# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.welivesecurity.com/2019/11/19/mispadu-advertisement-discounted-unhappy-meal/
# Reference: https://otx.alienvault.com/pulse/5dd3cdf234fc603cc25eba8a

http://18.219.25.133
http://3.19.223.147
http://51.75.95.179
promoscupom.cf

# Reference: https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/mispadu-banking-trojan-resurfaces
# Reference: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
# Reference: https://twitter.com/sirpedrotavares/status/1305076741107519488/
# Reference: https://otx.alienvault.com/pulse/5f6b9eba7dbd6eb5c9a5bfa9

01fckgwxqweod01.ddns.net
01odinxqwefck01.ddns.net
02fckgwxqweod02.ddnsking.com
02odinxqwefck02.ddnsking.com
03fckgwxqweod03.3utilities.com
03odinxqwefck03.3utilities.com
04fckgwxqweod04.bounceme.net
04odinxqwefck04.bounceme.net
05fckgwxqweod05.freedynamicdns.net
05odinxqwefck05.freedynamicdns.net
06fckgwxqweod06.freedynamicdns.org
06odinxqwefck06.freedynamicdns.org
07fckgwxqweod07.gotdns.ch
07odinxqwefck07.gotdns.ch
08fckgwxqweod08.hopto.org
08odinxqwefck08.hopto.org
09fckgwxqweod09.myddns.me
09odinxqwefck09.myddns.me
10fckgwxqweod10.myftp.biz
10odinxqwefck10.myftp.biz
11fckgwxqweod11.myftp.org
11odinxqwefck11.myftp.org
12fckgwxqweod12.ddns.net
12odinxqwefck12.ddns.net
13fckgwxqweod13.ddnsking.com
13odinxqwefck13.ddnsking.com
14fckgwxqweod14.3utilities.com
14odinxqwefck14.3utilities.com
15fckgwxqweod15.bounceme.net
15odinxqwefck15.bounceme.net
16fckgwxqweod16.freedynamicdns.net
16odinxqwefck16.freedynamicdns.net
17fckgwxqweod17.freedynamicdns.org
17odinxqwefck17.freedynamicdns.org
18fckgwxqweod18.gotdns.ch
18odinxqwefck18.gotdns.ch
19fckgwxqweod19.hopto.org
19odinxqwefck19.hopto.org
20fckgwxqweod20.myddns.me
20odinxqwefck20.myddns.me
21fckgwxqweod21.myftp.biz
21odinxqwefck21.myftp.biz
22fckgwxqweod22.myftp.org
22odinxqwefck22.myftp.org
23fckgwxqweod23.ddns.net
23odinxqwefck23.ddns.net
24fckgwxqweod24.ddnsking.com
24odinxqwefck24.ddnsking.com
25fckgwxqweod25.3utilities.com
25odinxqwefck25.3utilities.com
26fckgwxqweod26.bounceme.net
26odinxqwefck26.bounceme.net
27fckgwxqweod27.freedynamicdns.net
27odinxqwefck27.freedynamicdns.net
28fckgwxqweod28.freedynamicdns.org
28odinxqwefck28.freedynamicdns.org
29fckgwxqweod29.gotdns.ch
29odinxqwefck29.gotdns.ch
30fckgwxqweod30.hopto.org
30odinxqwefck30.hopto.org
31fckgwxqweod31.myddns.me
31odinxqwefck31.myddns.me

# Reference: https://unit42.paloaltonetworks.com/mispadu-infostealer-variant/

http://24.199.98.128
24.199.98.128:445
moscovatech.com
plinqok.com
trilivok.com
xalticainvest.com