# Copyright (c) 2014-2023 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Reference: https://www.welivesecurity.com/2019/10/03/casbaneiro-trojan-dangerous-cooking/ # Reference: https://otx.alienvault.com/pulse/5d95e1d8a958c288f7e3d6ed 4d9p5678.myvnc.com agosto2019.servepics.com hostsize.sytes.net noturnis.zapto.org seradessavez.ddns.net # Reference: https://twitter.com/JAMESWT_MHT/status/1245383637442482178 newlife2020.club vqz8.gotdns.ch # Reference: https://twitter.com/JAMESWT_MHT/status/1245399620945092609 jkue.myftp.biz # Reference: https://twitter.com/JAMESWT_MHT/status/1268811438707159040 nhoquemassa.com # Reference: https://twitter.com/JAMESWT_MHT/status/1272427444486766592 # Reference: https://app.any.run/tasks/7ac99b76-0ac3-4764-bfa3-e35925ecb39b/ albumdepremios.com.br hostmeusite.ddns.net # Reference: https://twitter.com/JAMESWT_MHT/status/1277476249988972544 # Reference: https://app.any.run/tasks/00594f1b-f778-49ea-bfc5-2a0853a41347/ apkelites10.com baza.alta-bars.ru # Reference: https://twitter.com/ffforward/status/1329507229066801153 # Reference: https://www.virustotal.com/gui/ip-address/128.199.139.227/relations # Reference: https://pastebin.com/gNgD4PS2 09dfwss6g1v73sya.online 2xo0uaqv4cqds331mart.online 3n1ujw621vaxpro.online 4atcj6ygql4l.online 4yw2twoy438df9qt.online 6c48ax07dy25hvu0hub.online ah0nm2v13mhl8ynn.online cevda3jvv5oz1t37.online fd8nvvlufung.website k6ue95v1ca2r.online l155vcram2hl6ws0.online mpy8n37wvwu2.website mpy8n37wvwu2now.online p77x09sqwx37j1l2.online udndtiho0q7r.online v6pa59086808a28mpro.online x50zbqev4po5.online x6vl9710f400g7alstar.online yuphsa6qwtg5.online z5im1ou9o480se02pro.online zfi8ny6yi30s.website zfi8ny6yi30shub.online # Reference: https://www.virustotal.com/gui/file/be1ff9ea0cd1d99838eedabc9d4faba081d1fbf9c7c94d2575b70c64ba2298ed/detection chooseanother.com # Reference: https://twitter.com/ESETresearch/status/1367456126195924993 # Reference: https://twitter.com/ESETresearch/status/1367456135389851648 http://178.32.119.184/upa/2302 http://46.4.141.206a21/ld/index.php a8b.site cnn2602.gotdns.ch fiscal.canadaeast.cloudapp.azure.com # Reference: https://twitter.com/ffforward/status/1485619226023018498 hunntjadhfgempresafactura.com solitudeempresasfactura.com tyjghhasdempresasfactura.com # Reference: https://twitter.com/ffforward/status/1486067904814764036 # Reference: https://www.virustotal.com/gui/ip-address/77.243.85.107/relations down425.xyz down5861.serveblog.net 62rdsfvcxza.freedynamicdns.net # Reference: https://twitter.com/1ZRR4H/status/1486075893596491785 mgjw.zapto.org # Reference: https://twitter.com/pr0xylife/status/1486082528578576386 # Reference: https://www.virustotal.com/gui/ip-address/149.248.50.230/relations # Reference: https://www.virustotal.com/gui/file/84da58457b87687c8247d862ca1c0c709a29e5e2856af27e52e433931fc1d0d5/detection # Reference: https://www.virustotal.com/gui/file/ee1869a4c8346e495891f8234258e1112363538bd84b102f5e57df6902488293/detection contmxlk.gotdns.ch contmx1.website contxm3.ddnsking.com # Reference: https://twitter.com/StopMalvertisin/status/1491336673518813184 /Contador/serv.php # Reference: https://twitter.com/malware_traffic/status/1491514321309822978 158.69.110.217:42112 fischerpersianas.duckdns.org obarrielsoluctionssx.com /DocBr20?VF9C32I0402/4L84VA5UEVELFX0Q76L9S1K8J9/ /DocBr20?VF9C32I0402/ /4L84VA5UEVELFX0Q76L9S1K8J9/ # Reference: https://twitter.com/1ZRR4H/status/1525175056283877379 http://172.105.111.154 /a1a/10/index.php # Reference: https://www.virustotal.com/gui/file/a41185db4d4c0accc3339f07a63965f0cbd7920fd38564f0c78944def57abfb6/detection mercadoenvios1.loseyourip.com # Reference: https://twitter.com/AvastThreatLabs/status/1560562872932978689 http://172.105.111.154 http://192.46.216.151 tributaria.website vin6.icu # Reference: https://twitter.com/pollo290987/status/1571897876988719106 # Reference: https://twitter.com/johnk3r/status/1572626297339224064 # Reference: https://www.virustotal.com/gui/file/e35bc9f085d3c7ec459e11452913b20fb44bf32ecd9b5e6dd3e12598d127dae9/detection http://40.124.25.196 /cliente/vamoqvamo.php /vamospracima/seligamano.php /vamospracima/vamoqvamo.php /vamoqvamo.php # Reference: https://twitter.com/nuria_imeq/status/1583106258202394625 recibopagosmx2022.blob.core.windows.net # Reference: https://twitter.com/pollo290987/status/1653112689189609482 http://185.185.87.45 http://51.38.235.152 http://89.117.37.61 amarte.store fnfactura.cfd # Generic /J8v0x5a3a6v4x0BTCsc/