk # Reference: https://pastebin.com/EscWd1Cx asdsadasrdc.ug cvxmhbfghdsd.ug micozup.ru puruntis.ug timecheck.ug # Reference: https://news.sophos.com/en-us/2020/05/14/raticate/ negrodesigns.ga stngpetty.ga webxpo.ga # Reference: https://www.virustotal.com/gui/file/33ea7a0d037f1c8f8ef8f567e83fde7329a4158986d5c331ded698eaa2408410/detection 173.46.85.68:2016 # Reference: https://twitter.com/ganeshnathan28/status/1298112354631155712 # Reference: https://www.virustotal.com/gui/domain/winqits.com/relations winqits.com # Reference: https://app.any.run/tasks/5585447c-1870-4140-9cbe-1566c51f5d3c/ sinomatics.ga # Reference: https://app.any.run/tasks/7331a0a9-6747-4ae4-a94f-cf11c6d57261/ # Reference: https://www.virustotal.com/gui/file/d55d2d63aad9a8d3ca2c5f7fbbd8074d792c2a58ebc6e8dd00b369256cf2a1c8/behavior/Dr.Web%20vxCube # Reference: https://app.any.run/tasks/9a16b195-297a-4f0d-8c27-9be517448789/ russk16.icu beyondthebold.com # Reference: https://www.virustotal.com/gui/file/634ad02fba5314a9c69334923a448c452550e08427ca7edb11d2d984eb66c115/detection # Reference: https://www.virustotal.com/gui/file/548b424bedcb831086fb9ab5b6e284a7a71a53e430acad99155153a869844570/detection # Reference: https://www.virustotal.com/gui/file/72ce154f40ba7fe038a21f18c4be45ab20e7d0a7759b072503c506ad3ba56d30/detection # Reference: https://www.virustotal.com/gui/file/65c1b7b845bb0bf116c7a72fbf146e351c8e3138ec99f9015e502f96640e264d/detection alldayever231.su askjhdaskdhshjfhf.ru fdsfsgagdfgdf.ru kanorkanor23.ru kdfrghdkfj34.ru kikidoyoulabme222.ru micozup.ru skdjgfbsdkjbfns3423.ru sprakitiktitkitik2322225431.ru tantarantantan23.ru tarssdsfdfsdr23.ru # Reference: https://github.com/stamparm/maltrail/commit/733a4d2029755ad71c84caf07fc8dfb0e8332e60 (# Betabot) adamestrde.in androcp.cloudns.pw clivertradesbiz.in dqwjnewkwefewaaaaa1.com exchangeprofitchop.biz fallencrafts.info germoetwa.com leadstome.fr liklemvor.sx lovingthe.crabdance.com mypaintdressk13.com securedcomputer.eu tempotac.biz theshangai.info truslibiz.in # Reference: https://www.hybrid-analysis.com/sample/c41082bc8e07d463a822f4c159d19520dcf9b1679912fe0d702856012ae6a22a?environmentId=100 # Reference: https://www.virustotal.com/gui/file/43f5b7549f48647435bd16f0b3de6af89b9c290ab9ae258b6d5d3f171e58b22f/behavior i784we65o4ikes.pw i784we65o4ikes.ru i784we65o4ikes.org.ru bmwirving.com weqrandcx.su # Reference: https://open.appscan.io/article-235.html bitdefenderesupdate.ru bothobo.ru downstars.ru gongotraa.com gtrtoolie.com ilous.ru indexer4.ru jfijalgjiookfuje.su kolno.pw krovne.win krustpil.top magoooo.su opixib.bid paweln1.ru vulica.top # Reference: https://app.any.run/tasks/2709ed88-8c4b-42ca-807e-3cccef76233e/ russk16.icu russk17.icu morningstarlincoln.co.uk/site/llllllllll/ # Reference: https://twitter.com/wwp96/status/1369334028558626822 rusianlover.icu siidocumentos.icu # Reference: https://twitter.com/malwrhunterteam/status/1375035932441726978 xtkehjjerbk.icu # Reference: https://www.virustotal.com/gui/file/b20f5ca59efe8878614e7a7e385b8ec1b2cdb35ec5d30a6e31f442a9d701fe65/detection asm3aafs4gzafzf5ag.pw fule12ziasxh.ru geomansre123a.ru hisellv7aza4er.pw hitechawarereer.pw leloner.pw w85naonerash.ru # Reference: https://www.virustotal.com/gui/file/b900f3615a19ad4b55f2f70351455d722386b6a9ec76e0a3875489ef51854800/detection berlivildn.ru burtestbuldes.ru daulmustrong.ru maizonaterstin.ru paracetomolinfo.ru sainportz.ru sentembertolls.ru verybadprozak.ru # Reference: https://twitter.com/pollo290987/status/1394938640376209412 # Reference: https://www.virustotal.com/gui/file/3a2c441a96936c089c1444f4cd50436593fcd43a18c80a1699fc6b2d62dd6907/detection moscow13.at russk17.icu russk18.icu # Reference: https://www.virustotal.com/gui/file/d6893d59585fdf607092668ae7cdf9e3cd508efe18678c832f7c42c9a58bebb1/detection rusav1.icu rusav2.icu # Reference: https://www.virustotal.com/gui/ip-address/23.106.215.83/relations moscow22.icu pppfinder.icu # Reference: https://www.virustotal.com/gui/ip-address/204.16.247.190/relations moscow11.at # Reference: https://www.virustotal.com/gui/ip-address/213.227.155.145/relations russk5.icu # Reference: https://www.virustotal.com/gui/ip-address/185.193.38.160/detection russk12.icu russk13.icu # Reference: https://www.virustotal.com/gui/ip-address/45.153.240.151/detection russk14.icu # Reference: https://www.virustotal.com/gui/ip-address/45.147.229.23/relations russk15.icu # Reference: https://www.virustotal.com/gui/ip-address/213.227.154.134/detection xmpzi.icu # Reference: https://www.virustotal.com/gui/file/923945b086c39c8a6ec66ad3645d44212a8e92d080e6699f9ea0ccf55e43a77a/detection eastexs.com # Reference: https://www.virustotal.com/gui/file/054b7c5d38a00ecfc40168d4dc21610139c5ab6a46d2a0e851ef100397d5e5e9/detection cwjamaica.us # Reference: https://www.virustotal.com/gui/file/d315d64f46a55ef8edbce45aa779ee321bb76cf17a28c21a9c10efc22431ca0d/detection botstars.net # Reference: https://www.virustotal.com/gui/file/468f9abc380cedf17528958eb0ccd8e42e100e05ecb250f31a11d3f946765990/detection brascase-br.com # Reference: https://app.any.run/tasks/c4ea39c5-00d6-4388-861b-fa189d3f9e0b/ globalxpert.pw qvpumps.com rosnfet.com woeer.com/pixies/admin/admin/temp/be/megaman/order.php # Reference: https://www.virustotal.com/gui/file/65fd867d489a0524338fd453a0855d29bb6e0e7e23f9c741f6fd10da870f76e7/detection dedimartbay.top # Reference: https://blog.talosintelligence.com/2021/08/neurevt-trojan-takes-aim-at-mexican.html russk19.icu russk20.icu russk21.icu russk22.icu saltoune.xyz # Generic /j7csltegf/login.php /panels_encoded/login.php /panels_encoded/logout.php /skins/betpla/PHP/ /div/me.exe /wid/logout.php /kin/logout.php