# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Aliases: parasite, parasitehttp, nexus, frostclipper # Reference: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks xetrodep.top jekoslo.space befrodet.top # Reference: http://tracker.viriback.com/dump.php (# 2019-11-04, ParasiteHTTP) http://80.233.134.242 # Reference: https://twitter.com/James_inthe_box/status/1224398473065189376 billicash.webhop.me # Reference: http://tracker.viriback.com/dump.php (2020-02-29, ParasiteHTTP) http://107.189.10.40 http://213.166.68.141 http://51.83.210.201 bluecheats.com jojomoney.hopto.org mr100.sytes.net # Reference: https://app.any.run/tasks/bbabdcf2-0dfd-45e4-87a5-30a19c90b37b/ http://185.117.119.175 # Reference: https://github.com/silence-is-best/c2db#parasite-stealer-aka-nexus # Reference: https://www.virustotal.com/gui/ip-address/193.168.3.101/relations http://193.168.3.101 # Reference: https://pastebin.com/EscWd1Cx http://176.119.157.175 http://185.117.119.175 http://185.181.165.96 http://193.37.212.43 http://23.254.228.163 http://45.89.67.133 http://45.89.67.205 http://5.180.136.44 http://5.180.137.65 http://51.38.140.9 http://81.177.165.158 http://91.210.170.143 http://95.214.8.196 293756-co10171.tmweb.ru fi.a.tp9y.skylinecloud.xyz fl.he.02.node.poi.best hashmonero.com hwsrv-691122.hostwindsdns.com l3e03baf.justinstalledpanel.com l94d6f63.justinstalledpanel.com le999c90.justinstalledpanel.com node.hashmonero.com vpn.rin.host # Reference: https://app.any.run/tasks/76e646c0-ce2d-4a0a-a913-7b6a90b6281b/ vputin.pk # Reference: https://app.any.run/tasks/e7861eb5-62e6-4d51-b5b2-76f4a672dbad/ http://185.209.22.86 # Reference: https://twitter.com/shad0wintel/status/1275439719447506944 # Reference: https://www.virustotal.com/gui/file/c3493e1c0ac8e8432952dc17be991ac9de19b17d06b5fdf65fab6f102e5b0f67/detection http://45.8.230.73 # Reference: https://pastebin.com/SgZamRit http://176.119.158.178 http://45.67.57.135 pyou.cf veve.fun # Reference: https://twitter.com/ganeshnathan28/status/1296643644670251014 # Reference: https://app.any.run/tasks/7e20c480-257f-4905-a796-8dadfd69b72a/ mordoxyz.ru # Reference: https://twitter.com/ganeshnathan28/status/1296340157289947136 http://193.178.169.191 http://45.8.230.206 # Reference: https://twitter.com/ganeshnathan28/status/1299024973026275329 http://195.2.78.48 # Reference: https://twitter.com/ganeshnathan28/status/1299369550690086915 # Reference: https://app.any.run/tasks/454c308b-ad92-476b-97e4-d30f9f9aa5da/ http://94.102.63.83 http://194.87.102.22 # Reference: https://twitter.com/ganeshnathan28/status/1300728778700791809 http://77.246.158.87 # Reference: https://twitter.com/wwp96/status/1329954416653438976 # Reference: https://app.any.run/tasks/8177ac06-9e7f-46d6-812d-7164ab0d5d97/ http://185.139.69.193 # Reference: https://app.any.run/tasks/a3559c83-0236-498b-8a0c-ab4dad490013/ http://195.128.124.240 95.165.5.79:8090 95.165.5.79:5000 # Reference: https://app.any.run/tasks/07b8c119-fefc-43ab-a3e9-84b4abb9bede/ timecforgoodnes.ml # Reference: https://app.any.run/tasks/e7861eb5-62e6-4d51-b5b2-76f4a672dbad/ rusqbxgs.000webhostapp.com # Reference: https://twitter.com/James_inthe_box/status/1529870891651190792 # Reference: https://www.virustotal.com/gui/file/200dfe23106a76126e9d9deff2d82523c0efa63b2e340f06ab12b3686905b8cb/detection # Reference: https://www.virustotal.com/gui/file/e823b22abe836a9bf6d1e3764cca75aa0bd25766be25d33e4db8c22d14c64f86/detection 147.189.161.226:4444 gfwedfforum.ru k62f0rumxc14.club k62f0rumxc14.ru tuxedopenguinhub.com nfttoolstwopointoh.ddns.net