# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://krabsonsecurity.com/2020/08/22/bitrat-the-latest-in-copy-pasted-malware-by-incompetent-developers/

unknownposdhmyrm.onion

# Reference: https://twitter.com/InQuest/status/1306629050052509698
# Reference: https://twitter.com/James_inthe_box/status/1306632726594740228

212.8.246.213:4858
a2204a0w.beget.tech

# Reference: https://twitter.com/James_inthe_box/status/1312131470119510017
# Reference: https://www.virustotal.com/gui/file/ba318072fe85e168c5fd55a30760ac306f75fa76c2d5ec40533b0505cda1c26d/detection

193.239.147.16:4561

# Reference: https://www.virustotal.com/gui/file/1309f6fa224d2fd53c8fd1399fdb06cc602c80456650fcac7a99ff972ef33fa9/detection

193.239.147.16:5995

# Reference: https://app.any.run/tasks/33316cee-cc80-4b93-afa1-a7d986787900/

86.105.252.202:1337

# Reference: https://app.any.run/tasks/cb155241-20d8-4544-b8fb-bc094c6b4a41/

185.244.128.7:9944

# Reference: https://app.any.run/tasks/698342fb-4581-496e-bcef-d372de715556/

62.173.149.200:1488

# Reference: https://twitter.com/wwp96/status/1328339029021118465
# Reference: https://app.any.run/tasks/27a07edd-459f-47d7-895b-30be0fa69ccb/
# Reference: https://app.any.run/tasks/ecc90db0-667c-4848-a3a7-42763f7de0bd/

79.134.225.14:8070
nexty.dnsupdate.info

# Reference: https://twitter.com/wwp96/status/1336838211008667651
# Reference: https://app.any.run/tasks/53b96245-a143-47f7-bd16-764eb7ff6c6c/

http://192.236.195.143
192.236.195.143:44220

# Reference: https://app.any.run/tasks/716bb70e-5d69-4d95-a090-8b9fd091ff46/

5.9.86.48:4559
watchmovie.world

# Reference: https://twitter.com/reecdeep/status/1345411411829260289
# Reference: https://twitter.com/James_inthe_box/status/1345428580499509248
# Reference: https://app.any.run/tasks/73fc7745-00d6-4ad3-839a-0b615a9143c0/
# Reference: https://www.virustotal.com/gui/file/f5d02bf8a1a6612e21e2165e2008c66347e60436a43b3bf7cae2edc323f50d44/detection

45.15.143.195:5366
kabuto.tk

# Reference: https://twitter.com/executemalware/status/1348826729176059905
# Reference: https://pastebin.com/riNucR5r

45.15.143.216:5210

# Generic

/step_1.php?hwid=
/step_2.php?hwid=
/hwid_update.php?hwid_old=
/client/clientcreate.php?hwid=